diff --git a/.codespellexcludelines b/.codespellexcludelines
new file mode 100644
index 000000000..f55aca32c
--- /dev/null
+++ b/.codespellexcludelines
@@ -0,0 +1,18 @@
+###############################################################################
+# In this file, you should add the line of the file that needs to be ignored.
+# The line should be exactly as it appears in the file.
+###############################################################################
+        0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */
+        0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */
+        0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, /* ......ND */
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n\
+static const byte plaintext[] = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras lacus odio, pretium vel sagittis ac, facilisis quis diam. Vivamus condimentum velit sed dolor consequat interdum. Etiam eleifend ornare felis, eleifend egestas odio vulputate eu. Sed nec orci nunc. Etiam quis mi augue. Donec ullamcorper suscipit lorem, vel luctus augue cursus fermentum. Etiam a porta arcu, in convallis sem. Integer efficitur elementum diam, vel scelerisque felis posuere placerat. Donec vestibulum sit amet leo sit amet tincidunt. Etiam et vehicula turpis. Phasellus quis finibus sapien. Sed et tristique turpis. Nullam vitae sagittis tortor, et aliquet lorem. Cras a leo scelerisque, convallis lacus ut, fermentum urna. Mauris quis urna diam. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam aliquam vehicula orci id pulvinar. Proin mollis, libero sollicitudin tempor ultrices, massa augue tincidunt turpis, sit amet aliquam neque nibh nec dui. Fusce finibus massa quis rutrum suscipit cras amet";
+rsource "Kconfig.tls-generic"
+        /* Loop over authenticated associated data AD1..ADn */
+  /* no easy answer [c'est la vie].  Just division */
+    const uint8_t* hashIn, int hashSz)
+    XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
+        0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
+\pagenumbering{alph}
+    DES3_KEY_SIZE       = 24,  /* 3 des ede               */
+/* functions added to support above needed, removed TOOM and KARATSUBA */
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml
index e4199b970..51384aad5 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -6,8 +6,10 @@ body:
   - type: markdown
     attributes:
       value: >
-        Thanks for reporting an bug. If you would prefer a private method,
-        please email support@wolfssl.com
+        Thanks for reporting a bug. If you would prefer a private method,
+        or if this is a vulnerability report please email support@wolfssl.com
+        instead. This is publicly viewable and not appropriate for vulnerability
+        reports.
   - type: input
     id: contact
     attributes:
diff --git a/.github/ISSUE_TEMPLATE/other.yaml b/.github/ISSUE_TEMPLATE/other.yaml
index 33d2d29e7..a10a56bd9 100644
--- a/.github/ISSUE_TEMPLATE/other.yaml
+++ b/.github/ISSUE_TEMPLATE/other.yaml
@@ -6,7 +6,9 @@ body:
     attributes:
       value: >
         Thanks for reporting an issue. If you would prefer a private method,
-        please email support@wolfssl.com
+        or if this is a vulnerability report please email support@wolfssl.com
+        instead. This is publicly viewable and not appropriate for vulnerability
+        reports.
   - type: input
     id: version
     attributes:
diff --git a/.github/workflows/ada.yml b/.github/workflows/ada.yml
new file mode 100644
index 000000000..59fd34ae2
--- /dev/null
+++ b/.github/workflows/ada.yml
@@ -0,0 +1,33 @@
+name: WolfSSL Ada Build Tests
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@master
+
+    - name: Install gnat
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y gnat gprbuild
+
+    - name: Checkout wolfssl
+      uses: actions/checkout@master
+      with:
+        repository: wolfssl/wolfssl
+        path: wolfssl
+
+    - name: Build wolfssl Ada
+      working-directory: ./wolfssl/wrapper/Ada
+      run: |
+        mkdir obj
+        gprbuild default.gpr
+        gprbuild examples.gpr
diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml
index e1699c1c5..07a2b5088 100644
--- a/.github/workflows/async.yml
+++ b/.github/workflows/async.yml
@@ -23,7 +23,8 @@ jobs:
           '--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"',
         ]
     name: make check
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
     steps:
@@ -36,7 +37,7 @@ jobs:
           ./configure ${{ matrix.config }}
           make check
 
-      - name: Print errors 
+      - name: Print errors
         if: ${{ failure() }}
         run: |
           if [ -f test-suite.log ] ; then
diff --git a/.github/workflows/bind.yml b/.github/workflows/bind.yml
new file mode 100644
index 000000000..493db2b47
--- /dev/null
+++ b/.github/workflows/bind.yml
@@ -0,0 +1,93 @@
+name: bind9 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-bind
+          path: build-dir.tgz
+          retention-days: 5
+
+  bind_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 9.18.0, 9.18.28 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-bind
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout bind9
+        uses: actions/checkout@v4
+        with:
+          repository: isc-projects/bind9
+          path: bind
+          ref: v${{ matrix.ref }}
+
+      - name: Build and test bind9
+        working-directory: bind
+        run: |
+          export PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig
+          patch -p1 < $GITHUB_WORKSPACE/osp/bind9/${{ matrix.ref }}.patch
+          autoreconf -ivf
+          ./configure --with-wolfssl
+          sed -i 's/SUBDIRS = system//g' bin/tests/Makefile # remove failing tests
+          make -j V=1
+          make -j V=1 check
diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
new file mode 100644
index 000000000..c97ab6cb3
--- /dev/null
+++ b/.github/workflows/cmake.yml
@@ -0,0 +1,108 @@
+name: WolfSSL CMake Build Tests
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+# pull wolfSSL
+    - uses: actions/checkout@master
+
+# install cmake
+    - name: Install cmake
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y cmake
+
+# pull wolfssl
+    - name: Checkout wolfssl
+      uses: actions/checkout@master
+      with:
+        repository: wolfssl/wolfssl
+        path: wolfssl
+
+# build wolfssl
+    - name: Build wolfssl
+      working-directory: ./wolfssl
+      run: |
+        mkdir build
+        cd build
+        cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
+            -DWOLFSSL_16BIT:BOOL=no -DWOLFSSL_32BIT:BOOL=no -DWOLFSSL_AES:BOOL=yes \
+            -DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes \
+            -DWOLFSSL_AESCTR:BOOL=yes -DWOLFSSL_AESGCM:STRING=yes -DWOLFSSL_AESKEYWRAP:BOOL=yes \
+            -DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
+            -DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=yes \
+            -DWOLFSSL_ARIA:BOOL=no -DWOLFSSL_ASIO:BOOL=no -DWOLFSSL_ASM:BOOL=yes -DWOLFSSL_ASN:BOOL=yes \
+            -DWOLFSSL_ASYNC_THREADS:BOOL=no -DWOLFSSL_BASE64_ENCODE:BOOL=yes -DWOLFSSL_CAAM:BOOL=no \
+            -DWOLFSSL_CERTEXT:BOOL=yes -DWOLFSSL_CERTGEN:BOOL=yes -DWOLFSSL_CERTGENCACHE:BOOL=no \
+            -DWOLFSSL_CERTREQ:BOOL=yes -DWOLFSSL_CHACHA:STRING=yes -DWOLFSSL_CMAC:BOOL=yes \
+            -DWOLFSSL_CODING:BOOL=yes -DWOLFSSL_CONFIG_H:BOOL=yes -DWOLFSSL_CRL:STRING=yes \
+            -DWOLFSSL_CRYPTOCB:BOOL=yes -DWOLFSSL_CRYPTOCB_NO_SW_TEST:BOOL=no \
+            -DWOLFSSL_CRYPT_TESTS:BOOL=yes -DWOLFSSL_CRYPT_TESTS_HELP:BOOL=no \
+            -DWOLFSSL_CRYPT_TESTS_LIBS:BOOL=no -DWOLFSSL_CURL:BOOL=yes -DWOLFSSL_CURVE25519:STRING=yes \
+            -DWOLFSSL_CURVE448:STRING=yes -DWOLFSSL_DEBUG:BOOL=yes -DWOLFSSL_DES3:BOOL=ON \
+            -DWOLFSSL_DES3_TLS_SUITES:BOOL=no -DWOLFSSL_DH:STRING=yes -DWOLFSSL_DH_DEFAULT_PARAMS:BOOL=yes \
+            -DWOLFSSL_DSA:BOOL=yes -DWOLFSSL_DTLS:BOOL=ON -DWOLFSSL_DTLS13:BOOL=yes \
+            -DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
+            -DWOLFSSL_ECCCUSTCURVES:STRING=all -DWOLFSSL_ECCSHAMIR:BOOL=yes \
+            -DWOLFSSL_ECH:BOOL=yes -DWOLFSSL_ED25519:BOOL=yes -DWOLFSSL_ED448:STRING=yes \
+            -DWOLFSSL_ENCKEYS:BOOL=yes -DWOLFSSL_ENC_THEN_MAC:BOOL=yes -DWOLFSSL_ERROR_QUEUE:BOOL=yes \
+            -DWOLFSSL_ERROR_STRINGS:BOOL=yes -DWOLFSSL_EXAMPLES:BOOL=yes -DWOLFSSL_EXPERIMENTAL:BOOL=yes \
+            -DWOLFSSL_EXTENDED_MASTER:BOOL=yes -DWOLFSSL_EX_DATA:BOOL=yes -DWOLFSSL_FAST_MATH:BOOL=no \
+            -DWOLFSSL_FILESYSTEM:BOOL=yes -DWOLFSSL_HARDEN:BOOL=yes -DWOLFSSL_HASH_DRBG:BOOL=yes \
+            -DWOLFSSL_HKDF:BOOL=yes -DWOLFSSL_HPKE:BOOL=yes -DWOLFSSL_HRR_COOKIE:STRING=yes \
+            -DWOLFSSL_INLINE:BOOL=yes -DWOLFSSL_INSTALL:BOOL=yes -DWOLFSSL_IP_ALT_NAME:BOOL=ON \
+            -DWOLFSSL_KEYGEN:BOOL=yes -DWOLFSSL_KEYING_MATERIAL:BOOL=ON \
+            -DWOLFSSL_MD4:BOOL=ON -DWOLFSSL_MD5:BOOL=yes -DWOLFSSL_MEMORY:BOOL=yes -DWOLFSSL_NO_STUB:BOOL=no \
+            -DWOLFSSL_OAEP:BOOL=yes -DWOLFSSL_OCSP:BOOL=yes -DWOLFSSL_OCSPSTAPLING:BOOL=ON \
+            -DWOLFSSL_OCSPSTAPLING_V2:BOOL=ON -DWOLFSSL_OLD_NAMES:BOOL=yes -DWOLFSSL_OLD_TLS:BOOL=yes \
+            -DWOLFSSL_OPENSSLALL:BOOL=yes -DWOLFSSL_OPENSSLEXTRA:BOOL=ON -DWOLFSSL_OPTFLAGS:BOOL=yes \
+            -DWOLFSSL_OQS:BOOL=no -DWOLFSSL_PKCALLBACKS:BOOL=yes -DWOLFSSL_PKCS12:BOOL=yes \
+            -DWOLFSSL_PKCS7:BOOL=yes -DWOLFSSL_POLY1305:BOOL=yes -DWOLFSSL_POSTAUTH:BOOL=yes \
+            -DWOLFSSL_PWDBASED:BOOL=yes -DWOLFSSL_QUIC:BOOL=yes -DWOLFSSL_REPRODUCIBLE_BUILD:BOOL=no \
+            -DWOLFSSL_RNG:BOOL=yes -DWOLFSSL_RSA:BOOL=yes -DWOLFSSL_RSA_PSS:BOOL=yes \
+            -DWOLFSSL_SESSION_TICKET:BOOL=ON -DWOLFSSL_SHA:BOOL=yes -DWOLFSSL_SHA224:BOOL=yes \
+            -DWOLFSSL_SHA3:STRING=yes -DWOLFSSL_SHA384:BOOL=yes -DWOLFSSL_SHA512:BOOL=yes \
+            -DWOLFSSL_SHAKE128:STRING=yes -DWOLFSSL_SHAKE256:STRING=yes -DWOLFSSL_SINGLE_THREADED:BOOL=no \
+            -DWOLFSSL_SNI:BOOL=yes -DWOLFSSL_SP_MATH_ALL:BOOL=yes -DWOLFSSL_SRTP:BOOL=yes \
+            -DWOLFSSL_STUNNEL:BOOL=yes -DWOLFSSL_SUPPORTED_CURVES:BOOL=yes -DWOLFSSL_SYS_CA_CERTS:BOOL=yes \
+            -DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \
+            -DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_CLU:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \
+            -DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \
+            -DWOLFSSL_X963KDF:BOOL=yes \
+            -DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \
+            ..
+        cmake --build .
+        ctest -j $(nproc)
+        cmake --install .
+
+        # clean up
+        cd ..
+        rm -rf build
+
+        # Kyber Cmake broken
+        # -DWOLFSSL_KYBER:BOOL=yes
+
+# build "lean-tls" wolfssl
+    - name: Build wolfssl with lean-tls
+      working-directory: ./wolfssl
+      run: |
+        mkdir build
+        cd build
+        cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
+            -DWOLFSSL_LEAN_TLS:BOOL=yes \
+            ..
+        cmake --build .
+        cmake --install .
+
+        # clean up
+        cd ..
+        rm -rf build
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
new file mode 100644
index 000000000..a0b605ae3
--- /dev/null
+++ b/.github/workflows/codespell.yml
@@ -0,0 +1,30 @@
+name: Codespell test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  codespell:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+
+    - uses: codespell-project/actions-codespell@v2.1
+      with:
+        check_filenames: true
+        check_hidden: true
+          # Add comma separated list of words that occur multiple times that should be ignored (sorted alphabetically, case sensitive)
+        ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te
+          # The exclude_file contains lines of code that should be ignored. This is useful for individual lines which have non-words that can safely be ignored.
+        exclude_file: '.codespellexcludelines'
+          # To skip files entirely from being processed, add it to the following list:
+        skip: '*.cproject,*.der,*.mtpj,*.pem,*.vcxproj,.git,*.launch,*.scfg,*.revoked'
diff --git a/.github/workflows/coverity-scan-fixes.yml b/.github/workflows/coverity-scan-fixes.yml
new file mode 100644
index 000000000..9a70e080b
--- /dev/null
+++ b/.github/workflows/coverity-scan-fixes.yml
@@ -0,0 +1,53 @@
+name: Coverity Scan master branch
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 1-5'
+    - cron: '0 0 * * 0'
+    - cron: '0 12 * * 0'
+
+jobs:
+  coverity:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: master
+
+    - name: Configure wolfSSL with enable-all M-F
+      if: github.event.schedule == '0 0 * * 1-5'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all
+
+    - name: Configure wolfSSL with enable-all enable-smallstack Sun at 00:00
+      if: github.event.schedule == '0 0 * * 0'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all --enable-smallstack
+
+    - name: Configure wolfSSL with bigendian Sun at 12:00
+      if: github.event.schedule == '0 12 * * 0'
+      run: |
+        ./autogen.sh
+        ./configure --enable-all CFLAGS="-DBIG_ENDIAN_ORDER"
+
+    - name: Check secrets
+      env:
+        token_var: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        email_var: ${{ secrets.COVERITY_SCAN_EMAIL }}
+      run: |
+        token_len=${#token_var}
+        echo "$token_len"
+        email_len=${#email_var}
+        echo "$email_len"
+
+    - uses: vapier/coverity-scan-action@v1
+      with:
+        build_language: 'cxx'
+        project: "wolfSSL/wolfssl"
+        token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        email: ${{ secrets.COVERITY_SCAN_EMAIL }}
+        command: "make"
diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml
index 156e61b38..19d3dcd49 100644
--- a/.github/workflows/curl.yml
+++ b/.github/workflows/curl.yml
@@ -15,7 +15,8 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -38,7 +39,8 @@ jobs:
 
   test_curl:
     name: ${{ matrix.curl_ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 15
     needs: build_wolfssl
@@ -50,8 +52,7 @@ jobs:
     - name: Install test dependencies
       run: |
         sudo apt-get update
-        sudo apt-get install nghttp2 libpsl5 libpsl-dev
-        sudo pip install impacket
+        sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket
 
     - name: Download lib
       uses: actions/download-artifact@v4
@@ -72,4 +73,4 @@ jobs:
 
     - name: Test curl
       working-directory: curl
-      run: make -j test-ci
+      run: make -j $(nproc) test-ci
diff --git a/.github/workflows/cyrus-sasl.yml b/.github/workflows/cyrus-sasl.yml
index 9f2aab72c..910c87122 100644
--- a/.github/workflows/cyrus-sasl.yml
+++ b/.github/workflows/cyrus-sasl.yml
@@ -15,8 +15,9 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -46,7 +47,8 @@ jobs:
         # List of releases to test
         ref: [ 2.1.28 ]
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     needs: build_wolfssl
diff --git a/.github/workflows/disabled/haproxy.yml b/.github/workflows/disabled/haproxy.yml
index 43e197fd5..0a92dac0c 100644
--- a/.github/workflows/disabled/haproxy.yml
+++ b/.github/workflows/disabled/haproxy.yml
@@ -20,6 +20,7 @@ jobs:
         # List of refs to test
         ref: [ master ]
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     steps:
       - name: Build wolfSSL
@@ -57,4 +58,3 @@ jobs:
       - name: Test HaProxy
         working-directory: haproxy
         run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest
- 
diff --git a/.github/workflows/hitch.yml b/.github/workflows/disabled/hitch.yml
similarity index 96%
rename from .github/workflows/hitch.yml
rename to .github/workflows/disabled/hitch.yml
index c11accd58..5f0b58986 100644
--- a/.github/workflows/hitch.yml
+++ b/.github/workflows/disabled/hitch.yml
@@ -15,6 +15,7 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
@@ -47,6 +48,7 @@ jobs:
             ignore-tests: >-
               test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh
     name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
     runs-on: ubuntu-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
@@ -105,4 +107,4 @@ jobs:
         working-directory: ./hitch
         run: |
           export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
-          make check
\ No newline at end of file
+          make check
diff --git a/.github/workflows/disabled/hostap.yml b/.github/workflows/disabled/hostap.yml
index aad37cad3..46c413195 100644
--- a/.github/workflows/disabled/hostap.yml
+++ b/.github/workflows/disabled/hostap.yml
@@ -22,6 +22,7 @@ jobs:
           - build_id: hostap-build2
             wolf_extra_config: --enable-brainpool --enable-wpas-dpp
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
     runs-on: ubuntu-20.04
     # This should be a safe limit for the tests to run.
@@ -99,6 +100,7 @@ jobs:
               build_id: hostap-build2
             }
     name: hwsim test
+    if: github.repository_owner == 'wolfssl'
     # For openssl 1.1
     runs-on: ubuntu-20.04
     # This should be a safe limit for the tests to run.
@@ -181,7 +183,7 @@ jobs:
       - name: Checkout hostap
         uses: actions/checkout@v4
         with:
-          repository: julek-wolfssl/hostap-mirror 
+          repository: julek-wolfssl/hostap-mirror
           path: hostap
           ref: ${{ matrix.config.hostap_ref }}
           # necessary for cherry pick step
@@ -210,7 +212,7 @@ jobs:
           done
 
       - if: ${{ matrix.hostapd }}
-        name: Setup hostapd config file 
+        name: Setup hostapd config file
         run: |
           cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
              hostap/hostapd/.config
@@ -220,7 +222,7 @@ jobs:
           EOF
 
       - if: ${{ matrix.wpa_supplicant }}
-        name: Setup wpa_supplicant config file 
+        name: Setup wpa_supplicant config file
         run: |
           cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
              hostap/wpa_supplicant/.config
diff --git a/.github/workflows/disabled/msys2.yml b/.github/workflows/disabled/msys2.yml
new file mode 100644
index 000000000..0641a3104
--- /dev/null
+++ b/.github/workflows/disabled/msys2.yml
@@ -0,0 +1,41 @@
+name: MSYS2 Build Test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  msys2:
+    runs-on: windows-latest
+    defaults:
+      run:
+        shell: msys2 {0}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - { sys: ucrt64,  compiler: mingw-w64-ucrt-x86_64-gcc }
+          - { sys: mingw64, compiler: mingw-w64-x86_64-gcc }
+          - { sys: msys, compiler: gcc }
+    steps:
+      - uses: actions/checkout@v3
+      - uses: msys2/setup-msys2@v2
+        with:
+          msystem: ${{ matrix.sys }}
+          update: true
+          install: git ${{matrix.compiler}} autotools base-devel autoconf netcat
+      - name: configure wolfSSL
+        run: ./autogen.sh && ./configure CFLAGS="-DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256 -DNO_WRITE_TEMP_FILES"
+      - name: build wolfSSL
+        run: make check
+      - name: Display log
+        if: always()
+        run: cat test-suite.log
diff --git a/.github/workflows/docker-Espressif.yml b/.github/workflows/docker-Espressif.yml
index c2b6ff0ba..dda8e9c34 100644
--- a/.github/workflows/docker-Espressif.yml
+++ b/.github/workflows/docker-Espressif.yml
@@ -14,7 +14,8 @@ concurrency:
 jobs:
   espressif_latest:
     name: latest Docker container
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 12
     container:
@@ -22,22 +23,24 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Initialize Espressif IDE and build examples
-        run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
+        run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
   espressif_v4_4:
     name: v4.4 Docker container
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     container:
       image: espressif/idf:release-v4.4
     steps:
       - uses: actions/checkout@v4
       - name: Initialize Espressif IDE and build examples
-        run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
+        run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
   espressif_v5_0:
     name: v5.0 Docker container
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     container:
       image: espressif/idf:release-v5.0
     steps:
       - uses: actions/checkout@v4
       - name: Initialize Espressif IDE and build examples
-        run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
+        run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
diff --git a/.github/workflows/docker-OpenWrt.yml b/.github/workflows/docker-OpenWrt.yml
index 283e3b92e..05890ffae 100644
--- a/.github/workflows/docker-OpenWrt.yml
+++ b/.github/workflows/docker-OpenWrt.yml
@@ -17,7 +17,8 @@ concurrency:
 jobs:
     build_library:
         name: Compile libwolfssl.so
-        runs-on: ubuntu-latest
+        if: github.repository_owner == 'wolfssl'
+        runs-on: ubuntu-22.04
         # This should be a safe limit for the tests to run.
         timeout-minutes: 4
         container:
@@ -40,7 +41,8 @@ jobs:
                 retention-days: 5
     compile_container:
         name: Compile container
-        runs-on: ubuntu-latest
+        if: github.repository_owner == 'wolfssl'
+        runs-on: ubuntu-22.04
         # This should be a safe limit for the tests to run.
         timeout-minutes: 2
         needs: build_library
diff --git a/.github/workflows/gencertbuf.yml b/.github/workflows/gencertbuf.yml
new file mode 100644
index 000000000..97cd1a531
--- /dev/null
+++ b/.github/workflows/gencertbuf.yml
@@ -0,0 +1,41 @@
+name: Test gencertbuf script
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  gencertbuf:
+    name: gencertbuf
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test generate wolfssl/certs_test.h
+        run: ./gencertbuf.pl
+
+      - name: Test wolfSSL
+        run: |
+          ./autogen.sh
+          ./configure --enable-all --enable-experimental --enable-dilithium --enable-kyber
+          make
+          ./wolfcrypt/test/testwolfcrypt
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          if [ -f test-suite.log ] ; then
+            cat test-suite.log
+          fi
diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml
index 4e145cc6c..4259b2a93 100644
--- a/.github/workflows/grpc.yml
+++ b/.github/workflows/grpc.yml
@@ -15,8 +15,9 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
     steps:
@@ -50,7 +51,8 @@ jobs:
               test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
               h2_ssl_cert_test h2_ssl_session_reuse_test
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 30
     needs: build_wolfssl
@@ -69,6 +71,11 @@ jobs:
         with:
           name: wolf-install-grpc
 
+      - name: Setup cmake version
+        uses: jwlawson/actions-setup-cmake@v2
+        with:
+          cmake-version: '3.25.x'
+
       - name: untar build-dir
         run: tar -xf build-dir.tgz
 
@@ -92,7 +99,7 @@ jobs:
           git submodule update --init
           mkdir cmake/build
           cd cmake/build
-          cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
+          cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.1 -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
             -DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
           make -j $(nproc) ${{ matrix.tests }}
 
diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml
new file mode 100644
index 000000000..fa1ac5bef
--- /dev/null
+++ b/.github/workflows/haproxy.yml
@@ -0,0 +1,91 @@
+name: haproxy Test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-haproxy
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-haproxy
+          path: build-dir.tgz
+          retention-days: 5
+
+  test_haproxy:
+    name: ${{ matrix.haproxy_ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 15
+    needs: build_wolfssl
+    strategy:
+      fail-fast: false
+      matrix:
+        haproxy_ref: [ 'v3.1.0' ]
+    steps:
+    - name: Install test dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install libpcre2-dev
+
+    - name: Download lib
+      uses: actions/download-artifact@v4
+      with:
+        name: wolf-install-haproxy
+
+    - name: untar build-dir
+      run: tar -xf build-dir.tgz
+
+    # check cache for haproxy if not there then download it
+    - name: Check haproxy cache
+      uses: actions/cache@v4
+      id: cache-haproxy
+      with:
+        path: build-dir/haproxy-${{matrix.haproxy_ref}}
+        key: haproxy-${{matrix.haproxy_ref}}
+
+    - name: Download haproxy if needed
+      if: steps.cache-haproxy.outputs.cache-hit != 'true'
+      uses: actions/checkout@v3
+      with:
+        repository: haproxy/haproxy
+        ref: ${{matrix.haproxy_ref}}
+        path: build-dir/haproxy-${{matrix.haproxy_ref}}
+
+    - name: Build haproxy
+      working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
+      run: make clean && make TARGET=linux-glibc USE_OPENSSL_WOLFSSL=1 SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib SSL_INC=$GITHUB_WORKSPACE/build-dir/include ADDLIB=-Wl,-rpath,$GITHUB_WORKSPACE/build-dir/lib CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address"
+
+    - name: Build haproxy vtest
+      working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
+      run: ./scripts/build-vtest.sh
+
+    - name: Test haproxy
+      working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
+      run: VTEST_PROGRAM=$GITHUB_WORKSPACE/build-dir/vtest/vtest make reg-tests -- --debug reg-tests/ssl/*
diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml
index b24680dfe..43f114af3 100644
--- a/.github/workflows/hostap-vm.yml
+++ b/.github/workflows/hostap-vm.yml
@@ -13,7 +13,7 @@ concurrency:
 # END OF COMMON SECTION
 
 env:
-  LINUX_REF: v6.6
+  LINUX_REF: v6.12
 
 jobs:
   build_wolfssl:
@@ -24,10 +24,11 @@ jobs:
             wolf_extra_config: --disable-tls13
           - build_id: hostap-vm-build2
             wolf_extra_config: >-
-              --enable-wpas-dpp --enable-brainpool --with-eccminsz=192 
+              --enable-wpas-dpp --enable-brainpool --with-eccminsz=192
               --enable-tlsv10 --enable-oldtls
     name: Build wolfSSL
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
     steps:
@@ -62,33 +63,55 @@ jobs:
           path: build-dir.tgz
           retention-days: 5
 
-  build_uml_linux:
-    name: Build UML (UserMode Linux)
-    runs-on: ubuntu-latest
+  checkout_hostap:
+    name: Checkout hostap repo
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
+    steps:
+      - name: Checking if we have hostap in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: hostap
+          key: hostap-repo
+          lookup-only: true
+
+      - name: Checkout hostap
+        run: git clone git://w1.fi/hostap.git hostap
+
+  build_uml_linux:
+    name: Build UML (UserMode Linux)
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    needs: checkout_hostap
     steps:
       - name: Checking if we have kernel in cache
         uses: actions/cache@v4
         id: cache
         with:
           path: linux/linux
-          key: ${{ env.LINUX_REF }}
+          key: hostap-linux-${{ env.LINUX_REF }}
           lookup-only: true
 
-      - name: Checkout hostap
+      - name: Checking if we have hostap in cache
         if: steps.cache.outputs.cache-hit != 'true'
-        uses: actions/checkout@v4
+        uses: actions/cache/restore@v4
         with:
-          repository: julek-wolfssl/hostap-mirror
           path: hostap
+          key: hostap-repo
+          fail-on-cache-miss: true
 
       - name: Checkout linux
         if: steps.cache.outputs.cache-hit != 'true'
         uses: actions/checkout@v4
         with:
-          repository: torvalds/linux 
+          repository: torvalds/linux
           path: linux
+          ref: ${{ env.LINUX_REF }}
 
       - name: Compile linux
         if: steps.cache.outputs.cache-hit != 'true'
@@ -139,18 +162,18 @@ jobs:
               build_id: hostap-vm-build2
             }
     name: hwsim test
-    # For openssl 1.1
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 45
-    needs: [build_wolfssl, build_uml_linux]
+    needs: [build_wolfssl, build_uml_linux, checkout_hostap]
     steps:
       - name: Checking if we have kernel in cache
         uses: actions/cache/restore@v4
         id: cache
         with:
           path: linux/linux
-          key: ${{ env.LINUX_REF }}
+          key: hostap-linux-${{ env.LINUX_REF }}
           fail-on-cache-miss: true
 
       - name: show file structure
@@ -193,15 +216,19 @@ jobs:
           # hostap dependencies
           sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
             libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
-            libnl-route-3-dev libdbus-1-dev bridge-utils tshark
-          sudo pip3 install pycryptodome
+            libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
+          sudo pip install pycryptodome
 
-      - name: Checkout hostap
-        uses: actions/checkout@v4
+      - name: Checking if we have hostap in cache
+        uses: actions/cache/restore@v4
         with:
-          repository: julek-wolfssl/hostap-mirror 
           path: hostap
-          ref: ${{ matrix.config.hostap_ref }}
+          key: hostap-repo
+          fail-on-cache-miss: true
+
+      - name: Checkout correct ref
+        working-directory: hostap
+        run: git checkout ${{ matrix.config.hostap_ref }}
 
       - name: Update certs
         working-directory: hostap/tests/hwsim/auth_serv
@@ -233,7 +260,7 @@ jobs:
           fi
 
       - if: ${{ matrix.hostapd }}
-        name: Setup hostapd config file 
+        name: Setup hostapd config file
         run: |
           cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
              hostap/hostapd/.config
@@ -243,7 +270,7 @@ jobs:
           EOF
 
       - if: ${{ matrix.wpa_supplicant }}
-        name: Setup wpa_supplicant config file 
+        name: Setup wpa_supplicant config file
         run: |
           cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
              hostap/wpa_supplicant/.config
@@ -286,6 +313,7 @@ jobs:
             KERNELDIR=$GITHUB_WORKSPACE/linux
             KVMARGS="-cpu host"
           EOF
+          git config --global --add safe.directory $GITHUB_WORKSPACE/hostap
           # Run tests in increments of 200 to not stall out the parallel-vm script
           while mapfile -t -n 200 ary && ((${#ary[@]})); do
             TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
diff --git a/.github/workflows/intelasm-c-fallback.yml b/.github/workflows/intelasm-c-fallback.yml
new file mode 100644
index 000000000..49d3639bc
--- /dev/null
+++ b/.github/workflows/intelasm-c-fallback.yml
@@ -0,0 +1,52 @@
+name: Dynamic C Fallback Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING -DWC_DEBUG_CIPHER_LIFECYCLE"'
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL with WC_C_DYNAMIC_FALLBACK and DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
+        run: |
+          ./autogen.sh
+          randseed=$(head -c 4 /dev/urandom | od -t u4 --address-radix=n)
+          randseed="${randseed#"${randseed%%[![:space:]]*}"}"
+          echo "fuzzing seed=${randseed}"
+          ./configure ${{ matrix.config }} CFLAGS="-DWC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED=$randseed -fsanitize=leak -g -fno-omit-frame-pointer"
+          make -j 4
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          for file in scripts/*.log
+          do
+              if [ -f "$file" ]; then
+                  echo "${file}:"
+                  cat "$file"
+                  echo "========================================================================"
+              fi
+          done
diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml
index ef7d072e7..c23b407c5 100644
--- a/.github/workflows/ipmitool.yml
+++ b/.github/workflows/ipmitool.yml
@@ -17,7 +17,8 @@ jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
+    if: github.repository_owner == 'wolfssl'
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -46,9 +47,12 @@ jobs:
       matrix:
         git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ]
     name: ${{ matrix.git_ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     needs: build_wolfssl
     steps:
+      - name: Install dependencies
+        run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline8
       - name: Download lib
         uses: actions/download-artifact@v4
         with:
@@ -79,4 +83,3 @@ jobs:
         run: |
           ldd src/ipmitool | grep wolfssl
           ldd src/ipmievd | grep wolfssl
- 
\ No newline at end of file
diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml
index 13569574f..2dcb209b5 100644
--- a/.github/workflows/jwt-cpp.yml
+++ b/.github/workflows/jwt-cpp.yml
@@ -16,7 +16,8 @@ jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -40,12 +41,17 @@ jobs:
           retention-days: 5
 
   build_pam-ipmi:
+    if: github.repository_owner == 'wolfssl'
     strategy:
       fail-fast: false
       matrix:
-        ref: [ 0.6.0 ]
-    name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+        config:
+          - ref: 0.7.0
+            runner: ubuntu-22.04
+          - ref: 0.6.0
+            runner: ubuntu-22.04
+    name: ${{ matrix.config.ref }}
+    runs-on: ${{ matrix.config.runner }}
     needs: build_wolfssl
     steps:
       - name: Install dependencies
@@ -60,6 +66,11 @@ jobs:
         with:
           name: wolf-install-jwt-cpp
 
+      - name: Setup cmake version
+        uses: jwlawson/actions-setup-cmake@v2
+        with:
+          cmake-version: '3.25.x'
+
       - name: untar build-dir
         run: tar -xf build-dir.tgz
 
@@ -74,14 +85,14 @@ jobs:
         with:
           repository: Thalhammer/jwt-cpp
           path: jwt-cpp
-          ref: v${{ matrix.ref }}
+          ref: v${{ matrix.config.ref }}
 
       - name: Build pam-ipmi
         working-directory: jwt-cpp
         run: |
-          patch -p1 < ../osp/jwt-cpp/${{ matrix.ref }}.patch
+          patch -p1 < ../osp/jwt-cpp/${{ matrix.config.ref }}.patch
           PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
-            cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
+            cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
           make -j -C build
           ldd ./build/tests/jwt-cpp-test | grep wolfssl
 
diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml
index ce96479ce..37c64e299 100644
--- a/.github/workflows/krb5.yml
+++ b/.github/workflows/krb5.yml
@@ -16,7 +16,8 @@ jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 5
     steps:
@@ -48,7 +49,8 @@ jobs:
         # List of releases to test
         ref: [ 1.21.1 ]
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 8
     needs: build_wolfssl
@@ -90,7 +92,7 @@ jobs:
           # Using rpath because LD_LIBRARY_PATH is overwritten during testing
           export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl  -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
           export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
-          ./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit \
+          ./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit --with-spake-openssl \
             CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address'
           CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j
 
diff --git a/.github/workflows/libspdm.yml b/.github/workflows/libspdm.yml
new file mode 100644
index 000000000..49cbf8c52
--- /dev/null
+++ b/.github/workflows/libspdm.yml
@@ -0,0 +1,91 @@
+name: libspdm Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all --enable-static CFLAGS='-DRSA_MIN_SIZE=512'
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-libspdm
+          path: build-dir.tgz
+          retention-days: 5
+
+  libspdm_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 3.3.0 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-libspdm
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout libspdm
+        uses: actions/checkout@v4
+        with:
+          repository: DMTF/libspdm
+          path: libspdm
+          ref: ${{ matrix.ref }}
+
+      - name: Build and test libspdm
+        working-directory: libspdm
+        run: |
+          patch -p1 < ../osp/libspdm/${{ matrix.ref }}/libspdm-${{ matrix.ref }}.patch
+          git submodule update --init --recursive
+          # Silence cmake version warnings
+          find -name CMakeLists.txt -exec sed -i 's/cmake_minimum_required.*/cmake_minimum_required(VERSION 3.10)/g' {} \;
+          mkdir build
+          cd build
+          cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Debug -DCRYPTO=wolfssl -DENABLE_BINARY_BUILD=1 \
+            -DCOMPILED_LIBWOLFSSL_PATH=$GITHUB_WORKSPACE/build-dir/lib/libwolfssl.a \
+            -DWOLFSSL_INCDIR=$GITHUB_WORKSPACE/build-dir/include ..
+          make -j
+          cd ../unit_test/sample_key
+          ../../build/bin/test_crypt
+          ../../build/bin/test_spdm_secured_message
+          ../../build/bin/test_spdm_crypt
diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml
index 0f5f24100..e956c7a6f 100644
--- a/.github/workflows/libssh2.yml
+++ b/.github/workflows/libssh2.yml
@@ -16,7 +16,8 @@ jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-24.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -43,9 +44,10 @@ jobs:
       fail-fast: false
       matrix:
         # List of releases to test
-        ref: [ 1.11.0 ]
+        ref: [ 1.11.1 ]
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-24.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 8
     needs: build_wolfssl
@@ -68,5 +70,8 @@ jobs:
           check: true
 
       - name: Confirm libssh2 built with wolfSSL
-        working-directory: ./libssh2
-        run: ldd src/.libs/libssh2.so | grep wolfssl
+        run: ldd libssh2/src/.libs/libssh2.so | grep wolfssl
+
+      - name: print server logs
+        if: ${{ failure() }}
+        run: tail -n +1 libssh2/tests/*.log
diff --git a/.github/workflows/libvncserver.yml b/.github/workflows/libvncserver.yml
index cdef79dde..87a772bf9 100644
--- a/.github/workflows/libvncserver.yml
+++ b/.github/workflows/libvncserver.yml
@@ -16,7 +16,8 @@ jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -43,9 +44,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ref: [ 0.9.13 ]
+        ref: [ 0.9.13, 0.9.14 ]
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     needs: build_wolfssl
     steps:
       - name: Download lib
@@ -53,6 +55,11 @@ jobs:
         with:
           name: wolf-install-libvncserver
 
+      - name: Setup cmake version
+        uses: jwlawson/actions-setup-cmake@v2
+        with:
+          cmake-version: '3.25.x'
+
       - name: untar build-dir
         run: tar -xf build-dir.tgz
 
@@ -74,7 +81,7 @@ jobs:
         run: |
           patch -p1 < ../osp/libvncserver/${{ matrix.ref }}.patch
           PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
-            cmake -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
+            cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
           make -j -C build VERBOSE=1
           ldd build/libvncclient.so | grep wolfssl
           ldd build/libvncserver.so | grep wolfssl
diff --git a/.github/workflows/mbedtls.sh b/.github/workflows/mbedtls.sh
new file mode 100644
index 000000000..d199fd2e3
--- /dev/null
+++ b/.github/workflows/mbedtls.sh
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+
+set -e
+set -x
+
+# Basic TLS test
+./mbedtls/build/programs/ssl/ssl_server2 > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2 # Confirm working with mbed
+env -C wolfssl ./examples/client/client -p 4433 -g \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
+env -C wolfssl ./examples/server/server -p 4433 -i -g \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/server2-sha256.crt \
+  -k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2
+env -C wolfssl ./examples/client/client -p 4433 -g \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
+
+# Basic DTLS test
+./mbedtls/build/programs/ssl/ssl_server2 dtls=1 > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2 dtls=1 # Confirm working with mbed
+env -C wolfssl ./examples/client/client -p 4433 -g -u \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
+env -C wolfssl ./examples/server/server -p 4433 -i -g -u \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/server2-sha256.crt \
+  -k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+env -C wolfssl ./examples/client/client -p 4433 -g -u \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+./mbedtls/build/programs/ssl/ssl_client2 dtls=1
+kill $SERVER_PID
+sleep 0.1
+
+# DTLS 1.2 CID test
+./mbedtls/build/programs/ssl/ssl_server2 dtls=1 cid=1 cid_val=121212 > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid=1 cid_val=232323  # Confirm working with mbed
+env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
+env -C wolfssl ./examples/server/server -p 4433 -i -g -u --cid 121212 \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/server2-sha256.crt \
+  -k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
+SERVER_PID=$!
+sleep 0.1
+./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid_val=232323
+env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
+  -A ../mbedtls/framework/data_files/test-ca-sha256.crt \
+  -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
+  -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
+kill $SERVER_PID
+sleep 0.1
diff --git a/.github/workflows/mbedtls.yml b/.github/workflows/mbedtls.yml
new file mode 100644
index 000000000..f9830fcf6
--- /dev/null
+++ b/.github/workflows/mbedtls.yml
@@ -0,0 +1,86 @@
+name: mbedtls interop Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+env:
+  MBED_REF: v3.6.2
+
+jobs:
+  build_mbedtls:
+    name: Build mbedtls
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Checking if we have mbed in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: mbedtls
+          key: mbedtls-${{ env.MBED_REF }}
+          lookup-only: true
+
+      - name: Checkout mbedtls
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: Mbed-TLS/mbedtls
+          ref: ${{ env.MBED_REF }}
+          path: mbedtls
+
+      - name: Compile mbedtls
+        if: steps.cache.outputs.cache-hit != 'true'
+        working-directory: mbedtls
+        run: |
+          git submodule update --init
+          mkdir build
+          cd build
+          cmake ..
+          make -j
+          # convert key to pem format
+          openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem
+          openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem
+
+  mbedtls_test:
+    name: Test interop with mbedtls
+    runs-on: ubuntu-latest
+    needs: build_mbedtls
+    timeout-minutes: 10
+    if: github.repository_owner == 'wolfssl'
+    steps:
+      - name: Disable IPv6 (IMPORTANT, OTHERWISE DTLS MBEDTLS CLIENT WON'T CONNECT)
+        run: echo 1 | sudo tee /proc/sys/net/ipv6/conf/lo/disable_ipv6
+
+      - name: Checking if we have mbed in cache
+        uses: actions/cache/restore@v4
+        id: cache
+        with:
+          path: mbedtls
+          key: mbedtls-${{ env.MBED_REF }}
+          fail-on-cache-miss: true
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-dtls --enable-dtlscid
+          install: false
+          check: false
+
+      - name: Test interop
+        run: bash wolfssl/.github/workflows/mbedtls.sh
+
+      - name: print server logs
+        if: ${{ failure() }}
+        run: cat /tmp/server.log
diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml
index e1cbb3784..bdd0c0593 100644
--- a/.github/workflows/memcached.yml
+++ b/.github/workflows/memcached.yml
@@ -16,7 +16,8 @@ jobs:
   build_wolfssl:
     name: Build wolfSSL
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     steps:
       - name: Build wolfSSL
         uses: wolfSSL/actions-build-autotools-project@v1
@@ -46,7 +47,8 @@ jobs:
         include:
           - ref: 1.6.22
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     needs: build_wolfssl
     steps:
       - name: Download lib
diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml
index aa9693858..97afaf282 100644
--- a/.github/workflows/mosquitto.yml
+++ b/.github/workflows/mosquitto.yml
@@ -1,98 +1,105 @@
-name: mosquitto Tests
-
-# START OF COMMON SECTION
-on:
-  push:
-    branches: [ 'master', 'main', 'release/**' ]
-  pull_request:
-    branches: [ '*' ]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-# END OF COMMON SECTION
-
-jobs:
-  build_wolfssl:
-    name: Build wolfSSL
-    # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
-    # This should be a safe limit for the tests to run.
-    timeout-minutes: 4
-    steps:
-      - name: Build wolfSSL
-        uses: wolfSSL/actions-build-autotools-project@v1
-        with:
-          path: wolfssl
-          configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN"
-          install: true
-
-      - name: tar build-dir
-        run: tar -zcf build-dir.tgz build-dir
-
-      - name: Upload built lib
-        uses: actions/upload-artifact@v4
-        with:
-          name: wolf-install-mosquitto
-          path: build-dir.tgz
-          retention-days: 5
-
-  mosquitto_check:
-    strategy:
-      fail-fast: false
-      matrix:
-        ref: [ 2.0.18 ]
-    name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
-    # This should be a safe limit for the tests to run.
-    timeout-minutes: 4
-    needs: build_wolfssl
-    steps:
-      - name: Download lib
-        uses: actions/download-artifact@v4
-        with:
-          name: wolf-install-mosquitto
-
-      - name: untar build-dir
-        run: tar -xf build-dir.tgz
-
-      - name: Checkout OSP
-        uses: actions/checkout@v4
-        with:
-          repository: wolfssl/osp
-          path: osp
-
-      - name: Install dependencies
-        run: |
-            export DEBIAN_FRONTEND=noninteractive
-            sudo apt-get update
-            sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make
-            sudo pip install --upgrade psutil
-
-      - name: Checkout mosquitto
-        uses: actions/checkout@v4
-        with:
-          repository: eclipse/mosquitto
-          ref: v${{ matrix.ref }}
-          path: mosquitto
-
-      - name: Configure and build mosquitto
-        run: |
-            cd $GITHUB_WORKSPACE/mosquitto/
-            patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch
-            make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir
-
-      - name: Run mosquitto tests
-        working-directory: ./mosquitto
-        run: |
-          # Retry up to five times
-          for i in {1..5}; do
-            TEST_RES=0
-            make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$?
-            if [ "$TEST_RES" -eq "0" ]; then
-              break
-            fi
-          done
-          if [ "$TEST_RES" -ne "0" ]; then
-            exit $TEST_RES
-          fi
+name: mosquitto Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN"
+          install: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-mosquitto
+          path: build-dir.tgz
+          retention-days: 5
+
+  mosquitto_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        ref: [ 2.0.18 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-mosquitto
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Install dependencies
+        run: |
+            export DEBIAN_FRONTEND=noninteractive
+            sudo apt-get update
+            sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil
+
+      - name: Checkout mosquitto
+        uses: actions/checkout@v4
+        with:
+          repository: eclipse/mosquitto
+          ref: v${{ matrix.ref }}
+          path: mosquitto
+
+      - name: Update certs
+        run: |
+            cd $GITHUB_WORKSPACE/mosquitto/test/ssl
+            ./gen.sh
+            cat all-ca.crt >> server.crt
+
+      - name: Configure and build mosquitto
+        run: |
+            cd $GITHUB_WORKSPACE/mosquitto/
+            patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch
+            make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir
+
+      - name: Run mosquitto tests
+        working-directory: ./mosquitto
+        run: |
+          # Retry up to five times
+          for i in {1..5}; do
+            TEST_RES=0
+            make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$?
+            if [ "$TEST_RES" -eq "0" ]; then
+              break
+            fi
+          done
+          if [ "$TEST_RES" -ne "0" ]; then
+            exit $TEST_RES
+          fi
diff --git a/.github/workflows/multi-arch.yml b/.github/workflows/multi-arch.yml
index f296464f9..729048a6c 100644
--- a/.github/workflows/multi-arch.yml
+++ b/.github/workflows/multi-arch.yml
@@ -36,7 +36,8 @@ jobs:
             CFLAGS: -marm -DWOLFSSL_SP_ARM_ARCH=6
             ARCH: armel
             EXTRA_OPTS: --enable-sp-asm
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
     steps:
@@ -51,7 +52,7 @@ jobs:
             CFLAGS: ${{ matrix.CFLAGS }}
             QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
         run: ./autogen.sh && ./configure --host=${{ matrix.HOST }} --enable-all --disable-examples ${{ matrix.EXTRA_OPTS }} && make
-      - name: Print errors 
+      - name: Print errors
         if: ${{ failure() }}
         run: |
           if [ -f config.log ] ; then
diff --git a/.github/workflows/multi-compiler.yml b/.github/workflows/multi-compiler.yml
index 08e1e4e0d..591c5daed 100644
--- a/.github/workflows/multi-compiler.yml
+++ b/.github/workflows/multi-compiler.yml
@@ -21,35 +21,35 @@ jobs:
         include:
           - CC: gcc-9
             CXX: g++-9
-            OS: ubuntu-latest
+            OS: ubuntu-24.04
           - CC: gcc-10
             CXX: g++-10
-            OS: ubuntu-latest
+            OS: ubuntu-24.04
           - CC: gcc-11
             CXX: g++-11
-            OS: ubuntu-latest
+            OS: ubuntu-24.04
           - CC: gcc-12
             CXX: g++-12
-            OS: ubuntu-latest
-          - CC: clang-10
-            CXX: clang++-10
-            OS: ubuntu-20.04
+            OS: ubuntu-24.04
           - CC: clang-11
             CXX: clang++-11
-            OS: ubuntu-20.04
+            OS: ubuntu-22.04
           - CC: clang-12
             CXX: clang++-12
-            OS: ubuntu-20.04
+            OS: ubuntu-22.04
           - CC: clang-13
             CXX: clang++-13
-            OS: ubuntu-latest
+            OS: ubuntu-22.04
           - CC: clang-14
             CXX: clang++-14
-            OS: ubuntu-latest
+            OS: ubuntu-24.04
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.OS }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
+      - name: Install dependencies
+        run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y ${{ matrix.CC }}
       - uses: actions/checkout@v4
       - name: Build
         env:
diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml
index e175f487b..7ce030b80 100644
--- a/.github/workflows/net-snmp.yml
+++ b/.github/workflows/net-snmp.yml
@@ -15,8 +15,9 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -46,7 +47,8 @@ jobs:
           - ref: 5.9.3
             test_opts: -e 'agentxperl'
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     needs: build_wolfssl
@@ -58,7 +60,7 @@ jobs:
 
       - name: untar build-dir
         run: tar -xf build-dir.tgz
-    
+
       - name: Checkout OSP
         uses: actions/checkout@v4
         with:
diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml
index 6622e0d2a..868a02aba 100644
--- a/.github/workflows/nginx.yml
+++ b/.github/workflows/nginx.yml
@@ -15,8 +15,9 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -96,7 +97,7 @@ jobs:
               stream_ssl_preread.t stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t
               stream_ssl_variables.t stream_ssl_verify_client.t stream_upstream_zone_ssl.t
               upstream_zone_ssl.t uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t
-              uwsgi_ssl.t uwsgi_ssl_verify.t 
+              uwsgi_ssl.t uwsgi_ssl_verify.t
             # Following tests do not pass with sanitizer on (with OpenSSL too)
             sanitize-not-ok: >-
               grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
@@ -105,7 +106,8 @@ jobs:
               stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t
               stream_proxy_ssl_verify.t
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
     needs: build_wolfssl
@@ -221,4 +223,4 @@ jobs:
           LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
             TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
             prove ${{ matrix.sanitize-ok }}
- 
+
diff --git a/.github/workflows/no-malloc.yml b/.github/workflows/no-malloc.yml
index 88e5eedd7..25c9c8288 100644
--- a/.github/workflows/no-malloc.yml
+++ b/.github/workflows/no-malloc.yml
@@ -18,10 +18,11 @@ jobs:
       matrix:
         config: [
           # Add new configs here
-          '--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC"',
+          '--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"',
         ]
     name: make check
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
     steps:
@@ -35,7 +36,7 @@ jobs:
           make
           ./wolfcrypt/test/testwolfcrypt
 
-      - name: Print errors 
+      - name: Print errors
         if: ${{ failure() }}
         run: |
           if [ -f test-suite.log ] ; then
diff --git a/.github/workflows/nss.sh b/.github/workflows/nss.sh
new file mode 100644
index 000000000..8a78e0fd5
--- /dev/null
+++ b/.github/workflows/nss.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+set -e
+set -x
+
+# Setup nss cert db
+mkdir nssdb
+./dist/Debug/bin/certutil -d nssdb -N --empty-password
+./dist/Debug/bin/certutil -d nssdb  -A -a -i  wolfssl/certs/test/server-localhost.pem \
+    -t TCP -n 'wolf localhost'
+
+# App data for nss
+echo Hello from nss > /tmp/in
+
+# TLS 1.3 test
+env -C wolfssl ./examples/server/server -v 4 -p 4433 \
+    -c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
+sleep 0.1
+./dist/Debug/bin/tstclnt -V tls1.3: -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
+sleep 0.1
+
+# DTLS 1.3 test
+env -C wolfssl ./examples/server/server -v 4 -p 4433 -u \
+    -c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
+sleep 0.1
+./dist/Debug/bin/tstclnt -V tls1.3: -P client -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
+sleep 0.1
diff --git a/.github/workflows/nss.yml b/.github/workflows/nss.yml
new file mode 100644
index 000000000..e7d911bd1
--- /dev/null
+++ b/.github/workflows/nss.yml
@@ -0,0 +1,89 @@
+name: nss interop Tests
+
+### TODO uncomment stuff
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+env:
+  NSS_REF: NSS_3_107_RTM
+
+jobs:
+  build_nss:
+    name: Build nss
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 30
+    steps:
+      - name: Checking if we have nss in cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: dist
+          key: nss-${{ env.NSS_REF }}
+          lookup-only: true
+
+      - name: Install dependencies
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          # hostap dependencies
+          sudo apt-get install -y gyp ninja-build
+
+      - name: Checkout nss
+        if: steps.cache.outputs.cache-hit != 'true'
+        uses: actions/checkout@v4
+        with:
+          repository: nss-dev/nss
+          ref: ${{ env.NSS_REF }}
+          path: nss
+
+      - name: Compile nss
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          hg clone https://hg.mozilla.org/projects/nspr
+          cd nss
+          ./build.sh
+
+  nss_test:
+    name: Test interop with nss
+    runs-on: ubuntu-22.04
+    needs: build_nss
+    timeout-minutes: 10
+    if: github.repository_owner == 'wolfssl'
+    steps:
+      - name: Checking if we have nss in cache
+        uses: actions/cache/restore@v4
+        id: cache
+        with:
+          path: dist
+          key: nss-${{ env.NSS_REF }}
+          fail-on-cache-miss: true
+
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-dtls --enable-dtls13
+          install: false
+          check: false
+
+      - name: Test interop
+        run: bash wolfssl/.github/workflows/nss.sh
+
+      - name: print server logs
+        if: ${{ failure() }}
+        run: |
+          cat /tmp/server.log
diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml
index f4f06bef1..2acd82b22 100644
--- a/.github/workflows/ntp.yml
+++ b/.github/workflows/ntp.yml
@@ -15,8 +15,9 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -43,9 +44,10 @@ jobs:
       fail-fast: false
       matrix:
         # List of releases to test
-        ref: [ 4.2.8p15 ]
+        ref: [ 4.2.8p15, 4.2.8p17 ]
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
     needs: build_wolfssl
@@ -89,4 +91,3 @@ jobs:
           ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
           make -j
           make -j check
- 
\ No newline at end of file
diff --git a/.github/workflows/ocsp.yml b/.github/workflows/ocsp.yml
index 3937b2e7f..b7c8f8ef5 100644
--- a/.github/workflows/ocsp.yml
+++ b/.github/workflows/ocsp.yml
@@ -15,7 +15,8 @@ concurrency:
 jobs:
   ocsp_stapling:
     name: ocsp stapling
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     timeout-minutes: 10
     steps:
       - name: Checkout wolfSSL
diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml
new file mode 100644
index 000000000..b77dd3ea9
--- /dev/null
+++ b/.github/workflows/openldap.yml
@@ -0,0 +1,91 @@
+name: openldap Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-openldap CPPFLAGS=-DWOLFSSL_NO_ASN_STRICT
+          install: true
+          check: true
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-openldap
+          path: build-dir.tgz
+          retention-days: 5
+
+  openldap_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # List of releases to test
+          - osp_ref: 2.5.13
+            git_ref: OPENLDAP_REL_ENG_2_5_13
+          - osp_ref: 2.6.7
+            git_ref: OPENLDAP_REL_ENG_2_6_7
+    name: ${{ matrix.osp_ref }}
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-openldap
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout openldap
+        uses: actions/checkout@v4
+        with:
+          repository: openldap/openldap
+          path: openldap
+          ref: ${{ matrix.git_ref }}
+
+      - name: Build and test OpenLDAP
+        working-directory: openldap
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          patch -p1 < $GITHUB_WORKSPACE/osp/openldap/${{ matrix.osp_ref }}/openldap-${{ matrix.osp_ref }}.patch
+          rm aclocal.m4
+          autoreconf -ivf
+          ./configure --with-tls=wolfssl --disable-bdb --disable-hdb \
+            CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include \
+              -I$GITHUB_WORKSPACE/build-dir/include/wolfssl \
+              -L$GITHUB_WORKSPACE/build-dir/lib"
+          make -j depend
+          make -j
+          make -j check
diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml
index 456ca842c..83b122773 100644
--- a/.github/workflows/openssh.yml
+++ b/.github/workflows/openssh.yml
@@ -15,8 +15,9 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -26,7 +27,7 @@ jobs:
           path: wolfssl
           configure: >-
             --enable-openssh --enable-dsa --with-max-rsa-bits=8192
-            --enable-intelasm --enable-sp-asm
+            --enable-intelasm --enable-sp-asm CFLAGS="-DRSA_MIN_SIZE=1024"
           install: true
 
       - name: tar build-dir
@@ -47,7 +48,8 @@ jobs:
           - git_ref: 'V_9_6_P1'
             osp_ver: '9.6'
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     needs: build_wolfssl
     steps:
       - name: Download lib
@@ -74,7 +76,7 @@ jobs:
           configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
           check: false
 
-      # make tests take >20 minutes. Consider limiting? 
+      # make tests take >20 minutes. Consider limiting?
       - name: Run tests
         working-directory: ./openssh
         run: |
diff --git a/.github/workflows/opensslcoexist.yml b/.github/workflows/opensslcoexist.yml
new file mode 100644
index 000000000..1b59bec85
--- /dev/null
+++ b/.github/workflows/opensslcoexist.yml
@@ -0,0 +1,50 @@
+name: OPENSSL_COEXIST and TEST_OPENSSL_COEXIST
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic"',
+          '--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic -DTEST_OPENSSL_COEXIST"'
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test --enable-opensslcoexist and TEST_OPENSSL_COEXIST
+        run: |
+          ./autogen.sh || $(exit 2)
+          ./configure ${{ matrix.config }} || $(exit 3)
+          make -j 4 || $(exit 4)
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          for file in config.log scripts/*.log
+          do
+              if [ -f "$file" ]; then
+                  echo "${file}:"
+                  cat "$file"
+                  echo "========================================================================"
+              fi
+          done
diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml
index a547e8d8f..974630145 100644
--- a/.github/workflows/openvpn.yml
+++ b/.github/workflows/openvpn.yml
@@ -15,8 +15,9 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -42,9 +43,10 @@ jobs:
       fail-fast: false
       matrix:
         # List of refs to test
-        ref: [ release/2.6, v2.6.0, master ]
+        ref: [ release/2.6, master ]
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
     needs: build_wolfssl
diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml
index 68557a31a..190a26b62 100644
--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@@ -17,7 +17,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest, macos-latest ]
+        os: [ ubuntu-22.04, macos-latest ]
         config: [
           # Add new configs here
           '',
@@ -25,16 +25,26 @@ jobs:
           '--enable-all --enable-asn=original',
           '--enable-harden-tls',
           '--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
-             --enable-opensslextra --enable-sessioncerts 
-             CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE 
+             --enable-opensslextra --enable-sessioncerts
+             CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
              -DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
           '--enable-all --enable-secure-renegotiation',
           '--enable-all --enable-haproxy --enable-quic',
-          '--enable-dtls --enable-dtls13 --enable-earlydata 
-             --enable-session-ticket --enable-psk 
+          '--enable-dtls --enable-dtls13 --enable-earlydata
+             --enable-session-ticket --enable-psk
              CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
+          '--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
+             --enable-dtls-frag-ch',
+          '--enable-all --enable-dtls13 --enable-dtls-frag-ch',
+          '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
+           --enable-dtls-mtu',
+          '--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
+            --enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
+          '--enable-ascon --enable-experimental',
+          '--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
         ]
     name: make check
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
@@ -49,12 +59,13 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest, macos-latest ]
+        os: [ ubuntu-22.04, macos-latest ]
         user-settings: [
           # Add new user_settings.h here
           'examples/configs/user_settings_all.h',
         ]
     name: make user_setting.h
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
@@ -70,9 +81,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest, macos-latest ]
+        os: [ ubuntu-22.04, macos-latest ]
         user-settings: [
           # Add new user_settings.h here
+          'examples/configs/user_settings_eccnonblock.h',
           'examples/configs/user_settings_min_ecc.h',
           'examples/configs/user_settings_wolfboot_keytools.h',
           'examples/configs/user_settings_wolftpm.h',
@@ -80,6 +92,7 @@ jobs:
           'examples/configs/user_settings_tls12.h',
         ]
     name: make user_setting.h (testwolfcrypt only)
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
@@ -99,8 +112,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest, macos-latest ]
+        os: [ ubuntu-22.04, macos-latest ]
     name: make user_setting.h (with sed)
+    if: github.repository_owner == 'wolfssl'
     runs-on: ${{ matrix.os }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 14
@@ -119,7 +133,12 @@ jobs:
 
   windows_build:
     name: Windows Build Test
+    if: github.repository_owner == 'wolfssl'
     runs-on: windows-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: [ x64, Win32, ARM64 ]
     # This should be a safe limit for the tests to run.
     timeout-minutes: 6
     env:
@@ -130,7 +149,6 @@ jobs:
       # You can convert this to a build matrix if you need coverage of multiple configuration types.
       # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
       BUILD_CONFIGURATION: Release
-      BUILD_PLATFORM: x64
     steps:
     - uses: actions/checkout@v4
 
@@ -145,8 +163,9 @@ jobs:
       working-directory: ${{env.GITHUB_WORKSPACE}}
       # Add additional options to the MSBuild command line here (like platform or verbosity level).
       # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
-      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{matrix.arch}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
 
-    - name: Run Test
+    - if: ${{ matrix.arch != 'ARM64' }}
+      name: Run Test
       working-directory: ${{env.GITHUB_WORKSPACE}}
-      run: Release/x64/testsuite.exe
+      run: Release/${{matrix.arch}}/testsuite.exe
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
index b4657110c..e498e33af 100644
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@@ -15,7 +15,8 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Package wolfSSL
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 10
     steps:
@@ -37,8 +38,9 @@ jobs:
       - name: Build wolfSSL .deb
         run: make deb-docker
 
-      - name: Build wolfSSL .rpm
-        run: make rpm-docker
+# disabled 20240919 -- broken target.
+#      - name: Build wolfSSL .rpm
+#        run: make rpm-docker
 
       - name: Confirm packages built
         run: |
@@ -47,8 +49,9 @@ jobs:
             echo Did not find exactly two deb packages!!!
             exit 1
           fi
-          RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
-          if [ "$RPM_COUNT" != "4" ]; then
-            echo Did not find exactly four rpm packages!!!
-            exit 1
-          fi
+# disabled 20240919 -- broken target.
+#          RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
+#          if [ "$RPM_COUNT" != "4" ]; then
+#            echo Did not find exactly four rpm packages!!!
+#            exit 1
+#          fi
diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml
index dda320064..22da7d6b6 100644
--- a/.github/workflows/pam-ipmi.yml
+++ b/.github/workflows/pam-ipmi.yml
@@ -16,8 +16,9 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -46,7 +47,8 @@ jobs:
       matrix:
         git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ]
     name: ${{ matrix.git_ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     needs: build_wolfssl
     steps:
       - name: Install dependencies
@@ -54,8 +56,7 @@ jobs:
           # Don't prompt for anything
           export DEBIAN_FRONTEND=noninteractive
           sudo apt-get update
-          sudo apt-get install libpam-dev ninja-build
-          sudo pip3 install meson
+          sudo apt-get install libpam-dev ninja-build meson
 
       - name: Download lib
         uses: actions/download-artifact@v4
diff --git a/.github/workflows/pq-all.yml b/.github/workflows/pq-all.yml
new file mode 100644
index 000000000..233a802e0
--- /dev/null
+++ b/.github/workflows/pq-all.yml
@@ -0,0 +1,50 @@
+name: Quantum Resistant Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
+          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++'
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test wolfSSL
+        run: |
+          ./autogen.sh
+          ./configure ${{ matrix.config }}
+          make -j 4
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          for file in scripts/*.log
+          do
+              if [ -f "$file" ]; then
+                  echo "${file}:"
+                  cat "$file"
+                  echo "========================================================================"
+              fi
+          done
diff --git a/.github/workflows/rng-tools.yml b/.github/workflows/rng-tools.yml
index 47b7827e2..44d3a20e2 100644
--- a/.github/workflows/rng-tools.yml
+++ b/.github/workflows/rng-tools.yml
@@ -15,8 +15,9 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -45,7 +46,8 @@ jobs:
         # List of releases to test
         ref: [ 6.16 ]
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     needs: build_wolfssl
@@ -64,7 +66,7 @@ jobs:
 
       - name: untar build-dir
         run: tar -xf build-dir.tgz
-    
+
       - name: Checkout OSP
         uses: actions/checkout@v4
         with:
diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml
index fe2c8252a..91417e7a7 100644
--- a/.github/workflows/socat.yml
+++ b/.github/workflows/socat.yml
@@ -15,7 +15,8 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     timeout-minutes: 4
     steps:
       - name: Build wolfSSL
@@ -37,9 +38,8 @@ jobs:
 
 
   socat_check:
-    strategy:
-      fail-fast: false
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 30
     needs: build_wolfssl
@@ -70,7 +70,7 @@ jobs:
         run: |
           patch -p1 < ../osp/socat/1.8.0.0/socat-1.8.0.0.patch
           autoreconf -vfi
-          ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
+          ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --enable-default-ipv=4
           make
 
       - name: Run socat tests
@@ -78,4 +78,4 @@ jobs:
         run: |
           export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
           export SHELL=/bin/bash
-          SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 146,216,309,310,386,399,402,459,460,467,468,478,492,528,530
+          SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,459,460,467,468,475,478,492,528,530
diff --git a/.github/workflows/softhsm.yml b/.github/workflows/softhsm.yml
new file mode 100644
index 000000000..bb3824d17
--- /dev/null
+++ b/.github/workflows/softhsm.yml
@@ -0,0 +1,94 @@
+name: SoftHSMv2 Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-softhsm
+          path: build-dir.tgz
+          retention-days: 5
+
+  softhsm_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.6.1 ]
+    name: ${{ matrix.ref }}
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y libcppunit-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-softhsm
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Checkout SoftHSMv2
+        uses: actions/checkout@v4
+        with:
+          repository: opendnssec/SoftHSMv2
+          path: softhsm
+          ref: ${{ matrix.ref }}
+
+      # Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work
+      - name: Build softhsm
+        working-directory: softhsm
+        run: |
+          patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch
+          autoreconf -if
+          ./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
+          make -j
+
+      - name: Test softhsm
+        working-directory: softhsm
+        run: make -j check
diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml
new file mode 100644
index 000000000..4ef3a7968
--- /dev/null
+++ b/.github/workflows/sssd.yml
@@ -0,0 +1,99 @@
+name: sssd Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    if: github.repository_owner == 'wolfssl'
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 4
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT
+          install: true
+          check: false
+
+      - name: tar build-dir
+        run: tar -zcf build-dir.tgz build-dir
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-sssd
+          path: build-dir.tgz
+          retention-days: 5
+
+  sssd_check:
+    if: github.repository_owner == 'wolfssl'
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 2.9.1 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-22.04
+    container:
+      image: quay.io/sssd/ci-client-devel:ubuntu-latest
+      env:
+        LD_LIBRARY_PATH: /usr/local/lib
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    needs: build_wolfssl
+    steps:
+      - name: Install dependencies
+        run: |
+          # Don't prompt for anything
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt-get update
+          sudo apt-get install -y build-essential autoconf libldb-dev libldb2 python3-ldb bc
+
+      - name: Setup env
+        run: |
+          ln -s samba-4.0/ldb.h /usr/include/ldb.h
+          ln -s samba-4.0/ldb_errors.h /usr/include/ldb_errors.h
+          ln -s samba-4.0/ldb_handlers.h /usr/include/ldb_handlers.h
+          ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h
+          ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-sssd
+
+      - name: untar build-dir
+        run: tar -xf build-dir.tgz
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Build and test sssd
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: SSSD/sssd
+          ref: ${{ matrix.ref }}
+          path: sssd
+          patch-file: $GITHUB_WORKSPACE/osp/sssd/${{ matrix.ref }}.patch
+          configure: >-
+            --without-samba --without-nfsv4-idmapd-plugin --with-oidc-child=no
+            --without-manpages WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
+          check: true
+
diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml
index 7b7b09452..701a4e51b 100644
--- a/.github/workflows/stunnel.yml
+++ b/.github/workflows/stunnel.yml
@@ -15,8 +15,9 @@ concurrency:
 jobs:
   build_wolfssl:
     name: Build wolfSSL
+    if: github.repository_owner == 'wolfssl'
     # Just to keep it the same as the testing target
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -44,7 +45,8 @@ jobs:
         # List of releases to test
         ref: [ 5.67 ]
     name: ${{ matrix.ref }}
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     needs: build_wolfssl
@@ -56,7 +58,7 @@ jobs:
 
       - name: untar build-dir
         run: tar -xf build-dir.tgz
-    
+
       - name: Checkout OSP
         uses: actions/checkout@v4
         with:
diff --git a/.github/workflows/watcomc.yml b/.github/workflows/watcomc.yml
new file mode 100644
index 000000000..ea1af5704
--- /dev/null
+++ b/.github/workflows/watcomc.yml
@@ -0,0 +1,84 @@
+name: Build Watcom C
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  wolfssl_watcomc_windows:
+    if: github.repository_owner == 'wolfssl'
+    strategy:
+      fail-fast: false
+      matrix:
+        common:
+          - cmake:    '-G "Watcom WMake" -DCMAKE_VERBOSE_MAKEFILE=TRUE -DWOLFSSL_ASM=no -DWOLFSSL_EXAMPLES=no -DWOLFSSL_CRYPT_TESTS=no'
+        platform:
+          - title:   'Windows OW 2.0'
+            system:   'Windows'
+            image:    'windows-latest'
+            owimage:  '2.0'
+            id:       'win32ow20'
+            cmake:    '-DCMAKE_SYSTEM_NAME=Windows -DCMAKE_SYSTEM_PROCESSOR=x86'
+          - title:   'Linux OW 2.0'
+            system:   'Linux'
+            image:    'ubuntu-latest'
+            owimage:  '2.0'
+            id:       'linuxow20'
+            cmake:    '-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_PROCESSOR=x86'
+          - title:   'OS/2 OW 2.0'
+            system:   'OS2'
+            image:    'windows-latest'
+            owimage:  '2.0'
+            id:       'os2ow20'
+            cmake:    '-DCMAKE_SYSTEM_NAME=OS2 -DCMAKE_SYSTEM_PROCESSOR=x86'
+        thread:
+          - id:       'multi'
+            cmake:    ''
+            owcmake:  '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=MultiThreaded'
+          - id:       'single'
+            cmake:    '-DWOLFSSL_SINGLE_THREADED=yes'
+            owcmake:  '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=SingleThreaded'
+        library:
+          - id:       'dll'
+            cmake:    ''
+            owcmake:  'DLL'
+          - id:       'static'
+            cmake:    '-DBUILD_SHARED_LIBS=no'
+            owcmake:  ''
+        exclude:
+          - { platform: { system: 'Linux' }, library: { id: 'dll' } }
+    runs-on: ${{ matrix.platform.image }}
+    name: ${{ matrix.platform.title }} (${{ matrix.thread.id }} ${{ matrix.library.id }})
+    steps:
+      - name: Setup Open Watcom ${{ matrix.platform.owimage }}
+        uses: open-watcom/setup-watcom@v0
+        with:
+          version: ${{ matrix.platform.owimage }}
+
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          path: wolfssl
+
+      - name: Build wolfSSL
+        working-directory: wolfssl
+        shell: bash
+        run: |
+          cmake -B build ${{matrix.common.cmake}} ${{ matrix.platform.cmake }} ${{ matrix.thread.cmake }} ${{ matrix.library.cmake }} ${{ matrix.thread.owcmake }}${{ matrix.library.owcmake }}
+          cmake --build build
+
+      - name: Upload build errors
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.platform.id }}-${{ matrix.thread.id }}-${{ matrix.library.id }}
+          path: |
+            build/**
diff --git a/.github/workflows/win-csharp-test.yml b/.github/workflows/win-csharp-test.yml
new file mode 100644
index 000000000..12b294b6b
--- /dev/null
+++ b/.github/workflows/win-csharp-test.yml
@@ -0,0 +1,58 @@
+name: Windows CSharp Build Test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    if: github.repository_owner == 'wolfssl'
+    runs-on: windows-latest
+
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+
+    env:
+      # Path to the solution file relative to the root of the project.
+      SOLUTION_FILE_PATH: wolfssl\wrapper\CSharp\wolfSSL_CSharp.sln
+
+      # Configuration type to build.
+      # You can convert this to a build matrix if you need coverage of multiple configuration types.
+      # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+      BUILD_CONFIGURATION: Debug
+      BUILD_PLATFORM: x64
+
+    steps:
+        - name: Pull wolfssl
+          uses: actions/checkout@master
+          with:
+            repository: wolfssl/wolfssl
+            path: wolfssl
+
+        - name: Create FIPS stub files (autogen)
+          working-directory: wolfssl
+          run: |
+            echo $null >> wolfcrypt\src\fips.c
+            echo $null >> wolfcrypt\src\fips_test.c
+            echo $null >> wolfcrypt\src\wolfcrypt_first.c
+            echo $null >> wolfcrypt\src\wolfcrypt_last.c
+
+        - name: Add MSBuild to PATH
+          uses: microsoft/setup-msbuild@v1
+
+        - name: Build
+          working-directory: ${{env.GITHUB_WORKSPACE}}
+          # Add additional options to the MSBuild command line here (like platform or verbosity level).
+          # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
+          run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+
+        - name: Run wolfCrypt test
+          working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
+          run: ./wolfCrypt-test.exe
+
+        - name: Run wolfSSL client/server example
+          working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
+          run: ./wolfSSL-TLS-Server.exe && sleep 1 & ./wolfSSL-TLS-Client.exe
diff --git a/.github/workflows/wolfCrypt-Wconversion.yml b/.github/workflows/wolfCrypt-Wconversion.yml
new file mode 100644
index 000000000..77eac8531
--- /dev/null
+++ b/.github/workflows/wolfCrypt-Wconversion.yml
@@ -0,0 +1,41 @@
+name: wolfCrypt conversion warnings
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_library:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
+          '--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
+          '--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
+          '--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"'
+        ]
+    name: build library
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Build wolfCrypt with extra type conversion warnings
+        run: |
+          ./autogen.sh || $(exit 2)
+          echo "running ./configure ${{ matrix.config }}"
+          ./configure ${{ matrix.config }} || $(exit 3)
+          make -j 4 || $(exit 4)
diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml
index 2bb059c29..fb7f0d2b3 100644
--- a/.github/workflows/zephyr.yml
+++ b/.github/workflows/zephyr.yml
@@ -25,7 +25,8 @@ jobs:
             zephyr-sdk: 0.16.3
           - zephyr-ref: v2.7.4
             zephyr-sdk: 0.16.3
-    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 25
     steps:
@@ -45,9 +46,14 @@ jobs:
             libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \
             libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \
             net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \
-            python3-ply python3-setuptools python-is-python3 qemu rsync socat srecord sudo \
+            python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \
             texinfo unzip wget ovmf xz-utils
 
+      - name: Setup cmake version
+        uses: jwlawson/actions-setup-cmake@v2
+        with:
+          cmake-version: '3.25.x'
+
       - name: Install west
         run: sudo pip install west
 
diff --git a/.gitignore b/.gitignore
index 50c2ff5e7..90c76affa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@ ctaocrypt/src/src/
 *.cache
 .dirstamp
 *.user
+!*-VS2022.vcxproj.user
 configure
 config.*
 !cmake/config.in
@@ -245,6 +246,7 @@ linuxkm/libwolfssl.mod.c
 linuxkm/libwolfssl.lds
 linuxkm/module_exports.c
 linuxkm/linuxkm/get_thread_size
+*.nds
 
 # autotools generated
 scripts/unit.test
@@ -416,11 +418,16 @@ user_settings_asm.h
 # ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude:
 /IDE/Espressif/**/sdkconfig.debug
 /IDE/Espressif/**/sdkconfig.release
+/IDE/Espressif/**/sdkconfig-debug
+/IDE/Espressif/**/sdkconfig-release
 
 # Always include Espressif makefiles (typically only used for ESP8266)
 !/IDE/Espressif/**/Makefile
 !/IDE/Espressif/**/component.mk
 
+# Ignore all the example logs
+/IDE/Espressif/ESP-IDF/examples/**/logs/*
+
 # MPLAB
 /IDE/MPLABX16/wolfssl.X/dist/default/
 /IDE/MPLABX16/wolfssl.X/.generated_files
@@ -442,6 +449,12 @@ debian/changelog
 debian/control
 *.deb
 
+# Ada/Alire files
+wrapper/Ada/alire/
+wrapper/Ada/config/
+wrapper/Ada/lib/
+wrapper/Ada/obj/
+
 # PlatformIO
 /**/.pio
 /**/.vscode/.browse.c_cpp.db*
@@ -449,3 +462,7 @@ debian/control
 /**/.vscode/launch.json
 /**/.vscode/ipch
 /**/sdkconfig.esp32dev
+
+# Autogenerated debug trace headers
+wolfssl/debug-trace-error-codes.h
+wolfssl/debug-untrace-error-codes.h
diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
new file mode 100644
index 000000000..9c87962f2
--- /dev/null
+++ b/.wolfssl_known_macro_extras
@@ -0,0 +1,1017 @@
+AES_GCM_GMULT_NCT
+AFX_RESOURCE_DLL
+AFX_TARG_ENU
+ALLOW_BINARY_MISMATCH_INTROSPECTION
+ALLOW_V1_EXTENSIONS
+ANDROID
+APP_ESP_HTTP_CLIENT
+APP_ESP_HTTP_CLIENT_EXAMPLE
+APSTUDIO_INVOKED
+ARCH_sim
+ARDUINO
+ARDUINO_ARCH_ESP32
+ARDUINO_ARCH_ESP8266
+ARDUINO_ARCH_MBED
+ARDUINO_ARCH_NRF52
+ARDUINO_ARCH_RP2040
+ARDUINO_ARCH_SAMD
+ARDUINO_ARCH_STM32
+ARDUINO_SAMD_NANO_33_IOT
+ARDUINO_SAM_DUE
+ARDUINO_SEEED_XIAO
+ARDUINO_TEENSY41
+ASN_DUMP_OID
+ASN_TEMPLATE_SKIP_ISCA_CHECK
+ATCAPRINTF
+ATCA_ENABLE_DEPRECATED
+AVR
+BASE64_NO_TABLE
+BLAKE2B_SELFTEST
+BLAKE2S_SELFTEST
+BLOCKING
+BSP_DEFAULT_IO_CHANNEL_DEFINED
+BSP_LED_0
+BSP_LED_1
+BSP_SDCARD_ESDHC_CHANNEL
+BSP_SDCARD_SDHC_CHANNEL
+BSP_SDCARD_SPI_CHANNEL
+CAAM_OUT_INVALIDATE
+CERT_REL_PREFIX
+CIOCASYMFEAT
+CIOCGSESSINFO
+CMSIS_OS2_H_
+COMPONENT_WOLFSSL
+CONFIG_ARCH_CHIP_STM32F746ZG
+CONFIG_ARCH_CHIP_STM32H743ZI
+CONFIG_ARCH_CHIP_STM32L552ZE
+CONFIG_ARCH_POSIX
+CONFIG_ARM
+CONFIG_ARM64
+CONFIG_BOARD_NATIVE_POSIX
+CONFIG_COMPILER_OPTIMIZATION_DEFAULT
+CONFIG_COMPILER_OPTIMIZATION_NONE
+CONFIG_COMPILER_OPTIMIZATION_PERF
+CONFIG_COMPILER_OPTIMIZATION_SIZE
+CONFIG_CRYPTO_FIPS
+CONFIG_CRYPTO_MANAGER
+CONFIG_CSPRNG_ENABLED
+CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32C3_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
+CONFIG_ESP8266_XTAL_FREQ_26
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_160
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_80
+CONFIG_ESP_ENABLE_WOLFSSH
+CONFIG_ESP_MAIN_TASK_STACK_SIZE
+CONFIG_ESP_TLS_USING_WOLFSSL
+CONFIG_ESP_WIFI_PASSWORD
+CONFIG_ESP_WIFI_SSID
+CONFIG_ESP_WOLFSSL_ENABLE_KYBER
+CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH
+CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT
+CONFIG_ESP_WOLFSSL_NO_HW_AES
+CONFIG_ESP_WOLFSSL_NO_HW_HASH
+CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI
+CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+CONFIG_FREERTOS_HZ
+CONFIG_FREERTOS_UNICORE
+CONFIG_IDF_TARGET
+CONFIG_IDF_TARGET_ARCH_RISCV
+CONFIG_IDF_TARGET_ARCH_XTENSA
+CONFIG_IDF_TARGET_ESP32
+CONFIG_IDF_TARGET_ESP32C2
+CONFIG_IDF_TARGET_ESP32C3
+CONFIG_IDF_TARGET_ESP32C6
+CONFIG_IDF_TARGET_ESP32H2
+CONFIG_IDF_TARGET_ESP32P4
+CONFIG_IDF_TARGET_ESP32S2
+CONFIG_IDF_TARGET_ESP32S3
+CONFIG_IDF_TARGET_ESP8266
+CONFIG_IDF_TARGET_ESP8684
+CONFIG_MAIN_TASK_STACK_SIZE
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
+CONFIG_MBEDTLS_PSA_CRYPTO_C
+CONFIG_MIPS
+CONFIG_MODULE_SIG
+CONFIG_NET_SOCKETS_SOCKOPT_TLS
+CONFIG_NEWLIB_LIBC
+CONFIG_NEWLIB_NANO_FORMAT
+CONFIG_PICOLIBC
+CONFIG_POSIX_API
+CONFIG_POSIX_THREADS
+CONFIG_PREEMPT_COUNT
+CONFIG_PTHREAD_IPC
+CONFIG_SMP
+CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH
+CONFIG_TIMER_TASK_STACK_DEPTH
+CONFIG_TIMER_TASK_STACK_SIZE
+CONFIG_TLS_STACK_WOLFSSL
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME
+CONFIG_USE_WOLFSSL_ESP_SDK_WIFI
+CONFIG_WOLFCRYPT_ARMASM
+CONFIG_WOLFCRYPT_FIPS
+CONFIG_WOLFCRYPT_INTELASM
+CONFIG_WOLFSSL
+CONFIG_WOLFSSL_ALLOW_TLS13
+CONFIG_WOLFSSL_ALPN
+CONFIG_WOLFSSL_ALT_CERT_CHAINS
+CONFIG_WOLFSSL_APPLE_HOMEKIT
+CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+CONFIG_WOLFSSL_DTLS
+CONFIG_WOLFSSL_ENABLE_KYBER
+CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+CONFIG_WOLFSSL_EXAMPLE_NAME_NONE
+CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE
+CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+CONFIG_WOLFSSL_HKDF
+CONFIG_WOLFSSL_MAX_FRAGMENT_LEN
+CONFIG_WOLFSSL_NO_ASN_STRICT
+CONFIG_WOLFSSL_PSK
+CONFIG_WOLFSSL_RSA_PSS
+CONFIG_WOLFSSL_TARGET_HOST
+CONFIG_WOLFSSL_TARGET_PORT
+CONFIG_WOLFSSL_TLS13_ENABLED
+CONFIG_WOLFSSL_TLS_VERSION_1_2
+CONFIG_WOLFSSL_TLS_VERSION_1_3
+CONFIG_WOLFTPM
+CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+CONFIG_X86
+CONV_WITH_DIV
+CPA_CY_API_VERSION_NUM_MAJOR
+CPU_MIMXRT1176DVMAA_cm7
+CPU_MK82FN256VLL15
+CRLDP_VALIDATE_DATA
+CRL_REPORT_LOAD_ERRORS
+CRL_STATIC_REVOKED_LIST
+CRYPTOCELL_KEY_SIZE
+CRYP_HEADERWIDTHUNIT_BYTE
+CRYP_KEYIVCONFIG_ONCE
+CRYP_KEYSIZE_192B
+CSM_UNSUPPORTED_ALGS
+CTYPE_USER
+CURVED448_SMALL
+CY_USING_HAL
+DCP_USE_DCACHE
+DILITHIUM_MUL_11_SLOW
+DILITHIUM_MUL_44_SLOW
+DILITHIUM_MUL_QINV_SLOW
+DILITHIUM_MUL_Q_SLOW
+DILITHIUM_MUL_SLOW
+DILITHIUM_USE_HINT_CT
+DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER
+ECCSI_ORDER_MORE_BITS_THAN_PRIME
+ECC_DUMP_OID
+ECDHE_SIZE
+ENABLE_SECURE_SOCKETS_LOGS
+ESP32
+ESP8266
+ESP_ENABLE_WOLFSSH
+ESP_IDF_VERSION_MAJOR
+ESP_IDF_VERSION_MINOR
+ESP_PLATFORM
+ESP_TASK_MAIN_STACK
+ETHERNET_AVAILABLE
+EV_TRIGGER
+FP_ECC_CONTROL
+FREERTOS_TCP_WINSIM
+FREESCALE
+FREESCALE_RNGB
+FREESCALE_USE_MMCAU_CLASSIC
+FSL_FEATURE_HAS_L1CACHE
+FSL_FEATURE_LTC_HAS_DES
+FSL_FEATURE_LTC_HAS_GCM
+FSL_FEATURE_LTC_HAS_PKHA
+FSL_FEATURE_LTC_HAS_SHA
+FSL_FEATURE_SOC_LTC_COUNT
+FSL_FEATURE_SOC_MMCAU_COUNT
+FSL_FEATURE_SOC_RNG_COUNT
+FSL_FEATURE_SOC_TRNG_COUNT
+FUSION_RTOS
+GENERATE_MACHINE_PARSEABLE_REPORT
+GE_P3_TOBYTES_IMPL
+GOAHEAD_WS
+HAL_RTC_MODULE_ENABLED
+HARDWARE_CACHE_COHERENCY
+HASH_AlgoMode_HASH
+HASH_BYTE_SWAP
+HASH_CR_LKEY
+HASH_DIGEST
+HASH_DataType_8b
+HASH_IMR_DCIE
+HASH_IMR_DINIE
+HAVE_AESGCM_DECRYPT
+HAVE_BYTEREVERSE64
+HAVE_CERTIFICATE_STATUS_V2
+HAVE_COLDFIRE_SEC
+HAVE_CRL_UPDATE_CB
+HAVE_CSHARP
+HAVE_CURL
+HAVE_CURVE22519
+HAVE_DANE
+HAVE_ECC239
+HAVE_ECC320
+HAVE_ECC512
+HAVE_ECC_CDH_CAST
+HAVE_ECC_SM2
+HAVE_ESP_CLK
+HAVE_FACON
+HAVE_FIPS_VERSION_PORT
+HAVE_FUZZER
+HAVE_INTEL_MULX
+HAVE_INTEL_QAT_SYNC
+HAVE_INTEL_SPEEDUP
+HAVE_MDK_RTX
+HAVE_NETX_BSD
+HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
+HAVE_POCO_LIB
+HAVE_RTP_SYS
+HAVE_SECURE_GETENV
+HAVE_STACK_SIZE_VERBOSE_LOG
+HAVE_THREADX
+HAVE_TM_TYPE
+HAVE_VALIDATE_DATE
+HAVE_VA_COPY
+HAVE_X448
+HONOR_MATH_USED_LENGTH
+HSM_KEY_TYPE_HMAC_224
+HSM_KEY_TYPE_HMAC_256
+HSM_KEY_TYPE_HMAC_384
+HSM_KEY_TYPE_HMAC_512
+HSM_OP_KEY_GENERATION_FLAGS_CREATE
+HSM_OP_KEY_GENERATION_FLAGS_UPDATE
+HSM_SVC_KEY_STORE_FLAGS_UPDATE
+HWCAP_ASIMDRDM
+IDIRECT_DEV_RANDOM
+IDIRECT_DEV_TIME
+ID_TRNG
+IGNORE_KEY_EXTENSIONS
+IGNORE_NETSCAPE_CERT_TYPE
+INCLUDE_uxTaskGetStackHighWaterMark
+INTEGRITY
+INTIMEVER
+IOTSAFE_NO_GETDATA
+IOTSAFE_SIG_8BIT_LENGTH
+KCAPI_USE_XMALLOC
+K_SERIES
+LIBWOLFSSL_VERSION_GIT_BRANCH
+LIBWOLFSSL_VERSION_GIT_HASH
+LIBWOLFSSL_VERSION_GIT_HASH_DATE
+LIBWOLFSSL_VERSION_GIT_ORIGIN
+LIBWOLFSSL_VERSION_GIT_SHORT_HASH
+LIBWOLFSSL_VERSION_GIT_TAG
+LINUXKM_FPU_STATES_FOLLOW_THREADS
+LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+LINUX_CYCLE_COUNT
+LINUX_RUSAGE_UTIME
+LP64
+MAX3266X_AESGCM
+MAX3266X_RSA
+MAXQ10XX_PRODUCTION_KEY
+MAXQ_EXPORT_TLS_KEYS
+MAXQ_SHA1
+MAXSEG_64K
+MAX_WOLFSSL_FILE_SIZE
+MDK_CONF_BARE_METAL
+MDK_CONF_FS
+MDK_CONF_RTX_TCP_FS
+MDK_CONF_TCP_FS
+MDK_WOLFLIB
+MICRIUM_MALLOC
+MICROCHIP_MPLAB_HARMONY
+MICROCHIP_MPLAB_HARMONY_3
+MICRO_SESSION_CACHEx
+MLKEM_NONDETERMINISTIC
+MODULE_SOCK_TCP
+MP_31BIT
+MP_8BIT
+MQX_USE_IO_OLD
+MULTI_VALUE_STATISTICS
+MUTEX_DURING_INIT
+NEED_THREADX_TYPES
+NETX_DUO
+NET_SECURE_MODULE_EN
+NOTE_TRIGGER
+NO_AES_DECRYPT
+NO_ARDUINO_DEFAULT
+NO_ASM
+NO_ASN_OLD_TYPE_NAMES
+NO_CAMELLIA_CBC
+NO_CERT
+NO_CIPHER_SUITE_ALIASES
+NO_CLIENT_CACHE
+NO_CLOCK_SPEEDUP
+NO_CURVE25519_KEY_EXPORT
+NO_CURVE25519_KEY_IMPORT
+NO_CURVE25519_SHARED_SECRET
+NO_CURVE448_KEY_EXPORT
+NO_CURVE448_KEY_IMPORT
+NO_CURVE448_SHARED_SECRET
+NO_DEV_URANDOM
+NO_ECC384
+NO_ECC521
+NO_ECC_CACHE_CURVE
+NO_ECC_CHECK_KEY
+NO_ECC_CHECK_PUBKEY_ORDER
+NO_ECC_KEY_IMPORT
+NO_ECC_MAKE_PUB
+NO_ED25519_CLIENT_AUTH
+NO_ED25519_KEY_EXPORT
+NO_ED25519_KEY_IMPORT
+NO_ED25519_MAKE_KEY
+NO_ED25519_SIGN
+NO_ED25519_VERIFY
+NO_ED448_CLIENT_AUTH
+NO_ED448_KEY_EXPORT
+NO_ED448_KEY_IMPORT
+NO_ED448_SIGN
+NO_ED448_VERIFY
+NO_ESP_MP_MUL_EVEN_ALT_CALC
+NO_FORCE_SCR_SAME_SUITE
+NO_GCM_ENCRYPT_EXTRA
+NO_GETENV
+NO_HANDSHAKE_DONE_CB
+NO_IMX6_CAAM_AES
+NO_IMX6_CAAM_HASH
+NO_OLD_NAMES
+NO_OLD_POLY1305
+NO_OLD_TIMEVAL_NAME
+NO_PBKDF1
+NO_PIC32MZ_CRYPT
+NO_PIC32MZ_HASH
+NO_PIC32MZ_RNG
+NO_PKCS11_AES
+NO_PKCS11_AESCBC
+NO_PKCS11_AESGCM
+NO_PKCS11_ECC
+NO_PKCS11_ECDH
+NO_PKCS11_EC_KEYGEN
+NO_PKCS11_HMAC
+NO_PKCS11_RNG
+NO_PKCS11_RSA
+NO_PKCS11_RSA_PKCS
+NO_PKCS7
+NO_PKCS7_COMPRESSED_DATA
+NO_PKCS7_ENCRYPTED_DATA
+NO_PKCS7_STREAM
+NO_POLY1305_ASM
+NO_PUBLIC_CCM_SET_NONCE
+NO_PUBLIC_GCM_SET_IV
+NO_RESUME_SUITE_CHECK
+NO_RNG
+NO_RNG_MUTEX
+NO_SESSION_CACHE_ROW_LOCK
+NO_SKID
+NO_SKIP_PREVIEW
+NO_STDIO_FGETS_REMAP
+NO_TKERNEL_MEM_POOL
+NO_TLSX_PSKKEM_PLAIN_ANNOUNCE
+NO_VERIFY_OID
+NO_WC_SSIZE_TYPE
+NO_WOLFSSL_ALLOC_ALIGN
+NO_WOLFSSL_AUTOSAR_CRYIF
+NO_WOLFSSL_AUTOSAR_CRYPTO
+NO_WOLFSSL_AUTOSAR_CSM
+NO_WOLFSSL_BASE64_DECODE
+NO_WOLFSSL_BN_CTX
+NO_WOLFSSL_MSG_EX
+NO_WOLFSSL_RENESAS_FSPSM_AES
+NO_WOLFSSL_RENESAS_FSPSM_HASH
+NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES
+NO_WOLFSSL_SHA256
+NO_WOLFSSL_SHA256_INTERLEAVE
+NO_WOLFSSL_SHA512_INTERLEAVE
+NO_WOLFSSL_SKIP_TRAILING_PAD
+NO_WOLFSSL_SMALL_STACK_STATIC
+NO_WOLFSSL_XILINX_TAG_MALLOC
+NRF52
+NRF52_SERIES
+NRF_ERROR_MODULE_ALREADY_INITIALIZED
+OLD_HELLO_ALLOWED
+OPENSSL_EXTRA_BSD
+OPENSSL_EXTRA_NO_ASN1
+OPENSSL_EXTRA_NO_BN
+OPENSSL_NO_PK
+OS_WINDOWS
+OTHERBOARD
+OTHER_BOARD
+PEER_INFO
+PKA_ECC_SCALAR_MUL_IN_B_COEFF
+PLATFORMIO
+PLUTON_CRYPTO_ECC
+PRINT_SESSION_STATS
+PTHREAD_STACK_MIN
+QAT_ENABLE_HASH
+QAT_ENABLE_RNG
+QAT_USE_POLLING_CHECK
+RC_NO_RNG
+REDIRECTION_IN3_KEYELMID
+REDIRECTION_IN3_KEYID
+REDIRECTION_OUT1_KEYELMID
+REDIRECTION_OUT1_KEYID
+REDIRECTION_OUT2_KEYELMID
+REDIRECTION_OUT2_KEYID
+RENESAS_T4_USE
+RTC_ALARMSUBSECONDMASK_ALL
+RTE_CMSIS_RTOS_RTX
+RTOS_MODULE_NET_AVAIL
+RTPLATFORM
+SA_INTERRUPT
+SCEKEY_INSTALLED
+SHA256_MANY_REGISTERS
+SHA3_BY_SPEC
+SHOW_CERTS
+SHOW_GEN
+SHOW_SIZES
+SHOW_SSID_AND_PASSWORD
+SIM_SCGC3_RNGA_MASK
+SIM_SCGC5_PORTC_MASK
+SIM_SCGC5_PORTD_MASK
+SIM_SCGC5_PORTE_MASK
+SIM_SCGC6_RNGA_MASK
+SL_SE_KEY_TYPE_ECC_P384
+SL_SE_KEY_TYPE_ECC_P521
+SL_SE_KEY_TYPE_ECC_X25519
+SL_SE_KEY_TYPE_ECC_X448
+SL_SE_PRF_HMAC_SHA1
+SOFTDEVICE_PRESENT
+SO_NOSIGPIPE
+SO_REUSEPORT
+SP_INT_NO_ASM
+SP_MATH_NEED_ADD_OFF
+SP_USE_DIVTI3
+SQRTMOD_USE_MOD_EXP
+SSL_SNIFFER_EXPORTS
+SSN_BUILDING_LIBYASSL
+STATIC_CHUNKS_ONLY
+STM32F107xC
+STM32F207xx
+STM32F217xx
+STM32F401xE
+STM32F407xx
+STM32F437xx
+STM32F756xx
+STM32F777xx
+STM32G071xx
+STM32G491xx
+STM32H563xx
+STM32H723xx
+STM32H725xx
+STM32H743xx
+STM32H753xx
+STM32H7S3xx
+STM32L475xx
+STM32L4A6xx
+STM32L552xx
+STM32L562xx
+STM32MP135Fxx
+STM32U575xx
+STM32U585xx
+STM32U5A9xx
+STM32WB55xx
+STM32WBA52xx
+STM32WL55xx
+STM32_AESGCM_PARTIAL
+STM32_HW_CLOCK_AUTO
+STM32_NUTTX_RNG
+TASK_EXTRA_STACK_SIZE
+TCP_NODELAY
+TFM_ALREADY_SET
+TFM_SMALL_MONT_SET
+THREADED_SNIFFTEST
+TIF_NEED_FPU_LOAD
+TIME_T_NOT_LONG
+TI_DUMMY_BUILD
+TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
+TSIP_RSAES_1024
+TSIP_RSAES_2048
+UNICODE
+USER_CA_CB
+USER_CUSTOM_SNIFFX
+USER_MATH_LIB
+USE_ALT_MPRIME
+USE_ANY_ADDR
+USE_CERT_BUFFERS_25519
+USE_CERT_BUFFERS_3072
+USE_ECDSA_KEYSZ_HASH_ALGO
+USE_FULL_ASSERT
+USE_HAL_DRIVER
+USE_NXP_LTC
+USE_NXP_MMCAU
+USE_QAE_THREAD_LS
+USE_SECRET_CALLBACK
+USE_STSAFE_RNG_SEED
+USE_STSAFE_VERBOSE
+USE_TLSV13
+USE_WOLF_STRNSTR
+USS_API
+WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING
+WC_AES_BS_WORD_SIZE
+WC_AES_GCM_DEC_AUTH_EARLY
+WC_ASN_HASH_SHA256
+WC_ASYNC_ENABLE_3DES
+WC_ASYNC_ENABLE_AES
+WC_ASYNC_ENABLE_ARC4
+WC_ASYNC_ENABLE_DH
+WC_ASYNC_ENABLE_ECC
+WC_ASYNC_ENABLE_ECC_KEYGEN
+WC_ASYNC_ENABLE_HMAC
+WC_ASYNC_ENABLE_MD5
+WC_ASYNC_ENABLE_RSA
+WC_ASYNC_ENABLE_RSA_KEYGEN
+WC_ASYNC_ENABLE_SHA
+WC_ASYNC_ENABLE_SHA224
+WC_ASYNC_ENABLE_SHA256
+WC_ASYNC_ENABLE_SHA3
+WC_ASYNC_ENABLE_SHA384
+WC_ASYNC_ENABLE_SHA512
+WC_ASYNC_NO_CRYPT
+WC_ASYNC_NO_HASH
+WC_CACHE_RESISTANT_BASE64_TABLE
+WC_DILITHIUM_CACHE_PRIV_VECTORS
+WC_DILITHIUM_CACHE_PUB_VECTORS
+WC_DILITHIUM_FIXED_ARRAY
+WC_DISABLE_RADIX_ZERO_PAD
+WC_ECC_NONBLOCK_ONLY
+WC_KDF_NIST_SP_800_56C
+WC_LMS_FULL_HASH
+WC_NO_RNG_SIMPLE
+WC_NO_STATIC_ASSERT
+WC_PKCS11_FIND_WITH_ID_ONLY
+WC_PROTECT_ENCRYPTED_MEM
+WC_RNG_BLOCKING
+WC_RSA_DIRECT
+WC_RSA_NONBLOCK
+WC_RSA_NONBLOCK_TIME
+WC_RSA_NO_FERMAT_CHECK
+WC_SHA384
+WC_SHA384_DIGEST_SIZE
+WC_SHA512
+WC_SSIZE_TYPE
+WC_STRICT_SIG
+WC_WANT_FLAG_DONT_USE_AESNI
+WC_XMSS_FULL_HASH
+WIFI_AVAILABLE
+WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
+WOLFSENTRY_H
+WOLFSENTRY_NO_JSON
+WOLFSSL_32BIT_MILLI_TIME
+WOLFSSL_AARCH64_PRIVILEGE_MODE
+WOLFSSL_AESNI_BY4
+WOLFSSL_AESNI_BY6
+WOLFSSL_AES_CTR_EXAMPLE
+WOLFSSL_AFTER_DATE_CLOCK_SKEW
+WOLFSSL_ALGO_HW_MUTEX
+WOLFSSL_ALLOW_CRIT_AIA
+WOLFSSL_ALLOW_CRIT_AKID
+WOLFSSL_ALLOW_CRIT_SKID
+WOLFSSL_ALLOW_ENCODING_CA_FALSE
+WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST
+WOLFSSL_ALLOW_NO_CN_IN_SAN
+WOLFSSL_ALLOW_NO_SUITES
+WOLFSSL_ALLOW_SERVER_SC_EXT
+WOLFSSL_ALLOW_TLS_SHA1
+WOLFSSL_ALTERNATIVE_DOWNGRADE
+WOLFSSL_ALT_NAMES_NO_REV
+WOLFSSL_ARM_ARCH_NEON_64BIT
+WOLFSSL_ASCON_UNROLL
+WOLFSSL_ASNC_CRYPT
+WOLFSSL_ASN_EXTRA
+WOLFSSL_ASN_INT_LEAD_0_ANY
+WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
+WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
+WOLFSSL_ATECC508
+WOLFSSL_ATECC508A_NOIDLE
+WOLFSSL_ATECC508A_NOSOFTECC
+WOLFSSL_ATECC508A_TLS
+WOLFSSL_ATECC_ECDH_IOENC
+WOLFSSL_ATECC_NO_ECDH_ENC
+WOLFSSL_ATECC_RNG
+WOLFSSL_ATECC_TFLXTLS
+WOLFSSL_ATECC_TNGTLS
+WOLFSSL_ATMEL
+WOLFSSL_ATMEL_TIME
+WOLFSSL_BEFORE_DATE_CLOCK_SKEW
+WOLFSSL_BIGINT_TYPES
+WOLFSSL_BIO_NO_FLOW_STATS
+WOLFSSL_BLAKE2B_INIT_EACH_FIELD
+WOLFSSL_BLAKE2S_INIT_EACH_FIELD
+WOLFSSL_BLIND_PRIVATE_KEY
+WOLFSSL_BYTESWAP32_ASM
+WOLFSSL_CAAM_BLACK_KEY_AESCCM
+WOLFSSL_CAAM_BLACK_KEY_SM
+WOLFSSL_CAAM_NO_BLACK_KEY
+WOLFSSL_CALLBACKS
+WOLFSSL_CHECK_DESKEY
+WOLFSSL_CHECK_MEM_ZERO
+WOLFSSL_CHIBIOS
+WOLFSSL_CLANG_TIDY
+WOLFSSL_CLIENT_EXAMPLE
+WOLFSSL_COMMERCIAL_LICENSE
+WOLFSSL_CONTIKI
+WOLFSSL_CRL_ALLOW_MISSING_CDP
+WOLFSSL_CURVE25519_BLINDING
+WOLFSSL_CUSTOM_CONFIG
+WOLFSSL_DILITHIUM_ASSIGN_KEY
+WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM
+WOLFSSL_DILITHIUM_NO_ASN1
+WOLFSSL_DILITHIUM_NO_CHECK_KEY
+WOLFSSL_DILITHIUM_NO_LARGE_CODE
+WOLFSSL_DILITHIUM_NO_MAKE
+WOLFSSL_DILITHIUM_REVERSE_HASH_OID
+WOLFSSL_DILITHIUM_SIGN_CHECK_W0
+WOLFSSL_DILITHIUM_SIGN_CHECK_Y
+WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
+WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
+WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
+WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
+WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
+WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
+WOLFSSL_DTLS_DISALLOW_FUTURE
+WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT
+WOLFSSL_DUMP_MEMIO_STREAM
+WOLFSSL_DUP_CERTPOL
+WOLFSSL_ECC_BLIND_K
+WOLFSSL_ECC_GEN_REJECT_SAMPLING
+WOLFSSL_ECC_NO_SMALL_STACK
+WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED
+WOLFSSL_ECDHX_SHARED_NOT_ZERO
+WOLFSSL_ECDSA_MATCH_HASH
+WOLFSSL_ECDSA_SET_K_ONE_LOOP
+WOLFSSL_EC_POINT_CMP_JACOBIAN
+WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
+WOLFSSL_EMNET
+WOLFSSL_ESPWROOM32
+WOLFSSL_EVP_PRINT
+WOLFSSL_EXPORT_INT
+WOLFSSL_EXPORT_SPC_SZ
+WOLFSSL_EXTRA
+WOLFSSL_FORCE_OCSP_NONCE_CHECK
+WOLFSSL_FRDM_K64
+WOLFSSL_FRDM_K64_JENKINS
+WOLFSSL_FUNC_TIME
+WOLFSSL_FUNC_TIME_LOG
+WOLFSSL_GEN_CERT
+WOLFSSL_GETRANDOM
+WOLFSSL_GNRC
+WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES
+WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
+WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
+WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
+WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
+WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
+WOLFSSL_I2D_ECDSA_SIG_ALLOC
+WOLFSSL_IAR_ARM_TIME
+WOLFSSL_IGNORE_BAD_CERT_PATH
+WOLFSSL_IMX6
+WOLFSSL_IMX6_CAAM
+WOLFSSL_IMX6_CAAM_BLOB
+WOLFSSL_IMX6_CAAM_RNG
+WOLFSSL_IMXRT_DCP
+WOLFSSL_ISOTP
+WOLFSSL_KEIL
+WOLFSSL_KEIL_NET
+WOLFSSL_KYBER_NO_DECAPSULATE
+WOLFSSL_KYBER_NO_ENCAPSULATE
+WOLFSSL_KYBER_NO_MAKE_KEY
+WOLFSSL_LIB
+WOLFSSL_LMS_CACHE_BITS
+WOLFSSL_LMS_FULL_HASH
+WOLFSSL_LMS_LARGE_CACHES
+WOLFSSL_LMS_MAX_HEIGHT
+WOLFSSL_LMS_MAX_LEVELS
+WOLFSSL_LMS_NO_SIG_CACHE
+WOLFSSL_LMS_ROOT_LEVELS
+WOLFSSL_LPC43xx
+WOLFSSL_MAKE_SYSTEM_NAME_LINUX
+WOLFSSL_MAKE_SYSTEM_NAME_WSL
+WOLFSSL_MDK5
+WOLFSSL_MEM_FAIL_COUNT
+WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+WOLFSSL_MLKEM_INVNTT_UNROLL
+WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+WOLFSSL_MLKEM_NO_LARGE_CODE
+WOLFSSL_MLKEM_NO_MALLOC
+WOLFSSL_MLKEM_NTT_UNROLL
+WOLFSSL_MONT_RED_CT
+WOLFSSL_MP_COND_COPY
+WOLFSSL_MP_INVMOD_CONSTANT_TIME
+WOLFSSL_MULTICIRCULATE_ALTNAMELIST
+WOLFSSL_NONBLOCK_OCSP
+WOLFSSL_NOSHA3_384
+WOLFSSL_NOT_WINDOWS_API
+WOLFSSL_NO_BIO_ADDR_IN
+WOLFSSL_NO_CLIENT
+WOLFSSL_NO_CLIENT_CERT_ERROR
+WOLFSSL_NO_COPY_CERT
+WOLFSSL_NO_COPY_KEY
+WOLFSSL_NO_CRL_DATE_CHECK
+WOLFSSL_NO_CRL_NEXT_DATE
+WOLFSSL_NO_DECODE_EXTRA
+WOLFSSL_NO_DER_TO_PEM
+WOLFSSL_NO_DH186
+WOLFSSL_NO_DTLS_SIZE_CHECK
+WOLFSSL_NO_ETM_ALERT
+WOLFSSL_NO_FENCE
+WOLFSSL_NO_FSEEK
+WOLFSSL_NO_INIT_CTX_KEY
+WOLFSSL_NO_ISSUERHASH_TDPEER
+WOLFSSL_NO_KCAPI_AES_CBC
+WOLFSSL_NO_KCAPI_HMAC_SHA1
+WOLFSSL_NO_KCAPI_HMAC_SHA224
+WOLFSSL_NO_KCAPI_HMAC_SHA256
+WOLFSSL_NO_KCAPI_HMAC_SHA384
+WOLFSSL_NO_KCAPI_HMAC_SHA512
+WOLFSSL_NO_KCAPI_SHA224
+WOLFSSL_NO_OCSP_DATE_CHECK
+WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
+WOLFSSL_NO_OCSP_OPTIONAL_CERTS
+WOLFSSL_NO_PUBLIC_FFDHE
+WOLFSSL_NO_RSA_KEY_CHECK
+WOLFSSL_NO_SERVER_GROUPS_EXT
+WOLFSSL_NO_SESSION_STATS
+WOLFSSL_NO_SIGALG
+WOLFSSL_NO_SOCKADDR_UN
+WOLFSSL_NO_SPHINCS
+WOLFSSL_NO_STRICT_CIPHER_SUITE
+WOLFSSL_NO_TICKET_EXPIRE
+WOLFSSL_NO_TRUSTED_CERTS_VERIFY
+WOLFSSL_NO_XOR_OPS
+WOLFSSL_NRF51_AES
+WOLFSSL_OLDTLS_AEAD_CIPHERSUITES
+WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+WOLFSSL_OLD_SET_CURVES_LIST
+WOLFSSL_OLD_TIMINGPADVERIFY
+WOLFSSL_OLD_UNSUPPORTED_EXTENSION
+WOLFSSL_OPTIONS_IGNORE_SYS
+WOLFSSL_PASSTHRU_ERR
+WOLFSSL_PB
+WOLFSSL_PEER_ADDRESS_CHANGES
+WOLFSSL_PKCS11_RW_TOKENS
+WOLFSSL_PRCONNECT_PRO
+WOLFSSL_PREFIX
+WOLFSSL_PSA_NO_AES
+WOLFSSL_PSA_NO_HASH
+WOLFSSL_PSA_NO_PKCB
+WOLFSSL_PSA_NO_PKCBS
+WOLFSSL_PSA_NO_RNG
+WOLFSSL_PSK_IDENTITY_ALERT
+WOLFSSL_PSK_ID_PROTECTION
+WOLFSSL_PSK_MULTI_ID_PER_CS
+WOLFSSL_PSK_TLS13_CB
+WOLFSSL_PSOC6_CRYPTO
+WOLFSSL_PYTHON
+WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY
+WOLFSSL_RENESAS_RA6M3
+WOLFSSL_RENESAS_RA6M3G
+WOLFSSL_RENESAS_RSIP
+WOLFSSL_RENESAS_RZN2L
+WOLFSSL_RENESAS_TLS
+WOLFSSL_RENESAS_TSIP_IAREWRX
+WOLFSSL_RSA_CHECK_D_ON_DECRYPT
+WOLFSSL_RSA_DECRYPT_TO_0_LEN
+WOLFSSL_RW_THREADED
+WOLFSSL_SAKKE_SMALL
+WOLFSSL_SAKKE_SMALL_MODEXP
+WOLFSSL_SE050_AUTO_ERASE
+WOLFSSL_SE050_CRYPT
+WOLFSSL_SE050_HASH
+WOLFSSL_SE050_INIT
+WOLFSSL_SE050_NO_RSA
+WOLFSSL_SE050_NO_TRNG
+WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
+WOLFSSL_SERVER_EXAMPLE
+WOLFSSL_SETTINGS_FILE
+WOLFSSL_SH224
+WOLFSSL_SHA256_ALT_CH_MAJ
+WOLFSSL_SHUTDOWNONCE
+WOLFSSL_SILABS_TRNG
+WOLFSSL_SM4_EBC
+WOLFSSL_SNIFFER_NO_RECOVERY
+WOLFSSL_SP_ARM32_UDIV
+WOLFSSL_SP_DH
+WOLFSSL_SP_FAST_NCT_EXPTMOD
+WOLFSSL_SP_INT_SQR_VOLATILE
+WOLFSSL_STACK_CHECK
+WOLFSSL_STM32F427_RNG
+WOLFSSL_STM32_RNG_NOLIB
+WOLFSSL_STRONGEST_HASH_SIG
+WOLFSSL_STSAFE_TAKES_SLOT
+WOLFSSL_TELIT_M2MB
+WOLFSSL_TEMPLATE_EXAMPLE
+WOLFSSL_THREADED_CRYPT
+WOLFSSL_TICKET_DECRYPT_NO_CREATE
+WOLFSSL_TICKET_ENC_AES128_GCM
+WOLFSSL_TICKET_ENC_AES256_CBC
+WOLFSSL_TICKET_ENC_AES256_GCM
+WOLFSSL_TICKET_ENC_CBC_HMAC
+WOLFSSL_TICKET_ENC_CHACHA20_POLY1305
+WOLFSSL_TICKET_ENC_HMAC_SHA384
+WOLFSSL_TICKET_ENC_HMAC_SHA512
+WOLFSSL_TI_CURRTIME
+WOLFSSL_TLS13_DRAFT
+WOLFSSL_TLS13_IGNORE_AEAD_LIMITS
+WOLFSSL_TLS13_SHA512
+WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
+WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY
+WOLFSSL_TRACK_MEMORY_FULL
+WOLFSSL_TRAP_MALLOC_SZ
+WOLFSSL_UNALIGNED_64BIT_ACCESS
+WOLFSSL_USER_FILESYSTEM
+WOLFSSL_USER_LOG
+WOLFSSL_USER_MUTEX
+WOLFSSL_USER_THREADING
+WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW
+WOLFSSL_USE_FLASHMEM
+WOLFSSL_USE_OPTIONS_H
+WOLFSSL_USE_POPEN_HOST
+WOLFSSL_VALIDATE_DH_KEYGEN
+WOLFSSL_WC_XMSS_NO_SHA256
+WOLFSSL_WC_XMSS_NO_SHAKE256
+WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME
+WOLFSSL_X509_STORE_CERTS
+WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK
+WOLFSSL_XFREE_NO_NULLNESS_CHECK
+WOLFSSL_XILINX_CRYPTO_OLD
+WOLFSSL_XILINX_PATCH
+WOLFSSL_XIL_MSG_NO_SLEEP
+WOLFSSL_XMSS_LARGE_SECRET_KEY
+WOLFSSL_ZEPHYR
+WOLF_ALLOW_BUILTIN
+WOLF_CRYPTO_CB_CMD
+WOLF_CRYPTO_CB_FIND
+WOLF_CRYPTO_CB_ONLY_ECC
+WOLF_CRYPTO_CB_ONLY_RSA
+WOLF_CRYPTO_DEV
+WOLF_NO_TRAILING_ENUM_COMMAS
+XGETPASSWD
+XMSS_CALL_PRF_KEYGEN
+XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_CORTEXA72_0_TIMESTAMP_CLK_FREQ
+XSECURE_CACHE_DISABLE
+_ABI64
+_ABIO64
+_ARCH_PPC64
+_COMPILER_VERSION
+_INTPTR_T_DECLARED
+_LP64
+_MSC_VER
+_MSVC_LANG
+_M_ARM64
+_M_X64
+_NETOS
+_POSIX_C_SOURCE
+_SDCC_VERSION_PATCHLEVEL
+_SH3
+_SILICON_LABS_SECURITY_FEATURE
+_SOCKLEN_T
+_SYS_DEVCON_LOCAL_H
+_TIME_HELPER_H
+_UINTPTR_T_DECLARED
+_WIN32
+_WIN32_WCE
+_WIN64
+_XOPEN_SOURCE_EXTENDED
+__32MZ2048ECH144__
+__32MZ2048ECM144__
+__32MZ2048EFM144__
+__ANDROID__
+__APPLE__
+__ARCH_STRCASECMP_NO_REDIRECT
+__ARCH_STRCMP_NO_REDIRECT
+__ARCH_STRNCASECMP_NO_REDIRECT
+__ARCH_STRNCAT_NO_REDIRECT
+__ARCH_STRNCMP_NO_REDIRECT
+__ARCH_STRNCPY_NO_REDIRECT
+__ARCH_STRSTR_NO_REDIRECT
+__ARM_ARCH_7M__
+__ARM_FEATURE_CRYPTO
+__ASSEMBLER__
+__ATOMIC_RELAXED
+__AVR__
+__BCPLUSPLUS__
+__BIG_ENDIAN__
+__BORLANDC__
+__CCRX__
+__COMPILER_VER__
+__COUNTER__
+__CYGWIN__
+__DATE__
+__DCACHE_PRESENT
+__DCC__
+__DECC_VER
+__ELF__
+__EMSCRIPTEN__
+__FPU_PRESENT
+__FreeBSD__
+__GLIBC__
+__GNUC_MINOR__
+__GNUC__
+__HP_cc
+__IAR_SYSTEMS_ICC__
+__ICCARM__
+__ILP32__
+__INCLUDE_NUTTX_CONFIG_H
+__INTEGRITY
+__INTEL_COMPILER
+__KEIL__
+__KEY_DATA_H__
+__LINUX__
+__LP64
+__LP64__
+__MACH__
+__MICROBLAZE__
+__MINGW32__
+__MINGW64_VERSION_MAJOR
+__MINGW64__
+__MWERKS__
+__NT__
+__OS2__
+__OpenBSD__
+__PIE__
+__POWERPC__
+__PPC__
+__PPU
+__QNXNTO__
+__QNX__
+__ROPI__
+__SAM3A4C__
+__SAM3A8C__
+__SAM3A8H__
+__SAM3X4C__
+__SAM3X4E__
+__SAM3X8C__
+__SAM3X8E__
+__SANITIZE_ADDRESS__
+__SDCC_VERSION_MAJOR
+__SDCC_VERSION_MINOR
+__SDCC_VERSION_PATCH
+__SIZEOF_INT128__
+__SIZEOF_LONG_LONG__
+__STDC_VERSION__
+__STDC__
+__STM32__
+__STRICT_ANSI__
+__SUNPRO_C
+__SUNPRO_CC
+__SVR4
+__TI_COMPILER_VERSION__
+__TURBOC__
+__UNIX__
+__USE_GNU
+__USE_MISC
+__USE_XOPEN2K
+__WATCOMC__
+__WATCOM_INT64__
+__XC32
+__XTENSA__
+__aarch64__
+__alpha__
+__arch64__
+__arm__
+__clang__
+__clang_major__
+__cplusplus
+__ghc__
+__ghs__
+__hpux__
+__i386
+__i386__
+__ia64__
+__linux__
+__llvm__
+__mips
+__mips64
+__must_check
+__ppc64__
+__ppc__
+__riscv
+__riscv_xlen
+__s390x__
+__sparc
+__sparc64__
+__sun
+__svr4__
+__thumb__
+__ti__
+__x86_64__
+byte
+configTICK_RATE_HZ
+fallthrough
+noinline
+ssize_t
+sun
+versal
+wc_Tls13_HKDF_Expand_Label
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 58b7ccea1..cdfe1d256 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
      You must delete them, or cmake will refuse to work.")
 endif()
 
-project(wolfssl VERSION 5.7.2 LANGUAGES C ASM)
+project(wolfssl VERSION 5.7.6 LANGUAGES C ASM)
 
 # Set WOLFSSL_ROOT if not already defined
 if ("${WOLFSSL_ROOT}" STREQUAL "")
@@ -49,11 +49,11 @@ endif()
 
 # shared library versioning
 # increment if interfaces have been removed or changed
-set(WOLFSSL_LIBRARY_VERSION_FIRST 42)
+set(WOLFSSL_LIBRARY_VERSION_FIRST 43)
 
 # increment if interfaces have been added
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
-set(WOLFSSL_LIBRARY_VERSION_SECOND 2)
+set(WOLFSSL_LIBRARY_VERSION_SECOND 0)
 
 # increment if source code has changed
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
@@ -125,12 +125,16 @@ check_function_exists("socket" HAVE_SOCKET)
 check_function_exists("strftime" HAVE_STRFTIME)
 check_function_exists("__atomic_fetch_add" HAVE_C___ATOMIC)
 
+include(CheckSymbolExists)
+check_symbol_exists(isascii "ctype.h" HAVE_ISASCII)
+
 include(CheckTypeSize)
 
 check_type_size("__uint128_t" __UINT128_T)
 check_type_size("long long" SIZEOF_LONG_LONG)
 check_type_size("long" SIZEOF_LONG)
 check_type_size("time_t" SIZEOF_TIME_T)
+check_type_size("uintptr_t" HAVE_UINTPTR_T)
 
 # By default, HAVE___UINT128_T gets defined as TRUE,
 # but we want it as 1.
@@ -152,9 +156,14 @@ endif()
 # Thread local storage
 include(CheckCSourceCompiles)
 
-set(TLS_KEYWORDS "__thread" "__declspec(thread)")
-foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
-    set(TLS_CODE "#include <stdlib.h>
+if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
+    if(CMAKE_SYSTEM_NAME STREQUAL "Windows")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
+    endif()
+else()
+    set(TLS_KEYWORDS "__thread" "__declspec(thread)")
+    foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
+        set(TLS_CODE "#include <stdlib.h>
                   static void foo(void) {
                      static ${TLS_KEYWORD} int bar\;
                      exit(1)\;
@@ -163,21 +172,22 @@ foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
                   int main() {
                     return 0\;
                   }"
-    )
-    check_c_source_compiles(${TLS_CODE} THREAD_LS_ON)
+        )
+        check_c_source_compiles(${TLS_CODE} THREAD_LS_ON)
 
-    if(THREAD_LS_ON)
-        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
-        break()
-    else()
-        # THREAD_LS_ON is cached after each call to
-        # check_c_source_compiles, and the function
-        # won't run subsequent times if the variable
-        # is in the cache. To make it run again, we
-        # need to remove the variable from the cache.
-        unset(THREAD_LS_ON CACHE)
-    endif()
-endforeach()
+        if(THREAD_LS_ON)
+            list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
+            break()
+        else()
+            # THREAD_LS_ON is cached after each call to
+            # check_c_source_compiles, and the function
+            # won't run subsequent times if the variable
+            # is in the cache. To make it run again, we
+            # need to remove the variable from the cache.
+            unset(THREAD_LS_ON CACHE)
+        endif()
+    endforeach()
+endif()
 
 # TODO: AX_PTHREAD does a lot. Need to implement the
 #       rest of its logic.
@@ -197,13 +207,20 @@ find_package(Threads)
 # Example for map file and custom linker script
 #set(CMAKE_EXE_LINKER_FLAGS " -Xlinker -Map=output.map -T\"${CMAKE_CURRENT_SOURCE_DIR}/linker.ld\"")
 
+message(STATUS "C Compiler ID: ${CMAKE_C_COMPILER_ID}")
+
 if(DEFINED WARNING_C_FLAGS)
-set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
+    set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
+endif()
+
+if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wx -wcd=202")
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MIN -DWOLFSSL_HAVE_MAX -DNO_WRITEV")
 elseif(WIN32)
-# Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
-set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
+    # Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
+    set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
 else()
-set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}")
+    set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}")
 endif()
 
 ####################################################
@@ -280,9 +297,7 @@ if(NOT WOLFSSL_SINGLE_THREADED)
     if(CMAKE_USE_PTHREADS_INIT)
         list(APPEND WOLFSSL_LINK_LIBS Threads::Threads)
         set(HAVE_PTHREAD 1)
-        list(APPEND WOLFSSL_DEFINITIONS
-            "-DHAVE_PTHREAD"
-            "-D_POSIX_THREADS")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PTHREAD")
     endif()
 else()
     list(APPEND WOLFSSL_DEFINITIONS "-DSINGLE_THREADED")
@@ -419,16 +434,17 @@ if(WOLFSSL_CURL)
     set(WOLFSSL_MD4 "yes")
     set(WOLFSSL_DES3 "yes")
     set(WOLFSSL_ALPN "yes")
+    set(WOLFSSL_WOLFSSH "yes")
     set(WOLFSSL_OPENSSLEXTRA "yes")
     set(WOLFSSL_CRL "yes")
     set(WOLFSSL_OCSP "yes")
     set(WOLFSSL_OCSPSTAPLING "yes")
     set(WOLFSSL_OCSPSTAPLING_V2 "yes")
+    # Note: OCSP sets requisite HAVE_TLS_EXTENSIONS and HAVE_CERTIFICATE_STATUS_REQUEST(_V2)
     set(WOLFSSL_SNI "yes")
     set(WOLFSSL_ALT_CERT_CHAINS "yes")
     set(WOLFSSL_IP_ALT_NAME "yes")
     set(WOLFSSL_SESSION_TICKET "yes")
-    set(WOLFSSL_WOLFSSH "yes")
     list(APPEND WOLFSSL_DEFINITIONS
         "-DNO_SESSION_CACHE_REF" "-DWOLFSSL_DES_ECB")
 endif()
@@ -556,9 +572,9 @@ add_option(WOLFSSL_OQS
     "Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)"
     "no" "yes;no")
 
-# Kyber
-add_option(WOLFSSL_KYBER
-    "Enable the wolfSSL PQ Kyber library (default: disabled)"
+# ML-KEM/Kyber
+add_option(WOLFSSL_MMLKEM
+    "Enable the wolfSSL PQ ML-KEM library (default: disabled)"
     "no" "yes;no")
 
 # Experimental features
@@ -607,8 +623,8 @@ if (WOLFSSL_EXPERIMENTAL)
         set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
 
         message(STATUS "Automatically set related requirements for Kyber:")
-        set_wolfssl_definitions("WOLFSSL_HAVE_KYBER" RESUlT)
-        set_wolfssl_definitions("WOLFSSL_WC_KYBER"   RESUlT)
+        set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESUlT)
+        set_wolfssl_definitions("WOLFSSL_WC_MLKEM"   RESUlT)
         set_wolfssl_definitions("WOLFSSL_SHA3"       RESUlT)
         set_wolfssl_definitions("WOLFSSL_SHAKE128"   RESUlT)
         set_wolfssl_definitions("WOLFSSL_SHAKE256"   RESUlT)
@@ -642,6 +658,16 @@ else()
     endif()
 endif()
 
+# LMS
+add_option(WOLFSSL_LMS
+    "Enable the wolfSSL LMS implementation (default: disabled)"
+    "no" "yes;no")
+
+# XMSS
+add_option(WOLFSSL_XMSS
+    "Enable the wolfSSL XMSS implementation (default: disabled)"
+    "no" "yes;no")
+
 # TODO: - Lean PSK
 #       - Lean TLS
 #       - Low resource
@@ -655,8 +681,6 @@ endif()
 #       - Atomic user record layer
 #       - Public key callbacks
 #       - Microchip/Atmel CryptoAuthLib
-#       - XMSS
-#       - LMS
 #       - dual-certs
 
 # AES-CBC
@@ -731,7 +755,8 @@ add_option("WOLFSSL_AESCTR"
 
 if(WOLFSSL_OPENVPN OR
    WOLFSSL_LIBSSH2 OR
-   WOLFSSL_AESSIV)
+   WOLFSSL_AESSIV OR
+   WOLFSSL_CLU)
     override_cache(WOLFSSL_AESCTR "yes")
 endif()
 
@@ -871,7 +896,7 @@ endif()
 #       - SEP
 
 add_option("WOLFSSL_KEYGEN"
-    "Enable key generation (default: disabled)])"
+    "Enable key generation (default: disabled)"
     "no" "yes;no")
 
 add_option("WOLFSSL_CERTGEN"
@@ -945,13 +970,29 @@ if(WOLFSSL_ECC)
     endif()
 endif()
 
-# TODO: - ECC custom curves
-#       - Compressed key
+# TODO: - Compressed key
 #       - FP ECC, fixed point cache ECC
 #       - ECC encrypt
 #       - PSK
 #       - Single PSK identity
 
+# ECC custom curves
+add_option("WOLFSSL_ECCCUSTCURVES"
+    "Enable ECC Custom Curves (default: disabled)"
+    "no" "yes;no;all")
+
+if(WOLFSSL_ECCCUSTCURVES)
+    if("${WOLFSSL_ECCCUSTCURVES}" STREQUAL "all")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR2")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR3")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_BRAINPOOL")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_KOBLITZ")
+        list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_CDH")
+    endif()
+
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CUSTOM_CURVES")
+endif()
+
 # CURVE25519
 set(WOLFSSL_CURVE25519_SMALL "no")
 add_option("WOLFSSL_CURVE25519"
@@ -982,7 +1023,7 @@ add_option("WOLFSSL_ED25519"
     "Enable ED25519 (default: disabled)"
     "no" "yes;no")
 
-if(WOLFSSL_OPENSSH)
+if(WOLFSSL_OPENSSH OR WOLFSSL_CLU)
     override_cache(WOLFSSL_ED25519 "yes")
 endif()
 
@@ -1112,8 +1153,7 @@ if(NOT WOLFSSL_MEMORY)
 else()
     # turn off memory cb if leanpsk or leantls on
     if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
-        # but don't turn on NO_WOLFSSL_MEMORY because using own
-        override_cache(WOLFSSL_MEMORY "no")
+        list(APPEND WOLFSSL_DEFINITIONS "-DNO_WOLFSSL_MEMORY")
     endif()
 endif()
 
@@ -1658,6 +1698,9 @@ add_option(WOLFSSL_PKCS7 ${WOLFSSL_PKCS7_HELP_STRING} "no" "yes;no")
 set(WOLFSSL_TPM_HELP_STRING "Enable wolfTPM options (default: disabled)")
 add_option(WOLFSSL_TPM ${WOLFSSL_TPM_HELP_STRING} "no" "yes;no")
 
+set(WOLFSSL_CLU_HELP_STRING "Enable wolfCLU options (default: disabled)")
+add_option(WOLFSSL_CLU ${WOLFSSL_CLU_HELP_STRING} "no" "yes;no")
+
 set(WOLFSSL_AESKEYWRAP_HELP_STRING "Enable AES key wrap support (default: disabled)")
 add_option(WOLFSSL_AESKEYWRAP ${WOLFSSL_AESKEYWRAP_HELP_STRING} "no" "yes;no")
 
@@ -2002,6 +2045,25 @@ if(WOLFSSL_TPM)
     override_cache(WOLFSSL_AESCFB   "yes")
 endif()
 
+if(WOLFSSL_CLU)
+    override_cache(WOLFSSL_CERTGEN  "yes")
+    override_cache(WOLFSSL_CERTREQ  "yes")
+    override_cache(WOLFSSL_CERTEXT  "yes")
+    override_cache(WOLFSSL_MD5      "yes")
+    override_cache(WOLFSSL_AESCTR   "yes")
+    override_cache(WOLFSSL_KEYGEN   "yes")
+    override_cache(WOLFSSL_OPENSSLALL "yes")
+    override_cache(WOLFSSL_ED25519  "yes")
+    override_cache(WOLFSSL_SHA512   "yes")
+    override_cache(WOLFSSL_DES3     "yes")
+    override_cache(WOLFSSL_PKCS7    "yes")
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_OID_ENCODING" "-DWOLFSSL_NO_ASN_STRICT" "-DWOLFSSL_ALT_NAMES")
+    # Add OPENSSL_ALL definition to ensure OpenSSL compatibility functions are available
+    list(APPEND WOLFSSL_DEFINITIONS "-DOPENSSL_ALL")
+    # Remove NO_DES3 from WOLFSSL_DEFINITIONS to ensure DES3 is enabled
+    list(REMOVE_ITEM WOLFSSL_DEFINITIONS "-DNO_DES3")
+endif()
+
 if(WOLFSSL_AESCFB)
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_CFB")
 endif()
@@ -2261,6 +2323,18 @@ if (ENABLE_SCCACHE AND (NOT WOLFSSL_SCCACHE_ALREADY_SET_FLAG))
     endif()
 endif()
 
+add_option("WOLFSSL_KEYLOG_EXPORT"
+    "Enable insecure export of TLS secrets to an NSS keylog file (default: disabled)"
+    "no" "yes;no")
+if(WOLFSSL_KEYLOG_EXPORT)
+    message(WARNING "Keylog export enabled -- Sensitive key data will be stored insecurely.")
+    list(APPEND WOLFSSL_DEFINITIONS
+        "-DSHOW_SECRETS"
+        "-DHAVE_SECRET_CALLBACK"
+        "-DWOLFSSL_SSLKEYLOGFILE"
+        "-DWOLFSSL_KEYLOG_EXPORT_WARNED")
+endif()
+
 
 file(REMOVE ${OPTION_FILE})
 
@@ -2391,17 +2465,24 @@ target_include_directories(wolfssl
 
 target_link_libraries(wolfssl PUBLIC ${WOLFSSL_LINK_LIBS})
 
-if(WIN32)
-    # For Windows link ws2_32
+if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
+    if(CMAKE_SYSTEM_NAME STREQUAL "Windows")
+        target_link_libraries(wolfssl PUBLIC ws2_32 crypt32)
+    endif()
+elseif (WIN32 OR ${CMAKE_SYSTEM_NAME} MATCHES "^MSYS" OR ${CMAKE_SYSTEM_NAME} MATCHES "^MINGW")
+    # For Windows link required libraries
+    message("Building on Windows/MSYS/MINGW")
     target_link_libraries(wolfssl PUBLIC
-        $<$<PLATFORM_ID:Windows>:ws2_32 crypt32>)
+        ws2_32 crypt32 advapi32)
 elseif(APPLE)
+    message("Building on Apple")
     if(WOLFSSL_SYS_CA_CERTS)
         target_link_libraries(wolfssl PUBLIC
             ${CORE_FOUNDATION_FRAMEWORK}
             ${SECURITY_FRAMEWORK})
     endif()
 else()
+    message("Building on Linux (or other)")
     if(WOLFSSL_DH AND NOT WOLFSSL_DH_CONST)
         # DH requires math (m) library
         target_link_libraries(wolfssl
@@ -2458,7 +2539,9 @@ if(WOLFSSL_EXAMPLES)
         add_executable(tls_bench
             ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c)
         target_link_libraries(tls_bench wolfssl)
-        target_link_libraries(tls_bench Threads::Threads)
+        if(CMAKE_USE_PTHREADS_INIT)
+            target_link_libraries(tls_bench Threads::Threads)
+        endif()
         set_property(TARGET tls_bench
                  PROPERTY RUNTIME_OUTPUT_DIRECTORY
                  ${WOLFSSL_OUTPUT_BASE}/examples/benchmark)
@@ -2467,19 +2550,65 @@ if(WOLFSSL_EXAMPLES)
     # Build unit tests
     add_executable(unit_test
         tests/api.c
-        tests/hash.c
+        tests/api/test_md2.c
+        tests/api/test_md4.c
+        tests/api/test_md5.c
+        tests/api/test_sha.c
+        tests/api/test_sha256.c
+        tests/api/test_sha512.c
+        tests/api/test_sha3.c
+        tests/api/test_blake2.c
+        tests/api/test_sm3.c
+        tests/api/test_ripemd.c
+        tests/api/test_hash.c
+        tests/api/test_hmac.c
+        tests/api/test_cmac.c
+        tests/api/test_des3.c
+        tests/api/test_chacha.c
+        tests/api/test_poly1305.c
+        tests/api/test_chacha20_poly1305.c
+        tests/api/test_camellia.c
+        tests/api/test_arc4.c
+        tests/api/test_rc2.c
+        tests/api/test_aes.c
+        tests/api/test_ascon.c
+        tests/api/test_sm4.c
+        tests/api/test_wc_encrypt.c
+        tests/api/test_random.c
+        tests/api/test_wolfmath.c
+        tests/api/test_rsa.c
+        tests/api/test_dsa.c
+        tests/api/test_dh.c
+        tests/api/test_ecc.c
+        tests/api/test_sm2.c
+        tests/api/test_curve25519.c
+        tests/api/test_ed25519.c
+        tests/api/test_curve448.c
+        tests/api/test_ed448.c
+        tests/api/test_mlkem.c
+        tests/api/test_mldsa.c
+        tests/api/test_signature.c
+        tests/api/test_dtls.c
+        tests/api/test_ocsp.c
+        tests/api/test_evp.c
+        tests/api/test_tls_ext.c
         tests/srp.c
         tests/suites.c
         tests/w64wrapper.c
         tests/unit.c
         tests/quic.c
+        tests/utils.c
+        testsuite/utils.c
         examples/server/server.c
-        examples/client/client.c)
+        examples/client/client.c
+        wolfcrypt/test/test.c)
     target_include_directories(unit_test PRIVATE
         ${CMAKE_CURRENT_BINARY_DIR})
     target_compile_options(unit_test PUBLIC "-DNO_MAIN_DRIVER")
     target_link_libraries(unit_test wolfssl)
-    target_link_libraries(unit_test Threads::Threads)
+    if(CMAKE_USE_PTHREADS_INIT)
+        target_link_libraries(unit_test Threads::Threads)
+    endif()
     set_property(TARGET unit_test
                  PROPERTY RUNTIME_OUTPUT_DIRECTORY
                  ${WOLFSSL_OUTPUT_BASE}/tests/)
@@ -2729,14 +2858,17 @@ if(WOLFSSL_INSTALL)
     set(includedir "\${prefix}/include")
     set(VERSION ${PROJECT_VERSION})
 
-    # Setting libm in Libs.private of wolfssl.pc.
-    # See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
-    get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
-    list(FIND _wolfssl_dep_libs m _dep_libm)
-    if ("${_dep_libm}" GREATER -1)
-      set(LIBM -lm)
+    if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
     else()
-      set(LIBM)
+        # Setting libm in Libs.private of wolfssl.pc.
+        # See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
+        get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
+        list(FIND _wolfssl_dep_libs m _dep_libm)
+        if ("${_dep_libm}" GREATER -1)
+            set(LIBM -lm)
+        else()
+            set(LIBM)
+        endif()
     endif()
 
     configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)
diff --git a/ChangeLog.md b/ChangeLog.md
index 0939a6594..0b32346c6 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,322 @@
+# wolfSSL Release 5.7.6 (Dec 31, 2024)
+
+Release 5.7.6 has been developed according to wolfSSL's development and QA
+process (see link below) and successfully passed the quality criteria.
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
+
+NOTE:
+ * --enable-heapmath is deprecated.
+ * In this release, the default cipher suite preference is updated to prioritize
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
+ * This release adds a sanity check for including wolfssl/options.h or
+ user_settings.h.
+
+
+PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+ number where the code change was added.
+
+
+## Vulnerabilities
+* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
+ when performing OCSP requests for intermediate certificates in a certificate
+ chain. This affects only TLS 1.3 connections on the server side. It would not
+ impact other TLS protocol versions or connections that are not using the
+ traditional OCSP implementation. (Fix in pull request 8115)
+
+
+## New Feature Additions
+* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
+ (PR 8153)
+* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
+ for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
+* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
+* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
+* Curve25519 generic keyparsing API added with  wc_Curve25519KeyToDer and
+ wc_Curve25519KeyDecode (PR 8129)
+* CRL improvements and update callback, added the functions
+ wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
+* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
+
+
+## Enhancements and Optimizations
+* Add a CMake dependency check for pthreads when required. (PR 8162)
+* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
+ not affected). (PR 8170)
+* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
+* Change the default cipher suite preference, prioritizing
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
+* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
+ (PR 8215)
+* Make library build when no hardware crypto available for Aarch64 (PR 8293)
+* Update assembly code to avoid `uint*_t` types for better compatibility with
+ older C standards. (PR 8133)
+* Add initial documentation for writing ASN template code to decode BER/DER.
+ (PR 8120)
+* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
+* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
+ MacOS builds (PR 8282)
+* Make Kyber and ML-KEM available individually and together. (PR 8143)
+* Update configuration options to include Kyber/ML-KEM and fix defines used in
+ wolfSSL_get_curve_name. (PR 8183)
+* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
+* Improved test coverage and minor improvements of X509 (PR 8176)
+* Add sanity checks for configuration methods, ensuring the inclusion of
+ wolfssl/options.h or user_settings.h. (PR 8262)
+* Enable support for building without TLS (NO_TLS). Provides reduced code size
+ option for non-TLS users who want features like the certificate manager or
+ compatibility layer. (PR 8273)
+* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
+* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
+* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
+* Add support for the RFC822 Mailbox attribute (PR 8280)
+* Initialize variables and adjust types resolve warnings with Visual Studio in
+ Windows builds. (PR 8181)
+* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
+* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
+ (PR 8261, 8255, 8245)
+* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
+* Update Arduino files for wolfssl 5.7.4 (PR 8219)
+* Improve Espressif SHA HW/SW mutex messages (PR 8225)
+* Apply post-5.7.4 release updates for Espressif Managed Component examples
+ (PR 8251)
+* Expansion of c89 conformance (PR 8164)
+* Added configure option for additional sanity checks with --enable-faultharden
+ (PR 8289)
+* Aarch64 ASM additions to check CPU features before hardware crypto instruction
+ use (PR 8314)
+
+
+## Fixes
+* Fix a memory issue when using the compatibility layer with
+ WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
+* Fix a build issue with signature fault hardening when using public key
+ callbacks (HAVE_PK_CALLBACKS). (PR 8287)
+* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
+ objects and free’ing one of them (PR 8180)
+* Fix potential memory leak in error case with Aria. (PR 8268)
+* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
+* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
+* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
+* Fix incorrect version setting in CSRs. (PR 8136)
+* Correct debugging output for cryptodev. (PR 8202)
+* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
+ of AAD (PR 8210)
+* Add missing checks for the initialization of sp_int/mp_int with DSA to free
+ memory properly in error cases. (PR 8209)
+* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
+* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
+* Prevent adding a certificate to the CA cache for Renesas builds if it does not
+ set CA:TRUE in basic constraints. (PR 8060)
+* Fix attribute certificate holder entityName parsing. (PR 8166)
+* Resolve build issues for configurations without any wolfSSL/openssl
+ compatibility layer headers. (PR 8182)
+* Fix for building SP RSA small and RSA public only (PR 8235)
+* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
+* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
+ for building all `*.c` files (PR 8257 and PR 8140)
+* Fix x86 target build issues in Visual Studio for non-Windows operating
+ systems. (PR 8098)
+* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
+* Properly handle reference counting when adding to the X509 store. (PR 8233)
+* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
+ example. Thanks to Hongbo for the report on example issues. (PR 7537)
+* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
+ Thanks to Peter for the issue reported. (PR 8139)
+
+
+# wolfSSL Release 5.7.4 (Oct 24, 2024)
+
+Release 5.7.4 has been developed according to wolfSSL's development and QA
+process (see link below) and successfully passed the quality criteria.
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
+
+NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
+
+PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+ number where the code change was added.
+
+
+## Vulnerabilities
+* [Low] When the OpenSSL compatibility layer is enabled, certificate
+ verification behaved differently in wolfSSL than OpenSSL, in the
+ X509_STORE_add_cert() and X509_STORE_load_locations() implementations.
+ Previously, in cases where an application explicitly loaded an intermediate
+ certificate, wolfSSL was verifying only up to that intermediate certificate,
+ rather than verifying up to the root CA. This only affects use cases where the
+ API is called directly, and does not affect TLS connections. Users that call
+ the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
+ applications are recommended to update the version of wolfSSL used or to have
+ additional sanity checks on certificates loaded into the X509_STORE when
+ verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
+
+
+## PQC TLS Experimental Build Fix
+* When using TLS with post quantum algorithms enabled, the connection uses a
+ smaller EC curve than agreed on. Users building with --enable-experimental and
+ enabling PQC cipher suites with TLS connections are recommended to update the
+ version of wolfSSL used. Thanks to Daniel Correa for the report.
+ (https://github.com/wolfSSL/wolfssl/pull/8084)
+
+
+## New Feature Additions
+* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20,
+ Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916)
+* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995)
+* Add support for (DevkitPro)libnds (PR 7990)
+* Add port for Mosquitto OSP (Open Source Project) (PR 6460)
+* Add port for init sssd (PR 7781)
+* Add port for eXosip2 (PR 7648)
+* Add support for STM32G4 (PR 7997)
+* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback
+ Support (PR 7777)
+* Add support for building wolfSSL to be used in libspdm (PR 7869)
+* Add port for use with Nucleus Plus 2.3 (PR 7732)
+* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
+ --enable-acert (PR 7926)
+* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
+ (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
+ (PR 7750)
+* Added “new” and “delete” style functions for heap/pool allocation and freeing
+ of low level crypto structures (PR 3166 and 8089)
+
+
+## Enhancements and Optimizations
+* Increase default max alt. names from 128 to 1024 (PR 7762)
+* Added new constant time DH agree function wc_DhAgree_ct (PR 7802)
+* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804)
+* Add option to disable cryptocb test software test using
+ --disable-cryptocb-sw-test (PR 7862)
+* Add a call to certificate verify callback before checking certificate dates
+ (PR 7895)
+* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding
+ support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and
+ Hashing (PR 3166)
+* Expand MMCAU support for use with DES ECB (PR 7960)
+* Update AES SIV to handle multiple associated data inputs (PR 7911)
+* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811)
+* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839)
+* Set RSA_MIN_SIZE default to 2048 bits (PR 7923)
+* Added support for wolfSSL to be used as the default TLS in the zephyr kernel
+ (PR 7731)
+* Add enable provider build using --enable-wolfprovider with autotools (PR 7550)
+* Renesas RX TSIP ECDSA support (PR 7685)
+* Support DTLS1.3 downgrade when the server supports CID (PR 7841)
+* Server-side checks OCSP even if it uses v2 multi (PR 7828)
+* Add handling of absent hash params in PKCS7 bundle parsing and creation
+ (PR 7845)
+* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in
+ environments that do not have a word64 type (PR 7759)
+* Update to the maxq10xx support (PR 7824)
+* Add support for parsing over optional PKCS8 attributes (PR 7944)
+* Add support for either side method with DTLS 1.3 (PR 8012)
+* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704)
+* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962)
+* Add left-most wildcard matching support to X509_check_host() (PR 7966)
+* Add option to set custom SKID with PKCS7 bundle creation (PR 7954)
+* Building wolfSSL as a library with Ada and corrections to Alire manifest
+ (PR 7303,7940)
+* Renesas RX72N support updated (PR 7849)
+* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object
+ (PR 8005)
+* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each
+ SSL object (PR 7867)
+* Add an option to use AES-CBC with HMAC for default session ticket enc/dec.
+ Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703)
+* Memory usage improvements in wc_PRF, sha256 (for small code when many
+ registers are available) and sp_int objects (PR 7901)
+* Change in the configure script to work around ">>" with no command. In older
+ /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876)
+* Don't attempt to include system headers when not required (PR 7813)
+* Certificates: DER encoding of ECC signature algorithm parameter is now
+ allowed to be NULL with a define (PR 7903)
+* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
+* Update rx64n support on gr-rose (PR 7889)
+* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
+* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
+* Add a new crypto callback for RSA with padding (PR 7907)
+* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
+ (PR 7924)
+* Modernized memory fence support for C11 and clang (PR 7938)
+* Add a CRL error override callback (PR 7986)
+* Extend the X509 unknown extension callback for use with a user context
+ (PR 7730)
+* Additional debug error tracing added with TLS (PR 7917)
+* Added runtime support for library call stack traces with
+ –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
+* Expanded C89 conformance (PR 8077)
+* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
+* Added support for cross-compilation of Linux kernel module (PR 7746)
+* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
+* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
+ serial number of 0 (PR 7893)
+* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
+
+### Espressif / Arduino Updates
+* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
+* Update Espressif sha, util, mem, time helpers (PR 7955)
+* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
+* Improve benchmark for Espressif devices (PR 8037)
+* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
+* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
+ (PR 7936)
+* Update wolfssl Release for Arduino (PR 7775)
+
+### Post Quantum Crypto Updates
+* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
+* Dilithium: add option to use precalc with small sign (PR 7744)
+* Allow Kyber to be built with FIPS (PR 7788)
+* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
+* Dilithium, Kyber: Update to final specification (PR 7877)
+* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
+
+### ARM Assembly Optimizations
+* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
+* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
+* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
+* Adding ARM ASM build option to STM32CubePack (PR 7747)
+* Add ARM64 to Visual Studio Project (PR 8010)
+* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
+* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
+
+
+## Fixes
+* ECC key load: fixes for certificates with parameters that are not default for
+ size (PR 7751)
+* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
+* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
+ (PR 7812)
+* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
+* Fix for detecting older versions of Mac OS when trying to link with
+ libdispatch (PR 7932)
+* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
+ packets combined into a single transmission. (PR 7840)
+* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
+ (PR 7779)
+* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
+* Fix for staticmemory and singlethreaded build (PR 7737)
+* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
+* Fix to support PKCS11 without RSA key generation (PR 7738)
+* Fix not calling the signing callback when using PK callbacks + TLS 1.3
+ (PR 7761)
+* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
+* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
+* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
+* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
+ (PR 7742)
+* Use max key length for PSK encrypt buffer size (PR 7707)
+* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
+* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
+* Fix CMake build error for curl builds (PR 8021)
+* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
+* SSL loading of keys/certs: testing and fixes (PR 7789)
+* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
+* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
+* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
+* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
+* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
+ (PR 8099)
+
+
 # wolfSSL Release 5.7.2 (July 08, 2024)
 
 Release 5.7.2 has been developed according to wolfSSL's development and QA
@@ -220,7 +539,7 @@ fixed this omission in several PRs for this release.
 
 * [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
 
-* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
+* [Low] CVE-2024-1543: A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
 
 * [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
 
@@ -874,9 +1193,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
 
 ## Enhancements
 * DTLSv1.3: Do HRR Cookie exchange by default
-* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API 
-* Update ide win10 build files to add missing sp source files 
-* Improve Workbench docs 
+* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
+* Update ide win10 build files to add missing sp source files
+* Improve Workbench docs
 * Improve EVP support for CHACHA20_POLY1305
 * Improve `wc_SetCustomExtension` documentation
 * RSA-PSS with OCSP and add simple OCSP response DER verify test case
@@ -884,23 +1203,23 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
 * Don't over-allocate memory for DTLS fragments
 * Add WOLFSSL_ATECC_TFLXTLS for Atmel port
 * SHA-3 performance improvements with x86_64 assembly
-* Add code to fallback to S/W if TSIP cannot handle 
+* Add code to fallback to S/W if TSIP cannot handle
 * Improves entropy with VxWorks
 * Make time in milliseconds 64-bits for longer session ticket lives
 * Support for setting cipher list with bytes
 * wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements
 * Add to RSAES-OAEP key parsing for pkcs7
 * Add missing DN nid to work with PrintName()
-* SP int: default to 16 bit word size when NO_64BIT defined 
+* SP int: default to 16 bit word size when NO_64BIT defined
 * Limit the amount of fragments we store per a DTLS connection and error out when max limit is reached
 * Detect when certificate's RSA public key size is too big and fail on loading of certificate
 
 ## Fixes
 * Fix for async with OCSP non-blocking in `ProcessPeerCerts`
 * Fixes for building with 32-bit and socket size sign/unsigned mismatch
-* Fix Windows CMakeList compiler options 
-* TLS 1.3 Middle-Box compat: fix missing brace 
-* Configuration consistency fixes for RSA keys and way to force disable of private keys 
+* Fix Windows CMakeList compiler options
+* TLS 1.3 Middle-Box compat: fix missing brace
+* Configuration consistency fixes for RSA keys and way to force disable of private keys
 * Fix for Aarch64 Mac M1 SP use
 * Fix build errors and warnings for MSVC with DTLS 1.3
 * Fix HMAC compat layer function for SHA-1
@@ -908,9 +1227,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
 * Check return from call to wc_Time
 * SP math: fix build configuration with opensslall
 * Fix for async session tickets
-* SP int mp_init_size fixes when SP_WORD_SIZE == 8 
+* SP int mp_init_size fixes when SP_WORD_SIZE == 8
 * Ed. function to make public key now checks for if the private key flag is set
-* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash 
+* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash
 * Fix for building with PSK only
 * Set correct types in wolfSSL_sk_*_new functions
 * Sanity check that size passed to mp_init_size() is no more than SP_INT_DIGITS
@@ -1024,7 +1343,7 @@ CVE-2020-12966 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb
 * Update SP math all to not use sp_int_word when SQR_MUL_ASM is available
 ### SP Math Fixes
 * Fixes for constant time with div function
-* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile 
+* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile
 * Fix for div_word when not using div function
 * Fixes for user settings with SP ASM and ED/Curve25519 small
 * Additional Wycheproof tests ran and fixes
@@ -1204,7 +1523,7 @@ Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
 ### Math Library Fixes
 * Sanity check with SP math that ECC points ordinates are not greater than modulus length
 * Additional sanity checks that _sp_add_d does not error due to overflow
-* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests 
+* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
 * TFM fp_div_2_ct rework to avoid potential overflow
 
 ### Misc.
@@ -1445,7 +1764,7 @@ Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
 ###### PORT Fixes
 * Building with Android wpa_supplicant and KeyStore
 * Setting initial value of CA certificate with TSIP enabled
-* Cryptocell ECC build fix and fix with RSA disabled 
+* Cryptocell ECC build fix and fix with RSA disabled
 * IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation
 
 ###### Math Library Fixes
@@ -1584,7 +1903,7 @@ Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including:
     - SSL_SESSION_has_ticket()
     - SSL_SESSION_get_ticket_lifetime_hint()
     - DIST_POINT_new
-    - DIST_POINT_free 
+    - DIST_POINT_free
     - DIST_POINTS_free
     - CRL_DIST_POINTS_free
     - sk_DIST_POINT_push
@@ -1747,7 +2066,7 @@ Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
 
 ### Vulnerabilities
 * [Low] CVE-2021-37155: OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer Mueller-Amersdorffer, Roee Yankelevsky, Barak Gutman, Hila Cohen and Shoshi Berko (from CYMOTIVE Technologies and CARIAD) for the report.
-* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report. 
+* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
 
 ### New Feature Additions
 ###### New Product
diff --git a/Docker/Dockerfile b/Docker/Dockerfile
index e6c3cd35d..d2c01b05d 100644
--- a/Docker/Dockerfile
+++ b/Docker/Dockerfile
@@ -10,7 +10,7 @@ ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev
 ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
 ARG DEPS_UDP_PROXY="wget libevent-dev"
 ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq"
-ARG DEPS_TOOLS="ccache clang-tidy maven"
+ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl android-tools-adb usbutils shellcheck"
 RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
                     && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
                     && apt clean -y && rm -rf /var/lib/apt/lists/*
diff --git a/Docker/wolfCLU/Dockerfile b/Docker/wolfCLU/Dockerfile
index da10d73dd..1e9099df4 100644
--- a/Docker/wolfCLU/Dockerfile
+++ b/Docker/wolfCLU/Dockerfile
@@ -1,5 +1,5 @@
 ARG DOCKER_BASE_IMAGE=ubuntu
-FROM ubuntu as BUILDER
+FROM ubuntu AS builder
 
 ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat-traditional iputils-ping bubblewrap"
 RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
@@ -18,8 +18,8 @@ RUN git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/
 
 FROM ${DOCKER_BASE_IMAGE}
 USER root
-COPY --from=BUILDER /usr/local/lib/libwolfssl.so /usr/local/lib/
-COPY --from=BUILDER /usr/local/bin/wolfssl* /usr/local/bin/
+COPY --from=builder /usr/local/lib/libwolfssl.so /usr/local/lib/
+COPY --from=builder /usr/local/bin/wolfssl* /usr/local/bin/
 RUN ldconfig
 ENTRYPOINT ["/usr/local/bin/wolfssl"]
 LABEL org.opencontainers.image.source=https://github.com/wolfssl/wolfssl
diff --git a/Docker/wolfCLU/README.md b/Docker/wolfCLU/README.md
index 1fc7bc6de..2c271d556 100644
--- a/Docker/wolfCLU/README.md
+++ b/Docker/wolfCLU/README.md
@@ -1,6 +1,6 @@
 This is a small container that has wolfCLU installed for quick access. To build your own run the following:
 ```
-docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu . 
+docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu .
 ```
 
 To run the container, you can use:
diff --git a/IDE/ARDUINO/Arduino_README_prepend.md b/IDE/ARDUINO/Arduino_README_prepend.md
index c11b35dbb..34ab46359 100644
--- a/IDE/ARDUINO/Arduino_README_prepend.md
+++ b/IDE/ARDUINO/Arduino_README_prepend.md
@@ -4,12 +4,46 @@ This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/)
 
 The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
 
-See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/).
+See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/) for publishing status.
+
+Instructions for installing and using libraries can be found in the [Arduino docs](https://docs.arduino.cc/software/ide-v1/tutorials/installing-libraries/).
+
+## wolfSSL Configuration
+
+As described in the [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
+
+The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
+
+For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
+
+For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
+
+For Linux: `~/Arduino/libraries/wolfssl/src`
+
+Tips for success:
+
+- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
+- Apply any customizations only to `user_settings.h`;  Do not edit wolfSSL `settings.h` or `configh.h` files.
+- Do not explicitly include `user_settings.h` in any source file.
+- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
+- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
+
+## wolfSSL Examples
+
+Additional wolfSSL examples can be found at:
+
+- https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO
+
+- https://github.com/wolfSSL/wolfssl/tree/master/examples
+
+- https://github.com/wolfSSL/wolfssl-examples/
 
 ## Arduino Releases
 
-The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
+This release of wolfSSL is version [5.7.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.6-stable).
 
-The next Official wolfSSL Arduino Library is [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable)
+See GitHub for [all Arduino wolfSSL releases](https://github.com/wolfSSL/Arduino-wolfSSL/releases).
 
-See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.
+The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
+
+The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.
diff --git a/IDE/ARDUINO/README.md b/IDE/ARDUINO/README.md
index 75c25a20a..8808b0e29 100644
--- a/IDE/ARDUINO/README.md
+++ b/IDE/ARDUINO/README.md
@@ -2,18 +2,49 @@
 
 See the [example sketches](./sketches/README.md):
 
-- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md)
-- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md)
+NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
+
+Bare-bones templates:
+
+- [sketches/wolfssl_version](./sketches/wolfssl_version/README.md) single file.
+- [sketches/template](./sketches/template/README.md) multiple file example.
+
+Functional examples:
+- [sketches/wolfssl_AES_CTR](./sketches/wolfssl_AES_CTR/README.md) AES CTR Encrypt / decrypt.
+- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md) TLS Client.
+- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md) TLS Server.
+
+Both the `template` and `wolfssl_AES_CTR` examples include VisualGDB project files.
 
 When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
 
+## Getting Started
+
+See [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
+
+The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
+
+For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
+
+For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
+
+For Linux: `~/Arduino/libraries/wolfssl/src`
+
+Tips for success:
+
+- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
+- Apply any customizations only to `user_settings.h`;  Do not edit wolfSSL `settings.h` or `configh.h` files.
+- Do not explicitly include `user_settings.h` in any source file.
+- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
+- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
+
 ## Boards
 
 Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
 and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
 
 STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
-from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started)   .
+from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started).
 
 ```
 https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json
@@ -27,7 +58,7 @@ This option will allow wolfSSL to be installed directly using the native Arduino
 
 ## Manually Reformatting wolfSSL as a Compatible Arduino Library
 
-Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be 
+Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
 compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
 for projects that use Arduino IDE 1.5.0 or newer.
 
@@ -42,7 +73,7 @@ from within the `wolfssl/IDE/ARDUINO` directory:
 
 1. `./wolfssl-arduino.sh`
     - Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
-    - You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h).
+    - You can add your own `user_settings.h`, or copy/rename the [default](https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_arduino.h).
 
 2. `./wolfssl-arduino.sh INSTALL` (The most common option)
     - Creates an Arduino Library in the local `wolfSSL` directory
@@ -55,8 +86,8 @@ from within the `wolfssl/IDE/ARDUINO` directory:
 3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
     - Creates an Arduino Library in `wolfSSL` directory
     - Copies that directory contents to the specified `/path/to/repository`
-    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`. 
-     
+    - Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
+
 4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
     - Creates an Arduino Library in `wolfSSL` directory
     - Copies that directory contents to the specified `/path/to/any/other/directory`
diff --git a/IDE/ARDUINO/include.am b/IDE/ARDUINO/include.am
index 52491a8b1..cf1695fab 100644
--- a/IDE/ARDUINO/include.am
+++ b/IDE/ARDUINO/include.am
@@ -2,16 +2,32 @@
 # included from Top Level Makefile.am
 # All paths should be given relative to the root
 
+# Library files:
 EXTRA_DIST+= IDE/ARDUINO/README.md
+
+# There's an Arduino-specific Arduino_README_prepend.md that will be prepended to wolfSSL README.md
+# Not to be confused with the interim PREPENDED_README.md that is created by script.
 EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
+
+# Core library files
+EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
+EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
+EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.cpp
+
 EXTRA_DIST+= IDE/ARDUINO/keywords.txt
 EXTRA_DIST+= IDE/ARDUINO/library.properties.template
+
+# Sketch Examples
 EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
+
+# wolfssl_client example sketch
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
-EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+
+# wolfssl_server example sketch
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
-EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+
+# wolfssl_version example sketch
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
-EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
-EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
+
+# Publishing script, either local install or to github.com/wolfSSL/Arduino-wolfSSL clone directory.
 EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh
diff --git a/IDE/ARDUINO/sketches/README.md b/IDE/ARDUINO/sketches/README.md
index 26a1d1e18..020331da5 100644
--- a/IDE/ARDUINO/sketches/README.md
+++ b/IDE/ARDUINO/sketches/README.md
@@ -1,12 +1,75 @@
 # wolfSSL Arduino Examples
 
-There are currently two example Arduino sketches:
+There are currently five example Arduino sketches:
 
-* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client.
-* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server.
+NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
+
+* `template`: Reference template wolfSSL example, including optional VisualGDB project files.
+* `wolfssl_AES_CTR`: Basic AES CTR Encryption / Decryption example.
+* `wolfssl_client`: Basic TLS listening client.
+* `wolfssl_server`: Basic TLS server.
+* `wolfssl_version`: Bare-bones wolfSSL example.
 
 Examples have been most recently confirmed operational on the
 [Arduino IDE](https://www.arduino.cc/en/software) 2.2.1.
 
 For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
-Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
+Additional wolfssl examples can be found at [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
+
+## Using wolfSSL
+
+The typical include will look something like this:
+
+```
+#include <Arduino.h>
+
+ /* wolfSSL user_settings.h must be included from settings.h
+  * Make all configurations changes in user_settings.h
+  * Do not edit wolfSSL `settings.h` or `config.h` files.
+  * Do not explicitly include user_settings.h in any source code.
+  * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
+  * C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
+  * The wolfSSL "settings.h" must be included in each source file using wolfSSL.
+  * The wolfSSL "settings.h" must appear before any other wolfSSL include.
+  */
+#include <wolfssl.h>
+
+/* settings.h is typically included in wolfssl.h, but here as a reminder: */
+#include <wolfssl/wolfcrypt/settings.h>
+
+/* Any other wolfSSL includes follow:*
+#include <wolfssl/version.h>
+```
+
+## Configuring wolfSSL
+
+See the `user_settings.h` in the Arduino library `wolfssl/src` directory. For Windows users this is typically:
+
+```
+C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src
+```
+
+WARNING: Changes to the library `user_settings.h` file will be lost when upgrading wolfSSL using the Arduino IDE.
+
+## Troubleshooting
+
+If compile problems are encountered, for example:
+
+```
+ctags: cannot open temporary file : File exists
+exit status 1
+
+Compilation error: exit status 1
+```
+
+Try deleting the Arduino cache directory:
+
+```
+C:\Users\%USERNAME%\AppData\Local\arduino\sketches
+```
+
+For VisualGDB users, delete the project `.vs`, `Output`, and `TraceReports` directories.
+
+## More Information
+
+For more details, see [IDE/ARDUINO/README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/README.md)
diff --git a/IDE/ARDUINO/sketches/wolfssl_client/README.md b/IDE/ARDUINO/sketches/wolfssl_client/README.md
index caf83c58e..1f114fcb9 100644
--- a/IDE/ARDUINO/sketches/wolfssl_client/README.md
+++ b/IDE/ARDUINO/sketches/wolfssl_client/README.md
@@ -1,6 +1,14 @@
 # Arduino Basic TLS Listening Client
 
-Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE.
+Open the `wolfssl_client.ino` file in the Arduino IDE.
+
+NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
+
+If using WiFi, be sure to set `ssid` and `password` values.
+
+May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1.
+
+See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address.
 
 Other IDE products are also supported, such as:
 
diff --git a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
deleted file mode 100644
index e4727dce1..000000000
--- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+++ /dev/null
@@ -1,894 +0,0 @@
-/* wolfssl_client.ino
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-/*
-Tested with:
-
-1) Intel Galileo acting as the Client, with a laptop acting as a server using
-   the server example provided in examples/server.
-   Legacy Arduino v1.86 was used to compile and program the Galileo
-
-2) Espressif ESP32 WiFi
-
-3) Arduino Due, Nano33 IoT, Nano RP-2040
-*/
-
-/*
- * Note to code editors: the Arduino client and server examples are edited in
- * parallel for side-by-side comparison between examples.
- */
-
-/* If you have a private include, define it here, otherwise edit WiFi params */
-#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
-
-/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
-#define REPEAT_CONNECTION 0
-
-/* Edit this with your other TLS host server address to connect to: */
-#define WOLFSSL_TLS_SERVER_HOST "192.168.1.39"
-
-/* wolfssl TLS examples communicate on port 11111 */
-#define WOLFSSL_PORT 11111
-
-/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
-#define SERIAL_BAUD 115200
-
-/* We'll wait up to 2000 milliseconds to properly shut down connection */
-#define SHUTDOWN_DELAY_MS 2000
-
-/* Number of times to retry connection.  */
-#define RECONNECT_ATTEMPTS 20
-
-/* Optional stress test. Define to consume memory until exhausted: */
-/* #define MEMORY_STRESS_TEST */
-
-/* Choose client or server example, not both. */
-#define WOLFSSL_CLIENT_EXAMPLE
-/* #define WOLFSSL_SERVER_EXAMPLE */
-
-#if defined(MY_PRIVATE_CONFIG)
-    /* the /workspace directory may contain a private config
-     * excluded from GitHub with items such as WiFi passwords */
-    #include MY_PRIVATE_CONFIG
-    static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
-    static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
-#else
-    /* when using WiFi capable boards: */
-    static const char* ssid PROGMEM  = "your_SSID";
-    static const char* password PROGMEM = "your_PASSWORD";
-#endif
-
-#define BROADCAST_ADDRESS "255.255.255.255"
-
-/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
- * If it is installed, uncomment define USE_NTP_LIB here: */
-/* #define USE_NTP_LIB */
-#ifdef USE_NTP_LIB
-    #include <NTPClient.h>
-#endif
-
-#include <wolfssl.h>
-/* Important: make sure settings.h appears before any other wolfSSL headers */
-#include <wolfssl/wolfcrypt/settings.h>
-/* Reminder: settings.h includes user_settings.h
- * For ALL project wolfSSL settings, see:
- * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h   */
-#include <wolfssl/ssl.h>
-#include <wolfssl/certs_test.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
-#if defined(DEBUG_WOLFSSL)
-    #define PROGRESS_DOT F("")
-#else
-    #define PROGRESS_DOT F(".")
-#endif
-
-/* Convert a macro to a string */
-#define xstr(x) str(x)
-#define str(x) #x
-
-/* optional board-specific networking includes */
-#if defined(ESP32)
-    #define USING_WIFI
-    #include <WiFi.h>
-    #include <WiFiUdp.h>
-    #ifdef USE_NTP_LIB
-        WiFiUDP ntpUDP;
-    #endif
-    /* Ensure the F() flash macro is defined */
-    #ifndef F
-        #define F
-    #endif
-    WiFiClient client;
-
-#elif defined(ESP8266)
-    #define USING_WIFI
-    #include <ESP8266WiFi.h>
-    WiFiClient client;
-
-#elif defined(ARDUINO_SAM_DUE)
-    #include <SPI.h>
-    /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
-    /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
-    #include <Ethernet.h>
-    EthernetClient client;
-
-#elif defined(ARDUINO_SAMD_NANO_33_IOT)
-    #define USING_WIFI
-    #include <SPI.h>
-    #include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
-    WiFiClient client;
-
-#elif defined(ARDUINO_ARCH_RP2040)
-    #define USING_WIFI
-    #include <SPI.h>
-    #include <WiFiNINA.h>
-    WiFiClient client;
-
-#elif defined(USING_WIFI)
-    #define USING_WIFI
-    #include <WiFi.h>
-    #include <WiFiUdp.h>
-    #ifdef USE_NTP_LIB
-        WiFiUDP ntpUDP;
-    #endif
-    WiFiClient client;
-
-/* TODO
-#elif defined(OTHER_BOARD)
-*/
-#else
-    #define USING_WIFI
-    WiFiClient client;
-
-#endif
-
-/* Only for syntax highlighters to show interesting options enabled: */
-#if defined(HAVE_SNI)                           \
-   || defined(HAVE_MAX_FRAGMENT)                  \
-   || defined(HAVE_TRUSTED_CA)                    \
-   || defined(HAVE_TRUNCATED_HMAC)                \
-   || defined(HAVE_CERTIFICATE_STATUS_REQUEST)    \
-   || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
-   || defined(HAVE_SUPPORTED_CURVES)              \
-   || defined(HAVE_ALPN)                          \
-   || defined(HAVE_SESSION_TICKET)                \
-   || defined(HAVE_SECURE_RENEGOTIATION)          \
-   || defined(HAVE_SERVER_RENEGOTIATION_INFO)
-#endif
-
-static const char host[] PROGMEM = WOLFSSL_TLS_SERVER_HOST; /* server to connect to */
-static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */
-
-static WOLFSSL_CTX* ctx = NULL;
-static WOLFSSL* ssl = NULL;
-static char* wc_error_message = (char*)malloc(80 + 1);
-static char errBuf[80];
-
-#if defined(MEMORY_STRESS_TEST)
-    #define MEMORY_STRESS_ITERATIONS 100
-    #define MEMORY_STRESS_BLOCK_SIZE 1024
-    #define MEMORY_STRESS_INITIAL (4*1024)
-    static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
-    static int mem_ctr        = 0;
-#endif
-
-static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
-static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
-static int reconnect = RECONNECT_ATTEMPTS;
-static int lng_index PROGMEM = 0; /* 0 = English */
-
-#if defined(__arm__)
-    #include <malloc.h>
-    extern char _end;
-    extern "C" char *sbrk(int i);
-    static char *ramstart=(char *)0x20070000;
-    static char *ramend=(char *)0x20088000;
-#endif
-
-/*****************************************************************************/
-/* fail_wait - in case of unrecoverable error                                */
-/*****************************************************************************/
-int fail_wait(void) {
-    show_memory();
-
-    Serial.println(F("Failed. Halt."));
-    while (1) {
-        delay(1000);
-    }
-    return 0;
-}
-
-/*****************************************************************************/
-/* show_memory() to optionally view during debugging.                         */
-/*****************************************************************************/
-int show_memory(void)
-{
-#if defined(__arm__)
-    struct mallinfo mi = mallinfo();
-
-    char *heapend=sbrk(0);
-    register char * stack_ptr asm("sp");
-    #if defined(DEBUG_WOLFSSL_VERBOSE)
-        Serial.print("    arena=");
-        Serial.println(mi.arena);
-        Serial.print("  ordblks=");
-        Serial.println(mi.ordblks);
-        Serial.print(" uordblks=");
-        Serial.println(mi.uordblks);
-        Serial.print(" fordblks=");
-        Serial.println(mi.fordblks);
-        Serial.print(" keepcost=");
-        Serial.println(mi.keepcost);
-    #endif
-
-    #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
-        Serial.print("Estimated free memory: ");
-        Serial.print(stack_ptr - heapend + mi.fordblks);
-        Serial.println(F(" bytes"));
-    #endif
-
-    #if (0)
-        /* Experimental: not supported on all devices: */
-        Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
-        Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
-        Serial.print("Heap End %lx\n", (unsigned long)heapend);
-        Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
-        Serial.print("RAM End %lx\n", (unsigned long)ramend);
-
-        Serial.print("Heap RAM Used: ",mi.uordblks);
-        Serial.print("Program RAM Used ",&_end - ramstart);
-        Serial.print("Stack RAM Used ",ramend - stack_ptr);
-
-        Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
-    #endif
-#else
-    Serial.println(F("show_memory() not implemented for this platform"));
-#endif
-    return 0;
-}
-
-/*****************************************************************************/
-/* EthernetSend() to send a message string.                                  */
-/*****************************************************************************/
-int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
-    int sent = 0;
-    (void)ssl;
-    (void)ctx;
-
-    sent = client.write((byte*)message, sz);
-    return sent;
-}
-
-/*****************************************************************************/
-/* EthernetReceive() to receive a reply string.                              */
-/*****************************************************************************/
-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
-    int ret = 0;
-    (void)ssl;
-    (void)ctx;
-
-    while (client.available() > 0 && ret < sz) {
-        reply[ret++] = client.read();
-    }
-    return ret;
-}
-
-/*****************************************************************************/
-/* Arduino setup_hardware()                                                  */
-/*****************************************************************************/
-int setup_hardware(void) {
-    int ret = 0;
-
-#if defined(ARDUINO_SAMD_NANO_33_IOT)
-    Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
-#elif defined(ARDUINO_ARCH_RP2040)
-    Serial.println(F("Detected known tested and working Arduino RP-2040"));
-#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
-    /* need to manually turn on random number generator on Arduino Due, etc. */
-    pmc_enable_periph_clk(ID_TRNG);
-    trng_enable(TRNG);
-    Serial.println(F("Enabled ARM TRNG"));
-#endif
-
-    show_memory();
-    randomSeed(analogRead(0));
-    return ret;
-}
-
-/*****************************************************************************/
-/* Arduino setup_datetime()                                                  */
-/*   The device needs to have a valid date within the valid range of certs.  */
-/*****************************************************************************/
-int setup_datetime(void) {
-    int ret = 0;
-    int ntp_tries = 20;
-
-    /* we need a date in the range of cert expiration */
-#ifdef USE_NTP_LIB
-    #if defined(ESP32)
-        NTPClient timeClient(ntpUDP, "pool.ntp.org");
-
-        timeClient.begin();
-        timeClient.update();
-        delay(1000);
-        while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
-            timeClient.forceUpdate();
-            Serial.println(F("Waiting for NTP update"));
-            delay(2000);
-            ntp_tries--;
-        }
-        if (ntp_tries <= 0) {
-            Serial.println(F("Warning: gave up waiting on NTP"));
-        }
-        Serial.println(timeClient.getFormattedTime());
-        Serial.println(timeClient.getEpochTime());
-    #endif
-#endif
-
-#if defined(ESP32)
-    /* see esp32-hal-time.c */
-    ntp_tries = 5;
-    /* Replace "pool.ntp.org" with your preferred NTP server */
-    configTime(0, 0, "pool.ntp.org");
-
-    /* Wait for time to be set */
-    while ((time(nullptr) <= 100000) && ntp_tries > 0) {
-        Serial.println(F("Waiting for time to be set..."));
-        delay(2000);
-        ntp_tries--;
-    }
-#endif
-
-    return ret;
-} /* setup_datetime */
-
-/*****************************************************************************/
-/* Arduino setup_network()                                                   */
-/*****************************************************************************/
-int setup_network(void) {
-    int ret = 0;
-
-#if defined(USING_WIFI)
-    int status = WL_IDLE_STATUS;
-
-    /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
-    #if defined(ESP8266) || defined(ESP32)
-        WiFi.mode(WIFI_STA);
-    #else
-        String fv;
-        if (WiFi.status() == WL_NO_MODULE) {
-            Serial.println("Communication with WiFi module failed!");
-            /* don't continue if no network */
-            while (true) ;
-        }
-
-        fv = WiFi.firmwareVersion();
-        if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
-            Serial.println("Please upgrade the firmware");
-        }
-    #endif
-
-    Serial.print(F("Connecting to WiFi "));
-    Serial.print(ssid);
-    status = WiFi.begin(ssid, password);
-    while (status != WL_CONNECTED) {
-        delay(1000);
-        Serial.print(F("."));
-        Serial.print(status);
-        status = WiFi.status();
-    }
-
-    Serial.println(F(" Connected!"));
-#else
-    /* Newer Ethernet shields have a
-     * MAC address printed on a sticker on the shield */
-    byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
-    IPAddress ip(192, 168, 1, 42);
-    IPAddress myDns(192, 168, 1, 1);
-    Ethernet.init(10); /* Most Arduino shields */
-    /* Ethernet.init(5);   * MKR ETH Shield */
-    /* Ethernet.init(0);   * Teensy 2.0 */
-    /* Ethernet.init(20);  * Teensy++ 2.0 */
-    /* Ethernet.init(15);  * ESP8266 with Adafruit FeatherWing Ethernet */
-    /* Ethernet.init(33);  * ESP32 with Adafruit FeatherWing Ethernet */
-    Serial.println(F("Initialize Ethernet with DHCP:"));
-    if (Ethernet.begin(mac) == 0) {
-        Serial.println(F("Failed to configure Ethernet using DHCP"));
-        /* Check for Ethernet hardware present */
-        if (Ethernet.hardwareStatus() == EthernetNoHardware) {
-            Serial.println(F("Ethernet shield was not found."));
-            while (true) {
-                delay(1); /* do nothing */
-            }
-        }
-        if (Ethernet.linkStatus() == LinkOFF) {
-            Serial.println(F("Ethernet cable is not connected."));
-        }
-        /* try to configure using IP address instead of DHCP : */
-        Ethernet.begin(mac, ip, myDns);
-    }
-    else {
-        Serial.print(F("  DHCP assigned IP "));
-        Serial.println(Ethernet.localIP());
-    }
-    /* We'll assume the Ethernet connection is ready to go. */
-#endif
-
-    Serial.println(F("********************************************************"));
-    Serial.print(F("      wolfSSL Example Client IP = "));
-#if defined(USING_WIFI)
-    Serial.println(WiFi.localIP());
-#else
-    Serial.println(Ethernet.localIP());
-#endif
-    Serial.print(F("   Configured Server Host to connect to: "));
-    Serial.println(host);
-    Serial.println(F("********************************************************"));
-    Serial.println(F("Setup network complete."));
-
-    return ret;
-}
-
-/*****************************************************************************/
-/* Arduino setup_wolfssl()                                                   */
-/*****************************************************************************/
-int setup_wolfssl(void) {
-    int ret = 0;
-    WOLFSSL_METHOD* method;
-
-    /* Show a revision of wolfssl user_settings.h file in use when available: */
-#if defined(WOLFSSL_USER_SETTINGS_ID)
-    Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
-    Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
-#else
-    Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
-#endif
-
-#if defined(NO_WOLFSSL_SERVER)
-    Serial.println(F("wolfSSL server code disabled to save space."));
-#endif
-#if defined(NO_WOLFSSL_CLIENT)
-    Serial.println(F("wolfSSL client code disabled to save space."));
-#endif
-
-#if defined(DEBUG_WOLFSSL)
-    wolfSSL_Debugging_ON();
-    Serial.println(F("wolfSSL Debugging is On!"));
-#else
-    Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
-#endif
-
-    /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
-#if defined(NO_SESSION_CACHE)
-    Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
-#elif defined(MICRO_SESSION_CACHEx)
-    Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
-#elif defined(SMALL_SESSION_CACHE)
-    Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
-#elif defined(MEDIUM_SESSION_CACHE)
-    Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
-#elif defined(BIG_SESSION_CACHE)
-    Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
-#elif defined(HUGE_SESSION_CACHE)
-    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
-#elif defined(HUGE_SESSION_CACHE)
-    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
-#else
-    Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
-    /* See wolfssl/src/ssl.c for amount of memory used.
-     * It is best on embedded devices to choose a TLS session cache size. */
-#endif
-
-    ret = wolfSSL_Init();
-    if (ret == WOLFSSL_SUCCESS) {
-        Serial.println("Successfully called wolfSSL_Init");
-    }
-    else {
-        Serial.println("ERROR: wolfSSL_Init failed");
-    }
-
-    /* See companion server example with wolfSSLv23_server_method here.
-     * method = wolfSSLv23_client_method());   SSL 3.0 - TLS 1.3.
-     * method = wolfTLSv1_2_client_method();   only TLS 1.2
-     * method = wolfTLSv1_3_client_method();   only TLS 1.3
-     *
-     * see Arduino\libraries\wolfssl\src\user_settings.h */
-
-    Serial.println("Here we go!");
-
-    method = wolfSSLv23_client_method();
-    if (method == NULL) {
-        Serial.println(F("unable to get wolfssl client method"));
-        fail_wait();
-    }
-    ctx = wolfSSL_CTX_new(method);
-    if (ctx == NULL) {
-        Serial.println(F("unable to get ctx"));
-        fail_wait();
-    }
-
-    return ret;
-}
-
-/*****************************************************************************/
-/* Arduino setup_certificates()                                              */
-/*****************************************************************************/
-int setup_certificates(void) {
-    int ret = 0;
-
-    Serial.println(F("Initializing certificates..."));
-    show_memory();
-
-    /* Use built-in validation, No verification callback function: */
-    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
-
-    /* Certificate */
-    Serial.println("Initializing certificates...");
-    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
-                                             CTX_CLIENT_CERT,
-                                             CTX_CLIENT_CERT_SIZE,
-                                             CTX_CLIENT_CERT_TYPE);
-    if (ret == WOLFSSL_SUCCESS) {
-        Serial.print("Success: use certificate: ");
-        Serial.println(xstr(CTX_SERVER_CERT));
-    }
-    else {
-        Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: "));
-        wc_ErrorString(ret, wc_error_message);
-        Serial.println(wc_error_message);
-        fail_wait();
-    }
-
-    /* Setup private client key */
-    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
-                                            CTX_CLIENT_KEY,
-                                            CTX_CLIENT_KEY_SIZE,
-                                            CTX_CLIENT_KEY_TYPE);
-    if (ret == WOLFSSL_SUCCESS) {
-        Serial.print("Success: use private key buffer: ");
-        Serial.println(xstr(CTX_SERVER_KEY));
-    }
-    else {
-        Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "));
-        wc_ErrorString(ret, wc_error_message);
-        Serial.println(wc_error_message);
-        fail_wait();
-    }
-
-    ret = wolfSSL_CTX_load_verify_buffer(ctx,
-                                         CTX_CA_CERT,
-                                         CTX_CA_CERT_SIZE,
-                                         CTX_CA_CERT_TYPE);
-    if (ret == WOLFSSL_SUCCESS) {
-        Serial.println(F("Success: load_verify CTX_CA_CERT"));
-    }
-    else {
-        Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: "));
-        wc_ErrorString(ret, wc_error_message);
-        Serial.println(wc_error_message);
-        fail_wait();
-    }
-
-
-
-    return ret;
-} /* Arduino setup */
-
-/*****************************************************************************/
-/*****************************************************************************/
-/* Arduino setup()                                                           */
-/*****************************************************************************/
-/*****************************************************************************/
-void setup(void) {
-    int i = 0;
-    Serial.begin(SERIAL_BAUD);
-    while (!Serial && (i < 10)) {
-        /* wait for serial port to connect. Needed for native USB port only */
-        delay(1000);
-        i++;
-    }
-    Serial.println(F(""));
-    Serial.println(F(""));
-    Serial.println(F("wolfSSL TLS Client Example Startup."));
-
-    /* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
-#if defined(DEBUG_WOLFSSL)
-    wolfSSL_Debugging_ON();
-#endif
-
-    /* Optionally pre-allocate a large block of memory for testing */
-#if defined(MEMORY_STRESS_TEST)
-    Serial.println(F("WARNING: Memory Stress Test Active!"));
-    Serial.print(F("Allocating extra memory: "));
-    Serial.print(MEMORY_STRESS_INITIAL);
-    Serial.println(F(" bytes..."));
-    memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
-    show_memory();
-#endif
-
-    setup_hardware();
-
-    setup_network();
-
-    setup_datetime();
-
-    setup_wolfssl();
-
-    setup_certificates();
-
-    /* Initialize wolfSSL using callback functions. */
-    wolfSSL_SetIOSend(ctx, EthernetSend);
-    wolfSSL_SetIORecv(ctx, EthernetReceive);
-
-    Serial.println(F("Completed Arduino setup!"));
-    /* See companion wolfssl_server.ino code; server begins listening here
-     * https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server
-     * Any other server will work. See also:
-     * https://github.com/wolfSSL/wolfssl/tree/master/examples/client
-     */
-    /* See companion wolfssl_server.ino code */
-    return;
-} /* Arduino setup */
-
-/*****************************************************************************/
-/* wolfSSL error_check()                                                     */
-/*****************************************************************************/
-int error_check(int this_ret, bool halt_on_error,
-                      const __FlashStringHelper* message) {
-    int ret = 0;
-    if (this_ret == WOLFSSL_SUCCESS) {
-        Serial.print(F("Success: "));
-        Serial.println(message);
-    }
-    else {
-        Serial.print(F("ERROR: return = "));
-        Serial.print(this_ret);
-        Serial.print(F(": "));
-        Serial.println(message);
-        Serial.println(wc_GetErrorString(this_ret));
-        if (halt_on_error) {
-            fail_wait();
-        }
-    }
-    show_memory();
-
-    return ret;
-} /* error_check */
-
-/*****************************************************************************/
-/* wolfSSL error_check_ssl                                                   */
-/*   Parameters:                                                             */
-/*     ssl           is the current WOLFSSL object pointer                   */
-/*     halt_on_error set to true to suspend operations for critical error    */
-/*     message       is expected to be a memory-efficient F("") macro string */
-/*****************************************************************************/
-int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
-                           const __FlashStringHelper* message) {
-    int err = 0;
-
-    if (ssl == NULL) {
-        Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
-#ifndef DEBUG_WOLFSSL
-        Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
-#else
-        Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
-#endif
-        Serial.print(F("ERROR: "));
-        Serial.println(message);
-        show_memory();
-        if (halt_on_error) {
-            fail_wait();
-        }
-    }
-    else {
-        err = wolfSSL_get_error(ssl, this_ret);
-        if (err == WOLFSSL_SUCCESS) {
-            Serial.print(F("Success m: "));
-            Serial.println(message);
-        }
-        else {
-            if (err < 0) {
-                wolfSSL_ERR_error_string(err, errBuf);
-                Serial.print(F("WOLFSSL Error: "));
-                Serial.print(err);
-                Serial.print(F("; "));
-                Serial.println(errBuf);
-            }
-            else {
-                Serial.println(F("Success: ssl object."));
-            }
-        }
-    }
-
-    return err;
-}
-
-/*****************************************************************************/
-/*****************************************************************************/
-/* Arduino loop()                                                            */
-/*****************************************************************************/
-/*****************************************************************************/
-void loop() {
-    char reply[80];
-    char msg[32]       = "hello wolfssl!";
-    const char* cipherName;
-    int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
-    int total_input    = 0;
-    int msgSz          = 0;
-    int input          = 0;
-    int ret            = 0;
-    int err            = 0;
-    msgSz = (int)strlen(msg);
-    Serial.println(F(""));
-    Serial.println(F("Starting Arduino loop() ..."));
-
-    if (reconnect) {
-        reconnect--;
-        /* WiFi client returns true if connection succeeds, false if not.  */
-        /* Wired client returns int (1,-1,-2,-3,-4) for connection status. */
-        Serial.print(F("Connecting to "));
-        Serial.print(host);
-        Serial.print(F(":"));
-        Serial.println(port);
-        /* can also use: IPAddress server(192,168,1,37); */
-        Serial.println(F("Here we go..."));
-        ret = client.connect(host, port);
-        Serial.println(F("Ok, checking..."));
-        if (ret > 0) {
-            Serial.println(F("Connected!"));
-
-            /* initialize wolfSSL */
-            ret = wolfSSL_Init();
-            error_check(ret, false, F("calling wolfSSL_Init") );
-
-            /* create secure connection object. see setup for ctx certs. */
-            Serial.println(F("Calling ssl = wolfSSL_new(ctx)"));
-            ssl = wolfSSL_new(ctx);
-            error_check_ssl(ssl, 0, true, F("Create WOLFSSL object from ctx"));
-
-            Serial.print(F("Connecting to wolfSSL TLS Secure Server..."));
-            do {
-                err = 0; /* reset error */
-                Serial.println(F("wolfSSL_connect ..."));
-                ret = wolfSSL_connect(ssl);
-                Serial.print("wolfSSL_connect return result =");
-                Serial.println(ret);
-                if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) {
-                    Serial.println(F("Failed connection, checking error."));
-                    err = error_check_ssl(ssl, ret, true,
-                                    F("Create WOLFSSL object from ctx"));
-                    Serial.print("err =");
-                    Serial.println(err);
-                }
-                else {
-                   Serial.print(PROGRESS_DOT);
-                }
-            } while (err == WC_PENDING_E);
-
-            Serial.println();
-            Serial.println(F("Connected!"));
-            Serial.print(F("SSL version is "));
-            Serial.println(wolfSSL_get_version(ssl));
-
-            cipherName = wolfSSL_get_cipher(ssl);
-            Serial.print(F("SSL cipher suite is "));
-            Serial.println(cipherName);
-
-            /* see test.h
-             * TODO: test.h needs a little bit of Arduino work for these:
-            showPeerEx(ssl, lng_index);
-            showPeerPEM(ssl);
-            */
-
-            Serial.print(F("Sending secure message to server: "));
-            Serial.println(msg);
-            ret = wolfSSL_write(ssl, msg, msgSz);
-            if (ret == msgSz) {
-                Serial.print(F("Waiting for Server response..."));
-
-                while (!client.available()) {
-                    /* wait for data */
-                    delay(1); /* 1 ms delay */
-                }
-
-                Serial.print(F("Reading response.."));
-                /* read data */
-                do {
-                    ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
-                    if (ret < 0) {
-                        error_check_ssl(ssl, ret, false,
-                                        F("during TLS Read"));
-                    }
-                    else {
-                        Serial.print(PROGRESS_DOT);
-                    }
-                } while (err == WC_PENDING_E);
-                Serial.println();
-
-                Serial.println();
-                Serial.println(reply); /* typically: I hear you fa shizzle! */
-                Serial.println();
-
-            } /* wolfSSL_write message size matched */
-            else {
-                error_check_ssl(ssl, ret, false,
-                    F("during TLS Write"));
-            }  /* any wolfSSL_write message size mismatch is an error */
-
-            Serial.print(F("Shutting down.."));
-            do {
-                delay(1);
-                Serial.print(PROGRESS_DOT);
-                retry_shutdown--;
-                ret = wolfSSL_shutdown(ssl);
-            } while (   (ret == WOLFSSL_SHUTDOWN_NOT_DONE)
-                     && (retry_shutdown > 0)
-                    ); /* There may be pending data, so wait until done. */
-            Serial.println();
-
-            if (retry_shutdown <= 0) {
-                /* if wolfSSL_free is called before properly shutting down the
-                 * ssl object, undesired results may occur. */
-                Serial.println(F("Warning! Shutdown did not properly complete."));
-            }
-
-            wolfSSL_free(ssl);
-            client.stop();
-            Serial.println(F("Connection complete."));
-            if (REPEAT_CONNECTION) {
-                reconnect = RECONNECT_ATTEMPTS;
-            }
-            else {
-                reconnect = 0;
-            }
-        } /* client.connect(host, port) */
-        else {
-            Serial.println(F("Problem sending message. Trying to reconnect..."));
-        }
-    }
-    delay(1000);
-    if ((reconnect > 0) && (REPEAT_CONNECTION)) {
-        Serial.println(F("Arduino loop repeating..."));
-        Serial.println();
-    }
-    else {
-        printf("wow");
-        Serial.println(F("Done!"));
-        while(1) {
-            /* wait forever */
-        }
-    }
-
-#if defined(MEMORY_STRESS_TEST)
-    if (mem_ctr < MEMORY_STRESS_ITERATIONS) {
-        /* reminder: mem_ctr == 0 is MEMORY_STRESS_INITIAL allocation */
-        mem_ctr++;
-        Serial.print(F("Memory stress increment: "));
-        Serial.print(mem_ctr);
-        Serial.print(F(". Allocating addition memory (bytes): "));
-        Serial.println(MEMORY_STRESS_BLOCK_SIZE);
-        memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_BLOCK_SIZE);
-        show_memory();
-    }
-#endif
-} /* Arduino loop repeats */
diff --git a/IDE/ARDUINO/sketches/wolfssl_server/README.md b/IDE/ARDUINO/sketches/wolfssl_server/README.md
index aee5c6630..ecad3f0c5 100644
--- a/IDE/ARDUINO/sketches/wolfssl_server/README.md
+++ b/IDE/ARDUINO/sketches/wolfssl_server/README.md
@@ -1,6 +1,14 @@
 # Arduino Basic TLS Server
 
-Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE.
+Open the `wolfssl_server.ino` file in the Arduino IDE.
+
+NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
+
+If using WiFi, be sure to set `ssid` and `password` values.
+
+May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1.
+
+See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address.
 
 Other IDE products are also supported, such as:
 
@@ -13,7 +21,7 @@ Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.co
 
 ## Connect with an Arduino Sketch
 
-See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino). 
+See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino).
 
 ## Connect with Linux Client
 
diff --git a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino b/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
deleted file mode 100644
index 387052ca6..000000000
--- a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+++ /dev/null
@@ -1,838 +0,0 @@
-/* wolfssl_server.ino
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-/*
-Tested with:
-
-1) Intel Galileo acting as the Client, with a laptop acting as a server using
-   the server example provided in examples/server.
-   Legacy Arduino v1.86 was used to compile and program the Galileo
-
-2) Espressif ESP32 WiFi
-
-3) Arduino Due, Nano33 IoT, Nano RP-2040
-*/
-
-/*
- * Note to code editors: the Arduino client and server examples are edited in
- * parallel for side-by-side comparison between examples.
- */
-
-/* If you have a private include, define it here, otherwise edit WiFi params */
-#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
-
-/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
-#define REPEAT_CONNECTION 1
-
-/* Edit this with your other TLS host server address to connect to: */
-/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */
-
-/* wolfssl TLS examples communicate on port 11111 */
-#define WOLFSSL_PORT 11111
-
-/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
-#define SERIAL_BAUD 115200
-
-/* We'll wait up to 2000 milliseconds to properly shut down connection */
-#define SHUTDOWN_DELAY_MS 2000
-
-/* Number of times to retry connection.  */
-#define RECONNECT_ATTEMPTS 20
-
-/* Optional stress test. Define to consume memory until exhausted: */
-/* #define MEMORY_STRESS_TEST */
-
-/* Choose client or server example, not both. */
-/* #define WOLFSSL_CLIENT_EXAMPLE */
-#define WOLFSSL_SERVER_EXAMPLE
-
-#if defined(MY_PRIVATE_CONFIG)
-    /* the /workspace directory may contain a private config
-     * excluded from GitHub with items such as WiFi passwords */
-    #include MY_PRIVATE_CONFIG
-    static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
-    static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
-#else
-    /* when using WiFi capable boards: */
-    static const char* ssid PROGMEM  = "your_SSID";
-    static const char* password PROGMEM = "your_PASSWORD";
-#endif
-
-#define BROADCAST_ADDRESS "255.255.255.255"
-
-/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
- * If it is installed, uncomment define USE_NTP_LIB here: */
-/* #define USE_NTP_LIB */
-#ifdef USE_NTP_LIB
-    #include <NTPClient.h>
-#endif
-
-#include <wolfssl.h>
-/* Important: make sure settings.h appears before any other wolfSSL headers */
-#include <wolfssl/wolfcrypt/settings.h>
-/* Reminder: settings.h includes user_settings.h
- * For ALL project wolfSSL settings, see:
- * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h   */
-#include <wolfssl/ssl.h>
-#include <wolfssl/certs_test.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
-#if defined(DEBUG_WOLFSSL)
-    #define PROGRESS_DOT F("")
-#else
-    #define PROGRESS_DOT F(".")
-#endif
-
-/* Convert a macro to a string */
-#define xstr(x) str(x)
-#define str(x) #x
-
-/* optional board-specific networking includes */
-#if defined(ESP32)
-    #define USING_WIFI
-    #include <WiFi.h>
-    #include <WiFiUdp.h>
-    #ifdef USE_NTP_LIB
-        WiFiUDP ntpUDP;
-    #endif
-    /* Ensure the F() flash macro is defined */
-    #ifndef F
-        #define F
-    #endif
-    WiFiClient client;
-    WiFiServer server(WOLFSSL_PORT);
-#elif defined(ESP8266)
-    #define USING_WIFI
-    #include <ESP8266WiFi.h>
-    WiFiClient client;
-    WiFiServer server(WOLFSSL_PORT);
-#elif defined(ARDUINO_SAM_DUE)
-    #include <SPI.h>
-    /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
-    /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
-    #include <Ethernet.h>
-    EthernetClient client;
-    EthernetClient server(WOLFSSL_PORT);
-#elif defined(ARDUINO_SAMD_NANO_33_IOT)
-    #define USING_WIFI
-    #include <SPI.h>
-    #include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
-    WiFiClient client;
-    WiFiServer server(WOLFSSL_PORT);
-#elif defined(ARDUINO_ARCH_RP2040)
-    #define USING_WIFI
-    #include <SPI.h>
-    #include <WiFiNINA.h>
-    WiFiClient client;
-    WiFiServer server(WOLFSSL_PORT);
-#elif defined(USING_WIFI)
-    #define USING_WIFI
-    #include <WiFi.h>
-    #include <WiFiUdp.h>
-    #ifdef USE_NTP_LIB
-        WiFiUDP ntpUDP;
-    #endif
-    WiFiClient client;
-    WiFiServer server(WOLFSSL_PORT);
-/* TODO
-#elif defined(OTHER_BOARD)
-*/
-#else
-    #define USING_WIFI
-    WiFiClient client;
-    WiFiServer server(WOLFSSL_PORT);
-#endif
-
-/* Only for syntax highlighters to show interesting options enabled: */
-#if defined(HAVE_SNI)                           \
-   || defined(HAVE_MAX_FRAGMENT)                  \
-   || defined(HAVE_TRUSTED_CA)                    \
-   || defined(HAVE_TRUNCATED_HMAC)                \
-   || defined(HAVE_CERTIFICATE_STATUS_REQUEST)    \
-   || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
-   || defined(HAVE_SUPPORTED_CURVES)              \
-   || defined(HAVE_ALPN)                          \
-   || defined(HAVE_SESSION_TICKET)                \
-   || defined(HAVE_SECURE_RENEGOTIATION)          \
-   || defined(HAVE_SERVER_RENEGOTIATION_INFO)
-#endif
-
-
-/* we expect our IP address from DHCP */
-
-static WOLFSSL_CTX* ctx = NULL;
-static WOLFSSL* ssl = NULL;
-static char* wc_error_message = (char*)malloc(80 + 1);
-static char errBuf[80];
-
-#if defined(MEMORY_STRESS_TEST)
-    #define MEMORY_STRESS_ITERATIONS 100
-    #define MEMORY_STRESS_BLOCK_SIZE 1024
-    #define MEMORY_STRESS_INITIAL (4*1024)
-    static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
-    static int mem_ctr        = 0;
-#endif
-
-static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
-static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
-static int reconnect = RECONNECT_ATTEMPTS;
-static int lng_index PROGMEM = 0; /* 0 = English */
-
-#if defined(__arm__)
-    #include <malloc.h>
-    extern char _end;
-    extern "C" char *sbrk(int i);
-    static char *ramstart=(char *)0x20070000;
-    static char *ramend=(char *)0x20088000;
-#endif
-
-/*****************************************************************************/
-/* fail_wait - in case of unrecoverable error                                */
-/*****************************************************************************/
-int fail_wait(void) {
-    show_memory();
-
-    Serial.println(F("Failed. Halt."));
-    while (1) {
-        delay(1000);
-    }
-    return 0;
-}
-
-/*****************************************************************************/
-/* show_memory() to optionally view during debugging.                         */
-/*****************************************************************************/
-int show_memory(void)
-{
-#if defined(__arm__)
-    struct mallinfo mi = mallinfo();
-
-    char *heapend=sbrk(0);
-    register char * stack_ptr asm("sp");
-    #if defined(DEBUG_WOLFSSL_VERBOSE)
-        Serial.print("    arena=");
-        Serial.println(mi.arena);
-        Serial.print("  ordblks=");
-        Serial.println(mi.ordblks);
-        Serial.print(" uordblks=");
-        Serial.println(mi.uordblks);
-        Serial.print(" fordblks=");
-        Serial.println(mi.fordblks);
-        Serial.print(" keepcost=");
-        Serial.println(mi.keepcost);
-    #endif
-
-    #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
-        Serial.print("Estimated free memory: ");
-        Serial.print(stack_ptr - heapend + mi.fordblks);
-        Serial.println(F(" bytes"));
-    #endif
-
-    #if (0)
-        /* Experimental: not supported on all devices: */
-        Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
-        Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
-        Serial.print("Heap End %lx\n", (unsigned long)heapend);
-        Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
-        Serial.print("RAM End %lx\n", (unsigned long)ramend);
-
-        Serial.print("Heap RAM Used: ",mi.uordblks);
-        Serial.print("Program RAM Used ",&_end - ramstart);
-        Serial.print("Stack RAM Used ",ramend - stack_ptr);
-
-        Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
-    #endif
-#else
-    Serial.println(F("show_memory() not implemented for this platform"));
-#endif
-    return 0;
-}
-
-/*****************************************************************************/
-/* EthernetSend() to send a message string.                                  */
-/*****************************************************************************/
-int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
-    int sent = 0;
-    (void)ssl;
-    (void)ctx;
-
-    sent = client.write((byte*)message, sz);
-    return sent;
-}
-
-/*****************************************************************************/
-/* EthernetReceive() to receive a reply string.                              */
-/*****************************************************************************/
-int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
-    int ret = 0;
-    (void)ssl;
-    (void)ctx;
-
-    while (client.available() > 0 && ret < sz) {
-        reply[ret++] = client.read();
-    }
-    return ret;
-}
-
-/*****************************************************************************/
-/* Arduino setup_hardware()                                                  */
-/*****************************************************************************/
-int setup_hardware(void) {
-    int ret = 0;
-
-#if defined(ARDUINO_SAMD_NANO_33_IOT)
-    Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
-#elif defined(ARDUINO_ARCH_RP2040)
-    Serial.println(F("Detected known tested and working Arduino RP-2040"));
-#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
-    /* need to manually turn on random number generator on Arduino Due, etc. */
-    pmc_enable_periph_clk(ID_TRNG);
-    trng_enable(TRNG);
-    Serial.println(F("Enabled ARM TRNG"));
-#endif
-
-    show_memory();
-    randomSeed(analogRead(0));
-    return ret;
-}
-
-/*****************************************************************************/
-/* Arduino setup_datetime()                                                  */
-/*   The device needs to have a valid date within the valid range of certs.  */
-/*****************************************************************************/
-int setup_datetime(void) {
-    int ret = 0;
-    int ntp_tries = 20;
-
-    /* we need a date in the range of cert expiration */
-#ifdef USE_NTP_LIB
-    #if defined(ESP32)
-        NTPClient timeClient(ntpUDP, "pool.ntp.org");
-
-        timeClient.begin();
-        timeClient.update();
-        delay(1000);
-        while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
-            timeClient.forceUpdate();
-            Serial.println(F("Waiting for NTP update"));
-            delay(2000);
-            ntp_tries--;
-        }
-        if (ntp_tries <= 0) {
-            Serial.println(F("Warning: gave up waiting on NTP"));
-        }
-        Serial.println(timeClient.getFormattedTime());
-        Serial.println(timeClient.getEpochTime());
-    #endif
-#endif
-
-#if defined(ESP32)
-    /* see esp32-hal-time.c */
-    ntp_tries = 5;
-    /* Replace "pool.ntp.org" with your preferred NTP server */
-    configTime(0, 0, "pool.ntp.org");
-
-    /* Wait for time to be set */
-    while ((time(nullptr) <= 100000) && ntp_tries > 0) {
-        Serial.println(F("Waiting for time to be set..."));
-        delay(2000);
-        ntp_tries--;
-    }
-#endif
-
-    return ret;
-} /* setup_datetime */
-
-/*****************************************************************************/
-/* Arduino setup_network()                                                   */
-/*****************************************************************************/
-int setup_network(void) {
-    int ret = 0;
-
-#if defined(USING_WIFI)
-    int status = WL_IDLE_STATUS;
-
-    /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
-    #if defined(ESP8266) || defined(ESP32)
-        WiFi.mode(WIFI_STA);
-    #else
-        String fv;
-        if (WiFi.status() == WL_NO_MODULE) {
-            Serial.println("Communication with WiFi module failed!");
-            /* don't continue if no network */
-            while (true) ;
-        }
-
-        fv = WiFi.firmwareVersion();
-        if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
-            Serial.println("Please upgrade the firmware");
-        }
-    #endif
-
-    Serial.print(F("Connecting to WiFi "));
-    Serial.print(ssid);
-    status = WiFi.begin(ssid, password);
-    while (status != WL_CONNECTED) {
-        delay(1000);
-        Serial.print(F("."));
-        Serial.print(status);
-        status = WiFi.status();
-    }
-
-    Serial.println(F(" Connected!"));
-#else
-    /* Newer Ethernet shields have a
-     * MAC address printed on a sticker on the shield */
-    byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
-    IPAddress ip(192, 168, 1, 42);
-    IPAddress myDns(192, 168, 1, 1);
-    Ethernet.init(10); /* Most Arduino shields */
-    /* Ethernet.init(5);   * MKR ETH Shield */
-    /* Ethernet.init(0);   * Teensy 2.0 */
-    /* Ethernet.init(20);  * Teensy++ 2.0 */
-    /* Ethernet.init(15);  * ESP8266 with Adafruit FeatherWing Ethernet */
-    /* Ethernet.init(33);  * ESP32 with Adafruit FeatherWing Ethernet */
-    Serial.println(F("Initialize Ethernet with DHCP:"));
-    if (Ethernet.begin(mac) == 0) {
-        Serial.println(F("Failed to configure Ethernet using DHCP"));
-        /* Check for Ethernet hardware present */
-        if (Ethernet.hardwareStatus() == EthernetNoHardware) {
-            Serial.println(F("Ethernet shield was not found."));
-            while (true) {
-                delay(1); /* do nothing */
-            }
-        }
-        if (Ethernet.linkStatus() == LinkOFF) {
-            Serial.println(F("Ethernet cable is not connected."));
-        }
-        /* try to configure using IP address instead of DHCP : */
-        Ethernet.begin(mac, ip, myDns);
-    }
-    else {
-        Serial.print(F("  DHCP assigned IP "));
-        Serial.println(Ethernet.localIP());
-    }
-    /* We'll assume the Ethernet connection is ready to go. */
-#endif
-
-    Serial.println(F("********************************************************"));
-    Serial.print(F("      wolfSSL Example Server IP = "));
-#if defined(USING_WIFI)
-    Serial.println(WiFi.localIP());
-#else
-    Serial.println(Ethernet.localIP());
-#endif
-    /* In server mode, there's no host definition. */
-    /* See companion example: wolfssl_client.ino */
-    Serial.println(F("********************************************************"));
-    Serial.println(F("Setup network complete."));
-
-    return ret;
-}
-
-/*****************************************************************************/
-/* Arduino setup_wolfssl()                                                   */
-/*****************************************************************************/
-int setup_wolfssl(void) {
-    int ret = 0;
-    WOLFSSL_METHOD* method;
-
-    /* Show a revision of wolfssl user_settings.h file in use when available: */
-#if defined(WOLFSSL_USER_SETTINGS_ID)
-    Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
-    Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
-#else
-    Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
-#endif
-
-#if defined(NO_WOLFSSL_SERVER)
-    Serial.println(F("wolfSSL server code disabled to save space."));
-#endif
-#if defined(NO_WOLFSSL_CLIENT)
-    Serial.println(F("wolfSSL client code disabled to save space."));
-#endif
-
-#if defined(DEBUG_WOLFSSL)
-    wolfSSL_Debugging_ON();
-    Serial.println(F("wolfSSL Debugging is On!"));
-#else
-    Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
-#endif
-
-    /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
-#if defined(NO_SESSION_CACHE)
-    Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
-#elif defined(MICRO_SESSION_CACHEx)
-    Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
-#elif defined(SMALL_SESSION_CACHE)
-    Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
-#elif defined(MEDIUM_SESSION_CACHE)
-    Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
-#elif defined(BIG_SESSION_CACHE)
-    Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
-#elif defined(HUGE_SESSION_CACHE)
-    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
-#elif defined(HUGE_SESSION_CACHE)
-    Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
-#else
-    Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
-    /* See wolfssl/src/ssl.c for amount of memory used.
-     * It is best on embedded devices to choose a TLS session cache size. */
-#endif
-
-    ret = wolfSSL_Init();
-    if (ret == WOLFSSL_SUCCESS) {
-        Serial.println("Successfully called wolfSSL_Init");
-    }
-    else {
-        Serial.println("ERROR: wolfSSL_Init failed");
-    }
-
-    /* See companion server example with wolfSSLv23_server_method here.
-     * method = wolfSSLv23_client_method());   SSL 3.0 - TLS 1.3.
-     * method = wolfTLSv1_2_client_method();   only TLS 1.2
-     * method = wolfTLSv1_3_client_method();   only TLS 1.3
-     *
-     * see Arduino\libraries\wolfssl\src\user_settings.h */
-
-    Serial.println("Here we go!");
-
-    method = wolfSSLv23_server_method();
-    if (method == NULL) {
-        Serial.println(F("unable to get wolfssl server method"));
-        fail_wait();
-    }
-    ctx = wolfSSL_CTX_new(method);
-    if (ctx == NULL) {
-        Serial.println(F("unable to get ctx"));
-        fail_wait();
-    }
-
-    return ret;
-}
-
-/*****************************************************************************/
-/* Arduino setup_certificates()                                              */
-/*****************************************************************************/
-int setup_certificates(void) {
-    int ret = 0;
-
-    Serial.println(F("Initializing certificates..."));
-    show_memory();
-
-    /* Use built-in validation, No verification callback function: */
-    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
-
-    /* Certificate */
-    Serial.println("Initializing certificates...");
-    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
-                                             CTX_SERVER_CERT,
-                                             CTX_SERVER_CERT_SIZE,
-                                             CTX_CA_CERT_TYPE);
-    if (ret == WOLFSSL_SUCCESS) {
-        Serial.print("Success: use certificate: ");
-        Serial.println(xstr(CTX_SERVER_CERT));
-    }
-    else {
-        Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: ");
-        wc_ErrorString(ret, wc_error_message);
-        Serial.println(wc_error_message);
-        fail_wait();
-    }
-
-    /* Setup private server key */
-    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
-                                            CTX_SERVER_KEY,
-                                            CTX_SERVER_KEY_SIZE,
-                                            CTX_SERVER_KEY_TYPE);
-    if (ret == WOLFSSL_SUCCESS) {
-        Serial.print("Success: use private key buffer: ");
-        Serial.println(xstr(CTX_SERVER_KEY));
-    }
-    else {
-        Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ");
-        wc_ErrorString(ret, wc_error_message);
-        Serial.println(wc_error_message);
-        fail_wait();
-    }
-
-    return ret;
-} /* Arduino setup */
-
-/*****************************************************************************/
-/*****************************************************************************/
-/* Arduino setup()                                                           */
-/*****************************************************************************/
-/*****************************************************************************/
-void setup(void) {
-    int i = 0;
-    Serial.begin(SERIAL_BAUD);
-    while (!Serial && (i < 10)) {
-        /* wait for serial port to connect. Needed for native USB port only */
-        delay(1000);
-        i++;
-    }
-
-    Serial.println(F(""));
-    Serial.println(F(""));
-    Serial.println(F("wolfSSL TLS Server Example Startup."));
-
-    /* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
-#if defined(DEBUG_WOLFSSL)
-    wolfSSL_Debugging_ON();
-#endif
-
-    /* Optionally pre-allocate a large block of memory for testing */
-#if defined(MEMORY_STRESS_TEST)
-    Serial.println(F("WARNING: Memory Stress Test Active!"));
-    Serial.print(F("Allocating extra memory: "));
-    Serial.print(MEMORY_STRESS_INITIAL);
-    Serial.println(F(" bytes..."));
-    memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
-    show_memory();
-#endif
-
-    setup_hardware();
-
-    setup_network();
-
-    setup_datetime();
-
-    setup_wolfssl();
-
-    setup_certificates();
-
-    /* Initialize wolfSSL using callback functions. */
-    wolfSSL_SetIOSend(ctx, EthernetSend);
-    wolfSSL_SetIORecv(ctx, EthernetReceive);
-
-#if defined THIS_USER_SETTINGS_VERSION
-    Serial.print(F("This user_settings.h version:"))
-    Serial.println(THIS_USER_SETTINGS_VERSION)
-#endif
-
-    /* Start the server
-     * See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/
-     */
-
-    Serial.println(F("Completed Arduino setup()"));
-
-    server.begin();
-    Serial.println("Begin Server... (waiting for remote client to connect)");
-
-    /* See companion wolfssl_client.ino code */
-    return;
-} /* Arduino setup */
-
-/*****************************************************************************/
-/* wolfSSL error_check()                                                     */
-/*****************************************************************************/
-int error_check(int this_ret, bool halt_on_error,
-                      const __FlashStringHelper* message) {
-    int ret = 0;
-    if (this_ret == WOLFSSL_SUCCESS) {
-        Serial.print(F("Success: "));
-        Serial.println(message);
-    }
-    else {
-        Serial.print(F("ERROR: return = "));
-        Serial.print(this_ret);
-        Serial.print(F(": "));
-        Serial.println(message);
-        Serial.println(wc_GetErrorString(this_ret));
-        if (halt_on_error) {
-            fail_wait();
-        }
-    }
-    show_memory();
-
-    return ret;
-} /* error_check */
-
-/*****************************************************************************/
-/* wolfSSL error_check_ssl                                                   */
-/*   Parameters:                                                             */
-/*     ssl           is the current WOLFSSL object pointer                   */
-/*     halt_on_error set to true to suspend operations for critical error    */
-/*     message       is expected to be a memory-efficient F("") macro string */
-/*****************************************************************************/
-int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
-                           const __FlashStringHelper* message) {
-    int err = 0;
-
-    if (ssl == NULL) {
-        Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
-#ifndef DEBUG_WOLFSSL
-        Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
-#else
-        Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
-#endif
-        Serial.print(F("ERROR: "));
-        Serial.println(message);
-        show_memory();
-        if (halt_on_error) {
-            fail_wait();
-        }
-    }
-    else {
-        err = wolfSSL_get_error(ssl, this_ret);
-        if (err == WOLFSSL_SUCCESS) {
-            Serial.print(F("Success m: "));
-            Serial.println(message);
-        }
-        else {
-            if (err < 0) {
-                wolfSSL_ERR_error_string(err, errBuf);
-                Serial.print(F("WOLFSSL Error: "));
-                Serial.print(err);
-                Serial.print(F("; "));
-                Serial.println(errBuf);
-            }
-            else {
-                Serial.println(F("Success: ssl object."));
-            }
-        }
-    }
-
-    return err;
-}
-
-/*****************************************************************************/
-/*****************************************************************************/
-/* Arduino loop()                                                            */
-/*****************************************************************************/
-/*****************************************************************************/
-void loop() {
-    char errBuf[80]    = "(no error";
-    char reply[80]     = "(no reply)";
-    const char msg[]   = "I hear you fa shizzle!";
-    const char* cipherName;
-    int input          = 0;
-    int replySz        = 0;
-    int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
-    int ret            = 0;
-    IPAddress broadcast_address(255, 255, 255, 255);
-
-    /* Listen for incoming client requests. */
-    client = server.available();
-    if (client)  {
-       Serial.println("Have Client");
-       while (!client.connected()) {
-           /* wait for the client to actually connect */
-           delay(10);
-       }
-        Serial.print("Client connected from remote IP: ");
-        Serial.println(client.remoteIP());
-
-        ssl = wolfSSL_new(ctx);
-        if (ssl == NULL) {
-            Serial.println("Unable to allocate SSL object");
-            fail_wait();
-        }
-
-        ret = wolfSSL_accept(ssl);
-        if (ret != WOLFSSL_SUCCESS) {
-            ret = wolfSSL_get_error(ssl, 0);
-            wolfSSL_ERR_error_string(ret, errBuf);
-            Serial.print("TLS Accept Error: ");
-            Serial.println(errBuf);
-        }
-
-        cipherName = wolfSSL_get_cipher(ssl);
-        Serial.print("SSL cipher suite is ");
-        Serial.println(cipherName);
-
-        Serial.print("Server Read: ");
-        while (!client.available()) {
-            /* wait for data */
-        }
-
-        /* read data */
-        while (wolfSSL_pending(ssl)) {
-            input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
-            if (input < 0) {
-                ret = wolfSSL_get_error(ssl, 0);
-                wolfSSL_ERR_error_string(ret, errBuf);
-                Serial.print("TLS Read Error: ");
-                Serial.println(errBuf);
-                break;
-            }
-            else if (input > 0) {
-                replySz = input;
-                reply[input] = '\0';
-                Serial.print(reply);
-            }
-            else {
-                Serial.println("<end of reply, input == 0>");
-            }
-        }
-
-        /* Write our message into reply buffer to send */
-        memset(reply, 0, sizeof(reply));
-        memcpy(reply, msg, sizeof(msg));
-        replySz = strnlen(reply, sizeof(reply));
-
-        Serial.println("Sending reply...");
-        if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
-            ret = wolfSSL_get_error(ssl, 0);
-            wolfSSL_ERR_error_string(ret, errBuf);
-            Serial.print("TLS Write Error: ");
-            Serial.println(errBuf);
-        }
-        else {
-            Serial.println("Reply sent!");
-        }
-
-        Serial.println("Shutdown!");
-        do {
-            delay(1);
-            retry_shutdown--;
-            ret = wolfSSL_shutdown(ssl);
-        } while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0));
-
-        if (retry_shutdown <= 0) {
-            /* if wolfSSL_free is called before properly shutting down the
-             * ssl object, undesired results may occur. */
-            Serial.println("Warning! Shutdown did not properly complete.");
-        }
-
-        wolfSSL_free(ssl);
-        Serial.println("Connection complete.");
-        if (REPEAT_CONNECTION) {
-            Serial.println();
-            Serial.println("Waiting for next connection.");
-        }
-        else {
-            client.stop();
-            Serial.println("Done!");
-            while (1) {
-                /* wait forever if not repeating */
-                delay(100);
-            }
-        }
-    }
-    else {
-        /* Serial.println("Client not connected. Trying again..."); */
-    }
-
-    delay(100);
-} /* Arduino loop repeats */
diff --git a/IDE/ARDUINO/sketches/wolfssl_version/README.md b/IDE/ARDUINO/sketches/wolfssl_version/README.md
index 3abfe8299..16230049f 100644
--- a/IDE/ARDUINO/sketches/wolfssl_version/README.md
+++ b/IDE/ARDUINO/sketches/wolfssl_version/README.md
@@ -1,3 +1,5 @@
 # Arduino Basic Hello World
 
 This example simply compiles in wolfSSL and shows the current version number.
+
+NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
diff --git a/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino b/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
deleted file mode 100644
index ba34efbb9..000000000
--- a/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
+++ /dev/null
@@ -1,24 +0,0 @@
-#include <Arduino.h>
-#include <wolfssl.h>
-#include <wolfssl/version.h>
-
-/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
-#define SERIAL_BAUD 115200
-
-/* Arduino setup */
-void setup() {
-    Serial.begin(SERIAL_BAUD);
-    while (!Serial) {
-        /* wait for serial port to connect. Needed for native USB port only */
-    }
-    Serial.println(F(""));
-    Serial.println(F(""));
-    Serial.println(F("wolfSSL setup complete!"));
-}
-
-/* Arduino main application loop. */
-void loop() {
-    Serial.print("wolfSSL Version: ");
-    Serial.println(LIBWOLFSSL_VERSION_STRING);
-    delay(60000);
-}
diff --git a/IDE/ARDUINO/wolfssl-arduino.cpp b/IDE/ARDUINO/wolfssl-arduino.cpp
new file mode 100644
index 000000000..3d3c78735
--- /dev/null
+++ b/IDE/ARDUINO/wolfssl-arduino.cpp
@@ -0,0 +1,33 @@
+/* wolfssl-arduino.cpp
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <Arduino.h>
+#include "wolfssl.h"
+
+/* Function to allow wolfcrypt to use Arduino Serial.print for debug messages.
+ * See wolfssl/wolfcrypt/logging.c */
+
+int wolfSSL_Arduino_Serial_Print(const char* const s)
+{
+    /* Reminder: Serial.print is only available in C++ */
+    Serial.println(F(s));
+    return 0;
+};
diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh
index 59fd238df..0b9a3f32d 100755
--- a/IDE/ARDUINO/wolfssl-arduino.sh
+++ b/IDE/ARDUINO/wolfssl-arduino.sh
@@ -20,7 +20,7 @@
 # Reminder there's typically no $USER for GitHub actions, but:
 # ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
 #
-# The company name is "wolfSSL Inc."; There’s a space, no comma, and a period after "Inc."
+# The company name is "wolfSSL Inc."; There's a space, no comma, and a period after "Inc."
 # The Arduino library name is "wolfssl" (all lower case)
 # The Arduino library directory name is "wolfssl" (all lower case)
 # The Arduino library include file is "wolfssl.h" (all lower case)
@@ -70,6 +70,9 @@ if [ "$ROOT_DIR" = "" ]; then
     exit 1
 fi
 
+
+ARDUINO_ROOT="$HOME/Arduino/libraries"
+
 # Check environment
 if [ -n "$WSL_DISTRO_NAME" ]; then
     # we found a non-blank WSL environment distro name
@@ -78,8 +81,6 @@ if [ -n "$WSL_DISTRO_NAME" ]; then
     if echo "$current_path" | grep -Eq "^$pattern"; then
         # if we are in WSL and shared Windows file system, 'ln' does not work.
         ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
-    else
-        ARDUINO_ROOT="$HOME/Arduino/libraries"
     fi
 fi
 echo "The Arduino library root is: $ARDUINO_ROOT"
@@ -106,21 +107,31 @@ if [ $# -gt 0 ]; then
         else
             echo "Installing to $THIS_INSTALL_DIR"
             if [ -d "$THIS_INSTALL_DIR/.git" ];then
-                echo "Target is a GitHub repository."
+                echo "Target is a GitHub root repository."
                 THIS_INSTALL_IS_GITHUB="true"
             else
-                echo "Target is NOT a GitHub repository."
+                echo "Target is NOT a GitHub root directory repository. (e.g. not wolfssl/Arduino-wolfssl)"
             fi
         fi
     else
         echo "Error: not a valid operation: $THIS_OPERATION"
         exit 1
     fi
+else
+    echo "INSTALL parameter not specified. Installing to ROOT_DIR=$ROOT_DIR"
 fi
 
 
 ROOT_SRC_DIR="${ROOT_DIR}/src"
 EXAMPLES_DIR="${ROOT_DIR}/examples"
+
+if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then
+    EXTRA_EXAMPLES_DIR="${WOLFSSL_EXAMPLES_ROOT}/Arduino"
+    echo "EXTRA_EXAMPLES_DIR=$EXTRA_EXAMPLES_DIR"
+else
+    echo "There are additional examples at https://github.com/wolfSSL/wolfssl-examples"
+    echo "Set WOLFSSL_EXAMPLES_ROOT to your local directory to include those examples."
+fi
 WOLFSSL_SRC="${ROOT_SRC_DIR}/src"
 WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl"
 WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt"
@@ -141,8 +152,16 @@ OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl"
 
 WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2)
 if [ "$WOLFSSL_VERSION" = "" ]; then
-    echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
-    exit 1
+    echo "Current user: [$USER]"
+    if [ "$USER" = "" ] || [ "$USER" = "runner" ]; then
+        # Typically when there's no user, it is a GitHub workflow. It is not guaranteed to be "runner"
+        echo "No USER found, no version.h found. Setting Version text to [GitHub] for assumed workflow."
+        WOLFSSL_VERSION="GitHub"
+    else
+        echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
+        echo "Check autogen.sh and configure"
+        exit 1
+    fi
 else
     echo "Found wolfSSL version $WOLFSSL_VERSION"
     echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX"
@@ -235,26 +254,46 @@ if [ "$THIS_DIR" = "ARDUINO" ]; then
     $CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}"                                          || exit 1
 
     # Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src
-    $CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h
+    $CP_CMD ./wolfssl.h           ".${ROOT_SRC_DIR}"/wolfssl.h           || exit 1
+    $CP_CMD ./wolfssl-arduino.cpp ".${ROOT_SRC_DIR}"/wolfssl-arduino.cpp || exit 1
 
+    unset NO_ARDUINO_EXAMPLES
     echo "Copy examples...."
     # Copy examples
     mkdir -p ".${ROOT_SRC_DIR}"/examples
 
-    echo "Copy wolfssl_client example...."
-    mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
-    $CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
-    $CP_CMD ./sketches/wolfssl_client/README.md          ".${EXAMPLES_DIR}"/wolfssl_client/README.md          || exit 1
+    if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then
+        echo "Copy template example...."
+        mkdir -p ".${EXAMPLES_DIR}"/template/wolfssl_library/src
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/template.ino                             ".${EXAMPLES_DIR}"/template/template.ino                             || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/README.md                                ".${EXAMPLES_DIR}"/template/README.md                                || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_helper.c                         ".${EXAMPLES_DIR}"/template/wolfssl_helper.c                         || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_helper.h                         ".${EXAMPLES_DIR}"/template/wolfssl_helper.h                         || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_library/wolfssl_library.h        ".${EXAMPLES_DIR}"/template/wolfssl_library/wolfssl_library.h        || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_library/src/wolfssl_library.cpp  ".${EXAMPLES_DIR}"/template/wolfssl_library/src/wolfssl_library.cpp  || exit 1
 
-    echo "Copy wolfssl_server example...."
-    mkdir -p .${EXAMPLES_DIR}/wolfssl_server
-    $CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
-    $CP_CMD ./sketches/wolfssl_server/README.md          ".${EXAMPLES_DIR}"/wolfssl_server/README.md          || exit 1
+        echo "Copy wolfssl_AES_CTR example...."
+        mkdir -p ".${EXAMPLES_DIR}"/wolfssl_AES_CTR
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/wolfssl_AES_CTR.ino ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/wolfssl_AES_CTR.ino || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/README.md           ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/README.md           || exit 1
 
-    echo "Copy wolfssl_server example...."
-    mkdir -p .${EXAMPLES_DIR}/wolfssl_version
-    $CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
-    $CP_CMD ./sketches/wolfssl_version/README.md           ".${EXAMPLES_DIR}"/wolfssl_version/README.md           || exit 1
+        echo "Copy wolfssl_client example...."
+        mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/wolfssl_client.ino   ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino   || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/README.md            ".${EXAMPLES_DIR}"/wolfssl_client/README.md            || exit 1
+
+        echo "Copy wolfssl_server example...."
+        mkdir -p .${EXAMPLES_DIR}/wolfssl_server
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/wolfssl_server.ino   ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino   || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/README.md            ".${EXAMPLES_DIR}"/wolfssl_server/README.md            || exit 1
+
+        echo "Copy wolfssl_version example...."
+        mkdir -p .${EXAMPLES_DIR}/wolfssl_version
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/README.md           ".${EXAMPLES_DIR}"/wolfssl_version/README.md           || exit 1
+    else
+        NO_ARDUINO_EXAMPLES=1
+    fi
 else
     echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
     exit 1
@@ -273,6 +312,8 @@ fi
 # as an Arduino-specific README.md file.
 VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}"
 ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}"
+
+# This is the SOURCE to prepend. Note the OUTPUT is PREPENDED_README.md later copied to README.md
 PREPEND_FILE="Arduino_README_prepend.md"
 PROPERTIES_FILE_TEMPLATE="library.properties.template"
 sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp"
@@ -325,12 +366,24 @@ if [ "$THIS_OPERATION" = "INSTALL" ]; then
         echo "Removing workspace library directory: .$ROOT_DIR"
         rm -rf ".$ROOT_DIR"
     else
-        echo "Installing to local directory:"
-        echo "mv .$ROOT_DIR $ARDUINO_ROOT"
-        mv  ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
 
-        echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
+        echo "Installing to local directory:"
+        if [ "$THIS_INSTALL_DIR" = "" ]; then
+            echo "mv .$ROOT_DIR $ARDUINO_ROOT"
+            mv  ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
+
+            echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
+        else
+            echo "cp -r .\"$ROOT_DIR\"/* \"$THIS_INSTALL_DIR\""
+            mkdir -p "$THIS_INSTALL_DIR" || exit 1
+            cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
+        fi
     fi
 fi
 
+if [ -n "$NO_ARDUINO_EXAMPLES" ]; then
+    echo ""
+    echo "WARNING: No examples copied. Set WOLFSSL_EXAMPLES_ROOT as appropriate."
+    echo ""
+fi
 echo "Done!"
diff --git a/IDE/ARDUINO/wolfssl.h b/IDE/ARDUINO/wolfssl.h
index 46ef50d3e..8b29806b6 100644
--- a/IDE/ARDUINO/wolfssl.h
+++ b/IDE/ARDUINO/wolfssl.h
@@ -1,6 +1,6 @@
 /* wolfssl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,18 +22,28 @@
 /* Edit with caution. This is an Arduino-library specific header for wolfSSL */
 
 #ifndef WOLFSSL_USER_SETTINGS
+    /* Should already be defined in settings.h for #if defined(ARDUINO) */
     #define WOLFSSL_USER_SETTINGS
 #endif
 
 #include <Arduino.h>
 
-/* wolfSSL user_settings.h must be included from settings.h */
+/* wolfSSL user_settings.h must be included from settings.h
+ * Make all configurations changes in user_settings.h
+ * Do not edit wolfSSL `settings.h` or `config.h` files.
+ * Do not explicitly include user_settings.h in any source code.
+ * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
+ * C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
+ * The wolfSSL "settings.h" must be included in each source file using wolfSSL.
+ * The wolfSSL "settings.h" must be listed before any other wolfSSL include.
+ */
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
 
-int wolfSSL_Arduino_Serial_Print(const char *const s)
-{
-    /* See wolfssl/wolfcrypt/logging.c */
-    Serial.println(F(s));
-    return 0;
-};
+#ifndef WOLFSSL_ARDUINO_H
+#define WOLFSSL_ARDUINO_H
+
+/* Declare a helper function to be used in wolfssl/wolfcrypt/logging.c */
+int wolfSSL_Arduino_Serial_Print(const char* const s);
+
+#endif /* WOLFSSL_ARDUINO_H */
diff --git a/IDE/AURIX/Cpu0_Main.c b/IDE/AURIX/Cpu0_Main.c
index 687511c68..9af27eccd 100644
--- a/IDE/AURIX/Cpu0_Main.c
+++ b/IDE/AURIX/Cpu0_Main.c
@@ -1,6 +1,6 @@
 /* Cpu0_Main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -63,7 +63,7 @@ int fputc(int ch, FILE *f)
     if (ch == (int)'\n') {
         int chcr = (int)'\r';
         count = 1;
-        IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);    
+        IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
     }
     count = 1;
     IfxAsclin_Asc_write(&g_asc, &ch, &count, TIME_INFINITE);
diff --git a/IDE/AURIX/README.md b/IDE/AURIX/README.md
index 11f884db3..fdcb171d5 100644
--- a/IDE/AURIX/README.md
+++ b/IDE/AURIX/README.md
@@ -9,7 +9,7 @@ Tested Platform:
 
 ## Running wolfCrypt on TriCore
 
-1) Add the wolfSSL source and headers to `Libraries/wolfssl`. 
+1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
   - Only the following folders are required: `src`, `wolfcrypt` and `wolfssl`.
   - See script to help with producing bundle here: https://github.com/wolfSSL/wolfssl/blob/master/scripts/makedistsmall.sh
 2) Add `WOLFSSL_USER_SETTINGS` to the Preprocessing symbols list. C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Preprocessing.
diff --git a/IDE/AURIX/user_settings.h b/IDE/AURIX/user_settings.h
index d041a9986..1b484e751 100644
--- a/IDE/AURIX/user_settings.h
+++ b/IDE/AURIX/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/AURIX/wolf_main.c b/IDE/AURIX/wolf_main.c
index f88140339..994ff5cca 100644
--- a/IDE/AURIX/wolf_main.c
+++ b/IDE/AURIX/wolf_main.c
@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/CRYPTOCELL/main.c b/IDE/CRYPTOCELL/main.c
index 8cd8a2028..b4115b07e 100644
--- a/IDE/CRYPTOCELL/main.c
+++ b/IDE/CRYPTOCELL/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,8 +18,8 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-
-
+
+
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfcrypt/test/test.h>
 #include <wolfcrypt/benchmark/benchmark.h>
@@ -63,4 +63,3 @@ int main(void)
 
     return 0;
 }
-
diff --git a/IDE/CRYPTOCELL/user_settings.h b/IDE/CRYPTOCELL/user_settings.h
index b6ffe4c78..e48dc1977 100644
--- a/IDE/CRYPTOCELL/user_settings.h
+++ b/IDE/CRYPTOCELL/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/DEOS/deos_malloc.c b/IDE/ECLIPSE/DEOS/deos_malloc.c
index 9dcc7a473..925e1d8d0 100644
--- a/IDE/ECLIPSE/DEOS/deos_malloc.c
+++ b/IDE/ECLIPSE/DEOS/deos_malloc.c
@@ -1,6 +1,6 @@
 /* deos_malloc.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/DEOS/tls_wolfssl.c b/IDE/ECLIPSE/DEOS/tls_wolfssl.c
index d74cc436e..d433307e3 100644
--- a/IDE/ECLIPSE/DEOS/tls_wolfssl.c
+++ b/IDE/ECLIPSE/DEOS/tls_wolfssl.c
@@ -1,6 +1,6 @@
 /* tls_wolfssl.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/DEOS/tls_wolfssl.h b/IDE/ECLIPSE/DEOS/tls_wolfssl.h
index 427eef638..f135d9cb1 100644
--- a/IDE/ECLIPSE/DEOS/tls_wolfssl.h
+++ b/IDE/ECLIPSE/DEOS/tls_wolfssl.h
@@ -1,6 +1,6 @@
 /* tls_wolfssl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/DEOS/user_settings.h b/IDE/ECLIPSE/DEOS/user_settings.h
index 16dc09ee7..0cfd0681b 100644
--- a/IDE/ECLIPSE/DEOS/user_settings.h
+++ b/IDE/ECLIPSE/DEOS/user_settings.h
@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/client_wolfssl.c b/IDE/ECLIPSE/MICRIUM/client_wolfssl.c
index 2c9b29641..43bfa1b50 100644
--- a/IDE/ECLIPSE/MICRIUM/client_wolfssl.c
+++ b/IDE/ECLIPSE/MICRIUM/client_wolfssl.c
@@ -1,6 +1,6 @@
 /* client_wolfssl.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/client_wolfssl.h b/IDE/ECLIPSE/MICRIUM/client_wolfssl.h
index edf6559f8..1c4ed730b 100644
--- a/IDE/ECLIPSE/MICRIUM/client_wolfssl.h
+++ b/IDE/ECLIPSE/MICRIUM/client_wolfssl.h
@@ -1,6 +1,6 @@
 /* client_wolfssl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/server_wolfssl.c b/IDE/ECLIPSE/MICRIUM/server_wolfssl.c
index e31f4ca61..41118df66 100644
--- a/IDE/ECLIPSE/MICRIUM/server_wolfssl.c
+++ b/IDE/ECLIPSE/MICRIUM/server_wolfssl.c
@@ -1,6 +1,6 @@
 /* server_wolfssl.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/server_wolfssl.h b/IDE/ECLIPSE/MICRIUM/server_wolfssl.h
index b94e1fe6e..fb7a8c005 100644
--- a/IDE/ECLIPSE/MICRIUM/server_wolfssl.h
+++ b/IDE/ECLIPSE/MICRIUM/server_wolfssl.h
@@ -1,6 +1,6 @@
 /* server_wolfssl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/user_settings.h b/IDE/ECLIPSE/MICRIUM/user_settings.h
index 27f8e08e2..2765c5d78 100644
--- a/IDE/ECLIPSE/MICRIUM/user_settings.h
+++ b/IDE/ECLIPSE/MICRIUM/user_settings.h
@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c b/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
index e7553c3d7..ec5d3ae1b 100644
--- a/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
+++ b/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
@@ -1,6 +1,6 @@
 /* wolfsslRunTests.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/RTTHREAD/user_settings.h b/IDE/ECLIPSE/RTTHREAD/user_settings.h
index 5e5ec18b4..0c21310f7 100644
--- a/IDE/ECLIPSE/RTTHREAD/user_settings.h
+++ b/IDE/ECLIPSE/RTTHREAD/user_settings.h
@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c b/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
index 511801209..00bc99972 100644
--- a/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
+++ b/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
@@ -1,6 +1,6 @@
 /* wolfsslRunTests.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ECLIPSE/SIFIVE/README.md b/IDE/ECLIPSE/SIFIVE/README.md
index 030e14049..206793e9c 100644
--- a/IDE/ECLIPSE/SIFIVE/README.md
+++ b/IDE/ECLIPSE/SIFIVE/README.md
@@ -1 +1 @@
-This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.
\ No newline at end of file
+This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.
diff --git a/IDE/Espressif/ESP-IDF/README.md b/IDE/Espressif/ESP-IDF/README.md
index 2075bde35..01a860fd9 100644
--- a/IDE/Espressif/ESP-IDF/README.md
+++ b/IDE/Espressif/ESP-IDF/README.md
@@ -1,11 +1,12 @@
 # ESP-IDF Port
 
-These Espressif examples have been created and tested with the latest stable release branch of 
-[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html).
-The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
-Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
+These Espressif examples have been created and tested with the latest stable release branch of
+ESP-IDF v5.2, v5.3 and the master branch
 
-See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
+The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
+Espressif has [a list of all ESP-IDF versions](Espressifversions.html).
+
+See the latest Espressif Migration Guides.
 
 ## Examples
 
@@ -34,7 +35,7 @@ looks for the wolfSSL `user_settings.h` in the project as described below.
 ### File: `sdkconfig.h`
 
 The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig`
-file at [build](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html)
+file at [build](Espressif api-guides/build-system.html)
 time, should be included before any other files.
 
 ### File: `user_settings.h`
@@ -101,7 +102,7 @@ of your source code, particularly before the `#include <wolfssl/wolfcrypt/settin
 
 ## Requirements
 
- 1. [ESP-IDF development framework](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/)
+ 1. [ESP-IDF development framework](https://github.com/espressif/esp-idf)
 
 ## wolfSSL as an Espressif component
 
@@ -113,7 +114,7 @@ There are various methods available for using wolfSSL as a component:
 
 ## Espressif Managed Components
 
-Visit https://components.espressif.com/components/wolfssl/wolfssl and see the instructions. Typically:
+Visit https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ and see the instructions. Typically:
 
 ```
 idf.py add-dependency "wolfssl/wolfssl^5.6.0-stable"
@@ -140,10 +141,18 @@ See the specific examples for additional details.
 
 This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
 
- 1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree  
+ 1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
  2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
  3. Find [Example Programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
 
+
+```
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+. $WRK_IDF_PATH/export.sh
+
+./setup.sh
+```
+
 ## Setup for Windows
 
 This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
@@ -169,7 +178,7 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
 
 ## Configuration
 
- 1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`. 
+ 1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`.
 
 ## Configuration (Legacy IDF install)
 
@@ -183,13 +192,13 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
 
  For question please email [support@wolfssl.com]
 
- Note: This is tested with :  
+ Note: This is tested with :
    - OS: Ubuntu 20.04.3 LTS
    - Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715
    - Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777)
    - WSL 1 Ubuntu 22.04.3 LTS
-   - ESP-IDF: ESP-IDF v5.1
-   - SoC Module : all those supported in ESP-IDF v5.1
+   - ESP-IDF: ESP-IDF v5.2
+   - SoC Module : all those supported in ESP-IDF v5.2
 
 ## JTAG Debugging Notes
 
@@ -226,3 +235,15 @@ ftdi layout_signal nSRST -data 0x0020
 reset_config srst_push_pull trst_push_pull
 
 ```
+
+## Windows long paths
+
+Check "Long Paths Enabled" in Windows registry.
+
+Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1.
+
+The operation requires Administrator privileges. Command:
+
+```powershell
+powershell -Command "&{ Start-Process -FilePath reg 'ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /f' -Verb runAs}"
+```
diff --git a/IDE/Espressif/ESP-IDF/README_32se.md b/IDE/Espressif/ESP-IDF/README_32se.md
index af440a8b5..438723c6b 100644
--- a/IDE/Espressif/ESP-IDF/README_32se.md
+++ b/IDE/Espressif/ESP-IDF/README_32se.md
@@ -10,7 +10,7 @@ Including the following examples:
  The `user_settings.h` file enables some of the hardened settings.
 
 ## Requirements
-1. ESP-IDF development framework: https://docs.espressif.com/projects/esp-idf/en/latest/get-started/
+1. ESP-IDF development framework: https://github.com/espressif/esp-idf
 
 2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib
 
diff --git a/IDE/Espressif/ESP-IDF/dummy_config_h b/IDE/Espressif/ESP-IDF/dummy_config_h
index 258ffd3f3..11b204c67 100644
--- a/IDE/Espressif/ESP-IDF/dummy_config_h
+++ b/IDE/Espressif/ESP-IDF/dummy_config_h
@@ -1,6 +1,6 @@
 /* config.h - dummy
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Espressif/ESP-IDF/dummy_test_paths.h b/IDE/Espressif/ESP-IDF/dummy_test_paths.h
index 38e912407..517826434 100644
--- a/IDE/Espressif/ESP-IDF/dummy_test_paths.h
+++ b/IDE/Espressif/ESP-IDF/dummy_test_paths.h
@@ -1,6 +1,6 @@
 /* wolfcrypt/test/test_paths.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Espressif/ESP-IDF/examples/README.md b/IDE/Espressif/ESP-IDF/examples/README.md
index 1cd6696f7..a25289432 100644
--- a/IDE/Espressif/ESP-IDF/examples/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/README.md
@@ -12,7 +12,7 @@ These are the core examples for wolfSSL:
 
 - [TLS Client](./wolfssl_client/README.md). See also [CLI Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client) and [more TLS examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/tls).
 
-- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server) 
+- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server)
 
 ## Other Espressif wolfSSL Examples
 
@@ -44,7 +44,7 @@ TLS1.3 Linux Client to Linux Server: `TLS_AES_128_GCM_SHA256` (default)
 ./examples/client/client -v 4 -h 127.0.0.1 -p 11111 -A ./certs/ca-cert.pem
 ```
 
-TLS1.2 Linux Server 
+TLS1.2 Linux Server
 ```
 ./examples/server/server -v 3 -b -d -p 11111 -c ./certs/server-cert.pem -k ./certs/server-key.pem
 ```
@@ -71,14 +71,14 @@ There's an additional example that uses wolfSSL installed as a component to the
 
 ## Installing wolfSSL for Espressif projects
 
-[Core examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) 
-have a local `components/wolfssl` directory with a special CMakeFile.txt that does not require 
+[Core examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+have a local `components/wolfssl` directory with a special CMakeFile.txt that does not require
 wolfSSL to be installed.
 
-If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux) 
+If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux)
 and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux).
 
-The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl)
+The [Espressif Managed Component for wolfSSL](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/)
 also installs source code locally, instead of pointing to a source repository.
 
 ## VisualGDB
@@ -114,7 +114,4 @@ It may be helpful to also delete the `sdkconfig` file. (Save a backup if you've
 
 - esp32.com: [GPIO6,GPIO7,GPIO8,and GPIO9 changed for ESP32-WROOM-32E](https://esp32.com/viewtopic.php?t=29058)
 
-See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf).
-
-
-
+See also the `ESP-FAQ Handbook`.
diff --git a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
index 649a73663..61110a150 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
@@ -1,10 +1,19 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
+message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
+
 cmake_minimum_required(VERSION 3.16)
 
+# Optional no watchdog typically used for test & benchmark
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 #
@@ -22,34 +31,63 @@ cmake_minimum_required(VERSION 3.16)
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
+
+if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+else()
+    message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
+    else()
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
+else()
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
+endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
+
 # Check that there are not conflicting wolfSSL components
 # The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
 # The local component wolfSSL directory will be in ./components/wolfssl
+message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
     # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
     # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -64,10 +102,47 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
     message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
                         "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
                         "or rename the idf_component.yml file typically found in ./main/")
-else()
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    # A standard project component (not a Managed Component)
     message(STATUS "No conflicting wolfSSL components found.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+    # The official Managed Component called wolfssl from the wolfssl user.
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
+    # There is a known gojimmypi staging component available for anyone:
+    message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+    # Other users with permissions might publish their own mywolfssl staging Managed Component
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+else()
+    message(STATUS "WARNING: wolfssl component directory not found.")
+endif()
+
+# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
+# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
+
+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
+
+if(0)
+    message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
+    # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+    set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+    if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+        message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+        set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+    else()
+        message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    endif()
+    message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
 endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 project(wolfssl_template)
+message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/template/Makefile b/IDE/Espressif/ESP-IDF/examples/template/Makefile
new file mode 100644
index 000000000..e2b2e18e1
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/Makefile
@@ -0,0 +1,14 @@
+#
+# This is a project Makefile. It is assumed the directory this Makefile resides in is a
+# project subdirectory.
+#
+
+CFLAGS += -DWOLFSSL_USER_SETTINGS
+
+# Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
+# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
+CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1
+
+PROJECT_NAME := wolfssl_template
+
+include $(IDF_PATH)/make/project.mk
diff --git a/IDE/Espressif/ESP-IDF/examples/template/README.md b/IDE/Espressif/ESP-IDF/examples/template/README.md
index 274e22dea..9e82e7280 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/template/README.md
@@ -7,11 +7,11 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ### Prerequisites
 
-It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/) has been installed.
+It is assumed the [ESP-IDF environment](Espressifget-started/) has been installed.
 
 ### Files Included
 
-- [main.c](./main/main.c) with a simple call to an Espressif library (`ESP_LOGI`) and a call to a wolfSSL library (`esp_ShowExtendedSystemInfo`) . 
+- [main.c](./main/main.c) with a simple call to an Espressif library (`ESP_LOGI`) and a call to a wolfSSL library (`esp_ShowExtendedSystemInfo`) .
 
 - See [components/wolfssl/include](./components/wolfssl/include/user_settings.h) directory to edit the wolfSSL `user_settings.h`.
 
@@ -19,7 +19,7 @@ It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-
 
 - The [components/wolfssl/CMakeLists.txt](./components/wolfssl/CMakeLists.txt) typically does not need to be changed.
 
-- Optional [VisualGDB Project](./VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj) for Visual Studio using ESP32 and ESP-IDF v5.1.
+- Optional [VisualGDB Project](./VisualGDB/README.md) for Visual Studio using ESP32 and ESP-IDF v5.2. See also [template](../template/VisualGDB/README.md) for other devices.
 
 - Edit the project [CMakeLists.txt](./CMakeLists.txt) to optionally point this project's wolfSSL component source code at a different directory:
 
@@ -30,12 +30,12 @@ set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
 
 ## Getting Started:
 
-Here's an example using the command-line [idf.py](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-py.html).
+Here's an example using the command-line [idf.py](Espressifapi-guides/tools/idf-py.html).
 
 Edit your `WRK_IDF_PATH`to point to your ESP-IDF install directory.
 
 ```
-WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
 
 echo "Run export.sh from ${WRK_IDF_PATH}"
 . ${WRK_IDF_PATH}/export.sh
@@ -53,7 +53,7 @@ idf.py flash -p /dev/ttyS19 -b 115200
 idf.py flash -p /dev/ttyS19 -b 115200 monitor
 ```
 
-Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-monitor.html).
+Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](Espressifapi-guides/tools/idf-monitor.html).
 
 ## Other Examples:
 
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
index 18e513b98..cc7ef0d47 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -19,18 +19,148 @@
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
-set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
 
-# find the user name to search for possible "wolfssl-username"
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
+# The scope of this CMAKE_C_FLAGS is just this component:
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(CMAKE_CURRENT_SOURCE_DIR ".")
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message(STATUS "Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message(STATUS "Detected UNIX")
+    endif()
+    if(APPLE)
+        message(STATUS "Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message(STATUS "Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message(STATUS "Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message(STATUS "Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -51,6 +181,25 @@ else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
 
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
+
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -68,7 +217,8 @@ endif()
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -76,27 +226,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
 endfunction()
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            else()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
             set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
             return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -114,16 +308,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
         endif()
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
             endif()
         endif()
@@ -143,7 +368,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
         endif()
     endwhile()
@@ -154,17 +380,64 @@ endfunction()
 
 
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
 
+# Optional variable inspection
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
+
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_ESP_TLS        "esp-tls")
+    set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
+endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          # esp_timer
-                                          # driver # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -173,48 +446,99 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
-
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
-
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -237,11 +561,12 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
@@ -291,6 +616,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -347,7 +673,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -360,13 +688,14 @@ else()
             message(STATUS "Could not find RTOS path")
         endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
         # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
         "${THIS_IDF_PATH}/components/esp_event/include"
@@ -374,7 +703,7 @@ else()
         "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
@@ -383,7 +712,7 @@ else()
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
 
 
-
+    # Some files are known to be included elsewhere, or not used for Espressif
     set(COMPONENT_SRCEXCLUDE
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -399,6 +728,8 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -409,6 +740,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -430,22 +762,144 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
-                           )
-    # some optional diagnostics
-    if (1)
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
@@ -453,6 +907,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -498,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
         message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -506,33 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
new file mode 100644
index 000000000..150913190
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk
new file mode 100644
index 000000000..f94bd617d
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk
@@ -0,0 +1,306 @@
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+$(info ***********  wolfssl component ************)
+
+#
+# Component Makefile
+#
+#
+# The Espressif Managed Components are only for newer versions of the ESP-IDF
+# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
+#     https://components.espressif.com/
+#
+# Usage:
+#
+#   make flash
+#
+#   make flash ESPPORT=/dev/ttyS55
+#
+#   make flash ESPBAUD=9600
+#
+#   make monitor ESPPORT=COM1
+#
+#   make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
+#
+#   export ESPPORT=/dev/ttyS55
+#
+# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
+#
+
+# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
+# define it here:
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
+
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here (the location of of this component.mk):
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
+
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
+# located HERE in THIS project, and *not* in the wolfSSL root.
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
+# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
+
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
+
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
+
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
+
+##
+## wolfSSL
+##
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
+# COMPONENT_OBJS += src/ssl_asn1.o
+# COMPONENT_OBJS += src/ssl_bn.o
+# COMPONENT_OBJS += src/ssl_certman.o
+# COMPONENT_OBJS += src/ssl_crypto.o
+# COMPONENT_OBJS += src/ssl_misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
+
+##
+## wolfcrypt
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
+
+##
+## Espressif
+##
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+
+##
+## wolfcrypt benchmark  (optional)
+##
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
+
+##
+## wolfcrypt test (optional)
+##
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
+
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
index 1a13d10fe..8da276d1e 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,19 +18,57 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
+
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
 
 /* This user_settings.h is for Espressif ESP-IDF
  *
  * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
  *
- * Do not include any wolfssl headers here
+ * Do not include any wolfssl headers here.
  *
  * When editing this file:
- * ensure wolfssl_test and wolfssl_benchmark settings match.
+ * ensure all examples match. The template example is the reference.
  */
 
-/* The Espressif project config file. See also sdkconfig.defaults */
-#include "sdkconfig.h"
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
 
 /* The Espressif sdkconfig will have chipset info.
 **
@@ -46,33 +84,264 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
-/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
-#define NO_ESP_SDK_WIFI
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
 
 /* Experimental Kyber */
-#if 0
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
     /* Kyber typically needs a minimum 10K stack */
     #define WOLFSSL_EXPERIMENTAL_SETTINGS
-    #define WOLFSSL_HAVE_KYBER
-    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_HAVE_MLKEM
+    #define WOLFSSL_WC_MLKEM
     #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
 #endif
 
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
 /*
  * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
+ * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
 /* See below for chipset detection from sdkconfig.h */
 
 /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
-/* #define SINGLE_THREADED */
+#define SINGLE_THREADED
 
-/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
  * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
  * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
@@ -92,9 +361,6 @@
 /* RSA_LOW_MEM: Half as much memory but twice as slow. */
 #define RSA_LOW_MEM
 
-
-
-
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
 /* #define WOLFSSL_NOSHA512_256 */
@@ -109,14 +375,43 @@
 #define BENCH_EMBEDDED
 
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -133,29 +428,64 @@
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
-
-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
-
- /* ED25519 requires SHA512 */
-#define HAVE_ED25519
-
 /* Some features not enabled for ESP8266: */
 #if defined(CONFIG_IDF_TARGET_ESP8266) || \
     defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
     /* TODO determine low memory configuration for ECC. */
 #else
-    #define HAVE_ECC
-    #define HAVE_CURVE25519
-    #define CURVE25519_SMALL
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
+
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
+
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
 #endif
 
-#define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
 
-/* Optional OPENSSL compatibility */
-#define OPENSSL_EXTRA
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
 
 /* #Optional HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
@@ -198,8 +528,11 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x349F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
 /* hash limit for test.c */
 #define HASH_SIZE_LIMIT
@@ -208,7 +541,7 @@
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
 /* #define WOLFSSL_SP_RISCV32    */
@@ -217,6 +550,14 @@
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
 
 #define WOLFSSL_SMALL_STACK
 
@@ -224,18 +565,32 @@
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
 
-#define WOLFSSL_CERT_TEXT
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -255,10 +610,62 @@
 --enable-asn-template
 */
 
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
 /* Chipset detection from sdkconfig.h
  * Default is HW enabled unless turned off.
  * Uncomment lines to force SW instead of HW acceleration */
-#if defined(CONFIG_IDF_TARGET_ESP32)
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     #define WOLFSSL_ESP32
     /*  Alternatively, if there's an ECC Secure Element present: */
     /* #define WOLFSSL_ESPWROOM32SE */
@@ -380,12 +787,16 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -397,7 +808,7 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -435,18 +846,33 @@
 /* Debug options:
 See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
 
 See wolfcrypt/benchmark/benchmark.c for debug and other settings:
 
@@ -458,7 +884,8 @@ Turn on timer debugging (used when CPU cycles not available)
 */
 
 /* Pause in a loop rather than exit. */
-#define WOLFSSL_ESPIDF_ERROR_PAUSE
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
 
 #define WOLFSSL_HW_METRICS
 
@@ -507,6 +934,12 @@ Turn on timer debugging (used when CPU cycles not available)
  * There are various certificate examples in this header file:
  * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
  *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
  * To use the sets of macros below, define *one* of these:
  *
  *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
@@ -584,6 +1017,7 @@ Turn on timer debugging (used when CPU cycles not available)
     #define WOLFSSL_BASE16
 #else
     #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
         /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_2048
@@ -605,6 +1039,7 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
     #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
         /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_1024
@@ -629,3 +1064,34 @@ Turn on timer debugging (used when CPU cycles not available)
         #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
index a038d035b..6a3deddc4 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
@@ -1,35 +1,43 @@
 # wolfSSL Espressif Example Project/main CMakeLists.txt
-#   v1.0
+#   v1.2
 #
 # wolfssl template
 #
+message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
+
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 set (git_cmd "git")
 
@@ -43,10 +51,22 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 endif()
 
+# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
+if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
+    message(STATUS "WARNING: Using a staging instance of wolfssl.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
+else()
+    message(STATUS "Using release wolfssl component.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
+endif()
+
 ## register_component()
 idf_component_register(SRCS main.c
                        INCLUDE_DIRS "."
-                                    "./include")
+                            "./include"
+                       PRIV_REQUIRES "${THIS_PRIV_REQUIRES_DRIVER}"
+                                     "${MAIN_WOLFSSL_COMPONENT_NAME}"
+                       )
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -76,15 +96,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
+        message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
         set(${VAR_OUPUT} "Unknown")
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
+# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
     # LIBWOLFSSL_VERSION_GIT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -100,3 +129,4 @@ endif()
 
 message(STATUS "")
 
+message(STATUS "End wolfSSL main CMakeLists.txt")
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
new file mode 100644
index 000000000..06cc01df8
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
@@ -0,0 +1,112 @@
+# Kconfig main
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for wolfssl_template
+
+menu "Example wolfSSL Configuration"
+
+choice WOLFSSL_EXAMPLE_CHOOSE
+    prompt "Choose Example (See wolfssl/include/user_settings.h)"
+    default WOLFSSL_EXAMPLE_NAME_NONE
+    help
+        The user settings file can be adjusted to specific wolfSSL examples.
+
+    config WOLFSSL_EXAMPLE_NAME_TEMPLATE
+        bool "wolfSSL Template"
+        help
+            The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
+
+    config WOLFSSL_EXAMPLE_NAME_TEST
+        bool "wolfSSL Test"
+        help
+            This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
+
+    config WOLFSSL_EXAMPLE_NAME_BENCHMARK
+        bool "wolfSSL Benchmark"
+        help
+            Benchmark performance app. See also cryptographic test.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+        bool "TLS Client"
+        help
+            TLS Client Example app. Needs WiFi and a listening server on port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+        bool "TLS Server"
+        help
+            TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+        bool "SSH Template App"
+        help
+            Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+        bool "SSH to UART Server for the ESP32"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+        bool "SSH to UART Server for the ESP8266"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+        bool "MQTT Template"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+        bool "MQTT AWS IoT"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+        bool "TPM Test Example for the ESP32"
+        help
+            See wolfSSL/wolfTPM on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_NONE
+        bool "Other"
+        help
+            A specific example app is not defined.
+
+endchoice
+
+config WOLFSSL_TARGET_HOST
+    string "Target host"
+    default "127.0.0.1"
+    help
+        host address for the example to connect
+
+config WOLFSSL_TARGET_PORT
+    int "Target port"
+    default 11111
+    help
+        host port for the example to connect
+
+endmenu
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/component.mk b/IDE/Espressif/ESP-IDF/examples/template/main/component.mk
new file mode 100644
index 000000000..08f8fbe9b
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/component.mk
@@ -0,0 +1,23 @@
+#
+# Main component makefile.
+#
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
+# in the build directory. This behavior is entirely configurable,
+# please read the ESP-IDF documents if you need to do this.
+#
+# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)
+
+# We'll add the explicit lines only for old SDK requirements (e.h. ESP8266)
+
+ifeq ("$(VISUALGDB_DIR)","")
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL) )
+else
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL) )
+    COMPONENT_SRCDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS += include
+
+    # Ensure main.c gets compiled
+    COMPONENT_OBJS := main.o
+endif
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
index 94d913235..04a7e7f26 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
@@ -1,6 +1,6 @@
 /* template main.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,7 +18,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #ifndef _MAIN_H_
 #define _MAIN_H_
 
+void app_main(void);
+
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/main.c b/IDE/Espressif/ESP-IDF/examples/template/main/main.c
index f2f69bcb2..35826643d 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/template/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -50,6 +50,11 @@ void app_main(void)
 #ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
     int ret = 0;
 #endif
+
+#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
+#endif
+
     ESP_LOGI(TAG, "Hello wolfSSL!");
 
 #ifdef HAVE_VERSION_EXTENDED_INFO
diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
index 88f1e113e..2a93afe05 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
@@ -1,25 +1,155 @@
+# Set the known example app config to template example (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y
+
+# CONFIG_EXAMPLE_WIFI_SSID="myssid"
+# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+# sdkconfig.defaults for ESP8266 + ESP32
+# See separate sdkconfig.defaults.esp8266
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
-# Default main stack size
+# Default main stack size. See user_settings.h
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
 #
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
 CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
 
-# Legacy stack size for older ESP-IDF versions
+# Legacy stack size name for older ESP-IDF versions
 CONFIG_MAIN_TASK_STACK_SIZE=10500
 
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
+#
+# Watchdog Timers
+#
+# We don't want to have the watchdog timeout during tests & benchmarks
+#
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+# CONFIG_ESP_TLS_USING_WOLFSSL=y
+# CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000
+
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
+
 #
 # Compiler options
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
 
 #
 # Partition Table
diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
index 8c66ae269..17437542e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
@@ -1,11 +1,19 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
+message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
+
 cmake_minimum_required(VERSION 3.16)
 
-add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
+# Optional no watchdog typically used for test & benchmark
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 #
@@ -20,22 +28,121 @@ add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
 #   Linux:  ~/workspace
 # Windows:  C:\workspace
 #
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message(STATUS "Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message(STATUS "Detected UNIX")
+endif()
+if(APPLE)
+    message(STATUS "Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message(STATUS "Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message(STATUS "Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message(STATUS "Detected Apple")
+endif()
+# End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
-# Optionally specify a location for wolfSSL component source code
-# set(WOLFSSL_ROOT "c:/mydir/wolfssl" )
 # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
 # set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
-#
-#if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
-#    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
-#    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
-#    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
-#else()
-#    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
-#endif()
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
+
+if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+else()
+    message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
+    else()
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
+else()
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
+endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    # A standard project component (not a Managed Component)
+    message(STATUS "No conflicting wolfSSL components found.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+    # The official Managed Component called wolfssl from the wolfssl user.
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
+    # There is a known gojimmypi staging component available for anyone:
+    message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+    # Other users with permissions might publish their own mywolfssl staging Managed Component
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+else()
+    message(STATUS "WARNING: wolfssl component directory not found.")
+endif()
+
+# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
+# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
 
 # Not only is a project-level "set(COMPONENTS" not needed here, this will cause
 # an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
+
+if(0)
+    message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
+    # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+    set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+    if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+        message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+        set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+    else()
+        message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    endif()
+    message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
+endif()
+
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 project(wolfssl_benchmark)
+message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
index 27637c64d..5bdaf7fa9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
@@ -4,9 +4,11 @@
 #
 
 CFLAGS += -DWOLFSSL_USER_SETTINGS
+
 # Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
 # There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
-EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG
+CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1
 
 PROJECT_NAME := wolfssl_benchmark
+
 include $(IDF_PATH)/make/project.mk
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
index 7b3a4f255..e760db5f9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
@@ -7,8 +7,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## Espressif ESP Component Registry
 
-See the wolfSSL namespace at [components.espressif.com](https://components.espressif.com/components?q=wolfssl)
+See the wolfSSL namespace and additional details:
 
+https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/
 
 ## Windows COM Port
 
@@ -38,9 +39,7 @@ using the VisualGDB extension.
 
 The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project.
 
-
--------- |------------- |------------- |
-ChipSet  | ESP-IDF v4.4 | ESP-IDF v5.1 |
+ChipSet  | ESP-IDF v4.4 | ESP-IDF v5.2 |
 -------- |------------- |------------- |
 ESP32    |      x       |              |
 ESP32-S2 |              |              |
@@ -62,11 +61,12 @@ See the [feature request](https://sysprogs.com/w/forums/topic/feature-request-sh
 
 ## ESP-IDF Commandline
 
-1. `idf.py menuconfig` to configure the program.  
+1. `idf.py menuconfig` to configure the program.
     1-1. Example Configuration ->
 
-    BENCH_ARG : argument that you want to use. Default is "-lng 0"  
-    The list of argument can be find in help.
+    BENCH_ARG : argument that you want to use. Default is "-lng 0"
+    The list of arguments can be found in help. See [benchmark/README.md](https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/benchmark/README.md)
+    Features to be benchmarked are enabled in the `user_settings.h`.
 
 When you want to run the benchmark program
 
@@ -89,14 +89,34 @@ git fetch
 git pull
 git submodule update --init --recursive
 
-cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
+# pick your workspace location
+# cd ~/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
+# cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
+# cd /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
+cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
 
-# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB
+# The ESP8266 uses a completely different toolchain:
+WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
 
-WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1
-WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1
+# Pick ESP-IDF toolchain install directory
 WRK_IDF_PATH=~/esp/esp-idf
 
+# ESP-IDF v4.x uses toolchain v8.4
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1
+
+# ESP-IDF v5.0 with toolchain v12.4
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0
+
+# ESP-IDF v5.0 to v5.2.1 uses toolchain v12.4
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.1
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.2.1
+
+# The most recent version:
+# ESP-IDF v5.2 uses toolchain v13.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+
+
 . $WRK_IDF_PATH/export.sh
 
 # Set target SoC
@@ -110,9 +130,9 @@ idf.py build flash -p /dev/ttyS20 -b 115200 monitor
 
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 Compiled and flashed with `idf.py build  flash -p /dev/ttyS7 -b 115200 monitor`:
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
index f0bef7fc3..cc7ef0d47 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -19,17 +19,67 @@
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.7.0 template update + THIS_IDF_PATH
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
 
 set(VERBOSE_COMPONENT_MESSAGES 1)
 
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
 # The scope of this CMAKE_C_FLAGS is just this component:
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
 set(CMAKE_CURRENT_SOURCE_DIR ".")
 # set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
@@ -42,7 +92,7 @@ if ( "${WOLFSSL_ROOT}" STREQUAL "")
 endif()
 
 if(  "$ENV{IDF_PATH}" STREQUAL "" )
-     message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
 else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
@@ -52,28 +102,28 @@ if(VERBOSE_COMPONENT_MESSAGES)
     if(WIN32)
         # Windows-specific configuration here
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-        message("Detected Windows")
+        message(STATUS "Detected Windows")
     endif()
     if(CMAKE_HOST_UNIX)
-        message("Detected UNIX")
+        message(STATUS "Detected UNIX")
     endif()
     if(APPLE)
-        message("Detected APPLE")
+        message(STATUS "Detected APPLE")
     endif()
     if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
         # Windows-specific configuration here
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-        message("Detected WSL")
+        message(STATUS "Detected WSL")
     endif()
     if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
         # Windows-specific configuration here
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-        message("Detected Linux")
+        message(STATUS "Detected Linux")
     endif()
     if(APPLE)
         # Windows-specific configuration here
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-        message("Detected Apple")
+        message(STATUS "Detected Apple")
     endif()
 endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
@@ -106,10 +156,11 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_
     message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
 else()
     # benchmark and test do not need wifi, everything else probably does:
-    set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
 endif()
 
-# find the user name to search for possible "wolfssl-username"
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -130,6 +181,25 @@ else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
 
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
+
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -147,7 +217,8 @@ endif()
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -166,26 +237,56 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
     message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
 
     if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
         set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
         if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
             message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
-        else()
-            get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
-            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-            if( FOUND_WOLFSSL )
-                message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
             else()
-                message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-                message(STATUS "$ENV{WOLFSSL_ROOT}")
-            endif()
-        endif()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via prior specification.")
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
@@ -286,6 +387,11 @@ endfunction()
 
 message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
+
+# Optional variable inspection
 if (0)
     get_cmake_property(_variableNames VARIABLES)
     list (SORT _variableNames)
@@ -302,15 +408,25 @@ endif()
 
 if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
     # There's no esp_timer, no driver components for the ESP8266
-    message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
-    message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
-    set(THIS_INCLUDE_TIMER "")
-    set(THIS_INCLUDE_DRIVER "")
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
 else()
     message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
     message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
-    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_ESP_TLS        "esp-tls")
     set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
 endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
@@ -318,8 +434,10 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          ${THIS_INCLUDE_TIMER}
-                                          ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -328,6 +446,15 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
@@ -341,7 +468,9 @@ else()
             # Abort CMake after fatal error.
         endif()
     else()
-        message(STATUS "Searching for wolfSL source code...")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
         FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     endif()
 
@@ -349,11 +478,18 @@ else()
     if(WOLFSSL_ROOT)
         message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
     else()
-        message(STATUS "Failed: wolfssl directory not found.")
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
-                            "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
-        # Abort CMake after fatal error.
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
@@ -379,22 +515,24 @@ else()
         endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
-    # wolfSSL user_settings.h is in the local project.
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
 
     string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h")
-
+    add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
@@ -427,8 +565,7 @@ else()
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
-        # Abort CMake after fatal error.
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
 
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
@@ -536,7 +673,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -552,7 +691,7 @@ else()
     message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
     # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
@@ -601,6 +740,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -622,15 +762,120 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES
-                              "${THIS_INCLUDE_TIMER}"
-                              "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
-                           )
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
 
     # Some optional diagnostics. Verbose ones are truncated.
     if (VERBOSE_COMPONENT_MESSAGES)
@@ -662,6 +907,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -707,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
         message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -715,35 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
new file mode 100644
index 000000000..150913190
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
index 54ae8041f..83f414e50 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -18,6 +18,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 
+$(info ***********  wolfssl component ************)
+
 #
 # Component Makefile
 #
@@ -48,193 +50,257 @@
 # define it here:
 CFLAGS +=-DWOLFSSL_USER_SETTINGS
 
-# In the wolfSSL GitHub examples for Espressif,
-# the root is 7 directories up from here:
-WOLFSSL_ROOT := ../../../../../../../
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
 
-# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here (the location of of this component.mk):
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
+
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
 COMPONENT_ADD_INCLUDEDIRS := .
 COMPONENT_ADD_INCLUDEDIRS += include
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT).
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
 
-# WOLFSSL_ROOT := ""
-COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test
-COMPONENT_SRCDIRS += include
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
 
-COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
 
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
 
 ##
 ## wolfSSL
 ##
-COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o
-# COMPONENT_OBJS += src/conf.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o
-# COMPONENT_OBJS += src/pk.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
 # COMPONENT_OBJS += src/ssl_asn1.o
 # COMPONENT_OBJS += src/ssl_bn.o
 # COMPONENT_OBJS += src/ssl_certman.o
 # COMPONENT_OBJS += src/ssl_crypto.o
 # COMPONENT_OBJS += src/ssl_misc.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o
-# COMPONENT_OBJS += src/x509.o
-# COMPONENT_OBJS += src/x509_str.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
 
 ##
 ## wolfcrypt
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
 
 ##
 ## Espressif
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
 
 ##
-## wolfcrypt benchmark  (optional)
+## wolfcrypt benchmark  (needed for this benchmark example)
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o
+COMPONENT_OBJS               += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+COMPONENT_SRCDIRS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+COMPONENT_ADD_INCLUDEDIRS    += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
 
 ##
 ## wolfcrypt test (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
 
-##
-## wolfcrypt
-##
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
index 1c30597da..8da276d1e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,19 +18,57 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
+
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
 
 /* This user_settings.h is for Espressif ESP-IDF
  *
  * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
  *
- * Do not include any wolfssl headers here
+ * Do not include any wolfssl headers here.
  *
  * When editing this file:
- * ensure wolfssl_test and wolfssl_benchmark settings match.
+ * ensure all examples match. The template example is the reference.
  */
 
-/* The Espressif project config file. See also sdkconfig.defaults */
-#include "sdkconfig.h"
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
 
 /* The Espressif sdkconfig will have chipset info.
 **
@@ -46,33 +84,264 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
-/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
-#define NO_ESP_SDK_WIFI
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
 
 /* Experimental Kyber */
-#if 0
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
     /* Kyber typically needs a minimum 10K stack */
     #define WOLFSSL_EXPERIMENTAL_SETTINGS
-    #define WOLFSSL_HAVE_KYBER
-    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_HAVE_MLKEM
+    #define WOLFSSL_WC_MLKEM
     #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
 #endif
 
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
 /*
  * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
+ * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
 /* See below for chipset detection from sdkconfig.h */
 
 /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
-/* #define SINGLE_THREADED */
+#define SINGLE_THREADED
 
-/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
  * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
  * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
@@ -92,130 +361,6 @@
 /* RSA_LOW_MEM: Half as much memory but twice as slow. */
 #define RSA_LOW_MEM
 
-/* Uncommon settings for testing only */
-#define TEST_ESPIDF_ALL_WOLFSSL
-#ifdef  TEST_ESPIDF_ALL_WOLFSSL
-    #define WOLFSSL_MD2
-    #define HAVE_BLAKE2
-    #define HAVE_BLAKE2B
-    #define HAVE_BLAKE2S
-
-    #define WC_RC2
-    #define WOLFSSL_ALLOW_RC4
-
-    #define HAVE_POLY1305
-
-    #define WOLFSSL_AES_128
-    #define WOLFSSL_AES_OFB
-    #define WOLFSSL_AES_CFB
-    #define WOLFSSL_AES_XTS
-
-    /* #define WC_SRTP_KDF */
-    /* TODO Causes failure with Espressif AES HW Enabled */
-    /* #define HAVE_AES_ECB */
-    /* #define HAVE_AESCCM  */
-    /* TODO sanity check when missing HAVE_AES_ECB */
-    #define WOLFSSL_WOLFSSH
-
-    #define HAVE_AESGCM
-    #define WOLFSSL_AES_COUNTER
-
-    #define HAVE_FFDHE
-    #define HAVE_FFDHE_2048
-    #if defined(CONFIG_IDF_TARGET_ESP8266)
-        /* TODO Full size SRP is disabled on the ESP8266 at this time.
-         * Low memory issue? */
-        #define WOLFCRYPT_HAVE_SRP
-        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
-        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
-    #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
-          defined(CONFIG_IDF_TARGET_ESP32S2) || \
-          defined(CONFIG_IDF_TARGET_ESP32S3)
-        /* TODO: SRP Not enabled, known to fail on this target
-         * See https://github.com/wolfSSL/wolfssl/issues/7210 */
-    #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
-          defined(CONFIG_IDF_TARGET_ESP32H2)
-        /* SRP Known to be working on this target::*/
-        #define WOLFCRYPT_HAVE_SRP
-        #define FP_MAX_BITS (8192 * 2)
-    #else
-        /* For everything else, give a try and see if SRP working: */
-        #define WOLFCRYPT_HAVE_SRP
-        #define FP_MAX_BITS (8192 * 2)
-    #endif
-
-    #define HAVE_DH
-
-    /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
-     * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
-    /* #define HAVE_CAMELLIA */
-
-    /* DSA requires old SHA */
-    #define HAVE_DSA
-
-    /* Needs SHA512 ? */
-    #define HAVE_HPKE
-
-    /* Not for Espressif? */
-    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
-        defined(CONFIG_IDF_TARGET_ESP8684) || \
-        defined(CONFIG_IDF_TARGET_ESP32H2) || \
-        defined(CONFIG_IDF_TARGET_ESP8266)
-
-        #if defined(CONFIG_IDF_TARGET_ESP8266)
-            #undef HAVE_ECC
-            #undef HAVE_ECC_CDH
-            #undef HAVE_CURVE25519
-
-            /* TODO does CHACHA also need alignment? Failing on ESP8266
-             * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
-            #ifdef HAVE_CHACHA
-                #error "HAVE_CHACHA not supported on ESP8266"
-            #endif
-            #ifdef HAVE_XCHACHA
-                #error "HAVE_XCHACHA not supported on ESP8266"
-            #endif
-        #else
-            #define HAVE_XCHACHA
-            #define HAVE_CHACHA
-            /* TODO Not enabled at this time, needs further testing:
-             *   #define WC_SRTP_KDF
-             *   #define HAVE_COMP_KEY
-             *   #define WOLFSSL_HAVE_XMSS
-             */
-        #endif
-        /* TODO AES-EAX not working on this platform */
-
-        /* Optionally disable DH
-         *   #undef HAVE_DH
-         *   #undef HAVE_FFDHE
-         */
-
-        /* ECC_SHAMIR out of memory on ESP32-C2 during ECC  */
-        #ifndef HAVE_ECC
-            #define ECC_SHAMIR
-        #endif
-    #else
-        #define WOLFSSL_AES_EAX
-
-        #define ECC_SHAMIR
-    #endif
-
-    /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
-    /* #define WOLFSSL_CAAM      */
-    /* #define WOLFSSL_CAAM_BLOB */
-
-    #define WOLFSSL_AES_SIV
-    #define WOLFSSL_CMAC
-
-    #define WOLFSSL_CERT_PIV
-
-    /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
-    /* #define HAVE_SCRYPT */
-    #define SCRYPT_TEST_ALL
-    #define HAVE_X963_KDF
-#endif
-
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
 /* #define WOLFSSL_NOSHA512_256 */
@@ -230,14 +375,43 @@
 #define BENCH_EMBEDDED
 
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -254,32 +428,67 @@
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
-
-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
-
- /* ED25519 requires SHA512 */
-#define HAVE_ED25519
-
 /* Some features not enabled for ESP8266: */
 #if defined(CONFIG_IDF_TARGET_ESP8266) || \
     defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
     /* TODO determine low memory configuration for ECC. */
 #else
-    #define HAVE_ECC
-    #define HAVE_CURVE25519
-    #define CURVE25519_SMALL
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
+
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
+
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
 #endif
 
-#define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
 
-/* Optional OPENSSL compatibility */
-#define OPENSSL_EXTRA
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
 
 /* #Optional HAVE_PKCS7 */
-#define HAVE_PKCS7
+/* #define HAVE_PKCS7 */
 
 #if defined(HAVE_PKCS7)
     /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
@@ -319,8 +528,11 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x349F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
 /* hash limit for test.c */
 #define HASH_SIZE_LIMIT
@@ -329,7 +541,7 @@
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
 /* #define WOLFSSL_SP_RISCV32    */
@@ -338,6 +550,14 @@
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
 
 #define WOLFSSL_SMALL_STACK
 
@@ -345,18 +565,32 @@
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
 
-#define WOLFSSL_CERT_TEXT
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -376,10 +610,62 @@
 --enable-asn-template
 */
 
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
 /* Chipset detection from sdkconfig.h
  * Default is HW enabled unless turned off.
  * Uncomment lines to force SW instead of HW acceleration */
-#if defined(CONFIG_IDF_TARGET_ESP32)
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     #define WOLFSSL_ESP32
     /*  Alternatively, if there's an ECC Secure Element present: */
     /* #define WOLFSSL_ESPWROOM32SE */
@@ -501,12 +787,16 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -518,7 +808,7 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -556,18 +846,33 @@
 /* Debug options:
 See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
 
 See wolfcrypt/benchmark/benchmark.c for debug and other settings:
 
@@ -579,7 +884,8 @@ Turn on timer debugging (used when CPU cycles not available)
 */
 
 /* Pause in a loop rather than exit. */
-#define WOLFSSL_ESPIDF_ERROR_PAUSE
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
 
 #define WOLFSSL_HW_METRICS
 
@@ -628,6 +934,12 @@ Turn on timer debugging (used when CPU cycles not available)
  * There are various certificate examples in this header file:
  * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
  *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
  * To use the sets of macros below, define *one* of these:
  *
  *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
@@ -705,6 +1017,7 @@ Turn on timer debugging (used when CPU cycles not available)
     #define WOLFSSL_BASE16
 #else
     #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
         /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_2048
@@ -726,6 +1039,7 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
     #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
         /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_1024
@@ -750,3 +1064,34 @@ Turn on timer debugging (used when CPU cycles not available)
         #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
index e37c4d5f6..5166065a3 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
@@ -1,11 +1,44 @@
+# wolfSSL Espressif Example Project/main CMakeLists.txt
+#   v1.2
 #
 # wolfssl benchmark test
 #
+message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
-set(COMPONENT_SRCS "main.c")
-set(COMPONENT_ADD_INCLUDEDIRS ".")
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
 
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message(STATUS "Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message(STATUS "Detected UNIX")
+endif()
+if(APPLE)
+    message(STATUS "Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message(STATUS "Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message(STATUS "Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message(STATUS "Detected Apple")
+endif()
 set (git_cmd "git")
 
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
@@ -18,9 +51,22 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 endif()
 
+# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
+if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
+    message(STATUS "WARNING: Using a staging instance of wolfssl.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
+else()
+    message(STATUS "Using release wolfssl component.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
+endif()
+
+## register_component()
 idf_component_register(SRCS main.c
-                       INCLUDE_DIRS "." 
-                       "./include")
+                       INCLUDE_DIRS "."
+                            "./include"
+                       PRIV_REQUIRES "${THIS_PRIV_REQUIRES_DRIVER}"
+                                     "${MAIN_WOLFSSL_COMPONENT_NAME}"
+                       )
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -50,15 +96,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
+        message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
         set(${VAR_OUPUT} "Unknown")
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
+# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
     # LIBWOLFSSL_VERSION_GIT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -74,3 +129,4 @@ endif()
 
 message(STATUS "")
 
+message(STATUS "End wolfSSL main CMakeLists.txt")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild
index 8fd12d389..83ff73ada 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild
@@ -1,5 +1,102 @@
+# Kconfig main
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for wolfssl_template
+
 menu "Example Configuration"
 
+choice WOLFSSL_EXAMPLE_CHOOSE
+    prompt "Choose Example (See wolfssl/include/user_settings.h)"
+    default WOLFSSL_EXAMPLE_NAME_NONE
+    help
+        The user settings file can be adjusted to specific wolfSSL examples.
+
+    config WOLFSSL_EXAMPLE_NAME_TEMPLATE
+        bool "wolfSSL Template"
+        help
+            The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
+
+    config WOLFSSL_EXAMPLE_NAME_TEST
+        bool "wolfSSL Test"
+        help
+            This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
+
+    config WOLFSSL_EXAMPLE_NAME_BENCHMARK
+        bool "wolfSSL Benchmark"
+        help
+            Benchmark performance app. See also cryptographic test.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+        bool "TLS Client"
+        help
+            TLS Client Example app. Needs WiFi and a listening server on port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+        bool "TLS Server"
+        help
+            TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+        bool "SSH Template App"
+        help
+            Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+        bool "SSH to UART Server for the ESP32"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+        bool "SSH to UART Server for the ESP8266"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+        bool "MQTT Template"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+        bool "MQTT AWS IoT"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+        bool "TPM Test Example for the ESP32"
+        help
+            See wolfSSL/wolfTPM on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_NONE
+        bool "Other"
+        help
+            A specific example app is not defined.
+
+endchoice
+
 config BENCH_ARGV
     string "Arguments for benchmark test"
     default "-lng 0"
@@ -22,7 +119,7 @@ config BENCH_ARGV
         -lng <num>  Display benchmark result by specified language.
                     0: English, 1: Japanese
         <num>       Size of block in bytes
-        
+
         e.g -lng 1
         e.g sha
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
index d9b752f16..08f8fbe9b 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
@@ -7,3 +7,17 @@
 # please read the ESP-IDF documents if you need to do this.
 #
 # (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)
+
+# We'll add the explicit lines only for old SDK requirements (e.h. ESP8266)
+
+ifeq ("$(VISUALGDB_DIR)","")
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL) )
+else
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL) )
+    COMPONENT_SRCDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS += include
+
+    # Ensure main.c gets compiled
+    COMPONENT_OBJS := main.o
+endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
index cae03b4a9..a7828c33e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
@@ -1,6 +1,6 @@
-/* benchmark main.h
+/* wolfssl_benchmark main.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifndef _MAIN_
-#define _MAIN_
+#ifndef _MAIN_H_
+#define _MAIN_H_
 
 void app_main(void);
 
-/* see wolfssl/wolfcrypt/benchmark/benchmark.h */
-extern void wolf_benchmark_task();
-
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
index 3381f25fe..9af128c07 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
@@ -1,6 +1,6 @@
 /* benchmark main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,20 +27,27 @@
 /* The wolfSSL user_settings.h file is automatically included by the settings.h
  * file and should never be explicitly included in any other source files.
  * The settings.h should also be listed above wolfssl library include files. */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/version.h>
-#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
-#ifndef WOLFSSL_ESPIDF
-    #error "Problem with wolfSSL user_settings. "           \
-           "Check components/wolfssl/include "              \
-           "and confirm WOLFSSL_USER_SETTINGS is defined, " \
-           "typically in the component CMakeLists.txt"
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/benchmark/benchmark.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfcrypt/benchmark/benchmark.h>
-
 /* Hardware; include after other libraries,
  * particularly after freeRTOS from settings.h */
 #include <driver/uart.h>
@@ -152,6 +159,7 @@ char* __argv[WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS];
 
 int construct_argv()
 {
+    #define ARG_BUFF_SIZE 16
     int cnt = 0;
     int i = 0;
     int len = 0;
@@ -212,15 +220,16 @@ int construct_argv()
 /* entry point */
 void app_main(void)
 {
-    int stack_start = 0;
-
     uart_config_t uart_config = {
         .baud_rate = THIS_MONITOR_UART_BAUD_DATE,
         .data_bits = UART_DATA_8_BITS,
         .parity    = UART_PARITY_DISABLE,
         .stop_bits = UART_STOP_BITS_1,
     };
+    int stack_start = 0;
+    word32 loops = 0;
     esp_err_t ret = 0;
+
     stack_start = esp_sdk_stack_pointer();
 
     /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN,
@@ -270,7 +279,7 @@ void app_main(void)
     ESP_LOGI(TAG, "NO_CRYPT_BENCHMARK defined, skipping wolf_benchmark_task")
 #else
 
-    /* although wolfCrypt_Init() may be explicitly called above,
+    /* Although wolfCrypt_Init() may be explicitly called above,
     ** note it is still always called in wolf_benchmark_task.
     */
     stack_start = uxTaskGetStackHighWaterMark(NULL);
@@ -278,36 +287,41 @@ void app_main(void)
     do {
         ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
 
-        wolf_benchmark_task(); /* TODO capture return value! */
+#ifdef WOLFSSL_BENCH_ARGV
+        ret = benchmark_test(__argv);
+#else
+        ret = benchmark_test(NULL);
+#endif
         ESP_LOGI(TAG, "Stack used: %d\n",
                       stack_start - uxTaskGetStackHighWaterMark(NULL));
 
-        #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
-            esp_hw_show_metrics();
-        #endif
-    } while (BENCHMARK_LOOP);
-    /* Reminder: wolfCrypt_Cleanup should always be called at completion,
+        esp_hw_show_metrics();
+
+        loops++; /* count of the number of tests run before fail. */
+        ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
+        ESP_LOGI(TAG, "loops = %d", loops);
+
+    } while (BENCHMARK_LOOP && (ret == 0));
+
+    /* Reminder: wolfCrypt_Cleanup() should always be called at completion,
     ** and is called in wolf_benchmark_task().  */
 
+#if defined BENCHMARK_LOOP && (BENCHMARK_LOOP == 1)
+    /* If BENCHMARK_LOOP enabled and we get here, there was likely an error. */
+    ESP_LOGI(TAG, "Benchmark loops completed: %d", loops);
+#endif
+
 #if defined(SINGLE_THREADED)
     /* need stack monitor for single thread */
 #else
     ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
 #endif
 
-    /* note wolfCrypt_Cleanup() should always be called when finished.
-    ** This is called at the end of wolf_test_task();
-    */
-
-#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
-    esp_hw_show_mp_metrics();
-#endif
-
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
-        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
+    ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 
-        ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                        - (uxTaskGetStackHighWaterMark(NULL)));
+    ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                                    - (uxTaskGetStackHighWaterMark(NULL)));
 #endif
 
 #ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
@@ -318,19 +332,19 @@ void app_main(void)
         ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
     }
 #elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
-     ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
+    ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
 #else
     ESP_LOGI(TAG, "\n\nDone!\n\n"
                   "If running from idf.py monitor, press twice: Ctrl+]");
 #endif
 
-    /* after the test, we'll just wait */
+    /* After completion, we'll just wait */
     while (1) {
-        /* do something other than nothing to help next program/debug session*/
-#ifndef SINGLE_THREADED
-        vTaskDelay(1000);
+#if defined(SINGLE_THREADED)
+        while (1);
+#else
+        vTaskDelay(60000);
 #endif
-    }
-
+    } /* done while */
 #endif /* NO_CRYPT_BENCHMARK */
-} /* main */
+}
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
index a9c373bec..0b2fcd1a9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
@@ -1,31 +1,31 @@
-# to view: idf.py partition-table
-#
-# ESP-IDF Partition Table
-# Name, Type,  SubType, Offset,  Size, Flags
-nvs,     data, nvs,     0x9000,  24K,
-phy_init,data, phy,     0xf000,  4K,
-factory, app,  factory, 0x10000, 1500K,
-
-
-# For other settings, see:
-# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
-#
-# Here is the summary printed for the "Single factory app, no OTA" configuration:
-#
-# # ESP-IDF Partition Table
-# # Name,   Type, SubType, Offset,  Size, Flags
-# nvs,      data, nvs,     0x9000,  0x6000,
-# phy_init, data, phy,     0xf000,  0x1000,
-# factory,  app,  factory, 0x10000, 1M,
-#
-#
-# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
-#
-# # ESP-IDF Partition Table
-# # Name,   Type, SubType, Offset,  Size, Flags
-# nvs,      data, nvs,     0x9000,  0x4000,
-# otadata,  data, ota,     0xd000,  0x2000,
-# phy_init, data, phy,     0xf000,  0x1000,
-# factory,  app,  factory, 0x10000,  1M,
-# ota_0,    app,  ota_0,   0x110000, 1M,
-# ota_1,    app,  ota_1,   0x210000, 1M,
+# to view: idf.py partition-table
+#
+# ESP-IDF Partition Table
+# Name, Type,  SubType, Offset,  Size, Flags
+nvs,     data, nvs,     0x9000,  24K,
+phy_init,data, phy,     0xf000,  4K,
+factory, app,  factory, 0x10000, 1500K,
+
+
+# For other settings, see:
+# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
+#
+# Here is the summary printed for the "Single factory app, no OTA" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x6000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000, 1M,
+#
+#
+# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x4000,
+# otadata,  data, ota,     0xd000,  0x2000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000,  1M,
+# ota_0,    app,  ota_0,   0x110000, 1M,
+# ota_1,    app,  ota_1,   0x210000, 1M,
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
index e7f303736..bc63cebf8 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
@@ -1,18 +1,34 @@
+# Set the known example app config to template example (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK=y
+
+# CONFIG_EXAMPLE_WIFI_SSID="myssid"
+# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+# sdkconfig.defaults for ESP8266 + ESP32
+# See separate sdkconfig.defaults.esp8266
 # Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
-# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
 CONFIG_BENCH_ARGV="-lng 0"
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
 # Default main stack size. See user_settings.h
 #
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
+#
 # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
 # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
+# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
 
-# Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=10500
+# Legacy stack size name for older ESP-IDF versions
+CONFIG_MAIN_TASK_STACK_SIZE=28672
 
 #
 # Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
@@ -30,6 +46,10 @@ CONFIG_ESP_TASK_WDT_EN=n
 CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
 CONFIG_ESP_INT_WDT=n
 
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
 # ESP8266 WDT
 # CONFIG_ESP_PANIC_PRINT_REBOOT is not set
 CONFIG_ESP_PANIC_PRINT_REBOOT=n
@@ -45,6 +65,36 @@ CONFIG_HEAP_DISABLE_IRAM=y
 # Performance
 # CONFIG_COMPILER_OPTIMIZATION_PERF=y
 
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+# CONFIG_ESP_TLS_USING_WOLFSSL=y
+# CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
 # Set max COU frequency (falls back as needed for lower maximum)
 CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
 
@@ -52,6 +102,26 @@ CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
 CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
+
 #
 # Compiler options
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
index 14d08bf9f..f9b3bbfd0 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
@@ -1,10 +1,19 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
+message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
+
 cmake_minimum_required(VERSION 3.16)
 
+# Optional no watchdog typically used for test & benchmark
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 #
@@ -22,45 +31,63 @@ cmake_minimum_required(VERSION 3.16)
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
 # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
 
 if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
-    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
     set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
 else()
-    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
 endif()
 
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
+    else()
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
+else()
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
+endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
+
 # Check that there are not conflicting wolfSSL components
 # The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
 # The local component wolfSSL directory will be in ./components/wolfssl
+message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
     # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
     # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -75,22 +102,47 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
     message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
                         "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
                         "or rename the idf_component.yml file typically found in ./main/")
-else()
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    # A standard project component (not a Managed Component)
     message(STATUS "No conflicting wolfSSL components found.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+    # The official Managed Component called wolfssl from the wolfssl user.
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
+    # There is a known gojimmypi staging component available for anyone:
+    message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+    # Other users with permissions might publish their own mywolfssl staging Managed Component
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+else()
+    message(STATUS "WARNING: wolfssl component directory not found.")
 endif()
 
+# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
+# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
 
-# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 
-if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
-    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
-    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
-else()
-    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+if(0)
+    message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
+    # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+    set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+    if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+        message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+        set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+    else()
+        message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    endif()
+    message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
 endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 project(wolfssl_client)
+message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
index cedefce72..430abea3e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
@@ -1,6 +1,6 @@
 # ESP8266 Project Makefile for wolfssl_client
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
index 5c667ca24..ff275c711 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
@@ -10,9 +10,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## Quick Start
 
-Use the [ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html)
-for ESP32 or [RTOS SDK](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html)
-for the ESP8266.
+Use the `ESP-IDF` for ESP32 or `RTOS SDK` for the ESP8266.
 
 Run `menuconfig` utility (`idf.py menuconfig` for ESP32 or `make menuconfig` for the ESP8266)
 and set the various parameters for the target device, along with local WiFi settings:
@@ -49,30 +47,30 @@ Difficulty flashing:
 * Check that quality USB cables are being used.
 * Try lowering the flash baud rate in the `menuconfig`. The 115200 is typically reliable.
 * Review board specifications: some require manual boot mode via on-board buttons.
-* See [Espressif ESP Frequently Asked Questions](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf)
+* See Espressif ESP Frequently Asked Questions `esp-faq-en-master.pdf`.
 
 ## ESP-IDF Commandline v5.x
 
 
 1. `idf.py menuconfig` to config the project
 
-      1-1. Example Configuration ->  
+      1-1. Example Configuration ->
 
           Target host ip address : the host that you want to connect to.(default is 127.0.0.1)
 
      1-2. Example Connection Configuration ->
-     
-          WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")  
+
+          WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")
           WIFI Password: WIFI password, and default is "mypassword"
-    
-    
-    Note: the example program uses 11111 port. If you want to use different port  
+
+
+    Note: the example program uses 11111 port. If you want to use different port
         , you need to modify DEFAULT_PORT definition in the code.
 
 When you want to test the wolfSSL client
 
-1. `idf.py -p <PORT> flash` and then `idf.py monitor` to load the firmware and see the context  
-2. You can use <wolfssl>/examples/server/server program for test.  
+1. `idf.py -p <PORT> flash` and then `idf.py monitor` to load the firmware and see the context
+2. You can use <wolfssl>/examples/server/server program for test.
 
          e.g. Launch ./examples/server/server -v 4 -b -i -d
 
@@ -127,8 +125,8 @@ export IDF_PATH=~/esp/ESP8266_RTOS_SDK
 export PATH="$PATH:$HOME/esp/xtensa-lx106-elf/bin"
 
 # copy and navigate to project directory
-mkdir -p /mnt/c/test/demo  
-cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo  
+mkdir -p /mnt/c/test/demo
+cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
 cd /mnt/c/test/demo
 
 # Clean
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
index 01dd6baf8..87e1f0365 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
@@ -49,7 +49,7 @@ make clean && make
 ### Others...
 
 ```
-# Success: Linux Client to ESP32 Server TLS1.2 
+# Success: Linux Client to ESP32 Server TLS1.2
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
@@ -81,7 +81,7 @@ be the same as the Linux server files.
 
 |  Usage |            Certificate             |        Key                          |   Certificate Authority file, default ./certs/client-cert.pem |
 | -----  | ---------------------------------- | ----------------------------------- | --------------------------------- |
-| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |                      
+| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |
 | client | -c ./certs/sm2/client-sm2.pem      | -k ./certs/sm2/client-sm2-priv.pem  | -A ./certs/sm2/root-sm2.pem -C    |
 | emdedded:
 | server | wolfSSL_CTX_use_certificate_buffer<br/> server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer<br/> server_sm2_priv | wolfSSL_CTX_load_verify_buffer<br/> client-sm2  |
@@ -156,7 +156,7 @@ I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
 I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
 I (636) spi_flash: detected chip: generic
 I (639) spi_flash: flash io: dio
-W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the 
+W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
 size in the binary image header.
 I (657) cpu_start: Starting scheduler on PRO CPU.
 I (0) cpu_start: Starting scheduler on APP CPU.
@@ -167,7 +167,7 @@ I (735) system_api: read default base MAC address from EFUSE
 I (755) wifi:wifi firmware version: 0d470ef
 I (755) wifi:wifi certification version: v7.0
 I (755) wifi:config NVS flash: enabled
-I (755) wifi:config nano formating: disabled
+I (755) wifi:config nano formatting: disabled
 I (755) wifi:Init data frame dynamic rx buffer num: 32
 I (765) wifi:Init management frame dynamic rx buffer num: 32
 I (765) wifi:Init management short buffer num: 32
@@ -358,12 +358,12 @@ I (14715) internal.c: GrowOutputBuffer ok
 I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
 I (14725) wolfssl: Point Formats extension to write
 W (14735) wolfio: ssl->wflags = 0
-I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57 
-I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8 
-I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20 
-I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58 
-I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00 
-I (14765) wolfio: 06 00 0b 00 02 01 00 
+I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
+I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
+I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
+I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
+I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
+I (14765) wolfio: 06 00 0b 00 02 01 00
 W (14775) wolfio: sz          = 87
 I (14775) wolfssl: Shrinking output buffer
 I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
@@ -372,53 +372,53 @@ I (14795) wolfssl: wolfSSL Entering SendCertificate
 I (14795) wolfssl: growing output buffer
 I (14805) internal.c: GrowOutputBuffer ok
 W (14815) wolfio: ssl->wflags = 0
-I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30 
-I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30 
-I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b 
-I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 
-I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 
-I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 
-I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 
-I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06 
-I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c 
-I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d 
-I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 
-I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f 
-I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01 
-I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33 
-I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31 
-I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30 
-I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03 
-I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e 
-I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14 
-I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c 
-I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53 
-I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55 
-I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 
-I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 
-I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 
-I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 
-I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30 
-I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c 
-I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f 
-I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa 
-I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f 
-I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0 
-I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30 
-I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b 
-I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f 
-I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb 
-I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30 
-I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06 
-I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06 
-I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 
-I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04 
-I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83 
-I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d 
-I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3 
-I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1 
-I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f 
-I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68 
+I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
+I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
+I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
+I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
+I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
+I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
+I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
+I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
+I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
+I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
+I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
+I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
+I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
+I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
+I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
+I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
+I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
+I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
+I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
+I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
+I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
+I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
+I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
+I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
+I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
+I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
+I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
+I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
+I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
+I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
+I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
+I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
+I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
+I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
+I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
+I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
+I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
+I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
+I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
+I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
+I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
+I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
+I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
+I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
+I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
+I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
+I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
 W (15135) wolfio: sz          = 747
 I (15135) wolfssl: Shrinking output buffer
 I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
@@ -440,16 +440,16 @@ I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
 I (15925) wolfssl: growing output buffer
 I (15925) internal.c: GrowOutputBuffer ok
 W (15925) wolfio: ssl->wflags = 0
-I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5 
-I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3 
-I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f 
-I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27 
-I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08 
-I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad 
-I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac 
-I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a 
-I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c 
-I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6 
+I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
+I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
+I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
+I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
+I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
+I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
+I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
+I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
+I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
+I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
 W (15995) wolfio: sz          = 154
 I (16005) wolfssl: Shrinking output buffer
 I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
@@ -459,7 +459,7 @@ I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
 I (16035) wolfssl: growing output buffer
 I (16035) internal.c: GrowOutputBuffer ok
 W (16045) wolfio: ssl->wflags = 0
-I (16045) wolfio: 16 03 03 00 04 0e 00 00 00 
+I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
 W (16045) wolfio: sz          = 9
 I (16055) wolfssl: Embed Send error
 I (16055) wolfssl:      Connection reset
@@ -479,14 +479,14 @@ I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
 I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
 E (16145) tls_server: ERROR: failed to read
 I (16145) wolfssl: Client sends:
-I (16145) wolfssl: 
+I (16145) wolfssl:
 I (16155) wolfssl: wolfSSL Entering wolfSSL_write
 I (16155) wolfssl: handshake not complete, trying to finish
 I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
 I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
 I (16175) wolfssl: wolfSSL Entering ReinitSSL
 W (16185) wolfio: ssl->wflags = 0
-I (16185) wolfio: 16 03 03 00 04 0e 00 00 00 
+I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
 W (16185) wolfio: sz          = 9
 I (16195) wolfssl: Embed Send error
 I (16195) wolfssl:      General error
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
index c3c09ca53..cc7ef0d47 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -19,18 +19,148 @@
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
-set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
 
-# find the user name to search for possible "wolfssl-username"
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
+# The scope of this CMAKE_C_FLAGS is just this component:
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(CMAKE_CURRENT_SOURCE_DIR ".")
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message(STATUS "Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message(STATUS "Detected UNIX")
+    endif()
+    if(APPLE)
+        message(STATUS "Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message(STATUS "Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message(STATUS "Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message(STATUS "Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -51,6 +181,25 @@ else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
 
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
+
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -68,7 +217,8 @@ endif()
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -76,27 +226,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
 endfunction()
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            else()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
             set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
             return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -114,16 +308,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
         endif()
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
             endif()
         endif()
@@ -143,7 +368,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
         endif()
     endwhile()
@@ -154,17 +380,64 @@ endfunction()
 
 
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
 
+# Optional variable inspection
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
+
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_ESP_TLS        "esp-tls")
+    set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
+endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          # esp_timer
-                                          # driver # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -173,48 +446,99 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
-
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
-
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -237,11 +561,12 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
@@ -291,6 +616,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -347,7 +673,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -360,21 +688,22 @@ else()
             message(STATUS "Could not find RTOS path")
         endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
         # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
-        ${THIS_IDF_PATH}/components/esp_event/include
-        ${THIS_IDF_PATH}/components/esp_netif/include
-        ${THIS_IDF_PATH}/components/esp_wifi/include
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
@@ -399,8 +728,8 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
-        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external Kyber disabled by default
-        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -411,6 +740,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -432,22 +762,144 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
-                           )
-    # some optional diagnostics
-    if (1)
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
@@ -455,6 +907,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -500,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
         message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -508,33 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
new file mode 100644
index 000000000..150913190
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
index 1008e04af..f94bd617d 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -20,7 +20,7 @@
 
 $(info ***********  wolfssl component ************)
 
- #
+#
 # Component Makefile
 #
 #
@@ -66,7 +66,19 @@ CFLAGS +=-DWOLFSSL_USER_SETTINGS
 #   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
 # When this wolfssl component.mk makefile is in [project]/components/wolfssl
 # The root is 7 directories up from here (the location of of this component.mk):
-WOLFSSL_ROOT := ../../../../../../..
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
 
 # To set the location of a different location, it is best to use relative paths.
 #
@@ -82,7 +94,7 @@ WOLFSSL_ROOT := ../../../../../../..
 # "/mnt/c" is 4 directories up:
 #             2 for `./test/demo` from where we run `make`, plus
 #             2 more from the location of `component.mk` located
-#               in `[currect directory]/components/wolfssl`.
+#               in `[current directory]/components/wolfssl`.
 #
 # Thus we need 4 parent reference to find the relative path to wolfSSL:
 # WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
@@ -92,14 +104,16 @@ WOLFSSL_ROOT := ../../../../../../..
 # CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 # CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
 
-abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
 
 # print-wolfssl-path-value:
 #	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
 #	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
 
-$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
-$(info WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
 
 # NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
@@ -109,6 +123,7 @@ COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
@@ -122,27 +137,27 @@ COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
 
-COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
-
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
 
 ##
 ## wolfSSL
 ##
-COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
-# COMPONENT_OBJS += src/conf.o
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
-# COMPONENT_OBJS += src/pk.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
@@ -154,8 +169,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
-# COMPONENT_OBJS += src/x509.o
-# COMPONENT_OBJS += src/x509_str.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
 
 ##
 ## wolfcrypt
@@ -188,7 +203,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
@@ -251,8 +266,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
@@ -276,21 +291,16 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.
 ##
 ## wolfcrypt benchmark  (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
 ## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
 
 
 ##
 ## wolfcrypt test (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
-
-##
-## wolfcrypt
-##
-## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
 
 $(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
index 325e54b6a..8da276d1e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,21 +18,202 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
-/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
-
-/* This user_settings.h is for Espressif ESP-IDF */
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
 
+/* The Espressif project config file. See also sdkconfig.defaults */
 #include "sdkconfig.h"
 
-/* #define DEBUG_WOLFSSL */
-/* #define DEBUG_WOLFSSL_VERBOSE */
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here.
+ *
+ * When editing this file:
+ * ensure all examples match. The template example is the reference.
+ */
+
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+#undef  WOLFSSL_ESPIDF
+#define WOLFSSL_ESPIDF
+
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
 
 /* Experimental Kyber */
-#if 0
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
+    /* Kyber typically needs a minimum 10K stack */
     #define WOLFSSL_EXPERIMENTAL_SETTINGS
-    #define WOLFSSL_HAVE_KYBER
-    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_HAVE_MLKEM
+    #define WOLFSSL_WC_MLKEM
     #define WOLFSSL_SHA3
     #if defined(CONFIG_IDF_TARGET_ESP8266)
         /* With limited RAM, we'll disable some of the Kyber sizes: */
@@ -42,6 +223,17 @@
     #endif
 #endif
 
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
 /* Pick a cert buffer size: */
 /* #define USE_CERT_BUFFERS_2048 */
 /* #define USE_CERT_BUFFERS_1024 */
@@ -58,14 +250,76 @@
 **   CONFIG_IDF_TARGET_ESP32C6
 */
 
-#undef  WOLFSSL_ESPIDF
-#define WOLFSSL_ESPIDF
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
 
-/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */
-#define NO_ESP_SDK_WIFI
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
 
 /*
- * ONE of these Espressif chipsets should be defined:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESPWROOM32SE
@@ -84,11 +338,28 @@
 #endif
 /* See below for chipset detection from sdkconfig.h */
 
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
 /* Small session cache saves a lot of RAM for ClientCache and SessionCache.
  * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
- * When really desperate, try NO_SESSION_CACHE.  */
-#define MICRO_SESSION_CACHE
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -103,19 +374,44 @@
 
 #define BENCH_EMBEDDED
 
-#define WOLFSSL_SMALL_STACK
-#define HAVE_ECC
-#define RSA_LOW_MEM
-
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -132,30 +428,72 @@
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-#if defined(CONFIG_IDF_TARGET_ESP8266)
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
     /* Some known low-memory devices have features not enabled by default. */
+    /* TODO determine low memory configuration for ECC. */
 #else
     /* when you want to use SHA512 */
     #define WOLFSSL_SHA512
 
     /* when you want to use SHA3 */
-    #define WOLFSSL_SHA3
+    /* #define WOLFSSL_SHA3 */
 
     /* ED25519 requires SHA512 */
     #define HAVE_ED25519
+#endif
 
-    #define HAVE_ECC
-    #define HAVE_CURVE25519
-    #define CURVE25519_SMALL
-    #define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
+
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
 #endif
 
 /* Optional OpenSSL compatibility */
 /* #define OPENSSL_EXTRA */
 
-/* when you want to use pkcs7 */
+/* #Optional HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
+
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
@@ -175,25 +513,11 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 
-/* RSA primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
 
-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
@@ -204,23 +528,40 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x249F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
-#define HASH_SIZE_LIMIT /* for test.c */
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT
 
 /* USE_FAST_MATH is default */
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */
 
 /***** Use Integer Heap Math *****/
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
+
+#define WOLFSSL_SMALL_STACK
+
+
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
@@ -230,13 +571,26 @@
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
-#define WOLFSSL_CERT_TEXT
+
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -256,11 +610,66 @@
 --enable-asn-template
 */
 
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
 /* Chipset detection from sdkconfig.h
  * Default is HW enabled unless turned off.
  * Uncomment lines to force SW instead of HW acceleration */
-#if defined(CONFIG_IDF_TARGET_ESP32)
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -378,12 +787,16 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -395,7 +808,7 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -403,29 +816,84 @@
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */
 
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
 See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */
 
-#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+/* Pause in a loop rather than exit. */
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
+
 #define WOLFSSL_HW_METRICS
 
-/* #define HASH_SIZE_LIMIT */ /* for test.c */
+/* for test.c */
+/* #define HASH_SIZE_LIMIT */
 
-/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -466,6 +934,12 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
  * There are various certificate examples in this header file:
  * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
  *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
  * To use the sets of macros below, define *one* of these:
  *
  *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
@@ -543,6 +1017,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
     #define WOLFSSL_BASE16
 #else
     #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -562,6 +1039,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
     #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -584,3 +1064,34 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
         #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
index 621eb8702..80a89c25a 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
@@ -1,35 +1,43 @@
 # wolfSSL Espressif Example Project/main CMakeLists.txt
-#   v1.0
+#   v1.2
 #
 # wolfssl client test
 #
+message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
+
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 set (git_cmd "git")
 
@@ -43,14 +51,26 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 endif()
 
+# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
+if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
+    message(STATUS "WARNING: Using a staging instance of wolfssl.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
+else()
+    message(STATUS "Using release wolfssl component.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
+endif()
+
 ## register_component()
 idf_component_register(SRCS main.c
                             wifi_connect.c
                             time_helper.c
                             client-tls.c
                        INCLUDE_DIRS "."
-                                    "./include")
-#
+                            "./include"
+                       PRIV_REQUIRES "${MAIN_WOLFSSL_COMPONENT_NAME}"
+                                     "${THIS_PRIV_REQUIRES_DRIVER}"
+                                     nvs_flash
+                                     protocol_examples_common)
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -80,15 +100,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
+        message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
         set(${VAR_OUPUT} "Unknown")
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
+# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
     # LIBWOLFSSL_VERSION_GIT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -104,3 +133,4 @@ endif()
 
 message(STATUS "")
 
+message(STATUS "End wolfSSL main CMakeLists.txt")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild
index 83dcd6439..06cc01df8 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild
@@ -1,4 +1,101 @@
-menu "Example Configuration"
+# Kconfig main
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for wolfssl_template
+
+menu "Example wolfSSL Configuration"
+
+choice WOLFSSL_EXAMPLE_CHOOSE
+    prompt "Choose Example (See wolfssl/include/user_settings.h)"
+    default WOLFSSL_EXAMPLE_NAME_NONE
+    help
+        The user settings file can be adjusted to specific wolfSSL examples.
+
+    config WOLFSSL_EXAMPLE_NAME_TEMPLATE
+        bool "wolfSSL Template"
+        help
+            The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
+
+    config WOLFSSL_EXAMPLE_NAME_TEST
+        bool "wolfSSL Test"
+        help
+            This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
+
+    config WOLFSSL_EXAMPLE_NAME_BENCHMARK
+        bool "wolfSSL Benchmark"
+        help
+            Benchmark performance app. See also cryptographic test.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+        bool "TLS Client"
+        help
+            TLS Client Example app. Needs WiFi and a listening server on port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+        bool "TLS Server"
+        help
+            TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+        bool "SSH Template App"
+        help
+            Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+        bool "SSH to UART Server for the ESP32"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+        bool "SSH to UART Server for the ESP8266"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+        bool "MQTT Template"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+        bool "MQTT AWS IoT"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+        bool "TPM Test Example for the ESP32"
+        help
+            See wolfSSL/wolfTPM on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_NONE
+        bool "Other"
+        help
+            A specific example app is not defined.
+
+endchoice
 
 config WOLFSSL_TARGET_HOST
     string "Target host"
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
index 638fdf343..9a0bdc2ec 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
@@ -1,6 +1,6 @@
 /* client-tls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,6 +18,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #include "client-tls.h"
 
 /* Espressif FreeRTOS */
@@ -36,11 +37,13 @@
 
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/settings.h>
+/* This project not yet using the library */
+#undef USE_WOLFSSL_ESP_SDK_WIFI
 #include <wolfssl/ssl.h>
 
-#if defined(WOLFSSL_WC_KYBER)
-    #include <wolfssl/wolfcrypt/kyber.h>
-    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#if defined(WOLFSSL_WC_MLKEM)
+    #include <wolfssl/wolfcrypt/mlkem.h>
+    #include <wolfssl/wolfcrypt/wc_mlkem.h>
 #endif
 #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
     #include <wolfssl/certs_test.h>
@@ -204,7 +207,6 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
 
     size_t len;
 
-    wolfSSL_Debugging_ON();
     WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME);
 
     doPeerCheck = 1;
@@ -238,8 +240,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
     /* Create and initialize WOLFSSL_CTX */
     ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); /* SSL 3.0 - TLS 1.3. */
     /*   options:   */
-    /* ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());      only TLS 1.2 */
-    /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());      only TLS 1.3 */
+    /* ctx = wolfSSL_CTX_new(wolfSSLv1_2_client_method());      only TLS 1.2 */
+    /* ctx = wolfSSL_CTX_new(wolfSSLv1_3_client_method());      only TLS 1.3 */
     /* wolfSSL_CTX_NoTicketTLSv12(); */
     /* wolfSSL_NoTicketTLSv12();     */
     if (ctx == NULL) {
@@ -305,11 +307,11 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
 
     /* no peer check */
     if (doPeerCheck == 0) {
-        ESP_LOGW(TAG, "doPeerCheck == 0");
+        ESP_LOGW(TAG, "doPeerCheck == 0; WOLFSSL_VERIFY_NONE");
         wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
     }
     else {
-        ESP_LOGW(TAG, "doPeerCheck != 0");
+        ESP_LOGI(TAG, "doPeerCheck != 0");
         WOLFSSL_MSG("Loading... our cert");
         /* load our certificate */
         ret_i = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
@@ -395,22 +397,22 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
         ESP_LOGI(TAG, "tls_smp_client_task heap @ %p = %d",
                       &this_heap, this_heap);
 #endif
-#if defined(WOLFSSL_HAVE_KYBER)
+#if defined(WOLFSSL_HAVE_MLKEM)
     #if defined(WOLFSSL_KYBER1024)
-        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
                                         "WOLFSSL_P256_KYBER_LEVEL5");
         ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
     #elif defined(WOLFSSL_KYBER768)
-        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
                                         "WOLFSSL_P256_KYBER_LEVEL3");
         ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL3);
     #elif defined(WOLFSSL_KYBER512)
         /* This will typically be a low memory situation, such as ESP8266 */
-        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
                                         "WOLFSSL_P256_KYBER_LEVEL1");
         ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL1);
     #else
-        ESP_LOGW(TAG, "WOLFSSL_HAVE_KYBER enabled but no key size available.");
+        ESP_LOGW(TAG, "WOLFSSL_HAVE_MLKEM enabled but no key size available.");
         ret_i = ESP_FAIL;
     #endif
         if (ret_i == WOLFSSL_SUCCESS) {
@@ -420,7 +422,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
             ESP_LOGE(TAG, "UseKeyShare Kyber failed");
         }
 #else
-    ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled");
+    ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is not enabled");
 #endif
     }
 
@@ -460,6 +462,9 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
     }
 
     ESP_LOGI(TAG, "Connect to wolfSSL server...");
+    #ifdef DEBUG_WOLFSSL
+        wolfSSL_Debugging_ON();
+    #endif
     ret_i = wolfSSL_connect(ssl);
 #ifdef DEBUG_WOLFSSL
     this_heap = esp_get_free_heap_size();
@@ -570,7 +575,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
 #else
     xTaskHandle _handle;
 #endif
-    /* See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html#functions  */
+    /* See Espressif api-reference/system/freertos_idf.html#functions  */
     if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) {
         /* Observed approximately 6KB limit for the RTOS task stack size.
          * Reminder parameter is bytes, not words as with generic FreeRTOS. */
@@ -582,8 +587,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
 #endif
 
     /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
-     * Espressif uses BYTES for the task stack size here.
-     * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */
+     * Espressif uses BYTES for the task stack size here. */
     ret = xTaskCreate(tls_smp_client_task,
                       TLS_SMP_CLIENT_TASK_NAME,
                       TLS_SMP_CLIENT_TASK_BYTES,
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
index b016f29a6..5df9f1474 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
@@ -1,6 +1,6 @@
 /* client-tls.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,9 +29,9 @@
 
 /* See main/Kconfig.projbuild for default configuration settings */
 #ifdef CONFIG_WOLFSSL_TARGET_HOST
-    #define TLS_SMP_TARGET_HOST         "192.168.1.36"
+    #define TLS_SMP_TARGET_HOST         CONFIG_WOLFSSL_TARGET_HOST
 #else
-    #define TLS_SMP_TARGET_HOST         "192.168.1.41"
+    #define TLS_SMP_TARGET_HOST         "192.168.1.37"
 #endif
 
 #ifdef CONFIG_WOLFSSL_TARGET_PORT
@@ -44,7 +44,7 @@
 
 /* Reminder: Vanilla FreeRTOS is words, Espressif is bytes. */
 #if defined(WOLFSSL_ESP8266)
-    #if defined(WOLFSSL_HAVE_KYBER)
+    #if defined(WOLFSSL_HAVE_MLKEM)
         /* Minimum ESP8266 stack size = 10K with Kyber.
          * Note there's a maximum not far away as Kyber needs heap
          * and the total DRAM is typically only 80KB total. */
@@ -54,12 +54,12 @@
         #define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024)
     #endif
 #else
-    #if defined(WOLFSSL_HAVE_KYBER)
+    #if defined(WOLFSSL_HAVE_MLKEM)
         /* Minimum ESP32 stack size = 12K with Kyber enabled. */
         #define TLS_SMP_CLIENT_TASK_BYTES (12 * 1024)
     #else
         /* Minimum ESP32 stack size = 8K without Kyber */
-        #define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024)
+        #define TLS_SMP_CLIENT_TASK_BYTES (10 * 1024)
     #endif
 #endif
 
@@ -87,7 +87,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args);
 
 /* init will create an RTOS task, otherwise server is simply function call. */
 #if defined(SINGLE_THREADED)
-    /* no init neded */
+    /* no init needed */
 #else
     WOLFSSL_ESP_TASK tls_smp_client_init(void* args);
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
index 12c452d6e..d9ed211e2 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
@@ -1,6 +1,6 @@
 /* wolfssl_client main.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,7 +18,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #ifndef _MAIN_H_
 #define _MAIN_H_
 
+void app_main(void);
+
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
index 3586ac65a..1560fbbbb 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
@@ -1,6 +1,6 @@
 /* time_helper.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,8 +24,8 @@
 #ifndef _TIME_HELPER_H_
 #define _TIME_HELPER_H_
 
-/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
+ * release v5.0 See Espressif api-reference/system/system_time
  */
 
 #ifdef __cplusplus
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
index 6888228f3..3546c4696 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
@@ -1,6 +1,6 @@
 /* wifi_connect.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -103,23 +103,29 @@
     ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
     */
     #if defined(CONFIG_ESP_WIFI_SSID)
-        /* tyically from ESP32 with ESP-IDF v4 ot v5 */
+        /* tyically from ESP32 with ESP-IDF v4 to v5 */
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
     #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
-        /* tyically from ESP8266 rtos-sdk/v3.4 */
+        /* typically from ESP8266 rtos-sdk/v3.4 */
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
     #else
-        #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+        /* See new esp-sdk-lib.h helpers: */
+        #ifndef EXAMPLE_ESP_WIFI_SSID
+            #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
+        #endif
     #endif
 
     #if defined(CONFIG_ESP_WIFI_PASSWORD)
         /* tyically from ESP32 with ESP-IDF v4 or v5 */
         #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
     #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
-        /* tyically from ESP8266 rtos-sdk/v3.4 */
+        /* typically from ESP8266 rtos-sdk/v3.4 */
         #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD
     #else
-        #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+        /* See new esp-sdk-lib.h helpers: */
+        #ifndef EXAMPLE_ESP_WIFI_PASS
+            #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
+        #endif
     #endif
 #endif
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
index 838ad66bd..3c0e0c1c7 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,22 +28,32 @@
 
 /* wolfSSL */
 /* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
-/* Reminder: settings.h pulls in user_settings.h; don't include it here */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    /* This project not yet using the library */
+    #undef USE_WOLFSSL_ESP_SDK_WIFI
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
 /* this project */
 #include "client-tls.h"
 #include "time_helper.h"
 
-#ifndef CONFIG_IDF_TARGET_ESP32H2
+#ifdef CONFIG_IDF_TARGET_ESP32H2
     /* There's no WiFi on ESP32-H2.
      * For wired ethernet, see:
      * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */
+#else
     #include "wifi_connect.h"
     /*
      * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4
@@ -123,8 +133,12 @@ void my_atmel_free(int slotId)
 /* Entry for FreeRTOS */
 void app_main(void)
 {
+#if !defined(SINGLE_THREADED) && INCLUDE_uxTaskGetStackHighWaterMark
     int stack_start = 0;
+#endif
+#if !defined(SINGLE_THREADED)
     int this_heap = 0;
+#endif
     esp_err_t ret = 0;
     ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
@@ -132,7 +146,10 @@ void app_main(void)
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
-#ifdef ESP_SDK_MEM_LIB_VERSION
+#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
+#endif
+#if defined(ESP_SDK_MEM_LIB_VERSION) && defined(DEBUG_WOLFSSL)
     sdk_init_meminfo();
 #endif
 #ifdef ESP_TASK_MAIN_STACK
@@ -155,7 +172,7 @@ void app_main(void)
          * the minimum free stack space there has been (in bytes not words, unlike
          * vanilla FreeRTOS) since the task started. The smaller the returned
          * number the closer the task has come to overflowing its stack.
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
+         * see Espressif api-reference/system/freertos_idf
          */
         stack_start = uxTaskGetStackHighWaterMark(NULL);
         #ifdef ESP_SDK_MEM_LIB_VERSION
@@ -172,7 +189,15 @@ void app_main(void)
 #ifdef HAVE_VERSION_EXTENDED_INFO
     esp_ShowExtendedSystemInfo();
 #endif
-
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_OFF();
+#endif
+#ifdef CONFIG_IDF_TARGET_ESP32H2
+    ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported");
+    while (1) {
+        vTaskDelay(60000);
+    }
+#endif
     /* Set time for cert validation.
      * Some lwIP APIs, including SNTP functions, are not thread safe. */
     ret = set_time(); /* need to setup NTP before WiFi */
@@ -267,7 +292,6 @@ void app_main(void)
                    - (uxTaskGetStackHighWaterMark(NULL))
             );
     ESP_LOGI(TAG, "Starting TLS Client task ...\n");
-
     ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d",
                   &this_heap, this_heap);
     tls_smp_client_init(args);
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
index 0adfefcbc..5f2ebe392 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
@@ -1,6 +1,6 @@
 /* time_helper.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,30 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-/* See https://tf.nist.gov/tf-cgi/servers.cgi */
-
-/* common Espressif time_helper v5.6.6.001 */
-#include "sdkconfig.h"
+/* common Espressif time_helper */
 #include "time_helper.h"
 
+
+#include "sdkconfig.h"
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    /* This project not yet using the library */
+    #undef USE_WOLFSSL_ESP_SDK_WIFI
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+
 #include <esp_log.h>
 #include <esp_idf_version.h>
 
@@ -41,8 +59,8 @@
     /* TODO Consider non ESP-IDF environments */
 #endif
 
-/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
+ * release v5.0. See: Espressif api-reference/system/system_time
  */
 
 /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */
@@ -186,7 +204,7 @@ int set_time_from_string(const char* time_buffer)
     int quote_offset = 0;
     int ret = 0;
 
-    /* perform some basic sanity checkes */
+    /* perform some basic sanity checks */
     ret = probably_valid_time_string(time_buffer);
     if (ret == ESP_OK) {
         /* we are expecting the string to be encapsulated in single quotes */
@@ -200,7 +218,7 @@ int set_time_from_string(const char* time_buffer)
                     &day, &hour, &minute, &second, &year, &offset);
 
         if (ret == 8) {
-            /* we found a match for all componets */
+            /* we found a match for all components */
 
             const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
                                      "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
@@ -264,7 +282,7 @@ int set_time(void)
     esp_show_current_datetime();
 
 #ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE
-    /* initialy set a default approximate time from recent git commit */
+    /* initially set a default approximate time from recent git commit */
     ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s",
                    LIBWOLFSSL_VERSION_GIT_HASH_DATE);
     set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0");
@@ -285,7 +303,7 @@ int set_time(void)
     if (NTP_SERVER_COUNT) {
         /* next, let's setup NTP time servers
          *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         * see Espressif api-reference/system/system_time
          *
          * WARNING: do not set operating mode while SNTP client is running!
          */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
index 19ced3301..523c7163d 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
@@ -1,6 +1,6 @@
 /* wifi_connect.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,12 +31,22 @@
 #include <esp_wifi.h>
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/version.h>
-#include <wolfssl/wolfcrypt/types.h>
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    /* This project not yet using the library */
+    #undef USE_WOLFSSL_ESP_SDK_WIFI
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
 /* When there's too little heap, WiFi quietly refuses to connect */
@@ -137,7 +147,7 @@ int wifi_init_sta(void)
     };
 
     /* Setting a password implies station will connect to all security modes including WEP/WPA.
-        * However these modes are deprecated and not advisable to be used. Incase your Access point
+        * However these modes are deprecated and not advisable to be used. In case your Access point
         * doesn't support WPA2, these mode can be enabled by commenting below line */
 
     if (strlen((char *)wifi_config.sta.password)) {
@@ -198,7 +208,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
         ESP_LOGI(TAG, "got ip:%s",
                  ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
     #endif
-        /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */
+        /* see Espressif api-reference/system/freertos_idf */
         xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
         break;
     case SYSTEM_EVENT_STA_DISCONNECTED:
@@ -315,7 +325,7 @@ int wifi_init_sta(void)
             .ssid = EXAMPLE_ESP_WIFI_SSID,
             .password = EXAMPLE_ESP_WIFI_PASS,
             /* Authmode threshold resets to WPA2 as default if password matches
-             * WPA2 standards (pasword len => 8). If you want to connect the
+             * WPA2 standards (password len => 8). If you want to connect the
              * device to deprecated WEP/WPA networks, Please set the threshold
              * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with
              * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
index 765df0fe6..d2b0b890e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
@@ -1,18 +1,31 @@
+# Set the known example app config to TLS Client (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT=y
+
+# CONFIG_EXAMPLE_WIFI_SSID="myssid"
+# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
 # sdkconfig.defaults for ESP8266 + ESP32
-# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
-# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
-CONFIG_BENCH_ARGV="-lng 0"
+# See separate sdkconfig.defaults.esp8266
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
 # Default main stack size. See user_settings.h
 #
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
+#
 # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
 # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
 CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
 
-# Legacy stack size for older ESP-IDF versions
+# Legacy stack size name for older ESP-IDF versions
 CONFIG_MAIN_TASK_STACK_SIZE=10500
 
 #
@@ -50,6 +63,36 @@ CONFIG_HEAP_DISABLE_IRAM=y
 # Performance
 # CONFIG_COMPILER_OPTIMIZATION_PERF=y
 
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+# CONFIG_ESP_TLS_USING_WOLFSSL=y
+# CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
 # Set max COU frequency (falls back as needed for lower maximum)
 CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
 
@@ -57,6 +100,26 @@ CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
 CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
+
 #
 # Compiler options
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2
new file mode 100644
index 000000000..a24d9302e
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2
@@ -0,0 +1,7 @@
+#
+# Main XTAL Config
+#
+CONFIG_XTAL_FREQ_26=y
+# CONFIG_XTAL_FREQ_40 is not set
+CONFIG_XTAL_FREQ=26
+# end of Main XTAL Config
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
index 11a9e467a..a61aed3f0 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
@@ -1,10 +1,19 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.0
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
+message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
+
 cmake_minimum_required(VERSION 3.16)
 
+# Optional no watchdog typically used for test & benchmark
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
 # The wolfSSL CMake file should be able to find the source code.
 # Otherwise, assign an environment variable or set it here:
 #
@@ -22,45 +31,63 @@ cmake_minimum_required(VERSION 3.16)
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
 # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
 
 if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
-    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
     set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
 else()
-    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
 endif()
 
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
+    else()
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
+else()
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
+endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
+
 # Check that there are not conflicting wolfSSL components
 # The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
 # The local component wolfSSL directory will be in ./components/wolfssl
+message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
 if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
     # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
     # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -75,22 +102,47 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
     message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
                         "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
                         "or rename the idf_component.yml file typically found in ./main/")
-else()
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    # A standard project component (not a Managed Component)
     message(STATUS "No conflicting wolfSSL components found.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+    # The official Managed Component called wolfssl from the wolfssl user.
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
+    # There is a known gojimmypi staging component available for anyone:
+    message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+    # Other users with permissions might publish their own mywolfssl staging Managed Component
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+else()
+    message(STATUS "WARNING: wolfssl component directory not found.")
 endif()
 
+# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
+# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
 
-# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
-set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
+# an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 
-if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
-    message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
-    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
-else()
-    message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+if(0)
+    message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
+    # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+    set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+    if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+        message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+        set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+    else()
+        message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    endif()
+    message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
 endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
 project(wolfssl_server)
+message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
index c663c78cb..17d14e735 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
@@ -20,18 +20,18 @@ The Example contains a wolfSSL simple server.
 1. `idf.py menuconfig` to configure the project
 
     1-1. Example Connection Configuration ->
-    
-           WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")  
+
+           WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")
            WIFI Password : WIFI password, and default is "mypassword"
 
 When you want to test the wolfSSL simple server demo
 
 1. `idf.py -p <PORT> flash` to compile the code and load the firmware
 2. `idf.py monitor` to see the context. The assigned IP address can be found in output message.
-3. Once the server connects to the wifi, it is waiting for client request.  
+3. Once the server connects to the wifi, it is waiting for client request.
     ("Waiting for a connection..." message will be displayed.)
-   
-4. You can use <wolfssl>/examples/client to test the server  
+
+4. You can use <wolfssl>/examples/client to test the server
     e.g ./example/client/client -h xx.xx.xx
 
 See the README.md file in the upper level 'examples' directory for more information about examples.
@@ -39,7 +39,7 @@ See the README.md file in the upper level 'examples' directory for more informat
 
 ```
 # . /mnt/c/SysGCC/esp32/esp-idf/master/export.sh
-. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
+. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh
 cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server
 
 # optionally erase
@@ -82,7 +82,7 @@ After the server exits, remove the port proxy forward:
 netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0
 ```
 
-Cipers to consider
+Ciphers to consider
 
 ```
 TLS13-AES128-GCM-SHA256:
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
index 01dd6baf8..87e1f0365 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
@@ -49,7 +49,7 @@ make clean && make
 ### Others...
 
 ```
-# Success: Linux Client to ESP32 Server TLS1.2 
+# Success: Linux Client to ESP32 Server TLS1.2
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
 ./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
@@ -81,7 +81,7 @@ be the same as the Linux server files.
 
 |  Usage |            Certificate             |        Key                          |   Certificate Authority file, default ./certs/client-cert.pem |
 | -----  | ---------------------------------- | ----------------------------------- | --------------------------------- |
-| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |                      
+| server | -c ./certs/sm2/server-sm2.pem      | -k ./certs/sm2/server-sm2-priv.pem  | -A ./certs/sm2/client-sm2.pem -V  |
 | client | -c ./certs/sm2/client-sm2.pem      | -k ./certs/sm2/client-sm2-priv.pem  | -A ./certs/sm2/root-sm2.pem -C    |
 | emdedded:
 | server | wolfSSL_CTX_use_certificate_buffer<br/> server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer<br/> server_sm2_priv | wolfSSL_CTX_load_verify_buffer<br/> client-sm2  |
@@ -156,7 +156,7 @@ I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
 I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
 I (636) spi_flash: detected chip: generic
 I (639) spi_flash: flash io: dio
-W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the 
+W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
 size in the binary image header.
 I (657) cpu_start: Starting scheduler on PRO CPU.
 I (0) cpu_start: Starting scheduler on APP CPU.
@@ -167,7 +167,7 @@ I (735) system_api: read default base MAC address from EFUSE
 I (755) wifi:wifi firmware version: 0d470ef
 I (755) wifi:wifi certification version: v7.0
 I (755) wifi:config NVS flash: enabled
-I (755) wifi:config nano formating: disabled
+I (755) wifi:config nano formatting: disabled
 I (755) wifi:Init data frame dynamic rx buffer num: 32
 I (765) wifi:Init management frame dynamic rx buffer num: 32
 I (765) wifi:Init management short buffer num: 32
@@ -358,12 +358,12 @@ I (14715) internal.c: GrowOutputBuffer ok
 I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
 I (14725) wolfssl: Point Formats extension to write
 W (14735) wolfio: ssl->wflags = 0
-I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57 
-I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8 
-I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20 
-I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58 
-I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00 
-I (14765) wolfio: 06 00 0b 00 02 01 00 
+I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
+I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
+I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
+I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
+I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
+I (14765) wolfio: 06 00 0b 00 02 01 00
 W (14775) wolfio: sz          = 87
 I (14775) wolfssl: Shrinking output buffer
 I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
@@ -372,53 +372,53 @@ I (14795) wolfssl: wolfSSL Entering SendCertificate
 I (14795) wolfssl: growing output buffer
 I (14805) internal.c: GrowOutputBuffer ok
 W (14815) wolfio: ssl->wflags = 0
-I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30 
-I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30 
-I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b 
-I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 
-I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 
-I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 
-I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 
-I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06 
-I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c 
-I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d 
-I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 
-I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f 
-I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01 
-I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33 
-I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31 
-I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30 
-I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03 
-I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e 
-I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14 
-I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c 
-I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53 
-I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55 
-I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 
-I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 
-I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 
-I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 
-I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30 
-I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c 
-I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f 
-I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa 
-I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f 
-I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0 
-I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30 
-I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b 
-I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f 
-I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb 
-I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30 
-I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06 
-I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06 
-I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 
-I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04 
-I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83 
-I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d 
-I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3 
-I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1 
-I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f 
-I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68 
+I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
+I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
+I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
+I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
+I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
+I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
+I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
+I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
+I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
+I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
+I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
+I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
+I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
+I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
+I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
+I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
+I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
+I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
+I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
+I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
+I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
+I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
+I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
+I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
+I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
+I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
+I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
+I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
+I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
+I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
+I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
+I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
+I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
+I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
+I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
+I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
+I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
+I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
+I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
+I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
+I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
+I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
+I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
+I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
+I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
+I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
+I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
 W (15135) wolfio: sz          = 747
 I (15135) wolfssl: Shrinking output buffer
 I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
@@ -440,16 +440,16 @@ I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
 I (15925) wolfssl: growing output buffer
 I (15925) internal.c: GrowOutputBuffer ok
 W (15925) wolfio: ssl->wflags = 0
-I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5 
-I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3 
-I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f 
-I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27 
-I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08 
-I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad 
-I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac 
-I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a 
-I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c 
-I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6 
+I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
+I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
+I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
+I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
+I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
+I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
+I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
+I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
+I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
+I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
 W (15995) wolfio: sz          = 154
 I (16005) wolfssl: Shrinking output buffer
 I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
@@ -459,7 +459,7 @@ I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
 I (16035) wolfssl: growing output buffer
 I (16035) internal.c: GrowOutputBuffer ok
 W (16045) wolfio: ssl->wflags = 0
-I (16045) wolfio: 16 03 03 00 04 0e 00 00 00 
+I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
 W (16045) wolfio: sz          = 9
 I (16055) wolfssl: Embed Send error
 I (16055) wolfssl:      Connection reset
@@ -479,14 +479,14 @@ I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
 I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
 E (16145) tls_server: ERROR: failed to read
 I (16145) wolfssl: Client sends:
-I (16145) wolfssl: 
+I (16145) wolfssl:
 I (16155) wolfssl: wolfSSL Entering wolfSSL_write
 I (16155) wolfssl: handshake not complete, trying to finish
 I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
 I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
 I (16175) wolfssl: wolfSSL Entering ReinitSSL
 W (16185) wolfio: ssl->wflags = 0
-I (16185) wolfio: 16 03 03 00 04 0e 00 00 00 
+I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
 W (16185) wolfio: sz          = 9
 I (16195) wolfssl: Embed Send error
 I (16195) wolfssl:      General error
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
index b809a1714..cc7ef0d47 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -19,18 +19,148 @@
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.6.0.011 for detect test/benchmark
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
-set(CMAKE_CURRENT_SOURCE_DIR ".")
-set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
-set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
 
-# find the user name to search for possible "wolfssl-username"
+set(VERBOSE_COMPONENT_MESSAGES 1)
+
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
+# The scope of this CMAKE_C_FLAGS is just this component:
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(CMAKE_CURRENT_SOURCE_DIR ".")
+# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+
+# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
+# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
+
+if ( "${WOLFSSL_ROOT}" STREQUAL "")
+    set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
+endif()
+
+if(  "$ENV{IDF_PATH}" STREQUAL "" )
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+else()
+    string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
+endif()
+
+# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
+if(VERBOSE_COMPONENT_MESSAGES)
+    if(WIN32)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+        message(STATUS "Detected Windows")
+    endif()
+    if(CMAKE_HOST_UNIX)
+        message(STATUS "Detected UNIX")
+    endif()
+    if(APPLE)
+        message(STATUS "Detected APPLE")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+        message(STATUS "Detected WSL")
+    endif()
+    if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+        message(STATUS "Detected Linux")
+    endif()
+    if(APPLE)
+        # Windows-specific configuration here
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+        message(STATUS "Detected Apple")
+    endif()
+endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+else()
+    message(STATUS "No conflicting wolfSSL components found.")
+endif()
+
+
+# Don't include lwip requirement for benchmark and test apps.
+if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
+    message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
+else()
+    # benchmark and test do not need wifi, everything else probably does:
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -51,6 +181,25 @@ else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
 
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
+
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -68,7 +217,8 @@ endif()
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -76,27 +226,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
     endif()
 endfunction()
 
+# *********************************************************************************************
 # function: FIND_WOLFSSL_DIRECTORY
 #  parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
 #
+# Example usage:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+# *********************************************************************************************
 function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
-    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
-    set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
-    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
-        message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+    message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+
+    if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
+        set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
+        if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+            message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            else()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
             set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
             return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-            message(STATUS "$ENV{WOLFSSL_ROOT}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
+
     # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
     message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
     get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -114,16 +308,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
             return()
         endif()
 
+        # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
         if( THIS_USER )
             # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
             set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
-            message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
 
-            #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
             IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
             if ( FOUND_WOLFSSL )
-               message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
-                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
+                message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl-master"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+                return()
+            endif()
+        endif()
+
+        if ( FOUND_WOLFSSL )
+            # if we already found the source, skip attempt of "wolfssl"
+        else()
+            set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
+            message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
+
+            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
+            if ( FOUND_WOLFSSL )
+                message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
+                set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
+                set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
                 return()
             endif()
         endif()
@@ -143,7 +368,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
         get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
         message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
         if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
-            # when the search directory is empty, we'll give up
+            # When the parent is current directory, cannot go any further. We didn't find wolfssl.
+            # When the search directory is empty, we'll give up.
             set(CURRENT_SEARCH_DIR "")
         endif()
     endwhile()
@@ -154,17 +380,64 @@ endfunction()
 
 
 # Example usage:
+#
+# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
+#   FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+#
 
+message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
 
+# Optional variable inspection
+if (0)
+    get_cmake_property(_variableNames VARIABLES)
+    list (SORT _variableNames)
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES BEGIN")
+    message(STATUS "")
+    foreach (_variableName ${_variableNames})
+        message(STATUS "${_variableName}=${${_variableName}}")
+    endforeach()
+    message(STATUS "")
+    message(STATUS "ALL VARIABLES END")
+    message(STATUS "")
+endif()
+
+if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+    # There's no esp_timer, no driver components for the ESP8266
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
+else()
+    message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
+    set(THIS_ESP_TLS        "esp-tls")
+    set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
+endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          # esp_timer
-                                          # driver # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -173,48 +446,99 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
-        message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
+        IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
+        if(FOUND_WOLFSSL)
+            message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
+        else()
+            # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
+            message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
+                                "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
+            # Abort CMake after fatal error.
+        endif()
     else()
-        message(STATUS "NEW wolfssl directory not found.")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
+        FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
+    endif()
+
+
+    if(WOLFSSL_ROOT)
+        message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
+    else()
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
-                            "Try setting WOLFSSL_ROOT environment variable or git clone.")
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
 
     set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
 
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
-    endif()
-
-    if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
-        set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+    # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
+    set(USE_LOCAL_TEST_BENCH 0)
+    if(NOT USE_LOCAL_TEST_BENCH)
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
+        endif()
+
+        if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
+            message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
+            set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
+        endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
-
 
+    string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
+    add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
     # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
     file(GLOB EXCLUDE_ASM *.S)
-    file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
+    file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
 
     message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
     message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -237,11 +561,12 @@ else()
         message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
         message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
         message(STATUS "")
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
         message(STATUS "")
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
+
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 
@@ -291,6 +616,7 @@ else()
                         message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
                                             "${WOLFSSL_ROOT}/include/user_settings.h "
                                             " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
+                        # Abort CMake after fatal error.
                     else()
                         # we won't overwrite an existing user settings file, just note that we already have one:
                         if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -347,7 +673,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -360,21 +688,22 @@ else()
             message(STATUS "Could not find RTOS path")
         endif()
     endif()
-
-
+    message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
+    # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
         "\"${RTOS_IDF_PATH}/\""
         # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
-        ${THIS_IDF_PATH}/components/esp_event/include
-        ${THIS_IDF_PATH}/components/esp_netif/include
-        ${THIS_IDF_PATH}/components/esp_wifi/include
+        "${THIS_IDF_PATH}/components/esp_event/include"
+        "${THIS_IDF_PATH}/components/esp_netif/include"
+        "${THIS_IDF_PATH}/components/esp_wifi/include"
         )
 
-
+    # Optionally include cryptoauthlib if present
     if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
         list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
     endif()
@@ -383,7 +712,7 @@ else()
     list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
 
 
-
+    # Some files are known to be included elsewhere, or not used for Espressif
     set(COMPONENT_SRCEXCLUDE
         "\"${WOLFSSL_ROOT}/src/bio.c\""
         "\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -399,8 +728,8 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
-        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external Kyber disabled by default
-        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -411,6 +740,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -432,22 +762,144 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
-                           )
-    # some optional diagnostics
-    if (1)
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
+
+    # Some optional diagnostics. Verbose ones are truncated.
+    if (VERBOSE_COMPONENT_MESSAGES)
         get_cmake_property(_variableNames VARIABLES)
         list (SORT _variableNames)
         message(STATUS "")
         message(STATUS "ALL VARIABLES BEGIN")
         message(STATUS "")
         foreach (_variableName ${_variableNames})
-            message(STATUS "${_variableName}=${${_variableName}}")
+            if (      ("${_variableName}" STREQUAL "bootloader_binary_files")
+                    OR ("${_variableName}" STREQUAL "Component paths")
+                    OR ("${_variableName}" STREQUAL "component_targets")
+                    OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
+                    OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
+                    OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
+                    OR ("${_variableName}" STREQUAL "val")
+                    OR ("${_variableName}" MATCHES "^__idf_")
+               )
+                # Truncate the displayed value:
+                string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
+                message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
+            else()
+                message(STATUS "${_variableName}=${${_variableName}}")
+            endif()
         endforeach()
         message(STATUS "")
         message(STATUS "ALL VARIABLES END")
@@ -455,6 +907,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -500,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
         message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -508,33 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
+
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
new file mode 100644
index 000000000..150913190
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
index 02c36849b..f94bd617d 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -18,6 +18,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 
+$(info ***********  wolfssl component ************)
+
 #
 # Component Makefile
 #
@@ -48,21 +50,80 @@
 # define it here:
 CFLAGS +=-DWOLFSSL_USER_SETTINGS
 
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+
+
 # NOTICE: the WOLFSSL_ROOT setting MUST be relative!
 # See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
 # In the wolfSSL GitHub examples for Espressif:
 #   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
 # When this wolfssl component.mk makefile is in [project]/components/wolfssl
-# The root is 7 directories up from here:
-WOLFSSL_ROOT := ../../../../../../..
+# The root is 7 directories up from here (the location of of this component.mk):
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
 
-# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
+
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
+
+# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
-COMPONENT_ADD_INCLUDEDIRS := ./include
+COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS += include
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
 COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
@@ -76,27 +137,27 @@ COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
 COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
 
-COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
-
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
 
 ##
 ## wolfSSL
 ##
-COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
-# COMPONENT_OBJS += src/conf.o
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
-# COMPONENT_OBJS += src/pk.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
@@ -108,8 +169,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
-# COMPONENT_OBJS += src/x509.o
-# COMPONENT_OBJS += src/x509_str.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
 
 ##
 ## wolfcrypt
@@ -118,7 +179,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
@@ -142,7 +203,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
@@ -174,7 +235,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
@@ -205,14 +266,14 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
 COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
 
@@ -230,19 +291,16 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.
 ##
 ## wolfcrypt benchmark  (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
 ## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
 
 
 ##
 ## wolfcrypt test (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
-## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/test
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
 
-##
-## wolfcrypt
-##
-# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
index 380da3e69..8da276d1e 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,29 +18,222 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
 
-/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
-
-/* This user_settings.h is for Espressif ESP-IDF */
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
 
+/* The Espressif project config file. See also sdkconfig.defaults */
 #include "sdkconfig.h"
 
-#define DEBUG_WOLFSSL
-/* #define DEBUG_WOLFSSL_VERBOSE */
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here.
+ *
+ * When editing this file:
+ * ensure all examples match. The template example is the reference.
+ */
+
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+#undef  WOLFSSL_ESPIDF
+#define WOLFSSL_ESPIDF
+
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
 
 /* Experimental Kyber */
-#if 0
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
+    /* Kyber typically needs a minimum 10K stack */
     #define WOLFSSL_EXPERIMENTAL_SETTINGS
-    #define WOLFSSL_HAVE_KYBER
-    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_HAVE_MLKEM
+    #define WOLFSSL_WC_MLKEM
     #define WOLFSSL_SHA3
     #if defined(CONFIG_IDF_TARGET_ESP8266)
         /* With limited RAM, we'll disable some of the Kyber sizes: */
         #define WOLFSSL_NO_KYBER1024
         #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
     #endif
 #endif
 
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
 /* Pick a cert buffer size: */
 /* #define USE_CERT_BUFFERS_2048 */
 /* #define USE_CERT_BUFFERS_1024 */
@@ -57,14 +250,76 @@
 **   CONFIG_IDF_TARGET_ESP32C6
 */
 
-#undef  WOLFSSL_ESPIDF
-#define WOLFSSL_ESPIDF
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
 
-/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */
-#define NO_ESP_SDK_WIFI
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
 
 /*
- * ONE of these Espressif chipsets should be defined:
+ * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
  * WOLFSSL_ESPWROOM32SE
@@ -83,11 +338,28 @@
 #endif
 /* See below for chipset detection from sdkconfig.h */
 
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
 /* Small session cache saves a lot of RAM for ClientCache and SessionCache.
  * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
- * When really desperate, try NO_SESSION_CACHE.  */
-#define MICRO_SESSION_CACHE
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
 
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
@@ -102,19 +374,44 @@
 
 #define BENCH_EMBEDDED
 
-#define WOLFSSL_SMALL_STACK
-#define HAVE_ECC
-#define RSA_LOW_MEM
-
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -131,30 +428,72 @@
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-#if defined(CONFIG_IDF_TARGET_ESP8266)
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
     /* Some known low-memory devices have features not enabled by default. */
+    /* TODO determine low memory configuration for ECC. */
 #else
     /* when you want to use SHA512 */
     #define WOLFSSL_SHA512
 
     /* when you want to use SHA3 */
-    #define WOLFSSL_SHA3
+    /* #define WOLFSSL_SHA3 */
 
     /* ED25519 requires SHA512 */
     #define HAVE_ED25519
+#endif
 
-    #define HAVE_ECC
-    #define HAVE_CURVE25519
-    #define CURVE25519_SMALL
-    #define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
+
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
 #endif
 
 /* Optional OpenSSL compatibility */
 /* #define OPENSSL_EXTRA */
 
-/* when you want to use pkcs7 */
+/* #Optional HAVE_PKCS7 */
 /* #define HAVE_PKCS7 */
+
 #if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
     #define HAVE_AES_KEYWRAP
     #define HAVE_X963_KDF
     #define WOLFSSL_AES_DIRECT
@@ -174,25 +513,11 @@
     /* #define CUSTOM_SLOT_ALLOCATION                              */
 #endif
 
-/* RSA primitive specific definition */
-#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
-    /* Define USE_FAST_MATH and SMALL_STACK                        */
-    #define ESP32_USE_RSA_PRIMITIVE
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
 
-    #if defined(CONFIG_IDF_TARGET_ESP32)
-
-        /* NOTE HW unreliable for small values! */
-        /* threshold for performance adjustment for HW primitive use   */
-        /* X bits of G^X mod P greater than                            */
-        #undef  ESP_RSA_EXPT_XBITS
-        #define ESP_RSA_EXPT_XBITS 32
-
-        /* X and Y of X * Y mod P greater than                         */
-        #undef  ESP_RSA_MULM_BITS
-        #define ESP_RSA_MULM_BITS  16
-
-    #endif
-#endif
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
@@ -203,37 +528,69 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x249F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
-#define HASH_SIZE_LIMIT /* for test.c */
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT
 
 /* USE_FAST_MATH is default */
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */
 
 /***** Use Integer Heap Math *****/
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
+
+#define WOLFSSL_SMALL_STACK
+
+
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
-#define WOLFSSL_CERT_TEXT
+
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -253,11 +610,66 @@
 --enable-asn-template
 */
 
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
 /* Chipset detection from sdkconfig.h
  * Default is HW enabled unless turned off.
  * Uncomment lines to force SW instead of HW acceleration */
-#if defined(CONFIG_IDF_TARGET_ESP32)
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
     /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
     /*  #define NO_ESP32_CRYPT                 */
     /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
@@ -375,12 +787,16 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -392,7 +808,7 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -400,29 +816,84 @@
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
 #endif /* CONFIG_IDF_TARGET Check */
 
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
 /* Debug options:
 See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
 */
 
-#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
+/* Pause in a loop rather than exit. */
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
+
 #define WOLFSSL_HW_METRICS
 
-/* #define HASH_SIZE_LIMIT */ /* for test.c */
+/* for test.c */
+/* #define HASH_SIZE_LIMIT */
 
-/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -463,6 +934,12 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
  * There are various certificate examples in this header file:
  * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
  *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
  * To use the sets of macros below, define *one* of these:
  *
  *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
@@ -540,6 +1017,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
     #define WOLFSSL_BASE16
 #else
     #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -559,6 +1039,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
     #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -581,3 +1064,34 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
         #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
index 798cecceb..4f5613953 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
@@ -1,35 +1,43 @@
 # wolfSSL Espressif Example Project/main CMakeLists.txt
-#   v1.0
+#   v1.2
 #
 # wolfssl server test
 #
+message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
+
 if(WIN32)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-    message("Detected Windows")
+    message(STATUS "Detected Windows")
 endif()
 if(CMAKE_HOST_UNIX)
-    message("Detected UNIX")
+    message(STATUS "Detected UNIX")
 endif()
 if(APPLE)
-    message("Detected APPLE")
+    message(STATUS "Detected APPLE")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-    message("Detected WSL")
+    message(STATUS "Detected WSL")
 endif()
 if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-    message("Detected Linux")
+    message(STATUS "Detected Linux")
 endif()
 if(APPLE)
     # Windows-specific configuration here
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-    message("Detected Apple")
+    message(STATUS "Detected Apple")
 endif()
 set (git_cmd "git")
 
@@ -43,14 +51,26 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
 endif()
 
+# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
+if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
+    message(STATUS "WARNING: Using a staging instance of wolfssl.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
+else()
+    message(STATUS "Using release wolfssl component.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
+endif()
+
 ## register_component()
 idf_component_register(SRCS main.c
                             wifi_connect.c
                             time_helper.c
                             server-tls.c
                        INCLUDE_DIRS "."
-                                    "./include")
-#
+                            "./include"
+                       PRIV_REQUIRES "${MAIN_WOLFSSL_COMPONENT_NAME}"
+                                     "${THIS_PRIV_REQUIRES_DRIVER}"
+                                     nvs_flash
+                                     protocol_examples_common)
 
 #
 # LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -80,15 +100,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
-        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
+        message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
         set(${VAR_OUPUT} "Unknown")
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
+# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
     # LIBWOLFSSL_VERSION_GIT_HASH
     execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -104,3 +133,4 @@ endif()
 
 message(STATUS "")
 
+message(STATUS "End wolfSSL main CMakeLists.txt")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild
index 64406069d..06cc01df8 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild
@@ -1,9 +1,112 @@
-menu "Example Configuration"
+# Kconfig main
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for wolfssl_template
+
+menu "Example wolfSSL Configuration"
+
+choice WOLFSSL_EXAMPLE_CHOOSE
+    prompt "Choose Example (See wolfssl/include/user_settings.h)"
+    default WOLFSSL_EXAMPLE_NAME_NONE
+    help
+        The user settings file can be adjusted to specific wolfSSL examples.
+
+    config WOLFSSL_EXAMPLE_NAME_TEMPLATE
+        bool "wolfSSL Template"
+        help
+            The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
+
+    config WOLFSSL_EXAMPLE_NAME_TEST
+        bool "wolfSSL Test"
+        help
+            This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
+
+    config WOLFSSL_EXAMPLE_NAME_BENCHMARK
+        bool "wolfSSL Benchmark"
+        help
+            Benchmark performance app. See also cryptographic test.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+        bool "TLS Client"
+        help
+            TLS Client Example app. Needs WiFi and a listening server on port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+        bool "TLS Server"
+        help
+            TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+        bool "SSH Template App"
+        help
+            Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+        bool "SSH to UART Server for the ESP32"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+        bool "SSH to UART Server for the ESP8266"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+        bool "MQTT Template"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+        bool "MQTT AWS IoT"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+        bool "TPM Test Example for the ESP32"
+        help
+            See wolfSSL/wolfTPM on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_NONE
+        bool "Other"
+        help
+            A specific example app is not defined.
+
+endchoice
+
+config WOLFSSL_TARGET_HOST
+    string "Target host"
+    default "127.0.0.1"
+    help
+        host address for the example to connect
 
 config WOLFSSL_TARGET_PORT
     int "Target port"
     default 11111
     help
-        Host listening port for the example to connect.
+        host port for the example to connect
 
 endmenu
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
index d31083f65..c59edbee4 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
@@ -1,3 +1,8 @@
 #
-# Main Makefile. This is basically the same as a component makefile.
-#
\ No newline at end of file
+# Main component makefile.
+#
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
+# in the build directory. This behavior is entirely configurable,
+# please read the ESP-IDF documents if you need to do this.
+#
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
index 94d913235..6a7946d50 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
@@ -1,6 +1,6 @@
-/* template main.h
+/* wolfssl_server main.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,7 +18,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #ifndef _MAIN_H_
 #define _MAIN_H_
 
+void app_main(void);
+
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
index c7483039e..9e647edfb 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
@@ -1,6 +1,6 @@
 /* server-tls.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -53,7 +53,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args);
 
 /* init will create an RTOS task, otherwise server is simply function call. */
 #if defined(SINGLE_THREADED)
-    /* no init neded */
+    /* no init needed */
 #else
     WOLFSSL_ESP_TASK tls_smp_server_init(void* args);
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
index b3574b66b..f55d07962 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
@@ -1,5 +1,6 @@
-/*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+/* time_helper.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,11 +21,11 @@
 
 /* common Espressif time_helper v5.6.3.001 */
 
-#ifndef _TIME_HELPER_H
-#define _TIME_HELPER_H
+#ifndef _TIME_HELPER_H_
+#define _TIME_HELPER_H_
 
-/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
+ * release v5.0 See: Espressif api-reference/system/system_time
  */
 
 #ifdef __cplusplus
@@ -32,7 +33,7 @@ extern "C" {
 #endif
 
 /* a function to show the current data and time */
-int esp_show_current_datetime();
+int esp_show_current_datetime(void);
 
 /* worst case, if GitHub time not available, used fixed time */
 int set_fixed_default_time(void);
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
index b5debf364..0fe2183c7 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
@@ -1,6 +1,6 @@
 /* wifi_connect.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,9 +21,6 @@
 #ifndef _WIFI_CONNECT_H_
 #define _WIFI_CONNECT_H_
 
-#include <esp_idf_version.h>
-#include <esp_log.h>
-
 /* ESP lwip */
 #define EXAMPLE_ESP_MAXIMUM_RETRY       CONFIG_ESP_MAXIMUM_RETRY
 
@@ -31,8 +28,10 @@
 #define TLS_SMP_SERVER_TASK_BYTES        22240
 #define TLS_SMP_SERVER_TASK_PRIORITY     8
 
+/* Optionally use ESP-IDF config settings
 #define TLS_SMP_WIFI_SSID                CONFIG_WIFI_SSID
 #define TLS_SMP_WIFI_PASS                CONFIG_WIFI_PASSWORD
+*/
 
 #define USE_WIFI_EXAMPLE
 #ifdef USE_WIFI_EXAMPLE
@@ -52,18 +51,53 @@
  * file my_private_config.h should be excluded from git updates */
 /* #define  USE_MY_PRIVATE_CONFIG */
 
-#ifdef  USE_MY_PRIVATE_CONFIG
+/* Note that IntelliSense may not work properly in the next section for the
+ * Espressif SDK 3.4 on the ESP8266. Macros should still be defined.
+ * See the project-level Makefile. Example found in:
+ * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template
+ *
+ * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that
+ * triggers the make (not cmake) to add compiler defines.
+ */
+#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG)
+    #include "/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_WSL_CONFIG)
+    #include "/mnt/c/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_LINUX_CONFIG)
+    #include "~/workspace/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_MAC_CONFIG)
+    #include "~/Documents/my_private_config.h"
+#elif defined(USE_MY_PRIVATE_CONFIG)
+    /* This section works best with cmake & non-environment variable setting */
     #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_CMAKE
+        #include "/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS)
+        #define WOLFSSL_MAKE
         #include "/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_CMAKE
+        #include "/mnt/c/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL)
+        #define WOLFSSL_MAKE
         #include "/mnt/c/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_CMAKE
+        #include "~/workspace/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX)
+        #define WOLFSSL_MAKE
         #include "~/workspace/my_private_config.h"
     #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE)
         #include "~/Documents/my_private_config.h"
+    #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE)
+        #define WOLFSSL_MAKE
+        #include "~/Documents/my_private_config.h"
+    #elif defined(OS_WINDOWS)
+        #include "/workspace/my_private_config.h"
     #else
-        #warning "did not detect environment. using ~/my_private_config.h"
-        #include "~/my_private_config.h"
+        /* Edit as needed for your private config: */
+        #warning "default private config using /workspace/my_private_config.h"
+        #include "/workspace/my_private_config.h"
     #endif
 #else
 
@@ -74,8 +108,12 @@
     ** If you'd rather not, just change the below entries to strings with
     ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
     */
-    #ifdef CONFIG_ESP_WIFI_SSID
+    #if defined(CONFIG_ESP_WIFI_SSID)
+        /* typically from ESP32 with ESP-IDF v4 to v5 */
         #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* typically from ESP8266 rtos-sdk/v3.4 */
+        #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
     #else
         /* See new esp-sdk-lib.h helpers: */
         #ifndef EXAMPLE_ESP_WIFI_SSID
@@ -83,8 +121,12 @@
         #endif
     #endif
 
-    #ifdef CONFIG_ESP_WIFI_PASSWORD
+    #if defined(CONFIG_ESP_WIFI_PASSWORD)
+        /* tyically from ESP32 with ESP-IDF v4 or v5 */
         #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
+    #elif defined(CONFIG_EXAMPLE_WIFI_SSID)
+        /* typically from ESP8266 rtos-sdk/v3.4 */
+        #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD
     #else
         /* See new esp-sdk-lib.h helpers: */
         #ifndef EXAMPLE_ESP_WIFI_PASS
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
index b25991ca2..fd3af02d4 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,29 +27,43 @@
 #include <esp_event.h>
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h> /* includes wolfSSL user-settings.h */
-#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
 /* this project */
 #include "server-tls.h"
 #include "time_helper.h"
 
-#ifndef CONFIG_IDF_TARGET_ESP32H2
+#ifdef CONFIG_IDF_TARGET_ESP32H2
     /* There's no WiFi on ESP32-H2.
      * For wired ethernet, see:
      * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */
+#else
     #include "wifi_connect.h"
+    /*
+     * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4
+     * See https://github.com/espressif/esp-modbus/issues/2
+     */
 #endif
 
 #ifdef WOLFSSL_TRACK_MEMORY
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
 
-static const char* const TAG = "TLS Client";
+static const char* TAG = "main";
 
 #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
                                   && defined(WOLFSSL_ATECC508A)
@@ -114,42 +128,74 @@ void my_atmel_free(int slotId)
 #endif /* CUSTOM_SLOT_ALLOCATION                                       */
 #endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
 
-/* for FreeRTOS */
+/* Entry for FreeRTOS */
 void app_main(void)
 {
-    int stack_start = 0;
     esp_err_t ret = 0;
+#ifndef SINGLE_THREADED
+    int this_heap = 0;
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
+        int stack_start = 0;
+    #endif
+#endif
     ESP_LOGI(TAG, "---------------- wolfSSL TLS Server Example ------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
+#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
+#endif
+#if defined(ESP_SDK_MEM_LIB_VERSION) && defined(DEBUG_WOLFSSL)
+    sdk_init_meminfo();
+#endif
 #ifdef ESP_TASK_MAIN_STACK
     ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK);
 #endif
 #ifdef TASK_EXTRA_STACK_SIZE
     ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE);
 #endif
-#ifdef INCLUDE_uxTaskGetStackHighWaterMark
+
+#ifdef SINGLE_THREADED
+    ESP_LOGI(TAG, "Single threaded");
+#else
     ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)",
                    CONFIG_ESP_MAIN_TASK_STACK_SIZE,
-                   (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*)));
+             (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*)));
 
-    /* Returns the high water mark of the stack associated with xTask. That is,
-     * the minimum free stack space there has been (in bytes not words, unlike
-     * vanilla FreeRTOS) since the task started. The smaller the returned
-     * number the closer the task has come to overflowing its stack.
-     * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
-     */
-    stack_start = uxTaskGetStackHighWaterMark(NULL);
-    ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
-#endif
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
+    {
+        /* Returns the high water mark of the stack associated with xTask. That is,
+         * the minimum free stack space there has been (in bytes not words, unlike
+         * vanilla FreeRTOS) since the task started. The smaller the returned
+         * number the closer the task has come to overflowing its stack.
+         * see Espressif api-reference/system/freertos_idf
+         */
+        stack_start = uxTaskGetStackHighWaterMark(NULL);
+        #ifdef ESP_SDK_MEM_LIB_VERSION
+        {
+            sdk_var_whereis("stack_start", &stack_start);
+        }
+        #endif
+
+        ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
+    }
+    #endif /* INCLUDE_uxTaskGetStackHighWaterMark */
+#endif /* SINGLE_THREADED */
 
 #ifdef HAVE_VERSION_EXTENDED_INFO
     esp_ShowExtendedSystemInfo();
 #endif
-
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_OFF();
+#endif
+#ifdef CONFIG_IDF_TARGET_ESP32H2
+    ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported");
+    while (1) {
+        vTaskDelay(60000);
+    }
+#endif
     /* Set time for cert validation.
      * Some lwIP APIs, including SNTP functions, are not thread safe. */
     ret = set_time(); /* need to setup NTP before WiFi */
@@ -183,11 +229,23 @@ void app_main(void)
 
     /* Initialize NVS */
     ret = nvs_flash_init();
-    if (ret == ESP_ERR_NVS_NO_FREE_PAGES ||
-        ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
-        ESP_ERROR_CHECK(nvs_flash_erase());
-        ret = nvs_flash_init();
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+    {
+        if (ret == ESP_ERR_NVS_NO_FREE_PAGES) {
+            ESP_ERROR_CHECK(nvs_flash_erase());
+            ret = nvs_flash_init();
+        }
     }
+    #else
+    {
+        /* Non-ESP8266 initialization is slightly different */
+        if (ret == ESP_ERR_NVS_NO_FREE_PAGES ||
+            ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
+            ESP_ERROR_CHECK(nvs_flash_erase());
+            ret = nvs_flash_init();
+        }
+    }
+    #endif /* else not CONFIG_IDF_TARGET_ESP8266 */
     ESP_ERROR_CHECK(ret);
 
     #if defined(CONFIG_IDF_TARGET_ESP32H2)
@@ -202,8 +260,8 @@ void app_main(void)
             ESP_LOGI(TAG, "Trying WiFi again...");
             ret = wifi_init_sta();
         }
-    #endif
-#endif
+    #endif /* else not CONFIG_IDF_TARGET_ESP32H2 */
+#endif /* else FOUND_PROTOCOL_EXAMPLES_DIR not found */
 
     /* Once we are connected to the network, start & wait for NTP time */
     ret = set_time_wait_for_ntp();
@@ -215,34 +273,46 @@ void app_main(void)
         esp_show_current_datetime();
     }
 
-    /* HWM is maximum amount of stack space that has been unused, in bytes
-     * not words (unlike vanilla freeRTOS). */
-    ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
-                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                   - (uxTaskGetStackHighWaterMark(NULL))
-            );
-    ESP_LOGI(TAG, "Starting TLS Server...\n");
-
 #if defined(SINGLE_THREADED)
     /* just call the task */
     tls_smp_server_task((void*)NULL);
 #else
     tls_args args[1] = {0};
     /* start a thread with the task */
+    /* HWM is maximum amount of stack space that has been unused, in bytes
+     * not words (unlike vanilla freeRTOS). */
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes",
+                   CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                   - (uxTaskGetStackHighWaterMark(NULL))
+            );
+    ESP_LOGI(TAG, "Starting TLS Server task...\n");
+    ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d",
+                  &this_heap, this_heap);
+
+
+
     tls_smp_server_init(args); /* NULL will use the DEFAULT_PORT value */
 #endif
 
+    /* Done */
+#ifdef SINGLE_THREADED
+    ESP_LOGV(TAG, "\n\nDone!\n\n");
+    while (1);
+#else
+    ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n");
+    vTaskDelete(NULL);
     /* done */
     while (1) {
+        ESP_LOGV(TAG, "\n\nLoop...\n\n");
+    #ifdef INCLUDE_uxTaskGetStackHighWaterMark
+        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 
-#if defined(SINGLE_THREADED)
-        ESP_LOGV(TAG, "\n\nDone!\n\n");
-        while (1);
-#else
-        /* Delete this main task to free up memory */
-        ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n");
-        vTaskDelete(NULL);
-#endif
+        ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                                        - (uxTaskGetStackHighWaterMark(NULL) ));
+    #endif
+        vTaskDelay(60000);
     } /* done while */
+#endif /* else not SINGLE_THREADED */
 
 } /* app_main */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
index b966e4e17..da8f933c1 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
@@ -1,6 +1,6 @@
 /* server-tls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -39,10 +39,28 @@
 #endif
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/certs_test.h>
-#include <wolfssl/ssl.h>
-
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/ssl.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+#if defined(WOLFSSL_WC_MLKEM)
+    #include <wolfssl/wolfcrypt/mlkem.h>
+    #include <wolfssl/wolfcrypt/wc_mlkem.h>
+#endif
+#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+    #include <wolfssl/certs_test.h>
+#endif
 #ifdef WOLFSSL_TRACK_MEMORY
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
@@ -286,15 +304,19 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
     my_atmel_slotInit();
     atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
     #endif
+#endif
+#ifdef WOLFSSL_EXAMPLE_VERBOSITY
+    ESP_LOGI(TAG, "Initial stack used: %d\n",
+             TLS_SMP_SERVER_TASK_BYTES  - uxTaskGetStackHighWaterMark(NULL) );
 #endif
     ESP_LOGI(TAG, "accept clients...");
     /* Continue to accept clients until shutdown is issued */
     while (!shutdown) {
-        ESP_LOGI(TAG, "Stack used: %d\n", TLS_SMP_SERVER_TASK_BYTES
-                                        - uxTaskGetStackHighWaterMark(NULL) );
         WOLFSSL_MSG("Waiting for a connection...");
+#if ESP_IDF_VERSION_MAJOR >=4
+        /* TODO: IP Address is problematic in RTOS SDK 3.4 */
         wifi_show_ip();
-
+#endif
         /* Accept client socket connections */
         if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size))
             == -1) {
@@ -307,7 +329,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
         if ((ssl = wolfSSL_new(ctx)) == NULL) {
             ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object");
         }
-#if defined(WOLFSSL_HAVE_KYBER)
+#if defined(WOLFSSL_HAVE_MLKEM)
         else {
             /* If success creating CTX and Kyber enabled, set key share: */
             ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
@@ -319,7 +341,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
             }
         }
 #else
-        ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled");
+        ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is not enabled, not using PQ.");
 #endif
         /* show what cipher connected for this WOLFSSL* object */
         ShowCiphers(ssl);
@@ -363,6 +385,10 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
         /* Cleanup after this connection */
         wolfSSL_free(ssl);      /* Free the wolfSSL object              */
         close(connd);           /* Close the connection to the client   */
+#ifdef WOLFSSL_EXAMPLE_VERBOSITY
+        ESP_LOGI(TAG, "Stack used: %d\n",
+                TLS_SMP_SERVER_TASK_BYTES - uxTaskGetStackHighWaterMark(NULL));
+#endif
     } /* !shutdown */
     /* Cleanup and return */
     wolfSSL_free(ssl);      /* Free the wolfSSL object                  */
@@ -398,8 +424,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args)
     xTaskHandle _handle;
 #endif
     /* Note that despite vanilla FreeRTOS using WORDS for a parameter,
-     * Espressif uses BYTES for the task stack size here.
-     * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */
+     * Espressif uses BYTES for the task stack size here. */
     ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d",
                    TLS_SMP_SERVER_TASK_BYTES);
     ret_i = xTaskCreate(tls_smp_server_task,
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c
index 41a0e0975..526783113 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c
@@ -1,6 +1,6 @@
 /* time_helper.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,7 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-/* common Espressif time_helper v5.6.3.002 */
+/* See https://tf.nist.gov/tf-cgi/servers.cgi */
+
+/* common Espressif time_helper v5.6.6.001 */
 #include "sdkconfig.h"
 #include "time_helper.h"
 
@@ -36,25 +38,23 @@
         #include <esp_sntp.h>
     #endif
 #else
-    /* TODO Consider pre IDF v5? */
+    /* TODO Consider non ESP-IDF environments */
 #endif
 
-/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
- */
-const static char* TAG = "time_helper";
+/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
+ * release v5.0. See: Espressif api-reference/system/system_time */
 
 /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */
 #ifndef TIME_ZONE
-/*
- * PST represents Pacific Standard Time.
- * +8 specifies the offset from UTC (Coordinated Universal Time), indicating
- *   that Pacific Time is UTC-8 during standard time.
- * PDT represents Pacific Daylight Time.
- * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
- *   second (2) Sunday (0) of March (3).
- * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11)
- */
+    /*
+     * PST represents Pacific Standard Time.
+     * +8 specifies the offset from UTC (Coordinated Universal Time), indicating
+     *   that Pacific Time is UTC-8 during standard time.
+     * PDT represents Pacific Daylight Time.
+     * M3.2.0 indicates that Daylight Saving Time (DST) starts on the
+     *   second (2) Sunday (0) of March (3).
+     * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11)
+     */
     #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0"
 #endif /* not defined: TIME_ZONE, so we are setting our own */
 
@@ -87,11 +87,13 @@ const static char* TAG = "time_helper";
 
 char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST;
 
+const static char* TAG = "time_helper";
+
 /* our NTP server list is global info */
 extern char* ntpServerList[NTP_SERVER_COUNT];
 
 /* Show the current date and time */
-int esp_show_current_datetime()
+int esp_show_current_datetime(void)
 {
     time_t now;
     char strftime_buf[64];
@@ -104,7 +106,7 @@ int esp_show_current_datetime()
     localtime_r(&now, &timeinfo);
     strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
     ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
-    return 0;
+    return ESP_OK;
 }
 
 /* the worst-case scenario is a hard-coded date/time */
@@ -113,9 +115,9 @@ int set_fixed_default_time(void)
     /* ideally, we'd like to set time from network,
      * but let's set a default time, just in case */
     struct tm timeinfo = {
-        .tm_year = 2023 - 1900,
+        .tm_year = 2024 - 1900,
         .tm_mon  = 10,
-        .tm_mday = 02,
+        .tm_mday = 11,
         .tm_hour = 13,
         .tm_min  = 01,
         .tm_sec  = 05
@@ -130,7 +132,38 @@ int set_fixed_default_time(void)
     ESP_LOGI(TAG, "Adjusting time from fixed value");
     now = (struct timeval){ .tv_sec = interim_time };
     ret = settimeofday(&now, NULL);
+    ESP_LOGI(TAG, "settimeofday result = %d", ret);
+    return ret;
+}
 
+/* probably_valid_time_string(s)
+ *
+ * some sanity checks on time string before calling sscanf()
+ *
+ * returns 0 == ESP_OK == Success if str is likely a valid time.
+ *        -1 == ESP_FAIL otherwise
+ */
+int probably_valid_time_string(const char* str)
+{
+    int ret = ESP_OK;
+    size_t length = 0;
+    size_t spaces = 0;
+    size_t colons = 0;
+
+    while (str[length] != '\0') {
+        if (str[length] == ' ') {
+            spaces++;
+        }
+        if (str[length] == ':') {
+            colons++;
+        }
+        length++;
+    }
+
+    if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) {
+        ret = ESP_FAIL;
+        ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str);
+    }
     return ret;
 }
 
@@ -138,60 +171,67 @@ int set_fixed_default_time(void)
  *
  * returns 0 = success if able to set the time from the provided string
  * error for any other value, typically -1 */
-int set_time_from_string(char* time_buffer)
+int set_time_from_string(const char* time_buffer)
 {
     /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */
+    char offset[28]; /* large arrays, just in case there's still bad data */
+    char day_str[28];
+    char month_str[28];
     const char *format = "%3s %3s %d %d:%d:%d %d %s";
     struct tm this_timeinfo;
     struct timeval now;
     time_t interim_time;
-    char offset[6]; /* expecting trailing single quote, not used */
-    char day_str[4];
-    char month_str[4];
     int day, year, hour, minute, second;
     int quote_offset = 0;
     int ret = 0;
 
-    /* we are expecting the string to be encapsulated in single quotes */
-    if (*time_buffer == 0x27) {
-        quote_offset = 1;
-    }
-
-    ret = sscanf(time_buffer + quote_offset,
-                format,
-                day_str, month_str,
-                &day, &hour, &minute, &second, &year, &offset);
-
-    if (ret == 8) {
-        /* we found a match for all componets */
-
-        const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-                                 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
-
-        for (int i = 0; i < 12; i++) {
-            if (strcmp(month_str, months[i]) == 0) {
-                this_timeinfo.tm_mon = i;
-                break;
-            }
+    /* perform some basic sanity checks */
+    ret = probably_valid_time_string(time_buffer);
+    if (ret == ESP_OK) {
+        /* we are expecting the string to be encapsulated in single quotes */
+        if (*time_buffer == 0x27) {
+            quote_offset = 1;
         }
 
-        this_timeinfo.tm_mday = day;
-        this_timeinfo.tm_hour = hour;
-        this_timeinfo.tm_min = minute;
-        this_timeinfo.tm_sec = second;
-        this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */
+        ret = sscanf(time_buffer + quote_offset,
+                    format,
+                    day_str, month_str,
+                    &day, &hour, &minute, &second, &year, &offset);
 
-        interim_time = mktime(&this_timeinfo);
-        now = (struct timeval){ .tv_sec = interim_time };
-        ret = settimeofday(&now, NULL);
-        ESP_LOGI(TAG, "Time updated to %s", time_buffer);
-    }
-    else {
-        ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", time_buffer);
-        ESP_LOGI(TAG, "Trying fixed date that was hard-coded.");
-        set_fixed_default_time();
-        ret = -1;
+        if (ret == 8) {
+            /* we found a match for all components */
+
+            const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+                                   };
+
+            for (int i = 0; i < 12; i++) {
+                if (strcmp(month_str, months[i]) == 0) {
+                    this_timeinfo.tm_mon = i;
+                    break;
+                }
+            }
+
+            this_timeinfo.tm_mday = day;
+            this_timeinfo.tm_hour = hour;
+            this_timeinfo.tm_min = minute;
+            this_timeinfo.tm_sec = second;
+            this_timeinfo.tm_year = year - 1900; /* Years since 1900 */
+
+            interim_time = mktime(&this_timeinfo);
+            now = (struct timeval){ .tv_sec = interim_time };
+            ret = settimeofday(&now, NULL);
+            ESP_LOGI(TAG, "Time updated to %s", time_buffer);
+        }
+        else {
+            ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.",
+                           time_buffer);
+            ESP_LOGI(TAG, "Trying fixed date that was hard-coded....");
+            set_fixed_default_time();
+            ret = ESP_FAIL;
+        }
     }
+
     return ret;
 }
 
@@ -223,15 +263,17 @@ int set_time(void)
     esp_show_current_datetime();
 
 #ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE
-    /* initialy set a default approximate time from recent git commit */
-    ESP_LOGI(TAG, "Found git hash date, attempting to set system date.");
-    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    /* initially set a default approximate time from recent git commit */
+    ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s",
+                   LIBWOLFSSL_VERSION_GIT_HASH_DATE);
+    set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0");
     esp_show_current_datetime();
 
     ret = -4;
 #else
     /* otherwise set a fixed time that was hard coded */
     set_fixed_default_time();
+    esp_show_current_datetime();
     ret = -3;
 #endif
 
@@ -242,7 +284,7 @@ int set_time(void)
     if (NTP_SERVER_COUNT) {
         /* next, let's setup NTP time servers
          *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         * see Espressifapi-reference/system/system_time.html#sntp-time-synchronization
          *
          * WARNING: do not set operating mode while SNTP client is running!
          */
@@ -262,6 +304,7 @@ int set_time(void)
             }
             ESP_LOGI(TAG, "%s", thisServer);
             sntp_setservername(i, thisServer);
+            ret = ESP_OK;
         }
     #ifdef HAS_ESP_NETIF_SNTP
         ret = esp_netif_sntp_init(&config);
@@ -289,6 +332,9 @@ int set_time(void)
         ESP_LOGW(TAG, "No sntp time servers found.");
         ret = -1;
     }
+
+    esp_show_current_datetime();
+    ESP_LOGI(TAG, "time helper existing with result = %d", ret);
     return ret;
 }
 
@@ -303,6 +349,8 @@ int set_time_wait_for_ntp(void)
     ret = esp_netif_sntp_start();
 
     ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS);
+#else
+    ESP_LOGW(TAG, "HAS_ESP_NETIF_SNTP not defined");
 #endif /* HAS_ESP_NETIF_SNTP */
     esp_show_current_datetime();
 
@@ -322,7 +370,7 @@ int set_time_wait_for_ntp(void)
 #endif
 
     if (ret == ESP_OK) {
-        ESP_LOGI(TAG, "Successfuly set time via NTP servers.");
+        ESP_LOGI(TAG, "Successfully set time via NTP servers.");
         }
     else {
         ESP_LOGW(TAG, "Warning: Failed to set time with NTP: "
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c
index 1b33f9805..0b79001ac 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c
@@ -1,6 +1,6 @@
 /* wifi_connect.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,24 +18,42 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
- #include "wifi_connect.h"
+#include "wifi_connect.h"
 
+/* FreeRTOS */
 #include <freertos/FreeRTOS.h>
 #include <freertos/task.h>
 #include <freertos/event_groups.h>
-#include <esp_wifi.h>
+
+/* Espressif */
 #include <esp_log.h>
+#include <esp_idf_version.h>
+#include <esp_wifi.h>
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/version.h>
-#include <wolfssl/wolfcrypt/types.h>
-#ifndef WOLFSSL_ESPIDF
-    #warning "Problem with wolfSSL user_settings."
-    #warning "Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfssl/version.h>
+    #include <wolfssl/wolfcrypt/types.h>
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#if ESP_IDF_VERSION_MAJOR >= 5
+/* When there's too little heap, WiFi quietly refuses to connect */
+#define WIFI_LOW_HEAP_WARNING 21132
+
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#elif ESP_IDF_VERSION_MAJOR >= 5
+    /* example path set in cmake file */
 #elif ESP_IDF_VERSION_MAJOR >= 4
     #include "protocol_examples_common.h"
 #else
@@ -43,7 +61,9 @@
     static EventGroupHandle_t wifi_event_group;
 #endif
 
-#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+
+#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR)
     #if ESP_IDF_VERSION_MAJOR >= 4
         /* likely using examples, see wifi_connect.h */
     #else
@@ -63,7 +83,114 @@
 /* breadcrumb prefix for logging */
 const static char *TAG = "wifi_connect";
 
-#if ESP_IDF_VERSION_MAJOR < 4
+#if defined(CONFIG_IDF_TARGET_ESP8266)
+#ifndef CONFIG_ESP_MAX_STA_CONN
+    #define CONFIG_ESP_MAX_STA_CONN 4
+#endif
+#define EXAMPLE_MAX_STA_CONN       CONFIG_ESP_MAX_STA_CONN
+
+#define WIFI_CONNECTED_BIT BIT0
+#define WIFI_FAIL_BIT      BIT1
+#ifndef CONFIG_ESP_MAXIMUM_RETRY
+    #define CONFIG_ESP_MAXIMUM_RETRY 5
+#endif
+/* FreeRTOS event group to signal when we are connected*/
+static EventGroupHandle_t s_wifi_event_group;
+static int s_retry_num = 0;
+
+#define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
+static void event_handler(void* arg, esp_event_base_t event_base,
+                                int32_t event_id, void* event_data)
+{
+    if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
+        esp_wifi_connect();
+    } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) {
+        if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) {
+            esp_wifi_connect();
+            s_retry_num++;
+            ESP_LOGI(TAG, "retry to connect to the AP");
+        } else {
+            xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);
+        }
+        ESP_LOGI(TAG,"connect to the AP fail");
+    } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
+        ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data;
+        ESP_LOGI(TAG, "got ip:%s",
+                 ip4addr_ntoa(&event->ip_info.ip));
+        s_retry_num = 0;
+        xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);
+    }
+}
+
+int wifi_init_sta(void)
+{
+    word32 this_heap;
+
+    s_wifi_event_group = xEventGroupCreate();
+
+    tcpip_adapter_init();
+
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
+
+    ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
+    ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL));
+
+    wifi_config_t wifi_config = {
+        .sta = {
+            .ssid = EXAMPLE_ESP_WIFI_SSID,
+            .password = EXAMPLE_ESP_WIFI_PASS
+        },
+    };
+
+    /* Setting a password implies station will connect to all security modes including WEP/WPA.
+        * However these modes are deprecated and not advisable to be used. In case your Access point
+        * doesn't support WPA2, these mode can be enabled by commenting below line */
+
+    if (strlen((char *)wifi_config.sta.password)) {
+        wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK;
+    }
+
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
+    ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
+    ESP_ERROR_CHECK(esp_wifi_start() );
+
+    ESP_LOGI(TAG, "wifi_init_sta finished. Connecting...");
+    this_heap = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "this heap = %d", this_heap);
+    if (this_heap < WIFI_LOW_HEAP_WARNING) {
+        ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING);
+    }
+    /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) or connection failed for the maximum
+     * number of re-tries (WIFI_FAIL_BIT). The bits are set by event_handler() (see above) */
+    EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group,
+            WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,
+            pdFALSE,
+            pdFALSE,
+            portMAX_DELAY);
+
+    ESP_LOGI(TAG, "xEventGroupWaitBits finished.");
+    /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually
+     * happened. */
+    if (bits & WIFI_CONNECTED_BIT) {
+        ESP_LOGI(TAG, "connected to ap SSID:%s",
+                 EXAMPLE_ESP_WIFI_SSID);
+    } else if (bits & WIFI_FAIL_BIT) {
+        ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s",
+                 EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS);
+    } else {
+        ESP_LOGE(TAG, "UNEXPECTED EVENT");
+    }
+
+    ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler));
+    ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler));
+    vEventGroupDelete(s_wifi_event_group);
+    return ESP_OK;
+}
+
+#elif ESP_IDF_VERSION_MAJOR < 4
 /* event handler for wifi events */
 static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
 {
@@ -80,7 +207,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
         ESP_LOGI(TAG, "got ip:%s",
                  ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
     #endif
-        /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */
+        /* see Espressif api-reference/system/freertos_idf.html */
         xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
         break;
     case SYSTEM_EVENT_STA_DISCONNECTED:
@@ -197,7 +324,7 @@ int wifi_init_sta(void)
             .ssid = EXAMPLE_ESP_WIFI_SSID,
             .password = EXAMPLE_ESP_WIFI_PASS,
             /* Authmode threshold resets to WPA2 as default if password matches
-             * WPA2 standards (pasword len => 8). If you want to connect the
+             * WPA2 standards (password len => 8). If you want to connect the
              * device to deprecated WEP/WPA networks, Please set the threshold
              * value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with
              * length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK
@@ -269,7 +396,8 @@ int wifi_init_sta(void)
 
 int wifi_show_ip(void)
 {
-    /* ESP_LOGI(TAG, "got ip:" IPSTR, IP2STR(&event->ip_info.ip)); */
-    return 0;
+    /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR,
+     * IP2STR(&event->ip_info.ip)); */
+    return ESP_OK;
 }
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
index f8bce25ff..ca33fd17b 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
@@ -1,25 +1,155 @@
+# Set the known example app config to TLS Server (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER=y
+
+# CONFIG_EXAMPLE_WIFI_SSID="myssid"
+# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
+# sdkconfig.defaults for ESP8266 + ESP32
+# See separate sdkconfig.defaults.esp8266
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
-# Default main stack size
+# Default main stack size. See user_settings.h
 #
-# This is typically way bigger than needed for stack size. See user_settings.h
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
 #
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500
+# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
+# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
+# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
 
-# Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=55500
+# Legacy stack size name for older ESP-IDF versions
+CONFIG_MAIN_TASK_STACK_SIZE=10500
+
+#
+# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
+CONFIG_NEWLIB_NANO_FORMAT=n
+#
+# Watchdog Timers
+#
+# We don't want to have the watchdog timeout during tests & benchmarks
+#
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
+CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
+# Panic & Watchdog
+CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
+CONFIG_ESP_TASK_WDT_EN=n
+CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
+CONFIG_ESP_INT_WDT=n
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+# CONFIG_ESP_TLS_USING_WOLFSSL=y
+# CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
+# Set max COU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
+CONFIG_FREERTOS_HZ=1000
+
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
 
 #
 # Compiler options
 #
 CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
+# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
+# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
+# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
+CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
+# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
 CONFIG_COMPILER_HIDE_PATHS_MACROS=y
+# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
+# CONFIG_COMPILER_CXX_RTTI is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
 CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
+# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
+# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
 CONFIG_COMPILER_STACK_CHECK=y
+# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
+# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
+# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
+# CONFIG_COMPILER_DUMP_RTL_FILES is not set
+# end of Compiler options
+
+# We don't know that the min is actually v2,
+# but this is the earliest tested.
+CONFIG_ESP32C3_REV_MIN_2=y
 
 #
 # Partition Table
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2
new file mode 100644
index 000000000..a24d9302e
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2
@@ -0,0 +1,7 @@
+#
+# Main XTAL Config
+#
+CONFIG_XTAL_FREQ_26=y
+# CONFIG_XTAL_FREQ_40 is not set
+CONFIG_XTAL_FREQ=26
+# end of Main XTAL Config
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/wolfssl_server_ESP8266.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/wolfssl_server_ESP8266.vgdbproj
new file mode 100644
index 000000000..6181d50c7
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/wolfssl_server_ESP8266.vgdbproj
@@ -0,0 +1,292 @@
+<?xml version="1.0"?>
+<VisualGDBProjectSettings2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <Project xsi:type="com.visualgdb.project.external.esp-idf">
+    <CustomSourceDirectories>
+      <Directories />
+      <PathStyle>Unknown</PathStyle>
+    </CustomSourceDirectories>
+    <AutoProgramSPIFFSPartition>true</AutoProgramSPIFFSPartition>
+    <ProjectModeSettings>
+      <ProjectGUID>c9687472-a434-43a7-9026-7914f425b9b4</ProjectGUID>
+      <GroupSourcesByTypes>true</GroupSourcesByTypes>
+      <GroupSourcesByPaths>true</GroupSourcesByPaths>
+      <HeaderScanMode>SourceDirs</HeaderScanMode>
+    </ProjectModeSettings>
+  </Project>
+  <Build xsi:type="com.visualgdb.build.external.esp-idf">
+    <BuildLogMode xsi:nil="true" />
+    <ToolchainID>
+      <ID>com.visualgdb.xtensa-lx106-elf</ID>
+      <Version>
+        <GCC>8.4.0</GCC>
+        <GDB>8.1</GDB>
+        <Revision>1</Revision>
+      </Version>
+    </ToolchainID>
+    <IDFCheckout>
+      <Version>release/v3.4</Version>
+      <Subdirectory>rtos-sdk/v3.4</Subdirectory>
+      <Type>RTOS_SDK</Type>
+    </IDFCheckout>
+    <BuildThreadCount>0</BuildThreadCount>
+  </Build>
+  <CustomBuild>
+    <PreSyncActions />
+    <PreBuildActions />
+    <PostBuildActions />
+    <PreCleanActions />
+    <PostCleanActions />
+  </CustomBuild>
+  <CustomDebug>
+    <PreDebugActions />
+    <PostDebugActions />
+    <DebugStopActions />
+    <BreakMode>Default</BreakMode>
+    <CustomBreakCommand>
+      <SkipWhenRunningCommandList>false</SkipWhenRunningCommandList>
+      <RemoteHost>
+        <HostName>BuildMachine</HostName>
+        <Transport>BuiltinShortcut</Transport>
+      </RemoteHost>
+      <BackgroundMode xsi:nil="true" />
+    </CustomBreakCommand>
+  </CustomDebug>
+  <DeviceTerminalSettings>
+    <Connection xsi:type="com.sysprogs.terminal.connection.serial">
+      <ComPortName>COM70</ComPortName>
+      <AdvancedSettings>
+        <BaudRate>74880</BaudRate>
+        <DataBits>8</DataBits>
+        <Parity>None</Parity>
+        <StopBits>One</StopBits>
+        <FlowControl>None</FlowControl>
+      </AdvancedSettings>
+    </Connection>
+    <LastConnectionTime>0</LastConnectionTime>
+    <EchoTypedCharacters>false</EchoTypedCharacters>
+    <ClearContentsWhenReconnecting>true</ClearContentsWhenReconnecting>
+    <ReconnectAutomatically>false</ReconnectAutomatically>
+    <DisplayMode>ASCII</DisplayMode>
+    <Colors>
+      <Background>
+        <Alpha>255</Alpha>
+        <Red>0</Red>
+        <Green>0</Green>
+        <Blue>0</Blue>
+      </Background>
+      <Disconnected>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Disconnected>
+      <Text>
+        <Alpha>255</Alpha>
+        <Red>211</Red>
+        <Green>211</Green>
+        <Blue>211</Blue>
+      </Text>
+      <Echo>
+        <Alpha>255</Alpha>
+        <Red>144</Red>
+        <Green>238</Green>
+        <Blue>144</Blue>
+      </Echo>
+      <Inactive>
+        <Alpha>255</Alpha>
+        <Red>169</Red>
+        <Green>169</Green>
+        <Blue>169</Blue>
+      </Inactive>
+    </Colors>
+    <HexSettings>
+      <MaximumBytesPerLine>16</MaximumBytesPerLine>
+      <ShowTextView>true</ShowTextView>
+      <BreaksAroundEcho>true</BreaksAroundEcho>
+      <AutoSend>true</AutoSend>
+      <SendAsHex>true</SendAsHex>
+      <TimeoutForAutoBreak>0</TimeoutForAutoBreak>
+    </HexSettings>
+    <LineEnding>LF</LineEnding>
+    <TreatLFAsCRLF>false</TreatLFAsCRLF>
+    <KeepOpenAfterExit>false</KeepOpenAfterExit>
+    <ShowAfterProgramming>false</ShowAfterProgramming>
+  </DeviceTerminalSettings>
+  <CustomShortcuts>
+    <Shortcuts />
+    <ShowMessageAfterExecuting>true</ShowMessageAfterExecuting>
+  </CustomShortcuts>
+  <UserDefinedVariables />
+  <ImportedPropertySheets />
+  <CodeSense>
+    <Enabled>True</Enabled>
+    <ExtraSettings>
+      <HideErrorsInSystemHeaders>true</HideErrorsInSystemHeaders>
+      <SupportLightweightReferenceAnalysis>true</SupportLightweightReferenceAnalysis>
+      <DiscoverySettings>
+        <Mode>Enabled</Mode>
+        <SearchInProjectDir>true</SearchInProjectDir>
+        <SearchInSourceDirs>true</SearchInSourceDirs>
+        <SearchInIncludeSubdirs>true</SearchInIncludeSubdirs>
+      </DiscoverySettings>
+      <CheckForClangFormatFiles>true</CheckForClangFormatFiles>
+      <FormattingEngine xsi:nil="true" />
+    </ExtraSettings>
+    <CodeAnalyzerSettings>
+      <Enabled>false</Enabled>
+      <SelectedAnalyzers>
+        <string>apiModeling.google.GTest</string>
+        <string>core.builtin.BuiltinFunctions</string>
+        <string>core.builtin.NoReturnFunctions</string>
+        <string>core.CallAndMessage</string>
+        <string>core.DivideZero</string>
+        <string>core.DynamicTypePropagation</string>
+        <string>core.NonnilStringConstants</string>
+        <string>core.NonNullParamChecker</string>
+        <string>core.NullDereference</string>
+        <string>core.StackAddressEscape</string>
+        <string>core.UndefinedBinaryOperatorResult</string>
+        <string>core.uninitialized.ArraySubscript</string>
+        <string>core.uninitialized.Assign</string>
+        <string>core.uninitialized.Branch</string>
+        <string>core.uninitialized.CapturedBlockVariable</string>
+        <string>core.uninitialized.UndefReturn</string>
+        <string>core.VLASize</string>
+        <string>cplusplus.NewDelete</string>
+        <string>cplusplus.NewDeleteLeaks</string>
+        <string>cplusplus.SelfAssignment</string>
+        <string>deadcode.DeadStores</string>
+        <string>nullability.NullPassedToNonnull</string>
+        <string>nullability.NullReturnedFromNonnull</string>
+        <string>security.insecureAPI.getpw</string>
+        <string>security.insecureAPI.gets</string>
+        <string>security.insecureAPI.mkstemp</string>
+        <string>security.insecureAPI.mktemp</string>
+        <string>security.insecureAPI.UncheckedReturn</string>
+        <string>security.insecureAPI.vfork</string>
+        <string>unix.API</string>
+        <string>unix.cstring.BadSizeArg</string>
+        <string>unix.cstring.NullArg</string>
+        <string>unix.Malloc</string>
+        <string>unix.MallocSizeof</string>
+        <string>unix.MismatchedDeallocator</string>
+        <string>unix.StdCLibraryFunctions</string>
+        <string>unix.Vfork</string>
+      </SelectedAnalyzers>
+      <ExtraArguments>
+        <string>-analyzer-store=region</string>
+        <string>-analyzer-opt-analyze-nested-blocks</string>
+        <string>-analyzer-eagerly-assume</string>
+      </ExtraArguments>
+    </CodeAnalyzerSettings>
+  </CodeSense>
+  <Configurations>
+    <VisualGDBConfiguration>
+      <Name>Debug</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Debug</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-debug</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+    <VisualGDBConfiguration>
+      <Name>Release</Name>
+      <BuildSettingsExtension xsi:type="com.visualgdb.build.external.esp-idf.extension">
+        <OutputSubdirectory>build/Release</OutputSubdirectory>
+        <SDKConfigFile>sdkconfig-release</SDKConfigFile>
+        <EnableVerboseBuild>false</EnableVerboseBuild>
+      </BuildSettingsExtension>
+    </VisualGDBConfiguration>
+  </Configurations>
+  <ProgramArgumentsSuggestions />
+  <Debug xsi:type="com.visualgdb.debug.embedded">
+    <AdditionalStartupCommands>
+      <GDBPreStartupCommands />
+      <GDBStartupCommands />
+      <GDBFinalizationCommands />
+    </AdditionalStartupCommands>
+    <AdditionalGDBSettings>
+      <Features>
+        <DisableAutoDetection>false</DisableAutoDetection>
+        <UseFrameParameter>false</UseFrameParameter>
+        <SimpleValuesFlagSupported>false</SimpleValuesFlagSupported>
+        <ListLocalsSupported>false</ListLocalsSupported>
+        <ByteLevelMemoryCommandsAvailable>false</ByteLevelMemoryCommandsAvailable>
+        <ThreadInfoSupported>false</ThreadInfoSupported>
+        <PendingBreakpointsSupported>false</PendingBreakpointsSupported>
+        <SupportTargetCommand>false</SupportTargetCommand>
+        <ReliableBreakpointNotifications>false</ReliableBreakpointNotifications>
+      </Features>
+      <EnableSmartStepping>false</EnableSmartStepping>
+      <FilterSpuriousStoppedNotifications>false</FilterSpuriousStoppedNotifications>
+      <ForceSingleThreadedMode>false</ForceSingleThreadedMode>
+      <UseAppleExtensions>false</UseAppleExtensions>
+      <CanAcceptCommandsWhileRunning>false</CanAcceptCommandsWhileRunning>
+      <MakeLogFile>false</MakeLogFile>
+      <IgnoreModuleEventsWhileStepping>true</IgnoreModuleEventsWhileStepping>
+      <UseRelativePathsOnly>false</UseRelativePathsOnly>
+      <ExitAction>None</ExitAction>
+      <DisableDisassembly>false</DisableDisassembly>
+      <ExamineMemoryWithXCommand>false</ExamineMemoryWithXCommand>
+      <StepIntoNewInstanceEntry />
+      <ExamineRegistersInRawFormat>true</ExamineRegistersInRawFormat>
+      <DisableSignals>false</DisableSignals>
+      <EnableAsyncExecutionMode>false</EnableAsyncExecutionMode>
+      <AsyncModeSupportsBreakpoints>true</AsyncModeSupportsBreakpoints>
+      <TemporaryBreakConsolidationTimeout>0</TemporaryBreakConsolidationTimeout>
+      <EnableNonStopMode>false</EnableNonStopMode>
+      <MaxBreakpointLimit>0</MaxBreakpointLimit>
+      <EnableVerboseMode>true</EnableVerboseMode>
+      <EnablePrettyPrinters>false</EnablePrettyPrinters>
+    </AdditionalGDBSettings>
+    <DebugMethod>
+      <ID>openocd</ID>
+      <Configuration xsi:type="com.visualgdb.edp.openocd.settings.esp8266">
+        <CommandLine>-f interface/ftdi/tigard.cfg -f target/esp8266.cfg</CommandLine>
+        <ExtraParameters>
+          <Frequency xsi:nil="true" />
+          <BoostedFrequency xsi:nil="true" />
+          <ConnectUnderReset>false</ConnectUnderReset>
+        </ExtraParameters>
+        <LoadProgressGUIThreshold>131072</LoadProgressGUIThreshold>
+        <ProgramMode>Enabled</ProgramMode>
+        <StartupCommands>
+          <string>set remotetimeout 60</string>
+          <string>target remote :$$SYS:GDB_PORT$$</string>
+          <string>mon reset halt</string>
+          <string>load</string>
+          <string>mon xtensa_no_interrupts_during_steps on</string>
+          <string>mon esp8266_autofeed_watchdog on</string>
+        </StartupCommands>
+        <ProgramFLASHUsingExternalTool>false</ProgramFLASHUsingExternalTool>
+        <PreferredGDBPort>0</PreferredGDBPort>
+        <PreferredTelnetPort>0</PreferredTelnetPort>
+        <AlwaysPassSerialNumber>false</AlwaysPassSerialNumber>
+        <SelectedCoreIndex xsi:nil="true" />
+        <SuggestionLogicRevision>0</SuggestionLogicRevision>
+        <ResetMode>Soft</ResetMode>
+        <ProgramSectorSize>4096</ProgramSectorSize>
+        <EraseSectorSize>4096</EraseSectorSize>
+        <FLASHSettings>
+          <Size>size4M</Size>
+          <Frequency>freq40M</Frequency>
+          <Mode>QIO</Mode>
+        </FLASHSettings>
+      </Configuration>
+    </DebugMethod>
+    <AutoDetectRTOS>true</AutoDetectRTOS>
+    <SemihostingSupport>Disabled</SemihostingSupport>
+    <SemihostingPollingDelay>0</SemihostingPollingDelay>
+    <StepIntoEntryPoint>false</StepIntoEntryPoint>
+    <ReloadFirmwareOnReset>false</ReloadFirmwareOnReset>
+    <ValidateEndOfStackAddress>true</ValidateEndOfStackAddress>
+    <StopAtEntryPoint>false</StopAtEntryPoint>
+    <EnableVirtualHalts>false</EnableVirtualHalts>
+    <DynamicAnalysisSettings />
+    <EndOfStackSymbol>_estack</EndOfStackSymbol>
+    <TimestampProviderTicksPerSecond>0</TimestampProviderTicksPerSecond>
+    <KeepConsoleAfterExit>false</KeepConsoleAfterExit>
+    <UnusedStackFillPattern xsi:nil="true" />
+    <CheckInterfaceDrivers>true</CheckInterfaceDrivers>
+  </Debug>
+</VisualGDBProjectSettings2>
\ No newline at end of file
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
index 6e70b4a62..2090c8ae8 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
@@ -1,15 +1,148 @@
 # wolfSSL Espressif Example Project CMakeLists.txt
-#   v1.1
+#   v1.3
 #
 # The following lines of boilerplate have to be in your project's
 # CMakeLists in this exact order for cmake to work correctly
-cmake_minimum_required(VERSION 3.5)
+message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
 
-add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
+cmake_minimum_required(VERSION 3.16)
 
-include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+# Optional no watchdog typically used for test & benchmark
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
+else()
+    add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
+endif()
+
+# The wolfSSL CMake file should be able to find the source code.
+# Otherwise, assign an environment variable or set it here:
+#
+# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
+#
+# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find
+# USE_MY_PRIVATE_CONFIG path for my_private_config.h
+#
+# Expected path varies:
+#
+#     WSL:  /mnt/c/workspace
+#   Linux:  ~/workspace
+# Windows:  C:\workspace
+#
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message(STATUS "Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message(STATUS "Detected UNIX")
+endif()
+if(APPLE)
+    message(STATUS "Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message(STATUS "Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message(STATUS "Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message(STATUS "Detected Apple")
+endif()
+# End optional WOLFSSL_CMAKE_SYSTEM_NAME
+
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
+
+if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+    message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+else()
+    message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+endif()
+
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
+message(STATUS "USERNAME = $ENV{USERNAME}")
+if(  "$ENV{USER}" STREQUAL "" ) # the bash user
+    if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
+        message(STATUS "could not find USER or USERNAME")
+    else()
+        # the bash user is not blank, so we'll use it.
+        set(THIS_USER "$ENV{USERNAME}")
+    endif()
+else()
+    # the bash user is not blank, so we'll use it.
+    set(THIS_USER "$ENV{USER}")
+endif()
+message(STATUS "THIS_USER = ${THIS_USER}")
+
+# Check that there are not conflicting wolfSSL components
+# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
+# The local component wolfSSL directory will be in ./components/wolfssl
+message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
+    # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
+    # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
+    # So we'll error out and let the user decide how to proceed:
+    message(WARNING "\nFound wolfSSL components in\n"
+                    "./managed_components/wolfssl__wolfssl\n"
+                    "and\n"
+                    "./components/wolfssl\n"
+                    "in project directory: \n"
+                    "${CMAKE_HOME_DIRECTORY}")
+    message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
+                        "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
+                        "or rename the idf_component.yml file typically found in ./main/")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+    # A standard project component (not a Managed Component)
+    message(STATUS "No conflicting wolfSSL components found.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+    # The official Managed Component called wolfssl from the wolfssl user.
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
+    # There is a known gojimmypi staging component available for anyone:
+    message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
+elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+    # Other users with permissions might publish their own mywolfssl staging Managed Component
+    message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
+    set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
+else()
+    message(STATUS "WARNING: wolfssl component directory not found.")
+endif()
+
+# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
+# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
 
 # Not only is a project-level "set(COMPONENTS" not needed here, this will cause
 # an unintuitive error about  Unknown CMake command "esptool_py_flash_project_args".
 
+if(0)
+    message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
+    # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+    set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+    if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
+        message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+        set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
+    else()
+        message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
+    endif()
+    message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
+endif()
+
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+
 project(wolfssl_test)
+message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
index b110e86aa..0763d5ae6 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
@@ -7,7 +7,7 @@ CFLAGS += -DWOLFSSL_USER_SETTINGS
 
 # Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
 # There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
-EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG
+CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1
 
 PROJECT_NAME := wolfssl_test
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
index e4e79dce8..8b6735886 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
@@ -7,10 +7,10 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## ESP Registry
 
-The easiest way to get started with wolfSSL is by using the 
-[ESP Registry](https://components.espressif.com/components/wolfssl/wolfssl/) examples.
+The easiest way to get started with wolfSSL is by using the
+[ESP Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) examples.
 
-```
+```bash
 . ~/esp/esp-idf/export.sh
 idf.py create-project-from-example "wolfssl/wolfssl^5.6.0-stable:wolfssl_test"
 cd wolfssl_benchmark
@@ -22,13 +22,13 @@ idf.py -b 115200 flash monitor
 Open the VisualGDB Visual Studio Project file in the [VisualGDB directory](./VisualGDB/README.md) and click the "Start" button.
 No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`.
 
-## ESP-IDF Commandline
+## ESP-IDF Commandline (version 4.4 or greater for the ESP32)
 
-1. `idf.py menuconfig` to configure the program.  
+1. `idf.py menuconfig` to configure the program.
     1-1. Example Configuration ->
 
-    TEST_ARG : argument that you want to use. Default is "-lng 0"  
-    The list of argument can be find in help.
+    There are no parametric arguments. See [wolfcrypt/test](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test).
+    All features enabled in the `user_settings.h` will be tested.
 
 When you want to run the test program
 
@@ -41,17 +41,18 @@ Reminder than when building on WSL in `/mnt/c` there will be a noticeable perfor
 
 Example build on WSL, assuming `git clone` from `c:\workspace`:
 
-```
-WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1
+```bash
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+# WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/master
 
 echo "Run export.sh from ${WRK_IDF_PATH}"
 . ${WRK_IDF_PATH}/export.sh
 
 # switch to test example
-cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test
+cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_test
 
-# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB
-. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
+# Pick ESP-IDF install directory, this one for v5.2 in VisualGDB
+. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh
 
 # set target chipset
 idf.py set-target esp32s3
@@ -60,21 +61,73 @@ idf.py set-target esp32s3
 idf.py erase-flash -p /dev/ttyS24 -b 115200
 
 # start with a low upload speed, then increase as found operational
-idf.py 
+idf.py
 # build and flash, in this example to COM24
 idf.py build flash -p /dev/ttyS24 -b 115200 monitor
 ```
 
+## ESP-IDF Commandline (version 3.5 or earlier for the ESP8266)
+
+
+```bash
+WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
+. $WRK_IDF_PATH/export.sh
+
+# install as needed / prompted
+/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4/install.sh
+
+cd IDE/Espressif/ESP-IDF/examples/ESP8266
+
+# adjust settings as desired
+idf.py menuconfig
+
+idf.py build flash -p /dev/ttyS55 -b 115200
+```
+
+## Espressif ESP8266 RTOS SDK Make Commandline
+
+```bash
+# Find the ESP8266 SDK directory, shown here for WSL (Windows C:\ESP8266\esp\ESP8266_RTOS_SDK)
+cd /mnt/c/ESP8266/esp/ESP8266_RTOS_SDK
+
+# Optionally run install as needed
+./install.sh
+
+# Setup SDK
+. ./export.sh
+
+# Find example to build
+cd /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test
+
+make clean
+
+make
+
+make flash
+
+# or:
+python /mnt/c/ESP8266/esp/ESP8266_RTOS_SDK/components/esptool_py/esptool/esptool.py --chip esp8266 --port /dev/ttyUSB0 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size 2MB 0x0 /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/bootloader/bootloader.bin 0x10000 /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl_test.bin 0x8000 /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/partitions_singleapp.bin
+```
+
+## Putty (via WSL)
+
+Define a non-blank value for `ESPIDF_PUTTY_MONITOR` to launch `testMonitor.sh` output in putty.exe sessions from Windows.
+Assumes `PUTTY_EXE="/mnt/c/tools/putty.exe"`.
+
+```bash
+export ESPIDF_PUTTY_MONITOR=true
+```
+
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 Compiled and flashed with `idf.py build  flash -p /dev/ttyS7 -b 115200 monitor`:
 
-```
+```text
 ets Jun  8 2016 00:22:57
 
 rst:0x3 (SW_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
index 5f42ad345..cc7ef0d47 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -19,17 +19,67 @@
 #
 # cmake for wolfssl Espressif projects
 #
-# Version 5.7.0 template update + THIS_IDF_PATH
+# Version 5.7.2 Espressif ESP-IDF integration
 #
 # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
 #
-
+message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
 cmake_minimum_required(VERSION 3.16)
 
 set(VERBOSE_COMPONENT_MESSAGES 1)
 
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
+
+# function: IS_ESP_IDF_COMPONENT
+#  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
+#             otherwise 0 (false)
+function( IS_ESP_IDF_COMPONENT  RESULT )
+    # NOTE: Component location is based on the location of the CMakeList.txt
+    # and *not* the location of the wolfSSL source code. (which may be anywhere)
+
+    # Normalize the paths to remove any trailing slashes
+    get_filename_component(NORMALIZED_IDF_PATH  "${IDF_PATH}"      REALPATH)
+    get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
+
+    # Check if the test path starts with the IDF_PATH
+    string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
+
+    if(${pos} EQUAL 0)
+        message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
+        set(${RESULT} 1 PARENT_SCOPE)
+    else()
+        message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
+        set(${RESULT} 0 PARENT_SCOPE)
+    endif()
+endfunction()
+
+# Determine if this cmake file is located in the ESP-IDF component directory or not,
+# and if so, if it is being ignored (allowing the use of a local project one, instead).
+IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
+if( IS_WOLSSL_ESP_IDF_COMPONENT )
+    message(STATUS "This wolfSSL is a component in ESP-IDF.")
+    if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
+        return()
+    endif()
+endif()
+
+
+if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
+    # nothing to do
+else()
+    # Only forward slashes, or double backslashes are supported.
+    # By the time we get here the sdkconfig file has a value for wolfSSL source code root.
+    string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+    message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+endif()
+
 # The scope of this CMAKE_C_FLAGS is just this component:
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
 set(CMAKE_CURRENT_SOURCE_DIR ".")
 # set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
@@ -42,7 +92,7 @@ if ( "${WOLFSSL_ROOT}" STREQUAL "")
 endif()
 
 if(  "$ENV{IDF_PATH}" STREQUAL "" )
-     message(FATAL_ERROR "IDF_PATH Environment variable not set!")
+    message(FATAL_ERROR "IDF_PATH Environment variable not set!")
 else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
@@ -52,28 +102,28 @@ if(VERBOSE_COMPONENT_MESSAGES)
     if(WIN32)
         # Windows-specific configuration here
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
-        message("Detected Windows")
+        message(STATUS "Detected Windows")
     endif()
     if(CMAKE_HOST_UNIX)
-        message("Detected UNIX")
+        message(STATUS "Detected UNIX")
     endif()
     if(APPLE)
-        message("Detected APPLE")
+        message(STATUS "Detected APPLE")
     endif()
     if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
         # Windows-specific configuration here
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
-        message("Detected WSL")
+        message(STATUS "Detected WSL")
     endif()
     if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
         # Windows-specific configuration here
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
-        message("Detected Linux")
+        message(STATUS "Detected Linux")
     endif()
     if(APPLE)
         # Windows-specific configuration here
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
-        message("Detected Apple")
+        message(STATUS "Detected Apple")
     endif()
 endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
 
@@ -106,10 +156,11 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_
     message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
 else()
     # benchmark and test do not need wifi, everything else probably does:
-    set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
 endif()
 
-# find the user name to search for possible "wolfssl-username"
+# Find the user name to search for possible "wolfssl-username"
+# Reminder: Windows is  %USERNAME%, Linux is $USER
 message(STATUS "USERNAME = $ENV{USERNAME}")
 if(  "$ENV{USER}" STREQUAL "" ) # the bash user
     if(  "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -130,6 +181,25 @@ else()
     string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
 endif()
 
+# ENVIRONMENT_VAR_TO_MACRO
+# Check environment variable name EVARPARAM as [name]
+# If defined, and has a value of EVARVALUE as [value],
+# then assign a compiler definition "-D[name]=[value]"
+function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
+    # If the EVARPARAM environment variable name is set to EVARVALUE,
+    # set the compiler flag definition to enable CSV output.
+    if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
+        message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
+    else()
+        if(DEFINED ENV{${EVARPARAM}})
+            message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
+        else()
+            message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
+        endif()
+    endif()
+endfunction()
+
 # COMPONENT_NAME = wolfssl
 # The component name is the directory name. "No feature to change this".
 # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -147,7 +217,8 @@ endif()
 # function: IS_WOLFSSL_SOURCE
 #  parameter: DIRECTORY_PARAMETER - the directory to test
 #  output:    RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
-function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
+function( IS_WOLFSSL_SOURCE  DIRECTORY_PARAMETER
+          RESULT )
     if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
         set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
     else()
@@ -166,26 +237,56 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
     message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
 
     if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
+        # The parameter is empty, so we certainly need to search.
+        # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
         set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
         if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
             message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
-        else()
-            get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
-            IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
-            if( FOUND_WOLFSSL )
-                message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
+            # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
+            if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
+                set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
+                get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
+                message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
             else()
-                message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
-                message(STATUS "$ENV{WOLFSSL_ROOT}")
-            endif()
-        endif()
+                message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
+                # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
+                # This wolfSSL component CMakeLists.txt may be found EITHER in:
+                #   1) local project component
+                #   2) ESP-IDF share components
+                # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
+                # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
+                # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
+                message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
+                get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
+                message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
+                string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
+            endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
+        endif() # check environment var blank
     else()
-        get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE)
+        message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
+        message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+        set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+    endif() # parameter empty
+
+    # Check to see if we found a path in environment or config settings, above.
+    if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
+        message(STATUS "Source for wolfSSL not specified in path nor config settings.")
+        # We'll continue the search by recursing up the directory tree, below.
+    else()
+        # Setting found! Does it contain a valid path?
+        string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
+        get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
         IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
         if( FOUND_WOLFSSL )
-            message(STATUS "Found WOLFSSL_ROOT via prior specification.")
+            message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
+            set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
+            return()
         else()
-            message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
+            if(WIN32)
+                message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
+            endif()
+            message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
+            message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
         endif()
     endif()
 
@@ -286,6 +387,11 @@ endfunction()
 
 message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
 
+# Check for environment variable that may be assigned to macros
+ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
+ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV"       "1")
+
+# Optional variable inspection
 if (0)
     get_cmake_property(_variableNames VARIABLES)
     list (SORT _variableNames)
@@ -302,15 +408,25 @@ endif()
 
 if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
     # There's no esp_timer, no driver components for the ESP8266
-    message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
-    message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
-    set(THIS_INCLUDE_TIMER "")
-    set(THIS_INCLUDE_DRIVER "")
+    message(STATUS "Early expansion EXCLUDES for esp8266:")
+    message(STATUS "THIS_INCLUDE_DRIVER:  '${THIS_INCLUDE_DRIVER}'")
+    message(STATUS "THIS_INCLUDE_TIMER:   '${THIS_INCLUDE_TIMER}'")
+    message(STATUS "Early expansion INCLUDE for esp8266:")
+    message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
+    set(THIS_ESP_TLS         "")
+    set(THIS_INCLUDE_DRIVER  "")
+    set(THIS_INCLUDE_TIMER   "")
+    set(THIS_INCLUDE_PTHREAD "pthread")
 else()
     message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
     message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
-    set(THIS_INCLUDE_TIMER "esp_timer")
+    set(THIS_ESP_TLS        "esp-tls")
     set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_INCLUDE_TIMER  "esp_timer")
+    set(THIS_INCLUDE_PTHREAD "")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
 endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
@@ -318,8 +434,10 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
-                                          ${THIS_INCLUDE_TIMER}
-                                          ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark
+                                          "${THIS_ESP_TLS}"
+                                          "${THIS_INCLUDE_PTHREAD}"
+                                          "${THIS_INCLUDE_TIMER}"
+                                          "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
 
 else()
@@ -328,6 +446,15 @@ else()
     message(STATUS "wolfssl component config:")
     message(STATUS "************************************************************************************************")
 
+    if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+        # There's no esp_timer, no driver components for the ESP8266
+        set(THIS_INCLUDE_TIMER "")
+        set(THIS_INCLUDE_DRIVER "")
+    else()
+        set(THIS_INCLUDE_TIMER "esp_timer")
+        set(THIS_INCLUDE_DRIVER "driver")
+    endif()
+
     # search for wolfSSL
     FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     if(WOLFSSL_ROOT)
@@ -341,7 +468,9 @@ else()
             # Abort CMake after fatal error.
         endif()
     else()
-        message(STATUS "Searching for wolfSL source code...")
+        message(STATUS "Source code for wolfSSL still not found.")
+        message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
+        set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
         FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
     endif()
 
@@ -349,11 +478,18 @@ else()
     if(WOLFSSL_ROOT)
         message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
     else()
-        message(STATUS "Failed: wolfssl directory not found.")
+        # Try to allow a more intuitive error that the source code was not found in cmake:
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
+
+        message(STATUS "Failed: wolfssl source code directory not found.")
         # Abort. We need wolfssl _somewhere_.
-        message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
-                            "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
-        # Abort CMake after fatal error.
+        message(STATUS "")
+        message(STATUS "")
+        message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
+                       "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
+        message(STATUS "")
+        message(STATUS "")
+        # Abort CMake after fatal error. (or not?)
     endif()
 
     set(INCLUDE_PATH ${WOLFSSL_ROOT})
@@ -379,22 +515,24 @@ else()
         endif()
     endif()
 
+    message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
     set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
+                          "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
                           "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
                           "\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
                          ) # COMPONENT_SRCDIRS
 
     message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
 
-    # wolfSSL user_settings.h is in the local project.
+    # wolfSSL user_settings.h may be in the local project.
+    # TODO check if exists and possibly set to ESP-IDF
     set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
-    # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
 
     string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
-    add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h")
-
+    add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
+    message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
     # Espressif may take several passes through this makefile. Check to see if we found IDF
     string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
 
@@ -427,8 +565,7 @@ else()
         message(STATUS "**************************************************************************************")
         message(STATUS "")
 
-        message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
-        # Abort CMake after fatal error.
+        message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
 
         # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
@@ -536,7 +673,9 @@ else()
     # depending on the environment, we may need to swap backslashes with forward slashes
     string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
 
-    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	if(WOLFSSL_ROOT)
+	    string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
+	endif()
 
     if(IS_DIRECTORY "${RTOS_IDF_PATH}")
         message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -552,7 +691,7 @@ else()
     message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
     # wolfSSL-specific include directories
     set(COMPONENT_ADD_INCLUDEDIRS
-        "./include" # this is the location of wolfssl user_settings.h
+        "./include" # this is the location of local project wolfssl user_settings.h
         "\"${WOLFSSL_ROOT}/\""
         "\"${WOLFSSL_ROOT}/wolfssl/\""
         "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
@@ -589,8 +728,8 @@ else()
         "\"${WOLFSSL_ROOT}/src/ssl_sess.c\""    # included by ssl.c
         "\"${WOLFSSL_ROOT}/src/x509.c\""
         "\"${WOLFSSL_ROOT}/src/x509_str.c\""
-        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external Kyber disabled by default
-        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\""     # external non-wolfssl Kyber disabled by default
+        "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -601,6 +740,7 @@ else()
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
         "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
+        "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
         "\"${EXCLUDE_ASM}\""
         )
 
@@ -622,15 +762,120 @@ else()
     # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
     #
     set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
-    idf_component_register(
-                            SRC_DIRS "${COMPONENT_SRCDIRS}"
-                            INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                            REQUIRES "${COMPONENT_REQUIRES}"
-                            EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
-                            PRIV_REQUIRES
-                              "${THIS_INCLUDE_TIMER}"
-                              "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
-                           )
+
+    if(WOLFSSL_ROOT)
+        # Only register the component if we found wolfSSL source.
+        # This is important to allow Cmake to finish to completion, otherwise the UI
+        # may not be able to display the Kconfig settings to fix a bad or missing source.
+        idf_component_register(
+                                SRC_DIRS "${COMPONENT_SRCDIRS}"
+                                INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
+                                REQUIRES "${COMPONENT_REQUIRES}"
+                                EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
+                                PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
+                                  "${THIS_INCLUDE_TIMER}"
+                                  "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
+                               )
+    else()
+        # Register the component simply to allow CMake to complete, but there's no wolfSSL source.
+        # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
+        idf_component_register()
+        message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
+    endif()
+
+# function(WOLFSSL_INIT_CERT_BUNDLE)
+if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+    AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
+  )
+    if (CMAKE_BUILD_EARLY_EXPANSION)
+        message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
+    endif()
+    # reminder: we need a value for wolfSSL root first!
+    if( "${WOLFSSL_ROOT}" STREQUAL "" )
+        message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
+    endif()
+    set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
+    message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+        set(bundle_name "x509_crt_bundle_wolfssl")
+
+        # For now the certs are in the same directory
+        set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+
+        # Generate custom certificate bundle using the generate_cert_bundle utility
+        set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
+
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+        elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
+            list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
+        endif()
+
+        # Add deprecated root certs if enabled. This config is not visible if the default cert
+        # bundle is not selected
+        if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
+            list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
+        endif()
+
+        if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
+            get_filename_component(custom_bundle_path
+              ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
+            list(APPEND crt_paths ${custom_bundle_path})
+            message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
+        else()
+            message(STATUS "Not using a custom wolfSSL bundle path.")
+        endif()
+        list(APPEND args --input ${crt_paths} -q)
+
+        message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
+        get_filename_component(crt_bundle
+            ${bundle_name}
+            ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+
+        message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
+        message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
+        message(STATUS "crt_bundle ${crt_bundle}")
+        message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
+        message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
+        message(STATUS "args ${args}")
+        message(STATUS "cert_bundle ${cert_bundle}")
+
+        # Generate bundle according to config
+        # File is generated at build time, not cmake load
+        add_custom_command(OUTPUT ${crt_bundle}
+            COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
+            DEPENDS ${custom_bundle_path}
+            VERBATIM)
+
+        if(EXISTS "${crt_bundle}")
+            message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
+        else()
+            message(STATUS "Bundle file expected during next build: ${crt_bundle}")
+        endif()
+
+        # Reminder the file is generated at build time, not cmake load time.
+        message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
+
+        add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
+
+        # the wolfSSL crtificate bundle is baked into wolfSSL
+        add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
+
+        # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
+        # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
+        target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+                     APPEND PROPERTY ADDITIONAL_CLEAN_FILES
+                     "${crt_bundle}")
+    else()
+        message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
+    endif()
+endif()
+
+# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
 
     # Some optional diagnostics. Verbose ones are truncated.
     if (VERBOSE_COMPONENT_MESSAGES)
@@ -662,6 +907,12 @@ else()
     endif()
 
     # target_sources(wolfssl PRIVATE  "\"${WOLFSSL_ROOT}/wolfssl/\""  "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
+    message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
+    message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
+    target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
+    if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
+        target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
+    endif()
 
 endif() # CMAKE_BUILD_EARLY_EXPANSION
 
@@ -707,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
         message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
 
         # the interesting part is defining the VAR_OUPUT name a value to use in the app
-        add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
     else()
         # if we get here, check the execute_process command and parameters.
         message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -715,35 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
     endif()
 endfunction() # LIBWOLFSSL_SAVE_INFO
 
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
 # create some programmatic #define values that will be used by ShowExtendedSystemInfo().
 # see wolfcrypt\src\port\Espressif\esp32_utl.c
-if(NOT CMAKE_BUILD_EARLY_EXPANSION)
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
     set (git_cmd "git")
     message(STATUS "Adding macro definitions:")
 
     # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
 
     # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
-    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
+                    "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
+                    OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
 
     LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
 
-    message(STATUS "************************************************************************************************")
-    message(STATUS "wolfssl component config complete!")
-    message(STATUS "************************************************************************************************")
 endif()
+
+# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
+string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
+
+if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
+    # Flag not found, append it
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+endif()
+
+if(WOLFSSL_ROOT)
+    message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
+
+    # PlatformIO does not process script from from the Espressif cmake process.
+    # We need to know where wolfSSL source code was found, so save it in the
+    # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
+
+    set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
+    message(STATUS "PIO_WOLFSSL_ROOT =  $ENV{PIO_WOLFSSL_ROOT}")
+    message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
+    # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
+    if(CONFIG_ESP_TLS_USING_WOLFSSL)
+        if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
+            message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
+        else()
+            message(STATUS "wolfSSL will be used for ESP-TLS")
+        endif()
+    else()
+        message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
+    endif()
+else()
+    message(STATUS "")
+    message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
+    message(STATUS "")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "ERROR: Could not find wolfSSL Source Code")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+    message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
+endif()
+
+message(STATUS "************************************************************************************************")
+message(STATUS "wolfSSL component config complete!")
+message(STATUS "************************************************************************************************")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
new file mode 100644
index 000000000..150913190
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
@@ -0,0 +1,523 @@
+# Kconfig template
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+
+# Kconfig File Version 5.7.2.001 for esp-idf integration
+
+# Kconfig Format Rules
+#
+# See:
+#  https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
+#
+# Format rules for Kconfig files are as follows:
+#
+# Option names in any menus should have consistent prefixes. The prefix
+# currently should have at least 3 characters.
+#
+# The unit of indentation should be 4 spaces. All sub-items belonging to a
+# parent item are indented by one level deeper. For example, menu is indented
+# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
+# text under help by 12 spaces.
+#
+# No trailing spaces are allowed at the end of the lines.
+#
+# The maximum length of options is NOT 50 characters as documented.
+#   kconfcheck will complain that options should be 40 at most.
+#
+# Fix option lengths first. Superfluous errors on other lines may occur.
+#
+# The maximum length of lines is 120 characters.
+#
+# python -m kconfcheck <path_to_kconfig_file>
+#
+# ---------------------------------------------------------------------------------------------------------------------
+# Begin main wolfSSL configuration menu
+# ---------------------------------------------------------------------------------------------------------------------
+#   See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
+
+menu "wolfSSL"
+
+    menu "Hardening"
+        config ESP_WOLFSSL_WC_NO_HARDEN
+            bool "Disable wolfSSL hardening"
+            default n
+            help
+                Sets WC_NO_HARDEN
+
+        config ESP_WOLFSSL_TFM_TIMING_RESISTANT
+            bool "Enable TFM Timing Resistant Code"
+            default n
+            help
+                Sets TFM_TIMING_RESISTANT.
+
+    endmenu # Hardening
+
+    config ESP_WOLFSSL_ENABLE_BENCHMARK
+        bool "Enable wolfSSL Benchmark Library"
+        default n
+        help
+            Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
+
+
+    menu "Benchmark Debug"
+        config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            bool "Enable benchmark timing debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
+
+        config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            bool "Enable benchmark timer debug"
+            depends on ESP_WOLFSSL_ENABLE_BENCHMARK
+            default n
+            help
+                Turn on timer debugging (used when CPU cycles not available)
+
+    endmenu # Benchmark Debug
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # wolfCrypt Test
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ENABLE_TEST
+        bool "Enable wolfCrypt Test Library"
+        default n
+        help
+            Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
+
+    menu "wolfCrypt tests"
+        config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+            bool "Enable wolfCrypt Test Options"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables HAVE_WOLFCRYPT_TEST_OPTIONS
+
+        config TEST_ESPIDF_ALL_WOLFSSL
+            bool "Enable all features to use in tests"
+            depends on ESP_WOLFSSL_ENABLE_TEST
+            default n
+            help
+                Enables TEST_ESPIDF_ALL_WOLFSSL
+
+    endmenu # wolfCrypt tests
+
+    # -----------------------------------------------------------------------------------------------------------------
+    # Apple HomeKit Options
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Apple HomeKit"
+        config WOLFSSL_APPLE_HOMEKIT
+            bool "Enable Apple HomeKit options"
+            default n
+            help
+                Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
+    endmenu # Apple HomeKit
+    # -----------------------------------------------------------------------------------------------------------------
+
+    config ESP_WOLFSSL_DISABLE_MY_ECC
+        bool "Disable ECC in my project"
+        default "n"
+        help
+            ECC is enabled by default. Select this option to disable.
+
+    config ESP_WOLFSSL_ENABLE_MY_USE_RSA
+        bool "Enable RSA in my project"
+        default "n"
+        help
+            RSA is disabled by default. Select this option to enable.
+
+    config ESP_WOLFSSL_BENCHMARK
+        bool "Enable wolfSSL Benchmark"
+        default n
+        help
+            Enables user settings relevant to benchmark code
+
+    config ESP_TLS_USING_WOLFSSL_SPECIFIED
+        bool "Use the specified wolfssl for ESP-TLS"
+        default Y
+        help
+            Includes wolfSSL from specified directory (not using esp-wolfssl).
+
+    config ESP_WOLFSSL_NO_USE_FAST_MATH
+        bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
+        select ESP_WOLFSSL_NO_HW
+        select ESP_WOLFSSL_NO_HW_AES
+        select ESP_WOLFSSL_NO_HW_HASH
+        select ESP_WOLFSSL_NO_HW_RSA_PRI
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+        select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+
+    menu "Protocol Config"
+        config WOLFSSL_HAVE_ALPN
+            bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
+            default y
+
+        config WOLFSSL_ALLOW_TLS13
+            bool "Allow TLS 1.3"
+            default y
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_ALLOW_TLS12
+            bool "Allow TLS 1.2"
+            default n
+            help
+                Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
+                When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
+
+        config WOLFSSL_HAVE_TLS_EXTENSIONS
+            bool "Enable TLS Extensions"
+            default y
+            help
+                Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
+
+        config WOLFSSL_ALT_CERT_CHAINS
+            bool "Enable Alternate Certificate Chains"
+            default n
+            help
+                The option relaxes the default strict wolfSSL certificate chain processing. This
+                will typically need to be enabled when loading only a CA file. Typically solves
+                the -188 ASN_NO_SIGNER_E error. Use with caution.
+
+        config WOLFSSL_HAVE_OCSP
+            bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
+            default n
+            help
+                Sets HAVE_OCSP
+
+    endmenu # Protocol Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config TLS_STACK_WOLFSSL
+        # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
+        bool
+        default n
+        select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
+        help
+            Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
+            Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
+
+    menu "wolfSSL ESP-TLS"
+        depends on ESP_TLS_USING_WOLFSSL
+
+        menu "Certificate Bundle"
+            depends on ESP_TLS_USING_WOLFSSL
+
+            config WOLFSSL_CERTIFICATE_BUNDLE
+                bool "Enable trusted root certificate bundle"
+                default y if ESP_TLS_USING_WOLFSSL
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Enable support for large number of default root certificates
+
+                    When enabled this option allows user to store default as well
+                    as customer specific root certificates in compressed format rather
+                    than storing full certificate. For the root certificates the public key and the subject name
+                    will be stored.
+
+            config WOLFSSL_NO_ASN_STRICT
+                bool "Relax Certificate ASN Strict Checks"
+                default n
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
+                    it is recommended to NOT enable this.
+
+            config WOLFSSL_ASN_ALLOW_0_SERIAL
+                bool "Allow cert missing an ASN Serial Number"
+                default y
+                depends on ESP_TLS_USING_WOLFSSL
+                help
+                    Although not recommended, there may be certificates in the bundle that are missing
+                    a serial number. This option allows the missing value without having to fully
+                    disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
+
+            choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
+                bool "Default certificate bundle options"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
+                    bool "Use the full default certificate bundle"
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
+                    bool "Use only the most common certificates from the default bundles"
+                    help
+                        Use only the most common certificates from the default bundles, reducing the size with 50%,
+                        while still having around 99% coverage.
+                config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                    bool "Do not use the default certificate bundle"
+            endchoice
+
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Add custom certificates to the default bundle"
+            config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
+                depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Custom certificate bundle path"
+                help
+                    Name of the custom certificate directory or file. This path is evaluated
+                    relative to the project root directory.
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
+                bool "Add deprecated root certificates"
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
+                help
+                    Include the deprecated list of root certificates in the bundle.
+                    This list gets updated when a certificate is removed from the Mozilla's
+                    NSS root certificate store. This config can be enabled if you would like
+                    to ensure that none of the certificates that were deployed in the product
+                    are affected because of the update to bundle. In turn, enabling this
+                    config keeps expired, retracted certificates in the bundle and it may
+                    pose a security risk.
+
+                    - Deprecated cert list may grow based based on sync with upstream bundle
+                    - Deprecated certs would be be removed in ESP-IDF (next) major release
+
+            config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
+                int "Maximum no of certificates allowed in certificate bundle"
+                default 200
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+
+        endmenu
+    endmenu # wolfSSL ESP-TLS
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+        bool "Modify default hardware acceleration settings"
+        default n
+        help
+            When disabling all hardware acceleration for smaller memory footprint,
+            disabling TFM fast math provides faster wolfSSL software algorithms in an
+            even smaller flash memory footprint.
+            Typically used for debugging, analysis, or optimizations. The default
+            hardware acceleration features can be each manually adjusted.
+
+    menu "wolfSSL Hardware Acceleration"
+
+        config ESP_WOLFSSL_NO_ESP32_CRYPT
+            bool "Disable all ESP32 Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_AES
+            select ESP_WOLFSSL_NO_HW_HASH
+            select ESP_WOLFSSL_NO_HW_RSA_PRI
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
+                Consider disabling FASTMATH (other libraries are faster in software and smaller)
+
+        config ESP_WOLFSSL_NO_HW_AES
+            bool "Disable all ESP32 AES Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.When selected defines: NO_HW_AES
+
+        config ESP_WOLFSSL_NO_HW_HASH
+            bool "Disable all ESP32 SHA Hash Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI
+            bool "Disable all ESP32 RSA Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+            bool "Disable all ESP32 Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+            bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
+
+        config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+            bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
+            depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
+            default n
+            help
+                Hardware acceleration enabled by default.
+                Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+    endmenu # wolfSSL Hardware Acceleration
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Experimental Options"
+
+        config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
+            bool "Enable wolfSSL Experimental Settings"
+            default n
+            help
+                Enables experimental settings for wolfSSL. See documentation.
+
+        config ESP_WOLFSSL_ENABLE_KYBER
+            bool "Enable wolfSSL Kyber"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+    endmenu # wolfSSL Experimental Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Debug Options"
+        config ESP_WOLFSSL_DEBUG_WOLFSSL
+            bool "Enable wolfSSL Debugging"
+            default n
+            help
+                Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
+    endmenu # wolfSSL Debug Options
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "wolfSSL Customization"
+        config CUSTOM_SETTING_WOLFSSL_ROOT
+            string "Enter a path for wolfSSL source code"
+            default "~/workspace/wolfssl"
+            help
+                This option lets you specify a directory for the wolfSSL source code (typically a git clone).
+                Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
+                (e.g., C:\\myfolder\\mysubfolder).
+
+    endmenu # wolfSSL Customization
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Component Config"
+        config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
+            bool "Ignore the ESP-IDF component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
+
+        config IGNORE_LOCAL_WOLFSSL_COMPONENT
+            bool "Ignore the local component of wolfSSL (if present)"
+            default n
+            help
+                Ignores wolfSSL present in the local project components directory.
+                Requires wolfssl as a ESP-IDF component.
+
+    endmenu # Component Config
+    # -----------------------------------------------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------------------------------------------
+    menu "Utility Config"
+        config USE_WOLFSSL_ESP_SDK_TIME
+            bool "Enable wolfSSL time helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+        config USE_WOLFSSL_ESP_SDK_WIFI
+            bool "Enable wolfSSL WiFi helper functions"
+            default n
+            help
+                Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
+
+    endmenu # Utility Config
+endmenu # wolfSSL
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfSSH"
+    config ESP_ENABLE_WOLFSSH
+        bool "Enable wolfSSH options"
+        default n
+        help
+            Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
+
+    config ESP_WOLFSSL_DEBUG_WOLFSSH
+        bool "Enable wolfSSH debugging"
+        default n
+        help
+            Enable wolfSSH debugging macro. See user_settings.h
+
+endmenu # wolfSSH
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+menu "wolfMQTT"
+    config ESP_ENABLE_WOLFMQTT
+        bool "Enable wolfMQTT options"
+        default n
+        help
+            Enables WOLFMQTT
+
+    config ESP_WOLFSSL_DEBUG_WOLFMQTT
+        bool "Enable wolfMQTT debugging"
+        default n
+        help
+            Enable wolfMQTT debugging macro. See user_settings.h
+
+endmenu # wolfMQTT
+# ---------------------------------------------------------------------------------------------------------------------
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md
new file mode 100644
index 000000000..d77912416
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md
@@ -0,0 +1,162 @@
+# wolfSSL Espressif Component
+
+This is the directory for wolfSSL as an Espressif ESP-IDF component.
+
+Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
+to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
+
+The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
+`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
+
+## Directory Contents
+
+This directory must contain, at a minimum:
+
+- `CMakeLists.txt`
+- `./include/user_settings.h`
+
+The directory should also contain:
+- `Kconfig`
+- `component.mk`
+
+The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
+or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
+
+
+Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
+
+- A hard-coded `WOLFSSL_ROOT` cmake variable.
+- `WOLFSSL_ROOT` Environment Variable
+- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
+- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
+- Any parent directories, up to the root (if this directory is a project component)
+
+While recursing up the directory tree, the following names of wolfSSL directories will be considered:
+
+- `wolfssl-[current user name]`
+- `wolfssl-master`
+- `wolfssl`
+
+## Getting Started
+
+See the `Espressif Getting Started Guide`.
+
+```
+# Set environment variable to ESP-IDF location
+# For example, VisualGDB in WSL
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
+WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
+
+# Or wherever the ESP-IDF is installed:
+WRK_IDF_PATH=~/esp/esp-idf
+
+echo "Run export.sh from ${WRK_IDF_PATH}"
+. ${WRK_IDF_PATH}/export.sh
+
+cd [your project]
+
+idf.py menuconfig
+```
+
+Enable wolfSSL to be used in the ESP-TLS:
+
+```
+Component config  --->
+    ESP-TLS  --->
+        Choose SSL/TLS library for ESP-TLS (See help for more Info)
+            (X) wolfSSL (License info in wolfSSL directory README)
+```
+
+Adjust wolfSSL settings, such as path to source code as needed:
+
+```
+Component config  --->
+    wolfSSL  --->
+        [*] Include wolfSSL in ESP-TLS
+        [*] Use the specified wolfssl for ESP-TLS
+        (~/workspace/wolfssl) Enter a path for wolfSSL source code
+```
+
+## Configuration
+
+All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
+
+The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
+before any other wolfSSL headers, like this:
+
+
+```c
+/* ESP-IDF */
+#include <esp_log.h>
+#include "sdkconfig.h"
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#if defined(WOLFSSL_USER_SETTINGS)
+    #include <wolfssl/wolfcrypt/settings.h>
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
+    #endif
+#else
+    /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
+    /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
+    CFLAGS +=-DWOLFSSL_USER_SETTINGS"
+#endif
+```
+
+## Examples
+
+See the wolfSSL examples:
+
+- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
+- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
+- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
+- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
+- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
+
+## Platforms
+
+The ESP-IDF wolfSSL is also available for PlatformIO:
+
+- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
+- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
+
+The wolfSSL library can also be used for Espressif with Arduino:
+
+- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
+- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
+
+
+## Additional Information
+
+- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
+- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
+- [wolfSSL Products](https://www.wolfssl.com/products/)
+- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
+- [More...](https://www.wolfssl.com/?s=espressif)
+
+## Contact
+
+Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
+
+## Licensing and Support
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
+
+See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
+
+View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)
+
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
index 2540584c8..aacd62566 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -18,6 +18,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #
 
+$(info ***********  wolfssl component ************)
+
 #
 # Component Makefile
 #
@@ -48,193 +50,257 @@
 # define it here:
 CFLAGS +=-DWOLFSSL_USER_SETTINGS
 
-# In the wolfSSL GitHub examples for Espressif,
-# the root is 7 directories up from here:
-WOLFSSL_ROOT := ../../../../../../../
+# Note that 4 source files created by autogen are excluded here.
+#
+# See these files commented out, below. Adjust as needed for your application:
+#
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
+
+
+# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
+# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
+# In the wolfSSL GitHub examples for Espressif:
+#   https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
+# When this wolfssl component.mk makefile is in [project]/components/wolfssl
+# The root is 7 directories up from here (the location of of this component.mk):
+#
+WOLFSSL_ROOT     ?= ../../../../../../..
+THIS_DIR         := $(shell pwd)
+WOLFSSL_ROOT_OBJ := $(THIS_DIR)
+
+# When running make from commandline or VisualGDB, the current path varies:
+ifeq ("$(VISUALGDB_DIR)","")
+    # current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
+else
+    # current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
+endif
+
+# To set the location of a different location, it is best to use relative paths.
+#
+# Set WOLFSSL_ROOT to a relative path from the current component directory.
+# For example, if the wolfssl_client is copied from the examples to test:
+#
+# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
+#
+# we run make in   /mnt/c/test/demo
+# component is in  /mnt/c/test/demo/components/wolfssl
+# wolfssl is in    /mnt/c/workspace/wolfssl-master
+#
+# "/mnt/c" is 4 directories up:
+#             2 for `./test/demo` from where we run `make`, plus
+#             2 more from the location of `component.mk` located
+#               in `[current directory]/components/wolfssl`.
+#
+# Thus we need 4 parent reference to find the relative path to wolfSSL:
+# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
+
+# Optional CFLAGS (make works without these; for reference only)
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
+abs_WOLFSSL_ROOT     := $(shell realpath $(WOLFSSL_ROOT))
+
+# print-wolfssl-path-value:
+#	@echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
+#	@echo "WOLFSSL_ROOT actual:  $(abs_WOLFSSL_ROOT)"
+
+$(info WOLFSSL_ROOT     defined: $(WOLFSSL_ROOT))
+$(info WOLFSSL_ROOT     actual:  $(abs_WOLFSSL_ROOT))
+$(info THIS_DIR         defined: $(THIS_DIR))
+$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
 
 # NOTE: The wolfSSL include directory (e.g. user_settings.h) is
 # located HERE in THIS project, and *not* in the wolfSSL root.
 COMPONENT_ADD_INCLUDEDIRS := .
 COMPONENT_ADD_INCLUDEDIRS += include
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT).
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
-COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
+COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
+
 # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
 # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
 
+# wolfSSL
+COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
 
-# WOLFSSL_ROOT := ""
-COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test
-COMPONENT_SRCDIRS += include
+# wolfcrypt
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
 
-COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o
-COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o
+# Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
 
+COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
+COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
 
 ##
 ## wolfSSL
 ##
-COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o
-# COMPONENT_OBJS += src/conf.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o
-# COMPONENT_OBJS += src/pk.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o
+## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
+##
+# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o  # part of ssl.c, omitted to avoid "does not need to be compiled separately"
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o   # part of ssl.c
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
 # COMPONENT_OBJS += src/ssl_asn1.o
 # COMPONENT_OBJS += src/ssl_bn.o
 # COMPONENT_OBJS += src/ssl_certman.o
 # COMPONENT_OBJS += src/ssl_crypto.o
 # COMPONENT_OBJS += src/ssl_misc.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o
-# COMPONENT_OBJS += src/x509.o
-# COMPONENT_OBJS += src/x509_str.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o     # part of ssl.c
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
 
 ##
 ## wolfcrypt
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o
-# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
+# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o  # autogen exclusion
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
 
 ##
 ## Espressif
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
+COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
 
 ##
 ## wolfcrypt benchmark  (optional)
 ##
-## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o
+## COMPONENT_OBJS            += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
+## COMPONENT_SRCDIRS         += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
+
 
 ##
-## wolfcrypt test (optional)
+## wolfcrypt test (needed for this test example)
 ##
-COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o
+COMPONENT_OBJS               += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
+COMPONENT_SRCDIRS            += $(WOLFSSL_ROOT)/wolfcrypt/test
+COMPONENT_ADD_INCLUDEDIRS    += $(WOLFSSL_ROOT)/wolfcrypt/test/include
 
-##
-## wolfcrypt
-##
-COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
+$(info ********** end wolfssl component **********)
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
index 9cf87e8fd..89498ae70 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
@@ -1,6 +1,6 @@
-/* user_settings.h
+/* wolfssl-component include/user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,19 +18,57 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
+
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
 
 /* This user_settings.h is for Espressif ESP-IDF
  *
  * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
  *
- * Do not include any wolfssl headers here
+ * Do not include any wolfssl headers here.
  *
  * When editing this file:
- * ensure wolfssl_test and wolfssl_benchmark settings match.
+ * ensure all examples match. The template example is the reference.
  */
 
-/* The Espressif project config file. See also sdkconfig.defaults */
-#include "sdkconfig.h"
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
 
 /* The Espressif sdkconfig will have chipset info.
 **
@@ -46,33 +84,264 @@
 #undef  WOLFSSL_ESPIDF
 #define WOLFSSL_ESPIDF
 
-/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
-#define NO_ESP_SDK_WIFI
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
 
 /* Experimental Kyber */
-#if 0
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
     /* Kyber typically needs a minimum 10K stack */
     #define WOLFSSL_EXPERIMENTAL_SETTINGS
-    #define WOLFSSL_HAVE_KYBER
-    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_HAVE_MLKEM
+    #define WOLFSSL_WC_MLKEM
     #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
 #endif
 
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
 /*
  * ONE of these Espressif chip families will be detected from sdkconfig:
  *
  * WOLFSSL_ESP32
+ * WOLFSSL_ESPWROOM32SE
  * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
  */
-#undef WOLFSSL_ESPWROOM32SE
-#undef WOLFSSL_ESP8266
-#undef WOLFSSL_ESP32
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
 /* See below for chipset detection from sdkconfig.h */
 
 /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
-/* #define SINGLE_THREADED */
+#define SINGLE_THREADED
 
-/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
  * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
  * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
  * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
@@ -92,130 +361,6 @@
 /* RSA_LOW_MEM: Half as much memory but twice as slow. */
 #define RSA_LOW_MEM
 
-/* Uncommon settings for testing only */
-#define TEST_ESPIDF_ALL_WOLFSSL
-#ifdef  TEST_ESPIDF_ALL_WOLFSSL
-    #define WOLFSSL_MD2
-    #define HAVE_BLAKE2
-    #define HAVE_BLAKE2B
-    #define HAVE_BLAKE2S
-
-    #define WC_RC2
-    #define WOLFSSL_ALLOW_RC4
-
-    #define HAVE_POLY1305
-
-    #define WOLFSSL_AES_128
-    #define WOLFSSL_AES_OFB
-    #define WOLFSSL_AES_CFB
-    #define WOLFSSL_AES_XTS
-
-    /* #define WC_SRTP_KDF */
-    /* TODO Causes failure with Espressif AES HW Enabled */
-    /* #define HAVE_AES_ECB */
-    /* #define HAVE_AESCCM  */
-    /* TODO sanity check when missing HAVE_AES_ECB */
-    #define WOLFSSL_WOLFSSH
-
-    #define HAVE_AESGCM
-    #define WOLFSSL_AES_COUNTER
-
-    #define HAVE_FFDHE
-    #define HAVE_FFDHE_2048
-    #if defined(CONFIG_IDF_TARGET_ESP8266)
-        /* TODO Full size SRP is disabled on the ESP8266 at this time.
-         * Low memory issue? */
-        #define WOLFCRYPT_HAVE_SRP
-        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
-        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
-    #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
-          defined(CONFIG_IDF_TARGET_ESP32S2) || \
-          defined(CONFIG_IDF_TARGET_ESP32S3)
-        #define WOLFCRYPT_HAVE_SRP
-        #define FP_MAX_BITS (8192 * 2)
-    #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
-          defined(CONFIG_IDF_TARGET_ESP32H2)
-        /* SRP Known to be working on this target::*/
-        #define WOLFCRYPT_HAVE_SRP
-        #define FP_MAX_BITS (8192 * 2)
-    #else
-        /* For everything else, give a try and see if SRP working: */
-        #define WOLFCRYPT_HAVE_SRP
-        #define FP_MAX_BITS (8192 * 2)
-    #endif
-
-    #define HAVE_DH
-
-    /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
-     * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
-    /* #define HAVE_CAMELLIA */
-
-    /* DSA requires old SHA */
-    #define HAVE_DSA
-
-    /* Needs SHA512 ? */
-    #define HAVE_HPKE
-
-    /* Not for Espressif? */
-    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
-        defined(CONFIG_IDF_TARGET_ESP8684) || \
-        defined(CONFIG_IDF_TARGET_ESP32H2) || \
-        defined(CONFIG_IDF_TARGET_ESP8266)
-
-        #if defined(CONFIG_IDF_TARGET_ESP8266)
-            #undef HAVE_ECC
-            #undef HAVE_ECC_CDH
-            #undef HAVE_CURVE25519
-
-            /* TODO does CHACHA also need alignment? Failing on ESP8266
-             * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
-            #ifdef HAVE_CHACHA
-                #error "HAVE_CHACHA not supported on ESP8266"
-            #endif
-            #ifdef HAVE_XCHACHA
-                #error "HAVE_XCHACHA not supported on ESP8266"
-            #endif
-        #else
-            #define HAVE_XCHACHA
-            #define HAVE_CHACHA
-            /* TODO Not enabled at this time, needs further testing:
-             *   #define WC_SRTP_KDF
-             *   #define HAVE_COMP_KEY
-             *   #define WOLFSSL_HAVE_XMSS
-             */
-        #endif
-        /* TODO AES-EAX not working on this platform */
-
-        /* Optionally disable DH
-         *   #undef HAVE_DH
-         *   #undef HAVE_FFDHE
-         */
-
-        /* ECC_SHAMIR out of memory on ESP32-C2 during ECC  */
-        #ifndef HAVE_ECC
-            #define ECC_SHAMIR
-        #endif
-    #else
-        #define WOLFSSL_AES_EAX
-
-        #define ECC_SHAMIR
-    #endif
-
-    /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
-    /* #define WOLFSSL_CAAM      */
-    /* #define WOLFSSL_CAAM_BLOB */
-
-    #define WOLFSSL_AES_SIV
-    #define WOLFSSL_CMAC
-
-    #define WOLFSSL_CERT_PIV
-
-    /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
-    /* #define HAVE_SCRYPT */
-    #define SCRYPT_TEST_ALL
-    #define HAVE_X963_KDF
-#endif
-
 /* optionally turn off SHA512/224 SHA512/256 */
 /* #define WOLFSSL_NOSHA512_224 */
 /* #define WOLFSSL_NOSHA512_256 */
@@ -230,14 +375,43 @@
 #define BENCH_EMBEDDED
 
 /* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
 
-#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -254,32 +428,67 @@
 /* when you want to use SHA384 */
 #define WOLFSSL_SHA384
 
-/* when you want to use SHA512 */
-#define WOLFSSL_SHA512
-
-/* when you want to use SHA3 */
-#define WOLFSSL_SHA3
-
- /* ED25519 requires SHA512 */
-#define HAVE_ED25519
-
 /* Some features not enabled for ESP8266: */
 #if defined(CONFIG_IDF_TARGET_ESP8266) || \
     defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
     /* TODO determine low memory configuration for ECC. */
 #else
-    #define HAVE_ECC
-    #define HAVE_CURVE25519
-    #define CURVE25519_SMALL
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
+
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
+
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
 #endif
 
-#define HAVE_ED25519
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
 
-/* Optional OPENSSL compatibility */
-#define OPENSSL_EXTRA
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
 
 /* #Optional HAVE_PKCS7 */
-#define HAVE_PKCS7
+/* #define HAVE_PKCS7 */
 
 #if defined(HAVE_PKCS7)
     /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
@@ -319,8 +528,11 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x349F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
 /* hash limit for test.c */
 #define HASH_SIZE_LIMIT
@@ -329,7 +541,7 @@
 #define USE_FAST_MATH
 
 /*****      Use SP_MATH      *****/
-/* #undef USE_FAST_MATH          */
+/* #undef  USE_FAST_MATH         */
 /* #define SP_MATH               */
 /* #define WOLFSSL_SP_MATH_ALL   */
 /* #define WOLFSSL_SP_RISCV32    */
@@ -338,25 +550,44 @@
 /* #undef USE_FAST_MATH          */
 /* #define USE_INTEGER_HEAP_MATH */
 
-
-#define WOLFSSL_SMALL_STACK
-
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
 
 #define HAVE_VERSION_EXTENDED_INFO
 /* #define HAVE_WC_INTROSPECTION */
 
-#define  HAVE_SESSION_TICKET
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
 
 /* #define HAVE_HASHDRBG */
 
+#if 0
+/* Example for additional cert functions */
 #define WOLFSSL_KEY_GEN
-#define WOLFSSL_CERT_REQ
-#define WOLFSSL_CERT_GEN
-#define WOLFSSL_CERT_EXT
-#define WOLFSSL_SYS_CA_CERTS
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
 
 
-#define WOLFSSL_CERT_TEXT
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
 
 #define WOLFSSL_ASN_TEMPLATE
 
@@ -376,10 +607,62 @@
 --enable-asn-template
 */
 
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
 /* Chipset detection from sdkconfig.h
  * Default is HW enabled unless turned off.
  * Uncomment lines to force SW instead of HW acceleration */
-#if defined(CONFIG_IDF_TARGET_ESP32)
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
     #define WOLFSSL_ESP32
     /*  Alternatively, if there's an ECC Secure Element present: */
     /* #define WOLFSSL_ESPWROOM32SE */
@@ -497,16 +780,29 @@
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
     /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
 
-#elif defined(CONFIG_IDF_TARGET_ESP8266)
-    #define WOLFSSL_ESP8266
-
-    /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See https://www.espressif.com/en/products/socs/esp32-c2 */
+#elif defined(CONFIG_IDF_TARGET_ESP32P4)
+    #define WOLFSSL_ESP32
+    /*  wolfSSL Hardware Acceleration not yet implemented */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP32P4 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8266)
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6             */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -518,7 +814,7 @@
     /***** END CONFIG_IDF_TARGET_ESP8684 *****/
 
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #warning "Unexpected CONFIG_IDF_TARGET_NN value"
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -556,18 +852,33 @@
 /* Debug options:
 See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+
 #define ESP_VERIFY_MEMBLOCK
 #define DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL_VERBOSE
 #define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
 #define WOLFSSL_TEST_STRAY 1
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
 
 See wolfcrypt/benchmark/benchmark.c for debug and other settings:
 
@@ -579,7 +890,8 @@ Turn on timer debugging (used when CPU cycles not available)
 */
 
 /* Pause in a loop rather than exit. */
-#define WOLFSSL_ESPIDF_ERROR_PAUSE
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
 
 #define WOLFSSL_HW_METRICS
 
@@ -628,6 +940,12 @@ Turn on timer debugging (used when CPU cycles not available)
  * There are various certificate examples in this header file:
  * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
  *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
  * To use the sets of macros below, define *one* of these:
  *
  *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
@@ -705,6 +1023,7 @@ Turn on timer debugging (used when CPU cycles not available)
     #define WOLFSSL_BASE16
 #else
     #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
         /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_2048
@@ -726,6 +1045,7 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
 
     #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
         /* Be sure to include in app when using example certs: */
         /* #include <wolfssl/certs_test.h>                     */
         #define CTX_CA_CERT          ca_cert_der_1024
@@ -773,3 +1093,11 @@ Turn on timer debugging (used when CPU cycles not available)
 #else
     #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
 #endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
index 2fe1790be..2998d8ee5 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
@@ -1,9 +1,132 @@
+# wolfSSL Espressif Example Project/main CMakeLists.txt
+#   v1.2
 #
 # wolfssl crypt test
 #
+message(STATUS "Begin wolfSSL main CMakeLists.txt")
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
-idf_component_register(SRCS
-                         "main.c"
-                       INCLUDE_DIRS
-                         ".")
+if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
+    # `driver` component not available for ESP8266
+    SET(THIS_PRIV_REQUIRES_DRIVER "")
+else()
+    SET(THIS_PRIV_REQUIRES_DRIVER "driver")
+endif()
+
+if(WIN32)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
+    message(STATUS "Detected Windows")
+endif()
+if(CMAKE_HOST_UNIX)
+    message(STATUS "Detected UNIX")
+endif()
+if(APPLE)
+    message(STATUS "Detected APPLE")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
+    message(STATUS "Detected WSL")
+endif()
+if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
+    message(STATUS "Detected Linux")
+endif()
+if(APPLE)
+    # Windows-specific configuration here
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
+    message(STATUS "Detected Apple")
+endif()
+set (git_cmd "git")
+
+if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
+    #
+    # wolfSSL found in both ESP-IDF and local project - needs to be resolved by user
+    #
+    message(STATUS "")
+    message(STATUS "WARNING: Found components/wolfssl in both local project and IDF_PATH")
+    message(STATUS "")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
+endif()
+
+# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
+if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
+    message(STATUS "WARNING: Using a staging instance of wolfssl.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
+else()
+    message(STATUS "Using release wolfssl component.")
+    set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
+endif()
+
+## register_component()
+idf_component_register(SRCS main.c
+                       INCLUDE_DIRS "."
+                            "./include"
+                       PRIV_REQUIRES "${THIS_PRIV_REQUIRES_DRIVER}"
+                                     "${MAIN_WOLFSSL_COMPONENT_NAME}"
+                       )
+
+#
+# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
+#
+# Save the THIS_VAR as a string in a macro called VAR_OUPUT
+#
+# VAR_OUPUT:  the name of the macro to define
+# THIS_VAR:   the OUTPUT_VARIABLE result from a execute_process()
+# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
+#
+function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
+    # is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
+    string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
+
+    # if we had a successful operation, save the THIS_VAR in VAR_OUPUT
+    if(${IS_VALID_VALUE})
+        # strip newline chars in THIS_VAR parameter and save in VAR_VALUE
+        string(REPLACE "\n" ""  VAR_VALUE  ${THIS_VAR})
+
+        # we'll could percolate the value to the parent for possible later use
+        # set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
+
+        # but we're only using it here in this function
+        set(${VAR_OUPUT} ${VAR_VALUE})
+
+        # we'll print what we found to the console
+        message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
+
+        # the interesting part is defining the VAR_OUPUT name a value to use in the app
+        add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
+    else()
+        # if we get here, check the execute_process command and parameters.
+        message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
+        message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
+        set(${VAR_OUPUT} "Unknown")
+    endif()
+endfunction() # LIBWOLFSSL_SAVE_INFO
+
+execute_process(
+    COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
+    OUTPUT_VARIABLE IS_GIT_REPO
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_QUIET
+)
+
+# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
+if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
+    # LIBWOLFSSL_VERSION_GIT_HASH
+    execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_SHORT_HASH
+    execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
+
+    # LIBWOLFSSL_VERSION_GIT_HASH_DATE
+    execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES  )
+    LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
+endif()
+
+message(STATUS "")
+
+message(STATUS "End wolfSSL main CMakeLists.txt")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild
index 264c80883..06cc01df8 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild
@@ -1,29 +1,112 @@
-menu "Example Configuration"
+# Kconfig main
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
 
-config BENCH_ARGV
-    string "Arguments for benchmark test"
-    default "-lng 0"
+# Kconfig File Version 5.7.2.001 for wolfssl_template
+
+menu "Example wolfSSL Configuration"
+
+choice WOLFSSL_EXAMPLE_CHOOSE
+    prompt "Choose Example (See wolfssl/include/user_settings.h)"
+    default WOLFSSL_EXAMPLE_NAME_NONE
     help
-        -? <num>    Help, print this usage
-                     0: English, 1: Japanese
-        -csv        Print terminal output in csv format
-        -base10     Display bytes as power of 10 (eg 1 kB = 1000 Bytes)
-        -no_aad     No additional authentication data passed.
-        -dgst_full  Full digest operation performed.
-        -rsa_sign   Measure RSA sign/verify instead of encrypt/decrypt.
-        -<alg>      Algorithm to benchmark. Available algorithms include:
-                    cipher aes-cbc aes-gcm chacha20 chacha20-poly1305
-                    digest md5 poly1305 sha sha2 sha224 sha256 sha384 sha512 sha3
-                    sha3-224 sha3-256 sha3-384 sha3-512
-                    mac hmac hmac-md5 hmac-sha hmac-sha224 hmac-sha256 hmac-sha384
-                    hmac-sha512
-                    asym rsa rsa-sz dh ecc-kg ecc
-                    other rng
-        -lng <num>  Display benchmark result by specified language.
-                    0: English, 1: Japanese
-        <num>       Size of block in bytes
+        The user settings file can be adjusted to specific wolfSSL examples.
 
-        e.g -lng 1
-        e.g sha
+    config WOLFSSL_EXAMPLE_NAME_TEMPLATE
+        bool "wolfSSL Template"
+        help
+            The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
+
+    config WOLFSSL_EXAMPLE_NAME_TEST
+        bool "wolfSSL Test"
+        help
+            This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
+
+    config WOLFSSL_EXAMPLE_NAME_BENCHMARK
+        bool "wolfSSL Benchmark"
+        help
+            Benchmark performance app. See also cryptographic test.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
+        bool "TLS Client"
+        help
+            TLS Client Example app. Needs WiFi and a listening server on port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
+        bool "TLS Server"
+        help
+            TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
+        bool "SSH Template App"
+        help
+            Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
+        bool "SSH Echo Server"
+        help
+            See wolfSSL/wolfssh on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
+        bool "SSH to UART Server for the ESP32"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
+        bool "SSH to UART Server for the ESP8266"
+        help
+            See wolfSSL/wolfssh-examples on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
+        bool "MQTT Template"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
+        bool "MQTT AWS IoT"
+        help
+            See wolfSSL/wolfmqtt on GitHub.
+
+    config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
+        bool "TPM Test Example for the ESP32"
+        help
+            See wolfSSL/wolfTPM on GitHub.
+
+    config WOLFSSL_EXAMPLE_NAME_NONE
+        bool "Other"
+        help
+            A specific example app is not defined.
+
+endchoice
+
+config WOLFSSL_TARGET_HOST
+    string "Target host"
+    default "127.0.0.1"
+    help
+        host address for the example to connect
+
+config WOLFSSL_TARGET_PORT
+    int "Target port"
+    default 11111
+    help
+        host port for the example to connect
 
 endmenu
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
index df684f1e0..08f8fbe9b 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
@@ -6,4 +6,18 @@
 # in the build directory. This behavior is entirely configurable,
 # please read the ESP-IDF documents if you need to do this.
 #
-# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
+# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)
+
+# We'll add the explicit lines only for old SDK requirements (e.h. ESP8266)
+
+ifeq ("$(VISUALGDB_DIR)","")
+    $(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL) )
+else
+    $(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL) )
+    COMPONENT_SRCDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS := .
+    COMPONENT_ADD_INCLUDEDIRS += include
+
+    # Ensure main.c gets compiled
+    COMPONENT_OBJS := main.o
+endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
index 94d913235..7b41f28ba 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
@@ -1,6 +1,6 @@
-/* template main.h
+/* wolfssl_test main.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,7 +18,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #ifndef _MAIN_H_
 #define _MAIN_H_
 
+void app_main(void);
+
 #endif
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
index 315ff304c..32e0bb895 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
@@ -1,6 +1,6 @@
-/* main.c
+/* test main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,17 +26,20 @@
 /* wolfSSL */
 /* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
 /* Reminder: settings.h pulls in user_settings.h; don't include it here. */
-#ifdef WOLFSSL_USER_SETTINGS
+#if defined(WOLFSSL_USER_SETTINGS)
     #include <wolfssl/wolfcrypt/settings.h>
-    #ifndef WOLFSSL_ESPIDF
-        #warning "Problem with wolfSSL user_settings."
-        #warning "Check components/wolfssl/include"
+    #if defined(WOLFSSL_ESPIDF)
+        #include <wolfssl/version.h>
+        #include <wolfssl/wolfcrypt/types.h>
+        #include <wolfcrypt/test/test.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+        #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
+    #else
+        #error "Problem with wolfSSL user_settings. "           \
+               "Check components/wolfssl/include "              \
+               "and confirm WOLFSSL_USER_SETTINGS is defined, " \
+               "typically in the component CMakeLists.txt"
     #endif
-    #include <wolfssl/version.h>
-    #include <wolfssl/wolfcrypt/types.h>
-    #include <wolfcrypt/test/test.h>
-    #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
-    #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
 #else
     /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include   */
     /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
@@ -44,8 +47,9 @@
     CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#include "driver/uart.h"
-
+/* Hardware; include after other libraries,
+ * particularly after freeRTOS from settings.h */
+#include <driver/uart.h>
 
 /* set to 0 for one test,
 ** set to 1 for continuous test loop */
@@ -76,9 +80,13 @@
 
 /*
 ** although the wolfcrypt/test includes a default time setting,
-** see wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h */
-
+** see the enclosed optional time helper for adding NNTP.
+** be sure to add "time_helper.c" in main/CMakeLists.txt
+*/
 #undef WOLFSSL_USE_TIME_HELPER
+#if defined(WOLFSSL_USE_TIME_HELPER)
+    #include "time_helper.h"
+#endif
 
 /* see wolfssl/wolfcrypt/test/test.h */
 extern void wolf_crypt_task();
@@ -155,13 +163,18 @@ void app_main(void)
         .parity    = UART_PARITY_DISABLE,
         .stop_bits = UART_STOP_BITS_1,
     };
+    int stack_start = 0;
+    int heap_start = 0;
+    int heap_current = 0;
+    int loops = 0;
     esp_err_t ret = 0;
-    wc_ptr_t stack_start = esp_sdk_stack_pointer();
+
+    stack_start = esp_sdk_stack_pointer();
 
     /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN,
      *              UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */
 
-    /* Some targets may need to have UART speed set. TODO: which? */
+    /* Some targets may need to have UART speed set, such as ESP8266 */
     ESP_LOGI(TAG, "UART init");
     uart_param_config(UART_NUM_0, &uart_config);
     uart_driver_install(UART_NUM_0,
@@ -186,6 +199,7 @@ void app_main(void)
 #ifdef TASK_EXTRA_STACK_SIZE
      ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE);
 #endif
+
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
     ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)",
                    CONFIG_ESP_MAIN_TASK_STACK_SIZE,
@@ -195,13 +209,13 @@ void app_main(void)
      * the minimum free stack space there has been (in bytes not words, unlike
      * vanilla FreeRTOS) since the task started. The smaller the returned
      * number the closer the task has come to overflowing its stack.
-     * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
+     * see Espressif esp32/api-reference/system/freertos_idf.html
      */
     stack_start = uxTaskGetStackHighWaterMark(NULL);
     ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start);
 #endif
 
-#ifdef HAVE_VERSION_EXTENDED_INFO
+#if defined(HAVE_VERSION_EXTENDED_INFO)
     esp_ShowExtendedSystemInfo();
 #endif
 
@@ -230,38 +244,49 @@ void app_main(void)
     ESP_LOGI(TAG, "NO_CRYPT_TEST defined, skipping wolf_test_task");
 #else
     /* Although wolfCrypt_Init() may be explicitly called above,
-    ** Note it is still always called in wolf_test_task.
+    ** note it is still always called in wolf_test_task.
     */
-    int loops = 0;
+    stack_start = uxTaskGetStackHighWaterMark(NULL);
+    heap_start = heap_caps_get_free_size(MALLOC_CAP_8BIT);
+
     do {
-        #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
+        heap_current = heap_caps_get_free_size(MALLOC_CAP_8BIT);
+        ESP_LOGI(TAG, "Free heap memory: %d bytes; Start %d",
+                                         heap_current, heap_start);
+        ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
+
+        ret = wolf_test_task();
+        #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS)
             esp_hw_show_metrics();
         #endif
-        ret = wolf_test_task();
+        loops++; /* count of the number of tests run before fail. */
         ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
         ESP_LOGI(TAG, "loops = %d", loops);
 
-        loops++;
-    }
-    while (TEST_LOOP && (ret == 0));
+    } while (TEST_LOOP && (ret == 0));
+
+    /* Reminder: wolfCrypt_Cleanup() should always be called at completion,
+    ** and is called in wolf_test_task().  */
 
 #if defined TEST_LOOP && (TEST_LOOP == 1)
     ESP_LOGI(TAG, "Test loops completed: %d", loops);
 #endif
 
-    /* note wolfCrypt_Cleanup() should always be called when finished.
-    ** This is called at the end of wolf_test_task();
-    */
+#if defined(SINGLE_THREADED)
+    /* need stack monitor for single thread */
+#else
+    ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
+#endif
 
-#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
+#if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
     esp_hw_show_mp_metrics();
 #endif
 
 #ifdef INCLUDE_uxTaskGetStackHighWaterMark
-        ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
+    ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
 
-        ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
-                                        - (uxTaskGetStackHighWaterMark(NULL)));
+    ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                                    - (uxTaskGetStackHighWaterMark(NULL)));
 #endif
 
 #ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
@@ -278,7 +303,7 @@ void app_main(void)
                   "If running from idf.py monitor, press twice: Ctrl+]");
 #endif
 
-    /* done */
+    /* After completion, we'll just wait */
     while (1) {
 #if defined(SINGLE_THREADED)
         while (1);
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
index 5a1a339c9..0b2fcd1a9 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
@@ -1,34 +1,31 @@
-# This tag is used to include this file in the ESP Component Registry:
-# __ESP_COMPONENT_SOURCE__
-
-# to view: idf.py partition-table
-#
-# ESP-IDF Partition Table
-# Name, Type,  SubType, Offset,  Size, Flags
-nvs,     data, nvs,     0x9000,  24K,
-phy_init,data, phy,     0xf000,  4K,
-factory, app,  factory, 0x10000, 1500K,
-
-
-# For other settings, see:
-# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
-#
-# Here is the summary printed for the �Single factory app, no OTA� configuration:
-#
-# # ESP-IDF Partition Table
-# # Name,   Type, SubType, Offset,  Size, Flags
-# nvs,      data, nvs,     0x9000,  0x6000,
-# phy_init, data, phy,     0xf000,  0x1000,
-# factory,  app,  factory, 0x10000, 1M,
-#
-#
-# Here is the summary printed for the �Factory app, two OTA definitions� configuration:
-#
-# # ESP-IDF Partition Table
-# # Name,   Type, SubType, Offset,  Size, Flags
-# nvs,      data, nvs,     0x9000,  0x4000,
-# otadata,  data, ota,     0xd000,  0x2000,
-# phy_init, data, phy,     0xf000,  0x1000,
-# factory,  app,  factory, 0x10000,  1M,
-# ota_0,    app,  ota_0,   0x110000, 1M,
-# ota_1,    app,  ota_1,   0x210000, 1M,
+# to view: idf.py partition-table
+#
+# ESP-IDF Partition Table
+# Name, Type,  SubType, Offset,  Size, Flags
+nvs,     data, nvs,     0x9000,  24K,
+phy_init,data, phy,     0xf000,  4K,
+factory, app,  factory, 0x10000, 1500K,
+
+
+# For other settings, see:
+# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
+#
+# Here is the summary printed for the "Single factory app, no OTA" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x6000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000, 1M,
+#
+#
+# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
+#
+# # ESP-IDF Partition Table
+# # Name,   Type, SubType, Offset,  Size, Flags
+# nvs,      data, nvs,     0x9000,  0x4000,
+# otadata,  data, ota,     0xd000,  0x2000,
+# phy_init, data, phy,     0xf000,  0x1000,
+# factory,  app,  factory, 0x10000,  1M,
+# ota_0,    app,  ota_0,   0x110000, 1M,
+# ota_1,    app,  ota_1,   0x210000, 1M,
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
index 2a5ad756d..50773fdc1 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
@@ -1,19 +1,34 @@
+# Set the known example app config to template example (see user_settings.h)
+CONFIG_WOLFSSL_EXAMPLE_NAME_TEST=y
+
+# CONFIG_EXAMPLE_WIFI_SSID="myssid"
+# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
+
 # sdkconfig.defaults for ESP8266 + ESP32
+# See separate sdkconfig.defaults.esp8266
 # Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
-# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
 CONFIG_BENCH_ARGV="-lng 0"
+# FreeRTOS ticks at 1ms interval
+CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
 
 #
 # Default main stack size. See user_settings.h
 #
+# This is typically bigger than needed for stack size.
+# Units are words, not bytes. See user_settings.h
+#
 # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
 # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
-CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
+# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
 
-# Legacy stack size for older ESP-IDF versions
-CONFIG_MAIN_TASK_STACK_SIZE=10500
+# Legacy stack size name for older ESP-IDF versions
+CONFIG_MAIN_TASK_STACK_SIZE=28672
 
 #
 # Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
@@ -31,6 +46,10 @@ CONFIG_ESP_TASK_WDT_EN=n
 CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
 CONFIG_ESP_INT_WDT=n
 
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
 # ESP8266 WDT
 # CONFIG_ESP_PANIC_PRINT_REBOOT is not set
 CONFIG_ESP_PANIC_PRINT_REBOOT=n
@@ -46,6 +65,36 @@ CONFIG_HEAP_DISABLE_IRAM=y
 # Performance
 # CONFIG_COMPILER_OPTIMIZATION_PERF=y
 
+# Set max CPU frequency (falls back as needed for lower maximum)
+CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
+
+# Enable wolfSSL TLS in esp-tls
+# CONFIG_ESP_TLS_USING_WOLFSSL=y
+# CONFIG_TLS_STACK_WOLFSSL=y
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=n
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# Some wolfSSL helpers
+CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
+
+# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
+CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# Performance
+# CONFIG_COMPILER_OPTIMIZATION_PERF=y
+
 # Set max COU frequency (falls back as needed for lower maximum)
 CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
 
@@ -53,6 +102,26 @@ CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
 CONFIG_FREERTOS_UNICORE=y
 CONFIG_FREERTOS_HZ=1000
 
+# Ensure mbedTLS options are disabled
+# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
+# CONFIG_MBEDTLS_TLS_SERVER=n
+# CONFIG_MBEDTLS_TLS_CLIENT=n
+# CONFIG_MBEDTLS_HARDWARE_AES=n
+# CONFIG_MBEDTLS_HARDWARE_MPI=n
+# CONFIG_MBEDTLS_HARDWARE_SHA=n
+# CONFIG_MBEDTLS_ROM_MD5=n
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
+# CONFIG_MBEDTLS_SSL_ALPN=n
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+
+# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
+# CONFIG_MBEDTLS_TLS_ENABLED=n
+# CONFIG_MBEDTLS_TLS_DISABLED=y
+
 #
 # Compiler options
 #
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32
new file mode 100644
index 000000000..9d61e301d
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32
@@ -0,0 +1,4 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32c3 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32c3
new file mode 100644
index 000000000..a252c51ba
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32c3
@@ -0,0 +1,4 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=25500
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32c6 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32c6
new file mode 100644
index 000000000..a252c51ba
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32c6
@@ -0,0 +1,4 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=25500
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32h2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32h2
new file mode 100644
index 000000000..a252c51ba
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32h2
@@ -0,0 +1,4 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=25500
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32s2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32s2
new file mode 100644
index 000000000..9d61e301d
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32s2
@@ -0,0 +1,4 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32s3 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32s3
new file mode 100644
index 000000000..9d61e301d
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp32s3
@@ -0,0 +1,4 @@
+# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
+# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
+
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266
new file mode 100644
index 000000000..77299dfe4
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266
@@ -0,0 +1,30 @@
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
+
+# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
+CONFIG_ESP_TLS_USING_WOLFSSL=n
+CONFIG_TLS_STACK_WOLFSSL=n
+
+# Bundles take up flash space and are disabled unless otherwise known to be needed
+CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
+# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
+# CONFIG_ESP_TLS_INSECURE=y
+
+# Disable mbedTLS
+CONFIG_ESP_TLS_USING_MBEDTLS=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
+
+# ESP8266 Memory
+CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
+CONFIG_HEAP_DISABLE_IRAM=y
+
+# ESP8266 Watchdog:
+CONFIG_TASK_WDT=n
+CONFIG_TASK_WDT_PANIC=n
+
+# ESP8266 WDT
+# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
+CONFIG_ESP_PANIC_PRINT_REBOOT=n
+CONFIG_ESP_PANIC_PRINT_HALT=y
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.sln b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.sln
new file mode 100644
index 000000000..57fec6c39
--- /dev/null
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.sln
@@ -0,0 +1,30 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.8.34601.278
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{803FD0C6-D64E-4E16-9DC3-1DAEC859A3D2}") = "wolfssl_test_ESP8266", "wolfssl_test_ESP8266.vgdbproj", "{C9687472-A434-43A7-9026-7914F425B9B4}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{D4A6F5E5-807B-4D51-ACD5-8493BCF2E7F0}"
+	ProjectSection(SolutionItems) = preProject
+		components\wolfssl\include\user_settings.h = components\wolfssl\include\user_settings.h
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|VisualGDB = Debug|VisualGDB
+		Release|VisualGDB = Release|VisualGDB
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{C9687472-A434-43A7-9026-7914F425B9B4}.Debug|VisualGDB.ActiveCfg = Debug|VisualGDB
+		{C9687472-A434-43A7-9026-7914F425B9B4}.Debug|VisualGDB.Build.0 = Debug|VisualGDB
+		{C9687472-A434-43A7-9026-7914F425B9B4}.Release|VisualGDB.ActiveCfg = Release|VisualGDB
+		{C9687472-A434-43A7-9026-7914F425B9B4}.Release|VisualGDB.Build.0 = Release|VisualGDB
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {84F29237-2909-4E98-AD33-2624E2256EF8}
+	EndGlobalSection
+EndGlobal
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj
index 41509e0fd..6181d50c7 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj
@@ -53,7 +53,7 @@
   </CustomDebug>
   <DeviceTerminalSettings>
     <Connection xsi:type="com.sysprogs.terminal.connection.serial">
-      <ComPortName>COM80</ComPortName>
+      <ComPortName>COM70</ComPortName>
       <AdvancedSettings>
         <BaudRate>74880</BaudRate>
         <DataBits>8</DataBits>
@@ -110,7 +110,7 @@
     <LineEnding>LF</LineEnding>
     <TreatLFAsCRLF>false</TreatLFAsCRLF>
     <KeepOpenAfterExit>false</KeepOpenAfterExit>
-    <ShowAfterProgramming>true</ShowAfterProgramming>
+    <ShowAfterProgramming>false</ShowAfterProgramming>
   </DeviceTerminalSettings>
   <CustomShortcuts>
     <Shortcuts />
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
index f2efc2f3d..7d0988aaf 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
@@ -12,11 +12,11 @@ Open the VisualGDB Visual Studio Project file in the VisualGDB directory and cli
 
 ## ESP-IDF Commandline
 
-1. `idf.py menuconfig` to configure the program.  
+1. `idf.py menuconfig` to configure the program.
     1-1. Example Configuration ->
 
-    TEST_ARG : argument that you want to use. Default is "-lng 0"  
-    The list of argument can be find in help.
+    There are no parametric arguments. See [wolfcrypt/test](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test).
+    All features enabled in the `user_settings.h` will be tested.
 
 When you want to run the test program
 
@@ -46,9 +46,9 @@ idf.py build flash -p /dev/ttyS20 -b 115200 monitor
 
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 Compiled and flashed with `idf.py build  flash -p /dev/ttyS7 -b 115200 monitor`:
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk
index e19e22a53..0adf45649 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk
@@ -1,8 +1,8 @@
 #
 # Main component makefile.
 #
-# This Makefile can be left empty. By default, it will take the sources in the 
-# src/ directory, compile them and link them into lib(subdirectory_name).a 
+# This Makefile can be left empty. By default, it will take the sources in the
+# src/ directory, compile them and link them into lib(subdirectory_name).a
 # in the build directory. This behaviour is entirely configurable,
 # please read the ESP-IDF documents if you need to do this.
-#
\ No newline at end of file
+#
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk
index d31083f65..44bd2b527 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk
@@ -1,3 +1,3 @@
 #
 # Main Makefile. This is basically the same as a component makefile.
-#
\ No newline at end of file
+#
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c
index ba8c82a76..1eb568bde 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,15 +24,26 @@
 #include "sdkconfig.h"
 
 /* wolfSSL */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <user_settings.h>
-#include <wolfssl/version.h>
-#ifndef WOLFSSL_ESPIDF
-#warning "problem with wolfSSL user settings. Check components/wolfssl/include"
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#ifdef WOLFSSL_USER_SETTINGS
+    /* Unlike other examples with wolfSSL as a local component, this */
+    /* example tests wolSSL *in* the ESP-IDF. If you get an error:   */
+    /*    wolfssl/wolfcrypt/settings.h: No such file or directory    */
+    /* Then wolfSSL is missing from the ESP-IDF components           */
+    #include <wolfssl/wolfcrypt/settings.h>
+    #ifndef WOLFSSL_ESPIDF
+        #warning "Problem with wolfSSL user_settings."
+        #warning "Check components/wolfssl/include"
+    #endif
+    #include <wolfcrypt/benchmark/benchmark.h>
+    #include <wolfssl/version.h>
+    #include <wolfcrypt/test/test.h>
+#else
+    #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile: \
+CFLAGS +=-DWOLFSSL_USER_SETTINGS"
 #endif
 
-#include <wolfcrypt/test/test.h>
-
 /*
 ** the wolfssl component can be installed in either:
 **
@@ -152,8 +163,8 @@ void app_main(void)
 
 
     /* some interesting settings are target specific (ESP32, -C3, -S3, etc */
-#if defined(CONFIG_IDF_TARGET_ESP32C3)
-    /* not available for C3 at this time */
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP32C3)
+    /* TODO CPU_FREQ_MHZ not available for C2/C3 at this time */
 #elif defined(CONFIG_IDF_TARGET_ESP32S3)
     ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz",
                    CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
@@ -173,7 +184,7 @@ void app_main(void)
 #if defined(NO_ESP32_CRYPT)
     ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED.");
 #else
-    #if defined(CONFIG_IDF_TARGET_ESP32C3)
+    #if defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP32C3)
         #error "ESP32_CRYPT not yet supported on ESP32-C3"
     #elif defined(CONFIG_IDF_TARGET_ESP32S2)
         #error "ESP32_CRYPT not yet supported on ESP32-S2"
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex
index a1a18d981..7cac2f131 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c
index 70a6cb816..abd778c25 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c
@@ -1,6 +1,6 @@
 /* time_helper.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -94,7 +94,7 @@ int set_time(void)
     if (NTP_SERVER_COUNT) {
         /* next, let's setup NTP time servers
          *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         * see Espressif api-reference/system/system_time
          */
         sntp_setoperatingmode(SNTP_OPMODE_POLL);
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h
index e0bee14e5..0ca254c4a 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h
@@ -1,6 +1,6 @@
 #ifndef _TIME_HELPER_H
 /*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
index a0ec798a2..151bc3ce9 100644
--- a/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/Espressif/ESP-IDF/libs/README.md b/IDE/Espressif/ESP-IDF/libs/README.md
index 703baf1ea..d5dc4c993 100644
--- a/IDE/Espressif/ESP-IDF/libs/README.md
+++ b/IDE/Espressif/ESP-IDF/libs/README.md
@@ -4,4 +4,4 @@ Files in IDE\Espressif\ESP-IDF\libs:
 
 `component.mk` used in ESP-IDF `wolfssl` component directory
 
-`tigard.cfg` Tigard JTAG config file 
\ No newline at end of file
+`tigard.cfg` Tigard JTAG config file
diff --git a/IDE/Espressif/ESP-IDF/libs/component.mk b/IDE/Espressif/ESP-IDF/libs/component.mk
index 047bb83ea..568b293b2 100644
--- a/IDE/Espressif/ESP-IDF/libs/component.mk
+++ b/IDE/Espressif/ESP-IDF/libs/component.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -17,6 +17,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 #/
+#/
 #
 #
 # Component Makefile
diff --git a/IDE/Espressif/ESP-IDF/setup.sh b/IDE/Espressif/ESP-IDF/setup.sh
index 7a68ae4d9..495b62921 100755
--- a/IDE/Espressif/ESP-IDF/setup.sh
+++ b/IDE/Espressif/ESP-IDF/setup.sh
@@ -159,4 +159,3 @@ if [ "${WOLFSSL_SETUP_VERBOSE}" == "true" ]; then
   echo "Copy complete!"
 fi
 
-exit 1
diff --git a/IDE/Espressif/ESP-IDF/test/README.md b/IDE/Espressif/ESP-IDF/test/README.md
index e832b5c50..e499c970e 100644
--- a/IDE/Espressif/ESP-IDF/test/README.md
+++ b/IDE/Espressif/ESP-IDF/test/README.md
@@ -2,9 +2,9 @@
 
 The test contains of wolfSSL unit-test app on Unity.
 
-When you want to run the app  
-1. Go to /esp-idf/tools/unit-test-app/ folder  
-2. `idf.py menuconfig` to configure unit test app.  
-3. `idf.py -T wolfssl build` to build wolfssl unit test app.  
+When you want to run the app
+1. Go to /esp-idf/tools/unit-test-app/ folder
+2. `idf.py menuconfig` to configure unit test app.
+3. `idf.py -T wolfssl build` to build wolfssl unit test app.
 
-See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app.
+See Espressif for more information about unit test app.
diff --git a/IDE/Espressif/ESP-IDF/user_settings.h b/IDE/Espressif/ESP-IDF/user_settings.h
index 828aab9ff..e48149ee5 100644
--- a/IDE/Espressif/ESP-IDF/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -331,7 +331,7 @@
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 #else
-    /* Anything else encountered, disable HW accleration */
+    /* Anything else encountered, disable HW acceleration */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
@@ -359,7 +359,7 @@
 
 /* #define HASH_SIZE_LIMIT */ /* for test.c */
 
-/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
+/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
 
 /* Optionally include alternate HW test library: alt_hw_test.h */
 /* When enabling, the ./components/wolfssl/CMakeLists.txt file
diff --git a/IDE/Espressif/README.md b/IDE/Espressif/README.md
index 5bb1622f3..530c1012c 100644
--- a/IDE/Espressif/README.md
+++ b/IDE/Espressif/README.md
@@ -28,18 +28,16 @@ resource.
 ## Requirements
 
 The wolfSSL Espressif code requires the ESP-IDF to be installed for
-[Windows](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/windows-setup.html)
-or [Linux / MacOS](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/linux-macos-setup.html).
+Windows or Linux / MacOS.
 
-See the [Espressif Getting Started Guide](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/).
+See the Espressif Getting Started Guide.
 
-Any editor can be used. See also the [Espressif Third-Party Tools](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/resources.html)
-for a list of feature-rich Integrated Development Environments.
+Any editor can be used.
 The [wolfSSL examples](./ESP-IDF/examples/README.md) all include a `./VisualGDB` directory with SoC-specific configurations
 to help get started quickly.
 
-Although not required, a [JTAG Adapter](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/jtag-debugging/index.html)
-can be helpful for development. When not using a built-in JTAG from Espressif, the examples typically
+Although not required, a JTAG Adapter can be helpful for development.
+When not using a built-in JTAG from Espressif, the examples typically
 use the open source [Tigard board](https://github.com/tigard-tools/tigard#readme).
 
 ## Examples:
@@ -52,7 +50,7 @@ There are a variety of examples to help get started:
 
 The wolfSSL library can be installed as a managed component:
 
-* [Espressif Managed Component Registry](https://components.espressif.com/components/wolfssl/wolfssl)
+* [Espressif Managed Component Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/)
 
 ## Notes:
 
@@ -145,7 +143,6 @@ the reset-program hardware properly, causing devices to not be programmed with t
 Connecting......................................
 
 A fatal error occurred: Failed to connect to ESP32: Wrong boot mode detected (0x13)! The chip needs to be in download mode.
-For troubleshooting steps visit: https://docs.espressif.com/projects/esptool/en/latest/troubleshooting.html
 CMake Error at run_serial_tool.cmake:56 (message):
   /home/gojimmypi/.espressif/python_env/idf4.4_py3.8_env/bin/python
   /mnt/c/SysGCC/esp32/esp-idf/v4.4.2/components/esptool_py/esptool/esptool.py
@@ -188,7 +185,7 @@ Task watchdog got triggered.
 Guru Meditation Error: Core  0 panic'ed (unknown). Exception was unhandled.
 ```
 
-The watchdog needs to be [fed](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-reference/system/wdts.html?highlight=watchdog#_CPPv418esp_task_wdt_resetv) on a regular basis
+The watchdog needs to be fed on a regular basis
 with `void esp_task_wdt_reset(void)` from `esp8266/include/esp_task_wdt.h`.
 
 Try turning off the WDT in menuconfig, or for Makefiles:
@@ -199,4 +196,4 @@ EXTRA_CFLAGS += -DNO_WATCHDOG
 
 #### Other Solutions
 
-See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf)
+See also Espressif `esp-faq-en-master.pdf`
diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am
index 7fa388736..3d356b767 100644
--- a/IDE/Espressif/include.am
+++ b/IDE/Espressif/include.am
@@ -22,42 +22,53 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/user_settings.h
 # Template
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/main.c
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/main.c
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
 
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj
 
 # Benchmark
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v4.4_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32C3.sln
@@ -70,17 +81,18 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_
 # TLS Client
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk
@@ -93,6 +105,10 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-t
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md
 
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj
@@ -103,18 +119,15 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_cli
 
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include
@@ -127,8 +140,17 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266
 
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/wolfssl_server_ESP8266.vgdbproj
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.sln
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.vgdbproj
 
@@ -137,24 +159,28 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
 
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl
-EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
+
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB
 
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.sln
@@ -172,7 +198,7 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/tigard.cfg
 
-# Other test
+# Other test for wolfSSL installed in the ESP-IDF
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/CMakeLists.txt
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/component.mk
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/README.md
diff --git a/IDE/GCC-ARM/Header/user_settings.h b/IDE/GCC-ARM/Header/user_settings.h
index 40986b08b..9455d1833 100644
--- a/IDE/GCC-ARM/Header/user_settings.h
+++ b/IDE/GCC-ARM/Header/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/GCC-ARM/README.md b/IDE/GCC-ARM/README.md
index 2aa29d969..40b2bdfd1 100644
--- a/IDE/GCC-ARM/README.md
+++ b/IDE/GCC-ARM/README.md
@@ -118,7 +118,7 @@ These settings are located in `Header/user_settings.h`.
 * `USE_SLOW_SHA`: Enables smaller/slower version of SHA.
 * `USE_SLOW_SHA256`: About 2k smaller and about 25% slower
 * `USE_SLOW_SHA512`: Over twice as small, but 50% slower
-* `USE_CERT_BUFFERS_1024` or `USE_CERT_BUFFERS_2048`: Size of RSA certs / keys to test with. 
+* `USE_CERT_BUFFERS_1024` or `USE_CERT_BUFFERS_2048`: Size of RSA certs / keys to test with.
 * `BENCH_EMBEDDED`: Define this if using the wolfCrypt test/benchmark and using a low memory target.
 * `ECC_USER_CURVES`: Allows user to define curve sizes to enable. Default is 256-bit on. To enable others use `HAVE_ECC192`, `HAVE_ECC224`, etc....
 * `TFM_ARM`, `TFM_SSE2`, `TFM_AVR32`, `TFM_PPC32`, `TFM_MIPS`, `TFM_X86` or `TFM_X86_64`: These are assembly optimizations available with USE_FAST_MATH.
diff --git a/IDE/GCC-ARM/Source/armtarget.c b/IDE/GCC-ARM/Source/armtarget.c
index 8b62a6b75..16f8e524c 100644
--- a/IDE/GCC-ARM/Source/armtarget.c
+++ b/IDE/GCC-ARM/Source/armtarget.c
@@ -1,6 +1,6 @@
 /* armtarget.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/GCC-ARM/Source/benchmark_main.c b/IDE/GCC-ARM/Source/benchmark_main.c
index 1151bbc32..c89132804 100644
--- a/IDE/GCC-ARM/Source/benchmark_main.c
+++ b/IDE/GCC-ARM/Source/benchmark_main.c
@@ -1,6 +1,6 @@
 /* benchmark_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -39,16 +39,16 @@ int main(void)
 {
     int ret;
 #ifndef NO_CRYPT_BENCHMARK
-	wolfCrypt_Init();
+    wolfCrypt_Init();
 
-	printf("\nBenchmark Test\n");
-	benchmark_test(&args);
+    printf("\nBenchmark Test\n");
+    benchmark_test(&args);
     ret = args.return_code;
-	printf("Benchmark Test: Return code %d\n", ret);
+    printf("Benchmark Test: Return code %d\n", ret);
 
-	wolfCrypt_Cleanup();
+    wolfCrypt_Cleanup();
 #else
     ret = NOT_COMPILED_IN;
 #endif
-	return ret;
+    return ret;
 }
diff --git a/IDE/GCC-ARM/Source/test_main.c b/IDE/GCC-ARM/Source/test_main.c
index c63246368..6b4a0e77b 100644
--- a/IDE/GCC-ARM/Source/test_main.c
+++ b/IDE/GCC-ARM/Source/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,16 +40,16 @@ int main(void)
 {
     int ret;
 #ifndef NO_CRYPT_TEST
-	wolfCrypt_Init();
+    wolfCrypt_Init();
 
-	printf("\nCrypt Test\n");
-	wolfcrypt_test(&args);
+    printf("\nCrypt Test\n");
+    wolfcrypt_test(&args);
     ret = args.return_code;
-	printf("Crypt Test: Return code %d\n", ret);
+    printf("Crypt Test: Return code %d\n", ret);
 
-	wolfCrypt_Cleanup();
+    wolfCrypt_Cleanup();
 #else
     ret = NOT_COMPILED_IN;
 #endif
-	return ret;
+    return ret;
 }
diff --git a/IDE/GCC-ARM/Source/tls_client.c b/IDE/GCC-ARM/Source/tls_client.c
index 927b854d3..cfaf7d013 100644
--- a/IDE/GCC-ARM/Source/tls_client.c
+++ b/IDE/GCC-ARM/Source/tls_client.c
@@ -1,6 +1,6 @@
 /* tls_client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/GCC-ARM/Source/tls_server.c b/IDE/GCC-ARM/Source/tls_server.c
index 1a19b4e53..df438c87c 100644
--- a/IDE/GCC-ARM/Source/tls_server.c
+++ b/IDE/GCC-ARM/Source/tls_server.c
@@ -1,6 +1,6 @@
 /* tls_server.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/GCC-ARM/Source/wolf_main.c b/IDE/GCC-ARM/Source/wolf_main.c
index 0956773b6..ab862fca8 100644
--- a/IDE/GCC-ARM/Source/wolf_main.c
+++ b/IDE/GCC-ARM/Source/wolf_main.c
@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Gaisler-BCC/README.md b/IDE/Gaisler-BCC/README.md
new file mode 100644
index 000000000..5becddce9
--- /dev/null
+++ b/IDE/Gaisler-BCC/README.md
@@ -0,0 +1,65 @@
+# Gaisler BCC
+
+This document outlines how to compile for the Gaisler LEON range of Sparc CPUs
+using the BCC2 toolkit. The steps here should also work for the original BCC.
+
+## Compiler
+
+In the examples in this document, a Linux computer is used as a cross compiler
+and the compilers have been extracted to `/opt`. You can install them elsewhere,
+but please adjust commands accordingly.
+
+### Bare-metal
+
+To compile for bare-metal, you need to download the BCC2 binaries from
+[here](https://www.gaisler.com/index.php/downloads/compilers). You can use
+either the GCC or CLang version, but do note that you will need to set the
+CFLAG `-std=c99` to compile in CLang.
+
+### Linux
+
+For Linux, you will need the "GNU toolchains for LEON and NOEL" from
+[this link](https://www.gaisler.com/index.php/downloads/linux).
+
+## Compiling
+
+### Bare metal
+
+Copy the file `examples/config/user_settings_template.h` to `user_settings.h` in
+the root of the source code. Then edit this to add the following:
+
+```c
+#define WOLFSSL_GAISLER_BCC
+#define WOLFSSL_GENSEED_FORTEST
+```
+
+The first `#define` is only required to compile the wolfCrypt benchmark.
+
+**Note:** that most Gaisler LEON processors do not have a good source of
+entropy for the RNG. It is recommended an external entropy source is used when
+developing for production.
+
+You can then compile with the following. Change `leon5` to the LEON CPU version
+used:
+
+```sh
+export CC=/opt/sparc-bcc-2.3.1-gcc/bin/sparc-gaisler-elf-gcc
+export CXX=/opt/sparc-bcc-2.3.1-gcc/bin/sparc-gaisler-elf-g++
+export CFLAGS="-mcpu=leon5"
+
+./configure --host=sparc --enable-usersettings --disable-examples --enable-static
+make
+```
+
+### Linux
+
+To compile for Linux on the LEON use the following commands:
+
+```sh
+export CC=/opt/sparc-gaisler-linux5.10/bin/sparc-gaisler-linux5.10-gcc
+export CXX=/opt/sparc-gaisler-linux5.10/bin/sparc-gaisler-linux5.10-g++
+export CFLAGS="-mcpu=leon5"
+
+./configure --host=sparc-linux
+make
+```
diff --git a/IDE/Gaisler-BCC/include.am b/IDE/Gaisler-BCC/include.am
new file mode 100644
index 000000000..3aaaa45f1
--- /dev/null
+++ b/IDE/Gaisler-BCC/include.am
@@ -0,0 +1,4 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/Gaisler-BCC/README.md
diff --git a/IDE/HEXAGON/DSP/Makefile b/IDE/HEXAGON/DSP/Makefile
index 361873ee8..036354feb 100644
--- a/IDE/HEXAGON/DSP/Makefile
+++ b/IDE/HEXAGON/DSP/Makefile
@@ -1,6 +1,6 @@
 # Makefile
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/HEXAGON/Makefile b/IDE/HEXAGON/Makefile
index cf7252c86..eb573b575 100644
--- a/IDE/HEXAGON/Makefile
+++ b/IDE/HEXAGON/Makefile
@@ -1,6 +1,6 @@
 # Makefile
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/HEXAGON/README.md b/IDE/HEXAGON/README.md
index 8ac7913db..4cf6ffe17 100644
--- a/IDE/HEXAGON/README.md
+++ b/IDE/HEXAGON/README.md
@@ -71,5 +71,5 @@ benchmarking using threads on aDSP
 20000 verifies on 4 threads took 23.261446 seconds
 
 benchmarking 1 thread on cDSP
-5000 verifies on 1 threads took 18.560995 seconds 
+5000 verifies on 1 threads took 18.560995 seconds
 
diff --git a/IDE/HEXAGON/ecc-verify-benchmark.c b/IDE/HEXAGON/ecc-verify-benchmark.c
index d000925a5..a2822ba59 100644
--- a/IDE/HEXAGON/ecc-verify-benchmark.c
+++ b/IDE/HEXAGON/ecc-verify-benchmark.c
@@ -1,6 +1,6 @@
 /* ecc-verify-benchmark.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,14 +32,14 @@
 #define MAX_TIMES 5000
 #define MAX_BLOCK_SIZE 1024
 
-#include <sys/time.h>                                                       
+#include <sys/time.h>
 
-static double get_time()                                              
-{                                                                           
-    struct timeval tv;                                                      
-    gettimeofday(&tv, 0);                                                   
-    return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;                
-} 
+static double get_time()
+{
+    struct timeval tv;
+    gettimeofday(&tv, 0);
+    return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
+}
 
 
 /* software version */
diff --git a/IDE/HEXAGON/ecc-verify.c b/IDE/HEXAGON/ecc-verify.c
index 1e2d9510f..a626ad008 100644
--- a/IDE/HEXAGON/ecc-verify.c
+++ b/IDE/HEXAGON/ecc-verify.c
@@ -1,6 +1,6 @@
 /* ecc-verify.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
index 76d4470c7..c1291c870 100644
--- a/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
+++ b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
@@ -1,6 +1,6 @@
 /* benchmark-main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/Projects/benchmark/current_time.c b/IDE/IAR-EWARM/Projects/benchmark/current_time.c
index cf0f57ac6..89f576272 100644
--- a/IDE/IAR-EWARM/Projects/benchmark/current_time.c
+++ b/IDE/IAR-EWARM/Projects/benchmark/current_time.c
@@ -1,6 +1,6 @@
 /* current-time.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp b/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp
index 43d316fb9..18aa7462f 100644
--- a/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp
+++ b/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp
@@ -937,7 +937,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/Projects/common/minimum-startup.c b/IDE/IAR-EWARM/Projects/common/minimum-startup.c
index 4463b158d..fb7805c09 100644
--- a/IDE/IAR-EWARM/Projects/common/minimum-startup.c
+++ b/IDE/IAR-EWARM/Projects/common/minimum-startup.c
@@ -1,6 +1,6 @@
 /* minimum-startup.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
index e3e4d7836..685c9f6fd 100644
--- a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
+++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
@@ -1593,7 +1593,7 @@
         </option>
         <option>
           <name>IlinkOutputFile</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
         <option>
           <name>IlinkDebugInfoEnable</name>
@@ -1879,7 +1879,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/Projects/test/test-main.c b/IDE/IAR-EWARM/Projects/test/test-main.c
index 13d1308d5..880081c8e 100644
--- a/IDE/IAR-EWARM/Projects/test/test-main.c
+++ b/IDE/IAR-EWARM/Projects/test/test-main.c
@@ -1,6 +1,6 @@
 /* test-main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
index ca0a95067..e48aba5f0 100644
--- a/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
+++ b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
@@ -937,7 +937,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp
index 979e36637..b927b650c 100644
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/wolfcrypt_benchmark.ewp
@@ -958,7 +958,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
@@ -1627,7 +1627,7 @@
         </option>
         <option>
           <name>IlinkOutputFile</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
         <option>
           <name>IlinkDebugInfoEnable</name>
@@ -1917,7 +1917,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp
index 1f00a1fb3..bb7170c66 100644
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp
@@ -1624,7 +1624,7 @@
         </option>
         <option>
           <name>IlinkOutputFile</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
         <option>
           <name>IlinkDebugInfoEnable</name>
@@ -1914,7 +1914,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c
index 36937deef..07fd6c5bc 100644
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/Application/runWolfcryptTests.c
@@ -26,4 +26,4 @@ int main(void) {
   OS_CREATETASK(&WLFTASK, "Tests task", wolfTask, 100, WLFSTACK);
   OS_Start();                      /* Start the OS */
   return 0;
-}
\ No newline at end of file
+}
diff --git a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp
index 9ed45e93a..f871fcef9 100644
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/wolfcrypt_test.ewp
@@ -958,7 +958,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
@@ -1627,7 +1627,7 @@
         </option>
         <option>
           <name>IlinkOutputFile</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
         <option>
           <name>IlinkDebugInfoEnable</name>
@@ -1917,7 +1917,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
+          <state>###Uninitialized###</state>
         </option>
       </data>
     </settings>
diff --git a/IDE/IAR-MSP430/main.c b/IDE/IAR-MSP430/main.c
index c99cb0075..3b8e37f3e 100644
--- a/IDE/IAR-MSP430/main.c
+++ b/IDE/IAR-MSP430/main.c
@@ -1,6 +1,6 @@
 /* MSP430 example main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/IAR-MSP430/user_settings.h b/IDE/IAR-MSP430/user_settings.h
index fc8f6ba62..b4c79fcc3 100644
--- a/IDE/IAR-MSP430/user_settings.h
+++ b/IDE/IAR-MSP430/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/INTIME-RTOS/libwolfssl.c b/IDE/INTIME-RTOS/libwolfssl.c
index 94d39bb24..b92658eaf 100644
--- a/IDE/INTIME-RTOS/libwolfssl.c
+++ b/IDE/INTIME-RTOS/libwolfssl.c
@@ -4,7 +4,7 @@
 #include <rt.h>
 
 BOOLEAN __stdcall RslMain( RTHANDLE hModule,
-                        DWORD  ul_reason_for_call,  
+                        DWORD  ul_reason_for_call,
                         LPVOID lpReserved
                        )
 {
diff --git a/IDE/Infineon/user_settings.h b/IDE/Infineon/user_settings.h
index 62f89b7c0..1b189bc6d 100644
--- a/IDE/Infineon/user_settings.h
+++ b/IDE/Infineon/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/LINUX-SGX/sgx_t_static.mk b/IDE/LINUX-SGX/sgx_t_static.mk
index ebb718cf7..1941bae02 100644
--- a/IDE/LINUX-SGX/sgx_t_static.mk
+++ b/IDE/LINUX-SGX/sgx_t_static.mk
@@ -115,7 +115,7 @@ ifeq ($(HAVE_WOLFSSL_SP), 1)
 endif
 
 
-Flags_Just_For_C := -Wno-implicit-function-declaration -std=c11
+Flags_Just_For_C := -Wno-implicit-function-declaration -std=c99
 Common_C_Cpp_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Wolfssl_Include_Paths) -fno-builtin-printf -I.
 Wolfssl_C_Flags := $(Flags_Just_For_C) $(Common_C_Cpp_Flags) $(Wolfssl_C_Extra_Flags)
 
diff --git a/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c b/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c
index 1bd3c8ecd..5ee4ce079 100644
--- a/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c
+++ b/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c
@@ -1,6 +1,6 @@
 /* lpc_18xx_port.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c b/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c
index f5ffe3fe6..64c58bf91 100644
--- a/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c
+++ b/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c
@@ -1,6 +1,6 @@
 /* lpc_18xx_startup.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/M68K/benchmark/main.cpp b/IDE/M68K/benchmark/main.cpp
index 263b9289a..fe374b7e1 100644
--- a/IDE/M68K/benchmark/main.cpp
+++ b/IDE/M68K/benchmark/main.cpp
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/M68K/testwolfcrypt/main.cpp b/IDE/M68K/testwolfcrypt/main.cpp
index 3df8ebd37..6e9a1b355 100644
--- a/IDE/M68K/testwolfcrypt/main.cpp
+++ b/IDE/M68K/testwolfcrypt/main.cpp
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.cproject b/IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.cproject
index 0a346c114..ab827e198 100644
--- a/IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.cproject
+++ b/IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.cproject
@@ -241,7 +241,7 @@
 						<entry flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="drivers"/>
 						<entry excluding="freertos_kernel/portable/MemMang/heap_1.c|freertos_kernel/portable/MemMang/heap_2.c|freertos_kernel/portable/MemMang/heap_3.c|freertos_kernel/portable/MemMang/heap_5.c" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="freertos"/>
 						<entry excluding="src/netif/ppp/polarssl/arc4.c|src/netif/ppp/polarssl/des.c|src/netif/ppp/polarssl/md4.c|src/netif/ppp/polarssl/md5.c|src/netif/ppp/polarssl/sha1.c" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="lwip"/>
-						<entry excluding="wolfcrypt/src/misc.c|src/x509.c|src/x509_str.c|wolfcrypt/src/evp.c|src/conf.c|src/pk.c|src/bio.c|wolfcrypt/src/wc_kyber_asm.S|wolfcrypt/src/sp_x86_64_asm.S|wolfcrypt/src/sp_x86_64_asm.asm|wolfcrypt/src/sha512_asm.S|wolfcrypt/src/sha3_asm.S|wolfcrypt/src/sha256_asm.S|wolfcrypt/src/poly1305_asm.S|wolfcrypt/src/fe_x25519_asm.S|wolfcrypt/src/port|wolfcrypt/src/chacha_asm.S|wolfcrypt/src/aes_gcm_x86_asm.S|wolfcrypt/src/aes_gcm_asm.S|wolfcrypt/src/aes_asm.S|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto|wolfcrypt/test|wolfcrypt/benchmark" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="source"/>
+						<entry excluding="wolfcrypt/src/misc.c|src/x509.c|src/x509_str.c|wolfcrypt/src/evp.c|src/conf.c|src/pk.c|src/bio.c|wolfcrypt/src/wc_mlkem_asm.S|wolfcrypt/src/sp_x86_64_asm.S|wolfcrypt/src/sp_x86_64_asm.asm|wolfcrypt/src/sha512_asm.S|wolfcrypt/src/sha3_asm.S|wolfcrypt/src/sha256_asm.S|wolfcrypt/src/poly1305_asm.S|wolfcrypt/src/fe_x25519_asm.S|wolfcrypt/src/port|wolfcrypt/src/chacha_asm.S|wolfcrypt/src/aes_gcm_x86_asm.S|wolfcrypt/src/aes_gcm_asm.S|wolfcrypt/src/aes_asm.S|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto|wolfcrypt/test|wolfcrypt/benchmark" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="source"/>
 						<entry flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="source/wolfcrypt/src/port/caam"/>
 						<entry flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="startup"/>
 						<entry flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="utilities"/>
@@ -489,7 +489,7 @@
 						<entry flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="drivers"/>
 						<entry excluding="freertos_kernel/portable/MemMang/heap_1.c|freertos_kernel/portable/MemMang/heap_2.c|freertos_kernel/portable/MemMang/heap_3.c|freertos_kernel/portable/MemMang/heap_5.c" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="freertos"/>
 						<entry excluding="src/netif/ppp/polarssl/arc4.c|src/netif/ppp/polarssl/des.c|src/netif/ppp/polarssl/md4.c|src/netif/ppp/polarssl/md5.c|src/netif/ppp/polarssl/sha1.c" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="lwip"/>
-						<entry excluding="wolfcrypt/src/misc.c|src/x509.c|src/x509_str.c|wolfcrypt/src/evp.c|src/conf.c|src/pk.c|src/bio.c|wolfcrypt/src/wc_kyber_asm.S|wolfcrypt/src/sp_x86_64_asm.S|wolfcrypt/src/sp_x86_64_asm.asm|wolfcrypt/src/sha512_asm.S|wolfcrypt/src/sha3_asm.S|wolfcrypt/src/sha256_asm.S|wolfcrypt/src/poly1305_asm.S|wolfcrypt/src/fe_x25519_asm.S|wolfcrypt/src/port|wolfcrypt/src/chacha_asm.S|wolfcrypt/src/aes_gcm_x86_asm.S|wolfcrypt/src/aes_gcm_asm.S|wolfcrypt/src/aes_asm.S|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto|wolfcrypt/test|wolfcrypt/benchmark" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="source"/>
+						<entry excluding="wolfcrypt/src/misc.c|src/x509.c|src/x509_str.c|wolfcrypt/src/evp.c|src/conf.c|src/pk.c|src/bio.c|wolfcrypt/src/wc_mlkem_asm.S|wolfcrypt/src/sp_x86_64_asm.S|wolfcrypt/src/sp_x86_64_asm.asm|wolfcrypt/src/sha512_asm.S|wolfcrypt/src/sha3_asm.S|wolfcrypt/src/sha256_asm.S|wolfcrypt/src/poly1305_asm.S|wolfcrypt/src/fe_x25519_asm.S|wolfcrypt/src/port|wolfcrypt/src/chacha_asm.S|wolfcrypt/src/aes_gcm_x86_asm.S|wolfcrypt/src/aes_gcm_asm.S|wolfcrypt/src/aes_asm.S|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto|wolfcrypt/test|wolfcrypt/benchmark" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="source"/>
 						<entry flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="source/wolfcrypt/src/port/caam"/>
 						<entry flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="startup"/>
 						<entry flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="utilities"/>
@@ -565,4 +565,4 @@
 	</storageModule>
 	<storageModule moduleId="org.eclipse.cdt.make.core.buildtargets"/>
 	<storageModule moduleId="refreshScope"/>
-</cproject>
\ No newline at end of file
+</cproject>
diff --git a/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c b/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c
index bf092fce9..81e6f89cd 100644
--- a/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c
+++ b/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c
@@ -1,6 +1,6 @@
 /* run_benchmark.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MCUEXPRESSO/user_settings.h b/IDE/MCUEXPRESSO/user_settings.h
index d9fd0766c..059b5bb0f 100644
--- a/IDE/MCUEXPRESSO/user_settings.h
+++ b/IDE/MCUEXPRESSO/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MCUEXPRESSO/wolfcrypt_test.c b/IDE/MCUEXPRESSO/wolfcrypt_test.c
index 8d8993dda..8289a581a 100644
--- a/IDE/MCUEXPRESSO/wolfcrypt_test.c
+++ b/IDE/MCUEXPRESSO/wolfcrypt_test.c
@@ -1,6 +1,6 @@
 /* wolfcrypt_test.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c b/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c
index 04d480216..89cc99b35 100644
--- a/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c
+++ b/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c
@@ -1,6 +1,6 @@
 /* time.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
index 573247983..dadffe9dc 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
@@ -2,7 +2,7 @@
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
- 
+
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -39,7 +39,7 @@ extern int  SER_PutChar   (int ch);
 /*-----------------------------------------------------------------------------
   Write character to the Serial Port
  *----------------------------------------------------------------------------*/
-int sendchar (int c) 
+int sendchar (int c)
 {
     if (c == '\n')  {
         SER_PutChar ('\r');
@@ -52,7 +52,7 @@ int sendchar (int c)
 /*-----------------------------------------------------------------------------
   Read character from the Serial Port
  *----------------------------------------------------------------------------*/
-int getkey (void) 
+int getkey (void)
 {
     int ch = SER_GetChar();
         #if defined (HAVE_KEIL_RTX)
@@ -67,7 +67,7 @@ int getkey (void)
 
 /*--------------------------- _ttywrch ---------------------------------------*/
 
-void _ttywrch (int ch) 
+void _ttywrch (int ch)
 {
 #ifdef STDIO
     sendchar (ch);
@@ -76,28 +76,28 @@ void _ttywrch (int ch)
 
 /*--------------------------- _sys_open --------------------------------------*/
 #ifndef NO_FILESYSTEM
-static int KEIL_FS_open(const char *name, int openmode) 
+static int KEIL_FS_open(const char *name, int openmode)
 {
     int i ;  int ret ;
     #define PATHSIZE 100
     char path[PATHSIZE] ; char *p ;
-    
+
     if(strlen(name) > PATHSIZE)return(-1) ;
-    
+
     for(i = 0; i<= strlen(name); i++) {
         if(name[i] == '/')path[i] = '\\' ;
         else              path[i] = name[i] ;
-    }       
+    }
     if(path[0] == '.' && path[1] == '\\') p = path + 2 ;
     else                                  p = path ;
 
     ret = __sys_open (p, openmode) ;
-    
+
     return(ret) ;
 }
 #endif
 
-FILEHANDLE _sys_open (const char *name, int openmode) 
+FILEHANDLE _sys_open (const char *name, int openmode)
 {
     /* Register standard Input Output devices. */
     if (strcmp(name, "STDIN") == 0) {
@@ -118,7 +118,7 @@ FILEHANDLE _sys_open (const char *name, int openmode)
 
 /*--------------------------- _sys_close -------------------------------------*/
 
-int _sys_close (FILEHANDLE fh) 
+int _sys_close (FILEHANDLE fh)
 {
     if (fh > 0x8000) {
         return (0);
@@ -132,7 +132,7 @@ int _sys_close (FILEHANDLE fh)
 
 /*--------------------------- _sys_write -------------------------------------*/
 
-int _sys_write (FILEHANDLE fh, const U8 *buf, U32 len, int mode) 
+int _sys_write (FILEHANDLE fh, const U8 *buf, U32 len, int mode)
 {
 #ifdef STDIO
     if (fh == STDOUT) {
@@ -155,7 +155,7 @@ int _sys_write (FILEHANDLE fh, const U8 *buf, U32 len, int mode)
 
 /*--------------------------- _sys_read --------------------------------------*/
 
-int _sys_read (FILEHANDLE fh, U8 *buf, U32 len, int mode) 
+int _sys_read (FILEHANDLE fh, U8 *buf, U32 len, int mode)
 {
 #ifdef STDIO
     if (fh == STDIN) {
@@ -183,7 +183,7 @@ int _sys_read (FILEHANDLE fh, U8 *buf, U32 len, int mode)
 
 /*--------------------------- _sys_istty -------------------------------------*/
 
-int _sys_istty (FILEHANDLE fh) 
+int _sys_istty (FILEHANDLE fh)
 {
     if (fh > 0x8000) {
         return (1);
@@ -193,7 +193,7 @@ int _sys_istty (FILEHANDLE fh)
 
 /*--------------------------- _sys_seek --------------------------------------*/
 
-int _sys_seek (FILEHANDLE fh, long pos) 
+int _sys_seek (FILEHANDLE fh, long pos)
 {
     if (fh > 0x8000) {
         return (-1);
@@ -207,7 +207,7 @@ int _sys_seek (FILEHANDLE fh, long pos)
 
 /*--------------------------- _sys_ensure ------------------------------------*/
 
-int _sys_ensure (FILEHANDLE fh) 
+int _sys_ensure (FILEHANDLE fh)
 {
     if (fh > 0x8000) {
         return (-1);
@@ -221,7 +221,7 @@ int _sys_ensure (FILEHANDLE fh)
 
 /*--------------------------- _sys_flen --------------------------------------*/
 
-long _sys_flen (FILEHANDLE fh) 
+long _sys_flen (FILEHANDLE fh)
 {
     if (fh > 0x8000) {
         return (0);
@@ -236,21 +236,21 @@ long _sys_flen (FILEHANDLE fh)
 
 /*--------------------------- _sys_tmpnam ------------------------------------*/
 
-int _sys_tmpnam (char *name, int sig, unsigned maxlen) 
+int _sys_tmpnam (char *name, int sig, unsigned maxlen)
 {
     return (1);
 }
 
 /*--------------------------- _sys_command_string ----------------------------*/
 
-char *_sys_command_string (char *cmd, int len) 
+char *_sys_command_string (char *cmd, int len)
 {
     return (cmd);
 }
 
 /*--------------------------- _sys_exit --------------------------------------*/
 
-void _sys_exit (int return_code) 
+void _sys_exit (int return_code)
 {
 #ifdef WOLFSSL_MDK_SHELL
     return ;
@@ -258,6 +258,6 @@ void _sys_exit (int return_code)
     /* Endless loop. */
     while (1);
 #endif
-    
+
 }
 
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
index 0f57692e2..971744933 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
@@ -1,6 +1,6 @@
 /* certs_test.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
index d06afdd1d..f63a58eb0 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
@@ -8,8 +8,8 @@ extern int sizeof_client_key_der_1024 ;
 extern const unsigned char client_cert_der_1024[] ;
 extern int sizeof_client_cert_der_1024 ;
 /* ./certs/1024/dh1024.der, 1024-bit */
-extern const unsigned char dh_key_der_1024[] ; 
-extern int sizeof_dh_key_der_1024 ; 
+extern const unsigned char dh_key_der_1024[] ;
+extern int sizeof_dh_key_der_1024 ;
 /* ./certs/1024/dsa1024.der, 1024-bit */
 extern const unsigned char dsa_key_der_1024[] ;
 extern int sizeof_dsa_key_der_1024 ;
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
index 04373c97a..8f22bfcc1 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
@@ -1,6 +1,6 @@
 /* config-BEREFOOT.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
index 85e02db34..ddd367b05 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
@@ -1,6 +1,6 @@
 /* config-FS.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
index eb93fa931..1b93a77f1 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
@@ -1,6 +1,6 @@
 /* config-RTX-TCP-FS.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
index d6fe1aa16..690b96b41 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
@@ -1,6 +1,6 @@
 /* config.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
index 84d3bc4ba..13389ed9d 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
index 1ce952e03..be95989ad 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
@@ -1,6 +1,6 @@
 /*shell.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
index f7cb61f0d..e677b7f14 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
@@ -1,6 +1,6 @@
 /* time-STM32F2.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
index f41a94813..7e64f6201 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
@@ -1,6 +1,6 @@
 /* time-dummy.c.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
index 7908dfec6..4a585ab35 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_RL.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
index b52c547fd..e4abe982d 100644
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_RL.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c b/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c
index 3a30349ca..6ef1fe747 100644
--- a/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c
+++ b/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c
@@ -1,6 +1,6 @@
 /* time-STM32F2xx.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Conf/user_settings.h b/IDE/MDK5-ARM/Conf/user_settings.h
index 089712b85..b07e02a90 100644
--- a/IDE/MDK5-ARM/Conf/user_settings.h
+++ b/IDE/MDK5-ARM/Conf/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h b/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h
index 66623a944..bf8ea3931 100644
--- a/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h
+++ b/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h
@@ -1,6 +1,6 @@
 /* wolfssl_MDK_ARM.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c
index a9b0bc0ad..9d49e0c1a 100644
--- a/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c
+++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/CryptTest/main.c b/IDE/MDK5-ARM/Projects/CryptTest/main.c
index 826a8ade2..6b0628055 100644
--- a/IDE/MDK5-ARM/Projects/CryptTest/main.c
+++ b/IDE/MDK5-ARM/Projects/CryptTest/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/EchoClient/main.c b/IDE/MDK5-ARM/Projects/EchoClient/main.c
index 0e40a7249..43538579a 100644
--- a/IDE/MDK5-ARM/Projects/EchoClient/main.c
+++ b/IDE/MDK5-ARM/Projects/EchoClient/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/EchoServer/main.c b/IDE/MDK5-ARM/Projects/EchoServer/main.c
index a99244f63..1a9b36ab9 100644
--- a/IDE/MDK5-ARM/Projects/EchoServer/main.c
+++ b/IDE/MDK5-ARM/Projects/EchoServer/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/SimpleClient/main.c b/IDE/MDK5-ARM/Projects/SimpleClient/main.c
index 686cda6b6..524cf54f5 100644
--- a/IDE/MDK5-ARM/Projects/SimpleClient/main.c
+++ b/IDE/MDK5-ARM/Projects/SimpleClient/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/SimpleServer/main.c b/IDE/MDK5-ARM/Projects/SimpleServer/main.c
index 22e6a9b05..25ade0c72 100644
--- a/IDE/MDK5-ARM/Projects/SimpleServer/main.c
+++ b/IDE/MDK5-ARM/Projects/SimpleServer/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c
index db26c5b26..a9df7682c 100644
--- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c
+++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c
index 06f39b0e8..a6dbd4239 100644
--- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c
+++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c
@@ -1,6 +1,6 @@
 /*shell.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c b/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c
index a4ce55fc6..a19d89e0a 100644
--- a/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c
+++ b/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c
@@ -1,6 +1,6 @@
 /* time-STM32F2.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MDK5-ARM/Src/ssl-dummy.c b/IDE/MDK5-ARM/Src/ssl-dummy.c
index 734b126ce..b58c71c13 100644
--- a/IDE/MDK5-ARM/Src/ssl-dummy.c
+++ b/IDE/MDK5-ARM/Src/ssl-dummy.c
@@ -1,6 +1,6 @@
 /* ssl-dummy.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MPLABX16/README.md b/IDE/MPLABX16/README.md
index a35b6dec2..440263956 100644
--- a/IDE/MPLABX16/README.md
+++ b/IDE/MPLABX16/README.md
@@ -38,7 +38,7 @@ steps below to generate that code.
 2. Set the Project path to the wolfSSL/IDE/MPLABX16 and enter your PIC device
 into the interface.
 
-3. Select MCC Clasic as the content type and click `Finish`.
+3. Select MCC Classic as the content type and click `Finish`.
 
 4. Under the Device Resources section, find the UART entry and add the UART1
 peripheral.
diff --git a/IDE/MPLABX16/main.c b/IDE/MPLABX16/main.c
index fadad81d5..ea671f31f 100644
--- a/IDE/MPLABX16/main.c
+++ b/IDE/MPLABX16/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MPLABX16/user_settings.h b/IDE/MPLABX16/user_settings.h
index d4754db89..174551e95 100644
--- a/IDE/MPLABX16/user_settings.h
+++ b/IDE/MPLABX16/user_settings.h
@@ -51,7 +51,7 @@ extern "C" {
     #undef  FP_MAX_BITS
     #define FP_MAX_BITS     2048
 #else
-    #define WOLFSSL_SP_MATH 
+    #define WOLFSSL_SP_MATH
     #define WOLFSSL_SP_SMALL
     #define WOLFSSL_SP_MATH_ALL
     #define SP_INT_BITS 256
@@ -162,7 +162,7 @@ extern "C" {
 
  /* #undef  WOLFSSL_AES_DIRECT
     #define WOLFSSL_AES_DIRECT */
-    
+
     #undef  NO_AES_CBC
     #define NO_AES_CBC
 #else
@@ -301,7 +301,7 @@ extern "C" {
 #define NO_PKCS8
 #define WOLFSSL_NO_PEM
 
-    
+
 /* ------------------------------------------------------------------------- */
 /* Enable Features */
 /* ------------------------------------------------------------------------- */
@@ -397,7 +397,7 @@ extern "C" {
 #undef  NO_PWDBASED
 #define NO_PWDBASED
 
-#undef  NO_MD5    
+#undef  NO_MD5
 #define NO_MD5
 
 #undef  NO_DES3
diff --git a/IDE/MPLABX16/wolfcrypt_test.X/Makefile b/IDE/MPLABX16/wolfcrypt_test.X/Makefile
index fca8e2ccd..3b52a8ba8 100644
--- a/IDE/MPLABX16/wolfcrypt_test.X/Makefile
+++ b/IDE/MPLABX16/wolfcrypt_test.X/Makefile
@@ -22,7 +22,7 @@
 #     clean                    remove built files from a configuration
 #     clobber                  remove all built files
 #     all                      build all configurations
-#     help                     print help mesage
+#     help                     print help message
 #  
 #  Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and
 #  .help-impl are implemented in nbproject/makefile-impl.mk.
diff --git a/IDE/MPLABX16/wolfssl.X/Makefile b/IDE/MPLABX16/wolfssl.X/Makefile
index fca8e2ccd..3b52a8ba8 100644
--- a/IDE/MPLABX16/wolfssl.X/Makefile
+++ b/IDE/MPLABX16/wolfssl.X/Makefile
@@ -22,7 +22,7 @@
 #     clean                    remove built files from a configuration
 #     clobber                  remove all built files
 #     all                      build all configurations
-#     help                     print help mesage
+#     help                     print help message
 #  
 #  Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and
 #  .help-impl are implemented in nbproject/makefile-impl.mk.
diff --git a/IDE/MQX/README-jp.md b/IDE/MQX/README-jp.md
index 093e98b6b..649e7c65d 100644
--- a/IDE/MQX/README-jp.md
+++ b/IDE/MQX/README-jp.md
@@ -26,4 +26,3 @@
   CC:       コンパイラコマンド
   AR:       ARコマンド
   WOLF_ROOT: Makefileの格納位置を変える場合はこの定義を変更してください
-  
\ No newline at end of file
diff --git a/IDE/MQX/client-tls.c b/IDE/MQX/client-tls.c
index 70ef3b4ea..5c85aeda5 100644
--- a/IDE/MQX/client-tls.c
+++ b/IDE/MQX/client-tls.c
@@ -1,6 +1,6 @@
 /* client-tls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MQX/include.am b/IDE/MQX/include.am
index 27687d33e..deb5ebc76 100644
--- a/IDE/MQX/include.am
+++ b/IDE/MQX/include.am
@@ -8,4 +8,4 @@ EXTRA_DIST+= IDE/MQX/README-jp.md
 EXTRA_DIST+= IDE/MQX/README.md
 EXTRA_DIST+= IDE/MQX/server-tls.c
 EXTRA_DIST+= IDE/MQX/user_config.h
-EXTRA_DIST+= IDE/MQX/user_settings.h
\ No newline at end of file
+EXTRA_DIST+= IDE/MQX/user_settings.h
diff --git a/IDE/MQX/server-tls.c b/IDE/MQX/server-tls.c
index ae2c7ae94..6a39adaa2 100644
--- a/IDE/MQX/server-tls.c
+++ b/IDE/MQX/server-tls.c
@@ -1,6 +1,6 @@
 /* server-tls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -193,4 +193,4 @@ int main()
     wolfSSL_Cleanup();      /* Cleanup the wolfSSL environment          */
     close(sockfd);          /* Close the socket listening for clients   */
     return 0;               /* Return reporting a success               */
-}
\ No newline at end of file
+}
diff --git a/IDE/MQX/user_config.h b/IDE/MQX/user_config.h
index d66e53235..81bbf4e49 100644
--- a/IDE/MQX/user_config.h
+++ b/IDE/MQX/user_config.h
@@ -1 +1 @@
-#define MQX_CPU                 PSP_CPU_MK60DN512Z
\ No newline at end of file
+#define MQX_CPU                 PSP_CPU_MK60DN512Z
diff --git a/IDE/MSVS-2019-AZSPHERE/client/client.c b/IDE/MSVS-2019-AZSPHERE/client/client.c
index d758a39fd..53c0789a1 100644
--- a/IDE/MSVS-2019-AZSPHERE/client/client.c
+++ b/IDE/MSVS-2019-AZSPHERE/client/client.c
@@ -1,6 +1,6 @@
-/* client.c
+/* client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/client/client.h b/IDE/MSVS-2019-AZSPHERE/client/client.h
index edef19afc..39cc01140 100644
--- a/IDE/MSVS-2019-AZSPHERE/client/client.h
+++ b/IDE/MSVS-2019-AZSPHERE/client/client.h
@@ -1,6 +1,6 @@
 /* client.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/server/server.c b/IDE/MSVS-2019-AZSPHERE/server/server.c
index dbf49efed..8e4585194 100644
--- a/IDE/MSVS-2019-AZSPHERE/server/server.c
+++ b/IDE/MSVS-2019-AZSPHERE/server/server.c
@@ -1,6 +1,6 @@
-/* server.c
+/* server.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/server/server.h b/IDE/MSVS-2019-AZSPHERE/server/server.h
index e3a53b5e3..7d032217f 100644
--- a/IDE/MSVS-2019-AZSPHERE/server/server.h
+++ b/IDE/MSVS-2019-AZSPHERE/server/server.h
@@ -1,6 +1,6 @@
 /* server.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/shared/util.h b/IDE/MSVS-2019-AZSPHERE/shared/util.h
index 0cab4bf60..25cbb83f8 100644
--- a/IDE/MSVS-2019-AZSPHERE/shared/util.h
+++ b/IDE/MSVS-2019-AZSPHERE/shared/util.h
@@ -1,6 +1,6 @@
 /* util.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/user_settings.h b/IDE/MSVS-2019-AZSPHERE/user_settings.h
index ea18de895..1c9ffcf4e 100644
--- a/IDE/MSVS-2019-AZSPHERE/user_settings.h
+++ b/IDE/MSVS-2019-AZSPHERE/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h
index cb3721ec4..d2240f333 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h
@@ -1,6 +1,6 @@
-/* template_appliance.h
+/* template_appliance.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h
index 974d2d8e1..0b7391922 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h
@@ -1,4 +1,4 @@
-/ * Copyright (C) 2006-2024 wolfSSL Inc.
+/ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h
index ad9cab58b..4254f21f1 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h
@@ -1,6 +1,6 @@
-/* template_appliance.h
+/* template_appliance.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/applibs_versions.h b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/applibs_versions.h
index 2afdfcf3e..4078fb7a5 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/applibs_versions.h
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/applibs_versions.h
@@ -1,4 +1,4 @@
-#pragma once
+#pragma once
 
 /// <summary>
 /// This identifier should be defined before including any of the networking-related header files.
diff --git a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c
index acd866826..0889be1c8 100644
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c
@@ -1,6 +1,6 @@
-/* main.c
+/* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/MYSQL/CMakeLists_wolfCrypt.txt b/IDE/MYSQL/CMakeLists_wolfCrypt.txt
index ba6d98116..55c7c40b8 100644
--- a/IDE/MYSQL/CMakeLists_wolfCrypt.txt
+++ b/IDE/MYSQL/CMakeLists_wolfCrypt.txt
@@ -1,6 +1,6 @@
 # CMakeLists.txt
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/MYSQL/CMakeLists_wolfSSL.txt b/IDE/MYSQL/CMakeLists_wolfSSL.txt
index 7bfaa88c9..3599bedb8 100644
--- a/IDE/MYSQL/CMakeLists_wolfSSL.txt
+++ b/IDE/MYSQL/CMakeLists_wolfSSL.txt
@@ -1,6 +1,6 @@
 # CMakeLists.txt
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/NDS/README.md b/IDE/NDS/README.md
new file mode 100644
index 000000000..e4cba8149
--- /dev/null
+++ b/IDE/NDS/README.md
@@ -0,0 +1,116 @@
+# wolfSSL for libnds
+
+## Requirements
+
+[Devkitpro](https://devkitpro.org/wiki/Getting_Started) with libnds, nds-tool and nds-dev.
+
+
+## Building
+
+For MelonDS
+```
+$ ./configure \
+    --host=arm-none-eabi \
+    CC=$DEVKITARM/bin/arm-none-eabi-g++ \
+    AR=$DEVKITARM/bin/arm-none-eabi-ar \
+    STRIP=$DEVKITARM/bin/arm-none-eabi-strip \
+    RANLIB=$DEVKITARM/bin/arm-none-eabi-ranlib \
+    LIBS="-lfat -lnds9 -lcalico_ds9" \
+    LDFLAGS="-L$DEVKITPRO/libnds/lib \
+        -L$DEVKITPRO/calico/lib" \
+    --prefix=$DEVKITPRO/portlibs/nds \
+    CFLAGS="-march=armv5te -mtune=arm946e-s \
+        -specs=$DEVKITPRO/calico/share/ds9.specs \
+        -D__NDS__ -DARM9 -D__thumb__=0 \
+        -DWOLFSSL_MELONDS \
+        -DWOLFSSL_NDS -DWOLFSSL_USER_IO \
+        -I$DEVKITPRO/calico/include \
+        -I$DEVKITPRO/libnds/include" \
+    --enable-fastmath --disable-benchmark \
+    --disable-shared --disable-examples --disable-ecc
+$ make
+$ sudo make install
+```
+
+For Hardware
+```
+$ ./configure \
+    --host=arm-none-eabi \
+    CC=$DEVKITARM/bin/arm-none-eabi-g++ \
+    AR=$DEVKITARM/bin/arm-none-eabi-ar \
+    STRIP=$DEVKITARM/bin/arm-none-eabi-strip \
+    RANLIB=$DEVKITARM/bin/arm-none-eabi-ranlib \
+    LIBS="-lfat -lnds9 -lcalico_ds9" \
+    LDFLAGS="-L$DEVKITPRO/libnds/lib \
+        -L$DEVKITPRO/calico/lib" \
+    --prefix=$DEVKITPRO/portlibs/nds \
+    CFLAGS="-march=armv5te -mtune=arm946e-s \
+        -specs=$DEVKITPRO/calico/share/ds9.specs \
+        -D__NDS__ -DARM9 -D__thumb__=0 \
+        -DWOLFSSL_NDS -DWOLFSSL_USER_IO \
+        -I$DEVKITPRO/calico/include \
+        -I$DEVKITPRO/libnds/include" \
+    --enable-fastmath --disable-benchmark \
+    --disable-shared --disable-examples --disable-ecc
+$ make
+$ sudo make install
+```
+
+## Run the Tests
+
+To run the Crypttests type the following.
+Run `$ ndstool -9 ./wolfcrypt/test/testwolfcrypt  -c ./wolfcrypt/test/testwolfcrypt.nds`
+
+copy `./certs` to `your_nds_sd_card/_nds/certs` (Follow Virtual SD card steps below for Emulator)
+
+Run the Rom (located in ./wolfcrypt/test/testwolfcrypt.nds) in an Emulator or real Hardware.
+
+If running on MelonDS it must be using the DSi mode in order to use certs from an SD card.
+
+## Making a virtual SD card (MacOS)
+
+```
+Create Virtual SD card image
+
+$ dd if=/dev/zero of=~/my_sd_card.img bs=1M count=64
+
+Format image to FAT32
+
+$ hdiutil attach -imagekey diskimage-class=CRawDiskImage -nomount ~/my_sd_card.img
+$ diskutil eraseDisk FAT32 MYSDCARD MBRFormat /dev/diskX
+$ hdiutil detach /dev/diskX
+
+Mount to Create Folder Structure and Copy Certs
+
+$ mkdir -p /Volumes/MYSDCARD/_nds
+$ cp -r ~/wolfssl/certs /Volumes/MYSDCARD/_nds/
+
+Unmount
+
+hdiutil detach /dev/diskX
+```
+
+## Making a virtual SD card (Linux)
+
+```
+Create Virtual SD card image
+
+$ dd if=/dev/zero of=~/my_sd_card.img bs=1M count=64
+
+Format image to FAT32
+
+$ sudo losetup -fP ~/my_sd_card.img
+$ sudo losetup -l
+$ sudo mkfs.vfat -F 32 /dev/loop0
+$ sudo losetup -d /dev/loop0
+
+Mount to Create Folder Structure and Copy Certs
+
+$ sudo mount ~/my_sd_card.img /mnt
+$ sudo mkdir -p /mnt/_nds
+$ sudo cp -r ~/wolfssl/certs /mnt/_nds/
+
+Unmount
+
+hdiutil detach /dev/diskX
+```
diff --git a/IDE/NETOS/user_settings.h b/IDE/NETOS/user_settings.h
index beaae0b20..9348efedb 100644
--- a/IDE/NETOS/user_settings.h
+++ b/IDE/NETOS/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/NETOS/wolfssl_netos_custom.c b/IDE/NETOS/wolfssl_netos_custom.c
index ac634e7bb..7c66a0faa 100644
--- a/IDE/NETOS/wolfssl_netos_custom.c
+++ b/IDE/NETOS/wolfssl_netos_custom.c
@@ -1,6 +1,6 @@
 /* wolfssl_netos_custom.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/README.md b/IDE/PlatformIO/examples/wolfssl_benchmark/README.md
index c602facfe..6505ecbb5 100644
--- a/IDE/PlatformIO/examples/wolfssl_benchmark/README.md
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/README.md
@@ -9,9 +9,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 ```
@@ -59,7 +59,7 @@ I (323) cpu_start: Compile time:     May 17 2024 19:42:07
 I (329) cpu_start: ELF file SHA256:  eebe816ce...
 I (334) cpu_start: ESP-IDF:          5.2.1
 I (339) cpu_start: Min chip rev:     v0.0
-I (344) cpu_start: Max chip rev:     v3.99 
+I (344) cpu_start: Max chip rev:     v3.99
 I (349) cpu_start: Chip rev:         v1.0
 I (354) heap_init: Initializing. RAM available for dynamic allocation:
 I (361) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
@@ -83,7 +83,7 @@ W (449) esp32_util: Warning: old cmake, user_settings.h location unknown.
 I (457) esp32_util: LIBWOLFSSL_VERSION_STRING = 5.7.0
 I (463) esp32_util: LIBWOLFSSL_VERSION_HEX = 5007000
 I (468) esp32_util: Stack HWM: 9204
-I (472) esp32_util: 
+I (472) esp32_util:
 I (475) esp32_util: Macro Name                 Defined   Not Defined
 I (482) esp32_util: ------------------------- --------- -------------
 I (489) esp32_util: NO_ESPIDF_DEFAULT........                 X
@@ -115,7 +115,7 @@ I (638) esp32_util: FREERTOS.................     X
 I (643) esp32_util: NO_WOLFSSL_DIR...........     X
 I (649) esp32_util: WOLFSSL_NO_CURRDIR.......     X
 I (654) esp32_util: WOLFSSL_LWIP.............     X
-I (660) esp32_util: 
+I (660) esp32_util:
 I (663) esp32_util: Compiler Optimization: Default
 I (668) esp32_util:
 I (671) esp32_util: CONFIG_IDF_TARGET = esp32
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h b/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h
index 4eff19f85..46a35fd2c 100644
--- a/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h
@@ -1,6 +1,6 @@
 /* PlatformIO wolfssl_benchmark main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c b/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c
index 4a8f6561e..b2db89412 100644
--- a/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c
+++ b/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c
@@ -1,6 +1,6 @@
 /* PlatformIO wolfssl_benchmark main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/PlatformIO/examples/wolfssl_test/README.md b/IDE/PlatformIO/examples/wolfssl_test/README.md
index d67d76111..86058cd57 100644
--- a/IDE/PlatformIO/examples/wolfssl_test/README.md
+++ b/IDE/PlatformIO/examples/wolfssl_test/README.md
@@ -10,9 +10,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
 
 ## Example Output
 
-Note the default wolfSSL `user_settings.h` is configured by default to be the most 
+Note the default wolfSSL `user_settings.h` is configured by default to be the most
 compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
-for help in optimizing for your particular application, or see the 
+for help in optimizing for your particular application, or see the
 [docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
 
 
@@ -61,7 +61,7 @@ I (511) cpu_start: Compile time:     May 17 2024 19:31:47
 I (517) cpu_start: ELF file SHA256:  40b2541a0...
 I (523) cpu_start: ESP-IDF:          5.2.1
 I (528) cpu_start: Min chip rev:     v0.0
-I (532) cpu_start: Max chip rev:     v3.99 
+I (532) cpu_start: Max chip rev:     v3.99
 I (537) cpu_start: Chip rev:         v1.0
 I (542) heap_init: Initializing. RAM available for dynamic allocation:
 I (549) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
diff --git a/IDE/PlatformIO/examples/wolfssl_test/include/main.h b/IDE/PlatformIO/examples/wolfssl_test/include/main.h
index 182fc1fbb..52135d45e 100644
--- a/IDE/PlatformIO/examples/wolfssl_test/include/main.h
+++ b/IDE/PlatformIO/examples/wolfssl_test/include/main.h
@@ -1,6 +1,6 @@
 /* PlatformIO wolfssl_test main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/PlatformIO/examples/wolfssl_test/src/main.c b/IDE/PlatformIO/examples/wolfssl_test/src/main.c
index 41bdc7278..fbe92ba99 100644
--- a/IDE/PlatformIO/examples/wolfssl_test/src/main.c
+++ b/IDE/PlatformIO/examples/wolfssl_test/src/main.c
@@ -1,6 +1,6 @@
 /* PlatformIO wolfssl_test main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/QNX/README.md b/IDE/QNX/README.md
index fb79abf6b..4a283f158 100644
--- a/IDE/QNX/README.md
+++ b/IDE/QNX/README.md
@@ -17,7 +17,7 @@ source ~/qnx700/qnxsdp-env.sh
 make
 ```
 
-Once the wolfSSL library has been built cd to IDE/QNX/CAAM-DRIVER and run "make". This will produce the wolfCrypt resource manager. It should be started on the device with root permissions. Once wolfCrypt is running on the device with root permissions then any user with access to open a connection to /dev/wolfCrypt can make use of the driver.  
+Once the wolfSSL library has been built cd to IDE/QNX/CAAM-DRIVER and run "make". This will produce the wolfCrypt resource manager. It should be started on the device with root permissions. Once wolfCrypt is running on the device with root permissions then any user with access to open a connection to /dev/wolfCrypt can make use of the driver.
 
 ### Momentics
 To build in momentics IDE:
diff --git a/IDE/QNX/example-client/client-tls.c b/IDE/QNX/example-client/client-tls.c
index 9c9b6e4b0..a6527a8fa 100644
--- a/IDE/QNX/example-client/client-tls.c
+++ b/IDE/QNX/example-client/client-tls.c
@@ -1,6 +1,6 @@
 /* client-tls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/QNX/example-cmac/cmac-test.c b/IDE/QNX/example-cmac/cmac-test.c
index 64d5ccacd..eb7e4149e 100644
--- a/IDE/QNX/example-cmac/cmac-test.c
+++ b/IDE/QNX/example-cmac/cmac-test.c
@@ -1,6 +1,6 @@
 /* cmac-test.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -41,13 +41,13 @@ static int createTag(const byte* key, int keySz, byte* msg, int msgSz,
         byte* msg2, int msg2Sz)
 {
     Cmac cmac;
-    byte tag[AES_BLOCK_SIZE];
+    byte tag[WC_AES_BLOCK_SIZE];
     word32 i, tagSz;
     byte out[48];
     word32 outSz;
 
     XMEMSET(tag, 0, sizeof(tag));
-    tagSz = AES_BLOCK_SIZE;
+    tagSz = WC_AES_BLOCK_SIZE;
 
     outSz = 48;
     wc_caamCoverKey((byte*)key, keySz, out, &outSz, 0);
diff --git a/IDE/QNX/example-server/server-tls.c b/IDE/QNX/example-server/server-tls.c
index 1257e3b33..203a3dd5d 100644
--- a/IDE/QNX/example-server/server-tls.c
+++ b/IDE/QNX/example-server/server-tls.c
@@ -1,6 +1,6 @@
 /* server-tls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/RISCV/SIFIVE-HIFIVE1/README.md b/IDE/RISCV/SIFIVE-HIFIVE1/README.md
index 5e1183dea..5b3f3ed89 100644
--- a/IDE/RISCV/SIFIVE-HIFIVE1/README.md
+++ b/IDE/RISCV/SIFIVE-HIFIVE1/README.md
@@ -44,7 +44,7 @@ The `IDE/RISCV/SIFIVE-HIFIVE1/main.c` example application provides a function to
   $ export WOLFSSL_SRC_DIR=~/wolfssl
 ```
 
-5. Setup your riscv64 compiler 
+5. Setup your riscv64 compiler
 
 ```
   $ export RISCV_OPENOCD_PATH=/opt/riscv-openocd
@@ -64,7 +64,7 @@ You can build from source or create a static library.
   $ cd freedom-e-sdk
   $ make PROGRAM=wolfcrypt TARGET=sifive-hifive1-revb CONFIGURATION=debug clean software upload
 ```
-This example cleans, builds and uploads the software on the sifive-hifive1-revb target but you can also combine and build for any of the supported targets. 
+This example cleans, builds and uploads the software on the sifive-hifive1-revb target but you can also combine and build for any of the supported targets.
 
 Review the test results on the target console.
 
diff --git a/IDE/RISCV/SIFIVE-HIFIVE1/main.c b/IDE/RISCV/SIFIVE-HIFIVE1/main.c
index 3431232af..d9abefdc4 100644
--- a/IDE/RISCV/SIFIVE-HIFIVE1/main.c
+++ b/IDE/RISCV/SIFIVE-HIFIVE1/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,7 +35,7 @@
 
 #ifndef NO_CRYPT_BENCHMARK
 
-/*-specs=nano.specs doesn’t include support for floating point in printf()*/
+/*-specs=nano.specs doesn't include support for floating point in printf()*/
 asm (".global _printf_float");
 
 #ifndef RTC_FREQ
diff --git a/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h b/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h
index 75d5f54d2..9c17a34e2 100644
--- a/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h
+++ b/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/RISCV/SIFIVE-UNLEASHED/README.md b/IDE/RISCV/SIFIVE-UNLEASHED/README.md
index 64f88ae81..c2e1c1ba6 100644
--- a/IDE/RISCV/SIFIVE-UNLEASHED/README.md
+++ b/IDE/RISCV/SIFIVE-UNLEASHED/README.md
@@ -6,7 +6,7 @@ Instructions for cross-compiling and running wolfSSL on the HiFive Unleashed boa
 
 SiFive Freedom U540 SoC at 1.5GHz
 
-Getting started guide: 
+Getting started guide:
 https://sifive.cdn.prismic.io/sifive%2Ffa3a584a-a02f-4fda-b758-a2def05f49f9_hifive-unleashed-getting-started-guide-v1p1.pdf
 
 Make sure your ethernet is attached and power up board. You can connecct the micro-usb to get a UART console that will display the DHCP IP address. Default user is "root" and login password is "sifive".
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/README.md b/IDE/ROWLEY-CROSSWORKS-ARM/README.md
index beb941645..fc305b631 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/README.md
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/README.md
@@ -4,11 +4,11 @@ This directory contains a CrossWorks solution named wolfssl.hzp.
 
 Inside are three projects:
 
-1. libwolfssl: 
+1. libwolfssl:
 This generates a library file named "libwolfssl_ARM_Debug/libwolfssl_v7em_t_le_eabi.a"
-2. benchmark: 
+2. benchmark:
 This is a sample benchmark application. It runs the "benchmark_test" suite repeatedly until a failure occurs.
-3. test: 
+3. test:
 This is a sample test application. It runs "wolfcrypt_test" suite suite repeatedly until a failure occurs.
 
 # Prerequisites
@@ -21,7 +21,7 @@ All hardware functions are defined in `kinetis_hw.c` and are currently setup for
 
 To create support for a new ARM microcontroller the functions in `hw.h` will need to be implemented.
 
-Also you will need to configure the ARM Architecture and ARM Core Type in the "Solution Properties" -> "ARM". 
+Also you will need to configure the ARM Architecture and ARM Core Type in the "Solution Properties" -> "ARM".
 Also the "Target Processor" in each of the projects ("Project Properties" -> "Target Processor")
 
 ## Hardware Crypto Acceleration
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c b/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c
index 085fa4109..c8ac4d21b 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c
@@ -1,6 +1,6 @@
 /* arm_startup.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c b/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c
index 94f55bfb5..333e73df6 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c
@@ -1,6 +1,6 @@
 /* benchmark_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c b/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
index ffe76bf1b..27c9e0abb 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
@@ -1,6 +1,6 @@
 /* kinetis_hw.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c b/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c
index 752ec6e66..e4f04784d 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c
@@ -1,6 +1,6 @@
 /* retarget.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c b/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c
index 062c0982b..1a3d117e4 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/README b/IDE/Renesas/cs+/Projects/README
index 38c8bc285..6f382d039 100644
--- a/IDE/Renesas/cs+/Projects/README
+++ b/IDE/Renesas/cs+/Projects/README
@@ -13,3 +13,6 @@ test:
   - set stack size in "bsp/stacksct.h"
   Build "test" wolfCrypt
 
+
+Note: It could need to initialize clock for the device. You can refer the link below
+https://www.renesas.com/ja/document/apn/rx65n-group-rx651-group-initial-settings-example-rev211?language=en&r=1054461
diff --git a/IDE/Renesas/cs+/Projects/common/strings.h b/IDE/Renesas/cs+/Projects/common/strings.h
index a66c8bbbf..7cbc78770 100644
--- a/IDE/Renesas/cs+/Projects/common/strings.h
+++ b/IDE/Renesas/cs+/Projects/common/strings.h
@@ -1,6 +1,6 @@
 /* strings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/common/unistd.h b/IDE/Renesas/cs+/Projects/common/unistd.h
index 12f937494..ec6e32ec9 100644
--- a/IDE/Renesas/cs+/Projects/common/unistd.h
+++ b/IDE/Renesas/cs+/Projects/common/unistd.h
@@ -1,6 +1,6 @@
 /* unistd.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/common/user_settings.h b/IDE/Renesas/cs+/Projects/common/user_settings.h
index b03faa768..02f0e6348 100644
--- a/IDE/Renesas/cs+/Projects/common/user_settings.h
+++ b/IDE/Renesas/cs+/Projects/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,11 +25,11 @@
 #define NO_DEV_RANDOM
 #define USE_CERT_BUFFERS_2048
 #define SIZEOF_LONG_LONG 8
-#define NO_WOLFSSL_DIR 
+#define NO_WOLFSSL_DIR
 #define WOLFSSL_NO_CURRDIR
 #define WOLFSSL_LOG_PRINTF
 #define NO_WOLFSSL_STUB
-#define NO_DYNAMIC_ARRAY       /* for compilers not allowed dynamic size array */ 
+#define NO_DYNAMIC_ARRAY      /* for compilers not allowed dynamic size array */
 #define WOLFSSL_SMALL_STACK
 #define WOLFSSL_DH_CONST
 
@@ -76,4 +76,5 @@
 
 #define NO_FILESYSTEM
 
+#define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
 
diff --git a/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c b/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c
index 3c425b357..1f367b4e0 100644
--- a/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c
+++ b/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -51,12 +51,17 @@ int strncasecmp(const char *s1, const char * s2, unsigned int sz)
             return 1;
         }
     }
-    return 0;	
+    return 0;
 }
-    
-void abort(void) 
+
+void abort(void)
 {
     while(1);
 }
 
+/* dummy return true when char is alphanumeric character */
+int isascii(const char *s)
+{
+    return isalnum(s);
+}
 
diff --git a/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt b/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt
index d03d44371..deeec5c61 100644
--- a/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt
+++ b/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt
@@ -1,71 +1,71 @@
-wolfSSL/AlphaProject�{�[�h�f���@�Z�b�g�A�b�v�K�C�h
+wolfSSL/AlphaProjectボードデモ　セットアップガイド
 
-���̃f���͈ȉ��̊‹��Ńe�X�g���Ă��܂��B
+このデモは以下の環境でテストしています。
 
   Renesas : CS+ v6.01, v8.01
   Board   : AP-RX71M-0A
   wolfSSL : 3.15.3, 4.0.0
 
-�Z�b�g�A�b�v�菇�F
+セットアップ手順：
 
-�P�D�\�t�g�E�F�A�̓���
-�@- AP�{�[�h�t���̃\�t�g�E�F�A�ꎮ��K���ȃt�H���_�[���ɉ𓀂��܂��B
-�@- �����t�H���_�[����wolfssl�ꎮ���𓀂��܂��B
+１．ソフトウェアの入手
+　- APボード付属のソフトウェア一式を適当なフォルダー下に解凍します。
+　- 同じフォルダー下にwolfssl一式を解凍します。
 
-�Q�DwolfSSL�̃Z�b�g�A�b�v
-�@- CS+�ɂ�wolfssl\IDE\Renesas\cs+\Project����wolfssl\wolfssl_lib.mtpj���J��
-�@�@wolfSSL���C�u�����[�̃r���h�����܂��B
-�@- �����t�H���_�̉���t4_demo.mtpj���J���A�f���v���O�����̃r���h�����܂��B
-�@���̃v���O���������C�u�����[�`���Ńr���h����܂��B
+２．wolfSSLのセットアップ
+　- CS+にてwolfssl¥IDE¥Renesas¥cs+¥Project下のwolfssl¥wolfssl_lib.mtpjを開き
+　　wolfSSLライブラリーのビルドをします。
+　- 同じフォルダの下のt4_demo.mtpjを開き、デモプログラムのビルドをします。
+　このプログラムもライブラリー形式でビルドされます。
 
-�R�DAlphaProject���̃Z�b�g�A�b�v
+３．AlphaProject側のセットアップ
   
-  !!** �T���v���v���O���� v2.0 ���g�p����ꍇ�́A_ether_ => _usbfunc_ **!!
-  !!** �ƒu�������Ă�������                                           **!!
+  !!** サンプルプログラム v2.0 を使用する場合は、_ether_ => _usbfunc_ **!!
+  !!** と置き換えてください                                           **!!
 
-�@�f����ap_rx71m_0a_sample_cs\Sample\ap_rx71m_0a_ether_sample_cs�t�H���_����
-�@ap_rx71m_0a_ether_sample_cs.mtpj�v���W�F�N�g�𗘗p���܂��B
-�@
-�@- ap_rx71m_0a_sample_cs\Sample\ap_rx71m_0a_ether_sample_cs\src�t�H���_����
-�@AP_RX71M_0A.c�t�@�C�����J���A
-�@�X�V�s�ڂ�echo_srv_init()�̉���wolfSSL_init()��}�����܂��B
+　デモはap_rx71m_0a_sample_cs¥Sample¥ap_rx71m_0a_ether_sample_csフォルダ下の
+　ap_rx71m_0a_ether_sample_cs.mtpjプロジェクトを利用します。
+　
+　- ap_rx71m_0a_sample_cs¥Sample¥ap_rx71m_0a_ether_sample_cs¥srcフォルダ下の
+　AP_RX71M_0A.cファイルを開き、
+　９７行目のecho_srv_init()の下にwolfSSL_init()を挿入します。
 
 ===
         sci_init();
         can_init();
         echo_srv_init();
-        wolfSSL_init(); <- ���̍s��}��
+        wolfSSL_init(); <- この行を挿入
 ===
 
-!!** �T���v���v���O���� v2.0 ���g�p����ꍇ�́A���L                   **!!
+!!** サンプルプログラム v2.0 を使用する場合は、下記                   **!!
 ===
         CanInit();
         SciInit();
         EthernetAppInit();
         UsbfInit();
-        wolfSSL_init(); <- ���̍s��}��
+        wolfSSL_init(); <- この行を挿入
 ===
 !!**********************************************************************!!
 
-�@- ap_rx71m_0a_sample_cs\Sample\ap_rx71m_0a_ether_sample_cs\src\smc_gen\r_bsp_config.h
-�@���J���A�X�^�b�N�T�C�Y�ƃq�[�v�T�C�Y���ȉ��̂悤�ɐݒ肵�܂��B
-�@
-�@120�s�� #pragma stacksize su=0x2000
-�@139�s�� #define BSP_CFG_HEAP_BYTES  (0xa000)
+　- ap_rx71m_0a_sample_cs¥Sample¥ap_rx71m_0a_ether_sample_cs¥src¥smc_gen¥r_bsp_config.h
+　を開き、スタックサイズとヒープサイズを以下のように設定します。
+　
+　120行目 #pragma stacksize su=0x2000
+　139行目 #define BSP_CFG_HEAP_BYTES  (0xa000)
 
-!!** �T���v���v���O���� v2.0 ���g�p����ꍇ�́A���L                   **!!
-�@- ap_rx71m_0a_sample_cs\Sample\ap_rx71m_0a_usbfunc_sample_cs\src\smc_gen\r_bsp_config.h
-�@���J���A�X�^�b�N�T�C�Y�ƃq�[�v�T�C�Y���ȉ��̂悤�ɐݒ肵�܂��B
-�@154�s�� #pragma stacksize su=0x2000
-�@175�s�� #define BSP_CFG_HEAP_BYTES  (0xa000)
+!!** サンプルプログラム v2.0 を使用する場合は、下記                   **!!
+　- ap_rx71m_0a_sample_cs¥Sample¥ap_rx71m_0a_usbfunc_sample_cs¥src¥smc_gen¥r_bsp_config.h
+　を開き、スタックサイズとヒープサイズを以下のように設定します。
+　154行目 #pragma stacksize su=0x2000
+　175行目 #define BSP_CFG_HEAP_BYTES  (0xa000)
 !!**********************************************************************!!
 
-�@- IP�A�h���X�̃f�t�H���g�l�͈ȉ��̂悤�ɂȂ��Ă��܂��B
-�@�K�v������΁ASample\ap_rx71m_0a_ether_sample_cs\src\r_t4_rx\src\config_tcpudp.c
-�@����139�s�ڂ���̒�`��ύX���܂��B
-�@!!** �T���v���v���O���� v2.0 ���g�p����ꍇ�́A���L                   **!!
-  Sample\ap_rx71m_0a_usbfunc_sample_cs\src\tcp_sample\src\config_tcpudp.c
-  ����166�s�ڂ���̒�`��ύX���܂��B
+　- IPアドレスのデフォルト値は以下のようになっています。
+　必要があれば、Sample¥ap_rx71m_0a_ether_sample_cs¥src¥r_t4_rx¥src¥config_tcpudp.c
+　内の139行目からの定義を変更します。
+　!!** サンプルプログラム v2.0 を使用する場合は、下記                   **!!
+  Sample¥ap_rx71m_0a_usbfunc_sample_cs¥src¥tcp_sample¥src¥config_tcpudp.c
+  内の166行目からの定義を変更します。
   !!**********************************************************************!!
 
 ===
@@ -75,74 +75,74 @@ wolfSSL/AlphaProject
 ===
 
 
-�@- CS+��ap_rx71m_0a_ether_sample_cs.mtpj�v���W�F�N�g���J���AwolfSSL�ƃf�����C�u������
-�@�o�^���܂��BCC-RX(�r���h�c�[��)->�����N�E�I�v�V�����^�u->�g�p���郉�C�u������
-�@�ȉ��̓�‚̃t�@�C����o�^���܂��B
-�@wolfssl\IDE\Renesas\cs+\Projects\wolfssl_lib\DefaultBuild\wolfssl_lib.lib
-�@wolfssl\IDE\Renesas\cs+\Projects\t4_demo\DefaultBuild\t4_demo.lib
+　- CS+でap_rx71m_0a_ether_sample_cs.mtpjプロジェクトを開き、wolfSSLとデモライブラリを
+　登録します。CC-RX(ビルドツール)->リンク・オプションタブ->使用するライブラリに
+　以下の二つのファイルを登録します。
+　wolfssl¥IDE¥Renesas¥cs+¥Projects¥wolfssl_lib¥DefaultBuild¥wolfssl_lib.lib
+　wolfssl¥IDE¥Renesas¥cs+¥Projects¥t4_demo¥DefaultBuild¥t4_demo.lib
 
-- CC-RX(�r���h�c�[��)->���C�u�����[�W�F�l���[�V�����^�u->���C�u�����[�\�����uC99�v�ɁA
-ctype.h��L���ɂ�����u�͂��v�ɐݒ肵�܂��B
+- CC-RX(ビルドツール)->ライブラリージェネレーションタブ->ライブラリー構成を「C99」に、
+ctype.hを有効にするを「はい」に設定します。
 
-�@- �v���W�F�N�g�̃r���h�A�^�[�Q�b�g�ւ̃_�E�����[�h�������̂��A�\��->�f�o�b�O�E�R���\�[��
-�@����R���\�[����\�������܂��B���s���J�n����ƃR���\�[���Ɉȉ��̕\�����o�͂���܂��B
-�@
+　- プロジェクトのビルド、ターゲットへのダウンロードをしたのち、表示->デバッグ・コンソール
+　からコンソールを表示させます。実行を開始するとコンソールに以下の表示が出力されます。
+　
 ===
-�@wolfSSL Demo
+　wolfSSL Demo
 t: test, b: benchmark, s: server, or c <IP addr> <Port>: client
 $
 ===
 
-t�R�}���h�F�e�Í����A���S���Y���̊ȒP�ȃe�X�g�����s���܂��B���v�̃A���S���Y����
-�@�g�ݍ��܂�Ă��邩�m�F���邱�Ƃ��ł��܂��B�g�ݍ��ރA���S���Y���̓r���h�I�v�V����
-�@�ŕύX���邱�Ƃ��ł��܂��B�ڂ����̓��[�U�}�j���A�����Q�Ƃ��Ă��������B
-b�R�}���h�F�e�Í��A���S���Y�����Ƃ̊ȒP�ȃx���`�}�[�N�����s���܂��B
-s�R�}���h�F�ȒP��TLS�T�[�o���N�����܂��B�N������ƃr���h����IP�A�h���X�A
-�@�|�[�g50000�ɂ�TLS�ڑ���҂��܂��B
-c�R�}���h�F�ȒP��TLS�N���C�A���g���N�����܂��B�N������Ƒ��A�[�M�������g�Ŏw�肳�ꂽ
-�@IP�A�h���X�A���A�[�M�������g�Ŏw�肳�ꂽ�|�[�g�ɑ΂���TLS�ڑ����܂��B
+tコマンド：各暗号化アルゴリズムの簡単なテストを実行します。所要のアルゴリズムが
+　組み込まれているか確認することができます。組み込むアルゴリズムはビルドオプション
+　で変更することができます。詳しくはユーザマニュアルを参照してください。
+bコマンド：各暗号アルゴリズムごとの簡単なベンチマークを実行します。
+sコマンド：簡単なTLSサーバを起動します。起動するとビルド時のIPアドレス、
+　ポート50000にてTLS接続を待ちます。
+cコマンド：簡単なTLSクライアントを起動します。起動すると第一アーギュメントで指定された
+　IPアドレス、第二アーギュメントで指定されたポートに対してTLS接続します。
 
-������̃R�}���h���P��̂ݎ��s���܂��B�J��Ԃ����s�������ꍇ�́AMPU�����Z�b�g����
-�ċN�����܂��B
+いずれのコマンドも１回のみ実行します。繰り返し実行したい場合は、MPUをリセットして
+再起動します。
 
-�S�D�Ό��e�X�g
-�@�f���̂��A���R�}���h���g���āA���̋@��ƊȒP�ȑΌ��e�X�g�����邱�Ƃ��ł��܂��B
-�@Ubuntu�Ȃǂ�GCC, make�‹��AWindows��Visual Studio�Ȃǂ�
-�@�Ό��e�X�g�p�̃T�[�o�A�N���C�A���g���r���h���邱�Ƃ��ł��܂��B
+４．対向テスト
+　デモのｓ、ｃコマンドを使って、他の機器と簡単な対向テストをすることができます。
+　UbuntuなどのGCC, make環境、WindowsのVisual Studioなどで
+　対向テスト用のサーバ、クライアントをビルドすることができます。
 
-�@GCC,make�R�}���h�‹��ł́A�_�E�����[�h�𓀂���wolfssl�̃f�B���N�g�����ňȉ���
-�@�R�}���h�𔭍s����ƁA���C�u�����A�e�X�g�p�̃N���C�A���g�A�T�[�o�ȂLjꎮ���r���h
-�@����܂��B
-�@
-�@$ ./configure
-�@$ make check
-�@
-�@���̌�A�ȉ��̂悤�Ȏw��ŃN���C�A���g�܂��̓T�[�o���N�����āA�{�[�h���
-�@�f���ƑΌ��e�X�g���邱�Ƃ��ł��܂��B
-�@
-�@PC���F
-�@$ ./examples/server/server -b -d
-�@�{�[�h���F
-�@�@> c <IP�A�h���X> 11111
+　GCC,makeコマンド環境では、ダウンロード解凍したwolfsslのディレクトリ下で以下の
+　コマンドを発行すると、ライブラリ、テスト用のクライアント、サーバなど一式がビルド
+　されます。
+　
+　$ ./configure
+　$ make check
+　
+　その後、以下のような指定でクライアントまたはサーバを起動して、ボード上の
+　デモと対向テストすることができます。
+　
+　PC側：
+　$ ./examples/server/server -b -d
+　ボード側：
+　　> c <IPアドレス> 11111
 
-�@�{�[�h���F
-�@�@> s
-�@PC���F�@
-�@$ ./examples/client/client -h <IP�A�h���X> -p 50000
-�@
-�@
-�@Windows��Visual Studio�ł́A�_�E�����[�h�𓀂���wolfssl�t�H���_����wolfssl64.sln
-�@���J���A�\�����[�V�������r���h���܂��BDebug�t�H���_���Ƀr���h�����client.exe��
-�@server.exe�𗘗p���܂��B
-�@
-  PC���F
-�@Debug> .\server -b -d
-�@�{�[�h���F
-�@�@> c <IP�A�h���X> 11111
+　ボード側：
+　　> s
+　PC側：　
+　$ ./examples/client/client -h <IPアドレス> -p 50000
+　
+　
+　WindowsのVisual Studioでは、ダウンロード解凍したwolfsslフォルダ下のwolfssl64.sln
+　を開き、ソリューションをビルドします。Debugフォルダ下にビルドされるclient.exeと
+　server.exeを利用します。
+　
+  PC側：
+　Debug> .¥server -b -d
+　ボード側：
+　　> c <IPアドレス> 11111
 
-�@�{�[�h���F
-�@�@> s
-�@PC���F
-�@Debug> .\client  -h <IP�A�h���X> -p 50000
+　ボード側：
+　　> s
+　PC側：
+　Debug> .¥client  -h <IPアドレス> -p 50000
 
-�ȏ�A
\ No newline at end of file
+以上、
\ No newline at end of file
diff --git a/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c b/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
index e25b038c9..ea2b7b311 100644
--- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
+++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c b/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c
index cd7f74b85..3c8ced1e5 100644
--- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c
+++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c
@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,7 +40,7 @@ static void timeTick(void *pdata)
 double current_time(int reset)
 {
       if(reset) tick = 0 ;
-      return ((double)tick/FREQ) ;	
+      return ((double)tick/FREQ) ;
 }
 
 #define ARG_SZ 256
@@ -50,10 +50,10 @@ static int get_arg(func_args *args)
     int i;
     char *arg = argBuff;
     args->argc = 0;
-    
+
     for(i=0; i<ARG_SZ; i++) {
         *arg = getchar();
-        
+
 	switch(*arg){
 	case '\n':
 	     *arg = '\0';
@@ -84,10 +84,10 @@ void wolfSSL_main()
 {
     int c;
     func_args args = {0};
-    
+
     printf("wolfSSL Demo\nt: test, b: benchmark, s: server, or c <IP addr> <Port>: client\n$ ");
     c = getchar();
-    
+
     switch(c) {
     case 't':
         get_arg(&args);
@@ -95,14 +95,14 @@ void wolfSSL_main()
         wolfcrypt_test(&args);
         printf("End wolfCrypt Test\n");
 	break;
-	
+
     case 'b':
         get_arg(&args);
         printf("Start wolfCrypt Benchmark\n");
         benchmark_test(NULL);
         printf("End wolfCrypt Benchmark\n");
 	break;
-	
+
     case 'c':
         if(get_arg(&args) < 0)
             break;
@@ -110,7 +110,7 @@ void wolfSSL_main()
 	wolfSSL_TLS_client(wolfSSL_cl_ctx, &args);
         printf("End TLS Client\n");
 	break;
-	
+
     case 's':
         if(get_arg(&args) < 0)
             break;
diff --git a/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c b/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
index 858347170..d4b4d63a1 100644
--- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
+++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
@@ -1,6 +1,6 @@
 /* wolf_server.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/cs+/Projects/test/test_main.c b/IDE/Renesas/cs+/Projects/test/test_main.c
index dcb490acd..30dfd4723 100644
--- a/IDE/Renesas/cs+/Projects/test/test_main.c
+++ b/IDE/Renesas/cs+/Projects/test/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,7 +45,7 @@ void wolfcrypt_test(func_args args);
 void main(void)
 {
     func_args args = { 1 };
-  
+
     printf("Start wolfCrypt Test\n");
     wolfcrypt_test(args);
     printf("End wolfCrypt Test\n");
diff --git a/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c b/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c
index 353f906dc..1c21ae2c8 100644
--- a/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c
+++ b/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c
@@ -1,6 +1,6 @@
 /* app_entry.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c b/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c
index c52f8aaf3..ee8b55a68 100644
--- a/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c
+++ b/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c
@@ -1,6 +1,6 @@
 /* app_entry.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/DK-S7G2/user_settings.h b/IDE/Renesas/e2studio/DK-S7G2/user_settings.h
index 146f7020b..82f9e5e9a 100644
--- a/IDE/Renesas/e2studio/DK-S7G2/user_settings.h
+++ b/IDE/Renesas/e2studio/DK-S7G2/user_settings.h
@@ -74,4 +74,7 @@
 #define HAVE_ED25519
 #define WOLFSSL_SHA512
 
+/* NETX Duo BSD manual lists the socket len type as an INT */
+#undef  XSOCKLENT
+#define XSOCKLENT int
 #endif
diff --git a/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c b/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c
index 9edf7ff84..ae4c09ff4 100644
--- a/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c
+++ b/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c
@@ -1,6 +1,6 @@
 /* app_entry.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/common/strings.h b/IDE/Renesas/e2studio/Projects/common/strings.h
index a66c8bbbf..7cbc78770 100644
--- a/IDE/Renesas/e2studio/Projects/common/strings.h
+++ b/IDE/Renesas/e2studio/Projects/common/strings.h
@@ -1,6 +1,6 @@
 /* strings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/common/unistd.h b/IDE/Renesas/e2studio/Projects/common/unistd.h
index 12f937494..ec6e32ec9 100644
--- a/IDE/Renesas/e2studio/Projects/common/unistd.h
+++ b/IDE/Renesas/e2studio/Projects/common/unistd.h
@@ -1,6 +1,6 @@
 /* unistd.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/common/user_settings.h b/IDE/Renesas/e2studio/Projects/common/user_settings.h
index 15ebd73b3..22cf28900 100644
--- a/IDE/Renesas/e2studio/Projects/common/user_settings.h
+++ b/IDE/Renesas/e2studio/Projects/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,7 @@
 #define USE_CERT_BUFFERS_2048
 #define WOLFSSL_USER_CURRTIME
 #define SIZEOF_LONG_LONG 8
-#define NO_WOLFSSL_DIR 
+#define NO_WOLFSSL_DIR
 #define WOLFSSL_NO_CURRDIR
 #define NO_FILESYSTEM
 #define WOLFSSL_LOG_PRINTF
diff --git a/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c
index bf2006d49..76ead18ba 100644
--- a/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/key_data.c b/IDE/Renesas/e2studio/Projects/test/src/key_data.c
index d3e7a0416..29ae72b0d 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/key_data.c
+++ b/IDE/Renesas/e2studio/Projects/test/src/key_data.c
@@ -1,6 +1,6 @@
 /* key_data.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/key_data.h b/IDE/Renesas/e2studio/Projects/test/src/key_data.h
index c9be7039d..b2f649ddc 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/key_data.h
+++ b/IDE/Renesas/e2studio/Projects/test/src/key_data.h
@@ -1,6 +1,6 @@
 /* key_data.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/test_main.c b/IDE/Renesas/e2studio/Projects/test/src/test_main.c
index 3e5916027..a8cfc949b 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/Projects/test/src/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c b/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c
index 7ebbe2923..24a14bdc4 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c
+++ b/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c b/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c
index 206e91d77..a0c5ece8f 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c
+++ b/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c
@@ -1,6 +1,6 @@
 /* wolf_server.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -124,7 +124,7 @@ void wolfSSL_TLS_server_init(byte doClientCheck)
     #if !defined(NO_FILESYSTEM)
         ret = wolfSSL_CTX_use_PrivateKey_file(server_ctx, key, 0);
     #else
-        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key, 
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key,
                                                         SSL_FILETYPE_ASN1);
     #endif
         if (ret != SSL_SUCCESS) {
@@ -138,20 +138,20 @@ void wolfSSL_TLS_server_init(byte doClientCheck)
             wolfSSL_CTX_set_verify(server_ctx, WOLFSSL_VERIFY_PEER |
                                 WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
 #if !defined(NO_FILESYSTEM)
-            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0) 
+            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0)
                                                                 != WOLFSSL_SUCCESS)
 #else
-            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert, 
+            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert,
                                                sizeof_clicert,
                                                SSL_FILETYPE_ASN1) != SSL_SUCCESS)
 #endif
                 printf("can't load ca file, Please run from wolfSSL home dir\n");
         }
-   
+
    /* Register callbacks */
    wolfSSL_SetIORecv(server_ctx, my_IORecv);
    wolfSSL_SetIOSend(server_ctx, my_IOSend);
-   
+
 }
 
 void wolfSSL_TLS_server( )
diff --git a/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h b/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h
index 2168ad0a0..30ae8f774 100644
--- a/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh b/IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh
index ac9def4cc..c5256060d 100755
--- a/IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh
+++ b/IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh
@@ -7,7 +7,7 @@ function usage(){
 
     Description:
      Generate 2048 bit Rsa key pair and Display modulus and public exponent
-     
+
     Options:
       -g    generate rsa key pair, default on
       -s    only show modulus and public exponent
@@ -39,7 +39,7 @@ FLAG_S="off"
 
 if [ $FLAG_G = "on" ]; then
     # generate 2048bit Rsa private key
-    openssl genrsa 2048 2> /dev/null > private-key.pem 
+    openssl genrsa 2048 2> /dev/null > private-key.pem
     # expose public key
     openssl rsa -in private-key.pem -pubout -out public-key.pem 2> /dev/null
 fi
diff --git a/IDE/Renesas/e2studio/RA6M3/README.md b/IDE/Renesas/e2studio/RA6M3/README.md
index a1cc8b9e6..285d89799 100644
--- a/IDE/Renesas/e2studio/RA6M3/README.md
+++ b/IDE/Renesas/e2studio/RA6M3/README.md
@@ -67,7 +67,7 @@ The following steps explain how to generate the missing files and where to place
 |Thread Symbol|wolfssl_tst_thread|
 |Thread Name|wolf_tst_thread|
 |Thread Stack size|increase depending on your environment<br> e.g. 0xA000|
-|Thread MemoryAllocation|Dyamic|
+|Thread MemoryAllocation|Dynamic|
 |Common General Use Mutexes|Enabled|
 |Common General Enable Backward Compatibility|Enabled|
 |Common Memory Allocation Support Dynamic Allocation|Enabled|
diff --git a/IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md b/IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md
index 0a68c6565..43bf3b91d 100644
--- a/IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md
+++ b/IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md
@@ -84,9 +84,9 @@ The following steps explain how to generate the missing files and where to place
   (Click the drop-down arrow to the left of the project name.)
 + Select and Copy the following folders/files inside dummy_library
 
-    `ra/`  
-    `ra_gen/`  
-    `ra_cfg/`  
+    `ra/`
+    `ra_gen/`
+    `ra_cfg/`
     `script/`
 
 + Paste the copied folders/files into wolfSSL_RA6M3G
@@ -108,7 +108,7 @@ The following steps explain how to generate the missing files and where to place
 
 + Select and Copy the following folder inside dummy_app
 
-    `src/`  
+    `src/`
     `script/`
 
 + Paste the copied folders into `./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`
@@ -132,17 +132,17 @@ Right-Click each Project and select Build.
 
 ### Run wolfCrypt Test and Benchmark
 
-1.) Right-Click the Project name.  
-2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`  
-3.) Select J-Link ARM. Click OK.  
+1.) Right-Click the Project name.
+2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`
+3.) Select J-Link ARM. Click OK.
 4.) Select R7Fa6M3AH. Click OK.
 
 ### Run the wolfSSL TLS Server Example.
 
-1.) Right-Click the Project name.  
-2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`  
-3.) Select J-Link ARM. Click OK.  
-4.) Select R7Fa6M3AH. Click OK.  
+1.) Right-Click the Project name.
+2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`
+3.) Select J-Link ARM. Click OK.
+4.) Select R7Fa6M3AH. Click OK.
 5.) Run the following wolfSSL example client command inside the base of the wolfssl directory.
 
 ```
diff --git a/IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md b/IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md
index d3dc23a96..93a543711 100644
--- a/IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md
+++ b/IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md
@@ -83,9 +83,9 @@ wolfSSL のプロジェクトファイルは、wolfSSL と wolfCrypt の両方
   プロジェクト名横にある矢印マークをクリック
 + `dummy_library` の以下のフォルダーとファイルを選択
 
-    `ra/`  
-    `ra_gen/`  
-    `ra_cfg/`  
+    `ra/`
+    `ra_gen/`
+    `ra_cfg/`
     `script/`
 
 + 選択したフォルダーとファイルを `wolfSSL_RA6M3G`プロジェクトに貼り付け
@@ -110,7 +110,7 @@ wolfSSL のプロジェクトファイルは、wolfSSL と wolfCrypt の両方
 
 + `dummy_app`の以下のフォルダーをコピー
 
-    `src/`  
+    `src/`
     `script/`
 
 + 選択したフォルダーを`./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`へコピー
diff --git a/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c
index cf7f27061..6451ed757 100644
--- a/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c
index 5ba72ce49..0fe5a10fd 100644
--- a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h
index d1f7e0f8c..6552c712d 100644
--- a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h
+++ b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c b/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c
index faf154dc1..5ec3aae1d 100644
--- a/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c
+++ b/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c
@@ -1,6 +1,6 @@
 /* freertos_tcp_port.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/common/user_settings.h b/IDE/Renesas/e2studio/RA6M3/common/user_settings.h
index f0d66117f..6adee0053 100644
--- a/IDE/Renesas/e2studio/RA6M3/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RA6M3/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -50,7 +50,6 @@
 #define HAVE_CHACHA
 #define HAVE_POLY1305
 #define HAVE_ECC
-#define HAVE_RSA
 #define HAVE_SHA256
 #define HAVE_SUPPORTED_CURVES
 #define HAVE_TLS_EXTENSIONS
diff --git a/IDE/Renesas/e2studio/RA6M3/common/util.h b/IDE/Renesas/e2studio/RA6M3/common/util.h
index 57eaf767b..cc69a8dc4 100644
--- a/IDE/Renesas/e2studio/RA6M3/common/util.h
+++ b/IDE/Renesas/e2studio/RA6M3/common/util.h
@@ -1,6 +1,6 @@
 /* util.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c
index 47808cb42..0d8f60830 100644
--- a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h
index 7720180f1..2645a25ef 100644
--- a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h
+++ b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c
index 454f5744a..860ed4e03 100644
--- a/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c
@@ -1,6 +1,6 @@
 /* wolfssl_thread_entry.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M4/README.md b/IDE/Renesas/e2studio/RA6M4/README.md
index 4ce63ab33..5afae2984 100644
--- a/IDE/Renesas/e2studio/RA6M4/README.md
+++ b/IDE/Renesas/e2studio/RA6M4/README.md
@@ -4,13 +4,13 @@ wolfSSL for Renesas RA Evaluation Kit (EK-RA6M4)
 ## Description
 
 This directory contains e2studio projects targeted at the Renesas RA 32-bit MCUs.
-The example projects include a wolfSSL TLS client. 
+The example projects include a wolfSSL TLS client.
 They also include benchmark and cryptography tests for the wolfCrypt library.
 
 
 The wolfssl project contains both the wolfSSL and wolfCrypt libraries.
 It is built as a `Renesas RA C Library Project` and contains the Renesas RA
-configuration. The wolfssl project uses `Secure Cryptography Engine on RA6 Protected Mode` 
+configuration. The wolfssl project uses `Secure Cryptography Engine on RA6 Protected Mode`
 as hardware acceleration for cypto and TLS operation.
 
 
@@ -24,27 +24,29 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 |Board|EK-RA6M4|
 |Device|R7FA6M4AF3CFB|
 |Toolchain|GCC ARM Embedded|
-|FSP Version|3.5.0|
+|FSP Version|5.4.0|
 
 #### Selected software components
 
 |Components|Version|
 |:--|:--|
-|Board Support Package Common Files|v3.6.0|
-|Secure Cryptography Engine on RA6 Protected Mode|v3.6.0|
-|I/O Port|v3.6.0|
-|Arm CMSIS Version 5 - Core (M)|v5.8.0+fsp.3.6.0|
-|RA6M4-EK Board Support Files|v3.5.0|
-|Board support package for R7FA6M4AF3CFB|v3.6.0|
-|Board support package for RA6M4|v3.6.0|
-|Board support package for RA6M4 - FSP Data|v3.6.0|
-|FreeRTOS|v10.4.3-LTS.Patch.2+fsp.3.6.0|
-|FreeRTOS - Memory Management - Heap 4|v10.4.3-LTS.Patch.2+fsp.3.6.0|
-|r_ether to FreeRTOS+TCP Wrapper|v3.6.0|
-|Ethernet|v3.6.0|
-|Ethernet PHY|v3.6.0|
-|FreeRTOS+TCP|v2.3.2-LTS.Patch.1+fsp.3.6.0|
-|FreeRTOS - Buffer Allocation 2|v2.3.2-LTS.Patch.1+fsp.3.6.0|
+|Board Support Package Common Files|v5.4.0|
+|Secure Cryptography Engine on RA6 Protected Mode|v5.4.0|
+|I/O Port|v5.4.0|
+|Arm CMSIS Version 5 - Core (M)|v6.1.0+fsp.5.4.0|
+|RA6M4-EK Board Support Files|v5.4.0|
+|Board support package for R7FA6M4AF3CFB|v5.4.0|
+|Board support package for RA6M4 - Events|v5.4.0|
+|Board support package for RA6M4|v5.4.0|
+|Board support package for RA6M4 - FSP Data|v5.4.0|
+|FreeRTOS|v10.6.1+fsp.5.4.0|
+|FreeRTOS - Memory Management - Heap 4|v10.6.1+fsp.5.4.0|
+|r_ether to FreeRTOS+TCP Wrapper|v5.4.0|
+|Ethernet|v5.4.0|
+|Ethernet PHY|v5.4.0|
+|FreeRTOS+TCP|v4.0.0+fsp.5.4.0|
+|FreeRTOS - Buffer Allocation 2|v4.0.0+fsp.5.4.0|
+|FreeRTOS Port|v5.4.0|
 
 ## Setup Steps and Build wolfSSL Library
 
@@ -72,7 +74,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 |Thread Symbol|sce_tst_thread|
 |Thread Name|sce_tst_thread|
 |Thread Stack size|increase depending on your environment<br> e.g. 0xA000|
-|Thread MemoryAllocation|Dyamic|
+|Thread MemoryAllocation|Dynamic|
 |Common General Use Mutexes|Enabled|
 |Common General Enable Backward Compatibility|Enabled|
 |Common Memory Allocation Support Dynamic Allocation|Enabled|
@@ -85,7 +87,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 |:--|:--|
 |Network Events call vApplicationIPNetworkEventHook|Disable|
 |Use DHCP|Disable|
-  
+
 + Save `dummy_library` FSP configuration
 + Copy <u>configuration.xml</u> and pincfg under `dummy_library` to `wolfSSL_RA6M4`
 + Open Smart Configurator by clicking copied configuration.xml
@@ -105,7 +107,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 + Copy the following folder and file at `dummy_application` to `test_RA6M4`\
   script/\
   src/sce_tst_thread_entry.c
-  
+
 + Add `sce_test()` call under /* TODO: add your own code here */ line at sce_tst_thread_entry.c
 ```
 ...
@@ -119,7 +121,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 + Download J-Link software from [Segger](https://www.segger.com/downloads/jlink)
 + Choose `J-Link Software and Documentation Pack`
 + Copy sample program files below from `Installed SEGGER` folder, `e.g C:\Program Files\SEGGER\JLink\Samples\RTT`, to /path/to/wolfssl/IDE/Reenesas/e2studio/RA6M4/test/src/SEGGER_RTT\
-  
+
     SEGGER_RTT.c\
     SEGGER_RTT.h\
     SEGGER_RTT_Conf.h\
@@ -134,7 +136,7 @@ The wolfssl Project Summary is listed below and is relevant for every project.
     you can specify "RTT control block" to 0x200232a8 by Address\
     OR\
     you can specify "RTT control block" to 0x20020000 0x10000 by Search Range
-  
+
 ## Run Client
 1.) Enable TLS_CLIENT definition in wolfssl_demo.h of test_RA6M4 project
 
@@ -175,7 +177,7 @@ $./examples/server/server -b -d -i -c ./certs/server-ecc.pem -k ./certs/ecc-key.
 
 You will see the following message on J-LinK RTT Viewer when using RSA sign and verify.
 ```
- Start Client Example, 
+ Start Client Example,
  Connecting to 192.168.11.xx
 
 [wolfSSL_TLS_client_do(00)][00]  Start to connect to the server.
@@ -204,7 +206,7 @@ You will see the following message on J-LinK RTT Viewer when using RSA sign and
 
 You will see the following message on J-LinK RTT Viewer when using ECDSA sign and verify.
 ```
- Start Client Example, 
+ Start Client Example,
  Connecting to 192.168.11.xx
 
 [wolfSSL_TLS_client_do(00)][00]  Start to connect to the server.
@@ -235,7 +237,7 @@ You will see the following message on J-LinK RTT Viewer when using ECDSA sign an
 ### Run Multi Client Session example
 1.) Enable TLS_CLIENT and TLS_MULTITHREAD_TEST definition in wolfssl_demo.h of test_RA6M4 project
 
-2.) Follow [Run Client](#run-client) instruction 
+2.) Follow [Run Client](#run-client) instruction
 
 3.) Prepare peer wolfssl server
 
@@ -258,7 +260,7 @@ $./examples/server/server -b -d -c -i ./certs/server-ecc.pem -k ./certs/ecc-key.
 4.) Run Multi Client Session Example
 You will see similar following message on J-LinK RTT Viewer when using ECDSA sign and verify.
 ```
- Start Client Example, 
+ Start Client Example,
  Connecting to 192.168.11.xx
 
  clt_thd_taskA connecting to 11111 port
@@ -291,7 +293,7 @@ You will see similar following message on J-LinK RTT Viewer when using ECDSA sig
 
 You will see similar following message on J-LinK RTT Viewer when using ECDSA sign and verify.
 ```
- Start Client Example, 
+ Start Client Example,
  Connecting to 192.168.11.xx
 
  clt_thd_taskA connecting to 11111 port
diff --git a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
index 6f40f37f2..3c515029e 100644
--- a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h b/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
index cbe535b2a..1dff4b177 100644
--- a/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RA6M4/include.am b/IDE/Renesas/e2studio/RA6M4/include.am
index cd8adec9c..db3f280f3 100644
--- a/IDE/Renesas/e2studio/RA6M4/include.am
+++ b/IDE/Renesas/e2studio/RA6M4/include.am
@@ -16,4 +16,4 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/src/common/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h
-EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/user_settings.h
\ No newline at end of file
+EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/user_settings.h
diff --git a/IDE/Renesas/e2studio/RA6M4/test/.cproject b/IDE/Renesas/e2studio/RA6M4/test/.cproject
index e7bb1ceb9..11ea16645 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/.cproject
+++ b/IDE/Renesas/e2studio/RA6M4/test/.cproject
@@ -105,6 +105,9 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/r_sce_protected/crypto_procedures_protected/src/sce9/private/inc}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/rm_freertos_plus_tcp}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1484044149" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
diff --git a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
index aec582f1a..792789718 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c
@@ -1,6 +1,6 @@
 /* key_data.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,112 +28,112 @@ const st_user_key_block_data_t g_key_block_data =
 {
     /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */
     {
-        0xE7, 0x1C, 0xEB, 0xCA, 0x3A, 0x64, 0x0B, 0xD2, 0xC5, 0xB8, 0xF2, 0xD0, 
-        0xF7, 0x1B, 0xA9, 0x4A, 0x98, 0xFF, 0xF3, 0x48, 0x81, 0xAD, 0xAF, 0x63, 
+        0xE7, 0x1C, 0xEB, 0xCA, 0x3A, 0x64, 0x0B, 0xD2, 0xC5, 0xB8, 0xF2, 0xD0,
+        0xF7, 0x1B, 0xA9, 0x4A, 0x98, 0xFF, 0xF3, 0x48, 0x81, 0xAD, 0xAF, 0x63,
         0x19, 0x24, 0x4B, 0x2B, 0xC0, 0x8B, 0x9C, 0x6B
     },
     /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
     {
-        0xD7, 0x97, 0x56, 0x82, 0x5B, 0x4B, 0x7F, 0xB2, 0x1C, 0x1F, 0xEE, 0x85, 
+        0xD7, 0x97, 0x56, 0x82, 0x5B, 0x4B, 0x7F, 0xB2, 0x1C, 0x1F, 0xEE, 0x85,
         0x02, 0xC5, 0xD0, 0xBA
     },
     /* uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]; */
     {
-        0x3F, 0xA5, 0xBE, 0xBF, 0x86, 0xEC, 0x23, 0x37, 0x82, 0x37, 0x71, 0x0C, 
-        0x83, 0xA7, 0x8E, 0x86, 0xF0, 0x16, 0xD3, 0x7B, 0xF1, 0x25, 0xA4, 0x37, 
-        0x7A, 0x2D, 0x16, 0xF2, 0xFF, 0x3D, 0xEE, 0x46, 0xE0, 0x05, 0x58, 0x56, 
+        0x3F, 0xA5, 0xBE, 0xBF, 0x86, 0xEC, 0x23, 0x37, 0x82, 0x37, 0x71, 0x0C,
+        0x83, 0xA7, 0x8E, 0x86, 0xF0, 0x16, 0xD3, 0x7B, 0xF1, 0x25, 0xA4, 0x37,
+        0x7A, 0x2D, 0x16, 0xF2, 0xFF, 0x3D, 0xEE, 0x46, 0xE0, 0x05, 0x58, 0x56,
         0xC2, 0xE7, 0x9D, 0x2C, 0x01, 0x84, 0x59, 0x8E, 0xA8, 0x9E, 0xEE, 0x3F,
         0x22, 0x83, 0x68, 0xDA, 0x9E, 0xCE, 0xEA, 0x99, 0xFD, 0xAF, 0xDF, 0x67,
-        0x1E, 0x73, 0x25, 0x68, 0xBF, 0x0A, 0xDF, 0xAF, 0xC4, 0x3D, 0xF1, 0xBD, 
-        0x41, 0xF5, 0xAC, 0xAC, 0xA4, 0x36, 0xF8, 0x96, 0xC0, 0x8C, 0x2F, 0x1A, 
+        0x1E, 0x73, 0x25, 0x68, 0xBF, 0x0A, 0xDF, 0xAF, 0xC4, 0x3D, 0xF1, 0xBD,
+        0x41, 0xF5, 0xAC, 0xAC, 0xA4, 0x36, 0xF8, 0x96, 0xC0, 0x8C, 0x2F, 0x1A,
         0x79, 0x75, 0x28, 0xAE, 0x67, 0xC9, 0x5A, 0xDE, 0x2A, 0xB4, 0x99, 0xDB,
-        0x8C, 0x25, 0x53, 0x58, 0x8C, 0xDC, 0xA8, 0x0D, 0xFE, 0xEE, 0x0F, 0x6C, 
-        0x61, 0xE6, 0x43, 0x66, 0xE8, 0x4A, 0xE3, 0xEB, 0xAB, 0xA2, 0x52, 0xE4, 
-        0x67, 0xC2, 0x9A, 0x57, 0xA4, 0x1F, 0xE0, 0xFC, 0x2B, 0xBE, 0x25, 0xBF, 
+        0x8C, 0x25, 0x53, 0x58, 0x8C, 0xDC, 0xA8, 0x0D, 0xFE, 0xEE, 0x0F, 0x6C,
+        0x61, 0xE6, 0x43, 0x66, 0xE8, 0x4A, 0xE3, 0xEB, 0xAB, 0xA2, 0x52, 0xE4,
+        0x67, 0xC2, 0x9A, 0x57, 0xA4, 0x1F, 0xE0, 0xFC, 0x2B, 0xBE, 0x25, 0xBF,
         0xF0, 0x70, 0x18, 0x88, 0x93, 0xB7, 0x2F, 0x74, 0xF8, 0xF3, 0x88, 0xB8,
-        0xFA, 0x18, 0xBE, 0xC1, 0xB2, 0x24, 0x4B, 0xBC, 0x89, 0x2D, 0xC4, 0x02, 
-        0xB3, 0x82, 0xEC, 0xDB, 0xC9, 0xF0, 0xA9, 0xC3, 0x30, 0x7C, 0xF5, 0x15, 
-        0xEB, 0x9B, 0x16, 0x8C, 0x9D, 0xEF, 0x42, 0x8A, 0xCA, 0x5D, 0x28, 0xDF, 
+        0xFA, 0x18, 0xBE, 0xC1, 0xB2, 0x24, 0x4B, 0xBC, 0x89, 0x2D, 0xC4, 0x02,
+        0xB3, 0x82, 0xEC, 0xDB, 0xC9, 0xF0, 0xA9, 0xC3, 0x30, 0x7C, 0xF5, 0x15,
+        0xEB, 0x9B, 0x16, 0x8C, 0x9D, 0xEF, 0x42, 0x8A, 0xCA, 0x5D, 0x28, 0xDF,
         0x68, 0xEA, 0xE0, 0xB8, 0x76, 0x7C, 0xBB, 0x4A, 0x51, 0xDD, 0x55, 0x14,
-        0xB7, 0xAB, 0xD2, 0xF1, 0xB9, 0x51, 0x19, 0x05, 0x26, 0x87, 0xF7, 0x5C, 
-        0x69, 0x45, 0x3C, 0x82, 0xE8, 0x82, 0x05, 0x5D, 0x33, 0x8E, 0xD1, 0x42, 
-        0x71, 0xD6, 0x96, 0xDA, 0xAB, 0xB8, 0xC0, 0x0F, 0xF7, 0x85, 0x8A, 0x12, 
+        0xB7, 0xAB, 0xD2, 0xF1, 0xB9, 0x51, 0x19, 0x05, 0x26, 0x87, 0xF7, 0x5C,
+        0x69, 0x45, 0x3C, 0x82, 0xE8, 0x82, 0x05, 0x5D, 0x33, 0x8E, 0xD1, 0x42,
+        0x71, 0xD6, 0x96, 0xDA, 0xAB, 0xB8, 0xC0, 0x0F, 0xF7, 0x85, 0x8A, 0x12,
         0xEF, 0xB9, 0x53, 0xFF, 0xD2, 0x95, 0x18, 0x2F, 0x0C, 0xA6, 0x72, 0x98,
-        0xC3, 0xC6, 0x9B, 0x95, 0x70, 0x69, 0xC5, 0xB7, 0xD5, 0x24, 0x77, 0x05, 
-        0xD0, 0x68, 0x85, 0x36, 0xB8, 0x57, 0xE3, 0xED, 0x2E, 0x4D, 0x95, 0xD3, 
-        0xFC, 0x24, 0x1B, 0x22, 0xFA, 0x43, 0xD8, 0x62, 0x28, 0x57, 0x6B, 0x34, 
+        0xC3, 0xC6, 0x9B, 0x95, 0x70, 0x69, 0xC5, 0xB7, 0xD5, 0x24, 0x77, 0x05,
+        0xD0, 0x68, 0x85, 0x36, 0xB8, 0x57, 0xE3, 0xED, 0x2E, 0x4D, 0x95, 0xD3,
+        0xFC, 0x24, 0x1B, 0x22, 0xFA, 0x43, 0xD8, 0x62, 0x28, 0x57, 0x6B, 0x34,
         0xBF, 0xD1, 0x63, 0x4B, 0xB5, 0xF5, 0x88, 0xBC, 0xB8, 0x69, 0xF3, 0xB5
     },
 };
 
 #ifndef USE_CERT_BUFFERS_256
-/* ca-cert.der.sign,  
- * ca-cert.der signed by RSA2048 PSS with SHA256 
+/* ca-cert.der.sign,
+ * ca-cert.der signed by RSA2048 PSS with SHA256
  * This is used for Root Certificate verify by SCE */
 const unsigned char ca_cert_der_sign[] =
 {
-        0x70, 0x4D, 0x6C, 0xCC, 0xAD, 0xD0, 0x74, 0x34, 0x10, 0xB3,
-        0x1F, 0x26, 0x49, 0x31, 0xD0, 0xD5, 0x0B, 0x4F, 0x50, 0xD4,
-        0x21, 0x7D, 0x3D, 0xE6, 0x9D, 0x5A, 0xF1, 0xE4, 0x48, 0xBD,
-        0x6D, 0xB3, 0x58, 0xB4, 0x07, 0xF1, 0x06, 0xA7, 0x3D, 0xB7,
-        0x24, 0x60, 0xBD, 0x72, 0xB2, 0x7B, 0xA8, 0x4F, 0xFC, 0x47,
-        0x64, 0xF0, 0x04, 0xBE, 0xC7, 0xAE, 0xB6, 0x6F, 0xA5, 0xD6,
-        0x65, 0xE9, 0xB5, 0x3D, 0x8A, 0xC8, 0x27, 0x9A, 0x3B, 0x4C,
-        0x98, 0xB0, 0x5F, 0x1E, 0x54, 0xA5, 0xEF, 0xBC, 0x61, 0xA7,
-        0x3F, 0xB7, 0x5D, 0x36, 0x5A, 0x27, 0x1C, 0x5A, 0xAF, 0x65,
-        0x7A, 0x89, 0x4F, 0x00, 0xB1, 0x75, 0xA7, 0xA9, 0x5C, 0xE8,
-        0xC8, 0x0E, 0x5C, 0x83, 0x12, 0x47, 0x11, 0xD1, 0xBD, 0xF4,
-        0x10, 0x7D, 0x7B, 0xD6, 0x05, 0xF7, 0xBE, 0xD2, 0x70, 0x05,
-        0x56, 0xD6, 0x84, 0x70, 0x11, 0x3D, 0x67, 0x93, 0x2E, 0xB0,
-        0x93, 0xBA, 0x34, 0xD0, 0xDE, 0xB8, 0x16, 0x7B, 0x0D, 0x67,
-        0x16, 0x92, 0x91, 0x79, 0xAC, 0x3C, 0xC9, 0x4D, 0x8A, 0xEE,
-        0x31, 0xCC, 0xFC, 0xF7, 0x78, 0xB3, 0x1B, 0x0F, 0x54, 0xCE,
-        0xF4, 0xBB, 0xE7, 0xF4, 0xAC, 0x80, 0xEF, 0xDD, 0xFF, 0x84,
-        0x7A, 0x37, 0xED, 0xC4, 0x45, 0x3D, 0x7C, 0x19, 0x81, 0x95,
-        0x2E, 0x71, 0xE7, 0x1B, 0x1C, 0x75, 0x67, 0xBC, 0x62, 0x0F,
-        0xAA, 0x90, 0x41, 0x01, 0x53, 0xD0, 0x3A, 0x6E, 0xE9, 0xC9,
-        0xAA, 0x2F, 0xD1, 0xD8, 0xB3, 0x3B, 0x80, 0xCA, 0xE5, 0xA1,
-        0x1B, 0x7F, 0xCF, 0xF5, 0xBF, 0x2C, 0x2B, 0xBE, 0x1F, 0x77,
-        0x89, 0x21, 0xD7, 0x76, 0x51, 0xA8, 0xD0, 0x31, 0xE1, 0x97,
-        0xD1, 0x63, 0x84, 0xA2, 0xAA, 0x6E, 0x9A, 0x33, 0x43, 0x65,
-        0x2A, 0x6B, 0x40, 0x03, 0x84, 0x6F, 0xC7, 0xB3, 0xE5, 0xD8,
-        0x64, 0x30, 0x12, 0x2A, 0x45, 0x1D
+		0x42, 0xDC, 0x1F, 0xF5, 0x71, 0x54, 0x13, 0xB5, 0x86, 0x30,
+		0x34, 0xF3, 0x04, 0x50, 0x69, 0x50, 0x6C, 0x94, 0x05, 0x60,
+		0xC6, 0x34, 0x12, 0xCC, 0xA1, 0x68, 0x56, 0x1F, 0x54, 0x4D,
+		0x6C, 0x3E, 0xCB, 0xFB, 0xEB, 0xEF, 0x4E, 0xCF, 0xA8, 0xB0,
+		0xA7, 0xDE, 0xAD, 0x64, 0xBA, 0xB8, 0xE5, 0x0C, 0x97, 0x31,
+		0x16, 0xEE, 0xF7, 0x73, 0xCC, 0xAF, 0x54, 0x20, 0xE1, 0xFF,
+		0xF7, 0x94, 0x6D, 0x7B, 0xC7, 0x83, 0xA3, 0xE5, 0xF6, 0x01,
+		0xA1, 0xA7, 0x90, 0xF1, 0x3D, 0xCE, 0x95, 0xD8, 0x15, 0x29,
+		0x7A, 0x6C, 0xC1, 0x43, 0xB8, 0x29, 0x30, 0xC9, 0x38, 0x36,
+		0x85, 0x03, 0x23, 0x3D, 0xAE, 0x40, 0xAA, 0x0A, 0x38, 0xF8,
+		0x06, 0xDB, 0xA5, 0x7B, 0xBF, 0x72, 0x12, 0xD7, 0xB1, 0x35,
+		0x82, 0x47, 0xA8, 0x9E, 0xCB, 0xFF, 0xD1, 0x34, 0xA2, 0x15,
+		0xBB, 0xC8, 0x35, 0xE7, 0x91, 0x58, 0x52, 0xD8, 0xA6, 0x9F,
+		0x1D, 0x68, 0xD2, 0x92, 0x0E, 0xAD, 0x42, 0xB9, 0xE5, 0x72,
+		0xE9, 0x3B, 0x24, 0xF2, 0x05, 0xEA, 0x9F, 0xAD, 0x07, 0xE0,
+		0xD8, 0x40, 0x33, 0x7D, 0x1C, 0x8C, 0x71, 0x7E, 0x37, 0x22,
+		0x1B, 0x13, 0x27, 0xE5, 0xBC, 0x6E, 0x6E, 0x6A, 0xE5, 0x66,
+		0x4C, 0xAB, 0x74, 0x74, 0x12, 0xE4, 0x12, 0x36, 0xD5, 0xB0,
+		0x56, 0x0E, 0x79, 0xFB, 0x56, 0xA0, 0x09, 0x4B, 0xBD, 0xE0,
+		0xF5, 0x75, 0x0E, 0xA1, 0xB1, 0xDC, 0xA6, 0xC5, 0x0B, 0x7E,
+		0x79, 0x83, 0xD5, 0xCE, 0x2A, 0xB3, 0x2C, 0xE8, 0x49, 0xDE,
+		0x18, 0xB2, 0x50, 0x58, 0x58, 0x2E, 0x31, 0xAD, 0xF1, 0x25,
+		0x71, 0xD2, 0x74, 0xA1, 0xC8, 0x1C, 0xF6, 0xF7, 0xE6, 0xDA,
+		0xA3, 0x9F, 0x32, 0x5A, 0xA0, 0xBC, 0x1D, 0x13, 0xAC, 0x9C,
+		0x41, 0x97, 0xDB, 0xA4, 0xF4, 0xE2, 0xE4, 0x28, 0xD3, 0x30,
+		0xC3, 0x14, 0xF2, 0xB0, 0xBF, 0x94
 };
 
 const int sizeof_ca_cert_der_sign = sizeof(ca_cert_der_sign);
 #else
-/* ca-ecc-cert.der.sign,  
- * ca-ecc-cert.der signed by RSA2048 PSS with SHA256 
+/* ca-ecc-cert.der.sign,
+ * ca-ecc-cert.der signed by RSA2048 PSS with SHA256
  * This is used for Root Certificate verify by SCE
  */
 const unsigned char ca_ecc_cert_der_sign[] =
 {
-        0xB9, 0x59, 0x94, 0xE6, 0xD1, 0x5B, 0xFD, 0x59, 0xBB, 0x4F,
-        0x14, 0x0B, 0x9E, 0x30, 0x61, 0xF9, 0xFA, 0x2C, 0xD8, 0xE2,
-        0x7F, 0xD0, 0x1F, 0x47, 0xDE, 0x14, 0x8E, 0xD1, 0x78, 0x86,
-        0xA4, 0x9B, 0xDC, 0x86, 0x64, 0x2A, 0xD9, 0xBC, 0xBE, 0x61,
-        0x60, 0xB8, 0x1C, 0x46, 0xCE, 0x66, 0x97, 0xC0, 0x32, 0x04,
-        0x38, 0x3B, 0xCB, 0xB7, 0x38, 0x89, 0x11, 0xCE, 0xBA, 0x64,
-        0xE1, 0xDD, 0x4E, 0x3C, 0x6F, 0xA0, 0x48, 0xFA, 0x9F, 0x8F,
-        0xEC, 0x6A, 0xCA, 0xAC, 0x29, 0x4B, 0xD9, 0xF7, 0xE3, 0x03,
-        0xF7, 0xBA, 0xB8, 0xCC, 0x2C, 0xD1, 0xC8, 0x84, 0xFA, 0xF6,
-        0xFA, 0xE4, 0x72, 0xAF, 0x8D, 0x07, 0xF0, 0x3D, 0xD7, 0x58,
-        0x95, 0x08, 0x6F, 0xD5, 0x77, 0x1B, 0x92, 0x81, 0x99, 0x69,
-        0x5C, 0x4D, 0x8F, 0x98, 0xC6, 0x09, 0xC1, 0xEB, 0xB5, 0x86,
-        0x87, 0x47, 0xD7, 0x68, 0x73, 0xE8, 0x1D, 0x1B, 0xFE, 0xA5,
-        0x9C, 0x7A, 0x4B, 0xAD, 0x1A, 0x54, 0x46, 0xA0, 0xC8, 0xF7,
-        0x6C, 0xDD, 0xA6, 0xEF, 0x16, 0x21, 0x18, 0xCE, 0xF8, 0xDE,
-        0x3D, 0xB4, 0x56, 0x0C, 0xBA, 0xB7, 0x95, 0xD1, 0x6D, 0x0D,
-        0x49, 0xE7, 0x78, 0x64, 0x65, 0xC7, 0x24, 0x26, 0x81, 0xCD,
-        0x56, 0xB7, 0xB2, 0x31, 0xF2, 0xD7, 0x64, 0x55, 0x89, 0xCC,
-        0xDB, 0x69, 0x56, 0xED, 0x9B, 0x07, 0x9E, 0xD4, 0x07, 0x5E,
-        0xAF, 0xF0, 0x98, 0x94, 0xD6, 0x87, 0x0C, 0x22, 0xE1, 0x3A,
-        0x88, 0xE1, 0xC4, 0xBC, 0x51, 0x4B, 0x07, 0x4D, 0x2A, 0xCE,
-        0xA8, 0xE8, 0x9F, 0xF7, 0xA2, 0x8A, 0xEA, 0x90, 0x32, 0x20,
-        0xFC, 0xB6, 0x32, 0xE6, 0x8A, 0x47, 0x2B, 0xF4, 0xB4, 0x0F,
-        0x96, 0x7A, 0xC9, 0x0B, 0xF6, 0xBF, 0x69, 0x51, 0x9B, 0x44,
-        0xC2, 0xE2, 0xD6, 0x2D, 0xB1, 0x17, 0xAC, 0x7B, 0x32, 0xF2,
-        0x0E, 0x7A, 0x28, 0x67, 0xAB, 0xA5
+		0x34, 0x5E, 0xA6, 0xED, 0xA7, 0x19, 0xC1, 0x57, 0x3F, 0x89,
+		0x71, 0xEC, 0xA0, 0x26, 0x94, 0x67, 0xFF, 0x2A, 0xE3, 0x88,
+		0xAF, 0xD5, 0xD8, 0x7A, 0x23, 0x9D, 0xD5, 0x4A, 0x11, 0x0D,
+		0x28, 0xB7, 0x00, 0xB3, 0xC9, 0xD9, 0x5C, 0xAD, 0xB0, 0x5C,
+		0xD6, 0xFF, 0xD5, 0x98, 0x9A, 0x3D, 0xFC, 0xC2, 0x1A, 0xC8,
+		0x9C, 0x17, 0x60, 0xD7, 0xA8, 0x10, 0x62, 0x56, 0x87, 0xD7,
+		0x95, 0x71, 0xE5, 0xC8, 0x65, 0xA9, 0x16, 0xC0, 0x21, 0x08,
+		0x31, 0x51, 0xED, 0x51, 0x02, 0xED, 0x1C, 0x8A, 0xEA, 0x82,
+		0x93, 0x0E, 0x9C, 0xBD, 0x25, 0x1B, 0xD7, 0x91, 0x12, 0xC1,
+		0x49, 0xC5, 0x2E, 0x1D, 0x04, 0x5D, 0x60, 0x63, 0x68, 0xF3,
+		0x5A, 0x18, 0x60, 0xF3, 0xD9, 0x88, 0x2C, 0xCC, 0x56, 0x49,
+		0xA4, 0x07, 0x9C, 0xA7, 0x50, 0x36, 0x83, 0xFB, 0x39, 0x83,
+		0x1F, 0xB9, 0x6B, 0x1F, 0x19, 0x2B, 0x4B, 0x6D, 0xEC, 0xC5,
+		0xC5, 0x08, 0x8D, 0x38, 0x80, 0xEC, 0x8D, 0xC1, 0x8B, 0x74,
+		0xC4, 0xD7, 0x60, 0xB4, 0x29, 0xA9, 0xE1, 0x2B, 0x98, 0xF6,
+		0x9C, 0xFB, 0x73, 0x40, 0x80, 0xA8, 0x5D, 0x64, 0xDA, 0x12,
+		0xE0, 0x43, 0x5B, 0xC9, 0x65, 0xB2, 0x76, 0x11, 0xB7, 0x06,
+		0x0C, 0x81, 0x62, 0x18, 0xD3, 0x34, 0x0C, 0xAC, 0xD0, 0x61,
+		0x98, 0x5A, 0x3E, 0x94, 0x6F, 0xAA, 0x51, 0xF2, 0x75, 0xF7,
+		0xBE, 0x6C, 0xA8, 0xCB, 0xDC, 0xFD, 0x3C, 0x9C, 0xF3, 0x15,
+		0xA5, 0x5B, 0x8A, 0x81, 0x11, 0x15, 0x50, 0x3D, 0x8B, 0xA9,
+		0x3E, 0xD9, 0xAA, 0x22, 0x0B, 0xB5, 0x20, 0x83, 0x7C, 0xAF,
+		0x74, 0x4C, 0x51, 0x60, 0x44, 0xC2, 0x04, 0xA0, 0xB2, 0x17,
+		0x57, 0xE0, 0xEE, 0x63, 0x13, 0xBF, 0xEA, 0x21, 0x16, 0x4D,
+		0x2D, 0xFB, 0x0D, 0x66, 0x66, 0x43, 0x1F, 0xAB, 0xFE, 0xE3,
+		0x14, 0xAD, 0xE4, 0xE2, 0xEB, 0xBF
 };
 static const int sizeof_ca_ecc_cert_der_sign = sizeof(ca_ecc_cert_der_sign);
 #endif /*  USE_CERT_BUFFERS_256 */
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c b/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c
index eb025be71..308781105 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c
@@ -1,6 +1,6 @@
 /* myprintf.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,6 +18,8 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
+#include <stdarg.h>
 #include "SEGGER_RTT.h"
 
 #define SEGGER_INDEX            (0)
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
index 5b34a4675..f93285090 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -100,9 +100,9 @@ static int SetScetlsKey()
 
     #endif
 
-#endif    
+#endif
     return 0;
-}    
+}
 #endif
 
 typedef struct func_args {
@@ -142,8 +142,8 @@ void SCE_KeyGeneration(FSPSM_ST *g)
         if (err == FSP_SUCCESS)
             g->keyflgs_crypt.bits.aes256_installedkey_set = 1;
     }
-    
-    
+
+
 }
 
 void Clr_CallbackCtx(FSPSM_ST *g)
@@ -239,7 +239,7 @@ void sce_test(void)
     if ((ret = wolfCrypt_Init()) != 0) {
          printf("wolfCrypt_Init failed %d\n", ret);
     }
-    
+
 #if defined(HAVE_RENESAS_SYNC) && \
     defined(HAVE_AES_CBC)
 
@@ -261,14 +261,14 @@ void sce_test(void)
     printf("Start wolfCrypt Benchmark\n");
     benchmark_test(NULL);
     printf("End wolfCrypt Benchmark\n");
-    
+
     /* free */
     Clr_CallbackCtx(&guser_PKCbInfo);
 
 #elif defined(TLS_CLIENT)
     #include "hal_data.h"
     #include "r_sce.h"
-    
+
 #if defined(WOLFSSL_TLS13)
     /* TLS1.3 needs RSA_PSS enabled.
      * SCE doesn't support RSA PSS Padding
@@ -329,6 +329,7 @@ void sce_test(void)
     int j = 0;
     #endif
     int i = 0;
+    int ret = 0;
 
     printf("\n Start Client Example, ");
     printf("\n Connecting to %s\n\n", SERVER_IP);
@@ -353,20 +354,20 @@ void sce_test(void)
             info[j].log_f = my_Logging_cb;
 
             memset(info[j].name, 0, sizeof(info[j].name));
-            sprintf(info[j].name, "clt_thd_%s", ((j%2) == 0) ? 
+            sprintf(info[j].name, "clt_thd_%s", ((j%2) == 0) ?
                                                             "taskA" : "taskB");
 
             printf(" %s connecting to %d port\n", info[j].name, info[j].port);
 
-            xReturned = xTaskCreate(wolfSSL_TLS_client_do, info[j].name, 
+            xReturned = xTaskCreate(wolfSSL_TLS_client_do, info[j].name,
                                     THREAD_STACK_SIZE, &info[j], 2, NULL);
             if (xReturned != pdPASS) {
                  printf("Failed to create task\n");
             }
         }
-        
+
         for(j = i; j < (i+2); j++) {
-            xSemaphoreGiveFromISR(info[j].xBinarySemaphore, 
+            xSemaphoreGiveFromISR(info[j].xBinarySemaphore,
                                                 &xHigherPriorityTaskWoken);
         }
 
@@ -398,7 +399,8 @@ void sce_test(void)
         XMEMSET(info[i].name, 0, sizeof(info[i].name));
         XSPRINTF(info[i].name, "wolfSSL_TLS_client_do(%02d)", i);
 
-        if(wolfSSL_TLS_client_do(&info[i]) == -116) {
+        ret = wolfSSL_TLS_client_do(&info[i]);
+        if(ret == -116 || ret == -128) {
             TCP_connect_retry++;
             continue;
         }
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
index 10f3a31cb..673b01118 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,6 +23,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <stdarg.h> /* var_arg */
 #include <sys/time.h>
 #include "wolfssl/wolfcrypt/settings.h"
 #include "wolfssl/ssl.h"
@@ -72,7 +73,7 @@ static int msg(const char* pname, int l,
 void TCPInit( )
 {
    BaseType_t fr_status;
-  
+
    /* FreeRTOS+TCP Ethernet and IP Setup */
    fr_status = FreeRTOS_IPInit(ucIPAddress,
                                ucNetMask,
@@ -114,14 +115,14 @@ void wolfSSL_TLS_client_init()
           /* set callback functions for ECC */
           wc_sce_set_callbacks(client_ctx);
     #endif
-    
+
     #if !defined(NO_FILESYSTEM)
     if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
         printf("ERROR: can't load \"%s\"\n", cert);
         return NULL;
     }
     #else
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, 
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT,
                                             SSL_FILETYPE_ASN1) != SSL_SUCCESS){
            printf("ERROR: can't load certificate data\n");
        return;
@@ -142,16 +143,16 @@ int wolfSSL_TLS_client_do(void *pvParam)
     socklen_t xSize = sizeof(struct freertos_sockaddr);
     xSocket_t xClientSocket = NULL;
     struct freertos_sockaddr xRemoteAddress;
-    
+
     WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx;
     WOLFSSL *ssl = NULL;
     const char* pcName = p->name;
 
     #define BUFF_SIZE 256
     static const char sendBuff[]= "Hello Server\n" ;
-    
+
     char    rcvBuff[BUFF_SIZE] = {0};
-    
+
     i = p->id;
     /* Client Socket Setup */
     xRemoteAddress.sin_port = FreeRTOS_htons(p->port);
@@ -195,11 +196,11 @@ int wolfSSL_TLS_client_do(void *pvParam)
 
        /* Set callback CTX */
         #if !defined(TLS_MULTITHREAD_TEST)
-        
+
         XMEMSET(&guser_PKCbInfo, 0, sizeof(FSPSM_ST));
         guser_PKCbInfo.devId = 0;
         wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
-        
+
         #else
         if (p->port - DEFAULT_PORT == 0) {
            XMEMSET(&guser_PKCbInfo_taskA, 0, sizeof(FSPSM_ST));
@@ -210,7 +211,7 @@ int wolfSSL_TLS_client_do(void *pvParam)
            wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo_taskB);
         }
         #endif
-        
+
      #endif
 
      /* Attach wolfSSL to the socket */
@@ -219,10 +220,10 @@ int wolfSSL_TLS_client_do(void *pvParam)
          msg(pcName, i, " Error [%d]: wolfSSL_set_fd.\n",ret);
      }
 
-     msg(pcName, i, "  Cipher : %s\n", 
+     msg(pcName, i, "  Cipher : %s\n",
                                     (p->cipher == NULL) ? "NULL" : p->cipher);
      /* use specific cipher */
-     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher) 
+     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher)
                                                            != WOLFSSL_SUCCESS) {
           msg(pcName, i, " client can't set cipher list 1");
           goto out;
@@ -241,7 +242,7 @@ int wolfSSL_TLS_client_do(void *pvParam)
      wolfSSL_Debugging_OFF();
      #endif
 
-     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff)) 
+     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff))
                                                     != (int)strlen(sendBuff)) {
         msg(pcName, i, " ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
         goto out;
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
index 591ca3ddc..cd8da0ba1 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
@@ -1,6 +1,6 @@
 /* wolfssl_sce_unit_test.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -70,7 +70,7 @@ int sce_crypt_sha_multitest();
 int sce_crypt_test();
 int sce_crypt_sha256_multitest();
 void tskSha256_Test1(void *pvParam);
- 
+
 void Clr_CallbackCtx(FSPSM_ST *g);
 void SCE_KeyGeneration(FSPSM_ST *g);
 
@@ -107,11 +107,11 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
 
     Aes  aes[1];
 
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     int  ret = 0;
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { 
+    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
        /* "Now is the time for all " w/o trailing 0 */
         0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
         0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
@@ -119,19 +119,19 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     };
     byte iv[]  = "1234567890abcdef   ";  /* align */
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
 
     if (prnt) {
         printf(" sce_aes_cbc_test() ");
     }
-    
+
     ret = wc_AesInit(aes, NULL, devId);
     if (ret == 0) {
-        ret = wc_AesSetKey(aes, (byte*)aes_key, 
-        		AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(aes, (byte*)aes_key,
+        		WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret == 0) {
-            ret = wc_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE);
+            ret = wc_AesCbcEncrypt(aes, cipher, msg, WC_AES_BLOCK_SIZE);
         }
 
         wc_AesFree(aes);
@@ -143,16 +143,16 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
 #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(aes, NULL, devId);
     if (ret == 0) {
-        ret = wc_AesSetKey(aes, (byte*)aes_key, 
-        		AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(aes, (byte*)aes_key,
+        		WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret == 0)
-            ret = wc_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE);
+            ret = wc_AesCbcDecrypt(aes, plain, cipher, WC_AES_BLOCK_SIZE);
 
         wc_AesFree(aes);
     }
     if (ret != 0)
         ret = -2;
-    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
+    if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0)
         ret = -3;
 #endif /* HAVE_AES_DECRYPT */
 
@@ -161,7 +161,7 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -169,7 +169,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = sce_aes_cbc_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -189,8 +189,8 @@ static void tskAes128_Cbc_Test(void *pvParam)
 static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
 {
     Aes enc[1];
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     Aes dec[1];
     int  ret = 0;
 
@@ -207,7 +207,7 @@ static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
 
     if (prnt)
         printf(" sce_aes256_test() ");
-    
+
     if (wc_AesInit(enc, NULL, devId) != 0) {
         ret = -1;
         goto out;
@@ -219,20 +219,20 @@ static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
     }
 
     ret = wc_AesSetKey(enc, (byte*)aes_key,
-    		AES_BLOCK_SIZE*2, iv, AES_ENCRYPTION);
+    		WC_AES_BLOCK_SIZE*2, iv, AES_ENCRYPTION);
     if (ret != 0){
         ret = -3;
         goto out;
     }
 
     ret = wc_AesSetKey(dec, (byte*)aes_key,
-    		AES_BLOCK_SIZE*2, iv, AES_DECRYPTION);
+    		WC_AES_BLOCK_SIZE*2, iv, AES_DECRYPTION);
     if (ret != 0) {
         ret = -4;
         goto out;
     }
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 
     if (ret != 0) {
@@ -240,7 +240,7 @@ static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
         goto out;
     }
 
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 
     if (ret != 0){
@@ -259,7 +259,7 @@ out:
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -267,7 +267,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = sce_aes256_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -289,8 +289,8 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     Aes enc[1];
     Aes dec[1];
     FSPSM_ST userContext;
-    
-    
+
+
     /*
      * This is Test Case 16 from the document Galois/
      * Counter Mode of Operation (GCM) by McGrew and
@@ -340,8 +340,8 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     };
 
     byte resultT[sizeof(t1)];
-    byte resultP[sizeof(p) + AES_BLOCK_SIZE];
-    byte resultC[sizeof(p) + AES_BLOCK_SIZE];
+    byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
     int  result = 0;
     int  ret;
 
@@ -350,7 +350,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     if (prnt) {
         printf(" sce_aes256_gcm_test() ");
     }
-    
+
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
@@ -365,8 +365,8 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
         goto out;
     }
 
-    result = wc_AesGcmSetKey(enc, 
-        (byte*)aes256_key, AES_BLOCK_SIZE*2);
+    result = wc_AesGcmSetKey(enc,
+        (byte*)aes256_key, WC_AES_BLOCK_SIZE*2);
     if (result != 0) {
         ret = -3;
         goto out;
@@ -374,7 +374,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
 
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p),
-                                (byte*)iv1, sizeof(iv1), 
+                                (byte*)iv1, sizeof(iv1),
                                 resultT, sizeof(resultT), a, sizeof(a));
 
     if (result != 0) {
@@ -382,8 +382,8 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
         goto out;
     }
 
-    result = wc_AesGcmSetKey(dec, 
-            (byte*)aes256_key, AES_BLOCK_SIZE*2);
+    result = wc_AesGcmSetKey(dec,
+            (byte*)aes256_key, WC_AES_BLOCK_SIZE*2);
     if (result != 0) {
         ret = -7;
         goto out;
@@ -407,8 +407,8 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
 
-    wc_AesGcmSetKey(enc, 
-        (byte*)aes256_key, AES_BLOCK_SIZE*2);
+    wc_AesGcmSetKey(enc,
+        (byte*)aes256_key, WC_AES_BLOCK_SIZE*2);
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p),
                                 (byte*)iv1, sizeof(iv1),
@@ -420,7 +420,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     }
 
     result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
-              iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, 
+              iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
               a, sizeof(a));
 
     if (result != 0) {
@@ -437,11 +437,11 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -449,7 +449,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = sce_aesgcm256_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -471,7 +471,7 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
     Aes enc[1];
     Aes dec[1];
     FSPSM_ST userContext;
-    
+
     /*
      * This is Test Case 16 from the document Galois/
      * Counter Mode of Operation (GCM) by McGrew and
@@ -527,8 +527,8 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
     };
 
     byte resultT[sizeof(t1)];
-    byte resultP[sizeof(p) + AES_BLOCK_SIZE];
-    byte resultC[sizeof(p) + AES_BLOCK_SIZE];
+    byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
     int  result = 0;
     int ret;
 
@@ -553,7 +553,7 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
         goto out;
     }
 
-    wc_AesGcmSetKey(enc, (byte*)aes128_key, AES_BLOCK_SIZE);
+    wc_AesGcmSetKey(enc, (byte*)aes128_key, WC_AES_BLOCK_SIZE);
     if (result != 0) {
         ret = -3;
         goto out;
@@ -565,7 +565,7 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
         ret = -4;
         goto out;
     }
-    
+
 
     result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
                       iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
@@ -583,11 +583,11 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -595,7 +595,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = sce_aesgcm128_test(0, &p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -622,7 +622,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 static int sce_rsa_test(int prnt, int keySize)
 {
     int ret = 0;
-    
+
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
     const char inStr [] = TEST_STRING;
@@ -633,32 +633,32 @@ static int sce_rsa_test(int prnt, int keySize)
     byte *in2 = NULL;
     byte *out= NULL;
     byte *out2 = NULL;
-    
+
     in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    
+
     (void) prnt;
-    
+
     if (key == NULL || in == NULL || out == NULL ||
         in2 == NULL || out2 == NULL) {
         ret = -1;
         goto out;
     }
-    
+
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(key, 0, sizeof *key);
     XMEMCPY(in, inStr, inLen);
     XMEMCPY(in2, inStr2, inLen);
     XMEMSET(out,  0, outSz);
     XMEMSET(out2, 0, outSz);
-    
+
     ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
     if (ret != 0) {
         goto out;
     }
-    
+
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
 
@@ -669,7 +669,7 @@ static int sce_rsa_test(int prnt, int keySize)
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
-    
+
     ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
     if (ret < 0) {
         goto out;
@@ -695,14 +695,14 @@ out:
     XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    
+
     return ret;
 }
 
 static int sce_rsa_SignVerify_test(int prnt, int keySize)
 {
     int ret = 0;
-    
+
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
     const char inStr [] = TEST_STRING;
@@ -717,14 +717,14 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
     in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    
+
     (void) prnt;
 
     if (key == NULL || in == NULL || out == NULL) {
         ret = -1;
         goto out;
     }
-    
+
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(key, 0, sizeof *key);
     XMEMCPY(in, inStr, inLen);
@@ -734,10 +734,10 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
     if (ret != 0) {
         goto out;
     }
-    
+
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
-    
+
     if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
         goto out;
 
@@ -745,7 +745,7 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
-    
+
     gCbInfo.keyflgs_crypt.bits.message_type = 0;
     ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
     if (ret < 0) {
@@ -773,7 +773,7 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
     XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    
+
     return ret;
 }
 #endif
@@ -782,45 +782,45 @@ int sce_crypt_test()
 {
     int ret = 0;
     fsp_err_t err;
-    
+
     Clr_CallbackCtx(&gCbInfo);
     Clr_CallbackCtx(&gCbInfo_a);
-    
+
     /* sets wrapped aes key */
     gCbInfo.wrapped_key_aes128 = &g_user_aes128_key_index1;
     gCbInfo.wrapped_key_aes256 = &g_user_aes256_key_index1;
     /* Aes Key Gen */
     SCE_KeyGeneration(&gCbInfo);
-    
+
     /* Rsa Key Gen */
     err = R_SCE_RSA1024_WrappedKeyPairGenerate(&g_wrapped_pair_1024key);
     if (err == FSP_SUCCESS) {
         /* sets wrapped rsa 1024 bits key */
-        gCbInfo.wrapped_key_rsapri1024 = 
+        gCbInfo.wrapped_key_rsapri1024 =
                 &g_wrapped_pair_1024key.priv_key;
         gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
-        gCbInfo.wrapped_key_rsapub1024 = 
+        gCbInfo.wrapped_key_rsapub1024 =
                 &g_wrapped_pair_1024key.pub_key;
         gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
     }
-    
+
     err = R_SCE_RSA2048_WrappedKeyPairGenerate(&g_wrapped_pair_2048key);
     if (err == FSP_SUCCESS) {
         /* sets wrapped rsa 1024 bits key */
-        gCbInfo.wrapped_key_rsapri2048 = 
+        gCbInfo.wrapped_key_rsapri2048 =
                 &g_wrapped_pair_2048key.priv_key;
         gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
-        
-        gCbInfo.wrapped_key_rsapub2048 = 
+
+        gCbInfo.wrapped_key_rsapub2048 =
                 &g_wrapped_pair_2048key.pub_key;
         gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
     }
-    
+
     /* Key generation for multi testing */
     gCbInfo_a.wrapped_key_aes128 = &g_user_aes128_key_index2;
     gCbInfo_a.wrapped_key_aes256 = &g_user_aes256_key_index2;
     SCE_KeyGeneration(&gCbInfo_a);
-    
+
     ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &gCbInfo);
     if ( ret > 0)
          ret = 0;
@@ -868,7 +868,7 @@ int sce_crypt_test()
     if (ret == 0) {
         ret = sce_aesgcm128_test(1, &g_user_aes128_key_index1);
     }
-    
+
     if (ret == 0) {
         ret = sce_aesgcm256_test(1, &g_user_aes256_key_index1);
     }
@@ -890,12 +890,12 @@ int sce_crypt_test()
         sce_crypt_Sha_AesCbcGcm_multitest();
     } else
         ret = -1;
-    
+
     #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
         Clr_CallbackCtx(&gCbInfo);
         Clr_CallbackCtx(&gCbInfo_a);
     #endif
-    
+
     return ret;
 }
 
@@ -944,7 +944,7 @@ int sce_crypt_sha256_multitest()
     int num = 0;
     int i;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA256
     num+=2;
 #endif
@@ -954,7 +954,7 @@ int sce_crypt_sha256_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA256
     xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                         STACK_SIZE, NULL, 2, NULL);
@@ -976,15 +976,15 @@ int sce_crypt_sha256_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
+
     if ((xRet == pdPASS) &&
        (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0))
         ret = 0;
     else
         ret = -1;
-    
+
     RESULT_STR(ret)
 
     return ret;
@@ -1001,7 +1001,7 @@ int sce_crypt_AesCbc_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -1014,7 +1014,7 @@ int sce_crypt_AesCbc_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                             sizeof(sce_aes_wrapped_key_t));
@@ -1043,7 +1043,7 @@ int sce_crypt_AesCbc_multitest()
         xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2",
                                     STACK_SIZE, &info_aes256_2, 3, NULL);
 #endif
-    
+
     if (xRet == pdPASS) {
     printf(" Waiting for completing tasks ...   ");
         vTaskDelay(10000/portTICK_PERIOD_MS);
@@ -1057,7 +1057,7 @@ int sce_crypt_AesCbc_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1082,7 +1082,7 @@ int sce_crypt_AesGcm_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -1096,7 +1096,7 @@ int sce_crypt_AesGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #if defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                     sizeof(sce_aes_wrapped_key_t));
@@ -1141,7 +1141,7 @@ int sce_crypt_AesGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1165,7 +1165,7 @@ int sce_crypt_Sha_AesCbcGcm_multitest()
     Info info_aes256cbc;
     Info info_aes256gcm;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA256
     num+=2;
 #endif
@@ -1187,45 +1187,45 @@ int sce_crypt_Sha_AesCbcGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting(num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA256
-    xRet = xTaskCreate(tskSha256_Test1, "sha256_test1", 
+    xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                             STACK_SIZE, NULL, 3, NULL);
 
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskSha256_Test2, "sha256_test2", 
+        xRet = xTaskCreate(tskSha256_Test2, "sha256_test2",
                                             STACK_SIZE, NULL, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_128)
-    XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1, 
+    XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1,
                                                 sizeof(sce_aes_wrapped_key_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1", 
+        xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1",
                                     STACK_SIZE, &info_aes128cbc, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_128)
-    XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2, 
+    XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2,
                                                 sizeof(sce_aes_wrapped_key_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2", 
+        xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2",
                                     STACK_SIZE, &info_aes128gcm, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_256)
-    XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1, 
+    XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1,
                                                 sizeof(sce_aes_wrapped_key_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1", 
+        xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1",
                                     STACK_SIZE, &info_aes256cbc, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_256)
-    XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2, 
+    XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2,
                                                 sizeof(sce_aes_wrapped_key_t));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", 
+        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2",
                                     STACK_SIZE, &info_aes256gcm, 3, NULL);
 #endif
 
@@ -1242,19 +1242,19 @@ int sce_crypt_Sha_AesCbcGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
-    if ((xRet == pdPASS) && 
+
+    if ((xRet == pdPASS) &&
         (Aes128_Gcm_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0) &&
         (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0)) {
-        
+
         ret = 0;
     }
     else {
         ret = -1;
     }
-    
+
     RESULT_STR(ret)
 
     return ret;
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/README.md b/IDE/Renesas/e2studio/RA6M4/tools/README.md
new file mode 100644
index 000000000..0658c03a1
--- /dev/null
+++ b/IDE/Renesas/e2studio/RA6M4/tools/README.md
@@ -0,0 +1,39 @@
+# Create/Update Signed CA
+This document describes how to create/update Signed CA data that is used at an example program.
+
+## Signed CA Creation
+### Generate RSA Key pair
+```
+2048 bit RSA key pair
+$ openssl genrsa 2048 2> /dev/null > rsa_private.pem
+$ openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem 2> /dev/null
+```
+
+### Sign to CA certificate
+```
+Signed by 2048-bit RSA
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out <signed-CA>.sign <CA-file-for-Signed>
+
+For an example program, it assumes that wolfSSL example CA cert is to be signed.
+e.g.
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out Signed-CA.sign /path/for/wolfssl/certs/ca-cert.der
+```
+
+### Convert Signed CA to C source
+It is able to use `dertoc.pl` to generate c-source data from signed-ca binary data.
+
+```
+$ /path/to/wolfssl/scripts/dertoc.pl ./ca-cert.der.sign ca_cert_der_sig example.c
+```
+
+
+## Appendix
+### Example Keys
+There are multiple example keys for testing in the `example_keys` folder.
+```
+<example_keys>
+|
++----+ rsa_private.pem  an example 2048-bit rsa private key for signing CA cert
+     + rsa_public.pem   an example 2048-bit rsa public key for verifying CA cert
+     + generate_signCA.sh an example script to generate signed-certificate data for the example program
+```
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh
new file mode 100755
index 000000000..ad73a5edc
--- /dev/null
+++ b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# example usage
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../wolfssl/certs/ca-cert.der ../../../../../../../wolfssl
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../wolfssl/certs/ca-ecc-cert.der ../../../../../../../wolfssl
+#
+SIGOPT=rsa_padding_mode:pss
+SIGOPT2=rsa_pss_saltlen:-1
+CURRENT=$(cd $(dirname $0);pwd)
+
+function usage() {
+    cat <<- _EOT_
+    Usage:
+      $0 private-key public-key file-name wolfssl-dir
+
+    Options:
+      private-key : private key for sign/verify
+      public-key  : public key for verify
+      file-name   : file name to be signed
+      wolfssl-dir : wolfssl folder path
+
+_EOT_
+exit 1
+}
+
+if [ $# -ne 4 ]; then
+    usage
+fi
+
+# $1 private key for sign/verify
+# $2 public key for verify
+# $3 file for sign/verify
+signed_file=$(basename $3)
+wolf_dir=$4
+
+openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out ${CURRENT}/${signed_file}.sign $3
+
+echo Verify by private key
+openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+echo Verify by public key
+openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+
+# Convert Signed CA to c source
+${wolf_dir}/scripts/dertoc.pl ${CURRENT}/${signed_file}.sign  XXXXXXX ${signed_file}.c
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_private.pem b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_private.pem
new file mode 100644
index 000000000..a6246b036
--- /dev/null
+++ b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA1m5BL7AjTKZidSHuz0dvqKWrhY3/eD5swV8FBe2y6L1u2ulR
+FAmyHUmMnmy3YMIx+Zhi+Qc4Ra27t/3/ffFhTBwx2Snr5oqryxfB2rj1+Cc6kDQL
+aUIVY1z2y9s9E4NJIQAzSlzQ5e7oGiXH3cLjOTlEI8xKDGLJEhah58Lh18am4Dqp
+DilrkL+p0H+HQJPC6eJs3urEn7ueeqQaKCv1OOsrmQfeCfkjxSqbyrR/+F5VV4H6
+PjyXHCW0lbNhxSmF9wVK8+t4DRARU5ONoECY7dIkPMqFHdzGdRmOrfEsGl++wjPH
+CvvUOLJ7/Pt0h6c7yazZngt1kqKYmKWJR7+FLQIDAQABAoIBAQCdfIqJwL6cPBNR
+3eMr/1ZlsY+A3mKD6K0tdGEXEpX007RIOVXf9qMHWY5aiJRCDz5vB1mhdokAu/GD
+15u+3vpL0OVXjq+AOdakqcUpo/CbGgyr/l1nKC7XNF7aKCH6Y9Dg2OnSssqGJWn4
+UkkxeUIzM/j0pcS4xhDRJSgyNHJ0a0xjY37K5JXTVhzgAAWxAVmh0iaptNpGAsU2
++DN6yQgtsGcKmrUp5ERtuiT66X79uDJdDL5OE070LpRGz+547rXE7haSzM0Iepup
+hEENj1UB8PZ8xK9Ki/h7iWaRNllv5TV5SfryHGlUi/kPbTDWCc+CoVG8o7tQPQ12
+yxOxMaehAoGBAPbMLvr132Kt3mCQa2SbAIV+fnv9hqY+K5jiV+Vp220kmc4ji7L/
+uleiKT8jkmO93mvLau3uLelGN2udVaBbhn5llZIwhK8R/jLP0XIap9v7EKKhuRad
++UbfYWKs6zANM8hIrRkW0P6BNlSZyjL1KiIY8kdNIBn/ZpIQh8evpcFJAoGBAN5t
+HIiiSe9mY1HCbArxD9BjKebfIMDhgwb+vgWHwk6iexdE9aFRLVhriYvQA8dhOoqZ
+LFeExaIfG0XJnrcgkEyOuuGnO3M2KUv/UKM1/F+nP3g5pCD8MC0qSM4kukFEMG2u
+3oPPCUsdRUoQBjCoae89g1CQADDfTe3zMVIda4jFAoGBALSASawKv8KwX4BIoAMI
+yqzYAzI0DpLvzXsXsCl97po4trTpknbsSiFl3LztC1gfudklAaPbG4ENdeMjQ0jx
+J8CyE17EVYalpkELdaf6juJ5EYWgunosN/D514QP7ENMpJ7LaK583YYGgvIFOLlk
+Tdh6Xlh/tAbPoPkbVfNaJ+ThAoGAHIMeIkGzepXEa4mhsfFe1pavm2HE4BTIaBAl
+qa3ScaQQZVY4qnouduQqGJsMsPU8vOGPtpRVhUe5hkOnLdBlzvqI6D44t7ccqhpL
+avCTrmtRDodNC9FoF5IRDSPWIGGuV5EQAxN6HH/fDvRo5rngAoP/HkenTpyBb9w5
+2U3eKAUCgYB0M2INdmqs8DltOVLo2vJqJxKQGtbeizB1HdQjQ9NKH+cyjmnXHZ4v
+0x1AtQsyO9FNYhib52ExYgTCpLc5rX6QNHA14mrhWpLtzB2noM4fo9BdKopMrQtE
+Kt8tl+JWmKtpBnPdTMeoF+0GYd8KZCgxITcE0SccsNl6yROBquA/pQ==
+-----END RSA PRIVATE KEY-----
diff --git a/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_public.pem b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_public.pem
new file mode 100644
index 000000000..bc8372213
--- /dev/null
+++ b/IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1m5BL7AjTKZidSHuz0dv
+qKWrhY3/eD5swV8FBe2y6L1u2ulRFAmyHUmMnmy3YMIx+Zhi+Qc4Ra27t/3/ffFh
+TBwx2Snr5oqryxfB2rj1+Cc6kDQLaUIVY1z2y9s9E4NJIQAzSlzQ5e7oGiXH3cLj
+OTlEI8xKDGLJEhah58Lh18am4DqpDilrkL+p0H+HQJPC6eJs3urEn7ueeqQaKCv1
+OOsrmQfeCfkjxSqbyrR/+F5VV4H6PjyXHCW0lbNhxSmF9wVK8+t4DRARU5ONoECY
+7dIkPMqFHdzGdRmOrfEsGl++wjPHCvvUOLJ7/Pt0h6c7yazZngt1kqKYmKWJR7+F
+LQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject b/IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject
index 7684a0b60..0daf30fa0 100644
--- a/IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject
+++ b/IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject
@@ -81,10 +81,14 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs.1008320129" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
 									<listOptionValue builtIn="false" value="_RA_CORE=CM33"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1332222526" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
 							</tool>
@@ -111,6 +115,9 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1740279599" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
@@ -118,6 +125,7 @@
 									<listOptionValue builtIn="false" value="WOLFSSL_RENESAS_RA6M4"/>
 									<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
 									<listOptionValue builtIn="false" value="_RA_CORE=CM33"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.214105753" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
 							</tool>
@@ -361,10 +369,14 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs.98883299" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
 									<listOptionValue builtIn="false" value="_RA_CORE=CM33"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1801561027" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
 							</tool>
@@ -389,10 +401,14 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1403729518" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
 									<listOptionValue builtIn="false" value="_RA_CORE=CM33"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1088287076" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
 							</tool>
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
index 967b6ec73..0ea94144c 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_EN.md
@@ -6,16 +6,16 @@ wolfSSL sample application project for GR-ROSE evaluation board
 ## 1. Overview
 -----
 
-We provide a sample program for evaluating wolfSSL targeting the GR-ROSE evaluation board, which has RX65N MCU on it. The sample program runs in a bare metal environment that does not use a real-time OS and uses e2 studio as an IDE. This document describes the procedure from build to execution of the sample program. 
+We provide a sample program for evaluating wolfSSL targeting the GR-ROSE evaluation board, which has RX65N MCU on it. The sample program runs in a bare metal environment that does not use a real-time OS and uses e2 studio as an IDE. This document describes the procedure from build to execution of the sample program.
 
 The sample provided is a single application that can evaluate the following three functions:
 
 - CryptoTest: A program that automatically tests various cryptographic operation functions
-- Benchmark: A program that measures the execution speed of various cryptographic operations 
+- Benchmark: A program that measures the execution speed of various cryptographic operations
 - TlsClient: A program that performs TLS communication with the opposite TLS server application
 <br><br>
 
-Since the H/W settings and S/W settings for operating the evaluation board have already been prepared, the minimum settings are required to operate the sample application. In addition, the RootCA certificate and server-side certificate required for TLS communication have already been set for sample use only. 
+Since the H/W settings and S/W settings for operating the evaluation board have already been prepared, the minimum settings are required to operate the sample application. In addition, the RootCA certificate and server-side certificate required for TLS communication have already been set for sample use only.
 
 The following sections will walk you through the steps leading up to running the sample application.
 <br><br>
@@ -23,16 +23,16 @@ The following sections will walk you through the steps leading up to running the
 ## 2. Target H/W, components and libraries
 -----
 
-This sample program uses the following hardware and software libraries. If a new version of the software component is available at the time of use, please update it as appropriate. 
+This sample program uses the following hardware and software libraries. If a new version of the software component is available at the time of use, please update it as appropriate.
 
 |item|name & version|
 |:--|:--|
 |Board|GR-ROSE|
 |Device|R5F565NEHxFP|
-|IDE| Renesas e2Studio Version:2022-01 |
+|IDE| Renesas e2Studio Version:2024-04 (24.4.0) |
 |Emulator| E1, E2 Emulator Lite |
-|Toolchain|CCRX v3.04.00|
-|TSIP| TSIP v1.17|
+|Toolchain|CCRX v3.06.00|
+|TSIP| TSIP v1.21|
 <br>
 
 The project of this sample program has a configuration file that uses the following FIT components.
@@ -47,21 +47,20 @@ However, the FIT components themselves are not included in the distribution of t
 |Generic system timer for RX MCUs|1.01|r_sys_time_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
-|TSIP(Trusted Secure IP) driver|1.17.l|r_tsip_rx|
+|TSIP(Trusted Secure IP) driver|1.21|r_tsip_rx|
 <br>
 
-Note) As of April 2022, TIPS v1.15 does not seem to be able to be added as a FIT component by adding a component in the Smart Configurator Perspective. Add it manually along the method described later. 
 <br><br>
 
 ## 3. Importing sample application project into e2Studio
 ----
 
-There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below. 
+There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below.
 
-+ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}) where this README file exists. 
-+ Four projects that can be imported are listed, but check only the three projects "smc", "test" and "wolfssl" and click the "Finish" button. 
++ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}) where this README file exists.
++ Four projects that can be imported are listed, but check only the three projects "smc", "test" and "wolfssl" and click the "Finish" button.
 
-You should see the **smc**, **test**, and **wolfssl** 3 projects you imported into the project explorer. 
+You should see the **smc**, **test**, and **wolfssl** 3 projects you imported into the project explorer.
 <br><br>
 
 ## 4. FIT module download and smart configurator file generation
@@ -69,13 +68,13 @@ You should see the **smc**, **test**, and **wolfssl** 3 projects you imported in
 
 You will need to get the required FIT modules yourself. Follow the steps below to get them.
 
-1. Open the smc project in Project Explorer and double-click the **smc.scfg** file to open the Smart Configurator Perspective. 
+1. Open the smc project in Project Explorer and double-click the **smc.scfg** file to open the Smart Configurator Perspective.
 
 2. Select the "Components" tab on the software component settings pane. Then click the "Add Component" button at the top right of the pane. The software component selection dialog will pop up. Click "Download the latest version of FIT driver and middleware" at the bottom of the dialog to get the modules. You can check the download destination folder by pressing "Basic settings...".
 
 3. The latest version of the TSIP component may not be automatically obtained due to the delay in Renesas' support by the method in step 2 above. In that case, you can download it manually from the Renesas website. Unzip the downloaded component and store the files contained in the FIT Modules folder in the download destination folder of step 2.
 
-4. Select the required FIT components shown from the list and press the "Finish" button. Repeat this operation until you have the required FIT components. 
+4. Select the required FIT components shown from the list and press the "Finish" button. Repeat this operation until you have the required FIT components.
 
 5. Select the Components tab on the Software Component Settings pane and select the r_t4_rx component. In the settings pane on the right, specify the IP address of this board as the value of the "# IP address for ch0, when DHCP disable." Property (e.g. 192.168.1.9).
 
@@ -117,7 +116,7 @@ Then build the test application.
 ## 7. Build and run the test application
 -----
 
-Now that the test application is ready to build. 
+Now that the test application is ready to build.
 
 1. Build the wolfssl project on the project explorer, then the test project.
 
@@ -129,14 +128,14 @@ Now that the test application is ready to build.
 
 5. Press the run button to run the test application.
 
-6. CryptoTest, Benchmark or TLS_Client After displaying the execution result according to the selected behavior, it enters an infinite loop, so if you think that the output has stopped, stop debugging. 
+6. CryptoTest, Benchmark or TLS_Client After displaying the execution result according to the selected behavior, it enters an infinite loop, so if you think that the output has stopped, stop debugging.
 <br><br>
 
 ## 8. Running test application as TLS_Client
 -----
 <br>
 
-### 8.1 TLS version supported by the test application 
+### 8.1 TLS version supported by the test application
 
 <br>
 You can use the TLS1.3 protocol in addition to the existing TLS1.2. The following macro is defined to {board-name-folder}/common/user_settings.h.
@@ -177,7 +176,7 @@ In the test application, the TLS version and certificate type determine the ciph
 |:--|:--|:--|
 |TLS1.3|RSA/ECDSA certificate|  |
 |||TLS_AES_128_GCM_SHA256|
-|||TLS_AES_128_CCM_SHA256| 
+|||TLS_AES_128_CCM_SHA256|
 |TLS1.2|RSA certificate|
 |||TLS_RSA_WITH_AES_128_CBC_SHA|
 |||TLS_RSA_WITH_AES_256_CBC_SHA|
@@ -200,7 +199,7 @@ To operate as TLS_Client, an opposite application for TLS communication is requi
 
 Configuration options need to be changed depending on the certificate type used.
 
-#### 8.4.1 Configuration when using ECDSA certificates 
+#### 8.4.1 Configuration when using ECDSA certificates
 
 <br>
 
@@ -217,7 +216,7 @@ Note: Do not forget to specify "-DNO_RSA"
 <br>
 
 With the above build, <wolfssl-folder\>/examples/server/server
-Is generated. This executable acts as a TLS server application. If you execute it with the following options, it will be in the listening state for the connection from TLS_Client. 
+Is generated. This executable acts as a TLS server application. If you execute it with the following options, it will be in the listening state for the connection from TLS_Client.
 <br><br>
 
 ```
@@ -247,7 +246,7 @@ is generated. This executable program acts as a server application. If you execu
 <br> <br>
 
 ```
-$ examples / server / server -b -v4 -i
+$ examples / server / server -b -v 4 -i
 ```
 
 <br>
@@ -298,7 +297,7 @@ If you want to use it for purposes beyond functional evaluation, you need to pre
   2. RSA key pair required for RootCA certificate validation
   3. The signature generated by the RootCA certificate with the private key in 2 above.
 
-will become necessary. Please refer to the manual provided by Renesas for how to generate them. 
+will become necessary. Please refer to the manual provided by Renesas for how to generate them.
 
 <br>
 
@@ -316,7 +315,7 @@ Use wolfSSL_use_certificate_buffer or wolfSSL_CTX_use_certificate_buffer to load
 
 (2)	Loading client private key/public key
 
-Type of the client certificate decides the keys to be loaded. 
+Type of the client certificate decides the keys to be loaded.
 
 a)	ECDSA certificate:<br>
 	Load private key using tsip_use_PrivateKey_buffer.
@@ -324,25 +323,25 @@ a)	ECDSA certificate:<br>
 b)	RSA certificate:<br>
 Load private key using tsip_use_PrivateKey_buffer.
 Load public key using tsip_use_PublicKey_buffer.
-Note. In case of RSA certificate, the public key will be used for internal verification of signature process.   
+Note. In case of RSA certificate, the public key will be used for internal verification of signature process.
 
 (3)	How to generate encrypted keys
 
 The keys (private and public keys) to be loaded should be encrypted-key format. Those keys could be generated with Renesas Secure Flash Programmer or SecurityKeyManagementTool.  Refer the section 7.5 and 7.6 of the application note named “RX Family TSIP Module Firmware Integration technology” how to operate above key wrapping tool.
 
 (4)	Macro to be defined
-Define “WOLF_PRIVATE_KEY_ID” in your user_settings.h. 
+Define “WOLF_PRIVATE_KEY_ID” in your user_settings.h.
 
 <br>
 
 ## 11. Limitations
 ----
 <br>
-wolfSSL, which supports TSIPv1.17, has the following functional restrictions.
+wolfSSL, which supports TSIPv1.21, has the following functional restrictions.
 <br><br>
 
 1. Handshake message packets exchanged with the server during the TLS handshake are stored in plaintext in memory. This is used to calculate the hash of handshake messages. The content will be deleted at the end of the session.
 
 1. Session resumption and early data using TSIP are not supported.
 
-The above limitations are expected to be improved by TSIP or wolfSSL from the next version onwards.
\ No newline at end of file
+The above limitations are expected to be improved by TSIP or wolfSSL from the next version onwards.
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md
index c3186924a..29ca1169a 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/README_JP.md
@@ -30,10 +30,10 @@ Renesas社製MCU RX65Nを搭載した評価ボードGR-ROSEをターゲットと
 |:--|:--|
 |評価ボード|GR-ROSE|
 |Device|R5F565NEHxFP|
-|IDE| Renesas e2Studio Version:2022-01 |
+|IDE| Renesas e2Studio Version:2024-04 (24.4.0) |
 |エミュレーター| E1, E2エミュレーターLite |
-|Toolchain|CCRX v3.04.00|
-|TSIP| TSIP v1.17|
+|Toolchain|CCRX v3.06.00|
+|TSIP| TSIP v1.21|
 <br>
 
 本サンプルプログラムのプロジェクトには以下のFITコンポーネントを使用する設定ファイルが用意されています。
@@ -50,10 +50,7 @@ Renesas社製MCU RX65Nを搭載した評価ボードGR-ROSEをターゲットと
 |Generic system timer for RX MCUs|1.01|r_sys_time_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
-|TSIP(Trusted Secure IP) driver|1.17.l|r_tsip_rx|
-
-（注意）2022年4月現在、TIPSv1.15はFITコンポーネントとしてスマートコンフィギュレータパースペクティブのコンポーネントの追加操作では追加できないようです。後ほど説明する手動での追加方法を使って追加してください。<br>
-
+|TSIP(Trusted Secure IP) driver|1.21|r_tsip_rx|
 
 <br><br>
 
@@ -186,7 +183,7 @@ testアプリケーションでは、TLSバージョンと証明書のタイプ
 |:--|:--|:--|
 |TLS1.3|RSA/ECDSA証明書|  |
 |||TLS_AES_128_GCM_SHA256|
-|||TLS_AES_128_CCM_SHA256| 
+|||TLS_AES_128_CCM_SHA256|
 |TLS1.2|RSA証明書|
 |||TLS_RSA_WITH_AES_128_CBC_SHA|
 |||TLS_RSA_WITH_AES_256_CBC_SHA|
@@ -246,7 +243,7 @@ $ make
 <br><br>
 
 ```
-$ examples/server/server -b -v4 -i
+$ examples/server/server -b -v 4 -i
 ```
 <br>
 testアプリケーションには、サーバーアプリケーションに割り当てられたIPアドレスを指定します。
@@ -336,7 +333,7 @@ user_settings.hにWOLF_PRIVATE_KEY_IDの定義を行ってください。
 
 ## 11. 制限事項
 -----
-TSIPv1.17をサポートしたwolfSSLでは以下の機能制限があります。
+TSIPv1.21をサポートしたwolfSSLでは以下の機能制限があります。
 
 1. TLSハンドシェーク中にサーバーと交換したメッセージパケットが平文でメモリ上に蓄積されています。これはハンドシェークメッセージのハッシュ計算に使用されます。内容はセッション終了時に削除されます。
 
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h
index a66c8bbbf..7cbc78770 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h
@@ -1,6 +1,6 @@
 /* strings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h
index 12f937494..ec6e32ec9 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h
@@ -1,6 +1,6 @@
 /* unistd.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
index 043c03193..50e032fbc 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,7 +30,7 @@
 /*-- Renesas TSIP usage and its version ---------------------------------------
  *
  *  "WOLFSSL_RENESAS_TSIP" definition makes wolfSSL to use H/W acceleration
- *   for cipher operations. 
+ *   for cipher operations.
  *  TSIP definition asks to have its version number.
  *  "WOLFSSL_RENESAS_TSIP_VER" takes following value:
  *      106: TSIPv1.06
@@ -38,27 +38,29 @@
  *      113: TSIPv1.13
  *      114: TSIPv1.14
  *      115: TSIPv1.15
+ *      117: TSIPv1.17
+ *      121: TSIPv1.21
  *----------------------------------------------------------------------------*/
   #define WOLFSSL_RENESAS_TSIP
-  #define WOLFSSL_RENESAS_TSIP_VER     117
+  #define WOLFSSL_RENESAS_TSIP_VER     121
 
 
 /*-- TLS version definitions  --------------------------------------------------
  *
  * wolfSSL supports TLSv1.2 by default. In case you want your system to support
  * TLSv1.3, uncomment line below.
- * 
+ *
  *----------------------------------------------------------------------------*/
 #define WOLFSSL_TLS13
 
 
 /*-- Operating System related definitions --------------------------------------
- * 
+ *
  *  In case any real-time OS is used, define its name(e.g. FREERTOS).
  *  Otherwise, define "SINGLE_THREADED". They are exclusive each other.
- *   
+ *
  *----------------------------------------------------------------------------*/
-  #define SINGLE_THREADED 
+  #define SINGLE_THREADED
 /*#define FREERTOS*/
 
 /*-- Compiler related definitions  ---------------------------------------------
@@ -98,34 +100,34 @@
 
   /* USE_ECC_CERT
    * This macro is for selecting root CA certificate to load, it is valid only
-   * in example applications. wolfSSL does not refer this macro. 
-   * If you want to use cipher suites including ECDSA authentication in 
+   * in example applications. wolfSSL does not refer this macro.
+   * If you want to use cipher suites including ECDSA authentication in
    * the example applications with TSIP, enable this macro.
-   * In TSIP 1.13 or later version, following cipher suites are 
+   * In TSIP 1.13 or later version, following cipher suites are
    * available:
    * - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    * - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SAH256
-   * 
+   *
    * Note that, this macro disables cipher suites including RSA
    * authentication such as:
    * - TLS_RSA_WITH_AES_128_CBC_SHA
-   * - TLS_RSA_WITH_AES_256_CBC_SHA 
+   * - TLS_RSA_WITH_AES_256_CBC_SHA
    * - TLS_RSA_WITH_AES_128_CBC_SHA256
    * - TLS_RSA_WITH_AES_256_CBC_SHA256
    * - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    * - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
-   * 
+   *
    */
   #define USE_ECC_CERT
 
-  /* In this example application, Root CA cert buffer named 
-   * "ca_ecc_cert_der_256" is used under the following macro definition 
+  /* In this example application, Root CA cert buffer named
+   * "ca_ecc_cert_der_256" is used under the following macro definition
    * for ECDSA.
    */
   #define USE_CERT_BUFFERS_256
 
-  /* In this example application, Root CA cert buffer named 
-   * "ca_cert_der_2048" is used under the following macro definition 
+  /* In this example application, Root CA cert buffer named
+   * "ca_cert_der_2048" is used under the following macro definition
    * for RSA authentication.
    */
   #define USE_CERT_BUFFERS_2048
@@ -137,7 +139,7 @@
   #define SIZEOF_LONG_LONG 8
 
   /*#define WOLFSSL_STATIC_MEMORY*/
-  
+
   #if defined(WOLFSSL_STATIC_MEMORY)
     #define USE_FAST_MATH
   #else
@@ -146,24 +148,24 @@
 
 
 
- /* 
+ /*
   * -- "NO_ASN_TIME" macro is to avoid certificate expiration validation --
-  *  
-  * Note. In your actual products, do not forget to comment-out 
+  *
+  * Note. In your actual products, do not forget to comment-out
   * "NO_ASN_TIME" macro. And prepare time function to get calendar time,
-  * otherwise, certificate expiration validation will not work.  
+  * otherwise, certificate expiration validation will not work.
   */
   /*#define NO_ASN_TIME*/
-  
+
   #define NO_MAIN_DRIVER
   #define BENCH_EMBEDDED
-  #define NO_WOLFSSL_DIR 
+  #define NO_WOLFSSL_DIR
   #define WOLFSSL_NO_CURRDIR
   #define NO_FILESYSTEM
   #define WOLFSSL_LOG_PRINTF
   #define WOLFSSL_HAVE_MIN
   #define WOLFSSL_HAVE_MAX
-  
+
   #define NO_WRITEV
   #define WOLFSSL_USER_IO
 
@@ -175,7 +177,7 @@
   #define USE_WOLF_SUSECONDS_T
   #define USE_WOLF_TIMEVAL_T
 
-  
+
   #define WC_RSA_BLINDING
   #define TFM_TIMING_RESISTANT
   #define ECC_TIMING_RESISTANT
@@ -191,7 +193,7 @@
 
 /*-- Definitions for functionality negation  -----------------------------------
  *
- * 
+ *
  *----------------------------------------------------------------------------*/
 
 /*#define NO_RENESAS_TSIP_CRYPT*/
@@ -203,7 +205,7 @@
 
 /*-- Consistency checking between definitions  ---------------------------------
  *
- *  
+ *
  *----------------------------------------------------------------------------*/
 
 /*-- TSIP TLS specific definitions --*/
@@ -229,7 +231,6 @@
     #define WOLFSSL_RENESAS_TSIP_TLS
 
     #if !defined(NO_RENESAS_TSIP_CRYPT)
-        #define WOLFSSL_RENESAS_TSIP_CRYPTONLY
         #define HAVE_PK_CALLBACKS
         #define WOLF_CRYPTO_CB
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -243,10 +244,20 @@
         # undef WOLFSSL_RENESAS_TSIP_TLS
         # undef WOLFSSL_RENESAS_TSIP_CRYPT
     #endif
-
+        /*-------------------------------------------------------------------------
+     * TSIP generates random numbers using the CRT-DRBG described
+     * in NIST SP800-90A. Recommend to define the CUSTOM_RAND_GENERATE_BLOCK
+     * so that wc_RNG_GenerateByte/Block() call TSIP random generatoion API
+     * directly. Comment out the macro will generate random number by
+     * wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
+     *-----------------------------------------------------------------------*/
+	#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
 #else
     #define OPENSSL_EXTRA
     #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
+    #if !defined(min)
+    	#define min(data1, data2)    _builtin_min(data1, data2)
+	#endif
 #endif
 
 
@@ -260,7 +271,3 @@
 
 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
 
-#if !defined(WOLFSSL_RENESAS_TSIP_TLS)
- #define min(x,y) ((x)<(y)?(x):(y))
-#endif
-
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
index db2911cf3..032a171cc 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,18 +18,33 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-
 #include <wolfssl/wolfcrypt/wc_port.h>
 
-#define YEAR 2023
-#define MON  6
-
 static int tick = 0;
+#define YEAR  ( \
+    ((__DATE__)[7]  - '0') * 1000 + \
+    ((__DATE__)[8]  - '0') * 100  + \
+    ((__DATE__)[9]  - '0') * 10   + \
+    ((__DATE__)[10] - '0') * 1      \
+)
+
+#define MONTH ( \
+    __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+  : __DATE__[2] == 'b' ? 2 \
+  : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+  : __DATE__[2] == 'y' ? 5 \
+  : __DATE__[2] == 'l' ? 7 \
+  : __DATE__[2] == 'g' ? 8 \
+  : __DATE__[2] == 'p' ? 9 \
+  : __DATE__[2] == 't' ? 10 \
+  : __DATE__[2] == 'v' ? 11 \
+  : 12 \
+	)
 
 time_t time(time_t *t)
 {
     (void)t;
-    return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
+    return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++;
 }
 
 #include <ctype.h>
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am b/IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am
index 60df793e5..ce88e9b15 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/include.am
@@ -23,4 +23,8 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/.cproject
 EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/.project
-EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
\ No newline at end of file
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_private.pem
+EXTRA_DIST+= IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_public.pem
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg b/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
index 393a20ac4..9193414c7 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg
@@ -4,16 +4,18 @@
         <configuration active="true" id="com.renesas.smc.toolchain.rxc.configuration.release">
             <property id="com.renesas.smc.service.project.buildArtefactType" values="com.renesas.smc.service.project.buildArtefactType.exe"/>
             <toolchain id="com.renesas.smc.toolchain.rxc.toolchain.rxc">
+                <option id="com.renesas.smc.toolchain.option.language" key="com.renesas.smc.toolchain.option.language.c"/>
                 <option id="com.renesas.smc.toolchain.option.buildArtefactType" key="com.renesas.smc.toolchain.option.buildArtefactType.exe"/>
                 <option id="com.renesas.smc.toolchain.option.rtos" key="com.renesas.smc.toolchain.option.rtos.none"/>
+                <option id="com.renesas.smc.toolchain.option.dual" key="com.renesas.smc.toolchain.option.dual.false"/>
             </toolchain>
         </configuration>
         <platform id="R5F565NEHxFP"/>
-        <option id="board" value="gr-rose (v1.01)"/>
+        <option id="board" value="GR-ROSE-RX65N (V1.03)"/>
     </general>
     <tool id="Clock">
         <option enabled="true" id="vccinput" selection="textinputitem">
-            <item enabled="true" id="textinputitem" input="3.3" value="3.300"/>
+            <item enabled="true" id="textinputitem" input="3.3" value="3.3"/>
         </option>
         <option enabled="true" id="mainclockenable" selection="check">
             <item enabled="true" id="check"/>
@@ -24,10 +26,10 @@
             <item enabled="true" id="srcEOI"/>
         </option>
         <option enabled="true" id="mainfrequency" selection="textinputitem">
-            <item enabled="true" id="textinputitem" input="12" value="12.000000"/>
+            <item enabled="true" id="textinputitem" input="12" value="12"/>
         </option>
         <option enabled="false" id="mainwaittime" selection="textinputitem">
-            <item enabled="true" id="textinputitem" input="9980" value="9980.000000"/>
+            <item enabled="true" id="textinputitem" input="9980" value="9980"/>
         </option>
         <option enabled="true" id="subclockenable" selection="uncheck">
             <item enabled="true" id="check"/>
@@ -41,7 +43,7 @@
             <item enabled="true" id="lowCL"/>
         </option>
         <option enabled="false" id="subwaittime" selection="textinputitem">
-            <item enabled="true" id="textinputitem" input="2000" value="2000.000000"/>
+            <item enabled="true" id="textinputitem" input="2000" value="2000"/>
         </option>
         <option enabled="true" id="hococlockenable" selection="uncheck">
             <item enabled="true" id="check"/>
@@ -71,7 +73,7 @@
             <item enabled="true" id="textinputitem" input="" value="120"/>
         </option>
         <option enabled="true" id="pllswitcher" selection="pllmain">
-            <item enabled="true" id="pllmain" input="" value="12.0"/>
+            <item enabled="true" id="pllmain" input="" value="12"/>
             <item enabled="false" id="pllhoco" input="" value="16"/>
         </option>
         <option enabled="true" id="plldivider" selection="div1-1">
@@ -124,7 +126,7 @@
         </option>
         <option enabled="true" id="sckswitcher" selection="pll">
             <item enabled="true" id="pll" input="" value="1.2E8"/>
-            <item enabled="true" id="main" input="" value="1.2E7"/>
+            <item enabled="true" id="main" input="" value="12000000"/>
             <item enabled="false" id="sub" input="" value="32768.0"/>
             <item enabled="false" id="hoco" input="" value="16000000"/>
             <item enabled="false" id="loco" input="" value="240000"/>
@@ -257,308 +259,308 @@
             <item enabled="true" id="textoutputitem" input="" value="120"/>
         </option>
         <option enabled="true" id="cacmclk" selection="textoutputitem">
-            <item enabled="true" id="textoutputitem" input="" value="12.0"/>
+            <item enabled="true" id="textoutputitem" input="" value="12"/>
         </option>
     </tool>
     <tool id="Interrupt">
-        <Item currentVect="16" id="BSC_BUSERR" priority="15" usedState="Not Use"/>
-        <Item currentVect="18" id="RAM_RAMERR" priority="15" usedState="Not Use"/>
-        <Item currentVect="21" id="FCU_FIFERR" priority="15" usedState="Not Use"/>
-        <Item currentVect="23" id="FCU_FRDYI" priority="15" usedState="Not Use"/>
-        <Item currentVect="26" id="ICU_SWINT2" priority="1" usedState="Used"/>
-        <Item currentVect="27" id="ICU_SWINT" priority="1" usedState="Used"/>
-        <Item currentVect="28" id="CMT0_CMI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="29" id="CMT1_CMI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="30" id="CMTW0_CMWI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="31" id="CMTW1_CMWI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="34" id="USB0_D0FIFO0" priority="15" usedState="Not Use"/>
-        <Item currentVect="35" id="USB0_D1FIFO0" priority="15" usedState="Not Use"/>
-        <Item currentVect="38" id="RSPI0_SPRI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="39" id="RSPI0_SPTI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="40" id="RSPI1_SPRI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="41" id="RSPI1_SPTI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="42" id="QSPI_SPRI" priority="15" usedState="Not Use"/>
-        <Item currentVect="43" id="QSPI_SPTI" priority="15" usedState="Not Use"/>
-        <Item currentVect="44" id="SDHI_SBFAI" priority="15" usedState="Not Use"/>
-        <Item currentVect="45" id="MMCIF_MBFAI" priority="15" usedState="Not Use"/>
-        <Item currentVect="50" id="RIIC1_RXI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="51" id="RIIC1_TXI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="52" id="RIIC0_RXI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="53" id="RIIC0_TXI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="54" id="RIIC2_RXI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="55" id="RIIC2_TXI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="58" id="SCI0_RXI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="59" id="SCI0_TXI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="60" id="SCI1_RXI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="61" id="SCI1_TXI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="62" id="SCI2_RXI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="63" id="SCI2_TXI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="64" id="ICU_IRQ0" priority="15" usedState="Not Use"/>
-        <Item currentVect="65" id="ICU_IRQ1" priority="15" usedState="Not Use"/>
-        <Item currentVect="66" id="ICU_IRQ2" priority="15" usedState="Not Use"/>
-        <Item currentVect="67" id="ICU_IRQ3" priority="15" usedState="Not Use"/>
-        <Item currentVect="68" id="ICU_IRQ4" priority="15" usedState="Not Use"/>
-        <Item currentVect="69" id="ICU_IRQ5" priority="15" usedState="Not Use"/>
-        <Item currentVect="70" id="ICU_IRQ6" priority="15" usedState="Not Use"/>
-        <Item currentVect="71" id="ICU_IRQ7" priority="15" usedState="Not Use"/>
-        <Item currentVect="72" id="ICU_IRQ8" priority="15" usedState="Not Use"/>
-        <Item currentVect="73" id="ICU_IRQ9" priority="15" usedState="Not Use"/>
-        <Item currentVect="74" id="ICU_IRQ10" priority="15" usedState="Not Use"/>
-        <Item currentVect="75" id="ICU_IRQ11" priority="15" usedState="Not Use"/>
-        <Item currentVect="76" id="ICU_IRQ12" priority="15" usedState="Not Use"/>
-        <Item currentVect="77" id="ICU_IRQ13" priority="15" usedState="Not Use"/>
-        <Item currentVect="78" id="ICU_IRQ14" priority="15" usedState="Not Use"/>
-        <Item currentVect="79" id="ICU_IRQ15" priority="15" usedState="Not Use"/>
-        <Item currentVect="80" id="SCI3_RXI3" priority="15" usedState="Not Use"/>
-        <Item currentVect="81" id="SCI3_TXI3" priority="15" usedState="Not Use"/>
-        <Item currentVect="82" id="SCI4_RXI4" priority="15" usedState="Not Use"/>
-        <Item currentVect="83" id="SCI4_TXI4" priority="15" usedState="Not Use"/>
-        <Item currentVect="84" id="SCI5_RXI5" priority="15" usedState="Not Use"/>
-        <Item currentVect="85" id="SCI5_TXI5" priority="15" usedState="Not Use"/>
-        <Item currentVect="86" id="SCI6_RXI6" priority="15" usedState="Not Use"/>
-        <Item currentVect="87" id="SCI6_TXI6" priority="15" usedState="Not Use"/>
-        <Item currentVect="88" id="LVD1_LVD1" priority="15" usedState="Not Use"/>
-        <Item currentVect="89" id="LVD2_LVD2" priority="15" usedState="Not Use"/>
-        <Item currentVect="90" id="USB0_USBR0" priority="15" usedState="Not Use"/>
-        <Item currentVect="92" id="RTC_ALM" priority="15" usedState="Not Use"/>
-        <Item currentVect="93" id="RTC_PRD" priority="15" usedState="Not Use"/>
-        <Item currentVect="95" id="IWDT_IWUNI" priority="15" usedState="Not Use"/>
-        <Item currentVect="96" id="WDT_WUNI" priority="15" usedState="Not Use"/>
-        <Item currentVect="97" id="PDC_PCDFI" priority="15" usedState="Not Use"/>
-        <Item currentVect="98" id="SCI7_RXI7" priority="15" usedState="Not Use"/>
-        <Item currentVect="99" id="SCI7_TXI7" priority="15" usedState="Not Use"/>
-        <Item currentVect="100" id="SCI8_RXI8" priority="15" usedState="Not Use"/>
-        <Item currentVect="101" id="SCI8_TXI8" priority="15" usedState="Not Use"/>
-        <Item currentVect="102" id="SCI9_RXI9" priority="15" usedState="Not Use"/>
-        <Item currentVect="103" id="SCI9_TXI9" priority="15" usedState="Not Use"/>
-        <Item currentVect="104" id="SCI10_RXI10" priority="15" usedState="Not Use"/>
-        <Item currentVect="105" id="SCI10_TXI10" priority="15" usedState="Not Use"/>
-        <Item currentVect="106" groupchild="&lt;br&gt;1-ERS0&lt;br&gt;2-ERS1" id="BE0" priority="15" usedState="Not Use"/>
-        <Item currentVect="107" groupchild="&lt;br&gt;1-SDIOI" id="BL2" priority="15" usedState="Not Use"/>
-        <Item currentVect="108" id="RSPI2_SPRI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="109" id="RSPI2_SPTI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="110" groupchild="&lt;br&gt;1-TEI0&lt;br&gt;2-ERI0&lt;br&gt;3-TEI1&lt;br&gt;4-ERI1&lt;br&gt;5-TEI2&lt;br&gt;6-ERI2&lt;br&gt;7-TEI3&lt;br&gt;8-ERI3&lt;br&gt;9-TEI4&lt;br&gt;10-ERI4&lt;br&gt;11-TEI5&lt;br&gt;12-ERI5&lt;br&gt;13-TEI6&lt;br&gt;14-ERI6&lt;br&gt;15-TEI7&lt;br&gt;16-ERI7&lt;br&gt;17-TEI12&lt;br&gt;18-ERI12&lt;br&gt;19-SCIX0&lt;br&gt;20-SCIX1&lt;br&gt;21-SCIX2&lt;br&gt;22-SCIX3&lt;br&gt;23-QSPSSLI&lt;br&gt;24-FERRI&lt;br&gt;25-MENDI&lt;br&gt;26-OVFI&lt;br&gt;27-DOPCI&lt;br&gt;28-PCFEI&lt;br&gt;29-PCERI" id="BL0" priority="15" usedState="Not Use"/>
-        <Item currentVect="111" groupchild="&lt;br&gt;1-CDETI&lt;br&gt;2-CACI&lt;br&gt;3-SDACI&lt;br&gt;4-CDETIO&lt;br&gt;5-ERRIO&lt;br&gt;6-ACCIO&lt;br&gt;7-OEI1&lt;br&gt;8-OEI2&lt;br&gt;9-OEI3&lt;br&gt;10-OEI4&lt;br&gt;11-TEI0&lt;br&gt;12-EEI0&lt;br&gt;13-TEI2&lt;br&gt;14-EEI2&lt;br&gt;15-S12CMPAI&lt;br&gt;16-S12CMPBI&lt;br&gt;17-S12CMPAI1&lt;br&gt;18-S12CMPBI1&lt;br&gt;19-TEI8&lt;br&gt;20-ERI8&lt;br&gt;21-TEI9&lt;br&gt;22-ERI9&lt;br&gt;23-TEI1&lt;br&gt;24-EEI1" id="BL1" priority="15" usedState="Not Use"/>
-        <Item currentVect="112" groupchild="&lt;br&gt;1-TEI10&lt;br&gt;2-ERI10&lt;br&gt;3-TEI11&lt;br&gt;4-ERI11&lt;br&gt;5-SPII0&lt;br&gt;6-SPEI0&lt;br&gt;7-SPII1&lt;br&gt;8-SPEI1&lt;br&gt;9-SPII2&lt;br&gt;10-SPEI2" id="AL0" priority="15" usedState="Not Use"/>
-        <Item currentVect="113" groupchild="&lt;br&gt;1-EINT0&lt;br&gt;2-VPOS&lt;br&gt;3-GR1UF&lt;br&gt;4-GR2UF&lt;br&gt;5-DRW_IRQ" id="AL1" priority="2" usedState="Used"/>
-        <Item currentVect="114" id="SCI11_RXI11" priority="15" usedState="Not Use"/>
-        <Item currentVect="115" id="SCI11_TXI11" priority="15" usedState="Not Use"/>
-        <Item currentVect="116" id="SCI12_RXI12" priority="15" usedState="Not Use"/>
-        <Item currentVect="117" id="SCI12_TXI12" priority="15" usedState="Not Use"/>
-        <Item currentVect="120" id="DMAC_DMAC0I" priority="15" usedState="Not Use"/>
-        <Item currentVect="121" id="DMAC_DMAC1I" priority="15" usedState="Not Use"/>
-        <Item currentVect="122" id="DMAC_DMAC2I" priority="15" usedState="Not Use"/>
-        <Item currentVect="123" id="DMAC_DMAC3I" priority="15" usedState="Not Use"/>
-        <Item currentVect="124" id="DMAC_DMAC74I" priority="15" usedState="Not Use"/>
-        <Item currentVect="125" id="OST_OSTDI" priority="15" usedState="Not Use"/>
-        <Item currentVect="126" id="EXDMAC_EXDMAC0I" priority="15" usedState="Not Use"/>
-        <Item currentVect="127" id="EXDMAC_EXDMAC1I" priority="15" usedState="Not Use"/>
-        <Item currentVect="128" defaultVect="128" id="CMT2_CMI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="129" defaultVect="129" id="CMT3_CMI3" priority="15" usedState="Not Use"/>
-        <Item currentVect="130" defaultVect="130" id="TPU0_TGI0A" priority="15" usedState="Not Use"/>
-        <Item currentVect="131" defaultVect="131" id="TPU0_TGI0B" priority="15" usedState="Not Use"/>
-        <Item currentVect="132" defaultVect="132" id="TPU0_TGI0C" priority="15" usedState="Not Use"/>
-        <Item currentVect="133" defaultVect="133" id="TPU0_TGI0D" priority="15" usedState="Not Use"/>
-        <Item currentVect="134" defaultVect="134" id="TPU0_TCI0V" priority="15" usedState="Not Use"/>
-        <Item currentVect="135" defaultVect="135" id="TPU1_TGI1B" priority="15" usedState="Not Use"/>
-        <Item currentVect="136" defaultVect="136" id="TPU1_TCI1V" priority="15" usedState="Not Use"/>
-        <Item currentVect="137" defaultVect="137" id="TPU1_TCI1U" priority="15" usedState="Not Use"/>
-        <Item currentVect="138" defaultVect="138" id="TPU2_TGI2A" priority="15" usedState="Not Use"/>
-        <Item currentVect="139" defaultVect="139" id="TPU2_TGI2B" priority="15" usedState="Not Use"/>
-        <Item currentVect="140" defaultVect="140" id="TPU2_TCI2V" priority="15" usedState="Not Use"/>
-        <Item currentVect="141" defaultVect="141" id="TPU2_TCI2U" priority="15" usedState="Not Use"/>
-        <Item currentVect="142" defaultVect="142" id="TPU3_TGI3A" priority="15" usedState="Not Use"/>
-        <Item currentVect="143" defaultVect="143" id="TPU3_TGI3B" priority="15" usedState="Not Use"/>
-        <Item currentVect="144" defaultVect="144" id="TPU1_TGI1A" priority="15" usedState="Not Use"/>
-        <Item currentVect="145" defaultVect="145" id="TPU3_TGI3C" priority="15" usedState="Not Use"/>
-        <Item currentVect="146" defaultVect="146" id="TMR0_CMIA0" priority="15" usedState="Not Use"/>
-        <Item currentVect="147" defaultVect="147" id="TMR0_CMIB0" priority="15" usedState="Not Use"/>
-        <Item currentVect="148" defaultVect="148" id="TMR0_OVI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="149" defaultVect="149" id="TMR1_CMIA1" priority="15" usedState="Not Use"/>
-        <Item currentVect="150" defaultVect="150" id="TMR1_CMIB1" priority="15" usedState="Not Use"/>
-        <Item currentVect="151" defaultVect="151" id="TMR1_OVI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="152" defaultVect="152" id="TMR2_CMIA2" priority="15" usedState="Not Use"/>
-        <Item currentVect="153" defaultVect="153" id="TMR2_CMIB2" priority="15" usedState="Not Use"/>
-        <Item currentVect="154" defaultVect="154" id="TMR2_OVI2" priority="15" usedState="Not Use"/>
-        <Item currentVect="155" defaultVect="155" id="TMR3_CMIA3" priority="15" usedState="Not Use"/>
-        <Item currentVect="156" defaultVect="156" id="TMR3_CMIB3" priority="15" usedState="Not Use"/>
-        <Item currentVect="157" defaultVect="157" id="TMR3_OVI3" priority="15" usedState="Not Use"/>
-        <Item currentVect="158" defaultVect="158" id="TPU3_TGI3D" priority="15" usedState="Not Use"/>
-        <Item currentVect="159" defaultVect="159" id="TPU3_TCI3V" priority="15" usedState="Not Use"/>
-        <Item currentVect="160" defaultVect="160" id="TPU4_TGI4A" priority="15" usedState="Not Use"/>
-        <Item currentVect="161" defaultVect="161" id="TPU4_TGI4B" priority="15" usedState="Not Use"/>
-        <Item currentVect="162" defaultVect="162" id="TPU4_TCI4V" priority="15" usedState="Not Use"/>
-        <Item currentVect="163" defaultVect="163" id="TPU4_TCI4U" priority="15" usedState="Not Use"/>
-        <Item currentVect="164" defaultVect="164" id="TPU5_TGI5A" priority="15" usedState="Not Use"/>
-        <Item currentVect="165" defaultVect="165" id="TPU5_TGI5B" priority="15" usedState="Not Use"/>
-        <Item currentVect="166" defaultVect="166" id="TPU5_TCI5V" priority="15" usedState="Not Use"/>
-        <Item currentVect="167" defaultVect="167" id="TPU5_TCI5U" priority="15" usedState="Not Use"/>
-        <Item currentVect="168" defaultVect="168" id="CMTW0_IC0I0" priority="15" usedState="Not Use"/>
-        <Item currentVect="169" defaultVect="169" id="CMTW0_IC1I0" priority="15" usedState="Not Use"/>
-        <Item currentVect="170" defaultVect="170" id="CMTW0_OC0I0" priority="15" usedState="Not Use"/>
-        <Item currentVect="171" defaultVect="171" id="CMTW0_OC1I0" priority="15" usedState="Not Use"/>
-        <Item currentVect="172" defaultVect="172" id="CMTW1_IC0I1" priority="15" usedState="Not Use"/>
-        <Item currentVect="173" defaultVect="173" id="CMTW1_IC1I1" priority="15" usedState="Not Use"/>
-        <Item currentVect="174" defaultVect="174" id="CMTW1_OC0I1" priority="15" usedState="Not Use"/>
-        <Item currentVect="175" defaultVect="175" id="CMTW1_OC1I1" priority="15" usedState="Not Use"/>
-        <Item currentVect="176" defaultVect="176" id="RTC_CUP" priority="15" usedState="Not Use"/>
-        <Item currentVect="177" defaultVect="177" id="CAN0_RXF0" priority="15" usedState="Not Use"/>
-        <Item currentVect="178" defaultVect="178" id="CAN0_TXF0" priority="15" usedState="Not Use"/>
-        <Item currentVect="179" defaultVect="179" id="CAN0_RXM0" priority="15" usedState="Not Use"/>
-        <Item currentVect="180" defaultVect="180" id="CAN0_TXM0" priority="15" usedState="Not Use"/>
-        <Item currentVect="181" defaultVect="181" id="CAN1_RXF1" priority="15" usedState="Not Use"/>
-        <Item currentVect="182" defaultVect="182" id="CAN1_TXF1" priority="15" usedState="Not Use"/>
-        <Item currentVect="183" defaultVect="183" id="CAN1_RXM1" priority="15" usedState="Not Use"/>
-        <Item currentVect="184" defaultVect="184" id="CAN1_TXM1" priority="15" usedState="Not Use"/>
-        <Item currentVect="185" defaultVect="185" id="USB0_USBI0" priority="15" usedState="Not Use"/>
-        <Item currentVect="186" defaultVect="186" id="S12AD_S12ADI" priority="15" usedState="Not Use"/>
-        <Item currentVect="187" defaultVect="187" id="S12AD_S12GBADI" priority="15" usedState="Not Use"/>
-        <Item currentVect="188" defaultVect="188" id="S12AD_S12GCADI" priority="15" usedState="Not Use"/>
-        <Item currentVect="189" defaultVect="189" id="S12AD1_S12ADI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="190" defaultVect="190" id="S12AD1_S12GBADI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="191" defaultVect="191" id="S12AD1_S12GCADI1" priority="15" usedState="Not Use"/>
-        <Item currentVect="192" defaultVect="192" id="RNG_RNGEND" priority="15" usedState="Not Use"/>
-        <Item currentVect="193" defaultVect="193" id="ELC_ELSR18I" priority="15" usedState="Not Use"/>
-        <Item currentVect="194" defaultVect="194" id="ELC_ELSR19I" priority="15" usedState="Not Use"/>
-        <Item currentVect="195" defaultVect="195" id="TSIP_PROC_BUSY" priority="15" usedState="Not Use"/>
-        <Item currentVect="196" defaultVect="196" id="TSIP_ROMOK" priority="15" usedState="Not Use"/>
-        <Item currentVect="197" defaultVect="197" id="TSIP_LONG_PLG" priority="15" usedState="Not Use"/>
-        <Item currentVect="198" defaultVect="198" id="TSIP_TEST_BUSY" priority="15" usedState="Not Use"/>
-        <Item currentVect="199" defaultVect="199" id="TSIP_WRRDY0" priority="15" usedState="Not Use"/>
-        <Item currentVect="200" defaultVect="200" id="TSIP_WRRDY1" priority="15" usedState="Not Use"/>
-        <Item currentVect="201" defaultVect="201" id="TSIP_WRRDY4" priority="15" usedState="Not Use"/>
-        <Item currentVect="202" defaultVect="202" id="TSIP_RDRDY0" priority="15" usedState="Not Use"/>
-        <Item currentVect="203" defaultVect="203" id="TSIP_RDRDY1" priority="15" usedState="Not Use"/>
-        <Item currentVect="204" defaultVect="204" id="TSIP_INTEGRATE_WRRDY" priority="15" usedState="Not Use"/>
-        <Item currentVect="205" defaultVect="205" id="TSIP_INTEGRATE_RDRDY" priority="15" usedState="Not Use"/>
-        <Item currentVect="206" id="PERIB_INTB206" priority="15" usedState="Not Use"/>
-        <Item currentVect="207" id="PERIB_INTB207" priority="15" usedState="Not Use"/>
-        <Item currentVect="208" defaultVect="208" id="MTU1_TGIA1" priority="15" usedState="Not Use"/>
-        <Item currentVect="209" defaultVect="209" id="MTU0_TGIA0" priority="15" usedState="Not Use"/>
-        <Item currentVect="210" defaultVect="210" id="MTU0_TGIB0" priority="15" usedState="Not Use"/>
-        <Item currentVect="211" defaultVect="211" id="MTU0_TGIC0" priority="15" usedState="Not Use"/>
-        <Item currentVect="212" defaultVect="212" id="MTU0_TGID0" priority="15" usedState="Not Use"/>
-        <Item currentVect="213" defaultVect="213" id="MTU0_TCIV0" priority="15" usedState="Not Use"/>
-        <Item currentVect="214" defaultVect="214" id="MTU0_TGIE0" priority="15" usedState="Not Use"/>
-        <Item currentVect="215" defaultVect="215" id="MTU0_TGIF0" priority="15" usedState="Not Use"/>
-        <Item currentVect="216" defaultVect="216" id="MTU1_TGIB1" priority="15" usedState="Not Use"/>
-        <Item currentVect="217" defaultVect="217" id="MTU1_TCIV1" priority="15" usedState="Not Use"/>
-        <Item currentVect="218" defaultVect="218" id="MTU1_TCIU1" priority="15" usedState="Not Use"/>
-        <Item currentVect="219" defaultVect="219" id="MTU2_TGIA2" priority="15" usedState="Not Use"/>
-        <Item currentVect="220" defaultVect="220" id="MTU2_TGIB2" priority="15" usedState="Not Use"/>
-        <Item currentVect="221" defaultVect="221" id="MTU2_TCIV2" priority="15" usedState="Not Use"/>
-        <Item currentVect="222" defaultVect="222" id="MTU2_TCIU2" priority="15" usedState="Not Use"/>
-        <Item currentVect="223" defaultVect="223" id="MTU3_TGIA3" priority="15" usedState="Not Use"/>
-        <Item currentVect="224" defaultVect="224" id="MTU3_TGIB3" priority="15" usedState="Not Use"/>
-        <Item currentVect="225" defaultVect="225" id="MTU3_TGIC3" priority="15" usedState="Not Use"/>
-        <Item currentVect="226" defaultVect="226" id="MTU3_TGID3" priority="15" usedState="Not Use"/>
-        <Item currentVect="227" defaultVect="227" id="MTU3_TCIV3" priority="15" usedState="Not Use"/>
-        <Item currentVect="228" defaultVect="228" id="MTU4_TGIA4" priority="15" usedState="Not Use"/>
-        <Item currentVect="229" defaultVect="229" id="MTU4_TGIB4" priority="15" usedState="Not Use"/>
-        <Item currentVect="230" defaultVect="230" id="MTU4_TGIC4" priority="15" usedState="Not Use"/>
-        <Item currentVect="231" defaultVect="231" id="MTU4_TGID4" priority="15" usedState="Not Use"/>
-        <Item currentVect="232" defaultVect="232" id="MTU4_TCIV4" priority="15" usedState="Not Use"/>
-        <Item currentVect="233" defaultVect="233" id="MTU5_TGIU5" priority="15" usedState="Not Use"/>
-        <Item currentVect="234" defaultVect="234" id="MTU5_TGIV5" priority="15" usedState="Not Use"/>
-        <Item currentVect="235" defaultVect="235" id="MTU5_TGIW5" priority="15" usedState="Not Use"/>
-        <Item currentVect="236" defaultVect="236" id="MTU6_TGIA6" priority="15" usedState="Not Use"/>
-        <Item currentVect="237" defaultVect="237" id="MTU6_TGIB6" priority="15" usedState="Not Use"/>
-        <Item currentVect="238" defaultVect="238" id="MTU6_TGIC6" priority="15" usedState="Not Use"/>
-        <Item currentVect="239" defaultVect="239" id="MTU6_TGID6" priority="15" usedState="Not Use"/>
-        <Item currentVect="240" defaultVect="240" id="MTU6_TCIV6" priority="15" usedState="Not Use"/>
-        <Item currentVect="241" defaultVect="241" id="MTU7_TGIA7" priority="15" usedState="Not Use"/>
-        <Item currentVect="242" defaultVect="242" id="MTU7_TGIB7" priority="15" usedState="Not Use"/>
-        <Item currentVect="243" defaultVect="243" id="MTU7_TGIC7" priority="15" usedState="Not Use"/>
-        <Item currentVect="244" defaultVect="244" id="MTU7_TGID7" priority="15" usedState="Not Use"/>
-        <Item currentVect="245" defaultVect="245" id="MTU7_TCIV7" priority="15" usedState="Not Use"/>
-        <Item currentVect="246" defaultVect="246" id="MTU8_TGIA8" priority="15" usedState="Not Use"/>
-        <Item currentVect="247" defaultVect="247" id="MTU8_TGIB8" priority="15" usedState="Not Use"/>
-        <Item currentVect="248" defaultVect="248" id="MTU8_TGIC8" priority="15" usedState="Not Use"/>
-        <Item currentVect="249" defaultVect="249" id="MTU8_TGID8" priority="15" usedState="Not Use"/>
-        <Item currentVect="250" defaultVect="250" id="MTU8_TCIV8" priority="15" usedState="Not Use"/>
-        <Item currentVect="251" defaultVect="251" id="AES_AESRDY" priority="15" usedState="Not Use"/>
-        <Item currentVect="252" defaultVect="252" id="AES_AESEND" priority="15" usedState="Not Use"/>
-        <Item currentVect="253" id="PERIA_INTA253" priority="15" usedState="Not Use"/>
-        <Item currentVect="254" id="PERIA_INTA254" priority="15" usedState="Not Use"/>
-        <Item currentVect="255" id="PERIA_INTA255" priority="15" usedState="Not Use"/>
+        <Item currentVect="16" id="BSC_BUSERR" priority="15" usedState="未使用"/>
+        <Item currentVect="18" id="RAM_RAMERR" priority="15" usedState="未使用"/>
+        <Item currentVect="21" id="FCU_FIFERR" priority="15" usedState="未使用"/>
+        <Item currentVect="23" id="FCU_FRDYI" priority="15" usedState="未使用"/>
+        <Item currentVect="26" id="ICU_SWINT2" priority="1" usedState="使用中"/>
+        <Item currentVect="27" id="ICU_SWINT" priority="1" usedState="使用中"/>
+        <Item currentVect="28" id="CMT0_CMI0" priority="5" usedState="使用中"/>
+        <Item currentVect="29" id="CMT1_CMI1" priority="5" usedState="使用中"/>
+        <Item currentVect="30" id="CMTW0_CMWI0" priority="15" usedState="未使用"/>
+        <Item currentVect="31" id="CMTW1_CMWI1" priority="15" usedState="未使用"/>
+        <Item currentVect="34" id="USB0_D0FIFO0" priority="15" usedState="未使用"/>
+        <Item currentVect="35" id="USB0_D1FIFO0" priority="15" usedState="未使用"/>
+        <Item currentVect="38" id="RSPI0_SPRI0" priority="15" usedState="未使用"/>
+        <Item currentVect="39" id="RSPI0_SPTI0" priority="15" usedState="未使用"/>
+        <Item currentVect="40" id="RSPI1_SPRI1" priority="15" usedState="未使用"/>
+        <Item currentVect="41" id="RSPI1_SPTI1" priority="15" usedState="未使用"/>
+        <Item currentVect="42" id="QSPI_SPRI" priority="15" usedState="未使用"/>
+        <Item currentVect="43" id="QSPI_SPTI" priority="15" usedState="未使用"/>
+        <Item currentVect="44" id="SDHI_SBFAI" priority="15" usedState="未使用"/>
+        <Item currentVect="45" id="MMCIF_MBFAI" priority="15" usedState="未使用"/>
+        <Item currentVect="50" id="RIIC1_RXI1" priority="15" usedState="未使用"/>
+        <Item currentVect="51" id="RIIC1_TXI1" priority="15" usedState="未使用"/>
+        <Item currentVect="52" id="RIIC0_RXI0" priority="15" usedState="未使用"/>
+        <Item currentVect="53" id="RIIC0_TXI0" priority="15" usedState="未使用"/>
+        <Item currentVect="54" id="RIIC2_RXI2" priority="15" usedState="未使用"/>
+        <Item currentVect="55" id="RIIC2_TXI2" priority="15" usedState="未使用"/>
+        <Item currentVect="58" id="SCI0_RXI0" priority="15" usedState="未使用"/>
+        <Item currentVect="59" id="SCI0_TXI0" priority="15" usedState="未使用"/>
+        <Item currentVect="60" id="SCI1_RXI1" priority="15" usedState="未使用"/>
+        <Item currentVect="61" id="SCI1_TXI1" priority="15" usedState="未使用"/>
+        <Item currentVect="62" id="SCI2_RXI2" priority="15" usedState="未使用"/>
+        <Item currentVect="63" id="SCI2_TXI2" priority="15" usedState="未使用"/>
+        <Item currentVect="64" id="ICU_IRQ0" priority="15" usedState="未使用"/>
+        <Item currentVect="65" id="ICU_IRQ1" priority="15" usedState="未使用"/>
+        <Item currentVect="66" id="ICU_IRQ2" priority="15" usedState="未使用"/>
+        <Item currentVect="67" id="ICU_IRQ3" priority="15" usedState="未使用"/>
+        <Item currentVect="68" id="ICU_IRQ4" priority="15" usedState="未使用"/>
+        <Item currentVect="69" id="ICU_IRQ5" priority="15" usedState="未使用"/>
+        <Item currentVect="70" id="ICU_IRQ6" priority="15" usedState="未使用"/>
+        <Item currentVect="71" id="ICU_IRQ7" priority="15" usedState="未使用"/>
+        <Item currentVect="72" id="ICU_IRQ8" priority="15" usedState="未使用"/>
+        <Item currentVect="73" id="ICU_IRQ9" priority="15" usedState="未使用"/>
+        <Item currentVect="74" id="ICU_IRQ10" priority="15" usedState="未使用"/>
+        <Item currentVect="75" id="ICU_IRQ11" priority="15" usedState="未使用"/>
+        <Item currentVect="76" id="ICU_IRQ12" priority="15" usedState="未使用"/>
+        <Item currentVect="77" id="ICU_IRQ13" priority="15" usedState="未使用"/>
+        <Item currentVect="78" id="ICU_IRQ14" priority="15" usedState="未使用"/>
+        <Item currentVect="79" id="ICU_IRQ15" priority="15" usedState="未使用"/>
+        <Item currentVect="80" id="SCI3_RXI3" priority="15" usedState="未使用"/>
+        <Item currentVect="81" id="SCI3_TXI3" priority="15" usedState="未使用"/>
+        <Item currentVect="82" id="SCI4_RXI4" priority="15" usedState="未使用"/>
+        <Item currentVect="83" id="SCI4_TXI4" priority="15" usedState="未使用"/>
+        <Item currentVect="84" id="SCI5_RXI5" priority="15" usedState="未使用"/>
+        <Item currentVect="85" id="SCI5_TXI5" priority="15" usedState="未使用"/>
+        <Item currentVect="86" id="SCI6_RXI6" priority="15" usedState="未使用"/>
+        <Item currentVect="87" id="SCI6_TXI6" priority="15" usedState="未使用"/>
+        <Item currentVect="88" id="LVD1_LVD1" priority="15" usedState="未使用"/>
+        <Item currentVect="89" id="LVD2_LVD2" priority="15" usedState="未使用"/>
+        <Item currentVect="90" id="USB0_USBR0" priority="15" usedState="未使用"/>
+        <Item currentVect="92" id="RTC_ALM" priority="15" usedState="未使用"/>
+        <Item currentVect="93" id="RTC_PRD" priority="15" usedState="未使用"/>
+        <Item currentVect="95" id="IWDT_IWUNI" priority="15" usedState="未使用"/>
+        <Item currentVect="96" id="WDT_WUNI" priority="15" usedState="未使用"/>
+        <Item currentVect="97" id="PDC_PCDFI" priority="15" usedState="未使用"/>
+        <Item currentVect="98" id="SCI7_RXI7" priority="15" usedState="未使用"/>
+        <Item currentVect="99" id="SCI7_TXI7" priority="15" usedState="未使用"/>
+        <Item currentVect="100" id="SCI8_RXI8" priority="15" usedState="未使用"/>
+        <Item currentVect="101" id="SCI8_TXI8" priority="15" usedState="未使用"/>
+        <Item currentVect="102" id="SCI9_RXI9" priority="15" usedState="未使用"/>
+        <Item currentVect="103" id="SCI9_TXI9" priority="15" usedState="未使用"/>
+        <Item currentVect="104" id="SCI10_RXI10" priority="15" usedState="未使用"/>
+        <Item currentVect="105" id="SCI10_TXI10" priority="15" usedState="未使用"/>
+        <Item currentVect="106" groupchild="&lt;br&gt;0-ERS0&lt;br&gt;1-ERS1" id="BE0" priority="15" usedState="未使用"/>
+        <Item currentVect="107" groupchild="&lt;br&gt;0-SDIOI" id="BL2" priority="15" usedState="未使用"/>
+        <Item currentVect="108" id="RSPI2_SPRI2" priority="15" usedState="未使用"/>
+        <Item currentVect="109" id="RSPI2_SPTI2" priority="15" usedState="未使用"/>
+        <Item currentVect="110" groupchild="&lt;br&gt;0-TEI0&lt;br&gt;1-ERI0&lt;br&gt;2-TEI1&lt;br&gt;3-ERI1&lt;br&gt;4-TEI2&lt;br&gt;5-ERI2&lt;br&gt;6-TEI3&lt;br&gt;7-ERI3&lt;br&gt;8-TEI4&lt;br&gt;9-ERI4&lt;br&gt;10-TEI5&lt;br&gt;11-ERI5&lt;br&gt;12-TEI6&lt;br&gt;13-ERI6&lt;br&gt;14-TEI7&lt;br&gt;15-ERI7&lt;br&gt;16-TEI12&lt;br&gt;17-ERI12&lt;br&gt;18-SCIX0&lt;br&gt;19-SCIX1&lt;br&gt;20-SCIX2&lt;br&gt;21-SCIX3&lt;br&gt;24-QSPSSLI&lt;br&gt;26-FERRI&lt;br&gt;27-MENDI&lt;br&gt;28-OVFI&lt;br&gt;29-DOPCI&lt;br&gt;30-PCFEI&lt;br&gt;31-PCERI" id="BL0" priority="15" usedState="未使用"/>
+        <Item currentVect="111" groupchild="&lt;br&gt;3-CDETI&lt;br&gt;4-CACI&lt;br&gt;5-SDACI&lt;br&gt;6-CDETIO&lt;br&gt;7-ERRIO&lt;br&gt;8-ACCIO&lt;br&gt;9-OEI1&lt;br&gt;10-OEI2&lt;br&gt;11-OEI3&lt;br&gt;12-OEI4&lt;br&gt;13-TEI0&lt;br&gt;14-EEI0&lt;br&gt;15-TEI2&lt;br&gt;16-EEI2&lt;br&gt;20-S12CMPAI&lt;br&gt;21-S12CMPBI&lt;br&gt;22-S12CMPAI1&lt;br&gt;23-S12CMPBI1&lt;br&gt;24-TEI8&lt;br&gt;25-ERI8&lt;br&gt;26-TEI9&lt;br&gt;27-ERI9&lt;br&gt;28-TEI1&lt;br&gt;29-EEI1" id="BL1" priority="15" usedState="未使用"/>
+        <Item currentVect="112" groupchild="&lt;br&gt;8-TEI10&lt;br&gt;9-ERI10&lt;br&gt;12-TEI11&lt;br&gt;13-ERI11&lt;br&gt;16-SPII0&lt;br&gt;17-SPEI0&lt;br&gt;18-SPII1&lt;br&gt;19-SPEI1&lt;br&gt;20-SPII2&lt;br&gt;21-SPEI2" id="AL0" priority="15" usedState="未使用"/>
+        <Item currentVect="113" groupchild="&lt;br&gt;4-EINT0&lt;br&gt;8-VPOS&lt;br&gt;9-GR1UF&lt;br&gt;10-GR2UF&lt;br&gt;11-DRW_IRQ" id="AL1" priority="2" usedState="使用中"/>
+        <Item currentVect="114" id="SCI11_RXI11" priority="15" usedState="未使用"/>
+        <Item currentVect="115" id="SCI11_TXI11" priority="15" usedState="未使用"/>
+        <Item currentVect="116" id="SCI12_RXI12" priority="15" usedState="未使用"/>
+        <Item currentVect="117" id="SCI12_TXI12" priority="15" usedState="未使用"/>
+        <Item currentVect="120" id="DMAC_DMAC0I" priority="15" usedState="未使用"/>
+        <Item currentVect="121" id="DMAC_DMAC1I" priority="15" usedState="未使用"/>
+        <Item currentVect="122" id="DMAC_DMAC2I" priority="15" usedState="未使用"/>
+        <Item currentVect="123" id="DMAC_DMAC3I" priority="15" usedState="未使用"/>
+        <Item currentVect="124" id="DMAC_DMAC74I" priority="15" usedState="未使用"/>
+        <Item currentVect="125" id="OST_OSTDI" priority="15" usedState="未使用"/>
+        <Item currentVect="126" id="EXDMAC_EXDMAC0I" priority="15" usedState="未使用"/>
+        <Item currentVect="127" id="EXDMAC_EXDMAC1I" priority="15" usedState="未使用"/>
+        <Item currentVect="128" defaultVect="128" id="CMT2_CMI2" priority="5" usedState="使用中"/>
+        <Item currentVect="129" defaultVect="129" id="CMT3_CMI3" priority="5" usedState="使用中"/>
+        <Item currentVect="130" defaultVect="130" id="TPU0_TGI0A" priority="15" usedState="未使用"/>
+        <Item currentVect="131" defaultVect="131" id="TPU0_TGI0B" priority="15" usedState="未使用"/>
+        <Item currentVect="132" defaultVect="132" id="TPU0_TGI0C" priority="15" usedState="未使用"/>
+        <Item currentVect="133" defaultVect="133" id="TPU0_TGI0D" priority="15" usedState="未使用"/>
+        <Item currentVect="134" defaultVect="134" id="TPU0_TCI0V" priority="15" usedState="未使用"/>
+        <Item currentVect="135" defaultVect="135" id="TPU1_TGI1B" priority="15" usedState="未使用"/>
+        <Item currentVect="136" defaultVect="136" id="TPU1_TCI1V" priority="15" usedState="未使用"/>
+        <Item currentVect="137" defaultVect="137" id="TPU1_TCI1U" priority="15" usedState="未使用"/>
+        <Item currentVect="138" defaultVect="138" id="TPU2_TGI2A" priority="15" usedState="未使用"/>
+        <Item currentVect="139" defaultVect="139" id="TPU2_TGI2B" priority="15" usedState="未使用"/>
+        <Item currentVect="140" defaultVect="140" id="TPU2_TCI2V" priority="15" usedState="未使用"/>
+        <Item currentVect="141" defaultVect="141" id="TPU2_TCI2U" priority="15" usedState="未使用"/>
+        <Item currentVect="142" defaultVect="142" id="TPU3_TGI3A" priority="15" usedState="未使用"/>
+        <Item currentVect="143" defaultVect="143" id="TPU3_TGI3B" priority="15" usedState="未使用"/>
+        <Item currentVect="144" defaultVect="144" id="TPU1_TGI1A" priority="15" usedState="未使用"/>
+        <Item currentVect="145" defaultVect="145" id="TPU3_TGI3C" priority="15" usedState="未使用"/>
+        <Item currentVect="146" defaultVect="146" id="TMR0_CMIA0" priority="15" usedState="未使用"/>
+        <Item currentVect="147" defaultVect="147" id="TMR0_CMIB0" priority="15" usedState="未使用"/>
+        <Item currentVect="148" defaultVect="148" id="TMR0_OVI0" priority="15" usedState="未使用"/>
+        <Item currentVect="149" defaultVect="149" id="TMR1_CMIA1" priority="15" usedState="未使用"/>
+        <Item currentVect="150" defaultVect="150" id="TMR1_CMIB1" priority="15" usedState="未使用"/>
+        <Item currentVect="151" defaultVect="151" id="TMR1_OVI1" priority="15" usedState="未使用"/>
+        <Item currentVect="152" defaultVect="152" id="TMR2_CMIA2" priority="15" usedState="未使用"/>
+        <Item currentVect="153" defaultVect="153" id="TMR2_CMIB2" priority="15" usedState="未使用"/>
+        <Item currentVect="154" defaultVect="154" id="TMR2_OVI2" priority="15" usedState="未使用"/>
+        <Item currentVect="155" defaultVect="155" id="TMR3_CMIA3" priority="15" usedState="未使用"/>
+        <Item currentVect="156" defaultVect="156" id="TMR3_CMIB3" priority="15" usedState="未使用"/>
+        <Item currentVect="157" defaultVect="157" id="TMR3_OVI3" priority="15" usedState="未使用"/>
+        <Item currentVect="158" defaultVect="158" id="TPU3_TGI3D" priority="15" usedState="未使用"/>
+        <Item currentVect="159" defaultVect="159" id="TPU3_TCI3V" priority="15" usedState="未使用"/>
+        <Item currentVect="160" defaultVect="160" id="TPU4_TGI4A" priority="15" usedState="未使用"/>
+        <Item currentVect="161" defaultVect="161" id="TPU4_TGI4B" priority="15" usedState="未使用"/>
+        <Item currentVect="162" defaultVect="162" id="TPU4_TCI4V" priority="15" usedState="未使用"/>
+        <Item currentVect="163" defaultVect="163" id="TPU4_TCI4U" priority="15" usedState="未使用"/>
+        <Item currentVect="164" defaultVect="164" id="TPU5_TGI5A" priority="15" usedState="未使用"/>
+        <Item currentVect="165" defaultVect="165" id="TPU5_TGI5B" priority="15" usedState="未使用"/>
+        <Item currentVect="166" defaultVect="166" id="TPU5_TCI5V" priority="15" usedState="未使用"/>
+        <Item currentVect="167" defaultVect="167" id="TPU5_TCI5U" priority="15" usedState="未使用"/>
+        <Item currentVect="168" defaultVect="168" id="CMTW0_IC0I0" priority="15" usedState="未使用"/>
+        <Item currentVect="169" defaultVect="169" id="CMTW0_IC1I0" priority="15" usedState="未使用"/>
+        <Item currentVect="170" defaultVect="170" id="CMTW0_OC0I0" priority="15" usedState="未使用"/>
+        <Item currentVect="171" defaultVect="171" id="CMTW0_OC1I0" priority="15" usedState="未使用"/>
+        <Item currentVect="172" defaultVect="172" id="CMTW1_IC0I1" priority="15" usedState="未使用"/>
+        <Item currentVect="173" defaultVect="173" id="CMTW1_IC1I1" priority="15" usedState="未使用"/>
+        <Item currentVect="174" defaultVect="174" id="CMTW1_OC0I1" priority="15" usedState="未使用"/>
+        <Item currentVect="175" defaultVect="175" id="CMTW1_OC1I1" priority="15" usedState="未使用"/>
+        <Item currentVect="176" defaultVect="176" id="RTC_CUP" priority="15" usedState="未使用"/>
+        <Item currentVect="177" defaultVect="177" id="CAN0_RXF0" priority="15" usedState="未使用"/>
+        <Item currentVect="178" defaultVect="178" id="CAN0_TXF0" priority="15" usedState="未使用"/>
+        <Item currentVect="179" defaultVect="179" id="CAN0_RXM0" priority="15" usedState="未使用"/>
+        <Item currentVect="180" defaultVect="180" id="CAN0_TXM0" priority="15" usedState="未使用"/>
+        <Item currentVect="181" defaultVect="181" id="CAN1_RXF1" priority="15" usedState="未使用"/>
+        <Item currentVect="182" defaultVect="182" id="CAN1_TXF1" priority="15" usedState="未使用"/>
+        <Item currentVect="183" defaultVect="183" id="CAN1_RXM1" priority="15" usedState="未使用"/>
+        <Item currentVect="184" defaultVect="184" id="CAN1_TXM1" priority="15" usedState="未使用"/>
+        <Item currentVect="185" defaultVect="185" id="USB0_USBI0" priority="15" usedState="未使用"/>
+        <Item currentVect="186" defaultVect="186" id="S12AD_S12ADI" priority="15" usedState="未使用"/>
+        <Item currentVect="187" defaultVect="187" id="S12AD_S12GBADI" priority="15" usedState="未使用"/>
+        <Item currentVect="188" defaultVect="188" id="S12AD_S12GCADI" priority="15" usedState="未使用"/>
+        <Item currentVect="189" defaultVect="189" id="S12AD1_S12ADI1" priority="15" usedState="未使用"/>
+        <Item currentVect="190" defaultVect="190" id="S12AD1_S12GBADI1" priority="15" usedState="未使用"/>
+        <Item currentVect="191" defaultVect="191" id="S12AD1_S12GCADI1" priority="15" usedState="未使用"/>
+        <Item currentVect="192" defaultVect="192" id="RNG_RNGEND" priority="15" usedState="未使用"/>
+        <Item currentVect="193" defaultVect="193" id="ELC_ELSR18I" priority="15" usedState="未使用"/>
+        <Item currentVect="194" defaultVect="194" id="ELC_ELSR19I" priority="15" usedState="未使用"/>
+        <Item currentVect="195" defaultVect="195" id="TSIP_PROC_BUSY" priority="15" usedState="未使用"/>
+        <Item currentVect="196" defaultVect="196" id="TSIP_ROMOK" priority="15" usedState="未使用"/>
+        <Item currentVect="197" defaultVect="197" id="TSIP_LONG_PLG" priority="15" usedState="未使用"/>
+        <Item currentVect="198" defaultVect="198" id="TSIP_TEST_BUSY" priority="15" usedState="未使用"/>
+        <Item currentVect="199" defaultVect="199" id="TSIP_WRRDY0" priority="15" usedState="未使用"/>
+        <Item currentVect="200" defaultVect="200" id="TSIP_WRRDY1" priority="15" usedState="未使用"/>
+        <Item currentVect="201" defaultVect="201" id="TSIP_WRRDY4" priority="15" usedState="未使用"/>
+        <Item currentVect="202" defaultVect="202" id="TSIP_RDRDY0" priority="15" usedState="未使用"/>
+        <Item currentVect="203" defaultVect="203" id="TSIP_RDRDY1" priority="15" usedState="未使用"/>
+        <Item currentVect="204" defaultVect="204" id="TSIP_INTEGRATE_WRRDY" priority="15" usedState="未使用"/>
+        <Item currentVect="205" defaultVect="205" id="TSIP_INTEGRATE_RDRDY" priority="15" usedState="未使用"/>
+        <Item currentVect="206" id="PERIB_INTB206" priority="15" usedState="未使用"/>
+        <Item currentVect="207" id="PERIB_INTB207" priority="15" usedState="未使用"/>
+        <Item currentVect="208" defaultVect="208" id="MTU1_TGIA1" priority="15" usedState="未使用"/>
+        <Item currentVect="209" defaultVect="209" id="MTU0_TGIA0" priority="15" usedState="未使用"/>
+        <Item currentVect="210" defaultVect="210" id="MTU0_TGIB0" priority="15" usedState="未使用"/>
+        <Item currentVect="211" defaultVect="211" id="MTU0_TGIC0" priority="15" usedState="未使用"/>
+        <Item currentVect="212" defaultVect="212" id="MTU0_TGID0" priority="15" usedState="未使用"/>
+        <Item currentVect="213" defaultVect="213" id="MTU0_TCIV0" priority="15" usedState="未使用"/>
+        <Item currentVect="214" defaultVect="214" id="MTU0_TGIE0" priority="15" usedState="未使用"/>
+        <Item currentVect="215" defaultVect="215" id="MTU0_TGIF0" priority="15" usedState="未使用"/>
+        <Item currentVect="216" defaultVect="216" id="MTU1_TGIB1" priority="15" usedState="未使用"/>
+        <Item currentVect="217" defaultVect="217" id="MTU1_TCIV1" priority="15" usedState="未使用"/>
+        <Item currentVect="218" defaultVect="218" id="MTU1_TCIU1" priority="15" usedState="未使用"/>
+        <Item currentVect="219" defaultVect="219" id="MTU2_TGIA2" priority="15" usedState="未使用"/>
+        <Item currentVect="220" defaultVect="220" id="MTU2_TGIB2" priority="15" usedState="未使用"/>
+        <Item currentVect="221" defaultVect="221" id="MTU2_TCIV2" priority="15" usedState="未使用"/>
+        <Item currentVect="222" defaultVect="222" id="MTU2_TCIU2" priority="15" usedState="未使用"/>
+        <Item currentVect="223" defaultVect="223" id="MTU3_TGIA3" priority="15" usedState="未使用"/>
+        <Item currentVect="224" defaultVect="224" id="MTU3_TGIB3" priority="15" usedState="未使用"/>
+        <Item currentVect="225" defaultVect="225" id="MTU3_TGIC3" priority="15" usedState="未使用"/>
+        <Item currentVect="226" defaultVect="226" id="MTU3_TGID3" priority="15" usedState="未使用"/>
+        <Item currentVect="227" defaultVect="227" id="MTU3_TCIV3" priority="15" usedState="未使用"/>
+        <Item currentVect="228" defaultVect="228" id="MTU4_TGIA4" priority="15" usedState="未使用"/>
+        <Item currentVect="229" defaultVect="229" id="MTU4_TGIB4" priority="15" usedState="未使用"/>
+        <Item currentVect="230" defaultVect="230" id="MTU4_TGIC4" priority="15" usedState="未使用"/>
+        <Item currentVect="231" defaultVect="231" id="MTU4_TGID4" priority="15" usedState="未使用"/>
+        <Item currentVect="232" defaultVect="232" id="MTU4_TCIV4" priority="15" usedState="未使用"/>
+        <Item currentVect="233" defaultVect="233" id="MTU5_TGIU5" priority="15" usedState="未使用"/>
+        <Item currentVect="234" defaultVect="234" id="MTU5_TGIV5" priority="15" usedState="未使用"/>
+        <Item currentVect="235" defaultVect="235" id="MTU5_TGIW5" priority="15" usedState="未使用"/>
+        <Item currentVect="236" defaultVect="236" id="MTU6_TGIA6" priority="15" usedState="未使用"/>
+        <Item currentVect="237" defaultVect="237" id="MTU6_TGIB6" priority="15" usedState="未使用"/>
+        <Item currentVect="238" defaultVect="238" id="MTU6_TGIC6" priority="15" usedState="未使用"/>
+        <Item currentVect="239" defaultVect="239" id="MTU6_TGID6" priority="15" usedState="未使用"/>
+        <Item currentVect="240" defaultVect="240" id="MTU6_TCIV6" priority="15" usedState="未使用"/>
+        <Item currentVect="241" defaultVect="241" id="MTU7_TGIA7" priority="15" usedState="未使用"/>
+        <Item currentVect="242" defaultVect="242" id="MTU7_TGIB7" priority="15" usedState="未使用"/>
+        <Item currentVect="243" defaultVect="243" id="MTU7_TGIC7" priority="15" usedState="未使用"/>
+        <Item currentVect="244" defaultVect="244" id="MTU7_TGID7" priority="15" usedState="未使用"/>
+        <Item currentVect="245" defaultVect="245" id="MTU7_TCIV7" priority="15" usedState="未使用"/>
+        <Item currentVect="246" defaultVect="246" id="MTU8_TGIA8" priority="15" usedState="未使用"/>
+        <Item currentVect="247" defaultVect="247" id="MTU8_TGIB8" priority="15" usedState="未使用"/>
+        <Item currentVect="248" defaultVect="248" id="MTU8_TGIC8" priority="15" usedState="未使用"/>
+        <Item currentVect="249" defaultVect="249" id="MTU8_TGID8" priority="15" usedState="未使用"/>
+        <Item currentVect="250" defaultVect="250" id="MTU8_TCIV8" priority="15" usedState="未使用"/>
+        <Item currentVect="251" defaultVect="251" id="AES_AESRDY" priority="15" usedState="未使用"/>
+        <Item currentVect="252" defaultVect="252" id="AES_AESEND" priority="15" usedState="未使用"/>
+        <Item currentVect="253" id="PERIA_INTA253" priority="15" usedState="未使用"/>
+        <Item currentVect="254" id="PERIA_INTA254" priority="15" usedState="未使用"/>
+        <Item currentVect="255" id="PERIA_INTA255" priority="15" usedState="未使用"/>
     </tool>
     <tool id="Pins" version="1.0.1.0">
-        <pinItem allocation="11" comments="" direction="None" id="XTAL" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="59" comments="" direction="None" id="RMII0_RXD0" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="61" comments="" direction="None" id="RMII0_RXD1" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="54" comments="" direction="None" id="RMII0_TXD1" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="55" comments="" direction="None" id="RMII0_TXD0" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="58" comments="" direction="None" id="REF50CK0" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="66" comments="" direction="None" id="ET0_MDC" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="13" comments="" direction="None" id="EXTAL" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="65" comments="" direction="None" id="ET0_LINKSTA" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="57" comments="" direction="None" id="RMII0_RX_ER" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="56" comments="" direction="None" id="RMII0_TXD_EN" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinItem allocation="67" comments="" direction="None" id="ET0_MDIO" isUsedBySoftware="true" locked="false" status="0"/>
-        <pinItem allocation="53" comments="" direction="None" id="RMII0_CRS_DV" isUsedBySoftware="true" locked="false" status="65280"/>
-        <pinnumItem comment="SW2 Reset Switch" id="10"/>
-        <pinnumItem comment="CN10 Serial Servo" id="16"/>
-        <pinnumItem comment="CN10 Serial Servo" id="17"/>
-        <pinnumItem comment="CN10 Serial Servo" id="18"/>
-        <pinnumItem comment="U5 WiFi Module" id="19"/>
-        <pinnumItem comment="N.C." id="4"/>
-        <pinnumItem comment="SW1 Operation Mode Switch" id="7"/>
-        <pinnumItem comment="CN4 PMOD" id="20"/>
-        <pinnumItem comment="U5 WiFi Module" id="21"/>
-        <pinnumItem comment="CN4 PMOD" id="22"/>
-        <pinnumItem comment="U5 WiFi Module" id="23"/>
-        <pinnumItem comment="U5 WiFi Module" id="24"/>
-        <pinnumItem comment="U5 WiFi Module" id="25"/>
-        <pinnumItem comment="CN7 Serial Servo" id="26"/>
-        <pinnumItem comment="CN7 Serial Servo" id="27"/>
-        <pinnumItem comment="CN7 Serial Servo" id="28"/>
-        <pinnumItem comment="U5 WiFi Module" id="29"/>
-        <pinnumItem comment="CN5 USB" id="30"/>
-        <pinnumItem comment="CN8 Serial Servo" id="32"/>
-        <pinnumItem comment="CN8 Serial Servo" id="33"/>
-        <pinnumItem comment="CN8 Serial Servo" id="34"/>
-        <pinnumItem comment="CN5 USB" id="36"/>
-        <pinnumItem comment="CN5 USB" id="37"/>
-        <pinnumItem comment="CN4 PMOD" id="42"/>
-        <pinnumItem comment="CN4 PMOD" id="44"/>
-        <pinnumItem comment="CN11 Serial Servo I/F" id="45"/>
-        <pinnumItem comment="CN11 Serial Servo I/F" id="46"/>
-        <pinnumItem comment="CN11 Serial Servo I/F" id="47"/>
-        <pinnumItem comment="CN9 Serial Servo" id="48"/>
-        <pinnumItem comment="CN9 Serial Servo" id="49"/>
-        <pinnumItem comment="CN9 Serial Servo" id="50"/>
-        <pinnumItem comment="CN6 Ether" id="53"/>
-        <pinnumItem comment="CN6 Ether" id="54"/>
-        <pinnumItem comment="CN6 Ether" id="55"/>
-        <pinnumItem comment="CN6 Ether" id="56"/>
-        <pinnumItem comment="CN6 Ether" id="57"/>
-        <pinnumItem comment="CN6 Ether" id="58"/>
-        <pinnumItem comment="CN6 Ether" id="59"/>
-        <pinnumItem comment="CN6 Ether" id="61"/>
-        <pinnumItem comment="CN6 Ether" id="64"/>
-        <pinnumItem comment="CN6 Ether" id="65"/>
-        <pinnumItem comment="CN6 Ether" id="66"/>
-        <pinnumItem comment="CN6 Ether" id="67"/>
-        <pinnumItem comment="LED2" id="69"/>
-        <pinnumItem comment="LED1" id="70"/>
-        <pinnumItem comment="CN4 PMOD" id="71"/>
-        <pinnumItem comment="CN4 PMOD" id="72"/>
-        <pinnumItem comment="CN4 PMOD" id="73"/>
-        <pinnumItem comment="CN4 PMOD" id="74"/>
-        <pinnumItem comment="CN12C ADC" id="79"/>
-        <pinnumItem comment="CN13 DAC" id="100"/>
-        <pinnumItem comment="CN12C ADC" id="80"/>
-        <pinnumItem comment="CN12C ADC" id="81"/>
-        <pinnumItem comment="CN12C ADC" id="82"/>
-        <pinnumItem comment="CN12C ADC" id="83"/>
-        <pinnumItem comment="CN12C ADC" id="84"/>
+        <pinItem allocation="11" comments="" direction="None" id="XTAL" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="59" comments="" direction="None" id="RMII0_RXD0" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="61" comments="" direction="None" id="RMII0_RXD1" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="54" comments="" direction="None" id="RMII0_TXD1" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="55" comments="" direction="None" id="RMII0_TXD0" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="58" comments="" direction="None" id="REF50CK0" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="66" comments="" direction="None" id="ET0_MDC" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="13" comments="" direction="None" id="EXTAL" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="65" comments="" direction="None" id="ET0_LINKSTA" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="57" comments="" direction="None" id="RMII0_RX_ER" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="56" comments="" direction="None" id="RMII0_TXD_EN" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinItem allocation="67" comments="" direction="None" id="ET0_MDIO" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
+        <pinItem allocation="53" comments="" direction="None" id="RMII0_CRS_DV" isUsedBySoftware="true" locked="false" operationMode="" status="65280"/>
+        <pinnumItem comment="CN4 PMOD" id="44" symbolicname=""/>
+        <pinnumItem comment="CN11 Serial Servo I/F" id="45" symbolicname=""/>
+        <pinnumItem comment="CN11 Serial Servo I/F" id="46" symbolicname=""/>
+        <pinnumItem comment="CN11 Serial Servo I/F" id="47" symbolicname=""/>
+        <pinnumItem comment="CN9 Serial Servo" id="48" symbolicname=""/>
+        <pinnumItem comment="CN9 Serial Servo" id="49" symbolicname=""/>
+        <pinnumItem comment="CN9 Serial Servo" id="50" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="53" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="54" symbolicname=""/>
+        <pinnumItem comment="SW2 Reset Switch" id="10" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="55" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="56" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="57" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="58" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="59" symbolicname=""/>
+        <pinnumItem comment="CN10 Serial Servo" id="16" symbolicname=""/>
+        <pinnumItem comment="CN10 Serial Servo" id="17" symbolicname=""/>
+        <pinnumItem comment="CN10 Serial Servo" id="18" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="19" symbolicname=""/>
+        <pinnumItem comment="N.C." id="4" symbolicname=""/>
+        <pinnumItem comment="SW1 Operation Mode Switch" id="7" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="61" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="20" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="64" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="65" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="21" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="66" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="22" symbolicname=""/>
+        <pinnumItem comment="CN6 Ether" id="67" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="23" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="24" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="25" symbolicname=""/>
+        <pinnumItem comment="LED2" id="69" symbolicname=""/>
+        <pinnumItem comment="CN7 Serial Servo" id="26" symbolicname=""/>
+        <pinnumItem comment="CN7 Serial Servo" id="27" symbolicname=""/>
+        <pinnumItem comment="CN7 Serial Servo" id="28" symbolicname=""/>
+        <pinnumItem comment="U5 WiFi Module" id="29" symbolicname=""/>
+        <pinnumItem comment="LED1" id="70" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="71" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="72" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="73" symbolicname=""/>
+        <pinnumItem comment="CN5 USB" id="30" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="74" symbolicname=""/>
+        <pinnumItem comment="CN8 Serial Servo" id="32" symbolicname=""/>
+        <pinnumItem comment="CN8 Serial Servo" id="33" symbolicname=""/>
+        <pinnumItem comment="CN8 Serial Servo" id="34" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="79" symbolicname=""/>
+        <pinnumItem comment="CN5 USB" id="36" symbolicname=""/>
+        <pinnumItem comment="CN5 USB" id="37" symbolicname=""/>
+        <pinnumItem comment="CN13 DAC" id="100" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="80" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="81" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="82" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="83" symbolicname=""/>
+        <pinnumItem comment="CN12C ADC" id="84" symbolicname=""/>
+        <pinnumItem comment="CN4 PMOD" id="42" symbolicname=""/>
     </tool>
     <tool id="Summary" version="1.0.0.0">
         <option id="com.renesas.smc.code.path" value="src\smc_gen"/>
         <option id="com.renesas.smc.code.type" value="Normal Folder"/>
     </tool>
     <tool id="SWComponent" version="1.0.0.0">
-        <configuration id="60957c51-a5e9-46fc-b2c8-a6141e24332c" inuse="true" name="Config_TMR0">
+        <configuration apiMode="FULL_API" id="60957c51-a5e9-46fc-b2c8-a6141e24332c" inuse="true" name="Config_TMR0">
             <allocatable id="TMR0">
                 <isocket id="CountingClock" selection="Clock.tool_clock_pclkb" value="3.0E7"/>
                 <option enabled="true" id="CountMode" selection="8bitMode">
@@ -683,8 +685,8 @@
                     <item id="Level15" input="" vlaue="0"/>
                 </option>
             </allocatable>
-            <component description="This software component generates two units (unit 0, unit 1) of an on-chip 8-bit timer (TMR) module that comprise two 8-bit counter channels, totaling four channels." detailDescription="" display="8-Bit Timer" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr" version="1.9.0"/>
-            <allocator channelLevel0="0" channelLevel1="" channelLevel2="" channelLevel3="" channelLevel4="" channelLevel5="" description="8-Bit Timer 0" display="TMR0" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr.rx651.tmr0" type="">
+            <component description="このソフトウェアコンポーネントは、8 ビットタイマ（TMR）の構成を提供します。&#10;&#10;外部イベントのカウントが可能なほか、2 本のレジスタとのコンペアマッチ信号により、カウンタのクリア、割り込み要求、任意のデューティ比のパルス出力など、多機能タイマとして種々の応用が可能です。" detailDescription="" display="8 ビットタイマ" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr" version="1.10.0"/>
+            <allocator channelLevel0="0" channelLevel1="" channelLevel2="" channelLevel3="" channelLevel4="" channelLevel5="" description="8 ビットタイマ0" display="TMR0" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr.rx651.tmr0" type="">
                 <context>
                     <option enabled="true" id="CountMode" selection="8bitMode">
                         <item enabled="true" id="8bitMode"/>
@@ -692,10 +694,10 @@
                     </option>
                 </context>
             </allocator>
-            <source description="Code generator components provide peripheral drivers with customized generated source geared towards small code size" display="Code Generator" id="com.renesas.smc.tools.swcomponent.codegenerator.source"/>
+            <source description="コード生成に対応したコンポーネントは、設定に応じた周辺ドライバのコードを小さなコードサイズで出力します。" display="コード生成" id="com.renesas.smc.tools.swcomponent.codegenerator.source"/>
         </configuration>
         <configuration inuse="true" name="r_bsp">
-            <component description="Dependencies : None&#10;The r_bsp package provides a foundation for code to be built on top of. It provides startup code, iodefines, and MCU information for different boards. There are 2 folders that make up the r_bsp package. The 'mcu' folder contains files that are common to a MCU group. These files provide functionality such as easy register access, CPU functions, and a file named 'mcu_info.h' for each MCU group. The 'mcu_info.h' file has information about the MCU on the board and is configured based on the information given in r_bsp_config.h. The information in 'mcu_info.h' is used to help configure Renesas middleware that uses the r_bsp package. The 'board' folder has a folder with startup code for each supported board.  Which MCU and board is chosen is decided by the settings in 'platform.h'. The user can choose which board they are using by uncommenting the include path that applies to their board. For example, if you are using the RSK+RX64M then you would uncomment the #include &quot;./board/generic_rx64m/r_bsp.h&quot; include path. Users are encouraged to add their own boards to the 'board' directory. BSPs are configured by using the r_bsp_config.h file. Each board will have a reference configuration file named r_bsp_config_reference.h. The user should copy this file to their project, rename it to r_bsp_config.h, and use the options inside the file to configure the BSP for their project." detailDescription="Board Support Packages." display="r_bsp" id="r_bsp6.21" version="6.21">
+            <component description="依存モジュール: なし&#10;The r_bsp package provides a foundation for code to be built on top of. It provides startup code, iodefines, and MCU information for different boards. There are 2 folders that make up the r_bsp package. The 'mcu' folder contains files that are common to a MCU group. These files provide functionality such as easy register access, CPU functions, and a file named 'mcu_info.h' for each MCU group. The 'mcu_info.h' file has information about the MCU on the board and is configured based on the information given in r_bsp_config.h. The information in 'mcu_info.h' is used to help configure Renesas middleware that uses the r_bsp package. The 'board' folder has a folder with startup code for each supported board.  Which MCU and board is chosen is decided by the settings in 'platform.h'. The user can choose which board they are using by uncommenting the include path that applies to their board. For example, if you are using the RSK+RX64M then you would uncomment the #include &quot;./board/generic_rx64m/r_bsp.h&quot; include path. Users are encouraged to add their own boards to the 'board' directory. BSPs are configured by using the r_bsp_config.h file. Each board will have a reference configuration file named r_bsp_config_reference.h. The user should copy this file to their project, rename it to r_bsp_config.h, and use the options inside the file to configure the BSP for their project." detailDescription="Board Support Packages." display="r_bsp" id="r_bsp6.21" version="6.21">
                 <gridItem id="BSP_CFG_USER_STACK_ENABLE" selectedIndex="1"/>
                 <gridItem id="BSP_CFG_USTACK_BYTES" selectedIndex="0x2000"/>
                 <gridItem id="BSP_CFG_ISTACK_BYTES" selectedIndex="0x400"/>
@@ -746,14 +748,14 @@
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_cmt_rx">
-            <component description="Dependency : r_bsp version(s) 6.20&#10;This module creates a timer tick using a CMT channel based on a frequency input by the user." detailDescription="CMT driver" display="r_cmt_rx" id="r_cmt_rx4.90" version="4.90">
+            <component description="依存モジュール: r_bsp バージョン 6.20&#10;This module creates a timer tick using a CMT channel based on a frequency input by the user." detailDescription="CMT driver" display="r_cmt_rx" id="r_cmt_rx4.90" version="4.90">
                 <gridItem id="CMT_RX_CFG_IPR" selectedIndex="5"/>
             </component>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_ether_rx">
-            <component description="Dependency : r_bsp version(s) 5.52&#10;The Ethernet fit module provides a method to send and receive Ethernet / IEEE802.3 frame using Ethernet controller (ETHERC), Ethernet DMA controller (EDMAC)." detailDescription="Ethernet Driver." display="r_ether_rx" id="r_ether_rx1.21" version="1.21">
+            <component description="依存モジュール: r_bsp バージョン 5.52&#10;The Ethernet fit module provides a method to send and receive Ethernet / IEEE802.3 frame using Ethernet controller (ETHERC), Ethernet DMA controller (EDMAC)." detailDescription="Ethernet Driver." display="r_ether_rx" id="r_ether_rx1.21" version="1.21">
                 <gridItem id="CLKOUT25M" selectedIndex="0"/>
                 <gridItem id="ET0_TX_CLK" selectedIndex="0"/>
                 <gridItem id="ET0_RX_CLK" selectedIndex="1"/>
@@ -863,22 +865,22 @@
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_sys_time_rx">
-            <component description="Dependency : r_bsp version(s) 5.20&#10;Dependency : r_cmt_rx version(s) 4.00&#10;Generic system timer for RX MCUs using CMT module." detailDescription="Generic system timer for RX MCUs using CMT module." display="r_sys_time_rx" id="r_sys_time_rx1.01" version="1.01"/>
+            <component description="依存モジュール: r_bsp バージョン 5.20&#10;依存モジュール: r_cmt_rx バージョン 4.00&#10;Generic system timer for RX MCUs using CMT module." detailDescription="Generic system timer for RX MCUs using CMT module." display="r_sys_time_rx" id="r_sys_time_rx1.01" version="1.01"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_t4_driver_rx">
-            <component description="Dependency : r_bsp version(s) 5.61&#10;Dependency : r_ether_rx version(s) 1.21&#10;Dependency : r_sys_time_rx version(s) 1.01&#10;Dependency : r_t4_rx version(s) 2.10&#10;Convert the TCP/IP(T4) - RX Ethernet Driver Interface." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] - RX Ethernet Driver Interface" display="r_t4_driver_rx" id="r_t4_driver_rx1.09" version="1.09"/>
+            <component description="依存モジュール: r_bsp バージョン 5.61&#10;依存モジュール: r_ether_rx バージョン 1.21&#10;依存モジュール: r_sys_time_rx バージョン 1.01&#10;依存モジュール: r_t4_rx バージョン 2.10&#10;Convert the TCP/IP(T4) - RX Ethernet Driver Interface." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] - RX Ethernet Driver Interface" display="r_t4_driver_rx" id="r_t4_driver_rx1.09" version="1.09"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_t4_rx">
-            <component description="Dependency : r_t4_driver_rx version(s) 1.09&#10;T4 is TCP/IP protocol stack that has small footprint for Renesas MCUs." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] for Renesas MCUs" display="r_t4_rx" id="r_t4_rx2.10" version="2.10">
+            <component description="依存モジュール: r_t4_driver_rx バージョン 1.09&#10;T4 is TCP/IP protocol stack that has small footprint for Renesas MCUs." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] for Renesas MCUs" display="r_t4_rx" id="r_t4_rx2.10" version="2.10">
                 <gridItem id="T4_CFG_SYSTEM_CHANNEL_NUMBER" selectedIndex="0"/>
                 <gridItem id="T4_CFG_SYSTEM_DHCP" selectedIndex="0"/>
-                <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH0" selectedIndex="192,168,1,33"/>
+                <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH0" selectedIndex="192,168,11,33"/>
                 <gridItem id="T4_CFG_FIXED_SABNET_MASK_CH0" selectedIndex="255,255,255,0"/>
-                <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH0" selectedIndex="192,168,1,1"/>
+                <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH0" selectedIndex="192,168,11,1"/>
                 <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH1" selectedIndex="192,168,0,10"/>
                 <gridItem id="T4_CFG_FIXED_SABNET_MASK_CH1" selectedIndex="255,255,255,0"/>
                 <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH1" selectedIndex="0,0,0,0"/>
@@ -959,7 +961,63 @@
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_tsip_rx">
-            <component description="Dependency : r_bsp version(s) 7.00&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update.&#10;The &quot;.l&quot; in version number means library version." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.15.l" version="1.15.l"/>
+            <component description="依存モジュール: r_bsp バージョン 7.30&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.21" version="1.21">
+                <gridItem id="TSIP_AES_128_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_CBC_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CBC_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CBC_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CBC_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CTR" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_CTR" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_GCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_GCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_GCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_GCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_KEY_WRAP" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_KEY_WRAP" selectedIndex="1"/>
+                <gridItem id="TSIP_TDES_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_CBC_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_CBC_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_ARC4_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_ARC4_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_SHA_1" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_256" selectedIndex="1"/>
+                <gridItem id="TSIP_MD5" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_1_HMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_256_HMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_RSAES_1024" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_2048" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_3072" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_4096" selectedIndex="0"/>
+                <gridItem id="TSIP_RSASSA_1024" selectedIndex="1"/>
+                <gridItem id="TSIP_RSASSA_2048" selectedIndex="1"/>
+                <gridItem id="TSIP_RSASSA_3072" selectedIndex="0"/>
+                <gridItem id="TSIP_RSASSA_4096" selectedIndex="0"/>
+                <gridItem id="TSIP_RSA_RETRY_COUNT_FOR_RSA_KEY_GENERATION" selectedIndex="5120*2"/>
+                <gridItem id="TSIP_ECDSA_P192" selectedIndex="0"/>
+                <gridItem id="TSIP_ECDSA_P224" selectedIndex="0"/>
+                <gridItem id="TSIP_ECDSA_P256" selectedIndex="1"/>
+                <gridItem id="TSIP_ECDSA_P384" selectedIndex="1"/>
+                <gridItem id="TSIP_ECDH_P256" selectedIndex="1"/>
+                <gridItem id="TSIP_USER_SHA_384_ENABLED" selectedIndex="0"/>
+                <gridItem id="TSIP_USER_SHA_384_FUNCTION" selectedIndex="user_sha384_function"/>
+                <gridItem id="TSIP_TLS" selectedIndex="1"/>
+                <gridItem id="TSIP_SECURE_BOOT" selectedIndex="0"/>
+                <gridItem id="TSIP_FIRMWARE_UPDATE" selectedIndex="0"/>
+                <gridItem id="TSIP_MULTI_THREADING" selectedIndex="0"/>
+                <gridItem id="TSIP_MULTI_THREADING_LOCK_FUNCTION" selectedIndex="user_lock_function"/>
+                <gridItem id="TSIP_MULTI_THREADING_UNLOCK_FUNCTION" selectedIndex="user_unlock_function"/>
+            </component>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c
index 951e76e92..642c88be4 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c
@@ -1,6 +1,6 @@
 /* key_data.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,7 +37,7 @@ const st_key_block_data_t g_key_block_data =
     },
     /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
     {
-        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, 
+        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D,
         0x34, 0xB2, 0x4D, 0x92
     },
     /* 
@@ -45,30 +45,30 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
      */
     {
-        0xD9, 0x9A, 0x75, 0x0E, 0x9D, 0x4F, 0x63, 0xA4, 0x02, 0x96, 0xE1, 0xF1,
-        0x49, 0x44, 0xB5, 0x90, 0x59, 0x24, 0xC4, 0x23, 0xF7, 0xA0, 0x32, 0x65,
-        0x68, 0x7B, 0x70, 0xE7, 0xA5, 0xC8, 0x12, 0xD1, 0xCD, 0x55, 0x36, 0x5F,
-        0xE6, 0xEB, 0xD0, 0xAD, 0x5A, 0x7F, 0x9F, 0x41, 0x79, 0x8B, 0x2F, 0x3B,
-        0x17, 0xC9, 0xEE, 0xA7, 0xCB, 0xB5, 0x40, 0xFA, 0x3B, 0x43, 0x1D, 0xF8,
-        0x34, 0xCC, 0xB1, 0xB4, 0x8E, 0x67, 0xF6, 0xA0, 0x49, 0xAA, 0x76, 0x33,
-        0xA4, 0x56, 0xCD, 0x16, 0xE9, 0x76, 0x16, 0x92, 0xBE, 0x3F, 0x3A, 0x3A,
-        0xD7, 0x7A, 0xCD, 0xC9, 0xE2, 0xA0, 0xC8, 0x16, 0x2A, 0x0D, 0xBD, 0x3C,
-        0xEA, 0xC8, 0x26, 0x82, 0xDA, 0x5D, 0x19, 0x71, 0x7B, 0x90, 0x03, 0xEF,
-        0x1E, 0x24, 0x01, 0x62, 0x15, 0x3D, 0x2B, 0x4C, 0xA7, 0x8F, 0xBC, 0xD3,
-        0xD9, 0xC8, 0x9F, 0xBB, 0x4A, 0x62, 0x57, 0xE8, 0xE2, 0x86, 0x8C, 0x56,
-        0x36, 0x64, 0xE7, 0xB9, 0x47, 0x5C, 0x02, 0xF4, 0x87, 0x50, 0x16, 0x9C,
-        0xFB, 0xF6, 0xE9, 0x73, 0x96, 0x78, 0x94, 0x59, 0x12, 0x28, 0x03, 0x37,
-        0x75, 0x56, 0x00, 0x2F, 0xCE, 0x54, 0x7C, 0x34, 0xFD, 0x0B, 0x10, 0x5B,
-        0x4A, 0xEE, 0x11, 0x1B, 0x39, 0xE9, 0x80, 0x8B, 0x27, 0x2D, 0x29, 0x12,
-        0x68, 0x87, 0xD2, 0xC9, 0x78, 0xED, 0xED, 0xF2, 0xA6, 0x4D, 0x6B, 0x10,
-        0x98, 0x9D, 0x52, 0x1C, 0xCE, 0x69, 0x0D, 0x5C, 0x46, 0xEB, 0x5D, 0x9B,
-        0xC8, 0x6A, 0x8E, 0x1F, 0x56, 0x05, 0xBA, 0xD2, 0x50, 0x9F, 0x92, 0xB7,
-        0xD4, 0x4D, 0xCD, 0x58, 0x5B, 0xA7, 0x87, 0x10, 0x6D, 0xF3, 0xDB, 0xA8,
-        0x1D, 0x23, 0x00, 0xE4, 0x81, 0x69, 0x3E, 0x7D, 0xEA, 0x5B, 0x33, 0xF4,
-        0x73, 0xD8, 0x7C, 0xDD, 0x64, 0x74, 0x40, 0x30, 0x93, 0x8D, 0x2C, 0xA5,
-        0x2C, 0x24, 0x11, 0xB2, 0x26, 0x56, 0xE3, 0x41, 0x72, 0xAE, 0x41, 0x56,
-        0x9C, 0x75, 0x11, 0x8E, 0x53, 0x59, 0x77, 0xBF, 0x48, 0x71, 0x86, 0x7C,
-        0x7C, 0xCE, 0x04, 0xB9, 0x73, 0x62, 0xE6, 0x1D, 0xF8, 0xED, 0x93, 0x87
+        0x7F, 0xE5, 0x80, 0x89, 0xD7, 0x3E, 0xB9, 0x92, 0xF6, 0xBD, 0x13, 0x4B,
+        0x8D, 0xE8, 0x96, 0xC5, 0xAB, 0x56, 0x45, 0x55, 0xD4, 0xA6, 0x57, 0x73,
+        0xB5, 0xA8, 0xD7, 0x35, 0xF4, 0x4B, 0x0D, 0xA2, 0x30, 0x5A, 0xFE, 0xCB,
+        0x18, 0x06, 0x55, 0xB2, 0x51, 0xF2, 0xA4, 0x0E, 0xCB, 0x6E, 0x6C, 0x88,
+        0x03, 0xF3, 0x5C, 0x1E, 0xF0, 0xA4, 0xA8, 0x6E, 0x48, 0xE7, 0xB4, 0x87,
+        0xE9, 0xE9, 0xA0, 0xF0, 0xB2, 0xD3, 0x24, 0x8D, 0x2E, 0x8C, 0x11, 0x2C,
+        0x05, 0x26, 0x7C, 0xEE, 0x15, 0x67, 0xB8, 0xBF, 0xCA, 0xBC, 0x44, 0x8D,
+        0x80, 0xED, 0x94, 0xF1, 0x5B, 0x88, 0xE1, 0xB1, 0x81, 0x7D, 0x4D, 0x92,
+        0x6E, 0x1E, 0x3E, 0xF5, 0x7B, 0x77, 0x0A, 0xC8, 0x60, 0xB8, 0x7F, 0x43,
+        0x2F, 0x07, 0x3B, 0xCA, 0xF5, 0xC7, 0x6F, 0x8F, 0x9E, 0xC1, 0x39, 0x29,
+        0x10, 0xFA, 0xBA, 0xCD, 0x51, 0xDF, 0xF6, 0xAE, 0x6A, 0x84, 0xF4, 0xE0,
+        0xED, 0xFC, 0xE2, 0xCE, 0x68, 0x3A, 0x38, 0xBF, 0x9B, 0xAD, 0x6F, 0x8B,
+        0x84, 0x95, 0xAA, 0x5B, 0x4C, 0x73, 0xCE, 0x34, 0x8D, 0x84, 0x78, 0x1E,
+        0xBF, 0xD6, 0xE2, 0x12, 0xEB, 0x27, 0xA6, 0x96, 0x4C, 0x76, 0x9C, 0x19,
+        0x1C, 0x3C, 0x7D, 0xF7, 0xB0, 0xDB, 0xD6, 0x64, 0xFD, 0x67, 0xEB, 0x83,
+        0xC1, 0x60, 0x8F, 0x65, 0x19, 0xC0, 0x78, 0xFD, 0x09, 0xD4, 0x52, 0x74,
+        0xD6, 0x96, 0x89, 0x91, 0xEF, 0xF6, 0xB6, 0xAB, 0x27, 0x37, 0x7B, 0x43,
+        0xA9, 0xEC, 0xDA, 0x68, 0x5F, 0x3A, 0x32, 0xFE, 0xE8, 0x4E, 0x7B, 0xDC,
+        0xE4, 0x18, 0x5C, 0x53, 0x15, 0x5B, 0x5E, 0xC7, 0x08, 0x93, 0xF0, 0xBD,
+        0xF6, 0xC3, 0x78, 0x80, 0x3B, 0x1F, 0xC8, 0xBA, 0x0F, 0x58, 0xF7, 0x1E,
+        0x9C, 0xFB, 0x53, 0xCA, 0xA2, 0xBF, 0x9A, 0x18, 0xEE, 0x26, 0xD2, 0xA8,
+        0x88, 0x64, 0x13, 0xC8, 0xEE, 0xD2, 0x79, 0xB5, 0x67, 0xD4, 0x10, 0xB3,
+        0xF4, 0xC9, 0xCC, 0xCE, 0x4A, 0xE2, 0x38, 0x8B, 0x77, 0xEB, 0xD2, 0x89,
+        0xB0, 0x66, 0xFF, 0xCD, 0x76, 0xC1, 0x28, 0x65, 0xC2, 0xA3, 0xE3, 0x45
     },
     /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
     {
@@ -78,7 +78,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -107,7 +107,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -186,83 +186,95 @@ const uint32_t              encrypted_user_key_type =
 
 const unsigned char ca_ecc_cert_der_sig[] =
 {
-    0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
-    0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
-    0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
-    0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
-    0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
-    0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
-    0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
-    0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
-    0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
-    0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
-    0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
-    0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
-    0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
-    0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
-    0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
-    0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
-    0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
-    0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
-    0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
-    0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
-    0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
-    0xc0, 0x73, 0x11, 0x1e
+        0xAD, 0x89, 0x0C, 0x68, 0x8E, 0x97, 0xE5, 0x23, 0xE4, 0x35,
+        0x91, 0x2F, 0x1B, 0x2F, 0x48, 0xCC, 0x03, 0xFC, 0x18, 0xE1,
+        0x64, 0x8C, 0x4D, 0x12, 0xBB, 0xC1, 0xDD, 0xFE, 0xDF, 0x3B,
+        0x87, 0xB0, 0x5B, 0x84, 0x54, 0xE6, 0xAE, 0x6D, 0xE4, 0x08,
+        0x91, 0xF0, 0xBD, 0x11, 0xCA, 0xC4, 0xF1, 0x44, 0x41, 0x4C,
+        0x17, 0x65, 0xAD, 0xEC, 0xE5, 0x08, 0xD7, 0x9D, 0x3D, 0x95,
+        0x2A, 0x2B, 0x85, 0x70, 0x75, 0xC7, 0xEB, 0x2F, 0xB2, 0x5C,
+        0x07, 0xB8, 0x80, 0xBA, 0x6C, 0x5A, 0x78, 0x1C, 0xAC, 0xBC,
+        0x00, 0x2C, 0x9A, 0x21, 0x4E, 0x2A, 0xBA, 0x8E, 0x7D, 0x27,
+        0x82, 0xF8, 0xA9, 0x5A, 0xB3, 0x28, 0x82, 0x45, 0x1D, 0xF7,
+        0x5C, 0x06, 0x6C, 0xFA, 0x00, 0xE4, 0x8D, 0x0C, 0xC7, 0xBC,
+        0x16, 0x50, 0x84, 0xCE, 0x74, 0xAC, 0x67, 0x5E, 0xE0, 0x19,
+        0xF3, 0xFC, 0xD2, 0x1D, 0x46, 0x00, 0x63, 0x5E, 0xF8, 0xAC,
+        0x70, 0x82, 0x7C, 0x78, 0xD2, 0xD6, 0x42, 0xB0, 0xBC, 0x6E,
+        0x41, 0xCC, 0x3E, 0x08, 0x39, 0x29, 0xF4, 0xA6, 0xF5, 0x3D,
+        0x81, 0x0A, 0xF8, 0x12, 0xD8, 0xD1, 0x15, 0xA2, 0x4A, 0x4F,
+        0x13, 0x07, 0x9A, 0x56, 0x92, 0x51, 0xA2, 0xD6, 0x6B, 0xD9,
+        0xF9, 0x86, 0x8B, 0xBE, 0x05, 0xDE, 0x76, 0x66, 0x89, 0x73,
+        0x02, 0x19, 0x5C, 0xAC, 0xDE, 0x1E, 0x52, 0x80, 0x65, 0x42,
+        0x5D, 0xBB, 0xB4, 0xED, 0xCF, 0x1B, 0x5E, 0xED, 0xA1, 0xC2,
+        0x24, 0xAB, 0xBD, 0x30, 0xB2, 0xAE, 0x65, 0x8D, 0xE1, 0xDC,
+        0xA3, 0xC7, 0x43, 0xC0, 0xE4, 0xB9, 0x66, 0x91, 0x64, 0xFD,
+        0x12, 0x42, 0x12, 0x18, 0x4D, 0x7D, 0xF4, 0x14, 0xE5, 0x9E,
+        0x81, 0x38, 0xFB, 0x32, 0x3B, 0x54, 0xFA, 0x4A, 0x6F, 0x25,
+        0xA7, 0x3F, 0x45, 0x5D, 0x99, 0xC5, 0x4A, 0xE1, 0xEF, 0x12,
+        0x5E, 0x03, 0x30, 0xBC, 0x5C, 0x31
 };
 const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
 
 /* ./ca-cert.der.sign,  */
 const unsigned char ca_cert_der_sig[] =
 {
-    0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
-    0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
-    0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
-    0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
-    0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
-    0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
-    0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
-    0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
-    0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
-    0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
-    0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
-    0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
-    0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
-    0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
-    0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
-    0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
-    0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
-    0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
-    0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
-    0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
-    0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
-    0x1d, 0xdb, 0x57, 0xb8
+        0x78, 0xA1, 0x30, 0x91, 0xC7, 0x12, 0xA0, 0x6B, 0x48, 0xFC,
+        0x2B, 0x67, 0xF5, 0x00, 0x0D, 0x41, 0x64, 0x45, 0x20, 0xEF,
+        0x14, 0xD4, 0x60, 0x5A, 0x0C, 0x7D, 0xBA, 0x16, 0x46, 0x6C,
+        0x52, 0x3E, 0x8D, 0x15, 0x8C, 0xAB, 0x4D, 0x2F, 0x7E, 0x34,
+        0xB9, 0x92, 0xFF, 0xFB, 0x6F, 0xCE, 0x7B, 0x15, 0xF0, 0xB7,
+        0x1C, 0xFA, 0x6C, 0x06, 0x7A, 0x15, 0xC4, 0xAB, 0xA2, 0x8B,
+        0xCB, 0x48, 0x6D, 0x25, 0x2F, 0xB3, 0xF0, 0xA1, 0xAB, 0xFD,
+        0x53, 0xA9, 0x69, 0xC7, 0x33, 0xC3, 0x87, 0x48, 0xEE, 0x27,
+        0x01, 0x22, 0xC0, 0x1B, 0x69, 0x96, 0x1B, 0x2D, 0xD2, 0x92,
+        0x0B, 0xCC, 0x29, 0xD8, 0x17, 0x0E, 0x2C, 0x20, 0x95, 0xAC,
+        0xE3, 0xE6, 0xF6, 0x9C, 0xE7, 0xBE, 0x0F, 0xF0, 0xD8, 0xBE,
+        0xCF, 0x44, 0xBF, 0x34, 0x26, 0x7D, 0x30, 0xEA, 0x8D, 0xB9,
+        0xB4, 0xB0, 0x18, 0xF1, 0x19, 0x1A, 0x19, 0xD9, 0xF0, 0x9D,
+        0x72, 0xA6, 0x33, 0x9A, 0xA6, 0xC6, 0x74, 0xA9, 0x01, 0xE3,
+        0xFF, 0x60, 0xFC, 0x6D, 0x0B, 0x4C, 0x5D, 0x52, 0x4D, 0xED,
+        0x6C, 0xCC, 0xB9, 0x8D, 0x7B, 0x44, 0x3A, 0x1A, 0xD5, 0x8F,
+        0x75, 0xAA, 0x6B, 0xEC, 0xBB, 0x94, 0x5D, 0xA3, 0x9D, 0x33,
+        0x50, 0x1B, 0xBD, 0x04, 0x23, 0x05, 0x65, 0xA4, 0x5F, 0x21,
+        0xDD, 0x27, 0x3A, 0xB7, 0xE6, 0x21, 0x54, 0xA1, 0x75, 0x3C,
+        0x3D, 0x0E, 0x2F, 0xF5, 0x21, 0x7F, 0x02, 0x53, 0xB7, 0x14,
+        0x41, 0xEE, 0x0D, 0xCE, 0xB7, 0x48, 0xE6, 0x9A, 0x2E, 0x77,
+        0x9F, 0x94, 0x94, 0x00, 0x69, 0x28, 0xB4, 0xE9, 0xB1, 0x26,
+        0x2B, 0x90, 0xB9, 0xCD, 0x21, 0x05, 0xB5, 0x01, 0x37, 0x45,
+        0x32, 0x96, 0x80, 0xC3, 0x5A, 0xF1, 0x60, 0x9B, 0x97, 0x0D,
+        0x58, 0x63, 0x84, 0xB0, 0xF9, 0xCA, 0xBB, 0x97, 0x53, 0xA4,
+        0xC6, 0xE5, 0x6F, 0x59, 0x37, 0x81
 };
 const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
 /* ./client-cert.der.sign,  */
 const unsigned char client_cert_der_sign[] =
 {
-    0x9a, 0x0e, 0xbc, 0x0f, 0x7a, 0xbe, 0xb6, 0x47, 0x79, 0x71, 0xcc, 0x51,
-    0x87, 0xaa, 0x28, 0xbd, 0x9c, 0x04, 0x08, 0x0b, 0xb9, 0x78, 0x84, 0xeb,
-    0x1d, 0xf9, 0x0e, 0x38, 0x23, 0xfe, 0x8f, 0x6e, 0x75, 0x21, 0xcc, 0x39,
-    0x79, 0xf8, 0x9d, 0x80, 0x6b, 0xa9, 0x63, 0x79, 0x13, 0xd8, 0xc9, 0x5d,
-    0xd5, 0x84, 0x17, 0xdc, 0xe4, 0x56, 0xae, 0x55, 0x64, 0x69, 0x8c, 0x95,
-    0xa4, 0x03, 0xc1, 0x4a, 0xe8, 0xb6, 0xd5, 0x1b, 0xfa, 0x26, 0x3f, 0x2c,
-    0xff, 0xfc, 0xea, 0x83, 0xca, 0xf7, 0x4d, 0x9e, 0xf4, 0xbf, 0xca, 0xb6,
-    0x19, 0x46, 0x55, 0x45, 0xf4, 0x7d, 0xcd, 0x4b, 0xbc, 0x3d, 0xb7, 0xff,
-    0x57, 0xbf, 0xe8, 0x0e, 0xbc, 0x16, 0x45, 0xa1, 0xdb, 0xf0, 0xb4, 0x44,
-    0x64, 0x76, 0x0b, 0xe5, 0x86, 0x32, 0xbe, 0xd7, 0xf0, 0x26, 0x6c, 0x48,
-    0xb6, 0x7f, 0x1a, 0x2a, 0xe6, 0x1b, 0xbd, 0x5b, 0x9e, 0xca, 0xd0, 0xf4,
-    0xbb, 0xe4, 0x7f, 0x29, 0x66, 0xf6, 0x31, 0x6d, 0x70, 0x6f, 0xfd, 0x4d,
-    0x7f, 0xc8, 0x7f, 0x9a, 0x5b, 0x1e, 0x37, 0xf7, 0x0c, 0x66, 0xb2, 0x62,
-    0xd8, 0x3e, 0xca, 0x79, 0x6c, 0xec, 0x05, 0x01, 0xda, 0xd9, 0xe2, 0xc3,
-    0xd5, 0x9b, 0xf9, 0x43, 0xa6, 0x14, 0x9a, 0x1f, 0x32, 0xd3, 0x68, 0x63,
-    0x65, 0xb8, 0xb1, 0x63, 0xd5, 0xe2, 0xaa, 0x06, 0x27, 0x62, 0x4a, 0x95,
-    0x48, 0x3f, 0xee, 0xde, 0x3b, 0x89, 0xd4, 0x61, 0x74, 0x39, 0xef, 0xe6,
-    0x6e, 0x16, 0x2d, 0x8b, 0x54, 0x29, 0xe9, 0x71, 0xbc, 0xd4, 0x30, 0x42,
-    0x35, 0x1e, 0x89, 0xfb, 0xf7, 0x4a, 0x47, 0x87, 0x41, 0x66, 0x49, 0xe5,
-    0x8e, 0x16, 0x7f, 0x17, 0x07, 0xd6, 0xff, 0xe1, 0x2a, 0x4d, 0x7c, 0x70,
-    0x0d, 0x72, 0x5d, 0x3d, 0x1f, 0xd8, 0x41, 0x1a, 0x43, 0x00, 0x31, 0x81,
-    0x60, 0xa8, 0x6c, 0xef
+		0x81, 0x89, 0xC5, 0xC6, 0x25, 0xE3, 0xD5, 0x3D, 0xEE, 0xE0,
+		0xBC, 0xDF, 0xF0, 0xA4, 0xCE, 0xAC, 0xF8, 0x26, 0xB1, 0x41,
+		0xE3, 0x8C, 0x50, 0xE8, 0xCA, 0x4A, 0xA7, 0xDB, 0x5F, 0xED,
+		0x61, 0x31, 0xFD, 0x13, 0xC7, 0x04, 0x25, 0x4A, 0x2D, 0x77,
+		0xE8, 0xA0, 0xB3, 0xA5, 0x5D, 0x54, 0x70, 0xF9, 0x76, 0xC9,
+		0x26, 0x32, 0x84, 0x04, 0xEC, 0xEF, 0x39, 0x48, 0x8D, 0xB1,
+		0xDC, 0xA7, 0x71, 0xC2, 0x69, 0xC6, 0x99, 0x16, 0xB2, 0x06,
+		0xBD, 0xA7, 0x7C, 0x66, 0x35, 0x2D, 0x9A, 0xFB, 0xDA, 0xAF,
+		0xAA, 0xF7, 0x5A, 0x2E, 0x7C, 0x74, 0x3C, 0x53, 0xBC, 0x59,
+		0x5A, 0xF6, 0x1A, 0x0E, 0x2F, 0x9A, 0xA6, 0x9B, 0x3C, 0x06,
+		0x88, 0x77, 0x38, 0x7A, 0x02, 0xC9, 0x89, 0x03, 0x5B, 0xF9,
+		0xE7, 0xF2, 0xFD, 0x2B, 0x63, 0x94, 0x92, 0x8D, 0xBB, 0x9D,
+		0x71, 0x17, 0xB6, 0xBF, 0xA4, 0x68, 0x51, 0xF4, 0x98, 0xAC,
+		0xD2, 0x57, 0x6D, 0xC0, 0xBD, 0xE9, 0xC1, 0xE5, 0x4D, 0xD6,
+		0xFF, 0xC8, 0xDF, 0x7A, 0x4F, 0x97, 0x5D, 0x46, 0x3A, 0x0A,
+		0x38, 0xE8, 0x0C, 0x99, 0xE7, 0x97, 0xE7, 0x3F, 0xFE, 0xC8,
+		0x6A, 0x93, 0x95, 0xD2, 0x32, 0xB1, 0x01, 0x00, 0x1C, 0x9A,
+		0xCE, 0x5F, 0x2B, 0xA8, 0xB1, 0xC7, 0xDC, 0x1B, 0x04, 0x9F,
+		0x58, 0x03, 0x57, 0x19, 0x9A, 0xDB, 0x58, 0x33, 0xBD, 0x9D,
+		0x3E, 0xA0, 0x3D, 0x9A, 0x00, 0xA6, 0xE9, 0x2E, 0xCD, 0x45,
+		0x97, 0xC1, 0xDF, 0xCF, 0xAF, 0x8A, 0x93, 0x52, 0xAA, 0x65,
+		0x1C, 0xC2, 0x3C, 0xDD, 0xE1, 0xED, 0x4B, 0x8A, 0x05, 0x5A,
+		0xBE, 0x84, 0xEE, 0xDF, 0xC0, 0x96, 0xD2, 0x5A, 0x60, 0x32,
+		0xDF, 0xC9, 0x01, 0x7C, 0x83, 0x27, 0x2B, 0x4B, 0x18, 0x18,
+		0x9F, 0x58, 0xE4, 0xF0, 0x0C, 0x36, 0xC1, 0xB4, 0x08, 0x70,
+		0xFB, 0xDC, 0xCB, 0x70, 0x61, 0xAC
 };
 const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
 
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h
index 80df72cb3..10e95496f 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h
@@ -1,6 +1,6 @@
 /* key_data.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c
index 8c79e8d40..f9a8f8eb8 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -89,14 +89,14 @@ double current_time(int reset)
 
 int SetTsiptlsKey()
 {
-#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER >=109)   
-    
+#if defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER >=109)
+
 #if defined(TLS_CLIENT)
 
-    #if defined(USE_ECC_CERT)    
+    #if defined(USE_ECC_CERT)
     /* Root CA cert has ECC-P256 public key */
     tsip_inform_cert_sign((const byte *)ca_ecc_cert_der_sig);
-    #else    
+    #else
     /* Root CA cert has RSA public key */
     tsip_inform_cert_sign((const byte *)ca_cert_der_sig);
     #endif
@@ -120,24 +120,24 @@ int SetTsiptlsKey()
 #endif
 
 #elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER < 109)
-    
+
     #if defined(TLS_CLIENT)
- 
+
         tsip_inform_cert_sign((const byte *)ca_cert_sig);
         tsip_inform_user_keys((byte*)&g_key_block_data.encrypted_session_key,
                             (byte*)&g_key_block_data.iv,
                             (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key);
- 
+
     #elif defined(TLS_SERVER)
- 
+
         tsip_inform_cert_sign((const byte *)client_cert_der_sign);
         tsip_inform_user_keys((byte*)&g_key_block_data.encrypted_session_key,
                             (byte*)&g_key_block_data.iv,
                             (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key);
- 
+
     #endif
 
-#endif    
+#endif
     return 0;
 }
 
@@ -283,7 +283,7 @@ void main(void)
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     SetTsiptlsKey();
 #endif
-    
+
     do {
         if(cipherlist_sz > 0 ) printf("cipher : %s\n", cipherlist[i]);
 
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c
index 4506a6d4b..2ceabfa68 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c
index 2e7e35795..9cf891d85 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c
@@ -1,6 +1,6 @@
 /* wolf_server.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -126,7 +126,7 @@ void wolfSSL_TLS_server_init(byte doClientCheck)
     #if !defined(NO_FILESYSTEM)
         ret = wolfSSL_CTX_use_PrivateKey_file(server_ctx, key, 0);
     #else
-        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key, 
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key,
                                                         SSL_FILETYPE_ASN1);
     #endif
         if (ret != SSL_SUCCESS) {
@@ -140,20 +140,20 @@ void wolfSSL_TLS_server_init(byte doClientCheck)
             wolfSSL_CTX_set_verify(server_ctx, WOLFSSL_VERIFY_PEER |
                                 WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
 #if !defined(NO_FILESYSTEM)
-            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0) 
+            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0)
                                                                 != WOLFSSL_SUCCESS)
 #else
-            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert, 
+            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert,
                                                sizeof_clicert,
                                                SSL_FILETYPE_ASN1) != SSL_SUCCESS)
 #endif
                 printf("can't load ca file, Please run from wolfSSL home dir\n");
         }
-   
+
    /* Register callbacks */
    wolfSSL_SetIORecv(server_ctx, my_IORecv);
    wolfSSL_SetIOSend(server_ctx, my_IOSend);
-   
+
 }
 
 void wolfSSL_TLS_server( )
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h
index 9558d8f12..d440032ef 100644
--- a/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md
new file mode 100644
index 000000000..0658c03a1
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/README.md
@@ -0,0 +1,39 @@
+# Create/Update Signed CA
+This document describes how to create/update Signed CA data that is used at an example program.
+
+## Signed CA Creation
+### Generate RSA Key pair
+```
+2048 bit RSA key pair
+$ openssl genrsa 2048 2> /dev/null > rsa_private.pem
+$ openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem 2> /dev/null
+```
+
+### Sign to CA certificate
+```
+Signed by 2048-bit RSA
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out <signed-CA>.sign <CA-file-for-Signed>
+
+For an example program, it assumes that wolfSSL example CA cert is to be signed.
+e.g.
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out Signed-CA.sign /path/for/wolfssl/certs/ca-cert.der
+```
+
+### Convert Signed CA to C source
+It is able to use `dertoc.pl` to generate c-source data from signed-ca binary data.
+
+```
+$ /path/to/wolfssl/scripts/dertoc.pl ./ca-cert.der.sign ca_cert_der_sig example.c
+```
+
+
+## Appendix
+### Example Keys
+There are multiple example keys for testing in the `example_keys` folder.
+```
+<example_keys>
+|
++----+ rsa_private.pem  an example 2048-bit rsa private key for signing CA cert
+     + rsa_public.pem   an example 2048-bit rsa public key for verifying CA cert
+     + generate_signCA.sh an example script to generate signed-certificate data for the example program
+```
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh
new file mode 100755
index 000000000..c5b3fa91e
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/generate_SignedCA.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# example usage
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../../wolfssl/certs/ca-cert.der ../../../../../../../../wolfssl
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../../wolfssl/certs/ca-ecc-cert.der ../../../../../../../../wolfssl
+#
+SIGOPT=rsa_padding_mode:pss
+SIGOPT2=rsa_pss_saltlen:-1
+CURRENT=$(cd $(dirname $0);pwd)
+
+function usage() {
+    cat <<- _EOT_
+    Usage:
+      $0 private-key public-key file-name wolfssl-dir
+
+    Options:
+      private-key : private key for sign/verify
+      public-key  : public key for verify
+      file-name   : file name to be signed
+      wolfssl-dir : wolfssl folder path
+
+_EOT_
+exit 1
+}
+
+if [ $# -ne 4 ]; then
+    usage
+fi
+
+# $1 private key for sign/verify
+# $2 public key for verify
+# $3 file for sign/verify
+signed_file=$(basename $3)
+wolf_dir=$4
+
+openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out ${CURRENT}/${signed_file}.sign $3
+
+echo Verify by private key
+openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+echo Verify by public key
+openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+
+# Convert Signed CA to c source
+${wolf_dir}/scripts/dertoc.pl ${CURRENT}/${signed_file}.sign  XXXXXXX ${signed_file}.c
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_private.pem b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_private.pem
new file mode 100644
index 000000000..1fdfcca48
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvv9Ojq+nD5Qey29QAjw30fNVQz1A9OaDMivHMsLDKrW2qlzb
+y5upich6j+bFVCV/qxeWe3Gqgz/9P5lL1gxlsfMB0Ou9ktkpr/tPTGfEg2GqnRT9
+jy6H2gayKV9TB4cGrqOdcg8JA8ioYt6tks03jMqAzqYG20N8pPOxZLl0bRX/CR9r
+zo/ngDZkyHXf35LL+XsjLmavPYrHdULxS4DYz/sHVJe5hLboOjNShpDAM5WU3flD
+xQqspaWfAiXty0RyNmHgVY3ev5xj053hOr2FzbA+vGr2krg6jTlGtt7Pq1/uLfsn
+c86E+wzHqJj/yW+ovlUGFTBhHVosQ/MB2wRxiwIDAQABAoIBAAC5xZmjLzZO8MMD
+HEG16txgWU2VGP8VNSBmrC4UMVujLxt8mNUwNTexzE1pqgxEzDRhNZAogWZYQuUP
+9wrMJ0LC0pnxm1nIe3EQul9m8YcyQsyv/LqjiZ6ZcenYU99ucucM9hct2XHrPECL
+6grpvrFJP64JUXNZ0UprJpxkW/3iGtQGBqtyWKWvIEhvU0rdZuE4JSW1bJTSyplb
+LM4947lLRJufnKNPkCKZlVrhvnd0QE9Q6nwip6+H7Tk/sMPKHZcG8HeQkloHO/ar
+0o2dPwp2vx6T7IvQ1duZyGTvWHCPW66mnrINFJcuUmVDBj0+tHYx94fjEVRUYrig
+4PTIkAkCgYEA6tok4Md+Yqogw+QOPj0tQKujQkxAhkUA8EteVmwFP6Vy6oMYLTkf
+oZuBMh0S+8ddWXJIpDnLMown7a79XwFtXc39W5nXXBhMexNf44ad8soXDOuc363E
+2TYWn/GTUqGcCc4wy99vCe3508XG02yvVSIEY3iEdT0F6iis1uV+TG0CgYEA0DI2
+fS0Xl0+ig4c/0LtiuO40CBoblKsL+fe/bTUhKOnE3z5AkHy71FT2B0JSOnO04F0Q
+cTniGks9LISYm6kQQ43jfxMQCsaUzRbS1i+z+h+TdE8324gHP/4PH1mcUvuUWZHb
+esLeTpLRlsF9Wlm5bnG4wZsHM2+HnJDj5WUOCtcCgYEA6ivXp7XjZHfksc69EPwp
+GhnKcPndQMSfOfq8twmAdkT/f6x1t+oEizymJxTsb9cLUnvsyKvD28P6sDnS9B9V
+MLqLjQGpxm+IGxRngVQiPAubzktEoZf/9uHCz3qufi8cin5pE2/XpRwABlRnezsc
+3JNNsu1hjhDpy+EA7knolEUCgYBFCaGP+Lft8PZO7zZ2HO0rrbGLTjz/G4kpJsJP
+kGKikoI6FQaL4xDV5CaBWbiysVO1YqblJPCZD4IFlSKV24YNIKvjo4qaSCdnqr3X
+UJI5yua2lt5K6dydl72kA68WxV34JanGF4BoRb9CYn8SytX2jbdaW/ITWFR70n//
+vXbemQKBgG+yXyN14DZeld3zCX/1OTi1no++XSe99tK0eeXCmMTjq5kLPJAyQfSz
+Cht82D1bkovS/LX+mZ06ySD632d46W8rgv+AMZqChhUmOG6a0QcCK1vYsgX90O5e
+da5/kHw4lwcCY7yRDq7i0dtgoBGRsLQzIVvo4VxnLNBPH2uqHvum
+-----END RSA PRIVATE KEY-----
diff --git a/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_public.pem b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_public.pem
new file mode 100644
index 000000000..ab82dcda3
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX65N/GR-ROSE/tools/example_keys/rsa_public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvv9Ojq+nD5Qey29QAjw3
+0fNVQz1A9OaDMivHMsLDKrW2qlzby5upich6j+bFVCV/qxeWe3Gqgz/9P5lL1gxl
+sfMB0Ou9ktkpr/tPTGfEg2GqnRT9jy6H2gayKV9TB4cGrqOdcg8JA8ioYt6tks03
+jMqAzqYG20N8pPOxZLl0bRX/CR9rzo/ngDZkyHXf35LL+XsjLmavPYrHdULxS4DY
+z/sHVJe5hLboOjNShpDAM5WU3flDxQqspaWfAiXty0RyNmHgVY3ev5xj053hOr2F
+zbA+vGr2krg6jTlGtt7Pq1/uLfsnc86E+wzHqJj/yW+ovlUGFTBhHVosQ/MB2wRx
+iwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/README_EN.md b/IDE/Renesas/e2studio/RX65N/RSK/README_EN.md
index 769610879..4574735ab 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/README_EN.md
+++ b/IDE/Renesas/e2studio/RX65N/RSK/README_EN.md
@@ -3,7 +3,7 @@ wolfSSL sample application project for Renesas RSK+RX65N-2MB evaluation board
 
 <br>
 
-A sample program for evaluating wolfSSL targeting the Renesas RSK+RX65N-2MB evaluation board is provided. For details on the program, refer to the following documents included in the package. 
+A sample program for evaluating wolfSSL targeting the Renesas RSK+RX65N-2MB evaluation board is provided. For details on the program, refer to the following documents included in the package.
 
 + InstructionManualForExample_RSK+RX65N-2MB_JP.pdf (Japanese)
-+ InstructionManualForExample_RSK+RX65N-2MB_EN.pdf (English）
\ No newline at end of file
++ InstructionManualForExample_RSK+RX65N-2MB_EN.pdf (English）
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/README_JP.md b/IDE/Renesas/e2studio/RX65N/RSK/README_JP.md
index 630f28c0a..9aaa188fe 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/README_JP.md
+++ b/IDE/Renesas/e2studio/RX65N/RSK/README_JP.md
@@ -9,4 +9,4 @@ Renesas社製 RSK+RX65N-2MB 評価ボードをターゲットとしてwolfSSLを
 + InstructionManualForExample_RSK+RX65N-2MB_JP.pdf (日本語版)
 + InstructionManualForExample_RSK+RX65N-2MB_EN.pdf (英語版)
 
-を参照ください。
\ No newline at end of file
+を参照ください。
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
index 4d176ccaa..620334fbf 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c
@@ -1,6 +1,6 @@
 /* key_data.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,7 +37,7 @@ const st_key_block_data_t g_key_block_data =
     },
     /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
     {
-        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D, 
+        0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D,
         0x34, 0xB2, 0x4D, 0x92
     },
     /* 
@@ -45,30 +45,30 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
      */
     {
-        0xD9, 0x9A, 0x75, 0x0E, 0x9D, 0x4F, 0x63, 0xA4, 0x02, 0x96, 0xE1, 0xF1,
-        0x49, 0x44, 0xB5, 0x90, 0x59, 0x24, 0xC4, 0x23, 0xF7, 0xA0, 0x32, 0x65,
-        0x68, 0x7B, 0x70, 0xE7, 0xA5, 0xC8, 0x12, 0xD1, 0xCD, 0x55, 0x36, 0x5F,
-        0xE6, 0xEB, 0xD0, 0xAD, 0x5A, 0x7F, 0x9F, 0x41, 0x79, 0x8B, 0x2F, 0x3B,
-        0x17, 0xC9, 0xEE, 0xA7, 0xCB, 0xB5, 0x40, 0xFA, 0x3B, 0x43, 0x1D, 0xF8,
-        0x34, 0xCC, 0xB1, 0xB4, 0x8E, 0x67, 0xF6, 0xA0, 0x49, 0xAA, 0x76, 0x33,
-        0xA4, 0x56, 0xCD, 0x16, 0xE9, 0x76, 0x16, 0x92, 0xBE, 0x3F, 0x3A, 0x3A,
-        0xD7, 0x7A, 0xCD, 0xC9, 0xE2, 0xA0, 0xC8, 0x16, 0x2A, 0x0D, 0xBD, 0x3C,
-        0xEA, 0xC8, 0x26, 0x82, 0xDA, 0x5D, 0x19, 0x71, 0x7B, 0x90, 0x03, 0xEF,
-        0x1E, 0x24, 0x01, 0x62, 0x15, 0x3D, 0x2B, 0x4C, 0xA7, 0x8F, 0xBC, 0xD3,
-        0xD9, 0xC8, 0x9F, 0xBB, 0x4A, 0x62, 0x57, 0xE8, 0xE2, 0x86, 0x8C, 0x56,
-        0x36, 0x64, 0xE7, 0xB9, 0x47, 0x5C, 0x02, 0xF4, 0x87, 0x50, 0x16, 0x9C,
-        0xFB, 0xF6, 0xE9, 0x73, 0x96, 0x78, 0x94, 0x59, 0x12, 0x28, 0x03, 0x37,
-        0x75, 0x56, 0x00, 0x2F, 0xCE, 0x54, 0x7C, 0x34, 0xFD, 0x0B, 0x10, 0x5B,
-        0x4A, 0xEE, 0x11, 0x1B, 0x39, 0xE9, 0x80, 0x8B, 0x27, 0x2D, 0x29, 0x12,
-        0x68, 0x87, 0xD2, 0xC9, 0x78, 0xED, 0xED, 0xF2, 0xA6, 0x4D, 0x6B, 0x10,
-        0x98, 0x9D, 0x52, 0x1C, 0xCE, 0x69, 0x0D, 0x5C, 0x46, 0xEB, 0x5D, 0x9B,
-        0xC8, 0x6A, 0x8E, 0x1F, 0x56, 0x05, 0xBA, 0xD2, 0x50, 0x9F, 0x92, 0xB7,
-        0xD4, 0x4D, 0xCD, 0x58, 0x5B, 0xA7, 0x87, 0x10, 0x6D, 0xF3, 0xDB, 0xA8,
-        0x1D, 0x23, 0x00, 0xE4, 0x81, 0x69, 0x3E, 0x7D, 0xEA, 0x5B, 0x33, 0xF4,
-        0x73, 0xD8, 0x7C, 0xDD, 0x64, 0x74, 0x40, 0x30, 0x93, 0x8D, 0x2C, 0xA5,
-        0x2C, 0x24, 0x11, 0xB2, 0x26, 0x56, 0xE3, 0x41, 0x72, 0xAE, 0x41, 0x56,
-        0x9C, 0x75, 0x11, 0x8E, 0x53, 0x59, 0x77, 0xBF, 0x48, 0x71, 0x86, 0x7C,
-        0x7C, 0xCE, 0x04, 0xB9, 0x73, 0x62, 0xE6, 0x1D, 0xF8, 0xED, 0x93, 0x87
+        0x7F, 0xE5, 0x80, 0x89, 0xD7, 0x3E, 0xB9, 0x92, 0xF6, 0xBD, 0x13, 0x4B,
+        0x8D, 0xE8, 0x96, 0xC5, 0xAB, 0x56, 0x45, 0x55, 0xD4, 0xA6, 0x57, 0x73,
+        0xB5, 0xA8, 0xD7, 0x35, 0xF4, 0x4B, 0x0D, 0xA2, 0x30, 0x5A, 0xFE, 0xCB,
+        0x18, 0x06, 0x55, 0xB2, 0x51, 0xF2, 0xA4, 0x0E, 0xCB, 0x6E, 0x6C, 0x88,
+        0x03, 0xF3, 0x5C, 0x1E, 0xF0, 0xA4, 0xA8, 0x6E, 0x48, 0xE7, 0xB4, 0x87,
+        0xE9, 0xE9, 0xA0, 0xF0, 0xB2, 0xD3, 0x24, 0x8D, 0x2E, 0x8C, 0x11, 0x2C,
+        0x05, 0x26, 0x7C, 0xEE, 0x15, 0x67, 0xB8, 0xBF, 0xCA, 0xBC, 0x44, 0x8D,
+        0x80, 0xED, 0x94, 0xF1, 0x5B, 0x88, 0xE1, 0xB1, 0x81, 0x7D, 0x4D, 0x92,
+        0x6E, 0x1E, 0x3E, 0xF5, 0x7B, 0x77, 0x0A, 0xC8, 0x60, 0xB8, 0x7F, 0x43,
+        0x2F, 0x07, 0x3B, 0xCA, 0xF5, 0xC7, 0x6F, 0x8F, 0x9E, 0xC1, 0x39, 0x29,
+        0x10, 0xFA, 0xBA, 0xCD, 0x51, 0xDF, 0xF6, 0xAE, 0x6A, 0x84, 0xF4, 0xE0,
+        0xED, 0xFC, 0xE2, 0xCE, 0x68, 0x3A, 0x38, 0xBF, 0x9B, 0xAD, 0x6F, 0x8B,
+        0x84, 0x95, 0xAA, 0x5B, 0x4C, 0x73, 0xCE, 0x34, 0x8D, 0x84, 0x78, 0x1E,
+        0xBF, 0xD6, 0xE2, 0x12, 0xEB, 0x27, 0xA6, 0x96, 0x4C, 0x76, 0x9C, 0x19,
+        0x1C, 0x3C, 0x7D, 0xF7, 0xB0, 0xDB, 0xD6, 0x64, 0xFD, 0x67, 0xEB, 0x83,
+        0xC1, 0x60, 0x8F, 0x65, 0x19, 0xC0, 0x78, 0xFD, 0x09, 0xD4, 0x52, 0x74,
+        0xD6, 0x96, 0x89, 0x91, 0xEF, 0xF6, 0xB6, 0xAB, 0x27, 0x37, 0x7B, 0x43,
+        0xA9, 0xEC, 0xDA, 0x68, 0x5F, 0x3A, 0x32, 0xFE, 0xE8, 0x4E, 0x7B, 0xDC,
+        0xE4, 0x18, 0x5C, 0x53, 0x15, 0x5B, 0x5E, 0xC7, 0x08, 0x93, 0xF0, 0xBD,
+        0xF6, 0xC3, 0x78, 0x80, 0x3B, 0x1F, 0xC8, 0xBA, 0x0F, 0x58, 0xF7, 0x1E,
+        0x9C, 0xFB, 0x53, 0xCA, 0xA2, 0xBF, 0x9A, 0x18, 0xEE, 0x26, 0xD2, 0xA8,
+        0x88, 0x64, 0x13, 0xC8, 0xEE, 0xD2, 0x79, 0xB5, 0x67, 0xD4, 0x10, 0xB3,
+        0xF4, 0xC9, 0xCC, 0xCE, 0x4A, 0xE2, 0x38, 0x8B, 0x77, 0xEB, 0xD2, 0x89,
+        0xB0, 0x66, 0xFF, 0xCD, 0x76, 0xC1, 0x28, 0x65, 0xC2, 0xA3, 0xE3, 0x45
     },
     /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
     {
@@ -78,7 +78,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -107,7 +107,7 @@ const st_key_block_data_t g_key_block_data =
      * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
      */
     {
-        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD, 
+        0x22, 0xEC, 0xE3, 0x79, 0xD1, 0x0C, 0xB4, 0xED, 0xE0, 0xA9, 0x0F, 0xBD,
         0xC7, 0x0B, 0xB4, 0x1E, 0x82, 0x27, 0x79, 0x20, 0x6A, 0x15, 0x56, 0xD6,
         0x0F, 0xFA, 0xE4, 0x61, 0x04, 0xDA, 0x81, 0x33, 0x42, 0xBA, 0x6D, 0xB9,
         0x34, 0x81, 0xFD, 0x67, 0xDF, 0x1D, 0xCB, 0x52, 0x64, 0x9A, 0x2E, 0x30,
@@ -187,84 +187,96 @@ const uint32_t              encrypted_user_key_type =
 
 const unsigned char ca_ecc_cert_der_sig[] =
 {
-    0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
-    0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
-    0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
-    0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
-    0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
-    0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
-    0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
-    0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
-    0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
-    0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
-    0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
-    0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
-    0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
-    0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
-    0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
-    0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
-    0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
-    0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
-    0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
-    0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
-    0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
-    0xc0, 0x73, 0x11, 0x1e
+        0xAD, 0x89, 0x0C, 0x68, 0x8E, 0x97, 0xE5, 0x23, 0xE4, 0x35,
+        0x91, 0x2F, 0x1B, 0x2F, 0x48, 0xCC, 0x03, 0xFC, 0x18, 0xE1,
+        0x64, 0x8C, 0x4D, 0x12, 0xBB, 0xC1, 0xDD, 0xFE, 0xDF, 0x3B,
+        0x87, 0xB0, 0x5B, 0x84, 0x54, 0xE6, 0xAE, 0x6D, 0xE4, 0x08,
+        0x91, 0xF0, 0xBD, 0x11, 0xCA, 0xC4, 0xF1, 0x44, 0x41, 0x4C,
+        0x17, 0x65, 0xAD, 0xEC, 0xE5, 0x08, 0xD7, 0x9D, 0x3D, 0x95,
+        0x2A, 0x2B, 0x85, 0x70, 0x75, 0xC7, 0xEB, 0x2F, 0xB2, 0x5C,
+        0x07, 0xB8, 0x80, 0xBA, 0x6C, 0x5A, 0x78, 0x1C, 0xAC, 0xBC,
+        0x00, 0x2C, 0x9A, 0x21, 0x4E, 0x2A, 0xBA, 0x8E, 0x7D, 0x27,
+        0x82, 0xF8, 0xA9, 0x5A, 0xB3, 0x28, 0x82, 0x45, 0x1D, 0xF7,
+        0x5C, 0x06, 0x6C, 0xFA, 0x00, 0xE4, 0x8D, 0x0C, 0xC7, 0xBC,
+        0x16, 0x50, 0x84, 0xCE, 0x74, 0xAC, 0x67, 0x5E, 0xE0, 0x19,
+        0xF3, 0xFC, 0xD2, 0x1D, 0x46, 0x00, 0x63, 0x5E, 0xF8, 0xAC,
+        0x70, 0x82, 0x7C, 0x78, 0xD2, 0xD6, 0x42, 0xB0, 0xBC, 0x6E,
+        0x41, 0xCC, 0x3E, 0x08, 0x39, 0x29, 0xF4, 0xA6, 0xF5, 0x3D,
+        0x81, 0x0A, 0xF8, 0x12, 0xD8, 0xD1, 0x15, 0xA2, 0x4A, 0x4F,
+        0x13, 0x07, 0x9A, 0x56, 0x92, 0x51, 0xA2, 0xD6, 0x6B, 0xD9,
+        0xF9, 0x86, 0x8B, 0xBE, 0x05, 0xDE, 0x76, 0x66, 0x89, 0x73,
+        0x02, 0x19, 0x5C, 0xAC, 0xDE, 0x1E, 0x52, 0x80, 0x65, 0x42,
+        0x5D, 0xBB, 0xB4, 0xED, 0xCF, 0x1B, 0x5E, 0xED, 0xA1, 0xC2,
+        0x24, 0xAB, 0xBD, 0x30, 0xB2, 0xAE, 0x65, 0x8D, 0xE1, 0xDC,
+        0xA3, 0xC7, 0x43, 0xC0, 0xE4, 0xB9, 0x66, 0x91, 0x64, 0xFD,
+        0x12, 0x42, 0x12, 0x18, 0x4D, 0x7D, 0xF4, 0x14, 0xE5, 0x9E,
+        0x81, 0x38, 0xFB, 0x32, 0x3B, 0x54, 0xFA, 0x4A, 0x6F, 0x25,
+        0xA7, 0x3F, 0x45, 0x5D, 0x99, 0xC5, 0x4A, 0xE1, 0xEF, 0x12,
+        0x5E, 0x03, 0x30, 0xBC, 0x5C, 0x31
 };
 const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
 
 /* ./ca-cert.der.sign,  */
 const unsigned char ca_cert_der_sig[] =
 {
-    0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
-    0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
-    0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
-    0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
-    0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
-    0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
-    0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
-    0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
-    0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
-    0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
-    0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
-    0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
-    0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
-    0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
-    0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
-    0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
-    0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
-    0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
-    0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
-    0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
-    0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
-    0x1d, 0xdb, 0x57, 0xb8
+        0x78, 0xA1, 0x30, 0x91, 0xC7, 0x12, 0xA0, 0x6B, 0x48, 0xFC,
+        0x2B, 0x67, 0xF5, 0x00, 0x0D, 0x41, 0x64, 0x45, 0x20, 0xEF,
+        0x14, 0xD4, 0x60, 0x5A, 0x0C, 0x7D, 0xBA, 0x16, 0x46, 0x6C,
+        0x52, 0x3E, 0x8D, 0x15, 0x8C, 0xAB, 0x4D, 0x2F, 0x7E, 0x34,
+        0xB9, 0x92, 0xFF, 0xFB, 0x6F, 0xCE, 0x7B, 0x15, 0xF0, 0xB7,
+        0x1C, 0xFA, 0x6C, 0x06, 0x7A, 0x15, 0xC4, 0xAB, 0xA2, 0x8B,
+        0xCB, 0x48, 0x6D, 0x25, 0x2F, 0xB3, 0xF0, 0xA1, 0xAB, 0xFD,
+        0x53, 0xA9, 0x69, 0xC7, 0x33, 0xC3, 0x87, 0x48, 0xEE, 0x27,
+        0x01, 0x22, 0xC0, 0x1B, 0x69, 0x96, 0x1B, 0x2D, 0xD2, 0x92,
+        0x0B, 0xCC, 0x29, 0xD8, 0x17, 0x0E, 0x2C, 0x20, 0x95, 0xAC,
+        0xE3, 0xE6, 0xF6, 0x9C, 0xE7, 0xBE, 0x0F, 0xF0, 0xD8, 0xBE,
+        0xCF, 0x44, 0xBF, 0x34, 0x26, 0x7D, 0x30, 0xEA, 0x8D, 0xB9,
+        0xB4, 0xB0, 0x18, 0xF1, 0x19, 0x1A, 0x19, 0xD9, 0xF0, 0x9D,
+        0x72, 0xA6, 0x33, 0x9A, 0xA6, 0xC6, 0x74, 0xA9, 0x01, 0xE3,
+        0xFF, 0x60, 0xFC, 0x6D, 0x0B, 0x4C, 0x5D, 0x52, 0x4D, 0xED,
+        0x6C, 0xCC, 0xB9, 0x8D, 0x7B, 0x44, 0x3A, 0x1A, 0xD5, 0x8F,
+        0x75, 0xAA, 0x6B, 0xEC, 0xBB, 0x94, 0x5D, 0xA3, 0x9D, 0x33,
+        0x50, 0x1B, 0xBD, 0x04, 0x23, 0x05, 0x65, 0xA4, 0x5F, 0x21,
+        0xDD, 0x27, 0x3A, 0xB7, 0xE6, 0x21, 0x54, 0xA1, 0x75, 0x3C,
+        0x3D, 0x0E, 0x2F, 0xF5, 0x21, 0x7F, 0x02, 0x53, 0xB7, 0x14,
+        0x41, 0xEE, 0x0D, 0xCE, 0xB7, 0x48, 0xE6, 0x9A, 0x2E, 0x77,
+        0x9F, 0x94, 0x94, 0x00, 0x69, 0x28, 0xB4, 0xE9, 0xB1, 0x26,
+        0x2B, 0x90, 0xB9, 0xCD, 0x21, 0x05, 0xB5, 0x01, 0x37, 0x45,
+        0x32, 0x96, 0x80, 0xC3, 0x5A, 0xF1, 0x60, 0x9B, 0x97, 0x0D,
+        0x58, 0x63, 0x84, 0xB0, 0xF9, 0xCA, 0xBB, 0x97, 0x53, 0xA4,
+        0xC6, 0xE5, 0x6F, 0x59, 0x37, 0x81
 };
 const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
 /* ./client-cert.der.sign,  */
 const unsigned char client_cert_der_sign[] =
 {
-    0x5D, 0x1F, 0x89, 0x41, 0xEC, 0x47, 0xC8, 0x90, 0x61, 0x79, 0x8A, 0x16,
-    0x1F, 0x31, 0x96, 0x67, 0xD9, 0x3C, 0xEC, 0x6B, 0x58, 0xC6, 0x5A, 0xED,
-    0x99, 0xB3, 0xEF, 0x27, 0x6F, 0x04, 0x8C, 0xD9, 0x68, 0xB1, 0xD6, 0x23,
-    0x15, 0x84, 0x00, 0xE1, 0x27, 0xD1, 0x1F, 0x68, 0xB7, 0x3F, 0x13, 0x53,
-    0x8A, 0x95, 0x5A, 0x20, 0x7C, 0xB2, 0x76, 0x5B, 0xDC, 0xE0, 0xA6, 0x21,
-    0x7C, 0x49, 0xCF, 0x93, 0xBA, 0xD5, 0x12, 0x9F, 0xEE, 0x90, 0x5B, 0x3F,
-    0xA3, 0x9D, 0x13, 0x72, 0xAC, 0x72, 0x16, 0xFE, 0x1D, 0xBE, 0xEB, 0x8E,
-    0xC7, 0xDC, 0xC4, 0xF8, 0x1A, 0xD8, 0xA0, 0xA4, 0xF6, 0x04, 0x30, 0xF6,
-    0x7E, 0xB6, 0xC8, 0xE1, 0xAB, 0x88, 0x37, 0x08, 0x63, 0x72, 0xAA, 0x46,
-    0xCC, 0xCA, 0xF0, 0x9E, 0x02, 0x1E, 0x65, 0x67, 0xFF, 0x2C, 0x9D, 0x81,
-    0x6C, 0x1E, 0xF1, 0x54, 0x05, 0x68, 0x68, 0x18, 0x72, 0x26, 0x55, 0xB6,
-    0x2C, 0x95, 0xC0, 0xC9, 0xB2, 0xA7, 0x0B, 0x60, 0xD7, 0xEB, 0x1D, 0x08,
-    0x1A, 0xA2, 0x54, 0x15, 0x89, 0xCB, 0x83, 0x21, 0x5D, 0x15, 0x9B, 0x38,
-    0xAC, 0x89, 0x63, 0xD5, 0x4B, 0xF4, 0x8B, 0x47, 0x93, 0x78, 0x43, 0xCB,
-    0x9B, 0x71, 0xBF, 0x94, 0x76, 0xB5, 0xCE, 0x35, 0xA9, 0x1A, 0xD5, 0xA5,
-    0xD8, 0x19, 0xA6, 0x04, 0x39, 0xB1, 0x09, 0x8C, 0x65, 0x02, 0x58, 0x3A,
-    0x95, 0xEF, 0xA2, 0xC3, 0x85, 0x18, 0x61, 0x23, 0x2D, 0xC5, 0xCD, 0x62,
-    0xC1, 0x19, 0x31, 0xE5, 0x36, 0x95, 0x22, 0xDB, 0x3E, 0x1A, 0x3C, 0xE8,
-    0xC6, 0x2E, 0xDF, 0xD9, 0x2F, 0x84, 0xC1, 0xF0, 0x38, 0x2B, 0xE5, 0x73,
-    0x35, 0x4F, 0x05, 0xE2, 0xA5, 0x60, 0x79, 0xB0, 0x23, 0xDC, 0x56, 0x4C,
-    0xE7, 0xD9, 0x1F, 0xCF, 0x6A, 0xFC, 0x55, 0xEB, 0xAA, 0x48, 0x3E, 0x95,
-    0x2A, 0x10, 0x01, 0x05
+        0x81, 0x89, 0xC5, 0xC6, 0x25, 0xE3, 0xD5, 0x3D, 0xEE, 0xE0,
+        0xBC, 0xDF, 0xF0, 0xA4, 0xCE, 0xAC, 0xF8, 0x26, 0xB1, 0x41,
+        0xE3, 0x8C, 0x50, 0xE8, 0xCA, 0x4A, 0xA7, 0xDB, 0x5F, 0xED,
+        0x61, 0x31, 0xFD, 0x13, 0xC7, 0x04, 0x25, 0x4A, 0x2D, 0x77,
+        0xE8, 0xA0, 0xB3, 0xA5, 0x5D, 0x54, 0x70, 0xF9, 0x76, 0xC9,
+        0x26, 0x32, 0x84, 0x04, 0xEC, 0xEF, 0x39, 0x48, 0x8D, 0xB1,
+        0xDC, 0xA7, 0x71, 0xC2, 0x69, 0xC6, 0x99, 0x16, 0xB2, 0x06,
+        0xBD, 0xA7, 0x7C, 0x66, 0x35, 0x2D, 0x9A, 0xFB, 0xDA, 0xAF,
+        0xAA, 0xF7, 0x5A, 0x2E, 0x7C, 0x74, 0x3C, 0x53, 0xBC, 0x59,
+        0x5A, 0xF6, 0x1A, 0x0E, 0x2F, 0x9A, 0xA6, 0x9B, 0x3C, 0x06,
+        0x88, 0x77, 0x38, 0x7A, 0x02, 0xC9, 0x89, 0x03, 0x5B, 0xF9,
+        0xE7, 0xF2, 0xFD, 0x2B, 0x63, 0x94, 0x92, 0x8D, 0xBB, 0x9D,
+        0x71, 0x17, 0xB6, 0xBF, 0xA4, 0x68, 0x51, 0xF4, 0x98, 0xAC,
+        0xD2, 0x57, 0x6D, 0xC0, 0xBD, 0xE9, 0xC1, 0xE5, 0x4D, 0xD6,
+        0xFF, 0xC8, 0xDF, 0x7A, 0x4F, 0x97, 0x5D, 0x46, 0x3A, 0x0A,
+        0x38, 0xE8, 0x0C, 0x99, 0xE7, 0x97, 0xE7, 0x3F, 0xFE, 0xC8,
+        0x6A, 0x93, 0x95, 0xD2, 0x32, 0xB1, 0x01, 0x00, 0x1C, 0x9A,
+        0xCE, 0x5F, 0x2B, 0xA8, 0xB1, 0xC7, 0xDC, 0x1B, 0x04, 0x9F,
+        0x58, 0x03, 0x57, 0x19, 0x9A, 0xDB, 0x58, 0x33, 0xBD, 0x9D,
+        0x3E, 0xA0, 0x3D, 0x9A, 0x00, 0xA6, 0xE9, 0x2E, 0xCD, 0x45,
+        0x97, 0xC1, 0xDF, 0xCF, 0xAF, 0x8A, 0x93, 0x52, 0xAA, 0x65,
+        0x1C, 0xC2, 0x3C, 0xDD, 0xE1, 0xED, 0x4B, 0x8A, 0x05, 0x5A,
+        0xBE, 0x84, 0xEE, 0xDF, 0xC0, 0x96, 0xD2, 0x5A, 0x60, 0x32,
+        0xDF, 0xC9, 0x01, 0x7C, 0x83, 0x27, 0x2B, 0x4B, 0x18, 0x18,
+        0x9F, 0x58, 0xE4, 0xF0, 0x0C, 0x36, 0xC1, 0xB4, 0x08, 0x70,
+        0xFB, 0xDC, 0xCB, 0x70, 0x61, 0xAC
 };
 const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
-
+uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
 #endif
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
index 80df72cb3..10e95496f 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h
@@ -1,6 +1,6 @@
 /* key_data.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
index 174826f0e..fc8feef0e 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,7 +29,7 @@
 /*-- Renesas TSIP usage and its version ---------------------------------------
  *
  *  "WOLFSSL_RENESAS_TSIP" definition makes wolfSSL to use H/W acceleration
- *   for cipher operations. 
+ *   for cipher operations.
  *  TSIP definition asks to have its version number.
  *  "WOLFSSL_RENESAS_TSIP_VER" takes following value:
  *      106: TSIPv1.06
@@ -38,25 +38,26 @@
  *      114: TSIPv1.14
  *      115: TSIPv1.15
  *      117: TSIPv1.17
+ *      121: TSIPv1.21
  *----------------------------------------------------------------------------*/
   #define WOLFSSL_RENESAS_TSIP
-  #define WOLFSSL_RENESAS_TSIP_VER     117
+  #define WOLFSSL_RENESAS_TSIP_VER     121
 
 
 /*-- TLS version definitions  --------------------------------------------------
  *
  * wolfSSL supports TLSv1.2 by default. In case you want your system to support
  * TLSv1.3, uncomment line below.
- * 
+ *
  *----------------------------------------------------------------------------*/
 #define WOLFSSL_TLS13
 
 
 /*-- Operating System related definitions --------------------------------------
- * 
+ *
  *  In case any real-time OS is used, define its name(e.g. FREERTOS).
  *  Otherwise, define "SINGLE_THREADED". They are exclusive each other.
- *   
+ *
  *----------------------------------------------------------------------------*/
 
 #define FREERTOS
@@ -101,23 +102,23 @@
 
   /* USE_ECC_CERT
    * This macro is for selecting root CA certificate to load, it is valid only
-   * in example applications. wolfSSL does not refer this macro. 
-   * If you want to use cipher suites including ECDSA authentication in 
+   * in example applications. wolfSSL does not refer this macro.
+   * If you want to use cipher suites including ECDSA authentication in
    * the example applications with TSIP, enable this macro.
-   * In TSIP 1.13 or later version, following cipher suites are 
+   * In TSIP 1.13 or later version, following cipher suites are
    * available:
    * - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    * - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SAH256
-   * 
+   *
    * Note that, this macro disables cipher suites including RSA
    * authentication such as:
    * - TLS_RSA_WITH_AES_128_CBC_SHA
-   * - TLS_RSA_WITH_AES_256_CBC_SHA 
+   * - TLS_RSA_WITH_AES_256_CBC_SHA
    * - TLS_RSA_WITH_AES_128_CBC_SHA256
    * - TLS_RSA_WITH_AES_256_CBC_SHA256
    * - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    * - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256
-   * 
+   *
    */
   #define USE_ECC_CERT
 
@@ -126,14 +127,14 @@
    */
   /*#define WOLFSSL_CHECK_SIG_FAULTS*/
 
-  /* In this example application, Root CA cert buffer named 
-   * "ca_ecc_cert_der_256" is used under the following macro definition 
+  /* In this example application, Root CA cert buffer named
+   * "ca_ecc_cert_der_256" is used under the following macro definition
    * for ECDSA.
    */
   #define USE_CERT_BUFFERS_256
 
-  /* In this example application, Root CA cert buffer named 
-   * "ca_cert_der_2048" is used under the following macro definition 
+  /* In this example application, Root CA cert buffer named
+   * "ca_cert_der_2048" is used under the following macro definition
    * for RSA authentication.
    */
   #define USE_CERT_BUFFERS_2048
@@ -143,27 +144,27 @@
  *
  *----------------------------------------------------------------------------*/
   #define SIZEOF_LONG_LONG 8
+  #define WOLFSSL_SMALL_STACK
 
-
- /* 
+ /*
   * -- "NO_ASN_TIME" macro is to avoid certificate expiration validation --
-  *  
-  * Note. In your actual products, do not forget to comment-out 
+  *
+  * Note. In your actual products, do not forget to comment-out
   * "NO_ASN_TIME" macro. And prepare time function to get calendar time,
-  * otherwise, certificate expiration validation will not work.  
+  * otherwise, certificate expiration validation will not work.
   */
   /*#define NO_ASN_TIME*/
-  
+
   #define NO_MAIN_DRIVER
   #define BENCH_EMBEDDED
-  #define NO_WOLFSSL_DIR 
+  #define NO_WOLFSSL_DIR
   #define WOLFSSL_NO_CURRDIR
   #define NO_FILESYSTEM
   #define WOLFSSL_LOG_PRINTF
   #define WOLFSSL_HAVE_MIN
   #define WOLFSSL_HAVE_MAX
   #define NO_WRITEV
-  
+
 
   #define WOLFSSL_USER_CURRTIME /* for benchmark */
   #define TIME_OVERRIDES
@@ -196,7 +197,7 @@
 
 /*-- Definitions for functionality negation  -----------------------------------
  *
- * 
+ *
  *----------------------------------------------------------------------------*/
 
 /*#define NO_RENESAS_TSIP_CRYPT*/
@@ -207,7 +208,7 @@
 #endif
 /*-- Consistency checking between definitions  ---------------------------------
  *
- *  
+ *
  *----------------------------------------------------------------------------*/
 
 /*-- TSIP TLS specific definitions --*/
@@ -233,7 +234,6 @@
     #define WOLFSSL_RENESAS_TSIP_TLS
 
     #if !defined(NO_RENESAS_TSIP_CRYPT)
-        #define WOLFSSL_RENESAS_TSIP_CRYPTONLY
         #define HAVE_PK_CALLBACKS
         #define WOLF_CRYPTO_CB
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -247,7 +247,14 @@
         # undef WOLFSSL_RENESAS_TSIP_TLS
         # undef WOLFSSL_RENESAS_TSIP_CRYPT
     #endif
-
+    /*-------------------------------------------------------------------------
+    * TSIP generates random numbers using the CRT-DRBG described
+    * in NIST SP800-90A. Recommend to define the CUSTOM_RAND_GENERATE_BLOCK
+    * so that wc_RNG_GenerateByte/Block() call TSIP random generatoion API
+    * directly. Comment out the macro will generate random number by
+    * wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
+    *-----------------------------------------------------------------------*/
+	#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
 #else
     #define OPENSSL_EXTRA
     #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
@@ -263,3 +270,4 @@
 
 /*-- strcasecmp */
 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
+
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
index 010c38137..c73a50df7 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c
@@ -1,6 +1,6 @@
 /* wolfssl_demo.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,7 +30,6 @@
 #include "platform/iot_network.h"
 #include "platform.h"
 
-
 #include <wolfssl/wolfcrypt/settings.h>
 #include "wolfssl/ssl.h"
 #include <wolfssl/wolfio.h>
@@ -59,22 +58,40 @@
     static WOLFSSL_CTX* client_ctx;
 #endif /* TLS_CLIENT */
 
-#define TLSSERVER_IP      "192.168.1.14"
+#define TLSSERVER_IP      "192.168.10.6"
 #define TLSSERVER_PORT    11111
-#define YEAR 2023
-#define MON  3
 #define FREQ 10000 /* Hz */
 
 static long         tick;
 static int          tmTick;
 
+#define YEAR  ( \
+    ((__DATE__)[7]  - '0') * 1000 + \
+    ((__DATE__)[8]  - '0') * 100  + \
+    ((__DATE__)[9]  - '0') * 10   + \
+    ((__DATE__)[10] - '0') * 1      \
+)
+
+#define MONTH ( \
+    __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+  : __DATE__[2] == 'b' ? 2 \
+  : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+  : __DATE__[2] == 'y' ? 5 \
+  : __DATE__[2] == 'l' ? 7 \
+  : __DATE__[2] == 'g' ? 8 \
+  : __DATE__[2] == 'p' ? 9 \
+  : __DATE__[2] == 't' ? 10 \
+  : __DATE__[2] == 'v' ? 11 \
+  : 12 \
+	)
+
 /* time
  * returns seconds from EPOCH
  */
 time_t time(time_t *t)
 {
     (void)t;
-    return ((YEAR-1970)*365+30*MON)*24*60*60 + tmTick++;
+    return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tmTick++;
 }
 
 /* timeTick
@@ -94,8 +111,6 @@ double current_time(int reset)
       return ((double)tick/FREQ) ;
 }
 
-
-
 /* --------------------------------------------------------*/
 /*  Benchmark_demo                                         */
 /* --------------------------------------------------------*/
@@ -145,7 +160,7 @@ static void Tls_client_init(const char* cipherlist)
             char *cert       = "./certs/ca-cert.pem";
         #endif
     #else
-        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256) 
+        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256)
             const unsigned char *cert       = ca_ecc_cert_der_256;
             #define  SIZEOF_CERT sizeof_ca_ecc_cert_der_256
         #else
@@ -164,7 +179,7 @@ static void Tls_client_init(const char* cipherlist)
     #endif
 
     /* Create and initialize WOLFSSL_CTX */
-    if ((client_ctx = 
+    if ((client_ctx =
         wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         return;
@@ -175,7 +190,7 @@ static void Tls_client_init(const char* cipherlist)
     #endif
 
     #if defined(NO_FILESYSTEM)
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, 
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert,
                             SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
            printf("ERROR: can't load certificate data\n");
        return;
@@ -187,10 +202,10 @@ static void Tls_client_init(const char* cipherlist)
     }
     #endif
 
-    
+
     /* use specific cipher */
-    if (cipherlist != NULL && 
-        wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != 
+    if (cipherlist != NULL &&
+        wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) !=
                                                             WOLFSSL_SUCCESS) {
         wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
         printf("client can't set cipher list");
@@ -220,8 +235,8 @@ static void Tls_client()
     socklen_t       socksize = sizeof(struct freertos_sockaddr);
     struct freertos_sockaddr    PeerAddr;
     char    addrBuff[ADDR_SIZE] = {0};
-  
-    static const char sendBuff[]= "Hello Server\n" ;    
+
+    static const char sendBuff[]= "Hello Server\n" ;
     char    rcvBuff[BUFF_SIZE] = {0};
 
 
@@ -285,7 +300,7 @@ static void Tls_client()
         }
     }
 
-#endif /* USE_ECC_CERT */    
+#endif /* USE_ECC_CERT */
 
 
 #ifdef USE_ECC_CERT
@@ -313,14 +328,14 @@ static void Tls_client()
         }
     }
     #endif /* WOLFSSL_CHECK_SIG_FAULTS */
- 
+
     #else
 
     /* DER format ECC private key */
     if (ret == 0) {
-        err = wolfSSL_use_PrivateKey_buffer(ssl, 
+        err = wolfSSL_use_PrivateKey_buffer(ssl,
                                     ecc_clikey_der_256,
-                                    sizeof_ecc_clikey_der_256, 
+                                    sizeof_ecc_clikey_der_256,
                                     WOLFSSL_FILETYPE_ASN1);
         if (err != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
@@ -334,7 +349,7 @@ static void Tls_client()
 #else
 
     #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-    
+
     /* Note: TSIP asks RSA client key pair for client authentication.  */
 
     /* TSIP specific RSA private key */
@@ -359,10 +374,10 @@ static void Tls_client()
 
     #else
 
-    if (ret == 0) { 
+    if (ret == 0) {
         err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
                             sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1);
-         
+
         if (err != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
                                                 wolfSSL_get_error(ssl, 0));
@@ -390,7 +405,7 @@ static void Tls_client()
     }
 
     if (ret == 0) {
-        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != 
+        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) !=
                                                             strlen(sendBuff)) {
             printf("ERROR wolfSSL_write: %d\n", wolfSSL_get_error(ssl, 0));
             ret = -1;
@@ -409,7 +424,7 @@ static void Tls_client()
         }
     }
 
-    
+
     wolfSSL_shutdown(ssl);
 
     FreeRTOS_shutdown(socket, FREERTOS_SHUT_RDWR);
@@ -499,7 +514,7 @@ static void Tls_client_demo(void)
     tsip_inform_cert_sign((const byte*)ca_ecc_cert_der_sig);
 
     #else
-    
+
     /* Root CA cert has RSA public key */
     tsip_inform_cert_sign((const byte*)ca_cert_der_sig);
 
@@ -529,7 +544,7 @@ static void Tls_client_demo(void)
 #endif /* TLS_CLIENT */
 
 /* Demo entry function called by iot_demo_runner
- * To run this entry function as an aws_iot_demo, define this as 
+ * To run this entry function as an aws_iot_demo, define this as
  * DEMO_entryFUNCTION in aws_demo_config.h.
  */
 void wolfSSL_demo_task(bool         awsIotMqttMode,
diff --git a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h
index cb916e653..7bd6a98bd 100644
--- a/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/README_EN.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/README_EN.md
index 1447132e8..576fcfab3 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/README_EN.md
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/README_EN.md
@@ -3,7 +3,7 @@ wolfSSL sample application project for Renesas RX72N EnvisionKit evaluation boar
 
 <br>
 
-A sample program for evaluating wolfSSL targeting the Renesas RX72N EnvisionKit evaluation board is provided. For details on the program, refer to the following documents included in the package. 
+A sample program for evaluating wolfSSL targeting the Renesas RX72N EnvisionKit evaluation board is provided. For details on the program, refer to the following documents included in the package.
 
 + InstructionManualForExample_RX72N_EnvisonKit_JP.pdf (Japanese)
-+ InstructionManualForExample_RX72N_EnvisonKit_EN.pdf(English）
\ No newline at end of file
++ InstructionManualForExample_RX72N_EnvisonKit_EN.pdf(English）
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_EN.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_EN.md
index be61aec04..decfcbfed 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_EN.md
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_EN.md
@@ -3,16 +3,16 @@ wolfSSL simple application project for RX72N EnvisionKit board
 ## 1. Overview
 -----
 
-We provide a simple program for evaluating wolfSSL targeting the RX72N evaluation board, which has RX72 MCU on it. The sample program runs in a bare metal environment that does not use a real-time OS and uses e2 studio as an IDE. This document describes the procedure from build to execution of the sample program. 
+We provide a simple program for evaluating wolfSSL targeting the RX72N evaluation board, which has RX72 MCU on it. The sample program runs in a bare metal environment that does not use a real-time OS and uses e2 studio as an IDE. This document describes the procedure from build to execution of the sample program.
 
 The sample provided is a single application that can evaluate the following four functions:
 
 - CryptoTest: A program that automatically tests various cryptographic operation functions
-- Benchmark: A program that measures the execution speed of various cryptographic operations 
+- Benchmark: A program that measures the execution speed of various cryptographic operations
 - TlsClient: A program that performs TLS communication with the opposite TLS server application
 - TlsServer: A program that performs TLS communication with the opposite TLS client application
 
-Since the H/W settings and S/W settings for operating the evaluation board have already been prepared, the minimum settings are required to operate the sample application. In addition, the RootCA certificate and server-side certificate required for TLS communication have already been set for sample use only. 
+Since the H/W settings and S/W settings for operating the evaluation board have already been prepared, the minimum settings are required to operate the sample application. In addition, the RootCA certificate and server-side certificate required for TLS communication have already been set for sample use only.
 
 The following sections will walk you through the steps leading up to running the sample application.
 ## 2. Target H/W, components and libraries
@@ -26,8 +26,8 @@ This sample program uses the following hardware and software libraries. If a new
 |Device|R5F572NNHxFB|
 |IDE| Renesas e2Studio Version:2022-07 |
 |Emulator| E2 Emulator Lite |
-|Toolchain|CCRX v3.03.00|
-|TSIP| TSIP v1.15|
+|Toolchain|CCRX v3.06.00|
+|TSIP| TSIP v1.21|
 
 
 The project of this sample program has a configuration file that uses the following FIT components.
@@ -42,30 +42,30 @@ However, the FIT components themselves are not included in the distribution of t
 |Generic system timer for RX MCUs|1.01|r_sys_time_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
-|TSIP(Trusted Secure IP) driver|1.15.l|r_tsip_rx|
+|TSIP(Trusted Secure IP) driver|1.21|r_tsip_rx|
 
 ## 3. Importing sample application project into e2Studio
 ----
 
-There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below. 
+There is no need to create a new sample program. Since the project file is already prepared, please import the project from the IDE by following the steps below.
 
-+ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}/Simple) where this README file exists. 
-+ Three projects that can be imported are listed, but check only the three projects "test" and "wolfssl" and click the "Finish" button. 
++ e2studio "File" menu> "Open project from file system ..."> "Directory (R) ..." Click the import source button and select the folder from which the project will be imported. Select the folder (Renesas/e2studio/{MCU}/{board-name-folder}/Simple) where this README file exists.
++ Three projects that can be imported are listed, but check only the three projects "test" and "wolfssl" and click the "Finish" button.
 
-You should see the **test** and **wolfssl** 2 projects you imported into the project explorer. 
+You should see the **test** and **wolfssl** 2 projects you imported into the project explorer.
 
 ## 4. FIT module download and smart configurator file generation
 ----
 
 You will need to get the required FIT modules yourself. Follow the steps below to get them.
 
-1. Open the test project in Project Explorer and double-click the **test.scfg** file to open the Smart Configurator Perspective. 
+1. Open the test project in Project Explorer and double-click the **test.scfg** file to open the Smart Configurator Perspective.
 
 2. Select the "Components" tab on the software component settings pane. Then click the "Add Component" button at the top right of the pane. The software component selection dialog will pop up. Click "Download the latest version of FIT driver and middleware" at the bottom of the dialog to get the modules. You can check the download destination folder by pressing "Basic settings...".
 
 3. The latest version of the TSIP component may not be automatically obtained due to the delay in Renesas' support by the method in step 2 above. In that case, you can download it manually from the Renesas website. Unzip the downloaded component and store the files contained in the FIT Modules folder in the download destination folder of step 2.
 
-4. Select the required FIT components shown from the list and press the "Finish" button. Repeat this operation until you have the required FIT components. 
+4. Select the required FIT components shown from the list and press the "Finish" button. Repeat this operation until you have the required FIT components.
 
 5. Select the Components tab on the Software Component Settings pane and select the r_t4_rx component. In the settings pane on the right, specify the IP address of this board as the value of the "# IP address for ch0, when DHCP disable." Property (e.g. 192.168.1.9).
 
@@ -80,7 +80,7 @@ The test project is a single sample application, but you can specify to perform
 - Benchmark: A program that measures the execution speed of various cryptographic operations
 - TlsClient: A program that performs TLS communication with the opposite TLS server application
 - TlsServer: A program that performs TLS communication with the opposite TLS client application
-- 
+-
 Open the <board-name-folder\>/test/src/wolfssl_simple_demo.h file and enable one of the following definitions:
 
 - #define CRYPT_TEST
@@ -109,7 +109,7 @@ Now that the test application is ready to build.
 
 5. Press the run button to run the test application.
 
-6. CryptoTest, Benchmark, TLS_Client or TLS_Server After displaying the execution result according to the selected behavior, it enters an infinite loop, so if you think that the output has stopped, stop debugging. 
+6. CryptoTest, Benchmark, TLS_Client or TLS_Server After displaying the execution result according to the selected behavior, it enters an infinite loop, so if you think that the output has stopped, stop debugging.
 
 ## 7. Running test application as Client
 -----
@@ -176,7 +176,7 @@ Client message: Hello Server
 Note `-v 4` option in server execution command line means to use TLS 1.3. If you want to use smaller version of TLS than 1.3, `-v 4` needs to be removed from an exmeple server command options.
 
 ### 7.3 Run Client using TSIP driver
-When it enables SIMPLE_TLS_TSIP_CLIENT, we can run TLS client including TSIP driver on the baord. 
+When it enables SIMPLE_TLS_TSIP_CLIENT, we can run TLS client including TSIP driver on the baord.
 In this case, we disable `#define WOLFSSL_TLS13` and `#define USE_ECC_CERT`. As a result, TLS communication between Client and Server use TLS 1.2 and RSA certificate.
 
 The table below shows the cipher suites that TSIP supports.
@@ -185,7 +185,7 @@ The table below shows the cipher suites that TSIP supports.
 |:--|:--|:--|
 |TLS1.3|RSA/ECDSA certificate|  |
 |||TLS_AES_128_GCM_SHA256|
-|||TLS_AES_128_CCM_SHA256| 
+|||TLS_AES_128_CCM_SHA256|
 |TLS1.2|RSA certificate|
 |||TLS_RSA_WITH_AES_128_CBC_SHA|
 |||TLS_RSA_WITH_AES_256_CBC_SHA|
@@ -213,7 +213,7 @@ $ ./examples/server/server -b -i
 ```
 
 
-When you run the test application, it makes a TLS connection with the server application by TLS1.2, then exchanges a simple string and displays the following on the standard output. 
+When you run the test application, it makes a TLS connection with the server application by TLS1.2, then exchanges a simple string and displays the following on the standard output.
 The cipher suites displayed depends on the combination of TLS version and certificate type.
 
 ```
@@ -285,7 +285,7 @@ If you want to use it for purposes beyond functional evaluation, you need to pre
   2. RSA key pair required for RootCA certificate validation
   3. The signature generated by the RootCA certificate with the private key in 2 above.
 
-will become necessary. Please refer to the manual provided by Renesas for how to generate them. 
+will become necessary. Please refer to the manual provided by Renesas for how to generate them.
 
 ## 10. Limitations
 ----
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_JP.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_JP.md
index e870bba01..6022c3a62 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_JP.md
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/README_JP.md
@@ -32,10 +32,10 @@ IDEとしてe2 studioを使用するものです。本ドキュメントでは
 |:--|:--|
 |評価ボード|RX72N EnvisionKit|
 |Device|R5F572NNHxFB|
-|IDE| Renesas e2Studio Version:2022-07 |
+|IDE| Renesas e2Studio Version:2024-01.1 (24.1.1) |
 |エミュレーター| E2エミュレーターLite |
-|Toolchain|CCRX v3.03.00|
-|TSIP| TSIP v1.15|
+|Toolchain|CCRX v3.06.00|
+|TSIP| TSIP v1.21|
 
 
 本サンプルプログラムのプロジェクトには以下のFITコンポーネントを使用する設定ファイルが用意されています。
@@ -51,7 +51,7 @@ IDEとしてe2 studioを使用するものです。本ドキュメントでは
 |Generic system timer for RX MCUs|1.01|r_sys_time_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] - RX Ethernet Driver Interface|1.09|r_t4_driver_rx|
 |TCP/IP protocol stack[M3S-T4-Tiny] for Renesas MCUs|2.10|r_t4_rx|
-|TSIP(Trusted Secure IP) driver|1.15.l|r_tsip_rx|
+|TSIP(Trusted Secure IP) driver|1.21|r_tsip_rx|
 
 
 ## 3. サンプルプログラムプロジェクトのe2Studioへのインポート
@@ -212,7 +212,7 @@ TSIPドライバがサポートする暗号スイートは下記の一覧にな
 |:--|:--|:--|
 |TLS1.3|RSA/ECDSA certificate|  |
 |||TLS_AES_128_GCM_SHA256|
-|||TLS_AES_128_CCM_SHA256| 
+|||TLS_AES_128_CCM_SHA256|
 |TLS1.2|RSA certificate|
 |||TLS_RSA_WITH_AES_128_CBC_SHA|
 |||TLS_RSA_WITH_AES_256_CBC_SHA|
@@ -334,4 +334,4 @@ wolfSSL_CTX_use_certificate_buffer あるいはwolfSSL_CTX_use_certificate_chain
 上記制限1 ~ 4は次版以降のTSIPによって改善が見込まれています。
 
 ## 11. サポート
-ご質問・ご要望は、info@wolfssl.jp まで日本語でお知らせください。
\ No newline at end of file
+ご質問・ご要望は、info@wolfssl.jp まで日本語でお知らせください。
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
index 3e4c1e56e..4f4de66d9 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,15 +21,32 @@
 
 #include <wolfssl/wolfcrypt/wc_port.h>
 
-#define YEAR 2024
-#define MON  7
-
 static int tick = 0;
 
+#define YEAR  ( \
+    ((__DATE__)[7]  - '0') * 1000 + \
+    ((__DATE__)[8]  - '0') * 100  + \
+    ((__DATE__)[9]  - '0') * 10   + \
+    ((__DATE__)[10] - '0') * 1      \
+)
+
+#define MONTH ( \
+    __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+  : __DATE__[2] == 'b' ? 2 \
+  : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+  : __DATE__[2] == 'y' ? 5 \
+  : __DATE__[2] == 'l' ? 7 \
+  : __DATE__[2] == 'g' ? 8 \
+  : __DATE__[2] == 'p' ? 9 \
+  : __DATE__[2] == 't' ? 10 \
+  : __DATE__[2] == 'v' ? 11 \
+  : 12 \
+	)
+
 time_t time(time_t *t)
 {
     (void)t;
-    return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
+    return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++;
 }
 
 #include <ctype.h>
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject
index 5f7ceb0e4..42c63d72e 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject
@@ -25,7 +25,7 @@
 							<builder buildPath="${workspace_loc:/test}/HardwareDebug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.65531188" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1710373085" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.390598726" name="デバッグ情報を出力する (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.2145260692" name="出力するデータ値のエンディアン (-littleEndianData)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.2145260692" name="出力するデータ値のエンディアン (-cpuLittleEndian/-cpuBigEndian)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.385785132" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.968417281" name="命令セット・アーキテクチャ (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
@@ -50,7 +50,6 @@
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../common&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../../wolfssl_demo&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../../../../../../../&quot;"/>
-									<listOptionValue builtIn="false" value="${ProjDirPath}/generate"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
@@ -66,6 +65,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.511269805" name="プリプロセッサ・マクロの定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
@@ -109,6 +109,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
 								</option>
 								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.502444415" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
 							</tool>
@@ -119,7 +120,7 @@
 									<listOptionValue builtIn="false" value="D_2=R_2"/>
 									<listOptionValue builtIn="false" value="D_8=R_8"/>
 								</option>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.2043161263" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R,B_8,R_8/04,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/0800000,PResetPRG,C_1,C_2,C,C_8,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.2043161263" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R,B_8,R_8/04,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/0800000,PResetPRG,C_1,C_2,C,C_8,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/00100000" valueType="string"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1452234640" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value=""/>
 								</option>
@@ -128,7 +129,7 @@
 								</option>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.47410515" name="可変ベクタテーブルのアドレス未設定ベクタ番号に指定するアドレス (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.239094904" name="セクションの割り付けアドレスをチェックする (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1942768497" name="アドレス範囲指定方法 (-cpu(アドレス範囲指定方法))" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1942768497" name="アドレス範囲指定方法 (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1237940973" name="(リンク順序のリスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;.\src\benchmark.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src\key_data.obj&quot;"/>
@@ -181,7 +182,6 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.1438206933" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../wolfssl/Debug/wolfssl.lib&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx72m_rx72n_rx66n_little.lib}&quot;"/>
 								</option>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1723543812" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
@@ -242,7 +242,7 @@
 							<builder buildPath="${workspace_loc:/test}/Debug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.117543810" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1744140894" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.1464228342" name="デバッグ情報を出力する (-no_debug_info)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.733005442" name="出力するデータ値のエンディアン (-littleEndianData)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.733005442" name="出力するデータ値のエンディアン (-cpuLittleEndian/-cpuBigEndian)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.1294844059" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.644795578" name="命令セット・アーキテクチャ (-isa)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv3" valueType="enumerated"/>
@@ -263,7 +263,6 @@
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.2144484247" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.545347560" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" valueType="includePath">
 									<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
-									<listOptionValue builtIn="false" value="${ProjDirPath}/generate"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
@@ -279,6 +278,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.935611572" name="プリプロセッサ・マクロの定義 (-define)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
@@ -319,6 +319,7 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen}&quot;"/>
 								</option>
 								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.1482916460" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
 							</tool>
@@ -329,7 +330,7 @@
 									<listOptionValue builtIn="false" value="D_2=R_2"/>
 									<listOptionValue builtIn="false" value="D_8=R_8"/>
 								</option>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1046231838" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1046231838" name="セクション (-start)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,P/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000,C_FIRMWARE_UPDATE_CONTROL_BLOCK,C_FIRMWARE_UPDATE_CONTROL_BLOCK_MIRROR/00100000" valueType="string"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1651005552" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value=""/>
 								</option>
@@ -338,13 +339,12 @@
 								</option>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.1524833684" name="可変ベクタテーブルのアドレス未設定ベクタ番号に指定するアドレス (-vect)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.1914971075" name="セクションの割り付けアドレスをチェックする (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1670384649" name="アドレス範囲指定方法 (-cpu(アドレス範囲指定方法))" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1670384649" name="アドレス範囲指定方法 (-cpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1556433699" name="(リンク順序のリスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;.\test.lib&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.856176867" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx72m_rx72n_rx66n_little.lib}&quot;"/>
 								</option>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1598250045" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c
index b45157faa..12bf996f0 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c
@@ -1,6 +1,6 @@
 /* simple_tcp_client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -88,11 +88,11 @@ void simple_tcp_client( )
 
     #define BUFF_SIZE 256
     static const char sendBuff[]= "Hello Server\n" ;
-    
+
     char    rcvBuff[BUFF_SIZE] = {0};
-    
+
     static T_IPV4EP my_addr = { 0, 0 };
-    
+
     T_IPV4EP dst_addr;
 
     if((dst_addr.ipaddr = getIPaddr(SIMPLE_TCPSEVER_IP)) == 0){
@@ -109,7 +109,7 @@ void simple_tcp_client( )
         goto out;
     }
 
-    if (my_IOSend((char*)sendBuff, strlen(sendBuff), (void*)&cepid) != 
+    if (my_IOSend((char*)sendBuff, strlen(sendBuff), (void*)&cepid) !=
                                                             strlen(sendBuff)) {
         printf("ERROR TCP write \n");
         goto out;
@@ -129,4 +129,4 @@ void simple_tcp_client( )
     tcp_cls_cep(cepid, TMO_FEVR);
 
     return;
-}
\ No newline at end of file
+}
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
index 62c426ca0..aa11768ad 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
@@ -1,6 +1,6 @@
 /* simpel_tls_tsip_client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c
index 1a096d37f..bc2cf6d67 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c
@@ -1,6 +1,6 @@
 /* simple_tcp_server.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c
index 55892f491..df55941c4 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c
@@ -1,6 +1,6 @@
 /* simple_tls_server.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -123,18 +123,18 @@ void wolfSSL_TLS_server_init()
     #if !defined(NO_FILESYSTEM)
         ret = wolfSSL_CTX_use_PrivateKey_file(server_ctx, key, 0);
     #else
-        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key, 
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key,
                                                         SSL_FILETYPE_ASN1);
     #endif
         if (ret != SSL_SUCCESS) {
             printf("Error %d loading server-key!\n", ret);
             return;
         }
-   
+
    /* Register callbacks */
    wolfSSL_SetIORecv(server_ctx, my_IORecv);
    wolfSSL_SetIOSend(server_ctx, my_IOSend);
-   
+
 }
 
 void wolfSSL_TLS_server( )
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
index 2fb3d2489..3614dc0b3 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -65,6 +65,7 @@ extern "C" {
 static long tick;
 static void timeTick(void *pdata)
 {
+	(void)pdata;
     tick++;
 }
 
@@ -259,7 +260,7 @@ void main(void)
 #if defined(SIMPLE_TLS_TSIP_CLIENT)
     SetTsiptlsKey();
 #endif
-    
+
     do {
         /* simply use TCP */
         #if defined(SIMPLE_TCP_CLIENT)
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h
index d8e035d8d..354fa3549 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_simple_demo.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,9 +36,9 @@
 /* cannot enable with other definition */
 /* simplest tcp client*/
 /*#define SIMPLE_TCP_CLIENT */
-/* software TLS　client */
+/* software TLS client */
 /* #define SIMPLE_TLS_CLIENT */
-/* use TSIP　Acceleration */
+/* use TSIP Acceleration */
 /*#define SIMPLE_TLS_TSIP_CLIENT*/
 
 /* simplest tcp server */
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
index bf7fe0920..d5c797c88 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
@@ -362,14 +362,14 @@
     </tool>
     <tool id="Interrupt">
         <Item currentVect="16" id="BSC_BUSERR" priority="15" usedState="未使用"/>
-        <Item currentVect="17" groupchild="&lt;br&gt;1-DPFPUEX" id="IE0" priority="15" usedState="未使用"/>
+        <Item currentVect="17" groupchild="&lt;br&gt;0-DPFPUEX" id="IE0" priority="15" usedState="未使用"/>
         <Item currentVect="18" id="RAM_RAMERR" priority="15" usedState="未使用"/>
         <Item currentVect="21" id="FCU_FIFERR" priority="15" usedState="未使用"/>
         <Item currentVect="23" id="FCU_FRDYI" priority="15" usedState="未使用"/>
         <Item currentVect="26" id="ICU_SWINT2" priority="1" usedState="未使用"/>
         <Item currentVect="27" id="ICU_SWINT" priority="1" usedState="未使用"/>
-        <Item currentVect="28" id="CMT0_CMI0" priority="15" usedState="未使用"/>
-        <Item currentVect="29" id="CMT1_CMI1" priority="15" usedState="未使用"/>
+        <Item currentVect="28" id="CMT0_CMI0" priority="5" usedState="使用中"/>
+        <Item currentVect="29" id="CMT1_CMI1" priority="5" usedState="使用中"/>
         <Item currentVect="30" id="CMTW0_CMWI0" priority="15" usedState="未使用"/>
         <Item currentVect="31" id="CMTW1_CMWI1" priority="15" usedState="未使用"/>
         <Item currentVect="34" id="USB0_D0FIFO0" priority="15" usedState="未使用"/>
@@ -437,14 +437,14 @@
         <Item currentVect="103" id="SCI9_TXI9" priority="15" usedState="未使用"/>
         <Item currentVect="104" id="SCI10_RXI10" priority="15" usedState="未使用"/>
         <Item currentVect="105" id="SCI10_TXI10" priority="15" usedState="未使用"/>
-        <Item currentVect="106" groupchild="&lt;br&gt;1-ERS0&lt;br&gt;2-ERS1&lt;br&gt;3-ERS2" id="BE0" priority="15" usedState="未使用"/>
-        <Item currentVect="107" groupchild="&lt;br&gt;1-POEGGAI&lt;br&gt;2-POEGGBI&lt;br&gt;3-POEGGCI&lt;br&gt;4-POEGGDI" id="BL2" priority="15" usedState="未使用"/>
+        <Item currentVect="106" groupchild="&lt;br&gt;0-ERS0&lt;br&gt;1-ERS1&lt;br&gt;2-ERS2" id="BE0" priority="15" usedState="未使用"/>
+        <Item currentVect="107" groupchild="&lt;br&gt;7-POEGGAI&lt;br&gt;8-POEGGBI&lt;br&gt;9-POEGGCI&lt;br&gt;10-POEGGDI" id="BL2" priority="15" usedState="未使用"/>
         <Item currentVect="108" id="RSPI2_SPRI2" priority="15" usedState="未使用"/>
         <Item currentVect="109" id="RSPI2_SPTI2" priority="15" usedState="未使用"/>
-        <Item currentVect="110" groupchild="&lt;br&gt;1-TEI0&lt;br&gt;2-ERI0&lt;br&gt;3-TEI1&lt;br&gt;4-ERI1&lt;br&gt;5-TEI2&lt;br&gt;6-ERI2&lt;br&gt;7-TEI3&lt;br&gt;8-ERI3&lt;br&gt;9-TEI4&lt;br&gt;10-ERI4&lt;br&gt;11-TEI5&lt;br&gt;12-ERI5&lt;br&gt;13-TEI6&lt;br&gt;14-ERI6&lt;br&gt;15-TEI12&lt;br&gt;16-ERI12&lt;br&gt;17-SCIX0&lt;br&gt;18-SCIX1&lt;br&gt;19-SCIX2&lt;br&gt;20-SCIX3&lt;br&gt;21-QSPSSLI&lt;br&gt;22-FERRI&lt;br&gt;23-MENDI&lt;br&gt;24-OVFI&lt;br&gt;25-DOPCI&lt;br&gt;26-PCFEI&lt;br&gt;27-PCERI" id="BL0" priority="15" usedState="未使用"/>
-        <Item currentVect="111" groupchild="&lt;br&gt;1-CDETI&lt;br&gt;2-CACI&lt;br&gt;3-SDACI&lt;br&gt;4-CDETIO&lt;br&gt;5-ERRIO&lt;br&gt;6-ACCIO&lt;br&gt;7-OEI1&lt;br&gt;8-OEI2&lt;br&gt;9-OEI3&lt;br&gt;10-OEI4&lt;br&gt;11-TEI0&lt;br&gt;12-EEI0&lt;br&gt;13-TEI2&lt;br&gt;14-EEI2&lt;br&gt;15-SSIF0&lt;br&gt;16-SSIF1&lt;br&gt;17-S12CMPAI&lt;br&gt;18-S12CMPBI&lt;br&gt;19-S12CMPAI1&lt;br&gt;20-S12CMPBI1&lt;br&gt;21-TEI1&lt;br&gt;22-EEI1" id="BL1" priority="15" usedState="未使用"/>
-        <Item currentVect="112" groupchild="&lt;br&gt;1-TEI8&lt;br&gt;2-ERI8&lt;br&gt;3-TEI9&lt;br&gt;4-ERI9&lt;br&gt;5-TEI10&lt;br&gt;6-ERI10&lt;br&gt;7-TEI11&lt;br&gt;8-ERI11&lt;br&gt;9-SPII0&lt;br&gt;10-SPEI0&lt;br&gt;11-SPII1&lt;br&gt;12-SPEI1&lt;br&gt;13-SPII2&lt;br&gt;14-SPEI2&lt;br&gt;15-TEI7&lt;br&gt;16-ERI7" id="AL0" priority="15" usedState="未使用"/>
-        <Item currentVect="113" groupchild="&lt;br&gt;1-MINT&lt;br&gt;2-PINT&lt;br&gt;3-EINT0&lt;br&gt;4-EINT1&lt;br&gt;5-VPOS&lt;br&gt;6-GR1UF&lt;br&gt;7-GR2UF&lt;br&gt;8-DRW_IRQ" id="AL1" priority="2" usedState="使用中"/>
+        <Item currentVect="110" groupchild="&lt;br&gt;0-TEI0&lt;br&gt;1-ERI0&lt;br&gt;2-TEI1&lt;br&gt;3-ERI1&lt;br&gt;4-TEI2&lt;br&gt;5-ERI2&lt;br&gt;6-TEI3&lt;br&gt;7-ERI3&lt;br&gt;8-TEI4&lt;br&gt;9-ERI4&lt;br&gt;10-TEI5&lt;br&gt;11-ERI5&lt;br&gt;12-TEI6&lt;br&gt;13-ERI6&lt;br&gt;16-TEI12&lt;br&gt;17-ERI12&lt;br&gt;18-SCIX0&lt;br&gt;19-SCIX1&lt;br&gt;20-SCIX2&lt;br&gt;21-SCIX3&lt;br&gt;24-QSPSSLI&lt;br&gt;26-FERRI&lt;br&gt;27-MENDI&lt;br&gt;28-OVFI&lt;br&gt;29-DOPCI&lt;br&gt;30-PCFEI&lt;br&gt;31-PCERI" id="BL0" priority="15" usedState="未使用"/>
+        <Item currentVect="111" groupchild="&lt;br&gt;3-CDETI&lt;br&gt;4-CACI&lt;br&gt;5-SDACI&lt;br&gt;6-CDETIO&lt;br&gt;7-ERRIO&lt;br&gt;8-ACCIO&lt;br&gt;9-OEI1&lt;br&gt;10-OEI2&lt;br&gt;11-OEI3&lt;br&gt;12-OEI4&lt;br&gt;13-TEI0&lt;br&gt;14-EEI0&lt;br&gt;15-TEI2&lt;br&gt;16-EEI2&lt;br&gt;17-SSIF0&lt;br&gt;18-SSIF1&lt;br&gt;20-S12CMPAI&lt;br&gt;21-S12CMPBI&lt;br&gt;22-S12CMPAI1&lt;br&gt;23-S12CMPBI1&lt;br&gt;28-TEI1&lt;br&gt;29-EEI1" id="BL1" priority="15" usedState="未使用"/>
+        <Item currentVect="112" groupchild="&lt;br&gt;0-TEI8&lt;br&gt;1-ERI8&lt;br&gt;4-TEI9&lt;br&gt;5-ERI9&lt;br&gt;8-TEI10&lt;br&gt;9-ERI10&lt;br&gt;12-TEI11&lt;br&gt;13-ERI11&lt;br&gt;16-SPII0&lt;br&gt;17-SPEI0&lt;br&gt;18-SPII1&lt;br&gt;19-SPEI1&lt;br&gt;20-SPII2&lt;br&gt;21-SPEI2&lt;br&gt;22-TEI7&lt;br&gt;23-ERI7" id="AL0" priority="15" usedState="未使用"/>
+        <Item currentVect="113" groupchild="&lt;br&gt;0-MINT&lt;br&gt;1-PINT&lt;br&gt;4-EINT0&lt;br&gt;5-EINT1&lt;br&gt;8-VPOS&lt;br&gt;9-GR1UF&lt;br&gt;10-GR2UF&lt;br&gt;11-DRW_IRQ" id="AL1" priority="2" usedState="使用中"/>
         <Item currentVect="114" id="SCI11_RXI11" priority="15" usedState="未使用"/>
         <Item currentVect="115" id="SCI11_TXI11" priority="15" usedState="未使用"/>
         <Item currentVect="116" id="SCI12_RXI12" priority="15" usedState="未使用"/>
@@ -457,8 +457,8 @@
         <Item currentVect="125" id="OST_OSTDI" priority="15" usedState="未使用"/>
         <Item currentVect="126" id="EXDMAC_EXDMAC0I" priority="15" usedState="未使用"/>
         <Item currentVect="127" id="EXDMAC_EXDMAC1I" priority="15" usedState="未使用"/>
-        <Item currentVect="128" defaultVect="128" id="CMT2_CMI2" priority="15" usedState="未使用"/>
-        <Item currentVect="129" defaultVect="129" id="CMT3_CMI3" priority="15" usedState="未使用"/>
+        <Item currentVect="128" defaultVect="128" id="CMT2_CMI2" priority="5" usedState="使用中"/>
+        <Item currentVect="129" defaultVect="129" id="CMT3_CMI3" priority="5" usedState="使用中"/>
         <Item currentVect="130" defaultVect="130" id="TPU0_TGI0A" priority="15" usedState="未使用"/>
         <Item currentVect="131" defaultVect="131" id="TPU0_TGI0B" priority="15" usedState="未使用"/>
         <Item currentVect="132" defaultVect="132" id="TPU0_TGI0C" priority="15" usedState="未使用"/>
@@ -608,110 +608,110 @@
         <pinItem allocation="71" comments="" direction="None" id="ET0_ERXD0" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
         <pinItem allocation="66" comments="" direction="None" id="ET0_TX_CLK" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
         <pinItem allocation="86" comments="" direction="None" id="ET0_MDIO" isUsedBySoftware="true" locked="false" operationMode="" status="0"/>
-        <pinnumItem comment="LCD-B4" id="88"/>
-        <pinnumItem comment="LCD-B5" id="89"/>
-        <pinnumItem comment="LCD-R7" id="110"/>
-        <pinnumItem comment="LCD-B6" id="90"/>
-        <pinnumItem comment="LCD-B7" id="92"/>
-        <pinnumItem comment="QSPI-SO/SIO1" id="119"/>
-        <pinnumItem comment="LCD-G2" id="94"/>
-        <pinnumItem comment="LCD-G3" id="95"/>
-        <pinnumItem comment="LCD-G4" id="96"/>
-        <pinnumItem comment="LCD-G5" id="97"/>
-        <pinnumItem comment="EMLE" id="10"/>
-        <pinnumItem comment="LCD-BACKLIGHT" id="98"/>
-        <pinnumItem comment="MIC-DATA" id="11"/>
-        <pinnumItem comment="LCD-TOUCH-RST" id="99"/>
-        <pinnumItem comment="MD/FINED" id="16"/>
-        <pinnumItem comment="RESET" id="19"/>
-        <pinnumItem comment="QSPI-SI/SIO0" id="120"/>
-        <pinnumItem comment="QSPI-SCLK" id="121"/>
-        <pinnumItem comment="QSPI-CS#" id="122"/>
-        <pinnumItem comment="D2-LRCK" id="2"/>
-        <pinnumItem comment="QSPI-HOLD#/SIO3" id="123"/>
-        <pinnumItem comment="QSPI-WP#/SIO2" id="124"/>
-        <pinnumItem comment="D2-SDIN" id="4"/>
-        <pinnumItem comment="PMOD2-RST" id="125"/>
-        <pinnumItem comment="PMOD2-IRQ" id="126"/>
-        <pinnumItem comment="D2-SCLK" id="6"/>
-        <pinnumItem comment="PMOD2-SS" id="127"/>
-        <pinnumItem comment="MIC-BCLK" id="7"/>
-        <pinnumItem comment="PMOD2-MISO" id="128"/>
-        <pinnumItem comment="AUDIO_CLK" id="8"/>
-        <pinnumItem comment="PMOD2-SCK" id="129"/>
-        <pinnumItem comment="MIC-WS" id="9"/>
-        <pinnumItem comment="XTAL" id="20"/>
-        <pinnumItem comment="EXTAL" id="22"/>
-        <pinnumItem comment="LCD-TOUCH-INT" id="25"/>
-        <pinnumItem comment="LCD-TOUCH-SCL" id="26"/>
-        <pinnumItem comment="LCD-TOUCH-SDA" id="27"/>
-        <pinnumItem comment="WiFi-RTS" id="28"/>
-        <pinnumItem comment="WiFi-TXD" id="29"/>
-        <pinnumItem comment="PMOD2-MOSI" id="131"/>
-        <pinnumItem comment="PMOD2-IO1" id="133"/>
-        <pinnumItem comment="PMOD2-IO0" id="134"/>
-        <pinnumItem comment="WiFi-EN" id="137"/>
-        <pinnumItem comment="SD-ENABLE" id="138"/>
-        <pinnumItem comment="SD-FLT" id="139"/>
-        <pinnumItem comment="WiFi-CTS" id="30"/>
-        <pinnumItem comment="WiFi-RXD" id="31"/>
-        <pinnumItem comment="SDHI-SW_B" id="32"/>
-        <pinnumItem comment="SDHI-DATA1" id="34"/>
-        <pinnumItem comment="SDHI-DATA0" id="35"/>
-        <pinnumItem comment="SDHI-CLK" id="36"/>
-        <pinnumItem comment="SDHI-CMD" id="37"/>
-        <pinnumItem comment="SDHI-CD/DATA3" id="38"/>
-        <pinnumItem comment="SDHI-DATA2" id="39"/>
-        <pinnumItem comment="LED2" id="141"/>
-        <pinnumItem comment="SW2" id="144"/>
-        <pinnumItem comment="USB0VBUSEN" id="40"/>
-        <pinnumItem comment="PMOD1-RST" id="41"/>
-        <pinnumItem comment="PMOD1-IO1" id="42"/>
-        <pinnumItem comment="USB0OVRCURA" id="43"/>
-        <pinnumItem comment="USB-TXD" id="44"/>
-        <pinnumItem comment="USB-RXD" id="45"/>
-        <pinnumItem comment="USB0DM" id="47"/>
-        <pinnumItem comment="USB0DP" id="48"/>
-        <pinnumItem comment="ET0REFCLK" id="50"/>
-        <pinnumItem comment="PMOD1-IRQ" id="51"/>
-        <pinnumItem comment="PMOD1-SS" id="52"/>
-        <pinnumItem comment="PMOD1-IO0" id="53"/>
-        <pinnumItem comment="PMOD1-MISO" id="54"/>
-        <pinnumItem comment="PMOD1-SCK" id="55"/>
-        <pinnumItem comment="PMOD1-MOSI" id="56"/>
-        <pinnumItem comment="ET0CRS" id="58"/>
-        <pinnumItem comment="ET0COL" id="60"/>
-        <pinnumItem comment="ET0ETXD3" id="61"/>
-        <pinnumItem comment="ET0ETXD2" id="62"/>
-        <pinnumItem comment="ET0ETXD1" id="63"/>
-        <pinnumItem comment="ET0ETXD0" id="64"/>
-        <pinnumItem comment="ET0TXEN" id="65"/>
-        <pinnumItem comment="ET0TXCLK" id="66"/>
-        <pinnumItem comment="ET0INTRP" id="67"/>
-        <pinnumItem comment="ET0RXER" id="68"/>
-        <pinnumItem comment="ET0RXCLK" id="69"/>
-        <pinnumItem comment="ET0RXDV" id="70"/>
-        <pinnumItem comment="ET0ERXD0" id="71"/>
-        <pinnumItem comment="ET0ERXD1" id="72"/>
-        <pinnumItem comment="ET0ERXD2" id="73"/>
-        <pinnumItem comment="ET0ERXD3" id="75"/>
-        <pinnumItem comment="ET0RST(SW1-1ch)" id="77"/>
-        <pinnumItem comment="Light-SDA" id="78"/>
-        <pinnumItem comment="Light-SCL" id="79"/>
-        <pinnumItem comment="LCD-G6" id="101"/>
-        <pinnumItem comment="LCD-G7" id="102"/>
-        <pinnumItem comment="LCD-R3" id="106"/>
-        <pinnumItem comment="LCD-CLK" id="80"/>
-        <pinnumItem comment="LCD-R4" id="107"/>
-        <pinnumItem comment="LCD-VSYNC" id="81"/>
-        <pinnumItem comment="LCD-R5" id="108"/>
-        <pinnumItem comment="LCD-DISP-EN" id="82"/>
-        <pinnumItem comment="LCD-R6" id="109"/>
-        <pinnumItem comment="LCD-HSYNC" id="83"/>
-        <pinnumItem comment="LCD-DATA-EN" id="84"/>
-        <pinnumItem comment="ET0MDC" id="85"/>
-        <pinnumItem comment="ET0MDIO" id="86"/>
-        <pinnumItem comment="LCD-B3" id="87"/>
+        <pinnumItem comment="LCD-B4" id="88" symbolicname=""/>
+        <pinnumItem comment="LCD-B5" id="89" symbolicname=""/>
+        <pinnumItem comment="LCD-R7" id="110" symbolicname=""/>
+        <pinnumItem comment="LCD-B6" id="90" symbolicname=""/>
+        <pinnumItem comment="LCD-B7" id="92" symbolicname=""/>
+        <pinnumItem comment="QSPI-SO/SIO1" id="119" symbolicname=""/>
+        <pinnumItem comment="LCD-G2" id="94" symbolicname=""/>
+        <pinnumItem comment="LCD-G3" id="95" symbolicname=""/>
+        <pinnumItem comment="LCD-G4" id="96" symbolicname=""/>
+        <pinnumItem comment="LCD-G5" id="97" symbolicname=""/>
+        <pinnumItem comment="EMLE" id="10" symbolicname=""/>
+        <pinnumItem comment="LCD-BACKLIGHT" id="98" symbolicname=""/>
+        <pinnumItem comment="MIC-DATA" id="11" symbolicname=""/>
+        <pinnumItem comment="LCD-TOUCH-RST" id="99" symbolicname=""/>
+        <pinnumItem comment="MD/FINED" id="16" symbolicname=""/>
+        <pinnumItem comment="RESET" id="19" symbolicname=""/>
+        <pinnumItem comment="QSPI-SI/SIO0" id="120" symbolicname=""/>
+        <pinnumItem comment="QSPI-SCLK" id="121" symbolicname=""/>
+        <pinnumItem comment="QSPI-CS#" id="122" symbolicname=""/>
+        <pinnumItem comment="D2-LRCK" id="2" symbolicname=""/>
+        <pinnumItem comment="QSPI-HOLD#/SIO3" id="123" symbolicname=""/>
+        <pinnumItem comment="QSPI-WP#/SIO2" id="124" symbolicname=""/>
+        <pinnumItem comment="D2-SDIN" id="4" symbolicname=""/>
+        <pinnumItem comment="PMOD2-RST" id="125" symbolicname=""/>
+        <pinnumItem comment="PMOD2-IRQ" id="126" symbolicname=""/>
+        <pinnumItem comment="D2-SCLK" id="6" symbolicname=""/>
+        <pinnumItem comment="PMOD2-SS" id="127" symbolicname=""/>
+        <pinnumItem comment="MIC-BCLK" id="7" symbolicname=""/>
+        <pinnumItem comment="PMOD2-MISO" id="128" symbolicname=""/>
+        <pinnumItem comment="AUDIO_CLK" id="8" symbolicname=""/>
+        <pinnumItem comment="PMOD2-SCK" id="129" symbolicname=""/>
+        <pinnumItem comment="MIC-WS" id="9" symbolicname=""/>
+        <pinnumItem comment="XTAL" id="20" symbolicname=""/>
+        <pinnumItem comment="EXTAL" id="22" symbolicname=""/>
+        <pinnumItem comment="LCD-TOUCH-INT" id="25" symbolicname=""/>
+        <pinnumItem comment="LCD-TOUCH-SCL" id="26" symbolicname=""/>
+        <pinnumItem comment="LCD-TOUCH-SDA" id="27" symbolicname=""/>
+        <pinnumItem comment="WiFi-RTS" id="28" symbolicname=""/>
+        <pinnumItem comment="WiFi-TXD" id="29" symbolicname=""/>
+        <pinnumItem comment="PMOD2-MOSI" id="131" symbolicname=""/>
+        <pinnumItem comment="PMOD2-IO1" id="133" symbolicname=""/>
+        <pinnumItem comment="PMOD2-IO0" id="134" symbolicname=""/>
+        <pinnumItem comment="WiFi-EN" id="137" symbolicname=""/>
+        <pinnumItem comment="SD-ENABLE" id="138" symbolicname=""/>
+        <pinnumItem comment="SD-FLT" id="139" symbolicname=""/>
+        <pinnumItem comment="WiFi-CTS" id="30" symbolicname=""/>
+        <pinnumItem comment="WiFi-RXD" id="31" symbolicname=""/>
+        <pinnumItem comment="SDHI-SW_B" id="32" symbolicname=""/>
+        <pinnumItem comment="SDHI-DATA1" id="34" symbolicname=""/>
+        <pinnumItem comment="SDHI-DATA0" id="35" symbolicname=""/>
+        <pinnumItem comment="SDHI-CLK" id="36" symbolicname=""/>
+        <pinnumItem comment="SDHI-CMD" id="37" symbolicname=""/>
+        <pinnumItem comment="SDHI-CD/DATA3" id="38" symbolicname=""/>
+        <pinnumItem comment="SDHI-DATA2" id="39" symbolicname=""/>
+        <pinnumItem comment="LED2" id="141" symbolicname=""/>
+        <pinnumItem comment="SW2" id="144" symbolicname=""/>
+        <pinnumItem comment="USB0VBUSEN" id="40" symbolicname=""/>
+        <pinnumItem comment="PMOD1-RST" id="41" symbolicname=""/>
+        <pinnumItem comment="PMOD1-IO1" id="42" symbolicname=""/>
+        <pinnumItem comment="USB0OVRCURA" id="43" symbolicname=""/>
+        <pinnumItem comment="USB-TXD" id="44" symbolicname=""/>
+        <pinnumItem comment="USB-RXD" id="45" symbolicname=""/>
+        <pinnumItem comment="USB0DM" id="47" symbolicname=""/>
+        <pinnumItem comment="USB0DP" id="48" symbolicname=""/>
+        <pinnumItem comment="ET0REFCLK" id="50" symbolicname=""/>
+        <pinnumItem comment="PMOD1-IRQ" id="51" symbolicname=""/>
+        <pinnumItem comment="PMOD1-SS" id="52" symbolicname=""/>
+        <pinnumItem comment="PMOD1-IO0" id="53" symbolicname=""/>
+        <pinnumItem comment="PMOD1-MISO" id="54" symbolicname=""/>
+        <pinnumItem comment="PMOD1-SCK" id="55" symbolicname=""/>
+        <pinnumItem comment="PMOD1-MOSI" id="56" symbolicname=""/>
+        <pinnumItem comment="ET0CRS" id="58" symbolicname=""/>
+        <pinnumItem comment="ET0COL" id="60" symbolicname=""/>
+        <pinnumItem comment="ET0ETXD3" id="61" symbolicname=""/>
+        <pinnumItem comment="ET0ETXD2" id="62" symbolicname=""/>
+        <pinnumItem comment="ET0ETXD1" id="63" symbolicname=""/>
+        <pinnumItem comment="ET0ETXD0" id="64" symbolicname=""/>
+        <pinnumItem comment="ET0TXEN" id="65" symbolicname=""/>
+        <pinnumItem comment="ET0TXCLK" id="66" symbolicname=""/>
+        <pinnumItem comment="ET0INTRP" id="67" symbolicname=""/>
+        <pinnumItem comment="ET0RXER" id="68" symbolicname=""/>
+        <pinnumItem comment="ET0RXCLK" id="69" symbolicname=""/>
+        <pinnumItem comment="ET0RXDV" id="70" symbolicname=""/>
+        <pinnumItem comment="ET0ERXD0" id="71" symbolicname=""/>
+        <pinnumItem comment="ET0ERXD1" id="72" symbolicname=""/>
+        <pinnumItem comment="ET0ERXD2" id="73" symbolicname=""/>
+        <pinnumItem comment="ET0ERXD3" id="75" symbolicname=""/>
+        <pinnumItem comment="ET0RST(SW1-1ch)" id="77" symbolicname=""/>
+        <pinnumItem comment="Light-SDA" id="78" symbolicname=""/>
+        <pinnumItem comment="Light-SCL" id="79" symbolicname=""/>
+        <pinnumItem comment="LCD-G6" id="101" symbolicname=""/>
+        <pinnumItem comment="LCD-G7" id="102" symbolicname=""/>
+        <pinnumItem comment="LCD-R3" id="106" symbolicname=""/>
+        <pinnumItem comment="LCD-CLK" id="80" symbolicname=""/>
+        <pinnumItem comment="LCD-R4" id="107" symbolicname=""/>
+        <pinnumItem comment="LCD-VSYNC" id="81" symbolicname=""/>
+        <pinnumItem comment="LCD-R5" id="108" symbolicname=""/>
+        <pinnumItem comment="LCD-DISP-EN" id="82" symbolicname=""/>
+        <pinnumItem comment="LCD-R6" id="109" symbolicname=""/>
+        <pinnumItem comment="LCD-HSYNC" id="83" symbolicname=""/>
+        <pinnumItem comment="LCD-DATA-EN" id="84" symbolicname=""/>
+        <pinnumItem comment="ET0MDC" id="85" symbolicname=""/>
+        <pinnumItem comment="ET0MDIO" id="86" symbolicname=""/>
+        <pinnumItem comment="LCD-B3" id="87" symbolicname=""/>
     </tool>
     <tool id="Summary" version="1.0.0.0">
         <option id="com.renesas.smc.code.path" value="src\smc_gen"/>
@@ -843,7 +843,7 @@
                     <item id="Level15" input="" vlaue="0"/>
                 </option>
             </allocatable>
-            <component description="本MCU は、8 ビットのカウンタをベースにした2 チャネルの8 ビットタイマ（TMR）を2 ユニット（ユニット0、ユニット1）、合計4 チャネル内蔵しています。" detailDescription="" display="8 ビットタイマ" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr" version="1.10.0"/>
+            <component description="このソフトウェアコンポーネントは、8 ビットタイマ（TMR）の構成を提供します。&#10;&#10;外部イベントのカウントが可能なほか、2 本のレジスタとのコンペアマッチ信号により、カウンタのクリア、割り込み要求、任意のデューティ比のパルス出力など、多機能タイマとして種々の応用が可能です。" detailDescription="" display="8 ビットタイマ" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr" version="1.10.0"/>
             <allocator channelLevel0="0" channelLevel1="" channelLevel2="" channelLevel3="" channelLevel4="" channelLevel5="" description="8 ビットタイマ0" display="TMR0" id="com.renesas.smc.tools.swcomponent.codegenerator.tmr.rx72n.tmr0" type="">
                 <context>
                     <option enabled="true" id="CountMode" selection="8bitMode">
@@ -868,9 +868,9 @@
             <component description="依存モジュール: r_t4_driver_rx バージョン 1.09&#10;T4 is TCP/IP protocol stack that has small footprint for Renesas MCUs." detailDescription="TCP/IP protocol stack [M3S-T4-Tiny] for Renesas MCUs" display="r_t4_rx" id="r_t4_rx2.10" version="2.10">
                 <gridItem id="T4_CFG_SYSTEM_CHANNEL_NUMBER" selectedIndex="0"/>
                 <gridItem id="T4_CFG_SYSTEM_DHCP" selectedIndex="0"/>
-                <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH0" selectedIndex="192,168,10,33"/>
+                <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH0" selectedIndex="192,168,11,33"/>
                 <gridItem id="T4_CFG_FIXED_SABNET_MASK_CH0" selectedIndex="255,255,255,0"/>
-                <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH0" selectedIndex="192,168,10,1"/>
+                <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH0" selectedIndex="192,168,11,1"/>
                 <gridItem id="T4_CFG_FIXED_IP_ADDRESS_CH1" selectedIndex="192,168,0,10"/>
                 <gridItem id="T4_CFG_FIXED_SABNET_MASK_CH1" selectedIndex="255,255,255,0"/>
                 <gridItem id="T4_CFG_FIXED_GATEWAY_ADDRESS_CH1" selectedIndex="0,0,0,0"/>
@@ -1132,7 +1132,63 @@
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
         <configuration inuse="true" name="r_tsip_rx">
-            <component description="依存モジュール: r_bsp バージョン 7.30&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update.&#10;The &quot;.l&quot; in version number means library version." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.18.l" version="1.18.l"/>
+            <component description="依存モジュール: r_bsp バージョン 7.30&#10;Support functions: AES, GCM, CCM, CMAC, SHA, MD5, Triple-DES, ARC4, RSA, ECC, Random number generate, Key management, secure boot/secure firmware update." detailDescription="TSIP(Trusted Secure IP) driver." display="r_tsip_rx" id="r_tsip_rx1.21" version="1.21">
+                <gridItem id="TSIP_AES_128_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_CBC_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CBC_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CBC_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CBC_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CTR" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_256_CTR" selectedIndex="0"/>
+                <gridItem id="TSIP_AES_128_GCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_GCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_GCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_GCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CCM_ENCRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_CCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_CCM_DECRYPT" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_128_KEY_WRAP" selectedIndex="1"/>
+                <gridItem id="TSIP_AES_256_KEY_WRAP" selectedIndex="1"/>
+                <gridItem id="TSIP_TDES_ECB_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_ECB_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_CBC_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_TDES_CBC_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_ARC4_ENCRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_ARC4_DECRYPT" selectedIndex="0"/>
+                <gridItem id="TSIP_SHA_1" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_256" selectedIndex="1"/>
+                <gridItem id="TSIP_MD5" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_1_HMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_SHA_256_HMAC" selectedIndex="1"/>
+                <gridItem id="TSIP_RSAES_1024" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_2048" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_3072" selectedIndex="0"/>
+                <gridItem id="TSIP_RSAES_4096" selectedIndex="0"/>
+                <gridItem id="TSIP_RSASSA_1024" selectedIndex="1"/>
+                <gridItem id="TSIP_RSASSA_2048" selectedIndex="1"/>
+                <gridItem id="TSIP_RSASSA_3072" selectedIndex="0"/>
+                <gridItem id="TSIP_RSASSA_4096" selectedIndex="0"/>
+                <gridItem id="TSIP_RSA_RETRY_COUNT_FOR_RSA_KEY_GENERATION" selectedIndex="5120*2"/>
+                <gridItem id="TSIP_ECDSA_P192" selectedIndex="0"/>
+                <gridItem id="TSIP_ECDSA_P224" selectedIndex="0"/>
+                <gridItem id="TSIP_ECDSA_P256" selectedIndex="1"/>
+                <gridItem id="TSIP_ECDSA_P384" selectedIndex="1"/>
+                <gridItem id="TSIP_ECDH_P256" selectedIndex="1"/>
+                <gridItem id="TSIP_USER_SHA_384_ENABLED" selectedIndex="0"/>
+                <gridItem id="TSIP_USER_SHA_384_FUNCTION" selectedIndex="user_sha384_function"/>
+                <gridItem id="TSIP_TLS" selectedIndex="1"/>
+                <gridItem id="TSIP_SECURE_BOOT" selectedIndex="0"/>
+                <gridItem id="TSIP_FIRMWARE_UPDATE" selectedIndex="1"/>
+                <gridItem id="TSIP_MULTI_THREADING" selectedIndex="0"/>
+                <gridItem id="TSIP_MULTI_THREADING_LOCK_FUNCTION" selectedIndex="user_lock_function"/>
+                <gridItem id="TSIP_MULTI_THREADING_UNLOCK_FUNCTION" selectedIndex="user_unlock_function"/>
+            </component>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
             <source description="Components supporting Firmware Integration Technology" display="Firmware Integration Technology" id="com.renesas.smc.tools.swcomponent.fit.source"/>
         </configuration>
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject
index 142c267b6..03765b97e 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject
@@ -14,7 +14,7 @@
 			</storageModule>
 			<storageModule moduleId="com.renesas.cdt.managedbuild.core.toolchainInfo">
 				<option id="toolchain.id" value="Renesas_RXC"/>
-				<option id="toolchain.version" value="v3.04.00"/>
+				<option id="toolchain.version" value="v3.06.00"/>
 				<option id="toolchain.enable" value="true"/>
 			</storageModule>
 			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am b/IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
index bbcf978e2..cd39f4b25 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am
@@ -16,6 +16,10 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
 EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
 EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
+EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md
+EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh
+EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_private.pem
+EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_public.pem
 
 # Simple Example Contents
 EXTRA_DIST+= IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/sectioninfo.esi
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md
new file mode 100644
index 000000000..58f5d6f55
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/README.md
@@ -0,0 +1,39 @@
+# Create/Update Signed CA
+This document describes how to create/update Signed CA data that is used at an example program.
+
+## Signed CA Creation
+### Generate RSA Key pair
+```
+2048 bit RSA key pair
+$ openssl genrsa 2048 2> /dev/null > rsa_private.pem
+$ openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem 2> /dev/null
+```
+
+### Sign to CA certificate
+```
+Signed by 2048-bit RSA
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out <signed-CA>.sign <CA-file-for-Signed>
+
+For an example program, it assumes that wolfSSL example CA cert is to be signed.
+e.g.
+$ openssl dgst -sha256 -sign rsa_private.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1-out Signed-CA.sign /path/for/wolfssl/certs/ca-cert.der
+```
+
+### Convert Signed CA to C source
+It is able to use `dertoc.pl` to generate c-source data from signed-ca binary data.
+
+```
+$ /path/to/wolfssl/scripts/dertoc.pl ./ca-cert.der.sign ca_cert_der_sig example.c
+```
+
+
+## Appendix
+### Example Keys
+There are multiple example keys for testing in the `example_keys` folder.
+```
+<example_keys>
+|
++----+ rsa_private.pem  an example 2048-bit rsa private key for signing CA cert
+     + rsa_public.pem   an example 2048-bit rsa public key for verifying CA cert
+     + generate_signCA.sh an example script to generate signed-certificate data for the example program
+```
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh
new file mode 100755
index 000000000..aeb994f8a
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/generate_SignedCA.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# example usage
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../certs/ca-cert.der ../../../../../../../../wolfssl/
+# ./generate_SignedCA.sh rsa_private.pem rsa_public.pem ../../../../../../../certs/ca-ecc-cert.der ../../../../../../../../wolfssl
+#
+SIGOPT=rsa_padding_mode:pss
+SIGOPT2=rsa_pss_saltlen:-1
+CURRENT=$(cd $(dirname $0);pwd)
+
+function usage() {
+    cat <<- _EOT_
+    Usage:
+      $0 private-key public-key file-name wolfssl-dir
+
+    Options:
+      private-key : private key for sign/verify
+      public-key  : public key for verify
+      file-name   : file name to be signed
+      wolfssl-dir : wolfssl folder path
+
+_EOT_
+exit 1
+}
+
+if [ $# -ne 4 ]; then
+    usage
+fi
+
+# $1 private key for sign/verify
+# $2 public key for verify
+# $3 file for sign/verify
+signed_file=$(basename $3)
+wolf_dir=$4
+
+openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out ${CURRENT}/${signed_file}.sign $3
+
+echo Verify by private key
+openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+echo Verify by public key
+openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature ${CURRENT}/${signed_file}.sign $3
+
+# Convert Signed CA to c source
+${wolf_dir}/scripts/dertoc.pl ${CURRENT}/${signed_file}.sign  XXXXXXX ${signed_file}.c
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_private.pem b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_private.pem
new file mode 100644
index 000000000..18c7bb9ac
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAlC67WM6HB9unhAcRoIXJHbLFViHzQIpIirnePFIXq5DvOcQN
+ApYQ8iO+94CvDDed05HEhML/ENbyTHjfMhKcJrstGtIPLk+QSeTNi14SGyhhSfxd
+An/NrkATygOh8Qdjacxyq5wmTwZOVlq4waGbcQOlwvTVGijGQ786IRIezj56Vhce
+TWnA3GgMUCM7zTkMKd8zmPZSX0bHxkcQqCk98wXMpVAKaScZMPvHBrxHji0zG2QH
+vDpf5yUsomSXnqD/9D2oIKy2oG0sx9JXbz9AqPqBCPszUqY07b4QdOinHu8bkDmC
+Sj0nAI8PdC010q3GAYLw6X1sxRCMldqVPRAUvQIDAQABAoIBAGYt30P6jcQOY/G3
+iiEdf7P53Pdqy7jaYfE+/46qsOW+OCemF66L2j2OBpXWZ15OT4dfQZqmd4meHlA7
+HPUDPie68/xFkvBFLuK1YkLS6DtP2d5RpbUeea7JQpwPazCv/o4qy3uoXgYp/ASx
+5CqpDG2erUPE3dl++lAm4aeCPjnKcKUgklzZDjhAqEe/32oyR/Ns0m9TkTC7t73z
+a0iE2ncJSyPAdZmF5ZmyVilBRwU5HKFvlrL1NdoMU3DbD/BpZlKdEH7LxU7Rl3ad
+m4TlVpsnnDY/GfX5ScqpMK5KnYM31Hmt8kulomotor2R7AFWkI3Q8rL6XcKJRSDl
+cDbrHuECgYEAxFhMgldDhtYQfvsxpA+NLVL8G6Nfj5+zRTtlGp3+KhXqnJed84y8
+RhyfDd7sa2WZCyZyG7omJBLSXjnjGgvmT5ibgllCT0F1c3sVeBMEI21QCxWxxmLB
+3RBN6rBqxMdNpwn4AhOi397aIr9kch8iVpXcfif77xadeWVIgyW22CkCgYEAwTRd
+hjHfFNyU2qBWFg4i9LxWVZYaLqUa23z1IqDIzdAW+kyt/06Cln2cFdoH+XFjY2Ua
+Hm74HU+4QskoE+joGBkhr24Iwh5SLyOAwxcAbG4zYjWL9rBNe+wJVwmimV/Xv7A5
+bEOWPQyfNMGVQaV4T7NtNS9i7jsrdMtHqwAWOnUCgYAPdwz/rzPoaO//sHVmgLsT
++NdWrfWW8HNEXrtF72/XjMZf8ylDx7AErbhxdT+V7fiyAiM2v+DFMp5TQaf7ozhO
+yKxnBfTNHVDM+cLlJEpNKA0H8nuALsMqUGByvdaLDU+2eniIYVeQ3pK77etRedZQ
+j5lAbpHPcS6SI0Ik4lGWkQKBgQCRTtsQNK39OLFThMd6KwOrYYLlN9FVR6PddCvB
+8X9VG65MbiNnIxsgKDSeUq8wslD3znBId1lwYibJRBU6dC8rAKvPD0jTBo71GRSc
+pc4RvwgyUueDj7GXBD06EusRw322k8l8XZC/NaD/wqCJEPRdrSrzl0ImvqW+X6z1
+NUmCiQKBgQCcz9S2cwr6aCtwtpde+zGEdECNO2Sk7ZAVqUX7uuxig/SqryPUfrmJ
+tGGxoc2AoBZ6IE6+Ocq/B8HeFYfOTos59tn/HoKQp2LqCmunhBsuHlj1PS+e2JGz
+5f4Gg5OxvuvsMA19d3/E9D85drOoR1qKGt//DtvPwfY/nyyEVD19vw==
+-----END RSA PRIVATE KEY-----
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_public.pem b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_public.pem
new file mode 100644
index 000000000..62fd2e9f5
--- /dev/null
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/tools/example_keys/rsa_public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlC67WM6HB9unhAcRoIXJ
+HbLFViHzQIpIirnePFIXq5DvOcQNApYQ8iO+94CvDDed05HEhML/ENbyTHjfMhKc
+JrstGtIPLk+QSeTNi14SGyhhSfxdAn/NrkATygOh8Qdjacxyq5wmTwZOVlq4waGb
+cQOlwvTVGijGQ786IRIezj56VhceTWnA3GgMUCM7zTkMKd8zmPZSX0bHxkcQqCk9
+8wXMpVAKaScZMPvHBrxHji0zG2QHvDpf5yUsomSXnqD/9D2oIKy2oG0sx9JXbz9A
+qPqBCPszUqY07b4QdOinHu8bkDmCSj0nAI8PdC010q3GAYLw6X1sxRCMldqVPRAU
+vQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
index 8ee29ee30..0566cdcd8 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
@@ -1,284 +1,284 @@
-/* key_data.c
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-#include "key_data.h"
-
-/*-------------------------------------------------------------------------
-      RX72N supports TSIP v1.09 or later
---------------------------------------------------------------------------*/
-#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 109)
-
-const st_key_block_data_t g_key_block_data =
-{
-    /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */
-    {
-    	0x68, 0x03, 0xA1, 0x95, 0x3B, 0x93, 0x12, 0xCC, 0x86, 0x5A, 0x3E, 0x24,
-    	0xF7, 0xDD, 0x22, 0x31, 0xEC, 0xAB, 0x42, 0x8B, 0x90, 0xC2, 0x8E, 0xDF, 
-    	0x56, 0xB3, 0xAE, 0x3A, 0x99, 0x05, 0x34, 0xCD
-   },
-    /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
-    {
-    	0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23,
-        0x45, 0x67, 0x89, 0x01
-    },
-    /* uint8_t
-     * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
-     */
-    {
-        0x8F, 0xCE, 0xBA, 0x0C, 0xF6, 0x6F, 0x65, 0x7F, 0xF7, 0xB7, 0x31, 0x11,
-        0x20, 0x17, 0x7D, 0x8F, 0x5B, 0xA4, 0x43, 0x4F, 0x0A, 0x7C, 0x64, 0x24,
-        0x57, 0x03, 0xEB, 0xBB, 0xDD, 0xF4, 0x60, 0x1E, 0x30, 0x97, 0xB1, 0xC7,
-        0xFA, 0xEF, 0x5D, 0x16, 0x93, 0x16, 0xD6, 0x24, 0xA8, 0xC3, 0xCA, 0x7C,
-        0xF4, 0x00, 0x77, 0x0E, 0x62, 0xB1, 0x7E, 0x8E, 0x57, 0x19, 0x91, 0xEC,
-        0x47, 0xE1, 0x81, 0x6F, 0x79, 0x43, 0x51, 0xB9, 0x0A, 0x3F, 0x6B, 0x38,
-        0x9A, 0xB6, 0x2F, 0x97, 0x59, 0xA2, 0x7C, 0x6B, 0xBD, 0x8A, 0xCC, 0x52,
-        0x37, 0x2A, 0x22, 0xC9, 0x60, 0xB8, 0x99, 0x17, 0x2D, 0x94, 0x8B, 0x02,
-        0x51, 0xAB, 0xD2, 0x09, 0xEE, 0x08, 0x92, 0x19, 0x68, 0x0F, 0xBB, 0xEE,
-        0x0F, 0xFF, 0xAF, 0x7F, 0x08, 0x55, 0x81, 0xE6, 0x12, 0x34, 0x12, 0xBD,
-        0x2C, 0x8E, 0x8E, 0x9D, 0xC3, 0x34, 0x47, 0xF0, 0xF6, 0x01, 0x24, 0x05,
-        0x3D, 0x2E, 0x2E, 0x3E, 0x9C, 0x19, 0x8C, 0x99, 0x19, 0x06, 0x93, 0xD0,
-        0x14, 0x78, 0x89, 0x37, 0x2B, 0xA2, 0xD0, 0xBE, 0x67, 0x7C, 0xC6, 0xB3,
-        0x61, 0x85, 0xF9, 0x4E, 0xC7, 0x33, 0x00, 0x45, 0x34, 0x1B, 0x3F, 0xD9,
-        0xF1, 0xA4, 0x4B, 0x82, 0x34, 0x69, 0xF0, 0xE5, 0x4D, 0xCF, 0xC7, 0xAD,
-        0xD9, 0xF7, 0x86, 0x84, 0x1A, 0x5B, 0x7D, 0xBA, 0x7B, 0xC1, 0xF8, 0xB0,
-        0xE4, 0xAB, 0xA3, 0x05, 0xE0, 0xF0, 0x14, 0xDE, 0x8D, 0x7A, 0x98, 0xCA,
-        0x02, 0xDE, 0x02, 0xB6, 0xCC, 0xE4, 0xF9, 0x84, 0x1A, 0x1D, 0x5E, 0x00,
-        0x64, 0x80, 0x4F, 0x65, 0xDE, 0x48, 0x5D, 0x5C, 0x5C, 0x4B, 0x00, 0xD3,
-        0x03, 0xF0, 0x77, 0xB2, 0x8F, 0x2A, 0xFE, 0x38, 0x73, 0x2D, 0xFE, 0xDC,
-        0x18, 0xE0, 0x9A, 0xAC, 0x1D, 0x09, 0x41, 0x38, 0x99, 0x4C, 0xA6, 0x0E,
-        0x0F, 0xB4, 0xC0, 0x59, 0x38, 0x31, 0xC7, 0x69, 0x8A, 0x6A, 0x94, 0x8E,
-        0xEE, 0x38, 0x63, 0x2C, 0x4C, 0x0C, 0x65, 0x3F, 0xC6, 0xA2, 0x91, 0x48,
-        0x0A, 0xE2, 0x09, 0x50, 0x8F, 0x9E, 0x91, 0xF8, 0xAC, 0x3B, 0xDA, 0xBA
-    },
-    /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
-    {
-        0
-    },
-    /* uint8_t
-     * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
-     */
-    {
-        0x7B, 0x9E, 0xC9, 0x21, 0x70, 0xDF, 0xC0, 0x9E, 0x06, 0x57, 0xB8, 0x44,
-        0xD0, 0x95, 0x21, 0xD0, 0x37, 0xDC, 0xAE, 0x3A, 0xAF, 0xCD, 0x56, 0x51,
-        0x3C, 0xEC, 0x82, 0xB1, 0xFE, 0xBF, 0x6E, 0x12, 0xE7, 0x79, 0x92, 0xF0,
-        0x3F, 0x56, 0x8A, 0x46, 0x0E, 0x4D, 0x9D, 0xC9, 0x7D, 0xC9, 0x2D, 0xE9,
-        0x07, 0x1C, 0x9A, 0x11, 0x2F, 0x92, 0x26, 0x40, 0xD7, 0x73, 0xC8, 0xB9,
-        0xD0, 0xB8, 0x46, 0x42, 0x53, 0x23, 0x79, 0xBB, 0x3B, 0x97, 0x91, 0x11,
-        0x70, 0x66, 0xB6, 0xF4, 0x7B, 0x2F, 0x65, 0x3C, 0xA0, 0xD0, 0x70, 0x58,
-        0x3C, 0xA8, 0xD9, 0x79, 0x79, 0x14, 0x55, 0xA4, 0x73, 0xE3, 0x40, 0xBB,
-        0xC7, 0x57, 0x5C, 0x30, 0x9C, 0xC5, 0xB5, 0x9D, 0x87, 0xFB, 0x6E, 0x66,
-        0x9C, 0x77, 0xF8, 0x41, 0x75, 0x80, 0x30, 0x62, 0xD5, 0x20, 0xBA, 0xB4,
-        0x5D, 0x33, 0x8F, 0xC1, 0x5F, 0x22, 0xF1, 0xD8, 0x09, 0x62, 0xA6, 0xE1,
-        0x73, 0x50, 0x5B, 0x9B, 0xD7, 0x21, 0x8F, 0x38, 0x31, 0x5B, 0x79, 0x1D,
-        0xF8, 0x50, 0xE0, 0x87, 0xC1, 0x6B, 0xC4, 0x4D, 0x25, 0x6C, 0xB2, 0x0B,
-        0x88, 0x51, 0xB9, 0xB0, 0xDF, 0xC2, 0x6C, 0xC6, 0x52, 0xB8, 0x88, 0xC0,
-        0x25, 0x31, 0x99, 0x61, 0xCA, 0x0F, 0xCB, 0x63, 0x9A, 0x90, 0xE3, 0xB3,
-        0x11, 0xFD, 0xAB, 0x1F, 0x4C, 0x6B, 0xC5, 0x5C, 0x86, 0x29, 0x4C, 0x84,
-        0xC8, 0xE9, 0x5A, 0xCE, 0xE6, 0x3F, 0x79, 0xD2, 0xDC, 0x6A, 0xDD, 0x5F,
-        0x42, 0x45, 0x62, 0xB9, 0xE7, 0x64, 0x88, 0x2F, 0x70, 0x45, 0x1E, 0x9E,
-        0xCF, 0x9A, 0x4C, 0x2A, 0x3D, 0x1C, 0x6C, 0x2F, 0x94, 0x27, 0xD4, 0x2A,
-        0xE5, 0x55, 0xA5, 0x73, 0xB8, 0x74, 0x29, 0x74, 0xD6, 0xF4, 0x6C, 0xB7,
-        0x6C, 0x9D, 0x26, 0x6D, 0x2E, 0xBF, 0x99, 0xCA, 0xDD, 0xEB, 0x48, 0xAD,
-        0x71, 0xB1, 0x1B, 0x1E, 0xFB, 0xDE, 0x19, 0xB8, 0x11, 0x61, 0x09, 0xA2,
-        0x89, 0x66, 0xE3, 0xA6, 0x3D, 0x7F, 0xFE, 0xFF, 0xE8, 0x1B, 0xD3, 0x2D,
-        0xEA, 0xA5, 0x86, 0xCF, 0x96, 0xDE, 0xDE, 0xC1, 0x17, 0x96, 0x77, 0x41
-    },
-    /* uint8_t
-     * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
-     */
-    {
-        0x7B, 0x9E, 0xC9, 0x21, 0x70, 0xDF, 0xC0, 0x9E, 0x06, 0x57, 0xB8, 0x44,
-        0xD0, 0x95, 0x21, 0xD0, 0x37, 0xDC, 0xAE, 0x3A, 0xAF, 0xCD, 0x56, 0x51,
-        0x3C, 0xEC, 0x82, 0xB1, 0xFE, 0xBF, 0x6E, 0x12, 0xE7, 0x79, 0x92, 0xF0,
-        0x3F, 0x56, 0x8A, 0x46, 0x0E, 0x4D, 0x9D, 0xC9, 0x7D, 0xC9, 0x2D, 0xE9,
-        0x07, 0x1C, 0x9A, 0x11, 0x2F, 0x92, 0x26, 0x40, 0xD7, 0x73, 0xC8, 0xB9,
-        0xD0, 0xB8, 0x46, 0x42, 0x53, 0x23, 0x79, 0xBB, 0x3B, 0x97, 0x91, 0x11,
-        0x70, 0x66, 0xB6, 0xF4, 0x7B, 0x2F, 0x65, 0x3C, 0xA0, 0xD0, 0x70, 0x58,
-        0x3C, 0xA8, 0xD9, 0x79, 0x79, 0x14, 0x55, 0xA4, 0x73, 0xE3, 0x40, 0xBB,
-        0xC7, 0x57, 0x5C, 0x30, 0x9C, 0xC5, 0xB5, 0x9D, 0x87, 0xFB, 0x6E, 0x66,
-        0x9C, 0x77, 0xF8, 0x41, 0x75, 0x80, 0x30, 0x62, 0xD5, 0x20, 0xBA, 0xB4,
-        0x5D, 0x33, 0x8F, 0xC1, 0x5F, 0x22, 0xF1, 0xD8, 0x09, 0x62, 0xA6, 0xE1,
-        0x73, 0x50, 0x5B, 0x9B, 0xD7, 0x21, 0x8F, 0x38, 0x31, 0x5B, 0x79, 0x1D,
-        0xF8, 0x50, 0xE0, 0x87, 0xC1, 0x6B, 0xC4, 0x4D, 0x25, 0x6C, 0xB2, 0x0B,
-        0x88, 0x51, 0xB9, 0xB0, 0xDF, 0xC2, 0x6C, 0xC6, 0x52, 0xB8, 0x88, 0xC0,
-        0x25, 0x31, 0x99, 0x61, 0xCA, 0x0F, 0xCB, 0x63, 0x9A, 0x90, 0xE3, 0xB3,
-        0x11, 0xFD, 0xAB, 0x1F, 0x4C, 0x6B, 0xC5, 0x5C, 0x86, 0x29, 0x4C, 0x84,
-        0xC8, 0xE9, 0x5A, 0xCE, 0xE6, 0x3F, 0x79, 0xD2, 0xDC, 0x6A, 0xDD, 0x5F,
-        0x42, 0x45, 0x62, 0xB9, 0xE7, 0x64, 0x88, 0x2F, 0x70, 0x45, 0x1E, 0x9E,
-        0xCF, 0x9A, 0x4C, 0x2A, 0x3D, 0x1C, 0x6C, 0x2F, 0x94, 0x27, 0xD4, 0x2A,
-        0xE5, 0x55, 0xA5, 0x73, 0xB8, 0x74, 0x29, 0x74, 0xD6, 0xF4, 0x6C, 0xB7,
-        0x6C, 0x9D, 0x26, 0x6D, 0x2E, 0xBF, 0x99, 0xCA, 0xDD, 0xEB, 0x48, 0xAD,
-        0x71, 0xB1, 0x1B, 0x1E, 0x45, 0xE8, 0xE9, 0xF1, 0x1F, 0x8D, 0x7B, 0x7B,
-        0xD5, 0xDE, 0xE0, 0x8B, 0x67, 0x64, 0x4D, 0x9F, 0x6E, 0xC5, 0xB3, 0x03,
-        0xC6, 0x35, 0x93, 0xE9, 0xE1, 0xA5, 0xC4, 0x6B, 0xD9, 0x29, 0xA6, 0x86,
-        0xBB, 0x4B, 0xD9, 0xA4, 0x82, 0x68, 0xAF, 0x1E, 0x57, 0x30, 0x8C, 0xC6,
-        0x94, 0xCA, 0xE5, 0xAB, 0x9E, 0x11, 0x51, 0x22, 0xEC, 0x28, 0x63, 0xBD,
-        0xAA, 0xE8, 0xE5, 0x27, 0x7B, 0x68, 0x6C, 0x94, 0x42, 0xBA, 0x05, 0xEA,
-        0x68, 0x5F, 0x18, 0xE9, 0x64, 0x23, 0x07, 0x11, 0xE4, 0x7B, 0x37, 0x77,
-        0xFC, 0x35, 0xBC, 0xFC, 0x06, 0x2E, 0x7F, 0x15, 0xB8, 0xE1, 0x07, 0x42,
-        0x04, 0xD2, 0x4A, 0xD5, 0x43, 0xE1, 0x49, 0x7C, 0x43, 0x49, 0x80, 0x3A,
-        0x86, 0xE0, 0x10, 0x98, 0x77, 0xF2, 0x55, 0xC9, 0x21, 0x24, 0x6D, 0x01,
-        0x36, 0xC5, 0x1F, 0xB8, 0x2D, 0x5B, 0x62, 0x99, 0x15, 0x74, 0x19, 0x44,
-        0x82, 0xC1, 0x09, 0x16, 0x1B, 0xF1, 0x7E, 0xFD, 0xC5, 0xFD, 0x6C, 0x20,
-        0xC3, 0x35, 0x8D, 0x46, 0xE3, 0x98, 0xCF, 0xE7, 0x6F, 0xC7, 0xD7, 0x71,
-        0xCC, 0x95, 0x23, 0x60, 0xE7, 0x9E, 0x19, 0xD1, 0xA1, 0x0F, 0xDD, 0xFF,
-        0x6B, 0x79, 0x12, 0x06, 0xB6, 0x12, 0x28, 0x42, 0x20, 0x16, 0x1C, 0xA4,
-        0x0B, 0x94, 0x7D, 0xF5, 0xE3, 0x73, 0x62, 0x7B, 0x3B, 0x6B, 0xB7, 0xEC,
-        0xCF, 0xAF, 0xF9, 0x8E, 0x09, 0x84, 0x50, 0x25, 0xF6, 0x2C, 0x1F, 0x7E,
-        0x58, 0xE2, 0x5F, 0x06, 0x6D, 0xBB, 0x49, 0x9F, 0x29, 0x0A, 0x77, 0x95,
-        0xF2, 0x02, 0xA6, 0x10, 0xC6, 0x3C, 0x12, 0xC5, 0xD3, 0xA2, 0x73, 0x0A,
-        0x88, 0x86, 0x1D, 0xD7, 0x12, 0xF7, 0x49, 0x25, 0xFC, 0x81, 0x9F, 0xF6,
-        0x2D, 0xF8, 0xB4, 0xE9, 0xE7, 0xC5, 0x3D, 0x40, 0x73, 0x6C, 0xFD, 0xE7,
-        0xDA, 0x42, 0x34, 0xDB, 0x88, 0x72, 0x9E, 0xAE, 0x22, 0x68, 0x5B, 0xB1,
-        0x68, 0xF7, 0xF7, 0x2A, 0xD6, 0x6A, 0x02, 0x07, 0x5F, 0x8F, 0xD7, 0xE9
-    },
-    /* uint8_t
-     * encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
-     */
-    {
-        0xF2, 0x01, 0x30, 0xFE, 0x9F, 0xC6, 0x8F, 0x18, 0x81, 0xD9, 0xFF, 0xB9,
-        0x8F, 0xF3, 0x93, 0x7E, 0xBA, 0x5C, 0x12, 0xA1, 0x7F, 0x39, 0x85, 0x3E,
-        0xB0, 0xE7, 0x3E, 0xC7, 0xEF, 0x48, 0xA7, 0x75,	0x7B, 0x24, 0x16, 0x63,
-        0x7B, 0x8D, 0x13, 0x5B, 0xCA, 0xC9, 0xF7, 0xB1, 0xC7, 0x46, 0xCE, 0xBB,
-    	0xB9, 0xEE, 0x89, 0xAE, 0x90, 0xDF, 0x74, 0xF1, 0x2B, 0x61, 0x41, 0x2B,
-    	0xF9, 0x5D, 0x41, 0x14, 0x92, 0x9E, 0xBC, 0x9D, 0xFE, 0x0D, 0x9A, 0x72,
-    	0x5A, 0x52, 0x3F, 0xE1, 0xFA, 0xED, 0x40, 0x47
-     },
-    /* uint8_t
-     * encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
-     */
-    {
-        0x49, 0x3E, 0xC8, 0x9B, 0xB0, 0x04, 0xAE, 0x16, 0x98, 0xB2, 0x57, 0x70,
-        0x8D, 0x40, 0x6B, 0xAC, 0x59, 0xDD, 0x09, 0xB8, 0xCC, 0x10, 0xDE, 0xBE,
-        0x4F, 0xD4, 0x9E, 0x6B, 0xB4, 0x03, 0x85, 0x95, 0x73, 0xA7, 0x48, 0x6D, 
-        0x08, 0xD8, 0x71, 0xD7, 0xDA, 0x50, 0x2F, 0x18, 0x48, 0x3D, 0xBF, 0x02
-    },
-
-};
-
-/* Public key type of CA root cert: 0: RSA-2048 2: ECDSA-P256*/
-#if defined(USE_ECC_CERT)
-const uint32_t              encrypted_user_key_type =
-                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_ECDSA_P256;
-#else
-const uint32_t              encrypted_user_key_type =
-                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_RSA2048;
-#endif
-
-const unsigned char ca_ecc_cert_der_sig[] =
-{
-    0x85, 0x76, 0x96, 0x7D, 0xB5, 0x14, 0xD9, 0x4F, 0x3E, 0xCF,
-    0xF3, 0xD3, 0xAB, 0x76, 0x77, 0xBA, 0xDB, 0xB8, 0x87, 0xD2,
-    0x2E, 0xB5, 0x87, 0x69, 0x79, 0x8C, 0x34, 0x1A, 0x06, 0xB9,
-    0xD5, 0x0D, 0xA8, 0x4B, 0x05, 0x6A, 0xF4, 0x26, 0x86, 0xB6,
-    0x91, 0x0F, 0x27, 0x6F, 0xA7, 0xF1, 0x3C, 0xEC, 0x3D, 0x34,
-    0xE7, 0x82, 0xEB, 0x10, 0xE6, 0xFA, 0x04, 0x11, 0x78, 0xCD,
-    0xEB, 0xA0, 0xB4, 0x6C, 0xBC, 0x7C, 0x8C, 0x83, 0xD3, 0x68,
-    0xC2, 0x72, 0x17, 0xE0, 0x41, 0xA3, 0xE3, 0x5A, 0xB6, 0x2D,
-    0x52, 0xA4, 0x4A, 0x4E, 0x9B, 0x3E, 0x98, 0xD7, 0xBB, 0x17,
-    0xF5, 0x19, 0xAB, 0x30, 0xBF, 0xE2, 0x8B, 0xD7, 0x47, 0x7B,
-    0x99, 0x7B, 0x97, 0x46, 0x53, 0x34, 0xCA, 0x74, 0x00, 0x39,
-    0x04, 0x6F, 0x0B, 0xC0, 0x42, 0x73, 0x65, 0xCA, 0x3F, 0xE2,
-    0x58, 0x1E, 0x26, 0xE5, 0xA2, 0x86, 0x63, 0xF3, 0x41, 0x89,
-    0x0E, 0x6B, 0x74, 0xF4, 0x73, 0x4D, 0x8E, 0x04, 0x1E, 0x64,
-    0x7E, 0x9C, 0x37, 0x3A, 0xF2, 0x4E, 0x5B, 0xF2, 0x67, 0x9A,
-    0x48, 0xFB, 0x70, 0xDD, 0x70, 0x8C, 0xC0, 0x8F, 0xE9, 0x77,
-    0x7B, 0xC0, 0x1F, 0xB7, 0xE2, 0xB8, 0xC2, 0x67, 0xF0, 0x1D,
-    0x13, 0xFB, 0x8D, 0xEB, 0x69, 0xE8, 0xC0, 0x31, 0xAC, 0xB9,
-    0x0C, 0x2D, 0x89, 0x77, 0x81, 0xC5, 0x87, 0xDD, 0x28, 0x7C,
-    0x03, 0x34, 0xFA, 0xD8, 0xE5, 0x20, 0x4A, 0x88, 0x42, 0x6B,
-    0x16, 0x55, 0x33, 0x16, 0x57, 0x19, 0x6B, 0x5A, 0x0C, 0xAC,
-    0x12, 0xF4, 0x72, 0x7B, 0x1C, 0x8E, 0x85, 0xCE, 0x2D, 0xE7,
-    0x94, 0xAD, 0xFC, 0xA8, 0x92, 0x70, 0xE0, 0xFA, 0x19, 0xB3,
-    0xB4, 0x97, 0x25, 0x10, 0xCB, 0x27, 0x74, 0x57, 0x5D, 0x22,
-    0xDB, 0x1D, 0x2F, 0xB4, 0x27, 0x52, 0xDE, 0x56, 0x77, 0xFB,
-    0xBA, 0x75, 0x5F, 0xC3, 0x84, 0xA6
-};
-const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
-
-/* ./ca-cert.der.sign,  */
-const unsigned char ca_cert_der_sig[] =
-{
-    0x3C, 0x99, 0x92, 0x6F, 0x0A, 0xE7, 0xC1, 0x31, 0x1F, 0xC2,
-    0x60, 0xFD, 0x26, 0x54, 0x2F, 0xEA, 0xA4, 0xB6, 0x99, 0x8F,
-    0xCF, 0x01, 0x6F, 0x37, 0x7A, 0xF5, 0xB7, 0xD1, 0xCC, 0x51,
-    0x0B, 0x34, 0xF1, 0xF4, 0xF0, 0x48, 0xCF, 0x53, 0xD3, 0xE1,
-    0xF1, 0x08, 0xD1, 0x3F, 0x2B, 0x9A, 0x0E, 0x5A, 0x15, 0xB7,
-    0xAD, 0x14, 0x27, 0x24, 0x70, 0xE8, 0x02, 0x68, 0x21, 0xA2,
-    0xA2, 0x9D, 0x63, 0x41, 0x6A, 0xE3, 0xD2, 0xC9, 0x48, 0x7B,
-    0xF2, 0x6E, 0x7A, 0x80, 0xB8, 0xA9, 0x28, 0x61, 0x7B, 0x93,
-    0x93, 0x18, 0x68, 0x19, 0x6A, 0x6F, 0x78, 0x53, 0x32, 0xBF,
-    0xAB, 0x28, 0x10, 0x44, 0xAC, 0xB9, 0x15, 0xFD, 0x51, 0xFE,
-    0x5E, 0x47, 0x07, 0xCD, 0xAF, 0x94, 0x69, 0x7A, 0x66, 0x31,
-    0x3E, 0xED, 0x1B, 0x93, 0x97, 0x1A, 0x83, 0xA2, 0xC7, 0x5B,
-    0xD3, 0x34, 0xAE, 0x24, 0xC8, 0xE9, 0xA9, 0x9E, 0x64, 0xEA,
-    0x57, 0xA8, 0xA8, 0xD8, 0xA2, 0x74, 0x5F, 0xDB, 0x70, 0xCC,
-    0x07, 0x1D, 0xD0, 0xA7, 0x91, 0x61, 0xD6, 0x9F, 0x6F, 0x77,
-    0x80, 0xE9, 0x6C, 0x2F, 0x90, 0xF1, 0xBE, 0x25, 0x3F, 0x1C,
-    0x76, 0xB6, 0xAC, 0xD7, 0xD1, 0x1E, 0x97, 0x15, 0x94, 0x96,
-    0xD6, 0xF6, 0xBF, 0x39, 0x6D, 0xC7, 0xF5, 0x13, 0xE0, 0xBB,
-    0xC4, 0xDC, 0x18, 0x13, 0x65, 0x2B, 0x80, 0x23, 0x9A, 0x6A,
-    0x70, 0x30, 0x9A, 0xB3, 0xE5, 0x2D, 0xC1, 0xCB, 0xBF, 0x5A,
-    0xC2, 0xEE, 0xF6, 0x65, 0x50, 0xD4, 0xF2, 0xA3, 0xD5, 0xF9,
-    0xF8, 0x16, 0xD3, 0x05, 0xAC, 0xE9, 0x8B, 0x5A, 0x75, 0xD7,
-    0xF9, 0xB9, 0x05, 0xF3, 0x9C, 0xD0, 0xCE, 0x39, 0xA5, 0x7D,
-    0xB6, 0xC6, 0x78, 0x6A, 0x31, 0x6C, 0xD2, 0xBB, 0x6F, 0x8E,
-    0x11, 0xD4, 0x84, 0x8B, 0x21, 0x65, 0xFC, 0x2D, 0xD3, 0x51,
-    0xC6, 0x31, 0x80, 0xCD, 0xE9, 0x5F
-};
-const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
-/* ./client-cert.der.sign,  */
-const unsigned char client_cert_der_sign[] =
-{
-    0x58, 0x04, 0xD2, 0xCA, 0x82, 0x7F, 0x7C, 0xB3, 0x93, 0x8A,
-    0x81, 0x5F, 0x48, 0x91, 0xA4, 0x04, 0x13, 0x55, 0x20, 0x02,
-    0x1A, 0xCC, 0xD6, 0x09, 0x56, 0x89, 0x37, 0xBD, 0x3F, 0x88,
-    0x10, 0x3E, 0x8D, 0x2E, 0x30, 0x0E, 0x97, 0xA8, 0x68, 0xE1,
-    0xAE, 0x00, 0x9A, 0x42, 0xA0, 0xAF, 0x3E, 0xAE, 0xFF, 0xFF,
-    0xA7, 0xF3, 0x9C, 0xA7, 0x59, 0xB1, 0xA9, 0x67, 0x2D, 0xCE,
-    0xAE, 0x27, 0x0D, 0x9F, 0x22, 0x99, 0x43, 0x49, 0xC3, 0xC7,
-    0x50, 0x11, 0xDB, 0xD4, 0xE8, 0xA4, 0x6B, 0x30, 0x95, 0x6C,
-    0x66, 0x69, 0xF2, 0x2D, 0xE4, 0x41, 0x7D, 0x45, 0x73, 0xD5,
-    0xE7, 0x3D, 0x15, 0x34, 0x99, 0xB7, 0x27, 0xAC, 0xFB, 0x6D,
-    0xDC, 0xFF, 0x1F, 0x17, 0xF3, 0x37, 0x92, 0x44, 0x58, 0x57,
-    0x50, 0xA6, 0x3A, 0xB4, 0xB2, 0xB9, 0xAE, 0x8E, 0x4E, 0x63,
-    0x42, 0xBD, 0xDD, 0xAA, 0xC8, 0x26, 0x0D, 0xE8, 0x57, 0xCF,
-    0xBD, 0x75, 0xAB, 0xDD, 0x92, 0x53, 0x1F, 0x7A, 0x9F, 0x4D,
-    0x0E, 0xB0, 0xF5, 0x7F, 0xCE, 0x92, 0xD4, 0xEC, 0x3E, 0x44,
-    0x99, 0x27, 0x32, 0x42, 0xFA, 0x68, 0xCE, 0x2E, 0x75, 0x31,
-    0xEE, 0x74, 0xDA, 0xB4, 0x42, 0x8C, 0x30, 0xF8, 0xB7, 0xB6,
-    0xF4, 0x29, 0x5C, 0x18, 0x59, 0xE8, 0x39, 0x06, 0xF2, 0xDB,
-    0x50, 0xC4, 0x75, 0x3A, 0xD2, 0xDA, 0x9B, 0xEA, 0xBF, 0x80,
-    0x42, 0x97, 0x01, 0x7B, 0xBA, 0x5D, 0xA0, 0x29, 0x40, 0xAE,
-    0x3C, 0x4D, 0x75, 0x98, 0xEB, 0xCE, 0x5E, 0x67, 0xDC, 0xE3,
-    0xC5, 0x70, 0x8F, 0x22, 0x15, 0xCB, 0x31, 0x39, 0x8F, 0x6E,
-    0x8B, 0xA9, 0x22, 0x09, 0x18, 0xDC, 0x19, 0xD5, 0x65, 0x5E,
-    0xD5, 0x59, 0xAE, 0xD9, 0xAD, 0xF7, 0x9C, 0x2C, 0xD5, 0x79,
-    0x15, 0x62, 0xF8, 0xAE, 0xBA, 0x11, 0x24, 0x98, 0xC8, 0xB6,
-    0xF5, 0xDE, 0x32, 0x10, 0x03, 0x07
-};
-const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
-
-uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 };
-uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
-
-#endif /* WOLFSSL_RENESAS_TSIP_TLS && (WOLFSSL_RENESAS_TSIP_VER >= 109) */
+/* key_data.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include "key_data.h"
+
+/*-------------------------------------------------------------------------
+      RX72N supports TSIP v1.09 or later
+--------------------------------------------------------------------------*/
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >= 109)
+
+const st_key_block_data_t g_key_block_data =
+{
+    /* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */
+    {
+        0xDF, 0x78, 0x49, 0x28, 0xA9, 0x4C, 0x36, 0xD6, 0xC9, 0x89, 0x98, 0xDF,
+        0xFF, 0xB1, 0xCB, 0xBC, 0x9F, 0xF4, 0x34, 0xCD, 0x81, 0x53, 0x67, 0xB3,
+        0xFC, 0x85, 0xC6, 0x0B, 0xA2, 0xC8, 0xF4, 0x83
+   },
+    /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
+    {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23,
+        0x45, 0x67, 0x89, 0x01
+    },
+    /* uint8_t
+     * encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
+     */
+    {
+        0xCF, 0x64, 0xE8, 0xB7, 0xAB, 0x18, 0x50, 0xFD, 0xF5, 0x33, 0xA7, 0xA4,
+        0x43, 0xA0, 0x3D, 0xCE, 0xEB, 0x7F, 0xC8, 0x1E, 0x7F, 0xE9, 0x4D, 0x6B,
+        0x2E, 0xFB, 0x00, 0x14, 0x72, 0x49, 0x6F, 0xAA, 0x13, 0x58, 0xCC, 0xA2,
+        0x49, 0xC7, 0x98, 0xEB, 0xBD, 0x9F, 0x10, 0x32, 0x99, 0xBA, 0x28, 0xC5,
+        0xA3, 0x6A, 0x01, 0x9C, 0x97, 0x6D, 0x9B, 0xDF, 0xE9, 0xE0, 0x24, 0x18,
+        0xD0, 0x59, 0x3C, 0x93, 0x96, 0x7C, 0x90, 0xCF, 0xED, 0xAE, 0xE0, 0xCE,
+        0xC6, 0xBE, 0x81, 0x23, 0xE2, 0xBC, 0xE9, 0x69, 0x3B, 0x4A, 0x65, 0xA6,
+        0x84, 0x02, 0xDF, 0x54, 0x24, 0x25, 0x48, 0x76, 0xEF, 0x2C, 0xB6, 0x87,
+        0xC8, 0x09, 0x5E, 0x0D, 0xCA, 0xC5, 0x97, 0xCD, 0xA4, 0x44, 0xCA, 0xC9,
+        0xAD, 0xA0, 0x9C, 0x54, 0x05, 0x85, 0x18, 0xA7, 0xBF, 0xD8, 0x37, 0xBD,
+        0xF7, 0x73, 0x5D, 0x30, 0xFB, 0x48, 0xB1, 0xE0, 0x41, 0x92, 0x74, 0x4A,
+        0x68, 0x21, 0xEC, 0xE4, 0x2C, 0x0C, 0xBC, 0x02, 0xAD, 0xA5, 0x6F, 0xDD,
+        0xA6, 0xD6, 0x1C, 0x72, 0x85, 0xFD, 0x37, 0xB6, 0x2E, 0x0A, 0xD6, 0xBE,
+        0x7A, 0x81, 0xD3, 0x50, 0x24, 0xBE, 0x69, 0xFD, 0x6D, 0xD6, 0xAA, 0x2E,
+        0xFA, 0x00, 0x0A, 0x33, 0xEF, 0x53, 0xFC, 0xA4, 0xE7, 0xA2, 0x3E, 0xCE,
+        0x24, 0x39, 0x4D, 0xCA, 0xE7, 0xAA, 0xC5, 0x82, 0x19, 0x40, 0x60, 0x0F,
+        0xD3, 0x2C, 0x7D, 0x8E, 0x13, 0xEC, 0xCB, 0x38, 0xE1, 0xC9, 0x97, 0xF9,
+        0x24, 0x1D, 0x7C, 0x77, 0xCD, 0x73, 0xBD, 0x76, 0xC7, 0x08, 0x49, 0x24,
+        0xAE, 0x83, 0xE3, 0x99, 0x28, 0x62, 0xF9, 0x70, 0xD8, 0xB5, 0x28, 0x03,
+        0x83, 0x0A, 0xE0, 0xEB, 0x1C, 0xC9, 0xE4, 0x0E, 0x31, 0xF9, 0x5A, 0x0B,
+        0x3D, 0x06, 0x24, 0x49, 0x3B, 0xAE, 0xFE, 0x99, 0xAC, 0x59, 0x20, 0x6E,
+        0xF4, 0xE1, 0x4B, 0x3C, 0x7B, 0x86, 0xF7, 0x48, 0xAA, 0x3A, 0x79, 0x8D,
+        0x71, 0x4B, 0x7C, 0x4B, 0x5A, 0x74, 0x31, 0xB1, 0x6A, 0xA6, 0xD4, 0xC4,
+        0xE1, 0x59, 0x90, 0x62, 0x09, 0xAB, 0xA4, 0x91, 0x02, 0x0A, 0x22, 0x2B
+    },
+    /* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
+    {
+        0
+    },
+    /* uint8_t
+     * encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
+     */
+    {
+        0x60, 0x6B, 0x2E, 0x15, 0xAB, 0xE2, 0x51, 0x4D, 0x75, 0xEA, 0xF4, 0xE8,
+        0xF5, 0x21, 0xC3, 0x31, 0xF9, 0x3C, 0x8A, 0x7D, 0x2B, 0x55, 0x7B, 0xA7,
+        0xC0, 0xC5, 0xE0, 0xBC, 0x56, 0x75, 0xEB, 0xFA, 0x43, 0x6E, 0x49, 0x4F,
+        0x29, 0xD6, 0xE8, 0xAC, 0xDA, 0x44, 0xDD, 0x82, 0x23, 0xEC, 0x3D, 0x0E,
+        0xE2, 0xA1, 0xE7, 0xF3, 0x81, 0xB3, 0x4D, 0x81, 0x9A, 0xFB, 0xCE, 0x1A,
+        0x57, 0xE7, 0x0E, 0x8B, 0xDC, 0x18, 0xD8, 0xB4, 0x97, 0xD0, 0xA9, 0x5D,
+        0x81, 0xFB, 0x13, 0x10, 0x19, 0xD1, 0x0D, 0x43, 0xE6, 0x1D, 0xFC, 0x80,
+        0x32, 0x97, 0x6A, 0xB2, 0xB2, 0x63, 0xD9, 0xC2, 0x09, 0x34, 0xF3, 0xA0,
+        0x0C, 0xCE, 0x06, 0x6C, 0xB2, 0xB9, 0x2A, 0xDF, 0xEE, 0x68, 0x8B, 0x4E,
+        0x8C, 0xBA, 0xF8, 0xA7, 0x60, 0x3C, 0xCC, 0xD4, 0x94, 0x42, 0xCC, 0x37,
+        0x4B, 0xED, 0x70, 0xB1, 0x53, 0xBD, 0xE8, 0x92, 0xB9, 0x8B, 0x07, 0x27,
+        0x42, 0xC2, 0x1B, 0xE1, 0x7D, 0x45, 0xBC, 0xB9, 0xB4, 0x3D, 0xD1, 0x62,
+        0x44, 0x76, 0x4E, 0xFA, 0xE5, 0x00, 0x4F, 0x6B, 0xE6, 0xBB, 0x32, 0xFB,
+        0xD6, 0xEC, 0x58, 0x98, 0xFB, 0x80, 0xF7, 0x0E, 0x96, 0x9B, 0xBB, 0xCF,
+        0xDE, 0x31, 0x09, 0x39, 0x1A, 0x31, 0x49, 0xB8, 0x2F, 0x99, 0xEA, 0x9A,
+        0xF2, 0x46, 0xDB, 0x09, 0x21, 0xB1, 0x41, 0x98, 0x38, 0x9A, 0xDD, 0xEE,
+        0xA3, 0xEE, 0x02, 0xBB, 0x2D, 0x79, 0x44, 0xD0, 0x81, 0x60, 0x0E, 0xD3,
+        0xFF, 0xBC, 0x98, 0x6B, 0x5A, 0x19, 0x47, 0xEB, 0x88, 0xC3, 0x25, 0x58,
+        0xD8, 0x77, 0x95, 0x40, 0x76, 0xE3, 0x56, 0xCF, 0x94, 0x2D, 0xFE, 0x43,
+        0x63, 0xD6, 0x8D, 0xA0, 0x1B, 0x43, 0x33, 0xEB, 0xBC, 0xE7, 0x92, 0x40,
+        0xA2, 0xD5, 0x98, 0x5C, 0xF8, 0x91, 0xAF, 0x0B, 0xD2, 0x8E, 0xA8, 0x58,
+        0x84, 0x7D, 0x90, 0xBD, 0x46, 0x09, 0xD1, 0x14, 0x95, 0x32, 0x8F, 0x49,
+        0xC6, 0xDE, 0xB8, 0xA5, 0xC6, 0xFA, 0xB5, 0x5F, 0xA7, 0x41, 0x29, 0x68,
+        0x87, 0xE9, 0xAF, 0xC8, 0x6F, 0xFE, 0x50, 0x84, 0x01, 0x2E, 0x02, 0x6A
+    },
+    /* uint8_t
+     * encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
+     */
+    {
+        0x60, 0x6B, 0x2E, 0x15, 0xAB, 0xE2, 0x51, 0x4D, 0x75, 0xEA, 0xF4, 0xE8,
+        0xF5, 0x21, 0xC3, 0x31, 0xF9, 0x3C, 0x8A, 0x7D, 0x2B, 0x55, 0x7B, 0xA7,
+        0xC0, 0xC5, 0xE0, 0xBC, 0x56, 0x75, 0xEB, 0xFA, 0x43, 0x6E, 0x49, 0x4F,
+        0x29, 0xD6, 0xE8, 0xAC, 0xDA, 0x44, 0xDD, 0x82, 0x23, 0xEC, 0x3D, 0x0E,
+        0xE2, 0xA1, 0xE7, 0xF3, 0x81, 0xB3, 0x4D, 0x81, 0x9A, 0xFB, 0xCE, 0x1A,
+        0x57, 0xE7, 0x0E, 0x8B, 0xDC, 0x18, 0xD8, 0xB4, 0x97, 0xD0, 0xA9, 0x5D,
+        0x81, 0xFB, 0x13, 0x10, 0x19, 0xD1, 0x0D, 0x43, 0xE6, 0x1D, 0xFC, 0x80,
+        0x32, 0x97, 0x6A, 0xB2, 0xB2, 0x63, 0xD9, 0xC2, 0x09, 0x34, 0xF3, 0xA0,
+        0x0C, 0xCE, 0x06, 0x6C, 0xB2, 0xB9, 0x2A, 0xDF, 0xEE, 0x68, 0x8B, 0x4E,
+        0x8C, 0xBA, 0xF8, 0xA7, 0x60, 0x3C, 0xCC, 0xD4, 0x94, 0x42, 0xCC, 0x37,
+        0x4B, 0xED, 0x70, 0xB1, 0x53, 0xBD, 0xE8, 0x92, 0xB9, 0x8B, 0x07, 0x27,
+        0x42, 0xC2, 0x1B, 0xE1, 0x7D, 0x45, 0xBC, 0xB9, 0xB4, 0x3D, 0xD1, 0x62,
+        0x44, 0x76, 0x4E, 0xFA, 0xE5, 0x00, 0x4F, 0x6B, 0xE6, 0xBB, 0x32, 0xFB,
+        0xD6, 0xEC, 0x58, 0x98, 0xFB, 0x80, 0xF7, 0x0E, 0x96, 0x9B, 0xBB, 0xCF,
+        0xDE, 0x31, 0x09, 0x39, 0x1A, 0x31, 0x49, 0xB8, 0x2F, 0x99, 0xEA, 0x9A,
+        0xF2, 0x46, 0xDB, 0x09, 0x21, 0xB1, 0x41, 0x98, 0x38, 0x9A, 0xDD, 0xEE,
+        0xA3, 0xEE, 0x02, 0xBB, 0x2D, 0x79, 0x44, 0xD0, 0x81, 0x60, 0x0E, 0xD3,
+        0xFF, 0xBC, 0x98, 0x6B, 0x5A, 0x19, 0x47, 0xEB, 0x88, 0xC3, 0x25, 0x58,
+        0xD8, 0x77, 0x95, 0x40, 0x76, 0xE3, 0x56, 0xCF, 0x94, 0x2D, 0xFE, 0x43,
+        0x63, 0xD6, 0x8D, 0xA0, 0x1B, 0x43, 0x33, 0xEB, 0xBC, 0xE7, 0x92, 0x40,
+        0xA2, 0xD5, 0x98, 0x5C, 0xF8, 0x91, 0xAF, 0x0B, 0xD2, 0x8E, 0xA8, 0x58,
+        0x84, 0x7D, 0x90, 0xBD, 0x56, 0x1F, 0x2D, 0x1B, 0x8C, 0x17, 0x9E, 0xBA,
+        0x0C, 0x61, 0xF8, 0x1B, 0xFB, 0xA4, 0x9E, 0x71, 0xA8, 0x09, 0x9E, 0xA9,
+        0x0D, 0x2B, 0x18, 0x32, 0xFE, 0x56, 0x09, 0x1B, 0xD4, 0x0D, 0xEE, 0x58,
+        0x40, 0x3B, 0x2D, 0x85, 0x52, 0xDA, 0x75, 0x2E, 0x8E, 0x52, 0xE1, 0x06,
+        0x64, 0xA3, 0x06, 0x6B, 0x3E, 0x71, 0x45, 0x94, 0xE0, 0x12, 0x6F, 0x15,
+        0x03, 0x57, 0x87, 0xBF, 0xE2, 0x05, 0xF7, 0x0D, 0xEA, 0x27, 0x9D, 0x9C,
+        0xC4, 0x55, 0x7F, 0x87, 0x85, 0x87, 0x7F, 0xA7, 0xE4, 0xB4, 0xA6, 0x6F,
+        0xB9, 0x18, 0x2E, 0x3C, 0xCF, 0x8E, 0x61, 0xD9, 0x13, 0x8C, 0xC4, 0xFF,
+        0xA5, 0x0A, 0x86, 0xB7, 0x6D, 0x03, 0xA4, 0x48, 0xF5, 0xF4, 0xF5, 0x64,
+        0xEA, 0x43, 0x54, 0xEB, 0x27, 0xEE, 0xD6, 0xD8, 0x89, 0xDB, 0x62, 0x37,
+        0x73, 0x85, 0x86, 0xCA, 0x32, 0xE4, 0xA5, 0x61, 0x65, 0xA0, 0x0F, 0x59,
+        0xA1, 0xB5, 0xB6, 0xE4, 0xA5, 0xDC, 0xFF, 0x81, 0x86, 0xB0, 0x84, 0x1A,
+        0x4C, 0x68, 0xDA, 0xEB, 0x3D, 0x64, 0x40, 0x9D, 0x6B, 0x4B, 0x2A, 0x2B,
+        0x09, 0xE5, 0xF0, 0x78, 0xC2, 0x47, 0x37, 0xCB, 0xE8, 0xD1, 0xA5, 0xD8,
+        0xAA, 0x54, 0xC4, 0x23, 0xF9, 0x21, 0xF9, 0x78, 0x22, 0xB1, 0x40, 0x96,
+        0xF9, 0xEB, 0xCB, 0x7A, 0x4B, 0xFF, 0x78, 0x8A, 0x7B, 0x8A, 0x09, 0xA9,
+        0x94, 0x30, 0x4E, 0x20, 0xD2, 0x24, 0x1D, 0xED, 0x45, 0xA2, 0xAB, 0xFC,
+        0xFD, 0x6A, 0xBE, 0xA7, 0x18, 0xD4, 0x5B, 0xE5, 0xBE, 0x83, 0x9F, 0xEC,
+        0xA3, 0xBA, 0xEA, 0x62, 0x7E, 0xA0, 0xA2, 0x7C, 0x61, 0x8D, 0xF5, 0x42,
+        0x50, 0x73, 0xE0, 0x66, 0x0B, 0x61, 0xD7, 0x86, 0x7C, 0x72, 0xF9, 0x86,
+        0x0B, 0x8C, 0xC1, 0xB4, 0x2E, 0x9D, 0x19, 0xD1, 0xA4, 0xDC, 0x47, 0x85,
+        0xB1, 0xBA, 0x16, 0x30, 0x97, 0x80, 0x98, 0x29, 0x16, 0xFA, 0xFD, 0x50,
+        0xC6, 0x7F, 0x69, 0xA0, 0x16, 0xAF, 0x0A, 0x56, 0xDB, 0x1D, 0x53, 0xC4
+    },
+    /* uint8_t
+     * encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
+     */
+    {
+        0x12, 0xF0, 0x90, 0x57, 0xDA, 0x92, 0xB4, 0x6A, 0xD9, 0xD3, 0x4D, 0x54,
+        0x4C, 0x96, 0x8E, 0xB3, 0xAA, 0x33, 0x06, 0xC3, 0x7F, 0x4B, 0x6F, 0xFD,
+        0xA9, 0x11, 0x73, 0x0F, 0x70, 0x73, 0xA0, 0xF7, 0x73, 0xE7, 0x8B, 0xDB,
+        0xD4, 0x56, 0x4D, 0x7B, 0xCB, 0x79, 0x1E, 0x9B, 0x71, 0x74, 0xDF, 0x53,
+        0x05, 0xA8, 0x54, 0xB2, 0x8B, 0x55, 0xE1, 0x7F, 0x3D, 0x4A, 0xC8, 0x84,
+        0xB4, 0xD8, 0xBB, 0x9A, 0xDE, 0x2E, 0x42, 0x48, 0x9B, 0x12, 0x0B, 0x1B,
+        0x1A, 0xDB, 0x3E, 0x0E, 0xE3, 0x07, 0xF8, 0x3B
+     },
+    /* uint8_t
+     * encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
+     */
+    {
+        0x07, 0x21, 0xB3, 0x4A, 0x2D, 0xCE, 0xBE, 0x59, 0xBC, 0x8C, 0xE1, 0x84,
+        0xF0, 0xE3, 0xEF, 0x07, 0xD8, 0xE4, 0x30, 0x31, 0xB7, 0xE2, 0xB0, 0xA6,
+        0x6E, 0x51, 0xAE, 0xFD, 0x6B, 0x43, 0xB2, 0xFE, 0x1F, 0x16, 0x99, 0x67,
+        0x7D, 0x33, 0x1F, 0xF9, 0x5B, 0x3C, 0xB1, 0xAC, 0x90, 0xE4, 0x05, 0x7F
+    },
+
+};
+
+/* Public key type of CA root cert: 0: RSA-2048 2: ECDSA-P256*/
+#if defined(USE_ECC_CERT)
+const uint32_t              encrypted_user_key_type =
+                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_ECDSA_P256;
+#else
+const uint32_t              encrypted_user_key_type =
+                                    R_TSIP_TLS_PUBLIC_KEY_TYPE_RSA2048;
+#endif
+
+const unsigned char ca_ecc_cert_der_sig[] =
+{
+    0x80, 0x1C, 0x3A, 0xC0, 0x74, 0xC8, 0xF8, 0xB7, 0x23, 0xB0,
+    0x4D, 0xEC, 0x5A, 0xA3, 0x28, 0xD9, 0x27, 0x93, 0xD2, 0xEF,
+    0x48, 0xBD, 0x29, 0x99, 0x65, 0x7F, 0xCB, 0x60, 0xD3, 0xB7,
+    0xFF, 0x4D, 0xC4, 0x2D, 0x07, 0x53, 0xD3, 0xF9, 0xB6, 0xE7,
+    0x56, 0x25, 0x5D, 0x3E, 0x9C, 0x31, 0x1D, 0x8D, 0xA3, 0x29,
+    0xA0, 0x9C, 0xFB, 0xEC, 0x91, 0xF5, 0x58, 0x14, 0x11, 0xFD,
+    0x43, 0xFB, 0xA5, 0xAC, 0x70, 0xAE, 0x68, 0x89, 0x03, 0x32,
+    0x82, 0x53, 0xB9, 0xE3, 0x40, 0xD4, 0x50, 0xC5, 0xB4, 0xB2,
+    0x1F, 0xF6, 0x24, 0x10, 0xFE, 0x76, 0xA2, 0x1C, 0xAE, 0x01,
+    0x79, 0xBF, 0xF7, 0x5A, 0x5C, 0xA9, 0x9B, 0x80, 0x02, 0x7D,
+    0x24, 0x94, 0xCE, 0xFE, 0x41, 0x85, 0x1A, 0x63, 0x50, 0xD4,
+    0xDE, 0xBD, 0xB4, 0x26, 0xA4, 0x13, 0xE3, 0x94, 0x0C, 0xBB,
+    0xBE, 0x27, 0x0F, 0xDE, 0xF2, 0x2A, 0x0D, 0xD5, 0x79, 0x4B,
+    0x7A, 0xD6, 0x3C, 0x3B, 0xED, 0x4D, 0xAB, 0xB6, 0xBD, 0x53,
+    0x57, 0x9B, 0xA1, 0x69, 0x26, 0xD3, 0xDF, 0x47, 0x64, 0x4F,
+    0xD5, 0xC9, 0x11, 0x35, 0xB6, 0x17, 0x6C, 0x48, 0x6E, 0xBE,
+    0xCB, 0x0C, 0x63, 0x8C, 0x31, 0x45, 0x8B, 0x7F, 0x93, 0x02,
+    0x7C, 0xC6, 0xD3, 0x14, 0x2F, 0x5B, 0x41, 0x72, 0x4F, 0x48,
+    0xE6, 0xCC, 0x89, 0x4E, 0x31, 0x98, 0xBA, 0xBA, 0xE0, 0xAA,
+    0x04, 0x68, 0xF2, 0x07, 0xF5, 0x0B, 0x1F, 0xC2, 0x21, 0x28,
+    0x38, 0x44, 0xAF, 0x2C, 0x7C, 0x1B, 0x69, 0x12, 0xCC, 0x3B,
+    0xF7, 0xE8, 0xC2, 0x56, 0x00, 0x10, 0x14, 0x05, 0x6F, 0x29,
+    0x80, 0x7C, 0x1E, 0xB2, 0x37, 0x2C, 0xBF, 0x09, 0x77, 0xC9,
+    0x1D, 0xB1, 0x13, 0x7A, 0xDC, 0x87, 0x7D, 0xF1, 0x2E, 0xBC,
+    0xFC, 0x2B, 0x3D, 0x4A, 0x55, 0xD5, 0x85, 0x0C, 0xF1, 0x1D,
+    0xFE, 0x80, 0x73, 0xD9, 0xB4, 0x84
+};
+const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
+
+/* ./ca-cert.der.sign,  */
+const unsigned char ca_cert_der_sig[] =
+{
+    0x77, 0x62, 0x9D, 0x3D, 0x7A, 0x60, 0xF7, 0x9C, 0x7C, 0x1C,
+    0xC8, 0x9D, 0x09, 0x2D, 0x98, 0xBE, 0x39, 0x25, 0x4E, 0x05,
+    0xED, 0xF1, 0x93, 0xB1, 0x4B, 0x1B, 0x29, 0x2D, 0x8F, 0x3A,
+    0xCA, 0x3A, 0x8F, 0x3F, 0x77, 0x61, 0xF1, 0x97, 0x05, 0x69,
+    0xDC, 0x4A, 0x92, 0x52, 0x29, 0xC8, 0x26, 0x38, 0x53, 0x7A,
+    0x41, 0x7C, 0x73, 0xCA, 0xA7, 0x6B, 0xD7, 0x19, 0xC4, 0x99,
+    0x64, 0xCD, 0x27, 0xC9, 0x85, 0x19, 0x53, 0xD2, 0x93, 0xC5,
+    0x7A, 0xE5, 0xDC, 0x88, 0xA0, 0xFB, 0xB3, 0xEB, 0x8B, 0x01,
+    0xD6, 0x80, 0x9C, 0x93, 0x9D, 0x44, 0x5A, 0x17, 0x4B, 0x87,
+    0x8B, 0xD1, 0x08, 0xBA, 0x82, 0x87, 0xA7, 0x69, 0x06, 0x70,
+    0x67, 0x68, 0xE3, 0xD1, 0x6C, 0x05, 0x85, 0x97, 0x84, 0x6B,
+    0xBF, 0xC2, 0x91, 0xBC, 0xA5, 0x32, 0x37, 0x99, 0x5C, 0xC7,
+    0xE9, 0x8C, 0x4F, 0xBD, 0xFD, 0x66, 0x98, 0x38, 0xD8, 0x31,
+    0x4E, 0x97, 0x57, 0x66, 0x0C, 0x1F, 0x43, 0x81, 0xC5, 0x0F,
+    0xA2, 0x5A, 0xF2, 0xF6, 0x68, 0x9D, 0x97, 0xA9, 0x39, 0x42,
+    0xFD, 0xCB, 0xCB, 0x29, 0x56, 0xA0, 0x49, 0x8D, 0x79, 0x40,
+    0x66, 0x60, 0xC1, 0xB1, 0x99, 0xD7, 0x32, 0x06, 0x80, 0x64,
+    0x43, 0x7F, 0x2B, 0x5A, 0xF7, 0xD9, 0x54, 0xF6, 0x3E, 0x2C,
+    0x92, 0x6F, 0xEE, 0xCA, 0x59, 0x53, 0xC1, 0xCA, 0x3C, 0xDB,
+    0xA3, 0x20, 0xF9, 0x8D, 0xEF, 0xFD, 0x8B, 0x08, 0xCE, 0x25,
+    0x58, 0x16, 0x00, 0x93, 0xB6, 0xF6, 0xF8, 0x7D, 0x1C, 0x35,
+    0xD2, 0x8E, 0xAE, 0x51, 0x1F, 0x08, 0x99, 0xBA, 0x63, 0x4B,
+    0x05, 0x93, 0x61, 0x64, 0x40, 0x85, 0x71, 0x69, 0xBB, 0xF2,
+    0xC4, 0xAE, 0x9E, 0xFB, 0x5C, 0xD1, 0x3F, 0x5F, 0x0D, 0x85,
+    0xAA, 0x73, 0x23, 0x16, 0xE7, 0x13, 0x60, 0x5D, 0xF4, 0x88,
+    0x34, 0xB1, 0xD2, 0xC9, 0x6B, 0xD4
+};
+const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
+/* ./client-cert.der.sign,  */
+const unsigned char client_cert_der_sign[] =
+{
+    0x21, 0x2A, 0x81, 0xFF, 0xC2, 0x4C, 0x98, 0xFF, 0xB8, 0x99,
+	0xFC, 0x14, 0x07, 0xBA, 0xBD, 0x7F, 0x58, 0x0F, 0x23, 0x49,
+	0x6B, 0xFA, 0x47, 0xAC, 0xF5, 0xCF, 0x7A, 0x76, 0x89, 0x07,
+	0x22, 0x2F, 0x2A, 0xC5, 0x9F, 0x6D, 0x37, 0xFC, 0x7E, 0x51,
+	0x55, 0x29, 0xDA, 0xF9, 0x7E, 0x30, 0x25, 0x3F, 0x38, 0xE3,
+	0x5B, 0xD8, 0xD1, 0xC4, 0xE1, 0x05, 0x14, 0x5D, 0x3A, 0x8C,
+	0xFC, 0x42, 0x7D, 0x38, 0x21, 0x5B, 0x0B, 0xC8, 0x6E, 0x80,
+	0x35, 0xA7, 0x0B, 0xAB, 0x9E, 0x8B, 0x7F, 0x04, 0xE5, 0x43,
+	0x2E, 0xFF, 0x11, 0x67, 0x04, 0xF4, 0x52, 0x52, 0xEF, 0x6C,
+	0xC6, 0x30, 0x63, 0xE0, 0xAE, 0xCB, 0xD0, 0xBC, 0x7F, 0xB7,
+	0x98, 0xD4, 0x08, 0x76, 0x49, 0xFF, 0x0E, 0xAF, 0x2B, 0x3B,
+	0xA0, 0xFD, 0x25, 0xD5, 0x42, 0x02, 0x0A, 0xAA, 0xC0, 0x0C,
+	0x5C, 0x62, 0x04, 0xD0, 0x4A, 0xE7, 0xEA, 0x26, 0x72, 0xE1,
+	0x35, 0x8D, 0x47, 0x5A, 0xE6, 0x9A, 0xD5, 0x5C, 0x31, 0x79,
+	0x7A, 0xEE, 0x59, 0xAD, 0x1B, 0x04, 0x2C, 0xFF, 0x74, 0x9D,
+	0xA5, 0x90, 0x21, 0xCE, 0xC2, 0x04, 0x41, 0x98, 0x14, 0x27,
+	0xF8, 0x35, 0xB9, 0xF5, 0x73, 0x1D, 0xAE, 0x2F, 0x8F, 0x44,
+	0x79, 0xCA, 0xE7, 0x38, 0xDD, 0x15, 0x11, 0xDB, 0xA5, 0x6D,
+	0xE6, 0x7F, 0x4E, 0x73, 0xE6, 0x2E, 0x98, 0xF3, 0xDD, 0x5A,
+	0x34, 0x24, 0x6B, 0xAF, 0x28, 0xDC, 0x3A, 0x10, 0x0D, 0x54,
+	0x86, 0x11, 0x52, 0x0F, 0x88, 0x65, 0x03, 0xE5, 0x1C, 0x04,
+	0x45, 0x6B, 0x25, 0x3E, 0x8D, 0x5B, 0xD7, 0x2E, 0x33, 0x06,
+	0xAA, 0x23, 0xFE, 0x1B, 0x7B, 0xE8, 0xB9, 0xA7, 0x80, 0x3F,
+	0x08, 0x89, 0x6A, 0x22, 0x3F, 0xE0, 0xB8, 0xF3, 0xA4, 0x0A,
+	0xC6, 0xA5, 0x51, 0xC4, 0x1A, 0x38, 0xE3, 0xD2, 0x8A, 0x1C,
+	0xF1, 0xAE, 0x89, 0xFB, 0xCE, 0x9E
+};
+const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
+
+uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 };
+uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
+
+#endif /* WOLFSSL_RENESAS_TSIP_TLS && (WOLFSSL_RENESAS_TSIP_VER >= 109) */
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
index 80df72cb3..2872b0886 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h
@@ -1,68 +1,72 @@
-/* key_data.h
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-
-
-
-#ifndef KEY_DATA_H_
-#define KEY_DATA_H_
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-
-#if defined(WOLFSSL_RENESAS_TSIP)
-
-#include "r_tsip_rx_if.h"
-
-typedef struct st_key_block_data
-{
-    /* encrypted provisioning key */
-    uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2];
-    /* iv */
-    uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE];
-    /* RSA2048 public key for RootCA sign verification */
-    uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
-    /* update key (not used) */
-    uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16];
-    /* wrapped client RSA2048bit public key */
-    uint8_t encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
-    /* wrapped client RSA2048bit private key */
-    uint8_t encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16];
-    /* wrapped client ECC P256 public key */
-    uint8_t encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
-    /* wrapped client ECC P256 private key */
-    uint8_t encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
-} st_key_block_data_t;
-
-
-extern const uint32_t               encrypted_user_key_type;
-extern const st_key_block_data_t    g_key_block_data;
-
-extern const unsigned char          ca_cert_der_sig[];
-extern const unsigned char          ca_ecc_cert_der_sig[];
-extern const unsigned char          client_cert_der_sign[];
-extern const int                    sizeof_ca_cert_der;
-
-
-#endif /* WOLFSSL_RENESAS_TSIP */
-#endif /* KEY_DATA_H_ */
-
+/* key_data.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+
+
+#ifndef KEY_DATA_H_
+#define KEY_DATA_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+
+#if defined(WOLFSSL_RENESAS_TSIP)
+
+#include "r_tsip_rx_if.h"
+
+typedef struct st_key_block_data
+{
+    /* encrypted provisioning key */
+    uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2];
+    /* iv */
+    uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE];
+    /* RSA2048 public key for RootCA sign verification */
+    uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
+    /* update key (not used) */
+    uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16];
+    /* wrapped client RSA2048bit public key */
+    uint8_t encrypted_user_rsa2048_public_key[
+                                    R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
+    /* wrapped client RSA2048bit private key */
+    uint8_t encrypted_user_rsa2048_private_key[
+                                    R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16];
+    /* wrapped client ECC P256 public key */
+    uint8_t encrypted_user_ecc256_public_key[
+                                    R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
+    /* wrapped client ECC P256 private key */
+    uint8_t encrypted_user_ecc256_private_key[
+                                    R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
+} st_key_block_data_t;
+
+
+extern const uint32_t               encrypted_user_key_type;
+extern const st_key_block_data_t    g_key_block_data;
+
+extern const unsigned char          ca_cert_der_sig[];
+extern const unsigned char          ca_ecc_cert_der_sig[];
+extern const unsigned char          client_cert_der_sign[];
+extern const int                    sizeof_ca_cert_der;
+
+
+#endif /* WOLFSSL_RENESAS_TSIP */
+#endif /* KEY_DATA_H_ */
+
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
index e9199f02b..70c5fc88f 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,9 +40,10 @@
  *      114: TSIPv1.14
  *      115: TSIPv1.15
  *      117: TSIPv1.17
+ *      121: TSIPv1.21
  *----------------------------------------------------------------------------*/
   #define WOLFSSL_RENESAS_TSIP
-  #define WOLFSSL_RENESAS_TSIP_VER     117
+  #define WOLFSSL_RENESAS_TSIP_VER     121
 
 
 #if defined(SIMPLE_TLS_CLIENT) || defined(SIMPLE_TLS_SERVER)
@@ -239,12 +240,17 @@
 #if defined(WOLFSSL_RENESAS_TSIP)
     /*-- TSIP TLS and/or CRYPTONLY Definition --------------------------------*/
     /* Enable TSIP TLS (default)
-     *   TSIP CRYPTONLY is also enabled.
+     *   TSIP CRYPT is also enabled.
      * Disable TSIP TLS
+     *   TSIP CRYPT is also disabled
      *   TSIP CRYPTONLY is only enabled.
      */
     #define WOLFSSL_RENESAS_TSIP_TLS
 
+    /* #define WOLFSSL_RENESAS_TSIP_CRYPTONLY */
+    /* #define WOLFSSL_KEY_GEN                */
+    /* #define RSA_MIN_SIZE 1024              */
+
     #if !defined(NO_RENESAS_TSIP_CRYPT)
         #define HAVE_PK_CALLBACKS
         #define WOLF_CRYPTO_CB
@@ -266,13 +272,13 @@
      * directly. Comment out the macro will generate random number by
      * wolfSSL Hash DRBG by using a seed which is generated by TSIP API.
      *-----------------------------------------------------------------------*/
-	#define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
+    #define CUSTOM_RAND_GENERATE_BLOCK wc_tsip_GenerateRandBlock
 #else
     #define OPENSSL_EXTRA
     #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
-	#if !defined(min)
-    	#define min(data1, data2)    _builtin_min(data1, data2)
-	#endif
+    #if !defined(min)
+        #define min(data1, data2)    _builtin_min(data1, data2)
+    #endif
 #endif
 
 
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
index 56f07cf90..2c97bb479 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c
@@ -1,6 +1,6 @@
 /* wolfssl_demo.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,9 +23,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-
-
-
+#include <stdarg.h>
 
 #include <wolfssl/wolfcrypt/settings.h>
 #include "wolfssl/ssl.h"
@@ -67,10 +65,10 @@
     static WOLFSSL_CTX* client_ctx;
 #endif /* TLS_CLIENT */
 
-#define TLSSERVER_IP      "192.168.11.49"
+#define TLSSERVER_IP      "192.168.11.47"
 #define TLSSERVER_PORT    11111
-#define YEAR 2023
-#define MON  3
+#define YEAR 2024
+#define MON  9
 #define FREQ 10000 /* Hz */
 #define MAX_MSGSTR  80
 
@@ -201,7 +199,7 @@ static void Tls_client_init()
             char *cert       = "./certs/ca-cert.pem";
         #endif
     #else
-        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256) 
+        #if defined(USE_ECC_CERT) && defined(USE_CERT_BUFFERS_256)
             const unsigned char *cert       = ca_ecc_cert_der_256;
             #define  SIZEOF_CERT sizeof_ca_ecc_cert_der_256
         #else
@@ -216,7 +214,7 @@ static void Tls_client_init()
     wolfSSL_Init();
 
     /* Create and initialize WOLFSSL_CTX */
-    if ((client_ctx = 
+    if ((client_ctx =
         wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL))) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         return;
@@ -228,7 +226,7 @@ static void Tls_client_init()
 
     /* load root CA certificate */
     #if defined(NO_FILESYSTEM)
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, 
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert,
                             SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
            printf("ERROR: can't load certificate data\n");
        return;
@@ -239,7 +237,7 @@ static void Tls_client_init()
         return NULL;
     }
     #endif
-     
+
     #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_RENESAS_TSIP_TLS)
 
     if (wolfSSL_CTX_UseSupportedCurve(client_ctx, WOLFSSL_ECC_SECP256R1)
@@ -311,7 +309,7 @@ static void Tls_client(void *pvParam)
     if (ret == 0) {
         ssl = wolfSSL_new(ctx);
         if (ssl == NULL) {
-            msg(pcName, p->id, "ERROR wolfSSL_new: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_new: %d\n",
                                         wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -345,7 +343,7 @@ static void Tls_client(void *pvParam)
     if (ret == 0) {
         /* associate socket with ssl object */
         if (wolfSSL_set_fd(ssl, (int)socket) != WOLFSSL_SUCCESS) {
-            msg(pcName, p->id, "ERROR wolfSSL_set_fd: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_set_fd: %d\n",
                                                     wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -404,11 +402,11 @@ static void Tls_client(void *pvParam)
         }
     }
 #endif /* WOLFSSL_CHECK_SIG_FAULTS */
-    
+
     #else
     /* Client authentication using RSA certificate can be handled by TSIP.
      * Note that the internal verification of the signature process requires
-     * not only the client's private key but also its public key, so pass them 
+     * not only the client's private key but also its public key, so pass them
      * using tsip_use_PrivateKey_buffer_TLS and tsip_use_PublicKey_buffer_TLS
      * respectively.
          */
@@ -422,7 +420,7 @@ static void Tls_client(void *pvParam)
             }
         }
         if (ret == 0) {
-            ret = tsip_use_PublicKey_buffer(ssl,
+            ret = tsip_use_PublicKey_buffer_TLS(ssl,
                 (const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
                 sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),
                                                             TSIP_RSA2048);
@@ -435,9 +433,9 @@ static void Tls_client(void *pvParam)
 #else
     #if defined(USE_ECC_CERT)
     if (ret == 0) {
-        err = wolfSSL_use_PrivateKey_buffer(ssl, 
+        err = wolfSSL_use_PrivateKey_buffer(ssl,
                                     ecc_clikey_der_256,
-                                    sizeof_ecc_clikey_der_256, 
+                                    sizeof_ecc_clikey_der_256,
                                     WOLFSSL_FILETYPE_ASN1);
         if (err != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
@@ -446,10 +444,10 @@ static void Tls_client(void *pvParam)
         }
     }
     #else
-    if (ret == 0) { 
+    if (ret == 0) {
         err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
                             sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1);
-         
+
         if (err != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
                                                 wolfSSL_get_error(ssl, 0));
@@ -464,7 +462,7 @@ static void Tls_client(void *pvParam)
 #endif
     if (ret == 0) {
         if (wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
-            msg(pcName, p->id, "ERROR wolfSSL_connect: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_connect: %d\n",
                                                     wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -473,9 +471,9 @@ static void Tls_client(void *pvParam)
    wolfSSL_Debugging_OFF();
 #endif
     if (ret == 0) {
-        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != 
+        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) !=
                                                             strlen(sendBuff)) {
-            msg(pcName, p->id, "ERROR wolfSSL_write: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_write: %d\n",
                                                     wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -483,7 +481,7 @@ static void Tls_client(void *pvParam)
 
     if (ret == 0) {
         if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE -1)) < 0) {
-            msg(pcName, p->id, "ERROR wolfSSL_read: %d\n", 
+            msg(pcName, p->id, "ERROR wolfSSL_read: %d\n",
                                                     wolfSSL_get_error(ssl, 0));
             ret = -1;
         }
@@ -493,7 +491,7 @@ static void Tls_client(void *pvParam)
             ret = 0;
         }
     }
-    
+
 #if defined(TLS_MULTITHREAD_TEST)
 out:
 #endif
@@ -600,7 +598,7 @@ static void Tls_client_demo(void)
     tsip_inform_cert_sign((const byte*)ca_ecc_cert_der_sig);
 
     #else
-    
+
     /* Root CA cert has RSA public key */
     tsip_inform_cert_sign((const byte*)ca_cert_der_sig);
 
@@ -639,7 +637,7 @@ static void Tls_client_demo(void)
 
             printf(" %s connecting to %d port\n", info[j].name, info[j].port);
 
-            xReturned = xTaskCreate(Tls_client, info[j].name, 
+            xReturned = xTaskCreate(Tls_client, info[j].name,
                                         THREAD_STACK_SIZE, &info[j], 3, NULL);
             if (xReturned != pdPASS) {
                 printf("Failed to create task\n");
@@ -647,7 +645,7 @@ static void Tls_client_demo(void)
         }
 
         for (j = i; j < (i+2); j++) {
-            xSemaphoreGiveFromISR(info[j].xBinarySemaphore, 
+            xSemaphoreGiveFromISR(info[j].xBinarySemaphore,
                                                     &xHigherPriorityTaskWoken);
         }
 
@@ -695,7 +693,7 @@ static void Tls_client_demo(void)
 #endif /* TLS_CLIENT */
 
 /* Demo entry function called by iot_demo_runner
- * To run this entry function as an aws_iot_demo, define this as 
+ * To run this entry function as an aws_iot_demo, define this as
  * DEMO_entryFUNCTION in aws_demo_config.h.
  */
 void wolfSSL_demo_task(bool         awsIotMqttMode,
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
index 4aa90b5d5..cc0b9c2cd 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
index 1b84878d3..e714a39ca 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
@@ -1,6 +1,6 @@
 /* wolfssl_tsip_unit_test.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -56,11 +56,11 @@
 #endif
 
 #ifndef NO_SHA
- int sha_test();
+ int sha_test(void);
 #endif
 
 #ifndef NO_SHA256
- int sha256_test();
+ int sha256_test(void);
 #endif
 
 #define SMALL_STACK_SIZE (1 * 1024)
@@ -126,8 +126,8 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
 
     Aes  aes[1];
 
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     int  ret = 0;
 
     WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
@@ -139,8 +139,8 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
     byte key[] = "0123456789abcdef   ";  /* align */
     byte iv[]  = "1234567890abcdef   ";  /* align */
 
-    ForceZero(cipher, AES_BLOCK_SIZE);
-    ForceZero(plain, AES_BLOCK_SIZE);
+    ForceZero(cipher, WC_AES_BLOCK_SIZE);
+    ForceZero(plain, WC_AES_BLOCK_SIZE);
 
     if (prnt) {
         printf(" tsip_aes_cbc_test() ");
@@ -148,13 +148,13 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
 
     ret = wc_AesInit(aes, NULL, INVALID_DEVID);
     if (ret == 0) {
-        ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(aes, key, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         XMEMCPY(&aes->ctx.tsip_keyIdx, aes_key,
                         sizeof(tsip_aes_key_index_t));
 
         aes->ctx.keySize = aes->keylen;
         if (ret == 0) {
-            ret = wc_tsip_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE);
+            ret = wc_tsip_AesCbcEncrypt(aes, cipher, msg, WC_AES_BLOCK_SIZE);
         }
 
         wc_AesFree(aes);
@@ -167,18 +167,18 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
     if (ret == 0)
         ret = wc_AesInit(aes, NULL, INVALID_DEVID);
     if (ret == 0) {
-        ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
+        ret = wc_AesSetKey(aes, key, WC_AES_BLOCK_SIZE, iv, AES_DECRYPTION);
         XMEMCPY(&aes->ctx.tsip_keyIdx, aes_key,
                 sizeof(tsip_aes_key_index_t));
         aes->ctx.keySize = aes->keylen;
         if (ret == 0)
-            ret = wc_tsip_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE);
+            ret = wc_tsip_AesCbcDecrypt(aes, plain, cipher, WC_AES_BLOCK_SIZE);
 
         wc_AesFree(aes);
     }
     if (ret != 0)
         ret = -2;
-    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
+    if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0)
         ret = -3;
 #endif /* HAVE_AES_DECRYPT */
 
@@ -216,8 +216,8 @@ static void tskAes128_Cbc_Test(void *pvParam)
 static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
 {
     Aes enc[1];
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     Aes dec[1];
     int  ret = 0;
 
@@ -279,7 +279,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
         dec->ctx.keySize = dec->keylen;
     }
 
-    ForceZero(cipher, AES_BLOCK_SIZE);
+    ForceZero(cipher, WC_AES_BLOCK_SIZE);
     ret = wc_tsip_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 
     if (ret != 0) {
@@ -287,7 +287,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
         goto out;
     }
 
-    ForceZero(plain, AES_BLOCK_SIZE);
+    ForceZero(plain, WC_AES_BLOCK_SIZE);
     ret = wc_tsip_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 
     if (ret != 0){
@@ -395,8 +395,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
     };
 
     byte resultT[sizeof(t1)];
-    byte resultP[sizeof(p) + AES_BLOCK_SIZE];
-    byte resultC[sizeof(p) + AES_BLOCK_SIZE];
+    byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
     int  result = 0;
     int  ret;
 
@@ -408,10 +408,10 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
         printf(" tsip_aes256_gcm_test() ");
     }
 
-    ForceZero(resultT, sizeof(resultT));
-    ForceZero(resultC, sizeof(resultC));
-    ForceZero(resultP, sizeof(resultP));
-    ForceZero(&userContext, sizeof(TsipUserCtx));
+    XMEMSET(resultT, 0, sizeof(resultT));
+    XMEMSET(resultC, 0, sizeof(resultC));
+    XMEMSET(resultP, 0, sizeof(resultP));
+    XMEMSET(&userContext, 0, sizeof(TsipUserCtx));
 
     if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) {
         ret = -1;
@@ -434,10 +434,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
     }
 
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
-    result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p),
-                        (byte*)iv1, sizeof(iv1), resultT, sizeof(resultT),
-                        a, sizeof(a), &userContext);
-
+    result = wc_tsip_AesGcmEncrypt(enc,
+        resultC, p, sizeof(p),
+        (byte*)iv1, sizeof(iv1), resultT, sizeof(resultT),
+        a, sizeof(a), &userContext
+    );
     if (result != 0) {
         ret = -4;
         goto out;
@@ -451,9 +452,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
         dec->ctx.keySize = enc->keylen;
     }
 
-    result = wc_tsip_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
-                        iv1, sizeof(iv1), resultT, sizeof(resultT),
-                        a, sizeof(a), &userContext);
+    result = wc_tsip_AesGcmDecrypt(dec,
+        resultP, resultC, sizeof(c1),
+        iv1, sizeof(iv1), resultT, sizeof(resultT),
+        a, sizeof(a), &userContext
+    );
     if (result != 0){
         ret = -8;
         goto out;
@@ -469,18 +472,21 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
 
     wc_AesGcmSetKey(enc, k1, sizeof(k1));
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
-    result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
-                                resultT + 1, sizeof(resultT) - 1,
-                                a, sizeof(a), &userContext);
+    result = wc_tsip_AesGcmEncrypt(enc,
+        resultC, p, sizeof(p), iv1, sizeof(iv1),
+        resultT + 1, sizeof(resultT) - 1,
+        a, sizeof(a), &userContext
+    );
     if (result != 0) {
         ret = -10;
         goto out;
     }
 
-    result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
-                            iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
-                            a, sizeof(a), &userContext);
-
+    result = wc_tsip_AesGcmDecrypt(enc,
+        resultP, resultC, sizeof(p),
+        iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
+        a, sizeof(a), &userContext
+    );
     if (result != 0) {
         ret = -11;
         goto out;
@@ -523,7 +529,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 #endif /* FREERTOS */
 #endif
 
-#if defined(WOLFSSL_AES_128)
+#if defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM)
 
 static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
 {
@@ -568,9 +574,9 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
         0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6
     };
 
-    byte resultT[16];
-    byte resultP[60 + AES_BLOCK_SIZE];
-    byte resultC[60 + AES_BLOCK_SIZE];
+    byte resultT[sizeof(t3)];
+    byte resultP[sizeof(p3) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p3) + WC_AES_BLOCK_SIZE];
     int  result = 0;
     int ret;
 
@@ -581,10 +587,10 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
         printf(" tsip_aes128_gcm_test() ");
     }
 
-    ForceZero(resultT, sizeof(resultT));
-    ForceZero(resultC, sizeof(resultC));
-    ForceZero(resultP, sizeof(resultP));
-    ForceZero(&userContext, sizeof(TsipUserCtx));
+    XMEMSET(resultT, 0, sizeof(resultT));
+    XMEMSET(resultC, 0, sizeof(resultC));
+    XMEMSET(resultP, 0, sizeof(resultP));
+    XMEMSET(&userContext, 0, sizeof(TsipUserCtx));
 
     if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) {
         ret = -1;
@@ -607,21 +613,27 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
         enc->ctx.keySize = enc->keylen;
     }
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
-    result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3),
-                                        iv3, sizeof(iv3),
-                                        resultT, sizeof(t3),
-                                        a3, sizeof(a3), &userContext);
+    result = wc_tsip_AesGcmEncrypt(enc,
+        resultC, p3, sizeof(p3),
+        iv3, sizeof(iv3),
+        resultT, sizeof(t3),
+        a3, sizeof(a3), &userContext
+    );
     if (result != 0) {
         ret = -4;
         goto out;
     }
-    result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
-                                iv3, sizeof(iv3), resultT, sizeof(resultT),
-                                a3, sizeof(a3), &userContext);
+
+    result = wc_tsip_AesGcmDecrypt(enc,
+        resultP, resultC, sizeof(c3),
+        iv3, sizeof(iv3), resultT, sizeof(resultT),
+        a3, sizeof(a3), &userContext
+    );
     if (result != 0) {
         ret = -5;
         goto out;
     }
+
     if (XMEMCMP(p3, resultP, sizeof(p3))) {
         ret = -6;
         goto out;
@@ -711,41 +723,44 @@ static void tskSha256_Test(void *pvParam)
 #define TEST_STRING_SZ   25
 #define RSA_TEST_BYTES   256 /* up to 2048-bit key */
 
-static int tsip_rsa_SignVerify_test(int prnt, int keySize)
+static int tsip_rsa_test(int prnt, int keySize)
 {
     int ret = 0;
 
-    RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    RsaKey *key = NULL;
     WC_RNG rng;
     const char inStr [] = TEST_STRING;
-    const char inStr2[] = TEST_STRING2;
     const word32 inLen = (word32)TEST_STRING_SZ;
     const word32 outSz = RSA_TEST_BYTES;
-
+    word32 out_actual_len = 0;
     byte *in = NULL;
-    byte *in2 = NULL;
     byte *out= NULL;
+    byte *outplain = NULL;
+    int initRsa = 0;
+    int devId = 7890; /* fixed devid for TSIP/SCE */
 
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    key = (RsaKey *)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    out = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    outplain = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-    (void) prnt;
-
-    if (key == NULL || in == NULL || out == NULL) {
+    if (key == NULL || in == NULL || out == NULL || outplain == NULL) {
         ret = -1;
         goto out;
     }
 
-    XMEMSET(&rng, 0, sizeof(rng));
-    XMEMSET(key, 0, sizeof *key);
+    XMEMSET(key, 0, sizeof(*key));
     XMEMCPY(in, inStr, inLen);
-    XMEMCPY(in2, inStr2, inLen);
+    XMEMSET(out,  0, outSz);
+    XMEMSET(outplain, 0, outSz);
 
-    ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
+    ret = wc_InitRsaKey_ex(key, NULL, devId);
     if (ret != 0) {
         goto out;
     }
+    initRsa = 1;
 
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
@@ -753,7 +768,91 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
     if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
         goto out;
 
-    /* make rsa key by SCE */
+    /* Generate a new RSA key to use with TSIP/SCE */
+    if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
+        goto out;
+    }
+
+    ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
+    if (ret < 0) {
+        goto out;
+    }
+
+    ret = wc_RsaPrivateDecrypt(out, (word32)(keySize/8), outplain, outSz, key);
+    if (ret < 0) {
+        ret = -1;
+        goto out;
+    }
+
+    if (XMEMCMP(in, outplain, inLen) != 0) {
+        ret = -2;
+        goto out;
+    }
+
+    ret = 0;
+out:
+
+    wc_FreeRng(&rng);
+    if (key != NULL) {
+        if (initRsa)
+            wc_FreeRsaKey(key);
+        XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(outplain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    (void)prnt;
+    return ret;
+}
+
+
+static int tsip_rsa_SignVerify_test(int prnt, int keySize)
+{
+    int ret = 0;
+
+    RsaKey *key = NULL;
+    WC_RNG rng;
+    const char inStr [] = TEST_STRING;
+    const char inStr2[] = TEST_STRING2;
+    const word32 inLen = (word32)TEST_STRING_SZ;
+    const word32 outSz = RSA_TEST_BYTES;
+    word32 signSz = 0;
+    byte *in = NULL;
+    byte *in2 = NULL;
+    byte *out= NULL;
+    int initRsa = 0;
+    int devId = 7890; /* fixed devid for TSIP/SCE */
+
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    key = (RsaKey *)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    out = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (key == NULL || in == NULL || out == NULL) {
+        ret = -1;
+        goto out;
+    }
+
+    XMEMSET(key, 0, sizeof(*key));
+    XMEMCPY(in, inStr, inLen);
+    XMEMCPY(in2, inStr2, inLen);
+
+    ret = wc_InitRsaKey_ex(key, NULL, devId);
+    if (ret != 0) {
+        goto out;
+    }
+    initRsa = 1;
+
+    if ((ret = wc_InitRng(&rng)) != 0)
+        goto out;
+
+    if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
+        goto out;
+
+    /* Generate a new RSA key to use with TSIP/SCE */
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
@@ -762,36 +861,42 @@ static int tsip_rsa_SignVerify_test(int prnt, int keySize)
     if (ret < 0) {
         goto out;
     }
+    signSz = ret;
 
     /* this should fail */
-    ret = wc_RsaSSL_Verify(in2, inLen, out, keySize/8, key);
+    ret = wc_RsaSSL_Verify(out, signSz, in2, inLen, key);
     if (ret != SIG_VERIFY_E) {
         ret = -1;
         goto out;
     }
     /* this should succeed */
-    ret = wc_RsaSSL_Verify(in, inLen, out, keySize/8, key);
+    ret = wc_RsaSSL_Verify(out, signSz, in, inLen, key);
     if (ret < 0) {
         ret = -1;
         goto out;
     }
     ret = 0;
+
   out:
+
+    wc_FreeRng(&rng);
     if (key != NULL) {
-        wc_FreeRsaKey(key);
+        if (initRsa)
+            wc_FreeRsaKey(key);
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
     XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
+    (void)prnt;
     return ret;
 }
 #endif /* NO_RSA */
 
 
 #ifdef TSIP_MULTIUNIT_TEST
-int tsip_crypt_sha_multitest()
+int tsip_crypt_sha_multitest(void)
 {
     int ret = 0;
     int num = 0;
@@ -849,7 +954,7 @@ int tsip_crypt_sha_multitest()
 }
 
 
-int tsip_crypt_AesCbc_multitest()
+int tsip_crypt_AesCbc_multitest(void)
 {
     int ret = 0;
     int num = 0;
@@ -930,7 +1035,7 @@ int tsip_crypt_AesCbc_multitest()
 }
 
 
-int tsip_crypt_AesGcm_multitest()
+int tsip_crypt_AesGcm_multitest(void)
 {
     int ret = 0;
     int num = 0;
@@ -1009,7 +1114,7 @@ int tsip_crypt_AesGcm_multitest()
     return ret;
 }
 
-int tsip_crypt_Sha_AesCbcGcm_multitest()
+int tsip_crypt_Sha_AesCbcGcm_multitest(void)
 {
     int ret = 0;
     int num = 0;
@@ -1089,7 +1194,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
 #endif
 
 
-int tsip_crypt_test()
+int tsip_crypt_test(void)
 {
     int ret = 0;
     e_tsip_err_t tsip_error_code;
@@ -1132,6 +1237,7 @@ int tsip_crypt_test()
 
         }
 
+#ifdef HAVE_AESGCM
         if (ret == 0) {
 
             ret = tsip_aesgcm128_test(1, &g_user_aes128_key_index1);
@@ -1143,8 +1249,10 @@ int tsip_crypt_test()
             ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1);
 
         }
-   #if defined(WOLFSSL_KEY_GEN) && \
-       defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+#endif
+
+#if defined(WOLFSSL_KEY_GEN) && \
+    defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 
         if (ret == 0) {
             Clr_CallbackCtx(&userContext);
@@ -1155,6 +1263,23 @@ int tsip_crypt_test()
                 ret = 0;
         }
 
+#if RSA_MIN_SIZE <= 1024
+        if (ret == 0) {
+            userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
+            printf(" tsip_rsa_test(1024)");
+            ret = tsip_rsa_test(1, 1024);
+            RESULT_STR(ret)
+        }
+#endif
+        if (ret == 0) {
+            userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
+            printf(" tsip_rsa_test(2048)");
+            ret = tsip_rsa_test(1, 2048);
+            RESULT_STR(ret)
+        }
+
+
+#if RSA_MIN_SIZE <= 1024
         if (ret == 0) {
             printf(" tsip_rsa_SignVerify_test(1024)");
 
@@ -1167,6 +1292,7 @@ int tsip_crypt_test()
         }
 
         Clr_CallbackCtx(&userContext);
+#endif
 
         if (ret == 0) {
             printf(" tsip_rsa_SignVerify_test(2048)");
@@ -1180,12 +1306,11 @@ int tsip_crypt_test()
         }
 
         Clr_CallbackCtx(&userContext);
-   #endif
+#endif /* WOLFSSL_KEY_GEN && WOLFSSL_RENESAS_TSIP_CRYPTONLY */
     }
-    else
+    else {
         ret = -1;
-
-
+    }
     return ret;
 }
 
diff --git a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h
index beb89aae6..200339e3d 100644
--- a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h b/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
index 6357c0b64..254a6af78 100644
--- a/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
@@ -1,6 +1,6 @@
 /* wolfssl_demo.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RZN2L/include.am b/IDE/Renesas/e2studio/RZN2L/include.am
index af40725cb..88ccadfc7 100644
--- a/IDE/Renesas/e2studio/RZN2L/include.am
+++ b/IDE/Renesas/e2studio/RZN2L/include.am
@@ -14,4 +14,4 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfCrypt/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfSSL/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
-EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/user_settings.h
\ No newline at end of file
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/user_settings.h
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c b/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
index cb9b3b7a0..84c448015 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
@@ -1,6 +1,6 @@
 /* rzn2l_tst_thread_entry.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c
index 227d75f48..597e4505c 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c
@@ -1,6 +1,6 @@
 /* wolf_client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,14 +58,14 @@ void wolfSSL_TLS_client_init()
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         return;
     }
-    
+
     #if !defined(NO_FILESYSTEM)
     if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
         printf("ERROR: can't load \"%s\"\n", cert);
         return NULL;
     }
     #else
-    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, 
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT,
                                             SSL_FILETYPE_ASN1) != SSL_SUCCESS){
            printf("ERROR: can't load certificate data\n");
        return;
@@ -83,13 +83,13 @@ int wolfSSL_TLS_client_do(void *pvParam)
     socklen_t xSize = sizeof(struct freertos_sockaddr);
     xSocket_t xClientSocket = NULL;
     struct freertos_sockaddr xRemoteAddress;
-    
+
     WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)p->ctx;
     WOLFSSL *ssl = NULL;
 
     #define BUFF_SIZE 256
     static const char sendBuff[]= "Hello Server\n" ;
-    
+
     char    rcvBuff[BUFF_SIZE] = {0};
 
     /* Client Socket Setup */
@@ -128,10 +128,10 @@ int wolfSSL_TLS_client_do(void *pvParam)
          printf(" Error [%d]: wolfSSL_set_fd.\n",ret);
      }
 
-     printf("  Cipher : %s\n", 
+     printf("  Cipher : %s\n",
                                     (p->cipher == NULL) ? "NULL" : p->cipher);
      /* use specific cipher */
-     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher) 
+     if (p->cipher != NULL && wolfSSL_set_cipher_list(ssl, p->cipher)
                                                            != WOLFSSL_SUCCESS) {
           printf(" client can't set cipher list 1");
           goto out;
@@ -150,7 +150,7 @@ int wolfSSL_TLS_client_do(void *pvParam)
      wolfSSL_Debugging_OFF();
      #endif
 
-     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff)) 
+     if (wolfSSL_write(ssl, sendBuff, (int)strlen(sendBuff))
                                                     != (int)strlen(sendBuff)) {
         printf(" ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
         goto out;
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c
index fc3d9706c..8b0c620d7 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c
@@ -1,6 +1,6 @@
 /* wolf_server.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
index 795d8286e..43a38a307 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
@@ -1,6 +1,6 @@
 /* wolfssl_sce_unit_test.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -112,7 +112,7 @@ FSPSM_ST gCbInfo_a; /* for multi testing */
     uint8_t rsa1024_wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_1024_PRIVATE ];
     uint8_t rsa2048_wrapped_key1[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_2048_PUBLIC];
     uint8_t rsa2048_wrapped_key2[RSIP_BYTE_SIZE_WRAPPED_KEY_RSA_2048_PRIVATE ];
-    
+
     FSPSM_RSA1024_WPB_KEY* g_user_rsa1024_public_key =
                     (FSPSM_RSA1024_WPB_KEY*)rsa1024_wrapped_key1;
     FSPSM_RSA1024_WPI_KEY* g_user_rsa1024_private_key =
@@ -134,12 +134,12 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
 
     Aes  aes[1];
 
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     word32 keySz = (word32)(128/8);
     int  ret = 0;
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { 
+    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
        /* "Now is the time for all " w/o trailing 0 */
         0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
         0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
@@ -147,19 +147,19 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     };
     byte iv[]  = "1234567890abcdef   ";  /* align */
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
 
     if (prnt) {
         printf(" rsip_aes_cbc_test() ");
     }
-    
+
     ret = wc_AesInit(aes, NULL, devId1);
     if (ret == 0) {
         ret = wc_AesSetKey(aes, (byte*)aes_key, keySz,
                                iv, AES_ENCRYPTION);
         if (ret == 0) {
-            ret = wc_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE);
+            ret = wc_AesCbcEncrypt(aes, cipher, msg, WC_AES_BLOCK_SIZE);
         }
 
         wc_AesFree(aes);
@@ -174,13 +174,13 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
         ret = wc_AesSetKey(aes, (byte*)aes_key, keySz,
                                iv, AES_DECRYPTION);
         if (ret == 0)
-            ret = wc_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE);
+            ret = wc_AesCbcDecrypt(aes, plain, cipher, WC_AES_BLOCK_SIZE);
 
         wc_AesFree(aes);
     }
     if (ret != 0)
         ret = -2;
-    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
+    if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0)
         ret = -3;
 #endif /* HAVE_AES_DECRYPT */
 
@@ -189,7 +189,7 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -197,7 +197,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = rsip_aes128_cbc_test(0, p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -217,8 +217,8 @@ static void tskAes128_Cbc_Test(void *pvParam)
 static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
 {
     Aes enc[1];
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     Aes dec[1];
     const word32 keySz = (word32)(256/8);
     int  ret = 0;
@@ -236,7 +236,7 @@ static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
 
     if (prnt)
         printf(" rsip_aes256_test() ");
-    
+
     if (wc_AesInit(enc, NULL, devId1) != 0) {
         ret = -1;
         goto out;
@@ -261,7 +261,7 @@ static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
         goto out;
     }
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 
     if (ret != 0) {
@@ -269,7 +269,7 @@ static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
         goto out;
     }
 
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 
     if (ret != 0){
@@ -288,7 +288,7 @@ out:
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -296,7 +296,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = rsip_aes256_cbc_test(0, p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -368,8 +368,8 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     };
 
     byte resultT[sizeof(t1)];
-    byte resultP[sizeof(p) + AES_BLOCK_SIZE];
-    byte resultC[sizeof(p) + AES_BLOCK_SIZE];
+    byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
     int  result = 0;
     int  ret;
 
@@ -378,7 +378,7 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     if (prnt) {
         printf(" rsip_aes256_gcm_test() ");
     }
-    
+
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
@@ -402,7 +402,7 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
 
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
     result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p),
-                                (byte*)iv1, sizeof(iv1), 
+                                (byte*)iv1, sizeof(iv1),
                                 resultT, sizeof(resultT),
                                  a, sizeof(a));
 
@@ -417,7 +417,7 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
         ret = -7;
         goto out;
     }
-    
+
     result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
                 iv1, sizeof(iv1), resultT, sizeof(resultT),
                  a, sizeof(a));
@@ -447,7 +447,7 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     }
 
     result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
-              iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, 
+              iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
               a, sizeof(a));
 
     if (result != 0) {
@@ -464,11 +464,11 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -476,7 +476,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = rsip_aesgcm256_test(0, p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -554,8 +554,8 @@ static int rsip_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
     };
 
     byte resultT[sizeof(t1)];
-    byte resultP[sizeof(p) + AES_BLOCK_SIZE];
-    byte resultC[sizeof(p) + AES_BLOCK_SIZE];
+    byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
     int  result = 0;
     int ret;
 
@@ -592,7 +592,7 @@ static int rsip_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
         ret = -4;
         goto out;
     }
-    
+
 
     result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
                       iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
@@ -610,11 +610,11 @@ static int rsip_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
   out:
     wc_AesFree(enc);
     wc_AesFree(dec);
-    
+
     if (prnt) {
         RESULT_STR(ret)
     }
-    
+
     return ret;
 }
 
@@ -622,7 +622,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 {
     int ret = 0;
     Info *p = (Info*)pvParam;
-    
+
     while (exit_loop == 0) {
         ret = rsip_aesgcm128_test(0, p->aes_key);
         vTaskDelay(10/portTICK_PERIOD_MS);
@@ -649,7 +649,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 static int rsip_rsa_test(int prnt, int keySize)
 {
     int ret = 0;
-    
+
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
     const char inStr [] = TEST_STRING;
@@ -661,7 +661,7 @@ static int rsip_rsa_test(int prnt, int keySize)
     byte *in2 = NULL;
     byte *out= NULL;
     byte *out2 = NULL;
-    
+
     in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -672,19 +672,19 @@ static int rsip_rsa_test(int prnt, int keySize)
         ret = -1;
         goto out;
     }
-    
+
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(key, 0, sizeof *key);
     XMEMCPY(in, inStr, inLen);
     XMEMCPY(in2, inStr2, inLen);
     XMEMSET(out,  0, outSz);
     XMEMSET(out2, 0, outSz);
-    
+
     ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
     if (ret != 0) {
         goto out;
     }
-    
+
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
 
@@ -695,7 +695,7 @@ static int rsip_rsa_test(int prnt, int keySize)
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
-    
+
     ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
     if (ret < 0) {
         goto out;
@@ -722,7 +722,7 @@ out:
     XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(out2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    
+
     (void) prnt;
     return ret;
 }
@@ -730,7 +730,7 @@ out:
 static int rsip_rsa_SignVerify_test(int prnt, int keySize)
 {
     int ret = 0;
-    
+
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
     word32 sigSz;
@@ -754,7 +754,7 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
         ret = -1;
         goto out;
     }
-    
+
     XMEMSET(&rng, 0, sizeof(rng));
     XMEMSET(key, 0, sizeof *key);
     XMEMCPY(in, inStr, inLen);
@@ -764,10 +764,10 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
     if (ret != 0) {
         goto out;
     }
-    
+
     if ((ret = wc_InitRng(&rng)) != 0)
         goto out;
-    
+
     if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
         goto out;
 
@@ -775,7 +775,7 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
     if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
         goto out;
     }
-    
+
     gCbInfo.keyflgs_crypt.bits.message_type = 0;
     ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
     if (ret < 0) {
@@ -803,7 +803,7 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
     XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(in2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    
+
     return ret;
 }
 #endif
@@ -855,7 +855,7 @@ int rsip_crypt_sha256_multitest()
     int num = 0;
     int i;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA256
     num+=2;
 #endif
@@ -865,7 +865,7 @@ int rsip_crypt_sha256_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA256
     xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                         STACK_SIZE, NULL, 2, NULL);
@@ -887,15 +887,15 @@ int rsip_crypt_sha256_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
+
     if ((xRet == pdPASS) &&
        (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0))
         ret = 0;
     else
         ret = -1;
-    
+
     RESULT_STR(ret)
 
     return ret;
@@ -912,7 +912,7 @@ int rsip_crypt_AesCbc_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -925,7 +925,7 @@ int rsip_crypt_AesCbc_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-    
+
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                             sizeof(FSPSM_AES_PWKEY));
@@ -954,7 +954,7 @@ int rsip_crypt_AesCbc_multitest()
         xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2",
                                     STACK_SIZE, &info_aes256_2, 3, NULL);
 #endif
-    
+
     if (xRet == pdPASS) {
     printf(" Waiting for completing tasks ...   ");
         vTaskDelay(10000/portTICK_PERIOD_MS);
@@ -968,7 +968,7 @@ int rsip_crypt_AesCbc_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -993,7 +993,7 @@ int rsip_crypt_AesGcm_multitest()
     Info info_aes256_1;
     Info info_aes256_2;
     BaseType_t xRet;
-    
+
 #if defined(WOLFSSL_AES_128)
     num+=2;
 #endif
@@ -1007,7 +1007,7 @@ int rsip_crypt_AesGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-    
+
 #if defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                     sizeof(FSPSM_AES_PWKEY));
@@ -1052,7 +1052,7 @@ int rsip_crypt_AesGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
 
     if ((xRet == pdPASS) &&
@@ -1076,7 +1076,7 @@ int rsip_crypt_Sha_AesCbcGcm_multitest()
     Info info_aes256cbc;
     Info info_aes256gcm;
     BaseType_t xRet;
-    
+
 #ifndef NO_SHA256
     num+=2;
 #endif
@@ -1098,45 +1098,45 @@ int rsip_crypt_Sha_AesCbcGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-    
+
 #ifndef NO_SHA256
-    xRet = xTaskCreate(tskSha256_Test1, "sha256_test1", 
+    xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                             STACK_SIZE, NULL, 3, NULL);
 
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskSha256_Test2, "sha256_test2", 
+        xRet = xTaskCreate(tskSha256_Test2, "sha256_test2",
                                             STACK_SIZE, NULL, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_128)
-    XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1, 
+    XMEMCPY(&info_aes128cbc.aes_key, &g_user_aes128_key_index1,
                                                 sizeof(FSPSM_AES_PWKEY));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1", 
+        xRet = xTaskCreate(tskAes128_Cbc_Test, "aes128_cbc_test1",
                                     STACK_SIZE, &info_aes128cbc, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_128)
-    XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2, 
+    XMEMCPY(&info_aes128gcm.aes_key, &g_user_aes128_key_index2,
                                                 sizeof(FSPSM_AES_PWKEY));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2", 
+        xRet = xTaskCreate(tskAes128_Gcm_Test, "aes128_gcm_test2",
                                     STACK_SIZE, &info_aes128gcm, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_256)
-    XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1, 
+    XMEMCPY(&info_aes256cbc.aes_key, &g_user_aes256_key_index1,
                                                 sizeof(FSPSM_AES_PWKEY));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1", 
+        xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test1",
                                     STACK_SIZE, &info_aes256cbc, 3, NULL);
 #endif
 
 #if defined(WOLFSSL_AES_256)
-    XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2, 
+    XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2,
                                                 sizeof(FSPSM_AES_PWKEY));
     if (xRet == pdPASS)
-        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2", 
+        xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2",
                                     STACK_SIZE, &info_aes256gcm, 3, NULL);
 #endif
 
@@ -1153,19 +1153,19 @@ int rsip_crypt_Sha_AesCbcGcm_multitest()
             }
         }
     }
-    
+
     vSemaphoreDelete(exit_semaph);
-    
-    if ((xRet == pdPASS) && 
+
+    if ((xRet == pdPASS) &&
         (Aes128_Gcm_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0) &&
         (sha256_multTst_rslt1 == 0 && sha256_multTst_rslt2 == 0)) {
-        
+
         ret = 0;
     }
     else {
         ret = -1;
     }
-    
+
     RESULT_STR(ret)
 
     return ret;
@@ -1177,13 +1177,13 @@ int rsip_crypt_test()
     fsp_err_t rsip_error_code = FSP_SUCCESS;
 
     /* Generate AES sce Key */
-    
+
     if (rsip_error_code == FSP_SUCCESS) {
        #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
         /* set up Crypt Call back */
         Clr_CallbackCtx(&gCbInfo);
         Clr_CallbackCtx(&gCbInfo_a);
-        
+
         /* sets wrapped aes key */
         gCbInfo.wrapped_key_aes128 = g_user_aes128_key_index1;
         gCbInfo.wrapped_key_aes256 = g_user_aes256_key_index1;
@@ -1192,14 +1192,14 @@ int rsip_crypt_test()
         gCbInfo.wrapped_key_rsapub1024 = g_user_rsa1024_public_key;
         gCbInfo.wrapped_key_rsapri2048 = g_user_rsa2048_private_key;
         gCbInfo.wrapped_key_rsapub2048 = g_user_rsa2048_public_key;
-        
+
         RSIP_KeyGeneration(&gCbInfo);
-        
+
         /* Key generation for multi testing */
         gCbInfo_a.wrapped_key_aes128 = g_user_aes128_key_index2;
         gCbInfo_a.wrapped_key_aes256 = g_user_aes256_key_index2;
         RSIP_KeyGeneration(&gCbInfo_a);
-        
+
         /* set callback ctx */
         ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &gCbInfo);
 
@@ -1276,27 +1276,27 @@ int rsip_crypt_test()
         if (ret == 0) {
             ret = rsip_aesgcm256_test(1, g_user_aes256_key_index1);
         }
-        
+
         if (ret == 0) {
             printf(" multi sha thread test\n");
             ret = rsip_crypt_sha256_multitest();
         }
-        
+
         if (ret == 0) {
             printf(" multi Aes cbc thread test\n");
             ret = rsip_crypt_AesCbc_multitest();
         }
-        
+
         if (ret == 0) {
             printf(" multi Aes Gcm thread test\n");
             ret = rsip_crypt_AesGcm_multitest();
         }
-        
+
         if (ret == 0) {
             printf("rsip_crypt_Sha_AesCbcGcm_multitest\n");
             ret = rsip_crypt_Sha_AesCbcGcm_multitest();
         }
-        
+
     #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
         Clr_CallbackCtx(&gCbInfo);
         Clr_CallbackCtx(&gCbInfo_a);
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c b/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
index 94cdc9bbc..b22edfe11 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
@@ -1,6 +1,6 @@
 /* wolfssl_dummy.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/STARCORE/starcore_test.c b/IDE/STARCORE/starcore_test.c
index 966b4b69f..e10c6df86 100644
--- a/IDE/STARCORE/starcore_test.c
+++ b/IDE/STARCORE/starcore_test.c
@@ -1,6 +1,6 @@
 /* starcore_test.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,7 +20,7 @@
  */
 
 
-#include <prototype.h> 
+#include <prototype.h>
 
 #include <wolfssl/wolfcrypt/settings.h>
 #ifndef WOLFSSL_USER_SETTINGS
@@ -135,12 +135,12 @@ int process_a_file(char* fName)
     }
     return ret;
 }
-#endif 
+#endif
 
 void check_ret(int ret)
 {
     if(ret != 0) {
-        exit(-1); 
+        exit(-1);
     }
 }
 
diff --git a/IDE/STARCORE/user_settings.h b/IDE/STARCORE/user_settings.h
index df74dbee7..29a238966 100644
--- a/IDE/STARCORE/user_settings.h
+++ b/IDE/STARCORE/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
 *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -561,7 +561,7 @@ extern "C" {
 
 #undef NO_FILESYSTEM
 /* #define NO_FILESYSTEM */
-    
+
 #undef NO_WRITE_TEMP_FILES
 #define NO_WRITE_TEMP_FILES
 
@@ -570,7 +570,7 @@ extern "C" {
 
 #undef NO_WRITEV
 #define NO_WRITEV
-    
+
 #undef WOLFSSL_NO_SOCK
 #define WOLFSSL_NO_SOCK
 
@@ -594,10 +594,10 @@ extern "C" {
 
 #undef NO_MD4
 #define NO_MD4
-    
+
 #undef WOLFSSL_NO_SHAKE128
 #define WOLFSSL_NO_SHAKE128
-    
+
 #undef WOLFSSL_NO_SHAKE256
 #define WOLFSSL_NO_SHAKE256
 
diff --git a/IDE/STM32Cube/README.md b/IDE/STM32Cube/README.md
index 7268d81f8..c529613d5 100644
--- a/IDE/STM32Cube/README.md
+++ b/IDE/STM32Cube/README.md
@@ -15,28 +15,35 @@ You need both the STM32 IDE and the STM32 initialization code generator (STM32Cu
 * STM32CubeIDE: Integrated Development Environment for STM32 [https://www.st.com/en/development-tools/stm32cubeide.html](https://www.st.com/en/development-tools/stm32cubeide.html)
 * STM32CubeMX: STM32Cube initialization code generator [https://www.st.com/en/development-tools/stm32cubemx.html](https://www.st.com/en/development-tools/stm32cubemx.html)
 
-## STM32 Cube Pack
+## STM32 Cube Pack Install
 
-### STM32 Cube Pack Installation
+The STM32 Cube packs are integrated into the STM32CubeIDE and STM32CubeMX tools. You will find packs for wolfSSL, wolfSSH, wolfTPM and wolfMQTT.
+
+If you need to manually install a Cube Pack you can do the following:
 
 1. Download [wolfSSL Cube Pack](https://www.wolfssl.com/files/ide/I-CUBE-wolfSSL.pack)
-2. Run the “STM32CubeMX” tool.
-3. Under “Manage software installations” pane on the right, click “INSTALL/REMOVE” button. This can be also found by clicking "Help" -> "Managed embedded software packages"
-4. From Local and choose “I-CUBE-wolfSSL.pack”.
+2. Run the "STM32CubeMX" tool.
+3. Under "Manage software installations" pane on the right, click "INSTALL/REMOVE" button. This can be also found by clicking "Help" -> "Managed embedded software packages"
+4. From Local and choose "I-CUBE-wolfSSL.pack".
 5. Accept the GPLv2 license. Contact wolfSSL at sales@wolfssl.com for a commercial license and support/maintenance.
 
 ### STM32 Cube Pack Usage
 
 1. Create or open a Cube Project based on your hardware. See the sections below for creating a project and finding the example projects.
-2. Under “Software Packs” choose “Select Components”.
+2. Under "Software Packs" choose "Select Components".
 3. Find and check all components for the wolfSSL.wolfSSL packs (wolfSSL / Core, wolfCrypt / Core and wolfCrypt / Test). Close
-4. Under the “Software Packs” section click on “wolfSSL.wolfSSL” and configure the parameters.
-5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math” for the fastest option. If seeing `error: r7 cannot be used in 'asm` add `-fomit-frame-pointer` to the CFLAGS. This only happens in debug builds, because r7 is used for debug.
+4. Under the "Software Packs" section click on "wolfSSL.wolfSSL" and configure the parameters.
+5. For Cortex-M recommend "Math Configuration" -> "Single Precision Cortex-M Math" for the fastest option.
+  - If seeing `error: r7 cannot be used in 'asm` add `-fomit-frame-pointer` to the CFLAGS. This only happens in debug builds, because `r7` is used for debug.
 6. Hit the "Generate Code" button
 7. Open the project in STM32CubeIDE
 8. The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
 9. To enable printf make the `main.c` changes below in the [STM32 Printf](#stm32-printf) section.
 
+**Notes:**
+* The STM32MP13 will likely require you to use DDR RAM, as well as enabling MMU and caches for optimum performance. Please see the `STM32MP13.md` file in `wolfcrypt/src/port/st` for more information on how to do this.
+* The STM32H7S only has 64KB of onboard flash. Customers typically use an external SPI NOR flash with XIP. The `Template_XIP_Boot` project is flashed to onboard and it starts up the SPI Flash with XIP and loads the application. To use this you need to make sure the option byte `XSPI2_HSLB` is set to enable XSPIM_P2 high speed support, otherwise the MX_EXTMEM_MANAGER_Init() will timeout and fail.
+
 ### Creating your own STM32CubeMX configuration
 
 If none of the examples fit your STM32 type then you can create your own in STM32CubeMX by doing the following:
@@ -86,14 +93,17 @@ The section for "Hardware platform" may need to be adjusted depending on your pr
 * To enable STM32L4 support define `WOLFSSL_STM32L4`.
 * To enable STM32L5 support define `WOLFSSL_STM32L5`.
 * To enable STM32H7 support define `WOLFSSL_STM32H7`.
+* To enable STM32H7S support define `WOLFSSL_STM32H7S`.
 * To enable STM32WB support define `WOLFSSL_STM32WB`.
+* To enable STM32WBA support define `WOLFSSL_STM32WBA`.
 * To enable STM32WL support define `WOLFSSL_STM32WL`.
 * To enable STM32U5 support define `WOLFSSL_STM32U5`.
 * To enable STM32H5 support define `WOLFSSL_STM32H5`.
+* To enable STM32MP13 support define `WOLFSSL_STM32MP13`.
 
 To use the STM32 Cube HAL support make sure `WOLFSSL_STM32_CUBEMX` is defined.
 
-The PKA acceleration for ECC is available on some U5, L5 and WB55 chips.
+The PKA acceleration for ECC is available on some U5, L5, WB55 and MP13 chips.
 This is enabled with `WOLFSSL_STM32_PKA`. You can see some of the benchmarks [here](STM32_Benchmarks.md).
 
 To disable hardware crypto acceleration you can define:
@@ -106,6 +116,10 @@ To enable the latest Cube HAL support please define `STM32_HAL_V2`.
 
 If you'd like to use the older Standard Peripheral library undefine `WOLFSSL_STM32_CUBEMX`.
 
+## Workarounds
+
+### STM32F7 AES GCM with pack v1.17.0 or older
+
 With STM32 Cube HAL v2 some AES GCM hardware has a limitation for the AAD header, which must be a multiple of 4 bytes. If your HAL does not support `CRYP_HEADERWIDTHUNIT_BYTE` then consider adding `STM32_AESGCM_PARTIAL` if you are getting AES GCM authentication failures. This bug existed in v1.16.0 or later.
 
 The STM32F7 v1.17.0 pack has a bug in the AES GCM code for handling of additional authentication data when not a multiple of 4 bytes. To patch see `stm32f7xx_hal_cryp.c` -> `CRYP_GCMCCM_SetHeaderPhase`:
diff --git a/IDE/STM32Cube/STM32_Benchmarks.md b/IDE/STM32Cube/STM32_Benchmarks.md
index 674ddabab..5d49e3cba 100644
--- a/IDE/STM32Cube/STM32_Benchmarks.md
+++ b/IDE/STM32Cube/STM32_Benchmarks.md
@@ -1,16 +1,17 @@
 # STM Benchmarks
 
-* [STM32H753ZI](#stm32h753zi)
-* [STM32WB55](#stm32wb55)
-* [STM32WL55](#stm32wl55)
 * [STM32F437](#stm32f437)
+* [STM32F777](#stm32f777)
+* [STM32G071RB](#stm32g071rb)
+* [STM32H563ZI](#stm32h563zi)
+* [STM32H753ZI](#stm32h753zi)
+* [STM32H7S3](#stm32h7s3)
 * [STM32L4A6Z](#stm32l4a6z)
 * [STM32L562E](#stm32l562e)
-* [STM32F777](#stm32f777)
 * [STM32U585](#stm32u585)
-* [STM32H563ZI](#stm32h563zi)
-* [STM32G071RB](#stm32g071rb)
-
+* [STM32WB55](#stm32wb55)
+* [STM32WBA52](#stm32wba52)
+* [STM32WL55](#stm32wl55)
 
 ## STM32H753ZI
 
@@ -172,6 +173,179 @@ Benchmark Test: Return code 0
 ```
 
 
+## STM32H7S3
+
+Supports RNG, PKA ECC P-256, AES-GCM/CCM/CTR/CBC and SHA-1/2 acceleration.
+
+Board: NUCLEO-H7S3L8
+CPU: Cortex-M7 at 600 MHz
+IDE: STM32CubeIDE
+RTOS: Bare-metal
+
+Notes:
+* The STM32H7S only has 64KB of onboard flash. Customers typically use an external SPI NOR flash with XIP. The `Template_XIP_Boot` project is flashed to onboard and it starts up the SPI Flash with XIP and loads the application. To use this you need to make sure the option byte `XSPI2_HSLB` is set to enable XSPIM_P2 high speed support, otherwise the MX_EXTMEM_MANAGER_Init() will timeout and fail.
+* These tests were run without the SP Cortex-M assembly speedups due to issues with release optimizations possibly related to execute in place or caching.
+
+### STM32H7S3 (-Os, HW Crypto (AES/HASH/PKA), WOLF_CONF_MATH=3 (sp_c32.c))
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.6
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                          2 MiB took 1.000 seconds,    1.880 MiB/s
+AES-128-CBC-enc             16 MiB took 1.000 seconds,   15.747 MiB/s
+AES-128-CBC-dec             15 MiB took 1.000 seconds,   15.454 MiB/s
+AES-192-CBC-enc             16 MiB took 1.000 seconds,   15.723 MiB/s
+AES-192-CBC-dec             16 MiB took 1.000 seconds,   15.527 MiB/s
+AES-256-CBC-enc             16 MiB took 1.000 seconds,   15.723 MiB/s
+AES-256-CBC-dec             15 MiB took 1.000 seconds,   15.356 MiB/s
+AES-128-GCM-enc             10 MiB took 1.000 seconds,   10.132 MiB/s
+AES-128-GCM-dec             10 MiB took 1.000 seconds,   10.083 MiB/s
+AES-192-GCM-enc             10 MiB took 1.000 seconds,   10.156 MiB/s
+AES-192-GCM-dec             10 MiB took 1.000 seconds,   10.083 MiB/s
+AES-256-GCM-enc             10 MiB took 1.000 seconds,   10.156 MiB/s
+AES-256-GCM-dec             10 MiB took 1.000 seconds,   10.107 MiB/s
+AES-128-GCM-enc-no_AAD      10 MiB took 1.000 seconds,   10.229 MiB/s
+AES-128-GCM-dec-no_AAD      10 MiB took 1.000 seconds,   10.132 MiB/s
+AES-192-GCM-enc-no_AAD      10 MiB took 1.000 seconds,   10.181 MiB/s
+AES-192-GCM-dec-no_AAD      10 MiB took 1.000 seconds,   10.107 MiB/s
+AES-256-GCM-enc-no_AAD      10 MiB took 1.000 seconds,   10.181 MiB/s
+AES-256-GCM-dec-no_AAD      10 MiB took 1.000 seconds,   10.132 MiB/s
+GMAC Table 4-bit            46 MiB took 1.000 seconds,   45.835 MiB/s
+CHACHA                      32 MiB took 1.000 seconds,   31.519 MiB/s
+CHA-POLY                    15 MiB took 1.000 seconds,   15.259 MiB/s
+POLY1305                    57 MiB took 1.000 seconds,   56.934 MiB/s
+SHA-256                     90 MiB took 1.000 seconds,   90.381 MiB/s
+SHA-384                     98 MiB took 1.000 seconds,   97.925 MiB/s
+SHA-512                     98 MiB took 1.000 seconds,   97.925 MiB/s
+SHA-512/224                 98 MiB took 1.000 seconds,   98.120 MiB/s
+SHA-512/256                 98 MiB took 1.000 seconds,   98.096 MiB/s
+HMAC-SHA256                 71 MiB took 1.000 seconds,   71.265 MiB/s
+HMAC-SHA384                 89 MiB took 1.000 seconds,   88.599 MiB/s
+HMAC-SHA512                 89 MiB took 1.000 seconds,   88.843 MiB/s
+RSA     2048   public       352 ops took 1.000 sec, avg 2.841 ms, 352.000 ops/sec
+RSA     2048  private         6 ops took 1.008 sec, avg 168.000 ms, 5.952 ops/sec
+DH      2048  key gen        15 ops took 1.027 sec, avg 68.467 ms, 14.606 ops/sec
+DH      2048    agree        16 ops took 1.094 sec, avg 68.375 ms, 14.625 ops/sec
+ECC   [      SECP256R1]   256  key gen        60 ops took 1.016 sec, avg 16.933 ms, 59.055 ops/sec
+ECDHE [      SECP256R1]   256    agree        60 ops took 1.011 sec, avg 16.850 ms, 59.347 ops/sec
+ECDSA [      SECP256R1]   256     sign       106 ops took 1.008 sec, avg 9.509 ms, 105.159 ops/sec
+ECDSA [      SECP256R1]   256   verify       102 ops took 1.004 sec, avg 9.843 ms, 101.594 ops/sec
+CURVE  25519  key gen        14 ops took 1.011 sec, avg 72.214 ms, 13.848 ops/sec
+CURVE  25519    agree        18 ops took 1.079 sec, avg 59.944 ms, 16.682 ops/sec
+ED     25519  key gen        11 ops took 1.063 sec, avg 96.636 ms, 10.348 ops/sec
+ED     25519     sign        12 ops took 1.173 sec, avg 97.750 ms, 10.230 ops/sec
+ED     25519   verify         6 ops took 1.015 sec, avg 169.167 ms, 5.911 ops/sec
+```
+
+### STM32H7S3 (-O2, No HW Crypto, WOLF_CONF_ARMASM=1, WOLF_CONF_MATH=4 (sp_cortexm.c))
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.6
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                          4 MiB took 1.004 seconds,    4.231 MiB/s
+AES-128-CBC-enc            425 KiB took 1.027 seconds,  413.827 KiB/s
+AES-128-CBC-dec            425 KiB took 1.020 seconds,  416.667 KiB/s
+AES-192-CBC-enc            350 KiB took 1.011 seconds,  346.192 KiB/s
+AES-192-CBC-dec            350 KiB took 1.012 seconds,  345.850 KiB/s
+AES-256-CBC-enc            300 KiB took 1.012 seconds,  296.443 KiB/s
+AES-256-CBC-dec            300 KiB took 1.012 seconds,  296.443 KiB/s
+AES-128-GCM-enc            350 KiB took 1.000 seconds,  350.000 KiB/s
+AES-128-GCM-dec            375 KiB took 1.067 seconds,  351.453 KiB/s
+AES-192-GCM-enc            300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-192-GCM-dec            300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-256-GCM-enc            275 KiB took 1.051 seconds,  261.656 KiB/s
+AES-256-GCM-dec            275 KiB took 1.047 seconds,  262.655 KiB/s
+AES-128-GCM-enc-no_AAD     350 KiB took 1.000 seconds,  350.000 KiB/s
+AES-128-GCM-dec-no_AAD     350 KiB took 1.000 seconds,  350.000 KiB/s
+AES-192-GCM-enc-no_AAD     300 KiB took 1.003 seconds,  299.103 KiB/s
+AES-192-GCM-dec-no_AAD     300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-256-GCM-enc-no_AAD     275 KiB took 1.051 seconds,  261.656 KiB/s
+AES-256-GCM-dec-no_AAD     275 KiB took 1.047 seconds,  262.655 KiB/s
+GMAC Table 4-bit             9 MiB took 1.000 seconds,    8.525 MiB/s
+CHACHA                      52 MiB took 1.000 seconds,   51.636 MiB/s
+CHA-POLY                    28 MiB took 1.000 seconds,   28.052 MiB/s
+POLY1305                   164 MiB took 1.000 seconds,  164.258 MiB/s
+SHA-256                     16 MiB took 1.000 seconds,   16.064 MiB/s
+SHA-384                      8 MiB took 1.000 seconds,    8.398 MiB/s
+SHA-512                      8 MiB took 1.000 seconds,    8.398 MiB/s
+SHA-512/224                  8 MiB took 1.000 seconds,    8.398 MiB/s
+SHA-512/256                  8 MiB took 1.000 seconds,    8.374 MiB/s
+HMAC-SHA256                 16 MiB took 1.000 seconds,   15.894 MiB/s
+HMAC-SHA384                  8 MiB took 1.000 seconds,    8.252 MiB/s
+HMAC-SHA512                  8 MiB took 1.000 seconds,    8.276 MiB/s
+RSA     2048   public       598 ops took 1.000 sec, avg 1.672 ms, 598.000 ops/sec
+RSA     2048  private        18 ops took 1.074 sec, avg 59.667 ms, 16.760 ops/sec
+DH      2048  key gen        37 ops took 1.024 sec, avg 27.676 ms, 36.133 ops/sec
+DH      2048    agree        38 ops took 1.051 sec, avg 27.658 ms, 36.156 ops/sec
+ECC   [      SECP256R1]   256  key gen       906 ops took 1.000 sec, avg 1.104 ms, 906.000 ops/sec
+ECDHE [      SECP256R1]   256    agree       562 ops took 1.000 sec, avg 1.779 ms, 562.000 ops/sec
+ECDSA [      SECP256R1]   256     sign       304 ops took 1.004 sec, avg 3.303 ms, 302.789 ops/sec
+ECDSA [      SECP256R1]   256   verify       232 ops took 1.004 sec, avg 4.328 ms, 231.076 ops/sec
+CURVE  25519  key gen        16 ops took 1.008 sec, avg 63.000 ms, 15.873 ops/sec
+CURVE  25519    agree        20 ops took 1.023 sec, avg 51.150 ms, 19.550 ops/sec
+ED     25519  key gen        12 ops took 1.016 sec, avg 84.667 ms, 11.811 ops/sec
+ED     25519     sign        12 ops took 1.028 sec, avg 85.667 ms, 11.673 ops/sec
+ED     25519   verify         8 ops took 1.176 sec, avg 147.000 ms, 6.803 ops/sec
+```
+
+### STM32H7S3 (-O2, No HW Crypto, WOLF_CONF_ARMASM=0, WOLF_CONF_MATH=6 (sp_int.c))
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.6
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                          2 MiB took 1.004 seconds,    2.189 MiB/s
+AES-128-CBC-enc            425 KiB took 1.044 seconds,  407.088 KiB/s
+AES-128-CBC-dec            350 KiB took 1.032 seconds,  339.147 KiB/s
+AES-192-CBC-enc            350 KiB took 1.031 seconds,  339.476 KiB/s
+AES-192-CBC-dec            300 KiB took 1.059 seconds,  283.286 KiB/s
+AES-256-CBC-enc            300 KiB took 1.027 seconds,  292.113 KiB/s
+AES-256-CBC-dec            250 KiB took 1.027 seconds,  243.427 KiB/s
+AES-128-GCM-enc            350 KiB took 1.055 seconds,  331.754 KiB/s
+AES-128-GCM-dec            350 KiB took 1.055 seconds,  331.754 KiB/s
+AES-192-GCM-enc            300 KiB took 1.059 seconds,  283.286 KiB/s
+AES-192-GCM-dec            300 KiB took 1.059 seconds,  283.286 KiB/s
+AES-256-GCM-enc            250 KiB took 1.008 seconds,  248.016 KiB/s
+AES-256-GCM-dec            250 KiB took 1.008 seconds,  248.016 KiB/s
+AES-128-GCM-enc-no_AAD     350 KiB took 1.051 seconds,  333.016 KiB/s
+AES-128-GCM-dec-no_AAD     350 KiB took 1.071 seconds,  326.797 KiB/s
+AES-192-GCM-enc-no_AAD     300 KiB took 1.055 seconds,  284.360 KiB/s
+AES-192-GCM-dec-no_AAD     300 KiB took 1.055 seconds,  284.360 KiB/s
+AES-256-GCM-enc-no_AAD     250 KiB took 1.004 seconds,  249.004 KiB/s
+AES-256-GCM-dec-no_AAD     250 KiB took 1.004 seconds,  249.004 KiB/s
+GMAC Table 4-bit             2 MiB took 1.000 seconds,    1.690 MiB/s
+CHACHA                      36 MiB took 1.000 seconds,   35.522 MiB/s
+CHA-POLY                    14 MiB took 1.000 seconds,   14.185 MiB/s
+POLY1305                    78 MiB took 1.000 seconds,   77.686 MiB/s
+SHA-256                      6 MiB took 1.000 seconds,    5.591 MiB/s
+SHA-384                      6 MiB took 1.000 seconds,    6.470 MiB/s
+SHA-512                      6 MiB took 1.000 seconds,    6.348 MiB/s
+SHA-512/224                  6 MiB took 1.000 seconds,    6.348 MiB/s
+SHA-512/256                  6 MiB took 1.000 seconds,    6.348 MiB/s
+HMAC-SHA256                  6 MiB took 1.000 seconds,    5.542 MiB/s
+HMAC-SHA384                  6 MiB took 1.000 seconds,    6.250 MiB/s
+HMAC-SHA512                  6 MiB took 1.000 seconds,    6.299 MiB/s
+RSA     2048   public       382 ops took 1.000 sec, avg 2.618 ms, 382.000 ops/sec
+RSA     2048  private         8 ops took 1.196 sec, avg 149.500 ms, 6.689 ops/sec
+DH      2048  key gen        17 ops took 1.039 sec, avg 61.118 ms, 16.362 ops/sec
+DH      2048    agree        18 ops took 1.098 sec, avg 61.000 ms, 16.393 ops/sec
+ECC   [      SECP256R1]   256  key gen        64 ops took 1.020 sec, avg 15.937 ms, 62.745 ops/sec
+ECDHE [      SECP256R1]   256    agree        64 ops took 1.016 sec, avg 15.875 ms, 62.992 ops/sec
+ECDSA [      SECP256R1]   256     sign        52 ops took 1.035 sec, avg 19.904 ms, 50.242 ops/sec
+ECDSA [      SECP256R1]   256   verify        30 ops took 1.035 sec, avg 34.500 ms, 28.986 ops/sec
+CURVE  25519  key gen        16 ops took 1.008 sec, avg 63.000 ms, 15.873 ops/sec
+CURVE  25519    agree        20 ops took 1.020 sec, avg 51.000 ms, 19.608 ops/sec
+ED     25519  key gen        13 ops took 1.094 sec, avg 84.154 ms, 11.883 ops/sec
+ED     25519     sign        12 ops took 1.004 sec, avg 83.667 ms, 11.952 ops/sec
+ED     25519   verify         8 ops took 1.149 sec, avg 143.625 ms, 6.963 ops/sec
+```
+
+
 ## STM32WB55
 
 Supports RNG, ECC P-256, AES-CBC and SHA-256 acceleration.
@@ -290,6 +464,57 @@ Benchmark Test: Return code 0
 ```
 
 
+## STM32WBA52
+
+Supports RNG, ECC P-256, AES-CBC and SHA-256 acceleration.
+
+Board: NUCLEO-WBA52CG
+CPU: Cortex-M33 at 96MHz
+IDE: STM32CubeIDE
+RTOS: Bare-metal
+
+### STM32WBA52 (STM AES/Hash/PKA ECC Acceleration, -Os, SP-C32)
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.6
+------------------------------------------------------------------------------
+Running wolfCrypt Benchmarks...
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                        275 KiB took 1.020 seconds,  269.608 KiB/s
+AES-128-CBC-enc              4 MiB took 1.000 seconds,    4.395 MiB/s
+AES-128-CBC-dec              4 MiB took 1.000 seconds,    4.370 MiB/s
+AES-256-CBC-enc              4 MiB took 1.000 seconds,    4.102 MiB/s
+AES-256-CBC-dec              4 MiB took 1.000 seconds,    4.077 MiB/s
+AES-128-GCM-enc            575 KiB took 1.031 seconds,  557.711 KiB/s
+AES-128-GCM-dec            575 KiB took 1.032 seconds,  557.171 KiB/s
+AES-256-GCM-enc            550 KiB took 1.000 seconds,  550.000 KiB/s
+AES-256-GCM-dec            550 KiB took 1.000 seconds,  550.000 KiB/s
+AES-128-GCM-enc-no_AAD     575 KiB took 1.024 seconds,  561.523 KiB/s
+AES-128-GCM-dec-no_AAD     575 KiB took 1.023 seconds,  562.072 KiB/s
+AES-256-GCM-enc-no_AAD     575 KiB took 1.039 seconds,  553.417 KiB/s
+AES-256-GCM-dec-no_AAD     575 KiB took 1.039 seconds,  553.417 KiB/s
+GMAC Table 4-bit             1 MiB took 1.000 seconds,    1.266 MiB/s
+CHACHA                       3 MiB took 1.004 seconds,    2.942 MiB/s
+CHA-POLY                     2 MiB took 1.008 seconds,    1.865 MiB/s
+POLY1305                     7 MiB took 1.000 seconds,    7.251 MiB/s
+SHA-256                      7 MiB took 1.000 seconds,    7.495 MiB/s
+SHA-384                    600 KiB took 1.039 seconds,  577.478 KiB/s
+HMAC-SHA256                  7 MiB took 1.000 seconds,    7.275 MiB/s
+HMAC-SHA384                575 KiB took 1.012 seconds,  568.182 KiB/s
+RSA     2048   public        62 ops took 1.019 sec, avg 16.435 ms, 60.844 ops/sec
+RSA     2048  private         2 ops took 1.102 sec, avg 551.000 ms, 1.815 ops/sec
+DH      2048  key gen         4 ops took 1.086 sec, avg 271.500 ms, 3.683 ops/sec
+DH      2048    agree         4 ops took 1.086 sec, avg 271.500 ms, 3.683 ops/sec
+ECC   [      SECP256R1]   256  key gen       114 ops took 1.000 sec, avg 8.772 ms, 114.000 ops/sec
+ECDHE [      SECP256R1]   256    agree        54 ops took 1.024 sec, avg 18.963 ms, 52.734 ops/sec
+ECDSA [      SECP256R1]   256     sign        36 ops took 1.047 sec, avg 29.083 ms, 34.384 ops/sec
+ECDSA [      SECP256R1]   256   verify        34 ops took 1.019 sec, avg 29.971 ms, 33.366 ops/sec
+Benchmark complete
+Benchmark Test: Return code 0
+```
+
+
 ## STM32WL55
 
 Supports RNG, ECC P-256 and AES-CBC acceleration.
diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl
index d7a68aac4..98f84a626 100644
--- a/IDE/STM32Cube/default_conf.ftl
+++ b/IDE/STM32Cube/default_conf.ftl
@@ -76,6 +76,13 @@ extern ${variable.value} ${variable.name};
     #define WOLFSSL_STM32_PKA
     #undef  NO_STM32_CRYPTO
     #define HAL_CONSOLE_UART huart1
+#elif defined(STM32WBA52xx)
+    #define WOLFSSL_STM32WBA
+    #define WOLFSSL_STM32_PKA
+    #undef  NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    /* NUCLEO-WBA52CG USART1 (TX=PB12 / RX=PA8) */
+    #define HAL_CONSOLE_UART huart1
 #elif defined(STM32WL55xx)
     #define WOLFSSL_STM32WL
     #define WOLFSSL_STM32_PKA
@@ -102,12 +109,18 @@ extern ${variable.value} ${variable.name};
     #undef  NO_STM32_CRYPTO
     #define STM32_HAL_V2
     #define HAL_CONSOLE_UART huart3
+#elif defined(STM32H7S3xx)
+    #define WOLFSSL_STM32H7S
+    #undef  NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define WOLFSSL_STM32_PKA
+    #define HAL_CONSOLE_UART huart3
 #elif defined(STM32H753xx)
     #define WOLFSSL_STM32H7
     #undef  NO_STM32_HASH
     #undef  NO_STM32_CRYPTO
     #define HAL_CONSOLE_UART huart3
-#elif defined(STM32H723xx) || defined(STM32H725xx)
+#elif defined(STM32H723xx) || defined(STM32H725xx) || defined(STM32H743xx)
     #define WOLFSSL_STM32H7
     #define HAL_CONSOLE_UART huart3
 #elif defined(STM32L4A6xx)
@@ -148,6 +161,9 @@ extern ${variable.value} ${variable.name};
     #define HAL_CONSOLE_UART huart2
     #define NO_STM32_RNG
     #define WOLFSSL_GENSEED_FORTEST /* no HW RNG is available use test seed */
+#elif defined(STM32G491xx)
+    #define WOLFSSL_STM32G4
+    #define HAL_CONSOLE_UART hlpuart1
 #elif defined(STM32U575xx) || defined(STM32U585xx) || defined(STM32U5A9xx)
     #define HAL_CONSOLE_UART huart1
     #define WOLFSSL_STM32U5
@@ -162,14 +178,22 @@ extern ${variable.value} ${variable.name};
     #define HAL_CONSOLE_UART huart3
     #define STM32_HAL_V2
     #undef  NO_STM32_HASH
-
+#elif defined(STM32MP135Fxx)
+    #define WOLFSSL_STM32MP13
+    #define HAL_CONSOLE_UART huart4
+    #define STM32_HAL_V2
+    #undef NO_STM32_HASH
+    #undef NO_STM32_CRYPTO
+    #define WOLFSSL_STM32_PKA
+    #define WOLFSSL_STM32_PKA_V2
 #else
     #warning Please define a hardware platform!
     /* This means there is not a pre-defined platform for your board/CPU */
     /* You need to define a CPU type, HW crypto and debug UART */
     /* CPU Type: WOLFSSL_STM32F1, WOLFSSL_STM32F2, WOLFSSL_STM32F4,
         WOLFSSL_STM32F7, WOLFSSL_STM32H7, WOLFSSL_STM32L4, WOLFSSL_STM32L5,
-        WOLFSSL_STM32G0, WOLFSSL_STM32WB and WOLFSSL_STM32U5 */
+        WOLFSSL_STM32G0, WOLFSSL_STM32G4, WOLFSSL_STM32WB, WOLFSSL_STM32U5 and
+        WOLFSSL_STM32MP13 */
     #define WOLFSSL_STM32F4
 
     /* Debug UART used for printf */
@@ -195,13 +219,23 @@ extern ${variable.value} ${variable.name};
 #define WOLFSSL_GENERAL_ALIGNMENT 4
 #define WOLFSSL_STM32_CUBEMX
 #define WOLFSSL_SMALL_STACK
-#define WOLFSSL_USER_IO
-#define WOLFSSL_NO_SOCK
 #define WOLFSSL_IGNORE_FILE_WARN
 
+/* ------------------------------------------------------------------------- */
+/* Network stack: 1=User IO (custom), 2=LWIP (posix), 3=LWIP (native) */
+/* ------------------------------------------------------------------------- */
+#if defined(WOLF_CONF_IO) && WOLF_CONF_IO == 2
+    #define WOLFSSL_LWIP
+#elif defined(WOLF_CONF_IO) && WOLF_CONF_IO == 3
+    #define WOLFSSL_LWIP_NATIVE
+#else /* custom */
+    #define WOLFSSL_USER_IO
+    #define WOLFSSL_NO_SOCK
+#endif
+
 
 /* ------------------------------------------------------------------------- */
-/* Operating System */
+/* Operating System: 1=Bare-metal/Single threaded, 2=FREERTOS */
 /* ------------------------------------------------------------------------- */
 #if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2
     #define FREERTOS
@@ -305,6 +339,10 @@ extern ${variable.value} ${variable.name};
 #if defined(WOLF_CONF_DTLS) && WOLF_CONF_DTLS == 1
     #define WOLFSSL_DTLS
 #endif
+#if defined(WOLF_CONF_DTLS13) && WOLF_CONF_DTLS13 == 1
+    #define WOLFSSL_DTLS13
+    #define WOLFSSL_SEND_HRR_COOKIE
+#endif
 #if defined(WOLF_CONF_PSK) && WOLF_CONF_PSK == 0
     #define NO_PSK
 #endif
@@ -328,20 +366,24 @@ extern ${variable.value} ${variable.name};
 #endif
 
 /* TLS Session Cache */
-#if 0
+#if defined(WOLF_CONF_RESUMPTION) && WOLF_CONF_RESUMPTION == 1
     #define SMALL_SESSION_CACHE
+    #define HAVE_SESSION_TICKET
 #else
     #define NO_SESSION_CACHE
 #endif
 
-/* Post Quantum
- * Note: PQM4 is compatible with STM32. The project can be found at:
- * https://github.com/mupq/pqm4
- */
-#if defined(WOLF_CONF_PQM4) && WOLF_CONF_PQM4 == 1
-    #define HAVE_PQM4
+/* TPM support */
+#if defined(WOLF_CONF_TPM) && WOLF_CONF_TPM == 1
+    #define WOLF_CRYPTO_CB
+    #define WOLFSSL_PUBLIC_MP
+    /* also AES CFB - enabled below */
 #endif
 
+/* TLS key callbacks */
+#if defined(WOLF_CONF_PK) && WOLF_CONF_PK == 1
+    #define HAVE_PK_CALLBACKS
+#endif
 
 /* ------------------------------------------------------------------------- */
 /* Crypto */
@@ -430,21 +472,31 @@ extern ${variable.value} ${variable.name};
 #endif
 
 /* AES */
-#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1
+#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM >= 1
     #define HAVE_AESGCM
+    #define HAVE_AES_DECRYPT
+
     /* GCM Method: GCM_SMALL, GCM_WORD32, GCM_TABLE or GCM_TABLE_4BIT */
     /* GCM_TABLE is about 4K larger and 3x faster for GHASH */
-    #define GCM_SMALL
-    #define HAVE_AES_DECRYPT
+    #if WOLF_CONF_AESGCM == 2
+        #define GCM_TABLE_4BIT
+    #else
+        #define GCM_SMALL
+    #endif
 #endif
 
 #if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1
     #define HAVE_AES_CBC
     #define HAVE_AES_DECRYPT
+#else
+    #define NO_AES_CBC
 #endif
 
 /* Other possible AES modes */
-//#define WOLFSSL_AES_CFB /* Used by TPM parameter encryption */
+#if defined(WOLF_CONF_TPM) && WOLF_CONF_TPM == 1
+    #define WOLFSSL_AES_CFB /* Used by TPM parameter encryption */
+#endif
+
 //#define WOLFSSL_AES_COUNTER
 //#define HAVE_AESCCM
 //#define WOLFSSL_AES_XTS
@@ -512,7 +564,7 @@ extern ${variable.value} ${variable.name};
     //#define USE_SLOW_SHA512
 
     #define WOLFSSL_SHA512
-    #define HAVE_SHA512 /* freeRTOS settings.h requires this */
+    #define HAVE_SHA512 /* old freeRTOS settings.h requires this */
 #endif
 
 /* Sha2-384 */
@@ -534,6 +586,33 @@ extern ${variable.value} ${variable.name};
     #define NO_MD5
 #endif
 
+/* ------------------------------------------------------------------------- */
+/* Post-Quantum Crypto */
+/* ------------------------------------------------------------------------- */
+/* NOTE: this is after the hashing section to override the potential SHA3 undef
+ * above. */
+#if defined(WOLF_CONF_KYBER) && WOLF_CONF_KYBER == 1
+    #undef  WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+
+    #undef  WOLFSSL_HAVE_MLKEM
+    #define WOLFSSL_HAVE_MLKEM
+
+    #undef  WOLFSSL_WC_MLKEM
+    #define WOLFSSL_WC_MLKEM
+
+    #undef  WOLFSSL_NO_SHAKE128
+    #undef  WOLFSSL_SHAKE128
+    #define WOLFSSL_SHAKE128
+
+    #undef  WOLFSSL_NO_SHAKE256
+    #undef  WOLFSSL_SHAKE256
+    #define WOLFSSL_SHAKE256
+
+    #undef  WOLFSSL_SHA3
+    #define WOLFSSL_SHA3
+#endif /* WOLF_CONF_KYBER */
+
 /* ------------------------------------------------------------------------- */
 /* Crypto Acceleration */
 /* ------------------------------------------------------------------------- */
@@ -546,6 +625,7 @@ extern ${variable.value} ${variable.name};
     #define WOLFSSL_ARMASM_INLINE
     #define WOLFSSL_ARMASM_NO_HW_CRYPTO
     #define WOLFSSL_ARMASM_NO_NEON
+    #define WOLFSSL_ARMASM_THUMB2
     #define WOLFSSL_ARM_ARCH 7
     /* Disable H/W offloading if accelerating S/W crypto */
     #undef  NO_STM32_HASH
@@ -632,8 +712,14 @@ extern ${variable.value} ${variable.name};
 #define NO_RC4
 #define NO_MD4
 #define NO_DES3
+
+#ifndef WOLFSSL_SHAKE128
 #define WOLFSSL_NO_SHAKE128
+#endif
+
+#ifndef WOLFSSL_SHAKE256
 #define WOLFSSL_NO_SHAKE256
+#endif
 
 /* In-lining of misc.c functions */
 /* If defined, must include wolfcrypt/src/misc.c in build */
diff --git a/IDE/STM32Cube/main.c b/IDE/STM32Cube/main.c
index ddf81cbd3..160ad0c22 100644
--- a/IDE/STM32Cube/main.c
+++ b/IDE/STM32Cube/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -138,11 +138,11 @@ static void SystemClock_Config(void)
     RCC_ClkInitTypeDef RCC_ClkInitStruct = {0};
     RCC_PeriphCLKInitTypeDef PeriphClkInitStruct = {0};
 
-    /** Configure the main internal regulator output voltage 
+    /** Configure the main internal regulator output voltage
     */
     __HAL_RCC_PWR_CLK_ENABLE();
     __HAL_PWR_VOLTAGESCALING_CONFIG(PWR_REGULATOR_VOLTAGE_SCALE1);
-    /** Initializes the CPU, AHB and APB buses clocks 
+    /** Initializes the CPU, AHB and APB buses clocks
     */
     RCC_OscInitStruct.OscillatorType = RCC_OSCILLATORTYPE_HSI|RCC_OSCILLATORTYPE_LSI;
     RCC_OscInitStruct.HSIState = RCC_HSI_ON;
@@ -157,7 +157,7 @@ static void SystemClock_Config(void)
     if (HAL_RCC_OscConfig(&RCC_OscInitStruct) != HAL_OK) {
         Error_Handler();
     }
-    /** Initializes the CPU, AHB and APB buses clocks 
+    /** Initializes the CPU, AHB and APB buses clocks
     */
     RCC_ClkInitStruct.ClockType = RCC_CLOCKTYPE_HCLK|RCC_CLOCKTYPE_SYSCLK|RCC_CLOCKTYPE_PCLK1|RCC_CLOCKTYPE_PCLK2;
     RCC_ClkInitStruct.SYSCLKSource = RCC_SYSCLKSOURCE_PLLCLK;
@@ -325,7 +325,7 @@ void Error_Handler(void)
   * @retval None
   */
 void assert_failed(uint8_t *file, uint32_t line)
-{ 
+{
     /* User can add his own implementation to report the file name and line number,
       tex: printf("Wrong parameters value: file %s on line %d\r\n", file, line) */
 }
@@ -336,7 +336,7 @@ void assert_failed(uint8_t *file, uint32_t line)
 /* Working _sbrk example for .ld based libC malloc/free */
 /* Replace this with one in Core/Src/sysmem.c */
 /* Symbols defined in the linker script */
-extern uint8_t _end; 
+extern uint8_t _end;
 extern uint8_t _estack;
 extern uint32_t _Min_Stack_Size;
 void* _sbrk(ptrdiff_t incr)
diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c
index d356af5e7..9d6ec5b92 100644
--- a/IDE/STM32Cube/wolfssl_example.c
+++ b/IDE/STM32Cube/wolfssl_example.c
@@ -1,6 +1,6 @@
 /* wolfssl_example.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1750,10 +1750,16 @@ static int tls13_uart_client(void)
 
     wolfSSL_SetIOReadCtx(ssl, tbuf);
 
-#ifdef HAVE_PQC
+#ifdef WOLFSSL_HAVE_MLKEM
+#ifndef WOLFSSL_NO_ML_KEM
+    if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ML_KEM_512) != WOLFSSL_SUCCESS) {
+        printf("wolfSSL_UseKeyShare Error!!");
+    }
+#else
     if (wolfSSL_UseKeyShare(ssl, WOLFSSL_KYBER_LEVEL1) != WOLFSSL_SUCCESS) {
         printf("wolfSSL_UseKeyShare Error!!");
     }
+#endif
 #endif
 
     do {
diff --git a/IDE/STM32Cube/wolfssl_example.h b/IDE/STM32Cube/wolfssl_example.h
index 792c7d984..efd1a998d 100644
--- a/IDE/STM32Cube/wolfssl_example.h
+++ b/IDE/STM32Cube/wolfssl_example.h
@@ -1,6 +1,6 @@
 /* wolfssl_example.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/SimplicityStudio/test_wolf.c b/IDE/SimplicityStudio/test_wolf.c
index f05ee3047..dfa12c0c1 100644
--- a/IDE/SimplicityStudio/test_wolf.c
+++ b/IDE/SimplicityStudio/test_wolf.c
@@ -1,6 +1,6 @@
 /* test_wolf.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/SimplicityStudio/user_settings.h b/IDE/SimplicityStudio/user_settings.h
index 05ba8d517..3e6fb09c8 100644
--- a/IDE/SimplicityStudio/user_settings.h
+++ b/IDE/SimplicityStudio/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VS-AZURE-SPHERE/client/client.c b/IDE/VS-AZURE-SPHERE/client/client.c
index 920b8b7b6..354d8f0ea 100644
--- a/IDE/VS-AZURE-SPHERE/client/client.c
+++ b/IDE/VS-AZURE-SPHERE/client/client.c
@@ -1,6 +1,6 @@
-/* client.c
+/* client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VS-AZURE-SPHERE/client/client.h b/IDE/VS-AZURE-SPHERE/client/client.h
index 72a3f7b97..1b836dceb 100644
--- a/IDE/VS-AZURE-SPHERE/client/client.h
+++ b/IDE/VS-AZURE-SPHERE/client/client.h
@@ -1,6 +1,6 @@
 /* client.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VS-AZURE-SPHERE/server/server.c b/IDE/VS-AZURE-SPHERE/server/server.c
index 39938a9c9..e9c3a760c 100644
--- a/IDE/VS-AZURE-SPHERE/server/server.c
+++ b/IDE/VS-AZURE-SPHERE/server/server.c
@@ -1,6 +1,6 @@
-/* server.c
+/* server.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VS-AZURE-SPHERE/server/server.h b/IDE/VS-AZURE-SPHERE/server/server.h
index f43231682..ac8b96e01 100644
--- a/IDE/VS-AZURE-SPHERE/server/server.h
+++ b/IDE/VS-AZURE-SPHERE/server/server.h
@@ -1,6 +1,6 @@
 /* server.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/VisualDSP/user_settings.h b/IDE/VisualDSP/user_settings.h
index 40790b7e0..4730ebc94 100644
--- a/IDE/VisualDSP/user_settings.h
+++ b/IDE/VisualDSP/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -481,7 +481,7 @@ extern "C" {
 
 /* Seed Source */
 /* Size of returned HW RNG value */
-#if 0   
+#if 0
     #define CUSTOM_RAND_TYPE      unsigned int
     extern unsigned int my_rng_seed_gen(void);
     #undef  CUSTOM_RAND_GENERATE
@@ -690,7 +690,7 @@ extern "C" {
         int argc;
         char** argv;
         int return_code;
-        struct fssShellInfo* info;  
+        struct fssShellInfo* info;
     } wolfArgs;
 
     #define printf FCL_PRINTF
diff --git a/IDE/VisualDSP/wolf_tasks.c b/IDE/VisualDSP/wolf_tasks.c
index 4fd316aa2..d7d39e9ca 100644
--- a/IDE/VisualDSP/wolf_tasks.c
+++ b/IDE/VisualDSP/wolf_tasks.c
@@ -1,6 +1,6 @@
 /* wolf-tasks.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/WICED-STUDIO/user_settings.h b/IDE/WICED-STUDIO/user_settings.h
index e4a6f2e8a..b57563b8e 100644
--- a/IDE/WICED-STUDIO/user_settings.h
+++ b/IDE/WICED-STUDIO/user_settings.h
@@ -1,4 +1,4 @@
- / * Copyright (C) 2006-2024 wolfSSL Inc.
+ / * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/WIN-SRTP-KDF-140-3/resource.h b/IDE/WIN-SRTP-KDF-140-3/resource.h
index e92769c50..691fa7654 100644
--- a/IDE/WIN-SRTP-KDF-140-3/resource.h
+++ b/IDE/WIN-SRTP-KDF-140-3/resource.h
@@ -3,7 +3,7 @@
 // Used by wolfssl-fips.rc
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        101
diff --git a/IDE/WIN-SRTP-KDF-140-3/user_settings.h b/IDE/WIN-SRTP-KDF-140-3/user_settings.h
index 3c5127eb7..e9e6090e0 100644
--- a/IDE/WIN-SRTP-KDF-140-3/user_settings.h
+++ b/IDE/WIN-SRTP-KDF-140-3/user_settings.h
@@ -80,24 +80,15 @@
         #define WOLFSSL_VALIDATE_ECC_IMPORT
         #define WOLFSSL_VALIDATE_FFC_IMPORT
         #define HAVE_FFDHE_Q
-        #define HAVE_PUBLIC_FFDHE
     #ifdef _WIN64
         #define WOLFSSL_AESNI
-        #define HAVE_INTEL_RDSEED
     #endif
-        #define FORCE_FAILURE_RDSEED
     #endif /* FIPS v2 */
     #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
-        #undef WOLFSSL_AESNI /* Comment out if using PAA */
-        #undef HAVE_INTEL_RDSEED
-        #undef FORCE_FAILURE_RDSEED
-        #undef HAVE_PUBLIC_FFDHE
-
         #define NO_DES
         #define NO_DES3
         #define NO_MD5
         #define NO_OLD_TLS
-
         #define WOLFSSL_TLS13
         #define HAVE_TLS_EXTENSIONS
         #define HAVE_SUPPORTED_CURVES
@@ -124,17 +115,28 @@
         #define FP_MAX_BITS 16384
     #endif /* FIPS v5 */
     #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 6)
+        #undef WOLFSSL_AESNI /* Comment out if using PAA */
         #define HAVE_ED25519
+        #define HAVE_CURVE25519
+        #define WOLFSSL_ED25519_STREAMING_VERIFY
+        #define HAVE_ED25519_KEY_IMPORT
         #define HAVE_ED448
+        #define HAVE_CURVE448
+        #define HAVE_ED448_KEY_IMPORT
+        #define WOLFSSL_ED448_STREAMING_VERIFY
+        #undef  WOLFSSL_NO_SHAKE256
         #define WOLFSSL_SHAKE256
         #define WOLFSSL_SHAKE128
         #define WOLFSSL_AES_CFB
         #define WOLFSSL_AES_XTS
+        #define WOLFSSL_AESXTS_STREAM
+        #define WOLFSSL_AESGCM_STREAM
         #define HAVE_AES_KEYWRAP
         #define WC_SRTP_KDF
         #define HAVE_PBKDF2
         #define WOLFCRYPT_FIPS_CORE_HASH_VALUE \
-                AA9F70F147FAB898A76F587873AC4E9C7050D6E1F5828046BE871C54EDF2BF1C
+      AE8F969C072FB4A87B5C594F96162002F3CCEB6026BDB2553C8621AE197F7059 //woPAA
+      //E257E8C21764333E4710316D208A90D4ECA0682D6F40DC3F4A6E259D4752E306 //wPAA
         #define WOLFSSL_NOSHA512_224
         #define WOLFSSL_NOSHA512_256
 
@@ -174,4 +176,24 @@
     #endif
 #endif /* HAVE_FIPS */
 
+/* For optesting and code review and harness/vector processing */
+#if 0
+    #undef USE_CERT_BUFFERS_2048
+    #define USE_CERT_BUFFERS_2048
+
+    #undef USE_CERT_BUFFERS_256
+    #define USE_CERT_BUFFERS_256
+
+    #define NO_MAIN_DRIVER
+    #define HAVE_FORCE_FIPS_FAILURE
+    #define OPTEST_LOGGING_ENABLED
+    #define OPTEST_INVALID_LOGGING_ENABLED
+    #define DEBUG_FIPS_VERBOSE
+    #define OPTEST_RUNNING_ORGANIC
+    #define DEBUG_WOLFSSL
+    #define OPTEST_LOG_TE_MAPPING
+    #define DEEPLY_EMBEDDED
+    #define WORKING_WITH_AEGISOLVE
+#endif /* 1 || 0 */
+
 #endif /* _WIN_USER_SETTINGS_H_ */
diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
index 956269fb6..5af27ac69 100644
--- a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
+++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
@@ -51,8 +51,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 5,7,0,0
- PRODUCTVERSION 5,7,0,0
+ FILEVERSION 5,7,6,0
+ PRODUCTVERSION 5,7,6,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "wolfSSL Inc."
             VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
-            VALUE "FileVersion", "5.7.0.0"
+            VALUE "FileVersion", "5.7.6.0"
             VALUE "InternalName", "wolfssl-fips"
             VALUE "LegalCopyright", "Copyright (C) 2023"
             VALUE "OriginalFilename", "wolfssl-fips.dll"
             VALUE "ProductName", "wolfSSL FIPS"
-            VALUE "ProductVersion", "5.7.0.0"
+            VALUE "ProductVersion", "5.7.6.0"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj
index dfe4877e1..65bb39fff 100644
--- a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj
+++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.vcxproj
@@ -42,46 +42,46 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
@@ -132,7 +132,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -144,7 +144,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MinimalRebuild>true</MinimalRebuild>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
@@ -164,7 +164,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -176,7 +176,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MinimalRebuild>true</MinimalRebuild>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
@@ -197,7 +197,7 @@
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -210,7 +210,7 @@
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -228,7 +228,7 @@
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -241,7 +241,7 @@
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>$(SolutionDir)XXX-fips-test\IDE\WIN-SRTP-KDF-140-3;$(SolutionDir)XXX-fips-test;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -263,9 +263,12 @@
     <ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
     <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
     <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ed25519.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\curve25519.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ed448.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\curve448.c" />
     <ClCompile Include="..\..\wolfcrypt\src\error.c" />
     <ClCompile Include="..\..\wolfcrypt\src\fe_448.c" />
     <ClCompile Include="..\..\wolfcrypt\src\fe_low_mem.c" />
@@ -388,4 +391,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>
\ No newline at end of file
diff --git a/IDE/WIN/user_settings_dtls.h b/IDE/WIN/user_settings_dtls.h
index 06880e413..ff6f3ac1e 100644
--- a/IDE/WIN/user_settings_dtls.h
+++ b/IDE/WIN/user_settings_dtls.h
@@ -8,8 +8,8 @@
 
 /* DTLS configuration including DTLS v.1.3 which requires TLS v.1.3. */
 
-/* The below DTLS configurations can be copied in to another user_settings.h 
-   file that may have other settings that need to be preserved. 
+/* The below DTLS configurations can be copied in to another user_settings.h
+   file that may have other settings that need to be preserved.
 */
 #define WOLFSSL_TLS13
 #define WOLFSSL_DTLS
diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index b91c6efef..cd003c9ce 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -298,6 +298,7 @@
     <ClCompile Include="..\..\src\crl.c" />
     <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
     <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
     <ClCompile Include="..\..\wolfcrypt\src\error.c" />
     <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
diff --git a/IDE/WIN10/resource.h b/IDE/WIN10/resource.h
index e92769c50..691fa7654 100644
--- a/IDE/WIN10/resource.h
+++ b/IDE/WIN10/resource.h
@@ -3,7 +3,7 @@
 // Used by wolfssl-fips.rc
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        101
diff --git a/IDE/WIN10/wolfssl-fips.rc b/IDE/WIN10/wolfssl-fips.rc
index aa46cb8a9..b6df7d1f3 100644
--- a/IDE/WIN10/wolfssl-fips.rc
+++ b/IDE/WIN10/wolfssl-fips.rc
@@ -51,8 +51,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 5,7,2,0
- PRODUCTVERSION 5,7,2,0
+ FILEVERSION 5,7,6,0
+ PRODUCTVERSION 5,7,6,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "wolfSSL Inc."
             VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
-            VALUE "FileVersion", "5.7.2.0"
+            VALUE "FileVersion", "5.7.6.0"
             VALUE "InternalName", "wolfssl-fips"
             VALUE "LegalCopyright", "Copyright (C) 2024"
             VALUE "OriginalFilename", "wolfssl-fips.dll"
             VALUE "ProductName", "wolfSSL FIPS"
-            VALUE "ProductVersion", "5.7.2.0"
+            VALUE "ProductVersion", "5.7.6.0"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/IDE/WIN10/wolfssl-fips.vcxproj b/IDE/WIN10/wolfssl-fips.vcxproj
index 2736bc444..42d574220 100644
--- a/IDE/WIN10/wolfssl-fips.vcxproj
+++ b/IDE/WIN10/wolfssl-fips.vcxproj
@@ -262,6 +262,7 @@
     <ClCompile Include="..\..\wolfcrypt\src\curve448.c" />
     <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
     <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ed25519.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ed448.c" />
diff --git a/IDE/WINCE/user_settings.h b/IDE/WINCE/user_settings.h
index eca61f043..f9a7e940b 100644
--- a/IDE/WINCE/user_settings.h
+++ b/IDE/WINCE/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+
 /* Custom wolfSSL user settings for GCC ARM */
 
 #ifndef WOLFSSL_USER_SETTINGS_H
diff --git a/IDE/WORKBENCH/README.md b/IDE/WORKBENCH/README.md
index 656504579..d551b5ed9 100644
--- a/IDE/WORKBENCH/README.md
+++ b/IDE/WORKBENCH/README.md
@@ -27,7 +27,7 @@ then "Browse" and select:
     ```
     Click "OK" then "OK" again.
 
-4. Create a new `<path_to_wolfssl>/user_settings.h` file and add your custom 
+4. Create a new `<path_to_wolfssl>/user_settings.h` file and add your custom
 settings. Below is an example but you can expand the settings. For more details,
 see https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_template.h
 
diff --git a/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h b/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h
index cbbdfe3a0..7383ee435 100644
--- a/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h
+++ b/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h b/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h
index 768ed06c2..55e3b487a 100644
--- a/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h
+++ b/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE-FIPSv2/user_settings.h b/IDE/XCODE-FIPSv2/user_settings.h
index cf039344d..f71dc2fa3 100644
--- a/IDE/XCODE-FIPSv2/user_settings.h
+++ b/IDE/XCODE-FIPSv2/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE-FIPSv5/user_settings.h b/IDE/XCODE-FIPSv5/user_settings.h
index 74fdb284e..4e1e420c3 100644
--- a/IDE/XCODE-FIPSv5/user_settings.h
+++ b/IDE/XCODE-FIPSv5/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE-FIPSv6/README b/IDE/XCODE-FIPSv6/README
new file mode 100644
index 000000000..48ce32c1a
--- /dev/null
+++ b/IDE/XCODE-FIPSv6/README
@@ -0,0 +1,7 @@
+- The user_settings.h in this directory is intended for use with the FIPS 140-3
+submission candidate for upcoming SRTP-KDF submission. As such it is subject to
+change between now and when the CMVP issues the wolfCrypt FIPS 140-3
+certificate.
+
+- Last updated: 28 Feb 2025
+
diff --git a/IDE/XCODE-FIPSv6/include.am b/IDE/XCODE-FIPSv6/include.am
new file mode 100644
index 000000000..7f045b2da
--- /dev/null
+++ b/IDE/XCODE-FIPSv6/include.am
@@ -0,0 +1,9 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+# NOTE: The app will be stored in wolfssl/fips repository and copied
+#       into the proper release bundles when packaging the release.
+
+EXTRA_DIST+= IDE/XCODE-FIPSv6/user_settings.h
+EXTRA_DIST+= IDE/XCODE-FIPSv6/README
diff --git a/IDE/XCODE-FIPSv6/user_settings.h b/IDE/XCODE-FIPSv6/user_settings.h
new file mode 100644
index 000000000..e86bcd055
--- /dev/null
+++ b/IDE/XCODE-FIPSv6/user_settings.h
@@ -0,0 +1,949 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Custom wolfSSL user settings for GCC ARM */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+#undef  WOLFSSL_GENERAL_ALIGNMENT
+#define WOLFSSL_GENERAL_ALIGNMENT   4
+
+#undef  SINGLE_THREADED
+//#define SINGLE_THREADED
+
+#undef  WOLFSSL_SMALL_STACK
+//#define WOLFSSL_SMALL_STACK
+
+#undef  WOLFSSL_USER_IO
+//#define WOLFSSL_USER_IO
+
+#undef ANDROID_V454
+/* #define ANDROID_V454 */ /* application specific stuff in benchmark and harness from 140-2 days, carry
+                      * over to 140-3 work also */
+
+#undef NO_WRITE_TEMP_FILES
+#define NO_WRITE_TEMP_FILES
+
+#ifdef ANDROID_V454
+    #define MAX_FIPS_DATA_SZ 50000000
+    #define MAX_FIPS_CODE_SZ 50000000
+    #if 0
+       /* To have all printouts go to the app view on the device use: */
+       extern int appendToTextView(const char* fmt, ...);
+       #undef printf
+       #define printf(format, ...) appendToTextView(format, ## __VA_ARGS__)
+    #else
+       #include <stdio.h>
+       #include <android/log.h>
+       #include <unistd.h>
+       /* Inline function for WOLFLOGV */
+       static inline int wolf_logv(const char* fmt, ...) {
+           usleep(500); /* Sleep for 0.5 millisecond */
+           va_list args;
+           va_start(args, fmt);
+           int n = __android_log_vprint(ANDROID_LOG_VERBOSE,
+                                        "wolfCrypt_android", fmt, args);
+           va_end(args);
+           usleep(500); /* Sleep for 0.5 millisecond */
+           return n;
+       }
+
+       #define WOLFLOGV(...) wolf_logv(__VA_ARGS__)
+       #undef printf
+       #define printf WOLFLOGV
+    #endif
+#endif
+
+/* Uncomment for iOS devices with PAA */
+#undef IPHONE
+#define IPHONE
+
+/* ------------------------------------------------------------------------- */
+/* Math Configuration */
+/* ------------------------------------------------------------------------- */
+#undef  SIZEOF_LONG_LONG
+#define SIZEOF_LONG_LONG 8
+
+/* Maximum math bits (Max RSA key bits * 2) */
+#undef  FP_MAX_BITS
+#define FP_MAX_BITS 16384
+
+/* Maximum math bits (largest supported key bits) */
+#undef SP_INT_BITS
+#define SP_INT_BITS 8192
+
+#undef USE_FAST_MATH
+#if 0 /* Flip to 1 for PAA with single precision */
+    #define WOLFSSL_SP_MATH_ALL
+    #define WOLFSSL_SP_INT_NEGATIVE
+#else
+    #define USE_FAST_MATH
+
+    #undef  TFM_TIMING_RESISTANT
+    #define TFM_TIMING_RESISTANT
+
+    #define WOLFCRYPT_HAVE_SAKKE /* Note: Sakke can be enabled with 1024-bit support */
+
+    #undef TFM_NO_ASM
+    //#define TFM_NO_ASM
+
+    #if 0 /* Flip to 1 for PAA with tfm */
+        /* Optimizations */
+        #define TFM_ARM
+    #endif
+#endif
+
+/* Wolf Single Precision Math */
+#undef WOLFSSL_SP
+#if 0 /* SP Assembly Speedups (wPAA) */  /* Flip to 1 for PAA with tfm or single precision */
+    #define WOLFSSL_SP
+    //#define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    #define WOLFSSL_SP_1024
+    #undef WOLFCRYPT_HAVE_SAKKE
+    #define WOLFCRYPT_HAVE_SAKKE /* Note: Sakke can be enabled with 1024-bit support */
+    #define WOLFSSL_SP_4096 /* Explicitly enable 4096-bit support (2048/3072 on by default) */
+    #define WOLFSSL_SP_384 /* Explicitly enable 384-bit support (others on by default) */
+    #define WOLFSSL_SP_521 /* Explicitly enable 521-bit support (others on by default) */
+    #define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_HAVE_SP_DH
+    #define WOLFSSL_HAVE_SP_ECC
+    /* Customer indicated no desire for PAA, leave out */
+    #if 0 /* Flip to 1 for PAA with single precision */
+        #define WOLFSSL_ARMASM
+        #define WOLFSSL_SP_ARM64
+        #define WOLFSSL_SP_ARM64_ASM
+        #define WOLFSSL_ARMASM_INLINE
+    #endif
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* FIPS - Requires eval or license from wolfSSL */
+/* ------------------------------------------------------------------------- */
+#undef  HAVE_FIPS
+#if 1
+
+    #define WOLFCRYPT_FIPS_CORE_HASH_VALUE \
+1EF567FF471CFF983D21DA74623BDD14CCBCD0B14DADA8E4A9A79A47DEE82F3C
+    #define HAVE_FIPS
+
+    #undef  HAVE_FIPS_VERSION
+    #define HAVE_FIPS_VERSION 6
+
+    #undef HAVE_FIPS_VERSION_MAJOR
+    #define HAVE_FIPS_VERSION_MAJOR HAVE_FIPS_VERSION
+
+    #undef HAVE_FIPS_VERSION_MINOR
+    #define HAVE_FIPS_VERSION_MINOR 0
+
+    #undef HAVE_FIPS_VERSION_PATCH
+    #define HAVE_FIPS_VERSION_PATCH 0
+
+    #undef WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    #undef WOLFSSL_ECDSA_SET_K
+    #define WOLFSSL_ECDSA_SET_K
+
+    #undef WC_RNG_SEED_CB
+    #define WC_RNG_SEED_CB
+
+    #ifdef SINGLE_THREADED
+        #undef  NO_THREAD_LS
+        #define NO_THREAD_LS
+    #endif
+
+    #if 0
+        #undef NO_ATTRIBUTE_CONSTRUCTOR
+        #define NO_ATTRIBUTE_CONSTRUCTOR
+    #endif
+
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Crypto */
+/* ------------------------------------------------------------------------- */
+/* RSA */
+#undef NO_RSA
+#if 1
+
+    /* half as much memory but twice as slow */
+    #undef  RSA_LOW_MEM
+    //#define RSA_LOW_MEM
+
+    /* Enables blinding mode, to prevent timing attacks */
+    #if 1
+        #undef  WC_RSA_BLINDING
+        #define WC_RSA_BLINDING
+    #else
+        #undef  WC_NO_HARDEN
+        #define WC_NO_HARDEN
+    #endif
+
+    /* RSA PSS Support */
+    #if 1
+        #undef WC_RSA_PSS
+        #define WC_RSA_PSS
+
+        #undef WOLFSSL_PSS_LONG_SALT
+        #define WOLFSSL_PSS_LONG_SALT
+
+        #undef WOLFSSL_PSS_SALT_LEN_DISCOVER /* ? */
+        #define WOLFSSL_PSS_SALT_LEN_DISCOVER /* ? */
+    #endif
+
+    #if 1
+        #define WC_RSA_NO_PADDING
+    #endif
+#else
+    #define NO_RSA
+#endif
+
+/* ECC */
+#undef HAVE_ECC
+#if 1
+    #define HAVE_ECC
+
+    /* Manually define enabled curves */
+    #undef  ECC_USER_CURVES
+    #define ECC_USER_CURVES
+
+    #ifdef ECC_USER_CURVES
+        /* Manual Curve Selection */
+        #define HAVE_ECC192
+        #define HAVE_ECC224
+        #undef NO_ECC256
+        #define HAVE_ECC256
+        #define HAVE_ECC384
+        #define HAVE_ECC521
+    #endif
+
+    /* Fixed point cache (speeds repeated operations against same private key) */
+    #undef  FP_ECC
+    //#define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #undef  FP_ENTRIES
+        #define FP_ENTRIES  2
+        #undef  FP_LUT
+        #define FP_LUT      4
+    #endif
+
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #undef  ECC_SHAMIR
+    #define ECC_SHAMIR
+
+    /* Reduces heap usage, but slower */
+    #undef  ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
+
+    #ifdef HAVE_FIPS
+        #undef  HAVE_ECC_CDH
+        #define HAVE_ECC_CDH /* Enable cofactor support */
+
+        #undef NO_STRICT_ECDSA_LEN
+        #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
+
+        #undef  WOLFSSL_VALIDATE_ECC_IMPORT
+        #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
+
+        #undef WOLFSSL_VALIDATE_ECC_KEYGEN
+        #define WOLFSSL_VALIDATE_ECC_KEYGEN /* Validate generated keys */
+
+    #endif
+
+    /* Compressed Key Support */
+    #undef  HAVE_COMP_KEY
+    //#define HAVE_COMP_KEY
+
+    /* Use alternate ECC size for ECC math */
+    #ifdef USE_FAST_MATH
+        /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
+        #ifdef NO_RSA
+            /* Custom fastmath size if not using RSA */
+            #undef  FP_MAX_BITS
+            #define FP_MAX_BITS     (256 * 2)
+        #else
+            #undef  ALT_ECC_SIZE
+            #define ALT_ECC_SIZE
+            /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */
+            //#undef  FP_MAX_BITS_ECC
+            //#define FP_MAX_BITS_ECC (256 * 2)
+        #endif
+
+        /* Speedups specific to curve */
+        #ifndef NO_ECC256
+            #undef  TFM_ECC256
+            #define TFM_ECC256
+        #endif
+    #endif
+#endif
+
+/* DH */
+#undef  NO_DH
+#if 1
+    /* Use table for DH instead of -lm (math) lib dependency */
+    #if 1
+        #define HAVE_DH_DEFAULT_PARAMS
+        #define WOLFSSL_DH_CONST
+        #define HAVE_FFDHE_2048
+        #define HAVE_FFDHE_3072
+        #define HAVE_FFDHE_4096
+        #define HAVE_FFDHE_6144
+        #define HAVE_FFDHE_8192
+    #endif
+
+    #ifdef HAVE_FIPS
+        #define WOLFSSL_VALIDATE_FFC_IMPORT
+        #define HAVE_FFDHE_Q
+    #endif
+#else
+    #define NO_DH
+#endif
+
+
+/* AES */
+#undef NO_AES
+#if 1
+    #undef  HAVE_AES_CBC
+    #define HAVE_AES_CBC
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+
+    /* GCM Method (slowest to fastest): GCM_SMALL, GCM_WORD32, GCM_TABLE or
+     *                                  GCM_TABLE_4BIT */
+    #define GCM_TABLE_4BIT
+
+    #undef  WOLFSSL_AES_DIRECT
+    #define WOLFSSL_AES_DIRECT
+
+    #undef  HAVE_AES_ECB
+    #define HAVE_AES_ECB
+
+    #undef  WOLFSSL_AES_COUNTER
+    #define WOLFSSL_AES_COUNTER
+
+    #undef  HAVE_AESCCM
+    #define HAVE_AESCCM
+
+    #undef WOLFSSL_AES_OFB
+    #define WOLFSSL_AES_OFB
+
+    /* Required for module v6.0.0 */
+    #undef WOLFSSL_AES_CFB
+    #define WOLFSSL_AES_CFB
+
+    #undef WOLFSSL_AES_XTS
+    #define WOLFSSL_AES_XTS
+
+    #undef WOLFSSL_AESXTS_STREAM
+    #define WOLFSSL_AESXTS_STREAM
+
+    #undef WOLFSSL_AES_128
+    #define WOLFSSL_AES_128
+
+    #undef WOLFSSL_AES_256
+    #define WOLFSSL_AES_256
+
+    #undef WOLFSSL_AESGCM_STREAM
+    #define WOLFSSL_AESGCM_STREAM
+
+    #undef HAVE_AES_KEYWRAP
+    #define HAVE_AES_KEYWRAP
+#else
+    #define NO_AES
+#endif
+
+
+/* DES3 */
+#undef NO_DES3
+#if 0
+    #if 1
+        #undef WOLFSSL_DES_ECB
+        #define WOLFSSL_DES_ECB
+    #endif
+#else
+    #define NO_DES3
+#endif
+
+/* ChaCha20 / Poly1305 */
+#undef HAVE_CHACHA
+#undef HAVE_POLY1305
+#if 0
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
+
+    /* Needed for Poly1305 */
+    #undef  HAVE_ONE_TIME_AUTH
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#undef HAVE_CURVE25519
+#undef HAVE_ED25519
+/* Required for module v6.0.0 */
+#if 1
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519 /* ED25519 Requires SHA512 */
+    #define WOLFSSL_ED25519_STREAMING_VERIFY
+    #define HAVE_ED25519_KEY_IMPORT
+
+    /* Optionally use small math (less flash usage, but much slower) */
+    #if 0
+        #define CURVED25519_SMALL
+    #endif
+#endif
+
+/* Ed448 / Curve448 */
+/* Required for module v6.0.0 */
+#if 1
+    #define HAVE_CURVE448
+    #define HAVE_ED448
+    #define WOLFSSL_ED448_STREAMING_VERIFY
+    #define HAVE_ED448_KEY_IMPORT
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Hashing */
+/* ------------------------------------------------------------------------- */
+/* Sha */
+#undef NO_SHA
+#if 1
+    /* 1k smaller, but 25% slower */
+    //#define USE_SLOW_SHA
+#else
+    #define NO_SHA
+#endif
+
+/* Sha256 */
+#undef NO_SHA256
+#if 1
+    /* not unrolled - ~2k smaller and ~25% slower */
+    //#define USE_SLOW_SHA256
+
+    /* Sha224 */
+    #if 1
+        #define WOLFSSL_SHA224
+    #endif
+#else
+    #define NO_SHA256
+#endif
+
+/* Sha512 */
+#undef WOLFSSL_SHA512
+#if 1
+    #define WOLFSSL_SHA512
+
+    #define  WOLFSSL_NOSHA512_224 /* Not in FIPS mode */
+    #define  WOLFSSL_NOSHA512_256 /* Not in FIPS mode */
+
+
+    /* Sha384 */
+    #undef  WOLFSSL_SHA384
+    #if 1
+        #define WOLFSSL_SHA384
+    #endif
+
+    /* over twice as small, but 50% slower */
+    //#define USE_SLOW_SHA512
+#endif
+
+/* Sha3 */
+#undef WOLFSSL_SHA3
+#if 1
+    #define WOLFSSL_SHA3
+    /* Required to not be disabled for module v6.0.0 */
+    #if 0
+        #undef WOLFSSL_NO_SHAKE128
+        #define WOLFSSL_NO_SHAKE128
+
+        #undef WOLFSSL_NO_SHAKE256
+        #define WOLFSSL_NO_SHAKE256
+    #else
+        #define WOLFSSL_SHAKE256
+        #define WOLFSSL_SHAKE128
+    #endif
+#endif
+
+/* MD5 */
+#undef  NO_MD5
+#if 0
+
+#else
+    #define NO_MD5
+#endif
+
+/* HKDF / PRF */
+#undef HAVE_HKDF
+#if 1
+    #define HAVE_HKDF
+    #define WOLFSSL_HAVE_PRF
+
+    /* Required for module v6.0.0 */
+    #define WC_SRTP_KDF
+    #define HAVE_PBKDF2
+#endif
+
+/* CMAC */
+#undef WOLFSSL_CMAC
+#if 1
+    #define WOLFSSL_CMAC
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Benchmark / Test */
+/* ------------------------------------------------------------------------- */
+/* Use reduced benchmark / test sizes */
+#undef  BENCH_EMBEDDED
+#define BENCH_EMBEDDED
+
+#undef  USE_CERT_BUFFERS_2048
+#define USE_CERT_BUFFERS_2048
+
+#undef  USE_CERT_BUFFERS_1024
+//#define USE_CERT_BUFFERS_1024
+
+#undef  USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+
+#undef DEBUG_WOLFSSL
+#undef NO_ERROR_STRINGS
+#if 1
+    //#define DEBUG_WOLFSSL
+#else
+    #if 0
+        #define NO_ERROR_STRINGS
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Memory */
+/* ------------------------------------------------------------------------- */
+
+/* Override Memory API's */
+#if 0
+    #undef  XMALLOC_OVERRIDE
+    #define XMALLOC_OVERRIDE
+
+    /* prototypes for user heap override functions */
+    /* Note: Realloc only required for normal math */
+    #include <stddef.h>  /* for size_t */
+    extern void *myMalloc(size_t n, void* heap, int type);
+    extern void myFree(void *p, void* heap, int type);
+    extern void *myRealloc(void *p, size_t n, void* heap, int type);
+
+    #define XMALLOC(n, h, t)     myMalloc(n, h, t)
+    #define XFREE(p, h, t)       myFree(p, h, t)
+    #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
+#endif
+
+#if 0
+    /* Static memory requires fast math */
+    #define WOLFSSL_STATIC_MEMORY
+
+    /* Disable fallback malloc/free */
+    #define WOLFSSL_NO_MALLOC
+    #if 1
+        #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
+    #endif
+#endif
+
+/* Memory callbacks */
+#if 1
+    #undef  USE_WOLFSSL_MEMORY
+    #define USE_WOLFSSL_MEMORY
+
+    /* Use this to measure / print heap usage */
+    #if 0
+        #undef  WOLFSSL_TRACK_MEMORY
+//        #define WOLFSSL_TRACK_MEMORY
+
+        #undef  WOLFSSL_DEBUG_MEMORY
+        //#define WOLFSSL_DEBUG_MEMORY
+
+        #undef WOLFSSL_DEBUG_MEMORY_PRINT
+        //#define WOLFSSL_DEBUG_MEMORY_PRINT
+    #endif
+#else
+    #ifndef WOLFSSL_STATIC_MEMORY
+        #define NO_WOLFSSL_MEMORY
+        /* Otherwise we will use stdlib malloc, free and realloc */
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Port */
+/* ------------------------------------------------------------------------- */
+
+/* Override Current Time */
+/* Allows custom "custom_time()" function to be used for benchmark */
+//#define WOLFSSL_USER_CURRTIME
+//#define WOLFSSL_GMTIME
+//#define USER_TICKS
+//extern unsigned long my_time(unsigned long* timer);
+//#define XTIME my_time
+
+
+/* ------------------------------------------------------------------------- */
+/* RNG */
+/* ------------------------------------------------------------------------- */
+
+/* Seed Source */
+ /* Seed Source */
+// extern int my_rng_generate_seed(unsigned char* output, int sz);
+// #undef  CUSTOM_RAND_GENERATE_SEED
+// #define CUSTOM_RAND_GENERATE_SEED  my_rng_generate_seed
+
+/* Choose RNG method */
+#if 1
+    /* Use built-in P-RNG (SHA256 based) with HW RNG */
+    /* P-RNG + HW RNG (P-RNG is ~8K) */
+    //#define WOLFSSL_GENSEED_FORTEST
+    #undef  HAVE_HASHDRBG
+    #define HAVE_HASHDRBG
+#else
+    #undef  WC_NO_HASHDRBG
+    #define WC_NO_HASHDRBG
+
+    /* Bypass P-RNG and use only HW RNG */
+    extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
+    #undef  CUSTOM_RAND_GENERATE_BLOCK
+    #define CUSTOM_RAND_GENERATE_BLOCK  my_rng_gen_block
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Custom Standard Lib */
+/* ------------------------------------------------------------------------- */
+/* Allows override of all standard library functions */
+#undef STRING_USER
+#if 0
+    #define STRING_USER
+
+    #include <string.h>
+
+    #undef  USE_WOLF_STRSEP
+    #define USE_WOLF_STRSEP
+    #define XSTRSEP(s1,d)     wc_strsep((s1),(d))
+
+    #undef  USE_WOLF_STRTOK
+    #define USE_WOLF_STRTOK
+    #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
+
+    #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
+
+    #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
+    #define XMEMSET(b,c,l)    memset((b),(c),(l))
+    #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
+    #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
+
+    #define XSTRLEN(s1)       strlen((s1))
+    #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
+    #define XSTRSTR(s1,s2)    strstr((s1),(s2))
+
+    #define XSTRNCMP(s1,s2,n)     strncmp((s1),(s2),(n))
+    #define XSTRNCAT(s1,s2,n)     strncat((s1),(s2),(n))
+    #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
+
+    #define XSNPRINTF snprintf
+#endif
+
+
+
+/* ------------------------------------------------------------------------- */
+/* Enable Features */
+/* ------------------------------------------------------------------------- */
+#undef WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_ASN_TEMPLATE
+
+#undef WOLFSSL_ASN_PRINT
+#define WOLFSSL_ASN_PRINT
+
+#undef WOLFSSL_TLS13
+#if 1
+    #define WOLFSSL_TLS13
+#endif
+
+#undef WOLFSSL_KEY_GEN
+#if 1
+    #define WOLFSSL_KEY_GEN
+#endif
+
+#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN)
+    #define WOLFSSL_OLD_PRIME_CHECK
+#endif
+
+#undef  KEEP_PEER_CERT
+//#define KEEP_PEER_CERT
+
+#undef  HAVE_COMP_KEY
+//#define HAVE_COMP_KEY
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_EXTENDED_MASTER
+#define HAVE_EXTENDED_MASTER
+
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+/* TLS Session Cache */
+#if 0
+    #define SMALL_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+#undef OPENSSL_EXTRA
+#define OPENSSL_EXTRA
+
+#undef WOLFSSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
+
+#undef HAVE_SESSION_TICKET
+#define HAVE_SESSION_TICKET
+
+#undef HAVE_EX_DATA
+#define HAVE_EX_DATA
+
+#undef HAVE_ENCRYPT_THEN_MAC
+#define HAVE_ENCRYPT_THEN_MAC
+
+#undef WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_GEN
+
+#undef ATOMIC_USER
+#define ATOMIC_USER
+
+#undef HAVE_SECRET_CALLBACK
+#define HAVE_SECRET_CALLBACK
+
+/* wolfEngine */
+#if 0
+    #define OPENSSL_COEXIST
+
+    /* HKDF for engine */
+    #undef HAVE_HKDF
+    #if 1
+        #define HAVE_HKDF
+        #define HAVE_X963_KDF
+    #endif
+
+    #undef WOLFSSL_PUBLIC_MP
+    #define WOLFSSL_PUBLIC_MP
+
+    #undef NO_OLD_RNGNAME
+    #define NO_OLD_RNGNAME
+
+    #undef NO_OLD_WC_NAMES
+    #define NO_OLD_WC_NAMES
+
+    #undef NO_OLD_SSL_NAMES
+    #define NO_OLD_SSL_NAMES
+
+    #undef NO_OLD_SHA_NAMES
+    #define NO_OLD_SHA_NAMES
+
+    #undef NO_OLD_MD5_NAME
+    #define NO_OLD_MD5_NAME
+
+    #undef NO_OLD_SHA256_NAMES
+    #define NO_OLD_SHA256_NAMES
+#endif
+
+#undef WOLFSSL_SYS_CA_CERTS
+//#define WOLFSSL_SYS_CA_CERTS
+
+#undef LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
+#define LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
+
+#undef HAVE_SERVER_RENEGOTIATION_INFO
+#define HAVE_SERVER_RENEGOTIATION_INFO
+
+#undef WOLFSSL_PEM_TO_DER
+#define WOLFSSL_PEM_TO_DER
+
+#undef WOLFSSL_PUB_PEM_TO_DER
+#define WOLFSSL_PUB_PEM_TO_DER
+
+/* ------------------------------------------------------------------------- */
+/* Disable Features */
+/* ------------------------------------------------------------------------- */
+#undef  NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_SERVER
+
+#undef  NO_WOLFSSL_CLIENT
+//#define NO_WOLFSSL_CLIENT
+
+#undef  NO_CRYPT_TEST
+//#define NO_CRYPT_TEST
+
+#undef  NO_CRYPT_BENCHMARK
+//#define NO_CRYPT_BENCHMARK
+
+#undef  WOLFCRYPT_ONLY
+#define WOLFCRYPT_ONLY
+
+/* In-lining of misc.c functions */
+/* If defined, must include wolfcrypt/src/misc.c in build */
+/* Slower, but about 1k smaller */
+#undef  NO_INLINE
+//#define NO_INLINE
+
+#undef  NO_FILESYSTEM
+//#define NO_FILESYSTEM
+
+#undef  NO_WRITEV
+//#define NO_WRITEV
+
+#undef  NO_MAIN_DRIVER
+#define NO_MAIN_DRIVER
+
+#undef  NO_DEV_RANDOM
+//#define NO_DEV_RANDOM
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_OLD_TLS
+#define NO_OLD_TLS
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+//#define NO_PWDBASED
+
+#undef  NO_CODING
+//#define NO_CODING
+
+#undef  NO_ASN_TIME
+//#define NO_ASN_TIME
+
+#undef  NO_CERTS
+//#define NO_CERTS
+
+#undef  NO_SIG_WRAPPER
+//#define NO_SIG_WRAPPER
+
+#undef NO_DO178
+#define NO_DO178
+
+/* wolfSSL engineering ACVP algo and operational testing only (Default: Off) */
+#if 1
+    #ifndef WOLFSSL_PUBLIC_MP
+        #define WOLFSSL_PUBLIC_MP
+    #endif
+    #define OPTEST_LOGGING_ENABLED
+    #define DEBUG_FIPS_VERBOSE
+    #ifndef DEBUG_WOLFSSL
+        //#define DEBUG_WOLFSSL
+    #endif
+    #define OPTEST_RUNNING_ORGANIC
+    #define OPTEST_INVALID_LOGGING_ENABLED
+    #define HAVE_FORCE_FIPS_FAILURE
+    #define DEEPLY_EMBEDDED
+    #define OPTEST_LOG_TE_MAPPING
+    #define NO_MAIN_OPTEST_DRIVER
+    #define NO_MAIN_DRIVER
+    #define NO_MAIN_HARNESS_DRIVER
+
+    #ifdef BENCH_EMBEDDED
+    /* NOTE: Can not be on for operational testing */
+        #undef BENCH_EMBEDDED
+    #endif
+
+    #define NO_WRITE_TEMP_FILES
+#endif
+
+/* Customer Specific Section */
+/* #define CUSTOMER_1_IOS */
+#ifdef CUSTOMER_1_IOS
+
+    /* not certified, disable for full FIPS compliance, will attempt to include
+     * in UPDT submission and/or next FS submission */
+    #undef HAVE_PKCS7
+    #define HAVE_PKCS7
+
+    #undef HAVE_SNI
+    #define HAVE_SNI
+
+    #undef HAVE_THREAD_LS
+    #define HAVE_THREAD_LS
+
+    /* Not certifiable but external to module boundary and out of scope */
+    #undef WOLFCRYPT_HAVE_ECCSI
+    #define WOLFCRYPT_HAVE_ECCSI
+
+    #undef WOLFSSL_DTLS
+    #define WOLFSSL_DTLS
+
+    #undef WOLFSSL_DTLS_MTU
+    #define WOLFSSL_DTLS_MTU
+
+    /* OpenSSL Compatibility (NOTE: Incompatible with wolfEngine and
+       OPENSSL_COEXIST) */
+    #ifndef OPENSSL_COEXIST
+        #undef OPENSSL_EXTRA
+        #if 1
+            #define OPENSSL_EXTRA
+            /* Larger footprint but enable ALL compatibility not just a subset */
+            #if 1
+                #define OPENSSL_ALL
+            #endif
+        #endif
+    #endif
+#endif /* CUSTOMER_1_IOS */
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
+
diff --git a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h
index f6a3eeee7..596ff855f 100644
--- a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h
+++ b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h
@@ -1,6 +1,6 @@
 /* AppDelegate.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m
index eb6a1d88c..8e21bd689 100644
--- a/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m
+++ b/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m
@@ -1,6 +1,6 @@
 /* AppDelegate.m
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/Benchmark/wolfBench/ViewController.h b/IDE/XCODE/Benchmark/wolfBench/ViewController.h
index d8f1a9a3e..732ebe473 100644
--- a/IDE/XCODE/Benchmark/wolfBench/ViewController.h
+++ b/IDE/XCODE/Benchmark/wolfBench/ViewController.h
@@ -1,6 +1,6 @@
 /* ViewController.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/Benchmark/wolfBench/ViewController.m b/IDE/XCODE/Benchmark/wolfBench/ViewController.m
index 94c3f6382..6eb44e0a8 100644
--- a/IDE/XCODE/Benchmark/wolfBench/ViewController.m
+++ b/IDE/XCODE/Benchmark/wolfBench/ViewController.m
@@ -1,6 +1,6 @@
 /* ViewController.m
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/Benchmark/wolfBench/main.m b/IDE/XCODE/Benchmark/wolfBench/main.m
index bee606d42..939fe5f8e 100644
--- a/IDE/XCODE/Benchmark/wolfBench/main.m
+++ b/IDE/XCODE/Benchmark/wolfBench/main.m
@@ -1,6 +1,6 @@
 /* main.m
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XCODE/README.md b/IDE/XCODE/README.md
index f76f4f7d4..2401eae31 100644
--- a/IDE/XCODE/README.md
+++ b/IDE/XCODE/README.md
@@ -8,27 +8,27 @@ This directory contains the following files:
 4. `wolfssl-FIPS.xcodeproj` -- project to build wolfSSL and wolfCrypt-FIPS if available
 5. `user_settings.h` -- custom library settings, which are shared across projects
 
-The library will output as `libwolfssl_osx.a` or 'libwolfssl_ios.a` depending on 
-the target. It will also copy the wolfSSL/wolfCrypt (and the CyaSSL/CtaoCrypt 
-compatibility) headers into an `include` directory located in 
+The library will output as `libwolfssl_osx.a` or 'libwolfssl_ios.a` depending on
+the target. It will also copy the wolfSSL/wolfCrypt (and the CyaSSL/CtaoCrypt
+compatibility) headers into an `include` directory located in
 `Build/Products/Debug` or `Build/Products/Release`.
 
-For the library and testsuite to link properly the build location needs to be 
+For the library and testsuite to link properly the build location needs to be
 configured as realitive to workspace.
 1. File -> Workspace Settings (or Xcode -> Preferences -> Locations -> Locations)
 2. Derived Data -> Advanced
 3. Custom -> Relative to Workspace
 4. Products -> Build/Products
 
-These Xcode projects define the `WOLFSSL_USER_SETTINGS` preprocessor 
-to enable the `user_settings.h` file for setting macros across 
+These Xcode projects define the `WOLFSSL_USER_SETTINGS` preprocessor
+to enable the `user_settings.h` file for setting macros across
 multiple projects.
 
 If needed the Xcode preprocessors can be modified with these steps:
 1. Click on the Project in "Project Navigator".
 2. Click on the "Build Settings" tab.
 3. Scroll down to the "Apple LLVM 6.0 - Preprocessing" section.
-4. Open the disclosure for "Preprocessor Macros" and use the "+" and 
+4. Open the disclosure for "Preprocessor Macros" and use the "+" and
 "-" buttons to modify. Remember to do this for both Debug and Release.
 
 ## wolfSSL
diff --git a/IDE/XCODE/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/XCODE/wolfssl-FIPS.xcodeproj/project.pbxproj
index 63c889fe5..c96018c5a 100644
--- a/IDE/XCODE/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/XCODE/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -125,7 +125,7 @@
 		700F0CF52A2FC11300755BA7 /* eccsi.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDB2A2FC0D500755BA7 /* eccsi.h */; };
 		700F0CF62A2FC11300755BA7 /* ed448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD22A2FC0D500755BA7 /* ed448.h */; };
 		700F0CF72A2FC11300755BA7 /* ed25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE12A2FC0D500755BA7 /* ed25519.h */; };
-		700F0CF82A2FC11300755BA7 /* ext_kyber.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD52A2FC0D500755BA7 /* ext_kyber.h */; };
+		700F0CF82A2FC11300755BA7 /* ext_mlkem.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD52A2FC0D500755BA7 /* ext_mlkem.h */; };
 		700F0CF92A2FC11300755BA7 /* falcon.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDD2A2FC0D500755BA7 /* falcon.h */; };
 		700F0CFA2A2FC11300755BA7 /* fe_448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDE2A2FC0D500755BA7 /* fe_448.h */; };
 		700F0CFB2A2FC11300755BA7 /* fe_operations.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CC72A2FC0D400755BA7 /* fe_operations.h */; };
@@ -133,7 +133,7 @@
 		700F0CFD2A2FC11300755BA7 /* ge_448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE22A2FC0D500755BA7 /* ge_448.h */; };
 		700F0CFE2A2FC11300755BA7 /* ge_operations.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CCA2A2FC0D500755BA7 /* ge_operations.h */; };
 		700F0CFF2A2FC11300755BA7 /* hpke.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CCD2A2FC0D500755BA7 /* hpke.h */; };
-		700F0D002A2FC11300755BA7 /* kyber.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CCC2A2FC0D500755BA7 /* kyber.h */; };
+		700F0D002A2FC11300755BA7 /* mlkem.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CCC2A2FC0D500755BA7 /* mlkem.h */; };
 		700F0D012A2FC11300755BA7 /* mem_track.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDA2A2FC0D500755BA7 /* mem_track.h */; };
 		700F0D022A2FC11300755BA7 /* pkcs11.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD92A2FC0D500755BA7 /* pkcs11.h */; };
 		700F0D032A2FC11300755BA7 /* pkcs12.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE42A2FC0D500755BA7 /* pkcs12.h */; };
@@ -147,7 +147,7 @@
 		700F0D0B2A2FC11300755BA7 /* sp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD12A2FC0D500755BA7 /* sp.h */; };
 		700F0D0C2A2FC11300755BA7 /* sphincs.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CEC2A2FC0D500755BA7 /* sphincs.h */; };
 		700F0D0D2A2FC11300755BA7 /* srp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDC2A2FC0D500755BA7 /* srp.h */; };
-		700F0D0E2A2FC11300755BA7 /* wc_kyber.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD82A2FC0D500755BA7 /* wc_kyber.h */; };
+		700F0D0E2A2FC11300755BA7 /* wc_mlkem.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD82A2FC0D500755BA7 /* wc_mlkem.h */; };
 		700F0D0F2A2FC11300755BA7 /* wc_pkcs11.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE82A2FC0D500755BA7 /* wc_pkcs11.h */; };
 		700F0D102A2FC11300755BA7 /* wolfevent.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD62A2FC0D500755BA7 /* wolfevent.h */; };
 		700F0D112A2FC11300755BA7 /* wolfmath.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CEB2A2FC0D500755BA7 /* wolfmath.h */; };
@@ -285,7 +285,7 @@
 				700F0CF52A2FC11300755BA7 /* eccsi.h in CopyFiles */,
 				700F0CF62A2FC11300755BA7 /* ed448.h in CopyFiles */,
 				700F0CF72A2FC11300755BA7 /* ed25519.h in CopyFiles */,
-				700F0CF82A2FC11300755BA7 /* ext_kyber.h in CopyFiles */,
+				700F0CF82A2FC11300755BA7 /* ext_mlkem.h in CopyFiles */,
 				700F0CF92A2FC11300755BA7 /* falcon.h in CopyFiles */,
 				700F0CFA2A2FC11300755BA7 /* fe_448.h in CopyFiles */,
 				700F0CFB2A2FC11300755BA7 /* fe_operations.h in CopyFiles */,
@@ -293,7 +293,7 @@
 				700F0CFD2A2FC11300755BA7 /* ge_448.h in CopyFiles */,
 				700F0CFE2A2FC11300755BA7 /* ge_operations.h in CopyFiles */,
 				700F0CFF2A2FC11300755BA7 /* hpke.h in CopyFiles */,
-				700F0D002A2FC11300755BA7 /* kyber.h in CopyFiles */,
+				700F0D002A2FC11300755BA7 /* mlkem.h in CopyFiles */,
 				700F0D012A2FC11300755BA7 /* mem_track.h in CopyFiles */,
 				700F0D022A2FC11300755BA7 /* pkcs11.h in CopyFiles */,
 				700F0D032A2FC11300755BA7 /* pkcs12.h in CopyFiles */,
@@ -307,7 +307,7 @@
 				700F0D0B2A2FC11300755BA7 /* sp.h in CopyFiles */,
 				700F0D0C2A2FC11300755BA7 /* sphincs.h in CopyFiles */,
 				700F0D0D2A2FC11300755BA7 /* srp.h in CopyFiles */,
-				700F0D0E2A2FC11300755BA7 /* wc_kyber.h in CopyFiles */,
+				700F0D0E2A2FC11300755BA7 /* wc_mlkem.h in CopyFiles */,
 				700F0D0F2A2FC11300755BA7 /* wc_pkcs11.h in CopyFiles */,
 				700F0D102A2FC11300755BA7 /* wolfevent.h in CopyFiles */,
 				700F0D112A2FC11300755BA7 /* wolfmath.h in CopyFiles */,
@@ -563,7 +563,7 @@
 		700F0CC92A2FC0D500755BA7 /* selftest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = selftest.h; path = ../../wolfssl/wolfcrypt/selftest.h; sourceTree = "<group>"; };
 		700F0CCA2A2FC0D500755BA7 /* ge_operations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ge_operations.h; path = ../../wolfssl/wolfcrypt/ge_operations.h; sourceTree = "<group>"; };
 		700F0CCB2A2FC0D500755BA7 /* async.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = async.h; path = ../../wolfssl/wolfcrypt/async.h; sourceTree = "<group>"; };
-		700F0CCC2A2FC0D500755BA7 /* kyber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = kyber.h; path = ../../wolfssl/wolfcrypt/kyber.h; sourceTree = "<group>"; };
+		700F0CCC2A2FC0D500755BA7 /* mlkem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mlkem.h; path = ../../wolfssl/wolfcrypt/mlkem.h; sourceTree = "<group>"; };
 		700F0CCD2A2FC0D500755BA7 /* hpke.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hpke.h; path = ../../wolfssl/wolfcrypt/hpke.h; sourceTree = "<group>"; };
 		700F0CCE2A2FC0D500755BA7 /* cpuid.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cpuid.h; path = ../../wolfssl/wolfcrypt/cpuid.h; sourceTree = "<group>"; };
 		700F0CCF2A2FC0D500755BA7 /* fips.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = fips.h; path = ../../wolfssl/wolfcrypt/fips.h; sourceTree = "<group>"; };
@@ -572,10 +572,10 @@
 		700F0CD22A2FC0D500755BA7 /* ed448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ed448.h; path = ../../wolfssl/wolfcrypt/ed448.h; sourceTree = "<group>"; };
 		700F0CD32A2FC0D500755BA7 /* curve448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = curve448.h; path = ../../wolfssl/wolfcrypt/curve448.h; sourceTree = "<group>"; };
 		700F0CD42A2FC0D500755BA7 /* siphash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = siphash.h; path = ../../wolfssl/wolfcrypt/siphash.h; sourceTree = "<group>"; };
-		700F0CD52A2FC0D500755BA7 /* ext_kyber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ext_kyber.h; path = ../../wolfssl/wolfcrypt/ext_kyber.h; sourceTree = "<group>"; };
+		700F0CD52A2FC0D500755BA7 /* ext_mlkem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ext_mlkem.h; path = ../../wolfssl/wolfcrypt/ext_mlkem.h; sourceTree = "<group>"; };
 		700F0CD62A2FC0D500755BA7 /* wolfevent.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wolfevent.h; path = ../../wolfssl/wolfcrypt/wolfevent.h; sourceTree = "<group>"; };
 		700F0CD72A2FC0D500755BA7 /* cmac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cmac.h; path = ../../wolfssl/wolfcrypt/cmac.h; sourceTree = "<group>"; };
-		700F0CD82A2FC0D500755BA7 /* wc_kyber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_kyber.h; path = ../../wolfssl/wolfcrypt/wc_kyber.h; sourceTree = "<group>"; };
+		700F0CD82A2FC0D500755BA7 /* wc_mlkem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_mlkem.h; path = ../../wolfssl/wolfcrypt/wc_mlkem.h; sourceTree = "<group>"; };
 		700F0CD92A2FC0D500755BA7 /* pkcs11.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = pkcs11.h; path = ../../wolfssl/wolfcrypt/pkcs11.h; sourceTree = "<group>"; };
 		700F0CDA2A2FC0D500755BA7 /* mem_track.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mem_track.h; path = ../../wolfssl/wolfcrypt/mem_track.h; sourceTree = "<group>"; };
 		700F0CDB2A2FC0D500755BA7 /* eccsi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = eccsi.h; path = ../../wolfssl/wolfcrypt/eccsi.h; sourceTree = "<group>"; };
@@ -643,7 +643,7 @@
 				700F0CDB2A2FC0D500755BA7 /* eccsi.h */,
 				700F0CD22A2FC0D500755BA7 /* ed448.h */,
 				700F0CE12A2FC0D500755BA7 /* ed25519.h */,
-				700F0CD52A2FC0D500755BA7 /* ext_kyber.h */,
+				700F0CD52A2FC0D500755BA7 /* ext_mlkem.h */,
 				700F0CDD2A2FC0D500755BA7 /* falcon.h */,
 				700F0CDE2A2FC0D500755BA7 /* fe_448.h */,
 				700F0CC72A2FC0D400755BA7 /* fe_operations.h */,
@@ -651,7 +651,7 @@
 				700F0CE22A2FC0D500755BA7 /* ge_448.h */,
 				700F0CCA2A2FC0D500755BA7 /* ge_operations.h */,
 				700F0CCD2A2FC0D500755BA7 /* hpke.h */,
-				700F0CCC2A2FC0D500755BA7 /* kyber.h */,
+				700F0CCC2A2FC0D500755BA7 /* mlkem.h */,
 				700F0CDA2A2FC0D500755BA7 /* mem_track.h */,
 				700F0CD92A2FC0D500755BA7 /* pkcs11.h */,
 				700F0CE42A2FC0D500755BA7 /* pkcs12.h */,
@@ -665,7 +665,7 @@
 				700F0CD12A2FC0D500755BA7 /* sp.h */,
 				700F0CEC2A2FC0D500755BA7 /* sphincs.h */,
 				700F0CDC2A2FC0D500755BA7 /* srp.h */,
-				700F0CD82A2FC0D500755BA7 /* wc_kyber.h */,
+				700F0CD82A2FC0D500755BA7 /* wc_mlkem.h */,
 				700F0CE82A2FC0D500755BA7 /* wc_pkcs11.h */,
 				700F0CD62A2FC0D500755BA7 /* wolfevent.h */,
 				700F0CEB2A2FC0D500755BA7 /* wolfmath.h */,
diff --git a/IDE/XCODE/wolfssl.xcodeproj/project.pbxproj b/IDE/XCODE/wolfssl.xcodeproj/project.pbxproj
index 33c55dcc4..1b5787ddc 100644
--- a/IDE/XCODE/wolfssl.xcodeproj/project.pbxproj
+++ b/IDE/XCODE/wolfssl.xcodeproj/project.pbxproj
@@ -256,7 +256,7 @@
 		700F0C0D2A2FBC5100755BA7 /* eccsi.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF72A2FBC1600755BA7 /* eccsi.h */; };
 		700F0C0E2A2FBC5100755BA7 /* ed448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF82A2FBC1600755BA7 /* ed448.h */; };
 		700F0C0F2A2FBC5100755BA7 /* ed25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF42A2FBC1600755BA7 /* ed25519.h */; };
-		700F0C102A2FBC5100755BA7 /* ext_kyber.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF92A2FBC1600755BA7 /* ext_kyber.h */; };
+		700F0C102A2FBC5100755BA7 /* ext_mlkem.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF92A2FBC1600755BA7 /* ext_mlkem.h */; };
 		700F0C112A2FBC5100755BA7 /* falcon.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0C022A2FBC1600755BA7 /* falcon.h */; };
 		700F0C122A2FBC5100755BA7 /* fe_448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEB2A2FBC1500755BA7 /* fe_448.h */; };
 		700F0C132A2FBC5100755BA7 /* fe_operations.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF62A2FBC1600755BA7 /* fe_operations.h */; };
@@ -264,7 +264,7 @@
 		700F0C152A2FBC5100755BA7 /* ge_448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE72A2FBC1500755BA7 /* ge_448.h */; };
 		700F0C162A2FBC5100755BA7 /* ge_operations.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0C012A2FBC1600755BA7 /* ge_operations.h */; };
 		700F0C172A2FBC5100755BA7 /* hpke.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE12A2FBC1500755BA7 /* hpke.h */; };
-		700F0C182A2FBC5100755BA7 /* kyber.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEA2A2FBC1500755BA7 /* kyber.h */; };
+		700F0C182A2FBC5100755BA7 /* mlkem.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEA2A2FBC1500755BA7 /* mlkem.h */; };
 		700F0C192A2FBC5100755BA7 /* pkcs11.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BFD2A2FBC1600755BA7 /* pkcs11.h */; };
 		700F0C1A2A2FBC5100755BA7 /* pkcs12.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEC2A2FBC1500755BA7 /* pkcs12.h */; };
 		700F0C1B2A2FBC5100755BA7 /* rc2.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE02A2FBC1500755BA7 /* rc2.h */; };
@@ -277,7 +277,7 @@
 		700F0C222A2FBC5100755BA7 /* sp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE92A2FBC1500755BA7 /* sp.h */; };
 		700F0C232A2FBC5100755BA7 /* sphincs.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE22A2FBC1500755BA7 /* sphincs.h */; };
 		700F0C242A2FBC5100755BA7 /* srp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF32A2FBC1600755BA7 /* srp.h */; };
-		700F0C252A2FBC5100755BA7 /* wc_kyber.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BFF2A2FBC1600755BA7 /* wc_kyber.h */; };
+		700F0C252A2FBC5100755BA7 /* wc_mlkem.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BFF2A2FBC1600755BA7 /* wc_mlkem.h */; };
 		700F0C262A2FBC5100755BA7 /* wc_pkcs11.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF52A2FBC1600755BA7 /* wc_pkcs11.h */; };
 		700F0C272A2FBC5100755BA7 /* wolfevent.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE62A2FBC1500755BA7 /* wolfevent.h */; };
 		700F0C282A2FBC5100755BA7 /* kdf.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 6AC8513B272CB04F00F2B32A /* kdf.h */; };
@@ -625,7 +625,7 @@
 				700F0C0D2A2FBC5100755BA7 /* eccsi.h in CopyFiles */,
 				700F0C0E2A2FBC5100755BA7 /* ed448.h in CopyFiles */,
 				700F0C0F2A2FBC5100755BA7 /* ed25519.h in CopyFiles */,
-				700F0C102A2FBC5100755BA7 /* ext_kyber.h in CopyFiles */,
+				700F0C102A2FBC5100755BA7 /* ext_mlkem.h in CopyFiles */,
 				700F0C112A2FBC5100755BA7 /* falcon.h in CopyFiles */,
 				700F0C122A2FBC5100755BA7 /* fe_448.h in CopyFiles */,
 				700F0C132A2FBC5100755BA7 /* fe_operations.h in CopyFiles */,
@@ -633,7 +633,7 @@
 				700F0C152A2FBC5100755BA7 /* ge_448.h in CopyFiles */,
 				700F0C162A2FBC5100755BA7 /* ge_operations.h in CopyFiles */,
 				700F0C172A2FBC5100755BA7 /* hpke.h in CopyFiles */,
-				700F0C182A2FBC5100755BA7 /* kyber.h in CopyFiles */,
+				700F0C182A2FBC5100755BA7 /* mlkem.h in CopyFiles */,
 				700F0C192A2FBC5100755BA7 /* pkcs11.h in CopyFiles */,
 				700F0C1A2A2FBC5100755BA7 /* pkcs12.h in CopyFiles */,
 				700F0C1B2A2FBC5100755BA7 /* rc2.h in CopyFiles */,
@@ -646,7 +646,7 @@
 				700F0C222A2FBC5100755BA7 /* sp.h in CopyFiles */,
 				700F0C232A2FBC5100755BA7 /* sphincs.h in CopyFiles */,
 				700F0C242A2FBC5100755BA7 /* srp.h in CopyFiles */,
-				700F0C252A2FBC5100755BA7 /* wc_kyber.h in CopyFiles */,
+				700F0C252A2FBC5100755BA7 /* wc_mlkem.h in CopyFiles */,
 				700F0C262A2FBC5100755BA7 /* wc_pkcs11.h in CopyFiles */,
 				700F0C272A2FBC5100755BA7 /* wolfevent.h in CopyFiles */,
 				700F0C282A2FBC5100755BA7 /* kdf.h in CopyFiles */,
@@ -985,7 +985,7 @@
 		700F0BE72A2FBC1500755BA7 /* ge_448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ge_448.h; path = ../../wolfssl/wolfcrypt/ge_448.h; sourceTree = "<group>"; };
 		700F0BE82A2FBC1500755BA7 /* sp_int.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sp_int.h; path = ../../wolfssl/wolfcrypt/sp_int.h; sourceTree = "<group>"; };
 		700F0BE92A2FBC1500755BA7 /* sp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sp.h; path = ../../wolfssl/wolfcrypt/sp.h; sourceTree = "<group>"; };
-		700F0BEA2A2FBC1500755BA7 /* kyber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = kyber.h; path = ../../wolfssl/wolfcrypt/kyber.h; sourceTree = "<group>"; };
+		700F0BEA2A2FBC1500755BA7 /* mlkem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mlkem.h; path = ../../wolfssl/wolfcrypt/mlkem.h; sourceTree = "<group>"; };
 		700F0BEB2A2FBC1500755BA7 /* fe_448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = fe_448.h; path = ../../wolfssl/wolfcrypt/fe_448.h; sourceTree = "<group>"; };
 		700F0BEC2A2FBC1500755BA7 /* pkcs12.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = pkcs12.h; path = ../../wolfssl/wolfcrypt/pkcs12.h; sourceTree = "<group>"; };
 		700F0BED2A2FBC1500755BA7 /* chacha20_poly1305.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = chacha20_poly1305.h; path = ../../wolfssl/wolfcrypt/chacha20_poly1305.h; sourceTree = "<group>"; };
@@ -1000,13 +1000,13 @@
 		700F0BF62A2FBC1600755BA7 /* fe_operations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = fe_operations.h; path = ../../wolfssl/wolfcrypt/fe_operations.h; sourceTree = "<group>"; };
 		700F0BF72A2FBC1600755BA7 /* eccsi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = eccsi.h; path = ../../wolfssl/wolfcrypt/eccsi.h; sourceTree = "<group>"; };
 		700F0BF82A2FBC1600755BA7 /* ed448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ed448.h; path = ../../wolfssl/wolfcrypt/ed448.h; sourceTree = "<group>"; };
-		700F0BF92A2FBC1600755BA7 /* ext_kyber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ext_kyber.h; path = ../../wolfssl/wolfcrypt/ext_kyber.h; sourceTree = "<group>"; };
+		700F0BF92A2FBC1600755BA7 /* ext_mlkem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ext_mlkem.h; path = ../../wolfssl/wolfcrypt/ext_mlkem.h; sourceTree = "<group>"; };
 		700F0BFA2A2FBC1600755BA7 /* sha3.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sha3.h; path = ../../wolfssl/wolfcrypt/sha3.h; sourceTree = "<group>"; };
 		700F0BFB2A2FBC1600755BA7 /* signature.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = signature.h; path = ../../wolfssl/wolfcrypt/signature.h; sourceTree = "<group>"; };
 		700F0BFC2A2FBC1600755BA7 /* cmac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cmac.h; path = ../../wolfssl/wolfcrypt/cmac.h; sourceTree = "<group>"; };
 		700F0BFD2A2FBC1600755BA7 /* pkcs11.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = pkcs11.h; path = ../../wolfssl/wolfcrypt/pkcs11.h; sourceTree = "<group>"; };
 		700F0BFE2A2FBC1600755BA7 /* siphash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = siphash.h; path = ../../wolfssl/wolfcrypt/siphash.h; sourceTree = "<group>"; };
-		700F0BFF2A2FBC1600755BA7 /* wc_kyber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_kyber.h; path = ../../wolfssl/wolfcrypt/wc_kyber.h; sourceTree = "<group>"; };
+		700F0BFF2A2FBC1600755BA7 /* wc_mlkem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_mlkem.h; path = ../../wolfssl/wolfcrypt/wc_mlkem.h; sourceTree = "<group>"; };
 		700F0C002A2FBC1600755BA7 /* fips.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = fips.h; path = ../../wolfssl/wolfcrypt/fips.h; sourceTree = "<group>"; };
 		700F0C012A2FBC1600755BA7 /* ge_operations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ge_operations.h; path = ../../wolfssl/wolfcrypt/ge_operations.h; sourceTree = "<group>"; };
 		700F0C022A2FBC1600755BA7 /* falcon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = falcon.h; path = ../../wolfssl/wolfcrypt/falcon.h; sourceTree = "<group>"; };
@@ -1157,7 +1157,7 @@
 				700F0BF72A2FBC1600755BA7 /* eccsi.h */,
 				700F0BF82A2FBC1600755BA7 /* ed448.h */,
 				700F0BF42A2FBC1600755BA7 /* ed25519.h */,
-				700F0BF92A2FBC1600755BA7 /* ext_kyber.h */,
+				700F0BF92A2FBC1600755BA7 /* ext_mlkem.h */,
 				700F0C022A2FBC1600755BA7 /* falcon.h */,
 				700F0BEB2A2FBC1500755BA7 /* fe_448.h */,
 				700F0BF62A2FBC1600755BA7 /* fe_operations.h */,
@@ -1165,7 +1165,7 @@
 				700F0BE72A2FBC1500755BA7 /* ge_448.h */,
 				700F0C012A2FBC1600755BA7 /* ge_operations.h */,
 				700F0BE12A2FBC1500755BA7 /* hpke.h */,
-				700F0BEA2A2FBC1500755BA7 /* kyber.h */,
+				700F0BEA2A2FBC1500755BA7 /* mlkem.h */,
 				700F0BFD2A2FBC1600755BA7 /* pkcs11.h */,
 				700F0BEC2A2FBC1500755BA7 /* pkcs12.h */,
 				700F0BE02A2FBC1500755BA7 /* rc2.h */,
@@ -1178,7 +1178,7 @@
 				700F0BE92A2FBC1500755BA7 /* sp.h */,
 				700F0BE22A2FBC1500755BA7 /* sphincs.h */,
 				700F0BF32A2FBC1600755BA7 /* srp.h */,
-				700F0BFF2A2FBC1600755BA7 /* wc_kyber.h */,
+				700F0BFF2A2FBC1600755BA7 /* wc_mlkem.h */,
 				700F0BF52A2FBC1600755BA7 /* wc_pkcs11.h */,
 				700F0BE62A2FBC1500755BA7 /* wolfevent.h */,
 				5216465E1A8993770062516A /* aes.h */,
diff --git a/IDE/XilinxSDK/user_settings.h b/IDE/XilinxSDK/user_settings.h
index 39bb710bc..d49d0eed8 100644
--- a/IDE/XilinxSDK/user_settings.h
+++ b/IDE/XilinxSDK/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/XilinxSDK/wolfssl_example.c b/IDE/XilinxSDK/wolfssl_example.c
index ee1184682..81cf1e82c 100644
--- a/IDE/XilinxSDK/wolfssl_example.c
+++ b/IDE/XilinxSDK/wolfssl_example.c
@@ -1,6 +1,6 @@
 /* wolfssl_example.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/build-wolfssl-framework.sh b/IDE/apple-universal/build-wolfssl-framework.sh
index 1a0966554..7529e95f9 100755
--- a/IDE/apple-universal/build-wolfssl-framework.sh
+++ b/IDE/apple-universal/build-wolfssl-framework.sh
@@ -2,7 +2,7 @@
 
 # build-wolfssl-framework.sh
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift
index 29ca2b409..6a08cd2a4 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift
@@ -1,6 +1,6 @@
 /* ContentView.swift
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c
index d97bf559f..72ca92d0b 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c
@@ -1,6 +1,6 @@
 /* simple_client_example.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,7 +40,7 @@ int simple_client_example(void)
     WOLFSSL_CTX* ctx;
     WOLFSSL* ssl;
     int sockfd, ret;
-    
+
     /* Resolve the server address */
     struct addrinfo hints, *server_addr;
     memset(&hints, 0, sizeof(hints));
@@ -84,7 +84,7 @@ int simple_client_example(void)
         close(sockfd);
         return 1;
     }
-    
+
     /* Load CA certificate into WOLFSSL_CTX
      * NOTE: CERT_PATH macro is set relative to Xcode $(PROJECT_DIR) environment
      * variable in the preprocessor macros section of the project build settings
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h
index 915f7cc2e..e1181b545 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h
@@ -1,6 +1,6 @@
 /* simple_client_example.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,9 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifndef simple_client_example_h
-#define simple_client_example_h
+#ifndef SIMPLE_CLIENT_EXAMPLE_H
+#define SIMPLE_CLIENT_EXAMPLE_H
 
 int simple_client_example(void);
 
-#endif /* simple_client_example_h */
+#endif /* SIMPLE_CLIENT_EXAMPLE_H */
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h
index e156376bb..29e97fd00 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h
@@ -1,6 +1,6 @@
 /* wolfssl-multiplatform-Bridging-Header.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift
index 6627afb34..8b5ecc378 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift
@@ -1,6 +1,6 @@
 /* wolfssl_multiplatformApp.swift
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c
index 20f605ff7..ec7c43272 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c
@@ -1,6 +1,6 @@
 /* wolfssl_test_driver.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,21 +42,21 @@ void wolfssl_test(void)
 {
     int ret;
     test_func_args args = {0};
-    
+
 #ifdef WC_RNG_SEED_CB
     wc_SetSeed_Cb(wc_GenerateSeed);
 #endif
-    
+
     printf("Run wolfCrypt Test:\n");
     ret = wolfcrypt_test(&args);
     printf("\nResult of wolfcrypt_test() = %d\n\n", ret);
-    
+
     printf("Run wolfCrypt Benchmark:\n");
     ret = benchmark_test(&args);
     printf("\nResult of benchmark_test() = %d\n\n", ret);
-    
+
     printf("Run simple client test:\n");
     ret = simple_client_example();
     printf("\nResult of simple_client_test() = %d\n\n", ret);
-    
+
 }
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h
index 768518554..b697cfdb6 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h
@@ -1,6 +1,6 @@
 /* wolfssl_test_driver.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,9 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifndef wolfssl_test_driver_h
-#define wolfssl_test_driver_h
+#ifndef WOLFSSL_TEST_DRIVER_H
+#define WOLFSSL_TEST_DRIVER_H
 
 void wolfssl_test(void);
 
-#endif /* wolfssl_test_driver_h */
+#endif /* WOLFSSL_TEST_DRIVER_H */
diff --git a/IDE/include.am b/IDE/include.am
index 65e07cc33..42647adb5 100644
--- a/IDE/include.am
+++ b/IDE/include.am
@@ -14,6 +14,7 @@ include IDE/ECLIPSE/RTTHREAD/include.am
 include IDE/ECLIPSE/SIFIVE/include.am
 include IDE/Espressif/include.am
 include IDE/GCC-ARM/include.am
+include IDE/Gaisler-BCC/include.am
 include IDE/HEXAGON/include.am
 include IDE/IAR-MSP430/include.am
 include IDE/Infineon/include.am
@@ -60,6 +61,7 @@ include IDE/WINCE/include.am
 include IDE/WORKBENCH/include.am
 include IDE/XCODE-FIPSv2/include.am
 include IDE/XCODE-FIPSv5/include.am
+include IDE/XCODE-FIPSv6/include.am
 include IDE/XCODE/include.am
 include IDE/XilinxSDK/include.am
 include IDE/zephyr/include.am
diff --git a/IDE/iotsafe-raspberrypi/README.md b/IDE/iotsafe-raspberrypi/README.md
index 286ac5537..c70b29677 100644
--- a/IDE/iotsafe-raspberrypi/README.md
+++ b/IDE/iotsafe-raspberrypi/README.md
@@ -139,4 +139,4 @@ Run the built `./main.bin` to print the help usage.
 An example to run the demo connecting to a server:
 ```
 ./main.bin -ip <ipaddress> -h <full-hostname> -p <port> -t 25 -d /dev/ttyUSB0|/dev/tty/ACM0
-```
\ No newline at end of file
+```
diff --git a/IDE/iotsafe-raspberrypi/client-tls13.c b/IDE/iotsafe-raspberrypi/client-tls13.c
index 0bcad0b77..d016439d4 100644
--- a/IDE/iotsafe-raspberrypi/client-tls13.c
+++ b/IDE/iotsafe-raspberrypi/client-tls13.c
@@ -1,6 +1,6 @@
 /* client-tls13.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe-raspberrypi/main.c b/IDE/iotsafe-raspberrypi/main.c
index aaa412930..2975c0ff8 100644
--- a/IDE/iotsafe-raspberrypi/main.c
+++ b/IDE/iotsafe-raspberrypi/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/README.md b/IDE/iotsafe/README.md
index e594d03e9..3f772a818 100644
--- a/IDE/iotsafe/README.md
+++ b/IDE/iotsafe/README.md
@@ -14,14 +14,14 @@ Note: The BG96 was tested using firmware `BG96MAR02A08M1G_01.012.01.012`. If hav
 
 ### Description
 
-This example firmware will run an example TLS 1.2 server using wolfSSL, and a 
+This example firmware will run an example TLS 1.2 server using wolfSSL, and a
 TLS 1.2 client, on the same host, using an IoT-safe applet supporting the
 [IoT.05-v1-IoT standard](https://www.gsma.com/iot/wp-content/uploads/2019/12/IoT.05-v1-IoT-Security-Applet-Interface-Description.pdf).
 
 The client and server routines alternate their execution in a single-threaded,
 cooperative loop.
 
-Client and server communicate to each other using memory buffers to establish a 
+Client and server communicate to each other using memory buffers to establish a
 TLS session without the use of TCP/IP sockets.
 
 ### IoT-Safe interface
@@ -59,7 +59,7 @@ wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CE
 
 The applet that has been tested with this demo has the current configuration:
 
-   Key slot | Name | Description 
+   Key slot | Name | Description
    -------|--------|------------------
    0x02 | `PRIVKEY_ID` | pre-provisioned with client ECC key
    0x03 | `ECDH_KEYPAIR_ID` | can store a keypair generated in the applet, used for shared key derivation
@@ -68,7 +68,7 @@ The applet that has been tested with this demo has the current configuration:
 
 
 The following file is used to read the client's certificate:
-   
+
   File Slot | Name | Description
   ----------|------|------------
   0x03 | `CRT_FILE_ID` | pre-provisioned with client certificate
@@ -81,7 +81,7 @@ software to upload the firmware `image.bin` to the target board.
 
 1) Using the STM32CubeProgrammer open the `image.elf` and program to flash.
 2) Using ST-Link virtual serial port connect at 115220
-3) Hit reset button. 
+3) Hit reset button.
 4) The output should look similar to below:
 
 ```
diff --git a/IDE/iotsafe/ca-cert.c b/IDE/iotsafe/ca-cert.c
index 7b99b25cc..b601d00f0 100644
--- a/IDE/iotsafe/ca-cert.c
+++ b/IDE/iotsafe/ca-cert.c
@@ -1,6 +1,6 @@
 /* ca-cert.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/devices.c b/IDE/iotsafe/devices.c
index 83c6b5887..e115675c2 100644
--- a/IDE/iotsafe/devices.c
+++ b/IDE/iotsafe/devices.c
@@ -1,6 +1,6 @@
 /* devices.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -62,10 +62,10 @@ static void usart1_init(void)
     GPIO_MODE(GPIOB_BASE) = reg | (0x02 << (USART1_PIN_TX * 2));
 
     reg = GPIO_PUPD(GPIOG_BASE) & (0x03 << (USART1_PIN_RX * 2));
-    
+
     reg = GPIO_PUPD(GPIOB_BASE) & (0x03 << (USART1_PIN_TX * 2));
     GPIO_PUPD(GPIOB_BASE) = reg | (0x01 << (USART1_PIN_TX * 2));
-    
+
 #if RTSCTS
     reg = GPIO_MODE(GPIOG_BASE) & ~(0x03 << (USART1_PIN_RTS * 2));
     GPIO_MODE(GPIOG_BASE) = reg | (0x02 << (USART1_PIN_RTS * 2));
@@ -376,7 +376,7 @@ static void stmod_pin_init(void)
     /* RST pin */
     reg = GPIO_MODE(STMOD_MODEM_RST_PORT) & ~(0x03 << (STMOD_MODEM_RST_PIN * 2));
     GPIO_MODE(STMOD_MODEM_RST_PORT) = reg | (0x01 << (STMOD_MODEM_RST_PIN * 2));
-    
+
     /* DTR pin */
     reg = GPIO_MODE(STMOD_MODEM_DTR_PORT) & ~(0x03 << (STMOD_MODEM_DTR_PIN * 2));
     GPIO_MODE(STMOD_MODEM_DTR_PORT) = reg | (0x01 << (STMOD_MODEM_DTR_PIN * 2));
diff --git a/IDE/iotsafe/devices.h b/IDE/iotsafe/devices.h
index 5752fb550..c1203165b 100644
--- a/IDE/iotsafe/devices.h
+++ b/IDE/iotsafe/devices.h
@@ -1,6 +1,6 @@
 /* devices.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/main.c b/IDE/iotsafe/main.c
index df065551c..af8324d30 100644
--- a/IDE/iotsafe/main.c
+++ b/IDE/iotsafe/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/memory-tls.c b/IDE/iotsafe/memory-tls.c
index 3d4bf088f..3a802ee59 100644
--- a/IDE/iotsafe/memory-tls.c
+++ b/IDE/iotsafe/memory-tls.c
@@ -1,6 +1,6 @@
 /* memory-tls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/startup.c b/IDE/iotsafe/startup.c
index 2b0123a30..9a204cefd 100644
--- a/IDE/iotsafe/startup.c
+++ b/IDE/iotsafe/startup.c
@@ -1,6 +1,6 @@
 /* startup.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -99,7 +99,7 @@ void isr_usagefault(void)
     /* Panic. */
     while(1) ;;
 }
-        
+
 
 void isr_empty(void)
 {
@@ -131,7 +131,7 @@ void (* const IV[])(void) =
 	0,                           // reserved
 	isr_empty,                   // PendSV
 	isr_systick,                 // SysTick
-    
+
     isr_empty,              // NVIC_WWDG_IRQ 0
     isr_empty,              // PVD_IRQ 1
     isr_empty,              // TAMP_STAMP_IRQ 2
diff --git a/IDE/iotsafe/target.ld b/IDE/iotsafe/target.ld
index 0afe8a75a..40d35dfca 100644
--- a/IDE/iotsafe/target.ld
+++ b/IDE/iotsafe/target.ld
@@ -1,6 +1,6 @@
 /* target.ld
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/IDE/iotsafe/user_settings.h b/IDE/iotsafe/user_settings.h
index 368a76ed4..6bf474415 100644
--- a/IDE/iotsafe/user_settings.h
+++ b/IDE/iotsafe/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -150,8 +150,10 @@ static inline long XTIME(long *x) { return jiffies;}
 #define WOLFSSL_AES_DIRECT
 
 /* Hashing */
-#define HAVE_SHA384
-#define HAVE_SHA512
+#define WOLFSSL_SHA384
+#define HAVE_SHA384 /* old freeRTOS settings.h requires this */
+#define WOLFSSL_SHA512
+#define HAVE_SHA512 /* old freeRTOS settings.h requires this */
 #define HAVE_HKDF
 
 /* TLS */
diff --git a/IDE/mynewt/apps.wolfcrypttest.pkg.yml b/IDE/mynewt/apps.wolfcrypttest.pkg.yml
index f3392e93d..7fd3552ac 100644
--- a/IDE/mynewt/apps.wolfcrypttest.pkg.yml
+++ b/IDE/mynewt/apps.wolfcrypttest.pkg.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/mynewt/crypto.wolfssl.pkg.yml b/IDE/mynewt/crypto.wolfssl.pkg.yml
index aa1b924be..2b93cb940 100644
--- a/IDE/mynewt/crypto.wolfssl.pkg.yml
+++ b/IDE/mynewt/crypto.wolfssl.pkg.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/IDE/mynewt/setup.sh b/IDE/mynewt/setup.sh
index f7b32e81d..cb3aed091 100755
--- a/IDE/mynewt/setup.sh
+++ b/IDE/mynewt/setup.sh
@@ -36,7 +36,7 @@ newt pkg new crypto/wolfssl
 echo "create apps/wolfcrypttest pkg"
 /bin/rm -rf apps/wolfcrypttest
 newt pkg new -t app apps/wolfcrypttest
-/bin/rm -rf apps/wolfcrypttest/include 
+/bin/rm -rf apps/wolfcrypttest/include
 /bin/rm -rf apps/wolfcrypttest/src
 /bin/mkdir -p apps/wolfcrypttest/src
 
diff --git a/IDE/zephyr/include.am b/IDE/zephyr/include.am
index 54648d465..e35ff53e7 100644
--- a/IDE/zephyr/include.am
+++ b/IDE/zephyr/include.am
@@ -2,4 +2,4 @@
 # included from Top Level Makefile.am
 # All paths should be given relative to the root
 
-EXTRA_DIST+= IDE/zephyr/README.md
\ No newline at end of file
+EXTRA_DIST+= IDE/zephyr/README.md
diff --git a/INSTALL b/INSTALL
index 6ac633004..4176fb063 100644
--- a/INSTALL
+++ b/INSTALL
@@ -193,35 +193,14 @@
        Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat
     3) Follow steps in "Unix-based Platforms" above.
 
-15. Building with liboqs for TLS 1.3 [EXPERIMENTAL]
-    In order be able to use liboqs, you must have it built and installed on your
-    system. We support liboqs at a specific git commit.
-
-    NOTE: Even if you have already installed liboqs, you need to follow these
-          steps to install liboqs again as we support sphincs variants that are
-          disabled by default in OQS's fork of OpenSSL.
-
-    Here are instructions for obtaining and building liboqs:
-
-    $ mkdir ~/oqs
-    $ cd ~/oqs
-    $ git clone --single-branch https://github.com/open-quantum-safe/liboqs.git
-    $ cd liboqs/
-    $ git checkout 0.8.0
-    $ mkdir build
-    $ cd build
-    $ cmake -DOQS_USE_OPENSSL=0 ..
-    $ make all
-    $ sudo make install
-
-    And then for building wolfssl, the following is sufficient:
+15. Building Post-Quantum Support for TLS 1.3
 
     $ cd wolfssl
-    $ ./autogen.sh (Might not be necessary)
-    $ ./configure --with-liboqs
+    $ ./autogen.sh (Only necessary if downloaded from github)
+    $ ./configure --enable-kyber --enable-dilithium
     $ make all
 
-    Execute the following to see the liboqs-related options for KEM groups near
+    Execute the following to see the options for KEM groups near
     the end of the output of these commands:
 
     $ ./examples/server/server -?
@@ -229,52 +208,53 @@
 
     For a quick start, you can run the client and server like this:
 
-    $ ./examples/server/server -v 4 --pqc P521_KYBER_LEVEL5
-    $ ./examples/client/client -v 4 --pqc P521_KYBER_LEVEL5
+    $ ./examples/server/server -v 4 --pqc P521_ML_KEM_1024
+    $ ./examples/client/client -v 4 --pqc P521_ML_KEM_1024
 
     Look for the following line in the output of the server and client:
 
     ```
-    Using Post-Quantum KEM: P521_KYBER_LEVEL5
+    Using Post-Quantum KEM: P521_ML_KEM_1024
     ```
 
-    For authentication, you can generate a certificate chain using a patch on
-    top of the Open Quantum Safe project's fork of OpenSSL. We support
-    certificates and keys generated by the patched version which is maintained
-    in our OSP repo.
-
-    Instructions for obtaining and building our patched version of OQS's fork of
-    OpenSSL can be found at:
+    For authentication, you can generate a certificate chain using the Open
+    Quantum Safe project's OQS Provider with your system's OpenSSL application.
+    Instructions are maintained in our OSP repo here:
 
     https://github.com/wolfSSL/osp/tree/master/oqs/README.md
 
-    There are scripts for generating FALCON, Dilithium and SPHINCS+ certificate
-    chains which can be found in the same directory as the `README.md` file in
-    the `osp` github repo. Please find instructions on how to generate the keys
-    and certificates in the `README.md` file.
+    For your convenience, there are also pre-generated ML-DSA certificates and
+    keys.
 
-    Once the certificates and keys are generated, copy them from the
-    to the certs directory of wolfssl. Now you can run the server and client
-    like this:
+    Please find instructions on how to generate the keys and certificates
+    in the `README.md` file.
+
+    Copy the certificates and keys into the certs directory of wolfssl. Now you
+    can run the server and client like this:
 
     $ examples/server/server -v 4 -l TLS_AES_256_GCM_SHA384 \
-      -A certs/falcon_level5_root_cert.pem \
-      -c certs/falcon_level1_entity_cert.pem \
-      -k certs/falcon_level1_entity_key.pem \
-      --pqc P521_KYBER_LEVEL5
+      -A certs/mldsa87_root_cert.pem \
+      -c certs/mldsa44_entity_cert.pem \
+      -k certs/mldsa44_entity_key.pem \
+      --pqc P521_ML_KEM_1024
 
     $ examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \
-      -A certs/falcon_level1_root_cert.pem \
-      -c certs/falcon_level5_entity_cert.pem \
-      -k certs/falcon_level5_entity_key.pem \
-      --pqc P521_KYBER_LEVEL5
+      -A certs/mldsa44_root_cert.pem \
+      -c certs/mldsa87_entity_cert.pem \
+      -k certs/mldsa87_entity_key.pem \
+      --pqc P521_ML_KEM_1024
 
     Congratulations! You have just achieved a fully quantum-safe TLS 1.3
     connection!
 
     The following NIST Competition winning algorithms are supported:
-    - CRYSTALS-KYBER (KEM)
-    - Dilithium (signature scheme)
+    - ML-KEM (CRYSTALS-KYBER) (key encapsulation mechanism)
+    - ML-DSA (CRYSTALS-Dilithium) (signature scheme)
+
+    The following NIST Competition winning algorithms were supported by our
+    liboqs integration. Support for their standardized specifications will
+    return when we write our own implementations.
+
     - FALCON (signature scheme)
     - SPHINCS+ (signature scheme)
 
@@ -287,11 +267,12 @@
 
     https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions
 
-    NOTE: The quantum-safe algorithms provided by liboqs are unstandardized and
-          experimental. It is highly advised that they NOT be used in production
-          environments. All OIDs and codepoints are temporary and expected to
-          change in the future. You should have no expectation of backwards
-          compatibility.
+    NOTE: The quantum-safe algorithms that we have implemented are standardized
+          by NIST and our implementations follow these standards. At the
+          protocol layer, OIDs and codepoints have been proposed in various
+          standards organizations but are not yet ratified. OIDs and codepoints
+          are temporary and expected to change in the future. You should have no
+          expectation of backwards compatibility at the protocol layer.
 
 16. Building with vcpkg
 
diff --git a/Makefile.am b/Makefile.am
index 1d4f26c6b..ba768ec35 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -141,6 +141,7 @@ ACLOCAL_AMFLAGS= -I m4
 EXTRA_DIST+= .cyignore
 EXTRA_DIST+= wolfssl.vcproj
 EXTRA_DIST+= wolfssl.vcxproj
+EXTRA_DIST+= wolfssl-VS2022.vcxproj
 EXTRA_DIST+= wolfssl64.sln
 EXTRA_DIST+= valgrind-error.sh
 EXTRA_DIST+= valgrind-bash.supp
@@ -212,7 +213,8 @@ if BUILD_LINUXKM
         EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \
 	AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \
         AM_CCASFLAGS CCASFLAGS \
-        src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_LINUXKM_PIE ENABLED_ASM \
+        src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_LINUXKM_LKCAPI_REGISTER \
+        ENABLED_LINUXKM_PIE ENABLED_ASM \
         CFLAGS_FPU_DISABLE CFLAGS_FPU_ENABLE CFLAGS_SIMD_DISABLE CFLAGS_SIMD_ENABLE \
         CFLAGS_AUTO_VECTORIZE_DISABLE CFLAGS_AUTO_VECTORIZE_ENABLE \
         ASFLAGS_FPU_DISABLE_SIMD_ENABLE ASFLAGS_FPU_ENABLE_SIMD_DISABLE \
diff --git a/README b/README
index 261eb200d..47579ee3d 100644
--- a/README
+++ b/README
@@ -70,113 +70,130 @@ should be used for the enum name.
 
 *** end Notes ***
 
-# wolfSSL Release 5.7.2 (July 08, 2024)
+# wolfSSL Release 5.7.6 (Dec 31, 2024)
 
-Release 5.7.2 has been developed according to wolfSSL's development and QA
+Release 5.7.6 has been developed according to wolfSSL's development and QA
 process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
-NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
+NOTE:
+ * --enable-heapmath is deprecated.
+ * In this release, the default cipher suite preference is updated to prioritize
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
+ * This release adds a sanity check for including wolfssl/options.h or
+ user_settings.h.
+
+
+PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+ number where the code change was added.
+
 
 ## Vulnerabilities
-* [Medium] CVE-2024-1544
-Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24.
-Fixed https://github.com/wolfSSL/wolfssl/pull/7020
-
-
-* [Medium] CVE-2024-5288
-A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute)
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416
-
-
-* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597
-
-* [Low] CVE-2024-5991
-In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604
-
-* [Medium] CVE-2024-5814
-A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619
-
-* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
-
-* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
+* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
+ when performing OCSP requests for intermediate certificates in a certificate
+ chain. This affects only TLS 1.3 connections on the server side. It would not
+ impact other TLS protocol versions or connections that are not using the
+ traditional OCSP implementation. (Fix in pull request 8115)
 
 
 ## New Feature Additions
-* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622)
-* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569)
-* Added CUDA support for AES encryption (PR 7436)
-* Added support for gRPC (PR 7445)
-* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608)
-* Added crypto callback for SHA-3 (PR 7670)
-* Support for Infineon Modus Toolbox with wolfSSL (PR 7369)
-* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590)
-* C# wrapper SNI support added (PR 7610)
-* Quantum-safe algorithm support added to the Linux kernel module (PR 7574)
-* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589)
-* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424)
-* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542)
+* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
+ (PR 8153)
+* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
+ for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
+* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
+* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
+* Curve25519 generic keyparsing API added with  wc_Curve25519KeyToDer and
+ wc_Curve25519KeyDecode (PR 8129)
+* CRL improvements and update callback, added the functions
+ wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
+* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
 
 
 ## Enhancements and Optimizations
-* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578)
-* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393)
-* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379)
-* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667)
-* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612)
-* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594)
-* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380)
-* Improvements for Renesas RZ support (PR 7474)
-* Improvements to dual algorithm certificates for post-quantum keys (PR 7286)
-* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430)
-* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446)
-* Changed subject name comparison to match different upper and lower cases (PR 7420)
-* Support for DTLS 1.3 downgrade when using PSK (PR 7367)
-* Update to static memory build for more generic memory pools used (PR 7418)
-* Improved performance of Kyber C implementation (PR 7654)
-* Support for ECC_CACHE_CURVE with no malloc (PR 7490)
-* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634)
-* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362)
-* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319)
-* Cortex-M inline assembly labels with unique number appended (PR 7649)
-* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372)
-* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386)
-* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315)
-* Added stubs required for latest nginx (1.25.5) (PR 7449)
-* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552)
-* Added PQ files for Windows (PR 7419)
-* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597)
-* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557)
-* Exposed DTLS in Ada wrapper and updated examples (PR 7397)
-* Added additional minimum TLS extension size sanity checks (PR 7602)
-* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535)
-* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599)
-* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295)
-* XCODE support for v5.2.3 of the FIPS module (PR 7140)
-* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191)
+* Add a CMake dependency check for pthreads when required. (PR 8162)
+* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
+ not affected). (PR 8170)
+* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
+* Change the default cipher suite preference, prioritizing
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
+* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
+ (PR 8215)
+* Make library build when no hardware crypto available for Aarch64 (PR 8293)
+* Update assembly code to avoid `uint*_t` types for better compatibility with
+ older C standards. (PR 8133)
+* Add initial documentation for writing ASN template code to decode BER/DER.
+ (PR 8120)
+* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
+* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
+ MacOS builds (PR 8282)
+* Make Kyber and ML-KEM available individually and together. (PR 8143)
+* Update configuration options to include Kyber/ML-KEM and fix defines used in
+ wolfSSL_get_curve_name. (PR 8183)
+* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
+* Improved test coverage and minor improvements of X509 (PR 8176)
+* Add sanity checks for configuration methods, ensuring the inclusion of
+ wolfssl/options.h or user_settings.h. (PR 8262)
+* Enable support for building without TLS (NO_TLS). Provides reduced code size
+ option for non-TLS users who want features like the certificate manager or
+ compatibility layer. (PR 8273)
+* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
+* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
+* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
+* Add support for the RFC822 Mailbox attribute (PR 8280)
+* Initialize variables and adjust types resolve warnings with Visual Studio in
+ Windows builds. (PR 8181)
+* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
+* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
+ (PR 8261, 8255, 8245)
+* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
+* Update Arduino files for wolfssl 5.7.4 (PR 8219)
+* Improve Espressif SHA HW/SW mutex messages (PR 8225)
+* Apply post-5.7.4 release updates for Espressif Managed Component examples
+ (PR 8251)
+* Expansion of c89 conformance (PR 8164)
+* Added configure option for additional sanity checks with --enable-faultharden
+ (PR 8289)
+* Aarch64 ASM additions to check CPU features before hardware crypto instruction
+ use (PR 8314)
+
 
 ## Fixes
-* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report
-* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389)
-* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431)
-* Fixed use of %rip with SHA-256 x64 assembly (PR 7409)
-* Fixed OCSP response message build for DTLS (PR 7671)
-* Handled edge case in wc_ecc_mulmod() with zero (PR 7532)
-* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375)
-* Added sanity check on record header with QUIC use (PR 7638)
-* Added sanity check for empty directory strings in X.509 when parsing (PR 7669)
-* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625)
-* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693)
-* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577)
-* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388)
-* Added sanity check that the ed25519 signature is smaller than the order (PR 7513)
-* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581)
-
+* Fix a memory issue when using the compatibility layer with
+ WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
+* Fix a build issue with signature fault hardening when using public key
+ callbacks (HAVE_PK_CALLBACKS). (PR 8287)
+* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
+ objects and free’ing one of them (PR 8180)
+* Fix potential memory leak in error case with Aria. (PR 8268)
+* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
+* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
+* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
+* Fix incorrect version setting in CSRs. (PR 8136)
+* Correct debugging output for cryptodev. (PR 8202)
+* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
+ of AAD (PR 8210)
+* Add missing checks for the initialization of sp_int/mp_int with DSA to free
+ memory properly in error cases. (PR 8209)
+* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
+* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
+* Prevent adding a certificate to the CA cache for Renesas builds if it does not
+ set CA:TRUE in basic constraints. (PR 8060)
+* Fix attribute certificate holder entityName parsing. (PR 8166)
+* Resolve build issues for configurations without any wolfSSL/openssl
+ compatibility layer headers. (PR 8182)
+* Fix for building SP RSA small and RSA public only (PR 8235)
+* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
+* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
+ for building all `*.c` files (PR 8257 and PR 8140)
+* Fix x86 target build issues in Visual Studio for non-Windows operating
+ systems. (PR 8098)
+* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
+* Properly handle reference counting when adding to the X509 store. (PR 8233)
+* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
+ example. Thanks to Hongbo for the report on example issues. (PR 7537)
+* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
+ Thanks to Peter for the issue reported. (PR 8139)
 
 
 For additional vulnerability information visit the vulnerability page at:
diff --git a/README.md b/README.md
index 8ab5a2806..ee821145d 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # wolfSSL Embedded SSL/TLS Library
 
-The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/) 
+The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/)
 (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and
 targeted for embedded, RTOS, and resource-constrained environments - primarily
 because of its small size, speed, and feature set.  It is commonly used in
@@ -14,7 +14,7 @@ OpenSSL.
 
 wolfSSL is powered by the wolfCrypt cryptography library. Two versions of
 wolfCrypt have been FIPS 140-2 validated (Certificate #2425 and
-certificate #3389). FIPS 140-3 validation is in progress. For additional
+certificate #3389). FIPS 140-3 validated (Certificate #4718). For additional
 information, visit the [wolfCrypt FIPS FAQ](https://www.wolfssl.com/license/fips/)
 or contact fips@wolfssl.com.
 
@@ -75,112 +75,131 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a
 `WC_SHA512` should be used for the enum name.
 
 
-# wolfSSL Release 5.7.2 (July 08, 2024)
+# wolfSSL Release 5.7.6 (Dec 31, 2024)
 
-Release 5.7.2 has been developed according to wolfSSL's development and QA
+Release 5.7.6 has been developed according to wolfSSL's development and QA
 process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
-NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
+NOTE:
+ * --enable-heapmath is deprecated.
+ * In this release, the default cipher suite preference is updated to prioritize
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
+ * This release adds a sanity check for including wolfssl/options.h or
+ user_settings.h.
+
+
+PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+ number where the code change was added.
+
 
 ## Vulnerabilities
-* [Medium] CVE-2024-1544
-Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24.
-Fixed https://github.com/wolfSSL/wolfssl/pull/7020
-
-
-* [Medium] CVE-2024-5288
-A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute)
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416
-
-
-* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597
-
-* [Low] CVE-2024-5991
-In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604
-
-* [Medium] CVE-2024-5814
-A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619
-
-* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
-
-* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing.
-Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
+* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
+ when performing OCSP requests for intermediate certificates in a certificate
+ chain. This affects only TLS 1.3 connections on the server side. It would not
+ impact other TLS protocol versions or connections that are not using the
+ traditional OCSP implementation. (Fix in pull request 8115)
 
 
 ## New Feature Additions
-* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622)
-* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569)
-* Added CUDA support for AES encryption (PR 7436)
-* Added support for gRPC (PR 7445)
-* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608)
-* Added crypto callback for SHA-3 (PR 7670)
-* Support for Infineon Modus Toolbox with wolfSSL (PR 7369)
-* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590)
-* C# wrapper SNI support added (PR 7610)
-* Quantum-safe algorithm support added to the Linux kernel module (PR 7574)
-* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589)
-* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424)
-* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542)
+* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
+ (PR 8153)
+* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
+ for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
+* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
+* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
+* Curve25519 generic keyparsing API added with  wc_Curve25519KeyToDer and
+ wc_Curve25519KeyDecode (PR 8129)
+* CRL improvements and update callback, added the functions
+ wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
+* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
 
 
 ## Enhancements and Optimizations
-* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578)
-* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393)
-* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379)
-* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667)
-* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612)
-* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594)
-* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380)
-* Improvements for Renesas RZ support (PR 7474)
-* Improvements to dual algorithm certificates for post-quantum keys (PR 7286)
-* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430)
-* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446)
-* Changed subject name comparison to match different upper and lower cases (PR 7420)
-* Support for DTLS 1.3 downgrade when using PSK (PR 7367)
-* Update to static memory build for more generic memory pools used (PR 7418)
-* Improved performance of Kyber C implementation (PR 7654)
-* Support for ECC_CACHE_CURVE with no malloc (PR 7490)
-* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634)
-* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362)
-* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319)
-* Cortex-M inline assembly labels with unique number appended (PR 7649)
-* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372)
-* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386)
-* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315)
-* Added stubs required for latest nginx (1.25.5) (PR 7449)
-* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552)
-* Added PQ files for Windows (PR 7419)
-* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597)
-* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557)
-* Exposed DTLS in Ada wrapper and updated examples (PR 7397)
-* Added additional minimum TLS extension size sanity checks (PR 7602)
-* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535)
-* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599)
-* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295)
-* XCODE support for v5.2.3 of the FIPS module (PR 7140)
-* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191)
+* Add a CMake dependency check for pthreads when required. (PR 8162)
+* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
+ not affected). (PR 8170)
+* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
+* Change the default cipher suite preference, prioritizing
+ TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
+* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
+ (PR 8215)
+* Make library build when no hardware crypto available for Aarch64 (PR 8293)
+* Update assembly code to avoid `uint*_t` types for better compatibility with
+ older C standards. (PR 8133)
+* Add initial documentation for writing ASN template code to decode BER/DER.
+ (PR 8120)
+* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
+* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
+ MacOS builds (PR 8282)
+* Make Kyber and ML-KEM available individually and together. (PR 8143)
+* Update configuration options to include Kyber/ML-KEM and fix defines used in
+ wolfSSL_get_curve_name. (PR 8183)
+* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
+* Improved test coverage and minor improvements of X509 (PR 8176)
+* Add sanity checks for configuration methods, ensuring the inclusion of
+ wolfssl/options.h or user_settings.h. (PR 8262)
+* Enable support for building without TLS (NO_TLS). Provides reduced code size
+ option for non-TLS users who want features like the certificate manager or
+ compatibility layer. (PR 8273)
+* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
+* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
+* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
+* Add support for the RFC822 Mailbox attribute (PR 8280)
+* Initialize variables and adjust types resolve warnings with Visual Studio in
+ Windows builds. (PR 8181)
+* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
+* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
+ (PR 8261, 8255, 8245)
+* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
+* Update Arduino files for wolfssl 5.7.4 (PR 8219)
+* Improve Espressif SHA HW/SW mutex messages (PR 8225)
+* Apply post-5.7.4 release updates for Espressif Managed Component examples
+ (PR 8251)
+* Expansion of c89 conformance (PR 8164)
+* Added configure option for additional sanity checks with --enable-faultharden
+ (PR 8289)
+* Aarch64 ASM additions to check CPU features before hardware crypto instruction
+ use (PR 8314)
+
 
 ## Fixes
-* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report
-* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389)
-* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431)
-* Fixed use of %rip with SHA-256 x64 assembly (PR 7409)
-* Fixed OCSP response message build for DTLS (PR 7671)
-* Handled edge case in wc_ecc_mulmod() with zero (PR 7532)
-* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375)
-* Added sanity check on record header with QUIC use (PR 7638)
-* Added sanity check for empty directory strings in X.509 when parsing (PR 7669)
-* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625)
-* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693)
-* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577)
-* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388)
-* Added sanity check that the ed25519 signature is smaller than the order (PR 7513)
-* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581)
+* Fix a memory issue when using the compatibility layer with
+ WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
+* Fix a build issue with signature fault hardening when using public key
+ callbacks (HAVE_PK_CALLBACKS). (PR 8287)
+* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
+ objects and free’ing one of them (PR 8180)
+* Fix potential memory leak in error case with Aria. (PR 8268)
+* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
+* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
+* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
+* Fix incorrect version setting in CSRs. (PR 8136)
+* Correct debugging output for cryptodev. (PR 8202)
+* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
+ of AAD (PR 8210)
+* Add missing checks for the initialization of sp_int/mp_int with DSA to free
+ memory properly in error cases. (PR 8209)
+* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
+* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
+* Prevent adding a certificate to the CA cache for Renesas builds if it does not
+ set CA:TRUE in basic constraints. (PR 8060)
+* Fix attribute certificate holder entityName parsing. (PR 8166)
+* Resolve build issues for configurations without any wolfSSL/openssl
+ compatibility layer headers. (PR 8182)
+* Fix for building SP RSA small and RSA public only (PR 8235)
+* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
+* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
+ for building all `*.c` files (PR 8257 and PR 8140)
+* Fix x86 target build issues in Visual Studio for non-Windows operating
+ systems. (PR 8098)
+* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
+* Properly handle reference counting when adding to the X509 store. (PR 8233)
+* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
+ example. Thanks to Hongbo for the report on example issues. (PR 7537)
+* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
+ Thanks to Peter for the issue reported. (PR 8139)
+
 
 For additional vulnerability information visit the vulnerability page at:
 https://www.wolfssl.com/docs/security-vulnerabilities/
diff --git a/RTOS/nuttx/wolfssl/Make.defs b/RTOS/nuttx/wolfssl/Make.defs
index 95e85e06b..68583d48e 100644
--- a/RTOS/nuttx/wolfssl/Make.defs
+++ b/RTOS/nuttx/wolfssl/Make.defs
@@ -1,7 +1,7 @@
 ############################################################################
 # apps/crypto/wolfssl/Make.defs
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/RTOS/nuttx/wolfssl/Makefile b/RTOS/nuttx/wolfssl/Makefile
index b9dd8c779..4b2417103 100644
--- a/RTOS/nuttx/wolfssl/Makefile
+++ b/RTOS/nuttx/wolfssl/Makefile
@@ -1,7 +1,7 @@
 ############################################################################
 # apps/crypto/wolfssl/Makefile
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST
index 03f5cf6a8..f99b7ce1a 100644
--- a/SCRIPTS-LIST
+++ b/SCRIPTS-LIST
@@ -35,6 +35,7 @@ scripts/
  google.test   - example client test against google, part of tests
  resume.test   - example sessoin resume test, part of tests
  ocsp-stapling.test - example client test against globalsign, part of tests
+ ocsp-stapling1_tls13multi.text - example client test against example server, part of tests
  ocsp-stapling2.test - example client test against example server, part of tests
  sniffer-testsuite.test - runs snifftest on a pcap of testsuite, part of tests
                           in sniffer mode
diff --git a/certs/1024/ca-cert.der b/certs/1024/ca-cert.der
index 3324aee92..7420d827b 100644
Binary files a/certs/1024/ca-cert.der and b/certs/1024/ca-cert.der differ
diff --git a/certs/1024/ca-cert.pem b/certs/1024/ca-cert.pem
index 2bc54e6f0..5797eb1ad 100644
--- a/certs/1024/ca-cert.pem
+++ b/certs/1024/ca-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            5c:44:2b:bf:d3:a8:2a:d8:fd:54:c9:cd:aa:7f:f7:d4:59:07:aa:dd
+            59:52:6b:92:1a:25:8f:1b:ee:4c:51:9c:47:2f:ff:ff:9d:43:29:47
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                Public-Key: (1024 bit)
                 Modulus:
                     00:cd:ac:dd:47:ec:be:b7:24:c3:63:1b:54:98:79:
                     e1:c7:31:16:59:d6:9d:77:9d:8d:e2:8b:ed:04:17:
@@ -29,8 +29,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:5C:44:2B:BF:D3:A8:2A:D8:FD:54:C9:CD:AA:7F:F7:D4:59:07:AA:DD
-
+                serial:59:52:6B:92:1A:25:8F:1B:EE:4C:51:9C:47:2F:FF:FF:9D:43:29:47
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -38,20 +37,21 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         70:7d:83:94:d0:ee:e1:19:8b:17:ca:79:87:12:5b:7f:70:a3:
-         51:20:4f:21:99:71:69:21:28:55:61:70:85:54:21:a9:70:a2:
-         a9:12:db:44:11:44:e7:41:00:70:80:b5:37:0c:7e:78:8f:88:
-         64:bc:e5:c0:44:a7:a5:3d:db:62:c4:d6:cd:aa:4b:ac:fb:01:
-         46:bb:ec:cb:6f:01:67:b4:65:f3:5e:53:39:64:99:9b:68:80:
-         14:91:a4:a4:eb:04:f3:76:9a:7d:b4:38:05:9c:a5:e0:bc:7e:
-         d9:d2:d3:d4:e8:c3:9f:38:4b:6c:29:94:be:35:bd:30:1f:b5:
-         b7:3d
+    Signature Value:
+        09:c6:da:fe:2a:45:83:9e:8b:66:cf:63:1f:11:cb:d9:b4:eb:
+        b0:97:3d:33:d4:b9:27:56:46:14:3c:fe:2b:b2:36:6e:38:7f:
+        08:f5:37:3c:f2:a2:6a:8a:c7:a0:be:0f:ac:dd:f4:f0:97:b3:
+        03:a6:70:48:44:fc:ef:ef:7a:c6:1a:8d:3f:19:f6:71:92:7e:
+        3a:00:95:f2:b6:57:40:77:c2:80:4e:61:f2:71:56:22:a0:1e:
+        a9:dd:5c:54:80:ad:e4:27:f2:17:20:9b:5b:89:30:6e:6a:31:
+        2a:4e:43:52:f8:8a:51:b7:ed:3a:aa:78:41:90:95:e8:40:2e:
+        66:fc
 -----BEGIN CERTIFICATE-----
-MIIECTCCA3KgAwIBAgIUXEQrv9OoKtj9VMnNqn/31FkHqt0wDQYJKoZIhvcNAQEL
+MIIECTCCA3KgAwIBAgIUWVJrkholjxvuTFGcRy///51DKUcwDQYJKoZIhvcNAQEL
 BQAwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x
 MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
-Zm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCB
+Zm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMjcwOTE0MjEyNTI5WjCB
 mTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQx
 GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
@@ -63,10 +63,10 @@ Io8oLOAF7tPtw3E9ybI2Oh2/qDCB2QYDVR0jBIHRMIHOgBTTIo8oLOAF7tPtw3E9
 ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmEx
 EDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9D
 b25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUXEQrv9OoKtj9VMnNqn/31FkHqt0w
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUWVJrkholjxvuTFGcRy///51DKUcw
 DAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAcH2D
-lNDu4RmLF8p5hxJbf3CjUSBPIZlxaSEoVWFwhVQhqXCiqRLbRBFE50EAcIC1Nwx+
-eI+IZLzlwESnpT3bYsTWzapLrPsBRrvsy28BZ7Rl815TOWSZm2iAFJGkpOsE83aa
-fbQ4BZyl4Lx+2dLT1OjDnzhLbCmUvjW9MB+1tz0=
+HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEACcba
+/ipFg56LZs9jHxHL2bTrsJc9M9S5J1ZGFDz+K7I2bjh/CPU3PPKiaorHoL4PrN30
+8JezA6ZwSET87+96xhqNPxn2cZJ+OgCV8rZXQHfCgE5h8nFWIqAeqd1cVICt5Cfy
+FyCbW4kwbmoxKk5DUviKUbftOqp4QZCV6EAuZvw=
 -----END CERTIFICATE-----
diff --git a/certs/1024/client-cert.der b/certs/1024/client-cert.der
index 898d298e3..2ad3e77d9 100644
Binary files a/certs/1024/client-cert.der and b/certs/1024/client-cert.der differ
diff --git a/certs/1024/client-cert.pem b/certs/1024/client-cert.pem
index b78c3834b..2e9d88b0f 100644
--- a/certs/1024/client-cert.pem
+++ b/certs/1024/client-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            59:f2:ea:44:08:b5:12:30:a0:96:93:d1:d1:7f:e1:ec:49:75:9b:a2
+            09:1d:03:41:8b:92:bd:2a:2a:1c:77:e0:13:a8:3d:f0:33:da:7f:72
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_1024, OU = Programming-1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_1024, OU = Programming-1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                Public-Key: (1024 bit)
                 Modulus:
                     00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:
                     99:21:f9:c8:ec:b3:6d:48:e5:35:35:75:77:37:ec:
@@ -29,8 +29,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:59:F2:EA:44:08:B5:12:30:A0:96:93:D1:D1:7F:E1:EC:49:75:9B:A2
-
+                serial:09:1D:03:41:8B:92:BD:2A:2A:1C:77:E0:13:A8:3D:F0:33:DA:7F:72
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -38,21 +37,22 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         45:63:6f:f9:ed:f4:12:3c:3c:c5:2c:51:08:94:61:7e:08:e8:
-         32:46:2b:22:02:d0:e8:2b:a4:23:15:48:47:87:5d:72:ab:38:
-         d5:34:b9:fc:f4:86:93:49:95:d8:81:32:1c:21:e3:ef:b8:40:
-         c5:87:02:e8:28:aa:54:93:2d:8a:e9:1e:dd:5d:11:f8:bf:ca:
-         4e:33:20:56:4e:6f:53:bb:79:b0:da:65:a1:4b:9f:c8:55:fa:
-         53:26:84:c6:1e:0a:5e:7a:6e:f2:2d:2a:81:a5:d0:2b:ec:d5:
-         8e:b9:f0:c7:57:d7:d6:14:1a:3b:dc:09:41:b4:9d:0d:72:20:
-         44:79
+    Signature Value:
+        9a:1c:8f:c4:bd:54:da:63:a7:f8:ba:39:b6:64:60:9d:ba:a5:
+        fc:43:f5:57:28:31:43:09:4c:03:4c:b8:c3:49:2b:4e:bf:f2:
+        9b:13:4e:37:1e:a1:57:c6:0c:7b:2c:25:19:37:9f:06:53:ef:
+        8d:d1:ba:c0:73:6e:7f:c2:0b:46:5f:9b:56:bb:59:19:5c:c9:
+        ee:ea:02:da:03:2c:fb:29:b6:07:dd:55:b7:e9:ce:60:47:e0:
+        6b:44:5a:61:74:5c:96:f6:30:d8:1b:a4:15:5e:06:c5:73:4b:
+        8a:4d:94:23:13:1b:3f:db:67:ca:a7:a6:41:c5:28:0f:fd:2e:
+        0e:f0
 -----BEGIN CERTIFICATE-----
-MIIEGDCCA4GgAwIBAgIUWfLqRAi1EjCglpPR0X/h7El1m6IwDQYJKoZIhvcNAQEL
+MIIEGDCCA4GgAwIBAgIUCR0DQYuSvSoqHHfgE6g98DPaf3IwDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzEwMjQxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
+MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
@@ -63,10 +63,10 @@ BgNVHQ4EFgQUgWkP+N/dzzQp1Wd1cYXHdRBpWewwgd4GA1UdIwSB1jCB04AUgWkP
 +N/dzzQp1Wd1cYXHdRBpWeyhgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzEw
 MjQxGTAXBgNVBAsMEFByb2dyYW1taW5nLTEwMjQxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUWfLqRAi1
-EjCglpPR0X/h7El1m6IwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxl
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUCR0DQYuS
+vSoqHHfgE6g98DPaf3IwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxl
 LmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZI
-hvcNAQELBQADgYEARWNv+e30Ejw8xSxRCJRhfgjoMkYrIgLQ6CukIxVIR4ddcqs4
-1TS5/PSGk0mV2IEyHCHj77hAxYcC6CiqVJMtiuke3V0R+L/KTjMgVk5vU7t5sNpl
-oUufyFX6UyaExh4KXnpu8i0qgaXQK+zVjrnwx1fX1hQaO9wJQbSdDXIgRHk=
+hvcNAQELBQADgYEAmhyPxL1U2mOn+Lo5tmRgnbql/EP1VygxQwlMA0y4w0krTr/y
+mxNONx6hV8YMeywlGTefBlPvjdG6wHNuf8ILRl+bVrtZGVzJ7uoC2gMs+ym2B91V
+t+nOYEfga0RaYXRclvYw2BukFV4GxXNLik2UIxMbP9tnyqemQcUoD/0uDvA=
 -----END CERTIFICATE-----
diff --git a/certs/1024/server-cert.der b/certs/1024/server-cert.der
index f4faeb582..2cc8316ec 100644
Binary files a/certs/1024/server-cert.der and b/certs/1024/server-cert.der differ
diff --git a/certs/1024/server-cert.pem b/certs/1024/server-cert.pem
index 0c0fc7147..d6106acc0 100644
--- a/certs/1024/server-cert.pem
+++ b/certs/1024/server-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = Support_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                Public-Key: (1024 bit)
                 Modulus:
                     00:aa:3e:a5:9c:d3:17:49:65:43:de:d0:f3:4b:1c:
                     db:49:0c:fc:7a:65:05:6d:de:6a:c4:e4:73:2c:8a:
@@ -28,8 +28,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:5C:44:2B:BF:D3:A8:2A:D8:FD:54:C9:CD:AA:7F:F7:D4:59:07:AA:DD
-
+                serial:59:52:6B:92:1A:25:8F:1B:EE:4C:51:9C:47:2F:FF:FF:9D:43:29:47
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -37,20 +36,21 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         35:2e:7b:57:7b:64:70:53:e0:81:ed:f4:ac:b3:3a:3b:ba:82:
-         8d:a2:31:d9:d4:ac:d1:8a:6d:35:41:15:b3:e8:06:91:ca:2a:
-         f7:ff:28:0e:3d:cd:e7:28:f0:07:c0:78:62:9e:88:3d:dc:98:
-         f0:8c:89:a7:1c:5b:77:37:b2:55:38:b2:60:42:e8:02:81:bf:
-         7c:c3:54:86:7e:e4:2f:7d:74:74:27:f7:9a:e2:8d:a9:2f:7c:
-         82:31:41:f1:cb:48:a0:05:00:26:3d:a4:6b:27:43:4c:3f:6f:
-         2f:41:2e:ee:ba:0d:8f:39:42:0d:2d:76:00:12:4c:f9:49:2d:
-         7f:ed
+    Signature Value:
+        94:67:03:63:2a:3e:e4:56:a5:9f:84:89:68:8c:ed:ef:a4:fe:
+        1f:dc:03:04:1e:d0:87:90:14:7c:82:3f:36:a8:7c:14:64:ab:
+        88:d4:9d:81:e8:f6:a7:ec:12:51:ea:25:fd:a4:d1:9c:9b:71:
+        3d:c8:d0:b3:d2:6d:eb:56:11:66:05:4e:92:27:0a:76:8c:3a:
+        8b:bd:e2:46:f5:7b:8e:ff:03:f3:89:92:dc:9b:46:79:f4:b8:
+        95:7d:b6:29:79:f3:55:c8:70:de:f7:9f:59:e1:e2:8d:a7:73:
+        1f:97:1c:52:64:48:77:cf:6d:a0:27:ad:c0:16:56:55:46:b2:
+        bf:f1
 -----BEGIN CERTIFICATE-----
 MIID8jCCA1ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53
 b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0y
-MzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5MjhaMIGVMQswCQYDVQQGEwJVUzEQMA4G
+NDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGVMQswCQYDVQQGEwJVUzEQMA4G
 A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT
 TDEVMBMGA1UECwwMU3VwcG9ydF8xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
 b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcN
@@ -62,27 +62,27 @@ A1UdIwSB0TCBzoAU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+kgZwwgZkxCzAJBgNV
 BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD
 VQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQD
 DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
-b22CFFxEK7/TqCrY/VTJzap/99RZB6rdMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUw
+b22CFFlSa5IaJY8b7kxRnEcv//+dQylHMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUw
 E4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
-BwMCMA0GCSqGSIb3DQEBCwUAA4GBADUue1d7ZHBT4IHt9KyzOju6go2iMdnUrNGK
-bTVBFbPoBpHKKvf/KA49zeco8AfAeGKeiD3cmPCMiaccW3c3slU4smBC6AKBv3zD
-VIZ+5C99dHQn95rijakvfIIxQfHLSKAFACY9pGsnQ0w/by9BLu66DY85Qg0tdgAS
-TPlJLX/t
+BwMCMA0GCSqGSIb3DQEBCwUAA4GBAJRnA2MqPuRWpZ+EiWiM7e+k/h/cAwQe0IeQ
+FHyCPzaofBRkq4jUnYHo9qfsElHqJf2k0ZybcT3I0LPSbetWEWYFTpInCnaMOou9
+4kb1e47/A/OJktybRnn0uJV9til581XIcN73n1nh4o2ncx+XHFJkSHfPbaAnrcAW
+VlVGsr/x
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            5c:44:2b:bf:d3:a8:2a:d8:fd:54:c9:cd:aa:7f:f7:d4:59:07:aa:dd
+            59:52:6b:92:1a:25:8f:1b:ee:4c:51:9c:47:2f:ff:ff:9d:43:29:47
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                Public-Key: (1024 bit)
                 Modulus:
                     00:cd:ac:dd:47:ec:be:b7:24:c3:63:1b:54:98:79:
                     e1:c7:31:16:59:d6:9d:77:9d:8d:e2:8b:ed:04:17:
@@ -100,8 +100,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:5C:44:2B:BF:D3:A8:2A:D8:FD:54:C9:CD:AA:7F:F7:D4:59:07:AA:DD
-
+                serial:59:52:6B:92:1A:25:8F:1B:EE:4C:51:9C:47:2F:FF:FF:9D:43:29:47
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -109,20 +108,21 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         70:7d:83:94:d0:ee:e1:19:8b:17:ca:79:87:12:5b:7f:70:a3:
-         51:20:4f:21:99:71:69:21:28:55:61:70:85:54:21:a9:70:a2:
-         a9:12:db:44:11:44:e7:41:00:70:80:b5:37:0c:7e:78:8f:88:
-         64:bc:e5:c0:44:a7:a5:3d:db:62:c4:d6:cd:aa:4b:ac:fb:01:
-         46:bb:ec:cb:6f:01:67:b4:65:f3:5e:53:39:64:99:9b:68:80:
-         14:91:a4:a4:eb:04:f3:76:9a:7d:b4:38:05:9c:a5:e0:bc:7e:
-         d9:d2:d3:d4:e8:c3:9f:38:4b:6c:29:94:be:35:bd:30:1f:b5:
-         b7:3d
+    Signature Value:
+        09:c6:da:fe:2a:45:83:9e:8b:66:cf:63:1f:11:cb:d9:b4:eb:
+        b0:97:3d:33:d4:b9:27:56:46:14:3c:fe:2b:b2:36:6e:38:7f:
+        08:f5:37:3c:f2:a2:6a:8a:c7:a0:be:0f:ac:dd:f4:f0:97:b3:
+        03:a6:70:48:44:fc:ef:ef:7a:c6:1a:8d:3f:19:f6:71:92:7e:
+        3a:00:95:f2:b6:57:40:77:c2:80:4e:61:f2:71:56:22:a0:1e:
+        a9:dd:5c:54:80:ad:e4:27:f2:17:20:9b:5b:89:30:6e:6a:31:
+        2a:4e:43:52:f8:8a:51:b7:ed:3a:aa:78:41:90:95:e8:40:2e:
+        66:fc
 -----BEGIN CERTIFICATE-----
-MIIECTCCA3KgAwIBAgIUXEQrv9OoKtj9VMnNqn/31FkHqt0wDQYJKoZIhvcNAQEL
+MIIECTCCA3KgAwIBAgIUWVJrkholjxvuTFGcRy///51DKUcwDQYJKoZIhvcNAQEL
 BQAwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x
 MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
-Zm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCB
+Zm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMjcwOTE0MjEyNTI5WjCB
 mTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQx
 GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
@@ -134,10 +134,10 @@ Io8oLOAF7tPtw3E9ybI2Oh2/qDCB2QYDVR0jBIHRMIHOgBTTIo8oLOAF7tPtw3E9
 ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmEx
 EDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9D
 b25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUXEQrv9OoKtj9VMnNqn/31FkHqt0w
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUWVJrkholjxvuTFGcRy///51DKUcw
 DAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAcH2D
-lNDu4RmLF8p5hxJbf3CjUSBPIZlxaSEoVWFwhVQhqXCiqRLbRBFE50EAcIC1Nwx+
-eI+IZLzlwESnpT3bYsTWzapLrPsBRrvsy28BZ7Rl815TOWSZm2iAFJGkpOsE83aa
-fbQ4BZyl4Lx+2dLT1OjDnzhLbCmUvjW9MB+1tz0=
+HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEACcba
+/ipFg56LZs9jHxHL2bTrsJc9M9S5J1ZGFDz+K7I2bjh/CPU3PPKiaorHoL4PrN30
+8JezA6ZwSET87+96xhqNPxn2cZJ+OgCV8rZXQHfCgE5h8nFWIqAeqd1cVICt5Cfy
+FyCbW4kwbmoxKk5DUviKUbftOqp4QZCV6EAuZvw=
 -----END CERTIFICATE-----
diff --git a/certs/3072/client-cert.der b/certs/3072/client-cert.der
index 329d03cf8..bd313a43b 100644
Binary files a/certs/3072/client-cert.der and b/certs/3072/client-cert.der differ
diff --git a/certs/3072/client-cert.pem b/certs/3072/client-cert.pem
index fbd8d99df..d896c7164 100644
--- a/certs/3072/client-cert.pem
+++ b/certs/3072/client-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            0b:5c:9f:12:25:90:aa:52:c0:df:e1:e1:1f:ed:a9:31:01:0a:09:8b
+            1e:d5:b7:66:40:3a:e9:9b:dd:58:e4:e4:9a:c0:da:1e:d7:b9:5a:1f
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:ac:39:50:68:8f:78:f8:10:9b:68:96:d3:e1:9c:
                     56:68:5a:41:62:e3:b3:41:b0:55:80:17:b0:88:16:
@@ -46,8 +46,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:3D:D1:84:C2:AF:B0:20:49:BC:74:87:41:38:AB:BA:D2:D4:0C:A3:A8
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_3072/OU=Programming-3072/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:0B:5C:9F:12:25:90:AA:52:C0:DF:E1:E1:1F:ED:A9:31:01:0A:09:8B
-
+                serial:1E:D5:B7:66:40:3A:E9:9B:DD:58:E4:E4:9A:C0:DA:1E:D7:B9:5A:1F
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -55,35 +54,36 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         14:27:57:47:12:a4:78:a2:c9:dc:93:f8:47:ee:f4:fd:66:80:
-         13:43:9e:de:23:8c:f7:3f:fe:46:9c:85:58:2a:6f:8d:22:92:
-         8c:d6:36:ca:90:4f:45:c3:ab:78:ca:3c:fe:d0:f5:0f:6d:00:
-         fe:3b:42:b0:86:0b:75:f2:7c:d3:c7:db:0b:70:e8:ec:b7:bf:
-         26:30:a8:19:67:bd:74:03:cf:d1:08:8e:9c:d5:1b:45:28:b2:
-         67:8e:3a:a5:27:c9:1b:6a:e9:93:ce:94:c0:00:0c:e8:f1:76:
-         02:a4:30:72:a8:fd:55:1c:d1:b8:25:f1:62:f6:ba:28:fd:30:
-         b1:11:63:f7:b3:78:54:09:04:c1:66:12:c7:01:ae:99:e3:55:
-         c4:29:bd:1b:1a:da:b9:77:fd:04:db:b1:68:56:35:65:e1:aa:
-         67:c8:ac:be:e5:f8:27:fb:b4:51:4f:38:e5:de:09:a6:81:a9:
-         ef:dc:d6:4a:96:47:b8:38:14:f8:25:5d:ac:f3:e5:3b:f2:1b:
-         70:32:3b:2d:fa:20:ca:2e:a5:ca:13:9d:84:d2:d4:35:16:58:
-         6e:52:5e:09:61:83:c2:e2:56:2c:ab:52:bf:54:dc:bd:f3:bf:
-         a7:16:6e:0e:ca:68:54:d1:5c:4d:06:7a:93:47:1c:cc:a9:66:
-         da:69:0f:f9:1f:25:64:29:40:97:50:3b:cf:0c:50:9b:4d:ff:
-         60:bc:d3:e4:a0:b7:64:c6:66:2a:f6:02:e2:3f:92:31:3b:d7:
-         ea:1a:c3:1a:0c:19:88:ab:5f:74:b7:9d:7b:8d:4d:3a:84:43:
-         f2:67:b1:be:a0:9e:fd:3d:aa:c1:38:1a:df:ac:30:fe:63:69:
-         af:d6:f2:21:63:11:63:29:ac:63:9e:9f:9f:c4:53:b3:db:78:
-         c0:2d:79:68:1f:d2:d1:36:d1:fb:e3:c0:a7:31:eb:15:63:99:
-         0b:93:9d:87:c7:fe:56:5d:fc:e7:29:2a:9e:15:be:ef:54:e7:
-         0f:6d:9b:36:b6:17
+    Signature Value:
+        5e:b0:ed:38:36:b8:f7:e4:0c:b0:c3:6a:bb:7a:b9:61:05:9d:
+        b9:82:12:2d:9c:9e:91:7b:ec:d0:9b:81:ca:51:e8:d4:55:2d:
+        1a:ff:88:5a:c3:e1:d8:82:17:c5:4a:7a:d4:17:c8:a2:1c:97:
+        61:a7:cf:de:12:f9:5a:d8:b0:63:63:84:d4:7b:b9:81:37:a0:
+        49:f3:68:30:0c:84:f8:6c:18:54:34:6f:8d:a3:22:d3:d2:3b:
+        42:bc:3b:28:0f:95:35:f4:9f:dc:18:9d:4f:c5:5f:0d:d2:bd:
+        88:b8:a7:88:82:d3:74:5b:a6:ad:b0:2b:70:33:c9:08:7e:5f:
+        9b:99:3c:61:f0:1b:3c:1c:4a:2a:05:84:f1:47:17:a2:ea:06:
+        3a:dc:f6:b3:83:30:9c:12:b1:4c:e9:be:40:86:3e:72:58:4e:
+        44:b8:99:59:c3:58:0f:d7:cf:02:60:77:ad:6f:9c:41:58:ef:
+        78:63:c0:f7:7d:a7:ed:67:c2:49:ae:06:fc:46:f7:70:53:88:
+        eb:53:2f:25:8d:7a:ac:ab:c4:b5:b0:27:90:57:d0:31:79:2f:
+        ad:da:20:c1:6a:00:cc:d9:b4:36:5a:90:99:3d:e3:e2:f4:b6:
+        e7:85:16:77:3d:69:bb:42:6c:a5:83:45:9f:53:c4:43:78:17:
+        43:bd:27:c0:6e:4b:40:0f:64:0b:ac:38:1e:09:6d:62:5a:54:
+        8a:2c:96:99:23:db:f5:4b:4a:aa:69:be:6e:8a:9a:3e:d5:e6:
+        a3:a9:a9:e9:e8:a9:28:28:3b:f9:9d:d9:5f:e3:cb:2b:2b:38:
+        ba:f1:bc:45:d8:4a:5a:b1:b3:8a:48:64:78:33:21:55:cd:04:
+        14:e7:7b:73:c2:b6:f2:de:81:01:d8:8d:c6:cf:f2:85:0f:32:
+        72:0f:6c:60:be:f5:31:75:39:4b:e3:ae:ed:0c:1e:15:83:ac:
+        f9:4c:86:cf:df:54:b0:7c:6f:f5:de:26:66:c0:ba:85:38:d0:
+        25:fe:b9:bf:12:98
 -----BEGIN CERTIFICATE-----
-MIIGHTCCBIWgAwIBAgIUC1yfEiWQqlLA3+HhH+2pMQEKCYswDQYJKoZIhvcNAQEL
+MIIGHTCCBIWgAwIBAgIUHtW3ZkA66ZvdWOTkmsDaHte5Wh8wDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzMwNzIxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTMwNzIxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
+MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8zMDcyMRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy0zMDcyMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK
@@ -100,15 +100,15 @@ qDCB3gYDVR0jBIHWMIHTgBQ90YTCr7AgSbx0h0E4q7rS1AyjqKGBpKSBoTCBnjEL
 MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x
 FTATBgNVBAoMDHdvbGZTU0xfMzA3MjEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMzA3
 MjEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
-QHdvbGZzc2wuY29tghQLXJ8SJZCqUsDf4eEf7akxAQoJizAMBgNVHRMEBTADAQH/
+QHdvbGZzc2wuY29tghQe1bdmQDrpm91Y5OSawNoe17laHzAMBgNVHRMEBTADAQH/
 MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAYEAFCdXRxKkeKLJ3JP4R+70
-/WaAE0Oe3iOM9z/+RpyFWCpvjSKSjNY2ypBPRcOreMo8/tD1D20A/jtCsIYLdfJ8
-08fbC3Do7Le/JjCoGWe9dAPP0QiOnNUbRSiyZ446pSfJG2rpk86UwAAM6PF2AqQw
-cqj9VRzRuCXxYva6KP0wsRFj97N4VAkEwWYSxwGumeNVxCm9GxrauXf9BNuxaFY1
-ZeGqZ8isvuX4J/u0UU845d4JpoGp79zWSpZHuDgU+CVdrPPlO/IbcDI7Lfogyi6l
-yhOdhNLUNRZYblJeCWGDwuJWLKtSv1TcvfO/pxZuDspoVNFcTQZ6k0cczKlm2mkP
-+R8lZClAl1A7zwxQm03/YLzT5KC3ZMZmKvYC4j+SMTvX6hrDGgwZiKtfdLede41N
-OoRD8mexvqCe/T2qwTga36ww/mNpr9byIWMRYymsY56fn8RTs9t4wC15aB/S0TbR
-++PApzHrFWOZC5Odh8f+Vl385ykqnhW+71TnD22bNrYX
+BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAYEAXrDtODa49+QMsMNqu3q5
+YQWduYISLZyekXvs0JuBylHo1FUtGv+IWsPh2IIXxUp61BfIohyXYafP3hL5Wtiw
+Y2OE1Hu5gTegSfNoMAyE+GwYVDRvjaMi09I7Qrw7KA+VNfSf3BidT8VfDdK9iLin
+iILTdFumrbArcDPJCH5fm5k8YfAbPBxKKgWE8UcXouoGOtz2s4MwnBKxTOm+QIY+
+clhORLiZWcNYD9fPAmB3rW+cQVjveGPA932n7WfCSa4G/Eb3cFOI61MvJY16rKvE
+tbAnkFfQMXkvrdogwWoAzNm0NlqQmT3j4vS254UWdz1pu0JspYNFn1PEQ3gXQ70n
+wG5LQA9kC6w4HgltYlpUiiyWmSPb9UtKqmm+boqaPtXmo6mp6eipKCg7+Z3ZX+PL
+Kys4uvG8RdhKWrGzikhkeDMhVc0EFOd7c8K28t6BAdiNxs/yhQ8ycg9sYL71MXU5
+S+Ou7QweFYOs+UyGz99UsHxv9d4mZsC6hTjQJf65vxKY
 -----END CERTIFICATE-----
diff --git a/certs/3072/client-key.der b/certs/3072/client-key.der
index be253d2f0..c2c766d74 100644
Binary files a/certs/3072/client-key.der and b/certs/3072/client-key.der differ
diff --git a/certs/4096/client-cert.der b/certs/4096/client-cert.der
index 5a5a7eef7..a3e795194 100644
Binary files a/certs/4096/client-cert.der and b/certs/4096/client-cert.der differ
diff --git a/certs/4096/client-cert.pem b/certs/4096/client-cert.pem
index e57398003..c2858e982 100644
--- a/certs/4096/client-cert.pem
+++ b/certs/4096/client-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            2f:36:54:05:64:52:dd:0e:75:75:33:7c:b2:ce:9f:5c:48:9b:ab:0e
+            12:66:c3:a2:08:5c:f7:d0:6e:e9:a8:82:a2:ab:9c:0f:76:9e:96:f4
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_4096, OU = Programming-4096, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_4096, OU = Programming-4096, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (4096 bit)
+                Public-Key: (4096 bit)
                 Modulus:
                     00:f5:d0:31:e4:71:59:58:b3:07:50:dd:16:79:fc:
                     c6:95:50:fc:46:0e:57:12:86:71:8d:e3:9b:4a:33:
@@ -55,8 +55,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:FA:54:89:67:E5:5F:B7:31:40:EA:FD:E7:F6:A3:C6:5A:56:16:A5:6E
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_4096/OU=Programming-4096/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:2F:36:54:05:64:52:DD:0E:75:75:33:7C:B2:CE:9F:5C:48:9B:AB:0E
-
+                serial:12:66:C3:A2:08:5C:F7:D0:6E:E9:A8:82:A2:AB:9C:0F:76:9E:96:F4
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -64,42 +63,43 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         c2:72:38:27:f0:5c:45:04:4b:09:0e:5d:98:6e:38:6a:bc:fb:
-         a8:85:4f:f2:04:38:63:4f:86:4f:3c:f5:fd:f8:cd:89:09:76:
-         72:47:97:df:f8:17:6a:81:3a:b2:b4:fc:ac:e9:fc:e2:47:9b:
-         07:6d:9c:53:ed:d8:64:bc:6c:4d:a9:bd:3e:5e:cd:61:bc:8e:
-         82:20:b2:50:bc:9e:72:e6:9f:40:ff:6c:4b:38:f8:4b:82:0f:
-         7e:49:cd:45:5c:cd:44:de:47:25:b3:57:d0:1a:0d:8d:4d:c7:
-         ea:23:fa:03:e8:86:d8:37:89:84:2e:e8:53:7a:77:be:94:ec:
-         70:e7:c4:7b:8f:6f:28:67:33:89:ec:c9:df:98:6d:4a:d9:c6:
-         7b:d3:b5:82:d0:8a:ce:8f:06:bf:a2:f7:de:4a:45:22:6f:ff:
-         41:6f:08:f5:c3:65:25:27:fb:43:3e:cc:25:0a:d3:3d:d2:34:
-         9f:89:6b:e2:97:9c:42:d9:3e:64:03:45:5f:07:95:ed:1a:70:
-         6a:be:3e:7f:7f:16:be:47:a6:6d:3b:0d:27:b3:89:b1:f1:f6:
-         ce:99:71:18:b6:c0:c5:9e:76:7a:8e:fb:4a:be:4f:cd:bc:21:
-         a9:4e:9c:fc:48:86:ff:e4:63:14:96:3a:eb:c8:48:ae:27:bd:
-         43:0c:27:85:e1:25:1a:69:48:6c:e7:11:f8:f3:68:9d:ee:15:
-         1a:be:ad:46:33:24:3d:be:b8:0e:6e:4d:ef:12:b6:ae:1b:88:
-         bd:0e:a6:ff:91:08:dc:ed:af:fa:13:2b:f2:b4:2c:ea:72:c2:
-         85:d6:ee:64:09:e1:4e:1a:5a:bd:c2:44:c2:95:82:59:0a:d8:
-         27:bc:48:4a:8a:a3:c3:77:ac:92:b6:8b:0b:13:e2:87:ec:21:
-         7e:7e:52:29:51:5c:59:e1:c8:db:05:ce:9e:f4:36:d8:63:42:
-         45:71:9a:ee:0e:24:b0:ba:a5:a5:aa:c9:ee:9e:a3:e3:e9:7f:
-         c6:64:6c:9e:65:78:88:f2:61:6f:d3:3b:9e:0d:16:fa:ad:c2:
-         58:ac:bc:14:b1:f7:6f:db:b9:7e:79:81:f1:f8:e9:41:5b:fe:
-         d9:e2:89:86:5c:01:03:5d:0c:d9:a9:d6:df:4b:26:5c:ae:e6:
-         df:b5:c9:f0:86:ca:7b:80:db:6a:86:fd:a9:00:46:32:39:5a:
-         72:c4:67:20:db:d8:7a:5d:2d:78:b9:a7:de:7f:f4:7a:5b:0f:
-         38:b0:9e:1a:ae:c5:cc:ff:61:5e:ec:f1:0d:f7:0a:22:bb:cb:
-         08:2b:91:58:77:1f:90:2b:a3:78:be:ef:4d:d8:8d:e8:f7:31:
-         f8:92:84:e5:b2:2a:e8:3a
+    Signature Value:
+        b0:00:28:7b:c8:3f:ae:93:f5:16:87:30:d6:07:2b:71:16:34:
+        1e:5c:48:0f:4a:e7:50:07:9d:f4:75:5b:90:53:72:87:2a:bb:
+        ef:04:bc:52:d2:bf:ff:27:58:2f:5c:af:be:f3:f6:00:a2:37:
+        8b:ec:2c:d7:b7:e7:bb:3b:ca:6f:9d:42:b7:00:b8:c2:a2:8e:
+        8e:e4:57:fd:83:4b:b8:47:aa:a1:28:ac:bd:c1:59:04:90:17:
+        40:40:35:04:c6:40:a9:21:d3:79:45:0e:22:c8:6f:ec:ae:58:
+        a5:c2:d8:1b:11:49:94:58:c2:11:7d:f8:0a:bb:47:fd:ac:cf:
+        f7:23:05:3f:ab:1d:0e:30:c5:98:29:13:1a:90:6f:f9:3f:f2:
+        d6:df:03:cc:f1:48:e7:71:e6:c4:ce:f3:f9:bf:07:c9:cf:dd:
+        63:0e:fe:bc:93:1c:9a:52:7d:63:f9:6d:a5:50:f3:ef:54:d7:
+        da:42:74:85:b1:b4:7c:d5:03:cc:b8:c3:ba:1f:b8:4f:5a:f9:
+        05:ba:4b:0d:57:8d:05:cf:4f:b7:c4:64:2e:2c:10:f3:fa:79:
+        0c:8c:1f:cc:84:33:88:fb:77:b5:6e:45:35:15:cc:28:80:2b:
+        2d:6b:3f:d0:a3:10:d1:53:c0:bb:70:43:79:2f:ff:3f:63:26:
+        c5:60:9b:87:e9:a2:5b:40:13:41:25:d2:9c:3e:42:79:00:e1:
+        12:0e:aa:06:e0:65:59:a1:fa:db:c4:c2:97:a8:87:35:96:1c:
+        8e:ff:eb:91:e0:8b:e3:3e:c8:b2:8c:d3:84:5e:76:80:d7:29:
+        0a:59:cc:71:d5:e5:65:3c:30:38:6e:f5:3f:7e:28:0f:3d:15:
+        10:86:30:39:56:23:13:30:b4:70:f7:7b:c3:0d:51:ad:18:b1:
+        87:b3:3f:1c:69:f5:d4:1e:72:66:5e:44:b9:53:ba:9e:f0:b8:
+        4a:b1:34:50:98:d8:f2:b9:b2:c5:ed:73:c9:ee:dd:33:8c:cf:
+        72:35:e0:3d:0f:45:2a:89:f9:a3:76:40:07:0f:f6:48:6c:f1:
+        8c:30:3a:c2:51:06:c2:51:5e:75:98:06:e0:1e:29:f7:12:9a:
+        56:a4:38:83:b1:8b:86:b6:ab:87:aa:3c:39:9d:4d:0c:e8:78:
+        9f:52:47:66:69:c8:66:0c:fe:d9:74:1d:78:0b:51:e4:d9:c8:
+        35:97:95:c7:31:97:13:49:ed:aa:9e:9c:fd:66:04:79:d2:24:
+        4d:64:8d:3f:cd:94:b0:05:0a:30:3b:1c:96:e7:79:00:03:47:
+        55:34:51:1f:46:3a:24:47:e6:dd:78:89:18:29:32:c5:ad:fb:
+        9c:f7:26:ac:56:3e:f7:73
 -----BEGIN CERTIFICATE-----
-MIIHHTCCBQWgAwIBAgIULzZUBWRS3Q51dTN8ss6fXEibqw4wDQYJKoZIhvcNAQEL
+MIIHHTCCBQWgAwIBAgIUEmbDoghc99Bu6aiCoqucD3aelvQwDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzQwOTYxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTQwOTYxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
+MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF80MDk2MRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy00MDk2MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
@@ -118,19 +118,19 @@ AUswHQYDVR0OBBYEFPpUiWflX7cxQOr95/ajxlpWFqVuMIHeBgNVHSMEgdYwgdOA
 FPpUiWflX7cxQOr95/ajxlpWFqVuoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4G
 A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNT
 TF80MDk2MRkwFwYDVQQLDBBQcm9ncmFtbWluZy00MDk2MRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFC82
-VAVkUt0OdXUzfLLOn1xIm6sOMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhh
+d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFBJm
+w6IIXPfQbumogqKrnA92npb0MAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhh
 bXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0G
-CSqGSIb3DQEBCwUAA4ICAQDCcjgn8FxFBEsJDl2YbjhqvPuohU/yBDhjT4ZPPPX9
-+M2JCXZyR5ff+BdqgTqytPys6fziR5sHbZxT7dhkvGxNqb0+Xs1hvI6CILJQvJ5y
-5p9A/2xLOPhLgg9+Sc1FXM1E3kcls1fQGg2NTcfqI/oD6IbYN4mELuhTene+lOxw
-58R7j28oZzOJ7MnfmG1K2cZ707WC0IrOjwa/ovfeSkUib/9Bbwj1w2UlJ/tDPswl
-CtM90jSfiWvil5xC2T5kA0VfB5XtGnBqvj5/fxa+R6ZtOw0ns4mx8fbOmXEYtsDF
-nnZ6jvtKvk/NvCGpTpz8SIb/5GMUljrryEiuJ71DDCeF4SUaaUhs5xH482id7hUa
-vq1GMyQ9vrgObk3vErauG4i9Dqb/kQjc7a/6EyvytCzqcsKF1u5kCeFOGlq9wkTC
-lYJZCtgnvEhKiqPDd6yStosLE+KH7CF+flIpUVxZ4cjbBc6e9DbYY0JFcZruDiSw
-uqWlqsnunqPj6X/GZGyeZXiI8mFv0zueDRb6rcJYrLwUsfdv27l+eYHx+OlBW/7Z
-4omGXAEDXQzZqdbfSyZcrubftcnwhsp7gNtqhv2pAEYyOVpyxGcg29h6XS14uafe
-f/R6Ww84sJ4arsXM/2Fe7PEN9woiu8sIK5FYdx+QK6N4vu9N2I3o9zH4koTlsiro
-Og==
+CSqGSIb3DQEBCwUAA4ICAQCwACh7yD+uk/UWhzDWBytxFjQeXEgPSudQB530dVuQ
+U3KHKrvvBLxS0r//J1gvXK++8/YAojeL7CzXt+e7O8pvnUK3ALjCoo6O5Ff9g0u4
+R6qhKKy9wVkEkBdAQDUExkCpIdN5RQ4iyG/srlilwtgbEUmUWMIRffgKu0f9rM/3
+IwU/qx0OMMWYKRMakG/5P/LW3wPM8UjncebEzvP5vwfJz91jDv68kxyaUn1j+W2l
+UPPvVNfaQnSFsbR81QPMuMO6H7hPWvkFuksNV40Fz0+3xGQuLBDz+nkMjB/MhDOI
++3e1bkU1FcwogCstaz/QoxDRU8C7cEN5L/8/YybFYJuH6aJbQBNBJdKcPkJ5AOES
+DqoG4GVZofrbxMKXqIc1lhyO/+uR4IvjPsiyjNOEXnaA1ykKWcxx1eVlPDA4bvU/
+figPPRUQhjA5ViMTMLRw93vDDVGtGLGHsz8cafXUHnJmXkS5U7qe8LhKsTRQmNjy
+ubLF7XPJ7t0zjM9yNeA9D0UqifmjdkAHD/ZIbPGMMDrCUQbCUV51mAbgHin3EppW
+pDiDsYuGtquHqjw5nU0M6HifUkdmachmDP7ZdB14C1Hk2cg1l5XHMZcTSe2qnpz9
+ZgR50iRNZI0/zZSwBQowOxyW53kAA0dVNFEfRjokR+bdeIkYKTLFrfuc9yasVj73
+cw==
 -----END CERTIFICATE-----
diff --git a/certs/4096/client-key.der b/certs/4096/client-key.der
index 34a6f1b7c..70a187bee 100644
Binary files a/certs/4096/client-key.der and b/certs/4096/client-key.der differ
diff --git a/certs/acert/acert.pem b/certs/acert/acert.pem
new file mode 100644
index 000000000..4bde876d3
--- /dev/null
+++ b/certs/acert/acert.pem
@@ -0,0 +1,23 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIID4zCCAssCAQEwOaA3MB+kHTAbMRkwFwYDVQQDDBBUUE0gTWFudWZhY3R1cmVy
+AhRADHoGLYO7i9GfV2Yz2rrlRFDPSqA6MDikNjA0MQswCQYDVQQGEwJVUzEUMBIG
+A1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdDANBgkqhkiG9w0BAQsF
+AAIBATAiGA8yMDE4MDEwMTA1MDAwMFoYDzIwMjgwMTAxMDUwMDAwWjCB7TALBgVn
+gQUCEzECMAAwHAYFZ4EFAhExEzARMAkCAQECAQMCARYEBAAAAAEwEgYFZ4EFAhkx
+CTAHBgVngQUIAjCBlQYHZ4EFBQEHAjGBiTCBhqBkMC8wDgYGZ4EFEgMBBAQAAgAB
+DBJYWVogQ29tcHV0aW5nIEluYy4MATGABkFCQzEyMzAxMA4GBmeBBRIDAQQEAAcA
+AgwNTm90IFNwZWNpZmllZAwDSEQxgAgxMjM0QUJDRIMB/6IeMBwMCHVuYW1lIC1y
+DBA2LjUuMC0xNS1nZW5lcmljMBQGBWeBBQIXMQswCQIBAQIBAQIBETCCAScwbwYD
+VR0jBGgwZoAUl46DRCrPD3GZndkBbbNDngf6ZHChOKQ2MDQxCzAJBgNVBAYTAlVT
+MRQwEgYDVQQKDAtleGFtcGxlLmNvbTEPMA0GA1UECwwGUENUZXN0ghRmuv6Ey2Ja
+dCAOFysMNOn9CiH45zBBBgNVHSAEOjA4MDYGAioDMDAwLgYIKwYBBQUHAgIwIgwg
+VENHIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwcQYDVR0RBGowaKRmMGQx
+EzARBgZngQUFAQQMB01vZGVsIEExHjAcBgZngQUFAQEMElhZWiBDb21wdXRpbmcg
+SW5jLjEZMBcGBmeBBQUBBQwNTm90IFNwZWNpZmllZDESMBAGBmeBBQUBBgwGQUJD
+MTIzMA0GCSqGSIb3DQEBCwUAA4IBAQB2SdELM7Dqaq2mvT+IV3pCBN7qPzRL+sO4
+MZG6jpTbbblr124KM84g936zLVZxOJeAa+Ie7r0ET7GYI+zKtpLmIZrlqhZl4YkP
+3g65JsIVc5PvOogxv67IxVigHu/NFKHIbFPz85drTatEVCfA8ac8BwJXXwuESLNr
+cH+K/vdLWDgMhsijhco82RI8x11wBvzMXLPnM5OnkiG/0zaEW7mk1gH2tBS6oCc+
+0v8y9jQ5NqyPo0mNhLJhUMonmvaGdZ3iDEFyF+iNuDc3pP5PA1YDKk/BYGXt1NUE
+89mkuGoF8bwkU9uqLKQ3jpCKx/SZZ08IK5MPQyzsnwjyhrsrP3Qm
+-----END ATTRIBUTE CERTIFICATE-----
diff --git a/certs/acert/acert_ietf.pem b/certs/acert/acert_ietf.pem
new file mode 100644
index 000000000..1c25c8677
--- /dev/null
+++ b/certs/acert/acert_ietf.pem
@@ -0,0 +1,15 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG
+A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl
+IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4
+LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj
+BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP
+gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI
+i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs
+GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn
+ERw2bQMmw//nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+
+mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6
+coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8
+d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A
+Bw==
+-----END ATTRIBUTE CERTIFICATE-----
diff --git a/certs/acert/acert_ietf_pubkey.pem b/certs/acert/acert_ietf_pubkey.pem
new file mode 100644
index 000000000..c7434f934
--- /dev/null
+++ b/certs/acert/acert_ietf_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvpigJZE2asRTFe63b3f
+xvh0swQuX+L4hW08E7mlm0NSQvBVs8yebELNnZLL738fvocvQMwAjf+8+Lyjb1fr
+FYMYvJpb6LmGA2Ysyt6Ny700dpiUValtd4mwtjSCH0/k4rCiaiCYWaN79Le9ZGwD
+pZ341kVX74JkNdaXs1EJ1tkUUoq6aIu5CWYncxjA4IufduHV1Eh/dpNq1tuLHjgY
+Y3NwYDJcotmN9mmIO+MAuZ1TzifhIy14tNGIspYpSZbn8j2RQpQOclhMVWeM5t0i
+TWgOO+jhJngptIJMXEaQQzKPiazv6pBhk8oamAZ0Nipr+DI8iDxvzHtyFDRVToOg
+1QIDAQAB
+-----END PUBLIC KEY-----
diff --git a/certs/acert/acert_pubkey.pem b/certs/acert/acert_pubkey.pem
new file mode 100644
index 000000000..a382a1be0
--- /dev/null
+++ b/certs/acert/acert_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjl1VnpENuEfQCVm2E4q
+h28D62c0pX5IgN5F2RoS7siU2Oc9hsSz6Hj+9o0SRhUTEAxxrML2d7TM2SVoIJ/x
+CFrchA1fIZQm7FWJa7MDFpxkRc7cNUGrZ5oyVCHtK6IbKiU4y8B/vova6+dyy6bi
+j97ea0UDL8ztKNyDUH9ZntyFrHTltA/ZlEjmxGHQJQd4RBO6RdfM70R7l+YTGa2N
+PflyiRY2SKNXXx8cVUURJvkOXVfLCuRUzG+NnSS62WRuWOOD0ZjiJCnwkTJZQNw0
+qI+hLhWN+//05JeKOw6rNVVUHR/R0GgjPL6FIQ/+yF2Z8nCd8lVIIY+hQsM/1l/h
+2QIDAQAB
+-----END PUBLIC KEY-----
diff --git a/certs/acert/include.am b/certs/acert/include.am
new file mode 100644
index 000000000..e93fe85d4
--- /dev/null
+++ b/certs/acert/include.am
@@ -0,0 +1,13 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+		certs/acert/acert.pem \
+		certs/acert/acert_ietf.pem \
+		certs/acert/acert_pubkey.pem \
+		certs/acert/acert_ietf_pubkey.pem \
+		certs/acert/rsa_pss/acert.pem \
+		certs/acert/rsa_pss/acert_ietf.pem \
+		certs/acert/rsa_pss/acert_pubkey.pem \
+		certs/acert/rsa_pss/acert_ietf_pubkey.pem
diff --git a/certs/acert/rsa_pss/acert.pem b/certs/acert/rsa_pss/acert.pem
new file mode 100644
index 000000000..74519df31
--- /dev/null
+++ b/certs/acert/rsa_pss/acert.pem
@@ -0,0 +1,25 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIIESzCCAv8CAQEwOaA3MB+kHTAbMRkwFwYDVQQDDBBUUE0gTWFudWZhY3R1cmVy
+AhRADHoGLYO7i9GfV2Yz2rrlRFDPSqA6MDikNjA0MQswCQYDVQQGEwJVUzEUMBIG
+A1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdDBBBgkqhkiG9w0BAQow
+NKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUA
+ogMCASACAQEwIhgPMjAxODAxMDEwNTAwMDBaGA8yMDI4MDEwMTA1MDAwMFowge0w
+CwYFZ4EFAhMxAjAAMBwGBWeBBQIRMRMwETAJAgEBAgEDAgEWBAQAAAABMBIGBWeB
+BQIZMQkwBwYFZ4EFCAIwgZUGB2eBBQUBBwIxgYkwgYagZDAvMA4GBmeBBRIDAQQE
+AAIAAQwSWFlaIENvbXB1dGluZyBJbmMuDAExgAZBQkMxMjMwMTAOBgZngQUSAwEE
+BAAHAAIMDU5vdCBTcGVjaWZpZWQMA0hEMYAIMTIzNEFCQ0SDAf+iHjAcDAh1bmFt
+ZSAtcgwQNi41LjAtMTUtZ2VuZXJpYzAUBgVngQUCFzELMAkCAQECAQECAREwggEn
+MG8GA1UdIwRoMGaAFJeOg0Qqzw9xmZ3ZAW2zQ54H+mRwoTikNjA0MQswCQYDVQQG
+EwJVUzEUMBIGA1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdIIUZrr+
+hMtiWnQgDhcrDDTp/Qoh+OcwQQYDVR0gBDowODA2BgIqAzAwMC4GCCsGAQUFBwIC
+MCIMIFRDRyBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MHEGA1UdEQRqMGik
+ZjBkMRMwEQYGZ4EFBQEEDAdNb2RlbCBBMR4wHAYGZ4EFBQEBDBJYWVogQ29tcHV0
+aW5nIEluYy4xGTAXBgZngQUFAQUMDU5vdCBTcGVjaWZpZWQxEjAQBgZngQUFAQYM
+BkFCQzEyMzBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZI
+hvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAH4FGu9CJJ/NraWxXoB+EuHu
+Ec95MPJDHnsDLea45z5TXkdxCd8Tb5EBuWYFCI6nkpWtkiF5UaLncQD/1ag0ECjZ
+duhmoaM01t8TERP1x2xOotpiS0nDGiAqn3twBS3NZlxgEDRMvW92tM49Vvlk7JwD
+Kxv9+qXidCXt62dcDNJoe1Uj9HXxuOO2NaO9OQHlPkY5GctKbcDBwaDUlEz40J9k
+PoXDNurLmI/nNgMDgicKdzdmhMT/BSXSt7Z228p7QcgROgJ5xTEVIMm+lGcBg1Sc
+RnWTVNjrIG+/nzYZENr+F40nrIKbkIIZTLCqwAN6fFFt/jNc44SdoJMNsKe1bTM=
+-----END ATTRIBUTE CERTIFICATE-----
diff --git a/certs/acert/rsa_pss/acert_ietf.pem b/certs/acert/rsa_pss/acert_ietf.pem
new file mode 100644
index 000000000..37f75625f
--- /dev/null
+++ b/certs/acert/rsa_pss/acert_ietf.pem
@@ -0,0 +1,17 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIICpTCCAVkCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG
+A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl
+IENlcnRpZmljYXRlIElzc3VlcjBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQC
+AQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASACFAO1kFkCoqq1
+QCFEuCxP2YAbX1fCMCIYDzIwMjEwNjE1MTIzNTAwWhgPMjAzMTA2MTMxMjM1MDBa
+MEEwIwYIKwYBBQUHCgQxFzAVoAmGB1Rlc3R2YWwwCAwGZ3JvdXAxMBoGA1UESDET
+MBGhD4MNYWRtaW5pc3RyYXRvcjAsMB8GA1UdIwQYMBaAFGJuyWhnbGS7U4LdLaqA
+itjKyItdMAkGA1UdOAQCBQAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEF
+AKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQCX18Lyj2CR
+AJL9JAwxYgWbk7fWif2mG5IiQ264Rd0W6ugqw1hYseKHnRI5LpxsRVF5kEaFs2ta
+FhwxxOtAo8YvbxMC4emuatbqwOlWQYwk9wPLbZb1nd1FItPtO98FK7/vF0263eJu
+A+UFxmDvLlao3SzP19mtCOcUjGsVxcJ2PN05wDUzITu2vGXuJAdjHcYX+s1UMLwk
+WMwHsz7EK2Al/FavI1MfZp0lVFi++CMOAdLIRbTjlACATDq6Q6kPc+bTqvMYoca2
+bGLw1jSig6T3DvGa3O/BwRMOhyqCtJNQYY7MYxcZhPR4Y0RLmyFnFiSzwypL6oMk
+QMaW0z/K5YO2
+-----END ATTRIBUTE CERTIFICATE-----
diff --git a/certs/acert/rsa_pss/acert_ietf_pubkey.pem b/certs/acert/rsa_pss/acert_ietf_pubkey.pem
new file mode 100644
index 000000000..f2d208d39
--- /dev/null
+++ b/certs/acert/rsa_pss/acert_ietf_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBALg9nrRhxCl5zxFdE7Le9GXL
+9M8Rzx5xU3meu6yp9lFIc3+FxNoc5E8nk7HXUK82iuEChcSlqt0j0/y03YqM+O45
+N6A9OkEkjdyL8BaeQEgNxZY16/nvhhnH0Bzg4n7DMvy3sUPQvsAu9tpbfSd+WNDT
+vtO9Fe84HIBkYhRuaIv7ca1UYn7R2VQk1RXK0lfY4orCOrexmlfPciJaTJcR5Lyi
+pjUj7X5lruRHVibrMY+Z+8DtvPaDZ7HFiuXzpGPQ0W907Wt7zEJfmTMUyQoOMDMM
+4iSlq0ib3rdZt9y2obCggRTFAtMAFIJ29FOT9FYDagMYFSqhnrR3ohiTNzfpYNMC
+AwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/acert/rsa_pss/acert_pubkey.pem b/certs/acert/rsa_pss/acert_pubkey.pem
new file mode 100644
index 000000000..a0f2d828a
--- /dev/null
+++ b/certs/acert/rsa_pss/acert_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBAL0P9mcosJbMQavKMo6FvjK/
+vC5PZAFYxsbQnDiG3kb3gCsshI8HQzHNIuw4wN3waJrqnFmsmsUqMENtsC0J2Fty
+DOI5791Ma7JUKT31RW6f5eU2Gjx1+evNWtWs2WzupsZdPS3DlgEQJsTSw3Fs1q5w
+JVLVHhtOjCwdj2QO9Xr17Nt0ZOfKoJdqth3LAVujMnOw9gbyTbCrCB+z1Mkq+dK4
+K0v6IPZqY76LVhR42y/lyG+MZ8jswg4I4qAE+iIwPi/9Tz9UdNwMfSr3gdD13pa3
+VqnGZG83prqPLEHwsSNpWGdDx7pQxgBkAPztO+7LPrMd1ck8Uugsq36pusLjdQ0C
+AwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/ca-cert-chain.der b/certs/ca-cert-chain.der
index 199c049e4..86950eec8 100644
Binary files a/certs/ca-cert-chain.der and b/certs/ca-cert-chain.der differ
diff --git a/certs/ca-cert.der b/certs/ca-cert.der
index bdb2f8760..3c6964e2f 100644
Binary files a/certs/ca-cert.der and b/certs/ca-cert.der differ
diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem
index 33d90791f..bb4abe7bc 100644
--- a/certs/ca-cert.pem
+++ b/certs/ca-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+            6b:9b:70:c6:f1:a3:94:65:19:a1:08:58:ef:a7:8d:2b:7a:83:c1:da
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -38,8 +38,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -47,27 +46,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
-         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
-         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
-         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
-         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
-         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
-         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
-         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
-         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
-         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
-         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
-         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
-         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
-         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
-         b9:a2:fe:35
+    Signature Value:
+        77:3b:3d:66:74:bc:97:fe:40:16:e6:ba:a5:d5:d1:84:08:89:
+        69:4f:88:0d:57:a9:ef:8c:c3:97:52:c8:bd:8b:a2:49:3b:b7:
+        f7:5d:1e:d6:14:7f:b2:80:33:da:a0:8a:d3:e1:2f:d5:bc:33:
+        9f:ea:5a:72:24:e5:f8:b8:4b:b3:df:62:90:3b:a8:21:ef:27:
+        42:75:bc:60:02:8e:37:35:99:eb:a3:28:f2:65:4c:ff:7a:f8:
+        8e:cc:23:6d:e5:6a:fe:22:5a:d9:b2:4f:47:c7:e0:ae:98:ef:
+        94:ac:b6:4f:61:81:29:8e:e1:79:2c:46:fc:e9:1a:c3:96:1f:
+        19:93:64:2e:9f:37:72:c5:e4:93:4e:61:5f:38:8e:ae:e8:39:
+        19:e6:97:a8:91:d4:23:7e:1e:d2:d0:53:ec:cc:ac:a0:1d:d0:
+        b7:dd:b1:b7:01:2e:96:cd:85:27:e0:e7:47:e2:c1:c1:00:f6:
+        94:df:77:e7:fa:c6:ef:8a:c0:7c:67:bc:ff:a0:7c:94:3b:7d:
+        86:42:af:3d:83:31:ee:2a:3b:7b:f0:2c:9e:6f:e9:c4:07:81:
+        24:da:05:70:4d:dd:09:ae:9e:72:b8:21:0e:8c:b2:ab:aa:4c:
+        49:10:f7:76:f9:b5:0d:6c:20:d3:df:7a:06:32:8d:29:1f:28:
+        1d:8d:26:33
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUa5twxvGjlGUZoQhY76eNK3qDwdowDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -82,12 +82,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+a5twxvGjlGUZoQhY76eNK3qDwdowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
-OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
-bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
-w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
-tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
-qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmi/jU=
+DQYJKoZIhvcNAQELBQADggEBAHc7PWZ0vJf+QBbmuqXV0YQIiWlPiA1Xqe+Mw5dS
+yL2Lokk7t/ddHtYUf7KAM9qgitPhL9W8M5/qWnIk5fi4S7PfYpA7qCHvJ0J1vGAC
+jjc1meujKPJlTP96+I7MI23lav4iWtmyT0fH4K6Y75Sstk9hgSmO4XksRvzpGsOW
+HxmTZC6fN3LF5JNOYV84jq7oORnml6iR1CN+HtLQU+zMrKAd0LfdsbcBLpbNhSfg
+50fiwcEA9pTfd+f6xu+KwHxnvP+gfJQ7fYZCrz2DMe4qO3vwLJ5v6cQHgSTaBXBN
+3QmunnK4IQ6MsquqTEkQ93b5tQ1sINPfegYyjSkfKB2NJjM=
 -----END CERTIFICATE-----
diff --git a/certs/ca-ecc-cert.der b/certs/ca-ecc-cert.der
index bc9abe252..b00ba4a10 100644
Binary files a/certs/ca-ecc-cert.der and b/certs/ca-ecc-cert.der differ
diff --git a/certs/ca-ecc-cert.pem b/certs/ca-ecc-cert.pem
index d088d30ac..eab997d70 100644
--- a/certs/ca-ecc-cert.pem
+++ b/certs/ca-ecc-cert.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            0f:17:46:70:fd:c2:70:d1:f9:42:49:9c:1a:c3:5d:dd:30:c8:5f:85
+            30:b9:30:50:f8:1a:0d:ff:ad:68:d1:6d:e8:a3:6b:58:23:33:7a:84
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -24,23 +24,23 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
             X509v3 Authority Key Identifier: 
-                keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
-
+                56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:c8:64:7f:ee:4b:be:83:48:13:ea:92:f8:1a:
-         82:1e:85:b1:5a:a4:1c:e3:e8:ea:25:44:6f:e7:70:fd:eb:f3:
-         76:02:20:44:02:a2:ec:c5:a1:ae:e2:a4:8a:d9:13:95:2b:a6:
-         5b:09:57:86:61:42:96:97:f0:95:62:0c:03:e6:53:04:25
+    Signature Value:
+        30:45:02:21:00:88:cc:7f:00:f5:a9:4e:c0:69:6e:36:39:24:
+        8f:83:45:4d:fa:d0:39:14:b8:c8:7f:95:51:f2:c5:98:c0:b7:
+        e2:02:20:2a:93:61:b0:06:de:eb:da:fd:af:6b:39:bf:88:17:
+        f1:ba:2a:7d:59:a8:de:e7:0a:11:83:4f:92:77:8d:92:3b
 -----BEGIN CERTIFICATE-----
-MIIClTCCAjugAwIBAgIUDxdGcP3CcNH5QkmcGsNd3TDIX4UwCgYIKoZIzj0EAwIw
+MIIClTCCAjugAwIBAgIUMLkwUPgaDf+taNFt6KNrWCMzeoQwCgYIKoZIzj0EAwIw
 gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZcxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZcxCzAJ
 BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
 MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE
 AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
@@ -48,6 +48,6 @@ Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAtPZbtYBjkXIuZAx5cBM456t
 KTiYuhDW6QkqgKkuFyq5ir8zg0bjlQvkd0C1O0NFMw9hU3w3RMHL/IDK6EPqp6Nj
 MGEwHQYDVR0OBBYEFFaOmsPwQt4YuUVVbvmTz+rD86UhMB8GA1UdIwQYMBaAFFaO
 msPwQt4YuUVVbvmTz+rD86UhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
-AgGGMAoGCCqGSM49BAMCA0gAMEUCIQDIZH/uS76DSBPqkvgagh6FsVqkHOPo6iVE
-b+dw/evzdgIgRAKi7MWhruKkitkTlSumWwlXhmFClpfwlWIMA+ZTBCU=
+AgGGMAoGCCqGSM49BAMCA0gAMEUCIQCIzH8A9alOwGluNjkkj4NFTfrQORS4yH+V
+UfLFmMC34gIgKpNhsAbe69r9r2s5v4gX8boqfVmo3ucKEYNPkneNkjs=
 -----END CERTIFICATE-----
diff --git a/certs/ca-ecc384-cert.der b/certs/ca-ecc384-cert.der
index 6897c6835..23e1a0430 100644
Binary files a/certs/ca-ecc384-cert.der and b/certs/ca-ecc384-cert.der differ
diff --git a/certs/ca-ecc384-cert.pem b/certs/ca-ecc384-cert.pem
index a103a367f..108e08ac1 100644
--- a/certs/ca-ecc384-cert.pem
+++ b/certs/ca-ecc384-cert.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            2e:ea:f0:11:40:1e:ad:fa:a7:85:68:65:7a:25:2b:13:b7:61:d7:80
+            4e:08:67:9d:29:61:47:3e:2a:23:82:cd:cf:cb:53:2a:b8:02:22:57
         Signature Algorithm: ecdsa-with-SHA384
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -26,25 +26,25 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52
             X509v3 Authority Key Identifier: 
-                keyid:AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52
-
+                AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA384
-         30:65:02:31:00:bd:2e:67:71:54:be:b8:5e:29:19:d3:18:f7:
-         e1:ae:79:f0:cc:09:c3:91:c0:81:ab:d7:b7:21:f8:4f:da:bc:
-         ad:0e:fc:3d:54:32:21:3a:67:c5:26:35:e9:33:b2:58:d2:02:
-         30:64:2f:fb:10:d0:65:b5:ac:bb:b3:41:64:24:eb:0a:6b:ae:
-         a4:ed:3e:c8:62:81:45:97:92:ad:61:eb:69:54:ce:42:83:bb:
-         68:23:20:f7:b2:5a:55:0c:d4:e6:13:42:61
+    Signature Value:
+        30:65:02:30:1d:3f:92:02:b2:46:54:ee:9e:0d:90:03:73:6a:
+        ab:04:5a:41:fe:f4:1b:fd:d6:99:cc:7a:6c:fd:52:da:2e:4e:
+        78:fe:ef:79:74:12:5e:04:9d:2c:e4:e7:1a:4d:d3:1e:02:31:
+        00:b7:34:e8:4c:69:70:db:fd:1a:48:c5:dc:8e:ef:15:ca:13:
+        ee:f8:4f:27:5f:d2:3a:6a:06:7d:f3:32:a7:75:97:27:6d:60:
+        ed:a2:9f:9f:7e:66:43:f9:15:1d:65:5d:49
 -----BEGIN CERTIFICATE-----
-MIIC0jCCAligAwIBAgIULurwEUAerfqnhWhleiUrE7dh14AwCgYIKoZIzj0EAwMw
+MIIC0jCCAligAwIBAgIUTghnnSlhRz4qI4LNz8tTKrgCIlcwCgYIKoZIzj0EAwMw
 gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZcxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZcxCzAJ
 BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
 MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE
 AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
@@ -53,7 +53,7 @@ fr3YWqW58I6ipdrOhztaq0QWnPWfYt32IM2cdjxAsT+XF99Z9s3ezUY1wO1eLki2
 ZpFxdLcMP7mat4O9kz9fUC1wP941JeGQO4bgo2MwYTAdBgNVHQ4EFgQUq+DDJkwY
 1HK70oSMnAoFkoASU1IwHwYDVR0jBBgwFoAUq+DDJkwY1HK70oSMnAoFkoASU1Iw
 DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaAAw
-ZQIxAL0uZ3FUvrheKRnTGPfhrnnwzAnDkcCBq9e3IfhP2rytDvw9VDIhOmfFJjXp
-M7JY0gIwZC/7ENBltay7s0FkJOsKa66k7T7IYoFFl5KtYetpVM5Cg7toIyD3slpV
-DNTmE0Jh
+ZQIwHT+SArJGVO6eDZADc2qrBFpB/vQb/daZzHps/VLaLk54/u95dBJeBJ0s5Oca
+TdMeAjEAtzToTGlw2/0aSMXcju8VyhPu+E8nX9I6agZ98zKndZcnbWDtop+ffmZD
++RUdZV1J
 -----END CERTIFICATE-----
diff --git a/certs/ca-key-pkcs8-attribute.der b/certs/ca-key-pkcs8-attribute.der
new file mode 100644
index 000000000..692a8cccf
Binary files /dev/null and b/certs/ca-key-pkcs8-attribute.der differ
diff --git a/certs/check_dates.sh b/certs/check_dates.sh
index 9fd2ea137..64421e76e 100755
--- a/certs/check_dates.sh
+++ b/certs/check_dates.sh
@@ -137,6 +137,22 @@ do
     check_file $file
 done
 
+# try running test suite in the future
+faketime -v > /dev/null
+RESULT=$?
+if [ "$RESULT" = "0" ]; then
+    FUTURE=$(date --date="1 years")
+    echo ""
+    echo "Trying to run tests with time set to \"$FUTURE\""
+    ./configure --enable-all -q
+    make -s
+    faketime "${FUTURE}" ./tests/unit.test
+    RESULT=$?
+    if [ "$RESULT" != "0" ]; then
+        echo "Running tests with future date failed"
+        exit 1
+    fi
+fi
 # Return result of check
 # 0 on success
 # 1 on failure
diff --git a/certs/client-absolute-urn.pem b/certs/client-absolute-urn.pem
index 6393b3552..15723cc8e 100644
--- a/certs/client-absolute-urn.pem
+++ b/certs/client-absolute-urn.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            5a:3e:54:33:b4:88:fe:ad:22:40:07:62:9b:28:b1:56:7b:af:a6:eb
+            4e:4b:a3:8d:2d:2b:10:08:9c:05:89:89:3b:c1:6d:f4:fa:ab:6c:75
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = ABSOLUTE_URN, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = ABSOLUTE_URN, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,34 +38,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=ABSOLUTE_URN/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:5A:3E:54:33:B4:88:FE:AD:22:40:07:62:9B:28:B1:56:7B:AF:A6:EB
-
+                serial:4E:4B:A3:8D:2D:2B:10:08:9C:05:89:89:3B:C1:6D:F4:FA:AB:6C:75
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Alternative Name: 
                 URI:urn:example:test
     Signature Algorithm: sha256WithRSAEncryption
-         28:ec:66:1b:7e:f7:62:fe:44:8e:b3:65:0a:9c:10:d3:c3:72:
-         a1:97:85:1d:5a:1c:de:74:1f:28:63:18:f6:28:d0:d1:8e:55:
-         c3:98:7d:c2:21:a8:a2:6f:7e:9a:98:dd:2f:2c:ab:51:69:9b:
-         27:1f:04:9e:01:22:ce:fb:3a:a6:c6:37:27:c7:0f:11:93:f8:
-         74:9c:18:88:2a:f7:d4:50:da:fc:54:00:f8:5e:57:08:52:fb:
-         47:48:d0:a3:7d:9f:3e:87:09:b4:4f:07:c7:46:89:e3:52:a5:
-         d9:a8:e9:04:51:58:99:ef:61:9c:51:f4:98:fe:89:fa:d0:1a:
-         bd:9f:63:81:e2:9a:f3:67:17:6d:df:8c:be:34:e8:c2:96:a2:
-         fc:28:e7:5a:23:fe:c1:02:c8:af:bd:db:4a:d0:8c:28:fd:c9:
-         a3:1c:1e:ab:ca:e6:d3:90:b7:25:c5:29:04:b9:76:08:f2:f1:
-         14:e5:e7:8a:30:06:0b:bc:5d:30:4f:b0:12:3b:93:d7:99:a2:
-         de:57:0f:85:b8:c8:47:ee:dc:5b:6a:71:b7:7e:85:a1:fd:9d:
-         3a:d2:fa:2b:0f:7c:51:8c:d9:ef:9e:37:c9:3a:4a:75:85:b1:
-         16:ef:f9:cc:48:b4:15:8e:08:5f:ea:82:5b:32:07:a9:56:d4:
-         76:5e:bc:a4
+    Signature Value:
+        56:e2:74:63:d9:98:fd:a9:49:a4:60:86:60:cd:2e:37:c3:b5:
+        ad:bf:b4:5f:36:14:3d:16:00:f5:5e:cc:50:41:9d:5d:7e:e2:
+        91:3d:a0:cf:37:56:dc:e1:3c:93:fb:c8:3f:46:db:5a:b6:f0:
+        71:43:f3:9e:09:b3:6f:a6:c3:43:97:43:27:96:ec:37:4a:56:
+        dd:99:49:16:ef:1f:5d:c2:37:b0:6e:3f:f6:21:94:ca:df:eb:
+        6b:1f:e0:81:95:4d:a7:c1:07:8a:65:d6:f9:e4:d4:42:72:49:
+        46:32:c2:29:90:98:f1:90:1f:99:b9:4a:57:18:5c:99:54:ee:
+        43:a9:48:52:39:d5:54:91:40:45:2a:f2:8e:58:8e:d6:06:ba:
+        f9:04:55:f7:51:84:e4:2a:59:a9:41:ad:40:f3:32:51:21:8d:
+        8e:bd:83:0d:9e:3c:2f:b8:24:d0:dd:81:11:99:95:1c:eb:cf:
+        ee:1a:ac:85:16:ca:4b:fb:45:47:d0:01:d9:41:da:3a:58:a5:
+        df:bd:e3:aa:36:f9:60:d6:20:ac:2c:f5:cd:41:5d:f5:cd:15:
+        c4:4a:b5:90:c3:08:ac:12:38:af:7b:bb:d6:1b:b6:4b:0a:38:
+        50:af:86:9e:5f:fc:bd:cf:58:68:4b:ce:7c:30:48:ef:da:5a:
+        8f:2f:f8:4a
 -----BEGIN CERTIFICATE-----
-MIIE7jCCA9agAwIBAgIUWj5UM7SI/q0iQAdimyixVnuvpuswDQYJKoZIhvcNAQEL
+MIIE7jCCA9agAwIBAgIUTkujjS0rEAicBYmJO8Ft9PqrbHUwDQYJKoZIhvcNAQEL
 BQAwgZoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxFTATBgNVBAsMDEFCU09MVVRF
 X1VSTjEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBp
-bmZvQHdvbGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFow
+bmZvQHdvbGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVow
 gZoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxFTATBgNVBAsMDEFCU09MVVRFX1VS
 TjEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
@@ -80,12 +80,12 @@ cCeRxybXhWXAMIHaBgNVHSMEgdIwgc+AFDPYRWbXaIcYflQNcCeRxybXhWXAoYGg
 pIGdMIGaMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxBQlNPTFVU
 RV9VUk4xGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQ
-aW5mb0B3b2xmc3NsLmNvbYIUWj5UM7SI/q0iQAdimyixVnuvpuswCQYDVR0TBAIw
+aW5mb0B3b2xmc3NsLmNvbYIUTkujjS0rEAicBYmJO8Ft9PqrbHUwCQYDVR0TBAIw
 ADAbBgNVHREEFDAShhB1cm46ZXhhbXBsZTp0ZXN0MA0GCSqGSIb3DQEBCwUAA4IB
-AQAo7GYbfvdi/kSOs2UKnBDTw3Khl4UdWhzedB8oYxj2KNDRjlXDmH3CIaiib36a
-mN0vLKtRaZsnHwSeASLO+zqmxjcnxw8Rk/h0nBiIKvfUUNr8VAD4XlcIUvtHSNCj
-fZ8+hwm0TwfHRonjUqXZqOkEUViZ72GcUfSY/on60Bq9n2OB4przZxdt34y+NOjC
-lqL8KOdaI/7BAsivvdtK0Iwo/cmjHB6ryubTkLclxSkEuXYI8vEU5eeKMAYLvF0w
-T7ASO5PXmaLeVw+FuMhH7txbanG3foWh/Z060vorD3xRjNnvnjfJOkp1hbEW7/nM
-SLQVjghf6oJbMgepVtR2Xryk
+AQBW4nRj2Zj9qUmkYIZgzS43w7Wtv7RfNhQ9FgD1XsxQQZ1dfuKRPaDPN1bc4TyT
++8g/RttatvBxQ/OeCbNvpsNDl0Mnluw3SlbdmUkW7x9dwjewbj/2IZTK3+trH+CB
+lU2nwQeKZdb55NRCcklGMsIpkJjxkB+ZuUpXGFyZVO5DqUhSOdVUkUBFKvKOWI7W
+Brr5BFX3UYTkKlmpQa1A8zJRIY2OvYMNnjwvuCTQ3YERmZUc68/uGqyFFspL+0VH
+0AHZQdo6WKXfveOqNvlg1iCsLPXNQV31zRXESrWQwwisEjive7vWG7ZLCjhQr4ae
+X/y9z1hoS858MEjv2lqPL/hK
 -----END CERTIFICATE-----
diff --git a/certs/client-ca.pem b/certs/client-ca.pem
index f670cb410..3f51043e5 100644
--- a/certs/client-ca.pem
+++ b/certs/client-ca.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            08:b0:54:7a:03:5a:ec:55:8a:12:e8:f9:8e:34:b6:13:d9:59:b8:e8
+            4f:0d:8c:c5:fa:ee:a2:9b:b7:35:9e:e9:4a:17:99:f0:cc:23:f2:ec
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,8 +38,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:08:B0:54:7A:03:5A:EC:55:8A:12:E8:F9:8E:34:B6:13:D9:59:B8:E8
-
+                serial:4F:0D:8C:C5:FA:EE:A2:9B:B7:35:9E:E9:4A:17:99:F0:CC:23:F2:EC
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -47,28 +46,29 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         89:84:eb:6a:70:3b:2a:6e:a8:8b:f2:92:79:97:5c:bd:98:8b:
-         71:db:db:7c:df:db:a4:2c:59:d3:a6:75:41:c2:06:b6:17:1e:
-         0c:1f:7d:0b:7f:58:3e:c1:e7:0c:f0:62:92:77:ab:99:79:7b:
-         85:f4:d9:6c:d0:0e:e5:8b:13:35:65:9e:d7:9a:51:98:e4:49:
-         44:51:c8:e3:e0:9a:ff:c2:cb:3d:81:eb:ee:f4:1a:d1:96:4b:
-         e9:7d:de:5b:f2:64:40:ad:e1:d9:d6:b7:e1:eb:a9:3a:52:29:
-         89:aa:07:37:96:44:e3:23:49:f3:be:f3:0d:70:d1:a2:ce:78:
-         86:22:fc:76:00:84:1d:fa:8b:8a:d2:43:93:88:fa:ee:22:cc:
-         a6:86:f5:3f:24:f1:d4:70:05:4f:3b:18:32:50:67:c1:80:77:
-         0d:3c:78:75:35:d0:fd:60:f3:ed:a1:30:d0:62:25:99:6b:80:
-         56:17:3d:b4:af:1d:df:ab:48:21:c1:d2:0b:6b:94:a7:33:d1:
-         d0:82:b7:3b:92:eb:9d:d6:6c:32:81:5e:07:3c:46:34:32:7b:
-         ea:22:db:a6:a3:18:69:7c:ad:17:e4:c8:a9:8f:a8:ba:67:af:
-         99:39:ef:6e:0c:f8:a9:b3:bd:ab:71:94:e0:41:aa:a4:2d:72:
-         60:51:d1:5c
+    Signature Value:
+        46:ab:e4:6d:ae:49:5b:6a:0b:a9:87:e1:95:32:a6:d7:ae:de:
+        28:dc:c7:99:68:e2:5f:c9:5a:4c:64:b8:f5:28:42:5a:e8:5c:
+        59:32:fe:d0:1f:0b:55:89:db:67:e7:78:f3:70:cf:18:51:57:
+        8b:f3:2b:a4:66:0b:f6:03:6e:11:ac:83:52:16:7e:a2:7c:36:
+        77:f6:bb:13:19:40:2c:b8:8c:ca:d6:7e:79:7d:f4:14:8d:b5:
+        a4:09:f6:2d:4c:e7:f9:b8:25:41:15:78:f4:ca:80:41:ea:3a:
+        05:08:f6:b5:5b:a1:3b:5b:48:a8:4b:8c:19:8d:6c:87:31:76:
+        74:02:16:8b:dd:7f:d1:11:62:27:42:39:e0:9a:63:26:31:19:
+        ce:3d:41:d5:24:47:32:0f:76:d6:41:37:44:ad:73:f1:b8:ec:
+        2b:6e:9c:4f:84:c4:4e:d7:92:10:7e:23:32:a0:75:6a:e7:fe:
+        55:95:9f:0a:ad:df:f9:2a:a2:1a:59:d5:82:63:d6:5d:7d:79:
+        f4:a7:2d:dc:8c:04:cd:98:b0:42:0e:84:fa:86:50:10:61:ac:
+        73:cd:79:45:30:e8:42:a1:6a:f6:77:55:ec:07:db:52:29:ca:
+        7a:c8:a2:da:e9:f5:98:33:6a:e8:bc:89:ed:01:e2:fe:44:86:
+        86:80:39:ec
 -----BEGIN CERTIFICATE-----
-MIIFHTCCBAWgAwIBAgIUCLBUegNa7FWKEuj5jjS2E9lZuOgwDQYJKoZIhvcNAQEL
+MIIFHTCCBAWgAwIBAgIUTw2Mxfruopu3NZ7pSheZ8Mwj8uwwDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
+MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
@@ -82,26 +82,26 @@ Ztdohxh+VA1wJ5HHJteFZcAwgd4GA1UdIwSB1jCB04AUM9hFZtdohxh+VA1wJ5HH
 JteFZcChgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
 DgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsM
 EFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUCLBUegNa7FWKEuj5jjS2E9lZ
-uOgwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
+CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUTw2Mxfruopu3NZ7pSheZ8Mwj
+8uwwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
 BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB
-AImE62pwOypuqIvyknmXXL2Yi3Hb23zf26QsWdOmdUHCBrYXHgwffQt/WD7B5wzw
-YpJ3q5l5e4X02WzQDuWLEzVlnteaUZjkSURRyOPgmv/Cyz2B6+70GtGWS+l93lvy
-ZECt4dnWt+HrqTpSKYmqBzeWROMjSfO+8w1w0aLOeIYi/HYAhB36i4rSQ5OI+u4i
-zKaG9T8k8dRwBU87GDJQZ8GAdw08eHU10P1g8+2hMNBiJZlrgFYXPbSvHd+rSCHB
-0gtrlKcz0dCCtzuS653WbDKBXgc8RjQye+oi26ajGGl8rRfkyKmPqLpnr5k5724M
-+KmzvatxlOBBqqQtcmBR0Vw=
+AEar5G2uSVtqC6mH4ZUypteu3ijcx5lo4l/JWkxkuPUoQlroXFky/tAfC1WJ22fn
+ePNwzxhRV4vzK6RmC/YDbhGsg1IWfqJ8Nnf2uxMZQCy4jMrWfnl99BSNtaQJ9i1M
+5/m4JUEVePTKgEHqOgUI9rVboTtbSKhLjBmNbIcxdnQCFovdf9ERYidCOeCaYyYx
+Gc49QdUkRzIPdtZBN0Stc/G47CtunE+ExE7XkhB+IzKgdWrn/lWVnwqt3/kqohpZ
+1YJj1l19efSnLdyMBM2YsEIOhPqGUBBhrHPNeUUw6EKhavZ3VewH21IpynrIotrp
+9Zgzaui8ie0B4v5EhoaAOew=
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            37:67:2a:05:24:b5:2b:b6:ae:40:6b:e1:75:e0:97:cc:1d:12:8b:2a
+            75:99:db:38:ed:32:b1:c2:d1:2c:5e:6f:6f:9d:47:17:58:dd:ee:26
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -120,8 +120,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
                 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:37:67:2A:05:24:B5:2B:B6:AE:40:6B:E1:75:E0:97:CC:1D:12:8B:2A
-
+                serial:75:99:DB:38:ED:32:B1:C2:D1:2C:5E:6F:6F:9D:47:17:58:DD:EE:26
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -129,16 +128,17 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:7a:6d:c5:bd:6f:9d:54:4f:c5:4c:d0:12:8c:31:
-         3b:b6:17:80:9e:c7:34:f8:c5:da:fb:61:23:35:e6:93:35:b4:
-         02:20:1b:6a:86:c4:11:be:7c:15:a7:5e:ab:85:ee:b7:8c:20:
-         dc:eb:17:a3:f2:66:63:aa:6b:67:e0:62:1f:17:3e:ac
+    Signature Value:
+        30:45:02:20:03:69:31:45:6f:01:88:6b:63:c6:1c:eb:39:e4:
+        9a:a8:e2:e0:34:ac:ac:e6:a1:d6:fe:ce:85:98:1e:b0:0d:a9:
+        02:21:00:a3:dd:84:5d:08:28:4b:8b:58:fb:0d:33:db:02:ea:
+        c8:0c:da:34:0b:4e:83:a2:10:67:99:19:1c:93:91:c8:c7
 -----BEGIN CERTIFICATE-----
-MIIDXTCCAwSgAwIBAgIUN2cqBSS1K7auQGvhdeCXzB0SiyowCgYIKoZIzj0EAwIw
+MIIDXjCCAwSgAwIBAgIUdZnbOO0yscLRLF5vb51HF1jd7iYwCgYIKoZIzj0EAwIw
 gY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBVNhbGVt
 MRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0MRgwFgYDVQQDDA93
 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
-HhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBjTELMAkGA1UEBhMCVVMx
+HhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBjTELMAkGA1UEBhMCVVMx
 DzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVu
 dCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
 MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqG
@@ -148,9 +148,9 @@ WWuVYT9RV7YETYlBiERcq/Iwgc0GA1UdIwSBxTCBwoAU69RLWWuVYT9RV7YETYlB
 iERcq/KhgZOkgZAwgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAM
 BgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb22CFDdnKgUktSu2rkBr4XXgl8wdEosqMAwGA1UdEwQFMAMBAf8w
+d29sZnNzbC5jb22CFHWZ2zjtMrHC0Sxeb2+dRxdY3e4mMAwGA1UdEwQFMAMBAf8w
 HAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0cAMEQCIHptxb1vnVRPxUzQEowxO7YX
-gJ7HNPjF2vthIzXmkzW0AiAbaobEEb58Fadeq4Xut4wg3OsXo/JmY6prZ+BiHxc+
-rA==
+AwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0gAMEUCIANpMUVvAYhrY8Yc6znkmqji
+4DSsrOah1v7OhZgesA2pAiEAo92EXQgoS4tY+w0z2wLqyAzaNAtOg6IQZ5kZHJOR
+yMc=
 -----END CERTIFICATE-----
diff --git a/certs/client-cert-ext.der b/certs/client-cert-ext.der
index 82aac96d6..3769535b0 100644
Binary files a/certs/client-cert-ext.der and b/certs/client-cert-ext.der differ
diff --git a/certs/client-cert-ext.pem b/certs/client-cert-ext.pem
index 07ca05d00..7fdcf37da 100644
--- a/certs/client-cert-ext.pem
+++ b/certs/client-cert-ext.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            12:37:de:bf:76:06:c4:e6:74:0c:38:84:53:e2:19:d4:b9:d3:68:d3
+            21:e5:09:ec:95:19:31:a3:cb:58:ee:53:ea:d8:7c:a3:a2:7a:1f:f5
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,8 +38,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:12:37:DE:BF:76:06:C4:E6:74:0C:38:84:53:E2:19:D4:B9:D3:68:D3
-
+                serial:21:E5:09:EC:95:19:31:A3:CB:58:EE:53:EA:D8:7C:A3:A2:7A:1F:F5
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -47,28 +46,29 @@ Certificate:
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         ac:be:4c:63:00:b5:d9:d5:9e:b1:83:61:a3:7a:1f:a8:b7:ad:
-         e0:0a:c8:c4:42:b2:ff:96:18:99:3d:16:b9:58:05:94:7b:1b:
-         da:66:27:e3:48:5b:e6:4d:7b:0f:51:c5:8e:e4:b5:c3:0b:48:
-         96:56:95:bb:3c:4d:91:c9:2c:51:61:24:37:d2:ef:ec:6c:97:
-         92:cc:b4:fc:4f:fc:db:f7:7d:71:a9:3c:3a:a1:fb:e1:14:1a:
-         c2:a3:51:e8:fc:c5:fb:57:44:73:97:93:bd:79:9a:10:9e:27:
-         e1:f2:cd:43:94:8f:6a:01:ce:40:51:e4:fa:06:d2:de:0a:10:
-         93:ff:0f:10:44:85:8a:00:60:2b:bf:86:40:5b:2e:28:11:e9:
-         8e:8a:ad:00:e9:0e:c6:67:ee:fc:53:8d:19:6a:33:91:0e:42:
-         16:83:5e:67:3b:24:05:85:b8:2a:bf:16:5b:d4:b0:a7:02:de:
-         29:6b:7b:fc:45:c1:1e:9f:d9:91:3c:92:9d:2e:c6:a7:a0:ea:
-         d7:b0:97:d6:58:14:03:4c:12:d5:f1:81:e3:a9:07:94:3f:53:
-         78:d1:61:e9:44:87:59:8b:b8:e7:c1:cc:3f:11:eb:00:e9:b5:
-         b7:6a:05:49:f7:5c:e0:e8:b4:6c:7c:f0:fc:67:5a:67:35:7e:
-         85:43:cb:b6
+    Signature Value:
+        9b:85:16:e2:26:24:59:e5:de:18:33:d0:49:ec:33:cc:5c:85:
+        fb:9d:a8:bc:e1:aa:9c:3a:0f:68:27:47:82:87:20:63:04:54:
+        22:a1:3c:09:fe:ad:3c:d5:1b:93:86:73:b3:6e:9a:3e:91:70:
+        a2:11:b8:49:a6:58:ec:6d:da:28:7b:6d:fe:d4:77:75:8d:82:
+        ff:f1:3a:1d:8b:e6:b6:e3:0f:89:5a:fd:fa:7d:b4:a2:af:e5:
+        a7:a0:1b:27:67:0d:36:6f:8a:ac:14:31:46:fe:71:7f:cd:ec:
+        32:03:3f:86:f0:24:35:7c:63:7b:52:b1:44:7d:65:53:9e:e5:
+        77:ad:bf:c7:dd:74:e1:0a:8e:66:06:0b:c9:d0:f4:5e:ab:34:
+        a7:15:eb:91:1f:79:aa:0a:c2:72:df:b5:d8:ed:60:e9:ef:9e:
+        d2:41:b0:7e:6e:09:ab:dc:b6:c0:c1:e5:e3:d3:a1:7f:ba:ce:
+        6f:6d:6f:bb:ba:9f:ab:68:37:53:07:e4:9c:37:54:11:0d:a1:
+        91:99:e2:11:9d:85:7c:fb:e2:4f:ce:73:21:4a:b6:55:4c:e2:
+        30:2d:34:3e:7a:60:2c:d7:a4:dc:0b:65:0f:06:2d:00:e5:d5:
+        38:99:05:ba:d1:80:42:6e:0d:6b:c9:ed:bb:fc:0e:2b:49:0e:
+        b5:a3:c5:43
 -----BEGIN CERTIFICATE-----
-MIIFCDCCA/CgAwIBAgIUEjfev3YGxOZ0DDiEU+IZ1LnTaNMwDQYJKoZIhvcNAQEL
+MIIFCDCCA/CgAwIBAgIUIeUJ7JUZMaPLWO5T6th8o6J6H/UwDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
+MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
@@ -82,12 +82,12 @@ Ztdohxh+VA1wJ5HHJteFZcAwgd4GA1UdIwSB1jCB04AUM9hFZtdohxh+VA1wJ5HH
 JteFZcChgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
 DgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsM
 EFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUEjfev3YGxOZ0DDiEU+IZ1LnT
-aNMwDAYDVR0TBAUwAwEB/zAWBgNVHREEDzANggtleGFtcGxlLmNvbTAOBgNVHQ8B
-Af8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAKy+TGMAtdnVnrGDYaN6H6i3reAK
-yMRCsv+WGJk9FrlYBZR7G9pmJ+NIW+ZNew9RxY7ktcMLSJZWlbs8TZHJLFFhJDfS
-7+xsl5LMtPxP/Nv3fXGpPDqh++EUGsKjUej8xftXRHOXk715mhCeJ+HyzUOUj2oB
-zkBR5PoG0t4KEJP/DxBEhYoAYCu/hkBbLigR6Y6KrQDpDsZn7vxTjRlqM5EOQhaD
-Xmc7JAWFuCq/FlvUsKcC3ilre/xFwR6f2ZE8kp0uxqeg6tewl9ZYFANMEtXxgeOp
-B5Q/U3jRYelEh1mLuOfBzD8R6wDptbdqBUn3XODotGx88PxnWmc1foVDy7Y=
+CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUIeUJ7JUZMaPLWO5T6th8o6J6
+H/UwDAYDVR0TBAUwAwEB/zAWBgNVHREEDzANggtleGFtcGxlLmNvbTAOBgNVHQ8B
+Af8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAJuFFuImJFnl3hgz0EnsM8xchfud
+qLzhqpw6D2gnR4KHIGMEVCKhPAn+rTzVG5OGc7Numj6RcKIRuEmmWOxt2ih7bf7U
+d3WNgv/xOh2L5rbjD4la/fp9tKKv5aegGydnDTZviqwUMUb+cX/N7DIDP4bwJDV8
+Y3tSsUR9ZVOe5Xetv8fddOEKjmYGC8nQ9F6rNKcV65EfeaoKwnLftdjtYOnvntJB
+sH5uCavctsDB5ePToX+6zm9tb7u6n6toN1MH5Jw3VBENoZGZ4hGdhXz74k/OcyFK
+tlVM4jAtND56YCzXpNwLZQ8GLQDl1TiZBbrRgEJuDWvJ7bv8DitJDrWjxUM=
 -----END CERTIFICATE-----
diff --git a/certs/client-cert.der b/certs/client-cert.der
index b10245930..e872b3aa9 100644
Binary files a/certs/client-cert.der and b/certs/client-cert.der differ
diff --git a/certs/client-cert.pem b/certs/client-cert.pem
index 889555315..6bf0982d5 100644
--- a/certs/client-cert.pem
+++ b/certs/client-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            08:b0:54:7a:03:5a:ec:55:8a:12:e8:f9:8e:34:b6:13:d9:59:b8:e8
+            4f:0d:8c:c5:fa:ee:a2:9b:b7:35:9e:e9:4a:17:99:f0:cc:23:f2:ec
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,8 +38,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:08:B0:54:7A:03:5A:EC:55:8A:12:E8:F9:8E:34:B6:13:D9:59:B8:E8
-
+                serial:4F:0D:8C:C5:FA:EE:A2:9B:B7:35:9E:E9:4A:17:99:F0:CC:23:F2:EC
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -47,28 +46,29 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         89:84:eb:6a:70:3b:2a:6e:a8:8b:f2:92:79:97:5c:bd:98:8b:
-         71:db:db:7c:df:db:a4:2c:59:d3:a6:75:41:c2:06:b6:17:1e:
-         0c:1f:7d:0b:7f:58:3e:c1:e7:0c:f0:62:92:77:ab:99:79:7b:
-         85:f4:d9:6c:d0:0e:e5:8b:13:35:65:9e:d7:9a:51:98:e4:49:
-         44:51:c8:e3:e0:9a:ff:c2:cb:3d:81:eb:ee:f4:1a:d1:96:4b:
-         e9:7d:de:5b:f2:64:40:ad:e1:d9:d6:b7:e1:eb:a9:3a:52:29:
-         89:aa:07:37:96:44:e3:23:49:f3:be:f3:0d:70:d1:a2:ce:78:
-         86:22:fc:76:00:84:1d:fa:8b:8a:d2:43:93:88:fa:ee:22:cc:
-         a6:86:f5:3f:24:f1:d4:70:05:4f:3b:18:32:50:67:c1:80:77:
-         0d:3c:78:75:35:d0:fd:60:f3:ed:a1:30:d0:62:25:99:6b:80:
-         56:17:3d:b4:af:1d:df:ab:48:21:c1:d2:0b:6b:94:a7:33:d1:
-         d0:82:b7:3b:92:eb:9d:d6:6c:32:81:5e:07:3c:46:34:32:7b:
-         ea:22:db:a6:a3:18:69:7c:ad:17:e4:c8:a9:8f:a8:ba:67:af:
-         99:39:ef:6e:0c:f8:a9:b3:bd:ab:71:94:e0:41:aa:a4:2d:72:
-         60:51:d1:5c
+    Signature Value:
+        46:ab:e4:6d:ae:49:5b:6a:0b:a9:87:e1:95:32:a6:d7:ae:de:
+        28:dc:c7:99:68:e2:5f:c9:5a:4c:64:b8:f5:28:42:5a:e8:5c:
+        59:32:fe:d0:1f:0b:55:89:db:67:e7:78:f3:70:cf:18:51:57:
+        8b:f3:2b:a4:66:0b:f6:03:6e:11:ac:83:52:16:7e:a2:7c:36:
+        77:f6:bb:13:19:40:2c:b8:8c:ca:d6:7e:79:7d:f4:14:8d:b5:
+        a4:09:f6:2d:4c:e7:f9:b8:25:41:15:78:f4:ca:80:41:ea:3a:
+        05:08:f6:b5:5b:a1:3b:5b:48:a8:4b:8c:19:8d:6c:87:31:76:
+        74:02:16:8b:dd:7f:d1:11:62:27:42:39:e0:9a:63:26:31:19:
+        ce:3d:41:d5:24:47:32:0f:76:d6:41:37:44:ad:73:f1:b8:ec:
+        2b:6e:9c:4f:84:c4:4e:d7:92:10:7e:23:32:a0:75:6a:e7:fe:
+        55:95:9f:0a:ad:df:f9:2a:a2:1a:59:d5:82:63:d6:5d:7d:79:
+        f4:a7:2d:dc:8c:04:cd:98:b0:42:0e:84:fa:86:50:10:61:ac:
+        73:cd:79:45:30:e8:42:a1:6a:f6:77:55:ec:07:db:52:29:ca:
+        7a:c8:a2:da:e9:f5:98:33:6a:e8:bc:89:ed:01:e2:fe:44:86:
+        86:80:39:ec
 -----BEGIN CERTIFICATE-----
-MIIFHTCCBAWgAwIBAgIUCLBUegNa7FWKEuj5jjS2E9lZuOgwDQYJKoZIhvcNAQEL
+MIIFHTCCBAWgAwIBAgIUTw2Mxfruopu3NZ7pSheZ8Mwj8uwwDQYJKoZIhvcNAQEL
 BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsMEFByb2dyYW1t
 aW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
+ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
+MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFt
 bWluZy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
@@ -82,13 +82,13 @@ Ztdohxh+VA1wJ5HHJteFZcAwgd4GA1UdIwSB1jCB04AUM9hFZtdohxh+VA1wJ5HH
 JteFZcChgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
 DgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsM
 EFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUCLBUegNa7FWKEuj5jjS2E9lZ
-uOgwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
+CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUTw2Mxfruopu3NZ7pSheZ8Mwj
+8uwwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
 BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB
-AImE62pwOypuqIvyknmXXL2Yi3Hb23zf26QsWdOmdUHCBrYXHgwffQt/WD7B5wzw
-YpJ3q5l5e4X02WzQDuWLEzVlnteaUZjkSURRyOPgmv/Cyz2B6+70GtGWS+l93lvy
-ZECt4dnWt+HrqTpSKYmqBzeWROMjSfO+8w1w0aLOeIYi/HYAhB36i4rSQ5OI+u4i
-zKaG9T8k8dRwBU87GDJQZ8GAdw08eHU10P1g8+2hMNBiJZlrgFYXPbSvHd+rSCHB
-0gtrlKcz0dCCtzuS653WbDKBXgc8RjQye+oi26ajGGl8rRfkyKmPqLpnr5k5724M
-+KmzvatxlOBBqqQtcmBR0Vw=
+AEar5G2uSVtqC6mH4ZUypteu3ijcx5lo4l/JWkxkuPUoQlroXFky/tAfC1WJ22fn
+ePNwzxhRV4vzK6RmC/YDbhGsg1IWfqJ8Nnf2uxMZQCy4jMrWfnl99BSNtaQJ9i1M
+5/m4JUEVePTKgEHqOgUI9rVboTtbSKhLjBmNbIcxdnQCFovdf9ERYidCOeCaYyYx
+Gc49QdUkRzIPdtZBN0Stc/G47CtunE+ExE7XkhB+IzKgdWrn/lWVnwqt3/kqohpZ
+1YJj1l19efSnLdyMBM2YsEIOhPqGUBBhrHPNeUUw6EKhavZ3VewH21IpynrIotrp
+9Zgzaui8ie0B4v5EhoaAOew=
 -----END CERTIFICATE-----
diff --git a/certs/client-crl-dist.der b/certs/client-crl-dist.der
index 23bd7cac2..1f90e75d2 100644
Binary files a/certs/client-crl-dist.der and b/certs/client-crl-dist.der differ
diff --git a/certs/client-crl-dist.pem b/certs/client-crl-dist.pem
index b8eba767b..720f24443 100644
--- a/certs/client-crl-dist.pem
+++ b/certs/client-crl-dist.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            4b:fb:e6:7a:af:6c:19:2e:6a:b9:4c:cc:af:a9:1e:8e:7c:de:ea:09
+            7f:64:06:76:ee:6f:ef:d3:b9:c7:d9:89:4a:04:ed:42:de:d1:58:26
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = CRL_DIST, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = CRL_DIST, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -34,32 +34,33 @@ Certificate:
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://www.wolfssl.com/crl.pem
-
+            X509v3 Subject Key Identifier: 
+                33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
     Signature Algorithm: sha256WithRSAEncryption
-         2d:cc:22:e7:1f:88:8f:59:86:50:9d:98:17:64:1b:7f:20:5d:
-         5d:41:11:c1:b4:17:1f:93:64:b6:55:ae:a2:48:b9:60:ff:6f:
-         e4:1e:5f:70:31:50:95:b5:b0:85:9b:48:13:e7:ea:18:1a:04:
-         33:cd:bc:ae:32:83:eb:e6:78:77:73:25:a2:eb:c2:fc:6f:09:
-         0e:5e:85:9d:93:98:9d:19:b9:48:3c:8c:29:c6:83:b2:8c:3c:
-         dd:47:8b:89:f1:da:ab:0e:73:64:43:61:45:74:bf:b7:8c:72:
-         79:b5:6e:29:7b:5d:df:36:9f:92:57:eb:23:ba:96:93:ba:e6:
-         53:75:ec:77:0f:9b:7d:fa:9f:2a:37:6d:fd:ce:9e:59:31:bb:
-         19:b0:72:ce:e8:34:9e:73:ae:4a:d3:47:36:b7:1c:52:a7:4a:
-         f0:86:fe:4c:51:6e:f4:d1:51:f3:5c:6f:83:c7:d1:15:07:d8:
-         c3:47:2a:80:23:fd:65:eb:38:14:5c:32:77:ff:3c:35:02:d4:
-         95:99:31:40:43:42:5b:b1:8b:30:f2:dc:6a:fe:81:08:d1:c8:
-         8e:58:9a:e5:42:91:eb:8b:4a:ae:cd:85:c6:62:f5:05:ff:5a:
-         6c:d3:27:47:32:94:60:16:96:94:25:be:82:08:fd:0c:ae:71:
-         5c:cd:aa:18
+    Signature Value:
+        65:5f:bb:09:c9:22:21:e3:38:99:5b:c7:ad:97:a3:32:17:53:
+        fc:1c:ea:35:e1:74:95:e2:aa:2f:62:11:af:a5:a6:c9:92:ae:
+        50:25:77:6d:4d:67:16:f8:4b:0d:ca:a7:dc:c7:c5:67:2b:5d:
+        e2:f8:65:8d:e7:5b:48:40:8b:9e:d5:6e:1d:02:0e:95:19:76:
+        29:e6:28:8f:a3:7a:00:98:fb:57:d5:7f:bf:34:09:46:9b:15:
+        ae:52:30:04:bc:85:c8:4d:b3:da:79:65:d3:5e:64:fd:e0:ee:
+        8c:ad:9e:a5:b5:12:d4:00:0f:b7:e3:de:27:59:18:92:5e:7c:
+        09:45:90:50:35:4a:a4:c5:2b:be:3a:d9:2e:74:2c:2c:75:50:
+        16:34:cc:fe:c4:b4:f8:d2:ad:cc:2d:70:09:33:61:40:ef:07:
+        6f:a8:7b:d9:7a:9f:61:20:49:1b:ab:ef:32:65:32:5d:b9:77:
+        cc:39:6f:c1:13:ff:d5:a4:77:c9:c7:03:a2:12:0c:eb:7e:bd:
+        15:17:66:bc:f5:65:48:5e:6f:05:9e:a1:6a:42:05:fc:90:cb:
+        4a:71:96:ce:a8:20:27:fc:d5:ae:83:1d:0b:c1:90:a4:f9:71:
+        9c:f2:20:e4:cd:4e:62:40:74:81:a6:5c:8e:45:f3:8e:5b:64:
+        46:e3:aa:e2
 -----BEGIN CERTIFICATE-----
-MIID7zCCAtegAwIBAgIUS/vmeq9sGS5quUzMr6kejnze6gkwDQYJKoZIhvcNAQEL
+MIIEDjCCAvagAwIBAgIUf2QGdu5v79O5x9mJSgTtQt7RWCYwDQYJKoZIhvcNAQEL
 BQAwgZYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxETAPBgNVBAsMCENSTF9ESVNU
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBljEL
+d29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMjcwOTE0MjEyNTI5WjCBljEL
 MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x
 FTATBgNVBAoMDHdvbGZTU0xfMjA0ODERMA8GA1UECwwIQ1JMX0RJU1QxGDAWBgNV
 BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
@@ -69,12 +70,12 @@ us8N+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN
 0jxAnEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKC
 b42GwohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZ
 DIWz2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb
-5fuhutMCAwEAAaMzMDEwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL3d3dy53b2xm
-c3NsLmNvbS9jcmwucGVtMA0GCSqGSIb3DQEBCwUAA4IBAQAtzCLnH4iPWYZQnZgX
-ZBt/IF1dQRHBtBcfk2S2Va6iSLlg/2/kHl9wMVCVtbCFm0gT5+oYGgQzzbyuMoPr
-5nh3cyWi68L8bwkOXoWdk5idGblIPIwpxoOyjDzdR4uJ8dqrDnNkQ2FFdL+3jHJ5
-tW4pe13fNp+SV+sjupaTuuZTdex3D5t9+p8qN239zp5ZMbsZsHLO6DSec65K00c2
-txxSp0rwhv5MUW700VHzXG+Dx9EVB9jDRyqAI/1l6zgUXDJ3/zw1AtSVmTFAQ0Jb
-sYsw8txq/oEI0ciOWJrlQpHri0quzYXGYvUF/1ps0ydHMpRgFpaUJb6CCP0MrnFc
-zaoY
+5fuhutMCAwEAAaNSMFAwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL3d3dy53b2xm
+c3NsLmNvbS9jcmwucGVtMB0GA1UdDgQWBBQz2EVm12iHGH5UDXAnkccm14VlwDAN
+BgkqhkiG9w0BAQsFAAOCAQEAZV+7CckiIeM4mVvHrZejMhdT/BzqNeF0leKqL2IR
+r6WmyZKuUCV3bU1nFvhLDcqn3MfFZytd4vhljedbSECLntVuHQIOlRl2KeYoj6N6
+AJj7V9V/vzQJRpsVrlIwBLyFyE2z2nll015k/eDujK2epbUS1AAPt+PeJ1kYkl58
+CUWQUDVKpMUrvjrZLnQsLHVQFjTM/sS0+NKtzC1wCTNhQO8Hb6h72XqfYSBJG6vv
+MmUyXbl3zDlvwRP/1aR3yccDohIM6369FRdmvPVlSF5vBZ6hakIF/JDLSnGWzqgg
+J/zVroMdC8GQpPlxnPIg5M1OYkB0gaZcjkXzjltkRuOq4g==
 -----END CERTIFICATE-----
diff --git a/certs/client-ecc-cert.der b/certs/client-ecc-cert.der
index 11df5e2c6..cb9da779b 100644
Binary files a/certs/client-ecc-cert.der and b/certs/client-ecc-cert.der differ
diff --git a/certs/client-ecc-cert.pem b/certs/client-ecc-cert.pem
index cb8352363..6663b5eac 100644
--- a/certs/client-ecc-cert.pem
+++ b/certs/client-ecc-cert.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            37:67:2a:05:24:b5:2b:b6:ae:40:6b:e1:75:e0:97:cc:1d:12:8b:2a
+            75:99:db:38:ed:32:b1:c2:d1:2c:5e:6f:6f:9d:47:17:58:dd:ee:26
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -26,8 +26,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
                 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:37:67:2A:05:24:B5:2B:B6:AE:40:6B:E1:75:E0:97:CC:1D:12:8B:2A
-
+                serial:75:99:DB:38:ED:32:B1:C2:D1:2C:5E:6F:6F:9D:47:17:58:DD:EE:26
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -35,16 +34,17 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:7a:6d:c5:bd:6f:9d:54:4f:c5:4c:d0:12:8c:31:
-         3b:b6:17:80:9e:c7:34:f8:c5:da:fb:61:23:35:e6:93:35:b4:
-         02:20:1b:6a:86:c4:11:be:7c:15:a7:5e:ab:85:ee:b7:8c:20:
-         dc:eb:17:a3:f2:66:63:aa:6b:67:e0:62:1f:17:3e:ac
+    Signature Value:
+        30:45:02:20:03:69:31:45:6f:01:88:6b:63:c6:1c:eb:39:e4:
+        9a:a8:e2:e0:34:ac:ac:e6:a1:d6:fe:ce:85:98:1e:b0:0d:a9:
+        02:21:00:a3:dd:84:5d:08:28:4b:8b:58:fb:0d:33:db:02:ea:
+        c8:0c:da:34:0b:4e:83:a2:10:67:99:19:1c:93:91:c8:c7
 -----BEGIN CERTIFICATE-----
-MIIDXTCCAwSgAwIBAgIUN2cqBSS1K7auQGvhdeCXzB0SiyowCgYIKoZIzj0EAwIw
+MIIDXjCCAwSgAwIBAgIUdZnbOO0yscLRLF5vb51HF1jd7iYwCgYIKoZIzj0EAwIw
 gY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBVNhbGVt
 MRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0MRgwFgYDVQQDDA93
 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
-HhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBjTELMAkGA1UEBhMCVVMx
+HhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBjTELMAkGA1UEBhMCVVMx
 DzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVu
 dCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
 MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqG
@@ -54,9 +54,9 @@ WWuVYT9RV7YETYlBiERcq/Iwgc0GA1UdIwSBxTCBwoAU69RLWWuVYT9RV7YETYlB
 iERcq/KhgZOkgZAwgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAM
 BgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb22CFDdnKgUktSu2rkBr4XXgl8wdEosqMAwGA1UdEwQFMAMBAf8w
+d29sZnNzbC5jb22CFHWZ2zjtMrHC0Sxeb2+dRxdY3e4mMAwGA1UdEwQFMAMBAf8w
 HAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0cAMEQCIHptxb1vnVRPxUzQEowxO7YX
-gJ7HNPjF2vthIzXmkzW0AiAbaobEEb58Fadeq4Xut4wg3OsXo/JmY6prZ+BiHxc+
-rA==
+AwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0gAMEUCIANpMUVvAYhrY8Yc6znkmqji
+4DSsrOah1v7OhZgesA2pAiEAo92EXQgoS4tY+w0z2wLqyAzaNAtOg6IQZ5kZHJOR
+yMc=
 -----END CERTIFICATE-----
diff --git a/certs/client-ecc384-cert.der b/certs/client-ecc384-cert.der
index 9d65ac343..321765cf8 100644
Binary files a/certs/client-ecc384-cert.der and b/certs/client-ecc384-cert.der differ
diff --git a/certs/client-ecc384-cert.pem b/certs/client-ecc384-cert.pem
index cdd8e7d09..165903650 100644
--- a/certs/client-ecc384-cert.pem
+++ b/certs/client-ecc384-cert.pem
@@ -2,8 +2,8 @@
 MIIC8TCCAnagAwIBAgICEAIwCgYIKoZIzj0EAwMwgZcxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCAXDTIzMTIx
-MzIyMTkyN1oYDzIwNTMxMjA1MjIxOTI3WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCAXDTI0MTIx
+ODIxMjUyOVoYDzIwNTQxMjExMjEyNTI5WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlw
 dGljMRMwEQYDVQQLDApFQ0MzODRDbGl0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
 b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wdjAQBgcqhkjOPQIB
@@ -12,7 +12,7 @@ BgUrgQQAIgNiAARmxAg9ZqehFdRTCiOzrQvOj8j0mB2m2LJuIhH6ue+ZwPopPkgA
 pWKvlYHL4yQ264WjgZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAw
 HQYDVR0OBBYEFB7y0Bv4/KXLP9yK9ZcqQlOwQvnUMB8GA1UdIwQYMBaAFKvgwyZM
 GNRyu9KEjJwKBZKAElNSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF
-BQcDAgYIKwYBBQUHAwQwCgYIKoZIzj0EAwMDaQAwZgIxANNvyNaU668jcKTlo9iz
-ZiaHuFxJmE0DGHTBYJClnOiXXWOYXzFbwurGYGTX3YzmtgIxALtl1Hctz2t+kLwY
-K+PYqHKH5fPWpnf8hMb9hdF/AeZqXSlutQpXG2Wppj6T6zSjLg==
+BQcDAgYIKwYBBQUHAwQwCgYIKoZIzj0EAwMDaQAwZgIxALBRR759EKgUfrAiwtYO
+UAET+NU+KgE/zTcG3jVi7BjucDG/fga41EwetUyrIkBEGwIxANTyDZDXknmolulu
+coK9Ii08nzY6xyUwmf3YVWx/5BvZmz1lQsPfUJd4fQrHa6CTLA==
 -----END CERTIFICATE-----
diff --git a/certs/client-relative-uri.pem b/certs/client-relative-uri.pem
index f1c1303cd..15df593d8 100644
--- a/certs/client-relative-uri.pem
+++ b/certs/client-relative-uri.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            28:2c:d3:e8:22:39:f9:1d:be:90:1c:5e:99:59:bb:59:d7:0e:25:de
+            1b:aa:70:3c:26:6d:64:c7:da:2b:f7:2c:90:f0:38:e7:11:7c:15:a7
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = RELATIVE_URI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = RELATIVE_URI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,34 +38,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=RELATIVE_URI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:28:2C:D3:E8:22:39:F9:1D:BE:90:1C:5E:99:59:BB:59:D7:0E:25:DE
-
+                serial:1B:AA:70:3C:26:6D:64:C7:DA:2B:F7:2C:90:F0:38:E7:11:7C:15:A7
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Alternative Name: 
                 URI:../relative/page.html
     Signature Algorithm: sha256WithRSAEncryption
-         9a:6f:69:6c:4a:a8:1a:c7:42:04:ae:d8:d3:d0:b0:ce:ae:d6:
-         68:5c:e6:91:37:39:d8:6c:64:43:11:fd:a9:ea:4a:47:e8:bc:
-         6c:dc:12:b9:70:94:12:a8:5e:21:1a:e9:a2:fa:cf:c2:19:47:
-         22:5d:6c:9e:4e:a3:6a:1d:7f:75:8f:a7:06:56:2f:c2:ac:d6:
-         2e:56:90:ef:53:01:70:5f:a2:e0:6d:28:79:ab:bb:24:40:cd:
-         62:6e:18:b5:5d:33:6a:d0:1c:84:c6:8f:82:77:1d:7b:85:c9:
-         60:db:41:b2:6e:d2:4a:3e:ed:eb:76:62:59:82:93:21:1c:b5:
-         8f:d6:9e:c2:5c:d8:a3:ca:cf:2f:16:a0:03:2d:7c:d9:3c:ec:
-         1b:55:57:da:22:49:67:c6:9d:da:9a:1a:27:d8:1f:ea:e5:74:
-         53:14:a2:9d:ba:a3:fa:0a:c9:52:fc:50:33:2a:d5:b5:25:39:
-         5a:b4:e4:8a:2e:b8:c5:5f:f7:ac:2b:b0:ec:fe:cf:a5:23:58:
-         6c:18:2c:68:2d:56:c5:16:2d:8a:0a:c1:2d:aa:cd:33:15:1c:
-         80:e3:af:91:30:f6:f4:ce:28:57:4c:32:b8:09:ac:29:b7:07:
-         47:1d:7d:bd:4a:5a:5d:97:0b:4b:c8:22:bc:f9:35:29:72:58:
-         0f:f6:34:a3
+    Signature Value:
+        03:7e:2f:52:a6:93:a3:75:d4:e3:af:a9:c4:0a:44:11:23:8c:
+        d6:3f:74:d3:f7:ab:d2:cf:b8:2c:56:38:ed:61:a5:8e:88:f1:
+        5c:fc:51:30:9a:32:4d:41:c7:09:8f:96:ae:89:76:df:f5:4f:
+        a3:a3:a9:46:a5:39:ed:79:fc:4e:ed:44:22:c2:13:b7:8c:d1:
+        63:ad:7d:c9:be:3a:38:0e:0c:5b:75:0a:b0:60:f9:f7:3c:35:
+        81:67:d6:1a:13:32:00:60:96:b9:35:b4:f6:84:01:dc:c6:46:
+        81:b1:bd:de:a9:dc:6d:ff:6b:ef:d1:77:13:f2:05:26:80:12:
+        fa:a0:82:25:4c:ae:4f:48:b1:15:46:08:79:9f:60:24:7c:40:
+        e5:65:96:f7:1e:69:90:de:1a:ad:53:7a:a6:d1:97:e5:7d:89:
+        e3:33:7c:0f:6d:37:82:04:05:5f:e2:46:e8:62:da:03:67:93:
+        28:ff:fd:80:2b:7f:42:e4:ce:7f:90:bd:c9:2e:74:4d:d8:75:
+        99:23:07:5c:15:d7:07:65:56:a3:ee:13:29:3c:a2:55:e0:9e:
+        0e:3b:b1:e3:78:c3:0f:ff:8e:bc:d9:db:87:e6:f8:ad:41:f8:
+        db:a8:4f:12:ed:ac:64:12:45:c6:95:50:ee:48:6c:28:1c:65:
+        de:18:04:69
 -----BEGIN CERTIFICATE-----
-MIIE8zCCA9ugAwIBAgIUKCzT6CI5+R2+kBxemVm7WdcOJd4wDQYJKoZIhvcNAQEL
+MIIE8zCCA9ugAwIBAgIUG6pwPCZtZMfaK/cskPA45xF8FacwDQYJKoZIhvcNAQEL
 BQAwgZoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxFTATBgNVBAsMDFJFTEFUSVZF
 X1VSSTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBp
-bmZvQHdvbGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFow
+bmZvQHdvbGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVow
 gZoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxFTATBgNVBAsMDFJFTEFUSVZFX1VS
 STEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
@@ -80,12 +80,12 @@ cCeRxybXhWXAMIHaBgNVHSMEgdIwgc+AFDPYRWbXaIcYflQNcCeRxybXhWXAoYGg
 pIGdMIGaMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
 Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxSRUxBVElW
 RV9VUkkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQ
-aW5mb0B3b2xmc3NsLmNvbYIUKCzT6CI5+R2+kBxemVm7WdcOJd4wCQYDVR0TBAIw
+aW5mb0B3b2xmc3NsLmNvbYIUG6pwPCZtZMfaK/cskPA45xF8FacwCQYDVR0TBAIw
 ADAgBgNVHREEGTAXhhUuLi9yZWxhdGl2ZS9wYWdlLmh0bWwwDQYJKoZIhvcNAQEL
-BQADggEBAJpvaWxKqBrHQgSu2NPQsM6u1mhc5pE3OdhsZEMR/anqSkfovGzcErlw
-lBKoXiEa6aL6z8IZRyJdbJ5Oo2odf3WPpwZWL8Ks1i5WkO9TAXBfouBtKHmruyRA
-zWJuGLVdM2rQHITGj4J3HXuFyWDbQbJu0ko+7et2YlmCkyEctY/WnsJc2KPKzy8W
-oAMtfNk87BtVV9oiSWfGndqaGifYH+rldFMUop26o/oKyVL8UDMq1bUlOVq05Iou
-uMVf96wrsOz+z6UjWGwYLGgtVsUWLYoKwS2qzTMVHIDjr5Ew9vTOKFdMMrgJrCm3
-B0cdfb1KWl2XC0vIIrz5NSlyWA/2NKM=
+BQADggEBAAN+L1Kmk6N11OOvqcQKRBEjjNY/dNP3q9LPuCxWOO1hpY6I8Vz8UTCa
+Mk1BxwmPlq6Jdt/1T6OjqUalOe15/E7tRCLCE7eM0WOtfcm+OjgODFt1CrBg+fc8
+NYFn1hoTMgBglrk1tPaEAdzGRoGxvd6p3G3/a+/RdxPyBSaAEvqggiVMrk9IsRVG
+CHmfYCR8QOVllvceaZDeGq1TeqbRl+V9ieMzfA9tN4IEBV/iRuhi2gNnkyj//YAr
+f0Lkzn+QvckudE3YdZkjB1wV1wdlVqPuEyk8olXgng47seN4ww//jrzZ24fm+K1B
++NuoTxLtrGQSRcaVUO5IbCgcZd4YBGk=
 -----END CERTIFICATE-----
diff --git a/certs/client-uri-cert.pem b/certs/client-uri-cert.pem
index 266eb518e..717076f3f 100644
--- a/certs/client-uri-cert.pem
+++ b/certs/client-uri-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            7a:65:40:12:3e:1c:49:57:0a:f7:c6:7d:63:b7:25:6a:d7:cb:83:38
+            1e:ed:f5:29:ba:b9:06:b1:25:8b:d5:ab:05:6f:66:d8:74:09:da:43
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = URI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = URI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,34 +38,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=URI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:7A:65:40:12:3E:1C:49:57:0A:F7:C6:7D:63:B7:25:6A:D7:CB:83:38
-
+                serial:1E:ED:F5:29:BA:B9:06:B1:25:8B:D5:AB:05:6F:66:D8:74:09:DA:43
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Alternative Name: 
                 URI:https://www.wolfssl.com
     Signature Algorithm: sha256WithRSAEncryption
-         5d:a4:3a:35:ae:40:5b:fb:1e:7b:09:41:32:4b:0b:0e:88:6e:
-         77:04:87:6c:dd:f6:bb:48:f0:38:25:d1:62:e8:fc:b8:b9:32:
-         ad:bf:2d:66:92:8e:fb:62:2b:f2:f9:64:8f:c0:48:93:1b:d5:
-         a5:34:10:da:09:27:a3:c0:67:80:4e:b6:69:0a:56:8d:63:12:
-         90:21:8b:a1:74:a0:5e:60:a3:3e:b5:4b:bf:12:a4:9f:37:ad:
-         4e:1f:08:fa:3c:b0:ab:64:ba:78:70:da:4a:b8:5a:0b:8f:ca:
-         19:3d:7d:0e:c6:20:d7:7d:99:19:26:26:d5:fd:dd:df:30:69:
-         89:ff:4d:0c:94:6c:11:2e:ff:6d:71:42:b3:76:5a:c3:f4:a4:
-         17:83:d0:1a:85:58:12:04:9b:77:39:f3:34:0b:75:bd:1f:98:
-         96:6c:b9:6a:9f:e7:49:ed:ca:5d:09:f9:3a:62:82:57:f3:ba:
-         5d:73:b6:da:c3:bd:7c:31:9e:e4:92:41:6c:8b:64:4f:cd:bd:
-         9d:02:73:29:53:2d:e0:2b:83:36:3d:c5:a2:34:43:c0:7a:03:
-         1b:74:e3:75:02:84:ef:92:bf:e8:a5:43:53:04:0c:ea:bb:ba:
-         3a:e1:28:b6:c8:15:dd:5a:bb:ae:b0:47:81:5b:09:c2:47:5b:
-         f8:7a:87:bc
+    Signature Value:
+        4a:f0:dc:9b:15:c3:a1:a6:ea:20:5f:3e:07:c6:6b:dc:35:46:
+        96:0b:0d:92:60:84:a4:e4:1f:ca:36:54:31:62:2e:3c:b2:b0:
+        c8:99:e8:e7:13:a7:5b:bb:15:81:a9:6c:ed:67:ef:1c:9a:c9:
+        e8:92:4d:16:36:40:0e:88:88:86:17:ba:c9:27:d9:ff:fc:df:
+        80:db:8f:96:6b:ac:b2:f9:ed:51:69:5a:66:e7:2f:83:19:38:
+        b8:a4:69:12:66:b5:9e:83:55:c9:9a:cc:85:b0:21:a2:08:e4:
+        00:00:eb:c5:d1:de:a2:28:53:08:f1:7a:9e:4c:52:b8:04:26:
+        1a:92:63:40:82:92:80:8d:f2:3f:a0:6e:8f:19:2e:b9:cf:cf:
+        40:21:8e:a4:74:2c:21:97:c2:b2:5d:f7:48:ac:d7:93:c1:d5:
+        ae:29:bc:b9:0a:d3:cb:2d:f8:60:e3:ef:f0:24:fc:d1:6f:4d:
+        8f:65:64:2c:8b:ec:6e:14:d1:c5:f6:e6:d1:7b:cc:57:37:2d:
+        8c:1e:02:e9:91:ca:38:06:3c:7f:9d:ad:8e:ef:d8:91:74:5c:
+        22:9f:e0:ce:69:ee:8b:f2:e1:ac:34:59:64:c4:b2:74:1d:09:
+        71:22:e6:5f:a2:39:82:8f:d2:bc:b1:fa:28:bc:b7:02:7c:db:
+        8c:18:31:2c
 -----BEGIN CERTIFICATE-----
-MIIE2jCCA8KgAwIBAgIUemVAEj4cSVcK98Z9Y7clatfLgzgwDQYJKoZIhvcNAQEL
+MIIE2jCCA8KgAwIBAgIUHu31Kbq5BrEli9WrBW9m2HQJ2kMwDQYJKoZIhvcNAQEL
 BQAwgZExCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxDDAKBgNVBAsMA1VSSTEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
-c2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZExCzAJBgNV
+c2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZExCzAJBgNV
 BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYD
 VQQKDAx3b2xmU1NMXzIwNDgxDDAKBgNVBAsMA1VSSTEYMBYGA1UEAwwPd3d3Lndv
 bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -79,12 +79,12 @@ o4IBJjCCASIwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeRxybXhWXAMIHRBgNVHSME
 gckwgcaAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGXpIGUMIGRMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwM
 d29sZlNTTF8yMDQ4MQwwCgYDVQQLDANVUkkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
-LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUemVAEj4cSVcK
-98Z9Y7clatfLgzgwCQYDVR0TBAIwADAiBgNVHREEGzAZhhdodHRwczovL3d3dy53
-b2xmc3NsLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAXaQ6Na5AW/seewlBMksLDohu
-dwSHbN32u0jwOCXRYuj8uLkyrb8tZpKO+2Ir8vlkj8BIkxvVpTQQ2gkno8BngE62
-aQpWjWMSkCGLoXSgXmCjPrVLvxKknzetTh8I+jywq2S6eHDaSrhaC4/KGT19DsYg
-132ZGSYm1f3d3zBpif9NDJRsES7/bXFCs3Zaw/SkF4PQGoVYEgSbdznzNAt1vR+Y
-lmy5ap/nSe3KXQn5OmKCV/O6XXO22sO9fDGe5JJBbItkT829nQJzKVMt4CuDNj3F
-ojRDwHoDG3TjdQKE75K/6KVDUwQM6ru6OuEotsgV3Vq7rrBHgVsJwkdb+HqHvA==
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUHu31Kbq5BrEl
+i9WrBW9m2HQJ2kMwCQYDVR0TBAIwADAiBgNVHREEGzAZhhdodHRwczovL3d3dy53
+b2xmc3NsLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEASvDcmxXDoabqIF8+B8Zr3DVG
+lgsNkmCEpOQfyjZUMWIuPLKwyJno5xOnW7sVgals7WfvHJrJ6JJNFjZADoiIhhe6
+ySfZ//zfgNuPlmussvntUWlaZucvgxk4uKRpEma1noNVyZrMhbAhogjkAADrxdHe
+oihTCPF6nkxSuAQmGpJjQIKSgI3yP6Bujxkuuc/PQCGOpHQsIZfCsl33SKzXk8HV
+rim8uQrTyy34YOPv8CT80W9Nj2VkLIvsbhTRxfbm0XvMVzctjB4C6ZHKOAY8f52t
+ju/YkXRcIp/gzmnui/LhrDRZZMSydB0JcSLmX6I5go/SvLH6KLy3AnzbjBgxLA==
 -----END CERTIFICATE-----
diff --git a/certs/crl/caEcc384Crl.pem b/certs/crl/caEcc384Crl.pem
index cf3f9a1b1..121de3e94 100644
--- a/certs/crl/caEcc384Crl.pem
+++ b/certs/crl/caEcc384Crl.pem
@@ -1,10 +1,10 @@
 -----BEGIN X509 CRL-----
-MIIBcTCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+MIIBcDCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
 FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
-DTI2MTAwNTAwMzQzMFqgLzAtMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA
-ElNSMAoGA1UdFAQDAgEMMAoGCCqGSM49BAMCA2gAMGUCMQCjqo2bmsEzvBpsVBfA
-7CXvvAoldG0sFKW75EvAUOFZYWC92/GDULxTxzOGqg81B5ICMEeFr+vl+RMQZfju
-ZY3eOC5PKW4z1LwneOUyoKu2joHBENLhsD+tSixSHumx+kmh2g==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzNFoX
+DTI3MDkxNDIxMjUzNFqgLzAtMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA
+ElNSMAoGA1UdFAQDAgEMMAoGCCqGSM49BAMCA2cAMGQCMDKae7ZvYiojInLxbTzT
+4BmRACiOHKaJ2sqHOg2LGjK9wi7NWVHHj5RSTl3IhNbRGQIwMYDsSgoSxgrHosJw
+VyT9SlosPUE09Ae08eSNNJ+G1/oEjr0bMsPLWKSped6EB2T+
 -----END X509 CRL-----
diff --git a/certs/crl/caEccCrl.pem b/certs/crl/caEccCrl.pem
index 8574c307d..3e8bfa97b 100644
--- a/certs/crl/caEccCrl.pem
+++ b/certs/crl/caEccCrl.pem
@@ -1,10 +1,10 @@
 -----BEGIN X509 CRL-----
-MIIBUDCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+MIIBUTCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
 FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
-DTI2MTAwNTAwMzQzMFqgLzAtMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD
-86UhMAoGA1UdFAQDAgELMAoGCCqGSM49BAMCA0cAMEQCIFuy1ACI/xzHowxHb4+6
-Ey9EPuLVgbvwLmVVSnDiwEkAAiB8BrOHHUMxK0ZFMZoAdRBgE/p32q9FdJJfAO0n
-VnFcxg==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzNFoX
+DTI3MDkxNDIxMjUzNFqgLzAtMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD
+86UhMAoGA1UdFAQDAgELMAoGCCqGSM49BAMCA0gAMEUCIFylKTKFoYK0b3BzLuZH
+ogE/cU49ZhXq2mFAPXs36KMtAiEAl8PNBnDpVgUCaET+OUlrVCy+7oO+uixBGspf
+aRus9TQ=
 -----END X509 CRL-----
diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem
index e20203ef7..b604f75e2 100644
--- a/certs/crl/cliCrl.pem
+++ b/certs/crl/cliCrl.pem
@@ -2,41 +2,42 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jan  9 00:34:30 2024 GMT
-        Next Update: Oct  5 00:34:30 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 8
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Jan  9 00:34:30 2024 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         52:11:97:57:04:d7:e2:14:1f:c4:7f:a2:d8:cf:4c:b7:5b:0c:
-         d3:ac:ca:29:10:74:09:2f:3d:fb:4d:75:3e:32:21:5a:0f:41:
-         5f:cc:e7:98:f8:ea:8e:e2:c9:57:60:b6:a3:b0:70:10:18:b9:
-         86:a3:65:1e:3a:88:13:df:44:18:15:51:00:f6:33:d6:ab:90:
-         18:93:df:ac:7d:15:5c:6a:63:55:d1:4d:41:37:03:89:86:65:
-         fa:fb:d7:b1:73:db:c3:43:08:ff:89:94:89:b1:b4:ad:96:78:
-         52:92:50:8c:0a:5d:ca:29:8b:e0:bc:ca:88:c0:7a:52:48:d3:
-         cf:09:03:08:5f:a1:b9:16:b0:55:5e:11:60:7f:73:9a:98:05:
-         54:97:bf:eb:0e:04:61:4f:b4:40:23:61:9a:07:69:78:fc:16:
-         de:f4:54:04:cf:f0:2b:07:8d:51:9e:6b:b5:77:c4:13:2c:a3:
-         40:99:ed:fa:f4:00:4a:45:36:da:52:9d:dc:88:66:3e:03:f0:
-         20:ce:54:a4:56:58:a8:9e:30:78:e8:42:2d:a8:0f:9b:c4:a9:
-         ab:13:c2:4e:ec:be:2e:99:16:56:2f:22:86:96:27:1d:30:80:
-         7d:a5:f8:45:ef:93:b4:63:13:96:4f:6a:df:a0:11:3b:52:be:
-         93:03:7a:81
+    Signature Value:
+        36:42:de:cb:20:dd:0a:c7:3b:1c:a0:b6:18:48:3a:30:25:40:
+        5c:42:50:2f:d9:0e:ed:df:66:1f:9d:da:5b:fc:04:0c:46:b5:
+        68:0b:17:df:42:32:1b:57:2d:d2:ca:07:67:54:97:28:fc:b6:
+        cd:e6:12:1b:29:0b:2c:03:eb:3f:05:d2:ce:a2:08:f8:eb:17:
+        0f:64:20:5d:2a:e8:16:5a:72:45:bb:a5:d1:f9:fb:50:c6:b7:
+        97:4a:1c:25:a1:cc:8d:4c:df:a9:1f:c0:a2:f5:86:9d:c1:04:
+        40:1a:b1:75:63:05:f1:62:63:38:d4:5c:90:ef:9a:fa:76:12:
+        b3:14:80:ea:0f:67:0b:6c:22:39:0b:55:59:cd:34:b1:b3:62:
+        c5:1b:89:a1:a3:bb:77:28:43:ca:9e:47:a2:84:0c:4f:87:f1:
+        62:57:4c:e7:89:12:6a:bd:69:d6:e3:07:12:03:13:73:70:8d:
+        3c:97:89:68:4a:95:f5:33:92:f4:de:e6:55:9f:00:22:91:70:
+        7f:f1:99:24:09:84:83:65:17:4a:a8:ef:2c:fb:4a:ca:93:df:
+        a3:23:4e:5e:d6:56:30:f7:80:98:09:c6:2f:d6:46:65:df:a2:
+        0d:bc:ed:44:9e:53:de:9d:e1:84:0e:88:0e:61:3c:a4:4d:e5:
+        7d:4f:1e:9c
 -----BEGIN X509 CRL-----
 MIICDjCB9wIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
 MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAx
-MDkwMDM0MzBaFw0yNjEwMDUwMDM0MzBaMBQwEgIBAhcNMjQwMTA5MDAzNDMwWqAO
-MAwwCgYDVR0UBAMCAQgwDQYJKoZIhvcNAQELBQADggEBAFIRl1cE1+IUH8R/otjP
-TLdbDNOsyikQdAkvPftNdT4yIVoPQV/M55j46o7iyVdgtqOwcBAYuYajZR46iBPf
-RBgVUQD2M9arkBiT36x9FVxqY1XRTUE3A4mGZfr717Fz28NDCP+JlImxtK2WeFKS
-UIwKXcopi+C8yojAelJI088JAwhfobkWsFVeEWB/c5qYBVSXv+sOBGFPtEAjYZoH
-aXj8Ft70VATP8CsHjVGea7V3xBMso0CZ7fr0AEpFNtpSndyIZj4D8CDOVKRWWKie
-MHjoQi2oD5vEqasTwk7svi6ZFlYvIoaWJx0wgH2l+EXvk7RjE5ZPat+gETtSvpMD
-eoE=
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDEy
+MTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMBQwEgIBAhcNMjQxMjE4MjEyNTM0WqAO
+MAwwCgYDVR0UBAMCAQgwDQYJKoZIhvcNAQELBQADggEBADZC3ssg3QrHOxygthhI
+OjAlQFxCUC/ZDu3fZh+d2lv8BAxGtWgLF99CMhtXLdLKB2dUlyj8ts3mEhspCywD
+6z8F0s6iCPjrFw9kIF0q6BZackW7pdH5+1DGt5dKHCWhzI1M36kfwKL1hp3BBEAa
+sXVjBfFiYzjUXJDvmvp2ErMUgOoPZwtsIjkLVVnNNLGzYsUbiaGju3coQ8qeR6KE
+DE+H8WJXTOeJEmq9adbjBxIDE3NwjTyXiWhKlfUzkvTe5lWfACKRcH/xmSQJhINl
+F0qo7yz7SsqT36MjTl7WVjD3gJgJxi/WRmXfog287USeU96d4YQOiA5hPKRN5X1P
+Hpw=
 -----END X509 CRL-----
diff --git a/certs/crl/crl.der b/certs/crl/crl.der
index 7ce490cda..34448882c 100644
Binary files a/certs/crl/crl.der and b/certs/crl/crl.der differ
diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem
index 583128748..7a320c7c8 100644
--- a/certs/crl/crl.pem
+++ b/certs/crl/crl.pem
@@ -2,40 +2,41 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jan  9 00:34:30 2024 GMT
-        Next Update: Oct  5 00:34:30 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 2
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Jan  9 00:34:30 2024 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         b3:6f:ed:72:d2:73:6a:77:bf:3a:55:bc:54:18:6a:71:bc:6a:
-         cc:cd:5d:90:f5:64:8d:1b:f0:e0:48:7b:f2:7b:06:86:53:63:
-         9b:d8:24:15:10:b1:19:96:9b:d2:75:a8:25:a2:35:a9:14:d6:
-         d5:5e:53:e3:34:9d:f2:8b:07:19:9b:1f:f1:02:0f:04:46:e8:
-         b8:b6:f2:8d:c7:c0:15:3e:3e:8e:96:73:15:1e:62:f6:4e:2a:
-         f7:aa:a0:91:80:12:7f:81:0c:65:cc:38:be:58:6c:14:a5:21:
-         a1:8d:f7:8a:b9:24:f4:2d:ca:c0:67:43:0b:c8:1c:b4:7d:12:
-         7f:a2:1b:19:0e:94:cf:7b:9f:75:a0:08:9a:67:3f:87:89:3e:
-         f8:58:a5:8a:1b:2d:da:9b:d0:1b:18:92:c3:d2:6a:d7:1c:fc:
-         45:69:77:c3:57:65:75:99:9e:47:2a:20:25:ef:90:f2:5f:3b:
-         7d:9c:7d:00:ea:92:54:eb:0b:e7:17:af:24:1a:f9:7c:83:50:
-         68:1d:dc:5b:60:12:a7:52:78:d9:a9:b0:1f:59:48:36:c7:a6:
-         97:34:c7:87:3f:ae:fd:a9:56:5d:48:cc:89:7a:79:60:8f:9b:
-         2b:63:3c:b3:04:1d:5f:f7:20:d2:fd:f2:51:b1:96:93:13:5b:
-         ab:74:82:8b
+    Signature Value:
+        12:0f:c8:40:72:63:f9:e2:60:6d:d2:b2:90:57:a0:c2:dc:fa:
+        44:0d:ac:c2:f6:68:30:04:42:1a:8d:5a:0b:12:b6:78:1d:30:
+        81:09:db:71:26:4d:5c:7b:32:58:79:5a:fa:ec:4f:32:db:68:
+        45:5e:e9:7f:52:82:fc:4a:04:37:18:34:b3:da:f4:e3:39:93:
+        97:60:bb:ea:9a:2a:75:5c:60:57:d5:8b:da:8f:06:d2:21:cd:
+        a3:e3:dc:dc:5e:81:bd:8f:a8:da:07:1a:02:31:1b:95:5b:2e:
+        47:5d:74:01:e7:d7:fe:c4:4c:ef:28:ca:7f:9b:c5:ea:42:2f:
+        49:d7:e8:f3:44:0d:55:85:76:77:02:9f:c8:00:d5:73:5a:55:
+        71:5b:8e:d7:31:25:8d:a8:14:4f:34:90:34:e4:4f:30:8e:ae:
+        a3:98:85:df:57:e6:a0:ef:99:7b:82:31:5e:db:8c:61:1d:a7:
+        71:88:c6:06:27:71:98:00:94:81:d4:a2:97:de:5a:c6:32:e7:
+        51:2a:b6:36:4c:56:d0:fc:b8:19:fa:8b:d5:b4:e6:17:a9:a3:
+        64:2b:65:7f:3a:89:b7:f6:0b:40:5f:f8:c2:9c:77:1c:01:20:
+        6b:1c:04:a5:19:7e:7c:d4:c5:3c:9d:3e:c9:1d:39:b8:e7:5a:
+        38:47:05:67
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
-DTI2MTAwNTAwMzQzMFowFDASAgECFw0yNDAxMDkwMDM0MzBaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAs2/tctJzane/OlW8VBhqcbxqzM1dkPVk
-jRvw4Eh78nsGhlNjm9gkFRCxGZab0nWoJaI1qRTW1V5T4zSd8osHGZsf8QIPBEbo
-uLbyjcfAFT4+jpZzFR5i9k4q96qgkYASf4EMZcw4vlhsFKUhoY33irkk9C3KwGdD
-C8gctH0Sf6IbGQ6Uz3ufdaAImmc/h4k++Filihst2pvQGxiSw9Jq1xz8RWl3w1dl
-dZmeRyogJe+Q8l87fZx9AOqSVOsL5xevJBr5fINQaB3cW2ASp1J42amwH1lINsem
-lzTHhz+u/alWXUjMiXp5YI+bK2M8swQdX/cg0v3yUbGWkxNbq3SCiw==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzNFoX
+DTI3MDkxNDIxMjUzNFowFDASAgECFw0yNDEyMTgyMTI1MzRaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAEg/IQHJj+eJgbdKykFegwtz6RA2swvZo
+MARCGo1aCxK2eB0wgQnbcSZNXHsyWHla+uxPMttoRV7pf1KC/EoENxg0s9r04zmT
+l2C76poqdVxgV9WL2o8G0iHNo+Pc3F6BvY+o2gcaAjEblVsuR110AefX/sRM7yjK
+f5vF6kIvSdfo80QNVYV2dwKfyADVc1pVcVuO1zEljagUTzSQNORPMI6uo5iF31fm
+oO+Ze4IxXtuMYR2ncYjGBidxmACUgdSil95axjLnUSq2NkxW0Py4GfqL1bTmF6mj
+ZCtlfzqJt/YLQF/4wpx3HAEgaxwEpRl+fNTFPJ0+yR05uOdaOEcFZw==
 -----END X509 CRL-----
diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked
index 9dfc67fd1..5650cc9c6 100644
--- a/certs/crl/crl.revoked
+++ b/certs/crl/crl.revoked
@@ -2,43 +2,44 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jan  9 00:34:30 2024 GMT
-        Next Update: Oct  5 00:34:30 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 3
 Revoked Certificates:
     Serial Number: 01
-        Revocation Date: Jan  9 00:34:30 2024 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Serial Number: 02
-        Revocation Date: Jan  9 00:34:30 2024 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         35:50:96:da:71:71:90:d5:b7:37:5a:a6:b9:09:07:2f:af:c9:
-         e0:02:32:6a:43:6e:20:ec:20:a4:ac:d0:39:a9:19:35:d0:d2:
-         6f:bb:d1:cd:46:10:a7:cb:8a:be:0a:02:a2:91:f5:29:74:ee:
-         34:83:a3:8c:a0:ca:39:af:94:4a:23:d7:56:57:6b:cc:c6:eb:
-         b0:ce:9f:0a:e1:b0:a8:12:6b:6a:8b:21:73:22:6f:49:41:cd:
-         fd:85:44:d1:fa:52:6b:2f:b2:2b:02:e7:43:0e:f1:92:bc:15:
-         8f:22:28:49:25:69:93:d8:50:10:2f:93:e2:f5:b0:31:5c:eb:
-         1a:35:e2:40:83:25:87:55:4d:c0:85:06:37:9e:23:44:80:a1:
-         f9:e2:eb:9c:90:28:7a:71:d8:55:a2:8b:70:32:31:33:26:70:
-         fe:1d:11:d5:4b:c1:04:47:19:59:44:8f:0b:0a:ec:d6:62:40:
-         8a:6f:67:2e:6a:50:38:54:35:c9:f8:d5:ec:e8:ae:93:88:3d:
-         a0:40:81:2c:e0:fe:f7:c8:68:24:8e:41:04:88:af:94:82:97:
-         75:e5:69:4c:22:1d:f9:67:53:a3:4c:a3:db:bf:55:08:e7:3a:
-         07:67:a2:28:25:63:af:f8:0e:c7:d3:c1:77:ef:20:20:20:63:
-         9e:5c:22:81
+    Signature Value:
+        8b:62:fa:68:b7:84:a7:0d:ac:47:bb:92:e7:e2:9a:a5:e3:2b:
+        ba:7a:af:06:8e:b2:3d:7d:42:48:66:78:e0:e4:f3:f4:0a:b1:
+        75:50:fe:02:30:ce:60:2d:ce:7d:2b:0d:31:02:02:a1:f3:be:
+        7b:08:75:c4:bb:2d:a3:d1:23:21:22:c7:72:0e:b7:7e:17:f6:
+        21:5d:aa:fd:cf:b0:b6:56:6d:80:8d:72:a5:25:82:5a:5b:5d:
+        b5:90:06:47:1a:d7:15:9a:64:10:96:24:b0:06:40:bc:fe:26:
+        ec:05:be:99:32:2e:ba:87:b2:a8:0e:7f:5e:3e:23:14:19:c5:
+        e7:16:b7:b8:79:f0:6b:be:20:64:b9:89:4e:69:0f:51:54:5f:
+        55:82:75:cc:e1:61:00:e9:7f:19:35:16:80:d1:80:39:0c:2b:
+        59:12:c6:27:de:68:1c:40:5f:e8:7d:68:ea:9c:30:75:5b:47:
+        4e:2e:78:4a:1d:37:ec:7f:b8:34:ba:cb:57:f8:ae:5e:cc:fa:
+        ba:66:be:13:5a:08:2b:37:e6:ac:ce:bf:22:82:9c:73:11:5b:
+        84:80:07:a7:2c:43:54:bf:1c:6a:55:d1:d2:02:28:35:4f:40:
+        8e:0e:c4:8c:dd:2d:01:40:e1:f9:f1:c3:ed:f3:82:9f:4c:ed:
+        30:aa:48:10
 -----BEGIN X509 CRL-----
 MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
 VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAxMDkwMDM0MzBa
-Fw0yNjEwMDUwMDM0MzBaMCgwEgIBARcNMjQwMTA5MDAzNDMwWjASAgECFw0yNDAx
-MDkwMDM0MzBaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEANVCW
-2nFxkNW3N1qmuQkHL6/J4AIyakNuIOwgpKzQOakZNdDSb7vRzUYQp8uKvgoCopH1
-KXTuNIOjjKDKOa+USiPXVldrzMbrsM6fCuGwqBJraoshcyJvSUHN/YVE0fpSay+y
-KwLnQw7xkrwVjyIoSSVpk9hQEC+T4vWwMVzrGjXiQIMlh1VNwIUGN54jRICh+eLr
-nJAoenHYVaKLcDIxMyZw/h0R1UvBBEcZWUSPCwrs1mJAim9nLmpQOFQ1yfjV7Oiu
-k4g9oECBLOD+98hoJI5BBIivlIKXdeVpTCId+WdTo0yj279VCOc6B2eiKCVjr/gO
-x9PBd+8gICBjnlwigQ==
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDEyMTgyMTI1MzRa
+Fw0yNzA5MTQyMTI1MzRaMCgwEgIBARcNMjQxMjE4MjEyNTM0WjASAgECFw0yNDEy
+MTgyMTI1MzRaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEAi2L6
+aLeEpw2sR7uS5+KapeMrunqvBo6yPX1CSGZ44OTz9AqxdVD+AjDOYC3OfSsNMQIC
+ofO+ewh1xLsto9EjISLHcg63fhf2IV2q/c+wtlZtgI1ypSWCWltdtZAGRxrXFZpk
+EJYksAZAvP4m7AW+mTIuuoeyqA5/Xj4jFBnF5xa3uHnwa74gZLmJTmkPUVRfVYJ1
+zOFhAOl/GTUWgNGAOQwrWRLGJ95oHEBf6H1o6pwwdVtHTi54Sh037H+4NLrLV/iu
+Xsz6uma+E1oIKzfmrM6/IoKccxFbhIAHpyxDVL8calXR0gIoNU9Ajg7EjN0tAUDh
++fHD7fOCn0ztMKpIEA==
 -----END X509 CRL-----
diff --git a/certs/crl/crl2.der b/certs/crl/crl2.der
index 7ce490cda..34448882c 100644
Binary files a/certs/crl/crl2.der and b/certs/crl/crl2.der differ
diff --git a/certs/crl/crl2.pem b/certs/crl/crl2.pem
index f722481ba..371fe8260 100644
--- a/certs/crl/crl2.pem
+++ b/certs/crl/crl2.pem
@@ -2,79 +2,81 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jan  9 00:34:30 2024 GMT
-        Next Update: Oct  5 00:34:30 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 2
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Jan  9 00:34:30 2024 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         b3:6f:ed:72:d2:73:6a:77:bf:3a:55:bc:54:18:6a:71:bc:6a:
-         cc:cd:5d:90:f5:64:8d:1b:f0:e0:48:7b:f2:7b:06:86:53:63:
-         9b:d8:24:15:10:b1:19:96:9b:d2:75:a8:25:a2:35:a9:14:d6:
-         d5:5e:53:e3:34:9d:f2:8b:07:19:9b:1f:f1:02:0f:04:46:e8:
-         b8:b6:f2:8d:c7:c0:15:3e:3e:8e:96:73:15:1e:62:f6:4e:2a:
-         f7:aa:a0:91:80:12:7f:81:0c:65:cc:38:be:58:6c:14:a5:21:
-         a1:8d:f7:8a:b9:24:f4:2d:ca:c0:67:43:0b:c8:1c:b4:7d:12:
-         7f:a2:1b:19:0e:94:cf:7b:9f:75:a0:08:9a:67:3f:87:89:3e:
-         f8:58:a5:8a:1b:2d:da:9b:d0:1b:18:92:c3:d2:6a:d7:1c:fc:
-         45:69:77:c3:57:65:75:99:9e:47:2a:20:25:ef:90:f2:5f:3b:
-         7d:9c:7d:00:ea:92:54:eb:0b:e7:17:af:24:1a:f9:7c:83:50:
-         68:1d:dc:5b:60:12:a7:52:78:d9:a9:b0:1f:59:48:36:c7:a6:
-         97:34:c7:87:3f:ae:fd:a9:56:5d:48:cc:89:7a:79:60:8f:9b:
-         2b:63:3c:b3:04:1d:5f:f7:20:d2:fd:f2:51:b1:96:93:13:5b:
-         ab:74:82:8b
+    Signature Value:
+        12:0f:c8:40:72:63:f9:e2:60:6d:d2:b2:90:57:a0:c2:dc:fa:
+        44:0d:ac:c2:f6:68:30:04:42:1a:8d:5a:0b:12:b6:78:1d:30:
+        81:09:db:71:26:4d:5c:7b:32:58:79:5a:fa:ec:4f:32:db:68:
+        45:5e:e9:7f:52:82:fc:4a:04:37:18:34:b3:da:f4:e3:39:93:
+        97:60:bb:ea:9a:2a:75:5c:60:57:d5:8b:da:8f:06:d2:21:cd:
+        a3:e3:dc:dc:5e:81:bd:8f:a8:da:07:1a:02:31:1b:95:5b:2e:
+        47:5d:74:01:e7:d7:fe:c4:4c:ef:28:ca:7f:9b:c5:ea:42:2f:
+        49:d7:e8:f3:44:0d:55:85:76:77:02:9f:c8:00:d5:73:5a:55:
+        71:5b:8e:d7:31:25:8d:a8:14:4f:34:90:34:e4:4f:30:8e:ae:
+        a3:98:85:df:57:e6:a0:ef:99:7b:82:31:5e:db:8c:61:1d:a7:
+        71:88:c6:06:27:71:98:00:94:81:d4:a2:97:de:5a:c6:32:e7:
+        51:2a:b6:36:4c:56:d0:fc:b8:19:fa:8b:d5:b4:e6:17:a9:a3:
+        64:2b:65:7f:3a:89:b7:f6:0b:40:5f:f8:c2:9c:77:1c:01:20:
+        6b:1c:04:a5:19:7e:7c:d4:c5:3c:9d:3e:c9:1d:39:b8:e7:5a:
+        38:47:05:67
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
-DTI2MTAwNTAwMzQzMFowFDASAgECFw0yNDAxMDkwMDM0MzBaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAs2/tctJzane/OlW8VBhqcbxqzM1dkPVk
-jRvw4Eh78nsGhlNjm9gkFRCxGZab0nWoJaI1qRTW1V5T4zSd8osHGZsf8QIPBEbo
-uLbyjcfAFT4+jpZzFR5i9k4q96qgkYASf4EMZcw4vlhsFKUhoY33irkk9C3KwGdD
-C8gctH0Sf6IbGQ6Uz3ufdaAImmc/h4k++Filihst2pvQGxiSw9Jq1xz8RWl3w1dl
-dZmeRyogJe+Q8l87fZx9AOqSVOsL5xevJBr5fINQaB3cW2ASp1J42amwH1lINsem
-lzTHhz+u/alWXUjMiXp5YI+bK2M8swQdX/cg0v3yUbGWkxNbq3SCiw==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzNFoX
+DTI3MDkxNDIxMjUzNFowFDASAgECFw0yNDEyMTgyMTI1MzRaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAEg/IQHJj+eJgbdKykFegwtz6RA2swvZo
+MARCGo1aCxK2eB0wgQnbcSZNXHsyWHla+uxPMttoRV7pf1KC/EoENxg0s9r04zmT
+l2C76poqdVxgV9WL2o8G0iHNo+Pc3F6BvY+o2gcaAjEblVsuR110AefX/sRM7yjK
+f5vF6kIvSdfo80QNVYV2dwKfyADVc1pVcVuO1zEljagUTzSQNORPMI6uo5iF31fm
+oO+Ze4IxXtuMYR2ncYjGBidxmACUgdSil95axjLnUSq2NkxW0Py4GfqL1bTmF6mj
+ZCtlfzqJt/YLQF/4wpx3HAEgaxwEpRl+fNTFPJ0+yR05uOdaOEcFZw==
 -----END X509 CRL-----
 Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jan  9 00:34:30 2024 GMT
-        Next Update: Oct  5 00:34:30 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         48:97:27:ce:47:2d:c9:e5:a9:7d:ac:6a:36:29:92:0d:bf:b7:
-         17:04:cb:7b:1c:a1:ce:e8:45:6d:c8:b9:a2:81:16:74:9d:b1:
-         b5:06:5f:46:64:06:74:e4:6a:79:13:27:a2:ed:f4:7e:73:0b:
-         c4:6e:99:9a:35:a7:8b:02:69:92:6d:80:da:dd:5c:fd:05:e0:
-         0e:4b:ee:5b:55:5c:a7:d0:c2:83:f3:41:62:86:f1:b3:f2:67:
-         48:6b:b2:3e:3f:b2:1d:aa:63:54:3a:43:62:9a:9e:87:ef:49:
-         36:dc:29:36:74:8b:7d:d7:04:b8:38:6d:55:5a:56:db:a1:72:
-         cf:bd:9f:cc:b4:59:f4:65:06:fb:a4:80:48:98:1c:1f:c9:b8:
-         c6:b2:3e:47:c5:2f:f3:f4:ca:45:97:4c:20:08:72:90:5f:c3:
-         e9:b8:4d:04:4b:1c:43:7d:b0:e3:34:59:9c:5f:db:ad:c3:87:
-         11:3f:eb:8c:75:5f:2f:b8:84:12:c1:73:f1:ec:f8:2e:36:b9:
-         5d:3e:a9:9d:70:dd:24:84:77:de:29:b8:73:39:70:6b:44:91:
-         cb:bf:b5:fc:b8:6f:93:75:8c:58:f4:aa:79:8f:70:24:5d:75:
-         19:e7:9a:08:6a:8e:cd:8d:cc:17:d2:6f:76:d5:40:99:1c:e8:
-         53:99:4e:f0
+    Signature Value:
+        a2:61:f8:3b:d8:53:33:4c:c2:36:fa:65:d9:70:7f:ce:b8:b2:
+        ff:ba:06:ab:f3:ce:aa:48:b9:11:20:3a:9d:48:14:4c:e6:95:
+        12:4e:c0:cf:2a:da:d1:bc:72:05:e7:32:1f:2a:f3:14:be:df:
+        59:28:b5:cd:b8:6c:81:73:46:20:a4:8b:43:d9:75:1e:e9:e7:
+        17:79:44:da:7b:b7:1a:dc:c8:c3:d8:05:5f:dc:d8:6f:f0:db:
+        c8:40:ae:50:57:54:e1:26:69:75:b3:61:0f:2c:9c:f5:7c:b4:
+        d1:df:6d:3c:eb:c4:04:96:dd:78:09:fa:41:23:dc:86:29:a3:
+        79:8a:56:bd:9b:66:34:3e:36:22:3a:9d:84:aa:0b:09:0b:36:
+        dc:a2:62:59:76:83:2e:0f:61:28:9b:f9:c5:53:74:61:3d:78:
+        b8:f8:36:de:ec:7c:f2:e1:d5:86:cb:db:bb:f2:c1:a6:83:f9:
+        c1:16:f7:8b:ad:35:47:e2:d1:ca:6d:21:8a:c6:8c:6e:10:69:
+        e6:56:22:5d:fc:82:65:8a:a3:9c:4d:d0:91:c8:2a:fa:87:60:
+        c6:e3:12:30:da:2a:77:02:4d:f1:46:02:85:e9:a2:3d:d2:8e:
+        f5:3a:6d:5c:6a:86:b5:6d:55:ac:db:fd:a1:44:82:fe:2c:64:
+        4c:ba:1b:91
 -----BEGIN X509 CRL-----
 MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
 MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDAx
-MDkwMDM0MzBaFw0yNjEwMDUwMDM0MzBaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQsFAAOCAQEASJcnzkctyeWpfaxqNimSDb+3FwTLexyhzuhFbci5ooEWdJ2x
-tQZfRmQGdORqeRMnou30fnMLxG6ZmjWniwJpkm2A2t1c/QXgDkvuW1Vcp9DCg/NB
-Yobxs/JnSGuyPj+yHapjVDpDYpqeh+9JNtwpNnSLfdcEuDhtVVpW26Fyz72fzLRZ
-9GUG+6SASJgcH8m4xrI+R8Uv8/TKRZdMIAhykF/D6bhNBEscQ32w4zRZnF/brcOH
-ET/rjHVfL7iEEsFz8ez4Lja5XT6pnXDdJIR33im4czlwa0SRy7+1/Lhvk3WMWPSq
-eY9wJF11GeeaCGqOzY3MF9JvdtVAmRzoU5lO8A==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNDEy
+MTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG
+9w0BAQsFAAOCAQEAomH4O9hTM0zCNvpl2XB/zriy/7oGq/POqki5ESA6nUgUTOaV
+Ek7Azyra0bxyBecyHyrzFL7fWSi1zbhsgXNGIKSLQ9l1HunnF3lE2nu3GtzIw9gF
+X9zYb/DbyECuUFdU4SZpdbNhDyyc9Xy00d9tPOvEBJbdeAn6QSPchimjeYpWvZtm
+ND42IjqdhKoLCQs23KJiWXaDLg9hKJv5xVN0YT14uPg23ux88uHVhsvbu/LBpoP5
+wRb3i601R+LRym0hisaMbhBp5lYiXfyCZYqjnE3Qkcgq+odgxuMSMNoqdwJN8UYC
+hemiPdKO9TptXGqGtW1VrNv9oUSC/ixkTLobkQ==
 -----END X509 CRL-----
diff --git a/certs/crl/crl_rsapss.pem b/certs/crl/crl_rsapss.pem
index fab27b611..74915c05f 100644
--- a/certs/crl/crl_rsapss.pem
+++ b/certs/crl/crl_rsapss.pem
@@ -1,53 +1,53 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
-        Last Update: Jan  9 00:34:30 2024 GMT
-        Next Update: Oct  5 00:34:30 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 13
 Revoked Certificates:
     Serial Number: 01
-        Revocation Date: Jan  9 00:34:30 2024 GMT
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         68:74:81:f0:7e:55:bb:ea:38:4e:ae:d5:b2:b6:c2:6a:53:fa:
-         2a:23:07:d0:b8:76:66:74:cb:ba:e7:b2:66:ac:19:1d:b5:ba:
-         ab:e7:de:f2:84:10:e5:df:57:ea:19:f4:2c:af:d8:61:b3:09:
-         31:e4:b3:94:08:65:52:03:b4:5c:7b:d0:44:37:59:df:d3:13:
-         09:f7:da:34:a1:d0:8d:e8:c7:73:05:60:15:a2:ef:a1:94:31:
-         0b:a7:ee:3d:25:12:19:6a:e5:29:30:3c:97:82:ed:a5:db:f3:
-         54:7f:2a:73:c2:be:0d:25:30:9b:d4:c0:77:99:db:55:dd:d2:
-         f7:88:d0:8b:74:66:00:65:14:d6:c6:4c:a8:de:cf:54:19:bf:
-         3a:d9:6a:80:4a:85:87:f6:ec:3d:3d:01:67:54:ea:82:7f:d5:
-         c3:37:3b:c3:d0:82:ce:01:30:bf:30:a0:c2:04:70:ab:5b:02:
-         05:2f:ca:f1:e2:49:d3:50:04:e4:f2:77:08:16:5a:45:95:6c:
-         c9:80:72:a7:e6:b6:97:d4:22:5d:b7:f9:3a:5e:d0:be:6a:53:
-         44:35:fc:e9:45:3b:56:4a:1d:06:38:8e:5b:1b:fe:a2:0b:5b:
-         c2:5d:5e:99:84:7e:ba:c4:5c:b5:43:1d:a2:9b:b3:05:bd:33:
-         38:8e:2c:e8
+        Revocation Date: Dec 18 21:25:34 2024 GMT
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        06:13:7c:70:5f:2b:3b:4f:8f:50:ab:05:97:6b:65:df:1d:95:
+        f3:e7:e3:1e:36:84:e7:19:ae:6d:3c:5c:10:f9:a5:c8:bd:14:
+        a6:ea:0b:0f:34:6d:69:78:c8:df:db:73:4a:c9:cf:c8:ad:f3:
+        58:8e:ac:f4:8f:46:ae:83:93:6a:6c:cd:7a:a2:40:24:51:74:
+        55:6f:23:a9:2d:75:d6:54:55:ab:dc:91:56:d5:f7:1f:33:47:
+        18:ac:cb:13:f6:15:9b:93:f0:16:10:79:9f:42:32:b9:44:93:
+        04:5a:45:18:6c:79:16:34:0d:00:dc:61:42:50:3b:ec:86:de:
+        6c:60:73:99:37:17:79:52:b4:67:72:21:3e:e7:06:1b:49:20:
+        e1:53:23:db:2b:0a:42:54:44:62:4f:87:11:2d:cf:26:3f:60:
+        0d:5f:6b:d7:89:45:60:0d:71:1a:fb:b5:13:55:53:27:90:f0:
+        b8:cc:ce:99:50:69:bd:fa:3b:1d:7f:11:be:7b:cf:4f:09:de:
+        9b:a7:f9:05:34:2e:f1:59:dc:ea:e9:6b:c4:98:d7:8f:eb:81:
+        f7:ab:73:01:6e:6f:7c:00:dc:b9:55:4b:14:c0:74:28:32:3a:
+        b3:ee:0f:d9:8d:ca:dd:3a:fb:1e:72:19:f1:7c:94:cb:ff:00:
+        49:2d:ab:d0
 -----BEGIN X509 CRL-----
-MIICgzCCATsCAQEwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkq
-hkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASAwgbIxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NM
-X1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJ
-k/IsZAEBDAd3b2xmU1NMFw0yNDAxMDkwMDM0MzBaFw0yNjEwMDUwMDM0MzBaMBQw
-EgIBARcNMjQwMTA5MDAzNDMwWqAOMAwwCgYDVR0UBAMCAQ0wPQYJKoZIhvcNAQEK
-MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
-ASADggEBAGh0gfB+VbvqOE6u1bK2wmpT+iojB9C4dmZ0y7rnsmasGR21uqvn3vKE
-EOXfV+oZ9Cyv2GGzCTHks5QIZVIDtFx70EQ3Wd/TEwn32jSh0I3ox3MFYBWi76GU
-MQun7j0lEhlq5SkwPJeC7aXb81R/KnPCvg0lMJvUwHeZ21Xd0veI0It0ZgBlFNbG
-TKjez1QZvzrZaoBKhYf27D09AWdU6oJ/1cM3O8PQgs4BML8woMIEcKtbAgUvyvHi
-SdNQBOTydwgWWkWVbMmAcqfmtpfUIl23+Tpe0L5qU0Q1/OlFO1ZKHQY4jlsb/qIL
-W8JdXpmEfrrEXLVDHaKbswW9MziOLOg=
+MIICizCCAT8CAQEwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoG
+CSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMIGyMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UECgwOd29s
+ZlNTTF9SU0FQU1MxEjAQBgNVBAsMCUNBLVJTQVBTUzEYMBYGA1UEAwwPd3d3Lndv
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYK
+CZImiZPyLGQBAQwHd29sZlNTTBcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0
+WjAUMBICAQEXDTI0MTIxODIxMjUzNFqgDjAMMAoGA1UdFAQDAgENMEEGCSqGSIb3
+DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUD
+BAIBBQCiAwIBIAOCAQEABhN8cF8rO0+PUKsFl2tl3x2V8+fjHjaE5xmubTxcEPml
+yL0UpuoLDzRtaXjI39tzSsnPyK3zWI6s9I9GroOTamzNeqJAJFF0VW8jqS111lRV
+q9yRVtX3HzNHGKzLE/YVm5PwFhB5n0IyuUSTBFpFGGx5FjQNANxhQlA77IbebGBz
+mTcXeVK0Z3IhPucGG0kg4VMj2ysKQlREYk+HES3PJj9gDV9r14lFYA1xGvu1E1VT
+J5DwuMzOmVBpvfo7HX8RvnvPTwnem6f5BTQu8Vnc6ulrxJjXj+uB96tzAW5vfADc
+uVVLFMB0KDI6s+4P2Y3K3Tr7HnIZ8XyUy/8ASS2r0A==
 -----END X509 CRL-----
diff --git a/certs/crl/eccCliCRL.pem b/certs/crl/eccCliCRL.pem
index f7a8c1778..5be9aba83 100644
--- a/certs/crl/eccCliCRL.pem
+++ b/certs/crl/eccCliCRL.pem
@@ -2,25 +2,26 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jan  9 00:34:30 2024 GMT
-        Next Update: Oct  5 00:34:30 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 9
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Jan  9 00:34:30 2024 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:20:3b:07:f1:6c:fb:19:62:f2:56:2a:5c:21:a3:7d:
-         bf:06:33:3e:b4:53:01:f3:f5:0e:e6:ca:f5:b9:26:7e:4d:ca:
-         02:21:00:dd:04:d6:b1:18:01:b7:d6:ca:d9:7b:29:53:cf:9e:
-         ad:38:ef:fa:70:2c:41:74:ba:ce:e6:77:1f:22:86:f0:e3
+    Signature Value:
+        30:46:02:21:00:83:c3:c9:fb:7c:ba:38:4a:fd:2b:60:80:d1:
+        3a:6d:5f:52:c7:b9:f4:53:a9:7c:1e:c7:5c:fe:66:39:f6:3b:
+        79:02:21:00:bf:83:70:99:74:15:ac:92:d8:39:df:3b:c8:bc:
+        2b:78:65:9d:ba:d8:2c:e4:22:17:2b:10:b8:b3:5b:d7:40:58
 -----BEGIN X509 CRL-----
-MIIBPDCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
+MIIBPTCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
 Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL
 BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
-DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQwMTA5MDAzNDMwWhcNMjYxMDA1MDAz
-NDMwWjAUMBICAQIXDTI0MDEwOTAwMzQzMFqgDjAMMAoGA1UdFAQDAgEJMAoGCCqG
-SM49BAMCA0gAMEUCIDsH8Wz7GWLyVipcIaN9vwYzPrRTAfP1DubK9bkmfk3KAiEA
-3QTWsRgBt9bK2XspU8+erTjv+nAsQXS6zuZ3HyKG8OM=
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEy
+NTM0WjAUMBICAQIXDTI0MTIxODIxMjUzNFqgDjAMMAoGA1UdFAQDAgEJMAoGCCqG
+SM49BAMCA0kAMEYCIQCDw8n7fLo4Sv0rYIDROm1fUse59FOpfB7HXP5mOfY7eQIh
+AL+DcJl0FayS2DnfO8i8K3hlnbrYLOQiFysQuLNb10BY
 -----END X509 CRL-----
diff --git a/certs/crl/eccSrvCRL.pem b/certs/crl/eccSrvCRL.pem
index 2b6bc71ce..b26e63281 100644
--- a/certs/crl/eccSrvCRL.pem
+++ b/certs/crl/eccSrvCRL.pem
@@ -2,25 +2,26 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jan  9 00:34:30 2024 GMT
-        Next Update: Oct  5 00:34:30 2026 GMT
+        Last Update: Dec 18 21:25:34 2024 GMT
+        Next Update: Sep 14 21:25:34 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 10
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Jan  9 00:34:30 2024 GMT
+        Revocation Date: Dec 18 21:25:34 2024 GMT
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:20:4e:83:3e:21:ee:69:a6:f2:7e:87:45:10:5c:60:
-         ad:24:49:1e:0f:9e:1f:81:03:00:43:a9:e6:1b:63:27:3f:6b:
-         02:21:00:b2:7f:bd:3d:af:c4:f5:ff:82:3f:b7:6a:56:25:7c:
-         07:85:54:d9:19:44:42:60:b4:8a:e3:55:f4:a4:96:c7:d1
+    Signature Value:
+        30:46:02:21:00:f9:6b:fd:14:b6:22:16:76:a1:1a:b8:7f:d8:
+        2d:5c:f6:0b:b9:1e:50:3e:ab:69:94:a0:d2:cc:f3:b6:eb:50:
+        0d:02:21:00:9f:8f:c1:0d:2e:4a:49:cf:ca:9c:d9:d4:54:37:
+        c1:49:df:38:c7:26:06:a8:f5:61:cb:e3:24:dc:d9:86:36:b3
 -----BEGIN X509 CRL-----
-MIIBPzCB5gIBATAKBggqhkjOPQQDAjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+MIIBQDCB5gIBATAKBggqhkjOPQQDAjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
 MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQwMTA5MDAzNDMwWhcNMjYxMDA1
-MDAzNDMwWjAUMBICAQIXDTI0MDEwOTAwMzQzMFqgDjAMMAoGA1UdFAQDAgEKMAoG
-CCqGSM49BAMCA0gAMEUCIE6DPiHuaabyfodFEFxgrSRJHg+eH4EDAEOp5htjJz9r
-AiEAsn+9Pa/E9f+CP7dqViV8B4VU2RlEQmC0iuNV9KSWx9E=
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0
+MjEyNTM0WjAUMBICAQIXDTI0MTIxODIxMjUzNFqgDjAMMAoGA1UdFAQDAgEKMAoG
+CCqGSM49BAMCA0kAMEYCIQD5a/0UtiIWdqEauH/YLVz2C7keUD6raZSg0szztutQ
+DQIhAJ+PwQ0uSknPypzZ1FQ3wUnfOMcmBqj1YcvjJNzZhjaz
 -----END X509 CRL-----
diff --git a/certs/crl/extra-crls/ca-int-cert-revoked.pem b/certs/crl/extra-crls/ca-int-cert-revoked.pem
index 598502aee..a160ea72e 100644
--- a/certs/crl/extra-crls/ca-int-cert-revoked.pem
+++ b/certs/crl/extra-crls/ca-int-cert-revoked.pem
@@ -2,12 +2,12 @@
 MIICBTCB7gIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
-DTI2MTAwNTAwMzQzMFowFTATAgIQABcNMjQwMTA5MDAzNDMwWqAOMAwwCgYDVR0U
-BAMCAQUwDQYJKoZIhvcNAQELBQADggEBAHeXXNQirv4s301n52RKjlA2GgYMtqKU
-pNmZhFVY91LH4JUb93+iHfeBACD7ELUF0lHY6WEk26cL9JU3+2PKE/CqhmLtmtLE
-hksE55zfOep+WzeQrngJTEJrsS5ptkCI38NX7uzOn1PC5bX70LdzC4v8wZpZuxCf
-VVgORds34s8Hdwq5Scx2qdgip3XTPoxJYIG+iBRp1zg9DM/RIOgCtSISkB9AU2wJ
-obFgLNAuhJue6swyo4rj++V6g38ojrZoknwmgZ3qIo4AwZt5o1UhVBkJbXYpbyi6
-bDlDuvJ2SNoaAcGsNjT8Opy61ti729wI/hOqUDn0WqsinFhljpRqW04=
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzNFoX
+DTI3MDkxNDIxMjUzNFowFTATAgIQABcNMjQxMjE4MjEyNTM0WqAOMAwwCgYDVR0U
+BAMCAQUwDQYJKoZIhvcNAQELBQADggEBAIhhLr6vLcfpBh7jB6SfToKS0yPJON6j
+qBBhPH6xI/bbQOMjOqMeh7olBf7NuPU3ak6FkiiYqlsSO0WMQgALVRffJHKXIpzw
+9x2wClDh/93QQoeKHoyf3BSWCU1b9wG3X3j2NzCUjGZb1n18HrZmdHuKFi5JR5b2
+ovKbJaoKrQurtlbPp98D4v36GR78RGuNOAbXPB5TQSsCRrFg6MKTkqeAwtZYaDAq
+V4jcjtpEm5HSoC2UlpNudXLi+mJ63dX2/vd3Zo12I8tVsSVYvD50suSRlVrynnkp
+NbQ1lFxbtBBjHQwJXn+hmh/RlCAjfebwH3qPKzHSftrcD1MfFXUvl7E=
 -----END X509 CRL-----
diff --git a/certs/crl/extra-crls/general-server-crl.pem b/certs/crl/extra-crls/general-server-crl.pem
index eab9266e7..d9d2ed1a7 100644
--- a/certs/crl/extra-crls/general-server-crl.pem
+++ b/certs/crl/extra-crls/general-server-crl.pem
@@ -2,12 +2,12 @@
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MDEwOTAwMzQzMFoX
-DTI2MTAwNTAwMzQzMFowFDASAgEBFw0yNDAxMDkwMDM0MzBaoA4wDDAKBgNVHRQE
-AwIBBDANBgkqhkiG9w0BAQsFAAOCAQEAWFcHDGDzEVttKWzvWv88rkJhBQihzcbm
-I5qlXrccNXrC+7fqHcXp2crCE0o75tnrXkcAL7YWeKcO1SkfIuyd84N73JrEECmf
-MaJEVgQrGmuqyLk8p3cq+Rqomyc1KxpxIzUkX7BL6ZCMZGWvvybcA51F+zX+9cMa
-jAFR7Ta9byN+TyrDDxecqhGgs/hjfTdXg2NABZjLjFZ3Eo4JO7aio6DgCygIncZX
-46xDMqYnl0fOl6+GNBmRdt16O3LXNRFJyvFx/sXBmAVa3/Sfq7UoF+zyT/k0zInu
-qfwBkM/hdrpfH2ZyzyDHC4/NXOv/tLZWfbakXAUWZpRx04Wyi8WKyw==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzNFoX
+DTI3MDkxNDIxMjUzNFowFDASAgEBFw0yNDEyMTgyMTI1MzRaoA4wDDAKBgNVHRQE
+AwIBBDANBgkqhkiG9w0BAQsFAAOCAQEAa9iQzyqcZHY/kx9Ywnj6/vRf2i/SkV9o
+xJX+Y4Yhs0NDqJdKhr3w8wMF4j9sq79zFeeCvc8nczSwpotp7ENMDf6L45sPl9dB
+CxvT9TOlgCJxA5zNXcJ3kI2R3x2M02E02pE5TmqN/kjC9PCa0rIcGTA0Uo2M1IXB
+TLRyza9XPZDYA19flgsPHC456JVrnfCOoVR6rCJmX0SSwMyGl10Wrcl3fdy1VeLc
+ZwUNUbo22swPPP7YtvJPlZ/ue7lGBf08BD8+bDGgEo2pZFZ51VFzyuRgfZ2/tnEY
+4hNQUSLfDhjXCcwz3arRXdaaA7xnOEMaehfwd/cjkiJWvNygGr83Wg==
 -----END X509 CRL-----
diff --git a/certs/crl/server-goodaltCrl.pem b/certs/crl/server-goodaltCrl.pem
index 6305d4f34..20165e4ec 100644
--- a/certs/crl/server-goodaltCrl.pem
+++ b/certs/crl/server-goodaltCrl.pem
@@ -2,37 +2,38 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:29 2023 GMT
-        Next Update: Sep  8 22:19:29 2026 GMT
+        Last Update: Dec 18 21:25:31 2024 GMT
+        Next Update: Sep 14 21:25:31 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         30:f4:19:0d:3b:23:d8:e3:b9:55:f5:aa:91:6d:20:a3:71:7d:
-         a2:c8:2e:92:18:17:fb:73:5c:52:f0:44:32:67:87:43:82:93:
-         94:53:62:c3:32:c6:6e:4a:93:a6:99:44:f7:95:b0:24:98:95:
-         8a:e9:62:6b:30:18:46:b4:00:1c:f1:75:e5:87:dc:5c:c3:b3:
-         35:2b:3a:8a:2a:a6:99:73:88:e5:07:d8:cb:ec:d9:ba:06:69:
-         1c:2f:38:37:44:e2:b4:d5:e1:f6:38:56:b3:45:ff:66:7a:da:
-         00:0c:d4:4c:d3:2f:90:e8:4a:c2:0a:1f:4a:6b:1a:87:57:a9:
-         31:f9:78:2b:1f:8c:9c:ed:ef:08:d1:15:49:8d:fa:8d:57:80:
-         36:b4:42:1f:58:62:80:9f:2f:66:cc:b3:4c:64:18:9e:8e:9d:
-         b7:cb:a3:7c:47:67:bf:ec:68:a7:10:f6:68:b0:a8:7a:d4:a5:
-         eb:77:6a:0c:de:3a:16:6b:9c:87:6c:aa:5b:e1:e2:03:d9:ac:
-         33:3a:51:56:de:b1:61:c2:01:70:2b:96:e1:b4:0f:08:a2:f4:
-         49:79:51:eb:1c:56:a9:9e:a4:f7:f9:6a:69:2a:d7:d7:77:45:
-         7a:97:12:bb:d6:6b:6e:07:aa:05:87:b5:6f:b7:b2:1f:e6:84:
-         33:87:16:14
+    Signature Value:
+        5f:bb:9e:e9:f1:4e:f7:5b:07:24:60:bd:b5:3a:7b:88:04:fa:
+        a7:6c:15:17:b8:f9:dd:12:a5:df:59:ec:0f:00:a1:a6:24:46:
+        d7:a4:c5:2d:30:71:b7:6c:7b:f2:a8:09:02:9d:f9:96:e0:49:
+        94:d0:a5:bf:b0:df:65:5f:7a:82:7a:5d:14:0b:67:c8:d3:12:
+        fb:12:48:ac:a0:4d:7a:b1:0e:07:25:e7:e4:69:75:a2:a9:d0:
+        a7:f0:09:d1:ba:a8:be:40:8a:e1:ad:1b:c6:a3:46:b3:2b:44:
+        81:d2:bd:66:b8:ba:d0:d5:6d:0e:da:ee:b3:40:d2:7d:40:59:
+        25:12:f3:e9:98:07:00:96:e6:72:97:d5:dc:a0:a4:ea:4f:36:
+        c9:07:cf:ae:08:ab:f0:90:fe:93:d4:b6:50:73:c1:a5:d5:5b:
+        04:ce:9b:11:5a:b2:1c:11:75:39:f5:97:4b:4e:dd:be:47:ae:
+        c9:c3:1e:a4:6a:1b:ca:ec:40:09:3c:3f:34:9b:e6:00:83:d6:
+        fa:84:1f:85:48:64:61:2b:4c:50:d6:be:29:67:f7:37:62:95:
+        0a:ff:ee:ab:02:1e:79:d3:1c:60:50:a9:3e:0e:da:5f:38:14:
+        b7:0b:d3:02:f8:1d:9f:ea:e9:9c:81:86:87:02:9e:6d:0d:5a:
+        85:57:ba:23
 -----BEGIN X509 CRL-----
 MIIB3DCBxQIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
-Zm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVqgDjAM
-MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAw9BkNOyPY47lV9aqRbSCj
-cX2iyC6SGBf7c1xS8EQyZ4dDgpOUU2LDMsZuSpOmmUT3lbAkmJWK6WJrMBhGtAAc
-8XXlh9xcw7M1KzqKKqaZc4jlB9jL7Nm6BmkcLzg3ROK01eH2OFazRf9metoADNRM
-0y+Q6ErCCh9KaxqHV6kx+XgrH4yc7e8I0RVJjfqNV4A2tEIfWGKAny9mzLNMZBie
-jp23y6N8R2e/7GinEPZosKh61KXrd2oM3joWa5yHbKpb4eID2awzOlFW3rFhwgFw
-K5bhtA8IovRJeVHrHFapnqT3+WppKtfXd0V6lxK71mtuB6oFh7Vvt7If5oQzhxYU
+Zm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVqgDjAM
+MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBfu57p8U73WwckYL21OnuI
+BPqnbBUXuPndEqXfWewPAKGmJEbXpMUtMHG3bHvyqAkCnfmW4EmU0KW/sN9lX3qC
+el0UC2fI0xL7EkisoE16sQ4HJefkaXWiqdCn8AnRuqi+QIrhrRvGo0azK0SB0r1m
+uLrQ1W0O2u6zQNJ9QFklEvPpmAcAluZyl9XcoKTqTzbJB8+uCKvwkP6T1LZQc8Gl
+1VsEzpsRWrIcEXU59ZdLTt2+R67Jwx6kahvK7EAJPD80m+YAg9b6hB+FSGRhK0xQ
+1r4pZ/c3YpUK/+6rAh550xxgUKk+DtpfOBS3C9MC+B2f6umcgYaHAp5tDVqFV7oj
 -----END X509 CRL-----
diff --git a/certs/crl/server-goodaltwildCrl.pem b/certs/crl/server-goodaltwildCrl.pem
index 6305d4f34..20165e4ec 100644
--- a/certs/crl/server-goodaltwildCrl.pem
+++ b/certs/crl/server-goodaltwildCrl.pem
@@ -2,37 +2,38 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:29 2023 GMT
-        Next Update: Sep  8 22:19:29 2026 GMT
+        Last Update: Dec 18 21:25:31 2024 GMT
+        Next Update: Sep 14 21:25:31 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         30:f4:19:0d:3b:23:d8:e3:b9:55:f5:aa:91:6d:20:a3:71:7d:
-         a2:c8:2e:92:18:17:fb:73:5c:52:f0:44:32:67:87:43:82:93:
-         94:53:62:c3:32:c6:6e:4a:93:a6:99:44:f7:95:b0:24:98:95:
-         8a:e9:62:6b:30:18:46:b4:00:1c:f1:75:e5:87:dc:5c:c3:b3:
-         35:2b:3a:8a:2a:a6:99:73:88:e5:07:d8:cb:ec:d9:ba:06:69:
-         1c:2f:38:37:44:e2:b4:d5:e1:f6:38:56:b3:45:ff:66:7a:da:
-         00:0c:d4:4c:d3:2f:90:e8:4a:c2:0a:1f:4a:6b:1a:87:57:a9:
-         31:f9:78:2b:1f:8c:9c:ed:ef:08:d1:15:49:8d:fa:8d:57:80:
-         36:b4:42:1f:58:62:80:9f:2f:66:cc:b3:4c:64:18:9e:8e:9d:
-         b7:cb:a3:7c:47:67:bf:ec:68:a7:10:f6:68:b0:a8:7a:d4:a5:
-         eb:77:6a:0c:de:3a:16:6b:9c:87:6c:aa:5b:e1:e2:03:d9:ac:
-         33:3a:51:56:de:b1:61:c2:01:70:2b:96:e1:b4:0f:08:a2:f4:
-         49:79:51:eb:1c:56:a9:9e:a4:f7:f9:6a:69:2a:d7:d7:77:45:
-         7a:97:12:bb:d6:6b:6e:07:aa:05:87:b5:6f:b7:b2:1f:e6:84:
-         33:87:16:14
+    Signature Value:
+        5f:bb:9e:e9:f1:4e:f7:5b:07:24:60:bd:b5:3a:7b:88:04:fa:
+        a7:6c:15:17:b8:f9:dd:12:a5:df:59:ec:0f:00:a1:a6:24:46:
+        d7:a4:c5:2d:30:71:b7:6c:7b:f2:a8:09:02:9d:f9:96:e0:49:
+        94:d0:a5:bf:b0:df:65:5f:7a:82:7a:5d:14:0b:67:c8:d3:12:
+        fb:12:48:ac:a0:4d:7a:b1:0e:07:25:e7:e4:69:75:a2:a9:d0:
+        a7:f0:09:d1:ba:a8:be:40:8a:e1:ad:1b:c6:a3:46:b3:2b:44:
+        81:d2:bd:66:b8:ba:d0:d5:6d:0e:da:ee:b3:40:d2:7d:40:59:
+        25:12:f3:e9:98:07:00:96:e6:72:97:d5:dc:a0:a4:ea:4f:36:
+        c9:07:cf:ae:08:ab:f0:90:fe:93:d4:b6:50:73:c1:a5:d5:5b:
+        04:ce:9b:11:5a:b2:1c:11:75:39:f5:97:4b:4e:dd:be:47:ae:
+        c9:c3:1e:a4:6a:1b:ca:ec:40:09:3c:3f:34:9b:e6:00:83:d6:
+        fa:84:1f:85:48:64:61:2b:4c:50:d6:be:29:67:f7:37:62:95:
+        0a:ff:ee:ab:02:1e:79:d3:1c:60:50:a9:3e:0e:da:5f:38:14:
+        b7:0b:d3:02:f8:1d:9f:ea:e9:9c:81:86:87:02:9e:6d:0d:5a:
+        85:57:ba:23
 -----BEGIN X509 CRL-----
 MIIB3DCBxQIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
-Zm9Ad29sZnNzbC5jb20XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVqgDjAM
-MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAw9BkNOyPY47lV9aqRbSCj
-cX2iyC6SGBf7c1xS8EQyZ4dDgpOUU2LDMsZuSpOmmUT3lbAkmJWK6WJrMBhGtAAc
-8XXlh9xcw7M1KzqKKqaZc4jlB9jL7Nm6BmkcLzg3ROK01eH2OFazRf9metoADNRM
-0y+Q6ErCCh9KaxqHV6kx+XgrH4yc7e8I0RVJjfqNV4A2tEIfWGKAny9mzLNMZBie
-jp23y6N8R2e/7GinEPZosKh61KXrd2oM3joWa5yHbKpb4eID2awzOlFW3rFhwgFw
-K5bhtA8IovRJeVHrHFapnqT3+WppKtfXd0V6lxK71mtuB6oFh7Vvt7If5oQzhxYU
+Zm9Ad29sZnNzbC5jb20XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVqgDjAM
+MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBfu57p8U73WwckYL21OnuI
+BPqnbBUXuPndEqXfWewPAKGmJEbXpMUtMHG3bHvyqAkCnfmW4EmU0KW/sN9lX3qC
+el0UC2fI0xL7EkisoE16sQ4HJefkaXWiqdCn8AnRuqi+QIrhrRvGo0azK0SB0r1m
+uLrQ1W0O2u6zQNJ9QFklEvPpmAcAluZyl9XcoKTqTzbJB8+uCKvwkP6T1LZQc8Gl
+1VsEzpsRWrIcEXU59ZdLTt2+R67Jwx6kahvK7EAJPD80m+YAg9b6hB+FSGRhK0xQ
+1r4pZ/c3YpUK/+6rAh550xxgUKk+DtpfOBS3C9MC+B2f6umcgYaHAp5tDVqFV7oj
 -----END X509 CRL-----
diff --git a/certs/crl/server-goodcnCrl.pem b/certs/crl/server-goodcnCrl.pem
index 967523621..499b7595e 100644
--- a/certs/crl/server-goodcnCrl.pem
+++ b/certs/crl/server-goodcnCrl.pem
@@ -2,37 +2,38 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:29 2023 GMT
-        Next Update: Sep  8 22:19:29 2026 GMT
+        Last Update: Dec 18 21:25:31 2024 GMT
+        Next Update: Sep 14 21:25:31 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         b7:22:47:45:ee:bb:63:91:42:29:23:33:af:eb:d7:46:41:be:
-         66:89:0e:62:ff:b7:c0:9a:09:46:95:98:33:36:63:ec:2a:10:
-         01:2c:a9:9d:6c:1a:45:b9:95:e8:62:3d:10:ee:65:a0:6c:8d:
-         aa:d0:41:6f:b1:d9:a9:59:dd:e9:40:c1:36:73:89:3a:59:02:
-         42:c3:77:33:59:a0:52:18:4b:0c:64:bd:f6:10:cc:50:3f:ad:
-         bb:95:02:13:73:5a:95:a0:15:08:ec:dc:0f:53:3a:29:de:1b:
-         3e:b4:4a:8c:3a:14:0d:48:f6:88:05:b7:55:ff:c0:e9:aa:e2:
-         49:26:8e:ba:b5:88:3a:c1:5a:48:68:ed:bb:b9:ae:1e:ad:18:
-         44:60:08:15:4f:ef:8e:7f:db:63:60:aa:36:9a:7b:1a:92:34:
-         43:65:b8:d2:6c:85:4d:62:75:c8:5b:45:60:c2:b2:72:c6:79:
-         9d:19:24:2e:bf:8f:75:24:7c:60:83:bf:98:e0:dc:98:b4:18:
-         ef:41:c7:10:46:89:2b:88:73:40:f4:f1:7b:17:5e:2b:fa:bd:
-         28:9e:8e:b9:9a:d5:ba:a0:29:65:b8:df:27:b0:c5:51:b6:61:
-         7b:69:0f:be:17:4b:14:48:73:60:14:ea:96:fd:9c:4c:62:bd:
-         ea:cf:b0:b1
+    Signature Value:
+        2f:28:e7:b2:46:58:01:03:b8:47:87:4d:75:63:04:40:cd:c2:
+        dd:23:17:82:81:03:88:b9:99:20:91:50:70:84:dd:38:b1:51:
+        7e:fb:67:09:d1:73:54:e2:58:2a:1b:b4:35:3b:b9:32:70:d0:
+        03:e2:ec:7c:90:d4:18:63:bf:35:c0:93:80:bf:fa:2b:57:88:
+        e1:24:c2:59:87:9b:9f:c3:04:2f:ed:53:ae:22:c7:5d:b5:41:
+        18:b9:96:37:e6:50:96:d2:c0:4c:ba:a6:ac:13:af:86:7d:58:
+        01:e0:ad:23:bb:76:bd:36:ff:d7:3f:4e:4d:0e:20:e0:97:29:
+        e7:a7:26:a1:3a:56:e8:d2:86:24:58:06:2d:0b:26:3e:f9:fc:
+        0d:fc:75:e3:1b:72:28:ff:5d:07:cd:da:4b:46:be:62:f7:6a:
+        bc:d3:4d:18:b2:53:59:04:ab:3f:de:30:63:b3:42:ae:0d:00:
+        b9:f8:f6:bc:7a:b6:fd:4f:f4:72:89:3b:84:d0:7e:12:70:7b:
+        17:26:0c:9d:ba:a5:aa:b3:0d:e0:4b:07:09:52:87:7a:28:b5:
+        77:0b:68:57:37:ab:c4:36:6b:1c:08:8d:34:9d:b6:3a:39:20:
+        be:3d:77:2a:85:2f:38:26:1a:01:60:34:9f:7e:bc:c4:7a:a6:
+        d5:13:1d:9c
 -----BEGIN X509 CRL-----
 MIIB1TCBvgIBATANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzEQMA4GA1UE
 CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
-c3NsLmNvbRcNMjMxMjEzMjIxOTI5WhcNMjYwOTA4MjIxOTI5WqAOMAwwCgYDVR0U
-BAMCAQEwDQYJKoZIhvcNAQELBQADggEBALciR0Xuu2ORQikjM6/r10ZBvmaJDmL/
-t8CaCUaVmDM2Y+wqEAEsqZ1sGkW5lehiPRDuZaBsjarQQW+x2alZ3elAwTZziTpZ
-AkLDdzNZoFIYSwxkvfYQzFA/rbuVAhNzWpWgFQjs3A9TOineGz60Sow6FA1I9ogF
-t1X/wOmq4kkmjrq1iDrBWkho7bu5rh6tGERgCBVP745/22NgqjaaexqSNENluNJs
-hU1idchbRWDCsnLGeZ0ZJC6/j3UkfGCDv5jg3Ji0GO9BxxBGiSuIc0D08XsXXiv6
-vSiejrma1bqgKWW43yewxVG2YXtpD74XSxRIc2AU6pb9nExiverPsLE=
+c3NsLmNvbRcNMjQxMjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWqAOMAwwCgYDVR0U
+BAMCAQEwDQYJKoZIhvcNAQELBQADggEBAC8o57JGWAEDuEeHTXVjBEDNwt0jF4KB
+A4i5mSCRUHCE3TixUX77ZwnRc1TiWCobtDU7uTJw0APi7HyQ1BhjvzXAk4C/+itX
+iOEkwlmHm5/DBC/tU64ix121QRi5ljfmUJbSwEy6pqwTr4Z9WAHgrSO7dr02/9c/
+Tk0OIOCXKeenJqE6VujShiRYBi0LJj75/A38deMbcij/XQfN2ktGvmL3arzTTRiy
+U1kEqz/eMGOzQq4NALn49rx6tv1P9HKJO4TQfhJwexcmDJ26paqzDeBLBwlSh3oo
+tXcLaFc3q8Q2axwIjTSdtjo5IL49dyqFLzgmGgFgNJ9+vMR6ptUTHZw=
 -----END X509 CRL-----
diff --git a/certs/crl/server-goodcnwildCrl.pem b/certs/crl/server-goodcnwildCrl.pem
index ae2fc9ea8..f5c3c50bf 100644
--- a/certs/crl/server-goodcnwildCrl.pem
+++ b/certs/crl/server-goodcnwildCrl.pem
@@ -2,37 +2,38 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = *localhost, emailAddress = info@wolfssl.com
-        Last Update: Dec 13 22:19:29 2023 GMT
-        Next Update: Sep  8 22:19:29 2026 GMT
+        Last Update: Dec 18 21:25:31 2024 GMT
+        Next Update: Sep 14 21:25:31 2027 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         36:0f:c7:e0:9c:1d:71:f6:09:24:51:e8:49:5e:db:38:d5:6b:
-         90:68:62:c7:5f:a0:eb:c5:c9:63:69:ca:56:30:d7:92:3d:0e:
-         38:d3:34:97:35:df:16:4f:de:2f:ba:1f:38:00:9d:99:28:ea:
-         11:bb:dd:ec:42:03:ec:03:d1:05:84:9e:35:d5:ad:d1:36:91:
-         d0:49:4d:c5:e7:50:84:77:f6:8c:c5:47:1c:f4:9c:88:87:ac:
-         af:81:70:3e:05:d1:33:5a:07:0c:ac:39:e2:ca:c7:3d:ea:80:
-         41:4e:9c:37:dd:ac:76:b3:14:58:f9:88:20:2b:b2:f4:0f:01:
-         18:73:31:88:c4:c6:66:59:d7:fc:61:44:98:c3:33:ee:74:10:
-         8f:58:78:91:06:53:a3:eb:99:2e:f8:91:e7:32:e0:17:f5:ea:
-         b6:56:27:68:a2:2b:30:05:a8:0c:02:e8:0f:84:20:37:0e:2c:
-         a5:34:af:09:85:e3:85:d9:8e:78:e4:9e:75:be:27:3b:81:72:
-         c5:87:2c:f9:1f:73:60:ce:2c:3b:d3:95:df:a8:16:6a:da:45:
-         ea:ab:5c:7a:bb:8a:7a:b3:f3:34:ec:e4:7c:62:36:4f:dd:1f:
-         89:86:05:ac:1e:42:11:b7:29:b3:97:f9:ad:cb:73:1f:02:8d:
-         4c:80:ef:f8
+    Signature Value:
+        9a:06:6f:af:9a:2b:7d:ff:7c:4f:e5:be:e5:a7:68:8b:43:d3:
+        46:c7:7c:2c:c6:38:5e:a5:81:15:57:73:26:2d:ad:63:12:8b:
+        66:54:c6:b9:18:7e:63:12:4e:9e:dc:d7:38:6b:dd:c1:b8:c2:
+        58:a4:5d:ea:72:66:da:b4:95:9e:e8:b5:02:48:c3:b0:7a:84:
+        ab:89:ff:4f:e2:6a:1d:d2:1e:7b:10:5f:30:55:a5:88:72:45:
+        e4:c7:2e:43:6f:d5:22:48:11:c1:c0:d2:a5:01:bd:d7:81:3d:
+        8f:48:d2:0d:29:88:0e:33:b5:bb:32:33:bd:c7:4b:9b:ee:5f:
+        bd:f5:e0:69:9b:f8:fb:b1:03:7d:b7:17:66:5d:b8:41:c3:96:
+        80:87:4d:d2:dc:cc:f8:9a:61:89:68:0f:e4:b0:96:c1:41:fd:
+        ed:4d:36:17:9b:58:ea:ba:32:05:29:4c:cf:f3:41:38:89:6a:
+        db:ad:73:10:d3:8e:70:d7:bc:a3:f0:f0:1d:94:86:03:2f:43:
+        00:5c:a7:69:97:a2:47:75:f6:00:32:f3:46:a0:9d:14:73:52:
+        db:aa:12:83:d1:ed:49:b6:85:36:ff:17:00:b2:0a:b1:f5:dd:
+        2d:c3:b0:ba:2d:b0:da:65:d7:b2:df:19:dd:45:fe:9c:c0:7f:
+        4b:27:9b:e1
 -----BEGIN X509 CRL-----
 MIIB1jCBvwIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJVUzEQMA4GA1UE
 CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxEzARBgNVBAMMCipsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
-ZnNzbC5jb20XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVqgDjAMMAoGA1Ud
-FAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQA2D8fgnB1x9gkkUehJXts41WuQaGLH
-X6DrxcljacpWMNeSPQ440zSXNd8WT94vuh84AJ2ZKOoRu93sQgPsA9EFhJ411a3R
-NpHQSU3F51CEd/aMxUcc9JyIh6yvgXA+BdEzWgcMrDniysc96oBBTpw33ax2sxRY
-+YggK7L0DwEYczGIxMZmWdf8YUSYwzPudBCPWHiRBlOj65ku+JHnMuAX9eq2Vido
-oiswBagMAugPhCA3DiylNK8JheOF2Y545J51vic7gXLFhyz5H3Ngziw705XfqBZq
-2kXqq1x6u4p6s/M07OR8YjZP3R+JhgWsHkIRtymzl/mty3MfAo1MgO/4
+ZnNzbC5jb20XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVqgDjAMMAoGA1Ud
+FAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCaBm+vmit9/3xP5b7lp2iLQ9NGx3ws
+xjhepYEVV3MmLa1jEotmVMa5GH5jEk6e3Nc4a93BuMJYpF3qcmbatJWe6LUCSMOw
+eoSrif9P4mod0h57EF8wVaWIckXkxy5Db9UiSBHBwNKlAb3XgT2PSNINKYgOM7W7
+MjO9x0ub7l+99eBpm/j7sQN9txdmXbhBw5aAh03S3Mz4mmGJaA/ksJbBQf3tTTYX
+m1jqujIFKUzP80E4iWrbrXMQ045w17yj8PAdlIYDL0MAXKdpl6JHdfYAMvNGoJ0U
+c1LbqhKD0e1JtoU2/xcAsgqx9d0tw7C6LbDaZdey3xndRf6cwH9LJ5vh
 -----END X509 CRL-----
diff --git a/certs/ecc-privOnlyCert.pem b/certs/ecc-privOnlyCert.pem
index f18e738ce..9f023dbe2 100644
--- a/certs/ecc-privOnlyCert.pem
+++ b/certs/ecc-privOnlyCert.pem
@@ -1,9 +1,9 @@
 -----BEGIN CERTIFICATE-----
-MIIBLTCB1QIUFZUiOVDYKhAz2ksNPuWt6EFKbLMwCgYIKoZIzj0EAwIwGjELMAkG
-A1UECgwCV1IxCzAJBgNVBAMMAkRFMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIy
-MTkyOFowGjELMAkGA1UECgwCV1IxCzAJBgNVBAMMAkRFMFkwEwYHKoZIzj0CAQYI
+MIIBLzCB1QIUflZfgRCpcQQ/nbPmIrNb7M8Qq4kwCgYIKoZIzj0EAwIwGjELMAkG
+A1UECgwCV1IxCzAJBgNVBAMMAkRFMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIx
+MjUzMFowGjELMAkGA1UECgwCV1IxCzAJBgNVBAMMAkRFMFkwEwYHKoZIzj0CAQYI
 KoZIzj0DAQcDQgAEJcD9Frgr8rgKHt2szmJSfFgKYH1Xddq9EcHVKupUa3bmPTb3
-3VGXa6gm/numvZZVhVCdmn5pAdhDRYnZ/korJjAKBggqhkjOPQQDAgNHADBEAiAA
-wvW2qa2RaryuYXg0+1jbMhaBHaDK3c0f+iFkfi2GdAIgGYqXzpGf+AGtTuxKM01+
-jbJnp9B4e2sXK8Ez3tKDFKw=
+3VGXa6gm/numvZZVhVCdmn5pAdhDRYnZ/korJjAKBggqhkjOPQQDAgNJADBGAiEA
+jEY07WKQpUx/PvL0GMEwS5MG8RL5xk5zxwWuQKWPMX8CIQD1j+MOwSFAIxFBr71C
+rDRk4RCkUkPpu8HHHiBm5y7TOA==
 -----END CERTIFICATE-----
diff --git a/certs/ecc-rsa-server.p12 b/certs/ecc-rsa-server.p12
index f24ae69b5..e07641533 100644
Binary files a/certs/ecc-rsa-server.p12 and b/certs/ecc-rsa-server.p12 differ
diff --git a/certs/ecc/bp256r1-key.der b/certs/ecc/bp256r1-key.der
index 4b0dbfd8f..f1fb74bfe 100644
Binary files a/certs/ecc/bp256r1-key.der and b/certs/ecc/bp256r1-key.der differ
diff --git a/certs/ecc/bp256r1-key.pem b/certs/ecc/bp256r1-key.pem
index 6ea06573a..17a398e1d 100644
--- a/certs/ecc/bp256r1-key.pem
+++ b/certs/ecc/bp256r1-key.pem
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHgCAQEEIJRV3i5+OVZxT5077AjYis31KM4viZoaS4QSxLxZB0VUoAsGCSskAwMC
-CAEBB6FEA0IABFHw7OBcOIJ6V8HLTzKj0N2ifNki/neXBTeF+0FX3/uWFBl/eUhw
-8Hjodp814a10sYCM+upii2nHK7tpMxca80g=
+MHgCAQEEIF2qrSdYpLpQ0NkBKDgW/Q6vu2gPSy3J8TZCeFptUgSjoAsGCSskAwMC
+CAEBB6FEA0IABICLLVevnQD2z+Xd+x9aacfTHtEWIBbgU9ozcCLi7u7zidKk5ndq
+IqCy1OLVFQlf8b3NmT1R465dloWSv1scK2Y=
 -----END EC PRIVATE KEY-----
diff --git a/certs/ecc/ca-secp256k1-cert.pem b/certs/ecc/ca-secp256k1-cert.pem
index 419d02734..c07a6bac5 100644
--- a/certs/ecc/ca-secp256k1-cert.pem
+++ b/certs/ecc/ca-secp256k1-cert.pem
@@ -1,16 +1,16 @@
 -----BEGIN CERTIFICATE-----
-MIICkTCCAjagAwIBAgIUcmBIdEUi0WtpofKM3r46Llhv86IwCgYIKoZIzj0EAwIw
+MIICkDCCAjagAwIBAgIUUc9RpP6v1WEOzZjEtr4Hc5eaRJYwCgYIKoZIzj0EAwIw
 gZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzESMBAGA1UECwwJU0VDUDI1NksxMRgw
 FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
-ZnNzbC5jb20wHhcNMjQwNzEyMDIxODUwWhcNNDQwNzA3MDIxODUwWjCBljELMAkG
+ZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNNDQxMjEzMjEyNTI5WjCBljELMAkG
 A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 ETAPBgNVBAoMCEVsbGlwdGljMRIwEAYDVQQLDAlTRUNQMjU2SzExGDAWBgNVBAMM
 D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
-bTBWMBAGByqGSM49AgEGBSuBBAAKA0IABORg5kLTHlkHvjnrRKUTmBXLdhxkdsIC
-s0ybo6r3oD6qGjX33FsBHp9nwos93gT7CECrexVlEUrH4wbfMN42+46jYzBhMB0G
-A1UdDgQWBBRzL8o6Lcvi46LBqy81zGRTZIwGLTAfBgNVHSMEGDAWgBRzL8o6Lcvi
-46LBqy81zGRTZIwGLTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAK
-BggqhkjOPQQDAgNJADBGAiEA0dfMbQlfjY+VhKuDfluyBtoAsQA1BqJnV+XBayBx
-HYYCIQCJr2YrYRwW4OvtP0yIqUH2fViOq12aqf1ByStksuL3mg==
+bTBWMBAGByqGSM49AgEGBSuBBAAKA0IABNE4XtThp8HhrRFvS+ecVo5ya/u9V+zJ
+Bw5Yc7aXl1iSjuAoyCPVsGQ0SQ7qMv+A9lpVwgu/4zyUXx1zlBsepdGjYzBhMB0G
+A1UdDgQWBBR+afvAUc8tTDDL2NlYc47LZDQJnTAfBgNVHSMEGDAWgBR+afvAUc8t
+TDDL2NlYc47LZDQJnTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAK
+BggqhkjOPQQDAgNIADBFAiEAhu1XNxXZEXl37/QF+yCSlh0b3mAJIjNLA52OjaFp
+XYACIGfazS+mdI9JMZgGhBCgyLwWJ6iSTzwMBh74sz3awCAn
 -----END CERTIFICATE-----
diff --git a/certs/ecc/ca-secp256k1-key.pem b/certs/ecc/ca-secp256k1-key.pem
index 1c2e0bc54..737a9838f 100644
--- a/certs/ecc/ca-secp256k1-key.pem
+++ b/certs/ecc/ca-secp256k1-key.pem
@@ -1,5 +1,5 @@
 -----BEGIN PRIVATE KEY-----
-MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgoiOQsNn1L/vT3mU0e+Rz
-LMlaDEIuKp6RHZhKrPnOJOShRANCAATkYOZC0x5ZB74560SlE5gVy3YcZHbCArNM
-m6Oq96A+qho199xbAR6fZ8KLPd4E+whAq3sVZRFKx+MG3zDeNvuO
+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgc4nCj5LtUEfOKSe3/NPh
+7CNEkOwsTGVKROo2KEaIjW6hRANCAATROF7U4afB4a0Rb0vnnFaOcmv7vVfsyQcO
+WHO2l5dYko7gKMgj1bBkNEkO6jL/gPZaVcILv+M8lF8dc5QbHqXR
 -----END PRIVATE KEY-----
diff --git a/certs/ecc/client-bp256r1-cert.der b/certs/ecc/client-bp256r1-cert.der
index 72b5cde70..f377e9225 100644
Binary files a/certs/ecc/client-bp256r1-cert.der and b/certs/ecc/client-bp256r1-cert.der differ
diff --git a/certs/ecc/client-bp256r1-cert.pem b/certs/ecc/client-bp256r1-cert.pem
index 3d8b72d91..b2c7f82fc 100644
--- a/certs/ecc/client-bp256r1-cert.pem
+++ b/certs/ecc/client-bp256r1-cert.pem
@@ -2,22 +2,22 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            74:41:b9:37:a8:bf:42:e7:b6:16:1c:4f:7e:8c:24:06:81:78:1a:02
+            4a:c0:0d:f1:78:b2:ad:ae:34:4d:9c:17:d2:3e:14:40:53:e1:86:3e
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256BPR1-CLI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Dec 10 22:19:28 2033 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Dec 16 21:25:29 2034 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256BPR1-CLI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
-                    04:51:f0:ec:e0:5c:38:82:7a:57:c1:cb:4f:32:a3:
-                    d0:dd:a2:7c:d9:22:fe:77:97:05:37:85:fb:41:57:
-                    df:fb:96:14:19:7f:79:48:70:f0:78:e8:76:9f:35:
-                    e1:ad:74:b1:80:8c:fa:ea:62:8b:69:c7:2b:bb:69:
-                    33:17:1a:f3:48
+                    04:80:8b:2d:57:af:9d:00:f6:cf:e5:dd:fb:1f:5a:
+                    69:c7:d3:1e:d1:16:20:16:e0:53:da:33:70:22:e2:
+                    ee:ee:f3:89:d2:a4:e6:77:6a:22:a0:b2:d4:e2:d5:
+                    15:09:5f:f1:bd:cd:99:3d:51:e3:ae:5d:96:85:92:
+                    bf:5b:1c:2b:66
                 ASN1 OID: brainpoolP256r1
         X509v3 extensions:
             X509v3 Basic Constraints: 
@@ -25,33 +25,38 @@ Certificate:
             Netscape Cert Type: 
                 SSL Client, S/MIME
             X509v3 Subject Key Identifier: 
-                77:B6:46:96:B9:B7:0D:54:A3:03:E8:21:F5:8D:37:69:3D:89:AD:FA
+                BF:13:B7:26:16:A8:18:A2:A9:CC:FC:5E:9E:9E:5B:39:CB:08:CE:68
             X509v3 Authority Key Identifier: 
-                keyid:77:B6:46:96:B9:B7:0D:54:A3:03:E8:21:F5:8D:37:69:3D:89:AD:FA
-
+                DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=ECC256BPR1-CLI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:4A:C0:0D:F1:78:B2:AD:AE:34:4D:9C:17:D2:3E:14:40:53:E1:86:3E
             X509v3 Key Usage: critical
                 Digital Signature, Non Repudiation, Key Encipherment
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication, E-mail Protection
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:20:e0:c6:8e:4d:c2:50:c4:7a:a1:6c:02:63:d2:
-         cd:2b:30:23:01:1d:51:cd:4b:14:07:45:39:1f:16:1e:0a:3a:
-         02:20:6b:a8:42:ac:90:9a:d9:8d:2c:dd:1c:bd:f1:90:d8:4d:
-         7b:aa:40:f0:f3:7f:45:83:dc:b9:1c:b5:de:2e:75:a7
+    Signature Value:
+        30:45:02:20:71:25:fb:20:e7:40:f5:a4:51:ac:e6:f4:33:51:
+        02:09:36:c7:01:00:ab:fa:50:72:4b:76:9b:5a:2e:07:67:a3:
+        02:21:00:9a:a0:c7:dc:94:d0:27:4c:bf:2c:1d:4f:22:48:3d:
+        ef:00:18:a9:d7:57:11:2d:72:fd:e3:62:c0:ef:2d:a6:7b
 -----BEGIN CERTIFICATE-----
-MIICyzCCAnKgAwIBAgIUdEG5N6i/Que2FhxPfowkBoF4GgIwCgYIKoZIzj0EAwIw
+MIIDdTCCAxugAwIBAgIUSsAN8Xiyra40TZwX0j4UQFPhhj4wCgYIKoZIzj0EAwIw
 gZsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEXMBUGA1UECwwORUNDMjU2QlBSMS1D
 TEkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m
-b0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0zMzEyMTAyMjE5MjhaMIGb
+b0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0zNDEyMTYyMTI1MjlaMIGb
 MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2Vh
 dHRsZTERMA8GA1UECgwIRWxsaXB0aWMxFzAVBgNVBAsMDkVDQzI1NkJQUjEtQ0xJ
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb20wWjAUBgcqhkjOPQIBBgkrJAMDAggBAQcDQgAEUfDs4Fw4gnpX
-wctPMqPQ3aJ82SL+d5cFN4X7QVff+5YUGX95SHDweOh2nzXhrXSxgIz66mKLaccr
-u2kzFxrzSKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV
-HQ4EFgQUd7ZGlrm3DVSjA+gh9Y03aT2JrfowHwYDVR0jBBgwFoAUd7ZGlrm3DVSj
-A+gh9Y03aT2JrfowDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
-BggrBgEFBQcDBDAKBggqhkjOPQQDAgNHADBEAiAg4MaOTcJQxHqhbAJj0s0rMCMB
-HVHNSxQHRTkfFh4KOgIga6hCrJCa2Y0s3Ry98ZDYTXuqQPDzf0WD3Lkctd4udac=
+d29sZnNzbC5jb20wWjAUBgcqhkjOPQIBBgkrJAMDAggBAQcDQgAEgIstV6+dAPbP
+5d37H1ppx9Me0RYgFuBT2jNwIuLu7vOJ0qTmd2oioLLU4tUVCV/xvc2ZPVHjrl2W
+hZK/WxwrZqOCATgwggE0MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMB0G
+A1UdDgQWBBS/E7cmFqgYoqnM/F6enls5ywjOaDCBxQYDVR0jBIG9MIG6oYGhpIGe
+MIGbMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH
+U2VhdHRsZTERMA8GA1UECgwIRWxsaXB0aWMxFzAVBgNVBAsMDkVDQzI1NkJQUjEt
+Q0xJMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
+Zm9Ad29sZnNzbC5jb22CFErADfF4sq2uNE2cF9I+FEBT4YY+MA4GA1UdDwEB/wQE
+AwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwCgYIKoZIzj0EAwID
+SAAwRQIgcSX7IOdA9aRRrOb0M1ECCTbHAQCr+lByS3abWi4HZ6MCIQCaoMfclNAn
+TL8sHU8iSD3vABip11cRLXL942LA7y2mew==
 -----END CERTIFICATE-----
diff --git a/certs/ecc/client-secp256k1-cert.der b/certs/ecc/client-secp256k1-cert.der
index 32329db18..f49607b8a 100644
Binary files a/certs/ecc/client-secp256k1-cert.der and b/certs/ecc/client-secp256k1-cert.der differ
diff --git a/certs/ecc/client-secp256k1-cert.pem b/certs/ecc/client-secp256k1-cert.pem
index ddab3098d..7d9ed31fb 100644
--- a/certs/ecc/client-secp256k1-cert.pem
+++ b/certs/ecc/client-secp256k1-cert.pem
@@ -2,22 +2,22 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            0a:24:55:a0:81:ab:0b:92:b7:e5:59:50:3e:7f:8d:0b:d0:15:0a:75
+            32:a0:cb:5f:26:62:a9:d9:14:ec:13:0e:78:b4:a2:0b:86:14:59:ce
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256K1-CLI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Dec 10 22:19:28 2033 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Dec 16 21:25:29 2034 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256K1-CLI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
-                    04:be:d0:47:66:a6:6a:6c:21:b6:72:71:ce:20:67:
-                    61:05:b3:ef:b9:07:2c:31:6a:bb:6f:53:12:50:e9:
-                    06:06:64:4b:14:bb:56:61:b3:0c:3f:72:f2:45:f7:
-                    3b:96:39:76:57:52:93:e9:12:83:f1:d8:c5:87:11:
-                    aa:5e:8e:a5:c9
+                    04:02:55:2f:25:90:9d:54:d3:6e:23:b5:95:9e:67:
+                    a3:f8:c2:46:3a:ed:67:56:6d:23:87:43:db:6f:38:
+                    e6:5b:72:07:8d:1d:f8:5b:ea:b7:47:49:a9:8e:c7:
+                    2d:23:99:9e:2e:8c:be:72:de:0b:d3:f0:b4:49:2d:
+                    94:ec:6d:c2:3f
                 ASN1 OID: secp256k1
         X509v3 extensions:
             X509v3 Basic Constraints: 
@@ -25,33 +25,38 @@ Certificate:
             Netscape Cert Type: 
                 SSL Client, S/MIME
             X509v3 Subject Key Identifier: 
-                6D:9A:0A:D6:4C:C9:43:6B:12:29:C4:B0:B5:49:8A:7F:BD:42:4B:87
+                96:C4:7F:31:A2:90:B8:68:F1:9C:DD:75:16:52:DB:AC:04:B6:89:85
             X509v3 Authority Key Identifier: 
-                keyid:6D:9A:0A:D6:4C:C9:43:6B:12:29:C4:B0:B5:49:8A:7F:BD:42:4B:87
-
+                DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=ECC256K1-CLI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:32:A0:CB:5F:26:62:A9:D9:14:EC:13:0E:78:B4:A2:0B:86:14:59:CE
             X509v3 Key Usage: critical
                 Digital Signature, Non Repudiation, Key Encipherment
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication, E-mail Protection
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:89:22:af:09:dd:58:96:9b:a2:e3:fa:2e:13:
-         2c:af:69:55:b3:83:f3:4b:85:14:1a:df:28:74:5f:d9:ed:b3:
-         75:02:20:18:13:45:af:82:e7:65:f8:8c:8f:b3:6d:01:25:73:
-         6c:8c:c9:ff:e9:43:b8:eb:ef:df:25:9a:62:f8:d7:ac:04
+    Signature Value:
+        30:44:02:20:6b:33:e9:a6:35:fa:9c:26:06:2a:e8:2d:35:ed:
+        72:e3:90:b5:eb:c1:9b:7f:51:bc:ad:66:4a:de:37:c2:92:0c:
+        02:20:69:9a:6a:e8:84:8f:2c:51:00:71:37:d9:a3:66:ba:11:
+        d2:aa:e7:86:82:99:f5:4b:61:c7:0c:6d:c1:a3:2d:71
 -----BEGIN CERTIFICATE-----
-MIICxDCCAmqgAwIBAgIUCiRVoIGrC5K35VlQPn+NC9AVCnUwCgYIKoZIzj0EAwIw
+MIIDajCCAxGgAwIBAgIUMqDLXyZiqdkU7BMOeLSiC4YUWc4wCgYIKoZIzj0EAwIw
 gZkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEVMBMGA1UECwwMRUNDMjU2SzEtQ0xJ
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI4WhcNMzMxMjEwMjIxOTI4WjCBmTEL
+d29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMzQxMjE2MjEyNTI5WjCBmTEL
 MAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0
 bGUxETAPBgNVBAoMCEVsbGlwdGljMRUwEwYDVQQLDAxFQ0MyNTZLMS1DTEkxGDAW
 BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
-c3NsLmNvbTBWMBAGByqGSM49AgEGBSuBBAAKA0IABL7QR2amamwhtnJxziBnYQWz
-77kHLDFqu29TElDpBgZkSxS7VmGzDD9y8kX3O5Y5dldSk+kSg/HYxYcRql6Opcmj
-gZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwHQYDVR0OBBYEFG2a
-CtZMyUNrEinEsLVJin+9QkuHMB8GA1UdIwQYMBaAFG2aCtZMyUNrEinEsLVJin+9
-QkuHMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
-AwQwCgYIKoZIzj0EAwIDSAAwRQIhAIkirwndWJabouP6LhMsr2lVs4PzS4UUGt8o
-dF/Z7bN1AiAYE0Wvgudl+IyPs20BJXNsjMn/6UO46+/fJZpi+NesBA==
+c3NsLmNvbTBWMBAGByqGSM49AgEGBSuBBAAKA0IABAJVLyWQnVTTbiO1lZ5no/jC
+RjrtZ1ZtI4dD22845ltyB40d+Fvqt0dJqY7HLSOZni6MvnLeC9PwtEktlOxtwj+j
+ggE2MIIBMjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU
+lsR/MaKQuGjxnN11FlLbrAS2iYUwgcMGA1UdIwSBuzCBuKGBn6SBnDCBmTELMAkG
+A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
+ETAPBgNVBAoMCEVsbGlwdGljMRUwEwYDVQQLDAxFQ0MyNTZLMS1DTEkxGDAWBgNV
+BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
+LmNvbYIUMqDLXyZiqdkU7BMOeLSiC4YUWc4wDgYDVR0PAQH/BAQDAgXgMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAKBggqhkjOPQQDAgNHADBEAiBrM+mm
+NfqcJgYq6C017XLjkLXrwZt/UbytZkreN8KSDAIgaZpq6ISPLFEAcTfZo2a6EdKq
+54aCmfVLYccMbcGjLXE=
 -----END CERTIFICATE-----
diff --git a/certs/ecc/secp256k1-key.der b/certs/ecc/secp256k1-key.der
index 813449415..3784ababc 100644
Binary files a/certs/ecc/secp256k1-key.der and b/certs/ecc/secp256k1-key.der differ
diff --git a/certs/ecc/secp256k1-key.pem b/certs/ecc/secp256k1-key.pem
index f27a7acdb..d3140987b 100644
--- a/certs/ecc/secp256k1-key.pem
+++ b/certs/ecc/secp256k1-key.pem
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHQCAQEEIE+dRTV5HyFrkYXxlCq98Ojh6m+szQbktzQwSBUEs4s3oAcGBSuBBAAK
-oUQDQgAEvtBHZqZqbCG2cnHOIGdhBbPvuQcsMWq7b1MSUOkGBmRLFLtWYbMMP3Ly
-Rfc7ljl2V1KT6RKD8djFhxGqXo6lyQ==
+MHQCAQEEIENIEXXZ7INNmsEwYBs9wnbYqf1pM7NaX2OHwtgCxUkFoAcGBSuBBAAK
+oUQDQgAEAlUvJZCdVNNuI7WVnmej+MJGOu1nVm0jh0PbbzjmW3IHjR34W+q3R0mp
+jsctI5meLoy+ct4L0/C0SS2U7G3CPw==
 -----END EC PRIVATE KEY-----
diff --git a/certs/ecc/server-bp256r1-cert.der b/certs/ecc/server-bp256r1-cert.der
index c3558a1a5..9741ce04f 100644
Binary files a/certs/ecc/server-bp256r1-cert.der and b/certs/ecc/server-bp256r1-cert.der differ
diff --git a/certs/ecc/server-bp256r1-cert.pem b/certs/ecc/server-bp256r1-cert.pem
index 0e4c211f3..7f151896c 100644
--- a/certs/ecc/server-bp256r1-cert.pem
+++ b/certs/ecc/server-bp256r1-cert.pem
@@ -2,22 +2,22 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            08:c3:a6:c3:3e:ba:4d:27:34:46:64:c6:e7:79:6c:68:25:e2:e8:d2
+            1e:f4:6e:6b:ab:9b:33:2b:43:38:96:b8:da:52:a8:be:be:01:87:d9
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256BPR1-SRV, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Dec 10 22:19:28 2033 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Dec 16 21:25:29 2034 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256BPR1-SRV, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
-                    04:51:f0:ec:e0:5c:38:82:7a:57:c1:cb:4f:32:a3:
-                    d0:dd:a2:7c:d9:22:fe:77:97:05:37:85:fb:41:57:
-                    df:fb:96:14:19:7f:79:48:70:f0:78:e8:76:9f:35:
-                    e1:ad:74:b1:80:8c:fa:ea:62:8b:69:c7:2b:bb:69:
-                    33:17:1a:f3:48
+                    04:80:8b:2d:57:af:9d:00:f6:cf:e5:dd:fb:1f:5a:
+                    69:c7:d3:1e:d1:16:20:16:e0:53:da:33:70:22:e2:
+                    ee:ee:f3:89:d2:a4:e6:77:6a:22:a0:b2:d4:e2:d5:
+                    15:09:5f:f1:bd:cd:99:3d:51:e3:ae:5d:96:85:92:
+                    bf:5b:1c:2b:66
                 ASN1 OID: brainpoolP256r1
         X509v3 extensions:
             X509v3 Basic Constraints: 
@@ -25,39 +25,38 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
             X509v3 Subject Key Identifier: 
-                77:B6:46:96:B9:B7:0D:54:A3:03:E8:21:F5:8D:37:69:3D:89:AD:FA
+                BF:13:B7:26:16:A8:18:A2:A9:CC:FC:5E:9E:9E:5B:39:CB:08:CE:68
             X509v3 Authority Key Identifier: 
-                keyid:77:B6:46:96:B9:B7:0D:54:A3:03:E8:21:F5:8D:37:69:3D:89:AD:FA
                 DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=ECC256BPR1-SRV/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:08:C3:A6:C3:3E:BA:4D:27:34:46:64:C6:E7:79:6C:68:25:E2:E8:D2
-
+                serial:1E:F4:6E:6B:AB:9B:33:2B:43:38:96:B8:DA:52:A8:BE:BE:01:87:D9
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment, Key Agreement
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:69:b5:0e:9a:17:cc:4d:5e:3b:b7:9d:ee:e8:76:
-         a6:c0:94:c1:1f:e3:34:3a:cb:6a:9b:09:b1:55:0d:db:3a:c0:
-         02:20:5b:8d:09:46:fd:7c:73:ca:c8:18:3c:ed:1a:84:9c:c9:
-         02:f4:50:3a:26:8a:eb:76:6b:82:a7:7f:95:18:ba:10
+    Signature Value:
+        30:44:02:20:50:28:2b:f6:4a:d1:8d:3c:e8:c7:78:ea:84:47:
+        b7:5a:01:2b:64:5b:3a:a1:c0:1d:58:d0:d2:5b:7d:2c:28:ad:
+        02:20:23:1a:d7:b1:8a:a8:dd:02:00:b6:ba:e6:16:2b:c8:7d:
+        bc:86:ad:30:fe:a6:cf:de:7f:90:90:75:51:25:15:42
 -----BEGIN CERTIFICATE-----
-MIIDgDCCAyegAwIBAgIUCMOmwz66TSc0RmTG53lsaCXi6NIwCgYIKoZIzj0EAwIw
+MIIDajCCAxGgAwIBAgIUHvRua6ubMytDOJa42lKovr4Bh9kwCgYIKoZIzj0EAwIw
 gZsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEXMBUGA1UECwwORUNDMjU2QlBSMS1T
 UlYxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m
-b0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0zMzEyMTAyMjE5MjhaMIGb
+b0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0zNDEyMTYyMTI1MjlaMIGb
 MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2Vh
 dHRsZTERMA8GA1UECgwIRWxsaXB0aWMxFzAVBgNVBAsMDkVDQzI1NkJQUjEtU1JW
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb20wWjAUBgcqhkjOPQIBBgkrJAMDAggBAQcDQgAEUfDs4Fw4gnpX
-wctPMqPQ3aJ82SL+d5cFN4X7QVff+5YUGX95SHDweOh2nzXhrXSxgIz66mKLaccr
-u2kzFxrzSKOCAUQwggFAMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G
-A1UdDgQWBBR3tkaWubcNVKMD6CH1jTdpPYmt+jCB2wYDVR0jBIHTMIHQgBR3tkaW
-ubcNVKMD6CH1jTdpPYmt+qGBoaSBnjCBmzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
-Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
-MRcwFQYDVQQLDA5FQ0MyNTZCUFIxLVNSVjEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
-Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQIw6bDPrpNJzRG
-ZMbneWxoJeLo0jAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
-CgYIKoZIzj0EAwIDRwAwRAIgabUOmhfMTV47t53u6HamwJTBH+M0OstqmwmxVQ3b
-OsACIFuNCUb9fHPKyBg87RqEnMkC9FA6JorrdmuCp3+VGLoQ
+d29sZnNzbC5jb20wWjAUBgcqhkjOPQIBBgkrJAMDAggBAQcDQgAEgIstV6+dAPbP
+5d37H1ppx9Me0RYgFuBT2jNwIuLu7vOJ0qTmd2oioLLU4tUVCV/xvc2ZPVHjrl2W
+hZK/WxwrZqOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G
+A1UdDgQWBBS/E7cmFqgYoqnM/F6enls5ywjOaDCBxQYDVR0jBIG9MIG6oYGhpIGe
+MIGbMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH
+U2VhdHRsZTERMA8GA1UECgwIRWxsaXB0aWMxFzAVBgNVBAsMDkVDQzI1NkJQUjEt
+U1JWMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
+Zm9Ad29sZnNzbC5jb22CFB70bmurmzMrQziWuNpSqL6+AYfZMA4GA1UdDwEB/wQE
+AwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiBQKCv2
+StGNPOjHeOqER7daAStkWzqhwB1Y0NJbfSworQIgIxrXsYqo3QIAtrrmFivIfbyG
+rTD+ps/ef5CQdVElFUI=
 -----END CERTIFICATE-----
diff --git a/certs/ecc/server-secp256k1-cert.der b/certs/ecc/server-secp256k1-cert.der
index ad0ab8e4a..041b7debf 100644
Binary files a/certs/ecc/server-secp256k1-cert.der and b/certs/ecc/server-secp256k1-cert.der differ
diff --git a/certs/ecc/server-secp256k1-cert.pem b/certs/ecc/server-secp256k1-cert.pem
index ad54e670b..769d4e5ff 100644
--- a/certs/ecc/server-secp256k1-cert.pem
+++ b/certs/ecc/server-secp256k1-cert.pem
@@ -2,22 +2,22 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            2e:df:46:12:94:ee:71:51:00:dc:bb:41:41:80:ae:1a:f1:11:68:26
+            77:c0:65:74:8e:a6:d5:04:7c:9a:d9:85:cc:ce:58:c5:a0:2f:56:62
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256K1-SRV, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Dec 10 22:19:28 2033 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Dec 16 21:25:29 2034 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC256K1-SRV, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
-                    04:be:d0:47:66:a6:6a:6c:21:b6:72:71:ce:20:67:
-                    61:05:b3:ef:b9:07:2c:31:6a:bb:6f:53:12:50:e9:
-                    06:06:64:4b:14:bb:56:61:b3:0c:3f:72:f2:45:f7:
-                    3b:96:39:76:57:52:93:e9:12:83:f1:d8:c5:87:11:
-                    aa:5e:8e:a5:c9
+                    04:02:55:2f:25:90:9d:54:d3:6e:23:b5:95:9e:67:
+                    a3:f8:c2:46:3a:ed:67:56:6d:23:87:43:db:6f:38:
+                    e6:5b:72:07:8d:1d:f8:5b:ea:b7:47:49:a9:8e:c7:
+                    2d:23:99:9e:2e:8c:be:72:de:0b:d3:f0:b4:49:2d:
+                    94:ec:6d:c2:3f
                 ASN1 OID: secp256k1
         X509v3 extensions:
             X509v3 Basic Constraints: 
@@ -25,39 +25,38 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
             X509v3 Subject Key Identifier: 
-                6D:9A:0A:D6:4C:C9:43:6B:12:29:C4:B0:B5:49:8A:7F:BD:42:4B:87
+                96:C4:7F:31:A2:90:B8:68:F1:9C:DD:75:16:52:DB:AC:04:B6:89:85
             X509v3 Authority Key Identifier: 
-                keyid:6D:9A:0A:D6:4C:C9:43:6B:12:29:C4:B0:B5:49:8A:7F:BD:42:4B:87
                 DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=ECC256K1-SRV/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:2E:DF:46:12:94:EE:71:51:00:DC:BB:41:41:80:AE:1A:F1:11:68:26
-
+                serial:77:C0:65:74:8E:A6:D5:04:7C:9A:D9:85:CC:CE:58:C5:A0:2F:56:62
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment, Key Agreement
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:58:e1:97:fe:81:7a:54:8d:d1:46:41:fd:1a:cf:
-         1d:c1:d8:f5:cb:00:21:df:66:21:09:eb:ce:a2:cb:db:d0:63:
-         02:20:3a:2b:e8:46:e3:1c:c3:23:e8:ee:8c:f9:22:57:30:d5:
-         8a:9b:6d:f3:a7:fb:e5:09:aa:38:ba:9a:84:e6:37:7b
+    Signature Value:
+        30:44:02:20:4d:6a:2a:ca:e3:0b:08:8b:8d:70:d9:0c:e2:83:
+        4e:7e:83:e4:07:f6:3b:68:4e:00:aa:cd:65:c2:12:09:44:af:
+        02:20:4a:03:b6:5d:6e:51:2a:42:a0:54:57:a1:07:05:db:c8:
+        2a:bf:5b:6c:7c:c6:0f:64:b2:2d:64:9d:25:3b:a3:7a
 -----BEGIN CERTIFICATE-----
-MIIDdjCCAx2gAwIBAgIULt9GEpTucVEA3LtBQYCuGvERaCYwCgYIKoZIzj0EAwIw
+MIIDYDCCAwegAwIBAgIUd8BldI6m1QR8mtmFzM5YxaAvVmIwCgYIKoZIzj0EAwIw
 gZkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEVMBMGA1UECwwMRUNDMjU2SzEtU1JW
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI4WhcNMzMxMjEwMjIxOTI4WjCBmTEL
+d29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMzQxMjE2MjEyNTI5WjCBmTEL
 MAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0
 bGUxETAPBgNVBAoMCEVsbGlwdGljMRUwEwYDVQQLDAxFQ0MyNTZLMS1TUlYxGDAW
 BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
-c3NsLmNvbTBWMBAGByqGSM49AgEGBSuBBAAKA0IABL7QR2amamwhtnJxziBnYQWz
-77kHLDFqu29TElDpBgZkSxS7VmGzDD9y8kX3O5Y5dldSk+kSg/HYxYcRql6Opcmj
-ggFCMIIBPjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAdBgNVHQ4EFgQU
-bZoK1kzJQ2sSKcSwtUmKf71CS4cwgdkGA1UdIwSB0TCBzoAUbZoK1kzJQ2sSKcSw
-tUmKf71CS4ehgZ+kgZwwgZkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5n
-dG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEVMBMGA1UE
-CwwMRUNDMjU2SzEtU1JWMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq
-hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFC7fRhKU7nFRANy7QUGArhrxEWgm
-MA4GA1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQD
-AgNHADBEAiBY4Zf+gXpUjdFGQf0azx3B2PXLACHfZiEJ686iy9vQYwIgOivoRuMc
-wyPo7oz5Ilcw1YqbbfOn++UJqji6moTmN3s=
+c3NsLmNvbTBWMBAGByqGSM49AgEGBSuBBAAKA0IABAJVLyWQnVTTbiO1lZ5no/jC
+RjrtZ1ZtI4dD22845ltyB40d+Fvqt0dJqY7HLSOZni6MvnLeC9PwtEktlOxtwj+j
+ggEsMIIBKDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAdBgNVHQ4EFgQU
+lsR/MaKQuGjxnN11FlLbrAS2iYUwgcMGA1UdIwSBuzCBuKGBn6SBnDCBmTELMAkG
+A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
+ETAPBgNVBAoMCEVsbGlwdGljMRUwEwYDVQQLDAxFQ0MyNTZLMS1TUlYxGDAWBgNV
+BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
+LmNvbYIUd8BldI6m1QR8mtmFzM5YxaAvVmIwDgYDVR0PAQH/BAQDAgOoMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49BAMCA0cAMEQCIE1qKsrjCwiLjXDZDOKD
+Tn6D5Af2O2hOAKrNZcISCUSvAiBKA7ZdblEqQqBUV6EHBdvIKr9bbHzGD2SyLWSd
+JTujeg==
 -----END CERTIFICATE-----
diff --git a/certs/ecc/server2-secp256k1-cert.der b/certs/ecc/server2-secp256k1-cert.der
index d3c0c1cff..75d9e77bf 100644
Binary files a/certs/ecc/server2-secp256k1-cert.der and b/certs/ecc/server2-secp256k1-cert.der differ
diff --git a/certs/ecc/server2-secp256k1-cert.pem b/certs/ecc/server2-secp256k1-cert.pem
index 08a8ee9b5..6565186ea 100644
--- a/certs/ecc/server2-secp256k1-cert.pem
+++ b/certs/ecc/server2-secp256k1-cert.pem
@@ -2,13 +2,13 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            23:8d:e3:d0:5a:a6:1f:e6:d3:b6:4c:e0:a2:a1:dd:2f:ee:35:b2:bb
+            53:b3:3c:3a:8b:78:70:b3:e6:c0:05:5d:7c:3e:55:48:a7:5e:4e:eb
         Signature Algorithm: ecdsa-with-SHA256
-        Issuer: C=US, ST=Washington, L=Seattle, O=Elliptic, OU=SECP256K1, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
+        Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = SECP256K1, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Jul 15 05:41:52 2024 GMT
-            Not After : Jul 13 05:41:52 2034 GMT
-        Subject: C=US, ST=Washington, L=Seattle, O=Elliptic, OU=SECP256K1-SVR, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Dec 16 21:25:29 2034 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = SECP256K1-SVR, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
@@ -27,37 +27,37 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 F4:A3:FD:34:57:E6:51:1F:0A:96:2F:F0:87:A9:7C:C7:EB:6B:34:8F
             X509v3 Authority Key Identifier: 
-                keyid:73:2F:CA:3A:2D:CB:E2:E3:A2:C1:AB:2F:35:CC:64:53:64:8C:06:2D
+                keyid:7E:69:FB:C0:51:CF:2D:4C:30:CB:D8:D9:58:73:8E:CB:64:34:09:9D
                 DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=SECP256K1/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:72:60:48:74:45:22:D1:6B:69:A1:F2:8C:DE:BE:3A:2E:58:6F:F3:A2
+                serial:51:CF:51:A4:FE:AF:D5:61:0E:CD:98:C4:B6:BE:07:73:97:9A:44:96
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment, Key Agreement
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
     Signature Algorithm: ecdsa-with-SHA256
     Signature Value:
-        30:44:02:20:3d:12:5a:0c:7a:1b:ff:b5:a6:70:8a:70:33:03:
-        6c:d9:9c:98:8b:80:1b:70:3b:15:3a:85:7e:23:8a:85:f0:76:
-        02:20:02:ca:71:2c:cc:5a:c2:a8:e2:c5:24:62:06:62:a0:53:
-        41:2a:bb:2e:88:9f:f0:b4:bd:dc:23:1c:06:4c:18:a2
+        30:45:02:21:00:b5:91:fd:1b:d2:bf:2c:c4:5c:a7:8b:48:5b:
+        88:b3:43:ed:8a:68:48:16:03:51:a2:01:67:42:5f:ad:5b:9c:
+        cc:02:20:4f:7a:e1:38:57:5c:c1:83:19:14:57:ad:40:34:70:
+        8d:20:ac:e3:eb:f3:d7:b8:57:d1:d1:17:a0:c2:02:bf:49
 -----BEGIN CERTIFICATE-----
-MIIDcTCCAxigAwIBAgIUI43j0FqmH+bTtkzgoqHdL+41srswCgYIKoZIzj0EAwIw
+MIIDcjCCAxigAwIBAgIUU7M8Oot4cLPmwAVdfD5VSKdeTuswCgYIKoZIzj0EAwIw
 gZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzESMBAGA1UECwwJU0VDUDI1NksxMRgw
 FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
-ZnNzbC5jb20wHhcNMjQwNzE1MDU0MTUyWhcNMzQwNzEzMDU0MTUyWjCBmjELMAkG
+ZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMzQxMjE2MjEyNTI5WjCBmjELMAkG
 A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 ETAPBgNVBAoMCEVsbGlwdGljMRYwFAYDVQQLDA1TRUNQMjU2SzEtU1ZSMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb20wVjAQBgcqhkjOPQIBBgUrgQQACgNCAARvf9jvkv6kKKkzhWmk6OM3Rjmi
 vo8mMVkgitdbdHrKAV5UT9zS0qXbHo7mlPZOOejEsodSk9yvzjAAnHnSSASYo4IB
 PzCCATswCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwHQYDVR0OBBYEFPSj
-/TRX5lEfCpYv8IepfMfrazSPMIHWBgNVHSMEgc4wgcuAFHMvyjoty+LjosGrLzXM
-ZFNkjAYtoYGcpIGZMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv
+/TRX5lEfCpYv8IepfMfrazSPMIHWBgNVHSMEgc4wgcuAFH5p+8BRzy1MMMvY2Vhz
+jstkNAmdoYGcpIGZMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv
 bjEQMA4GA1UEBwwHU2VhdHRsZTERMA8GA1UECgwIRWxsaXB0aWMxEjAQBgNVBAsM
 CVNFQ1AyNTZLMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
-AQkBFhBpbmZvQHdvbGZzc2wuY29tghRyYEh0RSLRa2mh8ozevjouWG/zojAOBgNV
-HQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDRwAw
-RAIgPRJaDHob/7WmcIpwMwNs2ZyYi4AbcDsVOoV+I4qF8HYCIALKcSzMWsKo4sUk
-YgZioFNBKrsuiJ/wtL3cIxwGTBii
+AQkBFhBpbmZvQHdvbGZzc2wuY29tghRRz1Gk/q/VYQ7NmMS2vgdzl5pEljAOBgNV
+HQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSAAw
+RQIhALWR/RvSvyzEXKeLSFuIs0PtimhIFgNRogFnQl+tW5zMAiBPeuE4V1zBgxkU
+V61ANHCNIKzj6/PXuFfR0RegwgK/SQ==
 -----END CERTIFICATE-----
diff --git a/certs/ed25519/ca-ed25519.der b/certs/ed25519/ca-ed25519.der
index b1e98d730..00e91aae3 100644
Binary files a/certs/ed25519/ca-ed25519.der and b/certs/ed25519/ca-ed25519.der differ
diff --git a/certs/ed25519/ca-ed25519.pem b/certs/ed25519/ca-ed25519.pem
index 20221652b..db47319b1 100644
--- a/certs/ed25519/ca-ed25519.pem
+++ b/certs/ed25519/ca-ed25519.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ED25519
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED25519
@@ -19,29 +19,29 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
             X509v3 Authority Key Identifier: 
-                keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
-
+                FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ED25519
-         e6:71:a0:59:63:b4:31:31:1f:75:06:ce:f1:89:f0:e7:a2:db:
-         a8:c1:e4:c8:61:38:0c:e6:e9:e7:b9:9f:ce:e2:f5:49:a3:f5:
-         04:1e:85:f7:7d:10:fb:1d:ee:b6:dc:5e:51:f1:82:33:a4:ed:
-         e0:0a:65:09:2b:0e:1e:b2:af:0b
+    Signature Value:
+        44:eb:38:c6:27:d4:70:42:3f:9b:a0:d7:90:96:d6:6e:42:38:
+        5b:38:38:9f:21:ca:b0:fa:5e:7c:17:b4:32:5c:b3:08:a2:65:
+        50:d7:65:6b:f8:a9:ef:0d:d1:54:2d:4d:b6:0f:42:9e:51:f7:
+        db:a7:bf:16:23:c4:bd:7d:c9:03
 -----BEGIN CERTIFICATE-----
 MIICZTCCAhegAwIBAgIBATAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX0Vk
 MjU1MTkxFTATBgNVBAsMDFJvb3QtRWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
 MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT
 8ixkAQEMB3dvbGZTU0wwKjAFBgMrZXADIQBCO3r5gs/53xnd8/AyKW36/XZPaMLC
 4GxHrsJVaKwNTaNjMGEwHQYDVR0OBBYEFHTVOBleg7kD+AGKNTW7iUxJtCPpMB8G
 A1UdIwQYMBaAFPq6W3Yd8R0dTXRI2Jg7Vu+zFPPeMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgGGMAUGAytlcANBAOZxoFljtDExH3UGzvGJ8Oei26jB5Mhh
-OAzm6ee5n87i9Umj9QQehfd9EPsd7rbcXlHxgjOk7eAKZQkrDh6yrws=
+DgYDVR0PAQH/BAQDAgGGMAUGAytlcANBAETrOMYn1HBCP5ug15CW1m5COFs4OJ8h
+yrD6XnwXtDJcswiiZVDXZWv4qe8N0VQtTbYPQp5R99unvxYjxL19yQM=
 -----END CERTIFICATE-----
diff --git a/certs/ed25519/client-ed25519.der b/certs/ed25519/client-ed25519.der
index 82347a286..20536eece 100644
Binary files a/certs/ed25519/client-ed25519.der and b/certs/ed25519/client-ed25519.der differ
diff --git a/certs/ed25519/client-ed25519.pem b/certs/ed25519/client-ed25519.pem
index 9d35f82d9..4563ce735 100644
--- a/certs/ed25519/client-ed25519.pem
+++ b/certs/ed25519/client-ed25519.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            31:e6:4a:b1:6b:4e:2e:77:7b:d6:e3:94:8a:cf:02:b7:58:5a:fb:ab
+            33:8b:57:d5:8e:84:67:6a:e1:ed:f2:b9:11:16:5e:12:e5:0c:78:8a
         Signature Algorithm: ED25519
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Client-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Client-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED25519
@@ -22,8 +22,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:FE:41:5E:3E:81:E2:2E:46:B3:3E:47:89:90:D4:C2:B4:8E:11:D6:8A
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_ed25519/OU=Client-ed25519/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
-                serial:31:E6:4A:B1:6B:4E:2E:77:7B:D6:E3:94:8A:CF:02:B7:58:5A:FB:AB
-
+                serial:33:8B:57:D5:8E:84:67:6A:E1:ED:F2:B9:11:16:5E:12:E5:0C:78:8A
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -31,17 +30,18 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ED25519
-         92:ac:52:cf:34:c2:76:8a:78:f7:ef:da:3f:79:e9:66:d1:de:
-         e1:d7:56:b5:4b:cf:a7:c2:03:af:cc:23:11:4b:44:0c:33:ce:
-         45:e0:33:eb:cc:c9:f8:38:5b:19:6f:86:4d:97:30:d1:55:6e:
-         cb:5f:39:c9:a3:22:16:66:5f:07
+    Signature Value:
+        aa:c7:bd:8e:56:40:ab:7d:9c:55:f0:4d:1d:97:e9:03:62:11:
+        ca:51:ad:80:cf:1a:2c:2c:5b:2d:71:fe:db:1d:4b:cd:4b:8b:
+        2d:12:f7:01:ee:fb:7d:2e:21:fc:81:de:84:59:c8:a5:1e:92:
+        e3:21:58:d1:3e:8a:71:91:2d:0e
 -----BEGIN CERTIFICATE-----
-MIIDnzCCA1GgAwIBAgIUMeZKsWtOLnd71uOUis8Ct1ha+6swBQYDK2VwMIG4MQsw
+MIIDnzCCA1GgAwIBAgIUM4tX1Y6EZ2rh7fK5ERZeEuUMeIowBQYDK2VwMIG4MQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY
 MBYGA1UECgwPd29sZlNTTF9lZDI1NTE5MRcwFQYDVQQLDA5DbGllbnQtZWQyNTUx
 OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
-QHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0yMzEyMTMy
-MjE5MjlaFw0yNjA5MDgyMjE5MjlaMIG4MQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
+QHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0yNDEyMTgy
+MTI1MzBaFw0yNzA5MTQyMTI1MzBaMIG4MQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
 TW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9lZDI1
 NTE5MRcwFQYDVQQLDA5DbGllbnQtZWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
 c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZIm
@@ -51,9 +51,9 @@ EdaKMIH4BgNVHSMEgfAwge2AFP5BXj6B4i5Gsz5HiZDUwrSOEdaKoYG+pIG7MIG4
 MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h
 bjEYMBYGA1UECgwPd29sZlNTTF9lZDI1NTE5MRcwFQYDVQQLDA5DbGllbnQtZWQy
 NTUxOTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBp
-bmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTIIUMeZKsWtO
-Lnd71uOUis8Ct1ha+6swDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxl
+bmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTIIUM4tX1Y6E
+Z2rh7fK5ERZeEuUMeIowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxl
 LmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwBQYDK2Vw
-A0EAkqxSzzTCdop49+/aP3npZtHe4ddWtUvPp8IDr8wjEUtEDDPOReAz68zJ+Dhb
-GW+GTZcw0VVuy185yaMiFmZfBw==
+A0EAqse9jlZAq32cVfBNHZfpA2IRylGtgM8aLCxbLXH+2x1LzUuLLRL3Ae77fS4h
+/IHehFnIpR6S4yFY0T6KcZEtDg==
 -----END CERTIFICATE-----
diff --git a/certs/ed25519/root-ed25519.der b/certs/ed25519/root-ed25519.der
index d83657cb3..60ded1718 100644
Binary files a/certs/ed25519/root-ed25519.der and b/certs/ed25519/root-ed25519.der differ
diff --git a/certs/ed25519/root-ed25519.pem b/certs/ed25519/root-ed25519.pem
index f24691e37..feac37151 100644
--- a/certs/ed25519/root-ed25519.pem
+++ b/certs/ed25519/root-ed25519.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            46:46:59:7b:c4:b5:a1:60:04:ac:02:eb:e1:90:18:64:d9:1c:dc:bd
+            24:49:82:ee:d6:ad:c6:2d:77:b7:10:9e:f9:64:56:16:d3:04:0f:16
         Signature Algorithm: ED25519
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: ED25519
@@ -20,29 +20,29 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
             X509v3 Authority Key Identifier: 
-                keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
-
+                FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ED25519
-         ac:a3:8f:0c:8a:5d:96:a3:87:54:2f:0e:f3:9b:ce:e4:6e:33:
-         84:ff:e6:79:ff:9a:3d:c6:86:12:c8:47:4e:64:ba:c1:8b:55:
-         0e:cd:61:33:d3:0a:54:ce:d4:51:3e:cd:7f:6f:00:f8:5c:26:
-         6d:a8:25:dc:f7:39:73:a9:92:05
+    Signature Value:
+        99:de:96:76:e3:07:21:03:11:a3:e6:98:77:3d:cc:e6:db:a2:
+        96:67:26:f0:2b:26:eb:54:d5:11:e3:9e:a7:e6:aa:73:1e:c5:
+        58:92:72:7d:ac:1b:e0:99:2a:46:ea:a2:55:d5:4f:92:a2:32:
+        1d:fc:fc:5c:07:3c:0c:0d:79:0a
 -----BEGIN CERTIFICATE-----
-MIICYTCCAhOgAwIBAgIURkZZe8S1oWAErALr4ZAYZNkc3L0wBQYDK2VwMIGdMQsw
+MIICYTCCAhOgAwIBAgIUJEmC7tatxi13txCe+WRWFtMEDxYwBQYDK2VwMIGdMQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY
 MBYGA1UECgwPd29sZlNTTF9FZDI1NTE5MRUwEwYDVQQLDAxSb290LUVkMjU1MTkx
 GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
-b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIGdMQsw
+b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGdMQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY
 MBYGA1UECgwPd29sZlNTTF9FZDI1NTE5MRUwEwYDVQQLDAxSb290LUVkMjU1MTkx
 GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
 b2xmc3NsLmNvbTAqMAUGAytlcAMhAOmzb3xwiqvKVCBOZHY8Gk/3+l5K//PbuWQt
 EKUMWj/ao2MwYTAdBgNVHQ4EFgQU+rpbdh3xHR1NdEjYmDtW77MU894wHwYDVR0j
 BBgwFoAU+rpbdh3xHR1NdEjYmDtW77MU894wDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAYYwBQYDK2VwA0EArKOPDIpdlqOHVC8O85vO5G4zhP/mef+aPcaG
-EshHTmS6wYtVDs1hM9MKVM7UUT7Nf28A+Fwmbagl3Pc5c6mSBQ==
+HQ8BAf8EBAMCAYYwBQYDK2VwA0EAmd6WduMHIQMRo+aYdz3M5tuilmcm8Csm61TV
+EeOep+aqcx7FWJJyfawb4JkqRuqiVdVPkqIyHfz8XAc8DA15Cg==
 -----END CERTIFICATE-----
diff --git a/certs/ed25519/server-ed25519-cert.pem b/certs/ed25519/server-ed25519-cert.pem
index d08b56a0d..336efc98c 100644
--- a/certs/ed25519/server-ed25519-cert.pem
+++ b/certs/ed25519/server-ed25519-cert.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ED25519
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Server-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED25519
@@ -19,8 +19,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 A3:29:81:E7:90:6F:B9:60:F8:AF:CC:15:7A:AE:D7:A1:F4:B4:86:BA
             X509v3 Authority Key Identifier: 
-                keyid:74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
-
+                74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -30,16 +29,17 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ED25519
-         22:d7:34:ac:33:65:8b:18:a4:34:f9:3a:e6:ce:c1:77:a6:3d:
-         2a:2a:ee:22:ad:6e:fc:36:fc:98:8d:8a:fd:3f:cb:a9:74:01:
-         25:96:05:e1:39:13:8b:d9:05:6d:c9:ba:0e:5d:36:bf:39:03:
-         57:2a:55:fc:e3:53:c3:1b:e1:0b
+    Signature Value:
+        04:19:32:e4:24:e5:df:5a:a4:19:c4:31:15:81:05:4c:45:0a:
+        40:4a:5d:6a:8b:0a:77:02:fe:48:82:d2:83:8d:de:42:b8:cf:
+        02:dc:64:2c:bd:8c:9d:22:16:d8:7a:23:65:5d:b0:25:92:ac:
+        a8:6c:de:df:1d:eb:64:e4:8a:06
 -----BEGIN CERTIFICATE-----
 MIICpzCCAlmgAwIBAgIBATAFBgMrZXAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
 MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT
-8ixkAQEMB3dvbGZTU0wwHhcNMjMxMjEzMjIxOTI5WhcNMjYwOTA4MjIxOTI5WjCB
+8ixkAQEMB3dvbGZTU0wwHhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCB
 uDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xGDAWBgNVBAoMD3dvbGZTU0xfZWQyNTUxOTEXMBUGA1UECwwOU2VydmVyLWVk
 MjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQ
@@ -47,7 +47,7 @@ aW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0wwKjAFBgMr
 ZXADIQAjqk1gUOAT0zrtq/apzEr+100v0lsaEAXvWkElzhtTeKOBiTCBhjAdBgNV
 HQ4EFgQUoymB55BvuWD4r8wVeq7XofS0hrowHwYDVR0jBBgwFoAUdNU4GV6DuQP4
 AYo1NbuJTEm0I+kwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0l
-BAwwCgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMAUGAytlcANBACLXNKwz
-ZYsYpDT5OubOwXemPSoq7iKtbvw2/JiNiv0/y6l0ASWWBeE5E4vZBW3Jug5dNr85
-A1cqVfzjU8Mb4Qs=
+BAwwCgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMAUGAytlcANBAAQZMuQk
+5d9apBnEMRWBBUxFCkBKXWqLCncC/kiC0oON3kK4zwLcZCy9jJ0iFth6I2VdsCWS
+rKhs3t8d62TkigY=
 -----END CERTIFICATE-----
diff --git a/certs/ed25519/server-ed25519.der b/certs/ed25519/server-ed25519.der
index d4b8eca3c..6db9fa60d 100644
Binary files a/certs/ed25519/server-ed25519.der and b/certs/ed25519/server-ed25519.der differ
diff --git a/certs/ed25519/server-ed25519.pem b/certs/ed25519/server-ed25519.pem
index 9d4cfbe61..42f8aab18 100644
--- a/certs/ed25519/server-ed25519.pem
+++ b/certs/ed25519/server-ed25519.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ED25519
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Server-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED25519
@@ -19,8 +19,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 A3:29:81:E7:90:6F:B9:60:F8:AF:CC:15:7A:AE:D7:A1:F4:B4:86:BA
             X509v3 Authority Key Identifier: 
-                keyid:74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
-
+                74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -30,16 +29,17 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ED25519
-         22:d7:34:ac:33:65:8b:18:a4:34:f9:3a:e6:ce:c1:77:a6:3d:
-         2a:2a:ee:22:ad:6e:fc:36:fc:98:8d:8a:fd:3f:cb:a9:74:01:
-         25:96:05:e1:39:13:8b:d9:05:6d:c9:ba:0e:5d:36:bf:39:03:
-         57:2a:55:fc:e3:53:c3:1b:e1:0b
+    Signature Value:
+        04:19:32:e4:24:e5:df:5a:a4:19:c4:31:15:81:05:4c:45:0a:
+        40:4a:5d:6a:8b:0a:77:02:fe:48:82:d2:83:8d:de:42:b8:cf:
+        02:dc:64:2c:bd:8c:9d:22:16:d8:7a:23:65:5d:b0:25:92:ac:
+        a8:6c:de:df:1d:eb:64:e4:8a:06
 -----BEGIN CERTIFICATE-----
 MIICpzCCAlmgAwIBAgIBATAFBgMrZXAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
 MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT
-8ixkAQEMB3dvbGZTU0wwHhcNMjMxMjEzMjIxOTI5WhcNMjYwOTA4MjIxOTI5WjCB
+8ixkAQEMB3dvbGZTU0wwHhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCB
 uDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xGDAWBgNVBAoMD3dvbGZTU0xfZWQyNTUxOTEXMBUGA1UECwwOU2VydmVyLWVk
 MjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQ
@@ -47,9 +47,9 @@ aW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0wwKjAFBgMr
 ZXADIQAjqk1gUOAT0zrtq/apzEr+100v0lsaEAXvWkElzhtTeKOBiTCBhjAdBgNV
 HQ4EFgQUoymB55BvuWD4r8wVeq7XofS0hrowHwYDVR0jBBgwFoAUdNU4GV6DuQP4
 AYo1NbuJTEm0I+kwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0l
-BAwwCgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMAUGAytlcANBACLXNKwz
-ZYsYpDT5OubOwXemPSoq7iKtbvw2/JiNiv0/y6l0ASWWBeE5E4vZBW3Jug5dNr85
-A1cqVfzjU8Mb4Qs=
+BAwwCgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMAUGAytlcANBAAQZMuQk
+5d9apBnEMRWBBUxFCkBKXWqLCncC/kiC0oON3kK4zwLcZCy9jJ0iFth6I2VdsCWS
+rKhs3t8d62TkigY=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -58,8 +58,8 @@ Certificate:
         Signature Algorithm: ED25519
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED25519
@@ -72,29 +72,29 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
             X509v3 Authority Key Identifier: 
-                keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
-
+                FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ED25519
-         e6:71:a0:59:63:b4:31:31:1f:75:06:ce:f1:89:f0:e7:a2:db:
-         a8:c1:e4:c8:61:38:0c:e6:e9:e7:b9:9f:ce:e2:f5:49:a3:f5:
-         04:1e:85:f7:7d:10:fb:1d:ee:b6:dc:5e:51:f1:82:33:a4:ed:
-         e0:0a:65:09:2b:0e:1e:b2:af:0b
+    Signature Value:
+        44:eb:38:c6:27:d4:70:42:3f:9b:a0:d7:90:96:d6:6e:42:38:
+        5b:38:38:9f:21:ca:b0:fa:5e:7c:17:b4:32:5c:b3:08:a2:65:
+        50:d7:65:6b:f8:a9:ef:0d:d1:54:2d:4d:b6:0f:42:9e:51:f7:
+        db:a7:bf:16:23:c4:bd:7d:c9:03
 -----BEGIN CERTIFICATE-----
 MIICZTCCAhegAwIBAgIBATAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX0Vk
 MjU1MTkxFTATBgNVBAsMDFJvb3QtRWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
 MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT
 8ixkAQEMB3dvbGZTU0wwKjAFBgMrZXADIQBCO3r5gs/53xnd8/AyKW36/XZPaMLC
 4GxHrsJVaKwNTaNjMGEwHQYDVR0OBBYEFHTVOBleg7kD+AGKNTW7iUxJtCPpMB8G
 A1UdIwQYMBaAFPq6W3Yd8R0dTXRI2Jg7Vu+zFPPeMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgGGMAUGAytlcANBAOZxoFljtDExH3UGzvGJ8Oei26jB5Mhh
-OAzm6ee5n87i9Umj9QQehfd9EPsd7rbcXlHxgjOk7eAKZQkrDh6yrws=
+DgYDVR0PAQH/BAQDAgGGMAUGAytlcANBAETrOMYn1HBCP5ug15CW1m5COFs4OJ8h
+yrD6XnwXtDJcswiiZVDXZWv4qe8N0VQtTbYPQp5R99unvxYjxL19yQM=
 -----END CERTIFICATE-----
diff --git a/certs/ed448/ca-ed448.der b/certs/ed448/ca-ed448.der
index 250855055..e63b35600 100644
Binary files a/certs/ed448/ca-ed448.der and b/certs/ed448/ca-ed448.der differ
diff --git a/certs/ed448/ca-ed448.pem b/certs/ed448/ca-ed448.pem
index a384c30a8..80f18d9ce 100644
--- a/certs/ed448/ca-ed448.pem
+++ b/certs/ed448/ca-ed448.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ED448
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed448, OU = Root-Ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = CA-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED448
@@ -20,34 +20,34 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 38:59:45:E8:DD:44:2C:B5:7D:A5:25:D6:0B:CC:39:F0:72:C0:94:63
             X509v3 Authority Key Identifier: 
-                keyid:DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
-
+                DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ED448
-         24:d8:26:28:60:11:09:c1:a5:f9:a9:7f:a7:40:ed:a5:07:cb:
-         cb:3e:a1:6a:d3:45:6d:4c:e1:66:36:37:57:6a:34:5d:33:45:
-         b3:17:e1:18:76:57:df:fe:44:b4:ec:04:16:74:52:82:24:52:
-         1f:99:00:2d:42:a9:5c:45:1b:8d:b8:95:ce:0d:82:cb:52:8f:
-         e2:bd:20:19:6a:8a:79:29:f6:20:d3:e6:35:8c:27:1a:a4:64:
-         b7:ff:91:09:21:57:c6:11:c5:01:9a:98:54:31:37:7a:7b:ed:
-         35:a9:4d:13:19:00
+    Signature Value:
+        cd:f6:7e:99:b5:a0:0c:c3:38:25:38:54:42:51:57:19:5b:a2:
+        89:c5:f2:71:e2:3b:62:93:e9:08:54:ae:e0:89:c0:e8:d8:2f:
+        9c:dc:38:f7:80:dc:ca:f3:2f:55:63:70:7a:fe:e8:b2:90:62:
+        03:22:00:34:1a:9e:0f:f0:43:14:a2:f3:b6:98:19:0a:fd:83:
+        86:18:bb:87:2d:08:a3:93:d1:df:c8:15:7f:59:4b:8b:5e:23:
+        eb:f6:61:d4:b8:1f:91:7d:10:4b:68:02:d9:05:1d:6f:23:87:
+        d1:68:1b:71:19:00
 -----BEGIN CERTIFICATE-----
 MIICqDCCAiigAwIBAgIBATAFBgMrZXEwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRYwFAYDVQQKDA13b2xmU1NMX0Vk
 NDQ4MRMwEQYDVQQLDApSb290LUVkNDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
-b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIx
-OTI5WhcNMjYwOTA4MjIxOTI5WjCBsDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
+b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjEy
+NTMwWhcNMjcwOTE0MjEyNTMwWjCBsDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
 bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFjAUBgNVBAoMDXdvbGZTU0xfZWQ0NDgx
 ETAPBgNVBAsMCENBLWVkNDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd
 BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3
 b2xmU1NMMEMwBQYDK2VxAzoADuK0duXSzMJLe7ApvpL7w69ppZS6cCToo+/IY5rd
 pq9YQzgEJPAQkb6nAZFU889phUy5l4ykN6oAo2MwYTAdBgNVHQ4EFgQUOFlF6N1E
 LLV9pSXWC8w58HLAlGMwHwYDVR0jBBgwFoAU2mmYySZKdftZXlOaY0sMuIgLDx4w
-DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VxA3MAJNgmKGAR
-CcGl+al/p0DtpQfLyz6hatNFbUzhZjY3V2o0XTNFsxfhGHZX3/5EtOwEFnRSgiRS
-H5kALUKpXEUbjbiVzg2Cy1KP4r0gGWqKeSn2INPmNYwnGqRkt/+RCSFXxhHFAZqY
-VDE3envtNalNExkA
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VxA3MAzfZ+mbWg
+DMM4JThUQlFXGVuiicXyceI7YpPpCFSu4InA6NgvnNw494DcyvMvVWNwev7ospBi
+AyIANBqeD/BDFKLztpgZCv2Dhhi7hy0Io5PR38gVf1lLi14j6/Zh1LgfkX0QS2gC
+2QUdbyOH0WgbcRkA
 -----END CERTIFICATE-----
diff --git a/certs/ed448/client-ed448.der b/certs/ed448/client-ed448.der
index e220065a8..719dc6eab 100644
Binary files a/certs/ed448/client-ed448.der and b/certs/ed448/client-ed448.der differ
diff --git a/certs/ed448/client-ed448.pem b/certs/ed448/client-ed448.pem
index ec2bf3da7..38650874e 100644
--- a/certs/ed448/client-ed448.pem
+++ b/certs/ed448/client-ed448.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            1e:73:eb:26:79:34:8f:f6:ba:9b:e5:8d:b4:e1:1a:73:6b:91:a6:6b
+            73:8f:b3:50:d4:5c:05:36:fc:af:03:ad:08:30:9a:a6:be:3e:b3:02
         Signature Algorithm: ED448
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = Client-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = Client-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED448
@@ -23,8 +23,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:F3:C7:66:93:0D:CB:0E:1B:80:08:00:CF:E3:4E:11:4D:58:2B:4B:D4
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_ed448/OU=Client-ed448/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
-                serial:1E:73:EB:26:79:34:8F:F6:BA:9B:E5:8D:B4:E1:1A:73:6B:91:A6:6B
-
+                serial:73:8F:B3:50:D4:5C:05:36:FC:AF:03:AD:08:30:9A:A6:BE:3E:B3:02
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -32,20 +31,21 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ED448
-         c8:1a:84:b3:0f:6c:53:1b:21:49:44:ce:5d:46:30:1a:9a:eb:
-         9e:cb:22:40:89:09:a8:4a:23:69:27:05:f3:cf:5d:7a:d0:9b:
-         a7:fd:b9:52:d2:4e:b1:e4:ed:8f:de:7f:75:49:07:f5:df:ec:
-         ac:34:00:d4:12:b1:b4:1e:49:1c:da:ae:34:db:4c:d6:2b:40:
-         00:2a:ed:3f:37:09:26:62:ab:32:34:f4:81:19:d4:6b:ef:07:
-         19:0c:6c:d9:e9:69:24:c7:e5:b2:73:b0:6d:14:ba:3e:8a:86:
-         5d:24:dc:80:3c:00
+    Signature Value:
+        02:3d:3e:a4:b8:6d:d3:ba:4c:d2:e4:07:44:92:c6:94:94:ea:
+        b5:d7:6a:40:e8:d5:6f:f7:67:51:e9:50:b1:66:96:36:3b:5d:
+        3a:6c:99:3c:8f:24:1c:d1:c4:e5:0a:50:98:7b:41:be:d5:8b:
+        a3:28:00:95:87:a2:a8:d8:85:50:0d:3c:5b:9c:fb:96:62:60:
+        ab:c0:a8:23:c3:5f:6b:e6:c5:27:e7:e4:ad:fa:3d:d9:ee:3a:
+        d1:f5:09:28:19:2e:85:57:b1:01:32:e3:61:3f:bc:2f:00:3a:
+        d8:bf:77:d9:03:00
 -----BEGIN CERTIFICATE-----
-MIID3jCCA16gAwIBAgIUHnPrJnk0j/a6m+WNtOEac2uRpmswBQYDK2VxMIG0MQsw
+MIID3jCCA16gAwIBAgIUc4+zUNRcBTb8rwOtCDCapr4+swIwBQYDK2VxMIG0MQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEW
 MBQGA1UECgwNd29sZlNTTF9lZDQ0ODEVMBMGA1UECwwMQ2xpZW50LWVkNDQ4MRgw
 FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
-ZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTIzMTIxMzIyMTky
-OVoXDTI2MDkwODIyMTkyOVowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250
+ZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTI0MTIxODIxMjUz
+MFoXDTI3MDkxNDIxMjUzMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250
 YW5hMRAwDgYDVQQHDAdCb3plbWFuMRYwFAYDVQQKDA13b2xmU1NMX2VkNDQ4MRUw
 EwYDVQQLDAxDbGllbnQtZWQ0NDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
 MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEM
@@ -56,9 +56,9 @@ VzXIdrOzMI+HeOYmWifYDDieezwTL8ykKWyA74CjggFlMIIBYTAdBgNVHQ4EFgQU
 MRAwDgYDVQQHDAdCb3plbWFuMRYwFAYDVQQKDA13b2xmU1NMX2VkNDQ4MRUwEwYD
 VQQLDAxDbGllbnQtZWQ0NDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
 CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dv
-bGZTU0yCFB5z6yZ5NI/2upvljbThGnNrkaZrMAwGA1UdEwQFMAMBAf8wHAYDVR0R
+bGZTU0yCFHOPs1DUXAU2/K8DrQgwmqa+PrMCMAwGA1UdEwQFMAMBAf8wHAYDVR0R
 BBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-AQUFBwMCMAUGAytlcQNzAMgahLMPbFMbIUlEzl1GMBqa657LIkCJCahKI2knBfPP
-XXrQm6f9uVLSTrHk7Y/ef3VJB/Xf7Kw0ANQSsbQeSRzarjTbTNYrQAAq7T83CSZi
-qzI09IEZ1GvvBxkMbNnpaSTH5bJzsG0Uuj6Khl0k3IA8AA==
+AQUFBwMCMAUGAytlcQNzAAI9PqS4bdO6TNLkB0SSxpSU6rXXakDo1W/3Z1HpULFm
+ljY7XTpsmTyPJBzRxOUKUJh7Qb7Vi6MoAJWHoqjYhVANPFuc+5ZiYKvAqCPDX2vm
+xSfn5K36PdnuOtH1CSgZLoVXsQEy42E/vC8AOti/d9kDAA==
 -----END CERTIFICATE-----
diff --git a/certs/ed448/root-ed448.der b/certs/ed448/root-ed448.der
index 959c9d892..311dae875 100644
Binary files a/certs/ed448/root-ed448.der and b/certs/ed448/root-ed448.der differ
diff --git a/certs/ed448/root-ed448.pem b/certs/ed448/root-ed448.pem
index 15ea82276..f491ab58b 100644
--- a/certs/ed448/root-ed448.pem
+++ b/certs/ed448/root-ed448.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            13:86:16:ce:8f:3e:19:34:76:2d:dd:88:13:01:34:86:73:7b:5a:9a
+            63:2c:f3:73:35:61:fa:12:27:9f:85:1e:85:15:27:a8:e7:3a:d4:7a
         Signature Algorithm: ED448
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed448, OU = Root-Ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed448, OU = Root-Ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: ED448
@@ -21,34 +21,34 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
             X509v3 Authority Key Identifier: 
-                keyid:DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
-
+                DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ED448
-         58:fd:39:b5:c2:38:86:da:aa:72:ec:35:44:d1:8a:b6:7c:28:
-         9f:c4:75:c9:bf:09:d8:49:c0:18:34:9d:10:c3:e9:f3:54:9b:
-         3d:8a:c7:9c:bd:a1:9d:33:88:17:f2:55:9c:bb:00:63:d8:40:
-         a2:ed:80:7d:e9:95:1d:f0:fb:9f:7c:43:ba:b1:63:4e:48:7e:
-         87:ea:82:21:bb:3f:a5:2f:6e:43:77:90:4b:e3:e4:29:a8:a1:
-         c0:c4:22:a5:6c:49:ef:c7:e9:36:1c:39:3f:71:3d:6d:51:27:
-         89:99:fa:c6:1c:00
+    Signature Value:
+        c8:58:17:45:94:49:83:23:2e:49:ab:ed:84:6c:c2:8a:6c:62:
+        84:c0:ea:ea:af:4e:ae:c4:16:48:6b:c7:34:0f:37:5a:08:5a:
+        f1:7b:91:00:0f:94:7d:32:d3:c5:32:b8:fc:c4:5f:92:e7:5a:
+        43:5c:80:b0:66:dc:b9:7e:2c:1b:de:54:34:60:9f:90:8c:80:
+        31:a5:e0:ba:6b:19:89:c2:74:c6:8c:e5:16:ec:df:93:68:a4:
+        04:a4:48:de:8d:21:52:da:fb:6a:a1:a3:8d:24:b3:a6:be:4d:
+        fc:c9:27:f1:05:00
 -----BEGIN CERTIFICATE-----
-MIICpDCCAiSgAwIBAgIUE4YWzo8+GTR2Ld2IEwE0hnN7WpowBQYDK2VxMIGZMQsw
+MIICpDCCAiSgAwIBAgIUYyzzczVh+hInn4UehRUnqOc61HowBQYDK2VxMIGZMQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEW
 MBQGA1UECgwNd29sZlNTTF9FZDQ0ODETMBEGA1UECwwKUm9vdC1FZDQ0ODEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
-c2wuY29tMB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgZkxCzAJBgNV
+c2wuY29tMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgZkxCzAJBgNV
 BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRYwFAYD
 VQQKDA13b2xmU1NMX0VkNDQ4MRMwEQYDVQQLDApSb290LUVkNDQ4MRgwFgYDVQQD
 DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b20wQzAFBgMrZXEDOgALZCYoz7VGm+4/6jv1Znoy1P59+IBfWFds13nuZqI9VI+N
 CK/LuEOUUF3lU2JpyHWCpl5EyktbCwCjYzBhMB0GA1UdDgQWBBTaaZjJJkp1+1le
 U5pjSwy4iAsPHjAfBgNVHSMEGDAWgBTaaZjJJkp1+1leU5pjSwy4iAsPHjAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAFBgMrZXEDcwBY/Tm1wjiG2qpy
-7DVE0Yq2fCifxHXJvwnYScAYNJ0Qw+nzVJs9isecvaGdM4gX8lWcuwBj2ECi7YB9
-6ZUd8PuffEO6sWNOSH6H6oIhuz+lL25Dd5BL4+QpqKHAxCKlbEnvx+k2HDk/cT1t
-USeJmfrGHAA=
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAFBgMrZXEDcwDIWBdFlEmDIy5J
+q+2EbMKKbGKEwOrqr06uxBZIa8c0DzdaCFrxe5EAD5R9MtPFMrj8xF+S51pDXICw
+Zty5fiwb3lQ0YJ+QjIAxpeC6axmJwnTGjOUW7N+TaKQEpEjejSFS2vtqoaONJLOm
+vk38ySfxBQA=
 -----END CERTIFICATE-----
diff --git a/certs/ed448/server-ed448-cert.pem b/certs/ed448/server-ed448-cert.pem
index 43085091e..e3073fd85 100644
--- a/certs/ed448/server-ed448-cert.pem
+++ b/certs/ed448/server-ed448-cert.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ED448
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = CA-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = Server-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED448
@@ -20,8 +20,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 7C:AB:5C:12:A9:68:D8:18:10:28:7D:92:C5:4A:B8:4C:4C:76:0E:DB
             X509v3 Authority Key Identifier: 
-                keyid:38:59:45:E8:DD:44:2C:B5:7D:A5:25:D6:0B:CC:39:F0:72:C0:94:63
-
+                38:59:45:E8:DD:44:2C:B5:7D:A5:25:D6:0B:CC:39:F0:72:C0:94:63
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -31,19 +30,20 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ED448
-         f9:2a:92:55:05:3d:74:24:8f:57:f4:91:e5:66:85:7c:53:11:
-         88:22:82:ea:a3:50:0f:c2:a6:8e:39:85:85:14:a3:d4:ac:4f:
-         66:fc:7e:b4:b3:f4:d7:5d:7c:9b:7f:c4:8e:3b:bc:d9:3a:cc:
-         91:91:00:5d:da:26:04:2c:ba:f9:c4:45:3a:d3:4f:80:1e:46:
-         9b:86:b8:56:ee:b2:e8:ba:26:47:28:2a:3d:cc:6a:51:33:c3:
-         8e:8b:c4:01:8c:cc:25:fd:b4:cb:c2:a3:46:ad:b7:9d:14:e6:
-         a6:02:39:07:34:00
+    Signature Value:
+        7b:57:bb:6e:a6:57:a9:d2:0a:85:f0:ae:63:17:ef:cf:e7:5a:
+        70:92:41:14:c2:b1:17:52:07:93:95:14:c8:b6:9c:80:2a:6f:
+        09:90:15:1c:3f:a9:59:50:c6:c4:e7:72:65:35:db:97:28:35:
+        94:e0:80:cf:71:c2:1e:db:c6:8c:e4:ea:b8:96:a3:e3:c8:22:
+        93:e9:66:78:bd:97:fb:8b:a3:40:41:42:46:3e:37:35:58:f0:
+        c1:52:58:4e:f6:ce:2d:4c:7e:d3:6d:1f:a7:ff:27:f2:d0:62:
+        27:eb:2d:8b:05:00
 -----BEGIN CERTIFICATE-----
 MIIC6jCCAmqgAwIBAgIBATAFBgMrZXEwgbAxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRYwFAYDVQQKDA13b2xmU1NMX2Vk
 NDQ4MREwDwYDVQQLDAhDQS1lZDQ0ODEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
 MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQB
-AQwHd29sZlNTTDAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIG0MQsw
+AQwHd29sZlNTTDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIG0MQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEW
 MBQGA1UECgwNd29sZlNTTF9lZDQ0ODEVMBMGA1UECwwMU2VydmVyLWVkNDQ4MRgw
 FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -52,7 +52,7 @@ Aes32akHzQG8nXAWwiwrdVtj2+46LUSSRrR7BwNPoq6GhtyLSyx/6GsUjVjdbedv
 OgWVqO8Ao4GJMIGGMB0GA1UdDgQWBBR8q1wSqWjYGBAofZLFSrhMTHYO2zAfBgNV
 HSMEGDAWgBQ4WUXo3UQstX2lJdYLzDnwcsCUYzAMBgNVHRMBAf8EAjAAMA4GA1Ud
 DwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMC
-BkAwBQYDK2VxA3MA+SqSVQU9dCSPV/SR5WaFfFMRiCKC6qNQD8KmjjmFhRSj1KxP
-Zvx+tLP01118m3/Ejju82TrMkZEAXdomBCy6+cRFOtNPgB5Gm4a4Vu6y6LomRygq
-PcxqUTPDjovEAYzMJf20y8KjRq23nRTmpgI5BzQA
+BkAwBQYDK2VxA3MAe1e7bqZXqdIKhfCuYxfvz+dacJJBFMKxF1IHk5UUyLacgCpv
+CZAVHD+pWVDGxOdyZTXblyg1lOCAz3HCHtvGjOTquJaj48gik+lmeL2X+4ujQEFC
+Rj43NVjwwVJYTvbOLUx+020fp/8n8tBiJ+stiwUA
 -----END CERTIFICATE-----
diff --git a/certs/ed448/server-ed448.der b/certs/ed448/server-ed448.der
index c287ff397..378b24e06 100644
Binary files a/certs/ed448/server-ed448.der and b/certs/ed448/server-ed448.der differ
diff --git a/certs/ed448/server-ed448.pem b/certs/ed448/server-ed448.pem
index ed589ec4b..2f39150dc 100644
--- a/certs/ed448/server-ed448.pem
+++ b/certs/ed448/server-ed448.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ED448
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = CA-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = Server-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED448
@@ -20,8 +20,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 7C:AB:5C:12:A9:68:D8:18:10:28:7D:92:C5:4A:B8:4C:4C:76:0E:DB
             X509v3 Authority Key Identifier: 
-                keyid:38:59:45:E8:DD:44:2C:B5:7D:A5:25:D6:0B:CC:39:F0:72:C0:94:63
-
+                38:59:45:E8:DD:44:2C:B5:7D:A5:25:D6:0B:CC:39:F0:72:C0:94:63
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -31,19 +30,20 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ED448
-         f9:2a:92:55:05:3d:74:24:8f:57:f4:91:e5:66:85:7c:53:11:
-         88:22:82:ea:a3:50:0f:c2:a6:8e:39:85:85:14:a3:d4:ac:4f:
-         66:fc:7e:b4:b3:f4:d7:5d:7c:9b:7f:c4:8e:3b:bc:d9:3a:cc:
-         91:91:00:5d:da:26:04:2c:ba:f9:c4:45:3a:d3:4f:80:1e:46:
-         9b:86:b8:56:ee:b2:e8:ba:26:47:28:2a:3d:cc:6a:51:33:c3:
-         8e:8b:c4:01:8c:cc:25:fd:b4:cb:c2:a3:46:ad:b7:9d:14:e6:
-         a6:02:39:07:34:00
+    Signature Value:
+        7b:57:bb:6e:a6:57:a9:d2:0a:85:f0:ae:63:17:ef:cf:e7:5a:
+        70:92:41:14:c2:b1:17:52:07:93:95:14:c8:b6:9c:80:2a:6f:
+        09:90:15:1c:3f:a9:59:50:c6:c4:e7:72:65:35:db:97:28:35:
+        94:e0:80:cf:71:c2:1e:db:c6:8c:e4:ea:b8:96:a3:e3:c8:22:
+        93:e9:66:78:bd:97:fb:8b:a3:40:41:42:46:3e:37:35:58:f0:
+        c1:52:58:4e:f6:ce:2d:4c:7e:d3:6d:1f:a7:ff:27:f2:d0:62:
+        27:eb:2d:8b:05:00
 -----BEGIN CERTIFICATE-----
 MIIC6jCCAmqgAwIBAgIBATAFBgMrZXEwgbAxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRYwFAYDVQQKDA13b2xmU1NMX2Vk
 NDQ4MREwDwYDVQQLDAhDQS1lZDQ0ODEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
 MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQB
-AQwHd29sZlNTTDAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIG0MQsw
+AQwHd29sZlNTTDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIG0MQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEW
 MBQGA1UECgwNd29sZlNTTF9lZDQ0ODEVMBMGA1UECwwMU2VydmVyLWVkNDQ4MRgw
 FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -52,9 +52,9 @@ Aes32akHzQG8nXAWwiwrdVtj2+46LUSSRrR7BwNPoq6GhtyLSyx/6GsUjVjdbedv
 OgWVqO8Ao4GJMIGGMB0GA1UdDgQWBBR8q1wSqWjYGBAofZLFSrhMTHYO2zAfBgNV
 HSMEGDAWgBQ4WUXo3UQstX2lJdYLzDnwcsCUYzAMBgNVHRMBAf8EAjAAMA4GA1Ud
 DwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMC
-BkAwBQYDK2VxA3MA+SqSVQU9dCSPV/SR5WaFfFMRiCKC6qNQD8KmjjmFhRSj1KxP
-Zvx+tLP01118m3/Ejju82TrMkZEAXdomBCy6+cRFOtNPgB5Gm4a4Vu6y6LomRygq
-PcxqUTPDjovEAYzMJf20y8KjRq23nRTmpgI5BzQA
+BkAwBQYDK2VxA3MAe1e7bqZXqdIKhfCuYxfvz+dacJJBFMKxF1IHk5UUyLacgCpv
+CZAVHD+pWVDGxOdyZTXblyg1lOCAz3HCHtvGjOTquJaj48gik+lmeL2X+4ujQEFC
+Rj43NVjwwVJYTvbOLUx+020fp/8n8tBiJ+stiwUA
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -63,8 +63,8 @@ Certificate:
         Signature Algorithm: ED448
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed448, OU = Root-Ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed448, OU = CA-ed448, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: ED448
@@ -78,34 +78,34 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 38:59:45:E8:DD:44:2C:B5:7D:A5:25:D6:0B:CC:39:F0:72:C0:94:63
             X509v3 Authority Key Identifier: 
-                keyid:DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
-
+                DA:69:98:C9:26:4A:75:FB:59:5E:53:9A:63:4B:0C:B8:88:0B:0F:1E
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ED448
-         24:d8:26:28:60:11:09:c1:a5:f9:a9:7f:a7:40:ed:a5:07:cb:
-         cb:3e:a1:6a:d3:45:6d:4c:e1:66:36:37:57:6a:34:5d:33:45:
-         b3:17:e1:18:76:57:df:fe:44:b4:ec:04:16:74:52:82:24:52:
-         1f:99:00:2d:42:a9:5c:45:1b:8d:b8:95:ce:0d:82:cb:52:8f:
-         e2:bd:20:19:6a:8a:79:29:f6:20:d3:e6:35:8c:27:1a:a4:64:
-         b7:ff:91:09:21:57:c6:11:c5:01:9a:98:54:31:37:7a:7b:ed:
-         35:a9:4d:13:19:00
+    Signature Value:
+        cd:f6:7e:99:b5:a0:0c:c3:38:25:38:54:42:51:57:19:5b:a2:
+        89:c5:f2:71:e2:3b:62:93:e9:08:54:ae:e0:89:c0:e8:d8:2f:
+        9c:dc:38:f7:80:dc:ca:f3:2f:55:63:70:7a:fe:e8:b2:90:62:
+        03:22:00:34:1a:9e:0f:f0:43:14:a2:f3:b6:98:19:0a:fd:83:
+        86:18:bb:87:2d:08:a3:93:d1:df:c8:15:7f:59:4b:8b:5e:23:
+        eb:f6:61:d4:b8:1f:91:7d:10:4b:68:02:d9:05:1d:6f:23:87:
+        d1:68:1b:71:19:00
 -----BEGIN CERTIFICATE-----
 MIICqDCCAiigAwIBAgIBATAFBgMrZXEwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRYwFAYDVQQKDA13b2xmU1NMX0Vk
 NDQ4MRMwEQYDVQQLDApSb290LUVkNDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
-b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIx
-OTI5WhcNMjYwOTA4MjIxOTI5WjCBsDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
+b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjEy
+NTMwWhcNMjcwOTE0MjEyNTMwWjCBsDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
 bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFjAUBgNVBAoMDXdvbGZTU0xfZWQ0NDgx
 ETAPBgNVBAsMCENBLWVkNDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd
 BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3
 b2xmU1NMMEMwBQYDK2VxAzoADuK0duXSzMJLe7ApvpL7w69ppZS6cCToo+/IY5rd
 pq9YQzgEJPAQkb6nAZFU889phUy5l4ykN6oAo2MwYTAdBgNVHQ4EFgQUOFlF6N1E
 LLV9pSXWC8w58HLAlGMwHwYDVR0jBBgwFoAU2mmYySZKdftZXlOaY0sMuIgLDx4w
-DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VxA3MAJNgmKGAR
-CcGl+al/p0DtpQfLyz6hatNFbUzhZjY3V2o0XTNFsxfhGHZX3/5EtOwEFnRSgiRS
-H5kALUKpXEUbjbiVzg2Cy1KP4r0gGWqKeSn2INPmNYwnGqRkt/+RCSFXxhHFAZqY
-VDE3envtNalNExkA
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VxA3MAzfZ+mbWg
+DMM4JThUQlFXGVuiicXyceI7YpPpCFSu4InA6NgvnNw494DcyvMvVWNwev7ospBi
+AyIANBqeD/BDFKLztpgZCv2Dhhi7hy0Io5PR38gVf1lLi14j6/Zh1LgfkX0QS2gC
+2QUdbyOH0WgbcRkA
 -----END CERTIFICATE-----
diff --git a/certs/entity-no-ca-bool-cert.pem b/certs/entity-no-ca-bool-cert.pem
index ebd3e2ddd..9ef7a189e 100644
--- a/certs/entity-no-ca-bool-cert.pem
+++ b/certs/entity-no-ca-bool-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = NoCaBool, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:eb:52:8d:b0:d8:01:6b:f7:16:50:fe:34:a3:86:
                     1b:e8:49:50:b1:6f:6a:3f:af:de:6c:d1:af:25:9c:
@@ -37,8 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:FALSE, pathlen:0
             X509v3 Key Usage: 
@@ -46,27 +45,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Client Authentication, TLS Web Server Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         44:6a:a0:11:85:71:72:c5:7c:84:36:aa:31:c4:4a:c0:99:0e:
-         fd:b9:78:69:0b:8c:58:b4:4c:01:04:65:f3:dd:ea:db:a2:1f:
-         d7:9d:cd:b4:6f:18:da:79:b8:35:c4:25:5e:61:a4:02:26:29:
-         33:be:72:e5:35:8f:2b:68:0a:87:03:97:3e:9e:00:e2:37:7f:
-         7a:c9:29:d8:fc:61:6b:3f:36:47:e2:66:e0:93:77:b7:75:46:
-         bb:0c:57:5c:af:7d:62:07:d9:0c:93:b7:5f:81:a6:9e:49:7b:
-         f8:0a:82:2a:2a:80:39:d8:91:c5:01:cb:aa:f4:d7:15:64:78:
-         5c:1e:b4:57:35:6c:19:f6:36:b8:35:96:ce:c6:a7:cb:12:56:
-         c1:58:0b:10:54:b0:d7:b0:1f:48:50:b2:16:96:c8:88:32:88:
-         25:bb:40:c3:c5:df:a2:74:04:84:21:c4:fe:fe:d3:08:50:4f:
-         85:f7:b2:6e:5e:b5:3e:47:19:c9:1a:81:0a:24:33:a5:04:90:
-         3f:c1:4d:f7:94:86:8f:78:82:4c:51:4e:37:84:1f:98:f2:91:
-         07:58:c0:f9:dc:4f:b6:a8:54:a0:b9:0b:43:3b:bd:b2:3c:d6:
-         ad:52:05:6d:95:6b:c5:9c:5f:f5:87:f9:3b:e2:b8:3a:3a:3f:
-         3f:06:df:10
+    Signature Value:
+        01:c8:08:31:76:f9:69:4e:b0:7b:3a:64:50:3a:3a:37:72:0c:
+        c5:4e:f9:af:09:44:21:9c:d1:42:63:1b:43:76:ce:79:2b:40:
+        b4:70:77:36:43:50:22:7b:41:f8:b7:d7:10:84:1a:39:13:9e:
+        62:6a:23:ff:0d:c3:69:c7:53:fd:3f:95:1a:b2:14:d4:e8:92:
+        5e:74:dd:be:5c:46:c0:a4:74:89:15:01:36:89:dd:84:be:a7:
+        b3:88:b3:6c:bf:5e:36:b6:48:b6:e0:3f:8b:a0:1a:2c:51:00:
+        04:4d:80:bc:ab:3e:a4:0d:0e:38:bc:27:c7:59:d0:27:47:ab:
+        26:46:32:6e:4c:07:fd:d5:bb:8c:73:39:68:27:d0:18:c8:8d:
+        10:d1:ee:d3:ef:2a:e6:e3:8d:30:86:2f:ab:c5:bf:ee:95:c3:
+        a7:3b:69:65:5a:c1:60:e7:1a:07:28:ca:f2:c1:f3:95:7e:c1:
+        e2:e2:9b:27:54:eb:d1:43:3f:b0:b6:55:91:06:e5:cb:f8:4b:
+        78:c6:45:e9:46:56:2b:fa:47:c1:6a:c1:ab:af:2d:17:e6:3b:
+        8e:68:ed:37:86:d8:d7:cf:db:80:8b:90:f7:df:f2:a9:09:5f:
+        29:1c:f7:2c:d4:31:bd:8e:86:38:22:88:bb:64:e7:0d:59:58:
+        ac:ec:7c:78
 -----BEGIN CERTIFICATE-----
 MIIE2DCCA8CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBkTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxETAP
 BgNVBAsMCE5vQ2FCb29sMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq
 hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
@@ -80,29 +80,29 @@ FgQU7/SLhs5179zh+CMeGrg7jZgJiOcwgdQGA1UdIwSBzDCByYAUJ45nEXTDJh0/
 7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250
 YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UE
 CwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
-hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqobAHs9mDycFEKTNEU+rzpRDAM
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG8aOUZRmhCFjvp40reoPB2jAM
 BgNVHRMEBTADAgEAMAsGA1UdDwQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
-KwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAERqoBGFcXLFfIQ2qjHESsCZDv25
-eGkLjFi0TAEEZfPd6tuiH9edzbRvGNp5uDXEJV5hpAImKTO+cuU1jytoCocDlz6e
-AOI3f3rJKdj8YWs/NkfiZuCTd7d1RrsMV1yvfWIH2QyTt1+Bpp5Je/gKgioqgDnY
-kcUBy6r01xVkeFwetFc1bBn2Nrg1ls7Gp8sSVsFYCxBUsNewH0hQshaWyIgyiCW7
-QMPF36J0BIQhxP7+0whQT4X3sm5etT5HGckagQokM6UEkD/BTfeUho94gkxRTjeE
-H5jykQdYwPncT7aoVKC5C0M7vbI81q1SBW2Va8WcX/WH+TviuDo6Pz8G3xA=
+KwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAAHICDF2+WlOsHs6ZFA6OjdyDMVO
++a8JRCGc0UJjG0N2znkrQLRwdzZDUCJ7Qfi31xCEGjkTnmJqI/8Nw2nHU/0/lRqy
+FNTokl503b5cRsCkdIkVATaJ3YS+p7OIs2y/Xja2SLbgP4ugGixRAARNgLyrPqQN
+Dji8J8dZ0CdHqyZGMm5MB/3Vu4xzOWgn0BjIjRDR7tPvKubjjTCGL6vFv+6Vw6c7
+aWVawWDnGgcoyvLB85V+weLimydU69FDP7C2VZEG5cv4S3jGRelGViv6R8Fqwauv
+LRfmO45o7TeG2NfP24CLkPff8qkJXykc9yzUMb2OhjgiiLtk5w1ZWKzsfHg=
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+            6b:9b:70:c6:f1:a3:94:65:19:a1:08:58:ef:a7:8d:2b:7a:83:c1:da
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -129,8 +129,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -138,27 +137,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
-         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
-         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
-         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
-         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
-         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
-         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
-         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
-         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
-         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
-         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
-         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
-         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
-         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
-         b9:a2:fe:35
+    Signature Value:
+        77:3b:3d:66:74:bc:97:fe:40:16:e6:ba:a5:d5:d1:84:08:89:
+        69:4f:88:0d:57:a9:ef:8c:c3:97:52:c8:bd:8b:a2:49:3b:b7:
+        f7:5d:1e:d6:14:7f:b2:80:33:da:a0:8a:d3:e1:2f:d5:bc:33:
+        9f:ea:5a:72:24:e5:f8:b8:4b:b3:df:62:90:3b:a8:21:ef:27:
+        42:75:bc:60:02:8e:37:35:99:eb:a3:28:f2:65:4c:ff:7a:f8:
+        8e:cc:23:6d:e5:6a:fe:22:5a:d9:b2:4f:47:c7:e0:ae:98:ef:
+        94:ac:b6:4f:61:81:29:8e:e1:79:2c:46:fc:e9:1a:c3:96:1f:
+        19:93:64:2e:9f:37:72:c5:e4:93:4e:61:5f:38:8e:ae:e8:39:
+        19:e6:97:a8:91:d4:23:7e:1e:d2:d0:53:ec:cc:ac:a0:1d:d0:
+        b7:dd:b1:b7:01:2e:96:cd:85:27:e0:e7:47:e2:c1:c1:00:f6:
+        94:df:77:e7:fa:c6:ef:8a:c0:7c:67:bc:ff:a0:7c:94:3b:7d:
+        86:42:af:3d:83:31:ee:2a:3b:7b:f0:2c:9e:6f:e9:c4:07:81:
+        24:da:05:70:4d:dd:09:ae:9e:72:b8:21:0e:8c:b2:ab:aa:4c:
+        49:10:f7:76:f9:b5:0d:6c:20:d3:df:7a:06:32:8d:29:1f:28:
+        1d:8d:26:33
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUa5twxvGjlGUZoQhY76eNK3qDwdowDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -173,12 +173,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+a5twxvGjlGUZoQhY76eNK3qDwdowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
-OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
-bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
-w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
-tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
-qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmi/jU=
+DQYJKoZIhvcNAQELBQADggEBAHc7PWZ0vJf+QBbmuqXV0YQIiWlPiA1Xqe+Mw5dS
+yL2Lokk7t/ddHtYUf7KAM9qgitPhL9W8M5/qWnIk5fi4S7PfYpA7qCHvJ0J1vGAC
+jjc1meujKPJlTP96+I7MI23lav4iWtmyT0fH4K6Y75Sstk9hgSmO4XksRvzpGsOW
+HxmTZC6fN3LF5JNOYV84jq7oORnml6iR1CN+HtLQU+zMrKAd0LfdsbcBLpbNhSfg
+50fiwcEA9pTfd+f6xu+KwHxnvP+gfJQ7fYZCrz2DMe4qO3vwLJ5v6cQHgSTaBXBN
+3QmunnK4IQ6MsquqTEkQ93b5tQ1sINPfegYyjSkfKB2NJjM=
 -----END CERTIFICATE-----
diff --git a/certs/fpki-cert.der b/certs/fpki-cert.der
index 560e31c0f..825b00c37 100644
Binary files a/certs/fpki-cert.der and b/certs/fpki-cert.der differ
diff --git a/certs/fpki-certpol-cert.der b/certs/fpki-certpol-cert.der
new file mode 100644
index 000000000..f3fe08341
Binary files /dev/null and b/certs/fpki-certpol-cert.der differ
diff --git a/certs/include.am b/certs/include.am
index dd87e3265..d9cb8f314 100644
--- a/certs/include.am
+++ b/certs/include.am
@@ -6,6 +6,7 @@ EXTRA_DIST += \
              certs/ca-cert-chain.der \
              certs/ca-cert.pem \
              certs/ca-key.pem \
+             certs/ca-key-pkcs8-attribute.der \
              certs/client-cert.pem \
              certs/client-keyEnc.pem \
              certs/client-key.pem \
@@ -52,6 +53,7 @@ EXTRA_DIST += \
              certs/wolfssl-website-ca.pem \
              certs/test-degenerate.p7b \
              certs/test-stream-sign.p7b \
+             certs/test-stream-dec.p7b \
              certs/test-ber-exp02-05-2022.p7b \
              certs/test-servercert.p12 \
              certs/test-servercert-rc2.p12 \
@@ -73,6 +75,7 @@ EXTRA_DIST += \
              certs/x942dh2048.der \
              certs/x942dh2048.pem \
              certs/fpki-cert.der \
+             certs/fpki-certpol-cert.der \
              certs/rid-cert.der \
              certs/dh-priv-2048.der \
              certs/dh-priv-2048.pem \
@@ -147,4 +150,5 @@ include certs/rsapss/include.am
 include certs/dilithium/include.am
 include certs/sphincs/include.am
 include certs/rpk/include.am
+include certs/acert/include.am
 
diff --git a/certs/intermediate/ca_false_intermediate/gentestcert.sh b/certs/intermediate/ca_false_intermediate/gentestcert.sh
new file mode 100755
index 000000000..d10f59356
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/gentestcert.sh
@@ -0,0 +1,161 @@
+#!/bin/bash
+
+# Script for generating RSA CA and server certs based on it.
+#
+SERVER_PEM='test_sign_bynoca_srv.pem'
+INTCA_PEM='test_int_not_cacert.pem'
+CA_PEM='test_ca.pem'
+
+CURRENT=$(cd $(dirname $0);pwd)
+# OpenSSL configuration files
+OPENSSL_BASE_CA_CONF='wolfssl_base.conf'
+OPENSSL_CA_CONF='wolfssl_ca.conf'
+OPENSSL_INTCA_CONF='wolfssl_int_ca.conf'
+OPENSSL_SRV_CONF='wolfssl_srv.conf'
+# SEt ver
+CA_NAME="test_ca"
+INTCA_NAME="int_ca"
+SRVCERT_NAME="server_ext"
+CRT_HOSTNAME="WOLFSSL"
+CRT_DN="${CRT_HOSTNAME%% *}"
+CRT_ALT_NAME="$(echo $CRT_HOSTNAME | sed -e "s/^/DNS:/" -e "s/ /,DNS:/g")"
+
+CA_HOME=$(cd $(dirname $0);pwd)/pki/$CA_NAME
+INT_CA_HOME="$CA_HOME/gen_int/$CRT_DN"
+SRV_CRT_HOME="$CA_HOME/gen_srv/$CRT_DN"
+
+Prepare_folder_file(){
+    mkdir -m 700 pki
+
+    # Create folders for CA
+    mkdir "$CA_HOME"/{,certs,db,gen_srv,gen_int}
+    mkdir -m 700 "$CA_HOME/private"
+    # Create folders for Intermediate CA
+    mkdir "$INT_CA_HOME"
+    mkdir "$INT_CA_HOME"/{,certs,db}
+    mkdir -m 700 "$INT_CA_HOME/private"
+    # Create folders for Server
+    mkdir "$SRV_CRT_HOME"
+    mkdir -m 700 "$SRV_CRT_HOME/private"
+
+    # Create and populate openssl CA files
+    touch "$CA_HOME"/db/index
+    openssl rand -hex 16 > "$CA_HOME"/db/serial
+
+    touch "$INT_CA_HOME"/db/index
+    openssl rand -hex 16 > "$INT_CA_HOME"/db/serial
+
+    # Copy openssl config and private key
+    cp "$OPENSSL_CA_CONF" "$CA_HOME"
+    cp ./"$CA_NAME".key ./pki/$CA_NAME/private/"$CA_NAME".key
+
+    cp "$OPENSSL_INTCA_CONF" "$INT_CA_HOME"
+    cp ./"$INTCA_NAME".key "$INT_CA_HOME"/private/"$INTCA_NAME".key
+
+    cp "$OPENSSL_SRV_CONF" "$SRV_CRT_HOME"
+    cp ./server.key "$SRV_CRT_HOME"/private/server.key
+}
+
+Generate_conf(){
+    # copy conf from base
+    cp $OPENSSL_BASE_CA_CONF $OPENSSL_CA_CONF
+    cp $OPENSSL_BASE_CA_CONF $OPENSSL_INTCA_CONF
+    # Replace contents
+    # For CA
+    sed -i "s/_CA_NAME_/$CA_NAME/" "$OPENSSL_CA_CONF"
+    sed -i "s/_CERT_NAME_/$INTCA_NAME/" "$OPENSSL_CA_CONF"
+    sed -i "s/_CA_DEPART_/Development/" "$OPENSSL_CA_CONF"
+    # For Intermediate CA
+    sed -i "s/_CA_NAME_/$INTCA_NAME/" "$OPENSSL_INTCA_CONF"
+    sed -i "s/_CERT_NAME_/$SRVCERT_NAME/" "$OPENSSL_INTCA_CONF"
+    sed -i "s/_CA_DEPART_/Product_Support/" "$OPENSSL_INTCA_CONF"
+}
+
+cleanup_files(){
+    rm -f wolfssl_ca.conf
+    rm -f wolfssl_int_ca.conf
+    rm -rf pki/
+}
+
+# clean up
+if [ "$1" = "clean" ]; then
+    echo "Cleaning temp files"
+    cleanup_files
+    exit 0
+fi
+if [ "$1" = "cleanall" ]; then
+    echo "Cleaning all files"
+    rm -f ./"$SERVER_PEM"
+    rm -f ./"$INTCA_PEM"
+    rm -f ./"$CA_PEM"
+    cleanup_files
+    exit 0
+fi
+# Generate OpenSSL Conf files
+Generate_conf
+# Prepare folders and files
+Prepare_folder_file
+##########################################
+## Create CA, Intermediate and Server Cert
+##########################################
+# Generate CA
+cd "$CA_HOME"
+
+# Generate CA private key and csr - use config file info
+openssl req -new -config "$OPENSSL_CA_CONF" \
+                            -out "$CA_NAME.csr" -key "private/$CA_NAME.key"
+
+# Self-sign CA certificate - use config file info
+# Note: Use extension from config "ca_ext" section
+openssl ca -selfsign -config "$OPENSSL_CA_CONF" \
+        -notext -in "$CA_NAME.csr" -out "$CA_NAME.crt" -extensions ca_ext -batch
+
+# Generate Intermediate CA
+# cd into Cert generation folder
+cd "$INT_CA_HOME"
+
+# Create private key and csr
+openssl req -new -config "$OPENSSL_INTCA_CONF" \
+            -out "$INTCA_NAME.csr" -key "private/$INTCA_NAME.key"
+
+cd "$CA_HOME"
+# Sign certificate with CA
+openssl ca -config "$OPENSSL_CA_CONF" -notext \
+    -in "$INT_CA_HOME/$INTCA_NAME.csr" -out "$INT_CA_HOME/$INTCA_NAME.crt" \
+    -extensions "$INTCA_NAME" -batch
+
+# cd into Cert generation folder
+cd "$SRV_CRT_HOME"
+# Create private key and csr
+openssl req -new -config "$OPENSSL_SRV_CONF" \
+                                    -out server.csr -key private/server.key
+
+# cd into intermediate CA home
+cd "$CA_HOME/gen_int/WOLFSSL/"
+
+# Sign certificate with CA
+openssl ca -config "$OPENSSL_INTCA_CONF" -notext \
+    -in "$SRV_CRT_HOME/server.csr" -out "$SRV_CRT_HOME/server.crt" \
+    -extensions server_ext -batch
+
+
+# cp generate certificates
+cd $CURRENT
+# CA
+openssl x509 -in ./pki/$CA_NAME/$CA_NAME.crt -inform PEM -noout -text > ./pki/$CA_NAME/$CA_NAME.pem
+cat ./pki/$CA_NAME/$CA_NAME.crt >> ./pki/$CA_NAME/$CA_NAME.pem
+mv ./pki/$CA_NAME/$CA_NAME.pem $CA_PEM
+
+# Intermediate CA
+openssl x509 -in $INT_CA_HOME/$INTCA_NAME.crt -inform PEM -noout -text > $INT_CA_HOME/$INTCA_NAME.pem
+cat $INT_CA_HOME/$INTCA_NAME.crt >> $INT_CA_HOME/$INTCA_NAME.pem
+mv $INT_CA_HOME/$INTCA_NAME.pem $INTCA_PEM
+# Server
+openssl x509 -in $SRV_CRT_HOME/server.crt -inform PEM -noout -text > $SRV_CRT_HOME/server.pem
+cat $SRV_CRT_HOME/server.crt >> $SRV_CRT_HOME/server.pem
+mv $SRV_CRT_HOME/server.pem $SERVER_PEM
+
+# clean up
+cleanup_files
+
+echo "Completed"
diff --git a/certs/intermediate/ca_false_intermediate/int_ca.key b/certs/intermediate/ca_false_intermediate/int_ca.key
new file mode 100644
index 000000000..558acd2ff
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/int_ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC4VOnmv/SyU9w8
+kloGnogOLqerpp0HNI8/fOU3+CYr4M0mETKuBvI7PkXBV0VLNpupt5MmAgi/H1QX
+bejxNiBsQOLo278NgFYPoNm1OdazQ5PeX8+lNFJ7OEq8TBHSriwfJuJRyNaU5Mr+
+qxcTDZx4+Mvr8cZbmVoSK8s5S6DT7CJmYjSdV52aB8ZFOj3psoLnEsavPKi5Wk+O
+BRvQnWNy0yxjZ9k+Md39gZiEbezfQyy3UzHi7aUc6MrfUDOpmAwmuaE6I/caztFP
+HpgZqT7sva20RPvOKtBhuVyxd27h9dzHr+ZD7rc8FohFRg5tVtccDq41/oRvy9CN
+1uM99eyHAgMBAAECggEADBW/wq8caIHy/c2iiq3jbE/xZ4w5iKVmLDAQtHCtH/yn
+C93eHWa7Lth6/kgDH6vph2D6YWg0u+2z4lgEXlFsIsIbnk9PNqAOrwuepQZbuyOt
+Esvj8zLQ+DR37IxthrXV6Aeb7ZIQmhu960sQQjbcPATOacj6IOXsRSYLNtXB1OLu
+Xo4UbjLX3uOrAg5uMsi/Z/2s9jy3eDBf8FWmM6fBDsejRl18MzY2Y7bYS1yL3762
+4ydB4yHJEEkiFurtjgdX2pscF+ftivYrVqZDUWhM7htFLJz6bS4sRpgjfQegYs4f
+RLTuef/+ozFVhpH/HuPrV2jH67T90Z5lHgZ6Nm5qwQKBgQDybcwCKcFFWKac84ln
+JDJuqPHyyRgH09cia6C7Y/t1/caSJvJP6KR4c7TuEvIYpc6hSsO1Pd1k6ajFkDdN
+IWYfOF3R6K3vR956LPWPdxkYWdONjmwBvVaKozWmxR01RHeGXk+VxFb7PBudAvEu
+cGOzDEaTuE5RC1RxNHjZYxZ98QKBgQDCpoljVMR+/7+pwKoIEmw1FmH+DEEgL+so
+U1pBcaPU1poBRYKH+1yah7M+eFhTEzV4XbJCjMYeynSCWMSqGXrHwWq0AmA3jhSM
+OyDuwboTXVHCkqIuAs/Q/8A9dcyTejsgLuU6mLU1eXzNeWm0/0VjfvPgOziM7SHt
+14tip/P59wKBgQDTY74yXKp0h3qw/QLg9wUqzRI8O/FCUgwTrXm4LNSF7EWMB33f
+A+L2TR6FQevsZhgpOIIytcEpTz2lF73A+dCMhJ/6e0O/lBGAw1dUQ+uT+i+oDXpM
+ggbGWM5dnx965Tq75dzLoSqfY6hIXtpjPgkRhTC9ekaAELsPA0wlcmuYYQKBgDVT
+Llw6AsLQCY/Vqj8f3OkGQr44WTcaKZAYladMHJfYWsRyaHocUJg9CMvaaEgKASIC
+eS1mJ3iT+isjam03Ib3LrRG3fOh7UgHAyRrfk7xuWlG1nhyAxLH6/o1X0j2sxLni
+XwYYg7wslhYsZtsg+79wLhuF3c4twJfJ7vOOE3atAoGBAKiH+9h5SdQ2L4gjM+dl
+0dr1fTZpJta+l0FIEiOdQcbGp7ia9G9WglV5HkzyhETG+wTNNuG8GD/jTlg23AVE
+vVf2vPq7La3juAT7oOoEkm13vQ//2VUJum4g34dP4V9FpWP5FLiAAu9H8op5P9Hp
+LqbpMcrAkbexh41ZEZlmzSx5
+-----END PRIVATE KEY-----
diff --git a/certs/intermediate/ca_false_intermediate/server.key b/certs/intermediate/ca_false_intermediate/server.key
new file mode 100644
index 000000000..156364df1
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6IGIrgaxYzvMi
+XZ9GkLfppLP84bdp07YUh8u7MR67YPI/jGoNY1WiyANKjdajY937KO8xlXDMKJUf
+8JyJ9PZWHgCBUxt4G/mf4xBljMZANiHNV1WyFHGaVznu2pgbr4ngwyv5oZM/TWVB
+K2YdZpyVld8Z3I14RvQV62Rclxbs4uzK6+IDuEGBxfTKpOSr3u0a2qONAjmNACxd
+fu+RsdeWumXBQ//UajX6F1DNdj4dvqRp9u5Hw3pJmoBv5puD4OhYcfvNbcG0FtI3
+ZKa8sPT++/Rypjx5MnrAtTAhsTXf2UV/xPbFHJhtU9b/NsE4GLd2ExDIRWpSc2V+
+ublm1DwnAgMBAAECggEAA92CTGb//kQl9nO9SAjfWOHLvxes6Gy2Hk0HpRaLDdcg
+kMNIvIhwkdXXg6fYakI7rOiXtw7kbcj199jWV2MX7ofm+MiSDHeAQprDj2hSAale
+IFaM+ArGpS7kjBpMCF8n3NwQwLljRnBEBwtwrnGgFNcs7+uNoI7QqNffmLCmkDrJ
+BCK3kXXbjENOuzlddgxsb1mipsXot3uwDaByB8Tl2OtI7ezZvhCraeYZMyRXuq2o
+JDPk3FZ9O/mPgULZrqnlvxyJmog2ajgyED4M0mqM29L4YB3MOOz8Wgeksp20VEQJ
+lHJtpHK+zcodnT3rXGMj2A1Qu4HHoYEdKvAb8XzuUQKBgQD/nP7ZFOCJGR+q/Wu1
+CSLYwO9YM8sn7gMy3R1C1Ps7UKvjVWDv9cjsgId7XnYSQQ/52kV8HbIMqr9EOlwS
+pHkHmAbqDNhLY++hhqf9nPHo6e0AiMY4uF/JcfYb8A4PE8/x8Iv5HVjH9WYJFwcL
+UNDgm0ULrSbRR7ULtaSpZjyXfwKBgQC6aHlpNIvqa3+KmFmZFI4Xx5EB6fHBy02R
+PJKk/B2SVsW+kq0kAwsYdnS6rbkYS8ZmfyJKzvacXpDYvUfFV93s+ewoT5J2a4Ab
+WmELmWABqqCwvyT7h2oO+hqLljGNIJxygR0iu9F/fHVYp8G/oHZBeDZEJt+PNR0G
+cuG7/6zvWQKBgF/dforl1Iw2evUDFFkSMxp9yYYX7rJsBpEV8np1LEADsmORSsjU
+MmXYkndHZxrTge1f2j2BWZx8kT1CcfOf8bBSaQ1wgdJMibvXp7trGCMVUIipw0XU
+iEAh2H6D2pH3CT8gyy5Dvl9H/tub4k1xItWKBiwp5WwJ67GXj0jlCgZ7AoGARYmz
+wQtZJpnzekBbLD/+weAwuAYNqb2tsgBmtCVY4r58Bhuxez2nZfjKktk7s1SRLqs+
+n6mVVb/xSOlTXMrqfvy8nE0S1hpEL/AHQ8xzhCuixkyH/00Ew5GJVYkx8vO3aP/B
+XrOx81z6aZgrLtEtTD8L/2CBBWtK6JzymK9IVAECgYAfoFaqRVl0JJlQJttfQtc+
+cYyVzZEBzckIH3BriHuNwDpnPOq6iSx5JUp6mh03G3/3mHx4G45tD6GvsK53WIAH
+TCrHQv6vRjrA2oay/AlO2x/ElBOkdOVo8x20YGAAhIRAh65rwFrdTREnfUwChwSV
+QVeI7CdToIyIiZGhYmmO/g==
+-----END PRIVATE KEY-----
diff --git a/certs/intermediate/ca_false_intermediate/test_ca.key b/certs/intermediate/ca_false_intermediate/test_ca.key
new file mode 100644
index 000000000..b40399f05
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/test_ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8QEMO8Y4eCzs2
+9n6qVnfSp9tVSxQQUtgkAVgmIJX+5g3MZef9vR2ZOSeXVXibOluq2SBjRlzrorJQ
+AXY8r07l1+PNFpf4UQr70yaI1xO8VAlC/zmFqmE5zI8OjqbH4Ck8r6yaM+ZPNM20
+VClvkoIAzlGnVe6vziHpNuGnDXXfMtYOFeNmeCFBe87VnOjFCZR+hHtZKmRrkUtL
+9w30UJKP9QMNcyBMTnugjcpflM82HObhuxRBkBZoAkFTksbEbNOtVgUiSq6aKt78
+6tiZolplL/5DrivplHCuNdyPE3Jhv7r8SLeh7VysXJxLxU1J2oZldzS7uq5uTPl9
+9sKCkJzhAgMBAAECggEABxk4Ph3DMWRUhwnL9HHewlGEjoaOeuAY2OC5GXT0mwBD
+SHAWS6XgMhkq4kS9j8LnVn2qADxUwCjqJuSrN/YXWEjoBOGDeQBbVOwdIZ9Ule8o
+Sz+zBFSMpoCNa2vbI6HTBEAOluD6oAV6dUCQMG4am1usTg5KOhRgiHoCj8lM5s3j
+/f0KWkJReql92o//bLDXDjeGGDtIzaWfIKpsW7gwPe6nHsR7n854sbkdRT9b6BMa
+EZPg17XD8Dg1ZkvUemShrvgPrGFPMH/JFcvpX1s4/l2kM88xQEL+s45E4IyTT2gh
+FlDFC3QXrFI7M7emid3rwXIVEkEIO4Aw4xW34OAVnQKBgQD5cJE/WojeHI3Pyo3L
+sMDaWabzWWAAsev5EpDo41BalPDpBig29qO31afkIwIgCQyLNMXn9VqxoxILOg5d
+uopBaPWHihmME5qgLp6F6nDeOYril1b1LU1/7G2Ehu9lGYLJd6hdQ6tC/iKMfrIz
+fnsHEH/FC4woWmXdFMozujyZNQKBgQDBM7jeBtdIOOZhcwc98y9mQUr+ttlUODC6
+BNI2xAcV6ZJg/y0JXby84jM0fP5MuCkGHdNvufpvT68Dn9NRhrOBz8JyhCy5m4Rz
+/dIr3JUT5Y0r4+2l5MgfZMlcYCWESNcJPwchSstzAthLhtrgP2ZFGfzzZUZGAMxR
+f6sZK7pWfQKBgQCYpp4NAm/eVeUndBNAw4PSXKlCJcENy9TYkdci3vHu7VVdlgoI
+UPoyZ8ueXxpO1prZmks/QDTnnx9MxZPDIoS3sO8JqqclxV2Mh9s1oxq9tMNdFjb+
+RmI2Vk9TmmxpF6qldtgPc3kcv4APMP4Ha3EJCrzWrtFwZJoQKUfxThkFvQKBgQCI
+Scs0XJELMpBZ2AIY0m7ybEbSDfyba5P79SCxX3E8JOuMnxWPEN/uQocqlK3zQso1
+tV6M5x3h3c0w+lLgpOwGO6AIlnLScAFsrXXQWSeUxI7kkkH3j78YXkmpb22ntpZy
+wFJwSsngFPatuLC4FiE3x9Bnhl6fTTrUlwIEnJMzJQKBgFc5ej1NXuPWDlLKjC7w
+0N4YPs5BJRuhoUxyajYC3FxiWvr5bTz7zqc5DAPcH0nGAH/UVWZzWXMUw+Je3dej
+chkmVUuKjfTZTZHOBAqJDCNRfZcfzWnzAcXkcmsAHr53UKYnH8XGuHsPVHujQVu/
+0Hx7AKuJK48fZeo8LTZufg1l
+-----END PRIVATE KEY-----
diff --git a/certs/intermediate/ca_false_intermediate/test_ca.pem b/certs/intermediate/ca_false_intermediate/test_ca.pem
new file mode 100644
index 000000000..c40c1467d
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/test_ca.pem
@@ -0,0 +1,80 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            3b:1d:6e:96:2e:32:85:de:99:5a:63:dd:49:1c:eb:cc
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Wahington, O = Seattle, OU = Development, CN = www.wolfssl.com
+        Validity
+            Not Before: Oct 10 03:44:23 2024 GMT
+            Not After : Oct  8 03:44:23 2034 GMT
+        Subject: C = US, ST = Wahington, O = Seattle, OU = Development, CN = www.wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bc:40:43:0e:f1:8e:1e:0b:3b:36:f6:7e:aa:56:
+                    77:d2:a7:db:55:4b:14:10:52:d8:24:01:58:26:20:
+                    95:fe:e6:0d:cc:65:e7:fd:bd:1d:99:39:27:97:55:
+                    78:9b:3a:5b:aa:d9:20:63:46:5c:eb:a2:b2:50:01:
+                    76:3c:af:4e:e5:d7:e3:cd:16:97:f8:51:0a:fb:d3:
+                    26:88:d7:13:bc:54:09:42:ff:39:85:aa:61:39:cc:
+                    8f:0e:8e:a6:c7:e0:29:3c:af:ac:9a:33:e6:4f:34:
+                    cd:b4:54:29:6f:92:82:00:ce:51:a7:55:ee:af:ce:
+                    21:e9:36:e1:a7:0d:75:df:32:d6:0e:15:e3:66:78:
+                    21:41:7b:ce:d5:9c:e8:c5:09:94:7e:84:7b:59:2a:
+                    64:6b:91:4b:4b:f7:0d:f4:50:92:8f:f5:03:0d:73:
+                    20:4c:4e:7b:a0:8d:ca:5f:94:cf:36:1c:e6:e1:bb:
+                    14:41:90:16:68:02:41:53:92:c6:c4:6c:d3:ad:56:
+                    05:22:4a:ae:9a:2a:de:fc:ea:d8:99:a2:5a:65:2f:
+                    fe:43:ae:2b:e9:94:70:ae:35:dc:8f:13:72:61:bf:
+                    ba:fc:48:b7:a1:ed:5c:ac:5c:9c:4b:c5:4d:49:da:
+                    86:65:77:34:bb:ba:ae:6e:4c:f9:7d:f6:c2:82:90:
+                    9c:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                49:CB:00:BF:AC:AD:4B:18:2C:DB:69:21:1E:60:EF:00:4E:FC:69:52
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        24:1c:cf:b6:3e:20:6e:99:e8:36:b3:7e:2d:67:0d:cb:b5:1c:
+        69:ff:5a:bb:0b:2f:52:fd:d6:3e:73:5c:a2:47:8e:8d:1d:fc:
+        96:e7:e0:ca:e6:b6:3d:af:fa:f1:77:77:e6:2e:67:e6:44:d7:
+        84:36:ce:dc:cb:3e:3d:bf:bc:8b:48:53:30:fa:bf:43:81:5b:
+        e0:a3:a7:db:44:c2:29:cd:4c:8a:68:e8:b9:3e:5d:eb:e4:06:
+        17:6d:de:cf:76:e9:5a:6a:16:27:f8:6f:96:43:8a:4f:65:be:
+        3a:f2:7e:fd:ad:55:93:ad:ac:00:b4:b5:f3:85:b0:d7:83:6d:
+        ab:d0:8f:1a:23:36:e1:1f:c4:9d:54:e8:ee:20:cd:b9:da:56:
+        a7:92:5a:a5:bd:36:c5:a2:ea:ac:06:24:98:e5:32:0a:e0:00:
+        64:63:9c:7d:01:18:66:5a:7a:b1:d5:b4:24:9b:5e:8a:6b:a0:
+        25:eb:39:52:cd:12:61:d0:62:6c:19:e7:f5:ae:32:a3:aa:d5:
+        2f:05:fe:6f:cb:47:20:a0:32:1d:cb:88:96:59:ed:8e:69:dd:
+        cf:f0:6f:83:85:ff:0a:59:ef:80:94:16:99:a6:35:ee:a7:b8:
+        d4:e9:3c:4f:56:5b:77:0e:b5:bd:61:21:b9:93:ad:be:2c:55:
+        9b:bf:01:19
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIQOx1uli4yhd6ZWmPdSRzrzDANBgkqhkiG9w0BAQsFADBj
+MQswCQYDVQQGEwJVUzESMBAGA1UECAwJV2FoaW5ndG9uMRAwDgYDVQQKDAdTZWF0
+dGxlMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
+Y29tMB4XDTI0MTAxMDAzNDQyM1oXDTM0MTAwODAzNDQyM1owYzELMAkGA1UEBhMC
+VVMxEjAQBgNVBAgMCVdhaGluZ3RvbjEQMA4GA1UECgwHU2VhdHRsZTEUMBIGA1UE
+CwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALxAQw7xjh4LOzb2fqpWd9Kn21VLFBBS
+2CQBWCYglf7mDcxl5/29HZk5J5dVeJs6W6rZIGNGXOuislABdjyvTuXX480Wl/hR
+CvvTJojXE7xUCUL/OYWqYTnMjw6OpsfgKTyvrJoz5k80zbRUKW+SggDOUadV7q/O
+Iek24acNdd8y1g4V42Z4IUF7ztWc6MUJlH6Ee1kqZGuRS0v3DfRQko/1Aw1zIExO
+e6CNyl+UzzYc5uG7FEGQFmgCQVOSxsRs061WBSJKrpoq3vzq2JmiWmUv/kOuK+mU
+cK413I8TcmG/uvxIt6HtXKxcnEvFTUnahmV3NLu6rm5M+X32woKQnOECAwEAAaNC
+MEAwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEnL
+AL+srUsYLNtpIR5g7wBO/GlSMA0GCSqGSIb3DQEBCwUAA4IBAQAkHM+2PiBumeg2
+s34tZw3LtRxp/1q7Cy9S/dY+c1yiR46NHfyW5+DK5rY9r/rxd3fmLmfmRNeENs7c
+yz49v7yLSFMw+r9DgVvgo6fbRMIpzUyKaOi5Pl3r5AYXbd7PdulaahYn+G+WQ4pP
+Zb468n79rVWTrawAtLXzhbDXg22r0I8aIzbhH8SdVOjuIM252lanklqlvTbFouqs
+BiSY5TIK4ABkY5x9ARhmWnqx1bQkm16Ka6Al6zlSzRJh0GJsGef1rjKjqtUvBf5v
+y0cgoDIdy4iWWe2Oad3P8G+Dhf8KWe+AlBaZpjXup7jU6TxPVlt3DrW9YSG5k62+
+LFWbvwEZ
+-----END CERTIFICATE-----
diff --git a/certs/intermediate/ca_false_intermediate/test_int_not_cacert.pem b/certs/intermediate/ca_false_intermediate/test_int_not_cacert.pem
new file mode 100644
index 000000000..bcfef819e
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/test_int_not_cacert.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            3b:1d:6e:96:2e:32:85:de:99:5a:63:dd:49:1c:eb:cd
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Wahington, O = Seattle, OU = Development, CN = www.wolfssl.com
+        Validity
+            Not Before: Oct 10 03:44:23 2024 GMT
+            Not After : Oct  8 03:44:23 2034 GMT
+        Subject: C = US, ST = Wahington, O = Seattle, OU = Product_Support, CN = www.wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b8:54:e9:e6:bf:f4:b2:53:dc:3c:92:5a:06:9e:
+                    88:0e:2e:a7:ab:a6:9d:07:34:8f:3f:7c:e5:37:f8:
+                    26:2b:e0:cd:26:11:32:ae:06:f2:3b:3e:45:c1:57:
+                    45:4b:36:9b:a9:b7:93:26:02:08:bf:1f:54:17:6d:
+                    e8:f1:36:20:6c:40:e2:e8:db:bf:0d:80:56:0f:a0:
+                    d9:b5:39:d6:b3:43:93:de:5f:cf:a5:34:52:7b:38:
+                    4a:bc:4c:11:d2:ae:2c:1f:26:e2:51:c8:d6:94:e4:
+                    ca:fe:ab:17:13:0d:9c:78:f8:cb:eb:f1:c6:5b:99:
+                    5a:12:2b:cb:39:4b:a0:d3:ec:22:66:62:34:9d:57:
+                    9d:9a:07:c6:45:3a:3d:e9:b2:82:e7:12:c6:af:3c:
+                    a8:b9:5a:4f:8e:05:1b:d0:9d:63:72:d3:2c:63:67:
+                    d9:3e:31:dd:fd:81:98:84:6d:ec:df:43:2c:b7:53:
+                    31:e2:ed:a5:1c:e8:ca:df:50:33:a9:98:0c:26:b9:
+                    a1:3a:23:f7:1a:ce:d1:4f:1e:98:19:a9:3e:ec:bd:
+                    ad:b4:44:fb:ce:2a:d0:61:b9:5c:b1:77:6e:e1:f5:
+                    dc:c7:af:e6:43:ee:b7:3c:16:88:45:46:0e:6d:56:
+                    d7:1c:0e:ae:35:fe:84:6f:cb:d0:8d:d6:e3:3d:f5:
+                    ec:87
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            X509v3 Subject Key Identifier: 
+                D9:9F:9A:2E:FE:80:7F:EB:6C:92:A1:91:60:9B:65:7B:36:2A:F4:35
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication, TLS Web Server Authentication
+            X509v3 Authority Key Identifier: 
+                49:CB:00:BF:AC:AD:4B:18:2C:DB:69:21:1E:60:EF:00:4E:FC:69:52
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        87:de:e3:93:74:f5:56:64:e7:d9:43:14:20:2e:69:8a:e7:c4:
+        aa:38:c7:61:49:f5:b6:aa:43:46:c3:a0:b7:91:9f:4d:b9:c1:
+        94:5c:89:5d:21:cb:b7:16:9b:d2:fb:d1:ea:bf:0d:9d:c5:2e:
+        f1:1d:4c:a3:14:22:1b:46:7c:f7:9f:cc:02:97:88:73:e0:12:
+        8e:14:59:ae:ac:39:59:2a:79:65:a7:65:19:8e:a8:d1:00:a3:
+        62:80:bb:4c:fc:d9:7e:46:e4:cc:fb:0b:81:91:52:8e:1d:7f:
+        fb:31:51:25:02:7d:5d:a3:c5:d9:9b:1a:94:4e:68:04:56:17:
+        04:8d:ba:ed:75:76:b2:f9:ef:d8:60:af:7a:6b:24:57:b9:02:
+        38:83:66:a5:97:dc:af:64:b7:33:3e:43:04:46:7f:79:83:7f:
+        c7:55:a5:78:1e:9d:b0:75:8c:6b:09:db:5f:0a:e7:0c:61:95:
+        70:9c:6a:6f:a7:8c:4d:bf:74:dd:ee:55:94:21:ba:63:d4:f1:
+        fb:af:fc:8f:76:8d:29:e7:0f:6e:ff:54:81:59:ac:10:0a:e5:
+        65:1c:bb:de:83:85:1c:5a:23:26:9c:e0:c9:50:8c:ac:cd:09:
+        9c:50:ed:e9:1d:c9:c3:a0:a3:da:00:b1:9b:03:b6:97:cc:eb:
+        02:a9:e2:41
+-----BEGIN CERTIFICATE-----
+MIID6DCCAtCgAwIBAgIQOx1uli4yhd6ZWmPdSRzrzTANBgkqhkiG9w0BAQsFADBj
+MQswCQYDVQQGEwJVUzESMBAGA1UECAwJV2FoaW5ndG9uMRAwDgYDVQQKDAdTZWF0
+dGxlMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
+Y29tMB4XDTI0MTAxMDAzNDQyM1oXDTM0MTAwODAzNDQyM1owZzELMAkGA1UEBhMC
+VVMxEjAQBgNVBAgMCVdhaGluZ3RvbjEQMA4GA1UECgwHU2VhdHRsZTEYMBYGA1UE
+CwwPUHJvZHVjdF9TdXBwb3J0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4VOnmv/SyU9w8kloGnogOLqer
+pp0HNI8/fOU3+CYr4M0mETKuBvI7PkXBV0VLNpupt5MmAgi/H1QXbejxNiBsQOLo
+278NgFYPoNm1OdazQ5PeX8+lNFJ7OEq8TBHSriwfJuJRyNaU5Mr+qxcTDZx4+Mvr
+8cZbmVoSK8s5S6DT7CJmYjSdV52aB8ZFOj3psoLnEsavPKi5Wk+OBRvQnWNy0yxj
+Z9k+Md39gZiEbezfQyy3UzHi7aUc6MrfUDOpmAwmuaE6I/caztFPHpgZqT7sva20
+RPvOKtBhuVyxd27h9dzHr+ZD7rc8FohFRg5tVtccDq41/oRvy9CN1uM99eyHAgMB
+AAGjgZMwgZAwDAYDVR0TAQH/BAIwADARBglghkgBhvhCAQEEBAMCBkAwHQYDVR0O
+BBYEFNmfmi7+gH/rbJKhkWCbZXs2KvQ1MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
+FjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHwYDVR0jBBgwFoAUScsAv6ytSxgs22kh
+HmDvAE78aVIwDQYJKoZIhvcNAQELBQADggEBAIfe45N09VZk59lDFCAuaYrnxKo4
+x2FJ9baqQ0bDoLeRn025wZRciV0hy7cWm9L70eq/DZ3FLvEdTKMUIhtGfPefzAKX
+iHPgEo4UWa6sOVkqeWWnZRmOqNEAo2KAu0z82X5G5Mz7C4GRUo4df/sxUSUCfV2j
+xdmbGpROaARWFwSNuu11drL579hgr3prJFe5AjiDZqWX3K9ktzM+QwRGf3mDf8dV
+pXgenbB1jGsJ218K5wxhlXCcam+njE2/dN3uVZQhumPU8fuv/I92jSnnD27/VIFZ
+rBAK5WUcu96DhRxaIyac4MlQjKzNCZxQ7ekdycOgo9oAsZsDtpfM6wKp4kE=
+-----END CERTIFICATE-----
diff --git a/certs/intermediate/ca_false_intermediate/test_sign_bynoca_srv.pem b/certs/intermediate/ca_false_intermediate/test_sign_bynoca_srv.pem
new file mode 100644
index 000000000..4cf39cf70
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/test_sign_bynoca_srv.pem
@@ -0,0 +1,90 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            df:0d:6c:4b:d6:db:eb:35:5f:41:a1:3a:7a:56:16:93
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Wahington, O = Seattle, OU = Product_Support, CN = www.wolfssl.com
+        Validity
+            Not Before: Oct 10 03:44:23 2024 GMT
+            Not After : Oct  8 03:44:23 2034 GMT
+        Subject: C = US, ST = Wahington, O = Seattle, OU = Support, CN = www.wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ba:20:62:2b:81:ac:58:ce:f3:22:5d:9f:46:90:
+                    b7:e9:a4:b3:fc:e1:b7:69:d3:b6:14:87:cb:bb:31:
+                    1e:bb:60:f2:3f:8c:6a:0d:63:55:a2:c8:03:4a:8d:
+                    d6:a3:63:dd:fb:28:ef:31:95:70:cc:28:95:1f:f0:
+                    9c:89:f4:f6:56:1e:00:81:53:1b:78:1b:f9:9f:e3:
+                    10:65:8c:c6:40:36:21:cd:57:55:b2:14:71:9a:57:
+                    39:ee:da:98:1b:af:89:e0:c3:2b:f9:a1:93:3f:4d:
+                    65:41:2b:66:1d:66:9c:95:95:df:19:dc:8d:78:46:
+                    f4:15:eb:64:5c:97:16:ec:e2:ec:ca:eb:e2:03:b8:
+                    41:81:c5:f4:ca:a4:e4:ab:de:ed:1a:da:a3:8d:02:
+                    39:8d:00:2c:5d:7e:ef:91:b1:d7:96:ba:65:c1:43:
+                    ff:d4:6a:35:fa:17:50:cd:76:3e:1d:be:a4:69:f6:
+                    ee:47:c3:7a:49:9a:80:6f:e6:9b:83:e0:e8:58:71:
+                    fb:cd:6d:c1:b4:16:d2:37:64:a6:bc:b0:f4:fe:fb:
+                    f4:72:a6:3c:79:32:7a:c0:b5:30:21:b1:35:df:d9:
+                    45:7f:c4:f6:c5:1c:98:6d:53:d6:ff:36:c1:38:18:
+                    b7:76:13:10:c8:45:6a:52:73:65:7e:b9:b9:66:d4:
+                    3c:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            X509v3 Subject Key Identifier: 
+                10:71:71:98:BD:C2:B2:97:DD:6F:B6:CD:28:EA:23:0E:51:AE:44:34
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication, TLS Web Server Authentication
+            X509v3 Subject Alternative Name: 
+                DNS:www.wolfssl.com, DNS:wolfssl.jp
+            X509v3 Authority Key Identifier: 
+                D9:9F:9A:2E:FE:80:7F:EB:6C:92:A1:91:60:9B:65:7B:36:2A:F4:35
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        54:7d:68:93:69:e0:3b:ea:3d:d8:68:ae:b1:97:97:2b:17:5d:
+        76:7c:0d:0b:70:c5:a4:ec:3c:23:55:a5:bc:d7:dd:42:57:32:
+        dd:7e:9b:c9:b0:9c:8a:30:de:b6:7c:f9:ff:93:46:29:82:cf:
+        8a:05:bb:b2:64:cf:22:db:15:bd:8e:56:14:2e:a4:5c:44:c2:
+        3c:9d:3c:a0:dd:bd:a1:40:df:c3:8d:ff:71:73:6f:88:d6:57:
+        f2:c8:6c:20:18:ad:48:b8:2f:4c:41:ba:2a:f6:36:21:97:1b:
+        ee:7c:83:a8:43:80:08:8b:ac:a8:ed:df:dd:9c:7a:64:c9:6a:
+        16:09:3b:57:1d:fc:f3:db:82:8f:c1:0e:e3:48:b7:d1:e8:19:
+        1c:90:f0:b8:e6:ad:17:c5:82:b3:d5:15:bf:a3:c0:a6:4b:a7:
+        97:98:86:93:4b:b0:1b:0e:62:61:16:d0:68:c2:e2:22:8a:f5:
+        89:c7:bd:9d:38:65:0f:df:b1:38:9a:c7:e9:df:76:f4:5a:9f:
+        f5:2b:17:aa:9b:32:37:0a:72:93:8a:db:1d:b2:81:ff:0e:12:
+        b6:0a:31:46:7e:86:5e:0b:03:0d:7f:d0:bf:60:f2:f5:93:94:
+        f2:78:4f:80:34:b9:f7:66:ee:d6:b9:80:ca:bb:52:d0:e2:2f:
+        1a:ac:99:a7
+-----BEGIN CERTIFICATE-----
+MIIEDTCCAvWgAwIBAgIRAN8NbEvW2+s1X0GhOnpWFpMwDQYJKoZIhvcNAQELBQAw
+ZzELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVdhaGluZ3RvbjEQMA4GA1UECgwHU2Vh
+dHRsZTEYMBYGA1UECwwPUHJvZHVjdF9TdXBwb3J0MRgwFgYDVQQDDA93d3cud29s
+ZnNzbC5jb20wHhcNMjQxMDEwMDM0NDIzWhcNMzQxMDA4MDM0NDIzWjBfMQswCQYD
+VQQGEwJVUzESMBAGA1UECAwJV2FoaW5ndG9uMRAwDgYDVQQKDAdTZWF0dGxlMRAw
+DgYDVQQLDAdTdXBwb3J0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6IGIrgaxYzvMiXZ9GkLfppLP84bdp
+07YUh8u7MR67YPI/jGoNY1WiyANKjdajY937KO8xlXDMKJUf8JyJ9PZWHgCBUxt4
+G/mf4xBljMZANiHNV1WyFHGaVznu2pgbr4ngwyv5oZM/TWVBK2YdZpyVld8Z3I14
+RvQV62Rclxbs4uzK6+IDuEGBxfTKpOSr3u0a2qONAjmNACxdfu+RsdeWumXBQ//U
+ajX6F1DNdj4dvqRp9u5Hw3pJmoBv5puD4OhYcfvNbcG0FtI3ZKa8sPT++/Rypjx5
+MnrAtTAhsTXf2UV/xPbFHJhtU9b/NsE4GLd2ExDIRWpSc2V+ublm1DwnAgMBAAGj
+gbswgbgwDAYDVR0TAQH/BAIwADARBglghkgBhvhCAQEEBAMCBkAwHQYDVR0OBBYE
+FBBxcZi9wrKX3W+2zSjqIw5RrkQ0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
+BggrBgEFBQcDAgYIKwYBBQUHAwEwJgYDVR0RBB8wHYIPd3d3LndvbGZzc2wuY29t
+ggp3b2xmc3NsLmpwMB8GA1UdIwQYMBaAFNmfmi7+gH/rbJKhkWCbZXs2KvQ1MA0G
+CSqGSIb3DQEBCwUAA4IBAQBUfWiTaeA76j3YaK6xl5crF112fA0LcMWk7DwjVaW8
+191CVzLdfpvJsJyKMN62fPn/k0Ypgs+KBbuyZM8i2xW9jlYULqRcRMI8nTyg3b2h
+QN/Djf9xc2+I1lfyyGwgGK1IuC9MQboq9jYhlxvufIOoQ4AIi6yo7d/dnHpkyWoW
+CTtXHfzz24KPwQ7jSLfR6BkckPC45q0XxYKz1RW/o8CmS6eXmIaTS7AbDmJhFtBo
+wuIiivWJx72dOGUP37E4msfp33b0Wp/1KxeqmzI3CnKTitsdsoH/DhK2CjFGfoZe
+CwMNf9C/YPL1k5TyeE+ANLn3Zu7WuYDKu1LQ4i8arJmn
+-----END CERTIFICATE-----
diff --git a/certs/intermediate/ca_false_intermediate/wolfssl_base.conf b/certs/intermediate/ca_false_intermediate/wolfssl_base.conf
new file mode 100644
index 000000000..3d5ca1d1d
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/wolfssl_base.conf
@@ -0,0 +1,72 @@
+# OpenSSL config: certificate authority (CA)
+# Default value
+[ default ]
+ca_name                 = _CA_NAME_            # CA name
+home                    = .                    # Top dir
+default_ca              = ca                   # Default CA section
+name_opt                = utf8,esc_ctrl,multiline,lname,align    # Display UTF-8 characters
+
+# Certificate request
+[ req ]
+default_bits            = 2048                  # RSA key size
+encrypt_key             = yes                   # Encrypted CA private key
+default_md              = sha256                # Message Digest to use
+utf8                    = yes                   # Input is UTF-8
+string_mask             = utf8only              # Emit UTF-8 strings
+prompt                  = no                    # Don't prompt for DN
+distinguished_name      = ca_dn                 # DN section
+req_extensions          = ca_ext                # Desired extensions
+
+# CA certificate info
+[ ca_dn ]
+countryName             = "US"                  # CA cert info
+stateOrProvinceName     = "Wahington"           # CA cert info
+organizationName        = "Seattle"             # CA cert info
+localityName            = "WOLFSSL"             # CA cert info
+organizationalUnitName  = "_CA_DEPART_"         # CA cert info
+commonName              = "www.wolfssl.com"     # Replaced during build proceduce
+
+# Extensions for signing CA certificate
+[ ca_ext ]
+keyUsage                = critical,keyCertSign,cRLSign,digitalSignature # Limit key usage
+basicConstraints        = critical,CA:true      # Dont allow intermediary CA
+subjectKeyIdentifier    = hash                  # SKI validation
+
+# CA operational settings
+[ ca ]
+default_ca              = _CA_NAME_             # Default CA section
+
+# CA Section
+[ _CA_NAME_ ]
+certificate             = $home/$ca_name.crt                # CA certificate
+private_key             = $home/private/$ca_name.key        # CA private key
+new_certs_dir           = $home/certs                       # Generated certificates
+database                = $home/db/index                    # Index file of generated crt
+serial                  = $home/db/serial                   # Serial number file
+RANDFILE                = $home/ca/private/random           # Random file
+unique_subject          = no                                # Dont require unique subject
+default_days            = 3650                              # How long to certify for
+default_md              = sha256                            # Message Digest to use
+policy                  = match_pol                         # Default naming policy
+email_in_dn             = no                                # Dont add email to cert DN
+copy_extensions         = copy                              # Copy extensions from CSR (!)
+x509_extensions         = server_ext                        # Default cert extensions
+
+# Matching policy
+# Enforce that all cert issued by the CA match criteria
+# Useful for CA used internally with limited scope
+[ match_pol ]
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+# Extension used when signing server cert
+[ _CERT_NAME_ ]
+basicConstraints        = critical,CA:false             # Dont allow intermediary CA
+nsCertType              = server                        # Certificate type
+subjectKeyIdentifier    = hash                          # SKI validation
+keyUsage                = critical,digitalSignature,keyEncipherment    # Define key usage
+extendedKeyUsage        = clientAuth,serverAuth         # key usage continued
diff --git a/certs/intermediate/ca_false_intermediate/wolfssl_srv.conf b/certs/intermediate/ca_false_intermediate/wolfssl_srv.conf
new file mode 100644
index 000000000..3498f64d2
--- /dev/null
+++ b/certs/intermediate/ca_false_intermediate/wolfssl_srv.conf
@@ -0,0 +1,26 @@
+############################################
+# OpenSSL config: generate server key/csr
+############################################
+# Certificate request
+[ req ]
+default_bits            = 2048                 		# RSA key size
+encrypt_key             = no                   		# Encrypted CA private key
+default_md              = sha256               		# Message Digest to use
+utf8                    = yes                  		# Input is UTF-8
+string_mask             = utf8only             		# Emit UTF-8 strings
+prompt                  = no                   		# Don't prompt for DN
+distinguished_name      = server_dn            		# DN section
+req_extensions          = server_ext           		# Desired extensions
+
+# Server certificate info
+[ server_dn ]
+countryName             = "US"
+stateOrProvinceName     = "Wahington"
+organizationName        = "Seattle"
+localityName            = "wolfSSL"
+organizationalUnitName  = "Support"
+commonName              = "www.wolfssl.com"
+
+# Extension - add alternative name to cert
+[ server_ext ]
+subjectAltName          = "DNS:www.wolfssl.com,DNS:wolfssl.jp"
diff --git a/certs/intermediate/include.am b/certs/intermediate/include.am
index f480880da..ad3a66b21 100644
--- a/certs/intermediate/include.am
+++ b/certs/intermediate/include.am
@@ -40,4 +40,12 @@ EXTRA_DIST += \
 	     certs/intermediate/server-int-cert.der \
 	     certs/intermediate/server-int-cert.pem \
 	     certs/intermediate/server-int-ecc-cert.der \
-	     certs/intermediate/server-int-ecc-cert.pem
+	     certs/intermediate/ca_false_intermediate/gentestcert.sh \
+         certs/intermediate/ca_false_intermediate/int_ca.key \
+	     certs/intermediate/ca_false_intermediate/server.key \
+	     certs/intermediate/ca_false_intermediate/test_ca.key \
+	     certs/intermediate/ca_false_intermediate/test_ca.pem \
+         certs/intermediate/ca_false_intermediate/test_int_not_cacert.pem \
+         certs/intermediate/ca_false_intermediate/test_sign_bynoca_srv.pem \
+         certs/intermediate/ca_false_intermediate/wolfssl_base.conf \
+         certs/intermediate/ca_false_intermediate/wolfssl_srv.conf
diff --git a/certs/ocsp/include.am b/certs/ocsp/include.am
index 1b663075f..3f79753d2 100644
--- a/certs/ocsp/include.am
+++ b/certs/ocsp/include.am
@@ -36,4 +36,5 @@ EXTRA_DIST += \
         certs/ocsp/test-response.der \
         certs/ocsp/test-response-rsapss.der \
         certs/ocsp/test-response-nointern.der \
-        certs/ocsp/test-multi-response.der
+        certs/ocsp/test-multi-response.der \
+        certs/ocsp/test-leaf-response.der
diff --git a/certs/ocsp/intermediate1-ca-cert.pem b/certs/ocsp/intermediate1-ca-cert.pem
index ebf186e64..911cce437 100644
--- a/certs/ocsp/intermediate1-ca-cert.pem
+++ b/certs/ocsp/intermediate1-ca-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35:
                     a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         1c:06:f6:58:ee:a2:4d:11:dd:ce:51:2a:ea:3c:1e:13:62:2b:
-         e2:04:6d:ca:67:2b:14:1b:de:3e:72:7b:d2:12:29:59:e9:bd:
-         3f:37:1f:9b:9c:15:84:40:10:c2:7b:1c:1f:16:2c:4e:f5:b7:
-         bb:7e:24:79:7a:e6:6b:6e:66:cf:4f:04:e5:31:b9:63:12:80:
-         89:61:fc:ae:47:b3:bd:b0:63:d8:aa:77:ba:25:53:e5:f7:ca:
-         63:d5:7f:6e:80:ed:75:c9:47:59:df:7a:82:87:2e:b8:cf:87:
-         c4:9a:0c:2f:ee:a9:a8:5a:7e:2b:55:30:e9:8b:05:f3:ab:60:
-         7f:49:bd:16:de:73:8d:8f:72:48:35:23:a1:88:88:a8:9a:01:
-         19:6c:6e:06:cf:c3:47:d9:68:0e:42:c3:84:d9:23:71:36:73:
-         c4:9d:bc:ed:f7:9b:e3:a0:8d:89:ac:ec:e7:75:22:1f:99:74:
-         5b:4c:5b:b5:25:e1:7f:02:f3:07:ae:4f:b1:0b:21:f9:17:78:
-         1a:b4:c6:8f:03:91:fb:b2:95:ff:6d:de:37:39:4a:57:c1:8c:
-         da:91:3a:4c:cc:fa:27:9a:4f:42:cb:4c:15:c7:08:34:8f:03:
-         a8:f1:2e:df:64:c5:ec:57:e1:90:77:2f:49:90:c1:23:4d:7b:
-         9e:44:fb:08
+    Signature Value:
+        75:57:f1:0c:87:8f:a2:70:3c:ce:e4:70:0e:99:6a:da:c4:80:
+        94:2c:25:0c:de:0d:7b:f3:94:f1:e8:ad:6f:d0:de:9a:9d:f5:
+        64:31:65:3f:18:e6:c3:f5:b5:1d:a2:be:5b:97:79:41:78:15:
+        1c:b3:83:de:d0:00:ea:d2:70:43:c5:60:60:07:72:e5:76:59:
+        b8:0e:2f:47:c9:8d:a4:4c:f1:20:b0:40:3b:ed:e9:de:b2:46:
+        10:90:1b:0f:96:16:e6:97:bc:d5:9a:93:aa:3c:e3:b3:6b:5f:
+        db:2c:af:2b:da:7c:36:36:aa:86:a1:65:70:c8:f1:34:d1:1f:
+        10:96:71:e6:cf:69:5c:bf:0e:15:33:97:fe:40:42:be:30:48:
+        ad:fb:d7:0e:7b:73:dd:64:30:7e:10:81:ac:3b:0b:3c:e4:12:
+        9f:31:8b:3d:f0:9b:84:dc:5b:32:33:39:de:eb:1a:17:89:d8:
+        1b:00:33:2d:50:a4:1a:2c:11:a2:60:ac:c1:9a:0f:44:90:00:
+        cf:8d:6c:af:5b:71:23:7a:a7:4f:df:f5:3f:5c:ae:93:ca:4e:
+        ec:f0:1b:f4:fa:53:7d:d9:36:af:5e:4c:54:c7:3a:d5:e3:68:
+        ca:78:e5:1f:55:44:65:eb:00:2d:c3:c8:ba:0e:1f:47:1c:67:
+        2e:a9:c1:6e
 -----BEGIN CERTIFICATE-----
 MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
 bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
@@ -84,12 +83,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
 KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
-ggEBABwG9ljuok0R3c5RKuo8HhNiK+IEbcpnKxQb3j5ye9ISKVnpvT83H5ucFYRA
-EMJ7HB8WLE71t7t+JHl65mtuZs9PBOUxuWMSgIlh/K5Hs72wY9iqd7olU+X3ymPV
-f26A7XXJR1nfeoKHLrjPh8SaDC/uqahafitVMOmLBfOrYH9JvRbec42Pckg1I6GI
-iKiaARlsbgbPw0fZaA5Cw4TZI3E2c8SdvO33m+OgjYms7Od1Ih+ZdFtMW7Ul4X8C
-8weuT7ELIfkXeBq0xo8Dkfuylf9t3jc5SlfBjNqROkzM+ieaT0LLTBXHCDSPA6jx
-Lt9kxexX4ZB3L0mQwSNNe55E+wg=
+ggEBAHVX8QyHj6JwPM7kcA6ZatrEgJQsJQzeDXvzlPHorW/Q3pqd9WQxZT8Y5sP1
+tR2ivluXeUF4FRyzg97QAOrScEPFYGAHcuV2WbgOL0fJjaRM8SCwQDvt6d6yRhCQ
+Gw+WFuaXvNWak6o847NrX9ssryvafDY2qoahZXDI8TTRHxCWcebPaVy/DhUzl/5A
+Qr4wSK371w57c91kMH4Qgaw7CzzkEp8xiz3wm4TcWzIzOd7rGheJ2BsAMy1QpBos
+EaJgrMGaD0SQAM+NbK9bcSN6p0/f9T9crpPKTuzwG/T6U33ZNq9eTFTHOtXjaMp4
+5R9VRGXrAC3DyLoOH0ccZy6pwW4=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -176,11 +174,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/intermediate2-ca-cert.pem b/certs/ocsp/intermediate2-ca-cert.pem
index bd5a6a043..1068c455f 100644
--- a/certs/ocsp/intermediate2-ca-cert.pem
+++ b/certs/ocsp/intermediate2-ca-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:20:3c:35:19:6f:2c:44:b4:7e:42:c7:75:b4:
                     6a:2b:a9:23:85:bf:87:b4:ee:ca:d7:4b:1f:31:d7:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         3b:38:b5:57:a7:f6:d6:b1:19:55:b8:da:47:74:cf:9a:6b:6e:
-         ff:0a:5d:06:17:33:db:db:38:e5:d1:9c:dd:c7:3e:c2:2e:87:
-         20:52:48:d0:ad:0c:12:3e:f7:66:41:64:d2:ca:b3:4c:a1:0a:
-         6c:4b:4b:33:94:74:83:2e:2d:44:5a:13:ae:da:9a:18:87:64:
-         30:cf:69:70:e8:38:47:de:55:27:06:86:9b:24:d5:b0:8f:17:
-         3b:95:87:7e:4a:45:45:2e:6d:70:27:90:32:62:a8:36:3e:47:
-         47:0f:0e:1b:93:cf:3d:3e:9b:2c:9a:ff:0c:ee:a7:1b:40:c4:
-         dc:f2:66:74:eb:d9:11:9d:60:b8:24:b4:89:c1:e4:61:20:3d:
-         38:af:45:ad:e8:ee:69:c3:96:8a:a5:c1:cd:dd:14:87:97:dc:
-         f8:32:84:a8:3b:0a:eb:61:0e:7c:4c:65:69:3d:02:92:db:c4:
-         bf:21:6f:89:fe:cc:76:df:c5:84:fb:c4:ea:1a:60:da:d0:c8:
-         27:7c:65:1b:cb:23:20:5a:e2:23:90:bd:f5:5c:0a:85:51:37:
-         84:47:a7:80:f4:e0:a0:72:8d:7a:b8:71:03:44:59:c6:cf:2c:
-         ae:df:91:a9:74:72:eb:a7:31:b2:81:65:19:e6:df:c3:4b:b7:
-         fc:9c:2c:f0
+    Signature Value:
+        1f:0a:d4:04:b7:38:42:e7:fa:85:ee:3a:f7:11:98:5a:79:d2:
+        43:8b:f0:2b:d2:fc:ad:7b:33:a0:25:a5:b5:3f:29:13:94:9c:
+        da:b6:e6:41:8c:9a:92:3b:cc:44:6e:0e:8e:8b:79:09:96:ed:
+        39:57:c4:d6:b1:7f:dd:bf:f1:26:75:89:7d:28:54:c5:e8:da:
+        12:28:02:5d:be:91:98:95:bf:ca:e8:20:d6:c6:6c:b2:af:09:
+        ab:3a:c2:c2:e5:b1:cf:ab:79:54:f1:44:de:77:e4:cb:18:f5:
+        7a:d9:5f:e9:88:cd:50:54:59:01:a0:83:1c:b2:ad:92:ea:df:
+        b1:24:84:c7:b5:17:e5:c3:b4:26:5f:24:90:da:e1:d4:ac:b8:
+        c7:e0:89:1c:56:20:aa:53:2d:51:55:0a:01:e2:4c:bc:8c:74:
+        59:9d:f5:f1:74:e7:8b:d8:71:12:01:2e:6e:4a:01:d7:fb:8d:
+        a8:2e:42:63:ab:11:57:1f:4a:1e:c0:43:3b:77:32:0d:fe:1f:
+        ec:62:47:27:a7:74:84:0a:82:3c:0f:5f:83:91:e1:78:35:88:
+        9d:e1:da:b1:00:cb:77:c7:fc:f2:a1:3d:c3:7a:de:ab:81:e4:
+        1b:ee:75:c9:b9:ea:f8:c1:5f:e6:15:6a:1f:96:ba:30:05:0f:
+        43:7c:21:b6
 -----BEGIN CERTIFICATE-----
 MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
 bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
@@ -84,12 +83,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
 KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
-ggEBADs4tVen9taxGVW42kd0z5prbv8KXQYXM9vbOOXRnN3HPsIuhyBSSNCtDBI+
-92ZBZNLKs0yhCmxLSzOUdIMuLURaE67amhiHZDDPaXDoOEfeVScGhpsk1bCPFzuV
-h35KRUUubXAnkDJiqDY+R0cPDhuTzz0+myya/wzupxtAxNzyZnTr2RGdYLgktInB
-5GEgPTivRa3o7mnDloqlwc3dFIeX3PgyhKg7CuthDnxMZWk9ApLbxL8hb4n+zHbf
-xYT7xOoaYNrQyCd8ZRvLIyBa4iOQvfVcCoVRN4RHp4D04KByjXq4cQNEWcbPLK7f
-kal0cuunMbKBZRnm38NLt/ycLPA=
+ggEBAB8K1AS3OELn+oXuOvcRmFp50kOL8CvS/K17M6AlpbU/KROUnNq25kGMmpI7
+zERuDo6LeQmW7TlXxNaxf92/8SZ1iX0oVMXo2hIoAl2+kZiVv8roINbGbLKvCas6
+wsLlsc+reVTxRN535MsY9XrZX+mIzVBUWQGggxyyrZLq37EkhMe1F+XDtCZfJJDa
+4dSsuMfgiRxWIKpTLVFVCgHiTLyMdFmd9fF054vYcRIBLm5KAdf7jaguQmOrEVcf
+Sh7AQzt3Mg3+H+xiRyendIQKgjwPX4OR4Xg1iJ3h2rEAy3fH/PKhPcN63quB5Bvu
+dcm56vjBX+YVah+WujAFD0N8IbY=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -176,11 +174,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/intermediate3-ca-cert.pem b/certs/ocsp/intermediate3-ca-cert.pem
index 932f24596..05e87b1e5 100644
--- a/certs/ocsp/intermediate3-ca-cert.pem
+++ b/certs/ocsp/intermediate3-ca-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL REVOKED intermediate CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:c5:04:10:7d:c2:21:e9:12:45:da:d5:ba:28:
                     fd:a6:f4:30:44:a0:df:f9:70:5e:17:26:97:59:5c:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         2f:e1:b0:99:a9:71:0e:41:f8:b1:9d:38:c8:f4:3d:7c:79:ce:
-         d2:94:01:2a:b6:71:1b:4c:64:19:27:02:71:b4:43:64:42:f9:
-         2b:71:39:6e:64:4e:e8:32:b1:1e:1b:fd:7d:22:cb:8a:9c:34:
-         ce:ef:bb:dd:f2:4f:83:58:33:34:01:cb:b4:35:e2:ba:c6:cc:
-         aa:2f:ed:2e:e9:04:ec:cd:7f:06:50:b3:4e:37:cd:fe:96:69:
-         da:a3:fe:63:78:83:c5:86:7e:03:b2:11:e5:94:f8:56:e9:d1:
-         dd:5d:b4:05:4d:26:0e:09:c2:50:32:ce:6d:da:6b:b7:ee:e1:
-         1b:a9:b0:0f:59:d6:03:16:ee:47:16:2f:1f:58:f9:f8:48:d9:
-         59:ed:61:a1:af:7e:92:38:2e:40:0c:9b:e7:21:90:3b:10:6f:
-         61:ad:e0:95:57:e2:d5:39:dc:83:54:88:99:4a:5e:21:94:ce:
-         f9:0f:5e:e9:22:10:55:bb:97:f4:51:3f:50:83:ed:63:fb:ab:
-         d2:02:b3:aa:26:f7:fc:72:1c:84:e9:a0:a3:fa:b2:22:90:c8:
-         ac:61:84:2a:bd:3f:75:1f:1b:bf:83:a8:90:ce:4c:de:ee:eb:
-         65:b4:ff:f0:7a:b2:11:7a:78:60:c4:6e:da:e3:c8:a3:57:5b:
-         8f:58:e4:49
+    Signature Value:
+        9c:99:cf:4a:64:66:4f:74:91:47:3d:58:ed:c2:3a:57:d5:70:
+        70:d7:7e:63:2c:8e:06:5e:36:4b:60:92:74:3f:ca:2c:cf:43:
+        1b:b7:64:42:89:43:30:53:b2:6a:f4:ce:d8:ec:18:2d:20:4e:
+        2d:fb:2d:22:71:61:87:3a:35:dc:77:b5:bd:1e:b3:13:ae:bd:
+        71:ef:b3:21:9d:50:5f:0d:a9:52:76:9b:ea:25:be:f2:79:08:
+        49:16:9c:68:82:30:80:2d:47:ce:49:46:cc:66:95:47:c5:28:
+        89:d7:b4:b3:37:b0:14:21:34:58:c3:7b:94:91:2c:32:80:0e:
+        7e:fa:ed:07:e0:e3:52:8b:fc:73:f8:73:df:52:34:b0:63:a7:
+        02:26:5d:e9:e6:37:43:a3:f5:c3:be:5f:c4:86:6e:00:20:51:
+        7b:b6:48:85:11:f4:b3:79:4d:b7:14:20:f4:ea:c3:06:68:45:
+        1a:4f:db:09:df:30:3e:2c:89:bf:dc:4d:81:46:1c:3d:0b:b4:
+        a0:0f:79:d6:c5:1e:a8:81:fd:ff:80:b8:4b:f6:50:06:88:e9:
+        69:96:12:df:66:b8:db:46:60:f8:b4:35:f6:eb:f6:f9:a4:19:
+        d2:d6:d7:d8:c8:5f:0b:46:66:5d:3c:d3:18:17:78:b4:80:85:
+        ca:98:bd:33
 -----BEGIN CERTIFICATE-----
 MIIE9jCCA96gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L
 RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
@@ -84,12 +83,12 @@ DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp
 bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB
 FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm
 MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcN
-AQELBQADggEBAC/hsJmpcQ5B+LGdOMj0PXx5ztKUASq2cRtMZBknAnG0Q2RC+Stx
-OW5kTugysR4b/X0iy4qcNM7vu93yT4NYMzQBy7Q14rrGzKov7S7pBOzNfwZQs043
-zf6Wadqj/mN4g8WGfgOyEeWU+Fbp0d1dtAVNJg4JwlAyzm3aa7fu4RupsA9Z1gMW
-7kcWLx9Y+fhI2VntYaGvfpI4LkAMm+chkDsQb2Gt4JVX4tU53INUiJlKXiGUzvkP
-XukiEFW7l/RRP1CD7WP7q9ICs6om9/xyHITpoKP6siKQyKxhhCq9P3UfG7+DqJDO
-TN7u62W0//B6shF6eGDEbtrjyKNXW49Y5Ek=
+AQELBQADggEBAJyZz0pkZk90kUc9WO3COlfVcHDXfmMsjgZeNktgknQ/yizPQxu3
+ZEKJQzBTsmr0ztjsGC0gTi37LSJxYYc6Ndx3tb0esxOuvXHvsyGdUF8NqVJ2m+ol
+vvJ5CEkWnGiCMIAtR85JRsxmlUfFKInXtLM3sBQhNFjDe5SRLDKADn767Qfg41KL
+/HP4c99SNLBjpwImXenmN0Oj9cO+X8SGbgAgUXu2SIUR9LN5TbcUIPTqwwZoRRpP
+2wnfMD4sib/cTYFGHD0LtKAPedbFHqiB/f+AuEv2UAaI6WmWEt9muNtGYPi0Nfbr
+9vmkGdLW19jIXwtGZl080xgXeLSAhcqYvTM=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -176,11 +174,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/ocsp-responder-cert.pem b/certs/ocsp/ocsp-responder-cert.pem
index 0eb95e094..5071c26ff 100644
--- a/certs/ocsp/ocsp-responder-cert.pem
+++ b/certs/ocsp/ocsp-responder-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL OCSP Responder, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b8:ba:23:b4:f6:c3:7b:14:c3:a4:f5:1d:61:a1:
                     f5:1e:63:b9:85:23:34:50:6d:f8:7c:a2:8a:04:8b:
@@ -40,31 +40,31 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Extended Key Usage: 
                 OCSP Signing
     Signature Algorithm: sha256WithRSAEncryption
-         0a:a4:ec:1a:eb:2e:bc:d0:62:b6:84:72:92:8a:1a:e4:04:31:
-         1c:68:17:ae:6c:18:44:ad:23:73:0d:63:73:9b:47:97:ae:21:
-         aa:ac:ab:f4:9e:64:78:62:bb:b5:70:29:31:eb:53:b2:f6:20:
-         35:ff:43:06:f0:3f:84:d8:aa:be:6d:a9:59:ef:f5:6b:8e:da:
-         78:77:22:70:43:c8:e5:b5:55:2f:c8:31:5e:87:d2:2d:a5:0f:
-         0a:aa:01:00:76:22:17:73:72:9a:59:fb:c8:1f:a3:b9:d6:99:
-         7f:16:90:03:ec:20:bf:f5:8a:c5:e2:a7:1c:4b:bf:c5:7c:45:
-         18:de:e3:93:a1:41:b0:33:ed:d2:6e:4f:14:58:6e:af:12:be:
-         3b:ed:6e:20:4b:6d:11:89:9d:c6:2a:ab:1e:24:3f:d2:56:98:
-         5c:8f:d1:fe:d2:92:6b:7b:ed:15:84:3a:b3:aa:5c:c6:b4:6d:
-         5d:cb:ce:81:37:e5:ef:96:25:92:ef:04:3c:38:0c:f0:6d:64:
-         ef:33:51:4f:98:6f:55:3d:0e:cc:07:ea:2c:0b:3e:09:a0:23:
-         0b:45:2c:02:a0:49:70:d8:a8:a7:36:07:68:c6:82:5e:d4:78:
-         be:cf:5b:11:79:6b:bf:e2:5d:56:79:19:a5:64:b2:e8:86:a4:
-         27:74:cf:55
+    Signature Value:
+        4d:a2:d8:55:e0:2b:f4:ad:65:e2:92:35:cb:60:a0:a2:6b:a6:
+        88:c1:86:58:57:37:bd:2e:28:6e:1c:56:2a:35:de:ff:3e:8e:
+        3d:47:21:1a:e9:d3:c6:b4:e2:cb:3e:c6:af:9b:ef:23:88:56:
+        95:73:2e:b3:ed:c5:11:4b:69:f7:13:3a:05:e1:af:ba:c9:59:
+        fd:e2:a0:81:a0:4c:0c:2c:cb:57:ad:96:3a:8c:32:a6:4a:f8:
+        72:b8:ec:b3:26:69:d6:6a:4c:4c:78:18:3c:ca:19:f1:b5:8e:
+        23:81:5b:27:90:e0:5c:2b:17:4d:78:99:6b:25:bd:2f:ae:1b:
+        aa:ce:84:b9:44:21:46:c0:34:6b:5b:b9:1b:ca:5c:60:f1:ef:
+        e6:66:bc:84:63:56:50:7d:bb:2c:2f:7b:47:b4:fd:58:77:87:
+        ee:27:20:96:72:8e:4c:7e:4f:93:eb:5f:8f:9c:1e:59:7a:96:
+        aa:53:77:22:41:d8:d3:f9:89:8f:e8:9d:65:bd:0c:71:3c:bb:
+        a3:07:bf:fb:a8:d1:18:0a:b4:c4:f7:83:b3:86:2b:f0:5b:05:
+        28:c1:01:31:73:5c:2b:bd:60:97:a3:36:82:96:d7:83:df:75:
+        ee:29:42:97:86:41:55:b9:70:87:d5:02:85:13:41:f8:25:05:
+        ab:6a:aa:57
 -----BEGIN CERTIFICATE-----
 MIIEvjCCA6agAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBnjELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBnjELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQDDBZ3b2xmU1NMIE9DU1Ag
 UmVzcG9uZGVyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -80,12 +80,12 @@ CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0
 dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG
 A1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
 c2wuY29tggFjMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IB
-AQAKpOwa6y680GK2hHKSihrkBDEcaBeubBhErSNzDWNzm0eXriGqrKv0nmR4Yru1
-cCkx61Oy9iA1/0MG8D+E2Kq+balZ7/Vrjtp4dyJwQ8jltVUvyDFeh9ItpQ8KqgEA
-diIXc3KaWfvIH6O51pl/FpAD7CC/9YrF4qccS7/FfEUY3uOToUGwM+3Sbk8UWG6v
-Er477W4gS20RiZ3GKqseJD/SVphcj9H+0pJre+0VhDqzqlzGtG1dy86BN+XvliWS
-7wQ8OAzwbWTvM1FPmG9VPQ7MB+osCz4JoCMLRSwCoElw2KinNgdoxoJe1Hi+z1sR
-eWu/4l1WeRmlZLLohqQndM9V
+AQBNothV4Cv0rWXikjXLYKCia6aIwYZYVze9LihuHFYqNd7/Po49RyEa6dPGtOLL
+Psavm+8jiFaVcy6z7cURS2n3EzoF4a+6yVn94qCBoEwMLMtXrZY6jDKmSvhyuOyz
+JmnWakxMeBg8yhnxtY4jgVsnkOBcKxdNeJlrJb0vrhuqzoS5RCFGwDRrW7kbylxg
+8e/mZryEY1ZQfbssL3tHtP1Yd4fuJyCWco5Mfk+T61+PnB5ZepaqU3ciQdjT+YmP
+6J1lvQxxPLujB7/7qNEYCrTE94OzhivwWwUowQExc1wrvWCXozaClteD33XuKUKX
+hkFVuXCH1QKFE0H4JQWraqpX
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -94,12 +94,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -129,34 +129,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -172,11 +171,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/renewcerts.sh b/certs/ocsp/renewcerts.sh
index f377a1fdd..003aa1253 100755
--- a/certs/ocsp/renewcerts.sh
+++ b/certs/ocsp/renewcerts.sh
@@ -100,6 +100,16 @@ openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate1-ca-cert.pem -cert
 kill $PID
 wait $PID
 
+# Create a response DER buffer for testing leaf certificate
+openssl ocsp -port 22221 -ndays 1000 -index \
+./index-intermediate1-ca-issued-certs.txt -rsigner ocsp-responder-cert.pem \
+-rkey ocsp-responder-key.pem -CA intermediate1-ca-cert.pem -partial_chain &
+PID=$!
+sleep 1 # Make sure server is ready
+
+openssl ocsp -issuer ./intermediate1-ca-cert.pem -cert ./server1-cert.pem -url http://localhost:22221/ -respout test-leaf-response.der -noverify
+kill $PID
+wait $PID
 
 # now start up a responder that signs using rsa-pss
 openssl ocsp -port 22221 -ndays 1000 -index index-ca-and-intermediate-cas.txt -rsigner ocsp-responder-cert.pem -rkey ocsp-responder-key.pem -CA root-ca-cert.pem -rsigopt rsa_padding_mode:pss &
diff --git a/certs/ocsp/root-ca-cert.pem b/certs/ocsp/root-ca-cert.pem
index 4dd84808f..060acb0c0 100644
--- a/certs/ocsp/root-ca-cert.pem
+++ b/certs/ocsp/root-ca-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -83,11 +82,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/server1-cert.pem b/certs/ocsp/server1-cert.pem
index 641d41f19..dfc0c7389 100644
--- a/certs/ocsp/server1-cert.pem
+++ b/certs/ocsp/server1-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = www1.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e6:96:55:75:cf:8a:97:68:8c:b6:38:f6:7a:05:
                     be:33:b6:51:47:37:8a:f7:db:91:be:92:6b:b7:00:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:01
-
             X509v3 Key Usage: 
                 Digital Signature, Non Repudiation, Key Encipherment
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22221
-
     Signature Algorithm: sha256WithRSAEncryption
-         2c:4a:52:45:c2:c6:40:fe:e1:c0:38:89:63:a1:24:44:f8:8c:
-         1b:28:dc:55:69:19:b1:d0:53:46:01:36:f6:ee:b0:ac:71:3a:
-         a9:43:cb:43:99:73:f0:a7:c2:cb:73:d2:9a:02:6c:5b:12:c8:
-         ea:d7:87:18:cc:5a:a3:15:53:0f:94:b2:97:eb:78:e8:6e:8d:
-         4d:3b:d4:23:88:98:7d:35:09:74:95:a8:05:49:57:d0:2a:3c:
-         1b:96:1f:d0:5d:37:0a:a3:01:55:36:bb:17:6e:d9:9f:81:ee:
-         7d:12:bc:ff:e0:22:ca:49:1e:f5:c4:06:8c:29:28:20:3a:b0:
-         a4:6e:82:6c:74:3b:56:37:e0:bb:42:9e:65:3f:19:b8:d2:2a:
-         15:9e:92:39:8b:17:f2:ef:7f:d2:b8:79:a5:12:20:50:a2:31:
-         55:52:a4:74:91:02:bc:0e:d0:43:01:c5:7c:4d:4e:b0:00:88:
-         a4:10:c5:9c:93:38:cb:05:48:c8:87:6a:54:f6:9c:38:77:2a:
-         6f:ad:ab:b4:a2:23:bc:23:af:41:57:d3:f4:d6:27:b0:a6:f9:
-         58:9c:76:76:4d:83:d2:27:ac:0e:af:95:2d:3a:9d:6c:1c:55:
-         98:5a:a8:e0:1f:dd:13:a5:fc:72:e4:be:95:aa:57:99:3c:2e:
-         16:70:e9:d1
+    Signature Value:
+        7c:53:b6:71:1e:1a:9a:54:42:15:3a:81:06:d2:7c:bc:56:63:
+        13:0a:4d:21:3f:59:68:4c:07:17:65:a1:26:ce:10:4c:90:f5:
+        13:66:60:9b:9c:d9:85:7f:a3:da:9f:a6:d7:69:df:c7:b1:0b:
+        4d:14:93:32:7f:df:7a:e6:ab:cc:74:de:a8:6d:c5:4c:55:be:
+        a1:8a:14:48:38:e0:34:76:5c:cb:27:6b:a1:31:de:6c:bc:ac:
+        ea:73:7e:ce:ad:86:e2:54:7b:0f:87:4f:b7:24:c0:06:83:17:
+        0d:75:a7:09:5e:2f:74:c3:85:f5:2e:ec:84:21:b6:ce:93:0d:
+        bf:5c:39:24:5d:e0:63:25:04:5c:23:a7:d8:93:e8:1a:34:44:
+        fb:67:94:80:45:7c:78:31:20:d1:ed:a2:06:6b:84:1f:3a:99:
+        f2:de:14:cb:8e:cf:fd:dd:51:a3:af:17:8a:83:f3:f5:4e:ea:
+        a5:33:c8:fa:84:9a:17:7e:5d:6f:f8:90:2e:ac:88:66:b6:49:
+        44:72:85:43:ca:58:d9:94:56:85:98:56:b8:34:d4:22:5d:8e:
+        7a:35:ef:5a:96:15:29:2d:7b:f1:1f:55:98:7f:2f:d8:08:36:
+        ec:c9:a1:c6:05:3e:db:dd:e4:f8:2d:ca:92:e0:e8:a4:e4:7c:
+        39:77:72:97
 -----BEGIN CERTIFICATE-----
 MIIE7jCCA9agAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM
 IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMFoXDTI2MDkwODIyMTkzMFowgZgxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVowgZgxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3
 MS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
@@ -84,12 +83,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx
 GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
 b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
 AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB
-AQAsSlJFwsZA/uHAOIljoSRE+IwbKNxVaRmx0FNGATb27rCscTqpQ8tDmXPwp8LL
-c9KaAmxbEsjq14cYzFqjFVMPlLKX63jobo1NO9QjiJh9NQl0lagFSVfQKjwblh/Q
-XTcKowFVNrsXbtmfge59Erz/4CLKSR71xAaMKSggOrCkboJsdDtWN+C7Qp5lPxm4
-0ioVnpI5ixfy73/SuHmlEiBQojFVUqR0kQK8DtBDAcV8TU6wAIikEMWckzjLBUjI
-h2pU9pw4dypvrau0oiO8I69BV9P01iewpvlYnHZ2TYPSJ6wOr5UtOp1sHFWYWqjg
-H90Tpfxy5L6VqleZPC4WcOnR
+AQB8U7ZxHhqaVEIVOoEG0ny8VmMTCk0hP1loTAcXZaEmzhBMkPUTZmCbnNmFf6Pa
+n6bXad/HsQtNFJMyf9965qvMdN6obcVMVb6hihRIOOA0dlzLJ2uhMd5svKzqc37O
+rYbiVHsPh0+3JMAGgxcNdacJXi90w4X1LuyEIbbOkw2/XDkkXeBjJQRcI6fYk+ga
+NET7Z5SARXx4MSDR7aIGa4QfOpny3hTLjs/93VGjrxeKg/P1TuqlM8j6hJoXfl1v
++JAurIhmtklEcoVDyljZlFaFmFa4NNQiXY56Ne9alhUpLXvxH1WYfy/YCDbsyaHG
+BT7b3eT4LcqS4Oik5Hw5d3KX
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35:
                     a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         1c:06:f6:58:ee:a2:4d:11:dd:ce:51:2a:ea:3c:1e:13:62:2b:
-         e2:04:6d:ca:67:2b:14:1b:de:3e:72:7b:d2:12:29:59:e9:bd:
-         3f:37:1f:9b:9c:15:84:40:10:c2:7b:1c:1f:16:2c:4e:f5:b7:
-         bb:7e:24:79:7a:e6:6b:6e:66:cf:4f:04:e5:31:b9:63:12:80:
-         89:61:fc:ae:47:b3:bd:b0:63:d8:aa:77:ba:25:53:e5:f7:ca:
-         63:d5:7f:6e:80:ed:75:c9:47:59:df:7a:82:87:2e:b8:cf:87:
-         c4:9a:0c:2f:ee:a9:a8:5a:7e:2b:55:30:e9:8b:05:f3:ab:60:
-         7f:49:bd:16:de:73:8d:8f:72:48:35:23:a1:88:88:a8:9a:01:
-         19:6c:6e:06:cf:c3:47:d9:68:0e:42:c3:84:d9:23:71:36:73:
-         c4:9d:bc:ed:f7:9b:e3:a0:8d:89:ac:ec:e7:75:22:1f:99:74:
-         5b:4c:5b:b5:25:e1:7f:02:f3:07:ae:4f:b1:0b:21:f9:17:78:
-         1a:b4:c6:8f:03:91:fb:b2:95:ff:6d:de:37:39:4a:57:c1:8c:
-         da:91:3a:4c:cc:fa:27:9a:4f:42:cb:4c:15:c7:08:34:8f:03:
-         a8:f1:2e:df:64:c5:ec:57:e1:90:77:2f:49:90:c1:23:4d:7b:
-         9e:44:fb:08
+    Signature Value:
+        75:57:f1:0c:87:8f:a2:70:3c:ce:e4:70:0e:99:6a:da:c4:80:
+        94:2c:25:0c:de:0d:7b:f3:94:f1:e8:ad:6f:d0:de:9a:9d:f5:
+        64:31:65:3f:18:e6:c3:f5:b5:1d:a2:be:5b:97:79:41:78:15:
+        1c:b3:83:de:d0:00:ea:d2:70:43:c5:60:60:07:72:e5:76:59:
+        b8:0e:2f:47:c9:8d:a4:4c:f1:20:b0:40:3b:ed:e9:de:b2:46:
+        10:90:1b:0f:96:16:e6:97:bc:d5:9a:93:aa:3c:e3:b3:6b:5f:
+        db:2c:af:2b:da:7c:36:36:aa:86:a1:65:70:c8:f1:34:d1:1f:
+        10:96:71:e6:cf:69:5c:bf:0e:15:33:97:fe:40:42:be:30:48:
+        ad:fb:d7:0e:7b:73:dd:64:30:7e:10:81:ac:3b:0b:3c:e4:12:
+        9f:31:8b:3d:f0:9b:84:dc:5b:32:33:39:de:eb:1a:17:89:d8:
+        1b:00:33:2d:50:a4:1a:2c:11:a2:60:ac:c1:9a:0f:44:90:00:
+        cf:8d:6c:af:5b:71:23:7a:a7:4f:df:f5:3f:5c:ae:93:ca:4e:
+        ec:f0:1b:f4:fa:53:7d:d9:36:af:5e:4c:54:c7:3a:d5:e3:68:
+        ca:78:e5:1f:55:44:65:eb:00:2d:c3:c8:ba:0e:1f:47:1c:67:
+        2e:a9:c1:6e
 -----BEGIN CERTIFICATE-----
 MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
 bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
@@ -177,12 +175,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
 KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
-ggEBABwG9ljuok0R3c5RKuo8HhNiK+IEbcpnKxQb3j5ye9ISKVnpvT83H5ucFYRA
-EMJ7HB8WLE71t7t+JHl65mtuZs9PBOUxuWMSgIlh/K5Hs72wY9iqd7olU+X3ymPV
-f26A7XXJR1nfeoKHLrjPh8SaDC/uqahafitVMOmLBfOrYH9JvRbec42Pckg1I6GI
-iKiaARlsbgbPw0fZaA5Cw4TZI3E2c8SdvO33m+OgjYms7Od1Ih+ZdFtMW7Ul4X8C
-8weuT7ELIfkXeBq0xo8Dkfuylf9t3jc5SlfBjNqROkzM+ieaT0LLTBXHCDSPA6jx
-Lt9kxexX4ZB3L0mQwSNNe55E+wg=
+ggEBAHVX8QyHj6JwPM7kcA6ZatrEgJQsJQzeDXvzlPHorW/Q3pqd9WQxZT8Y5sP1
+tR2ivluXeUF4FRyzg97QAOrScEPFYGAHcuV2WbgOL0fJjaRM8SCwQDvt6d6yRhCQ
+Gw+WFuaXvNWak6o847NrX9ssryvafDY2qoahZXDI8TTRHxCWcebPaVy/DhUzl/5A
+Qr4wSK371w57c91kMH4Qgaw7CzzkEp8xiz3wm4TcWzIzOd7rGheJ2BsAMy1QpBos
+EaJgrMGaD0SQAM+NbK9bcSN6p0/f9T9crpPKTuzwG/T6U33ZNq9eTFTHOtXjaMp4
+5R9VRGXrAC3DyLoOH0ccZy6pwW4=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -191,12 +189,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -226,34 +224,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -269,11 +266,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/server2-cert.pem b/certs/ocsp/server2-cert.pem
index 1d2b0c91c..9d128727c 100644
--- a/certs/ocsp/server2-cert.pem
+++ b/certs/ocsp/server2-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = www2.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c6:35:8a:e8:aa:bd:33:c9:5e:84:43:67:42:65:
                     2a:3c:e3:89:b4:a6:67:a1:3b:ee:6d:85:d1:d3:2b:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:83:C6:3A:89:2C:81:F4:02:D7:9D:4C:E2:2A:C0:71:82:64:44:DA:0E
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:01
-
             X509v3 Key Usage: 
                 Digital Signature, Non Repudiation, Key Encipherment
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22221
-
     Signature Algorithm: sha256WithRSAEncryption
-         ba:b8:a9:5b:b2:3b:55:29:f6:8e:08:d9:48:7b:12:4e:45:65:
-         bb:4a:d0:23:82:c8:2b:f1:2e:fd:34:d1:e8:d0:b9:89:35:f3:
-         49:e4:67:6b:bf:72:ae:26:48:20:1e:0d:22:11:11:d1:b3:b2:
-         9f:d2:47:b5:b0:64:37:03:0b:aa:62:9b:26:b1:c5:52:72:80:
-         12:d8:67:20:3b:f4:59:72:06:99:f6:ff:92:f7:50:05:46:30:
-         11:d3:b4:e2:5b:03:cc:f8:01:d2:8e:de:2b:0a:52:6a:76:66:
-         a8:e3:80:06:a3:60:e2:c5:6b:62:4d:12:0d:9a:43:a6:c7:e5:
-         87:1d:02:65:f2:35:66:e2:07:05:66:32:df:5f:14:7f:9b:89:
-         60:61:41:8c:bb:ad:1c:9e:92:7d:19:4c:8a:3c:d9:9f:6c:d7:
-         c3:a9:13:b3:13:2c:38:e0:e6:e1:0c:4c:55:f0:25:42:73:6a:
-         c1:79:82:0a:a5:95:ef:2a:0e:29:cd:76:88:af:e4:da:e6:95:
-         22:55:dc:8f:67:3e:eb:c8:6b:4a:86:1f:2a:13:40:ee:a2:5e:
-         59:61:77:3b:c7:81:d2:6e:ed:ea:08:55:ea:c4:1f:11:d8:50:
-         c5:a1:c7:46:57:c7:02:4c:ce:3b:e5:1b:9d:cf:59:73:24:7c:
-         07:cf:8f:f6
+    Signature Value:
+        b3:dc:a7:36:44:5f:9d:37:d7:cc:86:ee:db:2d:74:4b:7a:88:
+        f7:a4:fa:7b:84:09:6f:63:3b:9f:2e:00:3a:2d:7d:1f:ef:c5:
+        91:32:48:4f:36:01:29:93:c7:b8:0b:fd:66:67:7f:c8:71:ce:
+        32:cd:87:ca:9c:0b:26:fa:b1:55:57:a5:e0:c5:16:66:66:e8:
+        a4:3d:68:fd:ed:2d:1b:d0:c3:d1:9b:b3:cf:a0:2d:7e:26:7f:
+        a7:80:ee:73:dd:83:38:3d:39:8e:c3:ad:cb:7c:71:b1:94:d5:
+        eb:cb:d0:5d:57:c3:68:49:05:88:b7:65:0c:4a:ae:a6:f4:53:
+        4e:b7:84:c1:b8:f1:6a:b5:04:81:25:56:77:85:19:9e:a0:4d:
+        f9:eb:01:71:2f:5e:8e:da:b9:ba:d2:fd:da:1b:c0:e1:29:17:
+        4f:47:dc:f9:c6:f8:a9:c6:6f:dd:bf:af:6f:4b:1d:cd:00:5a:
+        82:b2:21:36:86:eb:cb:05:63:43:2b:dc:f3:f8:f1:16:4f:e3:
+        e1:83:65:37:c2:d6:9d:00:03:34:a2:c3:2a:a3:29:5e:74:18:
+        8f:29:57:02:5d:51:8f:ea:98:95:f3:c6:9c:3c:6f:cc:98:d3:
+        8f:c6:f7:bd:48:2a:35:19:a5:f2:d1:02:30:2f:74:14:cb:21:
+        3d:40:35:df
 -----BEGIN CERTIFICATE-----
 MIIE7jCCA9agAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM
 IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMFoXDTI2MDkwODIyMTkzMFowgZgxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVowgZgxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3
 Mi53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
@@ -84,12 +83,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx
 GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
 b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
 AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB
-AQC6uKlbsjtVKfaOCNlIexJORWW7StAjgsgr8S79NNHo0LmJNfNJ5Gdrv3KuJkgg
-Hg0iERHRs7Kf0ke1sGQ3AwuqYpsmscVScoAS2GcgO/RZcgaZ9v+S91AFRjAR07Ti
-WwPM+AHSjt4rClJqdmao44AGo2DixWtiTRINmkOmx+WHHQJl8jVm4gcFZjLfXxR/
-m4lgYUGMu60cnpJ9GUyKPNmfbNfDqROzEyw44ObhDExV8CVCc2rBeYIKpZXvKg4p
-zXaIr+Ta5pUiVdyPZz7ryGtKhh8qE0Duol5ZYXc7x4HSbu3qCFXqxB8R2FDFocdG
-V8cCTM475Rudz1lzJHwHz4/2
+AQCz3Kc2RF+dN9fMhu7bLXRLeoj3pPp7hAlvYzufLgA6LX0f78WRMkhPNgEpk8e4
+C/1mZ3/Icc4yzYfKnAsm+rFVV6XgxRZmZuikPWj97S0b0MPRm7PPoC1+Jn+ngO5z
+3YM4PTmOw63LfHGxlNXry9BdV8NoSQWIt2UMSq6m9FNOt4TBuPFqtQSBJVZ3hRme
+oE356wFxL16O2rm60v3aG8DhKRdPR9z5xvipxm/dv69vSx3NAFqCsiE2huvLBWND
+K9zz+PEWT+Phg2U3wtadAAM0osMqoyledBiPKVcCXVGP6piV88acPG/MmNOPxve9
+SCo1GaXy0QIwL3QUyyE9QDXf
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:b4:c8:5c:77:e0:2d:b1:f5:b9:ad:16:47:35:
                     a0:35:65:65:c6:e1:40:ab:1e:b4:b9:13:b7:cb:8c:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         1c:06:f6:58:ee:a2:4d:11:dd:ce:51:2a:ea:3c:1e:13:62:2b:
-         e2:04:6d:ca:67:2b:14:1b:de:3e:72:7b:d2:12:29:59:e9:bd:
-         3f:37:1f:9b:9c:15:84:40:10:c2:7b:1c:1f:16:2c:4e:f5:b7:
-         bb:7e:24:79:7a:e6:6b:6e:66:cf:4f:04:e5:31:b9:63:12:80:
-         89:61:fc:ae:47:b3:bd:b0:63:d8:aa:77:ba:25:53:e5:f7:ca:
-         63:d5:7f:6e:80:ed:75:c9:47:59:df:7a:82:87:2e:b8:cf:87:
-         c4:9a:0c:2f:ee:a9:a8:5a:7e:2b:55:30:e9:8b:05:f3:ab:60:
-         7f:49:bd:16:de:73:8d:8f:72:48:35:23:a1:88:88:a8:9a:01:
-         19:6c:6e:06:cf:c3:47:d9:68:0e:42:c3:84:d9:23:71:36:73:
-         c4:9d:bc:ed:f7:9b:e3:a0:8d:89:ac:ec:e7:75:22:1f:99:74:
-         5b:4c:5b:b5:25:e1:7f:02:f3:07:ae:4f:b1:0b:21:f9:17:78:
-         1a:b4:c6:8f:03:91:fb:b2:95:ff:6d:de:37:39:4a:57:c1:8c:
-         da:91:3a:4c:cc:fa:27:9a:4f:42:cb:4c:15:c7:08:34:8f:03:
-         a8:f1:2e:df:64:c5:ec:57:e1:90:77:2f:49:90:c1:23:4d:7b:
-         9e:44:fb:08
+    Signature Value:
+        75:57:f1:0c:87:8f:a2:70:3c:ce:e4:70:0e:99:6a:da:c4:80:
+        94:2c:25:0c:de:0d:7b:f3:94:f1:e8:ad:6f:d0:de:9a:9d:f5:
+        64:31:65:3f:18:e6:c3:f5:b5:1d:a2:be:5b:97:79:41:78:15:
+        1c:b3:83:de:d0:00:ea:d2:70:43:c5:60:60:07:72:e5:76:59:
+        b8:0e:2f:47:c9:8d:a4:4c:f1:20:b0:40:3b:ed:e9:de:b2:46:
+        10:90:1b:0f:96:16:e6:97:bc:d5:9a:93:aa:3c:e3:b3:6b:5f:
+        db:2c:af:2b:da:7c:36:36:aa:86:a1:65:70:c8:f1:34:d1:1f:
+        10:96:71:e6:cf:69:5c:bf:0e:15:33:97:fe:40:42:be:30:48:
+        ad:fb:d7:0e:7b:73:dd:64:30:7e:10:81:ac:3b:0b:3c:e4:12:
+        9f:31:8b:3d:f0:9b:84:dc:5b:32:33:39:de:eb:1a:17:89:d8:
+        1b:00:33:2d:50:a4:1a:2c:11:a2:60:ac:c1:9a:0f:44:90:00:
+        cf:8d:6c:af:5b:71:23:7a:a7:4f:df:f5:3f:5c:ae:93:ca:4e:
+        ec:f0:1b:f4:fa:53:7d:d9:36:af:5e:4c:54:c7:3a:d5:e3:68:
+        ca:78:e5:1f:55:44:65:eb:00:2d:c3:c8:ba:0e:1f:47:1c:67:
+        2e:a9:c1:6e
 -----BEGIN CERTIFICATE-----
 MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
 bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
@@ -177,12 +175,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
 KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
-ggEBABwG9ljuok0R3c5RKuo8HhNiK+IEbcpnKxQb3j5ye9ISKVnpvT83H5ucFYRA
-EMJ7HB8WLE71t7t+JHl65mtuZs9PBOUxuWMSgIlh/K5Hs72wY9iqd7olU+X3ymPV
-f26A7XXJR1nfeoKHLrjPh8SaDC/uqahafitVMOmLBfOrYH9JvRbec42Pckg1I6GI
-iKiaARlsbgbPw0fZaA5Cw4TZI3E2c8SdvO33m+OgjYms7Od1Ih+ZdFtMW7Ul4X8C
-8weuT7ELIfkXeBq0xo8Dkfuylf9t3jc5SlfBjNqROkzM+ieaT0LLTBXHCDSPA6jx
-Lt9kxexX4ZB3L0mQwSNNe55E+wg=
+ggEBAHVX8QyHj6JwPM7kcA6ZatrEgJQsJQzeDXvzlPHorW/Q3pqd9WQxZT8Y5sP1
+tR2ivluXeUF4FRyzg97QAOrScEPFYGAHcuV2WbgOL0fJjaRM8SCwQDvt6d6yRhCQ
+Gw+WFuaXvNWak6o847NrX9ssryvafDY2qoahZXDI8TTRHxCWcebPaVy/DhUzl/5A
+Qr4wSK371w57c91kMH4Qgaw7CzzkEp8xiz3wm4TcWzIzOd7rGheJ2BsAMy1QpBos
+EaJgrMGaD0SQAM+NbK9bcSN6p0/f9T9crpPKTuzwG/T6U33ZNq9eTFTHOtXjaMp4
+5R9VRGXrAC3DyLoOH0ccZy6pwW4=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -191,12 +189,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -226,34 +224,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -269,11 +266,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/server3-cert.pem b/certs/ocsp/server3-cert.pem
index a16ca9a28..746cef7f3 100644
--- a/certs/ocsp/server3-cert.pem
+++ b/certs/ocsp/server3-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = www3.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:be:19:65:1e:17:39:d4:33:fc:97:64:69:80:51:
                     fb:6c:7c:ca:e1:ba:2a:ab:d2:dd:30:61:f3:2e:47:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:02
-
             X509v3 Key Usage: 
                 Digital Signature, Non Repudiation, Key Encipherment
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22222
-
     Signature Algorithm: sha256WithRSAEncryption
-         64:30:09:ad:e2:e1:ee:8d:00:a6:54:80:95:3c:89:fe:cf:40:
-         2f:28:4a:e0:54:e5:51:79:88:90:95:27:61:9a:3f:3c:a0:b3:
-         a1:9f:01:44:ad:45:a2:cf:cc:2a:10:cc:31:28:48:f4:1a:c7:
-         01:f0:e4:3f:5d:89:39:20:b0:ad:52:0c:f9:f1:d7:82:a6:fa:
-         b2:61:53:1e:97:35:63:15:58:52:fa:1d:88:09:b2:74:6e:5b:
-         76:ab:e9:07:05:e9:97:57:df:f5:73:ec:e2:07:46:f6:5f:fe:
-         03:25:0b:0b:c0:9d:6e:7a:a6:c2:b3:18:79:2f:93:a4:8c:25:
-         71:d1:d8:fe:6d:d1:4a:af:4e:8d:a4:fc:33:f0:78:18:38:3a:
-         dd:e6:1b:7c:94:68:d3:13:9f:a3:56:2c:02:d1:5d:1a:2d:ad:
-         c6:28:4e:58:5d:5f:d6:d6:7c:2c:68:c4:74:71:ab:64:92:75:
-         a7:ba:1f:77:b1:96:fa:0c:e2:81:1f:9e:17:4e:b9:da:1a:33:
-         40:33:12:74:cb:6d:28:e3:cc:0b:c1:30:58:c5:ba:65:66:a8:
-         a1:71:82:76:e7:03:43:8f:7f:03:0f:56:bb:1c:24:93:fb:34:
-         97:1f:09:71:f9:f0:1f:46:42:fb:fe:9d:68:be:25:ea:17:a8:
-         6d:4c:a1:05
+    Signature Value:
+        29:5b:96:03:71:9f:94:13:d5:26:b1:55:5e:fd:74:fa:5f:60:
+        54:cb:75:64:0d:af:4d:44:4a:7e:69:39:48:91:f2:1b:ce:2b:
+        3b:36:8a:39:f2:c4:17:31:d6:ec:ba:99:f2:c3:c6:d5:54:33:
+        85:1c:f3:6b:a0:02:2f:05:83:f9:91:a6:fe:e0:ea:2a:cb:9f:
+        85:17:ab:cb:eb:05:81:06:cd:e6:1e:7c:64:96:1b:89:37:2c:
+        eb:a3:8b:4e:51:2b:11:2a:b2:16:ed:46:cb:ab:3c:31:46:bd:
+        76:a6:d8:bf:1e:0a:8c:55:ca:92:2c:57:4f:d6:6a:92:d2:bd:
+        a5:8e:f0:20:54:a9:87:6f:59:9a:bb:2f:46:11:26:8d:03:28:
+        b6:b7:fc:c9:12:de:1a:5e:82:3b:e4:e7:02:9d:38:e3:29:c1:
+        54:3d:f9:14:02:ac:ef:79:30:39:59:f4:e2:99:3e:2b:f3:9f:
+        ed:10:f2:23:0e:4d:9a:dd:81:5e:16:e5:9c:20:94:b2:b3:90:
+        65:44:66:a8:dd:02:4b:ad:08:a2:7d:ef:b0:bf:ed:25:be:57:
+        47:45:48:a8:9c:cf:95:50:44:19:ea:ad:9f:a0:dd:12:b0:ba:
+        a2:dc:d8:a4:6e:0f:c1:17:a9:a1:83:5c:42:bb:3c:45:41:c1:
+        81:b8:0b:d8
 -----BEGIN CERTIFICATE-----
 MIIE7jCCA9agAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM
 IGludGVybWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMFoXDTI2MDkwODIyMTkzMFowgZgxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVowgZgxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3
 My53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
@@ -84,12 +83,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx
 GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
 b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
 AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IB
-AQBkMAmt4uHujQCmVICVPIn+z0AvKErgVOVReYiQlSdhmj88oLOhnwFErUWiz8wq
-EMwxKEj0GscB8OQ/XYk5ILCtUgz58deCpvqyYVMelzVjFVhS+h2ICbJ0blt2q+kH
-BemXV9/1c+ziB0b2X/4DJQsLwJ1ueqbCsxh5L5OkjCVx0dj+bdFKr06NpPwz8HgY
-ODrd5ht8lGjTE5+jViwC0V0aLa3GKE5YXV/W1nwsaMR0catkknWnuh93sZb6DOKB
-H54XTrnaGjNAMxJ0y20o48wLwTBYxbplZqihcYJ25wNDj38DD1a7HCST+zSXHwlx
-+fAfRkL7/p1oviXqF6htTKEF
+AQApW5YDcZ+UE9UmsVVe/XT6X2BUy3VkDa9NREp+aTlIkfIbzis7Noo58sQXMdbs
+upnyw8bVVDOFHPNroAIvBYP5kab+4Ooqy5+FF6vL6wWBBs3mHnxklhuJNyzro4tO
+USsRKrIW7UbLqzwxRr12pti/HgqMVcqSLFdP1mqS0r2ljvAgVKmHb1mauy9GESaN
+Ayi2t/zJEt4aXoI75OcCnTjjKcFUPfkUAqzveTA5WfTimT4r85/tEPIjDk2a3YFe
+FuWcIJSys5BlRGao3QJLrQiife+wv+0lvldHRUionM+VUEQZ6q2foN0SsLqi3Nik
+bg/BF6mhg1xCuzxFQcGBuAvY
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:20:3c:35:19:6f:2c:44:b4:7e:42:c7:75:b4:
                     6a:2b:a9:23:85:bf:87:b4:ee:ca:d7:4b:1f:31:d7:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         3b:38:b5:57:a7:f6:d6:b1:19:55:b8:da:47:74:cf:9a:6b:6e:
-         ff:0a:5d:06:17:33:db:db:38:e5:d1:9c:dd:c7:3e:c2:2e:87:
-         20:52:48:d0:ad:0c:12:3e:f7:66:41:64:d2:ca:b3:4c:a1:0a:
-         6c:4b:4b:33:94:74:83:2e:2d:44:5a:13:ae:da:9a:18:87:64:
-         30:cf:69:70:e8:38:47:de:55:27:06:86:9b:24:d5:b0:8f:17:
-         3b:95:87:7e:4a:45:45:2e:6d:70:27:90:32:62:a8:36:3e:47:
-         47:0f:0e:1b:93:cf:3d:3e:9b:2c:9a:ff:0c:ee:a7:1b:40:c4:
-         dc:f2:66:74:eb:d9:11:9d:60:b8:24:b4:89:c1:e4:61:20:3d:
-         38:af:45:ad:e8:ee:69:c3:96:8a:a5:c1:cd:dd:14:87:97:dc:
-         f8:32:84:a8:3b:0a:eb:61:0e:7c:4c:65:69:3d:02:92:db:c4:
-         bf:21:6f:89:fe:cc:76:df:c5:84:fb:c4:ea:1a:60:da:d0:c8:
-         27:7c:65:1b:cb:23:20:5a:e2:23:90:bd:f5:5c:0a:85:51:37:
-         84:47:a7:80:f4:e0:a0:72:8d:7a:b8:71:03:44:59:c6:cf:2c:
-         ae:df:91:a9:74:72:eb:a7:31:b2:81:65:19:e6:df:c3:4b:b7:
-         fc:9c:2c:f0
+    Signature Value:
+        1f:0a:d4:04:b7:38:42:e7:fa:85:ee:3a:f7:11:98:5a:79:d2:
+        43:8b:f0:2b:d2:fc:ad:7b:33:a0:25:a5:b5:3f:29:13:94:9c:
+        da:b6:e6:41:8c:9a:92:3b:cc:44:6e:0e:8e:8b:79:09:96:ed:
+        39:57:c4:d6:b1:7f:dd:bf:f1:26:75:89:7d:28:54:c5:e8:da:
+        12:28:02:5d:be:91:98:95:bf:ca:e8:20:d6:c6:6c:b2:af:09:
+        ab:3a:c2:c2:e5:b1:cf:ab:79:54:f1:44:de:77:e4:cb:18:f5:
+        7a:d9:5f:e9:88:cd:50:54:59:01:a0:83:1c:b2:ad:92:ea:df:
+        b1:24:84:c7:b5:17:e5:c3:b4:26:5f:24:90:da:e1:d4:ac:b8:
+        c7:e0:89:1c:56:20:aa:53:2d:51:55:0a:01:e2:4c:bc:8c:74:
+        59:9d:f5:f1:74:e7:8b:d8:71:12:01:2e:6e:4a:01:d7:fb:8d:
+        a8:2e:42:63:ab:11:57:1f:4a:1e:c0:43:3b:77:32:0d:fe:1f:
+        ec:62:47:27:a7:74:84:0a:82:3c:0f:5f:83:91:e1:78:35:88:
+        9d:e1:da:b1:00:cb:77:c7:fc:f2:a1:3d:c3:7a:de:ab:81:e4:
+        1b:ee:75:c9:b9:ea:f8:c1:5f:e6:15:6a:1f:96:ba:30:05:0f:
+        43:7c:21:b6
 -----BEGIN CERTIFICATE-----
 MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
 bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
@@ -177,12 +175,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
 KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
-ggEBADs4tVen9taxGVW42kd0z5prbv8KXQYXM9vbOOXRnN3HPsIuhyBSSNCtDBI+
-92ZBZNLKs0yhCmxLSzOUdIMuLURaE67amhiHZDDPaXDoOEfeVScGhpsk1bCPFzuV
-h35KRUUubXAnkDJiqDY+R0cPDhuTzz0+myya/wzupxtAxNzyZnTr2RGdYLgktInB
-5GEgPTivRa3o7mnDloqlwc3dFIeX3PgyhKg7CuthDnxMZWk9ApLbxL8hb4n+zHbf
-xYT7xOoaYNrQyCd8ZRvLIyBa4iOQvfVcCoVRN4RHp4D04KByjXq4cQNEWcbPLK7f
-kal0cuunMbKBZRnm38NLt/ycLPA=
+ggEBAB8K1AS3OELn+oXuOvcRmFp50kOL8CvS/K17M6AlpbU/KROUnNq25kGMmpI7
+zERuDo6LeQmW7TlXxNaxf92/8SZ1iX0oVMXo2hIoAl2+kZiVv8roINbGbLKvCas6
+wsLlsc+reVTxRN535MsY9XrZX+mIzVBUWQGggxyyrZLq37EkhMe1F+XDtCZfJJDa
+4dSsuMfgiRxWIKpTLVFVCgHiTLyMdFmd9fF054vYcRIBLm5KAdf7jaguQmOrEVcf
+Sh7AQzt3Mg3+H+xiRyendIQKgjwPX4OR4Xg1iJ3h2rEAy3fH/PKhPcN63quB5Bvu
+dcm56vjBX+YVah+WujAFD0N8IbY=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -191,12 +189,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -226,34 +224,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -269,11 +266,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/server4-cert.pem b/certs/ocsp/server4-cert.pem
index d11d065a4..47d88b8c9 100644
--- a/certs/ocsp/server4-cert.pem
+++ b/certs/ocsp/server4-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = www4.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:9c:ef:8a:7e:84:4d:58:7a:b1:91:c8:cb:68:76:
                     df:fe:0a:29:fe:7f:74:35:d5:c3:fd:43:be:d7:89:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:05:D1:BA:86:00:A2:EE:2A:05:24:B7:11:AD:2D:60:F1:90:14:8F:17
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:02
-
             X509v3 Key Usage: 
                 Digital Signature, Non Repudiation, Key Encipherment
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22222
-
     Signature Algorithm: sha256WithRSAEncryption
-         78:ac:f7:40:1e:05:a5:e6:46:e0:d9:f7:e6:1b:c8:d2:76:7a:
-         e3:e6:b9:5d:0a:73:47:78:4b:e0:58:e1:d7:86:8d:b0:cc:e1:
-         17:f5:88:c1:84:5a:0f:de:ab:d1:b6:ed:ce:c3:d2:e3:cd:ef:
-         50:6c:90:67:fd:c6:5c:1e:25:28:d6:1f:4e:75:67:b2:9b:16:
-         e7:74:f5:a2:a5:f6:a8:8f:da:de:20:51:c8:60:35:48:f9:0d:
-         5f:b1:45:62:a7:2d:ff:12:f9:29:6c:66:1b:80:33:30:6c:f0:
-         be:f7:22:47:a5:f9:75:e5:fb:1b:0c:fe:f5:09:31:a9:d8:7c:
-         0a:90:7e:92:48:b7:0d:11:a3:eb:39:d1:a8:fe:bd:8b:a6:81:
-         1e:38:7b:73:c7:cd:2e:c6:52:1b:68:60:2f:7d:ca:5e:32:4a:
-         ec:89:8a:50:fd:bc:81:d3:ea:8e:47:3b:8b:77:e7:d8:69:27:
-         86:25:da:24:0f:26:cc:a2:16:04:53:29:4a:55:26:3b:f5:13:
-         f2:5d:01:08:5f:9e:b9:81:48:28:3c:e7:36:6f:f9:76:07:16:
-         b9:79:b7:31:75:35:7e:c3:f0:0b:e2:0f:58:1a:3d:64:70:13:
-         2e:e1:3c:0b:70:08:69:15:bf:58:5c:ca:f3:fa:65:72:77:f7:
-         05:61:d4:d7
+    Signature Value:
+        9f:a1:9c:f1:ac:e6:40:7b:cf:56:57:fc:f8:18:89:f3:5c:3b:
+        47:e3:e6:14:85:a5:65:04:82:cd:b9:43:78:66:09:fd:8d:9f:
+        a1:92:97:ff:a3:b5:d7:ef:28:1b:93:5d:9c:a1:76:ff:b3:2e:
+        af:c5:83:f8:2f:ce:81:17:ce:25:f4:c7:7c:bb:b6:18:ac:50:
+        b6:9d:4c:e1:a6:52:89:28:50:22:ac:c6:b0:08:18:cb:c3:a4:
+        c8:e2:aa:66:5a:cf:f5:74:64:c7:a8:18:4d:99:85:5e:e0:80:
+        2f:7a:33:93:9f:76:92:89:b7:a2:1a:98:2c:90:d5:da:6c:c8:
+        28:4c:a7:1b:f9:6a:64:be:bc:f2:09:61:26:af:fc:a5:a8:4d:
+        31:ea:b2:c7:8f:b4:d7:ac:cf:fd:b0:26:72:21:59:ff:77:d3:
+        6e:04:d9:44:8c:dc:57:f3:7f:d0:a4:9d:03:62:72:ba:2c:1d:
+        84:b8:cd:21:76:1a:6a:d7:34:9f:fb:7f:e0:e6:1c:9c:cc:9a:
+        a8:2f:60:ca:38:65:c2:03:c2:8d:5e:38:e2:b4:a3:f2:81:bf:
+        b4:20:bf:1c:e3:94:b2:50:0c:9d:6d:de:eb:dc:fa:9f:71:1a:
+        05:cf:53:66:80:73:f8:d8:62:1d:f9:9e:27:ea:86:66:30:6b:
+        25:da:db:33
 -----BEGIN CERTIFICATE-----
 MIIE7jCCA9agAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM
 IGludGVybWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMFoXDTI2MDkwODIyMTkzMFowgZgxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVowgZgxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
 VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3
 NC53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
@@ -84,12 +83,12 @@ U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx
 GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
 b2xmc3NsLmNvbYIBAjALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG
 AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMA0GCSqGSIb3DQEBCwUAA4IB
-AQB4rPdAHgWl5kbg2ffmG8jSdnrj5rldCnNHeEvgWOHXho2wzOEX9YjBhFoP3qvR
-tu3Ow9Ljze9QbJBn/cZcHiUo1h9OdWeymxbndPWipfaoj9reIFHIYDVI+Q1fsUVi
-py3/EvkpbGYbgDMwbPC+9yJHpfl15fsbDP71CTGp2HwKkH6SSLcNEaPrOdGo/r2L
-poEeOHtzx80uxlIbaGAvfcpeMkrsiYpQ/byB0+qORzuLd+fYaSeGJdokDybMohYE
-UylKVSY79RPyXQEIX565gUgoPOc2b/l2Bxa5ebcxdTV+w/AL4g9YGj1kcBMu4TwL
-cAhpFb9YXMrz+mVyd/cFYdTX
+AQCfoZzxrOZAe89WV/z4GInzXDtH4+YUhaVlBILNuUN4Zgn9jZ+hkpf/o7XX7ygb
+k12coXb/sy6vxYP4L86BF84l9Md8u7YYrFC2nUzhplKJKFAirMawCBjLw6TI4qpm
+Ws/1dGTHqBhNmYVe4IAvejOTn3aSibeiGpgskNXabMgoTKcb+WpkvrzyCWEmr/yl
+qE0x6rLHj7TXrM/9sCZyIVn/d9NuBNlEjNxX83/QpJ0DYnK6LB2EuM0hdhpq1zSf
++3/g5hyczJqoL2DKOGXCA8KNXjjitKPygb+0IL8c45SyUAydbd7r3PqfcRoFz1Nm
+gHP42GId+Z4n6oZmMGsl2tsz
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL intermediate CA 2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:20:3c:35:19:6f:2c:44:b4:7e:42:c7:75:b4:
                     6a:2b:a9:23:85:bf:87:b4:ee:ca:d7:4b:1f:31:d7:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         3b:38:b5:57:a7:f6:d6:b1:19:55:b8:da:47:74:cf:9a:6b:6e:
-         ff:0a:5d:06:17:33:db:db:38:e5:d1:9c:dd:c7:3e:c2:2e:87:
-         20:52:48:d0:ad:0c:12:3e:f7:66:41:64:d2:ca:b3:4c:a1:0a:
-         6c:4b:4b:33:94:74:83:2e:2d:44:5a:13:ae:da:9a:18:87:64:
-         30:cf:69:70:e8:38:47:de:55:27:06:86:9b:24:d5:b0:8f:17:
-         3b:95:87:7e:4a:45:45:2e:6d:70:27:90:32:62:a8:36:3e:47:
-         47:0f:0e:1b:93:cf:3d:3e:9b:2c:9a:ff:0c:ee:a7:1b:40:c4:
-         dc:f2:66:74:eb:d9:11:9d:60:b8:24:b4:89:c1:e4:61:20:3d:
-         38:af:45:ad:e8:ee:69:c3:96:8a:a5:c1:cd:dd:14:87:97:dc:
-         f8:32:84:a8:3b:0a:eb:61:0e:7c:4c:65:69:3d:02:92:db:c4:
-         bf:21:6f:89:fe:cc:76:df:c5:84:fb:c4:ea:1a:60:da:d0:c8:
-         27:7c:65:1b:cb:23:20:5a:e2:23:90:bd:f5:5c:0a:85:51:37:
-         84:47:a7:80:f4:e0:a0:72:8d:7a:b8:71:03:44:59:c6:cf:2c:
-         ae:df:91:a9:74:72:eb:a7:31:b2:81:65:19:e6:df:c3:4b:b7:
-         fc:9c:2c:f0
+    Signature Value:
+        1f:0a:d4:04:b7:38:42:e7:fa:85:ee:3a:f7:11:98:5a:79:d2:
+        43:8b:f0:2b:d2:fc:ad:7b:33:a0:25:a5:b5:3f:29:13:94:9c:
+        da:b6:e6:41:8c:9a:92:3b:cc:44:6e:0e:8e:8b:79:09:96:ed:
+        39:57:c4:d6:b1:7f:dd:bf:f1:26:75:89:7d:28:54:c5:e8:da:
+        12:28:02:5d:be:91:98:95:bf:ca:e8:20:d6:c6:6c:b2:af:09:
+        ab:3a:c2:c2:e5:b1:cf:ab:79:54:f1:44:de:77:e4:cb:18:f5:
+        7a:d9:5f:e9:88:cd:50:54:59:01:a0:83:1c:b2:ad:92:ea:df:
+        b1:24:84:c7:b5:17:e5:c3:b4:26:5f:24:90:da:e1:d4:ac:b8:
+        c7:e0:89:1c:56:20:aa:53:2d:51:55:0a:01:e2:4c:bc:8c:74:
+        59:9d:f5:f1:74:e7:8b:d8:71:12:01:2e:6e:4a:01:d7:fb:8d:
+        a8:2e:42:63:ab:11:57:1f:4a:1e:c0:43:3b:77:32:0d:fe:1f:
+        ec:62:47:27:a7:74:84:0a:82:3c:0f:5f:83:91:e1:78:35:88:
+        9d:e1:da:b1:00:cb:77:c7:fc:f2:a1:3d:c3:7a:de:ab:81:e4:
+        1b:ee:75:c9:b9:ea:f8:c1:5f:e6:15:6a:1f:96:ba:30:05:0f:
+        43:7c:21:b6
 -----BEGIN CERTIFICATE-----
 MIIE8DCCA9igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBoTELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy
 bWVkaWF0ZSBDQSAyMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB
@@ -177,12 +175,12 @@ DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI
 KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD
-ggEBADs4tVen9taxGVW42kd0z5prbv8KXQYXM9vbOOXRnN3HPsIuhyBSSNCtDBI+
-92ZBZNLKs0yhCmxLSzOUdIMuLURaE67amhiHZDDPaXDoOEfeVScGhpsk1bCPFzuV
-h35KRUUubXAnkDJiqDY+R0cPDhuTzz0+myya/wzupxtAxNzyZnTr2RGdYLgktInB
-5GEgPTivRa3o7mnDloqlwc3dFIeX3PgyhKg7CuthDnxMZWk9ApLbxL8hb4n+zHbf
-xYT7xOoaYNrQyCd8ZRvLIyBa4iOQvfVcCoVRN4RHp4D04KByjXq4cQNEWcbPLK7f
-kal0cuunMbKBZRnm38NLt/ycLPA=
+ggEBAB8K1AS3OELn+oXuOvcRmFp50kOL8CvS/K17M6AlpbU/KROUnNq25kGMmpI7
+zERuDo6LeQmW7TlXxNaxf92/8SZ1iX0oVMXo2hIoAl2+kZiVv8roINbGbLKvCas6
+wsLlsc+reVTxRN535MsY9XrZX+mIzVBUWQGggxyyrZLq37EkhMe1F+XDtCZfJJDa
+4dSsuMfgiRxWIKpTLVFVCgHiTLyMdFmd9fF054vYcRIBLm5KAdf7jaguQmOrEVcf
+Sh7AQzt3Mg3+H+xiRyendIQKgjwPX4OR4Xg1iJ3h2rEAy3fH/PKhPcN63quB5Bvu
+dcm56vjBX+YVah+WujAFD0N8IbY=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -191,12 +189,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -226,34 +224,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -269,11 +266,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/server5-cert.pem b/certs/ocsp/server5-cert.pem
index 0f42ba251..5ac6b8fee 100644
--- a/certs/ocsp/server5-cert.pem
+++ b/certs/ocsp/server5-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL REVOKED intermediate CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = www5.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ac:73:6d:e9:fa:8c:36:72:3e:89:3b:52:29:bd:
                     14:70:a2:00:b4:08:58:b6:c6:c0:bf:80:6a:1f:a5:
@@ -40,34 +40,33 @@ Certificate:
                 keyid:BB:15:9E:32:4D:E0:F8:AA:8A:B0:2E:0C:17:2B:5A:41:74:4B:06:45
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:03
-
             X509v3 Key Usage: 
                 Digital Signature, Non Repudiation, Key Encipherment
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22223
-
     Signature Algorithm: sha256WithRSAEncryption
-         84:bf:97:d9:fd:33:9a:1b:36:a4:48:58:45:f6:97:3b:58:4d:
-         40:ba:46:d0:7a:e3:53:40:d3:45:7f:1e:87:fd:66:bb:c0:43:
-         93:34:76:0b:68:31:e5:fb:89:15:d5:b3:59:c5:a3:f5:e7:79:
-         65:b3:1d:38:d2:cd:af:4d:7d:ea:9e:3e:ce:7e:51:90:83:b6:
-         19:2e:30:d5:0e:94:03:d2:5c:a0:d9:25:3f:8d:c2:97:67:ea:
-         4a:a6:f0:32:b3:e7:b6:bf:dc:a6:7a:5c:23:b8:46:05:52:80:
-         b1:9e:1e:53:05:a7:93:ce:2a:43:ae:f5:58:61:2d:d8:2d:77:
-         c9:50:7e:4a:47:36:04:0b:4c:23:b3:c8:f5:99:97:5c:5d:f1:
-         d9:f2:9a:5e:78:72:02:61:4f:eb:55:53:f1:bd:1c:45:75:fd:
-         7c:2e:db:41:ef:54:47:9b:9a:b9:60:fd:77:f9:9b:36:76:93:
-         ee:73:12:49:3e:bb:62:8a:3f:02:58:ba:73:16:e7:53:81:c2:
-         5c:f3:21:32:fe:60:42:dc:d5:8a:6a:9f:60:cc:1c:76:5a:e4:
-         9c:30:da:9e:32:d0:ca:d6:a5:d6:3e:28:9d:09:68:dc:6e:d9:
-         fd:54:92:5e:0d:20:4c:96:ff:f2:01:b5:72:22:cb:f1:fc:ed:
-         c7:cf:b1:54
+    Signature Value:
+        49:71:af:68:1a:f9:98:2c:8b:52:19:e0:6f:8a:f4:6d:10:34:
+        b7:6b:80:19:46:b4:06:59:33:c6:de:96:e0:fb:cd:11:7c:e8:
+        48:39:c0:4c:1d:ac:f7:d2:07:99:d1:bb:8b:77:12:01:9b:ee:
+        43:b0:ef:f9:98:02:93:62:a0:1c:7c:ac:e5:0e:29:a5:7e:fb:
+        ff:d6:56:43:1e:9c:67:29:d5:0c:d9:86:7a:94:99:80:33:a4:
+        34:cd:df:82:e4:35:59:c9:a2:68:53:4a:3d:33:40:2b:51:5b:
+        e9:70:95:93:4e:ba:f2:3f:24:36:2c:51:b6:ca:f3:ef:f4:d6:
+        46:36:8f:44:c9:88:f1:ec:93:16:43:85:66:5d:2a:0b:ce:4e:
+        1b:75:17:95:06:34:1e:a4:9f:aa:71:14:0c:18:21:f1:7d:d4:
+        ae:ad:d5:9b:ea:86:b4:80:4a:82:9d:00:0c:f8:42:6c:ee:77:
+        92:99:b7:69:e3:1e:8f:ac:73:c7:c9:63:1f:18:ae:85:04:b2:
+        9e:e9:cd:91:18:ad:54:d9:25:ab:12:7a:3e:51:05:34:7b:a4:
+        af:df:90:a1:86:39:d8:b0:98:01:61:7e:56:1e:34:26:3b:6b:
+        43:2c:73:0f:a6:f7:24:77:5f:d7:4a:9d:40:e1:2b:f5:2a:a2:
+        49:bf:aa:1c
 -----BEGIN CERTIFICATE-----
 MIIE9DCCA9ygAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NM
 IFJFVk9LRUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkzMFoXDTI2MDkwODIyMTkzMFowgZgxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUzMVoXDTI3MDkxNDIxMjUzMVowgZgxCzAJ
 BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
 MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UE
 AwwQd3d3NS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
@@ -84,12 +83,12 @@ A1UEBwwHU2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5l
 ZXJpbmcxGDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQ
 aW5mb0B3b2xmc3NsLmNvbYIBAzALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAk
 MCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIzMA0GCSqGSIb3DQEB
-CwUAA4IBAQCEv5fZ/TOaGzakSFhF9pc7WE1AukbQeuNTQNNFfx6H/Wa7wEOTNHYL
-aDHl+4kV1bNZxaP153llsx040s2vTX3qnj7OflGQg7YZLjDVDpQD0lyg2SU/jcKX
-Z+pKpvAys+e2v9ymelwjuEYFUoCxnh5TBaeTzipDrvVYYS3YLXfJUH5KRzYEC0wj
-s8j1mZdcXfHZ8ppeeHICYU/rVVPxvRxFdf18LttB71RHm5q5YP13+Zs2dpPucxJJ
-Prtiij8CWLpzFudTgcJc8yEy/mBC3NWKap9gzBx2WuScMNqeMtDK1qXWPiidCWjc
-btn9VJJeDSBMlv/yAbVyIsvx/O3Hz7FU
+CwUAA4IBAQBJca9oGvmYLItSGeBvivRtEDS3a4AZRrQGWTPG3pbg+80RfOhIOcBM
+Haz30geZ0buLdxIBm+5DsO/5mAKTYqAcfKzlDimlfvv/1lZDHpxnKdUM2YZ6lJmA
+M6Q0zd+C5DVZyaJoU0o9M0ArUVvpcJWTTrryPyQ2LFG2yvPv9NZGNo9EyYjx7JMW
+Q4VmXSoLzk4bdReVBjQepJ+qcRQMGCHxfdSurdWb6oa0gEqCnQAM+EJs7neSmbdp
+4x6PrHPHyWMfGK6FBLKe6c2RGK1U2SWrEno+UQU0e6Sv35ChhjnYsJgBYX5WHjQm
+O2tDLHMPpvckd1/XSp1A4Sv1KqJJv6oc
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -98,12 +97,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL REVOKED intermediate CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:c5:04:10:7d:c2:21:e9:12:45:da:d5:ba:28:
                     fd:a6:f4:30:44:a0:df:f9:70:5e:17:26:97:59:5c:
@@ -133,34 +132,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         2f:e1:b0:99:a9:71:0e:41:f8:b1:9d:38:c8:f4:3d:7c:79:ce:
-         d2:94:01:2a:b6:71:1b:4c:64:19:27:02:71:b4:43:64:42:f9:
-         2b:71:39:6e:64:4e:e8:32:b1:1e:1b:fd:7d:22:cb:8a:9c:34:
-         ce:ef:bb:dd:f2:4f:83:58:33:34:01:cb:b4:35:e2:ba:c6:cc:
-         aa:2f:ed:2e:e9:04:ec:cd:7f:06:50:b3:4e:37:cd:fe:96:69:
-         da:a3:fe:63:78:83:c5:86:7e:03:b2:11:e5:94:f8:56:e9:d1:
-         dd:5d:b4:05:4d:26:0e:09:c2:50:32:ce:6d:da:6b:b7:ee:e1:
-         1b:a9:b0:0f:59:d6:03:16:ee:47:16:2f:1f:58:f9:f8:48:d9:
-         59:ed:61:a1:af:7e:92:38:2e:40:0c:9b:e7:21:90:3b:10:6f:
-         61:ad:e0:95:57:e2:d5:39:dc:83:54:88:99:4a:5e:21:94:ce:
-         f9:0f:5e:e9:22:10:55:bb:97:f4:51:3f:50:83:ed:63:fb:ab:
-         d2:02:b3:aa:26:f7:fc:72:1c:84:e9:a0:a3:fa:b2:22:90:c8:
-         ac:61:84:2a:bd:3f:75:1f:1b:bf:83:a8:90:ce:4c:de:ee:eb:
-         65:b4:ff:f0:7a:b2:11:7a:78:60:c4:6e:da:e3:c8:a3:57:5b:
-         8f:58:e4:49
+    Signature Value:
+        9c:99:cf:4a:64:66:4f:74:91:47:3d:58:ed:c2:3a:57:d5:70:
+        70:d7:7e:63:2c:8e:06:5e:36:4b:60:92:74:3f:ca:2c:cf:43:
+        1b:b7:64:42:89:43:30:53:b2:6a:f4:ce:d8:ec:18:2d:20:4e:
+        2d:fb:2d:22:71:61:87:3a:35:dc:77:b5:bd:1e:b3:13:ae:bd:
+        71:ef:b3:21:9d:50:5f:0d:a9:52:76:9b:ea:25:be:f2:79:08:
+        49:16:9c:68:82:30:80:2d:47:ce:49:46:cc:66:95:47:c5:28:
+        89:d7:b4:b3:37:b0:14:21:34:58:c3:7b:94:91:2c:32:80:0e:
+        7e:fa:ed:07:e0:e3:52:8b:fc:73:f8:73:df:52:34:b0:63:a7:
+        02:26:5d:e9:e6:37:43:a3:f5:c3:be:5f:c4:86:6e:00:20:51:
+        7b:b6:48:85:11:f4:b3:79:4d:b7:14:20:f4:ea:c3:06:68:45:
+        1a:4f:db:09:df:30:3e:2c:89:bf:dc:4d:81:46:1c:3d:0b:b4:
+        a0:0f:79:d6:c5:1e:a8:81:fd:ff:80:b8:4b:f6:50:06:88:e9:
+        69:96:12:df:66:b8:db:46:60:f8:b4:35:f6:eb:f6:f9:a4:19:
+        d2:d6:d7:d8:c8:5f:0b:46:66:5d:3c:d3:18:17:78:b4:80:85:
+        ca:98:bd:33
 -----BEGIN CERTIFICATE-----
 MIIE9jCCA96gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBpzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSgwJgYDVQQDDB93b2xmU1NMIFJFVk9L
 RUQgaW50ZXJtZWRpYXRlIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
@@ -177,12 +175,12 @@ DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdp
 bmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkB
 FhBpbmZvQHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQm
 MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcN
-AQELBQADggEBAC/hsJmpcQ5B+LGdOMj0PXx5ztKUASq2cRtMZBknAnG0Q2RC+Stx
-OW5kTugysR4b/X0iy4qcNM7vu93yT4NYMzQBy7Q14rrGzKov7S7pBOzNfwZQs043
-zf6Wadqj/mN4g8WGfgOyEeWU+Fbp0d1dtAVNJg4JwlAyzm3aa7fu4RupsA9Z1gMW
-7kcWLx9Y+fhI2VntYaGvfpI4LkAMm+chkDsQb2Gt4JVX4tU53INUiJlKXiGUzvkP
-XukiEFW7l/RRP1CD7WP7q9ICs6om9/xyHITpoKP6siKQyKxhhCq9P3UfG7+DqJDO
-TN7u62W0//B6shF6eGDEbtrjyKNXW49Y5Ek=
+AQELBQADggEBAJyZz0pkZk90kUc9WO3COlfVcHDXfmMsjgZeNktgknQ/yizPQxu3
+ZEKJQzBTsmr0ztjsGC0gTi37LSJxYYc6Ndx3tb0esxOuvXHvsyGdUF8NqVJ2m+ol
+vvJ5CEkWnGiCMIAtR85JRsxmlUfFKInXtLM3sBQhNFjDe5SRLDKADn767Qfg41KL
+/HP4c99SNLBjpwImXenmN0Oj9cO+X8SGbgAgUXu2SIUR9LN5TbcUIPTqwwZoRRpP
+2wnfMD4sib/cTYFGHD0LtKAPedbFHqiB/f+AuEv2UAaI6WmWEt9muNtGYPi0Nfbr
+9vmkGdLW19jIXwtGZl080xgXeLSAhcqYvTM=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -191,12 +189,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 21:25:31 2024 GMT
+            Not After : Sep 14 21:25:31 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ab:2c:b4:2f:1d:06:09:ef:4e:29:86:84:7e:cc:
                     bf:a6:79:7c:f0:c0:c1:64:25:8c:75:b7:10:05:ca:
@@ -226,34 +224,33 @@ Certificate:
                 keyid:73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
                 serial:63
-
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
             Authority Information Access: 
                 OCSP - URI:http://127.0.0.1:22220
-
     Signature Algorithm: sha256WithRSAEncryption
-         63:f7:e7:80:e2:73:b0:7f:c2:32:c0:20:45:01:1e:40:bc:85:
-         8e:7f:04:3b:c6:fe:3f:d1:b9:14:ce:06:d9:e8:fc:cd:b9:1d:
-         0f:cb:89:71:a9:34:67:e8:be:b8:27:d1:1f:c4:ff:9b:9d:b9:
-         bd:f8:23:c7:e5:7f:04:20:de:b1:30:b2:5d:c2:99:a5:f8:34:
-         9d:d7:0a:bc:b5:3a:84:64:2e:5b:24:34:01:da:03:a9:bb:cf:
-         f2:0d:0e:06:68:de:34:90:cb:42:3a:62:31:d0:d6:7d:26:ca:
-         14:e5:87:70:51:a2:71:85:cf:4e:af:7c:6c:45:69:d1:3c:6c:
-         9c:47:35:be:13:bc:12:a9:ea:c4:2f:71:d3:a5:6b:10:4b:85:
-         68:93:68:81:1c:9f:e6:6a:e7:c0:e1:a6:09:28:f9:d4:a4:55:
-         e8:dc:e3:e2:14:86:0c:ef:3d:7a:7f:8d:d2:a3:e6:c8:0b:e7:
-         1c:45:6d:0d:e9:9a:d6:38:4f:52:73:a7:5c:04:e9:ce:77:af:
-         94:97:7b:56:a8:eb:bc:b6:f6:7a:ed:6a:8f:68:04:b4:ea:ce:
-         05:d8:f7:bc:99:ae:6f:38:9a:ee:23:4d:c5:53:e6:70:fe:5c:
-         60:68:c4:0c:79:c3:eb:49:d5:df:a6:98:5b:ba:6e:f6:c6:30:
-         e0:5e:3e:c3
+    Signature Value:
+        76:e8:fa:f6:1e:5b:0e:ff:24:43:e0:cb:19:26:38:d9:df:18:
+        5d:66:e1:4b:ac:e4:8e:b0:49:2c:d6:04:20:eb:4a:a8:06:d7:
+        55:ec:6b:38:f8:0f:8c:e6:c9:ec:42:f0:ca:07:9f:88:7a:ee:
+        bf:af:3f:7d:d3:45:67:20:84:bb:c7:c5:32:69:ab:59:e1:e3:
+        38:4b:ed:18:2e:de:da:88:ec:a0:b7:ff:c1:50:96:73:e3:03:
+        df:a1:e7:47:93:13:1d:fb:e6:6b:37:3e:50:a3:eb:5b:24:26:
+        d2:43:2e:6e:9c:83:9c:fb:79:ba:cd:fd:3b:e5:87:87:a7:0f:
+        5f:f9:64:34:56:5e:8b:13:e2:c4:41:e3:9d:3e:36:2d:cb:d3:
+        5f:d3:12:90:bf:78:c1:4c:df:eb:7b:99:e6:1e:ee:52:78:6f:
+        0c:82:e1:59:d4:25:40:e5:24:95:3e:0f:cc:08:60:fe:b4:8c:
+        48:42:bf:29:74:92:71:1a:85:00:a7:4c:f0:c0:32:47:f3:be:
+        f4:08:5c:f2:43:e0:b9:76:86:60:9a:3b:af:d6:32:41:5f:b0:
+        04:12:44:2a:44:19:d4:27:d3:ce:71:7e:5b:16:1a:f5:0c:db:
+        43:b0:a6:bb:76:02:f6:e0:30:4e:04:f4:f3:9b:cd:d4:ae:45:
+        94:c5:8c:bb
 -----BEGIN CERTIFICATE-----
 MIIE5jCCA86gAwIBAgIBYzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM
 B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM
-IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMx
-MjEzMjIxOTMwWhcNMjYwOTA4MjIxOTMwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
+IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQx
+MjE4MjEyNTMxWhcNMjcwOTE0MjEyNTMxWjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg
 Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3
@@ -269,11 +266,11 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 EDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQD
 DA93b2xmU1NMIHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
 b22CAWMwCwYDVR0PBAQDAgEGMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
-aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAY/fngOJz
-sH/CMsAgRQEeQLyFjn8EO8b+P9G5FM4G2ej8zbkdD8uJcak0Z+i+uCfRH8T/m525
-vfgjx+V/BCDesTCyXcKZpfg0ndcKvLU6hGQuWyQ0AdoDqbvP8g0OBmjeNJDLQjpi
-MdDWfSbKFOWHcFGicYXPTq98bEVp0TxsnEc1vhO8EqnqxC9x06VrEEuFaJNogRyf
-5mrnwOGmCSj51KRV6Nzj4hSGDO89en+N0qPmyAvnHEVtDema1jhPUnOnXATpznev
-lJd7VqjrvLb2eu1qj2gEtOrOBdj3vJmubzia7iNNxVPmcP5cYGjEDHnD60nV36aY
-W7pu9sYw4F4+ww==
+aHR0cDovLzEyNy4wLjAuMToyMjIyMDANBgkqhkiG9w0BAQsFAAOCAQEAduj69h5b
+Dv8kQ+DLGSY42d8YXWbhS6zkjrBJLNYEIOtKqAbXVexrOPgPjObJ7ELwygefiHru
+v68/fdNFZyCEu8fFMmmrWeHjOEvtGC7e2ojsoLf/wVCWc+MD36HnR5MTHfvmazc+
+UKPrWyQm0kMubpyDnPt5us39O+WHh6cPX/lkNFZeixPixEHjnT42LcvTX9MSkL94
+wUzf63uZ5h7uUnhvDILhWdQlQOUklT4PzAhg/rSMSEK/KXSScRqFAKdM8MAyR/O+
+9Ahc8kPguXaGYJo7r9YyQV+wBBJEKkQZ1CfTznF+WxYa9QzbQ7Cmu3YC9uAwTgT0
+85vN1K5FlMWMuw==
 -----END CERTIFICATE-----
diff --git a/certs/ocsp/test-leaf-response.der b/certs/ocsp/test-leaf-response.der
new file mode 100644
index 000000000..ec3443fa6
Binary files /dev/null and b/certs/ocsp/test-leaf-response.der differ
diff --git a/certs/ocsp/test-multi-response.der b/certs/ocsp/test-multi-response.der
index 2456e0555..48409120d 100644
Binary files a/certs/ocsp/test-multi-response.der and b/certs/ocsp/test-multi-response.der differ
diff --git a/certs/ocsp/test-response-nointern.der b/certs/ocsp/test-response-nointern.der
index 0214d02a3..bcd07c4f6 100644
Binary files a/certs/ocsp/test-response-nointern.der and b/certs/ocsp/test-response-nointern.der differ
diff --git a/certs/ocsp/test-response-rsapss.der b/certs/ocsp/test-response-rsapss.der
index 6c77e21cc..e8bb44485 100644
Binary files a/certs/ocsp/test-response-rsapss.der and b/certs/ocsp/test-response-rsapss.der differ
diff --git a/certs/ocsp/test-response.der b/certs/ocsp/test-response.der
index 6fffc3e70..ca8ef97e7 100644
Binary files a/certs/ocsp/test-response.der and b/certs/ocsp/test-response.der differ
diff --git a/certs/p521/ca-p521.der b/certs/p521/ca-p521.der
index 20d9279c5..71b54d2c9 100644
Binary files a/certs/p521/ca-p521.der and b/certs/p521/ca-p521.der differ
diff --git a/certs/p521/ca-p521.pem b/certs/p521/ca-p521.pem
index 992cdbfdf..098da260e 100644
--- a/certs/p521/ca-p521.pem
+++ b/certs/p521/ca-p521.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_P521, OU = Root-P521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = CA-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -27,27 +27,27 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
             X509v3 Authority Key Identifier: 
-                keyid:64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
-
+                64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:81:88:02:42:01:7a:a6:21:f5:b6:c2:fa:e1:44:c6:03:f5:
-         54:2d:35:ef:d9:55:f6:61:45:90:48:8c:c2:3e:81:76:30:06:
-         05:c2:db:32:19:b5:df:37:44:a6:3f:33:fa:3a:c7:91:ae:0f:
-         fb:10:8b:b8:4d:41:b3:ed:c2:d2:5c:37:28:eb:d7:b7:6c:02:
-         42:01:47:23:40:e8:e2:ca:61:74:29:e0:a6:71:5b:0a:c9:45:
-         17:04:7d:5d:11:02:d7:f0:af:60:e0:4c:0a:97:96:09:2e:e0:
-         25:f8:50:d8:9c:f9:bd:17:3d:d3:50:cc:49:06:81:7e:af:fa:
-         85:b8:1f:80:c4:64:08:56:53:39:8d:2f:40
+    Signature Value:
+        30:81:87:02:42:00:dc:0c:25:e5:1b:16:51:e2:3d:7b:19:47:
+        87:83:2a:a0:a7:a7:06:39:86:42:4b:aa:e2:65:10:83:8d:1d:
+        b2:7a:d6:88:d4:a8:b4:bd:a8:f7:c7:fc:75:47:9f:bd:43:8d:
+        21:2d:fe:ee:b2:82:64:d0:c2:df:9c:6f:c9:bd:45:2d:a1:02:
+        41:3c:bf:79:6c:48:33:f8:32:e1:0c:d1:66:09:42:fb:4f:fa:
+        27:d5:bc:d3:13:67:9f:59:05:82:53:8b:86:7e:ec:4c:dc:52:
+        11:ef:6d:96:b1:91:f2:cf:3b:05:19:74:c4:f0:5e:bc:9a:17:
+        7e:03:d5:fc:d9:06:d2:74:31:bd:87:4b
 -----BEGIN CERTIFICATE-----
-MIIDITCCAoKgAwIBAgIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEDAO
+MIIDIDCCAoKgAwIBAgIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEDAO
 BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZT
 U0xfUDUyMTESMBAGA1UECwwJUm9vdC1QNTIxMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI5WhcNMjYwOTA4MjIxOTI5WjCBrjELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBrjELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xfcDUy
 MTEQMA4GA1UECwwHQ0EtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w
 HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwH
@@ -56,8 +56,8 @@ d29sZlNTTDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAC0YJC3k22zDaZvbGGcz
 x7L8AYaR7UNdOOAMJY2z27Hc3rchgM+H3mT0IT4tr3m99tAAS4F5+vcQqhnNQNce
 dTRTKQPtSFQh5Y+VtZtBjV/dctJao2MwYTAdBgNVHQ4EFgQUQIkdMF4MbtU9xtUl
 kNq2Qmft6YIwHwYDVR0jBBgwFoAUZKdolVMzGKIgkrxkVaarynZom8gwDwYDVR0T
-AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDgYwAMIGIAkIB
-eqYh9bbC+uFExgP1VC0179lV9mFFkEiMwj6BdjAGBcLbMhm13zdEpj8z+jrHka4P
-+xCLuE1Bs+3C0lw3KOvXt2wCQgFHI0Do4sphdCngpnFbCslFFwR9XREC1/CvYOBM
-CpeWCS7gJfhQ2Jz5vRc901DMSQaBfq/6hbgfgMRkCFZTOY0vQA==
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDgYsAMIGHAkIA
+3Awl5RsWUeI9exlHh4MqoKenBjmGQkuq4mUQg40dsnrWiNSotL2o98f8dUefvUON
+IS3+7rKCZNDC35xvyb1FLaECQTy/eWxIM/gy4QzRZglC+0/6J9W80xNnn1kFglOL
+hn7sTNxSEe9tlrGR8s87BRl0xPBevJoXfgPV/NkG0nQxvYdL
 -----END CERTIFICATE-----
diff --git a/certs/p521/client-p521.der b/certs/p521/client-p521.der
index 2a7afad03..65994c7d5 100644
Binary files a/certs/p521/client-p521.der and b/certs/p521/client-p521.der differ
diff --git a/certs/p521/client-p521.pem b/certs/p521/client-p521.pem
index 43abb6541..ff667af94 100644
--- a/certs/p521/client-p521.pem
+++ b/certs/p521/client-p521.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            55:89:bc:f6:2c:af:36:2b:2f:5f:8c:ec:da:ed:37:60:89:d1:7f:81
+            1b:c8:e3:c8:1e:55:b1:f3:3f:1a:d6:06:8c:cf:b4:89:23:2e:7d:32
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = Client-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = Client-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -30,8 +30,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:20:E1:BF:57:E5:F3:C3:0C:72:84:6A:C6:DF:BC:22:D0:B7:25:E5:A4
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_p521/OU=Client-p521/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
-                serial:55:89:BC:F6:2C:AF:36:2B:2F:5F:8C:EC:DA:ED:37:60:89:D1:7F:81
-
+                serial:1B:C8:E3:C8:1E:55:B1:F3:3F:1A:D6:06:8C:CF:B4:89:23:2E:7D:32
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -39,21 +38,22 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:81:88:02:42:01:3f:4e:19:e3:8b:f6:83:21:55:cb:49:cf:
-         bf:35:16:9c:cd:fb:5d:d8:d3:34:a2:35:ff:67:40:b6:3e:3d:
-         6e:2f:1d:01:78:7a:87:b1:ae:ad:cb:b3:8a:9a:4a:5b:a4:e2:
-         c9:6e:42:10:39:20:64:98:64:9b:2f:da:15:94:c8:51:ea:02:
-         42:00:bf:77:aa:d8:22:6b:b8:a0:9b:bf:5e:89:5d:f0:54:8e:
-         3c:08:a7:cb:28:11:c5:e1:45:17:d1:bf:d5:dc:bb:65:37:f1:
-         90:12:6c:62:d5:b5:b2:8f:73:e8:1b:ac:a8:80:03:a7:22:5d:
-         dc:1b:7d:c2:62:c4:f7:e4:ec:73:65:21:9f
+    Signature Value:
+        30:81:88:02:42:01:bc:ad:29:87:4d:cb:7e:28:2c:d6:59:9f:
+        bd:5c:bd:64:c2:5c:77:cc:af:05:31:23:c3:90:52:a9:f0:4b:
+        d0:9f:98:e0:fa:a7:9f:e3:2a:d7:a4:76:01:4a:8c:fe:56:fd:
+        71:90:ef:a4:fe:ef:db:2c:78:b9:92:83:c7:2e:68:b4:fd:02:
+        42:01:31:25:21:60:4b:bd:ca:42:a1:fa:40:33:ad:ad:5d:f9:
+        71:c0:24:23:57:0d:ca:4e:f0:9e:ba:ac:aa:15:13:e9:91:4f:
+        c9:98:28:c4:63:ea:ec:d5:92:7c:09:e1:82:2f:8e:68:18:da:
+        87:83:89:a6:ae:cb:5c:2f:81:7e:34:1f:99
 -----BEGIN CERTIFICATE-----
-MIIEVTCCA7agAwIBAgIUVYm89iyvNisvX4zs2u03YInRf4EwCgYIKoZIzj0EAwIw
+MIIEVTCCA7agAwIBAgIUG8jjyB5VsfM/GtYGjM+0iSMufTIwCgYIKoZIzj0EAwIw
 gbIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMRUwEwYDVQQKDAx3b2xmU1NMX3A1MjExFDASBgNVBAsMC0NsaWVudC1wNTIx
 MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTIzMTIxMzIy
-MTkyOVoXDTI2MDkwODIyMTkyOVowgbIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN
+d29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTI0MTIxODIx
+MjUzMFoXDTI3MDkxNDIxMjUzMFowgbIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN
 b250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMX3A1MjEx
 FDASBgNVBAsMC0NsaWVudC1wNTIxMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
 HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEB
@@ -65,11 +65,11 @@ wwxyhGrG37wi0Lcl5aQwgfIGA1UdIwSB6jCB54AUIOG/V+XzwwxyhGrG37wi0Lcl
 5aShgbikgbUwgbIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYD
 VQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMX3A1MjExFDASBgNVBAsMC0Ns
 aWVudC1wNTIxMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
-CQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMghRV
-ibz2LK82Ky9fjOza7TdgidF/gTAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4
+CQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMghQb
+yOPIHlWx8z8a1gaMz7SJIy59MjAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4
 YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAK
-BggqhkjOPQQDAgOBjAAwgYgCQgE/Thnji/aDIVXLSc+/NRaczftd2NM0ojX/Z0C2
-Pj1uLx0BeHqHsa6ty7OKmkpbpOLJbkIQOSBkmGSbL9oVlMhR6gJCAL93qtgia7ig
-m79eiV3wVI48CKfLKBHF4UUX0b/V3LtlN/GQEmxi1bWyj3PoG6yogAOnIl3cG33C
-YsT35OxzZSGf
+BggqhkjOPQQDAgOBjAAwgYgCQgG8rSmHTct+KCzWWZ+9XL1kwlx3zK8FMSPDkFKp
+8EvQn5jg+qef4yrXpHYBSoz+Vv1xkO+k/u/bLHi5koPHLmi0/QJCATElIWBLvcpC
+ofpAM62tXflxwCQjVw3KTvCeuqyqFRPpkU/JmCjEY+rs1ZJ8CeGCL45oGNqHg4mm
+rstcL4F+NB+Z
 -----END CERTIFICATE-----
diff --git a/certs/p521/root-p521.der b/certs/p521/root-p521.der
index a2c9eaefd..609af8a37 100644
Binary files a/certs/p521/root-p521.der and b/certs/p521/root-p521.der differ
diff --git a/certs/p521/root-p521.pem b/certs/p521/root-p521.pem
index 94c67397f..92d08155b 100644
--- a/certs/p521/root-p521.pem
+++ b/certs/p521/root-p521.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            5a:b0:33:c0:79:0a:75:aa:a7:98:c9:77:e2:a0:3b:25:21:9c:19:85
+            63:fa:55:13:9f:9d:06:90:6a:76:23:3c:55:b0:95:60:c1:0c:89:08
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_P521, OU = Root-P521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_P521, OU = Root-P521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -28,27 +28,27 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
             X509v3 Authority Key Identifier: 
-                keyid:64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
-
+                64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:81:87:02:42:00:f8:22:58:d1:cc:73:6f:28:15:7f:86:18:
-         d9:af:ed:44:51:bb:0a:6b:43:99:9d:97:b3:6e:ae:ac:61:09:
-         f5:55:6a:3c:35:fd:b5:2f:7f:d5:e2:93:10:93:99:ae:d7:75:
-         05:be:68:ca:13:b1:e5:d1:05:24:f9:5f:6a:f9:c2:7b:4a:02:
-         41:60:8b:76:dd:e0:02:de:2e:e7:ff:3b:33:f8:ef:6d:ca:31:
-         45:cb:cd:9e:73:f4:f1:26:eb:2a:6c:6c:ea:3f:81:f3:78:55:
-         5e:25:74:27:cb:57:8c:60:be:39:80:f6:e3:43:d8:80:b5:f9:
-         c5:8d:6d:c2:a8:6e:3e:67:50:5a:97:8e
+    Signature Value:
+        30:81:87:02:42:01:85:cb:28:b8:b8:e6:a1:f9:57:26:14:31:
+        33:80:0b:1e:04:9a:9a:c9:e6:b1:27:63:69:dd:a2:80:01:98:
+        8e:d7:5a:28:c4:9a:53:af:ec:4f:d7:ab:a6:34:36:d0:0c:e7:
+        4c:ee:ba:31:ba:97:d2:dd:2f:25:81:7b:71:b1:7e:71:8d:02:
+        41:05:13:c5:af:36:03:d6:6e:24:5e:fd:5b:84:6c:cf:de:ae:
+        f4:85:de:03:5a:e7:14:ba:b9:65:cc:c3:22:7e:56:58:e8:d4:
+        d1:3b:aa:45:3c:5b:78:80:77:0a:0a:a2:58:b6:cd:3e:7e:cf:
+        87:21:14:b5:ed:57:89:ba:84:ca:19:39
 -----BEGIN CERTIFICATE-----
-MIIDHDCCAn6gAwIBAgIUWrAzwHkKdaqnmMl34qA7JSGcGYUwCgYIKoZIzj0EAwIw
+MIIDHDCCAn6gAwIBAgIUY/pVE5+dBpBqdiM8VbCVYMEMiQgwCgYIKoZIzj0EAwIw
 gZcxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMRUwEwYDVQQKDAx3b2xmU1NMX1A1MjExEjAQBgNVBAsMCVJvb3QtUDUyMTEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgZcxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgZcxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUw
 EwYDVQQKDAx3b2xmU1NMX1A1MjExEjAQBgNVBAsMCVJvb3QtUDUyMTEYMBYGA1UE
 AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
@@ -57,8 +57,8 @@ UxW9X1Pvy3OpyBRsb33FfLS7jlbCQ0X7WBzGRT1/5U6AzETBBnp14WnJiqgBet8A
 RElznC9QP4OgHovRqvsIDJAFDQwXMVE+1oU7CRKC0aYIzchPalrIjI5dv9rMW5Wh
 6FopeCKyukmhhcZIinFTjYmjYzBhMB0GA1UdDgQWBBRkp2iVUzMYoiCSvGRVpqvK
 dmibyDAfBgNVHSMEGDAWgBRkp2iVUzMYoiCSvGRVpqvKdmibyDAPBgNVHRMBAf8E
-BTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBiwAwgYcCQgD4IljR
-zHNvKBV/hhjZr+1EUbsKa0OZnZezbq6sYQn1VWo8Nf21L3/V4pMQk5mu13UFvmjK
-E7Hl0QUk+V9q+cJ7SgJBYIt23eAC3i7n/zsz+O9tyjFFy82ec/TxJusqbGzqP4Hz
-eFVeJXQny1eMYL45gPbjQ9iAtfnFjW3CqG4+Z1Bal44=
+BTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgOBiwAwgYcCQgGFyyi4
+uOah+VcmFDEzgAseBJqayeaxJ2Np3aKAAZiO11ooxJpTr+xP16umNDbQDOdM7rox
+upfS3S8lgXtxsX5xjQJBBRPFrzYD1m4kXv1bhGzP3q70hd4DWucUurllzMMiflZY
+6NTRO6pFPFt4gHcKCqJYts0+fs+HIRS17VeJuoTKGTk=
 -----END CERTIFICATE-----
diff --git a/certs/p521/server-p521-cert.pem b/certs/p521/server-p521-cert.pem
index 5bc07c732..7eb1afc56 100644
--- a/certs/p521/server-p521-cert.pem
+++ b/certs/p521/server-p521-cert.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = CA-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = Server-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -27,8 +27,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 85:86:9F:AE:73:5F:94:77:27:3B:15:15:C6:79:07:A8:42:4B:1E:F3
             X509v3 Authority Key Identifier: 
-                keyid:40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
-
+                40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -38,20 +37,21 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ecdsa-with-SHA256
-         30:81:87:02:41:51:c1:26:8c:3f:53:fe:7c:28:f5:3f:81:e6:
-         de:7b:ae:ad:f3:6e:be:c2:3a:88:91:f7:31:e8:24:5c:67:08:
-         7d:34:f5:54:2e:0a:50:f4:f7:9d:d5:96:19:ec:49:2c:da:a8:
-         a0:2a:08:71:cd:b7:17:1a:e3:10:b2:bf:41:8d:aa:b2:02:42:
-         01:00:b1:0d:96:19:a0:b1:76:d6:e1:a5:44:41:d4:c8:53:5a:
-         57:4a:b9:4a:a4:6a:ef:cd:97:e9:e4:4d:7c:c8:ea:37:37:61:
-         1a:ec:c7:1e:20:cd:2c:05:64:dd:54:e2:06:7b:74:af:05:0d:
-         59:5c:e9:cd:e8:a8:61:92:cb:8c:d9:f0
+    Signature Value:
+        30:81:87:02:42:01:20:fd:a4:13:5b:5d:37:f3:a5:40:2a:1e:
+        5e:35:16:1e:2d:11:2b:17:53:89:6c:b4:8f:fe:e7:6e:f6:51:
+        ef:b7:cc:85:38:3f:71:12:01:c3:a1:84:8e:32:62:24:f5:3d:
+        9a:00:86:94:97:75:0e:a1:fa:45:6a:ef:e7:17:09:e6:71:02:
+        41:7b:57:17:06:7a:3e:d0:a2:6f:32:21:d4:b4:90:d7:b4:3e:
+        da:6e:42:ce:a9:7d:b7:47:d9:ea:d2:e0:d0:dc:3d:40:d4:eb:
+        c6:2f:12:6c:ed:b6:11:4d:23:cb:49:a6:c8:cf:5f:5f:7d:82:
+        47:a2:5e:bb:0b:1f:a2:91:36:10:2a:5c
 -----BEGIN CERTIFICATE-----
 MIIDYjCCAsSgAwIBAgIBATAKBggqhkjOPQQDAjCBrjELMAkGA1UEBhMCVVMxEDAO
 BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZT
 U0xfcDUyMTEQMA4GA1UECwwHQ0EtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
 Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPy
-LGQBAQwHd29sZlNTTDAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIGy
+LGQBAQwHd29sZlNTTDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGy
 MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h
 bjEVMBMGA1UECgwMd29sZlNTTF9wNTIxMRQwEgYDVQQLDAtTZXJ2ZXItcDUyMTEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -62,8 +62,8 @@ RpMf1WBjpi59jeo/4FvlyG4fp9mjWeWWJyL0AiuvW3gfE6gii+yuAX3AYROkNQoh
 o4GJMIGGMB0GA1UdDgQWBBSFhp+uc1+Udyc7FRXGeQeoQkse8zAfBgNVHSMEGDAW
 gBRAiR0wXgxu1T3G1SWQ2rZCZ+3pgjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
 AwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAwCgYI
-KoZIzj0EAwIDgYsAMIGHAkFRwSaMP1P+fCj1P4Hm3nuurfNuvsI6iJH3MegkXGcI
-fTT1VC4KUPT3ndWWGexJLNqooCoIcc23FxrjELK/QY2qsgJCAQCxDZYZoLF21uGl
-REHUyFNaV0q5SqRq782X6eRNfMjqNzdhGuzHHiDNLAVk3VTiBnt0rwUNWVzpzeio
-YZLLjNnw
+KoZIzj0EAwIDgYsAMIGHAkIBIP2kE1tdN/OlQCoeXjUWHi0RKxdTiWy0j/7nbvZR
+77fMhTg/cRIBw6GEjjJiJPU9mgCGlJd1DqH6RWrv5xcJ5nECQXtXFwZ6PtCibzIh
+1LSQ17Q+2m5Czql9t0fZ6tLg0Nw9QNTrxi8SbO22EU0jy0mmyM9fX32CR6Jeuwsf
+opE2ECpc
 -----END CERTIFICATE-----
diff --git a/certs/p521/server-p521.der b/certs/p521/server-p521.der
index 784af1bb9..979f14f63 100644
Binary files a/certs/p521/server-p521.der and b/certs/p521/server-p521.der differ
diff --git a/certs/p521/server-p521.pem b/certs/p521/server-p521.pem
index 36f61e3ed..c6fda4e18 100644
--- a/certs/p521/server-p521.pem
+++ b/certs/p521/server-p521.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = CA-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = Server-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -27,8 +27,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 85:86:9F:AE:73:5F:94:77:27:3B:15:15:C6:79:07:A8:42:4B:1E:F3
             X509v3 Authority Key Identifier: 
-                keyid:40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
-
+                40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -38,20 +37,21 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ecdsa-with-SHA256
-         30:81:87:02:41:51:c1:26:8c:3f:53:fe:7c:28:f5:3f:81:e6:
-         de:7b:ae:ad:f3:6e:be:c2:3a:88:91:f7:31:e8:24:5c:67:08:
-         7d:34:f5:54:2e:0a:50:f4:f7:9d:d5:96:19:ec:49:2c:da:a8:
-         a0:2a:08:71:cd:b7:17:1a:e3:10:b2:bf:41:8d:aa:b2:02:42:
-         01:00:b1:0d:96:19:a0:b1:76:d6:e1:a5:44:41:d4:c8:53:5a:
-         57:4a:b9:4a:a4:6a:ef:cd:97:e9:e4:4d:7c:c8:ea:37:37:61:
-         1a:ec:c7:1e:20:cd:2c:05:64:dd:54:e2:06:7b:74:af:05:0d:
-         59:5c:e9:cd:e8:a8:61:92:cb:8c:d9:f0
+    Signature Value:
+        30:81:87:02:42:01:20:fd:a4:13:5b:5d:37:f3:a5:40:2a:1e:
+        5e:35:16:1e:2d:11:2b:17:53:89:6c:b4:8f:fe:e7:6e:f6:51:
+        ef:b7:cc:85:38:3f:71:12:01:c3:a1:84:8e:32:62:24:f5:3d:
+        9a:00:86:94:97:75:0e:a1:fa:45:6a:ef:e7:17:09:e6:71:02:
+        41:7b:57:17:06:7a:3e:d0:a2:6f:32:21:d4:b4:90:d7:b4:3e:
+        da:6e:42:ce:a9:7d:b7:47:d9:ea:d2:e0:d0:dc:3d:40:d4:eb:
+        c6:2f:12:6c:ed:b6:11:4d:23:cb:49:a6:c8:cf:5f:5f:7d:82:
+        47:a2:5e:bb:0b:1f:a2:91:36:10:2a:5c
 -----BEGIN CERTIFICATE-----
 MIIDYjCCAsSgAwIBAgIBATAKBggqhkjOPQQDAjCBrjELMAkGA1UEBhMCVVMxEDAO
 BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZT
 U0xfcDUyMTEQMA4GA1UECwwHQ0EtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
 Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPy
-LGQBAQwHd29sZlNTTDAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIGy
+LGQBAQwHd29sZlNTTDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGy
 MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h
 bjEVMBMGA1UECgwMd29sZlNTTF9wNTIxMRQwEgYDVQQLDAtTZXJ2ZXItcDUyMTEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -62,10 +62,10 @@ RpMf1WBjpi59jeo/4FvlyG4fp9mjWeWWJyL0AiuvW3gfE6gii+yuAX3AYROkNQoh
 o4GJMIGGMB0GA1UdDgQWBBSFhp+uc1+Udyc7FRXGeQeoQkse8zAfBgNVHSMEGDAW
 gBRAiR0wXgxu1T3G1SWQ2rZCZ+3pgjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
 AwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAwCgYI
-KoZIzj0EAwIDgYsAMIGHAkFRwSaMP1P+fCj1P4Hm3nuurfNuvsI6iJH3MegkXGcI
-fTT1VC4KUPT3ndWWGexJLNqooCoIcc23FxrjELK/QY2qsgJCAQCxDZYZoLF21uGl
-REHUyFNaV0q5SqRq782X6eRNfMjqNzdhGuzHHiDNLAVk3VTiBnt0rwUNWVzpzeio
-YZLLjNnw
+KoZIzj0EAwIDgYsAMIGHAkIBIP2kE1tdN/OlQCoeXjUWHi0RKxdTiWy0j/7nbvZR
+77fMhTg/cRIBw6GEjjJiJPU9mgCGlJd1DqH6RWrv5xcJ5nECQXtXFwZ6PtCibzIh
+1LSQ17Q+2m5Czql9t0fZ6tLg0Nw9QNTrxi8SbO22EU0jy0mmyM9fX32CR6Jeuwsf
+opE2ECpc
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -74,8 +74,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_P521, OU = Root-P521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_p521, OU = CA-p521, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -96,27 +96,27 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 40:89:1D:30:5E:0C:6E:D5:3D:C6:D5:25:90:DA:B6:42:67:ED:E9:82
             X509v3 Authority Key Identifier: 
-                keyid:64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
-
+                64:A7:68:95:53:33:18:A2:20:92:BC:64:55:A6:AB:CA:76:68:9B:C8
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:81:88:02:42:01:7a:a6:21:f5:b6:c2:fa:e1:44:c6:03:f5:
-         54:2d:35:ef:d9:55:f6:61:45:90:48:8c:c2:3e:81:76:30:06:
-         05:c2:db:32:19:b5:df:37:44:a6:3f:33:fa:3a:c7:91:ae:0f:
-         fb:10:8b:b8:4d:41:b3:ed:c2:d2:5c:37:28:eb:d7:b7:6c:02:
-         42:01:47:23:40:e8:e2:ca:61:74:29:e0:a6:71:5b:0a:c9:45:
-         17:04:7d:5d:11:02:d7:f0:af:60:e0:4c:0a:97:96:09:2e:e0:
-         25:f8:50:d8:9c:f9:bd:17:3d:d3:50:cc:49:06:81:7e:af:fa:
-         85:b8:1f:80:c4:64:08:56:53:39:8d:2f:40
+    Signature Value:
+        30:81:87:02:42:00:dc:0c:25:e5:1b:16:51:e2:3d:7b:19:47:
+        87:83:2a:a0:a7:a7:06:39:86:42:4b:aa:e2:65:10:83:8d:1d:
+        b2:7a:d6:88:d4:a8:b4:bd:a8:f7:c7:fc:75:47:9f:bd:43:8d:
+        21:2d:fe:ee:b2:82:64:d0:c2:df:9c:6f:c9:bd:45:2d:a1:02:
+        41:3c:bf:79:6c:48:33:f8:32:e1:0c:d1:66:09:42:fb:4f:fa:
+        27:d5:bc:d3:13:67:9f:59:05:82:53:8b:86:7e:ec:4c:dc:52:
+        11:ef:6d:96:b1:91:f2:cf:3b:05:19:74:c4:f0:5e:bc:9a:17:
+        7e:03:d5:fc:d9:06:d2:74:31:bd:87:4b
 -----BEGIN CERTIFICATE-----
-MIIDITCCAoKgAwIBAgIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEDAO
+MIIDIDCCAoKgAwIBAgIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEDAO
 BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZT
 U0xfUDUyMTESMBAGA1UECwwJUm9vdC1QNTIxMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI5WhcNMjYwOTA4MjIxOTI5WjCBrjELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBrjELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xfcDUy
 MTEQMA4GA1UECwwHQ0EtcDUyMTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8w
 HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwH
@@ -125,8 +125,8 @@ d29sZlNTTDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAC0YJC3k22zDaZvbGGcz
 x7L8AYaR7UNdOOAMJY2z27Hc3rchgM+H3mT0IT4tr3m99tAAS4F5+vcQqhnNQNce
 dTRTKQPtSFQh5Y+VtZtBjV/dctJao2MwYTAdBgNVHQ4EFgQUQIkdMF4MbtU9xtUl
 kNq2Qmft6YIwHwYDVR0jBBgwFoAUZKdolVMzGKIgkrxkVaarynZom8gwDwYDVR0T
-AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDgYwAMIGIAkIB
-eqYh9bbC+uFExgP1VC0179lV9mFFkEiMwj6BdjAGBcLbMhm13zdEpj8z+jrHka4P
-+xCLuE1Bs+3C0lw3KOvXt2wCQgFHI0Do4sphdCngpnFbCslFFwR9XREC1/CvYOBM
-CpeWCS7gJfhQ2Jz5vRc901DMSQaBfq/6hbgfgMRkCFZTOY0vQA==
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDgYsAMIGHAkIA
+3Awl5RsWUeI9exlHh4MqoKenBjmGQkuq4mUQg40dsnrWiNSotL2o98f8dUefvUON
+IS3+7rKCZNDC35xvyb1FLaECQTy/eWxIM/gy4QzRZglC+0/6J9W80xNnn1kFglOL
+hn7sTNxSEe9tlrGR8s87BRl0xPBevJoXfgPV/NkG0nQxvYdL
 -----END CERTIFICATE-----
diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh
index c46f3dda9..49c03f189 100755
--- a/certs/renewcerts.sh
+++ b/certs/renewcerts.sh
@@ -373,6 +373,20 @@ run_renewcerts(){
     echo "End of section"
     echo "---------------------------------------------------------------------"
     ###########################################################
+    ########## update and sign fpki-certpol-cert.der ################
+    ###########################################################
+    echo "Updating fpki-certpol-cert.der"
+    echo ""
+    #pipe the following arguments to openssl req...
+    echo -e "US\\nMontana\\nBozeman\\nwolfSSL\\nFPKI\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key server-key.pem -config ./wolfssl.cnf -nodes > fpki-certpol-req.pem
+    check_result $? "Step 1"
+
+    openssl x509 -req -in fpki-certpol-req.pem -extfile wolfssl.cnf -extensions fpki_ext_certpol -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out fpki-certpol-cert.der -outform DER
+    check_result $? "Step 2"
+    rm fpki-certpol-req.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
+    ###########################################################
     ########## update and sign rid-cert.der ################
     ###########################################################
     echo "Updating rid-cert.der"
@@ -696,7 +710,7 @@ run_renewcerts(){
     check_result $? "Step 1"
 
     echo "Updating client-ecc-cert-rpk.der"
-    cp ecc-client-keyPub.der ./rpk/ecc-client-cert-rpk.der
+    cp ecc-client-keyPub.der ./rpk/client-ecc-cert-rpk.der
     check_result $? "Step 2"
 
     echo "Updating server-cert-rpk.der"
@@ -858,6 +872,11 @@ run_renewcerts(){
     openssl smime -sign -in ./ca-cert.pem -out test-stream-sign.p7b -signer ./ca-cert.pem -nodetach -nocerts -binary -outform DER -stream -inkey ./ca-key.pem
     check_result $? ""
 
+    echo "Creating test-stream-dec.p7b..."
+    echo ""
+    openssl cms -encrypt -in ca-cert.pem -recip client-cert.pem -out test-stream-dec.p7b -outform DER -stream
+    check_result $? ""
+
     echo "End of section"
     echo "---------------------------------------------------------------------"
 
diff --git a/certs/renewcerts/wolfssl.cnf b/certs/renewcerts/wolfssl.cnf
index e955ba59c..5738bf768 100644
--- a/certs/renewcerts/wolfssl.cnf
+++ b/certs/renewcerts/wolfssl.cnf
@@ -355,6 +355,18 @@ subjectDirectoryAttributes = ASN1:SEQUENCE:SubjDirAttr
 policyConstraints = requireExplicitPolicy:0
 2.16.840.1.101.3.6.10.1 = ASN1:SEQUENCE:PIVCertExt
 
+[fpki_ext_certpol]
+basicConstraints = CA:FALSE,pathlen:0
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, clientAuth, 1.3.6.1.4.1.311.20.2.2, 1.3.6.1.5.2.3.4, 1.3.6.1.5.5.7.3.21
+subjectAltName = @FASC_UUID_altname
+certificatePolicies = 2.16.840.1.101.3.2.1.3.13, 2.16.840.1.101.3.2.1.3.40, 2.16.840.1.101.3.2.1.3.41, 2.16.840.1.101.3.2.1.3.45, 2.16.840.1.101.2.1.11.5, 2.16.840.1.101.2.1.11.9, 2.16.840.1.101.2.1.11.10, 2.16.840.1.101.2.1.11.17, 2.16.840.1.101.2.1.11.18, 2.16.840.1.101.2.1.11.19, 2.16.840.1.101.2.1.11.20, 2.16.840.1.101.2.1.11.31, 2.16.840.1.101.2.1.11.36, 2.16.840.1.101.2.1.11.37, 2.16.840.1.101.2.1.11.38, 2.16.840.1.101.2.1.11.39, 2.16.840.1.101.2.1.11.40, 2.16.840.1.101.2.1.11.41, 2.16.840.1.101.2.1.11.42, 2.16.840.1.101.2.1.11.43, 2.16.840.1.101.2.1.11.44, 2.16.840.1.101.2.1.11.59, 2.16.840.1.101.2.1.11.60, 2.16.840.1.101.2.1.11.61, 2.16.840.1.101.2.1.11.62, 2.16.840.1.101.3.2.1.12.1, 2.16.840.1.101.3.2.1.12.2, 2.16.840.1.101.3.2.1.12.3, 2.16.840.1.101.3.2.1.12.4, 2.16.840.1.101.3.2.1.12.5, 2.16.840.1.101.3.2.1.12.6, 2.16.840.1.101.3.2.1.12.8, 2.16.840.1.101.3.2.1.12.9, 2.16.840.1.101.3.2.1.12.10, 2.16.840.1.101.3.2.1.3.4, 2.16.840.1.101.3.2.1.3.7, 2.16.840.1.101.3.2.1.3.12, 2.16.840.1.101.3.2.1.3.13, 2.16.840.1.101.3.2.1.3.16, 2.16.840.1.101.3.2.1.3.18, 2.16.840.1.101.3.2.1.3.20, 2.16.840.1.101.3.2.1.3.36, 2.16.840.1.101.3.2.1.3.38, 2.16.840.1.101.3.2.1.3.39, 2.16.840.1.101.3.2.1.3.41, 2.16.840.1.101.3.2.1.3.45, 2.16.840.1.101.3.2.1.3.47, 2.16.840.1.101.3.2.1.6.4, 2.16.840.1.101.3.2.1.6.12, 2.16.840.1.101.3.2.1.6.38, 2.16.840.1.101.3.2.1.5.4, 2.16.840.1.101.3.2.1.5.5, 2.16.840.1.101.3.2.1.5.10, 2.16.840.1.101.3.2.1.5.12, 1.3.6.1.4.1.73.15.3.1.12, 1.3.6.1.4.1.73.15.3.1.17, 1.3.6.1.4.1.45606.3.1.12, 1.3.6.1.4.1.45606.3.1.20, 1.3.6.1.4.1.45606.3.1.22, 1.3.6.1.4.1.25054.3.1.12, 1.3.6.1.4.1.25054.3.1.14, 1.3.6.1.4.1.25054.3.1.20, 1.3.6.1.4.1.25054.3.1.22, 1.3.6.1.4.1.24019.1.1.1.2, 1.3.6.1.4.1.24019.1.1.1.3, 1.3.6.1.4.1.24019.1.1.1.7, 1.3.6.1.4.1.24019.1.1.1.9, 1.3.6.1.4.1.24019.1.1.1.18, 1.3.6.1.4.1.24019.1.1.1.19, 1.3.6.1.4.1.38099.1.1.1.2, 1.3.6.1.4.1.38099.1.1.1.5, 1.3.6.1.4.1.38099.1.1.1.7, 2.16.840.1.113733.1.7.23.3.1.7, 2.16.840.1.113733.1.7.23.3.1.13, 2.16.840.1.113733.1.7.23.3.1.18, 2.16.840.1.113733.1.7.23.3.1.20, 2.16.840.1.113733.1.7.23.3.1.36, 2.16.840.1.114027.200.3.10.7.2, 2.16.840.1.114027.200.3.10.7.4, 2.16.840.1.114027.200.3.10.7.6, 2.16.840.1.114027.200.3.10.7.9, 2.16.840.1.114027.200.3.10.7.16, 1.3.6.1.4.1.13948.1.1.1.6, 2.16.840.1.113839.0.100.12.1, 2.16.840.1.113839.0.100.12.2, 2.16.840.1.113839.0.100.18.0, 2.16.840.1.113839.0.100.18.1, 2.16.840.1.113839.0.100.18.2, 2.16.840.1.113839.0.100.20.1, 1.3.6.1.4.1.103.100.1.1.3.3, 1.3.6.1.4.1.16334.509.2.8, 1.3.6.1.4.1.16334.509.2.9, 1.3.6.1.4.1.16334.509.2.11, 1.3.6.1.4.1.16334.509.2.14, 1.3.6.1.4.1.1569.10.1.12, 1.3.6.1.4.1.1569.10.1.18, 1.3.6.1.4.1.26769.10.1.12, 1.3.6.1.4.1.26769.10.1.18, 1.3.6.1.4.1.3922.1.1.1.12, 1.3.6.1.4.1.3922.1.1.1.18, 1.3.6.1.4.1.3922.1.1.1.20, 1.3.6.1.4.1.3922.1.1.1.38, 1.2.36.1.334.1.2.1.2, 1.2.36.1.334.1.2.1.3, 1.2.36.1.334.1.2.2.2, 2.16.528.1.1003.1.2.5.1, 2.16.528.1.1003.1.2.5.2, 2.16.528.1.1003.1.2.5.3
+subjectDirectoryAttributes = ASN1:SEQUENCE:SubjDirAttr
+policyConstraints = requireExplicitPolicy:0
+2.16.840.1.101.3.6.10.1 = ASN1:SEQUENCE:PIVCertExt
+
 # using example UUID from RFC4122
 [FASC_UUID_altname]
 otherName.1 = 1.3.6.1.4.1.311.20.2.3;UTF8:facts@wolfssl.com
diff --git a/certs/rid-cert.der b/certs/rid-cert.der
index 3ec3b8c03..11cfd749a 100644
Binary files a/certs/rid-cert.der and b/certs/rid-cert.der differ
diff --git a/certs/rsapss/ca-3072-rsapss.der b/certs/rsapss/ca-3072-rsapss.der
index c25d4e46b..ae86d11a8 100644
Binary files a/certs/rsapss/ca-3072-rsapss.der and b/certs/rsapss/ca-3072-rsapss.der differ
diff --git a/certs/rsapss/ca-3072-rsapss.pem b/certs/rsapss/ca-3072-rsapss.pem
index 65f0c14c7..9ebdd0041 100644
--- a/certs/rsapss/ca-3072-rsapss.pem
+++ b/certs/rsapss/ca-3072-rsapss.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:c8:2a:40:c8:eb:ae:7c:18:33:cb:38:51:e6:b7:
                     7b:11:4f:cd:ea:35:87:64:d9:b2:ca:cf:4b:21:c4:
@@ -48,69 +48,68 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
             X509v3 Authority Key Identifier: 
-                keyid:AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
-
+                AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
-
-         1f:c0:ae:b2:47:af:ec:86:67:3a:b6:8f:44:65:4a:af:29:fc:
-         17:92:a4:8f:03:6a:76:63:8d:65:4a:f6:52:23:a2:08:46:17:
-         c6:2c:87:76:2b:05:21:c1:70:2d:4d:65:ef:de:af:87:21:7e:
-         88:98:45:8b:06:8f:f8:56:4f:6a:29:f3:f4:72:5d:c3:f4:5a:
-         ee:6c:52:dc:40:72:4a:1a:4c:3b:84:b0:5a:64:cc:3a:62:c3:
-         d3:56:a9:e3:fd:4e:a2:3b:57:22:b7:f9:71:f7:5c:80:aa:4c:
-         26:ef:d5:10:e5:d9:ae:89:ff:90:82:2e:0a:ad:1c:da:a6:9c:
-         99:44:d5:fc:a0:3c:42:ad:e7:dd:8a:d0:c7:b8:d0:83:bb:4b:
-         00:e2:50:e5:81:6f:03:b8:bc:4d:d2:86:4d:8a:33:79:ca:e8:
-         a0:df:70:c1:3a:c3:55:05:f0:ac:d8:ab:55:0b:cf:44:60:b4:
-         af:03:f4:88:d9:49:81:7c:78:6a:af:5f:cd:28:e2:e1:37:f3:
-         28:b8:0e:05:5d:72:b3:b5:5b:f4:72:52:a3:7e:99:99:23:95:
-         26:17:cb:9c:66:83:21:d6:ac:f8:c8:b2:49:22:dc:32:9b:f2:
-         fc:5d:f7:fe:c0:a6:81:62:1c:43:25:2a:d3:66:37:76:db:15:
-         31:c4:6b:df:e8:70:a9:f9:96:8c:ec:94:d1:b2:fb:73:03:1b:
-         5d:7f:2b:1b:ab:47:72:ea:1b:9d:2d:43:d4:90:df:ca:c5:98:
-         9a:a2:01:6a:d3:55:1c:ad:d1:37:46:93:fe:e8:56:8c:6a:1c:
-         45:bf:cb:12:d1:aa:1c:98:08:af:f7:67:ed:41:65:3b:98:d0:
-         42:29:b0:68:ab:94:52:6e:72:e2:f4:df:8a:68:b5:1b:6d:3f:
-         35:d5:01:b8:60:eb:fe:f2:e9:33:90:db:59:5a:c4:d6:52:c6:
-         c7:1b:a8:a1:ef:64:db:96:ac:ce:fc:8d:e2:ac:75:f4:0d:bc:
-         49:36:8a:12:36:83
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
+        7e:3f:73:07:e2:0f:7e:e8:7c:7f:81:03:e7:e2:78:c2:f8:45:
+        27:e6:42:5a:21:35:26:17:31:aa:9e:65:05:84:47:46:cb:bd:
+        c0:30:32:a0:06:f1:a1:a7:68:89:0f:e7:a0:83:31:8f:d9:b4:
+        ad:2d:1e:82:e6:ba:bc:0c:a8:98:a6:75:97:8e:b1:bc:33:77:
+        f5:9c:f6:0b:39:f8:6f:d9:bb:35:75:80:e9:22:a4:75:cb:1a:
+        24:55:f7:96:bf:73:d2:6b:93:87:a7:c1:3c:97:75:ef:6a:9e:
+        51:12:43:60:fe:6c:46:01:ab:5a:a2:72:b5:cf:a9:47:8b:3c:
+        9d:d2:5b:c7:e1:f4:25:94:c4:3d:a3:62:10:0d:19:4e:72:66:
+        85:1e:7b:24:a6:93:46:be:5e:a6:f4:c9:52:4d:dd:2d:d4:15:
+        ef:f7:cb:75:90:2b:ba:6f:7d:84:90:26:f6:5a:92:e9:d0:b0:
+        c6:05:2e:10:d5:b5:12:da:cb:92:ed:6f:12:27:3a:cd:08:94:
+        f0:52:9b:08:52:47:77:e2:de:ce:51:20:6f:e7:b3:1a:21:ea:
+        2f:d5:8c:10:15:9c:e4:61:74:d4:c3:8f:4e:47:df:a2:3c:60:
+        da:61:60:a8:67:2b:40:30:4e:a3:5f:7b:f6:3d:7e:5f:0d:ce:
+        c8:2b:de:17:b0:dd:a9:9c:3d:b7:dc:7f:60:b9:4e:4a:24:cf:
+        75:b1:d3:ce:83:5e:6d:f3:28:78:fd:6e:3f:f5:69:50:08:57:
+        58:76:98:d6:86:ce:2d:42:0b:66:60:7f:fa:20:0d:4e:d6:0d:
+        ed:9a:2d:95:3e:d0:df:72:53:56:1e:d5:f5:60:ab:d9:eb:f1:
+        f3:76:9b:4f:04:13:5a:92:6c:af:93:23:cb:87:ec:ad:ef:f5:
+        e5:df:0c:e5:14:70:a9:ca:43:f9:aa:83:4f:bf:aa:de:21:75:
+        3f:70:6e:7b:fe:2e:ba:72:7e:3b:e2:88:70:b4:17:5a:bd:38:
+        f3:37:f0:f7:1d:99
 -----BEGIN CERTIFICATE-----
-MIIFjzCCA8agAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgZ0xCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93
-b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UEAwwP
+MIIFlzCCA8qgAwIBAgIBATBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgFOMIGdMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UE
+CgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxSb290LVJTQS1QU1MxGDAWBgNV
+BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
+LmNvbTAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGyMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UE
+CgwOd29sZlNTTF9SU0FQU1MxEjAQBgNVBAsMCUNBLVJTQVBTUzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
-MB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgbIxCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
-b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
-BgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoC
-ggGBAMgqQMjrrnwYM8s4Uea3exFPzeo1h2TZssrPSyHEhirHo28VPh7EmwOBSzpd
-U2IR4gjfl003PXhiUEAxKnBEGm1pSfx3uPJCCYaaXTnNhHsyijuwT7891AV+wKoo
-pc6xKDpZ2RkQOtQfkQcHc1CkK9gYHyL49GQ/E6DYYH5TTDuXcLw25b4xl0VV7aJb
-h7UbjmU9txUI0RIaquxOVjVwpz5QZfc+MJwy27Ike4cCKScSNa2OwwIiE8JuU0Xw
-FiGB5dW1kWCL11y7wnAG9lBBRTZ/QUSJtpcjvnbXfHJ/6vQZEBfD34/NlyAEyx0D
-awmP13uEfSLF4hDLzBGqofVmhQ41WozDiWEp0FxTLwlLkX7O4BLTzuvJUDw28Ka0
-+7XC3mGgrG+8fu9TCJ+xGK1b4wEj3hGlH33VtvRyHVN1ZozbYR7p6zzzSWmCtiBr
-KQOhvlXkTPglp6ij4z8yH66nKptrVt3JWrEaAaAT0o6aLNt+/VsOLu+Sac7y3u/Q
-LwkOZwIDAQABo2MwYTAdBgNVHQ4EFgQU+ELMiMnIGPnTsCRlBkz/Vau/Dn8wHwYD
-VR0jBBgwFoAUqnHTsYpLu0cVR1+b0Ctp0W+FXvYwDwYDVR0TAQH/BAUwAwEB/zAO
-BgNVHQ8BAf8EBAMCAYYwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAY
-BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgFOA4IBgQAfwK6yR6/shmc6to9E
-ZUqvKfwXkqSPA2p2Y41lSvZSI6IIRhfGLId2KwUhwXAtTWXv3q+HIX6ImEWLBo/4
-Vk9qKfP0cl3D9FrubFLcQHJKGkw7hLBaZMw6YsPTVqnj/U6iO1cit/lx91yAqkwm
-79UQ5dmuif+Qgi4KrRzappyZRNX8oDxCrefditDHuNCDu0sA4lDlgW8DuLxN0oZN
-ijN5yuig33DBOsNVBfCs2KtVC89EYLSvA/SI2UmBfHhqr1/NKOLhN/MouA4FXXKz
-tVv0clKjfpmZI5UmF8ucZoMh1qz4yLJJItwym/L8Xff+wKaBYhxDJSrTZjd22xUx
-xGvf6HCp+ZaM7JTRsvtzAxtdfysbq0dy6hudLUPUkN/KxZiaogFq01UcrdE3RpP+
-6FaMahxFv8sS0aocmAiv92ftQWU7mNBCKbBoq5RSbnLi9N+KaLUbbT811QG4YOv+
-8ukzkNtZWsTWUsbHG6ih72TblqzO/I3irHX0DbxJNooSNoM=
+MRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCCAaAwCwYJKoZIhvcNAQEKA4IBjwAw
+ggGKAoIBgQDIKkDI6658GDPLOFHmt3sRT83qNYdk2bLKz0shxIYqx6NvFT4exJsD
+gUs6XVNiEeII35dNNz14YlBAMSpwRBptaUn8d7jyQgmGml05zYR7Moo7sE+/PdQF
+fsCqKKXOsSg6WdkZEDrUH5EHB3NQpCvYGB8i+PRkPxOg2GB+U0w7l3C8NuW+MZdF
+Ve2iW4e1G45lPbcVCNESGqrsTlY1cKc+UGX3PjCcMtuyJHuHAiknEjWtjsMCIhPC
+blNF8BYhgeXVtZFgi9dcu8JwBvZQQUU2f0FEibaXI75213xyf+r0GRAXw9+PzZcg
+BMsdA2sJj9d7hH0ixeIQy8wRqqH1ZoUONVqMw4lhKdBcUy8JS5F+zuAS087ryVA8
+NvCmtPu1wt5hoKxvvH7vUwifsRitW+MBI94RpR991bb0ch1TdWaM22Ee6es880lp
+grYgaykDob5V5Ez4Jaeoo+M/Mh+upyqba1bdyVqxGgGgE9KOmizbfv1bDi7vkmnO
+8t7v0C8JDmcCAwEAAaNjMGEwHQYDVR0OBBYEFPhCzIjJyBj507AkZQZM/1Wrvw5/
+MB8GA1UdIwQYMBaAFKpx07GKS7tHFUdfm9AradFvhV72MA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgGGMEIGCSqGSIb3DQEBCjA1oA8wDQYJYIZIAWUDBAIC
+BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiBAICAU4DggGBAH4/cwfi
+D37ofH+BA+fieML4RSfmQlohNSYXMaqeZQWER0bLvcAwMqAG8aGnaIkP56CDMY/Z
+tK0tHoLmurwMqJimdZeOsbwzd/Wc9gs5+G/ZuzV1gOkipHXLGiRV95a/c9Jrk4en
+wTyXde9qnlESQ2D+bEYBq1qicrXPqUeLPJ3SW8fh9CWUxD2jYhANGU5yZoUeeySm
+k0a+Xqb0yVJN3S3UFe/3y3WQK7pvfYSQJvZakunQsMYFLhDVtRLay5LtbxInOs0I
+lPBSmwhSR3fi3s5RIG/nsxoh6i/VjBAVnORhdNTDj05H36I8YNphYKhnK0AwTqNf
+e/Y9fl8Nzsgr3hew3amcPbfcf2C5Tkokz3Wx086DXm3zKHj9bj/1aVAIV1h2mNaG
+zi1CC2Zgf/ogDU7WDe2aLZU+0N9yU1Ye1fVgq9nr8fN2m08EE1qSbK+TI8uH7K3v
+9eXfDOUUcKnKQ/mqg0+/qt4hdT9wbnv+LrpyfjviiHC0F1q9OPM38PcdmQ==
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/ca-rsapss.der b/certs/rsapss/ca-rsapss.der
index 97738da64..780220725 100644
Binary files a/certs/rsapss/ca-rsapss.der and b/certs/rsapss/ca-rsapss.der differ
diff --git a/certs/rsapss/ca-rsapss.pem b/certs/rsapss/ca-rsapss.pem
index 1a69b8c9e..50d29547e 100644
--- a/certs/rsapss/ca-rsapss.pem
+++ b/certs/rsapss/ca-rsapss.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d6:0e:c7:50:4d:29:f5:a8:a2:d4:29:5b:58:f2:
                     bc:2d:27:de:88:49:1a:84:19:2b:84:8d:94:d1:78:
@@ -36,66 +36,65 @@ Certificate:
                     cc:1d
                 Exponent: 65537 (0x10001)
                 PSS parameter restrictions:
-                  Hash Algorithm: sha256
-                  Mask Algorithm: mgf1 with sha256
-                  Minimum Salt Length: 0x20
-                  Trailer Field: 0xBC (default)
+                  Hash Algorithm: SHA2-256
+                  Mask Algorithm: MGF1 with SHA2-256
+                  Minimum Salt Length: 32
+                  Trailer Field: 0x1 (default)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
             X509v3 Authority Key Identifier: 
-                keyid:64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
-
+                64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         6c:79:0e:40:30:74:f6:02:08:61:df:c0:89:25:10:30:ea:e4:
-         e9:14:c8:c6:47:01:55:a4:f2:ed:ee:3f:55:da:62:39:04:cb:
-         3d:a1:78:56:76:30:fd:14:ea:b3:d8:21:99:c6:ca:ed:9f:18:
-         7d:15:4d:d2:cf:db:c3:a1:b4:56:0d:04:b1:72:9c:68:81:1f:
-         01:02:b8:8f:d6:d8:ed:47:3a:72:f2:e0:a5:9b:7b:50:75:00:
-         a4:ab:23:62:48:1f:bc:f4:50:86:ef:06:b3:f8:8b:6e:e0:39:
-         d1:8c:3b:8f:1f:ef:c5:ff:8c:2d:b2:1b:5d:82:32:b1:81:92:
-         02:7c:c9:ad:16:86:63:6c:95:41:ed:80:70:96:41:13:11:03:
-         9a:c1:41:d4:ca:e0:fd:7f:2d:d9:5b:60:d6:42:fe:aa:ac:73:
-         4e:6d:26:67:03:ec:53:e9:97:2f:73:3a:f5:c4:ba:cf:dc:db:
-         6c:f0:79:80:b1:52:f4:bf:12:c9:a7:ce:b1:2f:8d:6a:6a:a8:
-         9e:27:e9:d1:55:26:6b:20:8c:1f:90:57:6d:5e:dc:9e:ca:4c:
-         76:fc:35:76:dc:5a:06:90:50:88:7e:ad:9f:58:e3:39:10:e3:
-         64:19:9f:ea:fb:86:04:84:79:d6:20:ac:c8:45:8b:03:8c:eb:
-         b6:d4:e7:e4
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        78:31:94:fd:94:b9:31:68:97:cc:3b:60:8e:1b:4b:0b:c6:1b:
+        d4:64:d9:dd:ef:81:f2:fd:a0:18:a5:f4:92:47:07:84:55:f7:
+        f0:1d:25:45:15:cb:df:df:9c:d2:5a:db:f2:e9:1a:8e:98:5b:
+        7c:73:ea:13:3d:02:c2:89:06:50:3e:dd:4e:79:3a:86:1d:cc:
+        7c:04:09:d7:ed:53:86:d7:8a:2a:11:0a:84:14:da:47:d4:92:
+        0a:7f:e7:86:b9:08:a7:7c:da:e4:97:d7:04:25:22:98:0e:e7:
+        72:05:39:ac:57:18:22:76:26:13:8b:29:4d:b8:38:a4:17:8b:
+        fb:2e:bf:61:7a:34:94:09:f0:3f:1d:4a:61:75:ab:b8:31:42:
+        37:b2:47:a0:d9:cf:23:9f:da:61:e2:bf:39:dd:0d:e4:bf:b9:
+        ba:7d:22:ca:f0:53:ad:71:95:4f:1c:05:86:b9:30:63:b9:80:
+        20:0e:e3:4d:32:e0:e8:33:3e:64:27:f5:ae:f5:07:f1:a8:68:
+        3a:49:12:e5:b0:38:bc:d1:96:d2:de:60:02:eb:79:ca:2c:e8:
+        f2:39:09:91:6b:9a:a2:13:b9:01:c5:7f:36:dc:a3:e7:86:b4:
+        72:23:a7:38:26:2b:9a:6e:3c:99:69:f1:8e:cc:68:10:14:50:
+        a2:e9:2b:b1
 -----BEGIN CERTIFICATE-----
-MIIEvzCCA3egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBnTELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dv
-bGZTU0xfUlNBLVBTUzEVMBMGA1UECwwMUm9vdC1SU0EtUFNTMRgwFgYDVQQDDA93
-d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
-HhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBsjELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
-bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
-b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
-CgmSJomT8ixkAQEMB3dvbGZTU0wwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
-AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEK
-AoIBAQDWDsdQTSn1qKLUKVtY8rwtJ96ISRqEGSuEjZTReBLWexTY0oIklav+T1X7
-4FX8OTd7QYC0mG9/xbc+N/hfHS8SMYj5izsAheY2pRc/mqS+SP96NiIsI9SfW1LR
-F9HB8mkZ2DLF93nsgxmH4xOgQ16x6QPttAjNexRoDyVPkPAEp7sIiQjcdk5wSQRB
-Tb+3f3d5au9oS2KXjjORMirjYxVH9mGkJtsCBLZXwKfwquwgcpHDMquYf4TG6F/W
-4BrSJLHHULtzh94qw+LEYDK45FpbteQpjIsoa7sa3Dz+ue+eiShguqRAZtW74GJ/
-pyvhDzjmM+qyEA4UyD+Hn/+LKMwdAgMBAAGjYzBhMB0GA1UdDgQWBBSeDODT37ZL
-8xljXMpsk4aiFFORMTAfBgNVHSMEGDAWgBRk1eyCh4DeWu1JmNgMVH1GnqU81jAP
-BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA9BgkqhkiG9w0BAQowMKAN
-MAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOC
-AQEAbHkOQDB09gIIYd/AiSUQMOrk6RTIxkcBVaTy7e4/VdpiOQTLPaF4VnYw/RTq
-s9ghmcbK7Z8YfRVN0s/bw6G0Vg0EsXKcaIEfAQK4j9bY7Uc6cvLgpZt7UHUApKsj
-YkgfvPRQhu8Gs/iLbuA50Yw7jx/vxf+MLbIbXYIysYGSAnzJrRaGY2yVQe2AcJZB
-ExEDmsFB1Mrg/X8t2Vtg1kL+qqxzTm0mZwPsU+mXL3M69cS6z9zbbPB5gLFS9L8S
-yafOsS+Namqonifp0VUmayCMH5BXbV7cnspMdvw1dtxaBpBQiH6tn1jjORDjZBmf
-6vuGBIR51iCsyEWLA4zrttTn5A==
+MIIEyzCCA3+gAwIBAgIBATBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwgZ0xCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQK
+DA93b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UE
+AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgbIxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQK
+DA53b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20x
+FzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBVjBBBgkqhkiG9w0BAQowNKAPMA0G
+CWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAD
+ggEPADCCAQoCggEBANYOx1BNKfWootQpW1jyvC0n3ohJGoQZK4SNlNF4EtZ7FNjS
+giSVq/5PVfvgVfw5N3tBgLSYb3/Ftz43+F8dLxIxiPmLOwCF5jalFz+apL5I/3o2
+Iiwj1J9bUtEX0cHyaRnYMsX3eeyDGYfjE6BDXrHpA+20CM17FGgPJU+Q8ASnuwiJ
+CNx2TnBJBEFNv7d/d3lq72hLYpeOM5EyKuNjFUf2YaQm2wIEtlfAp/Cq7CBykcMy
+q5h/hMboX9bgGtIkscdQu3OH3irD4sRgMrjkWlu15CmMiyhruxrcPP65756JKGC6
+pEBm1bvgYn+nK+EPOOYz6rIQDhTIP4ef/4sozB0CAwEAAaNjMGEwHQYDVR0OBBYE
+FJ4M4NPftkvzGWNcymyThqIUU5ExMB8GA1UdIwQYMBaAFGTV7IKHgN5a7UmY2AxU
+fUaepTzWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMEEGCSqGSIb3
+DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUD
+BAIBBQCiAwIBIAOCAQEAeDGU/ZS5MWiXzDtgjhtLC8Yb1GTZ3e+B8v2gGKX0kkcH
+hFX38B0lRRXL39+c0lrb8ukajphbfHPqEz0CwokGUD7dTnk6hh3MfAQJ1+1ThteK
+KhEKhBTaR9SSCn/nhrkIp3za5JfXBCUimA7ncgU5rFcYInYmE4spTbg4pBeL+y6/
+YXo0lAnwPx1KYXWruDFCN7JHoNnPI5/aYeK/Od0N5L+5un0iyvBTrXGVTxwFhrkw
+Y7mAIA7jTTLg6DM+ZCf1rvUH8ahoOkkS5bA4vNGW0t5gAut5yizo8jkJkWuaohO5
+AcV/Ntyj54a0ciOnOCYrmm48mWnxjsxoEBRQoukrsQ==
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/client-3072-rsapss.der b/certs/rsapss/client-3072-rsapss.der
index 5f04bf3ee..2efdec23e 100644
Binary files a/certs/rsapss/client-3072-rsapss.der and b/certs/rsapss/client-3072-rsapss.der differ
diff --git a/certs/rsapss/client-3072-rsapss.pem b/certs/rsapss/client-3072-rsapss.pem
index 0de6bc885..56f0caff6 100644
--- a/certs/rsapss/client-3072-rsapss.pem
+++ b/certs/rsapss/client-3072-rsapss.pem
@@ -2,20 +2,20 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            06:54:4f:66:0b:e2:32:6e:09:ab:a6:90:84:b3:1a:59:79:89:1a:9a
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
+            17:02:5c:f5:8c:08:e0:6b:d9:3d:14:8f:e9:32:2e:32:b7:d0:d1:2b
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:bb:06:28:e4:7f:c9:41:76:be:26:c6:a9:ba:08:
                     e6:35:9c:33:a0:3c:5b:ab:95:23:d7:6b:61:d3:2e:
@@ -51,78 +51,77 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:8C:01:9F:4E:11:24:28:BF:3E:EA:82:EA:54:2A:C9:0F:F5:E4:C5:47
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_RSAPSS/OU=Client-RSAPSS/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
-                serial:06:54:4F:66:0B:E2:32:6E:09:AB:A6:90:84:B3:1A:59:79:89:1A:9A
-
+                serial:17:02:5C:F5:8C:08:E0:6B:D9:3D:14:8F:E9:32:2E:32:B7:D0:D1:2B
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
                 DNS:example.com, IP Address:127.0.0.1
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
-
-         0b:90:18:ff:19:9d:5e:bc:34:de:1f:90:e8:27:89:1e:61:84:
-         79:84:e1:e7:b5:df:dc:b8:68:6b:59:02:33:b0:c8:0c:a7:31:
-         e3:95:b6:09:41:6b:e0:63:93:f5:9f:53:17:04:6d:08:e7:fe:
-         38:9e:27:82:29:55:46:f7:7a:65:61:7d:1e:8f:8c:35:70:8a:
-         2a:94:dc:62:c5:db:16:b8:bf:67:9c:f7:e1:09:fc:08:d7:95:
-         ae:9d:9c:27:f4:7c:71:37:62:c8:09:0b:b6:06:56:37:ff:fa:
-         fc:ba:c2:25:65:e5:c2:01:b4:37:8a:f5:1e:d6:d7:56:f6:df:
-         77:fa:99:26:16:61:8b:b2:f6:5f:de:cc:46:97:80:e8:55:36:
-         79:9a:c7:01:36:7b:73:3a:cc:ae:05:00:a1:91:2d:fb:57:0a:
-         72:e8:70:ab:4d:82:df:8d:5a:c5:67:fb:17:06:d9:a1:c4:66:
-         29:c6:58:d4:81:b9:89:d3:d1:8e:97:61:59:3a:be:4d:18:3a:
-         21:cf:94:0e:c7:20:30:35:a6:ed:a9:a1:de:bd:b7:ee:02:5f:
-         af:b0:8c:2e:57:15:7b:87:fd:d9:77:18:63:cc:d1:95:98:e2:
-         bd:d2:f4:15:38:98:13:dc:f1:ae:37:35:9e:1b:74:23:a3:20:
-         2a:3e:6a:d0:67:67:79:65:c0:6b:e3:08:66:8f:79:c6:1c:68:
-         68:b5:c4:f5:ec:8e:bc:c3:0b:73:6d:8b:61:33:17:90:f0:cb:
-         69:1c:2e:42:f1:c3:a0:4a:0d:8b:79:94:8e:40:97:c6:c0:4e:
-         f1:95:42:12:d9:ad:84:d5:9c:7b:52:4a:a9:e5:82:8f:5c:9f:
-         d4:c8:0e:14:0a:c2:27:33:57:1e:d9:60:5a:e6:2a:83:bb:91:
-         01:85:a0:14:b8:e4:bf:4a:43:7d:4f:40:36:d9:24:8b:a7:f3:
-         7c:a9:b1:cf:f0:ba:6b:d0:73:0a:aa:47:13:06:8f:ad:df:26:
-         0d:47:07:27:27:8f
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
+        19:1f:82:de:2e:f8:7c:ea:fa:2f:a4:9d:1c:31:46:2b:89:fb:
+        b5:b8:e3:91:4a:0f:33:e6:f8:4d:a4:f3:83:a1:25:97:8b:49:
+        a6:28:8f:6a:41:53:be:fc:ac:f2:08:72:d5:74:51:3f:36:af:
+        73:f7:66:55:de:e6:68:96:a9:d1:20:55:d5:f5:25:b5:8e:c7:
+        d5:73:e4:90:2c:7d:f3:d3:5b:a3:cf:43:37:ea:30:56:a2:7d:
+        f4:e6:5a:d7:92:a3:b9:8e:46:09:e1:cc:eb:73:2e:3d:d1:1d:
+        ef:7c:64:54:0a:6d:f3:3f:1f:77:d1:1f:a6:66:31:dd:28:bf:
+        61:25:81:05:18:ab:8a:87:5a:d6:68:bf:f4:a1:44:e4:01:8e:
+        84:66:cb:d8:cc:b8:b7:b3:50:fb:02:37:02:00:04:19:f5:80:
+        72:2f:f4:9f:e9:30:b9:0d:62:fb:56:5e:d9:ec:47:f3:ee:12:
+        31:9b:eb:a9:d1:2d:7d:40:31:3a:a0:ce:c7:84:c8:3d:3e:9a:
+        a2:9b:22:5e:80:86:96:48:71:17:5e:ca:d2:95:3e:c6:cc:12:
+        aa:16:ca:a7:e8:87:52:ea:e9:b0:6c:4c:c9:0b:26:7e:6c:8b:
+        82:dc:09:5c:82:05:96:0f:99:82:07:58:e5:f0:85:10:c7:57:
+        c6:e7:ad:49:fd:8d:5d:6b:48:92:4f:50:e4:d4:31:ef:f3:8b:
+        9b:15:e0:de:5e:d3:0c:3f:96:19:3c:2f:f2:93:e8:03:0b:dd:
+        a6:4d:0a:b5:fd:5c:af:df:4e:bc:e6:fc:90:8b:7a:31:9b:69:
+        00:bc:11:02:49:4b:bb:2f:4d:d9:74:6f:4c:5a:0c:b7:54:e9:
+        cd:97:50:7f:01:d4:16:8e:c7:8f:26:62:b5:6b:33:ef:b8:02:
+        5b:39:00:4e:63:a7:47:11:4a:ed:43:de:d0:73:ed:92:fc:2e:
+        6c:a4:80:56:c9:52:c2:05:0b:07:fe:63:f2:a0:68:4d:9c:b5:
+        6e:1b:6e:df:b3:ee
 -----BEGIN CERTIFICATE-----
-MIIGxTCCBPygAwIBAgIUBlRPZgviMm4Jq6aQhLMaWXmJGpowPgYJKoZIhvcNAQEK
-MDGgDTALBglghkgBZQMEAgKhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQC
-AgFOMIG2MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
-Qm96ZW1hbjEXMBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsMDUNsaWVu
-dC1SU0FQU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0wwHhcN
-MjMxMjEzMjIxOTI5WhcNMjYwOTA4MjIxOTI5WjCBtjELMAkGA1UEBhMCVVMxEDAO
-BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndvbGZT
-U0xfUlNBUFNTMRYwFAYDVQQLDA1DbGllbnQtUlNBUFNTMRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
-BgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoC
-ggGBALsGKOR/yUF2vibGqboI5jWcM6A8W6uVI9drYdMui43tHNlXrhpp4s5liC5l
-D8vxecssRpY+P1tZ5be1sTx8JuRWIVFdBHnZf1xxVOkemcH3vmwPe+9GjUAOo2vO
-mJtsDW3TJJ2e6GglnEZgkjdicyF3Gr1c8BFt7rlvso42VD7hcms2yYhIhhhs+Nex
-4OTXDCoVzJIzhL1xGgdwqgMk4c7CKLjjg/+6GVC3riL9++twcLAtF6A+qoVQQ2Ik
-XQBRuBH62MYGQAe9SrBCcFLPF5WxU/xojRO+oA7ES8sXcs3NCy7/ZkJQzHZ9cE59
-Yxbl2uH7mWwdBmyr7tM2Tsc0X/fQHlD9/kE5KVzhx7/EUDZ1ijZNCWrKKswatw2L
-Fm1IBzlh9cgHWpy/0qXxOTt+v2Ixk7opWskJ1wAwPtgYjJ6nKHVJqok03loUKV38
-RwWraoQPVyxkqzuYs9ZIutvxA9Ag95/vfVJQKONI7Sk+/v+Go2Q9fymio5NS5WrD
-qRNEzwIDAQABo4IBZzCCAWMwHQYDVR0OBBYEFIwBn04RJCi/PuqC6lQqyQ/15MVH
-MIH2BgNVHSMEge4wgeuAFIwBn04RJCi/PuqC6lQqyQ/15MVHoYG8pIG5MIG2MQsw
-CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEX
-MBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsMDUNsaWVudC1SU0FQU1Mx
-GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
-b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0yCFAZUT2YL4jJuCaum
-kISzGll5iRqaMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22H
-BH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD4GCSqGSIb3DQEB
-CjAxoA0wCwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIE
-AgIBTgOCAYEAC5AY/xmdXrw03h+Q6CeJHmGEeYTh57Xf3Lhoa1kCM7DIDKcx45W2
-CUFr4GOT9Z9TFwRtCOf+OJ4ngilVRvd6ZWF9Ho+MNXCKKpTcYsXbFri/Z5z34Qn8
-CNeVrp2cJ/R8cTdiyAkLtgZWN//6/LrCJWXlwgG0N4r1HtbXVvbfd/qZJhZhi7L2
-X97MRpeA6FU2eZrHATZ7czrMrgUAoZEt+1cKcuhwq02C341axWf7FwbZocRmKcZY
-1IG5idPRjpdhWTq+TRg6Ic+UDscgMDWm7amh3r237gJfr7CMLlcVe4f92XcYY8zR
-lZjivdL0FTiYE9zxrjc1nht0I6MgKj5q0GdneWXAa+MIZo95xhxoaLXE9eyOvMML
-c22LYTMXkPDLaRwuQvHDoEoNi3mUjkCXxsBO8ZVCEtmthNWce1JKqeWCj1yf1MgO
-FArCJzNXHtlgWuYqg7uRAYWgFLjkv0pDfU9ANtkki6fzfKmxz/C6a9BzCqpHEwaP
-rd8mDUcHJyeP
+MIIGzTCCBQCgAwIBAgIUFwJc9YwI4GvZPRSP6TIuMrfQ0SswQgYJKoZIhvcNAQEK
+MDWgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIF
+AKIEAgIBTjCBtjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNV
+BAcMB0JvemVtYW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1D
+bGllbnQtUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NM
+MB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgbYxCzAJBgNVBAYTAlVT
+MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
+b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNQ2xpZW50LVJTQVBTUzEYMBYGA1UEAwwP
+d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCCAaAwCwYJKoZIhvcNAQEKA4IBjwAw
+ggGKAoIBgQC7Bijkf8lBdr4mxqm6COY1nDOgPFurlSPXa2HTLouN7RzZV64aaeLO
+ZYguZQ/L8XnLLEaWPj9bWeW3tbE8fCbkViFRXQR52X9ccVTpHpnB975sD3vvRo1A
+DqNrzpibbA1t0ySdnuhoJZxGYJI3YnMhdxq9XPARbe65b7KONlQ+4XJrNsmISIYY
+bPjXseDk1wwqFcySM4S9cRoHcKoDJOHOwii444P/uhlQt64i/fvrcHCwLRegPqqF
+UENiJF0AUbgR+tjGBkAHvUqwQnBSzxeVsVP8aI0TvqAOxEvLF3LNzQsu/2ZCUMx2
+fXBOfWMW5drh+5lsHQZsq+7TNk7HNF/30B5Q/f5BOSlc4ce/xFA2dYo2TQlqyirM
+GrcNixZtSAc5YfXIB1qcv9Kl8Tk7fr9iMZO6KVrJCdcAMD7YGIyepyh1SaqJNN5a
+FCld/EcFq2qED1csZKs7mLPWSLrb8QPQIPef731SUCjjSO0pPv7/hqNkPX8poqOT
+UuVqw6kTRM8CAwEAAaOCAWcwggFjMB0GA1UdDgQWBBSMAZ9OESQovz7qgupUKskP
+9eTFRzCB9gYDVR0jBIHuMIHrgBSMAZ9OESQovz7qgupUKskP9eTFR6GBvKSBuTCB
+tjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
+YW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1DbGllbnQtUlNB
+UFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
+Zm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMghQXAlz1jAjg
+a9k9FI/pMi4yt9DRKzAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUu
+Y29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBCBgkqhkiG
+9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFl
+AwQCAgUAogQCAgFOA4IBgQAZH4LeLvh86vovpJ0cMUYrifu1uOORSg8z5vhNpPOD
+oSWXi0mmKI9qQVO+/KzyCHLVdFE/Nq9z92ZV3uZolqnRIFXV9SW1jsfVc+SQLH3z
+01ujz0M36jBWon305lrXkqO5jkYJ4czrcy490R3vfGRUCm3zPx930R+mZjHdKL9h
+JYEFGKuKh1rWaL/0oUTkAY6EZsvYzLi3s1D7AjcCAAQZ9YByL/Sf6TC5DWL7Vl7Z
+7Efz7hIxm+up0S19QDE6oM7HhMg9PpqimyJegIaWSHEXXsrSlT7GzBKqFsqn6IdS
+6umwbEzJCyZ+bIuC3AlcggWWD5mCB1jl8IUQx1fG561J/Y1da0iST1Dk1DHv84ub
+FeDeXtMMP5YZPC/yk+gDC92mTQq1/Vyv30685vyQi3oxm2kAvBECSUu7L03ZdG9M
+Wgy3VOnNl1B/AdQWjsePJmK1azPvuAJbOQBOY6dHEUrtQ97Qc+2S/C5spIBWyVLC
+BQsH/mPyoGhNnLVuG27fs+4=
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/client-rsapss.der b/certs/rsapss/client-rsapss.der
index 56a5cc87e..898826a23 100644
Binary files a/certs/rsapss/client-rsapss.der and b/certs/rsapss/client-rsapss.der differ
diff --git a/certs/rsapss/client-rsapss.pem b/certs/rsapss/client-rsapss.pem
index a2e0d319c..c21443fd4 100644
--- a/certs/rsapss/client-rsapss.pem
+++ b/certs/rsapss/client-rsapss.pem
@@ -2,20 +2,20 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            66:c1:2c:85:1b:16:4c:37:fa:23:50:5c:f1:4b:99:11:2f:2c:ea:e0
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+            10:71:71:77:7a:99:10:aa:85:48:43:9f:0c:be:07:89:8a:3d:b3:ea
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c6:87:be:60:87:43:7d:c4:ac:e4:fa:3c:12:1d:
                     c7:cf:ea:5c:c4:93:72:e2:0d:37:47:33:3d:e0:a5:
@@ -37,76 +37,76 @@ Certificate:
                     e1:e7
                 Exponent: 65537 (0x10001)
                 PSS parameter restrictions:
-                  Hash Algorithm: sha256
-                  Mask Algorithm: mgf1 with sha256
-                  Minimum Salt Length: 0x20
-                  Trailer Field: 0xBC (default)
+                  Hash Algorithm: SHA2-256
+                  Mask Algorithm: MGF1 with SHA2-256
+                  Minimum Salt Length: 32
+                  Trailer Field: 0x1 (default)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 59:71:87:88:D0:3E:C7:EE:08:4D:80:F2:C9:FC:CF:3D:76:E6:A5:62
             X509v3 Authority Key Identifier: 
                 keyid:59:71:87:88:D0:3E:C7:EE:08:4D:80:F2:C9:FC:CF:3D:76:E6:A5:62
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_RSAPSS/OU=Client-RSAPSS/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
-                serial:66:C1:2C:85:1B:16:4C:37:FA:23:50:5C:F1:4B:99:11:2F:2C:EA:E0
-
+                serial:10:71:71:77:7A:99:10:AA:85:48:43:9F:0C:BE:07:89:8A:3D:B3:EA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
                 DNS:example.com, IP Address:127.0.0.1
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         b0:79:5c:92:53:67:6c:04:98:74:61:9e:10:7d:17:59:0e:a6:
-         41:0b:84:df:a7:8a:2e:5e:c5:5b:2a:f9:1f:bc:34:36:94:d5:
-         d4:cf:fd:91:b6:7c:ee:db:07:21:12:ef:d1:06:ba:99:d1:4c:
-         e7:c5:db:96:00:dc:87:a7:40:54:0d:6a:a1:2e:31:34:59:bd:
-         02:78:40:85:cb:ea:fc:8c:bc:d6:1a:89:c9:3a:5c:06:c0:b2:
-         e6:cc:d2:ba:99:8a:62:81:f0:54:b6:18:56:91:2e:62:e4:16:
-         83:30:68:70:1b:bd:18:49:a0:14:a1:8d:10:b5:67:22:09:7d:
-         c1:f5:52:cd:9e:7b:bb:9d:64:78:fe:e9:f4:b7:9c:91:23:d5:
-         eb:73:f6:64:f8:b2:ec:be:90:da:e1:f0:6e:71:e4:ec:19:91:
-         3d:c4:e2:d9:f8:24:0c:93:47:16:57:03:67:1f:81:ac:d3:fb:
-         0c:04:d8:20:e1:74:0d:7c:20:99:dd:c5:dc:fd:eb:1e:49:5d:
-         1a:e6:7b:fc:77:b0:66:08:7c:c3:9b:9a:77:b6:b9:f7:8c:65:
-         21:0c:e8:12:f7:93:a1:c7:2d:03:0e:91:e4:f9:98:68:47:d2:
-         5d:c4:53:e7:96:02:76:75:63:f0:d0:67:ca:77:75:bc:1a:87:
-         d3:94:99:b1
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        c5:28:ca:e1:d5:b6:c2:b7:6e:bf:41:9b:6e:09:0f:04:70:7b:
+        fc:12:ec:12:45:7b:93:c2:7b:2c:e7:f4:bd:ae:2b:72:0e:3e:
+        82:a4:c5:e9:80:75:ad:df:86:2e:44:22:5a:0d:ae:79:d8:d2:
+        14:bc:1d:d5:73:55:29:55:6a:33:ae:1e:4a:6e:3f:59:11:a2:
+        9f:61:1f:af:46:8f:ee:0e:5e:e2:c4:cf:48:4a:f2:04:b8:2a:
+        04:eb:1d:3d:7b:e2:34:a7:67:8d:57:ea:59:1a:8d:e0:22:53:
+        83:7a:98:63:8d:93:e5:31:e5:8b:26:2a:56:8b:fc:57:ff:6f:
+        bb:f5:92:a4:0c:f3:f6:0d:25:8d:e6:a2:be:86:91:fa:63:0c:
+        c4:08:58:59:8d:44:bc:0c:a3:2c:20:07:68:43:66:dc:86:82:
+        63:17:5e:1d:28:ba:a5:de:03:5a:0b:dc:10:e6:ae:7e:ce:4b:
+        f2:42:41:9f:e7:7f:e9:ad:63:5d:dd:cd:8e:6c:ec:6a:2a:4f:
+        97:1b:bb:95:a3:84:88:f5:ef:1e:ed:7a:7f:47:7a:a1:f5:30:
+        f6:cb:7f:68:02:24:5b:be:5d:91:2a:38:1d:c7:49:32:a6:24:
+        4b:70:db:94:68:3e:65:9a:7d:13:b1:3a:70:a6:e2:be:4f:70:
+        b6:5e:dc:32
 -----BEGIN CERTIFICATE-----
-MIIF9TCCBK2gAwIBAgIUZsEshRsWTDf6I1Bc8UuZES8s6uAwPQYJKoZIhvcNAQEK
-MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
-ASAwgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNQ2xpZW50
-LVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
-FhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0y
-MzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5MjhaMIG2MQswCQYDVQQGEwJVUzEQMA4G
-A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNT
-TF9SU0FQU1MxFjAUBgNVBAsMDUNsaWVudC1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
-b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
-CgmSJomT8ixkAQEMB3dvbGZTU0wwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
-AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEK
-AoIBAQDGh75gh0N9xKzk+jwSHcfP6lzEk3LiDTdHMz3gpexXFr2AKlr5obfubUZ8
-Ok4k4xdiWjiXCwMTpXpeEaFQ+xttFhNWu3cKe5jMhRHSkzHtdAE4PTcBNtZSwCf7
-U/uu/Va8AoCRgcztUUYWex2O8wZIgygRS7ine+iSjpP0jR36zHwoUT0hmJA/gCq5
-3CKH8I25p7vMpN0lrWWIKPEcT9wE8loPUrY1hFIY17/e49z28DzJ282xSBFLrnwe
-Way1jO4ugw/1KTQ5dMua+qbTY9VpetzyDUNGAxCnsJzNFbM2XkNeBUwDYpkp0FcF
-51TfsOVxOTfxE2ZwEvOHmAmPH+HnAgMBAAGjggFnMIIBYzAdBgNVHQ4EFgQUWXGH
-iNA+x+4ITYDyyfzPPXbmpWIwgfYGA1UdIwSB7jCB64AUWXGHiNA+x+4ITYDyyfzP
-PXbmpWKhgbykgbkwgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
-DgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UE
-CwwNQ2xpZW50LVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJ
-KoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29s
-ZlNTTIIUZsEshRsWTDf6I1Bc8UuZES8s6uAwDAYDVR0TBAUwAwEB/zAcBgNVHREE
-FTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
-BQUHAwIwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B
-AQgwCwYJYIZIAWUDBAIBogMCASADggEBALB5XJJTZ2wEmHRhnhB9F1kOpkELhN+n
-ii5exVsq+R+8NDaU1dTP/ZG2fO7bByES79EGupnRTOfF25YA3IenQFQNaqEuMTRZ
-vQJ4QIXL6vyMvNYaick6XAbAsubM0rqZimKB8FS2GFaRLmLkFoMwaHAbvRhJoBSh
-jRC1ZyIJfcH1Us2ee7udZHj+6fS3nJEj1etz9mT4suy+kNrh8G5x5OwZkT3E4tn4
-JAyTRxZXA2cfgazT+wwE2CDhdA18IJndxdz96x5JXRrme/x3sGYIfMObmne2ufeM
-ZSEM6BL3k6HHLQMOkeT5mGhH0l3EU+eWAnZ1Y/DQZ8p3dbwah9OUmbE=
+MIIGATCCBLWgAwIBAgIUEHFxd3qZEKqFSEOfDL4HiYo9s+owQQYJKoZIhvcNAQEK
+MDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEF
+AKIDAgEgMIG2MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE
+BwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsMDUNs
+aWVudC1SU0FQU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0ww
+HhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBtjELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
+bGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1DbGllbnQtUlNBUFNTMRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20x
+FzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBVjBBBgkqhkiG9w0BAQowNKAPMA0G
+CWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAD
+ggEPADCCAQoCggEBAMaHvmCHQ33ErOT6PBIdx8/qXMSTcuINN0czPeCl7FcWvYAq
+Wvmht+5tRnw6TiTjF2JaOJcLAxOlel4RoVD7G20WE1a7dwp7mMyFEdKTMe10ATg9
+NwE21lLAJ/tT+679VrwCgJGBzO1RRhZ7HY7zBkiDKBFLuKd76JKOk/SNHfrMfChR
+PSGYkD+AKrncIofwjbmnu8yk3SWtZYgo8RxP3ATyWg9StjWEUhjXv97j3PbwPMnb
+zbFIEUuufB5ZrLWM7i6DD/UpNDl0y5r6ptNj1Wl63PINQ0YDEKewnM0VszZeQ14F
+TANimSnQVwXnVN+w5XE5N/ETZnAS84eYCY8f4ecCAwEAAaOCAWcwggFjMB0GA1Ud
+DgQWBBRZcYeI0D7H7ghNgPLJ/M89dualYjCB9gYDVR0jBIHuMIHrgBRZcYeI0D7H
+7ghNgPLJ/M89dualYqGBvKSBuTCBtjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v
+bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNT
+MRYwFAYDVQQLDA1DbGllbnQtUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5j
+b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/Is
+ZAEBDAd3b2xmU1NMghQQcXF3epkQqoVIQ58MvgeJij2z6jAMBgNVHRMEBTADAQH/
+MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUF
+BwMBBggrBgEFBQcDAjBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRww
+GgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAMUoyuHVtsK3br9B
+m24JDwRwe/wS7BJFe5PCeyzn9L2uK3IOPoKkxemAda3fhi5EIloNrnnY0hS8HdVz
+VSlVajOuHkpuP1kRop9hH69Gj+4OXuLEz0hK8gS4KgTrHT174jSnZ41X6lkajeAi
+U4N6mGONk+Ux5YsmKlaL/Ff/b7v1kqQM8/YNJY3mor6GkfpjDMQIWFmNRLwMoywg
+B2hDZtyGgmMXXh0ouqXeA1oL3BDmrn7OS/JCQZ/nf+mtY13dzY5s7GoqT5cbu5Wj
+hIj17x7ten9HeqH1MPbLf2gCJFu+XZEqOB3HSTKmJEtw25RoPmWafROxOnCm4r5P
+cLZe3DI=
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/root-3072-rsapss.der b/certs/rsapss/root-3072-rsapss.der
index 265945fbe..15ff4dda9 100644
Binary files a/certs/rsapss/root-3072-rsapss.der and b/certs/rsapss/root-3072-rsapss.der differ
diff --git a/certs/rsapss/root-3072-rsapss.pem b/certs/rsapss/root-3072-rsapss.pem
index 77e180411..d229a3183 100644
--- a/certs/rsapss/root-3072-rsapss.pem
+++ b/certs/rsapss/root-3072-rsapss.pem
@@ -2,20 +2,20 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            25:af:7b:c5:57:c8:31:42:fc:85:76:76:7a:01:a9:ca:68:a3:6a:d7
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
+            7a:3d:5f:e1:2a:a5:f1:c2:27:b6:bd:6b:ef:c6:7c:57:16:e2:3f:fe
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:ad:cd:ed:4f:94:27:fa:57:28:90:bc:e5:35:b6:
                     96:36:18:25:45:e1:de:aa:87:98:88:61:2b:97:2a:
@@ -49,69 +49,68 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
             X509v3 Authority Key Identifier: 
-                keyid:AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
-
+                AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
-
-         8f:d2:c7:8f:7f:7d:4e:ca:13:59:51:bb:2d:51:c7:bc:70:3c:
-         2d:a7:44:e2:b7:14:f2:1f:6f:9e:81:92:8d:f4:65:45:7d:72:
-         91:37:8f:21:b2:cf:aa:94:a2:cc:fe:63:a5:96:a3:a4:9c:f4:
-         ae:da:bd:b0:33:61:0b:54:05:da:7b:5a:7b:cc:5d:1a:59:a7:
-         59:ad:29:73:e2:ec:e8:ac:f4:89:f4:3b:4d:17:a8:72:ae:d0:
-         78:a1:f2:57:2a:15:e1:07:6c:c1:69:92:6a:a4:ea:24:30:bc:
-         fb:d4:95:6f:b9:dc:0e:4f:3e:a3:1f:e5:2e:2e:b0:5a:0a:1a:
-         39:e3:a8:7a:2c:03:32:c2:f7:b5:55:a6:2b:dc:6c:de:13:fc:
-         fa:bd:5f:ee:fe:af:a8:4b:c1:2e:2b:da:c1:29:d3:92:a6:3a:
-         dc:04:84:67:84:63:f8:b0:f0:4b:8f:5e:16:cd:97:22:32:28:
-         2d:bb:2d:07:74:49:1b:78:ce:4e:4b:ac:57:f8:21:f2:f6:2a:
-         0d:ad:ea:2a:3f:ed:c1:fc:9e:dc:62:b3:f3:43:bd:1d:14:e3:
-         97:51:1b:ef:df:0d:b4:04:b4:7a:8b:7a:16:be:d5:40:77:07:
-         cf:87:e3:2e:5e:df:ee:a2:bd:3c:50:af:a7:d1:34:84:50:9f:
-         73:2d:89:12:4b:8f:34:d6:6b:80:94:36:16:16:b0:5c:bc:36:
-         36:12:44:8b:f4:20:ef:08:3d:8c:d6:81:66:61:0e:57:85:54:
-         82:b3:f8:e3:98:21:44:ea:4a:a6:ff:ec:aa:b5:58:23:6a:03:
-         ed:c2:8c:22:f5:3d:14:7e:ff:f6:16:76:2e:20:2e:1a:1b:9c:
-         4c:6c:8d:f5:de:1c:09:59:67:ce:73:47:11:c7:ed:43:df:05:
-         07:75:e0:8e:15:96:61:4a:e9:32:0d:35:86:cc:1b:a1:7a:3a:
-         a3:8f:58:e2:21:fd:4b:d9:62:82:83:56:ed:dc:61:c2:13:79:
-         80:1c:89:f7:fc:02
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
+        30:fb:47:65:a5:bd:5e:d1:c0:5b:31:73:c5:6e:77:85:0d:a2:
+        25:99:89:a0:77:e3:03:17:82:78:b8:5f:01:d6:be:03:e3:7e:
+        2b:6b:9e:50:48:b3:14:1d:1a:e6:a7:b7:e7:f5:c8:9a:82:fd:
+        4e:0b:d6:e4:8f:c1:c9:66:c7:c8:54:c2:09:74:1e:70:4d:8f:
+        b8:8c:b3:86:20:8c:1e:90:10:c3:d2:df:bf:26:e2:77:f7:5b:
+        7a:f4:ce:52:ec:b9:b2:1b:c1:f4:e8:c7:09:0b:2d:24:fa:43:
+        08:5e:a6:f5:08:8a:c6:3f:11:64:10:c4:66:30:8a:a8:0e:6e:
+        80:d7:c7:ce:94:22:d5:bb:d9:e2:14:b4:ea:4e:ac:b0:b6:c2:
+        94:b8:c7:bd:8e:24:f9:f4:6d:0c:38:4c:29:2e:f9:56:30:23:
+        98:15:63:1e:8a:ba:26:15:d7:b2:14:f3:a0:8c:88:47:40:aa:
+        86:e2:b7:6b:6e:f6:99:ff:a7:73:3d:b1:ca:21:2c:9c:e3:bd:
+        e7:a8:cd:63:48:61:c5:23:d7:1c:73:af:81:f4:77:70:38:03:
+        6e:0c:98:a2:57:8b:70:5a:25:4e:e3:c0:fa:69:cc:88:f1:28:
+        c8:91:c6:31:8c:40:fd:94:dc:64:94:c4:13:73:8e:29:2c:72:
+        f6:e9:7d:08:2d:4c:cc:00:2f:a1:3a:19:03:4f:05:0f:e3:6c:
+        64:29:bf:49:c5:19:bc:58:2e:ea:f0:36:2e:52:8e:99:04:a3:
+        d6:03:e4:da:36:70:e4:c9:86:c3:96:a6:09:54:e4:aa:57:f8:
+        a2:09:48:89:3a:5d:a1:b0:27:25:d0:f0:31:4e:36:91:b5:55:
+        65:d1:8c:c0:8d:fd:83:0d:d4:5b:86:e5:2b:85:f6:1e:fa:a7:
+        36:ec:12:a4:88:8d:d7:a0:60:a4:27:85:b8:aa:d9:1f:8a:ba:
+        14:79:45:cc:51:5b:18:cf:89:24:9d:8b:f0:2f:74:c2:ce:8a:
+        82:73:3c:6b:eb:6c
 -----BEGIN CERTIFICATE-----
-MIIFjTCCA8SgAwIBAgIUJa97xVfIMUL8hXZ2egGpymijatcwPgYJKoZIhvcNAQEK
-MDGgDTALBglghkgBZQMEAgKhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQC
-AgFOMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
-Qm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxSb290
-LVJTQS1QU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
-MjhaMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
-Qm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxSb290
-LVJTQS1QU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTCCAaAwCwYJKoZIhvcNAQEKA4IBjwAwggGKAoIB
-gQCtze1PlCf6VyiQvOU1tpY2GCVF4d6qh5iIYSuXKuRO9gY2HDi1Xa6ZWZlwARL5
-Akl7rsGqeEEmm/YxCa8Ka+vyjDkv+f7gOKYvAO5AbpSMvj/BPms6rpHm1mw0GlSI
-tji4+MlYtI6ZDKs3bqFQJfHk4nZ4nJUSfjV/dGUdebeBRHijU/P0HBeAFbfB96Gz
-C2la5xJrSR8KhIhwGXMWvhzNtODnvwRhutpE61JBeka4jgKDwXUFYNBsDnV9Up75
-OBfeqMxc3eYCi/UwQxxamI/Dwdlf5m9u8XTW3otfi841ivRYig5r2pfNimqxf4NO
-fK62eI5R6Ek00Wjj0L9bsxda4NeUIBIme50Z+h4WZWXhVLv5T55j2twQ3LCbCSTV
-C5eD6yyzHhVQOJMGWowREmMhMZHDfL9U7SwvvPdjpDg2XPO7cT0NFfZavEzueFAx
-YUC/RSjStS/BCK++1gMAzxlp46CwkuwmQl4CpdEtz7hj386zImwa012JFZrEd5jN
-lX8CAwEAAaNjMGEwHQYDVR0OBBYEFKpx07GKS7tHFUdfm9AradFvhV72MB8GA1Ud
-IwQYMBaAFKpx07GKS7tHFUdfm9AradFvhV72MA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgGGMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZIAWUDBAICoRowGAYJ
-KoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIBTgOCAYEAj9LHj399TsoTWVG7LVHH
-vHA8LadE4rcU8h9vnoGSjfRlRX1ykTePIbLPqpSizP5jpZajpJz0rtq9sDNhC1QF
-2ntae8xdGlmnWa0pc+Ls6Kz0ifQ7TReocq7QeKHyVyoV4QdswWmSaqTqJDC8+9SV
-b7ncDk8+ox/lLi6wWgoaOeOoeiwDMsL3tVWmK9xs3hP8+r1f7v6vqEvBLivawSnT
-kqY63ASEZ4Rj+LDwS49eFs2XIjIoLbstB3RJG3jOTkusV/gh8vYqDa3qKj/twfye
-3GKz80O9HRTjl1Eb798NtAS0eot6Fr7VQHcHz4fjLl7f7qK9PFCvp9E0hFCfcy2J
-EkuPNNZrgJQ2FhawXLw2NhJEi/Qg7wg9jNaBZmEOV4VUgrP445ghROpKpv/sqrVY
-I2oD7cKMIvU9FH7/9hZ2LiAuGhucTGyN9d4cCVlnznNHEcftQ98FB3XgjhWWYUrp
-Mg01hswboXo6o49Y4iH9S9ligoNW7dxhwhN5gByJ9/wC
+MIIFlTCCA8igAwIBAgIUej1f4Sql8cIntr1r78Z8VxbiP/4wQgYJKoZIhvcNAQEK
+MDWgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIF
+AKIEAgIBTjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNV
+BAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfUlNBLVBTUzEVMBMGA1UECwwM
+Um9vdC1SU0EtUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0
+MjEyNTMwWjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNV
+BAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfUlNBLVBTUzEVMBMGA1UECwwM
+Um9vdC1SU0EtUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIB
+igKCAYEArc3tT5Qn+lcokLzlNbaWNhglReHeqoeYiGErlyrkTvYGNhw4tV2umVmZ
+cAES+QJJe67BqnhBJpv2MQmvCmvr8ow5L/n+4DimLwDuQG6UjL4/wT5rOq6R5tZs
+NBpUiLY4uPjJWLSOmQyrN26hUCXx5OJ2eJyVEn41f3RlHXm3gUR4o1Pz9BwXgBW3
+wfehswtpWucSa0kfCoSIcBlzFr4czbTg578EYbraROtSQXpGuI4Cg8F1BWDQbA51
+fVKe+TgX3qjMXN3mAov1MEMcWpiPw8HZX+ZvbvF01t6LX4vONYr0WIoOa9qXzYpq
+sX+DTnyutniOUehJNNFo49C/W7MXWuDXlCASJnudGfoeFmVl4VS7+U+eY9rcENyw
+mwkk1QuXg+sssx4VUDiTBlqMERJjITGRw3y/VO0sL7z3Y6Q4Nlzzu3E9DRX2WrxM
+7nhQMWFAv0Uo0rUvwQivvtYDAM8ZaeOgsJLsJkJeAqXRLc+4Y9/OsyJsGtNdiRWa
+xHeYzZV/AgMBAAGjYzBhMB0GA1UdDgQWBBSqcdOxiku7RxVHX5vQK2nRb4Ve9jAf
+BgNVHSMEGDAWgBSqcdOxiku7RxVHX5vQK2nRb4Ve9jAPBgNVHRMBAf8EBTADAQH/
+MA4GA1UdDwEB/wQEAwIBhjBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgFOA4IBgQAw+0dlpb1e
+0cBbMXPFbneFDaIlmYmgd+MDF4J4uF8B1r4D434ra55QSLMUHRrmp7fn9ciagv1O
+C9bkj8HJZsfIVMIJdB5wTY+4jLOGIIwekBDD0t+/JuJ391t69M5S7LmyG8H06McJ
+Cy0k+kMIXqb1CIrGPxFkEMRmMIqoDm6A18fOlCLVu9niFLTqTqywtsKUuMe9jiT5
+9G0MOEwpLvlWMCOYFWMeiromFdeyFPOgjIhHQKqG4rdrbvaZ/6dzPbHKISyc473n
+qM1jSGHFI9ccc6+B9HdwOANuDJiiV4twWiVO48D6acyI8SjIkcYxjED9lNxklMQT
+c44pLHL26X0ILUzMAC+hOhkDTwUP42xkKb9JxRm8WC7q8DYuUo6ZBKPWA+TaNnDk
+yYbDlqYJVOSqV/iiCUiJOl2hsCcl0PAxTjaRtVVl0YzAjf2DDdRbhuUrhfYe+qc2
+7BKkiI3XoGCkJ4W4qtkfiroUeUXMUVsYz4kknYvwL3TCzoqCczxr62w=
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/root-rsapss.der b/certs/rsapss/root-rsapss.der
index 5538f1023..8e65d843e 100644
Binary files a/certs/rsapss/root-rsapss.der and b/certs/rsapss/root-rsapss.der differ
diff --git a/certs/rsapss/root-rsapss.pem b/certs/rsapss/root-rsapss.pem
index d22f5b04e..5fd261e87 100644
--- a/certs/rsapss/root-rsapss.pem
+++ b/certs/rsapss/root-rsapss.pem
@@ -2,20 +2,20 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            73:13:23:bb:43:e9:76:b0:ce:25:f7:d5:65:b4:8f:7a:e5:7f:be:4f
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+            49:11:5c:6b:2a:d6:cc:28:df:24:40:1b:9f:b4:a9:ac:a6:40:9f:be
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:99:0a:01:b6:d1:40:7b:0c:ae:17:7e:e1:5c:8d:
                     fb:6b:cc:8f:06:51:75:e6:f0:97:ce:2f:76:fa:31:
@@ -37,66 +37,65 @@ Certificate:
                     ef:f5
                 Exponent: 65537 (0x10001)
                 PSS parameter restrictions:
-                  Hash Algorithm: sha256
-                  Mask Algorithm: mgf1 with sha256
-                  Minimum Salt Length: 0x20
-                  Trailer Field: 0xBC (default)
+                  Hash Algorithm: SHA2-256
+                  Mask Algorithm: MGF1 with SHA2-256
+                  Minimum Salt Length: 32
+                  Trailer Field: 0x1 (default)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
             X509v3 Authority Key Identifier: 
-                keyid:64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
-
+                64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         0f:1c:2d:bd:46:35:3b:80:d7:d1:45:74:d4:54:8d:ff:b0:29:
-         06:be:e4:c7:cc:93:06:9d:2c:0f:7d:82:2a:76:ed:36:4a:71:
-         cd:6b:47:94:e9:c9:29:c7:17:4e:c4:0a:0d:4a:53:92:fb:72:
-         b8:a7:a1:bb:87:fc:e1:7e:51:1b:b5:d7:34:63:7e:9f:ff:70:
-         2a:45:3c:db:fc:0a:d6:59:3a:76:30:09:81:40:94:28:4b:ca:
-         36:62:1f:d9:8a:58:3d:b1:3e:8e:9e:c2:01:2c:f9:aa:71:61:
-         0c:6f:46:99:c8:cb:a6:c5:9e:4a:40:3d:84:af:2f:0c:45:59:
-         f5:a9:c5:44:b6:4d:b7:d5:fd:5d:f3:5b:8d:0b:6a:69:e7:30:
-         76:76:ef:ee:ad:80:e3:45:92:a9:fa:32:43:bc:2c:c5:51:f4:
-         6e:3a:42:8e:fc:a1:eb:03:ca:3c:c5:fc:d7:62:cb:d5:34:92:
-         59:2d:f7:d0:fc:f2:e1:2c:5c:c2:94:f4:9d:3b:8f:d8:46:ed:
-         29:21:5c:1b:c6:da:30:71:8d:9f:00:03:82:34:33:1d:d7:20:
-         e8:4f:9f:9e:bd:91:25:fa:f7:0b:6a:64:99:ad:f3:f7:66:a4:
-         cd:b3:6d:e7:ec:06:9b:88:ce:a7:ef:59:e3:d0:6c:22:af:b8:
-         ce:7a:3b:60
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        62:9f:f5:04:3b:f8:a2:c2:9c:57:1c:9f:db:2d:6a:07:e1:0a:
+        c0:84:65:06:3c:a1:64:f4:1b:f0:ae:d3:a3:29:b1:26:ef:9f:
+        cb:e2:d9:ab:04:11:81:e1:f2:ef:18:5f:4d:c5:0f:e7:d0:6b:
+        02:d4:d8:32:1d:81:90:85:cf:aa:59:cc:fe:e2:9a:66:1c:80:
+        e8:5a:59:f2:d6:e7:1e:6e:de:64:96:bb:d5:75:8c:02:b5:53:
+        eb:71:18:d1:44:08:c4:7e:a9:de:c0:cf:54:ce:2f:ba:4e:6b:
+        a3:5c:1d:75:66:de:9c:6f:12:8c:80:e5:e0:3a:89:46:bd:fe:
+        3b:39:31:f3:b4:12:2b:5b:68:7f:b5:9b:4c:27:d4:c1:3c:5c:
+        89:12:e3:04:ba:26:3b:60:5a:0c:1e:18:26:8f:07:5c:ae:32:
+        e7:54:3e:c3:64:ce:22:28:e4:05:a4:94:e8:2c:9e:37:60:91:
+        b5:fa:96:66:e5:cc:6e:a1:25:a7:72:eb:69:49:78:93:51:0f:
+        d6:1e:51:c3:70:0b:86:18:61:ed:95:46:17:1b:56:bb:9a:45:
+        0d:58:ce:4a:4e:8d:92:fb:53:16:88:a6:d5:c8:38:4d:e7:eb:
+        3d:32:d7:5d:bd:9b:fa:c6:0a:57:ea:9e:d9:7b:54:84:38:7a:
+        14:30:ff:5f
 -----BEGIN CERTIFICATE-----
-MIIEvTCCA3WgAwIBAgIUcxMju0PpdrDOJffVZbSPeuV/vk8wPQYJKoZIhvcNAQEK
-MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
-ASAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3Qt
-UlNBLVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
-FhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTky
-OFowgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3Qt
-UlNBLVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
-FhBpbmZvQHdvbGZzc2wuY29tMIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFl
-AwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKC
-AQEAmQoBttFAewyuF37hXI37a8yPBlF15vCXzi92+jG973myLuS1ER/LKa0X7jIp
-BJqaFUNM52e4DnjP6944a0I5ZZAZ4FuUjujiGEvF0m7WePCJw9mw3BZ+aHK1ChvO
-siSMoMf8xthyrLd4wwV613iqfKusjK8K1+tLtSxA3b5aSk1tkwJp4gjll6lAbhg4
-be+OJ+NY+/Ob8Rn5kJpGjieWaP92wzbjc+LrzQCXNelkzTsN4/IC+4Cq3VXhLRA/
-CGK+q9xIDIW1XvsSyZ7Au/EKGGwV+edEShUJc0nYDJb33NACYsqRgfSyPLolqZiE
-0HUqsX+PnfjKluCClOOKs/bv9QIDAQABo2MwYTAdBgNVHQ4EFgQUZNXsgoeA3lrt
-SZjYDFR9Rp6lPNYwHwYDVR0jBBgwFoAUZNXsgoeA3lrtSZjYDFR9Rp6lPNYwDwYD
-VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwPQYJKoZIhvcNAQEKMDCgDTAL
-BglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEB
-AA8cLb1GNTuA19FFdNRUjf+wKQa+5MfMkwadLA99gip27TZKcc1rR5TpySnHF07E
-Cg1KU5L7crinobuH/OF+URu11zRjfp//cCpFPNv8CtZZOnYwCYFAlChLyjZiH9mK
-WD2xPo6ewgEs+apxYQxvRpnIy6bFnkpAPYSvLwxFWfWpxUS2TbfV/V3zW40Lamnn
-MHZ27+6tgONFkqn6MkO8LMVR9G46Qo78oesDyjzF/Ndiy9U0klkt99D88uEsXMKU
-9J07j9hG7SkhXBvG2jBxjZ8AA4I0Mx3XIOhPn569kSX69wtqZJmt8/dmpM2zbefs
-BpuIzqfvWePQbCKvuM56O2A=
+MIIEyTCCA32gAwIBAgIUSRFcayrWzCjfJEAbn7SprKZAn74wQQYJKoZIhvcNAQEK
+MDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEF
+AKIDAgEgMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE
+BwwHQm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxS
+b290LVJTQS1QU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQy
+MTI1MzBaMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE
+BwwHQm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxS
+b290LVJTQS1QU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCAVYwQQYJKoZIhvcNAQEKMDSgDzANBglg
+hkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IB
+DwAwggEKAoIBAQCZCgG20UB7DK4XfuFcjftrzI8GUXXm8JfOL3b6Mb3vebIu5LUR
+H8sprRfuMikEmpoVQ0znZ7gOeM/r3jhrQjllkBngW5SO6OIYS8XSbtZ48InD2bDc
+Fn5ocrUKG86yJIygx/zG2HKst3jDBXrXeKp8q6yMrwrX60u1LEDdvlpKTW2TAmni
+COWXqUBuGDht744n41j785vxGfmQmkaOJ5Zo/3bDNuNz4uvNAJc16WTNOw3j8gL7
+gKrdVeEtED8IYr6r3EgMhbVe+xLJnsC78QoYbBX550RKFQlzSdgMlvfc0AJiypGB
+9LI8uiWpmITQdSqxf4+d+MqW4IKU44qz9u/1AgMBAAGjYzBhMB0GA1UdDgQWBBRk
+1eyCh4DeWu1JmNgMVH1GnqU81jAfBgNVHSMEGDAWgBRk1eyCh4DeWu1JmNgMVH1G
+nqU81jAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjBBBgkqhkiG9w0B
+AQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQC
+AQUAogMCASADggEBAGKf9QQ7+KLCnFccn9stagfhCsCEZQY8oWT0G/Cu06MpsSbv
+n8vi2asEEYHh8u8YX03FD+fQawLU2DIdgZCFz6pZzP7immYcgOhaWfLW5x5u3mSW
+u9V1jAK1U+txGNFECMR+qd7Az1TOL7pOa6NcHXVm3pxvEoyA5eA6iUa9/js5MfO0
+EitbaH+1m0wn1ME8XIkS4wS6JjtgWgweGCaPB1yuMudUPsNkziIo5AWklOgsnjdg
+kbX6lmblzG6hJady62lJeJNRD9YeUcNwC4YYYe2VRhcbVruaRQ1YzkpOjZL7UxaI
+ptXIOE3n6z0y1129m/rGClfqntl7VIQ4ehQw/18=
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/server-3072-rsapss-cert.pem b/certs/rsapss/server-3072-rsapss-cert.pem
index 600e757ca..37e4fff93 100644
--- a/certs/rsapss/server-3072-rsapss-cert.pem
+++ b/certs/rsapss/server-3072-rsapss-cert.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:be:84:78:d3:6b:7d:b2:ae:51:88:68:6a:33:f1:
                     f9:c5:1a:6f:97:71:94:22:f4:c2:f0:49:88:2b:a4:
@@ -48,8 +48,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 C8:F1:E9:1E:60:01:C8:23:CC:D7:98:B3:BB:65:7A:32:C4:4B:93:39
             X509v3 Authority Key Identifier: 
-                keyid:F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
-
+                F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -58,65 +57,65 @@ Certificate:
                 TLS Web Server Authentication
             Netscape Cert Type: 
                 SSL Server
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
-
-         a1:de:92:ed:d2:4f:c8:85:21:4f:96:af:a2:74:a9:e7:3d:c7:
-         f5:84:8e:4c:6c:29:2b:ed:24:5e:60:ea:bb:43:c0:7f:b3:5d:
-         e5:d9:44:34:b3:d0:e1:d2:04:c1:f4:88:e3:7a:c8:a5:cb:85:
-         3e:27:52:d9:f4:c2:9e:45:35:e8:2b:ca:2d:c3:d4:30:53:c5:
-         c1:f4:9c:d1:98:bf:80:c2:91:88:da:37:f5:ed:6f:5f:73:83:
-         e7:3c:94:c9:b8:fe:e5:aa:0b:18:f4:69:92:a9:38:58:42:6a:
-         8b:2e:c0:37:aa:3e:50:8e:e9:93:26:ba:cd:28:da:79:fb:cf:
-         4d:8f:03:b8:e3:bd:5f:d2:c6:ad:42:66:9f:4d:51:fc:16:1a:
-         e9:80:45:45:c5:fe:e2:1e:15:08:5f:e8:dc:2d:03:e9:08:03:
-         ae:1a:dd:a0:3b:b9:65:98:c3:01:4a:4b:4f:ad:3d:20:cd:d0:
-         60:b8:7a:7b:26:4d:cb:ff:b4:f0:d2:9b:cf:ce:8e:d3:32:14:
-         23:a2:52:c8:20:fc:9c:23:21:13:e9:eb:2e:c0:1b:18:e8:09:
-         ac:e9:c9:2e:5e:63:6f:c4:60:b5:2c:61:12:25:a0:72:fe:ed:
-         7d:74:62:b5:2e:7a:91:83:96:64:ff:c2:ef:6f:8c:a8:7e:22:
-         d8:79:d1:16:d9:96:87:9e:9e:c4:34:71:cd:0c:ec:ac:e1:60:
-         44:29:b3:72:94:46:ea:08:82:c2:fa:05:55:c7:e5:16:5f:3b:
-         16:02:34:3c:ca:44:f8:a4:ba:c8:ae:7b:83:79:d7:20:45:14:
-         6a:5a:b7:85:80:ce:aa:cb:dc:46:41:70:01:54:dd:f4:58:20:
-         da:1d:df:2f:61:53:d4:57:de:53:4c:56:d0:70:60:59:1f:f8:
-         84:25:11:74:b1:12:1c:90:ef:11:07:65:ec:a3:64:df:0b:51:
-         d0:65:70:9c:a1:2f:9b:dd:10:dc:33:b3:1a:8e:5a:8a:68:43:
-         7f:9e:6b:b8:a4:33
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
+        94:26:51:a5:1f:de:83:65:08:74:bb:e8:d8:4f:79:a8:2a:18:
+        48:c2:cd:53:bf:46:27:11:3d:ec:65:35:47:42:f1:85:94:da:
+        da:eb:23:e4:78:54:78:80:e1:a8:7b:17:22:b2:ea:8b:4d:05:
+        8c:9e:16:30:62:92:09:c5:4f:46:d0:c2:4b:f0:2e:79:a3:23:
+        ee:8c:67:7e:7b:0f:39:d7:ce:52:4c:ea:d8:1e:0a:57:06:b1:
+        ad:c7:b0:19:90:cf:6c:68:54:78:6b:b7:ee:5c:bf:01:6c:a2:
+        15:19:6f:5f:a4:81:ce:66:ff:53:f7:68:e1:5c:e1:8d:bd:7e:
+        5a:02:56:48:1c:bf:52:08:21:6a:c9:3f:99:c6:d3:be:b8:66:
+        1b:db:4b:16:d8:f2:7b:95:be:1b:62:07:a4:ac:01:c0:a0:19:
+        2b:4b:f8:ca:d8:60:95:7a:65:fd:1c:3b:ad:71:6f:a1:11:07:
+        2e:83:78:60:55:be:12:6e:d2:98:f0:bf:87:51:17:90:93:f7:
+        2c:8e:ff:26:c1:a2:88:8d:47:9e:6f:b0:62:ee:de:74:d3:02:
+        b8:81:7b:2e:8c:99:3d:bf:43:92:cb:30:33:ec:52:66:47:99:
+        37:4a:65:75:87:f5:9f:bd:38:77:f6:52:a5:78:e3:80:30:20:
+        35:a9:af:4a:75:c5:81:47:6d:3a:9a:96:13:73:2f:13:8d:23:
+        c5:0d:06:5a:55:59:7e:e3:d5:72:7c:2e:38:86:92:dc:5a:dc:
+        19:c4:de:cd:e2:a9:27:c2:44:01:02:f2:df:97:4f:22:47:49:
+        32:e9:37:a4:82:89:1d:57:f1:c7:4a:1e:76:53:71:ec:dc:a6:
+        19:e6:d8:2f:f5:73:58:9e:e4:66:20:6a:88:97:88:a4:49:19:
+        16:f9:c8:da:61:84:66:c7:61:6e:e9:ee:f0:9f:22:fa:86:98:
+        8c:2a:72:2e:c8:ff:cc:98:95:68:24:cd:08:ad:47:eb:eb:47:
+        96:69:fb:af:1c:d2
 -----BEGIN CERTIFICATE-----
-MIIFzzCCBAagAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgbIxCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
-b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
-BgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIy
-MTkyOVowgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH
-DAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNU2Vy
-dmVyLVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
-AQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCC
-AaAwCwYJKoZIhvcNAQEKA4IBjwAwggGKAoIBgQC+hHjTa32yrlGIaGoz8fnFGm+X
-cZQi9MLwSYgrpE0Vb9vM1MZvdabiIgavkSZOoC2XF5ULQBp1I5ux4NddzA1fCZ7J
-tz345WK7NHWZDObafZVA7l8ndvnK1g0epwafxXVXlkS5c/TeqqmvvkuY82zI2tmi
-JjUhQOdnS+LZxE+4llQXWdjKr7FWR74VWwXTKczsK5n6Exoq0GHRQcInXdmn8iko
-6/vlicUBg4gd3HAajy875TToW+/tdl+KUeotksLmhm1qkpPDbQTFlWgH/poy2TjI
-BuszkrkLzi7Da2qiQWrOCedKkKgvWQ523E+4htBLleYb5MZZJu8cAE7O+89jBX6m
-1Ak5/tN5SfJqahoXyxOlPdn6sKRfGOjlXEs41di4djWgC+GYuVjDiOX4SubQhKNe
-TYXJ1n+dnzUoZlYEJcwbTPfjyzm+4F+ok72hC81j4BYHr0ALy24/gQzNgL8T8ZJX
-oUgX0imwWqLVQoTIbAkxxgWS3aP3Vu3nXymI60sCAwEAAaOBiTCBhjAdBgNVHQ4E
-FgQUyPHpHmAByCPM15izu2V6MsRLkzkwHwYDVR0jBBgwFoAU+ELMiMnIGPnTsCRl
-Bkz/Vau/Dn8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAww
-CgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMD4GCSqGSIb3DQEBCjAxoA0w
-CwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIBTgOC
-AYEAod6S7dJPyIUhT5avonSp5z3H9YSOTGwpK+0kXmDqu0PAf7Nd5dlENLPQ4dIE
-wfSI43rIpcuFPidS2fTCnkU16CvKLcPUMFPFwfSc0Zi/gMKRiNo39e1vX3OD5zyU
-ybj+5aoLGPRpkqk4WEJqiy7AN6o+UI7pkya6zSjaefvPTY8DuOO9X9LGrUJmn01R
-/BYa6YBFRcX+4h4VCF/o3C0D6QgDrhrdoDu5ZZjDAUpLT609IM3QYLh6eyZNy/+0
-8NKbz86O0zIUI6JSyCD8nCMhE+nrLsAbGOgJrOnJLl5jb8RgtSxhEiWgcv7tfXRi
-tS56kYOWZP/C72+MqH4i2HnRFtmWh56exDRxzQzsrOFgRCmzcpRG6giCwvoFVcfl
-Fl87FgI0PMpE+KS6yK57g3nXIEUUalq3hYDOqsvcRkFwAVTd9Fgg2h3fL2FT1Ffe
-U0xW0HBgWR/4hCURdLESHJDvEQdl7KNk3wtR0GVwnKEvm90Q3DOzGo5aimhDf55r
-uKQz
+MIIF1zCCBAqgAwIBAgIBATBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgFOMIGyMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UE
+CgwOd29sZlNTTF9SU0FQU1MxEjAQBgNVBAsMCUNBLVJTQVBTUzEYMBYGA1UEAwwP
+d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5
+MTQyMTI1MzBaMIG2MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4G
+A1UEBwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsM
+DVNlcnZlci1SU0FQU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZT
+U0wwggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIBigKCAYEAvoR402t9sq5RiGhqM/H5
+xRpvl3GUIvTC8EmIK6RNFW/bzNTGb3Wm4iIGr5EmTqAtlxeVC0AadSObseDXXcwN
+Xwmeybc9+OViuzR1mQzm2n2VQO5fJ3b5ytYNHqcGn8V1V5ZEuXP03qqpr75LmPNs
+yNrZoiY1IUDnZ0vi2cRPuJZUF1nYyq+xVke+FVsF0ynM7CuZ+hMaKtBh0UHCJ13Z
+p/IpKOv75YnFAYOIHdxwGo8vO+U06Fvv7XZfilHqLZLC5oZtapKTw20ExZVoB/6a
+Mtk4yAbrM5K5C84uw2tqokFqzgnnSpCoL1kOdtxPuIbQS5XmG+TGWSbvHABOzvvP
+YwV+ptQJOf7TeUnyamoaF8sTpT3Z+rCkXxjo5VxLONXYuHY1oAvhmLlYw4jl+Erm
+0ISjXk2FydZ/nZ81KGZWBCXMG0z348s5vuBfqJO9oQvNY+AWB69AC8tuP4EMzYC/
+E/GSV6FIF9IpsFqi1UKEyGwJMcYFkt2j91bt518piOtLAgMBAAGjgYkwgYYwHQYD
+VR0OBBYEFMjx6R5gAcgjzNeYs7tlejLES5M5MB8GA1UdIwQYMBaAFPhCzIjJyBj5
+07AkZQZM/1Wrvw5/MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDBCBgkqhkiG9w0BAQow
+NaAPMA0GCWCGSAFlAwQCAgUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUA
+ogQCAgFOA4IBgQCUJlGlH96DZQh0u+jYT3moKhhIws1Tv0YnET3sZTVHQvGFlNra
+6yPkeFR4gOGoexcisuqLTQWMnhYwYpIJxU9G0MJL8C55oyPujGd+ew85185STOrY
+HgpXBrGtx7AZkM9saFR4a7fuXL8BbKIVGW9fpIHOZv9T92jhXOGNvX5aAlZIHL9S
+CCFqyT+ZxtO+uGYb20sW2PJ7lb4bYgekrAHAoBkrS/jK2GCVemX9HDutcW+hEQcu
+g3hgVb4SbtKY8L+HUReQk/csjv8mwaKIjUeeb7Bi7t500wK4gXsujJk9v0OSyzAz
+7FJmR5k3SmV1h/WfvTh39lKleOOAMCA1qa9KdcWBR206mpYTcy8TjSPFDQZaVVl+
+49VyfC44hpLcWtwZxN7N4qknwkQBAvLfl08iR0ky6TekgokdV/HHSh52U3Hs3KYZ
+5tgv9XNYnuRmIGqIl4ikSRkW+cjaYYRmx2Fu6e7wnyL6hpiMKnIuyP/MmJVoJM0I
+rUfr60eWafuvHNI=
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/server-3072-rsapss.der b/certs/rsapss/server-3072-rsapss.der
index 5df8b41be..fc4130c0c 100644
Binary files a/certs/rsapss/server-3072-rsapss.der and b/certs/rsapss/server-3072-rsapss.der differ
diff --git a/certs/rsapss/server-3072-rsapss.pem b/certs/rsapss/server-3072-rsapss.pem
index d3d85baeb..19c4bf0f0 100644
--- a/certs/rsapss/server-3072-rsapss.pem
+++ b/certs/rsapss/server-3072-rsapss.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:be:84:78:d3:6b:7d:b2:ae:51:88:68:6a:33:f1:
                     f9:c5:1a:6f:97:71:94:22:f4:c2:f0:49:88:2b:a4:
@@ -48,8 +48,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 C8:F1:E9:1E:60:01:C8:23:CC:D7:98:B3:BB:65:7A:32:C4:4B:93:39
             X509v3 Authority Key Identifier: 
-                keyid:F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
-
+                F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -58,85 +57,85 @@ Certificate:
                 TLS Web Server Authentication
             Netscape Cert Type: 
                 SSL Server
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
-
-         a1:de:92:ed:d2:4f:c8:85:21:4f:96:af:a2:74:a9:e7:3d:c7:
-         f5:84:8e:4c:6c:29:2b:ed:24:5e:60:ea:bb:43:c0:7f:b3:5d:
-         e5:d9:44:34:b3:d0:e1:d2:04:c1:f4:88:e3:7a:c8:a5:cb:85:
-         3e:27:52:d9:f4:c2:9e:45:35:e8:2b:ca:2d:c3:d4:30:53:c5:
-         c1:f4:9c:d1:98:bf:80:c2:91:88:da:37:f5:ed:6f:5f:73:83:
-         e7:3c:94:c9:b8:fe:e5:aa:0b:18:f4:69:92:a9:38:58:42:6a:
-         8b:2e:c0:37:aa:3e:50:8e:e9:93:26:ba:cd:28:da:79:fb:cf:
-         4d:8f:03:b8:e3:bd:5f:d2:c6:ad:42:66:9f:4d:51:fc:16:1a:
-         e9:80:45:45:c5:fe:e2:1e:15:08:5f:e8:dc:2d:03:e9:08:03:
-         ae:1a:dd:a0:3b:b9:65:98:c3:01:4a:4b:4f:ad:3d:20:cd:d0:
-         60:b8:7a:7b:26:4d:cb:ff:b4:f0:d2:9b:cf:ce:8e:d3:32:14:
-         23:a2:52:c8:20:fc:9c:23:21:13:e9:eb:2e:c0:1b:18:e8:09:
-         ac:e9:c9:2e:5e:63:6f:c4:60:b5:2c:61:12:25:a0:72:fe:ed:
-         7d:74:62:b5:2e:7a:91:83:96:64:ff:c2:ef:6f:8c:a8:7e:22:
-         d8:79:d1:16:d9:96:87:9e:9e:c4:34:71:cd:0c:ec:ac:e1:60:
-         44:29:b3:72:94:46:ea:08:82:c2:fa:05:55:c7:e5:16:5f:3b:
-         16:02:34:3c:ca:44:f8:a4:ba:c8:ae:7b:83:79:d7:20:45:14:
-         6a:5a:b7:85:80:ce:aa:cb:dc:46:41:70:01:54:dd:f4:58:20:
-         da:1d:df:2f:61:53:d4:57:de:53:4c:56:d0:70:60:59:1f:f8:
-         84:25:11:74:b1:12:1c:90:ef:11:07:65:ec:a3:64:df:0b:51:
-         d0:65:70:9c:a1:2f:9b:dd:10:dc:33:b3:1a:8e:5a:8a:68:43:
-         7f:9e:6b:b8:a4:33
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
+        94:26:51:a5:1f:de:83:65:08:74:bb:e8:d8:4f:79:a8:2a:18:
+        48:c2:cd:53:bf:46:27:11:3d:ec:65:35:47:42:f1:85:94:da:
+        da:eb:23:e4:78:54:78:80:e1:a8:7b:17:22:b2:ea:8b:4d:05:
+        8c:9e:16:30:62:92:09:c5:4f:46:d0:c2:4b:f0:2e:79:a3:23:
+        ee:8c:67:7e:7b:0f:39:d7:ce:52:4c:ea:d8:1e:0a:57:06:b1:
+        ad:c7:b0:19:90:cf:6c:68:54:78:6b:b7:ee:5c:bf:01:6c:a2:
+        15:19:6f:5f:a4:81:ce:66:ff:53:f7:68:e1:5c:e1:8d:bd:7e:
+        5a:02:56:48:1c:bf:52:08:21:6a:c9:3f:99:c6:d3:be:b8:66:
+        1b:db:4b:16:d8:f2:7b:95:be:1b:62:07:a4:ac:01:c0:a0:19:
+        2b:4b:f8:ca:d8:60:95:7a:65:fd:1c:3b:ad:71:6f:a1:11:07:
+        2e:83:78:60:55:be:12:6e:d2:98:f0:bf:87:51:17:90:93:f7:
+        2c:8e:ff:26:c1:a2:88:8d:47:9e:6f:b0:62:ee:de:74:d3:02:
+        b8:81:7b:2e:8c:99:3d:bf:43:92:cb:30:33:ec:52:66:47:99:
+        37:4a:65:75:87:f5:9f:bd:38:77:f6:52:a5:78:e3:80:30:20:
+        35:a9:af:4a:75:c5:81:47:6d:3a:9a:96:13:73:2f:13:8d:23:
+        c5:0d:06:5a:55:59:7e:e3:d5:72:7c:2e:38:86:92:dc:5a:dc:
+        19:c4:de:cd:e2:a9:27:c2:44:01:02:f2:df:97:4f:22:47:49:
+        32:e9:37:a4:82:89:1d:57:f1:c7:4a:1e:76:53:71:ec:dc:a6:
+        19:e6:d8:2f:f5:73:58:9e:e4:66:20:6a:88:97:88:a4:49:19:
+        16:f9:c8:da:61:84:66:c7:61:6e:e9:ee:f0:9f:22:fa:86:98:
+        8c:2a:72:2e:c8:ff:cc:98:95:68:24:cd:08:ad:47:eb:eb:47:
+        96:69:fb:af:1c:d2
 -----BEGIN CERTIFICATE-----
-MIIFzzCCBAagAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgbIxCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
-b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
-BgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIy
-MTkyOVowgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH
-DAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNU2Vy
-dmVyLVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
-AQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCC
-AaAwCwYJKoZIhvcNAQEKA4IBjwAwggGKAoIBgQC+hHjTa32yrlGIaGoz8fnFGm+X
-cZQi9MLwSYgrpE0Vb9vM1MZvdabiIgavkSZOoC2XF5ULQBp1I5ux4NddzA1fCZ7J
-tz345WK7NHWZDObafZVA7l8ndvnK1g0epwafxXVXlkS5c/TeqqmvvkuY82zI2tmi
-JjUhQOdnS+LZxE+4llQXWdjKr7FWR74VWwXTKczsK5n6Exoq0GHRQcInXdmn8iko
-6/vlicUBg4gd3HAajy875TToW+/tdl+KUeotksLmhm1qkpPDbQTFlWgH/poy2TjI
-BuszkrkLzi7Da2qiQWrOCedKkKgvWQ523E+4htBLleYb5MZZJu8cAE7O+89jBX6m
-1Ak5/tN5SfJqahoXyxOlPdn6sKRfGOjlXEs41di4djWgC+GYuVjDiOX4SubQhKNe
-TYXJ1n+dnzUoZlYEJcwbTPfjyzm+4F+ok72hC81j4BYHr0ALy24/gQzNgL8T8ZJX
-oUgX0imwWqLVQoTIbAkxxgWS3aP3Vu3nXymI60sCAwEAAaOBiTCBhjAdBgNVHQ4E
-FgQUyPHpHmAByCPM15izu2V6MsRLkzkwHwYDVR0jBBgwFoAU+ELMiMnIGPnTsCRl
-Bkz/Vau/Dn8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAww
-CgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMD4GCSqGSIb3DQEBCjAxoA0w
-CwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIBTgOC
-AYEAod6S7dJPyIUhT5avonSp5z3H9YSOTGwpK+0kXmDqu0PAf7Nd5dlENLPQ4dIE
-wfSI43rIpcuFPidS2fTCnkU16CvKLcPUMFPFwfSc0Zi/gMKRiNo39e1vX3OD5zyU
-ybj+5aoLGPRpkqk4WEJqiy7AN6o+UI7pkya6zSjaefvPTY8DuOO9X9LGrUJmn01R
-/BYa6YBFRcX+4h4VCF/o3C0D6QgDrhrdoDu5ZZjDAUpLT609IM3QYLh6eyZNy/+0
-8NKbz86O0zIUI6JSyCD8nCMhE+nrLsAbGOgJrOnJLl5jb8RgtSxhEiWgcv7tfXRi
-tS56kYOWZP/C72+MqH4i2HnRFtmWh56exDRxzQzsrOFgRCmzcpRG6giCwvoFVcfl
-Fl87FgI0PMpE+KS6yK57g3nXIEUUalq3hYDOqsvcRkFwAVTd9Fgg2h3fL2FT1Ffe
-U0xW0HBgWR/4hCURdLESHJDvEQdl7KNk3wtR0GVwnKEvm90Q3DOzGo5aimhDf55r
-uKQz
+MIIF1zCCBAqgAwIBAgIBATBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgFOMIGyMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UE
+CgwOd29sZlNTTF9SU0FQU1MxEjAQBgNVBAsMCUNBLVJTQVBTUzEYMBYGA1UEAwwP
+d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5
+MTQyMTI1MzBaMIG2MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4G
+A1UEBwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsM
+DVNlcnZlci1SU0FQU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZT
+U0wwggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIBigKCAYEAvoR402t9sq5RiGhqM/H5
+xRpvl3GUIvTC8EmIK6RNFW/bzNTGb3Wm4iIGr5EmTqAtlxeVC0AadSObseDXXcwN
+Xwmeybc9+OViuzR1mQzm2n2VQO5fJ3b5ytYNHqcGn8V1V5ZEuXP03qqpr75LmPNs
+yNrZoiY1IUDnZ0vi2cRPuJZUF1nYyq+xVke+FVsF0ynM7CuZ+hMaKtBh0UHCJ13Z
+p/IpKOv75YnFAYOIHdxwGo8vO+U06Fvv7XZfilHqLZLC5oZtapKTw20ExZVoB/6a
+Mtk4yAbrM5K5C84uw2tqokFqzgnnSpCoL1kOdtxPuIbQS5XmG+TGWSbvHABOzvvP
+YwV+ptQJOf7TeUnyamoaF8sTpT3Z+rCkXxjo5VxLONXYuHY1oAvhmLlYw4jl+Erm
+0ISjXk2FydZ/nZ81KGZWBCXMG0z348s5vuBfqJO9oQvNY+AWB69AC8tuP4EMzYC/
+E/GSV6FIF9IpsFqi1UKEyGwJMcYFkt2j91bt518piOtLAgMBAAGjgYkwgYYwHQYD
+VR0OBBYEFMjx6R5gAcgjzNeYs7tlejLES5M5MB8GA1UdIwQYMBaAFPhCzIjJyBj5
+07AkZQZM/1Wrvw5/MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDBCBgkqhkiG9w0BAQow
+NaAPMA0GCWCGSAFlAwQCAgUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUA
+ogQCAgFOA4IBgQCUJlGlH96DZQh0u+jYT3moKhhIws1Tv0YnET3sZTVHQvGFlNra
+6yPkeFR4gOGoexcisuqLTQWMnhYwYpIJxU9G0MJL8C55oyPujGd+ew85185STOrY
+HgpXBrGtx7AZkM9saFR4a7fuXL8BbKIVGW9fpIHOZv9T92jhXOGNvX5aAlZIHL9S
+CCFqyT+ZxtO+uGYb20sW2PJ7lb4bYgekrAHAoBkrS/jK2GCVemX9HDutcW+hEQcu
+g3hgVb4SbtKY8L+HUReQk/csjv8mwaKIjUeeb7Bi7t500wK4gXsujJk9v0OSyzAz
+7FJmR5k3SmV1h/WfvTh39lKleOOAMCA1qa9KdcWBR206mpYTcy8TjSPFDQZaVVl+
+49VyfC44hpLcWtwZxN7N4qknwkQBAvLfl08iR0ky6TekgokdV/HHSh52U3Hs3KYZ
+5tgv9XNYnuRmIGqIl4ikSRkW+cjaYYRmx2Fu6e7wnyL6hpiMKnIuyP/MmJVoJM0I
+rUfr60eWafuvHNI=
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:c8:2a:40:c8:eb:ae:7c:18:33:cb:38:51:e6:b7:
                     7b:11:4f:cd:ea:35:87:64:d9:b2:ca:cf:4b:21:c4:
@@ -170,69 +169,68 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
             X509v3 Authority Key Identifier: 
-                keyid:AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
-
+                AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha384
-         Mask Algorithm: mgf1 with sha384
-          Salt Length: 0x014E
-         Trailer Field: 0xBC (default)
-
-         1f:c0:ae:b2:47:af:ec:86:67:3a:b6:8f:44:65:4a:af:29:fc:
-         17:92:a4:8f:03:6a:76:63:8d:65:4a:f6:52:23:a2:08:46:17:
-         c6:2c:87:76:2b:05:21:c1:70:2d:4d:65:ef:de:af:87:21:7e:
-         88:98:45:8b:06:8f:f8:56:4f:6a:29:f3:f4:72:5d:c3:f4:5a:
-         ee:6c:52:dc:40:72:4a:1a:4c:3b:84:b0:5a:64:cc:3a:62:c3:
-         d3:56:a9:e3:fd:4e:a2:3b:57:22:b7:f9:71:f7:5c:80:aa:4c:
-         26:ef:d5:10:e5:d9:ae:89:ff:90:82:2e:0a:ad:1c:da:a6:9c:
-         99:44:d5:fc:a0:3c:42:ad:e7:dd:8a:d0:c7:b8:d0:83:bb:4b:
-         00:e2:50:e5:81:6f:03:b8:bc:4d:d2:86:4d:8a:33:79:ca:e8:
-         a0:df:70:c1:3a:c3:55:05:f0:ac:d8:ab:55:0b:cf:44:60:b4:
-         af:03:f4:88:d9:49:81:7c:78:6a:af:5f:cd:28:e2:e1:37:f3:
-         28:b8:0e:05:5d:72:b3:b5:5b:f4:72:52:a3:7e:99:99:23:95:
-         26:17:cb:9c:66:83:21:d6:ac:f8:c8:b2:49:22:dc:32:9b:f2:
-         fc:5d:f7:fe:c0:a6:81:62:1c:43:25:2a:d3:66:37:76:db:15:
-         31:c4:6b:df:e8:70:a9:f9:96:8c:ec:94:d1:b2:fb:73:03:1b:
-         5d:7f:2b:1b:ab:47:72:ea:1b:9d:2d:43:d4:90:df:ca:c5:98:
-         9a:a2:01:6a:d3:55:1c:ad:d1:37:46:93:fe:e8:56:8c:6a:1c:
-         45:bf:cb:12:d1:aa:1c:98:08:af:f7:67:ed:41:65:3b:98:d0:
-         42:29:b0:68:ab:94:52:6e:72:e2:f4:df:8a:68:b5:1b:6d:3f:
-         35:d5:01:b8:60:eb:fe:f2:e9:33:90:db:59:5a:c4:d6:52:c6:
-         c7:1b:a8:a1:ef:64:db:96:ac:ce:fc:8d:e2:ac:75:f4:0d:bc:
-         49:36:8a:12:36:83
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha384
+        Mask Algorithm: mgf1 with sha384
+         Salt Length: 0x014E
+        Trailer Field: 0x01 (default)
+        7e:3f:73:07:e2:0f:7e:e8:7c:7f:81:03:e7:e2:78:c2:f8:45:
+        27:e6:42:5a:21:35:26:17:31:aa:9e:65:05:84:47:46:cb:bd:
+        c0:30:32:a0:06:f1:a1:a7:68:89:0f:e7:a0:83:31:8f:d9:b4:
+        ad:2d:1e:82:e6:ba:bc:0c:a8:98:a6:75:97:8e:b1:bc:33:77:
+        f5:9c:f6:0b:39:f8:6f:d9:bb:35:75:80:e9:22:a4:75:cb:1a:
+        24:55:f7:96:bf:73:d2:6b:93:87:a7:c1:3c:97:75:ef:6a:9e:
+        51:12:43:60:fe:6c:46:01:ab:5a:a2:72:b5:cf:a9:47:8b:3c:
+        9d:d2:5b:c7:e1:f4:25:94:c4:3d:a3:62:10:0d:19:4e:72:66:
+        85:1e:7b:24:a6:93:46:be:5e:a6:f4:c9:52:4d:dd:2d:d4:15:
+        ef:f7:cb:75:90:2b:ba:6f:7d:84:90:26:f6:5a:92:e9:d0:b0:
+        c6:05:2e:10:d5:b5:12:da:cb:92:ed:6f:12:27:3a:cd:08:94:
+        f0:52:9b:08:52:47:77:e2:de:ce:51:20:6f:e7:b3:1a:21:ea:
+        2f:d5:8c:10:15:9c:e4:61:74:d4:c3:8f:4e:47:df:a2:3c:60:
+        da:61:60:a8:67:2b:40:30:4e:a3:5f:7b:f6:3d:7e:5f:0d:ce:
+        c8:2b:de:17:b0:dd:a9:9c:3d:b7:dc:7f:60:b9:4e:4a:24:cf:
+        75:b1:d3:ce:83:5e:6d:f3:28:78:fd:6e:3f:f5:69:50:08:57:
+        58:76:98:d6:86:ce:2d:42:0b:66:60:7f:fa:20:0d:4e:d6:0d:
+        ed:9a:2d:95:3e:d0:df:72:53:56:1e:d5:f5:60:ab:d9:eb:f1:
+        f3:76:9b:4f:04:13:5a:92:6c:af:93:23:cb:87:ec:ad:ef:f5:
+        e5:df:0c:e5:14:70:a9:ca:43:f9:aa:83:4f:bf:aa:de:21:75:
+        3f:70:6e:7b:fe:2e:ba:72:7e:3b:e2:88:70:b4:17:5a:bd:38:
+        f3:37:f0:f7:1d:99
 -----BEGIN CERTIFICATE-----
-MIIFjzCCA8agAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgZ0xCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93
-b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UEAwwP
+MIIFlzCCA8qgAwIBAgIBATBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgFOMIGdMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UE
+CgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxSb290LVJTQS1QU1MxGDAWBgNV
+BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
+LmNvbTAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGyMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UE
+CgwOd29sZlNTTF9SU0FQU1MxEjAQBgNVBAsMCUNBLVJTQVBTUzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
-MB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgbIxCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
-b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
-BgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoC
-ggGBAMgqQMjrrnwYM8s4Uea3exFPzeo1h2TZssrPSyHEhirHo28VPh7EmwOBSzpd
-U2IR4gjfl003PXhiUEAxKnBEGm1pSfx3uPJCCYaaXTnNhHsyijuwT7891AV+wKoo
-pc6xKDpZ2RkQOtQfkQcHc1CkK9gYHyL49GQ/E6DYYH5TTDuXcLw25b4xl0VV7aJb
-h7UbjmU9txUI0RIaquxOVjVwpz5QZfc+MJwy27Ike4cCKScSNa2OwwIiE8JuU0Xw
-FiGB5dW1kWCL11y7wnAG9lBBRTZ/QUSJtpcjvnbXfHJ/6vQZEBfD34/NlyAEyx0D
-awmP13uEfSLF4hDLzBGqofVmhQ41WozDiWEp0FxTLwlLkX7O4BLTzuvJUDw28Ka0
-+7XC3mGgrG+8fu9TCJ+xGK1b4wEj3hGlH33VtvRyHVN1ZozbYR7p6zzzSWmCtiBr
-KQOhvlXkTPglp6ij4z8yH66nKptrVt3JWrEaAaAT0o6aLNt+/VsOLu+Sac7y3u/Q
-LwkOZwIDAQABo2MwYTAdBgNVHQ4EFgQU+ELMiMnIGPnTsCRlBkz/Vau/Dn8wHwYD
-VR0jBBgwFoAUqnHTsYpLu0cVR1+b0Ctp0W+FXvYwDwYDVR0TAQH/BAUwAwEB/zAO
-BgNVHQ8BAf8EBAMCAYYwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAY
-BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgFOA4IBgQAfwK6yR6/shmc6to9E
-ZUqvKfwXkqSPA2p2Y41lSvZSI6IIRhfGLId2KwUhwXAtTWXv3q+HIX6ImEWLBo/4
-Vk9qKfP0cl3D9FrubFLcQHJKGkw7hLBaZMw6YsPTVqnj/U6iO1cit/lx91yAqkwm
-79UQ5dmuif+Qgi4KrRzappyZRNX8oDxCrefditDHuNCDu0sA4lDlgW8DuLxN0oZN
-ijN5yuig33DBOsNVBfCs2KtVC89EYLSvA/SI2UmBfHhqr1/NKOLhN/MouA4FXXKz
-tVv0clKjfpmZI5UmF8ucZoMh1qz4yLJJItwym/L8Xff+wKaBYhxDJSrTZjd22xUx
-xGvf6HCp+ZaM7JTRsvtzAxtdfysbq0dy6hudLUPUkN/KxZiaogFq01UcrdE3RpP+
-6FaMahxFv8sS0aocmAiv92ftQWU7mNBCKbBoq5RSbnLi9N+KaLUbbT811QG4YOv+
-8ukzkNtZWsTWUsbHG6ih72TblqzO/I3irHX0DbxJNooSNoM=
+MRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCCAaAwCwYJKoZIhvcNAQEKA4IBjwAw
+ggGKAoIBgQDIKkDI6658GDPLOFHmt3sRT83qNYdk2bLKz0shxIYqx6NvFT4exJsD
+gUs6XVNiEeII35dNNz14YlBAMSpwRBptaUn8d7jyQgmGml05zYR7Moo7sE+/PdQF
+fsCqKKXOsSg6WdkZEDrUH5EHB3NQpCvYGB8i+PRkPxOg2GB+U0w7l3C8NuW+MZdF
+Ve2iW4e1G45lPbcVCNESGqrsTlY1cKc+UGX3PjCcMtuyJHuHAiknEjWtjsMCIhPC
+blNF8BYhgeXVtZFgi9dcu8JwBvZQQUU2f0FEibaXI75213xyf+r0GRAXw9+PzZcg
+BMsdA2sJj9d7hH0ixeIQy8wRqqH1ZoUONVqMw4lhKdBcUy8JS5F+zuAS087ryVA8
+NvCmtPu1wt5hoKxvvH7vUwifsRitW+MBI94RpR991bb0ch1TdWaM22Ee6es880lp
+grYgaykDob5V5Ez4Jaeoo+M/Mh+upyqba1bdyVqxGgGgE9KOmizbfv1bDi7vkmnO
+8t7v0C8JDmcCAwEAAaNjMGEwHQYDVR0OBBYEFPhCzIjJyBj507AkZQZM/1Wrvw5/
+MB8GA1UdIwQYMBaAFKpx07GKS7tHFUdfm9AradFvhV72MA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgGGMEIGCSqGSIb3DQEBCjA1oA8wDQYJYIZIAWUDBAIC
+BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiBAICAU4DggGBAH4/cwfi
+D37ofH+BA+fieML4RSfmQlohNSYXMaqeZQWER0bLvcAwMqAG8aGnaIkP56CDMY/Z
+tK0tHoLmurwMqJimdZeOsbwzd/Wc9gs5+G/ZuzV1gOkipHXLGiRV95a/c9Jrk4en
+wTyXde9qnlESQ2D+bEYBq1qicrXPqUeLPJ3SW8fh9CWUxD2jYhANGU5yZoUeeySm
+k0a+Xqb0yVJN3S3UFe/3y3WQK7pvfYSQJvZakunQsMYFLhDVtRLay5LtbxInOs0I
+lPBSmwhSR3fi3s5RIG/nsxoh6i/VjBAVnORhdNTDj05H36I8YNphYKhnK0AwTqNf
+e/Y9fl8Nzsgr3hew3amcPbfcf2C5Tkokz3Wx086DXm3zKHj9bj/1aVAIV1h2mNaG
+zi1CC2Zgf/ogDU7WDe2aLZU+0N9yU1Ye1fVgq9nr8fN2m08EE1qSbK+TI8uH7K3v
+9eXfDOUUcKnKQ/mqg0+/qt4hdT9wbnv+LrpyfjviiHC0F1q9OPM38PcdmQ==
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/server-mix-rsapss-cert.pem b/certs/rsapss/server-mix-rsapss-cert.pem
index 10cf45f5b..a0be3bdee 100644
--- a/certs/rsapss/server-mix-rsapss-cert.pem
+++ b/certs/rsapss/server-mix-rsapss-cert.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0xDE
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0xDE
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-MIX-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -39,8 +39,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
             X509v3 Authority Key Identifier: 
-                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
-
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -49,52 +48,52 @@ Certificate:
                 TLS Web Server Authentication
             Netscape Cert Type: 
                 SSL Server
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0xDE
-         Trailer Field: 0xBC (default)
-
-         14:99:93:0c:53:6c:7e:43:6d:28:73:f0:11:fa:80:13:79:af:
-         2d:c2:64:71:1d:90:5d:b2:2e:1f:4c:bf:30:21:12:16:82:a4:
-         8d:90:e7:e3:3c:ee:3a:d1:50:ba:18:e0:d5:e7:cb:6b:87:ae:
-         24:e1:0b:7c:c7:83:28:98:56:dc:63:d7:6e:d1:f6:a9:92:3e:
-         d5:aa:83:f3:c4:fe:53:26:d0:b3:e8:f2:0b:34:bb:cb:5d:53:
-         28:36:b9:ab:b8:13:a2:b3:53:ac:ab:c7:41:92:f5:e4:c7:66:
-         c6:af:15:f9:c2:a5:9c:c3:07:81:c9:c0:41:2c:40:11:5b:86:
-         63:c0:6e:1d:c7:e4:3f:41:a4:8d:18:2c:da:1a:fa:d7:39:d3:
-         b6:8f:be:87:0f:2b:a1:90:6a:d7:ba:df:cf:97:20:05:7e:8c:
-         a7:f8:90:bf:ec:b6:a6:44:08:81:57:19:15:a9:a9:0f:1c:5c:
-         78:ab:b8:35:5b:b0:8c:7d:48:f5:21:38:e7:a2:51:27:fc:24:
-         ea:2f:9f:f7:19:62:e6:1f:cf:1c:5d:9c:e2:b5:e7:b2:4c:ac:
-         fc:64:fd:0e:bd:5d:3b:02:44:94:ec:5e:1c:24:d1:3d:37:3b:
-         eb:23:2f:7a:46:c6:45:4d:55:1e:50:d2:6f:c2:16:5b:78:a7:
-         06:e1:ee:36
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0xDE
+        Trailer Field: 0x01 (default)
+        49:c6:44:a2:7a:fb:dc:b0:ca:d1:9d:90:24:a1:04:f3:c1:fb:
+        5a:e4:b0:e8:48:d0:c2:87:b4:bd:43:9d:e0:4e:23:49:0f:33:
+        b7:0f:e5:3b:d1:14:9c:4c:00:ec:06:6d:c4:d9:24:36:fc:46:
+        4a:d3:91:a5:ff:e2:3b:a9:ff:9f:f4:cd:fb:e3:d7:33:4d:af:
+        fd:53:29:be:a5:fa:3b:3d:8d:66:c4:b8:71:ca:8a:4f:b9:10:
+        af:79:00:f4:f1:41:7a:c8:9d:e4:53:81:05:59:99:2f:2e:a0:
+        f4:b4:44:3f:92:76:d1:0d:8f:2b:75:ac:20:73:10:9f:83:d0:
+        b7:9a:43:e8:b0:39:08:c9:55:ab:3c:44:59:e0:a0:4b:5d:46:
+        e0:ff:cb:11:35:25:4b:fa:7d:a9:75:87:a4:05:39:a4:19:a9:
+        3c:2e:d3:68:5b:cf:e7:94:23:10:b9:c2:a9:0c:af:ab:00:d5:
+        f1:92:f2:b4:ad:3c:cf:fd:de:b9:8b:56:30:4c:40:95:c0:fd:
+        53:2c:c3:30:98:0c:21:e6:b0:56:ca:84:e0:ed:3c:47:60:e9:
+        21:75:01:11:b9:f5:0b:a0:24:6a:12:0c:bc:ed:94:b2:48:79:
+        e7:69:19:7d:b2:1f:03:7b:80:08:a3:f3:b0:f3:da:3f:58:82:
+        b9:fb:06:d4
 -----BEGIN CERTIFICATE-----
-MIIEtzCCA26gAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4wgZQxCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
-YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgboxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
-DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JT
-QVBTUzEaMBgGA1UECwwRU2VydmVyLU1JWC1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
-b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
-CgmSJomT8ixkAQEMB3dvbGZTU0wwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxR
-dfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobYlXParBtTuV8/1xkNJU/h
-Y2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNG
-M2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq8
-4dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwz
-ILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAGjgYkwgYYwHQYDVR0OBBYEFLMRMsmS
-mITiyfjQO24DQsofDo48MB8GA1UdIwQYMBaAFCeOZxF0wyYdP+0zY7Ok2B0w5ejV
-MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUF
-BwMBMBEGCWCGSAGG+EIBAQQEAwIGQDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFl
-AwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBABSZkwxT
-bH5DbShz8BH6gBN5ry3CZHEdkF2yLh9MvzAhEhaCpI2Q5+M87jrRULoY4NXny2uH
-riThC3zHgyiYVtxj127R9qmSPtWqg/PE/lMm0LPo8gs0u8tdUyg2uau4E6KzU6yr
-x0GS9eTHZsavFfnCpZzDB4HJwEEsQBFbhmPAbh3H5D9BpI0YLNoa+tc507aPvocP
-K6GQate638+XIAV+jKf4kL/stqZECIFXGRWpqQ8cXHiruDVbsIx9SPUhOOeiUSf8
-JOovn/cZYuYfzxxdnOK157JMrPxk/Q69XTsCRJTsXhwk0T03O+sjL3pGxkVNVR5Q
-0m/CFlt4pwbh7jY=
+MIIEvzCCA3KgAwIBAgIBATBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogQCAgDeMIGUMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UE
+CgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53
+b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0y
+NDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIG6MQswCQYDVQQGEwJVUzEQMA4G
+A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNT
+TF9SU0FQU1MxGjAYBgNVBAsMEVNlcnZlci1NSVgtUlNBUFNTMRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20x
+FzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7qGd/
+/lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZ
+DSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxA
+tGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQ
+oZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp
+2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4GJMIGGMB0GA1UdDgQWBBSz
+ETLJkpiE4sn40DtuA0LKHw6OPDAfBgNVHSMEGDAWgBQnjmcRdMMmHT/tM2OzpNgd
+MOXo1TAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggr
+BgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAwQgYJKoZIhvcNAQEKMDWgDzANBglg
+hkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA3gOC
+AQEAScZEonr73LDK0Z2QJKEE88H7WuSw6EjQwoe0vUOd4E4jSQ8ztw/lO9EUnEwA
+7AZtxNkkNvxGStORpf/iO6n/n/TN++PXM02v/VMpvqX6Oz2NZsS4ccqKT7kQr3kA
+9PFBesid5FOBBVmZLy6g9LREP5J20Q2PK3WsIHMQn4PQt5pD6LA5CMlVqzxEWeCg
+S11G4P/LETUlS/p9qXWHpAU5pBmpPC7TaFvP55QjELnCqQyvqwDV8ZLytK08z/3e
+uYtWMExAlcD9UyzDMJgMIeawVsqE4O08R2DpIXUBEbn1C6AkahIMvO2Uskh552kZ
+fbIfA3uACKPzsPPaP1iCufsG1A==
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/server-rsapss-cert.pem b/certs/rsapss/server-rsapss-cert.pem
index 2502ae951..6df55b26b 100644
--- a/certs/rsapss/server-rsapss-cert.pem
+++ b/certs/rsapss/server-rsapss-cert.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:f7:6c:e1:02:89:cc:9b:74:10:f3:ec:01:cb:
                     89:ce:ef:f6:29:62:fc:75:3f:6a:99:ba:d6:88:ec:
@@ -36,16 +36,15 @@ Certificate:
                     36:83
                 Exponent: 65537 (0x10001)
                 PSS parameter restrictions:
-                  Hash Algorithm: sha256
-                  Mask Algorithm: mgf1 with sha256
-                  Minimum Salt Length: 0x20
-                  Trailer Field: 0xBC (default)
+                  Hash Algorithm: SHA2-256
+                  Mask Algorithm: MGF1 with SHA2-256
+                  Minimum Salt Length: 32
+                  Trailer Field: 0x1 (default)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 2D:07:69:B0:A1:6F:9F:0C:FA:25:05:B2:CA:97:08:44:DF:0E:97:A8
             X509v3 Authority Key Identifier: 
-                keyid:9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
-
+                9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -54,53 +53,53 @@ Certificate:
                 TLS Web Server Authentication
             Netscape Cert Type: 
                 SSL Server
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         44:ba:5d:7a:83:e4:65:ff:23:b8:4b:7c:9f:ab:2e:f7:dc:59:
-         7e:6b:40:67:54:09:42:9f:41:1d:a1:7e:a8:f9:47:48:c1:00:
-         63:cc:92:06:2c:3c:eb:f4:83:32:c2:2e:d1:78:f3:1e:52:60:
-         32:26:8e:b3:b3:62:3d:ba:2b:8d:74:ef:01:5c:cc:1b:7c:ac:
-         40:64:07:79:eb:f9:36:26:0e:e9:a8:55:5d:e5:10:87:17:0d:
-         69:63:34:4b:5b:09:c8:54:dd:43:1c:1a:62:bb:ac:00:eb:3f:
-         a8:fe:b3:b6:e0:8b:9e:1c:a5:f4:09:8a:f0:7b:2f:da:13:92:
-         af:ad:c0:f0:c5:16:18:30:53:a6:5d:b9:1f:97:4b:a6:ac:4c:
-         80:dc:01:28:d9:9f:45:73:bd:6c:30:d1:c7:73:33:c5:cc:df:
-         56:f4:72:04:00:78:dd:5f:d8:92:bb:87:e9:15:01:e3:f0:6e:
-         bb:aa:3e:85:f9:68:22:7a:1e:d3:4c:43:bf:01:ee:0a:aa:9c:
-         73:0b:38:d4:77:cf:b7:11:ca:5c:aa:e6:e6:25:9d:bf:41:8d:
-         79:37:0c:fa:53:41:c5:86:cf:10:29:9d:7a:7c:96:c5:e5:6c:
-         57:7b:89:e6:14:84:5b:54:22:c4:5c:81:a0:bf:a4:fc:76:71:
-         97:34:62:7d
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        c0:99:45:55:6f:8f:18:b8:48:c3:72:57:5a:af:06:55:a4:44:
+        de:d1:01:2c:43:c8:1b:96:e2:d5:f4:91:4c:1c:a2:45:9f:69:
+        4a:27:3c:cb:0b:c7:02:29:3e:53:b7:0f:81:6c:38:e8:b0:54:
+        d1:25:eb:73:88:31:36:01:46:5b:94:f7:75:bc:57:a9:f9:ea:
+        c7:de:88:d4:97:f9:de:11:53:75:40:0f:5b:bd:b0:9b:94:2a:
+        c2:a9:aa:19:2e:f0:1b:1d:1e:96:4f:ac:33:5a:c9:44:af:46:
+        8b:33:6e:83:79:00:1f:2c:09:bc:59:67:c2:6c:25:d4:24:fe:
+        5f:89:41:9b:b1:35:0a:4b:b9:8c:80:81:d8:a8:1c:95:e0:59:
+        53:2c:18:53:83:a8:3c:9a:28:24:82:3b:f8:75:2b:07:0e:cb:
+        69:3a:53:89:eb:48:54:8e:08:b9:a1:4d:ad:36:ba:d4:6c:7c:
+        7f:87:c6:86:86:6e:fc:73:3f:33:0d:9f:c0:ee:83:60:08:cf:
+        5e:e7:31:08:ed:eb:c9:69:84:fa:34:64:7f:7d:1c:f7:39:6d:
+        cf:32:e8:f9:06:ed:2f:7b:31:16:f5:51:7d:ad:09:7e:bf:e9:
+        f6:ba:ae:83:a7:0c:60:30:ca:4d:38:3b:50:f6:81:d1:1a:49:
+        98:73:68:98
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA7egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBsjELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
-bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
-b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
-CgmSJomT8ixkAQEMB3dvbGZTU0wwHhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIx
-OTI4WjCBtjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
-B0JvemVtYW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1TZXJ2
-ZXItUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
-CQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIB
-UjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL
-BglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEA1/ds4QKJzJt0EPPsAcuJzu/2
-KWL8dT9qmbrWiOyusyAzRNIG15khu/NAzjCw4ZBMW1h1VB2i3bxjAUhDOyJ6eCpl
-W9gRX5t72yEcvPSlrT7WB0HaBB/qeOxX81P9SSteDjQCO14+X9xj2tRoJhphySXX
-Uxbn+8ClLVk2e+nHQsubFYH91A/Ft8ZJwEV36lusyh6lnMGGG/Ke7Wag0Tu2bwJU
-aTANulUBGMBffbLupr2JhPzoNuS707Se3bOmgDISNzCOColUxetLHIUCK/gmY8Qj
-+Fk1GA4oz10HSdjMYE07+yck8NZGD8VbFqWUimkaNGLN4DIyVbkWZVARi142gwID
-AQABo4GJMIGGMB0GA1UdDgQWBBQtB2mwoW+fDPolBbLKlwhE3w6XqDAfBgNVHSME
-GDAWgBSeDODT37ZL8xljXMpsk4aiFFORMTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
-/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAw
-PQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJ
-YIZIAWUDBAIBogMCASADggEBAES6XXqD5GX/I7hLfJ+rLvfcWX5rQGdUCUKfQR2h
-fqj5R0jBAGPMkgYsPOv0gzLCLtF48x5SYDImjrOzYj26K4107wFczBt8rEBkB3nr
-+TYmDumoVV3lEIcXDWljNEtbCchU3UMcGmK7rADrP6j+s7bgi54cpfQJivB7L9oT
-kq+twPDFFhgwU6ZduR+XS6asTIDcASjZn0VzvWww0cdzM8XM31b0cgQAeN1f2JK7
-h+kVAePwbruqPoX5aCJ6HtNMQ78B7gqqnHMLONR3z7cRylyq5uYlnb9BjXk3DPpT
-QcWGzxApnXp8lsXlbFd7ieYUhFtUIsRcgaC/pPx2cZc0Yn0=
+MIIFCzCCA7+gAwIBAgIBATBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwgbIxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQK
+DA53b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20x
+FzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkx
+NDIxMjUzMFowgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYD
+VQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwN
+U2VydmVyLVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNT
+TDCCAVYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3
+DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBDwAwggEKAoIBAQDX92zhAonMm3QQ
+8+wBy4nO7/YpYvx1P2qZutaI7K6zIDNE0gbXmSG780DOMLDhkExbWHVUHaLdvGMB
+SEM7Inp4KmVb2BFfm3vbIRy89KWtPtYHQdoEH+p47FfzU/1JK14ONAI7Xj5f3GPa
+1GgmGmHJJddTFuf7wKUtWTZ76cdCy5sVgf3UD8W3xknARXfqW6zKHqWcwYYb8p7t
+ZqDRO7ZvAlRpMA26VQEYwF99su6mvYmE/Og25LvTtJ7ds6aAMhI3MI4KiVTF60sc
+hQIr+CZjxCP4WTUYDijPXQdJ2MxgTTv7JyTw1kYPxVsWpZSKaRo0Ys3gMjJVuRZl
+UBGLXjaDAgMBAAGjgYkwgYYwHQYDVR0OBBYEFC0HabChb58M+iUFssqXCETfDpeo
+MB8GA1UdIwQYMBaAFJ4M4NPftkvzGWNcymyThqIUU5ExMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIB
+AQQEAwIGQDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZI
+hvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAMCZRVVvjxi4SMNyV1qvBlWk
+RN7RASxDyBuW4tX0kUwcokWfaUonPMsLxwIpPlO3D4FsOOiwVNEl63OIMTYBRluU
+93W8V6n56sfeiNSX+d4RU3VAD1u9sJuUKsKpqhku8BsdHpZPrDNayUSvRoszboN5
+AB8sCbxZZ8JsJdQk/l+JQZuxNQpLuYyAgdioHJXgWVMsGFODqDyaKCSCO/h1KwcO
+y2k6U4nrSFSOCLmhTa02utRsfH+HxoaGbvxzPzMNn8Dug2AIz17nMQjt68lphPo0
+ZH99HPc5bc8y6PkG7S97MRb1UX2tCX6/6fa6roOnDGAwyk04O1D2gdEaSZhzaJg=
 -----END CERTIFICATE-----
diff --git a/certs/rsapss/server-rsapss.der b/certs/rsapss/server-rsapss.der
index 1015ec6b7..ba03ede10 100644
Binary files a/certs/rsapss/server-rsapss.der and b/certs/rsapss/server-rsapss.der differ
diff --git a/certs/rsapss/server-rsapss.pem b/certs/rsapss/server-rsapss.pem
index 77c7f0fd9..3fbebae08 100644
--- a/certs/rsapss/server-rsapss.pem
+++ b/certs/rsapss/server-rsapss.pem
@@ -2,19 +2,19 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:f7:6c:e1:02:89:cc:9b:74:10:f3:ec:01:cb:
                     89:ce:ef:f6:29:62:fc:75:3f:6a:99:ba:d6:88:ec:
@@ -36,16 +36,15 @@ Certificate:
                     36:83
                 Exponent: 65537 (0x10001)
                 PSS parameter restrictions:
-                  Hash Algorithm: sha256
-                  Mask Algorithm: mgf1 with sha256
-                  Minimum Salt Length: 0x20
-                  Trailer Field: 0xBC (default)
+                  Hash Algorithm: SHA2-256
+                  Mask Algorithm: MGF1 with SHA2-256
+                  Minimum Salt Length: 32
+                  Trailer Field: 0x1 (default)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 2D:07:69:B0:A1:6F:9F:0C:FA:25:05:B2:CA:97:08:44:DF:0E:97:A8
             X509v3 Authority Key Identifier: 
-                keyid:9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
-
+                9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -54,73 +53,73 @@ Certificate:
                 TLS Web Server Authentication
             Netscape Cert Type: 
                 SSL Server
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         44:ba:5d:7a:83:e4:65:ff:23:b8:4b:7c:9f:ab:2e:f7:dc:59:
-         7e:6b:40:67:54:09:42:9f:41:1d:a1:7e:a8:f9:47:48:c1:00:
-         63:cc:92:06:2c:3c:eb:f4:83:32:c2:2e:d1:78:f3:1e:52:60:
-         32:26:8e:b3:b3:62:3d:ba:2b:8d:74:ef:01:5c:cc:1b:7c:ac:
-         40:64:07:79:eb:f9:36:26:0e:e9:a8:55:5d:e5:10:87:17:0d:
-         69:63:34:4b:5b:09:c8:54:dd:43:1c:1a:62:bb:ac:00:eb:3f:
-         a8:fe:b3:b6:e0:8b:9e:1c:a5:f4:09:8a:f0:7b:2f:da:13:92:
-         af:ad:c0:f0:c5:16:18:30:53:a6:5d:b9:1f:97:4b:a6:ac:4c:
-         80:dc:01:28:d9:9f:45:73:bd:6c:30:d1:c7:73:33:c5:cc:df:
-         56:f4:72:04:00:78:dd:5f:d8:92:bb:87:e9:15:01:e3:f0:6e:
-         bb:aa:3e:85:f9:68:22:7a:1e:d3:4c:43:bf:01:ee:0a:aa:9c:
-         73:0b:38:d4:77:cf:b7:11:ca:5c:aa:e6:e6:25:9d:bf:41:8d:
-         79:37:0c:fa:53:41:c5:86:cf:10:29:9d:7a:7c:96:c5:e5:6c:
-         57:7b:89:e6:14:84:5b:54:22:c4:5c:81:a0:bf:a4:fc:76:71:
-         97:34:62:7d
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        c0:99:45:55:6f:8f:18:b8:48:c3:72:57:5a:af:06:55:a4:44:
+        de:d1:01:2c:43:c8:1b:96:e2:d5:f4:91:4c:1c:a2:45:9f:69:
+        4a:27:3c:cb:0b:c7:02:29:3e:53:b7:0f:81:6c:38:e8:b0:54:
+        d1:25:eb:73:88:31:36:01:46:5b:94:f7:75:bc:57:a9:f9:ea:
+        c7:de:88:d4:97:f9:de:11:53:75:40:0f:5b:bd:b0:9b:94:2a:
+        c2:a9:aa:19:2e:f0:1b:1d:1e:96:4f:ac:33:5a:c9:44:af:46:
+        8b:33:6e:83:79:00:1f:2c:09:bc:59:67:c2:6c:25:d4:24:fe:
+        5f:89:41:9b:b1:35:0a:4b:b9:8c:80:81:d8:a8:1c:95:e0:59:
+        53:2c:18:53:83:a8:3c:9a:28:24:82:3b:f8:75:2b:07:0e:cb:
+        69:3a:53:89:eb:48:54:8e:08:b9:a1:4d:ad:36:ba:d4:6c:7c:
+        7f:87:c6:86:86:6e:fc:73:3f:33:0d:9f:c0:ee:83:60:08:cf:
+        5e:e7:31:08:ed:eb:c9:69:84:fa:34:64:7f:7d:1c:f7:39:6d:
+        cf:32:e8:f9:06:ed:2f:7b:31:16:f5:51:7d:ad:09:7e:bf:e9:
+        f6:ba:ae:83:a7:0c:60:30:ca:4d:38:3b:50:f6:81:d1:1a:49:
+        98:73:68:98
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA7egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBsjELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
-bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
-b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
-CgmSJomT8ixkAQEMB3dvbGZTU0wwHhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIx
-OTI4WjCBtjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
-B0JvemVtYW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1TZXJ2
-ZXItUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
-CQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIB
-UjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL
-BglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEA1/ds4QKJzJt0EPPsAcuJzu/2
-KWL8dT9qmbrWiOyusyAzRNIG15khu/NAzjCw4ZBMW1h1VB2i3bxjAUhDOyJ6eCpl
-W9gRX5t72yEcvPSlrT7WB0HaBB/qeOxX81P9SSteDjQCO14+X9xj2tRoJhphySXX
-Uxbn+8ClLVk2e+nHQsubFYH91A/Ft8ZJwEV36lusyh6lnMGGG/Ke7Wag0Tu2bwJU
-aTANulUBGMBffbLupr2JhPzoNuS707Se3bOmgDISNzCOColUxetLHIUCK/gmY8Qj
-+Fk1GA4oz10HSdjMYE07+yck8NZGD8VbFqWUimkaNGLN4DIyVbkWZVARi142gwID
-AQABo4GJMIGGMB0GA1UdDgQWBBQtB2mwoW+fDPolBbLKlwhE3w6XqDAfBgNVHSME
-GDAWgBSeDODT37ZL8xljXMpsk4aiFFORMTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
-/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAw
-PQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJ
-YIZIAWUDBAIBogMCASADggEBAES6XXqD5GX/I7hLfJ+rLvfcWX5rQGdUCUKfQR2h
-fqj5R0jBAGPMkgYsPOv0gzLCLtF48x5SYDImjrOzYj26K4107wFczBt8rEBkB3nr
-+TYmDumoVV3lEIcXDWljNEtbCchU3UMcGmK7rADrP6j+s7bgi54cpfQJivB7L9oT
-kq+twPDFFhgwU6ZduR+XS6asTIDcASjZn0VzvWww0cdzM8XM31b0cgQAeN1f2JK7
-h+kVAePwbruqPoX5aCJ6HtNMQ78B7gqqnHMLONR3z7cRylyq5uYlnb9BjXk3DPpT
-QcWGzxApnXp8lsXlbFd7ieYUhFtUIsRcgaC/pPx2cZc0Yn0=
+MIIFCzCCA7+gAwIBAgIBATBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwgbIxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQK
+DA53b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20x
+FzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkx
+NDIxMjUzMFowgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYD
+VQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwN
+U2VydmVyLVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNT
+TDCCAVYwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3
+DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBDwAwggEKAoIBAQDX92zhAonMm3QQ
+8+wBy4nO7/YpYvx1P2qZutaI7K6zIDNE0gbXmSG780DOMLDhkExbWHVUHaLdvGMB
+SEM7Inp4KmVb2BFfm3vbIRy89KWtPtYHQdoEH+p47FfzU/1JK14ONAI7Xj5f3GPa
+1GgmGmHJJddTFuf7wKUtWTZ76cdCy5sVgf3UD8W3xknARXfqW6zKHqWcwYYb8p7t
+ZqDRO7ZvAlRpMA26VQEYwF99su6mvYmE/Og25LvTtJ7ds6aAMhI3MI4KiVTF60sc
+hQIr+CZjxCP4WTUYDijPXQdJ2MxgTTv7JyTw1kYPxVsWpZSKaRo0Ys3gMjJVuRZl
+UBGLXjaDAgMBAAGjgYkwgYYwHQYDVR0OBBYEFC0HabChb58M+iUFssqXCETfDpeo
+MB8GA1UdIwQYMBaAFJ4M4NPftkvzGWNcymyThqIUU5ExMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIB
+AQQEAwIGQDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZI
+hvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAMCZRVVvjxi4SMNyV1qvBlWk
+RN7RASxDyBuW4tX0kUwcokWfaUonPMsLxwIpPlO3D4FsOOiwVNEl63OIMTYBRluU
+93W8V6n56sfeiNSX+d4RU3VAD1u9sJuUKsKpqhku8BsdHpZPrDNayUSvRoszboN5
+AB8sCbxZZ8JsJdQk/l+JQZuxNQpLuYyAgdioHJXgWVMsGFODqDyaKCSCO/h1KwcO
+y2k6U4nrSFSOCLmhTa02utRsfH+HxoaGbvxzPzMNn8Dug2AIz17nMQjt68lphPo0
+ZH99HPc5bc8y6PkG7S97MRb1UX2tCX6/6fa6roOnDGAwyk04O1D2gdEaSZhzaJg=
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
+        Signature Algorithm: rsassaPss        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
         Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
         Subject Public Key Info:
             Public Key Algorithm: rsassaPss
-                RSA-PSS Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d6:0e:c7:50:4d:29:f5:a8:a2:d4:29:5b:58:f2:
                     bc:2d:27:de:88:49:1a:84:19:2b:84:8d:94:d1:78:
@@ -142,66 +141,65 @@ Certificate:
                     cc:1d
                 Exponent: 65537 (0x10001)
                 PSS parameter restrictions:
-                  Hash Algorithm: sha256
-                  Mask Algorithm: mgf1 with sha256
-                  Minimum Salt Length: 0x20
-                  Trailer Field: 0xBC (default)
+                  Hash Algorithm: SHA2-256
+                  Mask Algorithm: MGF1 with SHA2-256
+                  Minimum Salt Length: 32
+                  Trailer Field: 0x1 (default)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
             X509v3 Authority Key Identifier: 
-                keyid:64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
-
+                64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: rsassaPss         
-         Hash Algorithm: sha256
-         Mask Algorithm: mgf1 with sha256
-          Salt Length: 0x20
-         Trailer Field: 0xBC (default)
-
-         6c:79:0e:40:30:74:f6:02:08:61:df:c0:89:25:10:30:ea:e4:
-         e9:14:c8:c6:47:01:55:a4:f2:ed:ee:3f:55:da:62:39:04:cb:
-         3d:a1:78:56:76:30:fd:14:ea:b3:d8:21:99:c6:ca:ed:9f:18:
-         7d:15:4d:d2:cf:db:c3:a1:b4:56:0d:04:b1:72:9c:68:81:1f:
-         01:02:b8:8f:d6:d8:ed:47:3a:72:f2:e0:a5:9b:7b:50:75:00:
-         a4:ab:23:62:48:1f:bc:f4:50:86:ef:06:b3:f8:8b:6e:e0:39:
-         d1:8c:3b:8f:1f:ef:c5:ff:8c:2d:b2:1b:5d:82:32:b1:81:92:
-         02:7c:c9:ad:16:86:63:6c:95:41:ed:80:70:96:41:13:11:03:
-         9a:c1:41:d4:ca:e0:fd:7f:2d:d9:5b:60:d6:42:fe:aa:ac:73:
-         4e:6d:26:67:03:ec:53:e9:97:2f:73:3a:f5:c4:ba:cf:dc:db:
-         6c:f0:79:80:b1:52:f4:bf:12:c9:a7:ce:b1:2f:8d:6a:6a:a8:
-         9e:27:e9:d1:55:26:6b:20:8c:1f:90:57:6d:5e:dc:9e:ca:4c:
-         76:fc:35:76:dc:5a:06:90:50:88:7e:ad:9f:58:e3:39:10:e3:
-         64:19:9f:ea:fb:86:04:84:79:d6:20:ac:c8:45:8b:03:8c:eb:
-         b6:d4:e7:e4
+    Signature Algorithm: rsassaPss
+    Signature Value:        
+        Hash Algorithm: sha256
+        Mask Algorithm: mgf1 with sha256
+         Salt Length: 0x20
+        Trailer Field: 0x01 (default)
+        78:31:94:fd:94:b9:31:68:97:cc:3b:60:8e:1b:4b:0b:c6:1b:
+        d4:64:d9:dd:ef:81:f2:fd:a0:18:a5:f4:92:47:07:84:55:f7:
+        f0:1d:25:45:15:cb:df:df:9c:d2:5a:db:f2:e9:1a:8e:98:5b:
+        7c:73:ea:13:3d:02:c2:89:06:50:3e:dd:4e:79:3a:86:1d:cc:
+        7c:04:09:d7:ed:53:86:d7:8a:2a:11:0a:84:14:da:47:d4:92:
+        0a:7f:e7:86:b9:08:a7:7c:da:e4:97:d7:04:25:22:98:0e:e7:
+        72:05:39:ac:57:18:22:76:26:13:8b:29:4d:b8:38:a4:17:8b:
+        fb:2e:bf:61:7a:34:94:09:f0:3f:1d:4a:61:75:ab:b8:31:42:
+        37:b2:47:a0:d9:cf:23:9f:da:61:e2:bf:39:dd:0d:e4:bf:b9:
+        ba:7d:22:ca:f0:53:ad:71:95:4f:1c:05:86:b9:30:63:b9:80:
+        20:0e:e3:4d:32:e0:e8:33:3e:64:27:f5:ae:f5:07:f1:a8:68:
+        3a:49:12:e5:b0:38:bc:d1:96:d2:de:60:02:eb:79:ca:2c:e8:
+        f2:39:09:91:6b:9a:a2:13:b9:01:c5:7f:36:dc:a3:e7:86:b4:
+        72:23:a7:38:26:2b:9a:6e:3c:99:69:f1:8e:cc:68:10:14:50:
+        a2:e9:2b:b1
 -----BEGIN CERTIFICATE-----
-MIIEvzCCA3egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBnTELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dv
-bGZTU0xfUlNBLVBTUzEVMBMGA1UECwwMUm9vdC1SU0EtUFNTMRgwFgYDVQQDDA93
-d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
-HhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBsjELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
-bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
-b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
-CgmSJomT8ixkAQEMB3dvbGZTU0wwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
-AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEK
-AoIBAQDWDsdQTSn1qKLUKVtY8rwtJ96ISRqEGSuEjZTReBLWexTY0oIklav+T1X7
-4FX8OTd7QYC0mG9/xbc+N/hfHS8SMYj5izsAheY2pRc/mqS+SP96NiIsI9SfW1LR
-F9HB8mkZ2DLF93nsgxmH4xOgQ16x6QPttAjNexRoDyVPkPAEp7sIiQjcdk5wSQRB
-Tb+3f3d5au9oS2KXjjORMirjYxVH9mGkJtsCBLZXwKfwquwgcpHDMquYf4TG6F/W
-4BrSJLHHULtzh94qw+LEYDK45FpbteQpjIsoa7sa3Dz+ue+eiShguqRAZtW74GJ/
-pyvhDzjmM+qyEA4UyD+Hn/+LKMwdAgMBAAGjYzBhMB0GA1UdDgQWBBSeDODT37ZL
-8xljXMpsk4aiFFORMTAfBgNVHSMEGDAWgBRk1eyCh4DeWu1JmNgMVH1GnqU81jAP
-BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA9BgkqhkiG9w0BAQowMKAN
-MAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOC
-AQEAbHkOQDB09gIIYd/AiSUQMOrk6RTIxkcBVaTy7e4/VdpiOQTLPaF4VnYw/RTq
-s9ghmcbK7Z8YfRVN0s/bw6G0Vg0EsXKcaIEfAQK4j9bY7Uc6cvLgpZt7UHUApKsj
-YkgfvPRQhu8Gs/iLbuA50Yw7jx/vxf+MLbIbXYIysYGSAnzJrRaGY2yVQe2AcJZB
-ExEDmsFB1Mrg/X8t2Vtg1kL+qqxzTm0mZwPsU+mXL3M69cS6z9zbbPB5gLFS9L8S
-yafOsS+Namqonifp0VUmayCMH5BXbV7cnspMdvw1dtxaBpBQiH6tn1jjORDjZBmf
-6vuGBIR51iCsyEWLA4zrttTn5A==
+MIIEyzCCA3+gAwIBAgIBATBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwgZ0xCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQK
+DA93b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UE
+AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgbIxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQK
+DA53b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20x
+FzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBVjBBBgkqhkiG9w0BAQowNKAPMA0G
+CWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAD
+ggEPADCCAQoCggEBANYOx1BNKfWootQpW1jyvC0n3ohJGoQZK4SNlNF4EtZ7FNjS
+giSVq/5PVfvgVfw5N3tBgLSYb3/Ftz43+F8dLxIxiPmLOwCF5jalFz+apL5I/3o2
+Iiwj1J9bUtEX0cHyaRnYMsX3eeyDGYfjE6BDXrHpA+20CM17FGgPJU+Q8ASnuwiJ
+CNx2TnBJBEFNv7d/d3lq72hLYpeOM5EyKuNjFUf2YaQm2wIEtlfAp/Cq7CBykcMy
+q5h/hMboX9bgGtIkscdQu3OH3irD4sRgMrjkWlu15CmMiyhruxrcPP65756JKGC6
+pEBm1bvgYn+nK+EPOOYz6rIQDhTIP4ef/4sozB0CAwEAAaNjMGEwHQYDVR0OBBYE
+FJ4M4NPftkvzGWNcymyThqIUU5ExMB8GA1UdIwQYMBaAFGTV7IKHgN5a7UmY2AxU
+fUaepTzWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMEEGCSqGSIb3
+DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUD
+BAIBBQCiAwIBIAOCAQEAeDGU/ZS5MWiXzDtgjhtLC8Yb1GTZ3e+B8v2gGKX0kkcH
+hFX38B0lRRXL39+c0lrb8ukajphbfHPqEz0CwokGUD7dTnk6hh3MfAQJ1+1ThteK
+KhEKhBTaR9SSCn/nhrkIp3za5JfXBCUimA7ncgU5rFcYInYmE4spTbg4pBeL+y6/
+YXo0lAnwPx1KYXWruDFCN7JHoNnPI5/aYeK/Od0N5L+5un0iyvBTrXGVTxwFhrkw
+Y7mAIA7jTTLg6DM+ZCf1rvUH8ahoOkkS5bA4vNGW0t5gAut5yizo8jkJkWuaohO5
+AcV/Ntyj54a0ciOnOCYrmm48mWnxjsxoEBRQoukrsQ==
 -----END CERTIFICATE-----
diff --git a/certs/server-cert-chain.der b/certs/server-cert-chain.der
index effd41c1d..8a4fab661 100644
Binary files a/certs/server-cert-chain.der and b/certs/server-cert-chain.der differ
diff --git a/certs/server-cert.der b/certs/server-cert.der
index e5cb198f6..91c6fa74d 100644
Binary files a/certs/server-cert.der and b/certs/server-cert.der differ
diff --git a/certs/server-cert.pem b/certs/server-cert.pem
index c0e639feb..6fc3db772 100644
--- a/certs/server-cert.pem
+++ b/certs/server-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = Support, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -37,8 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -46,27 +45,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         4a:ff:b9:e5:85:9b:da:53:66:7f:07:22:bf:b6:19:ea:42:eb:
-         a4:11:07:62:ff:39:5f:33:37:3a:87:26:71:3d:13:b2:ca:b8:
-         64:38:7b:8a:99:48:0e:a5:a4:6b:b1:99:6e:e0:46:51:bd:19:
-         52:ad:bc:a6:7e:2a:7a:7c:23:a7:cc:db:5e:43:7d:6b:04:c8:
-         b7:dd:95:ad:f0:91:80:59:c5:19:91:26:27:91:b8:48:1c:eb:
-         55:b6:aa:7d:a4:38:f1:03:bc:6c:8b:aa:94:d6:3c:05:7a:96:
-         c5:06:f1:26:14:2e:75:fb:dd:e5:35:b3:01:2c:b3:ad:62:5a:
-         21:9a:08:be:56:fc:f9:a2:42:87:86:e5:a9:c5:99:cf:ae:14:
-         be:e0:b9:08:24:0d:1d:5c:d6:14:e1:4c:9f:40:b3:a9:e9:2d:
-         52:8b:4c:bf:ac:44:31:67:c1:8d:06:85:ec:0f:e4:99:d7:4b:
-         7b:21:06:66:d4:e4:f5:9d:ff:8e:f0:86:39:58:1d:a4:5b:e2:
-         63:ef:7c:c9:18:87:a8:02:25:10:3e:87:28:f9:f5:ef:47:9e:
-         a5:80:08:11:90:68:fe:d1:a3:a8:51:b9:37:ff:d5:ca:7c:87:
-         7f:6b:bc:2c:12:c8:c5:85:8b:fc:0c:c6:b9:86:b8:c9:04:c3:
-         51:37:d2:4f
+    Signature Value:
+        8a:f1:4e:e8:9f:59:b2:d9:13:ac:fc:42:c4:81:34:9f:6b:39:
+        57:9c:e9:92:5d:41:ac:05:35:b1:26:93:4d:4a:da:f8:51:82:
+        d2:8d:7f:d3:5c:6e:29:80:8d:9b:02:10:2b:64:f5:d1:31:06:
+        fa:85:2b:8f:63:32:14:76:7a:39:15:f3:4e:dd:fd:e2:2c:90:
+        15:d1:6f:73:87:ee:e6:c8:eb:ad:40:d5:e8:94:1f:a6:7e:26:
+        5b:87:ba:0f:06:5a:4d:55:7a:aa:c4:09:34:8b:f7:e5:cc:d6:
+        b7:6c:46:6d:a1:e6:66:66:4c:4b:e5:12:31:37:54:49:64:a5:
+        66:eb:e0:c6:a1:49:f8:4d:c3:d3:55:a4:05:d2:ac:fb:e1:c8:
+        69:30:4b:98:fd:72:1a:ab:9f:86:eb:0d:bd:7c:a6:3d:81:d9:
+        01:a7:8a:79:ab:3c:ce:e5:b6:c3:1b:ef:7d:5e:37:7b:37:7c:
+        91:89:59:11:21:11:7c:05:80:e1:a8:d6:f9:35:da:1b:86:06:
+        5a:32:67:6c:a9:2b:e0:31:7b:89:53:37:42:af:34:a4:53:d2:
+        7c:91:50:63:3a:8e:4a:1f:a3:90:4e:7c:41:59:1d:eb:7b:a2:
+        14:87:ba:76:36:a4:77:46:34:f2:55:50:f0:24:9f:83:83:da:
+        a6:aa:3c:c8
 -----BEGIN CERTIFICATE-----
 MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
 BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
@@ -80,30 +80,30 @@ BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
 M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
 bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
 DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
-9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDNEGqhsAez2YPJwUQpM0RT6vOlEMAwG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFGubcMbxo5RlGaEIWO+njSt6g8HaMAwG
 A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBK/7nl
-hZvaU2Z/ByK/thnqQuukEQdi/zlfMzc6hyZxPROyyrhkOHuKmUgOpaRrsZlu4EZR
-vRlSrbymfip6fCOnzNteQ31rBMi33ZWt8JGAWcUZkSYnkbhIHOtVtqp9pDjxA7xs
-i6qU1jwFepbFBvEmFC51+93lNbMBLLOtYlohmgi+Vvz5okKHhuWpxZnPrhS+4LkI
-JA0dXNYU4UyfQLOp6S1Si0y/rEQxZ8GNBoXsD+SZ10t7IQZm1OT1nf+O8IY5WB2k
-W+Jj73zJGIeoAiUQPoco+fXvR56lgAgRkGj+0aOoUbk3/9XKfId/a7wsEsjFhYv8
-DMa5hrjJBMNRN9JP
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCK8U7o
+n1my2ROs/ELEgTSfazlXnOmSXUGsBTWxJpNNStr4UYLSjX/TXG4pgI2bAhArZPXR
+MQb6hSuPYzIUdno5FfNO3f3iLJAV0W9zh+7myOutQNXolB+mfiZbh7oPBlpNVXqq
+xAk0i/flzNa3bEZtoeZmZkxL5RIxN1RJZKVm6+DGoUn4TcPTVaQF0qz74chpMEuY
+/XIaq5+G6w29fKY9gdkBp4p5qzzO5bbDG+99Xjd7N3yRiVkRIRF8BYDhqNb5Ndob
+hgZaMmdsqSvgMXuJUzdCrzSkU9J8kVBjOo5KH6OQTnxBWR3re6IUh7p2NqR3RjTy
+VVDwJJ+Dg9qmqjzI
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+            6b:9b:70:c6:f1:a3:94:65:19:a1:08:58:ef:a7:8d:2b:7a:83:c1:da
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -130,8 +130,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -139,27 +138,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
-         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
-         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
-         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
-         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
-         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
-         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
-         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
-         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
-         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
-         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
-         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
-         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
-         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
-         b9:a2:fe:35
+    Signature Value:
+        77:3b:3d:66:74:bc:97:fe:40:16:e6:ba:a5:d5:d1:84:08:89:
+        69:4f:88:0d:57:a9:ef:8c:c3:97:52:c8:bd:8b:a2:49:3b:b7:
+        f7:5d:1e:d6:14:7f:b2:80:33:da:a0:8a:d3:e1:2f:d5:bc:33:
+        9f:ea:5a:72:24:e5:f8:b8:4b:b3:df:62:90:3b:a8:21:ef:27:
+        42:75:bc:60:02:8e:37:35:99:eb:a3:28:f2:65:4c:ff:7a:f8:
+        8e:cc:23:6d:e5:6a:fe:22:5a:d9:b2:4f:47:c7:e0:ae:98:ef:
+        94:ac:b6:4f:61:81:29:8e:e1:79:2c:46:fc:e9:1a:c3:96:1f:
+        19:93:64:2e:9f:37:72:c5:e4:93:4e:61:5f:38:8e:ae:e8:39:
+        19:e6:97:a8:91:d4:23:7e:1e:d2:d0:53:ec:cc:ac:a0:1d:d0:
+        b7:dd:b1:b7:01:2e:96:cd:85:27:e0:e7:47:e2:c1:c1:00:f6:
+        94:df:77:e7:fa:c6:ef:8a:c0:7c:67:bc:ff:a0:7c:94:3b:7d:
+        86:42:af:3d:83:31:ee:2a:3b:7b:f0:2c:9e:6f:e9:c4:07:81:
+        24:da:05:70:4d:dd:09:ae:9e:72:b8:21:0e:8c:b2:ab:aa:4c:
+        49:10:f7:76:f9:b5:0d:6c:20:d3:df:7a:06:32:8d:29:1f:28:
+        1d:8d:26:33
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUa5twxvGjlGUZoQhY76eNK3qDwdowDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -174,12 +174,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+a5twxvGjlGUZoQhY76eNK3qDwdowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
-OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
-bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
-w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
-tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
-qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmi/jU=
+DQYJKoZIhvcNAQELBQADggEBAHc7PWZ0vJf+QBbmuqXV0YQIiWlPiA1Xqe+Mw5dS
+yL2Lokk7t/ddHtYUf7KAM9qgitPhL9W8M5/qWnIk5fi4S7PfYpA7qCHvJ0J1vGAC
+jjc1meujKPJlTP96+I7MI23lav4iWtmyT0fH4K6Y75Sstk9hgSmO4XksRvzpGsOW
+HxmTZC6fN3LF5JNOYV84jq7oORnml6iR1CN+HtLQU+zMrKAd0LfdsbcBLpbNhSfg
+50fiwcEA9pTfd+f6xu+KwHxnvP+gfJQ7fYZCrz2DMe4qO3vwLJ5v6cQHgSTaBXBN
+3QmunnK4IQ6MsquqTEkQ93b5tQ1sINPfegYyjSkfKB2NJjM=
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc-comp.der b/certs/server-ecc-comp.der
index b7e15586f..c0063c4b8 100644
Binary files a/certs/server-ecc-comp.der and b/certs/server-ecc-comp.der differ
diff --git a/certs/server-ecc-comp.pem b/certs/server-ecc-comp.pem
index 8af59ab6e..8741568a0 100644
--- a/certs/server-ecc-comp.pem
+++ b/certs/server-ecc-comp.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            21:d7:53:80:24:5c:eb:bf:c0:a4:40:f4:42:19:3b:83:fd:58:c5:a6
+            0c:33:75:68:ff:2e:13:4a:2a:30:56:b4:a8:79:14:e2:c4:ca:61:54
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Montana, L = Bozeman, O = Elliptic - comp, OU = Server ECC-comp, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Elliptic - comp, OU = Server ECC-comp, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -24,8 +24,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:8C:38:3A:6B:B8:24:B7:DF:6E:F4:59:AC:56:4E:AA:E2:58:A6:5A:18
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Elliptic - comp/OU=Server ECC-comp/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:21:D7:53:80:24:5C:EB:BF:C0:A4:40:F4:42:19:3B:83:FD:58:C5:A6
-
+                serial:0C:33:75:68:FF:2E:13:4A:2A:30:56:B4:A8:79:14:E2:C4:CA:61:54
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -33,17 +32,18 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:20:57:1a:59:bc:c9:45:0a:46:e6:16:da:17:ce:c3:
-         0a:57:57:f2:3d:15:cd:ca:1b:a7:a8:39:2e:9d:09:f3:3e:a0:
-         02:21:00:de:a3:3a:4d:88:38:2b:3a:84:de:2f:0a:81:14:57:
-         7f:7f:2e:d6:a5:4d:61:10:69:b9:a2:c6:51:cd:80:4a:63
+    Signature Value:
+        30:45:02:20:23:d1:f6:8f:d4:29:83:27:8f:4a:8e:49:44:49:
+        32:1c:12:e4:c1:33:b1:97:2b:31:cd:62:47:cb:b6:d0:eb:4d:
+        02:21:00:e0:6e:dc:48:70:aa:10:b2:74:d1:88:da:f1:3f:d9:
+        d7:e9:e4:88:e5:91:00:03:c1:0c:1f:54:a0:ca:4d:99:6a
 -----BEGIN CERTIFICATE-----
-MIIDdzCCAx2gAwIBAgIUIddTgCRc67/ApED0Qhk7g/1YxaYwCgYIKoZIzj0EAwIw
+MIIDdzCCAx2gAwIBAgIUDDN1aP8uE0oqMFa0qHkU4sTKYVQwCgYIKoZIzj0EAwIw
 gaAxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMRgwFgYDVQQKDA9FbGxpcHRpYyAtIGNvbXAxGDAWBgNVBAsMD1NlcnZlciBF
 Q0MtY29tcDEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
-FhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTky
-OFowgaAxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
+FhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUz
+MFowgaAxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRgwFgYDVQQKDA9FbGxpcHRpYyAtIGNvbXAxGDAWBgNVBAsMD1NlcnZl
 ciBFQ0MtY29tcDEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
 AQkBFhBpbmZvQHdvbGZzc2wuY29tMDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgAC
@@ -52,9 +52,9 @@ FgQUjDg6a7gkt99u9FmsVk6q4limWhgwgeAGA1UdIwSB2DCB1YAUjDg6a7gkt99u
 9FmsVk6q4limWhihgaakgaMwgaAxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250
 YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA9FbGxpcHRpYyAtIGNvbXAx
 GDAWBgNVBAsMD1NlcnZlciBFQ0MtY29tcDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
-Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQh11OAJFzrv8Ck
-QPRCGTuD/VjFpjAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29t
+Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQMM3Vo/y4TSiow
+VrSoeRTixMphVDAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29t
 hwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAKBggqhkjOPQQD
-AgNIADBFAiBXGlm8yUUKRuYW2hfOwwpXV/I9Fc3KG6eoOS6dCfM+oAIhAN6jOk2I
-OCs6hN4vCoEUV39/LtalTWEQabmixlHNgEpj
+AgNIADBFAiAj0faP1CmDJ49KjklESTIcEuTBM7GXKzHNYkfLttDrTQIhAOBu3Ehw
+qhCydNGI2vE/2dfp5IjlkQADwQwfVKDKTZlq
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc-rsa.der b/certs/server-ecc-rsa.der
index 3c958432c..f59f0eb9a 100644
Binary files a/certs/server-ecc-rsa.der and b/certs/server-ecc-rsa.der differ
diff --git a/certs/server-ecc-rsa.pem b/certs/server-ecc-rsa.pem
index 6db0901d5..34e4e6f21 100644
--- a/certs/server-ecc-rsa.pem
+++ b/certs/server-ecc-rsa.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Elliptic - RSAsig, OU = ECC-RSAsig, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -25,8 +25,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -34,27 +33,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         16:b7:d3:9c:7c:6e:d2:b7:79:aa:5a:16:0b:1e:da:d0:f7:df:
-         64:c9:3c:b8:41:24:4b:1b:c2:83:5e:df:de:a8:8a:7c:eb:07:
-         75:20:f6:f3:4c:bd:3f:2e:f0:f0:da:4b:c5:d2:c4:f8:db:34:
-         75:e2:32:b4:34:92:8a:7f:d7:84:ea:df:99:ca:64:e6:7c:68:
-         05:1c:75:de:3f:06:65:5d:fc:29:c9:73:0f:4a:ad:fd:bc:0d:
-         91:37:67:63:55:65:93:99:56:84:25:1b:f1:50:03:31:2d:48:
-         ad:a3:38:91:29:88:b8:72:08:4c:11:36:35:20:13:78:98:d8:
-         84:30:c5:7b:70:24:45:8c:e1:55:80:06:5f:19:57:89:58:1c:
-         2a:40:fb:f3:a6:bf:ea:41:7a:79:2c:ab:fe:b6:16:5d:d5:fa:
-         32:50:9d:89:f2:cc:87:7a:57:cf:4d:38:c4:d5:33:9a:4d:83:
-         c9:00:b8:36:66:14:76:20:c1:7a:c7:f7:0a:94:69:ce:0a:0f:
-         81:04:12:5f:71:d0:d1:ff:08:d0:89:6f:ac:45:d3:06:23:a0:
-         76:88:ad:5d:9a:7a:8c:1f:61:d4:d8:21:1d:8e:05:89:d1:d4:
-         d6:86:5b:4b:43:e6:03:4a:10:48:f4:1b:9d:3b:76:d8:2c:ad:
-         fa:33:a5:70
+    Signature Value:
+        38:e8:66:c3:74:e0:5c:59:a9:12:46:ad:84:e3:b3:fa:3e:68:
+        90:d0:06:a4:2c:ab:f7:b3:b9:7c:89:62:fb:88:eb:88:04:d9:
+        4b:ac:7e:4b:4b:7c:7c:0f:e1:dd:73:ee:88:b3:e7:1e:00:7b:
+        fe:aa:24:50:d7:3c:c4:03:f2:ba:fd:81:ce:7a:0c:1c:48:6a:
+        33:ad:a7:f8:f7:ca:f7:00:47:5c:fc:f8:05:98:5f:ec:c3:aa:
+        75:93:03:a1:4e:7a:37:ec:8b:a9:99:fa:76:85:cb:c3:99:29:
+        70:1e:9c:41:f1:49:fd:e8:c0:75:0a:dd:a0:e0:d3:6e:7f:93:
+        7e:4d:2e:ee:a1:c9:db:fc:98:86:bb:67:7d:2f:74:00:10:7c:
+        24:5b:58:f3:5a:ed:96:6e:8f:34:ee:47:46:be:3e:96:25:2b:
+        7c:90:5b:65:24:48:66:5a:79:a6:6a:f5:ed:31:cf:0b:29:c3:
+        f1:ab:91:21:9c:79:99:c9:5c:4c:2b:ac:f1:21:5c:44:07:14:
+        45:e5:e0:84:ce:a3:49:59:8d:94:4a:9d:11:20:c3:d3:fc:ce:
+        8f:2c:38:5b:38:e7:b2:d0:71:9f:3f:de:4e:08:03:f9:11:58:
+        7c:46:04:0a:73:28:68:b8:17:17:02:45:9c:65:96:1a:b3:98:
+        4d:3b:fb:c7
 -----BEGIN CERTIFICATE-----
 MIIEKjCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGjAYBgNVBAoMEUVsbGlwdGljIC0g
 UlNBc2lnMRMwEQYDVQQLDApFQ0MtUlNBc2lnMRgwFgYDVQQDDA93d3cud29sZnNz
 bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjO
@@ -64,13 +64,13 @@ BBYEFF1dJu+sfjb5m3YVK0olAiPvsokwMIHUBgNVHSMEgcwwgcmAFCeOZxF0wyYd
 P+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9u
 dGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgxEzARBgNV
 BAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB7PZg8nBRCkzRFPq86UQw
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGjlGUZoQhY76eNK3qDwdow
 DAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBABa3
-05x8btK3eapaFgse2tD332TJPLhBJEsbwoNe396oinzrB3Ug9vNMvT8u8PDaS8XS
-xPjbNHXiMrQ0kop/14Tq35nKZOZ8aAUcdd4/BmVd/CnJcw9Krf28DZE3Z2NVZZOZ
-VoQlG/FQAzEtSK2jOJEpiLhyCEwRNjUgE3iY2IQwxXtwJEWM4VWABl8ZV4lYHCpA
-+/Omv+pBenksq/62Fl3V+jJQnYnyzId6V89NOMTVM5pNg8kAuDZmFHYgwXrH9wqU
-ac4KD4EEEl9x0NH/CNCJb6xF0wYjoHaIrV2aeowfYdTYIR2OBYnR1NaGW0tD5gNK
-EEj0G507dtgsrfozpXA=
+HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBADjo
+ZsN04FxZqRJGrYTjs/o+aJDQBqQsq/ezuXyJYvuI64gE2UusfktLfHwP4d1z7oiz
+5x4Ae/6qJFDXPMQD8rr9gc56DBxIajOtp/j3yvcAR1z8+AWYX+zDqnWTA6FOejfs
+i6mZ+naFy8OZKXAenEHxSf3owHUK3aDg025/k35NLu6hydv8mIa7Z30vdAAQfCRb
+WPNa7ZZujzTuR0a+PpYlK3yQW2UkSGZaeaZq9e0xzwspw/GrkSGceZnJXEwrrPEh
+XEQHFEXl4ITOo0lZjZRKnREgw9P8zo8sOFs457LQcZ8/3k4IA/kRWHxGBApzKGi4
+FxcCRZxllhqzmE07+8c=
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc-self.der b/certs/server-ecc-self.der
index fe076d68d..3892b069a 100644
Binary files a/certs/server-ecc-self.der and b/certs/server-ecc-self.der differ
diff --git a/certs/server-ecc-self.pem b/certs/server-ecc-self.pem
index 663c1948b..306b8752a 100644
--- a/certs/server-ecc-self.pem
+++ b/certs/server-ecc-self.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            7e:ce:94:a4:69:82:50:e3:fe:e1:ca:d8:ff:0e:5f:8f:c9:b5:2b:5c
+            56:13:5e:22:d3:64:94:86:c6:dd:cf:fd:7f:bf:c9:84:93:ce:15:ca
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:27 2023 GMT
-            Not After : Dec 10 22:19:27 2033 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Dec 16 21:25:29 2034 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -28,37 +28,35 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
             X509v3 Authority Key Identifier: 
-                keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
                 DirName:/C=US/ST=Washington/L=Seattle/O=Elliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:7E:CE:94:A4:69:82:50:E3:FE:E1:CA:D8:FF:0E:5F:8F:C9:B5:2B:5C
-
+                serial:56:13:5E:22:D3:64:94:86:C6:DD:CF:FD:7F:BF:C9:84:93:CE:15:CA
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment, Key Agreement
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:46:02:21:00:b1:ef:00:eb:7b:d1:e0:a8:95:1c:80:c8:11:
-         e3:66:46:fb:ff:f8:55:2f:45:20:98:72:b1:5b:e4:b6:3b:ce:
-         35:02:21:00:d7:b3:b6:bb:fd:41:86:04:a1:61:bd:2b:1c:5f:
-         a0:3d:52:51:97:e3:90:d0:5e:a6:c8:09:23:ae:3d:5c:2a:3c
+    Signature Value:
+        30:45:02:21:00:93:af:89:fe:2f:b2:5c:ac:04:da:f6:2b:73:
+        64:2e:6a:88:66:14:27:74:34:42:f2:13:37:f6:c9:bc:21:26:
+        57:02:20:30:bd:b1:51:c9:55:78:49:78:3d:09:78:dd:eb:d0:
+        23:fe:10:19:cb:b6:a7:64:f4:f8:e0:bd:a2:ff:55:df:e6
 -----BEGIN CERTIFICATE-----
-MIIDYDCCAwWgAwIBAgIUfs6UpGmCUOP+4crY/w5fj8m1K1wwCgYIKoZIzj0EAwIw
+MIIDSTCCAu+gAwIBAgIUVhNeItNklIbG3c/9f7/JhJPOFcowCgYIKoZIzj0EAwIw
 gZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQD
 DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
-b20wHhcNMjMxMjEzMjIxOTI3WhcNMzMxMjEwMjIxOTI3WjCBkDELMAkGA1UEBhMC
+b20wHhcNMjQxMjE4MjEyNTI5WhcNMzQxMjE2MjEyNTI5WjCBkDELMAkGA1UEBhMC
 VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNV
 BAoMCEVsbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49
 AgEGCCqGSM49AwEHA0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhh
-AumvTdMCk5oxW5eSIX/wzxjakRECNIboIFgzC4A0idijggE5MIIBNTAJBgNVHRME
+AumvTdMCk5oxW5eSIX/wzxjakRECNIboIFgzC4A0idijggEjMIIBHzAJBgNVHRME
 AjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAdBgNVHQ4EFgQUXV0m76x+NvmbdhUrSiUC
-I++yiTAwgdAGA1UdIwSByDCBxYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZakgZMw
-gZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
-ZWF0dGxlMREwDwYDVQQKDAhFbGxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQD
-DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
-b22CFH7OlKRpglDj/uHK2P8OX4/JtStcMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUE
-DDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNJADBGAiEAse8A63vR4KiVHIDIEeNm
-Rvv/+FUvRSCYcrFb5LY7zjUCIQDXs7a7/UGGBKFhvSscX6A9UlGX45DQXqbICSOu
-PVwqPA==
+I++yiTAwgboGA1UdIwSBsjCBr6GBlqSBkzCBkDELMAkGA1UEBhMCVVMxEzARBgNV
+BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlw
+dGljMQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
+CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUVhNeItNklIbG3c/9f7/JhJPO
+FcowDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49
+BAMCA0gAMEUCIQCTr4n+L7JcrATa9itzZC5qiGYUJ3Q0QvITN/bJvCEmVwIgML2x
+UclVeEl4PQl43evQI/4QGcu2p2T0+OC9ov9V3+Y=
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc.der b/certs/server-ecc.der
index 7d5e07e66..9c3700b33 100644
Binary files a/certs/server-ecc.der and b/certs/server-ecc.der differ
diff --git a/certs/server-ecc.pem b/certs/server-ecc.pem
index 94978a551..d4a2f9f95 100644
--- a/certs/server-ecc.pem
+++ b/certs/server-ecc.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -23,8 +23,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
             X509v3 Authority Key Identifier: 
-                keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
-
+                56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -34,16 +33,17 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:86:bd:87:16:d2:9c:66:e7:5e:5c:28:0e:5f:
-         ef:94:61:2f:d4:21:6d:8e:c3:94:0a:1e:b5:6a:1d:c6:04:87:
-         c6:02:20:66:46:c4:29:d9:8e:eb:0b:f7:5b:32:13:eb:0a:ea:
-         47:99:4b:74:56:ba:21:97:b1:67:75:5c:f3:f3:c0:88:aa
+    Signature Value:
+        30:45:02:21:00:8b:82:a5:d2:f6:ca:84:ba:ad:2d:de:36:e9:
+        2a:4d:ee:4b:20:46:ba:ab:4e:d0:10:6e:eb:30:b6:7e:d8:af:
+        8c:02:20:06:74:40:6a:a9:31:54:fe:20:9d:c6:6d:2b:df:1d:
+        aa:63:da:fc:97:50:87:92:69:ee:63:57:b6:ec:e2:e9:fa
 -----BEGIN CERTIFICATE-----
 MIICojCCAkigAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR
 BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv
 bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
 MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
@@ -51,7 +51,7 @@ A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS
 IX/wzxjakRECNIboIFgzC4A0idijgYkwgYYwHQYDVR0OBBYEFF1dJu+sfjb5m3YV
 K0olAiPvsokwMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD86UhMAwGA1Ud
 EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEG
-CWCGSAGG+EIBAQQEAwIGQDAKBggqhkjOPQQDAgNIADBFAiEAhr2HFtKcZudeXCgO
-X++UYS/UIW2Ow5QKHrVqHcYEh8YCIGZGxCnZjusL91syE+sK6keZS3RWuiGXsWd1
-XPPzwIiq
+CWCGSAGG+EIBAQQEAwIGQDAKBggqhkjOPQQDAgNIADBFAiEAi4Kl0vbKhLqtLd42
+6SpN7ksgRrqrTtAQbuswtn7Yr4wCIAZ0QGqpMVT+IJ3GbSvfHapj2vyXUIeSae5j
+V7bs4un6
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc384-cert.der b/certs/server-ecc384-cert.der
index b4410ad4b..2638b193e 100644
Binary files a/certs/server-ecc384-cert.der and b/certs/server-ecc384-cert.der differ
diff --git a/certs/server-ecc384-cert.pem b/certs/server-ecc384-cert.pem
index 21d890987..ba1d04ba1 100644
--- a/certs/server-ecc384-cert.pem
+++ b/certs/server-ecc384-cert.pem
@@ -2,8 +2,8 @@
 MIIDnzCCAyagAwIBAgICEAEwCgYIKoZIzj0EAwMwgZcxCzAJBgNVBAYTAlVTMRMw
 EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
 b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCAXDTIzMTIx
-MzIyMTkyN1oYDzIwNTMxMjA1MjIxOTI3WjCBljELMAkGA1UEBhMCVVMxEzARBgNV
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCAXDTI0MTIx
+ODIxMjUyOVoYDzIwNTQxMjExMjEyNTI5WjCBljELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlw
 dGljMRIwEAYDVQQLDAlFQ0MzODRTcnYxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv
 bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTB2MBAGByqGSM49AgEG
@@ -14,9 +14,9 @@ MB0GA1UdDgQWBBSCO/JlL/O0AMa8Bv15QnVLZdHOvDCB1wYDVR0jBIHPMIHMgBSr
 4MMmTBjUcrvShIycCgWSgBJTUqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNV
 BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT
 U0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
-b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFEXB9YZPVPLQmp3y
-n1IKRmavozXTMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAK
-BggqhkjOPQQDAwNnADBkAjA4AvK6JvDpyPBqda/IkyzM90qQIHKbomr7ayhuAG0k
-VENqh4nn4BED4EjmgEZ8FjoCMF4UuUIDJtYCMA8lqknSfpfxmWdSfbKw7eaM/ivj
-z5PuNjtIU2GSWQ1njRNDyi+keg==
+b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFFaBUbnOIn1WJzbB
+88oeB5Z04brGMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAK
+BggqhkjOPQQDAwNnADBkAjAYATAj5pIDNH3L+oUwPS8ur+j7nhcf+T3/4/EywRUY
+C/cZR0DTEPUTTJP3AOgkC74CMGuLTpj9RxsUyhnVbHMRDEMmCFO04ewoLYSs129j
+OKguYwcZubpKZ42SE1meXjmZOA==
 -----END CERTIFICATE-----
diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem
index 456297371..8bf60a03f 100644
--- a/certs/server-revoked-cert.pem
+++ b/certs/server-revoked-cert.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_revoked, OU = Support_revoked, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b0:14:16:3a:43:dd:e1:50:45:4f:cf:80:b3:dd:
                     66:96:c7:e9:f4:dc:de:b6:6b:24:1b:76:48:ac:c6:
@@ -37,8 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -46,27 +45,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         5c:ae:98:a1:97:b7:b7:57:1b:47:32:9d:86:df:aa:5a:95:03:
-         8f:de:04:9f:27:1f:b3:bc:6d:50:63:53:6a:02:83:3d:5b:f6:
-         16:04:4a:04:84:65:d4:68:7c:f3:1d:8f:dc:ff:76:e1:b0:ce:
-         88:b1:31:57:c9:5c:14:bf:ae:b9:ee:82:a0:b0:c3:25:bb:5f:
-         0f:a7:00:fc:dd:73:27:8b:b8:dd:72:63:00:47:38:cb:09:66:
-         7a:0e:fb:8f:c3:6e:de:23:23:47:cd:7f:f0:4c:fa:31:fa:f5:
-         28:cb:2e:1c:3e:0a:92:8a:b2:c7:bd:37:21:39:d2:f6:ee:c4:
-         9c:28:7a:0a:88:8c:ca:ce:7d:e8:c3:a7:3f:bc:44:52:fb:e0:
-         68:95:f2:46:30:0f:1b:fa:ea:92:4c:86:c2:fe:62:48:91:5a:
-         ea:5a:9a:76:8a:23:dd:56:37:27:d8:91:2f:eb:77:eb:b8:30:
-         8e:5a:46:71:96:a2:24:f0:fa:1a:eb:39:cd:70:dc:ea:4e:bd:
-         49:88:4c:57:95:ff:f8:9e:b0:b7:13:10:26:51:3c:4b:bc:70:
-         3a:fc:1d:a2:6f:13:bf:ab:d4:3c:9e:06:ae:3b:6d:03:09:41:
-         e0:07:b0:85:22:09:c1:5d:39:d2:59:04:90:9d:46:20:0b:24:
-         82:82:c3:36
+    Signature Value:
+        45:72:59:97:b2:67:b1:84:57:91:f4:fc:87:4b:18:ce:96:de:
+        bc:90:30:81:f7:39:2a:7d:c2:56:e5:f5:ed:79:e5:7c:e0:81:
+        f1:6d:bd:cf:96:30:f8:9e:57:d7:ab:a8:ab:2e:02:2c:4b:1f:
+        0e:47:50:db:3d:c7:01:3e:7d:3f:d9:ad:fa:97:76:74:9a:2d:
+        5b:67:91:65:27:6b:64:7b:f3:b1:6f:18:0b:ec:7f:fa:ee:8a:
+        26:5b:61:88:f9:08:be:08:c3:b6:fe:c7:b2:14:5c:95:41:31:
+        26:3e:47:be:ee:d7:b4:2d:54:15:be:36:5c:e0:1f:b4:9d:9c:
+        3c:8e:1d:70:8d:c9:5e:35:38:9a:9d:0a:62:d5:8c:30:aa:f5:
+        e6:0e:eb:65:4e:77:cc:96:35:17:70:bb:3b:59:68:fe:4a:cf:
+        d3:39:3e:70:50:ce:df:27:d4:6b:a7:30:a4:a0:55:fa:f5:f2:
+        12:5d:c8:3d:9b:31:ff:7b:2c:55:f1:f6:6f:49:0c:5f:b3:1e:
+        23:91:57:ca:68:88:80:2d:55:f3:4f:1a:d8:b3:81:03:da:f2:
+        f8:01:27:01:c6:69:6e:67:cc:96:45:b5:2b:a5:ed:12:56:75:
+        8b:97:69:2a:7d:76:5a:5e:5a:7d:97:25:f6:94:15:9a:60:92:
+        fd:d5:8e:fc
 -----BEGIN CERTIFICATE-----
 MIIE+DCCA+CgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfcmV2
 b2tlZDEYMBYGA1UECwwPU3VwcG9ydF9yZXZva2VkMRgwFgYDVQQDDA93d3cud29s
 ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
@@ -80,30 +80,30 @@ ggFFMIIBQTAdBgNVHQ4EFgQU2AkrWeEq7tnuQKqcq/BdKAlPIrswgdQGA1UdIwSB
 zDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVT
 MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
 YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
-c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqobAHs
-9mDycFEKTNEU+rzpRDAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUu
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG8aOU
+ZRmhCFjvp40reoPB2jAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUu
 Y29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG
-9w0BAQsFAAOCAQEAXK6YoZe3t1cbRzKdht+qWpUDj94Enycfs7xtUGNTagKDPVv2
-FgRKBIRl1Gh88x2P3P924bDOiLExV8lcFL+uue6CoLDDJbtfD6cA/N1zJ4u43XJj
-AEc4ywlmeg77j8Nu3iMjR81/8Ez6Mfr1KMsuHD4Kkoqyx703ITnS9u7EnCh6CoiM
-ys596MOnP7xEUvvgaJXyRjAPG/rqkkyGwv5iSJFa6lqadooj3VY3J9iRL+t367gw
-jlpGcZaiJPD6Gus5zXDc6k69SYhMV5X/+J6wtxMQJlE8S7xwOvwdom8Tv6vUPJ4G
-rjttAwlB4AewhSIJwV050lkEkJ1GIAskgoLDNg==
+9w0BAQsFAAOCAQEARXJZl7JnsYRXkfT8h0sYzpbevJAwgfc5Kn3CVuX17XnlfOCB
+8W29z5Yw+J5X16uoqy4CLEsfDkdQ2z3HAT59P9mt+pd2dJotW2eRZSdrZHvzsW8Y
+C+x/+u6KJlthiPkIvgjDtv7HshRclUExJj5Hvu7XtC1UFb42XOAftJ2cPI4dcI3J
+XjU4mp0KYtWMMKr15g7rZU53zJY1F3C7O1lo/krP0zk+cFDO3yfUa6cwpKBV+vXy
+El3IPZsx/3ssVfH2b0kMX7MeI5FXymiIgC1V808a2LOBA9ry+AEnAcZpbmfMlkW1
+K6XtElZ1i5dpKn12Wl5afZcl9pQVmmCS/dWO/A==
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+            6b:9b:70:c6:f1:a3:94:65:19:a1:08:58:ef:a7:8d:2b:7a:83:c1:da
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -130,8 +130,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -139,27 +138,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
-         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
-         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
-         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
-         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
-         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
-         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
-         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
-         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
-         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
-         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
-         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
-         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
-         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
-         b9:a2:fe:35
+    Signature Value:
+        77:3b:3d:66:74:bc:97:fe:40:16:e6:ba:a5:d5:d1:84:08:89:
+        69:4f:88:0d:57:a9:ef:8c:c3:97:52:c8:bd:8b:a2:49:3b:b7:
+        f7:5d:1e:d6:14:7f:b2:80:33:da:a0:8a:d3:e1:2f:d5:bc:33:
+        9f:ea:5a:72:24:e5:f8:b8:4b:b3:df:62:90:3b:a8:21:ef:27:
+        42:75:bc:60:02:8e:37:35:99:eb:a3:28:f2:65:4c:ff:7a:f8:
+        8e:cc:23:6d:e5:6a:fe:22:5a:d9:b2:4f:47:c7:e0:ae:98:ef:
+        94:ac:b6:4f:61:81:29:8e:e1:79:2c:46:fc:e9:1a:c3:96:1f:
+        19:93:64:2e:9f:37:72:c5:e4:93:4e:61:5f:38:8e:ae:e8:39:
+        19:e6:97:a8:91:d4:23:7e:1e:d2:d0:53:ec:cc:ac:a0:1d:d0:
+        b7:dd:b1:b7:01:2e:96:cd:85:27:e0:e7:47:e2:c1:c1:00:f6:
+        94:df:77:e7:fa:c6:ef:8a:c0:7c:67:bc:ff:a0:7c:94:3b:7d:
+        86:42:af:3d:83:31:ee:2a:3b:7b:f0:2c:9e:6f:e9:c4:07:81:
+        24:da:05:70:4d:dd:09:ae:9e:72:b8:21:0e:8c:b2:ab:aa:4c:
+        49:10:f7:76:f9:b5:0d:6c:20:d3:df:7a:06:32:8d:29:1f:28:
+        1d:8d:26:33
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUa5twxvGjlGUZoQhY76eNK3qDwdowDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -174,12 +174,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+a5twxvGjlGUZoQhY76eNK3qDwdowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
-OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
-bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
-w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
-tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
-qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmi/jU=
+DQYJKoZIhvcNAQELBQADggEBAHc7PWZ0vJf+QBbmuqXV0YQIiWlPiA1Xqe+Mw5dS
+yL2Lokk7t/ddHtYUf7KAM9qgitPhL9W8M5/qWnIk5fi4S7PfYpA7qCHvJ0J1vGAC
+jjc1meujKPJlTP96+I7MI23lav4iWtmyT0fH4K6Y75Sstk9hgSmO4XksRvzpGsOW
+HxmTZC6fN3LF5JNOYV84jq7oORnml6iR1CN+HtLQU+zMrKAd0LfdsbcBLpbNhSfg
+50fiwcEA9pTfd+f6xu+KwHxnvP+gfJQ7fYZCrz2DMe4qO3vwLJ5v6cQHgSTaBXBN
+3QmunnK4IQ6MsquqTEkQ93b5tQ1sINPfegYyjSkfKB2NJjM=
 -----END CERTIFICATE-----
diff --git a/certs/taoCert.txt b/certs/taoCert.txt
index 0973defb2..a34b517a0 100644
--- a/certs/taoCert.txt
+++ b/certs/taoCert.txt
@@ -95,7 +95,7 @@ to use PKCS#5 v2 instead of v1.5 which is default add
 
 -v2 des3       # file Pkcs8Enc2
 
-to use PKCS#12 instead use -v1 witch a 12 algo like
+to use PKCS#12 instead use -v1 which a 12 algo like
 
 -v1 PBE-SHA1-3DES   # file Pkcs8Enc12 , see man pkcs8 for more info
 -v1 PBE-SHA1-RC4-128   # no longer file Pkcs8Enc12, arc4 now off by default
diff --git a/certs/test-degenerate.p7b b/certs/test-degenerate.p7b
index 80a4ad9e4..00ad6b0fd 100644
Binary files a/certs/test-degenerate.p7b and b/certs/test-degenerate.p7b differ
diff --git a/certs/test-pathlen/chainA-ICA1-pathlen0.pem b/certs/test-pathlen/chainA-ICA1-pathlen0.pem
index 43660b280..89c4f4cc7 100644
--- a/certs/test-pathlen/chainA-ICA1-pathlen0.pem
+++ b/certs/test-pathlen/chainA-ICA1-pathlen0.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b2:2b:a1:3f:be:c0:58:bd:3a:bc:0d:19:ac:ca:
                     7f:b9:3b:f0:8c:30:ff:04:b1:34:7e:26:86:96:36:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         2d:e4:7d:d6:d2:cc:93:aa:93:86:cd:e7:da:bb:02:f6:82:e3:
-         09:29:f5:54:0f:e1:d5:51:c1:98:1f:b8:ca:96:9e:1e:f6:5b:
-         e3:67:bb:42:b1:48:2f:61:c6:1f:c4:a6:f4:05:0f:de:65:7f:
-         d5:cc:35:09:fb:48:16:e8:cd:47:1f:63:e2:0f:f9:de:97:6e:
-         76:a2:29:ba:27:cc:0e:f1:b7:31:02:0f:50:ee:c6:80:8a:af:
-         0f:ae:76:51:91:2e:f5:a4:a9:e4:33:cc:9b:07:3c:36:b8:ff:
-         2a:62:86:09:90:b0:ac:f2:8e:7e:59:d0:11:2b:74:53:1a:9b:
-         a6:26:f6:d9:aa:01:81:32:0a:18:be:96:21:be:e7:a2:c9:40:
-         6c:fd:24:8b:6d:28:e5:e9:27:48:ae:8d:d0:5e:6f:c1:de:ef:
-         e3:3d:b6:11:07:42:0e:11:86:6b:03:86:fd:06:69:c5:ac:1d:
-         92:03:be:26:d1:db:78:4c:f0:93:89:32:60:ba:be:83:99:ac:
-         26:c5:aa:35:34:a1:9e:b5:e1:6a:15:83:4b:50:1e:62:3d:5b:
-         65:77:28:0c:24:23:e4:29:0b:90:7c:d4:2f:14:39:01:42:cc:
-         0b:19:a3:bd:46:db:a1:bd:67:5e:0e:41:db:a4:63:8d:22:ed:
-         64:75:d3:99
+    Signature Value:
+        8a:29:93:a3:95:fc:e7:03:9c:5d:3e:14:f0:d0:ac:de:03:fe:
+        43:21:3d:c9:5f:98:42:97:3d:7a:5d:83:fc:73:d1:43:99:67:
+        f8:51:99:d6:94:05:91:c7:44:30:43:6d:ff:a0:56:00:dc:c9:
+        f0:2e:cd:a6:5a:75:bf:30:ff:a3:01:c7:93:d5:a5:63:39:3f:
+        b8:2b:db:76:e9:c9:1b:2a:db:fb:48:3e:3f:87:d9:eb:8e:0e:
+        17:52:fb:01:c3:f6:b8:68:8e:d5:07:9e:59:c1:ac:28:3d:fa:
+        64:02:c5:08:1a:34:ff:37:7e:1c:ec:2d:de:05:ef:0a:5d:98:
+        75:15:6f:19:ce:dd:2a:54:29:54:23:6d:12:f9:39:38:fa:88:
+        dd:65:ad:cf:05:1e:f3:8c:77:77:5f:8a:13:5c:89:6a:ff:e9:
+        d0:80:11:bd:6f:0d:31:34:41:59:c3:60:54:cf:09:10:5d:c3:
+        b2:db:d2:d6:e5:b7:9f:18:f9:d2:42:ef:e7:88:17:31:0a:3a:
+        86:a9:70:f3:28:91:04:64:be:59:ad:d6:33:0f:05:14:13:27:
+        e3:5d:22:01:a0:c4:29:1c:b1:d7:c1:7a:b8:dc:3d:44:b3:ca:
+        81:a4:23:19:c1:59:22:8a:ef:10:54:c0:b2:88:f8:72:e5:9d:
+        0b:a7:df:ec
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQS1JQ0Ex
 LXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFKgQ6sjvTwDN43nD69/2yIadRGwmMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAC3kfdbSzJOqk4bN59q7AvaC4wkp9VQP4dVRwZgfuMqW
-nh72W+Nnu0KxSC9hxh/EpvQFD95lf9XMNQn7SBbozUcfY+IP+d6XbnaiKbonzA7x
-tzECD1DuxoCKrw+udlGRLvWkqeQzzJsHPDa4/ypihgmQsKzyjn5Z0BErdFMam6Ym
-9tmqAYEyChi+liG+56LJQGz9JIttKOXpJ0iujdBeb8He7+M9thEHQg4RhmsDhv0G
-acWsHZIDvibR23hM8JOJMmC6voOZrCbFqjU0oZ614WoVg0tQHmI9W2V3KAwkI+Qp
-C5B81C8UOQFCzAsZo71G26G9Z14OQdukY40i7WR105k=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAIopk6OV/OcDnF0+FPDQrN4D/kMhPclfmEKXPXpdg/xz
+0UOZZ/hRmdaUBZHHRDBDbf+gVgDcyfAuzaZadb8w/6MBx5PVpWM5P7gr23bpyRsq
+2/tIPj+H2euODhdS+wHD9rhojtUHnlnBrCg9+mQCxQgaNP83fhzsLd4F7wpdmHUV
+bxnO3SpUKVQjbRL5OTj6iN1lrc8FHvOMd3dfihNciWr/6dCAEb1vDTE0QVnDYFTP
+CRBdw7Lb0tblt58Y+dJC7+eIFzEKOoapcPMokQRkvlmt1jMPBRQTJ+NdIgGgxCkc
+sdfBerjcPUSzyoGkIxnBWSKK7xBUwLKI+HLlnQun3+w=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainA-assembled.pem b/certs/test-pathlen/chainA-assembled.pem
index 84f6d231f..f01d52cb3 100644
--- a/certs/test-pathlen/chainA-assembled.pem
+++ b/certs/test-pathlen/chainA-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:7a:d8:c8:6c:4f:a5:cd:72:25:87:ff:12:a3:
                     65:0e:1d:1f:78:b2:d7:1a:65:a1:e7:4e:bd:05:b5:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:A8:10:EA:C8:EF:4F:00:CD:E3:79:C3:EB:DF:F6:C8:86:9D:44:6C:26
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         22:20:83:3b:37:08:72:c7:c8:e1:69:f6:01:df:ec:70:8b:60:
-         c4:94:81:37:1d:f4:2a:d3:92:3e:1c:6c:b9:bd:a9:ba:61:b2:
-         1b:1f:b9:71:de:07:b0:5a:50:33:7b:83:22:44:e1:a5:4d:7e:
-         75:5a:09:ee:f2:c4:9a:8a:5d:7d:ad:69:81:bb:a9:86:cf:65:
-         e8:f6:50:2c:1e:e5:15:2b:0b:85:6a:02:26:c0:38:51:04:0f:
-         0a:6f:d1:b8:b4:e4:a4:b5:ae:a2:e6:ce:2c:41:b6:a2:6b:47:
-         82:0d:8a:2b:dd:91:d0:67:09:15:57:03:1e:95:4f:57:06:1a:
-         2a:e8:b6:fd:a7:1f:80:a0:f7:20:39:8b:3f:08:cd:7a:05:c4:
-         7c:72:92:d7:ff:40:a4:6c:10:64:2d:a8:a5:cc:ef:34:ea:49:
-         b0:d9:28:69:5c:c7:d4:41:f5:21:3d:60:74:c7:35:3d:5f:80:
-         78:34:09:60:06:f0:c8:3b:9c:b8:76:64:8e:ea:78:c1:e8:fc:
-         2c:a0:9a:9e:d7:2c:5f:1b:90:05:73:5f:58:c8:ad:2a:ef:b6:
-         a0:f2:f1:9e:f2:7c:48:d8:11:77:e3:0a:d4:26:7d:ad:0f:c1:
-         29:4b:9e:51:bc:a2:4d:98:ad:27:51:f3:1d:b3:2b:6e:00:95:
-         16:ae:3c:11
+    Signature Value:
+        3d:9b:43:ff:c8:94:a9:46:b4:bc:ad:2b:7d:d5:5e:25:43:fa:
+        b1:ac:d6:ab:f6:61:61:60:01:5f:f4:c5:be:a9:f6:6f:ee:e3:
+        8a:eb:7e:ab:28:6b:2d:40:e2:90:75:89:76:b2:75:99:50:32:
+        22:09:df:2b:72:3a:fe:c2:c5:e1:1e:69:9a:eb:62:93:bc:9c:
+        09:6f:3d:49:ce:59:a8:4c:6e:80:a3:32:dc:5e:cf:e7:28:ba:
+        7e:12:72:ba:ef:05:27:e9:38:90:cf:4e:25:f7:af:84:fe:79:
+        1e:23:b1:30:2b:3b:1c:2c:97:d2:c8:dc:c7:b1:ab:5d:d9:47:
+        f8:d2:7e:b4:bd:59:97:99:1d:04:b5:37:a0:41:e7:35:56:fc:
+        d3:b1:66:bb:06:93:3a:e1:71:cf:22:2f:73:38:e6:76:df:e6:
+        34:71:ce:8c:08:6d:84:69:b1:cf:e2:f2:5f:18:70:d7:ef:79:
+        26:26:1c:38:59:b5:55:59:17:a3:07:ed:d3:ac:76:90:08:de:
+        79:29:34:37:ff:6e:7d:2b:9b:53:e8:46:f5:db:e4:3a:3b:aa:
+        c5:32:eb:fe:ca:58:e7:52:90:d8:6c:19:da:1c:90:0d:8e:84:
+        3e:e8:26:cb:2d:4b:23:f1:25:07:ac:b8:2c:7b:db:cc:0e:36:
+        d5:71:82:70
 -----BEGIN CERTIFICATE-----
 MIIEqjCCA5KgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQS1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkEtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,12 +77,12 @@ VR0jBIG5MIG2gBSoEOrI708AzeN5w+vf9siGnURsJqGBmqSBlzCBlDELMAkGA1UE
 BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
 BAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cu
 d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWQw
-CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAIiCDOzcIcsfI4Wn2Ad/scItg
-xJSBNx30KtOSPhxsub2pumGyGx+5cd4HsFpQM3uDIkThpU1+dVoJ7vLEmopdfa1p
-gbuphs9l6PZQLB7lFSsLhWoCJsA4UQQPCm/RuLTkpLWuoubOLEG2omtHgg2KK92R
-0GcJFVcDHpVPVwYaKui2/acfgKD3IDmLPwjNegXEfHKS1/9ApGwQZC2opczvNOpJ
-sNkoaVzH1EH1IT1gdMc1PV+AeDQJYAbwyDucuHZkjup4wej8LKCantcsXxuQBXNf
-WMitKu+2oPLxnvJ8SNgRd+MK1CZ9rQ/BKUueUbyiTZitJ1HzHbMrbgCVFq48EQ==
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAPZtD/8iUqUa0vK0rfdVeJUP6
+sazWq/ZhYWABX/TFvqn2b+7jiut+qyhrLUDikHWJdrJ1mVAyIgnfK3I6/sLF4R5p
+mutik7ycCW89Sc5ZqExugKMy3F7P5yi6fhJyuu8FJ+k4kM9OJfevhP55HiOxMCs7
+HCyX0sjcx7GrXdlH+NJ+tL1Zl5kdBLU3oEHnNVb807FmuwaTOuFxzyIvczjmdt/m
+NHHOjAhthGmxz+LyXxhw1+95JiYcOFm1VVkXowft06x2kAjeeSk0N/9ufSubU+hG
+9dvkOjuqxTLr/spY51KQ2GwZ2hyQDY6EPugmyy1LI/ElB6y4LHvbzA421XGCcA==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -91,12 +91,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b2:2b:a1:3f:be:c0:58:bd:3a:bc:0d:19:ac:ca:
                     7f:b9:3b:f0:8c:30:ff:04:b1:34:7e:26:86:96:36:
@@ -123,34 +123,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         2d:e4:7d:d6:d2:cc:93:aa:93:86:cd:e7:da:bb:02:f6:82:e3:
-         09:29:f5:54:0f:e1:d5:51:c1:98:1f:b8:ca:96:9e:1e:f6:5b:
-         e3:67:bb:42:b1:48:2f:61:c6:1f:c4:a6:f4:05:0f:de:65:7f:
-         d5:cc:35:09:fb:48:16:e8:cd:47:1f:63:e2:0f:f9:de:97:6e:
-         76:a2:29:ba:27:cc:0e:f1:b7:31:02:0f:50:ee:c6:80:8a:af:
-         0f:ae:76:51:91:2e:f5:a4:a9:e4:33:cc:9b:07:3c:36:b8:ff:
-         2a:62:86:09:90:b0:ac:f2:8e:7e:59:d0:11:2b:74:53:1a:9b:
-         a6:26:f6:d9:aa:01:81:32:0a:18:be:96:21:be:e7:a2:c9:40:
-         6c:fd:24:8b:6d:28:e5:e9:27:48:ae:8d:d0:5e:6f:c1:de:ef:
-         e3:3d:b6:11:07:42:0e:11:86:6b:03:86:fd:06:69:c5:ac:1d:
-         92:03:be:26:d1:db:78:4c:f0:93:89:32:60:ba:be:83:99:ac:
-         26:c5:aa:35:34:a1:9e:b5:e1:6a:15:83:4b:50:1e:62:3d:5b:
-         65:77:28:0c:24:23:e4:29:0b:90:7c:d4:2f:14:39:01:42:cc:
-         0b:19:a3:bd:46:db:a1:bd:67:5e:0e:41:db:a4:63:8d:22:ed:
-         64:75:d3:99
+    Signature Value:
+        8a:29:93:a3:95:fc:e7:03:9c:5d:3e:14:f0:d0:ac:de:03:fe:
+        43:21:3d:c9:5f:98:42:97:3d:7a:5d:83:fc:73:d1:43:99:67:
+        f8:51:99:d6:94:05:91:c7:44:30:43:6d:ff:a0:56:00:dc:c9:
+        f0:2e:cd:a6:5a:75:bf:30:ff:a3:01:c7:93:d5:a5:63:39:3f:
+        b8:2b:db:76:e9:c9:1b:2a:db:fb:48:3e:3f:87:d9:eb:8e:0e:
+        17:52:fb:01:c3:f6:b8:68:8e:d5:07:9e:59:c1:ac:28:3d:fa:
+        64:02:c5:08:1a:34:ff:37:7e:1c:ec:2d:de:05:ef:0a:5d:98:
+        75:15:6f:19:ce:dd:2a:54:29:54:23:6d:12:f9:39:38:fa:88:
+        dd:65:ad:cf:05:1e:f3:8c:77:77:5f:8a:13:5c:89:6a:ff:e9:
+        d0:80:11:bd:6f:0d:31:34:41:59:c3:60:54:cf:09:10:5d:c3:
+        b2:db:d2:d6:e5:b7:9f:18:f9:d2:42:ef:e7:88:17:31:0a:3a:
+        86:a9:70:f3:28:91:04:64:be:59:ad:d6:33:0f:05:14:13:27:
+        e3:5d:22:01:a0:c4:29:1c:b1:d7:c1:7a:b8:dc:3d:44:b3:ca:
+        81:a4:23:19:c1:59:22:8a:ef:10:54:c0:b2:88:f8:72:e5:9d:
+        0b:a7:df:ec
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQS1JQ0Ex
 LXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -164,12 +164,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFKgQ6sjvTwDN43nD69/2yIadRGwmMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAC3kfdbSzJOqk4bN59q7AvaC4wkp9VQP4dVRwZgfuMqW
-nh72W+Nnu0KxSC9hxh/EpvQFD95lf9XMNQn7SBbozUcfY+IP+d6XbnaiKbonzA7x
-tzECD1DuxoCKrw+udlGRLvWkqeQzzJsHPDa4/ypihgmQsKzyjn5Z0BErdFMam6Ym
-9tmqAYEyChi+liG+56LJQGz9JIttKOXpJ0iujdBeb8He7+M9thEHQg4RhmsDhv0G
-acWsHZIDvibR23hM8JOJMmC6voOZrCbFqjU0oZ614WoVg0tQHmI9W2V3KAwkI+Qp
-C5B81C8UOQFCzAsZo71G26G9Z14OQdukY40i7WR105k=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAIopk6OV/OcDnF0+FPDQrN4D/kMhPclfmEKXPXpdg/xz
+0UOZZ/hRmdaUBZHHRDBDbf+gVgDcyfAuzaZadb8w/6MBx5PVpWM5P7gr23bpyRsq
+2/tIPj+H2euODhdS+wHD9rhojtUHnlnBrCg9+mQCxQgaNP83fhzsLd4F7wpdmHUV
+bxnO3SpUKVQjbRL5OTj6iN1lrc8FHvOMd3dfihNciWr/6dCAEb1vDTE0QVnDYFTP
+CRBdw7Lb0tblt58Y+dJC7+eIFzEKOoapcPMokQRkvlmt1jMPBRQTJ+NdIgGgxCkc
+sdfBerjcPUSzyoGkIxnBWSKK7xBUwLKI+HLlnQun3+w=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainA-entity.pem b/certs/test-pathlen/chainA-entity.pem
index 52ed4c9d2..59a9aaf9c 100644
--- a/certs/test-pathlen/chainA-entity.pem
+++ b/certs/test-pathlen/chainA-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:7a:d8:c8:6c:4f:a5:cd:72:25:87:ff:12:a3:
                     65:0e:1d:1f:78:b2:d7:1a:65:a1:e7:4e:bd:05:b5:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:A8:10:EA:C8:EF:4F:00:CD:E3:79:C3:EB:DF:F6:C8:86:9D:44:6C:26
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         22:20:83:3b:37:08:72:c7:c8:e1:69:f6:01:df:ec:70:8b:60:
-         c4:94:81:37:1d:f4:2a:d3:92:3e:1c:6c:b9:bd:a9:ba:61:b2:
-         1b:1f:b9:71:de:07:b0:5a:50:33:7b:83:22:44:e1:a5:4d:7e:
-         75:5a:09:ee:f2:c4:9a:8a:5d:7d:ad:69:81:bb:a9:86:cf:65:
-         e8:f6:50:2c:1e:e5:15:2b:0b:85:6a:02:26:c0:38:51:04:0f:
-         0a:6f:d1:b8:b4:e4:a4:b5:ae:a2:e6:ce:2c:41:b6:a2:6b:47:
-         82:0d:8a:2b:dd:91:d0:67:09:15:57:03:1e:95:4f:57:06:1a:
-         2a:e8:b6:fd:a7:1f:80:a0:f7:20:39:8b:3f:08:cd:7a:05:c4:
-         7c:72:92:d7:ff:40:a4:6c:10:64:2d:a8:a5:cc:ef:34:ea:49:
-         b0:d9:28:69:5c:c7:d4:41:f5:21:3d:60:74:c7:35:3d:5f:80:
-         78:34:09:60:06:f0:c8:3b:9c:b8:76:64:8e:ea:78:c1:e8:fc:
-         2c:a0:9a:9e:d7:2c:5f:1b:90:05:73:5f:58:c8:ad:2a:ef:b6:
-         a0:f2:f1:9e:f2:7c:48:d8:11:77:e3:0a:d4:26:7d:ad:0f:c1:
-         29:4b:9e:51:bc:a2:4d:98:ad:27:51:f3:1d:b3:2b:6e:00:95:
-         16:ae:3c:11
+    Signature Value:
+        3d:9b:43:ff:c8:94:a9:46:b4:bc:ad:2b:7d:d5:5e:25:43:fa:
+        b1:ac:d6:ab:f6:61:61:60:01:5f:f4:c5:be:a9:f6:6f:ee:e3:
+        8a:eb:7e:ab:28:6b:2d:40:e2:90:75:89:76:b2:75:99:50:32:
+        22:09:df:2b:72:3a:fe:c2:c5:e1:1e:69:9a:eb:62:93:bc:9c:
+        09:6f:3d:49:ce:59:a8:4c:6e:80:a3:32:dc:5e:cf:e7:28:ba:
+        7e:12:72:ba:ef:05:27:e9:38:90:cf:4e:25:f7:af:84:fe:79:
+        1e:23:b1:30:2b:3b:1c:2c:97:d2:c8:dc:c7:b1:ab:5d:d9:47:
+        f8:d2:7e:b4:bd:59:97:99:1d:04:b5:37:a0:41:e7:35:56:fc:
+        d3:b1:66:bb:06:93:3a:e1:71:cf:22:2f:73:38:e6:76:df:e6:
+        34:71:ce:8c:08:6d:84:69:b1:cf:e2:f2:5f:18:70:d7:ef:79:
+        26:26:1c:38:59:b5:55:59:17:a3:07:ed:d3:ac:76:90:08:de:
+        79:29:34:37:ff:6e:7d:2b:9b:53:e8:46:f5:db:e4:3a:3b:aa:
+        c5:32:eb:fe:ca:58:e7:52:90:d8:6c:19:da:1c:90:0d:8e:84:
+        3e:e8:26:cb:2d:4b:23:f1:25:07:ac:b8:2c:7b:db:cc:0e:36:
+        d5:71:82:70
 -----BEGIN CERTIFICATE-----
 MIIEqjCCA5KgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQS1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkEtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,10 +77,10 @@ VR0jBIG5MIG2gBSoEOrI708AzeN5w+vf9siGnURsJqGBmqSBlzCBlDELMAkGA1UE
 BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
 BAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cu
 d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWQw
-CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAIiCDOzcIcsfI4Wn2Ad/scItg
-xJSBNx30KtOSPhxsub2pumGyGx+5cd4HsFpQM3uDIkThpU1+dVoJ7vLEmopdfa1p
-gbuphs9l6PZQLB7lFSsLhWoCJsA4UQQPCm/RuLTkpLWuoubOLEG2omtHgg2KK92R
-0GcJFVcDHpVPVwYaKui2/acfgKD3IDmLPwjNegXEfHKS1/9ApGwQZC2opczvNOpJ
-sNkoaVzH1EH1IT1gdMc1PV+AeDQJYAbwyDucuHZkjup4wej8LKCantcsXxuQBXNf
-WMitKu+2oPLxnvJ8SNgRd+MK1CZ9rQ/BKUueUbyiTZitJ1HzHbMrbgCVFq48EQ==
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAPZtD/8iUqUa0vK0rfdVeJUP6
+sazWq/ZhYWABX/TFvqn2b+7jiut+qyhrLUDikHWJdrJ1mVAyIgnfK3I6/sLF4R5p
+mutik7ycCW89Sc5ZqExugKMy3F7P5yi6fhJyuu8FJ+k4kM9OJfevhP55HiOxMCs7
+HCyX0sjcx7GrXdlH+NJ+tL1Zl5kdBLU3oEHnNVb807FmuwaTOuFxzyIvczjmdt/m
+NHHOjAhthGmxz+LyXxhw1+95JiYcOFm1VVkXowft06x2kAjeeSk0N/9ufSubU+hG
+9dvkOjuqxTLr/spY51KQ2GwZ2hyQDY6EPugmyy1LI/ElB6y4LHvbzA421XGCcA==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainB-ICA1-pathlen0.pem b/certs/test-pathlen/chainB-ICA1-pathlen0.pem
index f850ed0d3..d52bd5b08 100644
--- a/certs/test-pathlen/chainB-ICA1-pathlen0.pem
+++ b/certs/test-pathlen/chainB-ICA1-pathlen0.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b2:f7:aa:ae:91:d1:24:41:52:a1:22:e0:d3:97:
                     9b:e0:0c:94:9c:4a:e4:b3:85:ae:a9:43:9f:ec:7a:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:EE:59:9D:56:0B:7C:0A:45:44:E3:15:57:E2:B2:F3:1D:64:6F:AF:7A
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         6c:32:8c:c0:5a:4b:18:32:75:8d:04:83:3a:7d:0a:53:81:31:
-         ef:7e:47:8b:f3:69:c4:c5:16:82:70:fb:26:9f:f7:c9:d9:07:
-         80:45:40:e5:fd:22:f4:a9:90:b4:53:89:20:7d:8c:71:77:35:
-         50:79:39:8d:1c:a4:e5:0a:cb:d4:07:34:fd:76:3b:e7:4e:b5:
-         ca:6b:97:4b:e4:48:3c:28:5c:7b:6f:34:fc:f8:34:65:5a:d4:
-         33:a8:4f:6c:a7:c5:c9:2b:95:48:1a:d2:da:50:45:50:2a:b9:
-         16:dc:6a:6a:64:f1:52:55:7c:25:f8:35:4e:8e:86:f1:01:78:
-         56:11:10:6e:92:d0:45:6a:9d:03:a0:a3:b8:3b:97:fb:2d:a8:
-         1f:83:9d:d0:d9:af:8b:77:08:a2:0d:8e:15:18:97:7e:4b:d9:
-         6f:48:cd:a5:6e:04:29:e4:ba:c4:63:e7:a1:b1:bf:22:71:75:
-         24:da:6f:73:0f:d3:fc:84:af:68:3c:3d:c5:e0:72:f3:b8:2e:
-         8b:5f:d9:00:c6:7e:59:4e:b9:f4:12:a7:df:88:d0:67:f9:40:
-         17:4f:25:af:72:b7:a5:ee:b2:69:3b:b2:fe:a7:1b:6b:39:e6:
-         be:89:0e:ed:74:87:7e:25:bd:3d:c7:f6:f1:d9:10:47:1c:54:
-         47:0c:77:31
+    Signature Value:
+        6e:b4:42:22:b0:05:a2:fb:dd:ef:4d:8f:2d:ed:c8:3d:79:41:
+        5b:6e:23:ca:c4:39:5e:9f:69:42:12:fc:08:15:af:ee:39:7a:
+        cb:60:8b:9b:1f:77:9a:7a:1c:f0:49:86:50:2d:48:d3:5f:07:
+        94:45:e2:96:b6:e5:22:04:44:ea:fd:48:5b:13:d1:a8:89:57:
+        14:df:bb:e0:17:26:02:99:32:2e:92:4f:34:8d:c3:7d:a3:d7:
+        0a:ae:86:80:23:a0:fe:ba:99:ab:38:07:d6:4f:70:ba:77:49:
+        0f:ab:af:c7:2f:6f:00:3d:aa:95:ea:40:5a:de:5e:fe:7f:54:
+        48:aa:e0:1c:06:fd:7c:bb:8e:da:4c:a7:a4:b9:12:5e:65:ad:
+        5d:f6:dc:40:18:1e:4a:4f:da:5d:fa:ff:14:e7:0d:d5:f3:aa:
+        9d:72:4d:be:ae:02:73:65:3c:7a:95:e8:31:01:0f:83:73:25:
+        1b:88:a7:18:38:69:71:3e:0d:b2:cb:a1:43:a1:ba:e3:6a:b5:
+        c3:5e:cb:82:3b:cb:9d:86:a5:1e:1f:c4:b7:c8:c8:15:4f:9c:
+        fc:29:c5:86:09:9d:a2:51:40:19:66:df:66:fa:8e:d1:3a:33:
+        c4:eb:71:4a:03:3e:9c:d8:4a:29:15:9c:03:40:5a:8e:ff:ab:
+        f6:19:b4:f0
 -----BEGIN CERTIFICATE-----
 MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQi1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkItSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -80,10 +80,10 @@ lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
-AQELBQADggEBAGwyjMBaSxgydY0Egzp9ClOBMe9+R4vzacTFFoJw+yaf98nZB4BF
-QOX9IvSpkLRTiSB9jHF3NVB5OY0cpOUKy9QHNP12O+dOtcprl0vkSDwoXHtvNPz4
-NGVa1DOoT2ynxckrlUga0tpQRVAquRbcampk8VJVfCX4NU6OhvEBeFYREG6S0EVq
-nQOgo7g7l/stqB+DndDZr4t3CKINjhUYl35L2W9IzaVuBCnkusRj56GxvyJxdSTa
-b3MP0/yEr2g8PcXgcvO4Lotf2QDGfllOufQSp9+I0Gf5QBdPJa9yt6Xusmk7sv6n
-G2s55r6JDu10h34lvT3H9vHZEEccVEcMdzE=
+AQELBQADggEBAG60QiKwBaL73e9Njy3tyD15QVtuI8rEOV6faUIS/AgVr+45estg
+i5sfd5p6HPBJhlAtSNNfB5RF4pa25SIEROr9SFsT0aiJVxTfu+AXJgKZMi6STzSN
+w32j1wquhoAjoP66mas4B9ZPcLp3SQ+rr8cvbwA9qpXqQFreXv5/VEiq4BwG/Xy7
+jtpMp6S5El5lrV323EAYHkpP2l36/xTnDdXzqp1yTb6uAnNlPHqV6DEBD4NzJRuI
+pxg4aXE+DbLLoUOhuuNqtcNey4I7y52GpR4fxLfIyBVPnPwpxYYJnaJRQBlm32b6
+jtE6M8TrcUoDPpzYSikVnANAWo7/q/YZtPA=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainB-ICA2-pathlen1.pem b/certs/test-pathlen/chainB-ICA2-pathlen1.pem
index a394e296f..51f1a0df1 100644
--- a/certs/test-pathlen/chainB-ICA2-pathlen1.pem
+++ b/certs/test-pathlen/chainB-ICA2-pathlen1.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:7f:82:05:9d:5b:c4:49:e0:3e:1f:87:6e:17:
                     05:eb:e2:0a:d1:d1:a5:f5:cc:be:1d:46:d8:cd:a8:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         10:af:3a:e5:49:81:7e:0f:ef:ad:b4:62:02:de:5b:2f:d7:bd:
-         9c:59:b4:d3:ae:6c:60:12:ba:23:86:ee:34:4e:d5:29:00:1b:
-         6e:1e:6b:05:96:0d:2c:4e:5c:91:74:83:ad:ba:8b:fe:cd:a6:
-         9b:86:94:f7:7f:b4:5e:c9:cb:e6:6e:90:30:53:cb:44:27:f5:
-         0b:37:b9:f0:bc:37:cd:b9:fc:fb:77:03:54:82:b5:d2:97:12:
-         01:36:48:1f:a7:ae:7d:a3:c6:55:9e:c4:0e:0b:76:dc:e8:3c:
-         b0:cc:06:88:be:74:2e:03:82:72:38:80:ca:14:dc:63:82:6e:
-         73:3b:77:e8:c0:4d:e7:0e:8f:7e:9c:65:36:1c:d6:47:40:74:
-         ef:ce:fe:6d:60:83:77:18:c9:3c:9f:f6:06:a5:16:e6:07:53:
-         66:f0:49:42:dd:04:49:59:a9:b9:12:1f:a4:e9:c7:15:fb:34:
-         df:a5:19:62:93:65:6c:ef:66:90:61:fe:0e:19:56:0d:b2:5d:
-         b1:ee:55:40:32:7c:36:ff:54:6e:e4:55:16:7e:57:bd:82:f8:
-         b1:38:de:86:a8:e8:4d:7e:b2:b8:59:ef:79:89:a3:0e:63:39:
-         61:3f:f2:ab:b4:50:eb:74:7c:79:e7:f9:66:91:ff:ea:61:27:
-         df:be:c2:89
+    Signature Value:
+        3d:d1:6d:b2:c8:2a:c3:4a:25:fe:40:4c:df:64:a6:73:66:82:
+        a3:4d:fa:36:bb:16:71:26:3d:01:d6:93:6d:56:2a:cc:7b:4e:
+        4f:bd:79:eb:a1:27:22:61:17:bb:fa:30:0c:be:4e:d9:b2:26:
+        75:0f:f0:2e:87:fc:8d:19:31:2f:30:0d:c7:90:3a:10:14:0d:
+        eb:aa:db:f3:9c:a8:ec:bc:fa:27:ba:a4:ed:9e:37:96:dd:b7:
+        51:a7:3d:09:d3:6a:bb:35:8a:c5:a6:0d:58:30:5b:4f:2f:aa:
+        bb:67:2c:e4:73:6a:ca:10:a0:33:65:83:c6:6e:5b:f4:ed:af:
+        78:31:4e:58:07:15:e1:c3:61:93:d0:91:85:af:a7:39:37:b9:
+        e9:20:86:1c:83:4b:bc:73:80:62:92:08:df:40:7a:f4:8a:11:
+        a8:55:24:9d:69:21:60:ad:64:52:c3:09:f4:57:08:ff:d9:be:
+        a3:26:f8:db:aa:21:68:e6:f1:11:5a:34:d7:e9:18:dd:c5:39:
+        5d:9a:45:5a:c4:86:a3:b3:18:02:c1:17:d1:77:12:9e:1e:c5:
+        46:1b:53:62:97:82:6c:0c:20:25:d6:73:e7:54:5e:a6:d3:27:
+        b6:d7:5c:87:4f:3b:87:50:ec:78:3c:ca:74:df:a7:9f:f8:4c:
+        9e:d4:9d:87
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQi1JQ0Ey
 LXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFO5ZnVYLfApFROMVV+Ky8x1kb696MIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBABCvOuVJgX4P7620YgLeWy/XvZxZtNOubGASuiOG7jRO
-1SkAG24eawWWDSxOXJF0g626i/7NppuGlPd/tF7Jy+ZukDBTy0Qn9Qs3ufC8N825
-/Pt3A1SCtdKXEgE2SB+nrn2jxlWexA4LdtzoPLDMBoi+dC4DgnI4gMoU3GOCbnM7
-d+jATecOj36cZTYc1kdAdO/O/m1gg3cYyTyf9galFuYHU2bwSULdBElZqbkSH6Tp
-xxX7NN+lGWKTZWzvZpBh/g4ZVg2yXbHuVUAyfDb/VG7kVRZ+V72C+LE43oao6E1+
-srhZ73mJow5jOWE/8qu0UOt0fHnn+WaR/+phJ9++wok=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAD3RbbLIKsNKJf5ATN9kpnNmgqNN+ja7FnEmPQHWk21W
+Ksx7Tk+9eeuhJyJhF7v6MAy+TtmyJnUP8C6H/I0ZMS8wDceQOhAUDeuq2/OcqOy8
++ie6pO2eN5bdt1GnPQnTars1isWmDVgwW08vqrtnLORzasoQoDNlg8ZuW/Ttr3gx
+TlgHFeHDYZPQkYWvpzk3uekghhyDS7xzgGKSCN9AevSKEahVJJ1pIWCtZFLDCfRX
+CP/ZvqMm+NuqIWjm8RFaNNfpGN3FOV2aRVrEhqOzGALBF9F3Ep4exUYbU2KXgmwM
+ICXWc+dUXqbTJ7bXXIdPO4dQ7Hg8ynTfp5/4TJ7UnYc=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainB-assembled.pem b/certs/test-pathlen/chainB-assembled.pem
index 836d817d4..9d6724c3e 100644
--- a/certs/test-pathlen/chainB-assembled.pem
+++ b/certs/test-pathlen/chainB-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:5f:d9:3d:d7:5b:11:aa:3e:53:31:d0:32:78:
                     87:fb:c0:8e:80:6d:fc:68:73:1f:9c:77:66:16:35:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:D7:90:E4:86:59:24:F9:2B:B8:06:8E:B1:8F:33:E5:2C:63:F1:03:16
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainB-ICA2-pathlen1/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         58:2b:2e:33:ed:42:7d:ce:8a:9f:2e:25:2f:7a:66:6f:d0:8a:
-         32:ee:70:b6:a0:ee:6f:ec:0c:52:af:d8:8c:2a:11:9f:f0:f3:
-         6a:41:bd:da:43:ad:82:5d:52:95:e2:6b:95:42:d1:24:09:ba:
-         7d:b5:6b:73:a2:96:3d:72:ba:65:cd:9c:c6:65:52:fb:68:65:
-         cb:55:5d:f5:44:fa:66:72:8c:1c:33:92:a6:37:77:44:16:86:
-         ed:f2:d3:a9:49:ff:aa:05:96:c8:e0:1c:b7:0a:60:e7:46:5e:
-         94:9d:c8:7a:31:41:98:96:38:17:a0:79:e3:1d:a3:13:06:17:
-         2d:b8:fd:6f:34:ed:e3:6d:36:e7:d4:5d:cf:00:4a:ce:a6:ff:
-         1c:87:d8:48:1b:65:b0:d0:72:70:48:15:bd:f1:3c:a9:06:f9:
-         7e:11:c1:43:6c:0b:60:d9:d9:5c:d3:3b:c2:18:eb:3f:82:eb:
-         fd:a5:1a:b2:a2:23:10:c3:30:af:4a:e9:d9:05:f1:e2:4e:e9:
-         41:bd:d7:dd:98:db:91:f2:15:54:4c:82:3d:22:aa:18:e5:e6:
-         df:9b:85:21:63:74:3d:08:a9:2e:35:e2:5e:61:32:78:04:49:
-         91:0d:8c:05:12:90:ec:f5:c5:d2:71:8a:2a:65:5c:b1:d4:14:
-         53:de:9b:98
+    Signature Value:
+        a7:1b:3e:d7:2b:6b:9e:36:3c:5e:53:dc:08:d2:a3:bb:83:aa:
+        1b:37:37:ed:c2:eb:3f:26:c9:34:2e:2c:d6:bd:3b:3c:4a:e1:
+        6d:98:11:ab:6a:0e:c9:2b:87:e9:22:1e:47:cb:f7:71:b9:c5:
+        07:47:5f:fd:15:2a:da:75:9d:7d:aa:f6:88:64:05:65:b4:19:
+        34:14:66:58:6a:d2:06:05:34:b2:07:2b:84:0a:61:39:82:cf:
+        fa:bc:88:b5:e5:cc:ec:07:1d:b5:43:66:5c:3c:ee:9d:39:9b:
+        ac:2c:30:f1:00:00:7a:59:72:b5:5c:11:d0:65:1b:ff:83:76:
+        d1:08:cf:33:45:4c:94:f2:87:af:eb:cd:88:1d:af:a1:b7:3c:
+        6a:64:52:4c:ab:89:b9:30:de:ef:be:d4:d4:a9:c5:f8:e0:74:
+        8e:b3:fb:91:56:74:60:41:f0:a5:b2:44:a0:a7:ea:37:2e:7d:
+        51:65:22:9f:91:59:da:2a:24:ba:69:04:ca:08:cc:b5:aa:a1:
+        28:55:7c:ac:ca:e0:2e:de:2f:c9:a5:d3:30:2b:21:d4:e1:49:
+        f1:82:d6:a6:9d:c7:5d:f6:82:c4:7b:3e:07:e2:ed:19:bf:b9:
+        58:8c:08:9c:06:97:f4:51:cd:c5:23:a6:cb:31:3b:94:62:2f:
+        a6:d9:54:6a
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQi1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkItZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,13 +77,13 @@ VR0jBIHGMIHDgBTXkOSGWST5K7gGjrGPM+UsY/EDFqGBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluQi1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAFgrLjPt
-Qn3Oip8uJS96Zm/QijLucLag7m/sDFKv2IwqEZ/w82pBvdpDrYJdUpXia5VC0SQJ
-un21a3Oilj1yumXNnMZlUvtoZctVXfVE+mZyjBwzkqY3d0QWhu3y06lJ/6oFlsjg
-HLcKYOdGXpSdyHoxQZiWOBegeeMdoxMGFy24/W807eNtNufUXc8ASs6m/xyH2Egb
-ZbDQcnBIFb3xPKkG+X4RwUNsC2DZ2VzTO8IY6z+C6/2lGrKiIxDDMK9K6dkF8eJO
-6UG9192Y25HyFVRMgj0iqhjl5t+bhSFjdD0IqS414l5hMngESZENjAUSkOz1xdJx
-iiplXLHUFFPem5g=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKcbPtcr
+a542PF5T3AjSo7uDqhs3N+3C6z8myTQuLNa9OzxK4W2YEatqDskrh+kiHkfL93G5
+xQdHX/0VKtp1nX2q9ohkBWW0GTQUZlhq0gYFNLIHK4QKYTmCz/q8iLXlzOwHHbVD
+Zlw87p05m6wsMPEAAHpZcrVcEdBlG/+DdtEIzzNFTJTyh6/rzYgdr6G3PGpkUkyr
+ibkw3u++1NSpxfjgdI6z+5FWdGBB8KWyRKCn6jcufVFlIp+RWdoqJLppBMoIzLWq
+oShVfKzK4C7eL8ml0zArIdThSfGC1qadx132gsR7Pgfi7Rm/uViMCJwGl/RRzcUj
+pssxO5RiL6bZVGo=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -92,12 +92,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b2:f7:aa:ae:91:d1:24:41:52:a1:22:e0:d3:97:
                     9b:e0:0c:94:9c:4a:e4:b3:85:ae:a9:43:9f:ec:7a:
@@ -125,33 +125,33 @@ Certificate:
                 keyid:EE:59:9D:56:0B:7C:0A:45:44:E3:15:57:E2:B2:F3:1D:64:6F:AF:7A
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         6c:32:8c:c0:5a:4b:18:32:75:8d:04:83:3a:7d:0a:53:81:31:
-         ef:7e:47:8b:f3:69:c4:c5:16:82:70:fb:26:9f:f7:c9:d9:07:
-         80:45:40:e5:fd:22:f4:a9:90:b4:53:89:20:7d:8c:71:77:35:
-         50:79:39:8d:1c:a4:e5:0a:cb:d4:07:34:fd:76:3b:e7:4e:b5:
-         ca:6b:97:4b:e4:48:3c:28:5c:7b:6f:34:fc:f8:34:65:5a:d4:
-         33:a8:4f:6c:a7:c5:c9:2b:95:48:1a:d2:da:50:45:50:2a:b9:
-         16:dc:6a:6a:64:f1:52:55:7c:25:f8:35:4e:8e:86:f1:01:78:
-         56:11:10:6e:92:d0:45:6a:9d:03:a0:a3:b8:3b:97:fb:2d:a8:
-         1f:83:9d:d0:d9:af:8b:77:08:a2:0d:8e:15:18:97:7e:4b:d9:
-         6f:48:cd:a5:6e:04:29:e4:ba:c4:63:e7:a1:b1:bf:22:71:75:
-         24:da:6f:73:0f:d3:fc:84:af:68:3c:3d:c5:e0:72:f3:b8:2e:
-         8b:5f:d9:00:c6:7e:59:4e:b9:f4:12:a7:df:88:d0:67:f9:40:
-         17:4f:25:af:72:b7:a5:ee:b2:69:3b:b2:fe:a7:1b:6b:39:e6:
-         be:89:0e:ed:74:87:7e:25:bd:3d:c7:f6:f1:d9:10:47:1c:54:
-         47:0c:77:31
+    Signature Value:
+        6e:b4:42:22:b0:05:a2:fb:dd:ef:4d:8f:2d:ed:c8:3d:79:41:
+        5b:6e:23:ca:c4:39:5e:9f:69:42:12:fc:08:15:af:ee:39:7a:
+        cb:60:8b:9b:1f:77:9a:7a:1c:f0:49:86:50:2d:48:d3:5f:07:
+        94:45:e2:96:b6:e5:22:04:44:ea:fd:48:5b:13:d1:a8:89:57:
+        14:df:bb:e0:17:26:02:99:32:2e:92:4f:34:8d:c3:7d:a3:d7:
+        0a:ae:86:80:23:a0:fe:ba:99:ab:38:07:d6:4f:70:ba:77:49:
+        0f:ab:af:c7:2f:6f:00:3d:aa:95:ea:40:5a:de:5e:fe:7f:54:
+        48:aa:e0:1c:06:fd:7c:bb:8e:da:4c:a7:a4:b9:12:5e:65:ad:
+        5d:f6:dc:40:18:1e:4a:4f:da:5d:fa:ff:14:e7:0d:d5:f3:aa:
+        9d:72:4d:be:ae:02:73:65:3c:7a:95:e8:31:01:0f:83:73:25:
+        1b:88:a7:18:38:69:71:3e:0d:b2:cb:a1:43:a1:ba:e3:6a:b5:
+        c3:5e:cb:82:3b:cb:9d:86:a5:1e:1f:c4:b7:c8:c8:15:4f:9c:
+        fc:29:c5:86:09:9d:a2:51:40:19:66:df:66:fa:8e:d1:3a:33:
+        c4:eb:71:4a:03:3e:9c:d8:4a:29:15:9c:03:40:5a:8e:ff:ab:
+        f6:19:b4:f0
 -----BEGIN CERTIFICATE-----
 MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQi1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkItSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -167,12 +167,12 @@ lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
-AQELBQADggEBAGwyjMBaSxgydY0Egzp9ClOBMe9+R4vzacTFFoJw+yaf98nZB4BF
-QOX9IvSpkLRTiSB9jHF3NVB5OY0cpOUKy9QHNP12O+dOtcprl0vkSDwoXHtvNPz4
-NGVa1DOoT2ynxckrlUga0tpQRVAquRbcampk8VJVfCX4NU6OhvEBeFYREG6S0EVq
-nQOgo7g7l/stqB+DndDZr4t3CKINjhUYl35L2W9IzaVuBCnkusRj56GxvyJxdSTa
-b3MP0/yEr2g8PcXgcvO4Lotf2QDGfllOufQSp9+I0Gf5QBdPJa9yt6Xusmk7sv6n
-G2s55r6JDu10h34lvT3H9vHZEEccVEcMdzE=
+AQELBQADggEBAG60QiKwBaL73e9Njy3tyD15QVtuI8rEOV6faUIS/AgVr+45estg
+i5sfd5p6HPBJhlAtSNNfB5RF4pa25SIEROr9SFsT0aiJVxTfu+AXJgKZMi6STzSN
+w32j1wquhoAjoP66mas4B9ZPcLp3SQ+rr8cvbwA9qpXqQFreXv5/VEiq4BwG/Xy7
+jtpMp6S5El5lrV323EAYHkpP2l36/xTnDdXzqp1yTb6uAnNlPHqV6DEBD4NzJRuI
+pxg4aXE+DbLLoUOhuuNqtcNey4I7y52GpR4fxLfIyBVPnPwpxYYJnaJRQBlm32b6
+jtE6M8TrcUoDPpzYSikVnANAWo7/q/YZtPA=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -181,12 +181,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d0:7f:82:05:9d:5b:c4:49:e0:3e:1f:87:6e:17:
                     05:eb:e2:0a:d1:d1:a5:f5:cc:be:1d:46:d8:cd:a8:
@@ -213,34 +213,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         10:af:3a:e5:49:81:7e:0f:ef:ad:b4:62:02:de:5b:2f:d7:bd:
-         9c:59:b4:d3:ae:6c:60:12:ba:23:86:ee:34:4e:d5:29:00:1b:
-         6e:1e:6b:05:96:0d:2c:4e:5c:91:74:83:ad:ba:8b:fe:cd:a6:
-         9b:86:94:f7:7f:b4:5e:c9:cb:e6:6e:90:30:53:cb:44:27:f5:
-         0b:37:b9:f0:bc:37:cd:b9:fc:fb:77:03:54:82:b5:d2:97:12:
-         01:36:48:1f:a7:ae:7d:a3:c6:55:9e:c4:0e:0b:76:dc:e8:3c:
-         b0:cc:06:88:be:74:2e:03:82:72:38:80:ca:14:dc:63:82:6e:
-         73:3b:77:e8:c0:4d:e7:0e:8f:7e:9c:65:36:1c:d6:47:40:74:
-         ef:ce:fe:6d:60:83:77:18:c9:3c:9f:f6:06:a5:16:e6:07:53:
-         66:f0:49:42:dd:04:49:59:a9:b9:12:1f:a4:e9:c7:15:fb:34:
-         df:a5:19:62:93:65:6c:ef:66:90:61:fe:0e:19:56:0d:b2:5d:
-         b1:ee:55:40:32:7c:36:ff:54:6e:e4:55:16:7e:57:bd:82:f8:
-         b1:38:de:86:a8:e8:4d:7e:b2:b8:59:ef:79:89:a3:0e:63:39:
-         61:3f:f2:ab:b4:50:eb:74:7c:79:e7:f9:66:91:ff:ea:61:27:
-         df:be:c2:89
+    Signature Value:
+        3d:d1:6d:b2:c8:2a:c3:4a:25:fe:40:4c:df:64:a6:73:66:82:
+        a3:4d:fa:36:bb:16:71:26:3d:01:d6:93:6d:56:2a:cc:7b:4e:
+        4f:bd:79:eb:a1:27:22:61:17:bb:fa:30:0c:be:4e:d9:b2:26:
+        75:0f:f0:2e:87:fc:8d:19:31:2f:30:0d:c7:90:3a:10:14:0d:
+        eb:aa:db:f3:9c:a8:ec:bc:fa:27:ba:a4:ed:9e:37:96:dd:b7:
+        51:a7:3d:09:d3:6a:bb:35:8a:c5:a6:0d:58:30:5b:4f:2f:aa:
+        bb:67:2c:e4:73:6a:ca:10:a0:33:65:83:c6:6e:5b:f4:ed:af:
+        78:31:4e:58:07:15:e1:c3:61:93:d0:91:85:af:a7:39:37:b9:
+        e9:20:86:1c:83:4b:bc:73:80:62:92:08:df:40:7a:f4:8a:11:
+        a8:55:24:9d:69:21:60:ad:64:52:c3:09:f4:57:08:ff:d9:be:
+        a3:26:f8:db:aa:21:68:e6:f1:11:5a:34:d7:e9:18:dd:c5:39:
+        5d:9a:45:5a:c4:86:a3:b3:18:02:c1:17:d1:77:12:9e:1e:c5:
+        46:1b:53:62:97:82:6c:0c:20:25:d6:73:e7:54:5e:a6:d3:27:
+        b6:d7:5c:87:4f:3b:87:50:ec:78:3c:ca:74:df:a7:9f:f8:4c:
+        9e:d4:9d:87
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQi1JQ0Ey
 LXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -254,12 +254,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFO5ZnVYLfApFROMVV+Ky8x1kb696MIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBABCvOuVJgX4P7620YgLeWy/XvZxZtNOubGASuiOG7jRO
-1SkAG24eawWWDSxOXJF0g626i/7NppuGlPd/tF7Jy+ZukDBTy0Qn9Qs3ufC8N825
-/Pt3A1SCtdKXEgE2SB+nrn2jxlWexA4LdtzoPLDMBoi+dC4DgnI4gMoU3GOCbnM7
-d+jATecOj36cZTYc1kdAdO/O/m1gg3cYyTyf9galFuYHU2bwSULdBElZqbkSH6Tp
-xxX7NN+lGWKTZWzvZpBh/g4ZVg2yXbHuVUAyfDb/VG7kVRZ+V72C+LE43oao6E1+
-srhZ73mJow5jOWE/8qu0UOt0fHnn+WaR/+phJ9++wok=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAD3RbbLIKsNKJf5ATN9kpnNmgqNN+ja7FnEmPQHWk21W
+Ksx7Tk+9eeuhJyJhF7v6MAy+TtmyJnUP8C6H/I0ZMS8wDceQOhAUDeuq2/OcqOy8
++ie6pO2eN5bdt1GnPQnTars1isWmDVgwW08vqrtnLORzasoQoDNlg8ZuW/Ttr3gx
+TlgHFeHDYZPQkYWvpzk3uekghhyDS7xzgGKSCN9AevSKEahVJJ1pIWCtZFLDCfRX
+CP/ZvqMm+NuqIWjm8RFaNNfpGN3FOV2aRVrEhqOzGALBF9F3Ep4exUYbU2KXgmwM
+ICXWc+dUXqbTJ7bXXIdPO4dQ7Hg8ynTfp5/4TJ7UnYc=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainB-entity.pem b/certs/test-pathlen/chainB-entity.pem
index d47835316..c5bbb3d8d 100644
--- a/certs/test-pathlen/chainB-entity.pem
+++ b/certs/test-pathlen/chainB-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:5f:d9:3d:d7:5b:11:aa:3e:53:31:d0:32:78:
                     87:fb:c0:8e:80:6d:fc:68:73:1f:9c:77:66:16:35:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:D7:90:E4:86:59:24:F9:2B:B8:06:8E:B1:8F:33:E5:2C:63:F1:03:16
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainB-ICA2-pathlen1/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         58:2b:2e:33:ed:42:7d:ce:8a:9f:2e:25:2f:7a:66:6f:d0:8a:
-         32:ee:70:b6:a0:ee:6f:ec:0c:52:af:d8:8c:2a:11:9f:f0:f3:
-         6a:41:bd:da:43:ad:82:5d:52:95:e2:6b:95:42:d1:24:09:ba:
-         7d:b5:6b:73:a2:96:3d:72:ba:65:cd:9c:c6:65:52:fb:68:65:
-         cb:55:5d:f5:44:fa:66:72:8c:1c:33:92:a6:37:77:44:16:86:
-         ed:f2:d3:a9:49:ff:aa:05:96:c8:e0:1c:b7:0a:60:e7:46:5e:
-         94:9d:c8:7a:31:41:98:96:38:17:a0:79:e3:1d:a3:13:06:17:
-         2d:b8:fd:6f:34:ed:e3:6d:36:e7:d4:5d:cf:00:4a:ce:a6:ff:
-         1c:87:d8:48:1b:65:b0:d0:72:70:48:15:bd:f1:3c:a9:06:f9:
-         7e:11:c1:43:6c:0b:60:d9:d9:5c:d3:3b:c2:18:eb:3f:82:eb:
-         fd:a5:1a:b2:a2:23:10:c3:30:af:4a:e9:d9:05:f1:e2:4e:e9:
-         41:bd:d7:dd:98:db:91:f2:15:54:4c:82:3d:22:aa:18:e5:e6:
-         df:9b:85:21:63:74:3d:08:a9:2e:35:e2:5e:61:32:78:04:49:
-         91:0d:8c:05:12:90:ec:f5:c5:d2:71:8a:2a:65:5c:b1:d4:14:
-         53:de:9b:98
+    Signature Value:
+        a7:1b:3e:d7:2b:6b:9e:36:3c:5e:53:dc:08:d2:a3:bb:83:aa:
+        1b:37:37:ed:c2:eb:3f:26:c9:34:2e:2c:d6:bd:3b:3c:4a:e1:
+        6d:98:11:ab:6a:0e:c9:2b:87:e9:22:1e:47:cb:f7:71:b9:c5:
+        07:47:5f:fd:15:2a:da:75:9d:7d:aa:f6:88:64:05:65:b4:19:
+        34:14:66:58:6a:d2:06:05:34:b2:07:2b:84:0a:61:39:82:cf:
+        fa:bc:88:b5:e5:cc:ec:07:1d:b5:43:66:5c:3c:ee:9d:39:9b:
+        ac:2c:30:f1:00:00:7a:59:72:b5:5c:11:d0:65:1b:ff:83:76:
+        d1:08:cf:33:45:4c:94:f2:87:af:eb:cd:88:1d:af:a1:b7:3c:
+        6a:64:52:4c:ab:89:b9:30:de:ef:be:d4:d4:a9:c5:f8:e0:74:
+        8e:b3:fb:91:56:74:60:41:f0:a5:b2:44:a0:a7:ea:37:2e:7d:
+        51:65:22:9f:91:59:da:2a:24:ba:69:04:ca:08:cc:b5:aa:a1:
+        28:55:7c:ac:ca:e0:2e:de:2f:c9:a5:d3:30:2b:21:d4:e1:49:
+        f1:82:d6:a6:9d:c7:5d:f6:82:c4:7b:3e:07:e2:ed:19:bf:b9:
+        58:8c:08:9c:06:97:f4:51:cd:c5:23:a6:cb:31:3b:94:62:2f:
+        a6:d9:54:6a
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQi1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkItZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,11 +77,11 @@ VR0jBIHGMIHDgBTXkOSGWST5K7gGjrGPM+UsY/EDFqGBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluQi1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAFgrLjPt
-Qn3Oip8uJS96Zm/QijLucLag7m/sDFKv2IwqEZ/w82pBvdpDrYJdUpXia5VC0SQJ
-un21a3Oilj1yumXNnMZlUvtoZctVXfVE+mZyjBwzkqY3d0QWhu3y06lJ/6oFlsjg
-HLcKYOdGXpSdyHoxQZiWOBegeeMdoxMGFy24/W807eNtNufUXc8ASs6m/xyH2Egb
-ZbDQcnBIFb3xPKkG+X4RwUNsC2DZ2VzTO8IY6z+C6/2lGrKiIxDDMK9K6dkF8eJO
-6UG9192Y25HyFVRMgj0iqhjl5t+bhSFjdD0IqS414l5hMngESZENjAUSkOz1xdJx
-iiplXLHUFFPem5g=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKcbPtcr
+a542PF5T3AjSo7uDqhs3N+3C6z8myTQuLNa9OzxK4W2YEatqDskrh+kiHkfL93G5
+xQdHX/0VKtp1nX2q9ohkBWW0GTQUZlhq0gYFNLIHK4QKYTmCz/q8iLXlzOwHHbVD
+Zlw87p05m6wsMPEAAHpZcrVcEdBlG/+DdtEIzzNFTJTyh6/rzYgdr6G3PGpkUkyr
+ibkw3u++1NSpxfjgdI6z+5FWdGBB8KWyRKCn6jcufVFlIp+RWdoqJLppBMoIzLWq
+oShVfKzK4C7eL8ml0zArIdThSfGC1qadx132gsR7Pgfi7Rm/uViMCJwGl/RRzcUj
+pssxO5RiL6bZVGo=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainC-ICA1-pathlen1.pem b/certs/test-pathlen/chainC-ICA1-pathlen1.pem
index bfd767cb7..51ee36cd4 100644
--- a/certs/test-pathlen/chainC-ICA1-pathlen1.pem
+++ b/certs/test-pathlen/chainC-ICA1-pathlen1.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:1a:6c:c1:bd:bb:9b:29:ca:35:3d:63:a3:29:
                     cd:a6:65:c4:9e:a3:c5:50:99:ad:51:90:0a:9a:9b:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         52:84:69:eb:36:71:76:74:41:ab:d8:70:ae:18:64:3f:b1:8d:
-         ef:ad:2f:6b:6b:e5:c3:5e:41:ca:6c:30:23:b5:6b:26:c2:18:
-         fa:b4:97:95:9f:50:16:29:94:5e:91:1b:90:22:db:1e:a8:7f:
-         eb:db:b9:38:d8:7d:8d:f9:1b:b2:c4:ab:0e:10:d4:ae:8e:a3:
-         56:c5:e0:ed:f9:37:eb:ce:1f:93:70:32:2a:aa:30:90:38:02:
-         58:e4:e7:e7:bb:80:64:a0:ef:8d:2f:15:2d:8b:d0:d8:b0:72:
-         0c:63:76:ba:cb:c8:1c:79:34:d9:d3:23:15:c2:b2:da:89:1a:
-         c6:24:16:60:2f:8a:80:fd:ac:cf:3d:0d:eb:1b:e1:ca:aa:37:
-         e5:a1:80:8d:14:e1:ca:94:f2:c4:7c:22:4a:54:f6:e4:e5:db:
-         57:13:a3:fb:9a:63:13:2c:6e:4b:33:cc:1e:de:73:7e:00:b9:
-         8f:3d:bf:ff:af:81:83:31:2e:42:b2:c9:df:23:ae:9a:35:cf:
-         3d:f4:98:fd:dc:58:15:01:41:a7:c0:6c:09:cd:88:39:24:71:
-         10:97:f3:e5:0e:ad:59:77:83:00:a0:03:9e:c8:cb:26:18:d1:
-         a1:60:bd:8a:53:a8:4e:08:0e:57:1e:5b:1d:df:a5:bd:04:01:
-         66:dd:30:2d
+    Signature Value:
+        6d:59:5b:3f:de:5d:19:6a:78:bd:c6:8e:07:7b:74:8b:0c:06:
+        4c:0d:4a:b1:38:76:fd:98:f0:36:34:92:43:49:5e:e7:6c:ab:
+        d2:db:2c:89:03:2f:4b:d1:b7:26:9b:ec:e4:26:b6:02:ec:8c:
+        0d:81:d4:ce:e7:c8:31:29:f2:bd:20:17:48:49:f1:4a:dd:4a:
+        38:d5:4a:59:d4:14:25:ab:3f:7d:36:f0:56:86:1f:49:06:de:
+        28:18:fc:f8:2a:6f:79:f2:d1:c8:10:48:67:5e:ab:38:6a:7c:
+        23:d4:e9:e7:c5:e8:3a:81:c1:95:c1:bd:78:e8:df:bc:b9:cb:
+        52:e8:65:77:df:65:6c:85:b6:84:71:03:59:15:95:7c:ce:63:
+        2c:a8:1f:5d:58:88:5d:51:b3:95:be:91:e8:c5:52:c5:f7:9c:
+        82:16:47:1b:68:05:ed:2e:bf:76:16:e7:f7:2c:d8:df:f8:23:
+        a4:90:38:e6:39:27:0e:7e:0a:68:3d:2c:65:f6:42:06:ca:55:
+        9f:66:fb:4a:44:7c:1b:e6:75:2b:ba:fd:fe:19:05:96:f9:0b:
+        22:f7:9a:82:c2:e1:10:67:c4:3a:26:f9:cb:c2:a5:b8:5c:e3:
+        6a:34:84:4a:7a:84:ab:ef:8e:be:e1:e4:40:66:fd:9b:b7:af:
+        40:ee:60:09
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQy1JQ0Ex
 LXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFJQdLgc3xi9Swex5axPOCZBf9MRRMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAFKEaes2cXZ0QavYcK4YZD+xje+tL2tr5cNeQcpsMCO1
-aybCGPq0l5WfUBYplF6RG5Ai2x6of+vbuTjYfY35G7LEqw4Q1K6Oo1bF4O35N+vO
-H5NwMiqqMJA4Aljk5+e7gGSg740vFS2L0NiwcgxjdrrLyBx5NNnTIxXCstqJGsYk
-FmAvioD9rM89Desb4cqqN+WhgI0U4cqU8sR8IkpU9uTl21cTo/uaYxMsbkszzB7e
-c34AuY89v/+vgYMxLkKyyd8jrpo1zz30mP3cWBUBQafAbAnNiDkkcRCX8+UOrVl3
-gwCgA57IyyYY0aFgvYpTqE4IDlceWx3fpb0EAWbdMC0=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAG1ZWz/eXRlqeL3Gjgd7dIsMBkwNSrE4dv2Y8DY0kkNJ
+Xudsq9LbLIkDL0vRtyab7OQmtgLsjA2B1M7nyDEp8r0gF0hJ8UrdSjjVSlnUFCWr
+P3028FaGH0kG3igY/Pgqb3ny0cgQSGdeqzhqfCPU6efF6DqBwZXBvXjo37y5y1Lo
+ZXffZWyFtoRxA1kVlXzOYyyoH11YiF1Rs5W+kejFUsX3nIIWRxtoBe0uv3YW5/cs
+2N/4I6SQOOY5Jw5+Cmg9LGX2QgbKVZ9m+0pEfBvmdSu6/f4ZBZb5CyL3moLC4RBn
+xDom+cvCpbhc42o0hEp6hKvvjr7h5EBm/Zu3r0DuYAk=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainC-assembled.pem b/certs/test-pathlen/chainC-assembled.pem
index 55e61fa47..0acb7d75b 100644
--- a/certs/test-pathlen/chainC-assembled.pem
+++ b/certs/test-pathlen/chainC-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:34:e1:1c:2c:2d:a4:93:b5:c4:fc:65:40:fa:
                     94:68:74:24:ff:52:a4:df:3e:f1:7c:92:14:f0:f0:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:94:1D:2E:07:37:C6:2F:52:C1:EC:79:6B:13:CE:09:90:5F:F4:C4:51
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         b0:8e:f5:a6:d7:df:13:fb:72:58:82:1e:b8:e8:34:aa:12:cc:
-         39:4e:ad:b7:ff:b7:1b:d4:91:25:12:4f:af:f4:f0:9a:bf:e4:
-         0f:f1:3d:bb:46:e9:c1:61:a5:b1:42:f3:13:75:b1:60:df:ba:
-         36:62:f4:4d:e1:2c:23:ff:92:db:81:dc:72:71:74:00:6b:a2:
-         29:cd:6f:ff:3c:db:35:6c:8c:bf:d5:d4:af:20:78:65:6c:f3:
-         5c:e5:84:22:b6:1c:06:6e:fa:b1:fb:07:3e:76:60:58:36:73:
-         3c:97:ab:5a:27:56:d6:f9:ef:43:34:67:af:57:3e:d2:dc:2e:
-         e7:e4:1c:8b:cb:90:11:1a:b9:8e:01:3f:e4:a2:6c:93:b3:90:
-         cd:6c:05:1e:d7:2f:7a:00:de:00:be:e6:35:4c:25:fc:19:96:
-         27:9f:0d:0b:a8:9d:14:d9:89:4b:13:ec:53:e9:f9:31:b7:3f:
-         95:61:7e:b3:bb:32:a3:f1:94:53:49:b4:f5:c8:ee:83:0d:69:
-         5c:89:c3:21:e4:a5:d0:9c:af:30:af:64:e3:78:53:d5:5e:72:
-         2b:d8:d7:7a:45:03:ba:9f:93:c9:fb:8d:cc:94:41:d5:2a:eb:
-         87:ee:9f:c8:bf:ca:d1:6e:92:6b:96:af:20:6e:a5:42:9b:1d:
-         8b:2b:ad:d5
+    Signature Value:
+        7a:cd:a8:f1:f4:70:c1:61:8a:a7:f6:5a:49:83:32:7f:02:d1:
+        39:f6:56:cd:49:16:11:78:d5:13:a3:a0:f1:22:a5:97:5c:86:
+        ec:15:1d:07:89:8b:9a:49:1e:3f:7f:77:e7:de:97:56:ee:51:
+        28:ff:3a:71:52:22:bf:4c:99:ef:6b:76:0d:a8:81:4a:f8:db:
+        73:ba:b0:f4:e9:5d:e9:08:7c:b8:8a:87:aa:95:5e:da:f4:ab:
+        2a:4f:53:ae:02:fc:ba:26:93:ab:41:27:4a:78:9f:2a:7f:7a:
+        27:57:23:d3:36:aa:b0:c9:45:9c:09:7d:41:f2:71:fe:21:3e:
+        e7:b2:86:35:a8:bf:df:d3:74:8e:b2:ff:41:70:9c:40:38:2f:
+        4f:ec:b2:d1:b6:30:4c:a7:55:c5:60:19:e7:e7:c3:5f:84:fc:
+        59:70:62:83:00:eb:d7:8a:3b:a3:bd:cf:00:74:39:65:cf:ab:
+        0a:60:12:c8:51:d7:3d:96:2e:b5:d6:e5:2e:00:69:85:c7:39:
+        c3:db:70:ee:94:82:56:54:78:72:26:7f:12:64:e6:c6:9b:24:
+        7c:e2:79:72:13:8a:4c:47:d9:45:e0:82:b7:17:61:b5:c0:c4:
+        0f:10:fb:9d:ca:a3:54:b9:a1:01:71:44:07:27:c2:39:1d:89:
+        39:b9:00:23
 -----BEGIN CERTIFICATE-----
 MIIEqjCCA5KgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQy1JQ0ExLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkMtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,12 +77,12 @@ VR0jBIG5MIG2gBSUHS4HN8YvUsHseWsTzgmQX/TEUaGBmqSBlzCBlDELMAkGA1UE
 BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
 BAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cu
 d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWQw
-CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAsI71ptffE/tyWIIeuOg0qhLM
-OU6tt/+3G9SRJRJPr/Twmr/kD/E9u0bpwWGlsULzE3WxYN+6NmL0TeEsI/+S24Hc
-cnF0AGuiKc1v/zzbNWyMv9XUryB4ZWzzXOWEIrYcBm76sfsHPnZgWDZzPJerWidW
-1vnvQzRnr1c+0twu5+Qci8uQERq5jgE/5KJsk7OQzWwFHtcvegDeAL7mNUwl/BmW
-J58NC6idFNmJSxPsU+n5Mbc/lWF+s7syo/GUU0m09cjugw1pXInDIeSl0JyvMK9k
-43hT1V5yK9jXekUDup+TyfuNzJRB1Srrh+6fyL/K0W6Sa5avIG6lQpsdiyut1Q==
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAes2o8fRwwWGKp/ZaSYMyfwLR
+OfZWzUkWEXjVE6Og8SKll1yG7BUdB4mLmkkeP393596XVu5RKP86cVIiv0yZ72t2
+DaiBSvjbc7qw9Old6Qh8uIqHqpVe2vSrKk9TrgL8uiaTq0EnSnifKn96J1cj0zaq
+sMlFnAl9QfJx/iE+57KGNai/39N0jrL/QXCcQDgvT+yy0bYwTKdVxWAZ5+fDX4T8
+WXBigwDr14o7o73PAHQ5Zc+rCmASyFHXPZYutdblLgBphcc5w9tw7pSCVlR4ciZ/
+EmTmxpskfOJ5chOKTEfZReCCtxdhtcDEDxD7ncqjVLmhAXFEByfCOR2JObkAIw==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -91,12 +91,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:1a:6c:c1:bd:bb:9b:29:ca:35:3d:63:a3:29:
                     cd:a6:65:c4:9e:a3:c5:50:99:ad:51:90:0a:9a:9b:
@@ -123,34 +123,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         52:84:69:eb:36:71:76:74:41:ab:d8:70:ae:18:64:3f:b1:8d:
-         ef:ad:2f:6b:6b:e5:c3:5e:41:ca:6c:30:23:b5:6b:26:c2:18:
-         fa:b4:97:95:9f:50:16:29:94:5e:91:1b:90:22:db:1e:a8:7f:
-         eb:db:b9:38:d8:7d:8d:f9:1b:b2:c4:ab:0e:10:d4:ae:8e:a3:
-         56:c5:e0:ed:f9:37:eb:ce:1f:93:70:32:2a:aa:30:90:38:02:
-         58:e4:e7:e7:bb:80:64:a0:ef:8d:2f:15:2d:8b:d0:d8:b0:72:
-         0c:63:76:ba:cb:c8:1c:79:34:d9:d3:23:15:c2:b2:da:89:1a:
-         c6:24:16:60:2f:8a:80:fd:ac:cf:3d:0d:eb:1b:e1:ca:aa:37:
-         e5:a1:80:8d:14:e1:ca:94:f2:c4:7c:22:4a:54:f6:e4:e5:db:
-         57:13:a3:fb:9a:63:13:2c:6e:4b:33:cc:1e:de:73:7e:00:b9:
-         8f:3d:bf:ff:af:81:83:31:2e:42:b2:c9:df:23:ae:9a:35:cf:
-         3d:f4:98:fd:dc:58:15:01:41:a7:c0:6c:09:cd:88:39:24:71:
-         10:97:f3:e5:0e:ad:59:77:83:00:a0:03:9e:c8:cb:26:18:d1:
-         a1:60:bd:8a:53:a8:4e:08:0e:57:1e:5b:1d:df:a5:bd:04:01:
-         66:dd:30:2d
+    Signature Value:
+        6d:59:5b:3f:de:5d:19:6a:78:bd:c6:8e:07:7b:74:8b:0c:06:
+        4c:0d:4a:b1:38:76:fd:98:f0:36:34:92:43:49:5e:e7:6c:ab:
+        d2:db:2c:89:03:2f:4b:d1:b7:26:9b:ec:e4:26:b6:02:ec:8c:
+        0d:81:d4:ce:e7:c8:31:29:f2:bd:20:17:48:49:f1:4a:dd:4a:
+        38:d5:4a:59:d4:14:25:ab:3f:7d:36:f0:56:86:1f:49:06:de:
+        28:18:fc:f8:2a:6f:79:f2:d1:c8:10:48:67:5e:ab:38:6a:7c:
+        23:d4:e9:e7:c5:e8:3a:81:c1:95:c1:bd:78:e8:df:bc:b9:cb:
+        52:e8:65:77:df:65:6c:85:b6:84:71:03:59:15:95:7c:ce:63:
+        2c:a8:1f:5d:58:88:5d:51:b3:95:be:91:e8:c5:52:c5:f7:9c:
+        82:16:47:1b:68:05:ed:2e:bf:76:16:e7:f7:2c:d8:df:f8:23:
+        a4:90:38:e6:39:27:0e:7e:0a:68:3d:2c:65:f6:42:06:ca:55:
+        9f:66:fb:4a:44:7c:1b:e6:75:2b:ba:fd:fe:19:05:96:f9:0b:
+        22:f7:9a:82:c2:e1:10:67:c4:3a:26:f9:cb:c2:a5:b8:5c:e3:
+        6a:34:84:4a:7a:84:ab:ef:8e:be:e1:e4:40:66:fd:9b:b7:af:
+        40:ee:60:09
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQy1JQ0Ex
 LXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -164,12 +164,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFJQdLgc3xi9Swex5axPOCZBf9MRRMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAFKEaes2cXZ0QavYcK4YZD+xje+tL2tr5cNeQcpsMCO1
-aybCGPq0l5WfUBYplF6RG5Ai2x6of+vbuTjYfY35G7LEqw4Q1K6Oo1bF4O35N+vO
-H5NwMiqqMJA4Aljk5+e7gGSg740vFS2L0NiwcgxjdrrLyBx5NNnTIxXCstqJGsYk
-FmAvioD9rM89Desb4cqqN+WhgI0U4cqU8sR8IkpU9uTl21cTo/uaYxMsbkszzB7e
-c34AuY89v/+vgYMxLkKyyd8jrpo1zz30mP3cWBUBQafAbAnNiDkkcRCX8+UOrVl3
-gwCgA57IyyYY0aFgvYpTqE4IDlceWx3fpb0EAWbdMC0=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAG1ZWz/eXRlqeL3Gjgd7dIsMBkwNSrE4dv2Y8DY0kkNJ
+Xudsq9LbLIkDL0vRtyab7OQmtgLsjA2B1M7nyDEp8r0gF0hJ8UrdSjjVSlnUFCWr
+P3028FaGH0kG3igY/Pgqb3ny0cgQSGdeqzhqfCPU6efF6DqBwZXBvXjo37y5y1Lo
+ZXffZWyFtoRxA1kVlXzOYyyoH11YiF1Rs5W+kejFUsX3nIIWRxtoBe0uv3YW5/cs
+2N/4I6SQOOY5Jw5+Cmg9LGX2QgbKVZ9m+0pEfBvmdSu6/f4ZBZb5CyL3moLC4RBn
+xDom+cvCpbhc42o0hEp6hKvvjr7h5EBm/Zu3r0DuYAk=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainC-entity.pem b/certs/test-pathlen/chainC-entity.pem
index f361a8979..c0097c6bc 100644
--- a/certs/test-pathlen/chainC-entity.pem
+++ b/certs/test-pathlen/chainC-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:34:e1:1c:2c:2d:a4:93:b5:c4:fc:65:40:fa:
                     94:68:74:24:ff:52:a4:df:3e:f1:7c:92:14:f0:f0:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:94:1D:2E:07:37:C6:2F:52:C1:EC:79:6B:13:CE:09:90:5F:F4:C4:51
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         b0:8e:f5:a6:d7:df:13:fb:72:58:82:1e:b8:e8:34:aa:12:cc:
-         39:4e:ad:b7:ff:b7:1b:d4:91:25:12:4f:af:f4:f0:9a:bf:e4:
-         0f:f1:3d:bb:46:e9:c1:61:a5:b1:42:f3:13:75:b1:60:df:ba:
-         36:62:f4:4d:e1:2c:23:ff:92:db:81:dc:72:71:74:00:6b:a2:
-         29:cd:6f:ff:3c:db:35:6c:8c:bf:d5:d4:af:20:78:65:6c:f3:
-         5c:e5:84:22:b6:1c:06:6e:fa:b1:fb:07:3e:76:60:58:36:73:
-         3c:97:ab:5a:27:56:d6:f9:ef:43:34:67:af:57:3e:d2:dc:2e:
-         e7:e4:1c:8b:cb:90:11:1a:b9:8e:01:3f:e4:a2:6c:93:b3:90:
-         cd:6c:05:1e:d7:2f:7a:00:de:00:be:e6:35:4c:25:fc:19:96:
-         27:9f:0d:0b:a8:9d:14:d9:89:4b:13:ec:53:e9:f9:31:b7:3f:
-         95:61:7e:b3:bb:32:a3:f1:94:53:49:b4:f5:c8:ee:83:0d:69:
-         5c:89:c3:21:e4:a5:d0:9c:af:30:af:64:e3:78:53:d5:5e:72:
-         2b:d8:d7:7a:45:03:ba:9f:93:c9:fb:8d:cc:94:41:d5:2a:eb:
-         87:ee:9f:c8:bf:ca:d1:6e:92:6b:96:af:20:6e:a5:42:9b:1d:
-         8b:2b:ad:d5
+    Signature Value:
+        7a:cd:a8:f1:f4:70:c1:61:8a:a7:f6:5a:49:83:32:7f:02:d1:
+        39:f6:56:cd:49:16:11:78:d5:13:a3:a0:f1:22:a5:97:5c:86:
+        ec:15:1d:07:89:8b:9a:49:1e:3f:7f:77:e7:de:97:56:ee:51:
+        28:ff:3a:71:52:22:bf:4c:99:ef:6b:76:0d:a8:81:4a:f8:db:
+        73:ba:b0:f4:e9:5d:e9:08:7c:b8:8a:87:aa:95:5e:da:f4:ab:
+        2a:4f:53:ae:02:fc:ba:26:93:ab:41:27:4a:78:9f:2a:7f:7a:
+        27:57:23:d3:36:aa:b0:c9:45:9c:09:7d:41:f2:71:fe:21:3e:
+        e7:b2:86:35:a8:bf:df:d3:74:8e:b2:ff:41:70:9c:40:38:2f:
+        4f:ec:b2:d1:b6:30:4c:a7:55:c5:60:19:e7:e7:c3:5f:84:fc:
+        59:70:62:83:00:eb:d7:8a:3b:a3:bd:cf:00:74:39:65:cf:ab:
+        0a:60:12:c8:51:d7:3d:96:2e:b5:d6:e5:2e:00:69:85:c7:39:
+        c3:db:70:ee:94:82:56:54:78:72:26:7f:12:64:e6:c6:9b:24:
+        7c:e2:79:72:13:8a:4c:47:d9:45:e0:82:b7:17:61:b5:c0:c4:
+        0f:10:fb:9d:ca:a3:54:b9:a1:01:71:44:07:27:c2:39:1d:89:
+        39:b9:00:23
 -----BEGIN CERTIFICATE-----
 MIIEqjCCA5KgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluQy1JQ0ExLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkMtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,10 +77,10 @@ VR0jBIG5MIG2gBSUHS4HN8YvUsHseWsTzgmQX/TEUaGBmqSBlzCBlDELMAkGA1UE
 BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
 BAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cu
 d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWQw
-CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAsI71ptffE/tyWIIeuOg0qhLM
-OU6tt/+3G9SRJRJPr/Twmr/kD/E9u0bpwWGlsULzE3WxYN+6NmL0TeEsI/+S24Hc
-cnF0AGuiKc1v/zzbNWyMv9XUryB4ZWzzXOWEIrYcBm76sfsHPnZgWDZzPJerWidW
-1vnvQzRnr1c+0twu5+Qci8uQERq5jgE/5KJsk7OQzWwFHtcvegDeAL7mNUwl/BmW
-J58NC6idFNmJSxPsU+n5Mbc/lWF+s7syo/GUU0m09cjugw1pXInDIeSl0JyvMK9k
-43hT1V5yK9jXekUDup+TyfuNzJRB1Srrh+6fyL/K0W6Sa5avIG6lQpsdiyut1Q==
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAes2o8fRwwWGKp/ZaSYMyfwLR
+OfZWzUkWEXjVE6Og8SKll1yG7BUdB4mLmkkeP393596XVu5RKP86cVIiv0yZ72t2
+DaiBSvjbc7qw9Old6Qh8uIqHqpVe2vSrKk9TrgL8uiaTq0EnSnifKn96J1cj0zaq
+sMlFnAl9QfJx/iE+57KGNai/39N0jrL/QXCcQDgvT+yy0bYwTKdVxWAZ5+fDX4T8
+WXBigwDr14o7o73PAHQ5Zc+rCmASyFHXPZYutdblLgBphcc5w9tw7pSCVlR4ciZ/
+EmTmxpskfOJ5chOKTEfZReCCtxdhtcDEDxD7ncqjVLmhAXFEByfCOR2JObkAIw==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainD-ICA1-pathlen127.pem b/certs/test-pathlen/chainD-ICA1-pathlen127.pem
index a9d4c15b3..909ceed4c 100644
--- a/certs/test-pathlen/chainD-ICA1-pathlen127.pem
+++ b/certs/test-pathlen/chainD-ICA1-pathlen127.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-ICA1-pathlen127, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:81:78:a9:19:99:12:d1:cf:3d:51:54:1d:d3:
                     14:94:ed:3e:de:ff:e0:23:e4:f7:23:fc:5c:49:24:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:127
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         ae:70:5a:14:f9:fb:c6:c5:5e:19:92:18:5e:fc:6d:7a:9c:90:
-         34:2f:d4:7e:42:cf:88:80:3c:65:96:f7:4e:b7:26:c5:aa:6c:
-         6c:a0:31:51:7b:ad:92:42:9c:16:7e:5c:1a:f7:0b:d1:8a:b6:
-         41:fa:d1:a1:fc:86:6f:32:15:88:a8:b2:69:a6:38:2a:16:57:
-         55:d8:be:8f:6e:fa:4b:e6:a1:2b:db:4d:64:0c:08:76:31:37:
-         ec:c4:6d:2b:3a:62:a2:2e:9a:0d:29:57:95:3a:76:e4:b2:63:
-         90:07:72:04:f4:59:6e:be:94:00:13:0d:13:99:f8:97:df:16:
-         b5:70:32:d8:9f:84:07:3d:9d:be:87:50:33:3e:4e:ae:51:f1:
-         12:33:96:c4:d5:d1:df:cd:bf:eb:f5:20:a3:4c:36:9e:bd:d3:
-         5e:7f:56:05:e9:24:65:77:59:65:c0:53:c4:59:5f:3e:b3:37:
-         41:89:f4:f4:4a:ff:6c:97:f6:f1:49:09:9c:a2:a9:cf:17:27:
-         31:2e:db:04:52:f9:18:a5:67:6c:d2:0d:12:2a:ff:33:26:83:
-         20:1e:0e:81:e8:a4:b6:93:f9:d0:a3:b6:48:a1:5a:3e:b7:f0:
-         cd:b7:fe:66:6e:07:99:b0:6e:e6:a6:2b:93:7b:de:bc:41:5e:
-         0d:d3:22:65
+    Signature Value:
+        26:99:d3:de:3a:db:89:0e:08:cf:da:59:21:55:d6:54:df:7a:
+        28:70:e0:8f:60:af:e5:4b:1e:71:cd:8c:e4:07:1a:82:5b:bd:
+        82:48:3b:88:6c:47:9c:3b:d0:9a:f8:d3:54:78:97:58:21:e7:
+        47:a7:71:4e:ce:34:8a:5c:23:5b:a9:ca:1a:39:3a:ef:2e:56:
+        59:d0:18:42:65:bc:d7:21:85:12:02:26:00:d1:d4:a4:c8:be:
+        f1:e2:06:ce:e9:a0:65:63:99:7c:a5:fe:2e:bb:69:e3:7b:ab:
+        9d:94:ce:55:9a:f9:48:54:0b:64:51:d3:43:86:e6:5d:e3:1e:
+        17:13:f3:b3:3e:53:22:36:f8:17:a7:c2:82:60:b5:be:4a:ab:
+        22:10:26:eb:8c:47:12:64:f4:73:32:fd:01:04:f6:d3:80:3a:
+        c4:d1:5d:6f:33:4d:67:d3:19:94:e3:23:4e:94:28:a8:53:de:
+        d8:09:4b:7f:b1:36:57:55:de:d2:55:2d:89:a2:73:fa:5a:13:
+        67:33:b9:8d:09:8d:0e:06:8b:73:19:ba:cc:86:fc:64:e1:71:
+        f8:7d:f2:ae:55:da:8c:d9:a4:64:71:06:5b:55:5c:25:7f:83:
+        b8:20:e0:12:2a:76:a4:03:c0:a8:d6:d6:f5:5a:3b:31:44:94:
+        8d:91:45:d3
 -----BEGIN CERTIFICATE-----
 MIIEzjCCA7agAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRC1JQ0Ex
 LXBhdGhsZW4xMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
@@ -78,12 +78,12 @@ AAGjggEYMIIBFDAdBgNVHQ4EFgQUZ3j5rRxTQR9GvUmbcy583FwtC/swgdQGA1Ud
 IwSBzDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
 DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqo
-bAHs9mDycFEKTNEU+rzpRDAPBgNVHRMECDAGAQH/AgF/MAsGA1UdDwQEAwIBBjAN
-BgkqhkiG9w0BAQsFAAOCAQEArnBaFPn7xsVeGZIYXvxtepyQNC/UfkLPiIA8ZZb3
-TrcmxapsbKAxUXutkkKcFn5cGvcL0Yq2QfrRofyGbzIViKiyaaY4KhZXVdi+j276
-S+ahK9tNZAwIdjE37MRtKzpioi6aDSlXlTp25LJjkAdyBPRZbr6UABMNE5n4l98W
-tXAy2J+EBz2dvodQMz5OrlHxEjOWxNXR382/6/Ugo0w2nr3TXn9WBekkZXdZZcBT
-xFlfPrM3QYn09Er/bJf28UkJnKKpzxcnMS7bBFL5GKVnbNINEir/MyaDIB4Ogeik
-tpP50KO2SKFaPrfwzbf+Zm4HmbBu5qYrk3vevEFeDdMiZQ==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG
+8aOUZRmhCFjvp40reoPB2jAPBgNVHRMECDAGAQH/AgF/MAsGA1UdDwQEAwIBBjAN
+BgkqhkiG9w0BAQsFAAOCAQEAJpnT3jrbiQ4Iz9pZIVXWVN96KHDgj2Cv5Usecc2M
+5Acaglu9gkg7iGxHnDvQmvjTVHiXWCHnR6dxTs40ilwjW6nKGjk67y5WWdAYQmW8
+1yGFEgImANHUpMi+8eIGzumgZWOZfKX+Lrtp43urnZTOVZr5SFQLZFHTQ4bmXeMe
+FxPzsz5TIjb4F6fCgmC1vkqrIhAm64xHEmT0czL9AQT204A6xNFdbzNNZ9MZlOMj
+TpQoqFPe2AlLf7E2V1Xe0lUtiaJz+loTZzO5jQmNDgaLcxm6zIb8ZOFx+H3yrlXa
+jNmkZHEGW1VcJX+DuCDgEip2pAPAqNbW9Vo7MUSUjZFF0w==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainD-assembled.pem b/certs/test-pathlen/chainD-assembled.pem
index df69897ff..64c27d015 100644
--- a/certs/test-pathlen/chainD-assembled.pem
+++ b/certs/test-pathlen/chainD-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-ICA1-pathlen127, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e2:5d:f4:bd:06:b6:a1:21:3a:2d:7f:cc:f2:5a:
                     15:36:28:0a:f2:bb:16:b5:ec:f9:e7:5b:92:ec:17:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:67:78:F9:AD:1C:53:41:1F:46:BD:49:9B:73:2E:7C:DC:5C:2D:0B:FB
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         91:9a:e9:78:f5:c5:e1:87:94:b2:37:cb:fd:36:af:25:ad:9d:
-         00:33:93:3c:ea:29:04:75:9f:a0:b8:4a:d8:68:3d:9e:94:6b:
-         ac:6e:51:6b:83:92:48:c1:c8:c8:01:48:d9:ac:e5:85:35:4c:
-         43:c2:66:a3:3b:9c:97:71:ea:89:91:38:48:ab:d5:c5:c5:fb:
-         70:40:db:1e:03:9b:a8:fc:2c:93:d6:d1:fb:42:f2:64:7a:43:
-         09:59:3e:ed:71:9e:9d:62:a8:04:c8:52:5a:fd:d2:24:34:2d:
-         22:72:62:27:ca:fb:88:e2:b7:a9:14:b7:0a:89:9d:2d:4f:ea:
-         03:fc:a1:20:d6:98:73:1d:7a:96:42:47:d3:0c:7e:84:3d:1c:
-         f0:5b:90:6c:d0:2b:88:44:03:cc:a6:79:45:4f:bb:29:6b:73:
-         47:ae:4f:70:b0:b4:b6:d1:c7:ec:8e:db:df:81:d9:67:57:67:
-         82:3c:47:5f:92:1f:f0:58:61:9d:0b:9b:c4:4d:1f:4d:b7:d2:
-         80:e6:f7:48:40:91:87:1c:b9:47:c8:68:24:30:a0:ba:ef:e8:
-         7b:2e:33:85:3d:9c:d4:6b:7e:b1:1f:b7:c0:70:5d:77:49:73:
-         a2:f1:58:62:d6:a4:c9:37:d1:52:a4:d6:c6:9a:6e:a3:0c:f9:
-         16:2a:f0:76
+    Signature Value:
+        27:86:58:7e:3a:b1:e2:09:47:0f:50:80:d7:66:e4:12:b9:2e:
+        6a:ce:12:57:e7:eb:dc:7d:e4:80:6c:ee:2d:20:a9:71:30:5e:
+        9c:2a:54:c2:87:91:d5:d9:bf:93:63:0e:7f:60:20:3e:0c:8e:
+        04:c8:d9:34:8c:95:81:97:9f:a9:09:9d:fe:49:fd:2c:57:69:
+        be:d8:1c:ff:e1:75:56:22:85:5e:f4:81:5e:05:51:d3:55:ec:
+        85:9c:cd:84:60:1f:77:f4:f6:b4:44:b9:3b:f6:8d:2a:c1:91:
+        e7:64:26:b0:46:3c:17:13:a7:4d:d9:ea:ce:62:6d:0f:86:c1:
+        77:87:35:9f:8a:39:98:22:a3:63:ef:8d:76:e4:0a:b3:10:99:
+        a6:65:46:8d:2d:e9:c4:7d:08:2e:37:33:70:18:0b:b2:f1:ba:
+        d5:ee:b6:d7:b0:63:cf:26:48:cc:0d:8e:c6:f3:30:97:d8:05:
+        31:92:8b:ad:31:6d:c0:5c:c8:05:49:77:b9:f1:0b:de:c8:a2:
+        a0:dc:dc:6c:9c:5b:07:29:d6:13:af:67:13:5f:d3:93:a3:93:
+        a7:3b:84:41:6b:0b:25:99:e3:a9:a6:a9:18:0f:6a:84:73:23:
+        e4:4b:8c:4f:c5:4c:6b:36:73:86:0a:79:2e:0b:38:45:cf:b9:
+        2c:34:8d:46
 -----BEGIN CERTIFICATE-----
 MIIErDCCA5SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluRC1JQ0ExLXBhdGhsZW4xMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluRC1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -77,12 +77,12 @@ BgNVHSMEgbkwgbaAFGd4+a0cU0EfRr1Jm3MufNxcLQv7oYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIB
-ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCRmul49cXhh5SyN8v9Nq8l
-rZ0AM5M86ikEdZ+guErYaD2elGusblFrg5JIwcjIAUjZrOWFNUxDwmajO5yXceqJ
-kThIq9XFxftwQNseA5uo/CyT1tH7QvJkekMJWT7tcZ6dYqgEyFJa/dIkNC0icmIn
-yvuI4repFLcKiZ0tT+oD/KEg1phzHXqWQkfTDH6EPRzwW5Bs0CuIRAPMpnlFT7sp
-a3NHrk9wsLS20cfsjtvfgdlnV2eCPEdfkh/wWGGdC5vETR9Nt9KA5vdIQJGHHLlH
-yGgkMKC67+h7LjOFPZzUa36xH7fAcF13SXOi8Vhi1qTJN9FSpNbGmm6jDPkWKvB2
+ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAnhlh+OrHiCUcPUIDXZuQS
+uS5qzhJX5+vcfeSAbO4tIKlxMF6cKlTCh5HV2b+TYw5/YCA+DI4EyNk0jJWBl5+p
+CZ3+Sf0sV2m+2Bz/4XVWIoVe9IFeBVHTVeyFnM2EYB939Pa0RLk79o0qwZHnZCaw
+RjwXE6dN2erOYm0PhsF3hzWfijmYIqNj74125AqzEJmmZUaNLenEfQguNzNwGAuy
+8brV7rbXsGPPJkjMDY7G8zCX2AUxkoutMW3AXMgFSXe58QveyKKg3NxsnFsHKdYT
+r2cTX9OTo5OnO4RBawslmeOppqkYD2qEcyPkS4xPxUxrNnOGCnkuCzhFz7ksNI1G
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -91,12 +91,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-ICA1-pathlen127, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:81:78:a9:19:99:12:d1:cf:3d:51:54:1d:d3:
                     14:94:ed:3e:de:ff:e0:23:e4:f7:23:fc:5c:49:24:
@@ -123,34 +123,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:127
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         ae:70:5a:14:f9:fb:c6:c5:5e:19:92:18:5e:fc:6d:7a:9c:90:
-         34:2f:d4:7e:42:cf:88:80:3c:65:96:f7:4e:b7:26:c5:aa:6c:
-         6c:a0:31:51:7b:ad:92:42:9c:16:7e:5c:1a:f7:0b:d1:8a:b6:
-         41:fa:d1:a1:fc:86:6f:32:15:88:a8:b2:69:a6:38:2a:16:57:
-         55:d8:be:8f:6e:fa:4b:e6:a1:2b:db:4d:64:0c:08:76:31:37:
-         ec:c4:6d:2b:3a:62:a2:2e:9a:0d:29:57:95:3a:76:e4:b2:63:
-         90:07:72:04:f4:59:6e:be:94:00:13:0d:13:99:f8:97:df:16:
-         b5:70:32:d8:9f:84:07:3d:9d:be:87:50:33:3e:4e:ae:51:f1:
-         12:33:96:c4:d5:d1:df:cd:bf:eb:f5:20:a3:4c:36:9e:bd:d3:
-         5e:7f:56:05:e9:24:65:77:59:65:c0:53:c4:59:5f:3e:b3:37:
-         41:89:f4:f4:4a:ff:6c:97:f6:f1:49:09:9c:a2:a9:cf:17:27:
-         31:2e:db:04:52:f9:18:a5:67:6c:d2:0d:12:2a:ff:33:26:83:
-         20:1e:0e:81:e8:a4:b6:93:f9:d0:a3:b6:48:a1:5a:3e:b7:f0:
-         cd:b7:fe:66:6e:07:99:b0:6e:e6:a6:2b:93:7b:de:bc:41:5e:
-         0d:d3:22:65
+    Signature Value:
+        26:99:d3:de:3a:db:89:0e:08:cf:da:59:21:55:d6:54:df:7a:
+        28:70:e0:8f:60:af:e5:4b:1e:71:cd:8c:e4:07:1a:82:5b:bd:
+        82:48:3b:88:6c:47:9c:3b:d0:9a:f8:d3:54:78:97:58:21:e7:
+        47:a7:71:4e:ce:34:8a:5c:23:5b:a9:ca:1a:39:3a:ef:2e:56:
+        59:d0:18:42:65:bc:d7:21:85:12:02:26:00:d1:d4:a4:c8:be:
+        f1:e2:06:ce:e9:a0:65:63:99:7c:a5:fe:2e:bb:69:e3:7b:ab:
+        9d:94:ce:55:9a:f9:48:54:0b:64:51:d3:43:86:e6:5d:e3:1e:
+        17:13:f3:b3:3e:53:22:36:f8:17:a7:c2:82:60:b5:be:4a:ab:
+        22:10:26:eb:8c:47:12:64:f4:73:32:fd:01:04:f6:d3:80:3a:
+        c4:d1:5d:6f:33:4d:67:d3:19:94:e3:23:4e:94:28:a8:53:de:
+        d8:09:4b:7f:b1:36:57:55:de:d2:55:2d:89:a2:73:fa:5a:13:
+        67:33:b9:8d:09:8d:0e:06:8b:73:19:ba:cc:86:fc:64:e1:71:
+        f8:7d:f2:ae:55:da:8c:d9:a4:64:71:06:5b:55:5c:25:7f:83:
+        b8:20:e0:12:2a:76:a4:03:c0:a8:d6:d6:f5:5a:3b:31:44:94:
+        8d:91:45:d3
 -----BEGIN CERTIFICATE-----
 MIIEzjCCA7agAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRC1JQ0Ex
 LXBhdGhsZW4xMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
@@ -164,12 +164,12 @@ AAGjggEYMIIBFDAdBgNVHQ4EFgQUZ3j5rRxTQR9GvUmbcy583FwtC/swgdQGA1Ud
 IwSBzDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
 DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqo
-bAHs9mDycFEKTNEU+rzpRDAPBgNVHRMECDAGAQH/AgF/MAsGA1UdDwQEAwIBBjAN
-BgkqhkiG9w0BAQsFAAOCAQEArnBaFPn7xsVeGZIYXvxtepyQNC/UfkLPiIA8ZZb3
-TrcmxapsbKAxUXutkkKcFn5cGvcL0Yq2QfrRofyGbzIViKiyaaY4KhZXVdi+j276
-S+ahK9tNZAwIdjE37MRtKzpioi6aDSlXlTp25LJjkAdyBPRZbr6UABMNE5n4l98W
-tXAy2J+EBz2dvodQMz5OrlHxEjOWxNXR382/6/Ugo0w2nr3TXn9WBekkZXdZZcBT
-xFlfPrM3QYn09Er/bJf28UkJnKKpzxcnMS7bBFL5GKVnbNINEir/MyaDIB4Ogeik
-tpP50KO2SKFaPrfwzbf+Zm4HmbBu5qYrk3vevEFeDdMiZQ==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG
+8aOUZRmhCFjvp40reoPB2jAPBgNVHRMECDAGAQH/AgF/MAsGA1UdDwQEAwIBBjAN
+BgkqhkiG9w0BAQsFAAOCAQEAJpnT3jrbiQ4Iz9pZIVXWVN96KHDgj2Cv5Usecc2M
+5Acaglu9gkg7iGxHnDvQmvjTVHiXWCHnR6dxTs40ilwjW6nKGjk67y5WWdAYQmW8
+1yGFEgImANHUpMi+8eIGzumgZWOZfKX+Lrtp43urnZTOVZr5SFQLZFHTQ4bmXeMe
+FxPzsz5TIjb4F6fCgmC1vkqrIhAm64xHEmT0czL9AQT204A6xNFdbzNNZ9MZlOMj
+TpQoqFPe2AlLf7E2V1Xe0lUtiaJz+loTZzO5jQmNDgaLcxm6zIb8ZOFx+H3yrlXa
+jNmkZHEGW1VcJX+DuCDgEip2pAPAqNbW9Vo7MUSUjZFF0w==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainD-entity.pem b/certs/test-pathlen/chainD-entity.pem
index 97f88a7da..0289e9d17 100644
--- a/certs/test-pathlen/chainD-entity.pem
+++ b/certs/test-pathlen/chainD-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-ICA1-pathlen127, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e2:5d:f4:bd:06:b6:a1:21:3a:2d:7f:cc:f2:5a:
                     15:36:28:0a:f2:bb:16:b5:ec:f9:e7:5b:92:ec:17:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:67:78:F9:AD:1C:53:41:1F:46:BD:49:9B:73:2E:7C:DC:5C:2D:0B:FB
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         91:9a:e9:78:f5:c5:e1:87:94:b2:37:cb:fd:36:af:25:ad:9d:
-         00:33:93:3c:ea:29:04:75:9f:a0:b8:4a:d8:68:3d:9e:94:6b:
-         ac:6e:51:6b:83:92:48:c1:c8:c8:01:48:d9:ac:e5:85:35:4c:
-         43:c2:66:a3:3b:9c:97:71:ea:89:91:38:48:ab:d5:c5:c5:fb:
-         70:40:db:1e:03:9b:a8:fc:2c:93:d6:d1:fb:42:f2:64:7a:43:
-         09:59:3e:ed:71:9e:9d:62:a8:04:c8:52:5a:fd:d2:24:34:2d:
-         22:72:62:27:ca:fb:88:e2:b7:a9:14:b7:0a:89:9d:2d:4f:ea:
-         03:fc:a1:20:d6:98:73:1d:7a:96:42:47:d3:0c:7e:84:3d:1c:
-         f0:5b:90:6c:d0:2b:88:44:03:cc:a6:79:45:4f:bb:29:6b:73:
-         47:ae:4f:70:b0:b4:b6:d1:c7:ec:8e:db:df:81:d9:67:57:67:
-         82:3c:47:5f:92:1f:f0:58:61:9d:0b:9b:c4:4d:1f:4d:b7:d2:
-         80:e6:f7:48:40:91:87:1c:b9:47:c8:68:24:30:a0:ba:ef:e8:
-         7b:2e:33:85:3d:9c:d4:6b:7e:b1:1f:b7:c0:70:5d:77:49:73:
-         a2:f1:58:62:d6:a4:c9:37:d1:52:a4:d6:c6:9a:6e:a3:0c:f9:
-         16:2a:f0:76
+    Signature Value:
+        27:86:58:7e:3a:b1:e2:09:47:0f:50:80:d7:66:e4:12:b9:2e:
+        6a:ce:12:57:e7:eb:dc:7d:e4:80:6c:ee:2d:20:a9:71:30:5e:
+        9c:2a:54:c2:87:91:d5:d9:bf:93:63:0e:7f:60:20:3e:0c:8e:
+        04:c8:d9:34:8c:95:81:97:9f:a9:09:9d:fe:49:fd:2c:57:69:
+        be:d8:1c:ff:e1:75:56:22:85:5e:f4:81:5e:05:51:d3:55:ec:
+        85:9c:cd:84:60:1f:77:f4:f6:b4:44:b9:3b:f6:8d:2a:c1:91:
+        e7:64:26:b0:46:3c:17:13:a7:4d:d9:ea:ce:62:6d:0f:86:c1:
+        77:87:35:9f:8a:39:98:22:a3:63:ef:8d:76:e4:0a:b3:10:99:
+        a6:65:46:8d:2d:e9:c4:7d:08:2e:37:33:70:18:0b:b2:f1:ba:
+        d5:ee:b6:d7:b0:63:cf:26:48:cc:0d:8e:c6:f3:30:97:d8:05:
+        31:92:8b:ad:31:6d:c0:5c:c8:05:49:77:b9:f1:0b:de:c8:a2:
+        a0:dc:dc:6c:9c:5b:07:29:d6:13:af:67:13:5f:d3:93:a3:93:
+        a7:3b:84:41:6b:0b:25:99:e3:a9:a6:a9:18:0f:6a:84:73:23:
+        e4:4b:8c:4f:c5:4c:6b:36:73:86:0a:79:2e:0b:38:45:cf:b9:
+        2c:34:8d:46
 -----BEGIN CERTIFICATE-----
 MIIErDCCA5SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluRC1JQ0ExLXBhdGhsZW4xMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluRC1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -77,10 +77,10 @@ BgNVHSMEgbkwgbaAFGd4+a0cU0EfRr1Jm3MufNxcLQv7oYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIB
-ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCRmul49cXhh5SyN8v9Nq8l
-rZ0AM5M86ikEdZ+guErYaD2elGusblFrg5JIwcjIAUjZrOWFNUxDwmajO5yXceqJ
-kThIq9XFxftwQNseA5uo/CyT1tH7QvJkekMJWT7tcZ6dYqgEyFJa/dIkNC0icmIn
-yvuI4repFLcKiZ0tT+oD/KEg1phzHXqWQkfTDH6EPRzwW5Bs0CuIRAPMpnlFT7sp
-a3NHrk9wsLS20cfsjtvfgdlnV2eCPEdfkh/wWGGdC5vETR9Nt9KA5vdIQJGHHLlH
-yGgkMKC67+h7LjOFPZzUa36xH7fAcF13SXOi8Vhi1qTJN9FSpNbGmm6jDPkWKvB2
+ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAnhlh+OrHiCUcPUIDXZuQS
+uS5qzhJX5+vcfeSAbO4tIKlxMF6cKlTCh5HV2b+TYw5/YCA+DI4EyNk0jJWBl5+p
+CZ3+Sf0sV2m+2Bz/4XVWIoVe9IFeBVHTVeyFnM2EYB939Pa0RLk79o0qwZHnZCaw
+RjwXE6dN2erOYm0PhsF3hzWfijmYIqNj74125AqzEJmmZUaNLenEfQguNzNwGAuy
+8brV7rbXsGPPJkjMDY7G8zCX2AUxkoutMW3AXMgFSXe58QveyKKg3NxsnFsHKdYT
+r2cTX9OTo5OnO4RBawslmeOppqkYD2qEcyPkS4xPxUxrNnOGCnkuCzhFz7ksNI1G
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainE-ICA1-pathlen128.pem b/certs/test-pathlen/chainE-ICA1-pathlen128.pem
index 9093f9ef1..7eb3b2c86 100644
--- a/certs/test-pathlen/chainE-ICA1-pathlen128.pem
+++ b/certs/test-pathlen/chainE-ICA1-pathlen128.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainE-ICA1-pathlen128, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d6:f3:6f:b8:db:10:df:89:df:3b:d9:2e:7a:c1:
                     34:1a:56:97:6c:73:04:fc:15:50:04:93:66:cb:17:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:128
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         95:df:c8:9f:0d:1a:2a:2b:8a:79:0c:c4:a9:05:4f:fc:a4:04:
-         d3:79:37:84:77:8d:17:db:d7:14:6b:1c:f5:f7:e8:04:6a:02:
-         ce:b3:63:39:f3:6e:9c:9d:0b:96:d1:dc:46:d0:3c:57:a1:19:
-         f9:aa:74:b0:16:15:18:91:c1:e9:9e:d6:52:b1:f0:d5:ac:0e:
-         cb:ca:06:e5:88:b1:4c:ad:af:a4:29:db:ce:ae:ce:d3:30:db:
-         99:f3:2a:77:e7:64:cc:07:2a:f0:e5:a9:27:97:ea:d6:a6:59:
-         a5:0c:42:4f:02:a4:31:42:fc:9b:92:de:8b:52:d3:92:8c:fd:
-         04:c2:d5:7b:80:bb:7a:90:ba:be:33:10:fd:07:d6:53:7f:b9:
-         86:93:9f:1b:4c:66:75:d4:d1:0b:cd:10:76:23:0e:37:a2:d6:
-         c1:5f:91:2b:d0:14:c3:2f:e7:46:e4:e9:6d:2d:f0:05:e5:78:
-         25:3c:7d:1d:1c:23:9a:cb:ba:30:c2:52:98:4e:16:ad:f4:30:
-         22:4a:41:e5:1c:c7:da:b1:79:ed:cd:b2:c3:83:42:a6:26:6e:
-         ee:4f:9f:14:f7:6e:f2:e9:70:07:0b:c9:59:5a:8f:50:10:cf:
-         09:77:a3:e1:96:47:e8:85:86:cd:8a:11:30:a0:72:05:11:50:
-         7e:ee:0b:e6
+    Signature Value:
+        1f:0a:51:ca:7f:ed:b8:62:ae:d4:7b:ad:d2:dc:82:16:68:de:
+        bd:0b:ff:7b:07:e9:ee:32:50:44:9c:f1:e7:a3:a5:3f:f2:c1:
+        4a:fa:2f:83:1a:b4:0a:8d:a2:40:4b:56:3b:66:62:c7:6e:ed:
+        13:76:0a:8a:ba:12:0c:81:57:9f:13:c5:08:ad:93:42:28:1c:
+        e5:fc:73:c2:21:4a:7f:4a:f8:b5:88:9f:65:55:d6:68:5b:7b:
+        94:b7:1b:9e:ab:12:f8:d9:05:c1:20:3f:75:5e:c9:88:83:9c:
+        fe:8e:68:5f:45:d7:df:c6:ee:8f:24:8c:b6:f3:7f:7b:77:8a:
+        5e:d8:0b:d8:3e:15:96:cf:49:45:f9:8b:54:75:83:d0:c6:45:
+        97:0b:31:11:89:47:68:03:e4:65:1f:a4:a4:17:40:0a:54:c4:
+        83:da:97:b8:0d:b4:ce:42:32:c6:ec:0e:90:c7:b5:33:18:a4:
+        98:27:8d:f5:4d:d6:23:38:ab:56:95:e2:c7:1f:2c:68:c5:5f:
+        88:57:60:ff:f6:18:3f:2f:30:fe:5e:22:6b:79:d3:b1:26:dc:
+        2a:17:4d:69:71:37:63:45:08:b5:22:18:80:41:e0:73:16:2d:
+        05:97:22:3a:18:d8:c9:94:e4:04:73:34:7b:b6:a1:4d:1f:90:
+        7c:4b:07:bf
 -----BEGIN CERTIFICATE-----
 MIIEzzCCA7egAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRS1JQ0Ex
 LXBhdGhsZW4xMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
@@ -78,12 +78,12 @@ AAGjggEZMIIBFTAdBgNVHQ4EFgQURHsAfJwcl5+XqmvyXuaBfA6u5iswgdQGA1Ud
 IwSBzDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
 DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqo
-bAHs9mDycFEKTNEU+rzpRDAQBgNVHRMECTAHAQH/AgIAgDALBgNVHQ8EBAMCAQYw
-DQYJKoZIhvcNAQELBQADggEBAJXfyJ8NGiorinkMxKkFT/ykBNN5N4R3jRfb1xRr
-HPX36ARqAs6zYznzbpydC5bR3EbQPFehGfmqdLAWFRiRweme1lKx8NWsDsvKBuWI
-sUytr6Qp286uztMw25nzKnfnZMwHKvDlqSeX6tamWaUMQk8CpDFC/JuS3otS05KM
-/QTC1XuAu3qQur4zEP0H1lN/uYaTnxtMZnXU0QvNEHYjDjei1sFfkSvQFMMv50bk
-6W0t8AXleCU8fR0cI5rLujDCUphOFq30MCJKQeUcx9qxee3NssODQqYmbu5PnxT3
-bvLpcAcLyVlaj1AQzwl3o+GWR+iFhs2KETCgcgURUH7uC+Y=
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG
+8aOUZRmhCFjvp40reoPB2jAQBgNVHRMECTAHAQH/AgIAgDALBgNVHQ8EBAMCAQYw
+DQYJKoZIhvcNAQELBQADggEBAB8KUcp/7bhirtR7rdLcghZo3r0L/3sH6e4yUESc
+8eejpT/ywUr6L4MatAqNokBLVjtmYsdu7RN2Coq6EgyBV58TxQitk0IoHOX8c8Ih
+Sn9K+LWIn2VV1mhbe5S3G56rEvjZBcEgP3VeyYiDnP6OaF9F19/G7o8kjLbzf3t3
+il7YC9g+FZbPSUX5i1R1g9DGRZcLMRGJR2gD5GUfpKQXQApUxIPal7gNtM5CMsbs
+DpDHtTMYpJgnjfVN1iM4q1aV4scfLGjFX4hXYP/2GD8vMP5eImt507Em3CoXTWlx
+N2NFCLUiGIBB4HMWLQWXIjoY2MmU5ARzNHu2oU0fkHxLB78=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainE-assembled.pem b/certs/test-pathlen/chainE-assembled.pem
index bc868c384..416ab651d 100644
--- a/certs/test-pathlen/chainE-assembled.pem
+++ b/certs/test-pathlen/chainE-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainE-ICA1-pathlen128, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainE-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d8:6f:49:bb:56:ea:34:4c:25:a6:8c:44:f6:c9:
                     75:8f:6b:83:b8:8b:ec:c6:f6:d3:c7:40:e2:d1:b2:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:44:7B:00:7C:9C:1C:97:9F:97:AA:6B:F2:5E:E6:81:7C:0E:AE:E6:2B
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         65:49:39:85:07:68:20:fe:f9:28:cb:c8:ec:2a:c9:6b:2c:06:
-         da:1b:92:b0:d7:c4:5c:37:7b:a5:48:16:15:77:08:05:0a:55:
-         2f:b7:f7:2b:ef:dd:dc:63:ab:04:f1:24:bf:ef:f4:73:43:1d:
-         5d:2a:1a:69:f5:a9:e8:af:d2:56:77:79:c0:46:07:95:b6:af:
-         b3:cb:2e:6b:6b:ed:99:29:cd:cc:4d:f4:f9:e6:25:1f:5b:e3:
-         a0:82:a9:5b:c3:73:6c:9a:c4:0b:5a:80:8a:16:5d:32:99:5d:
-         c2:85:ab:bb:94:f7:54:62:f4:8e:d5:7f:dd:ff:84:50:de:55:
-         e2:0d:67:52:32:5e:48:e0:36:b3:aa:a5:d6:57:35:cb:7a:2b:
-         d3:4e:42:75:15:56:f2:2f:45:9c:99:c5:4c:e7:2d:45:6e:86:
-         2f:4b:84:bf:49:1d:b2:fb:85:53:0a:99:28:fd:7a:3f:e8:b4:
-         a5:b9:6c:c2:55:cd:f3:82:c0:a3:ef:85:ed:69:28:78:1d:81:
-         0e:19:bd:a8:fb:a6:b7:ff:09:36:54:a6:44:96:cf:15:0c:45:
-         7e:ba:9a:50:4d:14:82:dc:ba:c2:97:08:74:89:a7:ff:ed:52:
-         89:ac:65:65:70:9a:8e:8a:43:86:46:a1:f8:23:96:e2:0a:65:
-         3f:2d:94:35
+    Signature Value:
+        af:d9:4f:48:01:07:74:ac:5a:19:b3:b8:d4:8d:a9:ff:f8:23:
+        57:c3:3b:e6:f5:ac:41:ab:0a:b5:71:32:a3:4f:4a:14:90:c4:
+        eb:ef:65:38:88:97:92:79:2d:7e:64:29:be:2a:5a:48:9b:b9:
+        b1:d7:4f:1c:3a:46:fc:2e:e9:72:4f:97:f7:c7:f5:f0:a2:d6:
+        01:7d:49:99:c8:ac:a2:b7:f9:4c:d5:57:8d:b0:69:b6:fa:59:
+        7e:77:9a:bc:61:bc:74:1c:24:75:d3:2e:1e:ea:79:9f:8c:c2:
+        75:e7:a5:54:b7:d9:3c:40:b5:45:d5:e9:e3:24:00:76:67:a2:
+        64:31:24:a7:2a:30:be:4f:c2:56:dd:89:0e:0d:09:1e:84:14:
+        a2:c8:32:6f:59:2d:df:7e:8c:75:a0:83:19:cc:a5:49:99:e1:
+        70:09:f0:70:83:32:3d:2b:07:f3:76:0a:ee:fc:91:d4:b3:b9:
+        0f:b7:73:f4:9b:f3:58:c7:4e:80:27:48:aa:72:f9:01:42:41:
+        e6:b7:5c:c1:93:47:48:e5:b9:54:d3:c2:de:02:8e:05:35:49:
+        36:82:62:5d:a7:08:9a:d0:d3:eb:a4:48:2c:a1:5a:39:06:01:
+        4f:9b:c4:19:c4:a2:36:b8:72:4c:50:cb:3e:77:e9:85:92:7b:
+        d5:91:4c:56
 -----BEGIN CERTIFICATE-----
 MIIErDCCA5SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluRS1JQ0ExLXBhdGhsZW4xMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluRS1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -77,12 +77,12 @@ BgNVHSMEgbkwgbaAFER7AHycHJefl6pr8l7mgXwOruYroYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIB
-ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBlSTmFB2gg/vkoy8jsKslr
-LAbaG5Kw18RcN3ulSBYVdwgFClUvt/cr793cY6sE8SS/7/RzQx1dKhpp9anor9JW
-d3nARgeVtq+zyy5ra+2ZKc3MTfT55iUfW+Oggqlbw3NsmsQLWoCKFl0ymV3Chau7
-lPdUYvSO1X/d/4RQ3lXiDWdSMl5I4DazqqXWVzXLeivTTkJ1FVbyL0WcmcVM5y1F
-boYvS4S/SR2y+4VTCpko/Xo/6LSluWzCVc3zgsCj74XtaSh4HYEOGb2o+6a3/wk2
-VKZEls8VDEV+uppQTRSC3LrClwh0iaf/7VKJrGVlcJqOikOGRqH4I5biCmU/LZQ1
+ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCv2U9IAQd0rFoZs7jUjan/
++CNXwzvm9axBqwq1cTKjT0oUkMTr72U4iJeSeS1+ZCm+KlpIm7mx108cOkb8Luly
+T5f3x/XwotYBfUmZyKyit/lM1VeNsGm2+ll+d5q8Ybx0HCR10y4e6nmfjMJ156VU
+t9k8QLVF1enjJAB2Z6JkMSSnKjC+T8JW3YkODQkehBSiyDJvWS3ffox1oIMZzKVJ
+meFwCfBwgzI9Kwfzdgru/JHUs7kPt3P0m/NYx06AJ0iqcvkBQkHmt1zBk0dI5blU
+08LeAo4FNUk2gmJdpwia0NPrpEgsoVo5BgFPm8QZxKI2uHJMUMs+d+mFknvVkUxW
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -91,12 +91,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainE-ICA1-pathlen128, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d6:f3:6f:b8:db:10:df:89:df:3b:d9:2e:7a:c1:
                     34:1a:56:97:6c:73:04:fc:15:50:04:93:66:cb:17:
@@ -123,34 +123,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:128
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         95:df:c8:9f:0d:1a:2a:2b:8a:79:0c:c4:a9:05:4f:fc:a4:04:
-         d3:79:37:84:77:8d:17:db:d7:14:6b:1c:f5:f7:e8:04:6a:02:
-         ce:b3:63:39:f3:6e:9c:9d:0b:96:d1:dc:46:d0:3c:57:a1:19:
-         f9:aa:74:b0:16:15:18:91:c1:e9:9e:d6:52:b1:f0:d5:ac:0e:
-         cb:ca:06:e5:88:b1:4c:ad:af:a4:29:db:ce:ae:ce:d3:30:db:
-         99:f3:2a:77:e7:64:cc:07:2a:f0:e5:a9:27:97:ea:d6:a6:59:
-         a5:0c:42:4f:02:a4:31:42:fc:9b:92:de:8b:52:d3:92:8c:fd:
-         04:c2:d5:7b:80:bb:7a:90:ba:be:33:10:fd:07:d6:53:7f:b9:
-         86:93:9f:1b:4c:66:75:d4:d1:0b:cd:10:76:23:0e:37:a2:d6:
-         c1:5f:91:2b:d0:14:c3:2f:e7:46:e4:e9:6d:2d:f0:05:e5:78:
-         25:3c:7d:1d:1c:23:9a:cb:ba:30:c2:52:98:4e:16:ad:f4:30:
-         22:4a:41:e5:1c:c7:da:b1:79:ed:cd:b2:c3:83:42:a6:26:6e:
-         ee:4f:9f:14:f7:6e:f2:e9:70:07:0b:c9:59:5a:8f:50:10:cf:
-         09:77:a3:e1:96:47:e8:85:86:cd:8a:11:30:a0:72:05:11:50:
-         7e:ee:0b:e6
+    Signature Value:
+        1f:0a:51:ca:7f:ed:b8:62:ae:d4:7b:ad:d2:dc:82:16:68:de:
+        bd:0b:ff:7b:07:e9:ee:32:50:44:9c:f1:e7:a3:a5:3f:f2:c1:
+        4a:fa:2f:83:1a:b4:0a:8d:a2:40:4b:56:3b:66:62:c7:6e:ed:
+        13:76:0a:8a:ba:12:0c:81:57:9f:13:c5:08:ad:93:42:28:1c:
+        e5:fc:73:c2:21:4a:7f:4a:f8:b5:88:9f:65:55:d6:68:5b:7b:
+        94:b7:1b:9e:ab:12:f8:d9:05:c1:20:3f:75:5e:c9:88:83:9c:
+        fe:8e:68:5f:45:d7:df:c6:ee:8f:24:8c:b6:f3:7f:7b:77:8a:
+        5e:d8:0b:d8:3e:15:96:cf:49:45:f9:8b:54:75:83:d0:c6:45:
+        97:0b:31:11:89:47:68:03:e4:65:1f:a4:a4:17:40:0a:54:c4:
+        83:da:97:b8:0d:b4:ce:42:32:c6:ec:0e:90:c7:b5:33:18:a4:
+        98:27:8d:f5:4d:d6:23:38:ab:56:95:e2:c7:1f:2c:68:c5:5f:
+        88:57:60:ff:f6:18:3f:2f:30:fe:5e:22:6b:79:d3:b1:26:dc:
+        2a:17:4d:69:71:37:63:45:08:b5:22:18:80:41:e0:73:16:2d:
+        05:97:22:3a:18:d8:c9:94:e4:04:73:34:7b:b6:a1:4d:1f:90:
+        7c:4b:07:bf
 -----BEGIN CERTIFICATE-----
 MIIEzzCCA7egAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRS1JQ0Ex
 LXBhdGhsZW4xMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
@@ -164,12 +164,12 @@ AAGjggEZMIIBFTAdBgNVHQ4EFgQURHsAfJwcl5+XqmvyXuaBfA6u5iswgdQGA1Ud
 IwSBzDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
 DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqo
-bAHs9mDycFEKTNEU+rzpRDAQBgNVHRMECTAHAQH/AgIAgDALBgNVHQ8EBAMCAQYw
-DQYJKoZIhvcNAQELBQADggEBAJXfyJ8NGiorinkMxKkFT/ykBNN5N4R3jRfb1xRr
-HPX36ARqAs6zYznzbpydC5bR3EbQPFehGfmqdLAWFRiRweme1lKx8NWsDsvKBuWI
-sUytr6Qp286uztMw25nzKnfnZMwHKvDlqSeX6tamWaUMQk8CpDFC/JuS3otS05KM
-/QTC1XuAu3qQur4zEP0H1lN/uYaTnxtMZnXU0QvNEHYjDjei1sFfkSvQFMMv50bk
-6W0t8AXleCU8fR0cI5rLujDCUphOFq30MCJKQeUcx9qxee3NssODQqYmbu5PnxT3
-bvLpcAcLyVlaj1AQzwl3o+GWR+iFhs2KETCgcgURUH7uC+Y=
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG
+8aOUZRmhCFjvp40reoPB2jAQBgNVHRMECTAHAQH/AgIAgDALBgNVHQ8EBAMCAQYw
+DQYJKoZIhvcNAQELBQADggEBAB8KUcp/7bhirtR7rdLcghZo3r0L/3sH6e4yUESc
+8eejpT/ywUr6L4MatAqNokBLVjtmYsdu7RN2Coq6EgyBV58TxQitk0IoHOX8c8Ih
+Sn9K+LWIn2VV1mhbe5S3G56rEvjZBcEgP3VeyYiDnP6OaF9F19/G7o8kjLbzf3t3
+il7YC9g+FZbPSUX5i1R1g9DGRZcLMRGJR2gD5GUfpKQXQApUxIPal7gNtM5CMsbs
+DpDHtTMYpJgnjfVN1iM4q1aV4scfLGjFX4hXYP/2GD8vMP5eImt507Em3CoXTWlx
+N2NFCLUiGIBB4HMWLQWXIjoY2MmU5ARzNHu2oU0fkHxLB78=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainE-entity.pem b/certs/test-pathlen/chainE-entity.pem
index aa46f00a5..ba37f8772 100644
--- a/certs/test-pathlen/chainE-entity.pem
+++ b/certs/test-pathlen/chainE-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainE-ICA1-pathlen128, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainE-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d8:6f:49:bb:56:ea:34:4c:25:a6:8c:44:f6:c9:
                     75:8f:6b:83:b8:8b:ec:c6:f6:d3:c7:40:e2:d1:b2:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:44:7B:00:7C:9C:1C:97:9F:97:AA:6B:F2:5E:E6:81:7C:0E:AE:E6:2B
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         65:49:39:85:07:68:20:fe:f9:28:cb:c8:ec:2a:c9:6b:2c:06:
-         da:1b:92:b0:d7:c4:5c:37:7b:a5:48:16:15:77:08:05:0a:55:
-         2f:b7:f7:2b:ef:dd:dc:63:ab:04:f1:24:bf:ef:f4:73:43:1d:
-         5d:2a:1a:69:f5:a9:e8:af:d2:56:77:79:c0:46:07:95:b6:af:
-         b3:cb:2e:6b:6b:ed:99:29:cd:cc:4d:f4:f9:e6:25:1f:5b:e3:
-         a0:82:a9:5b:c3:73:6c:9a:c4:0b:5a:80:8a:16:5d:32:99:5d:
-         c2:85:ab:bb:94:f7:54:62:f4:8e:d5:7f:dd:ff:84:50:de:55:
-         e2:0d:67:52:32:5e:48:e0:36:b3:aa:a5:d6:57:35:cb:7a:2b:
-         d3:4e:42:75:15:56:f2:2f:45:9c:99:c5:4c:e7:2d:45:6e:86:
-         2f:4b:84:bf:49:1d:b2:fb:85:53:0a:99:28:fd:7a:3f:e8:b4:
-         a5:b9:6c:c2:55:cd:f3:82:c0:a3:ef:85:ed:69:28:78:1d:81:
-         0e:19:bd:a8:fb:a6:b7:ff:09:36:54:a6:44:96:cf:15:0c:45:
-         7e:ba:9a:50:4d:14:82:dc:ba:c2:97:08:74:89:a7:ff:ed:52:
-         89:ac:65:65:70:9a:8e:8a:43:86:46:a1:f8:23:96:e2:0a:65:
-         3f:2d:94:35
+    Signature Value:
+        af:d9:4f:48:01:07:74:ac:5a:19:b3:b8:d4:8d:a9:ff:f8:23:
+        57:c3:3b:e6:f5:ac:41:ab:0a:b5:71:32:a3:4f:4a:14:90:c4:
+        eb:ef:65:38:88:97:92:79:2d:7e:64:29:be:2a:5a:48:9b:b9:
+        b1:d7:4f:1c:3a:46:fc:2e:e9:72:4f:97:f7:c7:f5:f0:a2:d6:
+        01:7d:49:99:c8:ac:a2:b7:f9:4c:d5:57:8d:b0:69:b6:fa:59:
+        7e:77:9a:bc:61:bc:74:1c:24:75:d3:2e:1e:ea:79:9f:8c:c2:
+        75:e7:a5:54:b7:d9:3c:40:b5:45:d5:e9:e3:24:00:76:67:a2:
+        64:31:24:a7:2a:30:be:4f:c2:56:dd:89:0e:0d:09:1e:84:14:
+        a2:c8:32:6f:59:2d:df:7e:8c:75:a0:83:19:cc:a5:49:99:e1:
+        70:09:f0:70:83:32:3d:2b:07:f3:76:0a:ee:fc:91:d4:b3:b9:
+        0f:b7:73:f4:9b:f3:58:c7:4e:80:27:48:aa:72:f9:01:42:41:
+        e6:b7:5c:c1:93:47:48:e5:b9:54:d3:c2:de:02:8e:05:35:49:
+        36:82:62:5d:a7:08:9a:d0:d3:eb:a4:48:2c:a1:5a:39:06:01:
+        4f:9b:c4:19:c4:a2:36:b8:72:4c:50:cb:3e:77:e9:85:92:7b:
+        d5:91:4c:56
 -----BEGIN CERTIFICATE-----
 MIIErDCCA5SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluRS1JQ0ExLXBhdGhsZW4xMjgxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluRS1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -77,10 +77,10 @@ BgNVHSMEgbkwgbaAFER7AHycHJefl6pr8l7mgXwOruYroYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIB
-ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBlSTmFB2gg/vkoy8jsKslr
-LAbaG5Kw18RcN3ulSBYVdwgFClUvt/cr793cY6sE8SS/7/RzQx1dKhpp9anor9JW
-d3nARgeVtq+zyy5ra+2ZKc3MTfT55iUfW+Oggqlbw3NsmsQLWoCKFl0ymV3Chau7
-lPdUYvSO1X/d/4RQ3lXiDWdSMl5I4DazqqXWVzXLeivTTkJ1FVbyL0WcmcVM5y1F
-boYvS4S/SR2y+4VTCpko/Xo/6LSluWzCVc3zgsCj74XtaSh4HYEOGb2o+6a3/wk2
-VKZEls8VDEV+uppQTRSC3LrClwh0iaf/7VKJrGVlcJqOikOGRqH4I5biCmU/LZQ1
+ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCv2U9IAQd0rFoZs7jUjan/
++CNXwzvm9axBqwq1cTKjT0oUkMTr72U4iJeSeS1+ZCm+KlpIm7mx108cOkb8Luly
+T5f3x/XwotYBfUmZyKyit/lM1VeNsGm2+ll+d5q8Ybx0HCR10y4e6nmfjMJ156VU
+t9k8QLVF1enjJAB2Z6JkMSSnKjC+T8JW3YkODQkehBSiyDJvWS3ffox1oIMZzKVJ
+meFwCfBwgzI9Kwfzdgru/JHUs7kPt3P0m/NYx06AJ0iqcvkBQkHmt1zBk0dI5blU
+08LeAo4FNUk2gmJdpwia0NPrpEgsoVo5BgFPm8QZxKI2uHJMUMs+d+mFknvVkUxW
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainF-ICA1-pathlen1.pem b/certs/test-pathlen/chainF-ICA1-pathlen1.pem
index e2a14fe4b..b279272ee 100644
--- a/certs/test-pathlen/chainF-ICA1-pathlen1.pem
+++ b/certs/test-pathlen/chainF-ICA1-pathlen1.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA2-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e0:13:c9:b0:8e:9d:3f:88:d4:30:4a:b4:e8:11:
                     21:93:5c:20:45:08:f8:7a:91:b9:2c:ad:ff:60:aa:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:4A:53:4A:B7:30:78:35:91:B4:CB:DD:C8:22:74:89:AF:80:0F:7F:68
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         b3:d8:4b:f8:59:d5:7a:95:55:af:eb:07:0c:ac:db:b5:cc:b8:
-         aa:0d:81:1b:31:d4:0f:8a:ef:da:28:0e:52:f1:8b:25:54:47:
-         11:d8:62:a2:5b:5e:d5:fb:6d:b5:57:b4:a3:b6:d2:e0:e1:50:
-         8b:e1:7e:cd:3b:48:54:4b:55:48:18:12:fe:55:3b:1e:e2:b8:
-         34:b2:77:f7:21:05:9f:32:43:34:db:e4:d4:e3:d2:74:98:3e:
-         1f:39:97:ef:e3:89:d9:e2:c0:77:f9:d4:74:a5:13:c0:ce:9e:
-         3e:42:bc:0d:44:73:c5:76:47:81:dc:40:f4:06:bf:29:66:51:
-         7b:41:c5:35:73:fe:5c:7a:9c:bf:4c:19:c5:2b:7b:02:1f:45:
-         66:0c:64:01:29:77:a8:a2:ef:ba:61:19:27:a1:56:41:a6:73:
-         5d:9f:39:86:38:e9:0a:31:23:55:f1:02:54:ce:96:18:32:ae:
-         22:03:1d:fb:cb:90:45:54:8f:d2:29:17:9d:44:65:68:8c:d2:
-         25:df:a8:c2:29:1e:66:2c:c4:57:a1:ab:93:c7:34:a2:e3:94:
-         bd:dc:8f:51:d2:08:a6:3c:63:c9:c1:ee:90:de:39:92:fc:5e:
-         85:d4:f9:f0:b8:6e:09:30:0c:25:ce:c8:86:c1:75:5d:e8:e8:
-         90:90:ad:0d
+    Signature Value:
+        ad:61:8c:4f:98:84:87:b0:90:fb:4e:07:74:cf:14:6c:8f:30:
+        f6:13:85:db:b2:5e:12:af:9e:ab:4e:58:4e:15:75:c7:bd:8e:
+        50:e8:82:65:a6:0a:de:a3:1a:2c:d7:ba:13:6a:ba:17:f8:4e:
+        2b:ea:69:e5:c3:e1:55:ac:13:f6:c0:58:e6:a0:70:8f:c5:b8:
+        fc:a9:e9:58:07:c4:c5:0a:1f:8e:be:fb:85:ed:af:de:5e:fe:
+        cc:f5:63:50:d9:dc:83:76:0d:08:a2:61:48:43:af:0f:a5:41:
+        f0:5b:82:b2:53:de:ed:9f:55:d2:33:d7:4f:98:e2:5d:73:70:
+        b7:c5:92:e0:02:e2:5f:67:89:95:56:89:00:bd:76:e8:b9:72:
+        4d:02:c6:73:a1:fe:56:76:57:70:23:5f:e8:25:a3:38:2b:f6:
+        51:f7:c5:6f:41:62:43:e0:71:62:a0:42:2c:31:7b:c1:37:dc:
+        51:31:e4:b6:81:15:0a:78:35:8a:34:37:f7:93:46:4b:34:f3:
+        4a:32:8a:a0:2b:05:35:0e:16:d4:96:af:b0:95:65:5a:fc:f6:
+        3f:90:e2:f4:55:3e:54:f6:5e:31:e1:59:2c:da:af:c7:a6:65:
+        e5:ee:c5:d2:d2:09:4d:57:d7:04:0b:1e:4b:63:e7:91:0c:4a:
+        88:34:b3:a8
 -----BEGIN CERTIFICATE-----
 MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRi1JQ0EyLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkYtSUNBMS1wYXRobGVuMTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -80,10 +80,10 @@ lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
-AQELBQADggEBALPYS/hZ1XqVVa/rBwys27XMuKoNgRsx1A+K79ooDlLxiyVURxHY
-YqJbXtX7bbVXtKO20uDhUIvhfs07SFRLVUgYEv5VOx7iuDSyd/chBZ8yQzTb5NTj
-0nSYPh85l+/jidniwHf51HSlE8DOnj5CvA1Ec8V2R4HcQPQGvylmUXtBxTVz/lx6
-nL9MGcUrewIfRWYMZAEpd6ii77phGSehVkGmc12fOYY46QoxI1XxAlTOlhgyriID
-HfvLkEVUj9IpF51EZWiM0iXfqMIpHmYsxFehq5PHNKLjlL3cj1HSCKY8Y8nB7pDe
-OZL8XoXU+fC4bgkwDCXOyIbBdV3o6JCQrQ0=
+AQELBQADggEBAK1hjE+YhIewkPtOB3TPFGyPMPYThduyXhKvnqtOWE4Vdce9jlDo
+gmWmCt6jGizXuhNquhf4TivqaeXD4VWsE/bAWOagcI/FuPyp6VgHxMUKH46++4Xt
+r95e/sz1Y1DZ3IN2DQiiYUhDrw+lQfBbgrJT3u2fVdIz10+Y4l1zcLfFkuAC4l9n
+iZVWiQC9dui5ck0CxnOh/lZ2V3AjX+glozgr9lH3xW9BYkPgcWKgQiwxe8E33FEx
+5LaBFQp4NYo0N/eTRks080oyiqArBTUOFtSWr7CVZVr89j+Q4vRVPlT2XjHhWSza
+r8emZeXuxdLSCU1X1wQLHktj55EMSog0s6g=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainF-ICA2-pathlen0.pem b/certs/test-pathlen/chainF-ICA2-pathlen0.pem
index 09e2a4232..8459aa6f7 100644
--- a/certs/test-pathlen/chainF-ICA2-pathlen0.pem
+++ b/certs/test-pathlen/chainF-ICA2-pathlen0.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA2-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:da:3a:22:65:f8:6d:1c:b7:1c:87:dd:27:f4:d7:
                     75:aa:7c:1c:37:31:b4:d6:a5:34:4b:36:40:ea:55:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         9b:28:44:f3:e9:c3:e9:38:03:1a:19:ac:80:f8:ef:e8:a6:3e:
-         83:80:71:30:48:6c:8e:28:10:f8:84:d3:12:0b:35:fc:f3:51:
-         87:9b:ef:48:9a:fd:5b:ca:b2:4e:61:94:ae:5b:a7:a7:36:2e:
-         e2:da:83:19:82:e4:cb:70:5d:c5:1a:de:4c:b6:be:c6:6e:d9:
-         f8:6c:6e:64:b4:96:7f:18:ba:b5:54:f1:8a:6f:75:27:e3:51:
-         98:50:f7:92:ff:a3:e8:65:ae:62:ab:7f:94:7c:e3:f9:3a:f5:
-         6d:9a:d7:98:6a:3b:5a:b3:1f:73:92:ad:f2:6b:7e:e5:10:ee:
-         3d:5a:73:28:18:0f:5c:e0:99:6f:1e:5f:61:da:e1:a4:d4:a1:
-         e7:69:b1:e0:9b:ba:e9:1b:6d:60:e2:b5:c6:9e:19:9f:21:d4:
-         d6:2f:da:56:15:d8:4f:b5:82:b2:62:83:a0:cd:70:05:2c:21:
-         61:6d:92:9a:91:fa:16:4e:0c:e1:4a:72:6f:ad:41:d1:d4:ed:
-         45:4d:07:8c:cf:79:9e:e5:95:3b:d6:27:cc:7d:f5:44:1d:6f:
-         90:4b:ef:0d:f5:7f:4a:3e:87:82:ad:db:01:40:42:85:4a:b0:
-         85:9b:cd:6b:0b:c3:a2:5e:48:c9:21:47:9d:f1:b0:2d:bc:5e:
-         d1:5f:a2:f5
+    Signature Value:
+        29:47:3b:ef:6e:d7:f9:18:75:75:19:df:76:1c:ae:ef:f6:1e:
+        24:6c:fa:f1:cc:3a:6f:ec:e7:2f:40:b8:93:c1:4c:76:c8:c9:
+        c8:88:17:9e:7c:28:47:81:a3:24:d0:3c:38:74:af:e1:1a:b6:
+        93:23:51:9f:2f:03:8b:a3:f3:38:c4:c4:bf:95:66:d1:6c:18:
+        2c:49:ed:cb:93:62:94:51:f8:39:59:6e:0a:d7:55:50:7e:0b:
+        1e:43:a8:25:30:70:c8:80:b1:dd:d6:fa:6f:c7:f2:ee:e7:07:
+        a2:b3:4b:16:b5:2a:39:b7:e6:d2:7f:df:72:f1:1f:27:3d:cc:
+        58:95:15:3c:5e:57:2b:83:91:03:61:0e:53:b2:fa:8a:51:1f:
+        73:19:8b:86:47:31:36:f1:84:b6:27:88:51:01:94:a1:41:f7:
+        1b:8c:55:c3:67:c2:31:60:68:83:2c:03:84:15:6a:d0:13:23:
+        bc:ce:e6:24:79:21:1f:0c:a2:7f:c0:a0:78:71:e2:21:a6:e7:
+        03:c3:8d:ce:80:0e:8b:f7:f2:6e:96:22:9a:ad:45:e2:ca:42:
+        ba:6b:60:d3:a9:43:d3:77:de:c4:37:33:40:42:b3:7c:ae:9b:
+        5e:20:5e:93:04:7a:c2:c0:69:04:19:ac:7b:44:3d:d5:d0:05:
+        f2:8a:53:86
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluRi1JQ0Ey
 LXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFEpTSrcweDWRtMvdyCJ0ia+AD39oMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAJsoRPPpw+k4AxoZrID47+imPoOAcTBIbI4oEPiE0xIL
-NfzzUYeb70ia/VvKsk5hlK5bp6c2LuLagxmC5MtwXcUa3ky2vsZu2fhsbmS0ln8Y
-urVU8YpvdSfjUZhQ95L/o+hlrmKrf5R84/k69W2a15hqO1qzH3OSrfJrfuUQ7j1a
-cygYD1zgmW8eX2Ha4aTUoedpseCbuukbbWDitcaeGZ8h1NYv2lYV2E+1grJig6DN
-cAUsIWFtkpqR+hZODOFKcm+tQdHU7UVNB4zPeZ7llTvWJ8x99UQdb5BL7w31f0o+
-h4Kt2wFAQoVKsIWbzWsLw6JeSMkhR53xsC28XtFfovU=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAClHO+9u1/kYdXUZ33Ycru/2HiRs+vHMOm/s5y9AuJPB
+THbIyciIF558KEeBoyTQPDh0r+EatpMjUZ8vA4uj8zjExL+VZtFsGCxJ7cuTYpRR
++DlZbgrXVVB+Cx5DqCUwcMiAsd3W+m/H8u7nB6KzSxa1Kjm35tJ/33LxHyc9zFiV
+FTxeVyuDkQNhDlOy+opRH3MZi4ZHMTbxhLYniFEBlKFB9xuMVcNnwjFgaIMsA4QV
+atATI7zO5iR5IR8Mon/AoHhx4iGm5wPDjc6ADov38m6WIpqtReLKQrprYNOpQ9N3
+3sQ3M0BCs3yum14gXpMEesLAaQQZrHtEPdXQBfKKU4Y=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainF-assembled.pem b/certs/test-pathlen/chainF-assembled.pem
index aae43d35a..68814a201 100644
--- a/certs/test-pathlen/chainF-assembled.pem
+++ b/certs/test-pathlen/chainF-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c9:f8:2c:ad:25:a9:65:3b:72:13:5d:aa:7f:5b:
                     71:f5:e0:43:c4:3a:b3:36:0d:34:61:35:86:77:a0:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:75:32:21:05:2B:60:FE:44:17:AF:18:65:86:85:19:82:3F:F9:64:83
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainF-ICA2-pathlen0/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         a3:86:46:c1:10:c2:92:fe:7d:9d:ce:49:ed:8c:bd:65:74:5e:
-         b7:19:53:d8:79:84:ca:f3:f3:e7:30:b7:b9:e1:61:b1:f3:77:
-         95:14:7b:fd:fe:d9:d0:eb:aa:05:30:d2:71:dc:fa:03:ea:08:
-         e2:c9:07:ec:bf:f6:41:1f:d3:39:a4:1b:7b:23:c7:a1:a7:fd:
-         c0:f6:0e:07:94:91:0e:b7:8e:92:40:05:fc:09:2e:c5:ba:46:
-         ce:94:e5:3e:09:04:e9:b7:c3:52:3e:2d:c1:01:11:d8:2f:b6:
-         10:1f:2d:3b:b1:1d:b0:c5:11:92:66:4d:52:2a:4e:d1:29:d3:
-         4f:fd:0d:2e:4a:60:ed:35:8c:02:91:35:77:3d:21:a5:03:3d:
-         d2:bc:4e:68:0e:f6:4d:f7:87:a4:85:e5:51:33:38:b7:1f:4c:
-         07:85:30:13:32:d9:d9:42:4f:ef:5f:a3:26:e0:60:79:c0:8a:
-         7b:00:8b:9f:18:4b:8e:b3:9e:3f:6b:69:70:03:4c:43:21:1a:
-         4d:80:04:48:a2:a0:ae:99:61:a8:84:35:35:99:c7:24:81:d8:
-         55:95:6b:93:dd:eb:e7:04:de:9f:d4:b9:82:4e:bd:a7:c7:c7:
-         80:5f:c4:78:d8:7b:65:4f:58:8e:d0:17:c8:90:1a:1c:8d:54:
-         1c:3d:d5:f4
+    Signature Value:
+        42:47:7f:36:55:45:b3:84:79:71:75:00:e8:dd:0c:e3:0c:1e:
+        41:8f:3c:d5:e5:8f:9f:71:80:3b:44:f3:e0:9e:29:44:2a:45:
+        f1:49:c6:a3:5a:8c:31:58:8b:79:8b:33:d7:ba:da:13:92:9d:
+        60:4e:d1:4f:8d:ff:ea:3f:e8:20:03:8e:67:03:88:e1:59:84:
+        e2:7b:86:e4:82:97:b2:fb:3e:9e:ee:df:b5:31:00:9f:32:2a:
+        7d:c1:36:90:d9:03:aa:f1:6f:07:75:ed:74:62:4e:13:86:cd:
+        9f:b0:29:e9:7e:63:db:d1:15:0a:ac:b3:22:a4:57:c9:49:5f:
+        c7:85:cc:30:4e:d3:62:27:16:df:51:8a:55:f7:b7:74:49:91:
+        26:a3:d3:75:ae:6d:47:40:ac:e2:d1:52:e0:97:d5:f2:c5:96:
+        0a:c5:bc:ed:e5:83:14:ea:65:d3:66:05:17:3d:bd:80:55:38:
+        6b:62:5b:be:e1:b0:6e:88:66:40:00:17:fb:46:29:22:ce:be:
+        57:54:4a:19:cf:ea:38:80:0a:2f:9f:6e:80:6d:06:9f:b5:68:
+        ad:da:98:ee:02:31:a1:e3:2c:2e:ac:d2:f0:2e:51:88:41:4b:
+        f9:04:99:67:63:af:ab:73:8d:cd:ed:2f:1a:69:10:b5:b1:f8:
+        71:6b:96:05
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRi1JQ0ExLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkYtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,13 +77,13 @@ VR0jBIHGMIHDgBR1MiEFK2D+RBevGGWGhRmCP/lkg6GBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluRi1JQ0EyLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKOGRsEQ
-wpL+fZ3OSe2MvWV0XrcZU9h5hMrz8+cwt7nhYbHzd5UUe/3+2dDrqgUw0nHc+gPq
-COLJB+y/9kEf0zmkG3sjx6Gn/cD2DgeUkQ63jpJABfwJLsW6Rs6U5T4JBOm3w1I+
-LcEBEdgvthAfLTuxHbDFEZJmTVIqTtEp00/9DS5KYO01jAKRNXc9IaUDPdK8TmgO
-9k33h6SF5VEzOLcfTAeFMBMy2dlCT+9foybgYHnAinsAi58YS46znj9raXADTEMh
-Gk2ABEiioK6ZYaiENTWZxySB2FWVa5Pd6+cE3p/UuYJOvafHx4BfxHjYe2VPWI7Q
-F8iQGhyNVBw91fQ=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAEJHfzZV
+RbOEeXF1AOjdDOMMHkGPPNXlj59xgDtE8+CeKUQqRfFJxqNajDFYi3mLM9e62hOS
+nWBO0U+N/+o/6CADjmcDiOFZhOJ7huSCl7L7Pp7u37UxAJ8yKn3BNpDZA6rxbwd1
+7XRiThOGzZ+wKel+Y9vRFQqssyKkV8lJX8eFzDBO02InFt9RilX3t3RJkSaj03Wu
+bUdArOLRUuCX1fLFlgrFvO3lgxTqZdNmBRc9vYBVOGtiW77hsG6IZkAAF/tGKSLO
+vldUShnP6jiACi+fboBtBp+1aK3amO4CMaHjLC6s0vAuUYhBS/kEmWdjr6tzjc3t
+LxppELWx+HFrlgU=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -92,12 +92,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA2-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e0:13:c9:b0:8e:9d:3f:88:d4:30:4a:b4:e8:11:
                     21:93:5c:20:45:08:f8:7a:91:b9:2c:ad:ff:60:aa:
@@ -125,33 +125,33 @@ Certificate:
                 keyid:4A:53:4A:B7:30:78:35:91:B4:CB:DD:C8:22:74:89:AF:80:0F:7F:68
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         b3:d8:4b:f8:59:d5:7a:95:55:af:eb:07:0c:ac:db:b5:cc:b8:
-         aa:0d:81:1b:31:d4:0f:8a:ef:da:28:0e:52:f1:8b:25:54:47:
-         11:d8:62:a2:5b:5e:d5:fb:6d:b5:57:b4:a3:b6:d2:e0:e1:50:
-         8b:e1:7e:cd:3b:48:54:4b:55:48:18:12:fe:55:3b:1e:e2:b8:
-         34:b2:77:f7:21:05:9f:32:43:34:db:e4:d4:e3:d2:74:98:3e:
-         1f:39:97:ef:e3:89:d9:e2:c0:77:f9:d4:74:a5:13:c0:ce:9e:
-         3e:42:bc:0d:44:73:c5:76:47:81:dc:40:f4:06:bf:29:66:51:
-         7b:41:c5:35:73:fe:5c:7a:9c:bf:4c:19:c5:2b:7b:02:1f:45:
-         66:0c:64:01:29:77:a8:a2:ef:ba:61:19:27:a1:56:41:a6:73:
-         5d:9f:39:86:38:e9:0a:31:23:55:f1:02:54:ce:96:18:32:ae:
-         22:03:1d:fb:cb:90:45:54:8f:d2:29:17:9d:44:65:68:8c:d2:
-         25:df:a8:c2:29:1e:66:2c:c4:57:a1:ab:93:c7:34:a2:e3:94:
-         bd:dc:8f:51:d2:08:a6:3c:63:c9:c1:ee:90:de:39:92:fc:5e:
-         85:d4:f9:f0:b8:6e:09:30:0c:25:ce:c8:86:c1:75:5d:e8:e8:
-         90:90:ad:0d
+    Signature Value:
+        ad:61:8c:4f:98:84:87:b0:90:fb:4e:07:74:cf:14:6c:8f:30:
+        f6:13:85:db:b2:5e:12:af:9e:ab:4e:58:4e:15:75:c7:bd:8e:
+        50:e8:82:65:a6:0a:de:a3:1a:2c:d7:ba:13:6a:ba:17:f8:4e:
+        2b:ea:69:e5:c3:e1:55:ac:13:f6:c0:58:e6:a0:70:8f:c5:b8:
+        fc:a9:e9:58:07:c4:c5:0a:1f:8e:be:fb:85:ed:af:de:5e:fe:
+        cc:f5:63:50:d9:dc:83:76:0d:08:a2:61:48:43:af:0f:a5:41:
+        f0:5b:82:b2:53:de:ed:9f:55:d2:33:d7:4f:98:e2:5d:73:70:
+        b7:c5:92:e0:02:e2:5f:67:89:95:56:89:00:bd:76:e8:b9:72:
+        4d:02:c6:73:a1:fe:56:76:57:70:23:5f:e8:25:a3:38:2b:f6:
+        51:f7:c5:6f:41:62:43:e0:71:62:a0:42:2c:31:7b:c1:37:dc:
+        51:31:e4:b6:81:15:0a:78:35:8a:34:37:f7:93:46:4b:34:f3:
+        4a:32:8a:a0:2b:05:35:0e:16:d4:96:af:b0:95:65:5a:fc:f6:
+        3f:90:e2:f4:55:3e:54:f6:5e:31:e1:59:2c:da:af:c7:a6:65:
+        e5:ee:c5:d2:d2:09:4d:57:d7:04:0b:1e:4b:63:e7:91:0c:4a:
+        88:34:b3:a8
 -----BEGIN CERTIFICATE-----
 MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRi1JQ0EyLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkYtSUNBMS1wYXRobGVuMTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -167,12 +167,12 @@ lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
-AQELBQADggEBALPYS/hZ1XqVVa/rBwys27XMuKoNgRsx1A+K79ooDlLxiyVURxHY
-YqJbXtX7bbVXtKO20uDhUIvhfs07SFRLVUgYEv5VOx7iuDSyd/chBZ8yQzTb5NTj
-0nSYPh85l+/jidniwHf51HSlE8DOnj5CvA1Ec8V2R4HcQPQGvylmUXtBxTVz/lx6
-nL9MGcUrewIfRWYMZAEpd6ii77phGSehVkGmc12fOYY46QoxI1XxAlTOlhgyriID
-HfvLkEVUj9IpF51EZWiM0iXfqMIpHmYsxFehq5PHNKLjlL3cj1HSCKY8Y8nB7pDe
-OZL8XoXU+fC4bgkwDCXOyIbBdV3o6JCQrQ0=
+AQELBQADggEBAK1hjE+YhIewkPtOB3TPFGyPMPYThduyXhKvnqtOWE4Vdce9jlDo
+gmWmCt6jGizXuhNquhf4TivqaeXD4VWsE/bAWOagcI/FuPyp6VgHxMUKH46++4Xt
+r95e/sz1Y1DZ3IN2DQiiYUhDrw+lQfBbgrJT3u2fVdIz10+Y4l1zcLfFkuAC4l9n
+iZVWiQC9dui5ck0CxnOh/lZ2V3AjX+glozgr9lH3xW9BYkPgcWKgQiwxe8E33FEx
+5LaBFQp4NYo0N/eTRks080oyiqArBTUOFtSWr7CVZVr89j+Q4vRVPlT2XjHhWSza
+r8emZeXuxdLSCU1X1wQLHktj55EMSog0s6g=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -181,12 +181,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA2-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:da:3a:22:65:f8:6d:1c:b7:1c:87:dd:27:f4:d7:
                     75:aa:7c:1c:37:31:b4:d6:a5:34:4b:36:40:ea:55:
@@ -213,34 +213,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         9b:28:44:f3:e9:c3:e9:38:03:1a:19:ac:80:f8:ef:e8:a6:3e:
-         83:80:71:30:48:6c:8e:28:10:f8:84:d3:12:0b:35:fc:f3:51:
-         87:9b:ef:48:9a:fd:5b:ca:b2:4e:61:94:ae:5b:a7:a7:36:2e:
-         e2:da:83:19:82:e4:cb:70:5d:c5:1a:de:4c:b6:be:c6:6e:d9:
-         f8:6c:6e:64:b4:96:7f:18:ba:b5:54:f1:8a:6f:75:27:e3:51:
-         98:50:f7:92:ff:a3:e8:65:ae:62:ab:7f:94:7c:e3:f9:3a:f5:
-         6d:9a:d7:98:6a:3b:5a:b3:1f:73:92:ad:f2:6b:7e:e5:10:ee:
-         3d:5a:73:28:18:0f:5c:e0:99:6f:1e:5f:61:da:e1:a4:d4:a1:
-         e7:69:b1:e0:9b:ba:e9:1b:6d:60:e2:b5:c6:9e:19:9f:21:d4:
-         d6:2f:da:56:15:d8:4f:b5:82:b2:62:83:a0:cd:70:05:2c:21:
-         61:6d:92:9a:91:fa:16:4e:0c:e1:4a:72:6f:ad:41:d1:d4:ed:
-         45:4d:07:8c:cf:79:9e:e5:95:3b:d6:27:cc:7d:f5:44:1d:6f:
-         90:4b:ef:0d:f5:7f:4a:3e:87:82:ad:db:01:40:42:85:4a:b0:
-         85:9b:cd:6b:0b:c3:a2:5e:48:c9:21:47:9d:f1:b0:2d:bc:5e:
-         d1:5f:a2:f5
+    Signature Value:
+        29:47:3b:ef:6e:d7:f9:18:75:75:19:df:76:1c:ae:ef:f6:1e:
+        24:6c:fa:f1:cc:3a:6f:ec:e7:2f:40:b8:93:c1:4c:76:c8:c9:
+        c8:88:17:9e:7c:28:47:81:a3:24:d0:3c:38:74:af:e1:1a:b6:
+        93:23:51:9f:2f:03:8b:a3:f3:38:c4:c4:bf:95:66:d1:6c:18:
+        2c:49:ed:cb:93:62:94:51:f8:39:59:6e:0a:d7:55:50:7e:0b:
+        1e:43:a8:25:30:70:c8:80:b1:dd:d6:fa:6f:c7:f2:ee:e7:07:
+        a2:b3:4b:16:b5:2a:39:b7:e6:d2:7f:df:72:f1:1f:27:3d:cc:
+        58:95:15:3c:5e:57:2b:83:91:03:61:0e:53:b2:fa:8a:51:1f:
+        73:19:8b:86:47:31:36:f1:84:b6:27:88:51:01:94:a1:41:f7:
+        1b:8c:55:c3:67:c2:31:60:68:83:2c:03:84:15:6a:d0:13:23:
+        bc:ce:e6:24:79:21:1f:0c:a2:7f:c0:a0:78:71:e2:21:a6:e7:
+        03:c3:8d:ce:80:0e:8b:f7:f2:6e:96:22:9a:ad:45:e2:ca:42:
+        ba:6b:60:d3:a9:43:d3:77:de:c4:37:33:40:42:b3:7c:ae:9b:
+        5e:20:5e:93:04:7a:c2:c0:69:04:19:ac:7b:44:3d:d5:d0:05:
+        f2:8a:53:86
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluRi1JQ0Ey
 LXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -254,12 +254,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFEpTSrcweDWRtMvdyCJ0ia+AD39oMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAJsoRPPpw+k4AxoZrID47+imPoOAcTBIbI4oEPiE0xIL
-NfzzUYeb70ia/VvKsk5hlK5bp6c2LuLagxmC5MtwXcUa3ky2vsZu2fhsbmS0ln8Y
-urVU8YpvdSfjUZhQ95L/o+hlrmKrf5R84/k69W2a15hqO1qzH3OSrfJrfuUQ7j1a
-cygYD1zgmW8eX2Ha4aTUoedpseCbuukbbWDitcaeGZ8h1NYv2lYV2E+1grJig6DN
-cAUsIWFtkpqR+hZODOFKcm+tQdHU7UVNB4zPeZ7llTvWJ8x99UQdb5BL7w31f0o+
-h4Kt2wFAQoVKsIWbzWsLw6JeSMkhR53xsC28XtFfovU=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAClHO+9u1/kYdXUZ33Ycru/2HiRs+vHMOm/s5y9AuJPB
+THbIyciIF558KEeBoyTQPDh0r+EatpMjUZ8vA4uj8zjExL+VZtFsGCxJ7cuTYpRR
++DlZbgrXVVB+Cx5DqCUwcMiAsd3W+m/H8u7nB6KzSxa1Kjm35tJ/33LxHyc9zFiV
+FTxeVyuDkQNhDlOy+opRH3MZi4ZHMTbxhLYniFEBlKFB9xuMVcNnwjFgaIMsA4QV
+atATI7zO5iR5IR8Mon/AoHhx4iGm5wPDjc6ADov38m6WIpqtReLKQrprYNOpQ9N3
+3sQ3M0BCs3yum14gXpMEesLAaQQZrHtEPdXQBfKKU4Y=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainF-entity.pem b/certs/test-pathlen/chainF-entity.pem
index e63ff2523..83f4980e2 100644
--- a/certs/test-pathlen/chainF-entity.pem
+++ b/certs/test-pathlen/chainF-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-ICA1-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainF-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c9:f8:2c:ad:25:a9:65:3b:72:13:5d:aa:7f:5b:
                     71:f5:e0:43:c4:3a:b3:36:0d:34:61:35:86:77:a0:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:75:32:21:05:2B:60:FE:44:17:AF:18:65:86:85:19:82:3F:F9:64:83
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainF-ICA2-pathlen0/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         a3:86:46:c1:10:c2:92:fe:7d:9d:ce:49:ed:8c:bd:65:74:5e:
-         b7:19:53:d8:79:84:ca:f3:f3:e7:30:b7:b9:e1:61:b1:f3:77:
-         95:14:7b:fd:fe:d9:d0:eb:aa:05:30:d2:71:dc:fa:03:ea:08:
-         e2:c9:07:ec:bf:f6:41:1f:d3:39:a4:1b:7b:23:c7:a1:a7:fd:
-         c0:f6:0e:07:94:91:0e:b7:8e:92:40:05:fc:09:2e:c5:ba:46:
-         ce:94:e5:3e:09:04:e9:b7:c3:52:3e:2d:c1:01:11:d8:2f:b6:
-         10:1f:2d:3b:b1:1d:b0:c5:11:92:66:4d:52:2a:4e:d1:29:d3:
-         4f:fd:0d:2e:4a:60:ed:35:8c:02:91:35:77:3d:21:a5:03:3d:
-         d2:bc:4e:68:0e:f6:4d:f7:87:a4:85:e5:51:33:38:b7:1f:4c:
-         07:85:30:13:32:d9:d9:42:4f:ef:5f:a3:26:e0:60:79:c0:8a:
-         7b:00:8b:9f:18:4b:8e:b3:9e:3f:6b:69:70:03:4c:43:21:1a:
-         4d:80:04:48:a2:a0:ae:99:61:a8:84:35:35:99:c7:24:81:d8:
-         55:95:6b:93:dd:eb:e7:04:de:9f:d4:b9:82:4e:bd:a7:c7:c7:
-         80:5f:c4:78:d8:7b:65:4f:58:8e:d0:17:c8:90:1a:1c:8d:54:
-         1c:3d:d5:f4
+    Signature Value:
+        42:47:7f:36:55:45:b3:84:79:71:75:00:e8:dd:0c:e3:0c:1e:
+        41:8f:3c:d5:e5:8f:9f:71:80:3b:44:f3:e0:9e:29:44:2a:45:
+        f1:49:c6:a3:5a:8c:31:58:8b:79:8b:33:d7:ba:da:13:92:9d:
+        60:4e:d1:4f:8d:ff:ea:3f:e8:20:03:8e:67:03:88:e1:59:84:
+        e2:7b:86:e4:82:97:b2:fb:3e:9e:ee:df:b5:31:00:9f:32:2a:
+        7d:c1:36:90:d9:03:aa:f1:6f:07:75:ed:74:62:4e:13:86:cd:
+        9f:b0:29:e9:7e:63:db:d1:15:0a:ac:b3:22:a4:57:c9:49:5f:
+        c7:85:cc:30:4e:d3:62:27:16:df:51:8a:55:f7:b7:74:49:91:
+        26:a3:d3:75:ae:6d:47:40:ac:e2:d1:52:e0:97:d5:f2:c5:96:
+        0a:c5:bc:ed:e5:83:14:ea:65:d3:66:05:17:3d:bd:80:55:38:
+        6b:62:5b:be:e1:b0:6e:88:66:40:00:17:fb:46:29:22:ce:be:
+        57:54:4a:19:cf:ea:38:80:0a:2f:9f:6e:80:6d:06:9f:b5:68:
+        ad:da:98:ee:02:31:a1:e3:2c:2e:ac:d2:f0:2e:51:88:41:4b:
+        f9:04:99:67:63:af:ab:73:8d:cd:ed:2f:1a:69:10:b5:b1:f8:
+        71:6b:96:05
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRi1JQ0ExLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzM1oXDTI3MDkxNDIxMjUzM1owgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkYtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,11 +77,11 @@ VR0jBIHGMIHDgBR1MiEFK2D+RBevGGWGhRmCP/lkg6GBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluRi1JQ0EyLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKOGRsEQ
-wpL+fZ3OSe2MvWV0XrcZU9h5hMrz8+cwt7nhYbHzd5UUe/3+2dDrqgUw0nHc+gPq
-COLJB+y/9kEf0zmkG3sjx6Gn/cD2DgeUkQ63jpJABfwJLsW6Rs6U5T4JBOm3w1I+
-LcEBEdgvthAfLTuxHbDFEZJmTVIqTtEp00/9DS5KYO01jAKRNXc9IaUDPdK8TmgO
-9k33h6SF5VEzOLcfTAeFMBMy2dlCT+9foybgYHnAinsAi58YS46znj9raXADTEMh
-Gk2ABEiioK6ZYaiENTWZxySB2FWVa5Pd6+cE3p/UuYJOvafHx4BfxHjYe2VPWI7Q
-F8iQGhyNVBw91fQ=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAEJHfzZV
+RbOEeXF1AOjdDOMMHkGPPNXlj59xgDtE8+CeKUQqRfFJxqNajDFYi3mLM9e62hOS
+nWBO0U+N/+o/6CADjmcDiOFZhOJ7huSCl7L7Pp7u37UxAJ8yKn3BNpDZA6rxbwd1
+7XRiThOGzZ+wKel+Y9vRFQqssyKkV8lJX8eFzDBO02InFt9RilX3t3RJkSaj03Wu
+bUdArOLRUuCX1fLFlgrFvO3lgxTqZdNmBRc9vYBVOGtiW77hsG6IZkAAF/tGKSLO
+vldUShnP6jiACi+fboBtBp+1aK3amO4CMaHjLC6s0vAuUYhBS/kEmWdjr6tzjc3t
+LxppELWx+HFrlgU=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA1-pathlen0.pem b/certs/test-pathlen/chainG-ICA1-pathlen0.pem
index 29420ebed..7d0d981c9 100644
--- a/certs/test-pathlen/chainG-ICA1-pathlen0.pem
+++ b/certs/test-pathlen/chainG-ICA1-pathlen0.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d2:26:be:51:98:42:e0:1f:ae:fc:c2:cb:ba:d5:
                     0f:44:3b:0b:60:d8:49:ec:03:43:6b:06:ce:f2:28:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:E1:E6:9B:28:CF:FD:AB:45:C1:B7:A7:C4:C9:58:FC:41:E3:1A:5C:74
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA3-pathlen99/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         6e:12:75:fb:ac:2b:b3:b5:f3:f8:0c:2b:61:c3:22:c0:1f:16:
-         cf:36:8c:b2:fc:be:83:ad:81:3d:e9:4e:76:e3:85:db:34:b4:
-         b1:a6:ed:fe:82:ee:b2:7c:64:14:e4:1f:d6:fb:16:3e:36:d7:
-         a1:f3:99:99:7c:48:96:50:d0:e4:29:43:42:93:7c:8e:24:fc:
-         ba:6b:89:1c:1b:c8:39:d2:62:5e:7f:ac:0c:e8:7d:f4:90:94:
-         a3:dc:5d:d4:25:60:07:6f:97:6c:a1:4f:5a:ec:84:70:46:de:
-         4d:74:a8:5c:48:32:94:6d:69:81:65:c6:c4:ef:3e:31:fc:40:
-         f5:5c:10:29:23:49:a7:ca:27:27:33:ed:3f:65:1a:95:f0:57:
-         5a:32:19:b4:4d:66:c5:19:15:4b:a9:79:c9:fb:cd:02:57:04:
-         c2:33:6d:6c:85:67:14:16:7a:d2:32:a0:66:c4:b9:0d:43:bd:
-         57:52:27:da:af:f1:df:68:27:74:b9:dd:d3:3c:ba:79:d0:46:
-         2c:91:fc:1c:65:a4:3a:ea:82:25:c9:b1:2f:7d:78:85:62:1f:
-         a4:4c:69:fc:a3:95:c3:0a:ce:ed:10:24:ec:f7:17:bf:22:42:
-         44:ac:0d:77:a1:3d:9d:d0:fb:03:1b:b7:79:8a:ba:6e:3c:a4:
-         3e:1c:0a:54
+    Signature Value:
+        10:ac:6a:7c:e3:78:f4:f0:6d:a5:c2:6f:6b:af:ef:eb:dd:98:
+        c5:ae:75:82:95:16:cb:c8:76:4e:84:44:d3:fd:6e:69:37:5c:
+        db:5a:f6:59:f1:a1:bb:5f:50:b9:6e:3d:b6:12:21:cb:14:91:
+        8e:b0:9c:35:96:38:b4:0d:51:4a:a7:a7:d2:23:54:82:04:96:
+        fb:8f:34:84:80:87:ac:b5:f9:3f:6f:ec:1d:c6:8b:ee:1a:ee:
+        d8:e2:d8:b5:e0:b6:b6:92:97:fb:c9:cf:67:e1:9a:40:ee:8d:
+        54:24:1a:cb:5b:1b:0b:6a:83:9d:cf:a6:3b:ec:41:96:f5:cb:
+        fe:87:52:23:66:67:4a:48:7f:3b:5a:d1:63:c7:c6:40:fd:41:
+        51:8e:86:3a:5f:34:50:cd:56:ce:de:1a:ab:a0:87:08:b4:b3:
+        89:fe:b3:64:11:be:c3:f7:81:f1:b4:c1:9d:c3:ce:72:49:d3:
+        c4:d2:33:0a:db:f1:85:76:69:2f:94:f8:59:77:b7:c8:ff:4c:
+        69:b9:68:bb:ee:ff:a1:17:cb:d9:7d:5a:8f:bb:a7:93:ed:e6:
+        dd:60:8d:25:31:5d:90:51:74:24:c3:8f:62:90:02:f8:db:ad:
+        fd:e9:0a:fd:c2:ad:6a:2f:83:4f:8b:49:7d:c8:60:6d:98:57:
+        43:15:f1:3a
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRy1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkctSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -80,10 +80,10 @@ ojELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl
 YXR0bGUxFTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxHjAcBgNVBAMMFWNoYWluRy1JQ0EzLXBhdGhsZW45OTEfMB0GCSqGSIb3DQEJ
 ARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAbhJ1+6wrs7Xz+AwrYcMiwB8WzzaMsvy+
-g62BPelOduOF2zS0sabt/oLusnxkFOQf1vsWPjbXofOZmXxIllDQ5ClDQpN8jiT8
-umuJHBvIOdJiXn+sDOh99JCUo9xd1CVgB2+XbKFPWuyEcEbeTXSoXEgylG1pgWXG
-xO8+MfxA9VwQKSNJp8onJzPtP2UalfBXWjIZtE1mxRkVS6l5yfvNAlcEwjNtbIVn
-FBZ60jKgZsS5DUO9V1In2q/x32gndLnd0zy6edBGLJH8HGWkOuqCJcmxL314hWIf
-pExp/KOVwwrO7RAk7PcXvyJCRKwNd6E9ndD7Axu3eYq6bjykPhwKVA==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAEKxqfON49PBtpcJva6/v692Yxa51gpUW
+y8h2ToRE0/1uaTdc21r2WfGhu19QuW49thIhyxSRjrCcNZY4tA1RSqen0iNUggSW
++480hICHrLX5P2/sHcaL7hru2OLYteC2tpKX+8nPZ+GaQO6NVCQay1sbC2qDnc+m
+O+xBlvXL/odSI2ZnSkh/O1rRY8fGQP1BUY6GOl80UM1Wzt4aq6CHCLSzif6zZBG+
+w/eB8bTBncPOcknTxNIzCtvxhXZpL5T4WXe3yP9Mablou+7/oRfL2X1aj7unk+3m
+3WCNJTFdkFF0JMOPYpAC+Nut/ekK/cKtai+DT4tJfchgbZhXQxXxOg==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA2-pathlen1.pem b/certs/test-pathlen/chainG-ICA2-pathlen1.pem
index f7c7956ec..2a40d2e73 100644
--- a/certs/test-pathlen/chainG-ICA2-pathlen1.pem
+++ b/certs/test-pathlen/chainG-ICA2-pathlen1.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA3-pathlen99, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:3e:de:b9:f9:a9:d7:8e:7a:4b:f2:f1:8c:f9:
                     3b:1c:ce:59:31:4c:57:0c:2e:8a:0f:90:f0:dc:27:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:C1:CD:1F:81:13:82:24:3B:CF:64:51:7A:4C:E3:65:2E:75:1E:01:23
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA4-pathlen5/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         50:65:9b:1d:8b:6a:ae:9b:d4:f1:ff:57:ac:51:48:fd:c8:9e:
-         19:bb:b2:00:bf:54:ee:c8:d4:2f:eb:5b:ff:17:1e:7c:aa:1d:
-         d4:01:9f:e8:cb:c4:8c:e5:ee:99:04:33:e8:16:3a:fc:44:bd:
-         56:a5:45:e7:e9:fb:88:25:11:4b:07:73:5d:37:21:47:47:9d:
-         f8:e0:89:e0:e4:c0:6a:f4:64:25:e7:b7:d9:47:53:ff:d5:6f:
-         f3:e4:8d:b2:33:f6:ce:46:5b:80:82:8f:05:18:f4:bc:90:5a:
-         af:4a:7f:9d:67:08:f7:41:27:05:c5:34:46:03:fc:14:2e:4e:
-         81:f3:ca:3d:67:9e:a9:53:ec:5b:df:38:d4:b5:92:3d:55:94:
-         df:88:be:a1:e7:14:18:a2:9d:22:5d:10:69:f8:54:c3:a9:14:
-         ef:8e:af:e1:8a:f8:cd:6d:7e:26:30:2c:40:bc:50:49:e5:9f:
-         bc:8f:de:30:23:93:c4:25:b3:e6:fb:b5:64:82:57:41:ac:79:
-         1e:58:9e:6c:67:dc:18:ed:c4:60:79:06:b1:ee:9f:4c:2c:a3:
-         9c:61:d7:77:33:b5:64:50:65:88:33:a0:30:57:99:0f:a9:aa:
-         a7:b3:a8:0d:b1:c5:ce:5a:34:a8:31:47:e4:66:62:b2:11:0e:
-         b9:58:4f:06
+    Signature Value:
+        98:19:29:17:65:3d:c1:a4:8c:35:ae:dc:7f:28:6f:09:9e:4a:
+        02:60:70:d6:5d:bb:6a:44:23:38:28:59:63:3d:a8:38:3c:17:
+        2b:a4:73:67:b7:a8:3e:b1:ea:8d:50:f8:8f:89:d9:72:4c:59:
+        d3:48:b6:3a:52:f4:e5:b7:3d:9f:10:71:9e:7c:b1:1b:9b:f7:
+        9c:03:97:49:0d:0f:3b:23:58:a1:20:4e:39:cb:c8:26:04:57:
+        32:a9:74:cf:dd:f2:e4:dd:03:cd:e5:0d:5d:95:16:a8:06:7a:
+        c3:00:c7:ae:dc:37:a9:b4:3e:32:cf:b3:a4:ba:1f:7a:74:74:
+        29:c2:e5:9c:ee:11:85:b6:2d:10:83:35:c1:de:dc:89:7b:ca:
+        63:ac:89:b7:02:20:77:b1:0f:3e:02:c7:b2:e6:d4:51:e4:76:
+        47:b7:bc:94:fc:7f:61:22:5a:3c:3a:9b:bd:b2:d0:b7:ee:3a:
+        f5:b4:33:85:3b:d6:5b:17:8f:24:60:0b:66:6f:6a:2e:64:bb:
+        a1:0e:4c:18:14:09:ba:01:02:6a:20:ad:75:a1:2d:c1:cb:4b:
+        65:37:38:ac:33:9a:bd:df:1f:02:4a:df:a9:a2:68:a2:87:37:
+        dc:ca:7f:b1:a6:ae:ee:f8:3f:77:bf:6c:6b:b0:9b:73:9d:ef:
+        46:d3:bb:13
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNo
 YWluRy1JQ0EzLXBhdGhsZW45OTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMzEyMTMyMjE5MzJaFw0yNjA5MDgyMjE5MzJaMIGhMQswCQYDVQQG
+LmNvbTAeFw0yNDEyMTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMIGhMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMG
 A1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEdMBsGA1UE
 AwwUY2hhaW5HLUlDQTItcGF0aGxlbjExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -80,10 +80,10 @@ gaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMR0wGwYDVQQDDBRjaGFpbkctSUNBNC1wYXRobGVuNTEfMB0GCSqGSIb3DQEJ
 ARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRMECDAGAQH/AgEBMAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAUGWbHYtqrpvU8f9XrFFI/cieGbuyAL9U
-7sjUL+tb/xcefKod1AGf6MvEjOXumQQz6BY6/ES9VqVF5+n7iCURSwdzXTchR0ed
-+OCJ4OTAavRkJee32UdT/9Vv8+SNsjP2zkZbgIKPBRj0vJBar0p/nWcI90EnBcU0
-RgP8FC5OgfPKPWeeqVPsW9841LWSPVWU34i+oecUGKKdIl0QafhUw6kU746v4Yr4
-zW1+JjAsQLxQSeWfvI/eMCOTxCWz5vu1ZIJXQax5HliebGfcGO3EYHkGse6fTCyj
-nGHXdzO1ZFBliDOgMFeZD6mqp7OoDbHFzlo0qDFH5GZishEOuVhPBg==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAmBkpF2U9waSMNa7cfyhvCZ5KAmBw1l27
+akQjOChZYz2oODwXK6RzZ7eoPrHqjVD4j4nZckxZ00i2OlL05bc9nxBxnnyxG5v3
+nAOXSQ0POyNYoSBOOcvIJgRXMql0z93y5N0DzeUNXZUWqAZ6wwDHrtw3qbQ+Ms+z
+pLofenR0KcLlnO4RhbYtEIM1wd7ciXvKY6yJtwIgd7EPPgLHsubUUeR2R7e8lPx/
+YSJaPDqbvbLQt+469bQzhTvWWxePJGALZm9qLmS7oQ5MGBQJugECaiCtdaEtwctL
+ZTc4rDOavd8fAkrfqaJoooc33Mp/saau7vg/d79sa7Cbc53vRtO7Ew==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA3-pathlen99.pem b/certs/test-pathlen/chainG-ICA3-pathlen99.pem
index cbfb848db..160d33129 100644
--- a/certs/test-pathlen/chainG-ICA3-pathlen99.pem
+++ b/certs/test-pathlen/chainG-ICA3-pathlen99.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA4-pathlen5, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA3-pathlen99, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ac:f1:39:65:f7:9c:9d:f6:f0:d2:b7:18:16:24:
                     81:32:b7:a5:29:d6:f7:4e:31:38:a7:54:d6:eb:07:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:D4:92:AE:BD:3B:1C:66:4B:17:88:18:15:F8:27:AB:38:CC:07:5A:65
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA5-pathlen20/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:99
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         0b:ad:52:52:31:8c:12:70:07:6c:05:83:b3:84:cf:c2:64:da:
-         43:d2:cc:6c:db:ef:a5:ae:9b:44:96:4e:fe:fd:b9:61:56:59:
-         e2:f2:52:c8:1b:52:2c:36:79:5d:6a:83:a1:c8:03:9a:7a:80:
-         4f:ee:9d:48:87:f4:cb:9b:5e:84:c8:f8:b8:0c:77:e1:cb:40:
-         ac:28:eb:58:07:e4:06:a7:50:e2:44:48:bc:a3:2f:5d:f1:fa:
-         0c:4d:1d:84:0a:57:e5:0c:b9:bb:41:b9:12:17:09:25:9f:99:
-         02:6b:9e:83:fb:07:f8:3f:59:b2:04:62:b7:12:e7:61:8b:48:
-         a7:cc:29:ce:11:f9:7c:64:dd:5c:51:d3:ac:0c:54:4b:22:7e:
-         29:de:98:50:80:f8:1a:65:64:3c:fb:a6:07:bb:e8:b1:a4:e8:
-         f1:7b:07:fd:e2:50:07:67:f5:7a:fa:76:4d:1c:7f:1a:e3:52:
-         ad:13:a6:b5:89:9e:f5:11:68:12:13:dc:59:86:9d:f9:83:18:
-         52:ee:09:24:6a:37:e9:85:95:ac:93:09:23:09:0e:f3:66:a8:
-         85:ee:d1:e4:40:01:f3:c2:c3:1f:48:74:76:2b:7e:4c:9b:a9:
-         a2:2f:c8:7c:74:60:2d:98:e8:63:09:cf:8f:a8:c8:8a:7f:c4:
-         d4:f3:34:ad
+    Signature Value:
+        03:3a:72:4d:48:13:39:45:02:48:80:fe:e2:b0:6f:69:90:fe:
+        ce:79:e0:76:b2:10:0c:a3:f7:99:3d:3c:76:de:27:83:e3:bc:
+        bd:a7:f0:c7:80:d8:db:0d:2b:04:fc:14:6b:4e:3f:6d:96:a6:
+        af:8f:be:eb:d9:cc:ec:92:15:06:cc:d6:eb:91:11:20:40:45:
+        9f:08:fe:19:fb:c5:ac:07:9d:9c:a5:ae:2e:01:d7:0a:02:a0:
+        1d:cf:62:e6:79:47:e4:57:21:1e:ed:9d:5b:94:d7:3f:4e:6a:
+        59:54:ec:29:bd:98:54:72:9c:b9:83:ac:09:b8:97:b1:c1:2e:
+        6b:c3:0b:5f:78:fa:46:d0:bf:8c:70:91:85:ec:17:93:54:f4:
+        b9:80:fc:4c:cd:ad:3f:ae:84:40:97:d0:ed:32:5f:de:09:55:
+        7c:26:bf:e6:85:27:09:77:1c:63:ce:3e:5c:3b:64:f8:d8:b7:
+        6c:74:e0:c9:eb:13:9b:2c:12:2f:02:ec:e3:e7:82:ef:a1:fe:
+        eb:93:39:d6:73:88:00:7f:15:af:ad:50:66:65:a1:15:41:22:
+        ce:0f:52:44:d4:82:9c:7c:9b:33:3d:bc:f8:5b:05:e4:5b:69:
+        db:11:00:41:d3:30:90:34:f2:74:0e:f5:d8:67:be:2e:70:f6:
+        e5:8f:0c:6d
 -----BEGIN CERTIFICATE-----
 MIIE1TCCA72gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRy1JQ0E0LXBhdGhsZW41MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaIxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaIxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR4wHAYDVQQD
 DBVjaGFpbkctSUNBMy1wYXRobGVuOTkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -80,10 +80,10 @@ gaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMR4wHAYDVQQDDBVjaGFpbkctSUNBNS1wYXRobGVuMjAxHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBYzALBgNVHQ8E
-BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAAutUlIxjBJwB2wFg7OEz8Jk2kPSzGzb
-76Wum0SWTv79uWFWWeLyUsgbUiw2eV1qg6HIA5p6gE/unUiH9MubXoTI+LgMd+HL
-QKwo61gH5AanUOJESLyjL13x+gxNHYQKV+UMubtBuRIXCSWfmQJrnoP7B/g/WbIE
-YrcS52GLSKfMKc4R+Xxk3VxR06wMVEsifinemFCA+BplZDz7pge76LGk6PF7B/3i
-UAdn9Xr6dk0cfxrjUq0TprWJnvURaBIT3FmGnfmDGFLuCSRqN+mFlayTCSMJDvNm
-qIXu0eRAAfPCwx9IdHYrfkybqaIvyHx0YC2Y6GMJz4+oyIp/xNTzNK0=
+BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAAM6ck1IEzlFAkiA/uKwb2mQ/s554Hay
+EAyj95k9PHbeJ4PjvL2n8MeA2NsNKwT8FGtOP22Wpq+PvuvZzOySFQbM1uuRESBA
+RZ8I/hn7xawHnZylri4B1woCoB3PYuZ5R+RXIR7tnVuU1z9OallU7Cm9mFRynLmD
+rAm4l7HBLmvDC194+kbQv4xwkYXsF5NU9LmA/EzNrT+uhECX0O0yX94JVXwmv+aF
+Jwl3HGPOPlw7ZPjYt2x04MnrE5ssEi8C7OPngu+h/uuTOdZziAB/Fa+tUGZloRVB
+Is4PUkTUgpx8mzM9vPhbBeRbadsRAEHTMJA08nQO9dhnvi5w9uWPDG0=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA4-pathlen5.pem b/certs/test-pathlen/chainG-ICA4-pathlen5.pem
index 2b56f422e..a76ae02fe 100644
--- a/certs/test-pathlen/chainG-ICA4-pathlen5.pem
+++ b/certs/test-pathlen/chainG-ICA4-pathlen5.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA5-pathlen20, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA4-pathlen5, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c9:4b:a0:77:b8:42:43:96:e1:f4:8d:1d:a6:2c:
                     d8:12:a2:40:49:11:eb:5f:fb:6c:1d:15:3e:af:dd:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:1D:51:80:B6:9A:A7:AC:DD:80:7B:4B:A2:0B:62:BE:E4:87:30:C7:CA
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA6-pathlen10/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:5
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         a6:f3:32:99:ee:fd:de:b1:46:ad:68:a7:6f:d8:55:91:63:2d:
-         07:ce:91:2f:e3:ff:8f:03:e3:cf:c2:33:76:91:33:5f:13:70:
-         10:e4:e2:3b:70:02:fc:d2:7d:39:d2:1a:1e:82:2d:40:d8:a7:
-         bb:69:19:51:fb:c1:32:41:e5:cf:4f:39:f6:f8:dd:b4:cb:f2:
-         11:3e:dc:8d:c7:a6:90:27:14:4b:28:6f:20:9a:58:92:3a:42:
-         8c:c7:40:36:b5:c0:4a:7e:27:0b:37:a7:71:e4:fd:f4:8d:24:
-         8d:fe:3d:4a:59:4e:7e:86:02:f2:e2:09:95:59:ca:19:b9:23:
-         84:1e:c6:14:d9:c4:05:7a:93:77:b4:4a:f4:91:75:3f:89:43:
-         8b:b1:5f:a5:36:0a:2a:b0:a1:7b:8f:33:01:92:4d:c1:d9:51:
-         98:a3:1b:14:f9:34:8e:7c:db:a5:5c:2c:b2:cd:23:b6:f6:65:
-         25:aa:2c:5c:cc:38:49:b2:77:aa:8f:73:3b:00:1f:33:94:43:
-         fd:c2:34:ba:ee:ac:7d:0d:62:58:72:4d:ea:78:29:b5:b1:29:
-         99:70:8c:00:22:1c:a3:93:ca:cd:c8:02:21:57:2d:19:fd:a7:
-         fb:c7:1c:12:0c:49:04:73:4c:7e:dd:9f:9e:1c:5b:e4:2a:53:
-         b6:cf:7e:c4
+    Signature Value:
+        29:f0:28:23:e3:5b:7c:79:38:4f:54:fc:55:b5:0b:2a:32:2d:
+        a3:0f:21:95:80:74:dc:20:d1:21:97:ac:da:31:8c:e0:5f:c5:
+        a0:78:b9:3c:a9:33:5d:9b:28:5d:2a:fa:7f:99:30:3c:d4:74:
+        dd:64:b0:69:24:6e:5f:0d:df:29:93:e0:ca:b2:24:fd:fc:a8:
+        0f:21:ae:a7:f7:32:5d:bc:c0:88:d0:0c:37:6d:58:3b:2f:25:
+        cc:eb:d6:38:9d:4b:88:32:db:55:b3:18:a3:ad:e3:d6:cd:58:
+        40:6e:63:52:b6:bb:fd:55:99:5f:29:83:75:a0:33:25:bc:4a:
+        3f:8c:89:12:3e:3e:37:b5:56:27:3a:34:a1:61:b5:b0:4a:6c:
+        da:fd:ac:a1:c7:8c:88:fb:3a:4e:2e:ec:4c:0c:6b:3e:e9:11:
+        52:00:d4:77:ab:5a:1b:69:1b:cc:d8:85:57:d6:87:34:5b:8f:
+        db:fb:d6:1c:6a:47:61:64:4c:ef:f9:11:12:35:53:0a:64:52:
+        ac:0b:71:19:64:2d:56:85:ee:fa:11:42:49:c2:10:5c:06:20:
+        5b:66:9a:ef:5c:6b:1d:a9:12:86:7c:f9:44:6b:31:91:a0:5c:
+        ce:2f:ee:8f:7e:9b:ef:3c:dd:80:af:70:df:16:6d:91:73:0a:
+        42:31:af:82
 -----BEGIN CERTIFICATE-----
 MIIE1TCCA72gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNo
 YWluRy1JQ0E1LXBhdGhsZW4yMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMzEyMTMyMjE5MzJaFw0yNjA5MDgyMjE5MzJaMIGhMQswCQYDVQQG
+LmNvbTAeFw0yNDEyMTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMIGhMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMG
 A1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEdMBsGA1UE
 AwwUY2hhaW5HLUlDQTQtcGF0aGxlbjUxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -80,10 +80,10 @@ gaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMR4wHAYDVQQDDBVjaGFpbkctSUNBNi1wYXRobGVuMTAxHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBBTALBgNVHQ8E
-BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKbzMpnu/d6xRq1op2/YVZFjLQfOkS/j
-/48D48/CM3aRM18TcBDk4jtwAvzSfTnSGh6CLUDYp7tpGVH7wTJB5c9POfb43bTL
-8hE+3I3HppAnFEsobyCaWJI6QozHQDa1wEp+Jws3p3Hk/fSNJI3+PUpZTn6GAvLi
-CZVZyhm5I4QexhTZxAV6k3e0SvSRdT+JQ4uxX6U2CiqwoXuPMwGSTcHZUZijGxT5
-NI5826VcLLLNI7b2ZSWqLFzMOEmyd6qPczsAHzOUQ/3CNLrurH0NYlhyTep4KbWx
-KZlwjAAiHKOTys3IAiFXLRn9p/vHHBIMSQRzTH7dn54cW+QqU7bPfsQ=
+BAMCAQYwDQYJKoZIhvcNAQELBQADggEBACnwKCPjW3x5OE9U/FW1CyoyLaMPIZWA
+dNwg0SGXrNoxjOBfxaB4uTypM12bKF0q+n+ZMDzUdN1ksGkkbl8N3ymT4MqyJP38
+qA8hrqf3Ml28wIjQDDdtWDsvJczr1jidS4gy21WzGKOt49bNWEBuY1K2u/1VmV8p
+g3WgMyW8Sj+MiRI+Pje1Vic6NKFhtbBKbNr9rKHHjIj7Ok4u7EwMaz7pEVIA1Her
+WhtpG8zYhVfWhzRbj9v71hxqR2FkTO/5ERI1UwpkUqwLcRlkLVaF7voRQknCEFwG
+IFtmmu9cax2pEoZ8+URrMZGgXM4v7o9+m+883YCvcN8WbZFzCkIxr4I=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA5-pathlen20.pem b/certs/test-pathlen/chainG-ICA5-pathlen20.pem
index ff85cabc7..a5390a29c 100644
--- a/certs/test-pathlen/chainG-ICA5-pathlen20.pem
+++ b/certs/test-pathlen/chainG-ICA5-pathlen20.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA6-pathlen10, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA5-pathlen20, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:be:9d:98:a2:41:ca:64:1f:a2:34:dc:51:7d:49:
                     2b:f7:f8:7a:fc:1a:22:8d:3a:17:8e:00:9c:74:06:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:14:07:E8:A7:3A:A2:9C:DD:4C:30:B0:4D:F0:00:C4:88:C4:39:DF:73
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA7-pathlen100/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:20
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         d9:f9:09:10:86:29:c0:72:a4:93:87:4d:d3:79:ce:fa:f3:8a:
-         79:9a:d0:eb:6d:42:06:00:fc:2c:c3:fa:35:c5:b6:6d:a4:7f:
-         66:29:d2:ad:ed:50:a5:a8:1e:1b:24:db:f3:52:bf:54:b8:3f:
-         67:c2:be:f4:a4:fc:d2:77:74:a4:02:74:0d:fe:c5:e0:42:bd:
-         2b:7c:16:ae:a1:68:6f:e5:80:29:07:f3:5e:e4:0e:96:d2:ee:
-         cd:d2:82:00:22:a7:72:d7:c5:38:71:a0:ac:2a:38:03:c4:c1:
-         23:62:1e:fa:b3:24:32:0f:01:a4:64:a8:ab:79:60:55:77:da:
-         ca:76:00:14:2f:e0:e1:74:f9:72:e2:7d:aa:3d:6b:9f:50:ab:
-         72:31:40:4b:19:9d:b9:9a:12:de:db:15:c3:36:90:9d:48:6f:
-         7a:98:47:7a:65:a2:d5:5b:0c:f3:90:5d:dd:4e:1c:ba:72:b4:
-         ac:be:ca:1b:87:16:7f:f2:b0:33:9b:7a:26:37:eb:1f:cb:4d:
-         bf:c7:f1:01:80:b7:60:c4:ae:71:bb:ab:cc:bd:8a:ba:c4:23:
-         87:15:1e:b9:c7:6d:2d:44:fd:67:25:45:e2:cd:76:4d:87:a1:
-         80:e0:a2:e6:60:23:51:4d:17:b0:82:51:ef:0c:88:75:64:c1:
-         7b:8e:c2:29
+    Signature Value:
+        82:83:b0:69:a3:c1:19:0f:81:1d:53:ae:0d:44:60:ee:34:9a:
+        2b:58:3c:20:f1:ac:8d:ff:fe:8f:92:fe:ff:7a:bc:73:43:84:
+        c4:dd:63:3f:41:20:e9:5b:6d:da:4c:86:d9:7b:6c:41:1e:ab:
+        ad:4d:08:79:38:93:74:a0:ae:77:bb:13:7c:30:04:ca:92:b7:
+        b6:96:07:3f:ab:63:f2:2e:aa:87:b1:5a:55:76:a3:16:cc:3f:
+        36:a2:3a:07:e7:cb:5e:80:34:bf:7a:fa:df:8e:08:2b:24:b6:
+        d9:96:1f:3c:4f:be:9a:4b:88:45:e3:1b:64:f5:5f:f4:dd:24:
+        0b:de:e0:e8:16:b5:34:b4:79:0e:d2:f6:f1:62:91:db:63:c7:
+        a3:09:da:30:9e:10:3d:94:da:4a:3f:0f:c9:df:a8:39:e4:55:
+        eb:f8:34:e2:29:50:50:c7:65:32:67:93:3a:1d:e4:0b:ee:95:
+        fa:a5:55:a7:79:7d:7a:3f:51:1e:21:65:b8:70:13:80:c4:9d:
+        b4:73:c4:d1:75:86:4d:27:ed:e7:c2:0b:2a:d1:b4:cb:33:d6:
+        e1:82:2d:9a:cf:1b:34:77:80:32:f8:ff:2e:56:86:da:85:4e:
+        3e:88:02:e7:6b:cb:4a:5c:9e:7b:d5:9c:8f:9a:fe:6f:c0:b9:
+        85:11:21:db
 -----BEGIN CERTIFICATE-----
 MIIE1zCCA7+gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNo
 YWluRy1JQ0E2LXBhdGhsZW4xMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMzEyMTMyMjE5MzJaFw0yNjA5MDgyMjE5MzJaMIGiMQswCQYDVQQG
+LmNvbTAeFw0yNDEyMTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMIGiMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMG
 A1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEeMBwGA1UE
 AwwVY2hhaW5HLUlDQTUtcGF0aGxlbjIwMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -80,10 +80,10 @@ MIGjMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH
 U2VhdHRsZTEVMBMGA1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVl
 cmluZzEfMB0GA1UEAwwWY2hhaW5HLUlDQTctcGF0aGxlbjEwMDEfMB0GCSqGSIb3
 DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRMECDAGAQH/AgEUMAsGA1Ud
-DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEA2fkJEIYpwHKkk4dN03nO+vOKeZrQ
-621CBgD8LMP6NcW2baR/ZinSre1QpageGyTb81K/VLg/Z8K+9KT80nd0pAJ0Df7F
-4EK9K3wWrqFob+WAKQfzXuQOltLuzdKCACKnctfFOHGgrCo4A8TBI2Ie+rMkMg8B
-pGSoq3lgVXfaynYAFC/g4XT5cuJ9qj1rn1CrcjFASxmduZoS3tsVwzaQnUhvephH
-emWi1VsM85Bd3U4cunK0rL7KG4cWf/KwM5t6JjfrH8tNv8fxAYC3YMSucburzL2K
-usQjhxUeucdtLUT9ZyVF4s12TYehgOCi5mAjUU0XsIJR7wyIdWTBe47CKQ==
+DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAgoOwaaPBGQ+BHVOuDURg7jSaK1g8
+IPGsjf/+j5L+/3q8c0OExN1jP0Eg6Vtt2kyG2XtsQR6rrU0IeTiTdKCud7sTfDAE
+ypK3tpYHP6tj8i6qh7FaVXajFsw/NqI6B+fLXoA0v3r6344IKyS22ZYfPE++mkuI
+ReMbZPVf9N0kC97g6Ba1NLR5DtL28WKR22PHownaMJ4QPZTaSj8Pyd+oOeRV6/g0
+4ilQUMdlMmeTOh3kC+6V+qVVp3l9ej9RHiFluHATgMSdtHPE0XWGTSft58ILKtG0
+yzPW4YItms8bNHeAMvj/LlaG2oVOPogC52vLSlyee9Wcj5r+b8C5hREh2w==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA6-pathlen10.pem b/certs/test-pathlen/chainG-ICA6-pathlen10.pem
index 8f35c3849..be2c31d72 100644
--- a/certs/test-pathlen/chainG-ICA6-pathlen10.pem
+++ b/certs/test-pathlen/chainG-ICA6-pathlen10.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA7-pathlen100, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA6-pathlen10, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e1:4f:c9:e7:30:ea:06:ff:65:cb:2b:6c:f1:a8:
                     ac:f6:cf:10:6b:80:7a:af:5e:42:0a:0d:61:be:6f:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:12:E4:A4:19:85:AE:85:B7:D6:EB:63:04:D5:B9:B0:7E:57:5F:0C:16
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:10
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         74:9d:3a:da:91:b6:e0:2d:7d:89:b6:6d:16:7d:f0:28:ba:9f:
-         e5:52:a0:21:92:06:77:77:9a:9a:78:47:56:de:39:4d:64:43:
-         1c:e7:06:02:fd:00:42:1d:2d:71:ef:6e:a3:4f:39:1a:e9:fc:
-         8d:9c:94:32:60:a9:56:12:ee:69:7f:59:ef:30:5f:c4:d6:56:
-         26:1a:9a:bb:c4:ec:01:09:0a:e3:14:ab:44:41:08:75:2a:6b:
-         80:69:58:5d:2e:1a:2a:00:26:0c:b0:36:cd:fb:c1:87:7e:b8:
-         58:ce:4d:32:57:e5:62:2e:64:e3:c9:52:67:21:28:40:16:88:
-         b2:37:19:e0:93:c8:4c:ca:f9:2b:1d:2c:d9:91:82:ac:b4:79:
-         d9:90:79:e5:95:76:03:a2:6b:d8:ef:24:66:1d:a3:3b:6f:c6:
-         0c:95:f2:c3:59:37:f9:87:db:e6:a6:e5:f1:6f:70:92:60:e0:
-         6d:cd:b8:14:69:95:26:56:2c:cc:0e:7e:d4:39:dd:6e:44:32:
-         eb:27:15:00:0f:fa:02:60:32:a5:6c:69:f0:cd:31:c6:b8:ff:
-         1c:59:2f:0f:4d:28:9b:67:79:ea:4f:2c:a6:e0:f1:cf:19:3f:
-         4f:44:2c:61:2e:08:48:cb:11:e2:82:8a:c0:88:53:ad:6b:ba:
-         7e:d6:fa:61
+    Signature Value:
+        b2:a8:44:05:e8:64:53:f1:a8:c0:d3:ae:ec:58:41:a1:89:b1:
+        c3:b6:5c:ce:23:8a:62:e0:1e:d0:b6:e4:8b:bd:bb:3b:33:83:
+        27:b0:e6:e5:1b:c0:65:bd:4d:2d:bd:92:db:a1:c1:57:2a:05:
+        a1:4e:2d:98:fe:00:46:b9:ec:e9:9e:10:cb:3c:e4:84:3f:de:
+        4f:86:84:f6:12:37:67:6d:d2:c1:85:3b:da:aa:b4:43:68:9b:
+        30:b9:47:a9:04:70:74:b6:34:37:c0:dd:1c:60:a6:04:33:8e:
+        3b:d0:c8:cc:67:43:ef:79:56:09:bd:27:64:1d:a7:3e:a1:c9:
+        c9:29:99:5d:21:6a:d6:ee:2b:31:a0:f7:95:4e:8c:09:07:f5:
+        f7:64:ca:8e:47:4d:ce:08:1b:1c:a9:40:aa:d9:45:b2:ac:3f:
+        41:5f:d7:7c:ba:10:00:ba:1d:74:ea:45:3e:eb:df:10:4e:1b:
+        32:47:75:ae:c9:f3:d0:67:cc:01:89:ec:59:6a:d2:6a:00:5a:
+        5a:1d:62:4b:05:50:f0:ae:d3:9d:5e:13:89:c5:f1:3a:5f:29:
+        ac:90:5b:fa:09:3e:a0:35:1a:aa:47:39:17:82:74:c2:7f:f8:
+        05:4b:61:0d:19:f6:68:0f:9c:a5:9c:f2:56:16:28:d4:f1:a8:
+        80:5a:e9:d9
 -----BEGIN CERTIFICATE-----
 MIIEyTCCA7GgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluRy1JQ0E3LXBhdGhsZW4xMDAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBojELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBojELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNV
 BAMMFWNoYWluRy1JQ0E2LXBhdGhsZW4xMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
@@ -80,10 +80,10 @@ lzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgw
 FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
 ZnNzbC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBCjALBgNVHQ8EBAMCAQYwDQYJKoZI
-hvcNAQELBQADggEBAHSdOtqRtuAtfYm2bRZ98Ci6n+VSoCGSBnd3mpp4R1beOU1k
-QxznBgL9AEIdLXHvbqNPORrp/I2clDJgqVYS7ml/We8wX8TWViYamrvE7AEJCuMU
-q0RBCHUqa4BpWF0uGioAJgywNs37wYd+uFjOTTJX5WIuZOPJUmchKEAWiLI3GeCT
-yEzK+SsdLNmRgqy0edmQeeWVdgOia9jvJGYdoztvxgyV8sNZN/mH2+am5fFvcJJg
-4G3NuBRplSZWLMwOftQ53W5EMusnFQAP+gJgMqVsafDNMca4/xxZLw9NKJtneepP
-LKbg8c8ZP09ELGEuCEjLEeKCisCIU61run7W+mE=
+hvcNAQELBQADggEBALKoRAXoZFPxqMDTruxYQaGJscO2XM4jimLgHtC25Iu9uzsz
+gyew5uUbwGW9TS29ktuhwVcqBaFOLZj+AEa57OmeEMs85IQ/3k+GhPYSN2dt0sGF
+O9qqtENomzC5R6kEcHS2NDfA3RxgpgQzjjvQyMxnQ+95Vgm9J2Qdpz6hyckpmV0h
+atbuKzGg95VOjAkH9fdkyo5HTc4IGxypQKrZRbKsP0Ff13y6EAC6HXTqRT7r3xBO
+GzJHda7J89BnzAGJ7Flq0moAWlodYksFUPCu051eE4nF8TpfKayQW/oJPqA1GqpH
+OReCdMJ/+AVLYQ0Z9mgPnKWc8lYWKNTxqIBa6dk=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-ICA7-pathlen100.pem b/certs/test-pathlen/chainG-ICA7-pathlen100.pem
index 1a3bed297..83734caa0 100644
--- a/certs/test-pathlen/chainG-ICA7-pathlen100.pem
+++ b/certs/test-pathlen/chainG-ICA7-pathlen100.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA7-pathlen100, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d6:8c:d6:c4:29:20:60:9d:15:3d:0c:2a:fb:24:
                     2f:38:89:ed:37:c4:fc:57:67:2a:50:d8:eb:e2:6a:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:100
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         18:8c:dc:f0:e2:14:b8:33:68:ed:a7:5e:f9:12:72:93:58:a0:
-         91:2a:d5:87:77:21:24:e9:b6:af:d3:af:55:8b:31:1c:a8:bb:
-         3a:30:94:bb:aa:d4:5e:bb:17:d1:93:57:51:e6:32:f0:c7:e6:
-         76:86:06:6d:c7:2a:35:c2:a3:2f:54:d6:bf:b1:25:7e:e4:0b:
-         1a:dd:62:ce:34:d5:18:b4:4d:d0:76:52:d4:63:00:8b:90:72:
-         4e:77:ff:c1:1b:bf:31:d1:6d:d2:75:69:5a:0c:a6:b2:42:e7:
-         97:c9:a1:47:50:16:89:ee:20:ee:e7:c0:c8:06:7f:5e:55:0a:
-         79:90:ed:2d:11:83:49:23:f0:89:08:cb:9c:84:6e:f5:6b:fe:
-         b2:2c:16:0e:74:d9:a8:35:9b:1d:1c:6a:ab:58:dd:32:09:d2:
-         67:c2:eb:27:18:8e:70:31:58:c2:f1:20:06:98:ac:39:5a:c2:
-         0b:43:60:a8:74:35:b1:32:bd:83:4b:df:db:18:46:e1:ac:7e:
-         13:4a:09:6b:05:98:7a:98:e9:e0:1a:1d:a7:88:34:c6:4b:06:
-         14:69:78:8d:29:83:c2:ee:52:af:00:a3:4d:d8:61:04:5a:0c:
-         e5:62:f4:c7:ac:8a:f3:7d:90:10:08:7c:15:d1:37:01:3c:bc:
-         89:f8:60:24
+    Signature Value:
+        6e:e1:82:63:6d:12:37:10:55:48:1b:9a:15:95:0d:7b:25:3a:
+        46:59:ed:a0:57:cb:f5:fa:01:66:f8:a7:12:0a:a0:0e:8d:e1:
+        66:d5:83:46:0f:06:d3:47:2b:f9:0b:e3:b6:d8:8e:f2:2e:4c:
+        cd:74:a6:6d:90:51:62:58:4e:f2:a1:0a:ae:22:03:a2:1d:69:
+        ff:ab:05:62:5e:d2:89:a7:9f:67:11:f9:13:47:0a:8c:e9:56:
+        6e:88:38:50:df:53:20:47:6f:33:79:d1:a2:dc:f0:42:a6:10:
+        9b:9e:c0:93:4a:06:51:09:9e:1a:b1:c2:49:46:dd:4d:60:19:
+        d3:eb:5d:75:9f:9d:eb:c7:80:d8:4b:b1:72:6f:7c:99:0a:c3:
+        dc:96:13:03:60:2d:27:a3:b0:f0:2f:3c:83:fe:90:38:87:84:
+        fe:36:7d:c3:38:23:b2:a9:77:f9:9c:27:9e:67:2d:5e:98:ca:
+        e8:c6:59:c6:74:2f:19:42:08:52:e8:c2:ff:48:f4:8f:14:04:
+        ed:3e:6b:88:fb:d2:f7:b8:75:c6:27:f3:71:43:7c:ab:41:ad:
+        01:e4:13:51:f5:27:4f:7f:e6:c4:bb:5b:85:70:21:ac:75:ac:
+        2b:66:82:de:49:68:e4:00:1d:dc:54:d5:8f:d0:ad:19:c5:df:
+        38:69:af:fc
 -----BEGIN CERTIFICATE-----
 MIIEzjCCA7agAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRy1JQ0E3
 LXBhdGhsZW4xMDAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
@@ -78,12 +78,12 @@ AAGjggEYMIIBFDAdBgNVHQ4EFgQUEuSkGYWuhbfW62ME1bmwfldfDBYwgdQGA1Ud
 IwSBzDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
 DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqo
-bAHs9mDycFEKTNEU+rzpRDAPBgNVHRMECDAGAQH/AgFkMAsGA1UdDwQEAwIBBjAN
-BgkqhkiG9w0BAQsFAAOCAQEAGIzc8OIUuDNo7ade+RJyk1igkSrVh3chJOm2r9Ov
-VYsxHKi7OjCUu6rUXrsX0ZNXUeYy8MfmdoYGbccqNcKjL1TWv7ElfuQLGt1izjTV
-GLRN0HZS1GMAi5ByTnf/wRu/MdFt0nVpWgymskLnl8mhR1AWie4g7ufAyAZ/XlUK
-eZDtLRGDSSPwiQjLnIRu9Wv+siwWDnTZqDWbHRxqq1jdMgnSZ8LrJxiOcDFYwvEg
-BpisOVrCC0NgqHQ1sTK9g0vf2xhG4ax+E0oJawWYepjp4Bodp4g0xksGFGl4jSmD
-wu5SrwCjTdhhBFoM5WL0x6yK832QEAh8FdE3ATy8ifhgJA==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG
+8aOUZRmhCFjvp40reoPB2jAPBgNVHRMECDAGAQH/AgFkMAsGA1UdDwQEAwIBBjAN
+BgkqhkiG9w0BAQsFAAOCAQEAbuGCY20SNxBVSBuaFZUNeyU6RlntoFfL9foBZvin
+EgqgDo3hZtWDRg8G00cr+QvjttiO8i5MzXSmbZBRYlhO8qEKriIDoh1p/6sFYl7S
+iaefZxH5E0cKjOlWbog4UN9TIEdvM3nRotzwQqYQm57Ak0oGUQmeGrHCSUbdTWAZ
+0+tddZ+d68eA2Euxcm98mQrD3JYTA2AtJ6Ow8C88g/6QOIeE/jZ9wzgjsql3+Zwn
+nmctXpjK6MZZxnQvGUIIUujC/0j0jxQE7T5riPvS97h1xifzcUN8q0GtAeQTUfUn
+T3/mxLtbhXAhrHWsK2aC3klo5AAd3FTVj9CtGcXfOGmv/A==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-assembled.pem b/certs/test-pathlen/chainG-assembled.pem
index c8990912a..d4d4e749b 100644
--- a/certs/test-pathlen/chainG-assembled.pem
+++ b/certs/test-pathlen/chainG-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:7b:82:23:a2:34:e7:cb:89:4e:64:cc:f2:98:
                     c8:65:8f:e2:69:55:54:4b:3c:8b:c0:1f:67:37:7f:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:47:C0:19:4B:ED:C4:DA:97:B1:60:EA:5A:0A:42:6D:A5:D3:D8:25:31
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA2-pathlen1/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         27:b7:93:b7:fd:71:ab:7c:a5:a2:8e:e7:4c:77:67:4c:f2:28:
-         b7:82:bb:4a:85:95:bf:84:57:04:49:ac:be:02:cc:6b:fd:0f:
-         d8:66:c8:a0:eb:40:55:cf:a1:e3:d1:e0:fe:9a:40:b5:2e:ee:
-         b2:bf:48:fa:20:57:fd:c7:df:de:68:8f:82:5d:58:ec:25:0a:
-         a8:97:73:dc:e6:66:f5:49:64:9a:e9:b1:e2:86:4e:d1:04:59:
-         0f:32:e1:c5:dd:d4:39:b0:ad:e9:cc:ad:87:ef:ab:8e:fe:74:
-         4c:7e:b2:cb:41:3c:54:ed:b7:8d:4b:fd:97:6e:26:22:32:9e:
-         94:26:aa:45:7d:65:c1:c8:10:67:63:09:09:42:04:04:9d:0c:
-         53:bb:18:f6:ce:af:dc:e7:63:d4:c8:bb:b4:6a:86:52:45:6a:
-         96:a1:54:3d:8c:25:7d:1a:b1:16:65:7a:8b:ec:01:fa:c4:73:
-         98:49:3c:c3:18:2f:48:3e:45:10:45:c0:85:2c:16:88:65:2b:
-         02:0b:0b:02:67:d2:2a:1d:bd:66:14:f5:8d:d1:8e:f8:eb:7a:
-         b5:db:4e:f7:ce:fa:6f:67:a0:a2:6b:37:85:7a:f7:34:8a:71:
-         9a:e5:34:2a:fd:6a:4a:ec:3e:38:e3:30:89:f3:e6:c4:a9:a6:
-         a4:79:35:9b
+    Signature Value:
+        7a:13:a7:3c:50:c4:18:3d:cf:ee:9c:df:1b:50:59:cf:19:66:
+        5e:a6:d7:21:e8:38:e9:c1:74:73:1b:40:44:47:42:40:58:e4:
+        1b:0c:c1:61:10:9b:f7:4a:9c:7e:43:7e:23:2c:59:0f:a2:61:
+        4e:36:c7:95:af:64:a9:52:05:d0:87:87:54:63:6f:5f:14:97:
+        45:a2:85:ff:eb:d1:61:53:de:9e:30:0d:66:96:dd:cf:c1:ae:
+        9d:4d:f6:01:52:18:63:69:64:2b:7f:35:b9:91:50:83:e3:8b:
+        47:82:6e:bc:16:50:5f:1f:ea:5f:74:e0:e8:f7:6f:41:49:ed:
+        ca:d8:48:95:f4:6c:ba:2f:27:b7:fc:03:08:c5:61:72:b0:25:
+        63:56:08:1f:70:01:3b:65:48:7b:d6:04:77:5a:c0:60:af:a8:
+        0e:99:7a:9f:5c:6b:b3:d4:a0:d7:48:4d:7b:68:e5:52:1f:e8:
+        c3:d8:3d:6c:81:9e:96:1e:57:b1:cd:d7:01:80:76:df:3a:99:
+        7a:84:57:35:a8:ae:70:04:bd:62:64:39:88:17:be:f1:7a:5d:
+        c6:cf:d0:90:88:65:81:ae:e0:51:3a:b5:a9:90:68:56:2e:aa:
+        78:61:86:7a:89:9c:77:94:9b:37:4e:43:24:e5:f6:6a:2a:b4:
+        55:71:74:6a
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRy1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkctZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,13 +77,13 @@ VR0jBIHGMIHDgBRHwBlL7cTal7Fg6loKQm2l09glMaGBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluRy1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBACe3k7f9
-cat8paKO50x3Z0zyKLeCu0qFlb+EVwRJrL4CzGv9D9hmyKDrQFXPoePR4P6aQLUu
-7rK/SPogV/3H395oj4JdWOwlCqiXc9zmZvVJZJrpseKGTtEEWQ8y4cXd1DmwrenM
-rYfvq47+dEx+sstBPFTtt41L/ZduJiIynpQmqkV9ZcHIEGdjCQlCBASdDFO7GPbO
-r9znY9TIu7RqhlJFapahVD2MJX0asRZleovsAfrEc5hJPMMYL0g+RRBFwIUsFohl
-KwILCwJn0iodvWYU9Y3RjvjrerXbTvfO+m9noKJrN4V69zSKcZrlNCr9akrsPjjj
-MInz5sSppqR5NZs=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAHoTpzxQ
+xBg9z+6c3xtQWc8ZZl6m1yHoOOnBdHMbQERHQkBY5BsMwWEQm/dKnH5DfiMsWQ+i
+YU42x5WvZKlSBdCHh1Rjb18Ul0Wihf/r0WFT3p4wDWaW3c/Brp1N9gFSGGNpZCt/
+NbmRUIPji0eCbrwWUF8f6l904Oj3b0FJ7crYSJX0bLovJ7f8AwjFYXKwJWNWCB9w
+ATtlSHvWBHdawGCvqA6Zep9ca7PUoNdITXto5VIf6MPYPWyBnpYeV7HN1wGAdt86
+mXqEVzWornAEvWJkOYgXvvF6XcbP0JCIZYGu4FE6tamQaFYuqnhhhnqJnHeUmzdO
+QyTl9moqtFVxdGo=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -92,12 +92,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d2:26:be:51:98:42:e0:1f:ae:fc:c2:cb:ba:d5:
                     0f:44:3b:0b:60:d8:49:ec:03:43:6b:06:ce:f2:28:
@@ -125,33 +125,33 @@ Certificate:
                 keyid:E1:E6:9B:28:CF:FD:AB:45:C1:B7:A7:C4:C9:58:FC:41:E3:1A:5C:74
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA3-pathlen99/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         6e:12:75:fb:ac:2b:b3:b5:f3:f8:0c:2b:61:c3:22:c0:1f:16:
-         cf:36:8c:b2:fc:be:83:ad:81:3d:e9:4e:76:e3:85:db:34:b4:
-         b1:a6:ed:fe:82:ee:b2:7c:64:14:e4:1f:d6:fb:16:3e:36:d7:
-         a1:f3:99:99:7c:48:96:50:d0:e4:29:43:42:93:7c:8e:24:fc:
-         ba:6b:89:1c:1b:c8:39:d2:62:5e:7f:ac:0c:e8:7d:f4:90:94:
-         a3:dc:5d:d4:25:60:07:6f:97:6c:a1:4f:5a:ec:84:70:46:de:
-         4d:74:a8:5c:48:32:94:6d:69:81:65:c6:c4:ef:3e:31:fc:40:
-         f5:5c:10:29:23:49:a7:ca:27:27:33:ed:3f:65:1a:95:f0:57:
-         5a:32:19:b4:4d:66:c5:19:15:4b:a9:79:c9:fb:cd:02:57:04:
-         c2:33:6d:6c:85:67:14:16:7a:d2:32:a0:66:c4:b9:0d:43:bd:
-         57:52:27:da:af:f1:df:68:27:74:b9:dd:d3:3c:ba:79:d0:46:
-         2c:91:fc:1c:65:a4:3a:ea:82:25:c9:b1:2f:7d:78:85:62:1f:
-         a4:4c:69:fc:a3:95:c3:0a:ce:ed:10:24:ec:f7:17:bf:22:42:
-         44:ac:0d:77:a1:3d:9d:d0:fb:03:1b:b7:79:8a:ba:6e:3c:a4:
-         3e:1c:0a:54
+    Signature Value:
+        10:ac:6a:7c:e3:78:f4:f0:6d:a5:c2:6f:6b:af:ef:eb:dd:98:
+        c5:ae:75:82:95:16:cb:c8:76:4e:84:44:d3:fd:6e:69:37:5c:
+        db:5a:f6:59:f1:a1:bb:5f:50:b9:6e:3d:b6:12:21:cb:14:91:
+        8e:b0:9c:35:96:38:b4:0d:51:4a:a7:a7:d2:23:54:82:04:96:
+        fb:8f:34:84:80:87:ac:b5:f9:3f:6f:ec:1d:c6:8b:ee:1a:ee:
+        d8:e2:d8:b5:e0:b6:b6:92:97:fb:c9:cf:67:e1:9a:40:ee:8d:
+        54:24:1a:cb:5b:1b:0b:6a:83:9d:cf:a6:3b:ec:41:96:f5:cb:
+        fe:87:52:23:66:67:4a:48:7f:3b:5a:d1:63:c7:c6:40:fd:41:
+        51:8e:86:3a:5f:34:50:cd:56:ce:de:1a:ab:a0:87:08:b4:b3:
+        89:fe:b3:64:11:be:c3:f7:81:f1:b4:c1:9d:c3:ce:72:49:d3:
+        c4:d2:33:0a:db:f1:85:76:69:2f:94:f8:59:77:b7:c8:ff:4c:
+        69:b9:68:bb:ee:ff:a1:17:cb:d9:7d:5a:8f:bb:a7:93:ed:e6:
+        dd:60:8d:25:31:5d:90:51:74:24:c3:8f:62:90:02:f8:db:ad:
+        fd:e9:0a:fd:c2:ad:6a:2f:83:4f:8b:49:7d:c8:60:6d:98:57:
+        43:15:f1:3a
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRy1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkctSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -167,12 +167,12 @@ ojELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl
 YXR0bGUxFTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxHjAcBgNVBAMMFWNoYWluRy1JQ0EzLXBhdGhsZW45OTEfMB0GCSqGSIb3DQEJ
 ARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAbhJ1+6wrs7Xz+AwrYcMiwB8WzzaMsvy+
-g62BPelOduOF2zS0sabt/oLusnxkFOQf1vsWPjbXofOZmXxIllDQ5ClDQpN8jiT8
-umuJHBvIOdJiXn+sDOh99JCUo9xd1CVgB2+XbKFPWuyEcEbeTXSoXEgylG1pgWXG
-xO8+MfxA9VwQKSNJp8onJzPtP2UalfBXWjIZtE1mxRkVS6l5yfvNAlcEwjNtbIVn
-FBZ60jKgZsS5DUO9V1In2q/x32gndLnd0zy6edBGLJH8HGWkOuqCJcmxL314hWIf
-pExp/KOVwwrO7RAk7PcXvyJCRKwNd6E9ndD7Axu3eYq6bjykPhwKVA==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAEKxqfON49PBtpcJva6/v692Yxa51gpUW
+y8h2ToRE0/1uaTdc21r2WfGhu19QuW49thIhyxSRjrCcNZY4tA1RSqen0iNUggSW
++480hICHrLX5P2/sHcaL7hru2OLYteC2tpKX+8nPZ+GaQO6NVCQay1sbC2qDnc+m
+O+xBlvXL/odSI2ZnSkh/O1rRY8fGQP1BUY6GOl80UM1Wzt4aq6CHCLSzif6zZBG+
+w/eB8bTBncPOcknTxNIzCtvxhXZpL5T4WXe3yP9Mablou+7/oRfL2X1aj7unk+3m
+3WCNJTFdkFF0JMOPYpAC+Nut/ekK/cKtai+DT4tJfchgbZhXQxXxOg==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -181,12 +181,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA3-pathlen99, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA2-pathlen1, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d7:3e:de:b9:f9:a9:d7:8e:7a:4b:f2:f1:8c:f9:
                     3b:1c:ce:59:31:4c:57:0c:2e:8a:0f:90:f0:dc:27:
@@ -214,33 +214,33 @@ Certificate:
                 keyid:C1:CD:1F:81:13:82:24:3B:CF:64:51:7A:4C:E3:65:2E:75:1E:01:23
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA4-pathlen5/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:1
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         50:65:9b:1d:8b:6a:ae:9b:d4:f1:ff:57:ac:51:48:fd:c8:9e:
-         19:bb:b2:00:bf:54:ee:c8:d4:2f:eb:5b:ff:17:1e:7c:aa:1d:
-         d4:01:9f:e8:cb:c4:8c:e5:ee:99:04:33:e8:16:3a:fc:44:bd:
-         56:a5:45:e7:e9:fb:88:25:11:4b:07:73:5d:37:21:47:47:9d:
-         f8:e0:89:e0:e4:c0:6a:f4:64:25:e7:b7:d9:47:53:ff:d5:6f:
-         f3:e4:8d:b2:33:f6:ce:46:5b:80:82:8f:05:18:f4:bc:90:5a:
-         af:4a:7f:9d:67:08:f7:41:27:05:c5:34:46:03:fc:14:2e:4e:
-         81:f3:ca:3d:67:9e:a9:53:ec:5b:df:38:d4:b5:92:3d:55:94:
-         df:88:be:a1:e7:14:18:a2:9d:22:5d:10:69:f8:54:c3:a9:14:
-         ef:8e:af:e1:8a:f8:cd:6d:7e:26:30:2c:40:bc:50:49:e5:9f:
-         bc:8f:de:30:23:93:c4:25:b3:e6:fb:b5:64:82:57:41:ac:79:
-         1e:58:9e:6c:67:dc:18:ed:c4:60:79:06:b1:ee:9f:4c:2c:a3:
-         9c:61:d7:77:33:b5:64:50:65:88:33:a0:30:57:99:0f:a9:aa:
-         a7:b3:a8:0d:b1:c5:ce:5a:34:a8:31:47:e4:66:62:b2:11:0e:
-         b9:58:4f:06
+    Signature Value:
+        98:19:29:17:65:3d:c1:a4:8c:35:ae:dc:7f:28:6f:09:9e:4a:
+        02:60:70:d6:5d:bb:6a:44:23:38:28:59:63:3d:a8:38:3c:17:
+        2b:a4:73:67:b7:a8:3e:b1:ea:8d:50:f8:8f:89:d9:72:4c:59:
+        d3:48:b6:3a:52:f4:e5:b7:3d:9f:10:71:9e:7c:b1:1b:9b:f7:
+        9c:03:97:49:0d:0f:3b:23:58:a1:20:4e:39:cb:c8:26:04:57:
+        32:a9:74:cf:dd:f2:e4:dd:03:cd:e5:0d:5d:95:16:a8:06:7a:
+        c3:00:c7:ae:dc:37:a9:b4:3e:32:cf:b3:a4:ba:1f:7a:74:74:
+        29:c2:e5:9c:ee:11:85:b6:2d:10:83:35:c1:de:dc:89:7b:ca:
+        63:ac:89:b7:02:20:77:b1:0f:3e:02:c7:b2:e6:d4:51:e4:76:
+        47:b7:bc:94:fc:7f:61:22:5a:3c:3a:9b:bd:b2:d0:b7:ee:3a:
+        f5:b4:33:85:3b:d6:5b:17:8f:24:60:0b:66:6f:6a:2e:64:bb:
+        a1:0e:4c:18:14:09:ba:01:02:6a:20:ad:75:a1:2d:c1:cb:4b:
+        65:37:38:ac:33:9a:bd:df:1f:02:4a:df:a9:a2:68:a2:87:37:
+        dc:ca:7f:b1:a6:ae:ee:f8:3f:77:bf:6c:6b:b0:9b:73:9d:ef:
+        46:d3:bb:13
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNo
 YWluRy1JQ0EzLXBhdGhsZW45OTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMzEyMTMyMjE5MzJaFw0yNjA5MDgyMjE5MzJaMIGhMQswCQYDVQQG
+LmNvbTAeFw0yNDEyMTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMIGhMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMG
 A1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEdMBsGA1UE
 AwwUY2hhaW5HLUlDQTItcGF0aGxlbjExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -256,12 +256,12 @@ gaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMR0wGwYDVQQDDBRjaGFpbkctSUNBNC1wYXRobGVuNTEfMB0GCSqGSIb3DQEJ
 ARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRMECDAGAQH/AgEBMAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAUGWbHYtqrpvU8f9XrFFI/cieGbuyAL9U
-7sjUL+tb/xcefKod1AGf6MvEjOXumQQz6BY6/ES9VqVF5+n7iCURSwdzXTchR0ed
-+OCJ4OTAavRkJee32UdT/9Vv8+SNsjP2zkZbgIKPBRj0vJBar0p/nWcI90EnBcU0
-RgP8FC5OgfPKPWeeqVPsW9841LWSPVWU34i+oecUGKKdIl0QafhUw6kU746v4Yr4
-zW1+JjAsQLxQSeWfvI/eMCOTxCWz5vu1ZIJXQax5HliebGfcGO3EYHkGse6fTCyj
-nGHXdzO1ZFBliDOgMFeZD6mqp7OoDbHFzlo0qDFH5GZishEOuVhPBg==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAmBkpF2U9waSMNa7cfyhvCZ5KAmBw1l27
+akQjOChZYz2oODwXK6RzZ7eoPrHqjVD4j4nZckxZ00i2OlL05bc9nxBxnnyxG5v3
+nAOXSQ0POyNYoSBOOcvIJgRXMql0z93y5N0DzeUNXZUWqAZ6wwDHrtw3qbQ+Ms+z
+pLofenR0KcLlnO4RhbYtEIM1wd7ciXvKY6yJtwIgd7EPPgLHsubUUeR2R7e8lPx/
+YSJaPDqbvbLQt+469bQzhTvWWxePJGALZm9qLmS7oQ5MGBQJugECaiCtdaEtwctL
+ZTc4rDOavd8fAkrfqaJoooc33Mp/saau7vg/d79sa7Cbc53vRtO7Ew==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -270,12 +270,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA4-pathlen5, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA3-pathlen99, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ac:f1:39:65:f7:9c:9d:f6:f0:d2:b7:18:16:24:
                     81:32:b7:a5:29:d6:f7:4e:31:38:a7:54:d6:eb:07:
@@ -303,33 +303,33 @@ Certificate:
                 keyid:D4:92:AE:BD:3B:1C:66:4B:17:88:18:15:F8:27:AB:38:CC:07:5A:65
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA5-pathlen20/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:99
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         0b:ad:52:52:31:8c:12:70:07:6c:05:83:b3:84:cf:c2:64:da:
-         43:d2:cc:6c:db:ef:a5:ae:9b:44:96:4e:fe:fd:b9:61:56:59:
-         e2:f2:52:c8:1b:52:2c:36:79:5d:6a:83:a1:c8:03:9a:7a:80:
-         4f:ee:9d:48:87:f4:cb:9b:5e:84:c8:f8:b8:0c:77:e1:cb:40:
-         ac:28:eb:58:07:e4:06:a7:50:e2:44:48:bc:a3:2f:5d:f1:fa:
-         0c:4d:1d:84:0a:57:e5:0c:b9:bb:41:b9:12:17:09:25:9f:99:
-         02:6b:9e:83:fb:07:f8:3f:59:b2:04:62:b7:12:e7:61:8b:48:
-         a7:cc:29:ce:11:f9:7c:64:dd:5c:51:d3:ac:0c:54:4b:22:7e:
-         29:de:98:50:80:f8:1a:65:64:3c:fb:a6:07:bb:e8:b1:a4:e8:
-         f1:7b:07:fd:e2:50:07:67:f5:7a:fa:76:4d:1c:7f:1a:e3:52:
-         ad:13:a6:b5:89:9e:f5:11:68:12:13:dc:59:86:9d:f9:83:18:
-         52:ee:09:24:6a:37:e9:85:95:ac:93:09:23:09:0e:f3:66:a8:
-         85:ee:d1:e4:40:01:f3:c2:c3:1f:48:74:76:2b:7e:4c:9b:a9:
-         a2:2f:c8:7c:74:60:2d:98:e8:63:09:cf:8f:a8:c8:8a:7f:c4:
-         d4:f3:34:ad
+    Signature Value:
+        03:3a:72:4d:48:13:39:45:02:48:80:fe:e2:b0:6f:69:90:fe:
+        ce:79:e0:76:b2:10:0c:a3:f7:99:3d:3c:76:de:27:83:e3:bc:
+        bd:a7:f0:c7:80:d8:db:0d:2b:04:fc:14:6b:4e:3f:6d:96:a6:
+        af:8f:be:eb:d9:cc:ec:92:15:06:cc:d6:eb:91:11:20:40:45:
+        9f:08:fe:19:fb:c5:ac:07:9d:9c:a5:ae:2e:01:d7:0a:02:a0:
+        1d:cf:62:e6:79:47:e4:57:21:1e:ed:9d:5b:94:d7:3f:4e:6a:
+        59:54:ec:29:bd:98:54:72:9c:b9:83:ac:09:b8:97:b1:c1:2e:
+        6b:c3:0b:5f:78:fa:46:d0:bf:8c:70:91:85:ec:17:93:54:f4:
+        b9:80:fc:4c:cd:ad:3f:ae:84:40:97:d0:ed:32:5f:de:09:55:
+        7c:26:bf:e6:85:27:09:77:1c:63:ce:3e:5c:3b:64:f8:d8:b7:
+        6c:74:e0:c9:eb:13:9b:2c:12:2f:02:ec:e3:e7:82:ef:a1:fe:
+        eb:93:39:d6:73:88:00:7f:15:af:ad:50:66:65:a1:15:41:22:
+        ce:0f:52:44:d4:82:9c:7c:9b:33:3d:bc:f8:5b:05:e4:5b:69:
+        db:11:00:41:d3:30:90:34:f2:74:0e:f5:d8:67:be:2e:70:f6:
+        e5:8f:0c:6d
 -----BEGIN CERTIFICATE-----
 MIIE1TCCA72gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRy1JQ0E0LXBhdGhsZW41MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaIxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaIxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR4wHAYDVQQD
 DBVjaGFpbkctSUNBMy1wYXRobGVuOTkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -345,12 +345,12 @@ gaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMR4wHAYDVQQDDBVjaGFpbkctSUNBNS1wYXRobGVuMjAxHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBYzALBgNVHQ8E
-BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAAutUlIxjBJwB2wFg7OEz8Jk2kPSzGzb
-76Wum0SWTv79uWFWWeLyUsgbUiw2eV1qg6HIA5p6gE/unUiH9MubXoTI+LgMd+HL
-QKwo61gH5AanUOJESLyjL13x+gxNHYQKV+UMubtBuRIXCSWfmQJrnoP7B/g/WbIE
-YrcS52GLSKfMKc4R+Xxk3VxR06wMVEsifinemFCA+BplZDz7pge76LGk6PF7B/3i
-UAdn9Xr6dk0cfxrjUq0TprWJnvURaBIT3FmGnfmDGFLuCSRqN+mFlayTCSMJDvNm
-qIXu0eRAAfPCwx9IdHYrfkybqaIvyHx0YC2Y6GMJz4+oyIp/xNTzNK0=
+BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAAM6ck1IEzlFAkiA/uKwb2mQ/s554Hay
+EAyj95k9PHbeJ4PjvL2n8MeA2NsNKwT8FGtOP22Wpq+PvuvZzOySFQbM1uuRESBA
+RZ8I/hn7xawHnZylri4B1woCoB3PYuZ5R+RXIR7tnVuU1z9OallU7Cm9mFRynLmD
+rAm4l7HBLmvDC194+kbQv4xwkYXsF5NU9LmA/EzNrT+uhECX0O0yX94JVXwmv+aF
+Jwl3HGPOPlw7ZPjYt2x04MnrE5ssEi8C7OPngu+h/uuTOdZziAB/Fa+tUGZloRVB
+Is4PUkTUgpx8mzM9vPhbBeRbadsRAEHTMJA08nQO9dhnvi5w9uWPDG0=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -359,12 +359,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA5-pathlen20, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA4-pathlen5, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c9:4b:a0:77:b8:42:43:96:e1:f4:8d:1d:a6:2c:
                     d8:12:a2:40:49:11:eb:5f:fb:6c:1d:15:3e:af:dd:
@@ -392,33 +392,33 @@ Certificate:
                 keyid:1D:51:80:B6:9A:A7:AC:DD:80:7B:4B:A2:0B:62:BE:E4:87:30:C7:CA
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA6-pathlen10/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:5
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         a6:f3:32:99:ee:fd:de:b1:46:ad:68:a7:6f:d8:55:91:63:2d:
-         07:ce:91:2f:e3:ff:8f:03:e3:cf:c2:33:76:91:33:5f:13:70:
-         10:e4:e2:3b:70:02:fc:d2:7d:39:d2:1a:1e:82:2d:40:d8:a7:
-         bb:69:19:51:fb:c1:32:41:e5:cf:4f:39:f6:f8:dd:b4:cb:f2:
-         11:3e:dc:8d:c7:a6:90:27:14:4b:28:6f:20:9a:58:92:3a:42:
-         8c:c7:40:36:b5:c0:4a:7e:27:0b:37:a7:71:e4:fd:f4:8d:24:
-         8d:fe:3d:4a:59:4e:7e:86:02:f2:e2:09:95:59:ca:19:b9:23:
-         84:1e:c6:14:d9:c4:05:7a:93:77:b4:4a:f4:91:75:3f:89:43:
-         8b:b1:5f:a5:36:0a:2a:b0:a1:7b:8f:33:01:92:4d:c1:d9:51:
-         98:a3:1b:14:f9:34:8e:7c:db:a5:5c:2c:b2:cd:23:b6:f6:65:
-         25:aa:2c:5c:cc:38:49:b2:77:aa:8f:73:3b:00:1f:33:94:43:
-         fd:c2:34:ba:ee:ac:7d:0d:62:58:72:4d:ea:78:29:b5:b1:29:
-         99:70:8c:00:22:1c:a3:93:ca:cd:c8:02:21:57:2d:19:fd:a7:
-         fb:c7:1c:12:0c:49:04:73:4c:7e:dd:9f:9e:1c:5b:e4:2a:53:
-         b6:cf:7e:c4
+    Signature Value:
+        29:f0:28:23:e3:5b:7c:79:38:4f:54:fc:55:b5:0b:2a:32:2d:
+        a3:0f:21:95:80:74:dc:20:d1:21:97:ac:da:31:8c:e0:5f:c5:
+        a0:78:b9:3c:a9:33:5d:9b:28:5d:2a:fa:7f:99:30:3c:d4:74:
+        dd:64:b0:69:24:6e:5f:0d:df:29:93:e0:ca:b2:24:fd:fc:a8:
+        0f:21:ae:a7:f7:32:5d:bc:c0:88:d0:0c:37:6d:58:3b:2f:25:
+        cc:eb:d6:38:9d:4b:88:32:db:55:b3:18:a3:ad:e3:d6:cd:58:
+        40:6e:63:52:b6:bb:fd:55:99:5f:29:83:75:a0:33:25:bc:4a:
+        3f:8c:89:12:3e:3e:37:b5:56:27:3a:34:a1:61:b5:b0:4a:6c:
+        da:fd:ac:a1:c7:8c:88:fb:3a:4e:2e:ec:4c:0c:6b:3e:e9:11:
+        52:00:d4:77:ab:5a:1b:69:1b:cc:d8:85:57:d6:87:34:5b:8f:
+        db:fb:d6:1c:6a:47:61:64:4c:ef:f9:11:12:35:53:0a:64:52:
+        ac:0b:71:19:64:2d:56:85:ee:fa:11:42:49:c2:10:5c:06:20:
+        5b:66:9a:ef:5c:6b:1d:a9:12:86:7c:f9:44:6b:31:91:a0:5c:
+        ce:2f:ee:8f:7e:9b:ef:3c:dd:80:af:70:df:16:6d:91:73:0a:
+        42:31:af:82
 -----BEGIN CERTIFICATE-----
 MIIE1TCCA72gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNo
 YWluRy1JQ0E1LXBhdGhsZW4yMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMzEyMTMyMjE5MzJaFw0yNjA5MDgyMjE5MzJaMIGhMQswCQYDVQQG
+LmNvbTAeFw0yNDEyMTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMIGhMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMG
 A1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEdMBsGA1UE
 AwwUY2hhaW5HLUlDQTQtcGF0aGxlbjUxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
@@ -434,12 +434,12 @@ gaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMR4wHAYDVQQDDBVjaGFpbkctSUNBNi1wYXRobGVuMTAxHzAdBgkqhkiG9w0B
 CQEWEGluZm9Ad29sZnNzbC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBBTALBgNVHQ8E
-BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKbzMpnu/d6xRq1op2/YVZFjLQfOkS/j
-/48D48/CM3aRM18TcBDk4jtwAvzSfTnSGh6CLUDYp7tpGVH7wTJB5c9POfb43bTL
-8hE+3I3HppAnFEsobyCaWJI6QozHQDa1wEp+Jws3p3Hk/fSNJI3+PUpZTn6GAvLi
-CZVZyhm5I4QexhTZxAV6k3e0SvSRdT+JQ4uxX6U2CiqwoXuPMwGSTcHZUZijGxT5
-NI5826VcLLLNI7b2ZSWqLFzMOEmyd6qPczsAHzOUQ/3CNLrurH0NYlhyTep4KbWx
-KZlwjAAiHKOTys3IAiFXLRn9p/vHHBIMSQRzTH7dn54cW+QqU7bPfsQ=
+BAMCAQYwDQYJKoZIhvcNAQELBQADggEBACnwKCPjW3x5OE9U/FW1CyoyLaMPIZWA
+dNwg0SGXrNoxjOBfxaB4uTypM12bKF0q+n+ZMDzUdN1ksGkkbl8N3ymT4MqyJP38
+qA8hrqf3Ml28wIjQDDdtWDsvJczr1jidS4gy21WzGKOt49bNWEBuY1K2u/1VmV8p
+g3WgMyW8Sj+MiRI+Pje1Vic6NKFhtbBKbNr9rKHHjIj7Ok4u7EwMaz7pEVIA1Her
+WhtpG8zYhVfWhzRbj9v71hxqR2FkTO/5ERI1UwpkUqwLcRlkLVaF7voRQknCEFwG
+IFtmmu9cax2pEoZ8+URrMZGgXM4v7o9+m+883YCvcN8WbZFzCkIxr4I=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -448,12 +448,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA6-pathlen10, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA5-pathlen20, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:be:9d:98:a2:41:ca:64:1f:a2:34:dc:51:7d:49:
                     2b:f7:f8:7a:fc:1a:22:8d:3a:17:8e:00:9c:74:06:
@@ -481,33 +481,33 @@ Certificate:
                 keyid:14:07:E8:A7:3A:A2:9C:DD:4C:30:B0:4D:F0:00:C4:88:C4:39:DF:73
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA7-pathlen100/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:20
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         d9:f9:09:10:86:29:c0:72:a4:93:87:4d:d3:79:ce:fa:f3:8a:
-         79:9a:d0:eb:6d:42:06:00:fc:2c:c3:fa:35:c5:b6:6d:a4:7f:
-         66:29:d2:ad:ed:50:a5:a8:1e:1b:24:db:f3:52:bf:54:b8:3f:
-         67:c2:be:f4:a4:fc:d2:77:74:a4:02:74:0d:fe:c5:e0:42:bd:
-         2b:7c:16:ae:a1:68:6f:e5:80:29:07:f3:5e:e4:0e:96:d2:ee:
-         cd:d2:82:00:22:a7:72:d7:c5:38:71:a0:ac:2a:38:03:c4:c1:
-         23:62:1e:fa:b3:24:32:0f:01:a4:64:a8:ab:79:60:55:77:da:
-         ca:76:00:14:2f:e0:e1:74:f9:72:e2:7d:aa:3d:6b:9f:50:ab:
-         72:31:40:4b:19:9d:b9:9a:12:de:db:15:c3:36:90:9d:48:6f:
-         7a:98:47:7a:65:a2:d5:5b:0c:f3:90:5d:dd:4e:1c:ba:72:b4:
-         ac:be:ca:1b:87:16:7f:f2:b0:33:9b:7a:26:37:eb:1f:cb:4d:
-         bf:c7:f1:01:80:b7:60:c4:ae:71:bb:ab:cc:bd:8a:ba:c4:23:
-         87:15:1e:b9:c7:6d:2d:44:fd:67:25:45:e2:cd:76:4d:87:a1:
-         80:e0:a2:e6:60:23:51:4d:17:b0:82:51:ef:0c:88:75:64:c1:
-         7b:8e:c2:29
+    Signature Value:
+        82:83:b0:69:a3:c1:19:0f:81:1d:53:ae:0d:44:60:ee:34:9a:
+        2b:58:3c:20:f1:ac:8d:ff:fe:8f:92:fe:ff:7a:bc:73:43:84:
+        c4:dd:63:3f:41:20:e9:5b:6d:da:4c:86:d9:7b:6c:41:1e:ab:
+        ad:4d:08:79:38:93:74:a0:ae:77:bb:13:7c:30:04:ca:92:b7:
+        b6:96:07:3f:ab:63:f2:2e:aa:87:b1:5a:55:76:a3:16:cc:3f:
+        36:a2:3a:07:e7:cb:5e:80:34:bf:7a:fa:df:8e:08:2b:24:b6:
+        d9:96:1f:3c:4f:be:9a:4b:88:45:e3:1b:64:f5:5f:f4:dd:24:
+        0b:de:e0:e8:16:b5:34:b4:79:0e:d2:f6:f1:62:91:db:63:c7:
+        a3:09:da:30:9e:10:3d:94:da:4a:3f:0f:c9:df:a8:39:e4:55:
+        eb:f8:34:e2:29:50:50:c7:65:32:67:93:3a:1d:e4:0b:ee:95:
+        fa:a5:55:a7:79:7d:7a:3f:51:1e:21:65:b8:70:13:80:c4:9d:
+        b4:73:c4:d1:75:86:4d:27:ed:e7:c2:0b:2a:d1:b4:cb:33:d6:
+        e1:82:2d:9a:cf:1b:34:77:80:32:f8:ff:2e:56:86:da:85:4e:
+        3e:88:02:e7:6b:cb:4a:5c:9e:7b:d5:9c:8f:9a:fe:6f:c0:b9:
+        85:11:21:db
 -----BEGIN CERTIFICATE-----
 MIIE1zCCA7+gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNo
 YWluRy1JQ0E2LXBhdGhsZW4xMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
-LmNvbTAeFw0yMzEyMTMyMjE5MzJaFw0yNjA5MDgyMjE5MzJaMIGiMQswCQYDVQQG
+LmNvbTAeFw0yNDEyMTgyMTI1MzRaFw0yNzA5MTQyMTI1MzRaMIGiMQswCQYDVQQG
 EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEVMBMG
 A1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEeMBwGA1UE
 AwwVY2hhaW5HLUlDQTUtcGF0aGxlbjIwMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -523,12 +523,12 @@ MIGjMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH
 U2VhdHRsZTEVMBMGA1UECgwMd29sZlNTTCBJbmMuMRQwEgYDVQQLDAtFbmdpbmVl
 cmluZzEfMB0GA1UEAwwWY2hhaW5HLUlDQTctcGF0aGxlbjEwMDEfMB0GCSqGSIb3
 DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAPBgNVHRMECDAGAQH/AgEUMAsGA1Ud
-DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEA2fkJEIYpwHKkk4dN03nO+vOKeZrQ
-621CBgD8LMP6NcW2baR/ZinSre1QpageGyTb81K/VLg/Z8K+9KT80nd0pAJ0Df7F
-4EK9K3wWrqFob+WAKQfzXuQOltLuzdKCACKnctfFOHGgrCo4A8TBI2Ie+rMkMg8B
-pGSoq3lgVXfaynYAFC/g4XT5cuJ9qj1rn1CrcjFASxmduZoS3tsVwzaQnUhvephH
-emWi1VsM85Bd3U4cunK0rL7KG4cWf/KwM5t6JjfrH8tNv8fxAYC3YMSucburzL2K
-usQjhxUeucdtLUT9ZyVF4s12TYehgOCi5mAjUU0XsIJR7wyIdWTBe47CKQ==
+DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAgoOwaaPBGQ+BHVOuDURg7jSaK1g8
+IPGsjf/+j5L+/3q8c0OExN1jP0Eg6Vtt2kyG2XtsQR6rrU0IeTiTdKCud7sTfDAE
+ypK3tpYHP6tj8i6qh7FaVXajFsw/NqI6B+fLXoA0v3r6344IKyS22ZYfPE++mkuI
+ReMbZPVf9N0kC97g6Ba1NLR5DtL28WKR22PHownaMJ4QPZTaSj8Pyd+oOeRV6/g0
+4ilQUMdlMmeTOh3kC+6V+qVVp3l9ej9RHiFluHATgMSdtHPE0XWGTSft58ILKtG0
+yzPW4YItms8bNHeAMvj/LlaG2oVOPogC52vLSlyee9Wcj5r+b8C5hREh2w==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -537,12 +537,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA7-pathlen100, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA6-pathlen10, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:e1:4f:c9:e7:30:ea:06:ff:65:cb:2b:6c:f1:a8:
                     ac:f6:cf:10:6b:80:7a:af:5e:42:0a:0d:61:be:6f:
@@ -570,33 +570,33 @@ Certificate:
                 keyid:12:E4:A4:19:85:AE:85:B7:D6:EB:63:04:D5:B9:B0:7E:57:5F:0C:16
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:10
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         74:9d:3a:da:91:b6:e0:2d:7d:89:b6:6d:16:7d:f0:28:ba:9f:
-         e5:52:a0:21:92:06:77:77:9a:9a:78:47:56:de:39:4d:64:43:
-         1c:e7:06:02:fd:00:42:1d:2d:71:ef:6e:a3:4f:39:1a:e9:fc:
-         8d:9c:94:32:60:a9:56:12:ee:69:7f:59:ef:30:5f:c4:d6:56:
-         26:1a:9a:bb:c4:ec:01:09:0a:e3:14:ab:44:41:08:75:2a:6b:
-         80:69:58:5d:2e:1a:2a:00:26:0c:b0:36:cd:fb:c1:87:7e:b8:
-         58:ce:4d:32:57:e5:62:2e:64:e3:c9:52:67:21:28:40:16:88:
-         b2:37:19:e0:93:c8:4c:ca:f9:2b:1d:2c:d9:91:82:ac:b4:79:
-         d9:90:79:e5:95:76:03:a2:6b:d8:ef:24:66:1d:a3:3b:6f:c6:
-         0c:95:f2:c3:59:37:f9:87:db:e6:a6:e5:f1:6f:70:92:60:e0:
-         6d:cd:b8:14:69:95:26:56:2c:cc:0e:7e:d4:39:dd:6e:44:32:
-         eb:27:15:00:0f:fa:02:60:32:a5:6c:69:f0:cd:31:c6:b8:ff:
-         1c:59:2f:0f:4d:28:9b:67:79:ea:4f:2c:a6:e0:f1:cf:19:3f:
-         4f:44:2c:61:2e:08:48:cb:11:e2:82:8a:c0:88:53:ad:6b:ba:
-         7e:d6:fa:61
+    Signature Value:
+        b2:a8:44:05:e8:64:53:f1:a8:c0:d3:ae:ec:58:41:a1:89:b1:
+        c3:b6:5c:ce:23:8a:62:e0:1e:d0:b6:e4:8b:bd:bb:3b:33:83:
+        27:b0:e6:e5:1b:c0:65:bd:4d:2d:bd:92:db:a1:c1:57:2a:05:
+        a1:4e:2d:98:fe:00:46:b9:ec:e9:9e:10:cb:3c:e4:84:3f:de:
+        4f:86:84:f6:12:37:67:6d:d2:c1:85:3b:da:aa:b4:43:68:9b:
+        30:b9:47:a9:04:70:74:b6:34:37:c0:dd:1c:60:a6:04:33:8e:
+        3b:d0:c8:cc:67:43:ef:79:56:09:bd:27:64:1d:a7:3e:a1:c9:
+        c9:29:99:5d:21:6a:d6:ee:2b:31:a0:f7:95:4e:8c:09:07:f5:
+        f7:64:ca:8e:47:4d:ce:08:1b:1c:a9:40:aa:d9:45:b2:ac:3f:
+        41:5f:d7:7c:ba:10:00:ba:1d:74:ea:45:3e:eb:df:10:4e:1b:
+        32:47:75:ae:c9:f3:d0:67:cc:01:89:ec:59:6a:d2:6a:00:5a:
+        5a:1d:62:4b:05:50:f0:ae:d3:9d:5e:13:89:c5:f1:3a:5f:29:
+        ac:90:5b:fa:09:3e:a0:35:1a:aa:47:39:17:82:74:c2:7f:f8:
+        05:4b:61:0d:19:f6:68:0f:9c:a5:9c:f2:56:16:28:d4:f1:a8:
+        80:5a:e9:d9
 -----BEGIN CERTIFICATE-----
 MIIEyTCCA7GgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluRy1JQ0E3LXBhdGhsZW4xMDAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBojELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBojELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNV
 BAMMFWNoYWluRy1JQ0E2LXBhdGhsZW4xMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
@@ -612,12 +612,12 @@ lzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgw
 FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
 ZnNzbC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBCjALBgNVHQ8EBAMCAQYwDQYJKoZI
-hvcNAQELBQADggEBAHSdOtqRtuAtfYm2bRZ98Ci6n+VSoCGSBnd3mpp4R1beOU1k
-QxznBgL9AEIdLXHvbqNPORrp/I2clDJgqVYS7ml/We8wX8TWViYamrvE7AEJCuMU
-q0RBCHUqa4BpWF0uGioAJgywNs37wYd+uFjOTTJX5WIuZOPJUmchKEAWiLI3GeCT
-yEzK+SsdLNmRgqy0edmQeeWVdgOia9jvJGYdoztvxgyV8sNZN/mH2+am5fFvcJJg
-4G3NuBRplSZWLMwOftQ53W5EMusnFQAP+gJgMqVsafDNMca4/xxZLw9NKJtneepP
-LKbg8c8ZP09ELGEuCEjLEeKCisCIU61run7W+mE=
+hvcNAQELBQADggEBALKoRAXoZFPxqMDTruxYQaGJscO2XM4jimLgHtC25Iu9uzsz
+gyew5uUbwGW9TS29ktuhwVcqBaFOLZj+AEa57OmeEMs85IQ/3k+GhPYSN2dt0sGF
+O9qqtENomzC5R6kEcHS2NDfA3RxgpgQzjjvQyMxnQ+95Vgm9J2Qdpz6hyckpmV0h
+atbuKzGg95VOjAkH9fdkyo5HTc4IGxypQKrZRbKsP0Ff13y6EAC6HXTqRT7r3xBO
+GzJHda7J89BnzAGJ7Flq0moAWlodYksFUPCu051eE4nF8TpfKayQW/oJPqA1GqpH
+OReCdMJ/+AVLYQ0Z9mgPnKWc8lYWKNTxqIBa6dk=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -626,12 +626,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:33 2024 GMT
+            Not After : Sep 14 21:25:33 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA7-pathlen100, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d6:8c:d6:c4:29:20:60:9d:15:3d:0c:2a:fb:24:
                     2f:38:89:ed:37:c4:fc:57:67:2a:50:d8:eb:e2:6a:
@@ -658,34 +658,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:100
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         18:8c:dc:f0:e2:14:b8:33:68:ed:a7:5e:f9:12:72:93:58:a0:
-         91:2a:d5:87:77:21:24:e9:b6:af:d3:af:55:8b:31:1c:a8:bb:
-         3a:30:94:bb:aa:d4:5e:bb:17:d1:93:57:51:e6:32:f0:c7:e6:
-         76:86:06:6d:c7:2a:35:c2:a3:2f:54:d6:bf:b1:25:7e:e4:0b:
-         1a:dd:62:ce:34:d5:18:b4:4d:d0:76:52:d4:63:00:8b:90:72:
-         4e:77:ff:c1:1b:bf:31:d1:6d:d2:75:69:5a:0c:a6:b2:42:e7:
-         97:c9:a1:47:50:16:89:ee:20:ee:e7:c0:c8:06:7f:5e:55:0a:
-         79:90:ed:2d:11:83:49:23:f0:89:08:cb:9c:84:6e:f5:6b:fe:
-         b2:2c:16:0e:74:d9:a8:35:9b:1d:1c:6a:ab:58:dd:32:09:d2:
-         67:c2:eb:27:18:8e:70:31:58:c2:f1:20:06:98:ac:39:5a:c2:
-         0b:43:60:a8:74:35:b1:32:bd:83:4b:df:db:18:46:e1:ac:7e:
-         13:4a:09:6b:05:98:7a:98:e9:e0:1a:1d:a7:88:34:c6:4b:06:
-         14:69:78:8d:29:83:c2:ee:52:af:00:a3:4d:d8:61:04:5a:0c:
-         e5:62:f4:c7:ac:8a:f3:7d:90:10:08:7c:15:d1:37:01:3c:bc:
-         89:f8:60:24
+    Signature Value:
+        6e:e1:82:63:6d:12:37:10:55:48:1b:9a:15:95:0d:7b:25:3a:
+        46:59:ed:a0:57:cb:f5:fa:01:66:f8:a7:12:0a:a0:0e:8d:e1:
+        66:d5:83:46:0f:06:d3:47:2b:f9:0b:e3:b6:d8:8e:f2:2e:4c:
+        cd:74:a6:6d:90:51:62:58:4e:f2:a1:0a:ae:22:03:a2:1d:69:
+        ff:ab:05:62:5e:d2:89:a7:9f:67:11:f9:13:47:0a:8c:e9:56:
+        6e:88:38:50:df:53:20:47:6f:33:79:d1:a2:dc:f0:42:a6:10:
+        9b:9e:c0:93:4a:06:51:09:9e:1a:b1:c2:49:46:dd:4d:60:19:
+        d3:eb:5d:75:9f:9d:eb:c7:80:d8:4b:b1:72:6f:7c:99:0a:c3:
+        dc:96:13:03:60:2d:27:a3:b0:f0:2f:3c:83:fe:90:38:87:84:
+        fe:36:7d:c3:38:23:b2:a9:77:f9:9c:27:9e:67:2d:5e:98:ca:
+        e8:c6:59:c6:74:2f:19:42:08:52:e8:c2:ff:48:f4:8f:14:04:
+        ed:3e:6b:88:fb:d2:f7:b8:75:c6:27:f3:71:43:7c:ab:41:ad:
+        01:e4:13:51:f5:27:4f:7f:e6:c4:bb:5b:85:70:21:ac:75:ac:
+        2b:66:82:de:49:68:e4:00:1d:dc:54:d5:8f:d0:ad:19:c5:df:
+        38:69:af:fc
 -----BEGIN CERTIFICATE-----
 MIIEzjCCA7agAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMzWhcNMjcwOTE0MjEyNTMzWjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRy1JQ0E3
 LXBhdGhsZW4xMDAxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
@@ -699,12 +699,12 @@ AAGjggEYMIIBFDAdBgNVHQ4EFgQUEuSkGYWuhbfW62ME1bmwfldfDBYwgdQGA1Ud
 IwSBzDCByYAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
 DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQzRBqo
-bAHs9mDycFEKTNEU+rzpRDAPBgNVHRMECDAGAQH/AgFkMAsGA1UdDwQEAwIBBjAN
-BgkqhkiG9w0BAQsFAAOCAQEAGIzc8OIUuDNo7ade+RJyk1igkSrVh3chJOm2r9Ov
-VYsxHKi7OjCUu6rUXrsX0ZNXUeYy8MfmdoYGbccqNcKjL1TWv7ElfuQLGt1izjTV
-GLRN0HZS1GMAi5ByTnf/wRu/MdFt0nVpWgymskLnl8mhR1AWie4g7ufAyAZ/XlUK
-eZDtLRGDSSPwiQjLnIRu9Wv+siwWDnTZqDWbHRxqq1jdMgnSZ8LrJxiOcDFYwvEg
-BpisOVrCC0NgqHQ1sTK9g0vf2xhG4ax+E0oJawWYepjp4Bodp4g0xksGFGl4jSmD
-wu5SrwCjTdhhBFoM5WL0x6yK832QEAh8FdE3ATy8ifhgJA==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghRrm3DG
+8aOUZRmhCFjvp40reoPB2jAPBgNVHRMECDAGAQH/AgFkMAsGA1UdDwQEAwIBBjAN
+BgkqhkiG9w0BAQsFAAOCAQEAbuGCY20SNxBVSBuaFZUNeyU6RlntoFfL9foBZvin
+EgqgDo3hZtWDRg8G00cr+QvjttiO8i5MzXSmbZBRYlhO8qEKriIDoh1p/6sFYl7S
+iaefZxH5E0cKjOlWbog4UN9TIEdvM3nRotzwQqYQm57Ak0oGUQmeGrHCSUbdTWAZ
+0+tddZ+d68eA2Euxcm98mQrD3JYTA2AtJ6Ow8C88g/6QOIeE/jZ9wzgjsql3+Zwn
+nmctXpjK6MZZxnQvGUIIUujC/0j0jxQE7T5riPvS97h1xifzcUN8q0GtAeQTUfUn
+T3/mxLtbhXAhrHWsK2aC3klo5AAd3FTVj9CtGcXfOGmv/A==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainG-entity.pem b/certs/test-pathlen/chainG-entity.pem
index e1b5a3075..a32e574b7 100644
--- a/certs/test-pathlen/chainG-entity.pem
+++ b/certs/test-pathlen/chainG-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainG-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:7b:82:23:a2:34:e7:cb:89:4e:64:cc:f2:98:
                     c8:65:8f:e2:69:55:54:4b:3c:8b:c0:1f:67:37:7f:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:47:C0:19:4B:ED:C4:DA:97:B1:60:EA:5A:0A:42:6D:A5:D3:D8:25:31
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainG-ICA2-pathlen1/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         27:b7:93:b7:fd:71:ab:7c:a5:a2:8e:e7:4c:77:67:4c:f2:28:
-         b7:82:bb:4a:85:95:bf:84:57:04:49:ac:be:02:cc:6b:fd:0f:
-         d8:66:c8:a0:eb:40:55:cf:a1:e3:d1:e0:fe:9a:40:b5:2e:ee:
-         b2:bf:48:fa:20:57:fd:c7:df:de:68:8f:82:5d:58:ec:25:0a:
-         a8:97:73:dc:e6:66:f5:49:64:9a:e9:b1:e2:86:4e:d1:04:59:
-         0f:32:e1:c5:dd:d4:39:b0:ad:e9:cc:ad:87:ef:ab:8e:fe:74:
-         4c:7e:b2:cb:41:3c:54:ed:b7:8d:4b:fd:97:6e:26:22:32:9e:
-         94:26:aa:45:7d:65:c1:c8:10:67:63:09:09:42:04:04:9d:0c:
-         53:bb:18:f6:ce:af:dc:e7:63:d4:c8:bb:b4:6a:86:52:45:6a:
-         96:a1:54:3d:8c:25:7d:1a:b1:16:65:7a:8b:ec:01:fa:c4:73:
-         98:49:3c:c3:18:2f:48:3e:45:10:45:c0:85:2c:16:88:65:2b:
-         02:0b:0b:02:67:d2:2a:1d:bd:66:14:f5:8d:d1:8e:f8:eb:7a:
-         b5:db:4e:f7:ce:fa:6f:67:a0:a2:6b:37:85:7a:f7:34:8a:71:
-         9a:e5:34:2a:fd:6a:4a:ec:3e:38:e3:30:89:f3:e6:c4:a9:a6:
-         a4:79:35:9b
+    Signature Value:
+        7a:13:a7:3c:50:c4:18:3d:cf:ee:9c:df:1b:50:59:cf:19:66:
+        5e:a6:d7:21:e8:38:e9:c1:74:73:1b:40:44:47:42:40:58:e4:
+        1b:0c:c1:61:10:9b:f7:4a:9c:7e:43:7e:23:2c:59:0f:a2:61:
+        4e:36:c7:95:af:64:a9:52:05:d0:87:87:54:63:6f:5f:14:97:
+        45:a2:85:ff:eb:d1:61:53:de:9e:30:0d:66:96:dd:cf:c1:ae:
+        9d:4d:f6:01:52:18:63:69:64:2b:7f:35:b9:91:50:83:e3:8b:
+        47:82:6e:bc:16:50:5f:1f:ea:5f:74:e0:e8:f7:6f:41:49:ed:
+        ca:d8:48:95:f4:6c:ba:2f:27:b7:fc:03:08:c5:61:72:b0:25:
+        63:56:08:1f:70:01:3b:65:48:7b:d6:04:77:5a:c0:60:af:a8:
+        0e:99:7a:9f:5c:6b:b3:d4:a0:d7:48:4d:7b:68:e5:52:1f:e8:
+        c3:d8:3d:6c:81:9e:96:1e:57:b1:cd:d7:01:80:76:df:3a:99:
+        7a:84:57:35:a8:ae:70:04:bd:62:64:39:88:17:be:f1:7a:5d:
+        c6:cf:d0:90:88:65:81:ae:e0:51:3a:b5:a9:90:68:56:2e:aa:
+        78:61:86:7a:89:9c:77:94:9b:37:4e:43:24:e5:f6:6a:2a:b4:
+        55:71:74:6a
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluRy1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkctZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,11 +77,11 @@ VR0jBIHGMIHDgBRHwBlL7cTal7Fg6loKQm2l09glMaGBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluRy1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBACe3k7f9
-cat8paKO50x3Z0zyKLeCu0qFlb+EVwRJrL4CzGv9D9hmyKDrQFXPoePR4P6aQLUu
-7rK/SPogV/3H395oj4JdWOwlCqiXc9zmZvVJZJrpseKGTtEEWQ8y4cXd1DmwrenM
-rYfvq47+dEx+sstBPFTtt41L/ZduJiIynpQmqkV9ZcHIEGdjCQlCBASdDFO7GPbO
-r9znY9TIu7RqhlJFapahVD2MJX0asRZleovsAfrEc5hJPMMYL0g+RRBFwIUsFohl
-KwILCwJn0iodvWYU9Y3RjvjrerXbTvfO+m9noKJrN4V69zSKcZrlNCr9akrsPjjj
-MInz5sSppqR5NZs=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAHoTpzxQ
+xBg9z+6c3xtQWc8ZZl6m1yHoOOnBdHMbQERHQkBY5BsMwWEQm/dKnH5DfiMsWQ+i
+YU42x5WvZKlSBdCHh1Rjb18Ul0Wihf/r0WFT3p4wDWaW3c/Brp1N9gFSGGNpZCt/
+NbmRUIPji0eCbrwWUF8f6l904Oj3b0FJ7crYSJX0bLovJ7f8AwjFYXKwJWNWCB9w
+ATtlSHvWBHdawGCvqA6Zep9ca7PUoNdITXto5VIf6MPYPWyBnpYeV7HN1wGAdt86
+mXqEVzWornAEvWJkOYgXvvF6XcbP0JCIZYGu4FE6tamQaFYuqnhhhnqJnHeUmzdO
+QyTl9moqtFVxdGo=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainH-ICA1-pathlen0.pem b/certs/test-pathlen/chainH-ICA1-pathlen0.pem
index 6ffe410d8..8c8d4a98a 100644
--- a/certs/test-pathlen/chainH-ICA1-pathlen0.pem
+++ b/certs/test-pathlen/chainH-ICA1-pathlen0.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA2-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c7:f4:a6:7e:f2:cb:4f:6e:04:18:d3:53:d5:cf:
                     bf:7e:97:d1:74:94:fe:db:ad:61:3f:12:20:67:f3:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:80:49:61:8C:1D:13:08:56:B5:42:68:D5:B2:EA:89:2C:B4:8B:05:87
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainH-ICA3-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         84:70:f5:e6:36:95:d1:b9:43:99:0b:7e:a9:b1:2f:5a:4a:58:
-         3f:73:83:a1:90:9e:b5:86:10:fb:0e:46:22:38:92:f2:07:19:
-         20:c3:82:f0:8d:38:4f:39:38:6b:bc:43:15:fe:b4:c2:78:49:
-         d4:78:2e:6e:41:cb:f8:c6:ed:b9:8c:76:ad:b6:d4:68:fa:82:
-         55:cc:b2:60:d5:ce:8c:bb:7a:dd:19:29:4e:c8:c6:f8:2a:1a:
-         b4:e7:8e:31:e8:63:76:bf:6e:77:98:3e:98:70:18:fb:d7:f5:
-         cc:47:da:35:54:d8:77:6e:54:db:3c:b0:b8:81:f0:ae:e2:a1:
-         92:ea:c4:dd:0c:4b:fa:15:82:e0:4b:c8:cc:81:1d:54:2b:53:
-         c9:ed:06:00:28:e7:c5:37:d0:46:14:24:5c:6f:d4:a8:d9:c6:
-         e5:57:8d:0a:66:27:89:93:fc:c3:46:0c:40:b6:eb:f3:52:16:
-         d5:ed:21:ee:20:89:bd:ff:12:6d:7b:8e:7d:9d:1a:41:f4:0c:
-         1c:ef:2d:ee:82:cf:9b:ca:8e:3e:fa:6c:13:79:13:5a:93:c4:
-         d8:99:1a:88:f0:c7:4c:76:4e:e7:b9:f3:1a:ec:77:42:c8:60:
-         f8:f6:2a:50:df:16:fa:bc:00:06:57:23:a9:34:c5:6f:d9:82:
-         00:78:1b:58
+    Signature Value:
+        4f:4a:9c:ef:2f:a2:03:d7:1a:83:e0:cc:d5:72:f9:fc:f6:32:
+        20:b8:55:f2:91:5a:21:71:9e:14:e9:a5:65:11:d6:ed:45:9f:
+        b6:6b:b5:c1:92:83:7c:40:78:cc:cc:06:44:91:cf:8a:40:88:
+        1b:99:c3:64:4f:f4:56:33:a8:e5:92:79:37:06:85:6b:91:57:
+        b7:d3:fa:ef:b4:5a:ab:43:6f:e9:d0:12:54:53:77:21:57:59:
+        15:de:12:9b:18:d6:3e:3e:24:ab:ad:7d:aa:33:bb:b0:ed:f4:
+        20:14:d4:5b:22:aa:99:9b:8c:05:95:3a:7e:b9:03:da:e9:ba:
+        49:64:d7:89:9a:f4:2e:19:36:82:b0:0d:4e:18:6b:f7:3e:e2:
+        b1:a7:e2:0c:cd:d2:ae:d0:35:a5:31:3c:4e:2b:32:d3:89:7c:
+        ed:59:7e:c3:f5:a1:97:90:e5:34:7b:05:94:e5:83:32:84:55:
+        7d:27:28:91:e7:c1:c2:d6:6b:ad:4f:cf:22:ac:36:72:90:5b:
+        65:cd:e1:5f:12:73:ba:72:b9:f8:7f:f9:a5:6a:e0:69:44:54:
+        fd:41:10:2a:94:26:0d:0d:5e:55:e2:db:6f:ca:a2:e1:36:23:
+        e2:f1:82:b1:44:e8:9f:d0:b5:a8:d1:d7:51:fa:ed:63:3d:f8:
+        4e:68:23:d2
 -----BEGIN CERTIFICATE-----
 MIIE0zCCA7ugAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0EyLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkgtSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -80,10 +80,10 @@ oTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl
 YXR0bGUxFTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxHTAbBgNVBAMMFGNoYWluSC1JQ0EzLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkB
 FhBpbmZvQHdvbGZzc2wuY29tggFkMA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQD
-AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCEcPXmNpXRuUOZC36psS9aSlg/c4OhkJ61
-hhD7DkYiOJLyBxkgw4LwjThPOThrvEMV/rTCeEnUeC5uQcv4xu25jHatttRo+oJV
-zLJg1c6Mu3rdGSlOyMb4Khq0544x6GN2v253mD6YcBj71/XMR9o1VNh3blTbPLC4
-gfCu4qGS6sTdDEv6FYLgS8jMgR1UK1PJ7QYAKOfFN9BGFCRcb9So2cblV40KZieJ
-k/zDRgxAtuvzUhbV7SHuIIm9/xJte459nRpB9Awc7y3ugs+byo4++mwTeRNak8TY
-mRqI8MdMdk7nufMa7HdCyGD49ipQ3xb6vAAGVyOpNMVv2YIAeBtY
+AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBPSpzvL6ID1xqD4MzVcvn89jIguFXykVoh
+cZ4U6aVlEdbtRZ+2a7XBkoN8QHjMzAZEkc+KQIgbmcNkT/RWM6jlknk3BoVrkVe3
+0/rvtFqrQ2/p0BJUU3chV1kV3hKbGNY+PiSrrX2qM7uw7fQgFNRbIqqZm4wFlTp+
+uQPa6bpJZNeJmvQuGTaCsA1OGGv3PuKxp+IMzdKu0DWlMTxOKzLTiXztWX7D9aGX
+kOU0ewWU5YMyhFV9JyiR58HC1mutT88irDZykFtlzeFfEnO6crn4f/mlauBpRFT9
+QRAqlCYNDV5V4ttvyqLhNiPi8YKxROif0LWo0ddR+u1jPfhOaCPS
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainH-ICA2-pathlen2.pem b/certs/test-pathlen/chainH-ICA2-pathlen2.pem
index c94264901..4d93d0b60 100644
--- a/certs/test-pathlen/chainH-ICA2-pathlen2.pem
+++ b/certs/test-pathlen/chainH-ICA2-pathlen2.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA2-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d9:b5:af:4b:ba:83:03:23:df:50:28:a8:c2:0c:
                     2c:f0:04:cb:2d:04:9b:1e:f5:f4:68:bc:d4:8e:b4:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:56:54:36:BE:23:2F:20:89:6D:A6:BA:9A:45:A4:88:0E:40:35:FD:F5
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainH-ICA4-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         8f:ee:27:f5:45:63:56:eb:66:f5:c7:4f:b0:4a:16:ca:2a:e1:
-         de:75:7d:8b:09:12:0c:65:fe:a2:59:66:5e:b1:9f:1a:fc:e5:
-         a5:e5:c9:9b:4f:77:f1:87:8a:a7:36:2d:67:4d:ec:19:13:e3:
-         c1:9c:95:a5:90:ec:0f:39:5b:da:42:9f:73:6c:56:1f:aa:a8:
-         fb:69:82:a7:b2:21:b5:f7:fe:4e:1d:02:fc:30:e8:08:14:d8:
-         86:db:ca:31:da:4d:b8:9c:91:2b:45:b4:70:6b:87:9e:e5:4c:
-         ea:b4:7a:75:18:1e:4c:db:e8:b1:e7:f0:50:43:59:38:31:46:
-         57:59:ae:60:f8:8d:68:b6:49:3c:a5:4e:19:4c:e3:03:ef:5b:
-         bd:c0:9d:12:ba:b3:cb:f2:35:7a:81:a8:3b:95:9c:66:35:a2:
-         94:79:bb:c0:cd:cd:cb:32:d2:8d:ef:89:c6:1c:28:f1:c2:6c:
-         53:c7:fc:de:5e:c9:de:7e:11:61:d9:d7:b1:5e:61:d7:f1:a7:
-         e8:62:e1:f5:0f:f3:17:e8:e5:43:98:3b:cc:b7:cf:a4:ae:92:
-         6b:16:51:ea:38:5f:5e:59:74:87:72:aa:5e:5f:21:dd:d8:6c:
-         8a:e2:7d:11:5b:c1:5c:e9:76:aa:4f:60:46:51:5e:c0:b2:d3:
-         9b:f6:ba:ca
+    Signature Value:
+        47:fe:53:d4:55:2d:7a:8b:02:53:06:f7:18:4c:be:c9:30:f9:
+        53:d8:4c:58:e7:6a:53:db:b2:5b:8c:1b:63:9d:ba:c5:7e:6f:
+        dc:aa:df:78:7c:a6:b6:55:92:69:6a:09:25:1c:98:3f:45:db:
+        18:f8:81:7b:fb:a2:ae:95:81:50:c5:4a:e9:ae:31:b9:1e:ea:
+        22:5e:26:6e:63:be:79:b2:e7:bb:16:0c:be:56:29:db:dc:8f:
+        90:27:4a:9a:82:30:5e:6f:a8:7f:2b:56:e5:8b:3c:c5:47:46:
+        ca:a1:20:a2:f4:3d:8c:bc:cd:f5:48:b1:59:23:71:70:aa:6d:
+        5e:09:21:54:62:e2:05:5b:eb:d4:bc:fb:d3:8b:47:c2:47:31:
+        0f:c8:45:36:c2:f5:1c:1d:e0:79:4b:45:1a:3c:36:53:b2:ec:
+        3b:61:c0:7a:08:42:d7:2e:95:92:6b:6e:12:63:c7:61:bc:9c:
+        2c:02:04:84:d4:28:a7:56:3f:bc:27:73:37:00:82:ef:09:c1:
+        88:35:98:c1:77:8c:3f:4a:19:da:42:c5:89:00:54:ca:39:05:
+        42:80:97:8d:f0:39:ca:9a:5b:f7:b7:4e:86:68:b9:88:1f:79:
+        25:7c:79:e6:3b:58:8a:52:ca:10:47:95:64:bb:1d:fd:e7:51:
+        d8:94:3b:89
 -----BEGIN CERTIFICATE-----
 MIIE0zCCA7ugAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0EzLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkgtSUNBMi1wYXRobGVuMjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -80,10 +80,10 @@ oTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl
 YXR0bGUxFTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxHTAbBgNVBAMMFGNoYWluSC1JQ0E0LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkB
 FhBpbmZvQHdvbGZzc2wuY29tggFkMA8GA1UdEwQIMAYBAf8CAQIwCwYDVR0PBAQD
-AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCP7if1RWNW62b1x0+wShbKKuHedX2LCRIM
-Zf6iWWZesZ8a/OWl5cmbT3fxh4qnNi1nTewZE+PBnJWlkOwPOVvaQp9zbFYfqqj7
-aYKnsiG19/5OHQL8MOgIFNiG28ox2k24nJErRbRwa4ee5UzqtHp1GB5M2+ix5/BQ
-Q1k4MUZXWa5g+I1otkk8pU4ZTOMD71u9wJ0SurPL8jV6gag7lZxmNaKUebvAzc3L
-MtKN74nGHCjxwmxTx/zeXsnefhFh2dexXmHX8afoYuH1D/MX6OVDmDvMt8+krpJr
-FlHqOF9eWXSHcqpeXyHd2GyK4n0RW8Fc6XaqT2BGUV7AstOb9rrK
+AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBH/lPUVS16iwJTBvcYTL7JMPlT2ExY52pT
+27JbjBtjnbrFfm/cqt94fKa2VZJpagklHJg/RdsY+IF7+6KulYFQxUrprjG5Huoi
+XiZuY755sue7Fgy+Vinb3I+QJ0qagjBeb6h/K1blizzFR0bKoSCi9D2MvM31SLFZ
+I3Fwqm1eCSFUYuIFW+vUvPvTi0fCRzEPyEU2wvUcHeB5S0UaPDZTsuw7YcB6CELX
+LpWSa24SY8dhvJwsAgSE1CinVj+8J3M3AILvCcGINZjBd4w/ShnaQsWJAFTKOQVC
+gJeN8DnKmlv3t06GaLmIH3klfHnmO1iKUsoQR5Vkux3951HYlDuJ
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainH-ICA3-pathlen2.pem b/certs/test-pathlen/chainH-ICA3-pathlen2.pem
index f28899d62..e9c6d811c 100644
--- a/certs/test-pathlen/chainH-ICA3-pathlen2.pem
+++ b/certs/test-pathlen/chainH-ICA3-pathlen2.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b7:b3:1a:1b:4a:80:1b:a2:e5:95:14:bc:55:e4:
                     77:dc:f3:7b:8a:9f:34:7c:93:db:c9:c9:d0:8b:b8:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:18:6D:44:83:EE:1F:EC:B4:22:F0:9C:EB:54:1E:4A:15:58:01:AA:13
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         75:ad:f2:f8:79:a5:c6:0d:4a:35:07:f6:75:1c:6c:0e:bf:3d:
-         d7:fc:81:de:57:9f:3f:f0:c9:8e:75:b8:23:0d:36:22:d6:d9:
-         57:dc:c0:5b:a4:9a:fa:ef:2a:b5:ad:e2:c5:96:84:1a:84:49:
-         a8:17:b7:2e:fd:45:21:8f:e4:f1:8a:e5:64:bb:50:96:31:62:
-         d7:4a:11:f4:fa:78:5b:bb:0d:0a:0e:91:bb:84:e8:c6:5d:1a:
-         03:1e:4b:50:5d:c5:03:f5:a3:32:fa:6c:5e:a8:c5:12:b4:5a:
-         c4:e6:ff:36:c3:4d:a7:1a:d1:b2:71:dd:89:1a:b2:08:46:60:
-         bb:8e:bb:df:bd:b9:0f:45:3d:25:06:eb:a7:95:11:a6:32:ee:
-         a0:2c:4c:2f:81:54:6f:54:16:d7:c3:85:6e:c4:78:43:a3:48:
-         2f:81:03:81:c2:02:0a:84:9d:a8:b5:3f:02:b4:c0:fd:b5:d5:
-         2f:f0:48:d7:0f:98:cb:0f:ca:e4:9c:1a:d8:1c:10:31:4b:9e:
-         9b:a9:44:63:03:a0:a0:de:bc:bd:0f:d9:5a:fa:81:f2:d5:7d:
-         de:4b:06:88:b8:0e:98:5c:fb:60:a2:10:e9:ad:38:c7:05:09:
-         9d:c9:bc:24:89:29:84:a5:3a:76:d9:ec:b8:9c:c7:9a:02:7e:
-         23:d6:1b:65
+    Signature Value:
+        24:19:e1:68:7d:9a:f3:0e:86:de:58:94:6e:3c:f0:b0:d6:be:
+        03:6b:0a:23:97:fd:e8:04:02:35:f5:05:de:08:6b:2d:79:a9:
+        f5:15:32:13:1b:e2:e5:ad:92:3e:c7:c4:ec:9c:80:2f:73:3e:
+        06:f7:14:1a:76:65:18:e2:76:44:b2:e8:6f:fb:0d:89:6c:6a:
+        ca:de:96:59:38:c9:0a:c2:48:6c:b6:fb:f6:53:13:47:f2:6c:
+        8f:df:fd:e4:94:42:88:25:2e:f1:31:97:64:c0:65:30:9c:17:
+        82:d2:ec:95:1a:a9:65:2f:fd:a1:9e:e8:0d:c3:e8:ef:b1:8d:
+        c9:77:88:38:a3:30:24:fe:23:1b:ca:61:f4:f7:0f:ed:22:41:
+        39:4c:94:34:b5:14:a5:61:c5:02:1d:ed:80:5b:78:60:18:eb:
+        16:3d:04:cd:64:a6:a2:86:77:7e:4e:0c:42:74:21:df:50:a1:
+        f4:79:24:56:c8:46:ae:2e:9d:9e:3c:fa:f9:ea:15:18:43:8b:
+        c4:97:ff:f4:0e:2f:b1:50:3d:b2:e2:63:2d:66:c4:e7:9d:f3:
+        75:c9:72:a9:0c:19:c0:61:e6:84:a5:e0:f4:f4:82:c7:c8:2d:
+        9b:19:b1:fd:b6:57:99:38:a4:6b:23:a2:ff:80:63:43:37:45:
+        24:16:25:45
 -----BEGIN CERTIFICATE-----
 MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0E0LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkgtSUNBMy1wYXRobGVuMjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -80,10 +80,10 @@ lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
-AQELBQADggEBAHWt8vh5pcYNSjUH9nUcbA6/Pdf8gd5Xnz/wyY51uCMNNiLW2Vfc
-wFukmvrvKrWt4sWWhBqESagXty79RSGP5PGK5WS7UJYxYtdKEfT6eFu7DQoOkbuE
-6MZdGgMeS1BdxQP1ozL6bF6oxRK0WsTm/zbDTaca0bJx3YkasghGYLuOu9+9uQ9F
-PSUG66eVEaYy7qAsTC+BVG9UFtfDhW7EeEOjSC+BA4HCAgqEnai1PwK0wP211S/w
-SNcPmMsPyuScGtgcEDFLnpupRGMDoKDevL0P2Vr6gfLVfd5LBoi4Dphc+2CiEOmt
-OMcFCZ3JvCSJKYSlOnbZ7Licx5oCfiPWG2U=
+AQELBQADggEBACQZ4Wh9mvMOht5YlG488LDWvgNrCiOX/egEAjX1Bd4Iay15qfUV
+MhMb4uWtkj7HxOycgC9zPgb3FBp2ZRjidkSy6G/7DYlsasrellk4yQrCSGy2+/ZT
+E0fybI/f/eSUQoglLvExl2TAZTCcF4LS7JUaqWUv/aGe6A3D6O+xjcl3iDijMCT+
+IxvKYfT3D+0iQTlMlDS1FKVhxQId7YBbeGAY6xY9BM1kpqKGd35ODEJ0Id9QofR5
+JFbIRq4unZ48+vnqFRhDi8SX//QOL7FQPbLiYy1mxOed83XJcqkMGcBh5oSl4PT0
+gsfILZsZsf22V5k4pGsjov+AY0M3RSQWJUU=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainH-ICA4-pathlen2.pem b/certs/test-pathlen/chainH-ICA4-pathlen2.pem
index 6f7c4e2cc..d0e6069fe 100644
--- a/certs/test-pathlen/chainH-ICA4-pathlen2.pem
+++ b/certs/test-pathlen/chainH-ICA4-pathlen2.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:f3:2f:8a:cd:9e:87:f1:01:f3:a4:c0:2d:66:
                     36:d7:11:2e:64:08:e8:f1:99:fa:a6:9c:f4:bd:3b:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         a1:6c:a3:2e:95:bb:e7:f0:f4:70:b8:8c:5a:a7:29:54:13:6a:
-         5b:13:e3:62:6a:b5:06:68:41:91:2f:84:97:1f:25:c1:db:18:
-         5d:09:26:04:ab:aa:2d:4d:59:2e:96:70:8f:0e:5d:0b:b8:b0:
-         db:5f:14:70:9e:00:d8:31:1f:65:54:47:69:5c:11:e8:0c:97:
-         2e:ff:0d:2e:ee:45:18:5b:aa:83:21:b1:5d:66:f0:b7:b3:99:
-         09:c6:fd:11:7e:b5:67:a0:d2:3b:a2:e9:b0:96:1d:42:ac:6e:
-         ce:f2:80:4e:8c:87:36:af:b5:c4:bc:fb:5d:18:40:d4:7d:3a:
-         0f:c8:9f:f1:95:bb:8a:ad:18:f8:3c:e0:49:da:36:26:17:8c:
-         87:75:79:80:5f:c4:5a:48:93:ed:62:93:73:55:a3:73:d4:ba:
-         3c:54:f4:b2:ad:70:af:8f:93:4f:a7:15:49:e0:cf:88:2a:1f:
-         bf:18:f5:13:e4:5b:d3:37:29:12:db:8c:4d:b6:93:0b:02:70:
-         47:84:cc:0a:e8:28:de:89:a1:43:0f:16:28:a9:be:85:6e:62:
-         44:5c:69:a0:33:67:bf:ee:80:37:46:25:e4:d2:ec:56:07:67:
-         e4:d6:e0:92:a1:2f:7c:d8:18:d0:7a:02:82:5b:48:3d:61:9b:
-         5f:65:db:af
+    Signature Value:
+        36:81:19:93:e0:6e:2e:c5:e5:a6:d2:b6:ca:17:ff:67:d9:b8:
+        0c:24:ed:f7:eb:96:dd:e1:96:df:6d:ca:bf:8d:31:32:36:e2:
+        64:c6:4c:81:94:63:f6:f9:a3:23:69:8e:de:98:6a:54:aa:7e:
+        65:1f:81:43:d9:ba:a5:b5:e7:9b:58:28:4e:62:72:9a:58:e1:
+        8f:cc:12:5e:63:42:78:d6:26:bc:46:69:cd:0e:f3:56:df:e4:
+        38:0e:83:96:d5:33:5e:fd:0d:2a:f9:88:08:14:ec:12:fe:75:
+        a9:5f:54:3d:ea:ee:bd:b7:aa:77:cc:e4:b2:eb:f4:af:37:22:
+        5e:bb:2a:8b:b7:0b:b8:47:32:b8:56:ca:bb:ca:e9:de:fb:a0:
+        fc:ac:65:04:78:c6:1f:65:9e:8c:76:ef:82:75:8b:59:59:37:
+        d0:5d:97:9c:c0:8f:27:76:60:95:c4:b4:ba:e6:a3:9a:ce:c3:
+        df:02:ec:97:b5:06:9f:5e:f8:15:52:01:6d:fd:c5:73:b8:12:
+        35:49:e4:28:df:26:86:6d:93:4e:f3:6f:88:e5:51:98:5f:46:
+        49:69:02:17:ec:74:ed:7b:e2:b5:6c:24:d4:cf:4a:78:12:f6:
+        5d:4f:3d:3d:c8:ae:8f:53:aa:4e:2e:dd:3b:a9:0c:d4:b8:2e:
+        bd:e5:af:95
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluSC1JQ0E0
 LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFBhtRIPuH+y0IvCc61QeShVYAaoTMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAKFsoy6Vu+fw9HC4jFqnKVQTalsT42JqtQZoQZEvhJcf
-JcHbGF0JJgSrqi1NWS6WcI8OXQu4sNtfFHCeANgxH2VUR2lcEegMly7/DS7uRRhb
-qoMhsV1m8LezmQnG/RF+tWeg0jui6bCWHUKsbs7ygE6MhzavtcS8+10YQNR9Og/I
-n/GVu4qtGPg84EnaNiYXjId1eYBfxFpIk+1ik3NVo3PUujxU9LKtcK+Pk0+nFUng
-z4gqH78Y9RPkW9M3KRLbjE22kwsCcEeEzAroKN6JoUMPFiipvoVuYkRcaaAzZ7/u
-gDdGJeTS7FYHZ+TW4JKhL3zYGNB6AoJbSD1hm19l268=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBADaBGZPgbi7F5abStsoX/2fZuAwk7ffrlt3hlt9tyr+N
+MTI24mTGTIGUY/b5oyNpjt6YalSqfmUfgUPZuqW155tYKE5icppY4Y/MEl5jQnjW
+JrxGac0O81bf5DgOg5bVM179DSr5iAgU7BL+dalfVD3q7r23qnfM5LLr9K83Il67
+Kou3C7hHMrhWyrvK6d77oPysZQR4xh9lnox274J1i1lZN9Bdl5zAjyd2YJXEtLrm
+o5rOw98C7Je1Bp9e+BVSAW39xXO4EjVJ5CjfJoZtk07zb4jlUZhfRklpAhfsdO17
+4rVsJNTPSngS9l1PPT3Iro9Tqk4u3TupDNS4Lr3lr5U=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainH-assembled.pem b/certs/test-pathlen/chainH-assembled.pem
index 8b3bc6227..c430bee64 100644
--- a/certs/test-pathlen/chainH-assembled.pem
+++ b/certs/test-pathlen/chainH-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ba:ed:ab:c0:0d:92:6c:10:e4:50:9f:7c:98:cc:
                     87:fd:28:34:77:c0:58:28:52:2c:28:97:80:ec:78:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:48:80:87:28:EF:E6:28:0F:03:9B:DF:33:48:10:A0:E5:20:B3:69:50
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainH-ICA2-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         06:45:21:fd:a8:95:fa:d4:96:c7:4f:83:6b:6c:c1:24:fa:b0:
-         14:42:db:7a:5c:7b:f4:8f:4e:66:78:bc:ff:65:bd:4a:a7:8e:
-         d0:78:33:6f:d2:aa:bb:9b:25:26:15:4d:9d:8e:39:16:99:70:
-         25:6a:2d:ee:78:54:80:13:71:f3:e1:6a:ec:56:57:1a:25:db:
-         8f:b3:64:22:d2:04:d1:b2:aa:ff:2c:d9:ae:6d:74:66:18:74:
-         58:38:4b:ec:77:69:f6:83:ed:4d:7d:4a:60:71:35:8e:14:02:
-         72:9e:93:22:a5:ca:d9:33:7e:12:c4:41:34:cf:c4:14:66:9a:
-         fa:04:aa:1f:e2:d9:5e:d3:42:9e:fa:c9:71:6e:f0:43:08:a7:
-         60:bc:eb:19:8e:70:09:24:12:6b:9a:10:60:fc:44:61:e3:f4:
-         0d:08:15:9e:a6:b3:7e:9b:be:d5:f9:63:9d:2f:be:c3:81:c6:
-         ef:e8:56:99:a2:58:f3:32:7c:c2:c2:b1:d9:6a:bd:51:79:eb:
-         18:02:44:b4:4e:e8:7c:3e:96:a4:ae:86:79:94:11:6f:1b:eb:
-         80:71:07:1f:4c:5d:88:67:39:62:6d:c2:0d:64:2a:07:66:48:
-         ca:b4:76:06:da:1c:40:24:77:34:a9:8b:26:d0:20:6b:94:25:
-         75:73:84:e7
+    Signature Value:
+        44:cd:05:6c:e3:bf:bc:7f:0a:a8:83:b5:82:a0:c8:4d:7d:10:
+        cf:83:03:84:83:21:ea:d1:2e:9c:2f:65:c4:c0:39:96:5c:bf:
+        0d:48:da:04:4e:09:c5:12:8c:0c:2a:15:dd:56:16:3b:95:51:
+        24:36:43:26:ee:05:e4:7a:3c:76:b5:3c:6e:5f:df:b9:71:57:
+        18:e2:36:93:61:50:ad:7c:2a:c2:57:7f:f0:5b:81:b7:6f:05:
+        1a:75:20:39:33:fa:d4:b6:96:f5:3f:21:d7:6e:b8:3a:65:c5:
+        b7:15:22:c1:34:80:41:94:0b:d0:7f:0b:7b:35:41:2f:04:6e:
+        1e:68:a3:f2:ed:6a:1b:54:b0:60:b3:ad:41:9a:73:96:c3:37:
+        90:6f:02:55:aa:66:f8:26:ea:17:cd:7f:08:6c:12:09:24:f5:
+        6d:54:5d:b7:4c:9d:47:ac:c7:a0:4c:ad:ad:4d:0d:7f:25:3c:
+        49:a1:bc:c0:f4:a0:75:fb:79:4c:7d:12:a2:b0:47:f6:ab:ed:
+        04:30:6c:94:a2:57:a2:4b:df:51:89:01:e6:34:51:85:e0:de:
+        77:0f:ad:b3:9b:25:06:a7:09:19:92:9a:c8:7f:a8:8a:c6:86:
+        da:71:48:04:7f:0d:69:8a:05:40:45:98:08:ad:03:36:89:84:
+        1e:b2:24:72
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzM1oXDTI2MDkwODIyMTkzM1owgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkgtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,13 +77,13 @@ VR0jBIHGMIHDgBRIgIco7+YoDwOb3zNIEKDlILNpUKGBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluSC1JQ0EyLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAAZFIf2o
-lfrUlsdPg2tswST6sBRC23pce/SPTmZ4vP9lvUqnjtB4M2/SqrubJSYVTZ2OORaZ
-cCVqLe54VIATcfPhauxWVxol24+zZCLSBNGyqv8s2a5tdGYYdFg4S+x3afaD7U19
-SmBxNY4UAnKekyKlytkzfhLEQTTPxBRmmvoEqh/i2V7TQp76yXFu8EMIp2C86xmO
-cAkkEmuaEGD8RGHj9A0IFZ6ms36bvtX5Y50vvsOBxu/oVpmiWPMyfMLCsdlqvVF5
-6xgCRLRO6Hw+lqSuhnmUEW8b64BxBx9MXYhnOWJtwg1kKgdmSMq0dgbaHEAkdzSp
-iybQIGuUJXVzhOc=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAETNBWzj
+v7x/CqiDtYKgyE19EM+DA4SDIerRLpwvZcTAOZZcvw1I2gROCcUSjAwqFd1WFjuV
+USQ2QybuBeR6PHa1PG5f37lxVxjiNpNhUK18KsJXf/BbgbdvBRp1IDkz+tS2lvU/
+IdduuDplxbcVIsE0gEGUC9B/C3s1QS8Ebh5oo/LtahtUsGCzrUGac5bDN5BvAlWq
+Zvgm6hfNfwhsEgkk9W1UXbdMnUesx6BMra1NDX8lPEmhvMD0oHX7eUx9EqKwR/ar
+7QQwbJSiV6JL31GJAeY0UYXg3ncPrbObJQanCRmSmsh/qIrGhtpxSAR/DWmKBUBF
+mAitAzaJhB6yJHI=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -92,12 +92,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA2-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c7:f4:a6:7e:f2:cb:4f:6e:04:18:d3:53:d5:cf:
                     bf:7e:97:d1:74:94:fe:db:ad:61:3f:12:20:67:f3:
@@ -125,33 +125,33 @@ Certificate:
                 keyid:80:49:61:8C:1D:13:08:56:B5:42:68:D5:B2:EA:89:2C:B4:8B:05:87
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainH-ICA3-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:0
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         84:70:f5:e6:36:95:d1:b9:43:99:0b:7e:a9:b1:2f:5a:4a:58:
-         3f:73:83:a1:90:9e:b5:86:10:fb:0e:46:22:38:92:f2:07:19:
-         20:c3:82:f0:8d:38:4f:39:38:6b:bc:43:15:fe:b4:c2:78:49:
-         d4:78:2e:6e:41:cb:f8:c6:ed:b9:8c:76:ad:b6:d4:68:fa:82:
-         55:cc:b2:60:d5:ce:8c:bb:7a:dd:19:29:4e:c8:c6:f8:2a:1a:
-         b4:e7:8e:31:e8:63:76:bf:6e:77:98:3e:98:70:18:fb:d7:f5:
-         cc:47:da:35:54:d8:77:6e:54:db:3c:b0:b8:81:f0:ae:e2:a1:
-         92:ea:c4:dd:0c:4b:fa:15:82:e0:4b:c8:cc:81:1d:54:2b:53:
-         c9:ed:06:00:28:e7:c5:37:d0:46:14:24:5c:6f:d4:a8:d9:c6:
-         e5:57:8d:0a:66:27:89:93:fc:c3:46:0c:40:b6:eb:f3:52:16:
-         d5:ed:21:ee:20:89:bd:ff:12:6d:7b:8e:7d:9d:1a:41:f4:0c:
-         1c:ef:2d:ee:82:cf:9b:ca:8e:3e:fa:6c:13:79:13:5a:93:c4:
-         d8:99:1a:88:f0:c7:4c:76:4e:e7:b9:f3:1a:ec:77:42:c8:60:
-         f8:f6:2a:50:df:16:fa:bc:00:06:57:23:a9:34:c5:6f:d9:82:
-         00:78:1b:58
+    Signature Value:
+        4f:4a:9c:ef:2f:a2:03:d7:1a:83:e0:cc:d5:72:f9:fc:f6:32:
+        20:b8:55:f2:91:5a:21:71:9e:14:e9:a5:65:11:d6:ed:45:9f:
+        b6:6b:b5:c1:92:83:7c:40:78:cc:cc:06:44:91:cf:8a:40:88:
+        1b:99:c3:64:4f:f4:56:33:a8:e5:92:79:37:06:85:6b:91:57:
+        b7:d3:fa:ef:b4:5a:ab:43:6f:e9:d0:12:54:53:77:21:57:59:
+        15:de:12:9b:18:d6:3e:3e:24:ab:ad:7d:aa:33:bb:b0:ed:f4:
+        20:14:d4:5b:22:aa:99:9b:8c:05:95:3a:7e:b9:03:da:e9:ba:
+        49:64:d7:89:9a:f4:2e:19:36:82:b0:0d:4e:18:6b:f7:3e:e2:
+        b1:a7:e2:0c:cd:d2:ae:d0:35:a5:31:3c:4e:2b:32:d3:89:7c:
+        ed:59:7e:c3:f5:a1:97:90:e5:34:7b:05:94:e5:83:32:84:55:
+        7d:27:28:91:e7:c1:c2:d6:6b:ad:4f:cf:22:ac:36:72:90:5b:
+        65:cd:e1:5f:12:73:ba:72:b9:f8:7f:f9:a5:6a:e0:69:44:54:
+        fd:41:10:2a:94:26:0d:0d:5e:55:e2:db:6f:ca:a2:e1:36:23:
+        e2:f1:82:b1:44:e8:9f:d0:b5:a8:d1:d7:51:fa:ed:63:3d:f8:
+        4e:68:23:d2
 -----BEGIN CERTIFICATE-----
 MIIE0zCCA7ugAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0EyLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkgtSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -167,12 +167,12 @@ oTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl
 YXR0bGUxFTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxHTAbBgNVBAMMFGNoYWluSC1JQ0EzLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkB
 FhBpbmZvQHdvbGZzc2wuY29tggFkMA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQD
-AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCEcPXmNpXRuUOZC36psS9aSlg/c4OhkJ61
-hhD7DkYiOJLyBxkgw4LwjThPOThrvEMV/rTCeEnUeC5uQcv4xu25jHatttRo+oJV
-zLJg1c6Mu3rdGSlOyMb4Khq0544x6GN2v253mD6YcBj71/XMR9o1VNh3blTbPLC4
-gfCu4qGS6sTdDEv6FYLgS8jMgR1UK1PJ7QYAKOfFN9BGFCRcb9So2cblV40KZieJ
-k/zDRgxAtuvzUhbV7SHuIIm9/xJte459nRpB9Awc7y3ugs+byo4++mwTeRNak8TY
-mRqI8MdMdk7nufMa7HdCyGD49ipQ3xb6vAAGVyOpNMVv2YIAeBtY
+AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBPSpzvL6ID1xqD4MzVcvn89jIguFXykVoh
+cZ4U6aVlEdbtRZ+2a7XBkoN8QHjMzAZEkc+KQIgbmcNkT/RWM6jlknk3BoVrkVe3
+0/rvtFqrQ2/p0BJUU3chV1kV3hKbGNY+PiSrrX2qM7uw7fQgFNRbIqqZm4wFlTp+
+uQPa6bpJZNeJmvQuGTaCsA1OGGv3PuKxp+IMzdKu0DWlMTxOKzLTiXztWX7D9aGX
+kOU0ewWU5YMyhFV9JyiR58HC1mutT88irDZykFtlzeFfEnO6crn4f/mlauBpRFT9
+QRAqlCYNDV5V4ttvyqLhNiPi8YKxROif0LWo0ddR+u1jPfhOaCPS
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -181,12 +181,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA2-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d9:b5:af:4b:ba:83:03:23:df:50:28:a8:c2:0c:
                     2c:f0:04:cb:2d:04:9b:1e:f5:f4:68:bc:d4:8e:b4:
@@ -214,33 +214,33 @@ Certificate:
                 keyid:56:54:36:BE:23:2F:20:89:6D:A6:BA:9A:45:A4:88:0E:40:35:FD:F5
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainH-ICA4-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         8f:ee:27:f5:45:63:56:eb:66:f5:c7:4f:b0:4a:16:ca:2a:e1:
-         de:75:7d:8b:09:12:0c:65:fe:a2:59:66:5e:b1:9f:1a:fc:e5:
-         a5:e5:c9:9b:4f:77:f1:87:8a:a7:36:2d:67:4d:ec:19:13:e3:
-         c1:9c:95:a5:90:ec:0f:39:5b:da:42:9f:73:6c:56:1f:aa:a8:
-         fb:69:82:a7:b2:21:b5:f7:fe:4e:1d:02:fc:30:e8:08:14:d8:
-         86:db:ca:31:da:4d:b8:9c:91:2b:45:b4:70:6b:87:9e:e5:4c:
-         ea:b4:7a:75:18:1e:4c:db:e8:b1:e7:f0:50:43:59:38:31:46:
-         57:59:ae:60:f8:8d:68:b6:49:3c:a5:4e:19:4c:e3:03:ef:5b:
-         bd:c0:9d:12:ba:b3:cb:f2:35:7a:81:a8:3b:95:9c:66:35:a2:
-         94:79:bb:c0:cd:cd:cb:32:d2:8d:ef:89:c6:1c:28:f1:c2:6c:
-         53:c7:fc:de:5e:c9:de:7e:11:61:d9:d7:b1:5e:61:d7:f1:a7:
-         e8:62:e1:f5:0f:f3:17:e8:e5:43:98:3b:cc:b7:cf:a4:ae:92:
-         6b:16:51:ea:38:5f:5e:59:74:87:72:aa:5e:5f:21:dd:d8:6c:
-         8a:e2:7d:11:5b:c1:5c:e9:76:aa:4f:60:46:51:5e:c0:b2:d3:
-         9b:f6:ba:ca
+    Signature Value:
+        47:fe:53:d4:55:2d:7a:8b:02:53:06:f7:18:4c:be:c9:30:f9:
+        53:d8:4c:58:e7:6a:53:db:b2:5b:8c:1b:63:9d:ba:c5:7e:6f:
+        dc:aa:df:78:7c:a6:b6:55:92:69:6a:09:25:1c:98:3f:45:db:
+        18:f8:81:7b:fb:a2:ae:95:81:50:c5:4a:e9:ae:31:b9:1e:ea:
+        22:5e:26:6e:63:be:79:b2:e7:bb:16:0c:be:56:29:db:dc:8f:
+        90:27:4a:9a:82:30:5e:6f:a8:7f:2b:56:e5:8b:3c:c5:47:46:
+        ca:a1:20:a2:f4:3d:8c:bc:cd:f5:48:b1:59:23:71:70:aa:6d:
+        5e:09:21:54:62:e2:05:5b:eb:d4:bc:fb:d3:8b:47:c2:47:31:
+        0f:c8:45:36:c2:f5:1c:1d:e0:79:4b:45:1a:3c:36:53:b2:ec:
+        3b:61:c0:7a:08:42:d7:2e:95:92:6b:6e:12:63:c7:61:bc:9c:
+        2c:02:04:84:d4:28:a7:56:3f:bc:27:73:37:00:82:ef:09:c1:
+        88:35:98:c1:77:8c:3f:4a:19:da:42:c5:89:00:54:ca:39:05:
+        42:80:97:8d:f0:39:ca:9a:5b:f7:b7:4e:86:68:b9:88:1f:79:
+        25:7c:79:e6:3b:58:8a:52:ca:10:47:95:64:bb:1d:fd:e7:51:
+        d8:94:3b:89
 -----BEGIN CERTIFICATE-----
 MIIE0zCCA7ugAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0EzLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkgtSUNBMi1wYXRobGVuMjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -256,12 +256,12 @@ oTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1Nl
 YXR0bGUxFTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxHTAbBgNVBAMMFGNoYWluSC1JQ0E0LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkB
 FhBpbmZvQHdvbGZzc2wuY29tggFkMA8GA1UdEwQIMAYBAf8CAQIwCwYDVR0PBAQD
-AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCP7if1RWNW62b1x0+wShbKKuHedX2LCRIM
-Zf6iWWZesZ8a/OWl5cmbT3fxh4qnNi1nTewZE+PBnJWlkOwPOVvaQp9zbFYfqqj7
-aYKnsiG19/5OHQL8MOgIFNiG28ox2k24nJErRbRwa4ee5UzqtHp1GB5M2+ix5/BQ
-Q1k4MUZXWa5g+I1otkk8pU4ZTOMD71u9wJ0SurPL8jV6gag7lZxmNaKUebvAzc3L
-MtKN74nGHCjxwmxTx/zeXsnefhFh2dexXmHX8afoYuH1D/MX6OVDmDvMt8+krpJr
-FlHqOF9eWXSHcqpeXyHd2GyK4n0RW8Fc6XaqT2BGUV7AstOb9rrK
+AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBH/lPUVS16iwJTBvcYTL7JMPlT2ExY52pT
+27JbjBtjnbrFfm/cqt94fKa2VZJpagklHJg/RdsY+IF7+6KulYFQxUrprjG5Huoi
+XiZuY755sue7Fgy+Vinb3I+QJ0qagjBeb6h/K1blizzFR0bKoSCi9D2MvM31SLFZ
+I3Fwqm1eCSFUYuIFW+vUvPvTi0fCRzEPyEU2wvUcHeB5S0UaPDZTsuw7YcB6CELX
+LpWSa24SY8dhvJwsAgSE1CinVj+8J3M3AILvCcGINZjBd4w/ShnaQsWJAFTKOQVC
+gJeN8DnKmlv3t06GaLmIH3klfHnmO1iKUsoQR5Vkux3951HYlDuJ
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -270,12 +270,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b7:b3:1a:1b:4a:80:1b:a2:e5:95:14:bc:55:e4:
                     77:dc:f3:7b:8a:9f:34:7c:93:db:c9:c9:d0:8b:b8:
@@ -303,33 +303,33 @@ Certificate:
                 keyid:18:6D:44:83:EE:1F:EC:B4:22:F0:9C:EB:54:1E:4A:15:58:01:AA:13
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         75:ad:f2:f8:79:a5:c6:0d:4a:35:07:f6:75:1c:6c:0e:bf:3d:
-         d7:fc:81:de:57:9f:3f:f0:c9:8e:75:b8:23:0d:36:22:d6:d9:
-         57:dc:c0:5b:a4:9a:fa:ef:2a:b5:ad:e2:c5:96:84:1a:84:49:
-         a8:17:b7:2e:fd:45:21:8f:e4:f1:8a:e5:64:bb:50:96:31:62:
-         d7:4a:11:f4:fa:78:5b:bb:0d:0a:0e:91:bb:84:e8:c6:5d:1a:
-         03:1e:4b:50:5d:c5:03:f5:a3:32:fa:6c:5e:a8:c5:12:b4:5a:
-         c4:e6:ff:36:c3:4d:a7:1a:d1:b2:71:dd:89:1a:b2:08:46:60:
-         bb:8e:bb:df:bd:b9:0f:45:3d:25:06:eb:a7:95:11:a6:32:ee:
-         a0:2c:4c:2f:81:54:6f:54:16:d7:c3:85:6e:c4:78:43:a3:48:
-         2f:81:03:81:c2:02:0a:84:9d:a8:b5:3f:02:b4:c0:fd:b5:d5:
-         2f:f0:48:d7:0f:98:cb:0f:ca:e4:9c:1a:d8:1c:10:31:4b:9e:
-         9b:a9:44:63:03:a0:a0:de:bc:bd:0f:d9:5a:fa:81:f2:d5:7d:
-         de:4b:06:88:b8:0e:98:5c:fb:60:a2:10:e9:ad:38:c7:05:09:
-         9d:c9:bc:24:89:29:84:a5:3a:76:d9:ec:b8:9c:c7:9a:02:7e:
-         23:d6:1b:65
+    Signature Value:
+        24:19:e1:68:7d:9a:f3:0e:86:de:58:94:6e:3c:f0:b0:d6:be:
+        03:6b:0a:23:97:fd:e8:04:02:35:f5:05:de:08:6b:2d:79:a9:
+        f5:15:32:13:1b:e2:e5:ad:92:3e:c7:c4:ec:9c:80:2f:73:3e:
+        06:f7:14:1a:76:65:18:e2:76:44:b2:e8:6f:fb:0d:89:6c:6a:
+        ca:de:96:59:38:c9:0a:c2:48:6c:b6:fb:f6:53:13:47:f2:6c:
+        8f:df:fd:e4:94:42:88:25:2e:f1:31:97:64:c0:65:30:9c:17:
+        82:d2:ec:95:1a:a9:65:2f:fd:a1:9e:e8:0d:c3:e8:ef:b1:8d:
+        c9:77:88:38:a3:30:24:fe:23:1b:ca:61:f4:f7:0f:ed:22:41:
+        39:4c:94:34:b5:14:a5:61:c5:02:1d:ed:80:5b:78:60:18:eb:
+        16:3d:04:cd:64:a6:a2:86:77:7e:4e:0c:42:74:21:df:50:a1:
+        f4:79:24:56:c8:46:ae:2e:9d:9e:3c:fa:f9:ea:15:18:43:8b:
+        c4:97:ff:f4:0e:2f:b1:50:3d:b2:e2:63:2d:66:c4:e7:9d:f3:
+        75:c9:72:a9:0c:19:c0:61:e6:84:a5:e0:f4:f4:82:c7:c8:2d:
+        9b:19:b1:fd:b6:57:99:38:a4:6b:23:a2:ff:80:63:43:37:45:
+        24:16:25:45
 -----BEGIN CERTIFICATE-----
 MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0E0LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzMloXDTI2MDkwODIyMTkzMlowgaExCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
 DBRjaGFpbkgtSUNBMy1wYXRobGVuMjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
@@ -345,12 +345,12 @@ lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
 bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
-AQELBQADggEBAHWt8vh5pcYNSjUH9nUcbA6/Pdf8gd5Xnz/wyY51uCMNNiLW2Vfc
-wFukmvrvKrWt4sWWhBqESagXty79RSGP5PGK5WS7UJYxYtdKEfT6eFu7DQoOkbuE
-6MZdGgMeS1BdxQP1ozL6bF6oxRK0WsTm/zbDTaca0bJx3YkasghGYLuOu9+9uQ9F
-PSUG66eVEaYy7qAsTC+BVG9UFtfDhW7EeEOjSC+BA4HCAgqEnai1PwK0wP211S/w
-SNcPmMsPyuScGtgcEDFLnpupRGMDoKDevL0P2Vr6gfLVfd5LBoi4Dphc+2CiEOmt
-OMcFCZ3JvCSJKYSlOnbZ7Licx5oCfiPWG2U=
+AQELBQADggEBACQZ4Wh9mvMOht5YlG488LDWvgNrCiOX/egEAjX1Bd4Iay15qfUV
+MhMb4uWtkj7HxOycgC9zPgb3FBp2ZRjidkSy6G/7DYlsasrellk4yQrCSGy2+/ZT
+E0fybI/f/eSUQoglLvExl2TAZTCcF4LS7JUaqWUv/aGe6A3D6O+xjcl3iDijMCT+
+IxvKYfT3D+0iQTlMlDS1FKVhxQId7YBbeGAY6xY9BM1kpqKGd35ODEJ0Id9QofR5
+JFbIRq4unZ48+vnqFRhDi8SX//QOL7FQPbLiYy1mxOed83XJcqkMGcBh5oSl4PT0
+gsfILZsZsf22V5k4pGsjov+AY0M3RSQWJUU=
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -359,12 +359,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:32 2023 GMT
-            Not After : Sep  8 22:19:32 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:f3:2f:8a:cd:9e:87:f1:01:f3:a4:c0:2d:66:
                     36:d7:11:2e:64:08:e8:f1:99:fa:a6:9c:f4:bd:3b:
@@ -391,34 +391,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         a1:6c:a3:2e:95:bb:e7:f0:f4:70:b8:8c:5a:a7:29:54:13:6a:
-         5b:13:e3:62:6a:b5:06:68:41:91:2f:84:97:1f:25:c1:db:18:
-         5d:09:26:04:ab:aa:2d:4d:59:2e:96:70:8f:0e:5d:0b:b8:b0:
-         db:5f:14:70:9e:00:d8:31:1f:65:54:47:69:5c:11:e8:0c:97:
-         2e:ff:0d:2e:ee:45:18:5b:aa:83:21:b1:5d:66:f0:b7:b3:99:
-         09:c6:fd:11:7e:b5:67:a0:d2:3b:a2:e9:b0:96:1d:42:ac:6e:
-         ce:f2:80:4e:8c:87:36:af:b5:c4:bc:fb:5d:18:40:d4:7d:3a:
-         0f:c8:9f:f1:95:bb:8a:ad:18:f8:3c:e0:49:da:36:26:17:8c:
-         87:75:79:80:5f:c4:5a:48:93:ed:62:93:73:55:a3:73:d4:ba:
-         3c:54:f4:b2:ad:70:af:8f:93:4f:a7:15:49:e0:cf:88:2a:1f:
-         bf:18:f5:13:e4:5b:d3:37:29:12:db:8c:4d:b6:93:0b:02:70:
-         47:84:cc:0a:e8:28:de:89:a1:43:0f:16:28:a9:be:85:6e:62:
-         44:5c:69:a0:33:67:bf:ee:80:37:46:25:e4:d2:ec:56:07:67:
-         e4:d6:e0:92:a1:2f:7c:d8:18:d0:7a:02:82:5b:48:3d:61:9b:
-         5f:65:db:af
+    Signature Value:
+        36:81:19:93:e0:6e:2e:c5:e5:a6:d2:b6:ca:17:ff:67:d9:b8:
+        0c:24:ed:f7:eb:96:dd:e1:96:df:6d:ca:bf:8d:31:32:36:e2:
+        64:c6:4c:81:94:63:f6:f9:a3:23:69:8e:de:98:6a:54:aa:7e:
+        65:1f:81:43:d9:ba:a5:b5:e7:9b:58:28:4e:62:72:9a:58:e1:
+        8f:cc:12:5e:63:42:78:d6:26:bc:46:69:cd:0e:f3:56:df:e4:
+        38:0e:83:96:d5:33:5e:fd:0d:2a:f9:88:08:14:ec:12:fe:75:
+        a9:5f:54:3d:ea:ee:bd:b7:aa:77:cc:e4:b2:eb:f4:af:37:22:
+        5e:bb:2a:8b:b7:0b:b8:47:32:b8:56:ca:bb:ca:e9:de:fb:a0:
+        fc:ac:65:04:78:c6:1f:65:9e:8c:76:ef:82:75:8b:59:59:37:
+        d0:5d:97:9c:c0:8f:27:76:60:95:c4:b4:ba:e6:a3:9a:ce:c3:
+        df:02:ec:97:b5:06:9f:5e:f8:15:52:01:6d:fd:c5:73:b8:12:
+        35:49:e4:28:df:26:86:6d:93:4e:f3:6f:88:e5:51:98:5f:46:
+        49:69:02:17:ec:74:ed:7b:e2:b5:6c:24:d4:cf:4a:78:12:f6:
+        5d:4f:3d:3d:c8:ae:8f:53:aa:4e:2e:dd:3b:a9:0c:d4:b8:2e:
+        bd:e5:af:95
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMyWhcNMjYwOTA4MjIxOTMyWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluSC1JQ0E0
 LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -432,12 +432,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFBhtRIPuH+y0IvCc61QeShVYAaoTMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAKFsoy6Vu+fw9HC4jFqnKVQTalsT42JqtQZoQZEvhJcf
-JcHbGF0JJgSrqi1NWS6WcI8OXQu4sNtfFHCeANgxH2VUR2lcEegMly7/DS7uRRhb
-qoMhsV1m8LezmQnG/RF+tWeg0jui6bCWHUKsbs7ygE6MhzavtcS8+10YQNR9Og/I
-n/GVu4qtGPg84EnaNiYXjId1eYBfxFpIk+1ik3NVo3PUujxU9LKtcK+Pk0+nFUng
-z4gqH78Y9RPkW9M3KRLbjE22kwsCcEeEzAroKN6JoUMPFiipvoVuYkRcaaAzZ7/u
-gDdGJeTS7FYHZ+TW4JKhL3zYGNB6AoJbSD1hm19l268=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBADaBGZPgbi7F5abStsoX/2fZuAwk7ffrlt3hlt9tyr+N
+MTI24mTGTIGUY/b5oyNpjt6YalSqfmUfgUPZuqW155tYKE5icppY4Y/MEl5jQnjW
+JrxGac0O81bf5DgOg5bVM179DSr5iAgU7BL+dalfVD3q7r23qnfM5LLr9K83Il67
+Kou3C7hHMrhWyrvK6d77oPysZQR4xh9lnox274J1i1lZN9Bdl5zAjyd2YJXEtLrm
+o5rOw98C7Je1Bp9e+BVSAW39xXO4EjVJ5CjfJoZtk07zb4jlUZhfRklpAhfsdO17
+4rVsJNTPSngS9l1PPT3Iro9Tqk4u3TupDNS4Lr3lr5U=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainH-entity.pem b/certs/test-pathlen/chainH-entity.pem
index 42512cc12..51e25c97b 100644
--- a/certs/test-pathlen/chainH-entity.pem
+++ b/certs/test-pathlen/chainH-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-ICA1-pathlen0, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainH-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:ba:ed:ab:c0:0d:92:6c:10:e4:50:9f:7c:98:cc:
                     87:fd:28:34:77:c0:58:28:52:2c:28:97:80:ec:78:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:48:80:87:28:EF:E6:28:0F:03:9B:DF:33:48:10:A0:E5:20:B3:69:50
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainH-ICA2-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         06:45:21:fd:a8:95:fa:d4:96:c7:4f:83:6b:6c:c1:24:fa:b0:
-         14:42:db:7a:5c:7b:f4:8f:4e:66:78:bc:ff:65:bd:4a:a7:8e:
-         d0:78:33:6f:d2:aa:bb:9b:25:26:15:4d:9d:8e:39:16:99:70:
-         25:6a:2d:ee:78:54:80:13:71:f3:e1:6a:ec:56:57:1a:25:db:
-         8f:b3:64:22:d2:04:d1:b2:aa:ff:2c:d9:ae:6d:74:66:18:74:
-         58:38:4b:ec:77:69:f6:83:ed:4d:7d:4a:60:71:35:8e:14:02:
-         72:9e:93:22:a5:ca:d9:33:7e:12:c4:41:34:cf:c4:14:66:9a:
-         fa:04:aa:1f:e2:d9:5e:d3:42:9e:fa:c9:71:6e:f0:43:08:a7:
-         60:bc:eb:19:8e:70:09:24:12:6b:9a:10:60:fc:44:61:e3:f4:
-         0d:08:15:9e:a6:b3:7e:9b:be:d5:f9:63:9d:2f:be:c3:81:c6:
-         ef:e8:56:99:a2:58:f3:32:7c:c2:c2:b1:d9:6a:bd:51:79:eb:
-         18:02:44:b4:4e:e8:7c:3e:96:a4:ae:86:79:94:11:6f:1b:eb:
-         80:71:07:1f:4c:5d:88:67:39:62:6d:c2:0d:64:2a:07:66:48:
-         ca:b4:76:06:da:1c:40:24:77:34:a9:8b:26:d0:20:6b:94:25:
-         75:73:84:e7
+    Signature Value:
+        44:cd:05:6c:e3:bf:bc:7f:0a:a8:83:b5:82:a0:c8:4d:7d:10:
+        cf:83:03:84:83:21:ea:d1:2e:9c:2f:65:c4:c0:39:96:5c:bf:
+        0d:48:da:04:4e:09:c5:12:8c:0c:2a:15:dd:56:16:3b:95:51:
+        24:36:43:26:ee:05:e4:7a:3c:76:b5:3c:6e:5f:df:b9:71:57:
+        18:e2:36:93:61:50:ad:7c:2a:c2:57:7f:f0:5b:81:b7:6f:05:
+        1a:75:20:39:33:fa:d4:b6:96:f5:3f:21:d7:6e:b8:3a:65:c5:
+        b7:15:22:c1:34:80:41:94:0b:d0:7f:0b:7b:35:41:2f:04:6e:
+        1e:68:a3:f2:ed:6a:1b:54:b0:60:b3:ad:41:9a:73:96:c3:37:
+        90:6f:02:55:aa:66:f8:26:ea:17:cd:7f:08:6c:12:09:24:f5:
+        6d:54:5d:b7:4c:9d:47:ac:c7:a0:4c:ad:ad:4d:0d:7f:25:3c:
+        49:a1:bc:c0:f4:a0:75:fb:79:4c:7d:12:a2:b0:47:f6:ab:ed:
+        04:30:6c:94:a2:57:a2:4b:df:51:89:01:e6:34:51:85:e0:de:
+        77:0f:ad:b3:9b:25:06:a7:09:19:92:9a:c8:7f:a8:8a:c6:86:
+        da:71:48:04:7f:0d:69:8a:05:40:45:98:08:ad:03:36:89:84:
+        1e:b2:24:72
 -----BEGIN CERTIFICATE-----
 MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSC1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzM1oXDTI2MDkwODIyMTkzM1owgZoxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgZoxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
 DA1jaGFpbkgtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -77,11 +77,11 @@ VR0jBIHGMIHDgBRIgIco7+YoDwOb3zNIEKDlILNpUKGBp6SBpDCBoTELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
 BAMMFGNoYWluSC1JQ0EyLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAAZFIf2o
-lfrUlsdPg2tswST6sBRC23pce/SPTmZ4vP9lvUqnjtB4M2/SqrubJSYVTZ2OORaZ
-cCVqLe54VIATcfPhauxWVxol24+zZCLSBNGyqv8s2a5tdGYYdFg4S+x3afaD7U19
-SmBxNY4UAnKekyKlytkzfhLEQTTPxBRmmvoEqh/i2V7TQp76yXFu8EMIp2C86xmO
-cAkkEmuaEGD8RGHj9A0IFZ6ms36bvtX5Y50vvsOBxu/oVpmiWPMyfMLCsdlqvVF5
-6xgCRLRO6Hw+lqSuhnmUEW8b64BxBx9MXYhnOWJtwg1kKgdmSMq0dgbaHEAkdzSp
-iybQIGuUJXVzhOc=
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAETNBWzj
+v7x/CqiDtYKgyE19EM+DA4SDIerRLpwvZcTAOZZcvw1I2gROCcUSjAwqFd1WFjuV
+USQ2QybuBeR6PHa1PG5f37lxVxjiNpNhUK18KsJXf/BbgbdvBRp1IDkz+tS2lvU/
+IdduuDplxbcVIsE0gEGUC9B/C3s1QS8Ebh5oo/LtahtUsGCzrUGac5bDN5BvAlWq
+Zvgm6hfNfwhsEgkk9W1UXbdMnUesx6BMra1NDX8lPEmhvMD0oHX7eUx9EqKwR/ar
+7QQwbJSiV6JL31GJAeY0UYXg3ncPrbObJQanCRmSmsh/qIrGhtpxSAR/DWmKBUBF
+mAitAzaJhB6yJHI=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainI-ICA1-no_pathlen.pem b/certs/test-pathlen/chainI-ICA1-no_pathlen.pem
index 1f075ac7a..3a89f3d0d 100644
--- a/certs/test-pathlen/chainI-ICA1-no_pathlen.pem
+++ b/certs/test-pathlen/chainI-ICA1-no_pathlen.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:ba:06:ad:13:cf:da:fb:d1:cb:65:fe:26:58:
                     49:6a:01:14:a6:78:b2:2c:1d:ba:ba:d0:bd:27:38:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:D1:BA:FB:FF:1D:29:41:8A:6A:5F:B2:F3:A7:41:05:47:09:1F:48:42
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainI-ICA3-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         04:ad:23:1a:c8:33:0d:3a:b7:a2:db:58:ab:51:89:0f:48:11:
-         53:88:36:74:51:c3:69:9a:ed:26:9f:24:f9:9b:a1:5d:31:26:
-         29:ce:3c:91:ce:37:d4:d6:50:30:e1:85:65:35:71:bc:20:f9:
-         27:22:5c:cf:aa:83:32:ff:f5:77:2b:79:31:d7:5f:21:8b:34:
-         14:83:d5:f4:e5:fc:f3:76:4a:09:d0:e8:d4:1b:c4:03:4e:a0:
-         a8:8a:e9:db:2e:33:e2:0b:58:70:76:37:d8:78:60:a2:78:9b:
-         af:62:0e:b4:cb:d9:51:0d:5f:dd:a5:c7:49:60:30:8d:35:46:
-         d1:7c:02:c0:2e:ae:74:36:dd:ef:ee:16:46:05:d2:16:ff:24:
-         e0:27:f5:35:01:4d:86:76:52:b4:81:c8:69:f1:62:c1:a1:28:
-         a5:0e:ae:d3:8f:80:a6:51:69:d6:db:8b:04:a0:cd:81:97:a2:
-         b5:09:e7:4f:21:75:07:30:fe:19:c5:8b:26:2d:6c:61:92:b0:
-         0c:01:3d:78:50:18:12:66:58:d9:66:a7:79:72:87:52:12:bd:
-         16:cf:fb:ab:6e:7b:8f:ac:0d:84:16:36:f6:87:27:95:6c:62:
-         b2:60:94:cb:83:69:42:96:98:5d:d2:a8:c4:b4:89:c0:f8:b8:
-         7a:f0:7b:b8
+    Signature Value:
+        9b:0a:4c:3a:f9:25:a4:a1:b1:39:17:06:ef:ba:85:a2:42:d7:
+        ad:2c:cd:62:cb:c7:5e:0d:57:80:a1:e6:1c:84:0e:c9:6d:35:
+        96:01:2a:70:3e:7f:d5:21:9b:fe:64:6b:9f:90:45:68:36:ec:
+        a9:dd:a3:d0:6e:bc:35:ff:a3:3e:d8:7c:1c:a1:ce:47:26:2f:
+        5f:5f:77:22:7b:21:31:2d:d7:ac:1f:02:2f:e4:d1:54:48:65:
+        0a:ec:6d:e4:0a:6a:0a:ed:e5:69:1d:2e:80:14:9e:37:56:42:
+        07:48:bc:91:77:ed:3e:ad:41:22:4c:f2:40:d1:6a:11:92:3f:
+        30:00:4f:c2:ea:82:f5:1d:2e:79:0c:5f:f5:08:93:85:8f:6f:
+        e0:da:1e:6b:17:d1:7e:cf:e8:54:ea:2d:3a:13:50:c8:81:40:
+        d5:4c:4d:dc:d7:62:d6:7f:73:49:07:d8:58:75:ed:3c:ba:71:
+        c8:ef:bb:25:5e:14:ae:d5:55:ed:0e:ad:fe:4a:fa:40:c3:5d:
+        a7:61:00:96:5b:02:13:f2:a4:a1:f6:07:4b:3a:58:d9:4d:ab:
+        82:12:c6:cd:8c:ce:76:3c:ae:1e:95:1b:ab:a2:aa:f1:c6:d7:
+        13:55:a4:7f:8f:b6:fe:03:f4:f2:57:70:16:45:c2:b7:01:3b:
+        b0:79:d4:d5
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSS1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBozELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBozELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNV
 BAMMFmNoYWluSS1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9A
@@ -80,10 +80,10 @@ gaQwgaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
 DAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMR0wGwYDVQQDDBRjaGFpbkktSUNBMy1wYXRobGVuMjEfMB0GCSqGSIb3
 DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEABK0jGsgzDTq3ottYq1GJD0gRU4g2dFHD
-aZrtJp8k+ZuhXTEmKc48kc431NZQMOGFZTVxvCD5JyJcz6qDMv/1dyt5MddfIYs0
-FIPV9OX883ZKCdDo1BvEA06gqIrp2y4z4gtYcHY32Hhgonibr2IOtMvZUQ1f3aXH
-SWAwjTVG0XwCwC6udDbd7+4WRgXSFv8k4Cf1NQFNhnZStIHIafFiwaEopQ6u04+A
-plFp1tuLBKDNgZeitQnnTyF1BzD+GcWLJi1sYZKwDAE9eFAYEmZY2WaneXKHUhK9
-Fs/7q257j6wNhBY29ocnlWxismCUy4NpQpaYXdKoxLSJwPi4evB7uA==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAmwpMOvklpKGxORcG77qFokLXrSzNYsvH
+Xg1XgKHmHIQOyW01lgEqcD5/1SGb/mRrn5BFaDbsqd2j0G68Nf+jPth8HKHORyYv
+X193InshMS3XrB8CL+TRVEhlCuxt5ApqCu3laR0ugBSeN1ZCB0i8kXftPq1BIkzy
+QNFqEZI/MABPwuqC9R0ueQxf9QiThY9v4NoeaxfRfs/oVOotOhNQyIFA1UxN3Ndi
+1n9zSQfYWHXtPLpxyO+7JV4UrtVV7Q6t/kr6QMNdp2EAllsCE/KkofYHSzpY2U2r
+ghLGzYzOdjyuHpUbq6Kq8cbXE1Wkf4+2/gP08ldwFkXCtwE7sHnU1Q==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainI-ICA2-no_pathlen.pem b/certs/test-pathlen/chainI-ICA2-no_pathlen.pem
index 5d5e89007..05d0639c0 100644
--- a/certs/test-pathlen/chainI-ICA2-no_pathlen.pem
+++ b/certs/test-pathlen/chainI-ICA2-no_pathlen.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:1e:08:66:12:fe:20:07:10:1b:a1:27:0d:f9:
                     22:30:81:9b:ce:62:b1:a6:6d:49:d4:ed:b8:2d:4b:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:EE:37:A6:F2:40:D0:EF:FD:22:C7:A3:B4:6C:57:47:40:B9:99:F9:8D
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         14:61:ba:15:45:07:60:d4:c9:6d:ef:6f:74:2a:44:b5:34:a4:
-         df:0e:d9:f1:7b:7c:cb:50:db:d7:17:d3:9d:91:64:01:1b:93:
-         0d:b5:51:07:16:77:5f:2a:b5:9a:24:39:19:fc:ee:4d:79:4f:
-         c3:a3:9f:a1:07:e8:a3:0c:7e:04:0c:b0:33:a1:96:21:d2:ce:
-         88:41:28:88:82:39:7f:9d:54:2d:4c:56:df:41:8e:4a:59:69:
-         84:0b:fc:5d:47:06:84:ec:ae:4d:52:34:b2:1a:e8:61:e0:51:
-         8c:87:ad:c9:5d:f3:2e:bb:5b:36:d2:91:71:7f:f9:cf:f9:7f:
-         c3:2d:e5:7d:a7:fb:8a:2f:47:24:6c:3a:75:72:9b:c8:74:6f:
-         17:95:a4:d4:96:b4:3e:91:bf:c1:eb:89:18:ba:c3:e1:52:f8:
-         e8:a4:92:1b:c9:d8:a7:11:40:bf:62:9a:e6:ee:70:0a:f5:a3:
-         6d:06:0f:59:ad:53:8a:f6:b8:93:dc:39:59:b7:97:c2:3c:e2:
-         3b:e8:9f:5a:c9:42:35:d2:39:32:d8:9a:1d:3f:52:e6:cd:0b:
-         f9:d0:be:d8:ad:09:11:d7:6b:c2:c3:2e:d2:9b:92:99:a0:a8:
-         c9:0e:30:41:0e:73:77:48:ac:8b:69:28:3b:1c:76:b3:da:7f:
-         bd:04:95:07
+    Signature Value:
+        58:ae:c8:f4:6e:ca:c0:46:0e:59:bb:5d:05:e2:aa:0a:99:f4:
+        f6:91:af:31:f8:e5:44:4a:56:84:68:1e:5e:e4:b7:75:38:b0:
+        26:a4:9d:72:83:89:5a:20:30:ce:b1:8f:e0:6a:a3:99:68:da:
+        2f:b4:69:4f:4c:84:a5:0c:a3:d3:e7:05:c8:06:38:f4:01:00:
+        f1:f6:e8:db:b1:7c:ce:eb:58:35:cc:2e:8f:ee:0d:3d:03:27:
+        9b:f9:6f:ab:c9:55:45:ff:b9:67:70:00:dd:94:ff:6d:11:55:
+        26:24:05:ae:13:fc:db:38:c6:e2:05:df:94:11:37:59:1c:67:
+        a3:72:8c:99:2c:64:4c:5d:20:91:ff:2f:39:48:b7:23:92:56:
+        3b:27:79:03:c5:60:b7:b3:17:bc:b7:e5:4e:36:9f:99:47:06:
+        17:ee:f1:bf:3f:95:c5:41:73:8e:5b:f8:9b:61:1b:05:50:7a:
+        10:6e:77:45:d9:7b:40:99:a3:1e:d4:d6:90:60:18:2a:2d:b1:
+        21:1f:a4:84:e5:12:58:67:f4:06:06:74:93:0f:ba:4a:31:83:
+        d3:de:50:a3:76:3a:68:1b:44:00:56:48:3e:f9:a6:77:94:a9:
+        21:06:ea:e4:31:09:3c:b0:1f:9a:bb:58:9e:e1:ea:40:2d:ff:
+        d5:66:9b:8e
 -----BEGIN CERTIFICATE-----
 MIIExDCCA6ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSS1JQ0EzLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzM1oXDTI2MDkwODIyMTkzM1owgaMxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaMxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQD
 DBZjaGFpbkktSUNBMi1ub19wYXRobGVuMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -80,10 +80,10 @@ gZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
 c2wuY29tggFkMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-CwUAA4IBAQAUYboVRQdg1Mlt7290KkS1NKTfDtnxe3zLUNvXF9OdkWQBG5MNtVEH
-FndfKrWaJDkZ/O5NeU/Do5+hB+ijDH4EDLAzoZYh0s6IQSiIgjl/nVQtTFbfQY5K
-WWmEC/xdRwaE7K5NUjSyGuhh4FGMh63JXfMuu1s20pFxf/nP+X/DLeV9p/uKL0ck
-bDp1cpvIdG8XlaTUlrQ+kb/B64kYusPhUvjopJIbydinEUC/Yprm7nAK9aNtBg9Z
-rVOK9riT3DlZt5fCPOI76J9ayUI10jky2JodP1LmzQv50L7YrQkR12vCwy7Sm5KZ
-oKjJDjBBDnN3SKyLaSg7HHaz2n+9BJUH
+CwUAA4IBAQBYrsj0bsrARg5Zu10F4qoKmfT2ka8x+OVESlaEaB5e5Ld1OLAmpJ1y
+g4laIDDOsY/gaqOZaNovtGlPTISlDKPT5wXIBjj0AQDx9ujbsXzO61g1zC6P7g09
+Ayeb+W+ryVVF/7lncADdlP9tEVUmJAWuE/zbOMbiBd+UETdZHGejcoyZLGRMXSCR
+/y85SLcjklY7J3kDxWC3sxe8t+VONp+ZRwYX7vG/P5XFQXOOW/ibYRsFUHoQbndF
+2XtAmaMe1NaQYBgqLbEhH6SE5RJYZ/QGBnSTD7pKMYPT3lCjdjpoG0QAVkg++aZ3
+lKkhBurkMQk8sB+au1ie4epALf/VZpuO
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainI-ICA3-pathlen2.pem b/certs/test-pathlen/chainI-ICA3-pathlen2.pem
index a80d5cbf3..73af0a6a7 100644
--- a/certs/test-pathlen/chainI-ICA3-pathlen2.pem
+++ b/certs/test-pathlen/chainI-ICA3-pathlen2.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b8:36:0c:66:a9:06:ce:ac:e0:7c:86:a1:69:9d:
                     be:28:cf:a3:81:f3:b4:dc:5f:c8:92:9d:f2:07:c0:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         0b:91:da:f2:ae:94:93:70:85:33:26:3d:4b:23:65:52:a3:be:
-         0a:ed:7c:04:16:fa:f1:5f:3b:e2:06:f7:8e:03:41:46:bc:e9:
-         79:41:ff:09:a0:77:6c:58:a6:c7:0c:1d:8b:c0:f7:6c:82:93:
-         74:96:18:8a:ce:a0:00:19:46:0a:0c:d1:7a:40:66:46:ad:14:
-         9b:7f:bb:2f:88:c2:94:39:49:05:36:e7:f2:b0:04:44:49:e8:
-         99:07:6e:50:f0:61:18:a3:4a:e0:35:06:6a:7d:af:ac:f1:93:
-         fd:43:92:12:41:66:fc:60:8f:37:12:43:45:c6:38:9e:8a:e8:
-         4c:1d:48:7a:62:d2:e1:f4:99:12:5b:98:5a:2e:59:07:86:64:
-         af:4d:33:2e:e7:26:f2:68:7b:1e:4e:1b:60:bd:5d:19:d3:7c:
-         04:32:26:ea:23:33:6f:8d:30:27:84:4a:3d:8a:63:4f:02:81:
-         5a:ab:ea:ae:58:0a:ce:7e:74:a1:75:6a:c4:64:ae:a7:0a:31:
-         2f:41:ed:c5:12:7c:4a:34:e8:6d:22:f4:9f:3d:f2:4a:8c:ee:
-         7c:e7:81:50:e0:e5:f0:52:7d:28:79:3a:5a:c4:85:fb:7b:e6:
-         26:1f:71:47:c6:97:8b:4d:39:eb:4b:46:4c:d7:d7:d3:15:b6:
-         82:78:83:17
+    Signature Value:
+        42:3f:96:dd:92:89:f8:5b:5b:a7:6f:db:2d:53:82:15:a4:09:
+        ca:27:b0:e7:d1:5e:95:cc:1d:ef:bd:e2:78:e1:35:77:36:36:
+        f4:1e:59:6e:cf:93:88:8a:d4:6e:79:35:30:b6:bb:08:40:27:
+        1b:e4:87:e9:15:8c:99:a6:91:02:4c:f2:2e:2a:c5:50:1d:4e:
+        e8:50:ad:0c:12:fb:c9:5e:69:be:d4:be:e4:48:ec:5b:06:c1:
+        67:3f:9d:d9:5b:7b:ff:ae:10:b5:b1:a9:30:67:85:49:08:21:
+        5d:06:21:dd:6e:65:54:81:1d:28:9a:ea:e9:27:de:9f:2e:c5:
+        97:7f:33:54:b6:1d:b4:1c:e6:65:51:aa:82:1d:04:0d:93:37:
+        f2:86:9b:a1:0f:a9:f2:fd:97:15:38:44:52:df:8a:e6:67:27:
+        35:05:89:9d:8d:e8:d4:4d:58:50:d0:93:b2:3d:87:0e:45:d5:
+        d7:4b:b8:da:db:3a:b2:63:72:77:d7:af:69:68:a8:ea:ef:9e:
+        b4:7a:2d:f3:84:e3:47:c5:30:09:14:d6:dd:33:3c:79:3f:e7:
+        db:c3:48:f1:fc:df:65:e9:76:09:6d:23:43:eb:f5:94:1d:44:
+        a2:25:75:1a:b0:ab:2b:01:0c:47:d1:29:3b:d7:bc:92:76:de:
+        70:06:22:8c
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluSS1JQ0Ez
 LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFO43pvJA0O/9IsejtGxXR0C5mfmNMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAAuR2vKulJNwhTMmPUsjZVKjvgrtfAQW+vFfO+IG944D
-QUa86XlB/wmgd2xYpscMHYvA92yCk3SWGIrOoAAZRgoM0XpAZkatFJt/uy+IwpQ5
-SQU25/KwBERJ6JkHblDwYRijSuA1Bmp9r6zxk/1DkhJBZvxgjzcSQ0XGOJ6K6Ewd
-SHpi0uH0mRJbmFouWQeGZK9NMy7nJvJoex5OG2C9XRnTfAQyJuojM2+NMCeESj2K
-Y08CgVqr6q5YCs5+dKF1asRkrqcKMS9B7cUSfEo06G0i9J898kqM7nzngVDg5fBS
-fSh5OlrEhft75iYfcUfGl4tNOetLRkzX19MVtoJ4gxc=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAEI/lt2SifhbW6dv2y1TghWkCconsOfRXpXMHe+94njh
+NXc2NvQeWW7Pk4iK1G55NTC2uwhAJxvkh+kVjJmmkQJM8i4qxVAdTuhQrQwS+8le
+ab7UvuRI7FsGwWc/ndlbe/+uELWxqTBnhUkIIV0GId1uZVSBHSia6ukn3p8uxZd/
+M1S2HbQc5mVRqoIdBA2TN/KGm6EPqfL9lxU4RFLfiuZnJzUFiZ2N6NRNWFDQk7I9
+hw5F1ddLuNrbOrJjcnfXr2loqOrvnrR6LfOE40fFMAkU1t0zPHk/59vDSPH832Xp
+dgltI0Pr9ZQdRKIldRqwqysBDEfRKTvXvJJ23nAGIow=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainI-assembled.pem b/certs/test-pathlen/chainI-assembled.pem
index 5166cebc5..4b5f764be 100644
--- a/certs/test-pathlen/chainI-assembled.pem
+++ b/certs/test-pathlen/chainI-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:f3:ac:32:8f:52:af:a9:cf:9e:23:a4:96:8e:e9:
                     e8:0a:3a:b7:6a:7b:ba:70:85:68:e2:52:f3:38:39:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:9E:54:B6:95:EA:89:07:A6:C9:E4:82:E8:D0:34:64:5D:08:CD:56:A0
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainI-ICA2-no_pathlen/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         03:42:31:e4:a2:3f:2a:7a:a6:7e:87:61:8b:2c:a1:10:af:b4:
-         06:db:3f:77:85:88:c4:db:df:78:3d:d2:aa:aa:ac:cd:19:c1:
-         a7:47:66:e2:91:9b:59:ab:70:e0:74:1a:a7:b4:5c:30:3f:ea:
-         a3:14:6a:aa:3e:82:38:7d:2f:db:6f:43:60:db:20:cb:e4:69:
-         62:73:75:d8:22:db:c3:92:cb:96:d3:7c:5a:ca:d5:3a:d1:91:
-         20:2c:37:0f:3d:ef:8e:ca:0b:8b:73:af:79:66:ec:84:93:41:
-         71:a1:6d:86:57:1b:d9:83:7e:c0:18:b6:4f:3c:85:89:59:c8:
-         99:1e:e7:53:5d:2b:41:7c:24:d0:9a:73:43:b3:ee:69:de:60:
-         08:b9:f0:b2:ac:b5:24:70:06:b7:1e:7b:fd:30:07:80:24:45:
-         c5:4f:84:e7:a6:67:99:0b:42:45:38:54:90:01:49:b2:14:31:
-         48:09:2b:83:3e:37:2e:d5:fd:92:7b:4f:cb:2f:ea:0d:e7:d7:
-         07:62:6e:2e:c3:a4:64:e2:54:52:6e:66:41:a9:0d:68:3f:76:
-         8f:e9:42:3d:a2:23:b9:ed:fc:52:f5:d4:96:29:81:fd:80:39:
-         71:16:3c:df:c9:2f:ad:c3:83:56:f5:85:55:89:e6:c9:23:f6:
-         eb:0e:c7:34
+    Signature Value:
+        41:3c:dd:fb:a5:65:10:35:c0:7e:02:13:73:2b:cc:4c:f6:3e:
+        29:24:cf:64:03:30:8f:a1:99:72:50:a2:56:15:8c:56:d7:02:
+        45:b3:ed:32:67:cf:cb:9f:ce:0a:7a:5a:7e:23:7b:82:1a:88:
+        f3:c0:ca:8f:a8:ba:52:dc:eb:7c:09:ab:ea:bc:3c:26:d1:0c:
+        26:46:87:4d:03:9f:3b:44:6f:81:09:b3:9c:ab:99:6c:69:48:
+        3d:09:46:8f:86:1f:00:25:7b:5e:6d:23:ae:d1:be:b0:5d:20:
+        47:0e:ca:0b:3b:d8:78:1a:4e:3f:9c:37:20:3d:46:2d:fc:ad:
+        39:34:b8:f4:75:08:ce:6b:eb:ce:b0:16:45:e6:3f:8c:41:5f:
+        37:bd:2d:5c:45:43:7e:f0:35:f6:28:06:ca:1e:3d:99:b4:b6:
+        61:f0:7c:80:7d:fe:4a:6f:e1:cb:b9:16:91:46:de:f6:10:67:
+        45:f3:52:3c:c7:d2:90:48:16:61:55:dd:2b:6a:4f:39:86:e6:
+        9e:9d:88:d2:e8:99:0b:36:82:8b:4d:d2:ff:9f:57:2a:d4:6b:
+        a3:c3:7f:d7:28:46:96:4e:65:84:b5:d9:41:1a:41:dd:b4:47:
+        62:d5:ff:65:22:b1:aa:a6:c6:02:8a:1d:8b:01:89:f0:e0:36:
+        33:51:92:b5
 -----BEGIN CERTIFICATE-----
 MIIEvDCCA6SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSS1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluSS1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -78,12 +78,12 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 FTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAd
 BgNVBAMMFmNoYWluSS1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGlu
 Zm9Ad29sZnNzbC5jb22CAWQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
-A0Ix5KI/KnqmfodhiyyhEK+0Bts/d4WIxNvfeD3SqqqszRnBp0dm4pGbWatw4HQa
-p7RcMD/qoxRqqj6COH0v229DYNsgy+RpYnN12CLbw5LLltN8WsrVOtGRICw3Dz3v
-jsoLi3OveWbshJNBcaFthlcb2YN+wBi2TzyFiVnImR7nU10rQXwk0JpzQ7Puad5g
-CLnwsqy1JHAGtx57/TAHgCRFxU+E56ZnmQtCRThUkAFJshQxSAkrgz43LtX9kntP
-yy/qDefXB2JuLsOkZOJUUm5mQakNaD92j+lCPaIjue38UvXUlimB/YA5cRY838kv
-rcODVvWFVYnmySP26w7HNA==
+QTzd+6VlEDXAfgITcyvMTPY+KSTPZAMwj6GZclCiVhWMVtcCRbPtMmfPy5/OCnpa
+fiN7ghqI88DKj6i6UtzrfAmr6rw8JtEMJkaHTQOfO0RvgQmznKuZbGlIPQlGj4Yf
+ACV7Xm0jrtG+sF0gRw7KCzvYeBpOP5w3ID1GLfytOTS49HUIzmvrzrAWReY/jEFf
+N70tXEVDfvA19igGyh49mbS2YfB8gH3+Sm/hy7kWkUbe9hBnRfNSPMfSkEgWYVXd
+K2pPOYbmnp2I0uiZCzaCi03S/59XKtRro8N/1yhGlk5lhLXZQRpB3bRHYtX/ZSKx
+qqbGAoodiwGJ8OA2M1GStQ==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -92,12 +92,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:ba:06:ad:13:cf:da:fb:d1:cb:65:fe:26:58:
                     49:6a:01:14:a6:78:b2:2c:1d:ba:ba:d0:bd:27:38:
@@ -125,33 +125,33 @@ Certificate:
                 keyid:D1:BA:FB:FF:1D:29:41:8A:6A:5F:B2:F3:A7:41:05:47:09:1F:48:42
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainI-ICA3-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         04:ad:23:1a:c8:33:0d:3a:b7:a2:db:58:ab:51:89:0f:48:11:
-         53:88:36:74:51:c3:69:9a:ed:26:9f:24:f9:9b:a1:5d:31:26:
-         29:ce:3c:91:ce:37:d4:d6:50:30:e1:85:65:35:71:bc:20:f9:
-         27:22:5c:cf:aa:83:32:ff:f5:77:2b:79:31:d7:5f:21:8b:34:
-         14:83:d5:f4:e5:fc:f3:76:4a:09:d0:e8:d4:1b:c4:03:4e:a0:
-         a8:8a:e9:db:2e:33:e2:0b:58:70:76:37:d8:78:60:a2:78:9b:
-         af:62:0e:b4:cb:d9:51:0d:5f:dd:a5:c7:49:60:30:8d:35:46:
-         d1:7c:02:c0:2e:ae:74:36:dd:ef:ee:16:46:05:d2:16:ff:24:
-         e0:27:f5:35:01:4d:86:76:52:b4:81:c8:69:f1:62:c1:a1:28:
-         a5:0e:ae:d3:8f:80:a6:51:69:d6:db:8b:04:a0:cd:81:97:a2:
-         b5:09:e7:4f:21:75:07:30:fe:19:c5:8b:26:2d:6c:61:92:b0:
-         0c:01:3d:78:50:18:12:66:58:d9:66:a7:79:72:87:52:12:bd:
-         16:cf:fb:ab:6e:7b:8f:ac:0d:84:16:36:f6:87:27:95:6c:62:
-         b2:60:94:cb:83:69:42:96:98:5d:d2:a8:c4:b4:89:c0:f8:b8:
-         7a:f0:7b:b8
+    Signature Value:
+        9b:0a:4c:3a:f9:25:a4:a1:b1:39:17:06:ef:ba:85:a2:42:d7:
+        ad:2c:cd:62:cb:c7:5e:0d:57:80:a1:e6:1c:84:0e:c9:6d:35:
+        96:01:2a:70:3e:7f:d5:21:9b:fe:64:6b:9f:90:45:68:36:ec:
+        a9:dd:a3:d0:6e:bc:35:ff:a3:3e:d8:7c:1c:a1:ce:47:26:2f:
+        5f:5f:77:22:7b:21:31:2d:d7:ac:1f:02:2f:e4:d1:54:48:65:
+        0a:ec:6d:e4:0a:6a:0a:ed:e5:69:1d:2e:80:14:9e:37:56:42:
+        07:48:bc:91:77:ed:3e:ad:41:22:4c:f2:40:d1:6a:11:92:3f:
+        30:00:4f:c2:ea:82:f5:1d:2e:79:0c:5f:f5:08:93:85:8f:6f:
+        e0:da:1e:6b:17:d1:7e:cf:e8:54:ea:2d:3a:13:50:c8:81:40:
+        d5:4c:4d:dc:d7:62:d6:7f:73:49:07:d8:58:75:ed:3c:ba:71:
+        c8:ef:bb:25:5e:14:ae:d5:55:ed:0e:ad:fe:4a:fa:40:c3:5d:
+        a7:61:00:96:5b:02:13:f2:a4:a1:f6:07:4b:3a:58:d9:4d:ab:
+        82:12:c6:cd:8c:ce:76:3c:ae:1e:95:1b:ab:a2:aa:f1:c6:d7:
+        13:55:a4:7f:8f:b6:fe:03:f4:f2:57:70:16:45:c2:b7:01:3b:
+        b0:79:d4:d5
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSS1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBozELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBozELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNV
 BAMMFmNoYWluSS1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9A
@@ -167,12 +167,12 @@ gaQwgaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
 DAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMR0wGwYDVQQDDBRjaGFpbkktSUNBMy1wYXRobGVuMjEfMB0GCSqGSIb3
 DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEABK0jGsgzDTq3ottYq1GJD0gRU4g2dFHD
-aZrtJp8k+ZuhXTEmKc48kc431NZQMOGFZTVxvCD5JyJcz6qDMv/1dyt5MddfIYs0
-FIPV9OX883ZKCdDo1BvEA06gqIrp2y4z4gtYcHY32Hhgonibr2IOtMvZUQ1f3aXH
-SWAwjTVG0XwCwC6udDbd7+4WRgXSFv8k4Cf1NQFNhnZStIHIafFiwaEopQ6u04+A
-plFp1tuLBKDNgZeitQnnTyF1BzD+GcWLJi1sYZKwDAE9eFAYEmZY2WaneXKHUhK9
-Fs/7q257j6wNhBY29ocnlWxismCUy4NpQpaYXdKoxLSJwPi4evB7uA==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAmwpMOvklpKGxORcG77qFokLXrSzNYsvH
+Xg1XgKHmHIQOyW01lgEqcD5/1SGb/mRrn5BFaDbsqd2j0G68Nf+jPth8HKHORyYv
+X193InshMS3XrB8CL+TRVEhlCuxt5ApqCu3laR0ugBSeN1ZCB0i8kXftPq1BIkzy
+QNFqEZI/MABPwuqC9R0ueQxf9QiThY9v4NoeaxfRfs/oVOotOhNQyIFA1UxN3Ndi
+1n9zSQfYWHXtPLpxyO+7JV4UrtVV7Q6t/kr6QMNdp2EAllsCE/KkofYHSzpY2U2r
+ghLGzYzOdjyuHpUbq6Kq8cbXE1Wkf4+2/gP08ldwFkXCtwE7sHnU1Q==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -181,12 +181,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:de:1e:08:66:12:fe:20:07:10:1b:a1:27:0d:f9:
                     22:30:81:9b:ce:62:b1:a6:6d:49:d4:ed:b8:2d:4b:
@@ -214,33 +214,33 @@ Certificate:
                 keyid:EE:37:A6:F2:40:D0:EF:FD:22:C7:A3:B4:6C:57:47:40:B9:99:F9:8D
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         14:61:ba:15:45:07:60:d4:c9:6d:ef:6f:74:2a:44:b5:34:a4:
-         df:0e:d9:f1:7b:7c:cb:50:db:d7:17:d3:9d:91:64:01:1b:93:
-         0d:b5:51:07:16:77:5f:2a:b5:9a:24:39:19:fc:ee:4d:79:4f:
-         c3:a3:9f:a1:07:e8:a3:0c:7e:04:0c:b0:33:a1:96:21:d2:ce:
-         88:41:28:88:82:39:7f:9d:54:2d:4c:56:df:41:8e:4a:59:69:
-         84:0b:fc:5d:47:06:84:ec:ae:4d:52:34:b2:1a:e8:61:e0:51:
-         8c:87:ad:c9:5d:f3:2e:bb:5b:36:d2:91:71:7f:f9:cf:f9:7f:
-         c3:2d:e5:7d:a7:fb:8a:2f:47:24:6c:3a:75:72:9b:c8:74:6f:
-         17:95:a4:d4:96:b4:3e:91:bf:c1:eb:89:18:ba:c3:e1:52:f8:
-         e8:a4:92:1b:c9:d8:a7:11:40:bf:62:9a:e6:ee:70:0a:f5:a3:
-         6d:06:0f:59:ad:53:8a:f6:b8:93:dc:39:59:b7:97:c2:3c:e2:
-         3b:e8:9f:5a:c9:42:35:d2:39:32:d8:9a:1d:3f:52:e6:cd:0b:
-         f9:d0:be:d8:ad:09:11:d7:6b:c2:c3:2e:d2:9b:92:99:a0:a8:
-         c9:0e:30:41:0e:73:77:48:ac:8b:69:28:3b:1c:76:b3:da:7f:
-         bd:04:95:07
+    Signature Value:
+        58:ae:c8:f4:6e:ca:c0:46:0e:59:bb:5d:05:e2:aa:0a:99:f4:
+        f6:91:af:31:f8:e5:44:4a:56:84:68:1e:5e:e4:b7:75:38:b0:
+        26:a4:9d:72:83:89:5a:20:30:ce:b1:8f:e0:6a:a3:99:68:da:
+        2f:b4:69:4f:4c:84:a5:0c:a3:d3:e7:05:c8:06:38:f4:01:00:
+        f1:f6:e8:db:b1:7c:ce:eb:58:35:cc:2e:8f:ee:0d:3d:03:27:
+        9b:f9:6f:ab:c9:55:45:ff:b9:67:70:00:dd:94:ff:6d:11:55:
+        26:24:05:ae:13:fc:db:38:c6:e2:05:df:94:11:37:59:1c:67:
+        a3:72:8c:99:2c:64:4c:5d:20:91:ff:2f:39:48:b7:23:92:56:
+        3b:27:79:03:c5:60:b7:b3:17:bc:b7:e5:4e:36:9f:99:47:06:
+        17:ee:f1:bf:3f:95:c5:41:73:8e:5b:f8:9b:61:1b:05:50:7a:
+        10:6e:77:45:d9:7b:40:99:a3:1e:d4:d6:90:60:18:2a:2d:b1:
+        21:1f:a4:84:e5:12:58:67:f4:06:06:74:93:0f:ba:4a:31:83:
+        d3:de:50:a3:76:3a:68:1b:44:00:56:48:3e:f9:a6:77:94:a9:
+        21:06:ea:e4:31:09:3c:b0:1f:9a:bb:58:9e:e1:ea:40:2d:ff:
+        d5:66:9b:8e
 -----BEGIN CERTIFICATE-----
 MIIExDCCA6ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSS1JQ0EzLXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzM1oXDTI2MDkwODIyMTkzM1owgaMxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaMxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQD
 DBZjaGFpbkktSUNBMi1ub19wYXRobGVuMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -256,12 +256,12 @@ gZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
 c2wuY29tggFkMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-CwUAA4IBAQAUYboVRQdg1Mlt7290KkS1NKTfDtnxe3zLUNvXF9OdkWQBG5MNtVEH
-FndfKrWaJDkZ/O5NeU/Do5+hB+ijDH4EDLAzoZYh0s6IQSiIgjl/nVQtTFbfQY5K
-WWmEC/xdRwaE7K5NUjSyGuhh4FGMh63JXfMuu1s20pFxf/nP+X/DLeV9p/uKL0ck
-bDp1cpvIdG8XlaTUlrQ+kb/B64kYusPhUvjopJIbydinEUC/Yprm7nAK9aNtBg9Z
-rVOK9riT3DlZt5fCPOI76J9ayUI10jky2JodP1LmzQv50L7YrQkR12vCwy7Sm5KZ
-oKjJDjBBDnN3SKyLaSg7HHaz2n+9BJUH
+CwUAA4IBAQBYrsj0bsrARg5Zu10F4qoKmfT2ka8x+OVESlaEaB5e5Ld1OLAmpJ1y
+g4laIDDOsY/gaqOZaNovtGlPTISlDKPT5wXIBjj0AQDx9ujbsXzO61g1zC6P7g09
+Ayeb+W+ryVVF/7lncADdlP9tEVUmJAWuE/zbOMbiBd+UETdZHGejcoyZLGRMXSCR
+/y85SLcjklY7J3kDxWC3sxe8t+VONp+ZRwYX7vG/P5XFQXOOW/ibYRsFUHoQbndF
+2XtAmaMe1NaQYBgqLbEhH6SE5RJYZ/QGBnSTD7pKMYPT3lCjdjpoG0QAVkg++aZ3
+lKkhBurkMQk8sB+au1ie4epALf/VZpuO
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -270,12 +270,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA3-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b8:36:0c:66:a9:06:ce:ac:e0:7c:86:a1:69:9d:
                     be:28:cf:a3:81:f3:b4:dc:5f:c8:92:9d:f2:07:c0:
@@ -302,34 +302,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         0b:91:da:f2:ae:94:93:70:85:33:26:3d:4b:23:65:52:a3:be:
-         0a:ed:7c:04:16:fa:f1:5f:3b:e2:06:f7:8e:03:41:46:bc:e9:
-         79:41:ff:09:a0:77:6c:58:a6:c7:0c:1d:8b:c0:f7:6c:82:93:
-         74:96:18:8a:ce:a0:00:19:46:0a:0c:d1:7a:40:66:46:ad:14:
-         9b:7f:bb:2f:88:c2:94:39:49:05:36:e7:f2:b0:04:44:49:e8:
-         99:07:6e:50:f0:61:18:a3:4a:e0:35:06:6a:7d:af:ac:f1:93:
-         fd:43:92:12:41:66:fc:60:8f:37:12:43:45:c6:38:9e:8a:e8:
-         4c:1d:48:7a:62:d2:e1:f4:99:12:5b:98:5a:2e:59:07:86:64:
-         af:4d:33:2e:e7:26:f2:68:7b:1e:4e:1b:60:bd:5d:19:d3:7c:
-         04:32:26:ea:23:33:6f:8d:30:27:84:4a:3d:8a:63:4f:02:81:
-         5a:ab:ea:ae:58:0a:ce:7e:74:a1:75:6a:c4:64:ae:a7:0a:31:
-         2f:41:ed:c5:12:7c:4a:34:e8:6d:22:f4:9f:3d:f2:4a:8c:ee:
-         7c:e7:81:50:e0:e5:f0:52:7d:28:79:3a:5a:c4:85:fb:7b:e6:
-         26:1f:71:47:c6:97:8b:4d:39:eb:4b:46:4c:d7:d7:d3:15:b6:
-         82:78:83:17
+    Signature Value:
+        42:3f:96:dd:92:89:f8:5b:5b:a7:6f:db:2d:53:82:15:a4:09:
+        ca:27:b0:e7:d1:5e:95:cc:1d:ef:bd:e2:78:e1:35:77:36:36:
+        f4:1e:59:6e:cf:93:88:8a:d4:6e:79:35:30:b6:bb:08:40:27:
+        1b:e4:87:e9:15:8c:99:a6:91:02:4c:f2:2e:2a:c5:50:1d:4e:
+        e8:50:ad:0c:12:fb:c9:5e:69:be:d4:be:e4:48:ec:5b:06:c1:
+        67:3f:9d:d9:5b:7b:ff:ae:10:b5:b1:a9:30:67:85:49:08:21:
+        5d:06:21:dd:6e:65:54:81:1d:28:9a:ea:e9:27:de:9f:2e:c5:
+        97:7f:33:54:b6:1d:b4:1c:e6:65:51:aa:82:1d:04:0d:93:37:
+        f2:86:9b:a1:0f:a9:f2:fd:97:15:38:44:52:df:8a:e6:67:27:
+        35:05:89:9d:8d:e8:d4:4d:58:50:d0:93:b2:3d:87:0e:45:d5:
+        d7:4b:b8:da:db:3a:b2:63:72:77:d7:af:69:68:a8:ea:ef:9e:
+        b4:7a:2d:f3:84:e3:47:c5:30:09:14:d6:dd:33:3c:79:3f:e7:
+        db:c3:48:f1:fc:df:65:e9:76:09:6d:23:43:eb:f5:94:1d:44:
+        a2:25:75:1a:b0:ab:2b:01:0c:47:d1:29:3b:d7:bc:92:76:de:
+        70:06:22:8c
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluSS1JQ0Ez
 LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -343,12 +343,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFO43pvJA0O/9IsejtGxXR0C5mfmNMIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAAuR2vKulJNwhTMmPUsjZVKjvgrtfAQW+vFfO+IG944D
-QUa86XlB/wmgd2xYpscMHYvA92yCk3SWGIrOoAAZRgoM0XpAZkatFJt/uy+IwpQ5
-SQU25/KwBERJ6JkHblDwYRijSuA1Bmp9r6zxk/1DkhJBZvxgjzcSQ0XGOJ6K6Ewd
-SHpi0uH0mRJbmFouWQeGZK9NMy7nJvJoex5OG2C9XRnTfAQyJuojM2+NMCeESj2K
-Y08CgVqr6q5YCs5+dKF1asRkrqcKMS9B7cUSfEo06G0i9J898kqM7nzngVDg5fBS
-fSh5OlrEhft75iYfcUfGl4tNOetLRkzX19MVtoJ4gxc=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAEI/lt2SifhbW6dv2y1TghWkCconsOfRXpXMHe+94njh
+NXc2NvQeWW7Pk4iK1G55NTC2uwhAJxvkh+kVjJmmkQJM8i4qxVAdTuhQrQwS+8le
+ab7UvuRI7FsGwWc/ndlbe/+uELWxqTBnhUkIIV0GId1uZVSBHSia6ukn3p8uxZd/
+M1S2HbQc5mVRqoIdBA2TN/KGm6EPqfL9lxU4RFLfiuZnJzUFiZ2N6NRNWFDQk7I9
+hw5F1ddLuNrbOrJjcnfXr2loqOrvnrR6LfOE40fFMAkU1t0zPHk/59vDSPH832Xp
+dgltI0Pr9ZQdRKIldRqwqysBDEfRKTvXvJJ23nAGIow=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainI-entity.pem b/certs/test-pathlen/chainI-entity.pem
index 9bc25f038..84259075d 100644
--- a/certs/test-pathlen/chainI-entity.pem
+++ b/certs/test-pathlen/chainI-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainI-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:f3:ac:32:8f:52:af:a9:cf:9e:23:a4:96:8e:e9:
                     e8:0a:3a:b7:6a:7b:ba:70:85:68:e2:52:f3:38:39:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:9E:54:B6:95:EA:89:07:A6:C9:E4:82:E8:D0:34:64:5D:08:CD:56:A0
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainI-ICA2-no_pathlen/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         03:42:31:e4:a2:3f:2a:7a:a6:7e:87:61:8b:2c:a1:10:af:b4:
-         06:db:3f:77:85:88:c4:db:df:78:3d:d2:aa:aa:ac:cd:19:c1:
-         a7:47:66:e2:91:9b:59:ab:70:e0:74:1a:a7:b4:5c:30:3f:ea:
-         a3:14:6a:aa:3e:82:38:7d:2f:db:6f:43:60:db:20:cb:e4:69:
-         62:73:75:d8:22:db:c3:92:cb:96:d3:7c:5a:ca:d5:3a:d1:91:
-         20:2c:37:0f:3d:ef:8e:ca:0b:8b:73:af:79:66:ec:84:93:41:
-         71:a1:6d:86:57:1b:d9:83:7e:c0:18:b6:4f:3c:85:89:59:c8:
-         99:1e:e7:53:5d:2b:41:7c:24:d0:9a:73:43:b3:ee:69:de:60:
-         08:b9:f0:b2:ac:b5:24:70:06:b7:1e:7b:fd:30:07:80:24:45:
-         c5:4f:84:e7:a6:67:99:0b:42:45:38:54:90:01:49:b2:14:31:
-         48:09:2b:83:3e:37:2e:d5:fd:92:7b:4f:cb:2f:ea:0d:e7:d7:
-         07:62:6e:2e:c3:a4:64:e2:54:52:6e:66:41:a9:0d:68:3f:76:
-         8f:e9:42:3d:a2:23:b9:ed:fc:52:f5:d4:96:29:81:fd:80:39:
-         71:16:3c:df:c9:2f:ad:c3:83:56:f5:85:55:89:e6:c9:23:f6:
-         eb:0e:c7:34
+    Signature Value:
+        41:3c:dd:fb:a5:65:10:35:c0:7e:02:13:73:2b:cc:4c:f6:3e:
+        29:24:cf:64:03:30:8f:a1:99:72:50:a2:56:15:8c:56:d7:02:
+        45:b3:ed:32:67:cf:cb:9f:ce:0a:7a:5a:7e:23:7b:82:1a:88:
+        f3:c0:ca:8f:a8:ba:52:dc:eb:7c:09:ab:ea:bc:3c:26:d1:0c:
+        26:46:87:4d:03:9f:3b:44:6f:81:09:b3:9c:ab:99:6c:69:48:
+        3d:09:46:8f:86:1f:00:25:7b:5e:6d:23:ae:d1:be:b0:5d:20:
+        47:0e:ca:0b:3b:d8:78:1a:4e:3f:9c:37:20:3d:46:2d:fc:ad:
+        39:34:b8:f4:75:08:ce:6b:eb:ce:b0:16:45:e6:3f:8c:41:5f:
+        37:bd:2d:5c:45:43:7e:f0:35:f6:28:06:ca:1e:3d:99:b4:b6:
+        61:f0:7c:80:7d:fe:4a:6f:e1:cb:b9:16:91:46:de:f6:10:67:
+        45:f3:52:3c:c7:d2:90:48:16:61:55:dd:2b:6a:4f:39:86:e6:
+        9e:9d:88:d2:e8:99:0b:36:82:8b:4d:d2:ff:9f:57:2a:d4:6b:
+        a3:c3:7f:d7:28:46:96:4e:65:84:b5:d9:41:1a:41:dd:b4:47:
+        62:d5:ff:65:22:b1:aa:a6:c6:02:8a:1d:8b:01:89:f0:e0:36:
+        33:51:92:b5
 -----BEGIN CERTIFICATE-----
 MIIEvDCCA6SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSS1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluSS1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -78,10 +78,10 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 FTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAd
 BgNVBAMMFmNoYWluSS1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGlu
 Zm9Ad29sZnNzbC5jb22CAWQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
-A0Ix5KI/KnqmfodhiyyhEK+0Bts/d4WIxNvfeD3SqqqszRnBp0dm4pGbWatw4HQa
-p7RcMD/qoxRqqj6COH0v229DYNsgy+RpYnN12CLbw5LLltN8WsrVOtGRICw3Dz3v
-jsoLi3OveWbshJNBcaFthlcb2YN+wBi2TzyFiVnImR7nU10rQXwk0JpzQ7Puad5g
-CLnwsqy1JHAGtx57/TAHgCRFxU+E56ZnmQtCRThUkAFJshQxSAkrgz43LtX9kntP
-yy/qDefXB2JuLsOkZOJUUm5mQakNaD92j+lCPaIjue38UvXUlimB/YA5cRY838kv
-rcODVvWFVYnmySP26w7HNA==
+QTzd+6VlEDXAfgITcyvMTPY+KSTPZAMwj6GZclCiVhWMVtcCRbPtMmfPy5/OCnpa
+fiN7ghqI88DKj6i6UtzrfAmr6rw8JtEMJkaHTQOfO0RvgQmznKuZbGlIPQlGj4Yf
+ACV7Xm0jrtG+sF0gRw7KCzvYeBpOP5w3ID1GLfytOTS49HUIzmvrzrAWReY/jEFf
+N70tXEVDfvA19igGyh49mbS2YfB8gH3+Sm/hy7kWkUbe9hBnRfNSPMfSkEgWYVXd
+K2pPOYbmnp2I0uiZCzaCi03S/59XKtRro8N/1yhGlk5lhLXZQRpB3bRHYtX/ZSKx
+qqbGAoodiwGJ8OA2M1GStQ==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainJ-ICA1-no_pathlen.pem b/certs/test-pathlen/chainJ-ICA1-no_pathlen.pem
index 8daca2a55..285a8938c 100644
--- a/certs/test-pathlen/chainJ-ICA1-no_pathlen.pem
+++ b/certs/test-pathlen/chainJ-ICA1-no_pathlen.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:a7:6f:44:c2:11:cc:2c:f4:2a:a5:a8:08:53:4b:
                     0e:cd:96:23:bb:15:4a:2a:dd:f9:a7:19:2b:91:28:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:A3:F5:71:8A:60:80:3C:93:64:17:D9:2E:B5:C0:CE:A9:C1:14:17:C4
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainJ-ICA3-no_pathlen/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         98:29:a6:c0:de:6c:d0:3d:c3:ff:d0:57:5f:83:48:bd:e0:80:
-         1c:7a:e0:81:a9:5e:43:17:01:1b:c0:d6:89:30:eb:21:47:9e:
-         8a:38:73:37:74:52:04:37:37:6e:7e:11:0e:f8:cb:c7:7c:4f:
-         43:4f:07:64:56:7a:f7:66:4f:98:2f:6a:01:ae:04:72:64:03:
-         32:88:e7:7e:60:ae:1e:16:93:4d:51:44:41:a7:b6:3e:19:e6:
-         20:c9:30:3a:8f:86:77:b9:9c:c2:b8:f1:d9:7a:a9:10:cc:ce:
-         95:46:bb:62:0d:d8:c8:78:37:51:51:2e:83:a8:5b:ef:fa:a0:
-         34:bb:a3:93:66:b6:4f:72:25:fc:e2:39:1a:3a:3f:74:c5:94:
-         88:0c:34:90:1e:f9:b0:d9:23:e4:29:33:4a:2f:59:c7:88:52:
-         c9:69:a9:6d:c7:8d:da:92:c3:4e:f3:c9:3c:5e:28:e1:ae:e0:
-         b7:ef:b4:07:18:70:b7:ea:2c:8a:e1:92:31:1c:71:26:cf:d5:
-         5b:c6:fd:88:db:8b:30:36:41:91:b1:fd:63:c3:3e:b2:e2:64:
-         5e:b2:ac:90:0c:6f:d5:21:4c:22:85:c5:0e:65:23:46:31:52:
-         31:f5:42:d8:b3:78:bb:3e:d2:f0:69:61:b9:45:4e:6b:79:78:
-         a8:60:23:7a
+    Signature Value:
+        2d:f4:e2:98:aa:1a:fc:7c:ed:5b:7a:6c:64:de:a9:9c:a3:1a:
+        19:7d:8e:a5:52:4e:2b:70:c3:b8:ef:5f:07:57:f5:52:d7:37:
+        e6:12:08:dc:d1:51:ac:e1:e7:19:9a:f5:87:44:db:d7:31:23:
+        4f:0a:a6:ac:b9:26:f2:d5:56:51:f2:41:29:fa:a4:ae:e8:bc:
+        a4:24:25:23:ff:5d:f8:dd:5a:a9:9a:28:13:66:ef:f3:f7:70:
+        cb:a2:48:2d:91:b8:ae:22:85:0c:08:10:be:cc:e0:d8:20:b2:
+        ab:c4:41:00:76:9d:18:ec:63:c7:48:f2:da:e2:3a:35:7e:6c:
+        82:ce:0b:fa:9f:c7:0f:28:39:c7:3d:c3:94:4d:85:75:79:1c:
+        18:e9:79:eb:69:8f:fe:9b:7b:8a:0e:7f:2f:8f:35:7d:b0:22:
+        25:50:79:da:5b:c7:44:9f:a5:cd:c1:b8:d9:cf:7d:10:34:60:
+        4f:c8:42:ea:71:4f:4a:e3:76:99:e4:49:8e:84:5b:ef:34:14:
+        18:77:c2:da:f6:80:72:b5:3e:40:3a:d5:93:22:06:05:3c:46:
+        17:ec:d3:b8:86:93:22:c9:b1:9c:03:3a:f2:88:1a:6d:7b:50:
+        ba:1a:50:85:d1:f5:f3:52:91:bd:88:c4:48:6b:67:8e:5f:f4:
+        34:15:95:35
 -----BEGIN CERTIFICATE-----
 MIIE1jCCA76gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSi1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBozELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBozELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNV
 BAMMFmNoYWluSi1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9A
@@ -80,10 +80,10 @@ gaYwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
 DAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMR8wHQYDVQQDDBZjaGFpbkotSUNBMy1ub19wYXRobGVuMR8wHQYJKoZI
 hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFkMAwGA1UdEwQFMAMBAf8wCwYDVR0P
-BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCYKabA3mzQPcP/0Fdfg0i94IAceuCB
-qV5DFwEbwNaJMOshR56KOHM3dFIENzdufhEO+MvHfE9DTwdkVnr3Zk+YL2oBrgRy
-ZAMyiOd+YK4eFpNNUURBp7Y+GeYgyTA6j4Z3uZzCuPHZeqkQzM6VRrtiDdjIeDdR
-US6DqFvv+qA0u6OTZrZPciX84jkaOj90xZSIDDSQHvmw2SPkKTNKL1nHiFLJaalt
-x43aksNO88k8XijhruC377QHGHC36iyK4ZIxHHEmz9Vbxv2I24swNkGRsf1jwz6y
-4mResqyQDG/VIUwihcUOZSNGMVIx9ULYs3i7PtLwaWG5RU5reXioYCN6
+BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAt9OKYqhr8fO1bemxk3qmcoxoZfY6l
+Uk4rcMO4718HV/VS1zfmEgjc0VGs4ecZmvWHRNvXMSNPCqasuSby1VZR8kEp+qSu
+6LykJCUj/1343VqpmigTZu/z93DLokgtkbiuIoUMCBC+zODYILKrxEEAdp0Y7GPH
+SPLa4jo1fmyCzgv6n8cPKDnHPcOUTYV1eRwY6XnraY/+m3uKDn8vjzV9sCIlUHna
+W8dEn6XNwbjZz30QNGBPyELqcU9K43aZ5EmOhFvvNBQYd8La9oBytT5AOtWTIgYF
+PEYX7NO4hpMiybGcAzryiBpte1C6GlCF0fXzUpG9iMRIa2eOX/Q0FZU1
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainJ-ICA2-no_pathlen.pem b/certs/test-pathlen/chainJ-ICA2-no_pathlen.pem
index 0b9b86ac3..476eea481 100644
--- a/certs/test-pathlen/chainJ-ICA2-no_pathlen.pem
+++ b/certs/test-pathlen/chainJ-ICA2-no_pathlen.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA3-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:29:fd:89:aa:82:e0:1d:04:78:69:ec:61:58:
                     51:52:84:7e:6b:55:69:2c:f4:23:d6:1f:d8:ed:ab:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:CD:97:49:78:F7:31:61:ED:2F:71:1A:68:E9:45:2C:40:78:51:93:5B
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainJ-ICA4-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         44:d2:b6:d0:85:31:bf:1f:a2:b1:91:6b:ee:dc:80:ac:29:81:
-         0e:b4:c3:e8:8e:91:be:66:f2:44:61:8b:6c:44:17:d9:cd:15:
-         40:bd:ce:7c:ca:7d:ad:c8:e1:81:90:a4:28:57:88:71:49:9f:
-         03:bb:4b:8c:ff:02:08:98:d2:e4:b0:ca:be:f2:df:08:18:24:
-         f7:3c:22:be:f2:23:10:96:95:2b:f0:a0:ed:16:08:1a:1e:ce:
-         df:1d:f7:b3:35:af:f4:86:f2:16:b5:2c:90:bd:0a:f8:64:61:
-         da:c6:2e:4b:1f:05:30:1a:72:d3:51:33:26:61:5d:0d:14:0f:
-         b8:b9:dc:6f:78:57:a0:63:4c:f0:16:49:fd:48:54:c3:92:1e:
-         c0:04:8a:16:c0:9a:35:08:be:49:f2:dd:90:6a:90:48:d5:9f:
-         48:82:18:f2:04:d6:d8:07:55:17:99:8e:27:cf:86:8d:1b:a6:
-         02:72:42:a8:53:e6:5d:20:5a:8d:2e:d3:fc:a7:71:4c:b2:21:
-         9d:14:8c:f1:49:3c:ca:e7:e6:c6:51:7f:41:3c:37:1a:38:21:
-         a4:ee:9e:1b:cc:8b:09:df:35:de:18:c4:7a:89:32:b9:8d:15:
-         eb:07:5b:2b:5c:55:a5:44:db:fb:f2:15:16:1c:01:16:dd:de:
-         d9:7a:bf:dc
+    Signature Value:
+        65:04:5e:44:23:03:ee:fe:5b:a4:39:9b:2c:6e:2b:5f:5b:fa:
+        58:da:e1:da:f6:c9:a0:20:1a:c8:2e:cf:00:69:df:a9:49:ea:
+        a7:0d:87:71:b5:74:fa:00:55:32:62:62:00:66:c8:a9:53:27:
+        80:20:fc:c9:e3:3c:50:ba:6f:61:a7:ee:97:11:0d:02:f8:4d:
+        17:a1:51:20:c1:35:5d:bd:54:de:a5:a4:a0:30:c5:08:10:3b:
+        fe:8c:d2:f4:ac:74:a2:70:0b:aa:ef:1b:c2:a6:45:c7:5a:68:
+        b9:7a:33:b7:0b:2b:20:88:62:9a:11:7b:57:55:e9:5b:a0:8b:
+        9f:5e:2f:c2:54:ea:cd:e4:79:a2:c0:f5:b2:85:c4:b9:1c:fd:
+        29:06:b4:35:ed:50:e9:15:b7:0e:c6:f6:0a:b2:85:e3:96:5b:
+        60:16:58:6c:20:9f:19:73:06:3d:e5:a4:f9:0b:06:ce:7f:38:
+        b2:ce:4d:6b:11:a8:51:88:a3:e2:ba:f2:dc:37:b3:58:b5:e9:
+        c2:5f:10:18:63:a6:be:82:e4:d2:a0:43:10:76:b9:2d:8c:d8:
+        24:b6:4e:1c:a2:f5:7b:59:20:e6:59:e7:3b:43:96:27:b4:83:
+        5b:e3:fc:60:b7:b3:2e:d4:8b:01:d7:f3:0a:ad:c3:f9:79:d1:
+        e9:67:48:6c
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSi1JQ0EzLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBozELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBozELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNV
 BAMMFmNoYWluSi1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9A
@@ -80,10 +80,10 @@ gaQwgaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
 DAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMR0wGwYDVQQDDBRjaGFpbkotSUNBNC1wYXRobGVuMjEfMB0GCSqGSIb3
 DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEARNK20IUxvx+isZFr7tyArCmBDrTD6I6R
-vmbyRGGLbEQX2c0VQL3OfMp9rcjhgZCkKFeIcUmfA7tLjP8CCJjS5LDKvvLfCBgk
-9zwivvIjEJaVK/Cg7RYIGh7O3x33szWv9IbyFrUskL0K+GRh2sYuSx8FMBpy01Ez
-JmFdDRQPuLncb3hXoGNM8BZJ/UhUw5IewASKFsCaNQi+SfLdkGqQSNWfSIIY8gTW
-2AdVF5mOJ8+GjRumAnJCqFPmXSBajS7T/KdxTLIhnRSM8Uk8yufmxlF/QTw3Gjgh
-pO6eG8yLCd813hjEeokyuY0V6wdbK1xVpUTb+/IVFhwBFt3e2Xq/3A==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAZQReRCMD7v5bpDmbLG4rX1v6WNrh2vbJ
+oCAayC7PAGnfqUnqpw2HcbV0+gBVMmJiAGbIqVMngCD8yeM8ULpvYafulxENAvhN
+F6FRIME1Xb1U3qWkoDDFCBA7/ozS9Kx0onALqu8bwqZFx1pouXoztwsrIIhimhF7
+V1XpW6CLn14vwlTqzeR5osD1soXEuRz9KQa0Ne1Q6RW3Dsb2CrKF45ZbYBZYbCCf
+GXMGPeWk+QsGzn84ss5NaxGoUYij4rry3DezWLXpwl8QGGOmvoLk0qBDEHa5LYzY
+JLZOHKL1e1kg5lnnO0OWJ7SDW+P8YLezLtSLAdfzCq3D+XnR6WdIbA==
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainJ-ICA3-no_pathlen.pem b/certs/test-pathlen/chainJ-ICA3-no_pathlen.pem
index a11ff4873..031766beb 100644
--- a/certs/test-pathlen/chainJ-ICA3-no_pathlen.pem
+++ b/certs/test-pathlen/chainJ-ICA3-no_pathlen.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA3-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d8:aa:f6:05:95:70:5a:53:c7:66:10:aa:90:79:
                     3b:cb:78:2a:ef:5f:43:22:71:7c:6d:47:99:a7:8b:
@@ -38,33 +38,33 @@ Certificate:
                 keyid:FC:18:13:52:BB:33:4A:DB:1C:5B:D1:80:98:3E:40:86:95:58:72:F9
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         47:22:2e:50:b3:0b:ed:17:f9:70:a3:71:3e:8d:55:d4:2f:16:
-         4a:9e:b4:c9:1d:b4:fa:20:10:2b:0f:db:71:b9:50:bf:52:f6:
-         f8:ad:0d:65:69:13:99:e3:eb:ef:98:7e:9c:e7:f9:5d:ff:d4:
-         9b:76:44:ba:d6:ce:7d:c1:cb:03:c7:a0:30:b8:76:05:fe:a9:
-         ca:7d:fe:6f:da:4a:2b:a2:18:bc:98:f2:00:68:72:4a:93:ae:
-         85:e0:c0:01:f9:ca:ac:f5:11:26:72:e3:48:34:3a:ce:ac:de:
-         dc:4e:cf:8c:ea:78:72:40:0e:08:42:ec:6e:3e:f5:13:ce:fa:
-         d5:38:65:88:f7:e5:61:6b:85:18:e1:ec:5b:fb:6d:1c:52:df:
-         99:16:01:00:70:a8:1d:1e:89:39:df:c3:fb:de:17:cd:69:68:
-         bc:78:1f:21:9d:f3:69:bc:76:ee:00:e4:ea:ea:73:b4:4f:89:
-         07:14:3e:94:77:28:f1:75:97:c7:43:72:2d:79:f5:a0:36:b1:
-         e5:26:50:c6:23:6b:88:83:57:13:74:4d:27:8a:11:f6:98:64:
-         a7:b2:9e:3e:18:c6:a2:85:60:22:7a:a0:5a:70:38:08:7b:2c:
-         9a:1c:b9:32:e4:08:14:1b:a5:a1:ab:03:f6:60:8b:3d:b3:72:
-         c2:d8:de:ab
+    Signature Value:
+        7a:6a:ed:b3:87:78:d8:b7:0f:4e:26:15:b3:ee:b9:6f:c1:cc:
+        03:05:d4:d1:7d:32:73:d5:7a:1f:1c:a8:fc:f5:04:79:a5:79:
+        1f:9e:8c:42:df:ff:a4:9a:d7:ce:7f:27:f3:d1:ac:25:6f:ea:
+        51:05:de:48:0b:15:f8:19:e9:b7:ed:02:eb:31:97:a7:3b:e2:
+        1a:5e:c3:c2:5a:d5:27:08:07:59:22:b5:bb:42:39:1f:ca:05:
+        19:1d:3d:86:1c:fb:e1:26:bd:7f:22:93:a3:16:75:d3:7e:f2:
+        78:55:a4:67:a6:f6:ce:29:e6:bd:47:08:55:53:5f:43:96:f8:
+        d6:75:32:1f:9f:c1:a2:4e:8c:4a:ba:7f:03:cf:d3:0b:01:07:
+        d1:09:46:f9:9a:1a:14:1e:52:77:38:1c:1d:7b:95:51:5e:c8:
+        c9:02:90:78:b6:ac:ab:c1:0a:a4:12:8d:2a:cb:60:5a:11:9d:
+        62:f5:d3:bf:1f:97:38:c8:1f:1b:a3:59:a4:01:51:ca:32:f2:
+        d5:e7:86:95:71:23:82:af:a5:a2:d7:a4:11:4c:e0:60:06:b3:
+        dc:10:cb:81:bc:e1:18:4c:ff:39:a4:c7:43:43:e3:57:c0:e7:
+        df:d4:17:8f:5c:94:32:1f:7a:8b:39:5d:e4:c3:67:d7:7e:25:
+        3d:a1:33:10
 -----BEGIN CERTIFICATE-----
 MIIExDCCA6ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSi1JQ0E0LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzM1oXDTI2MDkwODIyMTkzM1owgaMxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaMxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQD
 DBZjaGFpbkotSUNBMy1ub19wYXRobGVuMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -80,10 +80,10 @@ gZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
 c2wuY29tggFkMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-CwUAA4IBAQBHIi5QswvtF/lwo3E+jVXULxZKnrTJHbT6IBArD9txuVC/Uvb4rQ1l
-aROZ4+vvmH6c5/ld/9SbdkS61s59wcsDx6AwuHYF/qnKff5v2korohi8mPIAaHJK
-k66F4MAB+cqs9REmcuNINDrOrN7cTs+M6nhyQA4IQuxuPvUTzvrVOGWI9+Vha4UY
-4exb+20cUt+ZFgEAcKgdHok538P73hfNaWi8eB8hnfNpvHbuAOTq6nO0T4kHFD6U
-dyjxdZfHQ3ItefWgNrHlJlDGI2uIg1cTdE0nihH2mGSnsp4+GMaihWAieqBacDgI
-eyyaHLky5AgUG6WhqwP2YIs9s3LC2N6r
+CwUAA4IBAQB6au2zh3jYtw9OJhWz7rlvwcwDBdTRfTJz1XofHKj89QR5pXkfnoxC
+3/+kmtfOfyfz0awlb+pRBd5ICxX4Gem37QLrMZenO+IaXsPCWtUnCAdZIrW7Qjkf
+ygUZHT2GHPvhJr1/IpOjFnXTfvJ4VaRnpvbOKea9RwhVU19DlvjWdTIfn8GiToxK
+un8Dz9MLAQfRCUb5mhoUHlJ3OBwde5VRXsjJApB4tqyrwQqkEo0qy2BaEZ1i9dO/
+H5c4yB8bo1mkAVHKMvLV54aVcSOCr6Wi16QRTOBgBrPcEMuBvOEYTP85pMdDQ+NX
+wOff1BePXJQyH3qLOV3kw2fXfiU9oTMQ
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainJ-ICA4-pathlen2.pem b/certs/test-pathlen/chainJ-ICA4-pathlen2.pem
index 885a35ba0..35cfa13c7 100644
--- a/certs/test-pathlen/chainJ-ICA4-pathlen2.pem
+++ b/certs/test-pathlen/chainJ-ICA4-pathlen2.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:9d:4a:ee:6b:ff:b6:ec:88:21:23:84:03:b6:88:
                     bb:3e:5a:1b:95:03:2f:24:53:2d:57:3f:11:38:5d:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         38:0c:f8:b9:53:67:57:a3:18:3c:0a:74:2d:13:79:32:7b:e2:
-         4b:4f:82:5a:0e:7f:bb:ca:87:63:09:02:bd:31:62:2b:74:c4:
-         47:fe:96:4a:8b:97:ee:43:ea:be:d4:0d:07:3f:57:dd:e5:ea:
-         da:d8:30:94:64:73:b6:fd:d7:4f:72:41:ce:13:fc:65:c6:b1:
-         f7:5c:b7:60:d9:55:bd:c4:89:49:57:90:15:be:cc:93:ee:3e:
-         bd:37:22:7a:98:9d:17:69:4f:87:62:82:f6:03:2d:ee:52:22:
-         8c:86:bb:ba:93:9e:23:d8:d9:a2:4b:7e:ef:7d:59:d8:01:00:
-         8d:f8:e6:b0:ac:ef:41:72:ff:ab:0d:b1:4f:cd:1e:73:81:3a:
-         19:5a:3e:ac:da:f0:7f:be:b3:98:5f:22:08:96:2a:c4:41:43:
-         0b:83:30:07:c1:25:eb:2d:5f:60:a2:e5:b4:57:45:71:59:f9:
-         5b:b7:fd:3b:b3:4e:f0:cf:18:b9:0f:03:88:43:1d:9e:be:7b:
-         b1:a4:1f:e4:bc:ee:59:b7:2c:fe:a2:a6:08:96:f8:df:63:80:
-         02:a5:61:a8:16:86:d1:28:c5:db:c6:0a:bb:4a:e4:61:ec:50:
-         6c:58:c3:b0:0b:ba:be:fa:14:8c:36:59:ef:a3:6b:57:4a:6c:
-         3e:33:6e:8a
+    Signature Value:
+        bc:39:a9:d3:50:90:56:d9:eb:d6:24:96:5b:9c:ac:e1:ad:c8:
+        94:b3:0f:cf:66:30:62:4f:aa:51:e1:3e:40:b7:36:2c:d2:60:
+        37:04:bd:e3:82:ab:ab:ca:ef:d5:a0:1d:3d:58:ed:8a:82:3b:
+        c8:09:0d:92:f6:00:3c:ec:4e:bf:cb:cc:d1:ee:9f:00:c6:95:
+        0f:d9:f2:3d:37:41:f4:9c:c1:98:f2:eb:92:bf:ea:d7:9d:20:
+        be:e2:e8:40:0c:fc:7b:4a:0a:42:f7:a5:18:ab:97:91:e2:b4:
+        cf:97:34:2e:15:ee:92:bc:ca:82:8a:43:12:ee:50:c2:09:0a:
+        53:a0:b1:b0:ac:08:ea:ab:49:ae:86:16:a6:cf:eb:e4:cc:a6:
+        ae:2a:64:d3:dc:35:1e:70:39:db:61:35:25:52:1b:6c:85:11:
+        ad:22:46:d8:c9:7c:2f:c3:9a:c7:50:e8:a5:81:f9:45:d9:f6:
+        c4:93:03:21:c0:86:2a:e4:f1:17:8c:a8:17:12:88:06:f7:a5:
+        0f:a7:c2:33:6b:58:1b:c0:a9:c7:01:9c:d7:f0:73:68:ee:ef:
+        1a:c4:eb:48:8b:c5:a2:7c:aa:5c:89:33:b4:a3:6d:70:4c:95:
+        01:26:c2:44:e9:9e:fd:34:ef:f4:15:d7:aa:dc:92:9a:16:a2:
+        7f:2c:12:4d
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluSi1JQ0E0
 LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -78,12 +78,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFPwYE1K7M0rbHFvRgJg+QIaVWHL5MIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBADgM+LlTZ1ejGDwKdC0TeTJ74ktPgloOf7vKh2MJAr0x
-Yit0xEf+lkqLl+5D6r7UDQc/V93l6trYMJRkc7b9109yQc4T/GXGsfdct2DZVb3E
-iUlXkBW+zJPuPr03InqYnRdpT4digvYDLe5SIoyGu7qTniPY2aJLfu99WdgBAI34
-5rCs70Fy/6sNsU/NHnOBOhlaPqza8H++s5hfIgiWKsRBQwuDMAfBJestX2Ci5bRX
-RXFZ+Vu3/TuzTvDPGLkPA4hDHZ6+e7GkH+S87lm3LP6ipgiW+N9jgAKlYagWhtEo
-xdvGCrtK5GHsUGxYw7ALur76FIw2We+ja1dKbD4zboo=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBALw5qdNQkFbZ69YkllucrOGtyJSzD89mMGJPqlHhPkC3
+NizSYDcEveOCq6vK79WgHT1Y7YqCO8gJDZL2ADzsTr/LzNHunwDGlQ/Z8j03QfSc
+wZjy65K/6tedIL7i6EAM/HtKCkL3pRirl5HitM+XNC4V7pK8yoKKQxLuUMIJClOg
+sbCsCOqrSa6GFqbP6+TMpq4qZNPcNR5wOdthNSVSG2yFEa0iRtjJfC/DmsdQ6KWB
++UXZ9sSTAyHAhirk8ReMqBcSiAb3pQ+nwjNrWBvAqccBnNfwc2ju7xrE60iLxaJ8
+qlyJM7SjbXBMlQEmwkTpnv007/QV16rckpoWon8sEk0=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainJ-assembled.pem b/certs/test-pathlen/chainJ-assembled.pem
index 33394ec6f..77ff37342 100644
--- a/certs/test-pathlen/chainJ-assembled.pem
+++ b/certs/test-pathlen/chainJ-assembled.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b3:fb:51:a0:ac:69:8b:35:06:bf:7a:ee:b4:a1:
                     8a:7e:ae:31:75:ad:e7:45:7b:e6:d9:bb:7c:e9:73:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:9C:7B:3A:10:B3:08:99:05:00:AF:3E:E0:A4:5D:D9:AF:82:BC:4D:C0
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainJ-ICA2-no_pathlen/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         46:5c:9c:45:3c:a5:1d:27:7f:4b:b6:2d:7d:aa:03:28:53:a5:
-         e3:cb:5a:63:16:58:5c:fe:97:65:c4:1e:d3:34:fe:8f:46:6e:
-         09:e4:2f:18:c9:fd:d0:7b:90:ab:f6:a5:89:fb:d0:0c:3a:f8:
-         3c:53:d5:3b:3a:2e:c0:dd:59:e1:6f:ed:e8:d4:1f:d3:9f:5e:
-         c8:1f:50:ba:6d:16:1f:25:ab:e0:aa:74:8f:38:50:e8:98:f9:
-         07:0f:71:3f:16:ce:cc:51:f8:ff:61:47:33:b4:98:36:63:19:
-         06:3e:0c:a1:69:ba:67:64:9c:46:8a:ea:3e:62:27:c0:b3:60:
-         7a:37:2b:fc:e2:c5:a8:8f:82:69:48:ff:4f:be:c4:8a:22:a3:
-         53:db:df:ee:c5:87:b7:da:55:f7:cd:48:e1:45:e7:22:f2:ec:
-         bd:94:2c:a5:e5:ea:9c:60:c6:b8:83:6a:6a:9a:c9:46:9b:6e:
-         88:38:d2:56:65:42:a6:5a:0f:d0:60:92:06:f4:1f:d9:5f:cd:
-         07:93:04:00:1a:c1:eb:d8:a8:78:80:9f:c2:b7:b2:e9:4d:8c:
-         6d:09:85:f0:87:c1:d6:d9:12:72:13:68:71:16:f7:53:f4:92:
-         9b:d4:46:31:b5:45:32:7b:f8:e6:dd:bf:d1:f9:aa:da:d3:7e:
-         06:2b:dd:fa
+    Signature Value:
+        3d:38:93:d4:04:f4:c3:d7:8c:db:4d:e3:3b:44:2d:62:76:65:
+        c9:ad:66:7f:29:f9:80:1f:87:70:c5:f7:0a:d9:63:ee:8c:cb:
+        22:74:88:a4:5c:07:21:fe:2e:d7:10:4d:0b:c9:6e:2d:ff:ab:
+        ab:c3:05:d1:b7:46:18:cb:84:89:3a:70:1b:d7:25:85:b1:fe:
+        4e:9f:cd:72:3b:2e:a0:cd:5f:97:b5:7d:ae:93:c9:b7:be:2e:
+        82:36:1f:00:0c:90:b3:3c:77:2c:e4:dc:3e:d1:83:f2:2e:7f:
+        a0:a3:71:11:b7:77:ce:54:81:82:12:c3:30:55:8d:2d:21:57:
+        a4:87:43:36:32:aa:8c:6d:fc:ec:89:61:99:e6:c5:19:09:a1:
+        10:13:87:50:05:ac:87:af:c1:5e:a8:76:68:44:94:d6:ad:d9:
+        67:50:45:0f:d5:a5:e5:be:77:1e:85:6a:f4:74:8a:28:60:75:
+        7c:ce:e2:d4:1f:e0:ba:b3:4e:d4:06:a9:8b:60:83:e4:b1:a7:
+        6b:4e:ae:fd:43:c8:12:d9:b2:cf:50:ba:e4:ee:39:c9:0b:59:
+        15:5f:c1:77:7c:93:60:31:ce:9a:a9:b7:15:68:e2:b4:cb:c3:
+        7e:31:69:84:55:82:c4:59:03:e9:78:b1:a9:7f:eb:0d:09:b4:
+        ba:5c:4e:f3
 -----BEGIN CERTIFICATE-----
 MIIEvDCCA6SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSi1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluSi1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -78,12 +78,12 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 FTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAd
 BgNVBAMMFmNoYWluSi1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGlu
 Zm9Ad29sZnNzbC5jb22CAWQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
-RlycRTylHSd/S7YtfaoDKFOl48taYxZYXP6XZcQe0zT+j0ZuCeQvGMn90HuQq/al
-ifvQDDr4PFPVOzouwN1Z4W/t6NQf059eyB9Qum0WHyWr4Kp0jzhQ6Jj5Bw9xPxbO
-zFH4/2FHM7SYNmMZBj4MoWm6Z2ScRorqPmInwLNgejcr/OLFqI+CaUj/T77EiiKj
-U9vf7sWHt9pV981I4UXnIvLsvZQspeXqnGDGuINqaprJRptuiDjSVmVCploP0GCS
-BvQf2V/NB5MEABrB69ioeICfwrey6U2MbQmF8IfB1tkSchNocRb3U/SSm9RGMbVF
-Mnv45t2/0fmq2tN+Bivd+g==
+PTiT1AT0w9eM203jO0QtYnZlya1mfyn5gB+HcMX3Ctlj7ozLInSIpFwHIf4u1xBN
+C8luLf+rq8MF0bdGGMuEiTpwG9clhbH+Tp/NcjsuoM1fl7V9rpPJt74ugjYfAAyQ
+szx3LOTcPtGD8i5/oKNxEbd3zlSBghLDMFWNLSFXpIdDNjKqjG387IlhmebFGQmh
+EBOHUAWsh6/BXqh2aESU1q3ZZ1BFD9Wl5b53HoVq9HSKKGB1fM7i1B/gurNO1Aap
+i2CD5LGna06u/UPIEtmyz1C65O45yQtZFV/Bd3yTYDHOmqm3FWjitMvDfjFphFWC
+xFkD6XixqX/rDQm0ulxO8w==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -92,12 +92,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:a7:6f:44:c2:11:cc:2c:f4:2a:a5:a8:08:53:4b:
                     0e:cd:96:23:bb:15:4a:2a:dd:f9:a7:19:2b:91:28:
@@ -125,33 +125,33 @@ Certificate:
                 keyid:A3:F5:71:8A:60:80:3C:93:64:17:D9:2E:B5:C0:CE:A9:C1:14:17:C4
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainJ-ICA3-no_pathlen/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         98:29:a6:c0:de:6c:d0:3d:c3:ff:d0:57:5f:83:48:bd:e0:80:
-         1c:7a:e0:81:a9:5e:43:17:01:1b:c0:d6:89:30:eb:21:47:9e:
-         8a:38:73:37:74:52:04:37:37:6e:7e:11:0e:f8:cb:c7:7c:4f:
-         43:4f:07:64:56:7a:f7:66:4f:98:2f:6a:01:ae:04:72:64:03:
-         32:88:e7:7e:60:ae:1e:16:93:4d:51:44:41:a7:b6:3e:19:e6:
-         20:c9:30:3a:8f:86:77:b9:9c:c2:b8:f1:d9:7a:a9:10:cc:ce:
-         95:46:bb:62:0d:d8:c8:78:37:51:51:2e:83:a8:5b:ef:fa:a0:
-         34:bb:a3:93:66:b6:4f:72:25:fc:e2:39:1a:3a:3f:74:c5:94:
-         88:0c:34:90:1e:f9:b0:d9:23:e4:29:33:4a:2f:59:c7:88:52:
-         c9:69:a9:6d:c7:8d:da:92:c3:4e:f3:c9:3c:5e:28:e1:ae:e0:
-         b7:ef:b4:07:18:70:b7:ea:2c:8a:e1:92:31:1c:71:26:cf:d5:
-         5b:c6:fd:88:db:8b:30:36:41:91:b1:fd:63:c3:3e:b2:e2:64:
-         5e:b2:ac:90:0c:6f:d5:21:4c:22:85:c5:0e:65:23:46:31:52:
-         31:f5:42:d8:b3:78:bb:3e:d2:f0:69:61:b9:45:4e:6b:79:78:
-         a8:60:23:7a
+    Signature Value:
+        2d:f4:e2:98:aa:1a:fc:7c:ed:5b:7a:6c:64:de:a9:9c:a3:1a:
+        19:7d:8e:a5:52:4e:2b:70:c3:b8:ef:5f:07:57:f5:52:d7:37:
+        e6:12:08:dc:d1:51:ac:e1:e7:19:9a:f5:87:44:db:d7:31:23:
+        4f:0a:a6:ac:b9:26:f2:d5:56:51:f2:41:29:fa:a4:ae:e8:bc:
+        a4:24:25:23:ff:5d:f8:dd:5a:a9:9a:28:13:66:ef:f3:f7:70:
+        cb:a2:48:2d:91:b8:ae:22:85:0c:08:10:be:cc:e0:d8:20:b2:
+        ab:c4:41:00:76:9d:18:ec:63:c7:48:f2:da:e2:3a:35:7e:6c:
+        82:ce:0b:fa:9f:c7:0f:28:39:c7:3d:c3:94:4d:85:75:79:1c:
+        18:e9:79:eb:69:8f:fe:9b:7b:8a:0e:7f:2f:8f:35:7d:b0:22:
+        25:50:79:da:5b:c7:44:9f:a5:cd:c1:b8:d9:cf:7d:10:34:60:
+        4f:c8:42:ea:71:4f:4a:e3:76:99:e4:49:8e:84:5b:ef:34:14:
+        18:77:c2:da:f6:80:72:b5:3e:40:3a:d5:93:22:06:05:3c:46:
+        17:ec:d3:b8:86:93:22:c9:b1:9c:03:3a:f2:88:1a:6d:7b:50:
+        ba:1a:50:85:d1:f5:f3:52:91:bd:88:c4:48:6b:67:8e:5f:f4:
+        34:15:95:35
 -----BEGIN CERTIFICATE-----
 MIIE1jCCA76gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSi1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBozELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBozELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNV
 BAMMFmNoYWluSi1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9A
@@ -167,12 +167,12 @@ gaYwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
 DAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMR8wHQYDVQQDDBZjaGFpbkotSUNBMy1ub19wYXRobGVuMR8wHQYJKoZI
 hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggFkMAwGA1UdEwQFMAMBAf8wCwYDVR0P
-BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCYKabA3mzQPcP/0Fdfg0i94IAceuCB
-qV5DFwEbwNaJMOshR56KOHM3dFIENzdufhEO+MvHfE9DTwdkVnr3Zk+YL2oBrgRy
-ZAMyiOd+YK4eFpNNUURBp7Y+GeYgyTA6j4Z3uZzCuPHZeqkQzM6VRrtiDdjIeDdR
-US6DqFvv+qA0u6OTZrZPciX84jkaOj90xZSIDDSQHvmw2SPkKTNKL1nHiFLJaalt
-x43aksNO88k8XijhruC377QHGHC36iyK4ZIxHHEmz9Vbxv2I24swNkGRsf1jwz6y
-4mResqyQDG/VIUwihcUOZSNGMVIx9ULYs3i7PtLwaWG5RU5reXioYCN6
+BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAt9OKYqhr8fO1bemxk3qmcoxoZfY6l
+Uk4rcMO4718HV/VS1zfmEgjc0VGs4ecZmvWHRNvXMSNPCqasuSby1VZR8kEp+qSu
+6LykJCUj/1343VqpmigTZu/z93DLokgtkbiuIoUMCBC+zODYILKrxEEAdp0Y7GPH
+SPLa4jo1fmyCzgv6n8cPKDnHPcOUTYV1eRwY6XnraY/+m3uKDn8vjzV9sCIlUHna
+W8dEn6XNwbjZz30QNGBPyELqcU9K43aZ5EmOhFvvNBQYd8La9oBytT5AOtWTIgYF
+PEYX7NO4hpMiybGcAzryiBpte1C6GlCF0fXzUpG9iMRIa2eOX/Q0FZU1
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -181,12 +181,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA3-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA2-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bb:29:fd:89:aa:82:e0:1d:04:78:69:ec:61:58:
                     51:52:84:7e:6b:55:69:2c:f4:23:d6:1f:d8:ed:ab:
@@ -214,33 +214,33 @@ Certificate:
                 keyid:CD:97:49:78:F7:31:61:ED:2F:71:1A:68:E9:45:2C:40:78:51:93:5B
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainJ-ICA4-pathlen2/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         44:d2:b6:d0:85:31:bf:1f:a2:b1:91:6b:ee:dc:80:ac:29:81:
-         0e:b4:c3:e8:8e:91:be:66:f2:44:61:8b:6c:44:17:d9:cd:15:
-         40:bd:ce:7c:ca:7d:ad:c8:e1:81:90:a4:28:57:88:71:49:9f:
-         03:bb:4b:8c:ff:02:08:98:d2:e4:b0:ca:be:f2:df:08:18:24:
-         f7:3c:22:be:f2:23:10:96:95:2b:f0:a0:ed:16:08:1a:1e:ce:
-         df:1d:f7:b3:35:af:f4:86:f2:16:b5:2c:90:bd:0a:f8:64:61:
-         da:c6:2e:4b:1f:05:30:1a:72:d3:51:33:26:61:5d:0d:14:0f:
-         b8:b9:dc:6f:78:57:a0:63:4c:f0:16:49:fd:48:54:c3:92:1e:
-         c0:04:8a:16:c0:9a:35:08:be:49:f2:dd:90:6a:90:48:d5:9f:
-         48:82:18:f2:04:d6:d8:07:55:17:99:8e:27:cf:86:8d:1b:a6:
-         02:72:42:a8:53:e6:5d:20:5a:8d:2e:d3:fc:a7:71:4c:b2:21:
-         9d:14:8c:f1:49:3c:ca:e7:e6:c6:51:7f:41:3c:37:1a:38:21:
-         a4:ee:9e:1b:cc:8b:09:df:35:de:18:c4:7a:89:32:b9:8d:15:
-         eb:07:5b:2b:5c:55:a5:44:db:fb:f2:15:16:1c:01:16:dd:de:
-         d9:7a:bf:dc
+    Signature Value:
+        65:04:5e:44:23:03:ee:fe:5b:a4:39:9b:2c:6e:2b:5f:5b:fa:
+        58:da:e1:da:f6:c9:a0:20:1a:c8:2e:cf:00:69:df:a9:49:ea:
+        a7:0d:87:71:b5:74:fa:00:55:32:62:62:00:66:c8:a9:53:27:
+        80:20:fc:c9:e3:3c:50:ba:6f:61:a7:ee:97:11:0d:02:f8:4d:
+        17:a1:51:20:c1:35:5d:bd:54:de:a5:a4:a0:30:c5:08:10:3b:
+        fe:8c:d2:f4:ac:74:a2:70:0b:aa:ef:1b:c2:a6:45:c7:5a:68:
+        b9:7a:33:b7:0b:2b:20:88:62:9a:11:7b:57:55:e9:5b:a0:8b:
+        9f:5e:2f:c2:54:ea:cd:e4:79:a2:c0:f5:b2:85:c4:b9:1c:fd:
+        29:06:b4:35:ed:50:e9:15:b7:0e:c6:f6:0a:b2:85:e3:96:5b:
+        60:16:58:6c:20:9f:19:73:06:3d:e5:a4:f9:0b:06:ce:7f:38:
+        b2:ce:4d:6b:11:a8:51:88:a3:e2:ba:f2:dc:37:b3:58:b5:e9:
+        c2:5f:10:18:63:a6:be:82:e4:d2:a0:43:10:76:b9:2d:8c:d8:
+        24:b6:4e:1c:a2:f5:7b:59:20:e6:59:e7:3b:43:96:27:b4:83:
+        5b:e3:fc:60:b7:b3:2e:d4:8b:01:d7:f3:0a:ad:c3:f9:79:d1:
+        e9:67:48:6c
 -----BEGIN CERTIFICATE-----
 MIIE1DCCA7ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSi1JQ0EzLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBozELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBozELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNV
 BAMMFmNoYWluSi1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9A
@@ -256,12 +256,12 @@ gaQwgaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
 DAdTZWF0dGxlMRUwEwYDVQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMR0wGwYDVQQDDBRjaGFpbkotSUNBNC1wYXRobGVuMjEfMB0GCSqGSIb3
 DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIBZDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEARNK20IUxvx+isZFr7tyArCmBDrTD6I6R
-vmbyRGGLbEQX2c0VQL3OfMp9rcjhgZCkKFeIcUmfA7tLjP8CCJjS5LDKvvLfCBgk
-9zwivvIjEJaVK/Cg7RYIGh7O3x33szWv9IbyFrUskL0K+GRh2sYuSx8FMBpy01Ez
-JmFdDRQPuLncb3hXoGNM8BZJ/UhUw5IewASKFsCaNQi+SfLdkGqQSNWfSIIY8gTW
-2AdVF5mOJ8+GjRumAnJCqFPmXSBajS7T/KdxTLIhnRSM8Uk8yufmxlF/QTw3Gjgh
-pO6eG8yLCd813hjEeokyuY0V6wdbK1xVpUTb+/IVFhwBFt3e2Xq/3A==
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAZQReRCMD7v5bpDmbLG4rX1v6WNrh2vbJ
+oCAayC7PAGnfqUnqpw2HcbV0+gBVMmJiAGbIqVMngCD8yeM8ULpvYafulxENAvhN
+F6FRIME1Xb1U3qWkoDDFCBA7/ozS9Kx0onALqu8bwqZFx1pouXoztwsrIIhimhF7
+V1XpW6CLn14vwlTqzeR5osD1soXEuRz9KQa0Ne1Q6RW3Dsb2CrKF45ZbYBZYbCCf
+GXMGPeWk+QsGzn84ss5NaxGoUYij4rry3DezWLXpwl8QGGOmvoLk0qBDEHa5LYzY
+JLZOHKL1e1kg5lnnO0OWJ7SDW+P8YLezLtSLAdfzCq3D+XnR6WdIbA==
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -270,12 +270,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA3-no_pathlen, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:d8:aa:f6:05:95:70:5a:53:c7:66:10:aa:90:79:
                     3b:cb:78:2a:ef:5f:43:22:71:7c:6d:47:99:a7:8b:
@@ -303,33 +303,33 @@ Certificate:
                 keyid:FC:18:13:52:BB:33:4A:DB:1C:5B:D1:80:98:3E:40:86:95:58:72:F9
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         47:22:2e:50:b3:0b:ed:17:f9:70:a3:71:3e:8d:55:d4:2f:16:
-         4a:9e:b4:c9:1d:b4:fa:20:10:2b:0f:db:71:b9:50:bf:52:f6:
-         f8:ad:0d:65:69:13:99:e3:eb:ef:98:7e:9c:e7:f9:5d:ff:d4:
-         9b:76:44:ba:d6:ce:7d:c1:cb:03:c7:a0:30:b8:76:05:fe:a9:
-         ca:7d:fe:6f:da:4a:2b:a2:18:bc:98:f2:00:68:72:4a:93:ae:
-         85:e0:c0:01:f9:ca:ac:f5:11:26:72:e3:48:34:3a:ce:ac:de:
-         dc:4e:cf:8c:ea:78:72:40:0e:08:42:ec:6e:3e:f5:13:ce:fa:
-         d5:38:65:88:f7:e5:61:6b:85:18:e1:ec:5b:fb:6d:1c:52:df:
-         99:16:01:00:70:a8:1d:1e:89:39:df:c3:fb:de:17:cd:69:68:
-         bc:78:1f:21:9d:f3:69:bc:76:ee:00:e4:ea:ea:73:b4:4f:89:
-         07:14:3e:94:77:28:f1:75:97:c7:43:72:2d:79:f5:a0:36:b1:
-         e5:26:50:c6:23:6b:88:83:57:13:74:4d:27:8a:11:f6:98:64:
-         a7:b2:9e:3e:18:c6:a2:85:60:22:7a:a0:5a:70:38:08:7b:2c:
-         9a:1c:b9:32:e4:08:14:1b:a5:a1:ab:03:f6:60:8b:3d:b3:72:
-         c2:d8:de:ab
+    Signature Value:
+        7a:6a:ed:b3:87:78:d8:b7:0f:4e:26:15:b3:ee:b9:6f:c1:cc:
+        03:05:d4:d1:7d:32:73:d5:7a:1f:1c:a8:fc:f5:04:79:a5:79:
+        1f:9e:8c:42:df:ff:a4:9a:d7:ce:7f:27:f3:d1:ac:25:6f:ea:
+        51:05:de:48:0b:15:f8:19:e9:b7:ed:02:eb:31:97:a7:3b:e2:
+        1a:5e:c3:c2:5a:d5:27:08:07:59:22:b5:bb:42:39:1f:ca:05:
+        19:1d:3d:86:1c:fb:e1:26:bd:7f:22:93:a3:16:75:d3:7e:f2:
+        78:55:a4:67:a6:f6:ce:29:e6:bd:47:08:55:53:5f:43:96:f8:
+        d6:75:32:1f:9f:c1:a2:4e:8c:4a:ba:7f:03:cf:d3:0b:01:07:
+        d1:09:46:f9:9a:1a:14:1e:52:77:38:1c:1d:7b:95:51:5e:c8:
+        c9:02:90:78:b6:ac:ab:c1:0a:a4:12:8d:2a:cb:60:5a:11:9d:
+        62:f5:d3:bf:1f:97:38:c8:1f:1b:a3:59:a4:01:51:ca:32:f2:
+        d5:e7:86:95:71:23:82:af:a5:a2:d7:a4:11:4c:e0:60:06:b3:
+        dc:10:cb:81:bc:e1:18:4c:ff:39:a4:c7:43:43:e3:57:c0:e7:
+        df:d4:17:8f:5c:94:32:1f:7a:8b:39:5d:e4:c3:67:d7:7e:25:
+        3d:a1:33:10
 -----BEGIN CERTIFICATE-----
 MIIExDCCA6ygAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
 YWluSi1JQ0E0LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMB4XDTIzMTIxMzIyMTkzM1oXDTI2MDkwODIyMTkzM1owgaMxCzAJBgNVBAYT
+Y29tMB4XDTI0MTIxODIxMjUzNFoXDTI3MDkxNDIxMjUzNFowgaMxCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
 VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQD
 DBZjaGFpbkotSUNBMy1ub19wYXRobGVuMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
@@ -345,12 +345,12 @@ gZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
 bWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
 c2wuY29tggFkMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-CwUAA4IBAQBHIi5QswvtF/lwo3E+jVXULxZKnrTJHbT6IBArD9txuVC/Uvb4rQ1l
-aROZ4+vvmH6c5/ld/9SbdkS61s59wcsDx6AwuHYF/qnKff5v2korohi8mPIAaHJK
-k66F4MAB+cqs9REmcuNINDrOrN7cTs+M6nhyQA4IQuxuPvUTzvrVOGWI9+Vha4UY
-4exb+20cUt+ZFgEAcKgdHok538P73hfNaWi8eB8hnfNpvHbuAOTq6nO0T4kHFD6U
-dyjxdZfHQ3ItefWgNrHlJlDGI2uIg1cTdE0nihH2mGSnsp4+GMaihWAieqBacDgI
-eyyaHLky5AgUG6WhqwP2YIs9s3LC2N6r
+CwUAA4IBAQB6au2zh3jYtw9OJhWz7rlvwcwDBdTRfTJz1XofHKj89QR5pXkfnoxC
+3/+kmtfOfyfz0awlb+pRBd5ICxX4Gem37QLrMZenO+IaXsPCWtUnCAdZIrW7Qjkf
+ygUZHT2GHPvhJr1/IpOjFnXTfvJ4VaRnpvbOKea9RwhVU19DlvjWdTIfn8GiToxK
+un8Dz9MLAQfRCUb5mhoUHlJ3OBwde5VRXsjJApB4tqyrwQqkEo0qy2BaEZ1i9dO/
+H5c4yB8bo1mkAVHKMvLV54aVcSOCr6Wi16QRTOBgBrPcEMuBvOEYTP85pMdDQ+NX
+wOff1BePXJQyH3qLOV3kw2fXfiU9oTMQ
 -----END CERTIFICATE-----
 Certificate:
     Data:
@@ -359,12 +359,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA4-pathlen2, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:9d:4a:ee:6b:ff:b6:ec:88:21:23:84:03:b6:88:
                     bb:3e:5a:1b:95:03:2f:24:53:2d:57:3f:11:38:5d:
@@ -391,34 +391,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE, pathlen:2
             X509v3 Key Usage: 
                 Certificate Sign, CRL Sign
     Signature Algorithm: sha256WithRSAEncryption
-         38:0c:f8:b9:53:67:57:a3:18:3c:0a:74:2d:13:79:32:7b:e2:
-         4b:4f:82:5a:0e:7f:bb:ca:87:63:09:02:bd:31:62:2b:74:c4:
-         47:fe:96:4a:8b:97:ee:43:ea:be:d4:0d:07:3f:57:dd:e5:ea:
-         da:d8:30:94:64:73:b6:fd:d7:4f:72:41:ce:13:fc:65:c6:b1:
-         f7:5c:b7:60:d9:55:bd:c4:89:49:57:90:15:be:cc:93:ee:3e:
-         bd:37:22:7a:98:9d:17:69:4f:87:62:82:f6:03:2d:ee:52:22:
-         8c:86:bb:ba:93:9e:23:d8:d9:a2:4b:7e:ef:7d:59:d8:01:00:
-         8d:f8:e6:b0:ac:ef:41:72:ff:ab:0d:b1:4f:cd:1e:73:81:3a:
-         19:5a:3e:ac:da:f0:7f:be:b3:98:5f:22:08:96:2a:c4:41:43:
-         0b:83:30:07:c1:25:eb:2d:5f:60:a2:e5:b4:57:45:71:59:f9:
-         5b:b7:fd:3b:b3:4e:f0:cf:18:b9:0f:03:88:43:1d:9e:be:7b:
-         b1:a4:1f:e4:bc:ee:59:b7:2c:fe:a2:a6:08:96:f8:df:63:80:
-         02:a5:61:a8:16:86:d1:28:c5:db:c6:0a:bb:4a:e4:61:ec:50:
-         6c:58:c3:b0:0b:ba:be:fa:14:8c:36:59:ef:a3:6b:57:4a:6c:
-         3e:33:6e:8a
+    Signature Value:
+        bc:39:a9:d3:50:90:56:d9:eb:d6:24:96:5b:9c:ac:e1:ad:c8:
+        94:b3:0f:cf:66:30:62:4f:aa:51:e1:3e:40:b7:36:2c:d2:60:
+        37:04:bd:e3:82:ab:ab:ca:ef:d5:a0:1d:3d:58:ed:8a:82:3b:
+        c8:09:0d:92:f6:00:3c:ec:4e:bf:cb:cc:d1:ee:9f:00:c6:95:
+        0f:d9:f2:3d:37:41:f4:9c:c1:98:f2:eb:92:bf:ea:d7:9d:20:
+        be:e2:e8:40:0c:fc:7b:4a:0a:42:f7:a5:18:ab:97:91:e2:b4:
+        cf:97:34:2e:15:ee:92:bc:ca:82:8a:43:12:ee:50:c2:09:0a:
+        53:a0:b1:b0:ac:08:ea:ab:49:ae:86:16:a6:cf:eb:e4:cc:a6:
+        ae:2a:64:d3:dc:35:1e:70:39:db:61:35:25:52:1b:6c:85:11:
+        ad:22:46:d8:c9:7c:2f:c3:9a:c7:50:e8:a5:81:f9:45:d9:f6:
+        c4:93:03:21:c0:86:2a:e4:f1:17:8c:a8:17:12:88:06:f7:a5:
+        0f:a7:c2:33:6b:58:1b:c0:a9:c7:01:9c:d7:f0:73:68:ee:ef:
+        1a:c4:eb:48:8b:c5:a2:7c:aa:5c:89:33:b4:a3:6d:70:4c:95:
+        01:26:c2:44:e9:9e:fd:34:ef:f4:15:d7:aa:dc:92:9a:16:a2:
+        7f:2c:12:4d
 -----BEGIN CERTIFICATE-----
 MIIEzDCCA7SgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
 SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluSi1JQ0E0
 LXBhdGhsZW4yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -432,12 +432,12 @@ o4IBGDCCARQwHQYDVR0OBBYEFPwYE1K7M0rbHFvRgJg+QIaVWHL5MIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBADgM+LlTZ1ejGDwKdC0TeTJ74ktPgloOf7vKh2MJAr0x
-Yit0xEf+lkqLl+5D6r7UDQc/V93l6trYMJRkc7b9109yQc4T/GXGsfdct2DZVb3E
-iUlXkBW+zJPuPr03InqYnRdpT4digvYDLe5SIoyGu7qTniPY2aJLfu99WdgBAI34
-5rCs70Fy/6sNsU/NHnOBOhlaPqza8H++s5hfIgiWKsRBQwuDMAfBJestX2Ci5bRX
-RXFZ+Vu3/TuzTvDPGLkPA4hDHZ6+e7GkH+S87lm3LP6ipgiW+N9jgAKlYagWhtEo
-xdvGCrtK5GHsUGxYw7ALur76FIw2We+ja1dKbD4zboo=
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowDwYDVR0TBAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBALw5qdNQkFbZ69YkllucrOGtyJSzD89mMGJPqlHhPkC3
+NizSYDcEveOCq6vK79WgHT1Y7YqCO8gJDZL2ADzsTr/LzNHunwDGlQ/Z8j03QfSc
+wZjy65K/6tedIL7i6EAM/HtKCkL3pRirl5HitM+XNC4V7pK8yoKKQxLuUMIJClOg
+sbCsCOqrSa6GFqbP6+TMpq4qZNPcNR5wOdthNSVSG2yFEa0iRtjJfC/DmsdQ6KWB
++UXZ9sSTAyHAhirk8ReMqBcSiAb3pQ+nwjNrWBvAqccBnNfwc2ju7xrE60iLxaJ8
+qlyJM7SjbXBMlQEmwkTpnv007/QV16rckpoWon8sEk0=
 -----END CERTIFICATE-----
diff --git a/certs/test-pathlen/chainJ-entity.pem b/certs/test-pathlen/chainJ-entity.pem
index 24ac93b90..c5fdd4923 100644
--- a/certs/test-pathlen/chainJ-entity.pem
+++ b/certs/test-pathlen/chainJ-entity.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-ICA1-no_pathlen, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:33 2023 GMT
-            Not After : Sep  8 22:19:33 2026 GMT
+            Not Before: Dec 18 21:25:34 2024 GMT
+            Not After : Sep 14 21:25:34 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainJ-entity, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:b3:fb:51:a0:ac:69:8b:35:06:bf:7a:ee:b4:a1:
                     8a:7e:ae:31:75:ad:e7:45:7b:e6:d9:bb:7c:e9:73:
@@ -38,31 +38,31 @@ Certificate:
                 keyid:9C:7B:3A:10:B3:08:99:05:00:AF:3E:E0:A4:5D:D9:AF:82:BC:4D:C0
                 DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainJ-ICA2-no_pathlen/emailAddress=info@wolfssl.com
                 serial:64
-
             X509v3 Basic Constraints: 
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
-         46:5c:9c:45:3c:a5:1d:27:7f:4b:b6:2d:7d:aa:03:28:53:a5:
-         e3:cb:5a:63:16:58:5c:fe:97:65:c4:1e:d3:34:fe:8f:46:6e:
-         09:e4:2f:18:c9:fd:d0:7b:90:ab:f6:a5:89:fb:d0:0c:3a:f8:
-         3c:53:d5:3b:3a:2e:c0:dd:59:e1:6f:ed:e8:d4:1f:d3:9f:5e:
-         c8:1f:50:ba:6d:16:1f:25:ab:e0:aa:74:8f:38:50:e8:98:f9:
-         07:0f:71:3f:16:ce:cc:51:f8:ff:61:47:33:b4:98:36:63:19:
-         06:3e:0c:a1:69:ba:67:64:9c:46:8a:ea:3e:62:27:c0:b3:60:
-         7a:37:2b:fc:e2:c5:a8:8f:82:69:48:ff:4f:be:c4:8a:22:a3:
-         53:db:df:ee:c5:87:b7:da:55:f7:cd:48:e1:45:e7:22:f2:ec:
-         bd:94:2c:a5:e5:ea:9c:60:c6:b8:83:6a:6a:9a:c9:46:9b:6e:
-         88:38:d2:56:65:42:a6:5a:0f:d0:60:92:06:f4:1f:d9:5f:cd:
-         07:93:04:00:1a:c1:eb:d8:a8:78:80:9f:c2:b7:b2:e9:4d:8c:
-         6d:09:85:f0:87:c1:d6:d9:12:72:13:68:71:16:f7:53:f4:92:
-         9b:d4:46:31:b5:45:32:7b:f8:e6:dd:bf:d1:f9:aa:da:d3:7e:
-         06:2b:dd:fa
+    Signature Value:
+        3d:38:93:d4:04:f4:c3:d7:8c:db:4d:e3:3b:44:2d:62:76:65:
+        c9:ad:66:7f:29:f9:80:1f:87:70:c5:f7:0a:d9:63:ee:8c:cb:
+        22:74:88:a4:5c:07:21:fe:2e:d7:10:4d:0b:c9:6e:2d:ff:ab:
+        ab:c3:05:d1:b7:46:18:cb:84:89:3a:70:1b:d7:25:85:b1:fe:
+        4e:9f:cd:72:3b:2e:a0:cd:5f:97:b5:7d:ae:93:c9:b7:be:2e:
+        82:36:1f:00:0c:90:b3:3c:77:2c:e4:dc:3e:d1:83:f2:2e:7f:
+        a0:a3:71:11:b7:77:ce:54:81:82:12:c3:30:55:8d:2d:21:57:
+        a4:87:43:36:32:aa:8c:6d:fc:ec:89:61:99:e6:c5:19:09:a1:
+        10:13:87:50:05:ac:87:af:c1:5e:a8:76:68:44:94:d6:ad:d9:
+        67:50:45:0f:d5:a5:e5:be:77:1e:85:6a:f4:74:8a:28:60:75:
+        7c:ce:e2:d4:1f:e0:ba:b3:4e:d4:06:a9:8b:60:83:e4:b1:a7:
+        6b:4e:ae:fd:43:c8:12:d9:b2:cf:50:ba:e4:ee:39:c9:0b:59:
+        15:5f:c1:77:7c:93:60:31:ce:9a:a9:b7:15:68:e2:b4:cb:c3:
+        7e:31:69:84:55:82:c4:59:03:e9:78:b1:a9:7f:eb:0d:09:b4:
+        ba:5c:4e:f3
 -----BEGIN CERTIFICATE-----
 MIIEvDCCA6SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
 EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
 DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
 YWluSi1JQ0ExLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wHhcNMjMxMjEzMjIxOTMzWhcNMjYwOTA4MjIxOTMzWjCBmjELMAkGA1UE
+bC5jb20wHhcNMjQxMjE4MjEyNTM0WhcNMjcwOTE0MjEyNTM0WjCBmjELMAkGA1UE
 BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
 BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
 BAMMDWNoYWluSi1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
@@ -78,10 +78,10 @@ A1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUx
 FTATBgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAd
 BgNVBAMMFmNoYWluSi1JQ0EyLW5vX3BhdGhsZW4xHzAdBgkqhkiG9w0BCQEWEGlu
 Zm9Ad29sZnNzbC5jb22CAWQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
-RlycRTylHSd/S7YtfaoDKFOl48taYxZYXP6XZcQe0zT+j0ZuCeQvGMn90HuQq/al
-ifvQDDr4PFPVOzouwN1Z4W/t6NQf059eyB9Qum0WHyWr4Kp0jzhQ6Jj5Bw9xPxbO
-zFH4/2FHM7SYNmMZBj4MoWm6Z2ScRorqPmInwLNgejcr/OLFqI+CaUj/T77EiiKj
-U9vf7sWHt9pV981I4UXnIvLsvZQspeXqnGDGuINqaprJRptuiDjSVmVCploP0GCS
-BvQf2V/NB5MEABrB69ioeICfwrey6U2MbQmF8IfB1tkSchNocRb3U/SSm9RGMbVF
-Mnv45t2/0fmq2tN+Bivd+g==
+PTiT1AT0w9eM203jO0QtYnZlya1mfyn5gB+HcMX3Ctlj7ozLInSIpFwHIf4u1xBN
+C8luLf+rq8MF0bdGGMuEiTpwG9clhbH+Tp/NcjsuoM1fl7V9rpPJt74ugjYfAAyQ
+szx3LOTcPtGD8i5/oKNxEbd3zlSBghLDMFWNLSFXpIdDNjKqjG387IlhmebFGQmh
+EBOHUAWsh6/BXqh2aESU1q3ZZ1BFD9Wl5b53HoVq9HSKKGB1fM7i1B/gurNO1Aap
+i2CD5LGna06u/UPIEtmyz1C65O45yQtZFV/Bd3yTYDHOmqm3FWjitMvDfjFphFWC
+xFkD6XixqX/rDQm0ulxO8w==
 -----END CERTIFICATE-----
diff --git a/certs/test-servercert-rc2.p12 b/certs/test-servercert-rc2.p12
index 3cfe92a16..b9e546c2c 100644
Binary files a/certs/test-servercert-rc2.p12 and b/certs/test-servercert-rc2.p12 differ
diff --git a/certs/test-servercert.p12 b/certs/test-servercert.p12
index 64ccb1041..764cba5aa 100644
Binary files a/certs/test-servercert.p12 and b/certs/test-servercert.p12 differ
diff --git a/certs/test-stream-dec.p7b b/certs/test-stream-dec.p7b
new file mode 100644
index 000000000..a70b37fc4
Binary files /dev/null and b/certs/test-stream-dec.p7b differ
diff --git a/certs/test-stream-sign.p7b b/certs/test-stream-sign.p7b
index 05f6643c1..60d10ecd6 100644
Binary files a/certs/test-stream-sign.p7b and b/certs/test-stream-sign.p7b differ
diff --git a/certs/test/cert-ext-ia.der b/certs/test/cert-ext-ia.der
index 29ec9fdde..11445bd39 100644
Binary files a/certs/test/cert-ext-ia.der and b/certs/test/cert-ext-ia.der differ
diff --git a/certs/test/cert-ext-ia.pem b/certs/test/cert-ext-ia.pem
index e6c037441..0e082fe3b 100644
--- a/certs/test/cert-ext-ia.pem
+++ b/certs/test/cert-ext-ia.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIEAzCCAuugAwIBAgIUEEaaRNPZiiXZqFxu6gwfzxyXYkYwDQYJKoZIhvcNAQEL
+MIIEIjCCAwqgAwIBAgIUQ/3qAfjYJadJx3VZ0hJd8G1k8gQwDQYJKoZIhvcNAQEL
 BQAwgZ8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
 DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIjAgBgkqhkiG9w0BCQEW
-E3N1cHBvcnRAd29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI5WhcNMjYwOTA4MjIx
-OTI5WjCBnzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNV
+E3N1cHBvcnRAd29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEy
+NTMwWjCBnzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNV
 BAcMCEJyaXNiYW5lMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5n
 aW5lZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEiMCAGCSqGSIb3DQEJ
 ARYTc3VwcG9ydEB3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
@@ -13,12 +13,13 @@ nFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0l
 T+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRp
 o0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGW
 Srzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgI
-vDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaM1MDMwDQYDVR02AQH/BAMCAQEw
-IgYJYIZIAYb4QgENBBUWE1Rlc3RpbmcgaW5oaWJpdCBhbnkwDQYJKoZIhvcNAQEL
-BQADggEBAHOBELBVkuhE2xGCnFEBk7Gvsphqe4GcsKYRp/JiyOMp+Fa01A+F7aiU
-vVi9JOdOlEFsbd32YoTdPCSqtSpzXXLJ/BdaREWvVLg3OshiwhNPPA2Q09gQI8ES
-I9yq7kWLesDGVLcXpdM+QHovNT8wrru8wi/LoWpKNHP4TYy1Tvuxr2ngC2UygsSX
-RGymPImVO8EPNBNh8zgP3p6zjyRDWs7tttct2u28mSR+ouRJ/8pQDp0ZVNbvedxI
-nj02OpIijuSj/CEwV3AuPJWaUbCxyL1bvnPcG1HKqvvt5/Ljo8h0pLRUpjwJDvFk
-8JWbuQSQThwRAsWtRO7RarZN7+P1AmI=
+vDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaNUMFIwDQYDVR02AQH/BAMCAQEw
+IgYJYIZIAYb4QgENBBUWE1Rlc3RpbmcgaW5oaWJpdCBhbnkwHQYDVR0OBBYEFLMR
+MsmSmITiyfjQO24DQsofDo48MA0GCSqGSIb3DQEBCwUAA4IBAQCv+LnCSsulpdgc
+rGsIOOj6l9aBwDzpXUCRq5f1iP21R6eCWuw0AloypxQGXOERzriWKrftcZsCIUYO
+norS/SrCI7fyTO/tlg/FLsAMLFb20CNcUxr2I2IBOhITN0nNIZsC3R5mh4vlUZzP
+kyL96tK/iBm52Xiz2s7WYXkUEOMXdeTATffCzGod/Qe8Lv2QH0zWrAB/frpSCw9G
+EOTiAvxvWEzWGupiABRkF0C1r/Mzk/f7SyX2jLW3NlG+UbnWADgk7ZXsQ7JR2ZXW
+96voC11VG+ie/WS4v4eYZVX56mK9696+uRUqfwoBMypMGwAeOYTVQ8JFpOuobwwx
+urOK1vdB
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-ext-joi.der b/certs/test/cert-ext-joi.der
index e4550c7a2..a48f1ef0f 100644
Binary files a/certs/test/cert-ext-joi.der and b/certs/test/cert-ext-joi.der differ
diff --git a/certs/test/cert-ext-joi.pem b/certs/test/cert-ext-joi.pem
index d19266866..a0d36541e 100644
--- a/certs/test/cert-ext-joi.pem
+++ b/certs/test/cert-ext-joi.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIFXDCCBESgAwIBAgIUWY9gYq+bg6hpLLlEPeuSQjQPvW8wDQYJKoZIhvcNAQEL
+MIIFXDCCBESgAwIBAgIUaAUAD+ezyA+zhY6gpJpcOm53ymkwDQYJKoZIhvcNAQEL
 BQAwgccxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdv
 bGZzc3NsLmNvbTETMBEGCysGAQQBgjc8AgEDEwJVUzEbMBkGCysGAQQBgjc8AgEC
-DApDYWxpZm9ybmlhMB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgccx
+DApDYWxpZm9ybmlhMB4XDTI0MTIxODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgccx
 CzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFu
 MREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UE
 AwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdvbGZzc3Ns
@@ -21,11 +21,11 @@ xzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
 YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
 VQQDDA93d3cud29sZnNzbC5jb20xIDAeBgkqhkiG9w0BCQEWEWluZm9Ad29sZnNz
 c2wuY29tMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQIMCkNh
-bGlmb3JuaWGCFFmPYGKvm4OoaSy5RD3rkkI0D71vMAwGA1UdEwQFMAMBAf8wDQYJ
-KoZIhvcNAQELBQADggEBALY9RCPRvuHf04Mxqv6UJZv7MslCwQwbavD3ZYigNrlS
-f+qhS7SqFcUyXGbOfpiFCgobnwxK/Xg2K20xuauA8tIaJ3egeu0KFZUAaz4EOMvQ
-IWSUwp5maDKjQw7PX+W5GYY73uUxjDMlIFD0lVDTByeRp+YNfTZEBbjZlKDFohEf
-BEIyONlZdOvAIR+9dAZRjfF94WZuiUluq90yCTnDT2UIor1IzS964LuropYSH3oV
-QAdPOa87r5nY4tLScPU8hxfOP1i8aCuELiHgo6XuZZXt1qlBb7kIXz/rITd9ZvRm
-WVysY/2A38K7CBiv0biKfS83PVai8HuFKR+yZ1wxtk0=
+bGlmb3JuaWGCFGgFAA/ns8gPs4WOoKSaXDpud8ppMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAIoznH+W19lYzslchTKt/Ck1zlOvwdMOh5ii5AUrnp3d
++LxOBtLE/6SPruGj5+83tAa79IWVhxw+vpSarqyJMdhU/j4w2fSNCErD9TApy6Ux
+rWaME4JuaPxWS0CKzmQ8wzthPouQgC1GUW60+3wRnYUX/1Jq7QelOuYaNU5V4Cgy
+Tn0+psTpYWBnIQO5Ialx+yMus4uq5HnpBCuL+OYEloxhJh9aX4kIHK0gjMZ9GW5N
+3dlkuB5wNqudKjfCQl78d9OrnqssJZbpKlh89mdW0XZmjKcSRKe/qaqWLpZ3xbpY
+KrZ8gr5ec4wTmgoHRO9oMYPZaPEoTskjwIHlcLqPomc=
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-ext-mnc.der b/certs/test/cert-ext-mnc.der
index f0c0aaaee..6a5791004 100644
Binary files a/certs/test/cert-ext-mnc.der and b/certs/test/cert-ext-mnc.der differ
diff --git a/certs/test/cert-ext-multiple.der b/certs/test/cert-ext-multiple.der
index b56d37756..b23ff2517 100644
Binary files a/certs/test/cert-ext-multiple.der and b/certs/test/cert-ext-multiple.der differ
diff --git a/certs/test/cert-ext-multiple.pem b/certs/test/cert-ext-multiple.pem
index ef5d7f064..514a94745 100644
--- a/certs/test/cert-ext-multiple.pem
+++ b/certs/test/cert-ext-multiple.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIFmDCCBICgAwIBAgIUOjAPanhO0Ayey1xIEr6HkMHASLcwDQYJKoZIhvcNAQEL
+MIIFmDCCBICgAwIBAgIUJ1V44oiXxesEMRmrcKI46MNfsB4wDQYJKoZIhvcNAQEL
 BQAwgcIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
 DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIjAgBgkqhkiG9w0BCQEW
 E3N1cHBvcnRAd29sZnNzbC5jb20xDzANBgNVBBEMBjU2LTEzMTEQMA4GA1UECQwH
-TWFpbiBTdDAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIHCMQswCQYD
+TWFpbiBTdDAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIHCMQswCQYD
 VQQGEwJBVTETMBEGA1UECAwKUXVlZW5zbGFuZDERMA8GA1UEBwwIQnJpc2JhbmUx
 FDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYG
 A1UEAwwPd3d3LndvbGZzc2wuY29tMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QHdv
@@ -22,11 +22,11 @@ BwMBMB0GA1UdDgQWBBQnjmcRdMMmHT/tM2OzpNgdMOXo1TCCAQIGA1UdIwSB+jCB
 EQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQHDAhCcmlzYmFuZTEUMBIGA1UECgwL
 d29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93d3cu
 d29sZnNzbC5jb20xIjAgBgkqhkiG9w0BCQEWE3N1cHBvcnRAd29sZnNzbC5jb20x
-DzANBgNVBBEMBjU2LTEzMTEQMA4GA1UECQwHTWFpbiBTdIIUOjAPanhO0Ayey1xI
-Er6HkMHASLcwDQYJKoZIhvcNAQELBQADggEBACLwxkk4RY5cD1/a47cHuRaDPn22
-XgpK5tZBMtU5PmkakKNWkW2xGTAwTmycus5iXOAxforA7PrGzFKlAnS+TmIhCFwv
-B0IwNZzCCwtQs3ilouOJyf30GxpV5BSJspBdjLflC9Vt+7OrjnRM84a4VaMNttps
-PlcGoZL1lLI2xtkhWXLeC1UdhXG8gsNXT/TpPOJ1+T4ElNr/RVTG60sp446f0kXd
-kX/dCrUD8+FTX5WZQmaawRHPRfV1d597dNuj539Za8e+XXJ5iOs0M+6YTqI9tvdA
-z23hUIs1BawnRcRYGS0rEYERBwcepvyEkQZoFfGKLoSuziRMIqnrQe3IzZ8=
+DzANBgNVBBEMBjU2LTEzMTEQMA4GA1UECQwHTWFpbiBTdIIUJ1V44oiXxesEMRmr
+cKI46MNfsB4wDQYJKoZIhvcNAQELBQADggEBAKJy37k1QlYZi1kqS2FVQcJu+BmG
+HESeXX5YHSkuAAGML/7RvIr8WHHKQ99XsMrfxh2rDQBmXzK70iSOTPYGMglmKfgp
+ClGY+LVaMwXcBXS5aJieQ1Gfh2Qfx497VRHEaEgpTb/S6w9d3h/DlNlgt0Ph8VcQ
+6pSTHF5g/fo5ejaLGRyn6rO4/m8wjnncmoKJxNWwATHPMbuiXFI+gVq8jaN64Sdf
+52k42MsQLtAD7xPtNnmTYP+da783oRMCCPStbi5iWuiTdHMwAL0SQilXCNiEBGcH
+Xhfw1S0ekG6ijSc5qxu6UnbWoyyN8pyf9fht8OGvOG1LdfXrJdPDeAnb+X4=
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-ext-nc.der b/certs/test/cert-ext-nc.der
index 5abf34986..10271ba2d 100644
Binary files a/certs/test/cert-ext-nc.der and b/certs/test/cert-ext-nc.der differ
diff --git a/certs/test/cert-ext-nc.pem b/certs/test/cert-ext-nc.pem
index 6bea29f54..b2a0c5ecc 100644
--- a/certs/test/cert-ext-nc.pem
+++ b/certs/test/cert-ext-nc.pem
@@ -1,9 +1,9 @@
 -----BEGIN CERTIFICATE-----
-MIIENTCCAx2gAwIBAgIUZubV8ronA4VrOHLZUH2CnIIiunUwDQYJKoZIhvcNAQEL
+MIIENTCCAx2gAwIBAgIUGplfHdReO3yPN9k7YfsSeO+fd6swDQYJKoZIhvcNAQEL
 BQAwezELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNVBAcM
 CEJyaXNiYW5lMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5naW5l
-ZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5Mjla
-Fw0yNjA5MDgyMjE5MjlaMHsxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNs
+ZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MzBa
+Fw0yNzA5MTQyMTI1MzBaMHsxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNs
 YW5kMREwDwYDVQQHDAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDAS
 BgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20wggEi
 MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu
@@ -16,10 +16,10 @@ AAGjgbAwga0wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MB8GA1UdIwQY
 MBaAFLMRMsmSmITiyfjQO24DQsofDo48MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYD
 VR0PAQH/BAQDAgGGMB4GA1UdHgEB/wQUMBKgEDAOgQwud29sZnNzbC5jb20wJwYJ
 YIZIAYb4QgENBBoWGFRlc3RpbmcgbmFtZSBjb25zdHJhaW50czANBgkqhkiG9w0B
-AQsFAAOCAQEALtoSqDAnQmXFMjZk6XRf+uvBu6/fH+1tCmL828q03s2Mee+sRF1m
-C9mFRT1Q+M7pvqEb9t+hgQ9jry68EFBqC2VY6WWl95chrP+uojdZO6sDbMWsBxDi
-oD/ZWa8jjDtT+JJNTY0TVKfg83mSRC+1nQxHsV4zAlXsRHinG+pmzQgkYUrNCpjG
-d12z2bRqYBignVENubQEAZT945sioMuwO8jD8CtWd7Ie5qc7WFxBVO/wo7j2Slbt
-/dy+sVc+IHN7fe6MVD9cGivYpKmSJvw/VtiZbpgCvIX93fwZj7ltEiZBaGv2mNRx
-jdUVGWzyjnQTgIRuBX7Oa7Q8r89+s3B9oA==
+AQsFAAOCAQEAAkumXr/7gj5fSU5BrUsTJ/G+EkCj/BqZN/9i5Jg4Ukb3GjBusWtC
+BdwwlNzeKPHHCMXGckMGnUsy2kc+HG2DbR217RySxE+r+rRtjPdUyJbyz1HtoJ75
+o5foADB2eoF/QbCYs5CPfF4UzfYK42zxrkM2Ug2OuLdkCibCPvZr1Mbtb6/jQNTx
+yvk9pIWxniqM2ZOc6/UFzVWYeoSs2RQM9f2wvzlQSt4mHdLHHJCPuLniFNMmKhIS
+5tP+l3ckze+/yJnEEw7c6RxkhYL/zbxzGn02DouCNL1iw8Hgnrzn8bmrmHsXgiwu
+WSwKHwx4vfVMeVbRgj2yQ9pwsUxMKFLS3Q==
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-ext-ncdns.der b/certs/test/cert-ext-ncdns.der
index d3f837089..c69e00bf6 100644
Binary files a/certs/test/cert-ext-ncdns.der and b/certs/test/cert-ext-ncdns.der differ
diff --git a/certs/test/cert-ext-ncmixed.der b/certs/test/cert-ext-ncmixed.der
index 4d3bb0c73..adad83f0f 100644
Binary files a/certs/test/cert-ext-ncmixed.der and b/certs/test/cert-ext-ncmixed.der differ
diff --git a/certs/test/cert-ext-nct.der b/certs/test/cert-ext-nct.der
index 5c0f65dfc..0c95bd743 100644
Binary files a/certs/test/cert-ext-nct.der and b/certs/test/cert-ext-nct.der differ
diff --git a/certs/test/cert-ext-nct.pem b/certs/test/cert-ext-nct.pem
index 5b888dfa2..1d6b4260d 100644
--- a/certs/test/cert-ext-nct.pem
+++ b/certs/test/cert-ext-nct.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIEGDCCAwCgAwIBAgIUQhQ9kNUYipe8daCTUP2VaziSi08wDQYJKoZIhvcNAQEL
+MIIENzCCAx+gAwIBAgIUApQdu+yQVfwqOADqFPgZc2zM/OswDQYJKoZIhvcNAQEL
 BQAwgZ8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
 DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
 ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIjAgBgkqhkiG9w0BCQEW
-E3N1cHBvcnRAd29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI5WhcNMjYwOTA4MjIx
-OTI5WjCBnzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNV
+E3N1cHBvcnRAd29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTMwWhcNMjcwOTE0MjEy
+NTMwWjCBnzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNV
 BAcMCEJyaXNiYW5lMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5n
 aW5lZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEiMCAGCSqGSIb3DQEJ
 ARYTc3VwcG9ydEB3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
@@ -13,12 +13,13 @@ nFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0l
 T+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRp
 o0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGW
 Srzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgI
-vDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaNKMEgwFAYJYIZIAYb4QgEBAQH/
+vDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaNpMGcwFAYJYIZIAYb4QgEBAQH/
 BAQDAgZAMDAGCWCGSAGG+EIBDQQjFiFUZXN0aW5nIE5ldHNjYXBlIENlcnRpZmlj
-YXRlIFR5cGUwDQYJKoZIhvcNAQELBQADggEBABmExniLoyrtx7sbbQS8nubTyoYv
-KfAreqCd5+2c2Vmq5o0wkA2HZLVlFi7ENewT0YaEqiP3HyPsu62P0N48GB43jPBg
-N58V+d/P8LERKx2/wjCfq15VX4Iave38K+/CzG+WKbaWc93ADUpOFvaZIejjiErx
-vQr3L2LyrEB0o6CDi+BPpKSQqW2O91HeIE+3P/trM2DF7RJApt0vVczxkepWxfa1
-piamsWT9rdE+7yeG9/I7RNY51dXQBnElJSULhrhBhqtRaCUcDe+KOocFq2NgEhku
-7IegJ888gZ5oZlYqOj9TUzS0ayXw8H8/6ZboH/AsvxBdQN7xOqmsDbpe3TA=
+YXRlIFR5cGUwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MA0GCSqGSIb3
+DQEBCwUAA4IBAQC/uKHXHC6BNAUNalaJIhQnzynJeYSTLvMiF9OZq+N+JaKO9cC3
+k4w3UgXuOzT39ACeKrw9NsIuzEIBmQ8yQCJ0ysQQ0ktVnqexk6wcu/Imz0RE4Sm2
+S4tvO/+gmw1QuOgO3uTVyELSENw2PSQmkAeUFIQERE1ZpAgYd6UL2y6vXRxoG1co
+SvY84WA+0G7DbWMomro1QvJJo54hBi/vWM4DkHj5vpOqNf7UpDyjmbUktz5s/XcW
+mJaGK9ZEdDnOqJsJQmW3Qk3pOhuRajZAVQs/4BClfVQu9B8zKtzNUDEmSpWkAHlR
+cueppqgSnNEiBtHgxM+nojVloeAvUT3ubckn
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-ext-ndir-exc.der b/certs/test/cert-ext-ndir-exc.der
index 5d8ebb081..d8a8898dc 100644
Binary files a/certs/test/cert-ext-ndir-exc.der and b/certs/test/cert-ext-ndir-exc.der differ
diff --git a/certs/test/cert-ext-ndir-exc.pem b/certs/test/cert-ext-ndir-exc.pem
index 486fcee67..f66f4111e 100644
--- a/certs/test/cert-ext-ndir-exc.pem
+++ b/certs/test/cert-ext-ndir-exc.pem
@@ -1,9 +1,9 @@
 -----BEGIN CERTIFICATE-----
-MIIE/TCCA+WgAwIBAgIUA9ASAQLXcBK7u66dI1+5Cvh9DMowDQYJKoZIhvcNAQEL
+MIIE/TCCA+WgAwIBAgIUGLfQcZfivHqxsscd/s2U10c095wwDQYJKoZIhvcNAQEL
 BQAwgZUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdv
-bGZzc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIGVMQsw
+bGZzc3NsLmNvbTAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGVMQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjER
 MA8GA1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMM
 D3d3dy53b2xmc3NsLmNvbTEgMB4GCSqGSIb3DQEJARYRaW5mb0B3b2xmc3NzbC5j
@@ -18,12 +18,12 @@ gdUGA1UdIwSBzTCByoAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZukgZgwgZUxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdvbGZzc3NsLmNv
-bYIUA9ASAQLXcBK7u66dI1+5Cvh9DMowDAYDVR0TBAUwAwEB/zA2BgNVHR4BAf8E
+bYIUGLfQcZfivHqxsscd/s2U10c095wwDAYDVR0TBAUwAwEB/zA2BgNVHR4BAf8E
 LDAqoSgwJqQkMCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMA0G
-CSqGSIb3DQEBCwUAA4IBAQCAF2rfhuz15dhfIlAaTKZ5caj09r9vdvsPKED2LsN1
-ufvD/DHJsFLLlL/a9Rk5HzaAC2/V7D1nytGdo+cDJAbbZP4jX7xKvTSPiXGwM85b
-xoZiCjApK6BBzBAEvPVO2g7XTPDAUtzSFUcibS9OXOBMQ8Kqua4oSAy02bpWTTj2
-1wZWr3okbRVuFNmX969wqJ2TA10QjySgMC7NoaW5sKG5Be65f0e8ClQ1UdDBq+7C
-TUkI1+eSjpPtRH38T89pK+zqKMwCq/Ugp/yDvmTn9tWjtdAE9bS92+3HBo/smJH7
-pTpRGG18pD7Su5B9QlSSbNZ0Sv5BJieCk9yQo81fcGtE
+CSqGSIb3DQEBCwUAA4IBAQCw3cmgfQC0d4SW5A/tOKqTiM2FqpupklMz5XSR2foY
+BDGHH/QUa/HUnvQPuE7KUoa8DqOyBYyato7Ejj2HuLcZlsPnT1kTLv4P4visrrvH
+fGKipT5ojv9sTKc9LTiohzlt08u7uqm7DKtuuDIBUCWgAWJV/DsKJWfiAPZo7bxS
+KPJJsPv+zMrMFazIrmlT8jez3VSoHToLWKIaJysJ8xJDR4kIrUJYAsXfZAPQkRUd
+6/1/r5g6Mt6Df4NbXiMccqCsiNvyEhVqx49nUQy4jPzJdA05TNkLnWYrC3Y2VqXR
+HjtgKkKIINqvkg1sryHpcCXRcX9MsRkbVZnq+ZuY1V6V
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-ext-ndir.der b/certs/test/cert-ext-ndir.der
index 1feebd79a..64039ae30 100644
Binary files a/certs/test/cert-ext-ndir.der and b/certs/test/cert-ext-ndir.der differ
diff --git a/certs/test/cert-ext-ndir.pem b/certs/test/cert-ext-ndir.pem
index 9a108cdd7..8054a3770 100644
--- a/certs/test/cert-ext-ndir.pem
+++ b/certs/test/cert-ext-ndir.pem
@@ -1,9 +1,9 @@
 -----BEGIN CERTIFICATE-----
-MIIE6DCCA9CgAwIBAgIUGsYHXq1zN8MtgL5Bg4sW7+8Uj+gwDQYJKoZIhvcNAQEL
+MIIE6DCCA9CgAwIBAgIUJGVxqI+7O15e3Pq4GKOWbl8e524wDQYJKoZIhvcNAQEL
 BQAwgZUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdv
-bGZzc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjlaFw0yNjA5MDgyMjE5MjlaMIGVMQsw
+bGZzc3NsLmNvbTAeFw0yNDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGVMQsw
 CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjER
 MA8GA1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMM
 D3d3dy53b2xmc3NsLmNvbTEgMB4GCSqGSIb3DQEJARYRaW5mb0B3b2xmc3NzbC5j
@@ -18,12 +18,12 @@ gdUGA1UdIwSBzTCByoAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZukgZgwgZUxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdvbGZzc3NsLmNv
-bYIUGsYHXq1zN8MtgL5Bg4sW7+8Uj+gwDAYDVR0TBAUwAwEB/zAhBgNVHR4BAf8E
-FzAVoBMwEaQPMA0xCzAJBgNVBAYTAlVTMA0GCSqGSIb3DQEBCwUAA4IBAQA/NW29
-VNYpDOtANk/T8s2F9pYMWNR2uCV+9uCCGHHI2gCjZKq1megHkN90dlBiDCcyjLpO
-Waj62FeNppBoYaeTO77clNDyloJl/EXRqPUgc7IK4J2KNq0emrc2Xce08I8pXuEs
-dh5H6W/9m5Y0N0SBB3xdPGzg6RPB3nZNiyoeDRwzUhIDLwl/i0qA9ZtEjhFIb3+u
-w7LbDNAXgz5T8ZfRGHgoOutrqra2lh9LEoALWLJ+ZxY35vr0ZLf4mVAyj/cr67EA
-uTM/xeJbtj1y5/ADmenbW0nUcSeS/Eyp1s9eFC4hOQDnAQALzi2zrvK2LlxON6Rx
-3OyA5WbvJJbFdxxH
+bYIUJGVxqI+7O15e3Pq4GKOWbl8e524wDAYDVR0TBAUwAwEB/zAhBgNVHR4BAf8E
+FzAVoBMwEaQPMA0xCzAJBgNVBAYTAlVTMA0GCSqGSIb3DQEBCwUAA4IBAQAKUBPw
+WOCJHe3lUkCjruXfucIQfDLK8bz2MEO3ch1vrbjDsbDNaMqP3w4PpRshzmCTdypk
+RcWMKLo1UEJsS6Vzs5qwsX/yxxGy0zvc47+E7hb71mw9rZKJ6K7J/ByC7trU37xS
+G2iFM+HQ0m9lEhSeCU+o70X0d61f3+NzNRAUlRa6XfdSdnHU+GvJmibS1+E/++Hn
+3f6jazaAAfPt1B4rVTlOF4W2sphk0giPQLoy895yt+QulI52IhvIU28nNDxgxu5I
+PXobiyNqhqij2p3G+9FdOnP+S2gsGLQjp9FwLDh/4TtBCHAJYdaf2iI4LMy2V3x/
+8K3QRK4bEQgJsEMn
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-over-max-altnames.der b/certs/test/cert-over-max-altnames.der
index 244eec0eb..098f7f897 100644
Binary files a/certs/test/cert-over-max-altnames.der and b/certs/test/cert-over-max-altnames.der differ
diff --git a/certs/test/cert-over-max-altnames.pem b/certs/test/cert-over-max-altnames.pem
index f7f3fde3e..049ed9826 100644
--- a/certs/test/cert-over-max-altnames.pem
+++ b/certs/test/cert-over-max-altnames.pem
@@ -1,9 +1,9 @@
 -----BEGIN CERTIFICATE-----
-MIJFGTCCRAGgAwIBAgIUF5nmfrjmbW0wm+StvWrMOmpvGaUwDQYJKoZIhvcNAQEL
+MIJFGTCCRAGgAwIBAgIUX76ChQ/mP72YjfkBX53CYI4jt4YwDQYJKoZIhvcNAQEL
 BQAwdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtFbmdpbmVlcmlu
-ZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMB4XDTI0MDcxODE4MDUxMVoXDTI3
-MDQxNDE4MDUxMVowdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
+ZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMB4XDTI0MTIxODIxMjUzMFoXDTI3
+MDkxNDIxMjUzMFowdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
 BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtF
 bmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMIIBIjANBgkqhkiG
 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY
@@ -362,10 +362,10 @@ bYIPZXhhbXBsZTEwNDIuY29tgg9leGFtcGxlMTA0My5jb22CD2V4YW1wbGUxMDQ0
 LmNvbYIPZXhhbXBsZTEwNDUuY29tgg9leGFtcGxlMTA0Ni5jb22CD2V4YW1wbGUx
 MDQ3LmNvbYIPZXhhbXBsZTEwNDguY29tgg9leGFtcGxlMTA0OS5jb22CD2V4YW1w
 bGUxMDUwLmNvbTAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwDQYJKoZI
-hvcNAQELBQADggEBAAafsXELXxtWZERkGxkH1a6sXrqD9xdMUIu/Bf8QAKePLOLX
-VbJeGNW9UHCKA5jntP4BKP86/b+43KF3g8qMyphS9DBTvOZ+rbRe8z3K6ouTi4Cv
-4jxL0ej4QINeIEbNAC5GqVkSHnVB0ul5drsIXHEAHi72BTkSlFHOU0umlL99O8UG
-R++z7qkXJWjrHkUA7zVIS4pRne80AtDVd3WB3lCmG/hs9p8Dj7igUGfaQYF1T6uK
-zkgpT2PCjvVfXadTG9FTqe+MEkjOwpUqClJ0SS1Et7KF56Q++FdFx7msammI2SC+
-XrBKQPqYZviTlK1YepjwtXe1SxasL7tjabJuIyU=
+hvcNAQELBQADggEBALHZ0dP5m3388g1xwY27mXegrb7Zgj3BA6raYIb4rhD9ZrnF
+tlTvgryp1Ca996P1SgSOA3VtEtseIEtiyrB6kW30lLwXRR5hmE3nYPgcQCWmHfSX
+p1Ylp2ZVXdxzmmUUocD83lGkFNk8W6FJUoqpQ51T0nT4CbTUeQYnTRHSFR6zL29+
+WBg1dyLjfYYzssrwmvfv5l5N7VgUzMAJk83p9JXWLB1iDysdAVej54OBGidEOfKR
+FXy2NGbaO5baW9gwKNR2daz0UsHd5Ud41iSLmO+3XXPyv6qroQSdhCuEurDNlKvf
+a0V/wEG9ovsLFtswH97vIkJMqQB8DnLn4IrUJsE=
 -----END CERTIFICATE-----
diff --git a/certs/test/cert-over-max-nc.cfg b/certs/test/cert-over-max-nc.cfg
index 21bdebeab..307f74233 100644
--- a/certs/test/cert-over-max-nc.cfg
+++ b/certs/test/cert-over-max-nc.cfg
@@ -14,48 +14,5 @@ CN = www.wolfssl.com
 
 [ extensions ]
 basicConstraints=critical,CA:true
-nameConstraints = permitted;DNS:.ex1.com,permitted;DNS:.ex2.com,permitted;\
-DNS:.ex3.com,permitted;DNS:.ex4.com,permitted;DNS:.ex5.com,permitted;\
-DNS:.ex6.com,permitted;DNS:.ex7.com,permitted;DNS:.ex8.com,permitted;\
-DNS:.ex9.com,permitted;DNS:.ex10.com,permitted;DNS:.ex11.com,permitted;\
-DNS:.ex12.com,permitted;DNS:.ex13.com,permitted;DNS:.ex14.com,permitted;\
-DNS:.ex15.com,permitted;DNS:.ex16.com,permitted;DNS:.ex17.com,permitted;\
-DNS:.ex18.com,permitted;DNS:.ex19.com,permitted;DNS:.ex20.com,permitted;\
-DNS:.ex21.com,permitted;DNS:.ex22.com,permitted;DNS:.ex23.com,permitted;\
-DNS:.ex24.com,permitted;DNS:.ex25.com,permitted;DNS:.ex26.com,permitted;\
-DNS:.ex27.com,permitted;DNS:.ex28.com,permitted;DNS:.ex29.com,permitted;\
-DNS:.ex30.com,permitted;DNS:.ex31.com,permitted;DNS:.ex32.com,permitted;\
-DNS:.ex33.com,permitted;DNS:.ex34.com,permitted;DNS:.ex35.com,permitted;\
-DNS:.ex36.com,permitted;DNS:.ex37.com,permitted;DNS:.ex38.com,permitted;\
-DNS:.ex39.com,permitted;DNS:.ex40.com,permitted;DNS:.ex41.com,permitted;\
-DNS:.ex42.com,permitted;DNS:.ex43.com,permitted;DNS:.ex44.com,permitted;\
-DNS:.ex45.com,permitted;DNS:.ex46.com,permitted;DNS:.ex47.com,permitted;\
-DNS:.ex48.com,permitted;DNS:.ex49.com,permitted;DNS:.ex50.com,permitted;\
-DNS:.ex51.com,permitted;DNS:.ex52.com,permitted;DNS:.ex53.com,permitted;\
-DNS:.ex54.com,permitted;DNS:.ex55.com,permitted;DNS:.ex56.com,permitted;\
-DNS:.ex57.com,permitted;DNS:.ex58.com,permitted;DNS:.ex59.com,permitted;\
-DNS:.ex60.com,permitted;DNS:.ex61.com,permitted;DNS:.ex62.com,permitted;\
-DNS:.ex63.com,permitted;DNS:.ex64.com,permitted;DNS:.ex65.com,permitted;\
-DNS:.ex66.com,permitted;DNS:.ex67.com,permitted;DNS:.ex68.com,permitted;\
-DNS:.ex69.com,permitted;DNS:.ex70.com,permitted;DNS:.ex71.com,permitted;\
-DNS:.ex72.com,permitted;DNS:.ex73.com,permitted;DNS:.ex74.com,permitted;\
-DNS:.ex75.com,permitted;DNS:.ex76.com,permitted;DNS:.ex77.com,permitted;\
-DNS:.ex78.com,permitted;DNS:.ex79.com,permitted;DNS:.ex80.com,permitted;\
-DNS:.ex81.com,permitted;DNS:.ex82.com,permitted;DNS:.ex83.com,permitted;\
-DNS:.ex84.com,permitted;DNS:.ex85.com,permitted;DNS:.ex86.com,permitted;\
-DNS:.ex87.com,permitted;DNS:.ex88.com,permitted;DNS:.ex89.com,permitted;\
-DNS:.ex90.com,permitted;DNS:.ex91.com,permitted;DNS:.ex92.com,permitted;\
-DNS:.ex93.com,permitted;DNS:.ex94.com,permitted;DNS:.ex95.com,permitted;\
-DNS:.ex96.com,permitted;DNS:.ex97.com,permitted;DNS:.ex98.com,permitted;\
-DNS:.ex99.com,permitted;DNS:.ex100.com,permitted;DNS:.ex101.com,permitted;\
-DNS:.ex102.com,permitted;DNS:.ex103.com,permitted;DNS:.ex104.com,permitted;\
-DNS:.ex105.com,permitted;DNS:.ex106.com,permitted;DNS:.ex107.com,permitted;\
-DNS:.ex108.com,permitted;DNS:.ex109.com,permitted;DNS:.ex110.com,permitted;\
-DNS:.ex111.com,permitted;DNS:.ex112.com,permitted;DNS:.ex113.com,permitted;\
-DNS:.ex114.com,permitted;DNS:.ex115.com,permitted;DNS:.ex116.com,permitted;\
-DNS:.ex117.com,permitted;DNS:.ex118.com,permitted;DNS:.ex119.com,permitted;\
-DNS:.ex120.com,permitted;DNS:.ex121.com,permitted;DNS:.ex122.com,permitted;\
-DNS:.ex123.com,permitted;DNS:.ex124.com,permitted;DNS:.ex125.com,permitted;\
-DNS:.ex126.com,permitted;DNS:.ex127.com,permitted;DNS:.ex128.com,permitted;\
-DNS:.ex129.com,permitted;DNS:.ex130.com
+nameConstraints = permitted;DNS:.ex1.com,permitted;DNS:.ex2.com,permitted;DNS:.ex3.com,permitted;DNS:.ex4.com,permitted;DNS:.ex5.com,permitted;DNS:.ex6.com,permitted;DNS:.ex7.com,permitted;DNS:.ex8.com,permitted;DNS:.ex9.com,permitted;DNS:.ex10.com,permitted;DNS:.ex11.com,permitted;DNS:.ex12.com,permitted;DNS:.ex13.com,permitted;DNS:.ex14.com,permitted;DNS:.ex15.com,permitted;DNS:.ex16.com,permitted;DNS:.ex17.com,permitted;DNS:.ex18.com,permitted;DNS:.ex19.com,permitted;DNS:.ex20.com,permitted;DNS:.ex21.com,permitted;DNS:.ex22.com,permitted;DNS:.ex23.com,permitted;DNS:.ex24.com,permitted;DNS:.ex25.com,permitted;DNS:.ex26.com,permitted;DNS:.ex27.com,permitted;DNS:.ex28.com,permitted;DNS:.ex29.com,permitted;DNS:.ex30.com,permitted;DNS:.ex31.com,permitted;DNS:.ex32.com,permitted;DNS:.ex33.com,permitted;DNS:.ex34.com,permitted;DNS:.ex35.com,permitted;DNS:.ex36.com,permitted;DNS:.ex37.com,permitted;DNS:.ex38.com,permitted;DNS:.ex39.com,permitted;DNS:.ex40.com,permitted;DNS:.ex41.com,permitted;DNS:.ex42.com,permitted;DNS:.ex43.com,permitted;DNS:.ex44.com,permitted;DNS:.ex45.com,permitted;DNS:.ex46.com,permitted;DNS:.ex47.com,permitted;DNS:.ex48.com,permitted;DNS:.ex49.com,permitted;DNS:.ex50.com,permitted;DNS:.ex51.com,permitted;DNS:.ex52.com,permitted;DNS:.ex53.com,permitted;DNS:.ex54.com,permitted;DNS:.ex55.com,permitted;DNS:.ex56.com,permitted;DNS:.ex57.com,permitted;DNS:.ex58.com,permitted;DNS:.ex59.com,permitted;DNS:.ex60.com,permitted;DNS:.ex61.com,permitted;DNS:.ex62.com,permitted;DNS:.ex63.com,permitted;DNS:.ex64.com,permitted;DNS:.ex65.com,permitted;DNS:.ex66.com,permitted;DNS:.ex67.com,permitted;DNS:.ex68.com,permitted;DNS:.ex69.com,permitted;DNS:.ex70.com,permitted;DNS:.ex71.com,permitted;DNS:.ex72.com,permitted;DNS:.ex73.com,permitted;DNS:.ex74.com,permitted;DNS:.ex75.com,permitted;DNS:.ex76.com,permitted;DNS:.ex77.com,permitted;DNS:.ex78.com,permitted;DNS:.ex79.com,permitted;DNS:.ex80.com,permitted;DNS:.ex81.com,permitted;DNS:.ex82.com,permitted;DNS:.ex83.com,permitted;DNS:.ex84.com,permitted;DNS:.ex85.com,permitted;DNS:.ex86.com,permitted;DNS:.ex87.com,permitted;DNS:.ex88.com,permitted;DNS:.ex89.com,permitted;DNS:.ex90.com,permitted;DNS:.ex91.com,permitted;DNS:.ex92.com,permitted;DNS:.ex93.com,permitted;DNS:.ex94.com,permitted;DNS:.ex95.com,permitted;DNS:.ex96.com,permitted;DNS:.ex97.com,permitted;DNS:.ex98.com,permitted;DNS:.ex99.com,permitted;DNS:.ex100.com,permitted;DNS:.ex101.com,permitted;DNS:.ex102.com,permitted;DNS:.ex103.com,permitted;DNS:.ex104.com,permitted;DNS:.ex105.com,permitted;DNS:.ex106.com,permitted;DNS:.ex107.com,permitted;DNS:.ex108.com,permitted;DNS:.ex109.com,permitted;DNS:.ex110.com,permitted;DNS:.ex111.com,permitted;DNS:.ex112.com,permitted;DNS:.ex113.com,permitted;DNS:.ex114.com,permitted;DNS:.ex115.com,permitted;DNS:.ex116.com,permitted;DNS:.ex117.com,permitted;DNS:.ex118.com,permitted;DNS:.ex119.com,permitted;DNS:.ex120.com,permitted;DNS:.ex121.com,permitted;DNS:.ex122.com,permitted;DNS:.ex123.com,permitted;DNS:.ex124.com,permitted;DNS:.ex125.com,permitted;DNS:.ex126.com,permitted;DNS:.ex127.com,permitted;DNS:.ex128.com,permitted;DNS:.ex129.com,permitted;DNS:.ex130.com
 
diff --git a/certs/test/cert-over-max-nc.der b/certs/test/cert-over-max-nc.der
index 1d0c740b7..5e4670843 100644
Binary files a/certs/test/cert-over-max-nc.der and b/certs/test/cert-over-max-nc.der differ
diff --git a/certs/test/cert-over-max-nc.pem b/certs/test/cert-over-max-nc.pem
index 8e42d53fa..6fbca89bd 100644
--- a/certs/test/cert-over-max-nc.pem
+++ b/certs/test/cert-over-max-nc.pem
@@ -1,9 +1,9 @@
 -----BEGIN CERTIFICATE-----
-MIIKWDCCCUCgAwIBAgIUYdELMUH7vrK6aNntrMnvR+5sZ7UwDQYJKoZIhvcNAQEL
+MIIKdzCCCV+gAwIBAgIUUU9JN4Ib8FyktlU9Vhgz8fa7JcUwDQYJKoZIhvcNAQEL
 BQAwdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtFbmdpbmVlcmlu
-ZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMB4XDTI0MDcwODA2MzQwNFoXDTI3
-MDQwNDA2MzQwNFowdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
+ZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMB4XDTI0MTIxODIxMjUzMFoXDTI3
+MDkxNDIxMjUzMFowdzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
 BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRQwEgYDVQQLDAtF
 bmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMIIBIjANBgkqhkiG
 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY
@@ -11,8 +11,8 @@ bmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMIIBIjANBgkqhkiG
 YlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlc
 OM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+
 Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+
-k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABo4IG2jCC
-BtYwDwYDVR0TAQH/BAUwAwEB/zCCBsEGA1UdHgSCBrgwgga0oIIGsDAKggguZXgx
+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABo4IG+TCC
+BvUwDwYDVR0TAQH/BAUwAwEB/zCCBsEGA1UdHgSCBrgwgga0oIIGsDAKggguZXgx
 LmNvbTAKggguZXgyLmNvbTAKggguZXgzLmNvbTAKggguZXg0LmNvbTAKggguZXg1
 LmNvbTAKggguZXg2LmNvbTAKggguZXg3LmNvbTAKggguZXg4LmNvbTAKggguZXg5
 LmNvbTALggkuZXgxMC5jb20wC4IJLmV4MTEuY29tMAuCCS5leDEyLmNvbTALggku
@@ -48,11 +48,11 @@ MTUuY29tMAyCCi5leDExNi5jb20wDIIKLmV4MTE3LmNvbTAMggouZXgxMTguY29t
 MAyCCi5leDExOS5jb20wDIIKLmV4MTIwLmNvbTAMggouZXgxMjEuY29tMAyCCi5l
 eDEyMi5jb20wDIIKLmV4MTIzLmNvbTAMggouZXgxMjQuY29tMAyCCi5leDEyNS5j
 b20wDIIKLmV4MTI2LmNvbTAMggouZXgxMjcuY29tMAyCCi5leDEyOC5jb20wDIIK
-LmV4MTI5LmNvbTAMggouZXgxMzAuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCvchQQ
-uZ5TEwvxjK/qdHuyOJISaodU5kDalvZz8dyt28HuU+cVyof4D4IS1KwS3RtlPXXP
-EOWEzDVEGKKE3DeFyiNT7VZa4ImnXvleJj+GxhDJJ1OQY/DLZDuwtSgn684QPPzI
-HTJxjtQ8NEbFCa5dZc819CXsiz0YTKrDxOHysFPmroAKvjBUNiwCp/IIJOalIMIx
-loV0tsxD2gmLuvZfHOVyaM8TrX/iq1EYxcF/QRtcAHC8H2gDfgwEkVVfhGBPXc/D
-c/cT89HeX5N0lv4+VQaclVMB6viKjMmvIA7Xg8CMOURFUt909SoGFGLnRcBoSH3i
-UpV7rICJ6+OGc1KT
+LmV4MTI5LmNvbTAMggouZXgxMzAuY29tMB0GA1UdDgQWBBQnjmcRdMMmHT/tM2Oz
+pNgdMOXo1TANBgkqhkiG9w0BAQsFAAOCAQEAI9SAyCVbUW7h/vHpVveLUj0v1KTW
+HGr9sYNhTA/zO9VcboXiR79v/cUb4PJEhkDmQSBmO+2GIUNNpzB9/D3fxz47uqTo
+3rZoUuyWUJTgUirGoXwEDHqTrdlnLZQwC9ZPepDaBqMOscZ0XbJGEsnYtiOS90YE
+FvPEgJzFgJkDAU/1KR+10JE66xweL/NjUmrv7LDLzgZl0pMj08Hq3zzB0/JxSy5g
+6kGnX9ULJGKunPs1TiVGJebDZnYgPUuDNApb8ivOBZgo9a5MgY33IB0gpZBu6S60
+pLvW6WjEjalCwAjFekjwlhC3kOAMRMYJiEms9auUdrrpgyBtc0T4OxT0Lg==
 -----END CERTIFICATE-----
diff --git a/certs/test/digsigku.pem b/certs/test/digsigku.pem
index b83fdd3c0..9ba821617 100644
--- a/certs/test/digsigku.pem
+++ b/certs/test/digsigku.pem
@@ -6,8 +6,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA1
         Issuer: C = US, ST = Washington, L = Seattle, O = Foofarah, OU = Arglebargle, CN = foobarbaz, emailAddress = info@worlss.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Foofarah, OU = Arglebargle, CN = foobarbaz, emailAddress = info@worlss.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -27,22 +27,22 @@ Certificate:
                 keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
                 DirName:/C=US/ST=Washington/L=Seattle/O=Foofarah/OU=Arglebargle/CN=foobarbaz/emailAddress=info@worlss.com
                 serial:E3:81:4B:48:A5:70:61:70
-
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Non Repudiation, Key Encipherment
     Signature Algorithm: ecdsa-with-SHA1
-         30:45:02:20:21:e7:44:3e:5a:98:1a:49:25:db:d1:db:d3:fb:
-         2f:ec:4d:c6:2c:2f:92:f6:cd:7d:a3:b9:5c:25:93:9f:4d:83:
-         02:21:00:82:da:52:9f:37:0c:81:9e:26:9c:fb:da:6f:4f:84:
-         b8:5d:19:69:94:a2:08:68:ed:99:4e:51:9e:45:28:74:0c
+    Signature Value:
+        30:45:02:21:00:fe:c1:a2:dc:18:3a:70:73:7a:48:5b:68:cd:
+        70:25:04:23:51:21:98:35:c7:6b:ae:1a:73:4e:69:7c:25:09:
+        be:02:20:66:68:19:93:48:4f:0f:89:83:10:a2:cb:54:89:e9:
+        46:bf:9f:b2:e1:2b:c1:f4:b4:14:79:cc:bc:d6:eb:4c:1c
 -----BEGIN CERTIFICATE-----
 MIIDKDCCAs+gAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYD
 VQQKDAhGb29mYXJhaDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZv
-b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTIzMTIx
-MzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTI0MTIx
+ODIxMjUzMFoXDTI3MDkxNDIxMjUzMFowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhGb29mYXJh
 aDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZvb2JhcmJhejEeMBwG
 CSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D
@@ -53,6 +53,6 @@ MKGBl6SBlDCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAO
 BgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEZvb2ZhcmFoMRQwEgYDVQQLDAtBcmds
 ZWJhcmdsZTESMBAGA1UEAwwJZm9vYmFyYmF6MR4wHAYJKoZIhvcNAQkBFg9pbmZv
 QHdvcmxzcy5jb22CCQDjgUtIpXBhcDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIFYDAJBgcqhkjOPQQBA0gAMEUCICHnRD5amBpJJdvR29P7L+xNxiwvkvbN
-faO5XCWTn02DAiEAgtpSnzcMgZ4mnPvab0+EuF0ZaZSiCGjtmU5RnkUodAw=
+/wQEAwIFYDAJBgcqhkjOPQQBA0gAMEUCIQD+waLcGDpwc3pIW2jNcCUEI1EhmDXH
+a64ac05pfCUJvgIgZmgZk0hPD4mDEKLLVInpRr+fsuErwfS0FHnMvNbrTBw=
 -----END CERTIFICATE-----
diff --git a/certs/test/expired/expired-ca.pem b/certs/test/expired/expired-ca.pem
index 08f316b20..b50d94563 100644
--- a/certs/test/expired/expired-ca.pem
+++ b/certs/test/expired/expired-ca.pem
@@ -10,7 +10,7 @@ Certificate:
         Subject: CN = www.wolfssl.com, ST = Montana, C = US, emailAddress = info@wolfssl.com, OU = Engineering
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -32,21 +32,22 @@ Certificate:
                     36:79
                 Exponent: 65537 (0x10001)
     Signature Algorithm: sha256WithRSAEncryption
-         ab:8a:ab:ae:77:a2:61:62:01:54:51:95:7c:d5:6c:76:cb:fe:
-         ac:b8:cd:bc:ec:c4:75:71:16:62:59:67:02:ab:e2:fb:9c:74:
-         46:be:d9:08:8c:30:d1:0d:5c:c8:48:ff:6d:77:29:6d:c1:4c:
-         bc:90:44:e6:d9:aa:e8:c1:ae:b1:81:b2:58:50:b3:23:59:35:
-         c0:c3:e1:34:98:ef:68:86:fb:e9:9a:a1:63:41:54:cb:ab:73:
-         03:c3:1a:e9:5f:50:81:b8:a8:b8:05:14:7d:1e:fa:a2:2b:b8:
-         68:eb:c8:b0:b6:50:df:2b:96:c7:26:b9:ca:c9:41:e1:83:c5:
-         3e:06:11:56:a3:54:f5:e2:26:65:b9:7f:e4:5f:fb:49:ef:82:
-         7d:15:24:72:02:5b:2b:d7:c9:d4:dc:26:08:78:f2:c3:73:c6:
-         25:56:d1:30:99:39:09:43:5d:e6:e3:ca:f2:3f:68:13:13:d6:
-         d2:df:5f:05:5b:09:48:27:87:5a:60:eb:c2:ff:93:7d:5c:e0:
-         45:c4:85:21:d3:43:1d:c2:78:0d:e5:ff:2b:27:f0:e9:d4:a4:
-         40:02:5f:27:19:94:4b:ea:64:cc:e2:d6:04:e5:70:7a:01:a5:
-         6f:3f:3c:ce:3d:84:cf:fb:d9:80:c3:df:fb:44:2f:1e:2f:32:
-         e9:56:6b:5b
+    Signature Value:
+        ab:8a:ab:ae:77:a2:61:62:01:54:51:95:7c:d5:6c:76:cb:fe:
+        ac:b8:cd:bc:ec:c4:75:71:16:62:59:67:02:ab:e2:fb:9c:74:
+        46:be:d9:08:8c:30:d1:0d:5c:c8:48:ff:6d:77:29:6d:c1:4c:
+        bc:90:44:e6:d9:aa:e8:c1:ae:b1:81:b2:58:50:b3:23:59:35:
+        c0:c3:e1:34:98:ef:68:86:fb:e9:9a:a1:63:41:54:cb:ab:73:
+        03:c3:1a:e9:5f:50:81:b8:a8:b8:05:14:7d:1e:fa:a2:2b:b8:
+        68:eb:c8:b0:b6:50:df:2b:96:c7:26:b9:ca:c9:41:e1:83:c5:
+        3e:06:11:56:a3:54:f5:e2:26:65:b9:7f:e4:5f:fb:49:ef:82:
+        7d:15:24:72:02:5b:2b:d7:c9:d4:dc:26:08:78:f2:c3:73:c6:
+        25:56:d1:30:99:39:09:43:5d:e6:e3:ca:f2:3f:68:13:13:d6:
+        d2:df:5f:05:5b:09:48:27:87:5a:60:eb:c2:ff:93:7d:5c:e0:
+        45:c4:85:21:d3:43:1d:c2:78:0d:e5:ff:2b:27:f0:e9:d4:a4:
+        40:02:5f:27:19:94:4b:ea:64:cc:e2:d6:04:e5:70:7a:01:a5:
+        6f:3f:3c:ce:3d:84:cf:fb:d9:80:c3:df:fb:44:2f:1e:2f:32:
+        e9:56:6b:5b
 -----BEGIN CERTIFICATE-----
 MIIDVTCCAj0CAhAAMA0GCSqGSIb3DQEBCwUAMHAxGDAWBgNVBAMMD3d3dy53b2xm
 c3NsLmNvbTEQMA4GA1UECAwHTW9udGFuYTELMAkGA1UEBhMCVVMxHzAdBgkqhkiG
diff --git a/certs/test/expired/expired-cert.pem b/certs/test/expired/expired-cert.pem
index 9fc58c764..d68182f60 100644
--- a/certs/test/expired/expired-cert.pem
+++ b/certs/test/expired/expired-cert.pem
@@ -10,7 +10,7 @@ Certificate:
         Subject: CN = www.wolfssl.com, ST = Montana, C = US, emailAddress = info@wolfssl.com, OU = Engineering
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -32,21 +32,22 @@ Certificate:
                     ad:d7
                 Exponent: 65537 (0x10001)
     Signature Algorithm: sha256WithRSAEncryption
-         71:a7:78:76:da:ba:98:0f:3d:21:cd:42:76:fe:b9:e3:b9:2e:
-         49:a6:8c:31:de:6e:4b:b4:b4:e2:d8:a7:d3:ee:1c:fe:c9:92:
-         e2:e1:e2:ef:b2:a7:7f:a8:ba:4b:e2:aa:16:e5:ab:5d:e6:28:
-         35:cc:1b:8b:8d:b0:86:07:c8:21:8e:90:a6:86:2c:05:23:d9:
-         a0:4b:bf:8a:81:f0:0f:33:73:af:40:e8:84:dc:bb:dd:af:e4:
-         6e:c0:30:d1:60:5c:c2:1e:af:7d:82:16:b7:e5:ad:74:6c:9e:
-         ff:71:23:2c:70:ac:51:5f:7d:dc:39:90:44:f2:69:b7:84:0b:
-         65:4e:4f:0c:8a:ff:0a:6e:9c:56:cd:87:0b:5e:49:7b:eb:25:
-         e1:e9:1c:ac:73:e4:bd:d0:6f:e0:d8:77:dd:54:df:a5:16:64:
-         ab:82:0e:c7:ae:fd:1c:cb:22:f2:e3:f3:81:54:7a:26:0e:98:
-         f4:dc:bb:9c:a1:b8:47:e9:fc:d4:6e:84:51:9d:0e:fa:b2:d5:
-         9a:76:6f:f0:30:39:4e:39:cd:84:78:29:4f:d5:7b:eb:06:f2:
-         37:ee:3c:c1:8b:3c:b5:21:12:e8:ed:67:a0:98:d6:13:3f:14:
-         70:5e:09:67:de:d1:82:8b:88:50:57:d0:fb:fc:d7:64:14:99:
-         12:71:61:2f
+    Signature Value:
+        71:a7:78:76:da:ba:98:0f:3d:21:cd:42:76:fe:b9:e3:b9:2e:
+        49:a6:8c:31:de:6e:4b:b4:b4:e2:d8:a7:d3:ee:1c:fe:c9:92:
+        e2:e1:e2:ef:b2:a7:7f:a8:ba:4b:e2:aa:16:e5:ab:5d:e6:28:
+        35:cc:1b:8b:8d:b0:86:07:c8:21:8e:90:a6:86:2c:05:23:d9:
+        a0:4b:bf:8a:81:f0:0f:33:73:af:40:e8:84:dc:bb:dd:af:e4:
+        6e:c0:30:d1:60:5c:c2:1e:af:7d:82:16:b7:e5:ad:74:6c:9e:
+        ff:71:23:2c:70:ac:51:5f:7d:dc:39:90:44:f2:69:b7:84:0b:
+        65:4e:4f:0c:8a:ff:0a:6e:9c:56:cd:87:0b:5e:49:7b:eb:25:
+        e1:e9:1c:ac:73:e4:bd:d0:6f:e0:d8:77:dd:54:df:a5:16:64:
+        ab:82:0e:c7:ae:fd:1c:cb:22:f2:e3:f3:81:54:7a:26:0e:98:
+        f4:dc:bb:9c:a1:b8:47:e9:fc:d4:6e:84:51:9d:0e:fa:b2:d5:
+        9a:76:6f:f0:30:39:4e:39:cd:84:78:29:4f:d5:7b:eb:06:f2:
+        37:ee:3c:c1:8b:3c:b5:21:12:e8:ed:67:a0:98:d6:13:3f:14:
+        70:5e:09:67:de:d1:82:8b:88:50:57:d0:fb:fc:d7:64:14:99:
+        12:71:61:2f
 -----BEGIN CERTIFICATE-----
 MIIDVTCCAj0CAhAAMA0GCSqGSIb3DQEBCwUAMHAxGDAWBgNVBAMMD3d3dy53b2xm
 c3NsLmNvbTEQMA4GA1UECAwHTW9udGFuYTELMAkGA1UEBhMCVVMxHzAdBgkqhkiG
diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh
index 264408942..7564bb358 100755
--- a/certs/test/gen-testcerts.sh
+++ b/certs/test/gen-testcerts.sh
@@ -36,9 +36,7 @@ build_test_cert_conf() {
     echo "prompt = no"                                  >> "$1".conf
     echo "default_bits        = 2048"                   >> "$1".conf
     echo "distinguished_name  = req_distinguished_name" >> "$1".conf
-    if [ -n "$3" ]; then
-        echo "req_extensions      = req_ext"            >> "$1".conf
-    fi
+    echo "req_extensions      = req_ext"                >> "$1".conf
     if [ -n "$4" ]; then
         echo "basicConstraints=CA:true,pathlen:0"       >> "$1".conf
         echo ""                                         >> "$1".conf
@@ -52,8 +50,8 @@ build_test_cert_conf() {
     echo "CN = $2"                                      >> "$1".conf
     echo "emailAddress = info@wolfssl.com"              >> "$1".conf
     echo ""                                             >> "$1".conf
+    echo "[ req_ext ]"                                  >> "$1".conf
     if [ -n "$3" ]; then
-        echo "[ req_ext ]"                              >> "$1".conf
         case "$3" in
             *DER*)
                echo "subjectAltName = $3"               >> "$1".conf
@@ -64,6 +62,8 @@ build_test_cert_conf() {
                echo "DNS.1 = $3"                        >> "$1".conf
                ;;
         esac
+    else
+        echo "subjectKeyIdentifier = hash"              >> "$1".conf
     fi
 }
 
@@ -85,15 +85,9 @@ generate_test_cert() {
     check_result $?
 
     echo "step 4 create cert"
-    if [ "$3" = "" ]; then
-        openssl x509 -req -days 1000 -sha256 \
-                     -in "$1".csr -signkey ../server-key.pem \
-                     -out "$1".pem -extfile "$1".conf
-    else
-        openssl x509 -req -days 1000 -sha256 \
-                     -in "$1".csr -signkey ../server-key.pem \
-                     -out "$1".pem -extensions req_ext -extfile "$1".conf
-    fi
+    openssl x509 -req -days 1000 -sha256 \
+                 -in "$1".csr -signkey ../server-key.pem \
+                 -out "$1".pem -extensions req_ext -extfile "$1".conf
     check_result $?
     rm "$1".conf
     rm "$1".csr
@@ -126,6 +120,31 @@ generate_test_cert() {
     check_result $?
 }
 
+generate_test_trusted_cert() {
+    rm "$1".der
+    rm "$1".pem
+
+    echo "step 1 create configuration"
+    build_test_cert_conf "$1" "$2" "$3"
+    check_result $?
+
+    echo "step 2 create csr"
+    openssl req -new -sha256 -out "$1".csr -key ../server-key.pem -config "$1".conf
+    check_result $?
+
+    echo "step 3 check csr"
+    openssl req -text -noout -in "$1".csr -config "$1".conf
+    check_result $?
+
+    echo "step 4 create cert"
+    openssl x509 -req -days 1000 -sha256 \
+                 -in "$1".csr -signkey ../server-key.pem \
+                 -out "$1".pem -extensions req_ext -addtrust serverAuth -trustout -extfile "$1".conf
+    check_result $?
+    rm "$1".conf
+    rm "$1".csr
+}
+
 generate_expired_certs() {
     rm "$1".der
     rm "$1".pem
@@ -206,3 +225,6 @@ generate_test_cert server-garbage localhost garbage
 # Generate Expired Certificates
 generate_expired_certs expired/expired-ca ../ca-key.pem 1
 generate_expired_certs expired/expired-cert ../server-key.pem
+
+
+generate_test_trusted_cert ossl-trusted-cert localhost "" 1
diff --git a/certs/test/include.am b/certs/test/include.am
index 59569c92c..c69ec42b8 100644
--- a/certs/test/include.am
+++ b/certs/test/include.am
@@ -67,6 +67,7 @@ EXTRA_DIST += \
          certs/test/server-badaltname.pem \
          certs/test/server-localhost.der \
          certs/test/server-localhost.pem \
+         certs/test/ossl-trusted-cert.pem \
          certs/test/ktri-keyid-cms.msg \
          certs/test/smime-test.p7s \
          certs/test/smime-test-canon.p7s \
diff --git a/certs/test/ktri-keyid-cms.msg b/certs/test/ktri-keyid-cms.msg
index 85b22ad2a..ba68571f7 100644
Binary files a/certs/test/ktri-keyid-cms.msg and b/certs/test/ktri-keyid-cms.msg differ
diff --git a/certs/test/ossl-trusted-cert.pem b/certs/test/ossl-trusted-cert.pem
new file mode 100644
index 000000000..e8e2ea1b7
--- /dev/null
+++ b/certs/test/ossl-trusted-cert.pem
@@ -0,0 +1,29 @@
+-----BEGIN TRUSTED CERTIFICATE-----
+MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjUwMTMw
+MjE0NTQ2WhcNMjcxMDI3MjE0NTQ2WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
+BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
+f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
+GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
+QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
+0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
+6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW
+BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
+M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
+bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
+DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFACr6s+Ce0259tiQB3+gnZ7kb6T9MAwG
+A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBqX+1+
+o2hLg3bT22ktzzG7y1Xu+7ZymPHCf7c2inTuFQq8epdbQ4RHwlk9/y8T52CM063y
+DJPPzXBYiGFwLo7Eff3pOCxsGRCGZZm5Yj/oCgN2dEywDPoOf6J+PBz589obsYU6
+d2QqcnhghWK6pM+9OdR5idtv4tOpnPEpehMJE14Oxg36nNDobn2rqKgSrvd1xbEh
+SnNwN6ZYwlLHCj+uGEEIFiLfZFisaEqmQlXA1THIUJMMypiwJ9snSXzZN6g+Ssw7
+AG+1kSbrbpnuECTBO4GBoJ7qcnhqPe1fbP/atwb7hh4RiHKXEVVQv96fu6BZ3cHH
+rb8OQ3qAW+juUlxaMAwwCgYIKwYBBQUHAwE=
+-----END TRUSTED CERTIFICATE-----
diff --git a/certs/test/server-badaltname.der b/certs/test/server-badaltname.der
index f7181161f..6c3b272d2 100644
Binary files a/certs/test/server-badaltname.der and b/certs/test/server-badaltname.der differ
diff --git a/certs/test/server-badaltname.pem b/certs/test/server-badaltname.pem
index dbd2d157a..eae252bec 100644
--- a/certs/test/server-badaltname.pem
+++ b/certs/test/server-badaltname.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            76:31:fe:b4:f4:ed:14:f1:b8:24:69:74:77:72:59:ce:c1:61:05:a0
+            2a:28:73:f4:22:96:4c:a2:52:a0:5f:54:72:35:38:8c:f7:49:98:9b
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -35,28 +35,31 @@ Certificate:
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
                 DNS:www.nomatch.com
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         3c:65:49:0e:32:4f:66:4b:ab:7d:a1:10:d4:ac:1f:8f:ed:70:
-         a5:62:eb:83:90:26:30:9a:2b:3e:fd:6c:d0:5d:ae:ac:3f:96:
-         89:76:31:8a:72:ab:c7:f7:25:a4:f5:d5:87:47:ec:71:d8:04:
-         a1:32:56:a0:b1:60:11:e8:11:3e:97:87:1f:d8:39:03:e1:22:
-         91:01:bd:ec:38:f3:26:d9:d0:0a:67:99:c2:c4:06:89:5a:45:
-         d9:cb:49:ba:df:ee:f3:a9:11:0b:7b:89:7d:e4:e1:78:c7:60:
-         ed:d6:66:4e:54:9a:9b:07:f8:f8:cb:86:bd:1a:5a:56:ae:9e:
-         89:74:01:d0:a8:47:c5:be:22:b1:a1:0c:d1:5e:cb:0a:df:46:
-         8f:f6:ed:2c:a0:fa:24:41:92:f5:eb:28:e6:5e:a1:04:c2:b2:
-         51:f0:55:78:fc:e0:52:e7:ac:dd:ff:59:f0:36:d7:d0:c3:b7:
-         0e:b4:d9:8d:cb:df:23:28:aa:df:bd:07:e9:65:24:76:10:28:
-         09:43:7a:be:20:2d:e3:3c:0d:4a:18:e0:b4:15:c9:be:d7:bf:
-         b5:46:ae:92:94:c2:b6:c1:b4:26:9d:0a:ef:17:0e:dd:c4:25:
-         44:78:a8:e2:08:b9:65:3d:05:de:54:17:c9:74:71:f9:c8:bb:
-         66:4e:c9:85
+    Signature Value:
+        a0:80:d8:92:67:d6:c0:f0:21:39:cd:e9:66:56:bd:ce:76:95:
+        41:99:ca:4f:ed:5a:1f:c4:74:87:27:67:56:a6:15:39:65:2d:
+        1c:d7:04:99:2c:05:cf:b0:73:8a:19:63:5c:17:f6:07:e0:fd:
+        6d:35:bf:1e:99:7e:3b:7a:32:36:9f:df:cd:c0:1b:cb:95:57:
+        bb:d0:3a:5a:7b:ec:d5:1c:fc:72:64:05:c9:ae:1a:f3:77:1a:
+        04:c7:c5:b8:a8:d2:9e:8f:6c:40:50:af:d1:2a:07:23:5a:eb:
+        50:29:e7:48:27:9d:f5:d3:6c:1e:c8:21:e1:04:0c:0c:0e:95:
+        67:8c:9d:8c:c4:a5:be:50:fc:d6:76:12:cf:6d:fb:32:45:f5:
+        75:97:50:21:cd:57:c3:9c:20:18:38:a1:92:9e:2e:36:02:10:
+        c2:c3:a5:52:32:7e:d1:b6:98:86:d2:5b:63:b7:ef:0f:12:c4:
+        96:92:a7:ca:41:42:c0:dd:24:f5:e1:9f:68:bc:fc:ae:23:98:
+        0e:93:7b:52:ad:ff:e4:f4:45:af:9f:7b:5d:db:0b:60:fa:56:
+        62:3d:71:a2:52:59:51:87:4a:55:f6:bb:fb:04:bd:e1:3b:48:
+        a4:20:37:40:03:f6:56:6e:22:af:c9:89:3a:a7:d0:b4:80:e9:
+        4b:9c:e0:84
 -----BEGIN CERTIFICATE-----
-MIIDsjCCApqgAwIBAgIUdjH+tPTtFPG4JGl0d3JZzsFhBaAwDQYJKoZIhvcNAQEL
+MIID0TCCArmgAwIBAgIUKihz9CKWTKJSoF9UcjU4jPdJmJswDQYJKoZIhvcNAQEL
 BQAwgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3Lm5vbWF0
-Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIzMTEyM1oXDTI3MDkxNDIzMTEyM1owgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd3d3Lm5vbWF0Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI
@@ -65,11 +68,12 @@ j+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+t
 Q7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem
 8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDB
 Y3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE
-4eZhg8XSlt/Z0E+t1wIDAQABox4wHDAaBgNVHREEEzARgg93d3cubm9tYXRjaC5j
-b20wDQYJKoZIhvcNAQELBQADggEBADxlSQ4yT2ZLq32hENSsH4/tcKVi64OQJjCa
-Kz79bNBdrqw/lol2MYpyq8f3JaT11YdH7HHYBKEyVqCxYBHoET6Xhx/YOQPhIpEB
-vew48ybZ0ApnmcLEBolaRdnLSbrf7vOpEQt7iX3k4XjHYO3WZk5UmpsH+PjLhr0a
-Wlaunol0AdCoR8W+IrGhDNFeywrfRo/27Syg+iRBkvXrKOZeoQTCslHwVXj84FLn
-rN3/WfA219DDtw602Y3L3yMoqt+9B+llJHYQKAlDer4gLeM8DUoY4LQVyb7Xv7VG
-rpKUwrbBtCadCu8XDt3EJUR4qOIIuWU9Bd5UF8l0cfnIu2ZOyYU=
+4eZhg8XSlt/Z0E+t1wIDAQABoz0wOzAaBgNVHREEEzARgg93d3cubm9tYXRjaC5j
+b20wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MA0GCSqGSIb3DQEBCwUA
+A4IBAQCggNiSZ9bA8CE5zelmVr3OdpVBmcpP7VofxHSHJ2dWphU5ZS0c1wSZLAXP
+sHOKGWNcF/YH4P1tNb8emX47ejI2n9/NwBvLlVe70Dpae+zVHPxyZAXJrhrzdxoE
+x8W4qNKej2xAUK/RKgcjWutQKedIJ53102weyCHhBAwMDpVnjJ2MxKW+UPzWdhLP
+bfsyRfV1l1AhzVfDnCAYOKGSni42AhDCw6VSMn7RtpiG0ltjt+8PEsSWkqfKQULA
+3ST14Z9ovPyuI5gOk3tSrf/k9EWvn3td2wtg+lZiPXGiUllRh0pV9rv7BL3hO0ik
+IDdAA/ZWbiKvyYk6p9C0gOlLnOCE
 -----END CERTIFICATE-----
diff --git a/certs/test/server-badaltnull.der b/certs/test/server-badaltnull.der
index d34ca7e97..d7b1e3192 100644
Binary files a/certs/test/server-badaltnull.der and b/certs/test/server-badaltnull.der differ
diff --git a/certs/test/server-badaltnull.pem b/certs/test/server-badaltnull.pem
index 530b307d8..121f47292 100644
--- a/certs/test/server-badaltnull.pem
+++ b/certs/test/server-badaltnull.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            75:94:fd:49:d7:c1:2b:ca:02:75:4d:37:61:ca:48:1b:60:40:bc:e2
+            5b:6e:37:ff:6f:59:9b:23:63:13:8f:d2:c3:a7:c6:8a:6a:14:92:31
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -35,28 +35,31 @@ Certificate:
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
                 0
..localhost.h
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         9c:a2:c0:49:d7:4b:a2:cf:6d:83:b7:06:a0:b2:60:4e:a3:ca:
-         57:8e:0f:8f:65:0a:e5:3b:12:8f:06:5e:f7:7c:4c:22:09:8e:
-         88:a9:34:c4:ed:5a:01:45:8e:c6:06:bc:f9:41:96:6f:dc:7c:
-         3e:5b:b9:19:ff:77:f1:49:a1:84:e9:11:8a:d2:d7:6c:13:53:
-         cd:48:61:7d:a4:0b:30:e9:62:32:f5:01:a4:27:5c:3b:d1:cf:
-         cb:cb:c6:8d:2d:9d:3f:89:46:13:4f:2c:5b:4c:a8:ab:7d:23:
-         a5:98:9f:ad:ba:fc:2c:4b:44:17:3d:99:8d:7a:53:21:f7:8f:
-         25:d8:84:ba:41:c2:c9:0f:24:d7:06:6e:cc:93:f7:13:f3:21:
-         64:05:b0:82:96:44:d0:1d:dd:e0:5c:d1:32:f2:55:08:25:05:
-         2a:23:d6:ae:bc:e5:29:8d:13:06:1d:d0:cc:9e:b0:04:c2:1c:
-         3e:c5:6d:60:6b:d8:25:d8:23:0a:8c:f9:74:7a:e5:5b:21:b6:
-         b5:74:de:c9:34:2d:75:c5:01:41:47:c6:76:08:8c:21:59:4f:
-         4d:9b:16:05:c1:43:15:a2:17:b2:ab:70:6a:51:18:3f:c9:ac:
-         48:16:a1:23:38:e2:90:ea:ac:df:5a:b5:7f:ed:be:9b:42:a5:
-         e2:2b:5c:c7
+    Signature Value:
+        7b:28:fc:26:31:e7:6f:e7:da:82:ea:7e:e8:f4:f6:f4:23:fb:
+        c8:97:e9:c8:f2:25:50:f6:02:90:4c:ad:df:5d:9b:0e:02:e8:
+        93:94:30:88:0b:09:7d:fd:0f:90:2b:d1:06:b0:4f:96:1a:9e:
+        ca:1e:3b:13:97:96:3f:fe:b4:d7:73:bc:c3:ad:c3:31:90:c9:
+        85:87:63:1a:75:29:74:b5:3c:79:a7:5f:b8:83:16:98:03:a8:
+        9e:09:9c:91:97:67:78:ba:6b:96:f6:fa:fc:56:81:bc:3d:3e:
+        47:5f:01:c4:ad:e1:8d:65:24:ca:31:37:49:d0:cf:8e:cc:9e:
+        c6:3f:3e:b7:98:62:0c:6c:f0:01:8f:03:0b:79:06:69:1c:52:
+        7d:01:80:4e:09:b1:fb:80:64:19:76:bd:42:be:bf:59:85:e5:
+        70:88:a9:8d:19:19:e1:64:54:ed:71:1e:08:04:cf:64:23:e7:
+        6e:23:d1:5d:cc:46:3c:c2:00:14:dc:84:91:b5:bc:ae:e4:a1:
+        d0:f5:92:3f:9c:eb:28:02:cd:ca:e8:90:cd:68:41:20:a3:ed:
+        d3:73:99:ac:74:da:91:21:79:ca:5f:8d:d7:93:b6:14:66:8b:
+        f4:0f:bd:17:fd:9c:d6:40:e0:52:42:26:dd:45:f3:f5:7b:53:
+        14:7f:a5:08
 -----BEGIN CERTIFICATE-----
-MIIDrjCCApagAwIBAgIUdZT9SdfBK8oCdU03YcpIG2BAvOIwDQYJKoZIhvcNAQEL
+MIIDzTCCArWgAwIBAgIUW243/29ZmyNjE4/Sw6fGimoUkjEwDQYJKoZIhvcNAQEL
 BQAwgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3Lm5vbWF0
-Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIzMTEyM1oXDTI3MDkxNDIzMTEyM1owgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd3d3Lm5vbWF0Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI
@@ -65,11 +68,12 @@ j+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+t
 Q7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem
 8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDB
 Y3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE
-4eZhg8XSlt/Z0E+t1wIDAQABoxowGDAWBgNVHREEDzANggtsb2NhbGhvc3QAaDAN
-BgkqhkiG9w0BAQsFAAOCAQEAnKLASddLos9tg7cGoLJgTqPKV44Pj2UK5TsSjwZe
-93xMIgmOiKk0xO1aAUWOxga8+UGWb9x8Plu5Gf938UmhhOkRitLXbBNTzUhhfaQL
-MOliMvUBpCdcO9HPy8vGjS2dP4lGE08sW0yoq30jpZifrbr8LEtEFz2ZjXpTIfeP
-JdiEukHCyQ8k1wZuzJP3E/MhZAWwgpZE0B3d4FzRMvJVCCUFKiPWrrzlKY0TBh3Q
-zJ6wBMIcPsVtYGvYJdgjCoz5dHrlWyG2tXTeyTQtdcUBQUfGdgiMIVlPTZsWBcFD
-FaIXsqtwalEYP8msSBahIzjikOqs31q1f+2+m0Kl4itcxw==
+4eZhg8XSlt/Z0E+t1wIDAQABozkwNzAWBgNVHREEDzANggtsb2NhbGhvc3QAaDAd
+BgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwDQYJKoZIhvcNAQELBQADggEB
+AHso/CYx52/n2oLqfuj09vQj+8iX6cjyJVD2ApBMrd9dmw4C6JOUMIgLCX39D5Ar
+0QawT5YansoeOxOXlj/+tNdzvMOtwzGQyYWHYxp1KXS1PHmnX7iDFpgDqJ4JnJGX
+Z3i6a5b2+vxWgbw9PkdfAcSt4Y1lJMoxN0nQz47MnsY/PreYYgxs8AGPAwt5Bmkc
+Un0BgE4JsfuAZBl2vUK+v1mF5XCIqY0ZGeFkVO1xHggEz2Qj524j0V3MRjzCABTc
+hJG1vK7kodD1kj+c6ygCzcrokM1oQSCj7dNzmax02pEhecpfjdeTthRmi/QPvRf9
+nNZA4FJCJt1F8/V7UxR/pQg=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-badcn.der b/certs/test/server-badcn.der
index a707a5f0f..4aeb08c78 100644
Binary files a/certs/test/server-badcn.der and b/certs/test/server-badcn.der differ
diff --git a/certs/test/server-badcn.pem b/certs/test/server-badcn.pem
index ad42bb9aa..24be9f5ad 100644
--- a/certs/test/server-badcn.pem
+++ b/certs/test/server-badcn.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:9d:a3:77:36:7a:b9:40:c0:3f:62:ae:d7:80:c0:a4:88:f9:82:5f
+            5e:0c:68:fc:ee:45:c3:c4:93:92:92:1b:f0:6e:45:c8:a0:bd:e7:d2
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -32,28 +32,32 @@ Certificate:
                     a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
                     ad:d7
                 Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         2f:03:d9:42:ae:10:f3:4b:42:c1:9d:6a:aa:09:da:f1:55:8a:
-         0b:76:ce:51:d5:16:95:24:49:ac:14:1b:f6:b4:81:bd:c4:2b:
-         9c:f2:34:8b:a5:18:a6:00:82:70:00:c1:8f:26:90:da:70:70:
-         60:bf:c8:98:d2:d1:c7:86:fd:68:60:f2:54:46:e5:e0:d9:58:
-         c4:85:01:32:b1:02:43:06:61:f5:61:3f:fd:80:b0:75:2c:3a:
-         50:d8:c9:11:6e:36:17:8e:e0:a6:3f:b1:bd:17:96:31:c9:04:
-         e9:53:84:6a:e6:bc:c3:82:1a:fc:8f:63:e9:68:c9:b3:ed:61:
-         8d:08:a2:9d:c8:4e:57:09:50:2c:16:6f:9a:c7:31:cc:6c:fd:
-         3c:37:01:06:f1:c7:98:e6:c5:ee:cb:3e:6f:6b:20:bc:dc:64:
-         17:2e:d7:5b:95:2a:18:e5:ab:4c:5e:97:1c:e5:7d:e5:72:cd:
-         fe:b6:6d:9b:36:c6:4b:70:dc:97:5f:49:31:93:1b:2b:ca:d1:
-         c8:12:24:31:c2:78:50:bf:aa:28:e6:42:78:ae:e1:08:7a:64:
-         da:46:89:d6:07:4a:cb:51:36:69:11:6c:a9:61:fc:b1:03:21:
-         c2:82:6a:15:d7:98:58:1c:40:55:08:e0:32:9e:05:78:c6:a0:
-         b8:d9:11:2f
+    Signature Value:
+        81:71:e5:13:96:ab:99:46:c2:9e:8b:7c:b1:1c:96:08:f0:39:
+        fd:ad:85:ef:6f:54:60:6c:d4:ec:b4:65:69:3e:37:e3:c3:37:
+        ea:22:b8:79:ae:ba:b3:c4:29:8d:87:84:93:f4:74:81:7d:e6:
+        1d:2d:ee:37:86:4c:f2:a2:e8:b5:a7:ad:e4:c3:43:fa:9e:ff:
+        2b:d8:48:22:05:6c:e3:56:49:47:27:f6:3f:bb:45:5f:a2:25:
+        bc:24:3c:c6:16:57:3d:db:98:56:5c:47:a5:f7:ad:ee:0b:94:
+        f1:b8:5c:6a:5e:69:fc:a4:2e:b3:24:21:13:2b:0d:25:1b:2a:
+        ba:bb:e8:00:d2:80:59:e6:1f:01:f5:62:9d:70:84:04:dd:f2:
+        5f:ab:c0:6c:f8:75:37:e1:a4:14:df:ac:9c:ff:63:bd:70:92:
+        4a:c1:dd:2e:79:05:40:94:c4:92:2b:33:5d:aa:00:0f:d9:a1:
+        aa:48:79:4a:8b:c3:54:c4:cc:63:e6:4d:d6:cd:80:b2:77:6a:
+        63:16:6d:3b:47:63:e9:3d:41:e1:d2:d0:41:00:83:20:35:c6:
+        7d:36:5f:62:bf:a9:a1:a7:bf:c2:b4:44:9f:3c:f3:33:28:47:
+        01:bc:be:fb:4b:9c:81:4a:f8:81:b9:6f:cc:a4:81:95:79:24:
+        e7:06:6b:8e
 -----BEGIN CERTIFICATE-----
-MIIDkjCCAnqgAwIBAgIUM52jdzZ6uUDAP2Ku14DApIj5gl8wDQYJKoZIhvcNAQEL
+MIIDtTCCAp2gAwIBAgIUXgxo/O5Fw8STkpIb8G5FyKC959IwDQYJKoZIhvcNAQEL
 BQAwgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3Lm5vbWF0
-Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIzMTEyM1oXDTI3MDkxNDIzMTEyM1owgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd3d3Lm5vbWF0Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI
@@ -62,11 +66,11 @@ j+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+t
 Q7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem
 8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDB
 Y3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE
-4eZhg8XSlt/Z0E+t1wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAvA9lCrhDzS0LB
-nWqqCdrxVYoLds5R1RaVJEmsFBv2tIG9xCuc8jSLpRimAIJwAMGPJpDacHBgv8iY
-0tHHhv1oYPJURuXg2VjEhQEysQJDBmH1YT/9gLB1LDpQ2MkRbjYXjuCmP7G9F5Yx
-yQTpU4Rq5rzDghr8j2PpaMmz7WGNCKKdyE5XCVAsFm+axzHMbP08NwEG8ceY5sXu
-yz5vayC83GQXLtdblSoY5atMXpcc5X3lcs3+tm2bNsZLcNyXX0kxkxsrytHIEiQx
-wnhQv6oo5kJ4ruEIemTaRonWB0rLUTZpEWypYfyxAyHCgmoV15hYHEBVCOAyngV4
-xqC42REv
+4eZhg8XSlt/Z0E+t1wIDAQABoyEwHzAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNC
+yh8OjjwwDQYJKoZIhvcNAQELBQADggEBAIFx5ROWq5lGwp6LfLEclgjwOf2the9v
+VGBs1Oy0ZWk+N+PDN+oiuHmuurPEKY2HhJP0dIF95h0t7jeGTPKi6LWnreTDQ/qe
+/yvYSCIFbONWSUcn9j+7RV+iJbwkPMYWVz3bmFZcR6X3re4LlPG4XGpeafykLrMk
+IRMrDSUbKrq76ADSgFnmHwH1Yp1whATd8l+rwGz4dTfhpBTfrJz/Y71wkkrB3S55
+BUCUxJIrM12qAA/ZoapIeUqLw1TEzGPmTdbNgLJ3amMWbTtHY+k9QeHS0EEAgyA1
+xn02X2K/qaGnv8K0RJ888zMoRwG8vvtLnIFK+IG5b8ykgZV5JOcGa44=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-badcnnull.der b/certs/test/server-badcnnull.der
index bd1524f6f..c493efb53 100644
Binary files a/certs/test/server-badcnnull.der and b/certs/test/server-badcnnull.der differ
diff --git a/certs/test/server-badcnnull.pem b/certs/test/server-badcnnull.pem
index ed89ce736..8f35c0aa3 100644
--- a/certs/test/server-badcnnull.pem
+++ b/certs/test/server-badcnnull.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            29:9c:4e:32:2d:67:08:52:16:03:ba:4f:eb:47:e3:a2:ef:55:06:15
+            17:94:c2:a9:62:50:9d:86:e1:29:9f:9b:fc:aa:fd:1c:ea:5f:d9:d2
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -32,29 +32,33 @@ Certificate:
                     a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
                     ad:d7
                 Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         b7:a0:3f:bf:60:6d:0e:49:aa:e4:a8:00:b6:7d:d5:15:58:60:
-         5d:cb:40:70:46:04:6c:e3:6d:04:b0:2a:eb:e2:64:b3:4f:a6:
-         47:ae:22:c8:41:a1:cc:01:0c:1a:b2:6f:d2:e5:cf:b8:ac:c7:
-         3c:a8:04:0d:7e:53:c5:9f:ec:f6:26:1e:d7:ed:6d:44:a5:8f:
-         64:7b:bd:f4:19:fd:70:d5:39:7a:d9:22:72:2d:ec:09:0d:61:
-         e9:1f:3d:61:70:13:1c:d6:34:44:1d:04:a7:2c:96:08:0b:e6:
-         63:e5:02:e6:95:d3:49:75:a9:e2:d0:e4:6e:9c:87:17:3a:30:
-         d4:dd:16:58:f8:cc:39:ff:a4:2d:3f:26:bf:40:92:6e:b2:b6:
-         6d:03:d8:68:a2:4a:3d:cf:b9:00:93:58:54:5a:ef:ea:6d:28:
-         c3:8c:c1:0e:60:5a:8c:df:5d:d5:0b:cb:b5:e5:6c:57:7a:b6:
-         ac:8c:64:67:f4:68:8d:73:50:41:11:6c:14:b6:65:7d:57:ff:
-         27:b5:f3:5e:7e:d4:07:29:49:6b:0c:aa:ed:b2:aa:32:a3:b4:
-         78:bc:2d:18:6f:a6:fa:ea:b2:c8:a4:a3:f2:cc:da:43:9c:eb:
-         92:ea:7a:1a:8f:4b:ed:87:eb:f6:80:ea:6a:de:d7:ac:0e:9e:
-         47:2d:37:30
+    Signature Value:
+        17:68:5d:de:f1:0e:17:a5:79:89:e1:75:ec:32:c7:91:92:19:
+        80:57:05:c7:ed:0d:ee:ba:62:79:d0:16:0e:68:82:69:65:c9:
+        f3:a7:d0:cc:88:8b:29:62:cd:b5:ba:ae:7b:9f:50:8f:5e:97:
+        94:ce:9c:b4:20:6c:0c:e7:8f:0a:b6:fd:42:36:a3:9f:da:c6:
+        ee:d4:0a:2b:ea:60:06:5f:1d:f2:e9:33:87:51:44:a2:15:c2:
+        8f:32:82:ef:ff:24:e5:8f:e7:23:98:1c:5c:22:c4:d7:27:12:
+        33:8e:ad:77:5b:35:d4:87:6e:c3:92:1b:df:a6:b3:df:66:16:
+        e0:d6:85:42:78:eb:b4:1a:0d:56:89:a5:e7:d4:db:b0:23:48:
+        c8:5f:a3:a7:c0:cc:46:40:96:3d:be:bb:b9:10:03:46:2d:67:
+        c8:e7:f1:6b:25:f3:ae:57:3d:dc:c8:06:1b:d3:8d:97:35:c1:
+        07:b9:0e:c1:26:a1:30:71:90:e8:79:84:8a:c6:36:8f:36:cc:
+        a5:0a:12:90:dd:19:a2:cc:e2:d6:c5:7d:53:b2:a5:86:fd:b8:
+        8f:bd:5f:6c:59:49:5a:ef:8b:d6:ac:d3:cc:ae:d7:6b:6a:fc:
+        f1:df:17:48:c0:11:42:a1:29:5e:3f:57:ed:2d:c1:b9:09:b5:
+        6e:dc:3f:3f
 -----BEGIN CERTIFICATE-----
-MIID1DCCArygAwIBAgIUKZxOMi1nCFIWA7pP60fjou9VBhUwDQYJKoZIhvcNAQEL
+MIID9zCCAt+gAwIBAgIUF5TCqWJQnYbhKZ+b/Kr9HOpf2dIwDQYJKoZIhvcNAQEL
 BQAwgaMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzE5MDcGA1UEAwwwREVSOjMwOjBk
 OjgyOjBiOjZjOjZmOjYzOjYxOjZjOjY4OjZmOjczOjc0OjAwOjY4MR8wHQYJKoZI
-hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOVoXDTI2MDkw
-ODIyMTkyOVowgaMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYD
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIxODIzMTEyM1oXDTI3MDkx
+NDIzMTEyM1owgaMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYD
 VQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzE5MDcGA1UEAwwwREVS
 OjMwOjBkOjgyOjBiOjZjOjZmOjYzOjYxOjZjOjY4OjZmOjczOjc0OjAwOjY4MR8w
 HQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEF
@@ -63,11 +67,12 @@ fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwb
 U7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEu
 uBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTS
 ELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0
-sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABMA0GCSqGSIb3DQEB
-CwUAA4IBAQC3oD+/YG0OSarkqAC2fdUVWGBdy0BwRgRs420EsCrr4mSzT6ZHriLI
-QaHMAQwasm/S5c+4rMc8qAQNflPFn+z2Jh7X7W1EpY9ke730Gf1w1Tl62SJyLewJ
-DWHpHz1hcBMc1jREHQSnLJYIC+Zj5QLmldNJdani0ORunIcXOjDU3RZY+Mw5/6Qt
-Pya/QJJusrZtA9hooko9z7kAk1hUWu/qbSjDjMEOYFqM313VC8u15WxXerasjGRn
-9GiNc1BBEWwUtmV9V/8ntfNeftQHKUlrDKrtsqoyo7R4vC0Yb6b66rLIpKPyzNpD
-nOuS6noaj0vth+v2gOpq3tesDp5HLTcw
+sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABoyEwHzAdBgNVHQ4E
+FgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwDQYJKoZIhvcNAQELBQADggEBABdoXd7x
+DheleYnhdewyx5GSGYBXBcftDe66YnnQFg5ogmllyfOn0MyIiylizbW6rnufUI9e
+l5TOnLQgbAznjwq2/UI2o5/axu7UCivqYAZfHfLpM4dRRKIVwo8ygu//JOWP5yOY
+HFwixNcnEjOOrXdbNdSHbsOSG9+ms99mFuDWhUJ467QaDVaJpefU27AjSMhfo6fA
+zEZAlj2+u7kQA0YtZ8jn8Wsl865XPdzIBhvTjZc1wQe5DsEmoTBxkOh5hIrGNo82
+zKUKEpDdGaLM4tbFfVOypYb9uI+9X2xZSVrvi9as08yu12tq/PHfF0jAEUKhKV4/
+V+0twbkJtW7cPz8=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-cert-ecc-badsig.der b/certs/test/server-cert-ecc-badsig.der
index 3e1a890db..d9fee3fd2 100644
Binary files a/certs/test/server-cert-ecc-badsig.der and b/certs/test/server-cert-ecc-badsig.der differ
diff --git a/certs/test/server-cert-ecc-badsig.pem b/certs/test/server-cert-ecc-badsig.pem
index 13285961c..ff32a1750 100644
--- a/certs/test/server-cert-ecc-badsig.pem
+++ b/certs/test/server-cert-ecc-badsig.pem
@@ -5,8 +5,8 @@ Certificate:
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = Elliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -23,8 +23,7 @@ Certificate:
             X509v3 Subject Key Identifier: 
                 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
             X509v3 Authority Key Identifier: 
-                keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
-
+                56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
@@ -34,16 +33,17 @@ Certificate:
             Netscape Cert Type: 
                 SSL Server
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:86:bd:87:16:d2:9c:66:e7:5e:5c:28:0e:5f:
-         ef:94:61:2f:d4:21:6d:8e:c3:94:0a:1e:b5:6a:1d:c6:04:87:
-         c6:02:20:66:46:c4:29:d9:8e:eb:0b:f7:5b:32:13:eb:0a:ea:
-         47:99:4b:74:56:ba:21:97:b1:67:75:5c:f3:f3:c0:88:aa
+    Signature Value:
+        30:45:02:21:00:8b:82:a5:d2:f6:ca:84:ba:ad:2d:de:36:e9:
+        2a:4d:ee:4b:20:46:ba:ab:4e:d0:10:6e:eb:30:b6:7e:d8:af:
+        8c:02:20:06:74:40:6a:a9:31:54:fe:20:9d:c6:6d:2b:df:1d:
+        aa:63:da:fc:97:50:87:92:69:ee:63:57:b6:ec:e2:e9:fa
 -----BEGIN CERTIFICATE-----
 MIICojCCAkigAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR
 BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv
 bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
 MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
@@ -51,7 +51,7 @@ A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS
 IX/wzxjakRECNIboIFgzC4A0idijgYkwgYYwHQYDVR0OBBYEFF1dJu+sfjb5m3YV
 K0olAiPvsokwMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD86UhMAwGA1Ud
 EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEG
-CWCGSAGG+EIBAQQEAwIGQDAKBggqhkjOPQQDAgNIADBFAiEAhr2HFtKcZudeXCgO
-X++UYS/UIW2Ow5QKHrVqHcYEh8YCIGZGxCnZjusL91syE+sK6keZS3RWuiGXsWd1
-XPPzxIiq
+CWCGSAGG+EIBAQQEAwIGQDAKBggqhkjOPQQDAgNIADBFAiEAi4Kl0vbKhLqtLd42
+6SpN7ksgRrqrTtAQbuswtn7Yr4wCIAZ0QGqpMVT+IJ3GbSvfHapj2vyXUIeSae5j
+V7bsxun6
 -----END CERTIFICATE-----
diff --git a/certs/test/server-cert-rsa-badsig.der b/certs/test/server-cert-rsa-badsig.der
index e5cb198f6..91c6fa74d 100644
Binary files a/certs/test/server-cert-rsa-badsig.der and b/certs/test/server-cert-rsa-badsig.der differ
diff --git a/certs/test/server-cert-rsa-badsig.pem b/certs/test/server-cert-rsa-badsig.pem
index 171894d22..ab49b8f35 100644
--- a/certs/test/server-cert-rsa-badsig.pem
+++ b/certs/test/server-cert-rsa-badsig.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = Support, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -37,8 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -46,27 +45,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         4a:ff:b9:e5:85:9b:da:53:66:7f:07:22:bf:b6:19:ea:42:eb:
-         a4:11:07:62:ff:39:5f:33:37:3a:87:26:71:3d:13:b2:ca:b8:
-         64:38:7b:8a:99:48:0e:a5:a4:6b:b1:99:6e:e0:46:51:bd:19:
-         52:ad:bc:a6:7e:2a:7a:7c:23:a7:cc:db:5e:43:7d:6b:04:c8:
-         b7:dd:95:ad:f0:91:80:59:c5:19:91:26:27:91:b8:48:1c:eb:
-         55:b6:aa:7d:a4:38:f1:03:bc:6c:8b:aa:94:d6:3c:05:7a:96:
-         c5:06:f1:26:14:2e:75:fb:dd:e5:35:b3:01:2c:b3:ad:62:5a:
-         21:9a:08:be:56:fc:f9:a2:42:87:86:e5:a9:c5:99:cf:ae:14:
-         be:e0:b9:08:24:0d:1d:5c:d6:14:e1:4c:9f:40:b3:a9:e9:2d:
-         52:8b:4c:bf:ac:44:31:67:c1:8d:06:85:ec:0f:e4:99:d7:4b:
-         7b:21:06:66:d4:e4:f5:9d:ff:8e:f0:86:39:58:1d:a4:5b:e2:
-         63:ef:7c:c9:18:87:a8:02:25:10:3e:87:28:f9:f5:ef:47:9e:
-         a5:80:08:11:90:68:fe:d1:a3:a8:51:b9:37:ff:d5:ca:7c:87:
-         7f:6b:bc:2c:12:c8:c5:85:8b:fc:0c:c6:b9:86:b8:c9:04:c3:
-         51:37:d2:4f
+    Signature Value:
+        8a:f1:4e:e8:9f:59:b2:d9:13:ac:fc:42:c4:81:34:9f:6b:39:
+        57:9c:e9:92:5d:41:ac:05:35:b1:26:93:4d:4a:da:f8:51:82:
+        d2:8d:7f:d3:5c:6e:29:80:8d:9b:02:10:2b:64:f5:d1:31:06:
+        fa:85:2b:8f:63:32:14:76:7a:39:15:f3:4e:dd:fd:e2:2c:90:
+        15:d1:6f:73:87:ee:e6:c8:eb:ad:40:d5:e8:94:1f:a6:7e:26:
+        5b:87:ba:0f:06:5a:4d:55:7a:aa:c4:09:34:8b:f7:e5:cc:d6:
+        b7:6c:46:6d:a1:e6:66:66:4c:4b:e5:12:31:37:54:49:64:a5:
+        66:eb:e0:c6:a1:49:f8:4d:c3:d3:55:a4:05:d2:ac:fb:e1:c8:
+        69:30:4b:98:fd:72:1a:ab:9f:86:eb:0d:bd:7c:a6:3d:81:d9:
+        01:a7:8a:79:ab:3c:ce:e5:b6:c3:1b:ef:7d:5e:37:7b:37:7c:
+        91:89:59:11:21:11:7c:05:80:e1:a8:d6:f9:35:da:1b:86:06:
+        5a:32:67:6c:a9:2b:e0:31:7b:89:53:37:42:af:34:a4:53:d2:
+        7c:91:50:63:3a:8e:4a:1f:a3:90:4e:7c:41:59:1d:eb:7b:a2:
+        14:87:ba:76:36:a4:77:46:34:f2:55:50:f0:24:9f:83:83:da:
+        a6:aa:3c:c8
 -----BEGIN CERTIFICATE-----
 MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
 BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
@@ -80,30 +80,30 @@ BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
 M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
 bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
 DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
-9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDNEGqhsAez2YPJwUQpM0RT6vOlEMAwG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFGubcMbxo5RlGaEIWO+njSt6g8HaMAwG
 A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
-BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBK/7nl
-hZvaU2Z/ByK/thnqQuukEQdi/zlfMzc6hyZxPROyyrhkOHuKmUgOpaRrsZlu4EZR
-vRlSrbymfip6fCOnzNteQ31rBMi33ZWt8JGAWcUZkSYnkbhIHOtVtqp9pDjxA7xs
-i6qU1jwFepbFBvEmFC51+93lNbMBLLOtYlohmgi+Vvz5okKHhuWpxZnPrhS+4LkI
-JA0dXNYU4UyfQLOp6S1Si0y/rEQxZ8GNBoXsD+SZ10t7IQZm1OT1nf+O8IY5WB2k
-W+Jj73zJGIeoAiUQPoco+fXvR56lgAgRkGj+0aOoUbk3/9XKfId/a7wsEsjFhYv8
-DMa5hrjJBMNRN9JP
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCK8U7o
+n1my2ROs/ELEgTSfazlXnOmSXUGsBTWxJpNNStr4UYLSjX/TXG4pgI2bAhArZPXR
+MQb6hSuPYzIUdno5FfNO3f3iLJAV0W9zh+7myOutQNXolB+mfiZbh7oPBlpNVXqq
+xAk0i/flzNa3bEZtoeZmZkxL5RIxN1RJZKVm6+DGoUn4TcPTVaQF0qz74chpMEuY
+/XIaq5+G6w29fKY9gdkBp4p5qzzO5bbDG+99Xjd7N3yRiVkRIRF8BYDhqNb5Ndob
+hgZaMmdsqSvgMXuJUzdCrzSkU9J8kVBjOo5KH6OQTnxBWR3re6IUh7p2NqR3RjTy
+VVDwJJ+Dg9qmqjzI
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+            6b:9b:70:c6:f1:a3:94:65:19:a1:08:58:ef:a7:8d:2b:7a:83:c1:da
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -130,8 +130,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -139,27 +138,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
-         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
-         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
-         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
-         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
-         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
-         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
-         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
-         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
-         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
-         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
-         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
-         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
-         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
-         b9:a2:fe:35
+    Signature Value:
+        77:3b:3d:66:74:bc:97:fe:40:16:e6:ba:a5:d5:d1:84:08:89:
+        69:4f:88:0d:57:a9:ef:8c:c3:97:52:c8:bd:8b:a2:49:3b:b7:
+        f7:5d:1e:d6:14:7f:b2:80:33:da:a0:8a:d3:e1:2f:d5:bc:33:
+        9f:ea:5a:72:24:e5:f8:b8:4b:b3:df:62:90:3b:a8:21:ef:27:
+        42:75:bc:60:02:8e:37:35:99:eb:a3:28:f2:65:4c:ff:7a:f8:
+        8e:cc:23:6d:e5:6a:fe:22:5a:d9:b2:4f:47:c7:e0:ae:98:ef:
+        94:ac:b6:4f:61:81:29:8e:e1:79:2c:46:fc:e9:1a:c3:96:1f:
+        19:93:64:2e:9f:37:72:c5:e4:93:4e:61:5f:38:8e:ae:e8:39:
+        19:e6:97:a8:91:d4:23:7e:1e:d2:d0:53:ec:cc:ac:a0:1d:d0:
+        b7:dd:b1:b7:01:2e:96:cd:85:27:e0:e7:47:e2:c1:c1:00:f6:
+        94:df:77:e7:fa:c6:ef:8a:c0:7c:67:bc:ff:a0:7c:94:3b:7d:
+        86:42:af:3d:83:31:ee:2a:3b:7b:f0:2c:9e:6f:e9:c4:07:81:
+        24:da:05:70:4d:dd:09:ae:9e:72:b8:21:0e:8c:b2:ab:aa:4c:
+        49:10:f7:76:f9:b5:0d:6c:20:d3:df:7a:06:32:8d:29:1f:28:
+        1d:8d:26:33
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUa5twxvGjlGUZoQhY76eNK3qDwdowDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -174,12 +174,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+a5twxvGjlGUZoQhY76eNK3qDwdowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
-OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
-bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
-w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
-tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
-qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmixjU=
+DQYJKoZIhvcNAQELBQADggEBAHc7PWZ0vJf+QBbmuqXV0YQIiWlPiA1Xqe+Mw5dS
+yL2Lokk7t/ddHtYUf7KAM9qgitPhL9W8M5/qWnIk5fi4S7PfYpA7qCHvJ0J1vGAC
+jjc1meujKPJlTP96+I7MI23lav4iWtmyT0fH4K6Y75Sstk9hgSmO4XksRvzpGsOW
+HxmTZC6fN3LF5JNOYV84jq7oORnml6iR1CN+HtLQU+zMrKAd0LfdsbcBLpbNhSfg
+50fiwcEA9pTfd+f6xu+KwHxnvP+gfJQ7fYZCrz2DMe4qO3vwLJ5v6cQHgSTaBXBN
+3QmunnK4IQ6MsquqTEkQ93b5tQ1sINPfegYyjSkfKB2NxjM=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-duplicate-policy.pem b/certs/test/server-duplicate-policy.pem
index 8450ca92c..36636668e 100644
--- a/certs/test/server-duplicate-policy.pem
+++ b/certs/test/server-duplicate-policy.pem
@@ -5,12 +5,12 @@ Certificate:
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:30 2024 GMT
+            Not After : Sep 14 21:25:30 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = testing duplicate policy, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -37,8 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Certificate Policies: 
@@ -47,29 +46,29 @@ Certificate:
                   CPS: www.wolfssl.com
                   User Notice:
                     Explicit Text: Test of duplicate OIDs with different qualifiers
-
     Signature Algorithm: sha256WithRSAEncryption
-         ae:92:7f:94:c1:59:de:ec:62:89:79:b5:70:75:22:54:90:c1:
-         42:6a:dd:79:50:7b:f5:eb:23:9e:99:84:6c:ba:ca:d8:2e:15:
-         ed:f2:cb:ee:2a:b7:50:ca:82:fe:52:87:93:cf:22:5a:db:23:
-         3f:c2:22:a4:5a:02:f9:73:ac:0e:fe:2e:62:fb:6a:5d:1d:71:
-         13:ae:b8:c3:af:e9:6a:4c:a9:73:ca:fb:a9:69:b3:a2:62:ec:
-         e8:20:44:63:bf:49:ea:aa:90:e4:00:9c:fe:69:8c:99:4a:32:
-         e6:1a:2b:ae:1b:b9:82:53:8c:b0:06:ac:10:40:42:aa:68:da:
-         40:b7:92:f0:78:f6:5a:b6:ae:a2:a6:45:58:05:58:58:ca:bc:
-         85:92:92:52:e2:a4:c0:aa:9e:9a:03:f1:d4:a9:1f:46:ed:49:
-         76:71:76:3a:bb:47:ee:12:24:60:db:a4:2c:0d:9c:62:bf:1d:
-         a3:b4:80:68:18:32:32:51:9f:0a:49:3e:5c:20:f4:45:c8:11:
-         4d:b3:43:b1:a1:33:8b:07:b5:b4:86:66:0c:f7:b9:62:0a:2f:
-         53:29:dd:d0:9a:1a:64:86:7e:f6:72:fd:f9:ee:75:a1:20:d5:
-         dc:9d:03:60:32:f6:11:a9:9b:56:d7:5d:b0:65:fd:5f:c8:0e:
-         08:a4:f0:e6
+    Signature Value:
+        57:df:4f:80:68:25:ae:e1:7e:dd:de:db:f9:73:17:bb:20:c7:
+        b9:32:fa:c6:3e:23:f7:36:e7:26:ac:8c:a3:f5:b4:09:1f:4d:
+        4e:fd:57:8b:4b:bb:4c:3f:87:4b:67:48:6b:1e:fa:45:a6:51:
+        c4:38:86:70:34:30:97:4f:93:79:a3:6c:3a:00:62:1b:65:8c:
+        38:1a:11:5b:e1:52:bb:20:df:4f:ba:e9:a9:2a:fe:96:44:09:
+        32:ae:50:7a:ef:eb:d3:cb:8a:31:39:da:db:42:82:96:56:a2:
+        37:ec:ac:92:a8:9d:f8:2a:11:cc:be:55:f8:f0:0c:ff:2d:3b:
+        da:4f:3d:50:01:17:b8:79:ac:95:f7:31:7b:74:de:df:e1:68:
+        08:f4:3d:5b:7c:c2:fe:87:b6:81:35:79:3b:ed:14:be:07:04:
+        70:b7:46:7f:de:a5:4f:3c:37:f8:40:85:9a:46:b7:8e:62:78:
+        74:81:69:ce:d7:1b:d1:e8:c1:2e:8a:f2:cf:4d:56:ff:4c:ec:
+        b9:05:da:fb:a1:f7:58:18:b0:29:6e:9c:15:03:e7:8c:e5:37:
+        59:52:4c:d3:c6:be:68:62:87:09:ca:25:3d:e3:a4:e2:bf:d0:
+        85:de:de:d0:b5:04:48:91:05:75:c3:d9:64:e0:69:70:d7:ed:
+        79:6a:3d:7f
 -----BEGIN CERTIFICATE-----
 MIIFMTCCBBmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
-MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBoTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
+MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBoTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxITAf
 BgNVBAsMGHRlc3RpbmcgZHVwbGljYXRlIHBvbGljeTEYMBYGA1UEAwwPd3d3Lndv
 bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
@@ -83,31 +82,31 @@ o4IBfTCCAXkwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHUBgNVHSME
 gcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
 UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
 U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUM0QaqGwB
-7PZg8nBRCkzRFPq86UQwCQYDVR0TBAIwADB2BgNVHSAEbzBtMAUGAyoDBDBkBgMq
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUa5twxvGj
+lGUZoQhY76eNK3qDwdowCQYDVR0TBAIwADB2BgNVHSAEbzBtMAUGAyoDBDBkBgMq
 AwQwXTAbBggrBgEFBQcCARYPd3d3LndvbGZzc2wuY29tMD4GCCsGAQUFBwICMDIa
 MFRlc3Qgb2YgZHVwbGljYXRlIE9JRHMgd2l0aCBkaWZmZXJlbnQgcXVhbGlmaWVy
-czANBgkqhkiG9w0BAQsFAAOCAQEArpJ/lMFZ3uxiiXm1cHUiVJDBQmrdeVB79esj
-npmEbLrK2C4V7fLL7iq3UMqC/lKHk88iWtsjP8IipFoC+XOsDv4uYvtqXR1xE664
-w6/pakypc8r7qWmzomLs6CBEY79J6qqQ5ACc/mmMmUoy5horrhu5glOMsAasEEBC
-qmjaQLeS8Hj2WrauoqZFWAVYWMq8hZKSUuKkwKqemgPx1KkfRu1JdnF2OrtH7hIk
-YNukLA2cYr8do7SAaBgyMlGfCkk+XCD0RcgRTbNDsaEziwe1tIZmDPe5YgovUynd
-0JoaZIZ+9nL9+e51oSDV3J0DYDL2EambVtddsGX9X8gOCKTw5g==
+czANBgkqhkiG9w0BAQsFAAOCAQEAV99PgGglruF+3d7b+XMXuyDHuTL6xj4j9zbn
+JqyMo/W0CR9NTv1Xi0u7TD+HS2dIax76RaZRxDiGcDQwl0+TeaNsOgBiG2WMOBoR
+W+FSuyDfT7rpqSr+lkQJMq5Qeu/r08uKMTna20KCllaiN+yskqid+CoRzL5V+PAM
+/y072k89UAEXuHmslfcxe3Te3+FoCPQ9W3zC/oe2gTV5O+0UvgcEcLdGf96lTzw3
++ECFmka3jmJ4dIFpztcb0ejBLoryz01W/0zsuQXa+6H3WBiwKW6cFQPnjOU3WVJM
+08a+aGKHCcolPeOk4r/Qhd7e0LUESJEFdcPZZOBpcNfteWo9fw==
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            33:44:1a:a8:6c:01:ec:f6:60:f2:70:51:0a:4c:d1:14:fa:bc:e9:44
+            6b:9b:70:c6:f1:a3:94:65:19:a1:08:58:ef:a7:8d:2b:7a:83:c1:da
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:28 2023 GMT
-            Not After : Sep  8 22:19:28 2026 GMT
+            Not Before: Dec 18 21:25:29 2024 GMT
+            Not After : Sep 14 21:25:29 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -134,8 +133,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:33:44:1A:A8:6C:01:EC:F6:60:F2:70:51:0A:4C:D1:14:FA:BC:E9:44
-
+                serial:6B:9B:70:C6:F1:A3:94:65:19:A1:08:58:EF:A7:8D:2B:7A:83:C1:DA
             X509v3 Basic Constraints: 
                 CA:TRUE
             X509v3 Subject Alternative Name: 
@@ -143,27 +141,28 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         2d:fc:f9:32:5a:be:d6:9d:42:8b:86:4e:67:22:c3:50:2d:cb:
-         14:27:1d:94:f3:cd:88:42:da:41:1c:39:24:67:a7:92:4d:27:
-         ea:56:82:19:bf:11:b2:43:a4:8d:5d:87:b2:27:64:66:82:81:
-         df:c4:fd:5b:62:b0:c2:4d:9d:29:f2:41:32:cc:2e:b5:da:38:
-         06:1b:e8:7f:8c:6e:3d:80:1e:00:56:49:bf:39:e0:da:68:2f:
-         c4:fd:00:e6:d1:81:1a:d1:4a:bb:76:52:ce:4d:24:9d:c4:a3:
-         a7:f1:65:14:2f:1f:a8:2d:c6:cb:ce:b1:a7:89:74:26:27:c3:
-         f3:a3:84:4c:34:01:14:03:7d:16:3a:c8:8b:25:2e:7b:90:cc:
-         46:b1:52:34:ba:93:6e:ef:fe:43:a3:ad:c6:6f:51:fb:ba:ea:
-         38:e3:6f:d6:ee:63:62:36:ea:5e:08:b4:e2:2a:46:89:e3:ae:
-         b3:b4:06:ef:63:7a:6e:5d:dd:c9:ec:02:4f:f7:64:c0:27:07:
-         b4:6f:4a:18:72:5b:34:74:7c:d0:a9:04:8f:40:8b:6a:39:d2:
-         6b:1a:01:f2:01:a8:81:34:3a:e5:b0:55:d1:3c:95:ca:b0:82:
-         d6:ed:98:28:15:59:7e:95:a7:69:c7:b5:7b:ec:01:a7:4d:e6:
-         b9:a2:fe:35
+    Signature Value:
+        77:3b:3d:66:74:bc:97:fe:40:16:e6:ba:a5:d5:d1:84:08:89:
+        69:4f:88:0d:57:a9:ef:8c:c3:97:52:c8:bd:8b:a2:49:3b:b7:
+        f7:5d:1e:d6:14:7f:b2:80:33:da:a0:8a:d3:e1:2f:d5:bc:33:
+        9f:ea:5a:72:24:e5:f8:b8:4b:b3:df:62:90:3b:a8:21:ef:27:
+        42:75:bc:60:02:8e:37:35:99:eb:a3:28:f2:65:4c:ff:7a:f8:
+        8e:cc:23:6d:e5:6a:fe:22:5a:d9:b2:4f:47:c7:e0:ae:98:ef:
+        94:ac:b6:4f:61:81:29:8e:e1:79:2c:46:fc:e9:1a:c3:96:1f:
+        19:93:64:2e:9f:37:72:c5:e4:93:4e:61:5f:38:8e:ae:e8:39:
+        19:e6:97:a8:91:d4:23:7e:1e:d2:d0:53:ec:cc:ac:a0:1d:d0:
+        b7:dd:b1:b7:01:2e:96:cd:85:27:e0:e7:47:e2:c1:c1:00:f6:
+        94:df:77:e7:fa:c6:ef:8a:c0:7c:67:bc:ff:a0:7c:94:3b:7d:
+        86:42:af:3d:83:31:ee:2a:3b:7b:f0:2c:9e:6f:e9:c4:07:81:
+        24:da:05:70:4d:dd:09:ae:9e:72:b8:21:0e:8c:b2:ab:aa:4c:
+        49:10:f7:76:f9:b5:0d:6c:20:d3:df:7a:06:32:8d:29:1f:28:
+        1d:8d:26:33
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUM0QaqGwB7PZg8nBRCkzRFPq86UQwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUa5twxvGjlGUZoQhY76eNK3qDwdowDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIzMTIxMzIyMTkyOFoXDTI2MDkwODIyMTkyOFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTI0MTIxODIxMjUyOVoXDTI3MDkxNDIxMjUyOVowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -178,12 +177,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-M0QaqGwB7PZg8nBRCkzRFPq86UQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+a5twxvGjlGUZoQhY76eNK3qDwdowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBAC38+TJavtadQouGTmciw1AtyxQnHZTzzYhC2kEc
-OSRnp5JNJ+pWghm/EbJDpI1dh7InZGaCgd/E/VtisMJNnSnyQTLMLrXaOAYb6H+M
-bj2AHgBWSb854NpoL8T9AObRgRrRSrt2Us5NJJ3Eo6fxZRQvH6gtxsvOsaeJdCYn
-w/OjhEw0ARQDfRY6yIslLnuQzEaxUjS6k27v/kOjrcZvUfu66jjjb9buY2I26l4I
-tOIqRonjrrO0Bu9jem5d3cnsAk/3ZMAnB7RvShhyWzR0fNCpBI9Ai2o50msaAfIB
-qIE0OuWwVdE8lcqwgtbtmCgVWX6Vp2nHtXvsAadN5rmi/jU=
+DQYJKoZIhvcNAQELBQADggEBAHc7PWZ0vJf+QBbmuqXV0YQIiWlPiA1Xqe+Mw5dS
+yL2Lokk7t/ddHtYUf7KAM9qgitPhL9W8M5/qWnIk5fi4S7PfYpA7qCHvJ0J1vGAC
+jjc1meujKPJlTP96+I7MI23lav4iWtmyT0fH4K6Y75Sstk9hgSmO4XksRvzpGsOW
+HxmTZC6fN3LF5JNOYV84jq7oORnml6iR1CN+HtLQU+zMrKAd0LfdsbcBLpbNhSfg
+50fiwcEA9pTfd+f6xu+KwHxnvP+gfJQ7fYZCrz2DMe4qO3vwLJ5v6cQHgSTaBXBN
+3QmunnK4IQ6MsquqTEkQ93b5tQ1sINPfegYyjSkfKB2NJjM=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-garbage.der b/certs/test/server-garbage.der
index c488dc57c..03e447221 100644
Binary files a/certs/test/server-garbage.der and b/certs/test/server-garbage.der differ
diff --git a/certs/test/server-garbage.pem b/certs/test/server-garbage.pem
index 4c074ef63..6726b63e1 100644
--- a/certs/test/server-garbage.pem
+++ b/certs/test/server-garbage.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            29:92:30:0a:e4:14:e1:59:32:49:a9:66:fd:11:f5:b2:16:d6:7a:d0
+            44:af:a7:b0:61:69:50:85:94:af:87:41:9b:43:ea:eb:6e:ce:bc:1c
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:30 2023 GMT
-            Not After : Sep  8 22:19:30 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -35,28 +35,31 @@ Certificate:
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
                 DNS:garbage
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         34:5e:01:46:29:63:4f:93:cf:48:77:45:39:48:68:cf:c6:54:
-         94:56:14:6f:17:2d:e1:83:48:8b:91:70:6d:5f:d8:14:fc:a4:
-         a9:bc:fa:58:63:ce:57:2f:c5:b6:61:8b:c3:6d:dc:39:83:2e:
-         f3:78:d9:2b:b9:ed:f0:ef:c2:82:17:1b:ac:97:2a:c0:3a:9f:
-         f9:b7:6b:a6:0e:1c:af:17:be:74:d0:ff:11:ea:48:6d:f6:b8:
-         e8:11:db:c9:ca:49:e5:18:d9:51:3d:eb:76:56:b6:ce:da:cd:
-         a6:cb:ac:a3:06:5e:b7:b0:f6:2b:ba:dc:0f:c4:12:01:7e:8b:
-         c7:e4:ad:59:72:4a:a5:25:7a:bd:ec:1d:f4:89:f8:aa:c7:c8:
-         ad:8c:1c:d5:19:55:f9:32:75:f6:04:2c:67:86:d5:e8:f5:be:
-         bd:76:0b:bb:bb:8f:7d:1a:70:a2:9c:16:88:ca:de:14:9d:a2:
-         0a:23:36:fd:02:bc:6d:ee:f4:7a:41:e2:2d:21:d0:5f:eb:ec:
-         4e:4b:71:aa:80:57:63:da:39:2b:ce:37:5a:26:64:ad:6b:bc:
-         a6:24:90:b6:e8:b2:4a:19:98:e8:06:17:12:f8:57:74:44:f7:
-         b9:16:67:2d:be:66:fb:4d:a6:66:e7:b5:58:f8:9c:51:1d:56:
-         fd:ef:bf:6e
+    Signature Value:
+        7f:66:0a:08:a6:40:ae:0b:3f:2e:ab:e7:fb:16:93:d4:88:15:
+        a1:fe:e5:ef:1e:64:95:66:60:d4:59:4a:e5:3a:f0:12:40:6c:
+        8f:9f:42:b2:61:09:76:a0:bc:9c:49:90:17:29:3b:db:87:20:
+        ab:61:f7:73:e4:ea:45:08:56:2f:f4:11:32:b8:5c:30:b5:4f:
+        39:e6:32:41:5a:4c:a9:27:5a:a5:fa:29:44:b0:f0:88:39:1a:
+        0d:bc:4c:44:05:c5:5b:80:b1:75:5f:88:af:6b:65:f7:cd:96:
+        1b:cb:25:f9:90:83:bf:58:74:4d:2e:d5:e0:d3:a0:78:bb:79:
+        46:6c:3f:23:1f:f7:78:48:56:30:1a:1f:61:d7:a0:a3:10:78:
+        9f:32:1a:d7:c8:e0:67:0b:bd:5d:e5:77:54:54:af:e4:40:64:
+        f9:3e:13:5a:6f:f0:e7:bf:e5:a4:ef:7f:b9:23:e3:b0:75:b9:
+        e8:fa:d5:12:e8:df:5f:1e:09:1c:0a:89:c4:f5:a5:d1:af:eb:
+        37:fe:cf:19:85:5b:ce:fd:ad:7b:2c:b3:4c:44:3f:3e:45:c9:
+        83:0e:16:9b:a3:6d:25:a9:88:3f:46:7e:dd:21:8d:4a:a5:96:
+        3d:3e:71:fb:f7:4a:ea:ee:ab:b2:5d:ad:3d:3b:62:c8:bb:66:
+        a6:ac:07:7f
 -----BEGIN CERTIFICATE-----
-MIIDnDCCAoSgAwIBAgIUKZIwCuQU4VkySalm/RH1shbWetAwDQYJKoZIhvcNAQEL
+MIIDuzCCAqOgAwIBAgIURK+nsGFpUIWUr4dBm0Pq627OvBwwDQYJKoZIhvcNAQEL
 BQAwfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhvc3Qx
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTMw
-WhcNMjYwOTA4MjIxOTMwWjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjMxMTIz
+WhcNMjcwOTE0MjMxMTIzWjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu
 YTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEjAQBgNV
 BAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
 ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXG
@@ -65,11 +68,11 @@ e7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/
 C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEM
 vVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3
 uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcC
-AwEAAaMWMBQwEgYDVR0RBAswCYIHZ2FyYmFnZTANBgkqhkiG9w0BAQsFAAOCAQEA
-NF4BRiljT5PPSHdFOUhoz8ZUlFYUbxct4YNIi5FwbV/YFPykqbz6WGPOVy/FtmGL
-w23cOYMu83jZK7nt8O/CghcbrJcqwDqf+bdrpg4crxe+dND/EepIbfa46BHbycpJ
-5RjZUT3rdla2ztrNpsusowZet7D2K7rcD8QSAX6Lx+StWXJKpSV6vewd9In4qsfI
-rYwc1RlV+TJ19gQsZ4bV6PW+vXYLu7uPfRpwopwWiMreFJ2iCiM2/QK8be70ekHi
-LSHQX+vsTktxqoBXY9o5K843WiZkrWu8piSQtuiyShmY6AYXEvhXdET3uRZnLb5m
-+02mZue1WPicUR1W/e+/bg==
+AwEAAaM1MDMwEgYDVR0RBAswCYIHZ2FyYmFnZTAdBgNVHQ4EFgQUsxEyyZKYhOLJ
++NA7bgNCyh8OjjwwDQYJKoZIhvcNAQELBQADggEBAH9mCgimQK4LPy6r5/sWk9SI
+FaH+5e8eZJVmYNRZSuU68BJAbI+fQrJhCXagvJxJkBcpO9uHIKth93Pk6kUIVi/0
+ETK4XDC1TznmMkFaTKknWqX6KUSw8Ig5Gg28TEQFxVuAsXVfiK9rZffNlhvLJfmQ
+g79YdE0u1eDToHi7eUZsPyMf93hIVjAaH2HXoKMQeJ8yGtfI4GcLvV3ld1RUr+RA
+ZPk+E1pv8Oe/5aTvf7kj47B1uej61RLo318eCRwKicT1pdGv6zf+zxmFW879rXss
+s0xEPz5FyYMOFpujbSWpiD9Gft0hjUqllj0+cfv3Suruq7JdrT07Ysi7ZqasB38=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-goodalt.der b/certs/test/server-goodalt.der
index e5ffb53dd..97523dca1 100644
Binary files a/certs/test/server-goodalt.der and b/certs/test/server-goodalt.der differ
diff --git a/certs/test/server-goodalt.pem b/certs/test/server-goodalt.pem
index e9a84e872..0301b2c72 100644
--- a/certs/test/server-goodalt.pem
+++ b/certs/test/server-goodalt.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            32:70:6e:5f:3a:4b:a4:f1:68:7f:40:58:7b:f4:de:25:f8:da:7a:cf
+            29:58:d0:14:fc:30:87:e9:92:88:93:69:43:1d:3d:3e:d1:c4:4f:09
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -35,28 +35,31 @@ Certificate:
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
                 DNS:localhost
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         1a:fb:18:e0:cc:2f:fe:92:34:87:01:35:a1:e3:9f:8b:c5:5a:
-         22:f6:9a:2f:19:08:99:1d:0d:e7:23:84:23:28:dd:ff:13:39:
-         ca:73:1e:e0:c5:22:21:ab:b3:0e:74:a3:e6:c9:7b:a2:50:6c:
-         35:c1:2f:30:eb:90:c5:36:4a:95:3c:43:c5:e4:fc:80:08:ce:
-         69:2a:3f:50:66:8f:81:71:24:61:68:d3:34:69:b8:d7:11:27:
-         b8:53:21:5f:19:6f:cc:66:e4:fd:07:95:7f:e1:d3:d4:91:2b:
-         6f:d0:01:dc:5c:0c:72:10:2b:da:a7:2c:9d:eb:e3:e2:86:84:
-         ab:b5:73:01:00:02:84:29:90:10:c0:13:70:d7:d8:da:da:ac:
-         dc:75:8e:a8:ef:a3:c4:cf:aa:c2:83:66:8f:f9:0d:23:0d:9a:
-         1b:b2:d3:04:3d:91:1e:f1:9a:5f:15:85:94:af:89:8b:d7:6d:
-         cf:f8:06:e1:e8:30:b6:ef:6d:fc:33:19:a1:91:af:fc:f3:bf:
-         0d:ae:97:ec:c3:ea:1e:17:76:3b:e4:57:c1:bd:27:16:58:03:
-         95:02:6f:c8:fa:7e:0b:7b:a8:d4:e7:38:11:b3:a8:6f:ce:6e:
-         6f:9f:68:c2:c6:93:06:00:49:0a:76:43:2c:8d:b0:49:9f:02:
-         fb:e2:6a:39
+    Signature Value:
+        3a:11:87:c4:39:d0:6b:90:68:03:07:14:9a:dd:4c:ec:2d:01:
+        d6:95:86:f9:75:43:66:9c:49:db:b9:a9:c0:79:fd:da:0d:d7:
+        fd:1e:a9:04:88:d8:b3:c3:45:c5:2b:1a:9f:e2:89:af:77:44:
+        ae:6e:e8:b4:1d:70:f6:16:f6:cf:fa:47:f5:b8:38:d2:60:b3:
+        e6:7f:62:27:cf:0b:ff:16:f2:27:7b:1d:d1:56:e3:f2:1f:21:
+        35:58:49:3a:a8:3b:d8:e6:db:39:e2:52:d5:39:1e:f2:31:23:
+        da:fe:34:af:98:fe:d5:2e:d6:a6:0a:4d:cc:48:60:bd:a0:1e:
+        c9:13:08:f6:0f:f5:fc:9d:00:09:e0:64:a8:af:1b:8f:0c:3f:
+        b5:17:be:68:47:65:81:8e:68:a6:ac:f8:ea:fa:bd:01:e2:f7:
+        54:d3:00:7e:a1:3b:ee:cb:d4:3f:42:8f:ef:85:a8:46:92:15:
+        da:0d:02:54:fa:c4:86:ef:80:be:29:d1:d5:a2:43:f8:79:a9:
+        53:f2:01:74:f6:31:80:85:61:a1:2c:98:da:7b:d5:3f:42:53:
+        55:d5:fd:c7:be:8f:57:78:db:dc:8b:e6:78:92:40:e9:33:53:
+        bc:3d:e7:4f:64:ec:32:c0:bf:12:d6:34:e3:94:1f:a7:6b:b2:
+        52:5b:56:27
 -----BEGIN CERTIFICATE-----
-MIIDrDCCApSgAwIBAgIUMnBuXzpLpPFof0BYe/TeJfjaes8wDQYJKoZIhvcNAQEL
+MIIDyzCCArOgAwIBAgIUKVjQFPwwh+mSiJNpQx09PtHETwkwDQYJKoZIhvcNAQEL
 BQAwgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3Lm5vbWF0
-Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIzMTEyM1oXDTI3MDkxNDIzMTEyM1owgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd3d3Lm5vbWF0Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI
@@ -65,11 +68,12 @@ j+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+t
 Q7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem
 8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDB
 Y3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE
-4eZhg8XSlt/Z0E+t1wIDAQABoxgwFjAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJ
-KoZIhvcNAQELBQADggEBABr7GODML/6SNIcBNaHjn4vFWiL2mi8ZCJkdDecjhCMo
-3f8TOcpzHuDFIiGrsw50o+bJe6JQbDXBLzDrkMU2SpU8Q8Xk/IAIzmkqP1Bmj4Fx
-JGFo0zRpuNcRJ7hTIV8Zb8xm5P0HlX/h09SRK2/QAdxcDHIQK9qnLJ3r4+KGhKu1
-cwEAAoQpkBDAE3DX2NrarNx1jqjvo8TPqsKDZo/5DSMNmhuy0wQ9kR7xml8VhZSv
-iYvXbc/4BuHoMLbvbfwzGaGRr/zzvw2ul+zD6h4XdjvkV8G9JxZYA5UCb8j6fgt7
-qNTnOBGzqG/Obm+faMLGkwYASQp2QyyNsEmfAvviajk=
+4eZhg8XSlt/Z0E+t1wIDAQABozcwNTAUBgNVHREEDTALgglsb2NhbGhvc3QwHQYD
+VR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MA0GCSqGSIb3DQEBCwUAA4IBAQA6
+EYfEOdBrkGgDBxSa3UzsLQHWlYb5dUNmnEnbuanAef3aDdf9HqkEiNizw0XFKxqf
+4omvd0Subui0HXD2FvbP+kf1uDjSYLPmf2Inzwv/FvInex3RVuPyHyE1WEk6qDvY
+5ts54lLVOR7yMSPa/jSvmP7VLtamCk3MSGC9oB7JEwj2D/X8nQAJ4GSorxuPDD+1
+F75oR2WBjmimrPjq+r0B4vdU0wB+oTvuy9Q/Qo/vhahGkhXaDQJU+sSG74C+KdHV
+okP4ealT8gF09jGAhWGhLJjae9U/QlNV1f3Hvo9XeNvci+Z4kkDpM1O8PedPZOwy
+wL8S1jTjlB+na7JSW1Yn
 -----END CERTIFICATE-----
diff --git a/certs/test/server-goodaltwild.der b/certs/test/server-goodaltwild.der
index 64290e698..bf69fe555 100644
Binary files a/certs/test/server-goodaltwild.der and b/certs/test/server-goodaltwild.der differ
diff --git a/certs/test/server-goodaltwild.pem b/certs/test/server-goodaltwild.pem
index 2d3b41346..0bcd15c82 100644
--- a/certs/test/server-goodaltwild.pem
+++ b/certs/test/server-goodaltwild.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            4c:d4:49:58:80:7d:50:06:e0:9e:5c:a6:4a:e1:90:26:53:59:90:89
+            55:6f:ba:c1:27:17:d6:05:e5:7e:2b:64:44:77:37:6c:43:27:53:1c
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -35,28 +35,31 @@ Certificate:
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
                 DNS:*localhost
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         4d:31:3b:e4:6f:26:b4:33:2f:1a:10:12:34:f8:97:47:79:05:
-         74:51:97:1c:22:96:89:b9:b3:63:af:e4:d4:eb:9f:97:e7:b3:
-         8f:eb:52:0a:94:39:de:2f:df:4c:9c:15:0b:c0:91:b9:68:95:
-         58:a1:78:82:82:4d:e7:81:c4:45:1a:94:d9:16:40:46:27:f3:
-         33:08:8c:dd:c0:93:f4:2c:0e:1b:26:d5:fd:2f:8d:39:6f:63:
-         63:be:3d:96:c4:3d:d7:25:1b:56:11:53:4e:c2:3c:fb:cb:ed:
-         73:ab:87:c5:5f:5b:a6:47:4b:da:7e:84:30:ff:90:0b:b1:d0:
-         15:e8:39:3d:0f:4f:de:a9:60:15:e3:44:c4:46:ee:c7:52:ff:
-         ee:23:1d:8c:73:53:87:e9:94:82:60:9b:ca:b8:b4:41:5f:3b:
-         bd:36:03:54:b2:bf:42:69:bd:49:b7:0f:26:16:ec:03:2c:b9:
-         0c:38:15:20:c5:b6:9a:18:f1:30:7e:4a:11:7f:da:44:54:de:
-         1e:0d:d1:e5:c9:46:0c:1b:50:6a:4d:61:89:58:61:46:40:2a:
-         fe:18:9d:64:90:ea:32:61:85:92:5a:3e:41:43:83:4d:ec:f4:
-         98:15:95:f0:79:55:7f:81:59:31:2b:80:a8:ea:60:5c:78:04:
-         3d:42:d0:51
+    Signature Value:
+        40:87:46:bf:1e:07:d3:d6:b2:aa:e1:57:60:18:63:cd:98:d0:
+        12:81:55:c7:87:62:d4:f8:6d:49:a4:b2:8d:25:5a:7b:10:47:
+        1a:21:72:59:fe:47:b8:7e:e2:24:e8:a4:42:e0:30:06:f3:9d:
+        aa:47:c5:a2:48:71:30:3b:f8:99:f7:fc:bb:5d:44:59:81:da:
+        b9:bb:3c:d3:9c:e5:d7:2d:59:35:2a:0a:48:5f:12:a7:ec:bc:
+        0f:34:43:7b:76:eb:1e:c8:25:0a:84:74:da:4a:dc:8b:52:34:
+        56:ab:2f:c1:f3:bd:3e:71:94:a5:3c:61:79:1f:5b:28:cd:66:
+        3b:d4:e9:82:eb:e5:55:65:eb:44:2b:54:35:d9:1d:6c:d5:c4:
+        1d:bf:a7:e0:6f:4b:b9:14:d5:b1:80:82:d6:9e:da:49:e8:7f:
+        d1:08:8f:ea:ec:e1:ba:cb:4f:1d:e0:4e:31:39:34:0d:98:62:
+        c4:a8:93:28:4a:76:9e:70:c9:43:cd:93:21:ae:38:9e:81:1a:
+        aa:0d:91:cc:3a:39:7e:ce:12:6b:7c:4d:6c:26:9a:1a:cb:68:
+        af:e4:06:be:8d:36:cc:37:19:0a:67:77:1c:13:c0:42:d6:24:
+        52:e3:8e:2c:94:01:f2:54:11:21:8c:1a:08:18:a8:07:8c:73:
+        26:53:05:09
 -----BEGIN CERTIFICATE-----
-MIIDrTCCApWgAwIBAgIUTNRJWIB9UAbgnlymSuGQJlNZkIkwDQYJKoZIhvcNAQEL
+MIIDzDCCArSgAwIBAgIUVW+6wScX1gXlfitkRHc3bEMnUxwwDQYJKoZIhvcNAQEL
 BQAwgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3Lm5vbWF0
-Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIx
-MzIyMTkyOVoXDTI2MDkwODIyMTkyOVowgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIx
+ODIzMTEyM1oXDTI3MDkxNDIzMTEyM1owgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
 DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmlu
 ZzEYMBYGA1UEAwwPd3d3Lm5vbWF0Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
 QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI
@@ -65,11 +68,12 @@ j+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+t
 Q7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem
 8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDB
 Y3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE
-4eZhg8XSlt/Z0E+t1wIDAQABoxkwFzAVBgNVHREEDjAMggoqbG9jYWxob3N0MA0G
-CSqGSIb3DQEBCwUAA4IBAQBNMTvkbya0My8aEBI0+JdHeQV0UZccIpaJubNjr+TU
-65+X57OP61IKlDneL99MnBULwJG5aJVYoXiCgk3ngcRFGpTZFkBGJ/MzCIzdwJP0
-LA4bJtX9L405b2Njvj2WxD3XJRtWEVNOwjz7y+1zq4fFX1umR0vafoQw/5ALsdAV
-6Dk9D0/eqWAV40TERu7HUv/uIx2Mc1OH6ZSCYJvKuLRBXzu9NgNUsr9Cab1Jtw8m
-FuwDLLkMOBUgxbaaGPEwfkoRf9pEVN4eDdHlyUYMG1BqTWGJWGFGQCr+GJ1kkOoy
-YYWSWj5BQ4NN7PSYFZXweVV/gVkxK4Co6mBceAQ9QtBR
+4eZhg8XSlt/Z0E+t1wIDAQABozgwNjAVBgNVHREEDjAMggoqbG9jYWxob3N0MB0G
+A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDANBgkqhkiG9w0BAQsFAAOCAQEA
+QIdGvx4H09ayquFXYBhjzZjQEoFVx4di1PhtSaSyjSVaexBHGiFyWf5HuH7iJOik
+QuAwBvOdqkfFokhxMDv4mff8u11EWYHaubs805zl1y1ZNSoKSF8Sp+y8DzRDe3br
+HsglCoR02krci1I0VqsvwfO9PnGUpTxheR9bKM1mO9TpguvlVWXrRCtUNdkdbNXE
+Hb+n4G9LuRTVsYCC1p7aSeh/0QiP6uzhustPHeBOMTk0DZhixKiTKEp2nnDJQ82T
+Ia44noEaqg2RzDo5fs4Sa3xNbCaaGstor+QGvo02zDcZCmd3HBPAQtYkUuOOLJQB
+8lQRIYwaCBioB4xzJlMFCQ==
 -----END CERTIFICATE-----
diff --git a/certs/test/server-goodcn.der b/certs/test/server-goodcn.der
index ff652b1e7..4986c8bf6 100644
Binary files a/certs/test/server-goodcn.der and b/certs/test/server-goodcn.der differ
diff --git a/certs/test/server-goodcn.pem b/certs/test/server-goodcn.pem
index d449306bd..a28127443 100644
--- a/certs/test/server-goodcn.pem
+++ b/certs/test/server-goodcn.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            7c:c0:69:44:bd:22:dd:2c:29:c1:55:88:f4:14:63:f5:ac:07:6d:c5
+            20:e4:76:1c:be:16:94:8a:8c:e8:34:37:a5:1b:37:c9:f9:42:c9:30
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -32,28 +32,32 @@ Certificate:
                     a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
                     ad:d7
                 Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         49:ff:59:9d:20:42:36:a3:d1:3d:5d:c1:37:24:42:22:9d:8a:
-         f9:61:98:45:0b:0d:9d:f7:1a:30:0b:54:9a:65:e7:e4:68:84:
-         59:c1:28:43:8f:59:08:43:83:4e:95:9c:0d:91:43:53:6a:19:
-         cc:f1:d0:af:74:5a:12:34:8e:0c:18:21:83:ad:4f:a9:a5:fe:
-         df:af:9d:96:22:1b:21:0d:fd:99:6f:58:0c:cb:4a:e6:7f:32:
-         df:d5:10:b2:70:f0:4d:49:6e:1f:64:82:58:27:a8:58:c9:9b:
-         f1:de:30:b6:bd:8b:a6:23:3c:58:a5:d9:f5:74:b2:c1:96:b3:
-         6b:56:d5:45:47:3d:ba:f9:0e:ba:59:73:43:31:cc:2a:2c:bd:
-         87:01:f9:f0:bc:6e:f2:6e:20:a3:07:ca:f7:43:e7:1b:35:85:
-         bc:f7:84:1e:ff:33:21:74:19:45:85:b4:81:77:64:41:1b:02:
-         c9:e3:a4:39:48:62:8d:fd:1b:96:6f:64:dc:e9:75:a5:74:c3:
-         a5:3c:55:87:0d:cd:4c:ec:f5:9a:e9:9f:a3:0b:a4:80:ef:c7:
-         58:4b:f4:60:b7:5a:4c:dc:93:10:79:43:c3:ac:1b:b1:6d:d8:
-         8f:b6:f5:db:82:0d:6e:58:38:9d:23:97:41:7d:39:cd:9c:89:
-         7d:64:bc:4f
+    Signature Value:
+        66:a2:01:32:ef:f2:60:53:90:50:4e:11:cf:80:0c:66:32:fc:
+        f2:16:d1:26:15:57:fe:43:2f:ee:f4:ab:05:cd:db:b7:b7:f7:
+        9d:b4:11:b3:4a:b5:4f:bf:01:ba:3d:89:05:7c:2e:42:66:fd:
+        a9:c9:e8:9d:9a:85:95:7e:1f:35:41:eb:45:d3:ea:de:a3:1c:
+        eb:36:ad:3e:c9:a0:1c:31:c3:e3:f5:4c:bc:a7:7e:04:52:70:
+        e7:89:dd:a3:fc:32:a2:7b:26:b9:ea:2b:9e:06:9d:a7:6d:1f:
+        1d:52:e9:11:3f:a1:1d:87:1e:82:17:eb:05:78:e5:70:f3:23:
+        3f:15:73:12:31:cd:11:b3:b1:fa:2b:7c:6b:5d:2d:04:6c:5f:
+        28:9c:39:ba:50:0e:8a:ec:4b:2b:11:fb:09:e8:c6:05:5c:b4:
+        45:7a:e5:52:78:fe:c0:c3:57:c1:df:ce:a8:9b:86:d5:c6:6a:
+        61:c6:36:7a:50:3d:7e:b9:3e:e6:6e:40:6e:d9:08:65:ef:88:
+        11:bc:37:f2:cb:5f:04:ec:9e:c8:4c:48:2f:26:6c:1c:e4:e0:
+        b6:a8:63:b7:42:4c:81:2e:f0:3d:d8:a0:e1:6c:16:3e:40:4b:
+        ec:1b:43:9d:99:c8:36:99:cd:d7:1c:6d:c7:98:88:ce:05:b6:
+        93:de:19:d1
 -----BEGIN CERTIFICATE-----
-MIIDhDCCAmygAwIBAgIUfMBpRL0i3SwpwVWI9BRj9awHbcUwDQYJKoZIhvcNAQEL
+MIIDpzCCAo+gAwIBAgIUIOR2HL4WlIqM6DQ3pRs3yflCyTAwDQYJKoZIhvcNAQEL
 BQAwfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhvc3Qx
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI5
-WhcNMjYwOTA4MjIxOTI5WjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjMxMTIz
+WhcNMjcwOTE0MjMxMTIzWjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu
 YTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEjAQBgNV
 BAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
 ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXG
@@ -62,10 +66,11 @@ e7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/
 C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEM
 vVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3
 uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcC
-AwEAATANBgkqhkiG9w0BAQsFAAOCAQEASf9ZnSBCNqPRPV3BNyRCIp2K+WGYRQsN
-nfcaMAtUmmXn5GiEWcEoQ49ZCEODTpWcDZFDU2oZzPHQr3RaEjSODBghg61PqaX+
-36+dliIbIQ39mW9YDMtK5n8y39UQsnDwTUluH2SCWCeoWMmb8d4wtr2LpiM8WKXZ
-9XSywZaza1bVRUc9uvkOullzQzHMKiy9hwH58Lxu8m4gowfK90PnGzWFvPeEHv8z
-IXQZRYW0gXdkQRsCyeOkOUhijf0blm9k3Ol1pXTDpTxVhw3NTOz1mumfowukgO/H
-WEv0YLdaTNyTEHlDw6wbsW3Yj7b124INblg4nSOXQX05zZyJfWS8Tw==
+AwEAAaMhMB8wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MA0GCSqGSIb3
+DQEBCwUAA4IBAQBmogEy7/JgU5BQThHPgAxmMvzyFtEmFVf+Qy/u9KsFzdu3t/ed
+tBGzSrVPvwG6PYkFfC5CZv2pyeidmoWVfh81QetF0+reoxzrNq0+yaAcMcPj9Uy8
+p34EUnDnid2j/DKieya56iueBp2nbR8dUukRP6Edhx6CF+sFeOVw8yM/FXMSMc0R
+s7H6K3xrXS0EbF8onDm6UA6K7EsrEfsJ6MYFXLRFeuVSeP7Aw1fB386om4bVxmph
+xjZ6UD1+uT7mbkBu2Qhl74gRvDfyy18E7J7ITEgvJmwc5OC2qGO3QkyBLvA92KDh
+bBY+QEvsG0Odmcg2mc3XHG3HmIjOBbaT3hnR
 -----END CERTIFICATE-----
diff --git a/certs/test/server-goodcnwild.der b/certs/test/server-goodcnwild.der
index c91430739..64122b2cc 100644
Binary files a/certs/test/server-goodcnwild.der and b/certs/test/server-goodcnwild.der differ
diff --git a/certs/test/server-goodcnwild.pem b/certs/test/server-goodcnwild.pem
index 256cf26fc..35b68c1e9 100644
--- a/certs/test/server-goodcnwild.pem
+++ b/certs/test/server-goodcnwild.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            2e:f2:01:15:bc:ba:a6:74:6e:b4:49:8e:f3:09:8c:9c:ca:3e:fe:32
+            57:58:1d:6f:ff:69:c2:43:43:a6:f2:d9:11:c3:8f:71:7f:f6:c3:ee
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = *localhost, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = *localhost, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -32,28 +32,32 @@ Certificate:
                     a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
                     ad:d7
                 Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         96:b2:8f:e5:31:57:57:6a:f2:48:1e:97:9a:71:75:10:22:a1:
-         38:2c:9e:4f:d7:2f:7c:5d:e7:9f:19:8f:9c:00:b3:74:7e:10:
-         69:7b:a5:71:2f:36:a2:79:02:51:4d:bb:e1:78:01:77:f6:13:
-         85:84:46:ac:96:88:5b:47:4d:dd:d2:fd:5e:e4:49:3a:64:0b:
-         67:af:95:3e:bf:40:4d:0f:a0:28:61:37:6b:41:b9:ad:dc:8c:
-         f4:0c:8b:b5:49:20:19:e2:7f:0b:63:e5:fc:06:6d:16:4f:ba:
-         b6:1a:3c:d4:4f:b3:a4:bd:c0:96:f5:a8:7f:01:85:a3:4a:ab:
-         c3:73:77:68:55:1b:26:84:60:2f:72:af:d1:c4:55:4a:a8:3d:
-         ce:fc:3e:b3:55:37:aa:df:0f:07:6c:5f:2b:0f:05:7f:bc:df:
-         62:b3:68:f5:c2:0c:48:f8:b6:41:c5:e0:ac:7d:a4:50:f2:bc:
-         61:0a:1c:5b:c5:b8:31:b1:ea:95:3f:6a:23:88:b3:74:7b:9f:
-         1d:7c:11:23:f3:89:8b:71:a5:fa:e6:39:2c:10:af:8e:e9:8e:
-         c6:25:ca:76:db:d9:95:40:e5:15:f3:67:d6:67:3b:9e:42:9e:
-         ec:c2:cb:3a:c1:f8:bc:eb:b5:24:6d:ef:f6:00:ba:70:75:a4:
-         32:7d:d0:33
+    Signature Value:
+        b6:7f:c6:0e:d0:6c:f9:0e:df:5d:71:ca:0c:fe:23:6b:14:f2:
+        0e:c1:c2:60:17:cb:c9:f4:0e:39:52:b9:8d:71:71:b1:d9:2d:
+        cb:0c:af:17:64:27:63:10:4f:25:96:bc:4e:ec:67:4a:bf:01:
+        8a:d7:bd:60:49:f4:41:74:c2:48:3e:ef:4a:2c:e9:c0:bb:5f:
+        2b:38:2e:24:b7:40:f0:be:5c:57:23:bf:46:12:a8:47:78:0d:
+        2f:76:fc:9d:3b:e3:93:40:25:18:2b:64:df:13:f1:db:26:72:
+        3d:8c:c4:b8:e9:dc:60:fc:3a:48:de:58:80:c9:8a:0d:a8:14:
+        b2:81:5e:00:b5:a6:0e:a2:c8:06:4e:d5:0a:3b:37:6b:64:d8:
+        77:2b:09:0a:44:f4:bd:c8:51:78:29:6d:e1:5d:ae:a3:04:44:
+        45:dc:d5:ea:2f:f4:18:46:a0:27:89:cc:4e:68:e0:d5:d4:d9:
+        b0:d4:b1:68:fb:dd:d7:9e:9b:2a:3b:08:cf:d3:bc:f4:b9:9c:
+        75:3c:70:7c:25:6c:b1:fa:b0:8c:6f:bd:cc:e8:ff:a3:e2:4a:
+        f5:d8:b5:3f:b9:ee:72:2a:0c:03:6f:ec:dc:e3:dc:65:85:d0:
+        8b:4f:b5:b9:cf:40:87:27:9b:7d:2a:b9:4e:16:31:16:7f:69:
+        21:e3:ad:f4
 -----BEGIN CERTIFICATE-----
-MIIDhjCCAm6gAwIBAgIULvIBFby6pnRutEmO8wmMnMo+/jIwDQYJKoZIhvcNAQEL
+MIIDqTCCApGgAwIBAgIUV1gdb/9pwkNDpvLZEcOPcX/2w+4wDQYJKoZIhvcNAQEL
 BQAwfTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRMwEQYDVQQDDAoqbG9jYWxob3N0
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMTIxMzIyMTky
-OVoXDTI2MDkwODIyMTkyOVowfTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI0MTIxODIzMTEy
+M1oXDTI3MDkxNDIzMTEyM1owfTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
 bmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRMwEQYD
 VQQDDAoqbG9jYWxob3N0MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScB
@@ -62,10 +66,11 @@ yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF
 9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1m
 UQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOV
 oXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t
-1wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWso/lMVdXavJIHpeacXUQIqE4LJ5P
-1y98XeefGY+cALN0fhBpe6VxLzaieQJRTbvheAF39hOFhEaslohbR03d0v1e5Ek6
-ZAtnr5U+v0BND6AoYTdrQbmt3Iz0DIu1SSAZ4n8LY+X8Bm0WT7q2GjzUT7OkvcCW
-9ah/AYWjSqvDc3doVRsmhGAvcq/RxFVKqD3O/D6zVTeq3w8HbF8rDwV/vN9is2j1
-wgxI+LZBxeCsfaRQ8rxhChxbxbgxseqVP2ojiLN0e58dfBEj84mLcaX65jksEK+O
-6Y7GJcp229mVQOUV82fWZzueQp7swss6wfi867Ukbe/2ALpwdaQyfdAz
+1wIDAQABoyEwHzAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwDQYJKoZI
+hvcNAQELBQADggEBALZ/xg7QbPkO311xygz+I2sU8g7BwmAXy8n0DjlSuY1xcbHZ
+LcsMrxdkJ2MQTyWWvE7sZ0q/AYrXvWBJ9EF0wkg+70os6cC7Xys4LiS3QPC+XFcj
+v0YSqEd4DS92/J0745NAJRgrZN8T8dsmcj2MxLjp3GD8OkjeWIDJig2oFLKBXgC1
+pg6iyAZO1Qo7N2tk2HcrCQpE9L3IUXgpbeFdrqMEREXc1eov9BhGoCeJzE5o4NXU
+2bDUsWj73deemyo7CM/TvPS5nHU8cHwlbLH6sIxvvczo/6PiSvXYtT+57nIqDANv
+7Nzj3GWF0ItPtbnPQIcnm30quU4WMRZ/aSHjrfQ=
 -----END CERTIFICATE-----
diff --git a/certs/test/server-localhost.der b/certs/test/server-localhost.der
index 2ed23e20b..5384ee9c8 100644
Binary files a/certs/test/server-localhost.der and b/certs/test/server-localhost.der differ
diff --git a/certs/test/server-localhost.pem b/certs/test/server-localhost.pem
index fc4df2da4..569426d83 100644
--- a/certs/test/server-localhost.pem
+++ b/certs/test/server-localhost.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            32:31:fc:d6:4a:77:2b:3b:c9:07:02:ae:b4:e7:b7:d3:a4:61:56:2b
+            6b:d5:4f:73:be:43:aa:47:d4:ce:30:d4:5b:39:58:1e:05:94:6d:48
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
         Validity
-            Not Before: Dec 13 22:19:29 2023 GMT
-            Not After : Sep  8 22:19:29 2026 GMT
+            Not Before: Dec 18 23:11:23 2024 GMT
+            Not After : Sep 14 23:11:23 2027 GMT
         Subject: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
                     01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
@@ -35,28 +35,31 @@ Certificate:
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
                 DNS:localhost
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
     Signature Algorithm: sha256WithRSAEncryption
-         af:7a:bb:f0:b6:1e:12:8a:60:ec:c8:91:34:a3:d3:80:92:f3:
-         bc:c7:37:e9:96:75:a8:67:a0:94:b9:2a:df:81:02:23:28:6a:
-         72:de:81:03:33:88:1b:60:75:16:77:dc:72:40:3e:d9:d8:ab:
-         6f:3e:99:7a:7c:db:37:13:40:b6:4d:82:47:7c:75:7a:6f:9d:
-         ca:89:54:8c:17:15:9a:80:9a:7c:b5:e3:4b:7e:74:fd:2f:28:
-         98:79:f5:56:96:d6:5c:9c:b4:94:62:32:d2:31:1b:53:5c:71:
-         be:45:37:69:9f:e4:07:87:fa:d7:a7:63:bc:5c:8a:5c:71:9c:
-         31:25:d8:93:ae:cf:db:98:50:e5:52:58:de:44:f7:4f:7e:4a:
-         a9:9c:ac:0a:84:03:ba:c4:46:e4:83:00:e6:dd:a5:33:43:e9:
-         5d:ea:fc:89:85:10:57:d0:0e:5e:43:13:72:60:ec:bb:5c:e9:
-         c3:ca:52:2d:06:e6:5b:d5:fd:e9:30:e0:da:80:78:b2:a1:a7:
-         84:ed:c0:e4:f9:f7:6d:94:a5:aa:6b:84:b1:7e:85:45:12:4c:
-         8d:52:91:5d:d1:e6:d7:32:0a:97:22:59:80:db:9d:de:68:90:
-         bd:a7:d0:9c:11:60:86:8c:89:8a:e1:19:75:09:e8:78:bb:23:
-         47:68:23:3c
+    Signature Value:
+        5b:8e:ee:b0:95:5c:91:e1:60:2f:ad:7e:c4:57:50:5f:32:4c:
+        77:3c:2f:db:a2:ad:75:15:02:e1:3f:10:d5:3f:8c:4f:47:91:
+        5c:3e:dd:98:15:52:a9:bf:57:65:f6:2a:40:64:07:89:4a:38:
+        10:fd:54:e8:70:32:bd:f0:fe:cf:82:67:f4:4b:b5:18:aa:95:
+        c8:2f:8f:75:7a:33:dc:9f:5e:82:5e:38:eb:2b:45:1d:95:ea:
+        62:74:56:b4:ce:a2:eb:90:c3:42:6c:31:4e:30:d7:d1:3c:85:
+        81:1b:82:f0:58:0e:be:55:da:ab:2c:69:4d:6f:e5:8d:af:fe:
+        7d:ad:a9:62:a2:b5:ab:29:a7:f7:0c:78:12:ed:a3:db:32:99:
+        41:90:11:4e:ee:97:99:0a:b6:89:19:c7:dd:1c:98:bf:d4:c4:
+        8a:6b:0b:52:8a:0a:e9:c5:96:be:cc:95:9c:78:27:b8:5b:41:
+        d8:05:47:0c:99:49:21:b0:26:76:6f:bc:7b:a0:b3:75:77:05:
+        95:a5:4a:28:4a:8e:f6:4a:07:6b:f9:26:a3:4f:f2:9e:de:af:
+        52:3e:36:30:57:f8:13:6b:66:a9:20:26:55:d1:e4:62:54:0c:
+        dd:a7:7d:4a:66:5f:af:53:98:53:c6:72:57:4c:15:5f:c4:08:
+        3c:ed:1d:30
 -----BEGIN CERTIFICATE-----
-MIIDnjCCAoagAwIBAgIUMjH81kp3KzvJBwKutOe306RhViswDQYJKoZIhvcNAQEL
+MIIDvTCCAqWgAwIBAgIUa9VPc75DqkfUzjDUWzlYHgWUbUgwDQYJKoZIhvcNAQEL
 BQAwfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv
 emVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhvc3Qx
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI5
-WhcNMjYwOTA4MjIxOTI5WjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjMxMTIz
+WhcNMjcwOTE0MjMxMTIzWjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu
 YTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEjAQBgNV
 BAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC
 ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXG
@@ -65,11 +68,12 @@ e7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/
 C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEM
 vVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3
 uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcC
-AwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IB
-AQCvervwth4SimDsyJE0o9OAkvO8xzfplnWoZ6CUuSrfgQIjKGpy3oEDM4gbYHUW
-d9xyQD7Z2KtvPpl6fNs3E0C2TYJHfHV6b53KiVSMFxWagJp8teNLfnT9LyiYefVW
-ltZcnLSUYjLSMRtTXHG+RTdpn+QHh/rXp2O8XIpccZwxJdiTrs/bmFDlUljeRPdP
-fkqpnKwKhAO6xEbkgwDm3aUzQ+ld6vyJhRBX0A5eQxNyYOy7XOnDylItBuZb1f3p
-MODagHiyoaeE7cDk+fdtlKWqa4SxfoVFEkyNUpFd0ebXMgqXIlmA253eaJC9p9Cc
-EWCGjImK4Rl1Ceh4uyNHaCM8
+AwEAAaM3MDUwFAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdDgQWBBSzETLJkpiE
+4sn40DtuA0LKHw6OPDANBgkqhkiG9w0BAQsFAAOCAQEAW47usJVckeFgL61+xFdQ
+XzJMdzwv26KtdRUC4T8Q1T+MT0eRXD7dmBVSqb9XZfYqQGQHiUo4EP1U6HAyvfD+
+z4Jn9Eu1GKqVyC+PdXoz3J9egl446ytFHZXqYnRWtM6i65DDQmwxTjDX0TyFgRuC
+8FgOvlXaqyxpTW/lja/+fa2pYqK1qymn9wx4Eu2j2zKZQZARTu6XmQq2iRnH3RyY
+v9TEimsLUooK6cWWvsyVnHgnuFtB2AVHDJlJIbAmdm+8e6CzdXcFlaVKKEqO9koH
+a/kmo0/ynt6vUj42MFf4E2tmqSAmVdHkYlQM3ad9SmZfr1OYU8ZyV0wVX8QIPO0d
+MA==
 -----END CERTIFICATE-----
diff --git a/cmake/Config.cmake.in b/cmake/Config.cmake.in
index 19d60ed7e..3b8098b6b 100644
--- a/cmake/Config.cmake.in
+++ b/cmake/Config.cmake.in
@@ -1,3 +1,9 @@
-@PACKAGE_INIT@
-
-include ( "${CMAKE_CURRENT_LIST_DIR}/wolfssl-targets.cmake" )
+@PACKAGE_INIT@
+
+include(CMakeFindDependencyMacro)
+if (@HAVE_PTHREAD@)
+  find_dependency(Threads)
+endif()
+
+
+include ( "${CMAKE_CURRENT_LIST_DIR}/wolfssl-targets.cmake" )
diff --git a/cmake/config.in b/cmake/config.in
index d1b61aa14..f2524e41e 100644
--- a/cmake/config.in
+++ b/cmake/config.in
@@ -46,6 +46,9 @@
 /* Define to 1 if the system has the type `__uint128_t'. */
 #cmakedefine HAVE___UINT128_T @HAVE___UINT128_T@
 
+/* Define to 1 if the system has the type `uintptr_t'. */
+#cmakedefine HAVE_UINTPTR_T @HAVE_UINTPTR_T@
+
 /* Define to the full name of this package. */
 #define PACKAGE_NAME "@CMAKE_PROJECT_NAME@"
 
diff --git a/cmake/functions.cmake b/cmake/functions.cmake
index 3c8832c2c..f43ebf09b 100644
--- a/cmake/functions.cmake
+++ b/cmake/functions.cmake
@@ -208,6 +208,12 @@ function(generate_build_flags)
         set(BUILD_EXT_KYBER "yes" PARENT_SCOPE)
         set(BUILD_OQS_HELPER "yes" PARENT_SCOPE)
     endif()
+    if(WOLFSSL_LMS OR WOLFSSL_USER_SETTINGS)
+        set(BUILD_WC_LMS "yes" PARENT_SCOPE)
+    endif()
+    if(WOLFSSL_XMSS OR WOLFSSL_USER_SETTINGS)
+        set(BUILD_WC_XMSS "yes" PARENT_SCOPE)
+    endif()
     if(WOLFSSL_ARIA OR WOLFSSL_USER_SETTINGS)
         message(STATUS "ARIA functions.cmake found WOLFSSL_ARIA")
         # we cannot actually build, as we only have pre-compiled bin
@@ -806,16 +812,26 @@ function(generate_lib_src_list LIB_SOURCES)
          endif()
 
          if(BUILD_WC_KYBER)
-              list(APPEND LIB_SOURCES wolfcrypt/src/wc_kyber.c)
-              list(APPEND LIB_SOURCES wolfcrypt/src/wc_kyber_poly.c)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem.c)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem_poly.c)
 
               if(BUILD_INTELASM)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/wc_kyber_asm.S)
+                   list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem_asm.S)
               endif()
          endif()
 
          if(BUILD_EXT_KYBER)
-              list(APPEND LIB_SOURCES wolfcrypt/src/ext_kyber.c)
+              list(APPEND LIB_SOURCES wolfcrypt/src/ext_mlkem.c)
+         endif()
+
+         if(BUILD_WC_LMS)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms.c)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms_impl.c)
+         endif()
+
+         if(BUILD_WC_XMSS)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss.c)
+              list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss_impl.c)
          endif()
 
          if(BUILD_LIBZ)
diff --git a/cmake/options.h.in b/cmake/options.h.in
index 71d9d4e6d..fb7570a83 100644
--- a/cmake/options.h.in
+++ b/cmake/options.h.in
@@ -1,6 +1,6 @@
 /* options.h.in
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,7 +22,9 @@
 
 /* cmake template for options.h */
 
-#ifndef WOLFSSL_OPTIONS_H
+#ifdef WOLFSSL_NO_OPTIONS_H
+/* options.h inhibited by configuration */
+#elif !defined(WOLFSSL_OPTIONS_H)
 #define WOLFSSL_OPTIONS_H
 
 
@@ -65,7 +67,7 @@ extern "C" {
 #undef GCM_WORD32
 #cmakedefine GCM_WORD32
 #undef HAVE___UINT128_T
-#cmakedefine HAVE___UINT128_T
+#cmakedefine HAVE___UINT128_T 1
 #undef HAVE_AES_KEYWRAP
 #cmakedefine HAVE_AES_KEYWRAP
 #undef HAVE_AESCCM
@@ -86,6 +88,8 @@ extern "C" {
 #cmakedefine HAVE_CRL
 #undef HAVE_CRL_IO
 #cmakedefine HAVE_CRL_IO
+#undef WOLFSSL_CUSTOM_CURVES
+#cmakedefine WOLFSSL_CUSTOM_CURVES
 #undef HAVE_CURVE25519
 #cmakedefine HAVE_CURVE25519
 #undef HAVE_CURVE448
@@ -129,7 +133,7 @@ extern "C" {
 #undef HAVE_POLY1305
 #cmakedefine HAVE_POLY1305
 #undef HAVE_PTHREAD
-#cmakedefine HAVE_PTHREAD
+#cmakedefine HAVE_PTHREAD 1
 #undef HAVE_REPRODUCIBLE_BUILD
 #cmakedefine HAVE_REPRODUCIBLE_BUILD
 #undef HAVE_SESSION_TICKET
@@ -362,12 +366,30 @@ extern "C" {
 #cmakedefine NO_DES3_TLS_SUITES
 #undef WOLFSSL_EXPERIMENTAL_SETTINGS
 #cmakedefine WOLFSSL_EXPERIMENTAL_SETTINGS
-#undef WOLFSSL_HAVE_KYBER
-#cmakedefine WOLFSSL_HAVE_KYBER
-#undef WOLFSSL_WC_KYBER
-#cmakedefine WOLFSSL_WC_KYBER
+#undef WOLFSSL_HAVE_MLKEM
+#cmakedefine WOLFSSL_HAVE_MLKEM
+#undef WOLFSSL_WC_MLKEM
+#cmakedefine WOLFSSL_WC_MLKEM
 #undef NO_WOLFSSL_STUB
 #cmakedefine NO_WOLFSSL_STUB
+#undef HAVE_ECC_SECPR2
+#cmakedefine HAVE_ECC_SECPR2
+#undef HAVE_ECC_SECPR3
+#cmakedefine HAVE_ECC_SECPR3
+#undef HAVE_ECC_BRAINPOOL
+#cmakedefine HAVE_ECC_BRAINPOOL
+#undef HAVE_ECC_KOBLITZ
+#cmakedefine HAVE_ECC_KOBLITZ
+#undef HAVE_ECC_CDH
+#cmakedefine HAVE_ECC_CDH
+#undef WOLFSSL_HAVE_LMS
+#cmakedefine WOLFSSL_HAVE_LMS
+#undef WOLFSSL_WC_LMS
+#cmakedefine WOLFSSL_WC_LMS
+#undef WOLFSSL_HAVE_XMSS
+#cmakedefine WOLFSSL_HAVE_XMSS
+#undef WOLFSSL_WC_XMSS
+#cmakedefine WOLFSSL_WC_XMSS
 
 #ifdef __cplusplus
 }
diff --git a/configure.ac b/configure.ac
index 562ed1616..0740c0c29 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,15 +1,18 @@
 # configure.ac
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL. (formerly known as CyaSSL)
 #
 #
-AC_COPYRIGHT([Copyright (C) 2006-2024 wolfSSL Inc.])
+AC_COPYRIGHT([Copyright (C) 2006-2025 wolfSSL Inc.])
 AC_PREREQ([2.69])
-AC_INIT([wolfssl],[5.7.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
+AC_INIT([wolfssl],[5.7.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
 AC_CONFIG_AUX_DIR([build-aux])
 
+# Inhibit unwanted regeneration of autotools artifacts by Makefile.
+AM_MAINTAINER_MODE([disable])
+
 # The following sets CFLAGS to empty if unset on command line.  We do not
 # want the default "-g -O2" that AC_PROG_CC sets automatically.
 : ${CFLAGS=""}
@@ -47,11 +50,11 @@ AC_SUBST([WOLFSSL_CONFIG_ARGS])
 # The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately
 
 # increment if interfaces have been removed or changed
-WOLFSSL_LIBRARY_VERSION_FIRST=42
+WOLFSSL_LIBRARY_VERSION_FIRST=43
 
 # increment if interfaces have been added
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
-WOLFSSL_LIBRARY_VERSION_SECOND=2
+WOLFSSL_LIBRARY_VERSION_SECOND=0
 
 # increment if source code has changed
 # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
@@ -116,17 +119,18 @@ then
     AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
 fi
 
-AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h])
+AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h])
 AC_CHECK_LIB([network],[socket])
 AC_C_BIGENDIAN
 AC_C___ATOMIC
 AC_CHECK_HEADER(stdatomic.h, [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_HAVE_ATOMIC_H"],[])
+AC_CHECK_HEADER(assert.h, [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_HAVE_ASSERT_H"],[])
 
 # check if functions of interest are linkable, but also check if
 # they're declared by the expected headers, and if not, supersede the
 # unusable positive from AC_CHECK_FUNCS().
-AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s inet_ntoa memset socket strftime atexit])
-AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime, atexit], [], [
+AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s inet_ntoa memset socket strftime atexit isascii])
+AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime, atexit, isascii], [], [
 if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes"
 then
     AC_MSG_NOTICE([    note: earlier check for $(eval 'echo ${as_decl_name}') superseded.])
@@ -156,6 +160,9 @@ fi
 #ifdef HAVE_STDLIB_H
     #include <stdlib.h>
 #endif
+#ifdef HAVE_CTYPE_H
+    #include <ctype.h>
+#endif
 ]])
 
 AC_PROG_INSTALL
@@ -171,6 +178,11 @@ DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
 LIB_ADD=
 LIB_STATIC_ADD=
 
+OPTIMIZE_CFLAGS="$OPTIMIZE_CFLAGS $EXTRA_OPTS_CFLAGS"
+OPTIMIZE_FAST_CFLAGS="$OPTIMIZE_FAST_CFLAGS $EXTRA_OPTS_CFLAGS"
+OPTIMIZE_HUGE_CFLAGS="$OPTIMIZE_HUGE_CFLAGS $EXTRA_OPTS_CFLAGS"
+DEBUG_VFLAGS="$DEBUG_VFLAGS $EXTRA_OPTS_CFLAGS"
+
 if test "$output_objdir" = ""
 then
     output_objdir=.
@@ -292,6 +304,25 @@ AC_ARG_ENABLE([hmac],
     [ ENABLED_HMAC=yes ]
     )
 
+# enable HMAC hash copying automatically for x86_64 and aarch64 (except Linux kernel module)
+HMAC_COPY_DEFAULT=no
+if test "$ENABLED_LINUXKM_DEFAULTS" = "no"
+then
+    if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"
+    then
+        HMAC_COPY_DEFAULT=yes
+    fi
+fi
+AC_ARG_ENABLE([hmac-copy],
+    [AS_HELP_STRING([--enable-hmac-copy],[Enables digest copying implementation for HMAC (default: disabled)])],
+    [ ENABLED_HMAC_COPY=$enableval ],
+    [ ENABLED_HMAC_COPY=$HMAC_COPY_DEFAULT ]
+    )
+if test "$ENABLED_HMAC_COPY" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HMAC_COPY_HASH"
+fi
+
 AC_ARG_ENABLE([do178],
     [AS_HELP_STRING([--enable-do178],[Enable DO-178, Will NOT work w/o DO178 license (default: disabled)])],
     [ENABLED_DO178=$enableval],
@@ -316,7 +347,6 @@ then
 fi
 AC_SUBST([ENABLED_ASM])
 
-
 # Default math is SP Math all and not fast math
 # FIPS v1 and v2 must use fast math
 DEF_SP_MATH="yes"
@@ -341,7 +371,7 @@ then
     test -z "$enable_sha" && enable_sha=yes
     test -z "$with_eccminsz" && with_eccminsz=192
     test -z "$with_max_ecc_bits" && with_max_ecc_bits=1024
-    AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFPROVIDER -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
 fi
 
 # wolfEngine Options
@@ -395,8 +425,8 @@ AS_CASE([$ENABLED_WOLFENGINE],
 #   v2 - FIPS 140-2 Cert 3389
 #   cert3389 - alias for v2
 #   rand - wolfRand
-#   v5-RC12 - FIPS 140-3, wolfCrypt/fips WCv5.0-RC12
-#   v5 - currently, alias for v5-RC12
+#   v5 - FIPS 140-3 Cert 4718
+#   cert4718 - alias for v5
 #   ready - FIPS 140-3 settings with in-tree wolfcrypt sources, feature locked
 #   dev - FIPS 140-3 settings with in-tree wolfcrypt sources, features freely adjustable
 #   v5-ready - Alias for ready.
@@ -412,6 +442,7 @@ AS_CASE([$ENABLED_WOLFENGINE],
 #             HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 2.
 #   v5-RC11 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC11
 #             HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 2.
+#   v5-RC12 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC12
 AS_CASE([$ENABLED_FIPS],
     [no],[
         FIPS_VERSION="none"
@@ -420,7 +451,7 @@ AS_CASE([$ENABLED_FIPS],
         FIPS_VERSION="disabled"
         ENABLED_FIPS="no"
     ],
-    [v1|yes|cert2425],[
+    [v1|cert2425],[
         FIPS_VERSION="v1"
         HAVE_FIPS_VERSION_MAJOR=1
         ENABLED_FIPS="yes"
@@ -443,10 +474,20 @@ AS_CASE([$ENABLED_FIPS],
         DEF_SP_MATH="no"
         DEF_FAST_MATH="no"
     ],
-    [v5|v5-RC12],[
+    [v5|cert4718],[
+        FIPS_VERSION="v5"
+        HAVE_FIPS_VERSION_MAJOR=5
+        HAVE_FIPS_VERSION_MINOR=2
+        HAVE_FIPS_VERSION_PATCH=1
+        ENABLED_FIPS="yes"
+        DEF_SP_MATH="no"
+        DEF_FAST_MATH="yes"
+    ],
+    [v5-RC12],[
         FIPS_VERSION="v5-RC12"
         HAVE_FIPS_VERSION_MAJOR=5
         HAVE_FIPS_VERSION_MINOR=2
+        HAVE_FIPS_VERSION_PATCH=0
         ENABLED_FIPS="yes"
         DEF_SP_MATH="no"
         DEF_FAST_MATH="yes"
@@ -460,9 +501,18 @@ AS_CASE([$ENABLED_FIPS],
         DEF_FAST_MATH="yes"
     ],
     [v5-dev],[
+        FIPS_VERSION="v5-dev"
+        HAVE_FIPS_VERSION_MAJOR=5
+        HAVE_FIPS_VERSION_MINOR=2
+        HAVE_FIPS_VERSION_PATCH=1
+        ENABLED_FIPS="yes"
+        # for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
+    ],
+    [v5-kcapi],[
         FIPS_VERSION="v5-dev"
         HAVE_FIPS_VERSION_MAJOR=5
         HAVE_FIPS_VERSION_MINOR=3
+        HAVE_FIPS_VERSION_PATCH=0
         ENABLED_FIPS="yes"
         # for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
     ],
@@ -496,8 +546,16 @@ AS_CASE([$ENABLED_FIPS],
         ENABLED_FIPS="yes"
         # for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
     ],
+    [lean-aesgcm|lean-aesgcm-ready|lean-aesgcm-dev],[
+        FIPS_VERSION="$ENABLED_FIPS"
+        HAVE_FIPS_VERSION_MAJOR=7
+        HAVE_FIPS_VERSION_MINOR=0
+        HAVE_FIPS_VERSION_PATCH=0
+        ENABLED_FIPS="yes"
+    ],
     [
-        AC_MSG_ERROR([Invalid value for --enable-fips "$ENABLED_FIPS" (main options: v1, v2, v5, v6, ready, dev, rand, no, disabled)])
+        AS_IF([test "$ENABLED_FIPS" = "yes"],[ENABLED_FIPS="(unset)"],[ENABLED_FIPS=\"$ENABLED_FIPS\"])
+        AC_MSG_ERROR([Invalid value for --enable-fips $ENABLED_FIPS (main options: v1, v2, v5, v6, ready, dev, rand, lean-aesgcm, no, disabled)])
     ])
 
 if test -z "$HAVE_FIPS_VERSION_MAJOR"
@@ -560,7 +618,10 @@ then
     AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[AR_FLAGS="Dcr" lt_ar_flags="Dcr"])
     AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[RANLIB="${RANLIB} -D"])
 
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_REPRODUCIBLE_BUILD -g0"
+    if test "$ENABLED_DEBUG_TRACE_ERRCODES" != "backtrace"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_REPRODUCIBLE_BUILD -g0"
+    fi
 
     # opportunistically use -ffile-prefix-map (added in GCC8 and LLVM10)
 
@@ -574,16 +635,15 @@ then
         AM_CFLAGS="$AM_CFLAGS -ffile-prefix-map=\$(abs_top_srcdir)/= -ffile-prefix-map=\$(top_srcdir)/="
     fi
 
-    # opportunistically use linker option --build-id=none
-
-    if "$CC" -Wl,--build-id=none -x c - -o /dev/null >/dev/null 2>&1 <<'        EOF'
+    # opportunistically force linker option --build-id=sha1 (usually the default)
+    if "$CC" -Wl,--build-id=sha1 -x c - -o /dev/null >/dev/null 2>&1 <<'        EOF'
         #include <stdlib.h>
         int main(int argc, char **argv) {
             (void)argc; (void)argv; return 0;
         }
         EOF
     then
-        AM_LDFLAGS="$AM_LDFLAGS -Wl,--build-id=none"
+        AM_LDFLAGS="$AM_LDFLAGS -Wl,--build-id=sha1"
     fi
 fi
 
@@ -616,9 +676,6 @@ AC_ARG_ENABLE([linuxkm-pie],
 if test "$ENABLED_LINUXKM_PIE" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_LINUXKM_PIE_SUPPORT"
-elif test "$ENABLED_FIPS" = yes && test "$ENABLED_LINUXKM" = yes
-then
-    AC_MSG_ERROR([FIPS linuxkm requires linuxkm-pie.])
 fi
 AC_SUBST([ENABLED_LINUXKM_PIE])
 
@@ -635,7 +692,7 @@ AC_SUBST([ENABLED_LINUXKM_BENCHMARKS])
 
 if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST -DWOLFSSL_SP_MOD_WORD_RP -DWOLFSSL_SP_DIV_64 -DWOLFSSL_SP_DIV_WORD_HALF -DWOLFSSL_SMALL_STACK_STATIC -DWOLFSSL_TEST_SUBROUTINE=static"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST -DWOLFSSL_SP_MOD_WORD_RP -DWOLFSSL_SP_DIV_64 -DWOLFSSL_SP_DIV_WORD_HALF -DWOLFSSL_SMALL_STACK_STATIC"
     if test "$ENABLED_LINUXKM_PIE" = "yes"; then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
     fi
@@ -688,6 +745,17 @@ fi
 
 # MATH LIBRARY SELECTION
 
+# Assure consistency of defaults
+if test "$DEF_FAST_MATH" = "yes" && ( (test "$enable_sp_math" != "no" && test "$enable_sp_math" != "") || test "$enable_heapmath" = "yes")
+then
+    DEF_FAST_MATH=no
+fi
+
+if test "$DEF_SP_MATH" = "yes" && (test "$enable_fastmath" = "yes" || test "$enable_fasthugemath" = "yes" || test "$enable_heapmath" = "yes")
+then
+    DEF_SP_MATH=no
+fi
+
 # Single Precision maths implementation
 AC_ARG_ENABLE([sp],
     [AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])],
@@ -759,14 +827,14 @@ fi
 
 # fastmath
 AC_ARG_ENABLE([fastmath],
-    [AS_HELP_STRING([--enable-fastmath],[Enable fast math ops (default: disabled)])],
+    [AS_HELP_STRING([--enable-fastmath],[Enable legacy Tom's Fast Math back end (default: disabled)])],
     [ ENABLED_FASTMATH=$enableval ],
     [ ENABLED_FASTMATH=$DEF_FAST_MATH ]
     )
 
 # fast HUGE math
 AC_ARG_ENABLE([fasthugemath],
-    [AS_HELP_STRING([--enable-fasthugemath],[Enable fast math + huge code (default: disabled)])],
+    [AS_HELP_STRING([--enable-fasthugemath],[Enable legacy Tom's Fast Math + huge code (default: disabled)])],
     [ ENABLED_FASTHUGEMATH=$enableval ],
     [ ENABLED_FASTHUGEMATH=no ]
     )
@@ -790,6 +858,69 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_BUILD"
 fi
 
+
+AC_ARG_ENABLE([leanpsk],
+    [AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
+    [ ENABLED_LEANPSK=$enableval ],
+    [ ENABLED_LEANPSK=no ]
+    )
+
+if test "$ENABLED_LEANPSK" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
+    ENABLED_SLOWMATH="no"
+    ENABLED_SINGLETHREADED="yes"
+    enable_lowresource=yes
+fi
+
+
+# ASN
+
+# disabling ASN implicitly disables certs, RSA, DSA, and ECC,
+# and also disables MPI unless DH is enabled.
+
+# turn off ASN if leanpsk on
+if test "$ENABLED_LEANPSK" = "yes"
+then
+    enable_asn=no
+fi
+
+AC_ARG_ENABLE([asn],
+    [AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
+    [ ENABLED_ASN=$enableval ],
+    [ ENABLED_ASN=yes ]
+    )
+
+for v in `echo $ENABLED_ASN | tr "," " "`
+do
+    case $v in
+    all)
+        # Enable all ASN features
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL"
+        ENABLED_ASN=yes
+        ;;
+    template | yes)
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
+        ENABLED_ASN=yes
+        ;;
+    original)
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL"
+        ;;
+    nocrypt)
+        AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
+        enable_pwdbased=no
+        ;;
+    no)
+        AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
+        enable_pwdbased=no
+        ;;
+    *)
+        AC_MSG_ERROR([Invalid asn option. Valid are: all, template/yes, original, nocrypt or no. Seen: $ENABLED_ASN.])
+        break;;
+esac
+done
+
+
 # if sp-math-all is not set, then enable fast math
 if test "x$ENABLED_FASTMATH" = "xyes" && test "$enable_sp_math_all" = "" && test "$enable_sp_math" = ""
 then
@@ -831,9 +962,54 @@ then
     ENABLED_SP_MATH_ALL="no"
 fi
 
+# wolfCrypt Only Build
+AC_ARG_ENABLE([cryptonly],
+    [AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
+    [ENABLED_CRYPTONLY=$enableval],
+    [ENABLED_CRYPTONLY=no])
+
+AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])
+
+# TLS
+AC_ARG_ENABLE([tls],
+    [AS_HELP_STRING([--enable-tls],[Enable TLS support (default: enabled)])],
+    [ ENABLED_TLS=$enableval ],
+    [ ENABLED_TLS=yes ]
+    )
+
+if test "$ENABLED_CRYPTONLY" = "yes"
+then
+    ENABLED_TLS=no
+fi
+if test "$ENABLED_TLS" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_TLS"
+    test "$enable_tls13" = "" && enable_tls13=no
+    test "$enable_tlsv12" = "" && enable_tlsv12=no
+    test "$enable_tlsv10" = "" && enable_tlsv10=no
+    test "$enable_dtls" = "" && enable_dtls=no
+    test "$enable_dtls13" = "" && enable_dtls13=no
+    test "$enable_dtls_mtu" = "" && enable_dtls_mtu=no
+    test "$enable_dtlscid" = "" && enable_dtlscid=no
+    test "$enable_dtls_frag_ch" = "" && enable_dtls_frag_ch=no
+    test "$enable_mcast" = "" && enable_mcast=no
+    test "$enable_srtp" = "" && enable_srtp=no
+    test "$enable_ocsp" = "" && enable_ocsp=no
+    test "$enable_tlsx" = "" && enable_tlsx=no
+    test "$enable_sni" = "" && enable_sni=no
+    test "$enable_crl_monitor" = "" && enable_crl_monitor=no
+    test "$enable_alpn" = "" && enable_alpn=no
+    test "$enable_pkcallbacks" = "" && enable_pkcallbacks=no
+    test "$enable_quic" = "" && enable_quic=no
+    test "$enable_ech" = "" && enable_ech=no
+    test "$enable_ocspstapling" = "" && enable_ocspstapling=no
+
+    # Disable all open source compatibility enables that might get set with all
+    test "$enable_all_osp" = "" && enable_all_osp=no
+fi
 
 
-# ALL FEATURES
+# All features, except conflicting or experimental:
 AC_ARG_ENABLE([all],
     [AS_HELP_STRING([--enable-all],[Enable all wolfSSL features, except SSLv3 (default: disabled)])],
     [ ENABLED_ALL=$enableval ],
@@ -841,117 +1017,107 @@ AC_ARG_ENABLE([all],
     )
 if test "$ENABLED_ALL" = "yes"
 then
+    test "$enable_all_crypto" = "" && enable_all_crypto=yes
+
+    test "$enable_all_osp" = "" && test "$ENABLED_LINUXKM_DEFAULTS" != "yes" && enable_all_osp=yes
+
     test "$enable_dtls" = "" && enable_dtls=yes
+    test "$enable_dtls_mtu" = "" && enable_dtls_mtu=yes
+    test "$enable_dtlscid" = "" && enable_dtlscid=yes
+    test "$enable_dtls_frag_ch" = "" && enable_dtls_frag_ch=yes
     if test "x$FIPS_VERSION" != "xv1"
     then
         test "$enable_tls13" = "" && enable_tls13=yes
-        test "$enable_rsapss" = "" && enable_rsapss=yes
+        test "$enable_dtls13" = "" && enable_dtls13=yes
     fi
 
-    # this set is also enabled by enable-all-crypto:
-    test "$enable_atomicuser" = "" && enable_atomicuser=yes
-    test "$enable_aesgcm" = "" && enable_aesgcm=yes
-    test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
-    test "$enable_aesccm" = "" && enable_aesccm=yes
-    test "$enable_aesctr" = "" && enable_aesctr=yes
-    test "$enable_aeseax" = "" && enable_aeseax=yes
-    test "$enable_aesofb" = "" && enable_aesofb=yes
-    test "$enable_aescfb" = "" && enable_aescfb=yes
-    test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
-    test "$enable_camellia" = "" && enable_camellia=yes
-    test "$enable_ripemd" = "" && enable_ripemd=yes
-    test "$enable_sha224" = "" && enable_sha224=yes
-    test "$enable_sha512" = "" && enable_sha512=yes
-    test "$enable_sha3" = "" && enable_sha3=yes
-    test "$enable_shake128" = "" && enable_shake128=yes
-    test "$enable_shake256" = "" && enable_shake256=yes
-    test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
-    test "$enable_keygen" = "" && enable_keygen=yes
-    test "$enable_certgen" = "" && enable_certgen=yes
-    test "$enable_certreq" = "" && enable_certreq=yes
-    test "$enable_certext" = "" && enable_certext=yes
-    test "$enable_sep" = "" && enable_sep=yes
-    test "$enable_hkdf" = "" && enable_hkdf=yes
-    test "$enable_curve25519" = "" && enable_curve25519=yes
-    test "$enable_curve448" = "" && enable_curve448=yes
-    test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes
-    test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes
-    test "$enable_psk" = "" && enable_psk=yes
-    test "$enable_cmac" = "" && enable_cmac=yes
-    test "$enable_siphash" = "" && enable_siphash=yes
-    test "$enable_ocsp" = "" && enable_ocsp=yes
-    test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes
-    test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes
-    test "$enable_crl" = "" && enable_crl=yes
-    test "$enable_supportedcurves" = "" && enable_supportedcurves=yes
-    test "$enable_tlsx" = "" && enable_tlsx=yes
-    test "$enable_pwdbased" = "" && enable_pwdbased=yes
-    test "$enable_aeskeywrap" = "" && enable_aeskeywrap=yes
-    test "$enable_x963kdf" = "" && enable_x963kdf=yes
-    test "$enable_scrypt" = "" && test "$enable_hmac" != "no" && enable_scrypt=yes
-    test "$enable_indef" = "" && enable_indef=yes
-    test "$enable_enckeys" = "" && enable_enckeys=yes
-    test "$enable_hashflags" = "" && enable_hashflags=yes
-    test "$enable_defaultdhparams" = "" && enable_defaultdhparams=yes
-    test "$enable_base64encode" = "" && enable_base64encode=yes
-    test "$enable_base16" = "" && enable_base16=yes
-    test "$enable_arc4" = "" && enable_arc4=yes
-    test "$enable_blake2" = "" && enable_blake2=yes
-    test "$enable_blake2s" = "" && enable_blake2s=yes
-    test "$enable_md2" = "" && enable_md2=yes
-    test "$enable_md4" = "" && enable_md4=yes
-    test "$enable_anon" = "" && enable_anon=yes
-    test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
-
     test "$enable_savesession" = "" && enable_savesession=yes
     test "$enable_savecert" = "" && enable_savecert=yes
     test "$enable_postauth" = "" && enable_postauth=yes
     test "$enable_hrrcookie" = "" && enable_hrrcookie=yes
     test "$enable_fallback_scsv" = "" && enable_fallback_scsv=yes
-    test "$enable_webserver" = "" && enable_webserver=yes
     test "$enable_crl_monitor" = "" && enable_crl_monitor=yes
     test "$enable_sni" = "" && enable_sni=yes
     test "$enable_maxfragment" = "" && enable_maxfragment=yes
     test "$enable_alpn" = "" && enable_alpn=yes
     test "$enable_truncatedhmac" = "" && enable_truncatedhmac=yes
-    test "$enable_trusted_ca" = "" && enable_trusted_ca=yes
+    test "$enable_trustedca" = "" && enable_trustedca=yes
     test "$enable_session_ticket" = "" && enable_session_ticket=yes
     test "$enable_earlydata" = "" && enable_earlydata=yes
     test "$enable_ech" = "" && enable_ech=yes
-    test "$enable_srtp" = "" && enable_srtp=yes
     test "$enable_rpk" = "" && enable_rpk=yes
 
     if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
     then
-        test "$enable_compkey" = "" && enable_compkey=yes
         test "$enable_quic" = "" && test "$enable_cryptonly" != "yes" && enable_quic=yes
         AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
     fi
 
-    # sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
-    if test "$ENABLED_SP_MATH" = "no"
+    if test "$ENABLED_SP_MATH" != "yes"
     then
-        test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
-        if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
-            test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
-            test "$enable_brainpool" = "" && enable_brainpool=yes
-        fi
-        test "$enable_srp" = "" && enable_srp=yes
         # linuxkm is incompatible with opensslextra and its dependents.
         if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
         then
-            if test "$ENABLED_FIPS" = "no"
-            then
-                if test "$ENABLED_32BIT" != "yes"
-                then
-                    test "$enable_openssh" = "" && enable_openssh=yes
-                fi
-                # S/MIME support requires PKCS7, which requires no FIPS.
-                test "$enable_smime" = "" && enable_smime=yes
-            fi
             test "$enable_opensslextra" = "" && enable_opensslextra=yes
             test "$enable_opensslall" = "" && enable_opensslall=yes
             test "$enable_certservice" = "" && enable_certservice=yes
+        fi
+    fi
+
+    if test "$ENABLED_FIPS" = "no"
+    then
+        test "$enable_scep" = "" && enable_scep=yes
+        test "$enable_mcast" = "" && enable_mcast=yes
+    fi
+
+    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
+    then
+        test "$enable_srtp" = "" && enable_srtp=yes
+    fi
+
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
+
+    # Certificate extensions and alt. names for FPKI use
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SUBJ_DIR_ATTR -DWOLFSSL_FPKI -DWOLFSSL_SUBJ_INFO_ACC"
+
+    # Handle as many subject/issuer name OIDs as possible
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_NAME_ALL"
+
+    # More thorough error queue usage.
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERBOSE_ERRORS"
+fi
+
+
+# All OSP meta-features:
+AC_ARG_ENABLE([all-osp],
+    [AS_HELP_STRING([--enable-all-osp],[Enable all OSP meta feature sets (default: disabled)])],
+    [ ENABLED_ALL_OSP=$enableval ],
+    [ ENABLED_ALL_OSP=no]
+    )
+
+if test "$ENABLED_ALL_OSP" = "yes"
+then
+    if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
+    then
+        AC_MSG_ERROR([--enable-all-osp is incompatible with --enable-linuxkm-defaults])
+    fi
+
+    test "$enable_webserver" = "" && enable_webserver=yes
+
+    if test "$ENABLED_SP_MATH" != "yes"
+    then
+        if test "$ENABLED_FIPS" = "no"
+        then
+            # S/MIME support requires PKCS7, which requires no FIPS.
+            test "$enable_smime" = "" && enable_smime=yes
+            if test "$ENABLED_32BIT" != "yes"
+            then
+                test "$enable_openssh" = "" && enable_openssh=yes
+            fi
+        fi
+
+        if test "$ENABLED_ALL_OSP" != "no"
+        then
             test "$enable_lighty" = "" && enable_lighty=yes
             test "$enable_nginx" = "" && enable_nginx=yes
             test "$enable_openvpn" = "" && enable_openvpn=yes
@@ -965,74 +1131,121 @@ then
 
     if test "$ENABLED_FIPS" = "no"
     then
-        test "$enable_cryptocb" = "" && enable_cryptocb=yes
-        test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
-        test "$enable_xchacha" = "" && test "$enable_chacha" != "no" && enable_xchacha=yes
-        test "$enable_scep" = "" && enable_scep=yes
-        test "$enable_pkcs7" = "" && enable_pkcs7=yes
-        test "$enable_nullcipher" = "" && enable_nullcipher=yes
-        test "$enable_mcast" = "" && enable_mcast=yes
-        test "$enable_ed25519" = "" && enable_ed25519=yes
-        test "$enable_ed25519_stream" = "" && test "$enable_ed25519" != "no" && enable_ed25519_stream=yes
-        test "$enable_ed448" = "" && enable_ed448=yes
-        test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes
-
-        if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
-        then
-            # these use DES3:
-            test "$enable_stunnel" = "" && enable_stunnel=yes
-            test "$enable_curl" = "" && enable_curl=yes
-            test "$enable_tcpdump" = "" && enable_tcpdump=yes
-
-            test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes
-            test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes
-        fi
+        # these use DES3:
+        test "$enable_stunnel" = "" && enable_stunnel=yes
+        test "$enable_curl" = "" && enable_curl=yes
+        test "$enable_tcpdump" = "" && enable_tcpdump=yes
     fi
-
-    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6 || test "$FIPS_VERSION" = "v5-dev"; then
-        test "$enable_aesxts" = "" && enable_aesxts=yes
-        test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && (test "$enable_armasm" = "" || test "$enable_armasm" = "no") && enable_aesxts_stream=yes
-        test "$enable_aessiv" = "" && enable_aessiv=yes
-    fi
-
-    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
-        test "$enable_des3" = "" && enable_des3=yes
-    fi
-
-    # Enable DH const table speedups (eliminates `-lm` math lib dependency)
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
-    DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
-
-    # Enable multiple attribute additions such as DC
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB"
-
-    # Enable AES Decrypt, AES ECB
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB"
-
-    # Enable Alt Names, DER Load, Keep Certs, CRL IO with Timeout
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
-
-    # Enable DH Extra
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
-
-    # Enable deterministic ECC signing API with variant
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT"
-
-    # Store issuer name components when parsing certificates.
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_ISSUER_NAMES"
-
-    # Certificate extensions and alt. names for FPKI use
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SUBJ_DIR_ATTR -DWOLFSSL_FPKI -DWOLFSSL_SUBJ_INFO_ACC"
-
-    # Handle as many subject/issuer name OIDs as possible
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_NAME_ALL"
-
-    # More thorough error queue usage.
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERBOSE_ERRORS"
 fi
 
 
-# ALL CRYPTO FEATURES
+# Auto-selected activation of all applicable asm accelerations
+
+# Enable asm automatically only if the compiler advertises itself as full Gnu C.
+if "$CC" $AM_CFLAGS $CPPFLAGS $CFLAGS -x c - -o /dev/null >/dev/null 2>&1 <<'    EOF'
+    #include <stdlib.h>
+    int main(int argc, char **argv) {
+        (void)argc; (void)argv;
+    #ifdef __STRICT_ANSI__
+        #error __STRICT_ANSI__
+    #endif
+    #ifndef __GNUC__
+        #error !__GNUC__
+    #endif
+        return 0;
+    }
+    EOF
+then
+    HAVE_GNUC=yes
+fi
+
+if test "$enable_all_crypto" = "yes" &&
+   test "$ENABLED_LINUXKM_DEFAULTS" = "no" &&
+   test "$ENABLED_ASM" != "no" &&
+   test "$HAVE_GNUC" = "yes" &&
+   test "$enable_sp_asm" != "no" &&
+   test "$enable_intelasm" != "no" &&
+   test "$enable_armasm" != "no" &&
+   test "$enable_afalg" != "yes" &&
+   test "$ENABLED_32BIT" = "no"
+then
+    DEFAULT_ENABLED_ALL_ASM=yes
+else
+    DEFAULT_ENABLED_ALL_ASM=no
+fi
+
+AC_ARG_ENABLE([all-asm],
+    [AS_HELP_STRING([--enable-all-asm],[Enable all applicable assembly accelerations (default: disabled)])],
+    [ ENABLED_ALL_ASM=$enableval ],
+    [ ENABLED_ALL_ASM=$DEFAULT_ENABLED_ALL_ASM ]
+    )
+
+if test "$ENABLED_ALL_ASM" != "no"
+then
+    if test "$ENABLED_ASM" = "no"
+    then
+        AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-asm])
+    fi
+
+    if test "$enable_sp_asm" = "no"
+    then
+        AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-sp-asm])
+    fi
+
+    if test "$enable_intelasm" = "no"
+    then
+        AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-intelasm])
+    fi
+
+    if test "$enable_armasm" = "no"
+    then
+        AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-armasm])
+    fi
+
+    case "$host_cpu" in
+        *x86_64*|*amd64*)
+            if test "$enable_intelasm" = ""
+            then
+                enable_intelasm=yes
+            fi
+            if test "$ENABLED_SP" != "no"
+            then
+                ENABLED_SP_ASM=yes
+                if test "$ENABLED_SP" = ""
+                then
+                    ENABLED_SP=yes
+                fi
+            fi
+            ;;
+        *aarch64*)
+            if test "$enable_armasm" = ""
+            then
+               enable_armasm=yes
+            fi
+            if test "$ENABLED_SP" != "no"
+            then
+                ENABLED_SP_ASM=yes
+                if test "$ENABLED_SP" = ""
+                then
+                    ENABLED_SP=yes
+                fi
+            fi
+            ;;
+    esac
+fi
+
+# 32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.  Disable
+# implicit activation, and error on explicit activation.
+if test "$enable_riscv_asm" = "yes" || (test "$enable_armasm" = "yes" && test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be")
+then
+    if test "$enable_aesgcm_stream" = "yes"
+    then
+        AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.])
+    fi
+    enable_aesgcm_stream=no
+fi
+
+# All wolfCrypt features:
 AC_ARG_ENABLE([all-crypto],
     [AS_HELP_STRING([--enable-all-crypto],[Enable all wolfcrypt algorithms (default: disabled)])],
     [ ENABLED_ALL_CRYPT=$enableval ],
@@ -1042,10 +1255,8 @@ if test "$ENABLED_ALL_CRYPT" = "yes"
 then
     test "$enable_atomicuser" = "" && enable_atomicuser=yes
     test "$enable_aesgcm" = "" && enable_aesgcm=yes
-    test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
     test "$enable_aesccm" = "" && enable_aesccm=yes
     test "$enable_aesctr" = "" && enable_aesctr=yes
-    test "$enable_aeseax" = "" && enable_aeseax=yes
     test "$enable_aesofb" = "" && enable_aesofb=yes
     test "$enable_aescfb" = "" && enable_aescfb=yes
     test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
@@ -1054,8 +1265,6 @@ then
     test "$enable_sha224" = "" && enable_sha224=yes
     test "$enable_sha512" = "" && enable_sha512=yes
     test "$enable_sha3" = "" && enable_sha3=yes
-    test "$enable_shake128" = "" && enable_shake128=yes
-    test "$enable_shake256" = "" && enable_shake256=yes
     test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
     test "$enable_keygen" = "" && enable_keygen=yes
     test "$enable_certgen" = "" && enable_certgen=yes
@@ -1093,19 +1302,20 @@ then
     test "$enable_md4" = "" && enable_md4=yes
     test "$enable_anon" = "" && enable_anon=yes
     test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
-    test "$enable_srtp_kdf" = "" && enable_srtp_kdf=yes
 
-    if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
+    if test "x$FIPS_VERSION" != "xv1"
     then
-        test "$enable_compkey" = "" && enable_compkey=yes
+        test "$enable_rsapss" = "" && enable_rsapss=yes
     fi
 
-    if test "$ENABLED_SP_MATH" = "no"
+    # sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
+    if test "$ENABLED_SP_MATH" != "yes"
     then
         test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
         if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
             test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
-            test "$enable_brainpool" = "" && enable_brainpool=yes
+            test "$enable_ecccustcurves" != "no" && test "$enable_brainpool" = "" && enable_brainpool=yes
+            test "$enable_ecccustcurves" != "no" && AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH -DHAVE_ECC_KOBLITZ -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3"
         fi
         test "$enable_srp" = "" && enable_srp=yes
     fi
@@ -1121,6 +1331,8 @@ then
         test "$enable_ed25519_stream" = "" && test "$enable_ed25519" != "no" && enable_ed25519_stream=yes
         test "$enable_ed448" = "" && enable_ed448=yes
         test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes
+        test "$enable_aessiv" = "" && enable_aessiv=yes
+        test "$enable_aeseax" = "" && enable_aeseax=yes
 
         if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
         then
@@ -1129,25 +1341,31 @@ then
         fi
     fi
 
-    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6 || test "$FIPS_VERSION" = "v5-dev"; then
+    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
+    then
+        test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
         test "$enable_aesxts" = "" && enable_aesxts=yes
-        test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && (test "$enable_armasm" = "" || test "$enable_armasm" = "no") && enable_aesxts_stream=yes
-        test "$enable_aessiv" = "" && enable_aessiv=yes
+        test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && enable_aesxts_stream=yes
+        test "$enable_shake128" = "" && enable_shake128=yes
+        test "$enable_shake256" = "" && enable_shake256=yes
+        test "$enable_compkey" = "" && test "$ENABLED_LINUXKM_DEFAULTS" != "yes" && enable_compkey=yes
+        # AFALG lacks AES-ECB
+        test "$enable_srtp_kdf" = "" && test "$enable_afalg" != "yes" && enable_srtp_kdf=yes
     fi
 
     if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
         test "$enable_des3" = "" && enable_des3=yes
+        test "$enable_des3" != "no" && AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
     fi
 
-    # Enable AES Decrypt, AES ECB, Alt Names, DER Load
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES"
 
     # Enable DH const table speedups (eliminates `-lm` math lib dependency)
     AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
     DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
 
-    # Enable multiple attribute additions such as DC
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB"
+    # Enable all parsing features for ASN */
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL"
 
     # Enable DH Extra
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
@@ -1180,7 +1398,7 @@ AC_ARG_WITH([liboqs],
                 tryliboqsdir="/usr/local"
             fi
 
-            CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include"
+            CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include -pthread"
             LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib"
 
             AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
@@ -1208,72 +1426,131 @@ AC_ARG_WITH([liboqs],
 )
 
 
-# KYBER
+# MLKEM
 # Used:
 #  - SHA3, Shake128 and Shake256
 AC_ARG_ENABLE([kyber],
-    [AS_HELP_STRING([--enable-kyber],[Enable KYBER (requires --enable-experimental) (default: disabled)])],
-    [ ENABLED_KYBER=$enableval ],
-    [ ENABLED_KYBER=no ]
+    [AS_HELP_STRING([--enable-kyber],[Enable Kyber/MLKEM (default: disabled)])],
+    [ ENABLED_MLKEM=$enableval ],
+    [ ENABLED_MLKEM=no ]
+    )
+# note, inherits default from "kyber" clause above.
+AC_ARG_ENABLE([mlkem],
+    [AS_HELP_STRING([--enable-mlkem],[Enable MLKEM (default: disabled)])],
+    [ ENABLED_MLKEM=$enableval ]
     )
 
-ENABLED_WC_KYBER=no
-for v in `echo $ENABLED_KYBER | tr "," " "`
+ENABLED_WC_MLKEM=no
+ENABLED_ML_KEM=unset
+ENABLED_MLKEM_MAKE_KEY=no
+ENABLED_MLKEM_ENCAPSULATE=no
+ENABLED_MLKEM_DECAPSULATE=no
+for v in `echo $ENABLED_MLKEM | tr "," " "`
 do
   case $v in
-  yes | all)
-    ENABLED_KYBER512=yes
-    ENABLED_KYBER768=yes
-    ENABLED_KYBER1024=yes
+  yes|all)
+    ENABLED_MLKEM512=yes
+    ENABLED_MLKEM768=yes
+    ENABLED_MLKEM1024=yes
+    ENABLED_MLKEM_MAKE_KEY=yes
+    ENABLED_MLKEM_ENCAPSULATE=yes
+    ENABLED_MLKEM_DECAPSULATE=yes
+    if test "$v" = "all"
+    then
+        ENABLED_ML_KEM=yes
+        ENABLED_ORIGINAL=yes
+    fi
     ;;
   no)
     ;;
   small)
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_SMALL"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_SMALL"
+    ;;
+  cache-a)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_CACHE_A"
     ;;
   512)
-    ENABLED_KYBER512=yes
+    ENABLED_MLKEM512=yes
     ;;
   768)
-    ENABLED_KYBER768=yes
+    ENABLED_MLKEM768=yes
     ;;
   1024)
-    ENABLED_KYBER1024=yes
+    ENABLED_MLKEM1024=yes
+    ;;
+  make)
+    ENABLED_MLKEM_MAKE_KEY=yes
+    ;;
+  encapsulate|enc)
+    ENABLED_MLKEM_ENCAPSULATE=yes
+    ;;
+  decapsulate|dec)
+    ENABLED_MLKEM_DECAPSULATE=yes
+    ;;
+  original|kyber)
+    ENABLED_ORIGINAL=yes
     ;;
   ml-kem)
     ENABLED_ML_KEM=yes
     ;;
   *)
-    AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.])
+    AC_MSG_ERROR([Invalid choice for MLKEM []: $ENABLED_MLKEM.])
     break;;
   esac
 done
 
-if test "$ENABLED_KYBER" != "no"
+if test "$ENABLED_MLKEM" != "no"
 then
-    AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([KYBER requires --enable-experimental.]) ])
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_KYBER"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLKEM"
     # Use liboqs if specified.
     if test "$ENABLED_LIBOQS" = "no"; then
-        ENABLED_WC_KYBER=yes
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_KYBER"
-        AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_KYBER"
+        ENABLED_WC_MLKEM=yes
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_MLKEM"
+        AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_MLKEM"
     fi
 
-    if test "$ENABLED_KYBER512" = ""; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
+    if test "$ENABLED_ORIGINAL" = "yes"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_KYBER"
+        if test "$ENABLED_MLKEM512" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
+        fi
+        if test "$ENABLED_MLKEM768" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768"
+        fi
+        if test "$ENABLED_MLKEM1024" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
+        fi
+        if test "$ENABLED_ML_KEM" = "unset"; then
+            ENABLED_ML_KEM=no
+        fi
     fi
-    if test "$ENABLED_KYBER768" = ""; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768"
-    fi
-    if test "$ENABLED_KYBER1024" = ""; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
+    if test "$ENABLED_ML_KEM" = "unset"; then
+        ENABLED_ML_KEM=yes
     fi
     if test "$ENABLED_ML_KEM" = "yes"; then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ML_KEM"
+        if test "$ENABLED_MLKEM512" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512"
+        fi
+        if test "$ENABLED_MLKEM768" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768"
+        fi
+        if test "$ENABLED_MLKEM1024" = ""; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024"
+        fi
+    else
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM"
+    fi
+    if test "$ENABLED_MLKEM_MAKE_KEY" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_MAKE_KEY"
+    fi
+    if test "$ENABLED_MLKEM_ENCAPSULATE" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_ENCAPSULATE"
+    fi
+    if test "$ENABLED_MLKEM_DECAPSULATE" = "no"; then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_DECAPSULATE"
     fi
 
-    if test "$ENABLED_WC_KYBER" = "yes"
+    if test "$ENABLED_WC_MLKEM" = "yes"
     then
         test "$enable_sha3" = "" && enable_sha3=yes
         test "$enable_shake128" = "" && enable_shake128=yes
@@ -1284,7 +1561,7 @@ fi
 # Dilithium
 #  - SHA3, Shake128, Shake256 and AES-CTR
 AC_ARG_ENABLE([dilithium],
-    [AS_HELP_STRING([--enable-dilithium],[Enable DILITHIUM (requires --enable-experimental) (default: disabled)])],
+    [AS_HELP_STRING([--enable-dilithium],[Enable DILITHIUM (default: disabled)])],
     [ ENABLED_DILITHIUM=$enableval ],
     [ ENABLED_DILITHIUM=no ]
     )
@@ -1338,6 +1615,9 @@ do
   87)
     ENABLED_MLDSA87=yes
     ;;
+  draft|fips204-draft)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_FIPS204_DRAFT"
+    ;;
   *)
     AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87]: $ENABLED_DILITHIUM.])
     break;;
@@ -1346,7 +1626,6 @@ done
 
 if test "$ENABLED_DILITHIUM" != "no"
 then
-    AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([DILITHIUM requires --enable-experimental.]) ])
     AM_CFLAGS="$AM_CFLAGS -DHAVE_DILITHIUM"
 
     if test "$ENABLED_MLDSA44" = ""; then
@@ -1377,6 +1656,7 @@ then
 fi
 
 # XMSS
+ENABLED_WC_XMSS=no
 AC_ARG_ENABLE([xmss],
     [AS_HELP_STRING([--enable-xmss],[Enable stateful XMSS/XMSS^MT signatures (default: disabled)])],
     [ ENABLED_XMSS=$enableval ],
@@ -1468,6 +1748,7 @@ then
 fi
 
 # LMS
+ENABLED_WC_LMS=no
 AC_ARG_ENABLE([lms],
     [AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])],
     [ ENABLED_LMS=$enableval ],
@@ -1487,6 +1768,12 @@ do
   small)
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS_SMALL"
     ;;
+  no-sha256-256)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_LMS_SHA256_256"
+    ;;
+  sha256-192)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_SHA256_192"
+    ;;
   *)
     AC_MSG_ERROR([Invalid choice for LMS []: $ENABLED_LMS.])
     break;;
@@ -1606,14 +1893,6 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_RWLOCK"
 fi
 
-# wolfCrypt Only Build
-AC_ARG_ENABLE([cryptonly],
-    [AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
-    [ENABLED_CRYPTONLY=$enableval],
-    [ENABLED_CRYPTONLY=no])
-
-AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])
-
 # ECH
 AC_ARG_ENABLE([ech],
     [AS_HELP_STRING([--enable-ech],[Enable ECH (default: disabled)])],
@@ -2177,7 +2456,7 @@ fi
 
 # OPENSSL Extra Compatibility
 AC_ARG_ENABLE([opensslextra],
-    [AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled)])],
+    [AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled). Skip compat header install using "noinstall"])],
     [ ENABLED_OPENSSLEXTRA=$enableval ],
     [ ENABLED_OPENSSLEXTRA=no ]
     )
@@ -2236,6 +2515,40 @@ else
     AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN -DWC_NO_CACHE_RESISTANT"
 fi
 
+# Fault protection hardening
+AC_ARG_ENABLE([faultharden],
+    [AS_HELP_STRING([--enable-faultharden],[Enable Fault Hardened build (default: disabled)])],
+    [ENABLED_FAULTHARDEN=$enableval],
+    [ENABLED_FAULTHARDEN=no])
+
+if test "$ENABLED_FAULTHARDEN" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_SIG_FAULTS -DWOLFSSL_CHECK_VER_FAULTS"
+fi
+
+AC_ARG_ENABLE([compileharden],
+    [AS_HELP_STRING([--enable-compileharden],[Enable extra hardening compile flags (default: disabled)])],
+    [ENABLED_COMPILEHARDEN=$enableval],
+    [ENABLED_COMPILEHARDEN=no])
+
+EXTRA_OPTS_CFLAGS=
+if test "$ENABLED_COMPILEHARDEN" = "yes"
+then
+    CAN_USE_32B_BOUNDARIES_FLAG=no
+    AX_CHECK_COMPILE_FLAG([-Wa,-mbranches-within-32B-boundaries],
+        [CAN_USE_32B_BOUNDARIES_FLAG=yes],
+        [CAN_USE_32B_BOUNDARIES_FLAG=no],
+        [-Werror],[])
+
+    if test "$CAN_USE_32B_BOUNDARIES_FLAG" = "yes"
+    then
+        EXTRA_OPTS_CFLAGS="$EXTRA_OPTS_CFLAGS -Wa,-mbranches-within-32B-boundaries -falign-loops=64"
+    else
+        AC_MSG_ERROR([compiler does not accept -mbranches-within-32B-boundaries flag])
+    fi
+fi
+
+
 
 # IPv6 Test Apps
 AC_ARG_ENABLE([ipv6],
@@ -2299,21 +2612,6 @@ then
     DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
 fi
 
-# lean psk build
-AC_ARG_ENABLE([leanpsk],
-    [AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
-    [ ENABLED_LEANPSK=$enableval ],
-    [ ENABLED_LEANPSK=no ]
-    )
-
-if test "$ENABLED_LEANPSK" = "yes"
-then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
-    ENABLED_SLOWMATH="no"
-    ENABLED_SINGLETHREADED="yes"
-    enable_lowresource=yes
-fi
-
 
 # lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
 AC_ARG_ENABLE([leantls],
@@ -2546,7 +2844,7 @@ AC_ARG_WITH([se050],
     [
         AC_MSG_CHECKING([for SE050])
 
-        LIBS="$LIBS -lSSS_APIs"
+        LIBS="$LIBS -lSSS_APIs -lex_common"
         AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0);]])],[ libse050_linked=yes ],[ libse050_linked=no ])
 
         if test "x$libse050_linked" = "xno" ; then
@@ -2844,8 +3142,9 @@ then
 fi
 
 
+ENABLED_ARMASM_CRYPTO="unknown"
 ENABLED_ARMASM_INLINE="no"
-ENABLED_ARMASM_SHA3="no"
+ENABLED_ARMASM_SHA3="unknown"
 ENABLED_ARMASM_CRYPTO_SM4="no"
 # ARM Assembly
 # Both SHA3 and SHA512 instructions available with ARMV8.2-a
@@ -2865,6 +3164,9 @@ then
         inline)
             ENABLED_ARMASM_INLINE=yes
             ;;
+        no-crypto)
+            ENABLED_ARMASM_CRYPTO=no
+            ;;
         sha512-crypto | sha3-crypto)
             case $host_cpu in
             *aarch64*)
@@ -2876,6 +3178,16 @@ then
             ENABLED_ARMASM_SHA3=yes
             ENABLED_ARMASM_PLUS=yes
             ;;
+        no-sha512-crypto | no-sha3-crypto)
+            case $host_cpu in
+            *aarch64*)
+                ;;
+            *)
+                AC_MSG_ERROR([SHA512/SHA3 instructions only available on Aarch64 CPU.])
+                break;;
+            esac
+            ENABLED_ARMASM_SHA3=no
+            ;;
         sm4)
             case $host_cpu in
             *aarch64*)
@@ -2920,8 +3232,10 @@ then
         *aarch64*)
             case $host_os in
             *darwin*)
-                # All known Aarch64 Mac computers support SHA-512 instructions
-                ENABLED_ARMASM_SHA3=yes
+                # Turn it on unless explicitly turned off.
+                if test "$ENABLED_ARMASM_SHA3" = "unknown"; then
+                    ENABLED_ARMASM_SHA3="yes"
+                fi
                 ;;
             *)
                 # +crypto needed for hardware acceleration
@@ -2934,14 +3248,17 @@ then
                         AM_CPPFLAGS="$AM_CPPFLAGS+sm4"
                     fi
                 else
-                    AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto"
+                    AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto -DWOLFSSL_AARCH64_NO_SQRDMLSH"
                 fi
                 ;;
             esac
             # Include options.h
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
-            ENABLED_ARMASM_CRYPTO=yes
+            if test "$ENABLED_ARMASM_CRYPTO" = "unknown"; then
+                ENABLED_ARMASM_CRYPTO=yes
+            fi
             ENABLED_ARMASM_NEON=yes
+            ENABLED_ARM_64=yes
 
             # Check for and set -mstrict-align compiler flag
             # Used to set assumption that Aarch64 systems will not handle
@@ -2965,8 +3282,8 @@ then
             # Include options.h
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=no
-            ENABLED_AESGCM_STREAM=no # not yet implemented
             ENABLED_ARMASM_NEON=yes
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv7-a found, setting mfpu to neon])
             if test "$ENABLED_FIPS" != "no" ||
                 test "$HAVE_FIPS_VERSION_MAJOR" -ge 5;
@@ -2979,12 +3296,14 @@ then
             ;;
         armv7m*)
             # QEMU doesn't work with armv7-m
-            AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -D__thumb__ -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7"
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_THUMB2"
+            AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -DWOLFSSL_ARMASM_THUMB2 -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7"
             # Include options.h
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=no
-            ENABLED_AESGCM_STREAM=no # not yet implemented
             ENABLED_ARMASM_NEON=no
+            ENABLED_ARM_THUMB=yes
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv7-m found])
             if test "$ENABLED_FIPS" != "no" ||
                 test "$HAVE_FIPS_VERSION_MAJOR" -ge 5;
@@ -2999,16 +3318,16 @@ then
             AM_CPPFLAGS="$AM_CPPFLAGS -march=armv6 -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=6"
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=no
-            ENABLED_AESGCM_STREAM=no # not yet implemented
             ENABLED_ARMASM_NEON=no
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv6 found])
             ;;
         armv4*)
             AM_CPPFLAGS="$AM_CPPFLAGS -march=armv4 -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=4"
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=no
-            ENABLED_AESGCM_STREAM=no # not yet implemented
             ENABLED_ARMASM_NEON=no
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv4 found])
             ;;
         *)
@@ -3017,6 +3336,7 @@ then
             AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
             ENABLED_ARMASM_CRYPTO=yes
             ENABLED_ARMASM_NEON=yes
+            ENABLED_ARM_32=yes
             AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8])
             ;;
         esac
@@ -3027,12 +3347,18 @@ if test "$ENABLED_ARMASM_SHA3" = "yes"; then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512 -DWOLFSSL_ARMASM_CRYPTO_SHA3"
     AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512 -DWOLFSSL_ARMASM_CRYPTO_SHA3"
 fi
+if test "$ENABLED_ARMASM_SHA3" = "unknown"; then
+    ENABLED_ARMASM_SHA3="no"
+fi
 if test "$ENABLED_ARMASM_SM3" = "yes"; then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SM3"
 fi
 if test "$ENABLED_ARMASM_SM4" = "yes"; then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SM4"
 fi
+if test "$ENABLED_ARMASM_CRYPTO" = "unknown"; then
+    ENABLED_ARMASM_CRYPTO=no
+fi
 if test "$ENABLED_ARMASM_CRYPTO" = "no"; then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_NO_HW_CRYPTO"
 fi
@@ -3054,7 +3380,6 @@ AC_ARG_ENABLE([riscv-asm],
 if test "$ENABLED_RISCV_ASM" != "no" && test "$ENABLED_ASM" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_ASM"
-    ENABLED_AESGCM_STREAM=no # not yet implemented
     AC_MSG_NOTICE([64bit RISC-V assembly for AES])
 fi
 
@@ -3220,6 +3545,13 @@ AC_ARG_ENABLE([aesni],
     [ ENABLED_AESNI=no ]
     )
 
+# INTEL AES-NI with AVX
+AC_ARG_ENABLE([aesni-with-avx],
+    [AS_HELP_STRING([--enable-aesni-with-avx],[Enable AES-NI with additional AVX acceleration for AES (default: disabled)])],
+    [ ENABLED_AESNI_WITH_AVX=$enableval ],
+    [ ENABLED_AESNI_WITH_AVX=no ]
+    )
+
 # INTEL ASM
 AC_ARG_ENABLE([intelasm],
     [AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])],
@@ -3235,6 +3567,17 @@ then
         ENABLED_AESNI=yes
     fi
 
+    if test "$ENABLED_INTELASM" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP"
+        ENABLED_AESNI=yes
+        ENABLED_AESNI_WITH_AVX=yes
+    elif test "$ENABLED_AESNI_WITH_AVX" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP_FOR_AES"
+        ENABLED_AESNI=yes
+    fi
+
     if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
     then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
@@ -3260,12 +3603,6 @@ then
         AS_IF([test "x$ENABLED_SM3" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SM3"])
     fi
 
-    if test "$ENABLED_INTELASM" = "yes"
-    then
-        AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP"
-        ENABLED_AESNI=yes
-    fi
-
     if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"
     then
         AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_X86_64_BUILD"
@@ -3633,6 +3970,19 @@ then
 fi
 
 
+# SHA256
+AC_ARG_ENABLE([sha256],
+    [AS_HELP_STRING([--enable-sha256],[Enable wolfSSL SHA256 support (default: enabled)])],
+    [ ENABLED_SHA256=$enableval ],
+    [ ENABLED_SHA256=yes ]
+    )
+
+if test "$ENABLED_SHA256" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_SHA256"
+fi
+
+
 # set sha224 default
 SHA224_DEFAULT=no
 if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"
@@ -3641,7 +3991,7 @@ then
         ( test "x$ENABLED_FIPS" = "xno" ||
           ( test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" != 1 ) )
     then
-        SHA224_DEFAULT=yes
+        SHA224_DEFAULT=$ENABLED_SHA256
     fi
 fi
 
@@ -3654,6 +4004,10 @@ AC_ARG_ENABLE([sha224],
 
 if test "$ENABLED_SHA224" = "yes"
 then
+    if test "$ENABLED_SHA256" = "no"
+    then
+        AC_MSG_ERROR([Enabling SHA224 requires enabling SHA256.])
+    fi
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"
 fi
 
@@ -3800,6 +4154,12 @@ then
     ENABLED_KEYGEN=yes
 fi
 
+# ATTRIBUTE CERTIFICATES
+AC_ARG_ENABLE([acert],
+    [AS_HELP_STRING([--enable-acert],[Enable attribute certificate support (default: disabled)])],
+    [ ENABLED_ACERT=$enableval ],
+    [ ENABLED_ACERT=no ]
+    )
 
 # CERT GENERATION
 AC_ARG_ENABLE([certgen],
@@ -4033,7 +4393,8 @@ AC_ARG_ENABLE([compkey],
     [ ENABLED_COMPKEY=no ]
     )
 
-if test "$ENABLED_WPAS" = "yes" || test "$ENABLED_OPENSSLALL" = "yes"
+if (test "$ENABLED_WPAS" = "yes" || test "$ENABLED_OPENSSLALL" = "yes") &&
+   (test "$HAVE_FIPS_VERSION" != "5")
 then
     ENABLED_COMPKEY=yes
 fi
@@ -4403,7 +4764,7 @@ fi
 
 if test "$ENABLED_STACKSIZE" = "verbose"
 then
-    if test "$thread_ls_on" != "yes"
+    if test "$thread_ls_on" != "yes" && test "x$ENABLED_SINGLETHREADED" = "xno"
     then
         AC_MSG_ERROR(stacksize-verbose needs thread-local storage.)
     fi
@@ -4541,6 +4902,11 @@ fi
 if test "$ENABLED_WOLFSENTRY" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WOLFSENTRY_HOOKS -DHAVE_EX_DATA -DHAVE_EX_DATA_CLEANUP_HOOKS"
+    if test "$ENABLED_OPENSSLEXTRA" = "no"
+    then
+        ENABLED_OPENSSLEXTRA="yes"
+        AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
+    fi
     WOLFSENTRY_LIB="$WOLFSENTRY_LIB -lwolfsentry"
 fi
 
@@ -4752,54 +5118,6 @@ then
 fi
 
 
-# ASN
-
-# turn off asn, which means no certs, no rsa, no dsa, no ecc,
-# and no big int (unless dh is on)
-
-# turn off ASN if leanpsk on
-if test "$ENABLED_LEANPSK" = "yes"
-then
-    enable_asn=no
-fi
-
-AC_ARG_ENABLE([asn],
-    [AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
-    [ ENABLED_ASN=$enableval ],
-    [ ENABLED_ASN=yes ]
-    )
-
-for v in `echo $ENABLED_ASN | tr "," " "`
-do
-    case $v in
-    all)
-        # Enable all ASN features
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL"
-        ENABLED_ASN=yes
-        ;;
-    template | yes)
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
-        ENABLED_ASN=yes
-        ;;
-    original)
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL"
-        ENABLED_ASN=yes
-        ;;
-    nocrypt)
-        AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
-        enable_pwdbased=no
-        ;;
-    no)
-        AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
-        enable_pwdbased=no
-        ENABLED_ASN=no
-        ;;
-    *)
-        AC_MSG_ERROR([Invalid asn option. Valid are: all, template/yes, original, nocrypt or no. Seen: $ENABLED_ASN.])
-        break;;
-esac
-done
-
 if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && \
    test "$ENABLED_ASN" = "no" && test "$ENABLED_LOWRESOURCE" = "no"
 then
@@ -4918,10 +5236,6 @@ AC_ARG_ENABLE([dtlscid],
     )
 if test "x$ENABLED_DTLS_CID" = "xyes"
 then
-        if test "x$ENABLED_DTLS13" != "xyes"
-        then
-                AC_MSG_ERROR([You need to enable DTLSv1.3 to use DTLS ConnectionID])
-        fi
   AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CID"
 fi
 
@@ -5196,8 +5510,7 @@ AC_ARG_ENABLE([wolfEntropy],
     )
 AC_ARG_ENABLE([entropy-memuse],
     [AS_HELP_STRING([--enable-entropy-memuse],[Enable memuse entropy support (default: disabled)])],
-    [ ENABLED_ENTROPY_MEMUSE=$enableval ],
-    [ ENABLED_ENTROPY_MEMUSE=no ]
+    [ ENABLED_ENTROPY_MEMUSE=$enableval ]
     )
 
 # AES key wrap
@@ -5208,8 +5521,15 @@ AC_ARG_ENABLE([aeskeywrap],
     )
 
 # FIPS feature and macro setup
+
 AS_CASE([$FIPS_VERSION],
     [v6|ready|dev],[ # FIPS 140-3 SRTP-KDF
+
+        AS_IF([test "$FIPS_VERSION" = "dev"],
+            [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_DEV"])
+        AS_IF([test "$FIPS_VERSION" = "ready"],
+            [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_READY"])
+
         AM_CFLAGS="$AM_CFLAGS \
             -DHAVE_FIPS \
             -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
@@ -5228,7 +5548,7 @@ AS_CASE([$FIPS_VERSION],
             -DHAVE_FFDHE_6144 \
             -DHAVE_FFDHE_8192"
 
-        # KCAPI API does not support custom k for sign, don't force enable ECC key sizes and do not use seed callback
+        # KCAPI API does not support custom k for sign, don't force enable ECC key sizes and don't use seed callback
         AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"],
             [AM_CFLAGS="$AM_CFLAGS \
                 -DWC_RNG_SEED_CB \
@@ -5304,7 +5624,8 @@ AS_CASE([$FIPS_VERSION],
 
         AS_IF([test "x$ENABLED_ECCCUSTCURVES" != "xno" &&
                test "$FIPS_VERSION" != "dev"],
-            [ENABLED_ECCCUSTCURVES="no"])
+            [AC_MSG_WARN([Forcing off ecccustcurves for FIPS ${FIPS_VERSION}.])
+             ENABLED_ECCCUSTCURVES="no"])
 
 # Hashing section
         AS_IF([test "x$ENABLED_SHA3" != "xyes" &&
@@ -5349,11 +5670,8 @@ AS_CASE([$FIPS_VERSION],
                (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm" != "no")],
             [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
 
-        # AES-GCM streaming is part of the v6 FIPS suite, but isn't implemented
-        # for armasm on arm-v7 or earlier (see armasm setup above).
         AS_IF([test "$ENABLED_AESGCM_STREAM" != "yes" &&
-               (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "no") &&
-               ! (test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ARMASM_CRYPTO" = "no")],
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "no")],
             [ENABLED_AESGCM_STREAM="yes"])
 
         AS_IF([test "x$ENABLED_AESOFB" = "xno" &&
@@ -5371,14 +5689,13 @@ AS_CASE([$FIPS_VERSION],
             [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
 
         AS_IF([test "x$ENABLED_AESXTS_STREAM" = "xno" &&
-               (test "$FIPS_VERSION" != "dev" || test "$enable_aesxts_stream" != "no") &&
-               ! (test "$ENABLED_ARMASM" = "yes" || test "$ENABLED_ARMASM_CRYPTO" = "no")],
+               (test "$FIPS_VERSION" != "dev" || test "$enable_aesxts_stream" != "no")],
             [ENABLED_AESXTS_STREAM="yes"])
 
-        AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") ||
-               (test "$ENABLED_AESCTR" = "yes" && test "$HAVE_AESCTR_PORT" != "yes") ||
-               (test "$ENABLED_AESGCM" = "yes" && test "$HAVE_AESGCM_PORT" != "yes") ||
-               (test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes")],
+        AS_IF([(test "$ENABLED_AESCCM" != "no" && test "$HAVE_AESCCM_PORT" != "yes") ||
+               (test "$ENABLED_AESCTR" != "no" && test "$HAVE_AESCTR_PORT" != "yes") ||
+               (test "$ENABLED_AESGCM" != "no" && test "$HAVE_AESGCM_PORT" != "yes") ||
+               (test "$ENABLED_AESOFB" != "no" && test "$HAVE_AESOFB_PORT" != "yes")],
             [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
 
         AS_IF([test "x$ENABLED_AESKEYWRAP" != "xyes" &&
@@ -5387,9 +5704,223 @@ AS_CASE([$FIPS_VERSION],
 
 # Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
         AS_IF([test "$ENABLED_OLD_TLS" != "no"],
-            [ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
+            [AC_MSG_WARN([Forcing off oldtls for FIPS ${FIPS_VERSION}.])
+             ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
 
     ],
+
+    [lean-aesgcm|lean-aesgcm-ready|lean-aesgcm-dev],[
+
+        AS_IF([test "$FIPS_VERSION" = "lean-aesgcm-dev"],
+            [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_DEV"])
+        AS_IF([test "$FIPS_VERSION" = "lean-aesgcm-ready"],
+            [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_READY"])
+
+        AM_CFLAGS="$AM_CFLAGS \
+            -DHAVE_FIPS \
+            -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
+            -DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
+            -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
+            -DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
+            -DNO_BIG_INT \
+            -DWC_RNG_SEED_CB \
+            -DNO_PBKDF2"
+
+# optimizations section
+
+# protocol section
+        AS_IF([test "$ENABLED_CRYPTONLY" != "yes" && test "$enable_cryptonly" != "no"],
+            [ENABLED_CRYPTONLY="yes"; enable_cryptonly="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"])
+
+        AS_IF([test "$ENABLED_TLS" != "no" && test "$enable_tls" != "yes"],
+            [ENABLED_TLS="no"; enable_tls="no"; AM_CFLAGS="$AM_CFLAGS -DNO_TLS"])
+
+        AS_IF([test "$ENABLED_TLSV12" != "no" && test "$enable_tlsv12" != "yes"],
+            [ENABLED_TLSV12="no"; enable_tlsv12="no"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12"])
+
+        AS_IF([test "$ENABLED_ASN" != "no" && test "$enable_asn" != "yes"],
+            [ENABLED_ASN="no"; enable_asn="no"; AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"])
+
+        AS_IF([test "$ENABLED_SEND_HRR_COOKIE" != "no" && test "$enable_hrrcookie" != "yes"],
+            [ENABLED_SEND_HRR_COOKIE="no"; enable_hrrcookie="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_SEND_HRR_COOKIE"])
+
+        AS_IF([test "$ENABLED_WOLFSSH" != "no" && test "$enable_ssh" != "yes"],
+            [ENABLED_WOLFSSH="no"; enable_ssh="no"])
+
+        AS_IF([test "$ENABLED_HKDF" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_hkdf" != "yes")],
+            [enable_hkdf="no"; ENABLED_HKDF="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_HKDF"])
+
+        AS_IF([test "$ENABLED_PWDBASED" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_pwdbased" != "yes")],
+            [enable_pwdbased="no"; ENABLED_PWDBASED="no"])
+
+        AS_IF([test "$ENABLED_SRTP" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_srtp" != "yes")],
+            [enable_srtp="no"; ENABLED_SRTP="no"])
+
+        AS_IF([test "$ENABLED_SRTP_KDF" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_srtp_kdf" != "yes")],
+            [enable_srtp_kdf="no"; ENABLED_SRTP_KDF="no"])
+
+        AS_IF([test "$ENABLED_PKCS8" != "no" && test "$enable_pkcs8" != "yes"],
+            [enable_pkcs8="no"; ENABLED_PKCS8="no"; AM_CFLAGS="$AM_CFLAGS -DNO_PKCS8"])
+
+# public key section
+
+        AS_IF([test "$ENABLED_SP_MATH_ALL" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sp_math_all" != "yes")],
+            [enable_sp_math_all="no"; ENABLED_SP_MATH_ALL="no"])
+
+        AS_IF([test "$ENABLED_KEYGEN" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_keygen" != "yes")],
+            [enable_keygen="no"; ENABLED_KEYGEN="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_KEY_GEN"])
+
+        AS_IF([test "$ENABLED_COMPKEY" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_compkey" != "yes")],
+            [enable_compkey="no"; ENABLED_COMPKEY="no"])
+
+        AS_IF([test "$ENABLED_RSA" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_rsa" != "yes")],
+            [enable_rsa="no"; ENABLED_RSA="no"; AM_CFLAGS="$AM_CFLAGS -DNO_RSA"])
+
+        AS_IF([test "$ENABLED_RSAPSS" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_rsapss" != "yes")],
+            [enable_rsapss="no"; ENABLED_RSAPSS="no"; AM_CFLAGS="$AM_CFLAGS -UWC_RSA_PSS"])
+
+        AS_IF([test "$ENABLED_DH" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_dh" != "yes")],
+            [enable_dh="no"; ENABLED_DH="no"; AM_CFLAGS="$AM_CFLAGS -DNO_DH"])
+
+        AS_IF([test "$ENABLED_ECC" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_ecc" != "yes")],
+            [enable_ecc="no"; ENABLED_ECC="no"; ENABLED_ECCMINSZ="n/a"; ENABLED_ECC_SHAMIR="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_ECC -UTFM_ECC256 -UECC_MIN_KEY_SZ -UECC_SHAMIR"])
+
+        AS_IF([test "$ENABLED_ED25519" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_ed25519" != "yes")],
+            [enable_ed25519="no"; ENABLED_ED25519="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_ED25519 -UHAVE_ED25519_KEY_IMPORT"])
+        AS_IF([test "$ENABLED_CURVE25519" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_curve25519" != "yes")],
+            [enable_curve25519="no"; ENABLED_CURVE25519="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_CURVE25519"])
+
+        AS_IF([test "$ENABLED_ED448" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_ed448" != "yes")],
+            [enable_ed448="no"; ENABLED_ED448="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_ED448 -UHAVE_ED448_KEY_IMPORT"])
+        AS_IF([test "$ENABLED_CURVE448" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_curve448" != "yes")],
+            [enable_curve448="no"; ENABLED_CURVE448="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_CURVE448"])
+
+        AS_IF([test "$ENABLED_ED25519_STREAM" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_ed25519_stream" != "yes")],
+            [enable_ed25519_stream="no"; ENABLED_ED25519_STREAM="no"])
+        AS_IF([test "$ENABLED_ED448_STREAM" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_ed448_stream" != "yes")],
+            [enable_ed448_stream="no"; ENABLED_ED448_STREAM="no"])
+
+        AS_IF([test "$ENABLED_ECCCUSTCURVES" != "no" &&
+               test "$FIPS_VERSION" != "lean-aesgcm-dev"],
+            [ENABLED_ECCCUSTCURVES="no"])
+
+# Hashing section
+        AS_IF([test "$ENABLED_SHA" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sha" != "yes")],
+            [enable_sha="no"; ENABLED_SHA="no"; AM_CFLAGS="$AM_CFLAGS -DNO_SHA"])
+
+        AS_IF([test "$ENABLED_SHA256" = "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sha256" != "no")],
+            [enable_sha256="yes"; ENABLED_SHA256="yes"; AM_CFLAGS="$AM_CFLAGS -UNO_SHA256"])
+
+        AS_IF([test "$ENABLED_SHA3" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sha3" != "yes")],
+            [enable_sha3="no"; ENABLED_SHA3="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_SHA3"])
+
+        AS_IF([test "$ENABLED_SHA224" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sha224" != "yes")],
+            [enable_sha224="no"; ENABLED_SHA224="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_SHA224"])
+
+        AS_IF([test "$ENABLED_SHA384" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sha384" != "yes")],
+            [enable_sha384="no"; ENABLED_SHA384="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_SHA384 -UWOLFSSL_SHA384"])
+
+        AS_IF([test "$ENABLED_SHA512" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sha512" != "yes")],
+            [enable_sha512="no"; ENABLED_SHA512="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_SHA512 -UWOLFSSL_SHA384"])
+
+        # SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
+
+        AS_IF([test "$ENABLED_SHAKE128" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_shake128" != "yes")],
+            [enable_shake128="no"; ENABLED_SHAKE128="no"])
+
+        AS_IF([test "$ENABLED_SHAKE256" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_shake256" != "yes")],
+            [enable_shake256="no"; ENABLED_SHAKE256="no"])
+
+        AS_IF([test "$ENABLED_MD5" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_md5" != "yes")],
+            [enable_md5="no"; ENABLED_MD5="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5"])
+
+# Aes section
+        AS_IF([test "$ENABLED_AESCBC" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aescbc" != "yes")],
+            [enable_aescbc="no"; ENABLED_AESCBC="no"; AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC"])
+
+        AS_IF([test "$ENABLED_AESCCM" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesccm" != "yes")],
+            [enable_aesccm="no"; ENABLED_AESCCM="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_AESCCM"])
+
+        AS_IF([test "$ENABLED_AESCTR" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesctr" != "yes")],
+            [enable_aesctr="no"; ENABLED_AESCTR="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_AES_COUNTER"])
+
+        AS_IF([test "$ENABLED_CMAC" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_cmac" != "yes")],
+            [enable_cmac="no"; ENABLED_CMAC="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_CMAC"])
+
+        AS_IF([test "$ENABLED_AESGCM" = "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesgcm" != "no")],
+            [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
+
+        AS_IF([test "$ENABLED_AESGCM_STREAM" != "yes" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesgcm_stream" != "no")],
+            [ENABLED_AESGCM_STREAM="yes"])
+
+        AS_IF([test "$ENABLED_AESOFB" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesofb" != "yes")],
+            [enable_aesofb="no"; ENABLED_AESOFB="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_AES_OFB"])
+
+        AS_IF([test "$ENABLED_AESCFB" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aescfb" != "yes")],
+            [enable_aescfb="no"; ENABLED_AESCFB="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_AES_CFB"])
+
+        AS_IF([test "$ENABLED_AESXTS" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesxts" != "yes")],
+            [enable_aesxts="no"; ENABLED_AESXTS="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_AES_XTS"])
+        AS_IF([test "$ENABLED_AESXTS" = "yes" && test "$ENABLED_AESNI" = "yes"],
+            [AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
+
+        AS_IF([test "$ENABLED_AESXTS_STREAM" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesxts_stream" != "yes")],
+            [enable_aesxts_stream="no"; ENABLED_AESXTS_STREAM="no"])
+
+        AS_IF([(test "$ENABLED_AESCCM" != "no" && test "$HAVE_AESCCM_PORT" != "yes") ||
+               (test "$ENABLED_AESCTR" != "no" && test "$HAVE_AESCTR_PORT" != "yes") ||
+               (test "$ENABLED_AESGCM" != "no" && test "$HAVE_AESGCM_PORT" != "yes") ||
+               (test "$ENABLED_AESOFB" != "no" && test "$HAVE_AESOFB_PORT" != "yes")],
+            [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
+
+        AS_IF([test "$ENABLED_AESKEYWRAP" != "no" &&
+               (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aeskeywrap" != "yes")],
+            [enable_aeskeywrap="no"; ENABLED_AESKEYWRAP="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_AES_KEYWRAP"])
+
+# Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
+        AS_IF([test "$ENABLED_OLD_TLS" != "no"],
+            [AC_MSG_WARN([Forcing off oldtls for FIPS ${FIPS_VERSION}.])
+             ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
+
+    ],
+
     [v5*], [ # FIPS 140-3
 
         AM_CFLAGS="$AM_CFLAGS \
@@ -5430,8 +5961,9 @@ AS_CASE([$FIPS_VERSION],
             [ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
 
         AS_IF([test "$ENABLED_COMPKEY" = "yes" &&
-               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_compkey" != "yes")],
-            [ENABLED_COMPKEY="no"])
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_compkey" = "yes")],
+            [AC_MSG_WARN([Forcing off compkey for FIPS ${FIPS_VERSION}.])
+             ENABLED_COMPKEY="no"])
 
         AS_IF([test "$ENABLED_SHA224" != "yes" &&
                (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha224" != "no")],
@@ -5447,13 +5979,15 @@ AS_CASE([$FIPS_VERSION],
 
         # Shake128 is a SHA-3 algorithm outside the v5 FIPS algorithm list
         AS_IF([test "$ENABLED_SHAKE128" != "no" &&
-               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake128" != "yes")],
-            [ENABLED_SHAKE128=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"])
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_shake128" = "yes")],
+            [AC_MSG_WARN([Forcing off shake128 for FIPS ${FIPS_VERSION}.])
+             ENABLED_SHAKE128=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"])
 
         # Shake256 is a SHA-3 algorithm outside the v5 FIPS algorithm list
         AS_IF([test "$ENABLED_SHAKE256" != "no" &&
-               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake256" != "yes")],
-            [ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"])
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_shake256" = "yes")],
+            [AC_MSG_WARN([Forcing off shake256 for FIPS ${FIPS_VERSION}.])
+             ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"])
 
         # SHA512-224 and SHA512-256 are SHA-2 algorithms outside the v5 FIPS algorithm list
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
@@ -5463,8 +5997,9 @@ AS_CASE([$FIPS_VERSION],
             [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
 
         AS_IF([test "$ENABLED_AESXTS" = "yes" &&
-               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesxts" != "yes")],
-            [ENABLED_AESXTS="no"])
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_aesxts" = "yes")],
+            [AC_MSG_WARN([Forcing off aesxts for FIPS ${FIPS_VERSION}.])
+             ENABLED_AESXTS="no"])
 
         AS_IF([test "$ENABLED_RSAPSS" != "yes" &&
                (test "$FIPS_VERSION" != "v5-dev" || test "$enable_rsapss" != "no")],
@@ -5502,23 +6037,35 @@ AS_CASE([$FIPS_VERSION],
 
         # AES-GCM streaming isn't part of the v5 FIPS suite.
         AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" &&
-               (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm_stream" != "yes")],
-            [ENABLED_AESGCM_STREAM="no"])
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_aesgcm_stream" = "yes")],
+            [AC_MSG_WARN([Forcing off aesgcm-stream for FIPS ${FIPS_VERSION}.])
+             ENABLED_AESGCM_STREAM="no"])
 
         # Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
         AS_IF([test "$ENABLED_OLD_TLS" != "no"],
-            [ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
+            [AC_MSG_WARN([Forcing off oldtls for FIPS ${FIPS_VERSION}.])
+             ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
 
         AS_IF([test $HAVE_FIPS_VERSION_MINOR -ge 2],
             [AS_IF([test "x$ENABLED_AESOFB" = "xno" &&
                     (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesofb" != "no")],
                 [ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])])
 
-        AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") ||
-               (test "$ENABLED_AESCTR" = "yes" && test "$HAVE_AESCTR_PORT" != "yes") ||
-               (test "$ENABLED_AESGCM" = "yes" && test "$HAVE_AESGCM_PORT" != "yes") ||
-               (test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes") ||
-               (test "$ENABLED_AESXTS" = "yes" && test "$HAVE_AESXTS_PORT" != "yes")],
+        AS_IF([test "$ENABLED_SRTP" != "no" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_srtp" = "yes")],
+            [AC_MSG_WARN([Forcing off srtp for FIPS ${FIPS_VERSION}.])
+             ENABLED_SRTP="no"])
+
+        AS_IF([test "$ENABLED_SRTP_KDF" != "no" &&
+               ! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_srtp_kdf" = "yes")],
+            [AC_MSG_WARN([Forcing off srtp-kdf for FIPS ${FIPS_VERSION}.])
+             ENABLED_SRTP_KDF="no"])
+
+        AS_IF([(test "$ENABLED_AESCCM" != "no" && test "$HAVE_AESCCM_PORT" != "yes") ||
+               (test "$ENABLED_AESCTR" != "no" && test "$HAVE_AESCTR_PORT" != "yes") ||
+               (test "$ENABLED_AESGCM" != "no" && test "$HAVE_AESGCM_PORT" != "yes") ||
+               (test "$ENABLED_AESOFB" != "no" && test "$HAVE_AESOFB_PORT" != "yes") ||
+               (test "$ENABLED_AESXTS" != "no" && test "$HAVE_AESXTS_PORT" != "yes")],
             [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
     ],
 
@@ -5756,7 +6303,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE128"
     if test "$ENABLED_SHA3" = "no"
     then
-        AC_MSG_ERROR([Must have SHA-3 enabled: --enable-sha3])
+        AC_MSG_ERROR([shake128 requires SHA-3: --enable-sha3])
     fi
 else
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"
@@ -5772,7 +6319,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE256"
     if test "$ENABLED_SHA3" = "no"
     then
-        AC_MSG_ERROR([Must have SHA-3 enabled: --enable-sha3])
+        AC_MSG_ERROR([shake256 requires SHA-3: --enable-sha3])
     fi
 else
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
@@ -5815,7 +6362,7 @@ fi
 
 # CHACHA
 AC_ARG_ENABLE([chacha],
-    [AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable ASM AVX/AVX2 speedups])],
+    [AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable asm speedups])],
     [ ENABLED_CHACHA=$enableval ],
     [ ENABLED_CHACHA=$CHACHA_DEFAULT]
     )
@@ -5853,6 +6400,17 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_XCHACHA"
 fi
 
+# ASCON
+AC_ARG_ENABLE([ascon],
+    [AS_HELP_STRING([--enable-ascon],[Enable ASCON (default: disabled).])],
+    [ ENABLED_ASCON=$enableval ],
+    [ ENABLED_ASCON=no]
+    )
+
+if test "$ENABLED_ASCON" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_ASCON"
+fi
 
 # Hash DRBG
 AC_ARG_ENABLE([hashdrbg],
@@ -5899,6 +6457,11 @@ then
     done
 fi
 
+if (test "$ENABLED_RNG" = "yes" && test "$ENABLED_ENTROPY_MEMUSE" != "no") || test "$ENABLED_BENCHMARK" = "yes"
+then
+    AC_SEARCH_LIBS([clock_gettime],[rt])
+fi
+
 
 # Filesystem Build
 if test "$ENABLED_LINUXKM" = "yes"
@@ -5926,6 +6489,19 @@ else
 fi
 
 
+# C89 build
+AC_ARG_ENABLE([c89],
+    [AS_HELP_STRING([--enable-c89],[Build with C89 toolchain (default: disabled)])],
+    [ ENABLED_C89=$enableval ],
+    [ ENABLED_C89=no ]
+    )
+
+if test "$ENABLED_C89" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLF_C89"
+    test "$enable_inline" = "" && enable_inline=no
+fi
+
 # inline Build
 AC_ARG_ENABLE([inline],
     [AS_HELP_STRING([--enable-inline],[Enable inline functions (default: enabled)])],
@@ -5968,10 +6544,27 @@ fi
 
 # Certificate Status Request : a.k.a. OCSP Stapling
 AC_ARG_ENABLE([ocspstapling],
-    [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])],
+    [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling ((options: yes, no-multi, no, disabled default: disabled)])],
     [ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ],
     [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
     )
+AS_CASE([$ENABLED_CERTIFICATE_STATUS_REQUEST],
+    [no],[
+        ENABLED_CERTIFICATE_STATUS_REQUEST="no"
+        ENABLED_TLS_OCSP_MULTI="no"
+    ],
+    [disabled],[
+        ENABLED_CERTIFICATE_STATUS_REQUEST="no"
+        ENABLED_TLS_OCSP_MULTI="no"
+    ],
+    [yes],[
+        ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
+        ENABLED_TLS_OCSP_MULTI="yes"
+    ],
+    [no-multi],[
+        ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
+        ENABLED_TLS_OCSP_MULTI="no"
+    ])
 
 if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || \
    test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || \
@@ -6118,6 +6711,12 @@ if test "$host_cpu" = "x86_64" || test "$host_cpu" = "x86" || test "$host_cpu" =
 then
     SNI_DEFAULT=yes
 fi
+
+if test "$ENABLED_TLS" = "no"
+then
+    SNI_DEFAULT=no
+fi
+
 AC_ARG_ENABLE([sni],
     [AS_HELP_STRING([--enable-sni],[Enable SNI (default: enabled on x86_64/x86/aarch64/amd64)])],
     [ ENABLED_SNI=$enableval ],
@@ -6694,6 +7293,8 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
     AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT"
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT"
 
     # Enable prereqs if not already enabled
     if test "x$ENABLED_DTLS" = "xno"
@@ -6701,6 +7302,28 @@ then
         ENABLED_DTLS="yes"
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
     fi
+
+    if test "x$ENABLED_DTLS13" = "xno"
+    then
+        ENABLED_DTLS13="yes"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS13 -DWOLFSSL_W64_WRAPPER"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_DROP_STATS"
+        if test "x$ENABLED_SEND_HRR_COOKIE" = "xundefined"
+        then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE"
+            ENABLED_SEND_HRR_COOKIE="yes"
+        fi
+        if test "x$ENABLED_AES" = "xyes"
+        then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
+        fi
+    fi
+
+    if test "x$ENABLED_DTLS_MTU" = "xno"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_MTU"
+    fi
+
     if test "x$ENABLED_OPENSSLEXTRA" = "xno"
     then
         ENABLED_OPENSSLEXTRA="yes"
@@ -7297,7 +7920,7 @@ then
         ENABLED_WOLFSSH="yes"
     fi
 
-    if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
+    if test "x$ENABLED_OPENSSLEXTRA" = "xno"
     then
         ENABLED_OPENSSLEXTRA="yes"
     fi
@@ -7644,6 +8267,11 @@ AC_ARG_ENABLE([crypttests],
     )
 AC_SUBST([ENABLED_CRYPT_TESTS])
 
+if test "$ENABLED_CRYPT_TESTS" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_CRYPT_TEST"
+fi
+
 # Build wolfCrypt test and benchmark as libraries. This will compile test.c and
 # benchmark.c and make their functions available via libraries, libwolfcrypttest
 # and libwolfcryptbench, respectively. Note that this feature is not enabled by
@@ -8129,10 +8757,12 @@ if test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes"; then
 
     case $host_cpu in
     *x86_64* | *aarch64* | *amd64*)
-      AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_LARGE_CODE"
-      ;;
+        if test "$ENABLED_SP_SMALL" = "no"; then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_LARGE_CODE"
+        fi
+        ;;
     *)
-      ;;
+        ;;
     esac
 fi
 if test "$ENABLED_ECC" != "no" && test "$ENABLED_SP_ECC" = "yes"; then
@@ -8332,11 +8962,13 @@ if test "$ENABLED_SP_ASM" = "yes" && test "$ENABLED_SP" = "yes"; then
     ;;
   *cortex* | *armv7m*)
     if test "$ENABLED_ARMASM" = "no"; then
-        AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -D__thumb__ -DWOLFSSL_ARM_ARCH=7"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_THUMB2"
+        AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -DWOLFSSL_ARMASM_THUMB2 -DWOLFSSL_ARM_ARCH=7"
     fi
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
     AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
     ENABLED_SP_ARM_CORTEX_ASM=yes
+    ENABLED_ARM_THUMB=yes
     ;;
   *armv6*)
     if test "$ENABLED_ARMASM" = "no"; then
@@ -8420,7 +9052,7 @@ then
 
     if test "x$ENABLED_HEAPMATH" = "xyes"
     then
-        AC_MSG_ERROR([please use --enable-fastmath if enabling staticmemory.])
+        AC_MSG_ERROR([--enable-heapmath is incompatible with --enable-staticmemory.])
     fi
     if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_RSA" = "no"
     then
@@ -8474,10 +9106,20 @@ AC_ARG_ENABLE([cryptodev],
 
 # Support for crypto callbacks
 AC_ARG_ENABLE([cryptocb],
-    [AS_HELP_STRING([--enable-cryptocb],[Enable crypto callbacks (default: disabled)])],
-    [ ENABLED_CRYPTOCB=$enableval ],
-    [ ENABLED_CRYPTOCB=no ]
-    )
+    [AS_HELP_STRING([--enable-cryptocb],
+        [Enable crypto callbacks (default: disabled). Use 'no-default-devid' to enable without a platform-specific default device ID])],
+[
+    case "$enableval" in
+        no-default-devid)
+            ENABLED_CRYPTOCB=yes
+            AM_CPPFLAGS="$AM_CPPFLAGS -DWC_NO_DEFAULT_DEVID"
+            ;;
+        *)
+            ENABLED_CRYPTOCB="$enableval"
+            ;;
+    esac
+],
+[ ENABLED_CRYPTOCB=no ])
 
 # Enable testing of cryptoCb using software crypto. On platforms where wolfCrypt tests
 # are used to test a custom cryptoCb, it may be desired to disable this so wolfCrypt tests
@@ -8670,11 +9312,10 @@ fi
 AC_ARG_ENABLE([defaultdhparams],
     [AS_HELP_STRING([--enable-defaultdhparams],[Enables option for default dh parameters (default: disabled)])],
     [ ENABLED_DHDEFAULTPARAMS=$enableval ],
-    [ ENABLED_DHDEFAULTPARAMS=yes ]
+    [ ENABLED_DHDEFAULTPARAMS=$ENABLED_DH ]
     )
-if test "x$ENABLED_DH" = "xyes" && test "x$ENABLED_DHDEFAULTPARAMS" = "xyes" && test "x$ENABLED_QT" != "xyes"
+if test "x$ENABLED_DHDEFAULTPARAMS" = "xyes" && test "x$ENABLED_QT" != "xyes"
 then
-    ENABLED_DHDEFAULTPARAMS=yes
     AM_CFLAGS="$AM_CFLAGS -DHAVE_DH_DEFAULT_PARAMS"
 fi
 
@@ -8723,13 +9364,13 @@ fi
 AC_ARG_ENABLE([linuxkm-lkcapi-register],
     [AS_HELP_STRING([--enable-linuxkm-lkcapi-register],[Register wolfCrypt implementations with the Linux Kernel Crypto API backplane.  Possible values are "none", "all", "cbc(aes)", "cfb(aes)", "gcm(aes)", and "xts(aes)", or a comma-separate combination. (default: none)])],
     [ENABLED_LINUXKM_LKCAPI_REGISTER=$enableval],
-    [ENABLED_LINUXKM_LKCAPI_REGISTER=none]
+    [ENABLED_LINUXKM_LKCAPI_REGISTER=no]
     )
-if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" != "none"
+if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" != "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER"
 
-    if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$ENABLED_ARMASM" = "no" && test "$ENABLED_RISCV_ASM" = "no" && test "$ENABLED_FIPS" = "no"; then
+    if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$enable_aesgcm_stream" != "no" && (test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -ge 6); then
         ENABLED_AESGCM_STREAM=yes
     fi
 
@@ -8741,25 +9382,41 @@ then
     for lkcapi_alg in $(echo "$ENABLED_LINUXKM_LKCAPI_REGISTER" | tr ',' ' ')
     do
         case "$lkcapi_alg" in
-        all) test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.])
-             AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL"           ;;
+        all) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL"           ;;
         'cbc(aes)') test "$ENABLED_AESCBC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CBC implementation not enabled.])
-                    test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.])
                     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCBC" ;;
         'cfb(aes)') test "$ENABLED_AESCFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CFB implementation not enabled.])
-                    test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.])
                     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCFB" ;;
         'gcm(aes)') test "$ENABLED_AESGCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-GCM implementation not enabled.])
-                    test "$ENABLED_AESGCM_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesgcm-stream is required for LKCAPI.])
-                    test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.])
                     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESGCM" ;;
+        'rfc4106(gcm(aes))') test "$ENABLED_AESGCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-GCM implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106" ;;
         'xts(aes)') test "$ENABLED_AESXTS" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-XTS implementation not enabled.])
                     test "$ENABLED_AESXTS_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesxts-stream is required for LKCAPI.])
                     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESXTS" ;;
+        'ctr(aes)') test "$ENABLED_AESCTR" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CTR implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCTR" ;;
+        'ofb(aes)') test "$ENABLED_AESOFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-OFB implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESOFB" ;;
+        'ecb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESECB -DHAVE_AES_ECB" ;;
+        'ecdsa')    test "$ENABLED_ECC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: ECDSA implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDSA" ;;
+        # disable options
+        '-cbc(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCBC" ;;
+        '-cfb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCFB" ;;
+        '-gcm(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESGCM" ;;
+        '-rfc4106(gcm(aes))')
+                     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESGCM_RFC4106" ;;
+        '-xts(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESXTS" ;;
+        '-ctr(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCTR" ;;
+        '-ofb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESOFB" ;;
+        '-ecb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESECB" ;;
+        '-ecdsa')    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDSA" ;;
         *) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".])      ;;
         esac
     done
 fi
+AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER])
 
 # Library Suffix
 LIBSUFFIX=""
@@ -8776,6 +9433,25 @@ AC_ARG_WITH([libsuffix],
 )
 AC_SUBST(LIBSUFFIX)
 
+# Support system wide crypto-policy file:
+#   - Pass path to your wolfssl.config system crypto-policy file.
+#   - Pass no argument to use default.
+AC_ARG_WITH([sys-crypto-policy],
+    [AS_HELP_STRING([--with-sys-crypto-policy=PATH],[Support for system-wide crypto-policy file. (default: disabled)])],
+    [ SYS_CRYPTO_POLICY=$withval],
+    [ SYS_CRYPTO_POLICY=no ]
+    )
+
+if test "$SYS_CRYPTO_POLICY" != "no"; then
+    if test "$SYS_CRYPTO_POLICY" = "yes"; then
+        # Default to the wolfssl fedora crypto-policy file.
+        SYS_CRYPTO_POLICY="/etc/crypto-policies/back-ends/wolfssl.config"
+    fi
+
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SYS_CRYPTO_POLICY"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CRYPTO_POLICY_FILE=\"$SYS_CRYPTO_POLICY\""
+fi
+
 AC_ARG_ENABLE([context-extra-user-data],
     [AS_HELP_STRING([--enable-context-extra-user-data],[Enables option for storing user-defined data in TLS API contexts, with optional argument the number of slots to allocate (default: disabled)])],
     [ ENABLED_EX_DATA=$enableval ],
@@ -8842,6 +9518,8 @@ AC_ARG_ENABLE([dual-alg-certs],
 
 AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([dual-alg-certs requires --enable-experimental.]) ])
 
+AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_CRYPTONLY" = "yes" ],[ AC_MSG_ERROR([dual-alg-certs is incompatible with --enable-cryptonly.]) ])
+
 # Adds functionality to support Raw Public Key (RPK) RFC7250
 AC_ARG_ENABLE([rpk],
     [AS_HELP_STRING([--enable-rpk],[Enable support for Raw Public Key (RPK) RFC7250 (default: disabled)])],
@@ -8873,7 +9551,6 @@ then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PRIORITIZE_PSK"
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_ALERT_ON_ERR"
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_HAVE_ID"
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
         ENABLED_TRUSTED_PEER_CERT=yes
     else
         CFLAGS=$(printf "%s" "$CFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
@@ -8885,7 +9562,7 @@ fi
 # determine if we have key validation mechanism
 if test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_RSA" = "xyes"
 then
-    if test "x$ENABLED_ASN" = "xyes"
+    if test "$ENABLED_ASN" != "no" && test "$ENABLED_ASN" != "nocrypt"
     then
         ENABLED_PKI="yes"
     fi
@@ -8915,6 +9592,7 @@ case $host_cpu in
   *arm*)
     if test "$host_alias" = "thumb" || test "$ARM_TARGET" = "thumb"; then
       AM_CFLAGS="$AM_CFLAGS -mthumb -march=armv6"
+      ENABLED_ARM_THUMB=yes
     else
       if test "$host_alias" = "cortex" || test "$ARM_TARGET" = "cortex"; then
         AM_CFLAGS="$AM_CFLAGS -mcpu=cortex-r5"
@@ -9032,6 +9710,12 @@ then
         ENABLED_DES3="yes"
     fi
 
+    # Has support for PKCS7
+    if test "$ENABLED_PKCS7" = "no"
+    then
+        ENABLED_PKCS7=yes
+    fi
+
     # Uses alt name
     ENABLED_ALTNAMES="yes"
 
@@ -9201,8 +9885,8 @@ AS_IF([test "x$ENABLED_16BIT" = "xyes" && \
 ################################################################################
 # Update CFLAGS based on options                                               #
 ################################################################################
-AS_IF([test "x$ENABLED_SP_MATH_ALL" = "xno" && test "x$ENABLED_FASTMATH" = "xno" &&
-    test "x$ENABLED_HEAPMATH" = "xno"],
+AS_IF([test "$ENABLED_SP_MATH" = "no" && test "$ENABLED_SP_MATH_ALL" = "no" &&
+       test "$ENABLED_FASTMATH" = "no" && test "$ENABLED_HEAPMATH" = "no"],
       [AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"])
 
 AS_IF([test "x$ENABLED_CERTS" = "xno"],
@@ -9226,6 +9910,9 @@ AS_IF([test "x$ENABLED_ALTNAMES" = "xyes"],
 AS_IF([test "x$ENABLED_KEYGEN" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
 
+AS_IF([test "x$ENABLED_ACERT" = "xyes"],
+      [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ACERT"])
+
 AS_IF([test "x$ENABLED_CERTREQ" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"])
 
@@ -9285,7 +9972,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DNO_HMAC"
 fi
 
-if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
+if test "$ENABLED_OPENSSLEXTRA" = "yes"
 then
   AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
 fi
@@ -9399,7 +10086,12 @@ if test "$ENABLED_AESGCM_STREAM" != "no"
 then
     if test "$ENABLED_AESGCM" = "no"
     then
-        AC_MSG_ERROR([AES-GCM streaming enabled but AES-GCM is disabled])
+        AC_MSG_ERROR([AES-GCM streaming is enabled but AES-GCM is disabled.])
+    elif test "$ENABLED_RISCV_ASM" = "yes" || \
+         (test "$ENABLED_ARMASM" = "yes" && \
+          test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be")
+    then
+        AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.])
     else
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM"
         AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM"
@@ -9435,6 +10127,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
     AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING"
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFENGINE"
 fi
 
 if test "$ENABLED_WOLFENGINE" = "yes" && test "$ENABLED_FIPS" != "no"
@@ -9505,9 +10198,6 @@ if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"; then
     if test "x$ENABLED_OPENSSLALL" = "xyes"; then
         AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslall])
     fi
-    if test "x$ENABLED_OPENSSLEXTRA" = "xyes"; then
-        AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslextra])
-    fi
 fi
 
 if test "$ENABLED_WOLFSSH" = "yes" && test "$ENABLED_HMAC" = "no"
@@ -9547,7 +10237,17 @@ if test "$ENABLED_DH" != "no" && test "$ENABLED_DH" != "const"; then
    LT_LIB_M
 fi
 
-
+# multiple OCSP stapling for TLS 1.3 Certificate extension
+if test "$ENABLED_CERTIFICATE_STATUS_REQUEST" = "yes"
+then
+    if test "$ENABLED_TLS13" = "yes"
+    then
+        if test "$ENABLED_TLS_OCSP_MULTI" = "yes"
+        then
+            AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_OCSP_MULTI"
+        fi
+    fi
+fi
 ################################################################################
 
 # USER SETTINGS
@@ -9650,8 +10350,8 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
     AC_SUBST([ASFLAGS_FPUSIMD_DISABLE])
     AC_SUBST([ASFLAGS_FPUSIMD_ENABLE])
 
-    if test "$ENABLED_OPENSSLEXTRA" != "no" && test "$ENABLED_CRYPTONLY" = "no"; then
-        AC_MSG_ERROR([--enable-opensslextra without --enable-cryptonly is incompatible with --enable-linuxkm.])
+    if test "$ENABLED_OPENSSLEXTRA" != "no" && test "$ENABLED_LINUXKM_PIE" = "yes" && test "$ENABLED_CRYPTONLY" = "no"; then
+        AC_MSG_ERROR([--enable-opensslextra with --enable-linuxkm-pie and without --enable-cryptonly is incompatible with --enable-linuxkm.])
     fi
     if test "$ENABLED_FILESYSTEM" = "yes"; then
         AC_MSG_ERROR([--enable-filesystem is incompatible with --enable-linuxkm.])
@@ -9692,7 +10392,7 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
     if test "$ENABLED_SMALL_STACK" != "yes"; then
         AC_MSG_ERROR([--enable-smallstack is required for --enable-linuxkm.])
     fi
-    if test "$ENABLED_SP_MATH" = "no" && test "$ENABLED_SP_MATH_ALL" = "no" && test "$ENABLED_BIGNUM" != "no"; then
+    if test "$ENABLED_SP_MATH" != "yes" && test "$ENABLED_SP_MATH_ALL" = "no" && test "$ENABLED_BIGNUM" != "no"; then
         AC_MSG_ERROR([--enable-sp-math or --enable-sp-math-all is required for --enable-linuxkm.])
     fi
     if test "$ENABLED_STACKSIZE" != "no"; then
@@ -9706,10 +10406,18 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
     fi
 fi
 
+AS_IF([test "$ENABLED_ASM" = "no" && (test "$ENABLED_INTELASM" != "no" || \
+                                      test "$ENABLED_AESNI" != "no" || \
+                                      test "$ENABLED_ARMASM" != "no" || \
+                                      test "$ENABLED_RISCV_ASM" != "no" || \
+                                      test "$ENABLED_SP_ASM" != "no")],
+      [AC_MSG_WARN([Conflicting asm settings.])])
+
 # The following AM_CONDITIONAL statements set flags for use in the Makefiles.
 # Some of these affect build targets and objects, some trigger different
 # test scripts for make check.
 AM_CONDITIONAL([BUILD_DISTRO],[test "x$ENABLED_DISTRO" = "xyes"])
+AM_CONDITIONAL([BUILD_OPENSSL_COMPAT],[test "x$ENABLED_OPENSSLEXTRA" != "xnoinstall"])
 AM_CONDITIONAL([BUILD_ALL],[test "x$ENABLED_ALL" = "xyes"])
 AM_CONDITIONAL([BUILD_TLS13],[test "x$ENABLED_TLS13" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_RNG],[test "x$ENABLED_RNG" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
@@ -9731,6 +10439,10 @@ AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM_INLINE],[test "x$ENABLED_ARMASM_INLINE" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM_CRYPTO],[test "x$ENABLED_ARMASM_CRYPTO" = "xyes"])
 AM_CONDITIONAL([BUILD_ARMASM_NEON],[test "x$ENABLED_ARMASM_NEON" = "xyes"])
+AM_CONDITIONAL([BUILD_ARM_THUMB],[test "$ENABLED_ARM_THUMB" = "yes"  || test "$ENABLED_USERSETTINGS" = "yes"])
+AM_CONDITIONAL([BUILD_ARM_NONTHUMB],[test "$ENABLED_ARM_THUMB" != "yes"  || test "$ENABLED_USERSETTINGS" = "yes"])
+AM_CONDITIONAL([BUILD_ARM_32],[test "$ENABLED_ARM_32" = "yes"  || test "$ENABLED_USERSETTINGS" = "yes"])
+AM_CONDITIONAL([BUILD_ARM_64],[test "$ENABLED_ARM_64" = "yes"  || test "$ENABLED_USERSETTINGS" = "yes"])
 AM_CONDITIONAL([BUILD_RISCV_ASM],[test "x$ENABLED_RISCV_ASM" = "xyes"])
 AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
 AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"])
@@ -9762,7 +10474,7 @@ AM_CONDITIONAL([BUILD_CURVE448],[test "x$ENABLED_CURVE448" = "xyes" || test "x$E
 AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_WC_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
-AM_CONDITIONAL([BUILD_WC_KYBER],[test "x$ENABLED_WC_KYBER" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_WC_MLKEM],[test "x$ENABLED_WC_MLKEM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_DILITHIUM],[test "x$ENABLED_DILITHIUM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
@@ -9791,13 +10503,16 @@ AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes" || test "x$ENABL
 AM_CONDITIONAL([BUILD_SHA3],[test "x$ENABLED_SHA3" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_POLY1305],[test "x$ENABLED_POLY1305" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_CHACHA],[test "x$ENABLED_CHACHA" = "xyes" || test "x$ENABLED_CHACHA" = "xnoasm" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_CHACHA_NOASM],[test "$ENABLED_CHACHA" = "noasm"])
 AM_CONDITIONAL([BUILD_XCHACHA],[test "x$ENABLED_XCHACHA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
+AM_CONDITIONAL([BUILD_ASCON],[test "x$ENABLED_ASCON" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SM2],[test "x$ENABLED_SM2" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SM3],[test "x$ENABLED_SM3" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SM4],[test "x$ENABLED_SM4" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_INLINE],[test "x$ENABLED_INLINE" = "xyes"])
 AM_CONDITIONAL([BUILD_OCSP],[test "x$ENABLED_OCSP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"])
+AM_CONDITIONAL([BUILD_OCSP_STAPLING_MULTI],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes" && test "x$ENABLED_TLS13" = "xyes" && test "x$ENABLED_TLS_OCSP_MULTI" = "xyes"])
 AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
 AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
@@ -9810,12 +10525,12 @@ AM_CONDITIONAL([USE_VALGRIND],[test "x$ENABLED_VALGRIND" = "xyes"])
 AM_CONDITIONAL([BUILD_MD4],[test "x$ENABLED_MD4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_PWDBASED],[test "x$ENABLED_PWDBASED" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_SCRYPT],[test "x$ENABLED_SCRYPT" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
-AM_CONDITIONAL([BUILD_CRYPTONLY],[test "x$ENABLED_CRYPTONLY" = "xyes" && test "x$ENABLED_OPENSSLEXTRA" = "xno"])
+AM_CONDITIONAL([BUILD_CRYPTONLY],[test "x$ENABLED_CRYPTONLY" = "xyes"])
 AM_CONDITIONAL([BUILD_FASTMATH],[test "x$ENABLED_FASTMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_HEAPMATH],[test "x$ENABLED_HEAPMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
 AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
-AM_CONDITIONAL([BUILD_EXAMPLE_ASN1],[test "x$ENABLED_EXAMPLES" = "xyes"] && [test "x$ENABLED_ASN_PRINT" = "xyes"] && [test "x$ENABLED_ASN" = "xyes"])
+AM_CONDITIONAL([BUILD_EXAMPLE_ASN1],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_ASN_PRINT" = "xyes" && test "$ENABLED_ASN" != "no"])
 AM_CONDITIONAL([BUILD_TESTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
 AM_CONDITIONAL([BUILD_THREADED_EXAMPLES],[test "x$ENABLED_SINGLETHREADED" = "xno" && test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
 AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS],[test "x$ENABLED_CRYPT_TESTS" = "xyes"])
@@ -9978,14 +10693,16 @@ rm -f $OPTION_FILE
 echo "/* wolfssl options.h" > $OPTION_FILE
 echo " * generated from configure options" >> $OPTION_FILE
 echo " *" >> $OPTION_FILE
-echo " * Copyright (C) 2006-2024 wolfSSL Inc." >> $OPTION_FILE
+echo " * Copyright (C) 2006-2025 wolfSSL Inc." >> $OPTION_FILE
 echo " *" >> $OPTION_FILE
 echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE
 echo " *" >> $OPTION_FILE
 echo " */" >> $OPTION_FILE
 
 echo "" >> $OPTION_FILE
-echo "#ifndef WOLFSSL_OPTIONS_H" >> $OPTION_FILE
+echo "#ifdef WOLFSSL_NO_OPTIONS_H" >> $OPTION_FILE
+echo "/* options.h inhibited by configuration */" >> $OPTION_FILE
+echo "#elif !defined(WOLFSSL_OPTIONS_H)" >> $OPTION_FILE
 echo "#define WOLFSSL_OPTIONS_H" >> $OPTION_FILE
 echo "" >> $OPTION_FILE
 echo "" >> $OPTION_FILE
@@ -10158,7 +10875,7 @@ if test "$ENABLED_SP_MATH_ALL" != "no"
 then
     ENABLED_SP_MATH_DESC="all"
 else
-    if test "$ENABLED_SP_MATH" != "no"
+    if test "$ENABLED_SP_MATH" = "yes"
     then
         ENABLED_SP_MATH_DESC="restricted"
     else
@@ -10174,6 +10891,7 @@ echo "   * snifftest:                  $ENABLED_SNIFFTEST"
 echo "   * ARC4:                       $ENABLED_ARC4"
 echo "   * AES:                        $ENABLED_AES"
 echo "   * AES-NI:                     $ENABLED_AESNI"
+echo "   * AVX for AES:                $ENABLED_AESNI_WITH_AVX"
 echo "   * AES-CBC:                    $ENABLED_AESCBC"
 echo "   * AES-CBC length checks:      $ENABLED_AESCBC_LENGTH_CHECKS"
 echo "   * AES-GCM:                    $ENABLED_AESGCM"
@@ -10189,6 +10907,7 @@ echo "   * AES-EAX:                    $ENABLED_AESEAX"
 echo "   * AES Bitspliced:             $ENABLED_AESBS"
 echo "   * AES Key Wrap:               $ENABLED_AESKEYWRAP"
 echo "   * ARIA:                       $ENABLED_ARIA"
+echo "   * ASCON:                      $ENABLED_ASCON"
 echo "   * DES3:                       $ENABLED_DES3"
 echo "   * DES3 TLS Suites:            $ENABLED_DES3_TLS_SUITES"
 echo "   * Camellia:                   $ENABLED_CAMELLIA"
@@ -10205,6 +10924,7 @@ echo "   * MD5:                        $ENABLED_MD5"
 echo "   * RIPEMD:                     $ENABLED_RIPEMD"
 echo "   * SHA:                        $ENABLED_SHA"
 echo "   * SHA-224:                    $ENABLED_SHA224"
+echo "   * SHA-256:                    $ENABLED_SHA256"
 echo "   * SHA-384:                    $ENABLED_SHA384"
 echo "   * SHA-512:                    $ENABLED_SHA512"
 echo "   * SHA3:                       $ENABLED_SHA3"
@@ -10216,6 +10936,7 @@ echo "   * BLAKE2S:                    $ENABLED_BLAKE2S"
 echo "   * SipHash:                    $ENABLED_SIPHASH"
 echo "   * CMAC:                       $ENABLED_CMAC"
 echo "   * keygen:                     $ENABLED_KEYGEN"
+echo "   * acert:                      $ENABLED_ACERT"
 echo "   * certgen:                    $ENABLED_CERTGEN"
 echo "   * certreq:                    $ENABLED_CERTREQ"
 echo "   * certext:                    $ENABLED_CERTEXT"
@@ -10262,8 +10983,8 @@ echo "   * XMSS wolfSSL impl:          $ENABLED_WC_XMSS"
 if test "$ENABLED_LIBXMSS" = "yes"; then
 echo "   * XMSS_ROOT:                  $XMSS_ROOT"
 fi
-echo "   * KYBER:                      $ENABLED_KYBER"
-echo "   * KYBER wolfSSL impl:         $ENABLED_WC_KYBER"
+echo "   * MLKEM:                      $ENABLED_MLKEM"
+echo "   * MLKEM wolfSSL impl:         $ENABLED_WC_MLKEM"
 echo "   * DILITHIUM:                  $ENABLED_DILITHIUM"
 echo "   * ECCSI                       $ENABLED_ECCSI"
 echo "   * SAKKE                       $ENABLED_SAKKE"
@@ -10378,6 +11099,7 @@ echo "   * ARM ASM SM3/SM4 Crypto      $ENABLED_ARMASM_CRYPTO_SM4"
 echo "   * RISC-V ASM                  $ENABLED_RISCV_ASM"
 echo "   * Write duplicate:            $ENABLED_WRITEDUP"
 echo "   * Xilinx Hardware Acc.:       $ENABLED_XILINX"
+echo "   * C89:                        $ENABLED_C89"
 echo "   * Inline Code:                $ENABLED_INLINE"
 echo "   * Linux AF_ALG:               $ENABLED_AFALG"
 echo "   * Linux KCAPI:                $ENABLED_KCAPI"
diff --git a/devin_lifeguard.yaml b/devin_lifeguard.yaml
new file mode 100644
index 000000000..c3834eeaa
--- /dev/null
+++ b/devin_lifeguard.yaml
@@ -0,0 +1,145 @@
+rules:
+  - name: no-void-functions
+    trigger: >-
+      All functions must return a value. Avoid using void return types to ensure
+      error values can be propagated upstream.
+    solution: >-
+      Change the function to return an appropriate error code or result instead
+      of void. Ensure all return paths provide a meaningful value.
+  - name: avoid-recursion
+    trigger: >-
+      Recursion is not allowed. Prefer iterative solutions to reduce stack usage
+      and prevent potential stack overflows.
+    solution: >-
+      Refactor the recursive function into an iterative one using loops or other
+      control structures.
+  - name: use-forcezero
+    trigger: >-
+      Sensitive data such as private keys must be zeroized using `ForceZero()`
+      to prevent the compiler from optimizing away the zeroization.
+    solution: >-
+      Replace `memset` or similar functions with `ForceZero(variable, size)` to
+      ensure sensitive data is properly cleared from memory.
+  - name: check-all-return-codes
+    trigger: >-
+      Every return code from function calls must be checked to handle errors
+      appropriately and prevent unexpected behavior.
+    solution: >-
+      After each function call, add error handling logic to check the return
+      value and respond accordingly.
+  - name: no-memory-leaks
+    trigger: >-
+      Memory or resources allocated must have a clear path to being released to
+      prevent memory leaks.
+    solution: >-
+      Ensure that every allocation has a corresponding free or release call. Use
+      resource management patterns to handle allocations and deallocations.
+  - name: do-not-change-external-apis
+    trigger: >-
+      External facing APIs should not be altered. Instead of modifying an
+      existing API, create a new version with the necessary parameters.
+    solution: >-
+      If additional parameters are needed, create a new function (e.g., `f_ex(a,
+      b)`) and have the original function (`f(a)`) call the new one with default
+      or null parameters.
+  - name: limit-stack-usage
+    trigger: >-
+      Functions should not use more than 100 bytes of stack. Excessive stack
+      usage can lead to stack overflows and reduced performance.
+    solution: >-
+      Apply the `WOLFSSL_SMALL_STACK` pattern by dynamically allocating large
+      variables to minimize stack usage within the function.
+  - name: prefer-constant-time
+    trigger: >-
+      Implement algorithms in constant time to prevent timing attacks and ensure
+      security.
+    solution: >-
+      Review and refactor algorithms to ensure their execution time does not
+      depend on input values. Use constant-time libraries or functions where
+      applicable.
+  - name: use-sizeof
+    trigger: >-
+      Avoid hard-coded numeric values for sizes. Use `sizeof()` to ensure
+      portability and maintainability.
+    solution: >-
+      Replace hard-coded sizes with `sizeof(type)` to automatically adapt to
+      changes in type sizes.
+  - name: use-typedefs-not-stdint
+    trigger: >-
+      Use `byte`, `word16`, `word32` instead of standard integer types like
+      `uint32_t` to maintain consistency across the codebase.
+    solution: >-
+      Replace instances of `uint32_t` and similar types with the designated
+      typedefs such as `word32`.
+  - name: use-c-style-comments
+    trigger: >-
+      Only C-style comments (`/* */`) are allowed in C code. C++ style comments
+      (`//`) should not be used.
+    solution: >-
+      Replace all `//` comments with `/* */` to adhere to the project's
+      commenting standards.
+  - name: pointer-null-check
+    trigger: >-
+      Always check for null pointers using the `ptr != NULL` pattern to prevent
+      dereferencing null pointers.
+    solution: >-
+      Add a condition to verify that the pointer is not null before using it,
+      e.g., `if (ptr != NULL) { /* use ptr */ }`.
+  - name: declare-const-pointers
+    trigger: >-
+      Pointer parameters that are not modified within a function should be
+      declared as `const` to enhance code safety and clarity.
+    solution: >-
+      Add the `const` keyword to pointer parameters that are not intended to be
+      modified, e.g., `const void *ptr`.
+  - name: struct-member-order
+    trigger: >-
+      Struct members should be ordered in descending size to optimize memory
+      alignment and reduce padding.
+    solution: >-
+      Reorder the members of the struct so that larger data types are declared
+      before smaller ones.
+  - name: no-always-success-stubs
+    trigger: >-
+      when implementing a stub function that is not fully developed, returning
+      success unconditionally can hide real logic and debugging information
+    solution: >-
+      either implement the stub with real logic or return an appropriate error
+      code to indicate "not yet implemented," so that failures are not silently
+      ignored
+  - name: free-allocated-memory
+    trigger: |-
+      allocating memory but forgetting to free it on all code paths
+      or using functions that allocate buffers without a corresponding free
+    solution: >-
+      for every XMALLOC call, ensure there's a matching XFREE on every return
+      path
+
+      if handing ownership off, confirm the new owner also properly frees it
+  - name: check-return-codes
+    trigger: >-
+      calling library functions that return non-zero in case of error, but not
+      checking or handling those return values
+    solution: >-
+      always verify and handle function return codes
+
+      if ret != 0, do not continue silently; either propagate the error or
+      handle it
+  - name: handle-partial-writes
+    trigger: >-
+      calling a write function (e.g., wolfSSL_write_ex) that may write only part
+      of the data, returning fewer bytes than requested or a particular status
+    solution: >-
+      if partial writes are possible, loop until the entire buffer is written or
+      an error occurs
+
+      do not assume a single call wrote or accepted all bytes
+  - name: manage-ephemeral-objects-correctly
+    trigger: >-
+      generating or importing ephemeral objects (e.g., ephemeral keys, ephemeral
+      certs) and forgetting to finalize or free them, or double-freeing them
+    solution: >-
+      coordinate ephemeral object ownership carefully
+
+      ensure ephemeral structures are freed once no longer needed, and avoid
+      reusing pointers after free
diff --git a/doc/QUIC.md b/doc/QUIC.md
index 3ab3f8de1..e0de42589 100644
--- a/doc/QUIC.md
+++ b/doc/QUIC.md
@@ -8,7 +8,7 @@ TLS works on top of the Internet's TCP protocol stack. The TCP is shipped as par
 and accessible via system calls and APIs. TCP itself is not secured by TLS, only the data sent via it is
 protected. TCP does not have to know anything about TLS.
 
-QUIC, on the other hand, is always protected by TLS. A QUIC implementation does always need an 
+QUIC, on the other hand, is always protected by TLS. A QUIC implementation does always need an
 implementation of the TLS protocol, specifically TLSv1.3. It does this in new ways and TLS
 implementations need to accommodate these. Those specifics have been added to wolfSSL.
 
@@ -51,13 +51,13 @@ The above configuration has also been added to [curl](https://github.com/curl/cu
 
 ### why?
 
-Why all these different blocks? 
+Why all these different blocks?
 
 The separation of HTTP/3 and QUIC is natural when you think about the relationship between TCP and HTTP/1.1. Like TCP, QUIC can and will carry other protocols. HTTP/3 is only the first one. Most likely 'DNS over QUIC' (DoQ) is the next popular, replacing DoH.
 
 The separation of QUIC's "crypto" parts from its other protocol enabling functions is a matter of security. In its experimental beginnings, QUIC had its own security design. With the emerging TLSv1.3 and all it improvements, plus decades of experience, it seemed rather unwise to have something separate in QUIC.
 
-Therefore, the complete TLSv1.3 handshake became part of the QUIC protocol, with some restrictions and simplifications (UDP based QUIC does not accommodate broken TCP middle boxes). With the need for a complete TLSv1.3 stack, QUIC implementers happily make use of existing TLS libraries. 
+Therefore, the complete TLSv1.3 handshake became part of the QUIC protocol, with some restrictions and simplifications (UDP based QUIC does not accommodate broken TCP middle boxes). With the need for a complete TLSv1.3 stack, QUIC implementers happily make use of existing TLS libraries.
 
 ## wolfSSL API
 
@@ -76,7 +76,7 @@ A QUIC protocol handler installs these via `wolfSSL_CTX_set_quic_method()` or `w
 
 ```
   DATA ---recv+decrypt---+
-                         v 
+                         v
             wolfSSL_provide_quic_data(ssl, ...)
             wolfSSL_do_handshake(ssl);
                   +-> add_handshake_data_callback(REPLY)
diff --git a/doc/dox_comments/header_files-ja/arc4.h b/doc/dox_comments/header_files-ja/arc4.h
index bf3f8151f..4c1e6ee91 100644
--- a/doc/dox_comments/header_files-ja/arc4.h
+++ b/doc/dox_comments/header_files-ja/arc4.h
@@ -1,7 +1,7 @@
 /*!
-    \ingroup ARC4 
+    \ingroup ARC4
     \brief  この関数は、バッファ内の入力メッセージを暗号化し、出力バッファーに暗号文を配置するか、またはバッファーから暗号文を復号化したり、ARC4暗号化を使用して、出力バッファーOUTを出力したりします。この関数は暗号化と復号化の両方に使用されます。この方法が呼び出される可能性がある場合は、まずWC_ARC4SETKEYを使用してARC4構造を初期化する必要があります。
-    \return none 
+    \return none
     \param arc4  メッセージの処理に使用されるARC4構造へのポインタ
     \param out  処理されたメッセージを保存する出力バッファへのポインタ
     \param in  プロセスするメッセージを含む入力バッファへのポインタ
@@ -24,9 +24,9 @@
 int wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length);
 
 /*!
-    \ingroup ARC4 
+    \ingroup ARC4
     \brief  この関数はARC4オブジェクトのキーを設定し、それを暗号として使用するために初期化します。WC_ARC4PROCESSを使用した暗号化に使用する前に呼び出される必要があります。
-    \return none 
+    \return none
     \param arc4  暗号化に使用されるARC4構造へのポインタ
     \param key  ARC4構造を初期化するためのキー
     _Example_
diff --git a/doc/dox_comments/header_files-ja/asn_public.h b/doc/dox_comments/header_files-ja/asn_public.h
index 164108fe4..0cade01b4 100644
--- a/doc/dox_comments/header_files-ja/asn_public.h
+++ b/doc/dox_comments/header_files-ja/asn_public.h
@@ -1870,7 +1870,7 @@ int wc_Asn1PrintOptions_Init(Asn1PrintOptions* opts);
     \return  0 成功時に返します。
     \return  BAD_FUNC_ARG asn1がNULLの場合に返されます。
     \return  BAD_FUNC_ARG valが範囲外の場合に返されます。
- 
+
     \param opts  Asn1PrintOptions構造体へのポインタ
     \param opt   設定する情報へのポインタ
     \param val   設定値
diff --git a/doc/dox_comments/header_files-ja/blake2.h b/doc/dox_comments/header_files-ja/blake2.h
index 61dad75a5..3e5f97601 100644
--- a/doc/dox_comments/header_files-ja/blake2.h
+++ b/doc/dox_comments/header_files-ja/blake2.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup BLAKE2 
+    \ingroup BLAKE2
     \brief  この関数はBlake2 Hash関数で使用するためのBlake2b構造を初期化します。
     \return 0  Blake2B構造の初期化に成功し、ダイジェストサイズを設定したときに返されます。
     \param b2b  初期化するためにBlake2b構造へのポインタ
@@ -14,7 +14,7 @@
 int wc_InitBlake2b(Blake2b* b2b, word32 digestSz);
 
 /*!
-    \ingroup BLAKE2 
+    \ingroup BLAKE2
     \brief  この関数は、与えられた入力データとBlake2Bハッシュを更新します。この関数は、wc_initblake2bの後に呼び出され、最後のハッシュ：wc_blake2bfinalの準備ができているまで繰り返します。
     \return 0  与えられたデータを使用してBlake2B構造を正常に更新すると返されます。
     \return -1  入力データの圧縮中に障害が発生した場合
@@ -40,7 +40,7 @@ int wc_InitBlake2b(Blake2b* b2b, word32 digestSz);
 int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz);
 
 /*!
-    \ingroup BLAKE2 
+    \ingroup BLAKE2
     \brief  この関数は、以前に供給された入力データのBlake2bハッシュを計算します。出力ハッシュは長さREQUESTSZ、あるいは要求された場合はB2B構造のDigestSZを使用します。この関数は、wc_initblake2bの後に呼び出され、wc_blake2bupdateは必要な各入力データに対して処理されています。
     \return 0  Blake2B Hashの計算に成功したときに返されました
     \return -1  blake2bハッシュを解析している間に失敗がある場合
diff --git a/doc/dox_comments/header_files-ja/bn.h b/doc/dox_comments/header_files-ja/bn.h
index 30afb2b4d..eb2749a42 100644
--- a/doc/dox_comments/header_files-ja/bn.h
+++ b/doc/dox_comments/header_files-ja/bn.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  この関数は、次の数学「R =（A ^ P）％M」を実行します。
     \return SSL_SUCCESS  数学操作をうまく実行します。
     \return SSL_FAILURE  エラーケースに遭遇した場合
diff --git a/doc/dox_comments/header_files-ja/camellia.h b/doc/dox_comments/header_files-ja/camellia.h
index 5371a79ed..c07af016d 100644
--- a/doc/dox_comments/header_files-ja/camellia.h
+++ b/doc/dox_comments/header_files-ja/camellia.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  この関数は、Camelliaオブジェクトのキーと初期化ベクトルを設定し、それを暗号として使用するために初期化します。
     \return 0  キーと初期化ベクトルを正常に設定すると返されます
     \return BAD_FUNC_ARG  入力引数の1つがエラー処理がある場合に返されます
@@ -27,7 +27,7 @@ int  wc_CamelliaSetKey(Camellia* cam,
                                    const byte* key, word32 len, const byte* iv);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  この関数は、Camelliaオブジェクトの初期化ベクトルを設定します。
     \return 0  キーと初期化ベクトルを正常に設定すると返されます
     \return BAD_FUNC_ARG  入力引数の1つがエラー処理がある場合に返されます
@@ -46,7 +46,7 @@ int  wc_CamelliaSetKey(Camellia* cam,
 int  wc_CamelliaSetIV(Camellia* cam, const byte* iv);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  この機能は、提供されたCamelliaオブジェクトを使用して1ブロック暗号化します。それはバッファーの最初の16バイトブロックを解析し、暗号化結果をバッファアウトに格納します。この機能を使用する前に、WC_CAMELLIASETKEYを使用してCamelliaオブジェクトを初期化する必要があります。
     \return none  いいえ返します。
     \param cam  暗号化に使用する椿構造へのポインタ
@@ -66,7 +66,7 @@ int  wc_CamelliaEncryptDirect(Camellia* cam, byte* out,
                                                                 const byte* in);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  この機能は、提供されたCamelliaオブジェクトを使用して1ブロック復号化します。それはバッファ内の最初の16バイトブロックを解析し、それを復号化し、結果をバッファアウトに格納します。この機能を使用する前に、WC_CAMELLIASETKEYを使用してCamelliaオブジェクトを初期化する必要があります。
     \return none  いいえ返します。
     \param cam  暗号化に使用する椿構造へのポインタ
@@ -86,7 +86,7 @@ int  wc_CamelliaDecryptDirect(Camellia* cam, byte* out,
                                                                 const byte* in);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  この関数は、バッファーの平文を暗号化し、その出力をバッファOUTに格納します。暗号ブロックチェーン（CBC）を使用してCamelliaを使用してこの暗号化を実行します。
     \return none  いいえ返します。
     \param cam  暗号化に使用する椿構造へのポインタ
@@ -107,7 +107,7 @@ int wc_CamelliaCbcEncrypt(Camellia* cam,
                                           byte* out, const byte* in, word32 sz);
 
 /*!
-    \ingroup Camellia 
+    \ingroup Camellia
     \brief  この関数は、バッファ内の暗号文を復号化し、その出力をバッファOUTに格納します。暗号ブロックチェーン（CBC）を搭載したCamelliaを使用してこの復号化を実行します。
     \return none  いいえ返します。
     \param cam  暗号化に使用する椿構造へのポインタ
diff --git a/doc/dox_comments/header_files-ja/chacha.h b/doc/dox_comments/header_files-ja/chacha.h
index 171256ea2..dea2a6cc5 100644
--- a/doc/dox_comments/header_files-ja/chacha.h
+++ b/doc/dox_comments/header_files-ja/chacha.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup ChaCha 
+    \ingroup ChaCha
     \brief  この関数はChachaオブジェクトの初期化ベクトル（nonce）を設定し、暗号として使用するために初期化します。WC_CHACHA_SETKEYを使用して、キーが設定された後に呼び出されるべきです。暗号化の各ラウンドに差し違いを使用する必要があります。
     \return 0  初期化ベクトルを正常に設定すると返されます
     \return BAD_FUNC_ARG  CTX入力引数の処理中にエラーが発生した場合
@@ -21,7 +21,7 @@
 int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter);
 
 /*!
-    \ingroup ChaCha 
+    \ingroup ChaCha
     \brief  この関数は、バッファ入力からテキストを処理し、暗号化または復号化し、結果をバッファ出力に格納します。
     \return 0  入力の暗号化または復号化に成功したときに返されます
     \return BAD_FUNC_ARG  CTX入力引数の処理中にエラーが発生した場合
@@ -46,7 +46,7 @@ int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
                               word32 msglen);
 
 /*!
-    \ingroup ChaCha 
+    \ingroup ChaCha
     \brief  この関数はChachaオブジェクトのキーを設定し、それを暗号として使用するために初期化します。NONCEをWC_CHACHA_SETIVで設定する前に、WC_CHACHA_PROCESSを使用した暗号化に使用する前に呼び出す必要があります。
     \return 0  キーの設定に成功したときに返されます
     \return BAD_FUNC_ARG  CTX入力引数の処理中にエラーが発生した場合、またはキーが16または32バイトの長さがある場合
diff --git a/doc/dox_comments/header_files-ja/cmac.h b/doc/dox_comments/header_files-ja/cmac.h
index 6dc1dc9d6..401949a03 100644
--- a/doc/dox_comments/header_files-ja/cmac.h
+++ b/doc/dox_comments/header_files-ja/cmac.h
@@ -204,4 +204,4 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
      ret = wc_CMAC_Grow(cmac、in、inSz)
      \endcode
 */
-int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
\ No newline at end of file
+int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
diff --git a/doc/dox_comments/header_files-ja/coding.h b/doc/dox_comments/header_files-ja/coding.h
index 7205bd0bd..2abcf3248 100644
--- a/doc/dox_comments/header_files-ja/coding.h
+++ b/doc/dox_comments/header_files-ja/coding.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  この機能は、与えられたBASS64符号化入力、IN、および出力バッファを出力バッファOUTに格納します。また、変数outlen内の出力バッファに書き込まれたサイズも設定します。
     \return 0  Base64エンコード入力の復号化に成功したときに返されます
     \return BAD_FUNC_ARG  復号化された入力を保存するには、出力バッファが小さすぎる場合は返されます。
@@ -26,7 +26,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out,
                                word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  この機能は与えられた入力を符号化し、符号化結果を出力バッファOUTに格納します。エスケープ％0A行末の代わりに、従来の '\ N'行の終わりを持つデータを書き込みます。正常に完了すると、この機能はまた、出力バッファに書き込まれたバイト数に統一されます。
     \return 0  Base64エンコード入力の復号化に成功したときに返されます
     \return BAD_FUNC_ARG  出力バッファが小さすぎてエンコードされた入力を保存する場合は返されます。
@@ -53,7 +53,7 @@ int Base64_Encode(const byte* in, word32 inLen, byte* out,
                                   word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  この機能は与えられた入力を符号化し、符号化結果を出力バッファOUTに格納します。それは '\ n "行の終わりではなく、％0aエスケープ行の終わりを持つデータを書き込みます。正常に完了すると、この機能はまた、出力バッファに書き込まれたバイト数に統一されます。
     \return 0  Base64エンコード入力の復号化に成功したときに返されます
     \return BAD_FUNC_ARG  出力バッファが小さすぎてエンコードされた入力を保存する場合は返されます。
@@ -80,7 +80,7 @@ int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out,
                                   word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  この機能は与えられた入力を符号化し、符号化結果を出力バッファOUTに格納します。それは新しい行なしでデータを書き込みます。正常に完了すると、この関数はまた、出力バッファに書き込まれたバイト数に統一されたものを設定します
     \return 0  Base64エンコード入力の復号化に成功したときに返されます
     \return BAD_FUNC_ARG  出力バッファが小さすぎてエンコードされた入力を保存する場合は返されます。
@@ -106,7 +106,7 @@ int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out,
                                   word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  この機能は、与えられたBASE16符号化入力、IN、および出力バッファへの結果を記憶する。また、変数outlen内の出力バッファに書き込まれたサイズも設定します。
     \return 0  Base16エンコード入力の復号にうまく復号化したときに返されます
     \return BAD_FUNC_ARG  出力バッファが復号化された入力を保存するにも小さすぎる場合、または入力長が2つの倍数でない場合に返されます。
@@ -132,7 +132,7 @@ int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out,
 int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
 
 /*!
-    \ingroup Base_Encoding 
+    \ingroup Base_Encoding
     \brief  BASE16出力へのエンコード入力。
     \return 0  成功
     \return BAD_FUNC_ARG  IN、OUT、またはoutlenがNULLの場合、またはoutlenがInlen Plus 1を超えている場合は返します。
diff --git a/doc/dox_comments/header_files-ja/compress.h b/doc/dox_comments/header_files-ja/compress.h
index aee9fed37..a52265203 100644
--- a/doc/dox_comments/header_files-ja/compress.h
+++ b/doc/dox_comments/header_files-ja/compress.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Compression 
+    \ingroup Compression
     \brief  この関数は、ハフマン符号化を用いて与えられた入力データを圧縮し、出力をOUTに格納する。出力バッファは、圧縮が可能でないことが存在するため、出力バッファが入力バッファよりも大きいはずです。これはまだルックアップテーブルを必要とします。出力バッファに対してSRCSZ + 0.1％+ 12を割り当てることをお勧めします。
     \return On  入力データの圧縮に成功し、出力バッファに格納されているバイト数を返します。
     \return COMPRESS_INIT_E  圧縮のためにストリームの初期化中にエラーがある場合
@@ -24,7 +24,7 @@
 int wc_Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 flags);
 
 /*!
-    \ingroup Compression 
+    \ingroup Compression
     \brief  この関数は、ハフマン符号化を用いて所定の圧縮データを解凍し、出力をOUTに格納する。
     \return Success  入力データの解凍に成功した場合は、出力バッファに格納されているバイト数を返します。
     \return COMPRESS_INIT_E:  圧縮のためにストリームの初期化中にエラーがある場合
diff --git a/doc/dox_comments/header_files-ja/cryptocb.h b/doc/dox_comments/header_files-ja/cryptocb.h
index 24ee2233e..3b8e3dbd9 100644
--- a/doc/dox_comments/header_files-ja/cryptocb.h
+++ b/doc/dox_comments/header_files-ja/cryptocb.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup CryptoCb 
+    \ingroup CryptoCb
     \brief  この関数は、Crypto Operationsをキーストア、Secure Element、HSM、PKCS11またはTPMなどの外部ハードウェアにオフロードするための固有のデバイス識別子（DEVID）とコールバック関数を登録します。CryptoコールバックのSTSAFEの場合は、wolfcrypt / src / port / st / stsafe.cとwolfssl_stsafe_cryptodevcb関数を参照してください。TPMベースのCryptoコールバックの例では、wolftpm src / tpm2_wrap.cのwolftpm2_cryptodevcb関数を参照してください。
     \return CRYPTOCB_UNAVAILABLE  ソフトウェア暗号を使用するためにフォールバックする
     \return 0  成功のために
@@ -73,7 +73,7 @@
 int  wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
 
 /*!
-    \ingroup CryptoCb 
+    \ingroup CryptoCb
     \brief  この関数は、固有のデバイス識別子（devid）コールバック関数を除外します。
     \return none  いいえ返します。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/curve25519.h b/doc/dox_comments/header_files-ja/curve25519.h
index 5ddc615a9..7f7150327 100644
--- a/doc/dox_comments/header_files-ja/curve25519.h
+++ b/doc/dox_comments/header_files-ja/curve25519.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、与えられたサイズ（Keysize）の指定された乱数発生器RNGを使用してCurve25519キーを生成し、それを指定されたCurve25519_Key構造体に格納します。キー構造がWC_CURVE25519_INIT（）を介して初期化された後に呼び出されるべきです。
     \return 0  キーの生成に成功し、それを指定されたCurve25519_Key構造体に格納します。
     \return ECC_BAD_ARG_E  入力キーサイズがCurve25519キー（32バイト）のキーシェイズに対応していない場合は返されます。
@@ -27,7 +27,7 @@
 int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、秘密の秘密鍵と受信した公開鍵を考えると、共有秘密鍵を計算します。生成された秘密鍵をバッファアウトに保存し、ounlentの秘密鍵の変数を割り当てます。ビッグエンディアンのみをサポートします。
     \return 0  共有秘密鍵を正常に計算したときに返されました。
     \return BAD_FUNC_ARG  渡された入力パラメータのいずれかがNULLの場合に返されます。
@@ -59,7 +59,7 @@ int wc_curve25519_shared_secret(curve25519_key* private_key,
                                 byte* out, word32* outlen);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、秘密の秘密鍵と受信した公開鍵を考えると、共有秘密鍵を計算します。生成された秘密鍵をバッファアウトに保存し、ounlentの秘密鍵の変数を割り当てます。ビッグ・リトルエンディアンの両方をサポートします。
     \return 0  共有秘密鍵を正常に計算したときに返されました。
     \return BAD_FUNC_ARG  渡された入力パラメータのいずれかがNULLの場合に返されます。
@@ -94,7 +94,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
                                    byte* out, word32* outlen, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数はCurve25519キーを初期化します。構造のキーを生成する前に呼び出されるべきです。
     \return 0  Curve25519_Key構造体の初期化に成功しました。
     \return BAD_FUNC_ARG  キーがNULLのときに返されます。
@@ -110,7 +110,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
 int wc_curve25519_init(curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数はCurve25519オブジェクトを解放します。
     _Example_
     \code
@@ -125,7 +125,7 @@ int wc_curve25519_init(curve25519_key* key);
 void wc_curve25519_free(curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数はCurve25519秘密鍵のみをインポートします。（ビッグエンディアン）。
     \return 0  秘密鍵のインポートに成功しました。
     \return BAD_FUNC_ARG  キーまたはPRIVがNULLの場合は返します。
@@ -153,7 +153,7 @@ int wc_curve25519_import_private(const byte* priv, word32 privSz,
                                  curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  CURVE25519秘密鍵のインポートのみ。（大きなエンディアン）。
     \return 0  秘密鍵のインポートに成功しました。
     \return BAD_FUNC_ARG  キーまたはPRIVがNULLの場合は返します。
@@ -184,7 +184,7 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
                                     curve25519_key* key, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、パブリック秘密鍵ペアをCurve25519_Key構造体にインポートします。ビッグエンディアンのみ。
     \return 0  Curve25519_Key構造体へのインポートに返されます
     \return BAD_FUNC_ARG  入力パラメータのいずれかがNULLの場合に返します。
@@ -221,7 +221,7 @@ int wc_curve25519_import_private_raw(const byte* priv, word32 privSz,
                             const byte* pub, word32 pubSz, curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、パブリック秘密鍵ペアをCurve25519_Key構造体にインポートします。ビッグ・リトルエンディアンの両方をサポートします。
     \return 0  Curve25519_Key構造体へのインポートに返されます
     \return BAD_FUNC_ARG  入力パラメータのいずれかがNULLの場合に返します。
@@ -260,7 +260,7 @@ int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz,
                                         curve25519_key* key, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数はCurve25519_Key構造体から秘密鍵をエクスポートし、それを指定されたアウトバッファに格納します。また、エクスポートされたキーのサイズになるように概要を設定します。ビッグエンディアンのみ。
     \return 0  Curve25519_Key構造体から秘密鍵を正常にエクスポートしました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -291,7 +291,7 @@ int wc_curve25519_export_private_raw(curve25519_key* key, byte* out,
                                      word32* outLen);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数はCurve25519_Key構造体から秘密鍵をエクスポートし、それを指定されたアウトバッファに格納します。また、エクスポートされたキーのサイズになるように概要を設定します。それがビッグ・リトルエンディアンかを指定できます。
     \return 0  Curve25519_Key構造体から秘密鍵を正常にエクスポートしました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -324,7 +324,7 @@ int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out,
                                         word32* outLen, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、指定されたバッファから公開鍵をインポートし、それをCurve25519_Key構造体に格納します。
     \return 0  公開鍵をCurve25519_Key構造体に正常にインポートしました。
     \return ECC_BAD_ARG_E  InLenパラメータがキー構造のキーサイズと一致しない場合に返されます。
@@ -358,7 +358,7 @@ int wc_curve25519_import_public(const byte* in, word32 inLen,
                                 curve25519_key* key);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、指定されたバッファから公開鍵をインポートし、それをCurve25519_Key構造体に格納します。
     \return 0  公開鍵をCurve25519_Key構造体に正常にインポートしました。
     \return ECC_BAD_ARG_E  InLenパラメータがキー構造のキーサイズと一致しない場合に返されます。
@@ -393,7 +393,7 @@ int wc_curve25519_import_public_ex(const byte* in, word32 inLen,
                                    curve25519_key* key, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は、公開鍵バッファが指定されたエンディアンに対して有効なCurve2519キー値を保持していることを確認します。
     \return 0  公開鍵の値が有効なときに返されます。
     \return ECC_BAD_ARG_E  公開鍵の値が無効な場合は返されます。
@@ -420,7 +420,7 @@ int wc_curve25519_import_public_ex(const byte* in, word32 inLen,
 int wc_curve25519_check_public(const byte* pub, word32 pubSz, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は指定されたキー構造から公開鍵をエクスポートし、結果をアウトバッファに格納します。ビッグエンディアンのみ。
     \return 0  Curve25519_Key構造体から公開鍵を正常にエクスポートする上で返されます。
     \return ECC_BAD_ARG_E  outlenがcurve25519_pub_key_sizeより小さい場合に返されます。
@@ -449,7 +449,7 @@ int wc_curve25519_check_public(const byte* pub, word32 pubSz, int endian);
 int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は指定されたキー構造から公開鍵をエクスポートし、結果をアウトバッファに格納します。ビッグ・リトルエンディアンの両方をサポートします。
     \return 0  Curve25519_Key構造体から公開鍵を正常にエクスポートする上で返されます。
     \return ECC_BAD_ARG_E  outlenがcurve25519_pub_key_sizeより小さい場合に返されます。
@@ -481,7 +481,7 @@ int wc_curve25519_export_public_ex(curve25519_key* key, byte* out,
                                    word32* outLen, int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  Export Curve25519キーペア。ビッグエンディアンのみ。
     \return 0  Curve25519_Key構造体からキーペアのエクスポートに成功しました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -516,7 +516,7 @@ int wc_curve25519_export_key_raw(curve25519_key* key,
                                  byte* pub, word32 *pubSz);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  Export Curve25519キーペア。ビッグ・リトルエンディアン。
     \return 0  Curve25519_Key構造体からキーペアのエクスポートに成功しました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -555,7 +555,7 @@ int wc_curve25519_export_key_raw_ex(curve25519_key* key,
                                     int endian);
 
 /*!
-    \ingroup Curve25519 
+    \ingroup Curve25519
     \brief  この関数は与えられたキー構造のキーサイズを返します。
     \return Success  有効な初期化されたCurve25519_Key構造体を考慮すると、キーのサイズを返します。
     \return 0  キーがNULLの場合は返されます
diff --git a/doc/dox_comments/header_files-ja/curve448.h b/doc/dox_comments/header_files-ja/curve448.h
index 4a6a1d2e7..d6d8a307a 100644
--- a/doc/dox_comments/header_files-ja/curve448.h
+++ b/doc/dox_comments/header_files-ja/curve448.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、与えられたサイズ（Keysize）のサイズの指定された乱数発生器RNGを使用してCurve448キーを生成し、それを指定されたCurve448_Key構造体に格納します。キー構造がWC_CURVE448_INIT（）を介して初期化された後に呼び出されるべきです。
     \return 0  キーの生成に成功し、それを指定されたCurve448_Key構造体に格納します。
     \return ECC_BAD_ARG_E  入力キーサイズがCurve448キー（56バイト）のキーシェイズに対応していない場合は返されます。
@@ -27,7 +27,7 @@
 int wc_curve448_make_key(WC_RNG* rng, int keysize, curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、秘密の秘密鍵と受信した公開鍵を考えると、共有秘密鍵を計算します。生成された秘密鍵をバッファアウトに保存し、ounlentの秘密鍵の変数を割り当てます。ビッグエンディアンのみをサポートします。
     \return 0  共有秘密鍵を正常に計算する上で返却されました
     \return BAD_FUNC_ARG  渡された入力パラメーターのいずれかがNULLの場合に返されます
@@ -58,7 +58,7 @@ int wc_curve448_shared_secret(curve448_key* private_key,
                                 byte* out, word32* outlen);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、秘密の秘密鍵と受信した公開鍵を考えると、共有秘密鍵を計算します。生成された秘密鍵をバッファアウトに保存し、ounlentの秘密鍵の変数を割り当てます。ビッグ・リトルエンディアンの両方をサポートします。
     \return 0  共有秘密鍵を正常に計算したときに返されました。
     \return BAD_FUNC_ARG  渡された入力パラメータのいずれかがNULLの場合に返されます。
@@ -92,7 +92,7 @@ int wc_curve448_shared_secret_ex(curve448_key* private_key,
                                    byte* out, word32* outlen, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数はCurve448キーを初期化します。構造のキーを生成する前に呼び出されるべきです。
     \return 0  Curve448_Key構造体の初期化に成功しました。
     \return BAD_FUNC_ARG  キーがNULLのときに返されます。
@@ -108,7 +108,7 @@ int wc_curve448_shared_secret_ex(curve448_key* private_key,
 int wc_curve448_init(curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数はCurve448オブジェクトを解放します。
     _Example_
     \code
@@ -123,7 +123,7 @@ int wc_curve448_init(curve448_key* key);
 void wc_curve448_free(curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数はCurve448秘密鍵のみをインポートします。（ビッグエンディアン）。
     \return 0  秘密鍵のインポートに成功しました。
     \return BAD_FUNC_ARG  キーまたはPRIVがNULLの場合は返します。
@@ -151,7 +151,7 @@ int wc_curve448_import_private(const byte* priv, word32 privSz,
                                  curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  CURVE448秘密鍵のインポートのみ。（ビッグエンディアン）。
     \return 0  秘密鍵のインポートに成功しました。
     \return BAD_FUNC_ARG  キーまたはPRIVがNULLの場合は返します。
@@ -182,7 +182,7 @@ int wc_curve448_import_private_ex(const byte* priv, word32 privSz,
                                     curve448_key* key, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、public-秘密鍵のペアをCurve448_Key構造体にインポートします。ビッグエンディアンのみ。
     \return 0  Curve448_Key構造体へのインポート時に返されます。
     \return BAD_FUNC_ARG  入力パラメータのいずれかがNULLの場合に返します。
@@ -219,7 +219,7 @@ int wc_curve448_import_private_raw(const byte* priv, word32 privSz,
                             const byte* pub, word32 pubSz, curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、public-秘密鍵のペアをCurve448_Key構造体にインポートします。ビッグ・リトルエンディアンの両方をサポートします。
     \return 0  Curve448_Key構造体へのインポート時に返されます。
     \return BAD_FUNC_ARG  入力パラメータのいずれかがNULLの場合に返します。
@@ -259,7 +259,7 @@ int wc_curve448_import_private_raw_ex(const byte* priv, word32 privSz,
                                         curve448_key* key, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数はCurve448_Key構造体から秘密鍵をエクスポートし、それを指定されたバッファに格納します。また、エクスポートされたキーのサイズになるように概要を設定します。ビッグエンディアンのみ。
     \return 0  Curve448_Key構造体から秘密鍵を正常にエクスポートする上で返されました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -290,7 +290,7 @@ int wc_curve448_export_private_raw(curve448_key* key, byte* out,
                                      word32* outLen);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数はCurve448_Key構造体から秘密鍵をエクスポートし、それを指定されたバッファに格納します。また、エクスポートされたキーのサイズになるように概要を設定します。それが大きいかリトルエンディアンかを指定できます。
     \return 0  Curve448_Key構造体から秘密鍵を正常にエクスポートする上で返されました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -323,7 +323,7 @@ int wc_curve448_export_private_raw_ex(curve448_key* key, byte* out,
                                         word32* outLen, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、指定されたバッファから公開鍵をインポートし、それをCurve448_Key構造体に格納します。
     \return 0  公開鍵をCurve448_Key構造体に正常にインポートしました。
     \return ECC_BAD_ARG_E  InLenパラメータがキー構造のキーサイズと一致しない場合に返されます。
@@ -357,7 +357,7 @@ int wc_curve448_import_public(const byte* in, word32 inLen,
                                 curve448_key* key);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、指定されたバッファから公開鍵をインポートし、それをCurve448_Key構造体に格納します。
     \return 0  公開鍵をCurve448_Key構造体に正常にインポートしました。
     \return ECC_BAD_ARG_E  InLenパラメータがキー構造のキーサイズと一致しない場合に返されます。
@@ -392,7 +392,7 @@ int wc_curve448_import_public_ex(const byte* in, word32 inLen,
                                    curve448_key* key, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は、公開鍵バッファがエンディアン順序付けを与えられた有効なCurve448キー値を保持することを確認します。
     \return 0  公開鍵の値が有効なときに返されます。
     \return ECC_BAD_ARG_E  公開鍵の値が無効な場合は返されます。
@@ -419,7 +419,7 @@ int wc_curve448_import_public_ex(const byte* in, word32 inLen,
 int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は指定されたキー構造から公開鍵をエクスポートし、結果をアウトバッファに格納します。ビッグエンディアンのみ。
     \return 0  Curve448_Key構造体から公開鍵のエクスポートに成功しました。
     \return ECC_BAD_ARG_E  outlenがcurve448_pub_key_sizeより小さい場合に返されます。
@@ -449,7 +449,7 @@ int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian);
 int wc_curve448_export_public(curve448_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は指定されたキー構造から公開鍵をエクスポートし、結果をアウトバッファに格納します。ビッグ・リトルエンディアンの両方をサポートします。
     \return 0  Curve448_Key構造体から公開鍵のエクスポートに成功しました。
     \return ECC_BAD_ARG_E  outlenがcurve448_pub_key_sizeより小さい場合に返されます。
@@ -481,7 +481,7 @@ int wc_curve448_export_public_ex(curve448_key* key, byte* out,
                                    word32* outLen, int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は指定されたキー構造からキーペアをエクスポートし、結果をアウトバッファに格納します。ビッグエンディアンのみ。
     \return 0  Curve448_Key構造体からキーペアのエクスポートに成功しました。
     \return BAD_FUNC_ARG  入力パラメータがNULLの場合に返されます。
@@ -516,7 +516,7 @@ int wc_curve448_export_key_raw(curve448_key* key,
                                  byte* pub, word32 *pubSz);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  Curve448キーペアをエクスポートします。ビッグ、またはリトルエンディアン。
     \brief  この関数は指定されたキー構造からキーペアをエクスポートし、結果をアウトバッファに格納します。ビッグ、またはリトルエンディアン。
     \return 0  成功
@@ -556,7 +556,7 @@ int wc_curve448_export_key_raw_ex(curve448_key* key,
                                     int endian);
 
 /*!
-    \ingroup Curve448 
+    \ingroup Curve448
     \brief  この関数は与えられたキー構造のキーサイズを返します。
     \return Success  有効な初期化されたCurve448_Key構造体を考慮すると、キーのサイズを返します。
     \return 0  キーがNULLの場合は返されます。
diff --git a/doc/dox_comments/header_files-ja/des3.h b/doc/dox_comments/header_files-ja/des3.h
index c7f57aba0..a8829ef43 100644
--- a/doc/dox_comments/header_files-ja/des3.h
+++ b/doc/dox_comments/header_files-ja/des3.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は、引数として与えられたDES構造体のキーと初期化ベクトル（IV）を設定します。また、これらがまだ初期化されていない場合は、暗号化と復号化に必要なバッファーのスペースを初期化して割り当てます。注：IVが指定されていない場合（i.e.iv == null）初期化ベクトルは、デフォルトのIV 0になります。
     \return 0  DES構造体のキーと初期化ベクトルを正常に設定する
     \param des  初期化するDES構造へのポインタ
@@ -24,7 +24,7 @@ int  wc_Des_SetKey(Des* des, const byte* key,
                                const byte* iv, int dir);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は、引数として与えられたDES構造体の初期化ベクトル（IV）を設定します。NULL IVを渡したら、初期化ベクトルを0に設定します。
     \return none  いいえ返します。
     \param des  IVを設定するためのDES構造へのポインタ
@@ -41,7 +41,7 @@ int  wc_Des_SetKey(Des* des, const byte* key,
 void wc_Des_SetIV(Des* des, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力メッセージを暗号化し、結果を出力バッファーに格納します。暗号ブロックチェーンチェーン（CBC）モードでDES暗号化を使用します。
     \return 0  与えられた入力メッセージの暗号化に成功したときに返されます
     \param des  暗号化に使用するDES構造へのポインタ
@@ -66,7 +66,7 @@ int  wc_Des_CbcEncrypt(Des* des, byte* out,
                                    const byte* in, word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力暗号文を復号化し、結果の平文を出力バッファーに出力します。暗号ブロックチェーンチェーン（CBC）モードでDES暗号化を使用します。
     \return 0  与えられた暗号文を正常に復号化したときに返されました
     \param des  復号化に使用するDES構造へのポインタ
@@ -91,7 +91,7 @@ int  wc_Des_CbcDecrypt(Des* des, byte* out,
                                    const byte* in, word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力メッセージを暗号化し、結果を出力バッファーに格納します。電子コードブック（ECB）モードでDES暗号化を使用します。
     \return 0:  与えられた平文を正常に暗号化すると返されます。
     \param des  暗号化に使用するDES構造へのポインタ
@@ -115,7 +115,7 @@ int  wc_Des_EcbEncrypt(Des* des, byte* out,
                                    const byte* in, word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力メッセージを暗号化し、結果を出力バッファーに格納します。電子コードブック（ECB）モードでDES3暗号化を使用します。警告：ほぼすべてのユースケースでECBモードは安全性が低いと考えられています。可能な限りECB APIを直接使用しないでください。
     \return 0  与えられた平文を正常に暗号化すると返されます
     \param des3  暗号化に使用するDES3構造へのポインタ
@@ -139,7 +139,7 @@ int wc_Des3_EcbEncrypt(Des3* des, byte* out,
                                    const byte* in, word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は、引数として与えられたDES3構造のキーと初期化ベクトル（IV）を設定します。また、これらがまだ初期化されていない場合は、暗号化と復号化に必要なバッファーのスペースを初期化して割り当てます。注：IVが指定されていない場合（i.e.iv == null）初期化ベクトルは、デフォルトのIV 0になります。
     \return 0  DES構造体のキーと初期化ベクトルを正常に設定する
     \param des3  初期化するDES3構造へのポインタ
@@ -165,7 +165,7 @@ int  wc_Des3_SetKey(Des3* des, const byte* key,
                                 const byte* iv,int dir);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は、引数として与えられたDES3構造の初期化ベクトル（IV）を設定します。NULL IVを渡したら、初期化ベクトルを0に設定します。
     \return none  いいえ返します。
     \param des  IVを設定するためのDES3構造へのポインタ
@@ -184,7 +184,7 @@ int  wc_Des3_SetKey(Des3* des, const byte* key,
 int  wc_Des3_SetIV(Des3* des, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力メッセージを暗号化し、結果を出力バッファーに格納します。暗号ブロックチェーン（CBC）モードでトリプルDES（3DES）暗号化を使用します。
     \return 0  与えられた入力メッセージの暗号化に成功したときに返されます
     \param des  暗号化に使用するDES3構造へのポインタ
@@ -209,7 +209,7 @@ int  wc_Des3_CbcEncrypt(Des3* des, byte* out,
                                     const byte* in,word32 sz);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力暗号文を復号化し、結果の平文を出力バッファーに出力します。暗号ブロックチェーン（CBC）モードでトリプルDES（3DES）暗号化を使用します。
     \return 0  与えられた暗号文を正常に復号化したときに返されました
     \param des  復号化に使用するDES3構造へのポインタ
diff --git a/doc/dox_comments/header_files-ja/dh.h b/doc/dox_comments/header_files-ja/dh.h
index 45dda386b..e8db7eae7 100644
--- a/doc/dox_comments/header_files-ja/dh.h
+++ b/doc/dox_comments/header_files-ja/dh.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この関数は、Diffie-Hellman Exchangeプロトコルを使用して安全な秘密鍵を交渉するのに使用するためのDiffie-Hellmanキーを初期化します。
     \return none  いいえ返します。
     _Example_
@@ -13,7 +13,7 @@
 int wc_InitDhKey(DhKey* key);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この関数は、Diffie-Hellman Exchangeプロトコルを使用して安全な秘密鍵をネゴシエートするために使用された後にDiffie-Hellmanキーを解放します。
     \return none  いいえ返します。
     _Example_
@@ -28,7 +28,7 @@ int wc_InitDhKey(DhKey* key);
 void wc_FreeDhKey(DhKey* key);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この関数はdiffie-hellmanパブリックパラメータに基づいてパブリック/秘密鍵ペアを生成し、PRIVSの秘密鍵とPubの公開鍵を格納します。初期化されたDiffie-Hellmanキーと初期化されたRNG構造を取ります。
     \return BAD_FUNC_ARG  この関数への入力の1つを解析するエラーがある場合に返されます
     \return RNG_FAILURE_E  RNGを使用して乱数を生成するエラーが発生した場合
@@ -63,7 +63,7 @@ int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
                                  word32* privSz, byte* pub, word32* pubSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この関数は、ローカル秘密鍵と受信した公開鍵に基づいて合意された秘密鍵を生成します。交換の両側で完了した場合、この関数は対称通信のための秘密鍵の合意を生成します。共有秘密鍵の生成に成功すると、書かれた秘密鍵のサイズは仲間に保存されます。
     \return 0  合意された秘密鍵の生成に成功しました
     \return MP_INIT_E  共有秘密鍵の生成中にエラーが発生した場合に返却される可能性があります
@@ -100,7 +100,7 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
                        word32 pubSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この機能は、DERフォーマットのキーを含む与えられた入力バッファからDiffie-Hellmanキーをデコードします。結果をDHKEY構造体に格納します。
     \return 0  入力キーの復号に成功したときに返されます
     \return ASN_PARSE_E  入力のシーケンスを解析したエラーがある場合に返されます
@@ -128,7 +128,7 @@ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
                            word32);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この関数は、入力秘密鍵パラメータを使用してDHKEY構造体のキーを設定します。WC_DHKEYDECODEとは異なり、この関数は入力キーがDERフォーマットでフォーマットされ、代わりにPARSED入力パラメータP（Prime）とG（Base）を受け入れる必要はありません。
     \return 0  鍵の設定に成功しました
     \return BAD_FUNC_ARG  入力パラメータのいずれかがNULLに評価された場合に返されます。
@@ -157,7 +157,7 @@ int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
                         word32 gSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \brief  この関数は、与えられた入力バッファからDiffie-HellmanパラメータP（Prime）とG（ベース）をフォーマットされています。
     \return 0  DHパラメータの抽出に成功しました
     \return ASN_PARSE_E  DERフォーマットのDH証明書の解析中にエラーが発生した場合に返されます。
@@ -187,7 +187,7 @@ int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p,
                             word32* pInOutSz, byte* g, word32* gInOutSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe3072_Get
     \sa wc_Dh_ffdhe4096_Get
     \sa wc_Dh_ffdhe6144_Get
@@ -196,7 +196,7 @@ int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p,
 const DhParams* wc_Dh_ffdhe2048_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe2048_Get
     \sa wc_Dh_ffdhe4096_Get
     \sa wc_Dh_ffdhe6144_Get
@@ -205,7 +205,7 @@ const DhParams* wc_Dh_ffdhe2048_Get(void);
 const DhParams* wc_Dh_ffdhe3072_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe2048_Get
     \sa wc_Dh_ffdhe3072_Get
     \sa wc_Dh_ffdhe6144_Get
@@ -214,7 +214,7 @@ const DhParams* wc_Dh_ffdhe3072_Get(void);
 const DhParams* wc_Dh_ffdhe4096_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe2048_Get
     \sa wc_Dh_ffdhe3072_Get
     \sa wc_Dh_ffdhe4096_Get
@@ -223,7 +223,7 @@ const DhParams* wc_Dh_ffdhe4096_Get(void);
 const DhParams* wc_Dh_ffdhe6144_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
     \sa wc_Dh_ffdhe2048_Get
     \sa wc_Dh_ffdhe3072_Get
     \sa wc_Dh_ffdhe4096_Get
@@ -232,13 +232,13 @@ const DhParams* wc_Dh_ffdhe6144_Get(void);
 const DhParams* wc_Dh_ffdhe8192_Get(void);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
 */
 int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
                         const byte* priv, word32 privSz);
 
 /*!
-    \ingroup Diffie-Hellman 
+    \ingroup Diffie-Hellman
 */
 int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 pubSz);
 
diff --git a/doc/dox_comments/header_files-ja/doxygen_groups.h b/doc/dox_comments/header_files-ja/doxygen_groups.h
index e3009c31f..41c8495a9 100644
--- a/doc/dox_comments/header_files-ja/doxygen_groups.h
+++ b/doc/dox_comments/header_files-ja/doxygen_groups.h
@@ -154,7 +154,7 @@
       -# Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
       -# Derive SSV and auth data: wc_DeriveSakkeSSV()
       -# Free SAKKE Key: wc_FreeSakkeKey()
-    
+
     \defgroup SAKKE_Setup Setup SAKKE Key
     Operations for establishing a SAKKE key.
 
diff --git a/doc/dox_comments/header_files-ja/dsa.h b/doc/dox_comments/header_files-ja/dsa.h
index 64ae4733d..066a0a2e5 100644
--- a/doc/dox_comments/header_files-ja/dsa.h
+++ b/doc/dox_comments/header_files-ja/dsa.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  この関数は、デジタル署名アルゴリズム（DSA）を介した認証に使用するためにDSAKEYオブジェクトを初期化します。
     \return 0  成功に戻りました。
     \return BAD_FUNC_ARG  NULLキーが渡された場合に返されます。
@@ -14,7 +14,7 @@
 int wc_InitDsaKey(DsaKey* key);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  この関数は、使用された後にdsakeyオブジェクトを解放します。
     \return none  いいえ返します。
     _Example_
@@ -29,7 +29,7 @@ int wc_InitDsaKey(DsaKey* key);
 void wc_FreeDsaKey(DsaKey* key);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  この機能は入力ダイジェストに署名し、結果を出力バッファーに格納します。
     \return 0  入力ダイジェストに正常に署名したときに返されました
     \return MP_INIT_E  DSA署名の処理にエラーがある場合は返される可能性があります。
@@ -67,7 +67,7 @@ int wc_DsaSign(const byte* digest, byte* out,
                            DsaKey* key, WC_RNG* rng);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  この関数は、秘密鍵を考えると、ダイジェストの署名を検証します。回答パラメータでキーが正しく検証されているかどうか、正常な検証に対応する1、および失敗した検証に対応する0が格納されます。
     \return 0  検証要求の処理に成功したときに返されます。注：これは、署名が検証されていることを意味するわけではなく、関数が成功したというだけです。
     \return MP_INIT_E  DSA署名の処理にエラーがある場合は返される可能性があります。
@@ -106,7 +106,7 @@ int wc_DsaVerify(const byte* digest, const byte* sig,
                              DsaKey* key, int* answer);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  この機能は、DSA公開鍵を含むDERフォーマットの証明書バッファを復号し、与えられたDSakey構造体にキーを格納します。また、入力読み取りの長さに応じてINOUTIDXパラメータを設定します。
     \return 0  dsakeyオブジェクトの公開鍵を正常に設定する
     \return ASN_PARSE_E  証明書バッファを読みながらエンコーディングにエラーがある場合
@@ -133,7 +133,7 @@ int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx,
                                       DsaKey* key, word32 inSz);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  この機能は、DSA秘密鍵を含むDERフォーマットの証明書バッファをデコードし、指定されたDSakey構造体にキーを格納します。また、入力読み取りの長さに応じてINOUTIDXパラメータを設定します。
     \return 0  dsakeyオブジェクトの秘密鍵を正常に設定するに返されました
     \return ASN_PARSE_E  証明書バッファを読みながらエンコーディングにエラーがある場合
@@ -160,7 +160,7 @@ int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
                                        DsaKey* key, word32 inSz);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  DSAKEYキーをDERフォーマット、出力への書き込み（Inlen）、書き込まれたバイトを返します。
     \return outLen  成功、書かれたバイト数
     \return BAD_FUNC_ARG  キーまたは出力はNULLまたはキー - >タイプがDSA_PRIVATEではありません。
@@ -187,7 +187,7 @@ int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
 int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  DSAキーを作成します。
     \return MP_OKAY  成功
     \return BAD_FUNC_ARG  RNGまたはDSAのどちらかがnullです。
@@ -212,7 +212,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
 int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa);
 
 /*!
-    \ingroup DSA 
+    \ingroup DSA
     \brief  FIPS 186-4は、modulus_size値の有効な値を定義します（1024,160）（2048,256）（3072,256）
     \return 0  成功
     \return BAD_FUNC_ARG  RNGまたはDSAはNULLまたはMODULUS_SIZEが無効です。
diff --git a/doc/dox_comments/header_files-ja/ed448.h b/doc/dox_comments/header_files-ja/ed448.h
index d1f20f23d..b75d27e37 100644
--- a/doc/dox_comments/header_files-ja/ed448.h
+++ b/doc/dox_comments/header_files-ja/ed448.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、秘密鍵からED448公開鍵を生成します。公開鍵をバッファPubkeyに格納し、Pubkeyszでこのバッファに書き込まれたバイトを設定します。
     \return 0  公開鍵の作成に成功したときに返されます。
     \return BAD_FUNC_ARG  IFIキーまたはPubKeyがNULLに評価された場合、または指定されたキーサイズが57バイトではない場合（ED448には57バイトのキーがあります）。
@@ -31,7 +31,7 @@ int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey,
                          word32 pubKeySz);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は新しいED448キーを生成し、それをキーに格納します。
     \return 0  ED448_Keyを正常に作成したときに返されます。
     \return BAD_FUNC_ARG  RNGまたはKeyがNULLに評価された場合、または指定されたキーサイズが57バイトではない場合（ED448には57バイトのキーがあります）。
@@ -58,7 +58,7 @@ int wc_ed448_make_public(ed448_key* key, unsigned char* pubKey,
 int wc_ed448_make_key(WC_RNG* rng, int keysize, ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448_Keyオブジェクトを使用したメッセージに正解を保証します。
     \return 0  メッセージの署名を正常に生成すると返されます。
     \return BAD_FUNC_ARG  入力パラメータのいずれかがNULLに評価された場合、または出力バッファが小さすぎて生成された署名を保存する場合は返されます。
@@ -94,7 +94,7 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out,
                         word32 *outlen, ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、Ed448_Keyオブジェクトを使用してメッセージダイジェストに署名して信頼性を保証します。コンテキストは署名されたデータの一部として含まれています。ハッシュは、署名計算前のプリハッシュメッセージです。メッセージダイジェストを作成するために使用されるハッシュアルゴリズムはShake-256でなければなりません。
     \return 0  メッセージダイジェストの署名を正常に生成すると返されます。
     \return BAD_FUNC_ARG  返された入力パラメータはNULLに評価されます。出力バッファが小さすぎて生成された署名を保存するには小さすぎます。
@@ -135,7 +135,7 @@ int wc_ed448ph_sign_hash(const byte* hash, word32 hashLen, byte* out,
                          const byte* context, byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448_Keyオブジェクトを使用したメッセージに正解を保証します。コンテキストは署名されたデータの一部として含まれています。署名計算の前にメッセージは事前にハッシュされています。
     \return 0  メッセージの署名を正常に生成すると返されます。
     \return BAD_FUNC_ARG  返された入力パラメータはNULLに評価されます。出力バッファが小さすぎて生成された署名を保存するには小さすぎます。
@@ -176,7 +176,7 @@ int wc_ed448ph_sign_msg(const byte* in, word32 inLen, byte* out,
                         byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、メッセージのED448署名を確認して信頼性を確保します。文脈はデータ検証済みの一部として含まれています。答えはRESを介して返され、有効な署名に対応する1、無効な署名に対応する0を返します。
     \return 0  署名検証と認証を正常に実行したときに返されます。
     \return BAD_FUNC_ARG  いずれかの入力パラメータがNULLに評価された場合、またはSIGLENが署名の実際の長さと一致しない場合に返されます。
@@ -214,7 +214,7 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg,
                           const byte* context, byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、メッセージのダイジェストのED448シグネチャを検証して、信頼性を確保します。文脈はデータ検証済みの一部として含まれています。ハッシュは、署名計算前のプリハッシュメッセージです。メッセージダイジェストを作成するために使用されるハッシュアルゴリズムはShake-256でなければなりません。答えはRESを介して返され、有効な署名に対応する1、無効な署名に対応する0を返します。
     \return 0  署名検証と認証を正常に実行したときに返されます。
     \return BAD_FUNC_ARG  いずれかの入力パラメータがNULLに評価された場合、またはSIGLENが署名の実際の長さと一致しない場合に返されます。
@@ -252,7 +252,7 @@ int wc_ed448ph_verify_hash(const byte* sig, word32 siglen, const byte* hash,
                           const byte* context, byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、メッセージのED448署名を確認して信頼性を確保します。文脈はデータ検証済みの一部として含まれています。検証前にメッセージがプリハッシュされています。答えはRESを介して返され、有効な署名に対応する1、無効な署名に対応する0を返します。
     \return 0  署名検証と認証を正常に実行したときに返されます。
     \return BAD_FUNC_ARG  いずれかの入力パラメータがNULLに評価された場合、またはSIGLENが署名の実際の長さと一致しない場合に返されます。
@@ -290,7 +290,7 @@ int wc_ed448ph_verify_msg(const byte* sig, word32 siglen, const byte* msg,
                           const byte* context, byte contextLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、メッセージ検証で将来の使用のためにED448_Keyオブジェクトを初期化します。
     \return 0  ED448_Keyオブジェクトの初期化に成功したら返されます。
     \return BAD_FUNC_ARG  キーがNULLの場合は返されます。
@@ -306,7 +306,7 @@ int wc_ed448ph_verify_msg(const byte* sig, word32 siglen, const byte* msg,
 int wc_ed448_init(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、それが使用された後にED448オブジェクトを解放します。
     _Example_
     \code
@@ -321,7 +321,7 @@ int wc_ed448_init(ed448_key* key);
 void wc_ed448_free(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、公開鍵を含むバッファからPublic ED448_Keyペアをインポートします。この関数は圧縮キーと非圧縮キーの両方を処理します。
     \return 0  ED448_Keyのインポートに成功しました。
     \return BAD_FUNC_ARG  INまたはKEYがNULLに評価されている場合、またはINLENがED448キーのサイズより小さい場合に返されます。
@@ -346,7 +346,7 @@ void wc_ed448_free(ed448_key* key);
 int wc_ed448_import_public(const byte* in, word32 inLen, ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ed448秘密鍵をバッファからのみインポートします。
     \return 0  ED448秘密鍵のインポートに成功しました。
     \return BAD_FUNC_ARG  INまたはKEYがNULLに評価された場合、またはPRIVSZがED448_KEY_SIZEよりも小さい場合に返されます。
@@ -373,7 +373,7 @@ int wc_ed448_import_private_only(const byte* priv, word32 privSz,
                                  ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、一対のバッファからパブリック/プライベートED448キーペアをインポートします。この関数は圧縮キーと非圧縮キーの両方を処理します。
     \return 0  ED448キーのインポートに成功しました。
     \return BAD_FUNC_ARG  INまたはKEYがNULLに評価された場合、またはPROVSZがED448_KEY_SIZEまたはPUBSZのいずれかがeD448_PUB_KEY_SIZEよりも小さい場合に返されます。
@@ -404,7 +404,7 @@ int wc_ed448_import_private_key(const byte* priv, word32 privSz,
                                const byte* pub, word32 pubSz, ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448_Key構造体から秘密鍵をエクスポートします。公開鍵をバッファアウトに格納し、ounterenでこのバッファに書き込まれたバイトを設定します。
     \return 0  公開鍵のエクスポートに成功したら返されます。
     \return BAD_FUNC_ARG  いずれかの入力値がNULLに評価された場合に返されます。
@@ -432,7 +432,7 @@ int wc_ed448_import_private_key(const byte* priv, word32 privSz,
 int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448_Key構造体からの秘密鍵のみをエクスポートします。秘密鍵をバッファアウトに格納し、outlenにこのバッファに書き込まれたバイトを設定します。
     \return 0  秘密鍵のエクスポートに成功したら返されます。
     \return ECC_BAD_ARG_E  いずれかの入力値がNULLに評価された場合に返されます。
@@ -459,7 +459,7 @@ int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen);
 int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448_Key構造体からキーペアをエクスポートします。キーペアをバッファOUTに格納し、ounterenでこのバッファに書き込まれたバイトを設定します。
     \return 0  キーペアのエクスポートに成功したら返されます。
     \return ECC_BAD_ARG_E  いずれかの入力値がNULLに評価された場合に返されます。
@@ -490,7 +490,7 @@ int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen);
 int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448_Key構造体とは別にプライベートキーと公開鍵をエクスポートします。秘密鍵をバッファーPrivに格納し、PRIVSZでこのバッファに書き込まれたバイトを設定します。公開鍵をバッファPUBに格納し、Pubszでこのバッファに書き込まれたバイトを設定します。
     \return 0  キーペアのエクスポートに成功したら返されます。
     \return ECC_BAD_ARG_E  いずれかの入力値がNULLに評価された場合に返されます。
@@ -524,7 +524,7 @@ int wc_ed448_export_key(ed448_key* key,
                           byte* pub, word32 *pubSz);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ed448_key構造体の公開鍵をチェックします。
     \return 0  プライベートキーと公開鍵が一致した場合に返されます。
     \return BAD_FUNC_ARGS  与えられたキーがNULLの場合に返されます。
@@ -549,7 +549,7 @@ int wc_ed448_check_key(ed448_key* key);
 
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448秘密鍵のサイズ -  57バイトを返します。
     \return ED448_KEY_SIZE  有効な秘密鍵のサイズ（57バイト）。
     \return BAD_FUNC_ARGS  与えられたキーがNULLの場合に返されます。
@@ -569,7 +569,7 @@ int wc_ed448_check_key(ed448_key* key);
 int wc_ed448_size(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、秘密鍵サイズ（secret + public）をバイト単位で返します。
     \return ED448_PRV_KEY_SIZE  秘密鍵のサイズ（114バイト）。
     \return BAD_FUNC_ARG  key引数がnullの場合は返します。
@@ -590,7 +590,7 @@ int wc_ed448_size(ed448_key* key);
 int wc_ed448_priv_size(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は圧縮鍵サイズをバイト単位で返します（公開鍵）。
     \return ED448_PUB_KEY_SIZE  圧縮公開鍵のサイズ（57バイト）。
     \return BAD_FUNC_ARG  key引数がnullの場合は返します。
@@ -610,7 +610,7 @@ int wc_ed448_priv_size(ed448_key* key);
 int wc_ed448_pub_size(ed448_key* key);
 
 /*!
-    \ingroup ED448 
+    \ingroup ED448
     \brief  この関数は、ED448シグネチャのサイズ（バイト数114）を返します。
     \return ED448_SIG_SIZE  ED448シグネチャ（114バイト）のサイズ。
     \return BAD_FUNC_ARG  key引数がnullの場合は返します。
diff --git a/doc/dox_comments/header_files-ja/error-crypt.h b/doc/dox_comments/header_files-ja/error-crypt.h
index c558c33be..e660d1f32 100644
--- a/doc/dox_comments/header_files-ja/error-crypt.h
+++ b/doc/dox_comments/header_files-ja/error-crypt.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Error 
+    \ingroup Error
     \brief  この関数は、特定のバッファ内の特定のエラーコードのエラー文字列を格納します。
     \return none  いいえ返します。
     \param error  文字列を取得するためのエラーコード
@@ -17,7 +17,7 @@
 void wc_ErrorString(int err, char* buff);
 
 /*!
-    \ingroup Error 
+    \ingroup Error
     \brief  この関数は、特定のエラーコードのエラー文字列を返します。
     \return string  エラーコードのエラー文字列を文字列リテラルとして返します。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/evp.h b/doc/dox_comments/header_files-ja/evp.h
index 93355400e..d6fef8e5d 100644
--- a/doc/dox_comments/header_files-ja/evp.h
+++ b/doc/dox_comments/header_files-ja/evp.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  それぞれのwolfssl_evp_cipherポインタのゲッター関数。最初にプログラム内でwolfssl_evp_init（）を1回呼び出す必要があります。wolfssl_des_ecbマクロは、wolfssl_evp_des_ede3_ecb（）に対して定義する必要があります。
     \return pointer  DES EDE3操作のためのwolfssl_evp_cipherポインタを返します。
     _Example_
@@ -14,7 +14,7 @@
 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  それぞれのwolfssl_evp_cipherポインタのゲッター関数。最初にプログラム内でwolfssl_evp_init（）を1回呼び出す必要があります。wolfssl_des_ecbマクロは、wolfssl_evp_des_ecb（）に対して定義する必要があります。
     \return pointer  DES操作のためのwolfssl_evp_cipherポインタを返します。
     _Example_
@@ -28,7 +28,7 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void);
 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_md_ctxを初期化する機能。この関数はwolfssl_engineがwolfssl_engineを使用しないため、wolfssl_evp_digestinit（）のラッパーです。
     \return SSL_SUCCESS  正常に設定されている場合。
     \return SSL_FAILURE  成功しなかった場合
@@ -56,7 +56,7 @@ int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
                                      WOLFSSL_ENGINE *impl);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctxを初期化する機能。この関数はwolfssl_engineがwolfssl_engineを使用しないため、wolfssl_ciphinit（）のラッパーです。
     \return SSL_SUCCESS  正常に設定されている場合。
     \return SSL_FAILURE  成功しなかった場合
@@ -96,7 +96,7 @@ int  wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                     int enc);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctxを初期化する機能。WolfSSLはWOLFSSL_ENGINEを使用しないため、この関数はwolfssl_evp_ciphinit（）のラッパーです。暗号化フラグを暗号化するように設定します。
     \return SSL_SUCCESS  正常に設定されている場合。
     \return SSL_FAILURE  成功しなかった場合
@@ -128,7 +128,7 @@ int  wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                     const unsigned char* iv);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctxを初期化する機能。WolfSSLはWOLFSSL_ENGINEを使用しないため、この関数はwolfssl_evp_ciphinit（）のラッパーです。暗号化フラグを復号化するように設定します。
     \return SSL_SUCCESS  正常に設定されている場合。
     \return SSL_FAILURE  成功しなかった場合
@@ -169,7 +169,7 @@ int  wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                     const unsigned char* iv);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  データを暗号化/復号化する機能。バッファ内では暗号化または復号化され、OUTバッファが結果を保持します。OUTORは暗号化/復号化された情報の長さになります。
     \return SSL_SUCCESS  成功した場合
     \return SSL_FAILURE  成功しなかった場合
@@ -201,7 +201,7 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
                                    const unsigned char *in, int inl);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  この関数は、パディングを追加する最終暗号化操作を実行します。wolfssl_evp_ciph_no_paddingフラグがwolfssl_evp_cipher_ctx構造に設定されている場合、1が返され、暗号化/復号化は行われません。PADDING FLAGがSETIパディングを追加して暗号化すると、暗号化にCTXが設定されていると、復号化されたときにパディング値がチェックされます。
     \return 1  成功に戻りました。
     \return 0  失敗に遭遇した場合
@@ -221,7 +221,7 @@ int  wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
                                    unsigned char *out, int *outl);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  WolfSSL EVP_CIPHER_CTX構造キー長の設定機能
     \return SSL_SUCCESS  正常に設定されている場合。
     \return SSL_FAILURE  キーの長さを設定できなかった場合。
@@ -239,7 +239,7 @@ int  wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                                      int keylen);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  これはCTXブロックサイズのGetter関数です。
     \return size  ctx-> block_sizeを返します。
     _Example_
@@ -253,7 +253,7 @@ int  wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
 int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  これは暗号のブロックサイズのゲッター関数です。
     \return size  ブロックサイズを返します。
     _Example_
@@ -266,7 +266,7 @@ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx);
 int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  WolfSSL evp_cipher_ctx構造の設定機能
     \return none  いいえ返します。
     \param ctx  フラグを設定する構造
@@ -283,7 +283,7 @@ int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher);
 void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  WolfSSL evp_cipher_ctx構造のクリア機能
     \return none  いいえ返します。
     \param ctx  フラグをクリアするための構造
@@ -300,7 +300,7 @@ void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
 void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctx構造のためのセッター機能パディングを使用する。
     \return SSL_SUCCESS  正常に設定されている場合。
     \return BAD_FUNC_ARG  NULL引数が渡された場合。
@@ -317,7 +317,7 @@ int  wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad);
 
 
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  wolfssl_evp_cipher_ctx構造のゲッター関数廃止予定のV1.1.0
     \return unsigned  フラグ/モードの長い。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/hash.h b/doc/dox_comments/header_files-ja/hash.h
index e7ab99a7b..82ca76b70 100644
--- a/doc/dox_comments/header_files-ja/hash.h
+++ b/doc/dox_comments/header_files-ja/hash.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  この関数は提供されたwc_hashtypeのOIDを返します。
     \return OID  戻り値0を超えてください
     \return HASH_TYPE_E  ハッシュ型はサポートされていません。
@@ -18,7 +18,7 @@
 int wc_HashGetOID(enum wc_HashType hash_type);
 
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  この関数は、hash_typeのダイジェスト（出力）のサイズを返します。返品サイズは、WC_HASHに提供される出力バッファが十分に大きいことを確認するために使用されます。
     \return Success  正の戻り値は、ハッシュのダイジェストサイズを示します。
     \return Error  hash_typeがサポートされていない場合はhash_type_eを返します。
@@ -36,7 +36,7 @@ int wc_HashGetOID(enum wc_HashType hash_type);
 int wc_HashGetDigestSize(enum wc_HashType hash_type);
 
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  この関数は、提供されたデータバッファ上にハッシュを実行し、提供されたハッシュバッファにそれを返します。
     \return 0  そうでなければ、それ以外の誤り（bad_func_argやbuffer_eなど）。
     \param hash_type  "wc_hash_type_sha256"などの "enum wc_hashtype"からのハッシュ型。
@@ -61,7 +61,7 @@ int wc_Hash(enum wc_HashType hash_type,
     byte* hash, word32 hash_len);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  データを正常にハッシュしたときに返されます。
     \return Memory_E  メモリエラー、メモリを割り当てることができません。これは、小さなスタックオプションが有効になっているだけです。
@@ -86,7 +86,7 @@ int wc_Hash(enum wc_HashType hash_type,
 int wc_Md5Hash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  うまく返されました...。
     \return Memory_E  メモリエラー、メモリを割り当てることができません。これは、小さなスタックオプションが有効になっているだけです。
@@ -103,7 +103,7 @@ int wc_Md5Hash(const byte* data, word32 len, byte* hash);
 int wc_ShaHash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  うまく返されました...
     \return Memory_E  メモリエラー、メモリを割り当てることができません。これは、小さなスタックオプションが有効になっているだけです。
@@ -120,7 +120,7 @@ int wc_ShaHash(const byte* data, word32 len, byte* hash);
 int wc_Sha256Hash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  成功
     \return <0  エラー
@@ -137,7 +137,7 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash);
 int wc_Sha224Hash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  入力されたデータを正常にハッシュしたときに返されます
     \return Memory_E  メモリエラー、メモリを割り当てることができません。これは、小さなスタックオプションが有効になっているだけです。
@@ -154,7 +154,7 @@ int wc_Sha224Hash(const byte* data, word32 len, byte* hash);
 int wc_Sha512Hash(const byte* data, word32 len, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  データを正常にハッシュしたときに返されます
     \return Memory_E  メモリエラー、メモリを割り当てることができません。これは、小さなスタックオプションが有効になっているだけです。
diff --git a/doc/dox_comments/header_files-ja/iotsafe.h b/doc/dox_comments/header_files-ja/iotsafe.h
index 13f30fe5a..3a839eff7 100644
--- a/doc/dox_comments/header_files-ja/iotsafe.h
+++ b/doc/dox_comments/header_files-ja/iotsafe.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  この関数は与えられたコンテキストでのIoTセーフサポートを有効にします。
     \param ctx  IOTセーフサポートを有効にする必要があるWOLFSSL_CTXオブジェクトへのポインタ
     \return 0  成功した
@@ -19,7 +19,7 @@ int wolfSSL_CTX_iotsafe_enable(WOLFSSL_CTX *ctx);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  この関数は、IOT-SAFE TLSコールバックを特定のSSLセッションに接続します。
     \brief  スロットのIDが1バイトの長さの場合、SSLセッションをIoT-Safeアプレットに接続するように呼び出す必要があります。IOTセーフスロットのIDが2バイト以上の場合、\ REF WOLFSSL_IOTSAFE_ON_EX「WOLFSSL_IOTSAFE_ON_EX（）」を使用する必要があります。
     \param ssl  コールバックが有効になるWolfSSLオブジェクトへのポインタ
@@ -55,7 +55,7 @@ int wolfSSL_iotsafe_on(WOLFSSL *ssl, byte privkey_id,
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  この関数は、IOT-SAFE TLSコールバックを特定のSSLセッションに接続します。これは、IOTセーフスロットのIDを参照で渡すことができ、IDフィールドの長さをパラメータ "id_size"で指定できます。
     \param ssl  コールバックが有効になるWolfSSLオブジェクトへのポインタ
     \param privkey_id  ホストの秘密鍵を含むIoTセーフアプレットスロットのIDへのポインタ
@@ -100,7 +100,7 @@ int wolfSSL_iotsafe_on_ex(WOLFSSL *ssl, byte *privkey_id,
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  AT + CSIMコマンドのリードコールバックを関連付けます。この入力関数は通常、モデムと通信するUARTチャネルの読み取りイベントに関連付けられています。読み取りコールバックが関連付けられているのは、同時にIoT-Safeサポートを使用するすべてのコンテキストのグローバルと変更です。
     _Example_
     \code
@@ -116,7 +116,7 @@ int wolfSSL_iotsafe_on_ex(WOLFSSL *ssl, byte *privkey_id,
 void wolfIoTSafe_SetCSIM_read_cb(wolfSSL_IOTSafe_CSIM_read_cb rf);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  AT + CSIMコマンドの書き込みコールバックを関連付けます。この出力関数は通常、モデムと通信するUARTチャネル上のライトイベントに関連付けられています。Write Callbackが関連付けられているのは、同時にIoT-Safeサポートを使用するすべてのコンテキストのグローバルと変更です。
     _Example_
     \code
@@ -131,7 +131,7 @@ void wolfIoTSafe_SetCSIM_write_cb(wolfSSL_IOTSafe_CSIM_write_cb wf);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  IOTセーフ機能getrandomを使用して、指定されたサイズのランダムなバッファを生成します。この関数は、WolfCrypt RNGオブジェクトによって自動的に使用されます。
     \param out  ランダムなバイトシーケンスが格納されているバッファ。
     \param sz  生成するランダムシーケンスのサイズ（バイト単位）
@@ -140,7 +140,7 @@ int wolfIoTSafe_GetRandom(unsigned char* out, word32 sz);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  IOT-Safeアプレット上のファイルに保存されている証明書をインポートし、ローカルにメモリに保存します。1バイトのファイルIDフィールドで動作します。
     \param id  証明書が保存されているIOTセーフ・アプレットのファイルID
     \param output  証明書がインポートされるバッファー
@@ -171,7 +171,7 @@ int wolfIoTSafe_GetCert(uint8_t id, unsigned char *output, unsigned long sz);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  IOT-Safeアプレット上のファイルに保存されている証明書をインポートし、ローカルにメモリに保存します。\ ref wolfiotsafe_getcert "wolfiotsafe_getcert"と同等です。ただし、2バイト以上のファイルIDで呼び出すことができます。
     \param id  証明書が保存されているIOT-SAFEアプレットのファイルIDへのポインタ
     \param id_sz  ファイルIDのサイズ：バイト数
@@ -207,7 +207,7 @@ int wolfIoTSafe_GetCert(uint8_t id, unsigned char *output, unsigned long sz);
 int wolfIoTSafe_GetCert_ex(uint8_t *id, uint16_t id_sz, unsigned char *output, unsigned long sz);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  IOTセーフアプレットに格納されているECC 256ビットの公開鍵をECC_Keyオブジェクトにインポートします。
     \param key  IOT-SAFEアプレットからインポートされたキーを含むECC_KEYオブジェクト
     \param id  公開鍵が保存されているIOTセーフアプレットのキーID
@@ -218,7 +218,7 @@ int wolfIoTSafe_GetCert_ex(uint8_t *id, uint16_t id_sz, unsigned char *output, u
 int wc_iotsafe_ecc_import_public(ecc_key *key, byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC_KEYオブジェクトからIOT-SAFEアプレットへの書き込み可能なパブリックキースロットにECC 256ビット公開鍵をエクスポートします。
     \param key  エクスポートする鍵を含むecc_keyオブジェクト
     \param id  公開鍵が保存されているIOTセーフアプレットのキーID
@@ -230,7 +230,7 @@ int wc_iotsafe_ecc_export_public(ecc_key *key, byte key_id);
 
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC_KEYオブジェクトからIOT-SAFEアプレットへの書き込み可能なパブリックキースロットにECC 256ビット公開鍵をエクスポートします。\ ref WC_IOTSAFE_ECC_IMPORT_PUBLIC「WC_IOTSAFE_ECC_IMPORT_PUBLIC」と同等のものは、2バイト以上のキーIDで呼び出すことができる点を除きます。
     \param key  エクスポートする鍵を含むecc_keyオブジェクト
     \param id  公開鍵が保存されるIOTセーフアプレットのキーIDへのポインタ
@@ -242,7 +242,7 @@ int wc_iotsafe_ecc_export_public(ecc_key *key, byte key_id);
 int wc_iotsafe_ecc_import_public_ex(ecc_key *key, byte *key_id, word16 id_size);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC 256ビットキーをECC_KEYオブジェクトからIOTセーフアプレットに書き込み可能なプライベートキースロットにエクスポートします。
     \param key  エクスポートする鍵を含むecc_keyオブジェクト
     \param id  秘密鍵が保存されるIOTセーフアプレットのキーID
@@ -254,7 +254,7 @@ int wc_iotsafe_ecc_import_public_ex(ecc_key *key, byte *key_id, word16 id_size);
 int wc_iotsafe_ecc_export_private(ecc_key *key, byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC 256ビットキーをECC_KEYオブジェクトからIOTセーフアプレットに書き込み可能なプライベートキースロットにエクスポートします。\ ref WC_IOTSAFE_ECC_EXPORT_PRIVATE「WC_IOTSAFE_ECC_EXPORT_PRIVATE」を除き、2バイト以上のキーIDを呼び出すことができる点を除き、
     \param key  エクスポートする鍵を含むecc_keyオブジェクト
     \param id  秘密鍵が保存されるIOTセーフアプレットのキーIDへのポインタ
@@ -267,7 +267,7 @@ int wc_iotsafe_ecc_export_private(ecc_key *key, byte key_id);
 int wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  事前計算された256ビットハッシュに署名して、IOT-SAFEアプレットに、以前に保存されたプライベートキー、またはプリプロビジョニングされています。
     \param in  サインするメッセージハッシュを含むバッファへのポインタ
     \param inlen  署名するメッセージの長さ
@@ -282,7 +282,7 @@ int wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size)
 int wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen, byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  事前計算された256ビットハッシュに署名して、IOT-SAFEアプレットに、以前に保存されたプライベートキー、またはプリプロビジョニングされています。\ ref wc_iotsafe_ecc_sign_hash "wc_iotsafe_ecc_sign_hash"と同等です。ただし、2バイト以上のキーIDで呼び出すことができます。
     \param in  サインするメッセージハッシュを含むバッファへのポインタ
     \param inlen  署名するメッセージの長さ
@@ -298,7 +298,7 @@ int wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen,
 int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outlen, byte *key_id, word16 id_size);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  予め計算された256ビットハッシュに対するECCシグネチャを、IOT-SAFEアプレット内のプリプロビジョニング、またはプロビジョニングされたプリプロビジョニングを使用します。結果はRESに書き込まれます。1が有効で、0が無効です。注：有効なテストに戻り値を使用しないでください。Resのみを使用してください。
     \return 0  成功すると（署名が無効であっても）
     \return <  故障の場合は0
@@ -313,7 +313,7 @@ int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outle
 int wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  予め計算された256ビットハッシュに対するECCシグネチャを、IOT-SAFEアプレット内のプリプロビジョニング、またはプロビジョニングされたプリプロビジョニングを使用します。結果はRESに書き込まれます。1が有効で、0が無効です。注：有効なテストに戻り値を使用しないでください。Resのみを使用してください。\ ref WC_IOTSAFE_ECC_VERIFY_HASH "WC_IOTSAFE_ECC_VERIFY_HASH"を除き、2バイト以上のキーIDで呼び出すことができる点を除きます。
     \return 0  成功すると（署名が無効であっても）
     \return <  故障の場合は0
@@ -329,7 +329,7 @@ int wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hash
 int wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte *key_id, word16 id_size);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC 256ビットのキーペアを生成し、それを（書き込み可能な）スロットにIOTセーフなアプレットに保存します。
     \param key_id  ECCキーペアがIOTセーフアプレットに格納されているスロットのID。
     \return 0  成功すると
@@ -340,7 +340,7 @@ int wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash, word32 h
 int wc_iotsafe_ecc_gen_k(byte key_id);
 
 /*!
-    \ingroup IoTSafe 
+    \ingroup IoTSafe
     \brief  ECC 256ビットのキーペアを生成し、それを（書き込み可能な）スロットにIOTセーフなアプレットに保存します。\ ref wc_iotsafe_ecc_gen_k "wc_iotsafe_ecc_gen_k"と同等です。ただし、2バイト以上のキーIDで呼び出すことができます。
     \param key_id  ECCキーペアがIOTセーフアプレットに格納されているスロットのID。
     \param id_size  キーIDサイズ
diff --git a/doc/dox_comments/header_files-ja/logging.h b/doc/dox_comments/header_files-ja/logging.h
index 1f6a57233..47b61417e 100644
--- a/doc/dox_comments/header_files-ja/logging.h
+++ b/doc/dox_comments/header_files-ja/logging.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Logging 
+    \ingroup Logging
     \brief  この関数は、WolfSSLログメッセージを処理するために使用されるロギングコールバックを登録します。デフォルトでは、システムがIT fprintf（）をSTDERRにサポートしている場合は、この関数を使用することによって、ユーザーによって何でも実行できます。
     \return Success  成功した場合、この関数は0を返します。
     \return BAD_FUNC_ARG  関数ポインタが提供されていない場合に返されるエラーです。
@@ -24,7 +24,7 @@
 int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
 
 /*!
-    \ingroup Debug 
+    \ingroup Debug
     \brief  ビルド時にロギングが有効になっている場合、この関数は実行時にロギングをオンにします。ビルド時にログ記録を有効にするには--enable-debugまたはdebug_wolfsslを定義します。
     \return 0  成功すると。
     \return NOT_COMPILED_IN  このビルドに対してロギングが有効になっていない場合は返されるエラーです。
@@ -38,7 +38,7 @@ int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
 int  wolfSSL_Debugging_ON(void);
 
 /*!
-    \ingroup Debug 
+    \ingroup Debug
     \brief  この関数はランタイムロギングメッセージをオフにします。彼らがすでに消えている場合は、行動はとられません。
     \return none  いいえ返します。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/md2.h b/doc/dox_comments/header_files-ja/md2.h
index b96f50452..07d854502 100644
--- a/doc/dox_comments/header_files-ja/md2.h
+++ b/doc/dox_comments/header_files-ja/md2.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup MD2 
+    \ingroup MD2
     \brief  この関数はMD2を初期化します。これはWC_MD2HASHによって自動的に呼び出されます。
     \return 0  初期化に成功したときに返されます
     _Example_
@@ -20,7 +20,7 @@
 void wc_InitMd2(Md2*);
 
 /*!
-    \ingroup MD2 
+    \ingroup MD2
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \param md2  暗号化に使用するMD2構造へのポインタ
@@ -46,7 +46,7 @@ void wc_InitMd2(Md2*);
 void wc_Md2Update(Md2* md2, const byte* data, word32 len);
 
 /*!
-    \ingroup MD2 
+    \ingroup MD2
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。
     \return 0  ファイナライズに成功したときに返されます。
     \param md2  暗号化に使用するMD2構造へのポインタ
@@ -71,7 +71,7 @@ void wc_Md2Update(Md2* md2, const byte* data, word32 len);
 void wc_Md2Final(Md2* md2, byte* hash);
 
 /*!
-    \ingroup MD2 
+    \ingroup MD2
     \brief  利便性機能は、すべてのハッシュを処理し、その結果をハッシュに入れます。
     \return 0  データを正常にハッシュしたときに返されます。
     \return Memory_E  メモリエラー、メモリを割り当てることができません。これは、小さなスタックオプションが有効になっているだけです。
diff --git a/doc/dox_comments/header_files-ja/md4.h b/doc/dox_comments/header_files-ja/md4.h
index b7a203330..be9e537ee 100644
--- a/doc/dox_comments/header_files-ja/md4.h
+++ b/doc/dox_comments/header_files-ja/md4.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup MD4 
+    \ingroup MD4
     \brief  この関数はMD4を初期化します。これはWC_MD4HASHによって自動的に呼び出されます。
     \return 0  初期化に成功したときに返されます
     _Example_
@@ -20,7 +20,7 @@
 void wc_InitMd4(Md4*);
 
 /*!
-    \ingroup MD4 
+    \ingroup MD4
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \param md4  暗号化に使用するMD4構造へのポインタ
@@ -46,7 +46,7 @@ void wc_InitMd4(Md4*);
 void wc_Md4Update(Md4* md4, const byte* data, word32 len);
 
 /*!
-    \ingroup MD4 
+    \ingroup MD4
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。
     \return 0  ファイナライズに成功したときに返されます。
     \param md4  暗号化に使用するMD4構造へのポインタ
diff --git a/doc/dox_comments/header_files-ja/md5.h b/doc/dox_comments/header_files-ja/md5.h
index 68c9b6e5d..78bdb8bd6 100644
--- a/doc/dox_comments/header_files-ja/md5.h
+++ b/doc/dox_comments/header_files-ja/md5.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  この関数はMD5を初期化します。これはWC_MD5HASHによって自動的に呼び出されます。
     \return 0  初期化に成功したときに返されます。
     \return BAD_FUNC_ARG  MD5構造がNULL値として渡された場合に返されます。
@@ -28,7 +28,7 @@
 int wc_InitMd5(wc_Md5*);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \return BAD_FUNC_ARG  MD5構造がNULLの場合、またはデータがNULLで、LENがゼロより大きい場合に返されます。DATAパラメーターがNULLでLENがゼロの場合、関数はエラーを返してはいけません。
@@ -61,7 +61,7 @@ int wc_InitMd5(wc_Md5*);
 int wc_Md5Update(wc_Md5* md5, const byte* data, word32 len);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。MD5構造体がリセットされます。注：この関数は、habe_intel_qaが定義されている場合にintelqasymmd5（）を呼び出す結果も返します。
     \return 0  ファイナライズに成功したときに返されます。
     \return BAD_FUNC_ARG  MD5構造またはハッシュポインタがNULLで渡された場合に返されます。
@@ -93,7 +93,7 @@ int wc_Md5Update(wc_Md5* md5, const byte* data, word32 len);
 int wc_Md5Final(wc_Md5* md5, byte* hash);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  MD5構造をリセットします。注：これは、wolfssl_ti_hashが定義されている場合にのみサポートされています。
     \return none  いいえ返します。
     _Example_
@@ -118,7 +118,7 @@ int wc_Md5Final(wc_Md5* md5, byte* hash);
 void wc_Md5Free(wc_Md5*);
 
 /*!
-    \ingroup MD5 
+    \ingroup MD5
     \brief  ハッシュデータを取得します。結果はハッシュに入れられます。MD5構造はリセットされません。
     \return none  いいえリターン
     \param md5  暗号化に使用するMD5構造へのポインタ。
diff --git a/doc/dox_comments/header_files-ja/memory.h b/doc/dox_comments/header_files-ja/memory.h
index ecad955ab..e7e838f73 100644
--- a/doc/dox_comments/header_files-ja/memory.h
+++ b/doc/dox_comments/header_files-ja/memory.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  この関数はmalloc（）と似ていますが、WolfSSLが使用するように構成されているメモリ割り当て関数を呼び出します。デフォルトでは、WolfSSLはmalloc（）を使用します。これは、WolfSSLメモリ抽象化レイヤを使用して変更できます -  wolfssl_setAllocator（）を参照してください。注WOLFSSL_MALLOCは、WOLFSSLによって直接呼び出されませんが、代わりにMacro XMallocによって呼び出されます。デフォルトのビルドの場合、size引数のみが存在します。wolfssl_static_memoryビルドを使用する場合は、ヒープとタイプ引数が含まれます。
     \return pointer  成功した場合、この関数は割り当てられたメモリへのポインタを返します。
     \return error  エラーがある場合は、NULLが返されます。
@@ -19,7 +19,7 @@
 void* wolfSSL_Malloc(size_t size, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  この関数はfree（）と似ていますが、WolfSSLが使用するように構成されているメモリフリー機能を呼び出します。デフォルトでは、WolfSSLはfree（）を使用します。これは、WolfSSLメモリ抽象化レイヤを使用して変更できます -  wolfssl_setAllocator（）を参照してください。注WOLFSSL_FREEはWOLFSSLによって直接呼び出されませんが、代わりにマクロXFreeによって呼び出されます。デフォルトのビルドの場合、PTR引数のみが存在します。wolfssl_static_memoryビルドを使用する場合は、ヒープとタイプ引数が含まれます。
     \return none  いいえ返します。
     \param ptr  解放されるメモリへのポインタ。
@@ -43,7 +43,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type);
 void  wolfSSL_Free(void *ptr, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  この関数はREALLOC（）と似ていますが、WolfSSLが使用するように構成されているメモリ再割り当て機能を呼び出します。デフォルトでは、WolfSSLはRealLoc（）を使用します。これは、WolfSSLメモリ抽象化レイヤを使用して変更できます -  wolfssl_setAllocator（）を参照してください。注WOLFSSL_REALLOCはWOLFSSLによって直接呼び出されませんが、代わりにマクロXreallocによって呼び出されます。デフォルトのビルドの場合、size引数のみが存在します。wolfssl_static_memoryビルドを使用する場合は、ヒープとタイプ引数が含まれます。
     \return pointer  成功した場合、この関数はマイポイントを再割り当てするためのポインタを返します。これはPTRと同じポインタ、または新しいポインタの場所であり得る。
     \return Null  エラーがある場合は、NULLが返されます。
@@ -65,7 +65,7 @@ void  wolfSSL_Free(void *ptr, void* heap, int type);
 void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  この機能は、WolfSSLが使用する割り当て関数を登録します。デフォルトでは、システムがそれをサポートしている場合、Malloc / FreeとRealLocが使用されます。この機能を使用すると、実行時にユーザーは独自のメモリハンドラをインストールできます。
     \return Success  成功した場合、この関数は0を返します。
     \return BAD_FUNC_ARG  関数ポインタが提供されていない場合に返されるエラーです。
@@ -101,7 +101,7 @@ int wolfSSL_SetAllocators(wolfSSL_Malloc_cb,
                                       wolfSSL_Realloc_cb);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  この機能は、静的メモリ機能が使用されている場合（--enable-staticMemory）の場合に使用できます。メモリの「バケット」に最適なバッファサイズを示します。これにより、パーティション化された後に追加の未使用のメモリが終了しないように、バッファサイズを計算する方法が可能になります。返された値は、正の場合、使用するコンピュータのバッファサイズです。
     \return Success  バッファサイズ計算を正常に完了すると、正の値が返されます。この返された値は最適なバッファサイズです。
     \return Failure  すべての負の値はエラーの場合と見なされます。
@@ -124,7 +124,7 @@ int wolfSSL_SetAllocators(wolfSSL_Malloc_cb,
 int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  この機能は、静的メモリ機能が使用されている場合（--enable-staticMemory）の場合に使用できます。メモリの各パーティションに必要なパディングのサイズを示します。このパディングサイズは、メモリアライメントのために追加のメモリ管理構造を含む必要があるサイズになります。
     \return On  正常なメモリパディング計算戻り値は正の値になります
     \return All  負の値はエラーケースと見なされます。
diff --git a/doc/dox_comments/header_files-ja/pem.h b/doc/dox_comments/header_files-ja/pem.h
index 3b322644e..e94085e7d 100644
--- a/doc/dox_comments/header_files-ja/pem.h
+++ b/doc/dox_comments/header_files-ja/pem.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup openSSL 
+    \ingroup openSSL
     \brief  この関数は、PEM形式のwolfssl_bio構造体にキーを書き込みます。
     \return SSL_SUCCESS  成功すると。
     \return SSL_FAILURE  失敗すると。
diff --git a/doc/dox_comments/header_files-ja/pkcs7.h b/doc/dox_comments/header_files-ja/pkcs7.h
index 85d1b68cf..924ae4f3f 100644
--- a/doc/dox_comments/header_files-ja/pkcs7.h
+++ b/doc/dox_comments/header_files-ja/pkcs7.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数は、DERフォーマットの証明書を使用してPKCS7構造を初期化します。空のPKCS7構造を初期化するには、NULL CERTとCERTSZの場合は0を渡すことができます。
     \return 0  PKCS7構造の初期化に成功しました
     \return MEMORY_E  xmallocでメモリを割り当てるエラーがある場合
@@ -33,7 +33,7 @@
 int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数は、PKCS7の初期化装置によって割り当てられたメモリを解放します。
     \return none  いいえ返します。
     _Example_
@@ -48,7 +48,7 @@ int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
 void wc_PKCS7_Free(PKCS7* pkcs7);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数はPKCS7データコンテンツタイプを構築し、PKCS7構造をパーセル可能なPKCS7データパケットを含むバッファにエンコードします。
     \return Success  PKCS7データをバッファに正常にエンコードすると、PKCS7構造内の索引を返します。このインデックスは、出力バッファに書き込まれたバイトにも対応しています。
     \return BUFFER_E  指定されたバッファがエンコードされた証明書を保持するのに十分な大きさでない場合に返されます
@@ -81,7 +81,7 @@ int  wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
                                        word32 outputSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数はPKCS7署名付きデータコンテンツタイプを構築し、PKCS7構造をPARSable PKCS7署名付きデータパケットを含むバッファにエンコードします。
     \return Success  PKCS7データをバッファに正常にエンコードすると、PKCS7構造内の索引を返します。このインデックスは、出力バッファに書き込まれたバイトにも対応しています。
     \return BAD_FUNC_ARG  PKCS7構造が署名付きデータパケットを生成するための1つ以上の要求要素が欠落している場合に返されます。
@@ -135,9 +135,9 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
                                        byte* output, word32 outputSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数は、PKCS7の署名付きデータコンテンツタイプを構築し、PKCS7構造をエンコードし、Parsable PKCS7署名付きデータパケットを含むヘッダーおよびフッターバッファにエンコードします。これにはコンテンツは含まれません。ハッシュを計算してデータに提供する必要があります
-    \return 0=Success 
+    \return 0=Success
     \return BAD_FUNC_ARG  PKCS7構造が署名付きデータパケットを生成するための1つ以上の要求要素が欠落している場合に返されます。
     \return MEMORY_E  メモリの割り当て中にエラーが発生した場合に返されます
     \return PUBLIC_KEY_E  公開鍵の解析中にエラーがある場合
@@ -194,7 +194,7 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
         wc_HashFree(&hash, hashType);
     }
 
-    ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 
+    ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
         &pkcs7HeadSz, pkcs7FootBuff, &pkcs7FootSz);
     if ( ret != 0 ) {
         // error encoding into output buffer
@@ -205,12 +205,12 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
     \sa wc_PKCS7_InitWithCert
     \sa wc_PKCS7_VerifySignedData_ex
 */
-int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, 
+int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot,
     word32* outputFootSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数は、送信されたPKCS7の署名付きデータメッセージを取り、証明書リストと証明書失効リストを抽出してから署名を検証します。与えられたPKCS7構造に抽出されたコンテンツを格納します。
     \return 0  メッセージから情報を抽出することに成功しました
     \return BAD_FUNC_ARG  入力パラメータの1つが無効な場合は返されます
@@ -263,7 +263,7 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
 
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この機能は、送信されたPKCS7署名付きデータメッセージをHASH /ヘッダー/フッターとして取り出してから、証明書リストと証明書失効リストを抽出してから、署名を検証します。与えられたPKCS7構造に抽出されたコンテンツを格納します。
     \return 0  メッセージから情報を抽出することに成功しました
     \return BAD_FUNC_ARG  入力パラメータの1つが無効な場合は返されます
@@ -321,7 +321,7 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
         wc_HashFree(&hash, hashType);
     }
 
-    ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 
+    ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
         sizeof(pkcs7HeadBuff), pkcs7FootBuff, sizeof(pkcs7FootBuff));
     if ( ret != 0 ) {
         // error encoding into output buffer
@@ -332,12 +332,12 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
     \sa wc_PKCS7_InitWithCert
     \sa wc_PKCS7_EncodeSignedData_ex
 */
-int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, 
+int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
     word32 pkiMsgFootSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数は、PKCS7構造を編集し、PKCS7構造を符号化し、Parsable PKCS7エンベロープデータパケットを含むバッファに編集します。
     \return Success  エンベロープデータ形式でメッセージを正常にエンコードする上で返信され、出力バッファに書き込まれたサイズを返します。
     \return BAD_FUNC_ARG:  入力パラメータの1つが無効な場合、またはPKCS7構造が必要な要素を欠落している場合
@@ -376,7 +376,7 @@ int  wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
 
 /*!
-    \ingroup PKCS7 
+    \ingroup PKCS7
     \brief  この関数はPKCS7エンベロープデータコンテンツタイプをアントラップして復号化し、メッセージを出力にデコードします。渡されたPKCS7オブジェクトの秘密鍵を使用してメッセージを復号化します。
     \return On  メッセージから情報を抽出するには、出力に書き込まれたバイト数を返します。
     \return BAD_FUNC_ARG  入力パラメータの1つが無効な場合は返されます
diff --git a/doc/dox_comments/header_files-ja/poly1305.h b/doc/dox_comments/header_files-ja/poly1305.h
index e7af5fbf2..905a30025 100644
--- a/doc/dox_comments/header_files-ja/poly1305.h
+++ b/doc/dox_comments/header_files-ja/poly1305.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Poly1305 
+    \ingroup Poly1305
     \brief  この関数は、Poly1305コンテキスト構造のキーを設定し、ハッシュに初期化します。注：セキュリティを確保するために、WC_POLY1305FINALでメッセージハッシュを生成した後に新しいキーを設定する必要があります。
     \return 0  キーを正常に設定し、Poly1305構造の初期化
     \return BAD_FUNC_ARG  与えられたキーが32バイトの長さでない場合、またはPoly1305コンテキストがNULLの場合
@@ -18,7 +18,7 @@ int wc_Poly1305SetKey(Poly1305* poly1305, const byte* key,
                                   word32 kySz);
 
 /*!
-    \ingroup Poly1305 
+    \ingroup Poly1305
     \brief  この関数は、Poly1305構造を持つハッシュにメッセージを更新します。
     \return 0  ハッシュへのメッセージの更新に成功しました
     \return BAD_FUNC_ARG  Poly1305構造がNULLの場合に返されます
@@ -42,7 +42,7 @@ int wc_Poly1305SetKey(Poly1305* poly1305, const byte* key,
 int wc_Poly1305Update(Poly1305* poly1305, const byte* m, word32 bytes);
 
 /*!
-    \ingroup Poly1305 
+    \ingroup Poly1305
     \brief  この関数は入力メッセージのハッシュを計算し、結果をMACに格納します。この後、キーをリセットする必要があります。
     \return 0  最後のMacの計算に成功した
     \return BAD_FUNC_ARG  Poly1305構造がNULLの場合に返されます
@@ -68,7 +68,7 @@ int wc_Poly1305Update(Poly1305* poly1305, const byte* m, word32 bytes);
 int wc_Poly1305Final(Poly1305* poly1305, byte* tag);
 
 /*!
-    \ingroup Poly1305 
+    \ingroup Poly1305
     \brief  鍵がロードされ、最近のTLS AEADパディング方式を使用してMAC（タグ）を作成する初期化されたPoly1305構造体を取ります。
     \return 0  成功
     \return BAD_FUNC_ARG  CTX、INPUT、またはTAGがNULLの場合、または追加がNULLで、ADDSZが0より大きい場合、またはTAGSZがWC_POLY1305_MAC_SZより小さい場合に返されます。
diff --git a/doc/dox_comments/header_files-ja/psa.h b/doc/dox_comments/header_files-ja/psa.h
index fed655db9..15c359b84 100644
--- a/doc/dox_comments/header_files-ja/psa.h
+++ b/doc/dox_comments/header_files-ja/psa.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup PSA 
+    \ingroup PSA
     \brief  この関数は、与えられたコンテキストでのPSAサポートを可能にします。
     \param ctx  PSAサポートを有効にする必要があるWOLFSSL_CTXオブジェクトへのポインタ
     \return WOLFSSL_SUCCESS  成功した
@@ -19,7 +19,7 @@
 int wolfSSL_CTX_psa_enable(WOLFSSL_CTX *ctx);
 
 /*!
-    \ingroup PSA 
+    \ingroup PSA
     \brief  与えられたSSLセッションのPSAコンテキストを設定する機能
     \param ssl  CTXが有効になるWolfSSLへのポインタ
     \param ctx  Struct PSA_SSL_CTXへのポインタ（SSLセッションに固有である必要があります）
@@ -41,14 +41,14 @@ int wolfSSL_CTX_psa_enable(WOLFSSL_CTX *ctx);
 int wolfSSL_set_psa_ctx(WOLFSSL *ssl, struct psa_ssl_ctx *ctx);
 
 /*!
-    \ingroup PSA 
+    \ingroup PSA
     \brief  この関数はPSAコンテキストによって使用されるリソースを解放します
     \sa wolfSSL_set_psa_ctx
 */
 void wolfSSL_free_psa_ctx(struct psa_ssl_ctx *ctx);
 
 /*!
-    \ingroup PSA 
+    \ingroup PSA
     \brief  この関数は、SSLセッションによって使用される秘密鍵を設定します
     \param ctx  構造体PSA_SSL_CTXへのポインタ
     _Example_
diff --git a/doc/dox_comments/header_files-ja/random.h b/doc/dox_comments/header_files-ja/random.h
index b513d6d5d..372014708 100644
--- a/doc/dox_comments/header_files-ja/random.h
+++ b/doc/dox_comments/header_files-ja/random.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  Init Global WhiteWood Netrandomのコンテキスト
     \return 0  成功
     \return BAD_FUNC_ARG  configfileがnullまたはタイムアウトのどちらかが否定的です。
@@ -21,7 +21,7 @@
 int  wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  無料のGlobal WhiteWood Netrandomコンテキスト。
     \return 0  成功
     \return BAD_MUTEX_E  Wnr_Mutexでミューテックスをロックするエラー
@@ -38,7 +38,7 @@ int  wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout)
 int  wc_FreeNetRandom(void);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  RNGのシード（OSから）とキー暗号を取得します。割り当てられたRNG-> DRBG（決定論的ランダムビットジェネレータ）が割り当てられます（WC_FREERNGで割り当てられている必要があります）。これはブロッキング操作です。
     \return 0  成功しています。
     \return MEMORY_E  XMallocに失敗しました
@@ -74,7 +74,7 @@ int  wc_FreeNetRandom(void);
 int  wc_InitRng(WC_RNG*);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  疑似ランダムデータのSZバイトを出力にコピーします。必要に応じてRNG（ブロッキング）します。
     \return 0  成功した
     \return BAD_FUNC_ARG  入力はNULLまたはSZがMAX_REQUEST_LENを超えています
@@ -106,7 +106,7 @@ int  wc_InitRng(WC_RNG*);
 int  wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  新しいWC_RNG構造を作成します。
     \return WC_RNG  成功の構造
     \return NULL  誤りに
@@ -130,7 +130,7 @@ int  wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz);
 WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap)
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  wc_rng_generateBlockを呼び出して、疑似ランダムデータのバイトをbにコピーします。必要に応じてRNGが再販されます。
     \return 0  成功した
     \return BAD_FUNC_ARG  入力はNULLまたはSZがMAX_REQUEST_LENを超えています
@@ -162,7 +162,7 @@ WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap)
 int  wc_RNG_GenerateByte(WC_RNG* rng, byte* b);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  RNGがDRGBを安全に解放するために必要なときに呼び出されるべきです。ゼロとXfrees RNG-DRBG。
     \return 0  成功した
     \return BAD_FUNC_ARG  RNGまたはRNG-> DRGB NULL
@@ -189,7 +189,7 @@ int  wc_RNG_GenerateByte(WC_RNG* rng, byte* b);
 int  wc_FreeRng(WC_RNG*);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  RNGを安全に自由に解放するためにRNGが不要になったときに呼び出されるべきです。
     _Example_
     \code
@@ -212,7 +212,7 @@ int  wc_FreeRng(WC_RNG*);
 WC_RNG* wc_rng_free(WC_RNG* rng);
 
 /*!
-    \ingroup Random 
+    \ingroup Random
     \brief  DRBGの機能を作成しテストします。
     \return 0  成功した
     \return BAD_FUNC_ARG  ELTOPYAと出力はNULLにしないでください。Reseed Set EntropybがNULLでなければならない場合
diff --git a/doc/dox_comments/header_files-ja/ripemd.h b/doc/dox_comments/header_files-ja/ripemd.h
index 478171afe..73f4e4402 100644
--- a/doc/dox_comments/header_files-ja/ripemd.h
+++ b/doc/dox_comments/header_files-ja/ripemd.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup RIPEMD 
+    \ingroup RIPEMD
     \brief  この関数は、RIPemdのダイジェスト、バッファ、LOLEN ,HILENを初期化することによってRIPemd構造を初期化します。
     \return 0  機能の実行に成功したことに戻ります。RIPEMD構造が初期化されます。
     \return BAD_FUNC_ARG  RIPEMD構造がNULLの場合に返されます。
@@ -18,7 +18,7 @@
 int wc_InitRipeMd(RipeMd*);
 
 /*!
-    \ingroup RIPEMD 
+    \ingroup RIPEMD
     \brief  この関数はデータ入力のRIPemdダイジェストを生成し、結果をRIPemd-> Digestバッファに格納します。WC_RIPEMDUPDATEを実行した後、生成されたRIPemd-> Digestを既知の認証タグに比較してメッセージの信頼性を比較する必要があります。
     \return 0  機能の実行に成功したことに戻ります。
     \return BAD_FUNC_ARG  RIPEMD構造がNULLの場合、またはデータがNULLで、LENがゼロでない場合に返されます。データがNULLであり、LENが0の場合、この関数は実行されるはずです。
@@ -42,7 +42,7 @@ int wc_InitRipeMd(RipeMd*);
 int wc_RipeMdUpdate(RipeMd* ripemd, const byte* data, word32 len);
 
 /*!
-    \ingroup RIPEMD 
+    \ingroup RIPEMD
     \brief  この関数は計算されたダイジェストをハッシュにコピーします。無傷のブロックがある場合、この方法ではブロックを0Sでパッケージし、ハッシュにコピーする前にそのブロックのラウンドをダイジェストに含めます。RIPEMDの状態がリセットされます。
     \return 0  機能の実行に成功したことに戻ります。RIPEMD構造の状態がリセットされました。
     \return BAD_FUNC_ARG  RIPEMD構造体またはハッシュパラメータがNULLの場合に返されます。
diff --git a/doc/dox_comments/header_files-ja/sha.h b/doc/dox_comments/header_files-ja/sha.h
index be7e24aad..ce199690e 100644
--- a/doc/dox_comments/header_files-ja/sha.h
+++ b/doc/dox_comments/header_files-ja/sha.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  この関数はSHAを初期化します。これは自動的にWC_Shahashによって呼び出されます。
     \return 0  初期化に成功したときに返されます
     _Example_
@@ -20,7 +20,7 @@
 int wc_InitSha(wc_Sha*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \param sha  暗号化に使用するSHA構造へのポインタ
@@ -46,7 +46,7 @@ int wc_InitSha(wc_Sha*);
 int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。SHA構造体の状態をリセットします。
     \return 0  ファイナライズに成功したときに返されます。
     \param sha  暗号化に使用するSHA構造へのポインタ
@@ -71,7 +71,7 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len);
 int wc_ShaFinal(wc_Sha* sha, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  初期化されたSHA構造体によって使用されるメモリをクリーンアップするために使用されます。注：これは、wolfssl_ti_hashが定義されている場合にのみサポートされています。
     \return No  戻り値。
     _Example_
@@ -88,7 +88,7 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash);
 void wc_ShaFree(wc_Sha*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  ハッシュデータを取得します。結果はハッシュに入れられます。SHA構造体の状態をリセットしません。
     \return 0  ファイナライズに成功したときに返されます。
     \param sha  暗号化に使用するSHA構造へのポインタ
diff --git a/doc/dox_comments/header_files-ja/sha256.h b/doc/dox_comments/header_files-ja/sha256.h
index a717ee868..6cedcec1e 100644
--- a/doc/dox_comments/header_files-ja/sha256.h
+++ b/doc/dox_comments/header_files-ja/sha256.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  この関数はSHA256を初期化します。これはWC_SHA256HASHによって自動的に呼び出されます。
     \return 0  初期化に成功したときに返されます
     _Example_
@@ -20,7 +20,7 @@
 int wc_InitSha256(wc_Sha256*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \param sha256  暗号化に使用するSHA256構造へのポインタ
@@ -46,7 +46,7 @@ int wc_InitSha256(wc_Sha256*);
 int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。SHA256構造体の状態をリセットします。
     \return 0  ファイナライズに成功したときに返されます。
     \param sha256  暗号化に使用するSHA256構造へのポインタ
@@ -71,7 +71,7 @@ int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len);
 int wc_Sha256Final(wc_Sha256* sha256, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  SHA256構造をリセットします。注：これは、wolfssl_ti_hashが定義されている場合にのみサポートされています。
     \return none  いいえ返します。
     _Example_
@@ -96,7 +96,7 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash);
 void wc_Sha256Free(wc_Sha256*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  ハッシュデータを取得します。結果はハッシュに入れられます。SHA256構造体の状態をリセットしません。
     \return 0  ファイナライズに成功したときに返されます。
     \param sha256  暗号化に使用するSHA256構造へのポインタ
@@ -118,7 +118,7 @@ void wc_Sha256Free(wc_Sha256*);
 int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  SHA224構造を初期化するために使用されます。
     \return 0  成功
     \return 1  SHA224がNULLなので、エラーが返されました。
@@ -137,7 +137,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash);
 int wc_InitSha224(wc_Sha224*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  成功
     \return 1  関数が失敗した場合はエラーが返されます。
@@ -165,7 +165,7 @@ int wc_InitSha224(wc_Sha224*);
 int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。SHA224構造体の状態をリセットします。
     \return 0  成功
     \return <0  エラー
diff --git a/doc/dox_comments/header_files-ja/sha512.h b/doc/dox_comments/header_files-ja/sha512.h
index 50af2373a..6d8a835d3 100644
--- a/doc/dox_comments/header_files-ja/sha512.h
+++ b/doc/dox_comments/header_files-ja/sha512.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  この関数はSHA512を初期化します。これはWC_SHA512HASHによって自動的に呼び出されます。
     \return 0  初期化に成功したときに返されます
     _Example_
@@ -20,7 +20,7 @@
 int wc_InitSha512(wc_Sha512*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \param sha512  暗号化に使用するSHA512構造へのポインタ
@@ -46,7 +46,7 @@ int wc_InitSha512(wc_Sha512*);
 int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。
     \return 0  ハッシュを確定するとうまく返されました。
     \param sha512  暗号化に使用するSHA512構造へのポインタ
@@ -71,7 +71,7 @@ int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len);
 int wc_Sha512Final(wc_Sha512* sha512, byte* hash);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  この関数はSHA384を初期化します。これはWC_SHA384HASHによって自動的に呼び出されます。
     \return 0  初期化に成功したときに返されます
     _Example_
@@ -92,7 +92,7 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash);
 int wc_InitSha384(wc_Sha384*);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  データをダイジェストに正常に追加すると返されます。
     \param sha384  暗号化に使用するSHA384構造へのポインタ
@@ -118,7 +118,7 @@ int wc_InitSha384(wc_Sha384*);
 int wc_Sha384Update(wc_Sha384* sha, const byte* data, word32 len);
 
 /*!
-    \ingroup SHA 
+    \ingroup SHA
     \brief  データのハッシュを確定します。結果はハッシュに入れられます。
     \return 0  ファイナライズに成功したときに返されます。
     \param sha384  暗号化に使用するSHA384構造へのポインタ
diff --git a/doc/dox_comments/header_files-ja/signature.h b/doc/dox_comments/header_files-ja/signature.h
index b9c1a3c51..1017faf86 100644
--- a/doc/dox_comments/header_files-ja/signature.h
+++ b/doc/dox_comments/header_files-ja/signature.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Signature 
+    \ingroup Signature
     \brief  この関数は、結果のシグネチャの最大サイズを返します。
     \return Returns  sig_type_e sig_typeがサポートされていない場合sig_typeが無効な場合はbad_func_argを返します。正の戻り値は、署名の最大サイズを示します。
     \param sig_type  wc_signature_type_eccまたはwc_signature_type_rsaなどの署名型列挙型値。
@@ -24,7 +24,7 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
     const void* key, word32 key_len);
 
 /*!
-    \ingroup Signature 
+    \ingroup Signature
     \brief  この関数は、データをハッシュし、結果のハッシュとキーを使用して署名を使用して署名を使用して署名を検証します。
     \return 0  成功
     \return SIG_TYPE_E  -231、署名タイプが有効/利用可能です
@@ -65,7 +65,7 @@ int wc_SignatureVerify(
     const void* key, word32 key_len);
 
 /*!
-    \ingroup Signature 
+    \ingroup Signature
     \brief  この関数は、キーを使用してデータから署名を生成します。まずデータのハッシュを作成し、キーを使用してハッシュに署名します。
     \return 0  成功
     \return SIG_TYPE_E  -231、署名タイプが有効/利用可能です
diff --git a/doc/dox_comments/header_files-ja/siphash.h b/doc/dox_comments/header_files-ja/siphash.h
index 2027a611b..59cccf776 100644
--- a/doc/dox_comments/header_files-ja/siphash.h
+++ b/doc/dox_comments/header_files-ja/siphash.h
@@ -1,6 +1,6 @@
 
 /*!
-    \ingroup SipHash 
+    \ingroup SipHash
     \brief  この関数は、MacサイズのキーでSiphashを初期化します。
     \return 0  初期化に成功したときに返されます
     \return BAD_FUNC_ARG  SiphashまたはキーがNULLのときに返されます
@@ -31,7 +31,7 @@ int wc_InitSipHash(SipHash* siphash, const unsigned char* key,
     unsigned char outSz);
 
 /*!
-    \ingroup SipHash 
+    \ingroup SipHash
     \brief  長さLENの提供されたバイト配列を絶えずハッシュするように呼び出すことができます。
     \return 0  Macにデータを追加したら、返されます
     \return BAD_FUNC_ARG  Siphashがnullのとき返されました
@@ -62,7 +62,7 @@ int wc_SipHashUpdate(SipHash* siphash, const unsigned char* in,
     word32 inSz);
 
 /*!
-    \ingroup SipHash 
+    \ingroup SipHash
     \brief  データのMacingを確定します。結果が出入りする。
     \return 0  ファイナライズに成功したときに返されます。
     \return BAD_FUNC_ARG  SiphashのOUTがNULLのときに返されます
@@ -93,7 +93,7 @@ int wc_SipHashFinal(SipHash* siphash, unsigned char* out,
     unsigned char outSz);
 
 /*!
-    \ingroup SipHash 
+    \ingroup SipHash
     \brief  この機能はSiphashを使用してデータを1ショットして、キーに基づいてMACを計算します。
     \return 0  Macingに成功したときに返されました
     \return BAD_FUNC_ARG  キーまたはOUTがNULLのときに返されます
diff --git a/doc/dox_comments/header_files-ja/ssl.h b/doc/dox_comments/header_files-ja/ssl.h
index 5efe2b62f..e3b55c7f3 100644
--- a/doc/dox_comments/header_files-ja/ssl.h
+++ b/doc/dox_comments/header_files-ja/ssl.h
@@ -2464,9 +2464,9 @@ int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
     \ingroup Setup
     \brief  この関数はSSLセッションキャッシュ機能を有効または無効にします。
     動作はモードに使用される値によって異なります。
-    モードの値は次のとおりです：  
-    SSL_SESS_CACHE_OFF  - セッションキャッシングを無効にします。デフォルトでセッションキャッシングがオンになっています。  
-    SSL_SESS_CACHE_NO_AUTO_CLEAR  - セッションキャッシュのオートフラッシュを無効にします。デフォルトで自動フラッシングはオンになっています。  
+    モードの値は次のとおりです：
+    SSL_SESS_CACHE_OFF  - セッションキャッシングを無効にします。デフォルトでセッションキャッシングがオンになっています。
+    SSL_SESS_CACHE_NO_AUTO_CLEAR  - セッションキャッシュのオートフラッシュを無効にします。デフォルトで自動フラッシングはオンになっています。
 
     \return SSL_SUCCESS  成功に戻ります。
     \param ctx  wolfSSL_CTX_new()で作成されたSSLコンテキストへのポインタ。
@@ -10877,7 +10877,7 @@ WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap);
 WOLFSSL_METHOD *wolfTLSv1_3_method(void);
 
 /*!
- \ingroup Setup 
+ \ingroup Setup
  \brief  この関数はクライアント側で呼び出される場合には、サーバー側にCertificateメッセージで送信できる証明書タイプを設定します。
  サーバー側で呼び出される場合には、受入れ可能なクライアント証明書タイプを設定します。
  Raw Public Key 証明書を送受信したい場合にはこの関数を使って証明書タイプを設定しなければなりません。
@@ -10910,7 +10910,7 @@ WOLFSSL_METHOD *wolfTLSv1_3_method(void);
 int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
 
 /*!
- \ingroup Setup 
+ \ingroup Setup
  \brief  この関数はサーバー側で呼び出される場合には、クライアント側にCertificateメッセージで送信できる証明書タイプを設定します。
  クライアント側で呼び出される場合には、受入れ可能なサーバー証明書タイプを設定します。
  Raw Public Key 証明書を送受信したい場合にはこの関数を使って証明書タイプを設定しなければなりません。
@@ -10944,7 +10944,7 @@ int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len)
 int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len);
 
 /*!
- \ingroup Setup 
+ \ingroup Setup
  \brief  この関数はクライアント側で呼び出される場合には、サーバー側にCertificateメッセージで送信できる証明書タイプを設定します。
  サーバー側で呼び出される場合には、受入れ可能なクライアント証明書タイプを設定します。
  Raw Public Key 証明書を送受信したい場合にはこの関数を使って証明書タイプを設定しなければなりません。
@@ -10978,7 +10978,7 @@ int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len)
 int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int len);
 
 /*!
- \ingroup Setup 
+ \ingroup Setup
  \brief  この関数はサーバー側で呼び出される場合には、クライアント側にCertificateメッセージで送信できる証明書タイプを設定します。
  クライアント側で呼び出される場合には、受入れ可能なサーバー証明書タイプを設定します。
  Raw Public Key 証明書を送受信したい場合にはこの関数を使って証明書タイプを設定しなければなりません。
@@ -11012,7 +11012,7 @@ int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int len);
 int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len);
 
 /*!
- \ingroup SSL 
+ \ingroup SSL
  \brief  この関数はハンドシェーク終了後に呼び出し、相手とのネゴシエーションの結果得られたクライアント証明書のタイプを返します。
  ネゴシエーションが発生しない場合には戻り値としてWOLFSSL_SUCCESSが返されますが、
  証明書タイプとしてはWOLFSSL_CERT_TYPE_UNKNOWNが返されます。
@@ -11040,7 +11040,7 @@ int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len);
 int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp);
 
 /*!
- \ingroup SSL 
+ \ingroup SSL
  \brief  この関数はハンドシェーク終了後に呼び出し、相手とのネゴシエーションの結果得られたサーバー証明書のタイプを返します。
  ネゴシエーションが発生しない場合には戻り値としてWOLFSSL_SUCCESSが返されますが、証明書タイプとしてはWOLFSSL_CERT_TYPE_UNKNOWNが返されます。
  \return WOLFSSL_SUCCESS 成功時にかえります。tpに返された証明書タイプはWOLFSSL_CERT_TYPE_X509,
@@ -11213,7 +11213,7 @@ int wolfSSL_dtls_cid_is_enabled(WOLFSSL* ssl);
 
  \brief このコネクションで他のピアに対してレコードを送信するためのコネクションIDをセットします。
  RFC9146とRFC9147を参照してください。コネクションIDは最大値がDTLS_CID_MAX_SIZEでなければなりません。
- DTLS_CID_MAX_SIZEはビルド時に値を指定が可能ですが255バイトをこえることはできません。 
+ DTLS_CID_MAX_SIZEはビルド時に値を指定が可能ですが255バイトをこえることはできません。
 
 
  \return WOLFSSL_SUCCESS コネクションIDがセットできた場合に返されます。それ以外はエラーコードが返されます。
diff --git a/doc/dox_comments/header_files-ja/tfm.h b/doc/dox_comments/header_files-ja/tfm.h
index 94facaf38..63412d026 100644
--- a/doc/dox_comments/header_files-ja/tfm.h
+++ b/doc/dox_comments/header_files-ja/tfm.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Math 
+    \ingroup Math
     \brief  この関数は、整数の最大サイズのランタイムFastMath設定をチェックします。FP_SIZEが正しく機能するために、FP_SIZEが各ライブラリーに一致しなければならないため、ユーザーがWolfCryptライブラリを独立して使用している場合に重要です。このチェックはCheckFastMathSettings（）として定義されています。これは、CheckRuntimeFastMathとFP_SIZEを比較するだけで、ミスマッチがある場合は0を返します。
     \return FP_SIZE  数学ライブラリで利用可能な最大サイズに対応するFP_SIZEを返します。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/types.h b/doc/dox_comments/header_files-ja/types.h
index 1988f06f3..b8f64b589 100644
--- a/doc/dox_comments/header_files-ja/types.h
+++ b/doc/dox_comments/header_files-ja/types.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  これは実際には関数ではなく、むしろプリプロセッサマクロであり、ユーザーは自分のMalloc、Realloc、および標準のCメモリ関数の代わりに自由な関数に置き換えることができます。外部メモリ機能を使用するには、xmalloc_userを定義します。これにより、メモリ機能をフォームの外部関数に置き換えます.extern void * xmalloc（size_t n、void * heap、int型）; extern void * XrealLoc（void * p、size_t n、void *ヒープ、int型）。 extern void xfree（void * p、void * heap、int型）; wolfssl_malloc、wolfssl_realloc、wolfssl_freeの代わりに基本的なCメモリ機能を使用するには、NO_WOLFSSL_MEMORYを定義します。これにより、メモリ関数が次のものに置き換えられます。#define Xmalloc（s、h、t）（（void）h、（void）t、malloc（（s）））#define xfree（p、h、t）{void * xp =（p）; if（（xp））free（（xp））; #define xrealloc（p、n、h、t）Realloc（（p）、（n））これらのオプションのどれも選択されていない場合、システムはデフォルトで使用されます。 WolfSSLメモリ機能ユーザーはコールバックフックを介してカスタムメモリ機能を設定できます（Wolfssl_Malloc、WolfSSL_Realloc、wolfssl_freeを参照）。このオプションは、メモリ関数を次のものに置き換えます。#define xmalloc（s、h、t）（（void）H、（Void）T、wolfssl_malloc（（s）））#define xfree（p、h、t）{void * XP =（P）; if（（xp））wolfssl_free（（xp））; #define xrealloc（p、n、h、t）wolfssl_realloc（（p）、（n））
     \return pointer  成功したメモリへのポインタを返します
 	\return NULL  失敗した
@@ -21,7 +21,7 @@
 void* XMALLOC(size_t n, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  これは実際には関数ではなく、むしろプリプロセッサマクロであり、ユーザーは自分のMalloc、Realloc、および標準のCメモリ関数の代わりに自由な関数に置き換えることができます。外部メモリ機能を使用するには、xmalloc_userを定義します。これにより、メモリ機能をフォームの外部関数に置き換えます.extern void * xmalloc（size_t n、void * heap、int型）; extern void * XrealLoc（void * p、size_t n、void *ヒープ、int型）。 extern void xfree（void * p、void * heap、int型）; wolfssl_malloc、wolfssl_realloc、wolfssl_freeの代わりに基本的なCメモリ機能を使用するには、NO_WOLFSSL_MEMORYを定義します。これにより、メモリ関数が次のものに置き換えられます。#define Xmalloc（s、h、t）（（void）h、（void）t、malloc（（s）））#define xfree（p、h、t）{void * xp =（p）; if（（xp））free（（xp））; #define xrealloc（p、n、h、t）Realloc（（p）、（n））これらのオプションのどれも選択されていない場合、システムはデフォルトで使用されます。 WolfSSLメモリ機能ユーザーはコールバックフックを介してカスタムメモリ機能を設定できます（Wolfssl_Malloc、WolfSSL_Realloc、wolfssl_freeを参照）。このオプションは、メモリ関数を次のものに置き換えます。#define xmalloc（s、h、t）（（void）H、（Void）T、wolfssl_malloc（（s）））#define xfree（p、h、t）{void * XP =（P）; if（（xp））wolfssl_free（（xp））; #define xrealloc（p、n、h、t）wolfssl_realloc（（p）、（n））
     \return Return  成功したメモリを割り当てるポインタ
 	\return NULL  失敗した
@@ -42,7 +42,7 @@ void* XMALLOC(size_t n, void* heap, int type);
 void* XREALLOC(void *p, size_t n, void* heap, int type);
 
 /*!
-    \ingroup Memory 
+    \ingroup Memory
     \brief  これは実際には関数ではなく、むしろプリプロセッサマクロであり、ユーザーは自分のMalloc、Realloc、および標準のCメモリ関数の代わりに自由な関数に置き換えることができます。外部メモリ機能を使用するには、xmalloc_userを定義します。これにより、メモリ機能をフォームの外部関数に置き換えます.extern void * xmalloc（size_t n、void * heap、int型）; extern void * XrealLoc（void * p、size_t n、void *ヒープ、int型）。 extern void xfree（void * p、void * heap、int型）; wolfssl_malloc、wolfssl_realloc、wolfssl_freeの代わりに基本的なCメモリ機能を使用するには、NO_WOLFSSL_MEMORYを定義します。これにより、メモリ関数が次のものに置き換えられます。#define Xmalloc（s、h、t）（（void）h、（void）t、malloc（（s）））#define xfree（p、h、t）{void * xp =（p）; if（（xp））free（（xp））; #define xrealloc（p、n、h、t）Realloc（（p）、（n））これらのオプションのどれも選択されていない場合、システムはデフォルトで使用されます。 WolfSSLメモリ機能ユーザーはコールバックフックを介してカスタムメモリ機能を設定できます（Wolfssl_Malloc、WolfSSL_Realloc、wolfssl_freeを参照）。このオプションは、メモリ関数を次のものに置き換えます。#define xmalloc（s、h、t）（（void）H、（Void）T、wolfssl_malloc（（s）））#define xfree（p、h、t）{void * XP =（P）; if（（xp））wolfssl_free（（xp））; #define xrealloc（p、n、h、t）wolfssl_realloc（（p）、（n））
     \return none  いいえ返します。
     \param p  無料のアドレスへのポインタ
@@ -63,7 +63,7 @@ void* XREALLOC(void *p, size_t n, void* heap, int type);
 void XFREE(void *p, void* heap, int type);
 
 /*!
-    \ingroup Math 
+    \ingroup Math
     \brief  この関数はコンパイル時クラスの設定をチェックします。設定が正しく機能するためのライブラリ間のライブラリ間で一致する必要があるため、ユーザーがWolfCryptライブラリを独立して使用している場合は重要です。このチェックはCheckCtcSettings（）として定義されています。これは、CheckRuntimeSettingsとCTC_Settingsを比較するだけで、ミスマッチがある場合は0、または1が一致した場合は1を返します。
     \return settings  実行時CTC_SETTINGS（コンパイル時設定）を返します。
     _Example_
diff --git a/doc/dox_comments/header_files-ja/wc_encrypt.h b/doc/dox_comments/header_files-ja/wc_encrypt.h
index 2f0f230af..e209928b2 100644
--- a/doc/dox_comments/header_files-ja/wc_encrypt.h
+++ b/doc/dox_comments/header_files-ja/wc_encrypt.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup AES 
+    \ingroup AES
     \brief  入力バッファーから暗号を復号化し、AESでCipher Block Chainingを使用して出力バッファに出力バッファーに入れます。この関数は、AES構造を初期化する必要はありません。代わりに、キーとIV（初期化ベクトル）を取り、これらを使用してAESオブジェクトを初期化してから暗号テキストを復号化します。
     \return 0  メッセージの復号化に成功しました
     \return BAD_ALIGN_E  ブロック整列エラーに戻りました
@@ -33,7 +33,7 @@ int  wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
                                          const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力暗号文を復号化し、結果の平文を出力バッファーに出力します。暗号ブロックチェーンチェーン（CBC）モードでDES暗号化を使用します。この関数は、wc_des_cbcdecryptの代わりに、ユーザーがDES構造体を直接インスタンス化せずにメッセージを復号化できるようにします。
     \return 0  与えられた暗号文を正常に復号化したときに返されました
     \return MEMORY_E  DES構造体の割り当てスペースが割り当てられている場合に返された
@@ -62,7 +62,7 @@ int  wc_Des_CbcDecryptWithKey(byte* out,
                                           const byte* key, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力平文を暗号化し、結果の暗号文を出力バッファーに出力します。暗号ブロックチェーンチェーン（CBC）モードでDES暗号化を使用します。この関数は、WC_DES_CBCENCRYPTの代わりになり、ユーザーがDES構造を直接インスタンス化せずにメッセージを暗号化できます。
     \return 0  データの暗号化に成功した後に返されます。
     \return MEMORY_E  DES構造体にメモリを割り当てるエラーがある場合は返されます。
@@ -90,7 +90,7 @@ int  wc_Des_CbcEncryptWithKey(byte* out,
                                           const byte* key, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力平文を暗号化し、結果の暗号文を出力バッファーに出力します。暗号ブロックチェーン（CBC）モードでトリプルDES（3DES）暗号化を使用します。この関数は、WC_DES3_CBCENCRYPTの代わりになり、ユーザーがDES3構造を直接インスタンス化せずにメッセージを暗号化できます。
     \return 0  データの暗号化に成功した後に返されます。
     \return MEMORY_E  DES構造体にメモリを割り当てるエラーがある場合は返されます。
@@ -121,7 +121,7 @@ int  wc_Des3_CbcEncryptWithKey(byte* out,
                                            const byte* key, const byte* iv);
 
 /*!
-    \ingroup 3DES 
+    \ingroup 3DES
     \brief  この関数は入力暗号文を復号化し、結果の平文を出力バッファーに出力します。暗号ブロックチェーン（CBC）モードでトリプルDES（3DES）暗号化を使用します。この関数は、wc_des3_cbcdecryptの代わりに、ユーザーがDES3構造を直接インスタンス化せずにメッセージを復号化できるようにします。
     \return 0  与えられた暗号文を正常に復号化したときに返されました
     \return MEMORY_E  DES構造体の割り当てスペースが割り当てられている場合に返された
diff --git a/doc/dox_comments/header_files-ja/wc_port.h b/doc/dox_comments/header_files-ja/wc_port.h
index 9a725cdca..9d0c370c6 100644
--- a/doc/dox_comments/header_files-ja/wc_port.h
+++ b/doc/dox_comments/header_files-ja/wc_port.h
@@ -1,5 +1,5 @@
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  WolfCryptによって使用されるリソースを初期化するために使用されます。
     \return 0  成功すると。
     \return <0  initリソースが失敗すると。
@@ -15,7 +15,7 @@
 int wolfCrypt_Init(void);
 
 /*!
-    \ingroup wolfCrypt 
+    \ingroup wolfCrypt
     \brief  WolfCryptによって使用されるリソースをクリーンアップするために使用されます。
     \return 0  成功すると。
     \return <0  リソースのクリーンアップが失敗したとき。
diff --git a/doc/dox_comments/header_files-ja/wolfio.h b/doc/dox_comments/header_files-ja/wolfio.h
index 65e0a5cc3..135af87aa 100644
--- a/doc/dox_comments/header_files-ja/wolfio.h
+++ b/doc/dox_comments/header_files-ja/wolfio.h
@@ -1,5 +1,5 @@
 /*!
-    \brief  
+    \brief
     \return Success  この関数は、読み取られたバイト数を返します。
     \return WOLFSSL_CBIO_ERR_WANT_READ  最後のエラーがsocket_ewouldbolcokまたはsocket_eagainであれば、メッセージを返されます。
     \return WOLFSSL_CBIO_ERR_TIMEOUT  "Socket Timeout"メッセージを返しました。
@@ -30,7 +30,7 @@
 int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
 /*!
-    \brief  
+    \brief
     \return Success  この関数は送信されたバイト数を返します。
     \return WOLFSSL_CBIO_ERR_WANT_WRITE  最後のエラーがsocket_ewouldblockまたはsocket_eagainであれば、 "Block"メッセージを返します。
     \return WOLFSSL_CBIO_ERR_CONN_RST  最後のエラーがsocket_econnresetの場合、 "Connection Reset"メッセージで返されます。
@@ -58,7 +58,7 @@ int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
 /*!
-    \brief  
+    \brief
     \return Success  この関数は、実行が成功した場合に読み込まれたNBバイトを返します。
     \return WOLFSSL_CBIO_ERR_WANT_READ  接続が拒否された場合、または「ブロック」エラーが発生した場合は機能にスローされました。
     \return WOLFSSL_CBIO_ERR_TIMEOUT  ソケットがタイムアウトした場合は返されます。
@@ -89,7 +89,7 @@ int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
 
 /*!
-    \brief  
+    \brief
     \return Success  この関数は送信されたバイト数を返します。
     \return WOLFSSL_CBIO_ERR_WANT_WRITE  最後のエラーがsocket_ewouldblockまたはsocket_eagainエラーの場合、 "Block"メッセージを返します。
     \return WOLFSSL_CBIO_ERR_CONN_RST  最後のエラーがsocket_econnresetの場合、 "Connection Reset"メッセージで返されます。
@@ -119,7 +119,7 @@ int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
 int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
 /*!
-    \brief  
+    \brief
     \return Success  この関数は、バッファにコピーされたバイト数を返します。
     \return GEN_COOKIE_E  getPeernameがEmbedGenerateCookieに失敗した場合に返されます。
     \param ssl  wolfssl_new（）を使用して作成されたWolfSSL構造へのポインタ。
@@ -145,7 +145,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf,
                                            int sz, void*);
 
 /*!
-    \brief  
+    \brief
     \return none  いいえ返します。
     \param ctx  ヒープヒントへのvoidポインタ。
     _Example_
@@ -222,7 +222,7 @@ void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx);
 void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
 
 /*!
-    \ingroup IO 
+    \ingroup IO
     \brief  この関数は、WolfSSL構造体のIOCB_READCTXメンバーを返します。
     \return pointer  この関数は、wolfssl構造体のiocb_readctxメンバーへのvoidポインタを返します。
     \return NULL  wolfssl構造体がNULLの場合に返されます。
@@ -245,7 +245,7 @@ void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
 void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl);
 
 /*!
-    \ingroup IO 
+    \ingroup IO
     \brief  この関数は、WolfSSL構造のIOCB_WRITECTXメンバーを返します。
     \return pointer  この関数は、WolfSSL構造のIOCB_WRITECTXメンバーへのvoidポインタを返します。
     \return NULL  wolfssl構造体がNULLの場合に返されます。
@@ -303,7 +303,7 @@ void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
 void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
 /*!
-    \ingroup IO 
+    \ingroup IO
     \brief  この関数は、wolfssl構造内のnxctx構造体のNxSocketメンバーとNXWAITメンバーを設定します。
     \return none  いいえ返します。
     \param ssl  wolfssl_new（）を使用して作成されたWolfSSL構造へのポインタ。
@@ -347,7 +347,7 @@ void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxsocket,
 void  wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX* ctx, CallbackGenCookie cb);
 
 /*!
-    \ingroup Setup 
+    \ingroup Setup
     \brief  この関数は、WolfSSL構造のIOCB_COOKIECTXメンバーを返します。
     \return pointer  この関数は、iocb_cookiectxに格納されているvoidポインタ値を返します。
     \return NULL  WolfSSL構造体がNULLの場合
@@ -369,7 +369,7 @@ void* wolfSSL_GetCookieCtx(WOLFSSL* ssl);
 
 
 /*!
-    \ingroup Setup 
+    \ingroup Setup
     \brief  この関数は、WolfSSLがWolfSSL_ISOTPでコンパイルされている場合に使用する場合は、WolfSSLの場合はISO-TPコンテキストを設定します。
     \return 0  成功すると、故障のwolfssl_cbio_err_general
     \param ssl  wolfsslコンテキスト
diff --git a/doc/dox_comments/header_files/aes.h b/doc/dox_comments/header_files/aes.h
index 764c4d5f2..4d6561eec 100644
--- a/doc/dox_comments/header_files/aes.h
+++ b/doc/dox_comments/header_files/aes.h
@@ -416,9 +416,11 @@ int  wc_AesGcmEncrypt(Aes* aes, byte* out,
     \brief This function decrypts the input cipher text, held in the buffer
     in, and stores the resulting message text in the output buffer out.
     It also checks the input authentication vector, authIn, against the
-    supplied authentication tag, authTag.
+    supplied authentication tag, authTag.  If a nonzero error code is returned,
+    the output data is undefined.  However, callers must unconditionally zeroize
+    the output buffer to guard against leakage of cleartext data.
 
-    \return 0 On successfully decrypting the input message
+    \return 0 On successfully decrypting and authenticating the input message
     \return AES_GCM_AUTH_E If the authentication tag does not match the
     supplied authentication code vector, authTag.
 
@@ -609,8 +611,9 @@ int  wc_AesCcmEncrypt(Aes* aes, byte* out,
     \brief This function decrypts the input cipher text, in, into
     the output buffer, out, using CCM (Counter with CBC-MAC). It
     subsequently calculates the authorization tag, authTag, from the
-    authIn input. If the authorization tag is invalid, it sets the
-    output buffer to zero and returns the error: AES_CCM_AUTH_E.
+    authIn input.  If a nonzero error code is returned, the output data is
+    undefined.  However, callers must unconditionally zeroize the output buffer
+    to guard against leakage of cleartext data.
 
     \return 0 On successfully decrypting the input message
     \return AES_CCM_AUTH_E If the authentication tag does not match the
@@ -1134,7 +1137,9 @@ int wc_AesSivEncrypt(const byte* key, word32 keySz, const byte* assoc,
 /*!
     \ingroup AES
     \brief This function performs SIV (synthetic initialization vector)
-    decryption as described in RFC 5297.
+    decryption as described in RFC 5297.  If a nonzero error code is returned,
+    the output data is undefined.  However, callers must unconditionally zeroize
+    the output buffer to guard against leakage of cleartext data.
 
     \return 0 On successful decryption.
     \return BAD_FUNC_ARG If key, SIV, or output buffer are NULL. Also returned
@@ -1248,7 +1253,10 @@ WOLFSSL_API int  wc_AesEaxEncryptAuth(const byte* key, word32 keySz, byte* out,
     \brief This function performs AES EAX decryption and authentication as
     described in "EAX: A Conventional Authenticated-Encryption Mode"
     (https://eprint.iacr.org/2003/069). It is a "one-shot" API that performs
-    all decryption and authentication operations in one function call.
+    all decryption and authentication operations in one function call.  If a
+    nonzero error code is returned, the output data is undefined.
+    However, callers must unconditionally zeroize the output buffer to guard
+    against leakage of cleartext data.
 
     \return 0 on successful decryption
     \return BAD_FUNC_ARG if input or output buffers are NULL. Also returned
diff --git a/doc/dox_comments/header_files/ascon.h b/doc/dox_comments/header_files/ascon.h
new file mode 100644
index 000000000..3aab14fc9
--- /dev/null
+++ b/doc/dox_comments/header_files/ascon.h
@@ -0,0 +1,469 @@
+/*!
+    \ingroup ASCON
+    \brief This function initializes the ASCON context for hashing.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context pointer is NULL.
+
+    \param a pointer to the ASCON context to initialize.
+
+    _Example_
+    \code
+    wc_AsconHash256 a;
+    byte data[] = {0x01, 0x02, 0x03};
+    byte hash[ASCON_HASH256_SZ];
+
+    if (wc_AsconHash256_Init(&a) != 0)
+        // handle error
+    if (wc_AsconHash256_Update(&ctx, data, sizeof(data)) != 0)
+        // handle error
+    if (wc_AsconHash256_Final(&ctx, hash, sizeof(hash)) != 0)
+        // handle error
+    // hash contains the final hash
+    \endcode
+
+    \sa wc_AsconHash256_Update
+    \sa wc_AsconHash256_Final
+    */
+int wc_AsconHash256_Init(wc_AsconHash256* a);
+
+/*!
+    \ingroup ASCON
+    \brief This function updates the ASCON hash with the input data.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or input pointer is NULL.
+
+    \param ctx pointer to the ASCON context.
+    \param in pointer to the input data.
+    \param inSz size of the input data.
+
+    _Example_
+    \code
+    wc_AsconHash256 a;
+    byte data[] = {0x01, 0x02, 0x03};
+    byte hash[ASCON_HASH256_SZ];
+
+    if (wc_AsconHash256_Init(&a) != 0)
+        // handle error
+    if (wc_AsconHash256_Update(&ctx, data, sizeof(data)) != 0)
+        // handle error
+    if (wc_AsconHash256_Final(&ctx, hash, sizeof(hash)) != 0)
+        // handle error
+    // hash contains the final hash
+    \endcode
+
+    \sa wc_AsconHash256_Init
+    \sa wc_AsconHash256_Final
+    */
+int wc_AsconHash256_Update(wc_AsconHash256* a, const byte* data, word32 dataSz);
+
+/*!
+    \ingroup ASCON
+    \brief This function finalizes the ASCON hash and produces the output.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or output pointer is NULL.
+
+    \param ctx pointer to the ASCON context.
+    \param out pointer to the output buffer.
+    \param outSz size of the output buffer, should be at least ASCON_HASH256_SZ.
+
+    _Example_
+    \code
+    wc_AsconHash256 a;
+    byte data[] = {0x01, 0x02, 0x03};
+    byte hash[ASCON_HASH256_SZ];
+
+    if (wc_AsconHash256_Init(&a) != 0)
+        // handle error
+    if (wc_AsconHash256_Update(&ctx, data, sizeof(data)) != 0)
+        // handle error
+    if (wc_AsconHash256_Final(&ctx, hash, sizeof(hash)) != 0)
+        // handle error
+    // hash contains the final hash
+    \endcode
+
+    \sa wc_AsconHash256_Init
+    \sa wc_AsconHash256_Update
+    */
+int wc_AsconHash256_Final(wc_AsconHash256* a, byte* hash);
+
+/*!
+    \ingroup ASCON
+    \brief This function allocates and initializes a new Ascon AEAD context.
+
+    \return pointer to the newly allocated Ascon AEAD context
+    \return NULL on failure.
+
+    _Example_
+    \code
+    wc_AsconAEAD128* a = wc_AsconAEAD128_New();
+    if (a == NULL) {
+        // handle allocation error
+    }
+    wc_AsconAEAD128_Free(a);
+    \endcode
+
+    \sa wc_AsconAEAD128_Free
+*/
+wc_AsconAEAD128* wc_AsconAEAD128_New(void);
+
+/*!
+    \ingroup ASCON
+    \brief This function frees the resources associated with the Ascon AEAD
+           context.
+
+    \param a pointer to the Ascon AEAD context to free.
+
+    _Example_
+    \code
+    wc_AsconAEAD128* a = wc_AsconAEAD128_New();
+    if (a == NULL) {
+        // handle allocation error
+    }
+    // Use the context
+    wc_AsconAEAD128_Free(a);
+    \endcode
+
+    \sa wc_AsconAEAD128_New
+*/
+void wc_AsconAEAD128_Free(wc_AsconAEAD128 *a);
+
+
+/*!
+    \ingroup ASCON
+    \brief This function initializes an Ascon AEAD context.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or output pointer is NULL.
+
+    \param a pointer to the Ascon AEAD context to initialize.
+
+    _Example_
+    \code
+    AsconAead a;
+
+    if (wc_AsconAEAD128_Init(&a) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAeadEncrypt
+    \sa wc_AsconAeadDecrypt
+    */
+int wc_AsconAEAD128_Init(wc_AsconAEAD128* a);
+
+/*!
+    \ingroup ASCON
+    \brief This function deinitializes an Ascon AEAD context. It does not
+           free the context.
+
+    \param a pointer to the Ascon AEAD context to deinitialize.
+
+    _Example_
+    \code
+    AsconAead a;
+
+    if (wc_AsconAEAD128_Init(&a) != 0)
+        // handle error
+    wc_AsconAEAD128_Clear(&a);
+    \endcode
+
+    \sa wc_AsconAeadEncrypt
+    \sa wc_AsconAeadDecrypt
+    */
+void wc_AsconAEAD128_Clear(wc_AsconAEAD128 *a);
+
+/*!
+    \ingroup ASCON
+    \brief This function sets the key for the Ascon AEAD context.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or key pointer is NULL.
+    \return BAD_STATE_E if the key has already been set.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param key pointer to the key buffer of length ASCON_AEAD128_KEY_SZ.
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte key[ASCON_AEAD128_KEY_SZ] = { ... };
+
+    if (wc_AsconAEAD128_Init(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetKey(&a, key) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAEAD128_Init
+    \sa wc_AsconAEAD128_SetNonce
+    \sa wc_AsconAEAD128_SetAD
+*/
+int wc_AsconAEAD128_SetKey(wc_AsconAEAD128* a, const byte* key);
+
+/*!
+    \ingroup ASCON
+    \brief This function sets the nonce for the Ascon AEAD context.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or nonce pointer is NULL.
+    \return BAD_STATE_E if the nonce has already been set.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param nonce pointer to the nonce buffer of length ASCON_AEAD128_NONCE_SZ.
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... };
+
+    if (wc_AsconAEAD128_Init(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAEAD128_Init
+    \sa wc_AsconAEAD128_SetKey
+    \sa wc_AsconAEAD128_SetAD
+*/
+int wc_AsconAEAD128_SetNonce(wc_AsconAEAD128* a, const byte* nonce);
+
+/*!
+    \ingroup ASCON
+    \brief This function sets the associated data for the Ascon AEAD context.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or associated data pointer is NULL.
+    \return BAD_STATE_E if the key or nonce has not been set.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param ad pointer to the associated data buffer.
+    \param adSz size of the associated data buffer.
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte key[ASCON_AEAD128_KEY_SZ] = { ... };
+    byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... };
+    byte ad[] = { ... };
+
+    if (wc_AsconAEAD128_Init(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetKey(&a, key) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAEAD128_Init
+    \sa wc_AsconAEAD128_SetKey
+    \sa wc_AsconAEAD128_SetNonce
+*/
+int wc_AsconAEAD128_SetAD(wc_AsconAEAD128* a, const byte* ad, word32 adSz);
+
+/*!
+    \ingroup ASCON
+    \brief This function encrypts a plaintext message using Ascon AEAD. The
+           output is stored in the out buffer. The length of the output is
+           equal to the length of the input.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or output pointer is NULL or the input
+            is NULL while the input size is greater than 0.
+    \return BAD_STATE_E if the key, nonce, or additional data has not been set
+            or the context was previously used for decryption.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param out pointer to the output buffer to store the ciphertext.
+    \param in pointer to the input buffer containing the plaintext message.
+    \param inSz length of the input buffer.
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte key[ASCON_AEAD128_KEY_SZ] = { ... };
+    byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... };
+    byte plaintext[PLAIN_TEXT_SIZE] = { ... };
+    byte ciphertext[CIPHER_TEXT_SIZE];
+    byte tag[ASCON_AEAD128_TAG_SZ] = { ... };
+
+    if (wc_AsconAeadInit(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetKey(&a, key) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_EncryptUpdate(&a, ciphertext, plaintext,
+                                      sizeof(plaintext)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_EncryptFinal(&a, tag) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAeadInit
+    \sa wc_AsconAEAD128_Clear
+    \sa wc_AsconAEAD128_SetKey
+    \sa wc_AsconAEAD128_SetNonce
+    \sa wc_AsconAEAD128_SetAD
+    \sa wc_AsconAEAD128_EncryptFinal
+    \sa wc_AsconAEAD128_DecryptUpdate
+    \sa wc_AsconAEAD128_DecryptFinal
+    */
+int wc_AsconAEAD128_EncryptUpdate(wc_AsconAEAD128* a, byte* out, const byte* in,
+                                  word32 inSz);
+
+/*!
+    \ingroup ASCON
+    \brief This function finalizes the encryption process using Ascon AEAD and
+           produces the authentication tag.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or output pointer is NULL or the input
+            is NULL while the input size is greater than 0.
+    \return BAD_STATE_E if the key, nonce, or additional data has not been set
+            or the context was previously used for decryption.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param tag pointer to the output buffer to store the authentication tag.
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte key[ASCON_AEAD128_KEY_SZ] = { ... };
+    byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... };
+    byte plaintext[PLAIN_TEXT_SIZE] = { ... };
+    byte ciphertext[CIPHER_TEXT_SIZE];
+    byte tag[ASCON_AEAD128_TAG_SZ] = { ... };
+
+    if (wc_AsconAeadInit(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetKey(&a, key) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_EncryptUpdate(&a, ciphertext, plaintext,
+                                      sizeof(plaintext)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_EncryptFinal(&a, tag) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAEAD128_Init
+    \sa wc_AsconAEAD128_SetKey
+    \sa wc_AsconAEAD128_SetNonce
+    \sa wc_AsconAEAD128_SetAD
+    \sa wc_AsconAEAD128_EncryptUpdate
+    \sa wc_AsconAEAD128_DecryptUpdate
+    \sa wc_AsconAEAD128_DecryptFinal
+    */
+int wc_AsconAEAD128_EncryptFinal(wc_AsconAEAD128* a, byte* tag);
+
+/*!
+    \ingroup ASCON
+    \brief This function updates the decryption process using Ascon AEAD. The
+           output is stored in the out buffer. The length of the output is
+           equal to the length of the input.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or output pointer is NULL or the input
+            is NULL while the input size is greater than 0.
+    \return BAD_STATE_E if the key, nonce, or additional data has not been set
+            or the context was previously used for encryption.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param out pointer to the output buffer to store the plaintext.
+    \param in pointer to the input buffer containing the ciphertext message.
+    \param inSz length of the input buffer.
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte key[ASCON_AEAD128_KEY_SZ] = { ... };
+    byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... };
+    byte ciphertext[CIPHER_TEXT_SIZE] = { ... };
+    byte plaintext[PLAIN_TEXT_SIZE];
+    byte tag[ASCON_AEAD128_TAG_SZ] = { ... };
+
+    if (wc_AsconAeadInit(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetKey(&a, key) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_DecryptUpdate(&a, plaintext, ciphertext,
+                                      sizeof(ciphertext)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_DecryptFinal(&a, tag) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAEAD128_Init
+    \sa wc_AsconAEAD128_SetKey
+    \sa wc_AsconAEAD128_SetNonce
+    \sa wc_AsconAEAD128_SetAD
+    \sa wc_AsconAEAD128_EncryptUpdate
+    \sa wc_AsconAEAD128_EncryptFinal
+    \sa wc_AsconAEAD128_DecryptFinal
+    */
+int wc_AsconAEAD128_DecryptUpdate(wc_AsconAEAD128* a, byte* out, const byte* in,
+                                  word32 inSz);
+
+/*!
+    \ingroup ASCON
+    \brief This function finalizes the decryption process using Ascon AEAD and
+           verifies the authentication tag.
+
+    \return 0 on success.
+    \return BAD_FUNC_ARG if the context or tag pointer is NULL.
+    \return BAD_STATE_E if the key, nonce, or additional data has not been set
+            or the context was previously used for encryption.
+    \return ASCON_AUTH_E if the authentication tag does not match.
+
+    \param a pointer to the initialized Ascon AEAD context.
+    \param tag pointer to the buffer containing the authentication tag to verify
+
+    _Example_
+    \code
+    wc_AsconAEAD128 a;
+    byte key[ASCON_AEAD128_KEY_SZ] = { ... };
+    byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... };
+    byte ciphertext[CIPHER_TEXT_SIZE] = { ... };
+    byte plaintext[PLAIN_TEXT_SIZE];
+    byte tag[ASCON_AEAD128_TAG_SZ] = { ... };
+
+    if (wc_AsconAeadInit(&a) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetKey(&a, key) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0)
+        // handle error
+    if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_DecryptUpdate(&a, plaintext, ciphertext,
+                                      sizeof(ciphertext)) != 0)
+        // handle error
+    if (wc_AsconAEAD128_DecryptFinal(&a, tag) != 0)
+        // handle error
+    \endcode
+
+    \sa wc_AsconAEAD128_Init
+    \sa wc_AsconAEAD128_SetKey
+    \sa wc_AsconAEAD128_SetNonce
+    \sa wc_AsconAEAD128_SetAD
+    \sa wc_AsconAEAD128_DecryptUpdate
+    \sa wc_AsconAEAD128_EncryptUpdate
+    \sa wc_AsconAEAD128_EncryptFinal
+    */
+int wc_AsconAEAD128_DecryptFinal(wc_AsconAEAD128* a, const byte* tag);
+
+
diff --git a/doc/dox_comments/header_files/asn_public.h b/doc/dox_comments/header_files/asn_public.h
index e7505e228..3b9cc7282 100644
--- a/doc/dox_comments/header_files/asn_public.h
+++ b/doc/dox_comments/header_files/asn_public.h
@@ -1557,6 +1557,219 @@ int wc_EccPublicKeyToDer(ecc_key* key, byte* output,
 int wc_EccPublicKeyToDer_ex(ecc_key* key, byte* output,
                                      word32 inLen, int with_AlgCurve, int comp);
 
+
+/*!
+    \ingroup ASN
+
+    \brief This function decodes a Curve25519 private key (only) from a DER
+    encoded buffer
+
+    \return 0 Success
+    \return BAD_FUNC_ARG Returns if input, inOutIdx or key is null
+    \return ASN_PARSE_E Returns if there is an error parsing the DER encoded
+    data
+    \return ECC_BAD_ARG_E Returns if the key length is not CURVE25519_KEYSIZE or
+    the DER key contains other issues despite being properly formatted.
+    \return BUFFER_E Returns if the input buffer is too small to contain a
+    valid DER encoded key.
+
+    \param input Pointer to buffer containing DER encoded private key
+    \param inOutIdx Index to start reading input buffer from.  On output,
+    index is set to last position parsed of input buffer.
+    \param key Pointer to curve25519_key structure to store decoded key
+    \param inSz Size of input DER buffer
+
+    \sa wc_Curve25519KeyDecode
+    \sa wc_Curve25519PublicKeyDecode
+
+    _Example_
+    \code
+    byte der[] = { // DER encoded key };
+    word32 idx = 0;
+    curve25519_key key;
+    wc_curve25519_init(&key);
+
+    if (wc_Curve25519PrivateKeyDecode(der, &idx, &key, sizeof(der)) != 0) {
+        // Error decoding private key
+    }
+    \endcode
+*/
+int wc_Curve25519PrivateKeyDecode(const byte* input, word32* inOutIdx,
+                                  curve25519_key* key, word32 inSz);
+
+/*!
+    \ingroup ASN
+
+    \brief This function decodes a Curve25519 public key (only) from a DER
+    encoded buffer.
+
+    \return 0 Success
+    \return BAD_FUNC_ARG Returns if input, inOutIdx or key is null
+    \return ASN_PARSE_E Returns if there is an error parsing the DER encoded
+    data
+    \return ECC_BAD_ARG_E Returns if the key length is not CURVE25519_KEYSIZE or
+    the DER key contains other issues despite being properly formatted.
+    \return BUFFER_E Returns if the input buffer is too small to contain a
+    valid DER encoded key.
+
+    \param input Pointer to buffer containing DER encoded public key
+    \param inOutIdx Index to start reading input buffer from.  On output,
+    index is set to last position parsed of input buffer.
+    \param key Pointer to curve25519_key structure to store decoded key
+    \param inSz Size of input DER buffer
+
+    \sa wc_Curve25519KeyDecode
+    \sa wc_Curve25519PrivateKeyDecode
+
+    _Example_
+    \code
+    byte der[] = { // DER encoded key };
+    word32 idx = 0;
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    if (wc_Curve25519PublicKeyDecode(der, &idx, &key, sizeof(der)) != 0) {
+        // Error decoding public key
+    }
+    \endcode
+*/
+int wc_Curve25519PublicKeyDecode(const byte* input, word32* inOutIdx,
+                                 curve25519_key* key, word32 inSz);
+
+/*!
+    \ingroup ASN
+
+    \brief This function decodes a Curve25519 key from a DER encoded buffer. It
+    can decode either a private key, a public key, or both.
+
+    \return 0 Success
+    \return BAD_FUNC_ARG Returns if input, inOutIdx or key is null
+    \return ASN_PARSE_E Returns if there is an error parsing the DER encoded
+    data
+    \return ECC_BAD_ARG_E Returns if the key length is not CURVE25519_KEYSIZE or
+    the DER key contains other issues despite being properly formatted.
+    \return BUFFER_E Returns if the input buffer is too small to contain a
+    valid DER encoded key.
+
+    \param input Pointer to buffer containing DER encoded key
+    \param inOutIdx Index to start reading input buffer from.  On output,
+    index is set to last position parsed of input buffer.
+    \param key Pointer to curve25519_key structure to store decoded key
+    \param inSz Size of input DER buffer
+
+    \sa wc_Curve25519PrivateKeyDecode
+    \sa wc_Curve25519PublicKeyDecode
+
+    _Example_
+    \code
+    byte der[] = { // DER encoded key };
+    word32 idx = 0;
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    if (wc_Curve25519KeyDecode(der, &idx, &key, sizeof(der)) != 0) {
+        // Error decoding key
+    }
+    \endcode
+*/
+int wc_Curve25519KeyDecode(const byte* input, word32* inOutIdx,
+                           curve25519_key* key, word32 inSz);
+
+/*!
+    \ingroup ASN
+
+    \brief This function encodes a Curve25519 private key to DER format. If the
+    input key structure contains a public key, it will be ignored.
+
+    \return >0 Success, length of DER encoding
+    \return BAD_FUNC_ARG Returns if key or output is null
+    \return MEMORY_E Returns if there is an allocation failure
+    \return BUFFER_E Returns if output buffer is too small
+
+    \param key Pointer to curve25519_key structure containing private key to
+    encode
+    \param output Buffer to hold DER encoding
+    \param inLen Size of output buffer
+
+    \sa wc_Curve25519KeyToDer
+    \sa wc_Curve25519PublicKeyToDer
+
+    _Example_
+    \code
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    ...
+    int derSz = 128; // Some appropriate size for output DER
+    byte der[derSz];
+    wc_Curve25519PrivateKeyToDer(&key, der, derSz);
+    \endcode
+*/
+int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output,
+                                 word32 inLen);
+
+/*!
+    \ingroup ASN
+
+    \brief This function encodes a Curve25519 public key to DER format. If the
+    input key structure contains a private key, it will be ignored.
+
+    \return >0 Success, length of DER encoding
+    \return BAD_FUNC_ARG Returns if key or output is null
+    \return MEMORY_E Returns if there is an allocation failure
+    \return BUFFER_E Returns if output buffer is too small
+
+    \param key Pointer to curve25519_key structure containing public key to
+    encode
+    \param output Buffer to hold DER encoding
+    \param inLen Size of output buffer
+    \param withAlg Whether to include algorithm identifier in the DER encoding
+
+    \sa wc_Curve25519KeyToDer
+    \sa wc_Curve25519PrivateKeyToDer
+
+    _Example_
+    \code
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    ...
+    int derSz = 128; // Some appropriate size for output DER
+    byte der[derSz];
+    wc_Curve25519PublicKeyToDer(&key, der, derSz, 1);
+    \endcode
+*/
+int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen,
+                                int withAlg);
+
+/*!
+    \ingroup ASN
+
+    \brief This function encodes a Curve25519 key to DER format. It can encode
+    either a private key, a public key, or both.
+
+    \return >0 Success, length of DER encoding
+    \return BAD_FUNC_ARG Returns if key or output is null
+    \return MEMORY_E Returns if there is an allocation failure
+    \return BUFFER_E Returns if output buffer is too small
+
+    \param key Pointer to curve25519_key structure containing key to encode
+    \param output Buffer to hold DER encoding
+    \param inLen Size of output buffer
+    \param withAlg Whether to include algorithm identifier in the DER encoding
+
+    \sa wc_Curve25519PrivateKeyToDer
+    \sa wc_Curve25519PublicKeyToDer
+
+    _Example_
+    \code
+    curve25519_key key;
+    wc_curve25519_init(&key);
+    ...
+    int derSz = 128; // Some appropriate size for output DER
+    byte der[derSz];
+    wc_Curve25519KeyToDer(&key, der, derSz, 1);
+    \endcode
+*/
+int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen,
+                          int withAlg);
+
 /*!
     \ingroup ASN
 
@@ -1662,7 +1875,7 @@ void wc_SetCert_Free(Cert* cert);
     \return Length of traditional private key on success.
     \return Negative values on failure.
 
-    \param input Buffer containing unencrypted PKCS#8 private key. 
+    \param input Buffer containing unencrypted PKCS#8 private key.
     \param inOutIdx Index into the input buffer. On input, it should be a byte
     offset to the beginning of the the PKCS#8 buffer. On output, it will be the
     byte offset to the traditional private key within the input buffer.
@@ -1691,7 +1904,7 @@ int wc_GetPkcs8TraditionalOffset(byte* input,
 
     \brief This function takes in a DER private key and converts it to PKCS#8
     format. Also used in creating PKCS#12 shrouded key bags. See RFC 5208.
-    
+
     \return The size of the PKCS#8 key placed into out on success.
     \return LENGTH_ONLY_E if out is NULL, with required output buffer size in
     outSz.
@@ -1840,7 +2053,7 @@ int wc_DecryptPKCS8Key(byte* input, word32 sz, const char* password,
 
     \brief This function takes a traditional, DER key, converts it to PKCS#8
      format, and encrypts it. It uses wc_CreatePKCS8Key and wc_EncryptPKCS8Key
-     to do this. 
+     to do this.
 
     \return The size of the encrypted key placed in out on success.
     \return LENGTH_ONLY_E if out is NULL, with required output buffer size in
@@ -2199,7 +2412,7 @@ int wc_Asn1PrintOptions_Init(Asn1PrintOptions* opts);
     \return  0 on success.
     \return  BAD_FUNC_ARG when asn1 is NULL.
     \return  BAD_FUNC_ARG when val is out of range for option.
- 
+
     \param opts  The ASN.1 options for printing.
     \param opt   An option to set value for.
     \param val   The value to set.
diff --git a/doc/dox_comments/header_files/chacha20_poly1305.h b/doc/dox_comments/header_files/chacha20_poly1305.h
index 5a7f81950..057d274c2 100644
--- a/doc/dox_comments/header_files/chacha20_poly1305.h
+++ b/doc/dox_comments/header_files/chacha20_poly1305.h
@@ -62,14 +62,18 @@ int wc_ChaCha20Poly1305_Encrypt(
     ChaCha20 stream cipher, into the output buffer, outPlaintext. It also
     performs Poly-1305 authentication, comparing the given inAuthTag to an
     authentication generated with the inAAD (arbitrary length additional
-    authentication data). Note: If the generated authentication tag does
-    not match the supplied authentication tag, the text is not decrypted.
+    authentication data).  If a nonzero error code is returned, the output
+    data, outPlaintext, is undefined.  However, callers must unconditionally
+    zeroize the output buffer to guard against leakage of cleartext data.
 
-    \return 0 Returned upon successfully decrypting the message
+    \return 0 Returned upon successfully decrypting and authenticating the
+    message
     \return BAD_FUNC_ARG Returned if any of the function arguments do not
     match what is expected
     \return MAC_CMP_FAILED_E Returned if the generated authentication tag
     does not match the supplied inAuthTag.
+    \return MEMORY_E Returned if internal buffer allocation failed.
+    \return CHACHA_POLY_OVERFLOW Can be returned if input is corrupted.
 
     \param inKey pointer to a buffer containing the 32 byte key to use for
     decryption
diff --git a/doc/dox_comments/header_files/cryptocb.h b/doc/dox_comments/header_files/cryptocb.h
index 152f8823e..35cc88ef2 100644
--- a/doc/dox_comments/header_files/cryptocb.h
+++ b/doc/dox_comments/header_files/cryptocb.h
@@ -1,14 +1,14 @@
 /*!
     \ingroup CryptoCb
 
-    \brief This function registers a unique device identifier (devID) and 
-    callback function for offloading crypto operations to external 
+    \brief This function registers a unique device identifier (devID) and
+    callback function for offloading crypto operations to external
     hardware such as Key Store, Secure Element, HSM, PKCS11 or TPM.
 
     For STSAFE with Crypto Callbacks example see
     wolfcrypt/src/port/st/stsafe.c and the wolfSSL_STSAFE_CryptoDevCb function.
 
-    For TPM based crypto callbacks example see the wolfTPM2_CryptoDevCb 
+    For TPM based crypto callbacks example see the wolfTPM2_CryptoDevCb
     function in wolfTPM src/tpm2_wrap.c
 
     \return CRYPTOCB_UNAVAILABLE to fallback to using software crypto
@@ -90,7 +90,7 @@ int  wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
 /*!
     \ingroup CryptoCb
 
-    \brief This function un-registers a unique device identifier (devID) 
+    \brief This function un-registers a unique device identifier (devID)
     callback function.
 
     \return none No returns.
diff --git a/doc/dox_comments/header_files/doxygen_groups.h b/doc/dox_comments/header_files/doxygen_groups.h
index 709d462b1..5cac25e2d 100644
--- a/doc/dox_comments/header_files/doxygen_groups.h
+++ b/doc/dox_comments/header_files/doxygen_groups.h
@@ -154,7 +154,7 @@
       -# Set the RSK and, optionally precomputation table: wc_SetSakkeRsk()
       -# Derive SSV and auth data: wc_DeriveSakkeSSV()
       -# Free SAKKE Key: wc_FreeSakkeKey()
-    
+
     \defgroup SAKKE_Setup Setup SAKKE Key
     Operations for establishing a SAKKE key.
 
diff --git a/doc/dox_comments/header_files/ecc.h b/doc/dox_comments/header_files/ecc.h
index bad010751..20bd89ccd 100644
--- a/doc/dox_comments/header_files/ecc.h
+++ b/doc/dox_comments/header_files/ecc.h
@@ -2006,3 +2006,29 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
     \endcode
 */
 int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx);
+
+/*!
+    \ingroup ECC
+
+    \brief Compare a curve which has larger key than specified size or the curve matched curve ID,
+         set a curve with smaller key size to the key.
+
+    \return 0 Returned upon successfully setting the key
+
+    \param keysize Key size in bytes
+    \param curve_id Curve ID
+
+                                                                                                        _Example_
+    \code int ret;
+    ecc_key ecc;
+
+    ret = wc_ecc_init(&ecc);
+    if (ret != 0)
+        return ret;
+        ret = wc_ecc_set_curve(&ecc, 32, ECC_SECP256R1));
+        if (ret != 0)
+            return ret;
+
+    \endcode
+*/
+int wc_ecc_set_curve(ecc_key *key, int keysize, int curve_id);
diff --git a/doc/dox_comments/header_files/ed25519.h b/doc/dox_comments/header_files/ed25519.h
index b4176da9b..9ab61de62 100644
--- a/doc/dox_comments/header_files/ed25519.h
+++ b/doc/dox_comments/header_files/ed25519.h
@@ -8,7 +8,7 @@
     \return 0 Returned upon successfully making the public key.
     \return BAD_FUNC_ARG Returned if key or pubKey evaluate to NULL, or if the
     specified key size is not 32 bytes (Ed25519 has 32 byte keys).
-    \return ECC_PRIV_KEY_E returned if the ed25519_key object does not have 
+    \return ECC_PRIV_KEY_E returned if the ed25519_key object does not have
     the private key in it.
     \return MEMORY_E Returned if there is an error allocating memory
     during function execution.
@@ -188,8 +188,7 @@ int wc_ed25519ctx_sign_msg(const byte* in, word32 inlen, byte* out,
 
     \brief This function signs a message digest using an ed25519_key object
     to guarantee authenticity. The context is included as part of the data
-    signed. The message is pre-hashed before signature calculation. The hash
-    algorithm used to create message digest must be SHAKE-256.
+    signed. The message is pre-hashed before signature calculation.
 
     \return 0 Returned upon successfully generating a signature for the
     message digest.
diff --git a/doc/dox_comments/header_files/ed448.h b/doc/dox_comments/header_files/ed448.h
index a3ea82088..2f186b56b 100644
--- a/doc/dox_comments/header_files/ed448.h
+++ b/doc/dox_comments/header_files/ed448.h
@@ -133,7 +133,6 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out,
     \brief This function signs a message digest using an ed448_key object
     to guarantee authenticity. The context is included as part of the data
     signed. The hash is the pre-hashed message before signature calculation.
-    The hash algorithm used to create message digest must be SHAKE-256.
 
     \return 0 Returned upon successfully generating a signature for the
     message digest.
@@ -162,7 +161,7 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out,
 
     byte sig[114]; // will hold generated signature
     sigSz = sizeof(sig);
-    byte hash[] = { initialize with SHAKE-256 hash of message };
+    byte hash[] = { initialize hash of message };
     byte context[] = { initialize with context of signing };
 
     wc_InitRng(&rng); // initialize rng
@@ -297,7 +296,6 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg,
     \brief This function verifies the Ed448 signature of the digest of a message
     to ensure authenticity. The context is included as part of the data
     verified. The hash is the pre-hashed message before signature calculation.
-    The hash algorithm used to create message digest must be SHAKE-256.
     The answer is returned through res, with 1 corresponding to a valid
     signature, and 0 corresponding to an invalid signature.
 
@@ -325,7 +323,7 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg,
     int ret, verified = 0;
 
     byte sig[] { initialize with received signature };
-    byte hash[] = { initialize with SHAKE-256 hash of message };
+    byte hash[] = { initialize hash of message };
     byte context[] = { initialize with context of signature };
     // initialize key with received public key
     ret = wc_ed448ph_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
diff --git a/doc/dox_comments/header_files/memory.h b/doc/dox_comments/header_files/memory.h
index 02dbf4e41..fbc2172fc 100644
--- a/doc/dox_comments/header_files/memory.h
+++ b/doc/dox_comments/header_files/memory.h
@@ -4,9 +4,9 @@
     \brief This function is similar to malloc(), but calls the memory
     allocation function which wolfSSL has been configured to use. By default,
     wolfSSL uses malloc().  This can be changed using the wolfSSL memory
-    abstraction layer - see wolfSSL_SetAllocators(). Note wolfSSL_Malloc is not 
+    abstraction layer - see wolfSSL_SetAllocators(). Note wolfSSL_Malloc is not
     called directly by wolfSSL, but instead called by macro XMALLOC.
-    For the default build only the size argument exists. If using 
+    For the default build only the size argument exists. If using
     WOLFSSL_STATIC_MEMORY build then heap and type arguments are included.
 
     \return pointer If successful, this function returns a pointer to
@@ -37,9 +37,9 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type);
     \brief This function is similar to free(), but calls the memory free
     function which wolfSSL has been configured to use. By default, wolfSSL
     uses free(). This can be changed using the wolfSSL memory abstraction
-    layer - see wolfSSL_SetAllocators(). Note wolfSSL_Free is not 
+    layer - see wolfSSL_SetAllocators(). Note wolfSSL_Free is not
     called directly by wolfSSL, but instead called by macro XFREE.
-    For the default build only the ptr argument exists. If using 
+    For the default build only the ptr argument exists. If using
     WOLFSSL_STATIC_MEMORY build then heap and type arguments are included.
 
     \return none No returns.
@@ -73,8 +73,8 @@ void  wolfSSL_Free(void *ptr, void* heap, int type);
     \brief This function is similar to realloc(), but calls the memory
     re-allocation function which wolfSSL has been configured to use.
     By default, wolfSSL uses realloc().  This can be changed using the
-    wolfSSL memory abstraction layer - see wolfSSL_SetAllocators(). 
-    Note wolfSSL_Realloc is not called directly by wolfSSL, but instead called 
+    wolfSSL memory abstraction layer - see wolfSSL_SetAllocators().
+    Note wolfSSL_Realloc is not called directly by wolfSSL, but instead called
     by macro XREALLOC. For the default build only the size argument exists.
     If using WOLFSSL_STATIC_MEMORY build then heap and type arguments are included.
 
diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h
index 0a329085e..5b70953ef 100644
--- a/doc/dox_comments/header_files/pkcs7.h
+++ b/doc/dox_comments/header_files/pkcs7.h
@@ -205,8 +205,8 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
 
     \brief This function builds the PKCS7 signed data content type, encoding
     the PKCS7 structure into a header and footer buffer containing a parsable PKCS7
-    signed data packet. This does not include the content. 
-    A hash must be computed and provided for the data 
+    signed data packet. This does not include the content.
+    A hash must be computed and provided for the data
 
     \return 0=Success
     \return BAD_FUNC_ARG Returned if the PKCS7 structure is missing one or
@@ -244,11 +244,11 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
     \param hashSz size of the digest
     \param outputHead pointer to the buffer in which to store the
     encoded certificate header
-    \param outputHeadSz pointer populated with size of output header buffer 
+    \param outputHeadSz pointer populated with size of output header buffer
     and returns actual size
     \param outputFoot pointer to the buffer in which to store the
     encoded certificate footer
-    \param outputFootSz pointer populated with size of output footer buffer 
+    \param outputFootSz pointer populated with size of output footer buffer
     and returns actual size
 
     _Example_
@@ -285,7 +285,7 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
         wc_HashFree(&hash, hashType);
     }
 
-    ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 
+    ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
         &pkcs7HeadSz, pkcs7FootBuff, &pkcs7FootSz);
     if ( ret != 0 ) {
         // error encoding into output buffer
@@ -297,8 +297,8 @@ int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
     \sa wc_PKCS7_InitWithCert
     \sa wc_PKCS7_VerifySignedData_ex
 */
-int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, 
+int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+    word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot,
     word32* outputFootSz);
 
 /*!
@@ -382,9 +382,9 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
 /*!
     \ingroup PKCS7
 
-    \brief This function takes in a transmitted PKCS7 signed data message as 
-    hash/header/footer, then extracts the certificate list and certificate 
-    revocation list, and then verifies the signature. It stores the extracted 
+    \brief This function takes in a transmitted PKCS7 signed data message as
+    hash/header/footer, then extracts the certificate list and certificate
+    revocation list, and then verifies the signature. It stores the extracted
     content in the given PKCS7 structure.
 
     \return 0 Returned on successfully extracting the information
@@ -426,10 +426,10 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
     certificates
     \param hashBuf pointer to computed hash for the content data
     \param hashSz size of the digest
-    \param pkiMsgHead pointer to the buffer containing the signed message header 
+    \param pkiMsgHead pointer to the buffer containing the signed message header
     to verify and decode
     \param pkiMsgHeadSz size of the signed message header
-    \param pkiMsgFoot pointer to the buffer containing the signed message footer 
+    \param pkiMsgFoot pointer to the buffer containing the signed message footer
     to verify and decode
     \param pkiMsgFootSz size of the signed message footer
 
@@ -463,7 +463,7 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
         wc_HashFree(&hash, hashType);
     }
 
-    ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, 
+    ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff,
         sizeof(pkcs7HeadBuff), pkcs7FootBuff, sizeof(pkcs7FootBuff));
     if ( ret != 0 ) {
         // error encoding into output buffer
@@ -475,8 +475,8 @@ int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
     \sa wc_PKCS7_InitWithCert
     \sa wc_PKCS7_EncodeSignedData_ex
 */
-int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, 
-    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, 
+int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+    word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
     word32 pkiMsgFootSz);
 
 /*!
diff --git a/doc/dox_comments/header_files/rsa.h b/doc/dox_comments/header_files/rsa.h
index 9f099c1ed..2245052f3 100644
--- a/doc/dox_comments/header_files/rsa.h
+++ b/doc/dox_comments/header_files/rsa.h
@@ -333,6 +333,12 @@ int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
     if (ret < 0) {
         return -1;
     }
+    if (ret != inLen) {
+        return -1;
+    }
+    if (XMEMCMP(in, plain, ret) != 0) {
+        return -1;
+    }
     \endcode
 
     \sa wc_RsaPad
@@ -403,6 +409,12 @@ int  wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
     if (ret < 0) {
         return -1;
     }
+    if (ret != inLen) {
+        return -1;
+    }
+    if (XMEMCMP(in, plain, ret) != 0) {
+        return -1;
+    }
     \endcode
 
     \sa wc_RsaSSL_Sign
diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h
index bdf1d49f0..7da361348 100644
--- a/doc/dox_comments/header_files/ssl.h
+++ b/doc/dox_comments/header_files/ssl.h
@@ -1997,8 +1997,8 @@ const char* wolfSSL_get_cipher_name(WOLFSSL* ssl);
 /*!
     \ingroup IO
 
-    \brief This function returns the file descriptor (fd) used as the
-    input/output facility for the SSL connection.  Typically this
+    \brief This function returns the read file descriptor (fd) used as the
+    input facility for the SSL connection.  Typically this
     will be a socket file descriptor.
 
     \return fd If successful the call will return the SSL session file
@@ -2016,9 +2016,38 @@ const char* wolfSSL_get_cipher_name(WOLFSSL* ssl);
     \endcode
 
     \sa wolfSSL_set_fd
+    \sa wolfSSL_set_read_fd
+    \sa wolfSSL_set_write_fd
 */
 int  wolfSSL_get_fd(const WOLFSSL*);
 
+/*!
+    \ingroup IO
+
+    \brief This function returns the write file descriptor (fd) used as the
+    output facility for the SSL connection.  Typically this
+    will be a socket file descriptor.
+
+    \return fd If successful the call will return the SSL session file
+    descriptor.
+
+    \param ssl pointer to the SSL session, created with wolfSSL_new().
+
+    _Example_
+    \code
+    int sockfd;
+    WOLFSSL* ssl = 0;
+    ...
+    sockfd = wolfSSL_get_wfd(ssl);
+    ...
+    \endcode
+
+    \sa wolfSSL_set_fd
+    \sa wolfSSL_set_read_fd
+    \sa wolfSSL_set_write_fd
+*/
+int  wolfSSL_get_wfd(const WOLFSSL*);
+
 /*!
     \ingroup Setup
 
@@ -2088,7 +2117,7 @@ int  wolfSSL_get_using_nonblock(WOLFSSL*);
     session if the handshake has not already been performed yet by
     wolfSSL_connect() or wolfSSL_accept(). When using (D)TLSv1.3 and early data
     feature is compiled in, this function progresses the handshake only up to
-    the point when it is possible to send data. Next invokations of
+    the point when it is possible to send data. Next invocations of
     wolfSSL_Connect()/wolfSSL_Accept()/wolfSSL_read() will complete the
     handshake. wolfSSL_write() works with both blocking and non-blocking I/O.
     When the underlying I/O is non-blocking, wolfSSL_write() will return when
@@ -2289,6 +2318,48 @@ int  wolfSSL_peek(WOLFSSL* ssl, void* data, int sz);
 */
 int  wolfSSL_accept(WOLFSSL*);
 
+/*!
+    \ingroup IO
+
+    \brief This function is called on the server side and statelessly listens
+    for an SSL client to initiate the DTLS handshake.
+
+    \return WOLFSSL_SUCCESS ClientHello containing a valid cookie was received.
+    The connection can be continued with wolfSSL_accept().
+    \return WOLFSSL_FAILURE The I/O layer returned WANT_READ. This is either
+    because there is no data to read and we are using non-blocking sockets or
+    we sent a cookie request and we are waiting for a reply. The user should
+    call wolfDTLS_accept_stateless again after data becomes available in
+    the I/O layer.
+    \return WOLFSSL_FATAL_ERROR A fatal error occurred. The ssl object should be
+    free'd and allocated again to continue.
+
+    \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
+
+    _Example_
+    \code
+    int ret = 0;
+    int err = 0;
+    WOLFSSL* ssl;
+    ...
+    do {
+        ret = wolfDTLS_accept_stateless(ssl);
+        if (ret == WOLFSSL_FATAL_ERROR)
+            // re-allocate the ssl object with wolfSSL_free() and wolfSSL_new()
+    } while (ret != WOLFSSL_SUCCESS);
+    ret = wolfSSL_accept(ssl);
+    if (ret != SSL_SUCCESS) {
+        err = wolfSSL_get_error(ssl, ret);
+        printf(“error = %d, %s\n”, err, wolfSSL_ERR_error_string(err, buffer));
+    }
+    \endcode
+
+    \sa wolfSSL_accept
+    \sa wolfSSL_get_error
+    \sa wolfSSL_connect
+*/
+int  wolfDTLS_accept_stateless(WOLFSSL* ssl);
+
 /*!
     \ingroup Setup
 
@@ -3856,12 +3927,53 @@ int  wolfSSL_dtls(WOLFSSL* ssl);
     \endcode
 
     \sa wolfSSL_dtls_get_current_timeout
+    \sa wolfSSL_dtls_set_pending_peer
     \sa wolfSSL_dtls_get_peer
     \sa wolfSSL_dtls_got_timeout
     \sa wolfSSL_dtls
 */
 int  wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
 
+/*!
+    \brief This function sets the pending DTLS peer, peer (sockaddr_in) with
+    size of peerSz. This sets the pending peer that will be upgraded to a
+    regular peer when we successfully de-protect the next record. This is useful
+    in scenarios where the peer's address can change to avoid off-path attackers
+    from changing the peer address. This should be used with Connection ID's to
+    allow seamless and safe transition to a new peer address.
+
+    \return SSL_SUCCESS will be returned upon success.
+    \return SSL_FAILURE will be returned upon failure.
+    \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
+    with DTLS support.
+
+    \param ssl    a pointer to a WOLFSSL structure, created using wolfSSL_new().
+    \param peer   pointer to peer’s sockaddr_in structure. If NULL then the peer
+                  information in ssl is cleared.
+    \param peerSz size of the sockaddr_in structure pointed to by peer. If 0
+                  then the peer information in ssl is cleared.
+
+    _Example_
+    \code
+    int ret = 0;
+    WOLFSSL* ssl;
+    sockaddr_in addr;
+    ...
+    ret = wolfSSL_dtls_set_pending_peer(ssl, &addr, sizeof(addr));
+    if (ret != SSL_SUCCESS) {
+	    // failed to set DTLS peer
+    }
+    \endcode
+
+    \sa wolfSSL_dtls_get_current_timeout
+    \sa wolfSSL_dtls_set_peer
+    \sa wolfSSL_dtls_get_peer
+    \sa wolfSSL_dtls_got_timeout
+    \sa wolfSSL_dtls
+*/
+int  wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer,
+                                   unsigned int peerSz);
+
 /*!
     \brief This function gets the sockaddr_in (of size peerSz) of the current
     DTLS peer.  The function will compare peerSz to the actual DTLS peer size
@@ -3899,6 +4011,41 @@ int  wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
 */
 int  wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz);
 
+/*!
+    \brief This function gets the sockaddr_in (of size peerSz) of the current
+    DTLS peer.  This is a zero-copy alternative to wolfSSL_dtls_get_peer().
+
+    \return SSL_SUCCESS will be returned upon success.
+    \return SSL_FAILURE will be returned upon failure.
+    \return SSL_NOT_IMPLEMENTED will be returned if wolfSSL was not compiled
+    with DTLS support.
+
+    \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
+    \param peer pointer to return the internal buffer holding the peer address
+    \param peerSz output the size of the actual sockaddr_in structure
+    pointed to by peer.
+
+    _Example_
+    \code
+    int ret = 0;
+    WOLFSSL* ssl;
+    sockaddr_in* addr;
+    unsigned int addrSz;
+    ...
+    ret = wolfSSL_dtls_get_peer(ssl, &addr, &addrSz);
+    if (ret != SSL_SUCCESS) {
+	    // failed to get DTLS peer
+    }
+    \endcode
+
+    \sa wolfSSL_dtls_get_current_timeout
+    \sa wolfSSL_dtls_got_timeout
+    \sa wolfSSL_dtls_set_peer
+    \sa wolfSSL_dtls
+*/
+int  wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer,
+                            unsigned int* peerSz);
+
 /*!
     \ingroup Debug
 
@@ -7756,9 +7903,9 @@ int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certBuff[...];
+    long sz = sizeof(certBuff);
     ...
 
     ret = wolfSSL_CTX_load_verify_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
@@ -7813,9 +7960,9 @@ int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certBuff[...];
+    long sz = sizeof(certBuff);
     ...
 
     // Example for force loading an expired certificate
@@ -7869,9 +8016,9 @@ int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certBuff[...];
+    long sz = sizeof(certBuff);
     ...
 
     ret = wolfSSL_CTX_load_verify_chain_buffer_format(ctx,
@@ -7920,9 +8067,9 @@ int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certBuff[...];
+    long sz = sizeof(certBuff);
     ...
     ret = wolfSSL_CTX_use_certificate_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM);
     if (ret != SSL_SUCCESS) {
@@ -7970,9 +8117,9 @@ int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte keyBuff[...];
+    long sz = sizeof(certBuff);
     ...
     ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, keyBuff, sz, SSL_FILETYPE_PEM);
     if (ret != SSL_SUCCESS) {
@@ -8019,9 +8166,9 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx,
     _Example_
     \code
     int ret = 0;
-    int sz = 0;
     WOLFSSL_CTX* ctx;
     byte certChainBuff[...];
+    long sz = sizeof(certBuff);
     ...
     ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx, certChainBuff, sz);
     if (ret != SSL_SUCCESS) {
@@ -8065,10 +8212,10 @@ int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
 
     _Example_
     \code
-    int buffSz;
     int ret;
     byte certBuff[...];
     WOLFSSL* ssl = 0;
+    long buffSz = sizeof(certBuff);
     ...
 
     ret = wolfSSL_use_certificate_buffer(ssl, certBuff, buffSz, SSL_FILETYPE_PEM);
@@ -8114,10 +8261,10 @@ int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in,
 
     _Example_
     \code
-    int buffSz;
     int ret;
     byte keyBuff[...];
     WOLFSSL* ssl = 0;
+    long buffSz = sizeof(certBuff);
     ...
     ret = wolfSSL_use_PrivateKey_buffer(ssl, keyBuff, buffSz, SSL_FILETYPE_PEM);
     if (ret != SSL_SUCCESS) {
@@ -8161,10 +8308,10 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
 
     _Example_
     \code
-    int buffSz;
     int ret;
     byte certChainBuff[...];
     WOLFSSL* ssl = 0;
+    long buffSz = sizeof(certBuff);
     ...
     ret = wolfSSL_use_certificate_chain_buffer(ssl, certChainBuff, buffSz);
     if (ret != SSL_SUCCESS) {
@@ -10012,6 +10159,85 @@ int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
 int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm,
                                  CbMissingCRL cb);
 
+/*!
+    \ingroup CertManager
+    \brief This function sets the CRL Update callback. If
+    HAVE_CRL and HAVE_CRL_UPDATE_CB is defined , and an entry with the same
+    issuer and a lower CRL number exists when a CRL is added, then the
+    CbUpdateCRL is called with the details of the existing entry and the
+    new one replacing it.
+
+    \return SSL_SUCCESS returned upon successful execution of the function and
+    subroutines.
+    \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
+
+    \param cm the WOLFSSL_CERT_MANAGER structure holding the information for
+    the certificate.
+    \param cb a function pointer to (*CbUpdateCRL) that is set to the
+    cbUpdateCRL member of the WOLFSSL_CERT_MANAGER.
+    Signature requirement:
+	void (*CbUpdateCRL)(CrlInfo *old, CrlInfo *new);
+
+    _Example_
+    \code
+    #include <wolfssl/ssl.h>
+
+    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method);
+    WOLFSSL* ssl = wolfSSL_new(ctx);
+    …
+    void cb(CrlInfo *old, CrlInfo *new){
+	    Function body.
+    }
+    …
+    CbUpdateCRL cb = CbUpdateCRL;
+    …
+    if(ctx){
+        return wolfSSL_CertManagerSetCRLUpdate_Cb(SSL_CM(ssl), cb);
+    }
+    \endcode
+
+    \sa CbUpdateCRL
+*/
+int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm,
+                                       CbUpdateCRL cb);
+
+/*!
+    \ingroup CertManager
+    \brief This function yields a structure with parsed CRL information from
+    an encoded CRL buffer.
+
+    \return SSL_SUCCESS returned upon successful execution of the function and
+    subroutines.
+    \return BAD_FUNC_ARG returned if the WOLFSSL_CERT_MANAGER structure is NULL.
+
+    \param cm   the WOLFSSL_CERT_MANAGER structure..
+    \param info pointer to caller managed CrlInfo structure that will receive
+                the CRL information.
+    \param buff input buffer containing encoded CRL.
+    \param sz   the length in bytes of the input CRL data in buff.
+    \param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_DER
+
+    _Example_
+    \code
+    #include <wolfssl/ssl.h>
+
+    CrlInfo info;
+    WOLFSSL_CERT_MANAGER* cm = NULL;
+
+    cm = wolfSSL_CertManagerNew();
+
+    // Read crl data from file into buffer
+
+    wolfSSL_CertManagerGetCRLInfo(cm, &info, crlData, crlDataLen,
+                                  WOLFSSL_FILETYPE_PEM);
+    \endcode
+
+    \sa CbUpdateCRL
+    \sa wolfSSL_SetCRL_Cb
+*/
+int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info,
+    const byte* buff, long sz, int type)
+
 /*!
     \ingroup CertManager
     \brief This function frees the CRL stored in the Cert Manager. An
@@ -11251,7 +11477,7 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list,
     \return MEMORY_E is the error returned when there is not enough memory.
 
     \param ssl pointer to a SSL object, created with wolfSSL_new().
-    \param mfl indicates witch is the Maximum Fragment Length requested for the
+    \param mfl indicates which is the Maximum Fragment Length requested for the
     session. The available options are: enum { WOLFSSL_MFL_2_9  = 1, 512 bytes
     WOLFSSL_MFL_2_10 = 2, 1024 bytes WOLFSSL_MFL_2_11 = 3, 2048 bytes
     WOLFSSL_MFL_2_12 = 4, 4096 bytes WOLFSSL_MFL_2_13 = 5, 8192
@@ -14015,7 +14241,7 @@ int  wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
     Call this function instead of wolfSSL_accept() or wolfSSL_accept_TLSv13()
     to accept a client and read any early data in the handshake. The function
     should be invoked until wolfSSL_is_init_finished() returns true. Early data
-    may be sent by the client in multiple messsages. If there is no early data
+    may be sent by the client in multiple messages. If there is no early data
     then the handshake will be processed as normal. This function is only used
     with servers.
 
@@ -14059,6 +14285,39 @@ int  wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
 int  wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
     int* outSz);
 
+/*!
+    \ingroup IO
+
+    \brief This function is called to inject data into the WOLFSSL object. This
+    is useful when data needs to be read from a single place and demultiplexed
+    into multiple connections. The caller should then call wolfSSL_read() to
+    extract the plaintext data from the WOLFSSL object.
+
+    \param [in] ssl a pointer to a WOLFSSL structure, created using
+                    wolfSSL_new().
+    \param [in] data data to inject into the ssl object.
+    \param [in] sz number of bytes of data to inject.
+
+    \return BAD_FUNC_ARG if any pointer parameter is NULL or sz <= 0
+    \return APP_DATA_READY if there is application data left to read
+    \return MEMORY_E if allocation fails
+    \return WOLFSSL_SUCCESS on success
+
+    _Example_
+    \code
+    byte buf[2000]
+    sz = recv(fd, buf, sizeof(buf), 0);
+    if (sz <= 0)
+        // error
+    if (wolfSSL_inject(ssl, buf, sz) != WOLFSSL_SUCCESS)
+        // error
+    sz = wolfSSL_read(ssl, buf, sizeof(buf);
+    \endcode
+
+    \sa wolfSSL_read
+*/
+int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz);
+
 /*!
     \ingroup Setup
 
@@ -14876,6 +15135,7 @@ connection into the buffer pointed by the parameter buffer. See RFC 9146 and RFC
  \param buffer A buffer where the ConnectionID will be copied
  \param bufferSz available space in buffer
 
+ \sa wolfSSL_dtls_cid_get0_rx
  \sa wolfSSL_dtls_cid_use
  \sa wolfSSL_dtls_cid_is_enabled
  \sa wolfSSL_dtls_cid_set
@@ -14888,6 +15148,26 @@ int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer,
 
 /*!
 
+\brief Get the ConnectionID used by the other peer. See RFC 9146 and RFC
+9147.
+
+ \return WOLFSSL_SUCCESS if ConnectionID was correctly set in cid.
+
+ \param ssl A WOLFSSL object pointern
+ \param cid Pointer that will be set to the internal memory that holds the CID
+
+ \sa wolfSSL_dtls_cid_get_rx
+ \sa wolfSSL_dtls_cid_use
+ \sa wolfSSL_dtls_cid_is_enabled
+ \sa wolfSSL_dtls_cid_set
+ \sa wolfSSL_dtls_cid_get_rx_size
+ \sa wolfSSL_dtls_cid_get_tx_size
+ \sa wolfSSL_dtls_cid_get_tx
+*/
+int wolfSSL_dtls_cid_get0_rx(WOLFSSL* ssl, unsigned char** cid);
+
+/*!
+
 \brief Get the size of the ConnectionID used to send records in this
 connection. See RFC 9146 and RFC 9147. The size is stored in the parameter size.
 
@@ -14919,6 +15199,7 @@ available size need to be provided in bufferSz.
  \param buffer A buffer where the ConnectionID will be copied
  \param bufferSz available space in buffer
 
+ \sa wolfSSL_dtls_cid_get0_tx
  \sa wolfSSL_dtls_cid_use
  \sa wolfSSL_dtls_cid_is_enabled
  \sa wolfSSL_dtls_cid_set
@@ -14929,6 +15210,50 @@ available size need to be provided in bufferSz.
 int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
     unsigned int bufferSz);
 
+/*!
+
+\brief Get the ConnectionID used when sending records in this connection. See
+RFC 9146 and RFC 9147.
+
+ \return WOLFSSL_SUCCESS if ConnectionID was correctly retrieved, error code
+ otherwise
+
+ \param ssl A WOLFSSL object pointern
+ \param cid Pointer that will be set to the internal memory that holds the CID
+
+ \sa wolfSSL_dtls_cid_get_tx
+ \sa wolfSSL_dtls_cid_use
+ \sa wolfSSL_dtls_cid_is_enabled
+ \sa wolfSSL_dtls_cid_set
+ \sa wolfSSL_dtls_cid_get_rx_size
+ \sa wolfSSL_dtls_cid_get_rx
+ \sa wolfSSL_dtls_cid_get_tx_size
+*/
+int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid);
+
+/*!
+
+\brief Extract the ConnectionID from a record datagram/message. See
+RFC 9146 and RFC 9147.
+
+ \param msg buffer holding the datagram read from the network
+ \param msgSz size of msg in bytes
+ \param cid pointer to the start of the CID inside the msg buffer
+ \param cidSz the expected size of the CID. The record layer does not have a CID
+ size field so we have to know beforehand the size of the CID. It is recommended
+ to use a constant CID for all connections.
+
+ \sa wolfSSL_dtls_cid_get_tx
+ \sa wolfSSL_dtls_cid_use
+ \sa wolfSSL_dtls_cid_is_enabled
+ \sa wolfSSL_dtls_cid_set
+ \sa wolfSSL_dtls_cid_get_rx_size
+ \sa wolfSSL_dtls_cid_get_rx
+ \sa wolfSSL_dtls_cid_get_tx_size
+*/
+const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
+        unsigned int msgSz, unsigned int cidSz);
+
 /*!
     \ingroup TLS
 
@@ -15014,7 +15339,7 @@ WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first,
     \param [out] sigAlgo The enum Key_Sum of the authentication algorithm
 
     \return 0            when info was correctly set
-    \return BAD_FUNC_ARG when either input paramters are NULL or the bytes
+    \return BAD_FUNC_ARG when either input parameters are NULL or the bytes
                          are not a recognized sigalg suite
 
     _Example_
diff --git a/doc/dox_comments/header_files/types.h b/doc/dox_comments/header_files/types.h
index 65faa10a5..6f1ecee26 100644
--- a/doc/dox_comments/header_files/types.h
+++ b/doc/dox_comments/header_files/types.h
@@ -23,14 +23,14 @@
     #define XMALLOC(s, h, t) 	((void)h, (void)t, wolfSSL_Malloc((s)))
     #define XFREE(p, h, t)   	{void* xp = (p); if((xp)) wolfSSL_Free((xp));}
     #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
-    	
+
     \return pointer Return a pointer to allocated memory on success
 	\return NULL on failure
-	
+
 	\param s size of memory to allocate
-	\param h (used by custom XMALLOC function) pointer to the heap to use	
+	\param h (used by custom XMALLOC function) pointer to the heap to use
 	\param t memory allocation types for user hints. See enum in types.h
-	
+
 	_Example_
 	\code
 	int* tenInts = XMALLOC(sizeof(int)*10, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -39,7 +39,7 @@
 	    return MEMORY_E;
     }
 	\endcode
-	
+
 	\sa wolfSSL_Malloc
 	\sa wolfSSL_Realloc
 	\sa wolfSSL_Free
@@ -75,19 +75,19 @@ void* XMALLOC(size_t n, void* heap, int type);
 
     \return Return a pointer to allocated memory on success
 	\return NULL on failure
-	
+
 	\param p pointer to the address to reallocate
 	\param n size of memory to allocate
-	\param h (used by custom XREALLOC function) pointer to the heap to use	
+	\param h (used by custom XREALLOC function) pointer to the heap to use
 	\param t memory allocation types for user hints. See enum in types.h
-	
+
 	_Example_
 	\code
 	int* tenInts = (int*)XMALLOC(sizeof(int)*10, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     int* twentyInts = (int*)XREALLOC(tenInts, sizeof(int)*20, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
 	\endcode
-	
+
 	\sa wolfSSL_Malloc
 	\sa wolfSSL_Realloc
 	\sa wolfSSL_Free
@@ -123,9 +123,9 @@ void* XREALLOC(void *p, size_t n, void* heap, int type);
     \return none No returns.
 
     \param p pointer to the address to free
-	\param h (used by custom XFREE function) pointer to the heap to use	
+	\param h (used by custom XFREE function) pointer to the heap to use
 	\param t memory allocation types for user hints. See enum in types.h
-	
+
 	_Example_
 	\code
 	int* tenInts = XMALLOC(sizeof(int) * 10, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -134,7 +134,7 @@ void* XREALLOC(void *p, size_t n, void* heap, int type);
 	    return MEMORY_E;
     }
 	\endcode
-	
+
 	\sa wolfSSL_Malloc
 	\sa wolfSSL_Realloc
 	\sa wolfSSL_Free
diff --git a/doc/dox_comments/header_files/wolfio.h b/doc/dox_comments/header_files/wolfio.h
index a1404fbe6..673242aaf 100644
--- a/doc/dox_comments/header_files/wolfio.h
+++ b/doc/dox_comments/header_files/wolfio.h
@@ -422,9 +422,9 @@ void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
     flags parameter may include one or more of the following:
     #define MSG_OOB 0x1  // process out-of-band data,
     #define MSG_DONTROUTE  0x4  // bypass routing, use direct interface.
-    The flag MSG_OOB is used to send ``out-of-band'' data on sockets that
+    The flag MSG_OOB is used to send 'out-of-band' data on sockets that
     support this notion (e.g.  SOCK_STREAM); the underlying protocol must also
-    support ``out-of-band'' data.  MSG_DONTROUTE is usually used only by
+    support 'out-of-band' data.  MSG_DONTROUTE is usually used only by
     diagnostic or routing programs.”
 
     \return none No returns.
@@ -575,3 +575,46 @@ int wolfSSL_SetIO_ISOTP(WOLFSSL *ssl, isotp_wolfssl_ctx *ctx,
         can_recv_fn recv_fn, can_send_fn send_fn, can_delay_fn delay_fn,
         word32 receive_delay, char *receive_buffer, int receive_buffer_size,
         void *arg);
+
+/*!
+    \ingroup Setup
+
+    \brief This function disables reading from the IO layer.
+
+    \param ssl the wolfSSL context
+
+    _Example_
+    \code
+    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(method);
+    WOLFSSL* ssl = wolfSSL_new(ctx);
+    wolfSSL_SSLDisableRead(ssl);
+    \endcode
+
+    \sa wolfSSL_CTX_SetIORecv
+    \sa wolfSSL_SSLSetIORecv
+    \sa wolfSSL_SSLEnableRead
+ */
+void wolfSSL_SSLDisableRead(WOLFSSL *ssl);
+
+/*!
+    \ingroup Setup
+
+    \brief This function enables reading from the IO layer. Reading is enabled
+           by default and should be used to undo wolfSSL_SSLDisableRead();
+
+    \param ssl the wolfSSL context
+
+    _Example_
+    \code
+    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(method);
+    WOLFSSL* ssl = wolfSSL_new(ctx);
+    wolfSSL_SSLDisableRead(ssl);
+    ...
+    wolfSSL_SSLEnableRead(ssl);
+    \endcode
+
+    \sa wolfSSL_CTX_SetIORecv
+    \sa wolfSSL_SSLSetIORecv
+    \sa wolfSSL_SSLEnableRead
+ */
+void wolfSSL_SSLEnableRead(WOLFSSL *ssl);
diff --git a/doc/formats/html/html_changes/customdoxygen.css b/doc/formats/html/html_changes/customdoxygen.css
index 2c553fdea..478f7cf54 100644
--- a/doc/formats/html/html_changes/customdoxygen.css
+++ b/doc/formats/html/html_changes/customdoxygen.css
@@ -418,7 +418,7 @@ p.formulaDsp {
 }
 
 img.formulaDsp {
-	
+
 }
 
 img.formulaInl {
diff --git a/doc/formats/html/html_changes/doxygen.css b/doc/formats/html/html_changes/doxygen.css
index c49b43f3e..ee1bde225 100644
--- a/doc/formats/html/html_changes/doxygen.css
+++ b/doc/formats/html/html_changes/doxygen.css
@@ -321,7 +321,7 @@ p.formulaDsp {
 }
 
 img.formulaDsp {
-	
+
 }
 
 img.formulaInl {
diff --git a/examples/asn1/asn1.c b/examples/asn1/asn1.c
index 92a0a1952..cb9a199ec 100644
--- a/examples/asn1/asn1.c
+++ b/examples/asn1/asn1.c
@@ -1,6 +1,6 @@
 /* asn1.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -66,7 +66,7 @@ static int asn1App_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
     word32 len = 0;
     size_t read_len;
     /* Allocate a minimum amount. */
-    unsigned char* data = (unsigned char*)malloc(DATA_INC_LEN);
+    unsigned char* data = (unsigned char*)XMALLOC(DATA_INC_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (data != NULL) {
         /* Read more data. */
@@ -74,7 +74,7 @@ static int asn1App_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
             unsigned char* p;
 
             if (ferror(fp)) {
-                free(data);
+                XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 return IO_FAILED_E;
             }
 
@@ -87,10 +87,10 @@ static int asn1App_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
             }
 
             /* Make space for more data to be added to buffer. */
-            p = (unsigned char*)realloc(data, len + DATA_INC_LEN);
+            p = (unsigned char*)XREALLOC(data, len + DATA_INC_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             if (p == NULL) {
                 /* Reallocation failed - free current buffer. */
-                free(data);
+                XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 data = NULL;
                 break;
             }
@@ -132,7 +132,7 @@ static int PrintDer(FILE* fp)
         /* Print DER/BER. */
         ret = wc_Asn1_PrintAll(&asn1, &opts, data, len);
         /* Dispose of buffer. */
-        free(data);
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     return ret;
@@ -168,7 +168,7 @@ static int PrintBase64(FILE* fp)
             ret = wc_Asn1_PrintAll(&asn1, &opts, data, len);
         }
         /* Dispose of buffer. */
-        free(data);
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     return ret;
@@ -280,7 +280,7 @@ static int PrintPem(FILE* fp, int pem_skip)
             ret = wc_Asn1_PrintAll(&asn1, &opts, data, len);
         }
         /* Dispose of buffer. */
-        free(data);
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
     return ret;
diff --git a/examples/async/async_client.c b/examples/async/async_client.c
index 114f10728..b2c60c1b1 100644
--- a/examples/async/async_client.c
+++ b/examples/async/async_client.c
@@ -1,6 +1,6 @@
 /* async_client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -184,7 +184,7 @@ int client_async_test(int argc, char** argv)
 #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0)
                 break;
@@ -192,7 +192,7 @@ int client_async_test(int argc, char** argv)
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         fprintf(stderr, "wolfSSL_connect error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
@@ -214,7 +214,7 @@ int client_async_test(int argc, char** argv)
 #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0)
                 break;
@@ -222,7 +222,7 @@ int client_async_test(int argc, char** argv)
     #endif
         ret = wolfSSL_write(ssl, buff, (int)len);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != (int)len) {
         fprintf(stderr, "wolfSSL_write error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
@@ -236,7 +236,7 @@ int client_async_test(int argc, char** argv)
 #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0)
                 break;
@@ -244,7 +244,7 @@ int client_async_test(int argc, char** argv)
     #endif
         ret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         fprintf(stderr, "wolfSSL_read error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
diff --git a/examples/async/async_server.c b/examples/async/async_server.c
index 7a782de7c..186a7de67 100644
--- a/examples/async/async_server.c
+++ b/examples/async/async_server.c
@@ -1,6 +1,6 @@
 /* async_server.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -248,7 +248,7 @@ int server_async_test(int argc, char** argv)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0)
                     break;
@@ -256,7 +256,7 @@ int server_async_test(int argc, char** argv)
         #endif
             ret = wolfSSL_accept(ssl);
             err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != WOLFSSL_SUCCESS) {
             fprintf(stderr, "wolfSSL_accept error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
@@ -273,7 +273,7 @@ int server_async_test(int argc, char** argv)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0)
                     break;
@@ -281,7 +281,7 @@ int server_async_test(int argc, char** argv)
         #endif
             ret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
             err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0) {
             fprintf(stderr, "wolfSSL_read error %d: %s\n",
                     err, wolfSSL_ERR_error_string(err, errBuff));
@@ -308,7 +308,7 @@ int server_async_test(int argc, char** argv)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0)
                     break;
@@ -316,7 +316,7 @@ int server_async_test(int argc, char** argv)
         #endif
             ret = wolfSSL_write(ssl, buff, (int)len);
             err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != (int)len) {
             fprintf(stderr, "wolfSSL_write error %d: %s\n",
                     err, wolfSSL_ERR_error_string(err, errBuff));
diff --git a/examples/async/async_tls.c b/examples/async/async_tls.c
index a68f3b4db..3ab14c4bc 100644
--- a/examples/async/async_tls.c
+++ b/examples/async/async_tls.c
@@ -1,6 +1,6 @@
 /* async-tls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,7 +45,7 @@
 /* This is where you would plug-in calls to your own hardware crypto */
 int AsyncTlsCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 {
-    int ret = CRYPTOCB_UNAVAILABLE; /* return this to bypass HW and use SW */
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); /* bypass HW by default */
     AsyncTlsCryptoCbCtx* myCtx = (AsyncTlsCryptoCbCtx*)ctx;
 
     if (info == NULL)
diff --git a/examples/async/async_tls.h b/examples/async/async_tls.h
index 43b249021..5944f93dc 100644
--- a/examples/async/async_tls.h
+++ b/examples/async/async_tls.h
@@ -1,6 +1,6 @@
 /* async-tls.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c
index 585fa7b2d..9983d3eaf 100644
--- a/examples/benchmark/tls_bench.c
+++ b/examples/benchmark/tls_bench.c
@@ -1,6 +1,6 @@
 /* tls_bench.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,7 +32,6 @@ Or
   bench_tls(args);
 */
 
-
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -40,6 +39,10 @@ Or
     #include <wolfssl/options.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/ssl.h>
@@ -69,7 +72,8 @@ Or
 #endif
 
 /* PTHREAD requires server and client enabled */
-#if defined(NO_WOLFSSL_CLIENT) || defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (defined(NO_WOLFSSL_CLIENT) || defined(NO_WOLFSSL_SERVER))
     #if !defined(SINGLE_THREADED)
         #ifdef __GNUC__  /* GCC compiler */
             #pragma message "PTHREAD requires server and client enabled."
@@ -137,7 +141,7 @@ platform supports it"
 #define SHOW_VERBOSE        0 /* Default output is tab delimited format */
 
 #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
-    !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
+    !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) && defined(USE_WOLFSSL_IO)
 
 /* shutdown message - nice signal to server, we are done */
 static const char* kShutdown = "shutdown";
@@ -288,12 +292,31 @@ static struct group_info groups[] = {
     { WOLFSSL_FFDHE_6144, "FFDHE_6144" },
     { WOLFSSL_FFDHE_8192, "FFDHE_8192" },
 #ifdef HAVE_PQC
+#ifndef WOLFSSL_NO_ML_KEM
+    { WOLFSSL_ML_KEM_512, "ML_KEM_512" },
+    { WOLFSSL_ML_KEM_768, "ML_KEM_768" },
+    { WOLFSSL_ML_KEM_1024, "ML_KEM_1024" },
+    { WOLFSSL_P256_ML_KEM_512,   "P256_ML_KEM_512"   },
+    { WOLFSSL_P384_ML_KEM_768,   "P384_ML_KEM_768"   },
+    { WOLFSSL_P256_ML_KEM_768,   "P256_ML_KEM_768"   },
+    { WOLFSSL_P521_ML_KEM_1024,  "P521_ML_KEM_1024"  },
+    { WOLFSSL_P384_ML_KEM_1024,  "P384_ML_KEM_1024"  },
+    { WOLFSSL_X25519_ML_KEM_512, "X25519_ML_KEM_512" },
+    { WOLFSSL_X448_ML_KEM_768,   "X448_ML_KEM_768"   },
+    { WOLFSSL_X25519_ML_KEM_768, "X25519_ML_KEM_768" },
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
     { WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" },
     { WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" },
-    { WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" },
-    { WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" },
-    { WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" },
+    { WOLFSSL_P256_KYBER_LEVEL1,   "P256_KYBER_LEVEL1"   },
+    { WOLFSSL_P384_KYBER_LEVEL3,   "P384_KYBER_LEVEL3"   },
+    { WOLFSSL_P256_KYBER_LEVEL3,   "P256_KYBER_LEVEL3"   },
+    { WOLFSSL_P521_KYBER_LEVEL5,   "P521_KYBER_LEVEL5"   },
+    { WOLFSSL_X25519_KYBER_LEVEL1, "X25519_KYBER_LEVEL1" },
+    { WOLFSSL_X448_KYBER_LEVEL3,   "X448_KYBER_LEVEL3"   },
+    { WOLFSSL_X25519_KYBER_LEVEL3, "X25519_KYBER_LEVEL3" },
+#endif
 #endif
     { 0, NULL }
 };
@@ -1216,7 +1239,7 @@ exit:
 }
 
 #if !defined(SINGLE_THREADED) && defined(WOLFSSL_THREAD_NO_JOIN)
-static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN client_thread(void* args)
+static THREAD_RETURN_NOJOIN WOLFSSL_THREAD_NO_JOIN client_thread(void* args)
 {
     int ret;
     info_t* info = (info_t*)args;
@@ -1229,7 +1252,7 @@ static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN client_thread(void* args)
     THREAD_CHECK_RET(wolfSSL_CondSignal(&info->to_server.cond));
     THREAD_CHECK_RET(wolfSSL_CondEnd(&info->to_server.cond));
 
-    WOLFSSL_RETURN_FROM_THREAD(0);
+    RETURN_FROM_THREAD_NOJOIN(0);
 }
 #endif /* !SINGLE_THREADED */
 #endif /* !NO_WOLFSSL_CLIENT */
@@ -1661,7 +1684,7 @@ exit:
 }
 
 #if !defined(SINGLE_THREADED) && defined(WOLFSSL_THREAD_NO_JOIN)
-static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN server_thread(void* args)
+static THREAD_RETURN_NOJOIN WOLFSSL_THREAD_NO_JOIN server_thread(void* args)
 {
     int ret = 0;
     info_t* info = (info_t*)args;
@@ -1689,7 +1712,7 @@ static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN server_thread(void* args)
     THREAD_CHECK_RET(wolfSSL_CondSignal(&info->to_client.cond));
     THREAD_CHECK_RET(wolfSSL_CondEnd(&info->to_client.cond));
 
-    WOLFSSL_RETURN_FROM_THREAD(0);
+    RETURN_FROM_THREAD_NOJOIN(0);
 }
 #endif /* !SINGLE_THREADED */
 #endif /* !NO_WOLFSSL_SERVER */
@@ -1816,7 +1839,9 @@ static int SetupSupportedGroups(int verbose)
                     printf("Will benchmark the following group: %s\n",
                        groups[i].name);
                 }
-            } else if (uks_ret == BAD_FUNC_ARG || uks_ret == NOT_COMPILED_IN) {
+            } else if (uks_ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG) ||
+                       uks_ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
+            {
                 groups[i].group = 0;
                 if (verbose) {
                     printf("Will NOT benchmark the following group: %s\n",
@@ -2322,7 +2347,7 @@ int main(int argc, char** argv)
     args.return_code = 0;
 
 #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
-    !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
+    !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) && defined(USE_WOLFSSL_IO)
     bench_tls(&args);
 #endif
 
diff --git a/examples/benchmark/tls_bench.h b/examples/benchmark/tls_bench.h
index 67599cb1c..06822ffb2 100644
--- a/examples/benchmark/tls_bench.h
+++ b/examples/benchmark/tls_bench.h
@@ -1,6 +1,6 @@
 /* tls_bench.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/client/client.c b/examples/client/client.c
index e6724081b..d53068a09 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -1,6 +1,6 @@
 /* client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,6 +32,9 @@
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/ssl.h>
 
 #ifdef WOLFSSL_WOLFSENTRY_HOOKS
@@ -53,7 +56,8 @@ static const char *wolfsentry_config_path = NULL;
 #include <examples/client/client.h>
 #include <wolfssl/error-ssl.h>
 
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
+
 
 #ifdef NO_FILESYSTEM
 #ifdef NO_RSA
@@ -183,10 +187,10 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl)
     while (ret != WOLFSSL_SUCCESS &&
         (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || error == WC_PENDING_E
+            || error == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         #ifdef WOLFSSL_NONBLOCK_OCSP
-            || error == OCSP_WANT_READ
+            || error == WC_NO_ERR_TRACE(OCSP_WANT_READ)
         #endif
     )) {
         int currTimeout = 1;
@@ -197,7 +201,7 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl)
             printf("... client would write block\n");
 
 #ifdef WOLFSSL_ASYNC_CRYPT
-        if (error == WC_PENDING_E) {
+        if (error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) break;
         }
@@ -221,10 +225,10 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl)
         if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
             || (select_ret == TEST_ERROR_READY)
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || error == WC_PENDING_E
+            || error == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         #ifdef WOLFSSL_NONBLOCK_OCSP
-            || error == OCSP_WANT_READ
+            || error == WC_NO_ERR_TRACE(OCSP_WANT_READ)
         #endif
         ) {
         #ifndef WOLFSSL_CALLBACKS
@@ -324,12 +328,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_X25519;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve x25519");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         }
         else if (useX448) {
@@ -339,12 +343,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_X448;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve x448");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         }
         else {
@@ -355,12 +359,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_SECP256R1;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve secp256r1");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         #endif
         #ifdef WOLFSSL_SM2
             do {
@@ -368,12 +372,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_SM2P256V1;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve sm2p256v1");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         #endif
     #endif
         }
@@ -385,12 +389,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             if (ret == WOLFSSL_SUCCESS)
                 groups[count++] = WOLFSSL_FFDHE_2048;
         #ifdef WOLFSSL_ASYNC_CRYPT
-            else if (ret == WC_PENDING_E)
+            else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
         #endif
             else
                 err_sys("unable to use DH 2048-bit parameters");
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
     }
     #ifdef HAVE_PQC
@@ -398,24 +402,128 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
         if (usePqc) {
             int group = 0;
 
+    #ifndef WOLFSSL_NO_ML_KEM
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) {
+                group = WOLFSSL_ML_KEM_512;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) {
+                group = WOLFSSL_ML_KEM_768;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) {
+                group = WOLFSSL_ML_KEM_1024;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) {
+                group = WOLFSSL_P256_ML_KEM_512;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) {
+                group = WOLFSSL_P384_ML_KEM_768;
+            }
+            else if (XSTRCMP(pqcAlg, "P256_ML_KEM_768") == 0) {
+                group = WOLFSSL_P256_ML_KEM_768;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) {
+                group = WOLFSSL_P521_ML_KEM_1024;
+            }
+            else if (XSTRCMP(pqcAlg, "P384_ML_KEM_1024") == 0) {
+                group = WOLFSSL_P384_ML_KEM_1024;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_ML_KEM_512") == 0) {
+                group = WOLFSSL_X25519_ML_KEM_512;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_ML_KEM_768") == 0) {
+                group = WOLFSSL_X25519_ML_KEM_768;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448)
+            if (XSTRCMP(pqcAlg, "X448_ML_KEM_768") == 0) {
+                group = WOLFSSL_X448_ML_KEM_768;
+            }
+            else
+        #endif
+    #endif /* WOLFSSL_NO_ML_KEM */
+    #ifdef WOLFSSL_MLKEM_KYBER
+        #ifndef WOLFSSL_NO_KYBER512
             if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
                 group = WOLFSSL_KYBER_LEVEL1;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
                 group = WOLFSSL_KYBER_LEVEL3;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
                 group = WOLFSSL_KYBER_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER512
+            if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
                 group = WOLFSSL_P256_KYBER_LEVEL1;
             }
-            else if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
                 group = WOLFSSL_P384_KYBER_LEVEL3;
             }
-            else if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
+            else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL3") == 0) {
+                group = WOLFSSL_P256_KYBER_LEVEL3;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
                 group = WOLFSSL_P521_KYBER_LEVEL5;
-            } else {
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_KYBER512) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL1") == 0) {
+                group = WOLFSSL_X25519_KYBER_LEVEL1;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL3") == 0) {
+                group = WOLFSSL_X25519_KYBER_LEVEL3;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE448)
+            if (XSTRCMP(pqcAlg, "X448_KYBER_LEVEL3") == 0) {
+                group = WOLFSSL_X448_KYBER_LEVEL3;
+            }
+            else
+        #endif
+    #endif /* WOLFSSL_MLKEM_KYBER */
+            {
                 err_sys("invalid post-quantum KEM specified");
             }
 
@@ -452,13 +560,13 @@ static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
         if (ret <= 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != msgSz) {
         LOG_ERROR("SSL_write_early_data msg error %d, %s\n", err,
                                          wolfSSL_ERR_error_string((unsigned long)err, buffer));
@@ -564,14 +672,14 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
                 if (ret != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         /* returns the number of polled items or <0 for error */
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         #ifdef WOLFSSL_EARLY_DATA
             EarlyDataStatus(ssl);
         #endif
@@ -668,13 +776,13 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
         if (ret != WOLFSSL_SUCCESS) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret == WOLFSSL_SUCCESS) {
         /* Perform throughput test */
         char *tx_buffer, *rx_buffer;
@@ -720,13 +828,13 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
                         if (ret <= 0) {
                             err = wolfSSL_get_error(ssl, 0);
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
                         #endif
                         }
-                    } while (err == WC_PENDING_E);
+                    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
                     if (ret != len) {
                         LOG_ERROR("SSL_write bench error %d!\n", err);
                         if (!exitWithRet)
@@ -746,7 +854,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
                             if (ret <= 0) {
                                 err = wolfSSL_get_error(ssl, 0);
                             #ifdef WOLFSSL_ASYNC_CRYPT
-                                if (err == WC_PENDING_E) {
+                                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                     if (ret < 0) break;
                                 }
@@ -767,9 +875,9 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
 
                     /* Compare TX and RX buffers */
                     if (XMEMCMP(tx_buffer, rx_buffer, (size_t)len) != 0) {
-                        free(tx_buffer);
+                        XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                         tx_buffer = NULL;
-                        free(rx_buffer);
+                        XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                         rx_buffer = NULL;
                         err_sys("Compare TX and RX buffers failed");
                     }
@@ -909,13 +1017,13 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
         if (ret < 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != (int)XSTRLEN(starttlsCmd[5])) {
         err_sys("failed to send SMTP QUIT command\n");
     }
@@ -926,13 +1034,13 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
         if (ret < 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         err_sys("failed to read SMTP closing down response\n");
     }
@@ -965,7 +1073,7 @@ static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str
         if (ret <= 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
@@ -974,7 +1082,7 @@ static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str
     } while (err == WOLFSSL_ERROR_WANT_WRITE ||
              err == WOLFSSL_ERROR_WANT_READ
     #ifdef WOLFSSL_ASYNC_CRYPT
-        || err == WC_PENDING_E
+        || err == WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     );
     if (ret != msgSz) {
@@ -1002,14 +1110,16 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
         if (ret <= 0) {
             err = wolfSSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
             else
         #endif
             if (err != WOLFSSL_ERROR_WANT_READ &&
-                    err != WOLFSSL_ERROR_WANT_WRITE && err != APP_DATA_READY) {
+                    err != WOLFSSL_ERROR_WANT_WRITE &&
+                    err != WC_NO_ERR_TRACE(APP_DATA_READY))
+            {
                 LOG_ERROR("SSL_read reply error %d, %s\n", err,
                                          wolfSSL_ERR_error_string((unsigned long)err, buffer));
                 if (!exitWithRet) {
@@ -1034,9 +1144,9 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
     } while ((mustRead && err == WOLFSSL_ERROR_WANT_READ)
         || err == WOLFSSL_ERROR_WANT_WRITE
     #ifdef WOLFSSL_ASYNC_CRYPT
-        || err == WC_PENDING_E
+        || err == WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
-        || err == APP_DATA_READY
+        || err == WC_NO_ERR_TRACE(APP_DATA_READY)
     );
     if (ret > 0) {
         reply[ret] = 0; /* null terminate */
@@ -1221,28 +1331,32 @@ static const char* client_usage_msg[][78] = {
  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
         "-W <num>    Use OCSP Stapling (1 v1, 2 v2, 3 v2 multi)\n",     /* 41 */
         "            With 'm' at end indicates MUST staple\n",          /* 42 */
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI)
+        "            -W 1 -v 4, Perform multi OCSP stapling for TLS13\n",
+                                                                        /* 43 */
+#endif
 #endif
 #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
-        "-U          Atomic User Record Layer Callbacks\n",             /* 43 */
+        "-U          Atomic User Record Layer Callbacks\n",             /* 44 */
 #endif
 #ifdef HAVE_PK_CALLBACKS
-        "-P          Public Key Callbacks\n",                           /* 44 */
+        "-P          Public Key Callbacks\n",                           /* 45 */
 #endif
 #ifdef HAVE_ANON
-        "-a          Anonymous client\n",                               /* 45 */
+        "-a          Anonymous client\n",                               /* 46 */
 #endif
 #ifdef HAVE_CRL
-        "-C          Disable CRL\n",                                    /* 46 */
+        "-C          Disable CRL\n",                                    /* 47 */
 #endif
 #ifdef WOLFSSL_TRUST_PEER_CERT
-        "-E <file>   Path to load trusted peer cert\n",                 /* 47 */
+        "-E <file>   Path to load trusted peer cert\n",                 /* 48 */
 #endif
 #ifdef HAVE_WNR
-        "-q <file>   Whitewood config file,      defaults\n",           /* 48 */
+        "-q <file>   Whitewood config file,      defaults\n",           /* 49 */
 #endif
         "-H <arg>    Internal tests"
-            " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */
-        "                            loadSSL, disallowETM]\n",          /* 50 */
+            " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n"
+            "                            loadSSL, disallowETM]\n",      /* 50 */
 #ifdef WOLFSSL_TLS13
         "-J          Use HelloRetryRequest to choose group for KE\n",   /* 51 */
         "-K          Key Exchange for PSK not using (EC)DHE\n",         /* 52 */
@@ -1278,52 +1392,72 @@ static const char* client_usage_msg[][78] = {
 #ifdef HAVE_TRUSTED_CA
         "-5          Use Trusted CA Key Indication\n",                  /* 63 */
 #endif
-        "-6          Simulate WANT_WRITE errors on every other IO send\n",
+        "-6          Simulate WANT_WRITE errors on every other IO send\n", /* 64 */
 #ifdef HAVE_CURVE448
-        "-8          Use X448 for key exchange\n",                      /* 66 */
+        "-8          Use X448 for key exchange\n",                      /* 65 */
 #endif
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
     !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
         "-9          Use hash dir look up for certificate loading\n"
-        "            loading from <wolfSSL home>/certs folder\n"
-        "            files in the folder would have the form \"hash.N\" file name\n"
-        "            e.g symbolic link to the file at certs folder\n"
-        "            ln -s ca-cert.pem  `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
-                                                                        /* 67 */
+            "            loading from <wolfSSL home>/certs folder\n"
+            "            files in the folder would have the form \"hash.N\" file name\n"
+            "            e.g symbolic link to the file at certs folder\n"
+            "            ln -s ca-cert.pem  `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
+                                                                        /* 66 */
 #endif
 #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
     !defined(WOLFSENTRY_NO_JSON)
         "--wolfsentry-config <file>    Path for JSON wolfSentry config\n",
-                                                                        /* 68 */
+                                                                        /* 67 */
 #endif
 #ifndef WOLFSSL_TLS13
         "-7          Set minimum downgrade protocol version [0-3] "
         " SSLv3(0) - TLS1.2(3)\n",
 #else
         "-7          Set minimum downgrade protocol version [0-4] "
-           " SSLv3(0) - TLS1.3(4)\n",                                   /* 69 */
+           " SSLv3(0) - TLS1.3(4)\n",                                   /* 68 */
 #endif
 #ifdef HAVE_PQC
-        "--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n",  /* 70 */
+        "--pqc <alg> Key Share with specified post-quantum algorithm only:\n"
+#ifndef WOLFSSL_NO_ML_KEM
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
+            "\n"
+            "            P384_ML_KEM_768, P256_ML_KEM_768, P521_ML_KEM_1024,\n"
+            "            P384_ML_KEM_1024, X25519_ML_KEM_512, "
+            "X25519_ML_KEM_768,\n"
+            "            X448_ML_KEM_768\n"
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+            "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
+            "P256_KYBER_LEVEL1,\n"
+            "            P384_KYBER_LEVEL3, P256_KYBER_LEVEL3, "
+            "P521_KYBER_LEVEL5,\n"
+            "            X25519_KYBER_LEVEL1, X25519_KYBER_LEVEL3, "
+            "X448_KYBER_LEVEL3\n"
+#endif
+            "",
+                                                                        /* 69 */
 #endif
 #ifdef WOLFSSL_SRTP
-        "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 71 */
+        "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 70 */
 #endif
 #ifdef WOLFSSL_SYS_CA_CERTS
-        "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */
+        "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */
 #endif
 #ifdef HAVE_SUPPORTED_CURVES
-        "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 73 */
+        "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 72 */
 #endif
 #ifndef NO_PSK
-        "--openssl-psk  Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */
+        "--openssl-psk  Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */
 #endif
 #ifdef HAVE_RPK
-        "--rpk  Use RPK for the defined certificates\n", /* 75 */
+        "--rpk  Use RPK for the defined certificates\n", /* 74 */
+#endif
+        "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */
+#ifdef WOLFSSL_SYS_CRYPTO_POLICY
+        "--crypto-policy  <path to crypto policy file>\n", /* 76 */
 #endif
-        "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */
         "\n"
            "For simpler wolfSSL TLS client examples, visit\n"
            "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */
@@ -1448,30 +1582,34 @@ static const char* client_usage_msg[][78] = {
  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
         "-W <num>    OCSP Staplingを使用する"
                                          " (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */
-        "            'm' を最後に指定すると必ず staple を使用する\n"    /* 42 */
+        "            'm' を最後に指定すると必ず staple を使用する\n"       /* 42 */
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI)
+        "            -W 1 -v 4, "
+        "TLS13 使用時に複数(Multi)の OCSP を実施します\n"                   /* 43 */
+#endif
 #endif
 #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
         "-U          アトミック・ユーザー記録の"
-                                           "コールバックを利用する\n",  /* 43 */
+                                           "コールバックを利用する\n",  /* 44 */
 #endif
 #ifdef HAVE_PK_CALLBACKS
-        "-P          公開鍵コールバック\n",                             /* 44 */
+        "-P          公開鍵コールバック\n",                             /* 45 */
 #endif
 #ifdef HAVE_ANON
-        "-a          匿名クライアント\n",                               /* 45 */
+        "-a          匿名クライアント\n",                               /* 46 */
 #endif
 #ifdef HAVE_CRL
-        "-C          CRLを無効\n",                                      /* 46 */
+        "-C          CRLを無効\n",                                      /* 47 */
 #endif
 #ifdef WOLFSSL_TRUST_PEER_CERT
-        "-E <file>   信頼出来るピアの証明書ロードの為のパス\n",         /* 47 */
+        "-E <file>   信頼出来るピアの証明書ロードの為のパス\n",         /* 48 */
 #endif
 #ifdef HAVE_WNR
-        "-q <file>   Whitewood コンフィグファイル,      既定値\n",      /* 48 */
+        "-q <file>   Whitewood コンフィグファイル,      既定値\n",      /* 49 */
 #endif
         "-H <arg>    内部テスト"
-        " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */
-        "                            loadSSL, disallowETM]\n",          /* 50 */
+            " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n"
+            "                            loadSSL, disallowETM]\n",  /* 50 */
 #ifdef WOLFSSL_TLS13
         "-J          HelloRetryRequestをKEのグループ選択に使用する\n",  /* 51 */
         "-K          鍵交換にPSKを使用、(EC)DHEは使用しない\n",         /* 52 */
@@ -1508,9 +1646,9 @@ static const char* client_usage_msg[][78] = {
 #ifdef HAVE_TRUSTED_CA
         "-5          信頼できる認証局の鍵表示を使用する\n",             /* 63 */
 #endif
-        "-6          WANT_WRITE エラーを全てのIO 送信でシミュレートします\n",
+        "-6          WANT_WRITE エラーを全てのIO 送信でシミュレートします\n", /* 64 */
 #ifdef HAVE_CURVE448
-        "-8          鍵交換に X448 を使用する\n",                      /* 66 */
+        "-8          鍵交換に X448 を使用する\n",                      /* 65 */
 #endif
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
@@ -1520,40 +1658,54 @@ static const char* client_usage_msg[][78] = {
         "            フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
         "            以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
         "            ln -s ca-cert.pem  `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
-                                                                        /* 67 */
+                                                                        /* 66 */
 #endif
 #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
     !defined(WOLFSENTRY_NO_JSON)
         "--wolfsentry-config <file>    wolfSentry コンフィグファイル\n",
-                                                                      /* 68 */
+                                                                      /* 67 */
 #endif
 #ifndef WOLFSSL_TLS13
         "-7          最小ダウングレード可能なプロトコルバージョンを設定します [0-3] "
         " SSLv3(0) - TLS1.2(3)\n",
 #else
         "-7          最小ダウングレード可能なプロトコルバージョンを設定します [0-4] "
-        " SSLv3(0) - TLS1.3(4)\n",                            /* 69 */
+        " SSLv3(0) - TLS1.3(4)\n",                            /* 68 */
 #endif
 #ifdef HAVE_PQC
-        "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */
+        "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ:\n"
+#ifndef WOLFSSL_NO_ML_KEM
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
+            "\n"
+            "            P384_ML_KEM_768, P521_ML_KEM_1024\n"
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+            "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
+            "P256_KYBER_LEVEL1,\n"
+            "            P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
+#endif
+            "",
+                                                                        /* 69 */
 #endif
 #ifdef WOLFSSL_SRTP
-        "--srtp <profile> (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 71 */
+        "--srtp <profile> (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 70 */
 #endif
 #ifdef WOLFSSL_SYS_CA_CERTS
-        "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */
+        "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */
 #endif
 #ifdef HAVE_SUPPORTED_CURVES
-        "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 73 */
+        "--onlyPskDheKe Must use DHE key exchange with PSK\n",          /* 72 */
 #endif
 #ifndef NO_PSK
-        "--openssl-psk  Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */
+        "--openssl-psk  Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */
 #endif
 #ifdef HAVE_RPK
-        "--rpk  Use RPK for the defined certificates\n", /* 75 */
+        "--rpk  Use RPK for the defined certificates\n", /* 74 */
+#endif
+        "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */
+#ifdef WOLFSSL_SYS_CRYPTO_POLICY
+        "--crypto-policy  <path to crypto policy file>\n", /* 76 */
 #endif
-        "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */
         "\n"
         "より簡単なwolfSSL TLS クライアントの例については"
                                          "下記にアクセスしてください\n"
@@ -1822,7 +1974,7 @@ static int client_srtp_test(WOLFSSL *ssl, func_args *args)
 
     ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
                                                    &srtp_secret_length);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         LOG_ERROR("DTLS SRTP: Error getting keying material length\n");
         return ret;
     }
@@ -1974,6 +2126,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         { "rpk", 0, 267 },
 #endif /* HAVE_RPK */
         { "files-are-der", 0, 268 },
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+        { "crypto-policy", 1, 269 },
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
         { 0, 0, 0 }
     };
 #endif
@@ -2118,6 +2273,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     int useRPK = 0;
 #endif /* HAVE_RPK */
     int fileFormat = WOLFSSL_FILETYPE_PEM;
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    const char * policy = NULL;
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 
     char buffer[WOLFSSL_MAX_ERROR_SZ];
 
@@ -2296,7 +2455,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                     err_sys("provided connection ID is too big");
                 }
                 else {
-                    strcpy(dtlsCID, myoptarg);
+                    XSTRLCPY(dtlsCID, myoptarg, DTLS_CID_BUFFER_SIZE);
                 }
             }
             break;
@@ -2404,7 +2563,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 }
                 else if (XSTRCMP(myoptarg, "verifyInfo") == 0) {
                     printf("Verify should not override error\n");
-                    myVerifyAction = VERIFY_USE_PREVERFIY;
+                    myVerifyAction = VERIFY_USE_PREVERIFY;
                 }
                 else if (XSTRCMP(myoptarg, "useSupCurve") == 0) {
                     printf("Attempting to test use supported curve\n");
@@ -2837,6 +2996,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             case 268:
                 fileFormat = WOLFSSL_FILETYPE_ASN1;
                 break;
+            case 269:
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+                policy = myoptarg;
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+                break;
+
             default:
                 Usage();
                 XEXIT_T(MY_EX_USAGE);
@@ -3064,6 +3229,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     if (method == NULL)
         err_sys("unable to get method");
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (policy != NULL) {
+        if (wolfSSL_crypto_policy_enable(policy) != WOLFSSL_SUCCESS) {
+            err_sys("wolfSSL_crypto_policy_enable failed");
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 
 #ifdef WOLFSSL_STATIC_MEMORY
     #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
@@ -3159,7 +3331,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #ifdef WOLFSSL_SRTP
     if (dtlsSrtpProfiles != NULL) {
         if (wolfSSL_CTX_set_tlsext_use_srtp(ctx, dtlsSrtpProfiles)
-                                                           != WOLFSSL_SUCCESS) {
+                                                           != 0) {
             err_sys("unable to set DTLS SRTP profile");
         }
     }
@@ -3204,7 +3376,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
                                                            defined(WOLFSSL_DTLS)
     if (dtlsMTU)
-        wolfSSL_CTX_dtls_set_mtu(ctx, dtlsMTU);
+        wolfSSL_CTX_dtls_set_mtu(ctx, (unsigned short)dtlsMTU);
 #endif
 
 #ifndef NO_DH
@@ -3477,7 +3649,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     #endif
     }
     if (useVerifyCb || myVerifyAction == VERIFY_FORCE_FAIL ||
-            myVerifyAction == VERIFY_USE_PREVERFIY) {
+            myVerifyAction == VERIFY_USE_PREVERIFY) {
         wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
     }
     else if (!usePsk && !useAnon && doPeerCheck == 0) {
@@ -3671,7 +3843,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
 #ifndef NO_PSK
     if (usePsk) {
-    #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(TEST_PSK_USE_SESSION)
+    #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
+        defined(TEST_PSK_USE_SESSION)
         SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb);
     #endif
     }
@@ -3962,13 +4135,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             if (ret != WOLFSSL_SUCCESS) {
                 err = wolfSSL_get_error(ssl, 0);
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_PENDING_E) {
+                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     if (ret < 0) break;
                 }
             #endif
             }
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     }
 #else
     timeoutConnect.tv_sec  = DEFAULT_TIMEOUT_SEC;
@@ -4149,7 +4322,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         if (err == WOLFSSL_SUCCESS)
             printf("Received ALPN protocol : %s (%d)\n",
                    protocol_name, protocol_nameSz);
-        else if (err == WOLFSSL_ALPN_NOT_FOUND)
+        else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
             printf("No ALPN response received (no match with server)\n");
         else
             printf("Getting ALPN protocol name failed\n");
@@ -4163,10 +4336,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
         printf("CID extension was negotiated\n");
         ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
-        if (ret != WOLFSSL_SUCCESS)
-            err_sys("Can't get negotiated DTLS CID size\n");
-
-        if (receivedCIDSz > 0) {
+        if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) {
             ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
                 DTLS_CID_BUFFER_SIZE - 1);
             if (ret != WOLFSSL_SUCCESS)
@@ -4205,12 +4375,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                         else {
                             do {
                             #ifdef WOLFSSL_ASYNC_CRYPT
-                                if (err == WC_PENDING_E) {
+                                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                     if (ret < 0) break;
                                 }
                             #endif
-                                if (err == APP_DATA_READY) {
+                                if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
                                     if (wolfSSL_read(ssl, reply,
                                             sizeof(reply)-1) < 0) {
                                         err_sys("APP DATA should be present "
@@ -4226,9 +4396,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                                 }
                             } while (ret != WOLFSSL_SUCCESS &&
                                     (err == WOLFSSL_ERROR_WANT_READ ||
-                                        err == WOLFSSL_ERROR_WANT_WRITE ||
-                                        err == APP_DATA_READY ||
-                                        err == WC_PENDING_E));
+                                     err == WOLFSSL_ERROR_WANT_WRITE ||
+                                     err == WC_NO_ERR_TRACE(APP_DATA_READY) ||
+                                     err == WC_NO_ERR_TRACE(WC_PENDING_E)));
                         }
 
                         if (ret == WOLFSSL_SUCCESS) {
@@ -4255,12 +4425,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(ssl, 0);
 #ifdef WOLFSSL_ASYNC_CRYPT
-                    while (err == WC_PENDING_E) {
+                    while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         err = 0;
                         ret = wolfSSL_negotiate(ssl);
                         if (ret != WOLFSSL_SUCCESS) {
                             err = wolfSSL_get_error(ssl, 0);
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
@@ -4285,12 +4455,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 if ((ret = wolfSSL_SecureResume(ssl)) != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(ssl, 0);
 #ifdef WOLFSSL_ASYNC_CRYPT
-                    while (err == WC_PENDING_E) {
+                    while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         err = 0;
                         ret = wolfSSL_negotiate(ssl);
                         if (ret != WOLFSSL_SUCCESS) {
                             err = wolfSSL_get_error(ssl, 0);
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
@@ -4554,14 +4724,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 if (ret != WOLFSSL_SUCCESS) {
                     err = wolfSSL_get_error(sslResume, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(sslResume,
                                                     WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         }
 #else
         timeoutConnect.tv_sec  = DEFAULT_TIMEOUT_SEC;
@@ -4596,7 +4766,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             if (err == WOLFSSL_SUCCESS)
                 printf("Received ALPN protocol : %s (%d)\n",
                        protocol_name, protocol_nameSz);
-            else if (err == WOLFSSL_ALPN_NOT_FOUND)
+            else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
                 printf("Not received ALPN response (no match with server)\n");
             else
                 printf("Getting ALPN protocol name failed\n");
@@ -4718,7 +4888,7 @@ exit:
     WOLFSSL_RETURN_FROM_THREAD(0);
 }
 
-#endif /* !NO_WOLFSSL_CLIENT */
+#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */
 
 
 /* so overall tests can pull in test function */
@@ -4728,7 +4898,6 @@ exit:
     {
         func_args args;
 
-
         StartTCP();
 
 #if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND)
@@ -4744,7 +4913,7 @@ exit:
         wolfSSL_Init();
         ChangeToWolfRoot();
 
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
 #ifdef HAVE_STACK_SIZE
         StackSizeCheck(&args, client_test);
 #else
diff --git a/examples/client/client.h b/examples/client/client.h
index 09581fcac..377bfed36 100644
--- a/examples/client/client.h
+++ b/examples/client/client.h
@@ -1,6 +1,6 @@
 /* client.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/client/client.vcxproj b/examples/client/client.vcxproj
index 3f5c79a05..0843627d5 100644
--- a/examples/client/client.vcxproj
+++ b/examples/client/client.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{3ADE9549-582D-4D8E-9826-B172197A7959}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -111,6 +155,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="client.c" />
   </ItemGroup>
diff --git a/examples/configs/include.am b/examples/configs/include.am
index 0319d21d8..ab2453412 100644
--- a/examples/configs/include.am
+++ b/examples/configs/include.am
@@ -5,6 +5,8 @@ EXTRA_DIST += examples/configs/README.md
 EXTRA_DIST += examples/configs/user_settings_all.h
 EXTRA_DIST += examples/configs/user_settings_arduino.h
 EXTRA_DIST += examples/configs/user_settings_EBSnet.h
+EXTRA_DIST += examples/configs/user_settings_eccnonblock.h
+EXTRA_DIST += examples/configs/user_settings_espressif.h
 EXTRA_DIST += examples/configs/user_settings_fipsv2.h
 EXTRA_DIST += examples/configs/user_settings_fipsv5.h
 EXTRA_DIST += examples/configs/user_settings_min_ecc.h
diff --git a/examples/configs/user_settings_EBSnet.h b/examples/configs/user_settings_EBSnet.h
index dacd02af0..e7255bf5a 100644
--- a/examples/configs/user_settings_EBSnet.h
+++ b/examples/configs/user_settings_EBSnet.h
@@ -1,6 +1,6 @@
 /* user_settings_EBSnet.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_all.h b/examples/configs/user_settings_all.h
index 9340ea38c..fd8724582 100644
--- a/examples/configs/user_settings_all.h
+++ b/examples/configs/user_settings_all.h
@@ -1,6 +1,6 @@
 /* user_settings_all.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_arduino.h b/examples/configs/user_settings_arduino.h
index 178511ed0..8ff2d8c3b 100644
--- a/examples/configs/user_settings_arduino.h
+++ b/examples/configs/user_settings_arduino.h
@@ -1,6 +1,6 @@
 /* examples/configs/user_settings_arduino.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,11 +21,18 @@
 
 /* This is a sample Arduino user_settings.h for wolfSSL
   >> Edit with caution. This is the file copied to wolfSSL Arduino library.
-  >> at publish time. (lines with ">>" are removed)
+  >> at publish time. (lines with ">>" are removed at publish time)
 */
 
 /* Define a macro to display user settings version in example code: */
-#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.6.7"
+#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.7.6"
+
+/* Disable wolfcrypt cryptographic security hardening. Comment out to enable: */
+/* #define WC_NO_HARDEN */
+
+/* Instead, we harden ECC and RSA */
+#define ECC_TIMING_RESISTANT
+#define WC_RSA_BLINDING
 
 /* Due to limited build control, we'll ignore file warnings. */
 /* See https://github.com/arduino/arduino-cli/issues/631     */
@@ -39,6 +46,7 @@
 #undef  WOLFSSL_ESPIDF
 
 #define HAVE_ECC
+
 #define WOLFSSL_SMALL_STACK
 /* #define WOLFSSL_SMALL_STACK_EXTRA    */
 /* #define WOLFSSL_SMALL_STACK_CIPHERS  */
@@ -76,17 +84,27 @@
  *    WOLFSSL_CLIENT_EXAMPLE
  *    WOLFSSL_SERVER_EXAMPLE
  */
+
+/* The examples must be manually selected here: */
+
 #if defined(WOLFSSL_CLIENT_EXAMPLE)
     #define NO_WOLFSSL_SERVER
 #elif defined(WOLFSSL_SERVER_EXAMPLE)
     #define NO_WOLFSSL_CLIENT
+#elif defined(WOLFSSL_TEMPLATE_EXAMPLE)
+    #define NO_WOLFSSL_SERVER
+    #define NO_WOLFSSL_CLIENT
+#elif defined(WOLFSSL_AES_CTR_EXAMPLE)
+    #define NO_WOLFSSL_SERVER
+    #define NO_WOLFSSL_CLIENT
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
 #else
     /* Provide a hint to application that neither WOLFSSL_CLIENT_EXAMPLE
      * or WOLFSSL_SERVER_EXAMPLE macro hint was desired but not found. */
     #define NO_WOLFSSL_SERVER_CLIENT_MISSING
-    #warning "Define WOLFSSL_CLIENT_EXAMPLE or WOLFSSL_SERVER_EXAMPLE to" \
-             " optimize memory for small embedded devices."
-    /* Both can be disabled in wolfssl test & benchmark */
+
+    /* By default all examples are enabled; no specific optimizations */
 #endif
 
 
@@ -114,8 +132,8 @@
 /* #define HAVE_PKCS7 */
 
 /* when you want to use AES counter mode */
-/* #define WOLFSSL_AES_DIRECT */
-/* #define WOLFSSL_AES_COUNTER */
+#define WOLFSSL_AES_DIRECT
+#define WOLFSSL_AES_COUNTER
 
 /* esp32-wroom-32se specific definition */
 #if defined(WOLFSSL_ESPWROOM32SE)
@@ -354,7 +372,7 @@
 */
 
 /* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
-/* The section below defines macros used in typically all of the wolfSSL
+ * The section below defines macros used in typically all of the wolfSSL
  * examples such as the client and server for certs stored in header files.
  *
  * There are various certificate examples in this header file:
diff --git a/examples/configs/user_settings_eccnonblock.h b/examples/configs/user_settings_eccnonblock.h
new file mode 100644
index 000000000..f4b2e5960
--- /dev/null
+++ b/examples/configs/user_settings_eccnonblock.h
@@ -0,0 +1,137 @@
+/* user_settings_eccnonblock.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Example wolfSSL user_settings.h file for ECC only non-blocking crypto.
+ * See doc/dox_comments/header_files/ecc.h wc_ecc_set_nonblock for example.
+ */
+
+/* Settings based on this configure:
+./configure --enable-cryptonly --enable-ecc=nonblock --with-eccminsz=256 \
+    --enable-sp=nonblock,ec256,nomalloc --enable-sp-math --disable-sp-asm \
+    --disable-rsa --disable-dh \
+    CFLAGS="-DWOLFSSL_DEBUG_NONBLOCK -DSP_WORD_SIZE=32 -DECC_USER_CURVES \
+            -DWOLFSSL_PUBLIC_MP"
+*/
+
+/* Tested using:
+cp ./examples/configs/user_settings_eccnonblock.h user_settings.h
+./configure --enable-usersettings --enable-debug --disable-examples
+make
+./wolfcrypt/test/test/wolfcrypt
+*/
+
+/* Example test results:
+ecc_test_curve keySize = 32
+ECC non-block sign: 12301 times
+ECC non-block verify: 24109 times
+ECC non-block key gen: 11784 times
+ECC non-block shared secret: 11783 times
+
+ecc_test_curve keySize = 48
+ECC non-block sign: 18445 times
+ECC non-block verify: 36141 times
+ECC non-block key gen: 17672 times
+ECC non-block shared secret: 17671 times
+
+ecc_test_curve keySize = 66
+ECC non-block sign: 25021 times
+ECC non-block verify: 49019 times
+ECC non-block key gen: 23974 times
+ECC non-block shared secret: 23973 times
+*/
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Choose the ECC curve */
+#define ECC_USER_CURVES /* Manually specify curves enabled */
+#if   1 /* SECP256R1 */
+    #define ECC_MIN_KEY_SZ 256
+#elif 1 /* SECP384R1 */
+    #define HAVE_ECC384
+    #define NO_ECC256
+    #define ECC_MIN_KEY_SZ 384
+    #define WOLFSSL_SP_NO_256
+    #define WOLFSSL_SP_384
+#else /* SECP521R1 */
+    #define HAVE_ECC521
+    #define NO_ECC256
+    #define ECC_MIN_KEY_SZ 521
+    #define WOLFSSL_SP_NO_256
+    #define WOLFSSL_SP_521
+#endif
+
+/* Features */
+#define WOLFCRYPT_ONLY
+#define WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_PUBLIC_MP /* expose mp_ math API's */
+#define HAVE_HASHDRBG /* enable hash based pseudo RNG */
+
+/* ECC */
+#define HAVE_ECC
+#define WC_ECC_NONBLOCK
+#define ECC_TIMING_RESISTANT
+
+/* Math options */
+/* sp_c32.c */
+#define SP_WORD_SIZE 32
+#define WOLFSSL_HAVE_SP_ECC
+#define WOLFSSL_SP_SMALL
+#define WOLFSSL_SP_NO_MALLOC
+#define WOLFSSL_SP_NONBLOCK
+#define WOLFSSL_SP_MATH /* forces only single precision */
+
+/* Hashing */
+#define WOLFSL_SHA512
+#define WOLFSL_SHA384
+#undef NO_SHA256
+
+/* Debugging */
+#if 1
+    #undef  DEBUG_WOLFSSL
+    #define DEBUG_WOLFSSL
+    #define WOLFSSL_DEBUG_NONBLOCK
+#endif
+
+/* Disabled algorithms */
+#define NO_OLD_TLS
+#define NO_RSA
+#define NO_DH
+#define NO_PSK
+#define NO_MD4
+#define NO_MD5
+#define NO_SHA
+#define NO_DSA
+#define NO_DES3
+#define NO_RC4
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
diff --git a/examples/configs/user_settings_espressif.h b/examples/configs/user_settings_espressif.h
new file mode 100644
index 000000000..8f598aff5
--- /dev/null
+++ b/examples/configs/user_settings_espressif.h
@@ -0,0 +1,1098 @@
+/* wolfssl-component include/user_settings.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
+
+/* Examples such as test and benchmark are known to cause watchdog timeouts.
+ * Note this is often set in project Makefile:
+ * CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
+#define WOLFSSL_ESP_NO_WATCHDOG 1
+
+/* The Espressif project config file. See also sdkconfig.defaults */
+#include "sdkconfig.h"
+
+/* This user_settings.h is for Espressif ESP-IDF
+ *
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ *
+ * Do not include any wolfssl headers here.
+ *
+ * When editing this file:
+ * ensure all examples match. The template example is the reference.
+ */
+
+/* Naming convention: (see also esp32-crypt.h for the reference source).
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+#undef  WOLFSSL_ESPIDF
+#define WOLFSSL_ESPIDF
+
+/* Test various user_settings between applications by selecting example apps
+ * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
+
+/* Turn on messages that are useful to see only in examples. */
+#define WOLFSSL_EXAMPLE_VERBOSITY
+
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+/* wolfSSL Examples: set macros used in example applications.
+ *
+ * These Settings NOT available in ESP-IDF (e.g. esp-tls)
+ *
+ * Any settings needed by ESP-IDF components should be explicitly set,
+ * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
+ *
+ * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
+#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define TEST_ESPIDF_ALL_WOLFSSL
+
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
+    /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
+    /* #define USE_WOLFSSL_ESP_SDK_WIFI */
+    #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
+    /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfSSH Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
+    /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
+    /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfMQTT Examples */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
+    /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* wolfTPM Examples */
+#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
+    /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Apple HomeKit Examples */
+#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+    /* See https://github.com/AchimPieters/esp32-homekit-demo */
+
+/* no example selected */
+#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
+    /* We'll assume the app needs to use wolfSSL sdk lib function */
+    #define USE_WOLFSSL_ESP_SDK_WIFI
+
+/* Other applications detected by cmake */
+#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+
+#elif defined(APP_ESP_HTTP_CLIENT)
+    /* The ESP-IDF Version */
+    #define FP_MAX_BITS (8192 * 2)
+    #define HAVE_ALPN
+    #define HAVE_SNI
+    #define OPENSSL_EXTRA_X509_SMALL
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+    #define OPENSSL_EXTRA
+    #ifndef WOLFSSL_ALWAYS_VERIFY_CB
+       #define WOLFSSL_ALWAYS_VERIFY_CB
+    #endif
+    #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
+        #define WOLFSSL_VERIFY_CB_ALL_CERTS
+    #endif
+    #ifndef KEEP_PEER_CERT
+        #define KEEP_PEER_CERT
+    #endif
+#else
+    #ifdef WOLFSSL_ESPIDF
+        /* #warning "App config undetected" */
+    #endif
+    /* the code is older or does not have application name defined. */
+#endif /* Example wolfSSL Configuration app settings */
+
+/* Experimental Kyber */
+#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
+    /* Kyber typically needs a minimum 10K stack */
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_HAVE_MLKEM
+    #define WOLFSSL_WC_MLKEM
+    #define WOLFSSL_SHA3
+    #if defined(CONFIG_IDF_TARGET_ESP8266)
+        /* With limited RAM, we'll disable some of the Kyber sizes: */
+        #define WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_NO_KYBER768
+        #define NO_SESSION_CACHE
+    #endif
+#endif
+
+/* Enable AES for all examples */
+#ifdef NO_AES
+    #warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
+#else
+    #define WOLFSSL_AES
+    #define WOLFSSL_AES_COUNTER
+
+    /* Typically only needed for wolfssl_test, see docs. */
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* Pick a cert buffer size: */
+/* #define USE_CERT_BUFFERS_2048 */
+/* #define USE_CERT_BUFFERS_1024 */
+#define USE_CERT_BUFFERS_2048
+
+/* The Espressif sdkconfig will have chipset info.
+**
+** Some possible values:
+**
+**   CONFIG_IDF_TARGET_ESP32
+**   CONFIG_IDF_TARGET_ESP32S2
+**   CONFIG_IDF_TARGET_ESP32S3
+**   CONFIG_IDF_TARGET_ESP32C3
+**   CONFIG_IDF_TARGET_ESP32C6
+*/
+
+/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
+     /* SRP is known to need 8K; slow on some devices */
+     #define FP_MAX_BITS (8192 * 2)
+     #define WOLFCRYPT_HAVE_SRP
+     #define HAVE_CHACHA
+     #define HAVE_POLY1305
+     #define WOLFSSL_BASE64_ENCODE
+ #endif /* Apple HomeKit settings */
+
+/* Used by ESP-IDF components: */
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+    /* The ESP-TLS */
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
+    #define HAVE_ALPN
+    #ifndef CONFIG_IDF_TARGET_ESP8266
+        /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
+         * API for SNI will not be seen in the components/esp-tls layer.
+         * Only enable SNI for non-ESP8266 targets by default: */
+        #define HAVE_SNI
+    #endif
+    #define OPENSSL_EXTRA_X509_SMALL
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+#endif
+
+/* Optionally enable some wolfSSH settings */
+#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
+    /* Enable wolfSSH. Espressif examples need a few more settings, below */
+    #undef  WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    /* The default SSH Windows size is massive for an embedded target.
+     * Limit it: */
+    #define DEFAULT_WINDOW_SZ 2000
+
+    /* These may be defined in cmake for other examples: */
+    #undef  WOLFSSH_TERM
+    #define WOLFSSH_TERM
+
+    /* optional debug */
+    /* #undef  DEBUG_WOLFSSH */
+    /* #define DEBUG_WOLFSSH */
+
+    #undef  WOLFSSL_KEY_GEN
+    #define WOLFSSL_KEY_GEN
+
+    #undef  WOLFSSL_PTHREADS
+    #define WOLFSSL_PTHREADS
+
+    #define WOLFSSH_TEST_SERVER
+    #define WOLFSSH_TEST_THREADING
+#endif /* ESP_ENABLE_WOLFSSH */
+
+
+/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
+/* #define USE_WOLFSSL_ESP_SDK_WIFI */
+
+/*
+ * ONE of these Espressif chip families will be detected from sdkconfig:
+ *
+ * WOLFSSL_ESP32
+ * WOLFSSL_ESPWROOM32SE
+ * WOLFSSL_ESP8266
+ *
+ * following ifdef detection only for syntax highlighting:
+ */
+#ifdef WOLFSSL_ESPWROOM32SE
+    #undef WOLFSSL_ESPWROOM32SE
+#endif
+#ifdef WOLFSSL_ESP8266
+    #undef WOLFSSL_ESP8266
+#endif
+#ifdef WOLFSSL_ESP32
+    #undef WOLFSSL_ESP32
+#endif
+/* See below for chipset detection from sdkconfig.h */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+#define SINGLE_THREADED
+
+/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
+ * Memory requirement is about 5KB, otherwise 20K is needed when not specified.
+ * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
+ * When really desperate or no TLS used, try NO_SESSION_CACHE.  */
+#define NO_SESSION_CACHE
+
+/* Small Stack uses more heap. */
+#define WOLFSSL_SMALL_STACK
+
+/* Full debugging turned off, but show malloc failure detail */
+/* #define DEBUG_WOLFSSL */
+#define DEBUG_WOLFSSL_MALLOC
+
+/* See test.c that sets cert buffers; we'll set them here: */
+#define USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_2048
+
+/* RSA_LOW_MEM: Half as much memory but twice as slow. */
+#define RSA_LOW_MEM
+
+/* optionally turn off SHA512/224 SHA512/256 */
+/* #define WOLFSSL_NOSHA512_224 */
+/* #define WOLFSSL_NOSHA512_256 */
+
+/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
+/* #define SINGLE_THREADED */
+
+/* When you don't want to use the old SHA */
+/* #define NO_SHA */
+/* #define NO_OLD_TLS */
+
+#define BENCH_EMBEDDED
+
+/* TLS 1.3                                 */
+#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
+    #define WOLFSSL_TLS13
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_HKDF
+
+    /* May be required */
+    #ifndef HAVE_AEAD
+    #endif
+
+    /* Required for ECC */
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Required for RSA */
+    #define WC_RSA_PSS
+
+    /* TLS 1.3 normally requires HAVE_FFDHE */
+    #if defined(HAVE_FFDHE_2048) || \
+        defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096) || \
+        defined(HAVE_FFDHE_6144) || \
+        defined(HAVE_FFDHE_8192)
+    #else
+        #define HAVE_FFDHE_2048
+        /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
+    #endif
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #ifdef HAVE_FFDHE_4096
+        /* this size may be problematic on the C2 */
+    #endif
+    #define HAVE_FFDHE_2048
+#else
+    #define HAVE_FFDHE_4096
+#endif
+
+#define NO_FILESYSTEM
+
+#define NO_OLD_TLS
+
+#define HAVE_AESGCM
+
+/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
+/* #define WOLFSSL_RIPEMD */
+
+/* when you want to use SHA224 */
+#define WOLFSSL_SHA224
+
+/* when you want to use SHA384 */
+#define WOLFSSL_SHA384
+
+/* Some features not enabled for ESP8266: */
+#if defined(CONFIG_IDF_TARGET_ESP8266) || \
+    defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* Some known low-memory devices have features not enabled by default. */
+    /* TODO determine low memory configuration for ECC. */
+#else
+    /* when you want to use SHA512 */
+    #define WOLFSSL_SHA512
+
+    /* when you want to use SHA3 */
+    /* #define WOLFSSL_SHA3 */
+
+    /* ED25519 requires SHA512 */
+    #define HAVE_ED25519
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
+    #define MY_USE_ECC 0
+    #define MY_USE_RSA 1
+#else
+    #define MY_USE_ECC 1
+    #define MY_USE_RSA 0
+#endif
+
+/* We can use either or both ECC and RSA, but must use at least one. */
+#if MY_USE_ECC || MY_USE_RSA
+    #if MY_USE_ECC
+        /* ---- ECDSA / ECC ---- */
+        #define HAVE_ECC
+        #define HAVE_CURVE25519
+        #define HAVE_ED25519
+        #define WOLFSSL_SHA512
+        /*
+        #define HAVE_ECC384
+        #define CURVE25519_SMALL
+        */
+    #else
+        #define WOLFSSH_NO_ECC
+        /* WOLFSSH_NO_ECDSA is typically defined automatically,
+         * here for clarity: */
+        #define WOLFSSH_NO_ECDSA
+    #endif
+
+    #if MY_USE_RSA
+        /* ---- RSA ----- */
+        /* #define RSA_LOW_MEM */
+
+        /* DH disabled by default, needed if ECDSA/ECC also turned off */
+        #define HAVE_DH
+    #else
+        #define WOLFSSH_NO_RSA
+    #endif
+#else
+    #error "Either RSA or ECC must be enabled"
+#endif
+
+/* Optional OpenSSL compatibility */
+/* #define OPENSSL_EXTRA */
+
+/* #Optional HAVE_PKCS7 */
+/* #define HAVE_PKCS7 */
+
+#if defined(HAVE_PKCS7)
+    /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
+    #define NO_PBKDF2
+
+    #define HAVE_AES_KEYWRAP
+    #define HAVE_X963_KDF
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* when you want to use AES counter mode */
+/* #define WOLFSSL_AES_DIRECT */
+/* #define WOLFSSL_AES_COUNTER */
+
+/* esp32-wroom-32se specific definition */
+#if defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ATECC508A
+    #define HAVE_PK_CALLBACKS
+    /* when you want to use a custom slot allocation for ATECC608A */
+    /* unless your configuration is unusual, you can use default   */
+    /* implementation.                                             */
+    /* #define CUSTOM_SLOT_ALLOCATION                              */
+#endif
+
+/* WC_NO_CACHE_RESISTANT: slower but more secure */
+/* #define WC_NO_CACHE_RESISTANT */
+
+/* TFM_TIMING_RESISTANT: slower but more secure */
+/* #define TFM_TIMING_RESISTANT */
+
+/* #define WOLFSSL_ATECC508A_DEBUG         */
+
+/* date/time                               */
+/* if it cannot adjust time in the device, */
+/* enable macro below                      */
+/* #define NO_ASN_TIME */
+/* #define XTIME time */
+
+
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+    #define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
+
+/* hash limit for test.c */
+#define HASH_SIZE_LIMIT
+
+/* USE_FAST_MATH is default */
+#define USE_FAST_MATH
+
+/*****      Use SP_MATH      *****/
+/* #undef  USE_FAST_MATH         */
+/* #define SP_MATH               */
+/* #define WOLFSSL_SP_MATH_ALL   */
+/* #define WOLFSSL_SP_RISCV32    */
+
+/***** Use Integer Heap Math *****/
+/* #undef USE_FAST_MATH          */
+/* #define USE_INTEGER_HEAP_MATH */
+
+/* Just syntax highlighting to check math libraries: */
+#if defined(SP_MATH)               || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_INTEGER_HEAP_MATH) || \
+    defined(USE_FAST_MATH)         || \
+    defined(WOLFSSL_SP_MATH_ALL)   || \
+    defined(WOLFSSL_SP_RISCV32)
+#endif
+
+#define WOLFSSL_SMALL_STACK
+
+
+#define HAVE_VERSION_EXTENDED_INFO
+/* #define HAVE_WC_INTROSPECTION */
+
+#ifndef NO_SESSION_CACHE
+    #define  HAVE_SESSION_TICKET
+#endif
+
+/* #define HAVE_HASHDRBG */
+
+#if 0
+/* Example for additional cert functions */
+#define WOLFSSL_KEY_GEN
+    #define WOLFSSL_CERT_REQ
+    #define WOLFSSL_CERT_GEN
+    #define WOLFSSL_CERT_EXT
+    #define WOLFSSL_SYS_CA_CERTS
+
+
+    #define WOLFSSL_CERT_TEXT
+
+    /* command-line options
+    --enable-keygen
+    --enable-certgen
+    --enable-certreq
+    --enable-certext
+    --enable-asn-template
+    */
+
+#endif
+
+#define WOLFSSL_ASN_TEMPLATE
+
+/*
+#undef  WOLFSSL_KEY_GEN
+#undef  WOLFSSL_CERT_REQ
+#undef  WOLFSSL_CERT_GEN
+#undef  WOLFSSL_CERT_EXT
+#undef  WOLFSSL_SYS_CA_CERTS
+*/
+
+/* command-line options
+--enable-keygen
+--enable-certgen
+--enable-certreq
+--enable-certext
+--enable-asn-template
+*/
+
+/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    /* SM settings, possible cipher suites:
+
+        TLS13-AES128-GCM-SHA256
+        TLS13-CHACHA20-POLY1305-SHA256
+        TLS13-SM4-GCM-SM3
+        TLS13-SM4-CCM-SM3
+
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
+    #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
+                                       "TLS13-SM4-CCM-SM3:"
+    */
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
+
+    #undef  WOLFSSL_SM4_ECB
+    #define WOLFSSL_SM4_ECB
+
+    #undef  WOLFSSL_SM4_CBC
+    #define WOLFSSL_SM4_CBC
+
+    #undef  WOLFSSL_SM4_CTR
+    #define WOLFSSL_SM4_CTR
+
+    #undef  WOLFSSL_SM4_GCM
+    #define WOLFSSL_SM4_GCM
+
+    #undef  WOLFSSL_SM4_CCM
+    #define WOLFSSL_SM4_CCM
+
+    #define HAVE_POLY1305
+    #define HAVE_CHACHA
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+#else
+    /* default settings */
+    #define USE_CERT_BUFFERS_2048
+#endif
+
+/* Chipset detection from sdkconfig.h
+ * Default is HW enabled unless turned off.
+ * Uncomment lines to force SW instead of HW acceleration */
+#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ESP32
+    /*  Alternatively, if there's an ECC Secure Element present: */
+    /* #define WOLFSSL_ESPWROOM32SE */
+
+    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32  */
+
+    #undef  ESP_RSA_MULM_BITS
+    #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
+    /***** END CONFIG_IDF_TARGET_ESP32 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
+    /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32S3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
+      defined(CONFIG_IDF_TARGET_ESP8684)
+    #define WOLFSSL_ESP32
+    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
+     * single QFN 4x4 mm package. Out of released documentation, Technical
+     * Reference Manual as well as ESP-IDF Programming Guide is applicable
+     * to both ESP32-C2 and ESP8684.
+     *
+     * See: https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684. */
+
+    /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity    */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C2  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C2  */
+
+    /* There's no AES or RSA/Math accelerator on the ESP32-C2
+     * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */
+
+    /* These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    #define WOLFSSL_ESP32
+    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
+
+    /*  #define NO_ESP32_CRYPT                 */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
+    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */
+
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
+    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
+    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP32H2)
+    #define WOLFSSL_ESP32
+    /*  wolfSSL Hardware Acceleration not yet implemented */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8266)
+    #define WOLFSSL_ESP8266
+
+    /* There's no hardware encryption on the ESP8266 */
+    /* Consider using the ESP32-C2/C3/C6             */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
+    /***** END CONFIG_IDF_TARGET_ESP266 *****/
+
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /*  There's no Hardware Acceleration available on ESP8684 */
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    /***** END CONFIG_IDF_TARGET_ESP8684 *****/
+
+#else
+    /* Anything else encountered, disable HW acceleration */
+    #warning "Unexpected CONFIG_IDF_TARGET_NN value"
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+#endif /* CONFIG_IDF_TARGET Check */
+
+/* RSA primitive specific definition, listed AFTER the Chipset detection */
+#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Consider USE_FAST_MATH and SMALL_STACK                        */
+
+    #ifndef NO_RSA
+        #define ESP32_USE_RSA_PRIMITIVE
+
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+                #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
+                    #warning "RSA may be difficult with less than 10KB Stack "/
+                #endif
+            #endif
+
+            /* NOTE HW unreliable for small values! */
+            /* threshold for performance adjustment for HW primitive use   */
+            /* X bits of G^X mod P greater than                            */
+            #undef  ESP_RSA_EXPT_XBITS
+            #define ESP_RSA_EXPT_XBITS 32
+
+            /* X and Y of X * Y mod P greater than                         */
+            #undef  ESP_RSA_MULM_BITS
+            #define ESP_RSA_MULM_BITS  16
+        #endif
+    #endif
+#endif
+
+/* Debug options:
+See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
+
+optionally increase error message size for very long paths.
+#define WOLFSSL_MAX_ERROR_SZ 500
+
+Turn wolfSSL debugging on/off:
+    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_OFF();
+
+#define ESP_VERIFY_MEMBLOCK
+#define DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL_VERBOSE
+#define DEBUG_WOLFSSL_SHA_MUTEX
+#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
+#define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
+#define WOLFSSL_ESP32_CRYPT_DEBUG
+#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
+#define NO_RECOVER_SOFTWARE_CALC
+#define WOLFSSL_TEST_STRAY 1
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+#define WOLFSSL_ESP32_HW_LOCK_DEBUG
+#define WOLFSSL_DEBUG_MUTEX
+#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+#define ESP_DISABLE_HW_TASK_LOCK
+#define ESP_MONITOR_HW_TASK_LOCK
+#define USE_ESP_DPORT_ACCESS_READ_BUFFER
+
+See wolfcrypt/benchmark/benchmark.c for debug and other settings:
+
+Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
+#define DEBUG_WOLFSSL_BENCHMARK_TIMING
+
+Turn on timer debugging (used when CPU cycles not available)
+#define WOLFSSL_BENCHMARK_TIMER_DEBUG
+*/
+
+/* Pause in a loop rather than exit. */
+/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
+/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
+
+#define WOLFSSL_HW_METRICS
+
+/* for test.c */
+/* #define HASH_SIZE_LIMIT */
+
+/* Optionally turn off HW math checks */
+/* #define NO_HW_MATH_TEST */
+
+/* Optionally include alternate HW test library: alt_hw_test.h */
+/* When enabling, the ./components/wolfssl/CMakeLists.txt file
+ * will need the name of the library in the idf_component_register
+ * for the PRIV_REQUIRES list. */
+/* #define INCLUDE_ALT_HW_TEST */
+
+/* optionally turn off individual math HW acceleration features */
+
+/* Turn off Large Number ESP32 HW Multiplication:
+** [Z = X * Y] in esp_mp_mul()                                  */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL                */
+
+/* Turn off Large Number ESP32 HW Modular Exponentiation:
+** [Z = X^Y mod M] in esp_mp_exptmod()                          */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD               */
+
+/* Turn off Large Number ESP32 HW Modular Multiplication
+** [Z = X * Y mod M] in esp_mp_mulmod()                         */
+/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */
+
+
+/* used by benchmark: */
+#define WOLFSSL_PUBLIC_MP
+
+/* when turning on ECC508 / ECC608 support
+#define WOLFSSL_ESPWROOM32SE
+#define HAVE_PK_CALLBACKS
+#define WOLFSSL_ATECC508A
+#define ATCA_WOLFSSL
+*/
+
+/***************************** Certificate Macros *****************************
+ *
+ * The section below defines macros used in typically all of the wolfSSL
+ * examples such as the client and server for certs stored in header files.
+ *
+ * There are various certificate examples in this header file:
+ * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * To use the sample certificates in code (not recommended for production!):
+ *
+ *    #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
+ *        #include <wolfssl/certs_test.h>
+ *    #endif
+ *
+ * To use the sets of macros below, define *one* of these:
+ *
+ *    USE_CERT_BUFFERS_1024  - ECC 1024 bit encoded ASN1
+ *    USE_CERT_BUFFERS_2048  - RSA 2048 bit encoded ASN1
+ *    WOLFSSL_SM[2,3,4]      - SM Ciphers
+ *
+ * For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
+ *  wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
+ *
+ *     ret = wolfSSL_CTX_load_verify_buffer(ctx,
+ *                                          CTX_CA_CERT,
+ *                                          CTX_CA_CERT_SIZE,
+ *                                          CTX_CA_CERT_TYPE);
+ *
+ * See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
+ *
+ * In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
+ * defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
+ *
+ * The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
+ * array size and cert type respectively.
+ *
+ * Similarly for loading the private client key:
+ *
+ *  ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+ *                                          CTX_CLIENT_KEY,
+ *                                          CTX_CLIENT_KEY_SIZE,
+ *                                          CTX_CLIENT_KEY_TYPE);
+ *
+ * see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
+ *
+ * Similarly, the other macros are for server certificates and keys:
+ *   `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
+ *
+ * The certificate and key names are typically `static const unsigned char`
+ * arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
+ * are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
+ *
+ * See `SSL_FILETYPE_[name]` in
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
+ *
+ * See Abstract Syntax Notation One (ASN.1) in:
+ *   https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
+ *
+ * Optional SM4 Ciphers:
+ *
+ * Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
+ * be available. See:
+ *   https://github.com/wolfSSL/wolfssl/pull/6825
+ *   https://github.com/wolfSSL/wolfsm
+ *
+ * Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
+ */
+
+/*
+#define WOLFSSL_SM2
+#define WOLFSSL_SM3
+#define WOLFSSL_SM4
+*/
+
+/* Conditional macros used in wolfSSL TLS client and server examples */
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+    #include <wolfssl/certs_test_sm.h>
+    #define CTX_CA_CERT          root_sm2
+    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
+    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_CERT      server_sm2
+    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
+    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
+    #define CTX_SERVER_KEY       server_sm2_priv
+    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
+    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM
+
+    #undef  WOLFSSL_BASE16
+    #define WOLFSSL_BASE16
+#else
+    #if defined(USE_CERT_BUFFERS_2048)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_2048
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_2048
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_2048
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_2048
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_2048
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_2048
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+    #elif defined(USE_CERT_BUFFERS_1024)
+        #define USE_CERT_BUFFERS_256
+        /* Be sure to include in app when using example certs: */
+        /* #include <wolfssl/certs_test.h>                     */
+        #define CTX_CA_CERT          ca_cert_der_1024
+        #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
+        #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_CLIENT_CERT      client_cert_der_1024
+        #define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
+        #define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_CLIENT_KEY       client_key_der_1024
+        #define CTX_CLIENT_KEY_SIZE  sizeof_client_key_der_1024
+        #define CTX_CLIENT_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+
+        #define CTX_SERVER_CERT      server_cert_der_1024
+        #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
+        #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
+        #define CTX_SERVER_KEY       server_key_der_1024
+        #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
+        #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
+    #else
+        /* Optionally define custom cert arrays, sizes, and types here */
+        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+    #endif
+#endif /* Conditional key and cert constant names */
+
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+/* See settings.h for some of the possible hardening options:
+ *
+ *  #define NO_ESPIDF_DEFAULT
+ *  #define WC_NO_CACHE_RESISTANT
+ *  #define WC_AES_BITSLICED
+ *  #define HAVE_AES_ECB
+ *  #define HAVE_AES_DIRECT
+ */
diff --git a/examples/configs/user_settings_fipsv2.h b/examples/configs/user_settings_fipsv2.h
index b15b1283b..971b39e3f 100644
--- a/examples/configs/user_settings_fipsv2.h
+++ b/examples/configs/user_settings_fipsv2.h
@@ -1,6 +1,6 @@
 /* user_settings_fipsv2.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_fipsv5.h b/examples/configs/user_settings_fipsv5.h
index afc4b63c9..52752df05 100644
--- a/examples/configs/user_settings_fipsv5.h
+++ b/examples/configs/user_settings_fipsv5.h
@@ -1,6 +1,6 @@
 /* user_settings_fipsv5.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_min_ecc.h b/examples/configs/user_settings_min_ecc.h
index e43fb0841..28c1157ba 100644
--- a/examples/configs/user_settings_min_ecc.h
+++ b/examples/configs/user_settings_min_ecc.h
@@ -1,6 +1,6 @@
 /* user_settings_min_ecc.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_platformio.h b/examples/configs/user_settings_platformio.h
index 25babd211..4fd753bce 100644
--- a/examples/configs/user_settings_platformio.h
+++ b/examples/configs/user_settings_platformio.h
@@ -1,6 +1,6 @@
 /* examples/configs/user_settings_platformio.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -51,8 +51,8 @@
 #if 0
     /* Kyber typically needs a minimum 10K stack */
     #define WOLFSSL_EXPERIMENTAL_SETTINGS
-    #define WOLFSSL_HAVE_KYBER
-    #define WOLFSSL_WC_KYBER
+    #define WOLFSSL_HAVE_MLKEM
+    #define WOLFSSL_WC_MLKEM
     #define WOLFSSL_SHA3
 #endif
 
@@ -513,8 +513,7 @@
     #define WOLFSSL_ESP8266
 
     /* There's no hardware encryption on the ESP8266 */
-    /* Consider using the ESP32-C2/C3/C6
-     * See www.espressif.com/en/products/socs/esp32-c2 */
+    /* Consider using the ESP32-C2/C3/C6             */
     #define NO_ESP32_CRYPT
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
diff --git a/examples/configs/user_settings_stm32.h b/examples/configs/user_settings_stm32.h
index 20f0d5cfa..c069cfe85 100644
--- a/examples/configs/user_settings_stm32.h
+++ b/examples/configs/user_settings_stm32.h
@@ -1,7 +1,7 @@
 /* wolfSSL_conf.h (example of generated wolfSSL.I-CUBE-wolfSSL_conf.h using
  * default_conf.ftl and STM32CubeIDE or STM32CubeMX tool)
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -50,6 +50,9 @@ extern "C" {
 /*---------- WOLF_CONF_DTLS -----------*/
 #define WOLF_CONF_DTLS      0
 
+/*---------- WOLF_CONF_DTLS13 -----------*/
+#define WOLF_CONF_DTLS13    0
+
 /*---------- WOLF_CONF_MATH -----------*/
 #define WOLF_CONF_MATH      4
 
@@ -78,7 +81,7 @@ extern "C" {
 #define WOLF_CONF_CHAPOLY      1
 
 /*---------- WOLF_CONF_EDCURVE25519 -----------*/
-#define WOLF_CONF_EDCURVE25519      0
+#define WOLF_CONF_EDCURVE25519      1
 
 /*---------- WOLF_CONF_MD5 -----------*/
 #define WOLF_CONF_MD5      0
@@ -93,10 +96,10 @@ extern "C" {
 #define WOLF_CONF_SHA2_256      1
 
 /*---------- WOLF_CONF_SHA2_384 -----------*/
-#define WOLF_CONF_SHA2_384      0
+#define WOLF_CONF_SHA2_384      1
 
 /*---------- WOLF_CONF_SHA2_512 -----------*/
-#define WOLF_CONF_SHA2_512      0
+#define WOLF_CONF_SHA2_512      1
 
 /*---------- WOLF_CONF_SHA3 -----------*/
 #define WOLF_CONF_SHA3      0
@@ -119,8 +122,23 @@ extern "C" {
 /*---------- WOLF_CONF_TEST -----------*/
 #define WOLF_CONF_TEST      1
 
-/*---------- WOLF_CONF_PQM4 -----------*/
-#define WOLF_CONF_PQM4      0
+/*---------- WOLF_CONF_KYBER -----------*/
+#define WOLF_CONF_KYBER      0
+
+/*---------- WOLF_CONF_ARMASM -----------*/
+#define WOLF_CONF_ARMASM      1
+
+/*---------- WOLF_CONF_IO -----------*/
+#define WOLF_CONF_IO      1
+
+/*---------- WOLF_CONF_RESUMPTION -----------*/
+#define WOLF_CONF_RESUMPTION      0
+
+/*---------- WOLF_CONF_TPM -----------*/
+#define WOLF_CONF_TPM      0
+
+/*---------- WOLF_CONF_PK -----------*/
+#define WOLF_CONF_PK      0
 
 /* ------------------------------------------------------------------------- */
 /* Hardware platform */
@@ -163,12 +181,18 @@ extern "C" {
     #undef  NO_STM32_CRYPTO
     #define STM32_HAL_V2
     #define HAL_CONSOLE_UART huart3
+#elif defined(STM32H7S3xx)
+    #define WOLFSSL_STM32H7S
+    #undef  NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define WOLFSSL_STM32_PKA
+    #define HAL_CONSOLE_UART huart3
 #elif defined(STM32H753xx)
     #define WOLFSSL_STM32H7
     #undef  NO_STM32_HASH
     #undef  NO_STM32_CRYPTO
     #define HAL_CONSOLE_UART huart3
-#elif defined(STM32H723xx)
+#elif defined(STM32H723xx) || defined(STM32H725xx) || defined(STM32H743xx)
     #define WOLFSSL_STM32H7
     #define HAL_CONSOLE_UART huart3
 #elif defined(STM32L4A6xx)
@@ -209,11 +233,14 @@ extern "C" {
     #define HAL_CONSOLE_UART huart2
     #define NO_STM32_RNG
     #define WOLFSSL_GENSEED_FORTEST /* no HW RNG is available use test seed */
-#elif defined(STM32U575xx) || defined(STM32U585xx)
+#elif defined(STM32G491xx)
+    #define WOLFSSL_STM32G4
+    #define HAL_CONSOLE_UART hlpuart1
+#elif defined(STM32U575xx) || defined(STM32U585xx) || defined(STM32U5A9xx)
     #define HAL_CONSOLE_UART huart1
     #define WOLFSSL_STM32U5
     #define STM32_HAL_V2
-    #ifdef STM32U585xx
+    #if defined(STM32U585xx) || defined(STM32U5A9xx)
         #undef  NO_STM32_HASH
         #undef  NO_STM32_CRYPTO
         #define WOLFSSL_STM32_PKA
@@ -223,14 +250,22 @@ extern "C" {
     #define HAL_CONSOLE_UART huart3
     #define STM32_HAL_V2
     #undef  NO_STM32_HASH
-
+#elif defined(STM32MP135Fxx)
+    #define WOLFSSL_STM32MP13
+    #define HAL_CONSOLE_UART huart4
+    #define STM32_HAL_V2
+    #undef NO_STM32_HASH
+    #undef NO_STM32_CRYPTO
+    #define WOLFSSL_STM32_PKA
+    #define WOLFSSL_STM32_PKA_V2
 #else
     #warning Please define a hardware platform!
     /* This means there is not a pre-defined platform for your board/CPU */
     /* You need to define a CPU type, HW crypto and debug UART */
     /* CPU Type: WOLFSSL_STM32F1, WOLFSSL_STM32F2, WOLFSSL_STM32F4,
         WOLFSSL_STM32F7, WOLFSSL_STM32H7, WOLFSSL_STM32L4, WOLFSSL_STM32L5,
-        WOLFSSL_STM32G0, WOLFSSL_STM32WB and WOLFSSL_STM32U5 */
+        WOLFSSL_STM32G0, WOLFSSL_STM32G4, WOLFSSL_STM32WB, WOLFSSL_STM32U5 and
+        WOLFSSL_STM32MP13 */
     #define WOLFSSL_STM32F4
 
     /* Debug UART used for printf */
@@ -248,6 +283,7 @@ extern "C" {
     //#define STM32_HAL_V2
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Platform */
 /* ------------------------------------------------------------------------- */
@@ -255,12 +291,25 @@ extern "C" {
 #define WOLFSSL_GENERAL_ALIGNMENT 4
 #define WOLFSSL_STM32_CUBEMX
 #define WOLFSSL_SMALL_STACK
-#define WOLFSSL_USER_IO
-#define WOLFSSL_NO_SOCK
 #define WOLFSSL_IGNORE_FILE_WARN
+#define WOLFSSL_WOLFSSH
+
 
 /* ------------------------------------------------------------------------- */
-/* Operating System */
+/* Network stack: 1=User IO (custom), 2=LWIP (posix), 3=LWIP (native) */
+/* ------------------------------------------------------------------------- */
+#if defined(WOLF_CONF_IO) && WOLF_CONF_IO == 2
+    #define WOLFSSL_LWIP
+#elif defined(WOLF_CONF_IO) && WOLF_CONF_IO == 3
+    #define WOLFSSL_LWIP_NATIVE
+#else /* custom */
+    #define WOLFSSL_USER_IO
+    #define WOLFSSL_NO_SOCK
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Operating System: 1=Bare-metal/Single threaded, 2=FREERTOS */
 /* ------------------------------------------------------------------------- */
 #if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2
     #define FREERTOS
@@ -268,22 +317,32 @@ extern "C" {
     #define SINGLE_THREADED
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Math Configuration */
 /* ------------------------------------------------------------------------- */
-/* 1=Fast (stack)
- * 2=Normal (heap)
- * 3=Single Precision C (only common curves/key sizes)
- * 4=Single Precision ASM Cortex-M3+
- * 5=Single Precision ASM Cortex-M0 (Generic Thumb)
- * 6=Single Precision C all small
- * 7=Single Precision C all big
+/* 1=Fast (stack)                      (tfm.c)
+ * 2=Normal (heap)                     (integer.c)
+ * 3-5=Single Precision: only common curves/key sizes:
+ *                   (ECC 256/384/521 and RSA/DH 2048/3072/4096)
+ *   3=Single Precision C              (sp_c32.c)
+ *   4=Single Precision ASM Cortex-M3+ (sp_cortexm.c)
+ *   5=Single Precision ASM Cortex-M0  (sp_armthumb.c)
+ * 6=Wolf multi-precision C small      (sp_int.c)
+ * 7=Wolf multi-precision C big        (sp_int.c)
  */
+
 #if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH == 1
     /* fast (stack) math - tfm.c */
     #define USE_FAST_MATH
     #define TFM_TIMING_RESISTANT
 
+    #if !defined(NO_RSA) || !defined(NO_DH)
+        /* Maximum math bits (Max DH/RSA key bits * 2) */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     4096
+    #endif
+
     /* Optimizations (TFM_ARM, TFM_ASM or none) */
     //#define TFM_NO_ASM
     //#define TFM_ASM
@@ -298,19 +357,26 @@ extern "C" {
     #endif
     #if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
         #define WOLFSSL_HAVE_SP_RSA
+        //#define WOLFSSL_SP_NO_2048
+        //#define WOLFSSL_SP_NO_3072
+        //#define WOLFSSL_SP_4096
     #endif
     #if defined(WOLF_CONF_DH) && WOLF_CONF_DH == 1
         #define WOLFSSL_HAVE_SP_DH
     #endif
     #if defined(WOLF_CONF_ECC) && WOLF_CONF_ECC == 1
         #define WOLFSSL_HAVE_SP_ECC
+        //#define WOLFSSL_SP_NO_256
+        #define WOLFSSL_SP_384
+        //#define WOLFSSL_SP_521
     #endif
     #if WOLF_CONF_MATH == 6 || WOLF_CONF_MATH == 7
         #define WOLFSSL_SP_MATH_ALL /* use sp_int.c multi precision math */
+        //#define WOLFSSL_SP_ARM_THUMB /* enable ARM Thumb ASM speedups */
     #else
         #define WOLFSSL_SP_MATH    /* disable non-standard curves / key sizes */
     #endif
-    #define SP_WORD_SIZE 32
+    #define SP_WORD_SIZE 32 /* force 32-bit mode */
 
     /* Enable to put all math on stack (no heap) */
     //#define WOLFSSL_SP_NO_MALLOC
@@ -328,6 +394,7 @@ extern "C" {
     #endif
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Enable Features */
 /* ------------------------------------------------------------------------- */
@@ -336,6 +403,8 @@ extern "C" {
 #define HAVE_SUPPORTED_CURVES
 #define HAVE_ENCRYPT_THEN_MAC
 #define HAVE_EXTENDED_MASTER
+#define WOLFSSL_ASN_TEMPLATE
+#define HAVE_SNI
 
 #if defined(WOLF_CONF_TLS13) && WOLF_CONF_TLS13 == 1
     #define WOLFSSL_TLS13
@@ -344,6 +413,10 @@ extern "C" {
 #if defined(WOLF_CONF_DTLS) && WOLF_CONF_DTLS == 1
     #define WOLFSSL_DTLS
 #endif
+#if defined(WOLF_CONF_DTLS13) && WOLF_CONF_DTLS13 == 1
+    #define WOLFSSL_DTLS13
+    #define WOLFSSL_SEND_HRR_COOKIE
+#endif
 #if defined(WOLF_CONF_PSK) && WOLF_CONF_PSK == 0
     #define NO_PSK
 #endif
@@ -367,18 +440,23 @@ extern "C" {
 #endif
 
 /* TLS Session Cache */
-#if 0
+#if defined(WOLF_CONF_RESUMPTION) && WOLF_CONF_RESUMPTION == 1
     #define SMALL_SESSION_CACHE
+    #define HAVE_SESSION_TICKET
 #else
     #define NO_SESSION_CACHE
 #endif
 
-/* Post Quantum
- * Note: PQM4 is compatible with STM32. The project can be found at:
- * https://github.com/mupq/pqm4
- */
-#if defined(WOLF_CONF_PQM4) && WOLF_CONF_PQM4 == 1
-    #define HAVE_PQM4
+/* TPM support */
+#if defined(WOLF_CONF_TPM) && WOLF_CONF_TPM == 1
+    #define WOLF_CRYPTO_CB
+    #define WOLFSSL_PUBLIC_MP
+    /* also AES CFB - enabled below */
+#endif
+
+/* TLS key callbacks */
+#if defined(WOLF_CONF_PK) && WOLF_CONF_PK == 1
+    #define HAVE_PK_CALLBACKS
 #endif
 
 /* ------------------------------------------------------------------------- */
@@ -387,12 +465,6 @@ extern "C" {
 /* RSA */
 #undef NO_RSA
 #if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
-    #ifdef USE_FAST_MATH
-        /* Maximum math bits (Max RSA key bits * 2) */
-        #undef  FP_MAX_BITS
-        #define FP_MAX_BITS     4096
-    #endif
-
     /* half as much memory but twice as slow */
     #undef  RSA_LOW_MEM
     //#define RSA_LOW_MEM
@@ -420,7 +492,7 @@ extern "C" {
     //#define HAVE_ECC192
     //#define HAVE_ECC224
     #undef NO_ECC256
-    //#define HAVE_ECC384
+    #define HAVE_ECC384
     //#define HAVE_ECC521
 
     /* Fixed point cache (speeds repeated operations against same private key) */
@@ -446,8 +518,8 @@ extern "C" {
     //#define HAVE_COMP_KEY
 
     #ifdef USE_FAST_MATH
-        #ifdef NO_RSA
-            /* Custom fastmath size if not using RSA */
+        #if defined(NO_RSA) && defined(NO_DH)
+            /* Custom fastmath size if not using RSA/DH */
             /* MAX = ROUND32(ECC BITS) * 2 */
             #define FP_MAX_BITS     (256 * 2)
         #else
@@ -474,20 +546,31 @@ extern "C" {
 #endif
 
 /* AES */
-#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1
+#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM >= 1
     #define HAVE_AESGCM
+    #define HAVE_AES_DECRYPT
+
     /* GCM Method: GCM_SMALL, GCM_WORD32, GCM_TABLE or GCM_TABLE_4BIT */
     /* GCM_TABLE is about 4K larger and 3x faster for GHASH */
-    #define GCM_SMALL
-    #define HAVE_AES_DECRYPT
+    #if WOLF_CONF_AESGCM == 2
+        #define GCM_TABLE_4BIT
+    #else
+        #define GCM_SMALL
+    #endif
 #endif
 
 #if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1
     #define HAVE_AES_CBC
     #define HAVE_AES_DECRYPT
+#else
+    #define NO_AES_CBC
 #endif
 
 /* Other possible AES modes */
+#if defined(WOLF_CONF_TPM) && WOLF_CONF_TPM == 1
+    #define WOLFSSL_AES_CFB /* Used by TPM parameter encryption */
+#endif
+
 //#define WOLFSSL_AES_COUNTER
 //#define HAVE_AESCCM
 //#define WOLFSSL_AES_XTS
@@ -516,7 +599,7 @@ extern "C" {
     #define HAVE_ED25519
 
     /* Optionally use small math (less flash usage, but much slower) */
-    #define CURVED25519_SMALL
+    //#define CURVED25519_SMALL
 #endif
 
 /* ------------------------------------------------------------------------- */
@@ -554,7 +637,7 @@ extern "C" {
     //#define USE_SLOW_SHA512
 
     #define WOLFSSL_SHA512
-    #define HAVE_SHA512 /* freeRTOS settings.h requires this */
+    #define HAVE_SHA512 /* old freeRTOS settings.h requires this */
 #endif
 
 /* Sha2-384 */
@@ -576,6 +659,54 @@ extern "C" {
     #define NO_MD5
 #endif
 
+/* ------------------------------------------------------------------------- */
+/* Post-Quantum Crypto */
+/* ------------------------------------------------------------------------- */
+/* NOTE: this is after the hashing section to override the potential SHA3 undef
+ * above. */
+#if defined(WOLF_CONF_KYBER) && WOLF_CONF_KYBER == 1
+    #undef  WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
+
+    #undef  WOLFSSL_HAVE_MLKEM
+    #define WOLFSSL_HAVE_MLKEM
+
+    #undef  WOLFSSL_WC_MLKEM
+    #define WOLFSSL_WC_MLKEM
+
+    #undef  WOLFSSL_NO_SHAKE128
+    #undef  WOLFSSL_SHAKE128
+    #define WOLFSSL_SHAKE128
+
+    #undef  WOLFSSL_NO_SHAKE256
+    #undef  WOLFSSL_SHAKE256
+    #define WOLFSSL_SHAKE256
+
+    #undef  WOLFSSL_SHA3
+    #define WOLFSSL_SHA3
+#endif /* WOLF_CONF_KYBER */
+
+/* ------------------------------------------------------------------------- */
+/* Crypto Acceleration */
+/* ------------------------------------------------------------------------- */
+/* This enables inline assembly speedups for SHA2, SHA3, AES,
+ * ChaCha20/Poly1305 and Ed/Curve25519. These settings work for Cortex M4/M7
+ * and the source code is located in wolfcrypt/src/port/arm/
+ */
+#if defined(WOLF_CONF_ARMASM) && WOLF_CONF_ARMASM == 1
+    #define WOLFSSL_ARMASM
+    #define WOLFSSL_ARMASM_INLINE
+    #define WOLFSSL_ARMASM_NO_HW_CRYPTO
+    #define WOLFSSL_ARMASM_NO_NEON
+    #define WOLFSSL_ARMASM_THUMB2
+    #define WOLFSSL_ARM_ARCH 7
+    /* Disable H/W offloading if accelerating S/W crypto */
+    #undef  NO_STM32_HASH
+    #define NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define NO_STM32_CRYPTO
+#endif
+
 /* ------------------------------------------------------------------------- */
 /* Benchmark / Test */
 /* ------------------------------------------------------------------------- */
@@ -584,6 +715,7 @@ extern "C" {
 #define USE_CERT_BUFFERS_2048
 #define USE_CERT_BUFFERS_256
 
+
 /* ------------------------------------------------------------------------- */
 /* Debugging */
 /* ------------------------------------------------------------------------- */
@@ -602,6 +734,7 @@ extern "C" {
     //#define NO_ERROR_STRINGS
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Port */
 /* ------------------------------------------------------------------------- */
@@ -610,6 +743,7 @@ extern "C" {
 /* Allows custom "custom_time()" function to be used for benchmark */
 #define WOLFSSL_USER_CURRTIME
 
+
 /* ------------------------------------------------------------------------- */
 /* RNG */
 /* ------------------------------------------------------------------------- */
@@ -622,6 +756,7 @@ extern "C" {
     #define WC_NO_RNG
 #endif
 
+
 /* ------------------------------------------------------------------------- */
 /* Disable Features */
 /* ------------------------------------------------------------------------- */
@@ -650,6 +785,8 @@ extern "C" {
 #define NO_RC4
 #define NO_MD4
 #define NO_DES3
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
 
 /* In-lining of misc.c functions */
 /* If defined, must include wolfcrypt/src/misc.c in build */
@@ -664,6 +801,7 @@ extern "C" {
     #define NO_ASN_TIME
 #endif
 
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/examples/configs/user_settings_template.h b/examples/configs/user_settings_template.h
index 680376ad2..bbd47b1bf 100644
--- a/examples/configs/user_settings_template.h
+++ b/examples/configs/user_settings_template.h
@@ -1,6 +1,6 @@
 /* user_settings_template.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_tls12.h b/examples/configs/user_settings_tls12.h
index c8ec7fce8..69a7b95b8 100644
--- a/examples/configs/user_settings_tls12.h
+++ b/examples/configs/user_settings_tls12.h
@@ -1,6 +1,6 @@
 /* user_settings_tls12.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_wolfboot_keytools.h b/examples/configs/user_settings_wolfboot_keytools.h
index 31ff456e1..7c921390a 100644
--- a/examples/configs/user_settings_wolfboot_keytools.h
+++ b/examples/configs/user_settings_wolfboot_keytools.h
@@ -4,7 +4,7 @@
  * Enabled via WOLFSSL_USER_SETTINGS.
  *
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -57,7 +57,6 @@
 #define WOLFSSL_SHAKE256
 
 /* RSA */
-#define HAVE_RSA
 #define WOLFSSL_HAVE_SP_RSA
 #define WC_RSA_BLINDING
 #define WOLFSSL_KEY_GEN
diff --git a/examples/configs/user_settings_wolfssh.h b/examples/configs/user_settings_wolfssh.h
index 45821a729..23b1fda94 100644
--- a/examples/configs/user_settings_wolfssh.h
+++ b/examples/configs/user_settings_wolfssh.h
@@ -1,6 +1,6 @@
 /* user_settings_wolfssh.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/configs/user_settings_wolftpm.h b/examples/configs/user_settings_wolftpm.h
index 960536cb3..09cf8d909 100644
--- a/examples/configs/user_settings_wolftpm.h
+++ b/examples/configs/user_settings_wolftpm.h
@@ -1,6 +1,6 @@
 /* user_settings_wolftpm.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -216,7 +216,6 @@ extern "C" {
     #define NO_SIG_WRAPPER
     #define NO_ASN_TIME
     #define NO_CODING
-    #define NO_BIG_INT
 #endif
 
 #ifdef __cplusplus
diff --git a/examples/crypto_policies/default/wolfssl.txt b/examples/crypto_policies/default/wolfssl.txt
new file mode 100644
index 000000000..ffecfdc32
--- /dev/null
+++ b/examples/crypto_policies/default/wolfssl.txt
@@ -0,0 +1 @@
+@SECLEVEL=2:EECDH:kRSA:EDH:PSK:DHEPSK:ECDHEPSK:RSAPSK:!RC4:!eNULL:!aNULL
diff --git a/examples/crypto_policies/future/wolfssl.txt b/examples/crypto_policies/future/wolfssl.txt
new file mode 100644
index 000000000..a8f4a6066
--- /dev/null
+++ b/examples/crypto_policies/future/wolfssl.txt
@@ -0,0 +1 @@
+@SECLEVEL=3:EECDH:EDH:PSK:DHEPSK:ECDHEPSK:!RSAPSK:!kRSA:!AES128:!RC4:!eNULL:!aNULL:!SHA1
diff --git a/examples/crypto_policies/legacy/wolfssl.txt b/examples/crypto_policies/legacy/wolfssl.txt
new file mode 100644
index 000000000..75781383f
--- /dev/null
+++ b/examples/crypto_policies/legacy/wolfssl.txt
@@ -0,0 +1 @@
+@SECLEVEL=1:EECDH:kRSA:EDH:PSK:DHEPSK:ECDHEPSK:RSAPSK:!eNULL:!aNULL
diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c
index 89a8d6ba9..269962bce 100644
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -1,6 +1,6 @@
 /* echoclient.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,12 +24,20 @@
     #include <config.h>
 #endif
 
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
-/* let's use cyassl layer AND cyassl openssl layer */
-#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
-#include <wolfssl/ssl.h>
 
 /* Force enable the compatibility macros for this example */
+#undef TEST_OPENSSL_COEXIST
+#undef OPENSSL_COEXIST
+#ifndef OPENSSL_EXTRA_X509_SMALL
+#define OPENSSL_EXTRA_X509_SMALL
+#endif
+
+#include <wolfssl/ssl.h>
+
 #ifdef WOLFSSL_DTLS
     #include <wolfssl/error-ssl.h>
 #endif
@@ -45,14 +53,11 @@
 
 #include <wolfssl/test.h>
 
-#ifndef OPENSSL_EXTRA_X509_SMALL
-#define OPENSSL_EXTRA_X509_SMALL
-#endif
 #include <wolfssl/openssl/ssl.h>
 
 #include <examples/echoclient/echoclient.h>
 
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
 
 
 #ifdef NO_FILESYSTEM
@@ -248,13 +253,13 @@ void echoclient_test(void* args)
         if (ret != WOLFSSL_SUCCESS) {
             err = SSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         fprintf(stderr, "SSL_connect error %d, %s\n", err,
             ERR_error_string((unsigned long)err, buffer));
@@ -271,13 +276,13 @@ void echoclient_test(void* args)
             if (ret <= 0) {
                 err = SSL_get_error(ssl, 0);
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_PENDING_E) {
+                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     if (ret < 0) break;
                 }
             #endif
             }
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != sendSz) {
             fprintf(stderr, "SSL_write msg error %d, %s\n", err,
                 ERR_error_string((unsigned long)err, buffer));
@@ -306,13 +311,13 @@ void echoclient_test(void* args)
                 if (ret <= 0) {
                     err = SSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret > 0) {
                 reply[ret] = 0;
                 LIBCALL_CHECK_RET(fputs(reply, fout));
@@ -320,7 +325,9 @@ void echoclient_test(void* args)
                 sendSz -= ret;
             }
 #ifdef WOLFSSL_DTLS
-            else if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
+            else if (wolfSSL_dtls(ssl) &&
+                     err == WC_NO_ERR_TRACE(DECRYPT_ERROR))
+            {
                 /* This condition is OK. The packet should be dropped
                  * silently when there is a decrypt or MAC error on
                  * a DTLS record. */
@@ -346,13 +353,13 @@ void echoclient_test(void* args)
         if (ret <= 0) {
             err = SSL_get_error(ssl, 0);
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
         #endif
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
 #else
     SSL_shutdown(ssl);
 #endif
@@ -374,7 +381,7 @@ void echoclient_test(void* args)
     ((func_args*)args)->return_code = 0;
 }
 
-#endif /* !NO_WOLFSSL_CLIENT */
+#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */
 
 /* so overall tests can pull in test function */
 #ifndef NO_MAIN_DRIVER
@@ -401,7 +408,7 @@ void echoclient_test(void* args)
 #ifndef WOLFSSL_TIRTOS
         ChangeToWolfRoot();
 #endif
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
         echoclient_test(&args);
 #endif
 
diff --git a/examples/echoclient/echoclient.h b/examples/echoclient/echoclient.h
index 90fb387be..21ae0d0d6 100644
--- a/examples/echoclient/echoclient.h
+++ b/examples/echoclient/echoclient.h
@@ -1,6 +1,6 @@
 /* echoclient.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/echoclient/echoclient.vcxproj b/examples/echoclient/echoclient.vcxproj
index 9fa8aad0f..68eb81b1d 100644
--- a/examples/echoclient/echoclient.vcxproj
+++ b/examples/echoclient/echoclient.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{8362A816-C5DC-4E22-B5C5-9E6806387073}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -111,6 +155,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="echoclient.c" />
   </ItemGroup>
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index 68a86bce4..7c8806138 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -1,6 +1,6 @@
 /* echoserver.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,6 +24,14 @@
     #include <config.h>
 #endif
 
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/ssl.h> /* name change portability layer */
 #include <wolfssl/wolfcrypt/settings.h>
 #ifdef HAVE_ECC
@@ -48,7 +56,7 @@
 
 #include "examples/echoserver/echoserver.h"
 
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
 
 #ifdef NO_FILESYSTEM
 #ifdef NO_RSA
@@ -341,13 +349,13 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
             if (ret != WOLFSSL_SUCCESS) {
                 err = wolfSSL_get_error(ssl, 0);
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_PENDING_E) {
+                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     if (ret < 0) break;
                 }
             #endif
             }
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != WOLFSSL_SUCCESS) {
             fprintf(stderr, "SSL_accept error = %d, %s\n", err,
                 wolfSSL_ERR_error_string((unsigned long)err, buffer));
@@ -381,13 +389,13 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                 if (ret <= 0) {
                     err = wolfSSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret <= 0) {
                 if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_ZERO_RETURN){
                     fprintf(stderr, "SSL_read echo error %d, %s!\n", err,
@@ -444,13 +452,13 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                     if (ret <= 0) {
                         err = wolfSSL_get_error(write_ssl, 0);
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                        if (err == WC_PENDING_E) {
+                        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                             ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
                             if (ret < 0) break;
                         }
                     #endif
                     }
-                } while (err == WC_PENDING_E);
+                } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
                 if (ret != echoSz) {
                     fprintf(stderr, "SSL_write get error = %d, %s\n", err,
                         wolfSSL_ERR_error_string((unsigned long)err, buffer));
@@ -470,13 +478,13 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                 if (ret <= 0) {
                     err = wolfSSL_get_error(write_ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
 
             if (ret != echoSz) {
                 fprintf(stderr, "SSL_write echo error = %d, %s\n", err,
@@ -528,7 +536,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
     WOLFSSL_RETURN_FROM_THREAD(0);
 }
 
-#endif /* !NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */
 
 
 /* so overall tests can pull in test function */
@@ -554,7 +562,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
         wolfSSL_Debugging_ON();
 #endif
         ChangeToWolfRoot();
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
         echoserver_test(&args);
 #endif
         wolfSSL_Cleanup();
diff --git a/examples/echoserver/echoserver.h b/examples/echoserver/echoserver.h
index 29ab5a9f1..b4e8cc17a 100644
--- a/examples/echoserver/echoserver.h
+++ b/examples/echoserver/echoserver.h
@@ -1,6 +1,6 @@
 /* echoserver.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/echoserver/echoserver.vcxproj b/examples/echoserver/echoserver.vcxproj
index 28bd2a836..68c4f1680 100644
--- a/examples/echoserver/echoserver.vcxproj
+++ b/examples/echoserver/echoserver.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{07D97C48-E08F-4E34-9F67-3064039FF2CB}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -110,6 +154,12 @@
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+    <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="echoserver.c" />
   </ItemGroup>
diff --git a/examples/pem/pem.c b/examples/pem/pem.c
index 3d32e8472..3347314b6 100644
--- a/examples/pem/pem.c
+++ b/examples/pem/pem.c
@@ -1,6 +1,6 @@
 /* pem.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -100,7 +100,7 @@ static int pemApp_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
     word32 len = 0;
     size_t read_len;
     /* Allocate a minimum amount. */
-    unsigned char* data = (unsigned char*)malloc(DATA_INC_LEN + BLOCK_SIZE_MAX);
+    unsigned char* data = (unsigned char*)XMALLOC(DATA_INC_LEN + BLOCK_SIZE_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (data != NULL) {
         /* Read more data. */
@@ -116,19 +116,17 @@ static int pemApp_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
             }
 
             /* Make space for more data to be added to buffer. */
-            p = (unsigned char*)realloc(data, len + DATA_INC_LEN +
-                BLOCK_SIZE_MAX);
+            p = (unsigned char*)XREALLOC(data, len + DATA_INC_LEN +
+                BLOCK_SIZE_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             if (p == NULL) {
                 /* Reallocation failed - free current buffer. */
-                free(data);
+                XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 data = NULL;
                 break;
             }
             /* Set data to new pointer. */
             data = p;
         }
-        /* Done with file. */
-        fclose(fp);
     }
 
     if (data != NULL) {
@@ -161,8 +159,6 @@ static int WriteFile(FILE* fp, const char* data, word32 len)
        fprintf(stderr, "Failed to write\n");
        ret = 1;
     }
-    /* Close file. */
-    fclose(fp);
 
     return ret;
 }
@@ -555,7 +551,7 @@ static int EncryptDer(unsigned char* in, word32 in_len, char* password,
         ret = wc_CreateEncryptedPKCS8Key(in, in_len, NULL, enc_len, password,
             (int)strlen(password), pbe_ver, pbe, enc_alg_id, salt, salt_sz,
             (int)iterations, &rng, NULL);
-        if (ret == LENGTH_ONLY_E) {
+        if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             ret = 0;
         }
         else if (ret == 0) {
@@ -564,7 +560,7 @@ static int EncryptDer(unsigned char* in, word32 in_len, char* password,
     }
     if (ret == 0) {
         /* Allocate memory for encrypted DER data. */
-        *enc = (unsigned char*)malloc(*enc_len);
+        *enc = (unsigned char*)XMALLOC(*enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (*enc == NULL) {
             ret = 1;
         }
@@ -617,7 +613,7 @@ static int ConvDerToPem(unsigned char* in, word32 offset, word32 len,
     }
     if ((ret == 0) && (pem_len > 0)) {
         /* Allocate memory to hold PEM encoding. */
-        pem = (unsigned char*)malloc(pem_len);
+        pem = (unsigned char*)XMALLOC(pem_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (pem == NULL) {
             ret = 1;
         }
@@ -628,7 +624,7 @@ static int ConvDerToPem(unsigned char* in, word32 offset, word32 len,
             type);
         if (ret <= 0) {
             fprintf(stderr, "Could not convert DER to PEM\n");
-            free(pem);
+            XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         }
         if (ret > 0) {
             *out = pem;
@@ -766,7 +762,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No type string provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             type_str = argv[0];
         }
@@ -776,16 +773,19 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No filename provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             if (in_file != stdin) {
                 fprintf(stderr, "At most one input file can be supplied.\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             in_file = fopen(argv[0], "r");
             if (in_file == NULL) {
                 fprintf(stderr, "File not able to be read: %s\n", argv[0]);
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
         /* Name of output file. */
@@ -794,7 +794,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No filename provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             out_name = argv[0];
         }
@@ -805,7 +806,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No filename provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             offset = (word32)strtoul(argv[0], NULL, 10);
         }
@@ -817,7 +819,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No password provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             info.passwd_cb = password_from_userdata;
             info.passwd_userdata = argv[0];
@@ -846,10 +849,12 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No PBE version provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             if (StringToPbeVer(argv[0], &pbe_ver) != 0) {
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
         /* PBE algorithm. */
@@ -859,10 +864,12 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No PBE provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             if (StringToPbe(argv[0], &pbe) != 0) {
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
         /* PBES2 algorithm. */
@@ -872,10 +879,12 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No PBE algorithm provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             if (StringToPbeAlg(argv[0], &pbe_alg) != 0) {
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
         /* Number of PBE iterations. */
@@ -885,7 +894,8 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No filename provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             iterations = (unsigned int)strtoul(argv[0], NULL, 10);
         }
@@ -896,13 +906,15 @@ int main(int argc, char* argv[])
             argv++;
             if (argc == 0) {
                 fprintf(stderr, "No salt size provided\n");
-                return 1;
+                ret = 1;
+                goto out;
             }
             salt_sz = (unsigned int)strtoul(argv[0], NULL, 10);
             if (salt_sz > SALT_MAX_LEN) {
                 fprintf(stderr, "Salt size must be no bigger than %d: %d\n",
                     SALT_MAX_LEN, salt_sz);
-                return 1;
+                ret = 1;
+                goto out;
             }
         }
 #endif /* WOLFSSL_ENCRYPTED_KEYS !NO_PWDBASED */
@@ -918,12 +930,14 @@ int main(int argc, char* argv[])
         else if ((strcmp(argv[0], "-?") == 0) ||
                  (strcmp(argv[0], "--help") == 0)) {
             Usage();
-            return 0;
+            ret = 0;
+            goto out;
         }
         else {
             fprintf(stderr, "Bad option: %s\n", argv[0]);
             Usage();
-            return 1;
+            ret = 1;
+            goto out;
         }
 
         /* Move on to next command line argument. */
@@ -1005,25 +1019,33 @@ int main(int argc, char* argv[])
         }
     }
 
+out:
     /* Dispose of allocated data. */
     if (der != NULL) {
         wc_FreeDer(&der);
     }
     else if (out != NULL) {
-        free(out);
+        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #if defined(WOLFSSL_DER_TO_PEM) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
     !defined(NO_PWDBASED)
     if (enc != NULL) {
-        free(enc);
+        XFREE(enc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
 #endif
     if (in != NULL) {
-        free(in);
+        XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (ret < 0) {
         fprintf(stderr, "%s\n", wc_GetErrorString(ret));
     }
+
+    if ((in_file != stdin) && (in_file != NULL))
+        (void)fclose(in_file);
+
+    if ((out_file != stdout) && (out_file != NULL))
+        (void)fclose(out_file);
+
     return (ret == 0) ? 0 : 1;
 }
 
diff --git a/examples/sctp/sctp-client-dtls.c b/examples/sctp/sctp-client-dtls.c
index 2f925d10d..a2d103292 100644
--- a/examples/sctp/sctp-client-dtls.c
+++ b/examples/sctp/sctp-client-dtls.c
@@ -1,6 +1,6 @@
 /* sctp-client-dtls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/sctp/sctp-client.c b/examples/sctp/sctp-client.c
index 04e3c56b8..46cc0a50c 100644
--- a/examples/sctp/sctp-client.c
+++ b/examples/sctp/sctp-client.c
@@ -1,6 +1,6 @@
 /* sctp-client.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/sctp/sctp-server-dtls.c b/examples/sctp/sctp-server-dtls.c
index bbe9835a0..a6335c5f2 100644
--- a/examples/sctp/sctp-server-dtls.c
+++ b/examples/sctp/sctp-server-dtls.c
@@ -1,6 +1,6 @@
 /* sctp-server-dtls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/sctp/sctp-server.c b/examples/sctp/sctp-server.c
index 2f33ada32..fb335f779 100644
--- a/examples/sctp/sctp-server.c
+++ b/examples/sctp/sctp-server.c
@@ -1,6 +1,6 @@
 /* sctp-server.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/server/server.c b/examples/server/server.c
index d7f4f07b5..77fe29b12 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -1,6 +1,6 @@
 /* server.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,6 +33,15 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
+/* Force enable the compatibility macros for this example */
+#ifndef OPENSSL_EXTRA_X509_SMALL
+#define OPENSSL_EXTRA_X509_SMALL
+#endif
+#include <wolfssl/openssl/ssl.h>
+
+#undef OPENSSL_EXTRA_X509_SMALL
 #include <wolfssl/ssl.h> /* name change portability layer */
 
 #ifdef HAVE_ECC
@@ -64,15 +73,9 @@ static const char *wolfsentry_config_path = NULL;
 #include <wolfssl/test.h>
 #include <wolfssl/error-ssl.h>
 
-/* Force enable the compatibility macros for this example */
-#ifndef OPENSSL_EXTRA_X509_SMALL
-#define OPENSSL_EXTRA_X509_SMALL
-#endif
-#include <wolfssl/openssl/ssl.h>
-
 #include "examples/server/server.h"
 
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
 
 #if defined(WOLFSSL_TLS13) && ( \
        defined(HAVE_ECC) \
@@ -342,7 +345,7 @@ static int NonBlockingSSL_Accept(SSL* ssl)
     while (ret != WOLFSSL_SUCCESS &&
         (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || error == WC_PENDING_E
+            || error == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
     )) {
         if (error == WOLFSSL_ERROR_WANT_READ) {
@@ -353,7 +356,7 @@ static int NonBlockingSSL_Accept(SSL* ssl)
         }
 
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (error == WC_PENDING_E) {
+        if (error == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) break;
         }
@@ -378,7 +381,7 @@ static int NonBlockingSSL_Accept(SSL* ssl)
         if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY)
             || (select_ret == TEST_ERROR_READY)
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || error == WC_PENDING_E
+            || error == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             #ifndef WOLFSSL_CALLBACKS
@@ -420,7 +423,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
     size_t xfer_bytes = 0;
     char* buffer;
 
-    buffer = (char*)malloc((size_t)block);
+    buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (!buffer) {
         err_sys_ex(runWithErrors, "Server buffer malloc failed");
     }
@@ -447,22 +450,23 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
                 if (ret <= 0) {
                     err = SSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                     else
                 #endif
                     if (err != WOLFSSL_ERROR_WANT_READ &&
-                                             err != WOLFSSL_ERROR_WANT_WRITE &&
-                                             err != WOLFSSL_ERROR_ZERO_RETURN &&
-                                             err != APP_DATA_READY) {
+                        err != WOLFSSL_ERROR_WANT_WRITE &&
+                        err != WOLFSSL_ERROR_ZERO_RETURN &&
+                        err != WC_NO_ERR_TRACE(APP_DATA_READY))
+                    {
                         LOG_ERROR("SSL_read echo error %d\n", err);
                         err_sys_ex(runWithErrors, "SSL_read failed");
                         break;
                     }
                     if (err == WOLFSSL_ERROR_ZERO_RETURN) {
-                        free(buffer);
+                        XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                         return WOLFSSL_ERROR_ZERO_RETURN;
                     }
                 }
@@ -484,13 +488,13 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
                 if (ret <= 0) {
                     err = SSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret != (int)min((word32)len, (word32)rx_pos)) {
                 LOG_ERROR("SSL_write echo error %d\n", err);
                 err_sys_ex(runWithErrors, "SSL_write failed");
@@ -504,7 +508,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
         }
     }
 
-    free(buffer);
+    XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (throughput) {
 #ifdef __MINGW32__
@@ -545,7 +549,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
             err = SSL_get_error(ssl, ret);
 
         #ifdef HAVE_SECURE_RENEGOTIATION
-            if (err == APP_DATA_READY) {
+            if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
                 /* If we receive a message during renegotiation
                  * then just print it. We return the message sent
                  * after the renegotiation. */
@@ -563,14 +567,14 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
             }
         #endif
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
             else
         #endif
         #ifdef WOLFSSL_DTLS
-            if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
+            if (wolfSSL_dtls(ssl) && err == WC_NO_ERR_TRACE(DECRYPT_ERROR)) {
                 LOG_ERROR("Dropped client's message due to a bad MAC\n");
             }
             else
@@ -579,7 +583,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
                     && err != WOLFSSL_ERROR_WANT_WRITE /* Can happen during
                                                         * handshake */
         #ifdef HAVE_SECURE_RENEGOTIATION
-                    && err != APP_DATA_READY
+                    && err != WC_NO_ERR_TRACE(APP_DATA_READY)
         #endif
             ) {
                 LOG_ERROR("SSL_read input error %d, %s\n", err,
@@ -595,14 +599,14 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
             #endif
             do {
             #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_PENDING_E) {
+                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                     ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     if (ret < 0) break;
                 }
             #endif
                 ret = wolfSSL_peek(ssl, buffer, 0);
                 err = SSL_get_error(ssl, ret);
-            } while (err == WC_PENDING_E
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E)
                 || err == WOLFSSL_ERROR_WANT_READ
                 || err == WOLFSSL_ERROR_WANT_WRITE);
             if (err < 0) {
@@ -611,7 +615,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
             if (wolfSSL_pending(ssl))
                 err = WOLFSSL_ERROR_WANT_READ;
         }
-    } while (err == WC_PENDING_E
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E)
              || err == WOLFSSL_ERROR_WANT_READ
              || err == WOLFSSL_ERROR_WANT_WRITE);
     if (ret > 0) {
@@ -641,7 +645,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
             err = SSL_get_error(ssl, 0);
 
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) break;
             }
@@ -652,7 +656,8 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
             len = (outputLen -= ret);
             err = WOLFSSL_ERROR_WANT_WRITE;
         }
-    } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_WRITE);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+             err == WOLFSSL_ERROR_WANT_WRITE);
     if (ret != outputLen) {
         char buffer[WOLFSSL_MAX_ERROR_SZ];
         LOG_ERROR("SSL_write msg error %d, %s\n", err,
@@ -684,12 +689,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_X25519;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve x25519");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         }
         else if (useX448) {
@@ -699,35 +704,141 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_X448;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve x448");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
         }
         else if (usePqc == 1) {
     #ifdef HAVE_PQC
             groups[count] = 0;
+    #ifndef WOLFSSL_NO_ML_KEM
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) {
+                groups[count] = WOLFSSL_ML_KEM_512;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) {
+                groups[count] = WOLFSSL_ML_KEM_768;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) {
+                groups[count] = WOLFSSL_ML_KEM_1024;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) {
+                groups[count] = WOLFSSL_P256_ML_KEM_512;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) {
+                groups[count] = WOLFSSL_P384_ML_KEM_768;
+            }
+            else if (XSTRCMP(pqcAlg, "P256_ML_KEM_768") == 0) {
+                groups[count] = WOLFSSL_P256_ML_KEM_768;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) {
+                groups[count] = WOLFSSL_P521_ML_KEM_1024;
+            }
+            else if (XSTRCMP(pqcAlg, "P384_ML_KEM_1024") == 0) {
+                groups[count] = WOLFSSL_P384_ML_KEM_1024;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_ML_KEM_512") == 0) {
+                groups[count] = WOLFSSL_X25519_ML_KEM_512;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_ML_KEM_768") == 0) {
+                groups[count] = WOLFSSL_X25519_ML_KEM_768;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448)
+            if (XSTRCMP(pqcAlg, "X448_ML_KEM_768") == 0) {
+                groups[count] = WOLFSSL_X448_ML_KEM_768;
+            }
+            else
+        #endif
+    #endif /* WOLFSSL_NO_ML_KEM */
+    #ifdef WOLFSSL_MLKEM_KYBER
+        #ifndef WOLFSSL_NO_KYBER512
             if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
                 groups[count] = WOLFSSL_KYBER_LEVEL1;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) {
                 groups[count] = WOLFSSL_KYBER_LEVEL3;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
                 groups[count] = WOLFSSL_KYBER_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER512
+            if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
                 groups[count] = WOLFSSL_P256_KYBER_LEVEL1;
             }
-            else if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) {
                 groups[count] = WOLFSSL_P384_KYBER_LEVEL3;
             }
-            else if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
+            else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL3") == 0) {
+                groups[count] = WOLFSSL_P256_KYBER_LEVEL3;
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
                 groups[count] = WOLFSSL_P521_KYBER_LEVEL5;
             }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_KYBER512) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL1") == 0) {
+                groups[count] = WOLFSSL_X25519_KYBER_LEVEL1;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE25519)
+            if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL3") == 0) {
+                groups[count] = WOLFSSL_X25519_KYBER_LEVEL3;
+            }
+            else
+        #endif
+        #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE448)
+            if (XSTRCMP(pqcAlg, "X448_KYBER_LEVEL3") == 0) {
+                groups[count] = WOLFSSL_X448_KYBER_LEVEL3;
+            }
+            else
+        #endif
+    #endif
+            {
+                err_sys("invalid post-quantum KEM specified");
+            }
 
             if (groups[count] == 0) {
                 err_sys("invalid post-quantum KEM specified");
@@ -752,24 +863,24 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_SECP256R1;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve secp256r1");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         #elif defined(WOLFSSL_SM2)
             do {
                 ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SM2P256V1);
                 if (ret == WOLFSSL_SUCCESS)
                     groups[count++] = WOLFSSL_ECC_SM2P256V1;
             #ifdef WOLFSSL_ASYNC_CRYPT
-                else if (ret == WC_PENDING_E)
+                else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                     wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             #endif
                 else
                     err_sys("unable to use curve sm2p256r1");
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         #endif
     #endif
         }
@@ -781,12 +892,12 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             if (ret == WOLFSSL_SUCCESS)
                 groups[count++] = WOLFSSL_FFDHE_2048;
         #ifdef WOLFSSL_ASYNC_CRYPT
-            else if (ret == WC_PENDING_E)
+            else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
                 wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
         #endif
             else
                 err_sys("unable to use DH 2048-bit parameters");
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
     }
     if (count >= MAX_GROUP_NUMBER)
@@ -807,7 +918,7 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
 /*  4. add the same message into Japanese section         */
 /*     (will be translated later)                         */
 /*  5. add printf() into suitable position of Usage()     */
-static const char* server_usage_msg[][65] = {
+static const char* server_usage_msg[][66] = {
     /* English */
     {
         " NOTE: All files relative to wolfSSL home dir\n",               /* 0 */
@@ -957,8 +1068,25 @@ static const char* server_usage_msg[][65] = {
            " SSLv3(0) - TLS1.3(4)\n",                                   /* 59 */
 #endif
 #ifdef HAVE_PQC
-        "--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5,  P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5] \n", /* 60 */
+        "--pqc <alg> Key Share with specified post-quantum algorithm only:\n"
+#ifndef WOLFSSL_NO_ML_KEM
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
+            "\n"
+            "            P384_ML_KEM_768, P256_ML_KEM_768, P521_ML_KEM_1024,\n"
+            "            P384_ML_KEM_1024, X25519_ML_KEM_512, "
+            "X25519_ML_KEM_768,\n"
+            "            X448_ML_KEM_768\n"
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+            "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
+            "P256_KYBER_LEVEL1,\n"
+            "            P384_KYBER_LEVEL3, P256_KYBER_LEVEL3, "
+            "P521_KYBER_LEVEL5,\n"
+            "            X25519_KYBER_LEVEL1, X25519_KYBER_LEVEL3, "
+            "X448_KYBER_LEVEL3\n"
+#endif
+            "",
+                                                                        /* 60 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 61 */
@@ -979,11 +1107,14 @@ static const char* server_usage_msg[][65] = {
 #ifdef WOLFSSL_DUAL_ALG_CERTS
         "--altPrivKey <file> Generate alternative signature with this key.\n",
                                                                         /* 65 */
+#endif
+#ifdef WOLFSSL_SYS_CRYPTO_POLICY
+        "--crypto-policy  <path to crypto policy file>\n", /* 66 */
 #endif
         "\n"
            "For simpler wolfSSL TLS server examples, visit\n"
            "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n",
-                                                                        /* 66 */
+                                                                        /* 67 */
         NULL,
     },
 #ifndef NO_MULTIBYTE_PRINT
@@ -1149,8 +1280,19 @@ static const char* server_usage_msg[][65] = {
         " SSLv3(0) - TLS1.3(4)\n",                          /* 59 */
 #endif
 #ifdef HAVE_PQC
-        "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 60 */
+        "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ:\n"
+#ifndef WOLFSSL_NO_ML_KEM
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
+            "\n"
+            "            P384_ML_KEM_768, P521_ML_KEM_1024\n"
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+            "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
+            "P256_KYBER_LEVEL1,\n"
+            "            P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
+#endif
+            "",
+                                                                        /* 60 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (デフォルトはSRTP_AES128_CM_SHA1_80)\n",       /* 61 */
@@ -1173,12 +1315,15 @@ static const char* server_usage_msg[][65] = {
 #ifdef WOLFSSL_DUAL_ALG_CERTS
         "--altPrivKey <file> Generate alternative signature with this key.\n",
                                                                         /* 65 */
+#endif
+#ifdef WOLFSSL_SYS_CRYPTO_POLICY
+        "--crypto-policy  <path to crypto policy file>\n", /* 66 */
 #endif
         "\n"
         "より簡単なwolfSSL TSL クライアントの例については"
                                           "下記にアクセスしてください\n"
         "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n",
-                                                                        /* 66 */
+                                                                        /* 67 */
         NULL,
     },
 #endif
@@ -1365,7 +1510,7 @@ static int server_srtp_test(WOLFSSL *ssl, func_args *args)
 
     ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
                                                    &srtp_secret_length);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         LOG_ERROR("DTLS SRTP: Error getting key material length\n");
         return ret;
     }
@@ -1457,6 +1602,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #ifdef WOLFSSL_DUAL_ALG_CERTS
         { "altPrivKey", 1, 267},
 #endif
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+        { "crypto-policy", 1, 268 },
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
         { 0, 0, 0 }
     };
 #endif
@@ -1581,6 +1729,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
     char* crlDir = NULL;
 #endif
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    const char * policy = NULL;
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 
 #ifdef WOLFSSL_STATIC_MEMORY
     /* Note: Actual memory used is much less, this is the entire buffer buckets,
@@ -1859,7 +2010,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 }
                 else if (XSTRCMP(myoptarg, "verifyInfo") == 0) {
                     printf("Verify should use preverify (just show info)\n");
-                    myVerifyAction = VERIFY_USE_PREVERFIY;
+                    myVerifyAction = VERIFY_USE_PREVERIFY;
                 }
                 else if (XSTRCMP(myoptarg, "loadSSL") == 0) {
                     printf("Also load cert/key into wolfSSL object\n");
@@ -2231,10 +2382,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 
 #ifdef HAVE_PQC
             case 259:
+            {
                 usePqc = 1;
+    #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
                 onlyKeyShare = 2;
+    #endif
                 pqcAlg = myoptarg;
-                break;
+            } break;
 #endif
 
 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
@@ -2323,7 +2477,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                     err_sys("provided connection ID is too big");
                 }
                 else {
-                    strcpy(dtlsCID, myoptarg);
+                    XSTRLCPY(dtlsCID, myoptarg, DTLS_CID_BUFFER_SIZE);
                 }
             }
             break;
@@ -2350,6 +2504,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             altPrivKey = myoptarg;
             break;
 #endif
+            case 268:
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+                policy = myoptarg;
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+                break;
 
         case -1:
             default:
@@ -2504,6 +2663,14 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
     if (method == NULL)
         err_sys_ex(runWithErrors, "unable to get method");
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (policy != NULL) {
+        if (wolfSSL_crypto_policy_enable(policy) != WOLFSSL_SUCCESS) {
+            err_sys("wolfSSL_crypto_policy_enable failed");
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 #ifdef WOLFSSL_STATIC_MEMORY
     #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN)
     /* print off helper buffer sizes for use with static memory
@@ -2567,7 +2734,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #ifdef WOLFSSL_SRTP
     if (dtlsSrtpProfiles != NULL) {
         if (wolfSSL_CTX_set_tlsext_use_srtp(ctx, dtlsSrtpProfiles)
-                                                           != WOLFSSL_SUCCESS) {
+                                                           != 0) {
             err_sys_ex(catastrophic, "unable to set DTLS SRTP profile");
         }
     }
@@ -2661,7 +2828,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
                                                            defined(WOLFSSL_DTLS)
     if (dtlsMTU)
-        wolfSSL_CTX_dtls_set_mtu(ctx, dtlsMTU);
+        wolfSSL_CTX_dtls_set_mtu(ctx, (unsigned short)dtlsMTU);
 #endif
 
 #ifdef WOLFSSL_SCTP
@@ -3192,14 +3359,14 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 
                     }
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                    else if (ret == WC_PENDING_E) {
+                    else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                     }
                     #endif
                     else {
                         err_sys("Failed wolfSSL_UseKeyShare in force-curve");
                     }
-                } while (ret == WC_PENDING_E);
+                } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
                 ret = wolfSSL_set_groups(ssl, &force_curve_group_id, 1);
                 if (WOLFSSL_SUCCESS != ret) {
                     err_sys("Failed wolfSSL_set_groups in force-curve");
@@ -3402,7 +3569,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                     if (ret <= 0) {
                         err = SSL_get_error(ssl, 0);
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                        if (err == WC_PENDING_E) {
+                        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                             /* returns the number of polled items or <0 for
                              * error */
                             ret = wolfSSL_AsyncPoll(ssl,
@@ -3415,7 +3582,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                         input[ret] = 0; /* null terminate message */
                         printf("Early Data Client message: %s\n", input);
                     }
-                } while (err == WC_PENDING_E || ret > 0);
+                } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) || ret > 0);
             }
     #endif
             do {
@@ -3424,13 +3591,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 if (ret != WOLFSSL_SUCCESS) {
                     err = SSL_get_error(ssl, 0);
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_PENDING_E) {
+                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                         if (ret < 0) break;
                     }
                 #endif
                 }
-            } while (err == WC_PENDING_E);
+            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         }
 #else
         if (nonBlocking) {
@@ -3572,10 +3739,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         unsigned int receivedCIDSz;
         printf("CID extension was negotiated\n");
         ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
-        if (ret != WOLFSSL_SUCCESS)
-            err_sys("Can't get negotiated DTLS CID size\n");
-
-        if (receivedCIDSz > 0) {
+        if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) {
             ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
                 DTLS_CID_BUFFER_SIZE - 1);
             if (ret != WOLFSSL_SUCCESS)
@@ -3601,7 +3765,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             if (err == WOLFSSL_SUCCESS)
                 printf("Sent ALPN protocol : %s (%d)\n",
                        protocol_name, protocol_nameSz);
-            else if (err == WOLFSSL_ALPN_NOT_FOUND)
+            else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND))
                 printf("No ALPN response sent (no match)\n");
             else
                 printf("Getting ALPN protocol name failed\n");
@@ -3613,7 +3777,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             else
                 printf("Get list of client's protocol name failed\n");
 
-            free(list);
+            (void)wolfSSL_ALPN_FreePeerProtocol(ssl, &list);
         }
 #endif
 
@@ -3632,12 +3796,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                             err == WOLFSSL_ERROR_WANT_WRITE) {
                         do {
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
                         #endif
-                            if (err == APP_DATA_READY) {
+                            if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
                                 if (wolfSSL_read(ssl, input, sizeof(input)-1) < 0) {
                                     err_sys("APP DATA should be present but error returned");
                                 }
@@ -3649,9 +3813,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                             }
                         } while (ret != WOLFSSL_SUCCESS &&
                                 (err == WOLFSSL_ERROR_WANT_READ ||
-                                        err == WOLFSSL_ERROR_WANT_WRITE ||
-                                        err == APP_DATA_READY ||
-                                        err == WC_PENDING_E));
+                                 err == WOLFSSL_ERROR_WANT_WRITE ||
+                                 err == WC_NO_ERR_TRACE(APP_DATA_READY) ||
+                                 err == WC_NO_ERR_TRACE(WC_PENDING_E)));
 
                         if (ret == WOLFSSL_SUCCESS) {
                             printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n");
@@ -3672,12 +3836,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) {
 #ifdef WOLFSSL_ASYNC_CRYPT
                     err = wolfSSL_get_error(ssl, 0);
-                    while (err == WC_PENDING_E) {
+                    while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         err = 0;
                         ret = wolfSSL_negotiate(ssl);
                         if (ret != WOLFSSL_SUCCESS) {
                             err = wolfSSL_get_error(ssl, 0);
-                            if (err == WC_PENDING_E) {
+                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                                 if (ret < 0) break;
                             }
@@ -3748,11 +3912,16 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 ServerRead(ssl, input, sizeof(input)-1);
 #endif
         }
-        else if (err == 0 || err == WOLFSSL_ERROR_ZERO_RETURN) {
+        else if (err == 0 ||
+                 err == WOLFSSL_ERROR_ZERO_RETURN)
+        {
             err = ServerEchoData(ssl, clientfd, echoData, block, throughput);
             /* Got close notify. Ignore it if not expecting a failure. */
-            if (err == WOLFSSL_ERROR_ZERO_RETURN && exitWithRet == 0)
+            if (err == WOLFSSL_ERROR_ZERO_RETURN &&
+                exitWithRet == 0)
+            {
                 err = 0;
+            }
             if (err != 0) {
                 SSL_free(ssl); ssl = NULL;
                 SSL_CTX_free(ctx); ctx = NULL;
@@ -3896,7 +4065,7 @@ exit:
     WOLFSSL_RETURN_FROM_THREAD(0);
 }
 
-#endif /* !NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */
 
 
 /* so overall tests can pull in test function */
@@ -3927,7 +4096,7 @@ exit:
 #endif
         ChangeToWolfRoot();
 
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
 #ifdef HAVE_STACK_SIZE
         StackSizeCheck(&args, server_test);
 #else
diff --git a/examples/server/server.h b/examples/server/server.h
index 0750f4ca9..05c3a8fdd 100644
--- a/examples/server/server.h
+++ b/examples/server/server.h
@@ -1,6 +1,6 @@
 /* server.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/examples/server/server.vcxproj b/examples/server/server.vcxproj
index 8f11fee8f..3695fc1eb 100644
--- a/examples/server/server.vcxproj
+++ b/examples/server/server.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -111,6 +155,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="server.c" />
   </ItemGroup>
diff --git a/fips-check.sh b/fips-check.sh
index a134bddab..41d04b053 100755
--- a/fips-check.sh
+++ b/fips-check.sh
@@ -14,14 +14,22 @@
 MAKE="${MAKE:-make}"
 GIT="${GIT:-git -c advice.detachedHead=false}"
 TEST_DIR="${TEST_DIR:-XXX-fips-test}"
+case "$TEST_DIR" in
+    /*) ;;
+    *) TEST_DIR="${PWD}/${TEST_DIR}"
+       ;;
+esac
 FLAVOR="${FLAVOR:-linux}"
 KEEP="${KEEP:-no}"
 MAKECHECK=${MAKECHECK:-yes}
+DOCONFIGURE=${DOCONFIGURE:-yes}
+DOAUTOGEN=${DOAUTOGEN:-yes}
 FIPS_REPO="${FIPS_REPO:-git@github.com:wolfssl/fips.git}"
+WOLFSSL_REPO="${WOLFSSL_REPO:-git@github.com:wolfssl/wolfssl.git}"
 
 Usage() {
     cat <<usageText
-Usage: $0 [flavor] [keep]
+Usage: $0 [flavor] [keep] [nomakecheck] [nodoconfigure] [noautogen]
 Flavor is one of:
     linuxv2 (FIPSv2, use for Win10)
     fipsv2-OE-ready (ready FIPSv2)
@@ -33,7 +41,11 @@ Flavor is one of:
     fips-dev (dev FIPS 140-3)
     wolfrand
     wolfentropy
-Keep (default off) retains the temp dir $TEST_DIR for inspection.
+    v6.0.0
+keep: (default off) retains the temp dir $TEST_DIR for inspection.
+nomakecheck: (default off) don't run make check
+nodoconfigure: (default off) don't run configure
+noautogen: (default off) don't run autogen
 
 Example:
     $0 windows keep
@@ -43,6 +55,8 @@ usageText
 while [ "$1" ]; do
   if [ "$1" = 'keep' ]; then KEEP='yes';
   elif [ "$1" = 'nomakecheck' ]; then MAKECHECK='no';
+  elif [ "$1" = 'nodoconfigure' ]; then DOCONFIGURE='no';
+  elif [ "$1" = 'noautogen' ]; then DOCONFIGURE='no'; DOAUTOGEN='no';
   else FLAVOR="$1"; fi
   shift
 done
@@ -141,8 +155,8 @@ marvell-linux-selftest)
     'wolfssl/wolfcrypt/sha512.h:v4.1.0-stable'
   )
   ;;
-linuxv5)
-  FIPS_OPTION='v5'
+linuxv5-RC12)
+  FIPS_OPTION='v5-RC12'
   FIPS_FILES=(
     'wolfcrypt/src/fips.c:WCv5.2.0.1-RC01'
     'wolfcrypt/src/fips_test.c:WCv5.0-RC12'
@@ -183,14 +197,14 @@ linuxv5)
     'wolfssl/wolfcrypt/sha512.h:WCv5.0-RC12'
   )
   ;;
-linuxv5.2.1)
+linuxv5|linuxv5.2.1)
   FIPS_OPTION='v5'
   FIPS_FILES=(
     'wolfcrypt/src/fips.c:v5.2.1-stable'
     'wolfcrypt/src/fips_test.c:v5.2.1-stable'
     'wolfcrypt/src/wolfcrypt_first.c:v5.2.1-stable'
     'wolfcrypt/src/wolfcrypt_last.c:v5.2.1-stable'
-    'wolfssl/wolfcrypt/fips.h:v5.2.1-stable'
+    'wolfssl/wolfcrypt/fips.h:v5.2.1-stable-OS_Seed-HdrOnly'
   )
   WOLFCRYPT_FILES=(
     'wolfcrypt/src/aes.c:v5.2.1-stable'
@@ -217,7 +231,7 @@ linuxv5.2.1)
     'wolfssl/wolfcrypt/fips_test.h:v5.2.1-stable'
     'wolfssl/wolfcrypt/hmac.h:v5.2.1-stable'
     'wolfssl/wolfcrypt/kdf.h:v5.2.1-stable'
-    'wolfssl/wolfcrypt/random.h:v5.2.1-stable'
+    'wolfssl/wolfcrypt/random.h:v5.2.1-stable-OS_Seed-HdrOnly'
     'wolfssl/wolfcrypt/rsa.h:v5.2.1-stable'
     'wolfssl/wolfcrypt/sha.h:v5.2.1-stable'
     'wolfssl/wolfcrypt/sha256.h:v5.2.1-stable'
@@ -225,8 +239,111 @@ linuxv5.2.1)
     'wolfssl/wolfcrypt/sha512.h:v5.2.1-stable'
   )
   ;;
+v6.0.0)
+  WOLF_REPO_TAG='WCv6.0.0-RC5'
+  FIPS_REPO_TAG='WCv6.0.0-RC4'
+  ASM_PICKUPS_TAG='WCv6.0.0-RC4'
+  FIPS_OPTION='v6'
+  FIPS_FILES=(
+    "wolfcrypt/src/fips.c:${FIPS_REPO_TAG}"
+    "wolfcrypt/src/fips_test.c:${FIPS_REPO_TAG}"
+    "wolfcrypt/src/wolfcrypt_first.c:${FIPS_REPO_TAG}"
+    "wolfcrypt/src/wolfcrypt_last.c:${FIPS_REPO_TAG}"
+    "wolfssl/wolfcrypt/fips.h:${FIPS_REPO_TAG}"
+  )
+  WOLFCRYPT_FILES=(
+    "wolfcrypt/src/aes_asm.asm:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/aes_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/aes_gcm_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/aes_gcm_x86_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/aes_xts_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/aes.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-aes-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-curve25519_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-curve25519.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha256-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha3-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-32-sha512-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-aes.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-curve25519_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-curve25519.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-sha256.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-sha3-asm_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-sha3-asm.S:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-sha512-asm_c.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/armv8-sha512-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/armv8-sha512.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/cmac.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/curve25519.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/curve448.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/dh.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/ecc.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/ed25519.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/ed448.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/hmac.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/kdf.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/pwdbased.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/random.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/rsa.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha256_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha256.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha3.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha3_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha512_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sha512.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sp_arm32.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/sp_arm64.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/sp_armthumb.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/sp_c32.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/sp_c64.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/sp_cortexm.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/sp_x86_64_asm.asm:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sp_x86_64_asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/sp_x86_64.c:${ASM_PICKUPS_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-aes-asm_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-aes-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-curve25519_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-curve25519.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha256-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha3-asm.S:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/arm/thumb2-sha512-asm.S:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/aes.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/cmac.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/curve25519.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/curve448.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/dh.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/ecc.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/ed25519.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/ed448.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/fips_test.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/hmac.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/kdf.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/pwdbased.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/random.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/rsa.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/sha.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/sha256.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/sha3.h:${WOLF_REPO_TAG}"
+    "wolfssl/wolfcrypt/sha512.h:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/riscv/riscv-64-sha256.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/riscv/riscv-64-sha3.c:${WOLF_REPO_TAG}"
+    "wolfcrypt/src/port/riscv/riscv-64-sha512.c:${WOLF_REPO_TAG}"
+  )
+  ;;
 fips-ready|fips-dev)
-  FIPS_OPTION='ready'
+  if [ "$FLAVOR" = 'fips-dev' ]; then
+      FIPS_OPTION='dev'
+  else
+      FIPS_OPTION='ready'
+  fi
   FIPS_FILES=(
     'wolfcrypt/src/fips.c:master'
     'wolfcrypt/src/fips_test.c:master'
@@ -235,7 +352,6 @@ fips-ready|fips-dev)
     'wolfssl/wolfcrypt/fips.h:master'
   )
   WOLFCRYPT_FILES=()
-  if [ "$FLAVOR" = 'fips-dev' ]; then FIPS_OPTION='dev'; fi
   ;;
 wolfrand)
   FIPS_OPTION='rand'
@@ -334,22 +450,144 @@ function copy_fips_files() {
     done
 }
 
-if ! $GIT clone . "$TEST_DIR"; then
-    echo "fips-check: Couldn't duplicate current working directory."
+# Note, it would be cleaner to compute the tag lists using associative arrays,
+# but those were introduced in bash-4.  It's more important to maintain backward
+# compatibility here.
+
+declare -a WOLFCRYPT_TAGS_NEEDED_UNSORTED WOLFCRYPT_TAGS_NEEDED
+if [ ${#WOLFCRYPT_FILES[@]} -gt 0 ]; then
+    for file_entry in "${WOLFCRYPT_FILES[@]}"; do
+        WOLFCRYPT_TAGS_NEEDED_UNSORTED+=("${file_entry#*:}")
+    done
+    while IFS= read -r tag; do WOLFCRYPT_TAGS_NEEDED+=("$tag"); done < <(IFS=$'\n'; sort -u <<< "${WOLFCRYPT_TAGS_NEEDED_UNSORTED[*]}")
+    if [ "${#WOLFCRYPT_TAGS_NEEDED[@]}" = "0" ]; then
+        echo "Error -- missing wolfCrypt tags." 1>&2
+        exit 1
+    fi
+fi
+
+declare -a FIPS_TAGS_NEEDED_UNSORTED FIPS_TAGS_NEEDED
+for file_entry in "${FIPS_FILES[@]}"; do
+    FIPS_TAGS_NEEDED_UNSORTED+=("${file_entry#*:}")
+done
+while IFS= read -r tag; do FIPS_TAGS_NEEDED+=("$tag"); done < <(IFS=$'\n'; sort -u <<< "${FIPS_TAGS_NEEDED_UNSORTED[*]}")
+if [ "${#FIPS_TAGS_NEEDED[@]}" = "0" ]; then
+    echo "Error -- missing FIPS tags." 1>&2
     exit 1
 fi
 
-pushd "$TEST_DIR" || exit 2
+if [ ${#WOLFCRYPT_TAGS_NEEDED[@]} -gt 0 ]; then
+    echo "wolfCrypt tag$( [[ ${#WOLFCRYPT_TAGS_NEEDED[@]} != "1" ]] && echo -n 's'):"
 
-if ! $GIT clone "$FIPS_REPO" fips; then
-    echo "fips-check: Couldn't check out FIPS repository."
+    # Only use shallow fetch if the repo already has shallow branches, to avoid
+    # tainting full repos with shallow objects.
+    if [ -f .git/shallow ]; then
+        shallow_args=(--depth 1)
+    else
+        shallow_args=()
+    fi
+
+    for tag in "${WOLFCRYPT_TAGS_NEEDED[@]}"; do
+        if $GIT describe --long --exact-match "$tag" 2>/dev/null; then
+            continue
+        fi
+        if ! $GIT fetch "${shallow_args[@]}" "$WOLFSSL_REPO" tag "$tag"; then
+            echo "Can't fetch wolfCrypt tag: $tag" 1>&2
+            exit 1
+        fi
+        # Make sure the tag is associated:
+        $GIT tag "$tag" FETCH_HEAD >/dev/null 2>&1
+    done
+fi
+
+if ! $GIT clone --shared . "$TEST_DIR"; then
+    echo "fips-check: Couldn't clone current working directory." 1>&2
     exit 1
 fi
 
+# If there is a FIPS repo under the parent directory, leverage that:
+if [ -d ../fips/.git ]; then
+    pushd ../fips 1>/dev/null || exit 2
+
+    # Only use shallow fetch if the repo already has shallow branches, to avoid
+    # tainting full repos with shallow objects.
+    if [ -f .git/shallow ]; then
+        shallow_args=(--depth 1)
+    else
+        shallow_args=()
+    fi
+
+    echo "FIPS tag$( [[ ${#FIPS_TAGS_NEEDED[@]} != "1" ]] && echo -n 's'):"
+    for tag in "${FIPS_TAGS_NEEDED[@]}"; do
+        if [ "$tag" = "master" ]; then
+            # master is handled specially below.
+            continue
+        fi
+        if $GIT describe --long --exact-match "$tag" 2>/dev/null; then
+            continue
+        fi
+        if ! $GIT fetch "${shallow_args[@]}" "$FIPS_REPO" tag "$tag"; then
+            echo "Can't fetch FIPS tag: $tag" 1>&2
+            exit 1
+        fi
+        # Make sure the tag is associated:
+        $GIT tag "$tag" FETCH_HEAD >/dev/null 2>&1
+    done
+
+    # The current tooling for the FIPS tests is in the master branch and must be
+    # checked out here.
+    if ! $GIT clone --shared --branch master . "${TEST_DIR}/fips"; then
+        echo "fips-check: Couldn't clone current working directory." 1>&2
+        exit 1
+    fi
+
+    popd 1>/dev/null || exit 2
+
+    # Make sure master is up-to-date:
+    pushd "${TEST_DIR}/fips" 1>/dev/null || exit 2
+    if ! $GIT pull "$FIPS_REPO" master; then
+        echo "Can't refresh master FIPS tag" 1>&2
+        exit 1
+    fi
+    popd 1>/dev/null || exit 2
+fi
+
+pushd "$TEST_DIR" 1>/dev/null || exit 2
+
+if [ ! -d fips ]; then
+    # The current tooling for the FIPS tests is in the master branch and must be
+    # checked out here.
+    if ! $GIT clone --depth 1 --branch master "$FIPS_REPO" fips; then
+        echo "fips-check: Couldn't check out FIPS repository."
+        exit 1
+    fi
+
+    pushd fips 1>/dev/null || exit 2
+    echo "FIPS tag$( [[ ${#FIPS_TAGS_NEEDED[@]} != "1" ]] && echo -n 's'):"
+    for tag in "${FIPS_TAGS_NEEDED[@]}"; do
+        if [ "$tag" = "master" ]; then
+            # master was just cloned fresh from $FIPS_REPO above.
+            continue
+        fi
+        if $GIT describe --long --exact-match "$tag" 2>/dev/null; then
+            continue
+        fi
+        # The FIPS repo here is an ephemeral clone, so we can safely use shallow
+        # fetch unconditionally.
+        if ! $GIT fetch --depth 1 "$FIPS_REPO" tag "$tag"; then
+            echo "Can't fetch FIPS tag: $tag" 1>&2
+            exit 1
+        fi
+        # Make sure the tag is associated:
+        $GIT tag "$tag" FETCH_HEAD >/dev/null 2>&1
+    done
+    popd 1>/dev/null || exit 2
+fi
+
 checkout_files "${WOLFCRYPT_FILES[@]}" || exit 3
-pushd fips || exit 2
+pushd fips 1>/dev/null || exit 2
 copy_fips_files "${FIPS_FILES[@]}" || exit 3
-popd || exit 2
+popd 1>/dev/null || exit 2
 
 # When checking out cert 3389 ready code, NIST will no longer perform
 # new certifications on 140-2 modules. If we were to use the latest files from
@@ -363,43 +601,47 @@ if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ]; then
 fi
 
 # run the make test
-./autogen.sh
-
-case "$FIPS_OPTION" in
-cavp-selftest)
-    ./configure --enable-selftest
-    ;;
-cavp-selftest-v2)
-    ./configure --enable-selftest=v2
-    ;;
-*)
-    ./configure --enable-fips=$FIPS_OPTION
-    ;;
-esac
-
-if ! $MAKE; then
-    echo 'fips-check: Make failed. Debris left for analysis.'
-    exit 3
+if [ "$DOAUTOGEN" = "yes" ]; then
+    ./autogen.sh
 fi
 
-if [ -s wolfcrypt/src/fips_test.c ]; then
-    NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
-    if [ -n "$NEWHASH" ]; then
-        cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
-        sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak >wolfcrypt/src/fips_test.c
-        make clean
-    fi
-fi
+if [ "$DOCONFIGURE" = "yes" ]; then
+    case "$FIPS_OPTION" in
+    cavp-selftest)
+        ./configure --enable-selftest
+        ;;
+    cavp-selftest-v2)
+        ./configure --enable-selftest=v2
+        ;;
+    *)
+        ./configure --enable-fips=$FIPS_OPTION
+        ;;
+    esac
 
-if [ "$MAKECHECK" = "yes" ]; then
-    if ! $MAKE check; then
-        echo 'fips-check: Test failed. Debris left for analysis.'
+    if ! $MAKE; then
+        echo 'fips-check: Make failed. Debris left for analysis.'
         exit 3
     fi
+
+    if [ -s wolfcrypt/src/fips_test.c ]; then
+        NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
+        if [ -n "$NEWHASH" ]; then
+            cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
+            sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak >wolfcrypt/src/fips_test.c
+            make clean
+        fi
+    fi
+
+    if [ "$MAKECHECK" = "yes" ]; then
+        if ! $MAKE check; then
+            echo 'fips-check: Test failed. Debris left for analysis.'
+            exit 3
+        fi
+    fi
 fi
 
 # Clean up
-popd || exit 2
+popd 1>/dev/null || exit 2
 if [ "$KEEP" = 'no' ]; then
     rm -rf "$TEST_DIR"
 fi
diff --git a/gencertbuf.pl b/gencertbuf.pl
index a2612084b..8f0ba607c 100755
--- a/gencertbuf.pl
+++ b/gencertbuf.pl
@@ -116,14 +116,6 @@ my @fileList_falcon = (
         ["certs/falcon/bench_falcon_level5_key.der", "bench_falcon_level5_key" ],
         );
 
-#Dilithium Post-Quantum Keys
-#Used with HAVE_PQC
-my @fileList_dilithium = (
-        ["certs/dilithium/bench_dilithium_level2_key.der", "bench_dilithium_level2_key" ],
-        ["certs/dilithium/bench_dilithium_level3_key.der", "bench_dilithium_level3_key" ],
-        ["certs/dilithium/bench_dilithium_level5_key.der", "bench_dilithium_level5_key" ],
-        );
-
 #Sphincs+ Post-Quantum Keys
 #Used with HAVE_PQC
 my @fileList_sphincs = (
@@ -146,7 +138,6 @@ my $num_2048 = @fileList_2048;
 my $num_3072 = @fileList_3072;
 my $num_4096 = @fileList_4096;
 my $num_falcon = @fileList_falcon;
-my $num_dilithium = @fileList_dilithium;
 my $num_sphincs = @fileList_sphincs;
 
 # open our output file, "+>" creates and/or truncates
@@ -229,7 +220,7 @@ for (my $i = 0; $i < $num_4096; $i++) {
 print OUT_FILE "#endif /* USE_CERT_BUFFERS_4096 */\n\n";
 
 # convert and print falcon keys
-print OUT_FILE "#if defined(HAVE_PQC) && defined(HAVE_FALCON)\n\n";
+print OUT_FILE "#if defined(HAVE_FALCON)\n\n";
 for (my $i = 0; $i < $num_falcon; $i++) {
 
     my $fname = $fileList_falcon[$i][0];
@@ -243,27 +234,1817 @@ for (my $i = 0; $i < $num_falcon; $i++) {
     print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
 }
 
-print OUT_FILE "#endif /* HAVE_PQC && HAVE_FALCON */\n\n";
+print OUT_FILE "#endif /* HAVE_FALCON */\n\n";
 
-# convert and print dilithium keys
-print OUT_FILE "#if defined (HAVE_PQC) && defined(HAVE_DILITHIUM)\n\n";
-for (my $i = 0; $i < $num_dilithium; $i++) {
+# print dilithium raw keys
+print OUT_FILE "#if defined(HAVE_DILITHIUM)
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
 
-    my $fname = $fileList_dilithium[$i][0];
-    my $sname = $fileList_dilithium[$i][1];
+/* raw private key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level2_key.der */
+static const unsigned char bench_dilithium_level2_key[] = {
+    0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
+    0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
+    0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2,
+    0x64, 0x79, 0xd8, 0x79, 0x4c, 0xee, 0x92, 0x2b, 0x37, 0xab,
+    0xb1, 0x16, 0x65, 0x72, 0xc3, 0x49, 0xc2, 0xec, 0xfd, 0x9a,
+    0xe6, 0x2d, 0x1e, 0x5b, 0xe3, 0x04, 0x96, 0x16, 0xad, 0x97,
+    0x5d, 0xac, 0xf2, 0xcc, 0x62, 0x2e, 0x34, 0x5d, 0x67, 0x19,
+    0x47, 0xee, 0x0f, 0x8b, 0x97, 0x60, 0xb4, 0x0b, 0xeb, 0x6a,
+    0x7a, 0x75, 0x14, 0x27, 0x00, 0x39, 0xd6, 0x60, 0xce, 0x39,
+    0x6e, 0x69, 0x46, 0xe1, 0x0d, 0xf9, 0xa6, 0xfa, 0x8c, 0xcf,
+    0x65, 0x50, 0x59, 0x1d, 0xb0, 0x26, 0xc2, 0xe2, 0xf1, 0xb9,
+    0xcd, 0x09, 0x60, 0xcc, 0xbb, 0x57, 0xd6, 0xac, 0xcc, 0xf9,
+    0x58, 0x73, 0xa8, 0x81, 0x61, 0x2f, 0xd2, 0xa4, 0x5b, 0x98,
+    0x0d, 0x12, 0x88, 0x51, 0x63, 0x38, 0x6e, 0xa2, 0x46, 0x64,
+    0x52, 0xc0, 0x71, 0xc1, 0x42, 0x68, 0xd8, 0x42, 0x32, 0x5c,
+    0xb4, 0x44, 0x08, 0x95, 0x48, 0xa2, 0x46, 0x6c, 0x0b, 0x10,
+    0x09, 0xc8, 0x24, 0x4d, 0x18, 0x37, 0x4c, 0x4c, 0x82, 0x05,
+    0x02, 0x22, 0x10, 0x4a, 0x86, 0x30, 0x03, 0x03, 0x11, 0x44,
+    0x22, 0x62, 0x01, 0xa9, 0x51, 0x13, 0x02, 0x2c, 0x19, 0x85,
+    0x65, 0x51, 0x14, 0x01, 0x9c, 0xb2, 0x81, 0x0a, 0x49, 0x52,
+    0xa2, 0xb2, 0x4c, 0x98, 0x34, 0x01, 0x0a, 0x07, 0x06, 0x58,
+    0xb2, 0x69, 0x51, 0x24, 0x2d, 0x59, 0x12, 0x52, 0xe0, 0xb4,
+    0x04, 0x14, 0x40, 0x29, 0xa2, 0xb0, 0x31, 0x54, 0xc0, 0x40,
+    0x63, 0x00, 0x69, 0x18, 0x47, 0x85, 0xc8, 0x30, 0x81, 0x0b,
+    0x15, 0x0a, 0xd8, 0xa0, 0x0c, 0x5c, 0x20, 0x4a, 0x11, 0x38,
+    0x64, 0x04, 0x94, 0x84, 0xd3, 0x24, 0x72, 0x58, 0x38, 0x28,
+    0x18, 0x37, 0x6d, 0x94, 0xc0, 0x4d, 0xa0, 0xa6, 0x0c, 0x9a,
+    0x82, 0x31, 0xc2, 0x40, 0x48, 0xda, 0x46, 0x85, 0x03, 0x00,
+    0x05, 0xd8, 0x02, 0x4d, 0x0b, 0x85, 0x40, 0xe2, 0x32, 0x86,
+    0x4c, 0xa0, 0x65, 0x8a, 0x36, 0x65, 0x42, 0x18, 0x6e, 0x60,
+    0x36, 0x0d, 0x40, 0xc0, 0x01, 0x5a, 0x44, 0x42, 0xc4, 0xa4,
+    0x0d, 0xd4, 0x88, 0x8d, 0x88, 0x22, 0x52, 0x00, 0xc0, 0x0c,
+    0x5b, 0x36, 0x90, 0x09, 0x20, 0x22, 0x08, 0x03, 0x12, 0x90,
+    0x12, 0x42, 0x04, 0x20, 0x29, 0x8c, 0x48, 0x6d, 0x20, 0x32,
+    0x08, 0x94, 0x88, 0x6c, 0x10, 0x87, 0x21, 0xc1, 0x44, 0x02,
+    0x52, 0x40, 0x12, 0xdb, 0xc8, 0x24, 0x14, 0x09, 0x2c, 0x93,
+    0x40, 0x09, 0x64, 0xc8, 0x4c, 0x08, 0x48, 0x70, 0xa1, 0x10,
+    0x81, 0x4a, 0x80, 0x8c, 0x20, 0x03, 0x31, 0x18, 0xb3, 0x80,
+    0xd3, 0x82, 0x25, 0x4c, 0x94, 0x8c, 0x1c, 0x93, 0x89, 0x1a,
+    0x91, 0x51, 0xd1, 0xb6, 0x68, 0x43, 0x14, 0x25, 0x84, 0x48,
+    0x61, 0x82, 0x40, 0x24, 0xdb, 0x22, 0x4d, 0x63, 0x16, 0x66,
+    0x62, 0x90, 0x50, 0xa1, 0x18, 0x86, 0x49, 0x28, 0x25, 0xa0,
+    0x10, 0x68, 0x8c, 0x04, 0x00, 0x08, 0x32, 0x4e, 0x22, 0x43,
+    0x31, 0x42, 0x96, 0x28, 0x11, 0x23, 0x89, 0xd2, 0xc4, 0x6d,
+    0x11, 0x82, 0x8d, 0x8a, 0xa8, 0x90, 0xd2, 0x06, 0x29, 0x80,
+    0x82, 0x89, 0x00, 0xa8, 0x41, 0x00, 0x13, 0x6a, 0x12, 0xa8,
+    0x04, 0x83, 0xc2, 0x51, 0x13, 0x09, 0x08, 0x62, 0xb4, 0x8d,
+    0x94, 0xc2, 0x44, 0x5a, 0xb4, 0x08, 0x0a, 0x10, 0x48, 0xa1,
+    0x28, 0x20, 0x1b, 0xb7, 0x64, 0x60, 0x24, 0x25, 0x48, 0xc0,
+    0x00, 0x0a, 0x10, 0x09, 0x64, 0xb8, 0x88, 0xcb, 0x44, 0x64,
+    0x54, 0x90, 0x05, 0xd2, 0xb8, 0x21, 0x49, 0x28, 0x28, 0x49,
+    0x42, 0x0d, 0x63, 0xa0, 0x65, 0xcb, 0x90, 0x30, 0x51, 0x82,
+    0x8d, 0x5c, 0xc6, 0x0c, 0x51, 0x06, 0x6a, 0x1a, 0x27, 0x22,
+    0x01, 0xa8, 0x24, 0x61, 0xb2, 0x84, 0x23, 0x40, 0x86, 0xa3,
+    0xb4, 0x48, 0x19, 0x28, 0x0c, 0x14, 0x06, 0x2e, 0xe2, 0x02,
+    0x0d, 0xc4, 0x90, 0x09, 0x08, 0x06, 0x66, 0x9b, 0xc8, 0x10,
+    0x5c, 0x46, 0x21, 0xca, 0xa8, 0x30, 0x83, 0x20, 0x89, 0x03,
+    0x83, 0x6c, 0xa1, 0x46, 0x8c, 0x90, 0x14, 0x4c, 0x99, 0x02,
+    0x81, 0x53, 0x02, 0x10, 0x8b, 0x48, 0x91, 0xe4, 0x40, 0x4a,
+    0x22, 0xb1, 0x88, 0xc1, 0x06, 0x0e, 0xc3, 0xa8, 0x08, 0xc8,
+    0x46, 0x92, 0x03, 0xb5, 0x4c, 0x23, 0x03, 0x0c, 0xa4, 0x06,
+    0x2e, 0xdc, 0x92, 0x81, 0x0c, 0x45, 0x22, 0x40, 0x34, 0x91,
+    0x90, 0x96, 0x48, 0x81, 0x82, 0x31, 0xcb, 0x16, 0x72, 0x49,
+    0xc8, 0x29, 0x44, 0x86, 0x90, 0x60, 0x22, 0x4e, 0x42, 0x42,
+    0x09, 0x4b, 0x82, 0x20, 0x0a, 0xb2, 0x64, 0x20, 0x86, 0x70,
+    0x1a, 0xc0, 0x00, 0x1c, 0x41, 0x49, 0x89, 0x84, 0x05, 0x0c,
+    0x36, 0x49, 0x19, 0x99, 0x6d, 0x00, 0x08, 0x50, 0x23, 0x96,
+    0x6c, 0xe0, 0x44, 0x08, 0x98, 0x24, 0x2c, 0x0a, 0x23, 0x20,
+    0x12, 0x04, 0x31, 0xc9, 0x06, 0x32, 0x14, 0x01, 0x41, 0x08,
+    0x37, 0x08, 0x58, 0x00, 0x0c, 0x19, 0x04, 0x29, 0x90, 0x18,
+    0x05, 0xe1, 0x88, 0x44, 0xc2, 0x20, 0x6c, 0xd1, 0x46, 0x64,
+    0xd9, 0x26, 0x62, 0x09, 0x88, 0x68, 0x02, 0x29, 0x29, 0xe1,
+    0x18, 0x65, 0x98, 0x04, 0x24, 0xe4, 0x34, 0x0c, 0x12, 0x85,
+    0x2d, 0x20, 0x14, 0x06, 0x24, 0x15, 0x82, 0x89, 0x08, 0x91,
+    0x60, 0x84, 0x28, 0x24, 0x34, 0x41, 0x1b, 0x49, 0x22, 0xd3,
+    0x96, 0x64, 0x1b, 0x86, 0x4c, 0x0c, 0xb9, 0x20, 0x20, 0x39,
+    0x04, 0x04, 0x34, 0x6d, 0xc1, 0x28, 0x32, 0x08, 0x14, 0x44,
+    0x81, 0x18, 0x2e, 0xda, 0x38, 0x41, 0x63, 0x18, 0x26, 0xd8,
+    0x48, 0x26, 0x12, 0x20, 0x21, 0x09, 0xc5, 0x25, 0x92, 0x42,
+    0x0c, 0x88, 0x04, 0x64, 0x11, 0x43, 0x8a, 0x19, 0x92, 0x60,
+    0x5c, 0xc6, 0x31, 0xa1, 0x24, 0x6a, 0xd8, 0xb6, 0x49, 0x1b,
+    0x81, 0x90, 0xe2, 0x32, 0x4e, 0x62, 0x44, 0x21, 0x80, 0xb8,
+    0x10, 0x4b, 0x90, 0x49, 0x5c, 0x06, 0x09, 0x48, 0x20, 0x49,
+    0xa2, 0x92, 0x71, 0x5c, 0x48, 0x02, 0xc8, 0x08, 0x81, 0xa4,
+    0x32, 0x66, 0xc9, 0x30, 0x11, 0xca, 0x92, 0x91, 0xc0, 0x00,
+    0x41, 0x44, 0x98, 0x4d, 0x98, 0x12, 0x4e, 0x92, 0x46, 0x8e,
+    0x49, 0xb8, 0x64, 0xdc, 0x18, 0x50, 0x51, 0xb4, 0x48, 0x08,
+    0x47, 0x24, 0x08, 0x46, 0x32, 0x1b, 0x23, 0x00, 0x09, 0xb8,
+    0x04, 0x0a, 0x44, 0x0c, 0x0b, 0xc7, 0x8d, 0x19, 0xa4, 0x09,
+    0x11, 0x30, 0x41, 0xe3, 0x24, 0x45, 0x89, 0x1f, 0x65, 0x54,
+    0xf6, 0x38, 0x04, 0x37, 0xcc, 0x89, 0xc3, 0xc5, 0xdc, 0x43,
+    0xd9, 0x13, 0x56, 0x06, 0x05, 0x50, 0x29, 0x4e, 0x0f, 0xa5,
+    0x5c, 0x5d, 0xd7, 0x82, 0xa1, 0x63, 0x59, 0x0d, 0x3e, 0x5b,
+    0x00, 0xe6, 0x0e, 0xd8, 0x1c, 0xc7, 0xaf, 0xc0, 0x48, 0xb6,
+    0x07, 0x5c, 0x65, 0x00, 0x89, 0xb3, 0x09, 0xbc, 0x4a, 0xaa,
+    0xa6, 0x72, 0xbe, 0x6b, 0x9a, 0xb3, 0x5b, 0x27, 0x82, 0x65,
+    0x9b, 0xc9, 0x6f, 0x19, 0x88, 0x94, 0x0b, 0x37, 0x44, 0x2f,
+    0xe3, 0x9a, 0x02, 0xda, 0xff, 0x11, 0xb0, 0x48, 0x89, 0x70,
+    0x8c, 0x84, 0xc2, 0xc0, 0x31, 0x4a, 0xad, 0x70, 0xe1, 0xa7,
+    0x15, 0xfd, 0xb2, 0x6d, 0x93, 0xda, 0x17, 0x68, 0xc4, 0xe3,
+    0xfd, 0x2c, 0x08, 0x15, 0xb9, 0xa4, 0xc5, 0x1b, 0x97, 0xc9,
+    0xa3, 0xaf, 0x0d, 0x21, 0x06, 0x3d, 0xf1, 0x05, 0xd4, 0x35,
+    0x80, 0x2e, 0x23, 0x99, 0xbd, 0x3a, 0x1a, 0x6c, 0xad, 0xbf,
+    0x56, 0xb5, 0xd3, 0x95, 0x1b, 0x30, 0x4d, 0x56, 0xc1, 0x77,
+    0xe6, 0xd6, 0xab, 0x94, 0x46, 0x68, 0xd7, 0xb8, 0xe4, 0x9d,
+    0xb2, 0x8d, 0xc4, 0xd1, 0xc8, 0x92, 0xbe, 0x5d, 0x1f, 0x58,
+    0x55, 0x7f, 0x11, 0x55, 0xc5, 0x2e, 0xc3, 0x9e, 0x2a, 0x29,
+    0x51, 0xe8, 0x75, 0x49, 0xa7, 0xa3, 0xda, 0x0b, 0xcf, 0xf8,
+    0x3f, 0x78, 0xac, 0x4c, 0x4e, 0x78, 0x6f, 0x0e, 0x67, 0xad,
+    0x94, 0x59, 0x20, 0x5e, 0x37, 0x18, 0xb9, 0x09, 0x87, 0xdb,
+    0xdd, 0xf0, 0xc2, 0x4d, 0x03, 0xcc, 0x98, 0x22, 0x4b, 0xe5,
+    0x7d, 0x8e, 0x74, 0x7e, 0xa9, 0x1b, 0xeb, 0x7a, 0xae, 0xaf,
+    0x2e, 0x7c, 0x3c, 0xc0, 0x1a, 0x30, 0x40, 0x0d, 0x79, 0x86,
+    0x53, 0xcc, 0x0b, 0x2b, 0xbe, 0xa5, 0x72, 0x3b, 0xbb, 0x53,
+    0x9e, 0xd5, 0xc2, 0x23, 0x1d, 0x35, 0xcd, 0x22, 0x12, 0xed,
+    0x9a, 0xee, 0xc8, 0xf9, 0x05, 0x27, 0xdb, 0x46, 0x56, 0xcc,
+    0x24, 0x4d, 0xee, 0xaf, 0xab, 0xa9, 0x78, 0x75, 0x75, 0xb9,
+    0xd1, 0xfd, 0x39, 0x3a, 0xb2, 0xa2, 0xeb, 0x87, 0x76, 0xb2,
+    0x19, 0x47, 0x88, 0xab, 0x42, 0x85, 0x4b, 0xd9, 0x76, 0x22,
+    0x68, 0x4b, 0xc9, 0x88, 0x38, 0x28, 0x0a, 0x34, 0x5d, 0x12,
+    0x4f, 0xf5, 0x43, 0x64, 0x44, 0x8c, 0x3c, 0xc2, 0x99, 0x91,
+    0x4e, 0xfd, 0xfd, 0x9c, 0x73, 0xbf, 0x85, 0xf9, 0x9f, 0xe1,
+    0x53, 0x19, 0xc8, 0x19, 0xcb, 0x7c, 0xdb, 0x9a, 0x3a, 0x2c,
+    0x34, 0x55, 0x8c, 0x64, 0x6f, 0xc5, 0xb7, 0x93, 0x53, 0xb4,
+    0x97, 0x7e, 0xc2, 0xf8, 0x7e, 0x8d, 0x44, 0x10, 0xca, 0x49,
+    0xf5, 0x5c, 0xe8, 0xce, 0xc4, 0xcc, 0x42, 0xf0, 0x85, 0xf1,
+    0xf2, 0x10, 0xa7, 0x0b, 0x37, 0x6a, 0x8e, 0x50, 0x96, 0x96,
+    0x9d, 0xd9, 0x8f, 0x54, 0x45, 0x56, 0xf8, 0x64, 0x88, 0xab,
+    0x51, 0x4f, 0x9f, 0x61, 0xd9, 0x12, 0x87, 0xac, 0x1d, 0xc1,
+    0x23, 0xea, 0xb3, 0x5d, 0xa4, 0x6d, 0xfa, 0x58, 0x92, 0x8f,
+    0x77, 0x78, 0x61, 0xe5, 0xe4, 0x33, 0xdb, 0x10, 0x2d, 0xdd,
+    0xb6, 0xd7, 0xb4, 0xd0, 0x8d, 0xd1, 0xa8, 0x0b, 0x94, 0xdf,
+    0xcf, 0xd7, 0xac, 0xdf, 0x47, 0x0b, 0x38, 0xe0, 0xa5, 0xf8,
+    0xc3, 0xd2, 0xc3, 0xfb, 0x0f, 0x98, 0x00, 0x2b, 0x17, 0x3c,
+    0x44, 0x70, 0x36, 0x47, 0x27, 0x89, 0x41, 0xcb, 0x87, 0x5a,
+    0xa4, 0x2c, 0x57, 0x6d, 0x8c, 0xcb, 0xc0, 0x7d, 0x6b, 0xf5,
+    0xa1, 0x17, 0x39, 0x4a, 0xb5, 0xac, 0xc6, 0x41, 0x90, 0x66,
+    0x85, 0xc4, 0x4b, 0x18, 0xc6, 0xe6, 0x09, 0x6d, 0x6e, 0xbb,
+    0x7f, 0x72, 0x96, 0xd3, 0x21, 0x5a, 0x96, 0xaf, 0x9e, 0xb6,
+    0x0b, 0x3f, 0xe8, 0x83, 0xe5, 0x53, 0x11, 0x81, 0xc6, 0xab,
+    0x40, 0xa9, 0x09, 0xb6, 0x74, 0x5e, 0xe1, 0xc3, 0x82, 0x1e,
+    0xda, 0x2f, 0x24, 0xe0, 0x94, 0x8f, 0x07, 0xb7, 0x9b, 0xc6,
+    0x50, 0xef, 0x3a, 0x79, 0x89, 0x4d, 0x6f, 0x16, 0x33, 0x04,
+    0x24, 0x7e, 0x4a, 0xab, 0x5d, 0x03, 0x29, 0xad, 0xba, 0xa3,
+    0x6c, 0xe2, 0x05, 0xab, 0x4d, 0x69, 0xb6, 0x61, 0x39, 0x9d,
+    0xc3, 0x53, 0x11, 0xc0, 0xe3, 0xaa, 0x2e, 0xdc, 0x74, 0x09,
+    0xbd, 0x19, 0xb5, 0xbb, 0x51, 0x1e, 0x77, 0x3e, 0xce, 0x64,
+    0x13, 0xeb, 0x74, 0x03, 0xb7, 0x49, 0x99, 0xb0, 0x71, 0x99,
+    0xe6, 0x17, 0x3c, 0x80, 0xe6, 0xb5, 0x51, 0xe9, 0xb3, 0xe4,
+    0x2b, 0xaa, 0x52, 0x15, 0x99, 0x4e, 0x46, 0x6d, 0x67, 0x8e,
+    0x79, 0xc4, 0x3c, 0xa6, 0xdc, 0x8f, 0xed, 0x87, 0xb9, 0x68,
+    0x6d, 0xdc, 0x19, 0xa1, 0x52, 0x37, 0x06, 0x76, 0xad, 0xe9,
+    0x61, 0x5c, 0x82, 0x16, 0x81, 0xaf, 0x3a, 0x89, 0xbf, 0x72,
+    0xb0, 0xc7, 0x88, 0x3c, 0x58, 0xfe, 0xe4, 0xa5, 0x41, 0x50,
+    0xfc, 0x8a, 0x15, 0xb0, 0x78, 0xd4, 0x77, 0x06, 0x4b, 0xc4,
+    0x21, 0x7f, 0xaa, 0x2b, 0x88, 0x7f, 0x8c, 0x3b, 0x9b, 0xbb,
+    0x2e, 0x41, 0xcf, 0x9b, 0x06, 0xd3, 0x4d, 0xcf, 0xb2, 0x9c,
+    0x91, 0x46, 0x35, 0x3a, 0x5a, 0x0b, 0xe4, 0xac, 0x96, 0x7c,
+    0xe0, 0xd4, 0x34, 0xe5, 0xab, 0xae, 0xa7, 0x67, 0xbf, 0x4d,
+    0xab, 0x48, 0xfd, 0xcb, 0x3f, 0x5c, 0xde, 0x3f, 0x83, 0xcc,
+    0x52, 0x0f, 0xdd, 0x7f, 0x20, 0x25, 0xed, 0xee, 0xd0, 0x14,
+    0x38, 0xf7, 0x33, 0x4c, 0x3c, 0x5e, 0x23, 0x80, 0xa3, 0x0a,
+    0xe8, 0xb0, 0xef, 0x5b, 0xca, 0xc9, 0x97, 0x13, 0x98, 0xfe,
+    0x91, 0x62, 0x14, 0xa8, 0x64, 0xf6, 0x20, 0xc9, 0xc9, 0x6f,
+    0x8b, 0xc0, 0xec, 0x39, 0x15, 0xa7, 0x59, 0x62, 0x68, 0x21,
+    0xe1, 0x5f, 0xf6, 0xa1, 0x76, 0xb0, 0xca, 0x1b, 0x2a, 0x71,
+    0xe3, 0x1a, 0x24, 0x91, 0x1f, 0x3a, 0xbb, 0xf1, 0xc9, 0x09,
+    0x42, 0x48, 0x7e, 0x19, 0x1b, 0xf1, 0xf0, 0x13, 0x33, 0xf1,
+    0x62, 0x31, 0x00, 0x97, 0x73, 0x9b, 0x3c, 0x26, 0xf8, 0x42,
+    0xd0, 0xd4, 0x41, 0x1b, 0x9f, 0x7e, 0x43, 0x4b, 0x0b, 0x08,
+    0xd7, 0xa0, 0xa8, 0x32, 0x34, 0x0a, 0xc9, 0xef, 0xb8, 0xeb,
+    0xe7, 0x64, 0x3b, 0x40, 0x88, 0xe0, 0x60, 0x59, 0x07, 0xef,
+    0xb9, 0x5f, 0x71, 0x92, 0x90, 0xa4, 0x5f, 0x34, 0x38, 0x93,
+    0x92, 0x43, 0x87, 0xaf, 0xdd, 0x87, 0x63, 0x8c, 0x1d, 0xe5,
+    0x86, 0x9e, 0xe6, 0xde, 0x94, 0xdd, 0x33, 0x5d, 0x95, 0x64,
+    0xd8, 0xc4, 0x8a, 0x3c, 0xe7, 0x4b, 0xd6, 0x3f, 0xc5, 0x69,
+    0x6a, 0xa8, 0x7f, 0x0f, 0x93, 0x77, 0x02, 0x46, 0x66, 0xa5,
+    0xa0, 0x60, 0x8b, 0xec, 0xb1, 0xa2, 0xfc, 0x2a, 0x09, 0xb8,
+    0x08, 0x1c, 0x05, 0x6b, 0x78, 0xb7, 0x7a, 0xe5, 0x60, 0xa4,
+    0xaf, 0x3a, 0x9d, 0xaa, 0xf5, 0x22, 0x9b, 0x5e, 0xef, 0xc3,
+    0x46, 0xed, 0x67, 0xd0, 0x8b, 0xda, 0xb4, 0xa3, 0x34, 0x32,
+    0x20, 0x9d, 0x88, 0x7e, 0x43, 0x42, 0x6f, 0x02, 0xf8, 0x48,
+    0x9b, 0xc5, 0x02, 0xad, 0xaa, 0xa9, 0xee, 0x19, 0x1b, 0xde,
+    0x02, 0x83, 0x81, 0x10, 0xa6, 0x79, 0x4e, 0xad, 0x15, 0xf7,
+    0x3e, 0x4e, 0x1e, 0x72, 0xfe, 0x52, 0x49, 0x24, 0xce, 0x82,
+    0x31, 0x59, 0x72, 0xae, 0xd5, 0x34, 0x50, 0x87, 0x8b, 0xe3,
+    0x8e, 0xec, 0x61, 0x35, 0x13, 0x57, 0xb1, 0xe6, 0xac, 0xfb,
+    0x16, 0xc3, 0x1a, 0x98, 0x92, 0xcb, 0xcd, 0xc9, 0xf7, 0x10,
+    0x6a, 0x43, 0x96, 0x33, 0x2d, 0x6f, 0x6c, 0x76, 0xb0, 0xf6,
+    0x48, 0x4c, 0xae, 0x13, 0x67, 0x5d, 0x42, 0x01, 0x8e, 0x54,
+    0x51, 0xcc, 0x65, 0xf1, 0x95, 0x11, 0x3c, 0x96, 0x2a, 0x5a,
+    0x42, 0x3d, 0x9b, 0xbb, 0xb7, 0x7b, 0x28, 0x96, 0x09, 0xbb,
+    0xed, 0x2d, 0xbc, 0xb7, 0x90, 0x62, 0xd3, 0xbe, 0xbd, 0xae,
+    0x50, 0x15, 0x96, 0xc1, 0x03, 0x91, 0x14, 0x34, 0x4f, 0x21,
+    0xa5, 0x6e, 0x78, 0x4a, 0x5d, 0x8b, 0xcf, 0x5b, 0x1a, 0x8a,
+    0x57, 0x43, 0xb8, 0x25, 0xd3, 0xa2, 0xcd, 0x78, 0xb4, 0x93,
+    0x07, 0x7a, 0x14, 0xc1, 0x0c, 0x6f, 0x5f, 0x5e, 0xcb, 0x11,
+    0x17, 0x81, 0x0d, 0x7d, 0x0f, 0xda, 0xd1, 0x92, 0x43, 0x56,
+    0xaf, 0x75, 0x53, 0x44, 0x1f, 0xc7, 0x9c, 0xd3, 0xc5, 0x47,
+    0xe0, 0xac, 0x4a, 0x11, 0xe4, 0xfe, 0x6c, 0x80, 0x79, 0xcc,
+    0x60, 0x7a, 0xd9, 0x56, 0x65, 0x83, 0x5e, 0xcf, 0x37, 0x27,
+    0x55, 0xe2, 0x4d, 0xf9, 0xd6, 0x09, 0x2d, 0xee, 0xda, 0x10,
+    0x6b, 0xdc, 0xd2, 0x70, 0x46, 0x94, 0xaa, 0xf5, 0x21, 0xc5,
+    0xf0, 0x79, 0xdb, 0x9b, 0x8e, 0x9a, 0xdb, 0x5a, 0x56, 0x41,
+    0x43, 0xe7, 0x1f, 0x8d, 0xfd, 0xda, 0x12, 0x5f, 0xf7, 0x9e,
+    0x47, 0x1a, 0xf7, 0x73, 0x40, 0x67, 0xc2, 0x61, 0x07, 0x33,
+    0x16, 0x78, 0x60, 0x05, 0x85, 0x5c, 0x2f, 0x2b, 0xbf, 0x2c,
+    0x7a, 0x39, 0xc6, 0xed, 0xcb, 0x43, 0x66, 0x27, 0x93, 0xcd,
+    0x92, 0x8d, 0x62, 0x8c, 0xaa, 0x61, 0x1c, 0x9c, 0x4c, 0x90,
+    0xba, 0xba, 0x4b, 0xc1, 0xf1, 0x22, 0xde, 0xe0, 0xf9, 0x3e,
+    0x04, 0xb9, 0x56, 0xa3, 0x1c, 0xe8, 0xda, 0xd6, 0x09, 0x4a,
+    0x7d, 0x89, 0xbc, 0xf4, 0xe8, 0x4d, 0xa1, 0xe8, 0x34, 0x90,
+    0xa5, 0x31, 0x3a, 0xec, 0x56, 0xc5, 0xd2, 0x92, 0x0b, 0xe9,
+    0x58, 0xbb, 0xb2, 0x84, 0x9b, 0xa9, 0x1d, 0x19, 0xdb, 0x7a,
+    0x02, 0x75, 0x79, 0x16, 0x35, 0xee, 0x3a, 0x3f, 0x4e, 0x5e,
+    0x11, 0x90, 0x04, 0x03, 0xce, 0x8b, 0xa0, 0xd8, 0xc1, 0xee,
+    0x52, 0x33, 0x6e, 0xd2, 0x6e, 0x06, 0x5c, 0x99, 0x24, 0x6f,
+    0x16, 0xd9, 0x90, 0x28, 0xe5, 0x2d, 0x91, 0x6f, 0x1a, 0x57,
+    0xf0, 0x4c, 0x7c, 0x3f, 0x7b, 0xd7, 0x30, 0xed, 0x6d, 0x21,
+    0xb7, 0xf8, 0xed, 0xf3, 0x34, 0x89, 0xfa, 0xf0, 0x51, 0x6f,
+    0x99, 0xa0, 0x5e, 0xf8, 0x74, 0xc7, 0x4f, 0xb5, 0x59, 0x52,
+    0xbe, 0x45, 0xac, 0x3f, 0x34, 0x51, 0x87, 0x6e, 0x84, 0xea,
+    0xb0, 0x40, 0xe1, 0x84, 0x16, 0x66, 0x30, 0xf1, 0x5c, 0xb2,
+    0x74, 0x25, 0x03, 0xe3, 0x2e, 0x82, 0xc5, 0x60, 0x9d, 0xe4,
+    0xca, 0xec, 0x49, 0x6b, 0x4e, 0x5a, 0x09, 0xa8, 0xfe, 0xff,
+    0x1d, 0xa1, 0xe8, 0xec, 0x9a, 0x22, 0x3b, 0xd6, 0x72, 0x93,
+    0x6f, 0x6b, 0x5a, 0xfb, 0x2d, 0x5a, 0xde, 0x01, 0x3e, 0xf6,
+    0xdc, 0x77, 0x55, 0x1e, 0x32, 0x19, 0xc8, 0xa1, 0xbb, 0xcf,
+    0xcb, 0x41, 0x54, 0xa2, 0xcb, 0xe6, 0x61, 0xca, 0x43, 0x63,
+    0xd2, 0x2c, 0xae, 0xf4, 0xd9, 0x49, 0xb1, 0x75, 0x1a, 0x06,
+    0x92, 0x13, 0x90, 0x57, 0x89, 0x8e, 0x9f, 0x26, 0xc5, 0x14,
+    0xd8, 0xc7, 0x93, 0xb2, 0xaa, 0x3a, 0x9c, 0x10, 0xd5, 0x68,
+    0x52, 0x28, 0x39, 0xee, 0x30, 0xdc, 0x00, 0x4b, 0x65, 0x72,
+    0x59, 0x98, 0xad, 0x2e, 0x8c, 0xaf, 0x4e, 0x79, 0x0a, 0x8c,
+    0x0c, 0x9d, 0xb6, 0x43, 0x26, 0x83, 0x71, 0x7b, 0x1e, 0x86,
+    0x4d, 0x33, 0xd7, 0x20, 0x29, 0x6a, 0xbf, 0x2f, 0x8e, 0x4b,
+    0x13, 0x35, 0x65, 0xc8, 0xec, 0xe3, 0x2c, 0xde, 0xfb, 0x30,
+    0x57, 0xa9, 0x92, 0x22, 0x5d, 0x79, 0x16, 0x07, 0x73, 0x9b,
+    0xe2, 0x6e, 0xd4, 0x99, 0xb4, 0x35, 0xfd, 0xa2, 0xb5, 0xd9,
+    0xe5, 0x74, 0xd1, 0xb2, 0xcf, 0x32, 0xf1, 0x19, 0x69, 0xcf,
+    0x1e, 0x10, 0xcc, 0x3c, 0xaf, 0xbe, 0xa4, 0x33, 0x11, 0x83,
+    0x64, 0xc0, 0x39, 0xe5, 0xb0, 0x8f, 0x32, 0xf4, 0x01, 0x6a,
+    0x2a, 0x11, 0x8e, 0xdd, 0x03, 0x81, 0x39, 0xe7, 0x70, 0x16,
+    0x2f, 0x0e, 0x24, 0xa9, 0x12, 0x0b, 0xdb, 0xa8, 0x6c, 0xb3,
+    0xf3, 0x74, 0x95, 0xca, 0x64, 0x1d, 0xee, 0x25, 0xc5, 0x27,
+    0xed, 0x0f, 0x82, 0xb5, 0x7a, 0x62, 0x27, 0xb2, 0x87, 0x53,
+    0x11, 0x39, 0x5e, 0xb8, 0x11, 0xca, 0x25, 0xe8, 0x17, 0x46,
+    0xd3, 0x0f, 0x5d, 0x70, 0x68, 0xe1, 0x5f, 0xd1, 0xab, 0x65,
+    0xe5, 0x42, 0x87, 0x1e, 0x96, 0xaf, 0x13, 0x0c, 0x9b, 0x15,
+    0x75, 0x14, 0x31, 0x75, 0xcc, 0x15, 0xbf, 0x2c, 0x74, 0xab,
+    0xc9, 0x9c, 0xda, 0x62, 0x1d, 0xeb, 0x19, 0x81, 0x67, 0x5e,
+    0xcd, 0x54, 0x87, 0x07, 0x67, 0xba, 0xe3, 0xf6, 0x03, 0xbe,
+    0x6d, 0x64, 0x2d, 0xbc, 0xec, 0x54, 0x13, 0x12, 0x5b, 0x44,
+    0x90, 0x95, 0x86, 0x77, 0x8c, 0x59, 0xbd, 0x8e, 0xba, 0xb1,
+    0x12, 0xea, 0xc1, 0x94, 0x37, 0xa0, 0x11, 0xff, 0xb2, 0xa4,
+    0xc3, 0x61, 0xf2, 0xa3, 0x49, 0xbe, 0xe7, 0xb6, 0x96, 0x2f,
+};
+static const int sizeof_bench_dilithium_level2_key = sizeof(bench_dilithium_level2_key);
 
-    print OUT_FILE "/* $fname */\n";
-    print OUT_FILE "static const unsigned char $sname\[] =\n";
-    print OUT_FILE "{\n";
-    file_to_hex($fname);
-    print OUT_FILE "};\n";
-    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
-}
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
-print OUT_FILE "#endif /* HAVE_PQC && HAVE_DILITHIUM */\n\n";
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+
+/* raw public key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level2_key.der */
+static const unsigned char bench_dilithium_level2_pubkey[] = {
+    0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
+    0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
+    0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2,
+    0x64, 0x79, 0xa0, 0xec, 0x1f, 0x24, 0xb6, 0xc8, 0x05, 0x5b,
+    0xc1, 0x18, 0xb0, 0xb7, 0xcf, 0x8c, 0x60, 0x67, 0x6b, 0x81,
+    0x44, 0x27, 0xb6, 0x0e, 0xfd, 0x9b, 0xc3, 0xcb, 0x52, 0x31,
+    0xfa, 0xc9, 0x34, 0x8d, 0x22, 0x1e, 0x07, 0x9d, 0x96, 0x6a,
+    0x63, 0x83, 0x5c, 0xd7, 0x83, 0x2d, 0x7f, 0x48, 0x64, 0x79,
+    0xca, 0xb4, 0x9f, 0xa2, 0x02, 0xb7, 0x86, 0x1d, 0x0e, 0xc7,
+    0xf9, 0x6c, 0x07, 0xc0, 0x35, 0x6a, 0x34, 0x79, 0x7c, 0xb8,
+    0x0f, 0xed, 0x98, 0x50, 0xfb, 0x51, 0xe0, 0x36, 0x44, 0x4c,
+    0xc6, 0x35, 0xa2, 0xbb, 0x55, 0xb0, 0x5c, 0x39, 0x08, 0x02,
+    0x20, 0x35, 0x5c, 0x56, 0x6d, 0x2e, 0xb9, 0xef, 0x21, 0x26,
+    0x87, 0x87, 0x85, 0x8a, 0x32, 0xb5, 0xa7, 0x68, 0x70, 0x3a,
+    0xfd, 0x0d, 0x21, 0x48, 0x91, 0xa3, 0x29, 0xc1, 0x2a, 0x38,
+    0xe5, 0x26, 0x31, 0x1f, 0x42, 0xde, 0x0b, 0x25, 0xff, 0x1d,
+    0x6b, 0xb4, 0xe0, 0x5d, 0x2d, 0xcf, 0x44, 0xd5, 0x7d, 0xc4,
+    0xf6, 0x95, 0xf2, 0x06, 0x4f, 0x83, 0x88, 0x9d, 0x1e, 0xeb,
+    0x1c, 0x09, 0x45, 0x62, 0x67, 0x3d, 0xff, 0x51, 0x47, 0xe8,
+    0xbc, 0x9b, 0x03, 0x1f, 0xc7, 0x72, 0x65, 0xce, 0xa8, 0x8c,
+    0xc2, 0xa0, 0xc2, 0xbd, 0x5b, 0x7c, 0x17, 0x16, 0x8b, 0x72,
+    0xfa, 0xb1, 0xbd, 0xdf, 0x49, 0xd6, 0xa1, 0x00, 0x65, 0xbe,
+    0x82, 0xe7, 0x68, 0xc7, 0xe7, 0xbc, 0xc2, 0xa4, 0xdb, 0xaa,
+    0xcc, 0xea, 0x41, 0x52, 0x7f, 0x56, 0xb4, 0x68, 0x1f, 0x92,
+    0x96, 0x0f, 0xce, 0xd4, 0xd0, 0x87, 0x4c, 0x4a, 0x73, 0xb5,
+    0x6c, 0xd4, 0x69, 0x55, 0x15, 0x47, 0xdc, 0x94, 0x7f, 0xd2,
+    0x54, 0x5e, 0xb2, 0x90, 0xc2, 0x47, 0xe4, 0xf5, 0xde, 0x8b,
+    0x9b, 0xc6, 0x5d, 0x50, 0x95, 0x60, 0xe0, 0xf0, 0xa7, 0x4e,
+    0xe0, 0xcd, 0x41, 0x09, 0xef, 0xb3, 0x3d, 0x90, 0x5c, 0x77,
+    0x54, 0xec, 0x9e, 0x5d, 0x8a, 0xe7, 0x09, 0x5c, 0xc9, 0x58,
+    0x0c, 0xd0, 0x42, 0x35, 0xd2, 0x14, 0x59, 0x38, 0x69, 0xad,
+    0xf9, 0xb5, 0xbf, 0x8a, 0x8e, 0x33, 0xd8, 0x5e, 0x7a, 0x55,
+    0xd0, 0x53, 0x15, 0x40, 0x4e, 0xc5, 0x86, 0xd7, 0x8f, 0x5f,
+    0x2f, 0x55, 0x82, 0xc2, 0x4f, 0x16, 0xe5, 0xea, 0x1c, 0xbc,
+    0xff, 0x5e, 0x1f, 0x39, 0x46, 0x70, 0x54, 0x7a, 0x3a, 0x27,
+    0x16, 0x1a, 0x2b, 0x6c, 0xd2, 0xb7, 0x80, 0xd3, 0xd1, 0x9d,
+    0x25, 0x59, 0xed, 0xe6, 0x51, 0xb1, 0xf2, 0xad, 0x7e, 0x51,
+    0x78, 0x14, 0x2b, 0x19, 0xae, 0x64, 0x72, 0x0f, 0xd8, 0x18,
+    0x79, 0x8e, 0x66, 0x88, 0xd3, 0xa4, 0xa3, 0xc3, 0x76, 0x21,
+    0xcb, 0xe4, 0x79, 0x5e, 0x95, 0x74, 0xe3, 0x31, 0x18, 0x79,
+    0xed, 0xc7, 0xe7, 0xfb, 0x86, 0x48, 0x1b, 0x7b, 0x75, 0x5b,
+    0x7f, 0x7c, 0x82, 0xc5, 0xab, 0x11, 0xb4, 0x5d, 0x59, 0x6f,
+    0x78, 0xb2, 0xa5, 0x39, 0xc6, 0x63, 0x38, 0x6c, 0xeb, 0x50,
+    0x06, 0x14, 0x76, 0xf0, 0xe8, 0xfb, 0x11, 0x95, 0x1f, 0x9d,
+    0x9c, 0xa6, 0xe1, 0xe2, 0x0d, 0xa3, 0x66, 0xfc, 0x20, 0x83,
+    0x50, 0x0e, 0x53, 0x75, 0xb5, 0x12, 0xf4, 0xdf, 0x31, 0x46,
+    0x83, 0xac, 0x5b, 0xf3, 0x99, 0xa6, 0xd1, 0x7b, 0x2b, 0xc5,
+    0xdc, 0x71, 0x07, 0x27, 0x33, 0x35, 0x34, 0xf5, 0x30, 0x19,
+    0xc1, 0x3b, 0xba, 0x8a, 0xaf, 0x7e, 0x49, 0x93, 0x48, 0x5b,
+    0x38, 0xc0, 0xbc, 0x2e, 0xc7, 0x59, 0x1b, 0xd9, 0xf5, 0xcc,
+    0x86, 0xf5, 0x7b, 0x4d, 0xd7, 0x39, 0xa7, 0xa2, 0x56, 0x20,
+    0x48, 0x98, 0x7d, 0x4f, 0x75, 0x56, 0x9b, 0xb8, 0x95, 0x45,
+    0x17, 0xf3, 0x86, 0x3d, 0x97, 0x0a, 0x49, 0x1b, 0xca, 0xff,
+    0x20, 0xc0, 0x24, 0x2c, 0x51, 0xc2, 0x0a, 0x3c, 0xbf, 0x07,
+    0x60, 0x1c, 0x88, 0x85, 0x9b, 0x85, 0x2d, 0x4a, 0xfe, 0x5a,
+    0x1c, 0x90, 0xf5, 0x90, 0x12, 0xd3, 0x03, 0x3c, 0x8c, 0x2e,
+    0x95, 0x4a, 0x47, 0x76, 0x0f, 0x1f, 0x5d, 0x9e, 0xed, 0xc5,
+    0x64, 0xc4, 0x9b, 0xbf, 0x86, 0xc5, 0x63, 0x84, 0x33, 0x00,
+    0xf1, 0x26, 0x18, 0x21, 0xf3, 0x88, 0x1a, 0x08, 0x18, 0x6d,
+    0x2f, 0xef, 0xd5, 0xeb, 0x2f, 0x69, 0xc8, 0x6e, 0x92, 0x34,
+    0xfc, 0x72, 0x3d, 0x9a, 0xa7, 0x9e, 0x51, 0xfb, 0x56, 0xe3,
+    0xdc, 0xf4, 0x8f, 0x9b, 0x6d, 0x0d, 0x2a, 0xec, 0x66, 0x12,
+    0x26, 0x35, 0xbd, 0x61, 0xc2, 0x67, 0x19, 0xf5, 0x7e, 0xa1,
+    0x67, 0xa2, 0x9c, 0x3b, 0x67, 0xb0, 0xc2, 0x51, 0x6a, 0x37,
+    0x7c, 0x48, 0xe9, 0x4b, 0xb9, 0xa3, 0x38, 0x2f, 0xfc, 0xde,
+    0xb4, 0x7c, 0xda, 0x52, 0x84, 0x0b, 0xb0, 0xd9, 0x08, 0xe9,
+    0x7a, 0x4a, 0x6f, 0x79, 0x29, 0x3d, 0xc4, 0x5c, 0x78, 0xee,
+    0x63, 0xb6, 0x96, 0x68, 0xd9, 0x82, 0x4e, 0xc1, 0x1b, 0x6f,
+    0x52, 0xf5, 0xb3, 0xfb, 0xe8, 0xc4, 0x2a, 0x07, 0xc6, 0x3b,
+    0x85, 0x0d, 0xf4, 0xbf, 0xb0, 0x6b, 0xfb, 0xce, 0x1d, 0xb4,
+    0xbf, 0x63, 0x0b, 0x91, 0x67, 0xc4, 0xa3, 0x06, 0xa4, 0xaf,
+    0x6c, 0xd3, 0xe5, 0x8b, 0x87, 0x4e, 0x64, 0x9c, 0xb1, 0xf3,
+    0x70, 0x7c, 0x68, 0x43, 0x46, 0x13, 0x46, 0xee, 0x27, 0x75,
+    0x12, 0x45, 0x42, 0xde, 0xa5, 0x8d, 0xcf, 0xf7, 0x09, 0x87,
+    0xa8, 0x80, 0x3d, 0xb6, 0x45, 0xee, 0x41, 0x2d, 0x7c, 0x45,
+    0x01, 0x9d, 0xaa, 0x78, 0xa8, 0x10, 0xa4, 0xfd, 0xb5, 0x5f,
+    0xee, 0x0f, 0x77, 0xba, 0x73, 0xff, 0x49, 0xdc, 0xfa, 0x39,
+    0xd6, 0xa3, 0x6f, 0x25, 0xb9, 0x63, 0x2c, 0x92, 0xc5, 0xdf,
+    0xfb, 0xba, 0x89, 0xf9, 0xfa, 0x94, 0x5b, 0x6f, 0x5a, 0x4d,
+    0x1c, 0xe4, 0xc9, 0x10, 0xf9, 0xa0, 0xe8, 0xc4, 0xcb, 0x55,
+    0x1a, 0xdb, 0x56, 0x5f, 0x8e, 0x91, 0x03, 0x23, 0xca, 0xb0,
+    0x1f, 0xef, 0xb8, 0x6c, 0x13, 0x5a, 0x99, 0x25, 0xf0, 0x49,
+    0xa9, 0x5a, 0x45, 0xf7, 0xfd, 0x1a, 0xc2, 0x71, 0x06, 0xe3,
+    0x2d, 0x25, 0x64, 0xb0, 0x52, 0x12, 0x03, 0x62, 0xc7, 0xb6,
+    0xf9, 0xdc, 0x1f, 0x78, 0xff, 0x8b, 0xfa, 0xde, 0x7f, 0x71,
+    0xa6, 0x35, 0x3e, 0xac, 0x20, 0x54, 0x94, 0xa7, 0x2e, 0x9d,
+    0x47, 0x17, 0x4b, 0xad, 0x92, 0xb3, 0x14, 0x26, 0x8c, 0x5a,
+    0xd0, 0x16, 0x4b, 0x22, 0xe9, 0x0c, 0x79, 0x6b, 0x8e, 0xac,
+    0x0d, 0x12, 0xf5, 0x66, 0x8e, 0x82, 0x1a, 0x44, 0xf3, 0xe9,
+    0x56, 0x5a, 0xcd, 0x1c, 0x1b, 0x81, 0x7b, 0x63, 0x59, 0xfe,
+    0xc8, 0xc0, 0xe3, 0xda, 0x16, 0x6b, 0x6f, 0x0d, 0xba, 0x0e,
+    0x47, 0x12, 0x86, 0x9e, 0xf0, 0x3b, 0x4d, 0x87, 0x3b, 0xf2,
+    0x75, 0x73, 0x2d, 0xdf, 0xca, 0x76, 0x0b, 0xbd, 0xe7, 0xb7,
+    0x74, 0x24, 0xf3, 0xc6, 0xe6, 0x75, 0x3f, 0x8b, 0x6a, 0xd9,
+    0xad, 0xed, 0xc0, 0x70, 0x04, 0x1e, 0x0b, 0x8e, 0x8b, 0x7f,
+    0xea, 0xbc, 0x39, 0x6b, 0x8a, 0x44, 0xa6, 0x9a, 0x2d, 0x0d,
+    0x8c, 0x21, 0x60, 0x09, 0xd2, 0x4a, 0xe0, 0x62, 0xcf, 0xfa,
+    0xe8, 0x9b, 0x35, 0x6f, 0x23, 0x2f, 0xb5, 0x65, 0x08, 0x60,
+    0x92, 0x15, 0xd0, 0x5b, 0x63, 0xcc, 0x65, 0x05, 0xd1, 0xef,
+    0x0f, 0x7e, 0x1b, 0xb3, 0x8e, 0xc6, 0x12, 0x85, 0xc9, 0x82,
+    0x53, 0x79, 0x2e, 0x80, 0x5f, 0x0c, 0x7b, 0xc7, 0x1c, 0x83,
+    0x41, 0x06, 0xd8, 0x41, 0xc9, 0xe7, 0xb9, 0x4b, 0xa1, 0x61,
+    0xc6, 0x86, 0x67, 0xf5, 0x10, 0xf7, 0x34, 0x0d, 0x39, 0x9e,
+    0x2b, 0x5f, 0x19, 0x06, 0x02, 0xa5, 0x02, 0x23, 0x71, 0xc2,
+    0x12, 0x65, 0xcc, 0x81, 0x06, 0xfd, 0x8d, 0x09, 0x68, 0x37,
+    0x06, 0x3b, 0xff, 0xc4, 0x24, 0xb3, 0x1f, 0xd6, 0xe6, 0x8f,
+    0x9c, 0x74, 0x2c, 0x5e, 0xc5, 0xf4, 0xe9, 0xeb, 0xca, 0xd3,
+    0x04, 0x5b, 0x92, 0x9e, 0x5c, 0x1a, 0x1d, 0xa1, 0xa7, 0x34,
+    0xd2, 0x05, 0xae, 0xdb, 0x3d, 0x71, 0x10, 0x6e, 0x30, 0xd9,
+    0xa3, 0x44, 0xa0, 0xbd, 0x9e, 0x7b, 0xb5, 0x12, 0x8a, 0x12,
+    0x07, 0x60, 0xd7, 0x1f, 0x92, 0xe6, 0xfe, 0x04, 0xa9, 0x3e,
+    0x62, 0x64, 0x00, 0x5f, 0x7c, 0x7b, 0x34, 0x09, 0xeb, 0x4a,
+    0x18, 0x9e, 0x77, 0x72, 0x3a, 0x31, 0x1a, 0x62, 0x2a, 0xb5,
+    0xcb, 0x4e, 0x53, 0xce, 0xad, 0x8b, 0x5a, 0x20, 0x4f, 0xd7,
+    0x3e, 0x16, 0xf8, 0x10, 0xe2, 0xae, 0xbd, 0x3f, 0x02, 0xa9,
+    0x18, 0xa0, 0x01, 0x18, 0x84, 0x95, 0x22, 0x2e, 0x93, 0x76,
+    0x44, 0x4e, 0x11, 0x7b, 0x03, 0x51, 0x50, 0x19, 0x79, 0xe7,
+    0xbb, 0x5c, 0x7b, 0xca, 0x74, 0xb4, 0x25, 0x26, 0xdb, 0x66,
+    0xaa, 0x0b, 0x21, 0x07, 0xfb, 0x7a, 0x96, 0x10, 0x7d, 0x99,
+    0xa9, 0x16, 0xcb, 0x0e, 0xba, 0x63, 0xab, 0x95, 0xfc, 0x5a,
+    0xbe, 0xa6, 0x7f, 0xd8, 0xb4, 0xcd, 0x7c, 0xc5, 0xd0, 0xb1,
+    0x1b, 0x48, 0x40, 0xfb, 0xe6, 0x2f, 0x2b, 0x94, 0xfe, 0x68,
+    0xa2, 0xc4, 0x36, 0xd9, 0xcd, 0xc1, 0x93, 0x6d, 0xef, 0x39,
+    0x5e, 0x43, 0x30, 0x5a, 0x2e, 0x66, 0xb6, 0xf2, 0xed, 0x9a,
+    0x8d, 0x12, 0xdf, 0x5c, 0xae, 0xad, 0x16, 0x12, 0x7e, 0x81,
+    0x82, 0x91, 0x7d, 0x2b, 0x12, 0xe9, 0x96, 0xb8, 0xb7, 0x42,
+    0xcb, 0x1f, 0xf8, 0xd1, 0xfd, 0x83, 0x7a, 0xe4, 0x36, 0x1d,
+    0x04, 0x27, 0x4c, 0xe5, 0xbd, 0x75, 0x24, 0xf7, 0xbd, 0xb6,
+    0x6a, 0x68, 0x4e, 0x2c, 0x1b, 0x56, 0x3e, 0x60, 0xa4, 0x42,
+    0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77,
+    0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1,
+    0xfe, 0x4b,
+};
+static const int sizeof_bench_dilithium_level2_pubkey =
+    sizeof(bench_dilithium_level2_pubkey);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+
+/* raw private key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level3_key.der */
+static const unsigned char bench_dilithium_level3_key[] = {
+    0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
+    0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
+    0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77,
+    0x61, 0x6d, 0x72, 0xdd, 0x85, 0x06, 0xf6, 0x94, 0x0a, 0x57,
+    0x52, 0xcd, 0xac, 0x83, 0x4a, 0xe5, 0xbe, 0xa4, 0x30, 0x79,
+    0x9e, 0xc6, 0xd6, 0x04, 0xc8, 0x73, 0xdc, 0x5e, 0x41, 0x75,
+    0x2f, 0xac, 0x76, 0x57, 0x03, 0x08, 0x46, 0xcb, 0xaf, 0x4c,
+    0x6a, 0x4f, 0x20, 0x18, 0xb3, 0x2e, 0x11, 0x54, 0xb5, 0x94,
+    0xe6, 0x6f, 0x76, 0xf6, 0xb9, 0x73, 0x9a, 0x07, 0x73, 0xe8,
+    0x90, 0xd1, 0x04, 0xda, 0xc5, 0x97, 0xb9, 0x52, 0x51, 0xc8,
+    0xc9, 0xcc, 0x87, 0x29, 0xa1, 0xde, 0x79, 0x9b, 0xf8, 0x7f,
+    0x80, 0x3f, 0xfd, 0xb3, 0x24, 0xa5, 0xba, 0xf5, 0xd6, 0xd4,
+    0x07, 0xbd, 0xa7, 0x1b, 0xd0, 0xe1, 0xd0, 0x43, 0x14, 0x52,
+    0x27, 0x03, 0x33, 0x76, 0x00, 0x67, 0x30, 0x23, 0x76, 0x34,
+    0x72, 0x02, 0x41, 0x62, 0x12, 0x43, 0x86, 0x30, 0x18, 0x28,
+    0x46, 0x27, 0x45, 0x20, 0x88, 0x33, 0x54, 0x10, 0x03, 0x81,
+    0x44, 0x50, 0x06, 0x44, 0x56, 0x30, 0x37, 0x38, 0x38, 0x46,
+    0x03, 0x85, 0x01, 0x86, 0x43, 0x80, 0x78, 0x28, 0x83, 0x55,
+    0x37, 0x44, 0x80, 0x12, 0x17, 0x51, 0x78, 0x46, 0x22, 0x01,
+    0x53, 0x54, 0x63, 0x87, 0x77, 0x38, 0x11, 0x81, 0x43, 0x30,
+    0x15, 0x47, 0x66, 0x11, 0x40, 0x65, 0x70, 0x56, 0x62, 0x28,
+    0x21, 0x65, 0x30, 0x45, 0x63, 0x53, 0x31, 0x80, 0x81, 0x71,
+    0x23, 0x62, 0x85, 0x03, 0x07, 0x56, 0x16, 0x28, 0x18, 0x35,
+    0x07, 0x38, 0x60, 0x68, 0x17, 0x30, 0x15, 0x20, 0x04, 0x13,
+    0x13, 0x61, 0x51, 0x58, 0x00, 0x37, 0x51, 0x58, 0x14, 0x06,
+    0x12, 0x55, 0x13, 0x46, 0x76, 0x05, 0x51, 0x87, 0x32, 0x62,
+    0x50, 0x41, 0x88, 0x24, 0x50, 0x31, 0x65, 0x36, 0x31, 0x02,
+    0x75, 0x35, 0x78, 0x27, 0x36, 0x08, 0x01, 0x77, 0x22, 0x77,
+    0x30, 0x80, 0x11, 0x21, 0x28, 0x26, 0x68, 0x27, 0x13, 0x70,
+    0x50, 0x44, 0x88, 0x20, 0x50, 0x67, 0x65, 0x74, 0x17, 0x46,
+    0x50, 0x16, 0x42, 0x75, 0x35, 0x12, 0x60, 0x12, 0x17, 0x13,
+    0x36, 0x72, 0x04, 0x77, 0x07, 0x55, 0x20, 0x27, 0x15, 0x02,
+    0x25, 0x12, 0x57, 0x71, 0x37, 0x45, 0x43, 0x34, 0x40, 0x31,
+    0x78, 0x50, 0x31, 0x28, 0x17, 0x84, 0x87, 0x43, 0x25, 0x75,
+    0x58, 0x05, 0x61, 0x56, 0x41, 0x44, 0x57, 0x67, 0x85, 0x54,
+    0x00, 0x88, 0x88, 0x50, 0x68, 0x11, 0x14, 0x42, 0x08, 0x74,
+    0x73, 0x00, 0x38, 0x08, 0x45, 0x28, 0x62, 0x43, 0x36, 0x20,
+    0x30, 0x10, 0x87, 0x83, 0x67, 0x62, 0x02, 0x48, 0x46, 0x50,
+    0x08, 0x08, 0x41, 0x43, 0x78, 0x22, 0x65, 0x87, 0x43, 0x84,
+    0x25, 0x36, 0x58, 0x64, 0x30, 0x10, 0x20, 0x68, 0x82, 0x47,
+    0x60, 0x31, 0x76, 0x68, 0x74, 0x68, 0x75, 0x61, 0x16, 0x26,
+    0x82, 0x50, 0x32, 0x61, 0x41, 0x22, 0x38, 0x20, 0x86, 0x75,
+    0x74, 0x00, 0x77, 0x12, 0x81, 0x35, 0x51, 0x78, 0x88, 0x64,
+    0x82, 0x00, 0x41, 0x55, 0x62, 0x87, 0x51, 0x41, 0x74, 0x51,
+    0x53, 0x27, 0x33, 0x84, 0x68, 0x86, 0x57, 0x60, 0x44, 0x30,
+    0x22, 0x32, 0x10, 0x52, 0x22, 0x83, 0x48, 0x53, 0x66, 0x74,
+    0x14, 0x52, 0x32, 0x71, 0x41, 0x08, 0x83, 0x67, 0x41, 0x38,
+    0x46, 0x80, 0x88, 0x14, 0x84, 0x30, 0x85, 0x35, 0x46, 0x20,
+    0x54, 0x84, 0x56, 0x84, 0x54, 0x82, 0x14, 0x11, 0x52, 0x07,
+    0x86, 0x46, 0x05, 0x82, 0x26, 0x85, 0x75, 0x07, 0x88, 0x75,
+    0x51, 0x17, 0x54, 0x32, 0x68, 0x66, 0x08, 0x23, 0x66, 0x06,
+    0x42, 0x28, 0x00, 0x84, 0x27, 0x27, 0x43, 0x47, 0x12, 0x27,
+    0x13, 0x15, 0x17, 0x74, 0x85, 0x14, 0x12, 0x62, 0x06, 0x47,
+    0x17, 0x60, 0x00, 0x10, 0x85, 0x16, 0x55, 0x64, 0x46, 0x62,
+    0x77, 0x05, 0x51, 0x23, 0x52, 0x37, 0x51, 0x78, 0x35, 0x66,
+    0x14, 0x15, 0x78, 0x40, 0x16, 0x54, 0x67, 0x30, 0x61, 0x24,
+    0x26, 0x86, 0x56, 0x83, 0x62, 0x78, 0x88, 0x83, 0x50, 0x06,
+    0x13, 0x21, 0x33, 0x73, 0x16, 0x44, 0x86, 0x77, 0x65, 0x28,
+    0x12, 0x40, 0x62, 0x54, 0x55, 0x84, 0x00, 0x11, 0x77, 0x38,
+    0x71, 0x51, 0x38, 0x32, 0x33, 0x67, 0x15, 0x77, 0x24, 0x33,
+    0x44, 0x11, 0x05, 0x65, 0x13, 0x03, 0x72, 0x63, 0x81, 0x58,
+    0x08, 0x03, 0x34, 0x23, 0x61, 0x00, 0x02, 0x63, 0x86, 0x40,
+    0x03, 0x71, 0x34, 0x27, 0x45, 0x10, 0x34, 0x26, 0x83, 0x28,
+    0x31, 0x35, 0x26, 0x05, 0x58, 0x41, 0x11, 0x10, 0x65, 0x35,
+    0x22, 0x42, 0x28, 0x88, 0x46, 0x06, 0x57, 0x33, 0x88, 0x46,
+    0x04, 0x86, 0x88, 0x88, 0x51, 0x74, 0x82, 0x27, 0x58, 0x14,
+    0x11, 0x08, 0x13, 0x16, 0x61, 0x16, 0x14, 0x44, 0x83, 0x85,
+    0x71, 0x44, 0x55, 0x82, 0x16, 0x62, 0x85, 0x05, 0x43, 0x41,
+    0x73, 0x53, 0x60, 0x01, 0x80, 0x68, 0x33, 0x13, 0x43, 0x44,
+    0x73, 0x36, 0x65, 0x35, 0x22, 0x26, 0x13, 0x31, 0x36, 0x83,
+    0x30, 0x27, 0x15, 0x11, 0x54, 0x53, 0x24, 0x84, 0x75, 0x24,
+    0x72, 0x78, 0x34, 0x24, 0x35, 0x80, 0x06, 0x38, 0x88, 0x11,
+    0x41, 0x01, 0x34, 0x87, 0x77, 0x20, 0x14, 0x50, 0x55, 0x12,
+    0x17, 0x48, 0x87, 0x74, 0x58, 0x42, 0x31, 0x46, 0x36, 0x37,
+    0x26, 0x50, 0x04, 0x75, 0x77, 0x15, 0x41, 0x53, 0x04, 0x04,
+    0x26, 0x61, 0x65, 0x87, 0x55, 0x56, 0x07, 0x81, 0x28, 0x21,
+    0x41, 0x61, 0x41, 0x50, 0x17, 0x47, 0x25, 0x50, 0x20, 0x83,
+    0x46, 0x87, 0x18, 0x45, 0x40, 0x21, 0x06, 0x08, 0x12, 0x25,
+    0x71, 0x13, 0x35, 0x55, 0x54, 0x61, 0x00, 0x52, 0x74, 0x78,
+    0x13, 0x84, 0x55, 0x40, 0x14, 0x40, 0x78, 0x12, 0x88, 0x43,
+    0x33, 0x24, 0x66, 0x88, 0x22, 0x44, 0x15, 0x37, 0x81, 0x27,
+    0x84, 0x18, 0x28, 0x11, 0x58, 0x51, 0x71, 0x21, 0x02, 0x83,
+    0x70, 0x48, 0x32, 0x46, 0x00, 0x70, 0x17, 0x30, 0x63, 0x21,
+    0x46, 0x60, 0x50, 0x72, 0x77, 0x45, 0x83, 0x75, 0x26, 0x31,
+    0x47, 0x34, 0x47, 0x84, 0x87, 0x63, 0x22, 0x83, 0x21, 0x10,
+    0x21, 0x51, 0x47, 0x46, 0x31, 0x06, 0x57, 0x82, 0x65, 0x24,
+    0x61, 0x66, 0x24, 0x68, 0x14, 0x03, 0x43, 0x41, 0x04, 0x14,
+    0x47, 0x61, 0x57, 0x87, 0x43, 0x83, 0x43, 0x25, 0x87, 0x36,
+    0x72, 0x51, 0x38, 0x51, 0x54, 0x54, 0x84, 0x40, 0x15, 0x30,
+    0x35, 0x34, 0x43, 0x61, 0x63, 0x42, 0x77, 0x31, 0x42, 0x06,
+    0x61, 0x03, 0x01, 0x41, 0x08, 0x84, 0x02, 0x65, 0x04, 0x72,
+    0x32, 0x00, 0x21, 0x10, 0x54, 0x73, 0x04, 0x42, 0x48, 0x11,
+    0x74, 0x18, 0x63, 0x73, 0x28, 0x61, 0x36, 0x80, 0x20, 0x86,
+    0x24, 0x42, 0x16, 0x11, 0x71, 0x83, 0x78, 0x38, 0x82, 0x47,
+    0x67, 0x18, 0x56, 0x86, 0x85, 0x66, 0x18, 0x24, 0x50, 0x74,
+    0x72, 0x02, 0x66, 0x83, 0x63, 0x08, 0x25, 0x32, 0x15, 0x78,
+    0x33, 0x08, 0x34, 0x44, 0x08, 0x28, 0x10, 0x25, 0x40, 0x11,
+    0x04, 0x76, 0x60, 0x16, 0x65, 0x16, 0x13, 0x30, 0x53, 0x14,
+    0x77, 0x06, 0x06, 0x88, 0x64, 0x47, 0x08, 0x23, 0x11, 0x56,
+    0x46, 0x61, 0x48, 0x64, 0x73, 0x66, 0x07, 0x65, 0x41, 0x24,
+    0x67, 0x45, 0x42, 0x18, 0x62, 0x01, 0x70, 0x88, 0x03, 0x77,
+    0x22, 0x85, 0x77, 0x02, 0x85, 0x03, 0x65, 0x15, 0x57, 0x51,
+    0x28, 0x72, 0x53, 0x32, 0x05, 0x58, 0x84, 0x54, 0x03, 0x81,
+    0x63, 0x23, 0x38, 0x27, 0x01, 0x85, 0x61, 0x12, 0x28, 0x62,
+    0x22, 0x67, 0x56, 0x66, 0x63, 0x08, 0x74, 0x63, 0x21, 0x01,
+    0x46, 0x10, 0x08, 0x18, 0x07, 0x86, 0x47, 0x70, 0x50, 0x25,
+    0x45, 0x06, 0x55, 0x88, 0x46, 0x11, 0x23, 0x84, 0x70, 0x02,
+    0x24, 0x88, 0x52, 0x60, 0x12, 0x72, 0x63, 0x05, 0x81, 0x21,
+    0x26, 0x07, 0x64, 0x03, 0x56, 0x48, 0x27, 0x04, 0x38, 0x86,
+    0x25, 0x65, 0x21, 0x25, 0x77, 0x21, 0x62, 0x28, 0x82, 0x71,
+    0x85, 0x73, 0x78, 0x24, 0x78, 0x51, 0x61, 0x02, 0x81, 0x14,
+    0x67, 0x61, 0x08, 0x88, 0x31, 0x77, 0x06, 0x24, 0x45, 0x13,
+    0x67, 0x67, 0x54, 0x67, 0x00, 0x12, 0x62, 0x54, 0x11, 0x27,
+    0x51, 0x48, 0x07, 0x33, 0x01, 0x24, 0x04, 0x64, 0x11, 0x83,
+    0x18, 0x52, 0x55, 0x23, 0x24, 0x58, 0x53, 0x78, 0x30, 0x43,
+    0x31, 0x76, 0x62, 0x01, 0x08, 0x73, 0x21, 0x32, 0x12, 0x78,
+    0x22, 0x68, 0x33, 0x45, 0x33, 0x73, 0x02, 0x74, 0x21, 0x81,
+    0x02, 0x16, 0x54, 0x31, 0x55, 0x76, 0x25, 0x76, 0x41, 0x36,
+    0x75, 0x22, 0x78, 0x16, 0x60, 0x48, 0x58, 0x28, 0x83, 0x50,
+    0x88, 0x66, 0x72, 0x70, 0x21, 0x21, 0x24, 0x16, 0x62, 0x57,
+    0x20, 0x13, 0x80, 0x61, 0x15, 0x45, 0x42, 0x86, 0x00, 0x25,
+    0x77, 0x58, 0x84, 0x01, 0x66, 0x16, 0x46, 0x56, 0x68, 0x57,
+    0x12, 0x20, 0x75, 0x60, 0x41, 0x85, 0x02, 0x88, 0x12, 0x68,
+    0x20, 0x02, 0x41, 0x18, 0x87, 0x13, 0x17, 0x33, 0x74, 0x11,
+    0x08, 0x37, 0x47, 0x08, 0x31, 0x67, 0x08, 0x50, 0x61, 0x54,
+    0x56, 0x71, 0x63, 0x26, 0x85, 0x22, 0x07, 0x87, 0x71, 0x28,
+    0x20, 0x47, 0x48, 0x66, 0x54, 0x38, 0x03, 0x41, 0x38, 0x21,
+    0x70, 0x50, 0x66, 0x53, 0x56, 0x70, 0x74, 0x55, 0x70, 0x28,
+    0x52, 0x01, 0x42, 0x65, 0x53, 0x73, 0x32, 0x33, 0x67, 0x42,
+    0x67, 0x85, 0x18, 0x45, 0x12, 0x37, 0x58, 0x82, 0x13, 0x73,
+    0x78, 0x77, 0x03, 0x42, 0x04, 0x65, 0x55, 0x66, 0x07, 0x25,
+    0x07, 0x37, 0x40, 0x78, 0x66, 0x71, 0x11, 0x21, 0x43, 0x25,
+    0x87, 0x40, 0x58, 0x63, 0x33, 0x43, 0x52, 0x10, 0x31, 0x53,
+    0x56, 0x48, 0x05, 0x55, 0x77, 0x77, 0x26, 0x87, 0x28, 0x43,
+    0x61, 0x46, 0x11, 0x76, 0x82, 0x50, 0x42, 0x04, 0x32, 0x88,
+    0x18, 0x66, 0x16, 0x36, 0x64, 0x41, 0x38, 0x17, 0x55, 0x43,
+    0x06, 0x25, 0x80, 0x27, 0x21, 0x16, 0x81, 0x22, 0x64, 0x60,
+    0x38, 0x16, 0x82, 0x40, 0x72, 0x34, 0x73, 0x52, 0x61, 0x85,
+    0x11, 0x16, 0x00, 0x25, 0x03, 0x30, 0x06, 0x80, 0x21, 0x56,
+    0x64, 0x52, 0x23, 0x26, 0x37, 0x75, 0x73, 0x65, 0x53, 0x27,
+    0x37, 0x47, 0x56, 0x76, 0x80, 0x38, 0x53, 0x62, 0x14, 0x24,
+    0x64, 0x03, 0x66, 0x21, 0x72, 0x16, 0x36, 0x34, 0x11, 0x65,
+    0x61, 0x62, 0x86, 0x02, 0x83, 0x27, 0x80, 0x82, 0x70, 0x72,
+    0x52, 0x60, 0x20, 0x87, 0x58, 0x58, 0x14, 0x38, 0x47, 0x03,
+    0x10, 0x72, 0x60, 0x48, 0x02, 0x01, 0x17, 0x21, 0x61, 0x62,
+    0x38, 0x64, 0x27, 0x53, 0x57, 0x13, 0x68, 0x18, 0x26, 0x62,
+    0x43, 0x42, 0x21, 0x85, 0x70, 0x23, 0x58, 0x13, 0x72, 0x04,
+    0x04, 0x08, 0x05, 0x82, 0x26, 0x18, 0x82, 0x47, 0x87, 0x71,
+    0x32, 0x28, 0x68, 0x25, 0x87, 0x24, 0x06, 0x74, 0x41, 0x44,
+    0x08, 0x64, 0x68, 0x30, 0x24, 0x44, 0x21, 0x73, 0x03, 0x45,
+    0x70, 0x41, 0x06, 0x78, 0x38, 0x33, 0x88, 0x13, 0x31, 0x14,
+    0x18, 0x17, 0x45, 0x06, 0x26, 0x67, 0x66, 0x73, 0x82, 0x56,
+    0x66, 0x88, 0x70, 0x22, 0x55, 0x47, 0x27, 0x50, 0x86, 0x55,
+    0x53, 0x00, 0x28, 0x55, 0x40, 0x62, 0xe9, 0x37, 0x65, 0xe1,
+    0x30, 0x48, 0x6b, 0x35, 0x76, 0x96, 0x05, 0x21, 0xce, 0xed,
+    0x46, 0xae, 0x7e, 0x6d, 0xc9, 0xf1, 0xc9, 0xb3, 0x7a, 0xa7,
+    0xde, 0xa7, 0x62, 0x18, 0x11, 0xc0, 0xd8, 0xd0, 0x17, 0x0f,
+    0x38, 0xaf, 0x0e, 0x3d, 0xaf, 0xe6, 0x63, 0xb0, 0xc4, 0x68,
+    0x4e, 0x29, 0xa4, 0xf4, 0x20, 0x22, 0xbc, 0x82, 0x15, 0x1d,
+    0x08, 0x39, 0x18, 0xfe, 0x69, 0x55, 0x06, 0x3d, 0xf4, 0xa3,
+    0xe7, 0x29, 0x23, 0xa4, 0xd9, 0xa4, 0x22, 0x06, 0x2d, 0x5f,
+    0x22, 0xb3, 0x9b, 0x1c, 0xb6, 0x3e, 0xf3, 0xf4, 0x8a, 0xb3,
+    0x35, 0x18, 0x4c, 0x1f, 0xaf, 0xd4, 0xcf, 0x5b, 0x9b, 0xa7,
+    0xf8, 0xd2, 0x86, 0x71, 0x8e, 0x64, 0x96, 0xd1, 0x6e, 0xad,
+    0xd2, 0x7e, 0x16, 0x5b, 0x38, 0x91, 0x0e, 0x40, 0xaa, 0x07,
+    0x6a, 0x63, 0x2a, 0xc0, 0x5b, 0x14, 0x79, 0x52, 0xcb, 0x23,
+    0x6e, 0x76, 0x95, 0xd0, 0x90, 0x6c, 0x18, 0xe7, 0x89, 0xee,
+    0xb9, 0x7f, 0x33, 0x08, 0x35, 0x8f, 0xa3, 0xaa, 0xaa, 0x10,
+    0x2f, 0x8b, 0xc9, 0x6c, 0x1d, 0x95, 0xb5, 0xb8, 0x54, 0x0d,
+    0x67, 0x86, 0xd4, 0x5d, 0xae, 0x8f, 0x33, 0x20, 0xe2, 0x35,
+    0xda, 0x71, 0x53, 0x24, 0xad, 0x16, 0x84, 0x2e, 0x98, 0xcd,
+    0x00, 0xa2, 0x69, 0x6a, 0x12, 0x9a, 0x86, 0xf3, 0x9f, 0x18,
+    0x6c, 0x9f, 0x24, 0xbe, 0xb3, 0xf4, 0x90, 0xb3, 0xc4, 0xa4,
+    0x8b, 0xce, 0x88, 0x60, 0xa0, 0x91, 0xb8, 0x9a, 0x52, 0xe5,
+    0xfe, 0x16, 0x6d, 0xff, 0xb3, 0xdc, 0x50, 0x79, 0xfe, 0x31,
+    0x24, 0xd4, 0x59, 0x5f, 0xf9, 0xb4, 0x70, 0x0b, 0x15, 0x93,
+    0xd9, 0xe9, 0x92, 0xb6, 0xf5, 0x80, 0x34, 0x63, 0x66, 0x78,
+    0xcf, 0xa9, 0xce, 0x48, 0xbf, 0xbe, 0x9e, 0xfa, 0xdd, 0x7d,
+    0xf4, 0x16, 0xe2, 0xd2, 0x98, 0x13, 0xe2, 0x76, 0xdd, 0x0a,
+    0xc7, 0x2d, 0xe8, 0x88, 0x8e, 0x1a, 0xc0, 0xfc, 0xe8, 0x35,
+    0xaf, 0x5d, 0xe2, 0x4c, 0x96, 0x82, 0x4c, 0xe5, 0x89, 0x14,
+    0xb8, 0x27, 0x39, 0xb5, 0x55, 0xc5, 0xa5, 0x8a, 0x01, 0xcc,
+    0xfd, 0xbd, 0xa9, 0xec, 0xae, 0xc0, 0xe7, 0xd7, 0xf8, 0x11,
+    0x84, 0x35, 0x99, 0x26, 0xb6, 0xc6, 0xf7, 0x35, 0xe0, 0x93,
+    0xd8, 0xd7, 0xbf, 0xc0, 0xc8, 0x44, 0xfd, 0x46, 0xf5, 0xb7,
+    0xc5, 0x5a, 0x75, 0xd3, 0xc7, 0xfa, 0xf4, 0xe1, 0xc0, 0x84,
+    0x5e, 0x31, 0xfe, 0x69, 0x80, 0x5a, 0xe5, 0x4b, 0x9b, 0x5b,
+    0xa4, 0x5c, 0x23, 0xaa, 0x85, 0xc9, 0x9a, 0xbd, 0x71, 0x49,
+    0x11, 0x30, 0x8b, 0x81, 0xa1, 0xdd, 0xf8, 0xb8, 0x74, 0x91,
+    0xe7, 0xf7, 0x82, 0x42, 0x70, 0x22, 0x95, 0xf0, 0xcc, 0x9f,
+    0x02, 0x33, 0x0f, 0x08, 0x3b, 0x04, 0x31, 0xd7, 0x4f, 0x86,
+    0x78, 0x49, 0xb9, 0x90, 0xf5, 0x8f, 0xec, 0x12, 0x84, 0x52,
+    0x03, 0x1f, 0x64, 0x5e, 0xf0, 0x2a, 0xeb, 0x87, 0xa5, 0xec,
+    0x95, 0x25, 0x64, 0x25, 0x49, 0x3b, 0x3c, 0x30, 0xed, 0x3b,
+    0xe9, 0x36, 0xfd, 0xae, 0xa6, 0x26, 0xd3, 0x45, 0xbc, 0x1b,
+    0x78, 0x5f, 0xce, 0x27, 0x45, 0x1c, 0xd5, 0xf9, 0xa7, 0xda,
+    0x62, 0xe6, 0x7e, 0xd3, 0xbb, 0xd8, 0x0a, 0xfd, 0xf5, 0xa5,
+    0x31, 0x09, 0x6e, 0x40, 0xe8, 0xcf, 0xc1, 0x42, 0x8e, 0x2e,
+    0x75, 0x65, 0xaa, 0x91, 0x6f, 0xc7, 0x75, 0x3a, 0x1e, 0x40,
+    0x99, 0x71, 0x5e, 0x00, 0xae, 0x07, 0xad, 0x43, 0x49, 0xdd,
+    0x6d, 0x36, 0xe3, 0xa8, 0xdf, 0x2c, 0x39, 0xa2, 0x57, 0xd7,
+    0x93, 0xa1, 0x16, 0x80, 0x89, 0xa6, 0x56, 0x69, 0x75, 0xea,
+    0xb8, 0xb2, 0x43, 0x0c, 0xdf, 0x46, 0x05, 0x9a, 0x39, 0x08,
+    0x3b, 0xb6, 0x76, 0xe3, 0x5b, 0x98, 0x5b, 0x48, 0xc0, 0x11,
+    0x14, 0x6f, 0xcd, 0xb7, 0xaa, 0x08, 0x1e, 0x53, 0x9b, 0x94,
+    0x9d, 0xa2, 0xe6, 0x99, 0xcb, 0x1c, 0xb4, 0xbf, 0x55, 0x84,
+    0x12, 0xc9, 0xf1, 0xf0, 0x94, 0xd9, 0x7d, 0x61, 0xa9, 0xe7,
+    0xe6, 0xc1, 0xe2, 0xca, 0x6b, 0x36, 0x80, 0x72, 0x31, 0x79,
+    0xbf, 0xe7, 0x3e, 0x99, 0x9e, 0xd5, 0x59, 0xd4, 0x97, 0x14,
+    0xd5, 0xfa, 0x93, 0x37, 0x8a, 0x65, 0xa5, 0xb6, 0x4e, 0xba,
+    0xb3, 0x84, 0xf2, 0xc1, 0x55, 0xb6, 0x94, 0x31, 0x30, 0xe7,
+    0xb2, 0x71, 0x4e, 0xc6, 0x21, 0x50, 0xf3, 0xcf, 0x7c, 0xbc,
+    0x26, 0xb7, 0x20, 0xcb, 0x2d, 0x9e, 0x55, 0x23, 0x7c, 0xf0,
+    0x97, 0x16, 0x57, 0x5b, 0xcc, 0xc5, 0x48, 0xc9, 0xc8, 0xee,
+    0x1e, 0x11, 0x6b, 0x72, 0x3b, 0x29, 0x71, 0xa4, 0xed, 0x08,
+    0x6c, 0x38, 0xc6, 0x2e, 0x64, 0x3b, 0x16, 0xd8, 0x4d, 0x19,
+    0xe8, 0x94, 0xd3, 0xd5, 0xb4, 0x18, 0xb4, 0x03, 0x24, 0x62,
+    0xe7, 0x44, 0x5e, 0x09, 0x60, 0xc6, 0xa9, 0xa6, 0xca, 0xbe,
+    0x83, 0xe5, 0xf1, 0xbd, 0x04, 0x22, 0x4b, 0x1b, 0x08, 0x0b,
+    0xa6, 0x20, 0x95, 0xf2, 0x78, 0x8c, 0x3e, 0x73, 0x03, 0x7b,
+    0x75, 0x2c, 0xe5, 0x72, 0xec, 0xc9, 0x25, 0x06, 0x6b, 0x3a,
+    0x5e, 0x0e, 0x96, 0xd0, 0xe3, 0x85, 0xb0, 0xb5, 0x6a, 0x83,
+    0x40, 0x41, 0x94, 0xce, 0xa1, 0x07, 0x79, 0x07, 0xe2, 0x50,
+    0xa4, 0xde, 0x7d, 0x64, 0x2f, 0x7e, 0x43, 0xd5, 0x72, 0xd1,
+    0xa7, 0xb9, 0x76, 0xa3, 0xfc, 0x25, 0x33, 0xd7, 0x95, 0xb5,
+    0xd9, 0x94, 0x93, 0x55, 0xaf, 0x04, 0x86, 0x4a, 0xfc, 0x2f,
+    0x5f, 0x3d, 0x34, 0x86, 0xf2, 0x9a, 0x31, 0x4c, 0xc9, 0xad,
+    0x08, 0xa5, 0x03, 0x91, 0x8a, 0x7e, 0x46, 0xc9, 0x44, 0x61,
+    0x11, 0x59, 0x4f, 0xbb, 0x70, 0xf9, 0x9d, 0x3e, 0x6d, 0x53,
+    0xb4, 0x16, 0x28, 0xd3, 0x67, 0x52, 0x14, 0xad, 0xba, 0xb1,
+    0x21, 0xaf, 0x84, 0x18, 0xc9, 0x37, 0x78, 0xb3, 0x78, 0x92,
+    0x95, 0xad, 0x1b, 0xc0, 0x70, 0xe7, 0xe9, 0x06, 0x02, 0xed,
+    0x6c, 0x99, 0x4e, 0x43, 0xc0, 0xa4, 0x6f, 0x23, 0xa8, 0x02,
+    0xc4, 0xbd, 0xc0, 0x16, 0xc4, 0xed, 0xe0, 0xe1, 0x56, 0x06,
+    0x3f, 0xf4, 0x77, 0x12, 0x72, 0x52, 0x04, 0xe8, 0xe4, 0x26,
+    0xe5, 0x01, 0x47, 0x5b, 0x8a, 0xca, 0x07, 0x3b, 0xc9, 0xb1,
+    0x42, 0x8f, 0x7d, 0x64, 0x7d, 0x5d, 0x6a, 0x95, 0xde, 0x4d,
+    0x4b, 0xd3, 0xfa, 0xcf, 0xf0, 0x25, 0x27, 0x96, 0x48, 0xb6,
+    0xcc, 0x68, 0x29, 0x37, 0x95, 0xcd, 0x36, 0xb7, 0xb0, 0xd6,
+    0xf1, 0xfc, 0x4f, 0xe9, 0xa8, 0x6b, 0x9d, 0x75, 0xc7, 0x9b,
+    0x19, 0xaf, 0xbb, 0x8a, 0xaf, 0x4b, 0xb8, 0xe2, 0xeb, 0x8d,
+    0xd9, 0xf5, 0x75, 0xc5, 0xc8, 0x0b, 0xf2, 0x1c, 0xf9, 0x9e,
+    0xc7, 0x4d, 0x7c, 0x71, 0x47, 0xbd, 0x57, 0x7e, 0xe6, 0x59,
+    0xca, 0x8c, 0xf2, 0x0c, 0x47, 0x4a, 0x90, 0xa7, 0xf5, 0xb8,
+    0xb2, 0x43, 0x97, 0xdb, 0xbe, 0x76, 0x37, 0x29, 0x36, 0x40,
+    0xaa, 0x7a, 0x81, 0xf0, 0xa0, 0xd0, 0x81, 0x39, 0x88, 0xf0,
+    0x23, 0xb0, 0xa4, 0xbe, 0x5e, 0xd8, 0x33, 0x98, 0x5d, 0x9d,
+    0xb5, 0xd4, 0x1c, 0x00, 0xe2, 0x30, 0xb8, 0x68, 0x58, 0x65,
+    0x30, 0x94, 0x3d, 0xf2, 0x75, 0x0c, 0x8e, 0x3b, 0xee, 0x9b,
+    0xce, 0x6c, 0x67, 0x68, 0x54, 0x86, 0x7d, 0x27, 0x2a, 0x2f,
+    0xf7, 0x25, 0xff, 0x22, 0x1e, 0x74, 0xbd, 0x72, 0x11, 0xf4,
+    0x47, 0x8e, 0x2f, 0x0d, 0xb9, 0x31, 0xac, 0x5c, 0x1d, 0xa0,
+    0x11, 0xea, 0x16, 0x24, 0x86, 0x76, 0xbd, 0xa3, 0x41, 0x7f,
+    0x00, 0xe6, 0xe2, 0x86, 0x93, 0xff, 0x02, 0x07, 0xce, 0x49,
+    0xe4, 0xaf, 0x00, 0x9b, 0x15, 0xa6, 0x05, 0xf7, 0x54, 0xd1,
+    0xbb, 0xa7, 0x09, 0x67, 0xe6, 0x99, 0xf9, 0x23, 0xe6, 0xaa,
+    0x6f, 0xcb, 0xe1, 0xc1, 0xac, 0x7b, 0x98, 0xa9, 0x14, 0x43,
+    0x55, 0x22, 0x2c, 0x7a, 0x4a, 0x4a, 0x63, 0xc1, 0xfe, 0x5c,
+    0xca, 0xf4, 0x91, 0x3b, 0x6f, 0xf8, 0x7e, 0x2a, 0xa1, 0x4a,
+    0xc3, 0x16, 0x1c, 0x1d, 0x53, 0x7d, 0x0e, 0x77, 0x0d, 0x72,
+    0x07, 0x78, 0xea, 0xce, 0xe4, 0x0c, 0xf7, 0xce, 0xa0, 0xef,
+    0xa1, 0xdb, 0x6b, 0x5f, 0xfd, 0xeb, 0x68, 0xc7, 0x76, 0xfd,
+    0x35, 0xd2, 0xcb, 0xa4, 0xf6, 0xe6, 0x6b, 0xdb, 0xe9, 0xd5,
+    0x1e, 0x05, 0x8a, 0xba, 0xed, 0x77, 0x94, 0x36, 0x6c, 0x3c,
+    0xe2, 0x23, 0xf8, 0x84, 0xa1, 0xe3, 0xcd, 0xfa, 0x1d, 0x31,
+    0x52, 0x4d, 0xbc, 0x16, 0x31, 0x92, 0xd7, 0xbe, 0x2e, 0xd6,
+    0x6d, 0x1d, 0x58, 0x4e, 0xd8, 0x06, 0x8f, 0xb3, 0xe6, 0x79,
+    0x60, 0x92, 0x71, 0x1f, 0x72, 0x84, 0x55, 0x7b, 0xfa, 0xc8,
+    0xcf, 0x20, 0x16, 0x2f, 0xc7, 0x13, 0x17, 0xd1, 0x2d, 0xd1,
+    0x0d, 0x84, 0x48, 0x08, 0x69, 0xd1, 0x55, 0xb1, 0x08, 0xb6,
+    0x17, 0x8c, 0x38, 0x31, 0xa4, 0x77, 0x73, 0xc0, 0xe9, 0xfc,
+    0x5f, 0x8e, 0xb3, 0x74, 0x1f, 0xab, 0xcf, 0xf5, 0x26, 0x26,
+    0x20, 0x80, 0xd8, 0x13, 0x42, 0xcf, 0xc7, 0x9d, 0xd6, 0x5b,
+    0x1a, 0xfd, 0x46, 0x83, 0xba, 0xc1, 0xe5, 0x92, 0xe9, 0x27,
+    0xa8, 0xa0, 0x36, 0xd5, 0x31, 0x75, 0x7b, 0x8f, 0x53, 0xf6,
+    0xbd, 0x08, 0x1a, 0x86, 0x81, 0x83, 0x85, 0x07, 0x44, 0x3e,
+    0xf9, 0x72, 0x47, 0xe0, 0xf1, 0xbe, 0x43, 0x6a, 0xc3, 0x00,
+    0x94, 0xd3, 0x19, 0x81, 0xde, 0xf3, 0xfd, 0x57, 0x98, 0xdc,
+    0x57, 0xfe, 0x9f, 0x4b, 0x38, 0x23, 0xad, 0xa8, 0xd4, 0x07,
+    0x07, 0x5c, 0xca, 0x25, 0xb8, 0x77, 0x7e, 0x45, 0x01, 0x9b,
+    0xd4, 0x45, 0x5b, 0x94, 0x47, 0x18, 0x35, 0x66, 0xad, 0x0a,
+    0x97, 0x06, 0xc6, 0xa7, 0xaa, 0x50, 0xbf, 0x07, 0x90, 0xfe,
+    0x50, 0x8d, 0xd9, 0x1f, 0xdd, 0x33, 0xa4, 0xa7, 0x23, 0x48,
+    0xa3, 0xd6, 0x5d, 0xb8, 0x9e, 0x97, 0x22, 0x32, 0xd3, 0x8a,
+    0xb0, 0x5e, 0xb3, 0xc9, 0x0b, 0x24, 0x09, 0x66, 0x2e, 0xea,
+    0x94, 0x9c, 0x90, 0x4f, 0x3e, 0x93, 0xcf, 0x30, 0x3f, 0xb4,
+    0xbe, 0x5e, 0x6c, 0xaf, 0x1a, 0xff, 0x00, 0xc7, 0x74, 0x2e,
+    0x8b, 0x08, 0xe9, 0x22, 0x61, 0xc5, 0xd1, 0x21, 0x15, 0xa1,
+    0xba, 0x37, 0xd2, 0x24, 0xfd, 0xa5, 0x63, 0x9a, 0x97, 0xfa,
+    0xfe, 0xb2, 0xa5, 0x1b, 0x3b, 0xbd, 0xb7, 0xb3, 0x2f, 0x3d,
+    0xf1, 0x5a, 0xf2, 0xf6, 0xe4, 0x12, 0xe4, 0x3a, 0x26, 0x3c,
+    0x21, 0x5c, 0xd6, 0x83, 0x65, 0x26, 0x86, 0xcc, 0x47, 0x84,
+    0xd7, 0x26, 0x31, 0x31, 0xcf, 0x1d, 0xd6, 0xc4, 0xa4, 0xf2,
+    0xd4, 0x25, 0x54, 0x2b, 0x81, 0x00, 0x1d, 0xd8, 0xdf, 0x04,
+    0xb8, 0x4b, 0xcf, 0xe5, 0x16, 0xf4, 0x4a, 0x17, 0xc5, 0xd8,
+    0xd3, 0xdf, 0xe4, 0xb7, 0xd3, 0x98, 0xb6, 0x73, 0xa0, 0x37,
+    0x67, 0xbb, 0x8b, 0xc3, 0xfc, 0xac, 0x6e, 0x6c, 0x0e, 0x5d,
+    0x44, 0xb0, 0x9d, 0xf8, 0xae, 0x17, 0x9b, 0xf9, 0xcb, 0xe8,
+    0xfe, 0xc1, 0x7b, 0x78, 0x16, 0xf6, 0x74, 0x04, 0x7d, 0x38,
+    0x17, 0x36, 0x09, 0xe3, 0x73, 0xa1, 0x76, 0x78, 0x7c, 0x14,
+    0xb3, 0x83, 0x91, 0x59, 0x27, 0xea, 0x8c, 0x69, 0xe6, 0xa5,
+    0x21, 0xcd, 0x78, 0xc7, 0x26, 0xa2, 0xfb, 0xd4, 0xf3, 0xaf,
+    0x3f, 0xcf, 0x51, 0x10, 0xcc, 0x4b, 0xdd, 0x14, 0xf4, 0xf3,
+    0xb8, 0xea, 0x07, 0xa7, 0x76, 0xe7, 0xbe, 0xec, 0x01, 0xb5,
+    0x1e, 0xdc, 0xc3, 0x55, 0x19, 0xb1, 0x16, 0x3f, 0xfe, 0xd4,
+    0x15, 0x49, 0xaf, 0x04, 0x9d, 0x38, 0xdd, 0x86, 0x53, 0x2a,
+    0x80, 0x62, 0x42, 0xb7, 0x98, 0x42, 0x38, 0xaf, 0x9d, 0x87,
+    0xe2, 0x3f, 0xea, 0x7e, 0x0a, 0x35, 0xb8, 0xee, 0xa5, 0x48,
+    0x09, 0x08, 0xc5, 0x0d, 0xae, 0x01, 0xd5, 0xec, 0x43, 0x29,
+    0x3b, 0xfb, 0x78, 0xc4, 0x96, 0x01, 0x1c, 0x21, 0xf2, 0xc9,
+    0x44, 0x68, 0x24, 0x66, 0x86, 0x96, 0xb8, 0xc8, 0xe9, 0xd0,
+    0x38, 0x0e, 0x96, 0x4d, 0xcc, 0x45, 0xab, 0xe1, 0xca, 0x50,
+    0x10, 0x20, 0x01, 0xbe, 0x89, 0xc0, 0x43, 0x84, 0xd8, 0x38,
+    0x52, 0xc0, 0xaf, 0x4d, 0x6b, 0x99, 0x0b, 0xc0, 0xc2, 0x99,
+    0x07, 0xc6, 0x78, 0xa8, 0xf7, 0x32, 0x84, 0x86, 0xc5, 0x1a,
+    0x95, 0x81, 0xa6, 0x6a, 0x05, 0xa7, 0x9d, 0x81, 0x0e, 0x32,
+    0x18, 0x11, 0x4a, 0x0f, 0xfc, 0x17, 0x9e, 0xf7, 0xbf, 0x54,
+    0x82, 0xed, 0xba, 0x6f, 0xbd, 0x41, 0xc1, 0xca, 0x55, 0x6c,
+    0xff, 0x32, 0x6b, 0xa2, 0x59, 0xae, 0xae, 0x92, 0xc1, 0xb5,
+    0xa6, 0xfc, 0xaf, 0x09, 0x48, 0x57, 0xd6, 0xee, 0x38, 0x99,
+    0xb4, 0xe3, 0x8f, 0xb7, 0xfc, 0x6a, 0x0a, 0x3b, 0x08, 0xe1,
+    0x81, 0x46, 0x11, 0xeb, 0x4a, 0x98, 0x43, 0x16, 0x16, 0x1f,
+    0x68, 0xdb, 0xb9, 0x71, 0x19, 0xfe, 0x8b, 0xe6, 0xb7, 0x8b,
+    0xc1, 0x3b, 0x90, 0xc5, 0x89, 0x1d, 0xca, 0xd9, 0x19, 0x6c,
+    0xe8, 0x01, 0xf4, 0x19, 0x50, 0x3e, 0x93, 0x84, 0xbf, 0xaa,
+    0x9a, 0x3d, 0x20, 0x4c, 0x4e, 0x79, 0x83, 0xec, 0x46, 0x83,
+    0x09, 0x00, 0xc3, 0x8a, 0xad, 0xd5, 0x2b, 0x08, 0xd1, 0x47,
+    0xac, 0x96, 0x0e, 0x34, 0xf0, 0x89, 0x1a, 0x0f, 0xf2, 0x51,
+    0x8d, 0x2c, 0xb5, 0xf2, 0xfe, 0x8c, 0xdc, 0xed, 0x41, 0x51,
+    0x8c, 0x71, 0x12, 0x05, 0xec, 0x68, 0x21, 0x86, 0x94, 0xf4,
+    0xfb, 0xfc, 0xaa, 0xc7, 0xc7, 0xbb, 0x74, 0xa2, 0x8b, 0x76,
+    0x62, 0x1c, 0x64, 0x11, 0xa0, 0xd0, 0x5f, 0x46, 0x64, 0xd4,
+    0x47, 0xbc, 0x8a, 0x5b, 0x2b, 0xc2, 0xc1, 0x88, 0xb2, 0x30,
+    0xbd, 0x02, 0x17, 0x18, 0x0a, 0xd7, 0x9b, 0x3d, 0x91, 0xb9,
+    0x2c, 0x83, 0x24, 0xb4, 0x8b, 0x9d, 0x02, 0xaf, 0xb2, 0x4e,
+    0x57, 0xe1, 0xb0, 0xa2, 0xf3, 0x7c, 0xde, 0x15, 0xba, 0x60,
+    0xbd, 0x80, 0xbe, 0x6d, 0x6f, 0x16, 0xb3, 0xb9, 0xb8, 0x6a,
+    0x55, 0xb4, 0xad, 0xf1, 0x01, 0x63, 0x40, 0x01, 0xba, 0x5b,
+    0x5d, 0x9a, 0xbc, 0xf0, 0x58, 0xa8, 0xf7, 0xbb, 0x8e, 0x91,
+    0xa0, 0xfd, 0x8c, 0x49, 0x8f, 0x1a, 0xbb, 0x2a, 0x28, 0x0d,
+    0x7a, 0xa6, 0xc2, 0xd7, 0x41, 0x16, 0xed, 0x61, 0x5d, 0xc4,
+    0xe7, 0xcf, 0x2b, 0xb4, 0xb9, 0x10, 0x6f, 0x38, 0x42, 0x88,
+    0x94, 0x6e, 0x75, 0x2c, 0x89, 0xac, 0xa0, 0xe9, 0x81, 0xec,
+    0x2d, 0x62, 0xa3, 0xba, 0x3c, 0x40, 0xdb, 0x65, 0x56, 0x8e,
+    0xc7, 0xd8, 0xb0, 0xd4, 0xf9, 0x04, 0x2b, 0x4c, 0x83, 0x20,
+    0xbe, 0xad, 0xb8, 0x66, 0x1c, 0x20, 0x32, 0xb3, 0xf6, 0xf1,
+    0xac, 0xa5, 0x8a, 0x72, 0x9a, 0x41, 0x1d, 0x6e, 0xa0, 0x16,
+    0xe0, 0x0c, 0x39, 0xb6, 0x06, 0x96, 0x55, 0xb7, 0xda, 0x1c,
+    0x54, 0x08, 0xf6, 0x30, 0x1b, 0xb6, 0x57, 0xca, 0x7d, 0xb0,
+    0xdc, 0x9e, 0xfa, 0x5c, 0x38, 0x7f, 0xac, 0x37, 0x80, 0x26,
+    0xba, 0xdc, 0x7a, 0x95, 0xe5, 0x7b, 0x90, 0xf3, 0x1a, 0xc7,
+    0x31, 0x8e, 0x97, 0x07, 0x9a, 0xb8, 0xbe, 0xae, 0x16, 0x11,
+    0x44, 0xb0, 0x01, 0xf5, 0xe8, 0x37, 0x1a, 0x67, 0xfe, 0x00,
+    0x8f, 0xa1, 0xf5, 0x03, 0x7c, 0xed, 0xbf, 0x42, 0xf4, 0x78,
+    0x2b, 0xfb, 0x9f, 0x8c, 0xb3, 0x63, 0x0b, 0x42, 0xbf, 0xae,
+    0x8e, 0xf7, 0x6f, 0xb4, 0xb1, 0xe8, 0x75, 0x8c, 0xdf, 0x69,
+    0xc6, 0xe1, 0x3a, 0x26, 0x05, 0x47, 0x03, 0x61, 0xfc, 0xc5,
+    0xa9, 0xc1, 0x4f, 0x70, 0xce, 0x18, 0xbb, 0x01, 0xe6, 0x11,
+    0xc9, 0xa7, 0x7e, 0x65, 0xb8, 0xdc, 0x61, 0x3d, 0x9b, 0x47,
+    0x2e, 0x34, 0x16, 0xa1, 0x73, 0x61, 0x91, 0xed, 0x45, 0xe3,
+    0x01, 0x26, 0xee, 0x16, 0x76, 0x0e, 0xb7, 0xa1, 0xc0, 0xb3,
+    0xac, 0xf0, 0xa5, 0x3b, 0xf6, 0x64, 0x1b, 0x93, 0x94, 0x5c,
+    0x8f, 0x4c, 0x25, 0x89, 0xa1, 0x92, 0x32, 0x50, 0x28, 0x03,
+    0x8b, 0xff, 0xc4, 0xf6, 0x2a, 0xe8, 0xda, 0x8d, 0xfe, 0x49,
+    0xb5, 0x33, 0x01, 0xca, 0x2d, 0x2d, 0x60, 0x33, 0xd6, 0x30,
+    0x38, 0x8a, 0x1e, 0x38, 0x3d, 0x78, 0x11, 0xff, 0xef, 0x1c,
+    0x82, 0x33, 0xbb, 0xfc, 0x95, 0xef, 0x79, 0xb0, 0x59, 0xbd,
+    0x2c, 0xfd, 0x1c, 0x3f, 0x42, 0xda, 0xdf, 0xbd, 0x56, 0xf2,
+    0xd6, 0xae, 0x2d, 0x23, 0x36, 0xed, 0xb1, 0x8d, 0x62, 0x58,
+    0x71, 0x66, 0x21, 0xe0, 0x4d, 0xee, 0xf4, 0x16, 0x48, 0xa6,
+    0xcf, 0x1a, 0x8a, 0xf0, 0x8a, 0xd1, 0x53, 0xf6, 0xe5, 0x4e,
+    0x98, 0x9d, 0x7d, 0x6c, 0xd2, 0xdf, 0xb8, 0x2d, 0xa6, 0xe5,
+    0x8a, 0xd6, 0xb5, 0xae, 0x61, 0x96, 0xfa, 0x6b, 0xca, 0x7f,
+    0x08, 0xc2, 0x2b, 0x67, 0x30, 0x5e, 0x21, 0x3b, 0xa4, 0x84,
+    0x95, 0xc6, 0x2f, 0x2c, 0x1f, 0xe2, 0x0e, 0x1a, 0xc3, 0x89,
+    0x6a, 0x6a, 0xe7, 0x08, 0xf9, 0x74, 0xee, 0x4f, 0xcd, 0x5e,
+    0xe8, 0xce, 0x55, 0x4d, 0x38, 0xed, 0x62, 0x35, 0xee, 0xfc,
+    0x14, 0x56, 0xb9, 0xf0, 0xce, 0x29, 0x1c, 0x21, 0x40, 0x51,
+    0xe4, 0x76, 0xe3, 0xa6, 0xd8, 0x3d, 0x54, 0x58, 0x51, 0xe5,
+    0xf0, 0xdc, 0x50, 0x39, 0x43, 0x67, 0x44, 0x14, 0xcc, 0x6e,
+    0x5a, 0xb1, 0x15, 0xec, 0xb4, 0x3e, 0x0e, 0xef, 0x8e, 0x72,
+    0x6a, 0xdf, 0xba, 0x37, 0x27, 0x15, 0x62, 0xc3, 0xbd, 0xee,
+    0x1d, 0xb1, 0x24, 0x2f, 0x57, 0x51, 0xf1, 0x8f, 0xfb, 0xd1,
+    0x10, 0x6f, 0x11, 0xb9, 0x94, 0x5c, 0x9c, 0x12, 0x26, 0x46,
+    0x46, 0x7b, 0x31, 0x0e, 0xad, 0x93, 0xe4, 0x4f, 0x09, 0xe3,
+    0xbf, 0xc5, 0xe3, 0x11, 0xa4, 0x25, 0x8d, 0x9b, 0x8e, 0x26,
+    0x02, 0xaa, 0x72, 0x18, 0xce, 0x89, 0x67, 0xfc, 0x1c, 0x28,
+    0xab, 0x11, 0x5a, 0x84, 0x23, 0x7c, 0x91, 0xac, 0x6b, 0x48,
+    0x9c, 0x39, 0x14, 0xa3, 0xac, 0xc6, 0x30, 0xbc, 0x1e, 0x0c,
+    0xd3, 0x34, 0x19, 0xa9, 0x2b, 0xe7, 0xa4, 0xf8, 0xc1, 0xf0,
+    0x3c, 0x60, 0xa2, 0xf7, 0x51, 0x86, 0xcf, 0x42, 0xad, 0x34,
+    0x81, 0xa6, 0x93, 0x0b, 0x88, 0x4c, 0xbf, 0xd2, 0x4f, 0xe0,
+    0xdb, 0xb2, 0x1d, 0x6d, 0xb2, 0x5c, 0xac, 0xd8, 0x64, 0x85,
+    0xc3, 0x35, 0x6e, 0x5d, 0xaf, 0x63, 0x3e, 0x47, 0xb7, 0x5d,
+    0x39, 0x21, 0x36, 0xa6, 0xd4, 0xef, 0x9e, 0x1c, 0x1f, 0xd6,
+    0xa4, 0xe0, 0xe4, 0x22, 0x75, 0x1e, 0xeb, 0x15, 0xb4, 0xee,
+    0x43, 0x37, 0x06, 0xf9, 0x77, 0xbf, 0x68, 0x9b, 0x9a, 0x7f,
+    0x38, 0x30, 0x87, 0xde, 0x0c, 0x6a, 0x39, 0x41, 0xe1, 0xed,
+    0xf4, 0x18, 0x6e, 0x29, 0x44, 0xf0, 0xfc, 0xb6, 0x09, 0x5b,
+    0xb3, 0x30, 0xc9, 0x0a, 0x8c, 0x41, 0x6f, 0x1e, 0x95, 0xbe,
+    0x93, 0x3c, 0x11, 0x9b, 0x24, 0xf7, 0x57, 0xb8, 0xc5, 0x9b,
+    0x08, 0xaa, 0xcd, 0x24, 0x86, 0x98, 0x59, 0x0f, 0xc6, 0x0e,
+    0xd2, 0x71, 0xb2, 0x5e, 0xae, 0x72, 0xc9, 0x69, 0x3b, 0x80,
+    0xc2, 0x27,
+};
+static const int sizeof_bench_dilithium_level3_key = sizeof(bench_dilithium_level3_key);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+
+/* raw public key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level3_key.der */
+static const unsigned char bench_dilithium_level3_pubkey[] = {
+    0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
+    0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
+    0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77,
+    0x61, 0x6d, 0x0f, 0xc1, 0x33, 0x26, 0x09, 0xf0, 0xf9, 0x4d,
+    0x12, 0x7a, 0xef, 0xf7, 0x21, 0x26, 0x2c, 0xe0, 0xe2, 0x92,
+    0x1f, 0x9d, 0xd1, 0xaa, 0xaf, 0x08, 0x14, 0xf2, 0xaa, 0x24,
+    0x99, 0x0f, 0x20, 0x57, 0x35, 0x04, 0x32, 0x96, 0x8e, 0x6e,
+    0x10, 0x64, 0xe3, 0xe3, 0x57, 0x26, 0x33, 0x32, 0x7b, 0xe4,
+    0x18, 0x41, 0x77, 0xd3, 0x24, 0x63, 0x3d, 0x11, 0xea, 0xdc,
+    0xbe, 0x59, 0xff, 0x8d, 0xc2, 0xe4, 0xc7, 0x04, 0xf3, 0xd4,
+    0xe0, 0x1d, 0x5e, 0x09, 0x46, 0xbf, 0x02, 0x05, 0xc7, 0xa6,
+    0xb7, 0x82, 0x40, 0x1f, 0x55, 0xe9, 0x77, 0x82, 0xc0, 0xcc,
+    0x86, 0x99, 0x19, 0x99, 0xa2, 0xc9, 0x1b, 0x4f, 0xdd, 0x49,
+    0x4c, 0x78, 0x0a, 0x58, 0xb8, 0xf0, 0x23, 0xac, 0x1a, 0x71,
+    0x57, 0x6d, 0xd6, 0x3a, 0x3a, 0x6f, 0x93, 0xb3, 0x2b, 0x09,
+    0xbe, 0xec, 0x7b, 0x5b, 0xf7, 0x3a, 0xed, 0xf9, 0xd0, 0xb1,
+    0xfe, 0x9f, 0x9b, 0xec, 0x11, 0xb6, 0x6b, 0xd1, 0xb6, 0x00,
+    0x72, 0x7f, 0x68, 0x9a, 0x61, 0xa5, 0xf5, 0x6e, 0xe9, 0x46,
+    0xa4, 0x82, 0x08, 0x9f, 0x50, 0x4c, 0x75, 0xc3, 0x48, 0x85,
+    0x76, 0x39, 0xea, 0x0c, 0xf2, 0xe8, 0x7e, 0x48, 0x69, 0xd9,
+    0x6f, 0x9a, 0x89, 0x7d, 0x98, 0xc1, 0x16, 0xdc, 0x2f, 0xc7,
+    0x0a, 0x11, 0xa8, 0xbb, 0xe7, 0x91, 0xb1, 0x0f, 0x0e, 0xf0,
+    0xb4, 0xc8, 0x41, 0x7e, 0x62, 0x9e, 0x3c, 0x30, 0x4c, 0xbc,
+    0x4c, 0xeb, 0x37, 0xaf, 0x48, 0x72, 0x59, 0x64, 0x8e, 0xfb,
+    0x77, 0x11, 0x28, 0xdd, 0x30, 0x52, 0x8e, 0x69, 0x8c, 0x9f,
+    0x3d, 0xec, 0xdf, 0xa7, 0x5f, 0x42, 0x18, 0xda, 0xba, 0x1a,
+    0x96, 0x91, 0x7d, 0x62, 0xd5, 0x52, 0xff, 0x44, 0xc9, 0x1d,
+    0x29, 0xa6, 0xb9, 0x03, 0x9a, 0x26, 0x26, 0xcf, 0x57, 0x40,
+    0x70, 0x7e, 0x2b, 0xbd, 0xf0, 0x81, 0x71, 0x0f, 0x0b, 0x2e,
+    0x9b, 0x03, 0xba, 0x31, 0x41, 0x68, 0x37, 0xc8, 0xff, 0xea,
+    0xc4, 0x73, 0xa5, 0xf9, 0xc2, 0x92, 0x78, 0x0c, 0xe7, 0xfd,
+    0x5d, 0xb2, 0x01, 0xb5, 0x8d, 0xeb, 0x64, 0xd4, 0x14, 0xea,
+    0x7a, 0xd1, 0x42, 0xc8, 0x99, 0xe4, 0x7d, 0x5b, 0x7e, 0x3b,
+    0x8f, 0xab, 0x82, 0x12, 0xdf, 0xbb, 0xa1, 0x45, 0x30, 0xc9,
+    0x0f, 0xb9, 0xe5, 0xba, 0xe6, 0x8a, 0xf3, 0x78, 0x61, 0xcc,
+    0x9f, 0xe1, 0x46, 0x2a, 0x9a, 0x18, 0x0e, 0x2a, 0x57, 0xf3,
+    0xe5, 0x56, 0xd1, 0x42, 0x48, 0xe1, 0x5a, 0x8e, 0x33, 0xce,
+    0x19, 0xe5, 0x3e, 0x7f, 0x00, 0x70, 0x9c, 0x4c, 0xd3, 0xe1,
+    0x0c, 0xa1, 0x7e, 0xd4, 0xa9, 0x9e, 0x8b, 0xe2, 0xf0, 0xac,
+    0xdb, 0xa6, 0x72, 0x75, 0x67, 0xa6, 0x57, 0xed, 0x79, 0x2e,
+    0xca, 0x8d, 0xeb, 0x9b, 0x9e, 0xb7, 0xbf, 0x30, 0x02, 0x2b,
+    0xb3, 0x43, 0x89, 0x9b, 0xa8, 0x88, 0xa5, 0xbb, 0x33, 0xd9,
+    0x99, 0x30, 0x7c, 0xc7, 0xd4, 0x28, 0x5e, 0x5e, 0x3f, 0x9d,
+    0x6d, 0x35, 0x75, 0x33, 0x8e, 0xff, 0x84, 0x2e, 0x2d, 0xda,
+    0xf0, 0xff, 0x70, 0xe5, 0xb5, 0x62, 0x96, 0x33, 0x3a, 0xd9,
+    0xb5, 0x82, 0x25, 0x81, 0x81, 0x40, 0x5d, 0x4f, 0x11, 0x86,
+    0x63, 0x1a, 0x06, 0xc1, 0x67, 0xc7, 0x49, 0x03, 0xc7, 0xe4,
+    0x6f, 0xb4, 0x13, 0x3e, 0x57, 0x62, 0xfd, 0x8a, 0xc6, 0x2b,
+    0x65, 0x5b, 0xa4, 0x29, 0x57, 0x8d, 0xde, 0xa5, 0xee, 0x32,
+    0xc2, 0x76, 0x03, 0xca, 0xce, 0xc1, 0x48, 0xec, 0x45, 0xcf,
+    0x30, 0x21, 0x28, 0x7f, 0x10, 0x47, 0xd2, 0xdb, 0xee, 0xca,
+    0x5b, 0x0f, 0xd5, 0x39, 0x3a, 0xc3, 0xa6, 0x78, 0xb2, 0x15,
+    0xaf, 0x82, 0x3c, 0x2f, 0xc4, 0x51, 0x5c, 0x52, 0xad, 0xf2,
+    0x89, 0x92, 0x8e, 0xf3, 0x50, 0x38, 0xed, 0xf8, 0xc9, 0x14,
+    0x4c, 0xe4, 0xa3, 0x9a, 0xaf, 0xc4, 0x5c, 0xf3, 0x9f, 0xc3,
+    0xa3, 0xc0, 0xbe, 0x45, 0x1b, 0x21, 0x63, 0xfa, 0xe0, 0xe0,
+    0x91, 0x2b, 0x42, 0xca, 0x91, 0xfb, 0x5e, 0x97, 0x9a, 0x0a,
+    0xd4, 0x88, 0xba, 0xb8, 0x22, 0xc6, 0xbf, 0x56, 0x58, 0x1e,
+    0x92, 0xa9, 0x9d, 0xa7, 0xed, 0xc9, 0xab, 0x54, 0x4f, 0x75,
+    0x8d, 0x42, 0xc1, 0xe1, 0x61, 0xd0, 0x91, 0x9a, 0x3a, 0x40,
+    0x9a, 0xa3, 0xfb, 0x7b, 0x4e, 0xf0, 0x85, 0xf0, 0xdc, 0x40,
+    0x72, 0x9f, 0x05, 0xa8, 0xbe, 0x95, 0x5a, 0x7f, 0xba, 0x75,
+    0x00, 0x6e, 0x95, 0x76, 0xbd, 0xb2, 0x40, 0xf5, 0xb0, 0x64,
+    0x0a, 0x2f, 0x06, 0x3d, 0x9f, 0xac, 0x6a, 0xa5, 0x46, 0x5a,
+    0x85, 0xa4, 0x6f, 0xee, 0x27, 0xa0, 0xeb, 0x5f, 0x1f, 0x91,
+    0xbd, 0x2b, 0x02, 0x16, 0xdf, 0x74, 0x97, 0x2c, 0xd0, 0xa8,
+    0x9f, 0x3a, 0x7b, 0xdf, 0x3e, 0x98, 0x4a, 0x91, 0xdc, 0x19,
+    0x96, 0x88, 0x75, 0x21, 0x1a, 0x6a, 0xa8, 0x4b, 0x1f, 0x35,
+    0xd1, 0x92, 0xf5, 0x76, 0xf4, 0x72, 0x55, 0x13, 0xdb, 0x5d,
+    0x07, 0x8d, 0xd9, 0x72, 0xe4, 0x75, 0xde, 0x80, 0xbc, 0xe9,
+    0x9c, 0xf0, 0x5c, 0x6a, 0x8a, 0x0e, 0x34, 0xf6, 0x3f, 0x5c,
+    0xef, 0x0e, 0xcc, 0x52, 0x38, 0x2d, 0x7b, 0xc2, 0x1b, 0x69,
+    0x9f, 0xe5, 0xed, 0x14, 0xb0, 0x91, 0x0b, 0xe9, 0x4d, 0x34,
+    0xd5, 0xaa, 0xd4, 0xd2, 0x46, 0x39, 0x45, 0x7e, 0x85, 0x2f,
+    0xdb, 0x89, 0xf4, 0xff, 0x05, 0x74, 0x51, 0xba, 0xdd, 0xee,
+    0xf6, 0xc2, 0xc1, 0x0a, 0x8f, 0xd9, 0xeb, 0xc7, 0x61, 0x30,
+    0x8f, 0x86, 0x8b, 0x1f, 0x82, 0xc1, 0x22, 0xfd, 0x83, 0xf4,
+    0x5d, 0xc5, 0x94, 0xf5, 0xd7, 0x17, 0xc7, 0x7b, 0x71, 0xf5,
+    0x5e, 0x15, 0x49, 0x70, 0xb2, 0x57, 0xa0, 0xc0, 0x57, 0x63,
+    0x53, 0x35, 0xb6, 0x52, 0x20, 0x7b, 0x83, 0xd4, 0x57, 0x63,
+    0x25, 0x8e, 0x83, 0xb3, 0x8e, 0x26, 0x1f, 0x09, 0xde, 0x14,
+    0xd6, 0xa6, 0xfc, 0xe5, 0x93, 0x3c, 0x88, 0x8e, 0xf5, 0x10,
+    0x57, 0xb9, 0xc9, 0x9b, 0xff, 0x72, 0x9d, 0x3d, 0x3f, 0x97,
+    0xd9, 0x3c, 0x20, 0xe2, 0x57, 0xfd, 0x2a, 0x5c, 0x17, 0x12,
+    0xe6, 0x08, 0xaf, 0xe4, 0x26, 0x96, 0xb9, 0x6d, 0xc3, 0xac,
+    0x22, 0xf3, 0x8b, 0x89, 0xde, 0xc7, 0x8a, 0x93, 0x06, 0xf7,
+    0x1d, 0x08, 0x21, 0x36, 0x16, 0x74, 0x2b, 0x97, 0x23, 0xe4,
+    0x79, 0x31, 0x08, 0x23, 0x62, 0x30, 0x67, 0xe2, 0xed, 0x30,
+    0x9b, 0x0c, 0xf9, 0x08, 0x7a, 0x29, 0x73, 0xc6, 0x77, 0x8a,
+    0xbb, 0x2a, 0x1c, 0x66, 0xd0, 0xdd, 0x9e, 0xa3, 0xe9, 0x62,
+    0xcc, 0xb7, 0x88, 0x25, 0x4a, 0x5f, 0xbc, 0xaa, 0xe3, 0xe4,
+    0x4f, 0xec, 0xa6, 0x8e, 0xa6, 0xa4, 0x1b, 0x22, 0x2b, 0x2c,
+    0x8f, 0x57, 0x7f, 0xb7, 0x33, 0xfe, 0x16, 0x43, 0x85, 0xc5,
+    0xd2, 0x95, 0xe6, 0xb9, 0x21, 0x68, 0x88, 0x98, 0x33, 0x8c,
+    0x1d, 0x15, 0x9c, 0x4d, 0x62, 0x1f, 0x6b, 0xe8, 0x7a, 0x2d,
+    0x6b, 0x0e, 0xc3, 0xde, 0x1a, 0xa8, 0xed, 0x67, 0xb3, 0xb3,
+    0x36, 0x5b, 0x4b, 0xcb, 0xe8, 0xa8, 0x5c, 0x0b, 0x2f, 0xca,
+    0xd7, 0x71, 0xe8, 0x85, 0xe7, 0x4d, 0xe5, 0x7b, 0x45, 0xed,
+    0xb2, 0x4c, 0x69, 0x04, 0x7e, 0x4f, 0xc0, 0xef, 0x1a, 0xca,
+    0x0d, 0xa6, 0xc4, 0x79, 0x15, 0x78, 0x9c, 0xd2, 0x91, 0x3c,
+    0x32, 0x55, 0x40, 0xe7, 0xcb, 0x7e, 0xde, 0x07, 0xa6, 0x97,
+    0x00, 0x2d, 0x70, 0xf6, 0x3d, 0x15, 0xdf, 0x29, 0x8e, 0xa3,
+    0x96, 0x6d, 0xf2, 0xbb, 0xa5, 0x1b, 0x7b, 0x58, 0x30, 0xf6,
+    0x17, 0xbd, 0xda, 0x13, 0xf7, 0x33, 0xc2, 0x62, 0x32, 0xd4,
+    0x1c, 0x2e, 0x31, 0x74, 0x92, 0xad, 0x99, 0x8c, 0x0e, 0x7c,
+    0x50, 0x21, 0xcd, 0xff, 0x41, 0xeb, 0xd1, 0xca, 0x14, 0xb7,
+    0xb2, 0x31, 0x2f, 0xbe, 0x16, 0xce, 0x4f, 0x26, 0x16, 0x04,
+    0xc2, 0xaf, 0xbe, 0x0d, 0x24, 0xab, 0x9a, 0x21, 0x37, 0x06,
+    0xac, 0x50, 0x23, 0xf1, 0xbe, 0x5c, 0xbb, 0x64, 0xf3, 0xd3,
+    0x66, 0xa3, 0xb8, 0xbe, 0x8b, 0x49, 0x8d, 0xf6, 0xc7, 0xb9,
+    0x8f, 0x4e, 0x31, 0x06, 0x51, 0xe5, 0xf3, 0x0e, 0x56, 0xc4,
+    0x24, 0x30, 0xf5, 0xe9, 0x36, 0x71, 0xbc, 0xc9, 0x70, 0x2c,
+    0x6c, 0x4c, 0x15, 0x43, 0x44, 0xa4, 0xfc, 0xf1, 0xd2, 0x71,
+    0x6c, 0x4c, 0xce, 0x30, 0x6c, 0x05, 0x7d, 0x2e, 0xb7, 0xbc,
+    0xe4, 0x65, 0x76, 0x24, 0x75, 0x36, 0xdf, 0x28, 0xfc, 0xcd,
+    0x9a, 0xba, 0xc2, 0xcd, 0xb0, 0x30, 0xdb, 0xe7, 0x2e, 0x3c,
+    0x92, 0x63, 0x1d, 0x30, 0x23, 0x74, 0xb1, 0xb8, 0xcc, 0xd7,
+    0xb6, 0x90, 0x65, 0x73, 0xa2, 0x2a, 0x6e, 0x49, 0x95, 0x0d,
+    0xab, 0x24, 0xdf, 0x2d, 0xbf, 0x76, 0x46, 0x01, 0x44, 0xe4,
+    0x18, 0x8e, 0xd5, 0x9a, 0x76, 0xc9, 0xc6, 0xbc, 0xdb, 0x7f,
+    0x80, 0x52, 0xc6, 0x40, 0x41, 0x12, 0x36, 0x7c, 0x80, 0x69,
+    0xce, 0x7b, 0xe1, 0xa0, 0x53, 0xa2, 0xd6, 0x8f, 0x3f, 0xf7,
+    0xd7, 0x61, 0x09, 0x70, 0xa2, 0xa0, 0xc6, 0xaf, 0xa0, 0xd0,
+    0xfa, 0x13, 0xbf, 0xc0, 0x69, 0x15, 0xce, 0x15, 0xec, 0x24,
+    0x4b, 0x6b, 0xdc, 0x93, 0x51, 0xc6, 0x82, 0x19, 0x92, 0x84,
+    0x5d, 0x99, 0xb0, 0x90, 0x2c, 0xcc, 0x2a, 0x81, 0x6b, 0x22,
+    0x64, 0x0a, 0xcb, 0x51, 0x25, 0x82, 0x50, 0x02, 0x2d, 0x3e,
+    0xd4, 0x72, 0xb3, 0x0c, 0x15, 0x77, 0xd2, 0xca, 0x98, 0x2f,
+    0x41, 0x93, 0x14, 0xb2, 0x7f, 0xa1, 0x97, 0xa3, 0xb8, 0x8a,
+    0x56, 0x24, 0x38, 0xa7, 0x36, 0xc5, 0x01, 0xc0, 0x9f, 0x3f,
+    0x3e, 0x9a, 0xf6, 0xe9, 0x16, 0x82, 0x01, 0x58, 0x70, 0x0e,
+    0x0d, 0xbc, 0xfa, 0x03, 0x57, 0x65, 0xa8, 0x5a, 0x3d, 0x57,
+    0x81, 0x23, 0xbe, 0x6e, 0xa9, 0xe8, 0x22, 0xdf, 0x2f, 0x70,
+    0xeb, 0x0a, 0x03, 0x96, 0x6b, 0xef, 0x20, 0x9f, 0xf2, 0x62,
+    0xe7, 0xb2, 0x6e, 0x3a, 0x1e, 0x40, 0x1f, 0xd2, 0x97, 0x48,
+    0xd1, 0x18, 0xf0, 0xeb, 0x52, 0x58, 0x02, 0x26, 0xce, 0x75,
+    0xb1, 0x3a, 0x9d, 0x5b, 0x52, 0x94, 0xb2, 0x6e, 0x0e, 0x3f,
+    0x39, 0xb6, 0xd9, 0x8a, 0x9d, 0xe8, 0x7c, 0x83, 0x32, 0xcc,
+    0x43, 0x35, 0x9b, 0x7a, 0xed, 0xb2, 0x1e, 0x51, 0x37, 0x6c,
+    0x14, 0xd8, 0xb8, 0x55, 0xb3, 0x91, 0xef, 0x0c, 0x3a, 0xe5,
+    0x77, 0xd0, 0xbd, 0xb0, 0x7d, 0x38, 0x84, 0x2a, 0x47, 0xb2,
+    0xb6, 0xda, 0xd7, 0x75, 0xd6, 0x2e, 0x60, 0xc7, 0x10, 0x52,
+    0xf7, 0xdd, 0x09, 0x15, 0x6f, 0x04, 0x31, 0xc3, 0x5a, 0x6b,
+    0x0c, 0x60, 0x10, 0xa8, 0x6e, 0x20, 0xa9, 0xdd, 0xb7, 0x72,
+    0xc3, 0x9e, 0x85, 0xd2, 0x8f, 0x16, 0x7e, 0x3d, 0xe0, 0x63,
+    0x81, 0x32, 0xfd, 0xca, 0xbc, 0x0f, 0xef, 0x3e, 0x74, 0x6a,
+    0xb1, 0x60, 0xc1, 0x10, 0x50, 0x7c, 0x67, 0xa4, 0x19, 0xa7,
+    0xb8, 0xed, 0xe6, 0xf5, 0x4e, 0x41, 0x53, 0xa6, 0x72, 0x1b,
+    0x2c, 0x33, 0x6a, 0x37, 0xf1, 0xb5, 0x1c, 0x01, 0x7d, 0xa2,
+    0x1f, 0x2c, 0x4e, 0x0a, 0xbf, 0xd4, 0x2c, 0x24, 0x91, 0x58,
+    0x62, 0xfb, 0xf8, 0x63, 0xd9, 0xf8, 0x78, 0xf5, 0xc7, 0x78,
+    0x32, 0xda, 0x99, 0xeb, 0x58, 0x20, 0x25, 0x19, 0xb1, 0x06,
+    0x7f, 0x6a, 0x29, 0x20, 0xdb, 0xc8, 0x22, 0x48, 0xa9, 0x7f,
+    0x24, 0x54, 0x8d, 0x7d, 0x8d, 0xb1, 0x69, 0xb2, 0xa3, 0x98,
+    0x14, 0x0f, 0xba, 0xfa, 0xb6, 0x15, 0xe8, 0x28, 0x99, 0x3f,
+    0x30, 0x04, 0x50, 0xab, 0x5a, 0x3c, 0xf1, 0x97, 0xe1, 0xc8,
+    0x0f, 0x0e, 0xb4, 0x11, 0x63, 0x5a, 0x79, 0x08, 0x48, 0x75,
+    0xaf, 0x9b, 0xca, 0xd9, 0x13, 0x18, 0xcc, 0xb1, 0xb3, 0xee,
+    0xdd, 0x63, 0xdd, 0xf4, 0x21, 0x98, 0x76, 0xe2, 0x3e, 0xd5,
+    0x86, 0x23, 0x33, 0x7e, 0xc7, 0xb4, 0x35, 0x4b, 0xc2, 0x2d,
+    0xe1, 0xe2, 0xb0, 0x6c, 0x8b, 0x9b, 0x20, 0x3d, 0x48, 0x24,
+    0x7c, 0xea, 0xa1, 0x75, 0x27, 0xe5, 0xf4, 0x70, 0xeb, 0x3b,
+    0xc7, 0x26, 0x37, 0x04, 0xff, 0x8a, 0x7a, 0xd0, 0xc2, 0xb7,
+    0x84, 0xb7, 0x29, 0xfb, 0x0e, 0xa3, 0xa8, 0x71, 0xcd, 0x58,
+    0x06, 0x36, 0xe2, 0xf2, 0x77, 0xcc, 0x0f, 0x78, 0x08, 0x2b,
+    0xbb, 0xe3, 0x53, 0x05, 0x71, 0xdc, 0x6c, 0x37, 0x32, 0x91,
+    0x46, 0x42, 0x4f, 0x21, 0xe0, 0x34, 0xad, 0x3f, 0x30, 0x5a,
+    0xc7, 0x0d, 0x17, 0x19, 0x39, 0x31, 0x58, 0x69, 0x3c, 0x8c,
+    0xbe, 0xe7, 0xa6, 0x3b, 0xad, 0xfb, 0x46, 0x89, 0x06, 0xc1,
+    0x8c, 0x16, 0x9a, 0x06, 0x3a, 0xd0, 0x7e, 0xd6, 0xb0, 0x7b,
+    0x7d, 0xf8, 0x91, 0x7c, 0xfa, 0xd9, 0x66, 0x39, 0xfa, 0xbc,
+    0x57, 0xa7, 0x78, 0x8b, 0x36, 0x78, 0xc0, 0x1c, 0x0e, 0x23,
+    0x05, 0x0e, 0x04, 0x61, 0x16, 0x34, 0xf9, 0xc6, 0x63, 0x58,
+    0xdf, 0xf4, 0x52, 0xce, 0xd0, 0x0f, 0x0c, 0xec, 0xb1, 0x82,
+    0xf4, 0x72, 0x73, 0x72, 0x3f, 0x02, 0xbe, 0xe3, 0x9c, 0x63,
+    0x73, 0xc8, 0x21, 0x65, 0xba, 0x57, 0x52, 0xa9, 0x19, 0xac,
+    0x68, 0x50, 0xbd, 0x2d, 0x72, 0x5b, 0x93, 0x0f, 0x1c, 0x81,
+    0x77, 0xd7, 0x2e, 0xc3, 0x93, 0x52, 0x6e, 0xdc, 0x79, 0x52,
+    0x9f, 0xe3, 0xde, 0xe1, 0xba, 0x58, 0x55, 0xab, 0x8a, 0xf2,
+    0x35, 0x6a, 0xcf, 0x94, 0x1f, 0x17, 0xa4, 0x23, 0x2e, 0x8e,
+    0x18, 0x21, 0xbe, 0x14, 0xfa, 0xe7, 0x59, 0xc5, 0x44, 0x34,
+    0xce, 0x03, 0xf4, 0xb7, 0x75, 0xd3, 0x51, 0x55, 0xdf, 0xff,
+    0xcf, 0x4f, 0x44, 0xee, 0x13, 0x9b, 0xcb, 0x12, 0xae, 0xe5,
+    0x5b, 0x44, 0x65, 0x28, 0xcb, 0x6a, 0x9c, 0x24, 0x1d, 0xea,
+    0x2d, 0x5e, 0xa5, 0xc3, 0x78, 0xad, 0xed, 0x0c, 0x05, 0xa6,
+    0xaf, 0x95, 0x04, 0xd2, 0xb5, 0x91, 0x0e, 0xa0, 0x06, 0x77,
+    0xc5, 0x82, 0xf6, 0xdd, 0x72, 0x83, 0x04, 0xcc, 0xb0, 0xab,
+    0x7a, 0xf0, 0xb4, 0x4d, 0x36, 0x71, 0x72, 0x1a, 0x9a, 0x0d,
+    0xcd, 0xa3, 0x11, 0xa8, 0x0d, 0x7d, 0x49, 0xce, 0x9c, 0x09,
+    0x1d, 0x08, 0xa4, 0x39, 0x2e, 0x03, 0xdf, 0x3a, 0xc8, 0xfe,
+    0x6a, 0x2b, 0x0b, 0x07, 0x80, 0x55, 0x8a, 0xa8, 0xe6, 0x0e,
+    0xc9, 0x7e, 0x83, 0xce, 0x3a, 0x98, 0x98, 0x4e, 0x3e, 0x08,
+    0x20, 0x8f, 0x10, 0xfc, 0xc1, 0xc4, 0xcf, 0x37, 0x8d, 0x69,
+    0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27,
+    0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14,
+    0x1b, 0x10,
+};
+static const int sizeof_bench_dilithium_level3_pubkey =
+    sizeof(bench_dilithium_level3_pubkey);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
+
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+
+/* raw private key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level5_key.der */
+static const unsigned char bench_dilithium_level5_key[] = {
+    0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
+    0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
+    0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd,
+    0xcc, 0x99, 0xfd, 0x0f, 0x8f, 0x6e, 0xad, 0x75, 0x9b, 0xc9,
+    0xb1, 0xb9, 0x90, 0x93, 0xbf, 0xce, 0x02, 0x2d, 0x12, 0x0c,
+    0x54, 0x2e, 0xe2, 0x3e, 0x52, 0xff, 0xe0, 0x7a, 0xca, 0x2d,
+    0x81, 0x84, 0xea, 0x16, 0x1f, 0x10, 0xc4, 0xc9, 0xde, 0xcd,
+    0xf6, 0xbd, 0x60, 0xc9, 0xb3, 0xd0, 0x0f, 0x57, 0xeb, 0x71,
+    0x78, 0x9b, 0xb5, 0x72, 0x2a, 0x65, 0x11, 0x14, 0xff, 0x63,
+    0x8d, 0x38, 0xcf, 0xa4, 0xf4, 0xad, 0xd0, 0x68, 0x84, 0x97,
+    0xfe, 0xd3, 0x91, 0xa0, 0xe4, 0xc3, 0x74, 0xcf, 0x20, 0x87,
+    0x89, 0x84, 0x1f, 0x75, 0x91, 0xe3, 0xb3, 0x47, 0x8b, 0xfe,
+    0x76, 0xb7, 0x2d, 0x30, 0x89, 0x02, 0x04, 0xc9, 0x93, 0xa8,
+    0x31, 0xd3, 0x84, 0x2d, 0xe4, 0x26, 0x12, 0xdb, 0x94, 0x08,
+    0x12, 0x45, 0x45, 0xca, 0x44, 0x89, 0x52, 0xc4, 0x28, 0x41,
+    0x46, 0x01, 0x1c, 0x93, 0x20, 0x8b, 0x40, 0x6d, 0x09, 0x36,
+    0x65, 0x4c, 0xa2, 0x40, 0x62, 0xb8, 0x2c, 0x1b, 0x00, 0x20,
+    0x61, 0x42, 0x8c, 0x24, 0xa7, 0x10, 0x19, 0x27, 0x25, 0x22,
+    0x14, 0x31, 0x13, 0x33, 0x46, 0x0c, 0x22, 0x22, 0x18, 0xa7,
+    0x91, 0x0c, 0x24, 0x61, 0xd9, 0x32, 0x46, 0xc8, 0x96, 0x49,
+    0x5c, 0x90, 0x89, 0x9b, 0x84, 0x01, 0x5c, 0x08, 0x42, 0x64,
+    0x84, 0x85, 0x0c, 0x42, 0x21, 0x20, 0x48, 0x21, 0x92, 0x00,
+    0x28, 0x83, 0x20, 0x4c, 0x08, 0xc7, 0x51, 0x99, 0x06, 0x66,
+    0x01, 0x18, 0x51, 0x13, 0x48, 0x0a, 0x0b, 0x42, 0x90, 0x4c,
+    0x14, 0x08, 0x83, 0x14, 0x6d, 0x10, 0x10, 0x91, 0xe2, 0xc4,
+    0x8d, 0xe1, 0x12, 0x11, 0x10, 0x40, 0x29, 0x99, 0x92, 0x30,
+    0x12, 0x39, 0x6c, 0x91, 0x86, 0x68, 0x08, 0x83, 0x0c, 0x54,
+    0x80, 0x80, 0xa2, 0x08, 0x52, 0x09, 0x30, 0x71, 0x0c, 0x10,
+    0x04, 0x53, 0x00, 0x65, 0x91, 0x12, 0x2d, 0x0c, 0xa2, 0x8c,
+    0x18, 0x14, 0x45, 0xd8, 0x14, 0x06, 0xe4, 0x36, 0x72, 0x93,
+    0x10, 0x68, 0x09, 0xc2, 0x08, 0x51, 0x14, 0x8c, 0x13, 0x39,
+    0x11, 0xd8, 0x44, 0x02, 0x18, 0x39, 0x29, 0x98, 0x16, 0x71,
+    0x82, 0x40, 0x70, 0x01, 0x10, 0x8c, 0x1a, 0x30, 0x08, 0x02,
+    0x03, 0x41, 0x5a, 0x00, 0x40, 0xa4, 0x16, 0x90, 0x20, 0x26,
+    0x32, 0x00, 0x49, 0x61, 0x20, 0x20, 0x0c, 0x1a, 0xb0, 0x10,
+    0x63, 0x10, 0x11, 0x58, 0x30, 0x0d, 0x59, 0x80, 0x68, 0x90,
+    0x46, 0x2a, 0x91, 0xa8, 0x71, 0x98, 0x20, 0x40, 0x21, 0x83,
+    0x6c, 0xc0, 0x48, 0x0d, 0x8b, 0x90, 0x11, 0x08, 0x09, 0x31,
+    0x8c, 0x00, 0x12, 0x10, 0x14, 0x6e, 0xc2, 0x06, 0x32, 0x1a,
+    0x26, 0x10, 0x0a, 0x91, 0x44, 0x08, 0x99, 0x8d, 0x60, 0x86,
+    0x28, 0x11, 0x20, 0x6d, 0xa3, 0x12, 0x81, 0x8b, 0xc6, 0x51,
+    0xcb, 0xa0, 0x61, 0x09, 0x97, 0x61, 0x48, 0xb6, 0x0d, 0x21,
+    0x49, 0x51, 0x08, 0x13, 0x0c, 0x0a, 0x34, 0x86, 0x49, 0x80,
+    0x65, 0x14, 0x39, 0x04, 0x21, 0x01, 0x81, 0x9a, 0xb8, 0x4d,
+    0x04, 0x41, 0x48, 0x03, 0x92, 0x81, 0x62, 0x14, 0x6c, 0x10,
+    0x16, 0x11, 0xe2, 0xa2, 0x49, 0xe3, 0x30, 0x65, 0x04, 0x93,
+    0x8d, 0x1c, 0x33, 0x70, 0x1b, 0x15, 0x50, 0xe4, 0x38, 0x80,
+    0x21, 0x37, 0x06, 0x20, 0xc6, 0x24, 0xc8, 0x22, 0x88, 0x4a,
+    0x44, 0x80, 0x14, 0x43, 0x88, 0x54, 0x44, 0x42, 0x11, 0x49,
+    0x41, 0x19, 0xb9, 0x2d, 0xcc, 0x04, 0x0d, 0x19, 0xc1, 0x65,
+    0x5b, 0xa0, 0x11, 0x94, 0x00, 0x84, 0xe4, 0xb6, 0x41, 0xc2,
+    0x18, 0x72, 0x5c, 0x02, 0x69, 0x11, 0x85, 0x24, 0x13, 0x35,
+    0x00, 0x62, 0x34, 0x04, 0x58, 0x40, 0x21, 0x00, 0xc4, 0x28,
+    0x0c, 0x17, 0x30, 0x10, 0x47, 0x60, 0x4b, 0xc2, 0x61, 0x9c,
+    0x80, 0x2c, 0x20, 0x94, 0x31, 0x58, 0x92, 0x09, 0xcc, 0x00,
+    0x02, 0x42, 0x94, 0x69, 0x99, 0x28, 0x06, 0x98, 0x02, 0x52,
+    0x90, 0x32, 0x6e, 0x8a, 0x18, 0x2e, 0x54, 0x94, 0x81, 0x03,
+    0xc6, 0x89, 0x03, 0xa1, 0x84, 0x48, 0x82, 0x48, 0x52, 0xc4,
+    0x00, 0x91, 0x30, 0x24, 0x20, 0x12, 0x0d, 0x83, 0x80, 0x05,
+    0x92, 0x48, 0x61, 0x98, 0x46, 0x92, 0xe1, 0xa6, 0x25, 0x20,
+    0x93, 0x4d, 0x1c, 0x37, 0x2c, 0x9b, 0x94, 0x8d, 0xc8, 0x88,
+    0x80, 0xa2, 0x18, 0x72, 0x0c, 0x09, 0x70, 0x81, 0x36, 0x90,
+    0x24, 0x45, 0x69, 0x53, 0x36, 0x6c, 0xd2, 0x20, 0x51, 0x23,
+    0xc1, 0x8c, 0x62, 0xb0, 0x70, 0x11, 0xb2, 0x70, 0xcb, 0x84,
+    0x69, 0x4b, 0x32, 0x89, 0x01, 0x21, 0x81, 0x02, 0x38, 0x66,
+    0xa3, 0x26, 0x12, 0x24, 0xa3, 0x30, 0x22, 0x24, 0x84, 0x18,
+    0xb9, 0x84, 0x40, 0x16, 0x50, 0x22, 0x44, 0x31, 0x1b, 0x13,
+    0x8d, 0x53, 0x02, 0x89, 0x4a, 0x22, 0x10, 0x53, 0x18, 0x01,
+    0x58, 0x30, 0x2d, 0x00, 0x05, 0x08, 0x13, 0x80, 0x84, 0xc2,
+    0x22, 0x0e, 0x88, 0x26, 0x2a, 0x04, 0xc4, 0x4c, 0x19, 0x43,
+    0x01, 0xc8, 0x38, 0x4c, 0xd1, 0xb2, 0x90, 0x13, 0x29, 0x10,
+    0x12, 0x48, 0x22, 0x01, 0xa8, 0x51, 0xd1, 0x92, 0x40, 0x11,
+    0x27, 0x62, 0x10, 0x01, 0x0c, 0x0c, 0xc6, 0x28, 0xe3, 0x46,
+    0x60, 0x24, 0x01, 0x8d, 0x14, 0xb6, 0x10, 0x50, 0xb6, 0x25,
+    0x44, 0x38, 0x40, 0x44, 0xc2, 0x0c, 0x19, 0xc0, 0x64, 0x9c,
+    0x44, 0x02, 0x21, 0x25, 0x65, 0x02, 0x23, 0x86, 0x1a, 0x12,
+    0x70, 0x51, 0x24, 0x91, 0x09, 0x08, 0x44, 0x09, 0x35, 0x66,
+    0x91, 0x04, 0x12, 0x43, 0x42, 0x8d, 0x22, 0xa0, 0x70, 0x14,
+    0x91, 0x25, 0xa0, 0x00, 0x80, 0xe4, 0x00, 0x90, 0x44, 0xb2,
+    0x61, 0x14, 0x20, 0x6e, 0xca, 0x14, 0x0d, 0x23, 0x85, 0x68,
+    0xda, 0x40, 0x92, 0x0b, 0xb1, 0x20, 0x92, 0x04, 0x46, 0xc0,
+    0x08, 0x8a, 0x40, 0xc4, 0x4d, 0x0c, 0x17, 0x45, 0xd3, 0x18,
+    0x52, 0x1b, 0x46, 0x24, 0xc2, 0x24, 0x71, 0x83, 0x10, 0x80,
+    0xc8, 0x82, 0x68, 0xc2, 0x96, 0x81, 0x0a, 0x01, 0x92, 0x60,
+    0xb4, 0x84, 0x09, 0xc6, 0x00, 0x04, 0x37, 0x90, 0x0b, 0xa0,
+    0x28, 0x12, 0x27, 0x09, 0x94, 0x80, 0x50, 0xd8, 0x04, 0x86,
+    0x08, 0x13, 0x8a, 0x4a, 0x06, 0x89, 0x9b, 0xc4, 0x60, 0xe3,
+    0xa2, 0x20, 0xe0, 0x38, 0x21, 0x22, 0xb4, 0x68, 0x0a, 0xa1,
+    0x0c, 0x01, 0x24, 0x32, 0x4c, 0x48, 0x30, 0xa2, 0x80, 0x8d,
+    0x58, 0x44, 0x10, 0xc8, 0x94, 0x6d, 0x21, 0xc3, 0x61, 0xcb,
+    0x98, 0x24, 0xdc, 0x38, 0x11, 0xc9, 0x18, 0x11, 0x20, 0x01,
+    0x50, 0x1c, 0x34, 0x8d, 0x02, 0x03, 0x09, 0x0a, 0x40, 0x61,
+    0xd4, 0xb8, 0x84, 0x9c, 0xc2, 0x09, 0x04, 0xb1, 0x89, 0x83,
+    0x86, 0x84, 0x19, 0x83, 0x0c, 0x5a, 0x86, 0x89, 0x10, 0x21,
+    0x0d, 0xd1, 0xc2, 0x80, 0x18, 0x29, 0x2a, 0x0c, 0x01, 0x50,
+    0x89, 0x88, 0x48, 0x03, 0xa7, 0x85, 0x21, 0x92, 0x64, 0xc4,
+    0x16, 0x81, 0x94, 0x06, 0x6c, 0x53, 0x26, 0x12, 0x90, 0xb6,
+    0x21, 0x0b, 0xa8, 0x64, 0x43, 0x96, 0x84, 0x41, 0x88, 0x70,
+    0xe3, 0xa6, 0x44, 0x12, 0xc0, 0x09, 0x01, 0xc7, 0x60, 0xc3,
+    0x20, 0x42, 0xc3, 0x40, 0x68, 0x10, 0xa6, 0x51, 0xa4, 0xa0,
+    0x71, 0x54, 0x98, 0x04, 0x88, 0xb2, 0x00, 0x54, 0x18, 0x6a,
+    0x48, 0x98, 0x20, 0x21, 0xb2, 0x8d, 0x82, 0x20, 0x81, 0x99,
+    0x16, 0x81, 0x0a, 0xc5, 0x88, 0x0a, 0x23, 0x11, 0x8a, 0x16,
+    0x44, 0x24, 0xc9, 0x29, 0x59, 0x08, 0x91, 0x1c, 0x29, 0x05,
+    0x14, 0xc9, 0x44, 0xe3, 0x20, 0x10, 0x1b, 0xa1, 0x64, 0x82,
+    0xa2, 0x90, 0x00, 0x00, 0x82, 0x98, 0xb2, 0x85, 0xc8, 0x04,
+    0x28, 0xc8, 0xb2, 0x65, 0xc9, 0xc6, 0x88, 0xcc, 0x08, 0x91,
+    0x84, 0x08, 0x30, 0x94, 0x94, 0x8d, 0xc0, 0x18, 0x46, 0x82,
+    0x36, 0x4c, 0x83, 0x10, 0x72, 0x23, 0xb1, 0x88, 0x81, 0x20,
+    0x8e, 0x19, 0x03, 0x8a, 0x94, 0x46, 0x22, 0x21, 0x35, 0x8e,
+    0x04, 0xc0, 0x88, 0x5b, 0xb6, 0x09, 0x0a, 0x18, 0x44, 0x21,
+    0x90, 0x65, 0x03, 0xb2, 0x21, 0xc4, 0x10, 0x50, 0xc1, 0x80,
+    0x0c, 0x09, 0x40, 0x49, 0xe4, 0xa8, 0x8c, 0xa4, 0x36, 0x61,
+    0x59, 0x12, 0x86, 0x20, 0x08, 0x2d, 0x10, 0x19, 0x85, 0xe4,
+    0x34, 0x60, 0xc4, 0xb6, 0x60, 0x00, 0x18, 0x06, 0x8c, 0xb8,
+    0x45, 0x19, 0x13, 0x4a, 0x53, 0xc4, 0x40, 0xc9, 0x38, 0x71,
+    0xd9, 0x48, 0x10, 0x59, 0x08, 0x02, 0x02, 0x10, 0x69, 0x53,
+    0x28, 0x80, 0x22, 0x81, 0x4c, 0xc9, 0x16, 0x26, 0xa1, 0x48,
+    0x64, 0x19, 0x21, 0x11, 0x1c, 0x37, 0x88, 0x4b, 0x94, 0x2c,
+    0x48, 0xc8, 0x6c, 0x63, 0x88, 0x65, 0x81, 0x40, 0x61, 0xa1,
+    0x44, 0x31, 0x82, 0x18, 0x08, 0x80, 0x00, 0x26, 0x50, 0x14,
+    0x49, 0xa1, 0x32, 0x50, 0x02, 0xc8, 0x45, 0x0c, 0x07, 0x24,
+    0x13, 0x01, 0x6d, 0x0a, 0xb3, 0x90, 0x64, 0x30, 0x85, 0x21,
+    0x09, 0x61, 0x44, 0x44, 0x72, 0x08, 0x32, 0x06, 0xe1, 0xa2,
+    0x21, 0xdb, 0xa4, 0x09, 0x5a, 0xb4, 0x71, 0x43, 0xb2, 0x09,
+    0x82, 0xc4, 0x64, 0x88, 0xa0, 0x91, 0xca, 0x14, 0x90, 0xa4,
+    0xa8, 0x41, 0xc1, 0x38, 0x85, 0x12, 0x32, 0x60, 0x1a, 0x11,
+    0x72, 0x53, 0x32, 0x2c, 0xe3, 0x08, 0x4d, 0x24, 0xc6, 0x28,
+    0x0a, 0x03, 0x8c, 0x88, 0x06, 0x05, 0xa0, 0xa8, 0x05, 0x84,
+    0xa2, 0x4c, 0x80, 0x40, 0x62, 0xda, 0x24, 0x81, 0x9a, 0x16,
+    0x91, 0x24, 0x81, 0x04, 0xa4, 0x46, 0x51, 0xc2, 0xa8, 0x25,
+    0x20, 0x28, 0x42, 0x13, 0x46, 0x2c, 0x63, 0x42, 0x72, 0x03,
+    0x88, 0x28, 0xa3, 0x22, 0x24, 0x1a, 0x02, 0x26, 0x42, 0xa2,
+    0x11, 0x11, 0xb0, 0x51, 0x92, 0xb4, 0x6c, 0xe2, 0x32, 0x85,
+    0x10, 0xc2, 0x41, 0xc1, 0x40, 0x46, 0x4c, 0x26, 0x01, 0x1c,
+    0x35, 0x02, 0x0c, 0x14, 0x0c, 0x18, 0x81, 0x00, 0x10, 0x26,
+    0x02, 0xc8, 0x32, 0x8c, 0xe4, 0x02, 0x68, 0xcc, 0x14, 0x2e,
+    0x89, 0x38, 0x60, 0x10, 0x12, 0x24, 0x93, 0x42, 0x65, 0xe3,
+    0x24, 0x29, 0x08, 0x80, 0x41, 0x09, 0x29, 0x46, 0x5b, 0x26,
+    0x49, 0x5b, 0x30, 0x80, 0x03, 0xc1, 0x2c, 0x04, 0x09, 0x82,
+    0x4c, 0x48, 0x2d, 0x1c, 0x36, 0x4d, 0xdb, 0x02, 0x86, 0x21,
+    0xb5, 0x51, 0x81, 0x80, 0x2d, 0xcb, 0x20, 0x81, 0x5b, 0x34,
+    0x41, 0x89, 0x36, 0x48, 0x44, 0xa0, 0x05, 0x59, 0xb6, 0x64,
+    0x12, 0x45, 0x21, 0x20, 0x31, 0x51, 0x0a, 0xc3, 0x8c, 0x14,
+    0x48, 0x71, 0x18, 0x35, 0x24, 0x20, 0x45, 0x05, 0x88, 0x20,
+    0x09, 0x08, 0xb1, 0x29, 0x18, 0xa0, 0x09, 0x4a, 0x00, 0x8a,
+    0xe2, 0xb8, 0x45, 0x02, 0x27, 0x89, 0xd8, 0x10, 0x25, 0x51,
+    0x82, 0x8c, 0x13, 0x92, 0x30, 0x1c, 0x24, 0x8e, 0x1c, 0x93,
+    0x4d, 0xa3, 0x48, 0x51, 0x93, 0xa8, 0x69, 0xe2, 0x04, 0x89,
+    0x13, 0x13, 0x61, 0xcb, 0x98, 0x8c, 0x09, 0x21, 0x62, 0x4b,
+    0x14, 0x4e, 0x11, 0xa3, 0x09, 0x98, 0x40, 0x42, 0x91, 0x12,
+    0x08, 0x80, 0x84, 0x2d, 0xc0, 0x12, 0x60, 0x03, 0xa4, 0x29,
+    0x18, 0x80, 0x01, 0x94, 0x44, 0x8a, 0x12, 0x11, 0x72, 0xc4,
+    0x22, 0x32, 0x9a, 0x46, 0x88, 0x1b, 0x16, 0x4d, 0x4b, 0x08,
+    0x11, 0x02, 0x48, 0x45, 0x81, 0xa4, 0x64, 0xe1, 0x88, 0x0c,
+    0x63, 0x10, 0x70, 0x48, 0x98, 0x05, 0x9b, 0xb8, 0x84, 0x03,
+    0x14, 0x05, 0x44, 0x86, 0x0c, 0x20, 0x11, 0x68, 0xbe, 0x71,
+    0x83, 0xc2, 0x69, 0xde, 0x49, 0xad, 0xb4, 0xdb, 0x93, 0xcb,
+    0x20, 0x2b, 0xbd, 0x95, 0x97, 0x57, 0x7e, 0xcb, 0xbc, 0x73,
+    0xb6, 0x3d, 0x16, 0x4a, 0x0e, 0xe4, 0x9c, 0x81, 0xb1, 0x5d,
+    0x27, 0x64, 0xa2, 0x14, 0x12, 0x1b, 0x8e, 0xd0, 0xd8, 0x38,
+    0xf6, 0xc7, 0xbb, 0x9f, 0x77, 0x3c, 0x62, 0x04, 0x92, 0xe1,
+    0x97, 0xaf, 0x24, 0xa7, 0xf9, 0xf0, 0x8d, 0x3a, 0xbf, 0x5d,
+    0xab, 0x5c, 0x97, 0x0f, 0xfc, 0x35, 0xbc, 0x62, 0xd8, 0x42,
+    0xfd, 0xc7, 0x8b, 0xf7, 0x80, 0xd1, 0x38, 0x68, 0x14, 0x5e,
+    0x4f, 0x99, 0x31, 0xc7, 0xaf, 0xbd, 0x27, 0xce, 0x1c, 0x5b,
+    0x09, 0x1b, 0xcf, 0xbb, 0xfb, 0xf9, 0xf4, 0x90, 0x4c, 0xc1,
+    0xa2, 0x12, 0xf9, 0xd0, 0xa5, 0x2c, 0xfd, 0x7b, 0x55, 0xb0,
+    0xb1, 0xc6, 0x42, 0xe6, 0xeb, 0x10, 0x5e, 0xe9, 0x00, 0xe8,
+    0x46, 0xe4, 0xe0, 0x8b, 0x21, 0xbc, 0xb1, 0xa9, 0x9e, 0x75,
+    0x66, 0xf0, 0xb8, 0x87, 0xb9, 0x11, 0x7e, 0x28, 0x6c, 0x4d,
+    0x58, 0xcd, 0x54, 0x71, 0x0c, 0x6a, 0xcc, 0xfb, 0x52, 0xc2,
+    0x5b, 0xcc, 0x19, 0x67, 0x4f, 0xc2, 0x2f, 0x09, 0x62, 0x51,
+    0x82, 0xeb, 0x9b, 0x94, 0x11, 0xb4, 0x5a, 0x67, 0x7f, 0x58,
+    0x18, 0xb2, 0x3f, 0x37, 0x1f, 0x94, 0x44, 0x73, 0x6a, 0x02,
+    0xf5, 0xfb, 0x5b, 0x03, 0xac, 0x5d, 0xc6, 0xa9, 0x79, 0x8f,
+    0x0f, 0x50, 0xa0, 0x57, 0x46, 0x05, 0x6d, 0x58, 0xde, 0x6e,
+    0x8d, 0x9c, 0x0e, 0x6a, 0xb5, 0x9b, 0x1b, 0x22, 0x74, 0xad,
+    0x00, 0x55, 0x27, 0x46, 0xce, 0xbb, 0x82, 0x77, 0x4e, 0x6e,
+    0x59, 0x38, 0x26, 0xb3, 0xc7, 0xbc, 0x97, 0x54, 0x83, 0x69,
+    0x1f, 0x3e, 0xbd, 0x0f, 0xff, 0x2f, 0xca, 0xb9, 0xea, 0x91,
+    0x26, 0x8e, 0x0a, 0x78, 0x25, 0xf6, 0x6b, 0x11, 0x30, 0xd7,
+    0xe2, 0xf4, 0x2b, 0xda, 0xcf, 0xe1, 0x4a, 0x47, 0xab, 0x5f,
+    0x54, 0x34, 0x38, 0xac, 0xd1, 0xbf, 0x45, 0xad, 0x4b, 0x52,
+    0x0f, 0x4c, 0xa2, 0xac, 0x22, 0x7c, 0xb6, 0xed, 0x7f, 0xd5,
+    0x63, 0x3b, 0x1a, 0x3b, 0xf2, 0x3d, 0x9b, 0x96, 0x92, 0x08,
+    0xb9, 0x95, 0x13, 0xaf, 0x20, 0x26, 0x8b, 0x15, 0x97, 0x89,
+    0xa5, 0x88, 0x8f, 0x78, 0xb4, 0x57, 0x9d, 0x51, 0x96, 0x9c,
+    0x98, 0x93, 0xd5, 0x83, 0xf9, 0xff, 0x94, 0x29, 0x1e, 0xa5,
+    0x28, 0xa4, 0x0c, 0x22, 0xab, 0xbc, 0x70, 0x48, 0xa2, 0x16,
+    0x1c, 0xa4, 0xba, 0x8b, 0xfe, 0xb2, 0xa9, 0x03, 0x96, 0x5f,
+    0xb4, 0x84, 0x8e, 0xb4, 0xbb, 0x7b, 0x11, 0xc5, 0xc2, 0xdb,
+    0xe3, 0x88, 0xb5, 0xd3, 0xac, 0x07, 0x33, 0x53, 0xe8, 0x10,
+    0x9e, 0xc5, 0x81, 0xb0, 0x77, 0x2f, 0x4f, 0x6d, 0x0d, 0x89,
+    0xb4, 0x04, 0x98, 0x05, 0xe6, 0xd3, 0x36, 0x97, 0xcd, 0x3e,
+    0x4d, 0xc6, 0x21, 0xe4, 0x0b, 0xcf, 0xed, 0xa7, 0x4d, 0xd9,
+    0xd3, 0x25, 0xec, 0xec, 0x47, 0xfd, 0x06, 0x92, 0x77, 0x25,
+    0x3c, 0x44, 0xe6, 0x5d, 0xb4, 0x35, 0x2b, 0x5d, 0x05, 0x65,
+    0x63, 0x0b, 0xd9, 0xb8, 0x28, 0xdf, 0xdd, 0xfd, 0x64, 0x18,
+    0x42, 0x19, 0x7f, 0x12, 0x78, 0xdd, 0xf0, 0x64, 0xd6, 0x99,
+    0xb8, 0x74, 0x81, 0xe2, 0xb9, 0xc8, 0x67, 0x6d, 0x31, 0x22,
+    0xa5, 0x68, 0xa1, 0x8d, 0x3e, 0x49, 0xbe, 0x10, 0x68, 0xa8,
+    0x74, 0x1d, 0x18, 0xcf, 0x00, 0xe1, 0x4f, 0x77, 0xd8, 0xc6,
+    0xe3, 0x08, 0xbb, 0x4c, 0xed, 0xff, 0xd9, 0x9b, 0xb0, 0xd1,
+    0x50, 0xbb, 0x8b, 0x91, 0xcd, 0x5f, 0x2a, 0xfb, 0x8f, 0x4d,
+    0x3c, 0x98, 0xba, 0xd7, 0x98, 0x99, 0xa7, 0x22, 0x14, 0xd7,
+    0x94, 0xb5, 0xb8, 0xa4, 0x52, 0x31, 0xa7, 0xa1, 0xa4, 0x28,
+    0xee, 0x31, 0xb5, 0xd0, 0xc1, 0x07, 0x05, 0x16, 0x1d, 0x53,
+    0x45, 0x62, 0x23, 0x05, 0x44, 0xb6, 0x4f, 0x92, 0x03, 0x53,
+    0x9a, 0x71, 0x56, 0xae, 0x16, 0x81, 0xb4, 0xc9, 0x98, 0xf4,
+    0x7f, 0x11, 0x37, 0xc2, 0xc8, 0xf2, 0xe4, 0x48, 0xe3, 0xcc,
+    0xf1, 0xe3, 0x3d, 0x8e, 0x13, 0x5b, 0x25, 0xad, 0xce, 0x6f,
+    0xed, 0x60, 0x4f, 0x7d, 0x51, 0xe1, 0xd0, 0x74, 0xf4, 0xed,
+    0xf3, 0x84, 0xa6, 0x0e, 0xba, 0xb4, 0x8e, 0x5a, 0xb9, 0x12,
+    0x70, 0x43, 0x4c, 0xb5, 0xa5, 0x1e, 0x86, 0xa5, 0xe3, 0x4d,
+    0x76, 0x95, 0xce, 0x2c, 0x53, 0x3a, 0x4e, 0x3f, 0x47, 0x73,
+    0x85, 0x88, 0xd9, 0x39, 0x21, 0x83, 0x24, 0x68, 0x6a, 0x1e,
+    0x77, 0xdf, 0x59, 0xc5, 0x1b, 0xe2, 0xb1, 0x47, 0x9d, 0xee,
+    0x45, 0x1e, 0xc6, 0xd4, 0x43, 0xe2, 0xc7, 0x1c, 0x98, 0x84,
+    0xe0, 0x39, 0xe9, 0x9f, 0xa0, 0xa2, 0x24, 0x4a, 0x88, 0x46,
+    0xf3, 0x50, 0x52, 0xb5, 0xae, 0x37, 0x5c, 0xa1, 0x7d, 0xad,
+    0x7c, 0x30, 0x3e, 0xcd, 0x80, 0x1c, 0xac, 0xf4, 0xe6, 0xb5,
+    0x9f, 0x22, 0xb6, 0xfb, 0x0e, 0x6d, 0x80, 0x10, 0xf7, 0x3f,
+    0xdd, 0x5b, 0xd9, 0xd4, 0x03, 0x14, 0x41, 0x90, 0x88, 0xa8,
+    0xcf, 0x50, 0xa2, 0xf2, 0x7e, 0xf0, 0x0a, 0x7f, 0xed, 0x77,
+    0x09, 0x48, 0x32, 0x55, 0xe9, 0x93, 0xe7, 0x27, 0x18, 0x46,
+    0x17, 0x03, 0x25, 0x8e, 0x17, 0x5d, 0xe8, 0x9e, 0xb1, 0xb4,
+    0x9d, 0x1a, 0x5e, 0xbe, 0xa8, 0xb8, 0x45, 0x30, 0xc6, 0xa5,
+    0xb4, 0xaf, 0xf3, 0x0d, 0x91, 0x9c, 0xa9, 0x5b, 0x4c, 0xbb,
+    0x19, 0x19, 0x39, 0x51, 0x36, 0x80, 0xf7, 0x10, 0xf7, 0x73,
+    0x49, 0x17, 0xec, 0xbc, 0x92, 0x08, 0x21, 0xb1, 0x0c, 0x23,
+    0xc4, 0xd6, 0xd2, 0xb3, 0xfd, 0xae, 0xe7, 0x71, 0xf3, 0x50,
+    0x11, 0x27, 0x1a, 0x85, 0xf0, 0xab, 0xd8, 0x16, 0x64, 0xcb,
+    0xad, 0xbb, 0xae, 0x54, 0x37, 0xa3, 0xa8, 0xf4, 0x09, 0x67,
+    0x54, 0x61, 0x86, 0x0f, 0x0e, 0x25, 0x0d, 0xda, 0x4a, 0xc7,
+    0xe7, 0x02, 0x80, 0x6b, 0x59, 0xd2, 0xc8, 0x88, 0x4d, 0x7d,
+    0xfd, 0x3d, 0x48, 0x04, 0x6d, 0x95, 0xdf, 0xc2, 0x8b, 0x23,
+    0x70, 0x4a, 0xf5, 0xdc, 0xc9, 0x24, 0x8d, 0x7e, 0x52, 0x22,
+    0x7e, 0x9c, 0x5c, 0x32, 0xa5, 0xd5, 0xf2, 0x11, 0x08, 0xa0,
+    0xd4, 0xa2, 0xd8, 0xdb, 0x1d, 0x9f, 0x1b, 0x54, 0x8f, 0xb5,
+    0xf6, 0x71, 0x71, 0x49, 0xbc, 0x38, 0x09, 0xb6, 0x24, 0x94,
+    0x80, 0x1f, 0x2d, 0x0c, 0xc7, 0xe4, 0xd6, 0xcd, 0xab, 0x53,
+    0x79, 0x28, 0xed, 0x48, 0x23, 0x14, 0x2f, 0x0b, 0x3a, 0xd0,
+    0xa7, 0x08, 0xe1, 0xfd, 0x1e, 0xb6, 0xdd, 0x12, 0x93, 0x2d,
+    0x95, 0x06, 0xba, 0x95, 0xcb, 0x1a, 0xed, 0xfb, 0x60, 0xe7,
+    0xf1, 0x1c, 0xad, 0xc3, 0xea, 0x8d, 0x3c, 0x53, 0x32, 0xb5,
+    0x38, 0x26, 0xdd, 0x39, 0xf0, 0x39, 0x4e, 0x6f, 0x3e, 0xa9,
+    0xea, 0x25, 0x29, 0xb8, 0x6c, 0x7d, 0x0a, 0x91, 0xd4, 0xb9,
+    0x7b, 0x67, 0xe4, 0xe5, 0x63, 0xd7, 0x6b, 0x03, 0xa5, 0xd7,
+    0xe8, 0xd2, 0xc0, 0x34, 0x53, 0xa6, 0x16, 0x21, 0x2a, 0x2a,
+    0x09, 0xd3, 0xad, 0xa1, 0x2c, 0x6a, 0x88, 0x2d, 0x90, 0x06,
+    0xba, 0x0b, 0xaa, 0xd1, 0xdb, 0xa4, 0xd0, 0x49, 0x0f, 0x42,
+    0xe1, 0xca, 0xf0, 0x69, 0x15, 0x63, 0xcb, 0x0b, 0x4c, 0x2e,
+    0x99, 0x20, 0x44, 0xe3, 0x6e, 0x32, 0x8a, 0xa1, 0x5c, 0x5b,
+    0x03, 0xeb, 0xb5, 0x05, 0xff, 0x1a, 0x76, 0x38, 0x1c, 0xb0,
+    0x74, 0xf1, 0x5a, 0x0d, 0x8a, 0xd2, 0x4e, 0x38, 0x11, 0x86,
+    0xb0, 0x2d, 0xd3, 0x88, 0xe2, 0x0f, 0x51, 0x68, 0xb9, 0x79,
+    0x96, 0x50, 0x95, 0xdc, 0x69, 0xcb, 0xa6, 0x25, 0x4a, 0xdf,
+    0xa1, 0x39, 0x13, 0x47, 0x0a, 0xf0, 0xeb, 0xcb, 0x14, 0x01,
+    0x28, 0x9c, 0x0f, 0xe2, 0x62, 0xca, 0xb5, 0x40, 0x51, 0x45,
+    0x8e, 0x18, 0x88, 0xc9, 0x58, 0xaf, 0xb3, 0x48, 0xd5, 0x20,
+    0xe8, 0xd8, 0x5b, 0xa2, 0x98, 0x74, 0x25, 0xfa, 0x25, 0x19,
+    0x82, 0x22, 0xfa, 0x82, 0x7c, 0x38, 0x8d, 0x62, 0x86, 0x01,
+    0x63, 0x20, 0x36, 0x8e, 0xaf, 0x15, 0x8a, 0x74, 0x1e, 0xfd,
+    0x7f, 0xbe, 0x60, 0xc3, 0x65, 0x31, 0xce, 0xdb, 0x92, 0xb9,
+    0x13, 0x2a, 0x78, 0xa9, 0xfc, 0x6a, 0x7b, 0x18, 0xec, 0x0c,
+    0x7b, 0x4c, 0x86, 0xaf, 0xea, 0x6d, 0x52, 0x09, 0x76, 0x52,
+    0x87, 0x8a, 0x0b, 0x2a, 0xf3, 0x93, 0x35, 0x92, 0x8b, 0x60,
+    0x42, 0x2e, 0x12, 0xa9, 0xf7, 0x7c, 0x61, 0x5c, 0x8f, 0xc0,
+    0xaa, 0x6e, 0x6a, 0xf6, 0x48, 0x48, 0xc6, 0x3e, 0xe0, 0x1d,
+    0xb4, 0xfb, 0xc4, 0xd8, 0x01, 0xb8, 0xf2, 0xf4, 0xdf, 0xc1,
+    0xba, 0xb5, 0xf2, 0x27, 0x3f, 0xdb, 0x78, 0x62, 0x1c, 0x0a,
+    0xbe, 0xdb, 0xdd, 0x3c, 0x0c, 0x29, 0x85, 0xf1, 0x44, 0x5f,
+    0x2b, 0x43, 0x80, 0x57, 0xa7, 0x5a, 0x4d, 0x1b, 0xbe, 0x03,
+    0xe7, 0x55, 0x7b, 0x91, 0x9d, 0x4c, 0x8b, 0xd7, 0xfd, 0xde,
+    0x65, 0x7e, 0xa8, 0x48, 0xbb, 0xa9, 0x96, 0x06, 0x7f, 0xc0,
+    0x6c, 0xed, 0x87, 0x53, 0x77, 0xb4, 0x5a, 0x7c, 0xbb, 0xce,
+    0xcf, 0x01, 0x08, 0x45, 0x61, 0xc1, 0x28, 0xb6, 0xf2, 0xb4,
+    0x5b, 0x6b, 0x84, 0xfe, 0x18, 0x09, 0x39, 0xc1, 0xc8, 0x96,
+    0x36, 0x6e, 0xba, 0x7e, 0x48, 0x12, 0xe6, 0xdc, 0x22, 0x48,
+    0x17, 0x0b, 0xbd, 0x92, 0x64, 0xfa, 0xc9, 0x9b, 0x07, 0xda,
+    0xed, 0x04, 0x68, 0x42, 0x15, 0x8c, 0xf9, 0xd8, 0xc3, 0x0d,
+    0x21, 0x9d, 0x96, 0xbc, 0xc3, 0x07, 0x1a, 0x2c, 0x59, 0x3f,
+    0x1a, 0x83, 0x43, 0xf0, 0xe0, 0xde, 0xe3, 0x40, 0x8e, 0x04,
+    0x66, 0x3c, 0x87, 0x1e, 0xfa, 0x7b, 0x8a, 0x7b, 0xd2, 0x9e,
+    0x15, 0xf5, 0xec, 0x3c, 0x72, 0x7e, 0x2d, 0x19, 0xf8, 0xfd,
+    0xf0, 0x28, 0x71, 0x8a, 0xf5, 0xcb, 0x4c, 0x61, 0x5f, 0x85,
+    0xe0, 0x6f, 0xb8, 0xf3, 0x17, 0x10, 0xcb, 0x44, 0x45, 0x8c,
+    0x96, 0x08, 0xa1, 0xf1, 0x48, 0xa4, 0x1d, 0xea, 0x35, 0x2f,
+    0x82, 0x2b, 0xc2, 0x0b, 0xef, 0x73, 0xe1, 0xc2, 0x35, 0xdb,
+    0xe7, 0x68, 0xfd, 0xb0, 0xe8, 0x7b, 0x2d, 0x0f, 0xfd, 0x53,
+    0x1b, 0xb8, 0x36, 0x54, 0xd6, 0x43, 0x30, 0xcf, 0x83, 0xb0,
+    0x18, 0xda, 0x9b, 0x86, 0x82, 0xfa, 0xe6, 0x37, 0x5b, 0x9e,
+    0xa4, 0xdb, 0x7c, 0x59, 0x25, 0x59, 0xc6, 0x46, 0x36, 0x72,
+    0xc5, 0x72, 0xd8, 0x2f, 0x26, 0xe2, 0xee, 0xe3, 0xcb, 0xe5,
+    0x33, 0x1f, 0x18, 0x2e, 0x16, 0xce, 0xd2, 0x9c, 0x89, 0x6e,
+    0xd5, 0x21, 0xfa, 0x58, 0x83, 0xa9, 0x4c, 0x69, 0x97, 0x7d,
+    0xae, 0x1f, 0x65, 0xd5, 0xdb, 0xf0, 0xfe, 0xd5, 0x32, 0xb1,
+    0x50, 0x72, 0xdf, 0x2b, 0xe2, 0xc1, 0xe6, 0x2e, 0x8b, 0x87,
+    0xa8, 0x4e, 0x84, 0xbe, 0xc9, 0x27, 0xb5, 0x74, 0x7e, 0x13,
+    0x17, 0x57, 0x9c, 0xc6, 0xd3, 0x9f, 0xcd, 0x86, 0x50, 0x4b,
+    0x6c, 0x50, 0xa2, 0xba, 0xfe, 0xf6, 0xd5, 0x85, 0x68, 0x31,
+    0x89, 0xfb, 0xeb, 0xfe, 0x92, 0xb0, 0xd0, 0x4c, 0xbc, 0x65,
+    0x4b, 0x62, 0xe2, 0xdf, 0x88, 0x7e, 0x90, 0xe0, 0xb3, 0xec,
+    0x13, 0x69, 0x33, 0xea, 0x53, 0x69, 0x9a, 0x0b, 0x27, 0xfb,
+    0xca, 0x9f, 0x9e, 0x1f, 0xcf, 0xb1, 0xeb, 0xf4, 0x8f, 0xe2,
+    0x53, 0xc8, 0xe6, 0x51, 0x75, 0xee, 0xb1, 0x34, 0x3e, 0x37,
+    0xdd, 0x2d, 0x3a, 0x72, 0x76, 0x33, 0xc1, 0x27, 0xe7, 0xbd,
+    0xc1, 0x7f, 0xcb, 0x53, 0x5d, 0xdf, 0xc4, 0x1f, 0x36, 0xdb,
+    0x6a, 0x91, 0x1f, 0x6a, 0xa5, 0xc6, 0xe2, 0x37, 0x68, 0x1a,
+    0x7d, 0xf7, 0xed, 0x2a, 0xc7, 0x99, 0x5e, 0xbd, 0x59, 0x57,
+    0x09, 0x22, 0x7e, 0x9c, 0xbd, 0x8e, 0xad, 0xbe, 0xee, 0xa5,
+    0x2a, 0xe3, 0x9f, 0xff, 0x14, 0xda, 0xba, 0x90, 0x37, 0xba,
+    0x3a, 0x42, 0xcd, 0x4a, 0x28, 0x47, 0x27, 0x58, 0x7a, 0x33,
+    0x93, 0x77, 0x83, 0x29, 0xab, 0x47, 0x19, 0x43, 0x00, 0x6f,
+    0xe7, 0x77, 0xc1, 0xaa, 0xd6, 0xbc, 0xc0, 0x1b, 0xd0, 0xdf,
+    0xf9, 0x40, 0x4d, 0xb2, 0x60, 0xce, 0x59, 0x17, 0x0a, 0xa9,
+    0x14, 0x4e, 0x6a, 0x30, 0x1b, 0x26, 0x68, 0x55, 0x12, 0x19,
+    0x62, 0x85, 0x5d, 0xa6, 0xb4, 0x48, 0x4a, 0xe9, 0xe1, 0x57,
+    0xb1, 0x48, 0xf3, 0x86, 0xd1, 0x50, 0x2e, 0x1d, 0x57, 0xbe,
+    0x09, 0xf8, 0x53, 0x40, 0xd9, 0x55, 0xd9, 0x71, 0x4c, 0xa7,
+    0xdb, 0x61, 0x82, 0x4e, 0x00, 0x58, 0xe4, 0x89, 0xae, 0xa6,
+    0x1a, 0x4b, 0xe3, 0x9d, 0xec, 0x65, 0xee, 0xe1, 0x7b, 0xdb,
+    0x4f, 0x8d, 0xf3, 0xd9, 0x89, 0xaa, 0xd1, 0x31, 0x30, 0xde,
+    0xc3, 0x5c, 0xbc, 0xb9, 0x60, 0x0a, 0xe0, 0x13, 0x14, 0x85,
+    0x08, 0x60, 0xc5, 0x1c, 0xc2, 0x9d, 0x8b, 0x6e, 0xb8, 0x94,
+    0x11, 0x6f, 0xd3, 0xee, 0xfb, 0xf8, 0x15, 0xd8, 0xa4, 0x0b,
+    0x92, 0xdf, 0x7c, 0x9a, 0xa2, 0xec, 0xa3, 0x3d, 0xbc, 0xcd,
+    0xe8, 0xb5, 0xb3, 0xf5, 0xe8, 0xee, 0x2a, 0x57, 0xf7, 0x58,
+    0xc4, 0xaa, 0xeb, 0x33, 0x44, 0x5f, 0x62, 0xbe, 0x90, 0x48,
+    0xe5, 0xcb, 0x6a, 0xcb, 0x55, 0x94, 0x6d, 0xe6, 0x22, 0x03,
+    0xeb, 0xcb, 0x05, 0xb8, 0xb4, 0xa5, 0xbe, 0xec, 0x79, 0x21,
+    0x0d, 0xb3, 0x5c, 0x74, 0x11, 0xcb, 0xb3, 0xa6, 0x06, 0x2f,
+    0x73, 0xd1, 0x14, 0xd9, 0x70, 0x4e, 0xc5, 0xf5, 0xff, 0xfd,
+    0x49, 0x3b, 0xa9, 0x22, 0x80, 0x2a, 0x5e, 0xf9, 0xae, 0xa5,
+    0xd4, 0x3c, 0x74, 0xd7, 0x5a, 0x5d, 0x88, 0x6f, 0x99, 0xe2,
+    0x4c, 0xa3, 0x9b, 0x15, 0xb8, 0xfd, 0x0b, 0x0d, 0x57, 0x03,
+    0xe8, 0xda, 0x78, 0xc4, 0x63, 0x49, 0x48, 0x7a, 0x39, 0xcd,
+    0xfa, 0xad, 0x92, 0x55, 0x4a, 0x0e, 0x68, 0x08, 0xb9, 0x34,
+    0xe0, 0x14, 0x6e, 0x19, 0xed, 0x69, 0x14, 0x7f, 0xc1, 0x7d,
+    0x12, 0xac, 0x5d, 0xf7, 0x62, 0x6f, 0x77, 0x65, 0xa3, 0xc2,
+    0xf9, 0xda, 0x43, 0x9e, 0x6b, 0x82, 0xd9, 0x14, 0x57, 0x02,
+    0x09, 0x9f, 0xa7, 0x15, 0x27, 0xe8, 0xad, 0xa1, 0x73, 0xc7,
+    0xb6, 0x11, 0x4c, 0x5e, 0xf4, 0x1a, 0x0a, 0x97, 0x98, 0x5e,
+    0x29, 0x8a, 0x8b, 0xa5, 0xbd, 0x86, 0x7f, 0x6d, 0x31, 0x72,
+    0x6d, 0xe5, 0xcf, 0x13, 0xff, 0xb9, 0x4e, 0x69, 0x66, 0x37,
+    0x1b, 0xfb, 0xe8, 0xb7, 0x60, 0xfe, 0xbf, 0xaa, 0x06, 0x88,
+    0xa4, 0xa2, 0x0b, 0x33, 0x55, 0xac, 0x61, 0x77, 0x0a, 0x6f,
+    0x1f, 0xaf, 0xd8, 0x9b, 0xc7, 0x26, 0x13, 0xf6, 0xc4, 0xef,
+    0xce, 0x0f, 0x16, 0x86, 0x64, 0x1b, 0xc0, 0x71, 0x35, 0xf9,
+    0x1f, 0xaf, 0xc4, 0x7a, 0xa3, 0x3b, 0x89, 0x40, 0xcb, 0x09,
+    0x11, 0x7b, 0x01, 0x54, 0xd5, 0xd2, 0x2a, 0xc8, 0xfe, 0x0e,
+    0xef, 0x8c, 0xfb, 0x2b, 0x08, 0x12, 0x6d, 0xbb, 0xa8, 0x2e,
+    0x7a, 0x2b, 0xc2, 0x91, 0x2a, 0x76, 0x0b, 0x31, 0x30, 0x4a,
+    0x5b, 0xca, 0x96, 0xc9, 0x89, 0xa0, 0x12, 0x40, 0x76, 0xbe,
+    0xcd, 0x59, 0x5f, 0xc2, 0x7b, 0xaf, 0xf6, 0x29, 0xde, 0xe9,
+    0x24, 0x61, 0x3f, 0x46, 0x78, 0xa7, 0xda, 0x65, 0xb0, 0xb3,
+    0xae, 0xf3, 0x72, 0x6e, 0x37, 0x6e, 0xae, 0xb1, 0x3b, 0xf6,
+    0x60, 0xa1, 0x92, 0x86, 0x9e, 0x97, 0x4f, 0x5e, 0x86, 0x88,
+    0x32, 0x06, 0x7c, 0xe3, 0x37, 0x7e, 0xb1, 0x83, 0xf5, 0x83,
+    0x05, 0x43, 0xb3, 0xe3, 0xa1, 0x68, 0xe5, 0x4c, 0x92, 0x9c,
+    0x61, 0xa3, 0x5d, 0xcf, 0x23, 0xe7, 0xce, 0xf5, 0x7f, 0xbb,
+    0xf7, 0x89, 0x5e, 0xa8, 0xf0, 0xa1, 0xff, 0x1a, 0xaf, 0x15,
+    0xc8, 0x3d, 0x8b, 0xce, 0x06, 0xa4, 0x60, 0xd6, 0x40, 0x19,
+    0x48, 0x33, 0x53, 0x34, 0x9e, 0xd8, 0x75, 0xfc, 0x45, 0x73,
+    0x35, 0x8f, 0x70, 0x04, 0x80, 0xa1, 0xe5, 0xfc, 0x98, 0xb0,
+    0x52, 0x63, 0x41, 0x84, 0x57, 0xa2, 0x85, 0x4e, 0x68, 0x13,
+    0x2d, 0x3e, 0x4b, 0x68, 0x7f, 0x43, 0x04, 0x05, 0x02, 0x5a,
+    0x16, 0x67, 0x5a, 0xc5, 0xea, 0xac, 0x25, 0x61, 0xd4, 0xa4,
+    0xe7, 0xbe, 0x13, 0x95, 0xbd, 0x03, 0xb4, 0x26, 0xe3, 0xbf,
+    0x7e, 0xe5, 0x0b, 0x34, 0xeb, 0x59, 0x5d, 0xd7, 0xdb, 0x1e,
+    0x07, 0xfc, 0x63, 0xab, 0xbb, 0xc6, 0x7a, 0x51, 0x50, 0x59,
+    0x13, 0x4b, 0x27, 0x88, 0x98, 0xdc, 0x01, 0x37, 0xeb, 0x58,
+    0x75, 0xde, 0x5a, 0xa4, 0x6b, 0xdd, 0xba, 0x01, 0x40, 0xf7,
+    0x1c, 0x0a, 0xf3, 0x02, 0x3d, 0x54, 0x64, 0xf2, 0x85, 0x43,
+    0x90, 0xc0, 0x69, 0x18, 0x94, 0x95, 0x6e, 0x57, 0x14, 0xda,
+    0x27, 0x0a, 0x42, 0xb2, 0x5a, 0x78, 0xe4, 0xf1, 0x45, 0x85,
+    0x54, 0xec, 0x44, 0xa0, 0xcb, 0xf4, 0xd1, 0x3a, 0x85, 0x74,
+    0x0f, 0x04, 0x67, 0xf4, 0x42, 0x01, 0xc4, 0x04, 0x66, 0x48,
+    0x6c, 0xbe, 0x84, 0x38, 0x6e, 0xda, 0x23, 0xd0, 0xd1, 0x26,
+    0x94, 0x11, 0x65, 0x2e, 0xc6, 0xd8, 0x6e, 0x25, 0x17, 0x43,
+    0x9f, 0x55, 0x2d, 0x1d, 0x55, 0xa9, 0xdd, 0x3b, 0xc7, 0x09,
+    0xde, 0x26, 0x64, 0xd4, 0x85, 0x21, 0x15, 0x0d, 0x4a, 0x45,
+    0x4d, 0xba, 0x13, 0x9e, 0x3b, 0x5e, 0xc2, 0xf7, 0xc1, 0x34,
+    0xc5, 0x74, 0xd4, 0x95, 0x19, 0x3d, 0x69, 0x9c, 0xae, 0xef,
+    0x13, 0x95, 0x2c, 0x77, 0xdd, 0x64, 0x2c, 0x12, 0x31, 0x7d,
+    0xb5, 0x55, 0xde, 0x69, 0x35, 0x3f, 0x77, 0x72, 0xc6, 0x21,
+    0x22, 0x23, 0x7a, 0x05, 0xbf, 0x92, 0xae, 0x49, 0x7f, 0x74,
+    0x17, 0x97, 0x5f, 0x5b, 0x4d, 0x7d, 0x86, 0x23, 0x04, 0xe0,
+    0xff, 0x10, 0x06, 0xc3, 0xd3, 0x05, 0xde, 0xc4, 0xae, 0xaf,
+    0x3d, 0x2d, 0xaf, 0x3c, 0xaf, 0xd3, 0xd5, 0xfd, 0x84, 0xd8,
+    0x3b, 0x6c, 0x8e, 0x8b, 0x23, 0x8b, 0x16, 0xaa, 0x67, 0xf1,
+    0xde, 0xa4, 0x4b, 0x5a, 0x39, 0x60, 0x73, 0xd2, 0x9f, 0x1f,
+    0x8c, 0xcf, 0xbc, 0xaa, 0x74, 0x9e, 0x8d, 0xfd, 0xc3, 0xb7,
+    0x86, 0xe5, 0xbb, 0x5a, 0x4d, 0x3d, 0xe2, 0xc3, 0x28, 0x78,
+    0x26, 0xd4, 0xb3, 0x45, 0x94, 0xd3, 0x2d, 0xbf, 0x8c, 0x92,
+    0x56, 0x3c, 0x6e, 0xea, 0x53, 0x38, 0x7f, 0x22, 0x67, 0xc9,
+    0xa7, 0x14, 0x20, 0xb9, 0x13, 0xc4, 0xa0, 0x44, 0x83, 0xc4,
+    0x19, 0xca, 0x98, 0x71, 0xc7, 0x13, 0x70, 0x3a, 0xa7, 0xfb,
+    0x9e, 0xc4, 0x94, 0x8c, 0xfd, 0x21, 0x36, 0x88, 0xea, 0x23,
+    0xc7, 0x43, 0x52, 0x9f, 0xf4, 0x9e, 0xb1, 0xb4, 0xd3, 0x20,
+    0x65, 0xd8, 0x18, 0x25, 0x80, 0xb7, 0xe4, 0x5c, 0x96, 0x3a,
+    0xa3, 0xb5, 0x40, 0x63, 0xac, 0x02, 0x34, 0x51, 0xf7, 0x12,
+    0xea, 0x97, 0x9d, 0x3e, 0xe7, 0xcb, 0x88, 0x15, 0xaa, 0xe3,
+    0xfe, 0xe5, 0x42, 0xe5, 0x48, 0xcf, 0xc6, 0x8e, 0x0e, 0xc6,
+    0x48, 0xdb, 0xe5, 0x1e, 0x79, 0x99, 0xed, 0x78, 0xa6, 0x37,
+    0xdd, 0xe3, 0x7b, 0x01, 0xdd, 0x20, 0x63, 0x45, 0x57, 0xd1,
+    0x0f, 0x05, 0x5d, 0x29, 0xad, 0x99, 0x6c, 0x27, 0xa3, 0x0c,
+    0x72, 0x81, 0xb1, 0x26, 0x16, 0xaf, 0x11, 0x65, 0xba, 0x79,
+    0xbc, 0xb8, 0xfe, 0xe7, 0xc5, 0xe6, 0x4c, 0xfa, 0x37, 0xc5,
+    0xe0, 0x2e, 0x4e, 0xef, 0x75, 0xe4, 0x04, 0xaf, 0xfa, 0x41,
+    0x7f, 0x58, 0x2e, 0x8f, 0x95, 0x5f, 0x15, 0x5c, 0x15, 0x23,
+    0x81, 0xb7, 0x2c, 0x81, 0x70, 0xf5, 0xcc, 0x60, 0x09, 0x7e,
+    0xf1, 0x0d, 0x9c, 0x9d, 0xcc, 0xa0, 0x30, 0xa8, 0x82, 0x23,
+    0x5f, 0x94, 0xcb, 0x18, 0xc4, 0x32, 0xe6, 0xab, 0xcd, 0x96,
+    0x9e, 0xab, 0xcd, 0x68, 0x6f, 0x88, 0xb7, 0x72, 0x65, 0xbc,
+    0x1e, 0x05, 0x60, 0xfe, 0x6b, 0x77, 0x2a, 0x11, 0x63, 0x59,
+    0x29, 0xdb, 0xba, 0xe0, 0x50, 0xd5, 0x51, 0x77, 0x16, 0xb8,
+    0xb7, 0xf4, 0xa9, 0xbe, 0xf0, 0xa5, 0xaa, 0x20, 0x50, 0x2e,
+    0x73, 0x21, 0xee, 0x77, 0xa3, 0xc8, 0xbc, 0x0c, 0x16, 0x0f,
+    0x83, 0x7b, 0xaf, 0xbb, 0x91, 0x95, 0xd3, 0x6e, 0xe7, 0x28,
+    0x77, 0x00, 0xbc, 0x83, 0x46, 0xa5, 0x0a, 0x19, 0xe8, 0x10,
+    0xfb, 0x24, 0xeb, 0x27, 0xc2, 0xa3, 0xdd, 0xb8, 0x5b, 0x27,
+    0xb9, 0xbb, 0x49, 0xd9, 0xd0, 0x32, 0x94, 0x48, 0x1b, 0xb8,
+    0xf8, 0xb2, 0x30, 0xf4, 0x1f, 0x3d, 0xbf, 0xe6, 0xf3, 0x34,
+    0xd3, 0x32, 0x85, 0x67, 0x85, 0x13, 0x3e, 0x20, 0xb7, 0xfa,
+    0x74, 0x27, 0x74, 0x8f, 0x55, 0x47, 0x15, 0x91, 0x0b, 0x3f,
+    0xb1, 0x18, 0xe7, 0x11, 0x1e, 0x52, 0xd8, 0xd1, 0x3f, 0xb9,
+    0x5d, 0x4f, 0x88, 0xb9, 0x1e, 0x5a, 0xb6, 0x90, 0x64, 0xad,
+    0x6f, 0x8d, 0x33, 0xb3, 0x57, 0xde, 0x3e, 0x13, 0xb3, 0x9f,
+    0x2d, 0x00, 0xb1, 0x79, 0x84, 0x60, 0x6d, 0x3c, 0x5f, 0xc0,
+    0x34, 0x08, 0x4b, 0x58, 0x33, 0x59, 0xfe, 0xe5, 0xed, 0xd3,
+    0x10, 0xd8, 0xd8, 0x85, 0xc3, 0xc9, 0x71, 0xcf, 0x40, 0x96,
+    0xc0, 0xd5, 0x5e, 0x62, 0xe7, 0xcb, 0x33, 0xee, 0x72, 0xb5,
+    0xb8, 0x6e, 0xea, 0x13, 0xde, 0xeb, 0x82, 0x03, 0x8e, 0x6c,
+    0xb3, 0x67, 0xb1, 0x5f, 0xd4, 0xe1, 0xd9, 0xc2, 0x7a, 0x97,
+    0xbb, 0xd4, 0x5e, 0x0b, 0xfe, 0xc1, 0xb3, 0x1f, 0x2b, 0x1a,
+    0x37, 0x98, 0x26, 0x27, 0xb1, 0xaf, 0x4c, 0x55, 0xe1, 0xae,
+    0x4c, 0x86, 0x80, 0x4b, 0xc5, 0xf2, 0x35, 0x48, 0x81, 0xf7,
+    0x83, 0x75, 0x63, 0x08, 0x0d, 0x77, 0x41, 0x14, 0xbc, 0xf3,
+    0x6e, 0x46, 0xbd, 0x9c, 0x5a, 0x4f, 0x5c, 0x89, 0x26, 0xb6,
+    0x6c, 0xde, 0x0d, 0x15, 0x31, 0xec, 0x7e, 0x13, 0xf2, 0x99,
+    0x74, 0x40, 0x3c, 0xe1, 0xea, 0xa0, 0xc9, 0x99, 0x0a, 0x4b,
+    0x17, 0x74, 0xff, 0x47, 0x15, 0x76, 0x5e, 0x44, 0xa2, 0x1c,
+    0x93, 0xd3, 0xe6, 0xa2, 0x82, 0x0f, 0x7f, 0x55, 0xa8, 0xf3,
+    0x79, 0xc3, 0xa8, 0x9f, 0x37, 0x2b, 0x97, 0x7e, 0x90, 0x71,
+    0xfc, 0xa7, 0xff, 0xc6, 0xc7, 0x93, 0x5c, 0xc9, 0xed, 0x20,
+    0x60, 0xbd, 0x5c, 0x36, 0x05, 0x55, 0x51, 0x55, 0x51, 0x15,
+    0x36, 0x01, 0x17, 0xa9, 0x56, 0x27, 0x44, 0x66, 0xc9, 0x3a,
+    0xb9, 0xbb, 0xee, 0x04, 0xb6, 0x2a, 0xfd, 0x10, 0x9a, 0x46,
+    0xdd, 0x5d, 0x6d, 0xad, 0x21, 0x86, 0x6d, 0x62, 0x8a, 0x4a,
+    0xbc, 0x73, 0xf0, 0x9d, 0x93, 0x0d, 0xf1, 0x62, 0xfa, 0x58,
+    0x64, 0x37, 0x4f, 0x0b, 0xa3, 0xa1, 0x52, 0xce, 0x03, 0xce,
+    0x0f, 0x77, 0x29, 0xad, 0x47, 0x38, 0xca, 0xbc, 0x61, 0xe6,
+    0xad, 0xe4, 0x8b, 0xf1, 0x82, 0xa8, 0xd5, 0xe3, 0x8c, 0xd3,
+    0xa0, 0xc4, 0xc0, 0x5e, 0x3b, 0xa1, 0x66, 0x2a, 0x6e, 0x88,
+    0x24, 0x56, 0xe4, 0x84, 0x0a, 0x36, 0x72, 0xf3, 0x5c, 0x11,
+    0xd9, 0x66, 0xd8, 0x45, 0x5c, 0x83, 0x9e, 0x1c, 0x8c, 0xc6,
+    0xf6, 0x6e, 0x6a, 0xb1, 0x52, 0xed, 0x6c, 0x6a, 0x6d, 0x23,
+    0xb9, 0x0b, 0x66, 0x26, 0x5a, 0x16, 0x16, 0x90, 0x43, 0xb9,
+    0xc3, 0x02, 0xc1, 0x43, 0x93, 0x13, 0x94, 0xfe, 0xc3, 0x59,
+    0x49, 0xbe, 0x1e, 0x26, 0x1b, 0x9d, 0x8e, 0xba, 0xc4, 0x29,
+    0x51, 0x05, 0x28, 0x1f, 0x55, 0x59, 0x1c, 0x3e, 0x25, 0x86,
+    0xcc, 0xc7, 0xd9, 0xd3, 0xa8, 0xe7, 0x10, 0xa0, 0xb6, 0x23,
+    0xb9, 0xaf, 0x00, 0x8b, 0x7d, 0xf1, 0x5b, 0xd6, 0xb7, 0x56,
+    0x44, 0x9b, 0x0a, 0xec, 0xa6, 0x2b, 0xb4, 0x4e, 0x1d, 0x4f,
+    0xc5, 0x0b, 0x45, 0xd2, 0x3a, 0xc5, 0xc0, 0xbf, 0xb9, 0xdd,
+    0x59, 0x21, 0xf2, 0x67, 0x25, 0x88, 0x9b, 0xb6, 0x66, 0x83,
+    0xbf, 0x62, 0xfe, 0x7c, 0xfa, 0x9e, 0x50, 0xed, 0x15, 0x93,
+    0xb6, 0x7a, 0xb0, 0xc4, 0xbe, 0xcf, 0x2a, 0x70, 0x4e, 0x52,
+    0x20, 0xc1, 0x24, 0x08, 0x49, 0xd9, 0x05, 0x04, 0x53, 0x73,
+    0xf3, 0xcf, 0x14, 0x70, 0xac, 0x3c, 0x45, 0x0f, 0x08, 0xa3,
+    0xae, 0x43, 0xe7, 0x7f, 0x1f, 0xe2, 0x14, 0xf1, 0xbb, 0x25,
+    0x20, 0xfd, 0xe4, 0xaf, 0x44, 0x9e, 0x77, 0x88, 0x4d, 0x26,
+    0x09, 0xb1, 0xb0, 0x12, 0xf5, 0xdf, 0x3c, 0x53, 0x48, 0x78,
+    0xb9, 0x60, 0x41, 0xd3, 0x8f, 0x8d, 0x11, 0x63, 0x60, 0x28,
+    0x30, 0x07, 0xa2, 0x14, 0x3b, 0x8c, 0x50, 0xe2, 0xee, 0x73,
+    0x39, 0x66, 0xd1, 0x51, 0x87, 0xac, 0x90, 0x9b, 0x2c, 0x6d,
+    0x8d, 0xd5, 0x75, 0x3f, 0xc6, 0xf1, 0x8f, 0xdf, 0xdb, 0x45,
+    0x38, 0xf8, 0xd6, 0x7e, 0xc7, 0x7c, 0x44, 0x08, 0x4a, 0x14,
+    0xa0, 0x84, 0x7c, 0x8b, 0x88, 0x40, 0x93, 0x89, 0xae, 0x2c,
+    0x20, 0x07, 0x80, 0xec, 0xce, 0x4c, 0x2c, 0x4e, 0x49, 0x79,
+    0x53, 0xe7, 0xde, 0xa2, 0x9e, 0x67, 0x21, 0x53, 0x7c, 0x85,
+    0xe7, 0x6f, 0xbd, 0x93, 0xab, 0x63, 0xba, 0xf0, 0xbd, 0xea,
+    0x39, 0x16, 0x47, 0xbf, 0xe6, 0x0c, 0xcb, 0x63, 0xc7, 0xc5,
+    0xf1, 0xdc, 0x5a, 0x52, 0xcd, 0x4c, 0x53, 0x8b, 0x7e, 0xb1,
+    0xc3, 0x4e, 0xe7, 0x61, 0x25, 0x01, 0xec, 0xae, 0x06, 0x74,
+    0x9f, 0xbc, 0xbb, 0x2a, 0x47, 0x46, 0xe8, 0xae, 0xf2, 0xab,
+    0x15, 0xed, 0xa6, 0x86, 0x8f, 0x2f, 0xe5, 0x67, 0x0f, 0xdd,
+    0xbf, 0x70, 0x53, 0xaa, 0x9b, 0x74,
+};
+static const int sizeof_bench_dilithium_level5_key = sizeof(bench_dilithium_level5_key);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+
+/* raw public key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level5_key.der */
+static const unsigned char bench_dilithium_level5_pubkey[] = {
+    0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
+    0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
+    0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd,
+    0xcc, 0x99, 0x50, 0x5f, 0x2b, 0x16, 0x3a, 0xbb, 0x98, 0xc0,
+    0xa7, 0x69, 0x0e, 0x95, 0x99, 0x0b, 0xa2, 0x6c, 0xfe, 0x6c,
+    0xdb, 0xc8, 0xa7, 0x09, 0x46, 0x6c, 0x90, 0x50, 0xa4, 0x75,
+    0x30, 0xf7, 0x90, 0xac, 0x31, 0xb6, 0xdd, 0x21, 0xaf, 0xc6,
+    0xf9, 0xfe, 0xee, 0xc6, 0x5b, 0xa8, 0x8f, 0x0a, 0x2e, 0xd0,
+    0x42, 0xab, 0xa8, 0x3c, 0x8d, 0xbf, 0xf7, 0x44, 0xbd, 0x0d,
+    0xcf, 0xf4, 0x68, 0xfc, 0x16, 0x67, 0xf7, 0x39, 0x48, 0x5f,
+    0x56, 0xd1, 0xe7, 0x1f, 0x49, 0x80, 0x50, 0xbe, 0x54, 0xd1,
+    0xb7, 0xc9, 0xd2, 0x32, 0xc7, 0x08, 0x8c, 0xde, 0x2c, 0x31,
+    0xf6, 0x1d, 0xc7, 0xac, 0xb3, 0x79, 0xd7, 0x4b, 0x1b, 0x23,
+    0x89, 0x0a, 0xdc, 0x8e, 0x44, 0x41, 0x14, 0x28, 0x99, 0x13,
+    0xb3, 0x26, 0xa6, 0x0e, 0x83, 0x60, 0xaa, 0x8d, 0x7c, 0x23,
+    0x13, 0xba, 0x6c, 0x28, 0x90, 0x56, 0x84, 0xa1, 0x23, 0x8b,
+    0x81, 0x20, 0x97, 0x7c, 0x66, 0x3f, 0xed, 0x5d, 0xd0, 0xe4,
+    0x5d, 0xee, 0x46, 0xbc, 0x4b, 0x3c, 0x03, 0xb5, 0xbc, 0x4d,
+    0x8d, 0x37, 0xa3, 0x56, 0x4b, 0x33, 0xad, 0xef, 0xd4, 0xb6,
+    0xec, 0xdb, 0x04, 0x9a, 0x19, 0x58, 0x57, 0xd8, 0x00, 0x3a,
+    0x92, 0x61, 0x0c, 0x0b, 0xc8, 0x52, 0xe5, 0x04, 0x02, 0x9a,
+    0x00, 0x7e, 0xec, 0x7e, 0x94, 0xaa, 0xef, 0x2d, 0x7f, 0xb6,
+    0x2e, 0x7c, 0xb0, 0x73, 0xa2, 0x20, 0xc0, 0x07, 0x30, 0x41,
+    0x50, 0x20, 0x14, 0x18, 0x21, 0x5e, 0x2a, 0x6f, 0x70, 0x21,
+    0xd6, 0x97, 0x13, 0xb9, 0xc1, 0x9e, 0x90, 0x67, 0xcc, 0x55,
+    0x8a, 0xec, 0xec, 0x0a, 0x1e, 0x90, 0xdc, 0x3f, 0xb0, 0x4d,
+    0xd1, 0x18, 0xea, 0x4f, 0xcb, 0x5d, 0x15, 0x4c, 0xb8, 0x35,
+    0x9b, 0x34, 0x24, 0x30, 0x06, 0x53, 0x17, 0xf0, 0xbe, 0x27,
+    0x36, 0xb3, 0x04, 0x6a, 0xbd, 0xbf, 0xa7, 0x39, 0xee, 0xa9,
+    0x8f, 0x0e, 0x98, 0xc5, 0xf5, 0x9f, 0x46, 0x25, 0x93, 0xc9,
+    0xf2, 0xf6, 0x2b, 0x8e, 0x92, 0x06, 0x01, 0x3d, 0x81, 0x18,
+    0xf2, 0xec, 0xf1, 0x05, 0x4c, 0xad, 0x4b, 0xcb, 0x98, 0xa4,
+    0xb5, 0x61, 0x20, 0xda, 0x81, 0xa1, 0xfb, 0x92, 0x4c, 0xaf,
+    0x87, 0x6f, 0x6e, 0xd2, 0x57, 0xec, 0xcd, 0x94, 0xb3, 0x79,
+    0xbf, 0x59, 0x88, 0x17, 0x81, 0xce, 0x8a, 0x57, 0xce, 0x57,
+    0xae, 0x3e, 0x82, 0x81, 0x2f, 0x83, 0x61, 0xd8, 0xf9, 0x68,
+    0x21, 0xe7, 0x72, 0x5b, 0xd6, 0x80, 0x55, 0x68, 0x5d, 0x67,
+    0x15, 0x0c, 0x8b, 0xdc, 0x4f, 0xc3, 0x89, 0x36, 0x3c, 0xac,
+    0xaf, 0x16, 0x5e, 0x1c, 0xfa, 0x68, 0x74, 0x6a, 0xab, 0x68,
+    0xd8, 0x59, 0x96, 0x2d, 0x33, 0x62, 0xe4, 0xbd, 0xb3, 0xb7,
+    0x4d, 0x88, 0x35, 0xb8, 0xed, 0xb2, 0x16, 0x85, 0x97, 0x08,
+    0x71, 0x71, 0x39, 0x7e, 0x0c, 0x53, 0x16, 0xda, 0x38, 0xe5,
+    0x28, 0x09, 0x9c, 0xd9, 0x46, 0xec, 0x68, 0xda, 0x8d, 0xd0,
+    0xad, 0xb2, 0x79, 0x28, 0x3b, 0x1e, 0x12, 0xc9, 0xdf, 0xa9,
+    0x6d, 0x3d, 0x29, 0x99, 0x2f, 0x53, 0xc2, 0xd0, 0xf9, 0x88,
+    0x26, 0x94, 0x47, 0xaf, 0xf6, 0x96, 0xf3, 0xe1, 0x11, 0xa6,
+    0x82, 0x3d, 0x43, 0x3f, 0x1f, 0xbc, 0xf6, 0x98, 0xbe, 0xff,
+    0x06, 0x86, 0x61, 0x27, 0xdc, 0x91, 0x54, 0xd4, 0xfc, 0x68,
+    0x83, 0xe8, 0x35, 0x3e, 0xee, 0x94, 0x59, 0x28, 0x2f, 0xde,
+    0xdd, 0x03, 0x60, 0x66, 0xc1, 0x49, 0x57, 0xdd, 0xbc, 0xd5,
+    0x0a, 0x67, 0x34, 0xf1, 0xa6, 0x0a, 0x57, 0x94, 0x65, 0x02,
+    0x2c, 0x52, 0x43, 0x70, 0x3b, 0xc1, 0x9a, 0xff, 0xda, 0x6f,
+    0xb9, 0x54, 0x47, 0x01, 0xda, 0x27, 0xe4, 0x48, 0x4a, 0x90,
+    0x9f, 0xb5, 0xc3, 0xee, 0x0e, 0x09, 0x57, 0xfe, 0x48, 0x51,
+    0x08, 0x34, 0x5e, 0x8f, 0x16, 0xc9, 0x0b, 0x74, 0xd9, 0x7d,
+    0x22, 0x3f, 0xd6, 0xb7, 0x5d, 0xd6, 0x76, 0x00, 0x8d, 0x4e,
+    0x78, 0x73, 0x86, 0xd6, 0xdb, 0x2a, 0x65, 0xab, 0xdf, 0xb0,
+    0xea, 0x11, 0xad, 0xdf, 0xba, 0x43, 0xdb, 0xa8, 0x0a, 0xfb,
+    0x04, 0x38, 0x81, 0x2b, 0xa3, 0x29, 0xfc, 0x95, 0x73, 0x9a,
+    0x0c, 0x6c, 0x9e, 0xcd, 0xdc, 0xcf, 0x0a, 0x0c, 0x18, 0x41,
+    0x6f, 0x1d, 0xa3, 0xf6, 0x12, 0x4c, 0x13, 0xf2, 0x02, 0xc6,
+    0x50, 0x99, 0x86, 0x73, 0xa7, 0xf9, 0x7e, 0x84, 0x7f, 0x4c,
+    0x00, 0xce, 0x2e, 0x21, 0x76, 0x8e, 0x17, 0x7a, 0x87, 0x6f,
+    0x81, 0xe6, 0xc0, 0x52, 0xa5, 0xa0, 0x3c, 0x54, 0x3c, 0xec,
+    0xb0, 0x9d, 0x1c, 0x3b, 0xec, 0xe5, 0x4e, 0x4a, 0x37, 0xe7,
+    0xd5, 0xa9, 0x07, 0x87, 0x23, 0x28, 0x5d, 0x3d, 0x22, 0x02,
+    0x79, 0x40, 0x3f, 0x2d, 0x40, 0xc9, 0xe5, 0xa6, 0x9b, 0xa8,
+    0xb8, 0x76, 0xf6, 0x77, 0x5b, 0x8d, 0x72, 0x96, 0x3e, 0x13,
+    0xbf, 0x76, 0xfa, 0x7b, 0xb7, 0x82, 0x5f, 0xe7, 0x9d, 0x54,
+    0x0e, 0x05, 0x1a, 0x9f, 0xa4, 0x42, 0xa5, 0xb4, 0x93, 0x23,
+    0x06, 0x59, 0x43, 0xa8, 0xe8, 0x5c, 0xfc, 0x18, 0x97, 0xdb,
+    0xad, 0x9a, 0x80, 0x0a, 0xf2, 0x20, 0x50, 0xac, 0xc1, 0x13,
+    0x3e, 0x98, 0x09, 0xde, 0xf2, 0x70, 0x9e, 0x14, 0xc2, 0x5c,
+    0xec, 0x65, 0x07, 0x0b, 0xfa, 0x02, 0x5c, 0xf8, 0x71, 0xaa,
+    0x9b, 0x45, 0x62, 0xe2, 0x27, 0xaf, 0x77, 0xf8, 0xe3, 0xeb,
+    0x7b, 0x24, 0x7b, 0x3c, 0x67, 0xc2, 0x6d, 0x6e, 0x17, 0xae,
+    0x6e, 0x86, 0x6f, 0x98, 0xc9, 0xac, 0x13, 0x9f, 0x87, 0x64,
+    0x3d, 0x4d, 0x6f, 0xa0, 0xb3, 0x39, 0xc6, 0x68, 0x1b, 0xa7,
+    0xeb, 0x3e, 0x0f, 0x6b, 0xc7, 0xa4, 0xe2, 0x20, 0x27, 0x75,
+    0x3f, 0x09, 0x16, 0xff, 0x1a, 0xcc, 0xa7, 0xc4, 0x6d, 0xc2,
+    0xfc, 0xc3, 0x0b, 0x37, 0x63, 0xff, 0x9b, 0x10, 0xe6, 0x00,
+    0xf7, 0x18, 0x43, 0x9f, 0x07, 0x50, 0x31, 0x51, 0xd4, 0xfd,
+    0xad, 0xa2, 0x0f, 0x77, 0xda, 0x41, 0xc1, 0x0a, 0x6f, 0x86,
+    0xd7, 0xdc, 0x8a, 0x52, 0xd6, 0xa1, 0x27, 0xdb, 0x14, 0x67,
+    0x26, 0x91, 0xb3, 0xcd, 0x01, 0x5f, 0x60, 0xa1, 0x7f, 0x43,
+    0x15, 0x1a, 0x82, 0x0f, 0xd3, 0x66, 0x5f, 0x60, 0x57, 0x2f,
+    0xb2, 0x8c, 0x27, 0x2a, 0x9d, 0x1b, 0xf9, 0xf2, 0x59, 0x20,
+    0x39, 0xd9, 0xc5, 0xaf, 0xf2, 0x36, 0x8c, 0x58, 0x00, 0x1b,
+    0xd0, 0xc5, 0x8e, 0x1a, 0x49, 0xa8, 0x60, 0xbe, 0xd1, 0xd7,
+    0x2a, 0xb0, 0xc2, 0xab, 0x58, 0x8a, 0x7a, 0xa9, 0x41, 0x68,
+    0x70, 0xbd, 0xea, 0x73, 0xa5, 0x03, 0x11, 0xb2, 0x27, 0xd9,
+    0xcd, 0xf5, 0x09, 0xe8, 0x1c, 0xe2, 0x4f, 0x50, 0x6a, 0x84,
+    0x34, 0x62, 0x2e, 0x36, 0xaa, 0x4c, 0xc1, 0x83, 0x78, 0x98,
+    0x35, 0x7a, 0x27, 0x7e, 0xfe, 0xf1, 0x6f, 0x59, 0x27, 0x35,
+    0x73, 0xce, 0x74, 0xaa, 0xb4, 0x72, 0x82, 0xa8, 0xe2, 0x81,
+    0x7a, 0x6b, 0xca, 0x33, 0xa5, 0xda, 0xa2, 0x63, 0xca, 0x2e,
+    0x90, 0x03, 0x32, 0xec, 0x63, 0xdb, 0x52, 0x7b, 0x16, 0xfc,
+    0x01, 0x2d, 0x30, 0x12, 0x1e, 0xf9, 0xa3, 0x72, 0x21, 0x3c,
+    0x75, 0x0c, 0x61, 0x9c, 0x7e, 0x73, 0x04, 0x71, 0x41, 0x45,
+    0x5d, 0x7f, 0x49, 0x1c, 0x09, 0x08, 0xa4, 0xec, 0x2f, 0xfd,
+    0xc4, 0xfb, 0x59, 0x6a, 0x27, 0x7a, 0xd4, 0xfc, 0x5f, 0x20,
+    0x04, 0x34, 0x7d, 0x08, 0xed, 0x82, 0x5a, 0x90, 0xe1, 0xab,
+    0xfd, 0x35, 0x3a, 0x8d, 0xbb, 0x0a, 0x9d, 0x73, 0xff, 0x69,
+    0xe5, 0xe9, 0x09, 0x55, 0x14, 0xd9, 0x7b, 0x6f, 0x0d, 0x99,
+    0xd2, 0x7e, 0x71, 0xf8, 0x4f, 0x72, 0x2f, 0xbb, 0xc6, 0xc4,
+    0x36, 0xc9, 0x01, 0xd3, 0x9b, 0x94, 0xab, 0x41, 0x0f, 0x4a,
+    0x61, 0x5c, 0x68, 0xe5, 0xd7, 0x0d, 0x94, 0xaa, 0xee, 0xba,
+    0x95, 0xcb, 0x8c, 0x0e, 0x85, 0x3a, 0x02, 0x6b, 0x95, 0x50,
+    0xfd, 0x02, 0xfd, 0xa4, 0x58, 0x29, 0x78, 0x4f, 0xd0, 0xae,
+    0x66, 0xd6, 0x5c, 0xe7, 0x45, 0xfe, 0x98, 0xb0, 0xa3, 0xe2,
+    0x87, 0xc0, 0xd2, 0x81, 0x08, 0xf1, 0xf1, 0xe7, 0xda, 0x62,
+    0x9e, 0xa0, 0x34, 0x86, 0xeb, 0xa1, 0x6e, 0x4a, 0x26, 0x8e,
+    0x39, 0x0c, 0x51, 0x10, 0x33, 0x11, 0x87, 0xf8, 0x79, 0x3c,
+    0x49, 0x7a, 0x8b, 0xce, 0xc1, 0x0a, 0x0e, 0xe1, 0xd5, 0x2a,
+    0xac, 0xf0, 0x3a, 0x1d, 0x6a, 0x6a, 0xe5, 0xe1, 0x81, 0x70,
+    0xad, 0xaf, 0x15, 0x4c, 0x2a, 0x70, 0x2a, 0x6b, 0x22, 0x0d,
+    0x30, 0xe7, 0x56, 0xed, 0x2d, 0x4b, 0x85, 0x17, 0x49, 0x72,
+    0x3a, 0x1b, 0x6f, 0x57, 0x1c, 0xf7, 0x72, 0x9e, 0x20, 0xdb,
+    0x57, 0x1c, 0xfb, 0x36, 0x50, 0x52, 0xec, 0x5b, 0xd6, 0x6a,
+    0x1b, 0xf8, 0x74, 0xad, 0xe6, 0x00, 0x74, 0x04, 0xc5, 0x99,
+    0x83, 0xe4, 0x5a, 0x0c, 0xc3, 0xe8, 0x6d, 0x3a, 0xd7, 0x3c,
+    0x3c, 0xc0, 0x1a, 0x28, 0xb3, 0x29, 0x7a, 0x10, 0x9e, 0x39,
+    0x66, 0x5b, 0xc1, 0x38, 0xac, 0x21, 0x4e, 0xcd, 0x01, 0xf2,
+    0xf6, 0x30, 0x2c, 0x2b, 0xb6, 0xbf, 0xf5, 0xea, 0x61, 0xaf,
+    0x0c, 0xa6, 0x01, 0x11, 0x15, 0x19, 0x09, 0x8c, 0x7e, 0x69,
+    0xdf, 0x3b, 0xea, 0xd3, 0x0a, 0x3a, 0xd7, 0xbd, 0xe1, 0x17,
+    0xaf, 0x92, 0x3c, 0xf5, 0xfe, 0x35, 0xd6, 0xcf, 0x07, 0xa6,
+    0xf7, 0xe9, 0xc1, 0x99, 0xed, 0x80, 0xe3, 0x12, 0xd5, 0x4b,
+    0xb9, 0xdf, 0xaf, 0x4e, 0x52, 0xad, 0x8e, 0x66, 0x87, 0xe5,
+    0x2c, 0xd0, 0x45, 0x70, 0xd9, 0x78, 0x8f, 0x4b, 0xf4, 0xe1,
+    0xf1, 0x22, 0xf2, 0xe3, 0xed, 0x1f, 0xeb, 0xe9, 0x70, 0x31,
+    0x4c, 0x65, 0x5f, 0x55, 0xee, 0x5d, 0xaa, 0x83, 0x87, 0x76,
+    0xbe, 0x11, 0xae, 0xd7, 0xf2, 0xfb, 0x43, 0xe7, 0x17, 0x81,
+    0x33, 0x15, 0x47, 0xa0, 0xf3, 0x8e, 0x84, 0x57, 0xff, 0x35,
+    0x9e, 0x4a, 0x8a, 0xab, 0x50, 0x3a, 0x45, 0xe0, 0xc3, 0x73,
+    0xca, 0x77, 0x61, 0x68, 0x38, 0xd0, 0xa3, 0x5f, 0x03, 0x8d,
+    0x41, 0xc2, 0xd3, 0x4a, 0x17, 0xe0, 0xa8, 0xaa, 0x00, 0xf3,
+    0xf2, 0x5b, 0xa8, 0xe1, 0x06, 0xa6, 0x2b, 0xdb, 0xe1, 0x74,
+    0xbd, 0xc4, 0xd2, 0x2b, 0x55, 0x9a, 0xb0, 0xf8, 0x35, 0xd8,
+    0x6b, 0xec, 0xdb, 0xc5, 0xf4, 0x6c, 0x40, 0x90, 0x6a, 0x68,
+    0xc9, 0xb5, 0xcb, 0xbb, 0xd0, 0xb0, 0xbc, 0x9f, 0xb9, 0xaa,
+    0x50, 0x14, 0x93, 0x3b, 0x9f, 0x25, 0xcb, 0x40, 0xb8, 0x08,
+    0xcc, 0x13, 0xe5, 0xdc, 0x3f, 0x84, 0x96, 0xe0, 0x73, 0x7b,
+    0x7d, 0x9e, 0x41, 0x92, 0x5d, 0xcc, 0xa4, 0xea, 0x4f, 0x93,
+    0x0c, 0x40, 0x2e, 0x42, 0x8a, 0xe9, 0xb9, 0x12, 0x74, 0xbb,
+    0x79, 0x7c, 0xb0, 0x37, 0x20, 0xb6, 0xaf, 0x43, 0x3a, 0x88,
+    0x59, 0x7c, 0x68, 0x28, 0x5f, 0x98, 0xc2, 0xf0, 0x2a, 0xbc,
+    0xa1, 0x61, 0x88, 0x1f, 0x43, 0xbc, 0x42, 0x8f, 0x43, 0xf3,
+    0x7e, 0x16, 0x96, 0xfa, 0x92, 0x70, 0xaf, 0x3c, 0x9f, 0x4b,
+    0xd9, 0x60, 0xe9, 0xf6, 0x2e, 0x84, 0xda, 0x88, 0x31, 0x34,
+    0xa6, 0x85, 0x10, 0x05, 0xef, 0x40, 0xa8, 0xa5, 0x4f, 0x92,
+    0x59, 0xf7, 0xe0, 0xc4, 0x2b, 0x12, 0x17, 0x71, 0xbe, 0x8c,
+    0x4a, 0x02, 0xfe, 0x12, 0xb6, 0x3b, 0x85, 0x75, 0x37, 0xf3,
+    0x73, 0x2d, 0x9c, 0x00, 0x5d, 0x80, 0xad, 0x20, 0x2f, 0x5a,
+    0x0b, 0x17, 0x7e, 0x67, 0x72, 0x24, 0x5a, 0xb9, 0xf3, 0xb1,
+    0x33, 0xa4, 0x57, 0x1d, 0x49, 0x72, 0x2c, 0x7f, 0x47, 0x15,
+    0x07, 0xe0, 0x45, 0x14, 0xdd, 0x77, 0x86, 0x6d, 0x03, 0xbe,
+    0x57, 0xd0, 0xaa, 0x18, 0xa6, 0xdd, 0x94, 0x18, 0x3f, 0x8a,
+    0xf3, 0xb5, 0xd7, 0x5a, 0xec, 0xc8, 0x79, 0x7f, 0x51, 0x61,
+    0x3c, 0x9b, 0xb2, 0x9b, 0xf3, 0xb4, 0x35, 0xd1, 0x38, 0xbf,
+    0x37, 0xce, 0x54, 0xd1, 0xf8, 0xb6, 0x45, 0xeb, 0x52, 0x0d,
+    0x9a, 0x09, 0x58, 0x0d, 0x2c, 0x0b, 0xb1, 0xf2, 0x30, 0x3a,
+    0x95, 0xc1, 0x13, 0x91, 0xd2, 0x9f, 0x8d, 0x8d, 0xd0, 0x38,
+    0x3e, 0x4c, 0xae, 0x4a, 0x55, 0xa7, 0x42, 0x11, 0x83, 0xc4,
+    0x70, 0xf0, 0x2b, 0x68, 0x9e, 0x07, 0xad, 0xb7, 0x83, 0xc6,
+    0x53, 0x3c, 0xfb, 0x0a, 0x5d, 0x24, 0xdc, 0xe1, 0x55, 0x72,
+    0xcf, 0xce, 0x3e, 0xc8, 0xd0, 0x57, 0x8a, 0x82, 0x5e, 0x78,
+    0x2b, 0x80, 0xc5, 0xb9, 0x09, 0x46, 0xf8, 0x90, 0x39, 0x52,
+    0xa9, 0xce, 0x3f, 0x3d, 0x41, 0x3b, 0x28, 0x45, 0xa3, 0xb3,
+    0x21, 0xc2, 0xcd, 0x14, 0x49, 0x41, 0x6c, 0x38, 0xda, 0x1b,
+    0x5f, 0x16, 0x49, 0xf9, 0x65, 0x00, 0x4e, 0xb4, 0x20, 0x55,
+    0x70, 0xe8, 0x58, 0x1a, 0x18, 0xbf, 0x41, 0xef, 0x31, 0xb1,
+    0xe7, 0x8d, 0x89, 0xc1, 0x48, 0xe8, 0xf5, 0x57, 0x35, 0xfa,
+    0xc1, 0x79, 0xee, 0x2c, 0xe8, 0x7d, 0xb6, 0x03, 0xcc, 0x66,
+    0x09, 0x6f, 0x52, 0x84, 0x0a, 0x34, 0x18, 0x2c, 0x01, 0x45,
+    0x81, 0x00, 0xe5, 0x5e, 0x8d, 0xae, 0x1c, 0x96, 0x8b, 0x45,
+    0x73, 0x00, 0x0a, 0xb5, 0xcf, 0x8d, 0x0e, 0x35, 0x5d, 0x1a,
+    0x0e, 0xbf, 0x64, 0x9a, 0x52, 0x20, 0x48, 0xc6, 0xb9, 0x40,
+    0xd3, 0x2c, 0x52, 0xca, 0x93, 0xcf, 0xbb, 0x94, 0x06, 0xf3,
+    0x97, 0xee, 0xcc, 0x5d, 0xa3, 0xea, 0xf8, 0x5a, 0x39, 0x77,
+    0x34, 0xd7, 0xf6, 0x4e, 0xbe, 0x8a, 0x07, 0x5f, 0x51, 0x53,
+    0xc5, 0x1b, 0x8c, 0x47, 0x8f, 0x34, 0x0e, 0x60, 0x0a, 0x90,
+    0xe2, 0xda, 0x7b, 0xef, 0xd6, 0xf5, 0x5d, 0xe5, 0x32, 0x37,
+    0x75, 0x99, 0x81, 0x4a, 0x2a, 0x78, 0x71, 0xdc, 0xf4, 0xe5,
+    0xca, 0xd8, 0x6b, 0x3b, 0x90, 0x68, 0x2e, 0x93, 0xc5, 0x10,
+    0x42, 0x5d, 0x38, 0x90, 0x32, 0x46, 0xea, 0x87, 0xe0, 0xbc,
+    0xb8, 0x9a, 0x18, 0x20, 0x68, 0x85, 0x6d, 0x9b, 0xc9, 0x8f,
+    0x9b, 0xd2, 0xbe, 0x15, 0x12, 0x68, 0xd0, 0xb0, 0x16, 0x5f,
+    0xe2, 0x69, 0x1d, 0x04, 0x00, 0xfc, 0x63, 0x33, 0xcd, 0x1f,
+    0x89, 0xcd, 0x52, 0xff, 0xec, 0x19, 0x69, 0x74, 0xa3, 0xce,
+    0x4d, 0xab, 0x93, 0xe4, 0xc6, 0x13, 0x56, 0x27, 0xc9, 0x25,
+    0x5a, 0x01, 0xb2, 0x36, 0x8b, 0x61, 0xe5, 0x8b, 0x98, 0xac,
+    0xe4, 0x2a, 0xb6, 0x40, 0x9f, 0x42, 0xe4, 0x1b, 0x52, 0xf7,
+    0xfd, 0xd8, 0x30, 0x07, 0x33, 0xf9, 0x47, 0xcb, 0x3c, 0xad,
+    0x12, 0xc1, 0xcc, 0x29, 0x62, 0x49, 0x04, 0x0c, 0x23, 0x97,
+    0x5a, 0xa4, 0x84, 0x67, 0xde, 0x5a, 0xe5, 0x36, 0xd2, 0x88,
+    0xf1, 0xd4, 0xeb, 0x13, 0x81, 0x54, 0x51, 0x11, 0xe3, 0xba,
+    0xbc, 0xee, 0xdd, 0x6c, 0xcd, 0xe6, 0xb4, 0xa1, 0x8b, 0x0b,
+    0x66, 0xfb, 0x8e, 0x50, 0xa0, 0xda, 0x69, 0x8d, 0xcc, 0x2d,
+    0xe4, 0x2c, 0xc4, 0x37, 0xdf, 0x61, 0xc0, 0x03, 0xbd, 0x8b,
+    0x28, 0xca, 0xd2, 0x8c, 0x1c, 0xf1, 0xa4, 0x26, 0x69, 0xe5,
+    0xcf, 0x45, 0xdb, 0x5a, 0x47, 0x79, 0xed, 0x9f, 0xf7, 0xd2,
+    0xdb, 0xba, 0x46, 0x53, 0x4f, 0xce, 0xa8, 0xbe, 0x8f, 0x4a,
+    0xd6, 0xdf, 0x2e, 0x06, 0xe6, 0x4c, 0x9a, 0xc1, 0xb6, 0x49,
+    0xed, 0xc4, 0xeb, 0xaa, 0xa4, 0x29, 0x6d, 0xd4, 0xcc, 0x8c,
+    0xb6, 0x40, 0x11, 0x39, 0x69, 0xf7, 0x75, 0xcd, 0xb1, 0x99,
+    0x46, 0x4e, 0xde, 0xcb, 0xf6, 0x9d, 0x32, 0xf3, 0xc9, 0x47,
+    0x47, 0x7a, 0xcb, 0xfb, 0xa3, 0x0c, 0x3b, 0xdf, 0xb7, 0xde,
+    0xec, 0x99, 0xde, 0xb0, 0x26, 0x04, 0x34, 0xae, 0x6b, 0xfc,
+    0x99, 0xbc, 0xde, 0xd5, 0xbe, 0xe7, 0xeb, 0xf9, 0xe7, 0xa6,
+    0x01, 0x9a, 0x0c, 0x5e, 0x66, 0xe6, 0x53, 0xe4, 0xd1, 0x58,
+    0xac, 0xda, 0x69, 0x77, 0x7b, 0x68, 0xd6, 0x30, 0x2a, 0x9c,
+    0x6b, 0xbe, 0x9f, 0x3d, 0x71, 0xd6, 0x54, 0xcd, 0x59, 0x4e,
+    0x1f, 0xe3, 0x83, 0x4e, 0xd1, 0x8e, 0xaf, 0x97, 0xa8, 0xe5,
+    0xb6, 0x59, 0x77, 0xa8, 0x02, 0x20, 0xe4, 0xeb, 0x44, 0x71,
+    0xbc, 0x07, 0x14, 0x79, 0x4f, 0x0c, 0x27, 0x06, 0x39, 0xcf,
+    0x7c, 0xef, 0x2b, 0x9b, 0x5e, 0xc4, 0x6d, 0x79, 0x13, 0x00,
+    0x43, 0x6f, 0x51, 0x77, 0xb5, 0xc3, 0x72, 0xad, 0x13, 0xa9,
+    0xe5, 0x9a, 0x5b, 0x1a, 0x99, 0x74, 0xc0, 0x7a, 0xf9, 0xc5,
+    0xb0, 0x58, 0x35, 0x1c, 0xa5, 0x51, 0xdb, 0xa1, 0x14, 0xcd,
+    0x26, 0x71, 0xb1, 0xe7, 0xaa, 0x14, 0xa7, 0x46, 0x93, 0xd3,
+    0x5c, 0x8c, 0x1a, 0x91, 0x77, 0x46, 0x2e, 0x15, 0xaa, 0x9e,
+    0xf7, 0x2b, 0x79, 0x41, 0x76, 0xf7, 0x22, 0x53, 0x7d, 0x51,
+    0xdb, 0x98, 0x3d, 0x5b, 0x78, 0x5f, 0xc3, 0xc9, 0x29, 0xa3,
+    0xff, 0x75, 0x82, 0x06, 0x9a, 0x16, 0x5e, 0xa4, 0x79, 0x0d,
+    0xd1, 0x6d, 0x08, 0xff, 0x43, 0xef, 0x9c, 0xf3, 0x1b, 0x7a,
+    0x3f, 0x34, 0xbe, 0x19, 0x15, 0x06, 0x33, 0xdb, 0xa5, 0x71,
+    0xcb, 0x5f, 0x6b, 0x8d, 0xbd, 0x5b, 0x32, 0x91, 0xb2, 0x37,
+    0x3d, 0xb4, 0x40, 0x9e, 0x02, 0x9b, 0xb7, 0x68, 0x20, 0x58,
+    0x5c, 0xab, 0xcb, 0xc8, 0x23, 0x2d, 0x77, 0xcc, 0x0b, 0xf6,
+    0x78, 0x6b, 0x80, 0x06, 0x91, 0xa9, 0xfd, 0x7e, 0xfa, 0x25,
+    0x98, 0x9f, 0xcc, 0x79, 0x0a, 0x1a, 0x54, 0x83, 0xac, 0x64,
+    0x16, 0x90, 0xe5, 0xd9, 0xa7, 0xd7, 0x1b, 0x86, 0x0d, 0xe6,
+    0xe6, 0x22, 0x2b, 0x1f, 0x44, 0x49, 0x98, 0x9c, 0x51, 0x6f,
+    0xcf, 0x58, 0x4a, 0xfa, 0xfa, 0x84, 0x12, 0xa5, 0x10, 0xf4,
+    0xca, 0xf0, 0x98, 0x2b, 0xc9, 0x03, 0x71, 0x37, 0xe7, 0xdc,
+    0xc2, 0xb1, 0x4e, 0x64, 0xde, 0x4f, 0x46, 0x0d, 0x6b, 0x25,
+    0x88, 0x5d, 0xd6, 0xff, 0x23, 0x46, 0x57, 0x36, 0x14, 0x18,
+    0xa7, 0xcb, 0xb8, 0xbd, 0xf0, 0xc5, 0x37, 0x36, 0xee, 0xe1,
+    0xed, 0x9f, 0x4d, 0xd4, 0x39, 0xe5, 0x92, 0xcf, 0x95, 0x4d,
+    0x66, 0x36, 0x5d, 0xd0, 0xcc, 0x07, 0xcf, 0x15, 0x5a, 0xce,
+    0x14, 0xb8, 0xda, 0x0d, 0x3d, 0x1b, 0x45, 0xc5, 0x2e, 0x34,
+    0x43, 0x25, 0x02, 0x3a, 0xcd, 0x14, 0x45, 0xfb, 0x3e, 0xf9,
+    0x88, 0x5d, 0x0d, 0x29, 0x31, 0xb9, 0xa1, 0xe6, 0x31, 0x18,
+    0x52, 0x46, 0x3f, 0x22, 0x4f, 0x9f, 0x7a, 0x65, 0x36, 0x88,
+    0xa3, 0x1c, 0x3e, 0x6f, 0x50, 0x7a, 0x36, 0xbe, 0x56, 0x7e,
+    0x50, 0xcb, 0x7a, 0x10, 0xa0, 0xec, 0xf6, 0x82, 0xd6, 0x30,
+    0x1c, 0xe8, 0x4c, 0x50, 0xf9, 0x3e, 0xdb, 0xac, 0xbe, 0x4f,
+    0x90, 0xb1, 0xd5, 0x1b, 0x12, 0x95, 0xfb, 0xe8, 0x08, 0x64,
+    0x56, 0x7c, 0x96, 0xcc, 0x90, 0xb1, 0xbc, 0xa0, 0xf5, 0x32,
+    0x69, 0xb3, 0x5f, 0x27, 0x0f, 0xbe, 0xc9, 0xbd, 0xeb, 0xfa,
+    0x4b, 0x5c, 0xc5, 0x99, 0x9e, 0x5a, 0x04, 0xcc, 0xd0, 0x4d,
+    0x29, 0xe8, 0x84, 0x55, 0x8c, 0xd7, 0xc4, 0x06, 0x13, 0x4d,
+    0x92, 0xe5, 0x98, 0x9c, 0x4c, 0xc1, 0xf7, 0xaf, 0x7b, 0xd5,
+    0x2b, 0x92, 0x68, 0x68, 0x19, 0x70, 0x4c, 0x9e, 0x46, 0xb8,
+    0x34, 0xeb, 0x01, 0x47, 0xbe, 0x59, 0xab, 0x0b, 0x22, 0x25,
+    0xe7, 0x56, 0xa8, 0xb4, 0x93, 0x3c, 0xd5, 0x98, 0x9f, 0x61,
+    0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40,
+    0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95,
+    0x0a, 0x93,
+};
+static const int sizeof_bench_dilithium_level5_pubkey =
+    sizeof(bench_dilithium_level5_pubkey);
+
+#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
+
+#endif /* HAVE_DILITHIUM */
+
+";
 
 # convert and print sphincs keys
-print OUT_FILE "#if defined(HAVE_PQC) && defined(HAVE_SPHINCS)\n\n";
+print OUT_FILE "#if defined(HAVE_SPHINCS)\n\n";
 for (my $i = 0; $i < $num_sphincs; $i++) {
 
     my $fname = $fileList_sphincs[$i][0];
@@ -277,7 +2058,7 @@ for (my $i = 0; $i < $num_sphincs; $i++) {
     print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
 }
 
-print OUT_FILE "#endif /* HAVE_PQC && HAVE_SPHINCS */\n\n";
+print OUT_FILE "#endif /* HAVE_SPHINCS */\n\n";
 
 # convert and print 256-bit cert/keys
 print OUT_FILE "#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)\n\n";
diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild
index f322742a4..6b0478457 100644
--- a/linuxkm/Kbuild
+++ b/linuxkm/Kbuild
@@ -1,6 +1,6 @@
 # Linux kernel-native Makefile ("Kbuild") for libwolfssl.ko
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -18,8 +18,17 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 
+.ONESHELL:
 SHELL=bash
 
+ifeq "$(KERNEL_ARCH)" "x86"
+    KERNEL_ARCH_X86 := yes
+else ifeq "$(KERNEL_ARCH)" "x86_64"
+    KERNEL_ARCH_X86 := yes
+else
+    KERNEL_ARCH_X86 := no
+endif
+
 ifeq "$(WOLFSSL_OBJ_FILES)" ""
     $(error $$WOLFSSL_OBJ_FILES is unset.)
 endif
@@ -30,9 +39,7 @@ endif
 
 WOLFSSL_CFLAGS += -ffreestanding -Wframe-larger-than=$(MAX_STACK_FRAME_SIZE) -isystem $(shell $(CC) -print-file-name=include)
 
-ifeq "$(KERNEL_ARCH)" "x86"
-    WOLFSSL_CFLAGS += -mpreferred-stack-boundary=4
-else ifeq "$(KERNEL_ARCH)" "aarch64"
+ifeq "$(KERNEL_ARCH)" "aarch64"
     WOLFSSL_CFLAGS += -mno-outline-atomics
 else ifeq "$(KERNEL_ARCH)" "arm64"
     WOLFSSL_CFLAGS += -mno-outline-atomics
@@ -64,7 +71,7 @@ HOST_EXTRACFLAGS += $(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(KBUILD_CFLAGS) -static -
 
 # "-mindirect-branch=keep -mfunction-return=keep" to avoid "undefined reference
 #  to `__x86_return_thunk'" on CONFIG_RETHUNK kernels (5.19.0-rc7)
-ifeq "$(KERNEL_ARCH)" "x86"
+ifeq "$(KERNEL_ARCH_X86)" "yes"
   HOST_EXTRACFLAGS += -mindirect-branch=keep -mfunction-return=keep
 endif
 
@@ -89,14 +96,14 @@ endif
 ccflags-y := $(WOLFSSL_CFLAGS) $(WOLFSSL_CFLAGS_NO_VECTOR_INSNS)
 
 $(obj)/libwolfssl.mod.o: ccflags-y :=
-$(obj)/wolfcrypt/test/test.o: ccflags-y += -DNO_MAIN_DRIVER
+$(obj)/wolfcrypt/test/test.o: ccflags-y += -DNO_MAIN_DRIVER -DWOLFSSL_NO_OPTIONS_H
 
 $(obj)/wolfcrypt/src/aes.o: ccflags-y = $(WOLFSSL_CFLAGS) $(WOLFSSL_CFLAGS_YES_VECTOR_INSNS)
 
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
     PIE_FLAGS := -fPIE -fno-stack-protector -fno-toplevel-reorder
     PIE_SUPPORT_FLAGS := -DUSE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE
-    ifeq "$(KERNEL_ARCH)" "x86"
+    ifeq "$(KERNEL_ARCH_X86)" "yes"
         PIE_FLAGS += -mcmodel=small -mindirect-branch=keep -mfunction-return=keep
     endif
     ifeq "$(KERNEL_ARCH)" "mips"
@@ -109,7 +116,7 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
     $(obj)/linuxkm/module_hooks.o: ccflags-y += $(PIE_SUPPORT_FLAGS)
 endif
 
-$(obj)/wolfcrypt/benchmark/benchmark.o: ccflags-y = $(WOLFSSL_CFLAGS) $(CFLAGS_FPU_ENABLE) $(CFLAGS_SIMD_ENABLE) $(PIE_SUPPORT_FLAGS) -DNO_MAIN_FUNCTION
+$(obj)/wolfcrypt/benchmark/benchmark.o: ccflags-y = $(WOLFSSL_CFLAGS) $(CFLAGS_FPU_ENABLE) $(CFLAGS_SIMD_ENABLE) $(PIE_SUPPORT_FLAGS) -DNO_MAIN_FUNCTION -DWOLFSSL_NO_OPTIONS_H
 $(obj)/wolfcrypt/benchmark/benchmark.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_ENABLE_SIMD_DISABLE)
 
 asflags-y := $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPUSIMD_DISABLE)
@@ -135,7 +142,11 @@ $(obj)/wolfcrypt/src/chacha_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_
 $(obj)/wolfcrypt/src/chacha_asm.o: OBJECT_FILES_NON_STANDARD := y
 $(obj)/wolfcrypt/src/poly1305_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
 $(obj)/wolfcrypt/src/poly1305_asm.o: OBJECT_FILES_NON_STANDARD := y
-$(obj)/wolfcrypt/src/wc_kyber_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
+$(obj)/wolfcrypt/src/wc_mlkem_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
+
+ifndef READELF
+    READELF := readelf
+endif
 
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
 
@@ -145,10 +156,6 @@ ifndef NM
     NM := nm
 endif
 
-ifndef READELF
-    READELF := readelf
-endif
-
 ifndef OBJCOPY
     OBJCOPY := objcopy
 endif
@@ -158,30 +165,30 @@ rename-pie-text-and-data-sections:
 ifneq "$(quiet)" "silent_"
 	@echo -n '  Checking wolfCrypt for unresolved symbols and forbidden relocations... '
 endif
-	@cd "$(obj)" || exit $$?; \
-	$(LD) -relocatable -o wolfcrypt_test_link.o $(WOLFCRYPT_PIE_FILES) || exit $$?; \
-	undefined=$$($(NM) --undefined-only wolfcrypt_test_link.o) || exit $$?; \
-	GOT_relocs=$$($(READELF) --relocs --wide wolfcrypt_test_link.o | egrep '^[^ ]+ +[^ ]+ +[^ ]*GOT[^ ]* ') || [ $$? = 1 ] || exit 2; \
-	rm wolfcrypt_test_link.o; \
-	if [ -n "$$undefined" ]; then \
-	    echo "wolfCrypt container has unresolved symbols:" 1>&2; \
-	    echo "$$undefined" 1>&2; \
-	    exit 1; \
-	fi; \
-	if [ -n "$$GOT_relocs" ]; then \
-	    echo "wolfCrypt container has GOT relocations (non-local function address used as operand?):" 1>&2; \
-	    echo "$$GOT_relocs" 1>&2; \
-	    exit 1; \
+	@cd "$(obj)" || exit $$?
+	$(LD) -relocatable -o wolfcrypt_test_link.o $(WOLFCRYPT_PIE_FILES) || exit $$?
+	undefined=$$($(NM) --undefined-only wolfcrypt_test_link.o) || exit $$?
+	GOT_relocs=$$($(READELF) --relocs --wide wolfcrypt_test_link.o | egrep '^[^ ]+ +[^ ]+ +[^ ]*GOT[^ ]* ') || [ $$? = 1 ] || exit 2
+	rm wolfcrypt_test_link.o
+	if [ -n "$$undefined" ]; then
+	    echo "wolfCrypt container has unresolved symbols:" 1>&2
+	    echo "$$undefined" 1>&2
+	    exit 1
+	fi
+	if [ -n "$$GOT_relocs" ]; then
+	    echo "wolfCrypt container has GOT relocations (non-local function address used as operand?):" 1>&2
+	    echo "$$GOT_relocs" 1>&2
+	    exit 1
 	fi
 ifneq "$(quiet)" "silent_"
-	@echo 'OK.'
+	echo 'OK.'
 endif
-	@cd "$(obj)" || exit $$?; \
-	for file in $(WOLFCRYPT_PIE_FILES); do \
-	    $(OBJCOPY) --rename-section .text=.text.wolfcrypt --rename-section .data=.data.wolfcrypt --rename-section .rodata=.rodata.wolfcrypt "$$file" || exit $$?; \
+	cd "$(obj)" || exit $$?
+	for file in $(WOLFCRYPT_PIE_FILES); do
+	    $(OBJCOPY) --rename-section .text=.text.wolfcrypt --rename-section .data=.data.wolfcrypt --rename-section .rodata=.rodata.wolfcrypt "$$file" || exit $$?
 	done
 ifneq "$(quiet)" "silent_"
-	@echo '  wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt'
+	echo '  wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt'
 endif
 
 $(obj)/linuxkm/module_exports.c: rename-pie-text-and-data-sections
@@ -192,14 +199,20 @@ endif
 # auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags.
 # exclude symbols that don't match wc_* or wolf*.
 $(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS)
-	@cp $< $@
-	@$(READELF) --symbols --wide $(WOLFSSL_OBJ_TARGETS) |				\
-		$(AWK) '/^ *[0-9]+: / {							\
-		  if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;}				\
-		  if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) {	\
-		    print "EXPORT_SYMBOL_NS_GPL(" $$8 ", WOLFSSL);";    		\
-		  }									\
-		}' >> $@
-	@echo -e '#ifndef NO_CRYPT_TEST\nEXPORT_SYMBOL_NS_GPL(wolfcrypt_test, WOLFSSL);\n#endif' >> $@
+	@cp $< $@ || exit $$?
+	if [[ "$${VERSION}" -gt 6 || ("$${VERSION}" -eq 6 && "$${PATCHLEVEL}" -ge 13) ]]; then
+	    # use ASCII octal escape to avoid syntax disruption in the awk script.
+	    ns='\042WOLFSSL\042'
+	else
+	    ns='WOLFSSL'
+	fi
+	$(READELF) --symbols --wide $(WOLFSSL_OBJ_TARGETS) |
+		$(AWK) '/^ *[0-9]+: / {
+		  if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;}
+		  if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) {
+		    print "EXPORT_SYMBOL_NS_GPL(" $$8 ", '"$$ns"');";
+		  }
+		}' >> $@ || exit $$?
+	echo -e "#ifndef NO_CRYPT_TEST\nEXPORT_SYMBOL_NS_GPL(wolfcrypt_test, $${ns});\n#endif" >> $@
 
 clean-files := linuxkm src wolfcrypt
diff --git a/linuxkm/Makefile b/linuxkm/Makefile
index a4adad90d..ba6629c56 100644
--- a/linuxkm/Makefile
+++ b/linuxkm/Makefile
@@ -1,6 +1,6 @@
 # libwolfssl Linux kernel module Makefile (wraps Kbuild-native makefile)
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
@@ -43,6 +43,8 @@ WOLFSSL_OBJ_FILES=$(patsubst %.lo, %.o, $(patsubst src/src_libwolfssl_la-%, src/
 
 ifeq "$(ENABLED_CRYPT_TESTS)" "yes"
     WOLFSSL_OBJ_FILES+=wolfcrypt/test/test.o
+else ifneq "$(ENABLED_LINUXKM_LKCAPI_REGISTER)" "none"
+    WOLFSSL_OBJ_FILES+=wolfcrypt/test/test.o
 else
     WOLFSSL_CFLAGS+=-DNO_CRYPT_TEST
 endif
diff --git a/linuxkm/get_thread_size.c b/linuxkm/get_thread_size.c
index cf6172db5..91095945d 100644
--- a/linuxkm/get_thread_size.c
+++ b/linuxkm/get_thread_size.c
@@ -1,7 +1,7 @@
 /* get_thread_size.c -- trivial program to determine stack frame size
  * for a Linux kernel thread, given a configured source tree.
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/linuxkm/include.am b/linuxkm/include.am
index 3fac8ca93..025770300 100644
--- a/linuxkm/include.am
+++ b/linuxkm/include.am
@@ -14,4 +14,5 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \
 	      linuxkm/linuxkm_memory.c \
 	      linuxkm/linuxkm_wc_port.h \
 	      linuxkm/lkcapi_glue.c \
+	      linuxkm/lkcapi_ecdsa_glue.c \
 	      linuxkm/x86_vector_register_glue.c
diff --git a/linuxkm/linuxkm_memory.c b/linuxkm/linuxkm_memory.c
index e2c4a0476..e17a56ccc 100644
--- a/linuxkm/linuxkm_memory.c
+++ b/linuxkm/linuxkm_memory.c
@@ -1,6 +1,6 @@
 /* linuxkm_memory.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h
index 189a26e34..254b42dfe 100644
--- a/linuxkm/linuxkm_wc_port.h
+++ b/linuxkm/linuxkm_wc_port.h
@@ -1,6 +1,6 @@
 /* linuxkm_wc_port.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,6 +30,11 @@
         #error Unsupported kernel.
     #endif
 
+    #if defined(HAVE_FIPS) && defined(LINUXKM_LKCAPI_REGISTER_AESXTS) && defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS)
+        /* CONFIG_CRYPTO_MANAGER_EXTRA_TESTS expects AES-XTS-384 to work, even when CONFIG_CRYPTO_FIPS, but FIPS 140-3 only allows AES-XTS-256 and AES-XTS-512. */
+        #error CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is incompatible with FIPS wolfCrypt AES-XTS -- please reconfigure the target kernel to disable CONFIG_CRYPTO_MANAGER_EXTRA_TESTS.
+    #endif
+
     #ifdef HAVE_CONFIG_H
         #ifndef PACKAGE_NAME
             #error wc_port.h included before config.h
@@ -118,6 +123,11 @@
     _Pragma("GCC diagnostic ignored \"-Wcast-function-type\""); /* needed for kernel 4.14.336 */
 
     #include <linux/kconfig.h>
+
+    #if defined(__PIE__) && defined(CONFIG_ARM64)
+        #define alt_cb_patch_nops my__alt_cb_patch_nops
+    #endif
+
     #include <linux/kernel.h>
     #include <linux/ctype.h>
 
@@ -127,7 +137,13 @@
              * fortify_panic().
              */
             extern void __my_fortify_panic(const char *name) __noreturn __cold;
-            #define fortify_panic __my_fortify_panic
+            #if LINUX_VERSION_CODE >= KERNEL_VERSION(6,9,0)
+                /* see linux 3d965b33e40d9 */
+                #define fortify_panic(func, write, avail, size, retfail) \
+                        __my_fortify_panic(#func)
+            #else
+                #define fortify_panic __my_fortify_panic
+            #endif
         #endif
 
         /* the _FORTIFY_SOURCE macros and implementations for several string
@@ -279,6 +295,12 @@
         #include <crypto/internal/aead.h>
         #include <crypto/internal/skcipher.h>
 
+        #if defined(HAVE_ECC) && \
+            (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
+             defined(LINUXKM_LKCAPI_REGISTER_ECDSA))
+             #include <crypto/internal/akcipher.h>
+        #endif /* HAVE_ECC && (REGISTER_ALL || REGISTER_ECDSA) */
+
         /* the LKCAPI assumes that expanded encrypt and decrypt keys will stay
          * loaded simultaneously, and the Linux in-tree implementations have two
          * AES key structs in each context, one for each direction.  in
@@ -461,17 +483,32 @@
         struct Signer *GetCA(void *signers, unsigned char *hash);
         #ifndef NO_SKID
             struct Signer *GetCAByName(void* signers, unsigned char *hash);
-        #endif
-    #endif
+            #ifdef HAVE_OCSP
+                struct Signer* GetCAByKeyHash(void* vp, const unsigned char* keyHash);
+            #endif /* HAVE_OCSP */
+            #ifdef WOLFSSL_AKID_NAME
+                struct Signer* GetCAByAKID(void* vp, const unsigned char* issuer,
+                                           unsigned int issuerSz,
+                                           const unsigned char* serial,
+                                           unsigned int serialSz);
+            #endif
+        #endif /* NO_SKID */
+
+        #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+            struct WOLFSSL_X509_NAME;
+            extern int wolfSSL_X509_NAME_add_entry_by_NID(struct WOLFSSL_X509_NAME *name, int nid,
+                                               int type, const unsigned char *bytes,
+                                               int len, int loc, int set);
+            extern void wolfSSL_X509_NAME_free(struct WOLFSSL_X509_NAME* name);
+            extern struct WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new_ex(void *heap);
+        #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+    #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
 
     #if defined(__PIE__) && !defined(USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE)
         #error "compiling -fPIE requires PIE redirect table."
     #endif
 
-    #if defined(HAVE_FIPS) && !defined(HAVE_LINUXKM_PIE_SUPPORT)
-        #error "FIPS build requires PIE support."
-    #endif
-
     #ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE
 
 #ifdef CONFIG_MIPS
@@ -629,6 +666,35 @@
         typeof(GetCA) *GetCA;
         #ifndef NO_SKID
         typeof(GetCAByName) *GetCAByName;
+        #ifdef HAVE_OCSP
+        typeof(GetCAByKeyHash) *GetCAByKeyHash;
+        #endif /* HAVE_OCSP */
+        #endif /* NO_SKID */
+        #ifdef WOLFSSL_AKID_NAME
+        typeof(GetCAByAKID) *GetCAByAKID;
+        #endif /* WOLFSSL_AKID_NAME */
+
+        #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+        typeof(wolfSSL_X509_NAME_add_entry_by_NID) *wolfSSL_X509_NAME_add_entry_by_NID;
+        typeof(wolfSSL_X509_NAME_free) *wolfSSL_X509_NAME_free;
+        typeof(wolfSSL_X509_NAME_new_ex) *wolfSSL_X509_NAME_new_ex;
+        #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+        #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
+
+        #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+        typeof(dump_stack) *dump_stack;
+        #endif
+
+        #ifdef CONFIG_ARM64
+        #ifdef __PIE__
+            /* alt_cb_patch_nops defined early to allow shimming in system
+             * headers, but now we need the native one.
+             */
+            #undef alt_cb_patch_nops
+            typeof(my__alt_cb_patch_nops) *alt_cb_patch_nops;
+        #else
+            typeof(alt_cb_patch_nops) *alt_cb_patch_nops;
         #endif
         #endif
 
@@ -774,7 +840,24 @@
         #define GetCA (wolfssl_linuxkm_get_pie_redirect_table()->GetCA)
         #ifndef NO_SKID
             #define GetCAByName (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByName)
+            #ifdef HAVE_OCSP
+                #define GetCAByKeyHash (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByKeyHash)
+            #endif /* HAVE_OCSP */
+        #endif /* NO_SKID */
+        #ifdef WOLFSSL_AKID_NAME
+            #define GetCAByAKID (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByAKID)
         #endif
+
+        #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+            #define wolfSSL_X509_NAME_add_entry_by_NID (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_add_entry_by_NID)
+            #define wolfSSL_X509_NAME_free (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_free)
+            #define wolfSSL_X509_NAME_new_ex (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_new_ex)
+        #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+    #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
+
+    #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+        #define dump_stack (wolfssl_linuxkm_get_pie_redirect_table()->dump_stack)
     #endif
 
     #endif /* __PIE__ */
@@ -784,7 +867,7 @@
     /* remove this multifariously conflicting macro, picked up from
      * Linux arch/<arch>/include/asm/current.h.
      */
-    #ifndef WOLFSSL_NEED_LINUX_CURRENT
+    #ifndef WOLFSSL_LINUXKM_NEED_LINUX_CURRENT
         #undef current
     #endif
 
@@ -799,7 +882,11 @@
      */
     #define key_update wc_key_update
 
-    #define lkm_printf(format, args...) printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args)
+    #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0)
+        #define lkm_printf(format, args...) _printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args)
+    #else
+        #define lkm_printf(format, args...) printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args)
+    #endif
     #define printf(...) lkm_printf(__VA_ARGS__)
 
     #ifdef HAVE_FIPS
@@ -889,6 +976,13 @@
 
     #include <linux/limits.h>
 
+    #ifndef INT32_MAX
+        #define INT32_MAX INT_MAX
+    #endif
+    #ifndef UINT32_MAX
+        #define UINT32_MAX UINT_MAX
+    #endif
+
     /* Linux headers define these using C expressions, but we need
      * them to be evaluable by the preprocessor, for use in sp_int.h.
      */
diff --git a/linuxkm/lkcapi_ecdsa_glue.c b/linuxkm/lkcapi_ecdsa_glue.c
new file mode 100644
index 000000000..022607d0b
--- /dev/null
+++ b/linuxkm/lkcapi_ecdsa_glue.c
@@ -0,0 +1,759 @@
+/* lkcapi_ecdsa_glue.c -- glue logic to register ECDSA wolfCrypt
+ * implementations with the Linux Kernel Cryptosystem
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#if defined(LINUXKM_LKCAPI_REGISTER_ECDSA)
+
+#ifndef LINUXKM_LKCAPI_REGISTER
+    #error lkcapi_ecdsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
+#endif
+
+#include <wolfssl/wolfcrypt/asn.h>
+#include <wolfssl/wolfcrypt/ecc.h>
+
+#define WOLFKM_ECDSA_DRIVER       ("ecdsa-wolfcrypt")
+
+#define WOLFKM_ECDSA_P192_NAME    ("ecdsa-nist-p192")
+#define WOLFKM_ECDSA_P192_DRIVER  ("ecdsa-nist-p192" WOLFKM_DRIVER_FIPS \
+                                   "-wolfcrypt")
+
+#define WOLFKM_ECDSA_P256_NAME    ("ecdsa-nist-p256")
+#define WOLFKM_ECDSA_P256_DRIVER  ("ecdsa-nist-p256" WOLFKM_DRIVER_FIPS \
+                                   "-wolfcrypt")
+
+#define WOLFKM_ECDSA_P384_NAME    ("ecdsa-nist-p384")
+#define WOLFKM_ECDSA_P384_DRIVER  ("ecdsa-nist-p384" WOLFKM_DRIVER_FIPS \
+                                   "-wolfcrypt")
+
+#define WOLFKM_ECDSA_P521_NAME    ("ecdsa-nist-p521")
+#define WOLFKM_ECDSA_P521_DRIVER  ("ecdsa-nist-p521" WOLFKM_DRIVER_FIPS \
+                                   "-wolfcrypt")
+
+
+static int  linuxkm_test_ecdsa_nist_driver(const char * driver,
+                                           const byte * pub, word32 pub_len,
+                                           const byte * sig, word32 sig_len,
+                                           const byte * hash, word32 hash_len);
+
+#if defined(LINUXKM_ECC192)
+static int ecdsa_nist_p192_loaded = 0;
+#endif /* LINUXKM_ECC192 */
+static int ecdsa_nist_p256_loaded = 0;
+static int ecdsa_nist_p384_loaded = 0;
+#if defined(HAVE_ECC521)
+static int ecdsa_nist_p521_loaded = 0;
+#endif /* HAVE_ECC521 */
+
+struct km_ecdsa_ctx {
+    ecc_key *    key;
+    int          curve_id;
+    word32       curve_len;
+};
+
+/* shared ecdsa callbacks */
+static void         km_ecdsa_exit(struct crypto_akcipher *tfm);
+static int          km_ecdsa_set_pub(struct crypto_akcipher *tfm,
+                                    const void *key, unsigned int keylen);
+static unsigned int km_ecdsa_max_size(struct crypto_akcipher *tfm);
+static int          km_ecdsa_verify(struct akcipher_request *req);
+
+/* ecdsa_nist_pN callbacks */
+#if defined(LINUXKM_ECC192)
+static int          km_ecdsa_nist_p192_init(struct crypto_akcipher *tfm);
+#endif /* LINUXKM_ECC192 */
+static int          km_ecdsa_nist_p256_init(struct crypto_akcipher *tfm);
+static int          km_ecdsa_nist_p384_init(struct crypto_akcipher *tfm);
+#if defined(HAVE_ECC521)
+static int          km_ecdsa_nist_p521_init(struct crypto_akcipher *tfm);
+#endif /* HAVE_ECC521 */
+
+#if defined(LINUXKM_ECC192)
+static struct akcipher_alg ecdsa_nist_p192 = {
+    .base.cra_name        = WOLFKM_ECDSA_P192_NAME,
+    .base.cra_driver_name = WOLFKM_ECDSA_P192_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_module      = THIS_MODULE,
+    .base.cra_ctxsize     = sizeof(struct km_ecdsa_ctx),
+    .verify               = km_ecdsa_verify,
+    .set_pub_key          = km_ecdsa_set_pub,
+    .max_size             = km_ecdsa_max_size,
+    .init                 = km_ecdsa_nist_p192_init,
+    .exit                 = km_ecdsa_exit,
+};
+#endif /* LINUXKM_ECC192 */
+
+static struct akcipher_alg ecdsa_nist_p256 = {
+    .base.cra_name        = WOLFKM_ECDSA_P256_NAME,
+    .base.cra_driver_name = WOLFKM_ECDSA_P256_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_module      = THIS_MODULE,
+    .base.cra_ctxsize     = sizeof(struct km_ecdsa_ctx),
+    .verify               = km_ecdsa_verify,
+    .set_pub_key          = km_ecdsa_set_pub,
+    .max_size             = km_ecdsa_max_size,
+    .init                 = km_ecdsa_nist_p256_init,
+    .exit                 = km_ecdsa_exit,
+};
+
+static struct akcipher_alg ecdsa_nist_p384 = {
+    .base.cra_name        = WOLFKM_ECDSA_P384_NAME,
+    .base.cra_driver_name = WOLFKM_ECDSA_P384_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_module      = THIS_MODULE,
+    .base.cra_ctxsize     = sizeof(struct km_ecdsa_ctx),
+    .verify               = km_ecdsa_verify,
+    .set_pub_key          = km_ecdsa_set_pub,
+    .max_size             = km_ecdsa_max_size,
+    .init                 = km_ecdsa_nist_p384_init,
+    .exit                 = km_ecdsa_exit,
+};
+
+#if defined(HAVE_ECC521)
+static struct akcipher_alg ecdsa_nist_p521 = {
+    .base.cra_name        = WOLFKM_ECDSA_P521_NAME,
+    .base.cra_driver_name = WOLFKM_ECDSA_P521_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_module      = THIS_MODULE,
+    .base.cra_ctxsize     = sizeof(struct km_ecdsa_ctx),
+    .verify               = km_ecdsa_verify,
+    .set_pub_key          = km_ecdsa_set_pub,
+    .max_size             = km_ecdsa_max_size,
+    .init                 = km_ecdsa_nist_p521_init,
+    .exit                 = km_ecdsa_exit,
+};
+#endif /* HAVE_ECC521 */
+
+/**
+ * Decodes and sets the ECDSA pub key.
+ *
+ * Kernel crypto ECDSA api expects raw uncompressed format with concatenated
+ * x and y points, with leading 0x04 on pub key.
+ *
+ * param tfm     the crypto_akcipher transform
+ * param key     raw uncompressed x, y points, with leading 0x04
+ * param keylen  key length
+ * */
+static int km_ecdsa_set_pub(struct crypto_akcipher *tfm, const void *key,
+                            unsigned int keylen)
+{
+    int                   err = 0;
+    struct km_ecdsa_ctx * ctx = NULL;
+    const byte *          pub = key;
+
+    ctx = akcipher_tfm_ctx(tfm);
+
+    switch (ctx->curve_len) {
+    #if defined(LINUXKM_ECC192)
+    case 24: /* p192 */
+    #endif
+    case 32: /* p256 */
+    case 48: /* p384 */
+    #if defined(HAVE_ECC521)
+    case 66: /* p521 */
+    #endif
+        break;
+    default:
+        /* key has not been inited or not supported. */
+        return -EINVAL;
+    }
+
+    if (keylen != ((ctx->curve_len << 1) + 1)) {
+        #ifdef WOLFKM_DEBUG_ECDSA
+        pr_err("%s: ecdsa_set_pub: invalid pub len: got %d, "
+               " expected %d\n",
+               WOLFKM_ECDSA_DRIVER, keylen,
+               ((ctx->curve_len << 1) + 1));
+        #endif /* WOLFKM_DEBUG_ECDSA */
+        return -EINVAL;
+    }
+
+    if (pub[0] != 0x04) {
+        #ifdef WOLFKM_DEBUG_ECDSA
+        pr_err("%s: ecdsa_set_pub: unrecognized pub format: 0x0%2x\n",
+               WOLFKM_ECDSA_DRIVER, pub[0]);
+        #endif /* WOLFKM_DEBUG_ECDSA */
+        return -EINVAL;
+    }
+
+    pub += 1;
+
+    /* import raw public key x,y coordinates. */
+    err = wc_ecc_import_unsigned(ctx->key, pub, (pub + ctx->curve_len),
+                                 NULL, ctx->curve_id);
+
+    if (unlikely(err)) {
+        #ifdef WOLFKM_DEBUG_ECDSA
+        pr_err("%s: wc_ecc_import_unsigned failed: %d\n",
+               WOLFKM_ECDSA_DRIVER, err);
+        #endif
+        return -EINVAL;
+    }
+
+    /* We should get back ecc pub key type. */
+    if (ctx->key->type != ECC_PUBLICKEY) {
+        #ifdef WOLFKM_DEBUG_ECDSA
+        pr_err("%s: wc_ecc_import_unsigned bad key type: %d\n",
+               WOLFKM_ECDSA_DRIVER, ctx->key->type);
+        #endif
+        return -EINVAL;
+    }
+
+    #ifdef WOLFKM_DEBUG_ECDSA
+    pr_info("info: exiting km_ecdsa_set_pub\n");
+    #endif /* WOLFKM_DEBUG_ECDSA */
+    return err;
+}
+
+static unsigned int km_ecdsa_max_size(struct crypto_akcipher *tfm)
+{
+    struct km_ecdsa_ctx * ctx = NULL;
+
+    ctx = akcipher_tfm_ctx(tfm);
+
+    #ifdef WOLFKM_DEBUG_ECDSA
+    pr_info("info: exiting km_ecdsa_max_size\n");
+    #endif /* WOLFKM_DEBUG_ECDSA */
+    return (unsigned int) ctx->curve_len;
+}
+
+static void km_ecdsa_exit(struct crypto_akcipher *tfm)
+{
+    struct km_ecdsa_ctx * ctx = NULL;
+
+    ctx = akcipher_tfm_ctx(tfm);
+
+    if (ctx->key) {
+        wc_ecc_free(ctx->key);
+        free(ctx->key);
+        ctx->key = NULL;
+    }
+
+    #ifdef WOLFKM_DEBUG_ECDSA
+    pr_info("info: exiting km_ecdsa_exit\n");
+    #endif /* WOLFKM_DEBUG_ECDSA */
+    return;
+}
+
+static int km_ecdsa_init(struct crypto_akcipher *tfm, int curve_id)
+{
+    struct km_ecdsa_ctx * ctx = NULL;
+    int                   ret = 0;
+
+    ctx = akcipher_tfm_ctx(tfm);
+    memset(ctx, 0, sizeof(struct km_ecdsa_ctx));
+    ctx->curve_id = curve_id;
+    ctx->curve_len = 0;
+
+    ret = wc_ecc_get_curve_size_from_id(curve_id);
+    if (ret <= 0) {
+        #ifdef WOLFKM_DEBUG_ECDSA
+        pr_err("%s: unsupported curve_id: %d\n",
+               WOLFKM_ECDSA_DRIVER, curve_id);
+        #endif /* WOLFKM_DEBUG_ECDSA */
+        return -EINVAL;
+    }
+
+    ctx->curve_len = (word32) ret;
+
+    ctx->key = (ecc_key *)malloc(sizeof(ecc_key));
+    if (!ctx->key) {
+        return -ENOMEM;
+    }
+
+    ret = wc_ecc_init(ctx->key);
+    if (ret < 0) {
+        free(ctx->key);
+        ctx->key = NULL;
+        return -ENOMEM;
+    }
+
+    #ifdef WOLFKM_DEBUG_ECDSA
+    pr_info("info: exiting km_ecdsa_init: curve_id %d,  curve_len %d",
+            ctx->curve_id, ctx->curve_len);
+    #endif /* WOLFKM_DEBUG_ECDSA */
+    return 0;
+}
+
+#if defined(LINUXKM_ECC192)
+static int km_ecdsa_nist_p192_init(struct crypto_akcipher *tfm)
+{
+    return km_ecdsa_init(tfm, ECC_SECP192R1);
+}
+#endif /* LINUXKM_ECC192 */
+
+static int km_ecdsa_nist_p256_init(struct crypto_akcipher *tfm)
+{
+    return km_ecdsa_init(tfm, ECC_SECP256R1);
+}
+
+static int km_ecdsa_nist_p384_init(struct crypto_akcipher *tfm)
+{
+    return km_ecdsa_init(tfm, ECC_SECP384R1);
+}
+
+#if defined(HAVE_ECC521)
+static int km_ecdsa_nist_p521_init(struct crypto_akcipher *tfm)
+{
+    return km_ecdsa_init(tfm, ECC_SECP521R1);
+}
+#endif /* HAVE_ECC521 */
+
+/**
+ * Verify an ecdsa_nist signature.
+ *
+ * The total size of req->src is src_len + dst_len:
+ *   - src_len: signature
+ *   - dst_len: digest
+ *
+ * dst should be null.
+ * See kernel:
+ *   - include/crypto/akcipher.h
+ * */
+static int km_ecdsa_verify(struct akcipher_request *req)
+{
+    struct crypto_akcipher * tfm = NULL;
+    struct km_ecdsa_ctx *    ctx = NULL;
+    byte *                   sig = NULL;
+    word32                   sig_len = 0;
+    byte *                   hash = NULL;
+    word32                   hash_len = 0;
+    int                      result = -1;
+    int                      err = -1;
+
+    if (req->src == NULL || req->dst != NULL) {
+        return -EINVAL;
+    }
+
+    tfm = crypto_akcipher_reqtfm(req);
+    ctx = akcipher_tfm_ctx(tfm);
+
+    sig_len = req->src_len;
+    hash_len = req->dst_len;
+
+    if (hash_len <= 0) {
+        err = -EINVAL;
+        goto ecdsa_verify_end;
+    }
+
+    if (sig_len <= 0) {
+        err = -EINVAL;
+        goto ecdsa_verify_end;
+    }
+
+    sig = malloc(sig_len);
+    if (unlikely(sig == NULL)) {
+        err = -ENOMEM;
+        goto ecdsa_verify_end;
+    }
+
+    hash = malloc(hash_len);
+    if (unlikely(hash == NULL)) {
+        err = -ENOMEM;
+        goto ecdsa_verify_end;
+    }
+
+    memset(sig, 0, sig_len);
+    memset(hash, 0, hash_len);
+
+    /* copy sig from req->src to sig */
+    scatterwalk_map_and_copy(sig, req->src, 0, sig_len, 0);
+
+    /* copy hash from req->src to hash */
+    scatterwalk_map_and_copy(hash, req->src, sig_len, hash_len, 0);
+
+    err = wc_ecc_verify_hash(sig, sig_len, hash, hash_len, &result, ctx->key);
+
+    if (err) {
+        #ifdef WOLFKM_DEBUG_ECDSA
+        pr_err("error: %s: ecdsa verify: verify_hash returned: %d\n",
+               WOLFKM_ECDSA_DRIVER, err);
+        #endif /* WOLFKM_DEBUG_ECDSA */
+        err = -EBADMSG;
+        goto ecdsa_verify_end;
+    }
+
+    if (result != 1) {
+        #ifdef WOLFKM_DEBUG_ECDSA
+        pr_err("error: %s: ecdsa verify: verify fail: %d\n",
+               WOLFKM_ECDSA_DRIVER, result);
+        #endif /* WOLFKM_DEBUG_ECDSA */
+        err = -EBADMSG;
+        goto ecdsa_verify_end;
+    }
+
+ecdsa_verify_end:
+    if (sig != NULL) { free(sig); sig = NULL; }
+    if (hash != NULL) { free(hash); hash = NULL; }
+
+    #ifdef WOLFKM_DEBUG_ECDSA
+    pr_info("info: exiting km_ecdsa_verify: %d\n", result);
+    #endif /* WOLFKM_DEBUG_ECDSA */
+    return err;
+}
+
+#if defined(LINUXKM_ECC192)
+static int linuxkm_test_ecdsa_nist_p192(void)
+{
+    int rc = 0;
+    /* reference value from kernel crypto/testmgr.h
+     * OID_id_ecdsa_with_sha256 */
+    /* 49 byte pub key */
+    const byte p192_pub[] = {
+        0x04, 0xe2, 0x51, 0x24, 0x9b, 0xf7, 0xb6, 0x32,
+        0x82, 0x39, 0x66, 0x3d, 0x5b, 0xec, 0x3b, 0xae,
+        0x0c, 0xd5, 0xf2, 0x67, 0xd1, 0xc7, 0xe1, 0x02,
+        0xe4, 0xbf, 0x90, 0x62, 0xb8, 0x55, 0x75, 0x56,
+        0x69, 0x20, 0x5e, 0xcb, 0x4e, 0xca, 0x33, 0xd6,
+        0xcb, 0x62, 0x6b, 0x94, 0xa9, 0xa2, 0xe9, 0x58,
+        0x91
+    };
+
+    /* 32 byte hash */
+    const byte hash[] = {
+        0x35, 0xec, 0xa1, 0xa0, 0x9e, 0x14, 0xde, 0x33,
+        0x03, 0xb6, 0xf6, 0xbd, 0x0c, 0x2f, 0xb2, 0xfd,
+        0x1f, 0x27, 0x82, 0xa5, 0xd7, 0x70, 0x3f, 0xef,
+        0xa0, 0x82, 0x69, 0x8e, 0x73, 0x31, 0x8e, 0xd7
+    };
+
+    /* 55 byte sig */
+    const byte sig[] = {
+        0x30, 0x35, 0x02, 0x18, 0x3f, 0x72, 0x3f, 0x1f,
+        0x42, 0xd2, 0x3f, 0x1d, 0x6b, 0x1a, 0x58, 0x56,
+        0xf1, 0x8f, 0xf7, 0xfd, 0x01, 0x48, 0xfb, 0x5f,
+        0x72, 0x2a, 0xd4, 0x8f, 0x02, 0x19, 0x00, 0xb3,
+        0x69, 0x43, 0xfd, 0x48, 0x19, 0x86, 0xcf, 0x32,
+        0xdd, 0x41, 0x74, 0x6a, 0x51, 0xc7, 0xd9, 0x7d,
+        0x3a, 0x97, 0xd9, 0xcd, 0x1a, 0x6a, 0x49
+    };
+    word32     pub_len = 0;
+    word32     sig_len = 0;
+    word32     hash_len = 0;
+
+    pub_len = sizeof(p192_pub);
+    hash_len = sizeof(hash);
+    sig_len = sizeof(sig);
+
+    rc = linuxkm_test_ecdsa_nist_driver(WOLFKM_ECDSA_P192_DRIVER,
+                                        p192_pub, pub_len,
+                                        sig, sig_len,
+                                        hash, hash_len);
+
+    return rc;
+}
+#endif /* LINUXKM_ECC192 */
+
+static int linuxkm_test_ecdsa_nist_p256(void)
+{
+    int rc = 0;
+    /* reference value from kernel crypto/testmgr.h
+     * OID_id_ecdsa_with_sha256 */
+    /* 65 byte pub key */
+    const byte p256_pub[] = {
+        0x04, 0xf1, 0xea, 0xc4, 0x53, 0xf3, 0xb9, 0x0e,
+        0x9f, 0x7e, 0xad, 0xe3, 0xea, 0xd7, 0x0e, 0x0f,
+        0xd6, 0x98, 0x9a, 0xca, 0x92, 0x4d, 0x0a, 0x80,
+        0xdb, 0x2d, 0x45, 0xc7, 0xec, 0x4b, 0x97, 0x00,
+        0x2f, 0xe9, 0x42, 0x6c, 0x29, 0xdc, 0x55, 0x0e,
+        0x0b, 0x53, 0x12, 0x9b, 0x2b, 0xad, 0x2c, 0xe9,
+        0x80, 0xe6, 0xc5, 0x43, 0xc2, 0x1d, 0x5e, 0xbb,
+        0x65, 0x21, 0x50, 0xb6, 0x37, 0xb0, 0x03, 0x8e,
+        0xb8
+    };
+
+    /* 32 byte hash */
+    const byte hash[] = {
+        0x8f, 0x43, 0x43, 0x46, 0x64, 0x8f, 0x6b, 0x96,
+        0xdf, 0x89, 0xdd, 0xa9, 0x01, 0xc5, 0x17, 0x6b,
+        0x10, 0xa6, 0xd8, 0x39, 0x61, 0xdd, 0x3c, 0x1a,
+        0xc8, 0x8b, 0x59, 0xb2, 0xdc, 0x32, 0x7a, 0xa4
+    };
+
+    /* 71 byte sig */
+    const byte sig[] = {
+        0x30, 0x45, 0x02, 0x20, 0x08, 0x31, 0xfa, 0x74,
+        0x0d, 0x1d, 0x21, 0x5d, 0x09, 0xdc, 0x29, 0x63,
+        0xa8, 0x1a, 0xad, 0xfc, 0xac, 0x44, 0xc3, 0xe8,
+        0x24, 0x11, 0x2d, 0xa4, 0x91, 0xdc, 0x02, 0x67,
+        0xdc, 0x0c, 0xd0, 0x82, 0x02, 0x21, 0x00, 0xbd,
+        0xff, 0xce, 0xee, 0x42, 0xc3, 0x97, 0xff, 0xf9,
+        0xa9, 0x81, 0xac, 0x4a, 0x50, 0xd0, 0x91, 0x0a,
+        0x6e, 0x1b, 0xc4, 0xaf, 0xe1, 0x83, 0xc3, 0x4f,
+        0x2a, 0x65, 0x35, 0x23, 0xe3, 0x1d, 0xfa
+    };
+    word32     pub_len = 0;
+    word32     sig_len = 0;
+    word32     hash_len = 0;
+
+    pub_len = sizeof(p256_pub);
+    hash_len = sizeof(hash);
+    sig_len = sizeof(sig);
+
+    rc = linuxkm_test_ecdsa_nist_driver(WOLFKM_ECDSA_P256_DRIVER,
+                                        p256_pub, pub_len,
+                                        sig, sig_len,
+                                        hash, hash_len);
+    return rc;
+}
+
+static int linuxkm_test_ecdsa_nist_p384(void)
+{
+    int rc = 0;
+    /* reference value from kernel crypto/testmgr.h
+     * OID_id_ecdsa_with_sha384 */
+    /* 97 byte pub key */
+    const byte p384_pub[] = {
+        0x04, 0x3a, 0x2f, 0x62, 0xe7, 0x1a, 0xcf, 0x24,
+        0xd0, 0x0b, 0x7c, 0xe0, 0xed, 0x46, 0x0a, 0x4f,
+        0x74, 0x16, 0x43, 0xe9, 0x1a, 0x25, 0x7c, 0x55,
+        0xff, 0xf0, 0x29, 0x68, 0x66, 0x20, 0x91, 0xf9,
+        0xdb, 0x2b, 0xf6, 0xb3, 0x6c, 0x54, 0x01, 0xca,
+        0xc7, 0x6a, 0x5c, 0x0d, 0xeb, 0x68, 0xd9, 0x3c,
+        0xf1, 0x01, 0x74, 0x1f, 0xf9, 0x6c, 0xe5, 0x5b,
+        0x60, 0xe9, 0x7f, 0x5d, 0xb3, 0x12, 0x80, 0x2a,
+        0xd8, 0x67, 0x92, 0xc9, 0x0e, 0x4c, 0x4c, 0x6b,
+        0xa1, 0xb2, 0xa8, 0x1e, 0xac, 0x1c, 0x97, 0xd9,
+        0x21, 0x67, 0xe5, 0x1b, 0x5a, 0x52, 0x31, 0x68,
+        0xd6, 0xee, 0xf0, 0x19, 0xb0, 0x55, 0xed, 0x89,
+        0x9e
+    };
+
+    /* 48 byte hash */
+    const byte hash[] = {
+        0x8d, 0xf2, 0xc0, 0xe9, 0xa8, 0xf3, 0x8e, 0x44,
+        0xc4, 0x8c, 0x1a, 0xa0, 0xb8, 0xd7, 0x17, 0xdf,
+        0xf2, 0x37, 0x1b, 0xc6, 0xe3, 0xf5, 0x62, 0xcc,
+        0x68, 0xf5, 0xd5, 0x0b, 0xbf, 0x73, 0x2b, 0xb1,
+        0xb0, 0x4c, 0x04, 0x00, 0x31, 0xab, 0xfe, 0xc8,
+        0xd6, 0x09, 0xc8, 0xf2, 0xea, 0xd3, 0x28, 0xff
+    };
+
+    /* 104 byte sig */
+    const byte sig[] = {
+        0x30, 0x66, 0x02, 0x31, 0x00, 0x9b, 0x28, 0x68,
+        0xc0, 0xa1, 0xea, 0x8c, 0x50, 0xee, 0x2e, 0x62,
+        0x35, 0x46, 0xfa, 0x00, 0xd8, 0x2d, 0x7a, 0x91,
+        0x5f, 0x49, 0x2d, 0x22, 0x08, 0x29, 0xe6, 0xfb,
+        0xca, 0x8c, 0xd6, 0xb6, 0xb4, 0x3b, 0x1f, 0x07,
+        0x8f, 0x15, 0x02, 0xfe, 0x1d, 0xa2, 0xa4, 0xc8,
+        0xf2, 0xea, 0x9d, 0x11, 0x1f, 0x02, 0x31, 0x00,
+        0xfc, 0x50, 0xf6, 0x43, 0xbd, 0x50, 0x82, 0x0e,
+        0xbf, 0xe3, 0x75, 0x24, 0x49, 0xac, 0xfb, 0xc8,
+        0x71, 0xcd, 0x8f, 0x18, 0x99, 0xf0, 0x0f, 0x13,
+        0x44, 0x92, 0x8c, 0x86, 0x99, 0x65, 0xb3, 0x97,
+        0x96, 0x17, 0x04, 0xc9, 0x05, 0x77, 0xf1, 0x8e,
+        0xab, 0x8d, 0x4e, 0xde, 0xe6, 0x6d, 0x9b, 0x66
+    };
+    word32     pub_len = 0;
+    word32     sig_len = 0;
+    word32     hash_len = 0;
+
+    pub_len = sizeof(p384_pub);
+    hash_len = sizeof(hash);
+    sig_len = sizeof(sig);
+
+    rc = linuxkm_test_ecdsa_nist_driver(WOLFKM_ECDSA_P384_DRIVER,
+                                        p384_pub, pub_len,
+                                        sig, sig_len,
+                                        hash, hash_len);
+    return rc;
+}
+
+#if defined(HAVE_ECC521)
+static int linuxkm_test_ecdsa_nist_p521(void)
+{
+    int rc = 0;
+    /* reference value from kernel crypto/testmgr.h
+     * OID_id_ecdsa_with_sha521 */
+    /* 133 byte pub key */
+    const byte p521_pub[] = {
+        0x04, 0x00, 0xc7, 0x65, 0xee, 0x0b, 0x86, 0x7d,
+        0x8f, 0x02, 0xf1, 0x74, 0x5b, 0xb0, 0x4c, 0x3f,
+        0xa6, 0x35, 0x60, 0x9f, 0x55, 0x23, 0x11, 0xcc,
+        0xdf, 0xb8, 0x42, 0x99, 0xee, 0x6c, 0x96, 0x6a,
+        0x27, 0xa2, 0x56, 0xb2, 0x2b, 0x03, 0xad, 0x0f,
+        0xe7, 0x97, 0xde, 0x09, 0x5d, 0xb4, 0xc5, 0x5f,
+        0xbd, 0x87, 0x37, 0xbf, 0x5a, 0x16, 0x35, 0x56,
+        0x08, 0xfd, 0x6f, 0x06, 0x1a, 0x1c, 0x84, 0xee,
+        0xc3, 0x64, 0xb3, 0x00, 0x9e, 0xbd, 0x6e, 0x60,
+        0x76, 0xee, 0x69, 0xfd, 0x3a, 0xb8, 0xcd, 0x7e,
+        0x91, 0x68, 0x53, 0x57, 0x44, 0x13, 0x2e, 0x77,
+        0x09, 0x2a, 0xbe, 0x48, 0xbd, 0x91, 0xd8, 0xf6,
+        0x21, 0x16, 0x53, 0x99, 0xd5, 0xf0, 0x40, 0xad,
+        0xa6, 0xf8, 0x58, 0x26, 0xb6, 0x9a, 0xf8, 0x77,
+        0xfe, 0x3a, 0x05, 0x1a, 0xdb, 0xa9, 0x0f, 0xc0,
+        0x6c, 0x76, 0x30, 0x8c, 0xd8, 0xde, 0x44, 0xae,
+        0xd0, 0x17, 0xdf, 0x49, 0x6a
+    };
+
+    /* 64 byte hash */
+    const byte hash[] = {
+        0x5c, 0xa6, 0xbc, 0x79, 0xb8, 0xa0, 0x1e, 0x11,
+        0x83, 0xf7, 0xe9, 0x05, 0xdf, 0xba, 0xf7, 0x69,
+        0x97, 0x22, 0x32, 0xe4, 0x94, 0x7c, 0x65, 0xbd,
+        0x74, 0xc6, 0x9a, 0x8b, 0xbd, 0x0d, 0xdc, 0xed,
+        0xf5, 0x9c, 0xeb, 0xe1, 0xc5, 0x68, 0x40, 0xf2,
+        0xc7, 0x04, 0xde, 0x9e, 0x0d, 0x76, 0xc5, 0xa3,
+        0xf9, 0x3c, 0x6c, 0x98, 0x08, 0x31, 0xbd, 0x39,
+        0xe8, 0x42, 0x7f, 0x80, 0x39, 0x6f, 0xfe, 0x68,
+    };
+
+    /* 139 byte sig */
+    const byte sig[] = {
+        0x30, 0x81, 0x88, 0x02, 0x42, 0x01, 0x5c, 0x71,
+        0x86, 0x96, 0xac, 0x21, 0x33, 0x7e, 0x4e, 0xaa,
+        0x86, 0xec, 0xa8, 0x05, 0x03, 0x52, 0x56, 0x63,
+        0x0e, 0x02, 0xcc, 0x94, 0xa9, 0x05, 0xb9, 0xfb,
+        0x62, 0x1e, 0x42, 0x03, 0x6c, 0x74, 0x8a, 0x1f,
+        0x12, 0x3e, 0xb7, 0x7e, 0x51, 0xff, 0x7f, 0x27,
+        0x93, 0xe8, 0x6c, 0x49, 0x7d, 0x28, 0xfc, 0x80,
+        0xa6, 0x13, 0xfc, 0xb6, 0x90, 0xf7, 0xbb, 0x28,
+        0xb5, 0x04, 0xb0, 0xb6, 0x33, 0x1c, 0x7e, 0x02,
+        0x42, 0x01, 0x70, 0x43, 0x52, 0x1d, 0xe3, 0xc6,
+        0xbd, 0x5a, 0x40, 0x95, 0x35, 0x89, 0x4f, 0x41,
+        0x5f, 0x9e, 0x19, 0x88, 0x05, 0x3e, 0x43, 0x39,
+        0x01, 0xbd, 0xb7, 0x7a, 0x76, 0x37, 0x51, 0x47,
+        0x49, 0x98, 0x12, 0x71, 0xd0, 0xe9, 0xca, 0xa7,
+        0xc0, 0xcb, 0xaa, 0x00, 0x55, 0xbb, 0x6a, 0xb4,
+        0x73, 0x00, 0xd2, 0x72, 0x74, 0x13, 0x63, 0x39,
+        0xa6, 0xe5, 0x25, 0x46, 0x1e, 0x77, 0x44, 0x78,
+        0xe0, 0xd1, 0x04
+    };
+    word32     pub_len = 0;
+    word32     sig_len = 0;
+    word32     hash_len = 0;
+
+    pub_len = sizeof(p521_pub);
+    hash_len = sizeof(hash);
+    sig_len = sizeof(sig);
+
+    rc = linuxkm_test_ecdsa_nist_driver(WOLFKM_ECDSA_P521_DRIVER,
+                                        p521_pub, pub_len,
+                                        sig, sig_len,
+                                        hash, hash_len);
+    return rc;
+
+}
+#endif /* HAVE_ECC521 */
+
+static int linuxkm_test_ecdsa_nist_driver(const char * driver,
+                                          const byte * pub, word32 pub_len,
+                                          const byte * sig, word32 sig_len,
+                                          const byte * hash, word32 hash_len)
+{
+    int                       test_rc = -1;
+    int                       ret = 0;
+    struct crypto_akcipher *  tfm = NULL;
+    struct akcipher_request * req = NULL;
+    struct scatterlist        src_tab[2];
+    byte *                    bad_sig = NULL;
+    /**
+     * Allocate the akcipher transform, and set up
+     * the akcipher request.
+     * */
+    tfm = crypto_alloc_akcipher(driver, 0, 0);
+    if (IS_ERR(tfm)) {
+        pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
+               driver, PTR_ERR(tfm));
+        goto test_ecdsa_nist_end;
+    }
+
+    req = akcipher_request_alloc(tfm, GFP_KERNEL);
+    if (IS_ERR(req)) {
+        pr_err("error: allocating akcipher request %s failed\n",
+               driver);
+        goto test_ecdsa_nist_end;
+    }
+
+    /* now set pub key for verify test. */
+    ret = crypto_akcipher_set_pub_key(tfm, pub, pub_len);
+    if (ret) {
+        pr_err("error: crypto_akcipher_set_pub_key returned: %d\n", ret);
+        goto test_ecdsa_nist_end;
+    }
+
+    {
+        unsigned int maxsize = crypto_akcipher_maxsize(tfm);
+        if ((int) maxsize <= 0) {
+            pr_err("error: crypto_akcipher_maxsize "
+                   "returned %d\n", maxsize);
+            goto test_ecdsa_nist_end;
+        }
+    }
+
+    /**
+     * Set sig as src, and null as dst.
+     * src_tab is:
+     *   src_tab[0]: signature
+     *   src_tab[1]: message (hash)
+     *
+     * src_len is sig size
+     * dst_len is hash size. */
+    sg_init_table(src_tab, 2);
+    sg_set_buf(&src_tab[0], sig, sig_len);
+    sg_set_buf(&src_tab[1], hash, hash_len);
+
+    akcipher_request_set_crypt(req, src_tab, NULL, sig_len, hash_len);
+
+    ret = crypto_akcipher_verify(req);
+    if (ret) {
+        pr_err("error: crypto_akcipher_verify returned: %d\n", ret);
+        goto test_ecdsa_nist_end;
+    }
+
+    /* prepare a bad signature */
+    bad_sig = malloc(sig_len);
+    if (bad_sig == NULL) {
+        pr_err("error: alloc sig failed\n");
+        goto test_ecdsa_nist_end;
+    }
+
+    memcpy(bad_sig, sig, sig_len);
+    bad_sig[sig_len/2] ^= 1;
+
+    sg_init_table(src_tab, 2);
+    sg_set_buf(&src_tab[0], bad_sig, sig_len);
+    sg_set_buf(&src_tab[1], hash, hash_len);
+
+    akcipher_request_set_crypt(req, src_tab, NULL, sig_len, hash_len);
+
+    /* it should fail */
+    ret = crypto_akcipher_verify(req);
+    if (ret != -EBADMSG) {
+        pr_err("error: crypto_akcipher_verify returned %d, expected %d\n",
+               ret, -EBADMSG);
+        goto test_ecdsa_nist_end;
+    }
+
+    test_rc = 0;
+test_ecdsa_nist_end:
+    if (req) { akcipher_request_free(req); req = NULL; }
+    if (tfm) { crypto_free_akcipher(tfm); tfm = NULL; }
+    if (bad_sig) { free(bad_sig); bad_sig = NULL; }
+
+    #ifdef WOLFKM_DEBUG_ECDSA
+    pr_info("info: %s: self test returned: %d\n", driver, test_rc);
+    #endif /* WOLFKM_DEBUG_ECDSA */
+
+    return test_rc;
+}
+
+#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c
index 29bd701c2..58b267198 100644
--- a/linuxkm/lkcapi_glue.c
+++ b/linuxkm/lkcapi_glue.c
@@ -1,7 +1,7 @@
 /* lkcapi_glue.c -- glue logic to register wolfCrypt implementations with
  * the Linux Kernel Cryptosystem
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,6 +26,27 @@
     #error lkcapi_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
 #endif
 
+/* kernel crypto self-test includes test setups that have different expected
+ * results FIPS vs non-FIPS.
+ */
+#if defined(CONFIG_CRYPTO_MANAGER) && \
+    !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
+    #if defined(CONFIG_CRYPTO_FIPS) != defined(HAVE_FIPS)
+        #error CONFIG_CRYPTO_MANAGER requires that CONFIG_CRYPTO_FIPS match HAVE_FIPS.
+    #endif
+    #include <linux/fips.h>
+#endif
+
+#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+    /* need misc.c for ForceZero(). */
+    #ifdef NO_INLINE
+        #include <wolfssl/wolfcrypt/misc.h>
+    #else
+        #define WOLFSSL_MISC_INCLUDED
+        #include <wolfcrypt/src/misc.c>
+    #endif
+#endif
+
 #ifndef WOLFSSL_LINUXKM_LKCAPI_PRIORITY
 /* Larger number means higher priority.  The highest in-tree priority is 4001,
  * in the Cavium driver.
@@ -48,7 +69,11 @@ static int disable_setkey_warnings = 0;
 #define WOLFKM_AESCBC_NAME   "cbc(aes)"
 #define WOLFKM_AESCFB_NAME   "cfb(aes)"
 #define WOLFKM_AESGCM_NAME   "gcm(aes)"
+#define WOLFKM_AESGCM_RFC4106_NAME   "rfc4106(gcm(aes))"
 #define WOLFKM_AESXTS_NAME   "xts(aes)"
+#define WOLFKM_AESCTR_NAME   "ctr(aes)"
+#define WOLFKM_AESOFB_NAME   "ofb(aes)"
+#define WOLFKM_AESECB_NAME   "ecb(aes)"
 
 #ifdef WOLFSSL_AESNI
     #define WOLFKM_DRIVER_ISA_EXT "-aesni"
@@ -76,36 +101,136 @@ static int disable_setkey_warnings = 0;
 #define WOLFKM_AESCBC_DRIVER ("cbc-aes" WOLFKM_DRIVER_SUFFIX)
 #define WOLFKM_AESCFB_DRIVER ("cfb-aes" WOLFKM_DRIVER_SUFFIX)
 #define WOLFKM_AESGCM_DRIVER ("gcm-aes" WOLFKM_DRIVER_SUFFIX)
+#define WOLFKM_AESGCM_RFC4106_DRIVER ("rfc4106-gcm-aes" WOLFKM_DRIVER_SUFFIX)
 #define WOLFKM_AESXTS_DRIVER ("xts-aes" WOLFKM_DRIVER_SUFFIX)
+#define WOLFKM_AESCTR_DRIVER ("ctr-aes" WOLFKM_DRIVER_SUFFIX)
+#define WOLFKM_AESOFB_DRIVER ("ofb-aes" WOLFKM_DRIVER_SUFFIX)
+#define WOLFKM_AESECB_DRIVER ("ecb-aes" WOLFKM_DRIVER_SUFFIX)
 
-#if defined(HAVE_AES_CBC) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
-#ifndef WOLFSSL_EXPERIMENTAL_SETTINGS
-    #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
+    enum linux_errcodes {
+        my_EINVAL = EINVAL,
+        my_ENOMEM = ENOMEM,
+        my_EBADMSG = EBADMSG
+    };
+
+    #undef EINVAL
+    #undef ENOMEM
+    #undef EBADMSG
+
+    #define EINVAL WC_ERR_TRACE(my_EINVAL)
+    #define ENOMEM WC_ERR_TRACE(my_ENOMEM)
+    #define EBADMSG WC_ERR_TRACE(my_EBADMSG)
 #endif
-static int  linuxkm_test_aescbc(void);
+
+#ifdef HAVE_AES_CBC
+    #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCBC)) && \
+        !defined(LINUXKM_LKCAPI_REGISTER_AESCBC)
+        #define LINUXKM_LKCAPI_REGISTER_AESCBC
+    #endif
+#else
+        #undef LINUXKM_LKCAPI_REGISTER_AESCBC
 #endif
-#if defined(WOLFSSL_AES_CFB) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
-#ifndef WOLFSSL_EXPERIMENTAL_SETTINGS
-    #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS
+#ifdef WOLFSSL_AES_CFB
+    #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCFB)) && \
+        !defined(LINUXKM_LKCAPI_REGISTER_AESCFB)
+        #define LINUXKM_LKCAPI_REGISTER_AESCFB
+    #endif
+#else
+    #undef LINUXKM_LKCAPI_REGISTER_AESCFB
 #endif
-static int  linuxkm_test_aescfb(void);
+#ifdef HAVE_AESGCM
+    #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESGCM)) && \
+        !defined(LINUXKM_LKCAPI_REGISTER_AESGCM)
+        #define LINUXKM_LKCAPI_REGISTER_AESGCM
+    #endif
+    #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESGCM_RFC4106)) && \
+        !defined(LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106)
+        #define LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+    #endif
+#else
+    #undef LINUXKM_LKCAPI_REGISTER_AESGCM
+    #undef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
 #endif
-#if defined(HAVE_AESGCM) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
-#ifndef WOLFSSL_EXPERIMENTAL_SETTINGS
-    #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS
+#ifdef WOLFSSL_AES_XTS
+    #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESXTS)) && \
+        !defined(LINUXKM_LKCAPI_REGISTER_AESXTS)
+        #define LINUXKM_LKCAPI_REGISTER_AESXTS
+    #endif
+#else
+    #undef LINUXKM_LKCAPI_REGISTER_AESXTS
 #endif
-static int  linuxkm_test_aesgcm(void);
+#ifdef WOLFSSL_AES_COUNTER
+    #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCTR)) && \
+        !defined(LINUXKM_LKCAPI_REGISTER_AESCTR)
+        #define LINUXKM_LKCAPI_REGISTER_AESCTR
+    #endif
+#else
+    #undef LINUXKM_LKCAPI_REGISTER_AESCTR
 #endif
-#if defined(WOLFSSL_AES_XTS) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
-static int  linuxkm_test_aesxts(void);
+#ifdef WOLFSSL_AES_OFB
+    #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESOFB)) && \
+        !defined(LINUXKM_LKCAPI_REGISTER_AESOFB)
+        #define LINUXKM_LKCAPI_REGISTER_AESOFB
+    #endif
+#else
+    #undef LINUXKM_LKCAPI_REGISTER_AESOFB
+#endif
+#ifdef HAVE_AES_ECB
+    #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESECB)) && \
+        !defined(LINUXKM_LKCAPI_REGISTER_AESECB)
+        #define LINUXKM_LKCAPI_REGISTER_AESECB
+    #endif
+#else
+    #undef LINUXKM_LKCAPI_REGISTER_AESECB
+#endif
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCBC
+    static int  linuxkm_test_aescbc(void);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCFB
+    static int  linuxkm_test_aescfb(void);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM
+    static int  linuxkm_test_aesgcm(void);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+    static int  linuxkm_test_aesgcm_rfc4106(void);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESXTS
+    static int  linuxkm_test_aesxts(void);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCTR
+    static int  linuxkm_test_aesctr(void);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESOFB
+    static int  linuxkm_test_aesofb(void);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESECB
+    static int  linuxkm_test_aesecb(void);
+#endif
+
+#if defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESCFB) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESCTR) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESOFB) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESECB) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESGCM) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106)
+    #define LINUXKM_LKCAPI_NEED_AES_COMMON_FUNCS
+#endif
+
+#if defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESCFB) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESCTR) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESOFB) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESECB)
+    #define LINUXKM_LKCAPI_NEED_AES_SKCIPHER_COMMON_FUNCS
+#endif
+
+#if defined(LINUXKM_LKCAPI_REGISTER_AESGCM) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106)
+    #define LINUXKM_LKCAPI_REGISTER_AEADS
 #endif
 
 /* km_AesX(): wrappers to wolfcrypt wc_AesX functions and
@@ -113,17 +238,104 @@ static int  linuxkm_test_aesxts(void);
 
 #include <wolfssl/wolfcrypt/aes.h>
 
+#if defined(WOLFSSL_AESNI) &&                            \
+    (!defined(WC_C_DYNAMIC_FALLBACK) ||                  \
+     (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))) && \
+    !defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS)
+    #define WC_LINUXKM_C_FALLBACK_IN_SHIMS
+#elif !defined(WOLFSSL_AESNI)
+    #undef WC_LINUXKM_C_FALLBACK_IN_SHIMS
+#endif
+
+#if defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && !defined(WC_FLAG_DONT_USE_AESNI)
+    #error WC_LINUXKM_C_FALLBACK_IN_SHIMS is defined but WC_FLAG_DONT_USE_AESNI is missing.
+#endif
+
+#if defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && !defined(CAN_SAVE_VECTOR_REGISTERS)
+    #error WC_LINUXKM_C_FALLBACK_IN_SHIMS is defined but CAN_SAVE_VECTOR_REGISTERS is missing.
+#endif
+
+WC_MAYBE_UNUSED static int check_skcipher_driver_masking(struct crypto_skcipher *tfm, const char *alg_name, const char *expected_driver_name) {
+#ifdef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    (void)tfm; (void)alg_name; (void)expected_driver_name;
+    return 0;
+#else
+    const char *actual_driver_name;
+    int ret;
+    int alloced_tfm = 0;
+
+    if (! tfm) {
+        alloced_tfm = 1;
+        tfm = crypto_alloc_skcipher(alg_name, 0, 0);
+    }
+    if (IS_ERR(tfm)) {
+        pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
+               alg_name, PTR_ERR(tfm));
+        return -EINVAL;
+    }
+    actual_driver_name = crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
+    if (strcmp(actual_driver_name, expected_driver_name)) {
+        pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+               alg_name, actual_driver_name, expected_driver_name);
+        ret = -ENOENT;
+    } else
+        ret = 0;
+
+    if (alloced_tfm)
+        crypto_free_skcipher(tfm);
+
+    return ret;
+#endif
+}
+
+WC_MAYBE_UNUSED static int check_aead_driver_masking(struct crypto_aead *tfm, const char *alg_name, const char *expected_driver_name) {
+#ifdef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    (void)tfm; (void)alg_name; (void)expected_driver_name;
+    return 0;
+#else
+    const char *actual_driver_name;
+    int ret;
+    int alloced_tfm = 0;
+
+    if (! tfm) {
+        alloced_tfm = 1;
+        tfm = crypto_alloc_aead(alg_name, 0, 0);
+    }
+    if (IS_ERR(tfm)) {
+        pr_err("error: allocating AES AEAD algorithm %s failed: %ld\n",
+               alg_name, PTR_ERR(tfm));
+        return -EINVAL;
+    }
+    actual_driver_name = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
+    if (strcmp(actual_driver_name, expected_driver_name)) {
+        pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+               alg_name, actual_driver_name, expected_driver_name);
+        ret = -ENOENT;
+    } else
+        ret = 0;
+
+    if (alloced_tfm)
+        crypto_free_aead(tfm);
+
+    return ret;
+#endif
+}
+
 struct km_AesCtx {
     Aes          *aes_encrypt; /* allocated in km_AesInitCommon() to assure
                                 * alignment, needed for AESNI.
                                 */
     Aes          *aes_decrypt; /* same. */
+#ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
+    Aes          *aes_encrypt_C; /* fallback if vector registers aren't available. */
+    Aes          *aes_decrypt_C;
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+    byte rfc4106_nonce[4];
+#endif
 };
 
-#if defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-    defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \
-    defined(LINUXKM_LKCAPI_REGISTER_AESCFB) || \
-    defined(LINUXKM_LKCAPI_REGISTER_AESGCM)
+#ifdef LINUXKM_LKCAPI_NEED_AES_COMMON_FUNCS
 
 static void km_AesExitCommon(struct km_AesCtx * ctx);
 
@@ -139,7 +351,8 @@ static int km_AesInitCommon(
     if (! ctx->aes_encrypt) {
         pr_err("%s: allocation of %zu bytes for encryption key failed.\n",
                name, sizeof(*ctx->aes_encrypt));
-        return MEMORY_E;
+        err = -MEMORY_E;
+        goto out;
     }
 
     err = wc_AesInit(ctx->aes_encrypt, NULL, INVALID_DEVID);
@@ -148,53 +361,173 @@ static int km_AesInitCommon(
         pr_err("%s: wc_AesInit failed: %d\n", name, err);
         free(ctx->aes_encrypt);
         ctx->aes_encrypt = NULL;
-        return -EINVAL;
+        err = -EINVAL;
+        goto out;
     }
 
     if (! need_decryption) {
         ctx->aes_decrypt = NULL;
-        return 0;
+    }
+    else {
+        ctx->aes_decrypt = (Aes *)malloc(sizeof(*ctx->aes_decrypt));
+
+        if (! ctx->aes_decrypt) {
+            pr_err("%s: allocation of %zu bytes for decryption key failed.\n",
+                   name, sizeof(*ctx->aes_decrypt));
+            err = -MEMORY_E;
+            goto out;
+        }
+
+        err = wc_AesInit(ctx->aes_decrypt, NULL, INVALID_DEVID);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesInit failed: %d\n", name, err);
+            free(ctx->aes_decrypt);
+            ctx->aes_decrypt = NULL;
+            err = -EINVAL;
+            goto out;
+        }
     }
 
-    ctx->aes_decrypt = (Aes *)malloc(sizeof(*ctx->aes_decrypt));
+#ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
 
-    if (! ctx->aes_decrypt) {
-        pr_err("%s: allocation of %zu bytes for decryption key failed.\n",
-               name, sizeof(*ctx->aes_decrypt));
-        km_AesExitCommon(ctx);
-        return MEMORY_E;
+    ctx->aes_encrypt_C = (Aes *)malloc(sizeof(*ctx->aes_encrypt_C));
+
+    if (! ctx->aes_encrypt_C) {
+        pr_err("%s: allocation of %zu bytes for encryption key failed.\n",
+               name, sizeof(*ctx->aes_encrypt_C));
+        err = -MEMORY_E;
+        goto out;
     }
 
-    err = wc_AesInit(ctx->aes_decrypt, NULL, INVALID_DEVID);
+    err = wc_AesInit(ctx->aes_encrypt_C, NULL, INVALID_DEVID);
 
     if (unlikely(err)) {
         pr_err("%s: wc_AesInit failed: %d\n", name, err);
-        free(ctx->aes_decrypt);
-        ctx->aes_decrypt = NULL;
+        free(ctx->aes_encrypt_C);
+        ctx->aes_encrypt_C = NULL;
+        err = -EINVAL;
+        goto out;
+    }
+
+    if (! need_decryption) {
+        ctx->aes_decrypt_C = NULL;
+    }
+    else {
+        ctx->aes_decrypt_C = (Aes *)malloc(sizeof(*ctx->aes_decrypt_C));
+
+        if (! ctx->aes_decrypt_C) {
+            pr_err("%s: allocation of %zu bytes for decryption key failed.\n",
+                   name, sizeof(*ctx->aes_decrypt_C));
+            err = -MEMORY_E;
+            goto out;
+        }
+
+        err = wc_AesInit(ctx->aes_decrypt_C, NULL, INVALID_DEVID);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesInit failed: %d\n", name, err);
+            free(ctx->aes_decrypt_C);
+            ctx->aes_decrypt_C = NULL;
+            err = -EINVAL;
+            goto out;
+        }
+    }
+
+#endif /* WC_LINUXKM_C_FALLBACK_IN_SHIMS */
+
+out:
+
+    if (err != 0)
         km_AesExitCommon(ctx);
-        return -EINVAL;
+
+    return err;
+}
+
+static int km_AesGet(struct km_AesCtx *ctx, int decrypt_p, int copy_p, Aes **aes) {
+    Aes *ret;
+
+#ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
+    /* First, check if AESNI was disabled in the main SetKey for the requested
+     * direction.  If so, use it (the fallback schedule won't even be inited).
+     */
+    if (((! decrypt_p) || (! ctx->aes_decrypt)) && (! ctx->aes_encrypt->use_aesni))
+        ret = ctx->aes_encrypt;
+    else if (decrypt_p && ctx->aes_decrypt && (! ctx->aes_decrypt->use_aesni))
+        ret = ctx->aes_decrypt;
+    else if (
+#ifdef TEST_WC_LINUXKM_C_FALLBACK_IN_SHIMS
+             1
+#else
+             ! CAN_SAVE_VECTOR_REGISTERS()
+#endif
+        )
+    {
+        if (decrypt_p && ctx->aes_decrypt_C)
+            ret = ctx->aes_decrypt_C;
+        else
+            ret = ctx->aes_encrypt_C;
+        if (ret->use_aesni)
+            return -EINVAL;
+    }
+    else
+#endif /* WC_LINUXKM_C_FALLBACK_IN_SHIMS */
+    {
+        if (decrypt_p && ctx->aes_decrypt)
+            ret = ctx->aes_decrypt;
+        else
+            ret = ctx->aes_encrypt;
+    }
+
+    if (copy_p) {
+        /* Copy the cipher state to mitigate races on Aes.reg, Aes.tmp, and dynamic Aes.use_aesni. */
+        Aes *aes_copy = (struct Aes *)malloc(sizeof(Aes));
+        if (aes_copy == NULL)
+            return -ENOMEM;
+        XMEMCPY(aes_copy, ret, sizeof(Aes));
+#if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
+        aes_copy->streamData = NULL;
+#endif
+        *aes = aes_copy;
+    }
+    else {
+        *aes = ret;
     }
 
     return 0;
 }
 
+static void km_AesFree(Aes **aes) {
+    if ((! aes) || (! *aes))
+        return;
+    wc_AesFree(*aes);
+#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+    ForceZero(*aes, sizeof **aes);
+#endif
+    free(*aes);
+    *aes = NULL;
+}
+
 static void km_AesExitCommon(struct km_AesCtx * ctx)
 {
     if (ctx->aes_encrypt) {
-        wc_AesFree(ctx->aes_encrypt);
-        free(ctx->aes_encrypt);
-        ctx->aes_encrypt = NULL;
+        km_AesFree(&ctx->aes_encrypt);
     }
     if (ctx->aes_decrypt) {
-        wc_AesFree(ctx->aes_decrypt);
-        free(ctx->aes_decrypt);
-        ctx->aes_decrypt = NULL;
+        km_AesFree(&ctx->aes_decrypt);
     }
+
+#ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
+    if (ctx->aes_encrypt_C) {
+        km_AesFree(&ctx->aes_encrypt_C);
+    }
+    if (ctx->aes_decrypt_C) {
+        km_AesFree(&ctx->aes_decrypt_C);
+    }
+#endif
 }
 
-#if defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-    defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \
-    defined(LINUXKM_LKCAPI_REGISTER_AESCFB)
+#ifdef LINUXKM_LKCAPI_NEED_AES_SKCIPHER_COMMON_FUNCS
 
 static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key,
                               unsigned int key_len, const char * name)
@@ -206,7 +539,7 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key,
     if (unlikely(err)) {
         if (! disable_setkey_warnings)
             pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err);
-        return -ENOKEY;
+        return -EINVAL;
     }
 
     if (ctx->aes_decrypt) {
@@ -217,10 +550,47 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key,
             if (! disable_setkey_warnings)
                 pr_err("%s: wc_AesSetKey for decryption key failed: %d\n",
                        name, err);
-            return -ENOKEY;
+            return -EINVAL;
         }
     }
 
+#ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
+
+    if (ctx->aes_encrypt->use_aesni) {
+        ctx->aes_encrypt_C->use_aesni = WC_FLAG_DONT_USE_AESNI;
+
+        err = wc_AesSetKey(ctx->aes_encrypt_C, in_key, key_len, NULL, AES_ENCRYPTION);
+
+        if (unlikely(err)) {
+            if (! disable_setkey_warnings)
+                pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err);
+            return -EINVAL;
+        }
+
+        if (ctx->aes_encrypt_C->use_aesni)
+            pr_err("%s: after wc_AesSetKey, ctx->aes_encrypt_C has AES-NI asserted.\n", name);
+
+    }
+
+    if (ctx->aes_decrypt_C && ctx->aes_decrypt->use_aesni) {
+        ctx->aes_decrypt_C->use_aesni = WC_FLAG_DONT_USE_AESNI;
+
+        err = wc_AesSetKey(ctx->aes_decrypt_C, in_key, key_len, NULL,
+                           AES_DECRYPTION);
+
+        if (unlikely(err)) {
+            if (! disable_setkey_warnings)
+                pr_err("%s: wc_AesSetKey for decryption key failed: %d\n",
+                       name, err);
+            return -EINVAL;
+        }
+
+        if (ctx->aes_decrypt_C->use_aesni)
+            pr_err("%s: after wc_AesSetKey, ctx->aes_decrypt_C has AES-NI asserted.\n", name);
+    }
+
+#endif /* WC_LINUXKM_C_FALLBACK_IN_SHIMS */
+
     return 0;
 }
 
@@ -230,18 +600,11 @@ static void km_AesExit(struct crypto_skcipher *tfm)
     km_AesExitCommon(ctx);
 }
 
-#endif /* LINUXKM_LKCAPI_REGISTER_ALL ||
-        * LINUXKM_LKCAPI_REGISTER_AESCBC ||
-        * LINUXKM_LKCAPI_REGISTER_AESCFB
-        */
+#endif /* LINUXKM_LKCAPI_NEED_AES_SKCIPHER_COMMON_FUNCS */
 
-#endif /* LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC ||
-        * LINUXKM_LKCAPI_REGISTER_AESCFB || LINUXKM_LKCAPI_REGISTER_AESGCM
-        */
+#endif /* LINUXKM_LKCAPI_NEED_AES_COMMON_FUNCS */
 
-#if defined(HAVE_AES_CBC) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCBC
 
 static int km_AesCbcInit(struct crypto_skcipher *tfm)
 {
@@ -262,46 +625,53 @@ static int km_AesCbcEncrypt(struct skcipher_request *req)
     struct km_AesCtx *       ctx = NULL;
     struct skcipher_walk     walk;
     unsigned int             nbytes = 0;
-    int                      err = 0;
+    int                      err;
+    Aes                      *aes_copy;
 
     tfm = crypto_skcipher_reqtfm(req);
     ctx = crypto_skcipher_ctx(tfm);
 
     err = skcipher_walk_virt(&walk, req, false);
-
     if (unlikely(err)) {
-        pr_err("%s: skcipher_walk_virt failed: %d\n",
-               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
         return err;
     }
 
-    while ((nbytes = walk.nbytes) != 0) {
-        err = wc_AesSetIV(ctx->aes_encrypt, walk.iv);
-
-        if (unlikely(err)) {
-            pr_err("%s: wc_AesSetIV failed: %d\n",
-                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
-            return -EINVAL;
-        }
-
-        err = wc_AesCbcEncrypt(ctx->aes_encrypt, walk.dst.virt.addr,
-                               walk.src.virt.addr, nbytes);
-
-        if (unlikely(err)) {
-            pr_err("%s: wc_AesCbcEncrypt failed: %d\n",
-                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
-            return -EINVAL;
-        }
-
-        err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
-
-        if (unlikely(err)) {
-            pr_err("%s: skcipher_walk_done failed: %d\n",
-                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
-            return err;
-        }
+    err = km_AesGet(ctx, 0 /* decrypt_p */, 1 /* copy_p */, &aes_copy);
+    if (unlikely(err)) {
+        return err;
     }
 
+    err = wc_AesSetIV(aes_copy, walk.iv);
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesSetIV failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        err = -EINVAL;
+        goto out;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesCbcEncrypt(aes_copy, walk.dst.virt.addr,
+                               walk.src.virt.addr, nbytes & (~(WC_AES_BLOCK_SIZE - 1)));
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCbcEncrypt failed for %u bytes: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), nbytes, err);
+            err = -EINVAL;
+            goto out;
+        }
+
+        nbytes &= WC_AES_BLOCK_SIZE - 1;
+        err = skcipher_walk_done(&walk, nbytes);
+    }
+
+    /* copy iv from wolfCrypt back to walk.iv */
+    XMEMCPY(walk.iv, aes_copy->reg, WC_AES_BLOCK_SIZE);
+
+out:
+
+    km_AesFree(&aes_copy);
+
     return err;
 }
 
@@ -311,7 +681,8 @@ static int km_AesCbcDecrypt(struct skcipher_request *req)
     struct km_AesCtx *       ctx = NULL;
     struct skcipher_walk     walk;
     unsigned int             nbytes = 0;
-    int                      err = 0;
+    int                      err;
+    Aes                      *aes_copy;
 
     tfm = crypto_skcipher_reqtfm(req);
     ctx = crypto_skcipher_ctx(tfm);
@@ -319,39 +690,46 @@ static int km_AesCbcDecrypt(struct skcipher_request *req)
     err = skcipher_walk_virt(&walk, req, false);
 
     if (unlikely(err)) {
-        pr_err("%s: skcipher_walk_virt failed: %d\n",
-               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
         return err;
     }
 
-    while ((nbytes = walk.nbytes) != 0) {
-        err = wc_AesSetIV(ctx->aes_decrypt, walk.iv);
-
-        if (unlikely(err)) {
-            if (! disable_setkey_warnings)
-                pr_err("%s: wc_AesSetKey failed: %d\n",
-                       crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
-            return -EINVAL;
-        }
-
-        err = wc_AesCbcDecrypt(ctx->aes_decrypt, walk.dst.virt.addr,
-                               walk.src.virt.addr, nbytes);
-
-        if (unlikely(err)) {
-            pr_err("%s: wc_AesCbcDecrypt failed: %d\n",
-                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
-            return -EINVAL;
-        }
-
-        err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
-
-        if (unlikely(err)) {
-            pr_err("%s: skcipher_walk_done failed: %d\n",
-                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
-            return err;
-        }
+    err = km_AesGet(ctx, 1 /* decrypt_p */, 1 /* copy_p */, &aes_copy);
+    if (unlikely(err)) {
+        return err;
     }
 
+    err = wc_AesSetIV(aes_copy, walk.iv);
+
+    if (unlikely(err)) {
+        if (! disable_setkey_warnings)
+            pr_err("%s: wc_AesSetKey failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        err = -EINVAL;
+        goto out;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesCbcDecrypt(aes_copy, walk.dst.virt.addr,
+                               walk.src.virt.addr, nbytes & (~(WC_AES_BLOCK_SIZE - 1)));
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCbcDecrypt failed for %u bytes: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), nbytes, err);
+            err = -EINVAL;
+            goto out;
+        }
+
+        nbytes &= WC_AES_BLOCK_SIZE - 1;
+        err = skcipher_walk_done(&walk, nbytes);
+    }
+
+    /* copy iv from wolfCrypt back to walk.iv */
+    XMEMCPY(walk.iv, aes_copy->reg, WC_AES_BLOCK_SIZE);
+
+out:
+
+    km_AesFree(&aes_copy);
+
     return err;
 }
 
@@ -359,27 +737,23 @@ static struct skcipher_alg cbcAesAlg = {
     .base.cra_name        = WOLFKM_AESCBC_NAME,
     .base.cra_driver_name = WOLFKM_AESCBC_DRIVER,
     .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
-    .base.cra_blocksize   = AES_BLOCK_SIZE,
+    .base.cra_blocksize   = WC_AES_BLOCK_SIZE,
     .base.cra_ctxsize     = sizeof(struct km_AesCtx),
     .base.cra_module      = THIS_MODULE,
     .init                 = km_AesCbcInit,
     .exit                 = km_AesExit,
     .min_keysize          = AES_128_KEY_SIZE,
     .max_keysize          = AES_256_KEY_SIZE,
-    .ivsize               = AES_BLOCK_SIZE,
+    .ivsize               = WC_AES_BLOCK_SIZE,
     .setkey               = km_AesCbcSetKey,
     .encrypt              = km_AesCbcEncrypt,
     .decrypt              = km_AesCbcDecrypt,
 };
 static int cbcAesAlg_loaded = 0;
 
-#endif /* HAVE_AES_CBC &&
-        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC)
-        */
+#endif /* LINUXKM_LKCAPI_REGISTER_AESCBC */
 
-#if defined(WOLFSSL_AES_CFB) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCFB
 
 static int km_AesCfbInit(struct crypto_skcipher *tfm)
 {
@@ -399,8 +773,8 @@ static int km_AesCfbEncrypt(struct skcipher_request *req)
     struct crypto_skcipher * tfm = NULL;
     struct km_AesCtx *       ctx = NULL;
     struct skcipher_walk     walk;
-    unsigned int             nbytes = 0;
-    int                      err = 0;
+    int                      err;
+    Aes                      *aes_copy;
 
     tfm = crypto_skcipher_reqtfm(req);
     ctx = crypto_skcipher_ctx(tfm);
@@ -413,26 +787,32 @@ static int km_AesCfbEncrypt(struct skcipher_request *req)
         return err;
     }
 
-    while ((nbytes = walk.nbytes) != 0) {
-        err = wc_AesSetIV(ctx->aes_encrypt, walk.iv);
+    err = km_AesGet(ctx, 0 /* decrypt_p */, 1 /* copy_p */, &aes_copy);
+    if (unlikely(err)) {
+        return err;
+    }
 
-        if (unlikely(err)) {
-            if (! disable_setkey_warnings)
-                pr_err("%s: wc_AesSetKey failed: %d\n",
-                       crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
-            return -EINVAL;
-        }
+    err = wc_AesSetIV(aes_copy, walk.iv);
 
-        err = wc_AesCfbEncrypt(ctx->aes_encrypt, walk.dst.virt.addr,
-                               walk.src.virt.addr, nbytes);
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesSetIV failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        err = -EINVAL;
+        goto out;
+    }
+
+    while (walk.nbytes != 0) {
+        err = wc_AesCfbEncrypt(aes_copy, walk.dst.virt.addr,
+                               walk.src.virt.addr, walk.nbytes);
 
         if (unlikely(err)) {
             pr_err("%s: wc_AesCfbEncrypt failed %d\n",
                    crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
-            return -EINVAL;
+            err = -EINVAL;
+            goto out;
         }
 
-        err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+        err = skcipher_walk_done(&walk, 0);
 
         if (unlikely(err)) {
             pr_err("%s: skcipher_walk_done failed: %d\n",
@@ -441,6 +821,13 @@ static int km_AesCfbEncrypt(struct skcipher_request *req)
         }
     }
 
+    /* copy iv from wolfCrypt back to walk.iv */
+    XMEMCPY(walk.iv, aes_copy->reg, WC_AES_BLOCK_SIZE);
+
+out:
+
+    km_AesFree(&aes_copy);
+
     return err;
 }
 
@@ -449,8 +836,8 @@ static int km_AesCfbDecrypt(struct skcipher_request *req)
     struct crypto_skcipher * tfm = NULL;
     struct km_AesCtx *       ctx = NULL;
     struct skcipher_walk     walk;
-    unsigned int             nbytes = 0;
-    int                      err = 0;
+    int                      err;
+    Aes                      *aes_copy;
 
     tfm = crypto_skcipher_reqtfm(req);
     ctx = crypto_skcipher_ctx(tfm);
@@ -463,34 +850,48 @@ static int km_AesCfbDecrypt(struct skcipher_request *req)
         return err;
     }
 
-    while ((nbytes = walk.nbytes) != 0) {
-        err = wc_AesSetIV(ctx->aes_encrypt, walk.iv);
+    err = km_AesGet(ctx, 1 /* decrypt_p */, 1 /* copy_p */, &aes_copy);
+    if (unlikely(err)) {
+        return err;
+    }
 
-        if (unlikely(err)) {
-            if (! disable_setkey_warnings)
-                pr_err("%s: wc_AesSetKey failed: %d\n",
-                       crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
-            return -EINVAL;
-        }
+    err = wc_AesSetIV(aes_copy, walk.iv);
 
-        err = wc_AesCfbDecrypt(ctx->aes_encrypt, walk.dst.virt.addr,
-                               walk.src.virt.addr, nbytes);
+    if (unlikely(err)) {
+        if (! disable_setkey_warnings)
+            pr_err("%s: wc_AesSetIV failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        err = -EINVAL;
+        goto out;
+    }
+
+    while (walk.nbytes != 0) {
+        err = wc_AesCfbDecrypt(aes_copy, walk.dst.virt.addr,
+                               walk.src.virt.addr, walk.nbytes);
 
         if (unlikely(err)) {
             pr_err("%s: wc_AesCfbDecrypt failed: %d\n",
                    crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
-            return -EINVAL;
+            err = -EINVAL;
+            goto out;
         }
 
-        err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+        err = skcipher_walk_done(&walk, 0);
 
         if (unlikely(err)) {
             pr_err("%s: skcipher_walk_done failed: %d\n",
                    crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
-            return err;
+            goto out;
         }
     }
 
+    /* copy iv from wolfCrypt back to walk.iv */
+    XMEMCPY(walk.iv, aes_copy->reg, WC_AES_BLOCK_SIZE);
+
+out:
+
+    km_AesFree(&aes_copy);
+
     return err;
 }
 
@@ -498,31 +899,24 @@ static struct skcipher_alg cfbAesAlg = {
     .base.cra_name        = WOLFKM_AESCFB_NAME,
     .base.cra_driver_name = WOLFKM_AESCFB_DRIVER,
     .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
-    .base.cra_blocksize   = AES_BLOCK_SIZE,
+    .base.cra_blocksize   = 1,
     .base.cra_ctxsize     = sizeof(struct km_AesCtx),
     .base.cra_module      = THIS_MODULE,
     .init                 = km_AesCfbInit,
     .exit                 = km_AesExit,
     .min_keysize          = AES_128_KEY_SIZE,
     .max_keysize          = AES_256_KEY_SIZE,
-    .ivsize               = AES_BLOCK_SIZE,
+    .ivsize               = WC_AES_BLOCK_SIZE,
     .setkey               = km_AesCfbSetKey,
     .encrypt              = km_AesCfbEncrypt,
     .decrypt              = km_AesCfbDecrypt,
 };
 static int cfbAesAlg_loaded = 0;
 
-#endif /* WOLFSSL_AES_CFB &&
-        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC)
-        */
+#endif /* LINUXKM_LKCAPI_REGISTER_AESCBC */
 
-#if defined(HAVE_AESGCM) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
-
-#ifndef WOLFSSL_AESGCM_STREAM
-    #error LKCAPI registration of AES-GCM requires WOLFSSL_AESGCM_STREAM (--enable-aesgcm-stream).
-#endif
+#if defined(LINUXKM_LKCAPI_REGISTER_AESGCM) || \
+    defined(LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106)
 
 static int km_AesGcmInit(struct crypto_aead * tfm)
 {
@@ -536,6 +930,8 @@ static void km_AesGcmExit(struct crypto_aead * tfm)
     km_AesExitCommon(ctx);
 }
 
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM
+
 static int km_AesGcmSetKey(struct crypto_aead *tfm, const u8 *in_key,
                            unsigned int key_len)
 {
@@ -548,26 +944,127 @@ static int km_AesGcmSetKey(struct crypto_aead *tfm, const u8 *in_key,
         if (! disable_setkey_warnings)
             pr_err("%s: wc_AesGcmSetKey failed: %d\n",
                    crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
-        return -ENOKEY;
+        return -EINVAL;
     }
 
+#ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
+    if (ctx->aes_encrypt->use_aesni) {
+        ctx->aes_encrypt_C->use_aesni = WC_FLAG_DONT_USE_AESNI;
+
+        err = wc_AesGcmSetKey(ctx->aes_encrypt_C, in_key, key_len);
+
+        if (unlikely(err)) {
+            if (! disable_setkey_warnings)
+                pr_err("%s: wc_AesGcmSetKey failed: %d\n",
+                       crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        if (ctx->aes_encrypt_C->use_aesni)
+            pr_err("%s: after wc_AesGcmSetKey, ctx->aes_encrypt_C has AES-NI asserted.\n", WOLFKM_AESGCM_DRIVER);
+    }
+#endif
+
     return 0;
 }
 
+#endif /* LINUXKM_LKCAPI_REGISTER_AESGCM */
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+
+static int km_AesGcmSetKey_Rfc4106(struct crypto_aead *tfm, const u8 *in_key,
+                           unsigned int key_len)
+{
+    int err;
+    struct km_AesCtx * ctx = crypto_aead_ctx(tfm);
+
+    if (key_len < 4)
+        return -EINVAL;
+    key_len -= 4;
+    memcpy(ctx->rfc4106_nonce, in_key + key_len, 4);
+
+    err = wc_AesGcmSetKey(ctx->aes_encrypt, in_key, key_len);
+
+    if (unlikely(err)) {
+        if (! disable_setkey_warnings)
+            pr_err("%s: wc_AesGcmSetKey failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return -EINVAL;
+    }
+
+#ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
+    if (ctx->aes_encrypt->use_aesni) {
+        ctx->aes_encrypt_C->use_aesni = WC_FLAG_DONT_USE_AESNI;
+
+        err = wc_AesGcmSetKey(ctx->aes_encrypt_C, in_key, key_len);
+
+        if (unlikely(err)) {
+            if (! disable_setkey_warnings)
+                pr_err("%s: wc_AesGcmSetKey failed: %d\n",
+                       crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+            return -EINVAL;
+        }
+
+        if (ctx->aes_encrypt_C->use_aesni)
+            pr_err("%s: after wc_AesGcmSetKey, ctx->aes_encrypt_C has AES-NI asserted.\n", WOLFKM_AESGCM_DRIVER);
+    }
+#endif
+
+    return 0;
+}
+
+#endif /* LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 */
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM
+
 static int km_AesGcmSetAuthsize(struct crypto_aead *tfm, unsigned int authsize)
 {
     (void)tfm;
-    if (authsize > AES_BLOCK_SIZE ||
-        authsize < WOLFSSL_MIN_AUTH_TAG_SZ) {
-        pr_err("%s: invalid authsize: %d\n",
-               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), authsize);
-        return -EINVAL;
+
+    switch (authsize) {
+    case 4:
+    case 8:
+    case 12:
+    case 13:
+    case 14:
+    case 15:
+    case 16:
+        return 0;
     }
-    return 0;
+
+#ifdef WOLFSSL_LINUXKM_VERBOSE_LKCAPI_DEBUG
+    pr_err("%s: invalid authsize: %d\n",
+           crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), authsize);
+#endif
+    return -EINVAL;
 }
 
+#endif /* LINUXKM_LKCAPI_REGISTER_AESGCM */
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+
+static int km_AesGcmSetAuthsize_Rfc4106(struct crypto_aead *tfm, unsigned int authsize)
+{
+    (void)tfm;
+
+    switch (authsize) {
+    case 8:
+    case 12:
+    case 16:
+        return 0;
+    }
+
+#ifdef WOLFSSL_LINUXKM_VERBOSE_LKCAPI_DEBUG
+    pr_err("%s: invalid authsize: %d\n",
+           crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), authsize);
+#endif
+    return -EINVAL;
+}
+
+#endif /* LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 */
+
 /*
- * aead ciphers recieve data in scatterlists in following order:
+ * aead ciphers receive data in scatterlists in following order:
  *   encrypt
  *     req->src: aad||plaintext
  *     req->dst: aad||ciphertext||tag
@@ -576,214 +1073,411 @@ static int km_AesGcmSetAuthsize(struct crypto_aead *tfm, unsigned int authsize)
  *     req->dst: aad||plaintext, return 0 or -EBADMSG
  */
 
-static int km_AesGcmEncrypt(struct aead_request *req)
+#ifdef WOLFSSL_AESGCM_STREAM
+
+static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
 {
     struct crypto_aead * tfm = NULL;
     struct km_AesCtx *   ctx = NULL;
     struct skcipher_walk walk;
     struct scatter_walk  assocSgWalk;
-    unsigned int         nbytes = 0;
-    u8                   authTag[AES_BLOCK_SIZE];
-    int                  err = 0;
-    unsigned int         assocLeft = 0;
-    unsigned int         cryptLeft = 0;
+    u8                   authTag[WC_AES_BLOCK_SIZE];
+    int                  err;
+    unsigned int         assoclen = req->assoclen;
     u8 *                 assoc = NULL;
+    u8 *                 assocmem = NULL;
+    Aes                  *aes_copy;
 
     tfm = crypto_aead_reqtfm(req);
     ctx = crypto_aead_ctx(tfm);
-    assocLeft = req->assoclen;
-    cryptLeft = req->cryptlen;
 
-    scatterwalk_start(&assocSgWalk, req->src);
-
-    err = skcipher_walk_aead_encrypt(&walk, req, false);
-    if (unlikely(err)) {
-        pr_err("%s: skcipher_walk_aead_encrypt failed: %d\n",
-               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
-        return -1;
+    if (decrypt_p) {
+        /* Copy out original auth tag from req->src. */
+        scatterwalk_map_and_copy(authTag, req->src,
+                                 req->assoclen + req->cryptlen - tfm->authsize,
+                                 tfm->authsize, 0);
+        err = skcipher_walk_aead_decrypt(&walk, req, false);
+    }
+    else {
+        err = skcipher_walk_aead_encrypt(&walk, req, false);
     }
 
-    err = wc_AesGcmInit(ctx->aes_encrypt, NULL /*key*/, 0 /*keylen*/, walk.iv,
-                        AES_BLOCK_SIZE);
     if (unlikely(err)) {
-        pr_err("%s: wc_AesGcmInit failed: %d\n",
-               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
-        return -EINVAL;
-    }
-
-    assoc = scatterwalk_map(&assocSgWalk);
-    if (unlikely(IS_ERR(assoc))) {
-        pr_err("%s: scatterwalk_map failed: %ld\n",
+        pr_err("%s: %s failed: %d\n",
                crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
-               PTR_ERR(assoc));
+               decrypt_p ? "skcipher_walk_aead_decrypt" : "skcipher_walk_aead_encrypt",
+               err);
         return err;
     }
 
-    err = wc_AesGcmEncryptUpdate(ctx->aes_encrypt, NULL, NULL, 0,
-                                 assoc, assocLeft);
-    assocLeft -= assocLeft;
-    scatterwalk_unmap(assoc);
-    assoc = NULL;
-
+    err = km_AesGet(ctx, decrypt_p, 1 /* copy_p */, &aes_copy);
     if (unlikely(err)) {
-        pr_err("%s: wc_AesGcmEncryptUpdate failed: %d\n",
-               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
-        return -EINVAL;
+        return err;
     }
 
-    while ((nbytes = walk.nbytes) != 0) {
-        int n = nbytes;
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+    if (rfc4106_p) {
+        byte rfc4106_iv[12];
 
-        if (likely(cryptLeft && nbytes)) {
-            n = cryptLeft < nbytes ? cryptLeft : nbytes;
+        if (unlikely(assoclen != 16 && assoclen != 20))
+            return -EINVAL;
+        assoclen -= 8;
 
-            err = wc_AesGcmEncryptUpdate(
-                ctx->aes_encrypt,
+        memcpy(rfc4106_iv, ctx->rfc4106_nonce, 4);
+        memcpy(rfc4106_iv + 4, walk.iv, 8);
+        err = wc_AesGcmInit(aes_copy, NULL /*key*/, 0 /*keylen*/, rfc4106_iv,
+                            GCM_NONCE_MID_SZ);
+    }
+    else
+#else
+    (void)rfc4106_p;
+#endif /* LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 */
+    {
+        err = wc_AesGcmInit(aes_copy, NULL /*key*/, 0 /*keylen*/, walk.iv,
+                            GCM_NONCE_MID_SZ);
+    }
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesGcmInit failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        err = -EINVAL;
+        goto out;
+    }
+
+    if (req->src->length >= assoclen && req->src->length) {
+        scatterwalk_start(&assocSgWalk, req->src);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
+        scatterwalk_map(&assocSgWalk);
+        assoc = assocSgWalk.addr;
+#else
+        assoc = scatterwalk_map(&assocSgWalk);
+#endif
+        if (unlikely(IS_ERR(assoc))) {
+            pr_err("%s: scatterwalk_map failed: %ld\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
+                   PTR_ERR(assoc));
+            goto out;
+        }
+    }
+    else {
+        /* assoc can be any length, so if it's noncontiguous, we have to copy it
+         * to a contiguous heap allocation.
+         */
+        assocmem = malloc(assoclen);
+        if (unlikely(assocmem == NULL)) {
+            err = -ENOMEM;
+            goto out;
+        }
+        assoc = assocmem;
+        scatterwalk_map_and_copy(assoc, req->src, 0, assoclen, 0);
+    }
+
+    if (decrypt_p) {
+        err = wc_AesGcmDecryptUpdate(aes_copy, NULL, NULL, 0,
+                                     assoc, assoclen);
+    }
+    else {
+        err = wc_AesGcmEncryptUpdate(aes_copy, NULL, NULL, 0,
+                                     assoc, assoclen);
+    }
+
+    if (assocmem)
+        free(assocmem);
+    else {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
+        scatterwalk_unmap(&assocSgWalk);
+#else
+        scatterwalk_unmap(assoc);
+#endif
+    }
+
+    if (unlikely(err)) {
+        pr_err("%s: %s failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
+               decrypt_p ? "wc_AesGcmDecryptUpdate" : "wc_AesGcmEncryptUpdate",
+               err);
+        err = -EINVAL;
+        goto out;
+    }
+
+    while (walk.nbytes) {
+        if (decrypt_p) {
+            err = wc_AesGcmDecryptUpdate(
+                aes_copy,
                 walk.dst.virt.addr,
                 walk.src.virt.addr,
-                cryptLeft,
+                walk.nbytes,
+                NULL, 0);
+        }
+        else {
+            err = wc_AesGcmEncryptUpdate(
+                aes_copy,
+                walk.dst.virt.addr,
+                walk.src.virt.addr,
+                walk.nbytes,
                 NULL, 0);
-            nbytes -= n;
-            cryptLeft -= n;
         }
 
         if (unlikely(err)) {
-            pr_err("%s: wc_AesGcmEncryptUpdate failed: %d\n",
-                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
-            return -EINVAL;
+            pr_err("%s: %s failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
+                   decrypt_p ? "wc_AesGcmDecryptUpdate" : "wc_AesGcmEncryptUpdate",
+                   err);
+            err = -EINVAL;
+            goto out;
         }
 
-        err = skcipher_walk_done(&walk, nbytes);
+        err = skcipher_walk_done(&walk, 0);
 
         if (unlikely(err)) {
             pr_err("%s: skcipher_walk_done failed: %d\n",
                    crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
-            return err;
+            goto out;
         }
     }
 
-    err = wc_AesGcmEncryptFinal(ctx->aes_encrypt, authTag, tfm->authsize);
-    if (unlikely(err)) {
-        pr_err("%s: wc_AesGcmEncryptFinal failed with return code %d\n",
-               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
-        return -EINVAL;
+    if (decrypt_p) {
+        err = wc_AesGcmDecryptFinal(aes_copy, authTag, tfm->authsize);
+        if (unlikely(err)) {
+#ifdef WOLFSSL_LINUXKM_VERBOSE_LKCAPI_DEBUG
+            pr_err("%s: wc_AesGcmDecryptFinal failed with return code %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+#endif
+            if (err == WC_NO_ERR_TRACE(AES_GCM_AUTH_E)) {
+                err = -EBADMSG;
+                goto out;
+            }
+            else {
+                err = -EINVAL;
+                goto out;
+            }
+        }
+    }
+    else {
+        err = wc_AesGcmEncryptFinal(aes_copy, authTag, tfm->authsize);
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesGcmEncryptFinal failed with return code %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+            err = -EINVAL;
+            goto out;
+        }
+        /* Now copy the auth tag into request scatterlist. */
+        scatterwalk_map_and_copy(authTag, req->dst,
+                                 req->assoclen + req->cryptlen,
+                                 tfm->authsize, 1);
     }
 
-    /* Now copy the auth tag into request scatterlist. */
-    scatterwalk_map_and_copy(authTag, req->dst,
-                             req->assoclen + req->cryptlen,
-                             tfm->authsize, 1);
+out:
+
+    km_AesFree(&aes_copy);
 
     return err;
 }
 
-static int km_AesGcmDecrypt(struct aead_request *req)
+#else /* !WOLFSSL_AESGCM_STREAM */
+
+static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
 {
     struct crypto_aead * tfm = NULL;
     struct km_AesCtx *   ctx = NULL;
-    struct skcipher_walk walk;
-    struct scatter_walk  assocSgWalk;
-    unsigned int         nbytes = 0;
-    u8                   origAuthTag[AES_BLOCK_SIZE];
-    int                  err = 0;
-    unsigned int         assocLeft = 0;
-    unsigned int         cryptLeft = 0;
+    struct skcipher_walk sk_walk;
+    struct scatter_walk  in_walk, out_walk;
+    u8                   *in_map = NULL, *out_map = NULL;
+    u8                   authTag[WC_AES_BLOCK_SIZE];
+    int                  err;
+    unsigned int         assoclen = req->assoclen;
     u8 *                 assoc = NULL;
+    u8 *                 sg_buf = NULL;
+    Aes                  *aes_copy;
+    u8 *                 in_text = NULL;
+    u8 *                 out_text = NULL;
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+    byte rfc4106_iv[12];
+#endif
 
     tfm = crypto_aead_reqtfm(req);
     ctx = crypto_aead_ctx(tfm);
-    assocLeft = req->assoclen;
-    cryptLeft = req->cryptlen - tfm->authsize;
 
-    /* Copy out original auth tag from req->src. */
-    scatterwalk_map_and_copy(origAuthTag, req->src,
-                             req->assoclen + req->cryptlen - tfm->authsize,
-                             tfm->authsize, 0);
-
-    scatterwalk_start(&assocSgWalk, req->src);
-
-    err = skcipher_walk_aead_decrypt(&walk, req, false);
-    if (unlikely(err)) {
-        pr_err("%s: skcipher_walk_aead_decrypt failed: %d\n",
-               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
-        return err;
+    if (decrypt_p) {
+        /* Copy out original auth tag from req->src. */
+        scatterwalk_map_and_copy(authTag, req->src,
+                                 req->assoclen + req->cryptlen - tfm->authsize,
+                                 tfm->authsize, 0);
+        err = skcipher_walk_aead_decrypt(&sk_walk, req, false);
+    }
+    else {
+        err = skcipher_walk_aead_encrypt(&sk_walk, req, false);
     }
 
-    err = wc_AesGcmInit(ctx->aes_encrypt, NULL /*key*/, 0 /*keylen*/, walk.iv,
-                        AES_BLOCK_SIZE);
     if (unlikely(err)) {
-        pr_err("%s: wc_AesGcmInit failed: %d\n",
-               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
-        return -EINVAL;
-    }
-
-    assoc = scatterwalk_map(&assocSgWalk);
-    if (unlikely(IS_ERR(assoc))) {
-        pr_err("%s: scatterwalk_map failed: %ld\n",
+        pr_err("%s: %s failed: %d\n",
                crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
-               PTR_ERR(assoc));
-        return err;
-    }
-
-    err = wc_AesGcmDecryptUpdate(ctx->aes_encrypt, NULL, NULL, 0,
-                                 assoc, assocLeft);
-    assocLeft -= assocLeft;
-    scatterwalk_unmap(assoc);
-    assoc = NULL;
-
-    if (unlikely(err)) {
-        pr_err("%s: wc_AesGcmDecryptUpdate failed: %d\n",
-               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+               decrypt_p ? "skcipher_walk_aead_decrypt" : "skcipher_walk_aead_encrypt",
+               err);
         return -EINVAL;
     }
 
-    while ((nbytes = walk.nbytes) != 0) {
-        int n = nbytes;
-
-        if (likely(cryptLeft && nbytes)) {
-            n = cryptLeft < nbytes ? cryptLeft : nbytes;
-
-            err = wc_AesGcmDecryptUpdate(
-                ctx->aes_encrypt,
-                walk.dst.virt.addr,
-                walk.src.virt.addr,
-                cryptLeft,
-                NULL, 0);
-            nbytes -= n;
-            cryptLeft -= n;
-        }
-
-        if (unlikely(err)) {
-            pr_err("%s: wc_AesGcmDecryptUpdate failed: %d\n",
-                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
-            return -EINVAL;
-        }
-
-        err = skcipher_walk_done(&walk, nbytes);
-
-        if (unlikely(err)) {
-            pr_err("%s: skcipher_walk_done failed: %d\n",
-                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
-            return err;
-        }
-    }
-
-    err = wc_AesGcmDecryptFinal(ctx->aes_encrypt, origAuthTag, tfm->authsize);
+    err = km_AesGet(ctx, decrypt_p, 1 /* copy_p */, &aes_copy);
     if (unlikely(err)) {
-        pr_err("%s: wc_AesGcmDecryptFinal failed with return code %d\n",
-               crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+        return err;
+    }
 
-        if (err == AES_GCM_AUTH_E) {
-            return -EBADMSG;
-        }
-        else {
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+    if (rfc4106_p) {
+        if (unlikely(assoclen != 16 && assoclen != 20))
             return -EINVAL;
+        assoclen -= 8;
+
+        memcpy(rfc4106_iv, ctx->rfc4106_nonce, 4);
+        memcpy(rfc4106_iv + 4, sk_walk.iv, 8);
+    }
+#else
+    (void)rfc4106_p;
+#endif /* LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 */
+
+    if ((req->src->length >= req->assoclen + req->cryptlen) &&
+        (req->dst->length >= req->assoclen + req->cryptlen))
+    {
+        scatterwalk_start(&in_walk, req->src);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
+        scatterwalk_map(&in_walk);
+        in_map = in_walk.addr;
+#else
+        in_map = scatterwalk_map(&in_walk);
+#endif
+        if (unlikely(IS_ERR(in_map))) {
+            pr_err("%s: scatterwalk_map failed: %ld\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
+                   PTR_ERR(assoc));
+            goto out;
+        }
+        assoc = in_map;
+        in_text = in_map + req->assoclen;
+
+        scatterwalk_start(&out_walk, req->dst);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
+        scatterwalk_map(&out_walk);
+        out_map = out_walk.addr;
+#else
+        out_map = scatterwalk_map(&out_walk);
+#endif
+        if (unlikely(IS_ERR(out_map))) {
+            pr_err("%s: scatterwalk_map failed: %ld\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
+                   PTR_ERR(assoc));
+            goto out;
+        }
+        out_text = out_map + req->assoclen;
+    }
+    else {
+        sg_buf = malloc(req->assoclen + req->cryptlen);
+        if (unlikely(sg_buf == NULL)) {
+            err = -ENOMEM;
+            goto out;
+        }
+        if (decrypt_p)
+            scatterwalk_map_and_copy(sg_buf, req->src, 0, req->assoclen + req->cryptlen - tfm->authsize, 0);
+        else
+            scatterwalk_map_and_copy(sg_buf, req->src, 0, req->assoclen + req->cryptlen, 0);
+        assoc = sg_buf;
+        in_text = out_text = sg_buf + req->assoclen;
+    }
+
+    if (decrypt_p) {
+        err = wc_AesGcmDecrypt(aes_copy, out_text, in_text, req->cryptlen - tfm->authsize,
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+                               rfc4106_p ? rfc4106_iv :
+#endif
+                               sk_walk.iv, GCM_NONCE_MID_SZ,
+                               authTag, tfm->authsize,
+                               assoc, assoclen);
+
+        if (unlikely(err)) {
+#ifdef WOLFSSL_LINUXKM_VERBOSE_LKCAPI_DEBUG
+            pr_err("%s: wc_AesGcmDecrypt failed with return code %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+#endif
+
+            if (err == WC_NO_ERR_TRACE(AES_GCM_AUTH_E)) {
+                err = -EBADMSG;
+                goto out;
+            }
+            else {
+                err = -EINVAL;
+                goto out;
+            }
         }
     }
+    else {
+        err = wc_AesGcmEncrypt(aes_copy, out_text, in_text, req->cryptlen,
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+                               rfc4106_p ? rfc4106_iv :
+#endif
+                               sk_walk.iv, GCM_NONCE_MID_SZ,
+                               authTag, tfm->authsize,
+                               assoc, assoclen);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesGcmEncrypt failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
+            err = -EINVAL;
+            goto out;
+        }
+
+    }
+
+    if (sg_buf) {
+        if (decrypt_p)
+            scatterwalk_map_and_copy(sg_buf, req->dst, 0, req->assoclen + req->cryptlen - tfm->authsize, 1);
+        else
+            scatterwalk_map_and_copy(sg_buf, req->dst, 0, req->assoclen + req->cryptlen, 1);
+    }
+
+    if (! decrypt_p) {
+        /* Now copy the auth tag into request scatterlist. */
+        scatterwalk_map_and_copy(authTag, req->dst,
+                                 req->assoclen + req->cryptlen,
+                                 tfm->authsize, 1);
+    }
+
+out:
+
+    if (sg_buf) {
+        free(sg_buf);
+    }
+    else {
+        if (in_map) {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
+            scatterwalk_unmap(&in_walk);
+#else
+            scatterwalk_unmap(in_map);
+#endif
+        }
+        if (out_map) {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
+            scatterwalk_unmap(&out_walk);
+#else
+            scatterwalk_unmap(out_map);
+#endif
+        }
+    }
+
+    km_AesFree(&aes_copy);
 
     return err;
 }
 
+#endif /* !WOLFSSL_AESGCM_STREAM */
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM
+
+static int km_AesGcmEncrypt(struct aead_request *req) {
+    return AesGcmCrypt_1(req, 0 /* decrypt_p */, 0 /* rfc4106_p */);
+}
+
+static int km_AesGcmDecrypt(struct aead_request *req) {
+    return AesGcmCrypt_1(req, 1 /* decrypt_p */, 0 /* rfc4106_p */);
+}
+
 static struct aead_alg gcmAesAead = {
     .base.cra_name        = WOLFKM_AESGCM_NAME,
     .base.cra_driver_name = WOLFKM_AESGCM_DRIVER,
@@ -797,24 +1491,57 @@ static struct aead_alg gcmAesAead = {
     .setauthsize          = km_AesGcmSetAuthsize,
     .encrypt              = km_AesGcmEncrypt,
     .decrypt              = km_AesGcmDecrypt,
-    .ivsize               = AES_BLOCK_SIZE,
-    .maxauthsize          = AES_BLOCK_SIZE,
-    .chunksize            = AES_BLOCK_SIZE,
+    .ivsize               = GCM_NONCE_MID_SZ,
+    .maxauthsize          = WC_AES_BLOCK_SIZE,
+    .chunksize            = WC_AES_BLOCK_SIZE,
 };
 static int gcmAesAead_loaded = 0;
 
-#endif /* HAVE_AESGCM &&
-        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESGCM) &&
-        */
+#endif /* LINUXKM_LKCAPI_REGISTER_AESGCM */
 
-#if defined(WOLFSSL_AES_XTS) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+
+static int km_AesGcmEncrypt_Rfc4106(struct aead_request *req) {
+    return AesGcmCrypt_1(req, 0 /* decrypt_p */, 1 /* rfc4106 */);
+}
+
+static int km_AesGcmDecrypt_Rfc4106(struct aead_request *req) {
+    return AesGcmCrypt_1(req, 1 /* decrypt_p */, 1 /* rfc4106 */);
+}
+
+static struct aead_alg gcmAesAead_rfc4106 = {
+    .base.cra_name        = WOLFKM_AESGCM_RFC4106_NAME,
+    .base.cra_driver_name = WOLFKM_AESGCM_RFC4106_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_blocksize   = 1,
+    .base.cra_ctxsize     = sizeof(struct km_AesCtx),
+    .base.cra_module      = THIS_MODULE,
+    .init                 = km_AesGcmInit,
+    .exit                 = km_AesGcmExit,
+    .setkey               = km_AesGcmSetKey_Rfc4106,
+    .setauthsize          = km_AesGcmSetAuthsize_Rfc4106,
+    .encrypt              = km_AesGcmEncrypt_Rfc4106,
+    .decrypt              = km_AesGcmDecrypt_Rfc4106,
+    .ivsize               = 8,
+    .maxauthsize          = WC_AES_BLOCK_SIZE,
+    .chunksize            = WC_AES_BLOCK_SIZE,
+};
+static int gcmAesAead_rfc4106_loaded = 0;
+
+#endif /* LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 */
+
+#endif /* LINUXKM_LKCAPI_REGISTER_AESGCM || LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 */
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESXTS
 
 #ifndef WOLFSSL_AESXTS_STREAM
     #error LKCAPI registration of AES-XTS requires WOLFSSL_AESXTS_STREAM (--enable-aesxts-stream).
 #endif
 
+#if defined(WOLFSSL_AESNI) && !defined(WC_C_DYNAMIC_FALLBACK)
+    #error LKCAPI registration of AES-XTS with AESNI requires WC_C_DYNAMIC_FALLBACK.
+#endif
+
 struct km_AesXtsCtx {
     XtsAes *aesXts; /* allocated in km_AesXtsInitCommon() to assure alignment
                      * for AESNI.
@@ -834,6 +1561,8 @@ static int km_AesXtsInitCommon(struct km_AesXtsCtx * ctx, const char * name)
 
     if (unlikely(err)) {
         pr_err("%s: km_AesXtsInitCommon failed: %d\n", name, err);
+        free(ctx->aesXts);
+        ctx->aesXts = NULL;
         return -EINVAL;
     }
 
@@ -870,6 +1599,12 @@ static int km_AesXtsSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
         return -EINVAL;
     }
 
+    /* It's possible to set ctx->aesXts->{tweak,aes,aes_decrypt}.use_aesni to
+     * WC_FLAG_DONT_USE_AESNI here, for WC_LINUXKM_C_FALLBACK_IN_SHIMS in
+     * AES-XTS, but we can use the WC_C_DYNAMIC_FALLBACK mechanism
+     * unconditionally because there's no AES-XTS in Cert 4718.
+     */
+
     return 0;
 }
 
@@ -877,7 +1612,7 @@ static int km_AesXtsSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
 
 static int km_AesXtsEncrypt(struct skcipher_request *req)
 {
-    int                      err = 0;
+    int                      err;
     struct crypto_skcipher * tfm = NULL;
     struct km_AesXtsCtx *    ctx = NULL;
     struct skcipher_walk     walk;
@@ -886,7 +1621,7 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
     tfm = crypto_skcipher_reqtfm(req);
     ctx = crypto_skcipher_ctx(tfm);
 
-    if (req->cryptlen < AES_BLOCK_SIZE)
+    if (req->cryptlen < WC_AES_BLOCK_SIZE)
         return -EINVAL;
 
     err = skcipher_walk_virt(&walk, req, false);
@@ -910,12 +1645,12 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
         err = skcipher_walk_done(&walk, 0);
 
     } else {
-        int tail = req->cryptlen % AES_BLOCK_SIZE;
+        int tail = req->cryptlen % WC_AES_BLOCK_SIZE;
         struct skcipher_request subreq;
         struct XtsAesStreamData stream;
 
         if (tail > 0) {
-            int blocks = DIV_ROUND_UP(req->cryptlen, AES_BLOCK_SIZE) - 2;
+            int blocks = DIV_ROUND_UP(req->cryptlen, WC_AES_BLOCK_SIZE) - 2;
 
             skcipher_walk_abort(&walk);
 
@@ -924,7 +1659,7 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
                                           skcipher_request_flags(req),
                                           NULL, NULL);
             skcipher_request_set_crypt(&subreq, req->src, req->dst,
-                                       blocks * AES_BLOCK_SIZE, req->iv);
+                                       blocks * WC_AES_BLOCK_SIZE, req->iv);
             req = &subreq;
 
             err = skcipher_walk_virt(&walk, req, false);
@@ -947,9 +1682,9 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
              * end-of-message ciphertext stealing.
              */
             if (nbytes < walk.total)
-                nbytes &= ~(AES_BLOCK_SIZE - 1);
+                nbytes &= ~(WC_AES_BLOCK_SIZE - 1);
 
-            if (nbytes & ((unsigned int)AES_BLOCK_SIZE - 1U))
+            if (nbytes & ((unsigned int)WC_AES_BLOCK_SIZE - 1U))
                 err = wc_AesXtsEncryptFinal(ctx->aesXts, walk.dst.virt.addr,
                                             walk.src.virt.addr, nbytes,
                                             &stream);
@@ -981,7 +1716,7 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
             if (req->dst != req->src)
                 dst = scatterwalk_ffwd(sg_dst, req->dst, req->cryptlen);
 
-            skcipher_request_set_crypt(req, src, dst, AES_BLOCK_SIZE + tail,
+            skcipher_request_set_crypt(req, src, dst, WC_AES_BLOCK_SIZE + tail,
                                        req->iv);
 
             err = skcipher_walk_virt(&walk, &subreq, false);
@@ -999,7 +1734,7 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
             }
 
             err = skcipher_walk_done(&walk, 0);
-        } else if (! (stream.bytes_crypted_with_this_tweak & ((word32)AES_BLOCK_SIZE - 1U))) {
+        } else if (! (stream.bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))) {
             err = wc_AesXtsEncryptFinal(ctx->aesXts, NULL, NULL, 0, &stream);
         }
     }
@@ -1009,7 +1744,7 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
 
 static int km_AesXtsDecrypt(struct skcipher_request *req)
 {
-    int                      err = 0;
+    int                      err;
     struct crypto_skcipher * tfm = NULL;
     struct km_AesXtsCtx *    ctx = NULL;
     struct skcipher_walk     walk;
@@ -1018,7 +1753,7 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
     tfm = crypto_skcipher_reqtfm(req);
     ctx = crypto_skcipher_ctx(tfm);
 
-    if (req->cryptlen < AES_BLOCK_SIZE)
+    if (req->cryptlen < WC_AES_BLOCK_SIZE)
         return -EINVAL;
 
     err = skcipher_walk_virt(&walk, req, false);
@@ -1042,12 +1777,12 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
 
         err = skcipher_walk_done(&walk, 0);
     } else {
-        int tail = req->cryptlen % AES_BLOCK_SIZE;
+        int tail = req->cryptlen % WC_AES_BLOCK_SIZE;
         struct skcipher_request subreq;
         struct XtsAesStreamData stream;
 
         if (unlikely(tail > 0)) {
-            int blocks = DIV_ROUND_UP(req->cryptlen, AES_BLOCK_SIZE) - 2;
+            int blocks = DIV_ROUND_UP(req->cryptlen, WC_AES_BLOCK_SIZE) - 2;
 
             skcipher_walk_abort(&walk);
 
@@ -1056,7 +1791,7 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
                                           skcipher_request_flags(req),
                                           NULL, NULL);
             skcipher_request_set_crypt(&subreq, req->src, req->dst,
-                                       blocks * AES_BLOCK_SIZE, req->iv);
+                                       blocks * WC_AES_BLOCK_SIZE, req->iv);
             req = &subreq;
 
             err = skcipher_walk_virt(&walk, req, false);
@@ -1079,9 +1814,9 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
              * end-of-message ciphertext stealing.
              */
             if (nbytes < walk.total)
-                nbytes &= ~(AES_BLOCK_SIZE - 1);
+                nbytes &= ~(WC_AES_BLOCK_SIZE - 1);
 
-            if (nbytes & ((unsigned int)AES_BLOCK_SIZE - 1U))
+            if (nbytes & ((unsigned int)WC_AES_BLOCK_SIZE - 1U))
                 err = wc_AesXtsDecryptFinal(ctx->aesXts, walk.dst.virt.addr,
                                             walk.src.virt.addr, nbytes,
                                             &stream);
@@ -1113,7 +1848,7 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
             if (req->dst != req->src)
                 dst = scatterwalk_ffwd(sg_dst, req->dst, req->cryptlen);
 
-            skcipher_request_set_crypt(req, src, dst, AES_BLOCK_SIZE + tail,
+            skcipher_request_set_crypt(req, src, dst, WC_AES_BLOCK_SIZE + tail,
                                        req->iv);
 
             err = skcipher_walk_virt(&walk, &subreq, false);
@@ -1131,7 +1866,7 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
             }
 
             err = skcipher_walk_done(&walk, 0);
-        } else if (! (stream.bytes_crypted_with_this_tweak & ((word32)AES_BLOCK_SIZE - 1U))) {
+        } else if (! (stream.bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))) {
             err = wc_AesXtsDecryptFinal(ctx->aesXts, NULL, NULL, 0, &stream);
         }
     }
@@ -1142,14 +1877,14 @@ static struct skcipher_alg xtsAesAlg = {
     .base.cra_name          = WOLFKM_AESXTS_NAME,
     .base.cra_driver_name   = WOLFKM_AESXTS_DRIVER,
     .base.cra_priority      = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
-    .base.cra_blocksize     = AES_BLOCK_SIZE,
+    .base.cra_blocksize     = WC_AES_BLOCK_SIZE,
     .base.cra_ctxsize       = sizeof(struct km_AesXtsCtx),
     .base.cra_module        = THIS_MODULE,
 
     .min_keysize            = 2 * AES_128_KEY_SIZE,
     .max_keysize            = 2 * AES_256_KEY_SIZE,
-    .ivsize                 = AES_BLOCK_SIZE,
-    .walksize               = 2 * AES_BLOCK_SIZE,
+    .ivsize                 = WC_AES_BLOCK_SIZE,
+    .walksize               = 2 * WC_AES_BLOCK_SIZE,
     .init                   = km_AesXtsInit,
     .exit                   = km_AesXtsExit,
     .setkey                 = km_AesXtsSetKey,
@@ -1158,15 +1893,467 @@ static struct skcipher_alg xtsAesAlg = {
 };
 static int xtsAesAlg_loaded = 0;
 
-#endif /* WOLFSSL_AES_XTS &&
-        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESXTS)
-        */
+#endif /* LINUXKM_LKCAPI_REGISTER_AESXTS */
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCTR
+
+static int km_AesCtrInit(struct crypto_skcipher *tfm)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesInitCommon(ctx, WOLFKM_AESCTR_DRIVER, 0);
+}
+
+static int km_AesCtrSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
+                          unsigned int key_len)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesSetKeyCommon(ctx, in_key, key_len, WOLFKM_AESCTR_DRIVER);
+}
+
+static int km_AesCtrEncrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    int                      err;
+    Aes                      *aes_copy;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    /* Copy the cipher state to mitigate races on Aes.reg and Aes.tmp. */
+    aes_copy = (struct Aes *)malloc(sizeof(Aes));
+    if (aes_copy == NULL)
+        return -ENOMEM;
+    XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes));
+
+    err = wc_AesSetIV(aes_copy, walk.iv);
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesSetIV failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        err = -EINVAL;
+        goto out;
+    }
+
+    while (walk.nbytes != 0) {
+        err = wc_AesCtrEncrypt(aes_copy, walk.dst.virt.addr,
+                               walk.src.virt.addr, walk.nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCtrEncrypt failed %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            err = -EINVAL;
+            goto out;
+        }
+
+        err = skcipher_walk_done(&walk, 0);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    /* copy iv from wolfCrypt back to walk.iv */
+    XMEMCPY(walk.iv, aes_copy->reg, WC_AES_BLOCK_SIZE);
+
+out:
+
+    km_AesFree(&aes_copy);
+
+    return err;
+}
+
+static int km_AesCtrDecrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    int                      err;
+    Aes                      *aes_copy;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    /* Copy the cipher state to mitigate races on Aes.reg and Aes.tmp. */
+    aes_copy = (struct Aes *)malloc(sizeof(Aes));
+    if (aes_copy == NULL)
+        return -ENOMEM;
+    XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes)); /* CTR uses the same
+                                                       * schedule for encrypt
+                                                       * and decrypt.
+                                                       */
+
+    err = wc_AesSetIV(aes_copy, walk.iv);
+
+    if (unlikely(err)) {
+        if (! disable_setkey_warnings)
+            pr_err("%s: wc_AesSetIV failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        err = -EINVAL;
+        goto out;
+    }
+
+    while (walk.nbytes != 0) {
+        /* CTR uses the same function for encrypt and decrypt. */
+        err = wc_AesCtrEncrypt(aes_copy, walk.dst.virt.addr,
+                               walk.src.virt.addr, walk.nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesCtrDecrypt failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            err = -EINVAL;
+            goto out;
+        }
+
+        err = skcipher_walk_done(&walk, 0);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            goto out;
+        }
+    }
+
+    /* copy iv from wolfCrypt back to walk.iv */
+    XMEMCPY(walk.iv, aes_copy->reg, WC_AES_BLOCK_SIZE);
+
+out:
+
+    km_AesFree(&aes_copy);
+
+    return err;
+}
+
+static struct skcipher_alg ctrAesAlg = {
+    .base.cra_name        = WOLFKM_AESCTR_NAME,
+    .base.cra_driver_name = WOLFKM_AESCTR_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_blocksize   = 1,
+    .base.cra_ctxsize     = sizeof(struct km_AesCtx),
+    .base.cra_module      = THIS_MODULE,
+    .init                 = km_AesCtrInit,
+    .exit                 = km_AesExit,
+    .min_keysize          = AES_128_KEY_SIZE,
+    .max_keysize          = AES_256_KEY_SIZE,
+    .ivsize               = WC_AES_BLOCK_SIZE,
+    .setkey               = km_AesCtrSetKey,
+    .encrypt              = km_AesCtrEncrypt,
+    .decrypt              = km_AesCtrDecrypt,
+};
+static int ctrAesAlg_loaded = 0;
+
+#endif /* LINUXKM_LKCAPI_REGISTER_AESCTR */
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESOFB
+
+static int km_AesOfbInit(struct crypto_skcipher *tfm)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesInitCommon(ctx, WOLFKM_AESOFB_DRIVER, 0);
+}
+
+static int km_AesOfbSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
+                          unsigned int key_len)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesSetKeyCommon(ctx, in_key, key_len, WOLFKM_AESOFB_DRIVER);
+}
+
+static int km_AesOfbEncrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    int                      err;
+    Aes                      *aes_copy;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    /* Copy the cipher state to mitigate races on Aes.reg and Aes.tmp. */
+    aes_copy = (struct Aes *)malloc(sizeof(Aes));
+    if (aes_copy == NULL)
+        return -ENOMEM;
+    XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes));
+
+    err = wc_AesSetIV(aes_copy, walk.iv);
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesSetIV failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        err = -EINVAL;
+        goto out;
+    }
+
+    while (walk.nbytes != 0) {
+        err = wc_AesOfbEncrypt(aes_copy, walk.dst.virt.addr,
+                               walk.src.virt.addr, walk.nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesOfbEncrypt failed %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            err = -EINVAL;
+            goto out;
+        }
+
+        err = skcipher_walk_done(&walk, 0);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            return err;
+        }
+    }
+
+    /* copy iv from wolfCrypt back to walk.iv */
+    XMEMCPY(walk.iv, aes_copy->reg, WC_AES_BLOCK_SIZE);
+
+out:
+
+    km_AesFree(&aes_copy);
+
+    return err;
+}
+
+static int km_AesOfbDecrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    int                      err;
+    Aes                      *aes_copy;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        pr_err("%s: skcipher_walk_virt failed: %d\n",
+               crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        return err;
+    }
+
+    /* Copy the cipher state to mitigate races on Aes.reg and Aes.tmp. */
+    aes_copy = (struct Aes *)malloc(sizeof(Aes));
+    if (aes_copy == NULL)
+        return -ENOMEM;
+    XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes)); /* OFB uses the same
+                                                       * schedule for encrypt
+                                                       * and decrypt.
+                                                       */
+
+    err = wc_AesSetIV(aes_copy, walk.iv);
+
+    if (unlikely(err)) {
+        if (! disable_setkey_warnings)
+            pr_err("%s: wc_AesSetIV failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+        err = -EINVAL;
+        goto out;
+    }
+
+    while (walk.nbytes != 0) {
+        err = wc_AesOfbDecrypt(aes_copy, walk.dst.virt.addr,
+                               walk.src.virt.addr, walk.nbytes);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesOfbDecrypt failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            err = -EINVAL;
+            goto out;
+        }
+
+        err = skcipher_walk_done(&walk, 0);
+
+        if (unlikely(err)) {
+            pr_err("%s: skcipher_walk_done failed: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
+            goto out;
+        }
+    }
+
+    /* copy iv from wolfCrypt back to walk.iv */
+    XMEMCPY(walk.iv, aes_copy->reg, WC_AES_BLOCK_SIZE);
+
+out:
+
+    km_AesFree(&aes_copy);
+
+    return err;
+}
+
+static struct skcipher_alg ofbAesAlg = {
+    .base.cra_name        = WOLFKM_AESOFB_NAME,
+    .base.cra_driver_name = WOLFKM_AESOFB_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_blocksize   = 1,
+    .base.cra_ctxsize     = sizeof(struct km_AesCtx),
+    .base.cra_module      = THIS_MODULE,
+    .init                 = km_AesOfbInit,
+    .exit                 = km_AesExit,
+    .min_keysize          = AES_128_KEY_SIZE,
+    .max_keysize          = AES_256_KEY_SIZE,
+    .ivsize               = WC_AES_BLOCK_SIZE,
+    .setkey               = km_AesOfbSetKey,
+    .encrypt              = km_AesOfbEncrypt,
+    .decrypt              = km_AesOfbDecrypt,
+};
+static int ofbAesAlg_loaded = 0;
+
+#endif /* LINUXKM_LKCAPI_REGISTER_AESOFB */
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESECB
+
+static int km_AesEcbInit(struct crypto_skcipher *tfm)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesInitCommon(ctx, WOLFKM_AESECB_DRIVER, 1);
+}
+
+static int km_AesEcbSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
+                          unsigned int key_len)
+{
+    struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
+    return km_AesSetKeyCommon(ctx, in_key, key_len, WOLFKM_AESECB_DRIVER);
+}
+
+static int km_AesEcbEncrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+    int                      err;
+    Aes                     *aes;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        return err;
+    }
+
+    err = km_AesGet(ctx, 0 /* decrypt_p */, 0 /* copy_p */, &aes);
+    if (unlikely(err)) {
+        return err;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesEcbEncrypt(aes, walk.dst.virt.addr, walk.src.virt.addr,
+                               nbytes & (~(WC_AES_BLOCK_SIZE - 1)));
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesEcbEncrypt failed for %u bytes: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), nbytes, err);
+            err = -EINVAL;
+            goto out;
+        }
+
+        nbytes &= WC_AES_BLOCK_SIZE - 1;
+        err = skcipher_walk_done(&walk, nbytes);
+    }
+
+out:
+
+    return err;
+}
+
+static int km_AesEcbDecrypt(struct skcipher_request *req)
+{
+    struct crypto_skcipher * tfm = NULL;
+    struct km_AesCtx *       ctx = NULL;
+    struct skcipher_walk     walk;
+    unsigned int             nbytes = 0;
+    int                      err;
+    Aes                     *aes;
+
+    tfm = crypto_skcipher_reqtfm(req);
+    ctx = crypto_skcipher_ctx(tfm);
+
+    err = skcipher_walk_virt(&walk, req, false);
+
+    if (unlikely(err)) {
+        return err;
+    }
+
+    err = km_AesGet(ctx, 1 /* decrypt_p */, 0 /* copy_p */, &aes);
+    if (unlikely(err)) {
+        return err;
+    }
+
+    while ((nbytes = walk.nbytes) != 0) {
+        err = wc_AesEcbDecrypt(aes, walk.dst.virt.addr, walk.src.virt.addr,
+                               nbytes & (~(WC_AES_BLOCK_SIZE - 1)));
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesEcbDecrypt failed for %u bytes: %d\n",
+                   crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), nbytes, err);
+            err = -EINVAL;
+            goto out;
+        }
+
+        nbytes &= WC_AES_BLOCK_SIZE - 1;
+        err = skcipher_walk_done(&walk, nbytes);
+    }
+
+out:
+
+    return err;
+}
+
+static struct skcipher_alg ecbAesAlg = {
+    .base.cra_name        = WOLFKM_AESECB_NAME,
+    .base.cra_driver_name = WOLFKM_AESECB_DRIVER,
+    .base.cra_priority    = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
+    .base.cra_blocksize   = WC_AES_BLOCK_SIZE,
+    .base.cra_ctxsize     = sizeof(struct km_AesCtx),
+    .base.cra_module      = THIS_MODULE,
+    .init                 = km_AesEcbInit,
+    .exit                 = km_AesExit,
+    .min_keysize          = AES_128_KEY_SIZE,
+    .max_keysize          = AES_256_KEY_SIZE,
+    .ivsize               = 0,
+    .setkey               = km_AesEcbSetKey,
+    .encrypt              = km_AesEcbEncrypt,
+    .decrypt              = km_AesEcbDecrypt,
+};
+static int ecbAesAlg_loaded = 0;
+
+#endif /* LINUXKM_LKCAPI_REGISTER_AESECB */
 
 /* cipher tests, cribbed from test.c, with supplementary LKCAPI tests: */
 
-#if defined(HAVE_AES_CBC) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCBC
 
 static int linuxkm_test_aescbc(void)
 {
@@ -1221,7 +2408,7 @@ static int linuxkm_test_aescbc(void)
     }
     aes_inited = 1;
 
-    ret = wc_AesSetKey(aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
+    ret = wc_AesSetKey(aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
     if (ret) {
         pr_err("wolfcrypt wc_AesSetKey failed with return code %d\n", ret);
         goto test_cbc_end;
@@ -1249,7 +2436,7 @@ static int linuxkm_test_aescbc(void)
     }
     aes_inited = 1;
 
-    ret = wc_AesSetKey(aes, key32, AES_BLOCK_SIZE * 2, iv, AES_DECRYPTION);
+    ret = wc_AesSetKey(aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_DECRYPTION);
     if (ret) {
         pr_err("wolfcrypt wc_AesSetKey failed with return code %d.\n", ret);
         goto test_cbc_end;
@@ -1302,7 +2489,7 @@ static int linuxkm_test_aescbc(void)
     }
 #endif
 
-    ret = crypto_skcipher_setkey(tfm, key32, AES_BLOCK_SIZE * 2);
+    ret = crypto_skcipher_setkey(tfm, key32, WC_AES_BLOCK_SIZE * 2);
     if (ret) {
         pr_err("error: crypto_skcipher_setkey returned: %d\n", ret);
         goto test_cbc_end;
@@ -1368,13 +2555,9 @@ test_cbc_end:
     return ret;
 }
 
-#endif /* HAVE_AES_CBC &&
-        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC)
-        */
+#endif /* LINUXKM_LKCAPI_REGISTER_AESCBC */
 
-#if defined(WOLFSSL_AES_CFB) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCFB
 
 static int linuxkm_test_aescfb(void)
 {
@@ -1417,6 +2600,13 @@ static int linuxkm_test_aescfb(void)
     if (aes == NULL)
         return -ENOMEM;
 
+    ret = aesofb_test();
+    if (ret) {
+        wc_test_render_error_message("aesgcm_test failed: ", ret);
+        ret = -EINVAL;
+        goto test_cfb_end;
+    }
+
     XMEMSET(enc, 0, sizeof(enc));
     XMEMSET(dec, 0, sizeof(enc));
 
@@ -1427,7 +2617,7 @@ static int linuxkm_test_aescfb(void)
     }
     aes_inited = 1;
 
-    ret = wc_AesSetKey(aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
+    ret = wc_AesSetKey(aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
     if (ret) {
         pr_err("wolfcrypt wc_AesSetKey failed with return code %d\n", ret);
         goto test_cfb_end;
@@ -1455,7 +2645,7 @@ static int linuxkm_test_aescfb(void)
     }
     aes_inited = 1;
 
-    ret = wc_AesSetKey(aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
+    ret = wc_AesSetKey(aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
     if (ret) {
         pr_err("wolfcrypt wc_AesSetKey failed with return code %d.\n", ret);
         goto test_cfb_end;
@@ -1495,20 +2685,11 @@ static int linuxkm_test_aescfb(void)
         goto test_cfb_end;
     }
 
-#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
-    {
-        const char *driver_name =
-            crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
-        if (strcmp(driver_name, WOLFKM_AESCFB_DRIVER)) {
-            pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
-                   WOLFKM_AESCFB_NAME, driver_name, WOLFKM_AESCFB_DRIVER);
-            ret = -ENOENT;
-            goto test_cfb_end;
-        }
-    }
-#endif
+    ret = check_skcipher_driver_masking(tfm, WOLFKM_AESCFB_NAME, WOLFKM_AESCFB_DRIVER);
+    if (ret)
+        goto test_cfb_end;
 
-    ret = crypto_skcipher_setkey(tfm, key32, AES_BLOCK_SIZE * 2);
+    ret = crypto_skcipher_setkey(tfm, key32, WC_AES_BLOCK_SIZE * 2);
     if (ret) {
         pr_err("error: crypto_skcipher_setkey returned: %d\n", ret);
         goto test_cfb_end;
@@ -1574,16 +2755,21 @@ test_cfb_end:
     return ret;
 }
 
-#endif /* WOLFSSL_AES_CFB &&
-        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCFB)
-        */
+#endif /* LINUXKM_LKCAPI_REGISTER_AESCFB */
 
-#if defined(HAVE_AESGCM) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM
 
 static int linuxkm_test_aesgcm(void)
 {
+#ifndef WOLFSSL_AESGCM_STREAM
+    wc_test_ret_t ret = aesgcm_test();
+    if (ret >= 0)
+        return check_aead_driver_masking(NULL /* tfm */, WOLFKM_AESGCM_NAME, WOLFKM_AESGCM_DRIVER);
+    else {
+        wc_test_render_error_message("aesgcm_test failed: ", ret);
+        return -EINVAL;
+    }
+#else
     int     ret = 0;
     struct crypto_aead *  tfm = NULL;
     struct aead_request * req = NULL;
@@ -1611,20 +2797,20 @@ static int linuxkm_test_aesgcm(void)
         0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
         0xab, 0xad, 0xda, 0xd2
     };
-    static const byte ivstr[] = "1234567890abcdef";
+    static const byte ivstr[] = "1234567890ab";
     static const byte c_vector[] =
     {
-        0x0c,0x97,0x05,0x3c,0xef,0x5c,0x63,0x6b,
-        0x15,0xe4,0x00,0x63,0xf8,0x8c,0xd0,0x95,
-        0x27,0x81,0x90,0x9c,0x9f,0xe6,0x98,0xe9
+        0x80,0xb9,0x00,0xdc,0x03,0xb8,0x0e,0xaa,
+        0x98,0x09,0x75,0x01,0x40,0x09,0xb0,0xc3,
+        0x7a,0xed,0x2c,0x2e,0x4d,0xe5,0xca,0x80
     };
     static const byte KAT_authTag[] =
     {
-        0xc9,0xd5,0x7a,0x77,0xac,0x28,0xc2,0xe7,
-        0xe4,0x28,0x90,0xaa,0x09,0xab,0xf9,0x7c
+        0x8d,0xf5,0x76,0xae,0x53,0x20,0x5d,0x9c,
+        0x01,0x64,0xcd,0xf2,0xec,0x7a,0x13,0x03
     };
     byte    enc[sizeof(p_vector)];
-    byte    authTag[AES_BLOCK_SIZE];
+    byte    authTag[WC_AES_BLOCK_SIZE];
     byte    dec[sizeof(p_vector)];
     u8 *    assoc2 = NULL;
     u8 *    enc2 = NULL;
@@ -1636,7 +2822,7 @@ static int linuxkm_test_aesgcm(void)
     /* Init stack variables. */
     XMEMSET(enc, 0, sizeof(p_vector));
     XMEMSET(dec, 0, sizeof(p_vector));
-    XMEMSET(authTag, 0, AES_BLOCK_SIZE);
+    XMEMSET(authTag, 0, WC_AES_BLOCK_SIZE);
 
     aes = (Aes *)malloc(sizeof(*aes));
     if (aes == NULL)
@@ -1650,7 +2836,7 @@ static int linuxkm_test_aesgcm(void)
     aes_inited = 1;
 
     ret = wc_AesGcmInit(aes, key32, sizeof(key32)/sizeof(byte), ivstr,
-                        AES_BLOCK_SIZE);
+                        GCM_NONCE_MID_SZ);
     if (ret) {
         pr_err("error: wc_AesGcmInit failed with return code %d.\n", ret);
         goto test_gcm_end;
@@ -1676,7 +2862,7 @@ static int linuxkm_test_aesgcm(void)
         goto test_gcm_end;
     }
 
-    ret = wc_AesGcmEncryptFinal(aes, authTag, AES_BLOCK_SIZE);
+    ret = wc_AesGcmEncryptFinal(aes, authTag, WC_AES_BLOCK_SIZE);
     if (ret) {
         pr_err("error: wc_AesGcmEncryptFinal failed with return code %d\n",
                ret);
@@ -1690,7 +2876,7 @@ static int linuxkm_test_aesgcm(void)
     }
 
     ret = wc_AesGcmInit(aes, key32, sizeof(key32)/sizeof(byte), ivstr,
-                        AES_BLOCK_SIZE);
+                        GCM_NONCE_MID_SZ);
     if (ret) {
         pr_err("error: wc_AesGcmInit failed with return code %d.\n", ret);
         goto test_gcm_end;
@@ -1704,7 +2890,7 @@ static int linuxkm_test_aesgcm(void)
         goto test_gcm_end;
     }
 
-    ret = wc_AesGcmDecryptFinal(aes, authTag, AES_BLOCK_SIZE);
+    ret = wc_AesGcmDecryptFinal(aes, authTag, WC_AES_BLOCK_SIZE);
     if (ret) {
         pr_err("error: wc_AesGcmEncryptFinal failed with return code %d\n",
                ret);
@@ -1726,13 +2912,13 @@ static int linuxkm_test_aesgcm(void)
     memset(assoc2, 0, sizeof(assoc));
     memcpy(assoc2, assoc, sizeof(assoc));
 
-    iv = malloc(AES_BLOCK_SIZE);
+    iv = malloc(WC_AES_BLOCK_SIZE);
     if (IS_ERR(iv)) {
         pr_err("error: malloc failed\n");
         goto test_gcm_end;
     }
-    memset(iv, 0, AES_BLOCK_SIZE);
-    memcpy(iv, ivstr, AES_BLOCK_SIZE);
+    memset(iv, 0, WC_AES_BLOCK_SIZE);
+    memcpy(iv, ivstr, GCM_NONCE_MID_SZ);
 
     enc2 = malloc(decryptLen);
     if (IS_ERR(enc2)) {
@@ -1757,19 +2943,11 @@ static int linuxkm_test_aesgcm(void)
         goto test_gcm_end;
     }
 
-#ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
-    {
-        const char *driver_name = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
-        if (strcmp(driver_name, WOLFKM_AESGCM_DRIVER)) {
-            pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
-                   WOLFKM_AESGCM_NAME, driver_name, WOLFKM_AESGCM_DRIVER);
-            ret = -ENOENT;
-            goto test_gcm_end;
-        }
-    }
-#endif
+    ret = check_aead_driver_masking(tfm, WOLFKM_AESGCM_NAME, WOLFKM_AESGCM_DRIVER);
+    if (ret)
+        goto test_gcm_end;
 
-    ret = crypto_aead_setkey(tfm, key32, AES_BLOCK_SIZE * 2);
+    ret = crypto_aead_setkey(tfm, key32, WC_AES_BLOCK_SIZE * 2);
     if (ret) {
         pr_err("error: crypto_aead_setkey returned: %d\n", ret);
         goto test_gcm_end;
@@ -1864,15 +3042,27 @@ test_gcm_end:
     free(aes);
 
     return ret;
+#endif /* WOLFSSL_AESGCM_STREAM */
 }
 
-#endif /* HAVE_AESGCM &&
-        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESGCM) &&
-        */
+#endif /* LINUXKM_LKCAPI_REGISTER_AESGCM */
 
-#if defined(WOLFSSL_AES_XTS) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+
+static int linuxkm_test_aesgcm_rfc4106(void)
+{
+    wc_test_ret_t ret = aesgcm_test();
+    if (ret >= 0)
+        return check_aead_driver_masking(NULL /* tfm */, WOLFKM_AESGCM_RFC4106_NAME, WOLFKM_AESGCM_RFC4106_DRIVER);
+    else {
+        wc_test_render_error_message("aesgcm_test failed: ", ret);
+        return -EINVAL;
+    }
+}
+
+#endif /* LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 */
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESXTS
 
 /* test vectors from
  * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html
@@ -1883,7 +3073,7 @@ static int aes_xts_128_test(void)
     XtsAes *aes = NULL;
     int aes_inited = 0;
     int ret = 0;
-#define AES_XTS_128_TEST_BUF_SIZ (AES_BLOCK_SIZE * 2 + 8)
+#define AES_XTS_128_TEST_BUF_SIZ (WC_AES_BLOCK_SIZE * 2 + 8)
     unsigned char *buf = NULL;
     unsigned char *cipher = NULL;
     u8 *    enc2 = NULL;
@@ -2025,7 +3215,7 @@ static int aes_xts_128_test(void)
     }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
@@ -2041,12 +3231,12 @@ static int aes_xts_128_test(void)
     ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
     if (ret != 0)
         goto out;
-    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
     if (ret != 0)
         goto out;
-    ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE,
-                                 p2 + AES_BLOCK_SIZE,
-                                 sizeof(p2) - AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE,
+                                 p2 + WC_AES_BLOCK_SIZE,
+                                 sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
     if (ret != 0)
         goto out;
     if (XMEMCMP(c2, buf, sizeof(c2))) {
@@ -2062,18 +3252,18 @@ static int aes_xts_128_test(void)
     ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
     if (ret != 0)
         goto out;
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) {
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) {
         ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
         goto out;
     }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         goto out;
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) {
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) {
         ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
         goto out;
     }
@@ -2090,7 +3280,7 @@ static int aes_xts_128_test(void)
     }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(cipher, 0, AES_XTS_128_TEST_BUF_SIZ);
     ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -2116,7 +3306,7 @@ static int aes_xts_128_test(void)
     }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -2133,19 +3323,19 @@ static int aes_xts_128_test(void)
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
     if (ret != 0)
         goto out;
-    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) {
+    if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE)) {
         ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
         goto out;
     }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         goto out;
-    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) {
+    if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE)) {
         ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
         goto out;
     }
@@ -2227,14 +3417,14 @@ static int aes_xts_128_test(void)
             ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
             if (ret != 0)
                 goto out;
-            for (k = 0; k < j; k += AES_BLOCK_SIZE) {
-                if ((j - k) < AES_BLOCK_SIZE*2)
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
                 else
-                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
+                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
                 if (ret != 0)
                     goto out;
-                if ((j - k) < AES_BLOCK_SIZE*2)
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     break;
             }
             ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
@@ -2267,14 +3457,14 @@ static int aes_xts_128_test(void)
             ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
             if (ret != 0)
                 goto out;
-            for (k = 0; k < j; k += AES_BLOCK_SIZE) {
-                if ((j - k) < AES_BLOCK_SIZE*2)
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
                 else
-                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
+                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
                 if (ret != 0)
                     goto out;
-                if ((j - k) < AES_BLOCK_SIZE*2)
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     break;
             }
             for (i = 0; i < j; i++) {
@@ -2483,7 +3673,7 @@ static int aes_xts_256_test(void)
     XtsAes *aes = NULL;
     int aes_inited = 0;
     int ret = 0;
-#define AES_XTS_256_TEST_BUF_SIZ (AES_BLOCK_SIZE * 3)
+#define AES_XTS_256_TEST_BUF_SIZ (WC_AES_BLOCK_SIZE * 3)
     unsigned char *buf = NULL;
     unsigned char *cipher = NULL;
     u8 *    enc2 = NULL;
@@ -2617,12 +3807,12 @@ static int aes_xts_256_test(void)
     ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
     if (ret != 0)
         goto out;
-    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
     if (ret != 0)
         goto out;
-    ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE,
-                                 p2 + AES_BLOCK_SIZE,
-                                 sizeof(p2) - AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE,
+                                 p2 + WC_AES_BLOCK_SIZE,
+                                 sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
     if (ret != 0)
         goto out;
     if (XMEMCMP(c2, buf, sizeof(c2))) {
@@ -2637,7 +3827,7 @@ static int aes_xts_256_test(void)
     ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
     if (ret != 0)
         goto out;
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) {
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) {
         ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
         goto out;
     }
@@ -2666,7 +3856,7 @@ static int aes_xts_256_test(void)
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
     if (ret != 0)
         goto out;
-    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) {
+    if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE)) {
         ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
         goto out;
     }
@@ -2707,14 +3897,14 @@ static int aes_xts_256_test(void)
             ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
             if (ret != 0)
                 goto out;
-            for (k = 0; k < j; k += AES_BLOCK_SIZE) {
-                if ((j - k) < AES_BLOCK_SIZE*2)
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
                 else
-                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
+                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
                 if (ret != 0)
                     goto out;
-                if ((j - k) < AES_BLOCK_SIZE*2)
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     break;
             }
             ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
@@ -2747,14 +3937,14 @@ static int aes_xts_256_test(void)
             ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
             if (ret != 0)
                 goto out;
-            for (k = 0; k < j; k += AES_BLOCK_SIZE) {
-                if ((j - k) < AES_BLOCK_SIZE*2)
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
                 else
-                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
+                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
                 if (ret != 0)
                     goto out;
-                if ((j - k) < AES_BLOCK_SIZE*2)
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     break;
             }
             for (i = 0; i < j; i++) {
@@ -2980,20 +4170,91 @@ out:
     return ret;
 }
 
-#endif /* WOLFSSL_AES_XTS &&
-        * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESXTS)
-        */
+#endif /* LINUXKM_LKCAPI_REGISTER_AESXTS */
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCTR
+
+static int linuxkm_test_aesctr(void) {
+    wc_test_ret_t ret = aes_ctr_test();
+    if (ret >= 0)
+        return check_skcipher_driver_masking(NULL /* tfm */, WOLFKM_AESCTR_NAME, WOLFKM_AESCTR_DRIVER);
+    else {
+        wc_test_render_error_message("aes_ctr_test failed: ", ret);
+        return -EINVAL;
+    }
+}
+
+#endif /* LINUXKM_LKCAPI_REGISTER_AESCTR */
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESOFB
+
+static int linuxkm_test_aesofb(void) {
+    wc_test_ret_t ret = aesofb_test();
+    if (ret >= 0)
+        return check_skcipher_driver_masking(NULL /* tfm */, WOLFKM_AESOFB_NAME, WOLFKM_AESOFB_DRIVER);
+    else {
+        wc_test_render_error_message("aesofb_test failed: ", ret);
+        return -EINVAL;
+    }
+}
+
+#endif /* LINUXKM_LKCAPI_REGISTER_AESOFB */
+
+#ifdef LINUXKM_LKCAPI_REGISTER_AESECB
+
+static int linuxkm_test_aesecb(void) {
+    wc_test_ret_t ret = aes_test();
+    if (ret >= 0)
+        return check_skcipher_driver_masking(NULL /* tfm */, WOLFKM_AESECB_NAME, WOLFKM_AESECB_DRIVER);
+    else {
+        wc_test_render_error_message("aes_test failed: ", ret);
+        return -EINVAL;
+    }
+}
+
+#endif /* LINUXKM_LKCAPI_REGISTER_AESECB */
 
 #endif /* !NO_AES */
 
-#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
-        !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
-    #ifdef CONFIG_CRYPTO_FIPS
-        #include <linux/fips.h>
-    #else
-        #error wolfCrypt FIPS with LINUXKM_LKCAPI_REGISTER and CONFIG_CRYPTO_MANAGER requires CONFIG_CRYPTO_FIPS
+#ifdef HAVE_ECC
+    #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDSA)) && \
+        !defined(LINUXKM_LKCAPI_REGISTER_ECDSA)
+        #define LINUXKM_LKCAPI_REGISTER_ECDSA
     #endif
-#endif
+#else
+    #undef LINUXKM_LKCAPI_REGISTER_ECDSA
+#endif /* HAVE_ECC */
+
+#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
+    #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
+        /**
+         * note: ecdsa supported with linux 6.12 and earlier for now, only.
+         * In linux 6.13, ecdsa changed from a struct akcipher_alg type to
+         * struct sig_alg type, and the sign/verify callbacks were removed
+         * from akcipher_alg.
+         * */
+        #undef LINUXKM_LKCAPI_REGISTER_ECDSA
+    #endif /* linux >= 6.13.0 */
+
+    #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) && \
+        defined(CONFIG_CRYPTO_FIPS) && defined(CONFIG_CRYPTO_MANAGER)
+        /**
+         * note: ecdsa was not recognized as fips_allowed before linux v6.3
+         * in kernel crypto/testmgr.c, and will not pass the tests.
+         * */
+        #undef LINUXKM_LKCAPI_REGISTER_ECDSA
+    #endif /* linux < 6.3.0 && CONFIG_CRYPTO_FIPS && CONFIG_CRYPTO_MANAGER */
+
+    #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \
+        ECC_MIN_KEY_SZ <= 192 && !defined(CONFIG_CRYPTO_FIPS)
+        /* only register p192 if specifically enabled, and if not fips. */
+        #define LINUXKM_ECC192
+    #endif
+#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
+
+#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
+    #include "linuxkm/lkcapi_ecdsa_glue.c"
+#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
 
 static int linuxkm_lkcapi_register(void)
 {
@@ -3054,33 +4315,48 @@ static int linuxkm_lkcapi_register(void)
                 (alg).base.cra_priority);                               \
     } while (0)
 
-#if defined(HAVE_AES_CBC) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
-
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCBC
     REGISTER_ALG(cbcAesAlg, crypto_register_skcipher, linuxkm_test_aescbc);
 #endif
-
-#if defined(WOLFSSL_AES_CFB) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
-
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCFB
     REGISTER_ALG(cfbAesAlg, crypto_register_skcipher, linuxkm_test_aescfb);
 #endif
-
-#if defined(HAVE_AESGCM) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
-
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM
     REGISTER_ALG(gcmAesAead, crypto_register_aead, linuxkm_test_aesgcm);
 #endif
-
-#if defined(WOLFSSL_AES_XTS) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
-
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+    REGISTER_ALG(gcmAesAead_rfc4106, crypto_register_aead, linuxkm_test_aesgcm_rfc4106);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESXTS
     REGISTER_ALG(xtsAesAlg, crypto_register_skcipher, linuxkm_test_aesxts);
 #endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCTR
+    REGISTER_ALG(ctrAesAlg, crypto_register_skcipher, linuxkm_test_aesctr);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESOFB
+    REGISTER_ALG(ofbAesAlg, crypto_register_skcipher, linuxkm_test_aesofb);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESECB
+    REGISTER_ALG(ecbAesAlg, crypto_register_skcipher, linuxkm_test_aesecb);
+#endif
+
+#ifdef LINUXKM_LKCAPI_REGISTER_ECDSA
+    #if defined(LINUXKM_ECC192)
+    REGISTER_ALG(ecdsa_nist_p192, crypto_register_akcipher,
+                 linuxkm_test_ecdsa_nist_p192);
+    #endif /* LINUXKM_ECC192 */
+
+    REGISTER_ALG(ecdsa_nist_p256, crypto_register_akcipher,
+                 linuxkm_test_ecdsa_nist_p256);
+
+    REGISTER_ALG(ecdsa_nist_p384, crypto_register_akcipher,
+                 linuxkm_test_ecdsa_nist_p384);
+
+    #if defined(HAVE_ECC521)
+    REGISTER_ALG(ecdsa_nist_p521, crypto_register_akcipher,
+                 linuxkm_test_ecdsa_nist_p521);
+    #endif /* HAVE_ECC521 */
+#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
 
 #undef REGISTER_ALG
 
@@ -3107,30 +4383,41 @@ static void linuxkm_lkcapi_unregister(void)
         }                                                               \
     } while (0)
 
-#if defined(HAVE_AES_CBC) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
-
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCBC
     UNREGISTER_ALG(cbcAesAlg, crypto_unregister_skcipher);
 #endif
-#if defined(WOLFSSL_AES_CFB) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
-
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCFB
     UNREGISTER_ALG(cfbAesAlg, crypto_unregister_skcipher);
 #endif
-#if defined(HAVE_AESGCM) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
-
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM
     UNREGISTER_ALG(gcmAesAead, crypto_unregister_aead);
 #endif
-#if defined(WOLFSSL_AES_XTS) && \
-    (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-     defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
-
+#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
+    UNREGISTER_ALG(gcmAesAead_rfc4106, crypto_unregister_aead);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESXTS
     UNREGISTER_ALG(xtsAesAlg, crypto_unregister_skcipher);
 #endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESCTR
+    UNREGISTER_ALG(ctrAesAlg, crypto_unregister_skcipher);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESOFB
+    UNREGISTER_ALG(ofbAesAlg, crypto_unregister_skcipher);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_AESECB
+    UNREGISTER_ALG(ecbAesAlg, crypto_unregister_skcipher);
+#endif
+
+#ifdef LINUXKM_LKCAPI_REGISTER_ECDSA
+    #if defined(LINUXKM_ECC192)
+    UNREGISTER_ALG(ecdsa_nist_p192, crypto_unregister_akcipher);
+    #endif /* LINUXKM_ECC192 */
+    UNREGISTER_ALG(ecdsa_nist_p256, crypto_unregister_akcipher);
+    UNREGISTER_ALG(ecdsa_nist_p384, crypto_unregister_akcipher);
+    #if defined(HAVE_ECC521)
+    UNREGISTER_ALG(ecdsa_nist_p521, crypto_unregister_akcipher);
+    #endif /* HAVE_ECC521 */
+#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
 
 #undef UNREGISTER_ALG
 }
diff --git a/linuxkm/module_exports.c.template b/linuxkm/module_exports.c.template
index 77beef5bd..df9ae53e2 100644
--- a/linuxkm/module_exports.c.template
+++ b/linuxkm/module_exports.c.template
@@ -1,7 +1,7 @@
 /* module_exports.c.template -- static preamble for dynamically generated
  * module_exports.c (see Kbuild)
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,17 +20,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_FIPS
 #define FIPS_NO_WRAPPERS
 #endif
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifndef WOLFCRYPT_ONLY
     #include <wolfssl/ssl.h>
     #include <wolfssl/internal.h>
@@ -149,10 +144,10 @@
     #include <wolfssl/wolfcrypt/kdf.h>
 #endif
 
-#ifdef WOLFSSL_HAVE_KYBER
-    #include <wolfssl/wolfcrypt/kyber.h>
-#ifdef WOLFSSL_WC_KYBER
-    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#ifdef WOLFSSL_HAVE_MLKEM
+    #include <wolfssl/wolfcrypt/mlkem.h>
+#ifdef WOLFSSL_WC_MLKEM
+    #include <wolfssl/wolfcrypt/wc_mlkem.h>
 #endif
 #endif
 #if defined(WOLFSSL_HAVE_XMSS)
@@ -215,3 +210,6 @@
 #include <wolfssl/openssl/pem.h>
 #endif
 
+#if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG)
+#include <wolfssl/openssl/fips_rand.h>
+#endif
diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c
index f1bf46f8f..cb1f7aaa8 100644
--- a/linuxkm/module_hooks.c
+++ b/linuxkm/module_hooks.c
@@ -1,6 +1,6 @@
 /* module_hooks.c -- module load/unload hooks for libwolfssl.ko
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,14 +29,10 @@
 
 #define FIPS_NO_WRAPPERS
 
-#define WOLFSSL_NEED_LINUX_CURRENT
+#define WOLFSSL_LINUXKM_NEED_LINUX_CURRENT
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef WOLFCRYPT_ONLY
     #include <wolfssl/version.h>
 #else
@@ -45,9 +41,11 @@
 #ifdef HAVE_FIPS
     #include <wolfssl/wolfcrypt/fips_test.h>
 #endif
-#ifndef NO_CRYPT_TEST
+#if !defined(NO_CRYPT_TEST) || defined(LINUXKM_LKCAPI_REGISTER)
     #include <wolfcrypt/test/test.h>
 #endif
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/sha256.h>
 
 static int libwolfssl_cleanup(void) {
     int ret;
@@ -105,7 +103,7 @@ static void lkmFipsCb(int ok, int err, const char* hash)
 {
     if ((! ok) || (err != 0))
         pr_err("libwolfssl FIPS error: %s\n", wc_GetErrorString(err));
-    if (err == IN_CORE_FIPS_E) {
+    if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
         pr_err("In-core integrity hash check failure.\n"
                "Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n",
                hash ? hash : "<null>");
@@ -237,13 +235,45 @@ static int wolfssl_init(void)
     ret = wolfCrypt_GetStatus_fips();
     if (ret != 0) {
         pr_err("wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret));
-        if (ret == IN_CORE_FIPS_E) {
+        if (ret == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
             const char *newhash = wolfCrypt_GetCoreHash_fips();
             pr_err("Update verifyCore[] in fips_test.c with new hash \"%s\" and rebuild.\n",
                    newhash ? newhash : "<null>");
         }
         return -ECANCELED;
     }
+#endif /* HAVE_FIPS */
+
+#ifdef WC_RNG_SEED_CB
+    ret = wc_SetSeed_Cb(wc_GenerateSeed);
+    if (ret < 0) {
+        pr_err("wc_SetSeed_Cb() failed with return code %d.\n", ret);
+        (void)libwolfssl_cleanup();
+        msleep(10);
+        return -ECANCELED;
+    }
+#endif
+
+#ifdef WOLFCRYPT_ONLY
+    ret = wolfCrypt_Init();
+    if (ret != 0) {
+        pr_err("wolfCrypt_Init() failed: %s\n", wc_GetErrorString(ret));
+        return -ECANCELED;
+    }
+#else
+    ret = wolfSSL_Init();
+    if (ret != WOLFSSL_SUCCESS) {
+        pr_err("wolfSSL_Init() failed: %s\n", wc_GetErrorString(ret));
+        return -ECANCELED;
+    }
+#endif
+
+#if defined(HAVE_FIPS) && FIPS_VERSION3_GT(5,2,0)
+    ret = wc_RunAllCast_fips();
+    if (ret != 0) {
+        pr_err("wc_RunAllCast_fips() failed with return value %d\n", ret);
+        return -ECANCELED;
+    }
 
     pr_info("FIPS 140-3 wolfCrypt-fips v%d.%d.%d%s%s startup "
             "self-test succeeded.\n",
@@ -270,32 +300,7 @@ static int wolfssl_init(void)
             ""
 #endif
         );
-
-#endif /* HAVE_FIPS */
-
-#ifdef WC_RNG_SEED_CB
-    ret = wc_SetSeed_Cb(wc_GenerateSeed);
-    if (ret < 0) {
-        pr_err("wc_SetSeed_Cb() failed with return code %d.\n", ret);
-        (void)libwolfssl_cleanup();
-        msleep(10);
-        return -ECANCELED;
-    }
-#endif
-
-#ifdef WOLFCRYPT_ONLY
-    ret = wolfCrypt_Init();
-    if (ret != 0) {
-        pr_err("wolfCrypt_Init() failed: %s\n", wc_GetErrorString(ret));
-        return -ECANCELED;
-    }
-#else
-    ret = wolfSSL_Init();
-    if (ret != WOLFSSL_SUCCESS) {
-        pr_err("wolfSSL_Init() failed: %s\n", wc_GetErrorString(ret));
-        return -ECANCELED;
-    }
-#endif
+#endif /* HAVE_FIPS && FIPS_VERSION3_GT(5,2,0) */
 
 #ifndef NO_CRYPT_TEST
     ret = wolfcrypt_test(NULL);
@@ -307,9 +312,11 @@ static int wolfssl_init(void)
     }
     pr_info("wolfCrypt self-test passed.\n");
 #else
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_LE(5,2,0)
     pr_info("skipping full wolfcrypt_test() "
             "(configure with --enable-crypttests to enable).\n");
 #endif
+#endif
 
 #ifdef LINUXKM_LKCAPI_REGISTER
     ret = linuxkm_lkcapi_register();
@@ -577,7 +584,26 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
     wolfssl_linuxkm_pie_redirect_table.GetCA = GetCA;
 #ifndef NO_SKID
     wolfssl_linuxkm_pie_redirect_table.GetCAByName = GetCAByName;
+#ifdef HAVE_OCSP
+    wolfssl_linuxkm_pie_redirect_table.GetCAByKeyHash = GetCAByKeyHash;
+#endif /* HAVE_OCSP */
+#endif /* NO_SKID */
+#ifdef WOLFSSL_AKID_NAME
+    wolfssl_linuxkm_pie_redirect_table.GetCAByAKID = GetCAByAKID;
+#endif /* WOLFSSL_AKID_NAME */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    wolfssl_linuxkm_pie_redirect_table.wolfSSL_X509_NAME_add_entry_by_NID = wolfSSL_X509_NAME_add_entry_by_NID;
+    wolfssl_linuxkm_pie_redirect_table.wolfSSL_X509_NAME_free = wolfSSL_X509_NAME_free;
+    wolfssl_linuxkm_pie_redirect_table.wolfSSL_X509_NAME_new_ex = wolfSSL_X509_NAME_new_ex;
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
+
+#ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
+    wolfssl_linuxkm_pie_redirect_table.dump_stack = dump_stack;
 #endif
+
+#ifdef CONFIG_ARM64
+    wolfssl_linuxkm_pie_redirect_table.alt_cb_patch_nops = alt_cb_patch_nops;
 #endif
 
     /* runtime assert that the table has no null slots after initialization. */
@@ -620,8 +646,8 @@ extern const unsigned int wolfCrypt_FIPS_ro_end[];
 #define FIPS_IN_CORE_KEY_SZ 32
 #define FIPS_IN_CORE_VERIFY_SZ FIPS_IN_CORE_KEY_SZ
 typedef int (*fips_address_function)(void);
-#define MAX_FIPS_DATA_SZ  100000
-#define MAX_FIPS_CODE_SZ 1000000
+#define MAX_FIPS_DATA_SZ 10000000
+#define MAX_FIPS_CODE_SZ 10000000
 extern int GenBase16_Hash(const byte* in, int length, char* out, int outSz);
 
 static int updateFipsHash(void)
diff --git a/linuxkm/pie_first.c b/linuxkm/pie_first.c
index 0bf1b1ae4..fb69f3546 100644
--- a/linuxkm/pie_first.c
+++ b/linuxkm/pie_first.c
@@ -1,6 +1,6 @@
 /* linuxkm/pie_first.c -- memory fenceposts for checking binary image stability
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,12 +23,8 @@
     #error pie_first.c must be compiled -fPIE.
 #endif
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/ssl.h>
 
 int wolfCrypt_PIE_first_function(void);
diff --git a/linuxkm/pie_last.c b/linuxkm/pie_last.c
index 8d687f14c..4b8c25dec 100644
--- a/linuxkm/pie_last.c
+++ b/linuxkm/pie_last.c
@@ -1,6 +1,6 @@
 /* linuxkm/pie_last.c -- memory fenceposts for checking binary image stability
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,12 +23,8 @@
     #error pie_last.c must be compiled -fPIE.
 #endif
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/ssl.h>
 
 int wolfCrypt_PIE_last_function(void);
diff --git a/linuxkm/pie_redirect_table.c b/linuxkm/pie_redirect_table.c
index 9142ef49e..65f96dfb6 100644
--- a/linuxkm/pie_redirect_table.c
+++ b/linuxkm/pie_redirect_table.c
@@ -1,6 +1,6 @@
 /* pie_redirect_table.c -- module load/unload hooks for libwolfssl.ko
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,12 +23,8 @@
     #error pie_redirect_table.c must be compiled -fPIE.
 #endif
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/ssl.h>
 
 /* compiling -fPIE results in references to the GOT or equivalent thereof, which remain after linking
diff --git a/linuxkm/x86_vector_register_glue.c b/linuxkm/x86_vector_register_glue.c
index 8f0ffb4ca..2f0618de5 100644
--- a/linuxkm/x86_vector_register_glue.c
+++ b/linuxkm/x86_vector_register_glue.c
@@ -1,7 +1,7 @@
 /* x86_vector_register_glue.c -- glue logic to save and restore vector registers
  * on x86
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -305,7 +305,7 @@ static struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc_unlikely(int c
         }
     } else {
         /* check for migration.  this can happen despite our best efforts if any
-         * I/O occured while locked, e.g. kernel messages like "uninitialized
+         * I/O occurred while locked, e.g. kernel messages like "uninitialized
          * urandom read".  since we're locked now, we can safely migrate the
          * entry in wc_linuxkm_fpu_states[], freeing up the slot on the previous
          * cpu.
@@ -400,12 +400,34 @@ static inline void wc_linuxkm_fpu_state_release(
 
 WARN_UNUSED_RESULT int can_save_vector_registers_x86(void)
 {
+    /* First, check if we're already saved, per wc_linuxkm_fpu_states.
+     *
+     * On kernel >= 6.15, irq_fpu_usable() dumps a backtrace to the kernel log
+     * if called while already saved, so it's crucial to preempt that call by
+     * checking wc_linuxkm_fpu_states.
+     */
+
+    struct wc_thread_fpu_count_ent *pstate = wc_linuxkm_fpu_state_assoc(0);
+
+    if ((pstate != NULL) && (pstate->fpu_state != 0U)) {
+        if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK)
+                     == WC_FPU_COUNT_MASK))
+        {
+            /* would overflow */
+            return 0;
+        } else {
+            return 1;
+        }
+    }
+
     if (irq_fpu_usable())
         return 1;
     else if (in_nmi() || (hardirq_count() > 0) || (softirq_count() > 0))
         return 0;
+#ifdef TIF_NEED_FPU_LOAD
     else if (test_thread_flag(TIF_NEED_FPU_LOAD))
         return 1;
+#endif
     return 0;
 }
 
@@ -441,7 +463,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(void)
     }
 
     if (irq_fpu_usable()
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 17, 0))
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 17, 0)) && defined(TIF_NEED_FPU_LOAD)
         /* work around a kernel bug -- see linux commit 59f5ede3bc0f0.
          * what we really want here is this_cpu_read(in_kernel_fpu), but
          * in_kernel_fpu is an unexported static array.
@@ -489,6 +511,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(void)
         wc_linuxkm_fpu_state_release(pstate);
 #endif
         return BAD_STATE_E;
+#ifdef TIF_NEED_FPU_LOAD
     } else if (!test_thread_flag(TIF_NEED_FPU_LOAD)) {
         static int warned_fpu_forbidden = 0;
         if (! warned_fpu_forbidden)
@@ -498,6 +521,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(void)
         wc_linuxkm_fpu_state_release(pstate);
 #endif
         return BAD_STATE_E;
+#endif
     } else {
         /* assume already safely in_kernel_fpu from caller, but recursively
          * preempt_disable() to be extra-safe.
diff --git a/m4/ax_atomic.m4 b/m4/ax_atomic.m4
index b1fa58753..d8c8d0d2c 100644
--- a/m4/ax_atomic.m4
+++ b/m4/ax_atomic.m4
@@ -9,18 +9,20 @@ AC_DEFUN([AC_C___ATOMIC],
       [[int
         main (int argc, char **argv)
         {
-          volatile unsigned long ul1 = 1, ul2 = 0, ul3 = 2;
+          volatile unsigned long ul1 = 1;
+          unsigned long ul2 = 0, ul3 = 2;
           __atomic_load_n(&ul1, __ATOMIC_SEQ_CST);
           __atomic_compare_exchange(&ul1, &ul2, &ul3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
           __atomic_fetch_add(&ul1, 1, __ATOMIC_SEQ_CST);
-          __atomic_fetch_sub(&ul3, 1, __ATOMIC_SEQ_CST);
+          __atomic_fetch_sub(&ul1, 1, __ATOMIC_SEQ_CST);
           __atomic_or_fetch(&ul1, ul2, __ATOMIC_SEQ_CST);
           __atomic_and_fetch(&ul1, ul2, __ATOMIC_SEQ_CST);
-          volatile unsigned long long ull1 = 1, ull2 = 0, ull3 = 2;
+          volatile unsigned long long ull1 = 1;
+          unsigned long long ull2 = 0, ull3 = 2;
           __atomic_load_n(&ull1, __ATOMIC_SEQ_CST);
           __atomic_compare_exchange(&ull1, &ull2, &ull3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
           __atomic_fetch_add(&ull1, 1, __ATOMIC_SEQ_CST);
-          __atomic_fetch_sub(&ull3, 1, __ATOMIC_SEQ_CST);
+          __atomic_fetch_sub(&ull1, 1, __ATOMIC_SEQ_CST);
           __atomic_or_fetch(&ull1, ull2, __ATOMIC_SEQ_CST);
           __atomic_and_fetch(&ull1, ull2, __ATOMIC_SEQ_CST);
           return 0;
diff --git a/m4/ax_debug.m4 b/m4/ax_debug.m4
index 94e4c9cb6..42808535b 100644
--- a/m4/ax_debug.m4
+++ b/m4/ax_debug.m4
@@ -14,23 +14,23 @@
 #
 #  Copyright (C) 2012 Brian Aker
 #  All rights reserved.
-#  
+#
 #  Redistribution and use in source and binary forms, with or without
 #  modification, are permitted provided that the following conditions are
 #  met:
-#  
+#
 #      * Redistributions of source code must retain the above copyright
 #  notice, this list of conditions and the following disclaimer.
-#  
+#
 #      * Redistributions in binary form must reproduce the above
 #  copyright notice, this list of conditions and the following disclaimer
 #  in the documentation and/or other materials provided with the
 #  distribution.
-#  
+#
 #      * The names of its contributors may not be used to endorse or
 #  promote products derived from this software without specific prior
 #  written permission.
-#  
+#
 #  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 #  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 #  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4
index d9ae175c0..d4377a70e 100644
--- a/m4/ax_harden_compiler_flags.m4
+++ b/m4/ax_harden_compiler_flags.m4
@@ -19,23 +19,23 @@
 #
 #  Copyright (C) 2012 Brian Aker
 #  All rights reserved.
-#  
+#
 #  Redistribution and use in source and binary forms, with or without
 #  modification, are permitted provided that the following conditions are
 #  met:
-#  
+#
 #      * Redistributions of source code must retain the above copyright
 #  notice, this list of conditions and the following disclaimer.
-#  
+#
 #      * Redistributions in binary form must reproduce the above
 #  copyright notice, this list of conditions and the following disclaimer
 #  in the documentation and/or other materials provided with the
 #  distribution.
-#  
+#
 #      * The names of its contributors may not be used to endorse or
 #  promote products derived from this software without specific prior
 #  written permission.
-#  
+#
 #  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 #  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 #  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
diff --git a/m4/ax_linuxkm.m4 b/m4/ax_linuxkm.m4
index a3ba5ccaf..34e794b77 100644
--- a/m4/ax_linuxkm.m4
+++ b/m4/ax_linuxkm.m4
@@ -1,6 +1,6 @@
 # ax_linuxkm.m4 -- macros for getting attributes of default configured kernel
 #
-# Copyright (C) 2006-2024 wolfSSL Inc.
+# Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfSSL.
 #
diff --git a/m4/ax_vcs_checkout.m4 b/m4/ax_vcs_checkout.m4
index 4636b58ed..63d5e9bea 100644
--- a/m4/ax_vcs_checkout.m4
+++ b/m4/ax_vcs_checkout.m4
@@ -16,23 +16,23 @@
 #
 #  Copyright (C) 2012 Brian Aker
 #  All rights reserved.
-#  
+#
 #  Redistribution and use in source and binary forms, with or without
 #  modification, are permitted provided that the following conditions are
 #  met:
-#  
+#
 #      * Redistributions of source code must retain the above copyright
 #  notice, this list of conditions and the following disclaimer.
-#  
+#
 #      * Redistributions in binary form must reproduce the above
 #  copyright notice, this list of conditions and the following disclaimer
 #  in the documentation and/or other materials provided with the
 #  distribution.
-#  
+#
 #      * The names of its contributors may not be used to endorse or
 #  promote products derived from this software without specific prior
 #  written permission.
-#  
+#
 #  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 #  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 #  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
diff --git a/mcapi/crypto.c b/mcapi/crypto.c
index aa5e43019..9b79e6035 100644
--- a/mcapi/crypto.c
+++ b/mcapi/crypto.c
@@ -1,6 +1,6 @@
 /* crypto.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,6 +24,9 @@
 #ifdef HAVE_CONFIG_H
     #include "config.h"
 #endif
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef MICROCHIP_MPLAB_HARMONY
diff --git a/mcapi/crypto.h b/mcapi/crypto.h
index dd95c1ca9..dcb315d9c 100644
--- a/mcapi/crypto.h
+++ b/mcapi/crypto.h
@@ -1,6 +1,6 @@
 /* crypto.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -173,9 +173,9 @@ enum {
 typedef struct CRYPT_AES_CTX {
     /* big enough to hold internal, but check on init */
     #ifdef WOLF_PRIVATE_KEY_ID
-    int holder[110];
+    int holder[114];
     #else
-    int holder[92];
+    int holder[96];
     #endif
 } CRYPT_AES_CTX;
 
diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c
index 16d929749..404b37aaf 100644
--- a/mcapi/mcapi_test.c
+++ b/mcapi/mcapi_test.c
@@ -1,6 +1,6 @@
 /* mcapi_test.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,9 +27,12 @@
     #include <config.h>
 #endif
 
-/* mc api header */
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
 
+/* mc api header */
 #include "crypto.h"
 
 /* sanity test against our default implementation, wolfssl headers  */
diff --git a/mplabx/benchmark_main.c b/mplabx/benchmark_main.c
index 8a9cf8142..6d27f94f1 100644
--- a/mplabx/benchmark_main.c
+++ b/mplabx/benchmark_main.c
@@ -1,6 +1,6 @@
 /* benchmark_main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/mplabx/test_main.c b/mplabx/test_main.c
index 64f3556a1..8ffa3c76b 100644
--- a/mplabx/test_main.c
+++ b/mplabx/test_main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/mqx/wolfcrypt_test/Sources/main.c b/mqx/wolfcrypt_test/Sources/main.c
index 040a2bf3c..0276c7c80 100644
--- a/mqx/wolfcrypt_test/Sources/main.c
+++ b/mqx/wolfcrypt_test/Sources/main.c
@@ -58,7 +58,7 @@ typedef struct func_args {
 /*TASK*-----------------------------------------------------------------
  * Function Name  : Main_task
  * Comments       :
- *    This task opens the SD card device and runs the 
+ *    This task opens the SD card device and runs the
  *    wolfCrypt test functions located in test.c.
  *END------------------------------------------------------------------*/
 
@@ -69,7 +69,7 @@ void Main_task(uint32_t initial_data)
     char         filesystem_name[] = "a:";
     char         partman_name[]    = "pm:";
     MQX_FILE_PTR com_handle, sdcard_handle, filesystem_handle, partman_handle;
-    
+
     ret = sdcard_open(&com_handle, &sdcard_handle, &partman_handle,
                       &filesystem_handle, partman_name, filesystem_name);
     if (ret != 0) {
@@ -77,9 +77,9 @@ void Main_task(uint32_t initial_data)
         _mqx_exit(1);
     }
     printf("SD card installed to %s\n", filesystem_name);
-    
+
     wolfcrypt_test(&args);
-    
+
     ret = sdcard_close(&sdcard_handle, &partman_handle,
                        &filesystem_handle, partman_name, filesystem_name);
     if (ret != 0) {
@@ -87,7 +87,7 @@ void Main_task(uint32_t initial_data)
         _mqx_exit(1);
     }
     printf("SD card uninstalled.\n");
-    
+
     _mqx_exit(0);
 
 }
diff --git a/scripts/crl-revoked.test b/scripts/crl-revoked.test
index fc193d369..17c26d15a 100755
--- a/scripts/crl-revoked.test
+++ b/scripts/crl-revoked.test
@@ -217,8 +217,14 @@ else
    exit_hash_dir_code=0
 fi
 
-# run the test
-run_test
+# Check that server is enabled
+./examples/server/server -? 2>&1 | grep -- 'Create Ready file'
+if [ $? -eq 0 ]; then
+    # run the test
+    run_test
+else
+    exit_code=0
+fi
 
 # If we get to this exit, exit_code will be a 1 signaling failure
 echo "exiting with $exit_code certificate was not revoked"
diff --git a/scripts/external.test b/scripts/external.test
index abef437a0..970f6ad6d 100755
--- a/scripts/external.test
+++ b/scripts/external.test
@@ -16,24 +16,28 @@ if ! ./examples/client/client -V | grep -q 3; then
 fi
 
 # cloudflare seems to change CAs quickly, disabled by default
-if test -n "$WOLFSSL_EXTERNAL_TEST"; then
-
-    BUILD_FLAGS="$(./examples/client/client '-#')"
-    if echo "$BUILD_FLAGS" | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
-        echo 'skipping WOLFSSL_EXTERNAL_TEST because -DWOLFSSL_SNIFFER configuration of build is incompatible.'
-        exit 77
-    fi
-
-    if echo "$BUILD_FLAGS" | fgrep -v -q -e ' -DHAVE_ECC '; then
-        echo 'skipping WOLFSSL_EXTERNAL_TEST because -UHAVE_ECC configuration of build is incompatible.'
-        exit 77
-    fi
-
-    echo "WOLFSSL_EXTERNAL_TEST set, running test..."
-else
-    echo "WOLFSSL_EXTERNAL_TEST NOT set, won't run"
+if ! test -n "$WOLFSSL_EXTERNAL_TEST"; then
+    echo "WOLFSSL_EXTERNAL_TEST not set, won't run"
     exit 77
 fi
+if test "$WOLFSSL_EXTERNAL_TEST" == "0"; then
+    echo "WOLFSSL_EXTERNAL_TEST is defined to zero, won't run"
+    exit 77
+fi
+
+
+BUILD_FLAGS="$(./examples/client/client '-#')"
+if echo "$BUILD_FLAGS" | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
+    echo 'skipping WOLFSSL_EXTERNAL_TEST because -DWOLFSSL_SNIFFER configuration of build is incompatible.'
+    exit 77
+fi
+
+if echo "$BUILD_FLAGS" | fgrep -v -q -e ' -DHAVE_ECC '; then
+    echo 'skipping WOLFSSL_EXTERNAL_TEST because -UHAVE_ECC configuration of build is incompatible.'
+    exit 77
+fi
+
+echo "WOLFSSL_EXTERNAL_TEST set, running test..."
 
 # is our desired server there?
 "${SCRIPT_DIR}"/ping.test $server 2
diff --git a/scripts/google.test b/scripts/google.test
index e2b0c63d4..5e3e8f0f9 100755
--- a/scripts/google.test
+++ b/scripts/google.test
@@ -10,6 +10,10 @@ if ! test -n "$WOLFSSL_EXTERNAL_TEST"; then
     echo "WOLFSSL_EXTERNAL_TEST not set, won't run"
     exit 77
 fi
+if test "$WOLFSSL_EXTERNAL_TEST" == "0"; then
+    echo "WOLFSSL_EXTERNAL_TEST is defined to zero, won't run"
+    exit 77
+fi
 
 if ! ./examples/client/client -V | grep -q 3; then
     echo 'skipping google.test because TLS1.2 is not available.' 1>&2
diff --git a/scripts/include.am b/scripts/include.am
index f4f925a08..c42fce2a7 100644
--- a/scripts/include.am
+++ b/scripts/include.am
@@ -27,6 +27,9 @@ endif
 
 if BUILD_OCSP_STAPLING
 dist_noinst_SCRIPTS+= scripts/ocsp-stapling.test
+if BUILD_OCSP_STAPLING_MULTI
+dist_noinst_SCRIPTS+= scripts/ocsp-stapling_tls13multi.test
+endif
 if !BUILD_OCSP_STAPLING_V2
 testsuite/testsuite.log: scripts/ocsp-stapling.log scripts/ocsp-stapling-with-ca-as-responder.log
 endif
@@ -34,6 +37,9 @@ scripts/ocsp-stapling.log: scripts/ocsp.log
 dist_noinst_SCRIPTS+= scripts/ocsp-stapling-with-ca-as-responder.test
 scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp.log
 scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp-stapling.log
+if BUILD_OCSP_STAPLING_MULTI
+scripts/ocsp-stapling_tls13multi.log: scripts/ocsp-stapling-with-ca-as-responder.log
+endif
 endif
 
 if BUILD_OCSP_STAPLING_V2
diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test
index 90b7332a9..2d544da1b 100755
--- a/scripts/ocsp-stapling.test
+++ b/scripts/ocsp-stapling.test
@@ -11,6 +11,12 @@ if [[ -z "${RETRIES_REMAINING-}" ]]; then
     export RETRIES_REMAINING=2
 fi
 
+if test "$WOLFSSL_EXTERNAL_TEST" == "0"; then
+    echo 'skipping oscp-stapling.test because WOLFSSL_EXTERNAL_TEST is \
+    defined to the value 0.'
+    exit 77
+fi
+
 if ! ./examples/client/client -V | grep -q 3; then
     echo 'skipping ocsp-stapling.test because TLS1.2 is not available.' 1>&2
     exit 77
@@ -21,6 +27,20 @@ if ./examples/client/client '-#' | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
     exit 77
 fi
 
+if ./examples/client/client -V | grep -q 4; then
+    tls13=yes
+fi
+if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then
+    dtls13=yes
+fi
+./examples/client/client '-?' 2>&1 | grep -- 'Perform multi OCSP stapling for TLS13'
+if [ $? -eq 0 ]; then
+    tls13multi=yes
+else
+    tls13multi=no
+fi
+
+
 if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then
     IPV6_SUPPORTED=yes
 else
@@ -340,7 +360,7 @@ RESULT=$?
 printf '%s\n\n' "Test successfully REVOKED!"
 
 
-if ./examples/client/client -V | grep -q 4; then
+ if [[ ("$tls13" == "yes") && ("$tls13multi" == "no") ]]; then
     printf '%s\n\n' "------------- TEST CASE 3 SHOULD PASS --------------------"
     # client test against our own server - GOOD CERT
     remove_single_rF "$ready_file2"
@@ -406,7 +426,7 @@ if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.2'; then
   printf '%s\n\n' "Test PASSED!"
 fi
 
-if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then
+ if [[ ("$dtls13" == "yes") && ("$tls13multi" == "no") ]]; then
   printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD PASS -------------------"
  # client test against our own server, must staple - GOOD CERT
   ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \
@@ -428,7 +448,8 @@ generate_port() {
     # Generate a random port number
     #-------------------------------------------------------------------------#
 
-    if [[ "$OSTYPE" == "linux"* ]]; then
+    if [[ "$OSTYPE" == "linux"* || "$OSTYPE" == "msys"
+                                || "$OSTYPE" == "cygwin"* ]]; then
         port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
     elif [[ "$OSTYPE" == "darwin"* ]]; then
         port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test
index f18ee1a7c..c5664b37a 100755
--- a/scripts/ocsp-stapling2.test
+++ b/scripts/ocsp-stapling2.test
@@ -43,7 +43,7 @@ fi
 if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then
     if [[ "$IPV6_SUPPORTED" == "no" ]]; then
         echo 'Skipping IPV6 test in environment lacking IPV6 support.'
-        exit 0
+        exit 77
     fi
     LOCALHOST='[::1]'
     LOCALHOST_FOR_NC='-6 ::1'
@@ -467,7 +467,8 @@ generate_port() {
     # Generate a random port number
     #-------------------------------------------------------------------------#
 
-    if [[ "$OSTYPE" == "linux"* ]]; then
+    if [[ "$OSTYPE" == "linux"* || "$OSTYPE" == "msys"
+                                || "$OSTYPE" == "cygwin" ]]; then
         port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
     elif [[ "$OSTYPE" == "darwin"* ]]; then
         port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
diff --git a/scripts/ocsp-stapling_tls13multi.test b/scripts/ocsp-stapling_tls13multi.test
new file mode 100755
index 000000000..27ef90031
--- /dev/null
+++ b/scripts/ocsp-stapling_tls13multi.test
@@ -0,0 +1,522 @@
+#!/bin/bash
+
+# ocsp-stapling_tls13multi.test
+# Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2
+
+SCRIPT_DIR="$(dirname "$0")"
+
+# if we can, isolate the network namespace to eliminate port collisions.
+if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
+     if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
+         export NETWORK_UNSHARE_HELPER_CALLED=yes
+         exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
+     fi
+elif [ "${AM_BWRAPPED-}" != "yes" ]; then
+    bwrap_path="$(command -v bwrap)"
+    if [ -n "$bwrap_path" ]; then
+        export AM_BWRAPPED=yes
+        exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
+    fi
+    unset AM_BWRAPPED
+fi
+
+if [[ -z "${RETRIES_REMAINING-}" ]]; then
+    export RETRIES_REMAINING=2
+fi
+
+if ! ./examples/client/client -V | grep -q 4; then
+    tls13=no
+
+else
+    tls13=yes
+fi
+
+if ! ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then
+    dtls13=no
+else
+    dtls13=yes
+fi
+
+if [[ ("$tls13" == "no") && ("$dtls13" == "no") ]]; then
+    echo 'skipping ocsp-stapling_tls13multi.test because TLS1.3 is not available.' 1>&2
+    exit 77
+fi
+
+if ! ./examples/client/client -V | grep -q 4; then
+    tls13=no
+    echo 'skipping ocsp-stapling_tls13multi.test because TLS1.3 is not available.' 1>&2
+    exit 77
+else
+    tls13=yes
+fi
+
+if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then
+    IPV6_SUPPORTED=yes
+else
+    IPV6_SUPPORTED=no
+fi
+
+if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then
+    if [[ "$IPV6_SUPPORTED" == "no" ]]; then
+        echo 'Skipping IPV6 test in environment lacking IPV6 support.'
+        exit 77
+    fi
+    LOCALHOST='[::1]'
+    LOCALHOST_FOR_NC='-6 ::1'
+else
+    LOCALHOST='127.0.0.1'
+    LOCALHOST_FOR_NC='127.0.0.1'
+fi
+
+PARENTDIR="$PWD"
+
+# create a unique workspace directory ending in PID for the script instance ($$)
+# to make this instance orthogonal to any others running, even on same repo.
+# TCP ports are also carefully formed below from the PID, to minimize conflicts.
+
+#WORKSPACE="${PARENTDIR}/workspace.pid$$"
+#mkdir "${WORKSPACE}" || exit $?
+
+WORKSPACE="$(mktemp -d -p ${PARENTDIR})"
+
+cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $?
+cd "$WORKSPACE" || exit $?
+ln -s ../examples
+
+CERT_DIR="certs/ocsp"
+
+
+ready_file1="$WORKSPACE"/wolf_ocsp_s2_readyF1$$
+ready_file2="$WORKSPACE"/wolf_ocsp_s2_readyF2$$
+ready_file3="$WORKSPACE"/wolf_ocsp_s2_readyF3$$
+ready_file4="$WORKSPACE"/wolf_ocsp_s2_readyF4$$
+ready_file5="$WORKSPACE"/wolf_ocsp_s2_readyF5$$
+printf '%s\n' "ready file 1:  $ready_file1"
+printf '%s\n' "ready file 2:  $ready_file2"
+printf '%s\n' "ready file 3:  $ready_file3"
+printf '%s\n' "ready file 4:  $ready_file4"
+printf '%s\n' "ready file 5:  $ready_file5"
+
+test_cnf="ocsp_s2.cnf"
+
+wait_for_readyFile(){
+
+    counter=0
+
+    while [ ! -s $1 -a "$counter" -lt 20 ]; do
+        if [[ -n "${2-}" ]]; then
+            if ! kill -0 $2 2>&-; then
+                echo "pid $2 for port ${3-} exited before creating ready file.  bailing..."
+                exit 1
+            fi
+        fi
+        echo -e "waiting for ready file..."
+        sleep 0.1
+        counter=$((counter+ 1))
+    done
+
+    if test -e $1; then
+        echo -e "found ready file, starting client..."
+    else
+        echo -e "NO ready file at $1 -- ending test..."
+        exit 1
+    fi
+
+}
+
+remove_single_rF(){
+    if test -e $1; then
+        printf '%s\n' "removing ready file: $1"
+        rm $1
+    fi
+}
+#create a configure file for cert generation with the port 0 solution
+create_new_cnf() {
+    echo "Random Ports Selected: $1 $2 $3 $4"
+
+    cat <<- EOF > $test_cnf
+        #
+        # openssl configuration file for OCSP certificates
+        #
+
+        # Extensions to add to a certificate request (intermediate1-ca)
+        [ v3_req1 ]
+        basicConstraints       = CA:false
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+        authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$1
+
+        # Extensions to add to a certificate request (intermediate2-ca)
+        [ v3_req2 ]
+        basicConstraints       = CA:false
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+        authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$2
+
+        # Extensions to add to a certificate request (intermediate3-ca)
+        [ v3_req3 ]
+        basicConstraints       = CA:false
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
+        authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$3
+
+        # Extensions for a typical CA
+        [ v3_ca ]
+        basicConstraints       = CA:true
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        keyUsage               = keyCertSign, cRLSign
+        authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$4
+
+        # OCSP extensions.
+        [ v3_ocsp ]
+        basicConstraints       = CA:false
+        subjectKeyIdentifier   = hash
+        authorityKeyIdentifier = keyid:always,issuer:always
+        extendedKeyUsage       = OCSPSigning
+EOF
+
+    mv $test_cnf $CERT_DIR/$test_cnf
+    cd $CERT_DIR
+    CURR_LOC="$PWD"
+    printf '%s\n' "echo now in $CURR_LOC"
+    ./renewcerts-for-test.sh $test_cnf
+    cd $WORKSPACE
+}
+
+remove_ready_file(){
+    if test -e $ready_file1; then
+        printf '%s\n' "removing ready file: $ready_file1"
+        rm $ready_file1
+    fi
+    if test -e $ready_file2; then
+        printf '%s\n' "removing ready file: $ready_file2"
+        rm $ready_file2
+    fi
+    if test -e $ready_file3; then
+        printf '%s\n' "removing ready file: $ready_file3"
+        rm $ready_file3
+    fi
+    if test -e $ready_file4; then
+        printf '%s\n' "removing ready file: $ready_file4"
+        rm $ready_file4
+    fi
+    if test -e $ready_file5; then
+        printf '%s\n' "removing ready file: $ready_file5"
+        rm $ready_file5
+    fi
+}
+
+cleanup()
+{
+    exit_status=$?
+    for i in $(jobs -pr)
+    do
+        kill -s KILL "$i"
+    done
+    remove_ready_file
+    rm $CERT_DIR/$test_cnf
+    cd "$PARENTDIR" || return 1
+    rm -r "$WORKSPACE" || return 1
+
+    if [[ ("$exit_status" == 1) && ($RETRIES_REMAINING -gt 0) ]]; then
+        echo "retrying..."
+        RETRIES_REMAINING=$((RETRIES_REMAINING - 1))
+        exec $0 "$@"
+    fi
+}
+trap cleanup EXIT INT TERM HUP
+
+[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
+
+# check if supported key size is large enough to handle 4096 bit RSA
+size="$(./examples/client/client '-?' | grep "Max RSA key")"
+size="${size//[^0-9]/}"
+if [ ! -z "$size" ]; then
+    printf 'check on max key size of %d ...' $size
+    if [ $size -lt 4096 ]; then
+        printf '%s\n' "4096 bit RSA keys not supported"
+        exit 0
+    fi
+    printf 'OK\n'
+fi
+
+#get four unique ports
+
+# choose consecutive ports based on the PID, skipping any that are
+# already bound, to avoid the birthday problem in case other
+# instances are sharing this host.
+
+get_first_free_port() {
+    local ret="$1"
+    while :; do
+        if [[ "$ret" -ge 65536 ]]; then
+            ret=1024
+        fi
+        if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then
+            break
+        fi
+        ret=$((ret+1))
+    done
+    echo "$ret"
+    return 0
+}
+
+base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024))
+port1=$(get_first_free_port $base_port)
+port2=$(get_first_free_port $((port1 + 1)))
+port3=$(get_first_free_port $((port2 + 1)))
+port4=$(get_first_free_port $((port3 + 1)))
+port5=$(get_first_free_port $((port4 + 1)))
+
+# 1:
+./examples/server/server -R $ready_file1 -p $port1 &
+server_pid1=$!
+wait_for_readyFile $ready_file1 $server_pid1 $port1
+if [ ! -f $ready_file1 ]; then
+    printf '%s\n' "Failed to create ready file1: \"$ready_file1\""
+    exit 1
+fi
+# 2:
+./examples/server/server -R $ready_file2 -p $port2 &
+server_pid2=$!
+wait_for_readyFile $ready_file2 $server_pid2 $port2
+if [ ! -f $ready_file2 ]; then
+    printf '%s\n' "Failed to create ready file2: \"$ready_file2\""
+    exit 1
+fi
+# 3:
+./examples/server/server -R $ready_file3 -p $port3 &
+server_pid3=$!
+wait_for_readyFile $ready_file3 $server_pid3 $port3
+if [ ! -f $ready_file3 ]; then
+    printf '%s\n' "Failed to create ready file3: \"$ready_file3\""
+    exit 1
+fi
+# 4:
+./examples/server/server -R $ready_file4 -p $port4 &
+server_pid4=$!
+wait_for_readyFile $ready_file4 $server_pid4 $port4
+if [ ! -f $ready_file4 ]; then
+    printf '%s\n' "Failed to create ready file4: \"$ready_file4\""
+    exit 1
+fi
+
+printf '%s\n' "------------- PORTS ---------------"
+printf '%s' "Random ports selected: $port1 $port2"
+printf '%s\n' " $port3 $port4"
+printf '%s\n' "-----------------------------------"
+# Use client connections to cleanly shutdown the servers
+./examples/client/client -p $port1
+./examples/client/client -p $port2
+./examples/client/client -p $port3
+./examples/client/client -p $port4
+create_new_cnf $port1 $port2 $port3 \
+               $port4
+
+sleep 0.1
+
+# setup ocsp responders
+# OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port1 -nmin 1                         \
+    -index   certs/ocsp/index-ca-and-intermediate-cas.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem           \
+    -rkey    certs/ocsp/ocsp-responder-key.pem            \
+    -CA      certs/ocsp/root-ca-cert.pem                  \
+    "$@"                                                  \
+    &
+
+# OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port2 -nmin 1                               \
+    -index   certs/ocsp/index-intermediate2-ca-issued-certs.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem                 \
+    -rkey    certs/ocsp/ocsp-responder-key.pem                  \
+    -CA      certs/ocsp/intermediate2-ca-cert.pem               \
+    "$@"                                                        \
+    &
+
+# OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port3 -nmin 1                               \
+    -index   certs/ocsp/index-intermediate3-ca-issued-certs.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem                 \
+    -rkey    certs/ocsp/ocsp-responder-key.pem                  \
+    -CA      certs/ocsp/intermediate3-ca-cert.pem               \
+    "$@"                                                        \
+    &
+
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port $port4 -nmin 1                         \
+    -index   certs/ocsp/index-ca-and-intermediate-cas.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem           \
+    -rkey    certs/ocsp/ocsp-responder-key.pem            \
+    -CA      certs/ocsp/root-ca-cert.pem                  \
+    "$@"                                                  \
+    &
+
+sleep 0.1
+# "jobs" is not portable for posix. Must use bash interpreter!
+[ $(jobs -r | wc -l) -ne 4 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0
+
+printf '\n\n%s\n\n' "All OCSP responders started successfully!"
+
+if [ "$tls13" == "yes" ]; then
+    printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
+    # client test against our own server - GOOD CERTS
+    ./examples/server/server -c certs/ocsp/server3-cert.pem \
+                            -k certs/ocsp/server3-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1
+    printf '%s\n\n' "Test PASSED!"
+
+    printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"
+    # client test against our own server - REVOKED SERVER CERT
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server4-cert.pem \
+                            -k certs/ocsp/server4-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+    printf '%s\n\n' "------------- TEST CASE 3 SHOULD REVOKE ----------------------"
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server4-cert.pem \
+                            -k certs/ocsp/server4-key.pem -R $ready_file5 \
+                            -p $port5 &
+    sleep 0.1
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+    printf '%s\n\n' "------------- TEST CASE 4 SHOULD REVOKE ------------------------"
+    # client test against our own server - REVOKED INTERMEDIATE CERT
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server5-cert.pem \
+                            -k certs/ocsp/server5-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+    printf '%s\n\n' "------------- TEST CASE 5 SHOULD REVOKE ----------------------"
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server5-cert.pem \
+                            -k certs/ocsp/server5-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+    printf '%s\n\n' "------------- TEST CASE 6 LOAD CERT IN SSL -------------------"
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server1-cert.pem \
+                            -k certs/ocsp/server1-key.pem -R $ready_file5 -v 4 \
+                            -p $port5 -H loadSSL &
+    server_pid5=$!
+    wait_for_readyFile $ready_file5 $server_pid5 $port5
+    echo "test connection" | openssl s_client -status -legacy_renegotiation -connect ${LOCALHOST}:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
+    RESULT=$?
+    [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1
+    wait $server_pid5
+    if [ $? -ne 0 ]; then
+        printf '%s\n' "Unexpected server result"
+        exit 1
+    fi
+    printf '%s\n\n' "Test successful"
+    printf '%s\n\n' "------------- TEST CASE 7 SHOULD REVOKE ----------------------"
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server4-cert.pem \
+                            -k certs/ocsp/server4-key.pem -R $ready_file5 \
+                            -p $port5 -H loadSSL -v 4 &
+    server_pid5=$!
+    sleep 0.1
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    wait $server_pid5
+    if [ $? -ne 1 ]; then
+        printf '%s\n' "Unexpected server result"
+        exit 1
+    fi
+    printf '%s\n\n' "Test successfully REVOKED!"
+fi
+
+if [ "$dtls13" == "yes" ]; then
+    printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS ---------------"
+    # client test against our own server - GOOD CERTS
+    ./examples/server/server -c certs/ocsp/server3-cert.pem \
+                            -k certs/ocsp/server3-key.pem -R $ \
+                            -p $port5 -u -v 4 &
+    server_pid5=$!
+    sleep 0.2
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -u -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1
+    printf '%s\n\n' "Test PASSED!"
+
+    printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD REVOKE --------------"
+    # client test against our own server - REVOKED SERVER CERT
+    remove_single_rF $ready_file5
+    ./examples/server/server -c certs/ocsp/server4-cert.pem \
+                            -k certs/ocsp/server4-key.pem -R $ready_file5 \
+                            -p $port5 -v 4 &
+    server_pid5=$!
+    sleep 0.2
+    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \
+                            -p $port5
+    RESULT=$?
+    [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
+    printf '%s\n\n' "Test successfully REVOKED!"
+
+fi
+
+# need a unique port since may run the same time as testsuite
+generate_port() {
+    #-------------------------------------------------------------------------#
+    # Generate a random port number
+    #-------------------------------------------------------------------------#
+
+    if [[ "$OSTYPE" == "linux"* ]]; then
+        port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
+    elif [[ "$OSTYPE" == "darwin"* ]]; then
+        port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
+    else
+        echo "Unknown OS TYPE"
+        exit 1
+    fi
+}
+
+printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------"
+
+exit 0
diff --git a/scripts/ocsp.test b/scripts/ocsp.test
index 0131b0bfd..74764de90 100755
--- a/scripts/ocsp.test
+++ b/scripts/ocsp.test
@@ -50,7 +50,7 @@ else
 fi
 
 server=www.google.com
-ca=${SCRIPT_DIR}/../certs/external/ca-google-root.pem
+ca=certs/external/ca-google-root.pem
 
 if [ "$AM_BWRAPPED" != "yes" ]; then
     # is our desired server there?
diff --git a/scripts/openssl.test b/scripts/openssl.test
index b557bb69b..f797a9ff8 100755
--- a/scripts/openssl.test
+++ b/scripts/openssl.test
@@ -64,6 +64,7 @@ anon_wolfssl_pid=$no_pid
 wolf_cases_tested=0
 wolf_cases_total=0
 counter=0
+wolfssl_no_resume=""
 testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#wolf\t#Found\t#OpenSSL\n"
 versionName="Invalid"
 if [ "$OPENSSL" = "" ]; then
@@ -328,6 +329,10 @@ do_wolfssl_client() {
     then
         wolfssl_resume=
     fi
+    if [ "$wolfssl_no_resume" = "yes" ]
+    then
+        wolfssl_resume=
+    fi
     if [ "$version" != "5" -a "$version" != "" ]
     then
         echo "#"
@@ -516,6 +521,19 @@ then
     if [ "$wolf_rsa" != "" ]; then
         echo "wolfSSL supports RSA"
     fi
+    # Check if RSA-PSS certificates supported in wolfSSL
+    wolf_rsapss=`$WOLFSSL_CLIENT -A "${CERT_DIR}/rsapss/ca-rsapss.pem" 2>&1`
+    case $wolf_rsapss in
+    *"ca file"*)
+        echo "wolfSSL does not support RSA-PSS"
+        wolf_rsapss=""
+        ;;
+    *)
+        ;;
+    esac
+    if [ "$wolf_rsapss" != "" ]; then
+        echo "wolfSSL supports RSA-PSS"
+    fi
     # Check if ECC certificates supported in wolfSSL
     wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1`
     case $wolf_ecc in
@@ -1228,6 +1246,49 @@ do
 done
 IFS="$OIFS" #restore separator
 
+# Skip RSA-PSS interop test when RSA-PSS is not supported
+if [ "$wolf_rsapss" != "" -a "$ecdhe_avail" = "yes" -a "$wolf_rsa" = "yes" ]
+then
+    # Test for RSA-PSS certs interop
+    # Was running into alert sent by openssl server with version 1.1.1 released
+    # in Sep 2018. To avoid this issue check that openssl version 3.0.0 or later
+    # is used.
+
+    $OPENSSL version | awk '{print $2}' | \
+        awk -F. '{if ($1 >= 3) exit 1; else exit 0;}'
+    RESULT=$?
+    if [ "$RESULT" = "0" ]; then
+        echo -e "Old version of openssl detected, skipping interop RSA-PSS test"
+    else
+        echo -e "Doing interop RSA-PSS test"
+
+        key_file=${CERT_DIR}/rsapss/server-rsapss-priv.pem
+        cert_file=${CERT_DIR}/rsapss/server-rsapss.pem
+        ca_file=${CERT_DIR}/client-cert.pem
+        openssl_suite="RSAPSS"
+        start_openssl_server
+
+        cert="${CERT_DIR}/client-cert.pem"
+        key="${CERT_DIR}/client-key.pem"
+        caCert="${CERT_DIR}/rsapss/ca-rsapss.pem"
+        crl="-C"
+        wolfSuite="ALL"
+        wolfssl_no_resume="yes"
+        port=$server_port
+
+        if [ "$wolf_tls13" != "" ]
+        then
+            version="4"
+            do_wolfssl_client
+        fi
+
+        if [ "$wolf_tls" != "" ]
+        then
+            version="3"
+            do_wolfssl_client
+        fi
+    fi
+fi
 do_cleanup
 
 echo -e "wolfSSL total cases   $wolf_cases_total"
diff --git a/src/bio.c b/src/bio.c
index 494234c73..0b52a6c17 100644
--- a/src/bio.c
+++ b/src/bio.c
@@ -1,6 +1,6 @@
 /* bio.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,15 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
-#if defined(OPENSSL_EXTRA) && !defined(_WIN32)
+#if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE)
     /* turn on GNU extensions for XVASPRINTF with wolfSSL_BIO_printf */
-    #undef  _GNU_SOURCE
-    #define _GNU_SOURCE
+    #define _GNU_SOURCE 1
 #endif
 
 #if !defined(WOLFSSL_BIO_INCLUDED)
@@ -143,11 +139,11 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len)
             return WOLFSSL_BIO_ERROR;
         }
 
-        XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, sz);
+        XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, (size_t)sz);
         bio->rdIdx += sz;
 
         if (bio->rdIdx >= bio->wrSz) {
-            if (bio->flags & BIO_FLAGS_MEM_RDONLY) {
+            if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) {
                 bio->wrSz = bio->wrSzReset;
             }
             else {
@@ -164,18 +160,18 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len)
             bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
         }
         else if (bio->rdIdx >= WOLFSSL_BIO_RESIZE_THRESHOLD &&
-                !(bio->flags & BIO_FLAGS_MEM_RDONLY)) {
+                !(bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY)) {
             /* Resize the memory so we are not taking up more than necessary.
              * memmove reverts internally to memcpy if areas don't overlap */
             XMEMMOVE(bio->mem_buf->data, bio->mem_buf->data + bio->rdIdx,
-                    bio->wrSz - bio->rdIdx);
+                    (long unsigned int)bio->wrSz - (size_t)bio->rdIdx);
             bio->wrSz -= bio->rdIdx;
             bio->rdIdx = 0;
             /* Resize down to WOLFSSL_BIO_RESIZE_THRESHOLD for fewer
              * allocations. */
             if (wolfSSL_BUF_MEM_resize(bio->mem_buf,
-                    bio->wrSz > WOLFSSL_BIO_RESIZE_THRESHOLD ? bio->wrSz :
-                            WOLFSSL_BIO_RESIZE_THRESHOLD) == 0) {
+                bio->wrSz > WOLFSSL_BIO_RESIZE_THRESHOLD ?
+                (size_t)bio->wrSz : WOLFSSL_BIO_RESIZE_THRESHOLD) == 0) {
                 WOLFSSL_MSG("wolfSSL_BUF_MEM_resize error");
                 return WOLFSSL_BIO_ERROR;
             }
@@ -201,6 +197,7 @@ int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b)
 }
 
 #ifndef WOLFCRYPT_ONLY
+#ifndef NO_TLS
 /* Helper function to read from WOLFSSL_BIO_SSL type
  *
  * returns the number of bytes read on success
@@ -232,10 +229,11 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
 
     return ret;
 }
+#endif /* !NO_TLS */
 
 static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz)
 {
-    if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) {
+    if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == WC_NID_hmac) {
         if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, buf,
                         (unsigned int)sz) != WOLFSSL_SUCCESS)
         {
@@ -250,7 +248,7 @@ static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz)
     }
     return sz;
 }
-#endif /* WOLFCRYPT_ONLY */
+#endif /* !WOLFCRYPT_ONLY */
 
 
 /* Used to read data from a WOLFSSL_BIO structure
@@ -332,7 +330,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
             #endif /* !NO_FILESYSTEM */
                 break;
             case WOLFSSL_BIO_SSL:
-            #ifndef WOLFCRYPT_ONLY
+            #if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
                 ret = wolfSSL_BIO_SSL_read(bio, buf, len, front);
             #else
                 WOLFSSL_MSG("WOLFSSL_BIO_SSL used with WOLFCRYPT_ONLY");
@@ -353,7 +351,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
                  *  (cannot be used with WOLFSSL_USER_IO) */
                 bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY;
                 ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0);
-                if (ret == WOLFSSL_CBIO_ERR_WANT_READ) {
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
                     bio->flags |= WOLFSSL_BIO_FLAG_RETRY;
                 }
                 if (ret < 0) {
@@ -377,7 +375,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
                     ret = wolfIO_RecvFrom(bio->num.fd, &bio->peer_addr,
                                           (char*)buf, len, 0);
                 }
-                if (ret == WOLFSSL_CBIO_ERR_WANT_READ) {
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
                     bio->flags |= WOLFSSL_BIO_FLAG_RETRY;
                 }
                 if (ret < 0) {
@@ -388,6 +386,10 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
             #endif
                 break;
 
+            case WOLFSSL_BIO_NULL:
+                ret = 0;
+                break;
+
             } /* switch */
         }
 
@@ -453,8 +455,9 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data,
         }
     }
     else {
-        if (Base64_Encode((const byte*)data, inLen, NULL, &sz) !=
-            LENGTH_ONLY_E) {
+        if (Base64_Encode((const byte*)data, inLen, NULL, &sz)
+              != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
+        {
             WOLFSSL_MSG("Error with base64 get length");
             return WOLFSSL_FATAL_ERROR;
         }
@@ -500,7 +503,7 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data,
 }
 #endif /* WOLFSSL_BASE64_ENCODE */
 
-#ifndef WOLFCRYPT_ONLY
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
 /* Helper function for writing to a WOLFSSL_BIO_SSL type
  *
  * returns the amount written in bytes on success
@@ -531,7 +534,7 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data,
     }
     return ret;
 }
-#endif /* WOLFCRYPT_ONLY */
+#endif /* !WOLFCRYPT_ONLY && !NO_TLS */
 
 /* Writes to a WOLFSSL_BIO_BIO type.
  *
@@ -562,7 +565,7 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data,
         WOLFSSL_MSG("Error in wolfSSL_BIO_nwrite");
         return sz1;
     }
-    XMEMCPY(buf, data, sz1);
+    XMEMCPY(buf, data, (size_t)sz1);
     data = (char*)data + sz1;
     len -= sz1;
 
@@ -570,7 +573,7 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data,
         /* try again to see if maybe we wrapped around the ring buffer */
         sz2 = wolfSSL_BIO_nwrite(bio, &buf, len);
         if (sz2 > 0) {
-            XMEMCPY(buf, data, sz2);
+            XMEMCPY(buf, data, (size_t)sz2);
             sz1 += sz2;
             if (len > sz2)
                 bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY;
@@ -601,15 +604,15 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data,
         WOLFSSL_MSG("one of input parameters is null");
         return WOLFSSL_FAILURE;
     }
-    if (bio->flags & BIO_FLAGS_MEM_RDONLY) {
+    if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) {
         return WOLFSSL_FAILURE;
     }
 
     if (len == 0)
         return WOLFSSL_SUCCESS; /* Return early to make logic simpler */
 
-    if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, bio->wrSz + len, 0)
-            == 0) {
+    if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, ((size_t)bio->wrSz) +
+                                                    ((size_t)len), 0) == 0) {
         WOLFSSL_MSG("Error growing memory area");
         return WOLFSSL_FAILURE;
     }
@@ -619,7 +622,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data,
         return WOLFSSL_FAILURE;
     }
 
-    XMEMCPY(bio->mem_buf->data + bio->wrSz, data, len);
+    XMEMCPY(bio->mem_buf->data + bio->wrSz, data, (size_t)len);
     bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
     bio->num.length = bio->mem_buf->max;
     bio->wrSz += len;
@@ -642,7 +645,7 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len)
         return BAD_FUNC_ARG;
     }
 
-    if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) {
+    if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == WC_NID_hmac) {
         if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, data,
                     (unsigned int)len) != WOLFSSL_SUCCESS) {
             ret = WOLFSSL_BIO_ERROR;
@@ -746,7 +749,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
             #endif /* !NO_FILESYSTEM */
                 break;
             case WOLFSSL_BIO_SSL:
-            #ifndef WOLFCRYPT_ONLY
+            #if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
                 /* already got eof, again is error */
                 if (front->eof) {
                     ret = WOLFSSL_FATAL_ERROR;
@@ -777,7 +780,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
                  *  (cannot be used with WOLFSSL_USER_IO) */
                 bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY;
                 ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0);
-                if (ret == WOLFSSL_CBIO_ERR_WANT_WRITE) {
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) {
                     bio->flags |= WOLFSSL_BIO_FLAG_RETRY;
                 }
                 if (ret < 0) {
@@ -800,7 +803,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
                     ret = SOCKET_ERROR_E;
                 else
                     ret = wolfIO_SendTo(bio->num.fd, &bio->peer_addr, (char*)data, len, 0);
-                if (ret == WOLFSSL_CBIO_ERR_WANT_WRITE) {
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) {
                     bio->flags |= WOLFSSL_BIO_FLAG_RETRY;
                 }
                 if (ret < 0) {
@@ -811,6 +814,10 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
             #endif
                 break;
 
+            case WOLFSSL_BIO_NULL:
+                ret = len;
+                break;
+
             } /* switch */
         }
 
@@ -823,7 +830,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
         bio = bio->next;
     }
 
-#ifndef WOLFCRYPT_ONLY
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
 exit_chain:
 #endif
 
@@ -834,7 +841,9 @@ exit_chain:
                                  (const char*)data, len, 0, ret);
     }
 
-    XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (front != NULL) {
+        XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
 
 #ifdef WOLFSSL_BASE64_ENCODE
     if (retB64 > 0 && ret > 0)
@@ -864,23 +873,23 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg)
     }
 
     switch(cmd) {
-        case BIO_CTRL_PENDING:
-        case BIO_CTRL_WPENDING:
+        case WOLFSSL_BIO_CTRL_PENDING:
+        case WOLFSSL_BIO_CTRL_WPENDING:
             ret = (long)wolfSSL_BIO_ctrl_pending(bio);
             break;
-        case BIO_CTRL_INFO:
+        case WOLFSSL_BIO_CTRL_INFO:
             ret = (long)wolfSSL_BIO_get_mem_data(bio, parg);
             break;
-        case BIO_CTRL_FLUSH:
+        case WOLFSSL_BIO_CTRL_FLUSH:
             ret = (long)wolfSSL_BIO_flush(bio);
             break;
-        case BIO_CTRL_RESET:
+        case WOLFSSL_BIO_CTRL_RESET:
             ret = (long)wolfSSL_BIO_reset(bio);
             break;
 
 #ifdef WOLFSSL_HAVE_BIO_ADDR
-        case BIO_CTRL_DGRAM_CONNECT:
-        case BIO_CTRL_DGRAM_SET_PEER:
+        case WOLFSSL_BIO_CTRL_DGRAM_CONNECT:
+        case WOLFSSL_BIO_CTRL_DGRAM_SET_PEER:
         {
             socklen_t addr_size;
             if (parg == NULL) {
@@ -897,7 +906,7 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg)
             break;
         }
 
-        case BIO_CTRL_DGRAM_SET_CONNECTED:
+        case WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED:
             if (parg == NULL) {
                 wolfSSL_BIO_ADDR_clear(&bio->peer_addr);
                 bio->connected = 0;
@@ -914,7 +923,7 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg)
             ret = WOLFSSL_SUCCESS;
             break;
 
-        case BIO_CTRL_DGRAM_QUERY_MTU:
+        case WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU:
             ret = 0; /* not implemented */
             break;
 
@@ -1134,7 +1143,7 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz)
 
                 ret = wolfSSL_BIO_nread(bio, &c, cSz);
                 if (ret > 0 && ret < sz) {
-                    XMEMCPY(buf, c, ret);
+                    XMEMCPY(buf, c, (size_t)ret);
                 }
                 break;
             }
@@ -1157,6 +1166,10 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz)
             break;
 #endif /* WOLFCRYPT_ONLY */
 
+        case WOLFSSL_BIO_NULL:
+            ret = 0;
+            break;
+
         default:
             WOLFSSL_MSG("BIO type not supported yet with wolfSSL_BIO_gets");
     }
@@ -1252,13 +1265,13 @@ size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio)
         return 0;
 
     if (bio->type == WOLFSSL_BIO_MEMORY) {
-        return bio->wrSz;
+        return (size_t)bio->wrSz;
     }
 
     /* type BIO_BIO then check paired buffer */
     if (bio->type == WOLFSSL_BIO_BIO && bio->pair != NULL) {
         WOLFSSL_BIO* pair = bio->pair;
-        return pair->wrIdx;
+        return (size_t)pair->wrIdx;
     }
 
     return 0;
@@ -1304,12 +1317,12 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
 
 #ifndef WOLFCRYPT_ONLY
     if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl != NULL) {
-        return (long)wolfSSL_pending(bio->ptr.ssl);
+        return (size_t)wolfSSL_pending(bio->ptr.ssl);
     }
 #endif
 
     if (bio->type == WOLFSSL_BIO_MEMORY) {
-        return bio->wrSz - bio->rdIdx;
+        return (size_t)(bio->wrSz - bio->rdIdx);
     }
 
     /* type BIO_BIO then check paired buffer */
@@ -1318,11 +1331,12 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
         if (pair->wrIdx > 0 && pair->wrIdx <= pair->rdIdx) {
             /* in wrap around state where beginning of buffer is being
              * overwritten */
-            return pair->wrSz - pair->rdIdx + pair->wrIdx;
+            return ((size_t)pair->wrSz) - ((size_t)pair->rdIdx) +
+                                                ((size_t)pair->wrIdx);
         }
         else {
             /* simple case where has not wrapped around */
-            return pair->wrIdx - pair->rdIdx;
+            return (size_t)(pair->wrIdx - pair->rdIdx);
         }
     }
     return 0;
@@ -1332,7 +1346,7 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
 long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
 {
     WOLFSSL_BIO* front = bio;
-    long ret = WOLFSSL_FAILURE;
+    long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_BIO_get_mem_ptr");
 
@@ -1358,7 +1372,10 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
         bio = bio->prev;
     }
 
-    return ret;
+    if (ret == WOLFSSL_SUCCESS)
+        return ret;
+    else
+        return WOLFSSL_FAILURE;
 }
 
 #ifdef OPENSSL_ALL
@@ -1366,7 +1383,7 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
                                 int closeFlag)
     {
         if (!bio || !bufMem ||
-            (closeFlag != BIO_NOCLOSE && closeFlag != BIO_CLOSE))
+           (closeFlag != WOLFSSL_BIO_NOCLOSE && closeFlag != WOLFSSL_BIO_CLOSE))
             return BAD_FUNC_ARG;
 
         if (bio->mem_buf)
@@ -1374,7 +1391,7 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
                 wolfSSL_BUF_MEM_free(bio->mem_buf);
 
         bio->mem_buf = bufMem;
-        bio->shutdown = closeFlag;
+        bio->shutdown = closeFlag ? WOLFSSL_BIO_CLOSE : WOLFSSL_BIO_NOCLOSE;
 
         bio->wrSz = (int)bio->mem_buf->length;
         bio->wrSzReset = bio->wrSz;
@@ -1416,7 +1433,7 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size)
         XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL);
     }
 
-    bio->ptr.mem_buf_data = (byte*)XMALLOC(size, bio->heap,
+    bio->ptr.mem_buf_data = (byte*)XMALLOC((size_t)size, bio->heap,
                                            DYNAMIC_TYPE_OPENSSL);
     if (bio->ptr.mem_buf_data == NULL) {
         WOLFSSL_MSG("Memory allocation error");
@@ -1432,7 +1449,7 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size)
         return WOLFSSL_FAILURE;
     }
     bio->wrSz  = (int)size;
-    bio->num.length = size;
+    bio->num.length = (size_t)size;
     bio->wrIdx = 0;
     bio->rdIdx = 0;
     if (bio->mem_buf != NULL) {
@@ -1702,17 +1719,17 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
             if (XFSEEK(bio->ptr.fh, 0, XSEEK_SET) != 0)
                 return WOLFSSL_BIO_ERROR;
             else
-                return 0;
+                return WOLFSSL_SUCCESS;
         #endif
 
         case WOLFSSL_BIO_BIO:
             bio->rdIdx = 0;
             bio->wrIdx = 0;
-            return 0;
+            return WOLFSSL_SUCCESS;
 
         case WOLFSSL_BIO_MEMORY:
             bio->rdIdx = 0;
-            if (bio->flags & BIO_FLAGS_MEM_RDONLY) {
+            if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) {
                 bio->wrIdx = bio->wrSzReset;
                 bio->wrSz  = bio->wrSzReset;
             }
@@ -1727,7 +1744,7 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
                     bio->mem_buf->max = 0;
                 }
             }
-            return 0;
+            return WOLFSSL_SUCCESS;
 
 #ifndef WOLFCRYPT_ONLY
         case WOLFSSL_BIO_MD:
@@ -1738,7 +1755,7 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
                 wolfSSL_EVP_MD_CTX_init(bio->ptr.md_ctx);
                 wolfSSL_EVP_DigestInit(bio->ptr.md_ctx, md);
             }
-            return 0;
+            return WOLFSSL_SUCCESS;
 #endif /* WOLFCRYPT_ONLY */
 
         default:
@@ -1821,7 +1838,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name)
     }
 
     if (bio->type == WOLFSSL_BIO_FILE) {
-        if (bio->ptr.fh != XBADFILE && bio->shutdown == BIO_CLOSE) {
+        if (bio->ptr.fh != XBADFILE && bio->shutdown == WOLFSSL_BIO_CLOSE) {
             XFCLOSE(bio->ptr.fh);
         }
 
@@ -1834,7 +1851,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name)
         if (bio->ptr.fh == XBADFILE) {
             return WOLFSSL_FAILURE;
         }
-        bio->shutdown = BIO_CLOSE;
+        bio->shutdown = WOLFSSL_BIO_CLOSE;
 
         return WOLFSSL_SUCCESS;
     }
@@ -1848,13 +1865,13 @@ int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs)
       WOLFSSL_ENTER("wolfSSL_BIO_seek");
 
       if (bio == NULL) {
-          return -1;
+          return WOLFSSL_FATAL_ERROR;
       }
 
       /* offset ofs from beginning of file */
       if (bio->type == WOLFSSL_BIO_FILE &&
               XFSEEK(bio->ptr.fh, ofs, SEEK_SET) < 0) {
-          return -1;
+          return WOLFSSL_FATAL_ERROR;
       }
 
       return 0;
@@ -1871,7 +1888,7 @@ int wolfSSL_BIO_tell(WOLFSSL_BIO* bio)
     WOLFSSL_ENTER("wolfSSL_BIO_tell");
 
     if (bio == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (bio->type != WOLFSSL_BIO_FILE) {
@@ -1880,7 +1897,7 @@ int wolfSSL_BIO_tell(WOLFSSL_BIO* bio)
 
     pos = (int)XFTELL(bio->ptr.fh);
     if (pos < 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     else
         return pos;
 }
@@ -1901,7 +1918,7 @@ long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v)
 
 int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio)
 {
-    int len;
+    int len = 0;
 #ifndef NO_FILESYSTEM
     long memSz = 0;
     XFILE file;
@@ -2196,7 +2213,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
 
     if (bio->method != NULL && bio->method->ctrlCb != NULL) {
         WOLFSSL_MSG("Calling custom BIO flush callback");
-        return (int)bio->method->ctrlCb(bio, BIO_CTRL_FLUSH, 0, NULL);
+        return (int)bio->method->ctrlCb(bio, WOLFSSL_BIO_CTRL_FLUSH, 0, NULL);
     }
     else if (bio->type == WOLFSSL_BIO_FILE) {
 #if !defined(NO_FILESYSTEM) && defined(XFFLUSH)
@@ -2224,14 +2241,17 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
     /* return the context and initialize the BIO state */
     int wolfSSL_BIO_get_md_ctx(WOLFSSL_BIO *bio, WOLFSSL_EVP_MD_CTX **mdcp)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
         if ((bio != NULL) && (mdcp != NULL)) {
             *mdcp = bio->ptr.md_ctx;
             ret = WOLFSSL_SUCCESS;
         }
 
-        return ret;
+        if (ret == WOLFSSL_SUCCESS)
+            return ret;
+        else
+            return WOLFSSL_FAILURE;
     }
 
     WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void)
@@ -2299,6 +2319,15 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         return &meth;
     }
 
+    WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_null(void)
+    {
+        static WOLFSSL_BIO_METHOD meth =
+                WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_NULL);
+
+        WOLFSSL_ENTER("wolfSSL_BIO_s_null");
+
+        return &meth;
+    }
 
     WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void)
     {
@@ -2343,7 +2372,6 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
 
         WOLFSSL_ENTER("wolfSSL_BIO_new_dgram");
         if (bio) {
-            bio->type  = WOLFSSL_BIO_DGRAM;
             bio->shutdown = (byte)closeF;
             bio->num.fd = (SOCKET_T)fd;
         }
@@ -2371,15 +2399,16 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             else
                 port = str + XSTRLEN(str); /* point to null terminator */
 
-            bio->ip = (char*)XMALLOC((port - str) + 1, /* +1 for null char */
+            bio->ip = (char*)XMALLOC(
+                    (size_t)(port - str) + 1, /* +1 for null char */
                     bio->heap, DYNAMIC_TYPE_OPENSSL);
             if (bio->ip != NULL) {
-                XMEMCPY(bio->ip, str, port - str);
+                XMEMCPY(bio->ip, str, (size_t)(port - str));
                 bio->ip[port - str] = '\0';
                 bio->type  = WOLFSSL_BIO_SOCKET;
             }
             else {
-                BIO_free(bio);
+                wolfSSL_BIO_free(bio);
                 bio = NULL;
             }
         }
@@ -2469,7 +2498,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         }
 
         b->num.fd = sfd;
-        b->shutdown = BIO_CLOSE;
+        b->shutdown = WOLFSSL_BIO_CLOSE;
         return WOLFSSL_SUCCESS;
     }
 
@@ -2498,7 +2527,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
                 return WOLFSSL_FAILURE;
             }
             b->num.fd = sfd;
-            b->shutdown = BIO_CLOSE;
+            b->shutdown = WOLFSSL_BIO_CLOSE;
         }
         else {
             WOLFSSL_BIO* new_bio;
@@ -2508,7 +2537,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
                 return WOLFSSL_FAILURE;
             }
             /* Create a socket BIO for using the accept'ed connection */
-            new_bio = wolfSSL_BIO_new_socket(newfd, BIO_CLOSE);
+            new_bio = wolfSSL_BIO_new_socket(newfd, WOLFSSL_BIO_CLOSE);
             if (new_bio == NULL) {
                 WOLFSSL_MSG("wolfSSL_BIO_new_socket error");
                 CloseSocket(newfd);
@@ -2552,6 +2581,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         return ret;
     }
 
+#ifndef NO_TLS
     long wolfSSL_BIO_do_handshake(WOLFSSL_BIO *b)
     {
         WOLFSSL_ENTER("wolfSSL_BIO_do_handshake");
@@ -2587,7 +2617,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
 
         if (b->ptr.ssl != NULL) {
             int rc = wolfSSL_shutdown(b->ptr.ssl);
-            if (rc == SSL_SHUTDOWN_NOT_DONE) {
+            if (rc == WOLFSSL_SHUTDOWN_NOT_DONE) {
                 /* In this case, call again to give us a chance to read the
                  * close notify alert from the other end. */
                 wolfSSL_shutdown(b->ptr.ssl);
@@ -2597,10 +2627,11 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             WOLFSSL_MSG("BIO has no SSL pointer set.");
         }
     }
+#endif
 
     long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF)
     {
-        long ret = WOLFSSL_FAILURE;
+        long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
         WOLFSSL_ENTER("wolfSSL_BIO_set_ssl");
 
@@ -2613,7 +2644,10 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             ret = WOLFSSL_SUCCESS;
         }
 
-        return ret;
+        if (ret == WOLFSSL_SUCCESS)
+            return ret;
+        else
+            return WOLFSSL_FAILURE;
     }
 
     long wolfSSL_BIO_get_ssl(WOLFSSL_BIO* bio, WOLFSSL** ssl)
@@ -2671,7 +2705,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             else
                 wolfSSL_set_connect_state(ssl);
         }
-        if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, BIO_CLOSE) !=
+        if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, WOLFSSL_BIO_CLOSE) !=
             WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Failed to set SSL pointer in BIO.");
             err = 1;
@@ -2755,9 +2789,23 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         }
         else {
             size_t currLen = XSTRLEN(b->ip);
+        #ifdef WOLFSSL_NO_REALLOC
+            char* tmp = NULL;
+        #endif
+
             if (currLen != newLen) {
+        #ifdef WOLFSSL_NO_REALLOC
+                tmp = b->ip;
+                b->ip = (char*)XMALLOC(newLen+1, b->heap, DYNAMIC_TYPE_OPENSSL);
+                if (b->ip != NULL && tmp != NULL) {
+                    XMEMCPY(b->ip, tmp, newLen);
+                    XFREE(tmp, b->heap, DYNAMIC_TYPE_OPENSSL);
+                    tmp = NULL;
+            }
+        #else
                 b->ip = (char*)XREALLOC(b->ip, newLen + 1, b->heap,
                     DYNAMIC_TYPE_OPENSSL);
+        #endif
                 if (b->ip == NULL) {
                     WOLFSSL_MSG("Hostname realloc failed.");
                     return WOLFSSL_FAILURE;
@@ -2820,13 +2868,20 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
 #else
             bio->method = method;
 #endif
-            bio->shutdown = BIO_CLOSE; /* default to close things */
+            bio->shutdown = WOLFSSL_BIO_CLOSE; /* default to close things */
 
             if ((bio->type == WOLFSSL_BIO_SOCKET) ||
                 (bio->type == WOLFSSL_BIO_DGRAM))
             {
                 bio->num.fd = SOCKET_INVALID;
-            } else {
+            }
+            else if (bio->type == WOLFSSL_BIO_FILE) {
+#ifndef NO_FILESYSTEM
+                bio->ptr.fh = XBADFILE;
+#endif
+                bio->num.fd = SOCKET_INVALID;
+            }
+            else {
                 bio->num.length = 0;
             }
             bio->init = 1;
@@ -2904,8 +2959,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         bio->wrSz = len;
         bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data;
         if (len > 0 && bio->ptr.mem_buf_data != NULL) {
-            XMEMCPY(bio->ptr.mem_buf_data, buf, len);
-            bio->flags |= BIO_FLAGS_MEM_RDONLY;
+            XMEMCPY(bio->ptr.mem_buf_data, buf, (size_t)len);
+            bio->flags |= WOLFSSL_BIO_FLAG_MEM_RDONLY;
             bio->wrSzReset = bio->wrSz;
         }
 
@@ -2983,7 +3038,9 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             }
 
         #ifndef NO_FILESYSTEM
-            if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) {
+            if (bio->type == WOLFSSL_BIO_FILE &&
+                bio->shutdown == WOLFSSL_BIO_CLOSE)
+            {
                 if (bio->ptr.fh) {
                     XFCLOSE(bio->ptr.fh);
                 }
@@ -2996,7 +3053,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
             }
         #endif
 
-            if (bio->shutdown != BIO_NOCLOSE) {
+            if (bio->shutdown != WOLFSSL_BIO_NOCLOSE) {
                 if (bio->type == WOLFSSL_BIO_MEMORY &&
                     bio->ptr.mem_buf_data != NULL)
                 {
@@ -3245,7 +3302,7 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args)
 #if !defined(NO_FILESYSTEM)
         case WOLFSSL_BIO_FILE:
             if (bio->ptr.fh == XBADFILE) {
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             ret = XVFPRINTF(bio->ptr.fh, format, args);
             break;
@@ -3271,11 +3328,11 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args)
                 count = XVSNPRINTF(NULL, 0, format, args);
                 if (count >= 0)
                 {
-                    pt = (char*)XMALLOC(count + 1, bio->heap,
+                    pt = (char*)XMALLOC((size_t)count + 1, bio->heap,
                                         DYNAMIC_TYPE_TMP_BUFFER);
                     if (pt != NULL)
                     {
-                        count = XVSNPRINTF(pt, count + 1, format, copy);
+                        count = XVSNPRINTF(pt, (size_t)count + 1, format, copy);
                         if (count >= 0)
                         {
                             ret = wolfSSL_BIO_write(bio, pt, count);
@@ -3345,18 +3402,20 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length)
         o = 7;
         for (i = 0; i < BIO_DUMP_LINE_LEN; i++) {
             if (i < length)
-                (void)XSNPRINTF(line + o, (int)sizeof(line) - o,
+                (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o),
                     "%02x ", (unsigned char)buf[i]);
             else
-                (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "   ");
+                (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o),
+                "   ");
             if (i == 7)
-                (void)XSNPRINTF(line + o + 2, (int)sizeof(line) - (o + 2), "-");
+                (void)XSNPRINTF(line + o + 2, (size_t)((int)sizeof(line) -
+                (o + 2)), "-");
             o += 3;
         }
-        (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "  ");
+        (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), "  ");
         o += 2;
         for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) {
-            (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "%c",
+            (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), "%c",
                      ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.');
             o++;
         }
@@ -3398,7 +3457,7 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length)
         if (fp == XBADFILE)
             return WOLFSSL_BAD_FILE;
 
-        if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_BIO_set_fp(b, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) {
             XFCLOSE(fp);
             return WOLFSSL_BAD_FILE;
         }
@@ -3435,7 +3494,7 @@ WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode)
         return bio;
     }
 
-    if (wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) {
         XFCLOSE(fp);
         wolfSSL_BIO_free(bio);
         bio = NULL;
diff --git a/src/conf.c b/src/conf.c
index 8bf4b1ea9..a30be3829 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -1,6 +1,6 @@
 /* conf.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if !defined(WOLFSSL_CONF_INCLUDED)
     #ifndef WOLFSSL_IGNORE_FILE_WARN
@@ -133,7 +128,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num)
             XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
             goto error;
         }
-        if (wolfSSL_sk_push(ret->data, strBuf) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_push(ret->data, strBuf) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_push error");
             XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
             goto error;
@@ -202,7 +197,10 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db)
                 return WOLFSSL_FAILURE;
             }
         }
-        idx[-1] = '\n';
+        if (idx > buf)
+            idx[-1] = '\n';
+        else
+            return WOLFSSL_FAILURE;
         sz = (int)(idx - buf);
 
         if (wolfSSL_BIO_write(out, buf, sz) != sz) {
@@ -226,7 +224,7 @@ int wolfSSL_TXT_DB_insert(WOLFSSL_TXT_DB *db, WOLFSSL_STRING *row)
         return WOLFSSL_FAILURE;
     }
 
-    if (wolfSSL_sk_push(db->data, row) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_push(db->data, row) <= 0) {
         WOLFSSL_MSG("wolfSSL_sk_push error");
         return WOLFSSL_FAILURE;
     }
@@ -450,11 +448,11 @@ int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
     sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *)section->value;
     value->section = section->section;
 
-    if (wolfSSL_sk_CONF_VALUE_push(sk, value) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_CONF_VALUE_push(sk, value) <= 0) {
         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
         return WOLFSSL_FAILURE;
     }
-    if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) <= 0) {
         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
         wolfssl_sk_pop_type(sk, STACK_TYPE_CONF_VALUE);
         return WOLFSSL_FAILURE;
@@ -497,7 +495,7 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf,
 
     ret->value = (char*)sk;
 
-    if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) <= 0) {
         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
         goto error;
     }
@@ -603,7 +601,7 @@ char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
         return NULL;
 }
 
-int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
+int wolfSSL_NCONF_get_number(const WOLFSSL_CONF *conf, const char *group,
         const char *name, long *result)
 {
     char *str;
@@ -770,8 +768,18 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section,
                     /* This will allocate slightly more memory than necessary
                      * but better be safe */
                     strLen += valueLen;
+                #ifdef WOLFSSL_NO_REALLOC
+                    newRet = (char*)XMALLOC(strLen + 1, NULL,
+                            DYNAMIC_TYPE_OPENSSL);
+                    if (newRet != NULL && ret != NULL) {
+                       XMEMCPY(newRet, ret, (strLen - valueLen) + 1);
+                       XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
+                       ret = NULL;
+                    }
+                #else
                     newRet = (char*)XREALLOC(ret, strLen + 1, NULL,
                             DYNAMIC_TYPE_OPENSSL);
+                #endif
                     if (!newRet) {
                         WOLFSSL_MSG("realloc error");
                         goto expand_cleanup;
@@ -800,7 +808,7 @@ expand_cleanup:
         {(idx)++;}
 int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_BIO *in = NULL;
     char* buf = NULL;
     char* idx = NULL;
@@ -976,8 +984,6 @@ void wolfSSL_NCONF_free(WOLFSSL_CONF *conf)
 
 void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val)
 {
-    WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *sk = NULL;
-
     if (val) {
         if (val->name) {
             /* Not a section. Don't free section as it is a shared pointer. */
@@ -989,12 +995,7 @@ void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val)
             XFREE(val->section, NULL, DYNAMIC_TYPE_OPENSSL);
             /* Only free the stack structures. The contained conf values
              * will be freed in wolfSSL_NCONF_free */
-            sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE)*)val->value;
-            while (sk) {
-                WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *tmp = sk->next;
-                XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
-                sk = tmp;
-            }
+            wolfSSL_sk_free((WOLF_STACK_OF(WOLFSSL_CONF_VALUE)*)val->value);
         }
         XFREE(val, NULL, DYNAMIC_TYPE_OPENSSL);
     }
@@ -1020,19 +1021,9 @@ WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(
  */
 void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk)
 {
-    WOLFSSL_STACK* tmp;
     WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_free");
 
-    if (sk == NULL)
-        return;
-
-    /* parse through stack freeing each node */
-    while (sk) {
-        tmp = sk->next;
-        wolfSSL_X509V3_conf_free(sk->data.conf);
-        XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
-        sk = tmp;
-    }
+    wolfSSL_sk_pop_free(sk, NULL);
 }
 
 int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk)
@@ -1539,7 +1530,7 @@ static const conf_cmd_tbl* wolfssl_conf_find_cmd(WOLFSSL_CONF_CTX* cctx,
  */
 int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     const conf_cmd_tbl* confcmd = NULL;
     WOLFSSL_ENTER("wolfSSL_CONF_cmd");
 
@@ -1582,7 +1573,7 @@ int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd)
 
     confcmd = wolfssl_conf_find_cmd(cctx, cmd);
     if (confcmd == NULL)
-        return SSL_CONF_TYPE_UNKNOWN;
+        return WOLFSSL_CONF_TYPE_UNKNOWN;
     return (int)confcmd->data_type;
 }
 
@@ -1594,21 +1585,21 @@ int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd)
  ******************************************************************************/
 
 #if defined(OPENSSL_EXTRA)
-OPENSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void)
+WOLFSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void)
 {
-    OPENSSL_INIT_SETTINGS* init = (OPENSSL_INIT_SETTINGS*)XMALLOC(
-            sizeof(OPENSSL_INIT_SETTINGS), NULL, DYNAMIC_TYPE_OPENSSL);
+    WOLFSSL_INIT_SETTINGS* init = (WOLFSSL_INIT_SETTINGS*)XMALLOC(
+            sizeof(WOLFSSL_INIT_SETTINGS), NULL, DYNAMIC_TYPE_OPENSSL);
 
     return init;
 }
 
-void wolfSSL_OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS* init)
+void wolfSSL_OPENSSL_INIT_free(WOLFSSL_INIT_SETTINGS* init)
 {
     XFREE(init, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
 #ifndef NO_WOLFSSL_STUB
-int wolfSSL_OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS* init,
+int wolfSSL_OPENSSL_INIT_set_config_appname(WOLFSSL_INIT_SETTINGS* init,
         char* appname)
 {
     (void)init;
diff --git a/src/crl.c b/src/crl.c
index 48c1476ec..437342ca5 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -1,6 +1,6 @@
 /* crl.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /*
 CRL Options:
@@ -32,11 +33,6 @@ CRL Options:
  *                         Return any errors encountered during loading CRL
  *                         from a directory.
 */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
 
 #ifndef WOLFCRYPT_ONLY
 #ifdef HAVE_CRL
@@ -87,6 +83,13 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
         WOLFSSL_MSG("Init Mutex failed");
         return BAD_MUTEX_E;
     }
+#ifdef OPENSSL_ALL
+    {
+        int ret;
+        wolfSSL_RefInit(&crl->ref, &ret);
+        (void)ret;
+    }
+#endif
 
     return 0;
 }
@@ -121,7 +124,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
     wolfSSL_d2i_X509_NAME(&crle->issuer, (unsigned char**)&dcrl->issuer,
                           dcrl->issuerSz);
     if (crle->issuer == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 #ifdef CRL_STATIC_REVOKED_LIST
@@ -141,13 +144,13 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
         crle->toBeSigned = (byte*)XMALLOC(crle->tbsSz, heap,
                                           DYNAMIC_TYPE_CRL_ENTRY);
         if (crle->toBeSigned == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         crle->signature = (byte*)XMALLOC(crle->signatureSz, heap,
                                          DYNAMIC_TYPE_CRL_ENTRY);
         if (crle->signature == NULL) {
             XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
             crle->toBeSigned = NULL;
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
     #ifdef WC_RSA_PSS
@@ -160,7 +163,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
                 crle->toBeSigned = NULL;
                 XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
                 crle->signature = NULL;
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             XMEMCPY(crle->sigParams, buff + dcrl->sigParamsIndex,
                 crle->sigParamsSz);
@@ -213,7 +216,7 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap)
 
     WOLFSSL_ENTER("FreeCRL_Entry");
 
-    while (tmp) {
+    while (tmp != NULL) {
         next = tmp->next;
         XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED);
         tmp = next;
@@ -241,11 +244,24 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
 {
     CRL_Entry* tmp;
 
+    WOLFSSL_ENTER("FreeCRL");
+
     if (crl == NULL)
         return;
 
+#ifdef OPENSSL_ALL
+    {
+        int ret;
+        int doFree = 0;
+        wolfSSL_RefDec(&crl->ref, &doFree, &ret);
+        if (ret != 0)
+            WOLFSSL_MSG("Couldn't lock x509 mutex");
+        if (!doFree)
+            return;
+    }
+#endif
+
     tmp = crl->crlList;
-    WOLFSSL_ENTER("FreeCRL");
 #ifdef HAVE_CRL_MONITOR
     if (crl->monitors[0].path)
         XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
@@ -311,7 +327,6 @@ static int FindRevokedSerial(RevokedCert* rc, byte* serial, int serialSz,
 #else
     (void)totalCerts;
     /* search in the linked list*/
-
     while (rc) {
         if (serialHash == NULL) {
             if (rc->serialSz == serialSz &&
@@ -437,7 +452,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
                     break;
             }
             else if (foundEntry == 0) {
-                ret = ASN_AFTER_DATE_E;
+                ret = CRL_CERT_DATE_ERR;
             }
         }
     }
@@ -478,8 +493,9 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
     if (foundEntry == 0) {
         /* perform embedded lookup */
         if (crl->crlIOCb) {
-            ret = crl->crlIOCb(crl, (const char*)extCrlInfo, extCrlInfoSz);
-            if (ret == WOLFSSL_CBIO_ERR_WANT_READ) {
+            int cbRet = crl->crlIOCb(crl, (const char*)extCrlInfo,
+                                     extCrlInfoSz);
+            if (cbRet == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
                 ret = OCSP_WANT_READ;
             }
             else if (ret >= 0) {
@@ -502,9 +518,9 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
     /* When not set the folder or not use hash_dir, do nothing.             */
     if ((foundEntry == 0) && (ret != WC_NO_ERR_TRACE(OCSP_WANT_READ))) {
         if (crl->cm != NULL && crl->cm->x509_store_p != NULL) {
-            ret = LoadCertByIssuer(crl->cm->x509_store_p,
+            int loadRet = LoadCertByIssuer(crl->cm->x509_store_p,
                           (WOLFSSL_X509_NAME*)issuerName, X509_LU_CRL);
-            if (ret == WOLFSSL_SUCCESS) {
+            if (loadRet == WOLFSSL_SUCCESS) {
                 /* try again */
                 ret = CheckCertCRLList(crl, issuerHash, serial, serialSz,
                         serialHash, &foundEntry);
@@ -535,6 +551,13 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
 
             crl->cm->cbMissingCRL(url);
         }
+
+        if (crl->cm != NULL && crl->cm->crlCb &&
+                crl->cm->crlCb(ret, crl, crl->cm, crl->cm->crlCbCtx)) {
+            if (ret != 0)
+                WOLFSSL_MSG("Overriding CRL error");
+            ret = 0;
+        }
     }
 
     return ret;
@@ -552,17 +575,50 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
             NULL, cert->extCrlInfo, cert->extCrlInfoSz, issuerName);
 }
 
+#ifdef HAVE_CRL_UPDATE_CB
+static void SetCrlInfo(CRL_Entry* entry, CrlInfo *info)
+{
+    info->issuerHash = (byte *)entry->issuerHash;
+    info->issuerHashLen = CRL_DIGEST_SIZE;
+    info->lastDate = (byte *)entry->lastDate;
+    info->lastDateMaxLen = MAX_DATE_SIZE;
+    info->lastDateFormat = entry->lastDateFormat;
+    info->nextDate = (byte *)entry->nextDate;
+    info->nextDateMaxLen = MAX_DATE_SIZE;
+    info->nextDateFormat = entry->nextDateFormat;
+    info->crlNumber = (sword32)entry->crlNumber;
+}
+
+static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info)
+{
+    info->issuerHash = (byte *)entry->issuerHash;
+    info->issuerHashLen = SIGNER_DIGEST_SIZE;
+    info->lastDate = (byte *)entry->lastDate;
+    info->lastDateMaxLen = MAX_DATE_SIZE;
+    info->lastDateFormat = entry->lastDateFormat;
+    info->nextDate = (byte *)entry->nextDate;
+    info->nextDateMaxLen = MAX_DATE_SIZE;
+    info->nextDateFormat = entry->nextDateFormat;
+    info->crlNumber = (sword32)entry->crlNumber;
+}
+#endif
 
 /* Add Decoded CRL, 0 on success */
 static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
                   int verified)
 {
     CRL_Entry* crle = NULL;
+    CRL_Entry* curr = NULL;
+    CRL_Entry* prev = NULL;
+#ifdef HAVE_CRL_UPDATE_CB
+    CrlInfo old;
+    CrlInfo cnew;
+#endif
 
     WOLFSSL_ENTER("AddCRL");
 
     if (crl == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     crle = crl->currentEntry;
 
@@ -577,7 +633,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
     if (InitCRL_Entry(crle, dcrl, buff, verified, crl->heap) < 0) {
         WOLFSSL_MSG("Init CRL Entry failed");
         CRL_Entry_free(crle, crl->heap);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wc_LockRwLock_Wr(&crl->crlLock) != 0) {
@@ -586,8 +642,43 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
         return BAD_MUTEX_E;
     }
 
-    crle->next = crl->crlList;
-    crl->crlList = crle;
+    for (curr = crl->crlList; curr != NULL; curr = curr->next) {
+        if (XMEMCMP(curr->issuerHash, crle->issuerHash, CRL_DIGEST_SIZE) == 0) {
+            if (crle->crlNumber <= curr->crlNumber) {
+                WOLFSSL_MSG("Same or newer CRL entry already exists");
+                CRL_Entry_free(crle, crl->heap);
+                wc_UnLockRwLock(&crl->crlLock);
+                return BAD_FUNC_ARG;
+            }
+
+            crle->next = curr->next;
+            if (prev != NULL) {
+                prev->next = crle;
+            }
+            else {
+                crl->crlList = crle;
+            }
+
+#ifdef HAVE_CRL_UPDATE_CB
+            if (crl->cm && crl->cm->cbUpdateCRL != NULL) {
+                SetCrlInfo(curr, &old);
+                SetCrlInfo(crle, &cnew);
+                crl->cm->cbUpdateCRL(&old, &cnew);
+            }
+#endif
+
+            break;
+        }
+        prev = curr;
+    }
+
+    if (curr != NULL) {
+        CRL_Entry_free(curr, crl->heap);
+    }
+    else {
+        crle->next = crl->crlList;
+        crl->crlList = crle;
+    }
     wc_UnLockRwLock(&crl->crlLock);
     /* Avoid heap-use-after-free after crl->crlList is released */
     crl->currentEntry = NULL;
@@ -624,7 +715,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
         else {
             WOLFSSL_MSG("Pem to Der failed");
             FreeDer(&der);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     #else
         ret = NOT_COMPILED_IN;
@@ -678,6 +769,87 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
     return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */
 }
 
+#ifdef HAVE_CRL_UPDATE_CB
+/* Fill out CRL info structure, WOLFSSL_SUCCESS on ok */
+int GetCRLInfo(WOLFSSL_CRL* crl, CrlInfo* info, const byte* buff,
+    long sz, int type)
+{
+    int          ret = WOLFSSL_SUCCESS;
+    const byte*  myBuffer = buff;    /* if DER ok, otherwise switch */
+    DerBuffer*   der = NULL;
+    CRL_Entry*   crle = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedCRL*  dcrl;
+#else
+    DecodedCRL   dcrl[1];
+#endif
+
+    WOLFSSL_ENTER("GetCRLInfo");
+
+    if (crl == NULL || info == NULL || buff == NULL || sz == 0)
+        return BAD_FUNC_ARG;
+
+    if (type == WOLFSSL_FILETYPE_PEM) {
+    #ifdef WOLFSSL_PEM_TO_DER
+        ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, NULL, NULL);
+        if (ret == 0) {
+            myBuffer = der->buffer;
+            sz = der->length;
+        }
+        else {
+            WOLFSSL_MSG("Pem to Der failed");
+            FreeDer(&der);
+            return -1;
+        }
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (dcrl == NULL) {
+        FreeDer(&der);
+        return MEMORY_E;
+    }
+#endif
+
+    crle = CRL_Entry_new(crl->heap);
+    if (crle == NULL) {
+        WOLFSSL_MSG("alloc CRL Entry failed");
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+        FreeDer(&der);
+        return MEMORY_E;
+    }
+
+    InitDecodedCRL(dcrl, crl->heap);
+    ret = ParseCRL(crle->certs, dcrl, myBuffer, (word32)sz,
+                   0, crl->cm);
+    if (ret != 0 && !(ret == WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E))) {
+        WOLFSSL_MSG("ParseCRL error");
+        CRL_Entry_free(crle, crl->heap);
+        crle = NULL;
+    }
+    else {
+        SetCrlInfoFromDecoded((DecodedCRL*)dcrl, info);
+    }
+
+    FreeDecodedCRL(dcrl);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    FreeDer(&der);
+    CRL_Entry_free(crle, crl->heap);
+
+    return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */
+}
+#endif
+
 #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
 /* helper function to create a new dynamic WOLFSSL_X509_CRL structure */
 static WOLFSSL_X509_CRL* wolfSSL_X509_crl_new(WOLFSSL_CERT_MANAGER* cm)
@@ -742,7 +914,7 @@ static RevokedCert *DupRevokedCertList(RevokedCert* in, void* heap)
 static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
 {
     CRL_Entry *dupl;
-    const size_t copyOffset = OFFSETOF(CRL_Entry, verifyMutex) +
+    const size_t copyOffset = WC_OFFSETOF(CRL_Entry, verifyMutex) +
             sizeof(ent->verifyMutex);
 #ifdef CRL_STATIC_REVOKED_LIST
     if (ent->totalCerts > CRL_MAX_REVOKED_CERTS) {
@@ -760,9 +932,17 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
 
 #ifndef CRL_STATIC_REVOKED_LIST
     dupl->certs = DupRevokedCertList(ent->certs, heap);
+    if (ent->certs != NULL && dupl->certs == NULL) {
+        CRL_Entry_free(dupl, heap);
+        return NULL;
+    }
 #endif
 #ifdef OPENSSL_EXTRA
     dupl->issuer = wolfSSL_X509_NAME_dup(ent->issuer);
+    if (ent->issuer != NULL && dupl->issuer == NULL) {
+        CRL_Entry_free(dupl, heap);
+        return NULL;
+    }
 #endif
 
     if (!ent->verified) {
@@ -776,7 +956,8 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
     #endif
         if (dupl->toBeSigned == NULL || dupl->signature == NULL
         #ifdef WC_RSA_PSS
-            || dupl->sigParams == NULL
+            /* allow sigParamsSz is zero and XMALLOC(0) to return NULL */
+            || (dupl->sigParams == NULL && dupl->sigParamsSz != 0)
         #endif
         ) {
             CRL_Entry_free(dupl, heap);
@@ -870,6 +1051,7 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
             if (dupl->monitors[0].path != NULL) {
                 XFREE(dupl->monitors[0].path, dupl->heap,
                         DYNAMIC_TYPE_CRL_MONITOR);
+                dupl->monitors[0].path = NULL;
             }
             return MEMORY_E;
         }
@@ -877,6 +1059,8 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
 #endif
 
     dupl->crlList = DupCRL_list(crl->crlList, dupl->heap);
+    if (dupl->crlList == NULL)
+        return MEMORY_E;
 #ifdef HAVE_CRL_IO
     dupl->crlIOCb = crl->crlIOCb;
 #endif
@@ -945,7 +1129,7 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc
         }
 
         if (crl != newcrl && wc_LockRwLock_Rd(&newcrl->crlLock) != 0) {
-            WOLFSSL_MSG("wc_LockRwLock_Wr failed");
+            WOLFSSL_MSG("wc_LockRwLock_Rd failed");
             wc_UnLockRwLock(&crl->crlLock);
             return BAD_MUTEX_E;
         }
@@ -1017,7 +1201,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (crl->monitors[0].path) {
@@ -1028,7 +1212,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
 #ifdef WOLFSSL_SMALL_STACK
             XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -1040,7 +1224,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
 #ifdef WOLFSSL_SMALL_STACK
             XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -1050,7 +1234,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     newList = tmp->crlList;
@@ -1099,10 +1283,14 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
     struct kevent change;
 
     /* trigger custom shutdown */
+#if defined(NOTE_TRIGGER)
     EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL);
+#elif defined(EV_TRIGGER)
+    EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_TRIGGER, 0, 0, NULL);
+#endif
     if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) {
         WOLFSSL_MSG("kevent trigger customer event failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return 0;
@@ -1234,7 +1422,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
     /* write to our custom event */
     if (write(mfd, &w64, sizeof(w64)) < 0) {
         WOLFSSL_MSG("StopMonitor write failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return 0;
@@ -1377,7 +1565,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
 {
     if (SetEvent(mfd) == 0) {
         WOLFSSL_MSG("SetEvent custom event trigger failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     return 0;
 }
@@ -1614,6 +1802,10 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
             ret = ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl, VERIFY);
             if (ret != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("CRL file load failed");
+                wc_ReadDirClose(readCtx);
+            #ifdef WOLFSSL_SMALL_STACK
+                XFREE(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
                 return ret;
             }
         }
diff --git a/src/dtls.c b/src/dtls.c
index 9961ac21a..2d3c38bef 100644
--- a/src/dtls.c
+++ b/src/dtls.c
@@ -1,6 +1,6 @@
 /* dtls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
 /*
  * WOLFSSL_DTLS_NO_HVR_ON_RESUME
  * WOLFSSL_DTLS13_NO_HRR_ON_RESUME
@@ -46,12 +48,6 @@
  *     to explicitly enable this during runtime.
  */
 
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
 #ifndef WOLFCRYPT_ONLY
 
 #include <wolfssl/error-ssl.h>
@@ -101,6 +97,15 @@ void DtlsResetState(WOLFSSL* ssl)
     ssl->options.tls = 0;
     ssl->options.tls1_1 = 0;
     ssl->options.tls1_3 = 0;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    ssl->buffers.dtlsCtx.processingPendingRecord = 0;
+    /* Clear the pending peer in case user set */
+    XFREE(ssl->buffers.dtlsCtx.pendingPeer.sa, ssl->heap,
+          DYNAMIC_TYPE_SOCKADDR);
+    ssl->buffers.dtlsCtx.pendingPeer.sa = NULL;
+    ssl->buffers.dtlsCtx.pendingPeer.sz = 0;
+    ssl->buffers.dtlsCtx.pendingPeer.bufSz = 0;
+#endif
 }
 
 int DtlsIgnoreError(int err)
@@ -221,6 +226,7 @@ static int CreateDtls12Cookie(const WOLFSSL* ssl, const WolfSSL_CH* ch,
             ssl->buffers.dtlsCookieSecret.buffer,
             ssl->buffers.dtlsCookieSecret.length);
         if (ret == 0) {
+            /* peerLock not necessary. Still in handshake phase. */
             ret = wc_HmacUpdate(&cookieHmac,
                    (const byte*)ssl->buffers.dtlsCtx.peer.sa,
                                 ssl->buffers.dtlsCtx.peer.sz);
@@ -355,7 +361,8 @@ static int FindExtByType(WolfSSL_ConstVector* ret, word16 extType,
         ato16(exts.elements + idx, &type);
         idx += OPAQUE16_LEN;
         idx += ReadVector16(exts.elements + idx, &ext);
-        if (idx > exts.size)
+        if (idx > exts.size ||
+                ext.elements + ext.size > exts.elements + exts.size)
             return BUFFER_ERROR;
         if (type == extType) {
             XMEMCPY(ret, &ext, sizeof(ext));
@@ -488,7 +495,7 @@ static int TlsCheckSupportedVersion(const WOLFSSL* ssl,
                          ch->extension, &tlsxFound);
     if (ret != 0)
         return ret;
-    if (!tlsxFound) {
+    if (!tlsxFound || tlsxSupportedVersions.elements == NULL) {
         *isTls13 = 0;
         return 0;
     }
@@ -716,9 +723,14 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
          * and if they don't match we will error out there anyway. */
         byte modes;
 
+        /* TLSX_PreSharedKey_Parse_ClientHello uses word16 length */
+        if (tlsx.size > WOLFSSL_MAX_16BIT) {
+            ERROR_OUT(BUFFER_ERROR, dtls13_cleanup);
+        }
+
         /* Ask the user for the ciphersuite matching this identity */
         if (TLSX_PreSharedKey_Parse_ClientHello(&parsedExts,
-                tlsx.elements, tlsx.size, ssl->heap) == 0)
+                tlsx.elements, (word16)tlsx.size, ssl->heap) == 0)
             FindPskSuiteFromExt(ssl, parsedExts, &pskInfo, &suites);
         /* Revert to full handshake if PSK parsing failed */
 
@@ -729,8 +741,8 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
                 goto dtls13_cleanup;
             if (!tlsxFound)
                 ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup);
-            ret = TLSX_PskKeyModes_Parse_Modes(tlsx.elements, tlsx.size,
-                                              client_hello, &modes);
+            ret = TLSX_PskKeyModes_Parse_Modes(tlsx.elements, (word16)tlsx.size,
+                                               client_hello, &modes);
             if (ret != 0)
                 goto dtls13_cleanup;
             if ((modes & (1 << PSK_DHE_KE)) &&
@@ -832,8 +844,6 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
         WOLFSSL* nonConstSSL = (WOLFSSL*)ssl;
         TLSX* sslExts = nonConstSSL->extensions;
 
-        if (ret != 0)
-            goto dtls13_cleanup;
         nonConstSSL->options.tls = 1;
         nonConstSSL->options.tls1_1 = 1;
         nonConstSSL->options.tls1_3 = 1;
@@ -953,8 +963,13 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
             int tlsxFound;
             ret = FindExtByType(&ch.cookieExt, TLSX_COOKIE, ch.extension,
                                  &tlsxFound);
-            if (ret != 0)
+            if (ret != 0) {
+                if (isFirstCHFrag) {
+                    WOLFSSL_MSG("\t\tCookie probably missing from first "
+                                "fragment. Dropping.");
+                }
                 return ret;
+            }
         }
     }
 #endif
@@ -1033,22 +1048,6 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
 
 #if defined(WOLFSSL_DTLS_CID)
 
-typedef struct ConnectionID {
-    byte length;
-/* Ignore "nonstandard extension used : zero-sized array in struct/union"
- * MSVC warning */
-#ifdef _MSC_VER
-#pragma warning(disable: 4200)
-#endif
-    byte id[];
-} ConnectionID;
-
-typedef struct CIDInfo {
-    ConnectionID* tx;
-    ConnectionID* rx;
-    byte negotiated : 1;
-} CIDInfo;
-
 static ConnectionID* DtlsCidNew(const byte* cid, byte size, void* heap)
 {
     ConnectionID* ret;
@@ -1114,6 +1113,26 @@ static int DtlsCidGet(WOLFSSL* ssl, unsigned char* buf, int bufferSz, int rx)
     return WOLFSSL_SUCCESS;
 }
 
+static int DtlsCidGet0(WOLFSSL* ssl, unsigned char** cid, int rx)
+{
+    ConnectionID* id;
+    CIDInfo* info;
+
+    if (ssl == NULL || cid == NULL)
+        return BAD_FUNC_ARG;
+
+    info = DtlsCidGetInfo(ssl);
+    if (info == NULL)
+        return WOLFSSL_FAILURE;
+
+    id = rx ? info->rx : info->tx;
+    if (id == NULL || id->length == 0)
+        return WOLFSSL_SUCCESS;
+
+    *cid = id->id;
+    return WOLFSSL_SUCCESS;
+}
+
 static CIDInfo* DtlsCidGetInfoFromExt(byte* ext)
 {
     WOLFSSL** sslPtr;
@@ -1197,7 +1216,7 @@ int TLSX_ConnectionID_Use(WOLFSSL* ssl)
     info = (CIDInfo*)XMALLOC(sizeof(CIDInfo), ssl->heap, DYNAMIC_TYPE_TLSX);
     if (info == NULL)
         return MEMORY_ERROR;
-    ext = (WOLFSSL**)XMALLOC(sizeof(WOLFSSL**), ssl->heap, DYNAMIC_TYPE_TLSX);
+    ext = (WOLFSSL**)XMALLOC(sizeof(WOLFSSL*), ssl->heap, DYNAMIC_TYPE_TLSX);
     if (ext == NULL) {
         XFREE(info, ssl->heap, DYNAMIC_TYPE_TLSX);
         return MEMORY_ERROR;
@@ -1226,9 +1245,8 @@ int TLSX_ConnectionID_Use(WOLFSSL* ssl)
 int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     byte isRequest)
 {
-    ConnectionID* id;
     CIDInfo* info;
-    byte cidSize;
+    byte cidSz;
     TLSX* ext;
 
     ext = TLSX_Find(ssl->extensions, TLSX_CONNECTION_ID);
@@ -1244,35 +1262,41 @@ int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length,
         }
     }
 
+    if (length < OPAQUE8_LEN)
+        return BUFFER_ERROR;
+
+    cidSz = *input;
+    if (cidSz + OPAQUE8_LEN > length)
+        return BUFFER_ERROR;
+
     info = DtlsCidGetInfo(ssl);
     if (info == NULL)
         return BAD_STATE_E;
 
     /* it may happen if we process two ClientHello because the server sent an
-     * HRR request */
-    if (info->tx != NULL) {
+     * HRR/HVR request */
+    if (info->tx != NULL || info->negotiated) {
         if (ssl->options.side != WOLFSSL_SERVER_END &&
-            ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE)
+            ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE &&
+            !IsSCR(ssl))
             return BAD_STATE_E;
 
-        XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX);
-        info->tx = NULL;
+        /* Should not be null if negotiated */
+        if (info->tx == NULL)
+            return BAD_STATE_E;
+
+        /* For now we don't support changing the CID on a rehandshake */
+        if (cidSz != info->tx->length ||
+                XMEMCMP(info->tx->id, input + OPAQUE8_LEN, cidSz) != 0)
+            return DTLS_CID_ERROR;
     }
-
-    if (length < OPAQUE8_LEN)
-        return BUFFER_ERROR;
-
-    cidSize = *input;
-    if (cidSize + OPAQUE8_LEN > length)
-        return BUFFER_ERROR;
-
-    if (cidSize > 0) {
-        id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSize, ssl->heap,
-            DYNAMIC_TYPE_TLSX);
+    else if (cidSz > 0) {
+        ConnectionID* id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSz,
+                ssl->heap, DYNAMIC_TYPE_TLSX);
         if (id == NULL)
             return MEMORY_ERROR;
-        XMEMCPY(id->id, input + OPAQUE8_LEN, cidSize);
-        id->length = cidSize;
+        XMEMCPY(id->id, input + OPAQUE8_LEN, cidSz);
+        id->length = cidSz;
         info->tx = id;
     }
 
@@ -1312,10 +1336,6 @@ int wolfSSL_dtls_cid_use(WOLFSSL* ssl)
 {
     int ret;
 
-    /* CID is supported on DTLSv1.3 only */
-    if (!IsAtLeastTLSv1_3(ssl->version))
-        return WOLFSSL_FAILURE;
-
     ssl->options.useDtlsCID = 1;
     ret = TLSX_ConnectionID_Use(ssl);
     if (ret != 0)
@@ -1340,8 +1360,11 @@ int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid, unsigned int size)
     if (cidInfo == NULL)
         return WOLFSSL_FAILURE;
 
-    XFREE(cidInfo->rx, ssl->heap, DYNAMIC_TYPE_TLSX);
-    cidInfo->rx = NULL;
+    if (cidInfo->rx != NULL) {
+        WOLFSSL_MSG("wolfSSL doesn't support changing the CID during a "
+                    "connection");
+        return WOLFSSL_FAILURE;
+    }
 
     /* empty CID */
     if (size == 0)
@@ -1368,6 +1391,11 @@ int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buf,
     return DtlsCidGet(ssl, buf, bufferSz, 1);
 }
 
+int wolfSSL_dtls_cid_get0_rx(WOLFSSL* ssl, unsigned char** cid)
+{
+    return DtlsCidGet0(ssl, cid, 1);
+}
+
 int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl, unsigned int* size)
 {
     return DtlsCidGetSize(ssl, size, 0);
@@ -1379,7 +1407,77 @@ int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buf,
     return DtlsCidGet(ssl, buf, bufferSz, 0);
 }
 
+int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid)
+{
+    return DtlsCidGet0(ssl, cid, 0);
+}
+
+int wolfSSL_dtls_cid_max_size(void)
+{
+    return DTLS_CID_MAX_SIZE;
+}
+
+const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
+        unsigned int msgSz, unsigned int cidSz)
+{
+    /* we need at least the first byte to check version */
+    if (msg == NULL || cidSz == 0 || msgSz < OPAQUE8_LEN + cidSz)
+        return NULL;
+    if (msg[0] == dtls12_cid) {
+        /* DTLS 1.2 CID packet */
+        if (msgSz < DTLS_RECORD_HEADER_SZ + cidSz)
+            return NULL;
+        /* content type(1) + version(2) + epoch(2) + sequence(6) */
+        return msg + ENUM_LEN + VERSION_SZ + OPAQUE16_LEN + OPAQUE16_LEN +
+                OPAQUE32_LEN;
+    }
+#ifdef WOLFSSL_DTLS13
+    else if (Dtls13UnifiedHeaderCIDPresent(msg[0])) {
+        /* DTLS 1.3 CID packet */
+        if (msgSz < OPAQUE8_LEN + cidSz)
+            return NULL;
+        return msg + OPAQUE8_LEN;
+    }
+#endif
+    return NULL;
+}
 #endif /* WOLFSSL_DTLS_CID */
+
+byte DtlsGetCidTxSize(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_DTLS_CID
+    unsigned int cidSz;
+    int ret;
+    ret = wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz);
+    if (ret != WOLFSSL_SUCCESS)
+        return 0;
+    return (byte)cidSz;
+#else
+    (void)ssl;
+    return 0;
+#endif
+}
+
+byte DtlsGetCidRxSize(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_DTLS_CID
+    unsigned int cidSz;
+    int ret;
+    ret = wolfSSL_dtls_cid_get_rx_size(ssl, &cidSz);
+    if (ret != WOLFSSL_SUCCESS)
+        return 0;
+    return (byte)cidSz;
+#else
+    (void)ssl;
+    return 0;
+#endif
+}
+
+byte wolfSSL_is_stateful(WOLFSSL* ssl)
+{
+    return (byte)(ssl != NULL ? ssl->options.dtlsStateful : 0);
+}
+
 #endif /* WOLFSSL_DTLS */
 
 #endif /* WOLFCRYPT_ONLY */
diff --git a/src/dtls13.c b/src/dtls13.c
index 4d2365f38..cc2c02fa4 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -1,6 +1,6 @@
 /* dtls13.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_DTLS13
 
@@ -31,10 +27,7 @@
 #include <wolfssl/internal.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/wolfcrypt/aes.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/kdf.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/types.h>
 
 #ifdef NO_INLINE
 #include <wolfssl/wolfcrypt/misc.h>
@@ -71,6 +64,8 @@ typedef struct Dtls13HandshakeHeader {
     byte fragmentLength[3];
 } Dtls13HandshakeHeader;
 
+wc_static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ);
+
 /**
  * struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3
  * record
@@ -183,7 +178,8 @@ int Dtls13RlAddPlaintextHeader(WOLFSSL* ssl, byte* out,
     /* seq[0] combines the epoch and 16 MSB of sequence number. We write on the
        epoch field and will overflow to the first two bytes of the sequence
        number */
-    c32toa(seq[0], hdr->epoch);
+    c16toa((word16)(seq[0] >> 16), hdr->epoch);
+    c16toa((word16)seq[0], hdr->sequenceNumber);
     c32toa(seq[1], &hdr->sequenceNumber[2]);
 
     c16toa(length, hdr->length);
@@ -258,7 +254,8 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
         if (c->aes == NULL)
             return BAD_STATE_E;
 #if !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \
+    || defined(WOLFSSL_LINUXKM))
         return wc_AesEncryptDirect(c->aes, mask, ciphertext);
 #else
         wc_AesEncryptDirect(c->aes, mask, ciphertext);
@@ -339,9 +336,17 @@ static void Dtls13MsgWasProcessed(WOLFSSL* ssl, enum HandShakeType hs)
     if (ssl->options.dtlsStateful)
         ssl->keys.dtls_expected_peer_handshake_number++;
 
-    /* we need to send ACKs on the last message of a flight that needs explicit
-       acknowledgment */
-    ssl->dtls13Rtx.sendAcks = Dtls13RtxMsgNeedsAck(ssl, hs);
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0)
+#endif
+    {
+        /* we need to send ACKs on the last message of a flight that needs
+         * explicit acknowledgment */
+        ssl->dtls13Rtx.sendAcks = Dtls13RtxMsgNeedsAck(ssl, hs);
+    #ifdef WOLFSSL_RW_THREADED
+        wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+    #endif
+    }
 }
 
 int Dtls13ProcessBufferedMessages(WOLFSSL* ssl)
@@ -395,7 +400,8 @@ int Dtls13ProcessBufferedMessages(WOLFSSL* ssl)
          * from there, the message can be considered processed successfully.
          * WANT_WRITE means that we are done with processing the msg and we are
          * waiting to flush the output buffer. */
-        if ((ret == 0 || ret == WANT_WRITE) || (msg->type == certificate_request &&
+        if ((ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE)) ||
+                        (msg->type == certificate_request &&
                          ssl->options.handShakeDone &&
                          ret == WC_NO_ERR_TRACE(WC_PENDING_E))) {
             if (IsAtLeastTLSv1_3(ssl->version))
@@ -484,22 +490,25 @@ int Dtls13HashClientHello(const WOLFSSL* ssl, byte* hash, int* hashSz,
     wc_HashAlg hashCtx;
     int type = wolfSSL_GetHmacType_ex(specs);
 
+    if (type < 0)
+        return type;
+
     header[0] = (byte)client_hello;
     c32to24(length, header + 1);
 
-    ret = wc_HashInit_ex(&hashCtx, type, ssl->heap, ssl->devId);
+    ret = wc_HashInit_ex(&hashCtx, (enum wc_HashType)type, ssl->heap, ssl->devId);
     if (ret == 0) {
-        ret = wc_HashUpdate(&hashCtx, type, header, OPAQUE32_LEN);
+        ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, header, OPAQUE32_LEN);
         if (ret == 0)
-            ret = wc_HashUpdate(&hashCtx, type, body, length);
+            ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, body, length);
         if (ret == 0)
-            ret = wc_HashFinal(&hashCtx, type, hash);
+            ret = wc_HashFinal(&hashCtx, (enum wc_HashType)type, hash);
         if (ret == 0) {
-            *hashSz = wc_HashGetDigestSize(type);
+            *hashSz = wc_HashGetDigestSize((enum wc_HashType)type);
             if (*hashSz < 0)
                 ret = *hashSz;
         }
-        wc_HashFree(&hashCtx, type);
+        wc_HashFree(&hashCtx, (enum wc_HashType)type);
     }
     return ret;
 }
@@ -557,9 +566,6 @@ static int Dtls13SendFragment(WOLFSSL* ssl, byte* output, word16 output_size,
     else {
         msg = output + recordHeaderLength;
 
-        if (length <= recordHeaderLength)
-            return BUFFER_ERROR;
-
         if (hashOutput) {
             ret = Dtls13HashHandshake(ssl, msg, recordLength);
             if (ret != 0)
@@ -651,8 +657,17 @@ static void Dtls13RtxRecordUnlink(WOLFSSL* ssl, Dtls13RtxRecord** prevNext,
     Dtls13RtxRecord* r)
 {
     /* if r was at the tail of the list, update the tail pointer */
-    if (r->next == NULL)
-        ssl->dtls13Rtx.rtxRecordTailPtr = prevNext;
+    if (r->next == NULL) {
+    #ifdef WOLFSSL_RW_THREADED
+        if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0)
+    #endif
+        {
+            ssl->dtls13Rtx.rtxRecordTailPtr = prevNext;
+        #ifdef WOLFSSL_RW_THREADED
+            wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+        #endif
+        }
+    }
 
     /* unlink */
     *prevNext = r->next;
@@ -709,12 +724,20 @@ static int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq)
 
     WOLFSSL_ENTER("Dtls13RtxAddAck");
 
-    rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap);
-    if (rn == NULL)
-        return MEMORY_E;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0)
+#endif
+    {
+        rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap);
+        if (rn == NULL)
+            return MEMORY_E;
 
-    rn->next = ssl->dtls13Rtx.seenRecords;
-    ssl->dtls13Rtx.seenRecords = rn;
+        rn->next = ssl->dtls13Rtx.seenRecords;
+        ssl->dtls13Rtx.seenRecords = rn;
+    #ifdef WOLFSSL_RW_THREADED
+        wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+    #endif
+    }
 
     return 0;
 }
@@ -727,15 +750,23 @@ static void Dtls13RtxFlushAcks(WOLFSSL* ssl)
 
     WOLFSSL_ENTER("Dtls13RtxFlushAcks");
 
-    list = ssl->dtls13Rtx.seenRecords;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0)
+#endif
+    {
+        list = ssl->dtls13Rtx.seenRecords;
 
-    while (list != NULL) {
-        rn = list;
-        list = rn->next;
-        XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);
+        while (list != NULL) {
+            rn = list;
+            list = rn->next;
+            XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);
+        }
+
+        ssl->dtls13Rtx.seenRecords = NULL;
+    #ifdef WOLFSSL_RW_THREADED
+        wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+    #endif
     }
-
-    ssl->dtls13Rtx.seenRecords = NULL;
 }
 
 static int Dtls13DetectDisruption(WOLFSSL* ssl, word32 fragOffset)
@@ -919,7 +950,7 @@ static int Dtls13SendOneFragmentRtx(WOLFSSL* ssl,
         handshakeType, hashOutput, Dtls13SendNow(ssl, handshakeType));
 
     if (rtxRecord != NULL) {
-        if (ret == 0 || ret == WANT_WRITE)
+        if (ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE))
             Dtls13RtxAddRecord(&ssl->dtls13Rtx, rtxRecord);
         else
             Dtls13FreeRtxBufferRecord(ssl, rtxRecord);
@@ -979,7 +1010,7 @@ static int Dtls13SendFragmentedInternal(WOLFSSL* ssl)
         ret = Dtls13SendOneFragmentRtx(ssl,
             (enum HandShakeType)ssl->dtls13FragHandshakeType,
             (word16)recordLength + MAX_MSG_EXTRA, output, (word32)recordLength, 0);
-        if (ret == WANT_WRITE) {
+        if (ret == WC_NO_ERR_TRACE(WANT_WRITE)) {
             ssl->dtls13FragOffset += fragLength;
             return ret;
         }
@@ -1051,45 +1082,26 @@ static WC_INLINE word8 Dtls13GetEpochBits(w64wrapper epoch)
 }
 
 #ifdef WOLFSSL_DTLS_CID
-static byte Dtls13GetCidTxSize(WOLFSSL* ssl)
-{
-    unsigned int cidSz;
-    int ret;
-    ret = wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz);
-    if (ret != WOLFSSL_SUCCESS)
-        return 0;
-    return (byte)cidSz;
-}
-
-static byte Dtls13GetCidRxSize(WOLFSSL* ssl)
-{
-    unsigned int cidSz;
-    int ret;
-    ret = wolfSSL_dtls_cid_get_rx_size(ssl, &cidSz);
-    if (ret != WOLFSSL_SUCCESS)
-        return 0;
-    return (byte)cidSz;
-}
 
 static int Dtls13AddCID(WOLFSSL* ssl, byte* flags, byte* out, word16* idx)
 {
-    byte cidSize;
+    byte cidSz;
     int ret;
 
     if (!wolfSSL_dtls_cid_is_enabled(ssl))
         return 0;
 
-    cidSize = Dtls13GetCidTxSize(ssl);
+    cidSz = DtlsGetCidTxSize(ssl);
 
     /* no cid */
-    if (cidSize == 0)
+    if (cidSz == 0)
         return 0;
     *flags |= DTLS13_CID_BIT;
-    /* we know that we have at least cidSize of space */
-    ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSize);
+    /* we know that we have at least cidSz of space */
+    ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSz);
     if (ret != WOLFSSL_SUCCESS)
         return ret;
-    *idx += cidSize;
+    *idx += cidSz;
     return 0;
 }
 
@@ -1133,10 +1145,13 @@ static int Dtls13UnifiedHeaderParseCID(WOLFSSL* ssl, byte flags,
     return 0;
 }
 
+int Dtls13UnifiedHeaderCIDPresent(byte flags)
+{
+    return Dtls13IsUnifiedHeader(flags) && (flags & DTLS13_CID_BIT);
+}
+
 #else
 #define Dtls13AddCID(a, b, c, d) 0
-#define Dtls13GetCidRxSize(a) 0
-#define Dtls13GetCidTxSize(a) 0
 #define Dtls13UnifiedHeaderParseCID(a, b, c, d, e) 0
 #endif /* WOLFSSL_DTLS_CID */
 
@@ -1208,6 +1223,11 @@ int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output,
     return 0;
 }
 
+int Dtls13MinimumRecordLength(WOLFSSL* ssl)
+{
+    return Dtls13GetRlHeaderLength(ssl, 1) + DTLS13_MIN_CIPHERTEXT;
+}
+
 /**
  * Dtls13EncryptRecordNumber() - encrypt record number in the header
  * @ssl: ssl object
@@ -1224,14 +1244,20 @@ int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr, word16 recordLength)
     if (ssl == NULL || hdr == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef HAVE_NULL_CIPHER
+    /* Do not encrypt record numbers with null cipher. See RFC 9150 Sec 9 */
+    if (ssl->specs.bulk_cipher_algorithm == wolfssl_cipher_null)
+        return 0;
+#endif /*HAVE_NULL_CIPHER */
+
     /* we need at least a 16 bytes of ciphertext to encrypt record number see
        4.2.3*/
-    if (recordLength < Dtls13GetRlHeaderLength(ssl, 1) + DTLS13_MIN_CIPHERTEXT)
+    if (recordLength < Dtls13MinimumRecordLength(ssl))
         return BUFFER_ERROR;
 
     seqLength = (*hdr & DTLS13_LEN_BIT) ? DTLS13_SEQ_16_LEN : DTLS13_SEQ_8_LEN;
 
-    cidSz = Dtls13GetCidTxSize(ssl);
+    cidSz = DtlsGetCidTxSize(ssl);
     /* header flags + seq number + CID size*/
     hdrLength = OPAQUE8_LEN + seqLength + cidSz;
 
@@ -1262,7 +1288,7 @@ word16 Dtls13GetRlHeaderLength(WOLFSSL* ssl, byte isEncrypted)
     if (!isEncrypted)
         return DTLS_RECORD_HEADER_SZ;
 
-    return DTLS13_UNIFIED_HEADER_SIZE + Dtls13GetCidTxSize(ssl);
+    return DTLS13_UNIFIED_HEADER_SIZE + DtlsGetCidTxSize(ssl);
 }
 
 /**
@@ -1389,7 +1415,7 @@ int Dtls13GetUnifiedHeaderSize(WOLFSSL* ssl, const byte input, word16* size)
         return BAD_FUNC_ARG;
 
     /* flags (1) + CID + seq 8bit (1) */
-    *size = OPAQUE8_LEN + Dtls13GetCidRxSize(ssl) + OPAQUE8_LEN;
+    *size = OPAQUE8_LEN + DtlsGetCidRxSize(ssl) + OPAQUE8_LEN;
     if (input & DTLS13_SEQ_LEN_BIT)
         *size += OPAQUE8_LEN;
     if (input & DTLS13_LEN_BIT)
@@ -1452,17 +1478,22 @@ int Dtls13ParseUnifiedRecordLayer(WOLFSSL* ssl, const byte* input,
         hdrInfo->recordLength = inputSize - idx;
     }
 
-    /* minimum size for a dtls1.3 packet is 16 bytes (to have enough ciphertext
-       to create record number xor mask). (draft 43 - Sec 4.2.3) */
-    if (hdrInfo->recordLength < DTLS13_RN_MASK_SIZE)
-        return LENGTH_ERROR;
-    if (inputSize < idx + DTLS13_RN_MASK_SIZE)
-        return BUFFER_ERROR;
+    /* Do not encrypt record numbers with null cipher. See RFC 9150 Sec 9 */
+    if (ssl->specs.bulk_cipher_algorithm != wolfssl_cipher_null)
+    {
+        /* minimum size for a dtls1.3 packet is 16 bytes (to have enough
+         * ciphertext to create record number xor mask).
+         * (draft 43 - Sec 4.2.3) */
+        if (hdrInfo->recordLength < DTLS13_RN_MASK_SIZE)
+            return LENGTH_ERROR;
+        if (inputSize < idx + DTLS13_RN_MASK_SIZE)
+            return BUFFER_ERROR;
 
-    ret = Dtls13EncryptDecryptRecordNumber(ssl, seqNum, seqLen, input + idx,
-        DEPROTECT);
-    if (ret != 0)
-        return ret;
+        ret = Dtls13EncryptDecryptRecordNumber(ssl, seqNum, seqLen, input + idx,
+            DEPROTECT);
+        if (ret != 0)
+            return ret;
+    }
 
     if (seqLen == DTLS13_SEQ_16_LEN) {
         hdrInfo->seqHiPresent = 1;
@@ -1561,7 +1592,7 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl)
         ret = Dtls13SendFragment(ssl, output, (word16)sendSz, r->length + headerLength,
             (enum HandShakeType)r->handshakeType, 0,
             isLast || !ssl->options.groupMessages);
-        if (ret != 0 && ret != WANT_WRITE)
+        if (ret != 0 && ret != WC_NO_ERR_TRACE(WANT_WRITE))
             return ret;
 
         if (r->rnIdx >= DTLS13_RETRANS_RN_SIZE)
@@ -1575,7 +1606,7 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl)
         r->seq[r->rnIdx] = seq;
         r->rnIdx++;
 
-        if (ret == WANT_WRITE) {
+        if (ret == WC_NO_ERR_TRACE(WANT_WRITE)) {
             /* this fragment will be sent eventually. Move it to the end of the
                list so next time we start with a new one. */
             Dtls13RtxMoveToEndOfList(ssl, prevNext, r);
@@ -1682,7 +1713,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size,
     isFirst = fragOff == 0;
     isComplete = isFirst && fragLength == messageLength;
 
-    if (!isComplete && !Dtls13AcceptFragmented(ssl, handshakeType)) {
+    if (!isComplete && !Dtls13AcceptFragmented(ssl, (enum HandShakeType)handshakeType)) {
 #ifdef WOLFSSL_DTLS_CH_FRAG
         byte tls13 = 0;
         /* check if the first CH fragment contains a valid cookie */
@@ -1874,7 +1905,7 @@ int Dtls13HandshakeSend(WOLFSSL* ssl, byte* message, word16 outputSize,
     if (maxLen < maxFrag) {
         ret = Dtls13SendOneFragmentRtx(ssl, handshakeType, outputSize, message,
             length, hashOutput);
-        if (ret == 0 || ret == WANT_WRITE)
+        if (ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE))
             ssl->keys.dtls_handshake_number++;
     }
     else {
@@ -2521,13 +2552,25 @@ static void Dtls13RtxRemoveRecord(WOLFSSL* ssl, w64wrapper epoch,
 int Dtls13DoScheduledWork(WOLFSSL* ssl)
 {
     int ret;
+    int sendAcks;
 
     WOLFSSL_ENTER("Dtls13DoScheduledWork");
 
     ssl->dtls13SendingAckOrRtx = 1;
 
-    if (ssl->dtls13Rtx.sendAcks) {
+#ifdef WOLFSSL_RW_THREADED
+    ret = wc_LockMutex(&ssl->dtls13Rtx.mutex);
+    if (ret < 0)
+        return ret;
+#endif
+    sendAcks = ssl->dtls13Rtx.sendAcks;
+    if (sendAcks) {
         ssl->dtls13Rtx.sendAcks = 0;
+    }
+#ifdef WOLFSSL_RW_THREADED
+    ret = wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+#endif
+    if (sendAcks) {
         ret = SendDtls13Ack(ssl);
         if (ret != 0)
             return ret;
@@ -2584,7 +2627,7 @@ int Dtls13RtxTimeout(WOLFSSL* ssl)
 
     /* Increase timeout on long timeout */
     if (DtlsMsgPoolTimeout(ssl) != 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     return Dtls13RtxSendBuffered(ssl);
 }
@@ -2603,13 +2646,28 @@ static int Dtls13RtxHasKeyUpdateBuffered(WOLFSSL* ssl)
     return 0;
 }
 
+int DoDtls13KeyUpdateAck(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (!Dtls13RtxHasKeyUpdateBuffered(ssl)) {
+        /* we removed the KeyUpdate message because it was ACKed */
+        ssl->dtls13WaitKeyUpdateAck = 0;
+        ret = Dtls13KeyUpdateAckReceived(ssl);
+    }
+
+    return ret;
+}
+
 int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize,
     word32* processedSize)
 {
     const byte* ackMessage;
     w64wrapper epoch, seq;
     word16 length;
+#ifndef WOLFSSL_RW_THREADED
     int ret;
+#endif
     int i;
 
     if (inputSize < OPAQUE16_LEN)
@@ -2641,15 +2699,13 @@ int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize,
         ssl->options.serverState = SERVER_FINISHED_ACKED;
     }
 
+#ifndef WOLFSSL_RW_THREADED
     if (ssl->dtls13WaitKeyUpdateAck) {
-        if (!Dtls13RtxHasKeyUpdateBuffered(ssl)) {
-            /* we removed the KeyUpdate message because it was ACKed */
-            ssl->dtls13WaitKeyUpdateAck = 0;
-            ret = Dtls13KeyUpdateAckReceived(ssl);
-            if (ret != 0)
-                return ret;
-        }
+        ret = DoDtls13KeyUpdateAck(ssl);
+        if (ret != 0)
+            return ret;
     }
+#endif
 
     *processedSize = length + OPAQUE16_LEN;
 
@@ -2700,9 +2756,17 @@ int SendDtls13Ack(WOLFSSL* ssl)
     if (ret != 0)
         return ret;
 
-    ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length);
-    if (ret != 0)
+#ifdef WOLFSSL_RW_THREADED
+    ret = wc_LockMutex(&ssl->dtls13Rtx.mutex);
+    if (ret < 0)
         return ret;
+#endif
+    ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length);
+#ifdef WOLFSSL_RW_THREADED
+    wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+#endif
+        if (ret != 0)
+            return ret;
 
     output = GetOutputBuffer(ssl);
 
diff --git a/src/include.am b/src/include.am
index 1bfc754f7..876ba7c65 100644
--- a/src/include.am
+++ b/src/include.am
@@ -72,10 +72,14 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
 if BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
 else
+if BUILD_AESGCM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
+endif
+if BUILD_AESXTS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
 endif
 endif
+endif
 
 if BUILD_DES3
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/des3.c
@@ -164,21 +168,27 @@ if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
 endif BUILD_ARMASM
 if BUILD_ARMASM_NEON
-if !BUILD_ARMASM_CRYPTO
 if BUILD_ARMASM_INLINE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
 endif !BUILD_ARMASM_INLINE
-endif !BUILD_ARMASM_CRYPTO
 else
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
@@ -188,10 +198,14 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
 if BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
 else
+if BUILD_AESGCM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
+endif
+if BUILD_AESXTS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
 endif
 endif
+endif
 
 if BUILD_RISCV_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-aes.c
@@ -213,11 +227,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256.c
@@ -250,11 +272,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
@@ -279,13 +309,24 @@ endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM_NEON
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha3.c
+endif BUILD_RISCV_ASM
 if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
@@ -333,21 +374,27 @@ if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
 endif BUILD_ARMASM
 if BUILD_ARMASM_NEON
-if !BUILD_ARMASM_CRYPTO
 if BUILD_ARMASM_INLINE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
 endif !BUILD_ARMASM_INLINE
-endif !BUILD_ARMASM_CRYPTO
 else
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
@@ -358,10 +405,14 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
 if BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
 else
+if BUILD_AESGCM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
+endif
+if BUILD_AESXTS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
 endif
 endif
+endif
 
 if BUILD_SHA
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha.c
@@ -378,11 +429,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha256.c
@@ -413,11 +472,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
@@ -440,13 +507,24 @@ endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM_NEON
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha3.c
+endif BUILD_RISCV_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
 endif
@@ -487,13 +565,29 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.
 endif !BUILD_ARMASM_INLINE
 else
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+endif
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+endif
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif !BUILD_ARMASM_NEON
 endif BUILD_ARMASM
@@ -597,11 +691,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 if !BUILD_X86_ASM
@@ -695,23 +797,37 @@ if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
 endif BUILD_ARMASM
 if BUILD_ARMASM_NEON
-if !BUILD_ARMASM_CRYPTO
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
-endif !BUILD_ARMASM_CRYPTO
 else
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-aes-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
 endif !BUILD_ARMASM_NEON
@@ -762,11 +878,19 @@ else
 if BUILD_ARMASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512.c
@@ -793,13 +917,24 @@ endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM_NEON
 if BUILD_ARMASM
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+endif
+if BUILD_ARM_THUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif BUILD_ARMASM
+if BUILD_RISCV_ASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha3.c
+endif BUILD_RISCV_ASM
 if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha3_asm.S
@@ -912,8 +1047,28 @@ if !BUILD_FIPS_RAND
 
 if BUILD_POLY1305
 if BUILD_ARMASM
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-poly1305.c
 endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305.c
+endif
+if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
+endif
+else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
+endif
+endif !BUILD_ARMASM_INLINE
+endif
 if BUILD_RISCV_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-poly1305.c
 endif
@@ -957,11 +1112,15 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
 if BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
 else
+if BUILD_AESGCM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
+endif
+if BUILD_AESXTS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
 endif
 endif
 endif
+endif
 
 if BUILD_CAMELLIA
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/camellia.c
@@ -983,25 +1142,50 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/blake2s.c
 endif
 
 if BUILD_CHACHA
-if BUILD_ARMASM_NEON
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha.c
+if !BUILD_CHACHA_NOASM
+if BUILD_ARMASM
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-chacha.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha.c
+endif
+if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
+endif
+else
+if BUILD_ARM_NONTHUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-chacha-asm.S
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-chacha-asm.S
+endif
+endif !BUILD_ARMASM_INLINE
 else
 if BUILD_RISCV_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-chacha.c
-else
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha.c
-endif !BUILD_RISCV_ASM
+endif BUILD_RISCV_ASM
 if !BUILD_X86_ASM
 if BUILD_INTELASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha_asm.S
 endif BUILD_INTELASM
 endif !BUILD_X86_ASM
-endif !BUILD_ARMASM_NEON
+endif !BUILD_ARMASM
+endif !BUILD_CHACHA_NOASM
 if BUILD_POLY1305
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha20_poly1305.c
 endif BUILD_POLY1305
 endif BUILD_CHACHA
 
+if BUILD_ASCON
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ascon.c
+endif
+
 if !BUILD_INLINE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/misc.c
 endif
@@ -1027,14 +1211,36 @@ if BUILD_SAKKE
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sakke.c
 endif
 
-if BUILD_WC_KYBER
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber.c
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_poly.c
+if BUILD_WC_MLKEM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_mlkem.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_mlkem_poly.c
+if BUILD_ARMASM
+if BUILD_ARM_THUMB
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-mlkem-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-mlkem-asm.S
+endif !BUILD_ARMASM_INLINE
+else
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-mlkem-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-mlkem-asm.S
+endif !BUILD_ARMASM_INLINE
+endif !BUILD_ARM_THUMB
+endif BUILD_ARMASM
 if !BUILD_X86_ASM
 if BUILD_INTELASM
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_asm.S
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_mlkem_asm.S
 endif
 endif
+if BUILD_ARMASM_NEON
+if BUILD_ARMASM_INLINE
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-mlkem-asm_c.c
+else
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-mlkem-asm.S
+endif !BUILD_ARMASM_INLINE
+endif BUILD_ARMASM_NEON
 endif
 
 if BUILD_DILITHIUM
@@ -1074,21 +1280,45 @@ if BUILD_ARMASM
 if !BUILD_FIPS_V6
 if BUILD_ARMASM_NEON
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+endif
 else
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+endif
 endif !BUILD_ARMASM_INLINE
 else
 if BUILD_ARMASM_INLINE
+if BUILD_ARM_NONTHUMB
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+endif
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
 else
+if BUILD_ARM_NONTHUMB
+if BUILD_ARM_32
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-curve25519.S
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
+if BUILD_ARM_64
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+endif
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif !BUILD_ARMASM_NEON
 endif !BUILD_FIPS_V6
@@ -1120,11 +1350,19 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.
 endif !BUILD_ARMASM_INLINE
 else
 if BUILD_ARMASM_INLINE
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519_c.c
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+endif
 else
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+if BUILD_ARM_NONTHUMB
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+endif
+if BUILD_ARM_THUMB
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-curve25519.S
+endif
 endif !BUILD_ARMASM_INLINE
 endif !BUILD_ARMASM_NEON
 else
@@ -1161,7 +1399,7 @@ if BUILD_LIBOQS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/falcon.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dilithium.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sphincs.c
-src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_kyber.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_mlkem.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/liboqs/liboqs.c
 endif
 
diff --git a/src/internal.c b/src/internal.c
index 4ba6013fe..2fce64fee 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1,6 +1,6 @@
 /* internal.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /*
  * WOLFSSL_SMALL_CERT_VERIFY:
@@ -94,12 +88,6 @@
  *      pair
  */
 
-
-#ifdef EXTERNAL_OPTS_OPENVPN
-#error EXTERNAL_OPTS_OPENVPN should not be defined\
-    when building wolfSSL
-#endif
-
 #ifndef WOLFCRYPT_ONLY
 
 #include <wolfssl/internal.h>
@@ -165,7 +153,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
     #error Cannot use both secure-renegotiation and renegotiation-indication
 #endif
 
-#ifndef WOLFSSL_NO_TLS12
+#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12)
 
 #ifndef NO_WOLFSSL_CLIENT
     static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
@@ -178,7 +166,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
         static int DoSessionTicket(WOLFSSL* ssl, const byte* input,
                                    word32* inOutIdx, word32 size);
     #endif
-#endif
+#endif /* !NO_WOLFSSL_CLIENT */
 
 
 #ifndef NO_WOLFSSL_SERVER
@@ -191,7 +179,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
     #endif
 #endif /* !NO_WOLFSSL_SERVER */
 
-#endif /* !WOLFSSL_NO_TLS12 */
+#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */
 
 #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET)
     #if defined(WOLFSSL_HAPROXY)
@@ -199,7 +187,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
     #else
         #define SSL_TICKET_CTX(ssl) ssl->ctx->ticketEncCtx
     #endif
-    #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
+    #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS)
         static int TicketEncCbCtx_Init(WOLFSSL_CTX* ctx,
                                        TicketEncCbCtx* keyCtx);
         static void TicketEncCbCtx_Free(TicketEncCbCtx* keyCtx);
@@ -210,8 +198,10 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
                                   int enc, byte* ticket, int inLen, int* outLen,
                                   void* userCtx);
     #endif
-#endif
+#endif /* !NO_WOLFSSL_SERVER && HAVE_SESSION_TICKET */
 
+int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, byte* additional,
+                      byte dec, byte** seq, int verifyOrder);
 
 #ifdef WOLFSSL_DTLS
     static int _DtlsCheckWindow(WOLFSSL* ssl);
@@ -246,13 +236,14 @@ enum processReply {
 };
 
 
-#ifndef WOLFSSL_NO_TLS12
+#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12)
 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
 
 /* Server random bytes for TLS v1.3 described downgrade protection mechanism. */
 static const byte tls13Downgrade[7] = {
     0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44
 };
+
 #define TLS13_DOWNGRADE_SZ  sizeof(tls13Downgrade)
 
 #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
@@ -263,7 +254,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
 
 #endif
 
-#endif /* !WOLFSSL_NO_TLS12 */
+#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */
 
 
 #if !defined(NO_CERT) && defined(WOLFSSL_BLIND_PRIVATE_KEY)
@@ -306,7 +297,7 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
         xorbuf(key->buffer, mask->buffer, mask->length);
     }
 }
-#endif
+#endif /* !NO_CERT && WOLFSSL_BLIND_PRIVATE_KEY */
 
 
 #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -611,24 +602,24 @@ int IsAtLeastTLSv1_3(const ProtocolVersion pv)
 
 int IsEncryptionOn(const WOLFSSL* ssl, int isSend)
 {
-    #ifdef WOLFSSL_DTLS
+#ifdef WOLFSSL_DTLS
     /* For DTLS, epoch 0 is always not encrypted. */
     if (ssl->options.dtls && !isSend) {
         if (!IsAtLeastTLSv1_3(ssl->version) && ssl->keys.curEpoch == 0)
             return 0;
-#ifdef WOLFSSL_DTLS13
+    #ifdef WOLFSSL_DTLS13
         else if (IsAtLeastTLSv1_3(ssl->version)
                      && w64IsZero(ssl->keys.curEpoch64))
             return 0;
-#endif /* WOLFSSL_DTLS13 */
+    #endif /* WOLFSSL_DTLS13 */
 
     }
-    #endif /* WOLFSSL_DTLS */
-    #ifdef WOLFSSL_QUIC
+#endif /* WOLFSSL_DTLS */
+#ifdef WOLFSSL_QUIC
         if (WOLFSSL_IS_QUIC(ssl) && IsAtLeastTLSv1_3(ssl->version)) {
             return 0;
         }
-    #endif
+#endif /* WOLFSSL_QUIC */
     return ssl->keys.encryptionOn &&
         (isSend ? ssl->encrypt.setup : ssl->decrypt.setup);
 }
@@ -796,16 +787,16 @@ static int ExportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver,
             ssl->specs.bulk_cipher_algorithm == wolfssl_aes) {
         byte *pt = (byte*)ssl->encrypt.aes->reg;
 
-        if ((idx + 2*AES_BLOCK_SIZE) > len) {
+        if ((idx + 2*WC_AES_BLOCK_SIZE) > len) {
             WOLFSSL_MSG("Can not fit AES state into buffer");
             return BUFFER_E;
         }
-        XMEMCPY(exp + idx, pt, AES_BLOCK_SIZE);
-        idx += AES_BLOCK_SIZE;
+        XMEMCPY(exp + idx, pt, WC_AES_BLOCK_SIZE);
+        idx += WC_AES_BLOCK_SIZE;
 
         pt = (byte*)ssl->decrypt.aes->reg;
-        XMEMCPY(exp + idx, pt, AES_BLOCK_SIZE);
-        idx += AES_BLOCK_SIZE;
+        XMEMCPY(exp + idx, pt, WC_AES_BLOCK_SIZE);
+        idx += WC_AES_BLOCK_SIZE;
     }
 
     WOLFSSL_LEAVE("ExportCipherSpecState", idx);
@@ -1048,12 +1039,12 @@ static int ImportCipherSpecState(WOLFSSL* ssl, const byte* exp, word32 len,
     if (type == WOLFSSL_EXPORT_TLS &&
             ssl->specs.bulk_cipher_algorithm == wolfssl_aes) {
         byte *pt = (byte*)ssl->encrypt.aes->reg;
-        XMEMCPY(pt, exp + idx, AES_BLOCK_SIZE);
-        idx += AES_BLOCK_SIZE;
+        XMEMCPY(pt, exp + idx, WC_AES_BLOCK_SIZE);
+        idx += WC_AES_BLOCK_SIZE;
 
         pt = (byte*)ssl->decrypt.aes->reg;
-        XMEMCPY(pt, exp + idx, AES_BLOCK_SIZE);
-        idx += AES_BLOCK_SIZE;
+        XMEMCPY(pt, exp + idx, WC_AES_BLOCK_SIZE);
+        idx += WC_AES_BLOCK_SIZE;
     }
 
     WOLFSSL_LEAVE("ImportCipherSpecState", idx);
@@ -2108,9 +2099,9 @@ int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, word32* sz,
 
         /* possible AES state needed */
         if (type == WOLFSSL_EXPORT_TLS) {
-            *sz += AES_BLOCK_SIZE*2;
+            *sz += WC_AES_BLOCK_SIZE*2;
         }
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (ret == 0) {
@@ -2268,7 +2259,227 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
 
     return InitSSL_Suites(ssl);
 }
-#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
+#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE ||
+        * WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+/* Check the wolfssl method meets minimum requirements for
+ * the given security level.
+ *
+ * Returns  0 if method meets security level.
+ * Returns  CRYPTO_POLICY_FORBIDDEN otherwise.
+ * */
+static int wolfSSL_crypto_policy_method_allowed(WOLFSSL_METHOD * method,
+                                                int level)
+{
+    if (level == 0) {
+        /* permissive, no restrictions. */
+        return 0;
+    }
+
+    #ifdef WOLFSSL_DTLS
+    if (method->version.major == DTLS_MAJOR) {
+        if (method->version.minor == DTLS_MINOR) {
+            /* sec level must be 1 or lower. */
+            if (level > 1) {
+                return CRYPTO_POLICY_FORBIDDEN;
+            }
+        }
+    }
+    else
+    #endif /* WOLFSSL_DTLS */
+    {
+        if (method->version.minor == SSLv3_MINOR) {
+            /* sec level must be 0. */
+            if (level > 0) {
+                return CRYPTO_POLICY_FORBIDDEN;
+            }
+        }
+        else if (method->version.minor == TLSv1_MINOR ||
+                 method->version.minor == TLSv1_1_MINOR) {
+            /* sec level must be 1 or lower. */
+            if (level > 1) {
+                return CRYPTO_POLICY_FORBIDDEN;
+            }
+        }
+    }
+
+    /* nothing else to check, all other combinations ok. */
+
+    return 0;
+}
+
+/* Configure the CTX to conform to the security policy.
+ *
+ * Also, check the WOLFSSL_METHOD against the supplied security
+ * level.
+ *
+ * Returns  CRYPTO_POLICY_FORBIDDEN if not allowed per policy.
+ * Returns  BAD_FUNC_ARG on null args.
+ * Returns  0 if ok.
+ * */
+int wolfSSL_crypto_policy_init_ctx(WOLFSSL_CTX * ctx,
+                                   WOLFSSL_METHOD * method)
+{
+    byte         minDowngrade = 0x00;
+    #ifdef WOLFSSL_DTLS
+    int          dtls = 0;
+    #endif /* WOLFSSL_DTLS */
+    int          level = 0;
+    #if !defined(NO_DH) || !defined(NO_RSA)
+    word16       minKeySz = 0; /* minimum DH or RSA key size */
+    #endif /* !NO_DH || !NO_RSA*/
+    #ifdef HAVE_ECC
+    short        minEccKeySz = 0; /* minimum allowed ECC key size */
+    #endif /* HAVE_ECC */
+
+
+    if (ctx == NULL || method == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    #ifdef WOLFSSL_DTLS
+    dtls = (method->version.major == DTLS_MAJOR);
+    #endif /* WOLFSSL_DTLS */
+
+    /* get the crypto policy security level. */
+    level = wolfSSL_crypto_policy_get_level();
+
+    if (level < 0 || level > 5) {
+        WOLFSSL_MSG_EX("crypto_policy_init_ctx: invalid level: %d", level);
+        return BAD_FUNC_ARG;
+    }
+
+    /* Check requested method per security level. */
+    if (wolfSSL_crypto_policy_method_allowed(method, level) != 0) {
+        WOLFSSL_MSG_EX("crypto_policy_init_ctx: "
+                       "method=%d, SECLEVEL=%d combination not allowed",
+                       method->version.minor, level);
+        return CRYPTO_POLICY_FORBIDDEN;
+    }
+
+    /* Set appropriate min downgrade per security level. */
+    #ifdef WOLFSSL_DTLS
+    if (dtls) {
+        switch (level) {
+        case 1:
+            minDowngrade = DTLS_MINOR;
+            break;
+        case 2:
+        case 3:
+        case 4:
+        case 5:
+            minDowngrade = DTLSv1_2_MINOR;
+            break;
+        case 0:
+        default:
+            /* Permissive, no restrictions. Allow defaults. */
+            minDowngrade = WOLFSSL_MIN_DTLS_DOWNGRADE;
+            break;
+        }
+    }
+    else
+    #endif /* WOLFSSL_DTLS */
+    {
+        switch (level) {
+        case 1:
+            /* prohibit SSLv3 and lower. */
+            minDowngrade = TLSv1_MINOR;
+            break;
+        case 2:
+        case 3:
+        case 4:
+        case 5:
+            /* prohibit TLSv1_1 and lower. */
+            minDowngrade = TLSv1_2_MINOR;
+            break;
+        case 0:
+        default:
+            ctx->minDowngrade = WOLFSSL_MIN_DOWNGRADE;
+            break;
+        }
+    }
+
+    /* Set min RSA and DH key size. */
+    #if !defined(NO_DH) || !defined(NO_RSA)
+    switch (level) {
+    case 1:
+        minKeySz = 128; /* 1024 bits / 8 */
+        break;
+    case 2:
+        minKeySz = 256; /* 2048 bits / 8 */
+        break;
+    case 3:
+        minKeySz = 384; /* 3072 bits / 8 */
+        break;
+    case 4:
+        minKeySz = 960; /* 7680 bits / 8 */
+        break;
+    case 5:
+        minKeySz = 1920; /* 15360 bits / 8 */
+        break;
+    case 0:
+    default:
+        break;
+    }
+    #endif /* !NO_DH || !NO_RSA*/
+
+    /* Set min ECC key size. */
+    #ifdef HAVE_ECC
+    switch (level) {
+    case 1:
+        minEccKeySz = 20; /* 160 bits / 8 */
+        break;
+    case 2:
+        minEccKeySz = 28; /* 224 bits / 8 */
+        break;
+    case 3:
+        minEccKeySz = 32; /* 256 bits / 8 */
+        break;
+    case 4:
+        minEccKeySz = 48; /* 384 bits / 8 */
+        break;
+    case 5:
+        minEccKeySz = 64; /* 512 bits / 8 */
+        break;
+    default:
+    case 0:
+        break;
+    }
+    #endif /* HAVE_ECC */
+
+    /* Finally set the ctx values. */
+    ctx->minDowngrade = minDowngrade;
+    ctx->secLevel = level;
+    ctx->method = method;
+
+    #if !defined(NO_DH) || !defined(NO_RSA)
+    if (minKeySz > 0) {
+        #ifndef NO_DH
+        if (minKeySz > MAX_DHKEY_SZ) {
+            WOLFSSL_MSG_EX("crypto_policy_init_ctx: minKeySz=%d, "
+                           "but MAX_DHKEY_SZ=%d",
+                           minKeySz, MAX_DHKEY_SZ);
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+        ctx->minDhKeySz  = minKeySz;
+        ctx->maxDhKeySz  = MAX_DHKEY_SZ;
+        #endif /* NO_DH */
+        #ifndef NO_RSA
+        ctx->minRsaKeySz = minKeySz;
+        #endif /* NO_RSA */
+    }
+    #endif /* !NO_DH || !NO_RSA*/
+
+    #ifdef HAVE_ECC
+    if (minEccKeySz > 0) {
+        ctx->minEccKeySz  = minEccKeySz;
+    }
+    #endif /* HAVE_ECC */
+
+    return 0;
+}
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 
 /* Initialize SSL context, return 0 on success */
 int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
@@ -2297,7 +2508,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
         ctx->minDowngrade = WOLFSSL_MIN_DOWNGRADE;
     }
 
-    wolfSSL_RefInit(&ctx->ref, &ret);
+    wolfSSL_RefWithMutexInit(&ctx->ref, &ret);
 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
     if (ret < 0) {
         WOLFSSL_MSG("Mutex error on CTX init");
@@ -2323,6 +2534,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
 #ifndef NO_RSA
     ctx->minRsaKeySz = MIN_RSAKEY_SZ;
 #endif
+
 #ifdef HAVE_ECC
     ctx->minEccKeySz  = MIN_ECCKEY_SZ;
     ctx->eccTempKeySz = ECDHE_SIZE;
@@ -2499,7 +2711,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
 #endif /* HAVE_EXTENDED_MASTER && !NO_WOLFSSL_CLIENT */
 
 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
-#ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB
+#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS)
     ret = TicketEncCbCtx_Init(ctx, &ctx->ticketKeyCtx);
     if (ret != 0) return ret;
     ctx->ticketEncCb = DefTicketEncCb;
@@ -2547,6 +2759,14 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
     ctx->doAppleNativeCertValidationFlag = 0;
 #endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    ret = wolfSSL_crypto_policy_init_ctx(ctx, method);
+    if (ret != 0) {
+        WOLFSSL_MSG_EX("crypto_policy_init_ctx returned %d", ret);
+        return ret;
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     return ret;
 }
 
@@ -2565,7 +2785,7 @@ void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data)
 
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
 /* free all ech configs in the list */
-static void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap)
+void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap)
 {
     WOLFSSL_EchConfig* working_config = configs;
     WOLFSSL_EchConfig* next_config;
@@ -2590,7 +2810,7 @@ static void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap)
 
     (void)heap;
 }
-#endif
+#endif /* WOLFSSL_TLS13 && HAVE_ECH */
 
 /* In case contexts are held in array and don't want to free actual ctx. */
 
@@ -2620,7 +2840,9 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
     wolfEventQueue_Free(&ctx->event_queue);
 #endif /* HAVE_WOLF_EVENT */
 
+#ifndef NO_TLS /* its a static global see ssl.c "gNoTlsMethod" */
     XFREE(ctx->method, heapAtCTXInit, DYNAMIC_TYPE_METHOD);
+#endif
     ctx->method = NULL;
 
     XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
@@ -2769,25 +2991,6 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
     (void)heapAtCTXInit;
 }
 
-#ifdef WOLFSSL_STATIC_MEMORY
-static void SSL_CtxResourceFreeStaticMem(void* heap)
-{
-#ifndef SINGLE_THREADED
-    if (heap != NULL
-    #ifdef WOLFSSL_HEAP_TEST
-        /* avoid dereferencing a test value */
-         && heap != (void*)WOLFSSL_HEAP_TEST
-    #endif
-    ) {
-        WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap;
-        WOLFSSL_HEAP*      mem  = hint->memory;
-        wc_FreeMutex(&mem->memory_mutex);
-    }
-#else
-    (void)heap;
-#endif
-}
-#endif /* WOLFSSL_STATIC_MEMORY */
 
 void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
 {
@@ -2801,7 +3004,7 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
 #endif
 
     /* decrement CTX reference count */
-    wolfSSL_RefDec(&ctx->ref, &isZero, &ret);
+    wolfSSL_RefWithMutexDec(&ctx->ref, &isZero, &ret);
 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
     if (ret < 0) {
         /* check error state, if mutex error code then mutex init failed but
@@ -2809,9 +3012,6 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
         if (ctx->err == WC_NO_ERR_TRACE(CTX_INIT_MUTEX_E)) {
             SSL_CtxResourceFree(ctx);
             XFREE(ctx, heap, DYNAMIC_TYPE_CTX);
-        #ifdef WOLFSSL_STATIC_MEMORY
-            SSL_CtxResourceFreeStaticMem(heap);
-        #endif
         }
         return;
     }
@@ -2821,17 +3021,23 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
 
     if (isZero) {
         WOLFSSL_MSG("CTX ref count down to 0, doing full free");
-
+#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \
+    !defined(NO_SHA256) && !defined(WC_NO_RNG)
+        if (ctx->srp != NULL) {
+            XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP);
+            ctx->srp_password = NULL;
+            wc_SrpTerm(ctx->srp);
+            XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP);
+            ctx->srp = NULL;
+        }
+#endif
         SSL_CtxResourceFree(ctx);
 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
-    !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
+    !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS)
         TicketEncCbCtx_Free(&ctx->ticketKeyCtx);
 #endif
         wolfSSL_RefFree(&ctx->ref);
         XFREE(ctx, heap, DYNAMIC_TYPE_CTX);
-    #ifdef WOLFSSL_STATIC_MEMORY
-        SSL_CtxResourceFreeStaticMem(heap);
-    #endif
     }
     else {
         WOLFSSL_MSG("CTX ref count not 0 yet, no free");
@@ -2885,100 +3091,92 @@ void InitCiphers(WOLFSSL* ssl)
 
 }
 
+static void FreeCiphersSide(Ciphers *cipher, void* heap)
+{
+#ifdef BUILD_ARC4
+    wc_Arc4Free(cipher->arc4);
+    XFREE(cipher->arc4, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->arc4 = NULL;
+#endif
+#ifdef BUILD_DES3
+    wc_Des3Free(cipher->des3);
+    XFREE(cipher->des3, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->des3 = NULL;
+#endif
+#if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA)
+    /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes,
+     * dec->aes) */
+    wc_AesFree(cipher->aes);
+    XFREE(cipher->aes, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->aes = NULL;
+#endif
+#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
+    wc_Sm4Free(cipher->sm4);
+    XFREE(cipher->sm4, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->sm4 = NULL;
+#endif
+#if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM) || defined(HAVE_ARIA)) && \
+    !defined(WOLFSSL_NO_TLS12)
+    XFREE(cipher->additional, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->additional = NULL;
+#endif
+#ifdef CIPHER_NONCE
+    XFREE(cipher->nonce, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->nonce = NULL;
+#endif
+#ifdef HAVE_ARIA
+    wc_AriaFreeCrypt(cipher->aria);
+    XFREE(cipher->aria, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->aria = NULL;
+#endif
+#ifdef HAVE_CAMELLIA
+    XFREE(cipher->cam, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->cam = NULL;
+#endif
+#ifdef HAVE_CHACHA
+    if (cipher->chacha)
+        ForceZero(cipher->chacha, sizeof(ChaCha));
+    XFREE(cipher->chacha, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->chacha = NULL;
+#endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
+    wc_HmacFree(cipher->hmac);
+    XFREE(cipher->hmac, heap, DYNAMIC_TYPE_CIPHER);
+    cipher->hmac = NULL;
+#endif
+}
 
 /* Free ciphers */
 void FreeCiphers(WOLFSSL* ssl)
 {
-    (void)ssl;
-#ifdef BUILD_ARC4
-    wc_Arc4Free(ssl->encrypt.arc4);
-    wc_Arc4Free(ssl->decrypt.arc4);
-    XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef BUILD_DES3
-    wc_Des3Free(ssl->encrypt.des3);
-    wc_Des3Free(ssl->decrypt.des3);
-    XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA)
-    /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes, dec->aes) */
-    wc_AesFree(ssl->encrypt.aes);
-    wc_AesFree(ssl->decrypt.aes);
-    XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
-    wc_Sm4Free(ssl->encrypt.sm4);
-    wc_Sm4Free(ssl->decrypt.sm4);
-    XFREE(ssl->encrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM) || defined(HAVE_ARIA)) && \
-    !defined(WOLFSSL_NO_TLS12)
-    XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef CIPHER_NONCE
-    XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_ARIA
-    wc_AriaFreeCrypt(ssl->encrypt.aria);
-    wc_AriaFreeCrypt(ssl->decrypt.aria);
-    XFREE(ssl->encrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_CAMELLIA
-    XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#ifdef HAVE_CHACHA
-    if (ssl->encrypt.chacha)
-        ForceZero(ssl->encrypt.chacha, sizeof(ChaCha));
-    if (ssl->decrypt.chacha)
-        ForceZero(ssl->decrypt.chacha, sizeof(ChaCha));
-    XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
+    FreeCiphersSide(&ssl->encrypt, ssl->heap);
+    FreeCiphersSide(&ssl->decrypt, ssl->heap);
+
 #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH)
     if (ssl->auth.poly1305)
         ForceZero(ssl->auth.poly1305, sizeof(Poly1305));
     XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER);
-#endif
-#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
-    wc_HmacFree(ssl->encrypt.hmac);
-    wc_HmacFree(ssl->decrypt.hmac);
-    XFREE(ssl->encrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->decrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER);
+    ssl->auth.poly1305 = NULL;
 #endif
 
 #ifdef WOLFSSL_DTLS13
 #ifdef BUILD_AES
-    if (ssl->dtlsRecordNumberEncrypt.aes != NULL) {
-        wc_AesFree(ssl->dtlsRecordNumberEncrypt.aes);
-        XFREE(ssl->dtlsRecordNumberEncrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-        ssl->dtlsRecordNumberEncrypt.aes = NULL;
-    }
-    if (ssl->dtlsRecordNumberDecrypt.aes != NULL) {
-        wc_AesFree(ssl->dtlsRecordNumberDecrypt.aes);
-        XFREE(ssl->dtlsRecordNumberDecrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
-        ssl->dtlsRecordNumberDecrypt.aes = NULL;
-    }
+    wc_AesFree(ssl->dtlsRecordNumberEncrypt.aes);
+    wc_AesFree(ssl->dtlsRecordNumberDecrypt.aes);
+    XFREE(ssl->dtlsRecordNumberEncrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
+    XFREE(ssl->dtlsRecordNumberDecrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
+    ssl->dtlsRecordNumberEncrypt.aes = NULL;
+    ssl->dtlsRecordNumberDecrypt.aes = NULL;
 #endif /* BUILD_AES */
 #ifdef HAVE_CHACHA
-    XFREE(ssl->dtlsRecordNumberEncrypt.chacha,
-          ssl->heap, DYNAMIC_TYPE_CIPHER);
-    XFREE(ssl->dtlsRecordNumberDecrypt.chacha,
-          ssl->heap, DYNAMIC_TYPE_CIPHER);
+    XFREE(ssl->dtlsRecordNumberEncrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
+    XFREE(ssl->dtlsRecordNumberDecrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
     ssl->dtlsRecordNumberEncrypt.chacha = NULL;
     ssl->dtlsRecordNumberDecrypt.chacha = NULL;
 #endif /* HAVE_CHACHA */
 #endif /* WOLFSSL_DTLS13 */
 }
 
-
 void InitCipherSpecs(CipherSpecs* cs)
 {
     XMEMSET(cs, 0, sizeof(CipherSpecs));
@@ -3257,8 +3455,8 @@ int AllocateSuites(WOLFSSL* ssl)
 void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
                 word16 havePSK, word16 haveDH, word16 haveECDSAsig,
                 word16 haveECC, word16 haveStaticRSA, word16 haveStaticECC,
-                word16 haveFalconSig, word16 haveDilithiumSig, word16 haveAnon,
-                word16 haveNull, int side)
+                word16 haveAnon, word16 haveNull, word16 haveAES128,
+                word16 haveSHA1, word16 haveRC4, int side)
 {
     word16 idx = 0;
     int    tls    = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
@@ -3270,11 +3468,15 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     int    haveRSAsig = 1;
 
 #ifdef WOLFSSL_DTLS
-    /* If DTLS v1.2 or later than set tls1_2 flag */
-    if (pv.major == DTLS_MAJOR && pv.minor <= DTLSv1_2_MINOR) {
-        tls1_2 = 1;
+    if (pv.major == DTLS_MAJOR) {
+        dtls   = 1;
+        tls    = 1;
+        /* May be dead assignments dependent upon configuration */
+        (void) dtls;
+        (void) tls;
+        tls1_2 = pv.minor <= DTLSv1_2_MINOR;
     }
-#endif
+#endif /* WOLFSSL_DTLS */
 
     (void)tls;  /* shut up compiler */
     (void)tls1_2;
@@ -3290,8 +3492,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     (void)haveRSAsig; /* non ecc builds won't read */
     (void)haveAnon;   /* anon ciphers optional */
     (void)haveNull;
-    (void)haveFalconSig;
-    (void)haveDilithiumSig;
+    (void)haveAES128;
+    (void)haveSHA1;
+    (void)haveRC4;
 
     if (suites == NULL) {
         WOLFSSL_MSG("InitSuites pointer error");
@@ -3302,13 +3505,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         return;      /* trust user settings, don't override */
 
 #ifdef WOLFSSL_TLS13
-#ifdef BUILD_TLS_AES_128_GCM_SHA256
-    if (tls1_3) {
-        suites->suites[idx++] = TLS13_BYTE;
-        suites->suites[idx++] = TLS_AES_128_GCM_SHA256;
-    }
-#endif
-
 #ifdef BUILD_TLS_AES_256_GCM_SHA384
     if (tls1_3) {
         suites->suites[idx++] = TLS13_BYTE;
@@ -3316,6 +3512,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     }
 #endif
 
+#ifdef BUILD_TLS_AES_128_GCM_SHA256
+    if (tls1_3 && haveAES128) {
+        suites->suites[idx++] = TLS13_BYTE;
+        suites->suites[idx++] = TLS_AES_128_GCM_SHA256;
+    }
+#endif
+
 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
     if (tls1_3) {
         suites->suites[idx++] = TLS13_BYTE;
@@ -3324,14 +3527,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_AES_128_CCM_SHA256
-    if (tls1_3) {
+    if (tls1_3 && haveAES128) {
         suites->suites[idx++] = TLS13_BYTE;
         suites->suites[idx++] = TLS_AES_128_CCM_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
-    if (tls1_3) {
+    if (tls1_3 && haveAES128) {
         suites->suites[idx++] = TLS13_BYTE;
         suites->suites[idx++] = TLS_AES_128_CCM_8_SHA256;
     }
@@ -3343,6 +3546,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = TLS_SM4_GCM_SM3;
     }
 #endif
+
 #ifdef BUILD_TLS_SM4_CCM_SM3
     if (tls1_3) {
         suites->suites[idx++] = CIPHER_BYTE;
@@ -3383,17 +3587,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     haveRSAsig = 0;    /* can't have RSA sig if don't have RSA */
 #endif
 
-#ifdef WOLFSSL_DTLS
-    if (pv.major == DTLS_MAJOR) {
-        dtls   = 1;
-        tls    = 1;
-        /* May be dead assignments dependent upon configuration */
-        (void) dtls;
-        (void) tls;
-        tls1_2 = pv.minor <= DTLSv1_2_MINOR;
-    }
-#endif
-
 #ifdef HAVE_RENEGOTIATION_INDICATION
     if (side == WOLFSSL_CLIENT_END) {
         suites->suites[idx++] = CIPHER_BYTE;
@@ -3409,7 +3602,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && haveECC) {
+    if (tls1_2 && haveECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
     }
@@ -3429,9 +3622,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
     #ifdef OPENSSL_EXTRA
-    if ((tls1_2 && haveRSA) || (tls1_2 && haveECDSAsig)) {
+    if ((tls1_2 && haveRSA && haveAES128) ||
+        (tls1_2 && haveECDSAsig && haveAES128)) {
     #else
-    if (tls1_2 && haveRSA) {
+    if (tls1_2 && haveRSA && haveAES128) {
     #endif
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
@@ -3446,7 +3640,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && haveDH && haveRSA) {
+    if (tls1_2 && haveDH && haveRSA && haveAES128) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256;
     }
@@ -3460,7 +3654,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && haveRSA && haveStaticRSA) {
+    if (tls1_2 && haveRSA && haveStaticRSA && haveAES128) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256;
     }
@@ -3474,7 +3668,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && haveECC && haveStaticECC) {
+    if (tls1_2 && haveECC && haveStaticECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
     }
@@ -3488,7 +3682,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && haveRSAsig && haveStaticECC) {
+    if (tls1_2 && haveRSAsig && haveStaticECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
     }
@@ -3502,7 +3696,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
-    if (tls1_2 && haveECC) {
+    if (tls1_2 && haveECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256;
     }
@@ -3516,7 +3710,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
-    if (tls1_2 && haveDH && haveAnon) {
+    if (tls1_2 && haveDH && haveAnon && haveAES128 && haveSHA1) {
       suites->suites[idx++] = CIPHER_BYTE;
       suites->suites[idx++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
     }
@@ -3530,7 +3724,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && haveDH && havePSK) {
+    if (tls1_2 && haveDH && havePSK && haveAES128) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256;
     }
@@ -3544,7 +3738,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
-    if (tls1_2 && havePSK) {
+    if (tls1_2 && havePSK && haveAES128) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256;
     }
@@ -3578,18 +3772,19 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 /* Place as higher priority for MYSQL */
 #if defined(WOLFSSL_MYSQL_COMPATIBLE)
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-    if (tls && haveDH && haveRSA) {
+    if (tls && haveDH && haveRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
     }
 #endif
-#endif
+#endif /* WOLFSSL_MYSQL_COMPATIBLE */
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
     #ifdef OPENSSL_EXTRA
-    if ((tls1_2 && haveRSA) || (tls1_2 && haveECDSAsig)) {
+    if ((tls1_2 && haveRSA && haveAES128) ||
+        (tls1_2 && haveECDSAsig && haveAES128)) {
     #else
-    if (tls1_2 && haveRSA) {
+    if (tls1_2 && haveRSA && haveAES128) {
     #endif
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
@@ -3597,21 +3792,21 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-    if (tls1_2 && haveECC) {
+    if (tls1_2 && haveECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
-    if (tls1_2 && haveRSAsig && haveStaticECC) {
+    if (tls1_2 && haveRSAsig && haveStaticECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
-    if (tls1_2 && haveECC && haveStaticECC) {
+    if (tls1_2 && haveECC && haveStaticECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
     }
@@ -3650,56 +3845,56 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-    if (tls && haveECC) {
+    if (tls && haveECC && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
-    if (tls && haveECC && haveStaticECC) {
+    if (tls && haveECC && haveStaticECC && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-    if (tls && haveECC) {
+    if (tls && haveECC && haveAES128 && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
-    if (tls && haveECC && haveStaticECC) {
+    if (tls && haveECC && haveStaticECC && haveAES128 && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
-    if (!dtls && tls && haveECC) {
+    if (!dtls && tls && haveECC && haveSHA1 && haveRC4) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
-    if (!dtls && tls && haveECC && haveStaticECC) {
+    if (!dtls && tls && haveECC && haveStaticECC && haveSHA1 && haveRC4) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-    if (tls && haveECC) {
+    if (tls && haveECC && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
-    if (tls && haveECC && haveStaticECC) {
+    if (tls && haveECC && haveStaticECC && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
     }
@@ -3707,9 +3902,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
     #ifdef OPENSSL_EXTRA
-    if ((tls && haveRSA) || (tls && haveECDSAsig)) {
+    if ((tls && haveRSA && haveSHA1) || (tls && haveECDSAsig && haveSHA1)) {
     #else
-    if (tls && haveRSA) {
+    if (tls && haveRSA && haveSHA1) {
     #endif
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
@@ -3717,7 +3912,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
-    if (tls && haveRSAsig && haveStaticECC) {
+    if (tls && haveRSAsig && haveStaticECC && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
     }
@@ -3725,9 +3920,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
     #ifdef OPENSSL_EXTRA
-    if ((tls && haveRSA) || (tls && haveECDSAsig)) {
+    if ((tls && haveRSA && haveAES128 && haveSHA1) ||
+        (tls && haveECDSAsig && haveAES128 && haveSHA1)) {
     #else
-    if (tls && haveRSA) {
+    if (tls && haveRSA && haveAES128 && haveSHA1) {
     #endif
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
@@ -3735,21 +3931,21 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
-    if (tls && haveRSAsig && haveStaticECC) {
+    if (tls && haveRSAsig && haveStaticECC && haveAES128 && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
-    if (!dtls && tls && haveRSA) {
+    if (!dtls && tls && haveRSA && haveSHA1 && haveRC4) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
-    if (!dtls && tls && haveRSAsig && haveStaticECC) {
+    if (!dtls && tls && haveRSAsig && haveStaticECC && haveSHA1 && haveRC4) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
     }
@@ -3757,9 +3953,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
     #ifdef OPENSSL_EXTRA
-    if ((tls && haveRSA) || (tls && haveECDSAsig)) {
+    if ((tls && haveRSA && haveSHA1) || (tls && haveECDSAsig && haveSHA1)) {
     #else
-    if (tls && haveRSA) {
+    if (tls && haveRSA && haveSHA1) {
     #endif
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA;
@@ -3767,21 +3963,21 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
-    if (tls && haveRSAsig && haveStaticECC) {
+    if (tls && haveRSAsig && haveStaticECC && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
-    if (tls1_2 && haveECC) {
+    if (tls1_2 && haveECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
-    if (tls1_2 && haveECC) {
+    if (tls1_2 && haveECC && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
     }
@@ -3795,7 +3991,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
-    if (tls1_2 && haveRSA && haveStaticRSA) {
+    if (tls1_2 && haveRSA && haveStaticRSA && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8;
     }
@@ -3818,39 +4014,39 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
-    if (tls1_2 && haveDH && haveRSA)
+    if (tls1_2 && haveDH && haveRSA && haveAES128)
 #else
-    if (tls && haveDH && haveRSA)
+    if (tls && haveDH && haveRSA && haveAES128)
 #endif
     {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */
 
 /* Place as higher priority for MYSQL testing */
 #if !defined(WOLFSSL_MYSQL_COMPATIBLE)
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-    if (tls && haveDH && haveRSA) {
+    if (tls && haveDH && haveRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
     }
 #endif
-#endif
+#endif /* !WOLFSSL_MYSQL_COMPATIBLE */
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-    if (tls && haveDH && haveRSA) {
+    if (tls && haveDH && haveRSA && haveAES128 && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-    if (tls && haveDH && haveRSA) {
+    if (tls && haveDH && haveRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA;
     }
@@ -3870,9 +4066,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
-    if (tls1_2 && haveRSA && haveStaticRSA)
+    if (tls1_2 && haveRSA && haveStaticRSA && haveAES128)
 #else
-    if (tls && haveRSA && haveStaticRSA)
+    if (tls && haveRSA && haveStaticRSA && haveAES128)
 #endif
     {
         suites->suites[idx++] = CIPHER_BYTE;
@@ -3881,14 +4077,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
-    if (tls && haveRSA && haveStaticRSA) {
+    if (tls && haveRSA && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
-    if (tls && haveRSA && haveStaticRSA) {
+    if (tls && haveRSA && haveStaticRSA && haveAES128 && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA;
     }
@@ -3922,10 +4118,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CHACHA_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
-    if (tls && haveECC && haveNull) {
+    if (tls && haveECC && haveNull && haveSHA1) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_NULL_SHA;
     }
@@ -3939,7 +4135,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
-    if (tls && haveRSA && haveNull && haveStaticRSA) {
+    if (tls && haveRSA && haveNull && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
     }
@@ -3955,10 +4151,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_RSA_WITH_NULL_SHA256 */
 
 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
-    if (tls && havePSK) {
+    if (tls && havePSK && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA;
     }
@@ -3974,7 +4170,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384;
     }
-#endif
+#endif /* BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */
 
 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
@@ -3986,25 +4182,25 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384;
     }
-#endif
+#endif /* BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 */
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
-    if (tls1_2 && haveDH && havePSK)
+    if (tls1_2 && haveDH && havePSK && haveAES128)
 #else
-    if (tls && haveDH && havePSK)
+    if (tls && haveDH && havePSK && haveAES128)
 #endif
     {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */
 
 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
-    if (tls1_2 && havePSK)
+    if (tls1_2 && havePSK && haveAES128)
 #else
-    if (tls1 && havePSK)
+    if (tls1 && havePSK && haveAES128)
 #endif
     {
         suites->suites[idx++] = CIPHER_BYTE;
@@ -4013,14 +4209,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
-    if (tls && havePSK) {
+    if (tls && havePSK && haveAES128 && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
-    if (tls && haveDH && havePSK) {
+    if (tls && haveDH && havePSK && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM;
     }
@@ -4043,7 +4239,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CHACHA_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_CHACHA20_POLY1305_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */
 
 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
@@ -4055,7 +4251,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CHACHA_BYTE;
         suites->suites[idx++] = TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
@@ -4067,34 +4263,34 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CHACHA_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */
 
 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
-    if (tls1_2 && havePSK)
+    if (tls1_2 && havePSK && haveAES128)
 #else
-    if (tls && havePSK)
+    if (tls && havePSK && haveAES128)
 #endif
     {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */
 
 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
-    if (tls1_2 && havePSK)
+    if (tls1_2 && havePSK && haveAES128)
 #else
-    if (tls && havePSK)
+    if (tls && havePSK && haveAES128)
 #endif
     {
         suites->suites[idx++] = ECDHE_PSK_BYTE;
         suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */
 
 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
-    if (tls && havePSK) {
+    if (tls && havePSK && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM;
     }
@@ -4108,7 +4304,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
-    if (tls && havePSK) {
+    if (tls && havePSK && haveAES128) {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8;
     }
@@ -4131,7 +4327,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384;
     }
-#endif
+#endif /* BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 */
 
 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
@@ -4143,7 +4339,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384;
     }
-#endif
+#endif /* BUILD_TLS_PSK_WITH_NULL_SHA384 */
 
 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
@@ -4155,7 +4351,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_PSK_WITH_NULL_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 */
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
@@ -4167,7 +4363,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 */
 
 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
@@ -4179,7 +4375,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_PSK_WITH_NULL_SHA256 */
 
 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
     if (tls && havePSK && haveNull) {
@@ -4189,49 +4385,49 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
-    if (!dtls && haveRSA && haveStaticRSA) {
+    if (!dtls && haveRSA && haveStaticRSA && haveSHA1 && haveRC4) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA;
     }
 #endif
 
 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
-    if (!dtls && haveRSA && haveStaticRSA) {
+    if (!dtls && haveRSA && haveStaticRSA && haveRC4) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5;
     }
 #endif
 
 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
-    if (haveRSA && haveStaticRSA) {
+    if (haveRSA && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
-    if (tls && haveRSA && haveStaticRSA) {
+    if (tls && haveRSA && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
-    if (tls && haveDH && haveRSA && haveStaticRSA) {
+    if (tls && haveDH && haveRSA && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
-    if (tls && haveRSA && haveStaticRSA) {
+    if (tls && haveRSA && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
-    if (tls && haveDH && haveRSA && haveStaticRSA) {
+    if (tls && haveDH && haveRSA && haveStaticRSA && haveSHA1) {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA;
     }
@@ -4247,7 +4443,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
@@ -4259,7 +4455,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
 
 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
@@ -4271,7 +4467,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
@@ -4283,7 +4479,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256;
     }
-#endif
+#endif /* BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
 
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3
     if (tls && haveECC) {
@@ -4291,12 +4487,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3;
     }
 #endif
+
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3
     if (tls && haveECC) {
         suites->suites[idx++] = SM_BYTE;
         suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3;
     }
 #endif
+
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3
     if (tls && haveECC) {
         suites->suites[idx++] = SM_BYTE;
@@ -4328,8 +4526,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     (void)haveRSAsig; /* non ecc builds won't read */
     (void)haveAnon;   /* anon ciphers optional */
     (void)haveNull;
-    (void)haveFalconSig;
-    (void)haveDilithiumSig;
 }
 
 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) || \
@@ -4387,14 +4583,11 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
             }
             break;
     #endif
-#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
-        case PQC_SA_MAJOR:
-            /* Hash performed as part of sign/verify operation.
-             * However, if we want a dual alg signature with a
-             * classic algorithm as alternative, we need an explicit
-             * hash algo here.
-             */
+    /* Hash performed as part of sign/verify operation.
+     * However, if we want a dual alg signature with a classic algorithm as
+     * alternative, we need an explicit hash algo here. */
     #ifdef HAVE_FALCON
+        case FALCON_SA_MAJOR:
             if (input[1] == FALCON_LEVEL1_SA_MINOR) {
                 *hsType = falcon_level1_sa_algo;
                 *hashAlgo = sha256_mac;
@@ -4403,8 +4596,10 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
                 *hsType = falcon_level5_sa_algo;
                 *hashAlgo = sha512_mac;
             }
+            break;
     #endif /* HAVE_FALCON */
     #ifdef HAVE_DILITHIUM
+        case DILITHIUM_SA_MAJOR:
             if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
                 *hsType = dilithium_level2_sa_algo;
                 *hashAlgo = sha256_mac;
@@ -4417,16 +4612,16 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
                 *hsType = dilithium_level5_sa_algo;
                 *hashAlgo = sha512_mac;
             }
-    #endif /* HAVE_DILITHIUM */
             break;
-#endif
+    #endif /* HAVE_DILITHIUM */
         default:
             *hashAlgo = input[0];
             *hsType   = input[1];
             break;
     }
 }
-#endif /* !NO_WOLFSSL_SERVER || !NO_CERTS */
+#endif /* !NO_WOLFSSL_SERVER || !NO_CERTS  ||
+        * ( !NO_WOLFSSL_CLIENT && (!NO_DH || HAVE_ECC) ) */
 
 #ifndef WOLFSSL_NO_TLS12
 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
@@ -4570,6 +4765,8 @@ void FreeX509(WOLFSSL_X509* x509)
         x509->authKeyId = NULL;
         XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
         x509->subjKeyId = NULL;
+        wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr);
+        x509->subjKeyIdStr = NULL;
         XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
         x509->authInfo = NULL;
         XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
@@ -4709,7 +4906,8 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
 }
 #endif
 
-#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_NO_CLIENT_AUTH)
+#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) && \
+    !defined(WOLFSSL_NO_CLIENT_AUTH)
 static void SetDigest(WOLFSSL* ssl, int hashAlgo)
 {
     switch (hashAlgo) {
@@ -4757,8 +4955,7 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo)
 #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
 #endif /* !NO_CERTS */
 
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-static word32 MacSize(const WOLFSSL* ssl)
+word32 MacSize(const WOLFSSL* ssl)
 {
 #ifdef HAVE_TRUNCATED_HMAC
     word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
@@ -4769,10 +4966,9 @@ static word32 MacSize(const WOLFSSL* ssl)
 
     return digestSz;
 }
-#endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */
 
 #ifndef NO_RSA
-#if !defined(WOLFSSL_NO_TLS12) || \
+#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) || \
     (defined(WC_RSA_PSS) && defined(HAVE_PK_CALLBACKS))
 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
 static int TypeHash(int hashAlgo)
@@ -4956,7 +5152,7 @@ int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo,
 #endif
 
 #if defined(WC_RSA_PSS)
-    if (sigAlgo == rsa_pss_sa_algo) {
+    if (sigAlgo == rsa_pss_sa_algo || sigAlgo == rsa_pss_pss_algo) {
         enum wc_HashType hashType = WC_HASH_TYPE_NONE;
         int mgf = 0;
 
@@ -5598,7 +5794,7 @@ int Sm2wSm3Verify(WOLFSSL* ssl, const byte* id, word32 idSz, const byte* sig,
     return ret;
 }
 
-#endif /* WOLFSSL_SM2 */
+#endif /* WOLFSSL_SM2 && WOLFSSL_SM3 */
 
 #ifdef HAVE_ED25519
 /* Check whether the key contains a public key.
@@ -5785,7 +5981,7 @@ int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg,
 }
 #endif /* HAVE_ED25519 */
 
-#ifndef WOLFSSL_NO_TLS12
+#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12)
 
 #ifdef HAVE_CURVE25519
 #ifdef HAVE_PK_CALLBACKS
@@ -5859,8 +6055,14 @@ static int X25519SharedSecret(WOLFSSL* ssl, curve25519_key* priv_key,
     else
 #endif
     {
-        ret = wc_curve25519_shared_secret_ex(priv_key, pub_key, out, outlen,
-                                             EC25519_LITTLE_ENDIAN);
+    #ifdef WOLFSSL_CURVE25519_BLINDING
+        ret = wc_curve25519_set_rng(priv_key, ssl->rng);
+        if (ret == 0)
+    #endif
+        {
+            ret = wc_curve25519_shared_secret_ex(priv_key, pub_key, out, outlen,
+                                                 EC25519_LITTLE_ENDIAN);
+        }
     }
 
     /* Handle async pending response */
@@ -5922,7 +6124,7 @@ static int X25519MakeKey(WOLFSSL* ssl, curve25519_key* key,
 }
 #endif /* HAVE_CURVE25519 */
 
-#endif /* !WOLFSSL_NO_TLS12 */
+#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */
 
 #ifdef HAVE_ED448
 /* Check whether the key contains a public key.
@@ -6437,19 +6639,19 @@ int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx)
 static void InitSuites_EitherSide(Suites* suites, ProtocolVersion pv, int keySz,
         word16 haveRSA, word16 havePSK, word16 haveDH, word16 haveECDSAsig,
         word16 haveECC, word16 haveStaticECC,
-        word16 haveFalconSig, word16 haveDilithiumSig, word16 haveAnon,
+        word16 haveAnon,
         int side)
 {
     /* make sure server has DH params, and add PSK if there */
     if (side == WOLFSSL_SERVER_END) {
         InitSuites(suites, pv, keySz, haveRSA, havePSK, haveDH, haveECDSAsig,
-                   haveECC, TRUE, haveStaticECC, haveFalconSig,
-                   haveDilithiumSig, haveAnon, TRUE, side);
+                   haveECC, TRUE, haveStaticECC,
+                   haveAnon, TRUE, TRUE, TRUE, TRUE, side);
     }
     else {
         InitSuites(suites, pv, keySz, haveRSA, havePSK, TRUE, haveECDSAsig,
-                   haveECC, TRUE, haveStaticECC, haveFalconSig,
-                   haveDilithiumSig, haveAnon, TRUE, side);
+                   haveECC, TRUE, haveStaticECC,
+                   haveAnon, TRUE, TRUE, TRUE, TRUE, side);
     }
 }
 
@@ -6473,7 +6675,7 @@ void InitSSL_CTX_Suites(WOLFSSL_CTX* ctx)
 #endif
     InitSuites_EitherSide(ctx->suites, ctx->method->version, keySz,
             haveRSA, havePSK, ctx->haveDH, ctx->haveECDSAsig, ctx->haveECC,
-            ctx->haveStaticECC, ctx->haveFalconSig, ctx->haveDilithiumSig,
+            ctx->haveStaticECC,
             haveAnon, ctx->method->side);
 }
 
@@ -6528,7 +6730,6 @@ int InitSSL_Suites(WOLFSSL* ssl)
         InitSuites_EitherSide(ssl->suites, ssl->version, keySz, haveRSA,
                 havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
                 ssl->options.haveECC, ssl->options.haveStaticECC,
-                ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
                 ssl->options.useAnon, ssl->options.side);
     }
 
@@ -6642,7 +6843,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #ifdef OPENSSL_EXTRA
     #ifdef WOLFSSL_TLS13
     if (ssl->version.minor == TLSv1_3_MINOR &&
-     (ssl->options.mask & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) {
+     (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) {
         if (!ctx->method->downgrade) {
             WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.3 set but not "
                         "allowed and downgrading disabled.");
@@ -6654,7 +6855,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     }
     #endif
     if (ssl->version.minor == TLSv1_2_MINOR &&
-     (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
+     (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2) {
         if (!ctx->method->downgrade) {
             WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.2 set but not "
                         "allowed and downgrading disabled.");
@@ -6665,7 +6866,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         ssl->version.minor = TLSv1_1_MINOR;
     }
     if (ssl->version.minor == TLSv1_1_MINOR &&
-     (ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
+     (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == WOLFSSL_OP_NO_TLSv1_1) {
         if (!ctx->method->downgrade) {
             WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.1 set but not "
                         "allowed and downgrading disabled.");
@@ -6677,7 +6878,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         ssl->version.minor = TLSv1_MINOR;
     }
     if (ssl->version.minor == TLSv1_MINOR &&
-        (ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
+        (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1) {
         if (!ctx->method->downgrade) {
             WOLFSSL_MSG("\tInconsistent protocol options. TLS 1 set but not "
                         "allowed and downgrading disabled.");
@@ -6690,7 +6891,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         ssl->version.minor = SSLv3_MINOR;
     }
     if (ssl->version.minor == SSLv3_MINOR &&
-        (ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
+        (ssl->options.mask & WOLFSSL_OP_NO_SSLv3) == WOLFSSL_OP_NO_SSLv3) {
         WOLFSSL_MSG("\tError, option set to not allow SSLv3");
         WOLFSSL_ERROR_VERBOSE(VERSION_ERROR);
         return VERSION_ERROR;
@@ -6720,8 +6921,8 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
      * then we possibly already have a side defined. Don't overwrite unless
      * the context has a well defined role. */
     if (newSSL || ctx->method->side != WOLFSSL_NEITHER_END)
-        ssl->options.side      = ctx->method->side;
-    ssl->options.downgrade    = ctx->method->downgrade;
+        ssl->options.side      = (word16)(ctx->method->side);
+    ssl->options.downgrade    = (word16)(ctx->method->downgrade);
     ssl->options.minDowngrade = ctx->minDowngrade;
 
     ssl->options.haveRSA          = ctx->haveRSA;
@@ -6733,7 +6934,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->options.haveDilithiumSig = ctx->haveDilithiumSig;
 
 #ifndef NO_PSK
-    ssl->options.havePSK       = ctx->havePSK;
+    ssl->options.havePSK       = (word16)(ctx->havePSK);
     ssl->options.client_psk_cb = ctx->client_psk_cb;
     ssl->options.server_psk_cb = ctx->server_psk_cb;
     ssl->options.psk_ctx       = ctx->psk_ctx;
@@ -6836,12 +7037,34 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
 #ifndef WOLFSSL_BLIND_PRIVATE_KEY
-    ssl->buffers.key      = ctx->privateKey;
-#else
+#ifdef WOLFSSL_COPY_KEY
     if (ctx->privateKey != NULL) {
-        AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+        if (ssl->buffers.key != NULL) {
+            FreeDer(&ssl->buffers.key);
+        }
+        ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
             ctx->privateKey->length, ctx->privateKey->type,
             ctx->privateKey->heap);
+        if (ret != 0) {
+            return ret;
+        }
+        ssl->buffers.weOwnKey = 1;
+        ret = WOLFSSL_SUCCESS;
+    }
+    else {
+        ssl->buffers.key      = ctx->privateKey;
+    }
+#else
+    ssl->buffers.key      = ctx->privateKey;
+#endif
+#else
+    if (ctx->privateKey != NULL) {
+        ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+            ctx->privateKey->length, ctx->privateKey->type,
+            ctx->privateKey->heap);
+        if (ret != 0) {
+            return ret;
+        }
         ssl->buffers.weOwnKey = 1;
         /* Blind the private key for the SSL with new random mask. */
         wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask);
@@ -6862,9 +7085,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->buffers.altKey   = ctx->altPrivateKey;
 #else
     if (ctx->altPrivateKey != NULL) {
-        AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
+        ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
             ctx->altPrivateKey->length, ctx->altPrivateKey->type,
             ctx->altPrivateKey->heap);
+        if (ret != 0) {
+            return ret;
+        }
         /* Blind the private key for the SSL with new random mask. */
         wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask);
         ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
@@ -6872,6 +7098,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         if (ret != 0) {
             return ret;
         }
+        ret = WOLFSSL_SUCCESS;
     }
 #endif
     ssl->buffers.altKeyType  = ctx->altPrivateKeyType;
@@ -6918,7 +7145,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         }
     }  /* writeDup check */
 
-    if (ctx->mask != 0 && wolfSSL_set_options(ssl, ctx->mask) == 0) {
+    if (ctx->mask != 0 && wolfSSL_set_options(ssl, (long)ctx->mask) == 0) {
         WOLFSSL_MSG("wolfSSL_set_options error");
         return BAD_FUNC_ARG;
     }
@@ -6941,12 +7168,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #endif
 #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
     /* Don't change recv callback if currently using BIO's */
-    if (ssl->CBIORecv != BioReceive)
+    if (ssl->CBIORecv != SslBioReceive)
 #endif
         ssl->CBIORecv = ctx->CBIORecv;
 #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
     /* Don't change send callback if currently using BIO's */
-    if (ssl->CBIOSend != BioSend)
+    if (ssl->CBIOSend != SslBioSend)
 #endif
         ssl->CBIOSend = ctx->CBIOSend;
     ssl->verifyDepth = ctx->verifyDepth;
@@ -7051,7 +7278,7 @@ void FreeHandshakeHashes(WOLFSSL* ssl)
          (defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3))) && \
         !defined(WOLFSSL_NO_CLIENT_AUTH)
         if (ssl->hsHashes->messages != NULL) {
-            ForceZero(ssl->hsHashes->messages, ssl->hsHashes->length);
+            ForceZero(ssl->hsHashes->messages, (word32)ssl->hsHashes->length);
             XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES);
             ssl->hsHashes->messages = NULL;
          }
@@ -7074,7 +7301,7 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source,
 
     /* save the original so we can put it back afterward */
     tmpHashes = ssl->hsHashes;
-    ssl->hsHashes = NULL;
+    ssl->hsHashes = *destination;
 
     ret = InitHandshakeHashes(ssl);
     if (ret != 0) {
@@ -7119,8 +7346,9 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source,
          (defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3))) && \
         !defined(WOLFSSL_NO_CLIENT_AUTH)
     if (ret == 0 && source->messages != NULL) {
-        (*destination)->messages = (byte*)XMALLOC(source->length, ssl->heap,
-            DYNAMIC_TYPE_HASHES);
+        (*destination)->messages = (byte*)XMALLOC((size_t)source->length,
+        ssl->heap,
+        (int)DYNAMIC_TYPE_HASHES);
         (*destination)->length = source->length;
         (*destination)->prevLen = source->prevLen;
 
@@ -7129,7 +7357,7 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source,
         }
         else {
             XMEMCPY((*destination)->messages, source->messages,
-                source->length);
+                (size_t)source->length);
         }
     }
     #endif
@@ -7235,7 +7463,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     wc_MemZero_Add("ServerFinished hash", &ssl->serverFinished,
         TLS_FINISHED_SZ_MAX);
 #endif
-#endif
+#endif /* WOLFSSL_CHECK_MEM_ZERO */
 
 #if defined(WOLFSSL_STATIC_MEMORY)
     if (ctx->heap != NULL) {
@@ -7358,6 +7586,15 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
     ssl->buffers.outputBuffer.bufferSize  = STATIC_BUFFER_LEN;
 
+#ifdef WOLFSSL_THREADED_CRYPT
+    {
+        int i;
+        for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
+            ssl->buffers.encrypt[i].avail = 1;
+        }
+    }
+#endif
+
 #ifdef KEEP_PEER_CERT
     InitX509(&ssl->peerCert, 0, ssl->heap);
 #endif
@@ -7382,7 +7619,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         !defined(HAVE_SELFTEST)
         ssl->options.dhDoKeyTest = 1;
     #endif
-#endif
+#endif /* !NO_DH */
 
 #ifdef WOLFSSL_DTLS
     #ifdef WOLFSSL_SCTP
@@ -7401,6 +7638,11 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->buffers.dtlsCtx.rfd            = -1;
     ssl->buffers.dtlsCtx.wfd            = -1;
 
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_InitRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        return BAD_MUTEX_E;
+#endif
+
     ssl->IOCB_ReadCtx  = &ssl->buffers.dtlsCtx;  /* prevent invalid pointer access if not */
     ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;  /* correctly set */
 #else
@@ -7421,7 +7663,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->IOCB_ReadCtx  = &ssl->rfd;  /* prevent invalid pointer access if not */
     ssl->IOCB_WriteCtx = &ssl->wfd;  /* correctly set */
 #endif
-#endif
+#endif /* WOLFSSL_DTLS */
 
 
 #ifndef WOLFSSL_AEAD_ONLY
@@ -7435,7 +7677,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         ssl->hmac = Renesas_cmn_TLS_hmac;
       #endif
     #endif
-#endif
+#endif /* WOLFSSL_AEAD_ONLY */
 
 #if defined(WOLFSSL_OPENVPN) && defined(HAVE_KEYING_MATERIAL)
     /* Save arrays by default for OpenVPN */
@@ -7476,7 +7718,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     #ifdef WOLFSSL_TLS13_MIDDLEBOX_COMPAT
         ssl->options.tls13MiddleBoxCompat = 1;
     #endif
-#endif
+#endif /* WOLFSSL_TLS13 */
 
 #ifdef HAVE_TLS_EXTENSIONS
 #ifdef HAVE_MAX_FRAGMENT
@@ -7512,6 +7754,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
     ssl->options.disallowEncThenMac = ctx->disallowEncThenMac;
 #endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
+    ssl->options.disableECH         = ctx->disableECH;
+#endif
 
     /* default alert state (none) */
     ssl->alert_history.last_rx.code  = -1;
@@ -7557,6 +7802,14 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
             return MEMORY_E;
         }
         XMEMSET(ssl->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
+
+        /* pass on PARAM flags value from ctx to ssl */
+        if (wolfSSL_X509_VERIFY_PARAM_set_flags(wolfSSL_get0_param(ssl),
+            (unsigned long)wolfSSL_X509_VERIFY_PARAM_get_flags(
+            wolfSSL_CTX_get0_param(ctx))) != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("ssl->param set flags error");
+            return WOLFSSL_FAILURE;
+        }
 #endif
 
         if (ctx->suites == NULL) {
@@ -7575,7 +7828,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     /* requires valid arrays and suites unless writeDup ing */
     if ((ret = SetSSL_CTX(ssl, ctx, writeDup)) != WOLFSSL_SUCCESS
 #ifdef WOLFSSL_NO_INIT_CTX_KEY
-        && ret != NO_PRIVATE_KEY
+        && ret != WC_NO_ERR_TRACE(NO_PRIVATE_KEY)
 #endif
         ) {
         WOLFSSL_MSG_EX("SetSSL_CTX failed. err = %d", ret);
@@ -7692,6 +7945,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->dtls13DecryptEpoch = &ssl->dtls13Epochs[0];
     ssl->options.dtls13SendMoreAcks = WOLFSSL_DTLS13_SEND_MOREACK_DEFAULT;
     ssl->dtls13Rtx.rtxRecordTailPtr = &ssl->dtls13Rtx.rtxRecords;
+
+#ifdef WOLFSSL_RW_THREADED
+    ret = wc_InitMutex(&ssl->dtls13Rtx.mutex);
+    if (ret < 0) {
+        return ret;
+    }
+#endif
 #endif /* WOLFSSL_DTLS13 */
 
 #ifdef WOLFSSL_QUIC
@@ -7719,6 +7979,14 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->sigSpec = ctx->sigSpec;
     ssl->sigSpecSz = ctx->sigSpecSz;
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
+#ifdef HAVE_OCSP
+#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+    ssl->response_idx = 0;
+#endif
+#endif
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    ssl->secLevel = ctx->secLevel;
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
     /* Returns 0 on success, not WOLFSSL_SUCCESS (1) */
     WOLFSSL_MSG_EX("InitSSL done. return 0 (success)");
     return 0;
@@ -7817,7 +8085,7 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
 int AllocKey(WOLFSSL* ssl, int type, void** pKey)
 {
     int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
-    int sz = 0;
+    size_t sz = 0;
 #ifdef HAVE_ECC
     ecc_key* eccKey;
 #endif /* HAVE_ECC */
@@ -8099,7 +8367,7 @@ void FreeKeyExchange(WOLFSSL* ssl)
     }
 
     /* Free handshake key */
-    FreeKey(ssl, ssl->hsType, &ssl->hsKey);
+    FreeKey(ssl, (int)ssl->hsType, &ssl->hsKey);
 #ifdef WOLFSSL_DUAL_ALG_CERTS
     FreeKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
@@ -8114,13 +8382,21 @@ void FreeKeyExchange(WOLFSSL* ssl)
 /* Free up all memory used by Suites structure from WOLFSSL */
 void FreeSuites(WOLFSSL* ssl)
 {
-#ifdef OPENSSL_ALL
+#ifdef OPENSSL_EXTRA
     if (ssl->suitesStack != NULL) {
         /* Enough to free stack structure since WOLFSSL_CIPHER
          * isn't allocated separately. */
         wolfSSL_sk_SSL_CIPHER_free(ssl->suitesStack);
         ssl->suitesStack = NULL;
     }
+    if (ssl->clSuitesStack != NULL) {
+        /* Enough to free stack structure since WOLFSSL_CIPHER
+         * isn't allocated separately. */
+        wolfSSL_sk_SSL_CIPHER_free(ssl->clSuitesStack);
+        ssl->clSuitesStack = NULL;
+    }
+    XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
+    ssl->clSuites = NULL;
 #endif
     XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
     ssl->suites = NULL;
@@ -8128,7 +8404,7 @@ void FreeSuites(WOLFSSL* ssl)
 
 
 /* In case holding SSL object in array and don't want to free actual ssl */
-void SSL_ResourceFree(WOLFSSL* ssl)
+void wolfSSL_ResourceFree(WOLFSSL* ssl)
 {
     /* Note: any resources used during the handshake should be released in the
      * function FreeHandshakeResources(). Be careful with the special cases
@@ -8162,6 +8438,13 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     }
     FreeSuites(ssl);
     FreeHandshakeHashes(ssl);
+#ifdef HAVE_ECH
+    /* try to free the ech hashes in case we errored out */
+    ssl->hsHashes = ssl->hsHashesEch;
+    FreeHandshakeHashes(ssl);
+    ssl->hsHashes = ssl->hsHashesEchInner;
+    FreeHandshakeHashes(ssl);
+#endif
     XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
 
     /* clear keys struct after session */
@@ -8175,9 +8458,6 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     if (ssl->options.useEch == 1) {
         FreeEchConfigs(ssl->echConfigs, ssl->heap);
         ssl->echConfigs = NULL;
-        /* free the ech specific hashes */
-        ssl->hsHashes = ssl->hsHashesEch;
-        FreeHandshakeHashes(ssl);
         ssl->options.useEch = 0;
     }
 #endif /* HAVE_ECH */
@@ -8213,10 +8493,31 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     XFREE(ssl->peerSceTsipEncRsaKeyIndex, ssl->heap, DYNAMIC_TYPE_RSA);
     Renesas_cmn_Cleanup(ssl);
 #endif
+#ifndef NO_TLS
     if (ssl->buffers.inputBuffer.dynamicFlag)
         ShrinkInputBuffer(ssl, FORCED_FREE);
     if (ssl->buffers.outputBuffer.dynamicFlag)
         ShrinkOutputBuffer(ssl);
+#endif
+#ifdef WOLFSSL_THREADED_CRYPT
+    {
+        int i;
+        for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
+            bufferStatic* buff = &ssl->buffers.encrypt[i].buffer;
+
+            ssl->buffers.encrypt[i].stop = 1;
+            FreeCiphersSide(&ssl->buffers.encrypt[i].encrypt, ssl->heap);
+            if (buff->dynamicFlag) {
+                XFREE(buff->buffer - buff->offset, ssl->heap,
+                    DYNAMIC_TYPE_OUT_BUFFER);
+                buff->buffer      = buff->staticBuffer;
+                buff->bufferSize  = STATIC_BUFFER_LEN;
+                buff->offset      = 0;
+                buff->dynamicFlag = 0;
+            }
+        }
+    }
+#endif
 #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
     if (ssl->buffers.tls13CookieSecret.buffer != NULL) {
         ForceZero(ssl->buffers.tls13CookieSecret.buffer,
@@ -8234,6 +8535,14 @@ void SSL_ResourceFree(WOLFSSL* ssl)
     }
     XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
     ssl->buffers.dtlsCtx.peer.sa = NULL;
+#ifdef WOLFSSL_RW_THREADED
+    wc_FreeRwLock(&ssl->buffers.dtlsCtx.peerLock);
+#endif
+#ifdef WOLFSSL_DTLS_CID
+    XFREE(ssl->buffers.dtlsCtx.pendingPeer.sa, ssl->heap,
+            DYNAMIC_TYPE_SOCKADDR);
+    ssl->buffers.dtlsCtx.pendingPeer.sa = NULL;
+#endif
 #ifndef NO_WOLFSSL_SERVER
     if (ssl->buffers.dtlsCookieSecret.buffer != NULL) {
         ForceZero(ssl->buffers.dtlsCookieSecret.buffer,
@@ -8387,6 +8696,13 @@ void SSL_ResourceFree(WOLFSSL* ssl)
 #ifdef OPENSSL_EXTRA
     XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
 #endif
+#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
+    if (ssl->ocspResp) {
+        XFREE(ssl->ocspResp, NULL, 0);
+        ssl->ocspResp = NULL;
+        ssl->ocspRespSz = 0;
+    }
+#endif /* defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
     while (ssl->certReqCtx != NULL) {
         CertReqCtx* curr = ssl->certReqCtx;
@@ -8459,6 +8775,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
      * isn't allocated separately. */
     wolfSSL_sk_CIPHER_free(ssl->supportedCiphers);
     wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL);
+    wolfSSL_sk_X509_pop_free(ssl->verifiedChain, NULL);
     #ifdef KEEP_OUR_CERT
     wolfSSL_sk_X509_pop_free(ssl->ourCertChain, NULL);
     #endif
@@ -8469,6 +8786,10 @@ void SSL_ResourceFree(WOLFSSL* ssl)
 #endif
 #ifdef WOLFSSL_DTLS13
     Dtls13FreeFsmResources(ssl);
+
+#ifdef WOLFSSL_RW_THREADED
+    wc_FreeMutex(&ssl->dtls13Rtx.mutex);
+#endif
 #endif /* WOLFSSL_DTLS13 */
 #ifdef WOLFSSL_QUIC
     wolfSSL_quic_free(ssl);
@@ -8513,9 +8834,11 @@ void FreeHandshakeResources(WOLFSSL* ssl)
     }
 #endif
 
+#ifndef NO_TLS
     /* input buffer */
     if (ssl->buffers.inputBuffer.dynamicFlag)
         ShrinkInputBuffer(ssl, NO_FORCED_FREE);
+#endif
 
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
     if (!ssl->options.tls1_3)
@@ -8588,6 +8911,10 @@ void FreeHandshakeResources(WOLFSSL* ssl)
         FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
         ssl->peerFalconKeyPresent = 0;
 #endif /* HAVE_FALCON */
+#if defined(HAVE_DILITHIUM)
+        FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM, (void**)&ssl->peerDilithiumKey);
+        ssl->peerDilithiumKeyPresent = 0;
+#endif /* HAVE_DILITHIUM */
     }
 
 #ifdef HAVE_ECC
@@ -8704,6 +9031,14 @@ void FreeHandshakeResources(WOLFSSL* ssl)
         * !WOLFSSL_POST_HANDSHAKE_AUTH */
 #endif /* HAVE_TLS_EXTENSIONS && !NO_TLS */
 
+#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
+    if (ssl->ocspResp != NULL) {
+        XFREE(ssl->ocspResp, NULL, 0);
+        ssl->ocspResp = NULL;
+        ssl->ocspRespSz = 0;
+    }
+#endif /* defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */
+
 #ifdef WOLFSSL_STATIC_MEMORY
     /* when done with handshake decrement current handshake count */
     if (ssl->heap != NULL) {
@@ -8741,7 +9076,7 @@ void FreeHandshakeResources(WOLFSSL* ssl)
 void FreeSSL(WOLFSSL* ssl, void* heap)
 {
     WOLFSSL_CTX* ctx = ssl->ctx;
-    SSL_ResourceFree(ssl);
+    wolfSSL_ResourceFree(ssl);
     XFREE(ssl, heap, DYNAMIC_TYPE_SSL);
     if (ctx)
         FreeSSL_Ctx(ctx); /* will decrement and free underlying CTX if 0 */
@@ -9146,7 +9481,7 @@ static void DtlsMsgAssembleCompleteMessage(DtlsMsg* msg)
      * alignment of char.
      */
     dtls = (DtlsHandShakeHeader*)(void *)((char *)msg->fragBucketList
-                                          + OFFSETOF(DtlsFragBucket,buf)
+                                          + WC_OFFSETOF(DtlsFragBucket,buf)
                                           - DTLS_HANDSHAKE_HEADER_SZ);
 
     msg->fragBucketList = NULL;
@@ -9565,7 +9900,7 @@ int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket)
 
                 WriteSEQ(ssl, epochOrder, dtls->sequence_number);
                 DtlsSEQIncrement(ssl, epochOrder);
-                if ((ret = CheckAvailableSize(ssl, pool->sz)) != 0) {
+                if ((ret = CheckAvailableSize(ssl, (int)pool->sz)) != 0) {
                     WOLFSSL_ERROR(ret);
                     return ret;
                 }
@@ -9966,6 +10301,8 @@ ProtocolVersion MakeDTLSv1_3(void)
      */
 #endif /* !NO_ASN_TIME */
 
+
+#ifndef NO_TLS
 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
                ((defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)) || \
                 (defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \
@@ -10036,10 +10373,10 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz)
 
 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
                           defined(WOLFSSL_ALLOW_TLS_SHA1))
-    wc_ShaUpdate(&ssl->hsHashes->hashSha, data, sz);
+    wc_ShaUpdate(&ssl->hsHashes->hashSha, data, (word32)(sz));
 #endif
 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
-    wc_Md5Update(&ssl->hsHashes->hashMd5, data, sz);
+    wc_Md5Update(&ssl->hsHashes->hashMd5, data, (word32)(sz));
 #endif
 
     if (IsAtLeastTLSv1_2(ssl)) {
@@ -10123,6 +10460,13 @@ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
             sz  -= dtls_record_extra;
 #endif /* WOLFSSL_DTLS13 */
         } else {
+#ifdef WOLFSSL_DTLS_CID
+            byte cidSz = DtlsGetCidTxSize(ssl);
+            if (IsEncryptionOn(ssl, 1) && cidSz > 0) {
+                adj += cidSz;
+                sz  -= cidSz + 1; /* +1 to not hash the real content type */
+            }
+#endif
             adj += DTLS_RECORD_EXTRA;
             sz  -= DTLS_RECORD_EXTRA;
         }
@@ -10163,7 +10507,8 @@ int HashInput(WOLFSSL* ssl, const byte* input, int sz)
 
 
 /* add record layer header for message */
-static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl, int epochOrder)
+static void AddRecordHeader(byte* output, word32 length, byte type,
+        WOLFSSL* ssl, int epochOrder)
 {
     RecordLayerHeader* rl;
 
@@ -10202,12 +10547,18 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl
     }
     else {
 #ifdef WOLFSSL_DTLS
-        DtlsRecordLayerHeader* dtls;
-
         /* dtls record layer header extensions */
-        dtls = (DtlsRecordLayerHeader*)output;
+        DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)output;
+#ifdef WOLFSSL_DTLS_CID
+        byte cidSz = 0;
+        if (type == dtls12_cid && (cidSz = DtlsGetCidTxSize(ssl)) > 0) {
+            wolfSSL_dtls_cid_get_tx(ssl, output + DTLS12_CID_OFFSET, cidSz);
+            c16toa((word16)length, output + DTLS12_CID_OFFSET + cidSz);
+        }
+        else
+#endif
+            c16toa((word16)length, dtls->length);
         WriteSEQ(ssl, epochOrder, dtls->sequence_number);
-        c16toa((word16)length, dtls->length);
 #endif
     }
 }
@@ -10309,6 +10660,8 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
     int maxFrag;
     int ret = 0;
     int headerSz;
+    int rHdrSz = 0; /* record header size */
+    int hsHdrSz = 0; /* handshake header size */
 
     WOLFSSL_ENTER("SendHandshakeMsg");
     (void)type;
@@ -10317,8 +10670,10 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
     if (ssl == NULL || input == NULL)
         return BAD_FUNC_ARG;
 #ifdef WOLFSSL_DTLS
-    if (ssl->options.dtls)
-        headerSz = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
+    if (ssl->options.dtls) {
+        rHdrSz = DTLS_RECORD_HEADER_SZ;
+        hsHdrSz = DTLS_HANDSHAKE_HEADER_SZ;
+    }
     else
 #endif
     {
@@ -10326,7 +10681,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
          * per fragment like in DTLS. The handshake header should
          * already be in the input buffer. */
         inputSz += HANDSHAKE_HEADER_SZ;
-        headerSz = RECORD_HEADER_SZ;
+        rHdrSz = RECORD_HEADER_SZ;
     }
     maxFrag = wolfSSL_GetMaxFragSize(ssl, (int)inputSz);
 
@@ -10341,7 +10696,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
     if (!ssl->options.buildingMsg) {
         /* Hash it before the loop as we modify the input with
          * encryption on */
-        ret = HashOutput(ssl, input, headerSz + (int)inputSz, 0);
+        ret = HashRaw(ssl, input + rHdrSz, (int)(inputSz) + hsHdrSz);
         if (ret != 0)
             return ret;
 #ifdef WOLFSSL_DTLS
@@ -10351,6 +10706,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
             ssl->keys.dtls_handshake_number--;
 #endif
     }
+    headerSz = rHdrSz + hsHdrSz;
     while (ssl->fragOffset < inputSz) {
         byte* output;
         int outputSz;
@@ -10363,7 +10719,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
             fragSz = inputSz - ssl->fragOffset;
 
         /* check for available size */
-        outputSz = headerSz + fragSz;
+        outputSz = headerSz + (int)fragSz;
         if (IsEncryptionOn(ssl, 1))
             outputSz += cipherExtraData(ssl);
         if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
@@ -10421,7 +10777,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
             }
 #endif
         }
-        ssl->buffers.outputBuffer.length += outputSz;
+        ssl->buffers.outputBuffer.length += (word32)outputSz;
 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
         if (ssl->hsInfoOn) {
             AddPacketName(ssl, packetName);
@@ -10471,14 +10827,14 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz)
 
     if (ssl->CBIORecv == NULL) {
         WOLFSSL_MSG("Your IO Recv callback is null, please set");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 retry:
     recvd = ssl->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);
     if (recvd < 0) {
         switch (recvd) {
-            case WOLFSSL_CBIO_ERR_GENERAL:        /* general/unknown error */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_GENERAL):
                 #ifdef WOLFSSL_APACHE_HTTPD
                 #ifndef NO_BIO
                     if (ssl->biord) {
@@ -10490,26 +10846,26 @@ retry:
                     }
                 #endif
                 #endif
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
 
-            case WOLFSSL_CBIO_ERR_WANT_READ:      /* want read, would block */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ):
                 if (retryLimit > 0 && ssl->ctx->autoRetry &&
                         !ssl->options.handShakeDone && !ssl->options.dtls) {
                     retryLimit--;
                     goto retry;
                 }
-                return WANT_READ;
+                return WC_NO_ERR_TRACE(WANT_READ);
 
-            case WOLFSSL_CBIO_ERR_CONN_RST:       /* connection reset */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_RST):
                 #ifdef USE_WINDOWS_API
                 if (ssl->options.dtls) {
                     goto retry;
                 }
                 #endif
                 ssl->options.connReset = 1;
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
 
-            case WOLFSSL_CBIO_ERR_ISR:            /* interrupt */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_ISR): /* interrupt */
                 /* see if we got our timeout */
                 #ifdef WOLFSSL_CALLBACKS
                     if (ssl->toInfoOn) {
@@ -10527,13 +10883,13 @@ retry:
                         }
                     }
                 #endif
-                goto retry;
+                return WOLFSSL_FATAL_ERROR;
 
-            case WOLFSSL_CBIO_ERR_CONN_CLOSE:     /* peer closed connection */
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE):
                 ssl->options.isClosed = 1;
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
 
-            case WOLFSSL_CBIO_ERR_TIMEOUT:
+            case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_TIMEOUT):
             #ifdef WOLFSSL_DTLS
 #ifdef WOLFSSL_DTLS13
                 if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
@@ -10541,7 +10897,7 @@ retry:
                     if (Dtls13RtxTimeout(ssl) < 0) {
                         WOLFSSL_MSG(
                             "Error trying to retransmit DTLS buffered message");
-                        return -1;
+                        return WOLFSSL_FATAL_ERROR;
                     }
                     goto retry;
                 }
@@ -10556,7 +10912,7 @@ retry:
                     goto retry;
                 }
             #endif
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
 
             default:
                 WOLFSSL_MSG("Unexpected recv return code");
@@ -10589,8 +10945,8 @@ void ShrinkOutputBuffer(WOLFSSL* ssl)
  * calls ShrinkInputBuffer itself when it is safe to do so. Don't overuse it. */
 void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
 {
-    int usedLength = ssl->buffers.inputBuffer.length -
-                     ssl->buffers.inputBuffer.idx;
+    int usedLength = (int)(ssl->buffers.inputBuffer.length -
+                     ssl->buffers.inputBuffer.idx);
     if (!forcedFree && (usedLength > STATIC_BUFFER_LEN ||
             ssl->buffers.clearOutputBuffer.length > 0))
         return;
@@ -10600,7 +10956,7 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
     if (!forcedFree && usedLength > 0) {
         XMEMCPY(ssl->buffers.inputBuffer.staticBuffer,
                ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
-               usedLength);
+               (size_t)(usedLength));
     }
 
     ForceZero(ssl->buffers.inputBuffer.buffer,
@@ -10649,19 +11005,19 @@ retry:
         if (sent < 0) {
             switch (sent) {
 
-                case WOLFSSL_CBIO_ERR_WANT_WRITE:        /* would block */
+                case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE):
                     if (retryLimit > 0 && ssl->ctx->autoRetry &&
                             !ssl->options.handShakeDone && !ssl->options.dtls) {
                         retryLimit--;
                         goto retry;
                     }
-                    return WANT_WRITE;
+                    return WC_NO_ERR_TRACE(WANT_WRITE);
 
-                case WOLFSSL_CBIO_ERR_CONN_RST:          /* connection reset */
+                case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_RST):
                     ssl->options.connReset = 1;
                     break;
 
-                case WOLFSSL_CBIO_ERR_ISR:               /* interrupt */
+                case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_ISR): /* interrupt */
                     /* see if we got our timeout */
                     #ifdef WOLFSSL_CALLBACKS
                         if (ssl->toInfoOn) {
@@ -10681,7 +11037,7 @@ retry:
                     #endif
                     continue;
 
-                case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */
+                case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE): /* epipe */
                     ssl->options.connReset = 1;  /* treat same as reset */
                     break;
 
@@ -10697,8 +11053,8 @@ retry:
             return SEND_OOB_READ_E;
         }
 
-        ssl->buffers.outputBuffer.idx += sent;
-        ssl->buffers.outputBuffer.length -= sent;
+        ssl->buffers.outputBuffer.idx += (word32)sent;
+        ssl->buffers.outputBuffer.length -= (word32)sent;
     }
 
     ssl->buffers.outputBuffer.idx = 0;
@@ -10709,6 +11065,69 @@ retry:
     return 0;
 }
 
+#ifdef WOLFSSL_THREADED_CRYPT
+static WC_INLINE int GrowAnOutputBuffer(WOLFSSL* ssl,
+    bufferStatic* outputBuffer, int size)
+{
+    byte* tmp;
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
+    byte  hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
+                                      RECORD_HEADER_SZ;
+    byte align = WOLFSSL_GENERAL_ALIGNMENT;
+#else
+    const byte align = WOLFSSL_GENERAL_ALIGNMENT;
+#endif
+
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
+    /* the encrypted data will be offset from the front of the buffer by
+       the header, if the user wants encrypted alignment they need
+       to define their alignment requirement */
+
+    while (align < hdrSz)
+        align *= 2;
+#endif
+
+    tmp = (byte*)XMALLOC(size + outputBuffer->length + align,
+                             ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
+    WOLFSSL_MSG("growing output buffer");
+
+    if (tmp == NULL)
+        return MEMORY_E;
+
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
+    if (align)
+        tmp += align - hdrSz;
+#endif
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    /* can be from IO memory pool which does not need copy if same buffer */
+    if (outputBuffer->length && tmp == outputBuffer->buffer) {
+        outputBuffer->bufferSize = size + outputBuffer->length;
+        return 0;
+    }
+#endif
+
+    if (outputBuffer->length)
+        XMEMCPY(tmp, outputBuffer->buffer, outputBuffer->length);
+
+    if (outputBuffer->dynamicFlag) {
+        XFREE(outputBuffer->buffer - outputBuffer->offset, ssl->heap,
+              DYNAMIC_TYPE_OUT_BUFFER);
+    }
+
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
+    if (align)
+        outputBuffer->offset = align - hdrSz;
+    else
+#endif
+        outputBuffer->offset = 0;
+
+    outputBuffer->buffer = tmp;
+    outputBuffer->dynamicFlag = 1;
+    outputBuffer->bufferSize = size + outputBuffer->length;
+    return 0;
+}
+#endif
 
 /* returns the current location in the output buffer to start writing to */
 byte* GetOutputBuffer(WOLFSSL* ssl)
@@ -10821,7 +11240,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
         return BAD_FUNC_ARG;
     }
 
-    tmp = (byte*)XMALLOC(size + usedLength + align,
+    tmp = (byte*)XMALLOC((size_t)(size + usedLength + align),
                              ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
     WOLFSSL_MSG("growing input buffer");
 
@@ -10845,7 +11264,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
 
     if (usedLength)
         XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
-                    ssl->buffers.inputBuffer.idx, usedLength);
+                    ssl->buffers.inputBuffer.idx, (size_t)(usedLength));
 
     if (ssl->buffers.inputBuffer.dynamicFlag) {
         if (IsEncryptionOn(ssl, 1)) {
@@ -10865,7 +11284,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
         ssl->buffers.inputBuffer.offset = 0;
 
     ssl->buffers.inputBuffer.buffer = tmp;
-    ssl->buffers.inputBuffer.bufferSize = size + usedLength;
+    ssl->buffers.inputBuffer.bufferSize = (word32)(size + usedLength);
     ssl->buffers.inputBuffer.idx    = 0;
     ssl->buffers.inputBuffer.length = (word32)usedLength;
 
@@ -11032,13 +11451,8 @@ int MsgCheckEncryption(WOLFSSL* ssl, byte type, byte encrypted)
 static WC_INLINE int isLastMsg(const WOLFSSL* ssl, word32 msgSz)
 {
     word32 extra = 0;
-    if (IsEncryptionOn(ssl, 0)) {
+    if (IsEncryptionOn(ssl, 0))
         extra = ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead)
-            extra += MacSize(ssl);
-#endif
-    }
     return (ssl->buffers.inputBuffer.idx - ssl->curStartIdx) + msgSz + extra
             == ssl->curSize;
 }
@@ -11259,6 +11673,11 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     if (ret != 0)
         return ret;
 
+    if (ssl->dtls13CurRlLength > sizeof(ssl->dtls13CurRL)) {
+        WOLFSSL_MSG("Record header too long");
+        return SEQUENCE_ERROR;
+    }
+
     if (readSize < ssl->dtls13CurRlLength + DTLS13_RN_MASK_SIZE) {
         /* when using DTLS over a medium that does not guarantee that a full
          * message is received in a single read, we may end up without the full
@@ -11311,6 +11730,9 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx,
 static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     RecordLayerHeader* rh, word16* size)
 {
+#ifdef WOLFSSL_DTLS_CID
+    byte cidSz = 0;
+#endif
 
 #ifdef HAVE_FUZZER
     if (ssl->fuzzerCb)
@@ -11328,8 +11750,8 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
         if (ssl->options.tls1_3) {
             ret = GetDtls13RecordHeader(ssl, inOutIdx, rh, size);
             if (ret == 0 ||
-                ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR) ||
-                ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR))
+                ((ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR)) &&
+                 (ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR))))
                 return ret;
         }
 
@@ -11364,6 +11786,11 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     *inOutIdx += ENUM_LEN + VERSION_SZ;
     ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, &ssl->keys.curEpoch);
 
+#ifdef WOLFSSL_DTLS_CID
+    if (rh->type == dtls12_cid && (cidSz = DtlsGetCidRxSize(ssl)) == 0)
+        return DTLS_CID_ERROR;
+#endif
+
 #ifdef WOLFSSL_DTLS13
     /* only non protected message can use the DTLSPlaintext record header */
     if (IsAtLeastTLSv1_3(ssl->version)) {
@@ -11395,6 +11822,20 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     ssl->keys.curSeq = w64From32(ssl->keys.curSeq_hi, ssl->keys.curSeq_lo);
 #endif /* WOLFSSL_DTLS13 */
 
+#ifdef WOLFSSL_DTLS_CID
+    if (rh->type == dtls12_cid) {
+        byte* ourCid = NULL;
+        if (ssl->buffers.inputBuffer.length - *inOutIdx <
+                (word32)cidSz + LENGTH_SZ)
+            return LENGTH_ERROR;
+        if (wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS)
+            return DTLS_CID_ERROR;
+        if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, ourCid, cidSz)
+                != 0)
+            return DTLS_CID_ERROR;
+        *inOutIdx += cidSz;
+    }
+#endif
     ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, size);
     *inOutIdx += LENGTH_SZ;
 
@@ -11442,8 +11883,12 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     /* DTLSv1.3 MUST check window after deprotecting to avoid timing channel
        (RFC9147 Section 4.5.1) */
     if (IsDtlsNotSctpMode(ssl) && !IsAtLeastTLSv1_3(ssl->version)) {
+        byte needsEnc = rh->type == application_data; /* can't be epoch 0 */
+#ifdef WOLFSSL_DTLS_CID
+        needsEnc = needsEnc || rh->type == dtls12_cid;
+#endif
         if (!_DtlsCheckWindow(ssl) ||
-                (rh->type == application_data && ssl->keys.curEpoch == 0) ||
+                (needsEnc && ssl->keys.curEpoch == 0) ||
                 (rh->type == alert && ssl->options.handShakeDone &&
                         ssl->keys.curEpoch == 0 && ssl->keys.dtls_epoch != 0)) {
             WOLFSSL_LEAVE("GetRecordHeader()", SEQUENCE_ERROR);
@@ -11500,7 +11945,7 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
                              (!ssl->options.dtls &&
                               rh->pvMinor < ssl->version.minor))
         #else
-                            rh->pvMinor < ssl->version.minor
+                            (rh->pvMinor < ssl->version.minor)
         #endif
                    )) {
             WOLFSSL_MSG("SSL version error");
@@ -11534,6 +11979,9 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
         case change_cipher_spec:
         case application_data:
         case alert:
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+        case dtls12_cid:
+#endif
 #ifdef WOLFSSL_DTLS13
         case ack:
 #endif /* WOLFSSL_DTLS13 */
@@ -11593,7 +12041,7 @@ int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
 {
     word32 idx = *inOutIdx;
 
-    *inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA;
+    *inOutIdx += DTLS_HANDSHAKE_HEADER_SZ;
     if (*inOutIdx > totalSz) {
         WOLFSSL_ERROR(BUFFER_E);
         return BUFFER_E;
@@ -11757,14 +12205,9 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
     if (ssl == NULL)
         return BAD_FUNC_ARG;
 
-#ifndef NO_TLS
     if (ssl->options.tls) {
         ret = BuildTlsFinished(ssl, hashes, sender);
     }
-#else
-    (void)hashes;
-    (void)sender;
-#endif
 #ifndef NO_OLD_TLS
     if (!ssl->options.tls) {
         ret = BuildMD5(ssl, hashes, sender);
@@ -11788,6 +12231,8 @@ int CipherRequires(byte first, byte second, int requirement)
 {
 
     (void)requirement;
+    (void)first;
+    (void)second;
 
 #ifndef WOLFSSL_NO_TLS12
 
@@ -12429,20 +12874,24 @@ int CipherRequires(byte first, byte second, int requirement)
 }
 
 #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
-
+#endif /* !NO_TLS */
 
 #ifndef NO_CERTS
 
-
 /* Match names with wildcards, each wildcard can represent a single name
    component or fragment but not multiple names, i.e.,
    *.z.com matches y.z.com but not x.y.z.com
 
+   If flags contains WOLFSSL_LEFT_MOST_WILDCARD_ONLY, wildcard only applies
+   to left-most name component, compatible with RFC 2830 identity checking.
+
    return 1 on success */
 int MatchDomainName(const char* pattern, int patternLen, const char* str,
-                    word32 strLen)
+                    word32 strLen, unsigned int flags)
 {
     int ret = 0;
+    byte wildcardEligible = 1;
+    byte leftWildcardOnly = flags & WOLFSSL_LEFT_MOST_WILDCARD_ONLY;
 
     if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0)
         return 0;
@@ -12455,11 +12904,16 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
 
         pattern++;
 
-        if (p == '*') {
+        if ((p == '*') && wildcardEligible) {
             char s;
             /* We will always match '*' */
             patternLen--;
 
+            /* Only single wildcard allowed with strict left only */
+            if (leftWildcardOnly) {
+                wildcardEligible = 0;
+            }
+
             /* Consume any extra '*' chars until the next non '*' char. */
             while (patternLen > 0) {
                 p = (char)XTOLOWER((unsigned char)*pattern);
@@ -12468,6 +12922,10 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
                     return 0;
                 if (p != '*')
                     break;
+                if (leftWildcardOnly && (p == '*')) {
+                    /* RFC2830 only allows single left-most wildcard */
+                    return 0;
+                }
 
                 patternLen--;
             }
@@ -12499,6 +12957,11 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
             }
         }
         else {
+            /* Past left-most wildcard location, not eligible if flag set*/
+            if (leftWildcardOnly && wildcardEligible) {
+                wildcardEligible = 0;
+            }
+
             /* Simple case, pattern match exactly */
             if (p != (char)XTOLOWER((unsigned char) *str))
                 return 0;
@@ -12530,7 +12993,7 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
  *          -1 : No matches and wild pattern match failed.
  */
 int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
-                     int* checkCN)
+                     int* checkCN, unsigned int flags)
 {
     int match = 0;
     DNS_entry* altName = NULL;
@@ -12561,7 +13024,7 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
             len = (word32)altName->len;
         }
 
-        if (MatchDomainName(buf, (int)len, domain, domainLen)) {
+        if (MatchDomainName(buf, (int)len, domain, domainLen, flags)) {
             match = 1;
             if (checkCN != NULL) {
                 *checkCN = 0;
@@ -12590,13 +13053,14 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
  * domainNameLen  The length of the domain name.
  * returns DOMAIN_NAME_MISMATCH when no match found and 0 on success.
  */
-int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen)
+int CheckHostName(DecodedCert* dCert, const char *domainName,
+                  size_t domainNameLen, unsigned int flags)
 {
     int checkCN;
     int ret = WC_NO_ERR_TRACE(DOMAIN_NAME_MISMATCH);
 
     if (CheckForAltNames(dCert, domainName, (word32)domainNameLen,
-                                            &checkCN) != 1) {
+                                            &checkCN, flags) != 1) {
         ret = DOMAIN_NAME_MISMATCH;
         WOLFSSL_MSG("DomainName match on alt names failed");
     }
@@ -12607,7 +13071,7 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL
 #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
     if (checkCN == 1) {
         if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
-                            domainName, (word32)domainNameLen) == 1) {
+                            domainName, (word32)domainNameLen, flags) == 1) {
             ret = 0;
         }
         else {
@@ -12624,7 +13088,7 @@ int CheckIPAddr(DecodedCert* dCert, const char* ipasc)
 {
     WOLFSSL_MSG("Checking IPAddr");
 
-    return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc));
+    return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc), 0);
 }
 
 
@@ -12644,6 +13108,45 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain,
 }
 #endif
 
+#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
+    defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(WOLFSSL_ACERT)
+    static int CopyAltNames(DNS_entry** to, DNS_entry* from, int type, void* heap)
+{
+    /* Copy from to the beginning of to */
+    DNS_entry** prev_next = to;
+    DNS_entry* next;
+
+    if (to == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    next = *to;
+
+    for (; from != NULL; from = from->next) {
+        DNS_entry* dnsEntry;
+
+        if (type != -1 && from->type != type)
+            continue;
+
+        dnsEntry = AltNameDup(from, heap);
+        if (dnsEntry == NULL) {
+            WOLFSSL_MSG("\tOut of Memory");
+            return MEMORY_E;
+        }
+
+        dnsEntry->next = next;
+        *prev_next = dnsEntry;
+        prev_next = &dnsEntry->next;
+    }
+
+    return 0;
+}
+#endif /* KEEP_PEER_CERT || SESSION_CERTS ||
+        * OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL ||
+        * WOLFSSL_ACERT */
+
+
 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
     defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
@@ -12678,38 +13181,6 @@ void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
     }
 }
 
-static int CopyAltNames(DNS_entry** to, DNS_entry* from, int type, void* heap)
-{
-    /* Copy from to the beginning of to */
-    DNS_entry** prev_next = to;
-    DNS_entry* next;
-
-    if (to == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    next = *to;
-
-    for (; from != NULL; from = from->next) {
-        DNS_entry* dnsEntry;
-
-        if (type != -1 && from->type != type)
-            continue;
-
-        dnsEntry = AltNameDup(from, heap);
-        if (dnsEntry == NULL) {
-            WOLFSSL_MSG("\tOut of Memory");
-            return MEMORY_E;
-        }
-
-        dnsEntry->next = next;
-        *prev_next = dnsEntry;
-        prev_next = &dnsEntry->next;
-    }
-
-    return 0;
-}
-
 #ifdef WOLFSSL_CERT_REQ
 static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
 {
@@ -12721,7 +13192,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
             x509->challengePw[dCert->cPwdLen] = '\0';
         #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN)
             if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_pkcs9_challengePassword,
+                                        WC_NID_pkcs9_challengePassword,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->cPwd,
                                         dCert->cPwdLen) != WOLFSSL_SUCCESS) {
@@ -12743,7 +13214,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
         }
     #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN)
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_pkcs9_contentType,
+                                        WC_NID_pkcs9_contentType,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->contentType,
                                         dCert->contentTypeLen) !=
@@ -12757,7 +13228,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN)
     if (dCert->sNum) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_serialNumber,
+                                        WC_NID_serialNumber,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->sNum,
                                         dCert->sNumLen) != WOLFSSL_SUCCESS) {
@@ -12767,7 +13238,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->unstructuredName) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_pkcs9_unstructuredName,
+                                        WC_NID_pkcs9_unstructuredName,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->unstructuredName,
                                         dCert->unstructuredNameLen)
@@ -12778,7 +13249,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->surname) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_surname,
+                                        WC_NID_surname,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->surname,
                                         dCert->surnameLen) != WOLFSSL_SUCCESS) {
@@ -12788,7 +13259,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->givenName) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_givenName,
+                                        WC_NID_givenName,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->givenName,
                                         dCert->givenNameLen) != WOLFSSL_SUCCESS) {
@@ -12798,7 +13269,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->dnQualifier) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_dnQualifier,
+                                        WC_NID_dnQualifier,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->dnQualifier,
                                         dCert->dnQualifierLen) != WOLFSSL_SUCCESS) {
@@ -12808,7 +13279,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     if (dCert->initials) {
         if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
-                                        NID_initials,
+                                        WC_NID_initials,
                                         MBSTRING_ASC,
                                         (const byte*)dCert->initials,
                                         dCert->initialsLen) != WOLFSSL_SUCCESS) {
@@ -13013,7 +13484,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
 
     x509->isCa = dCert->isCA;
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    x509->basicConstCrit = dCert->extBasicConstCrit;
     x509->pathLength = dCert->pathLength;
+    x509->pathLengthSet = dCert->pathLengthSet;
     x509->keyUsage = dCert->extKeyUsage;
 
     x509->CRLdistSet = dCert->extCRLdistSet;
@@ -13067,7 +13540,6 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
     }
     #endif
     x509->basicConstSet = dCert->extBasicConstSet;
-    x509->basicConstCrit = dCert->extBasicConstCrit;
     x509->basicConstPlSet = dCert->pathLengthSet;
     x509->subjAltNameSet = dCert->extSubjAltNameSet;
     x509->subjAltNameCrit = dCert->extSubjAltNameCrit;
@@ -13180,6 +13652,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
         if (x509->sapkiDer != NULL) {
             XMEMCPY(x509->sapkiDer, dCert->sapkiDer, dCert->sapkiLen);
             x509->sapkiLen = dCert->sapkiLen;
+            x509->sapkiCrit = dCert->extSapkiCrit;
         }
         else {
             ret = MEMORY_E;
@@ -13192,6 +13665,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
             XMEMCPY(x509->altSigAlgDer, dCert->altSigAlgDer,
                     dCert->altSigAlgLen);
             x509->altSigAlgLen = dCert->altSigAlgLen;
+            x509->altSigAlgCrit = dCert->extAltSigAlgCrit;
         }
         else {
             ret = MEMORY_E;
@@ -13204,6 +13678,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
             XMEMCPY(x509->altSigValDer, dCert->altSigValDer,
                     dCert->altSigValLen);
             x509->altSigValLen = dCert->altSigValLen;
+            x509->altSigValCrit = dCert->extAltSigValCrit;
         }
         else {
             ret = MEMORY_E;
@@ -13216,14 +13691,133 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
 
 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
 
-#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
-     (defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(WOLFSSL_NO_TLS12))
-static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
-                      word32 status_length)
+#if defined(WOLFSSL_ACERT)
+/* Copy a DecodedAcert structure to an X509_ACERT.
+ *
+ * @param [out]     x509        the dst X509 acert structure
+ * @param [in]      dAcert      the src decoded acert structure
+ *
+ * @return  0   on success
+ * @return  < 0 on error
+ * */
+int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, DecodedAcert* dAcert)
+{
+    int ret = 0;
+
+    if (x509 == NULL || dAcert == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Copy version and serial number. */
+    x509->version = dAcert->version + 1;
+
+    XMEMCPY(x509->serial, dAcert->serial, EXTERNAL_SERIAL_SIZE);
+    x509->serialSz = dAcert->serialSz;
+
+    if (dAcert->holderSerialSz > 0) {
+        /* This ACERT Holder field had a serial number. Copy it. */
+        XMEMCPY(x509->holderSerial, dAcert->holderSerial,
+                dAcert->holderSerialSz);
+        x509->holderSerialSz = dAcert->holderSerialSz;
+    }
+
+    /* Copy before and after dates. */
+    {
+        int minSz = 0;
+
+        if (dAcert->beforeDateLen > 0) {
+            minSz = (int)min(dAcert->beforeDate[1], MAX_DATE_SZ);
+            x509->notBefore.type = dAcert->beforeDate[0];
+            x509->notBefore.length = minSz;
+            XMEMCPY(x509->notBefore.data, &dAcert->beforeDate[2], minSz);
+        }
+        else {
+            x509->notBefore.length = 0;
+        }
+
+        if (dAcert->afterDateLen > 0) {
+            minSz = (int)min(dAcert->afterDate[1], MAX_DATE_SZ);
+            x509->notAfter.type = dAcert->afterDate[0];
+            x509->notAfter.length = minSz;
+            XMEMCPY(x509->notAfter.data, &dAcert->afterDate[2], minSz);
+        }
+        else {
+            x509->notAfter.length = 0;
+        }
+    }
+
+    /* Copy the signature. */
+    if (dAcert->signature != NULL && dAcert->sigLength != 0 &&
+            dAcert->sigLength <= MAX_ENCODED_SIG_SZ) {
+        x509->sig.buffer = (byte*)XMALLOC(
+                          dAcert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE);
+        if (x509->sig.buffer == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMCPY(x509->sig.buffer, dAcert->signature, dAcert->sigLength);
+            x509->sig.length = dAcert->sigLength;
+            x509->sigOID = (int)dAcert->signatureOID;
+        }
+    }
+
+    /* if der contains original source buffer then store for potential
+     * retrieval */
+    if (dAcert->source != NULL && dAcert->maxIdx > 0) {
+        if (AllocDer(&x509->derCert, dAcert->maxIdx, CERT_TYPE, x509->heap)
+                                                                         == 0) {
+            XMEMCPY(x509->derCert->buffer, dAcert->source, dAcert->maxIdx);
+        }
+        else {
+            ret = MEMORY_E;
+        }
+    }
+
+    /* Copy holder and att cert issuer names if present. */
+    if (CopyAltNames(&x509->holderIssuerName, dAcert->holderIssuerName,
+                ASN_DIR_TYPE, x509->heap) != 0) {
+        return MEMORY_E;
+    }
+
+    if (CopyAltNames(&x509->holderEntityName, dAcert->holderEntityName,
+                ASN_DIR_TYPE, x509->heap) != 0) {
+        return MEMORY_E;
+    }
+
+    if (CopyAltNames(&x509->AttCertIssuerName, dAcert->AttCertIssuerName,
+                ASN_DIR_TYPE, x509->heap) != 0) {
+        return MEMORY_E;
+    }
+
+    if (dAcert->rawAttr && dAcert->rawAttrLen > 0) {
+        /* Allocate space for the raw Attributes field, then copy it in. */
+        x509->rawAttr = (byte*)XMALLOC(dAcert->rawAttrLen, x509->heap,
+                                       DYNAMIC_TYPE_X509_EXT);
+        if (x509->rawAttr != NULL) {
+            XMEMCPY(x509->rawAttr, dAcert->rawAttr, dAcert->rawAttrLen);
+            x509->rawAttrLen = dAcert->rawAttrLen;
+        }
+        else {
+            ret = MEMORY_E;
+        }
+    }
+
+    return ret;
+}
+#endif /* WOLFSSL_ACERT */
+
+
+#if (defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
+     defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) && !defined(WOLFSSL_NO_TLS12)
+static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx,
+                      word32 status_length, int idx)
 {
     int ret = 0;
     OcspRequest* request;
-
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+    TLSX* ext =  TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
+    CertificateStatusRequest* csr;
+#endif
     #ifdef WOLFSSL_SMALL_STACK
         CertStatus* status;
         OcspEntry* single;
@@ -13235,14 +13829,24 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     #endif
 
     WOLFSSL_ENTER("ProcessCSR");
-
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+    if (ext) {
+        /* status request */
+        csr = (CertificateStatusRequest*)ext->data;
+        if (csr && !csr->ssl)
+            csr->ssl = ssl;
+    }
+#endif
     do {
         #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
             if (ssl->status_request) {
-                request = (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions);
+                request = (OcspRequest*)TLSX_CSR_GetRequest_ex(ssl->extensions,
+                                idx);
                 ssl->status_request = 0;
                 break;
             }
+        #else
+            (void)idx;
         #endif
 
         #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
@@ -13262,24 +13866,31 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     #ifdef WOLFSSL_SMALL_STACK
         status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
-                                                    DYNAMIC_TYPE_OCSP_STATUS);
+                                      DYNAMIC_TYPE_OCSP_STATUS);
         single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), ssl->heap,
-                                                    DYNAMIC_TYPE_OCSP_ENTRY);
+                                     DYNAMIC_TYPE_OCSP_ENTRY);
         response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
-                                                    DYNAMIC_TYPE_OCSP_REQUEST);
+                                          DYNAMIC_TYPE_OCSP_REQUEST);
 
         if (status == NULL || single == NULL || response == NULL) {
-            XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
-            XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
-            XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+            if (status != NULL) {
+                XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
+            }
+            if (single != NULL) {
+                XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
+            }
+            if (response != NULL) {
+                XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+            }
 
             return MEMORY_ERROR;
         }
     #endif
 
+    /* InitOcspResponse sets single and status to response struct. */
     InitOcspResponse(response, single, status, input +*inOutIdx, status_length, ssl->heap);
 
-    if (OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0) != 0)
+    if (OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0, 0) != 0)
         ret = BAD_CERTIFICATE_STATUS_ERROR;
     else if (CompareOcspReqResp(request, response) != 0)
         ret = BAD_CERTIFICATE_STATUS_ERROR;
@@ -13297,17 +13908,25 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     *inOutIdx += status_length;
 
+    /* FreeOcspResponse frees status and single only if
+     * single->isDynamic is set. */
     FreeOcspResponse(response);
 
     #ifdef WOLFSSL_SMALL_STACK
-        XFREE(status,   ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
-        XFREE(single,   ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
-        XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+    XFREE(status,   ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
+    XFREE(single,   ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY);
+    XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
     #endif
 
     WOLFSSL_LEAVE("ProcessCSR", ret);
     return ret;
 }
+
+static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
+                      word32 status_length)
+{
+    return ProcessCSR_ex(ssl, input, inOutIdx, status_length, 0);
+}
 #endif
 
 
@@ -13385,7 +14004,6 @@ int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx)
 
 #endif /* HAVE_PK_CALLBACKS */
 
-
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
 void DoCertFatalAlert(WOLFSSL* ssl, int ret)
 {
@@ -13428,12 +14046,15 @@ void DoCertFatalAlert(WOLFSSL* ssl, int ret)
         }
     }
 
+#ifndef NO_TLS
     /* send fatal alert and mark connection closed */
     SendAlert(ssl, alert_fatal, alertWhy); /* try to send */
+#else
+    (void)alertWhy;
+#endif
     ssl->options.isClosed = 1;
 }
 
-
 int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt,
         WOLFSSL* ssl, WOLFSSL_CERT_MANAGER* cm, ProcPeerCertArgs* args,
         int cert_err, void* heap, int* x509Free)
@@ -13461,7 +14082,7 @@ int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt,
         if (subjectCNLen > ASN_NAME_MAX-1)
             subjectCNLen = ASN_NAME_MAX-1;
         if (subjectCNLen > 0) {
-            XMEMCPY(domain, args->dCert->subjectCN, subjectCNLen);
+            XMEMCPY(domain, args->dCert->subjectCN, (size_t)(subjectCNLen));
             domain[subjectCNLen] = '\0';
         }
     }
@@ -13645,7 +14266,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int cert_err,
             /* If altNames names is present, then subject common name is ignored */
             if (args->dCert->altNames != NULL) {
                 if (CheckForAltNames(args->dCert, ssl->param->hostName,
-                    (word32)XSTRLEN(ssl->param->hostName), NULL) != 1) {
+                    (word32)XSTRLEN(ssl->param->hostName), NULL, 0) != 1) {
                     if (cert_err == 0) {
                         ret = DOMAIN_NAME_MISMATCH;
                         WOLFSSL_ERROR_VERBOSE(ret);
@@ -13659,7 +14280,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int cert_err,
                             args->dCert->subjectCN,
                             args->dCert->subjectCNLen,
                             ssl->param->hostName,
-                            (word32)XSTRLEN(ssl->param->hostName)) == 0) {
+                            (word32)XSTRLEN(ssl->param->hostName), 0) == 0) {
                         if (cert_err == 0) {
                             ret = DOMAIN_NAME_MISMATCH;
                             WOLFSSL_ERROR_VERBOSE(ret);
@@ -14028,7 +14649,8 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
                         ph->hash_value = hash;
                         ph->last_suffix = suffix;
 
-                        ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph);
+                        ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph) > 0
+                                ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
                     }
                 }
                 wc_UnLockMutex(&lookup->dirs->lock);
@@ -14328,6 +14950,7 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
             break;
     #endif /* HAVE_FALCON */
     #if defined(HAVE_DILITHIUM)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2k:
             if (ssl->options.minDilithiumKeySz < 0 ||
                 DILITHIUM_LEVEL2_KEY_SIZE
@@ -14352,6 +14975,31 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
                 ret = DILITHIUM_KEY_SIZE_E;
             }
             break;
+        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+        case ML_DSA_LEVEL2k:
+            if (ssl->options.minDilithiumKeySz < 0 ||
+                ML_DSA_LEVEL2_KEY_SIZE
+                < (word16)ssl->options.minDilithiumKeySz) {
+                WOLFSSL_MSG("Dilithium key size in cert chain error");
+                ret = DILITHIUM_KEY_SIZE_E;
+            }
+            break;
+        case ML_DSA_LEVEL3k:
+            if (ssl->options.minDilithiumKeySz < 0 ||
+                ML_DSA_LEVEL3_KEY_SIZE
+                < (word16)ssl->options.minDilithiumKeySz) {
+                WOLFSSL_MSG( "Dilithium key size in cert chain error");
+                ret = DILITHIUM_KEY_SIZE_E;
+            }
+            break;
+        case ML_DSA_LEVEL5k:
+            if (ssl->options.minDilithiumKeySz < 0 ||
+                ML_DSA_LEVEL5_KEY_SIZE
+                < (word16)ssl->options.minDilithiumKeySz) {
+                WOLFSSL_MSG("Dilithium key size in cert chain error");
+                ret = DILITHIUM_KEY_SIZE_E;
+            }
+            break;
     #endif /* HAVE_DILITHIUM */
         default:
             WOLFSSL_MSG("Key size not checked");
@@ -14363,6 +15011,52 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
     return ret;
 }
 
+#if defined(HAVE_OCSP) && defined(WOLFSSL_TLS13) \
+        && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+static int ProcessPeerCertsChainOCSPStatusCheck(WOLFSSL* ssl)
+{
+    int ret = 0;
+    word32 i;
+    word32 idx = 0;
+    TLSX* ext =  TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
+    CertificateStatusRequest* csr;
+
+    if (ext) {
+        csr = (CertificateStatusRequest*)ext->data;
+        if (csr == NULL) {
+            return 0;
+        }
+    } else
+        return 0;
+
+    /* error when leaf cert doesn't have certificate status */
+    if (csr->requests < 1 || csr->responses[0].length == 0) {
+        WOLFSSL_MSG("Leaf cert doesn't have certificate status.");
+        return BAD_CERTIFICATE_STATUS_ERROR;
+    }
+
+    for (i = 0; i < csr->requests; i++) {
+        if (csr->responses[i].length != 0) {
+            ssl->status_request = 1;
+            idx = 0;
+            ret = ProcessCSR_ex(ssl,
+                    csr->responses[i].buffer,
+                    &idx, csr->responses[i].length, i);
+            if (ret < 0) {
+                WOLFSSL_ERROR_VERBOSE(ret);
+                break;
+            }
+        }
+        else {
+            WOLFSSL_MSG("Intermediate cert doesn't have certificate status.");
+        }
+    }
+
+    return ret;
+}
+
+#endif
+
 #ifdef HAVE_CRL
 static int ProcessPeerCertsChainCRLCheck(WOLFSSL* ssl, ProcPeerCertArgs* args)
 {
@@ -14388,6 +15082,25 @@ static int ProcessPeerCertsChainCRLCheck(WOLFSSL* ssl, ProcPeerCertArgs* args)
 }
 #endif
 
+#ifdef OPENSSL_EXTRA
+/* account for verify params flag set */
+static int AdjustCMForParams(WOLFSSL* ssl)
+{
+    int flags;
+    WOLFSSL_X509_VERIFY_PARAM* param;
+
+    param = wolfSSL_get0_param(ssl);
+    flags = wolfSSL_X509_VERIFY_PARAM_get_flags(param);
+
+    /* For now there is a possible contradiction of PARAM flags and store flags.
+     * Do not disable CRL support if it has already been enabled with store. */
+    if (flags == 0) {
+        return WOLFSSL_SUCCESS;
+    }
+    return wolfSSL_X509_STORE_set_flags(SSL_STORE(ssl), flags);
+}
+#endif
+
 int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                      word32 totalSz)
 {
@@ -14430,7 +15143,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     if (ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
         /* Re-entry after non-blocking OCSP */
     #ifdef WOLFSSL_ASYNC_CRYPT
-        /* if async operationg not pending, reset error code */
+        /* if async operations not pending, reset error code */
         if (ret == WC_NO_ERR_TRACE(WC_NO_PENDING_E))
             ret = 0;
     #endif
@@ -14456,6 +15169,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     #endif
     }
 
+#ifdef OPENSSL_EXTRA
+    /* account for verify params flag set */
+    if (AdjustCMForParams(ssl) != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("Issue with updating store flags from PARAMS set");
+        ERROR_OUT(WOLFSSL_FAILURE, exit_ppc);
+    }
+#endif
+
     switch (ssl->options.asyncState)
     {
         case TLS_ASYNC_BEGIN:
@@ -14645,8 +15366,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     args->idx += extSz;
                     listSz -= extSz + OPAQUE16_LEN;
                     WOLFSSL_MSG_EX("\tParsing %d bytes of cert extensions",
-                            args->exts[args->totalCerts].length);
+                        args->exts[args->totalCerts].length);
                     #if !defined(NO_TLS)
+                    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+                    ssl->response_idx = args->totalCerts;
+                    #endif
                     ret = TLSX_Parse(ssl, args->exts[args->totalCerts].buffer,
                         (word16)args->exts[args->totalCerts].length,
                         certificate, NULL);
@@ -14841,6 +15565,19 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         }
                         else /* skips OCSP and force CRL check */
                     #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
+                    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+                        if (IsAtLeastTLSv1_3(ssl->version) &&
+                            ssl->options.side == WOLFSSL_CLIENT_END &&
+                            ssl->status_request) {
+                            /* We check CSR in Certificate message sent from
+                             * Server. Server side will check client
+                             * certificates by traditional OCSP if enabled
+                             */
+                            ret = TLSX_CSR_InitRequest_ex(ssl->extensions,
+                                    args->dCert, ssl->heap, args->certIdx);
+                        }
+                        else
+                    #endif
                         if (SSL_CM(ssl)->ocspEnabled &&
                                             SSL_CM(ssl)->ocspCheckAll) {
                             WOLFSSL_MSG("Doing Non Leaf OCSP check");
@@ -15244,7 +15981,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         WOLFSSL_MSG(
                             "\tCallback override available, will continue");
                         /* check if fatal error */
-                        args->fatal = (args->verifyErr) ? 1 : 0;
+                        args->fatal = (args->verifyErr) ? (word16)(1)
+                                                        : (word16)(0);
                         if (args->fatal)
                             DoCertFatalAlert(ssl, ret);
                     }
@@ -15321,24 +16059,17 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     if (ssl->options.side == WOLFSSL_CLIENT_END) {
                 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
                         if (ssl->status_request) {
-                            args->fatal = (TLSX_CSR_InitRequest(ssl->extensions,
-                                                args->dCert, ssl->heap) != 0);
+                            args->fatal = (TLSX_CSR_InitRequest_ex(
+                                                ssl->extensions, args->dCert,
+                                                ssl->heap, args->certIdx) != 0);
                             doLookup = 0;
                             WOLFSSL_MSG("\tHave status request");
                         #if defined(WOLFSSL_TLS13)
                             if (ssl->options.tls1_3) {
-                                TLSX* ext = TLSX_Find(ssl->extensions,
-                                                           TLSX_STATUS_REQUEST);
-                                if (ext != NULL) {
-                                    word32 idx = 0;
-                                    CertificateStatusRequest* csr =
-                                           (CertificateStatusRequest*)ext->data;
-                                    ret = ProcessCSR(ssl, csr->response.buffer,
-                                                    &idx, csr->response.length);
-                                    if (ret < 0) {
-                                        WOLFSSL_ERROR_VERBOSE(ret);
-                                        goto exit_ppc;
-                                    }
+                                ret = ProcessPeerCertsChainOCSPStatusCheck(ssl);
+                                if (ret < 0) {
+                                    WOLFSSL_ERROR_VERBOSE(ret);
+                                    goto exit_ppc;
                                 }
                             }
                         #endif
@@ -15378,9 +16109,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                             if (ssl->peerVerifyRet == 0) {
                                 /* Return first cert error here */
                                 ssl->peerVerifyRet =
-                                        ret == OCSP_CERT_REVOKED
-                                            ? WOLFSSL_X509_V_ERR_CERT_REVOKED
-                                            : WOLFSSL_X509_V_ERR_CERT_REJECTED;
+                                    ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED)
+                                    ? WOLFSSL_X509_V_ERR_CERT_REVOKED
+                                    : WOLFSSL_X509_V_ERR_CERT_REJECTED;
                             }
                         #endif
                         }
@@ -15409,7 +16140,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                             if (ssl->peerVerifyRet == 0) {
                                 /* Return first cert error here */
                                 ssl->peerVerifyRet =
-                                        ret == CRL_CERT_REVOKED
+                                        ret == WC_NO_ERR_TRACE(CRL_CERT_REVOKED)
                                             ? WOLFSSL_X509_V_ERR_CERT_REVOKED
                                             : WOLFSSL_X509_V_ERR_CERT_REJECTED;
                             }
@@ -15548,7 +16279,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 (ssl->buffers.domainName.buffer == NULL ? 0 :
                                 (word32)XSTRLEN(
                                 (const char *)ssl->buffers.domainName.buffer)),
-                                NULL) != 1) {
+                                NULL, 0) != 1) {
                             WOLFSSL_MSG("DomainName match on alt names failed");
                             /* try to get peer key still */
                             ret = DOMAIN_NAME_MISMATCH;
@@ -15563,7 +16294,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 (ssl->buffers.domainName.buffer == NULL ? 0 :
                                 (word32)XSTRLEN(
                                 (const char *)ssl->buffers.domainName.buffer)
-                                )) == 0)
+                                ), 0) == 0)
                         {
                             WOLFSSL_MSG("DomainName match on common name failed");
                             ret = DOMAIN_NAME_MISMATCH;
@@ -15576,14 +16307,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 args->dCert->subjectCNLen,
                                 (char*)ssl->buffers.domainName.buffer,
                                 (ssl->buffers.domainName.buffer == NULL ? 0 :
-                                (word32)XSTRLEN(ssl->buffers.domainName.buffer))) == 0)
+                                (word32)XSTRLEN(ssl->buffers.domainName.buffer)), 0) == 0)
                     {
                         WOLFSSL_MSG("DomainName match on common name failed");
                         if (CheckForAltNames(args->dCert,
                                  (char*)ssl->buffers.domainName.buffer,
                                  (ssl->buffers.domainName.buffer == NULL ? 0 :
                                  (word32)XSTRLEN(ssl->buffers.domainName.buffer)),
-                                 NULL) != 1) {
+                                 NULL, 0) != 1) {
                             WOLFSSL_MSG(
                                 "DomainName match on alt names failed too");
                             /* try to get peer key still */
@@ -15925,9 +16656,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 #endif /* HAVE_FALCON */
                 #if defined(HAVE_DILITHIUM) && \
                     !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+                    case ML_DSA_LEVEL2k:
+                    case ML_DSA_LEVEL3k:
+                    case ML_DSA_LEVEL5k:
+                    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                     case DILITHIUM_LEVEL2k:
                     case DILITHIUM_LEVEL3k:
                     case DILITHIUM_LEVEL5k:
+                    #endif
                     {
                         int keyRet = 0;
                         if (ssl->peerDilithiumKey == NULL) {
@@ -15941,18 +16677,32 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         }
 
                         if (keyRet == 0) {
-                            if (args->dCert->keyOID == DILITHIUM_LEVEL2k) {
+                            if (args->dCert->keyOID == ML_DSA_LEVEL2k) {
                                 keyRet = wc_dilithium_set_level(
-                                             ssl->peerDilithiumKey, 2);
+                                             ssl->peerDilithiumKey, WC_ML_DSA_44);
+                            }
+                            else if (args->dCert->keyOID == ML_DSA_LEVEL3k) {
+                                keyRet = wc_dilithium_set_level(
+                                             ssl->peerDilithiumKey, WC_ML_DSA_65);
+                            }
+                            else if (args->dCert->keyOID == ML_DSA_LEVEL5k) {
+                                keyRet = wc_dilithium_set_level(
+                                             ssl->peerDilithiumKey, WC_ML_DSA_87);
+                            }
+                            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+                            else if (args->dCert->keyOID == DILITHIUM_LEVEL2k) {
+                                keyRet = wc_dilithium_set_level(
+                                             ssl->peerDilithiumKey, WC_ML_DSA_44_DRAFT);
                             }
                             else if (args->dCert->keyOID == DILITHIUM_LEVEL3k) {
                                 keyRet = wc_dilithium_set_level(
-                                             ssl->peerDilithiumKey, 3);
+                                             ssl->peerDilithiumKey, WC_ML_DSA_65_DRAFT);
                             }
                             else if (args->dCert->keyOID == DILITHIUM_LEVEL5k) {
                                 keyRet = wc_dilithium_set_level(
-                                             ssl->peerDilithiumKey, 5);
+                                             ssl->peerDilithiumKey, WC_ML_DSA_87_DRAFT);
                             }
+                            #endif
                         }
 
                         if (keyRet != 0 ||
@@ -16053,13 +16803,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 ssl->options.serverState = SERVER_CERT_COMPLETE;
             }
 
-            if (IsEncryptionOn(ssl, 0)) {
+            if (IsEncryptionOn(ssl, 0))
                 args->idx += ssl->keys.padSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                if (ssl->options.startedETMRead)
-                    args->idx += MacSize(ssl);
-            #endif
-            }
 
             /* Advance state and proceed */
             ssl->options.asyncState = TLS_ASYNC_END;
@@ -16115,7 +16860,7 @@ exit_ppc:
 }
 #endif
 
-#ifndef WOLFSSL_NO_TLS12
+#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12)
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
 
 /* handle processing of certificate (11) */
@@ -16252,7 +16997,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                      status_length, ssl->heap);
                     response->pendingCAs = pendingCAs;
                     if ((OcspResponseDecode(response, SSL_CM(ssl), ssl->heap,
-                                                                        0) != 0)
+                            0, 0) != 0)
                     ||  (response->responseStatus != OCSP_SUCCESSFUL)
                     ||  (response->single->status->status != CERT_GOOD))
                         ret = BAD_CERTIFICATE_STATUS_ERROR;
@@ -16319,20 +17064,9 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     }
 
     if (IsEncryptionOn(ssl, 0)) {
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead) {
-            word32 digestSz = MacSize(ssl);
-            if (*inOutIdx + ssl->keys.padSz + digestSz > size)
-                return BUFFER_E;
-            *inOutIdx += ssl->keys.padSz + digestSz;
-        }
-        else
-    #endif
-        {
-            if (*inOutIdx + ssl->keys.padSz > size)
-                return BUFFER_E;
-            *inOutIdx += ssl->keys.padSz;
-        }
+        if (*inOutIdx + ssl->keys.padSz > size)
+            return BUFFER_E;
+        *inOutIdx += ssl->keys.padSz;
     }
 
     WOLFSSL_LEAVE("DoCertificateStatus", ret);
@@ -16343,11 +17077,11 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
 #endif
 
-#endif /* !WOLFSSL_NO_TLS12 */
+#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */
 
 #endif /* !NO_CERTS */
 
-#ifndef WOLFSSL_NO_TLS12
+#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12)
 
 static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                                                     word32 size, word32 totalSz)
@@ -16363,24 +17097,12 @@ static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     if (IsEncryptionOn(ssl, 0)) {
         /* If size == totalSz then we are in DtlsMsgDrain so no need to worry
          * about padding */
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead) {
-            word32 digestSz = MacSize(ssl);
-            if (size != totalSz &&
-                    *inOutIdx + ssl->keys.padSz + digestSz > totalSz)
-                return BUFFER_E;
-            *inOutIdx += ssl->keys.padSz + digestSz;
-        }
-        else
-    #endif
-        {
-            /* access beyond input + size should be checked against totalSz */
-            if (size != totalSz &&
-                    *inOutIdx + ssl->keys.padSz > totalSz)
-                return BUFFER_E;
+        /* access beyond input + size should be checked against totalSz */
+        if (size != totalSz &&
+                *inOutIdx + ssl->keys.padSz > totalSz)
+            return BUFFER_E;
 
-            *inOutIdx += ssl->keys.padSz;
-        }
+        *inOutIdx += ssl->keys.padSz;
     }
 
     if (ssl->options.side == WOLFSSL_SERVER_END) {
@@ -16417,17 +17139,8 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
      * If size == totalSz then we are in DtlsMsgDrain so no need to worry about
      * padding */
     if (size != totalSz) {
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead) {
-            if (*inOutIdx + size + ssl->keys.padSz + MacSize(ssl) > totalSz)
-                return BUFFER_E;
-        }
-        else
-    #endif
-        {
-            if (*inOutIdx + size + ssl->keys.padSz > totalSz)
-                return BUFFER_E;
-        }
+        if (*inOutIdx + size + ssl->keys.padSz > totalSz)
+            return BUFFER_E;
     }
 
     #ifdef WOLFSSL_CALLBACKS
@@ -16470,21 +17183,17 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
 
     /* force input exhaustion at ProcessReply consuming padSz */
     *inOutIdx += size + ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    if (ssl->options.startedETMRead)
-        *inOutIdx += MacSize(ssl);
-#endif
 
     if (ssl->options.side == WOLFSSL_CLIENT_END) {
         ssl->options.serverState = SERVER_FINISHED_COMPLETE;
 #ifdef OPENSSL_EXTRA
-        ssl->cbmode = SSL_CB_MODE_WRITE;
+        ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
         ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
 #endif
         if (!ssl->options.resuming) {
 #ifdef OPENSSL_EXTRA
             if (ssl->CBIS != NULL) {
-                ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
+                ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
             }
 #endif
             ssl->options.handShakeState = HANDSHAKE_DONE;
@@ -16497,13 +17206,13 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
     else {
         ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
 #ifdef OPENSSL_EXTRA
-        ssl->cbmode = SSL_CB_MODE_READ;
+        ssl->cbmode = WOLFSSL_CB_MODE_READ;
         ssl->options.serverState = SERVER_FINISHED_COMPLETE;
 #endif
         if (ssl->options.resuming) {
 #ifdef OPENSSL_EXTRA
             if (ssl->CBIS != NULL) {
-                ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
+                ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
             }
 #endif
             ssl->options.handShakeState = HANDSHAKE_DONE;
@@ -16981,7 +17690,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
                     }
                 #endif
             }
-#endif
+#endif /* !NO_WOLFSSL_SERVER */
             if (ssl->options.dtls)
                 ssl->msgsReceived.got_change_cipher = 1;
             break;
@@ -16995,7 +17704,6 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
     return 0;
 }
 
-
 int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                           byte type, word32 size, word32 totalSz)
 {
@@ -17020,10 +17728,6 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     expectedIdx = *inOutIdx + size +
                   (ssl->keys.encryptionOn ? ssl->keys.padSz : 0);
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    if (ssl->options.startedETMRead && ssl->keys.encryptionOn)
-        expectedIdx += MacSize(ssl);
-#endif
 
 #if !defined(NO_WOLFSSL_SERVER) && \
     defined(HAVE_SECURE_RENEGOTIATION) && \
@@ -17106,10 +17810,10 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     /* hello_request not hashed */
     if (type != hello_request
     #ifdef WOLFSSL_ASYNC_CRYPT
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     #ifdef WOLFSSL_NONBLOCK_OCSP
-            && ssl->error != OCSP_WANT_READ
+            && ssl->error != WC_NO_ERR_TRACE(OCSP_WANT_READ)
     #endif
     ) {
         ret = HashInput(ssl, input + *inOutIdx, (int)size);
@@ -17126,6 +17830,18 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         case certificate_request:
         case server_hello_done:
             if (ssl->options.resuming) {
+                /* Client requested resumption, but server is doing a
+                 * full handshake */
+
+                /* The server's decision to resume isn't known until after the
+                 * "server_hello". If subsequent handshake messages like
+                 * "certificate" or "server_key_exchange" are received then we
+                 * are doing a full handshake */
+
+                /* If the server included a session id then we
+                 * treat this as a fatal error, since the server said it was
+                 * doing resumption, but did not. */
+
                 /* https://www.rfc-editor.org/rfc/rfc5077.html#section-3.4
                  *   Alternatively, the client MAY include an empty Session ID
                  *   in the ClientHello.  In this case, the client ignores the
@@ -17134,7 +17850,7 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                  *   messages.
                  */
 #ifndef WOLFSSL_WPAS
-                if (ssl->session->sessionIDSz != 0) {
+                if (ssl->arrays->sessionIDSz != 0) {
                     /* Fatal error. Only try to send an alert. RFC 5246 does not
                      * allow for reverting back to a full handshake after the
                      * server has indicated the intention to do a resumption. */
@@ -17156,9 +17872,9 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
 #ifdef OPENSSL_EXTRA
     if (ssl->CBIS != NULL){
-        ssl->cbmode = SSL_CB_MODE_READ;
+        ssl->cbmode = WOLFSSL_CB_MODE_READ;
         ssl->cbtype = type;
-        ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
+        ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
     }
 #endif
 
@@ -17174,23 +17890,12 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         WOLFSSL_MSG("processing hello verify request");
         ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size);
         if (IsEncryptionOn(ssl, 0)) {
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead) {
-                word32 digestSz = MacSize(ssl);
-                if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz)
-                    return BUFFER_E;
-                *inOutIdx += ssl->keys.padSz + digestSz;
-            }
-            else
-        #endif
-            {
-                /* access beyond input + size should be checked against totalSz
-                 */
-                if (*inOutIdx + ssl->keys.padSz > totalSz)
-                    return BUFFER_E;
+            /* access beyond input + size should be checked against totalSz
+             */
+            if (*inOutIdx + ssl->keys.padSz > totalSz)
+                return BUFFER_E;
 
-                *inOutIdx += ssl->keys.padSz;
-            }
+            *inOutIdx += ssl->keys.padSz;
         }
         break;
 
@@ -17263,13 +17968,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             AddLateName("ServerHelloDone", &ssl->timeoutInfo);
     #endif
         ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
-        if (IsEncryptionOn(ssl, 0)) {
+        if (IsEncryptionOn(ssl, 0))
             *inOutIdx += ssl->keys.padSz;
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead)
-                *inOutIdx += MacSize(ssl);
-        #endif
-        }
         break;
 
     case finished:
@@ -17304,24 +18004,12 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         /* If size == totalSz then we are in DtlsMsgDrain so no need to worry
          * about padding */
         if (IsEncryptionOn(ssl, 0)) {
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead) {
-                word32 digestSz = MacSize(ssl);
-                if (size != totalSz &&
-                        *inOutIdx + ssl->keys.padSz + digestSz > totalSz)
-                    return BUFFER_E;
-                *inOutIdx += ssl->keys.padSz + digestSz;
-            }
-            else
-        #endif
-            {
-                /* access beyond input + size should be checked against totalSz
-                 */
-                if (size != totalSz &&
-                        *inOutIdx + ssl->keys.padSz > totalSz)
-                    return BUFFER_E;
-                *inOutIdx += ssl->keys.padSz;
-            }
+            /* access beyond input + size should be checked against totalSz
+             */
+            if (size != totalSz &&
+                    *inOutIdx + ssl->keys.padSz > totalSz)
+                return BUFFER_E;
+            *inOutIdx += ssl->keys.padSz;
         }
         break;
 
@@ -17528,8 +18216,7 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     WOLFSSL_LEAVE("DoHandShakeMsg()", ret);
     return ret;
 }
-
-#endif /* !WOLFSSL_NO_TLS12 */
+#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */
 
 #ifdef WOLFSSL_EXTRA_ALERTS
 int SendFatalAlertOnly(WOLFSSL *ssl, int error)
@@ -18184,22 +18871,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                          input + *inOutIdx, size, type,
                          fragOffset, fragSz, ssl->heap);
             *inOutIdx += fragSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
-                word32 digestSz = MacSize(ssl);
-                if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) {
-                    WOLFSSL_ERROR(BUFFER_E);
-                    return BUFFER_E;
-                }
-                *inOutIdx += digestSz;
-            }
-            else
-            #endif
-            {
-                if (*inOutIdx + ssl->keys.padSz > totalSz) {
-                    WOLFSSL_ERROR(BUFFER_E);
-                    return BUFFER_E;
-                }
+            if (*inOutIdx + ssl->keys.padSz > totalSz) {
+                WOLFSSL_ERROR(BUFFER_E);
+                return BUFFER_E;
             }
             *inOutIdx += ssl->keys.padSz;
             ret = 0;
@@ -18240,22 +18914,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         /* Already saw this message and processed it. It can be ignored. */
         WOLFSSL_MSG("Already saw this message and processed it");
         *inOutIdx += fragSz;
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
-            word32 digestSz = MacSize(ssl);
-            if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) {
-                WOLFSSL_ERROR(BUFFER_E);
-                return BUFFER_E;
-            }
-            *inOutIdx += digestSz;
-        }
-        else
-        #endif
-        {
-            if (*inOutIdx + ssl->keys.padSz > totalSz) {
-                WOLFSSL_ERROR(BUFFER_E);
-                return BUFFER_E;
-            }
+        if (*inOutIdx + ssl->keys.padSz > totalSz) {
+            WOLFSSL_ERROR(BUFFER_E);
+            return BUFFER_E;
         }
         #ifndef WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT
         if (IsDtlsNotSctpMode(ssl) &&
@@ -18288,17 +18949,11 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                      input + *inOutIdx, size, type,
                      fragOffset, fragSz, ssl->heap);
         *inOutIdx += fragSz;
-        *inOutIdx += ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
-            word32 digestSz = MacSize(ssl);
-            if (*inOutIdx + digestSz > totalSz) {
-                WOLFSSL_ERROR(BUFFER_E);
-                return BUFFER_E;
-            }
-            *inOutIdx += digestSz;
+        if (*inOutIdx + ssl->keys.padSz > totalSz) {
+            WOLFSSL_ERROR(BUFFER_E);
+            return BUFFER_E;
         }
-#endif
+        *inOutIdx += ssl->keys.padSz;
         ret = 0;
         if (ssl->dtls_rx_msg_list != NULL && ssl->dtls_rx_msg_list->ready)
             ret = DtlsMsgDrain(ssl);
@@ -18318,14 +18973,6 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             if (idx + fragSz + ssl->keys.padSz > totalSz)
                 return BUFFER_E;
             *inOutIdx = idx + fragSz + ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) {
-                word32 digestSz = MacSize(ssl);
-                if (*inOutIdx + digestSz > totalSz)
-                    return BUFFER_E;
-                *inOutIdx += digestSz;
-            }
-#endif
             /* In async mode always store the message and process it with
              * DtlsMsgDrain because in case of a WC_PENDING_E it will be
              * easier this way. */
@@ -18362,6 +19009,7 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 }
 #endif /* WOLFSSL_DTLS13 */
 
+#ifndef NO_TLS
 #ifndef WOLFSSL_NO_TLS12
 
 #ifdef HAVE_AEAD
@@ -18382,8 +19030,8 @@ static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl)
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD)
 /* Used for the older version of creating AEAD tags with Poly1305 */
-static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
-                       byte* cipher, word16 sz, byte* tag)
+static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, int additionalSz,
+        const byte* out, byte* cipher, word16 sz, byte* tag)
 {
     int ret       = 0;
     int msglen    = (sz - ssl->specs.aead_mac_size);
@@ -18401,12 +19049,12 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
         return ret;
 
     if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional,
-                   AEAD_AUTH_DATA_SZ)) != 0)
+            additionalSz)) != 0)
         return ret;
 
     /* length of additional input plus padding */
     XMEMSET(padding, 0, sizeof(padding));
-    padding[0] = AEAD_AUTH_DATA_SZ;
+    padding[0] = additionalSz;
     if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding,
                     sizeof(padding))) != 0)
         return ret;
@@ -18449,19 +19097,21 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
  * Return 0 on success negative values in error case
  */
 int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
-                              word16 sz)
+                              word16 sz, byte type)
 {
-    const byte* additionalSrc = input - RECORD_HEADER_SZ;
     int ret       = 0;
     word32 msgLen = (sz - ssl->specs.aead_mac_size);
     byte tag[POLY1305_AUTH_SZ];
     byte add[AEAD_AUTH_DATA_SZ];
+    int  addSz = 0;
     byte nonce[CHACHA20_NONCE_SZ];
     byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
     #ifdef CHACHA_AEAD_TEST
         int i;
     #endif
     Keys* keys = &ssl->keys;
+    byte* seq = NULL;
+    int verifyOrder = CUR_ORDER;
 
     XMEMSET(tag,   0, sizeof(tag));
     XMEMSET(nonce, 0, sizeof(nonce));
@@ -18479,36 +19129,22 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
     /* opaque SEQ number stored for AD */
     if (ssl->options.dtls && DtlsSCRKeysSet(ssl)) {
         if (ssl->keys.dtls_epoch ==
-                    ssl->secure_renegotiation->tmp_keys.dtls_epoch) {
+                    ssl->secure_renegotiation->tmp_keys.dtls_epoch)
             keys = &ssl->secure_renegotiation->tmp_keys;
-            WriteSEQ(ssl, CUR_ORDER, add);
-        }
         else
-            WriteSEQ(ssl, PREV_ORDER, add);
+            verifyOrder = PREV_ORDER;
     }
-    else
 #endif
-        WriteSEQ(ssl, CUR_ORDER, add);
+
+    addSz = writeAeadAuthData(ssl, msgLen, type, add, 0, &seq, verifyOrder);
+    if (addSz < 0)
+        return addSz;
 
     if (ssl->options.oldPoly != 0) {
         /* get nonce. SEQ should not be incremented again here */
-        XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2);
+        XMEMCPY(nonce + CHACHA20_OLD_OFFSET, seq, SEQ_SZ);
     }
 
-    /* Store the type, version. Unfortunately, they are in
-     * the input buffer ahead of the plaintext. */
-    #ifdef WOLFSSL_DTLS
-        if (ssl->options.dtls) {
-            additionalSrc -= DTLS_HANDSHAKE_EXTRA;
-        }
-    #endif
-
-    /* add TLS message size to additional data */
-    add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
-    add[AEAD_AUTH_DATA_SZ - 1] =  msgLen       & 0xff;
-
-    XMEMCPY(add + AEAD_TYPE_OFFSET, additionalSrc, 3);
-
     #ifdef CHACHA_AEAD_TEST
         printf("Encrypt Additional : ");
         for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
@@ -18527,15 +19163,8 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
     if (ssl->options.oldPoly == 0) {
         /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
          * record sequence number XORed with client_write_IV/server_write_IV */
-        XMEMCPY(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
-        nonce[4]  ^= add[0];
-        nonce[5]  ^= add[1];
-        nonce[6]  ^= add[2];
-        nonce[7]  ^= add[3];
-        nonce[8]  ^= add[4];
-        nonce[9]  ^= add[5];
-        nonce[10] ^= add[6];
-        nonce[11] ^= add[7];
+        XMEMCPY(nonce + CHACHA20_OFFSET, seq, SEQ_SZ);
+        xorbuf(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
     }
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Add("ChachaAEADEncrypt nonce", nonce, CHACHA20_NONCE_SZ);
@@ -18590,7 +19219,7 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
 
     /* get the poly1305 tag using either old padding scheme or more recent */
     if (ssl->options.oldPoly != 0) {
-        if ((ret = Poly1305TagOld(ssl, add, (const byte* )out,
+        if ((ret = Poly1305TagOld(ssl, add, addSz, (const byte* )out,
                                                          poly, sz, tag)) != 0) {
             ForceZero(poly, sizeof(poly));
         #ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -18608,8 +19237,8 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
         #endif
             return ret;
         }
-        if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
-                            sizeof(add), out, msgLen, tag, sizeof(tag))) != 0) {
+        if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, addSz, out, msgLen,
+                tag, sizeof(tag))) != 0) {
             ForceZero(poly, sizeof(poly));
         #ifdef WOLFSSL_CHECK_MEM_ZERO
             wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE);
@@ -18665,12 +19294,14 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
                            word16 sz)
 {
     byte add[AEAD_AUTH_DATA_SZ];
+    int  addSz = 0;
     byte nonce[CHACHA20_NONCE_SZ];
     byte tag[POLY1305_AUTH_SZ];
     byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
     int ret    = 0;
     int msgLen = (sz - ssl->specs.aead_mac_size);
     Keys* keys = &ssl->keys;
+    byte* seq = NULL;
 
     #ifdef CHACHA_AEAD_TEST
        int i;
@@ -18699,24 +19330,16 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
         keys = &ssl->secure_renegotiation->tmp_keys;
 #endif
 
-    /* sequence number field is 64-bits */
-    WriteSEQ(ssl, PEER_ORDER, add);
+
+    addSz = writeAeadAuthData(ssl, msgLen, no_type, add, 1, &seq, PEER_ORDER);
+    if (addSz < 0)
+        return addSz;
 
     if (ssl->options.oldPoly != 0) {
         /* get nonce, SEQ should not be incremented again here */
-        XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2);
+        XMEMCPY(nonce + CHACHA20_OLD_OFFSET, seq, SEQ_SZ);
     }
 
-    /* get AD info */
-    /* Store the type, version. */
-    add[AEAD_TYPE_OFFSET] = ssl->curRL.type;
-    add[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
-    add[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
-
-    /* add TLS message size to additional data */
-    add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
-    add[AEAD_AUTH_DATA_SZ - 1] =  msgLen       & 0xff;
-
     #ifdef CHACHA_AEAD_TEST
         printf("Decrypt Additional : ");
         for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
@@ -18728,15 +19351,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
     if (ssl->options.oldPoly == 0) {
         /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
          * record sequence number XORed with client_write_IV/server_write_IV */
-        XMEMCPY(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
-        nonce[4]  ^= add[0];
-        nonce[5]  ^= add[1];
-        nonce[6]  ^= add[2];
-        nonce[7]  ^= add[3];
-        nonce[8]  ^= add[4];
-        nonce[9]  ^= add[5];
-        nonce[10] ^= add[6];
-        nonce[11] ^= add[7];
+        XMEMCPY(nonce + CHACHA20_OFFSET, seq, SEQ_SZ);
+        xorbuf(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
     }
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Add("ChachaAEADEncrypt nonce", nonce, CHACHA20_NONCE_SZ);
@@ -18781,7 +19397,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
 
     /* get the tag using Poly1305 */
     if (ssl->options.oldPoly != 0) {
-        if ((ret = Poly1305TagOld(ssl, add, input, poly, sz, tag)) != 0) {
+        if ((ret = Poly1305TagOld(ssl, add, addSz, input, poly, sz, tag))
+                != 0) {
             ForceZero(poly, sizeof(poly));
         #ifdef WOLFSSL_CHECK_MEM_ZERO
             wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE);
@@ -18798,8 +19415,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
         #endif
             return ret;
         }
-        if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
-                          sizeof(add), input, (word32)msgLen, tag, sizeof(tag))) != 0) {
+        if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, addSz, input,
+                (word32)msgLen, tag, sizeof(tag))) != 0) {
             ForceZero(poly, sizeof(poly));
         #ifdef WOLFSSL_CHECK_MEM_ZERO
             wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE);
@@ -18883,9 +19500,74 @@ typedef int (*Sm4AuthDecryptFunc)(wc_Sm4* sm4, byte* out, const byte* in,
 
 #endif
 
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+#define TLS_AEAD_CID_SZ(s, dec) \
+                ((dec) ? DtlsGetCidRxSize((s)) \
+                       : DtlsGetCidTxSize((s)))
+#define TLS_AEAD_CID(s, dec, b, c) \
+                ((dec) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \
+                       : wolfSSL_dtls_cid_get_tx((s), (b), (c)))
+#endif
+/**
+ *
+ * @param ssl           WOLFSSL object
+ * @param sz            Length of fragment
+ * @param type          Record content type
+ * @param additional    AAD output buffer. Assumed AEAD_AUTH_DATA_SZ length.
+ * @param dec           Are we decrypting
+ * @return >= 0         length of auth data
+ *         < 0          error
+ */
+int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type,
+        byte* additional, byte dec, byte** seq, int verifyOrder)
+{
+    word32 idx = 0;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    byte cidSz = 0;
+    if (ssl->options.dtls && (cidSz = TLS_AEAD_CID_SZ(ssl, dec)) > 0) {
+        if (cidSz > DTLS_CID_MAX_SIZE) {
+            WOLFSSL_MSG("DTLS CID too large");
+            return DTLS_CID_ERROR;
+        }
+
+        XMEMSET(additional + idx, 0xFF, SEQ_SZ);
+        idx += SEQ_SZ;
+        additional[idx++] = dtls12_cid;
+        additional[idx++] = cidSz;
+        additional[idx++] = dtls12_cid;
+        additional[idx++] = dec ? ssl->curRL.pvMajor : ssl->version.major;
+        additional[idx++] = dec ? ssl->curRL.pvMinor : ssl->version.minor;
+        WriteSEQ(ssl, verifyOrder, additional + idx);
+        if (seq != NULL)
+            *seq = additional + idx;
+        idx += SEQ_SZ;
+        if (TLS_AEAD_CID(ssl, dec, additional + idx, (unsigned int)cidSz)
+                == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+            WOLFSSL_MSG("DTLS CID write failed");
+            return DTLS_CID_ERROR;
+        }
+        idx += cidSz;
+        c16toa(sz, additional + idx);
+        idx += LENGTH_SZ;
+
+        return (int)idx;
+    }
+#endif
+    if (seq != NULL)
+        *seq = additional + idx;
+    WriteSEQ(ssl, verifyOrder, additional + idx);
+    idx += SEQ_SZ;
+    additional[idx++] = dec ? ssl->curRL.type : type;
+    additional[idx++] = dec ? ssl->curRL.pvMajor : ssl->version.major;
+    additional[idx++] = dec ? ssl->curRL.pvMinor : ssl->version.minor;
+    c16toa(sz, additional + idx);
+    idx += LENGTH_SZ;
+
+    return (int)idx;
+}
 
 static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
-    word16 sz, int asyncOkay)
+    word16 sz, int asyncOkay, byte type)
 {
     int ret = 0;
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -18952,7 +19634,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
         case wolfssl_aes_ccm:/* GCM AEAD macros use same size as CCM */
         {
             AES_AUTH_ENCRYPT_FUNC aes_auth_fn;
-            const byte* additionalSrc;
+            int additionalSz;
 
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* initialize event */
@@ -18970,27 +19652,17 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
         #else
             aes_auth_fn = AES_CCM_ENCRYPT;
         #endif
-            additionalSrc = input - 5;
 
-            XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ);
-
-            /* sequence number field is 64-bits */
-            WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional);
-
-            /* Store the type, version. Unfortunately, they are in
-             * the input buffer ahead of the plaintext. */
-        #ifdef WOLFSSL_DTLS
-            if (ssl->options.dtls) {
-                additionalSrc -= DTLS_HANDSHAKE_EXTRA;
+            additionalSz = writeAeadAuthData(ssl,
+                    /* Length of the plain text minus the explicit
+                     * IV length minus the authentication tag size. */
+                    sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, type,
+                    ssl->encrypt.additional, 0, NULL, CUR_ORDER);
+            if (additionalSz < 0) {
+                ret = additionalSz;
+                break;
             }
-        #endif
-            XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET,
-                                                        additionalSrc, 3);
 
-            /* Store the length of the plain text minus the explicit
-             * IV length minus the authentication tag size. */
-            c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                                ssl->encrypt.additional + AEAD_LEN_OFFSET);
 #if !defined(NO_PUBLIC_GCM_SET_IV) && \
     ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))
@@ -19008,19 +19680,19 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
                          ssl->encrypt.nonce, AESGCM_NONCE_SZ,
                          out + sz - ssl->specs.aead_mac_size,
                          ssl->specs.aead_mac_size,
-                         ssl->encrypt.additional, AEAD_AUTH_DATA_SZ);
+                         ssl->encrypt.additional, (word32)(additionalSz));
             }
 
             if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
         #endif /* HAVE_PK_CALLBACKS */
             {
                 ret = aes_auth_fn(ssl->encrypt.aes,
-                        out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
-                        sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                        ssl->encrypt.nonce, AESGCM_NONCE_SZ,
-                        out + sz - ssl->specs.aead_mac_size,
-                        ssl->specs.aead_mac_size,
-                        ssl->encrypt.additional, AEAD_AUTH_DATA_SZ);
+                    out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
+                    sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size,
+                    ssl->encrypt.nonce, AESGCM_NONCE_SZ,
+                    out + sz - ssl->specs.aead_mac_size,
+                    ssl->specs.aead_mac_size,
+                    ssl->encrypt.additional, (word32)(additionalSz));
             }
 
         #ifdef WOLFSSL_ASYNC_CRYPT
@@ -19041,27 +19713,18 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
     #ifdef HAVE_ARIA
         case wolfssl_aria_gcm:
         {
-            const byte* additionalSrc = input - RECORD_HEADER_SZ;
+            int additionalSz;
             byte *outBuf = NULL;
-            XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ);
 
-            /* sequence number field is 64-bits */
-            WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional);
+            additionalSz = ret = writeAeadAuthData(ssl,
+                    /* Length of the plain text minus the explicit
+                     * IV length minus the authentication tag size. */
+                    sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, type,
+                    ssl->encrypt.additional, 0, NULL, CUR_ORDER);
+            if (ret < 0)
+                break;
+            ret = 0;
 
-            /* Store the type, version. Unfortunately, they are in
-             * the input buffer ahead of the plaintext. */
-        #ifdef WOLFSSL_DTLS
-            if (ssl->options.dtls) {
-                additionalSrc -= DTLS_HANDSHAKE_EXTRA;
-            }
-        #endif
-            XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET,
-                                                        additionalSrc, 3);
-
-            /* Store the length of the plain text minus the explicit
-             * IV length minus the authentication tag size. */
-            c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                                ssl->encrypt.additional + AEAD_LEN_OFFSET);
             XMEMCPY(ssl->encrypt.nonce,
                                 ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
             XMEMCPY(ssl->encrypt.nonce + AESGCM_IMP_IV_SZ,
@@ -19076,7 +19739,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
                     (byte*) input + AESGCM_EXP_IV_SZ,
                     sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
                     ssl->encrypt.nonce, AESGCM_NONCE_SZ,
-                    ssl->encrypt.additional, AEAD_AUTH_DATA_SZ,
+                    ssl->encrypt.additional, additionalSz,
                     out + sz - ssl->specs.aead_mac_size,
                     ssl->specs.aead_mac_size
                     );
@@ -19099,7 +19762,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
     #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
         !defined(NO_CHAPOL_AEAD)
         case wolfssl_chacha:
-            ret = ChachaAEADEncrypt(ssl, out, input, sz);
+            ret = ChachaAEADEncrypt(ssl, out, input, sz, type);
             break;
     #endif
 
@@ -19217,7 +19880,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
 }
 
 static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
-    word16 sz, int asyncOkay)
+    word16 sz, int asyncOkay, byte type)
 {
     int ret = 0;
 
@@ -19308,7 +19971,7 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
 
         case CIPHER_STATE_DO:
         {
-            ret = EncryptDo(ssl, out, input, sz, asyncOkay);
+            ret = EncryptDo(ssl, out, input, sz, asyncOkay, type);
 
             /* Advance state */
             ssl->encrypt.state = CIPHER_STATE_END;
@@ -19441,6 +20104,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
         case wolfssl_aes_ccm: /* GCM AEAD macros use same size as CCM */
         {
             wc_AesAuthDecryptFunc aes_auth_fn;
+            int additionalSz;
 
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* initialize event */
@@ -19459,17 +20123,13 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
             aes_auth_fn = wc_AesCcmDecrypt;
         #endif
 
-            XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ);
-
-            /* sequence number field is 64-bits */
-            WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional);
-
-            ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
-            ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
-            ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
-
-            c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                                    ssl->decrypt.additional + AEAD_LEN_OFFSET);
+            additionalSz = writeAeadAuthData(ssl,
+                    sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, no_type,
+                    ssl->decrypt.additional, 1, NULL, PEER_ORDER);
+            if (additionalSz < 0) {
+                ret = additionalSz;
+                break;
+            }
 
         #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
             if (ssl->options.dtls && IsDtlsMsgSCRKeys(ssl))
@@ -19488,24 +20148,24 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
                 ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 0,
                         plain + AESGCM_EXP_IV_SZ,
                         input + AESGCM_EXP_IV_SZ,
-                        sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
+                        sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size,
                         ssl->decrypt.nonce, AESGCM_NONCE_SZ,
                         (byte *)(input + sz - ssl->specs.aead_mac_size),
                         ssl->specs.aead_mac_size,
-                        ssl->decrypt.additional, AEAD_AUTH_DATA_SZ);
+                        ssl->decrypt.additional, (word32)(additionalSz));
             }
 
             if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN))
         #endif /* HAVE_PK_CALLBACKS */
             {
                 if ((ret = aes_auth_fn(ssl->decrypt.aes,
-                            plain + AESGCM_EXP_IV_SZ,
-                            input + AESGCM_EXP_IV_SZ,
-                            sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                            ssl->decrypt.nonce, AESGCM_NONCE_SZ,
-                            input + sz - ssl->specs.aead_mac_size,
-                            ssl->specs.aead_mac_size,
-                            ssl->decrypt.additional, AEAD_AUTH_DATA_SZ)) < 0) {
+                    plain + AESGCM_EXP_IV_SZ,
+                    input + AESGCM_EXP_IV_SZ,
+                    sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size,
+                    ssl->decrypt.nonce, AESGCM_NONCE_SZ,
+                    input + sz - ssl->specs.aead_mac_size,
+                    ssl->specs.aead_mac_size,
+                    ssl->decrypt.additional, (word32)(additionalSz))) < 0) {
                 #ifdef WOLFSSL_ASYNC_CRYPT
                     if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                         ret = wolfSSL_AsyncPush(ssl,
@@ -19522,17 +20182,14 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
         case wolfssl_aria_gcm:
         {
             byte *outBuf = NULL;
-            XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ);
+            int additionalSz;
 
-            /* sequence number field is 64-bits */
-            WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional);
-
-            ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
-            ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
-            ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
-
-            c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                                    ssl->decrypt.additional + AEAD_LEN_OFFSET);
+            additionalSz = ret = writeAeadAuthData(ssl,
+                    sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, no_type,
+                    ssl->decrypt.additional, 1, NULL, PEER_ORDER);
+            if (ret < 0)
+                break;
+            ret = 0;
 
         #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
             if (ssl->options.dtls && IsDtlsMsgSCRKeys(ssl))
@@ -19555,7 +20212,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
                                 (byte *)input + AESGCM_EXP_IV_SZ,
                                 sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
                                 ssl->decrypt.nonce, AESGCM_NONCE_SZ,
-                                ssl->decrypt.additional, AEAD_AUTH_DATA_SZ,
+                                ssl->decrypt.additional, additionalSz,
                                 (byte *)input + sz - ssl->specs.aead_mac_size,
                                 ssl->specs.aead_mac_size
                                 );
@@ -19878,12 +20535,7 @@ static WC_INLINE int CipherHasExpIV(WOLFSSL *ssl)
 /* check cipher text size for sanity */
 static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
 {
-#ifdef HAVE_TRUNCATED_HMAC
-    word32 minLength = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
-                                           : ssl->specs.hash_size;
-#else
-    word32 minLength = ssl->specs.hash_size; /* covers stream */
-#endif
+    word32 minLength = MacSize(ssl);
 
 #ifndef WOLFSSL_AEAD_ONLY
     if (ssl->specs.cipher_type == block) {
@@ -19930,7 +20582,7 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
 
 
 #ifndef WOLFSSL_AEAD_ONLY
-#ifdef WOLSSL_OLD_TIMINGPADVERIFY
+#ifdef WOLFSSL_OLD_TIMINGPADVERIFY
 #define COMPRESS_LOWER      64
 #define COMPRESS_UPPER      55
 #define COMPRESS_CONSTANT   13
@@ -20274,7 +20926,7 @@ static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac)
         r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE;
 #endif
 
-    XMEMSET(mac, 0, macSz);
+    XMEMSET(mac, 0, (size_t)(macSz));
     for (i = scanStart; i < sz; i += macSz) {
         for (j = 0; j < macSz && j + i < sz; j++) {
             started = ctMaskGTE(i + j, macStart);
@@ -20315,7 +20967,7 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
     /* 4th argument has potential to underflow, ssl->hmac function should
      * either increment the size by (macSz + padLen + 1) before use or check on
      * the size to make sure is valid. */
-    ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen,
+    ret = ssl->hmac(ssl, verify, input, (word32)(pLen - macSz - padLen - 1), padLen,
                                                         content, 1, PEER_ORDER);
     good |= MaskMac(input, pLen, ssl->specs.hash_size, verify);
 
@@ -20336,46 +20988,66 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
     return ret;
 }
 #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
-#endif /* WOLSSL_OLD_TIMINGPADVERIFY */
+#endif /* WOLFSSL_OLD_TIMINGPADVERIFY */
 #endif /* WOLFSSL_AEAD_ONLY */
 
 int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
 {
-    word32 msgSz   = WOLFSSL_IS_QUIC(ssl)? ssl->curSize : ssl->keys.encryptSz;
+    word32 msgSz   = ssl->curSize;
     word32 idx     = *inOutIdx;
     int    dataSz;
-    int    ivExtra = 0;
     byte*  rawData = input + idx;  /* keep current  for hmac */
 #ifdef HAVE_LIBZ
     byte   decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
 #endif
+#ifdef WOLFSSL_EARLY_DATA
+    int    isEarlyData = ssl->options.tls1_3 &&
+                         ssl->options.handShakeDone == 0 &&
+                         ssl->options.side == WOLFSSL_SERVER_END;
+    int    acceptEarlyData = ssl->earlyData != no_early_data &&
+                         ssl->options.clientState == CLIENT_HELLO_COMPLETE;
+#endif
+
+#if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_DTLS13)
+    if (ssl->options.tls1_3 && ssl->options.dtls)
+        isEarlyData = isEarlyData && w64Equal(ssl->keys.curEpoch64,
+                w64From32(0x0, DTLS13_EPOCH_EARLYDATA));
+#endif
 
 #ifdef WOLFSSL_EARLY_DATA
-    if (ssl->options.tls1_3 && ssl->options.handShakeDone == 0) {
-        int process = 0;
-
-        if (ssl->options.side == WOLFSSL_SERVER_END) {
-            if ((ssl->earlyData != no_early_data) &&
-                          (ssl->options.clientState == CLIENT_HELLO_COMPLETE)) {
-                process = 1;
-            }
-            if (!process) {
-                WOLFSSL_MSG("Ignoring EarlyData!");
-                *inOutIdx += ssl->curSize;
-                if (*inOutIdx > ssl->buffers.inputBuffer.length)
-                    return BUFFER_E;
-
-                return 0;
-            }
-        }
-        if (!process) {
-            WOLFSSL_MSG("Received App data before a handshake completed");
-            if (sniff == NO_SNIFF) {
-                SendAlert(ssl, alert_fatal, unexpected_message);
-            }
-            WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E);
-            return OUT_OF_ORDER_E;
-        }
+    if (isEarlyData && acceptEarlyData) {
+        WOLFSSL_MSG("Processing EarlyData");
+    }
+    else if (isEarlyData && !acceptEarlyData) {
+        WOLFSSL_MSG("Ignoring EarlyData!");
+        *inOutIdx += ssl->curSize;
+        if (*inOutIdx > ssl->buffers.inputBuffer.length)
+            return BUFFER_E;
+#ifdef WOLFSSL_DTLS13
+        /* Receiving app data from the traffic epoch before the handshake is
+         * done means that there was a disruption. */
+        if (ssl->options.dtls && !w64Equal(ssl->keys.curEpoch64,
+                                        w64From32(0x0, DTLS13_EPOCH_EARLYDATA)))
+            ssl->dtls13Rtx.sendAcks = 1;
+#endif
+        return 0;
+    }
+    else
+#endif
+#ifdef WOLFSSL_DTLS
+    if (ssl->options.handShakeDone == 0 && ssl->options.dtls) {
+        WOLFSSL_MSG("Dropping app data received before handshake complete");
+        *inOutIdx += ssl->curSize;
+        if (*inOutIdx > ssl->buffers.inputBuffer.length)
+            return BUFFER_E;
+#ifdef WOLFSSL_DTLS13
+        /* Receiving app data from the traffic epoch before the handshake is
+         * done means that there was a disruption. */
+        if (ssl->options.tls1_3 && !w64Equal(ssl->keys.curEpoch64,
+                                        w64From32(0x0, DTLS13_EPOCH_EARLYDATA)))
+            ssl->dtls13Rtx.sendAcks = 1;
+#endif
+        return 0;
     }
     else
 #endif
@@ -20405,23 +21077,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
     }
 #endif
 
-#ifndef WOLFSSL_AEAD_ONLY
-    if (ssl->specs.cipher_type == block) {
-        if (ssl->options.tls1_1)
-            ivExtra = ssl->specs.block_size;
-    }
-    else
-#endif
-    if (ssl->specs.cipher_type == aead) {
-        if (CipherHasExpIV(ssl))
-            ivExtra = AESGCM_EXP_IV_SZ;
-    }
-
-    dataSz = msgSz - ivExtra - ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    if (ssl->options.startedETMRead)
-        dataSz -= MacSize(ssl);
-#endif
+    dataSz = (int)(msgSz - ssl->keys.padSz);
     if (dataSz < 0) {
         WOLFSSL_MSG("App data buffer error, malicious input?");
         if (sniff == NO_SNIFF) {
@@ -20453,17 +21109,13 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff)
             if (dataSz < 0) return dataSz;
         }
 #endif
-        idx += rawSz;
+        idx += (word32)rawSz;
 
         ssl->buffers.clearOutputBuffer.buffer = rawData;
         ssl->buffers.clearOutputBuffer.length = (unsigned int)dataSz;
     }
 
     idx += ssl->keys.padSz;
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-    if (ssl->options.startedETMRead)
-        idx += MacSize(ssl);
-#endif
 
 #ifdef HAVE_LIBZ
     /* decompress could be bigger, overwrite after verify */
@@ -20630,6 +21282,13 @@ const char* AlertTypeToString(int type)
                 return internal_error_str;
             }
 
+        case inappropriate_fallback:
+            {
+                static const char inappropriate_fallback_str[] =
+                    "inappropriate_fallback";
+                return inappropriate_fallback_str;
+            }
+
         case user_canceled:
             {
                 static const char user_canceled_str[] =
@@ -20644,6 +21303,20 @@ const char* AlertTypeToString(int type)
                 return no_renegotiation_str;
             }
 
+        case missing_extension:
+            {
+                static const char missing_extension_str[] =
+                    "missing_extension";
+                return missing_extension_str;
+            }
+
+        case unsupported_extension:
+            {
+                static const char unsupported_extension_str[] =
+                    "unsupported_extension";
+                return unsupported_extension_str;
+            }
+
         case unrecognized_name:
             {
                 static const char unrecognized_name_str[] =
@@ -20658,6 +21331,20 @@ const char* AlertTypeToString(int type)
                 return bad_certificate_status_response_str;
             }
 
+        case unknown_psk_identity:
+            {
+                static const char unknown_psk_identity_str[] =
+                    "unknown_psk_identity";
+                return unknown_psk_identity_str;
+            }
+
+        case certificate_required:
+            {
+                static const char certificate_required_str[] =
+                    "certificate_required";
+                return certificate_required_str;
+            }
+
         case no_application_protocol:
             {
                 static const char no_application_protocol_str[] =
@@ -20713,26 +21400,8 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type)
         }
     #endif
 
-    if (IsEncryptionOn(ssl, 0)) {
-        int ivExtra = 0;
-#ifndef WOLFSSL_AEAD_ONLY
-        if (ssl->specs.cipher_type == block) {
-            if (ssl->options.tls1_1)
-                ivExtra = ssl->specs.block_size;
-        }
-        else
-#endif
-        if (ssl->specs.cipher_type == aead) {
-            if (CipherHasExpIV(ssl))
-                ivExtra = AESGCM_EXP_IV_SZ;
-        }
-        dataSz -= ivExtra;
+    if (IsEncryptionOn(ssl, 0))
         dataSz -= ssl->keys.padSz;
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead)
-            dataSz -= MacSize(ssl);
-    #endif
-    }
 
     /* make sure can read the message */
     if (dataSz != ALERT_SIZE) {
@@ -20775,10 +21444,6 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type)
 
     if (IsEncryptionOn(ssl, 0)) {
         *inOutIdx += ssl->keys.padSz;
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead)
-            *inOutIdx += MacSize(ssl);
-    #endif
     }
 
     return level;
@@ -20791,11 +21456,14 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
     int usedLength;
     int dtlsExtra = 0;
 
+    if (ssl->options.disableRead)
+        return WC_NO_ERR_TRACE(WANT_READ);
 
     /* check max input length */
-    usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx;
-    maxLength  = ssl->buffers.inputBuffer.bufferSize - usedLength;
-    inSz       = (int)(size - usedLength);      /* from last partial read */
+    usedLength = (int)(ssl->buffers.inputBuffer.length -
+                       ssl->buffers.inputBuffer.idx);
+    maxLength  = (int)(ssl->buffers.inputBuffer.bufferSize -
+                       (word32)usedLength);
 
 #ifdef WOLFSSL_DTLS
     if (ssl->options.dtls && IsDtlsNotSctpMode(ssl)) {
@@ -20809,15 +21477,24 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
         if (size < (word32)inSz)
             dtlsExtra = (int)(inSz - size);
     }
+    else
 #endif
+    {
+        /* check that no lengths or size values are negative */
+        if (usedLength < 0 || maxLength < 0) {
+            return BUFFER_ERROR;
+        }
 
-    /* check that no lengths or size values are negative */
-    if (usedLength < 0 || maxLength < 0 || inSz <= 0) {
-        return BUFFER_ERROR;
+        /* Return if we have enough data already in the buffer */
+        if (size <= (word32)usedLength) {
+            return 0;
+        }
+
+        inSz = (int)(size - (word32)usedLength); /* from last partial read */
     }
 
     if (inSz > maxLength) {
-        if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
+        if (GrowInputBuffer(ssl, (int)(size + (word32)dtlsExtra), usedLength) < 0)
             return MEMORY_E;
     }
 
@@ -20825,7 +21502,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
     if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0)
         XMEMMOVE(ssl->buffers.inputBuffer.buffer,
                 ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
-                usedLength);
+                (size_t)(usedLength));
 
     /* remove processed data */
     ssl->buffers.inputBuffer.idx    = 0;
@@ -20837,8 +21514,8 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
                      ssl->buffers.inputBuffer.buffer +
                      ssl->buffers.inputBuffer.length,
                      (word32)inSz);
-        if (in == WANT_READ)
-            return WANT_READ;
+        if (in == WC_NO_ERR_TRACE(WANT_READ))
+            return WC_NO_ERR_TRACE(WANT_READ);
 
         if (in < 0) {
             WOLFSSL_ERROR_VERBOSE(SOCKET_ERROR_E);
@@ -20850,7 +21527,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size)
             return RECV_OVERFLOW_E;
         }
 
-        ssl->buffers.inputBuffer.length += in;
+        ssl->buffers.inputBuffer.length += (word32)in;
         inSz -= in;
 
     } while (ssl->buffers.inputBuffer.length < size);
@@ -20904,20 +21581,12 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
     int    ret;
     word32 pad     = 0;
     word32 padByte = 0;
-#ifdef HAVE_TRUNCATED_HMAC
-    word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
-                                          : ssl->specs.hash_size;
-#else
-    word32 digestSz = ssl->specs.hash_size;
-#endif
+    word32 digestSz = MacSize(ssl);
     byte   verify[WC_MAX_DIGEST_SIZE];
 
 
     if (ssl->specs.cipher_type == block) {
-        int ivExtra = 0;
-        if (ssl->options.tls1_1)
-            ivExtra = ssl->specs.block_size;
-        pad = *(input + msgSz - ivExtra - 1);
+        pad = input[msgSz - 1];
         padByte = 1;
 
         if (ssl->options.tls) {
@@ -20926,8 +21595,8 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
             if(ssl->ctx->VerifyMacCb) {
                 void* ctx = wolfSSL_GetVerifyMacCtx(ssl);
                 ret = ssl->ctx->VerifyMacCb(ssl, input,
-                           (msgSz - ivExtra) - digestSz - pad - 1,
-                           digestSz, (word32)content, ctx);
+                                            msgSz - digestSz - pad - 1,
+                                            digestSz, (word32)content, ctx);
                 if (ret != 0 &&
                     ret != WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) {
                     return ret;
@@ -20936,8 +21605,8 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
             if (!ssl->ctx->VerifyMacCb ||
                 ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE))
 #endif
-            ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra,
-                                  content);
+            ret = TimingPadVerify(ssl, input, (int)pad, (int)digestSz,
+                                  (int)msgSz, content);
             if (ret != 0)
                 return ret;
         }
@@ -20986,7 +21655,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
     }
 #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
     else {
-        *padSz = digestSz + pad + padByte;
+        *padSz = pad + padByte;
     }
 #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
 
@@ -21055,16 +21724,91 @@ static int DtlsShouldDrop(WOLFSSL* ssl, int retcode)
 }
 #endif /* WOLFSSL_DTLS */
 
-int ProcessReply(WOLFSSL* ssl)
+#if defined(WOLFSSL_TLS13) || \
+    (defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID))
+static int removeMsgInnerPadding(WOLFSSL* ssl)
 {
-    return ProcessReplyEx(ssl, 0);
+    word32 i = ssl->buffers.inputBuffer.idx +
+        ssl->curSize;
+    if (ssl->specs.cipher_type == aead)
+        i -= ssl->specs.aead_mac_size;
+    else
+        i -= ssl->keys.padSz + MacSize(ssl);
+
+    /* check that the end of the logical length doesn't extend
+     * past the real buffer */
+    if (i > ssl->buffers.inputBuffer.length || i == 0) {
+        WOLFSSL_ERROR(BUFFER_ERROR);
+        return BUFFER_ERROR;
+    }
+
+    /* Remove padding from end of plain text. */
+    for (--i; i > ssl->buffers.inputBuffer.idx; i--) {
+        if (ssl->buffers.inputBuffer.buffer[i] != 0)
+            break;
+    }
+
+    /* Get the real content type from the end of the data. */
+    ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i];
+    /* consider both contentType byte and MAC as padding */
+    ssl->keys.padSz = ssl->buffers.inputBuffer.idx
+        + ssl->curSize - i;
+    return 0;
 }
+#endif
+
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+static void dtlsClearPeer(WOLFSSL_SOCKADDR* peer)
+{
+    XFREE(peer->sa, NULL, DYNAMIC_TYPE_SOCKADDR);
+    peer->sa = NULL;
+    peer->sz = 0;
+    peer->bufSz = 0;
+}
+
+
+/**
+ * @brief Handle pending peer during record processing.
+ * @param ssl           WOLFSSL object.
+ * @param deprotected   0 when we have not decrypted the record yet
+ *                      1 when we have decrypted and verified the record
+ */
+static void dtlsProcessPendingPeer(WOLFSSL* ssl, int deprotected)
+{
+    if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) {
+        if (!deprotected) {
+            /* Here we have just read an entire record from the network. It is
+             * still encrypted. If processingPendingRecord is set then that
+             * means that an error occurred when processing the previous record.
+             * In that case we should clear the pendingPeer because we only
+             * want to allow it to be valid for one record. */
+            if (ssl->buffers.dtlsCtx.processingPendingRecord) {
+                /* Clear the pending peer. */
+                dtlsClearPeer(&ssl->buffers.dtlsCtx.pendingPeer);
+            }
+            ssl->buffers.dtlsCtx.processingPendingRecord =
+                    !ssl->buffers.dtlsCtx.processingPendingRecord;
+        }
+        else {
+            /* Pending peer present and record deprotected. Update the peer. */
+            (void)wolfSSL_dtls_set_peer(ssl,
+                    &ssl->buffers.dtlsCtx.pendingPeer.sa,
+                    ssl->buffers.dtlsCtx.pendingPeer.sz);
+            ssl->buffers.dtlsCtx.processingPendingRecord = 0;
+            dtlsClearPeer(&ssl->buffers.dtlsCtx.pendingPeer);
+        }
+    }
+    else {
+        ssl->buffers.dtlsCtx.processingPendingRecord = 0;
+    }
+}
+#endif
 
 /* Process input requests. Return 0 is done, 1 is call again to complete, and
    negative number is error. If allowSocketErr is set, SOCKET_ERROR_E in
    ssl->error will be whitelisted. This is useful when the connection has been
    closed and the endpoint wants to check for an alert sent by the other end. */
-int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
+static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
 {
     int    ret = 0, type = internal_error, readSz;
     int    atomicUser = 0;
@@ -21077,15 +21821,17 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
         atomicUser = 1;
 #endif
 
-    if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE
+    if (ssl->error != 0 &&
+        ssl->error != WC_NO_ERR_TRACE(WANT_READ) &&
+        ssl->error != WC_NO_ERR_TRACE(WANT_WRITE)
     #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
-        && ssl->error != APP_DATA_READY
+        && ssl->error != WC_NO_ERR_TRACE(APP_DATA_READY)
     #endif
     #ifdef WOLFSSL_ASYNC_CRYPT
-        && ssl->error != WC_PENDING_E
+        && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     #ifdef WOLFSSL_NONBLOCK_OCSP
-        && ssl->error != OCSP_WANT_READ
+        && ssl->error != WC_NO_ERR_TRACE(OCSP_WANT_READ)
     #endif
         && (allowSocketErr != 1 ||
             ssl->error != WC_NO_ERR_TRACE(SOCKET_ERROR_E))
@@ -21261,6 +22007,10 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
                                        &ssl->curRL, &ssl->curSize);
 
 #ifdef WOLFSSL_DTLS
+#ifdef WOLFSSL_DTLS_CID
+            if (ssl->options.dtls)
+                dtlsProcessPendingPeer(ssl, 0);
+#endif
             if (ssl->options.dtls && DtlsShouldDrop(ssl, ret)) {
                     ssl->options.processReply = doProcessInit;
                     ssl->buffers.inputBuffer.length = 0;
@@ -21319,7 +22069,7 @@ default:
             if (!ssl->options.dtls) {
                 if ((ret = GetInputData(ssl, ssl->curSize)) < 0) {
 #ifdef WOLFSSL_EXTRA_ALERTS
-                    if (ret != WANT_READ)
+                    if (ret != WC_NO_ERR_TRACE(WANT_READ))
                         SendAlert(ssl, alert_fatal, bad_record_mac);
 #endif
                     return ret;
@@ -21363,8 +22113,6 @@ default:
             ssl->keys.padSz = 0;
 
             ssl->options.processReply = verifyEncryptedMessage;
-            /* in case > 1 msg per record */
-            ssl->curStartIdx = ssl->buffers.inputBuffer.idx;
             FALL_THROUGH;
 
         /* verify digest of encrypted message */
@@ -21468,13 +22216,14 @@ default:
                                 /* Mask on indicates this is expected to be a
                                  * padding byte.
                                  */
-                                padding &= ctMaskLTE(i, ssl->keys.padSz);
+                                padding &= ctMaskLTE((int)i,
+                                                       (int)ssl->keys.padSz);
                                 /* When this is a padding byte and not equal
                                  * to length then mask is set.
                                  */
                                 invalid |= padding &
                                            ctMaskNotEq(in->buffer[off - i],
-                                                       ssl->keys.padSz);
+                                                       (int)ssl->keys.padSz);
                             }
                             /* If mask is set then there was an error. */
                             if (invalid) {
@@ -21531,12 +22280,17 @@ default:
             #ifndef WOLFSSL_NO_TLS12
                     /* handle success */
                 #ifndef WOLFSSL_AEAD_ONLY
-                    if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
+                    if (ssl->options.tls1_1 &&
+                            ssl->specs.cipher_type == block) {
                         ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
+                        ssl->curSize -= ssl->specs.block_size;
+                    }
                 #endif
                     /* go past TLSv1.1 IV */
-                    if (CipherHasExpIV(ssl))
+                    if (CipherHasExpIV(ssl)) {
                         ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ;
+                        ssl->curSize -= AESGCM_EXP_IV_SZ;
+                    }
             #endif
                 }
                 else {
@@ -21633,39 +22387,58 @@ default:
 
                 ssl->keys.encryptSz    = ssl->curSize;
                 ssl->keys.decryptedCur = 1;
-#ifdef WOLFSSL_TLS13
-                if (ssl->options.tls1_3) {
-                    word32 i = (ssl->buffers.inputBuffer.idx +
-                        ssl->curSize - ssl->specs.aead_mac_size);
-                    /* check that the end of the logical length doesn't extend
-                     * past the real buffer */
-                    if (i > ssl->buffers.inputBuffer.length || i == 0) {
-                        WOLFSSL_ERROR(BUFFER_ERROR);
-                        return BUFFER_ERROR;
-                    }
-
-                    /* Remove padding from end of plain text. */
-                    for (--i; i > ssl->buffers.inputBuffer.idx; i--) {
-                        if (ssl->buffers.inputBuffer.buffer[i] != 0)
-                            break;
-                    }
-
-                    /* Get the real content type from the end of the data. */
-                    ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i];
-                    /* consider both contentType byte and MAC as padding */
-                    ssl->keys.padSz = ssl->buffers.inputBuffer.idx
-                        + ssl->curSize - i;
-                }
-#endif
             }
 
+            if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 1) {
+#if defined(WOLFSSL_TLS13) || \
+    (defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID))
+                int removePadding = 0;
+                if (ssl->options.tls1_3)
+                    removePadding = 1;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+                if (!ssl->options.tls1_3 && ssl->options.dtls &&
+                        ssl->curRL.type == dtls12_cid)
+                    removePadding = 1;
+#endif
+                if (removePadding) {
+                    ret = removeMsgInnerPadding(ssl);
+                    if (ret != 0)
+                        return ret;
+                }
+                else
+#endif
+                {
+                    /* With atomicUser the callback should have already included
+                     * the mac in the padding size. The ETM callback doesn't do
+                     * this for some reason. */
+                    if (ssl->specs.cipher_type != aead
+#ifdef ATOMIC_USER
+                             && (!atomicUser
+#ifdef HAVE_ENCRYPT_THEN_MAC
+                                 || ssl->options.startedETMRead
+#endif /* HAVE_ENCRYPT_THEN_MAC */
+                                )
+#endif /* !ATOMIC_USER */
+                       )
+                    {
+                        /* consider MAC as padding */
+                        ssl->keys.padSz += MacSize(ssl);
+                    }
+                }
+
+            }
+
+            /* in case > 1 msg per record */
+            ssl->curStartIdx = ssl->buffers.inputBuffer.idx;
+
             ssl->options.processReply = runProcessingOneRecord;
             FALL_THROUGH;
 
         /* the record layer is here */
         case runProcessingOneRecord:
-#ifdef WOLFSSL_DTLS13
+#ifdef WOLFSSL_DTLS
             if (ssl->options.dtls) {
+#ifdef WOLFSSL_DTLS13
                 if (IsAtLeastTLSv1_3(ssl->version)) {
                     if (!Dtls13CheckWindow(ssl)) {
                         /* drop packet */
@@ -21689,11 +22462,18 @@ default:
                         }
                     }
                 }
-                else if (IsDtlsNotSctpMode(ssl)) {
+                else
+#endif /* WOLFSSL_DTLS13 */
+                if (IsDtlsNotSctpMode(ssl)) {
                     DtlsUpdateWindow(ssl);
                 }
+#ifdef WOLFSSL_DTLS_CID
+                /* Update the peer if we were able to de-protect the message */
+                if (IsEncryptionOn(ssl, 0))
+                    dtlsProcessPendingPeer(ssl, 1);
+#endif
             }
-#endif /* WOLFSSL_DTLS13 */
+#endif /* WOLFSSL_DTLS */
             ssl->options.processReply = runProcessingOneMessage;
             FALL_THROUGH;
 
@@ -21705,11 +22485,7 @@ default:
             }
        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
             if (IsEncryptionOn(ssl, 0) && ssl->options.startedETMRead) {
-                /* For TLS v1.1 the block size and explicit IV are added to idx,
-                 * so it needs to be included in this limit check */
-                if ((ssl->curSize - ssl->keys.padSz -
-                        (ssl->buffers.inputBuffer.idx - ssl->curStartIdx) -
-                        MacSize(ssl) > MAX_PLAINTEXT_SZ)
+                if ((ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ)
 #ifdef WOLFSSL_ASYNC_CRYPT
                         && ssl->buffers.inputBuffer.length !=
                                 ssl->buffers.inputBuffer.idx
@@ -21726,12 +22502,8 @@ default:
             else
        #endif
             /* TLS13 plaintext limit is checked earlier before decryption */
-            /* For TLS v1.1 the block size and explicit IV are added to idx,
-             * so it needs to be included in this limit check */
             if (!IsAtLeastTLSv1_3(ssl->version)
-                    && ssl->curSize - ssl->keys.padSz -
-                        (ssl->buffers.inputBuffer.idx - ssl->curStartIdx)
-                            > MAX_PLAINTEXT_SZ
+                    && ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ
 #ifdef WOLFSSL_ASYNC_CRYPT
                     && ssl->buffers.inputBuffer.length !=
                             ssl->buffers.inputBuffer.idx
@@ -21842,7 +22614,7 @@ default:
                              * calling DtlsMsgPoolSend. This msg is done
                              * processing so let's move on. */
                         && (!ssl->options.dtls
-                            || ret != WANT_WRITE)
+                            || ret != WC_NO_ERR_TRACE(WANT_WRITE))
 #ifdef WOLFSSL_ASYNC_CRYPT
                     /* In async case, on pending, move onto next message.
                      * Current message should have been DtlsMsgStore'ed and
@@ -21919,28 +22691,8 @@ default:
                     }
 
                     if (IsEncryptionOn(ssl, 0) && ssl->options.handShakeDone) {
-#ifdef HAVE_AEAD
-                        if (ssl->specs.cipher_type == aead) {
-                            if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
-                                ssl->curSize -= AESGCM_EXP_IV_SZ;
-                            ssl->buffers.inputBuffer.idx += ssl->specs.aead_mac_size;
-                            ssl->curSize -= ssl->specs.aead_mac_size;
-                        }
-                        else
-#endif
-                        {
-                            ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
-                            ssl->curSize -= (word16)ssl->keys.padSz;
-                            ssl->curSize -= ssl->specs.iv_size;
-                        }
-
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                        if (ssl->options.startedETMRead) {
-                            word32 digestSz = MacSize(ssl);
-                            ssl->buffers.inputBuffer.idx += digestSz;
-                            ssl->curSize -= (word16)digestSz;
-                        }
-            #endif
+                        ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
+                        ssl->curSize -= (word16)ssl->keys.padSz;
                     }
 
                     if (ssl->curSize != 1) {
@@ -22041,6 +22793,7 @@ default:
                         #endif
                         }
                     #endif
+                #ifndef WOLFSSL_RW_THREADED
                     #ifdef WOLFSSL_TLS13
                         if (ssl->keys.keyUpdateRespond) {
                             WOLFSSL_MSG("No KeyUpdate from peer seen");
@@ -22048,6 +22801,7 @@ default:
                             return SANITY_MSG_E;
                         }
                     #endif
+                #endif
                     if ((ret = DoApplicationData(ssl,
                                                 ssl->buffers.inputBuffer.buffer,
                                                 &ssl->buffers.inputBuffer.idx,
@@ -22144,32 +22898,17 @@ default:
                 ssl->options.processReply = runProcessingOneMessage;
 
                 if (IsEncryptionOn(ssl, 0)) {
-                    WOLFSSL_MSG("Bundled encrypted messages, remove middle pad");
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                    if (ssl->options.startedETMRead) {
-                        word32 digestSz = MacSize(ssl);
-                        if (ssl->buffers.inputBuffer.idx >=
-                                                   ssl->keys.padSz + digestSz) {
-                            ssl->buffers.inputBuffer.idx -=
-                                                     ssl->keys.padSz + digestSz;
-                        }
-                        else {
-                            WOLFSSL_MSG("\tmiddle padding error");
-                            WOLFSSL_ERROR_VERBOSE(FATAL_ERROR);
-                            return FATAL_ERROR;
-                        }
+                    /* With encryption on, we advance the index by the value
+                     * of ssl->keys.padSz. Since padding only appears once, we
+                     * only can do this at the end of record parsing. We have to
+                     * reset the index to the start of the next message here. */
+                    if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) {
+                        ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
                     }
-                    else
-             #endif
-                    {
-                        if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) {
-                            ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
-                        }
-                        else {
-                            WOLFSSL_MSG("\tmiddle padding error");
-                            WOLFSSL_ERROR_VERBOSE(FATAL_ERROR);
-                            return FATAL_ERROR;
-                        }
+                    else {
+                        WOLFSSL_MSG("\tBuffer advanced not enough error");
+                        WOLFSSL_ERROR_VERBOSE(FATAL_ERROR);
+                        return FATAL_ERROR;
                     }
                 }
             }
@@ -22202,6 +22941,35 @@ default:
     }
 }
 
+int ProcessReply(WOLFSSL* ssl)
+{
+    return ProcessReplyEx(ssl, 0);
+}
+
+int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
+{
+    int ret;
+
+    ret = DoProcessReplyEx(ssl, allowSocketErr);
+
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    if (ssl->options.dtls) {
+        /* Don't clear pending peer if we are going to re-enter
+         * DoProcessReplyEx */
+        if (ret != WC_NO_ERR_TRACE(WANT_READ)
+#ifdef WOLFSSL_ASYNC_CRYPT
+                && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
+#endif
+            ) {
+            dtlsClearPeer(&ssl->buffers.dtlsCtx.pendingPeer);
+            ssl->buffers.dtlsCtx.processingPendingRecord = 0;
+        }
+    }
+#endif
+
+    return ret;
+}
+
 #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) || \
              (defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT))
 int SendChangeCipher(WOLFSSL* ssl)
@@ -22212,17 +22980,17 @@ int SendChangeCipher(WOLFSSL* ssl)
     int                ret;
 
     #ifdef OPENSSL_EXTRA
-    ssl->cbmode = SSL_CB_MODE_WRITE;
+    ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
     if (ssl->options.side == WOLFSSL_SERVER_END){
         ssl->options.serverState = SERVER_CHANGECIPHERSPEC_COMPLETE;
         if (ssl->CBIS != NULL)
-            ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
+            ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
     }
-    else{
+    else {
         ssl->options.clientState =
             CLIENT_CHANGECIPHERSPEC_COMPLETE;
         if (ssl->CBIS != NULL)
-            ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
+            ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
     }
     #endif
 
@@ -22288,7 +23056,7 @@ int SendChangeCipher(WOLFSSL* ssl)
                 return ret;
         }
     #endif
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
 
 #ifdef WOLFSSL_TLS13
     if (!ssl->options.tls1_3)
@@ -22317,7 +23085,8 @@ int SendChangeCipher(WOLFSSL* ssl)
     else
         return SendBuffered(ssl);
 }
-#endif
+#endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS ||
+        * (WOLFSSL_TLS13 && WOLFSSL_TLS13_MIDDLEBOX_COMPAT) */
 
 
 #if !defined(NO_OLD_TLS) && !defined(WOLFSSL_AEAD_ONLY)
@@ -22659,11 +23428,12 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 
     (void)epochOrder;
 
-#ifndef NO_TLS
 #if defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_TLS13)
+    /* TLS v1.3 only */
     return BuildTls13Message(ssl, output, outSz, input, inSz, type,
                                                hashOutput, sizeOnly, asyncOkay);
 #else
+    /* TLS v1.2 or v1.3 */
 #ifdef WOLFSSL_TLS13
     if (ssl->options.tls1_3) {
         return BuildTls13Message(ssl, output, outSz, input, inSz, type,
@@ -22671,6 +23441,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
     }
 #endif
 
+#ifndef WOLFSSL_NO_TLS12
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = WC_NO_PENDING_E;
     if (asyncOkay) {
@@ -22704,9 +23475,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
         ssl->options.buildMsgState = BUILD_MSG_BEGIN;
         XMEMSET(args, 0, sizeof(BuildMsgArgs));
 
-        args->sz = RECORD_HEADER_SZ + inSz;
+        args->sz = RECORD_HEADER_SZ + (word32)inSz;
         args->idx  = RECORD_HEADER_SZ;
         args->headerSz = RECORD_HEADER_SZ;
+        args->type = (byte)type;
     }
 
     switch (ssl->options.buildMsgState) {
@@ -22772,6 +23544,17 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 args->sz       += DTLS_RECORD_EXTRA;
                 args->idx      += DTLS_RECORD_EXTRA;
                 args->headerSz += DTLS_RECORD_EXTRA;
+        #ifdef WOLFSSL_DTLS_CID
+                if (ssl->options.dtls) {
+                    byte cidSz = 0;
+                    if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) {
+                        args->sz       += cidSz;
+                        args->idx      += cidSz;
+                        args->headerSz += cidSz;
+                        args->sz++; /* real_type. no padding. */
+                    }
+                }
+        #endif
             }
         #endif
 
@@ -22853,7 +23636,12 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 #endif
 
             args->size = (word16)(args->sz - args->headerSz);    /* include mac and digest */
-            AddRecordHeader(output, args->size, (byte)type, ssl, epochOrder);
+
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+            if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0)
+                args->type = dtls12_cid;
+#endif
+            AddRecordHeader(output, args->size, args->type, ssl, epochOrder);
 
             /* write to output */
             if (args->ivSz > 0) {
@@ -22861,8 +23649,17 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                                         min(args->ivSz, MAX_IV_SZ));
                 args->idx += min(args->ivSz, MAX_IV_SZ);
             }
-            XMEMCPY(output + args->idx, input, inSz);
-            args->idx += inSz;
+            XMEMCPY(output + args->idx, input, (size_t)(inSz));
+            args->idx += (word32)inSz;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+            if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0) {
+                output[args->idx++] = (byte)type; /* type goes after input */
+                inSz++;
+            }
+#endif
+            /* Make sure we don't access input anymore as inSz may have been
+             * incremented */
+            input = NULL;
 
             ssl->options.buildMsgState = BUILD_MSG_HASH;
         }
@@ -22874,7 +23671,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 goto exit_buildmsg;
 
             if (type == handshake && hashOutput) {
-                ret = HashOutput(ssl, output, args->headerSz + inSz, args->ivSz);
+                ret = HashOutput(ssl, output,
+                    (int)(args->headerSz + (word32)inSz), (int)args->ivSz);
                 if (ret != 0)
                     goto exit_buildmsg;
             }
@@ -22910,7 +23708,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             if (ssl->options.startedETMWrite) {
                 if (ssl->ctx->EncryptMacCb) {
                     ret = ssl->ctx->EncryptMacCb(ssl, output + args->idx +
-                                                 args->pad + 1, type, 0,
+                                                 args->pad + 1, args->type, 0,
                                                  output + args->headerSz,
                                                  output + args->headerSz,
                                                  args->size - args->digestSz,
@@ -22923,8 +23721,9 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             {
                 if (ssl->ctx->MacEncryptCb) {
                     ret = ssl->ctx->MacEncryptCb(ssl, output + args->idx,
-                                    output + args->headerSz + args->ivSz, (unsigned int)inSz,
-                                    type, 0, output + args->headerSz,
+                                    output + args->headerSz + args->ivSz,
+                                    (unsigned int)inSz, args->type, 0,
+                                    output + args->headerSz,
                                     output + args->headerSz, args->size,
                                     ssl->MacEncryptCtx);
                     goto exit_buildmsg;
@@ -22955,8 +23754,9 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 #endif
 
                     ret = ssl->hmac(ssl, hmac,
-                                     output + args->headerSz + args->ivSz, (word32)inSz,
-                                     -1, type, 0, epochOrder);
+                                     output + args->headerSz + args->ivSz,
+                                     (word32)inSz, -1, args->type, 0,
+                                     epochOrder);
                     XMEMCPY(output + args->idx, hmac, args->digestSz);
 
                 #ifdef WOLFSSL_SMALL_STACK
@@ -22967,7 +23767,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             #endif
                 {
                     ret = ssl->hmac(ssl, output + args->idx, output +
-                                args->headerSz + args->ivSz, (word32)inSz, -1, type, 0, epochOrder);
+                                args->headerSz + args->ivSz, (word32)inSz, -1,
+                                args->type, 0, epochOrder);
                 }
             }
         #endif /* WOLFSSL_AEAD_ONLY */
@@ -23003,18 +23804,42 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                         ssl->keys.dtls_prev_sequence_number_lo;
             }
     #endif
+
+#ifdef WOLFSSL_THREADED_CRYPT
+    if (asyncOkay) {
+        WOLFSSL_MSG("Not encrypting\n");
+        /* make sure build message state is reset */
+        ssl->options.buildMsgState = BUILD_MSG_BEGIN;
+
+        /* return sz on success */
+        if (ret == 0) {
+            ret = args->sz;
+        }
+        else {
+            WOLFSSL_ERROR_VERBOSE(ret);
+        }
+
+        /* Final cleanup */
+        FreeBuildMsgArgs(ssl, args);
+
+        return ret;
+    }
+    else
+#endif
+    {
     #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
             if (ssl->options.startedETMWrite) {
                 ret = Encrypt(ssl, output + args->headerSz,
                                           output + args->headerSz,
                                           (word16)(args->size - args->digestSz),
-                                          asyncOkay);
+                                          asyncOkay, args->type);
             }
             else
     #endif
             {
                 ret = Encrypt(ssl, output + args->headerSz,
-                                output + args->headerSz, args->size, asyncOkay);
+                                output + args->headerSz, args->size, asyncOkay,
+                                args->type);
             }
     #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
             /* Restore sequence numbers */
@@ -23024,6 +23849,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 ssl->keys.dtls_sequence_number_lo = dtls_sequence_number_lo;
             }
     #endif
+    }
             }
 
             if (ret != 0) {
@@ -23075,8 +23901,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 #endif
 
                     ret = ssl->hmac(ssl, hmac, output + args->headerSz,
-                                    args->ivSz + inSz + args->pad + 1, -1, type,
-                                    0, epochOrder);
+                                    args->ivSz + inSz + args->pad + 1, -1,
+                                    args->type, 0, epochOrder);
                     XMEMCPY(output + args->idx + args->pad + 1, hmac,
                                                                 args->digestSz);
 
@@ -23089,8 +23915,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 {
                     ret = ssl->hmac(ssl, output + args->idx + args->pad + 1,
                                     output + args->headerSz,
-                                    args->ivSz + inSz + args->pad + 1, -1, type,
-                                    0, epochOrder);
+                                    args->ivSz + (word32)inSz + args->pad + 1,
+                                    -1, args->type, 0, epochOrder);
                 }
             }
         #endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */
@@ -23128,9 +23954,7 @@ exit_buildmsg:
 
     /* Final cleanup */
     FreeBuildMsgArgs(ssl, args);
-
     return ret;
-#endif /* !WOLFSSL_NO_TLS12 */
 #else
     (void)outSz;
     (void)inSz;
@@ -23138,8 +23962,8 @@ exit_buildmsg:
     (void)hashOutput;
     (void)asyncOkay;
     return NOT_COMPILED_IN;
-#endif /* NO_TLS */
-
+#endif /* !WOLFSSL_NO_TLS12 */
+#endif
 }
 
 #ifndef WOLFSSL_NO_TLS12
@@ -23161,6 +23985,13 @@ int SendFinished(WOLFSSL* ssl)
 
     /* check for available size */
     outputSz = sizeof(input) + MAX_MSG_EXTRA;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    if (ssl->options.dtls) {
+        byte cidSz = 0;
+        if ((cidSz = DtlsGetCidTxSize(ssl)) > 0)
+            outputSz += cidSz + 1; /* +1 for inner content type */
+    }
+#endif
 
     /* Set this in case CheckAvailableSize returns a WANT_WRITE so that state
      * is not advanced yet */
@@ -23184,7 +24015,8 @@ int SendFinished(WOLFSSL* ssl)
 
     /* get output buffer */
     output = GetOutputBuffer(ssl);
-    AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
+    AddHandShakeHeader(input, (word32)finishedSz, 0,
+            (word32)finishedSz, finished, ssl);
 
     /* make finished hashes */
     hashes = (Hashes*)&input[headerSz];
@@ -23224,6 +24056,7 @@ int SendFinished(WOLFSSL* ssl)
         }
     #endif
 
+    ssl->keys.encryptionOn = 1;
     sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
                                                  handshake, 1, 0, 0, CUR_ORDER);
     if (sendSz < 0)
@@ -23237,9 +24070,9 @@ int SendFinished(WOLFSSL* ssl)
         if (ssl->options.side == WOLFSSL_SERVER_END) {
         #ifdef OPENSSL_EXTRA
             ssl->options.serverState = SERVER_FINISHED_COMPLETE;
-            ssl->cbmode = SSL_CB_MODE_WRITE;
+            ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
             if (ssl->CBIS != NULL)
-                ssl->CBIS(ssl, SSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS);
+                ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS);
         #endif
             ssl->options.handShakeState = HANDSHAKE_DONE;
             ssl->options.handShakeDone  = 1;
@@ -23252,9 +24085,9 @@ int SendFinished(WOLFSSL* ssl)
         if (ssl->options.side == WOLFSSL_CLIENT_END) {
         #ifdef OPENSSL_EXTRA
             ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
-            ssl->cbmode = SSL_CB_MODE_WRITE;
+            ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
             if (ssl->CBIS != NULL)
-                ssl->CBIS(ssl, SSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS);
+                ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS);
         #endif
             ssl->options.handShakeState = HANDSHAKE_DONE;
             ssl->options.handShakeDone  = 1;
@@ -23274,7 +24107,7 @@ int SendFinished(WOLFSSL* ssl)
         }
     #endif
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
 
     ret = SendBuffered(ssl);
 
@@ -23296,6 +24129,7 @@ int SendFinished(WOLFSSL* ssl)
     return ret;
 }
 #endif /* WOLFSSL_NO_TLS12 */
+#endif /* !NO_TLS */
 
 #ifndef NO_WOLFSSL_SERVER
 #if (!defined(WOLFSSL_NO_TLS12) && \
@@ -23307,7 +24141,7 @@ int SendFinished(WOLFSSL* ssl)
  *
  * Returns 0 on success
  */
-static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
+int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
                              DecodedCert* cert, byte* certData, word32 length,
                              byte *ctxOwnsRequest)
 {
@@ -23329,7 +24163,7 @@ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
         ret = InitOcspRequest(request, cert, 0, ssl->heap);
     if (ret == 0) {
         /* make sure ctx OCSP request is updated */
-        if (!ssl->buffers.weOwnCert) {
+        if (!ssl->buffers.weOwnCert && SSL_CM(ssl) != NULL) {
             wolfSSL_Mutex* ocspLock = &SSL_CM(ssl)->ocsp_stapling->ocspLock;
             if (wc_LockMutex(ocspLock) == 0) {
                 if (ssl->ctx->certOcspRequest == NULL) {
@@ -23462,6 +24296,14 @@ int cipherExtraData(WOLFSSL* ssl)
         cipherExtra = ssl->specs.iv_size + ssl->specs.block_size +
             ssl->specs.hash_size;
     }
+    /* Add space needed for the CID */
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    if (ssl->options.dtls) {
+        byte cidSz = 0;
+        if ((cidSz = DtlsGetCidTxSize(ssl)) > 0)
+            cipherExtra += cidSz + 1; /* +1 for inner content type */
+    }
+#endif
     /* Sanity check so we don't ever return negative. */
     return cipherExtra > 0 ? cipherExtra : 0;
 }
@@ -23469,7 +24311,9 @@ int cipherExtraData(WOLFSSL* ssl)
 #ifndef WOLFSSL_NO_TLS12
 
 #ifndef NO_CERTS
-#if !defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)
+
+#if (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \
+    !defined(NO_TLS)
 /* handle generation of certificate (11) */
 int SendCertificate(WOLFSSL* ssl)
 {
@@ -23576,12 +24420,12 @@ int SendCertificate(WOLFSSL* ssl)
                 else {
                     fragSz = maxFragment - HANDSHAKE_HEADER_SZ;
                 }
-                sendSz += fragSz + HANDSHAKE_HEADER_SZ;
+                sendSz += (int)(fragSz) + HANDSHAKE_HEADER_SZ;
                 i += HANDSHAKE_HEADER_SZ;
             }
             else {
                 fragSz = min(length, maxFragment);
-                sendSz += fragSz;
+                sendSz += (int)(fragSz);
             }
 
             if (IsEncryptionOn(ssl, 1))
@@ -23706,11 +24550,11 @@ int SendCertificate(WOLFSSL* ssl)
             }
 
             if (inputSz > 0) {  /* clang thinks could be zero, let's help */
-                input = (byte*)XMALLOC(inputSz, ssl->heap,
+                input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
                                        DYNAMIC_TYPE_IN_BUFFER);
                 if (input == NULL)
                     return MEMORY_E;
-                XMEMCPY(input, output + recordHeaderSz, inputSz);
+                XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
             }
 
 #ifndef WOLFSSL_DTLS
@@ -23759,12 +24603,12 @@ int SendCertificate(WOLFSSL* ssl)
         }
     #endif
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
         if (!ssl->options.groupMessages)
             ret = SendBuffered(ssl);
     }
 
-    if (ret != WANT_WRITE) {
+    if (ret != WC_NO_ERR_TRACE(WANT_WRITE)) {
         /* Clean up the fragment offset. */
         ssl->options.buildingMsg = 0;
         ssl->fragOffset = 0;
@@ -23782,8 +24626,9 @@ int SendCertificate(WOLFSSL* ssl)
 
     return ret;
 }
-#endif /* !NO_WOLFSSL_SERVER || !WOLFSSL_NO_CLIENT_AUTH */
+#endif /* !NO_TLS && (!NO_WOLFSSL_SERVER || !WOLFSSL_NO_CLIENT_AUTH) */
 
+#if !defined(NO_TLS)
 /* handle generation of certificate_request (13) */
 int SendCertificateRequest(WOLFSSL* ssl)
 {
@@ -23932,14 +24777,16 @@ int SendCertificateRequest(WOLFSSL* ssl)
                 return BUFFER_E;
             }
 
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
+                    DYNAMIC_TYPE_IN_BUFFER);
             if (input == NULL)
                 return MEMORY_E;
 
-            XMEMCPY(input, output + recordHeaderSz, inputSz);
+            XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
             #ifdef WOLFSSL_DTLS
             if (IsDtlsNotSctpMode(ssl) &&
-                    (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, certificate_request)) != 0) {
+                    (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz,
+                                           certificate_request)) != 0) {
                 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
                 return ret;
             }
@@ -23954,7 +24801,8 @@ int SendCertificateRequest(WOLFSSL* ssl)
             sendSz = (int)i;
             #ifdef WOLFSSL_DTLS
                 if (IsDtlsNotSctpMode(ssl)) {
-                    if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, certificate_request)) != 0)
+                    if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz,
+                                    certificate_request)) != 0)
                         return ret;
                 }
                 if (ssl->options.dtls)
@@ -23975,7 +24823,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
                 return ret;
         }
     #endif
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
     if (ssl->options.groupMessages)
         ret = 0;
     else
@@ -23988,8 +24836,11 @@ int SendCertificateRequest(WOLFSSL* ssl)
 
     return ret;
 }
+#endif /* !NO_TLS */
+
 
 #ifndef NO_WOLFSSL_SERVER
+
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
  || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
 static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
@@ -24059,6 +24910,53 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
     return ret;
 }
 #endif
+
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) &&                                \
+    (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||                         \
+    defined(WOLFSSL_HAPROXY))
+static int BuildCertificateStatusWithStatusCB(WOLFSSL* ssl)
+{
+    WOLFSSL_OCSP *ocsp;
+    void *ioCtx = NULL;
+    buffer response;
+    int ret;
+
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    ocsp = SSL_CM(ssl)->ocsp_stapling;
+    if (ocsp == NULL || ocsp->statusCb == NULL)
+        return BAD_FUNC_ARG;
+    ioCtx = (ssl->ocspIOCtx != NULL) ?  ssl->ocspIOCtx : ocsp->cm->ocspIOCtx;
+    XMEMSET(&response, 0, sizeof(response));
+    WOLFSSL_MSG("Calling ocsp->statusCb");
+    ret = ocsp->statusCb(ssl, ioCtx);
+    switch (ret) {
+        case SSL_TLSEXT_ERR_OK:
+            if (ssl->ocspResp == NULL || ssl->ocspRespSz == 0) {
+                ret = 0;
+                break;
+            }
+            response.buffer = ssl->ocspResp;
+            response.length = ssl->ocspRespSz;
+            ret = BuildCertificateStatus(ssl, WOLFSSL_CSR_OCSP, &response, 1);
+            break;
+        case SSL_TLSEXT_ERR_NOACK:
+            /* No OCSP response to send */
+            ret = 0;
+            break;
+        case SSL_TLSEXT_ERR_ALERT_FATAL:
+        /* fall through */
+        default:
+            ret = WOLFSSL_FATAL_ERROR;
+            break;
+    }
+    return ret;
+}
+#endif /* HAVE_CERTIFICATE_STATUS_REQUEST && (defined(OPENSSL_ALL) ||
+          defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */
+
 #endif /* NO_WOLFSSL_SERVER */
 
 /* handle generation of certificate_status (22) */
@@ -24070,7 +24968,10 @@ int SendCertificateStatus(WOLFSSL* ssl)
     WOLFSSL_START(WC_FUNC_CERTIFICATE_STATUS_SEND);
     WOLFSSL_ENTER("SendCertificateStatus");
 
-    (void) ssl;
+    if (ssl == NULL || SSL_CM(ssl) == NULL) {
+        WOLFSSL_MSG("SendCertificateStatus bad args");
+        return BAD_FUNC_ARG;
+    }
 
 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
     status_type = ssl->status_request;
@@ -24080,6 +24981,16 @@ int SendCertificateStatus(WOLFSSL* ssl)
     status_type = status_type ? status_type : ssl->status_request_v2;
 #endif
 
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
+    (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
+    defined(WOLFSSL_HAPROXY))
+    if (SSL_CM(ssl)->ocsp_stapling != NULL &&
+            SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) {
+        if (ssl->status_request == WOLFSSL_CSR_OCSP)
+            return BuildCertificateStatusWithStatusCB(ssl);
+    }
+#endif
+
     switch (status_type) {
 
     #ifndef NO_WOLFSSL_SERVER
@@ -24182,7 +25093,6 @@ int SendCertificateStatus(WOLFSSL* ssl)
 
                         if (idx > chain->length)
                             break;
-
                         ret = CreateOcspRequest(ssl, request, cert, der.buffer,
                                                 der.length, &ctxOwnsRequest);
                         if (ret == 0) {
@@ -24356,7 +25266,8 @@ static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz)
 }
 #endif /* WOLFSSL_DTLS */
 
-#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS)
+#if !defined(NO_TLS) && defined(WOLFSSL_TLS13) && \
+    !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS)
 /*
  * Enforce limits specified in
  * https://www.rfc-editor.org/rfc/rfc8446#section-5.5
@@ -24432,6 +25343,52 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl)
 }
 #endif /* WOLFSSL_TLS13 && !WOLFSSL_TLS13_IGNORE_AEAD_LIMITS */
 
+#ifdef WOLFSSL_THREADED_CRYPT
+int SendAsyncData(WOLFSSL* ssl)
+{
+    int i;
+
+    for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
+        ThreadCrypt* encrypt = &ssl->buffers.encrypt[i];
+
+        if (encrypt->done) {
+            int error;
+
+            GrowOutputBuffer(ssl, encrypt->buffer.length);
+            XMEMCPY(ssl->buffers.outputBuffer.buffer, encrypt->buffer.buffer,
+                encrypt->buffer.length);
+            ssl->buffers.outputBuffer.length = encrypt->buffer.length;
+            ssl->buffers.outputBuffer.idx = 0;
+            encrypt->done = 0;
+            encrypt->avail = 1;
+            if ((error = SendBuffered(ssl)) < 0) {
+                ssl->error = error;
+                WOLFSSL_ERROR(ssl->error);
+                /* store for next call if WANT_WRITE or user embedSend() that
+                   doesn't present like WANT_WRITE */
+                ssl->buffers.plainSz  = encrypt->buffer.length;
+                ssl->buffers.prevSent = encrypt->buffer.length;
+                if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
+                        (ssl->options.connReset || ssl->options.isClosed)) {
+                    return SOCKET_PEER_CLOSED_E;  /* peer reset or closed */
+                }
+                return ssl->error;
+            }
+
+            /* only one message per attempt */
+            if (ssl->options.partialWrite == 1) {
+                WOLFSSL_MSG("Partial Write on, only sending one record");
+                break;
+            }
+        }
+    }
+
+    return 0;
+}
+#endif
+
+#ifndef NO_TLS
+
 /**
  * ssl_in_handshake():
  * Invoked in wolfSSL_read/wolfSSL_write to check if wolfSSL_negotiate() is
@@ -24442,10 +25399,12 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl)
  * 2 in SCR and we have plain data ready
  * Early data logic may bypass this logic in TLSv1.3 when appropriate.
  */
-static int ssl_in_handshake(WOLFSSL *ssl, int send)
+static int ssl_in_handshake(WOLFSSL *ssl, int sending_data)
 {
+int SendAsyncData = 1;
+(void)SendAsyncData;
     if (IsSCR(ssl)) {
-        if (send) {
+        if (sending_data) {
             /* allow sending data in SCR */
             return 0;
         } else {
@@ -24478,26 +25437,33 @@ static int ssl_in_handshake(WOLFSSL *ssl, int send)
     return 0;
 }
 
-int SendData(WOLFSSL* ssl, const void* data, int sz)
+int SendData(WOLFSSL* ssl, const void* data, size_t sz)
 {
-    int sent = 0,  /* plainText size */
-        sendSz,
+    word32 sent = 0; /* plainText size */
+    int sendSz,
         ret;
 #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP)
     int groupMsgs = 0;
 #endif
+    int error = ssl->error;
 
-    if (ssl->error == WANT_WRITE
+    if (sz > INT_MAX) {
+        WOLFSSL_MSG("SendData sz overflow");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (error == WC_NO_ERR_TRACE(WANT_WRITE)
     #ifdef WOLFSSL_ASYNC_CRYPT
-        || ssl->error == WC_PENDING_E
+        || error == WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
+        error = 0;
         ssl->error = 0;
     }
 
     /* don't allow write after decrypt or mac error */
-    if (ssl->error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) ||
-        ssl->error == WC_NO_ERR_TRACE(DECRYPT_ERROR)) {
+    if (error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) ||
+        error == WC_NO_ERR_TRACE(DECRYPT_ERROR)) {
         /* For DTLS allow these possible errors and allow the session
             to continue despite them */
         if (ssl->options.dtls) {
@@ -24522,15 +25488,15 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
         groupMsgs = 1;
     #endif
     }
-    else if (IsAtLeastTLSv1_3(ssl->version) &&
+    else
+#endif
+    if (IsAtLeastTLSv1_3(ssl->version) &&
             ssl->options.side == WOLFSSL_SERVER_END &&
             ssl->options.acceptState >= TLS13_ACCEPT_FINISHED_SENT) {
         /* We can send data without waiting on peer finished msg */
         WOLFSSL_MSG("server sending data before receiving client finished");
     }
-    else
-#endif
-    if (ssl_in_handshake(ssl, 1)) {
+    else if (ssl_in_handshake(ssl, 1)) {
         int err;
         WOLFSSL_MSG("handshake not complete, trying to finish");
         if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
@@ -24540,10 +25506,33 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
                 return WOLFSSL_CBIO_ERR_WANT_WRITE;
             }
         #endif
-            return  err;
+            return err;
         }
     }
 
+#ifdef WOLFSSL_RW_THREADED
+#ifdef WOLFSSL_DTLS13
+    if (ssl->options.dtls) {
+        /* Dtls13DoScheduledWork(ssl) may return WANT_WRITE */
+        if ((error = Dtls13DoScheduledWork(ssl)) < 0) {
+            ssl->error = error;
+            WOLFSSL_ERROR(error);
+            return error;
+        }
+    }
+#endif /* WOLFSSL_DTLS13 */
+#ifdef WOLFSSL_TLS13
+    if (ssl->options.sendKeyUpdate) {
+        ssl->options.sendKeyUpdate = 0;
+        ret = SendTls13KeyUpdate(ssl);
+        if (ret != 0) {
+            ssl->error = BUILD_MSG_ERROR;
+            return WOLFSSL_FATAL_ERROR;
+        }
+    }
+#endif
+#endif
+
     /* last time system socket output buffer was full, try again to send */
     if (ssl->buffers.outputBuffer.length > 0
     #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP)
@@ -24551,24 +25540,25 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
     #endif
         ) {
         WOLFSSL_MSG("output buffer was full, trying to send again");
-        if ( (ssl->error = SendBuffered(ssl)) < 0) {
-            WOLFSSL_ERROR(ssl->error);
-            if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
-                (ssl->options.connReset || ssl->options.isClosed)) {
-                ssl->error = SOCKET_PEER_CLOSED_E;
-                WOLFSSL_ERROR(ssl->error);
+        if ( (error = SendBuffered(ssl)) < 0) {
+            WOLFSSL_ERROR(error);
+            if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
+                    (ssl->options.connReset || ssl->options.isClosed)) {
+                error = SOCKET_PEER_CLOSED_E;
+                ssl->error = error;
+                WOLFSSL_ERROR(error);
                 return 0;  /* peer reset or closed */
             }
-            return ssl->error;
+            return (ssl->error = error);
         }
         else {
             /* advance sent to previous sent + plain size just sent */
             sent = ssl->buffers.prevSent + ssl->buffers.plainSz;
             WOLFSSL_MSG("sent write buffered data");
 
-            if (sent > sz) {
+            if (sent > (word32)sz) {
                 WOLFSSL_MSG("error: write() after WANT_WRITE with short size");
-                return ssl->error = BAD_FUNC_ARG;
+                return (ssl->error = BAD_FUNC_ARG);
             }
         }
     }
@@ -24579,6 +25569,19 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
         return WOLFSSL_FATAL_ERROR;
     }
 
+#ifdef WOLFSSL_THREADED_CRYPT
+    ret = SendAsyncData(ssl);
+    if (ret != 0) {
+        ssl->error = ret;
+        return WOLFSSL_FATAL_ERROR;
+    }
+    if (ssl->dtls13WaitKeyUpdateAck) {
+        ret = DoDtls13KeyUpdateAck(ssl);
+        if (ret != 0)
+            return ret;
+    }
+#endif
+
     for (;;) {
         byte* out;
         byte* sendBuffer = (byte*)data + sent;  /* may switch on comp */
@@ -24587,6 +25590,10 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 #ifdef HAVE_LIBZ
         byte  comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
 #endif
+#ifdef WOLFSSL_THREADED_CRYPT
+        int i;
+        ThreadCrypt* encrypt = NULL;
+#endif
 
 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS)
         if (IsAtLeastTLSv1_3(ssl->version)) {
@@ -24638,34 +25645,66 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 
 #ifdef WOLFSSL_DTLS
         if (ssl->options.dtls) {
-            buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent);
+            buffSz = wolfSSL_GetMaxFragSize(ssl, (word32)sz - sent);
         }
         else
 #endif
         {
-            buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent);
+            buffSz = wolfSSL_GetMaxFragSize(ssl, (word32)sz - sent);
 
         }
 
-        if (sent == sz) break;
+        if (sent == (word32)sz) break;
 
 #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK)
-        if (ssl->options.dtls && (buffSz < sz - sent)) {
-            ssl->error = DTLS_SIZE_ERROR;
-            WOLFSSL_ERROR(ssl->error);
-            return ssl->error;
+        if (ssl->options.dtls && ((size_t)buffSz < (word32)sz - sent)) {
+            error = DTLS_SIZE_ERROR;
+            ssl->error = error;
+            WOLFSSL_ERROR(error);
+            return error;
         }
 #endif
         outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ;
         if (IsEncryptionOn(ssl, 1) || ssl->options.tls1_3)
             outputSz += cipherExtraData(ssl);
 
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+        if (ssl->options.dtls) {
+            byte cidSz = 0;
+            if ((cidSz = DtlsGetCidTxSize(ssl)) > 0)
+                outputSz += cidSz + 1; /* +1 for inner content type */
+        }
+#endif
+
         /* check for available size */
         if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
-            return ssl->error = ret;
+            return (ssl->error = ret);
 
         /* get output buffer */
+#ifndef WOLFSSL_THREADED_CRYPT
         out = GetOutputBuffer(ssl);
+#else
+        do {
+            for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
+                if (ssl->buffers.encrypt[i].avail) {
+                    encrypt = &ssl->buffers.encrypt[i];
+                    break;
+                }
+            }
+            if (encrypt == NULL) {
+                ret = SendAsyncData(ssl);
+                if (ret != 0) {
+                    ssl->error = ret;
+                    return WOLFSSL_FATAL_ERROR;
+                }
+            }
+        }
+        while (encrypt == NULL);
+        encrypt->done = 0;
+        encrypt->avail = 0;
+        GrowAnOutputBuffer(ssl, &encrypt->buffer, outputSz);
+        out = encrypt->buffer.buffer;
+#endif
 
 #ifdef HAVE_LIBZ
         if (ssl->options.usingCompression) {
@@ -24709,21 +25748,73 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
 #ifdef WOLFSSL_ASYNC_CRYPT
         FreeAsyncCtx(ssl, 0);
 #endif
-        ssl->buffers.outputBuffer.length += sendSz;
+#ifdef WOLFSSL_THREADED_CRYPT
+        if (!encrypt->init) {
+            SetKeys(&encrypt->encrypt, NULL, &ssl->keys, &ssl->specs,
+                ssl->options.side, ssl->heap, ssl->devId, ssl->rng,
+                ssl->options.tls1_3);
+            encrypt->init = 1;
+        }
+        encrypt->buffer.length = sendSz;
+        encrypt->offset = RECORD_HEADER_SZ;
+        if (ssl->options.dtls) {
+            encrypt->offset += DTLS_RECORD_EXTRA;
+        }
+        encrypt->cryptLen = outputSz - encrypt->offset;
+    #ifdef HAVE_TRUNCATED_HMAC
+        if (ssl->truncated_hmac) {
+            encrypt->cryptLen -= min(TRUNCATED_HMAC_SZ, ssl->specs.hash_size);
+        }
+        else
+    #endif
+        {
+            encrypt->cryptLen -= ssl->specs.hash_size;
+        }
 
-        if ( (ssl->error = SendBuffered(ssl)) < 0) {
-            WOLFSSL_ERROR(ssl->error);
+#if !defined(NO_PUBLIC_GCM_SET_IV) && \
+    ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))
+        XMEMCPY(encrypt->nonce, ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
+        XMEMCPY(encrypt->nonce + AESGCM_IMP_IV_SZ, ssl->keys.aead_exp_IV,
+            AESGCM_EXP_IV_SZ);
+#endif
+        XMEMSET(encrypt->additional, 0, AEAD_AUTH_DATA_SZ);
+        WriteSEQ(ssl, CUR_ORDER, encrypt->additional);
+        XMEMCPY(encrypt->additional + AEAD_TYPE_OFFSET, encrypt->buffer.buffer,
+            3);
+        c16toa(sendSz - encrypt->offset - AESGCM_EXP_IV_SZ -
+            ssl->specs.aead_mac_size, encrypt->additional + AEAD_LEN_OFFSET);
+
+    #ifdef WOLFSSL_DTLS
+        if (ssl->options.dtls)
+            DtlsSEQIncrement(ssl, CUR_ORDER);
+    #endif
+
+        if (encrypt->signal != NULL) {
+            encrypt->signal(encrypt->signalCtx, ssl);
+        }
+        return sendSz;
+#else
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
+
+        if ( (error = SendBuffered(ssl)) < 0) {
+            ssl->error = error;
+            WOLFSSL_ERROR(error);
             /* store for next call if WANT_WRITE or user embedSend() that
                doesn't present like WANT_WRITE */
             ssl->buffers.plainSz  = buffSz;
             ssl->buffers.prevSent = sent;
-            if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
-                (ssl->options.connReset || ssl->options.isClosed)) {
+            if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
+                    (ssl->options.connReset || ssl->options.isClosed)) {
+                error = SOCKET_PEER_CLOSED_E;
                 ssl->error = SOCKET_PEER_CLOSED_E;
-                WOLFSSL_ERROR(ssl->error);
+                WOLFSSL_ERROR(error);
                 return 0;  /* peer reset or closed */
             }
-            return ssl->error;
+            return error;
+        }
+        else {
+            ssl->error = 0; /* Clear any previous errors */
         }
 
         sent += buffSz;
@@ -24733,20 +25824,29 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
             WOLFSSL_MSG("Partial Write on, only sending one record");
             break;
         }
+#endif
     }
 
     return sent;
 }
 
 /* process input data */
-int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
+int ReceiveData(WOLFSSL* ssl, byte* output, size_t sz, int peek)
 {
     int size;
+    int error = ssl->error;
 
     WOLFSSL_ENTER("ReceiveData");
 
+    if (sz > INT_MAX) {
+        WOLFSSL_MSG("ReceiveData sz overflow");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
     /* reset error state */
-    if (ssl->error == WANT_READ || ssl->error == WOLFSSL_ERROR_WANT_READ) {
+    if (error == WC_NO_ERR_TRACE(WANT_READ) ||
+        error == WOLFSSL_ERROR_WANT_READ) {
+        error = 0;
         ssl->error = 0;
     }
 
@@ -24754,25 +25854,26 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
     if (ssl->options.dtls) {
         /* In DTLS mode, we forgive some errors and allow the session
          * to continue despite them. */
-        if (ssl->error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) ||
-            ssl->error == WC_NO_ERR_TRACE(DECRYPT_ERROR) ||
-            ssl->error == WC_NO_ERR_TRACE(DTLS_SIZE_ERROR)) {
+        if (error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) ||
+            error == WC_NO_ERR_TRACE(DECRYPT_ERROR) ||
+            error == WC_NO_ERR_TRACE(DTLS_SIZE_ERROR)) {
 
+            error = 0;
             ssl->error = 0;
         }
     }
 #endif /* WOLFSSL_DTLS */
 
-    if (ssl->error != 0 && ssl->error != WANT_WRITE
+    if (error != 0 && error != WC_NO_ERR_TRACE(WANT_WRITE)
 #ifdef WOLFSSL_ASYNC_CRYPT
-            && ssl->error != WC_PENDING_E
+            && error != WC_NO_ERR_TRACE(WC_PENDING_E)
 #endif
 #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13)
-            && ssl->error != APP_DATA_READY
+            && error != WC_NO_ERR_TRACE(APP_DATA_READY)
 #endif
     ) {
         WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
-        return ssl->error;
+        return error;
     }
 
 #ifdef WOLFSSL_EARLY_DATA
@@ -24810,32 +25911,39 @@ startScr:
 #endif
 
     while (ssl->buffers.clearOutputBuffer.length == 0) {
-        if ( (ssl->error = ProcessReply(ssl)) < 0) {
-            if (ssl->error == ZERO_RETURN) {
+        if ( (error = ProcessReply(ssl)) < 0) {
+            if (error == WC_NO_ERR_TRACE(ZERO_RETURN)) {
+                ssl->error = error;
                 WOLFSSL_MSG("Zero return, no more data coming");
                 return 0; /* no more data coming */
             }
-            if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) {
+            if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) {
                 if (ssl->options.connReset || ssl->options.isClosed) {
                     WOLFSSL_MSG("Peer reset or closed, connection done");
-                    ssl->error = SOCKET_PEER_CLOSED_E;
-                    WOLFSSL_ERROR(ssl->error);
+                    error = SOCKET_PEER_CLOSED_E;
+                    ssl->error = error;
+                    WOLFSSL_ERROR(error);
                     return 0; /* peer reset or closed */
                 }
             }
-            WOLFSSL_ERROR(ssl->error);
-            return ssl->error;
+            ssl->error = error;
+            WOLFSSL_ERROR(error);
+            return error;
         }
 
-#ifdef WOLFSSL_DTLS13
+#ifndef WOLFSSL_RW_THREADED
+    #ifdef WOLFSSL_DTLS13
         if (ssl->options.dtls) {
             /* Dtls13DoScheduledWork(ssl) may return WANT_WRITE */
-            if ((ssl->error = Dtls13DoScheduledWork(ssl)) < 0) {
-                WOLFSSL_ERROR(ssl->error);
-                return ssl->error;
+            if ((error = Dtls13DoScheduledWork(ssl)) < 0) {
+                ssl->error = error;
+                WOLFSSL_ERROR(error);
+                return error;
             }
         }
-#endif /* WOLFSSL_DTLS13 */
+    #endif /* WOLFSSL_DTLS13 */
+#endif
+
         #ifdef HAVE_SECURE_RENEGOTIATION
             if (ssl->secure_renegotiation &&
                 ssl->secure_renegotiation->startScr) {
@@ -24884,12 +25992,13 @@ startScr:
 #endif
     }
 
-    size = min(sz, (int)ssl->buffers.clearOutputBuffer.length);
+    size = (sz < (size_t)ssl->buffers.clearOutputBuffer.length) ?
+        (int)sz : (int)ssl->buffers.clearOutputBuffer.length;
 
-    XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size);
+    XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, (size_t)(size));
 
     if (peek == 0) {
-        ssl->buffers.clearOutputBuffer.length -= size;
+        ssl->buffers.clearOutputBuffer.length -= (word32)size;
         ssl->buffers.clearOutputBuffer.buffer += size;
     }
 
@@ -24908,10 +26017,19 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
     int  ret;
     int  outputSz;
     int  dtlsExtra = 0;
+    const char* alert_str = NULL;
 
     WOLFSSL_ENTER("SendAlert");
 
-    WOLFSSL_MSG_EX("SendAlert: %d %s", type, AlertTypeToString(type));
+    alert_str = AlertTypeToString(type);
+    if (alert_str != NULL)
+    {
+        WOLFSSL_MSG_EX("SendAlert: %d %s", type, alert_str);
+    }
+    else
+    {
+        WOLFSSL_MSG_EX("SendAlert: %d", type);
+    }
 
 #ifdef WOLFSSL_QUIC
     if (WOLFSSL_IS_QUIC(ssl)) {
@@ -24948,7 +26066,7 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
 
    #ifdef OPENSSL_EXTRA
         if (ssl->CBIS != NULL) {
-            ssl->CBIS(ssl, SSL_CB_ALERT, type);
+            ssl->CBIS(ssl, WOLFSSL_CB_ALERT, type);
         }
    #endif
    #ifdef WOLFSSL_DTLS
@@ -24963,7 +26081,7 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
         /* If CheckAvailableSize returned WANT_WRITE due to a blocking write
          * then discard pending output and just send the alert. */
         if (ssl->options.dtls) {
-            if (ret != WANT_WRITE || severity != alert_fatal)
+            if (ret != WC_NO_ERR_TRACE(WANT_WRITE) || severity != alert_fatal)
                 return ret;
             ShrinkOutputBuffer(ssl);
             if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) {
@@ -25060,7 +26178,21 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
         }
     #endif
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    /*
+     * We check if we are trying to send a
+     * CLOSE_NOTIFY alert.
+     * */
+    if (type == close_notify) {
+        if (!ssl->options.sentNotify) {
+            ssl->options.sentNotify = 1;
+        }
+        else {
+            /* CLOSE_NOTIFY already sent */
+            return 0;
+        }
+    }
+
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
 
     ret = SendBuffered(ssl);
 
@@ -25072,8 +26204,11 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type)
     return ret;
 }
 
+#endif /* !NO_TLS */
+
 int RetrySendAlert(WOLFSSL* ssl)
 {
+    int ret = 0;
     int type;
     int severity;
     WOLFSSL_ENTER("RetrySendAlert");
@@ -25091,12 +26226,18 @@ int RetrySendAlert(WOLFSSL* ssl)
     ssl->pendingAlert.code = 0;
     ssl->pendingAlert.level = alert_none;
 
-    return SendAlert_ex(ssl, severity, type);
+#ifndef NO_TLS
+    ret = SendAlert_ex(ssl, severity, type);
+#else
+    (void)type;
+#endif
+    return ret;
 }
 
 /* send alert message */
 int SendAlert(WOLFSSL* ssl, int severity, int type)
 {
+    int ret = 0;
     WOLFSSL_ENTER("SendAlert");
 
     if (ssl == NULL) {
@@ -25104,7 +26245,7 @@ int SendAlert(WOLFSSL* ssl, int severity, int type)
     }
 
     if (ssl->pendingAlert.level != alert_none) {
-        int ret = RetrySendAlert(ssl);
+        ret = RetrySendAlert(ssl);
         if (ret != 0) {
             if (ssl->pendingAlert.level == alert_none ||
                     (ssl->pendingAlert.level != alert_fatal &&
@@ -25117,10 +26258,13 @@ int SendAlert(WOLFSSL* ssl, int severity, int type)
             return ret;
         }
     }
-
-    return SendAlert_ex(ssl, severity, type);
+#ifndef NO_TLS
+    ret = SendAlert_ex(ssl, severity, type);
+#endif /* !NO_TLS */
+    return ret;
 }
 
+
 #ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H
 #include <wolfssl/debug-untrace-error-codes.h>
 #endif
@@ -25142,16 +26286,21 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     }
 
     /* pass to wolfCrypt */
-    if (error < MAX_CODE_E && error > MIN_CODE_E) {
+    if ((error <= WC_SPAN1_FIRST_E && error >= WC_SPAN1_MIN_CODE_E) ||
+        (error <= WC_SPAN2_FIRST_E && error >= WC_SPAN2_MIN_CODE_E))
+    {
         return wc_GetErrorString(error);
     }
 
-    switch (error) {
-
+    if (error == 0) {
 #ifdef OPENSSL_EXTRA
-    case 0 :
         return "ok";
+#else
+        return "unknown error number";
 #endif
+    }
+
+    switch ((enum wolfSSL_ErrorCodes)error) { /* // NOLINT(clang-analyzer-optin.core.EnumCastOutOfRange) */
 
     case UNSUPPORTED_SUITE :
         return "unsupported cipher suite";
@@ -25261,9 +26410,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case -WOLFSSL_ERROR_WANT_X509_LOOKUP:
         return "application client cert callback asked to be called again";
 
-    case -WOLFSSL_ERROR_SSL:
-        return "fatal TLS protocol error";
-
     case BUFFER_ERROR :
         return "malformed buffer input error";
 
@@ -25341,6 +26487,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case CRL_MISSING:
         return "CRL missing, not loaded";
 
+    case CRYPTO_POLICY_FORBIDDEN:
+        return "Operation forbidden by system crypto-policy";
+
     case MONITOR_SETUP_E:
         return "CRL monitor setup error";
 
@@ -25359,6 +26508,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case MAX_CHAIN_ERROR:
         return "Maximum Chain Depth Exceeded";
 
+    case MAX_CERT_EXTENSIONS_ERR:
+        return "Maximum Cert Extension Exceeded";
+
     case COOKIE_ERROR:
         return "DTLS Cookie Error";
 
@@ -25419,6 +26571,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case SESSION_TICKET_EXPECT_E:
         return "Session Ticket Error";
 
+    case SCR_DIFFERENT_CERT_E:
+        return "SCR Different cert error";
+
     case SESSION_SECRET_CB_E:
         return "Session Secret Callback Error";
 
@@ -25584,52 +26739,27 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case UNSUPPORTED_CERTIFICATE:
         return "Unsupported certificate type";
 
-#ifdef HAVE_HTTP_CLIENT
     case HTTP_TIMEOUT:
         return "HTTP timeout for OCSP or CRL req";
+
     case HTTP_RECV_ERR:
         return "HTTP Receive error";
+
     case HTTP_HEADER_ERR:
         return "HTTP Header error";
+
     case HTTP_PROTO_ERR:
         return "HTTP Protocol error";
+
     case HTTP_STATUS_ERR:
         return "HTTP Status error";
+
     case HTTP_VERSION_ERR:
         return "HTTP Version error";
+
     case HTTP_APPSTR_ERR:
         return "HTTP Application string error";
-#endif
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-    /* TODO: -WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE. Conflicts with
-     *       -WOLFSSL_ERROR_WANT_CONNECT. */
-    case -WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID:
-        return "certificate not yet valid";
-    case -WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED:
-        return "certificate has expired";
-    case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-        return "certificate signature failure";
-    case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-        return "format error in certificate's notAfter field";
-    case -WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-        return "self-signed certificate in certificate chain";
-    case -WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-        return "unable to get local issuer certificate";
-    case -WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-        return "unable to verify the first certificate";
-    case -WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG:
-        return "certificate chain too long";
-    case -WOLFSSL_X509_V_ERR_CERT_REVOKED:
-        return "certificate revoked";
-    case -WOLFSSL_X509_V_ERR_INVALID_CA:
-        return "invalid CA certificate";
-    case -WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED:
-        return "path length constraint exceeded";
-    case -WOLFSSL_X509_V_ERR_CERT_REJECTED:
-        return "certificate rejected";
-    case -WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
-        return "subject issuer mismatch";
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER */
+
     case UNSUPPORTED_PROTO_VERSION:
         #ifdef OPENSSL_EXTRA
         return "WRONG_SSL_VERSION";
@@ -25639,27 +26769,131 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
 
     case FALCON_KEY_SIZE_E:
         return "Wrong key size for Falcon.";
+
     case DILITHIUM_KEY_SIZE_E:
         return "Wrong key size for Dilithium.";
 
-#ifdef WOLFSSL_QUIC
     case QUIC_TP_MISSING_E:
         return "QUIC transport parameter not set";
+
     case QUIC_WRONG_ENC_LEVEL:
         return "QUIC data received at wrong encryption level";
-#endif
+
     case DTLS_CID_ERROR:
         return "DTLS ConnectionID mismatch or missing";
+
     case DTLS_TOO_MANY_FRAGMENTS_E:
         return "Received too many fragmented messages from peer error";
 
     case DUPLICATE_TLS_EXT_E:
         return "Duplicate TLS extension in message.";
 
-    default :
-        return "unknown error number";
+    case WOLFSSL_ALPN_NOT_FOUND:
+        return "TLS extension not found";
+
+    case WOLFSSL_BAD_CERTTYPE:
+        return "Certificate type not supported";
+
+    case WOLFSSL_BAD_STAT:
+        return "bad status";
+
+    case WOLFSSL_BAD_PATH:
+        return "No certificates found at designated path";
+
+    case WOLFSSL_BAD_FILETYPE:
+        return "Data format not supported";
+
+    case WOLFSSL_BAD_FILE:
+        return "Input/output error on file";
+
+    case WOLFSSL_NOT_IMPLEMENTED:
+        return "Function not implemented";
+
+    case WOLFSSL_UNKNOWN:
+        return "Unknown algorithm (EVP)";
+
+    case WOLFSSL_FATAL_ERROR:
+        return "fatal error";
+
+    case WOLFSSL_PEM_R_NO_START_LINE_E:
+        return "No more matching objects found (PEM)";
+
+    case WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E:
+        return "Error getting password (PEM)";
+
+    case WOLFSSL_PEM_R_BAD_PASSWORD_READ_E:
+        return "Bad password (PEM)";
+
+    case WOLFSSL_PEM_R_BAD_DECRYPT_E :
+        return "Decryption failed (PEM)";
+
+    case WOLFSSL_ASN1_R_HEADER_TOO_LONG_E:
+        return "ASN header too long (compat)";
+
+    case WOLFSSL_EVP_R_BAD_DECRYPT_E :
+        return "Decryption failed (EVP)";
+
+    case WOLFSSL_EVP_R_BN_DECODE_ERROR:
+        return "Bignum decode error (EVP)";
+
+    case WOLFSSL_EVP_R_DECODE_ERROR  :
+        return "Decode error (EVP)";
+
+    case WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR:
+        return "Private key decode error (EVP)";
     }
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
+
+    switch (error) {
+    /* TODO: -WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE. Conflicts with
+     *       -WOLFSSL_ERROR_WANT_CONNECT.
+     */
+
+    case -WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID:
+        return "certificate not yet valid";
+
+    case -WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED:
+        return "certificate has expired";
+
+    case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        return "certificate signature failure";
+
+    case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        return "format error in certificate's notAfter field";
+
+    case -WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+        return "self-signed certificate in certificate chain";
+
+    case -WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+        return "unable to get local issuer certificate";
+
+    case -WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+        return "unable to verify the first certificate";
+
+    case -WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG:
+        return "certificate chain too long";
+
+    case -WOLFSSL_X509_V_ERR_CERT_REVOKED:
+        return "certificate revoked";
+
+    case -WOLFSSL_X509_V_ERR_INVALID_CA:
+        return "invalid CA certificate";
+
+    case -WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED:
+        return "path length constraint exceeded";
+
+    case -WOLFSSL_X509_V_ERR_CERT_REJECTED:
+        return "certificate rejected";
+
+    case -WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+        return "subject issuer mismatch";
+    }
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */
+
+    return "unknown error number";
+
 #endif /* NO_ERROR_STRINGS */
 }
 
@@ -25691,9 +26925,9 @@ const char* wolfSSL_ERR_lib_error_string(unsigned long e)
 #if defined(OPENSSL_EXTRA)
     libe = wolfSSL_ERR_GET_LIB(e);
     switch (libe) {
-    case ERR_LIB_PEM:
+    case WOLFSSL_ERR_LIB_PEM:
         return "wolfSSL PEM routines";
-    case ERR_LIB_EVP:
+    case WOLFSSL_ERR_LIB_EVP:
         return "wolfSSL digital envelope routines";
     default:
         return "";
@@ -25735,7 +26969,7 @@ void SetErrorString(int error, char* str)
      */
 
     #ifndef NO_ERROR_STRINGS
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
+        #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
             defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
             #define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
             #define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
@@ -25744,7 +26978,7 @@ void SetErrorString(int error, char* str)
             #define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
         #endif
     #else
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
+        #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
             defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
             #define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE}
             #define SUITE_ALIAS(x,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS},
@@ -26538,7 +27772,7 @@ const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]) {
 
 /* Returns the number of bits based on the cipher enc string, or 0 on failure */
 int SetCipherBits(const char* enc) {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if ((XSTRCMP(enc,"AESGCM(256)") == 0) ||
         (XSTRCMP(enc,"AES(256)") == 0) ||
@@ -26606,13 +27840,16 @@ const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl)
 }
 
 int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
-                           byte* cipherSuite, int* flags)
+                       byte* cipherSuite, byte* major, byte* minor, int* flags)
 {
     int           ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     int           i;
     unsigned long len;
     const char*   nameDelim;
 
+    (void)major;
+    (void)minor;
+
     /* Support trailing : */
     nameDelim = XSTRSTR(name, ":");
     if (nameDelim)
@@ -26630,9 +27867,19 @@ int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
 #endif
 
         if (found) {
-            *cipherSuite0 = cipher_names[i].cipherSuite0;
-            *cipherSuite  = cipher_names[i].cipherSuite;
-            *flags = cipher_names[i].flags;
+            if (cipherSuite0 != NULL)
+                *cipherSuite0 = cipher_names[i].cipherSuite0;
+            if (cipherSuite != NULL)
+                *cipherSuite  = cipher_names[i].cipherSuite;
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
+    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
+            if (major != NULL)
+                *major = cipher_names[i].major;
+            if (minor != NULL)
+                *minor = cipher_names[i].minor;
+#endif
+            if (flags != NULL)
+                *flags = cipher_names[i].flags;
             ret = 0;
             break;
         }
@@ -26670,6 +27917,9 @@ static int ParseCipherList(Suites* suites,
     word16    haveNull         = 1; /* allowed by default if compiled in */
     int       callInitSuites   = 0;
     word16    havePSK          = 0;
+    word16    haveAES128       = 1; /* allowed by default if compiled in */
+    word16    haveSHA1         = 1; /* allowed by default if compiled in */
+    word16    haveRC4          = 1; /* allowed by default if compiled in */
 #endif
     const int suiteSz       = GetCipherNamesSize();
     const char* next        = list;
@@ -26694,8 +27944,8 @@ static int ParseCipherList(Suites* suites,
 #else
                 0,
 #endif
-                haveRSA, 1, 1, !haveRSA, 1, haveRSA, !haveRSA, 1, 1, 0, 0,
-                side
+                haveRSA, 1, 1, !haveRSA, 1, haveRSA, !haveRSA, 0, 0, 1,
+                1, 1, side
         );
         return 1; /* wolfSSL default */
     }
@@ -26718,6 +27968,7 @@ static int ParseCipherList(Suites* suites,
             }
             if (currLen == 0)
                 break;
+            ++next; /* increment to skip ':' */
         }
 
     #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
@@ -26896,6 +28147,29 @@ static int ParseCipherList(Suites* suites,
             continue;
         }
 
+        #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+        if (XSTRCMP(name, "AES128") == 0) {
+            haveAES128 = allowing;
+            callInitSuites = 1;
+            ret = 1;
+            continue;
+        }
+
+        if (XSTRCMP(name, "SHA1") == 0) {
+            haveSHA1 = allowing;
+            callInitSuites = 1;
+            ret = 1;
+            continue;
+        }
+
+        if (XSTRCMP(name, "RC4") == 0) {
+            haveRC4 = allowing;
+            callInitSuites = 1;
+            ret = 1;
+            continue;
+        }
+        #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
         if (XSTRCMP(name, "LOW") == 0 || XSTRCMP(name, "MEDIUM") == 0) {
             /* No way to limit or allow low bit sizes */
             if (allowing) {
@@ -26917,6 +28191,14 @@ static int ParseCipherList(Suites* suites,
             /* wolfSSL doesn't support "export" ciphers. We can skip this */
             continue;
         }
+
+        #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+        if (XSTRNCMP(name, WOLFSSL_SECLEVEL_STR,
+                     strlen(WOLFSSL_SECLEVEL_STR)) == 0) {
+            /* Skip the "@SECLEVEL=N" string, we'll process it elsewhere. */
+            continue;
+        }
+        #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
     #endif /* OPENSSL_EXTRA */
 
         for (i = 0; i < suiteSz; i++) {
@@ -27038,8 +28320,7 @@ static int ParseCipherList(Suites* suites,
                 break;
             }
         }
-    }
-    while (next++); /* increment to skip ':' */
+    } while (next);
 
     if (ret) {
         int keySz = 0;
@@ -27056,10 +28337,9 @@ static int ParseCipherList(Suites* suites,
                        (word16)((haveSig & SIG_ECDSA) != 0),
                        (word16)haveECC, (word16)haveStaticRSA,
                        (word16)haveStaticECC,
-                       (word16)((haveSig & SIG_FALCON) != 0),
-                       (word16)((haveSig & SIG_DILITHIUM) != 0),
                        (word16)((haveSig & SIG_ANON) != 0),
-                       (word16)haveNull, side);
+                       (word16)haveNull, (word16)haveAES128,
+                       (word16)haveSHA1, (word16)haveRC4, side);
             /* Restore user ciphers ahead of defaults */
             XMEMMOVE(suites->suites + idx, suites->suites,
                     min(suites->suiteSz, WOLFSSL_MAX_SUITE_SZ-idx));
@@ -27070,7 +28350,7 @@ static int ParseCipherList(Suites* suites,
         {
             suites->suiteSz   = (word16)idx;
             InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, keySz,
-                 &suites->hashSigAlgoSz);
+                                  &suites->hashSigAlgoSz);
         }
 
 #ifdef HAVE_RENEGOTIATION_INDICATION
@@ -27274,7 +28554,7 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
 
     return ret;
 }
-#endif /* OPENSSL_EXTRA */
+#endif /* OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES */
 
 
 #ifdef OPENSSL_EXTRA
@@ -27467,6 +28747,7 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
     }
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2) {
         /* Certificate has Dilithium level 2 key, only match with it. */
         return sigAlgo == dilithium_level2_sa_algo;
@@ -27479,6 +28760,19 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
         /* Certificate has Dilithium level 5 key, only match with it. */
         return sigAlgo == dilithium_level5_sa_algo;
     }
+    #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+    if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL2) {
+        /* Certificate has ML-DSA level 2 key, only match with it. */
+        return sigAlgo == dilithium_level2_sa_algo;
+    }
+    if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL3) {
+        /* Certificate has ML-DSA level 3 key, only match with it. */
+        return sigAlgo == dilithium_level3_sa_algo;
+    }
+    if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL5) {
+        /* Certificate has ML-DSA level 5 key, only match with it. */
+        return sigAlgo == dilithium_level5_sa_algo;
+    }
 #endif /* HAVE_DILITHIUM */
 #ifdef WC_RSA_PSS
     /* RSA certificate and PSS sig alg. */
@@ -27503,7 +28797,7 @@ static int CmpEccStrength(int hashAlgo, int curveSz)
 {
     int dgstSz = GetMacDigestSize((byte)hashAlgo);
     if (dgstSz <= 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return dgstSz - (curveSz & (~0x3));
 }
 #endif
@@ -27641,10 +28935,16 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz,
         }
     #endif /* HAVE_FALCON */
     #if defined(HAVE_DILITHIUM)
-        if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2 ||
-            ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3 ||
-            ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5) {
-            /* Matched Dilithium - set chosen and finished. */
+        if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL2 ||
+            ssl->pkCurveOID == CTC_ML_DSA_LEVEL3 ||
+            ssl->pkCurveOID == CTC_ML_DSA_LEVEL5
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+         || ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2
+         || ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3
+         || ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+            ) {
+            /* Matched ML-DSA or Dilithium - set chosen and finished. */
             ssl->options.sigAlgo = sigAlgo;
             ssl->options.hashAlgo = hashAlgo;
             ret = 0;
@@ -27990,7 +29290,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz,
         return 0;
     }
 
-#endif /* WOLFSSL_CALLBACKS */
+#endif /* WOLFSSL_CALLBACKS || OPENSSL_EXTRA */
 
 #if !defined(NO_CERTS)
 
@@ -28163,7 +29463,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
                  (ssl->buffers.keyType == dilithium_level3_sa_algo) ||
                  (ssl->buffers.keyType == dilithium_level5_sa_algo))
             ssl->hsType = DYNAMIC_TYPE_DILITHIUM;
-        ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+        ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
         if (ret != 0) {
             goto exit_dpk;
         }
@@ -28177,9 +29477,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
             }
             else if (ssl->buffers.keyId) {
                 ret = wc_InitRsaKey_Id((RsaKey*)ssl->hsKey,
-                                       ssl->buffers.key->buffer,
-                                       ssl->buffers.key->length, ssl->heap,
-                                       ssl->buffers.keyDevId);
+                                    (ssl->buffers.key->buffer),
+                                    (int)(ssl->buffers.key->length),
+                                    ssl->heap,
+                                    ssl->buffers.keyDevId);
             }
             if (ret == 0) {
                 if (ssl->buffers.keySz < ssl->options.minRsaKeySz) {
@@ -28203,7 +29504,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
             }
             else if (ssl->buffers.keyId) {
                 ret = wc_ecc_init_id((ecc_key*)ssl->hsKey,
-                                     ssl->buffers.key->buffer,
+                                     (ssl->buffers.key->buffer),
                                      ssl->buffers.key->length, ssl->heap,
                                      ssl->buffers.keyDevId);
             }
@@ -28272,13 +29573,13 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
             }
             if (ret == 0) {
                 if (ssl->buffers.keyType == dilithium_level2_sa_algo) {
-                    ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 2);
+                    ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_44);
                 }
                 else if (ssl->buffers.keyType == dilithium_level3_sa_algo) {
-                    ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 3);
+                    ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_65);
                 }
                 else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
-                    ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 5);
+                    ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_87);
                 }
             }
             if (ret == 0) {
@@ -28302,7 +29603,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
 #ifndef NO_RSA
     if (ssl->buffers.keyType == rsa_sa_algo || ssl->buffers.keyType == 0) {
         ssl->hsType = DYNAMIC_TYPE_RSA;
-        ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+        ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey);
         if (ret != 0) {
             goto exit_dpk;
         }
@@ -28351,7 +29652,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
 
 #ifdef HAVE_ECC
 #ifndef NO_RSA
-    FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
+    FreeKey(ssl, (int)ssl->hsType, (void**)&ssl->hsKey);
 #endif /* !NO_RSA */
 
     if (ssl->buffers.keyType == ecc_dsa_sa_algo || ssl->buffers.keyType == 0
@@ -28360,7 +29661,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
     #endif
         ) {
         ssl->hsType = DYNAMIC_TYPE_ECC;
-        ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+        ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey);
         if (ret != 0) {
             goto exit_dpk;
         }
@@ -28612,13 +29913,13 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
         }
 
         if (ssl->buffers.keyType == dilithium_level2_sa_algo) {
-            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 2);
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_44);
         }
         else if (ssl->buffers.keyType == dilithium_level3_sa_algo) {
-            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 3);
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_65);
         }
         else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
-            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 5);
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_87);
         }
         else {
             /* What if ssl->buffers.keyType is 0? We might want to do something
@@ -28825,15 +30126,15 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
             if (ret == 0) {
                 if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) {
                     ret = wc_dilithium_set_level(
-                                        (dilithium_key*)ssl->hsAltKey, 2);
+                                        (dilithium_key*)ssl->hsAltKey, WC_ML_DSA_44);
                 }
                 else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) {
                     ret = wc_dilithium_set_level(
-                                        (dilithium_key*)ssl->hsAltKey, 3);
+                                        (dilithium_key*)ssl->hsAltKey, WC_ML_DSA_65);
                 }
                 else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
                     ret = wc_dilithium_set_level(
-                                        (dilithium_key*)ssl->hsAltKey, 5);
+                                        (dilithium_key*)ssl->hsAltKey, WC_ML_DSA_87);
                 }
             }
             if (ret == 0) {
@@ -29044,13 +30345,13 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
         }
 
         if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) {
-            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 2);
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_44);
         }
         else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) {
-            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 3);
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_65);
         }
         else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
-            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 5);
+            ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_87);
         }
         else {
             /* What if ssl->buffers.keyType is 0? We might want to do something
@@ -29119,7 +30420,8 @@ exit_dapk:
     return ret;
 }
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
-#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
+
+#endif /* !NO_CERTS */
 
 #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12)
     /* returns 1 if able to do TLS 1.3 otherwise 0 */
@@ -29144,7 +30446,7 @@ exit_dapk:
     }
 #endif /* WOLFSSL_TLS13 */
 
-#ifndef WOLFSSL_NO_TLS12
+#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12)
 #if (!defined(NO_WOLFSSL_CLIENT) && (!defined(NO_DH) || defined(HAVE_ECC) || \
       defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))) || \
     (!defined(NO_WOLFSSL_SERVER) && (defined(HAVE_ECC) || \
@@ -29225,11 +30527,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         ssl->buffers.digest.length = (unsigned int)digest_sz;
 
         /* buffer for hash */
-        if (!ssl->buffers.digest.buffer) {
-            if (!ssl->options.dontFreeDigest) {
-                XFREE(ssl->buffers.digest.buffer, ssl->heap,
-                    DYNAMIC_TYPE_DIGEST);
-            }
+        if (!ssl->options.dontFreeDigest) {
+            XFREE(ssl->buffers.digest.buffer, ssl->heap,
+                  DYNAMIC_TYPE_DIGEST);
         }
         ssl->options.dontFreeDigest = 0;
 
@@ -29257,11 +30557,11 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
     return ret;
 }
-#endif
-#endif /* !WOLFSSL_NO_TLS12 */
+#endif /* !NO_WOLFSSL_CLIENT [...etc] || !NO_WOLFSSL_SERVER [...etc] */
+#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */
 
 /* client only parts */
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
 
     int HaveUniqueSessionObj(WOLFSSL* ssl)
     {
@@ -29334,7 +30634,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
             idSz = 0;
         }
-#endif
+#endif /* HAVE_SESSION_TICKET */
         length = VERSION_SZ + RAN_LEN
                + (word32)idSz + ENUM_LEN
                + SUITE_LEN
@@ -29365,7 +30665,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 #endif
         if (extSz != 0)
             length += extSz + HELLO_EXT_SZ_SZ;
-#endif
+#endif /* HAVE_TLS_EXTENSIONS */
         sendSz = (int)length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
 
         if (ssl->arrays == NULL) {
@@ -29437,7 +30737,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
                 idx += cookieSz;
             }
         }
-#endif
+#endif /* WOLFSSL_DTLS */
 
 #ifndef NO_FORCE_SCR_SAME_SUITE
         if (IsSCR(ssl)) {
@@ -29447,7 +30747,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             output[idx++] = ssl->options.cipherSuite;
         }
         else
-#endif
+#endif /* NO_FORCE_SCR_SAME_SUITE */
         {
             /* then cipher suites */
             c16toa(suites->suiteSz, output + idx);
@@ -29473,7 +30773,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         (void)idx; /* suppress analyzer warning, keep idx current */
 #else
         if (extSz != 0) {
-            c16toa(extSz, output + idx);
+            c16toa((word16)(extSz), output + idx);
             idx += HELLO_EXT_SZ_SZ;
 
             if (IsAtLeastTLSv1_2(ssl)) {
@@ -29503,7 +30803,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             }
 #endif
         }
-#endif
+#endif /* HAVE_TLS_EXTENSIONS */
 
         if (IsEncryptionOn(ssl, 1)) {
             byte* input;
@@ -29513,14 +30813,16 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             if (ssl->options.dtls)
                 recordHeaderSz += DTLS_RECORD_EXTRA;
             inputSz -= recordHeaderSz;
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
+                    DYNAMIC_TYPE_IN_BUFFER);
             if (input == NULL)
                 return MEMORY_E;
 
-            XMEMCPY(input, output + recordHeaderSz, inputSz);
+            XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
             #ifdef WOLFSSL_DTLS
             if (IsDtlsNotSctpMode(ssl) &&
-                    (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, client_hello)) != 0) {
+                    (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz,
+                                          client_hello)) != 0) {
                 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
                 return ret;
             }
@@ -29547,9 +30849,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
         ssl->options.clientState = CLIENT_HELLO_COMPLETE;
 #ifdef OPENSSL_EXTRA
-        ssl->cbmode = SSL_CB_MODE_WRITE;
+        ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
         if (ssl->CBIS != NULL)
-            ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
+            ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
 #endif
 
 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
@@ -29564,7 +30866,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
         ssl->options.buildingMsg = 0;
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         ret = SendBuffered(ssl);
 
@@ -29589,13 +30891,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 #endif
 
 #ifdef WOLFSSL_DTLS
-        if (ssl->options.dtls) {
+        if (ssl->options.dtls)
             DtlsMsgPoolReset(ssl);
-#ifdef WOLFSSL_DTLS_CID
-            if (ssl->options.useDtlsCID)
-                DtlsCIDOnExtensionsParsed(ssl);
-#endif /* WOLFSSL_DTLS_CID */
-        }
 #endif
 
         if (OPAQUE16_LEN + OPAQUE8_LEN > size)
@@ -29656,7 +30953,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
                 && ssl->session->ticketLen > 0
 #endif
                 );
-#endif
+#endif /* HAVE_SECRET_CALLBACK */
 
 #ifdef HAVE_SESSION_TICKET
         /* server may send blank ticket which may not be expected to indicate
@@ -29665,8 +30962,10 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 #endif
 
         ret = ret ||
-              (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
-                                          ssl->session->sessionID, ID_LEN) == 0);
+              (ssl->options.haveSessionId && ssl->arrays->sessionIDSz == ID_LEN
+                      && ssl->session->sessionIDSz == ID_LEN
+                      && XMEMCMP(ssl->arrays->sessionID,
+                              ssl->session->sessionID, ID_LEN) == 0);
 
         return ret;
     }
@@ -29688,11 +30987,11 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         }
     #endif
 
-        #ifdef OPENSSL_EXTRA
+    #ifdef OPENSSL_EXTRA
         if (ssl->CBIS != NULL) {
-            ssl->CBIS(ssl, SSL_CB_HANDSHAKE_START, WOLFSSL_SUCCESS);
+            ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_START, WOLFSSL_SUCCESS);
         }
-        #endif
+    #endif
 
         if (ssl->options.dtls) {
             if (pv.major != DTLS_MAJOR || pv.minor == DTLS_BOGUS_MINOR) {
@@ -29740,7 +31039,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
                     WOLFSSL_ERROR_VERBOSE(VERSION_ERROR);
                     return VERSION_ERROR;
                 }
-            #endif
+            #endif /* HAVE_SECURE_RENEGOTIATION */
 
             /* Checks made - OK to downgrade. */
                 ssl->version.minor = pv.minor;
@@ -29904,7 +31203,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             }
         }
         else
-#endif
+#endif /* HAVE_SECURE_RENEGOTIATION && !NO_FORCE_SCR_SAME_SUITE */
         {
             word32 idx, found = 0;
             const Suites* suites = WOLFSSL_SUITES(ssl);
@@ -29974,6 +31273,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         else
             ssl->options.haveEMS = 0; /* If no extensions, no EMS */
 #else
+        /* !HAVE_TLS_EXTENSIONS */
         {
             byte pendingEMS = 0;
 
@@ -30021,7 +31321,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
                         else
                             i += extSz;
 
-                        totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
+                        totalExtSz -= (word16)(OPAQUE16_LEN) +
+                                    (word16)(OPAQUE16_LEN) +
+                                    extSz;
                     }
 
                     *inOutIdx = i;
@@ -30033,7 +31335,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             if (!pendingEMS && ssl->options.haveEMS)
                 ssl->options.haveEMS = 0;
         }
-#endif
+#endif /* HAVE_TLS_EXTENSIONS */
 
 #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK)
         if (ssl->secure_renegotiation == NULL ||
@@ -30049,15 +31351,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
         ssl->options.serverState = SERVER_HELLO_COMPLETE;
 
-        if (IsEncryptionOn(ssl, 0)) {
+        if (IsEncryptionOn(ssl, 0))
             *inOutIdx += ssl->keys.padSz;
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMWrite &&
-                                              ssl->specs.cipher_type == block) {
-                *inOutIdx += MacSize(ssl);
-            }
-        #endif
-        }
 
 #ifdef HAVE_SECRET_CALLBACK
         if (ssl->sessionSecretCb != NULL
@@ -30105,7 +31400,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
                 }
             }
             else
-    #endif
+    #endif /* WOLFSSL_TLS13 */
             if (ssl->ctx->method->version.major == SSLv3_MAJOR &&
                 ssl->ctx->method->version.minor == TLSv1_2_MINOR &&
                 (wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_2) == 0) {
@@ -30320,7 +31615,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
                 if (ret == 0) {
                     if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
-                        == WOLFSSL_FAILURE)
+                        <= 0)
                     {
                         ret = MEMORY_ERROR;
                     }
@@ -30340,7 +31635,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         #endif
 
             *inOutIdx += dnSz;
-            len -= OPAQUE16_LEN + dnSz;
+            len -= (word16)(OPAQUE16_LEN) + dnSz;
         }
 
     #ifdef OPENSSL_EXTRA
@@ -30389,13 +31684,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             ssl->options.sendVerify = SEND_BLANK_CERT;
         }
 
-        if (IsEncryptionOn(ssl, 0)) {
+        if (IsEncryptionOn(ssl, 0))
             *inOutIdx += ssl->keys.padSz;
-        #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-            if (ssl->options.startedETMRead)
-                *inOutIdx += MacSize(ssl);
-        #endif
-        }
 
         WOLFSSL_LEAVE("DoCertificateRequest", 0);
         WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO);
@@ -30857,7 +32147,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     /* get PSK server hint from the wire */
                     srvHintLen = (int)min(length, MAX_PSK_ID_LEN);
                     XMEMCPY(ssl->arrays->server_hint, input + args->idx,
-                                                                    srvHintLen);
+                            (size_t)(srvHintLen));
                     ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
                     args->idx += length;
                     break;
@@ -31077,7 +32367,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     /* get PSK server hint from the wire */
                     srvHintLen = (int)min(length, MAX_PSK_ID_LEN);
                     XMEMCPY(ssl->arrays->server_hint, input + args->idx,
-                                                                    srvHintLen);
+                                                    (size_t)(srvHintLen));
                     ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
 
                     args->idx += length;
@@ -31287,6 +32577,13 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                         }
                         else
                     #endif
+                    #ifdef WC_RSA_PSS
+                        if (sigAlgo == rsa_pss_pss_algo &&
+                                ssl->options.peerSigAlgo == rsa_sa_algo) {
+                            ssl->options.peerSigAlgo = sigAlgo;
+                        }
+                        else
+                    #endif
                     #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                         if (sigAlgo == sm2_sa_algo &&
                                              ssl->options.peerSigAlgo == ecc_dsa_sa_algo) {
@@ -31353,6 +32650,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     #ifndef NO_RSA
                     #ifdef WC_RSA_PSS
                         case rsa_pss_sa_algo:
+                        case rsa_pss_pss_algo:
                     #endif
                         case rsa_sa_algo:
                         {
@@ -31453,6 +32751,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     #ifndef NO_RSA
                     #ifdef WC_RSA_PSS
                         case rsa_pss_sa_algo:
+                        case rsa_pss_pss_algo:
                     #endif
                         case rsa_sa_algo:
                         {
@@ -31664,6 +32963,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     #ifndef NO_RSA
                     #ifdef WC_RSA_PSS
                         case rsa_pss_sa_algo:
+                        case rsa_pss_pss_algo:
                         #ifdef HAVE_SELFTEST
                             ret = wc_RsaPSS_CheckPadding(
                                              ssl->buffers.digest.buffer,
@@ -31783,13 +33083,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
 
         case TLS_ASYNC_FINALIZE:
         {
-            if (IsEncryptionOn(ssl, 0)) {
+            if (IsEncryptionOn(ssl, 0))
                 args->idx += ssl->keys.padSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                if (ssl->options.startedETMRead)
-                    args->idx += MacSize(ssl);
-            #endif
-            }
 
             /* Advance state and proceed */
             ssl->options.asyncState = TLS_ASYNC_END;
@@ -31874,9 +33169,9 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
 #ifdef OPENSSL_EXTRA
     ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
-    ssl->cbmode = SSL_CB_MODE_WRITE;
+    ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
     if (ssl->CBIS != NULL)
-        ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
+        ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS);
 #endif
 
 #ifdef WOLFSSL_ASYNC_IO
@@ -31988,7 +33283,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                         /* create private key */
                         ssl->hsType = DYNAMIC_TYPE_CURVE25519;
-                        ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+                        ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
                         if (ret != 0) {
                             goto exit_scke;
                         }
@@ -32039,7 +33334,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                     /* create ephemeral private key */
                     ssl->hsType = DYNAMIC_TYPE_ECC;
-                    ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+                    ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
                     if (ret != 0) {
                         goto exit_scke;
                     }
@@ -32090,7 +33385,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                         /* create private key */
                         ssl->hsType = DYNAMIC_TYPE_CURVE25519;
-                        ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+                        ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
                         if (ret != 0) {
                             goto exit_scke;
                         }
@@ -32138,7 +33433,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                     /* create ephemeral private key */
                     ssl->hsType = DYNAMIC_TYPE_ECC;
-                    ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
+                    ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey);
                     if (ret != 0) {
                         goto exit_scke;
                     }
@@ -32657,7 +33952,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         );
                         if (!ssl->specs.static_ecdh
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                         #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_CURVE25519,
@@ -32678,7 +33973,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         );
                         if (!ssl->specs.static_ecdh
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                         #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_CURVE448,
@@ -32725,7 +34020,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         );
                         if (!ssl->specs.static_ecdh
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                         #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_CURVE25519,
@@ -32746,7 +34041,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                         );
                         if (!ssl->specs.static_ecdh
                         #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                         #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_CURVE448,
@@ -32769,7 +34064,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                     if (!ssl->specs.static_ecdh
                 #ifdef WOLFSSL_ASYNC_CRYPT
-                        && ret != WC_PENDING_E
+                        && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                 #endif
                      && !ssl->options.keepResources) {
                         FreeKey(ssl, DYNAMIC_TYPE_ECC,
@@ -32962,8 +34257,8 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                 if (ssl->options.dtls)
                     recordHeaderSz += DTLS_RECORD_EXTRA;
-                args->inputSz = idx - recordHeaderSz; /* buildmsg adds rechdr */
-                args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
+                args->inputSz = (int)idx - recordHeaderSz; /* buildmsg adds rechdr */
+                args->input = (byte*)XMALLOC((size_t)args->inputSz, ssl->heap,
                                                        DYNAMIC_TYPE_IN_BUFFER);
                 if (args->input == NULL) {
                     ERROR_OUT(MEMORY_E, exit_scke);
@@ -33026,12 +34321,12 @@ int SendClientKeyExchange(WOLFSSL* ssl)
             }
         #endif
 
-            ssl->buffers.outputBuffer.length += args->sendSz;
+            ssl->buffers.outputBuffer.length += (word32)args->sendSz;
 
             if (!ssl->options.groupMessages) {
                 ret = SendBuffered(ssl);
             }
-            if (ret == 0 || ret == WANT_WRITE) {
+            if (ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE)) {
                 int tmpRet = MakeMasterSecret(ssl);
                 if (tmpRet != 0) {
                     ret = tmpRet;   /* save WANT_WRITE unless more serious */
@@ -33061,7 +34356,9 @@ exit_scke:
 
 #ifdef WOLFSSL_ASYNC_IO
     /* Handle async operation */
-    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) || ret == WANT_WRITE) {
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+        ret == WC_NO_ERR_TRACE(WANT_WRITE))
+    {
         if (ssl->options.buildingMsg)
             return ret;
         /* If we have completed all states then we will not enter this function
@@ -33198,13 +34495,13 @@ int SendCertificateVerify(WOLFSSL* ssl)
                 return 0;  /* sent blank cert, can't verify */
             }
 
-            args->sendSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
+            args->sendSz = WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
             if (IsEncryptionOn(ssl, 1)) {
                 args->sendSz += MAX_MSG_EXTRA;
             }
 
             /* Use tmp buffer */
-            args->input = (byte*)XMALLOC(args->sendSz,
+            args->input = (byte*)XMALLOC((size_t)args->sendSz,
                     ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
             if (args->input == NULL)
                 ERROR_OUT(MEMORY_E, exit_scv);
@@ -33477,13 +34774,20 @@ int SendCertificateVerify(WOLFSSL* ssl)
 
                 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                     if (ssl->buffers.keyType == sm2_sa_algo) {
+                    #ifdef HAVE_PK_CALLBACKS
+                        buffer tmp;
+
+                        tmp.length = ssl->buffers.key->length;
+                        tmp.buffer = ssl->buffers.key->buffer;
+                    #endif
+
                         ret = Sm3wSm2Verify(ssl,
                             TLS12_SM2_SIG_ID, TLS12_SM2_SIG_ID_SZ,
                             ssl->buffers.sig.buffer, ssl->buffers.sig.length,
                             ssl->buffers.digest.buffer,
                             ssl->buffers.digest.length, key,
                         #ifdef HAVE_PK_CALLBACKS
-                            ssl->buffers.key
+                            &tmp
                         #else
                             NULL
                         #endif
@@ -33492,12 +34796,19 @@ int SendCertificateVerify(WOLFSSL* ssl)
                     else
                 #endif
                     {
+                    #ifdef HAVE_PK_CALLBACKS
+                        buffer tmp;
+
+                        tmp.length = ssl->buffers.key->length;
+                        tmp.buffer = ssl->buffers.key->buffer;
+                    #endif
+
                         ret = EccVerify(ssl,
                             ssl->buffers.sig.buffer, ssl->buffers.sig.length,
                             ssl->buffers.digest.buffer,
                             ssl->buffers.digest.length, key,
                         #ifdef HAVE_PK_CALLBACKS
-                            ssl->buffers.key
+                            &tmp
                         #else
                             NULL
                         #endif
@@ -33614,9 +34925,9 @@ exit_scv:
 
 #ifdef WOLFSSL_ASYNC_IO
     /* Handle async operation */
-    if (ret == WANT_WRITE
+    if (ret == WC_NO_ERR_TRACE(WANT_WRITE)
 #ifdef WOLFSSL_ASYNC_CRYPT
-            || ret == WC_PENDING_E
+            || ret == WC_NO_ERR_TRACE(WC_PENDING_E)
 #endif
             )
         return ret;
@@ -33750,13 +35061,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
     }
 
-    if (IsEncryptionOn(ssl, 0)) {
+    if (IsEncryptionOn(ssl, 0))
         *inOutIdx += ssl->keys.padSz;
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        if (ssl->options.startedETMRead)
-            *inOutIdx += MacSize(ssl);
-    #endif
-    }
 
     ssl->expect_session_ticket = 0;
 
@@ -33767,7 +35073,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
 #endif /* HAVE_SESSION_TICKET */
 
-#endif /* NO_WOLFSSL_CLIENT */
+#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */
+/* end client only parts */
+
 
 #ifndef NO_CERTS
 
@@ -33814,7 +35122,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 #endif /* WOLF_PRIVATE_KEY_ID || HAVE_PK_CALLBACKS */
 
-#endif /* NO_CERTS */
+#endif /* !NO_CERTS */
 
 #ifdef HAVE_ECC
     /* returns the WOLFSSL_* version of the curve from the OID sum */
@@ -33901,6 +35209,57 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 #endif /* HAVE_ECC */
 
+#ifdef WOLFSSL_HAVE_MLKEM
+    /* Returns 1 when the given group is a PQC group, 0 otherwise. */
+    int NamedGroupIsPqc(int group)
+    {
+        switch (group) {
+        #ifndef WOLFSSL_NO_ML_KEM
+            case WOLFSSL_ML_KEM_512:
+            case WOLFSSL_ML_KEM_768:
+            case WOLFSSL_ML_KEM_1024:
+        #endif
+        #ifdef WOLFSSL_MLKEM_KYBER
+            case WOLFSSL_KYBER_LEVEL1:
+            case WOLFSSL_KYBER_LEVEL3:
+            case WOLFSSL_KYBER_LEVEL5:
+        #endif
+                return 1;
+            default:
+                return 0;
+        }
+    }
+
+    /* Returns 1 when the given group is a PQC hybrid group, 0 otherwise. */
+    int NamedGroupIsPqcHybrid(int group)
+    {
+        switch (group) {
+        #ifndef WOLFSSL_NO_ML_KEM
+            case WOLFSSL_P256_ML_KEM_768:
+            case WOLFSSL_X25519_ML_KEM_768:
+            case WOLFSSL_P384_ML_KEM_1024:
+            case WOLFSSL_P256_ML_KEM_512:
+            case WOLFSSL_P384_ML_KEM_768:
+            case WOLFSSL_P521_ML_KEM_1024:
+            case WOLFSSL_X25519_ML_KEM_512:
+            case WOLFSSL_X448_ML_KEM_768:
+        #endif
+        #ifdef WOLFSSL_MLKEM_KYBER
+            case WOLFSSL_P256_KYBER_LEVEL3:
+            case WOLFSSL_X25519_KYBER_LEVEL3:
+            case WOLFSSL_P256_KYBER_LEVEL1:
+            case WOLFSSL_P384_KYBER_LEVEL3:
+            case WOLFSSL_P521_KYBER_LEVEL5:
+            case WOLFSSL_X25519_KYBER_LEVEL1:
+            case WOLFSSL_X448_KYBER_LEVEL3:
+        #endif
+                return 1;
+            default:
+                return 0;
+        }
+    }
+#endif /* WOLFSSL_HAVE_MLKEM */
+
     int TranslateErrorToAlert(int err)
     {
         switch (err) {
@@ -33946,10 +35305,33 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         return MATCH_SUITE_ERROR;
     }
 
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
 
 #ifndef WOLFSSL_NO_TLS12
 
+    static int getSessionID(WOLFSSL* ssl)
+    {
+        int sessIdSz = 0;
+        (void)ssl;
+#ifndef NO_SESSION_CACHE
+        /* if no session cache don't send a session ID */
+        if (!ssl->options.sessionCacheOff)
+            sessIdSz = ID_LEN;
+#endif
+#ifdef HAVE_SESSION_TICKET
+        /* we may be echoing an ID as part of session tickets */
+        if (ssl->options.useTicket) {
+            /* echo session id sz can be 0,32 or bogus len in between */
+            sessIdSz = ssl->arrays->sessionIDSz;
+            if (sessIdSz > ID_LEN) {
+                WOLFSSL_MSG("Bad bogus session id len");
+                return BUFFER_ERROR;
+            }
+        }
+#endif /* HAVE_SESSION_TICKET */
+        return sessIdSz;
+    }
+
     /* handle generation of server_hello (2) */
     int SendServerHello(WOLFSSL* ssl)
     {
@@ -33958,17 +35340,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         word16 length;
         word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
         int    sendSz;
-        byte   sessIdSz = ID_LEN;
-    #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET)
-        byte   echoId   = 0;  /* ticket echo id flag */
-    #endif
-        byte   cacheOff = 0;  /* session cache off flag */
+        byte   sessIdSz;
 
         WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND);
         WOLFSSL_ENTER("SendServerHello");
 
+        ret = getSessionID(ssl);
+        if (ret < 0)
+            return ret;
+        sessIdSz = (byte)ret;
+
         length = VERSION_SZ + RAN_LEN
-               + ID_LEN + ENUM_LEN
+               + ENUM_LEN + sessIdSz
                + SUITE_LEN
                + ENUM_LEN;
 
@@ -33976,45 +35359,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         ret = TLSX_GetResponseSize(ssl, server_hello, &length);
         if (ret != 0)
             return ret;
-    #ifdef HAVE_SESSION_TICKET
-        if (ssl->options.useTicket) {
-            /* echo session id sz can be 0,32 or bogus len in between */
-            sessIdSz = ssl->arrays->sessionIDSz;
-            if (sessIdSz > ID_LEN) {
-                WOLFSSL_MSG("Bad bogus session id len");
-                return BUFFER_ERROR;
-            }
-            if (!IsAtLeastTLSv1_3(ssl->version))
-                length -= (ID_LEN - sessIdSz);  /* adjust ID_LEN assumption */
-            echoId = 1;
-        }
-    #endif /* HAVE_SESSION_TICKET */
 #else
         if (ssl->options.haveEMS) {
             length += HELLO_EXT_SZ_SZ + HELLO_EXT_SZ;
         }
 #endif
 
-        /* is the session cache off at build or runtime */
-#ifdef NO_SESSION_CACHE
-        cacheOff = 1;
-#else
-        if (ssl->options.sessionCacheOff == 1) {
-            cacheOff = 1;
-        }
-#endif
-
-        /* if no session cache don't send a session ID unless we're echoing
-         * an ID as part of session tickets */
-        if (cacheOff == 1
-        #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET)
-            && echoId == 0
-        #endif
-            ) {
-            length -= ID_LEN;    /* adjust ID_LEN assumption */
-            sessIdSz = 0;
-        }
-
         sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
         #ifdef WOLFSSL_DTLS
         if (ssl->options.dtls) {
@@ -34045,11 +35395,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
         /* then random and session id */
         if (!ssl->options.resuming) {
-            /* generate random part and session id */
-            ret = wc_RNG_GenerateBlock(ssl->rng, output + idx,
-                RAN_LEN + sizeof(sessIdSz) + sessIdSz);
-            if (ret != 0)
-                return ret;
+            word32 genRanLen = RAN_LEN;
 
 #ifdef WOLFSSL_TLS13
             if (TLSv1_3_Capable(ssl)) {
@@ -34057,6 +35403,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
                         tls13Downgrade, TLS13_DOWNGRADE_SZ);
                 output[idx + RAN_LEN - 1] = (byte)IsAtLeastTLSv1_2(ssl);
+                genRanLen -= TLS13_DOWNGRADE_SZ + 1;
             }
             else
 #endif
@@ -34068,12 +35415,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
                         tls13Downgrade, TLS13_DOWNGRADE_SZ);
                 output[idx + RAN_LEN - 1] = 0;
+                genRanLen -= TLS13_DOWNGRADE_SZ + 1;
             }
 
-            /* store info in SSL for later */
+            /* generate random part */
+            ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, genRanLen);
+            if (ret != 0)
+                return ret;
             XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN);
             idx += RAN_LEN;
+
+            /* generate session id */
             output[idx++] = sessIdSz;
+            ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, sessIdSz);
+            if (ret != 0)
+                return ret;
             XMEMCPY(ssl->arrays->sessionID, output + idx, sessIdSz);
             ssl->arrays->sessionIDSz = sessIdSz;
         }
@@ -34139,11 +35495,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             if (ssl->options.dtls)
                 recordHeaderSz += DTLS_RECORD_EXTRA;
             inputSz -= recordHeaderSz;
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
+                    DYNAMIC_TYPE_IN_BUFFER);
             if (input == NULL)
                 return MEMORY_E;
 
-            XMEMCPY(input, output + recordHeaderSz, inputSz);
+            XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
             #ifdef WOLFSSL_DTLS
             if (IsDtlsNotSctpMode(ssl) &&
                     (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello)) != 0) {
@@ -34184,7 +35541,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
         ssl->options.serverState = SERVER_HELLO_COMPLETE;
         ssl->options.buildingMsg = 0;
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         if (ssl->options.groupMessages)
             ret = 0;
@@ -34207,7 +35564,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             return 0;
         }
 
-        return (byte)GetCurveByOID(key->dp->oidSum);
+        return (byte)GetCurveByOID((int)key->dp->oidSum);
     }
 
 #endif /* HAVE_ECC */
@@ -34368,7 +35725,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                             goto exit_sske;
 
                         if (ssl->buffers.serverDH_Pub.buffer == NULL) {
-                            /* Free'd in SSL_ResourceFree and
+                            /* Free'd in wolfSSL_ResourceFree and
                              * FreeHandshakeResources */
                             ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
                                     pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
@@ -34382,7 +35739,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         pSz = wc_DhGetNamedKeyMinSize(ssl->namedGroup);
 
                         if (ssl->buffers.serverDH_Priv.buffer == NULL) {
-                            /* Free'd in SSL_ResourceFree and
+                            /* Free'd in wolfSSL_ResourceFree and
                              * FreeHandshakeResources */
                             ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
                                     pSz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
@@ -34451,7 +35808,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         }
 
                         if (ssl->buffers.serverDH_Pub.buffer == NULL) {
-                            /* Free'd in SSL_ResourceFree and FreeHandshakeResources */
+                            /* Free'd in wolfSSL_ResourceFree
+                             * and FreeHandshakeResources
+                             */
                             ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
                                     ssl->buffers.serverDH_P.length,
                                     ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
@@ -34463,7 +35822,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         }
 
                         if (ssl->buffers.serverDH_Priv.buffer == NULL) {
-                            /* Free'd in SSL_ResourceFree and FreeHandshakeResources */
+                            /* Free'd in wolfSSL_ResourceFree
+                             * and FreeHandshakeResources
+                             */
                             ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
                                     ssl->buffers.serverDH_P.length,
                                     ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
@@ -35688,6 +37049,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                                 else
                             #endif /* WOLFSSL_SM2 */
                                 {
+                                #ifdef HAVE_PK_CALLBACKS
+                                    buffer tmp;
+
+                                    tmp.length = ssl->buffers.key->length;
+                                    tmp.buffer = ssl->buffers.key->buffer;
+                                #endif
+
                                     ret = EccVerify(ssl,
                                         args->output + LENGTH_SZ + args->idx,
                                         args->sigSz,
@@ -35695,7 +37063,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                                         ssl->buffers.digest.length,
                                         key,
                                     #ifdef HAVE_PK_CALLBACKS
-                                        ssl->buffers.key
+                                        &tmp
                                     #else
                                         NULL
                                     #endif
@@ -35707,7 +37075,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                                     goto exit_sske;
                                 }
                             }
-                            #if defined(HAVE_E25519) || defined(HAVE_ED448)
+                            #if defined(HAVE_ED25519) || defined(HAVE_ED448)
                             FALL_THROUGH;
                             #endif
                         #endif /*  WOLFSSL_CHECK_SIG_FAULTS */
@@ -35845,9 +37213,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     #ifdef WOLFSSL_ASYNC_IO
         /* Handle async operation */
-        if (ret == WANT_WRITE
+        if (ret == WC_NO_ERR_TRACE(WANT_WRITE)
         #ifdef WOLFSSL_ASYNC_CRYPT
-                || ret == WC_PENDING_E
+                || ret == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
                 )
             return ret;
@@ -36240,9 +37608,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
                        ssl->options.haveDH, ssl->options.haveECDSAsig,
                        ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                       ssl->options.haveFalconSig,
-                       ssl->options.haveDilithiumSig, ssl->options.useAnon,
-                       TRUE, ssl->options.side);
+                       ssl->options.useAnon,
+                       TRUE, TRUE, TRUE, TRUE, ssl->options.side);
         }
 
         /* suite size */
@@ -36300,7 +37667,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             ssl->options.usingCompression = 0;  /* turn off */
 
         ssl->options.clientState = CLIENT_HELLO_COMPLETE;
-        ssl->cbmode = SSL_CB_MODE_WRITE;
+        ssl->cbmode = WOLFSSL_CB_MODE_WRITE;
         *inOutIdx = idx;
 
         ssl->options.haveSessionId = 1;
@@ -36522,11 +37889,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     {
         byte            b;
         ProtocolVersion pv;
-#ifdef WOLFSSL_SMALL_STACK
-        Suites*         clSuites = NULL;
-#else
-        Suites          clSuites[1];
-#endif
         word32          i = *inOutIdx;
         word32          begin = i;
         int             ret = 0;
@@ -36594,8 +37956,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR)
             pv.minor = TLSv1_2_MINOR;
 
-        lesserVersion = !ssl->options.dtls && ssl->version.minor > pv.minor;
-        lesserVersion |= ssl->options.dtls && ssl->version.minor < pv.minor;
+        lesserVersion = (byte)(!ssl->options.dtls &&
+                                    ssl->version.minor > pv.minor);
+        lesserVersion |= ssl->options.dtls &&ssl->version.minor < pv.minor;
 
         if (lesserVersion) {
             byte   belowMinDowngrade;
@@ -36672,9 +38035,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
                        ssl->options.haveDH, ssl->options.haveECDSAsig,
                        ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                       ssl->options.haveFalconSig,
-                       ssl->options.haveDilithiumSig, ssl->options.useAnon,
-                       TRUE, ssl->options.side);
+                       ssl->options.useAnon,
+                       TRUE, TRUE, TRUE, TRUE, ssl->options.side);
         }
 
         /* check if option is set to not allow the current version
@@ -36750,9 +38112,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
                            ssl->options.haveDH, ssl->options.haveECDSAsig,
                            ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                           ssl->options.haveFalconSig,
-                           ssl->options.haveDilithiumSig, ssl->options.useAnon,
-                           TRUE, ssl->options.side);
+                           ssl->options.useAnon,
+                           TRUE, TRUE, TRUE, TRUE, ssl->options.side);
             }
         }
 
@@ -36826,40 +38187,40 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             goto out;
         }
 
-#ifdef WOLFSSL_SMALL_STACK
-        clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
+        XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
+        ssl->clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
                                        DYNAMIC_TYPE_SUITES);
-        if (clSuites == NULL) {
+        if (ssl->clSuites == NULL) {
             ret = MEMORY_E;
             goto out;
         }
-#endif
-        XMEMSET(clSuites, 0, sizeof(Suites));
-        ato16(&input[i], &clSuites->suiteSz);
+        XMEMSET(ssl->clSuites, 0, sizeof(Suites));
+        ato16(&input[i], &ssl->clSuites->suiteSz);
         i += OPAQUE16_LEN;
 
         /* Cipher suite lists are always multiples of two in length. */
-        if (clSuites->suiteSz % 2 != 0) {
+        if (ssl->clSuites->suiteSz % 2 != 0) {
             ret = BUFFER_ERROR;
             goto out;
         }
 
         /* suites and compression length check */
-        if ((i - begin) + clSuites->suiteSz + OPAQUE8_LEN > helloSz) {
+        if ((i - begin) + ssl->clSuites->suiteSz + OPAQUE8_LEN > helloSz) {
             ret = BUFFER_ERROR;
             goto out;
         }
 
-        if (clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ) {
+        if (ssl->clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ) {
             ret = BUFFER_ERROR;
             goto out;
         }
 
-        XMEMCPY(clSuites->suites, input + i, clSuites->suiteSz);
+        XMEMCPY(ssl->clSuites->suites, input + i, ssl->clSuites->suiteSz);
 
 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
         /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
-        if (FindSuite(clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) {
+        if (FindSuite(ssl->clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >=
+                0) {
             TLSX* extension;
 
             /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
@@ -36881,7 +38242,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
 #if defined(HAVE_FALLBACK_SCSV) || defined(OPENSSL_ALL)
         /* check for TLS_FALLBACK_SCSV suite */
-        if (FindSuite(clSuites, TLS_FALLBACK_SCSV, 0) >= 0) {
+        if (FindSuite(ssl->clSuites, TLS_FALLBACK_SCSV, 0) >= 0) {
             WOLFSSL_MSG("Found Fallback SCSV");
             if (ssl->ctx->method->version.minor > pv.minor) {
                 WOLFSSL_MSG("Client trying to connect with lesser version");
@@ -36892,8 +38253,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         }
 #endif
 
-        i += clSuites->suiteSz;
-        clSuites->hashSigAlgoSz = 0;
+        i += ssl->clSuites->suiteSz;
+        ssl->clSuites->hashSigAlgoSz = 0;
 
         /* compression length */
         b = input[i++];
@@ -36980,7 +38341,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #ifdef HAVE_TLS_EXTENSIONS
                 /* tls extensions */
                 if ((ret = TLSX_Parse(ssl, input + i, totalExtSz, client_hello,
-                                                                    clSuites)))
+                                                                ssl->clSuites)))
                     goto out;
     #ifdef WOLFSSL_TLS13
                 if (TLSX_Find(ssl->extensions,
@@ -37036,15 +38397,16 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                             goto out;
                         }
 
-                        clSuites->hashSigAlgoSz = hashSigAlgoSz;
-                        if (clSuites->hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) {
+                        ssl->clSuites->hashSigAlgoSz = hashSigAlgoSz;
+                        if (ssl->clSuites->hashSigAlgoSz >
+                                WOLFSSL_MAX_SIGALGO) {
                             WOLFSSL_MSG("ClientHello SigAlgo list exceeds max, "
                                                                   "truncating");
-                            clSuites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
+                            ssl->clSuites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
                         }
 
-                        XMEMCPY(clSuites->hashSigAlgo, &input[i],
-                                                      clSuites->hashSigAlgoSz);
+                        XMEMCPY(ssl->clSuites->hashSigAlgo, &input[i],
+                                                  ssl->clSuites->hashSigAlgoSz);
 
                         i += hashSigAlgoSz;
                     }
@@ -37055,7 +38417,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                     else
                         i += extSz;
 
-                    totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
+                    totalExtSz -= (word16)(OPAQUE16_LEN + OPAQUE16_LEN) + extSz;
                 }
 #endif
                 *inOutIdx = i;
@@ -37075,7 +38437,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         /* ProcessOld uses same resume code */
         WOLFSSL_MSG_EX("ssl->options.resuming %d", ssl->options.resuming);
         if (ssl->options.resuming) {
-            ret = HandleTlsResumption(ssl, clSuites);
+            ret = HandleTlsResumption(ssl, ssl->clSuites);
             if (ret != 0)
                 goto out;
 
@@ -37111,19 +38473,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
 
 #ifdef OPENSSL_EXTRA
-        ssl->clSuites = clSuites; /* cppcheck-suppress autoVariables
-                                   *
-                                   * (suppress warning that ssl, a persistent
-                                   * non-local allocation, has its ->clSuites
-                                   * set to clSuites, a local stack allocation.
-                                   * we clear this assignment before returning.)
-                                   */
         /* Give user last chance to provide a cert for cipher selection */
         if (ret == 0 && ssl->ctx->certSetupCb != NULL)
             ret = CertSetupCbWrapper(ssl);
 #endif
         if (ret == 0)
-            ret = MatchSuite(ssl, clSuites);
+            ret = MatchSuite(ssl, ssl->clSuites);
 
 #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_ENCRYPT_THEN_MAC) && \
     !defined(WOLFSSL_AEAD_ONLY)
@@ -37141,11 +38496,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
 
     out:
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#if !defined(OPENSSL_EXTRA)
+        XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
         ssl->clSuites = NULL;
-#endif
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
 #endif
         WOLFSSL_LEAVE("DoClientHello", ret);
         WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO);
@@ -37561,13 +38914,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
             case TLS_ASYNC_FINALIZE:
             {
-                if (IsEncryptionOn(ssl, 0)) {
+                if (IsEncryptionOn(ssl, 0))
                     args->idx += ssl->keys.padSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                    if (ssl->options.startedETMRead)
-                        args->idx += MacSize(ssl);
-            #endif
-                }
 
                 ssl->options.havePeerVerify = 1;
 
@@ -37680,11 +39028,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 inputSz += DTLS_HANDSHAKE_EXTRA;
             }
 
-            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
+            input = (byte*)XMALLOC((size_t)inputSz, ssl->heap,
+                    DYNAMIC_TYPE_IN_BUFFER);
             if (input == NULL)
                 return MEMORY_E;
 
-            XMEMCPY(input, output + recordHeaderSz, inputSz);
+            XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz));
             #ifdef WOLFSSL_DTLS
             if (IsDtlsNotSctpMode(ssl) &&
                     (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello_done)) != 0) {
@@ -37725,7 +39074,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
         ssl->options.buildingMsg = 0;
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         ret = SendBuffered(ssl);
 
@@ -37902,7 +39251,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (ssl->ctx->ticketEncCb == NULL
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
                 ||
-                /* SSL_OP_NO_TICKET turns off tickets in <= 1.2. Forces
+                /* WOLFSSL_OP_NO_TICKET turns off tickets in <= 1.2. Forces
                  * "stateful" tickets for 1.3 so just use the regular
                  * stateless ones. */
                 (!IsAtLeastTLSv1_3(ssl->version) &&
@@ -38026,7 +39375,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (ssl->ctx->ticketEncCb == NULL
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
                 ||
-                /* SSL_OP_NO_TICKET turns off tickets in < 1.2. Forces
+                /* WOLFSSL_OP_NO_TICKET turns off tickets in < 1.2. Forces
                  * "stateful" tickets for 1.3 so just use the regular
                  * stateless ones. */
                 (!IsAtLeastTLSv1_3(ssl->version) &&
@@ -38124,7 +39473,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         diff -= ticketSeen;
         if (diff > timeout * 1000 ||
             diff > (sword64)TLS13_MAX_TICKET_AGE * 1000)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #else
         sword64 diff;
         sword64 ticketSeen; /* Time ticket seen (ms) */
@@ -38142,7 +39491,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         diff -= ticketSeen;
         if (diff > timeout * 1000 ||
             diff > (sword64)TLS13_MAX_TICKET_AGE * 1000)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
         ato32(psk->it->ageAdd, &ticketAdd);
         /* Subtract client's ticket age and unobfuscate. */
@@ -38152,7 +39501,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
          * Allow +/- 1000 milliseconds on ticket age.
          */
         if (diff < -1000 || diff - MAX_TICKET_AGE_DIFF * 1000 > 1000)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 
 #if !defined(WOLFSSL_PSK_ONE_ID) && !defined(WOLFSSL_PRIORITIZE_PSK)
         /* Check whether resumption is possible based on suites in SSL and
@@ -38160,18 +39509,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
          */
         (void)ssl;
         if (XMEMCMP(suite, psk->it->suite, SUITE_LEN) != 0)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #else
         (void)suite;
         if (!FindSuiteSSL(ssl, psk->it->suite))
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
 #ifdef OPENSSL_EXTRA
         if (ssl->sessionCtxSz > 0 &&
                (psk->it->sessionCtxSz != ssl->sessionCtxSz ||
                 XMEMCMP(psk->it->sessionCtx, ssl->sessionCtx,
                         ssl->sessionCtxSz) != 0))
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
         return 0;
     }
@@ -38379,8 +39728,19 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                 WOLFSSL_MSG("Found session matching the session id"
                             " found in the ticket");
                 /* Allocate and populate an InternalTicket */
+            #ifdef WOLFSSL_NO_REALLOC
+                tmp = (byte*)XMALLOC(sizeof(InternalTicket), ssl->heap,
+                        DYNAMIC_TYPE_TLSX);
+                if (tmp != NULL && psk->identity != NULL)
+                {
+                   XMEMCPY(tmp, psk->identity, psk->identityLen);
+                   XFREE(psk->identity, ssl->heap, DYNAMIC_TYPE_TLSX);
+                   psk->identity = NULL;
+                }
+            #else
                 tmp = (byte*)XREALLOC(psk->identity, sizeof(InternalTicket),
                         ssl->heap, DYNAMIC_TYPE_TLSX);
+            #endif
                 if (tmp != NULL) {
                     XMEMSET(tmp, 0, sizeof(InternalTicket));
                     psk->identity = tmp;
@@ -38651,7 +40011,7 @@ cleanup:
         return ret;
     }
 
-#ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB
+#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS)
 
 /* Initialize the context for session ticket encryption.
  *
@@ -38953,7 +40313,7 @@ static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz,
         }
         if (ret == 0) {
             ret = wc_AesGcmEncrypt(aes, in, out, inLen, iv, GCM_NONCE_MID_SZ,
-                                   tag, AES_BLOCK_SIZE, aad, aadSz);
+                                   tag, WC_AES_BLOCK_SIZE, aad, aadSz);
         }
         wc_AesFree(aes);
     }
@@ -38964,7 +40324,7 @@ static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz,
         }
         if (ret == 0) {
             ret = wc_AesGcmDecrypt(aes, in, out, inLen, iv, GCM_NONCE_MID_SZ,
-                                   tag, AES_BLOCK_SIZE, aad, aadSz);
+                                   tag, WC_AES_BLOCK_SIZE, aad, aadSz);
         }
         wc_AesFree(aes);
     }
@@ -40287,7 +41647,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
 
                         lenErrMask = 0 - (SECRET_LEN != args->sigSz);
                         args->lastErr = (ret & (~lenErrMask)) |
-                            (RSA_PAD_E & lenErrMask);
+                            (WC_NO_ERR_TRACE(RSA_PAD_E) & lenErrMask);
                         ret = 0;
                         break;
                     } /* rsa_kea */
@@ -40442,7 +41802,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                         );
                         if (!ssl->specs.static_ecdh
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                            && ret != WC_PENDING_E
+                            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
                     #endif
                         ) {
                             FreeKey(ssl, DYNAMIC_TYPE_ECC,
@@ -40497,8 +41857,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                         ret = args->lastErr;
                         args->lastErr = 0; /* reset */
                         /* On error 'ret' will be negative */
-                        mask = ((unsigned int)ret >>
-                                                   ((sizeof(ret) * 8) - 1)) - 1;
+                        mask = (byte)(((unsigned int)ret >> ((sizeof(ret) * 8) - 1)) - 1);
 
                         /* build PreMasterSecret */
                         ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
@@ -40645,13 +42004,8 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
 
             case TLS_ASYNC_FINALIZE:
             {
-                if (IsEncryptionOn(ssl, 0)) {
+                if (IsEncryptionOn(ssl, 0))
                     args->idx += ssl->keys.padSz;
-            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-                    if (ssl->options.startedETMRead)
-                        args->idx += MacSize(ssl);
-            #endif
-                }
 
                 ret = MakeMasterSecret(ssl);
 
@@ -40742,7 +42096,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
            WOLFSSL_EXTRA_ALERTS is defined, indicating user is OK with
            potential information disclosure from alerts. */
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EXTRA_ALERTS)
-        ad = SSL_AD_UNRECOGNIZED_NAME;
+        ad = WOLFSSL_AD_UNRECOGNIZED_NAME;
 #endif
         /* Stunnel supports a custom sni callback to switch an SSL's ctx
         * when SNI is received. Call it now if exists */
@@ -40769,7 +42123,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
     }
 #endif /* HAVE_SNI */
 
-#endif /* NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */
 
 
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -40942,7 +42296,7 @@ int wolfSSL_set_iotsafe_ctx(WOLFSSL *ssl, IOTSAFE *iotsafe)
     return 0;
 }
 
-#endif
+#endif /* WOLFSSL_IOTSAFE && HAVE_PK_CALLBACKS */
 
 #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
 /* create an instance of WOLFSSL_BY_DIR_HASH structure */
@@ -41003,7 +42357,7 @@ int wolfSSL_sk_BY_DIR_HASH_find(
         }
         next = next->next;
     }
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 /* return a number of WOLFSSL_BY_DIR_HASH in stack */
 int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
@@ -41011,7 +42365,7 @@ int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
     WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num");
 
     if (sk == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return (int)sk->num;
 }
 /* return WOLFSSL_BY_DIR_HASH instance at i */
@@ -41031,32 +42385,7 @@ WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value(
 WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop(
                                 WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk)
 {
-    WOLFSSL_STACK* node;
-    WOLFSSL_BY_DIR_HASH* hash;
-
-    WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop");
-
-    if (sk == NULL) {
-        return NULL;
-    }
-
-    node = sk->next;
-    hash = sk->data.dir_hash;
-
-    if (node != NULL) { /* update sk and remove node from stack */
-        sk->data.dir_hash = node->data.dir_hash;
-        sk->next = node->next;
-        wolfSSL_sk_free_node(node);
-    }
-    else { /* last x509 in stack */
-        sk->data.dir_hash = NULL;
-    }
-
-    if (sk->num > 0) {
-        sk->num -= 1;
-    }
-
-    return hash;
+    return (WOLFSSL_BY_DIR_HASH *)wolfSSL_sk_pop(sk);
 }
 /* release all contents in stack, and then release stack itself. */
 /* Second argument is a function pointer to release resources.   */
@@ -41111,39 +42440,13 @@ void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
 int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk,
                                                WOLFSSL_BY_DIR_HASH* in)
 {
-    WOLFSSL_STACK* node;
-
     WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_push");
 
     if (sk == NULL || in == NULL) {
         return WOLFSSL_FAILURE;
     }
 
-    /* no previous values in stack */
-    if (sk->data.dir_hash == NULL) {
-        sk->data.dir_hash = in;
-        sk->num += 1;
-        return WOLFSSL_SUCCESS;
-    }
-
-    /* stack already has value(s) create a new node and add more */
-    node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
-            DYNAMIC_TYPE_OPENSSL);
-    if (node == NULL) {
-        WOLFSSL_MSG("Memory error");
-        return WOLFSSL_FAILURE;
-    }
-    XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
-
-    /* push new obj onto head of stack */
-    node->data.dir_hash    = sk->data.dir_hash;
-    node->next             = sk->next;
-    node->type             = sk->type;
-    sk->next               = node;
-    sk->data.dir_hash      = in;
-    sk->num                += 1;
-
-    return WOLFSSL_SUCCESS;
+    return wolfSSL_sk_push(sk, in);
 }
 /* create an instance of WOLFSSL_BY_DIR_entry structure */
 WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void)
@@ -41194,7 +42497,7 @@ int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk)
     WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_num");
 
     if (sk == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return (int)sk->num;
 }
 /* return WOLFSSL_BY_DIR_entry instance at i */
@@ -41214,32 +42517,7 @@ WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value(
 WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop(
                                 WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk)
 {
-    WOLFSSL_STACK* node;
-    WOLFSSL_BY_DIR_entry* entry;
-
-    WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop");
-
-    if (sk == NULL) {
-        return NULL;
-    }
-
-    node = sk->next;
-    entry = sk->data.dir_entry;
-
-    if (node != NULL) { /* update sk and remove node from stack */
-        sk->data.dir_entry = node->data.dir_entry;
-        sk->next = node->next;
-        wolfSSL_sk_free_node(node);
-    }
-    else { /* last x509 in stack */
-        sk->data.dir_entry = NULL;
-    }
-
-    if (sk->num > 0) {
-        sk->num -= 1;
-    }
-
-    return entry;
+    return (WOLFSSL_BY_DIR_entry *)wolfSSL_sk_pop(sk);
 }
 /* release all contents in stack, and then release stack itself. */
 /* Second argument is a function pointer to release resources.   */
@@ -41295,40 +42573,16 @@ void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk)
 int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk,
                                                WOLFSSL_BY_DIR_entry* in)
 {
-    WOLFSSL_STACK* node;
+    WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_push");
 
     if (sk == NULL || in == NULL) {
         return WOLFSSL_FAILURE;
     }
 
-    /* no previous values in stack */
-    if (sk->data.dir_entry == NULL) {
-        sk->data.dir_entry = in;
-        sk->num += 1;
-        return WOLFSSL_SUCCESS;
-    }
-
-    /* stack already has value(s) create a new node and add more */
-    node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
-            DYNAMIC_TYPE_OPENSSL);
-    if (node == NULL) {
-        WOLFSSL_MSG("Memory error");
-        return WOLFSSL_FAILURE;
-    }
-    XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
-
-    /* push new obj onto head of stack */
-    node->data.dir_entry    = sk->data.dir_entry;
-    node->next              = sk->next;
-    node->type              = sk->type;
-    sk->next                = node;
-    sk->data.dir_entry      = in;
-    sk->num                 += 1;
-
-    return WOLFSSL_SUCCESS;
+    return wolfSSL_sk_push(sk, in);
 }
 
-#endif /* OPENSSL_ALL */
+#endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_FILESYSTEM */
 
 #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS)
 
@@ -41412,7 +42666,8 @@ static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs,
     }
 
     for (i = 0; i < totalCerts; i++) {
-        secCert = ConvertToSecCertificateRef(certs[i].buffer, certs[i].length);
+        secCert = ConvertToSecCertificateRef(certs[i].buffer,
+                (int)certs[i].length);
         if (!secCert) {
             WOLFSSL_MSG("Error: can't convert DER cert to SecCertificateRef");
             ret = 0;
@@ -41466,4 +42721,4 @@ cleanup:
 
 #undef ERROR_OUT
 
-#endif /* WOLFCRYPT_ONLY */
+#endif /* !WOLFCRYPT_ONLY */
diff --git a/src/keys.c b/src/keys.c
index 3123a610e..b6da7b85f 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -1,6 +1,6 @@
 /* keys.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,13 +22,9 @@
 
 /* Name change compatibility layer no longer needs to be included here */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef WOLFCRYPT_ONLY
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
 
 #include <wolfssl/internal.h>
 #include <wolfssl/error-ssl.h>
@@ -341,7 +337,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -358,7 +354,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -374,7 +370,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -431,7 +427,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -448,7 +444,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -466,7 +462,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -503,7 +499,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -530,7 +526,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -547,7 +543,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -601,7 +597,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -618,7 +614,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -635,7 +631,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -653,7 +649,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -671,7 +667,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_16_AUTH_SZ;
 
@@ -689,7 +685,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
@@ -707,7 +703,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
@@ -747,7 +743,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 1;
         specs->key_size              = AES_128_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -764,7 +760,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 1;
         specs->key_size              = AES_128_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -781,7 +777,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 1;
         specs->key_size              = AES_256_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -798,7 +794,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->static_ecdh           = 1;
         specs->key_size              = AES_256_KEY_SIZE;
         specs->iv_size               = AES_IV_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
 
         break;
 #endif
@@ -814,7 +810,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -907,7 +903,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -924,7 +920,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -941,7 +937,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -958,7 +954,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -976,7 +972,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -994,7 +990,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1012,7 +1008,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 1;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1068,7 +1064,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
@@ -1086,7 +1082,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
@@ -1104,7 +1100,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
@@ -1124,7 +1120,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
@@ -1144,7 +1140,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_16_AUTH_SZ;
 
@@ -1164,7 +1160,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_16_AUTH_SZ;
 
@@ -1184,7 +1180,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_16_AUTH_SZ;
 
@@ -1204,7 +1200,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESCCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_CCM_16_AUTH_SZ;
 
@@ -1273,7 +1269,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
             specs->key_size              = AES_128_KEY_SIZE;
-            specs->block_size            = AES_BLOCK_SIZE;
+            specs->block_size            = WC_AES_BLOCK_SIZE;
             specs->iv_size               = AESGCM_NONCE_SZ;
             specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1291,7 +1287,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
             specs->key_size              = AES_256_KEY_SIZE;
-            specs->block_size            = AES_BLOCK_SIZE;
+            specs->block_size            = WC_AES_BLOCK_SIZE;
             specs->iv_size               = AESGCM_NONCE_SZ;
             specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1329,7 +1325,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
             specs->key_size              = AES_128_KEY_SIZE;
-            specs->block_size            = AES_BLOCK_SIZE;
+            specs->block_size            = WC_AES_BLOCK_SIZE;
             specs->iv_size               = AESCCM_NONCE_SZ;
             specs->aead_mac_size         = AES_CCM_16_AUTH_SZ;
 
@@ -1347,7 +1343,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
             specs->key_size              = AES_128_KEY_SIZE;
-            specs->block_size            = AES_BLOCK_SIZE;
+            specs->block_size            = WC_AES_BLOCK_SIZE;
             specs->iv_size               = AESCCM_NONCE_SZ;
             specs->aead_mac_size         = AES_CCM_8_AUTH_SZ;
 
@@ -1375,7 +1371,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1564,7 +1560,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -1581,7 +1577,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -1649,7 +1645,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -1666,7 +1662,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -1683,7 +1679,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1703,7 +1699,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1723,7 +1719,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1743,7 +1739,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1763,7 +1759,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -1783,7 +1779,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -1802,7 +1798,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -1821,7 +1817,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -1840,7 +1836,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -1859,7 +1855,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -1878,7 +1874,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -1992,7 +1988,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -2026,7 +2022,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -2043,7 +2039,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -2060,7 +2056,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         break;
@@ -2077,7 +2073,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -2095,7 +2091,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -2113,7 +2109,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -2131,7 +2127,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_256_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AESGCM_IMP_IV_SZ;
         specs->aead_mac_size         = AES_GCM_AUTH_SZ;
 
@@ -2149,7 +2145,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_128_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2166,7 +2162,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_256_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2183,7 +2179,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_128_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2200,7 +2196,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_256_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2217,7 +2213,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_128_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2234,7 +2230,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_256_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2251,7 +2247,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_128_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2268,7 +2264,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = CAMELLIA_256_KEY_SIZE;
-        specs->block_size            = CAMELLIA_BLOCK_SIZE;
+        specs->block_size            = WC_CAMELLIA_BLOCK_SIZE;
         specs->iv_size               = CAMELLIA_IV_SIZE;
 
         break;
@@ -2285,7 +2281,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
         specs->key_size              = AES_128_KEY_SIZE;
-        specs->block_size            = AES_BLOCK_SIZE;
+        specs->block_size            = WC_AES_BLOCK_SIZE;
         specs->iv_size               = AES_IV_SIZE;
 
         if (opts != NULL)
@@ -2371,7 +2367,7 @@ static int SetPrefix(byte* sha_input, int idx)
 #endif
 
 
-static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
+int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
                    int side, void* heap, int devId, WC_RNG* rng, int tls13)
 {
     (void)rng;
@@ -2976,13 +2972,13 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
 
         if (enc && enc->cam == NULL)
             enc->cam =
-                (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
+                (wc_Camellia*)XMALLOC(sizeof(wc_Camellia), heap, DYNAMIC_TYPE_CIPHER);
         if (enc && enc->cam == NULL)
             return MEMORY_E;
 
         if (dec && dec->cam == NULL)
             dec->cam =
-                (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
+                (wc_Camellia*)XMALLOC(sizeof(wc_Camellia), heap, DYNAMIC_TYPE_CIPHER);
         if (dec && dec->cam == NULL)
             return MEMORY_E;
 
@@ -3318,9 +3314,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
                                                            DYNAMIC_TYPE_CIPHER);
                 if (enc->hmac == NULL)
                     return MEMORY_E;
-            }
 
-            if (enc) {
                 if (wc_HmacInit(enc->hmac, heap, devId) != 0) {
                     WOLFSSL_MSG("HmacInit failed in SetKeys");
                     XFREE(enc->hmac, heap, DYNAMIC_TYPE_CIPHER);
@@ -3334,9 +3328,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
                                                            DYNAMIC_TYPE_CIPHER);
                 if (dec->hmac == NULL)
                     return MEMORY_E;
-            }
 
-            if (dec) {
                 if (wc_HmacInit(dec->hmac, heap, devId) != 0) {
                     WOLFSSL_MSG("HmacInit failed in SetKeys");
                     XFREE(dec->hmac, heap, DYNAMIC_TYPE_CIPHER);
@@ -3912,7 +3904,8 @@ int DeriveKeys(WOLFSSL* ssl)
             XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
             if (ret == 0) {
                 ret = wc_ShaUpdate(sha, shaInput,
-                    (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j);
+                    (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX +
+                        (word32)(j));
             }
             if (ret == 0) {
                 ret = wc_ShaFinal(sha, shaOutput);
@@ -3946,12 +3939,13 @@ int DeriveKeys(WOLFSSL* ssl)
 
 static int CleanPreMaster(WOLFSSL* ssl)
 {
-    int i, ret, sz = ssl->arrays->preMasterSz;
+    int i, ret, sz = (int)(ssl->arrays->preMasterSz);
 
     for (i = 0; i < sz; i++)
         ssl->arrays->preMasterSecret[i] = 0;
 
-    ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
+    ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret,
+                                                            (word32)(sz));
     if (ret != 0)
         return ret;
 
@@ -4039,8 +4033,8 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
             }
 
             idx = 0;
-            XMEMCPY(shaInput, prefix, i + 1);
-            idx += i + 1;
+            XMEMCPY(shaInput, prefix, (size_t)(i + 1));
+            idx += (word32)(i + 1);
 
             XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
             idx += pmsSz;
@@ -4113,4 +4107,4 @@ int MakeMasterSecret(WOLFSSL* ssl)
 #endif
 }
 
-#endif /* WOLFCRYPT_ONLY */
+#endif /* !WOLFCRYPT_ONLY && !NO_TLS */
diff --git a/src/ocsp.c b/src/ocsp.c
index 89a6f6ffb..c90936afa 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -1,6 +1,6 @@
 /* ocsp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,15 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
   /* Name change compatibility layer no longer needs to be included here */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
 /*
  * WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK:
  *     Disable looking for an authorized responder in the verification path of
@@ -333,7 +328,7 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
         ocspResponse->pendingCAs = TLSX_CSR2_GetPendingSigners(((WOLFSSL*)ocspRequest->ssl)->extensions);
     }
 #endif
-    ret = OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap, 0);
+    ret = OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap, 0, 0);
     if (ret != 0) {
         ocsp->error = ret;
         WOLFSSL_LEAVE("OcspResponseDecode failed", ocsp->error);
@@ -480,31 +475,6 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
     ioCtx = (ssl && ssl->ocspIOCtx != NULL) ?
                                         ssl->ocspIOCtx : ocsp->cm->ocspIOCtx;
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-    if (ocsp->statusCb != NULL && ssl != NULL) {
-        WOLFSSL_MSG("Calling ocsp->statusCb");
-        ret = ocsp->statusCb(ssl, ioCtx);
-        switch (ret) {
-            case SSL_TLSEXT_ERR_OK:
-                ret = wolfSSL_get_ocsp_response(ssl, &response);
-                ret = CheckOcspResponse(ocsp, response, ret, responseBuffer,
-                                        status, entry, NULL, heap);
-                XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL);
-                break;
-            case SSL_TLSEXT_ERR_NOACK:
-                ret = OCSP_LOOKUP_FAIL;
-                break;
-            case SSL_TLSEXT_ERR_ALERT_FATAL:
-            default:
-                WOLFSSL_LEAVE("CheckOcspRequest", ocsp->error);
-                ret = WOLFSSL_FATAL_ERROR;
-                break;
-        }
-        WOLFSSL_LEAVE("CheckOcspRequest", ret);
-        return ret;
-    }
-#endif
-
     if (ocsp->cm->ocspUseOverrideURL) {
         url = ocsp->cm->ocspOverrideURL;
         if (url != NULL && url[0] != '\0')
@@ -533,9 +503,12 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
         responseSz = ocsp->cm->ocspIOCb(ioCtx, url, urlSz,
                                         request, requestSz, &response);
     }
-    if (responseSz == WOLFSSL_CBIO_ERR_WANT_READ) {
+    if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
         ret = OCSP_WANT_READ;
     }
+    else if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_TIMEOUT)){
+        ret = HTTP_TIMEOUT;
+    }
 
     XFREE(request, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
 
@@ -653,9 +626,6 @@ int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp)
 
         if (!passed) {
             WOLFSSL_MSG("\tOCSP Responder not authorized");
-#ifdef OPENSSL_EXTRA
-            bs->verifyError = OCSP_BAD_ISSUER;
-#endif
             ret = BAD_OCSP_RESPONDER;
             break;
         }
@@ -752,13 +722,23 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
     WOLFSSL_CERT_MANAGER* cm = NULL;
     int ret = -1;
     DerBuffer* derCert = NULL;
+    int dgstType;
 #ifdef WOLFSSL_SMALL_STACK
     DecodedCert *cert = NULL;
 #else
     DecodedCert cert[1];
 #endif
 
-    (void)dgst;
+    if (dgst == NULL) {
+        dgstType = WC_HASH_TYPE_SHA;
+    }
+    else if (wolfSSL_EVP_get_hashinfo(dgst, &dgstType, NULL) !=
+             WOLFSSL_SUCCESS) {
+        return NULL;
+    }
+
+    if (dgstType != OCSP_DIGEST)
+        return NULL;
 
     cm = wolfSSL_CertManagerNew();
     if (cm == NULL
@@ -810,6 +790,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
         goto out;
     }
     else {
+        certId->hashAlgoOID = wc_HashGetOID(OCSP_DIGEST);
         XMEMCPY(certId->issuerHash, cert->issuerHash, OCSP_DIGEST_SIZE);
         XMEMCPY(certId->issuerKeyHash, cert->issuerKeyHash, OCSP_DIGEST_SIZE);
         XMEMCPY(certId->status->serial, cert->serial, (size_t)cert->serialSz);
@@ -847,79 +828,246 @@ void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse)
     wolfSSL_OCSP_RESPONSE_free(basicResponse);
 }
 
-/* Signature verified in DecodeBasicOcspResponse.
- * But no store available to verify certificate. */
-int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
-    WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags)
+/* Calculate ancode CertID DER encoding following RFC 6960:
+   CertID ::= SEQUENCE {
+       hashAlgorithm       AlgorithmIdentifier,
+       issuerNameHash      OCTET STRING,
+       issuerKeyHash       OCTET STRING,
+       serialNumber        CertificateSerialNumber }
+*/
+static int OcspEncodeCertID(WOLFSSL_OCSP_CERTID* id, byte* output,
+    word32* totalSz, word32* intSize)
 {
-    int         ret = WOLFSSL_FAILURE;
-#ifdef WOLFSSL_SMALL_STACK
-    DecodedCert *cert;
-#else
-    DecodedCert cert[1];
-#endif
-    byte        certInit = 0;
-    int         idx;
+    word32 idx = 0;
+    int ret;
 
-    (void)certs;
+    if (id == NULL || totalSz == NULL || intSize == NULL ||
+        (output != NULL && (*totalSz == 0 || *totalSz <= *intSize)))
+        return BAD_FUNC_ARG;
 
-    if (flags & OCSP_NOVERIFY)
-        return WOLFSSL_SUCCESS;
+    if (output != NULL) {
+        ret = SetSequence(*intSize, output);
+        if (ret < 0)
+            return ret;
+        idx += ret;
+    }
 
-#ifdef WOLFSSL_SMALL_STACK
-    cert = (DecodedCert *)
-        XMALLOC(sizeof(*cert), (st && st->cm) ? st->cm->heap : NULL,
-                DYNAMIC_TYPE_DCERT);
-    if (cert == NULL)
-        return WOLFSSL_FAILURE;
-#endif
+    ret = SetAlgoID(id->hashAlgoOID, ((output != NULL) ? output + idx : output),
+        oidHashType, 0);
+    if (ret <= 0)
+        return -1;
+    idx += ret;
 
-    if (bs->verifyError != OCSP_VERIFY_ERROR_NONE)
-        goto out;
+    /* issuerNameHash */
+    ret = SetOctetString(OCSP_DIGEST_SIZE, ((output != NULL) ? output + idx : output));
+    if (ret < 0)
+        return ret;
+    idx += ret;
+    if (output != NULL)
+        XMEMCPY(output + idx, id->issuerHash, OCSP_DIGEST_SIZE);
+    idx += OCSP_DIGEST_SIZE;
 
-    if (flags & OCSP_TRUSTOTHER) {
-        for (idx = 0; idx < wolfSSL_sk_X509_num(certs); idx++) {
-            WOLFSSL_X509* x = wolfSSL_sk_X509_value(certs, idx);
-            int derSz = 0;
-            const byte* der = wolfSSL_X509_get_der(x, &derSz);
-            if (der != NULL && derSz == (int)bs->certSz &&
-                    XMEMCMP(bs->cert, der, (size_t)derSz) == 0) {
-                ret = WOLFSSL_SUCCESS;
-                goto out;
-            }
+    /* issuerKeyHash */
+    ret = SetOctetString(OCSP_DIGEST_SIZE, ((output != NULL) ? output + idx : output));
+    if (ret < 0)
+        return ret;
+    idx += ret;
+    if (output != NULL)
+        XMEMCPY(output + idx, id->issuerKeyHash, OCSP_DIGEST_SIZE);
+    idx += OCSP_DIGEST_SIZE;
+
+    /* serialNumber */
+    ret = SetASNInt(id->status->serialSz, id->status->serial[0], ((output != NULL) ? output + idx : output));
+    if (ret < 0)
+        return ret;
+    idx += ret;
+    if (output != NULL)
+        XMEMCPY(output + idx, id->status->serial, id->status->serialSz);
+    idx += id->status->serialSz;
+
+    if (output == NULL) {
+        *intSize = idx;
+        ret = SetSequence(idx, NULL);
+        if (ret < 0)
+            return ret;
+        idx += ret;
+        *totalSz = idx;
+    }
+    else if (idx != *totalSz) {
+        return BUFFER_E;
+    }
+
+    return 0;
+}
+
+static int OcspRespIdMatches(OcspResponse* resp, const byte* NameHash,
+    const byte* keyHash)
+{
+    if (resp->responderIdType == OCSP_RESPONDER_ID_NAME) {
+        return XMEMCMP(NameHash, resp->responderId.nameHash,
+                   SIGNER_DIGEST_SIZE) == 0;
+    }
+    else if (resp->responderIdType == OCSP_RESPONDER_ID_KEY) {
+        return XMEMCMP(keyHash, resp->responderId.keyHash, KEYID_SIZE) == 0;
+    }
+
+    return 0;
+}
+
+static int OcspFindSigner(WOLFSSL_OCSP_BASICRESP *resp,
+    WOLF_STACK_OF(WOLFSSL_X509) *certs, DecodedCert **signer, int *embedded,
+    unsigned long flags)
+{
+    WOLFSSL_X509 *signer_x509 = NULL;
+    DecodedCert *certDecoded;
+    int i;
+
+    certDecoded = (DecodedCert *)XMALLOC(sizeof(*certDecoded), resp->heap,
+                                            DYNAMIC_TYPE_DCERT);
+    if (certDecoded == NULL)
+        return MEMORY_E;
+
+    for (i = 0; i < wolfSSL_sk_X509_num(certs); i++) {
+        signer_x509 = wolfSSL_sk_X509_value(certs, i);
+        if (signer_x509 == NULL)
+            continue;
+
+        InitDecodedCert(certDecoded, signer_x509->derCert->buffer,
+                       signer_x509->derCert->length, resp->heap);
+        if (ParseCertRelative(certDecoded, CERT_TYPE, NO_VERIFY,
+                NULL, NULL) == 0) {
+                if (OcspRespIdMatches(resp, certDecoded->subjectHash,
+                        certDecoded->subjectKeyHash)) {
+                    *signer = certDecoded;
+                    *embedded = 0;
+                    return 0;
+                }
+        }
+        FreeDecodedCert(certDecoded);
+    }
+
+    if (flags & WOLFSSL_OCSP_NOINTERN) {
+        XFREE(certDecoded, resp->heap, DYNAMIC_TYPE_DCERT);
+        return ASN_NO_SIGNER_E;
+    }
+
+    /* not found in certs, search the cert embedded in the response */
+    InitDecodedCert(certDecoded, resp->cert, resp->certSz, resp->heap);
+    if (ParseCertRelative(certDecoded, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) {
+        if (OcspRespIdMatches(resp, certDecoded->subjectHash,
+                certDecoded->subjectKeyHash)) {
+            *signer = certDecoded;
+            *embedded = 1;
+            return 0;
         }
     }
+    FreeDecodedCert(certDecoded);
 
-    InitDecodedCert(cert, bs->cert, bs->certSz, NULL);
-    certInit = 1;
-    if (ParseCertRelative(cert, CERT_TYPE, VERIFY, st->cm, NULL) < 0)
-        goto out;
-
-    if (!(flags & OCSP_NOCHECKS)) {
-        if (CheckOcspResponder(bs, cert, st->cm) != 0)
-            goto out;
-    }
-
-    ret = WOLFSSL_SUCCESS;
-out:
-    if (certInit)
-        FreeDecodedCert(cert);
+    XFREE(certDecoded, resp->heap, DYNAMIC_TYPE_DCERT);
+    return ASN_NO_SIGNER_E;
+}
 
+static int OcspVerifySigner(WOLFSSL_OCSP_BASICRESP *resp, DecodedCert *cert,
+     WOLFSSL_X509_STORE *st, unsigned long flags)
+{
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(cert, (st && st->cm) ? st->cm->heap : NULL, DYNAMIC_TYPE_DCERT);
+    DecodedCert *c = NULL;
+#else
+    DecodedCert c[1];
 #endif
 
+    int ret = -1;
+    if (st == NULL)
+        return ASN_OCSP_CONFIRM_E;
+
+#ifdef WOLFSSL_SMALL_STACK
+    c = (DecodedCert *)XMALLOC(sizeof(*c), NULL, DYNAMIC_TYPE_DCERT);
+    if (c == NULL)
+        return MEMORY_E;
+#endif
+
+    InitDecodedCert(c, cert->source, cert->maxIdx, NULL);
+    if (ParseCertRelative(c, CERT_TYPE, VERIFY, st->cm, NULL) != 0) {
+        ret = ASN_OCSP_CONFIRM_E;
+        goto err;
+    }
+#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
+    if ((flags & WOLFSSL_OCSP_NOCHECKS) == 0) {
+        ret = CheckOcspResponder(resp, c, st->cm);
+    }
+    else {
+        ret = 0;
+    }
+#else
+    (void)resp;
+    (void)flags;
+    ret = 0;
+#endif
+
+err:
+    FreeDecodedCert(c);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(c, NULL, DYNAMIC_TYPE_DCERT);
+#endif
     return ret;
 }
+/* Signature verified in DecodeBasicOcspResponse.
+ * But no store available to verify certificate. */
+int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP* bs,
+    WOLF_STACK_OF(WOLFSSL_X509) * certs, WOLFSSL_X509_STORE* st,
+    unsigned long flags)
+{
+    int         ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    int embedded;
+    DecodedCert *cert = NULL;
+
+    ret = OcspFindSigner(bs, certs, &cert, &embedded, flags);
+    if (ret != 0) {
+        WOLFSSL_MSG("OCSP no signer found");
+        return WOLFSSL_FAILURE;
+    }
+
+    /* skip certificate verification if cert in certs and TRUST_OTHER is true */
+    if (!embedded && (flags & WOLFSSL_OCSP_TRUSTOTHER) != 0)
+        flags |= WOLFSSL_OCSP_NOVERIFY;
+
+    /* verify response signature */
+    ret = ConfirmSignature(
+        &cert->sigCtx,
+        bs->response, bs->responseSz,
+        cert->publicKey, cert->pubKeySize, cert->keyOID,
+        bs->sig, bs->sigSz, bs->sigOID, bs->sigParams, bs->sigParamsSz,
+        NULL);
+
+    if (ret != 0) {
+        WOLFSSL_MSG("OCSP signature verification failed");
+        ret = -1;
+        goto err;
+    }
+
+    if ((flags & WOLFSSL_OCSP_NOVERIFY) == 0) {
+        ret = OcspVerifySigner(bs, cert, st, flags);
+    }
+
+err:
+    FreeDecodedCert(cert);
+    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+    return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
 
 void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response)
 {
+    OcspEntry *s, *sNext;
     if (response == NULL)
         return;
 
-    if (response->single != NULL) {
-        FreeOcspEntry(response->single, NULL);
-        XFREE(response->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
+
+    s = response->single;
+    while (s != NULL) {
+        sNext = s->next;
+        FreeOcspEntry(s, NULL);
+        XFREE(s, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
+        s = sNext;
     }
 
     XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1042,7 +1190,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
     XMEMCPY(resp->source, *data, (size_t)len);
     resp->maxIdx = (word32)len;
 
-    ret = OcspResponseDecode(resp, NULL, NULL, 1);
+    ret = OcspResponseDecode(resp, NULL, NULL, 1, 1);
     if (ret != 0 && ret != WC_NO_ERR_TRACE(ASN_OCSP_CONFIRM_E)) {
         /* for just converting from a DER to an internal structure the CA may
          * not yet be known to this function for signature verification */
@@ -1053,6 +1201,9 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
     if (GetSequence(*data, &idx, &length, (word32)len) >= 0)
         (*data) += (unsigned char) ((int)idx + length);
 
+    if (response != NULL && *response == NULL)
+        *response = resp;
+
     return resp;
 }
 
@@ -1094,27 +1245,9 @@ const char *wolfSSL_OCSP_response_status_str(long s)
 WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response)
 {
     WOLFSSL_OCSP_BASICRESP* bs;
+    const unsigned char *ptr = response->source;
 
-    bs = (WOLFSSL_OCSP_BASICRESP*)XMALLOC(sizeof(WOLFSSL_OCSP_BASICRESP), NULL,
-                                          DYNAMIC_TYPE_OCSP_REQUEST);
-    if (bs == NULL)
-        return NULL;
-
-    XMEMCPY(bs, response, sizeof(OcspResponse));
-    bs->single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL,
-                                    DYNAMIC_TYPE_OCSP_ENTRY);
-    bs->source = (byte*)XMALLOC(bs->maxIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (bs->single == NULL || bs->source == NULL) {
-        XFREE(bs->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
-        bs->single = NULL;
-        wolfSSL_OCSP_RESPONSE_free(bs);
-        bs = NULL;
-    }
-    else {
-        XMEMCPY(bs->single, response->single, sizeof(OcspEntry));
-        XMEMCPY(bs->source, response->source, response->maxIdx);
-        bs->single->ownStatus = 0;
-    }
+    bs = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, response->maxIdx);
     return bs;
 }
 
@@ -1140,6 +1273,9 @@ int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
 {
     int size;
 
+    if (request == NULL)
+        return BAD_FUNC_ARG;
+
     size = EncodeOcspRequest(request, NULL, 0);
     if (size <= 0 || data == NULL)
         return size;
@@ -1226,22 +1362,59 @@ int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
 
 int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id, unsigned char** data)
 {
-    if (id == NULL || data == NULL)
-        return WOLFSSL_FAILURE;
+    int allocated = 0;
+    word32 derSz = 0;
+    word32 intSz = 0;
+    int ret;
+    WOLFSSL_ENTER("wolfSSL_i2d_OCSP_CERTID");
 
-    if (*data != NULL) {
-        XMEMCPY(*data, id->rawCertId, (size_t)id->rawCertIdSize);
-        *data = *data + id->rawCertIdSize;
+    if (id == NULL)
+        return -1;
+
+    if (id->rawCertId != NULL) {
+        derSz = id->rawCertIdSize;
     }
     else {
-        *data = (unsigned char*)XMALLOC((size_t)id->rawCertIdSize, NULL, DYNAMIC_TYPE_OPENSSL);
-        if (*data == NULL) {
-            return WOLFSSL_FAILURE;
+        ret = OcspEncodeCertID(id, NULL, &derSz, &intSz);
+        if (ret != 0) {
+            WOLFSSL_MSG("Failed to calculate CertID size");
+            return -1;
         }
-        XMEMCPY(*data, id->rawCertId, (size_t)id->rawCertIdSize);
     }
 
-    return id->rawCertIdSize;
+    if (data == NULL) {
+        return derSz;
+    }
+
+    if (*data == NULL) {
+        /* Allocate buffer for DER encoding */
+        *data = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL);
+        if (*data == NULL) {
+            WOLFSSL_MSG("Failed to allocate memory for CertID DER encoding");
+            return -1;
+        }
+        allocated = 1;
+    }
+
+    if (id->rawCertId != NULL) {
+        XMEMCPY(*data, id->rawCertId, id->rawCertIdSize);
+    }
+    else {
+        ret = OcspEncodeCertID(id, *data, &derSz, &intSz);
+        if (ret < 0) {
+            WOLFSSL_MSG("Failed to encode CertID");
+            if (allocated) {
+                XFREE(*data, NULL, DYNAMIC_TYPE_OPENSSL);
+                *data = NULL;
+            }
+            return -1;
+        }
+    }
+
+    if (!allocated)
+        *data += derSz;
+
+    return derSz;
 }
 
 WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
@@ -1249,44 +1422,50 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
                                              int length)
 {
     WOLFSSL_OCSP_CERTID *cid = NULL;
+    int isAllocated = 0;
+    word32 idx = 0;
+    int ret;
 
-    if ((cidOut != NULL) && (derIn != NULL) && (*derIn != NULL) &&
-        (length > 0)) {
+    if (derIn == NULL || *derIn == NULL || length <= 0)
+        return NULL;
 
+    if (cidOut != NULL && *cidOut != NULL) {
         cid = *cidOut;
-
-        /* If a NULL is passed we allocate the memory for the caller. */
-        if (cid == NULL) {
-            cid = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*cid), NULL,
-                                                DYNAMIC_TYPE_OPENSSL);
-        }
-        else if (cid->rawCertId != NULL) {
-            XFREE(cid->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
-            cid->rawCertId = NULL;
-            cid->rawCertIdSize = 0;
-        }
-
-        if (cid != NULL) {
-            cid->rawCertId = (byte*)XMALLOC((size_t)length + 1, NULL, DYNAMIC_TYPE_OPENSSL);
-            if (cid->rawCertId != NULL) {
-                XMEMCPY(cid->rawCertId, *derIn, (size_t)length);
-                cid->rawCertIdSize = length;
-
-                /* Per spec. advance past the data that is being returned
-                 * to the caller. */
-                *cidOut = cid;
-                *derIn = *derIn + length;
-
-                return cid;
-            }
-        }
+        FreeOcspEntry(cid, NULL);
+    }
+    else {
+        cid = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL,
+            DYNAMIC_TYPE_OPENSSL);
+        if (cid == NULL)
+            return NULL;
+        isAllocated = 1;
     }
 
-    if ((cid != NULL) && ((cidOut == NULL) || (cid != *cidOut))) {
+    XMEMSET(cid, 0, sizeof(WOLFSSL_OCSP_CERTID));
+    cid->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
+        DYNAMIC_TYPE_OCSP_STATUS);
+    if (cid->status == NULL) {
         XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL);
+        return NULL;
+    }
+    XMEMSET(cid->status, 0, sizeof(CertStatus));
+    cid->ownStatus = 1;
+
+    ret = OcspDecodeCertID(*derIn, &idx, length, cid);
+    if (ret != 0) {
+        FreeOcspEntry(cid, NULL);
+        if (isAllocated) {
+            XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL);
+        }
+        return NULL;
     }
 
-    return NULL;
+    *derIn += idx;
+
+    if (isAllocated && cidOut != NULL)
+        *cidOut = cid;
+
+    return cid;
 }
 
 const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(
@@ -1393,6 +1572,325 @@ WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int
     return single;
 }
 
+#endif /* OPENSSL_EXTRA */
+
+#ifdef OPENSSL_ALL
+
+/*******************************************************************************
+ * START OF WOLFSSL_OCSP_REQ_CTX API
+ ******************************************************************************/
+
+enum ocspReqStates {
+    ORS_INVALID = 0,
+    ORS_HEADER_ADDED,
+    ORS_REQ_DONE
+};
+
+enum ocspReqIOStates {
+    ORIOS_INVALID = 0,
+    ORIOS_WRITE,
+    ORIOS_READ
+};
+
+WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_REQ_CTX_new(WOLFSSL_BIO *bio, int maxline)
+{
+    WOLFSSL_OCSP_REQ_CTX* ret = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_new");
+
+    if (maxline <= 0)
+        maxline = OCSP_MAX_REQUEST_SZ;
+
+    ret = (WOLFSSL_OCSP_REQ_CTX*)XMALLOC(sizeof(*ret), NULL,
+            DYNAMIC_TYPE_OPENSSL);
+    if (ret != NULL) {
+        XMEMSET(ret, 0, sizeof(*ret));
+        ret->buf = (byte*)XMALLOC((word32)maxline, NULL, DYNAMIC_TYPE_OPENSSL);
+        if (ret->buf == NULL)
+            goto error;
+        ret->reqResp = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
+        ret->bufLen = maxline;
+        ret->bio = bio;
+        ret->ioState = ORIOS_WRITE;
+    }
+
+    return ret;
+error:
+    wolfSSL_OCSP_REQ_CTX_free(ret);
+    return NULL;
+}
+
+void wolfSSL_OCSP_REQ_CTX_free(WOLFSSL_OCSP_REQ_CTX *ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_free");
+    if (ctx != NULL) {
+        if (ctx->buf != NULL)
+            XFREE(ctx->buf, NULL, DYNAMIC_TYPE_OPENSSL);
+        if (ctx->reqResp != NULL)
+            wolfSSL_BIO_free(ctx->reqResp);
+        XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
+}
+
+WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_sendreq_new(WOLFSSL_BIO *bio,
+        const char *path, OcspRequest *req, int maxline)
+{
+    WOLFSSL_OCSP_REQ_CTX* ret = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_sendreq_new");
+
+    ret = wolfSSL_OCSP_REQ_CTX_new(bio, maxline);
+    if (ret == NULL)
+        return NULL;
+
+    if (wolfSSL_OCSP_REQ_CTX_http(ret, "POST", path) != WOLFSSL_SUCCESS)
+        goto error;
+
+    if (req != NULL &&
+            wolfSSL_OCSP_REQ_CTX_set1_req(ret, req) != WOLFSSL_SUCCESS)
+        goto error;
+
+    return ret;
+error:
+    wolfSSL_OCSP_REQ_CTX_free(ret);
+    return NULL;
+}
+
+int wolfSSL_OCSP_REQ_CTX_add1_header(WOLFSSL_OCSP_REQ_CTX *ctx,
+                             const char *name, const char *value)
+{
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_add1_header");
+
+    if (name == NULL) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
+    }
+    if (wolfSSL_BIO_puts(ctx->reqResp, name) <= 0) {
+        WOLFSSL_MSG("wolfSSL_BIO_puts error");
+        return WOLFSSL_FAILURE;
+    }
+    if (value != NULL) {
+        if (wolfSSL_BIO_write(ctx->reqResp, ": ", 2) != 2) {
+            WOLFSSL_MSG("wolfSSL_BIO_write error");
+            return WOLFSSL_FAILURE;
+        }
+        if (wolfSSL_BIO_puts(ctx->reqResp, value) <= 0) {
+            WOLFSSL_MSG("wolfSSL_BIO_puts error");
+            return WOLFSSL_FAILURE;
+        }
+    }
+    if (wolfSSL_BIO_write(ctx->reqResp, "\r\n", 2) != 2) {
+        WOLFSSL_MSG("wolfSSL_BIO_write error");
+        return WOLFSSL_FAILURE;
+    }
+
+    ctx->state = ORS_HEADER_ADDED;
+
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_OCSP_REQ_CTX_http(WOLFSSL_OCSP_REQ_CTX *ctx, const char *op,
+        const char *path)
+{
+    static const char http_hdr[] = "%s %s HTTP/1.0\r\n";
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_http");
+
+    if (ctx == NULL || op == NULL) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (path == NULL)
+        path = "/";
+
+    if (wolfSSL_BIO_printf(ctx->reqResp, http_hdr, op, path) <= 0) {
+        WOLFSSL_MSG("WOLFSSL_OCSP_REQ_CTX: wolfSSL_BIO_printf error");
+        return WOLFSSL_FAILURE;
+    }
+
+    ctx->state = ORS_HEADER_ADDED;
+
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_OCSP_REQ_CTX_set1_req(WOLFSSL_OCSP_REQ_CTX *ctx, OcspRequest *req)
+{
+    static const char req_hdr[] =
+        "Content-Type: application/ocsp-request\r\n"
+        "Content-Length: %d\r\n\r\n";
+    /* Should be enough to hold Content-Length */
+    char req_hdr_buf[sizeof(req_hdr) + 10];
+    int req_hdr_buf_len;
+    int req_len = wolfSSL_i2d_OCSP_REQUEST(req, NULL);
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_set1_req");
+
+    if (ctx == NULL || req == NULL) {
+        WOLFSSL_MSG("Bad parameters");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (req_len <= 0) {
+        WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request len error");
+        return WOLFSSL_FAILURE;
+    }
+
+    req_hdr_buf_len =
+            XSNPRINTF(req_hdr_buf, sizeof(req_hdr_buf), req_hdr, req_len);
+    if (req_hdr_buf_len >= (int)sizeof(req_hdr_buf)) {
+        WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request too long");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(ctx->reqResp, req_hdr_buf, req_hdr_buf_len) <= 0) {
+        WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: wolfSSL_BIO_write error");
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_i2d_OCSP_REQUEST_bio(ctx->reqResp, req) <= 0) {
+        WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request i2d error");
+        return WOLFSSL_FAILURE;
+    }
+
+    ctx->state = ORS_REQ_DONE;
+
+    return WOLFSSL_SUCCESS;
+}
+
+static int OCSP_REQ_CTX_bio_cb(char *buf, int sz, void *ctx)
+{
+    return BioReceiveInternal((WOLFSSL_BIO*)ctx, NULL, buf, sz);
+}
+
+int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_nbio");
+
+    if (ctx == NULL) {
+        WOLFSSL_MSG("Bad parameters");
+        return WOLFSSL_FAILURE;
+    }
+
+    switch ((enum ocspReqIOStates)ctx->ioState) {
+        case ORIOS_WRITE:
+        case ORIOS_READ:
+            break;
+        case ORIOS_INVALID:
+        default:
+            WOLFSSL_MSG("Invalid ctx->ioState state");
+            return WOLFSSL_FAILURE;
+    }
+
+    if (ctx->ioState == ORIOS_WRITE) {
+        switch ((enum ocspReqStates)ctx->state) {
+            case ORS_HEADER_ADDED:
+                /* Write final new line to complete http header */
+                if (wolfSSL_BIO_write(ctx->reqResp, "\r\n", 2) != 2) {
+                    WOLFSSL_MSG("wolfSSL_BIO_write error");
+                    return WOLFSSL_FAILURE;
+                }
+                break;
+            case ORS_REQ_DONE:
+                break;
+            case ORS_INVALID:
+            default:
+                WOLFSSL_MSG("Invalid WOLFSSL_OCSP_REQ_CTX state");
+                return WOLFSSL_FAILURE;
+        }
+    }
+
+    switch ((enum ocspReqIOStates)ctx->ioState) {
+        case ORIOS_WRITE:
+        {
+            const unsigned char *req;
+            int reqLen = wolfSSL_BIO_get_mem_data(ctx->reqResp, (void*)&req);
+            if (reqLen <= 0) {
+                WOLFSSL_MSG("wolfSSL_BIO_get_mem_data error");
+                return WOLFSSL_FAILURE;
+            }
+            while (ctx->sent < reqLen) {
+                int sent = wolfSSL_BIO_write(ctx->bio, req + ctx->sent,
+                        reqLen - ctx->sent);
+                if (sent <= 0) {
+                    if (wolfSSL_BIO_should_retry(ctx->bio))
+                        return WOLFSSL_FATAL_ERROR;
+                    WOLFSSL_MSG("wolfSSL_BIO_write error");
+                    ctx->ioState = ORIOS_INVALID;
+                    return 0;
+                }
+                ctx->sent += sent;
+            }
+            ctx->sent = 0;
+            ctx->ioState = ORIOS_READ;
+            (void)wolfSSL_BIO_reset(ctx->reqResp);
+            FALL_THROUGH;
+        }
+        case ORIOS_READ:
+        {
+            byte* resp = NULL;
+            int respLen;
+            int ret;
+
+            if (ctx->buf == NULL) /* Should be allocated in new call */
+                return WOLFSSL_FAILURE;
+
+            ret = wolfIO_HttpProcessResponseOcspGenericIO(OCSP_REQ_CTX_bio_cb,
+                    ctx->bio, &resp, ctx->buf, ctx->bufLen, NULL);
+            if (ret <= 0) {
+                if (resp != NULL)
+                    XFREE(resp, NULL, DYNAMIC_TYPE_OCSP);
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) ||
+                    ret == WC_NO_ERR_TRACE(OCSP_WANT_READ))
+                {
+                    return WOLFSSL_FATAL_ERROR;
+                }
+                return WOLFSSL_FAILURE;
+            }
+            respLen = ret;
+            ret = wolfSSL_BIO_write(ctx->reqResp, resp, respLen);
+            XFREE(resp, NULL, DYNAMIC_TYPE_OCSP);
+            if (ret != respLen) {
+                WOLFSSL_MSG("wolfSSL_BIO_write error");
+                return WOLFSSL_FAILURE;
+            }
+            break;
+        }
+        case ORIOS_INVALID:
+        default:
+            WOLFSSL_MSG("Invalid ctx->ioState state");
+            return WOLFSSL_FAILURE;
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp, WOLFSSL_OCSP_REQ_CTX *ctx)
+{
+    int ret;
+    int len;
+    const unsigned char *resp = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_OCSP_sendreq_nbio");
+
+    if (presp == NULL)
+        return WOLFSSL_FAILURE;
+
+    ret = wolfSSL_OCSP_REQ_CTX_nbio(ctx);
+    if (ret != WOLFSSL_SUCCESS)
+        return ret;
+
+    len = wolfSSL_BIO_get_mem_data(ctx->reqResp, (void*)&resp);
+    if (len <= 0)
+        return WOLFSSL_FAILURE;
+    return wolfSSL_d2i_OCSP_RESPONSE(presp, &resp, len) != NULL
+            ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+
+/*******************************************************************************
+ * END OF WOLFSSL_OCSP_REQ_CTX API
+ ******************************************************************************/
+
 #ifndef NO_WOLFSSL_STUB
 int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext,
         int idx)
@@ -1573,7 +2071,7 @@ int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs)
 
     /* nonce present in req only */
     if (reqNonce != NULL && rspNonce == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     /* nonces are present and equal, return 1. Extra NULL check for fixing
         scan-build warning. */
@@ -1585,7 +2083,8 @@ int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs)
     /* nonces are present but not equal */
     return 0;
 }
-#endif /* OPENSSL_EXTRA */
+
+#endif /* OPENSSL_ALL */
 
 #else /* HAVE_OCSP */
 
diff --git a/src/pk.c b/src/pk.c
index 34e272784..dbed25a92 100644
--- a/src/pk.c
+++ b/src/pk.c
@@ -1,6 +1,6 @@
 /* pk.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #include <wolfssl/internal.h>
 #ifndef WC_NO_RNG
@@ -165,7 +161,26 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, wc_pem_password_cb* cb,
         /* Write left over data back to BIO if not a file BIO */
         if ((ret > 0) && ((memSz - ret) > 0) &&
                  (bio->type != WOLFSSL_BIO_FILE)) {
-            int res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret);
+            int res;
+            if (!alloced) {
+                /* If wolfssl_read_bio() points mem at the buffer internal to
+                 * bio, we need to dup it before calling wolfSSL_BIO_write(),
+                 * because the latter may reallocate the bio, invalidating the
+                 * mem pointer before reading from it.
+                 */
+                char *mem_dup = (char *)XMALLOC((size_t)(memSz - ret),
+                                                NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                if (mem_dup != NULL) {
+                    XMEMCPY(mem_dup, mem + ret, (size_t)(memSz - ret));
+                    res = wolfSSL_BIO_write(bio, mem_dup, memSz - ret);
+                    mem = mem_dup;
+                    alloced = 1;
+                }
+                else
+                    res = MEMORY_E;
+            }
+            else
+                res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret);
             if (res != memSz - ret) {
                 WOLFSSL_ERROR_MSG("Unable to write back excess data");
                 if (res < 0) {
@@ -348,13 +363,13 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz,
  * @return  1 on success.
  * @return  0 on error.
  */
-int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
+int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher,
     unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz)
 {
     int ret = 0;
     int paddingSz = 0;
     word32 idx;
-    word32 cipherInfoSz;
+    word32 cipherInfoSz = 0;
 #ifdef WOLFSSL_SMALL_STACK
     EncryptedInfo* info = NULL;
 #else
@@ -395,15 +410,15 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
 
     if (ret == 0) {
         /* Generate a random salt. */
-        if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != 1) {
+        if (wolfSSL_RAND_bytes(info->iv, (int)info->ivSz) != 1) {
             WOLFSSL_MSG("generate iv failed");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
     if (ret == 0) {
         /* Calculate padding size - always a padding block. */
-        paddingSz = info->ivSz - ((*derSz) % info->ivSz);
+        paddingSz = (int)info->ivSz - ((*derSz) % (int)info->ivSz);
         /* Check der is big enough. */
         if (maxDerSz < (*derSz) + paddingSz) {
             WOLFSSL_MSG("not enough DER buffer allocated");
@@ -412,7 +427,7 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
     }
     if (ret == 0) {
         /* Set padding bytes to padding length. */
-        XMEMSET(der + (*derSz), (byte)paddingSz, paddingSz);
+        XMEMSET(der + (*derSz), (byte)paddingSz, (size_t)paddingSz);
         /* Add padding to DER size. */
         (*derSz) += (int)paddingSz;
 
@@ -482,8 +497,8 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
  * @return  0 on failure.
  */
 static int der_to_enc_pem_alloc(unsigned char* der, int derSz,
-    const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, int type,
-    void* heap, byte** out, int* outSz)
+    const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
+    int type, void* heap, byte** out, int* outSz)
 {
     int ret = 1;
     byte* tmp = NULL;
@@ -499,8 +514,19 @@ static int der_to_enc_pem_alloc(unsigned char* der, int derSz,
         byte *tmpBuf;
 
         /* Add space for padding. */
+    #ifdef WOLFSSL_NO_REALLOC
+        tmpBuf = (byte*)XMALLOC((size_t)(derSz + blockSz), heap,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (tmpBuf != NULL && der != NULL)
+        {
+                XMEMCPY(tmpBuf, der, (size_t)(derSz));
+                XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER);
+                der = NULL;
+        }
+    #else
         tmpBuf = (byte*)XREALLOC(der, (size_t)(derSz + blockSz), heap,
             DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
         if (tmpBuf == NULL) {
             WOLFSSL_ERROR_MSG("Extending DER buffer failed");
             ret = 0; /* der buffer is free'd at the end of the function */
@@ -1528,7 +1554,11 @@ static int wolfssl_read_der_bio(WOLFSSL_BIO* bio, unsigned char** out)
         WOLFSSL_ERROR_MSG("Malloc failure");
         err = 1;
     }
-    if (!err) {
+    if ((!err) && (derLen <= (int)sizeof(seq))) {
+        /* Copy the previously read data into the buffer. */
+        XMEMCPY(der, seq, derLen);
+    }
+    else if (!err) {
         /* Calculate the unread amount. */
         int len = derLen - (int)sizeof(seq);
         /* Copy the previously read data into the buffer. */
@@ -1790,7 +1820,7 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
     if ((rsa == NULL) || (rsa->internal == NULL) || (derBuf == NULL) ||
             (derSz <= 0)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -1809,7 +1839,7 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
             /* Something went wrong while decoding. */
             WOLFSSL_ERROR_MSG("Unexpected error with trying to remove PKCS#8 "
                               "header");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
@@ -1831,13 +1861,13 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
                  WOLFSSL_ERROR_MSG("RsaPublicKeyDecode failed");
             }
             WOLFSSL_ERROR_VERBOSE(res);
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
         /* Set external RSA key data from wolfCrypt key. */
         if (SetRsaExternal(rsa) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         else {
             rsa->inSet = 1;
@@ -2052,6 +2082,32 @@ WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
     }
     return rsa;
 }
+
+WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
+{
+    char* data = NULL;
+    int dataSz = 0;
+    int memAlloced = 0;
+    WOLFSSL_RSA* rsa = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_RSA_PUBKEY_bio");
+
+    if (bio == NULL)
+        return NULL;
+
+    if (wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
+        if (memAlloced)
+            XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return NULL;
+    }
+
+    rsa = wolfssl_rsa_d2i(out, (const unsigned char*)data, dataSz,
+            WOLFSSL_RSA_LOAD_PUBLIC);
+    if (memAlloced)
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    return rsa;
+}
 #endif /* !NO_BIO */
 
 #ifndef NO_FILESYSTEM
@@ -2129,8 +2185,9 @@ WOLFSSL_RSA* wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA** rsa,
  * @return  1 on success.
  * @return  0 on failure.
  */
-int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
-    unsigned char* passwd, int passwdSz, unsigned char **pem, int *pLen)
+int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa,
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
+    unsigned char **pem, int *pLen)
 {
     int ret = 1;
     byte* derBuf = NULL;
@@ -2235,7 +2292,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
  * @return  0 on failure.
  */
 int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa,
-    const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
     wc_pem_password_cb *cb, void *arg)
 {
     int ret = 1;
@@ -2452,7 +2509,7 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent)
 
     /* Validate parameters. */
     if ((bio == NULL) || (rsa == NULL) || (indent > PRINT_NUM_MAX_INDENT)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -2552,7 +2609,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
     /* Validate parameters. */
     if ((rsa == NULL) || (rsa->internal == NULL)) {
         WOLFSSL_ERROR_MSG("rsa key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -2572,6 +2629,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
         }
 
         if (key->type == RSA_PRIVATE) {
+    #ifndef WOLFSSL_RSA_PUBLIC_ONLY
             if (ret == 1) {
                 /* Copy private exponent. */
                 ret = wolfssl_bn_set_value(&rsa->d, &key->d);
@@ -2593,7 +2651,8 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
                     WOLFSSL_ERROR_MSG("rsa q error");
                 }
             }
-        #ifndef RSA_LOW_MEM
+        #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
+            !defined(RSA_LOW_MEM)
             if (ret == 1) {
                 /* Copy d mod p-1. */
                 ret = wolfssl_bn_set_value(&rsa->dmp1, &key->dP);
@@ -2615,7 +2674,11 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
                     WOLFSSL_ERROR_MSG("rsa u error");
                 }
             }
-        #endif /* !RSA_LOW_MEM */
+        #endif
+    #else
+            WOLFSSL_ERROR_MSG("rsa private key not compiled in ");
+            ret = 0;
+    #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
         }
     }
     if (ret == 1) {
@@ -2648,7 +2711,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
     /* Validate parameters. */
     if ((rsa == NULL) || (rsa->internal == NULL)) {
         WOLFSSL_ERROR_MSG("rsa key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -2657,24 +2720,25 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
         /* Copy down modulus if available. */
         if ((rsa->n != NULL) && (wolfssl_bn_get_value(rsa->n, &key->n) != 1)) {
             WOLFSSL_ERROR_MSG("rsa n key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Copy down public exponent if available. */
         if ((ret == 1) && (rsa->e != NULL) &&
                 (wolfssl_bn_get_value(rsa->e, &key->e) != 1)) {
             WOLFSSL_ERROR_MSG("rsa e key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Enough numbers for public key */
         key->type = RSA_PUBLIC;
 
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
         /* Copy down private exponent if available. */
         if ((ret == 1) && (rsa->d != NULL)) {
             if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) {
                 WOLFSSL_ERROR_MSG("rsa d key error");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
             else {
                 /* Enough numbers for private key */
@@ -2686,38 +2750,39 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
         if ((ret == 1) && (rsa->p != NULL) &&
                 (wolfssl_bn_get_value(rsa->p, &key->p) != 1)) {
             WOLFSSL_ERROR_MSG("rsa p key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Copy down second prime if available. */
         if ((ret == 1) && (rsa->q != NULL) &&
                 (wolfssl_bn_get_value(rsa->q, &key->q) != 1)) {
             WOLFSSL_ERROR_MSG("rsa q key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
-    #ifndef RSA_LOW_MEM
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
         /* Copy down d mod p-1 if available. */
         if ((ret == 1) && (rsa->dmp1 != NULL) &&
                 (wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) {
             WOLFSSL_ERROR_MSG("rsa dP key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Copy down d mod q-1 if available. */
         if ((ret == 1) && (rsa->dmq1 != NULL) &&
                 (wolfssl_bn_get_value(rsa->dmq1, &key->dQ) != 1)) {
             WOLFSSL_ERROR_MSG("rsa dQ key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* Copy down 1/q mod p if available. */
         if ((ret == 1) && (rsa->iqmp != NULL) &&
                 (wolfssl_bn_get_value(rsa->iqmp, &key->u) != 1)) {
             WOLFSSL_ERROR_MSG("rsa u key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
-    #endif /* !RSA_LOW_MEM */
+#endif
+#endif
 
         if (ret == 1) {
             /* All available numbers have been set down. */
@@ -3274,7 +3339,7 @@ static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits,
 #endif
     int initTmpRng = 0;
     WC_RNG* rng = NULL;
-    long en;
+    long en = 0;
 #endif
 
     (void)cb;
@@ -3497,15 +3562,18 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e,
  * @param [out] em       Encoded message.
  * @param [in[  mHash    Message hash.
  * @param [in]  hashAlg  Hash algorithm.
+ * @param [in]  mgf1Hash MGF algorithm.
  * @param [in]  saltLen  Length of salt to generate.
  * @return  1 on success.
  * @return  0 on failure.
  */
-int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
-    const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen)
+
+int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em,
+        const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg,
+        const WOLFSSL_EVP_MD *mgf1Hash, int saltLen)
 {
     int ret = 1;
-    enum wc_HashType hashType;
+    enum wc_HashType hashType = WC_HASH_TYPE_NONE;
     int hashLen = 0;
     int emLen = 0;
     int mgf = 0;
@@ -3525,6 +3593,9 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
         ret = 0;
     }
 
+    if (mgf1Hash == NULL)
+        mgf1Hash = hashAlg;
+
     if (ret == 1) {
         /* Get/create an RNG. */
         rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
@@ -3550,7 +3621,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
     }
     if (ret == 1) {
         /* Get the wolfCrypt MGF algorithm from hash algorithm. */
-        mgf = wc_hash2mgf(hashType);
+        mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash));
         if (mgf == WC_MGF1NONE) {
             WOLFSSL_ERROR_MSG("wc_hash2mgf error");
             ret = 0;
@@ -3621,6 +3692,13 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
     return ret;
 }
 
+int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
+    const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen)
+{
+    return wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(rsa, em, mHash, hashAlg, NULL,
+            saltLen);
+}
+
 /* Checks that the hash is valid for the RSA PKCS#1 PSS encoded message.
  *
  * Refer to wolfSSL_RSA_padding_add_PKCS1_PSS for a diagram.
@@ -3628,14 +3706,15 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
  * @param [in]  rsa      RSA key.
  * @param [in[  mHash    Message hash.
  * @param [in]  hashAlg  Hash algorithm.
+ * @param [in]  mgf1Hash MGF algorithm.
  * @param [in]  em       Encoded message.
  * @param [in]  saltLen  Length of salt to generate.
  * @return  1 on success.
  * @return  0 on failure.
  */
-int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
-                                 const WOLFSSL_EVP_MD *hashAlg,
-                                 const unsigned char *em, int saltLen)
+int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa,
+        const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg,
+        const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen)
 {
     int ret = 1;
     int hashLen = 0;
@@ -3653,6 +3732,9 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
         ret = 0;
     }
 
+    if (mgf1Hash == NULL)
+        mgf1Hash = hashAlg;
+
     /* TODO: use wolfCrypt RSA key to get emLen and bits? */
     /* Set the external data from the wolfCrypt RSA key if not done. */
     if ((ret == 1) && (!rsa->exSet)) {
@@ -3715,7 +3797,7 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
 
     if (ret == 1) {
         /* Get the wolfCrypt MGF algorithm from hash algorithm. */
-        if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) {
+        if ((mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash))) == WC_MGF1NONE) {
             WOLFSSL_ERROR_MSG("wc_hash2mgf error");
             ret = 0;
         }
@@ -3758,6 +3840,14 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
     XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
+
+int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
+                                 const WOLFSSL_EVP_MD *hashAlg,
+                                 const unsigned char *em, int saltLen)
+{
+    return wolfSSL_RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, hashAlg, NULL, em,
+            saltLen);
+}
 #endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */
 #endif /* WC_RSA_PSS && (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY ||
         *                WOLFSSL_NGINX) */
@@ -3798,15 +3888,15 @@ static int wolfssl_rsa_sig_encode(int hashAlg, const unsigned char* hash,
         ret = 0;
     }
 
-    if ((ret == 1) && (hashAlg != NID_undef) &&
-            (padding == RSA_PKCS1_PADDING)) {
+    if ((ret == 1) && (hashAlg != WC_NID_undef) &&
+            (padding == WC_RSA_PKCS1_PADDING)) {
         /* Convert hash algorithm to hash type for PKCS#1.5 padding. */
         hType = (int)nid2oid(hashAlg, oidHashType);
         if (hType == -1) {
             ret = 0;
         }
     }
-    if ((ret == 1) && (padding == RSA_PKCS1_PADDING)) {
+    if ((ret == 1) && (padding == WC_RSA_PKCS1_PADDING)) {
         /* PKCS#1.5 encoding. */
         word32 encSz = wc_EncodeSignature(enc, hash, hLen, hType);
         if (encSz == 0) {
@@ -3818,7 +3908,7 @@ static int wolfssl_rsa_sig_encode(int hashAlg, const unsigned char* hash,
         }
     }
     /* Other padding schemes require the hash as is. */
-    if ((ret == 1) && (padding != RSA_PKCS1_PADDING)) {
+    if ((ret == 1) && (padding != WC_RSA_PKCS1_PADDING)) {
         XMEMCPY(enc, hash, hLen);
         *encLen = hLen;
     }
@@ -3846,7 +3936,7 @@ int wolfSSL_RSA_sign(int hashAlg, const unsigned char* hash, unsigned int hLen,
     }
     /* flag is 1: output complete signature. */
     return wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet,
-        sigLen, rsa, 1, RSA_PKCS1_PADDING);
+        sigLen, rsa, 1, WC_RSA_PKCS1_PADDING);
 }
 
 /* Sign the message hash using hash algorithm and RSA key.
@@ -3876,7 +3966,7 @@ int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash,
             *sigLen = RSA_MAX_SIZE / CHAR_BIT;
         }
         ret = wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet,
-            sigLen, rsa, flag, RSA_PKCS1_PADDING);
+            sigLen, rsa, flag, WC_RSA_PKCS1_PADDING);
     }
 
     return ret;
@@ -3898,7 +3988,7 @@ int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash,
  *                           0: Output the value that the unpadded signature
  *                              should be compared to.
  * @param [in]      padding  Padding to use. Only RSA_PKCS1_PSS_PADDING and
- *                           RSA_PKCS1_PADDING are currently supported for
+ *                           WC_RSA_PKCS1_PADDING are currently supported for
  *                           signing.
  * @return  1 on success.
  * @return  0 on failure.
@@ -3987,7 +4077,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
     if (ret == 1) {
         switch (padding) {
     #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT)
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
             if ((signSz = wc_RsaDirect(encodedSig, encSz, sigRet, &outLen,
                 (RsaKey*)rsa->internal, RSA_PRIVATE_ENCRYPT, rng)) <= 0) {
                 WOLFSSL_ERROR_MSG("Bad Rsa Sign no pad");
@@ -3997,7 +4087,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
     #endif
     #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1))
-        case RSA_PKCS1_PSS_PADDING:
+        case WC_RSA_PKCS1_PSS_PADDING:
         {
             enum wc_HashType hType =
                 wc_OidGetHash((int)nid2oid(hashAlg, oidHashType));
@@ -4016,14 +4106,14 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
         }
     #endif
     #ifndef WC_NO_RSA_OAEP
-        case RSA_PKCS1_OAEP_PADDING:
+        case WC_RSA_PKCS1_OAEP_PADDING:
             /* Not a signature padding scheme. */
             WOLFSSL_ERROR_MSG("RSA_PKCS1_OAEP_PADDING not supported for "
                               "signing");
             ret = 0;
             break;
     #endif
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
         {
             /* Sign (private encrypt) PKCS#1 encoded signature. */
             if ((signSz = wc_RsaSSL_Sign(encodedSig, encSz, sigRet, outLen,
@@ -4076,7 +4166,7 @@ int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash,
     WOLFSSL_RSA* rsa)
 {
     return wolfSSL_RSA_verify_ex(hashAlg, hash, hLen, sig, sigLen, rsa,
-        RSA_PKCS1_PADDING);
+        WC_RSA_PKCS1_PADDING);
 }
 
 /**
@@ -4091,7 +4181,7 @@ int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash,
  * @param [in]  sigLen   Length of signature data.
  * @param [in]  rsa      RSA key used to sign the input
  * @param [in]  padding  Padding to use. Only RSA_PKCS1_PSS_PADDING and
- *                       RSA_PKCS1_PADDING are currently supported for
+ *                       WC_RSA_PKCS1_PADDING are currently supported for
  *                       signing.
  * @return  1 on success.
  * @return  0 on failure.
@@ -4131,7 +4221,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
         }
     }
 #ifdef WOLFSSL_SMALL_STACK
-    if ((ret == 1) && (padding != RSA_PKCS1_PSS_PADDING)) {
+    if ((ret == 1) && (padding != WC_RSA_PKCS1_PSS_PADDING)) {
         /* Allocate memory for encoded signature. */
         encodedSig = (unsigned char *)XMALLOC(len, NULL,
             DYNAMIC_TYPE_TMP_BUFFER);
@@ -4141,7 +4231,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
         }
     }
 #endif
-    if ((ret == 1) && (padding != RSA_PKCS1_PSS_PADDING)) {
+    if ((ret == 1) && (padding != WC_RSA_PKCS1_PSS_PADDING)) {
         /* Make encoded signature to compare with decrypted signature. */
         if (wolfssl_rsa_sig_encode(hashAlg, hash, hLen, encodedSig, &len,
                 padding) <= 0) {
@@ -4170,7 +4260,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
     if (ret == 1) {
     #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1))
-        if (padding == RSA_PKCS1_PSS_PADDING) {
+        if (padding == WC_RSA_PKCS1_PSS_PADDING) {
             /* Check PSS padding is valid. */
             if (wc_RsaPSS_CheckPadding_ex(hash, hLen, sigDec, (word32)verLen,
                     hType, DEF_PSS_SALT_LEN,
@@ -4239,43 +4329,43 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
     if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
             (from == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
     #if !defined(HAVE_FIPS)
         /* Convert to wolfCrypt padding, hash and MGF. */
         switch (padding) {
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
             pad_type = WC_RSA_PKCSV15_PAD;
             break;
-        case RSA_PKCS1_OAEP_PADDING:
+        case WC_RSA_PKCS1_OAEP_PADDING:
             pad_type = WC_RSA_OAEP_PAD;
             hash = WC_HASH_TYPE_SHA;
             mgf = WC_MGF1SHA1;
             break;
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
             pad_type = WC_RSA_NO_PAD;
             break;
         default:
             WOLFSSL_ERROR_MSG("RSA_public_encrypt doesn't support padding "
                               "scheme");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #else
         /* Check for supported padding schemes in FIPS. */
         /* TODO: Do we support more schemes in later versions of FIPS? */
-        if (padding != RSA_PKCS1_PADDING) {
+        if (padding != WC_RSA_PKCS1_PADDING) {
             WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in "
                               "FIPS");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #endif
     }
 
     /* Set wolfCrypt RSA key data from external if not already done. */
     if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4283,7 +4373,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
         outLen = wolfSSL_RSA_size(rsa);
         if (outLen == 0) {
             WOLFSSL_ERROR_MSG("Bad RSA size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4291,7 +4381,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
         /* Get an RNG. */
         rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
         if (rng == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4317,7 +4407,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
 
     /* wolfCrypt error means return -1. */
     if (ret <= 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_RSA_public_encrypt", ret);
     return ret;
@@ -4352,41 +4442,41 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
     if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
             (from == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
     #if !defined(HAVE_FIPS)
         switch (padding) {
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
             pad_type = WC_RSA_PKCSV15_PAD;
             break;
-        case RSA_PKCS1_OAEP_PADDING:
+        case WC_RSA_PKCS1_OAEP_PADDING:
             pad_type = WC_RSA_OAEP_PAD;
             hash = WC_HASH_TYPE_SHA;
             mgf = WC_MGF1SHA1;
             break;
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
             pad_type = WC_RSA_NO_PAD;
             break;
         default:
             WOLFSSL_ERROR_MSG("RSA_private_decrypt unsupported padding");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #else
         /* Check for supported padding schemes in FIPS. */
         /* TODO: Do we support more schemes in later versions of FIPS? */
-        if (padding != RSA_PKCS1_PADDING) {
+        if (padding != WC_RSA_PKCS1_PADDING) {
             WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in "
                               "FIPS");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #endif
     }
 
     /* Set wolfCrypt RSA key data from external if not already done. */
     if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4394,7 +4484,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
         outLen = wolfSSL_RSA_size(rsa);
         if (outLen == 0) {
             WOLFSSL_ERROR_MSG("Bad RSA size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4412,7 +4502,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
 
     /* wolfCrypt error means return -1. */
     if (ret <= 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_RSA_private_decrypt", ret);
     return ret;
@@ -4443,35 +4533,35 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
     if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
             (from == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
     #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
         switch (padding) {
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
             pad_type = WC_RSA_PKCSV15_PAD;
             break;
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
             pad_type = WC_RSA_NO_PAD;
             break;
         /* TODO: RSA_X931_PADDING not supported */
         default:
             WOLFSSL_ERROR_MSG("RSA_public_decrypt unsupported padding");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #else
-        if (padding != RSA_PKCS1_PADDING) {
+        if (padding != WC_RSA_PKCS1_PADDING) {
             WOLFSSL_ERROR_MSG("RSA_public_decrypt pad type not supported in "
                               "FIPS");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     #endif
     }
 
     /* Set wolfCrypt RSA key data from external if not already done. */
     if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
@@ -4479,7 +4569,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
         outLen = wolfSSL_RSA_size(rsa);
         if (outLen == 0) {
             WOLFSSL_ERROR_MSG("Bad RSA size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4498,7 +4588,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
 
     /* wolfCrypt error means return -1. */
     if (ret <= 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_RSA_public_decrypt", ret);
     return ret;
@@ -4535,45 +4625,45 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from,
     if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
             (from == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
         switch (padding) {
-        case RSA_PKCS1_PADDING:
+        case WC_RSA_PKCS1_PADDING:
     #ifdef WC_RSA_NO_PADDING
-        case RSA_NO_PADDING:
+        case WC_RSA_NO_PAD:
     #endif
             break;
         /* TODO: RSA_X931_PADDING not supported */
         default:
             WOLFSSL_ERROR_MSG("RSA_private_encrypt unsupported padding");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
     /* Set wolfCrypt RSA key data from external if not already done. */
     if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 0) {
         /* Get an RNG. */
         rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
         if (rng == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
     if (ret == 0) {
         /* Use wolfCrypt to private-encrypt with RSA key.
          * Size of output buffer must be size of RSA key. */
-        if (padding == RSA_PKCS1_PADDING) {
+        if (padding == WC_RSA_PKCS1_PADDING) {
             ret = wc_RsaSSL_Sign(from, (word32)len, to,
                 (word32)wolfSSL_RSA_size(rsa), (RsaKey*)rsa->internal, rng);
         }
     #ifdef WC_RSA_NO_PADDING
-        else if (padding == RSA_NO_PADDING) {
+        else if (padding == WC_RSA_NO_PAD) {
             word32 outLen = (word32)wolfSSL_RSA_size(rsa);
             ret = wc_RsaFunction(from, (word32)len, to, &outLen,
                     RSA_PRIVATE_ENCRYPT, (RsaKey*)rsa->internal, rng);
@@ -4594,7 +4684,7 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from,
 
     /* wolfCrypt error means return -1. */
     if (ret <= 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", ret);
     return ret;
@@ -4629,7 +4719,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
     if ((rsa == NULL) || (rsa->p == NULL) || (rsa->q == NULL) ||
             (rsa->d == NULL) || (rsa->dmp1 == NULL) || (rsa->dmq1 == NULL)) {
         WOLFSSL_ERROR_MSG("rsa no init error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -4638,7 +4728,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
                                      DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp == NULL) {
             WOLFSSL_ERROR_MSG("Memory allocation failure");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -4647,7 +4737,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
         /* Initialize temp MP integer. */
         if (mp_init(tmp) != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_init error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4658,7 +4748,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
         err = mp_sub_d((mp_int*)rsa->p->internal, 1, tmp);
         if (err != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_sub_d error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
@@ -4667,7 +4757,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
             (mp_int*)rsa->dmp1->internal);
         if (err != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_mod error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
@@ -4675,7 +4765,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
         err = mp_sub_d((mp_int*)rsa->q->internal, 1, tmp);
         if (err != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_sub_d error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
@@ -4684,7 +4774,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
             (mp_int*)rsa->dmq1->internal);
         if (err != MP_OKAY) {
             WOLFSSL_ERROR_MSG("mp_mod error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -4866,34 +4956,34 @@ int SetDsaExternal(WOLFSSL_DSA* dsa)
 
     if (dsa == NULL || dsa->internal == NULL) {
         WOLFSSL_MSG("dsa key NULL error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     key = (DsaKey*)dsa->internal;
 
     if (wolfssl_bn_set_value(&dsa->p, &key->p) != 1) {
         WOLFSSL_MSG("dsa p key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wolfssl_bn_set_value(&dsa->q, &key->q) != 1) {
         WOLFSSL_MSG("dsa q key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wolfssl_bn_set_value(&dsa->g, &key->g) != 1) {
         WOLFSSL_MSG("dsa g key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wolfssl_bn_set_value(&dsa->pub_key, &key->y) != 1) {
         WOLFSSL_MSG("dsa y key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (wolfssl_bn_set_value(&dsa->priv_key, &key->x) != 1) {
         WOLFSSL_MSG("dsa x key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     dsa->exSet = 1;
@@ -4911,7 +5001,7 @@ int SetDsaInternal(WOLFSSL_DSA* dsa)
 
     if (dsa == NULL || dsa->internal == NULL) {
         WOLFSSL_MSG("dsa key NULL error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     key = (DsaKey*)dsa->internal;
@@ -4919,25 +5009,25 @@ int SetDsaInternal(WOLFSSL_DSA* dsa)
     if (dsa->p != NULL &&
         wolfssl_bn_get_value(dsa->p, &key->p) != 1) {
         WOLFSSL_MSG("rsa p key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (dsa->q != NULL &&
         wolfssl_bn_get_value(dsa->q, &key->q) != 1) {
         WOLFSSL_MSG("rsa q key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (dsa->g != NULL &&
         wolfssl_bn_get_value(dsa->g, &key->g) != 1) {
         WOLFSSL_MSG("rsa g key error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (dsa->pub_key != NULL) {
         if (wolfssl_bn_get_value(dsa->pub_key, &key->y) != 1) {
             WOLFSSL_MSG("rsa pub_key error");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         /* public key */
@@ -4947,7 +5037,7 @@ int SetDsaInternal(WOLFSSL_DSA* dsa)
     if (dsa->priv_key != NULL) {
         if (wolfssl_bn_get_value(dsa->priv_key, &key->x) != 1) {
             WOLFSSL_MSG("rsa priv_key error");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         /* private key */
@@ -4995,7 +5085,7 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
 #ifdef WOLFSSL_SMALL_STACK
         tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
         if (tmpRng == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
         if (wc_InitRng(tmpRng) == 0) {
             rng = tmpRng;
@@ -5099,7 +5189,7 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
 #ifdef WOLFSSL_SMALL_STACK
         tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
         if (tmpRng == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 #endif
         if (wc_InitRng(tmpRng) == 0) {
             rng = tmpRng;
@@ -5271,20 +5361,20 @@ int wolfSSL_i2d_DSA_SIG(const WOLFSSL_DSA_SIG *sig, byte **out)
     if (sig == NULL || sig->r == NULL || sig->s == NULL ||
             out == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (StoreECC_DSA_Sig(buf, &bufLen,
             (mp_int*)sig->r->internal, (mp_int*)sig->s->internal) != 0) {
         WOLFSSL_MSG("StoreECC_DSA_Sig error");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out == NULL) {
         byte* tmp = (byte*)XMALLOC(bufLen, NULL, DYNAMIC_TYPE_ASN1);
         if (tmp == NULL) {
             WOLFSSL_MSG("malloc error");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         *out = tmp;
     }
@@ -5408,13 +5498,13 @@ WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig,
 
     return ret;
 }
-#endif /* HAVE_SELFTEST */
 
-/* return 1 on success, < 0 otherwise */
-int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
-                       WOLFSSL_DSA* dsa)
+#endif /* !HAVE_SELFTEST */
+
+static int dsa_do_sign(const unsigned char* d, int dLen, unsigned char* sigRet,
+        WOLFSSL_DSA* dsa)
 {
-    int     ret = -1;
+    int     ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
     int     initTmpRng = 0;
     WC_RNG* rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
@@ -5423,25 +5513,23 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
     WC_RNG  tmpRng[1];
 #endif
 
-    WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
-
     if (d == NULL || sigRet == NULL || dsa == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-        return ret;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (dsa->inSet == 0) {
         WOLFSSL_MSG("No DSA internal set, do it");
         if (SetDsaInternal(dsa) != 1) {
             WOLFSSL_MSG("SetDsaInternal failed");
-            return ret;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
 #ifdef WOLFSSL_SMALL_STACK
     tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
     if (tmpRng == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 #endif
 
     if (wc_InitRng(tmpRng) == 0) {
@@ -5450,14 +5538,30 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
     }
     else {
         WOLFSSL_MSG("Bad RNG Init, trying global");
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG);
+        tmpRng = NULL;
+#endif
         rng = wolfssl_get_global_rng();
+        if (! rng)
+            return WOLFSSL_FATAL_ERROR;
     }
 
     if (rng) {
-        if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
-            WOLFSSL_MSG("DsaSign failed");
+#ifdef HAVE_SELFTEST
+        if (dLen != WC_SHA_DIGEST_SIZE ||
+                wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
+            WOLFSSL_MSG("wc_DsaSign failed or dLen wrong length");
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+#else
+        if (wc_DsaSign_ex(d, dLen, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
+            WOLFSSL_MSG("wc_DsaSign_ex failed");
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+#endif
         else
-            ret = 1;
+            ret = WOLFSSL_SUCCESS;
     }
 
     if (initTmpRng)
@@ -5469,6 +5573,15 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
     return ret;
 }
 
+/* return 1 on success, < 0 otherwise */
+int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
+                       WOLFSSL_DSA* dsa)
+{
+    WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
+
+    return dsa_do_sign(d, WC_SHA_DIGEST_SIZE, sigRet, dsa);
+}
+
 #ifndef HAVE_SELFTEST
 WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
                                         int inLen, WOLFSSL_DSA* dsa)
@@ -5479,12 +5592,12 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
 
     WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex");
 
-    if (!digest || !dsa || inLen != WC_SHA_DIGEST_SIZE) {
+    if (!digest || !dsa) {
         WOLFSSL_MSG("Bad function arguments");
         return NULL;
     }
 
-    if (wolfSSL_DSA_do_sign(digest, sigBin, dsa) != 1) {
+    if (dsa_do_sign(digest, inLen, sigBin, dsa) != 1) {
         WOLFSSL_MSG("wolfSSL_DSA_do_sign error");
         return NULL;
     }
@@ -5503,18 +5616,16 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
     /* 2 * sigLen for the two points r and s */
     return wolfSSL_d2i_DSA_SIG(NULL, &tmp, 2 * sigLen);
 }
-#endif /* !HAVE_SELFTEST */
+#endif
 
-int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
+static int dsa_do_verify(const unsigned char* d, int dLen, unsigned char* sig,
                         WOLFSSL_DSA* dsa, int *dsacheck)
 {
-    int    ret = -1;
-
-    WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
+    int    ret;
 
     if (d == NULL || sig == NULL || dsa == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (dsa->inSet == 0)
     {
@@ -5522,17 +5633,35 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
 
         if (SetDsaInternal(dsa) != 1) {
             WOLFSSL_MSG("SetDsaInternal failed");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
-    ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
-    if (ret != 0 || *dsacheck != 1) {
+#ifdef HAVE_SELFTEST
+    ret = dLen == WC_SHA_DIGEST_SIZE ?
+          wc_DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck) : BAD_FUNC_ARG;
+#else
+    ret = wc_DsaVerify_ex(d, (word32)dLen, sig, (DsaKey*)dsa->internal,
+        dsacheck);
+#endif
+    if (ret != 0) {
         WOLFSSL_MSG("DsaVerify failed");
-        return ret;
+        return WOLFSSL_FATAL_ERROR;
+    }
+    if (*dsacheck != 1) {
+        WOLFSSL_MSG("DsaVerify sig failed");
+        return WOLFSSL_FAILURE;
     }
 
-    return 1;
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
+                        WOLFSSL_DSA* dsa, int *dsacheck)
+{
+    WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
+
+    return dsa_do_verify(d, WC_SHA_DIGEST_SIZE, sig, dsa, dsacheck);
 }
 
 
@@ -5557,7 +5686,7 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
 
     WOLFSSL_ENTER("wolfSSL_DSA_do_verify_ex");
 
-    if (!digest || !sig || !dsa || digest_len != WC_SHA_DIGEST_SIZE) {
+    if (!digest || !sig || !dsa) {
         WOLFSSL_MSG("Bad function arguments");
         return 0;
     }
@@ -5609,14 +5738,14 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
     if (wolfSSL_BN_bn2bin(sig->s, sigBinPtr) == -1)
         return 0;
 
-    if ((wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck)
+    if ((dsa_do_verify(digest, digest_len, sigBin, dsa, &dsacheck)
                                          != 1) || dsacheck != 1) {
         return 0;
     }
 
     return 1;
 }
-#endif /* !HAVE_SELFTEST */
+#endif
 
 int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa,
     unsigned char** out)
@@ -5727,7 +5856,7 @@ WOLFSSL_DSA* wolfSSL_d2i_DSAparams(WOLFSSL_DSA** dsa, const unsigned char** der,
  * Returns 1 or 0
  */
 int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
-    const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
     wc_pem_password_cb* cb, void* arg)
 {
     int ret = 1;
@@ -5845,7 +5974,7 @@ int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa)
  *   1 if success, 0 if error
  */
 int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
-                                        const EVP_CIPHER* cipher,
+                                        const WOLFSSL_EVP_CIPHER* cipher,
                                         unsigned char* passwd, int passwdSz,
                                         unsigned char **pem, int *pLen)
 {
@@ -5965,7 +6094,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
  *   1 if success, 0 if error
  */
 int wolfSSL_PEM_write_DSAPrivateKey(XFILE fp, WOLFSSL_DSA *dsa,
-                                    const EVP_CIPHER *enc,
+                                    const WOLFSSL_EVP_CIPHER *enc,
                                     unsigned char *kstr, int klen,
                                     wc_pem_password_cb *cb, void *u)
 {
@@ -6106,19 +6235,19 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz
 
     if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) {
         WOLFSSL_MSG("Bad function arguments");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal,
         (word32)derSz);
     if (ret < 0) {
         WOLFSSL_MSG("DsaPrivateKeyDecode failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (SetDsaExternal(dsa) != 1) {
         WOLFSSL_MSG("SetDsaExternal failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     dsa->inSet = 1;
@@ -6138,7 +6267,7 @@ int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf,
 
     if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) {
         WOLFSSL_MSG("Bad function arguments");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (opt == WOLFSSL_DSA_LOAD_PRIVATE) {
@@ -6153,17 +6282,17 @@ int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf,
     if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PRIVATE) {
         WOLFSSL_ERROR_VERBOSE(ret);
         WOLFSSL_MSG("DsaPrivateKeyDecode failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     else if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PUBLIC) {
         WOLFSSL_ERROR_VERBOSE(ret);
         WOLFSSL_MSG("DsaPublicKeyDecode failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (SetDsaExternal(dsa) != 1) {
         WOLFSSL_MSG("SetDsaExternal failed");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     dsa->inSet = 1;
@@ -6411,17 +6540,17 @@ static int wolfssl_dh_set_nid(WOLFSSL_DH* dh, int nid)
      * FIPS v2 module */
     switch (nid) {
 #ifdef HAVE_FFDHE_2048
-    case NID_ffdhe2048:
+    case WC_NID_ffdhe2048:
         params = wc_Dh_ffdhe2048_Get();
         break;
 #endif /* HAVE_FFDHE_2048 */
 #ifdef HAVE_FFDHE_3072
-    case NID_ffdhe3072:
+    case WC_NID_ffdhe3072:
         params = wc_Dh_ffdhe3072_Get();
         break;
 #endif /* HAVE_FFDHE_3072 */
 #ifdef HAVE_FFDHE_4096
-    case NID_ffdhe4096:
+    case WC_NID_ffdhe4096:
         params = wc_Dh_ffdhe4096_Get();
         break;
 #endif /* HAVE_FFDHE_4096 */
@@ -6507,17 +6636,17 @@ static int wolfssl_dh_set_nid(WOLFSSL_DH* dh, int nid)
 
     switch (nid) {
 #ifdef HAVE_FFDHE_2048
-    case NID_ffdhe2048:
+    case WC_NID_ffdhe2048:
         name = WC_FFDHE_2048;
         break;
 #endif /* HAVE_FFDHE_2048 */
 #ifdef HAVE_FFDHE_3072
-    case NID_ffdhe3072:
+    case WC_NID_ffdhe3072:
         name = WC_FFDHE_3072;
         break;
 #endif /* HAVE_FFDHE_3072 */
 #ifdef HAVE_FFDHE_4096
-    case NID_ffdhe4096:
+    case WC_NID_ffdhe4096:
         name = WC_FFDHE_4096;
         break;
 #endif /* HAVE_FFDHE_4096 */
@@ -7562,13 +7691,13 @@ int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, int derSz)
     if ((dh == NULL) || (dh->internal == NULL) || (derBuf == NULL) ||
             (derSz <= 0)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if ((ret == 1) && (wolfssl_dh_load_params(dh, derBuf, &idx,
             (word32)derSz) != 0)) {
         WOLFSSL_ERROR_MSG("DH key decode failed");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -7756,10 +7885,10 @@ WOLFSSL_DH* wolfSSL_PEM_read_DHparams(XFILE fp, WOLFSSL_DH** dh,
 static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out,
     void* heap)
 {
-    int ret = -1;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
     int err = 0;
     byte* der = NULL;
-    word32 derSz;
+    word32 derSz = 0;
     DhKey* key = NULL;
 
     (void)heap;
@@ -7816,7 +7945,7 @@ static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out,
 int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh)
 {
     int ret = 1;
-    int derSz;
+    int derSz = 0;
     byte* derBuf = NULL;
     void* heap = NULL;
 
@@ -7885,7 +8014,7 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm)
     /* Validate parameters. */
     if ((dh == NULL) || (dh->internal == NULL)) {
         WOLFSSL_ERROR_MSG("dh key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (ret == 1) {
@@ -7897,21 +8026,21 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm)
         /* Set the prime. */
         if (wolfssl_bn_set_value(&dh->p, &key->p) != 1) {
             WOLFSSL_ERROR_MSG("dh param p error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if ((ret == 1) && (elm & ELEMENT_G)) {
         /* Set the generator. */
         if (wolfssl_bn_set_value(&dh->g, &key->g) != 1) {
             WOLFSSL_ERROR_MSG("dh param g error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if ((ret == 1) && (elm & ELEMENT_Q)) {
         /* Set the order. */
         if (wolfssl_bn_set_value(&dh->q, &key->q) != 1) {
             WOLFSSL_ERROR_MSG("dh param q error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #ifdef WOLFSSL_DH_EXTRA
@@ -7919,14 +8048,14 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm)
         /* Set the private key. */
         if (wolfssl_bn_set_value(&dh->priv_key, &key->priv) != 1) {
             WOLFSSL_ERROR_MSG("No DH Private Key");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if ((ret == 1) && (elm & ELEMENT_PUB)) {
         /* Set the public key. */
         if (wolfssl_bn_set_value(&dh->pub_key, &key->pub) != 1) {
             WOLFSSL_ERROR_MSG("No DH Public Key");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif /* WOLFSSL_DH_EXTRA */
@@ -7971,7 +8100,7 @@ int SetDhInternal(WOLFSSL_DH* dh)
     /* Validate parameters. */
     if ((dh == NULL) || (dh->p == NULL) || (dh->g == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret == 1) {
         /* Get the wolfSSL DH key. */
@@ -7980,26 +8109,26 @@ int SetDhInternal(WOLFSSL_DH* dh)
         /* Clear out key and initialize. */
         wc_FreeDhKey(key);
         if (wc_InitDhKey(key) != 0) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
         /* Transfer prime. */
         if (wolfssl_bn_get_value(dh->p, &key->p) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 1) {
         /* Transfer generator. */
         if (wolfssl_bn_get_value(dh->g, &key->g) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #ifdef HAVE_FFDHE_Q
     /* Transfer order if available. */
     if ((ret == 1) && (dh->q != NULL)) {
         if (wolfssl_bn_get_value(dh->q, &key->q) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -8008,14 +8137,14 @@ int SetDhInternal(WOLFSSL_DH* dh)
     if ((ret == 1) && (dh->priv_key != NULL) &&
             (!wolfSSL_BN_is_zero(dh->priv_key))) {
         if (wolfssl_bn_get_value(dh->priv_key, &key->priv) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     /* Transfer public key if available. */
     if ((ret == 1) && (dh->pub_key != NULL) &&
             (!wolfSSL_BN_is_zero(dh->pub_key))) {
         if (wolfssl_bn_get_value(dh->pub_key, &key->pub) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif /* WOLFSSL_DH_EXTRA */
@@ -8038,17 +8167,14 @@ int SetDhInternal(WOLFSSL_DH* dh)
  */
 int wolfSSL_DH_size(WOLFSSL_DH* dh)
 {
-    int ret = -1;
-
     WOLFSSL_ENTER("wolfSSL_DH_size");
 
-    /* Validate parameter. */
-    if (dh != NULL) {
-        /* Size of key is size of prime in bytes. */
-        ret = wolfSSL_BN_num_bytes(dh->p);
-    }
+    if (dh == NULL)
+        return WOLFSSL_FATAL_ERROR;
 
-    return ret;
+    /* Validate parameter. */
+    /* Size of key is size of prime in bytes. */
+    return wolfSSL_BN_num_bytes(dh->p);
 }
 
 /**
@@ -8575,6 +8701,10 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
         /* Private key size can be as much as the size of the prime. */
         if (dh->length) {
             privSz = (word32)(dh->length / 8); /* to bytes */
+            /* Special case where priv key is larger than dh->length / 8
+             * See GeneratePrivateDh */
+            if (dh->length == 128)
+                privSz = 21;
         }
         else {
             privSz = pubSz;
@@ -8641,20 +8771,8 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
 }
 
 
-/* Compute the shared key from the private key and peer's public key.
- *
- * Return code compliant with OpenSSL.
- * OpenSSL returns 0 when number of bits in p are smaller than minimum
- * supported.
- *
- * @param [out] key       Buffer to place shared key.
- * @param [in]  otherPub  Peer's public key.
- * @param [in]  dh        DH key containing private key.
- * @return  -1 on error.
- * @return  Size of shared secret in bytes on success.
- */
-int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
-    WOLFSSL_DH* dh)
+static int _DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
+    WOLFSSL_DH* dh, int ct)
 {
     int            ret    = 0;
     word32         keySz  = 0;
@@ -8674,19 +8792,19 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
     /* Validate parameters. */
     if ((dh == NULL) || (dh->priv_key == NULL) || (otherPub == NULL)) {
         WOLFSSL_ERROR_MSG("Bad function arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Get the maximum size of computed DH key. */
-    if ((ret == 0) && ((keySz = (word32)DH_size(dh)) == 0)) {
+    if ((ret == 0) && ((keySz = (word32)wolfSSL_DH_size(dh)) == 0)) {
         WOLFSSL_ERROR_MSG("Bad DH_size");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret == 0) {
         /* Validate the size of the private key. */
         sz = wolfSSL_BN_num_bytes(dh->priv_key);
         if (sz > (int)privSz) {
             WOLFSSL_ERROR_MSG("Bad priv internal size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
@@ -8699,7 +8817,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
         sz = wolfSSL_BN_num_bytes(otherPub);
         if (sz > pubSz) {
             WOLFSSL_ERROR_MSG("Bad otherPub size");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -8709,14 +8827,14 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
         pub = (unsigned char*)XMALLOC((size_t)sz, NULL,
             DYNAMIC_TYPE_PUBLIC_KEY);
         if (pub == NULL)
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret == 0) {
         /* Allocate memory for the private key array. */
         priv = (unsigned char*)XMALLOC((size_t)privSz, NULL,
             DYNAMIC_TYPE_PRIVATE_KEY);
         if (priv == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
@@ -8724,28 +8842,58 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
         /* Get the private key into the array. */
         privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv);
         if (privSz <= 0) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
         /* Get the public key into the array. */
         pubSz  = wolfSSL_BN_bn2bin(otherPub, pub);
         if (pubSz <= 0) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     /* Synchronize the external into the internal parameters. */
     if ((ret == 0) && ((dh->inSet == 0) && (SetDhInternal(dh) != 1))) {
         WOLFSSL_ERROR_MSG("Bad DH set internal");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     PRIVATE_KEY_UNLOCK();
     /* Calculate shared secret from private and public keys. */
-    if ((ret == 0) && (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv,
-            (word32)privSz, pub, (word32)pubSz) < 0)) {
-        WOLFSSL_ERROR_MSG("wc_DhAgree failed");
-        ret = -1;
+    if (ret == 0) {
+        word32 padded_keySz = keySz;
+#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && !defined(HAVE_SELFTEST)
+        if (ct) {
+            if (wc_DhAgree_ct((DhKey*)dh->internal, key, &keySz, priv,
+                           (word32)privSz, pub, (word32)pubSz) < 0) {
+                WOLFSSL_ERROR_MSG("wc_DhAgree_ct failed");
+                ret = WOLFSSL_FATAL_ERROR;
+            }
+        }
+        else
+#endif /* (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) && !HAVE_SELFTEST */
+        {
+            if (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv,
+                           (word32)privSz, pub, (word32)pubSz) < 0) {
+                WOLFSSL_ERROR_MSG("wc_DhAgree failed");
+                ret = WOLFSSL_FATAL_ERROR;
+            }
+        }
+
+        if ((ret == 0) && ct) {
+            /* Arrange for correct fixed-length, right-justified key, even if
+             * the crypto back end doesn't support it.  With some crypto back
+             * ends this forgoes formal constant-timeness on the key agreement,
+             * but assured that wolfSSL_DH_compute_key_padded() functions
+             * correctly.
+             */
+            if (keySz < padded_keySz) {
+                XMEMMOVE(key, key + (padded_keySz - keySz),
+                         padded_keySz - keySz);
+                XMEMSET(key, 0, padded_keySz - keySz);
+                keySz = padded_keySz;
+            }
+        }
     }
     if (ret == 0) {
         /* Return actual length. */
@@ -8769,6 +8917,45 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
 
     return ret;
 }
+
+/* Compute the shared key from the private key and peer's public key.
+ *
+ * Return code compliant with OpenSSL.
+ * OpenSSL returns 0 when number of bits in p are smaller than minimum
+ * supported.
+ *
+ * @param [out] key       Buffer to place shared key.
+ * @param [in]  otherPub  Peer's public key.
+ * @param [in]  dh        DH key containing private key.
+ * @return  -1 on error.
+ * @return  Size of shared secret in bytes on success.
+ */
+int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
+    WOLFSSL_DH* dh)
+{
+    return _DH_compute_key(key, otherPub, dh, 0);
+}
+
+/* Compute the shared key from the private key and peer's public key as in
+ * wolfSSL_DH_compute_key, but using constant time processing, with an output
+ * key length fixed at the nominal DH key size.  Leading zeros are retained.
+ *
+ * Return code compliant with OpenSSL.
+ * OpenSSL returns 0 when number of bits in p are smaller than minimum
+ * supported.
+ *
+ * @param [out] key       Buffer to place shared key.
+ * @param [in]  otherPub  Peer's public key.
+ * @param [in]  dh        DH key containing private key.
+ * @return  -1 on error.
+ * @return  Size of shared secret in bytes on success.
+ */
+int wolfSSL_DH_compute_key_padded(unsigned char* key,
+    const WOLFSSL_BIGNUM* otherPub, WOLFSSL_DH* dh)
+{
+    return _DH_compute_key(key, otherPub, dh, 1);
+}
+
 #endif /* !HAVE_FIPS || (HAVE_FIPS && !WOLFSSL_DH_EXTRA) ||
         * HAVE_FIPS_VERSION > 2 */
 
@@ -8873,7 +9060,7 @@ int wolfSSL_EC_METHOD_get_field_type(const WOLFSSL_EC_METHOD *meth)
 
     if (meth != NULL) {
         /* Only field type supported by code base. */
-        nid = NID_X9_62_prime_field;
+        nid = WC_NID_X9_62_prime_field;
     }
 
     return nid;
@@ -8897,66 +9084,66 @@ int EccEnumToNID(int n)
 
     switch(n) {
         case ECC_SECP192R1:
-            return NID_X9_62_prime192v1;
+            return WC_NID_X9_62_prime192v1;
         case ECC_PRIME192V2:
-            return NID_X9_62_prime192v2;
+            return WC_NID_X9_62_prime192v2;
         case ECC_PRIME192V3:
-            return NID_X9_62_prime192v3;
+            return WC_NID_X9_62_prime192v3;
         case ECC_PRIME239V1:
-            return NID_X9_62_prime239v1;
+            return WC_NID_X9_62_prime239v1;
         case ECC_PRIME239V2:
-            return NID_X9_62_prime239v2;
+            return WC_NID_X9_62_prime239v2;
         case ECC_PRIME239V3:
-            return NID_X9_62_prime239v3;
+            return WC_NID_X9_62_prime239v3;
         case ECC_SECP256R1:
-            return NID_X9_62_prime256v1;
+            return WC_NID_X9_62_prime256v1;
         case ECC_SECP112R1:
-            return NID_secp112r1;
+            return WC_NID_secp112r1;
         case ECC_SECP112R2:
-            return NID_secp112r2;
+            return WC_NID_secp112r2;
         case ECC_SECP128R1:
-            return NID_secp128r1;
+            return WC_NID_secp128r1;
         case ECC_SECP128R2:
-            return NID_secp128r2;
+            return WC_NID_secp128r2;
         case ECC_SECP160R1:
-            return NID_secp160r1;
+            return WC_NID_secp160r1;
         case ECC_SECP160R2:
-            return NID_secp160r2;
+            return WC_NID_secp160r2;
         case ECC_SECP224R1:
-            return NID_secp224r1;
+            return WC_NID_secp224r1;
         case ECC_SECP384R1:
-            return NID_secp384r1;
+            return WC_NID_secp384r1;
         case ECC_SECP521R1:
-            return NID_secp521r1;
+            return WC_NID_secp521r1;
         case ECC_SECP160K1:
-            return NID_secp160k1;
+            return WC_NID_secp160k1;
         case ECC_SECP192K1:
-            return NID_secp192k1;
+            return WC_NID_secp192k1;
         case ECC_SECP224K1:
-            return NID_secp224k1;
+            return WC_NID_secp224k1;
         case ECC_SECP256K1:
-            return NID_secp256k1;
+            return WC_NID_secp256k1;
         case ECC_BRAINPOOLP160R1:
-            return NID_brainpoolP160r1;
+            return WC_NID_brainpoolP160r1;
         case ECC_BRAINPOOLP192R1:
-            return NID_brainpoolP192r1;
+            return WC_NID_brainpoolP192r1;
         case ECC_BRAINPOOLP224R1:
-            return NID_brainpoolP224r1;
+            return WC_NID_brainpoolP224r1;
         case ECC_BRAINPOOLP256R1:
-            return NID_brainpoolP256r1;
+            return WC_NID_brainpoolP256r1;
         case ECC_BRAINPOOLP320R1:
-            return NID_brainpoolP320r1;
+            return WC_NID_brainpoolP320r1;
         case ECC_BRAINPOOLP384R1:
-            return NID_brainpoolP384r1;
+            return WC_NID_brainpoolP384r1;
         case ECC_BRAINPOOLP512R1:
-            return NID_brainpoolP512r1;
+            return WC_NID_brainpoolP512r1;
     #ifdef WOLFSSL_SM2
         case ECC_SM2P256V1:
-            return NID_sm2;
+            return WC_NID_sm2;
     #endif
         default:
             WOLFSSL_MSG("NID not found");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
     }
 }
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
@@ -8972,95 +9159,96 @@ int EccEnumToNID(int n)
  */
 int NIDToEccEnum(int nid)
 {
-    /* -1 on error. */
-    int id = -1;
+    int id;
 
     WOLFSSL_ENTER("NIDToEccEnum");
 
     switch (nid) {
-        case NID_X9_62_prime192v1:
+        case WC_NID_X9_62_prime192v1:
             id = ECC_SECP192R1;
             break;
-        case NID_X9_62_prime192v2:
+        case WC_NID_X9_62_prime192v2:
             id = ECC_PRIME192V2;
             break;
-        case NID_X9_62_prime192v3:
+        case WC_NID_X9_62_prime192v3:
             id = ECC_PRIME192V3;
             break;
-        case NID_X9_62_prime239v1:
+        case WC_NID_X9_62_prime239v1:
             id = ECC_PRIME239V1;
             break;
-        case NID_X9_62_prime239v2:
+        case WC_NID_X9_62_prime239v2:
             id = ECC_PRIME239V2;
             break;
-        case NID_X9_62_prime239v3:
+        case WC_NID_X9_62_prime239v3:
             id = ECC_PRIME239V3;
             break;
-        case NID_X9_62_prime256v1:
+        case WC_NID_X9_62_prime256v1:
             id = ECC_SECP256R1;
             break;
-        case NID_secp112r1:
+        case WC_NID_secp112r1:
             id = ECC_SECP112R1;
             break;
-        case NID_secp112r2:
+        case WC_NID_secp112r2:
             id = ECC_SECP112R2;
             break;
-        case NID_secp128r1:
+        case WC_NID_secp128r1:
             id = ECC_SECP128R1;
             break;
-        case NID_secp128r2:
+        case WC_NID_secp128r2:
             id = ECC_SECP128R2;
             break;
-        case NID_secp160r1:
+        case WC_NID_secp160r1:
             id = ECC_SECP160R1;
             break;
-        case NID_secp160r2:
+        case WC_NID_secp160r2:
             id = ECC_SECP160R2;
             break;
-        case NID_secp224r1:
+        case WC_NID_secp224r1:
             id = ECC_SECP224R1;
             break;
-        case NID_secp384r1:
+        case WC_NID_secp384r1:
             id = ECC_SECP384R1;
             break;
-        case NID_secp521r1:
+        case WC_NID_secp521r1:
             id = ECC_SECP521R1;
             break;
-        case NID_secp160k1:
+        case WC_NID_secp160k1:
             id = ECC_SECP160K1;
             break;
-        case NID_secp192k1:
+        case WC_NID_secp192k1:
             id = ECC_SECP192K1;
             break;
-        case NID_secp224k1:
+        case WC_NID_secp224k1:
             id = ECC_SECP224K1;
             break;
-        case NID_secp256k1:
+        case WC_NID_secp256k1:
             id = ECC_SECP256K1;
             break;
-        case NID_brainpoolP160r1:
+        case WC_NID_brainpoolP160r1:
             id = ECC_BRAINPOOLP160R1;
             break;
-        case NID_brainpoolP192r1:
+        case WC_NID_brainpoolP192r1:
             id = ECC_BRAINPOOLP192R1;
             break;
-        case NID_brainpoolP224r1:
+        case WC_NID_brainpoolP224r1:
             id = ECC_BRAINPOOLP224R1;
             break;
-        case NID_brainpoolP256r1:
+        case WC_NID_brainpoolP256r1:
             id = ECC_BRAINPOOLP256R1;
             break;
-        case NID_brainpoolP320r1:
+        case WC_NID_brainpoolP320r1:
             id = ECC_BRAINPOOLP320R1;
             break;
-        case NID_brainpoolP384r1:
+        case WC_NID_brainpoolP384r1:
             id = ECC_BRAINPOOLP384R1;
             break;
-        case NID_brainpoolP512r1:
+        case WC_NID_brainpoolP512r1:
             id = ECC_BRAINPOOLP512R1;
             break;
         default:
             WOLFSSL_MSG("NID not found");
+            /* -1 on error. */
+            id = WOLFSSL_FATAL_ERROR;
     }
 
     return id;
@@ -9172,13 +9360,19 @@ void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
  * @return  NULL on error.
  */
 static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group,
-    const unsigned char* in, long inSz)
+    const unsigned char** in_pp, long inSz)
 {
     int err = 0;
     WOLFSSL_EC_GROUP* ret = NULL;
     word32 idx = 0;
     word32 oid = 0;
     int id = 0;
+    const unsigned char* in;
+
+    if (in_pp == NULL || *in_pp == NULL)
+        return NULL;
+
+    in = *in_pp;
 
     /* Use the group passed in. */
     if ((group != NULL) && (*group != NULL)) {
@@ -9227,6 +9421,9 @@ static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group,
         }
         ret = NULL;
     }
+    else {
+        *in_pp += idx;
+    }
     return ret;
 }
 
@@ -9258,7 +9455,8 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
     }
     if (!err) {
         /* Create EC group from DER encoding. */
-        ret = wolfssl_ec_group_d2i(group, der->buffer, der->length);
+        const byte** p = (const byte**)&der->buffer;
+        ret = wolfssl_ec_group_d2i(group, p, der->length);
         if (ret == NULL) {
             WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_GROUP");
         }
@@ -9269,6 +9467,52 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
     return ret;
 }
 
+WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
+        const unsigned char **in, long len)
+{
+    return wolfssl_ec_group_d2i(out, in, len);
+}
+
+int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp)
+{
+    unsigned char* out = NULL;
+    int len = 0;
+    int idx;
+    const byte* oid = NULL;
+    word32 oidSz = 0;
+
+    if (grp == NULL || !wc_ecc_is_valid_idx(grp->curve_idx) ||
+            grp->curve_idx < 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    /* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid
+     * is just the numerical representation. */
+    if (wc_ecc_get_oid((word32)grp->curve_oid, &oid, &oidSz) < 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    len = SetObjectId((int)oidSz, NULL) + (int)oidSz;
+
+    if (pp == NULL)
+        return len;
+
+    if (*pp == NULL) {
+        out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
+        if (out == NULL)
+            return WOLFSSL_FATAL_ERROR;
+    }
+    else {
+        out = *pp;
+    }
+
+    idx = SetObjectId((int)oidSz, out);
+    XMEMCPY(out + idx, oid, oidSz);
+    if (*pp == NULL)
+        *pp = out;
+    else
+        *pp += len;
+
+    return len;
+}
 #endif /* !NO_BIO */
 
 #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
@@ -9337,7 +9581,7 @@ int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
     if ((a == NULL) || (b == NULL)) {
         WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments");
         /* Return error value. */
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Compare NID and wolfSSL curve index. */
     else {
@@ -9410,53 +9654,53 @@ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
     }
     else {
         switch (group->curve_nid) {
-            case NID_secp112r1:
-            case NID_secp112r2:
+            case WC_NID_secp112r1:
+            case WC_NID_secp112r2:
                 degree = 112;
                 break;
-            case NID_secp128r1:
-            case NID_secp128r2:
+            case WC_NID_secp128r1:
+            case WC_NID_secp128r2:
                 degree = 128;
                 break;
-            case NID_secp160k1:
-            case NID_secp160r1:
-            case NID_secp160r2:
-            case NID_brainpoolP160r1:
+            case WC_NID_secp160k1:
+            case WC_NID_secp160r1:
+            case WC_NID_secp160r2:
+            case WC_NID_brainpoolP160r1:
                 degree = 160;
                 break;
-            case NID_secp192k1:
-            case NID_brainpoolP192r1:
-            case NID_X9_62_prime192v1:
-            case NID_X9_62_prime192v2:
-            case NID_X9_62_prime192v3:
+            case WC_NID_secp192k1:
+            case WC_NID_brainpoolP192r1:
+            case WC_NID_X9_62_prime192v1:
+            case WC_NID_X9_62_prime192v2:
+            case WC_NID_X9_62_prime192v3:
                 degree = 192;
                 break;
-            case NID_secp224k1:
-            case NID_secp224r1:
-            case NID_brainpoolP224r1:
+            case WC_NID_secp224k1:
+            case WC_NID_secp224r1:
+            case WC_NID_brainpoolP224r1:
                 degree = 224;
                 break;
-            case NID_X9_62_prime239v1:
-            case NID_X9_62_prime239v2:
-            case NID_X9_62_prime239v3:
+            case WC_NID_X9_62_prime239v1:
+            case WC_NID_X9_62_prime239v2:
+            case WC_NID_X9_62_prime239v3:
                 degree = 239;
                 break;
-            case NID_secp256k1:
-            case NID_brainpoolP256r1:
-            case NID_X9_62_prime256v1:
+            case WC_NID_secp256k1:
+            case WC_NID_brainpoolP256r1:
+            case WC_NID_X9_62_prime256v1:
                 degree = 256;
                 break;
-            case NID_brainpoolP320r1:
+            case WC_NID_brainpoolP320r1:
                 degree = 320;
                 break;
-            case NID_secp384r1:
-            case NID_brainpoolP384r1:
+            case WC_NID_secp384r1:
+            case WC_NID_brainpoolP384r1:
                 degree = 384;
                 break;
-            case NID_brainpoolP512r1:
+            case WC_NID_brainpoolP512r1:
                 degree = 512;
                 break;
-            case NID_secp521r1:
+            case WC_NID_secp521r1:
                 degree = 521;
                 break;
         }
@@ -9488,7 +9732,7 @@ int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group)
     /* Validate parameter. */
     if ((group == NULL) || (group->curve_idx < 0)) {
         WOLFSSL_MSG("wolfSSL_EC_GROUP_order_bits NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -9497,7 +9741,7 @@ int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group)
         order = (mp_int *)XMALLOC(sizeof(*order), NULL,
             DYNAMIC_TYPE_TMP_BUFFER);
         if (order == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -9559,6 +9803,12 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
         ret = 0;
     }
 
+    if (ret == 1 &&
+            (group->curve_idx < 0 || !wc_ecc_is_valid_idx(group->curve_idx))) {
+        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad group idx");
+        ret = 0;
+    }
+
     if (ret == 1) {
         mp = (mp_int*)order->internal;
     }
@@ -9604,7 +9854,7 @@ static int ec_point_internal_set(WOLFSSL_EC_POINT *p)
     /* Validate parameter. */
     if ((p == NULL) || (p->internal == NULL)) {
         WOLFSSL_MSG("ECPoint NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         /* Get internal point as a wolfCrypt EC point. */
@@ -9613,19 +9863,19 @@ static int ec_point_internal_set(WOLFSSL_EC_POINT *p)
         /* Set X ordinate if available. */
         if ((p->X != NULL) && (wolfssl_bn_get_value(p->X, point->x) != 1)) {
             WOLFSSL_MSG("ecc point X error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Set Y ordinate if available. */
         if ((ret == 1) && (p->Y != NULL) && (wolfssl_bn_get_value(p->Y,
                 point->y) != 1)) {
             WOLFSSL_MSG("ecc point Y error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Set Z ordinate if available. */
         if ((ret == 1) && (p->Z != NULL) && (wolfssl_bn_get_value(p->Z,
                 point->z) != 1)) {
             WOLFSSL_MSG("ecc point Z error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Internal values set when operations succeeded. */
         p->inSet = (ret == 1);
@@ -9651,7 +9901,7 @@ static int ec_point_external_set(WOLFSSL_EC_POINT *p)
     /* Validate parameter. */
     if ((p == NULL) || (p->internal == NULL)) {
         WOLFSSL_MSG("ECPoint NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         /* Get internal point as a wolfCrypt EC point. */
@@ -9660,17 +9910,17 @@ static int ec_point_external_set(WOLFSSL_EC_POINT *p)
         /* Set X ordinate. */
         if (wolfssl_bn_set_value(&p->X, point->x) != 1) {
             WOLFSSL_MSG("ecc point X error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Set Y ordinate. */
         if ((ret == 1) && (wolfssl_bn_set_value(&p->Y, point->y) != 1)) {
             WOLFSSL_MSG("ecc point Y error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* Set Z ordinate. */
         if ((ret == 1) && (wolfssl_bn_set_value(&p->Z, point->z) != 1)) {
             WOLFSSL_MSG("ecc point Z error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* External values set when operations succeeded. */
         p->exSet = (ret == 1);
@@ -9921,7 +10171,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
     if (!err) {
         /* <format byte> <x-ordinate> [<y-ordinate>] */
         len = sz + 1;
-        if (form == POINT_CONVERSION_UNCOMPRESSED) {
+        if (form == WC_POINT_CONVERSION_UNCOMPRESSED) {
             /* Include y ordinate when uncompressed. */
             len += sz;
         }
@@ -9947,7 +10197,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
         }
     }
     if (!err) {
-        if (form == POINT_CONVERSION_COMPRESSED) {
+        if (form == WC_POINT_CONVERSION_COMPRESSED) {
             /* Compressed format byte value dependent on whether y-ordinate is
              * odd.
              */
@@ -10004,13 +10254,13 @@ static size_t hex_to_bytes(const char *hex, unsigned char *output, size_t sz)
     return sz;
 }
 
-WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const EC_GROUP *group,
+WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const WOLFSSL_EC_GROUP *group,
             const char *hex, WOLFSSL_EC_POINT*p, WOLFSSL_BN_CTX *ctx)
 {
     /* for uncompressed mode */
     size_t str_sz;
-    BIGNUM *Gx  = NULL;
-    BIGNUM *Gy  = NULL;
+    WOLFSSL_BIGNUM *Gx  = NULL;
+    WOLFSSL_BIGNUM *Gy  = NULL;
     char   strGx[MAX_ECC_BYTES * 2 + 1];
 
     /* for compressed mode */
@@ -10035,7 +10285,7 @@ WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const EC_GROUP *group,
 
     key_sz = (wolfSSL_EC_GROUP_get_degree(group) + 7) / 8;
     if (hex[0] ==  '0' && hex[1] == '4') { /* uncompressed mode */
-        str_sz = key_sz * 2;
+        str_sz = (size_t)key_sz * 2;
 
         XMEMSET(strGx, 0x0, str_sz + 1);
         XMEMCPY(strGx, hex + 2, str_sz);
@@ -10061,7 +10311,7 @@ WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const EC_GROUP *group,
         if (hex_to_bytes(hex + 2, octGx + 1, sz) != sz) {
             goto err;
         }
-        if (wolfSSL_ECPoint_d2i(octGx, key_sz + 1, group, p)
+        if (wolfSSL_ECPoint_d2i(octGx, (word32)key_sz + 1, group, p)
                                             != WOLFSSL_SUCCESS) {
             goto err;
         }
@@ -10077,7 +10327,7 @@ err:
     wolfSSL_BN_free(Gx);
     wolfSSL_BN_free(Gy);
     if (p_alloc) {
-        EC_POINT_free(p);
+        wolfSSL_EC_POINT_free(p);
     }
     return NULL;
 
@@ -10255,7 +10505,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
     int err = 0;
     word32 enc_len = (word32)len;
 #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
-    int compressed = ((form == POINT_CONVERSION_COMPRESSED) ? 1 : 0);
+    int compressed = ((form == WC_POINT_CONVERSION_COMPRESSED) ? 1 : 0);
 #endif /* !HAVE_SELFTEST */
 
     WOLFSSL_ENTER("wolfSSL_EC_POINT_point2oct");
@@ -10280,7 +10530,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
         if (buf != NULL) {
             /* Check whether buffer has space. */
             if (len < 1) {
-                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                wolfSSL_ECerr(WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT, BUFFER_E);
                 err = 1;
             }
             else {
@@ -10292,9 +10542,9 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
     /* Not infinity. */
     else if (!err) {
         /* Validate format. */
-        if (form != POINT_CONVERSION_UNCOMPRESSED
+        if (form != WC_POINT_CONVERSION_UNCOMPRESSED
         #ifndef HAVE_SELFTEST
-                && form != POINT_CONVERSION_COMPRESSED
+                && form != WC_POINT_CONVERSION_COMPRESSED
         #endif /* !HAVE_SELFTEST */
             ) {
             WOLFSSL_MSG("Unsupported point form");
@@ -10316,7 +10566,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
             /* Check return. When buf is NULL, return will be length only
              * error.
              */
-            if (ret != ((buf != NULL) ? MP_OKAY : LENGTH_ONLY_E)) {
+            if (ret != ((buf != NULL) ? MP_OKAY : WC_NO_ERR_TRACE(LENGTH_ONLY_E))) {
                 err = 1;
             }
         }
@@ -10375,8 +10625,8 @@ int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group,
  * @param [in]      group  EC group.
  * @param [in]      point  EC point.
  * @param [in]      form   Format of encoding. Valid values:
- *                         POINT_CONVERSION_UNCOMPRESSED,
- *                         POINT_CONVERSION_COMPRESSED.
+ *                         WC_POINT_CONVERSION_UNCOMPRESSED,
+ *                         WC_POINT_CONVERSION_COMPRESSED.
  * @param [in, out] bn     BN to hold point value.
  *                         When NULL a new BN is allocated otherwise this is
  *                         returned on success.
@@ -10593,10 +10843,10 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group,
     }
 
     /* Copy the externally set x and y ordinates. */
-    if ((ret == 1) && (BN_copy(x, point->X) == NULL)) {
+    if ((ret == 1) && (wolfSSL_BN_copy(x, point->X) == NULL)) {
         ret = 0;
     }
-    if ((ret == 1) && (BN_copy(y, point->Y) == NULL)) {
+    if ((ret == 1) && (wolfSSL_BN_copy(y, point->Y) == NULL)) {
         ret = 0;
     }
 
@@ -11350,43 +11600,43 @@ static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group,
     /* Check that the big numbers were allocated. */
     if ((at == NULL) || (bt == NULL) || (az == NULL) || (bz == NULL) ||
             (mod == NULL)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Get the modulus for the curve. */
     if ((ret == 0) &&
             (BN_hex2bn(&mod, ecc_sets[group->curve_idx].prime) != 1)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret == 0) {
         /* bt = Bx * (Az ^ 2). When Az is one then just copy. */
         if (BN_is_one(a->Z)) {
             if (BN_copy(bt, b->X) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
         /* az = Az ^ 2 */
         else if ((BN_mod_mul(az, a->Z, a->Z, mod, ctx) != 1)) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* bt = Bx * az = Bx * (Az ^ 2) */
         else if (BN_mod_mul(bt, b->X, az, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
         /* at = Ax * (Bz ^ 2). When Bz is one then just copy. */
         if (BN_is_one(b->Z)) {
             if (BN_copy(at, a->X) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
         /* bz = Bz ^ 2 */
         else if (BN_mod_mul(bz, b->Z, b->Z, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* at = Ax * bz = Ax * (Bz ^ 2) */
         else if (BN_mod_mul(at, a->X, bz, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     /* Compare x-ordinates. */
@@ -11397,32 +11647,32 @@ static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group,
         /* bt = By * (Az ^ 3). When Az is one then just copy. */
         if (BN_is_one(a->Z)) {
             if (BN_copy(bt, b->Y) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
         /* az = az * Az = Az ^ 3 */
         else if ((BN_mod_mul(az, az, a->Z, mod, ctx) != 1)) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* bt = By * az = By * (Az ^ 3) */
         else if (BN_mod_mul(bt, b->Y, az, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret == 0) {
         /* at = Ay * (Bz ^ 3). When Bz is one then just copy. */
         if (BN_is_one(b->Z)) {
             if (BN_copy(at, a->Y) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
         /* bz = bz * Bz = Bz ^ 3 */
         else if (BN_mod_mul(bz, bz, b->Z, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         /* at = Ay * bz = Ay * (Bz ^ 3) */
         else if (BN_mod_mul(at, a->Y, bz, mod, ctx) != 1) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     /* Compare y-ordinates. */
@@ -11462,7 +11712,7 @@ int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
     if ((group == NULL) || (a == NULL) || (a->internal == NULL) ||
             (b == NULL) || (b->internal == NULL)) {
         WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     if (ret != -1) {
     #ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN
@@ -11613,7 +11863,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId)
         /* Cache heap hint. */
         key->heap = heap;
         /* Initialize fields to defaults. */
-        key->form     = POINT_CONVERSION_UNCOMPRESSED;
+        key->form     = WC_POINT_CONVERSION_UNCOMPRESSED;
 
         /* Initialize reference count. */
         wolfSSL_RefInit(&key->ref, &err);
@@ -11639,7 +11889,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId)
 
     if (!err) {
         /* Group unknown at creation */
-        key->group = wolfSSL_EC_GROUP_new_by_curve_name(NID_undef);
+        key->group = wolfSSL_EC_GROUP_new_by_curve_name(WC_NID_undef);
         if (key->group == NULL) {
             WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure");
             err = 1;
@@ -11976,7 +12226,7 @@ int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out)
 {
     int ret = 1;
     size_t len = 0;
-    int form = POINT_CONVERSION_UNCOMPRESSED;
+    int form = WC_POINT_CONVERSION_UNCOMPRESSED;
 
     WOLFSSL_ENTER("wolfSSL_i2o_ECPublicKey");
 
@@ -11996,9 +12246,9 @@ int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out)
     if (ret == 1) {
     #ifdef HAVE_COMP_KEY
         /* Default to compressed form if not set */
-        form = (key->form != POINT_CONVERSION_UNCOMPRESSED) ?
-               POINT_CONVERSION_UNCOMPRESSED :
-               POINT_CONVERSION_COMPRESSED;
+        form = (key->form == WC_POINT_CONVERSION_UNCOMPRESSED) ?
+               WC_POINT_CONVERSION_UNCOMPRESSED :
+               WC_POINT_CONVERSION_COMPRESSED;
     #endif
 
         /* Calculate length of point encoding. */
@@ -12123,7 +12373,7 @@ WOLFSSL_EC_KEY* wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY** key,
  *
  * @param [in]      key  EC key to encode.
  * @param [in, out] out  On in, reference to buffer to place DER encoding into.
- *                       On out, reference to buffer adter the encoding.
+ *                       On out, reference to buffer after the encoding.
  *                       May be NULL.
  * @return  Length of DER encoding on success.
  * @return  0 on error.
@@ -12239,11 +12489,11 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
     if ((key == NULL) || (key->internal == NULL) || (derBuf == NULL) ||
             (derSz <= 0)) {
         WOLFSSL_MSG("Bad function arguments");
-        res = -1;
+        res = WOLFSSL_FATAL_ERROR;
     }
     if ((res == 1) && (opt != WOLFSSL_EC_KEY_LOAD_PRIVATE) &&
             (opt != WOLFSSL_EC_KEY_LOAD_PUBLIC)) {
-        res = -1;
+        res = WOLFSSL_FATAL_ERROR;
     }
 
     if (res == 1) {
@@ -12262,7 +12512,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
         /* Error out on parsing error. */
         else if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
             WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header");
-            res = -1;
+            res = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -12279,7 +12529,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
                 ecc_key *tmp = (ecc_key*)XMALLOC(sizeof(ecc_key),
                     ((ecc_key*)key->internal)->heap, DYNAMIC_TYPE_ECC);
                 if (tmp == NULL) {
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
                 else {
                     /* We now try again as x.963 [point type][x][opt y]. */
@@ -12311,7 +12561,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
             else {
                 WOLFSSL_MSG("wc_EccPublicKeyDecode failed");
             }
-            res = -1;
+            res = WOLFSSL_FATAL_ERROR;
         }
 
         /* Internal key updated - update whether it is a valid key. */
@@ -12321,12 +12571,62 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
     /* Set the external EC key based on value in internal. */
     if ((res == 1) && (SetECKeyExternal(key) != 1)) {
         WOLFSSL_MSG("SetECKeyExternal failed");
-        res = -1;
+        res = WOLFSSL_FATAL_ERROR;
     }
 
     return res;
 }
 
+
+#ifndef NO_BIO
+
+WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio,
+        WOLFSSL_EC_KEY **out)
+{
+    char* data = NULL;
+    int dataSz = 0;
+    int memAlloced = 0;
+    WOLFSSL_EC_KEY* ec = NULL;
+    int err = 0;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_EC_PUBKEY_bio");
+
+    if (bio == NULL)
+        return NULL;
+
+    if (err == 0 && wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
+        WOLFSSL_ERROR_MSG("wolfssl_read_bio failed");
+        err = 1;
+    }
+
+    if (err == 0 && (ec = wolfSSL_EC_KEY_new()) == NULL) {
+        WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_new failed");
+        err = 1;
+    }
+
+    /* Load the EC key with the public key from the DER encoding. */
+    if (err == 0 && wolfSSL_EC_KEY_LoadDer_ex(ec, (const unsigned char*)data,
+            dataSz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) {
+        WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_LoadDer_ex failed");
+        err = 1;
+    }
+
+    if (memAlloced)
+        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (err) { /* on error */
+        wolfSSL_EC_KEY_free(ec);
+        ec = NULL;
+    }
+    else { /* on success */
+        if (out != NULL)
+            *out = ec;
+    }
+
+    return ec;
+}
+
+#endif /* !NO_BIO */
+
 /*
  * EC key PEM APIs
  */
@@ -12612,7 +12912,7 @@ int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec)
  * @return  0 on error.
  */
 int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
-    const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
     wc_pem_password_cb* cb, void* arg)
 {
     int ret = 1;
@@ -12660,7 +12960,7 @@ int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
  * @return  0 on error.
  */
 int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec,
-    const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
     unsigned char **pem, int *pLen)
 {
 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
@@ -12692,7 +12992,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec,
         /* Calculate maximum size of DER encoding.
          * 4 > size of pub, priv + ASN.1 additional information */
         der_max_len = 4 * (word32)wc_ecc_size((ecc_key*)ec->internal) +
-                      AES_BLOCK_SIZE;
+                      WC_AES_BLOCK_SIZE;
 
         /* Allocate buffer big enough to hold encoding. */
         derBuf = (byte*)XMALLOC((size_t)der_max_len, NULL,
@@ -12749,7 +13049,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec,
  * @return  0 on error.
  */
 int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ec,
-    const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
+    const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
     wc_pem_password_cb *cb, void *pass)
 {
     int ret = 1;
@@ -12852,7 +13152,7 @@ int wolfSSL_EC_KEY_print_fp(XFILE fp, WOLFSSL_EC_KEY* key, int indent)
     if ((ret == 1) && (key->pub_key != NULL) && (key->pub_key->exSet)) {
         /* Get the public key point as one BN. */
         WOLFSSL_BIGNUM* pubBn = wolfSSL_EC_POINT_point2bn(key->group,
-            key->pub_key, POINT_CONVERSION_UNCOMPRESSED, NULL, NULL);
+            key->pub_key, WC_POINT_CONVERSION_UNCOMPRESSED, NULL, NULL);
         if (pubBn == NULL) {
             WOLFSSL_MSG("wolfSSL_EC_POINT_point2bn failed.");
             ret = 0;
@@ -12915,7 +13215,7 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
     /* Validate parameter. */
     if ((eckey == NULL) || (eckey->internal == NULL)) {
         WOLFSSL_MSG("ec key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         ecc_key* key = (ecc_key*)eckey->internal;
@@ -12930,13 +13230,13 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
             if (wc_ecc_copy_point(&key->pubkey,
                     (ecc_point*)eckey->pub_key->internal) != MP_OKAY) {
                 WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
 
             /* Set external public key from internal wolfCrypt, public key. */
             if ((ret == 1) && (ec_point_external_set(eckey->pub_key) != 1)) {
                 WOLFSSL_MSG("SetECKeyExternal ec_point_external_set failed");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
         }
 
@@ -12945,7 +13245,7 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
                 (wolfssl_bn_set_value(&eckey->priv_key,
                 wc_ecc_key_get_priv(key)) != 1)) {
             WOLFSSL_MSG("ec priv key error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         /* External values set when operations succeeded. */
@@ -12973,7 +13273,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
     if ((eckey == NULL) || (eckey->internal == NULL) ||
             (eckey->group == NULL)) {
         WOLFSSL_MSG("ec key NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         ecc_key* key = (ecc_key*)eckey->internal;
@@ -12983,7 +13283,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
         if ((eckey->group->curve_idx < 0) ||
             (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) {
             WOLFSSL_MSG("invalid curve idx");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
 
         if (ret == 1) {
@@ -12996,14 +13296,14 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
         if ((ret == 1) && pubSet) {
             if (ec_point_internal_set(eckey->pub_key) != 1) {
                 WOLFSSL_MSG("ec key pub error");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
             /* Copy public point to key. */
             if ((ret == 1) && (wc_ecc_copy_point(
                     (ecc_point*)eckey->pub_key->internal, &key->pubkey) !=
                     MP_OKAY)) {
                 WOLFSSL_MSG("wc_ecc_copy_point error");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
 
             if (ret == 1) {
@@ -13017,7 +13317,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
             if (wolfssl_bn_get_value(eckey->priv_key,
                     wc_ecc_key_get_priv(key)) != 1) {
                 WOLFSSL_MSG("ec key priv error");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
             /* private key */
             if ((ret == 1) && (!mp_iszero(wc_ecc_key_get_priv(key)))) {
@@ -13043,32 +13343,29 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
  * @return  Point conversion format on success.
  * @return  -1 on error.
  */
-point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key)
+wc_point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(
+    const WOLFSSL_EC_KEY* key)
 {
-    int ret = -1;
-
-    if (key != NULL) {
-        ret = key->form;
-    }
-
-    return ret;
+    if (key == NULL)
+        return WOLFSSL_FATAL_ERROR;
+    return key->form;
 }
 
 /* Set point conversion format into EC key.
  *
  * @param [in, out] key   EC key to set format into.
  * @param [in]      form  Point conversion format. Valid values:
- *                          POINT_CONVERSION_UNCOMPRESSED,
- *                          POINT_CONVERSION_COMPRESSED (when HAVE_COMP_KEY)
+ *                          WC_POINT_CONVERSION_UNCOMPRESSED,
+ *                          WC_POINT_CONVERSION_COMPRESSED (when HAVE_COMP_KEY)
  */
 void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *key, int form)
 {
     if (key == NULL) {
         WOLFSSL_MSG("Key passed in NULL");
     }
-    else if (form == POINT_CONVERSION_UNCOMPRESSED
+    else if (form == WC_POINT_CONVERSION_UNCOMPRESSED
 #ifdef HAVE_COMP_KEY
-          || form == POINT_CONVERSION_COMPRESSED
+          || form == WC_POINT_CONVERSION_COMPRESSED
 #endif
              ) {
         key->form = (unsigned char)form;
@@ -13777,7 +14074,7 @@ int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key)
 {
     int err = 0;
     int len = 0;
-    const EC_GROUP *group = NULL;
+    const WOLFSSL_EC_GROUP *group = NULL;
     int bits = 0;
 
     /* Validate parameter. */
@@ -13902,7 +14199,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
     if ((dgst == NULL) || (sig == NULL) || (key == NULL) ||
             (key->internal == NULL)) {
         WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Ensure internal EC key is set from external. */
@@ -13911,7 +14208,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
 
         if (SetECKeyInternal(key) != 1) {
             WOLFSSL_MSG("SetECKeyInternal failed");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -13922,7 +14219,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
                 (mp_int*)sig->s->internal, dgst, (word32)dLen, &verified,
                 (ecc_key *)key->internal) != MP_OKAY) {
             WOLFSSL_MSG("wc_ecc_verify_hash failed");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         else if (verified == 0) {
             WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
@@ -13936,7 +14233,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
                 (word32)dLen, &verified, (ecc_key*)key->internal);
             if (ret != MP_OKAY) {
                 WOLFSSL_MSG("wc_ecc_verify_hash failed");
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
             }
             else if (verified == 0) {
                 WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
@@ -14367,6 +14664,13 @@ int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz,
         res = 0;
     }
     if (res) {
+    #ifdef WOLFSSL_CURVE25519_BLINDING
+        /* An RNG is needed. */
+        if (wc_curve25519_set_rng(&privkey, wolfssl_make_global_rng()) != 0) {
+            res = 0;
+        }
+        else
+    #endif
         /* Initialize public key object. */
         if (wc_curve25519_init(&pubkey) != MP_OKAY) {
             WOLFSSL_MSG("wc_curve25519_init pubkey failed");
@@ -15188,7 +15492,7 @@ int wolfSSL_PEM_def_callback(char* buf, int num, int rwFlag, void* userData)
     if ((buf != NULL) && (userData != NULL)) {
         sz = (int)XSTRLEN((const char*)userData);
         sz = (int)min((word32)sz, (word32)num);
-        XMEMCPY(buf, userData, sz);
+        XMEMCPY(buf, userData, (size_t)sz);
     }
     else {
         WOLFSSL_MSG("Error, default password cannot be created.");
@@ -15214,24 +15518,24 @@ int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
     if ((bio != NULL) && (key != NULL)) {
         switch (key->type) {
 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
-            case EVP_PKEY_RSA:
+            case WC_EVP_PKEY_RSA:
                 ret = wolfSSL_PEM_write_bio_RSA_PUBKEY(bio, key->rsa);
                 break;
 #endif /* WOLFSSL_KEY_GEN && !NO_RSA */
 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && \
     (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
-            case EVP_PKEY_DSA:
+            case WC_EVP_PKEY_DSA:
                 ret = wolfSSL_PEM_write_bio_DSA_PUBKEY(bio, key->dsa);
                 break;
 #endif /* !NO_DSA && !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */
 #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
     defined(WOLFSSL_KEY_GEN)
-            case EVP_PKEY_EC:
+            case WC_EVP_PKEY_EC:
                 ret = wolfSSL_PEM_write_bio_EC_PUBKEY(bio, key->ecc);
                 break;
 #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */
 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
-            case EVP_PKEY_DH:
+            case WC_EVP_PKEY_DH:
                 /* DH public key not supported. */
                 WOLFSSL_MSG("Writing DH PUBKEY not supported!");
                 break;
@@ -15282,21 +15586,21 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
     #ifdef WOLFSSL_KEY_GEN
         switch (key->type) {
         #ifndef NO_RSA
-            case EVP_PKEY_RSA:
+            case WC_EVP_PKEY_RSA:
                 /* Write using RSA specific API. */
                 ret = wolfSSL_PEM_write_bio_RSAPrivateKey(bio, key->rsa,
                     cipher, passwd, len, cb, arg);
                 break;
         #endif
         #ifndef NO_DSA
-            case EVP_PKEY_DSA:
+            case WC_EVP_PKEY_DSA:
                 /* Write using DSA specific API. */
                 ret = wolfSSL_PEM_write_bio_DSAPrivateKey(bio, key->dsa,
                     cipher, passwd, len, cb, arg);
                 break;
         #endif
         #ifdef HAVE_ECC
-            case EVP_PKEY_EC:
+            case WC_EVP_PKEY_EC:
             #if defined(HAVE_ECC_KEY_EXPORT)
                 /* Write using EC specific API. */
                 ret = wolfSSL_PEM_write_bio_ECPrivateKey(bio, key->ecc,
@@ -15308,7 +15612,7 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
                 break;
         #endif
         #ifndef NO_DH
-            case EVP_PKEY_DH:
+            case WC_EVP_PKEY_DH:
                 /* Write using generic API with DH type. */
                 ret = der_write_to_bio_as_pem((byte*)key->pkey.ptr,
                     key->pkey_sz, bio, DH_PRIVATEKEY_TYPE);
@@ -15324,22 +15628,22 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
 
         switch (key->type) {
         #ifndef NO_DSA
-            case EVP_PKEY_DSA:
+            case WC_EVP_PKEY_DSA:
                 type = DSA_PRIVATEKEY_TYPE;
                 break;
         #endif
         #ifdef HAVE_ECC
-            case EVP_PKEY_EC:
+            case WC_EVP_PKEY_EC:
                 type = ECC_PRIVATEKEY_TYPE;
                 break;
         #endif
         #ifndef NO_DH
-            case EVP_PKEY_DH:
+            case WC_EVP_PKEY_DH:
                 type = DH_PRIVATEKEY_TYPE;
                 break;
         #endif
         #ifndef NO_RSA
-            case EVP_PKEY_RSA:
+            case WC_EVP_PKEY_RSA:
                 type = PRIVATEKEY_TYPE;
                 break;
         #endif
@@ -15448,25 +15752,26 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
 
     if (!err) {
         const unsigned char* ptr = der->buffer;
-        int type = -1;
+        int type;
 
         /* Set key type based on format returned. */
         switch (keyFormat) {
             /* No key format set - default to RSA. */
             case 0:
             case RSAk:
-                type = EVP_PKEY_RSA;
+                type = WC_EVP_PKEY_RSA;
                 break;
             case DSAk:
-                type = EVP_PKEY_DSA;
+                type = WC_EVP_PKEY_DSA;
                 break;
             case ECDSAk:
-                type = EVP_PKEY_EC;
+                type = WC_EVP_PKEY_EC;
                 break;
             case DHk:
-                type = EVP_PKEY_DH;
+                type = WC_EVP_PKEY_DH;
                 break;
             default:
+                type = WOLFSSL_FATAL_ERROR;
                 break;
         }
 
@@ -15494,6 +15799,14 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
 
     return pkey;
 }
+
+
+WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(
+    WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb,
+    void* arg)
+{
+    return wolfSSL_PEM_read_bio_PrivateKey(bio, key, cb, arg);
+}
 #endif /* !NO_BIO */
 
 #if !defined(NO_FILESYSTEM)
@@ -15586,25 +15899,26 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **key,
 
     if (!err) {
         const unsigned char* ptr = der->buffer;
-        int type = -1;
+        int type;
 
         /* Set key type based on format returned. */
         switch (keyFormat) {
             /* No key format set - default to RSA. */
             case 0:
             case RSAk:
-                type = EVP_PKEY_RSA;
+                type = WC_EVP_PKEY_RSA;
                 break;
             case DSAk:
-                type = EVP_PKEY_DSA;
+                type = WC_EVP_PKEY_DSA;
                 break;
             case ECDSAk:
-                type = EVP_PKEY_EC;
+                type = WC_EVP_PKEY_EC;
                 break;
             case DHk:
-                type = EVP_PKEY_DH;
+                type = WC_EVP_PKEY_DH;
                 break;
             default:
+                type = WOLFSSL_FATAL_ERROR;
                 break;
         }
 
@@ -15672,7 +15986,7 @@ static void pem_find_pattern(char* pem, int pemLen, int idx, const char* prefix,
     /* Find prefix part. */
     for (; idx < pemLen - prefixLen; idx++) {
         if ((pem[idx] == prefix[0]) &&
-                (XMEMCMP(pem + idx, prefix, prefixLen) == 0)) {
+                (XMEMCMP(pem + idx, prefix, (size_t)prefixLen) == 0)) {
             idx += prefixLen;
             *start = idx;
             break;
@@ -15681,7 +15995,7 @@ static void pem_find_pattern(char* pem, int pemLen, int idx, const char* prefix,
     /* Find postfix part. */
     for (; idx < pemLen - postfixLen; idx++) {
         if ((pem[idx] == postfix[0]) &&
-                (XMEMCMP(pem + idx, postfix, postfixLen) == 0)) {
+                (XMEMCMP(pem + idx, postfix, (size_t)postfixLen) == 0)) {
             *len = idx - *start;
             break;
         }
@@ -15717,7 +16031,7 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header,
     /* Find header. */
     pem_find_pattern(pem, pemLen, 0, PEM_BEGIN, PEM_HDR_FIN, &start, &nameLen);
     /* Allocate memory for header name. */
-    *name = (char*)XMALLOC(nameLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    *name = (char*)XMALLOC((size_t)nameLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (*name == NULL) {
         ret = MEMORY_E;
     }
@@ -15728,7 +16042,7 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header,
             ret = ASN_NO_PEM_HEADER;
         }
         else {
-            XMEMCPY(*name, pem + start, nameLen);
+            XMEMCPY(*name, pem + start, (size_t)nameLen);
         }
     }
     if (ret == 0) {
@@ -15740,7 +16054,8 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header,
             hdrLen++;
         }
         /* Allocate memory for encryption header string. */
-        *header = (char*)XMALLOC(hdrLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        *header = (char*)XMALLOC((size_t)hdrLen + 1, NULL,
+                                    DYNAMIC_TYPE_TMP_BUFFER);
         if (*header == NULL) {
             ret = MEMORY_E;
         }
@@ -15749,7 +16064,7 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header,
         /* Put in encryption header string. */
         (*header)[hdrLen] = '\0';
         if (hdrLen > 0) {
-            XMEMCPY(*header, pem + startHdr, hdrLen);
+            XMEMCPY(*header, pem + startHdr, (size_t)hdrLen);
             start = startHdr + hdrLen + 1;
         }
 
@@ -15758,7 +16073,7 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header,
             &endLen);
         /* Validate header name and footer name are the same. */
         if ((endLen != nameLen) ||
-                 (XMEMCMP(*name, pem + startEnd, nameLen) != 0)) {
+                 (XMEMCMP(*name, pem + startEnd, (size_t)nameLen) != 0)) {
             ret = ASN_NO_PEM_HEADER;
         }
     }
@@ -15808,13 +16123,13 @@ static int pem_write_data(const char *name, const char *header,
     pemLen  = (derLen + 2) / 3 * 4;
     pemLen += (pemLen + 63) / 64;
     /* Header */
-    pemLen += PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ;
+    pemLen += (word32)(PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ);
     if (headerLen > 0) {
         /* Encryption lines plus extra carriage return. */
-        pemLen += headerLen + 1;
+        pemLen += (word32)headerLen + 1;
     }
     /* Trailer */
-    pemLen += PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ;
+    pemLen += (word32)(PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ);
 
     pem = (char*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (pem == NULL) {
@@ -15826,14 +16141,14 @@ static int pem_write_data(const char *name, const char *header,
         /* Add header. */
         XMEMCPY(p, PEM_BEGIN, PEM_BEGIN_SZ);
         p += PEM_BEGIN_SZ;
-        XMEMCPY(p, name, nameLen);
+        XMEMCPY(p, name, (size_t)nameLen);
         p += nameLen;
         XMEMCPY(p, PEM_HDR_FIN_EOL_NEWLINE, PEM_HDR_FIN_EOL_SZ);
         p += PEM_HDR_FIN_EOL_SZ;
 
         if (headerLen > 0) {
             /* Add encryption header. */
-            XMEMCPY(p, header, headerLen);
+            XMEMCPY(p, header, (size_t)headerLen);
             p += headerLen;
             /* Blank line after a header and before body. */
             *(p++) = '\n';
@@ -15849,7 +16164,7 @@ static int pem_write_data(const char *name, const char *header,
         /* Add trailer. */
         XMEMCPY(p, PEM_END, PEM_END_SZ);
         p += PEM_END_SZ;
-        XMEMCPY(p, name, nameLen);
+        XMEMCPY(p, name, (size_t)nameLen);
         p += nameLen;
         XMEMCPY(p, PEM_HDR_FIN_EOL_NEWLINE, PEM_HDR_FIN_EOL_SZ);
         p += PEM_HDR_FIN_EOL_SZ;
@@ -15897,13 +16212,13 @@ int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header,
     }
     if ((res == 1) && (!memAlloced)) {
         /* Need to return allocated memory - make sure it is allocated. */
-        char* p = (char*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        char* p = (char*)XMALLOC((size_t)pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (p == NULL) {
             res = 0;
         }
         else {
             /* Copy the data into new buffer. */
-            XMEMCPY(p, pem, pemLen);
+            XMEMCPY(p, pem, (size_t)pemLen);
             pem = p;
         }
     }
@@ -15955,7 +16270,7 @@ int wolfSSL_PEM_write_bio(WOLFSSL_BIO* bio, const char *name,
     }
 
     XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    return (!err) ? pemLen : 0;
+    return (!err) ? (int)pemLen : 0;
 }
 #endif /* !NO_BIO */
 
@@ -16126,8 +16441,6 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len,
 #ifdef OPENSSL_ALL
 #if !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
 
-#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \
-    !defined(NO_STDIO_FILESYSTEM))
 /* Encrypt the key into a buffer using PKCS$8 and a password.
  *
  * @param [in]      pkey      Private key to encrypt.
@@ -16140,7 +16453,7 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len,
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when EVP cipher not supported.
  */
-static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
+int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
     const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key,
     word32* keySz)
 {
@@ -16182,7 +16495,8 @@ static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
 
         if (ret == 0) {
             /* Encrypt private into buffer. */
-            ret = TraditionalEnc((byte*)pkey->pkey.ptr, pkey->pkey_sz,
+            ret = TraditionalEnc((byte*)pkey->pkey.ptr + pkey->pkcs8HeaderSz,
+                (word32)pkey->pkey_sz - pkey->pkcs8HeaderSz,
                 key, keySz, passwd, passwdSz, PKCS5, PBES2, encAlgId,
                 NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL);
             if (ret > 0) {
@@ -16204,42 +16518,75 @@ static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
  * @param                  On out, size of encoded key in bytes.
  * @return  0 on success.
  */
-static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz)
+int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz)
 {
     int ret = 0;
-    int algId;
-    const byte* curveOid;
-    word32 oidSz;
+    int algId = 0;
+    const byte* curveOid = 0;
+    word32 oidSz = 0;
 
     /* Get the details of the private key. */
 #ifdef HAVE_ECC
-    if (pkey->type == EVP_PKEY_EC) {
+    if (pkey->type == WC_EVP_PKEY_EC) {
         /* ECC private and get curve OID information. */
         algId = ECDSAk;
-        ret = wc_ecc_get_oid(pkey->ecc->group->curve_oid, &curveOid,
+        ret = wc_ecc_get_oid((word32)pkey->ecc->group->curve_oid, &curveOid,
             &oidSz);
     }
     else
 #endif
-    if (pkey->type == EVP_PKEY_RSA) {
+    if (pkey->type == WC_EVP_PKEY_RSA) {
         /* RSA private has no curve information. */
         algId = RSAk;
         curveOid = NULL;
         oidSz = 0;
     }
+    else if (pkey->type == WC_EVP_PKEY_DSA) {
+        /* DSA has no curve information. */
+        algId = DSAk;
+        curveOid = NULL;
+        oidSz = 0;
+    }
+#ifndef NO_DH
+    else if (pkey->type == WC_EVP_PKEY_DH) {
+        if (pkey->dh == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pkey->dh->priv_key != NULL || pkey->dh->pub_key != NULL) {
+            /* Special case. DH buffer is always in PKCS8 format */
+            if (keySz == NULL)
+                return BAD_FUNC_ARG;
+
+            *keySz = (word32)pkey->pkey_sz;
+            if (key == NULL)
+                return LENGTH_ONLY_E;
+
+            XMEMCPY(key, pkey->pkey.ptr, pkey->pkey_sz);
+            return pkey->pkey_sz;
+        }
+
+        /* DH has no curve information. */
+        algId = DHk;
+        curveOid = NULL;
+        oidSz = 0;
+    }
+#endif
     else {
         ret = NOT_COMPILED_IN;
     }
 
     if (ret >= 0) {
         /* Encode private key in PKCS#8 format. */
-        ret = wc_CreatePKCS8Key(key, keySz, (byte*)pkey->pkey.ptr,
-            pkey->pkey_sz, algId, curveOid, oidSz);
+        ret = wc_CreatePKCS8Key(key, keySz, (byte*)pkey->pkey.ptr +
+            pkey->pkcs8HeaderSz, (word32)pkey->pkey_sz - pkey->pkcs8HeaderSz,
+            algId, curveOid, oidSz);
     }
 
     return ret;
 }
 
+#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \
+    !defined(NO_STDIO_FILESYSTEM))
 /* Write PEM encoded, PKCS#8 formatted private key to BIO.
  *
  * @param [out] pem       Buffer holding PEM encoding.
@@ -16262,7 +16609,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,
     int ret = 0;
     char password[NAME_SZ];
     byte* key = NULL;
-    word32 keySz;
+    word32 keySz = 0;
     int type = PKCS8_PRIVATEKEY_TYPE;
 
     /* Validate parameters. */
@@ -16272,7 +16619,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,
 
     if (res == 1) {
         /* Guestimate key size and PEM size. */
-        if (pem_pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
+        if (pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             res = 0;
         }
     }
@@ -16320,7 +16667,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,
 
         if (res == 1) {
             /* Encrypt the private key. */
-            ret = pem_pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz);
+            ret = pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz);
             if (ret <= 0) {
                 res = 0;
             }
@@ -16336,7 +16683,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,
         type = PKCS8_PRIVATEKEY_TYPE;
 
         /* Encode private key in PKCS#8 format. */
-        ret = pem_pkcs8_encode(pkey, key, &keySz);
+        ret = pkcs8_encode(pkey, key, &keySz);
         if (ret < 0) {
             res = 0;
         }
@@ -16402,6 +16749,13 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
     XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return res;
 }
+
+int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
+        PKCS8_PRIV_KEY_INFO* keyInfo)
+{
+    return wolfSSL_PEM_write_bio_PKCS8PrivateKey(bio, keyInfo, NULL, NULL, 0,
+            NULL, NULL);
+}
 #endif /* !NO_BIO */
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
diff --git a/src/quic.c b/src/quic.c
index d28abe5a0..5791a7d7c 100644
--- a/src/quic.c
+++ b/src/quic.c
@@ -1,6 +1,6 @@
 /* quic.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,14 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
   /* Name change compatibility layer no longer needs to be included here */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -154,18 +150,16 @@ static int quic_record_append(WOLFSSL *ssl, QuicRecord *qr, const uint8_t *data,
         }
     }
 
-    if (quic_record_complete(qr) || len == 0) {
-        return 0;
+    if (!quic_record_complete(qr) && len != 0) {
+        missing = qr->len - qr->end;
+        if (len > missing) {
+            len = missing;
+        }
+        XMEMCPY(qr->data + qr->end, data, len);
+        qr->end += (word32)len;
+        consumed += len;
     }
 
-    missing = qr->len - qr->end;
-    if (len > missing) {
-        len = missing;
-    }
-    XMEMCPY(qr->data + qr->end, data, len);
-    qr->end += (word32)len;
-    consumed += len;
-
 cleanup:
     *pconsumed = (ret == WOLFSSL_SUCCESS) ? consumed : 0;
     return ret;
@@ -200,7 +194,7 @@ static sword32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
 
     /* We check if the buf is at least RECORD_HEADER_SZ */
     if (sz < RECORD_HEADER_SZ) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (qr->rec_hdr_remain == 0) {
@@ -614,7 +608,7 @@ int wolfSSL_quic_do_handshake(WOLFSSL* ssl)
             else {
                 ret = wolfSSL_read_early_data(ssl, tmpbuffer,
                                               sizeof(tmpbuffer), &len);
-                if (ret < 0 && ssl->error == ZERO_RETURN) {
+                if (ret < 0 && ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) {
                     /* this is expected, since QUIC handles the actual early
                      * data separately. */
                     ret = WOLFSSL_SUCCESS;
@@ -634,7 +628,9 @@ int wolfSSL_quic_do_handshake(WOLFSSL* ssl)
 cleanup:
     if (ret <= 0
         && ssl->options.handShakeState == HANDSHAKE_DONE
-        && (ssl->error == ZERO_RETURN || ssl->error == WANT_READ)) {
+        && (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN) ||
+            ssl->error == WC_NO_ERR_TRACE(WANT_READ)))
+    {
         ret = WOLFSSL_SUCCESS;
     }
     if (ret == WOLFSSL_SUCCESS) {
@@ -783,7 +779,7 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
 
             /* record too small to be fit into a RecordLayerHeader struct. */
             if (n == -1) {
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             if (quic_record_done(ssl->quic.input_head)) {
                 QuicRecord* qr = ssl->quic.input_head;
@@ -925,8 +921,12 @@ int wolfSSL_quic_forward_secrets(WOLFSSL* ssl, int ktype, int side)
         goto cleanup;
     }
 
-    ret = !ssl->quic.method->set_encryption_secrets(
-        ssl, level, rx_secret, tx_secret, ssl->specs.hash_size);
+    if(!ssl->quic.method->set_encryption_secrets(
+        ssl, level, rx_secret, tx_secret, ssl->specs.hash_size)) {
+        WOLFSSL_MSG("WOLFSSL_QUIC_FORWARD_SECRETS failed");
+        ret = WOLFSSL_FATAL_ERROR;
+        goto cleanup;
+    }
 
     /* Having installed the secrets, any future read/write will happen
      * at the level. Except early data, which is detected on the record
@@ -1191,7 +1191,7 @@ int wolfSSL_quic_hkdf_extract(uint8_t* dest, const WOLFSSL_EVP_MD* md,
 
     WOLFSSL_ENTER("wolfSSL_quic_hkdf_extract");
 
-    pctx = wolfSSL_EVP_PKEY_CTX_new_id(NID_hkdf, NULL);
+    pctx = wolfSSL_EVP_PKEY_CTX_new_id(WC_NID_hkdf, NULL);
     if (pctx == NULL) {
         ret = WOLFSSL_FAILURE;
         goto cleanup;
@@ -1199,7 +1199,7 @@ int wolfSSL_quic_hkdf_extract(uint8_t* dest, const WOLFSSL_EVP_MD* md,
 
     if (wolfSSL_EVP_PKEY_derive_init(pctx) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_hkdf_mode(
-                pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) != WOLFSSL_SUCCESS
+                pctx, WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set_hkdf_md(pctx, md) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(
                 pctx, (byte*)salt, (int)saltlen) != WOLFSSL_SUCCESS
@@ -1228,7 +1228,7 @@ int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen,
 
     WOLFSSL_ENTER("wolfSSL_quic_hkdf_expand");
 
-    pctx = wolfSSL_EVP_PKEY_CTX_new_id(NID_hkdf, NULL);
+    pctx = wolfSSL_EVP_PKEY_CTX_new_id(WC_NID_hkdf, NULL);
     if (pctx == NULL) {
         ret = WOLFSSL_FAILURE;
         goto cleanup;
@@ -1236,7 +1236,7 @@ int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen,
 
     if (wolfSSL_EVP_PKEY_derive_init(pctx) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_hkdf_mode(
-                pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) != WOLFSSL_SUCCESS
+                pctx, WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set_hkdf_md(pctx, md) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(
                 pctx, (byte*)"", 0) != WOLFSSL_SUCCESS
@@ -1251,7 +1251,7 @@ int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen,
 
 cleanup:
     if (pctx)
-        EVP_PKEY_CTX_free(pctx);
+        wolfSSL_EVP_PKEY_CTX_free(pctx);
     WOLFSSL_LEAVE("wolfSSL_quic_hkdf_expand", ret);
     return ret;
 }
@@ -1268,7 +1268,7 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
 
     WOLFSSL_ENTER("wolfSSL_quic_hkdf");
 
-    pctx = wolfSSL_EVP_PKEY_CTX_new_id(NID_hkdf, NULL);
+    pctx = wolfSSL_EVP_PKEY_CTX_new_id(WC_NID_hkdf, NULL);
     if (pctx == NULL) {
         ret = WOLFSSL_FAILURE;
         goto cleanup;
@@ -1276,7 +1276,7 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
 
     if (wolfSSL_EVP_PKEY_derive_init(pctx) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_hkdf_mode(
-                pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) != WOLFSSL_SUCCESS
+                pctx, WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set_hkdf_md(pctx, md) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(
                 pctx, (byte*)salt, (int)saltlen) != WOLFSSL_SUCCESS
@@ -1291,7 +1291,7 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
 
 cleanup:
     if (pctx)
-        EVP_PKEY_CTX_free(pctx);
+        wolfSSL_EVP_PKEY_CTX_free(pctx);
     WOLFSSL_LEAVE("wolfSSL_quic_hkdf", ret);
     return ret;
 }
@@ -1344,7 +1344,7 @@ int wolfSSL_quic_aead_encrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* ctx,
                 ctx, dest, &len, plain, (int)plainlen) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_CipherFinal(ctx, dest + len, &len) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_CIPHER_CTX_ctrl(
-                ctx, EVP_CTRL_AEAD_GET_TAG, ctx->authTagSz, dest + plainlen)
+                ctx, WOLFSSL_EVP_CTRL_AEAD_GET_TAG, ctx->authTagSz, dest + plainlen)
            != WOLFSSL_SUCCESS) {
         return WOLFSSL_FAILURE;
     }
@@ -1371,7 +1371,7 @@ int wolfSSL_quic_aead_decrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* ctx,
 
     if (wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 0) != WOLFSSL_SUCCESS
         || wolfSSL_EVP_CIPHER_CTX_ctrl(
-                ctx, EVP_CTRL_AEAD_SET_TAG, ctx->authTagSz, (uint8_t*)tag)
+                ctx, WOLFSSL_EVP_CTRL_AEAD_SET_TAG, ctx->authTagSz, (uint8_t*)tag)
             != WOLFSSL_SUCCESS
         || wolfSSL_EVP_CipherUpdate(ctx, NULL, &len, aad, (int)aadlen)
             != WOLFSSL_SUCCESS
diff --git a/src/sniffer.c b/src/sniffer.c
index 31d54a949..4d0c8e1ca 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -1,6 +1,6 @@
 /* sniffer.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,14 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/wc_port.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     #include <wolfssl/wolfcrypt/async.h>
@@ -227,8 +220,8 @@ BOOL APIENTRY DllMain( HMODULE hModule,
 #endif /* _WIN32 */
 
 
-static WOLFSSL_GLOBAL int TraceOn = 0;         /* Trace is off by default */
-static WOLFSSL_GLOBAL XFILE TraceFile = 0;
+static WC_THREADSHARED int TraceOn = 0;         /* Trace is off by default */
+static WC_THREADSHARED XFILE TraceFile = 0;
 
 
 /* windows uses .rc table for this */
@@ -566,52 +559,52 @@ typedef struct SnifferSession {
 
 
 /* Sniffer Server List and mutex */
-static THREAD_LS_T WOLFSSL_GLOBAL SnifferServer* ServerList = NULL;
+static THREAD_LS_T SnifferServer* ServerList = NULL;
 #ifndef HAVE_C___ATOMIC
-static WOLFSSL_GLOBAL wolfSSL_Mutex ServerListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ServerListMutex);
+static WC_THREADSHARED wolfSSL_Mutex ServerListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ServerListMutex);
 #endif
 
 /* Session Hash Table, mutex, and count */
-static THREAD_LS_T WOLFSSL_GLOBAL SnifferSession* SessionTable[HASH_SIZE];
+static THREAD_LS_T SnifferSession* SessionTable[HASH_SIZE];
 #ifndef HAVE_C___ATOMIC
-static WOLFSSL_GLOBAL wolfSSL_Mutex SessionMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(SessionMutex);
+static WC_THREADSHARED wolfSSL_Mutex SessionMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(SessionMutex);
 #endif
-static THREAD_LS_T WOLFSSL_GLOBAL int SessionCount = 0;
+static THREAD_LS_T int SessionCount = 0;
 
-static WOLFSSL_GLOBAL int RecoveryEnabled    = 0;  /* global switch */
-static WOLFSSL_GLOBAL int MaxRecoveryMemory  = -1;
+static WC_THREADSHARED int RecoveryEnabled    = 0;  /* global switch */
+static WC_THREADSHARED int MaxRecoveryMemory  = -1;
                                            /* per session max recovery memory */
 #ifndef WOLFSSL_SNIFFER_NO_RECOVERY
 /* Recovery of missed data switches and stats */
-static WOLFSSL_GLOBAL wolfSSL_Mutex RecoveryMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(RecoveryMutex); /* for stats */
+static WC_THREADSHARED wolfSSL_Mutex RecoveryMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(RecoveryMutex); /* for stats */
 /* # of sessions with missed data */
-static WOLFSSL_GLOBAL word32 MissedDataSessions = 0;
+static WC_THREADSHARED word32 MissedDataSessions = 0;
 #endif
 
 /* Connection Info Callback */
-static WOLFSSL_GLOBAL SSLConnCb ConnectionCb;
-static WOLFSSL_GLOBAL void*     ConnectionCbCtx = NULL;
+static WC_THREADSHARED SSLConnCb ConnectionCb;
+static WC_THREADSHARED void*     ConnectionCbCtx = NULL;
 
 #ifdef WOLFSSL_SNIFFER_STATS
 /* Sessions Statistics */
-static WOLFSSL_GLOBAL SSLStats SnifferStats;
-static WOLFSSL_GLOBAL wolfSSL_Mutex StatsMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(StatsMutex);
+static WC_THREADSHARED SSLStats SnifferStats;
+static WC_THREADSHARED wolfSSL_Mutex StatsMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(StatsMutex);
 #endif
 
 #ifdef WOLFSSL_SNIFFER_KEY_CALLBACK
-static WOLFSSL_GLOBAL SSLKeyCb KeyCb;
-static WOLFSSL_GLOBAL void*    KeyCbCtx = NULL;
+static WC_THREADSHARED SSLKeyCb KeyCb;
+static WC_THREADSHARED void*    KeyCbCtx = NULL;
 #endif
 
 #ifdef WOLFSSL_SNIFFER_WATCH
 /* Watch Key Callback */
-static WOLFSSL_GLOBAL SSLWatchCb WatchCb;
-static WOLFSSL_GLOBAL void*      WatchCbCtx = NULL;
+static WC_THREADSHARED SSLWatchCb WatchCb;
+static WC_THREADSHARED void*      WatchCbCtx = NULL;
 #endif
 
 #ifdef WOLFSSL_SNIFFER_STORE_DATA_CB
 /* Store Data Callback */
-static WOLFSSL_GLOBAL SSLStoreDataCb StoreDataCb;
+static WC_THREADSHARED SSLStoreDataCb StoreDataCb;
 #endif
 
 
@@ -656,7 +649,7 @@ static void UpdateMissedDataSessions(void)
 
 
 #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT)
-    static WOLFSSL_GLOBAL int CryptoDeviceId = INVALID_DEVID;
+    static WC_THREADSHARED int CryptoDeviceId = INVALID_DEVID;
 #endif
 
 #if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
@@ -1656,31 +1649,31 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
     int ret = -1;
 
     if (keyBuf == NULL || keyBufSz == NULL || keyFile == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (keySz == 0) {
         /* load from file */
         file = XFOPEN(keyFile, "rb");
-        if (file == XBADFILE) return -1;
+        if (file == XBADFILE) return WOLFSSL_FATAL_ERROR;
         if(XFSEEK(file, 0, XSEEK_END) != 0) {
             XFCLOSE(file);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         fileSz = XFTELL(file);
         if (fileSz > MAX_WOLFSSL_FILE_SIZE || fileSz < 0) {
             XFCLOSE(file);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         if(XFSEEK(file, 0, XSEEK_SET) != 0) {
             XFCLOSE(file);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         loadBuf = (byte*)XMALLOC(fileSz, NULL, DYNAMIC_TYPE_FILE);
         if (loadBuf == NULL) {
             XFCLOSE(file);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         ret = (int)XFREAD(loadBuf, 1, fileSz, file);
@@ -1688,14 +1681,14 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
 
         if (ret != fileSz) {
             XFREE(loadBuf, NULL, DYNAMIC_TYPE_FILE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
     else {
         /* use buffer directly */
         loadBuf = (byte*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_FILE);
         if (loadBuf == NULL) {
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         fileSz = keySz;
         XMEMCPY(loadBuf, keyFile, fileSz);
@@ -1732,7 +1725,7 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
     }
 
     if (ret < 0) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -1751,14 +1744,14 @@ static int CreateWatchSnifferServer(char* error)
             DYNAMIC_TYPE_SNIFFER_SERVER);
     if (sniffer == NULL) {
         SetError(MEMORY_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     InitSnifferServer(sniffer);
     sniffer->ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
     if (!sniffer->ctx) {
         SetError(MEMORY_STR, error, NULL, 0);
         FreeSnifferServer(sniffer);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT)
     if (CryptoDeviceId != INVALID_DEVID)
@@ -1800,7 +1793,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
                 NULL, DYNAMIC_TYPE_SNIFFER_NAMED_KEY);
         if (namedKey == NULL) {
             SetError(MEMORY_STR, error, NULL, 0);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         XMEMSET(namedKey, 0, sizeof(NamedKey));
 
@@ -1815,7 +1808,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
         if (ret < 0) {
             SetError(KEY_FILE_STR, error, NULL, 0);
             FreeNamedKey(namedKey);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -1849,7 +1842,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
 #ifdef HAVE_SNI
             FreeNamedKey(namedKey);
 #endif
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         InitSnifferServer(sniffer);
 
@@ -1865,7 +1858,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
             FreeNamedKey(namedKey);
 #endif
             FreeSnifferServer(sniffer);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT)
         if (CryptoDeviceId != INVALID_DEVID)
@@ -1906,7 +1899,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
             SetError(KEY_FILE_STR, error, NULL, 0);
             if (isNew)
                 FreeSnifferServer(sniffer);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     #ifdef WOLF_CRYPTO_CB
         wolfSSL_CTX_SetDevId(sniffer->ctx, CryptoDeviceId);
@@ -2124,7 +2117,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error)
 
     if (version != IPV6) {
         SetError(BAD_IPVER_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* Here, we need to move onto next header if not TCP. */
@@ -2134,7 +2127,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error)
             int hdrsz = (exthdr->length + 1) * 8;
             if (hdrsz > length - exthdrsz) {
                 SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             exthdrsz += hdrsz;
             exthdr = (Ip6ExtHdr*)((byte*)exthdr + hdrsz);
@@ -2146,7 +2139,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error)
 #ifndef WOLFSSL_SNIFFER_WATCH
     if (!IsServerRegistered6(iphdr->src) && !IsServerRegistered6(iphdr->dst)) {
         SetError(SERVER_NOT_REG_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -2180,12 +2173,12 @@ static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error,
 
     if (version != IPV4) {
         SetError(BAD_IPVER_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (iphdr->protocol != TCP_PROTOCOL) {
         SetError(BAD_PROTO_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     info->length  = IP_HL(iphdr);
@@ -2577,7 +2570,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
                 if (args->length > *sslBytes) {
                     SetError(PARTIAL_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
             }
 
@@ -2800,7 +2793,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
                 if (args->length > *sslBytes) {
                     SetError(PARTIAL_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
 
                 /* if curve not provided in key share data, then use private
@@ -2893,7 +2886,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
                 if (args->length > *sslBytes) {
                     SetError(PARTIAL_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
             }
             if (ret == 0) {
@@ -2976,7 +2969,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
                 if (args->length > *sslBytes) {
                     SetError(PARTIAL_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    ret = -1;
+                    ret = WOLFSSL_FATAL_ERROR;
                 }
             }
             if (ret == 0) {
@@ -3162,13 +3155,13 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
         if (SetCipherSpecs(session->sslServer) != 0) {
             SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
             session->verboseErr = 1;
-            ret = -1; break;
+            ret = WOLFSSL_FATAL_ERROR; break;
         }
 
         if (SetCipherSpecs(session->sslClient) != 0) {
             SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
             session->verboseErr = 1;
-            ret = -1; break;
+            ret = WOLFSSL_FATAL_ERROR; break;
         }
 
     #ifdef WOLFSSL_TLS13
@@ -3200,7 +3193,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
         }
         if (ret != 0) {
             SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
-            ret = -1; break;
+            ret = WOLFSSL_FATAL_ERROR; break;
         }
 
     #ifdef SHOW_SECRETS
@@ -3260,7 +3253,7 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
         session->sslServer->buffers.key->length == 0) {
 
         SetError(RSA_KEY_MISSING_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -3288,7 +3281,7 @@ static int ProcessKeyShare(KeyShareInfo* info, const byte* input, int len,
             info->key_len = (word16)((input[index] << 8) | input[index+1]);
             index += OPAQUE16_LEN;
             if (info->key_len == 0 || info->key_len > len - index) {
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             info->key = &input[index];
             index += info->key_len;
@@ -3392,7 +3385,7 @@ static int ProcessServerKeyShare(SnifferSession* session, const byte* input, int
     }
     if (ret != 0) {
         SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -3417,7 +3410,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
     /* make sure can read through hint len */
     if (TICKET_HINT_LEN > *sslBytes) {
         SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     input     += TICKET_HINT_LEN; /* skip over hint len */
     *sslBytes -= TICKET_HINT_LEN;
@@ -3428,7 +3421,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
         /* make sure can read through hint age and nonce len */
         if (TICKET_HINT_AGE_LEN + 1 > *sslBytes) {
             SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         input     += TICKET_HINT_AGE_LEN; /* skip over hint age */
         *sslBytes -= TICKET_HINT_AGE_LEN;
@@ -3437,7 +3430,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
         len = input[0];
         if (len > MAX_TICKET_NONCE_STATIC_SZ) {
             SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         input += OPAQUE8_LEN;
         *sslBytes -= OPAQUE8_LEN;
@@ -3455,7 +3448,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
     /* make sure can read through len */
     if (OPAQUE16_LEN > *sslBytes) {
         SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     len = (word16)((input[0] << 8) | input[1]);
@@ -3465,7 +3458,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
     /* make sure can read through ticket */
     if (len > *sslBytes) {
         SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_TLS13
@@ -3475,7 +3468,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
     #ifdef HAVE_SESSION_TICKET
         if (SetTicket(session->sslServer, input, len) != 0) {
             SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         /* set haveSessionId to use the wolfSession cache */
@@ -3502,7 +3495,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
         /* capture last part of sessionID as macID (32 bytes) */
         if (len < ID_LEN) {
             SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         /* store session with macID as sessionID */
         session->sslServer->options.haveSessionId = 1;
@@ -3546,7 +3539,7 @@ static int DoResume(SnifferSession* session, char* error)
             INC_STAT(SnifferStats.sslResumeMisses);
         #endif
             SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -3571,13 +3564,13 @@ static int DoResume(SnifferSession* session, char* error)
     if (SetCipherSpecs(session->sslServer) != 0) {
         SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
         session->verboseErr = 1;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (SetCipherSpecs(session->sslClient) != 0) {
         SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
         session->verboseErr = 1;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_TLS13
@@ -3616,7 +3609,7 @@ static int DoResume(SnifferSession* session, char* error)
 
     if (ret != 0) {
         SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -3645,7 +3638,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
     /* make sure can read through session len */
     if (toRead > *sslBytes) {
         SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     XMEMCPY(&pv, input, VERSION_SZ);
@@ -3670,7 +3663,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
     /* make sure can read through compression */
     if ( (b + SUITE_LEN + ENUM_LEN) > *sslBytes) {
         SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (b) {
     #ifdef WOLFSSL_TLS13
@@ -3718,7 +3711,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
 
     if (b) {
         SetError(BAD_COMPRESSION_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* extensions */
@@ -3729,7 +3722,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
         /* make sure can read len */
         if (SUITE_LEN > *sslBytes) {
             SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         len = (word16)((input[0] << 8) | input[1]);
         input     += SUITE_LEN;
@@ -3737,7 +3730,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
         /* make sure can read through all extensions */
         if (len > *sslBytes) {
             SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
@@ -3756,7 +3749,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
             if (extLen > *sslBytes) {
                 SetError(SERVER_HELLO_INPUT_STR, error, session,
                          FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
         #ifdef DEBUG_SNIFFER
             printf("\tserver_hello ext: 0x%02x (len %d)\n", extType, extLen);
@@ -3769,7 +3762,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
                 if (ret != 0) {
                     SetError(SERVER_HELLO_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
                 break;
         #endif
@@ -3835,14 +3828,14 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
 #ifndef WOLFSSL_TLS13
         SetError(UNSUPPORTED_TLS_VER_STR, error, session, FATAL_ERROR_STATE);
         session->verboseErr = 1;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 #endif
     }
     else {
 #ifdef WOLFSSL_NO_TLS12
         SetError(UNSUPPORTED_TLS_VER_STR, error, session, FATAL_ERROR_STATE);
         session->verboseErr = 1;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 #endif
     }
 
@@ -3854,8 +3847,10 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
 #endif
 
     if (session->sslServer->options.haveSessionId) {
-        if (XMEMCMP(session->sslServer->arrays->sessionID,
-                session->sslClient->arrays->sessionID, ID_LEN) == 0) {
+        if (session->sslServer->arrays->sessionIDSz == ID_LEN &&
+                session->sslClient->arrays->sessionIDSz == ID_LEN &&
+                XMEMCMP(session->sslServer->arrays->sessionID,
+                        session->sslClient->arrays->sessionID, ID_LEN) == 0) {
             doResume = 1;
         }
     }
@@ -4007,7 +4002,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read up to session len */
     if (toRead > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* skip, get negotiated one from server hello */
@@ -4029,7 +4024,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     if (bLen) {
         if (ID_LEN > *sslBytes) {
             SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         Trace(CLIENT_RESUME_TRY_STR);
 #ifdef WOLFSSL_TLS13
@@ -4055,7 +4050,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read len */
     if (SUITE_LEN > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     len = (word16)((input[0] << 8) | input[1]);
     input     += SUITE_LEN;
@@ -4063,7 +4058,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read suites + comp len */
     if (len + ENUM_LEN > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     input     += len;
     *sslBytes -= len;
@@ -4074,7 +4069,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read len */
     if (bLen > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     input     += bLen;
     *sslBytes -= bLen;
@@ -4088,7 +4083,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read len */
     if (SUITE_LEN > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     len = (word16)((input[0] << 8) | input[1]);
     input     += SUITE_LEN;
@@ -4096,7 +4091,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
     /* make sure can read through all extensions */
     if (len > *sslBytes) {
         SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
@@ -4114,7 +4109,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
         /* make sure can read through individual extension */
         if (extLen > *sslBytes) {
             SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
     #ifdef DEBUG_SNIFFER
@@ -4163,7 +4158,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             word16 ksLen = (word16)((input[0] << 8) | input[1]);
             if (ksLen + OPAQUE16_LEN > extLen) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             /* cache key share data till server_hello */
             session->cliKeyShareSz = ksLen;
@@ -4187,7 +4182,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             idsLen = (word16)((input[idx] << 8) | input[idx+1]);
             if (idsLen + OPAQUE16_LEN + idx > extLen) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             idx += OPAQUE16_LEN;
 
@@ -4195,7 +4190,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             idLen = (word16)((input[idx] << 8) | input[idx+1]);
             if (idLen + OPAQUE16_LEN + idx > extLen) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             idx += OPAQUE16_LEN;
             identity = &input[idx];
@@ -4211,7 +4206,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             bindersLen = (word16)((input[idx] << 8) | input[idx+1]);
             if (bindersLen + OPAQUE16_LEN + idx > extLen) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             idx += OPAQUE16_LEN;
             binders = &input[idx];
@@ -4246,7 +4241,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             if (extLen && extLen < ID_LEN) {
                 SetError(CLIENT_HELLO_INPUT_STR, error, session,
                          FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             if (extLen) {
                 if (session->ticketID == NULL) {
@@ -4255,7 +4250,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
                     if (session->ticketID == 0) {
                         SetError(MEMORY_STR, error, session,
                                  FATAL_ERROR_STATE);
-                        return -1;
+                        return WOLFSSL_FATAL_ERROR;
                     }
                 }
 
@@ -4292,12 +4287,12 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz,
     char* error)
 {
     int ret;
-    Sha256 sha;
-    byte digest[SHA256_DIGEST_SIZE];
+    wc_Sha256 sha;
+    byte digest[WC_SHA256_DIGEST_SIZE];
 
     if (WatchCb == NULL) {
         SetError(WATCH_CB_MISSING_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = wc_InitSha256(&sha);
@@ -4307,7 +4302,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz,
         ret = wc_Sha256Final(&sha, digest);
     if (ret != 0) {
         SetError(WATCH_HASH_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = WatchCb((void*)session, digest, sizeof(digest),
@@ -4317,7 +4312,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz,
         INC_STAT(SnifferStats.sslKeysUnmatched);
 #endif
         SetError(WATCH_FAIL_STR, error, session, FATAL_ERROR_STATE);
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
 #ifdef WOLFSSL_SNIFFER_STATS
@@ -4341,7 +4336,7 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
 
     if (*sslBytes < CERT_HEADER_SZ) {
         SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef WOLFSSL_TLS13
@@ -4358,14 +4353,14 @@ static int ProcessCertificate(const byte* input, int* sslBytes,
 
     if (*sslBytes < (int)certChainSz) {
         SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ato24(input, &certSz);
     input += OPAQUE24_LEN;
     if (*sslBytes < (int)certSz) {
         SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     *sslBytes -= certChainSz;
@@ -4443,7 +4438,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
 
             if (ret != 0) {
                 SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
 
             session->flags.gotFinished = 1;
@@ -4479,7 +4474,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
 
         if (ret != 0) {
             SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 #endif
@@ -4529,7 +4524,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
 
     if (*sslBytes < HANDSHAKE_HEADER_SZ) {
         SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     type = input[0];
     size = (input[1] << 16) | (input[2] << 8) | input[3];
@@ -4595,7 +4590,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
         if (HashUpdate(session->hash, input, size) != 0) {
             SetError(EXTENDED_MASTER_HASH_STR, error,
                      session, FATAL_ERROR_STATE);
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
             goto exit;
         }
     }
@@ -4629,7 +4624,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
                 /* can't know temp key passively */
                 SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
                 session->verboseErr = 1;
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
 
 #if defined(WOLFSSL_SNIFFER_STATS)
                 INC_STAT(SnifferStats.sslEphemeralMisses);
@@ -4680,7 +4675,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
                     else {
                         SetError(EXTENDED_MASTER_HASH_STR, error,
                                 session, FATAL_ERROR_STATE);
-                        ret = -1;
+                        ret = WOLFSSL_FATAL_ERROR;
                     }
                     XMEMSET(session->hash, 0, sizeof(HsHashes));
                     XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES);
@@ -4712,7 +4707,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
             break;
         default:
             SetError(GOT_UNKNOWN_HANDSHAKE_STR, error, session, 0);
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
             break;
     }
 
@@ -5006,6 +5001,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz,
         return NULL;
     }
 
+    ssl->curSize = sz;
     ssl->keys.encryptSz = sz;
     if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) {
         output += ssl->specs.block_size; /* go past TLSv1.1 IV */
@@ -5246,14 +5242,14 @@ static int DoOldHello(SnifferSession* session, const byte* sslFrame,
 
     if (*rhSize > *sslBytes) {
         SetError(OLD_CLIENT_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
                                 (word16)*rhSize);
     if (ret < 0 && ret != WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)) {
         SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     Trace(OLD_CLIENT_OK_STR);
@@ -5319,7 +5315,7 @@ static int TcpChecksum(IpInfo* ipInfo, TcpInfo* tcpInfo, int dataLen,
     /* field, but tcp checksum offloading could negate calculation */
     if (checksum == 0)
         return 0;
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 #endif
 
@@ -5342,7 +5338,7 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
     /* ip header */
     if (length < IP_HDR_SZ) {
         SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     version = IP_V(iphdr);
@@ -5356,31 +5352,31 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
     }
 
     if (CheckIpHdr(iphdr, ipInfo, length, error, trace) != 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
 #ifndef WOLFSSL_SNIFFER_WATCH
     if (checkReg &&
            !IsServerRegistered(iphdr->src) && !IsServerRegistered(iphdr->dst)) {
         SetError(SERVER_NOT_REG_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
     /* tcp header */
     if (length < (ipInfo->length + TCP_HDR_SZ)) {
         SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     tcphdr = (TcpHdr*)(packet + ipInfo->length);
     if (CheckTcpHdr(tcphdr, tcpInfo, error, trace) != 0)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
 #ifndef WOLFSSL_SNIFFER_WATCH
     if (checkReg &&
          !IsPortRegistered(tcpInfo->srcPort) &&
             !IsPortRegistered(tcpInfo->dstPort)) {
         SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -5388,7 +5384,7 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
     *sslFrame = packet + ipInfo->length + tcpInfo->length;
     if (*sslFrame > packet + length) {
         SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* We only care about the data in the TCP/IP record. There may be extra
@@ -5430,7 +5426,7 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
                 return 1;
 
             SetError(MEMORY_STR, error, NULL, 0);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         return 1;
     }
@@ -5453,7 +5449,7 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
 #endif
 
             SetError(BAD_SESSION_STR, error, NULL, 0);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
     return 0;
@@ -5514,12 +5510,12 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
         if (MaxRecoveryMemory != -1 &&
                       (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) {
             SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add = CreateBuffer(&seq, seq + sslBytes - 1, sslFrame, &bytesLeft);
         if (add == NULL) {
             SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         *front = add;
         *reassemblyMemory += sslBytes;
@@ -5536,12 +5532,12 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
         if (MaxRecoveryMemory -1 &&
                       (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) {
             SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add = CreateBuffer(&seq, end, sslFrame, &bytesLeft);
         if (add == NULL) {
             SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add->next = curr;
         *front = add;
@@ -5578,13 +5574,13 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
         if (MaxRecoveryMemory != -1 &&
                          (int)(*reassemblyMemory + added) > MaxRecoveryMemory) {
             SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add = CreateBuffer(&seq, seq + added - 1, &sslFrame[seq - startSeq],
                            &bytesLeft);
         if (add == NULL) {
             SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         add->next  = prev->next;
         prev->next = add;
@@ -5854,7 +5850,7 @@ static int FindNextRecordInAssembly(SnifferSession* session,
             if ( *sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) {
                 if (GrowInputBuffer(ssl, *sslBytes, 0) < 0) {
                     SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
             }
 
@@ -5946,7 +5942,7 @@ static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session)
         TraceAck(real, expected);
 
         if (real > expected)
-            return -1;  /* we missed a packet, ACKing data we never saw */
+            return WOLFSSL_FATAL_ERROR;  /* we missed a packet, ACKing data we never saw */
     }
     return 0;
 }
@@ -5995,7 +5991,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
             UpdateMissedDataSessions();
         #endif
             SetError(ACK_MISSED_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         else {
             SetError(ACK_MISSED_STR, error, session, 0);
@@ -6022,8 +6018,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
 /* returns 0 on success (continue), -1 on error, 1 on success (end) */
 static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
                           const byte** sslFrame, SnifferSession** pSession,
-                          int* sslBytes, const byte** end,
-                          void* vChain, word32 chainSz, char* error)
+                          int* sslBytes, const byte** end, char* error)
 {
     word32 length;
     SnifferSession* session = *pSession;
@@ -6066,13 +6061,13 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
 
     if (session->flags.fatalError == FATAL_ERROR_STATE) {
         SetError(FATAL_ERROR_STR, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (skipPartial) {
         if (FindNextRecordInAssembly(session,
                                      sslFrame, sslBytes, end, error) < 0) {
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -6090,56 +6085,15 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
         if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
             if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
                 SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
         }
-        if (vChain == NULL) {
-            XMEMCPY(&ssl->buffers.inputBuffer.buffer[length],
-                    *sslFrame, *sslBytes);
-            *sslBytes += length;
-            ssl->buffers.inputBuffer.length = *sslBytes;
-            *sslFrame = ssl->buffers.inputBuffer.buffer;
-            *end = *sslFrame + *sslBytes;
-        }
-        else {
-    #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT
-            struct iovec* chain = (struct iovec*)vChain;
-            word32 i, offset, headerSz, qty, remainder;
-
-            Trace(CHAIN_INPUT_STR);
-            headerSz = (word32)((const byte*)*sslFrame - (const byte*)chain[0].iov_base);
-            remainder = *sslBytes;
-
-            if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
-                if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
-                    SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                    return -1;
-                }
-            }
-
-            qty = min(*sslBytes, (word32)chain[0].iov_len - headerSz);
-            XMEMCPY(&ssl->buffers.inputBuffer.buffer[length],
-                (byte*)chain[0].iov_base + headerSz, qty);
-            offset = length;
-            for (i = 1; i < chainSz; i++) {
-                offset += qty;
-                remainder -= qty;
-
-                if (chain[i].iov_len > remainder)
-                    qty = remainder;
-                else
-                    qty = (word32)chain[i].iov_len;
-                XMEMCPY(ssl->buffers.inputBuffer.buffer + offset,
-                        chain[i].iov_base, qty);
-            }
-
-            *sslBytes += length;
-            ssl->buffers.inputBuffer.length = *sslBytes;
-            *sslFrame = ssl->buffers.inputBuffer.buffer;
-            *end = *sslFrame + *sslBytes;
-    #endif
-            (void)chainSz;
-        }
+        XMEMCPY(&ssl->buffers.inputBuffer.buffer[length],
+                *sslFrame, *sslBytes);
+        *sslBytes += length;
+        ssl->buffers.inputBuffer.length = *sslBytes;
+        *sslFrame = ssl->buffers.inputBuffer.buffer;
+        *end = *sslFrame + *sslBytes;
     }
 
     if (session->flags.clientHello == 0 && **sslFrame != handshake) {
@@ -6151,7 +6105,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
 #ifdef OLD_HELLO_ALLOWED
         int ret = DoOldHello(session, *sslFrame, &rhSize, sslBytes, error);
         if (ret < 0)
-            return -1;  /* error already set */
+            return WOLFSSL_FATAL_ERROR;  /* error already set */
         if (*sslBytes <= 0)
             return 1;
 #endif
@@ -6262,7 +6216,7 @@ doMessage:
     rhSize = 0;
     if (sslBytes < 0) {
         SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (sslBytes >= RECORD_HEADER_SZ) {
         if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
@@ -6284,7 +6238,7 @@ doMessage:
             if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) {
                 if (GrowInputBuffer(ssl, sslBytes, 0) < 0) {
                     SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
             }
             XMEMMOVE(ssl->buffers.inputBuffer.buffer, sslFrame, sslBytes);
@@ -6322,11 +6276,11 @@ doMessage:
         }
         if (ssl->decrypt.setup != 1) {
             SetError(DECRYPT_KEYS_NOT_SETUP, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
         if (CheckAvailableSize(ssl, rhSize) < 0) {
             SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         sslFrame = DecryptMessage(ssl, sslFrame, rhSize,
@@ -6350,7 +6304,7 @@ doMessage:
         if (errCode != 0) {
             if ((enum ContentType)rh.type == application_data) {
                 SetError(BAD_DECRYPT, error, session, FATAL_ERROR_STATE);
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
             /* do not end session for failures on handshake packets */
             return 0;
@@ -6375,7 +6329,7 @@ doPart:
                     if (session->flags.fatalError == 0)
                         SetError(BAD_HANDSHAKE_STR, error, session,
                                  FATAL_ERROR_STATE);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
 
                 /* DoHandShake now fully decrements sslBytes to remaining */
@@ -6429,7 +6383,7 @@ doPart:
                                 *data = NULL;
                                 SetError(MEMORY_STR, error, session,
                                          FATAL_ERROR_STATE);
-                                return -1;
+                                return WOLFSSL_FATAL_ERROR;
                             }
                             *data = tmpData;
                             XMEMCPY(*data + decoded,
@@ -6449,7 +6403,7 @@ doPart:
                                     stored = StoreDataCb(buf, bufSz, offset,
                                             ctx);
                                     if (stored <= 0) {
-                                        return -1;
+                                        return WOLFSSL_FATAL_ERROR;
                                     }
                                     offset += stored;
                                 } while (offset < bufSz);
@@ -6457,13 +6411,13 @@ doPart:
                             else {
                                 SetError(STORE_DATA_CB_MISSING_STR, error,
                                         session, FATAL_ERROR_STATE);
-                                return -1;
+                                return WOLFSSL_FATAL_ERROR;
                             }
 #else
                             (void)ctx;
                             SetError(NO_DATA_DEST_STR, error, session,
                                     FATAL_ERROR_STATE);
-                            return -1;
+                            return WOLFSSL_FATAL_ERROR;
 #endif
                         }
                         TraceAddedData(ret, decoded);
@@ -6474,7 +6428,7 @@ doPart:
                 else {
                     /* set error, but do not treat fatal */
                     SetError(BAD_APP_DATA_STR, error,session, 0);
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
                 if (ssl->buffers.outputBuffer.dynamicFlag)
                     ShrinkOutputBuffer(ssl);
@@ -6495,10 +6449,11 @@ doPart:
         case ack:
             /* TODO */
 #endif /* WOLFSSL_DTLS13 */
+        case dtls12_cid:
         case no_type:
         default:
             SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
     }
 
     /* do we have another msg in record ? */
@@ -6614,27 +6569,33 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
 {
     TcpInfo           tcpInfo;
     IpInfo            ipInfo;
+    byte*             tmpPacket = NULL;        /* Assemble the chain */
     const byte*       sslFrame;
     const byte*       end;
     int               sslBytes;                /* ssl bytes unconsumed */
     int               ret;
     SnifferSession*   session = NULL;
-    void* vChain = NULL;
-    word32 chainSz = 0;
 
     if (isChain) {
 #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT
         struct iovec* chain;
         word32 i;
 
-        vChain = (void*)packet;
-        chainSz = (word32)length;
+        word32 chainSz = (word32)length;
 
-        chain = (struct iovec*)vChain;
+        chain = (struct iovec*)packet;
         length = 0;
-        for (i = 0; i < chainSz; i++)
+        for (i = 0; i < chainSz; i++) length += chain[i].iov_len;
+
+        tmpPacket = (byte*)XMALLOC(length, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER);
+        if (tmpPacket == NULL) return MEMORY_E;
+
+        length = 0;
+        for (i = 0; i < chainSz; i++) {
+            XMEMCPY(tmpPacket+length,chain[i].iov_base,chain[i].iov_len);
             length += chain[i].iov_len;
-        packet = (const byte*)chain[0].iov_base;
+        }
+        packet = (const byte*)tmpPacket;
 #else
         SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
         return WOLFSSL_SNIFFER_ERROR;
@@ -6643,18 +6604,27 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
 
     if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes,
                      error, 1, 1) != 0) {
-        return WOLFSSL_SNIFFER_ERROR;
+        ret = WOLFSSL_SNIFFER_ERROR;
+        goto exit_decode;
     }
 
     end = sslFrame + sslBytes;
 
     ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error);
-    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
-        return WOLFSSL_SNIFFER_FATAL_ERROR;
+    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) {
+        ret = WOLFSSL_SNIFFER_FATAL_ERROR;
+        goto exit_decode;
+    }
 #ifdef WOLFSSL_ASYNC_CRYPT
-    else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return WC_PENDING_E;
+    else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
+        ret = WC_PENDING_E;
+        goto exit_decode;
+    }
 #endif
-    else if (ret == -1) return WOLFSSL_SNIFFER_ERROR;
+    else if (ret == -1) {
+        ret = WOLFSSL_SNIFFER_ERROR;
+        goto exit_decode;
+    }
     else if (ret ==  1) {
 #ifdef WOLFSSL_SNIFFER_STATS
         if (sslBytes > 0) {
@@ -6667,7 +6637,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
             INC_STAT(SnifferStats.sslDecryptedPackets);
         }
 #endif
-         return 0; /* done for now */
+        ret = 0;
+        goto exit_decode; /* done for now */
     }
 
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -6675,30 +6646,41 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
 #endif
 
     ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error);
-    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
-        return WOLFSSL_SNIFFER_FATAL_ERROR;
-    else if (ret == -1) return WOLFSSL_SNIFFER_ERROR;
+    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) {
+        ret = WOLFSSL_SNIFFER_FATAL_ERROR;
+        goto exit_decode;
+    }
+    else if (ret == -1) {
+        ret = WOLFSSL_SNIFFER_ERROR;
+        goto exit_decode;
+    }
     else if (ret ==  1) {
 #ifdef WOLFSSL_SNIFFER_STATS
         INC_STAT(SnifferStats.sslDecryptedPackets);
 #endif
-        return 0; /* done for now */
+        ret = 0;
+        goto exit_decode; /* done for now */
     }
     else if (ret != 0) {
-        /* return specific error case */
-        return ret;
+        goto exit_decode; /* return specific error case */
     }
 
     ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes,
-                         &end, vChain, chainSz, error);
-    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
-        return WOLFSSL_SNIFFER_FATAL_ERROR;
-    else if (ret == -1) return WOLFSSL_SNIFFER_ERROR;
+                         &end, error);
+    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) {
+        ret = WOLFSSL_SNIFFER_FATAL_ERROR;
+        goto exit_decode;
+    }
+    else if (ret == -1) {
+        ret = WOLFSSL_SNIFFER_ERROR;
+        goto exit_decode;
+    }
     else if (ret ==  1) {
 #ifdef WOLFSSL_SNIFFER_STATS
         INC_STAT(SnifferStats.sslDecryptedPackets);
 #endif
-        return 0; /* done for now */
+        ret = 0;
+        goto exit_decode; /* done for now */
     }
 
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -6706,7 +6688,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
     if (asyncOkay &&
         session->sslServer->error == WC_NO_ERR_TRACE(WC_PENDING_E) &&
         !session->flags.wasPolled) {
-        return WC_PENDING_E;
+        ret = WC_PENDING_E;
+        goto exit_decode;
     }
 #endif
 
@@ -6743,7 +6726,7 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
                 wolfSSL_AsyncPoll(session->sslServer, WOLF_POLL_FLAG_CHECK_HW);
             }
             else {
-                return ret; /* return to caller */
+                goto exit_decode; /* return to caller */
             }
         }
         else {
@@ -6754,12 +6737,18 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain,
     (void)asyncOkay;
 #endif
 
-    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error))
-        return WOLFSSL_SNIFFER_FATAL_ERROR;
+    if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) {
+        ret = WOLFSSL_SNIFFER_FATAL_ERROR;
+        goto exit_decode;
+    }
     if (CheckFinCapture(&ipInfo, &tcpInfo, session) == 0) {
         CopySessionInfo(session, sslInfo);
     }
 
+exit_decode:
+    if (isChain) {
+        XFREE(tmpPacket, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER);
+    }
     return ret;
 }
 
@@ -6846,7 +6835,7 @@ int ssl_FreeZeroDecodeBuffer(byte** data, int sz, char* error)
     (void)error;
 
     if (sz < 0) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (data != NULL) {
@@ -6866,11 +6855,15 @@ int ssl_Trace(const char* traceFile, char* error)
     if (traceFile) {
         /* Don't try to reopen the file */
         if (TraceFile == NULL) {
-            TraceFile = XFOPEN(traceFile, "a");
-            if (!TraceFile) {
-                SetError(BAD_TRACE_FILE_STR, error, NULL, 0);
-                return -1;
-             }
+            if (XSTRCMP(traceFile, "-") == 0) {
+                TraceFile = stdout;
+            } else {
+                TraceFile = XFOPEN(traceFile, "a");
+                if (!TraceFile) {
+                    SetError(BAD_TRACE_FILE_STR, error, NULL, 0);
+                    return WOLFSSL_FATAL_ERROR;
+                }
+            }
             TraceOn = 1;
         }
     }
@@ -6939,7 +6932,7 @@ int ssl_GetSessionStats(unsigned int* active,     unsigned int* total,
         return 0;
     else {
         SetError(BAD_SESSION_STATS, error, NULL, 0);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 }
 
@@ -6980,7 +6973,7 @@ int ssl_ResetStatistics(void)
 int ssl_ReadStatistics(SSLStats* stats)
 {
     if (stats == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     LOCK_STAT();
     XMEMCPY(stats, &SnifferStats, sizeof(SSLStats));
@@ -6994,7 +6987,7 @@ int ssl_ReadStatistics(SSLStats* stats)
 int ssl_ReadResetStatistics(SSLStats* stats)
 {
     if (stats == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     LOCK_STAT();
     XMEMCPY(stats, &SnifferStats, sizeof(SSLStats));
@@ -7040,10 +7033,10 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
     int ret;
 
     if (vSniffer == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (key == NULL || keySz == 0) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     sniffer = (SnifferSession*)vSniffer;
@@ -7072,7 +7065,7 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
 
     if (ret != WOLFSSL_SUCCESS) {
         SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return 0;
@@ -7086,10 +7079,10 @@ int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType,
     int ret;
 
     if (vSniffer == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     if (keyFile == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     /* Remap the keyType from what the user can use to
@@ -7101,7 +7094,7 @@ int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType,
     if (ret < 0) {
         SetError(KEY_FILE_STR, error, NULL, 0);
         XFREE(keyBuf, NULL, DYNAMIC_TYPE_X509);
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     ret = ssl_SetWatchKey_buffer(vSniffer, keyBuf, keyBufSz, FILETYPE_DER,
@@ -7236,11 +7229,11 @@ typedef struct SecretNode {
 #define WOLFSSL_SNIFFER_KEYLOGFILE_HASH_TABLE_SIZE HASH_SIZE
 #endif
 
-static THREAD_LS_T WOLFSSL_GLOBAL
+static THREAD_LS_T
 SecretNode*
 secretHashTable[WOLFSSL_SNIFFER_KEYLOGFILE_HASH_TABLE_SIZE] = {NULL};
 #ifndef HAVE_C___ATOMIC
-static WOLFSSL_GLOBAL wolfSSL_Mutex secretListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(secretListMutex);
+static WC_THREADSHARED wolfSSL_Mutex secretListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(secretListMutex);
 #endif
 
 static unsigned int secretHashFunction(unsigned char* clientRandom);
diff --git a/src/ssl.c b/src/ssl.c
index 594cc0cee..c16c5ff66 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1,6 +1,6 @@
 /* ssl.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,16 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#if defined(OPENSSL_EXTRA) && !defined(_WIN32)
+#if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE)
     /* turn on GNU extensions for XISASCII */
-    #undef  _GNU_SOURCE
-    #define _GNU_SOURCE
+    #define _GNU_SOURCE 1
 #endif
 
 #if !defined(WOLFCRYPT_ONLY) || defined(OPENSSL_EXTRA) || \
@@ -54,7 +49,7 @@
     #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
                 && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) \
                 && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448)
-        #error "No cipher suites defined because DH disabled, ECC disabled, "
+        #error "No cipher suites defined because DH disabled, ECC disabled, " \
                "and no static suites defined. Please see top of README"
     #endif
     #ifdef WOLFSSL_CERT_GEN
@@ -203,85 +198,33 @@
  *
  * For OpenSSL compatibility.
  *
- * This function shouldn't exist!
- * Uses defines in wolfssl/openssl/evp.h.
- * Uses EccEnumToNID which uses defines in wolfssl/openssl/ec.h.
- *
  * @param [in] sn  Short name of OID.
  * @return  NID corresponding to shortname on success.
- * @return  NID_undef when not recognized.
+ * @return  WC_NID_undef when not recognized.
  */
 int wc_OBJ_sn2nid(const char *sn)
 {
-    const struct {
-        const char *sn;
-        int  nid;
-    } sn2nid[] = {
-#ifndef NO_CERTS
-        {WOLFSSL_COMMON_NAME, NID_commonName},
-        {WOLFSSL_COUNTRY_NAME, NID_countryName},
-        {WOLFSSL_LOCALITY_NAME, NID_localityName},
-        {WOLFSSL_STATE_NAME, NID_stateOrProvinceName},
-        {WOLFSSL_ORG_NAME, NID_organizationName},
-        {WOLFSSL_ORGUNIT_NAME, NID_organizationalUnitName},
-    #ifdef WOLFSSL_CERT_NAME_ALL
-        {WOLFSSL_NAME, NID_name},
-        {WOLFSSL_INITIALS, NID_initials},
-        {WOLFSSL_GIVEN_NAME, NID_givenName},
-        {WOLFSSL_DNQUALIFIER, NID_dnQualifier},
-    #endif
-        {WOLFSSL_EMAIL_ADDR, NID_emailAddress},
-#endif
-        {"SHA1", NID_sha1},
-        {NULL, -1}};
-    int i;
-#ifdef HAVE_ECC
-    char curveName[ECC_MAXNAME + 1];
-    int eccEnum;
-#endif
-
+    const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info;
+    size_t i;
     WOLFSSL_ENTER("wc_OBJ_sn2nid");
-
-    for(i=0; sn2nid[i].sn != NULL; i++) {
-        if (XSTRCMP(sn, sn2nid[i].sn) == 0) {
-            return sn2nid[i].nid;
-        }
+    for (i = 0; i < wolfssl_object_info_sz; i++, obj_info++) {
+        if (XSTRCMP(sn, obj_info->sName) == 0)
+            return obj_info->nid;
     }
-
-#ifdef HAVE_ECC
-    if (XSTRLEN(sn) > ECC_MAXNAME)
-        return NID_undef;
-
-    /* Nginx uses this OpenSSL string. */
-    if (XSTRCMP(sn, "prime256v1") == 0)
-        sn = "SECP256R1";
-    /* OpenSSL allows lowercase curve names */
-    for (i = 0; i < (int)(sizeof(curveName) - 1) && *sn; i++) {
-        curveName[i] = (char)XTOUPPER((unsigned char) *sn++);
-    }
-    curveName[i] = '\0';
-    /* find based on name and return NID */
-    for (i = 0;
-#ifndef WOLFSSL_ECC_CURVE_STATIC
-         ecc_sets[i].size != 0 && ecc_sets[i].name != NULL;
-#else
-         ecc_sets[i].size != 0;
-#endif
-         i++) {
-        if (XSTRCMP(curveName, ecc_sets[i].name) == 0) {
-            eccEnum = ecc_sets[i].id;
-            /* Convert enum value in ecc_curve_id to OpenSSL NID */
-            return EccEnumToNID(eccEnum);
-        }
-    }
-#endif /* HAVE_ECC */
-
-    return NID_undef;
+    WOLFSSL_MSG("short name not found in table");
+    return WC_NID_undef;
 }
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifndef WOLFCRYPT_ONLY
 
+
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+/* The system wide crypto-policy. Configured by wolfSSL_crypto_policy_enable.
+ * */
+static struct SystemCryptoPolicy crypto_policy;
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 #if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC) || \
     (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && !defined(NO_DSA))
 
@@ -417,6 +360,8 @@ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName,
 {
     int ret = 0;
     word16 encLen = DHKEM_X25519_ENC_LEN;
+    WOLFSSL_EchConfig* newConfig;
+    WOLFSSL_EchConfig* parentConfig;
 #ifdef WOLFSSL_SMALL_STACK
     Hpke* hpke = NULL;
     WC_RNG* rng;
@@ -441,16 +386,16 @@ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName,
         return ret;
     }
 
-    ctx->echConfigs = (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig),
+    newConfig = (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig),
         ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    if (ctx->echConfigs == NULL)
+    if (newConfig == NULL)
         ret = MEMORY_E;
     else
-        XMEMSET(ctx->echConfigs, 0, sizeof(WOLFSSL_EchConfig));
+        XMEMSET(newConfig, 0, sizeof(WOLFSSL_EchConfig));
 
     /* set random config id */
     if (ret == 0)
-        ret = wc_RNG_GenerateByte(rng, &ctx->echConfigs->configId);
+        ret = wc_RNG_GenerateByte(rng, &newConfig->configId);
 
     /* if 0 is selected for algorithms use default, may change with draft */
     if (kemId == 0)
@@ -464,19 +409,20 @@ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName,
 
     if (ret == 0) {
         /* set the kem id */
-        ctx->echConfigs->kemId = kemId;
+        newConfig->kemId = kemId;
 
         /* set the cipher suite, only 1 for now */
-        ctx->echConfigs->numCipherSuites = 1;
-        ctx->echConfigs->cipherSuites = (EchCipherSuite*)XMALLOC(
-            sizeof(EchCipherSuite), ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        newConfig->numCipherSuites = 1;
+        newConfig->cipherSuites =
+            (EchCipherSuite*)XMALLOC(sizeof(EchCipherSuite), ctx->heap,
+            DYNAMIC_TYPE_TMP_BUFFER);
 
-        if (ctx->echConfigs->cipherSuites == NULL) {
+        if (newConfig->cipherSuites == NULL) {
             ret = MEMORY_E;
         }
         else {
-            ctx->echConfigs->cipherSuites[0].kdfId = kdfId;
-            ctx->echConfigs->cipherSuites[0].aeadId = aeadId;
+            newConfig->cipherSuites[0].kdfId = kdfId;
+            newConfig->cipherSuites[0].aeadId = aeadId;
         }
     }
 
@@ -493,38 +439,47 @@ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName,
 
     /* generate the receiver private key */
     if (ret == 0)
-        ret = wc_HpkeGenerateKeyPair(hpke, &ctx->echConfigs->receiverPrivkey,
-            rng);
+        ret = wc_HpkeGenerateKeyPair(hpke, &newConfig->receiverPrivkey, rng);
 
     /* done with RNG */
     wc_FreeRng(rng);
 
     /* serialize the receiver key */
     if (ret == 0)
-        ret = wc_HpkeSerializePublicKey(hpke, ctx->echConfigs->receiverPrivkey,
-            ctx->echConfigs->receiverPubkey, &encLen);
+        ret = wc_HpkeSerializePublicKey(hpke, newConfig->receiverPrivkey,
+            newConfig->receiverPubkey, &encLen);
 
     if (ret == 0) {
-        ctx->echConfigs->publicName = (char*)XMALLOC(XSTRLEN(publicName) + 1,
+        newConfig->publicName = (char*)XMALLOC(XSTRLEN(publicName) + 1,
             ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (ctx->echConfigs->publicName == NULL) {
+        if (newConfig->publicName == NULL) {
             ret = MEMORY_E;
         }
         else {
-            XMEMCPY(ctx->echConfigs->publicName, publicName,
+            XMEMCPY(newConfig->publicName, publicName,
                 XSTRLEN(publicName) + 1);
         }
     }
 
     if (ret != 0) {
-        if (ctx->echConfigs) {
-            XFREE(ctx->echConfigs->cipherSuites, ctx->heap,
-                DYNAMIC_TYPE_TMP_BUFFER);
-            XFREE(ctx->echConfigs->publicName, ctx->heap,
-                DYNAMIC_TYPE_TMP_BUFFER);
-            XFREE(ctx->echConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            /* set to null to avoid double free in cleanup */
-            ctx->echConfigs = NULL;
+        if (newConfig) {
+            XFREE(newConfig->cipherSuites, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(newConfig->publicName, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(newConfig, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+    }
+    else {
+        parentConfig = ctx->echConfigs;
+
+        if (parentConfig == NULL) {
+            ctx->echConfigs = newConfig;
+        }
+        else {
+            while (parentConfig->next != NULL) {
+                parentConfig = parentConfig->next;
+            }
+
+            parentConfig->next = newConfig;
         }
     }
 
@@ -539,6 +494,59 @@ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName,
     return ret;
 }
 
+int wolfSSL_CTX_SetEchConfigsBase64(WOLFSSL_CTX* ctx, const char* echConfigs64,
+    word32 echConfigs64Len)
+{
+    int ret = 0;
+    word32 decodedLen = echConfigs64Len * 3 / 4 + 1;
+    byte* decodedConfigs;
+
+    if (ctx == NULL || echConfigs64 == NULL || echConfigs64Len == 0)
+        return BAD_FUNC_ARG;
+
+    decodedConfigs = (byte*)XMALLOC(decodedLen, ctx->heap,
+        DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (decodedConfigs == NULL)
+        return MEMORY_E;
+
+    decodedConfigs[decodedLen - 1] = 0;
+
+    /* decode the echConfigs */
+    ret = Base64_Decode((const byte*)echConfigs64, echConfigs64Len,
+        decodedConfigs, &decodedLen);
+
+    if (ret != 0) {
+        XFREE(decodedConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        return ret;
+    }
+
+    ret = wolfSSL_CTX_SetEchConfigs(ctx, decodedConfigs, decodedLen);
+
+    XFREE(decodedConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
+
+    return ret;
+}
+
+int wolfSSL_CTX_SetEchConfigs(WOLFSSL_CTX* ctx, const byte* echConfigs,
+    word32 echConfigsLen)
+{
+    int ret;
+
+    if (ctx == NULL || echConfigs == NULL || echConfigsLen == 0)
+        return BAD_FUNC_ARG;
+
+    FreeEchConfigs(ctx->echConfigs, ctx->heap);
+    ctx->echConfigs = NULL;
+    ret = SetEchConfigsEx(&ctx->echConfigs, ctx->heap, echConfigs,
+        echConfigsLen);
+
+    if (ret == 0)
+        return WOLFSSL_SUCCESS;
+
+    return ret;
+}
+
 /* get the ech configs that the server context is using */
 int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output,
     word32* outputLen) {
@@ -546,13 +554,24 @@ int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output,
         return BAD_FUNC_ARG;
 
     /* if we don't have ech configs */
-    if (ctx->echConfigs == NULL) {
+    if (ctx->echConfigs == NULL)
         return WOLFSSL_FATAL_ERROR;
-    }
 
     return GetEchConfigsEx(ctx->echConfigs, output, outputLen);
 }
 
+void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable)
+{
+    if (ctx != NULL) {
+        ctx->disableECH = !enable;
+        if (ctx->disableECH) {
+            TLSX_Remove(&ctx->extensions, TLSX_ECH, ctx->heap);
+            FreeEchConfigs(ctx->echConfigs, ctx->heap);
+            ctx->echConfigs = NULL;
+        }
+    }
+}
+
 /* set the ech config from base64 for our client ssl object, base64 is the
  * format ech configs are sent using dns records */
 int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64,
@@ -597,21 +616,9 @@ int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64,
 /* set the ech config from a raw buffer, this is the format ech configs are
  * sent using retry_configs from the ech server */
 int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs,
-  word32 echConfigsLen)
+    word32 echConfigsLen)
 {
-    int ret = 0;
-    int i;
-    int j;
-    word16 totalLength;
-    word16 version;
-    word16 length;
-    word16 hpkePubkeyLen;
-    word16 cipherSuitesLen;
-    word16 publicNameLen;
-    WOLFSSL_EchConfig* configList = NULL;
-    WOLFSSL_EchConfig* workingConfig = NULL;
-    WOLFSSL_EchConfig* lastConfig = NULL;
-    byte* echConfig = NULL;
+    int ret;
 
     if (ssl == NULL || echConfigs == NULL || echConfigsLen == 0)
         return BAD_FUNC_ARG;
@@ -621,170 +628,15 @@ int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs,
         return WOLFSSL_FATAL_ERROR;
     }
 
-    /* check that the total length is well formed */
-    ato16(echConfigs, &totalLength);
-
-    if (totalLength != echConfigsLen - 2) {
-        return WOLFSSL_FATAL_ERROR;
-    }
-
-    /* skip the total length uint16_t */
-    i = 2;
-
-    do {
-        echConfig = (byte*)echConfigs + i;
-        ato16(echConfig, &version);
-        ato16(echConfig + 2, &length);
-
-        /* if the version does not match */
-        if (version != TLSX_ECH) {
-            /* we hit the end of the configs */
-            if ( (word32)i + 2 >= echConfigsLen ) {
-                break;
-            }
-
-            /* skip this config, +4 for version and length */
-            i += length + 4;
-            continue;
-        }
-
-        /* check if the length will overrun the buffer */
-        if ((word32)i + length + 4 > echConfigsLen) {
-            break;
-        }
-
-        if (workingConfig == NULL) {
-            workingConfig =
-                (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig),
-                ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            configList = workingConfig;
-            if (workingConfig != NULL) {
-                workingConfig->next = NULL;
-            }
-        }
-        else {
-            lastConfig = workingConfig;
-            workingConfig->next =
-                (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig),
-                ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            workingConfig = workingConfig->next;
-        }
-
-        if (workingConfig == NULL) {
-            ret = MEMORY_E;
-            break;
-        }
-
-        XMEMSET(workingConfig, 0, sizeof(WOLFSSL_EchConfig));
-
-        /* rawLen */
-        workingConfig->rawLen = length + 4;
-
-        /* raw body */
-        workingConfig->raw = (byte*)XMALLOC(workingConfig->rawLen,
-            ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (workingConfig->raw == NULL) {
-            ret = MEMORY_E;
-            break;
-        }
-
-        XMEMCPY(workingConfig->raw, echConfig, workingConfig->rawLen);
-
-        /* skip over version and length */
-        echConfig += 4;
-
-        /* configId, 1 byte */
-        workingConfig->configId = *(echConfig);
-        echConfig++;
-        /* kemId, 2 bytes */
-        ato16(echConfig, &workingConfig->kemId);
-        echConfig += 2;
-        /* hpke public_key length, 2 bytes */
-        ato16(echConfig, &hpkePubkeyLen);
-        echConfig += 2;
-        /* hpke public_key */
-        XMEMCPY(workingConfig->receiverPubkey, echConfig, hpkePubkeyLen);
-        echConfig += hpkePubkeyLen;
-        /* cipherSuitesLen */
-        ato16(echConfig, &cipherSuitesLen);
-
-        workingConfig->cipherSuites = (EchCipherSuite*)XMALLOC(cipherSuitesLen,
-            ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (workingConfig->cipherSuites == NULL) {
-            ret = MEMORY_E;
-            break;
-        }
-
-        echConfig += 2;
-        workingConfig->numCipherSuites = cipherSuitesLen / 4;
-        /* cipherSuites */
-        for (j = 0; j < workingConfig->numCipherSuites; j++) {
-            ato16(echConfig + j * 4, &workingConfig->cipherSuites[j].kdfId);
-            ato16(echConfig + j * 4 + 2,
-                &workingConfig->cipherSuites[j].aeadId);
-        }
-        echConfig += cipherSuitesLen;
-        /* publicNameLen */
-        ato16(echConfig, &publicNameLen);
-        workingConfig->publicName = (char*)XMALLOC(publicNameLen + 1,
-            ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (workingConfig->publicName == NULL) {
-            ret = MEMORY_E;
-            break;
-        }
-
-        echConfig += 2;
-        /* publicName */
-        XMEMCPY(workingConfig->publicName, echConfig, publicNameLen);
-        /* null terminated */
-        workingConfig->publicName[publicNameLen] = 0;
-
-        /* add length to go to next config, +4 for version and length */
-        i += length + 4;
-
-        /* check that we support this config */
-        for (j = 0; j < HPKE_SUPPORTED_KEM_LEN; j++) {
-            if (hpkeSupportedKem[j] == workingConfig->kemId)
-                break;
-        }
-
-        /* if we don't support the kem or at least one cipher suite */
-        if (j >= HPKE_SUPPORTED_KEM_LEN ||
-            EchConfigGetSupportedCipherSuite(workingConfig) < 0)
-        {
-            XFREE(workingConfig->cipherSuites, ssl->heap,
-                DYNAMIC_TYPE_TMP_BUFFER);
-            XFREE(workingConfig->publicName, ssl->heap,
-                DYNAMIC_TYPE_TMP_BUFFER);
-            XFREE(workingConfig->raw, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            workingConfig = lastConfig;
-        }
-    } while ((word32)i < echConfigsLen);
+    ret = SetEchConfigsEx(&ssl->echConfigs, ssl->heap, echConfigs,
+        echConfigsLen);
 
     /* if we found valid configs */
-    if (ret == 0 && configList != NULL) {
+    if (ret == 0) {
         ssl->options.useEch = 1;
-        ssl->echConfigs = configList;
-
         return WOLFSSL_SUCCESS;
     }
 
-    workingConfig = configList;
-
-    while (workingConfig != NULL) {
-        lastConfig = workingConfig;
-        workingConfig = workingConfig->next;
-
-        XFREE(lastConfig->cipherSuites, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        XFREE(lastConfig->publicName, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        XFREE(lastConfig->raw, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-
-        XFREE(lastConfig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-
-    if (ret == 0)
-        return WOLFSSL_FATAL_ERROR;
-
     return ret;
 }
 
@@ -841,7 +693,7 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
 
     if (output == NULL) {
         *outputLen = totalLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (totalLen > *outputLen) {
@@ -910,9 +762,13 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
         output += 2;
     }
 
+    /* set maximum name length to 0 */
+    *output = 0;
+    output++;
+
     /* publicName len */
-    c16toa(XSTRLEN(config->publicName), output);
-    output += 2;
+    *output = XSTRLEN(config->publicName);
+    output++;
 
     /* publicName */
     XMEMCPY(output, config->publicName,
@@ -942,6 +798,205 @@ int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* output, word32* outputLen)
     return GetEchConfigsEx(ssl->echConfigs, output, outputLen);
 }
 
+void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable)
+{
+    if (ssl != NULL) {
+        ssl->options.disableECH = !enable;
+        if (ssl->options.disableECH) {
+            TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap);
+            FreeEchConfigs(ssl->echConfigs, ssl->heap);
+            ssl->echConfigs = NULL;
+        }
+    }
+}
+
+int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap,
+    const byte* echConfigs, word32 echConfigsLen)
+{
+    int ret = 0;
+    int i;
+    int j;
+    word16 totalLength;
+    word16 version;
+    word16 length;
+    word16 hpkePubkeyLen;
+    word16 cipherSuitesLen;
+    word16 publicNameLen;
+    WOLFSSL_EchConfig* configList = NULL;
+    WOLFSSL_EchConfig* workingConfig = NULL;
+    WOLFSSL_EchConfig* lastConfig = NULL;
+    byte* echConfig = NULL;
+
+    if (outputConfigs == NULL || echConfigs == NULL || echConfigsLen == 0)
+        return BAD_FUNC_ARG;
+
+    /* check that the total length is well formed */
+    ato16(echConfigs, &totalLength);
+
+    if (totalLength != echConfigsLen - 2) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    /* skip the total length uint16_t */
+    i = 2;
+
+    do {
+        echConfig = (byte*)echConfigs + i;
+        ato16(echConfig, &version);
+        ato16(echConfig + 2, &length);
+
+        /* if the version does not match */
+        if (version != TLSX_ECH) {
+            /* we hit the end of the configs */
+            if ( (word32)i + 2 >= echConfigsLen ) {
+                break;
+            }
+
+            /* skip this config, +4 for version and length */
+            i += length + 4;
+            continue;
+        }
+
+        /* check if the length will overrun the buffer */
+        if ((word32)i + length + 4 > echConfigsLen) {
+            break;
+        }
+
+        if (workingConfig == NULL) {
+            workingConfig =
+                (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+            configList = workingConfig;
+            if (workingConfig != NULL) {
+                workingConfig->next = NULL;
+            }
+        }
+        else {
+            lastConfig = workingConfig;
+            workingConfig->next =
+                (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig),
+                heap, DYNAMIC_TYPE_TMP_BUFFER);
+            workingConfig = workingConfig->next;
+        }
+
+        if (workingConfig == NULL) {
+            ret = MEMORY_E;
+            break;
+        }
+
+        XMEMSET(workingConfig, 0, sizeof(WOLFSSL_EchConfig));
+
+        /* rawLen */
+        workingConfig->rawLen = length + 4;
+
+        /* raw body */
+        workingConfig->raw = (byte*)XMALLOC(workingConfig->rawLen,
+            heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (workingConfig->raw == NULL) {
+            ret = MEMORY_E;
+            break;
+        }
+
+        XMEMCPY(workingConfig->raw, echConfig, workingConfig->rawLen);
+
+        /* skip over version and length */
+        echConfig += 4;
+
+        /* configId, 1 byte */
+        workingConfig->configId = *(echConfig);
+        echConfig++;
+        /* kemId, 2 bytes */
+        ato16(echConfig, &workingConfig->kemId);
+        echConfig += 2;
+        /* hpke public_key length, 2 bytes */
+        ato16(echConfig, &hpkePubkeyLen);
+        echConfig += 2;
+        /* hpke public_key */
+        XMEMCPY(workingConfig->receiverPubkey, echConfig, hpkePubkeyLen);
+        echConfig += hpkePubkeyLen;
+        /* cipherSuitesLen */
+        ato16(echConfig, &cipherSuitesLen);
+
+        workingConfig->cipherSuites = (EchCipherSuite*)XMALLOC(cipherSuitesLen,
+            heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (workingConfig->cipherSuites == NULL) {
+            ret = MEMORY_E;
+            break;
+        }
+
+        echConfig += 2;
+        workingConfig->numCipherSuites = cipherSuitesLen / 4;
+        /* cipherSuites */
+        for (j = 0; j < workingConfig->numCipherSuites; j++) {
+            ato16(echConfig + j * 4, &workingConfig->cipherSuites[j].kdfId);
+            ato16(echConfig + j * 4 + 2,
+                &workingConfig->cipherSuites[j].aeadId);
+        }
+        echConfig += cipherSuitesLen;
+        /* ignore the maximum name length */
+        echConfig++;
+        /* publicNameLen */
+        publicNameLen = *(echConfig);
+        workingConfig->publicName = (char*)XMALLOC(publicNameLen + 1,
+            heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (workingConfig->publicName == NULL) {
+            ret = MEMORY_E;
+            break;
+        }
+        echConfig++;
+        /* publicName */
+        XMEMCPY(workingConfig->publicName, echConfig, publicNameLen);
+        /* null terminated */
+        workingConfig->publicName[publicNameLen] = 0;
+
+        /* add length to go to next config, +4 for version and length */
+        i += length + 4;
+
+        /* check that we support this config */
+        for (j = 0; j < HPKE_SUPPORTED_KEM_LEN; j++) {
+            if (hpkeSupportedKem[j] == workingConfig->kemId)
+                break;
+        }
+
+        /* if we don't support the kem or at least one cipher suite */
+        if (j >= HPKE_SUPPORTED_KEM_LEN ||
+            EchConfigGetSupportedCipherSuite(workingConfig) < 0)
+        {
+            XFREE(workingConfig->cipherSuites, heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(workingConfig->publicName, heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(workingConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER);
+            workingConfig = lastConfig;
+        }
+    } while ((word32)i < echConfigsLen);
+
+    /* if we found valid configs */
+    if (ret == 0 && configList != NULL) {
+        *outputConfigs = configList;
+
+        return ret;
+    }
+
+    workingConfig = configList;
+
+    while (workingConfig != NULL) {
+        lastConfig = workingConfig;
+        workingConfig = workingConfig->next;
+
+        XFREE(lastConfig->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(lastConfig->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(lastConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER);
+
+        XFREE(lastConfig, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+
+    if (ret == 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    return ret;
+}
+
 /* get the raw ech configs from our linked list of ech config structs */
 int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
 {
@@ -986,7 +1041,7 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
 
     if (output == NULL) {
         *outputLen = totalLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (totalLen > *outputLen) {
@@ -1003,18 +1058,26 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen)
 }
 #endif /* WOLFSSL_TLS13 && HAVE_ECH */
 
+#ifdef OPENSSL_EXTRA
+static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
+        Suites* suites, const char* list);
+#endif
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
 #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
 #endif
 
 /* prevent multiple mutex initializations */
-static volatile WOLFSSL_GLOBAL int initRefCount = 0;
+static volatile WC_THREADSHARED int initRefCount = 0;
 /* init ref count mutex */
-static WOLFSSL_GLOBAL wolfSSL_Mutex inits_count_mutex
+static WC_THREADSHARED wolfSSL_Mutex inits_count_mutex
     WOLFSSL_MUTEX_INITIALIZER_CLAUSE(inits_count_mutex);
 #ifndef WOLFSSL_MUTEX_INITIALIZER
-static WOLFSSL_GLOBAL int inits_count_mutex_valid = 0;
+static WC_THREADSHARED volatile int inits_count_mutex_valid = 0;
+#endif
+
+#ifdef NO_TLS
+static const WOLFSSL_METHOD gNoTlsMethod;
 #endif
 
 /* Create a new WOLFSSL_CTX struct and return the pointer to created struct.
@@ -1039,8 +1102,13 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
         }
     }
 
+#ifndef NO_TLS
     if (method == NULL)
         return ctx;
+#else
+    /* a blank TLS method */
+    method = (WOLFSSL_METHOD*)&gNoTlsMethod;
+#endif
 
     ctx = (WOLFSSL_CTX*)XMALLOC(sizeof(WOLFSSL_CTX), heap, DYNAMIC_TYPE_CTX);
     if (ctx) {
@@ -1093,6 +1161,30 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
     }
 #endif
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    /* Load the crypto-policy ciphers if configured. */
+    if (ctx && wolfSSL_crypto_policy_is_enabled()) {
+        const char * list = wolfSSL_crypto_policy_get_ciphers();
+        int          ret = 0;
+
+        if (list != NULL && *list != '\0') {
+            if (AllocateCtxSuites(ctx) != 0) {
+                WOLFSSL_MSG("allocate ctx suites failed");
+                wolfSSL_CTX_free(ctx);
+                ctx = NULL;
+            }
+            else {
+                ret = wolfSSL_parse_cipher_list(ctx, NULL, ctx->suites, list);
+                if (ret != WOLFSSL_SUCCESS) {
+                    WOLFSSL_MSG("parse cipher list failed");
+                    wolfSSL_CTX_free(ctx);
+                    ctx = NULL;
+                }
+            }
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     WOLFSSL_LEAVE("wolfSSL_CTX_new_ex", 0);
     return ctx;
 }
@@ -1113,7 +1205,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
 int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx)
 {
     int ret;
-    wolfSSL_RefInc(&ctx->ref, &ret);
+    wolfSSL_RefWithMutexInc(&ctx->ref, &ret);
 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
     return ((ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE);
 #else
@@ -1127,16 +1219,6 @@ void wolfSSL_CTX_free(WOLFSSL_CTX* ctx)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_free");
     if (ctx) {
-#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
-&& !defined(NO_SHA256) && !defined(WC_NO_RNG)
-        if (ctx->srp != NULL) {
-            XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP);
-            ctx->srp_password = NULL;
-            wc_SrpTerm(ctx->srp);
-            XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP);
-            ctx->srp = NULL;
-        }
-#endif
         FreeSSL_Ctx(ctx);
     }
 
@@ -1622,7 +1704,7 @@ int wolfSSL_get_ciphers(char* buf, int len)
     for (i = 0; i < ciphersSz; i++) {
         int cipherNameSz = (int)XSTRLEN(ciphers[i].name);
         if (cipherNameSz + 1 < len) {
-            XSTRNCPY(buf, ciphers[i].name, len);
+            XSTRNCPY(buf, ciphers[i].name, (size_t)len);
             buf += cipherNameSz;
 
             if (i < ciphersSz - 1)
@@ -1659,7 +1741,7 @@ int wolfSSL_get_ciphers_iana(char* buf, int len)
 #endif
         cipherNameSz = (int)XSTRLEN(ciphers[i].name_iana);
         if (cipherNameSz + 1 < len) {
-            XSTRNCPY(buf, ciphers[i].name_iana, len);
+            XSTRNCPY(buf, ciphers[i].name_iana, (size_t)len);
             buf += cipherNameSz;
 
             if (i < ciphersSz - 1)
@@ -1684,8 +1766,8 @@ const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len)
         return NULL;
 
     cipher = wolfSSL_get_cipher_name_iana(ssl);
-    len = (int)min((word32)len, (int)(XSTRLEN(cipher) + 1));
-    XMEMCPY(buf, cipher, len);
+    len = (int)min((word32)len, (word32)(XSTRLEN(cipher) + 1));
+    XMEMCPY(buf, cipher, (size_t)len);
     return buf;
 }
 
@@ -1700,6 +1782,17 @@ int wolfSSL_get_fd(const WOLFSSL* ssl)
     return fd;
 }
 
+int wolfSSL_get_wfd(const WOLFSSL* ssl)
+{
+    int fd = -1;
+    WOLFSSL_ENTER("wolfSSL_get_fd");
+    if (ssl) {
+        fd = ssl->wfd;
+    }
+    WOLFSSL_LEAVE("wolfSSL_get_fd", fd);
+    return fd;
+}
+
 
 int wolfSSL_dtls(WOLFSSL* ssl)
 {
@@ -1832,38 +1925,58 @@ int wolfSSL_dtls_free_peer(void* addr)
 }
 #endif
 
+#ifdef WOLFSSL_DTLS
+static int SockAddrSet(WOLFSSL_SOCKADDR* sockAddr, void* peer,
+                       unsigned int peerSz, void* heap)
+{
+    if (peer == NULL || peerSz == 0) {
+        if (sockAddr->sa != NULL)
+            XFREE(sockAddr->sa, heap, DYNAMIC_TYPE_SOCKADDR);
+        sockAddr->sa = NULL;
+        sockAddr->sz = 0;
+        sockAddr->bufSz = 0;
+        return WOLFSSL_SUCCESS;
+    }
+
+    if (peerSz > sockAddr->bufSz) {
+        if (sockAddr->sa != NULL)
+            XFREE(sockAddr->sa, heap, DYNAMIC_TYPE_SOCKADDR);
+        sockAddr->sa =
+                (void*)XMALLOC(peerSz, heap, DYNAMIC_TYPE_SOCKADDR);
+        if (sockAddr->sa == NULL) {
+            sockAddr->sz = 0;
+            sockAddr->bufSz = 0;
+            return WOLFSSL_FAILURE;
+        }
+        sockAddr->bufSz = peerSz;
+    }
+    XMEMCPY(sockAddr->sa, peer, peerSz);
+    sockAddr->sz = peerSz;
+    return WOLFSSL_SUCCESS;
+}
+#endif
+
 int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
 {
 #ifdef WOLFSSL_DTLS
-    void* sa;
+    int ret;
 
     if (ssl == NULL)
         return WOLFSSL_FAILURE;
-
-    if (peer == NULL || peerSz == 0) {
-        if (ssl->buffers.dtlsCtx.peer.sa != NULL)
-            XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR);
-        ssl->buffers.dtlsCtx.peer.sa = NULL;
-        ssl->buffers.dtlsCtx.peer.sz = 0;
-        ssl->buffers.dtlsCtx.peer.bufSz = 0;
-        ssl->buffers.dtlsCtx.userSet = 0;
-        return WOLFSSL_SUCCESS;
-    }
-
-    sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
-    if (sa != NULL) {
-        if (ssl->buffers.dtlsCtx.peer.sa != NULL) {
-            XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR);
-            ssl->buffers.dtlsCtx.peer.sa = NULL;
-        }
-        XMEMCPY(sa, peer, peerSz);
-        ssl->buffers.dtlsCtx.peer.sa = sa;
-        ssl->buffers.dtlsCtx.peer.sz = peerSz;
-        ssl->buffers.dtlsCtx.peer.bufSz = peerSz;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockRwLock_Wr(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        return WOLFSSL_FAILURE;
+#endif
+    ret = SockAddrSet(&ssl->buffers.dtlsCtx.peer, peer, peerSz, ssl->heap);
+    if (ret == WOLFSSL_SUCCESS && !(peer == NULL || peerSz == 0))
         ssl->buffers.dtlsCtx.userSet = 1;
-        return WOLFSSL_SUCCESS;
-    }
-    return WOLFSSL_FAILURE;
+    else
+        ssl->buffers.dtlsCtx.userSet = 0;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        ret = WOLFSSL_FAILURE;
+#endif
+    return ret;
 #else
     (void)ssl;
     (void)peer;
@@ -1872,21 +1985,97 @@ int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
 #endif
 }
 
+#if defined(WOLFSSL_DTLS_CID) && !defined(WOLFSSL_NO_SOCK)
+int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
+{
+#ifdef WOLFSSL_DTLS
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+
+    if (ssl == NULL)
+        return WOLFSSL_FAILURE;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        return WOLFSSL_FAILURE;
+#endif
+    if (ssl->buffers.dtlsCtx.peer.sa != NULL &&
+            ssl->buffers.dtlsCtx.peer.sz == peerSz &&
+            sockAddrEqual((SOCKADDR_S*)ssl->buffers.dtlsCtx.peer.sa,
+                    (XSOCKLENT)ssl->buffers.dtlsCtx.peer.sz, (SOCKADDR_S*)peer,
+                    (XSOCKLENT)peerSz)) {
+        /* Already the current peer. */
+        if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) {
+            /* Clear any other pendingPeer */
+            XFREE(ssl->buffers.dtlsCtx.pendingPeer.sa, ssl->heap,
+                  DYNAMIC_TYPE_SOCKADDR);
+            ssl->buffers.dtlsCtx.pendingPeer.sa = NULL;
+            ssl->buffers.dtlsCtx.pendingPeer.sz = 0;
+            ssl->buffers.dtlsCtx.pendingPeer.bufSz = 0;
+        }
+        ret = WOLFSSL_SUCCESS;
+    }
+    else {
+        ret = SockAddrSet(&ssl->buffers.dtlsCtx.pendingPeer, peer, peerSz,
+                ssl->heap);
+    }
+    if (ret == WOLFSSL_SUCCESS)
+        ssl->buffers.dtlsCtx.processingPendingRecord = 0;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        ret = WOLFSSL_FAILURE;
+#endif
+    return ret;
+#else
+    (void)ssl;
+    (void)peer;
+    (void)peerSz;
+    return WOLFSSL_NOT_IMPLEMENTED;
+#endif
+}
+#endif /* WOLFSSL_DTLS_CID && !WOLFSSL_NO_SOCK */
+
 int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz)
 {
 #ifdef WOLFSSL_DTLS
-    if (ssl == NULL) {
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    if (ssl == NULL)
         return WOLFSSL_FAILURE;
-    }
-
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        return WOLFSSL_FAILURE;
+#endif
     if (peer != NULL && peerSz != NULL
             && *peerSz >= ssl->buffers.dtlsCtx.peer.sz
             && ssl->buffers.dtlsCtx.peer.sa != NULL) {
         *peerSz = ssl->buffers.dtlsCtx.peer.sz;
         XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz);
-        return WOLFSSL_SUCCESS;
+        ret = WOLFSSL_SUCCESS;
     }
-    return WOLFSSL_FAILURE;
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        ret = WOLFSSL_FAILURE;
+#endif
+    return ret;
+#else
+    (void)ssl;
+    (void)peer;
+    (void)peerSz;
+    return WOLFSSL_NOT_IMPLEMENTED;
+#endif
+}
+
+int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer,
+                           unsigned int* peerSz)
+{
+#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_RW_THREADED)
+    if (ssl == NULL)
+        return WOLFSSL_FAILURE;
+
+    if (peer == NULL || peerSz == NULL)
+        return WOLFSSL_FAILURE;
+
+    *peer = ssl->buffers.dtlsCtx.peer.sa;
+    *peerSz = ssl->buffers.dtlsCtx.peer.sz;
+    return WOLFSSL_SUCCESS;
 #else
     (void)ssl;
     (void)peer;
@@ -1950,14 +2139,17 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
     return WOLFSSL_SUCCESS;
 }
 
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
-int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu) {
-    if (wolfSSL_dtls_set_mtu(ssl, mtu) == 0)
-        return SSL_SUCCESS;
+#ifdef OPENSSL_EXTRA
+/* Maps to compatibility API SSL_set_mtu and is same as wolfSSL_dtls_set_mtu,
+ * but expects only success or failure returns. */
+int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu)
+{
+    if (wolfSSL_dtls_set_mtu(ssl, mtu) == WOLFSSL_SUCCESS)
+        return WOLFSSL_SUCCESS;
     else
-        return SSL_FAILURE;
+        return WOLFSSL_FAILURE;
 }
-#endif /* OPENSSL_ALL || OPENSSL_EXTRA */
+#endif /* OPENSSL_EXTRA */
 
 #endif /* WOLFSSL_DTLS && (WOLFSSL_SCTP || WOLFSSL_DTLS_MTU) */
 
@@ -2044,20 +2236,53 @@ static int DtlsSrtpSelProfiles(word16* id, const char* profile_str)
     return WOLFSSL_SUCCESS;
 }
 
+/**
+ * @brief Set the SRTP protection profiles for DTLS.
+ *
+ * @param ctx Pointer to the WOLFSSL_CTX structure representing the SSL/TLS
+ *            context.
+ * @param profile_str A colon-separated string of SRTP profile names.
+ * @return 0 on success to match OpenSSL
+ * @return 1 on error to match OpenSSL
+ */
 int wolfSSL_CTX_set_tlsext_use_srtp(WOLFSSL_CTX* ctx, const char* profile_str)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL) {
         ret = DtlsSrtpSelProfiles(&ctx->dtlsSrtpProfiles, profile_str);
     }
+
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+        ret = 1;
+    } else {
+        ret = 0;
+    }
+
     return ret;
 }
+
+/**
+ * @brief Set the SRTP protection profiles for DTLS.
+ *
+ * @param ssl Pointer to the WOLFSSL structure representing the SSL/TLS
+ *            session.
+ * @param profile_str A colon-separated string of SRTP profile names.
+ * @return 0 on success to match OpenSSL
+ * @return 1 on error to match OpenSSL
+ */
 int wolfSSL_set_tlsext_use_srtp(WOLFSSL* ssl, const char* profile_str)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ssl != NULL) {
         ret = DtlsSrtpSelProfiles(&ssl->dtlsSrtpProfiles, profile_str);
     }
+
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+        ret = 1;
+    } else {
+        ret = 0;
+    }
+
     return ret;
 }
 
@@ -2099,14 +2324,14 @@ int wolfSSL_export_dtls_srtp_keying_material(WOLFSSL* ssl,
     }
     if (out == NULL) {
         *olen = (size_t)profile->kdfBits;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (*olen < (size_t)profile->kdfBits) {
         return BUFFER_E;
     }
 
-    return wolfSSL_export_keying_material(ssl, out, profile->kdfBits,
+    return wolfSSL_export_keying_material(ssl, out, (size_t)profile->kdfBits,
             DTLS_SRTP_KEYING_MATERIAL_LABEL,
             XSTR_SIZEOF(DTLS_SRTP_KEYING_MATERIAL_LABEL), NULL, 0, 0);
 }
@@ -2148,7 +2373,7 @@ int wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX* ctx, word16 id)
 
     WOLFSSL_ENTER("wolfSSL_CTX_mcast_set_member_id");
 
-    if (ctx == NULL || id > 255)
+    if (ctx == NULL || id > WOLFSSL_MAX_8BIT)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
@@ -2283,7 +2508,7 @@ int wolfSSL_mcast_peer_add(WOLFSSL* ssl, word16 peerId, int sub)
     int i;
 
     WOLFSSL_ENTER("wolfSSL_mcast_peer_add");
-    if (ssl == NULL || peerId > 255)
+    if (ssl == NULL || peerId > WOLFSSL_MAX_8BIT)
         return BAD_FUNC_ARG;
 
     if (!sub) {
@@ -2308,7 +2533,7 @@ int wolfSSL_mcast_peer_add(WOLFSSL* ssl, word16 peerId, int sub)
         }
         else {
             WOLFSSL_MSG("No room in peer list.");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     else {
@@ -2339,7 +2564,7 @@ int wolfSSL_mcast_peer_known(WOLFSSL* ssl, unsigned short peerId)
 
     WOLFSSL_ENTER("wolfSSL_mcast_peer_known");
 
-    if (ssl == NULL || peerId > 255) {
+    if (ssl == NULL || peerId > WOLFSSL_MAX_8BIT) {
         return BAD_FUNC_ARG;
     }
 
@@ -2395,11 +2620,11 @@ int wolfSSL_mcast_set_highwater_ctx(WOLFSSL* ssl, void* ctx)
 
 #endif /* WOLFSSL_LEANPSK */
 
-
+#ifndef NO_TLS
 /* return underlying connect or accept, WOLFSSL_SUCCESS on ok */
 int wolfSSL_negotiate(WOLFSSL* ssl)
 {
-    int err = WOLFSSL_FATAL_ERROR;
+    int err = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
 
     WOLFSSL_ENTER("wolfSSL_negotiate");
 
@@ -2434,7 +2659,7 @@ int wolfSSL_negotiate(WOLFSSL* ssl)
 
     return err;
 }
-
+#endif /* !NO_TLS */
 
 WOLFSSL_ABI
 WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl)
@@ -2615,7 +2840,7 @@ int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats)
 
 #endif /* WOLFSSL_STATIC_MEMORY */
 
-
+#ifndef NO_TLS
 /* return max record layer size plaintext input size */
 int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl)
 {
@@ -2663,6 +2888,14 @@ int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz)
         return BAD_FUNC_ARG;
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ctx->minEccKeySz > (keySz / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ctx->minEccKeySz     = keySz / 8;
 #ifndef NO_CERTS
     ctx->cm->minEccKeySz = keySz / 8;
@@ -2679,6 +2912,14 @@ int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz)
         return BAD_FUNC_ARG;
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ssl->options.minEccKeySz > (keySz / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ssl->options.minEccKeySz = keySz / 8;
     return WOLFSSL_SUCCESS;
 }
@@ -2693,6 +2934,14 @@ int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz)
         return BAD_FUNC_ARG;
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ctx->minRsaKeySz > (keySz / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ctx->minRsaKeySz     = keySz / 8;
     ctx->cm->minRsaKeySz = keySz / 8;
     return WOLFSSL_SUCCESS;
@@ -2706,6 +2955,14 @@ int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz)
         return BAD_FUNC_ARG;
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ssl->options.minRsaKeySz > (keySz / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ssl->options.minRsaKeySz = keySz / 8;
     return WOLFSSL_SUCCESS;
 }
@@ -2738,6 +2995,14 @@ int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits)
     if (ctx == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0)
         return BAD_FUNC_ARG;
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ctx->minDhKeySz > (keySz_bits / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ctx->minDhKeySz = keySz_bits / 8;
     return WOLFSSL_SUCCESS;
 }
@@ -2748,6 +3013,14 @@ int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits)
     if (ssl == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0)
         return BAD_FUNC_ARG;
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ssl->options.minDhKeySz > (keySz_bits / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ssl->options.minDhKeySz = keySz_bits / 8;
     return WOLFSSL_SUCCESS;
 }
@@ -2758,6 +3031,14 @@ int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits)
     if (ctx == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0)
         return BAD_FUNC_ARG;
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ctx->minDhKeySz > (keySz_bits / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ctx->maxDhKeySz = keySz_bits / 8;
     return WOLFSSL_SUCCESS;
 }
@@ -2768,6 +3049,14 @@ int wolfSSL_SetMaxDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits)
     if (ssl == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0)
         return BAD_FUNC_ARG;
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        if (ssl->options.minDhKeySz > (keySz_bits / 8)) {
+            return CRYPTO_POLICY_FORBIDDEN;
+        }
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     ssl->options.maxDhKeySz = keySz_bits / 8;
     return WOLFSSL_SUCCESS;
 }
@@ -2784,14 +3073,13 @@ int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
 #endif /* !NO_DH */
 
 
-WOLFSSL_ABI
-int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
+static int wolfSSL_write_internal(WOLFSSL* ssl, const void* data, size_t sz)
 {
     int ret;
 
     WOLFSSL_ENTER("wolfSSL_write");
 
-    if (ssl == NULL || data == NULL || sz < 0)
+    if (ssl == NULL || data == NULL)
         return BAD_FUNC_ARG;
 
 #ifdef WOLFSSL_QUIC
@@ -2837,8 +3125,8 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
 
     #ifdef OPENSSL_EXTRA
     if (ssl->CBIS != NULL) {
-        ssl->CBIS(ssl, SSL_CB_WRITE, WOLFSSL_SUCCESS);
-        ssl->cbmode = SSL_CB_WRITE;
+        ssl->CBIS(ssl, WOLFSSL_CB_WRITE, WOLFSSL_SUCCESS);
+        ssl->cbmode = WOLFSSL_CB_WRITE;
     }
     #endif
     ret = SendData(ssl, data, sz);
@@ -2851,13 +3139,97 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
         return ret;
 }
 
-static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
+WOLFSSL_ABI
+int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
+{
+    WOLFSSL_ENTER("wolfSSL_write");
+
+    if (sz < 0)
+        return BAD_FUNC_ARG;
+
+    return wolfSSL_write_internal(ssl, data, (size_t)sz);
+}
+
+int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz)
+{
+    int maxLength;
+    int usedLength;
+
+    WOLFSSL_ENTER("wolfSSL_inject");
+
+    if (ssl == NULL || data == NULL || sz <= 0)
+        return BAD_FUNC_ARG;
+
+    usedLength = (int)(ssl->buffers.inputBuffer.length -
+                       ssl->buffers.inputBuffer.idx);
+    maxLength  = (int)(ssl->buffers.inputBuffer.bufferSize -
+                       (word32)usedLength);
+
+    if (sz > maxLength) {
+        /* Need to make space */
+        int ret;
+        if (ssl->buffers.clearOutputBuffer.length > 0) {
+            /* clearOutputBuffer points into so reallocating inputBuffer will
+             * invalidate clearOutputBuffer and lose app data */
+            WOLFSSL_MSG("Can't inject while there is application data to read");
+            return APP_DATA_READY;
+        }
+        ret = GrowInputBuffer(ssl, sz, usedLength);
+        if (ret < 0)
+            return ret;
+    }
+
+    XMEMCPY(ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
+            data, sz);
+    ssl->buffers.inputBuffer.length += sz;
+
+    return WOLFSSL_SUCCESS;
+}
+
+
+int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, size_t sz, size_t* wr)
+{
+    int ret;
+
+    if (wr != NULL) {
+        *wr = 0;
+    }
+
+    ret = wolfSSL_write_internal(ssl, data, sz);
+    if (ret >= 0) {
+        if (wr != NULL) {
+            *wr = (size_t)ret;
+        }
+
+        /* handle partial write cases, if not set then a partial write is
+         * considered a failure case, or if set and ret is 0 then is a fail */
+        if (ret == 0 && ssl->options.partialWrite) {
+            ret = 0;
+        }
+        else if ((size_t)ret < sz && !ssl->options.partialWrite) {
+            ret = 0;
+        }
+        else {
+            /* wrote out all application data, or wrote out 1 byte or more with
+             * partial write flag set */
+            ret = 1;
+        }
+    }
+    else {
+        ret = 0;
+    }
+
+    return ret;
+}
+
+
+static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, size_t sz, int peek)
 {
     int ret;
 
     WOLFSSL_ENTER("wolfSSL_read_internal");
 
-    if (ssl == NULL || data == NULL || sz < 0)
+    if (ssl == NULL || data == NULL)
         return BAD_FUNC_ARG;
 
 #ifdef WOLFSSL_QUIC
@@ -2881,8 +3253,9 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
     /* make sure bidirectional TLS shutdown completes */
     if (ssl->error == WOLFSSL_ERROR_SYSCALL || ssl->options.shutdownDone) {
         /* ask the underlying transport the connection is closed */
-        if (ssl->CBIORecv(ssl, (char*)data, 0, ssl->IOCB_ReadCtx) ==
-                                            WOLFSSL_CBIO_ERR_CONN_CLOSE) {
+        if (ssl->CBIORecv(ssl, (char*)data, 0, ssl->IOCB_ReadCtx)
+            == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE))
+        {
             ssl->options.isClosed = 1;
             ssl->error = WOLFSSL_ERROR_ZERO_RETURN;
         }
@@ -2905,9 +3278,9 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
 
 #ifdef HAVE_WRITE_DUP
     if (ssl->dupWrite) {
-        if (ssl->error != 0 && ssl->error != WANT_READ
+        if (ssl->error != 0 && ssl->error != WC_NO_ERR_TRACE(WANT_READ)
         #ifdef WOLFSSL_ASYNC_CRYPT
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             int notifyErr;
@@ -2934,7 +3307,10 @@ int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz)
 {
     WOLFSSL_ENTER("wolfSSL_peek");
 
-    return wolfSSL_read_internal(ssl, data, sz, TRUE);
+    if (sz < 0)
+        return BAD_FUNC_ARG;
+
+    return wolfSSL_read_internal(ssl, data, (size_t)sz, TRUE);
 }
 
 
@@ -2943,19 +3319,46 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
 {
     WOLFSSL_ENTER("wolfSSL_read");
 
+    if (sz < 0)
+        return BAD_FUNC_ARG;
+
     #ifdef OPENSSL_EXTRA
     if (ssl == NULL) {
         return BAD_FUNC_ARG;
     }
     if (ssl->CBIS != NULL) {
-        ssl->CBIS(ssl, SSL_CB_READ, WOLFSSL_SUCCESS);
-        ssl->cbmode = SSL_CB_READ;
+        ssl->CBIS(ssl, WOLFSSL_CB_READ, WOLFSSL_SUCCESS);
+        ssl->cbmode = WOLFSSL_CB_READ;
     }
     #endif
-    return wolfSSL_read_internal(ssl, data, sz, FALSE);
+    return wolfSSL_read_internal(ssl, data, (size_t)sz, FALSE);
 }
 
 
+/* returns 0 on failure and on no read */
+int wolfSSL_read_ex(WOLFSSL* ssl, void* data, size_t sz, size_t* rd)
+{
+    int ret;
+
+    #ifdef OPENSSL_EXTRA
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (ssl->CBIS != NULL) {
+        ssl->CBIS(ssl, WOLFSSL_CB_READ, WOLFSSL_SUCCESS);
+        ssl->cbmode = WOLFSSL_CB_READ;
+    }
+    #endif
+    ret = wolfSSL_read_internal(ssl, data, sz, FALSE);
+
+    if (ret > 0 && rd != NULL) {
+        *rd = (size_t)ret;
+    }
+
+    if (ret <= 0) ret = 0;
+    return ret;
+}
+
 #ifdef WOLFSSL_MULTICAST
 
 int wolfSSL_mcast_read(WOLFSSL* ssl, word16* id, void* data, int sz)
@@ -2964,17 +3367,17 @@ int wolfSSL_mcast_read(WOLFSSL* ssl, word16* id, void* data, int sz)
 
     WOLFSSL_ENTER("wolfSSL_mcast_read");
 
-    if (ssl == NULL)
+    if ((ssl == NULL) || (sz < 0))
         return BAD_FUNC_ARG;
 
-    ret = wolfSSL_read_internal(ssl, data, sz, FALSE);
+    ret = wolfSSL_read_internal(ssl, data, (size_t)sz, FALSE);
     if (ssl->options.dtls && ssl->options.haveMcast && id != NULL)
         *id = ssl->keys.curPeerId;
     return ret;
 }
 
 #endif /* WOLFSSL_MULTICAST */
-
+#endif /* !NO_TLS */
 
 /* helpers to set the device id, WOLFSSL_SUCCESS on ok */
 WOLFSSL_ABI
@@ -3021,6 +3424,7 @@ void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
 }
 
 
+#ifndef NO_TLS
 #ifdef HAVE_SNI
 
 WOLFSSL_ABI
@@ -3086,7 +3490,7 @@ int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
     return BAD_FUNC_ARG;
 }
 
-#endif /* NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER */
 
 #endif /* HAVE_SNI */
 
@@ -3272,15 +3676,36 @@ static int isValidCurveGroup(word16 name)
         case WOLFSSL_FFDHE_6144:
         case WOLFSSL_FFDHE_8192:
 
-#ifdef WOLFSSL_HAVE_KYBER
+#ifdef WOLFSSL_HAVE_MLKEM
+#ifndef WOLFSSL_NO_ML_KEM
+        case WOLFSSL_ML_KEM_512:
+        case WOLFSSL_ML_KEM_768:
+        case WOLFSSL_ML_KEM_1024:
+    #if defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS)
+        case WOLFSSL_P256_ML_KEM_512:
+        case WOLFSSL_P384_ML_KEM_768:
+        case WOLFSSL_P521_ML_KEM_1024:
+        case WOLFSSL_P384_ML_KEM_1024:
+        case WOLFSSL_X25519_ML_KEM_512:
+        case WOLFSSL_X448_ML_KEM_768:
+        case WOLFSSL_X25519_ML_KEM_768:
+        case WOLFSSL_P256_ML_KEM_768:
+    #endif
+#endif /* !WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_MLKEM_KYBER
         case WOLFSSL_KYBER_LEVEL1:
         case WOLFSSL_KYBER_LEVEL3:
         case WOLFSSL_KYBER_LEVEL5:
-    #if defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)
+    #if defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS)
         case WOLFSSL_P256_KYBER_LEVEL1:
         case WOLFSSL_P384_KYBER_LEVEL3:
         case WOLFSSL_P521_KYBER_LEVEL5:
+        case WOLFSSL_X25519_KYBER_LEVEL1:
+        case WOLFSSL_X448_KYBER_LEVEL3:
+        case WOLFSSL_X25519_KYBER_LEVEL3:
+        case WOLFSSL_P256_KYBER_LEVEL3:
     #endif
+#endif /* WOLFSSL_MLKEM_KYBER */
 #endif
             return 1;
 
@@ -3400,7 +3825,7 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
     char    *list, *ptr, **token;
     word16  len;
     int     idx = 0;
-    int     ret = WOLFSSL_FAILURE;
+    int     ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_UseALPN");
 
@@ -3506,7 +3931,7 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz)
             *list = NULL;
             return WOLFSSL_FAILURE;
         }
-        XMEMCPY(p, s + i, len);
+        XMEMCPY(p, s + i, (size_t)len);
     }
     *p = 0;
 
@@ -3628,7 +4053,7 @@ static int _Rehandshake(WOLFSSL* ssl)
 
         ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED;
 
-#if !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_WOLFSSL_SERVER) && !defined(WOLFSSL_NO_TLS12)
         if (ssl->options.side == WOLFSSL_SERVER_END) {
             ret = SendHelloRequest(ssl);
             if (ret != 0) {
@@ -3636,7 +4061,7 @@ static int _Rehandshake(WOLFSSL* ssl)
                 return WOLFSSL_FATAL_ERROR;
             }
         }
-#endif /* !NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER && !WOLFSSL_NO_TLS12 */
 
         ret = InitHandshakeHashes(ssl);
         if (ret != 0) {
@@ -3980,7 +4405,7 @@ int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags)
 
 int wolfSSL_SendUserCanceled(WOLFSSL* ssl)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_ENTER("wolfSSL_recv");
 
     if (ssl != NULL) {
@@ -4002,7 +4427,7 @@ int wolfSSL_SendUserCanceled(WOLFSSL* ssl)
 WOLFSSL_ABI
 int wolfSSL_shutdown(WOLFSSL* ssl)
 {
-    int  ret = WOLFSSL_FATAL_ERROR;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
     WOLFSSL_ENTER("wolfSSL_shutdown");
 
     if (ssl == NULL)
@@ -4044,7 +4469,7 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
         /* call wolfSSL_shutdown again for bidirectional shutdown */
         if (ssl->options.sentNotify && !ssl->options.closeNotify) {
             ret = ProcessReply(ssl);
-            if ((ret == ZERO_RETURN) ||
+            if ((ret == WC_NO_ERR_TRACE(ZERO_RETURN)) ||
                 (ret == WC_NO_ERR_TRACE(SOCKET_ERROR_E))) {
                 /* simulate OpenSSL behavior */
                 ssl->options.shutdownDone = 1;
@@ -4076,7 +4501,7 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
 
     return ret;
 }
-
+#endif /* !NO_TLS */
 
 /* get current error state value */
 int wolfSSL_state(WOLFSSL* ssl)
@@ -4102,13 +4527,16 @@ int wolfSSL_get_error(WOLFSSL* ssl, int ret)
     WOLFSSL_LEAVE("wolfSSL_get_error", ssl->error);
 
     /* make sure converted types are handled in SetErrorString() too */
-    if (ssl->error == WANT_READ)
+    if (ssl->error == WC_NO_ERR_TRACE(WANT_READ))
         return WOLFSSL_ERROR_WANT_READ;         /* convert to OpenSSL type */
-    else if (ssl->error == WANT_WRITE)
+    else if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
         return WOLFSSL_ERROR_WANT_WRITE;        /* convert to OpenSSL type */
-    else if (ssl->error == ZERO_RETURN || ssl->options.shutdownDone)
+    else if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN) ||
+             ssl->options.shutdownDone)
         return WOLFSSL_ERROR_ZERO_RETURN;       /* convert to OpenSSL type */
 #ifdef OPENSSL_EXTRA
+    else if (ssl->error == WC_NO_ERR_TRACE(MATCH_SUITE_ERROR))
+        return WOLFSSL_ERROR_SYSCALL;           /* convert to OpenSSL type */
     else if (ssl->error == WC_NO_ERR_TRACE(SOCKET_PEER_CLOSED_E))
         return WOLFSSL_ERROR_SYSCALL;           /* convert to OpenSSL type */
 #endif
@@ -4129,12 +4557,12 @@ int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h)
 /* returns SSL_WRITING, SSL_READING or SSL_NOTHING */
 int wolfSSL_want(WOLFSSL* ssl)
 {
-    int rw_state = SSL_NOTHING;
+    int rw_state = WOLFSSL_NOTHING;
     if (ssl) {
-        if (ssl->error == WANT_READ)
-            rw_state = SSL_READING;
-        else if (ssl->error == WANT_WRITE)
-            rw_state = SSL_WRITING;
+        if (ssl->error == WC_NO_ERR_TRACE(WANT_READ))
+            rw_state = WOLFSSL_READING;
+        else if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
+            rw_state = WOLFSSL_WRITING;
     }
     return rw_state;
 }
@@ -4144,24 +4572,22 @@ int wolfSSL_want(WOLFSSL* ssl)
 int wolfSSL_want_read(WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("wolfSSL_want_read");
-    if (ssl->error == WANT_READ)
+    if (ssl->error == WC_NO_ERR_TRACE(WANT_READ))
         return 1;
 
     return 0;
 }
 
-
 /* return TRUE if current error is want write */
 int wolfSSL_want_write(WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("wolfSSL_want_write");
-    if (ssl->error == WANT_WRITE)
+    if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
         return 1;
 
     return 0;
 }
 
-
 char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data)
 {
     WOLFSSL_ENTER("wolfSSL_ERR_error_string");
@@ -4554,7 +4980,7 @@ int wolfSSL_GetCipherType(WOLFSSL* ssl)
     if (ssl->specs.cipher_type == aead)
         return WOLFSSL_AEAD_TYPE;
 
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 
@@ -4670,7 +5096,7 @@ int wolfSSL_pending(WOLFSSL* ssl)
     if (ssl == NULL)
         return WOLFSSL_FAILURE;
 
-    return ssl->buffers.clearOutputBuffer.length;
+    return (int)ssl->buffers.clearOutputBuffer.length;
 }
 
 int wolfSSL_has_pending(const WOLFSSL* ssl)
@@ -4696,7 +5122,7 @@ int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx)
 #endif
 
 
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
 /* connect enough to get peer cert chain */
 int wolfSSL_connect_cert(WOLFSSL* ssl)
 {
@@ -4730,9 +5156,7 @@ int wolfSSL_set_group_messages(WOLFSSL* ssl)
 /* make minVersion the internal equivalent SSL version */
 static int SetMinVersionHelper(byte* minVersion, int version)
 {
-#ifdef NO_TLS
     (void)minVersion;
-#endif
 
     switch (version) {
 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
@@ -4799,6 +5223,12 @@ int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version)
         return BAD_FUNC_ARG;
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        return CRYPTO_POLICY_FORBIDDEN;
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     return SetMinVersionHelper(&ctx->minDowngrade, version);
 }
 
@@ -4813,6 +5243,12 @@ int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version)
         return BAD_FUNC_ARG;
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (crypto_policy.enabled) {
+        return CRYPTO_POLICY_FORBIDDEN;
+    }
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     return SetMinVersionHelper(&ssl->options.minDowngrade, version);
 }
 
@@ -4839,6 +5275,20 @@ int wolfSSL_GetVersion(const WOLFSSL* ssl)
                 break;
         }
     }
+#ifdef WOLFSSL_DTLS
+    if (ssl->version.major == DTLS_MAJOR) {
+        switch (ssl->version.minor) {
+            case DTLS_MINOR :
+                return WOLFSSL_DTLSV1;
+            case DTLSv1_2_MINOR :
+                return WOLFSSL_DTLSV1_2;
+            case DTLSv1_3_MINOR :
+                return WOLFSSL_DTLSV1_3;
+            default:
+                break;
+        }
+    }
+#endif /* WOLFSSL_DTLS */
 
     return VERSION_ERROR;
 }
@@ -4908,8 +5358,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
     InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
                ssl->options.haveDH, ssl->options.haveECDSAsig,
                ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-               ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-               ssl->options.useAnon, TRUE, ssl->options.side);
+               ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side);
     return WOLFSSL_SUCCESS;
 }
 #endif /* !leanpsk */
@@ -4979,8 +5428,13 @@ int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DecodedCert* cert)
         return  ret;
     tp = cm->tpTable[row];
     while (tp) {
-        if (XMEMCMP(cert->subjectHash, tp->subjectNameHash,
+        if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash,
                 SIGNER_DIGEST_SIZE) == 0)
+    #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
+         && (XMEMCMP(cert->issuerHash, tp->issuerHash,
+                SIGNER_DIGEST_SIZE) == 0)
+    #endif
+        )
             ret = 1;
     #ifndef NO_SKID
         if (cert->extSubjKeyIdSet) {
@@ -5020,8 +5474,13 @@ TrustedPeerCert* GetTrustedPeer(void* vp, DecodedCert* cert)
 
     tp = cm->tpTable[row];
     while (tp) {
-        if (XMEMCMP(cert->subjectHash, tp->subjectNameHash,
+        if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash,
                 SIGNER_DIGEST_SIZE) == 0)
+        #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
+             && (XMEMCMP(cert->issuerHash, tp->issuerHash,
+                SIGNER_DIGEST_SIZE) == 0)
+        #endif
+            )
             ret = tp;
     #ifndef NO_SKID
         if (cert->extSubjKeyIdSet) {
@@ -5099,6 +5558,42 @@ Signer* GetCA(void* vp, byte* hash)
     return ret;
 }
 
+#if defined(HAVE_OCSP)
+Signer* GetCAByKeyHash(void* vp, const byte* keyHash)
+{
+    WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
+    Signer* ret = NULL;
+    Signer* signers;
+    int row;
+
+    if (cm == NULL || keyHash == NULL)
+        return NULL;
+
+    /* try lookup using keyHash as subjKeyID first */
+    ret = GetCA(vp, (byte*)keyHash);
+    if (ret != NULL && XMEMCMP(ret->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
+        return ret;
+    }
+
+    /* if we can't find the cert, we have to scan the full table */
+    if (wc_LockMutex(&cm->caLock) != 0)
+        return NULL;
+
+    /* Unfortunately we need to look through the entire table */
+    for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
+        for (signers = cm->caTable[row]; signers != NULL;
+                signers = signers->next) {
+            if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
+                ret = signers;
+                break;
+            }
+        }
+    }
+
+    wc_UnLockMutex(&cm->caLock);
+    return ret;
+}
+#endif
 #ifdef WOLFSSL_AKID_NAME
 Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz,
         const byte* serial, word32 serialSz)
@@ -5251,6 +5746,10 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
         #endif
             XMEMCPY(peerCert->subjectNameHash, cert->subjectHash,
                     SIGNER_DIGEST_SIZE);
+        #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
+            XMEMCPY(peerCert->issuerHash, cert->issuerHash,
+                    SIGNER_DIGEST_SIZE);
+        #endif
             /* If Key Usage not set, all uses valid. */
             peerCert->next    = NULL;
             cert->subjectCN = 0;
@@ -5429,6 +5928,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
                 break;
             #endif /* HAVE_FALCON */
             #if defined(HAVE_DILITHIUM)
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
             case DILITHIUM_LEVEL2k:
                 if (cm->minDilithiumKeySz < 0 ||
                     DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
@@ -5450,6 +5950,28 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
                     WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
                 }
                 break;
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+            case ML_DSA_LEVEL2k:
+                if (cm->minDilithiumKeySz < 0 ||
+                    ML_DSA_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
+                    ret = DILITHIUM_KEY_SIZE_E;
+                    WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
+                }
+                break;
+            case ML_DSA_LEVEL3k:
+                if (cm->minDilithiumKeySz < 0 ||
+                    ML_DSA_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
+                    ret = DILITHIUM_KEY_SIZE_E;
+                    WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
+                }
+                break;
+            case ML_DSA_LEVEL5k:
+                if (cm->minDilithiumKeySz < 0 ||
+                    ML_DSA_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
+                    ret = DILITHIUM_KEY_SIZE_E;
+                    WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
+                }
+                break;
             #endif /* HAVE_DILITHIUM */
 
             default:
@@ -5458,13 +5980,15 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
         }
     }
 
-    if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) {
+    if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA &&
+        type != WOLFSSL_TEMP_CA) {
         WOLFSSL_MSG("\tCan't add as CA if not actually one");
         ret = NOT_CA_ERROR;
     }
 #ifndef ALLOW_INVALID_CERTSIGN
     else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
-        !cert->selfSigned && (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
+        type != WOLFSSL_TEMP_CA && !cert->selfSigned &&
+        (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
         /* Intermediate CA certs are required to have the keyCertSign
         * extension set. User loaded root certs are not. */
         WOLFSSL_MSG("\tDoesn't have key usage certificate signing");
@@ -5490,6 +6014,29 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
         row = HashSigner(signer->subjectNameHash);
     #endif
 
+    #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
+        /* Verify CA by TSIP so that generated tsip key is going to          */
+        /* be able to be used for peer's cert verification                   */
+        /* TSIP is only able to handle USER CA, and only one CA.             */
+        /* Therefore, it doesn't need to call TSIP again if there is already */
+        /* verified CA.                                                      */
+        if ( ret == 0 && signer != NULL ) {
+            signer->cm_idx = row;
+            if (type == WOLFSSL_USER_CA) {
+                if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source,
+                        cert->maxIdx,
+                        cert->sigCtx.CertAtt.pubkey_n_start,
+                        cert->sigCtx.CertAtt.pubkey_n_len - 1,
+                        cert->sigCtx.CertAtt.pubkey_e_start,
+                        cert->sigCtx.CertAtt.pubkey_e_len - 1,
+                     row/* cm index */))
+                    < 0)
+                    WOLFSSL_MSG("Renesas_RootCertVerify() failed");
+                else
+                    WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
+            }
+        }
+    #endif /* TSIP or SCE */
 
         if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) {
             signer->next = cm->caTable[row];
@@ -5503,28 +6050,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
             ret = BAD_MUTEX_E;
         }
     }
-#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
-    /* Verify CA by TSIP so that generated tsip key is going to be able to */
-    /* be used for peer's cert verification                                */
-    /* TSIP is only able to handle USER CA, and only one CA.               */
-    /* Therefore, it doesn't need to call TSIP again if there is already   */
-    /* verified CA.                                                        */
-    if ( ret == 0 && signer != NULL ) {
-        signer->cm_idx = row;
-        if (type == WOLFSSL_USER_CA) {
-            if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, cert->maxIdx,
-                 cert->sigCtx.CertAtt.pubkey_n_start,
-                 cert->sigCtx.CertAtt.pubkey_n_len - 1,
-                 cert->sigCtx.CertAtt.pubkey_e_start,
-                cert->sigCtx.CertAtt.pubkey_e_len - 1,
-                 row/* cm index */))
-                < 0)
-                WOLFSSL_MSG("Renesas_RootCertVerify() failed");
-            else
-                WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
-        }
-    }
-#endif /* TSIP or SCE */
 
     WOLFSSL_MSG("\tFreeing Parsed CA");
     FreeDecodedCert(cert);
@@ -5549,12 +6074,48 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 static int wolfSSL_RAND_InitMutex(void);
 #endif
 
+/* If we don't have static mutex initializers, but we do have static atomic
+ * initializers, activate WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS to leverage
+ * the latter.
+ *
+ * See further explanation below in wolfSSL_Init().
+ */
+#ifndef WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+    #if !defined(WOLFSSL_MUTEX_INITIALIZER) && !defined(SINGLE_THREADED) && \
+            defined(WOLFSSL_ATOMIC_OPS) && defined(WOLFSSL_ATOMIC_INITIALIZER)
+        #define WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS 1
+    #else
+        #define WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS 0
+    #endif
+#elif defined(WOLFSSL_MUTEX_INITIALIZER) || defined(SINGLE_THREADED)
+    #undef WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+    #define WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS 0
+#endif
+
+#if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+    #ifndef WOLFSSL_ATOMIC_OPS
+        #error WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS requires WOLFSSL_ATOMIC_OPS
+    #endif
+    #ifndef WOLFSSL_ATOMIC_INITIALIZER
+        #error WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS requires WOLFSSL_ATOMIC_INITIALIZER
+    #endif
+    static wolfSSL_Atomic_Int inits_count_mutex_atomic_initing_flag =
+        WOLFSSL_ATOMIC_INITIALIZER(0);
+#endif /* WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS && !WOLFSSL_MUTEX_INITIALIZER */
+
 #if defined(OPENSSL_EXTRA) && defined(HAVE_ATEXIT)
 static void AtExitCleanup(void)
 {
     if (initRefCount > 0) {
         initRefCount = 1;
         (void)wolfSSL_Cleanup();
+#if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+        if (inits_count_mutex_valid == 1) {
+            (void)wc_FreeMutex(&inits_count_mutex);
+            inits_count_mutex_valid = 0;
+            inits_count_mutex_atomic_initing_flag = 0;
+        }
+#endif
     }
 }
 #endif
@@ -5571,8 +6132,31 @@ int wolfSSL_Init(void)
 
 #ifndef WOLFSSL_MUTEX_INITIALIZER
     if (inits_count_mutex_valid == 0) {
+    #if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+
+        /* Without this mitigation, if two threads enter wolfSSL_Init() at the
+         * same time, and both see zero inits_count_mutex_valid, then both will
+         * run wc_InitMutex(&inits_count_mutex), leading to process corruption
+         * or (best case) a resource leak.
+         *
+         * When WOLFSSL_ATOMIC_INITIALIZER() is available, we can mitigate this
+         * by use an atomic counting int as a mutex.
+         */
+
+        if (wolfSSL_Atomic_Int_FetchAdd(&inits_count_mutex_atomic_initing_flag,
+                                        1) != 0)
+        {
+            (void)wolfSSL_Atomic_Int_FetchSub(
+                &inits_count_mutex_atomic_initing_flag, 1);
+            return DEADLOCK_AVERTED_E;
+        }
+    #endif /* WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS */
         if (wc_InitMutex(&inits_count_mutex) != 0) {
             WOLFSSL_MSG("Bad Init Mutex count");
+    #if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+            (void)wolfSSL_Atomic_Int_FetchSub(
+                &inits_count_mutex_atomic_initing_flag, 1);
+    #endif
             return BAD_MUTEX_E;
         }
         else {
@@ -5679,6 +6263,11 @@ int wolfSSL_Init(void)
 #endif
     }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    /* System wide crypto policy disabled by default. */
+    XMEMSET(&crypto_policy, 0, sizeof(crypto_policy));
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
     if (ret == WOLFSSL_SUCCESS) {
         initRefCount++;
     }
@@ -5695,6 +6284,286 @@ int wolfSSL_Init(void)
     return ret;
 }
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+/* Helper function for wolfSSL_crypto_policy_enable and
+ * wolfSSL_crypto_policy_enable_buffer.
+ *
+ * Parses the crypto policy string, verifies values,
+ * and sets in global crypto policy struct. Not thread
+ * safe. String length has already been verified.
+ *
+ * Returns WOLFSSL_SUCCESS on success.
+ * Returns CRYPTO_POLICY_FORBIDDEN if already enabled.
+ * Returns < 0 on misc error.
+ * */
+static int crypto_policy_parse(void)
+{
+    const char * hdr = WOLFSSL_SECLEVEL_STR;
+    int          sec_level = 0;
+    size_t       i = 0;
+
+    /* All policies should begin with "@SECLEVEL=<N>" (N={0..5}) followed
+     * by bulk cipher list. */
+    if (XMEMCMP(crypto_policy.str, hdr, strlen(hdr)) != 0) {
+        WOLFSSL_MSG("error: crypto policy: invalid header");
+        return WOLFSSL_BAD_FILE;
+    }
+
+    {
+        /* Extract the security level. */
+        char *       policy_mem = crypto_policy.str;
+        policy_mem += strlen(hdr);
+        sec_level = (int) (*policy_mem - '0');
+    }
+
+    if (sec_level < MIN_WOLFSSL_SEC_LEVEL ||
+        sec_level > MAX_WOLFSSL_SEC_LEVEL) {
+        WOLFSSL_MSG_EX("error: invalid SECLEVEL: %d", sec_level);
+        return WOLFSSL_BAD_FILE;
+    }
+
+    /* Remove trailing '\r' or '\n'. */
+    for (i = 0; i < MAX_WOLFSSL_CRYPTO_POLICY_SIZE; ++i) {
+        if (crypto_policy.str[i] == '\0') {
+            break;
+        }
+
+        if (crypto_policy.str[i] == '\r' || crypto_policy.str[i] == '\n') {
+            crypto_policy.str[i] = '\0';
+            break;
+        }
+    }
+
+    #if defined(DEBUG_WOLFSSL_VERBOSE)
+    WOLFSSL_MSG_EX("info: SECLEVEL=%d", sec_level);
+    WOLFSSL_MSG_EX("info: using crypto-policy file: %s, %ld", policy_file, sz);
+    #endif /* DEBUG_WOLFSSL_VERBOSE */
+
+    crypto_policy.secLevel = sec_level;
+    crypto_policy.enabled = 1;
+
+    return WOLFSSL_SUCCESS;
+}
+
+#ifndef NO_FILESYSTEM
+/* Enables wolfSSL system wide crypto-policy, using the given policy
+ * file arg. If NULL is passed, then the default system crypto-policy
+ * file that was set at configure time will be used instead.
+ *
+ * While enabled:
+ *   - TLS methods, min key sizes, and cipher lists are all configured
+ *     automatically by the policy.
+ *   - Attempting to use lesser strength parameters will fail with
+ *     error CRYPTO_POLICY_FORBIDDEN.
+ *
+ * Disable with wolfSSL_crypto_policy_disable.
+ *
+ * Note: the wolfSSL_crypto_policy_X API are not thread safe, and should
+ * only be called at program init time.
+ *
+ * Returns WOLFSSL_SUCCESS on success.
+ * Returns CRYPTO_POLICY_FORBIDDEN if already enabled.
+ * Returns < 0 on misc error.
+ * */
+int wolfSSL_crypto_policy_enable(const char * policy_file)
+{
+    XFILE   file;
+    long    sz = 0;
+    size_t  n_read = 0;
+
+    WOLFSSL_ENTER("wolfSSL_crypto_policy_enable");
+
+    if (wolfSSL_crypto_policy_is_enabled()) {
+        WOLFSSL_MSG_EX("error: crypto policy already enabled: %s",
+                       policy_file);
+        return CRYPTO_POLICY_FORBIDDEN;
+    }
+
+    if (policy_file == NULL) {
+        /* Use the configure-time default if NULL passed. */
+        policy_file = WC_STRINGIFY(WOLFSSL_CRYPTO_POLICY_FILE);
+    }
+
+    if (policy_file == NULL || *policy_file == '\0') {
+        WOLFSSL_MSG("error: crypto policy empty file");
+        return BAD_FUNC_ARG;
+    }
+
+    XMEMSET(&crypto_policy, 0, sizeof(crypto_policy));
+
+    file = XFOPEN(policy_file, "rb");
+
+    if (file == XBADFILE) {
+        WOLFSSL_MSG_EX("error: crypto policy file open failed: %s",
+                       policy_file);
+        return WOLFSSL_BAD_FILE;
+    }
+
+    if (XFSEEK(file, 0, XSEEK_END) != 0) {
+        WOLFSSL_MSG_EX("error: crypto policy file seek end failed: %s",
+                       policy_file);
+        XFCLOSE(file);
+        return WOLFSSL_BAD_FILE;
+    }
+
+    sz = XFTELL(file);
+
+    if (XFSEEK(file, 0, XSEEK_SET) != 0) {
+        WOLFSSL_MSG_EX("error: crypto policy file seek failed: %s",
+                       policy_file);
+        XFCLOSE(file);
+        return WOLFSSL_BAD_FILE;
+    }
+
+    if (sz <= 0 || sz > MAX_WOLFSSL_CRYPTO_POLICY_SIZE) {
+        WOLFSSL_MSG_EX("error: crypto policy file %s, invalid size: %ld",
+                       policy_file, sz);
+        XFCLOSE(file);
+        return WOLFSSL_BAD_FILE;
+    }
+
+    n_read = XFREAD(crypto_policy.str, 1, sz, file);
+    XFCLOSE(file);
+
+    if (n_read != (size_t) sz) {
+        WOLFSSL_MSG_EX("error: crypto policy file %s: read %zu, "
+                       "expected %ld", policy_file, n_read, sz);
+        return WOLFSSL_BAD_FILE;
+    }
+
+    crypto_policy.str[n_read] = '\0';
+
+    return crypto_policy_parse();
+}
+#endif /* ! NO_FILESYSTEM */
+
+/* Same behavior as wolfSSL_crypto_policy_enable, but loads
+ * via memory buf instead of file.
+ *
+ * Returns WOLFSSL_SUCCESS on success.
+ * Returns CRYPTO_POLICY_FORBIDDEN if already enabled.
+ * Returns < 0 on misc error.
+ * */
+int wolfSSL_crypto_policy_enable_buffer(const char * buf)
+{
+    size_t sz = 0;
+
+    WOLFSSL_ENTER("wolfSSL_crypto_policy_enable_buffer");
+
+    if (wolfSSL_crypto_policy_is_enabled()) {
+        WOLFSSL_MSG_EX("error: crypto policy already enabled");
+        return CRYPTO_POLICY_FORBIDDEN;
+    }
+
+    if (buf == NULL || *buf == '\0') {
+        return BAD_FUNC_ARG;
+    }
+
+    sz = XSTRLEN(buf);
+
+    if (sz == 0 || sz > MAX_WOLFSSL_CRYPTO_POLICY_SIZE) {
+        return BAD_FUNC_ARG;
+    }
+
+    XMEMSET(&crypto_policy, 0, sizeof(crypto_policy));
+    XMEMCPY(crypto_policy.str, buf, sz);
+
+    return crypto_policy_parse();
+}
+
+/* Returns whether the system wide crypto-policy is enabled.
+ *
+ * Returns 1 if enabled.
+ *         0 if disabled.
+ * */
+int wolfSSL_crypto_policy_is_enabled(void)
+{
+    WOLFSSL_ENTER("wolfSSL_crypto_policy_is_enabled");
+
+    return crypto_policy.enabled == 1;
+}
+
+/* Disables the system wide crypto-policy.
+ * note: SSL and CTX structures already instantiated will
+ * keep their security policy parameters. This will only
+ * affect new instantiations.
+ * */
+void wolfSSL_crypto_policy_disable(void)
+{
+    WOLFSSL_ENTER("wolfSSL_crypto_policy_disable");
+    crypto_policy.enabled = 0;
+    XMEMSET(&crypto_policy, 0, sizeof(crypto_policy));
+    return;
+}
+
+/* Get the crypto-policy bulk cipher list string.
+ * String is not owned by caller, should not be freed.
+ *
+ * Returns pointer to bulk cipher list string.
+ * Returns NULL if NOT enabled, or on error.
+ * */
+const char * wolfSSL_crypto_policy_get_ciphers(void)
+{
+    WOLFSSL_ENTER("wolfSSL_crypto_policy_get_ciphers");
+
+    if (crypto_policy.enabled == 1) {
+        /* The crypto policy config will have
+         * this form:
+         *   "@SECLEVEL=2:kEECDH:kRSA..." */
+        return crypto_policy.str;
+    }
+
+    return NULL;
+}
+
+/* Get the configured crypto-policy security level.
+ * A security level of 0 does not impose any additional
+ * restrictions.
+ *
+ * Returns 1 - 5 if enabled.
+ * Returns 0 if NOT enabled.
+ * */
+int wolfSSL_crypto_policy_get_level(void)
+{
+    if (crypto_policy.enabled == 1) {
+        return crypto_policy.secLevel;
+    }
+
+    return 0;
+}
+
+/* Get security level from ssl structure.
+ * @param ssl  a pointer to WOLFSSL structure
+ */
+int wolfSSL_get_security_level(const WOLFSSL * ssl)
+{
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    return ssl->secLevel;
+}
+
+#ifndef NO_WOLFSSL_STUB
+/*
+ * Set security level (wolfSSL doesn't support setting the security level).
+ *
+ * The security level can only be set through a system wide crypto-policy
+ * with wolfSSL_crypto_policy_enable().
+ *
+ * @param ssl  a pointer to WOLFSSL structure
+ * @param level security level
+ */
+void wolfSSL_set_security_level(WOLFSSL * ssl, int level)
+{
+    WOLFSSL_ENTER("wolfSSL_set_security_level");
+    (void)ssl;
+    (void)level;
+}
+#endif /* !NO_WOLFSSL_STUB */
+
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 
 #define WOLFSSL_SSL_LOAD_INCLUDED
 #include <src/ssl_load.c>
@@ -5944,6 +6813,17 @@ int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
         return BAD_FUNC_ARG;
 }
 
+int wolfSSL_SetCRL_ErrorCb(WOLFSSL* ssl, crlErrorCb cb, void* ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
+    if (ssl) {
+        SSL_CM_WARNING(ssl);
+        return wolfSSL_CertManagerSetCRL_ErrorCb(SSL_CM(ssl), cb, ctx);
+    }
+    else
+        return BAD_FUNC_ARG;
+}
+
 #ifdef HAVE_CRL_IO
 int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb)
 {
@@ -6009,6 +6889,15 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
         return BAD_FUNC_ARG;
 }
 
+int wolfSSL_CTX_SetCRL_ErrorCb(WOLFSSL_CTX* ctx, crlErrorCb cb, void* cbCtx)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_ErrorCb");
+    if (ctx)
+        return wolfSSL_CertManagerSetCRL_ErrorCb(ctx->cm, cb, cbCtx);
+    else
+        return BAD_FUNC_ARG;
+}
+
 #ifdef HAVE_CRL_IO
 int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb)
 {
@@ -6101,9 +6990,15 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
     }
 #endif
 #if defined(HAVE_DILITHIUM)
-    if ((keyOID == DILITHIUM_LEVEL2k) ||
-        (keyOID == DILITHIUM_LEVEL3k) ||
-        (keyOID == DILITHIUM_LEVEL5k)) {
+    if ((keyOID == ML_DSA_LEVEL2k) ||
+        (keyOID == ML_DSA_LEVEL3k) ||
+        (keyOID == ML_DSA_LEVEL5k)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (keyOID == DILITHIUM_LEVEL2k)
+     || (keyOID == DILITHIUM_LEVEL3k)
+     || (keyOID == DILITHIUM_LEVEL5k)
+        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+        ) {
         type = DYNAMIC_TYPE_DILITHIUM;
     }
 #endif
@@ -6133,9 +7028,15 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
         }
         #endif
         #if defined(HAVE_DILITHIUM)
-        if ((keyOID == DILITHIUM_LEVEL2k) ||
-            (keyOID == DILITHIUM_LEVEL3k) ||
-            (keyOID == DILITHIUM_LEVEL5k)) {
+        if ((keyOID == ML_DSA_LEVEL2k) ||
+            (keyOID == ML_DSA_LEVEL3k) ||
+            (keyOID == ML_DSA_LEVEL5k)
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+         || (keyOID == DILITHIUM_LEVEL2k)
+         || (keyOID == DILITHIUM_LEVEL3k)
+         || (keyOID == DILITHIUM_LEVEL5k)
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+            ) {
             ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
                                         WC_PQC_SIG_TYPE_DILITHIUM,
                                         pubKey, pubSz);
@@ -6172,9 +7073,15 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
         }
     #endif
     #if defined(HAVE_DILITHIUM)
-        if ((keyOID == DILITHIUM_LEVEL2k) ||
-            (keyOID == DILITHIUM_LEVEL3k) ||
-            (keyOID == DILITHIUM_LEVEL5k)) {
+        if ((keyOID == ML_DSA_LEVEL2k) ||
+            (keyOID == ML_DSA_LEVEL3k) ||
+            (keyOID == ML_DSA_LEVEL5k)
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+         || (keyOID == DILITHIUM_LEVEL2k)
+         || (keyOID == DILITHIUM_LEVEL3k)
+         || (keyOID == DILITHIUM_LEVEL5k)
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+            ) {
             wc_dilithium_free((dilithium_key*)pkey);
         }
     #endif
@@ -6206,7 +7113,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
 #endif
     word32 size;
     byte*  buff;
-    int    ret = WOLFSSL_FAILURE;
+    int    ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("check_cert_key");
 
@@ -6250,7 +7157,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
     if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
 #endif /* WOLF_PRIVATE_KEY_ID */
     {
-        ret = wc_CheckPrivateKeyCert(buff, size, der, 0);
+        ret = wc_CheckPrivateKeyCert(buff, size, der, 0, heap);
         ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
     }
 
@@ -6310,7 +7217,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
         if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
 #endif /* WOLF_PRIVATE_KEY_ID */
         {
-            ret = wc_CheckPrivateKeyCert(buff, size, der, 1);
+            ret = wc_CheckPrivateKeyCert(buff, size, der, 1, heap);
             ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
         }
     }
@@ -6386,6 +7293,11 @@ int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
 #endif
 #endif
 
+    /* placing error into error queue for Python port */
+    if (res != WOLFSSL_SUCCESS) {
+        WOLFSSL_ERROR(WC_KEY_MISMATCH_E);
+    }
+
     return res;
 }
 #endif /* !NO_CHECK_PRIVATE_KEY */
@@ -6412,17 +7324,17 @@ WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx)
     switch (ctx->privateKeyType) {
 #ifndef NO_RSA
         case rsa_sa_algo:
-            type = EVP_PKEY_RSA;
+            type = WC_EVP_PKEY_RSA;
             break;
 #endif
 #ifdef HAVE_ECC
         case ecc_dsa_sa_algo:
-            type = EVP_PKEY_EC;
+            type = WC_EVP_PKEY_EC;
             break;
 #endif
 #ifdef WOLFSSL_SM2
         case sm2_sa_algo:
-            type = EVP_PKEY_EC;
+            type = WC_EVP_PKEY_EC;
             break;
 #endif
         default:
@@ -6494,7 +7406,7 @@ static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 #endif
 
     if (!isRsaKey) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -6509,7 +7421,7 @@ static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
     }
 
     pkey->pkey_sz = (int)keyIdx;
-    pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
+    pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL,
             priv ? DYNAMIC_TYPE_PRIVATE_KEY :
                    DYNAMIC_TYPE_PUBLIC_KEY);
     if (pkey->pkey.ptr == NULL) {
@@ -6517,7 +7429,7 @@ static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
     }
     if (ret == 1) {
         XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
-        pkey->type = EVP_PKEY_RSA;
+        pkey->type = WC_EVP_PKEY_RSA;
 
         pkey->ownRsa = 1;
         pkey->rsa = wolfssl_rsa_d2i(NULL, mem, memSz,
@@ -6578,7 +7490,7 @@ static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 #endif
 
     if (!isEccKey) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -6601,7 +7513,7 @@ static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
     }
     if (ret == 1) {
         XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
-        pkey->type = EVP_PKEY_EC;
+        pkey->type = WC_EVP_PKEY_EC;
 
         pkey->ownEcc = 1;
         pkey->ecc = wolfSSL_EC_KEY_new();
@@ -6666,7 +7578,7 @@ static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 
     /* test if DSA key */
     if (!isDsaKey) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -6681,7 +7593,7 @@ static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
     }
 
     pkey->pkey_sz = (int)keyIdx;
-    pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
+    pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL,
             priv ? DYNAMIC_TYPE_PRIVATE_KEY :
                    DYNAMIC_TYPE_PUBLIC_KEY);
     if (pkey->pkey.ptr == NULL) {
@@ -6689,7 +7601,7 @@ static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
     }
     if (ret == 1) {
         XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
-        pkey->type = EVP_PKEY_DSA;
+        pkey->type = WC_EVP_PKEY_DSA;
 
         pkey->ownDsa = 1;
         pkey->dsa = wolfSSL_DSA_new();
@@ -6750,7 +7662,7 @@ static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 
     /* test if DH key */
     if (!isDhKey) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -6765,15 +7677,15 @@ static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
     }
 
     pkey->pkey_sz = (int)memSz;
-    pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
+    pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL,
             priv ? DYNAMIC_TYPE_PRIVATE_KEY :
                    DYNAMIC_TYPE_PUBLIC_KEY);
     if (pkey->pkey.ptr == NULL) {
         ret = 0;
     }
     if (ret == 1) {
-        XMEMCPY(pkey->pkey.ptr, mem, memSz);
-        pkey->type = EVP_PKEY_DH;
+        XMEMCPY(pkey->pkey.ptr, mem, (size_t)memSz);
+        pkey->type = WC_EVP_PKEY_DH;
 
         pkey->ownDh = 1;
         pkey->dh = wolfSSL_DH_new();
@@ -6834,7 +7746,7 @@ static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 #endif
 
     if (ret != 0) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -6848,16 +7760,16 @@ static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
     }
 
     ret = 1;
-    pkey->type     = EVP_PKEY_DH;
+    pkey->type     = WC_EVP_PKEY_DH;
     pkey->pkey_sz  = (int)memSz;
-    pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
+    pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL,
             priv ? DYNAMIC_TYPE_PRIVATE_KEY :
                    DYNAMIC_TYPE_PUBLIC_KEY);
     if (pkey->pkey.ptr == NULL) {
         ret = 0;
     }
     if (ret == 1) {
-        XMEMCPY(pkey->pkey.ptr, mem, memSz);
+        XMEMCPY(pkey->pkey.ptr, mem, (size_t)memSz);
         pkey->ownDh = 1;
         pkey->dh = wolfSSL_DH_new();
         if (pkey->dh == NULL) {
@@ -6949,7 +7861,7 @@ static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 #endif
 
     if (!isFalcon) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -6964,7 +7876,7 @@ static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
             return 0;
         }
     }
-    pkey->type = EVP_PKEY_FALCON;
+    pkey->type = WC_EVP_PKEY_FALCON;
     pkey->pkey.ptr = NULL;
     pkey->pkey_sz = 0;
 
@@ -6999,31 +7911,31 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 
     /* Test if Dilithium key. Try all levels. */
     if (priv) {
-        isDilithium = ((wc_dilithium_set_level(dilithium, 2) == 0) &&
+        isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) &&
                        (wc_dilithium_import_private(mem,
                           (word32)memSz, dilithium) == 0));
         if (!isDilithium) {
-            isDilithium = ((wc_dilithium_set_level(dilithium, 3) == 0) &&
+            isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) &&
                            (wc_dilithium_import_private(mem,
                               (word32)memSz, dilithium) == 0));
         }
         if (!isDilithium) {
-            isDilithium = ((wc_dilithium_set_level(dilithium, 5) == 0) &&
+            isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) &&
                            (wc_dilithium_import_private(mem,
                               (word32)memSz, dilithium) == 0));
         }
     }
     else {
-        isDilithium = ((wc_dilithium_set_level(dilithium, 2) == 0) &&
+        isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) &&
                        (wc_dilithium_import_public(mem, (word32)memSz,
                           dilithium) == 0));
         if (!isDilithium) {
-            isDilithium = ((wc_dilithium_set_level(dilithium, 3) == 0) &&
+            isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) &&
                            (wc_dilithium_import_public(mem, (word32)memSz,
                               dilithium) == 0));
         }
         if (!isDilithium) {
-            isDilithium = ((wc_dilithium_set_level(dilithium, 5) == 0) &&
+            isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) &&
                            (wc_dilithium_import_public(mem, (word32)memSz,
                               dilithium) == 0));
         }
@@ -7034,7 +7946,7 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
 #endif
 
     if (!isDilithium) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (*out != NULL) {
@@ -7049,7 +7961,7 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
             return 0;
         }
     }
-    pkey->type = EVP_PKEY_DILITHIUM;
+    pkey->type = WC_EVP_PKEY_DILITHIUM;
     pkey->pkey.ptr = NULL;
     pkey->pkey_sz = 0;
 
@@ -7144,29 +8056,51 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
     WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL;
 #ifdef WOLFSSL_PEM_TO_DER
     int ret;
-    DerBuffer* der = NULL;
+    DerBuffer* pkcs8Der = NULL;
+    DerBuffer rawDer;
+    EncryptedInfo info;
+    int advanceLen = 0;
+
+    XMEMSET(&info, 0, sizeof(info));
+    XMEMSET(&rawDer, 0, sizeof(rawDer));
 
     if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) {
         WOLFSSL_MSG("Bad key PEM/DER args");
         return NULL;
     }
 
-    ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL);
+    ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &pkcs8Der, NULL, &info,
+                   NULL);
     if (ret < 0) {
         WOLFSSL_MSG("Not PEM format");
-        ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL);
+        ret = AllocDer(&pkcs8Der, (word32)keyLen, PRIVATEKEY_TYPE, NULL);
         if (ret == 0) {
-            XMEMCPY(der->buffer, *keyBuf, keyLen);
+            XMEMCPY(pkcs8Der->buffer, *keyBuf, keyLen);
         }
     }
+    else {
+        advanceLen = (int)info.consumed;
+    }
 
     if (ret == 0) {
         /* Verify this is PKCS8 Key */
         word32 inOutIdx = 0;
         word32 algId;
-        ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length,
-            &algId);
+        ret = ToTraditionalInline_ex(pkcs8Der->buffer, &inOutIdx,
+                pkcs8Der->length, &algId);
         if (ret >= 0) {
+            if (advanceLen == 0) /* Set only if not PEM */
+                advanceLen = (int)inOutIdx + ret;
+            if (algId == DHk) {
+                /* Special case for DH as we expect the DER buffer to be always
+                 * be in PKCS8 format */
+                rawDer.buffer = pkcs8Der->buffer;
+                rawDer.length = inOutIdx + (word32)ret;
+            }
+            else {
+                rawDer.buffer = pkcs8Der->buffer + inOutIdx;
+                rawDer.length = (word32)ret;
+            }
             ret = 0; /* good DER */
         }
     }
@@ -7177,21 +8111,24 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
             ret = MEMORY_E;
     }
     if (ret == 0) {
-        pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL,
+        pkcs8->pkey.ptr = (char*)XMALLOC(rawDer.length, NULL,
             DYNAMIC_TYPE_PUBLIC_KEY);
         if (pkcs8->pkey.ptr == NULL)
             ret = MEMORY_E;
     }
     if (ret == 0) {
-        XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length);
-        pkcs8->pkey_sz = (int)der->length;
+        XMEMCPY(pkcs8->pkey.ptr, rawDer.buffer, rawDer.length);
+        pkcs8->pkey_sz = (int)rawDer.length;
     }
 
-    FreeDer(&der);
+    FreeDer(&pkcs8Der);
     if (ret != 0) {
         wolfSSL_EVP_PKEY_free(pkcs8);
         pkcs8 = NULL;
     }
+    else {
+        *keyBuf += advanceLen;
+    }
     if (pkey != NULL) {
         *pkey = pkcs8;
     }
@@ -7204,6 +8141,48 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
     return pkcs8;
 }
 
+#ifdef OPENSSL_ALL
+int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp)
+{
+    word32 keySz = 0;
+    unsigned char* out;
+    int len;
+
+    WOLFSSL_ENTER("wolfSSL_i2d_PKCS8_PKEY");
+
+    if (key == NULL)
+        return WOLFSSL_FATAL_ERROR;
+
+    if (pkcs8_encode(key, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
+        return WOLFSSL_FATAL_ERROR;
+    len = (int)keySz;
+
+    if ((pp == NULL) || (len == 0))
+        return len;
+
+    if (*pp == NULL) {
+        out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
+        if (out == NULL)
+            return WOLFSSL_FATAL_ERROR;
+    }
+    else {
+        out = *pp;
+    }
+
+    if (pkcs8_encode(key, out, &keySz) != len) {
+        if (*pp == NULL)
+            XFREE(out, NULL, DYNAMIC_TYPE_ASN1);
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (*pp == NULL)
+        *pp = out;
+    else
+        *pp += len;
+
+    return len;
+}
+#endif
 
 #ifndef NO_BIO
 /* put SSL type in extra for now, not very common */
@@ -7272,7 +8251,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
         return NULL;
     }
 
-    mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap,
+                                DYNAMIC_TYPE_TMP_BUFFER);
     if (mem == NULL) {
         return NULL;
     }
@@ -7331,15 +8311,16 @@ static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key,
         if (*der) {
             /* since this function signature has no size value passed in it is
              * assumed that the user has allocated a large enough buffer */
-            XMEMCPY(*der, pt + pkcs8HeaderSz, sz);
+            XMEMCPY(*der, pt + pkcs8HeaderSz, (size_t)sz);
             *der += sz;
         }
         else {
-            *der = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL);
+            *der = (unsigned char*)XMALLOC((size_t)sz, NULL,
+                                                DYNAMIC_TYPE_OPENSSL);
             if (*der == NULL) {
                 return WOLFSSL_FATAL_ERROR;
             }
-            XMEMCPY(*der, pt + pkcs8HeaderSz, sz);
+            XMEMCPY(*der, pt + pkcs8HeaderSz, (size_t)sz);
         }
     }
     return sz;
@@ -7376,14 +8357,14 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
             WOLFSSL_MSG("Found PKCS8 header");
             pkcs8HeaderSz = (word16)idx;
 
-            if ((type == EVP_PKEY_RSA && algId != RSAk
+            if ((type == WC_EVP_PKEY_RSA && algId != RSAk
             #ifdef WC_RSA_PSS
                  && algId != RSAPSSk
             #endif
                  ) ||
-                (type == EVP_PKEY_EC && algId != ECDSAk) ||
-                (type == EVP_PKEY_DSA && algId != DSAk) ||
-                (type == EVP_PKEY_DH && algId != DHk)) {
+                (type == WC_EVP_PKEY_EC && algId != ECDSAk) ||
+                (type == WC_EVP_PKEY_DSA && algId != DSAk) ||
+                (type == WC_EVP_PKEY_DH && algId != DHk)) {
                 WOLFSSL_MSG("PKCS8 does not match EVP key type");
                 return NULL;
             }
@@ -7411,19 +8392,20 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
     local->type     = type;
     local->pkey_sz  = (int)inSz;
     local->pkcs8HeaderSz = pkcs8HeaderSz;
-    local->pkey.ptr = (char*)XMALLOC(inSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
+    local->pkey.ptr = (char*)XMALLOC((size_t)inSz, NULL,
+                                        DYNAMIC_TYPE_PUBLIC_KEY);
     if (local->pkey.ptr == NULL) {
         wolfSSL_EVP_PKEY_free(local);
         local = NULL;
         return NULL;
     }
     else {
-        XMEMCPY(local->pkey.ptr, *in, inSz);
+        XMEMCPY(local->pkey.ptr, *in, (size_t)inSz);
     }
 
     switch (type) {
 #ifndef NO_RSA
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             opt = priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC;
             local->ownRsa = 1;
             local->rsa = wolfssl_rsa_d2i(NULL,
@@ -7435,7 +8417,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
             break;
 #endif /* NO_RSA */
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             local->ownEcc = 1;
             local->ecc = wolfSSL_EC_KEY_new();
             if (local->ecc == NULL) {
@@ -7455,7 +8437,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
 #endif /* HAVE_ECC */
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
 #ifndef NO_DSA
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
             local->ownDsa = 1;
             local->dsa = wolfSSL_DSA_new();
             if (local->dsa == NULL) {
@@ -7474,7 +8456,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
 #endif /* NO_DSA */
 #ifndef NO_DH
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
-        case EVP_PKEY_DH:
+        case WC_EVP_PKEY_DH:
             local->ownDh = 1;
             local->dh = wolfSSL_DH_new();
             if (local->dh == NULL) {
@@ -7559,7 +8541,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out,
 
     switch (type) {
 #ifndef NO_RSA
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
         {
             RsaKey* key;
             local->ownRsa = 1;
@@ -7578,7 +8560,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out,
         }
 #endif /* !NO_RSA */
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
         {
             ecc_key* key;
             local->ownEcc = 1;
@@ -8349,11 +9331,19 @@ static int CheckcipherList(const char* list)
         char   name[MAX_SUITE_NAME + 1];
         word32 length = MAX_SUITE_NAME;
         word32 current_length;
+        byte major = INVALID_BYTE;
+        byte minor = INVALID_BYTE;
 
         next   = XSTRSTR(next, ":");
 
-        current_length = (!next) ? (word32)XSTRLEN(current)
-                                 : (word32)(next - current);
+        if (next) {
+            current_length = (word32)(next - current);
+            ++next; /* increment to skip ':' */
+        }
+        else {
+            current_length = (word32)XSTRLEN(current);
+        }
+
         if (current_length == 0) {
             break;
         }
@@ -8373,10 +9363,10 @@ static int CheckcipherList(const char* list)
             break;
         }
 
-        ret = wolfSSL_get_cipher_suite_from_name(name, &cipherSuite0,
-                                                        &cipherSuite1, &flags);
+        ret = GetCipherSuiteFromName(name, &cipherSuite0,
+                &cipherSuite1, &major, &minor, &flags);
         if (ret == 0) {
-            if (cipherSuite0 == TLS13_BYTE) {
+            if (cipherSuite0 == TLS13_BYTE || minor == TLSv1_3_MINOR) {
                 /* TLSv13 suite */
                 findTLSv13Suites = 1;
             }
@@ -8410,8 +9400,7 @@ static int CheckcipherList(const char* list)
             /* list has mixed suites */
             return 0;
         }
-    }
-    while (next++); /* increment to skip ':' */
+    } while (next);
 
     if (findTLSv13Suites == 0 && findbeforeSuites == 1) {
         ret = 1;/* only before TLSv13 suites */
@@ -8477,10 +9466,6 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     }
 
     /* list contains ciphers either only for TLS 1.3 or <= TLS 1.2 */
-    if (suites->suiteSz == 0) {
-        WOLFSSL_MSG("Warning suites->suiteSz = 0 set to WOLFSSL_MAX_SUITE_SZ");
-        suites->suiteSz = WOLFSSL_MAX_SUITE_SZ;
-    }
 #ifdef WOLFSSL_SMALL_STACK
     if (suites->suiteSz > 0) {
         suitesCpy = (byte*)XMALLOC(suites->suiteSz, NULL,
@@ -8507,6 +9492,12 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         return WOLFSSL_FAILURE;
     }
 
+    /* The idea in this section is that OpenSSL has two API to set ciphersuites.
+     *   - SSL_CTX_set_cipher_list for setting TLS <= 1.2 suites
+     *   - SSL_CTX_set_ciphersuites for setting TLS 1.3 suites
+     * Since we direct both API here we attempt to provide API compatibility. If
+     * we only get suites from <= 1.2 or == 1.3 then we will only update those
+     * suites and keep the suites from the other group. */
     for (i = 0; i < suitesCpySz &&
                 suites->suiteSz <= (WOLFSSL_MAX_SUITE_SZ - SUITE_LEN); i += 2) {
         /* Check for duplicates */
@@ -8896,14 +9887,14 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
     int result = WOLFSSL_SUCCESS;
     WOLFSSL_ENTER("wolfSSL_dtls_got_timeout");
 
-    if (ssl == NULL)
+    if (ssl == NULL || !ssl->options.dtls)
         return WOLFSSL_FATAL_ERROR;
 
 #ifdef WOLFSSL_DTLS13
-    if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
+    if (IsAtLeastTLSv1_3(ssl->version)) {
         result = Dtls13RtxTimeout(ssl);
         if (result < 0) {
-            if (result == WANT_WRITE)
+            if (result == WC_NO_ERR_TRACE(WANT_WRITE))
                 ssl->dtls13SendingAckOrRtx = 1;
             ssl->error = result;
             WOLFSSL_ERROR(result);
@@ -8914,7 +9905,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
     }
 #endif /* WOLFSSL_DTLS13 */
 
-    if ((IsSCR(ssl) || !ssl->options.handShakeDone)) {
+    /* Do we have any 1.2 messages stored? */
+    if (ssl->dtls_tx_msg_list != NULL || ssl->dtls_tx_msg != NULL) {
         if (DtlsMsgPoolTimeout(ssl) < 0){
             ssl->error = SOCKET_ERROR_E;
             WOLFSSL_ERROR(ssl->error);
@@ -8945,7 +9937,13 @@ int wolfSSL_dtls_retransmit(WOLFSSL* ssl)
         return WOLFSSL_FATAL_ERROR;
 
     if (!ssl->options.handShakeDone) {
-        int result = DtlsMsgPoolSend(ssl, 0);
+        int result;
+#ifdef WOLFSSL_DTLS13
+        if (IsAtLeastTLSv1_3(ssl->version))
+            result = Dtls13DoScheduledWork(ssl);
+        else
+#endif
+            result = DtlsMsgPoolSend(ssl, 0);
         if (result < 0) {
             ssl->error = result;
             WOLFSSL_ERROR(result);
@@ -8953,7 +9951,7 @@ int wolfSSL_dtls_retransmit(WOLFSSL* ssl)
         }
     }
 
-    return 0;
+    return WOLFSSL_SUCCESS;
 }
 
 #endif /* DTLS */
@@ -9027,7 +10025,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
 
 
 /* EITHER SIDE METHODS */
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
+#if !defined(NO_TLS) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE))
     WOLFSSL_METHOD* wolfSSLv23_method(void)
     {
         return wolfSSLv23_method_ex(NULL);
@@ -9073,10 +10071,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
     }
     #endif
     #endif
-#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
+#endif /* !NO_TLS && (OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE) */
 
 /* client only parts */
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
 
     #if defined(OPENSSL_EXTRA) && !defined(NO_OLD_TLS)
     WOLFSSL_METHOD* wolfSSLv2_client_method(void)
@@ -9170,8 +10168,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
 
     #ifdef OPENSSL_EXTRA
         if (ssl->CBIS != NULL) {
-            ssl->CBIS(ssl, SSL_ST_CONNECT, WOLFSSL_SUCCESS);
-            ssl->cbmode = SSL_CB_WRITE;
+            ssl->CBIS(ssl, WOLFSSL_ST_CONNECT, WOLFSSL_SUCCESS);
+            ssl->cbmode = WOLFSSL_CB_WRITE;
         }
     #endif
     #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
@@ -9243,7 +10241,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* do not send buffered or advance state if last error was an
                 async pending operation */
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             ret = SendBuffered(ssl);
@@ -9342,7 +10340,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                      * should just ignore the message */
                     ssl->dtls13Rtx.sendAcks = 0;
                     if ((ssl->error = SendDtls13Ack(ssl)) < 0) {
-                        if (ssl->error == WANT_WRITE)
+                        if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE))
                             ssl->dtls13SendingAckOrRtx = 1;
                         WOLFSSL_ERROR(ssl->error);
                         return WOLFSSL_FATAL_ERROR;
@@ -9443,7 +10441,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
                     ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
                 #endif
 #ifdef WOLFSSL_EXTRA_ALERTS
-                    if (ssl->error == NO_PEER_KEY ||
+                    if (ssl->error == WC_NO_ERR_TRACE(NO_PEER_KEY) ||
                         ssl->error == WC_NO_ERR_TRACE(PSK_KEY_ERROR)) {
                         SendAlert(ssl, alert_fatal, handshake_failure);
                     }
@@ -9576,11 +10574,11 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
     #endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS || !WOLFSSL_TLS13 */
     }
 
-#endif /* NO_WOLFSSL_CLIENT */
-
+#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */
+/* end client only parts */
 
 /* server only parts */
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
 
     #if defined(OPENSSL_EXTRA) && !defined(NO_OLD_TLS)
     WOLFSSL_METHOD* wolfSSLv2_server_method(void)
@@ -9794,7 +10792,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         #ifdef WOLFSSL_ASYNC_CRYPT
             /* do not send buffered or advance state if last error was an
                 async pending operation */
-            && ssl->error != WC_PENDING_E
+            && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             ret = SendBuffered(ssl);
@@ -10110,16 +11108,88 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
             WOLFSSL_LEAVE("wolfSSL_accept", WOLFSSL_SUCCESS);
             return WOLFSSL_SUCCESS;
 
-        default :
+        default:
             WOLFSSL_MSG("Unknown accept state ERROR");
             return WOLFSSL_FATAL_ERROR;
         }
 #endif /* !WOLFSSL_NO_TLS12 */
     }
 
-#endif /* NO_WOLFSSL_SERVER */
+#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */
+/* end server only parts */
+
 
 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
+struct chGoodDisableReadCbCtx {
+    ClientHelloGoodCb userCb;
+    void*             userCtx;
+};
+
+static int chGoodDisableReadCB(WOLFSSL* ssl, void* ctx)
+{
+    struct chGoodDisableReadCbCtx* cb = (struct chGoodDisableReadCbCtx*)ctx;
+    int ret = 0;
+    if (cb->userCb != NULL)
+        ret = cb->userCb(ssl, cb->userCtx);
+    if (ret >= 0)
+        wolfSSL_SSLDisableRead(ssl);
+    return ret;
+}
+
+/**
+ * Statelessly listen for a connection
+ * @param ssl The ssl object to use for listening to connections
+ * @return WOLFSSL_SUCCESS - ClientHello containing a valid cookie was received
+ *                           The connection can be continued with wolfSSL_accept
+ *         WOLFSSL_FAILURE - The I/O layer returned WANT_READ. This is either
+ *                           because there is no data to read and we are using
+ *                           non-blocking sockets or we sent a cookie request
+ *                           and we are waiting for a reply. The user should
+ *                           call wolfDTLS_accept_stateless again after data
+ *                           becomes available in the I/O layer.
+ *         WOLFSSL_FATAL_ERROR - A fatal error occurred. The ssl object should
+ *                           be free'd and allocated again to continue.
+ */
+int wolfDTLS_accept_stateless(WOLFSSL* ssl)
+{
+    byte disableRead;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
+    struct chGoodDisableReadCbCtx cb;
+
+    WOLFSSL_ENTER("wolfDTLS_SetChGoodCb");
+
+    if (ssl == NULL)
+        return WOLFSSL_FATAL_ERROR;
+
+    /* Save this to restore it later */
+    disableRead = (byte)ssl->options.disableRead;
+    cb.userCb = ssl->chGoodCb;
+    cb.userCtx = ssl->chGoodCtx;
+
+    /* Register our own callback so that we can disable reading */
+    if (wolfDTLS_SetChGoodCb(ssl, chGoodDisableReadCB, &cb) != WOLFSSL_SUCCESS)
+        return WOLFSSL_FATAL_ERROR;
+
+    ret = wolfSSL_accept(ssl);
+    /* restore user options */
+    ssl->options.disableRead = disableRead;
+    (void)wolfDTLS_SetChGoodCb(ssl, cb.userCb, cb.userCtx);
+    if (ret == WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("should not happen. maybe the user called "
+                    "wolfDTLS_accept_stateless instead of wolfSSL_accept");
+    }
+    else if (ssl->error == WC_NO_ERR_TRACE(WANT_READ)) {
+        if (ssl->options.dtlsStateful)
+            ret = WOLFSSL_SUCCESS;
+        else
+            ret = WOLFSSL_FAILURE;
+    }
+    else {
+        ret = WOLFSSL_FATAL_ERROR;
+    }
+    return ret;
+}
+
 int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx)
 {
     WOLFSSL_ENTER("wolfDTLS_SetChGoodCb");
@@ -10191,6 +11261,10 @@ int wolfSSL_Cleanup(void)
     if (!release)
         return ret;
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    wolfSSL_crypto_policy_disable();
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 #ifdef OPENSSL_EXTRA
     wolfSSL_BN_free_one();
 #endif
@@ -10238,7 +11312,8 @@ int wolfSSL_Cleanup(void)
     #endif
 #endif /* !NO_SESSION_CACHE */
 
-#ifndef WOLFSSL_MUTEX_INITIALIZER
+#if !defined(WOLFSSL_MUTEX_INITIALIZER) && \
+      !WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
     if ((inits_count_mutex_valid == 1) &&
             (wc_FreeMutex(&inits_count_mutex) != 0)) {
         if (ret == WOLFSSL_SUCCESS)
@@ -10279,11 +11354,7 @@ int wolfSSL_Cleanup(void)
     #endif
 #endif
 
-#if defined(HAVE_EX_DATA) && \
-   (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
-    defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \
-    defined(WOLFSSL_WPAS_SMALL)
+#ifdef HAVE_EX_DATA_CRYPTO
     crypto_ex_cb_free(crypto_ex_cb_ctx_session);
     crypto_ex_cb_ctx_session = NULL;
 #endif
@@ -10364,7 +11435,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
 
 #ifndef USE_WINDOWS_API
-    #ifndef NO_WRITEV
+    #if !defined(NO_WRITEV) && !defined(NO_TLS)
 
         /* simulate writev semantics, doesn't actually do block at a time though
            because of SSL_write behavior and because front adds may be small */
@@ -10377,7 +11448,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         #endif
             byte* myBuffer  = staticBuffer;
             int   dynamic   = 0;
-            int   sending   = 0;
+            word32 sending   = 0;
             int   idx       = 0;
             int   i;
             int   ret;
@@ -10385,11 +11456,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             WOLFSSL_ENTER("wolfSSL_writev");
 
             for (i = 0; i < iovcnt; i++)
-                sending += (int)iov[i].iov_len;
+                sending += iov[i].iov_len;
 
-            if (sending > (int)sizeof(staticBuffer)) {
+            if (sending > sizeof(staticBuffer)) {
                 myBuffer = (byte*)XMALLOC(sending, ssl->heap,
-                                                           DYNAMIC_TYPE_WRITEV);
+                                          DYNAMIC_TYPE_WRITEV);
                 if (!myBuffer)
                     return MEMORY_ERROR;
 
@@ -10406,7 +11477,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             */
             PRAGMA_GCC_DIAG_PUSH
             PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
-            ret = wolfSSL_write(ssl, myBuffer, sending);
+            ret = wolfSSL_write_internal(ssl, myBuffer, sending);
             PRAGMA_GCC_DIAG_POP
 
             if (dynamic)
@@ -10463,7 +11534,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     static int wolfSSL_ex_wrapper(WOLFSSL* ssl, HandShakeCallBack hsCb,
                                  TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout)
     {
-        int       ret        = WOLFSSL_FATAL_ERROR;
+        int       ret        = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
         int       oldTimerOn = 0;   /* was timer already on */
         WOLFSSL_TIMEVAL startTime;
         WOLFSSL_TIMEVAL endTime;
@@ -10639,8 +11710,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
                    ssl->options.haveDH, ssl->options.haveECDSAsig,
                    ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                   ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                   ssl->options.useAnon, TRUE, ssl->options.side);
+                   ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side);
     }
     #ifdef OPENSSL_EXTRA
     /**
@@ -10696,8 +11766,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
                    ssl->options.haveDH, ssl->options.haveECDSAsig,
                    ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                   ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-                   ssl->options.useAnon, TRUE, ssl->options.side);
+                   ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side);
     }
 
     const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
@@ -10860,18 +11929,30 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
     int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx)
     {
+        int ret;
+
         WOLFSSL_ENTER("wolfSSL_CTX_UnloadIntermediateCerts");
 
         if (ctx == NULL)
             return BAD_FUNC_ARG;
 
+        ret = wolfSSL_RefWithMutexLock(&ctx->ref);
+        if (ret < 0)
+            return ret;
+
         if (ctx->ref.count > 1) {
             WOLFSSL_MSG("ctx object must have a ref count of 1 before "
                         "unloading intermediate certs");
-            return BAD_STATE_E;
+            ret = BAD_STATE_E;
+        }
+        else {
+            ret = wolfSSL_CertManagerUnloadIntermediateCerts(ctx->cm);
         }
 
-        return wolfSSL_CertManagerUnloadIntermediateCerts(ctx->cm);
+        if (wolfSSL_RefWithMutexUnlock(&ctx->ref) != 0)
+            WOLFSSL_MSG("Failed to unlock mutex!");
+
+        return ret;
     }
 
 
@@ -10918,8 +11999,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     {
         WOLFSSL_ENTER("wolfSSL_OpenSSL_add_all_algorithms_noconf");
 
-        if  (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR)
+        if  (wolfSSL_add_all_algorithms() ==
+             WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR))
+        {
             return WOLFSSL_FATAL_ERROR;
+        }
 
         return  WOLFSSL_SUCCESS;
     }
@@ -10932,7 +12016,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         the use of a wolfssl.cnf type configuration file and is only used for
         OpenSSL compatibility. */
 
-        if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) {
+        if (wolfSSL_add_all_algorithms() ==
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR))
+        {
             return WOLFSSL_FATAL_ERROR;
         }
         return WOLFSSL_SUCCESS;
@@ -11003,22 +12089,22 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         if ((flags & WOLFSSL_BIO_FLAG_READ) &&
             (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0)))
         {
-            ssl->CBIORecv = BioReceive;
+            ssl->CBIORecv = SslBioReceive;
         }
         if ((flags & WOLFSSL_BIO_FLAG_WRITE) &&
             (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0)))
         {
-            ssl->CBIOSend = BioSend;
+            ssl->CBIOSend = SslBioSend;
         }
 
         /* User programs should always retry reading from these BIOs */
         if (rd) {
             /* User writes to rd */
-            BIO_set_retry_write(rd);
+            wolfSSL_BIO_set_retry_write(rd);
         }
         if (wr) {
             /* User reads from wr */
-            BIO_set_retry_read(wr);
+            wolfSSL_BIO_set_retry_read(wr);
         }
     }
 
@@ -11113,6 +12199,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         }
         return WOLFSSL_FAILURE;
     }
+
+#ifndef NO_TLS
     WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first,
             byte second)
     {
@@ -11128,6 +12216,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         info.psk = (byte)CipherRequires(first, second, REQUIRES_PSK);
         return info;
     }
+#endif
 
     /**
      * @param first First byte of the hash and signature algorithm
@@ -11182,13 +12271,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             *sigAlgo = FALCON_LEVEL5k;
             break;
         case dilithium_level2_sa_algo:
-            *sigAlgo = DILITHIUM_LEVEL2k;
+            *sigAlgo = ML_DSA_LEVEL2k;
             break;
         case dilithium_level3_sa_algo:
-            *sigAlgo = DILITHIUM_LEVEL3k;
+            *sigAlgo = ML_DSA_LEVEL3k;
             break;
         case dilithium_level5_sa_algo:
-            *sigAlgo = DILITHIUM_LEVEL5k;
+            *sigAlgo = ML_DSA_LEVEL5k;
             break;
         case sm2_sa_algo:
             *sigAlgo = SM2k;
@@ -11331,8 +12420,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             return WOLFSSL_FAILURE;
         }
 
-        if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) !=
-                WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error");
             wolfSSL_X509_NAME_free(nameCopy);
             return WOLFSSL_FAILURE;
@@ -11356,7 +12444,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             WOLFSSL_BIO* bio = NULL;
             WOLFSSL_X509 *cert = NULL;
             WOLFSSL_X509_NAME *nameCopy = NULL;
-            unsigned long err = WOLFSSL_FAILURE;
+            unsigned long err = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
             WOLFSSL_ENTER("wolfSSL_load_client_CA_file");
 
@@ -11387,8 +12475,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                 */
                 nameCopy->x509 = NULL;
 
-                if (wolfSSL_sk_X509_NAME_push(list, nameCopy) !=
-                        WOLFSSL_SUCCESS) {
+                if (wolfSSL_sk_X509_NAME_push(list, nameCopy) <= 0) {
                     WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error");
                     /* Do free in loop because nameCopy is now responsibility
                      * of list to free and adding jumps to cleanup after this
@@ -11686,6 +12773,7 @@ cleanup:
 #endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
     /* return true if connection established */
+    /* this works for TLS and DTLS */
     int wolfSSL_is_init_finished(const WOLFSSL* ssl)
     {
         if (ssl == NULL)
@@ -11728,7 +12816,7 @@ cleanup:
         WOLFSSL_MSG("wolfSSL options are set through API calls and macros");
         if(ctx == NULL)
             return BAD_FUNC_ARG;
-        return ctx->mask;
+        return (long)ctx->mask;
     }
 
     /* forward declaration */
@@ -11741,7 +12829,7 @@ cleanup:
         if (ctx == NULL)
             return BAD_FUNC_ARG;
 
-        ctx->mask = wolf_set_options(ctx->mask, opt);
+        ctx->mask = (unsigned long)wolf_set_options((long)ctx->mask, opt);
 #if defined(HAVE_SESSION_TICKET) && (defined(OPENSSL_EXTRA) \
         || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL))
         if ((ctx->mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) {
@@ -11757,7 +12845,7 @@ cleanup:
         #endif
         */
 #endif
-        return ctx->mask;
+        return (long)ctx->mask;
     }
 
     long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt)
@@ -11765,8 +12853,8 @@ cleanup:
         WOLFSSL_ENTER("wolfSSL_CTX_clear_options");
         if(ctx == NULL)
             return BAD_FUNC_ARG;
-        ctx->mask &= ~opt;
-        return ctx->mask;
+        ctx->mask &= (unsigned long)~opt;
+        return (long)ctx->mask;
     }
 
 #ifdef OPENSSL_EXTRA
@@ -11803,63 +12891,6 @@ cleanup:
 #if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \
     defined(WOLFSSL_WPAS_SMALL))
 
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-    /**
-     * Implemented in a similar way that ngx_ssl_ocsp_validate does it when
-     * SSL_get0_verified_chain is not available.
-     * @param ssl WOLFSSL object to extract certs from
-     * @return Stack of verified certs
-     */
-    WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get0_verified_chain(const WOLFSSL *ssl)
-    {
-        WOLF_STACK_OF(WOLFSSL_X509)* chain = NULL;
-        WOLFSSL_X509_STORE_CTX* storeCtx = NULL;
-        WOLFSSL_X509* peerCert = NULL;
-
-        WOLFSSL_ENTER("wolfSSL_get0_verified_chain");
-
-        if (ssl == NULL || ssl->ctx == NULL) {
-            WOLFSSL_MSG("Bad parameter");
-            return NULL;
-        }
-
-        peerCert = wolfSSL_get_peer_certificate((WOLFSSL*)ssl);
-        if (peerCert == NULL) {
-            WOLFSSL_MSG("wolfSSL_get_peer_certificate error");
-            return NULL;
-        }
-        /* wolfSSL_get_peer_certificate returns a copy. We want the internal
-         * member so that we don't have to worry about free'ing it. We call
-         * wolfSSL_get_peer_certificate so that we don't have to worry about
-         * setting up the internal pointer. */
-        wolfSSL_X509_free(peerCert);
-        peerCert = (WOLFSSL_X509*)&ssl->peerCert;
-        chain = wolfSSL_get_peer_cert_chain(ssl);
-        if (chain == NULL) {
-            WOLFSSL_MSG("wolfSSL_get_peer_cert_chain error");
-            return NULL;
-        }
-        storeCtx = wolfSSL_X509_STORE_CTX_new();
-        if (storeCtx == NULL) {
-            WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_new error");
-            return NULL;
-        }
-        if (wolfSSL_X509_STORE_CTX_init(storeCtx, SSL_STORE(ssl),
-                peerCert, chain) != WOLFSSL_SUCCESS) {
-            WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init error");
-            wolfSSL_X509_STORE_CTX_free(storeCtx);
-            return NULL;
-        }
-        if (wolfSSL_X509_verify_cert(storeCtx) <= 0) {
-            WOLFSSL_MSG("wolfSSL_X509_verify_cert error");
-            wolfSSL_X509_STORE_CTX_free(storeCtx);
-            return NULL;
-        }
-        wolfSSL_X509_STORE_CTX_free(storeCtx);
-        return chain;
-    }
-#endif /* SESSION_CERTS && OPENSSL_EXTRA */
-
     WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(const WOLFSSL_CTX* ctx)
     {
         if (ctx == NULL) {
@@ -12027,7 +13058,7 @@ cleanup:
     {
         WOLFSSL_ENTER("wolfSSL_ERR_get_error");
 #ifdef WOLFSSL_HAVE_ERROR_QUEUE
-        return wc_GetErrorNodeErr();
+        return (unsigned long)wc_GetErrorNodeErr();
 #else
         return (unsigned long)(0 - NOT_COMPILED_IN);
 #endif
@@ -12098,7 +13129,8 @@ cleanup:
         do {
         ret = wc_PeekErrorNode(0, &file, &reason, &line);
         if (ret >= 0) {
-            const char* r = wolfSSL_ERR_reason_error_string(0 - ret);
+            const char* r = wolfSSL_ERR_reason_error_string(
+                (unsigned long)(0 - ret));
             if (XSNPRINTF(buf, sizeof(buf),
                           "error:%d:wolfSSL library:%s:%s:%d\n",
                           ret, r, file, line)
@@ -12184,8 +13216,9 @@ int wolfSSL_get_peer_tmp_key(const WOLFSSL* ssl, WOLFSSL_EVP_PKEY** pkey)
         int sz;
 
         PRIVATE_KEY_UNLOCK();
-        if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz) !=
-                LENGTH_ONLY_E) {
+        if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz)
+              != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
+        {
             WOLFSSL_MSG("get ecc der size failed");
             PRIVATE_KEY_LOCK();
             return WOLFSSL_FAILURE;
@@ -12412,6 +13445,7 @@ int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version)
     if (ctx == NULL) {
         return WOLFSSL_FAILURE;
     }
+
     if (version != 0) {
         proto = version;
         ctx->minProto = 0; /* turn min proto flag off */
@@ -12585,7 +13619,7 @@ static int Set_CTX_max_proto_version(WOLFSSL_CTX* ctx, int ver)
 int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version)
 {
     int i;
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     int minProto;
 
     WOLFSSL_ENTER("wolfSSL_CTX_set_max_proto_version");
@@ -12706,7 +13740,7 @@ static int Set_SSL_min_proto_version(WOLFSSL* ssl, int ver)
 int wolfSSL_set_min_proto_version(WOLFSSL* ssl, int version)
 {
     int i;
-    int ret = WOLFSSL_FAILURE;;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);;
 
     WOLFSSL_ENTER("wolfSSL_set_min_proto_version");
 
@@ -12774,7 +13808,7 @@ static int Set_SSL_max_proto_version(WOLFSSL* ssl, int ver)
 int wolfSSL_set_max_proto_version(WOLFSSL* ssl, int version)
 {
     int i;
-    int ret = WOLFSSL_FAILURE;;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);;
 
     WOLFSSL_ENTER("wolfSSL_set_max_proto_version");
 
@@ -12912,7 +13946,7 @@ int wolfSSL_CTX_get_max_proto_version(WOLFSSL_CTX* ctx)
 
     WOLFSSL_LEAVE("wolfSSL_CTX_get_max_proto_version", ret);
 
-    if (ret == WOLFSSL_FATAL_ERROR) {
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
         WOLFSSL_MSG("Error getting max proto version");
         ret = 0; /* setting ret to 0 to match compat return */
     }
@@ -12964,7 +13998,11 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 
     unsigned long wolfSSLeay(void)
     {
+#ifdef SSLEAY_VERSION_NUMBER
         return SSLEAY_VERSION_NUMBER;
+#else
+        return OPENSSL_VERSION_NUMBER;
+#endif
     }
 
     unsigned long wolfSSL_OpenSSL_version_num(void)
@@ -13086,6 +14124,10 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         ssl->keys.encryptionOn = 0;
         XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
 
+        FreeCiphers(ssl);
+        InitCiphers(ssl);
+        InitCipherSpecs(&ssl->specs);
+
         if (InitSSL_Suites(ssl) != WOLFSSL_SUCCESS)
             return WOLFSSL_FAILURE;
 
@@ -13100,7 +14142,11 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 #ifdef WOLFSSL_QUIC
         wolfSSL_quic_clear(ssl);
 #endif
-
+#ifdef HAVE_OCSP
+#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+        ssl->response_idx = 0;
+#endif
+#endif
         return WOLFSSL_SUCCESS;
     }
 
@@ -13113,7 +14159,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 
         WOLFSSL_ENTER("wolfSSL_CTX_set_mode");
         switch(mode) {
-            case SSL_MODE_ENABLE_PARTIAL_WRITE:
+            case WOLFSSL_MODE_ENABLE_PARTIAL_WRITE:
                 ctx->partialWrite = 1;
                 break;
             #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
@@ -13121,15 +14167,15 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
                 WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented.");
                 break;
             #endif
-            case SSL_MODE_AUTO_RETRY:
+            case WOLFSSL_MODE_AUTO_RETRY:
                 ctx->autoRetry = 1;
                 break;
             default:
                 WOLFSSL_MSG("Mode Not Implemented");
         }
 
-        /* SSL_MODE_AUTO_RETRY
-         * Should not return -1 with renegotiation on read/write */
+        /* WOLFSSL_MODE_AUTO_RETRY
+         * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */
 
         return mode;
     }
@@ -13140,7 +14186,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 
         WOLFSSL_ENTER("wolfSSL_CTX_clear_mode");
         switch(mode) {
-            case SSL_MODE_ENABLE_PARTIAL_WRITE:
+            case WOLFSSL_MODE_ENABLE_PARTIAL_WRITE:
                 ctx->partialWrite = 0;
                 break;
             #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
@@ -13148,15 +14194,15 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
                 WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented.");
                 break;
             #endif
-            case SSL_MODE_AUTO_RETRY:
+            case WOLFSSL_MODE_AUTO_RETRY:
                 ctx->autoRetry = 0;
                 break;
             default:
                 WOLFSSL_MSG("Mode Not Implemented");
         }
 
-        /* SSL_MODE_AUTO_RETRY
-         * Should not return -1 with renegotiation on read/write */
+        /* WOLFSSL_MODE_AUTO_RETRY
+         * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */
 
         return 0;
     }
@@ -13301,7 +14347,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
      *
      * file  output pointer to file where error happened
      * line  output to line number of error
-     * data  output data. Is a string if ERR_TXT_STRING flag is used
+     * data  output data. Is a string if WOLFSSL_ERR_TXT_STRING flag is used
      * flags output format of output
      *
      * Returns the error value or 0 if no errors are in the queue
@@ -13315,7 +14361,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data");
 
         if (flags != NULL)
-            *flags = ERR_TXT_STRING; /* Clear the flags */
+            *flags = WOLFSSL_ERR_TXT_STRING; /* Clear the flags */
 
         ret = wc_PullErrorNode(file, data, line);
         if (ret < 0) {
@@ -13429,12 +14475,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
 
     /* Try to populate if NULL or empty */
     if (ssl->peerCertChain == NULL ||
-            wolfSSL_sk_X509_num(ssl->peerCertChain) == 0)
+            wolfSSL_sk_X509_num(ssl->peerCertChain) == 0) {
         wolfSSL_set_peer_cert_chain((WOLFSSL*) ssl);
+    }
     return ssl->peerCertChain;
 }
 
-#ifndef WOLFSSL_QT
+
 static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
         WOLFSSL_X509 *x);
 /**
@@ -13442,82 +14489,62 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
  * @param cm The cert manager that is queried for the issuer
  * @param x  This cert's issuer will be queried in cm
  * @param sk The issuer is pushed onto this stack
- * @return WOLFSSL_SUCCESS on success
- *         WOLFSSL_FAILURE on no issuer found
+ * @return 0 on success or no issuer found
  *         WOLFSSL_FATAL_ERROR on a fatal error
  */
 static int PushCAx509Chain(WOLFSSL_CERT_MANAGER* cm,
         WOLFSSL_X509 *x, WOLFSSL_STACK* sk)
 {
-    WOLFSSL_X509* issuer[MAX_CHAIN_DEPTH];
     int i;
-    int push = 1;
-    int ret = WOLFSSL_SUCCESS;
-
     for (i = 0; i < MAX_CHAIN_DEPTH; i++) {
-        if (x509GetIssuerFromCM(&issuer[i], cm, x)
-                != WOLFSSL_SUCCESS)
+        WOLFSSL_X509* issuer = NULL;
+        if (x509GetIssuerFromCM(&issuer, cm, x) != WOLFSSL_SUCCESS)
             break;
-        x = issuer[i];
-    }
-    if (i == 0) /* No further chain found */
-        return WOLFSSL_FAILURE;
-    i--;
-    for (; i >= 0; i--) {
-        if (push) {
-            if (wolfSSL_sk_X509_push(sk, issuer[i]) != WOLFSSL_SUCCESS) {
-                wolfSSL_X509_free(issuer[i]);
-                ret = WOLFSSL_FATAL_ERROR;
-                push = 0; /* Free the rest of the unpushed certs */
-            }
-        }
-        else {
-            wolfSSL_X509_free(issuer[i]);
+        if (wolfSSL_sk_X509_push(sk, issuer) <= 0) {
+            wolfSSL_X509_free(issuer);
+            return WOLFSSL_FATAL_ERROR;
         }
+        x = issuer;
     }
-    return ret;
+    return 0;
 }
-#endif /* !WOLFSSL_QT */
+
 
 /* Builds up and creates a stack of peer certificates for ssl->peerCertChain
-    based off of the ssl session chain. Attempts to place CA certificates
-    at the bottom of the stack. Returns stack of WOLFSSL_X509 certs or
-    NULL on failure */
-WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
+    or ssl->verifiedChain based off of the ssl session chain. Attempts to place
+    CA certificates at the bottom of the stack for a verified chain. Returns
+    stack of WOLFSSL_X509 certs or NULL on failure */
+static WOLF_STACK_OF(WOLFSSL_X509)* CreatePeerCertChain(const WOLFSSL* ssl,
+    int verifiedFlag)
 {
     WOLFSSL_STACK* sk;
     WOLFSSL_X509* x509;
     int i = 0;
-    int ret;
+    int err;
 
     WOLFSSL_ENTER("wolfSSL_set_peer_cert_chain");
     if ((ssl == NULL) || (ssl->session->chain.count == 0))
         return NULL;
 
     sk = wolfSSL_sk_X509_new_null();
-    i = ssl->session->chain.count-1;
-    for (; i >= 0; i--) {
+    for (i = 0; i < ssl->session->chain.count; i++) {
         x509 = wolfSSL_X509_new_ex(ssl->heap);
         if (x509 == NULL) {
             WOLFSSL_MSG("Error Creating X509");
             wolfSSL_sk_X509_pop_free(sk, NULL);
             return NULL;
         }
-        ret = DecodeToX509(x509, ssl->session->chain.certs[i].buffer,
+        err = DecodeToX509(x509, ssl->session->chain.certs[i].buffer,
                              ssl->session->chain.certs[i].length);
-#if !defined(WOLFSSL_QT)
-        if (ret == 0 && i == ssl->session->chain.count-1) {
-            /* On the last element in the chain try to add the CA chain
-             * first if we have one for this cert */
+        if (err == 0 && wolfSSL_sk_X509_push(sk, x509) <= 0)
+            err = WOLFSSL_FATAL_ERROR;
+        if (err == 0 && i == ssl->session->chain.count-1 && verifiedFlag) {
+            /* On the last element in the verified chain try to add the CA chain
+             * if we have one for this cert */
             SSL_CM_WARNING(ssl);
-            if (PushCAx509Chain(SSL_CM(ssl), x509, sk)
-                    == WOLFSSL_FATAL_ERROR) {
-                ret = WOLFSSL_FATAL_ERROR;
-            }
+            err = PushCAx509Chain(SSL_CM(ssl), x509, sk);
         }
-#endif
-
-        if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
+        if (err != 0) {
             WOLFSSL_MSG("Error decoding cert");
             wolfSSL_X509_free(x509);
             wolfSSL_sk_X509_pop_free(sk, NULL);
@@ -13528,19 +14555,99 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
     if (sk == NULL) {
         WOLFSSL_MSG("Null session chain");
     }
-#if defined(OPENSSL_ALL)
-    else if (ssl->options.side == WOLFSSL_SERVER_END) {
-        /* to be compliant with openssl
-           first element is kept as peer cert on server side.*/
-        wolfSSL_sk_X509_pop(sk);
-    }
-#endif
-    if (ssl->peerCertChain != NULL)
-        wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL);
-    /* This is Free'd when ssl is Free'd */
-    ssl->peerCertChain = sk;
     return sk;
 }
+
+
+/* Builds up and creates a stack of peer certificates for ssl->peerCertChain
+    returns the stack on success and NULL on failure */
+WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
+{
+    WOLFSSL_STACK* sk;
+
+    WOLFSSL_ENTER("wolfSSL_set_peer_cert_chain");
+    if ((ssl == NULL) || (ssl->session->chain.count == 0))
+        return NULL;
+
+    sk = CreatePeerCertChain(ssl, 0);
+
+    if (sk != NULL) {
+        if (ssl->options.side == WOLFSSL_SERVER_END) {
+            if (ssl->session->peer)
+                wolfSSL_X509_free(ssl->session->peer);
+
+            ssl->session->peer = wolfSSL_sk_X509_shift(sk);
+            ssl->session->peerVerifyRet = ssl->peerVerifyRet;
+        }
+        if (ssl->peerCertChain != NULL)
+            wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL);
+        /* This is Free'd when ssl is Free'd */
+        ssl->peerCertChain = sk;
+    }
+    return sk;
+}
+
+
+/**
+ * Implemented in a similar way that ngx_ssl_ocsp_validate does it when
+ * SSL_get0_verified_chain is not available.
+ * @param ssl WOLFSSL object to extract certs from
+ * @return Stack of verified certs
+ */
+WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get0_verified_chain(const WOLFSSL *ssl)
+{
+    WOLF_STACK_OF(WOLFSSL_X509)* chain = NULL;
+    WOLFSSL_X509_STORE_CTX* storeCtx = NULL;
+    WOLFSSL_X509* peerCert = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_get0_verified_chain");
+
+    if (ssl == NULL || ssl->ctx == NULL) {
+        WOLFSSL_MSG("Bad parameter");
+        return NULL;
+    }
+
+    peerCert = wolfSSL_get_peer_certificate((WOLFSSL*)ssl);
+    if (peerCert == NULL) {
+        WOLFSSL_MSG("wolfSSL_get_peer_certificate error");
+        return NULL;
+    }
+    /* wolfSSL_get_peer_certificate returns a copy. We want the internal
+     * member so that we don't have to worry about free'ing it. We call
+     * wolfSSL_get_peer_certificate so that we don't have to worry about
+     * setting up the internal pointer. */
+    wolfSSL_X509_free(peerCert);
+    peerCert = (WOLFSSL_X509*)&ssl->peerCert;
+    chain = CreatePeerCertChain((WOLFSSL*)ssl, 1);
+    if (chain == NULL) {
+        WOLFSSL_MSG("wolfSSL_get_peer_cert_chain error");
+        return NULL;
+    }
+
+    if (ssl->verifiedChain != NULL) {
+        wolfSSL_sk_X509_pop_free(ssl->verifiedChain, NULL);
+    }
+    ((WOLFSSL*)ssl)->verifiedChain = chain;
+
+    storeCtx = wolfSSL_X509_STORE_CTX_new();
+    if (storeCtx == NULL) {
+        WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_new error");
+        return NULL;
+    }
+    if (wolfSSL_X509_STORE_CTX_init(storeCtx, SSL_STORE(ssl),
+            peerCert, chain) != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init error");
+        wolfSSL_X509_STORE_CTX_free(storeCtx);
+        return NULL;
+    }
+    if (wolfSSL_X509_verify_cert(storeCtx) <= 0) {
+        WOLFSSL_MSG("wolfSSL_X509_verify_cert error");
+        wolfSSL_X509_STORE_CTX_free(storeCtx);
+        return NULL;
+    }
+    wolfSSL_X509_STORE_CTX_free(storeCtx);
+    return chain;
+}
 #endif /* SESSION_CERTS && OPENSSL_EXTRA */
 
 #ifndef NO_CERTS
@@ -13607,71 +14714,92 @@ static WC_INLINE int compare_WOLFSSL_CIPHER(
         (a->bits == b->bits))
         return 0;
     else
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 }
 #endif /* OPENSSL_ALL || WOLFSSL_QT */
 
 
-/* return 1 on success 0 on fail */
+/* return number of elements on success 0 on fail */
 int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
+{
+    WOLFSSL_ENTER("wolfSSL_sk_push");
+
+    return wolfSSL_sk_insert(sk, data, -1);
+}
+
+void* wolfSSL_sk_pop(WOLFSSL_STACK* sk)
+{
+    WOLFSSL_ENTER("wolfSSL_sk_pop");
+
+    return wolfSSL_sk_pop_node(sk, -1);
+}
+
+/* return number of elements on success 0 on fail */
+int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx)
 {
     WOLFSSL_STACK* node;
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
     WOLFSSL_CIPHER ciph;
 #endif
-    WOLFSSL_ENTER("wolfSSL_sk_push");
+    WOLFSSL_ENTER("wolfSSL_sk_insert");
 
-    if (!sk) {
+    if (!sk)
+        return WOLFSSL_FATAL_ERROR;
+    if (!data)
         return WOLFSSL_FAILURE;
-    }
 
-    /* Check if empty data */
-    switch (sk->type) {
-        case STACK_TYPE_CIPHER:
+    if (idx == 0 || sk->num == 0) {
+        /* Check if empty data */
+        switch (sk->type) {
+            case STACK_TYPE_CIPHER:
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-            /* check if entire struct is zero */
-            XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER));
-            if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) {
-                sk->data.cipher = *(WOLFSSL_CIPHER*)data;
-                sk->num = 1;
-                if (sk->hash_fn) {
-                    sk->hash = sk->hash_fn(&sk->data.cipher);
+                /* check if entire struct is zero */
+                XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER));
+                if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) {
+                    sk->data.cipher = *(WOLFSSL_CIPHER*)data;
+                    sk->num = 1;
+                    if (sk->hash_fn) {
+                        sk->hash = sk->hash_fn(&sk->data.cipher);
+                    }
+                    return (int)sk->num;
                 }
-                return WOLFSSL_SUCCESS;
-            }
-            break;
+                if (sk->num == 0)
+                    sk->num = 1; /* confirmed at least one element */
+                break;
 #endif
-        case STACK_TYPE_X509:
-        case STACK_TYPE_GEN_NAME:
-        case STACK_TYPE_BIO:
-        case STACK_TYPE_OBJ:
-        case STACK_TYPE_STRING:
-        case STACK_TYPE_ACCESS_DESCRIPTION:
-        case STACK_TYPE_X509_EXT:
-        case STACK_TYPE_X509_REQ_ATTR:
-        case STACK_TYPE_NULL:
-        case STACK_TYPE_X509_NAME:
-        case STACK_TYPE_X509_NAME_ENTRY:
-        case STACK_TYPE_CONF_VALUE:
-        case STACK_TYPE_X509_INFO:
-        case STACK_TYPE_BY_DIR_entry:
-        case STACK_TYPE_BY_DIR_hash:
-        case STACK_TYPE_X509_OBJ:
-        case STACK_TYPE_DIST_POINT:
-        case STACK_TYPE_X509_CRL:
-        default:
-            /* All other types are pointers */
-            if (!sk->data.generic) {
-                sk->data.generic = (void*)data;
-                sk->num = 1;
+            case STACK_TYPE_X509:
+            case STACK_TYPE_GEN_NAME:
+            case STACK_TYPE_BIO:
+            case STACK_TYPE_OBJ:
+            case STACK_TYPE_STRING:
+            case STACK_TYPE_ACCESS_DESCRIPTION:
+            case STACK_TYPE_X509_EXT:
+            case STACK_TYPE_X509_REQ_ATTR:
+            case STACK_TYPE_NULL:
+            case STACK_TYPE_X509_NAME:
+            case STACK_TYPE_X509_NAME_ENTRY:
+            case STACK_TYPE_CONF_VALUE:
+            case STACK_TYPE_X509_INFO:
+            case STACK_TYPE_BY_DIR_entry:
+            case STACK_TYPE_BY_DIR_hash:
+            case STACK_TYPE_X509_OBJ:
+            case STACK_TYPE_DIST_POINT:
+            case STACK_TYPE_X509_CRL:
+            default:
+                /* All other types are pointers */
+                if (!sk->data.generic) {
+                    sk->data.generic = (void*)data;
+                    sk->num = 1;
 #ifdef OPENSSL_ALL
-                if (sk->hash_fn) {
-                    sk->hash = sk->hash_fn(sk->data.generic);
-                }
+                    if (sk->hash_fn)
+                        sk->hash = sk->hash_fn(sk->data.generic);
 #endif
-                return WOLFSSL_SUCCESS;
-            }
-            break;
+                    return (int)sk->num;
+                }
+                if (sk->num == 0)
+                    sk->num = 1; /* confirmed at least one element */
+                break;
+        }
     }
 
     /* stack already has value(s) create a new node and add more */
@@ -13680,26 +14808,71 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
         WOLFSSL_MSG("Memory error");
         return WOLFSSL_FAILURE;
     }
-
-    /* push new x509 onto head of stack */
-    node->next      = sk->next;
     node->type      = sk->type;
-    sk->next        = node;
     sk->num        += 1;
-
 #ifdef OPENSSL_ALL
     node->hash_fn = sk->hash_fn;
-    node->hash = sk->hash;
-    sk->hash = 0;
 #endif
+
+    if (idx == 0) {
+        /* Special case where we need to change the values in the head element
+         * to avoid changing the initial pointer. */
+        /* push new item onto head of stack */
+        node->next      = sk->next;
+        sk->next        = node;
+#ifdef OPENSSL_ALL
+        node->hash = sk->hash;
+        sk->hash = 0;
+#endif
+        switch (sk->type) {
+            case STACK_TYPE_CIPHER:
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+                node->data.cipher = sk->data.cipher;
+                sk->data.cipher = *(WOLFSSL_CIPHER*)data;
+                if (sk->hash_fn) {
+                    sk->hash = sk->hash_fn(&sk->data.cipher);
+                }
+                break;
+#endif
+            case STACK_TYPE_X509:
+            case STACK_TYPE_GEN_NAME:
+            case STACK_TYPE_BIO:
+            case STACK_TYPE_OBJ:
+            case STACK_TYPE_STRING:
+            case STACK_TYPE_ACCESS_DESCRIPTION:
+            case STACK_TYPE_X509_EXT:
+            case STACK_TYPE_X509_REQ_ATTR:
+            case STACK_TYPE_NULL:
+            case STACK_TYPE_X509_NAME:
+            case STACK_TYPE_X509_NAME_ENTRY:
+            case STACK_TYPE_CONF_VALUE:
+            case STACK_TYPE_X509_INFO:
+            case STACK_TYPE_BY_DIR_entry:
+            case STACK_TYPE_BY_DIR_hash:
+            case STACK_TYPE_X509_OBJ:
+            case STACK_TYPE_DIST_POINT:
+            case STACK_TYPE_X509_CRL:
+            default:
+                /* All other types are pointers */
+                node->data.generic = sk->data.generic;
+                sk->data.generic = (void*)data;
+#ifdef OPENSSL_ALL
+                if (sk->hash_fn)
+                    sk->hash = sk->hash_fn(sk->data.generic);
+#endif
+                break;
+        }
+
+        return (int)sk->num;
+    }
+
+    /* populate node */
     switch (sk->type) {
         case STACK_TYPE_CIPHER:
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-            node->data.cipher = sk->data.cipher;
-            sk->data.cipher = *(WOLFSSL_CIPHER*)data;
-            if (sk->hash_fn) {
-                sk->hash = sk->hash_fn(&sk->data.cipher);
-            }
+            node->data.cipher = *(WOLFSSL_CIPHER*)data;
+            if (node->hash_fn)
+                node->hash = node->hash_fn(&node->data.cipher);
             break;
 #endif
         case STACK_TYPE_X509:
@@ -13722,17 +14895,110 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
         case STACK_TYPE_X509_CRL:
         default:
             /* All other types are pointers */
-            node->data.generic = sk->data.generic;
-            sk->data.generic = (void*)data;
+            node->data.generic = (void*)data;
 #ifdef OPENSSL_ALL
-            if (sk->hash_fn) {
-                sk->hash = sk->hash_fn(sk->data.generic);
-            }
+            if (node->hash_fn)
+                node->hash = node->hash_fn(node->data.generic);
 #endif
             break;
     }
+    {
+        /* insert node into stack. not using sk since we return sk->num after */
+        WOLFSSL_STACK* prev_node = sk;
+        while (--idx != 0 && prev_node->next != NULL)
+            prev_node = prev_node->next;
+        node->next = prev_node->next;
+        prev_node->next = node;
+    }
 
-    return WOLFSSL_SUCCESS;
+    return (int)sk->num;
+}
+
+void* wolfSSL_sk_pop_node(WOLFSSL_STACK* sk, int idx)
+{
+    void* ret = NULL;
+    WOLFSSL_STACK* tmp = NULL;
+
+    if (!sk)
+        return NULL;
+    if (sk->num == 0)
+        return NULL;
+
+    sk->num--;
+    if (idx == 0 || sk->next == NULL) {
+        switch (sk->type) {
+            case STACK_TYPE_CIPHER:
+                /* Can't return cipher type */
+                break;
+            case STACK_TYPE_X509:
+            case STACK_TYPE_GEN_NAME:
+            case STACK_TYPE_BIO:
+            case STACK_TYPE_OBJ:
+            case STACK_TYPE_STRING:
+            case STACK_TYPE_ACCESS_DESCRIPTION:
+            case STACK_TYPE_X509_EXT:
+            case STACK_TYPE_X509_REQ_ATTR:
+            case STACK_TYPE_NULL:
+            case STACK_TYPE_X509_NAME:
+            case STACK_TYPE_X509_NAME_ENTRY:
+            case STACK_TYPE_CONF_VALUE:
+            case STACK_TYPE_X509_INFO:
+            case STACK_TYPE_BY_DIR_entry:
+            case STACK_TYPE_BY_DIR_hash:
+            case STACK_TYPE_X509_OBJ:
+            case STACK_TYPE_DIST_POINT:
+            case STACK_TYPE_X509_CRL:
+            default:
+                ret = sk->data.generic;
+                sk->data.generic = NULL;
+                break;
+        }
+        if (sk->next) {
+            tmp = sk->next;
+            sk->next = tmp->next;
+            XMEMCPY(&sk->data, &tmp->data, sizeof(sk->data));
+            wolfSSL_sk_free_node(tmp);
+        }
+        return ret;
+    }
+
+    {
+        WOLFSSL_STACK* prev_node = sk;
+        tmp = sk->next;
+        while (--idx != 0 && tmp->next != NULL) {
+            prev_node = tmp;
+            tmp = tmp->next;
+        }
+        prev_node->next = tmp->next;
+        switch (sk->type) {
+            case STACK_TYPE_CIPHER:
+                /* Can't return cipher type */
+                break;
+            case STACK_TYPE_X509:
+            case STACK_TYPE_GEN_NAME:
+            case STACK_TYPE_BIO:
+            case STACK_TYPE_OBJ:
+            case STACK_TYPE_STRING:
+            case STACK_TYPE_ACCESS_DESCRIPTION:
+            case STACK_TYPE_X509_EXT:
+            case STACK_TYPE_X509_REQ_ATTR:
+            case STACK_TYPE_NULL:
+            case STACK_TYPE_X509_NAME:
+            case STACK_TYPE_X509_NAME_ENTRY:
+            case STACK_TYPE_CONF_VALUE:
+            case STACK_TYPE_X509_INFO:
+            case STACK_TYPE_BY_DIR_entry:
+            case STACK_TYPE_BY_DIR_hash:
+            case STACK_TYPE_X509_OBJ:
+            case STACK_TYPE_DIST_POINT:
+            case STACK_TYPE_X509_CRL:
+            default:
+                ret = tmp->data.generic;
+                break;
+        }
+        wolfSSL_sk_free_node(tmp);
+    }
+    return ret;
 }
 
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
@@ -13866,9 +15132,9 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
             }
             #ifndef WOLFSSL_X509_STORE_CERTS
             ssl->ourCert = wolfSSL_X509_d2i_ex(NULL,
-                                              ssl->buffers.certificate->buffer,
-                                              ssl->buffers.certificate->length,
-                                              ssl->heap);
+                                         ssl->buffers.certificate->buffer,
+                                         (int)ssl->buffers.certificate->length,
+                                         ssl->heap);
             #endif
         }
         return ssl->ourCert;
@@ -13882,9 +15148,9 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
                 }
                 #ifndef WOLFSSL_X509_STORE_CERTS
                 ssl->ctx->ourCert = wolfSSL_X509_d2i_ex(NULL,
-                                               ssl->ctx->certificate->buffer,
-                                               ssl->ctx->certificate->length,
-                                               ssl->heap);
+                                          ssl->ctx->certificate->buffer,
+                                          (int)ssl->ctx->certificate->length,
+                                          ssl->heap);
                 #endif
                 ssl->ctx->ownOurCert = 1;
             }
@@ -13906,7 +15172,8 @@ WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx)
             #ifndef WOLFSSL_X509_STORE_CERTS
             ctx->ourCert = wolfSSL_X509_d2i_ex(NULL,
                                            ctx->certificate->buffer,
-                                           ctx->certificate->length, ctx->heap);
+                                           (int)ctx->certificate->length,
+                                           ctx->heap);
             #endif
             ctx->ownOurCert = 1;
         }
@@ -14161,7 +15428,8 @@ int wolfSSL_get_cipher_suite_from_name(const char* name, byte* cipherSuite0,
         (cipherSuite == NULL) ||
         (flags == NULL))
         return BAD_FUNC_ARG;
-    return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, flags);
+    return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, NULL, NULL,
+                                  flags);
 }
 
 
@@ -14180,7 +15448,7 @@ WOLFSSL_STACK* wolfSSL_sk_new_cipher(void)
     return sk;
 }
 
-/* return 1 on success 0 on fail */
+/* returns the number of elements in stack on success, 0 on fail */
 int wolfSSL_sk_CIPHER_push(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk,
                                                       WOLFSSL_CIPHER* cipher)
 {
@@ -14204,7 +15472,7 @@ word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher)
     WOLFSSL_ENTER("wolfSSL_CIPHER_get_id");
 
     if (cipher && cipher->ssl) {
-        cipher_id = (cipher->ssl->options.cipherSuite0 << 8) |
+        cipher_id = (word16)(cipher->ssl->options.cipherSuite0 << 8) |
                      cipher->ssl->options.cipherSuite;
     }
 
@@ -14284,12 +15552,111 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
     if (ssl == NULL)
         return NULL;
 
-#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_KYBER)
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM)
     /* Check for post-quantum groups. Return now because we do not want the ECC
      * check to override this result in the case of a hybrid. */
     if (IsAtLeastTLSv1_3(ssl->version)) {
         switch (ssl->namedGroup) {
-#ifdef HAVE_LIBOQS
+#ifndef WOLFSSL_NO_ML_KEM
+#if defined(WOLFSSL_WC_MLKEM)
+    #ifndef WOLFSSL_NO_ML_KEM_512
+        case WOLFSSL_ML_KEM_512:
+            return "ML_KEM_512";
+        case WOLFSSL_P256_ML_KEM_512:
+            return "P256_ML_KEM_512";
+        #ifdef HAVE_CURVE25519
+        case WOLFSSL_X25519_ML_KEM_512:
+            return "X25519_ML_KEM_512";
+        #endif
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_768
+        case WOLFSSL_ML_KEM_768:
+            return "ML_KEM_768";
+        case WOLFSSL_P384_ML_KEM_768:
+            return "P384_ML_KEM_768";
+        case WOLFSSL_P256_ML_KEM_768:
+            return "P256_ML_KEM_768";
+        #ifdef HAVE_CURVE25519
+        case WOLFSSL_X25519_ML_KEM_768:
+            return "X25519_ML_KEM_768";
+        #endif
+        #ifdef HAVE_CURVE448
+        case WOLFSSL_X448_ML_KEM_768:
+            return "X448_ML_KEM_768";
+        #endif
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_1024
+        case WOLFSSL_ML_KEM_1024:
+            return "ML_KEM_1024";
+        case WOLFSSL_P521_ML_KEM_1024:
+            return "P521_ML_KEM_1024";
+        case WOLFSSL_P384_ML_KEM_1024:
+            return "P384_ML_KEM_1024";
+    #endif
+#elif defined(HAVE_LIBOQS)
+        case WOLFSSL_ML_KEM_512:
+            return "ML_KEM_512";
+        case WOLFSSL_ML_KEM_768:
+            return "ML_KEM_768";
+        case WOLFSSL_ML_KEM_1024:
+            return "ML_KEM_1024";
+        case WOLFSSL_P256_ML_KEM_512:
+            return "P256_ML_KEM_512";
+        case WOLFSSL_P384_ML_KEM_768:
+            return "P384_ML_KEM_768";
+        case WOLFSSL_P256_ML_KEM_768:
+            return "P256_ML_KEM_768";
+        case WOLFSSL_P521_ML_KEM_1024:
+            return "P521_ML_KEM_1024";
+        case WOLFSSL_P384_ML_KEM_1024:
+            return "P384_ML_KEM_1024";
+    #ifdef HAVE_CURVE25519
+        case WOLFSSL_X25519_ML_KEM_512:
+            return "X25519_ML_KEM_512";
+        case WOLFSSL_X25519_ML_KEM_768:
+            return "X25519_ML_KEM_768";
+    #endif
+    #ifdef HAVE_CURVE448
+        case WOLFSSL_X448_ML_KEM_768:
+            return "X448_ML_KEM_768";
+    #endif
+#endif /* WOLFSSL_WC_MLKEM */
+#endif /* WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_MLKEM_KYBER
+#if defined(WOLFSSL_WC_MLKEM)
+    #ifndef WOLFSSL_NO_KYBER512
+        case WOLFSSL_KYBER_LEVEL1:
+            return "KYBER_LEVEL1";
+        case WOLFSSL_P256_KYBER_LEVEL1:
+            return "P256_KYBER_LEVEL1";
+        #ifdef HAVE_CURVE25519
+        case WOLFSSL_X25519_KYBER_LEVEL1:
+            return "X25519_KYBER_LEVEL1";
+        #endif
+    #endif
+    #ifndef WOLFSSL_NO_KYBER768
+        case WOLFSSL_KYBER_LEVEL3:
+            return "KYBER_LEVEL3";
+        case WOLFSSL_P384_KYBER_LEVEL3:
+            return "P384_KYBER_LEVEL3";
+        case WOLFSSL_P256_KYBER_LEVEL3:
+            return "P256_KYBER_LEVEL3";
+        #ifdef HAVE_CURVE25519
+        case WOLFSSL_X25519_KYBER_LEVEL3:
+            return "X25519_KYBER_LEVEL3";
+        #endif
+        #ifdef HAVE_CURVE448
+        case WOLFSSL_X448_KYBER_LEVEL3:
+            return "X448_KYBER_LEVEL3";
+        #endif
+    #endif
+    #ifndef WOLFSSL_NO_KYBER1024
+        case WOLFSSL_KYBER_LEVEL5:
+            return "KYBER_LEVEL5";
+        case WOLFSSL_P521_KYBER_LEVEL5:
+            return "P521_KYBER_LEVEL5";
+    #endif
+#elif defined (HAVE_LIBOQS)
         case WOLFSSL_KYBER_LEVEL1:
             return "KYBER_LEVEL1";
         case WOLFSSL_KYBER_LEVEL3:
@@ -14300,34 +15667,25 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
             return "P256_KYBER_LEVEL1";
         case WOLFSSL_P384_KYBER_LEVEL3:
             return "P384_KYBER_LEVEL3";
+        case WOLFSSL_P256_KYBER_LEVEL3:
+            return "P256_KYBER_LEVEL3";
         case WOLFSSL_P521_KYBER_LEVEL5:
             return "P521_KYBER_LEVEL5";
-#elif defined(HAVE_PQM4)
-        case WOLFSSL_KYBER_LEVEL1:
-            return "KYBER_LEVEL1";
-#elif defined(WOLFSSL_WC_KYBER)
-    #ifdef WOLFSSL_KYBER512
-        case WOLFSSL_KYBER_LEVEL1:
-            return "KYBER_LEVEL1";
-        case WOLFSSL_P256_KYBER_LEVEL1:
-            return "P256_KYBER_LEVEL1";
+    #ifdef HAVE_CURVE25519
+        case WOLFSSL_X25519_KYBER_LEVEL1:
+            return "X25519_KYBER_LEVEL1";
+        case WOLFSSL_X25519_KYBER_LEVEL3:
+            return "X25519_KYBER_LEVEL3";
     #endif
-    #ifdef WOLFSSL_KYBER768
-        case WOLFSSL_KYBER_LEVEL3:
-            return "KYBER_LEVEL3";
-        case WOLFSSL_P384_KYBER_LEVEL3:
-            return "P384_KYBER_LEVEL3";
+    #ifdef HAVE_CURVE448
+        case WOLFSSL_X448_KYBER_LEVEL3:
+            return "X448_KYBER_LEVEL3";
     #endif
-    #ifdef WOLFSSL_KYBER1024
-        case WOLFSSL_KYBER_LEVEL5:
-            return "KYBER_LEVEL5";
-        case WOLFSSL_P521_KYBER_LEVEL5:
-            return "P521_KYBER_LEVEL5";
-    #endif
-#endif
+#endif /* WOLFSSL_WC_MLKEM */
+#endif /* WOLFSSL_MLKEM_KYBER */
         }
     }
-#endif /* WOLFSSL_TLS13 && WOLFSSL_HAVE_KYBER */
+#endif /* WOLFSSL_TLS13 && WOLFSSL_HAVE_MLKEM */
 
 #ifdef HAVE_FFDHE
     if (ssl->namedGroup != 0) {
@@ -14362,7 +15720,7 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
 /* return authentication NID corresponding to cipher suite
  * @param cipher a pointer to WOLFSSL_CIPHER
- * return NID if found, NID_undef if not found
+ * return NID if found, WC_NID_undef if not found
  */
 int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
 {
@@ -14370,12 +15728,12 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
         const char* alg_name;
         const int  nid;
     } authnid_tbl[] = {
-        {"RSA",     NID_auth_rsa},
-        {"PSK",     NID_auth_psk},
-        {"SRP",     NID_auth_srp},
-        {"ECDSA",   NID_auth_ecdsa},
-        {"None",    NID_auth_null},
-        {NULL,      NID_undef}
+        {"RSA",     WC_NID_auth_rsa},
+        {"PSK",     WC_NID_auth_psk},
+        {"SRP",     WC_NID_auth_srp},
+        {"ECDSA",   WC_NID_auth_ecdsa},
+        {"None",    WC_NID_auth_null},
+        {NULL,      WC_NID_undef}
     };
 
     const char* authStr;
@@ -14383,7 +15741,7 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
 
     if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     authStr = GetCipherAuthStr(n);
@@ -14397,11 +15755,11 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher)
         }
     }
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 /* return cipher NID corresponding to cipher suite
  * @param cipher a pointer to WOLFSSL_CIPHER
- * return NID if found, NID_undef if not found
+ * return NID if found, WC_NID_undef if not found
  */
 int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
 {
@@ -14409,18 +15767,18 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
         const char* alg_name;
         const int  nid;
     } ciphernid_tbl[] = {
-        {"AESGCM(256)",             NID_aes_256_gcm},
-        {"AESGCM(128)",             NID_aes_128_gcm},
-        {"AESCCM(128)",             NID_aes_128_ccm},
-        {"AES(128)",                NID_aes_128_cbc},
-        {"AES(256)",                NID_aes_256_cbc},
-        {"CAMELLIA(256)",           NID_camellia_256_cbc},
-        {"CAMELLIA(128)",           NID_camellia_128_cbc},
-        {"RC4",                     NID_rc4},
-        {"3DES",                    NID_des_ede3_cbc},
-        {"CHACHA20/POLY1305(256)",  NID_chacha20_poly1305},
-        {"None",                    NID_undef},
-        {NULL,                      NID_undef}
+        {"AESGCM(256)",             WC_NID_aes_256_gcm},
+        {"AESGCM(128)",             WC_NID_aes_128_gcm},
+        {"AESCCM(128)",             WC_NID_aes_128_ccm},
+        {"AES(128)",                WC_NID_aes_128_cbc},
+        {"AES(256)",                WC_NID_aes_256_cbc},
+        {"CAMELLIA(256)",           WC_NID_camellia_256_cbc},
+        {"CAMELLIA(128)",           WC_NID_camellia_128_cbc},
+        {"RC4",                     WC_NID_rc4},
+        {"3DES",                    WC_NID_des_ede3_cbc},
+        {"CHACHA20/POLY1305(256)",  WC_NID_chacha20_poly1305},
+        {"None",                    WC_NID_undef},
+        {NULL,                      WC_NID_undef}
     };
 
     const char* encStr;
@@ -14430,7 +15788,7 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
 
     if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     encStr = GetCipherEncStr(n);
@@ -14444,11 +15802,11 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher)
         }
     }
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 /* return digest NID corresponding to cipher suite
  * @param cipher a pointer to WOLFSSL_CIPHER
- * return NID if found, NID_undef if not found
+ * return NID if found, WC_NID_undef if not found
  */
 int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher)
 {
@@ -14456,10 +15814,10 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher)
         const char* alg_name;
         const int  nid;
     } macnid_tbl[] = {
-        {"SHA1",    NID_sha1},
-        {"SHA256",  NID_sha256},
-        {"SHA384",  NID_sha384},
-        {NULL,      NID_undef}
+        {"SHA1",    WC_NID_sha1},
+        {"SHA256",  WC_NID_sha256},
+        {"SHA384",  WC_NID_sha384},
+        {NULL,      WC_NID_undef}
     };
 
     const char* name;
@@ -14471,12 +15829,12 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher)
 
     if ((name = GetCipherSegment(cipher, n)) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
-    /* in MD5 case, NID will be NID_md5 */
+    /* in MD5 case, NID will be WC_NID_md5 */
     if (XSTRSTR(name, "MD5") != NULL) {
-        return NID_md5;
+        return WC_NID_md5;
     }
 
     macStr = GetCipherMacStr(n);
@@ -14490,11 +15848,11 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher)
         }
     }
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 /* return key exchange NID corresponding to cipher suite
  * @param cipher a pointer to WOLFSSL_CIPHER
- * return NID if found, NID_undef if not found
+ * return NID if found, WC_NID_undef if not found
  */
 int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher)
 {
@@ -14502,15 +15860,15 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher)
         const char* name;
         const int  nid;
     } kxnid_table[] = {
-        {"ECDHEPSK",  NID_kx_ecdhe_psk},
-        {"ECDH",      NID_kx_ecdhe},
-        {"DHEPSK",    NID_kx_dhe_psk},
-        {"DH",        NID_kx_dhe},
-        {"RSAPSK",    NID_kx_rsa_psk},
-        {"SRP",       NID_kx_srp},
-        {"EDH",       NID_kx_dhe},
-        {"RSA",       NID_kx_rsa},
-        {NULL,        NID_undef}
+        {"ECDHEPSK",  WC_NID_kx_ecdhe_psk},
+        {"ECDH",      WC_NID_kx_ecdhe},
+        {"DHEPSK",    WC_NID_kx_dhe_psk},
+        {"DH",        WC_NID_kx_dhe},
+        {"RSAPSK",    WC_NID_kx_rsa_psk},
+        {"SRP",       WC_NID_kx_srp},
+        {"EDH",       WC_NID_kx_dhe},
+        {"RSA",       WC_NID_kx_rsa},
+        {NULL,        WC_NID_undef}
     };
 
     const char* keaStr;
@@ -14520,12 +15878,12 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher)
 
     if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
-    /* in TLS 1.3 case, NID will be NID_kx_any */
+    /* in TLS 1.3 case, NID will be WC_NID_kx_any */
     if (XSTRCMP(n[0], "TLS13") == 0) {
-        return NID_kx_any;
+        return WC_NID_kx_any;
     }
 
     keaStr = GetCipherKeaStr(n);
@@ -14539,7 +15897,7 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher)
         }
     }
 
-    return NID_undef;
+    return WC_NID_undef;
 }
 /* check if cipher suite is AEAD
  * @param cipher a pointer to WOLFSSL_CIPHER
@@ -14553,7 +15911,7 @@ int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher)
 
     if (GetCipherSegment(cipher, n) == NULL) {
         WOLFSSL_MSG("no suitable cipher name found");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     return IsCipherAEAD(n);
@@ -14604,7 +15962,9 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher)
     authStr = GetCipherAuthStr(n);
     /* encStr */
     encStr = GetCipherEncStr(n);
-    if ((cipher->bits = SetCipherBits(encStr)) == WOLFSSL_FAILURE) {
+    if ((cipher->bits = SetCipherBits(encStr)) ==
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+    {
        WOLFSSL_MSG("Cipher Bits Not Set.");
     }
     /* macStr */
@@ -14612,42 +15972,42 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher)
 
 
     /* Build up the string by copying onto the end. */
-    XSTRNCPY(dp, name, len);
+    XSTRNCPY(dp, name, (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
 
-    XSTRNCPY(dp, " ", len);
+    XSTRNCPY(dp, " ", (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
-    XSTRNCPY(dp, protocol, len);
+    XSTRNCPY(dp, protocol, (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
 
-    XSTRNCPY(dp, " Kx=", len);
+    XSTRNCPY(dp, " Kx=", (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
-    XSTRNCPY(dp, keaStr, len);
+    XSTRNCPY(dp, keaStr, (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
 
-    XSTRNCPY(dp, " Au=", len);
+    XSTRNCPY(dp, " Au=", (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
-    XSTRNCPY(dp, authStr, len);
+    XSTRNCPY(dp, authStr, (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
 
-    XSTRNCPY(dp, " Enc=", len);
+    XSTRNCPY(dp, " Enc=", (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
-    XSTRNCPY(dp, encStr, len);
+    XSTRNCPY(dp, encStr, (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
     len -= strLen; dp += strLen;
 
-    XSTRNCPY(dp, " Mac=", len);
+    XSTRNCPY(dp, " Mac=", (size_t)len);
     dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
-    len -= strLen; dp += strLen;
-    XSTRNCPY(dp, macStr, len);
+    len -= strLen; dp += (size_t)strLen;
+    XSTRNCPY(dp, macStr, (size_t)len);
     dp[len-1] = '\0';
 
     return WOLFSSL_SUCCESS;
@@ -14860,7 +16220,7 @@ static WC_INLINE const char* wolfssl_mac_to_string(int mac)
             macStr = "SHA1";
             break;
 #endif
-#ifdef HAVE_SHA224
+#ifdef WOLFSSL_SHA224
         case sha224_mac:
             macStr = "SHA224";
             break;
@@ -14870,12 +16230,12 @@ static WC_INLINE const char* wolfssl_mac_to_string(int mac)
             macStr = "SHA256";
             break;
 #endif
-#ifdef HAVE_SHA384
+#ifdef WOLFSSL_SHA384
         case sha384_mac:
             macStr = "SHA384";
             break;
 #endif
-#ifdef HAVE_SHA512
+#ifdef WOLFSSL_SHA512
         case sha512_mac:
             macStr = "SHA512";
             break;
@@ -14905,7 +16265,7 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
      */
     if (cipher->in_stack == TRUE) {
         wolfSSL_sk_CIPHER_description((WOLFSSL_CIPHER*)cipher);
-        XSTRNCPY(in,cipher->description,len);
+        XSTRNCPY(in,cipher->description,(size_t)len);
         return ret;
     }
 #endif
@@ -14918,51 +16278,111 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
     macStr = wolfssl_mac_to_string(cipher->ssl->specs.mac_algorithm);
 
     /* Build up the string by copying onto the end. */
-    XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), len);
+    XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
 
-    XSTRNCPY(in, " ", len);
+    XSTRNCPY(in, " ", (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
-    XSTRNCPY(in, wolfSSL_get_version(cipher->ssl), len);
+    XSTRNCPY(in, wolfSSL_get_version(cipher->ssl), (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
 
-    XSTRNCPY(in, " Kx=", len);
+    XSTRNCPY(in, " Kx=", (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
-    XSTRNCPY(in, keaStr, len);
+    XSTRNCPY(in, keaStr, (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
 
-    XSTRNCPY(in, " Au=", len);
+    XSTRNCPY(in, " Au=", (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
-    XSTRNCPY(in, authStr, len);
+    XSTRNCPY(in, authStr, (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
 
-    XSTRNCPY(in, " Enc=", len);
+    XSTRNCPY(in, " Enc=", (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
-    XSTRNCPY(in, encStr, len);
+    XSTRNCPY(in, encStr, (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
 
-    XSTRNCPY(in, " Mac=", len);
+    XSTRNCPY(in, " Mac=", (size_t)len);
     in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
-    XSTRNCPY(in, macStr, len);
+    XSTRNCPY(in, macStr, (size_t)len);
     in[len-1] = '\0';
 
     return ret;
 }
 
-
-#ifndef NO_WOLFSSL_STUB
-int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path,
-                   int* ssl)
+int wolfSSL_OCSP_parse_url(const char* url, char** host, char** port,
+        char** path, int* ssl)
 {
-    (void)url;
-    (void)host;
-    (void)port;
-    (void)path;
-    (void)ssl;
-    WOLFSSL_STUB("OCSP_parse_url");
-    return 0;
+    const char* u = url;
+    const char* upath; /* path in u */
+    const char* uport; /* port in u */
+    const char* hostEnd;
+
+    WOLFSSL_ENTER("OCSP_parse_url");
+
+    *host = NULL;
+    *port = NULL;
+    *path = NULL;
+    *ssl = 0;
+
+    if (*(u++) != 'h') goto err;
+    if (*(u++) != 't') goto err;
+    if (*(u++) != 't') goto err;
+    if (*(u++) != 'p') goto err;
+    if (*u == 's') {
+        *ssl = 1;
+        u++;
+        *port = CopyString("443", -1, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
+    else if (*u == ':') {
+        *ssl = 0;
+        *port = CopyString("80", -1, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
+    else
+        goto err;
+    if (*port == NULL)
+        goto err;
+    if (*(u++) != ':') goto err;
+    if (*(u++) != '/') goto err;
+    if (*(u++) != '/') goto err;
+
+    /* Look for path */
+    upath = XSTRSTR(u, "/");
+    *path = CopyString(upath == NULL ? "/" : upath, -1, NULL,
+                       DYNAMIC_TYPE_OPENSSL);
+
+    /* Look for port */
+    uport = XSTRSTR(u, ":");
+    if (uport != NULL) {
+        if (*(++uport) == '\0')
+            goto err;
+        /* port must be before path */
+        if (upath != NULL && uport >= upath)
+            goto err;
+        XFREE(*port, NULL, DYNAMIC_TYPE_OPENSSL);
+        *port = CopyString(uport, upath != NULL ? (int)(upath - uport) : -1,
+                           NULL, DYNAMIC_TYPE_OPENSSL);
+        if (*port == NULL)
+            goto err;
+        hostEnd = uport - 1;
+    }
+    else
+        hostEnd = upath;
+
+    *host = CopyString(u, hostEnd != NULL ? (int)(hostEnd - u) : -1, NULL,
+                       DYNAMIC_TYPE_OPENSSL);
+    if (*host == NULL)
+        goto err;
+
+    return WOLFSSL_SUCCESS;
+err:
+    XFREE(*host, NULL, DYNAMIC_TYPE_OPENSSL);
+    *host = NULL;
+    XFREE(*port, NULL, DYNAMIC_TYPE_OPENSSL);
+    *port = NULL;
+    XFREE(*path, NULL, DYNAMIC_TYPE_OPENSSL);
+    *path = NULL;
+    return WOLFSSL_FAILURE;
 }
-#endif
 
 #ifndef NO_WOLFSSL_STUB
 WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void)
@@ -15076,12 +16496,12 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
     }
 
     key_type = key->type;
-    if ((key_type != EVP_PKEY_EC) && (key_type != EVP_PKEY_RSA)) {
+    if ((key_type != WC_EVP_PKEY_EC) && (key_type != WC_EVP_PKEY_RSA)) {
         return WOLFSSL_FATAL_ERROR;
     }
 
 #ifndef NO_RSA
-    if (key_type == EVP_PKEY_RSA) {
+    if (key_type == WC_EVP_PKEY_RSA) {
         return wolfSSL_i2d_RSAPublicKey(key->rsa, der);
     }
 #endif
@@ -15303,32 +16723,40 @@ unsigned long wolfSSL_ERR_peek_error(void)
     return wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL);
 }
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H
+#include <wolfssl/debug-untrace-error-codes.h>
+#endif
+
 int wolfSSL_ERR_GET_LIB(unsigned long err)
 {
     unsigned long value;
 
     value = (err & 0xFFFFFFL);
     switch (value) {
-    case -WC_NO_ERR_TRACE(PARSE_ERROR):
-        return ERR_LIB_SSL;
-    case -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER):
-    case PEM_R_NO_START_LINE:
-    case PEM_R_PROBLEMS_GETTING_PASSWORD:
-    case PEM_R_BAD_PASSWORD_READ:
-    case PEM_R_BAD_DECRYPT:
-        return ERR_LIB_PEM;
-    case EVP_R_BAD_DECRYPT:
-    case EVP_R_BN_DECODE_ERROR:
-    case EVP_R_DECODE_ERROR:
-    case EVP_R_PRIVATE_KEY_DECODE_ERROR:
-        return ERR_LIB_EVP;
-    case ASN1_R_HEADER_TOO_LONG:
-        return ERR_LIB_ASN1;
+    case -PARSE_ERROR:
+        return WOLFSSL_ERR_LIB_SSL;
+    case -ASN_NO_PEM_HEADER:
+    case -WOLFSSL_PEM_R_NO_START_LINE_E:
+    case -WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E:
+    case -WOLFSSL_PEM_R_BAD_PASSWORD_READ_E:
+    case -WOLFSSL_PEM_R_BAD_DECRYPT_E:
+        return WOLFSSL_ERR_LIB_PEM;
+    case -WOLFSSL_EVP_R_BAD_DECRYPT_E:
+    case -WOLFSSL_EVP_R_BN_DECODE_ERROR:
+    case -WOLFSSL_EVP_R_DECODE_ERROR:
+    case -WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR:
+        return WOLFSSL_ERR_LIB_EVP;
+    case -WOLFSSL_ASN1_R_HEADER_TOO_LONG_E:
+        return WOLFSSL_ERR_LIB_ASN1;
     default:
         return 0;
     }
 }
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
+#include <wolfssl/debug-trace-error-codes.h>
+#endif
+
 /* This function is to find global error values that are the same through out
  * all library version. With wolfSSL having only one set of error codes the
  * return value is pretty straight forward. The only thing needed is all wolfSSL
@@ -15346,7 +16774,7 @@ int wolfSSL_ERR_GET_REASON(unsigned long err)
     /* Nginx looks for this error to know to stop parsing certificates.
      * Same for HAProxy. */
     if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE) ||
-       ((err & 0xFFFFFFL) == -ASN_NO_PEM_HEADER) ||
+       ((err & 0xFFFFFFL) == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) ||
        ((err & 0xFFFL) == PEM_R_NO_START_LINE ))
         return PEM_R_NO_START_LINE;
     if (err == ((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST))
@@ -15357,11 +16785,13 @@ int wolfSSL_ERR_GET_REASON(unsigned long err)
         return ASN1_R_HEADER_TOO_LONG;
 #endif
 
-    /* check if error value is in range of wolfSSL errors */
+    /* check if error value is in range of wolfCrypt or wolfSSL errors */
     ret = 0 - ret; /* setting as negative value */
-    /* wolfCrypt range is less than MAX (-100)
-       wolfSSL range is MIN (-300) and lower */
-    if (ret < MAX_CODE_E && ret > MIN_CODE_E) {
+
+    if ((ret <= WC_SPAN1_FIRST_E && ret >= WC_SPAN1_LAST_E) ||
+        (ret <= WC_SPAN2_FIRST_E && ret >= WC_SPAN2_LAST_E) ||
+        (ret <= WOLFSSL_FIRST_E && ret >= WOLFSSL_LAST_E))
+    {
         return ret;
     }
     else {
@@ -15372,6 +16802,7 @@ int wolfSSL_ERR_GET_REASON(unsigned long err)
     return ret;
 }
 
+#ifndef NO_TLS
 /* returns a string that describes the alert
  *
  * alertID the alert value to look up
@@ -15383,13 +16814,13 @@ const char* wolfSSL_alert_type_string_long(int alertID)
     return AlertTypeToString(alertID);
 }
 
-
 const char* wolfSSL_alert_desc_string_long(int alertID)
 {
     WOLFSSL_ENTER("wolfSSL_alert_desc_string_long");
 
     return AlertTypeToString(alertID);
 }
+#endif /* !NO_TLS */
 
 #define STATE_STRINGS_PROTO(s) \
     {                          \
@@ -15538,10 +16969,10 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl)
     }
 
     /* Get state of callback */
-    if (ssl->cbmode == SSL_CB_MODE_WRITE) {
+    if (ssl->cbmode == WOLFSSL_CB_MODE_WRITE) {
         cbmode =  SS_WRITE;
     }
-    else if (ssl->cbmode == SSL_CB_MODE_READ) {
+    else if (ssl->cbmode == WOLFSSL_CB_MODE_READ) {
         cbmode =  SS_READ;
     }
     else {
@@ -15591,7 +17022,7 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl)
     }
 
     /* accept process */
-    if (ssl->cbmode == SSL_CB_MODE_READ) {
+    if (ssl->cbmode == WOLFSSL_CB_MODE_READ) {
         state = ssl->cbtype;
         switch (state) {
             case hello_request:
@@ -15833,7 +17264,7 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
         return 0;
     }
 
-    ssl->options.mask = wolf_set_options(ssl->options.mask, op);
+    ssl->options.mask = (unsigned long)wolf_set_options((long)ssl->options.mask, op);
 
     if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) {
         WOLFSSL_MSG("Disabling TLS 1.3");
@@ -15892,18 +17323,20 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
             InitSuites(ssl->suites, ssl->version, keySz, haveRSA,
                        havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
                        ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-                       ssl->options.haveFalconSig,
-                       ssl->options.haveDilithiumSig, ssl->options.useAnon,
-                       TRUE, ssl->options.side);
+                       ssl->options.useAnon,
+                       TRUE, TRUE, TRUE, TRUE, ssl->options.side);
         }
         else {
             /* Only preserve overlapping suites */
             Suites tmpSuites;
-            word16 in, out, haveECDSAsig = 0;
-            word16 haveStaticECC = ssl->options.haveStaticECC;
+            word16 in, out;
+            word16 haveECDSAsig, haveStaticECC;
 #ifdef NO_RSA
             haveECDSAsig = 1;
             haveStaticECC = 1;
+#else
+            haveECDSAsig = 0;
+            haveStaticECC = ssl->options.haveStaticECC;
 #endif
             XMEMSET(&tmpSuites, 0, sizeof(Suites));
             /* Get all possible ciphers and sigalgs for the version. Following
@@ -15912,7 +17345,7 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
              * - haveStaticECC turns off haveRSA
              * - haveECDSAsig turns off haveRSAsig */
             InitSuites(&tmpSuites, ssl->version, 0, 1, 1, 1, haveECDSAsig, 1, 1,
-                    haveStaticECC, 1, 1, 1, 1, ssl->options.side);
+                    haveStaticECC, 1, 1, 1, 1, 1, ssl->options.side);
             for (in = 0, out = 0; in < ssl->suites->suiteSz; in += SUITE_LEN) {
                 if (FindSuite(&tmpSuites, ssl->suites->suites[in],
                         ssl->suites->suites[in+1]) >= 0) {
@@ -15936,7 +17369,7 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
         }
     }
 
-    return ssl->options.mask;
+    return (long)ssl->options.mask;
 }
 
 
@@ -15945,7 +17378,7 @@ long wolfSSL_get_options(const WOLFSSL* ssl)
     WOLFSSL_ENTER("wolfSSL_get_options");
     if(ssl == NULL)
         return WOLFSSL_FAILURE;
-    return ssl->options.mask;
+    return (long)ssl->options.mask;
 }
 
 #if defined(HAVE_SECURE_RENEGOTIATION) \
@@ -16000,8 +17433,8 @@ long wolfSSL_clear_options(WOLFSSL* ssl, long opt)
     WOLFSSL_ENTER("wolfSSL_clear_options");
     if(ssl == NULL)
         return WOLFSSL_FAILURE;
-    ssl->options.mask &= ~opt;
-    return ssl->options.mask;
+    ssl->options.mask &= (unsigned long)~opt;
+    return (long)ssl->options.mask;
 }
 
 #ifdef HAVE_PK_CALLBACKS
@@ -16036,7 +17469,7 @@ long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
         return BAD_FUNC_ARG;
     }
 
-    if (type == TLSEXT_STATUSTYPE_ocsp){
+    if (type == WOLFSSL_TLSEXT_STATUSTYPE_ocsp){
         int r = TLSX_UseCertificateStatusRequest(&s->extensions, (byte)type, 0,
             s, s->heap, s->devId);
         return (long)r;
@@ -16055,7 +17488,7 @@ long wolfSSL_get_tlsext_status_type(WOLFSSL *s)
     if (s == NULL)
         return WOLFSSL_FATAL_ERROR;
     extension = TLSX_Find(s->extensions, TLSX_STATUS_REQUEST);
-    return extension != NULL ? TLSEXT_STATUSTYPE_ocsp : WOLFSSL_FATAL_ERROR;
+    return extension != NULL ? WOLFSSL_TLSEXT_STATUSTYPE_ocsp : WOLFSSL_FATAL_ERROR;
 }
 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
 
@@ -16114,20 +17547,20 @@ WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl)
 
 #ifndef NO_WOLFSSL_STUB
 /*** TBD ***/
-void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx,
+void WOLFSSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx,
     WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength))
 {
     (void)ctx;
     (void)dh;
-    WOLFSSL_STUB("SSL_CTX_set_tmp_dh_callback");
+    WOLFSSL_STUB("WOLFSSL_CTX_set_tmp_dh_callback");
 }
 #endif
 
 #ifndef NO_WOLFSSL_STUB
 /*** TBD ***/
-WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+WOLF_STACK_OF(WOLFSSL_COMP) *WOLFSSL_COMP_get_compression_methods(void)
 {
-    WOLFSSL_STUB("SSL_COMP_get_compression_methods");
+    WOLFSSL_STUB("WOLFSSL_COMP_get_compression_methods");
     return NULL;
 }
 #endif
@@ -16149,13 +17582,13 @@ WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i)
 }
 
 #if !defined(NETOS)
-void ERR_load_SSL_strings(void)
+void wolfSSL_ERR_load_SSL_strings(void)
 {
 
 }
 #endif
 
-#ifdef HAVE_OCSP
+#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
 long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp)
 {
     if (s == NULL || resp == NULL)
@@ -16171,15 +17604,16 @@ long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp,
     if (s == NULL)
         return WOLFSSL_FAILURE;
 
+    XFREE(s->ocspResp, NULL, 0);
     s->ocspResp   = resp;
     s->ocspRespSz = len;
 
     return WOLFSSL_SUCCESS;
 }
-#endif /* HAVE_OCSP */
+#endif /* defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */
 
 #ifdef HAVE_MAX_FRAGMENT
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
 /**
  * Set max fragment tls extension
  * @param c a pointer to WOLFSSL_CTX object
@@ -16207,7 +17641,7 @@ int wolfSSL_set_tlsext_max_fragment_length(WOLFSSL *s, unsigned char mode)
 
     return wolfSSL_UseMaxFragment(s, mode);
 }
-#endif /* NO_WOLFSSL_CLIENT */
+#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */
 #endif /* HAVE_MAX_FRAGMENT */
 
 #endif /* OPENSSL_EXTRA */
@@ -16266,7 +17700,7 @@ long wolfSSL_get_verify_result(const WOLFSSL *ssl)
         return WOLFSSL_FAILURE;
     }
 
-    return ssl->peerVerifyRet;
+    return (long)ssl->peerVerifyRet;
 }
 #endif
 
@@ -16532,6 +17966,33 @@ static void wolfSSL_CIPHER_copy(WOLFSSL_CIPHER* in, WOLFSSL_CIPHER* out)
     *out = *in;
 }
 
+
+#if defined(OPENSSL_ALL)
+static WOLFSSL_X509_OBJECT* wolfSSL_X509_OBJECT_dup(WOLFSSL_X509_OBJECT* obj)
+{
+    WOLFSSL_X509_OBJECT* ret = NULL;
+    if (obj) {
+        ret = wolfSSL_X509_OBJECT_new();
+        if (ret) {
+            ret->type = obj->type;
+            switch (ret->type) {
+                case WOLFSSL_X509_LU_NONE:
+                    break;
+                case WOLFSSL_X509_LU_X509:
+                    ret->data.x509 = wolfSSL_X509_dup(obj->data.x509);
+                    break;
+                case WOLFSSL_X509_LU_CRL:
+            #if defined(HAVE_CRL)
+                    ret->data.crl = wolfSSL_X509_CRL_dup(obj->data.crl);
+            #endif
+                    break;
+            }
+        }
+    }
+    return ret;
+}
+#endif /* OPENSSL_ALL */
+
 WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
 {
 
@@ -16594,6 +18055,17 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
                     goto error;
                 }
                 break;
+            case STACK_TYPE_X509_OBJ:
+            #if defined(OPENSSL_ALL)
+                if (!sk->data.x509_obj)
+                    break;
+                cur->data.x509_obj = wolfSSL_X509_OBJECT_dup(sk->data.x509_obj);
+                if (!cur->data.x509_obj) {
+                    WOLFSSL_MSG("wolfSSL_X509_OBJECT_dup error");
+                    goto error;
+                }
+                break;
+            #endif
             case STACK_TYPE_BIO:
             case STACK_TYPE_STRING:
             case STACK_TYPE_ACCESS_DESCRIPTION:
@@ -16606,7 +18078,6 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
             case STACK_TYPE_X509_INFO:
             case STACK_TYPE_BY_DIR_entry:
             case STACK_TYPE_BY_DIR_hash:
-            case STACK_TYPE_X509_OBJ:
             case STACK_TYPE_DIST_POINT:
             case STACK_TYPE_X509_CRL:
             default:
@@ -16665,7 +18136,7 @@ void wolfSSL_sk_free(WOLFSSL_STACK* sk)
 
     while (sk != NULL) {
         WOLFSSL_STACK* next = sk->next;
-        XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
+        wolfSSL_sk_free_node(sk);
         sk = next;
     }
 }
@@ -16679,7 +18150,7 @@ void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk,
     wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
 }
 
-/* return 1 on success 0 on fail */
+/* returns the number of elements in stack on success, 0 on fail */
 int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK* sk, void* generic)
 {
     WOLFSSL_ENTER("wolfSSL_sk_GENERIC_push");
@@ -16700,34 +18171,11 @@ void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK* sk)
  */
 void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, WOLF_STACK_TYPE type)
 {
-    WOLFSSL_STACK* node;
     void* data = NULL;
 
     /* Check we have a stack passed in of the right type. */
-    if ((sk != NULL) && (sk->type == type)) {
-        /* Get the next node to become the new first node. */
-        node = sk->next;
-        /* Get the ASN.1 OBJECT_ID object in the first node. */
-        data = sk->data.generic;
-
-        /* Check whether there is a next node. */
-        if (node != NULL) {
-            /* Move content out of next node into current node. */
-            sk->data.obj = node->data.obj;
-            sk->next = node->next;
-            /* Dispose of node. */
-            XFREE(node, NULL, DYNAMIC_TYPE_ASN1);
-        }
-        else {
-            /* No more nodes - clear out data. */
-            sk->data.obj = NULL;
-        }
-
-        /* Decrement count as long as we thought we had nodes. */
-        if (sk->num > 0) {
-            sk->num -= 1;
-        }
-    }
+    if ((sk != NULL) && (sk->type == type))
+        data = wolfSSL_sk_pop(sk);
 
     return data;
 }
@@ -16851,7 +18299,7 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
             if (sk->type != STACK_TYPE_CIPHER)
                 func(sk->data.generic);
         }
-        XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
+        XFREE(sk, sk->heap, DYNAMIC_TYPE_OPENSSL);
         sk = next;
     }
 }
@@ -16903,7 +18351,7 @@ int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk)
 #if defined(HAVE_EX_DATA) && !defined(NO_FILESYSTEM)
 int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
 {
-    int ret = WOLFSSL_FATAL_ERROR;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
 
     WOLFSSL_ENTER("wolfSSL_cmp_peer_cert_to_file");
     if (ssl != NULL && fname != NULL)
@@ -16943,7 +18391,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
 
         if (sz > (long)sizeof(staticBuffer)) {
             WOLFSSL_MSG("Getting dynamic buffer");
-            myBuffer = (byte*)XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
+            myBuffer = (byte*)XMALLOC((size_t)sz, ctx->heap, DYNAMIC_TYPE_FILE);
             dynamic = 1;
         }
 
@@ -16972,48 +18420,49 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
 }
 #endif
 #endif /* OPENSSL_EXTRA */
+
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
 #ifndef NO_CERTS
     /* oidCertExtType */
-    { NID_basic_constraints, BASIC_CA_OID, oidCertExtType, "basicConstraints",
+    { WC_NID_basic_constraints, BASIC_CA_OID, oidCertExtType, "basicConstraints",
       "X509v3 Basic Constraints"},
-    { NID_subject_alt_name, ALT_NAMES_OID, oidCertExtType, "subjectAltName",
+    { WC_NID_subject_alt_name, ALT_NAMES_OID, oidCertExtType, "subjectAltName",
       "X509v3 Subject Alternative Name"},
-    { NID_crl_distribution_points, CRL_DIST_OID, oidCertExtType,
+    { WC_NID_crl_distribution_points, CRL_DIST_OID, oidCertExtType,
       "crlDistributionPoints", "X509v3 CRL Distribution Points"},
-    { NID_info_access, AUTH_INFO_OID, oidCertExtType, "authorityInfoAccess",
+    { WC_NID_info_access, AUTH_INFO_OID, oidCertExtType, "authorityInfoAccess",
       "Authority Information Access"},
-    { NID_authority_key_identifier, AUTH_KEY_OID, oidCertExtType,
+    { WC_NID_authority_key_identifier, AUTH_KEY_OID, oidCertExtType,
       "authorityKeyIdentifier", "X509v3 Authority Key Identifier"},
-    { NID_subject_key_identifier, SUBJ_KEY_OID, oidCertExtType,
+    { WC_NID_subject_key_identifier, SUBJ_KEY_OID, oidCertExtType,
       "subjectKeyIdentifier", "X509v3 Subject Key Identifier"},
-    { NID_key_usage, KEY_USAGE_OID, oidCertExtType, "keyUsage",
+    { WC_NID_key_usage, KEY_USAGE_OID, oidCertExtType, "keyUsage",
       "X509v3 Key Usage"},
-    { NID_inhibit_any_policy, INHIBIT_ANY_OID, oidCertExtType,
+    { WC_NID_inhibit_any_policy, INHIBIT_ANY_OID, oidCertExtType,
       "inhibitAnyPolicy", "X509v3 Inhibit Any Policy"},
-    { NID_ext_key_usage, EXT_KEY_USAGE_OID, oidCertExtType,
+    { WC_NID_ext_key_usage, EXT_KEY_USAGE_OID, oidCertExtType,
       "extendedKeyUsage", "X509v3 Extended Key Usage"},
-    { NID_name_constraints, NAME_CONS_OID, oidCertExtType,
+    { WC_NID_name_constraints, NAME_CONS_OID, oidCertExtType,
       "nameConstraints", "X509v3 Name Constraints"},
-    { NID_certificate_policies, CERT_POLICY_OID, oidCertExtType,
+    { WC_NID_certificate_policies, CERT_POLICY_OID, oidCertExtType,
       "certificatePolicies", "X509v3 Certificate Policies"},
 
     /* oidCertAuthInfoType */
-    { NID_ad_OCSP, AIA_OCSP_OID, oidCertAuthInfoType, "OCSP",
+    { WC_NID_ad_OCSP, AIA_OCSP_OID, oidCertAuthInfoType, "OCSP",
       "OCSP"},
-    { NID_ad_ca_issuers, AIA_CA_ISSUER_OID, oidCertAuthInfoType,
+    { WC_NID_ad_ca_issuers, AIA_CA_ISSUER_OID, oidCertAuthInfoType,
       "caIssuers", "CA Issuers"},
 
     /* oidCertPolicyType */
-    { NID_any_policy, CP_ANY_OID, oidCertPolicyType, "anyPolicy",
+    { WC_NID_any_policy, CP_ANY_OID, oidCertPolicyType, "anyPolicy",
       "X509v3 Any Policy"},
 
     /* oidCertAltNameType */
-    { NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name",""},
+    { WC_NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name",""},
 
     /* oidCertKeyUseType */
-    { NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType,
+    { WC_NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType,
       "anyExtendedKeyUsage", "Any Extended Key Usage"},
     { EKU_SERVER_AUTH_OID, EKU_SERVER_AUTH_OID, oidCertKeyUseType,
       "serverAuth", "TLS Web Server Authentication"},
@@ -17023,192 +18472,197 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
       "OCSPSigning", "OCSP Signing"},
 
     /* oidCertNameType */
-    { NID_commonName, NID_commonName, oidCertNameType, "CN", "commonName"},
+    { WC_NID_commonName, WC_NID_commonName, oidCertNameType, "CN", "commonName"},
 #if !defined(WOLFSSL_CERT_REQ)
-    { NID_surname, NID_surname, oidCertNameType, "SN", "surname"},
+    { WC_NID_surname, WC_NID_surname, oidCertNameType, "SN", "surname"},
 #endif
-    { NID_serialNumber, NID_serialNumber, oidCertNameType, "serialNumber",
+    { WC_NID_serialNumber, WC_NID_serialNumber, oidCertNameType, "serialNumber",
       "serialNumber"},
-    { NID_userId, NID_userId, oidCertNameType, "UID", "userid"},
-    { NID_countryName, NID_countryName, oidCertNameType, "C", "countryName"},
-    { NID_localityName, NID_localityName, oidCertNameType, "L", "localityName"},
-    { NID_stateOrProvinceName, NID_stateOrProvinceName, oidCertNameType, "ST",
+    { WC_NID_userId, WC_NID_userId, oidCertNameType, "UID", "userid"},
+    { WC_NID_countryName, WC_NID_countryName, oidCertNameType, "C", "countryName"},
+    { WC_NID_localityName, WC_NID_localityName, oidCertNameType, "L", "localityName"},
+    { WC_NID_stateOrProvinceName, WC_NID_stateOrProvinceName, oidCertNameType, "ST",
       "stateOrProvinceName"},
-    { NID_streetAddress, NID_streetAddress, oidCertNameType, "street",
+    { WC_NID_streetAddress, WC_NID_streetAddress, oidCertNameType, "street",
       "streetAddress"},
-    { NID_organizationName, NID_organizationName, oidCertNameType, "O",
+    { WC_NID_organizationName, WC_NID_organizationName, oidCertNameType, "O",
       "organizationName"},
-    { NID_organizationalUnitName, NID_organizationalUnitName, oidCertNameType,
+    { WC_NID_organizationalUnitName, WC_NID_organizationalUnitName, oidCertNameType,
       "OU", "organizationalUnitName"},
-    { NID_emailAddress, NID_emailAddress, oidCertNameType, "emailAddress",
+    { WC_NID_emailAddress, WC_NID_emailAddress, oidCertNameType, "emailAddress",
       "emailAddress"},
-    { NID_domainComponent, NID_domainComponent, oidCertNameType, "DC",
+    { WC_NID_domainComponent, WC_NID_domainComponent, oidCertNameType, "DC",
       "domainComponent"},
-    { NID_favouriteDrink, NID_favouriteDrink, oidCertNameType, "favouriteDrink",
+    { WC_NID_rfc822Mailbox, WC_NID_rfc822Mailbox, oidCertNameType, "rfc822Mailbox",
+      "rfc822Mailbox"},
+    { WC_NID_favouriteDrink, WC_NID_favouriteDrink, oidCertNameType, "favouriteDrink",
       "favouriteDrink"},
-    { NID_businessCategory, NID_businessCategory, oidCertNameType,
+    { WC_NID_businessCategory, WC_NID_businessCategory, oidCertNameType,
       "businessCategory", "businessCategory"},
-    { NID_jurisdictionCountryName, NID_jurisdictionCountryName, oidCertNameType,
+    { WC_NID_jurisdictionCountryName, WC_NID_jurisdictionCountryName, oidCertNameType,
       "jurisdictionC", "jurisdictionCountryName"},
-    { NID_jurisdictionStateOrProvinceName, NID_jurisdictionStateOrProvinceName,
+    { WC_NID_jurisdictionStateOrProvinceName, WC_NID_jurisdictionStateOrProvinceName,
       oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"},
-    { NID_postalCode, NID_postalCode, oidCertNameType, "postalCode",
+    { WC_NID_postalCode, WC_NID_postalCode, oidCertNameType, "postalCode",
       "postalCode"},
-    { NID_userId, NID_userId, oidCertNameType, "UID", "userId"},
+    { WC_NID_userId, WC_NID_userId, oidCertNameType, "UID", "userId"},
 
 #if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_NAME_ALL)
-    { NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID,
+    { WC_NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID,
             oidCsrAttrType, "challengePassword", "challengePassword"},
-    { NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID,
+    { WC_NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID,
         oidCsrAttrType, "contentType", "contentType" },
-    { NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID,
+    { WC_NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID,
         oidCsrAttrType, "unstructuredName", "unstructuredName" },
-    { NID_name, NAME_OID, oidCsrAttrType, "name", "name" },
-    { NID_surname, SURNAME_OID,
+    { WC_NID_name, NAME_OID, oidCsrAttrType, "name", "name" },
+    { WC_NID_surname, SURNAME_OID,
         oidCsrAttrType, "surname", "surname" },
-    { NID_givenName, GIVEN_NAME_OID,
+    { WC_NID_givenName, GIVEN_NAME_OID,
         oidCsrAttrType, "givenName", "givenName" },
-    { NID_initials, INITIALS_OID,
+    { WC_NID_initials, INITIALS_OID,
         oidCsrAttrType, "initials", "initials" },
-    { NID_dnQualifier, DNQUALIFIER_OID,
+    { WC_NID_dnQualifier, DNQUALIFIER_OID,
         oidCsrAttrType, "dnQualifer", "dnQualifier" },
 #endif
 #endif
 #ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */
         /* oidHashType */
     #ifdef WOLFSSL_MD2
-        { NID_md2, MD2h, oidHashType, "MD2", "md2"},
+        { WC_NID_md2, MD2h, oidHashType, "MD2", "md2"},
     #endif
-    #ifdef WOLFSSL_MD5
-        { NID_md5, MD5h, oidHashType, "MD5", "md5"},
+    #ifndef NO_MD4
+        { WC_NID_md4, MD4h, oidHashType, "MD4", "md4"},
+    #endif
+    #ifndef NO_MD5
+        { WC_NID_md5, MD5h, oidHashType, "MD5", "md5"},
     #endif
     #ifndef NO_SHA
-        { NID_sha1, SHAh, oidHashType, "SHA1", "sha1"},
+        { WC_NID_sha1, SHAh, oidHashType, "SHA1", "sha1"},
     #endif
     #ifdef WOLFSSL_SHA224
-        { NID_sha224, SHA224h, oidHashType, "SHA224", "sha224"},
+        { WC_NID_sha224, SHA224h, oidHashType, "SHA224", "sha224"},
     #endif
     #ifndef NO_SHA256
-        { NID_sha256, SHA256h, oidHashType, "SHA256", "sha256"},
+        { WC_NID_sha256, SHA256h, oidHashType, "SHA256", "sha256"},
     #endif
     #ifdef WOLFSSL_SHA384
-        { NID_sha384, SHA384h, oidHashType, "SHA384", "sha384"},
+        { WC_NID_sha384, SHA384h, oidHashType, "SHA384", "sha384"},
     #endif
     #ifdef WOLFSSL_SHA512
-        { NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"},
+        { WC_NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"},
     #endif
     #ifdef WOLFSSL_SHA3
         #ifndef WOLFSSL_NOSHA3_224
-        { NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"},
+        { WC_NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"},
         #endif
         #ifndef WOLFSSL_NOSHA3_256
-        { NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"},
+        { WC_NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"},
         #endif
         #ifndef WOLFSSL_NOSHA3_384
-        { NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"},
+        { WC_NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"},
         #endif
         #ifndef WOLFSSL_NOSHA3_512
-        { NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"},
+        { WC_NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"},
         #endif
     #endif /* WOLFSSL_SHA3 */
     #ifdef WOLFSSL_SM3
-        { NID_sm3, SM3h, oidHashType, "SM3", "sm3"},
+        { WC_NID_sm3, SM3h, oidHashType, "SM3", "sm3"},
     #endif
         /* oidSigType */
     #ifndef NO_DSA
         #ifndef NO_SHA
-        { NID_dsaWithSHA1, CTC_SHAwDSA, oidSigType, "DSA-SHA1", "dsaWithSHA1"},
-        { NID_dsa_with_SHA256, CTC_SHA256wDSA, oidSigType, "dsa_with_SHA256",
+        { WC_NID_dsaWithSHA1, CTC_SHAwDSA, oidSigType, "DSA-SHA1", "dsaWithSHA1"},
+        { WC_NID_dsa_with_SHA256, CTC_SHA256wDSA, oidSigType, "dsa_with_SHA256",
           "dsa_with_SHA256"},
         #endif
     #endif /* NO_DSA */
     #ifndef NO_RSA
         #ifdef WOLFSSL_MD2
-        { NID_md2WithRSAEncryption, CTC_MD2wRSA, oidSigType, "RSA-MD2",
+        { WC_NID_md2WithRSAEncryption, CTC_MD2wRSA, oidSigType, "RSA-MD2",
           "md2WithRSAEncryption"},
         #endif
         #ifndef NO_MD5
-        { NID_md5WithRSAEncryption, CTC_MD5wRSA, oidSigType, "RSA-MD5",
+        { WC_NID_md5WithRSAEncryption, CTC_MD5wRSA, oidSigType, "RSA-MD5",
           "md5WithRSAEncryption"},
         #endif
         #ifndef NO_SHA
-        { NID_sha1WithRSAEncryption, CTC_SHAwRSA, oidSigType, "RSA-SHA1",
+        { WC_NID_sha1WithRSAEncryption, CTC_SHAwRSA, oidSigType, "RSA-SHA1",
           "sha1WithRSAEncryption"},
         #endif
         #ifdef WOLFSSL_SHA224
-        { NID_sha224WithRSAEncryption, CTC_SHA224wRSA, oidSigType, "RSA-SHA224",
+        { WC_NID_sha224WithRSAEncryption, CTC_SHA224wRSA, oidSigType, "RSA-SHA224",
           "sha224WithRSAEncryption"},
         #endif
         #ifndef NO_SHA256
-        { NID_sha256WithRSAEncryption, CTC_SHA256wRSA, oidSigType, "RSA-SHA256",
+        { WC_NID_sha256WithRSAEncryption, CTC_SHA256wRSA, oidSigType, "RSA-SHA256",
           "sha256WithRSAEncryption"},
         #endif
         #ifdef WOLFSSL_SHA384
-        { NID_sha384WithRSAEncryption, CTC_SHA384wRSA, oidSigType, "RSA-SHA384",
+        { WC_NID_sha384WithRSAEncryption, CTC_SHA384wRSA, oidSigType, "RSA-SHA384",
           "sha384WithRSAEncryption"},
         #endif
         #ifdef WOLFSSL_SHA512
-        { NID_sha512WithRSAEncryption, CTC_SHA512wRSA, oidSigType, "RSA-SHA512",
+        { WC_NID_sha512WithRSAEncryption, CTC_SHA512wRSA, oidSigType, "RSA-SHA512",
           "sha512WithRSAEncryption"},
         #endif
         #ifdef WOLFSSL_SHA3
         #ifndef WOLFSSL_NOSHA3_224
-        { NID_RSA_SHA3_224, CTC_SHA3_224wRSA, oidSigType, "RSA-SHA3-224",
+        { WC_NID_RSA_SHA3_224, CTC_SHA3_224wRSA, oidSigType, "RSA-SHA3-224",
           "sha3-224WithRSAEncryption"},
         #endif
         #ifndef WOLFSSL_NOSHA3_256
-        { NID_RSA_SHA3_256, CTC_SHA3_256wRSA, oidSigType, "RSA-SHA3-256",
+        { WC_NID_RSA_SHA3_256, CTC_SHA3_256wRSA, oidSigType, "RSA-SHA3-256",
           "sha3-256WithRSAEncryption"},
         #endif
         #ifndef WOLFSSL_NOSHA3_384
-        { NID_RSA_SHA3_384, CTC_SHA3_384wRSA, oidSigType, "RSA-SHA3-384",
+        { WC_NID_RSA_SHA3_384, CTC_SHA3_384wRSA, oidSigType, "RSA-SHA3-384",
           "sha3-384WithRSAEncryption"},
         #endif
         #ifndef WOLFSSL_NOSHA3_512
-        { NID_RSA_SHA3_512, CTC_SHA3_512wRSA, oidSigType, "RSA-SHA3-512",
+        { WC_NID_RSA_SHA3_512, CTC_SHA3_512wRSA, oidSigType, "RSA-SHA3-512",
           "sha3-512WithRSAEncryption"},
         #endif
         #endif
         #ifdef WC_RSA_PSS
-        { NID_rsassaPss, CTC_RSASSAPSS, oidSigType, "RSASSA-PSS", "rsassaPss" },
+        { WC_NID_rsassaPss, CTC_RSASSAPSS, oidSigType, "RSASSA-PSS", "rsassaPss" },
         #endif
     #endif /* NO_RSA */
     #ifdef HAVE_ECC
         #ifndef NO_SHA
-        { NID_ecdsa_with_SHA1, CTC_SHAwECDSA, oidSigType, "ecdsa-with-SHA1",
+        { WC_NID_ecdsa_with_SHA1, CTC_SHAwECDSA, oidSigType, "ecdsa-with-SHA1",
           "shaWithECDSA"},
         #endif
         #ifdef WOLFSSL_SHA224
-        { NID_ecdsa_with_SHA224, CTC_SHA224wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA224, CTC_SHA224wECDSA, oidSigType,
           "ecdsa-with-SHA224","sha224WithECDSA"},
         #endif
         #ifndef NO_SHA256
-        { NID_ecdsa_with_SHA256, CTC_SHA256wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA256, CTC_SHA256wECDSA, oidSigType,
           "ecdsa-with-SHA256","sha256WithECDSA"},
         #endif
         #ifdef WOLFSSL_SHA384
-        { NID_ecdsa_with_SHA384, CTC_SHA384wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA384, CTC_SHA384wECDSA, oidSigType,
           "ecdsa-with-SHA384","sha384WithECDSA"},
         #endif
         #ifdef WOLFSSL_SHA512
-        { NID_ecdsa_with_SHA512, CTC_SHA512wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA512, CTC_SHA512wECDSA, oidSigType,
           "ecdsa-with-SHA512","sha512WithECDSA"},
         #endif
         #ifdef WOLFSSL_SHA3
         #ifndef WOLFSSL_NOSHA3_224
-        { NID_ecdsa_with_SHA3_224, CTC_SHA3_224wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA3_224, CTC_SHA3_224wECDSA, oidSigType,
           "id-ecdsa-with-SHA3-224", "ecdsa_with_SHA3-224"},
         #endif
         #ifndef WOLFSSL_NOSHA3_256
-        { NID_ecdsa_with_SHA3_256, CTC_SHA3_256wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA3_256, CTC_SHA3_256wECDSA, oidSigType,
           "id-ecdsa-with-SHA3-256", "ecdsa_with_SHA3-256"},
         #endif
         #ifndef WOLFSSL_NOSHA3_384
-        { NID_ecdsa_with_SHA3_384, CTC_SHA3_384wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA3_384, CTC_SHA3_384wECDSA, oidSigType,
           "id-ecdsa-with-SHA3-384", "ecdsa_with_SHA3-384"},
         #endif
         #ifndef WOLFSSL_NOSHA3_512
-        { NID_ecdsa_with_SHA3_512, CTC_SHA3_512wECDSA, oidSigType,
+        { WC_NID_ecdsa_with_SHA3_512, CTC_SHA3_512wECDSA, oidSigType,
           "id-ecdsa-with-SHA3-512", "ecdsa_with_SHA3-512"},
         #endif
         #endif
@@ -17216,28 +18670,28 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
 
         /* oidKeyType */
     #ifndef NO_DSA
-        { NID_dsa, DSAk, oidKeyType, "DSA", "dsaEncryption"},
+        { WC_NID_dsa, DSAk, oidKeyType, "DSA", "dsaEncryption"},
     #endif /* NO_DSA */
     #ifndef NO_RSA
-        { NID_rsaEncryption, RSAk, oidKeyType, "rsaEncryption",
+        { WC_NID_rsaEncryption, RSAk, oidKeyType, "rsaEncryption",
           "rsaEncryption"},
     #ifdef WC_RSA_PSS
-        { NID_rsassaPss, RSAPSSk, oidKeyType, "RSASSA-PSS", "rsassaPss"},
+        { WC_NID_rsassaPss, RSAPSSk, oidKeyType, "RSASSA-PSS", "rsassaPss"},
     #endif
     #endif /* NO_RSA */
     #ifdef HAVE_ECC
-        { NID_X9_62_id_ecPublicKey, ECDSAk, oidKeyType, "id-ecPublicKey",
+        { WC_NID_X9_62_id_ecPublicKey, ECDSAk, oidKeyType, "id-ecPublicKey",
                                                         "id-ecPublicKey"},
     #endif /* HAVE_ECC */
     #ifndef NO_DH
-        { NID_dhKeyAgreement, DHk, oidKeyType, "dhKeyAgreement",
+        { WC_NID_dhKeyAgreement, DHk, oidKeyType, "dhKeyAgreement",
           "dhKeyAgreement"},
     #endif
     #ifdef HAVE_ED448
-        { NID_ED448, ED448k,  oidKeyType, "ED448", "ED448"},
+        { WC_NID_ED448, ED448k,  oidKeyType, "ED448", "ED448"},
     #endif
     #ifdef HAVE_ED25519
-        { NID_ED25519, ED25519k,  oidKeyType, "ED25519", "ED25519"},
+        { WC_NID_ED25519, ED25519k,  oidKeyType, "ED25519", "ED25519"},
     #endif
     #ifdef HAVE_FALCON
         { CTC_FALCON_LEVEL1, FALCON_LEVEL1k,  oidKeyType, "Falcon Level 1",
@@ -17246,81 +18700,89 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
                                                           "Falcon Level 5"},
     #endif /* HAVE_FALCON */
     #ifdef HAVE_DILITHIUM
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         { CTC_DILITHIUM_LEVEL2, DILITHIUM_LEVEL2k,  oidKeyType,
           "Dilithium Level 2", "Dilithium Level 2"},
         { CTC_DILITHIUM_LEVEL3, DILITHIUM_LEVEL3k,  oidKeyType,
           "Dilithium Level 3", "Dilithium Level 3"},
         { CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k,  oidKeyType,
           "Dilithium Level 5", "Dilithium Level 5"},
+    #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+        { CTC_ML_DSA_LEVEL2, ML_DSA_LEVEL2k,  oidKeyType,
+          "ML-DSA 44", "ML-DSA 44"},
+        { CTC_ML_DSA_LEVEL3, ML_DSA_LEVEL3k,  oidKeyType,
+          "ML-DSA 65", "ML-DSA 65"},
+        { CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5k,  oidKeyType,
+          "ML-DSA 87", "ML-DSA 87"},
     #endif /* HAVE_DILITHIUM */
 
         /* oidCurveType */
     #ifdef HAVE_ECC
-        { NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, "prime192v1",
+        { WC_NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, "prime192v1",
           "prime192v1"},
-        { NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, "prime192v2",
+        { WC_NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, "prime192v2",
           "prime192v2"},
-        { NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, "prime192v3",
+        { WC_NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, "prime192v3",
           "prime192v3"},
 
-        { NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, "prime239v1",
+        { WC_NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, "prime239v1",
           "prime239v1"},
-        { NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, "prime239v2",
+        { WC_NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, "prime239v2",
           "prime239v2"},
-        { NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, "prime239v3",
+        { WC_NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, "prime239v3",
           "prime239v3"},
 
-        { NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, "prime256v1",
+        { WC_NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, "prime256v1",
           "prime256v1"},
 
-        { NID_secp112r1, ECC_SECP112R1_OID,  oidCurveType, "secp112r1",
+        { WC_NID_secp112r1, ECC_SECP112R1_OID,  oidCurveType, "secp112r1",
           "secp112r1"},
-        { NID_secp112r2, ECC_SECP112R2_OID,  oidCurveType, "secp112r2",
+        { WC_NID_secp112r2, ECC_SECP112R2_OID,  oidCurveType, "secp112r2",
           "secp112r2"},
 
-        { NID_secp128r1, ECC_SECP128R1_OID,  oidCurveType, "secp128r1",
+        { WC_NID_secp128r1, ECC_SECP128R1_OID,  oidCurveType, "secp128r1",
           "secp128r1"},
-        { NID_secp128r2, ECC_SECP128R2_OID,  oidCurveType, "secp128r2",
+        { WC_NID_secp128r2, ECC_SECP128R2_OID,  oidCurveType, "secp128r2",
           "secp128r2"},
 
-        { NID_secp160r1, ECC_SECP160R1_OID,  oidCurveType, "secp160r1",
+        { WC_NID_secp160r1, ECC_SECP160R1_OID,  oidCurveType, "secp160r1",
           "secp160r1"},
-        { NID_secp160r2, ECC_SECP160R2_OID,  oidCurveType, "secp160r2",
+        { WC_NID_secp160r2, ECC_SECP160R2_OID,  oidCurveType, "secp160r2",
           "secp160r2"},
 
-        { NID_secp224r1, ECC_SECP224R1_OID,  oidCurveType, "secp224r1",
+        { WC_NID_secp224r1, ECC_SECP224R1_OID,  oidCurveType, "secp224r1",
           "secp224r1"},
-        { NID_secp384r1, ECC_SECP384R1_OID,  oidCurveType, "secp384r1",
+        { WC_NID_secp384r1, ECC_SECP384R1_OID,  oidCurveType, "secp384r1",
           "secp384r1"},
-        { NID_secp521r1, ECC_SECP521R1_OID,  oidCurveType, "secp521r1",
+        { WC_NID_secp521r1, ECC_SECP521R1_OID,  oidCurveType, "secp521r1",
           "secp521r1"},
 
-        { NID_secp160k1, ECC_SECP160K1_OID,  oidCurveType, "secp160k1",
+        { WC_NID_secp160k1, ECC_SECP160K1_OID,  oidCurveType, "secp160k1",
           "secp160k1"},
-        { NID_secp192k1, ECC_SECP192K1_OID,  oidCurveType, "secp192k1",
+        { WC_NID_secp192k1, ECC_SECP192K1_OID,  oidCurveType, "secp192k1",
           "secp192k1"},
-        { NID_secp224k1, ECC_SECP224K1_OID,  oidCurveType, "secp224k1",
+        { WC_NID_secp224k1, ECC_SECP224K1_OID,  oidCurveType, "secp224k1",
           "secp224k1"},
-        { NID_secp256k1, ECC_SECP256K1_OID,  oidCurveType, "secp256k1",
+        { WC_NID_secp256k1, ECC_SECP256K1_OID,  oidCurveType, "secp256k1",
           "secp256k1"},
 
-        { NID_brainpoolP160r1, ECC_BRAINPOOLP160R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP160r1, ECC_BRAINPOOLP160R1_OID,  oidCurveType,
           "brainpoolP160r1", "brainpoolP160r1"},
-        { NID_brainpoolP192r1, ECC_BRAINPOOLP192R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP192r1, ECC_BRAINPOOLP192R1_OID,  oidCurveType,
           "brainpoolP192r1", "brainpoolP192r1"},
-        { NID_brainpoolP224r1, ECC_BRAINPOOLP224R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP224r1, ECC_BRAINPOOLP224R1_OID,  oidCurveType,
           "brainpoolP224r1", "brainpoolP224r1"},
-        { NID_brainpoolP256r1, ECC_BRAINPOOLP256R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP256r1, ECC_BRAINPOOLP256R1_OID,  oidCurveType,
           "brainpoolP256r1", "brainpoolP256r1"},
-        { NID_brainpoolP320r1, ECC_BRAINPOOLP320R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP320r1, ECC_BRAINPOOLP320R1_OID,  oidCurveType,
           "brainpoolP320r1", "brainpoolP320r1"},
-        { NID_brainpoolP384r1, ECC_BRAINPOOLP384R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP384r1, ECC_BRAINPOOLP384R1_OID,  oidCurveType,
           "brainpoolP384r1", "brainpoolP384r1"},
-        { NID_brainpoolP512r1, ECC_BRAINPOOLP512R1_OID,  oidCurveType,
+        { WC_NID_brainpoolP512r1, ECC_BRAINPOOLP512R1_OID,  oidCurveType,
           "brainpoolP512r1", "brainpoolP512r1"},
 
     #ifdef WOLFSSL_SM2
-        { NID_sm2, ECC_SM2P256V1_OID, oidCurveType, "sm2", "sm2"},
+        { WC_NID_sm2, ECC_SM2P256V1_OID, oidCurveType, "sm2", "sm2"},
     #endif
     #endif /* HAVE_ECC */
 
@@ -17335,17 +18797,17 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
         { AES256CBCb, AES256CBCb, oidBlkType, "AES-256-CBC", "aes-256-cbc"},
     #endif
     #ifndef NO_DES3
-        { NID_des, DESb, oidBlkType, "DES-CBC", "des-cbc"},
-        { NID_des3, DES3b, oidBlkType, "DES-EDE3-CBC", "des-ede3-cbc"},
+        { WC_NID_des, DESb, oidBlkType, "DES-CBC", "des-cbc"},
+        { WC_NID_des3, DES3b, oidBlkType, "DES-EDE3-CBC", "des-ede3-cbc"},
     #endif /* !NO_DES3 */
     #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        { NID_chacha20_poly1305, NID_chacha20_poly1305, oidBlkType,
+        { WC_NID_chacha20_poly1305, WC_NID_chacha20_poly1305, oidBlkType,
           "ChaCha20-Poly1305", "chacha20-poly1305"},
     #endif
 
         /* oidOcspType */
     #ifdef HAVE_OCSP
-        { NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType,
+        { WC_NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType,
           "basicOCSPResponse", "Basic OCSP Response"},
         { OCSP_NONCE_OID, OCSP_NONCE_OID, oidOcspType, "Nonce", "OCSP Nonce"},
     #endif /* HAVE_OCSP */
@@ -17413,15 +18875,15 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
     #endif
     #if defined(WOLFSSL_APACHE_HTTPD)
         /* "1.3.6.1.5.5.7.8.7" */
-        { NID_id_on_dnsSRV, NID_id_on_dnsSRV, oidCertNameType,
+        { WC_NID_id_on_dnsSRV, WC_NID_id_on_dnsSRV, oidCertNameType,
             WOLFSSL_SN_DNS_SRV, WOLFSSL_LN_DNS_SRV },
 
         /* "1.3.6.1.4.1.311.20.2.3" */
-        { NID_ms_upn, WOLFSSL_MS_UPN_SUM, oidCertExtType, WOLFSSL_SN_MS_UPN,
+        { WC_NID_ms_upn, WOLFSSL_MS_UPN_SUM, oidCertExtType, WOLFSSL_SN_MS_UPN,
             WOLFSSL_LN_MS_UPN },
 
         /* "1.3.6.1.5.5.7.1.24" */
-        { NID_tlsfeature, WOLFSSL_TLS_FEATURE_SUM, oidTlsExtType,
+        { WC_NID_tlsfeature, WOLFSSL_TLS_FEATURE_SUM, oidTlsExtType,
             WOLFSSL_SN_TLS_FEATURE, WOLFSSL_LN_TLS_FEATURE },
     #endif
 #endif /* OPENSSL_EXTRA */
@@ -17430,7 +18892,7 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
 #define WOLFSSL_OBJECT_INFO_SZ \
                 (sizeof(wolfssl_object_info) / sizeof(*wolfssl_object_info))
 const size_t wolfssl_object_info_sz = WOLFSSL_OBJECT_INFO_SZ;
-#endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 /* Free the dynamically allocated data.
@@ -17497,7 +18959,7 @@ unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len)
     return targetBuf;
 }
 
-int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings)
+int wolfSSL_OPENSSL_init_ssl(word64 opts, const WOLFSSL_INIT_SETTINGS *settings)
 {
     (void)opts;
     (void)settings;
@@ -17505,7 +18967,7 @@ int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings)
 }
 
 int wolfSSL_OPENSSL_init_crypto(word64 opts,
-    const OPENSSL_INIT_SETTINGS* settings)
+    const WOLFSSL_INIT_SETTINGS* settings)
 {
     (void)opts;
     (void)settings;
@@ -17556,31 +19018,31 @@ static int HashToNid(byte hashAlgo, int* nid)
     switch ((enum wc_MACAlgorithm)hashAlgo) {
         case no_mac:
         case rmd_mac:
-            *nid = NID_undef;
+            *nid = WC_NID_undef;
             break;
         case md5_mac:
-            *nid = NID_md5;
+            *nid = WC_NID_md5;
             break;
         case sha_mac:
-            *nid = NID_sha1;
+            *nid = WC_NID_sha1;
             break;
         case sha224_mac:
-            *nid = NID_sha224;
+            *nid = WC_NID_sha224;
             break;
         case sha256_mac:
-            *nid = NID_sha256;
+            *nid = WC_NID_sha256;
             break;
         case sha384_mac:
-            *nid = NID_sha384;
+            *nid = WC_NID_sha384;
             break;
         case sha512_mac:
-            *nid = NID_sha512;
+            *nid = WC_NID_sha512;
             break;
         case blake2b_mac:
-            *nid = NID_blake2b512;
+            *nid = WC_NID_blake2b512;
             break;
         case sm3_mac:
-            *nid = NID_sm3;
+            *nid = WC_NID_sm3;
             break;
         default:
             ret = WOLFSSL_FAILURE;
@@ -17596,33 +19058,33 @@ static int SaToNid(byte sa, int* nid)
     /* Cast for compiler to check everything is implemented */
     switch ((enum SignatureAlgorithm)sa) {
         case anonymous_sa_algo:
-            *nid = NID_undef;
+            *nid = WC_NID_undef;
             break;
         case rsa_sa_algo:
-            *nid = NID_rsaEncryption;
+            *nid = WC_NID_rsaEncryption;
             break;
         case dsa_sa_algo:
-            *nid = NID_dsa;
+            *nid = WC_NID_dsa;
             break;
         case ecc_dsa_sa_algo:
-            *nid = NID_X9_62_id_ecPublicKey;
+            *nid = WC_NID_X9_62_id_ecPublicKey;
             break;
         case rsa_pss_sa_algo:
-            *nid = NID_rsassaPss;
+            *nid = WC_NID_rsassaPss;
             break;
         case ed25519_sa_algo:
 #ifdef HAVE_ED25519
-            *nid = NID_ED25519;
+            *nid = WC_NID_ED25519;
 #else
             ret = WOLFSSL_FAILURE;
 #endif
             break;
         case rsa_pss_pss_algo:
-            *nid = NID_rsassaPss;
+            *nid = WC_NID_rsassaPss;
             break;
         case ed448_sa_algo:
 #ifdef HAVE_ED448
-            *nid = NID_ED448;
+            *nid = WC_NID_ED448;
 #else
             ret = WOLFSSL_FAILURE;
 #endif
@@ -17634,16 +19096,16 @@ static int SaToNid(byte sa, int* nid)
             *nid = CTC_FALCON_LEVEL5;
             break;
         case dilithium_level2_sa_algo:
-            *nid = CTC_DILITHIUM_LEVEL2;
+            *nid = CTC_ML_DSA_LEVEL2;
             break;
         case dilithium_level3_sa_algo:
-            *nid = CTC_DILITHIUM_LEVEL3;
+            *nid = CTC_ML_DSA_LEVEL3;
             break;
         case dilithium_level5_sa_algo:
-            *nid = CTC_DILITHIUM_LEVEL5;
+            *nid = CTC_ML_DSA_LEVEL5;
             break;
         case sm2_sa_algo:
-            *nid = NID_sm2;
+            *nid = WC_NID_sm2;
             break;
         case invalid_sa_algo:
         default:
@@ -17819,7 +19281,7 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
     #endif
         {
             InitDecodedCert(cert, chain->certs[idx].buffer,
-                                  chain->certs[idx].length, NULL);
+                                  (word32)chain->certs[idx].length, NULL);
 
             if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL)) != 0) {
                 WOLFSSL_MSG("Failed to parse cert");
@@ -17881,11 +19343,12 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
 
     /* Null output buffer return size needed in outLen */
     if(!buf) {
-        if(Base64_Encode(chain->certs[idx].buffer, chain->certs[idx].length,
+        if(Base64_Encode(chain->certs[idx].buffer,
+                    (word32)chain->certs[idx].length,
                     NULL, &szNeeded) != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             return WOLFSSL_FAILURE;
-        *outLen = szNeeded + headerLen + footerLen;
-        return LENGTH_ONLY_E;
+        *outLen = (int)szNeeded + headerLen + footerLen;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     /* don't even try if inLen too short */
@@ -17893,7 +19356,7 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
         return BAD_FUNC_ARG;
 
     /* header */
-    if (XMEMCPY(buf, header, headerLen) == NULL)
+    if (XMEMCPY(buf, header, (size_t)headerLen) == NULL)
         return WOLFSSL_FATAL_ERROR;
 
     i = headerLen;
@@ -17901,14 +19364,15 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
     /* body */
     *outLen = inLen;  /* input to Base64_Encode */
     if ( (err = Base64_Encode(chain->certs[idx].buffer,
-                       chain->certs[idx].length, buf + i, (word32*)outLen)) < 0)
+                       (word32)chain->certs[idx].length, buf + i,
+                       (word32*)outLen)) < 0)
         return err;
     i += *outLen;
 
     /* footer */
     if ( (i + footerLen) > inLen)
         return BAD_FUNC_ARG;
-    if (XMEMCPY(buf + i, footer, footerLen) == NULL)
+    if (XMEMCPY(buf + i, footer, (size_t)footerLen) == NULL)
         return WOLFSSL_FATAL_ERROR;
     *outLen += headerLen + footerLen;
 
@@ -18349,6 +19813,29 @@ void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl)
     return NULL;
 }
 
+/* callback for extended master secret generation */
+void  wolfSSL_CTX_SetGenExtMasterSecretCb(WOLFSSL_CTX* ctx,
+    CallbackGenExtMasterSecret cb)
+{
+    if (ctx)
+        ctx->GenExtMasterCb = cb;
+}
+/* Set extended master secret generation callback context */
+void  wolfSSL_SetGenExtMasterSecretCtx(WOLFSSL* ssl, void *ctx)
+{
+    if (ssl)
+        ssl->GenExtMasterCtx = ctx;
+}
+/* Get extended master secret generation callback context */
+void* wolfSSL_GetGenExtMasterSecretCtx(WOLFSSL* ssl)
+{
+    if (ssl)
+        return ssl->GenExtMasterCtx;
+
+    return NULL;
+}
+
+
 /* callback for session key generation */
 void  wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX* ctx, CallbackGenSessionKey cb)
 {
@@ -18628,7 +20115,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
                 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
             }
             else {
-                obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
+                obj->dynamic &= (unsigned char)~WOLFSSL_ASN1_DYNAMIC_DATA;
             }
         }
         XMEMCPY((byte*)obj->obj, objBuf, obj->objSz);
@@ -18743,10 +20230,10 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             bufSz = bufLen - 1;
         }
         if (bufSz) {
-            XMEMCPY(buf, name, bufSz);
+            XMEMCPY(buf, name, (size_t)bufSz);
         }
-        else if (a->type == GEN_DNS || a->type == GEN_EMAIL ||
-                 a->type == GEN_URI) {
+        else if (a->type == WOLFSSL_GEN_DNS || a->type == WOLFSSL_GEN_EMAIL ||
+                 a->type == WOLFSSL_GEN_URI) {
             bufSz = (int)XSTRLEN((const char*)a->obj);
             XMEMCPY(buf, a->obj, min((word32)bufSz, (word32)bufLen));
         }
@@ -18754,7 +20241,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             if ((desc = oid_translate_num_to_str(buf))) {
                 bufSz = (int)XSTRLEN(desc);
                 bufSz = (int)min((word32)bufSz,(word32) bufLen - 1);
-                XMEMCPY(buf, desc, bufSz);
+                XMEMCPY(buf, desc, (size_t)bufSz);
             }
         }
         else {
@@ -18801,10 +20288,10 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
         size_t i;
         WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn");
 
-        if (n == NID_md5) {
-            /* NID_surname == NID_md5 and NID_surname comes before NID_md5 in
+        if (n == WC_NID_md5) {
+            /* WC_NID_surname == WC_NID_md5 and WC_NID_surname comes before WC_NID_md5 in
              * wolfssl_object_info. As a result, the loop below will incorrectly
-             * return "SN" instead of "MD5." NID_surname isn't the true OpenSSL
+             * return "SN" instead of "MD5." WC_NID_surname isn't the true OpenSSL
              * NID, but other functions rely on this table and modifying it to
              * conform with OpenSSL's NIDs isn't trivial. */
              return "MD5";
@@ -18822,7 +20309,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     int wolfSSL_OBJ_sn2nid(const char *sn) {
         WOLFSSL_ENTER("wolfSSL_OBJ_sn2nid");
         if (sn == NULL)
-            return NID_undef;
+            return WC_NID_undef;
         return wc_OBJ_sn2nid(sn);
     }
 #endif
@@ -18897,41 +20384,43 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
 #endif
 
         if (o == NULL) {
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         #ifdef WOLFSSL_QT
         if (o->grp == oidCertExtType) {
-            /* If nid is an unknown extension, return NID_undef */
+            /* If nid is an unknown extension, return WC_NID_undef */
             if (wolfSSL_OBJ_nid2sn(o->nid) == NULL)
-                return NID_undef;
+                return WC_NID_undef;
         }
         #endif
 
         if (o->nid > 0)
             return o->nid;
-        if ((ret = GetObjectId(o->obj, &idx, &oid, o->grp, o->objSz)) < 0) {
+        if ((ret = GetObjectId(o->obj, &idx, &oid,
+                                    (word32)o->grp, o->objSz)) < 0) {
             if (ret == WC_NO_ERR_TRACE(ASN_OBJECT_ID_E)) {
                 /* Put ASN object tag in front and try again */
-                int len = SetObjectId(o->objSz, NULL) + o->objSz;
-                byte* buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                int len = SetObjectId((int)o->objSz, NULL) + (int)o->objSz;
+                byte* buf = (byte*)XMALLOC((size_t)len, NULL,
+                                            DYNAMIC_TYPE_TMP_BUFFER);
                 if (!buf) {
                     WOLFSSL_MSG("malloc error");
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
-                idx = SetObjectId(o->objSz, buf);
+                idx = (word32)SetObjectId((int)o->objSz, buf);
                 XMEMCPY(buf + idx, o->obj, o->objSz);
                 idx = 0;
-                ret = GetObjectId(buf, &idx, &oid, o->grp, len);
+                ret = GetObjectId(buf, &idx, &oid, (word32)o->grp, (word32)len);
                 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 if (ret < 0) {
                     WOLFSSL_MSG("Issue getting OID of object");
-                    return -1;
+                    return WOLFSSL_FATAL_ERROR;
                 }
             }
             else {
                 WOLFSSL_MSG("Issue getting OID of object");
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             }
         }
 
@@ -18939,7 +20428,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     }
 
     /* Return the corresponding NID for the long name <ln>
-     * or NID_undef if NID can't be found.
+     * or WC_NID_undef if NID can't be found.
      */
     int wolfSSL_OBJ_ln2nid(const char *ln)
     {
@@ -18966,7 +20455,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
                 }
             }
         }
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     /* compares two objects, return 0 if equal */
@@ -19018,7 +20507,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     /* Gets the NID value that is related to the OID string passed in. Example
      * string would be "2.5.29.14" for subject key ID.
      *
-     * returns NID value on success and NID_undef on error
+     * returns NID value on success and WC_NID_undef on error
      */
     int wolfSSL_OBJ_txt2nid(const char* s)
     {
@@ -19033,7 +20522,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
         WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid");
 
         if (s == NULL) {
-            return NID_undef;
+            return WC_NID_undef;
         }
 
     #ifdef WOLFSSL_CERT_EXT
@@ -19061,18 +20550,18 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             /* try as a short name */
             len = (int)XSTRLEN(s);
             if ((int)XSTRLEN(wolfssl_object_info[i].sName) == len &&
-                XSTRNCMP(wolfssl_object_info[i].sName, s, len) == 0) {
+                XSTRNCMP(wolfssl_object_info[i].sName, s, (word32)len) == 0) {
                 return wolfssl_object_info[i].nid;
             }
 
             /* try as a long name */
             if ((int)XSTRLEN(wolfssl_object_info[i].lName) == len &&
-                XSTRNCMP(wolfssl_object_info[i].lName, s, len) == 0) {
+                XSTRNCMP(wolfssl_object_info[i].lName, s, (word32)len) == 0) {
                 return wolfssl_object_info[i].nid;
             }
         }
 
-        return NID_undef;
+        return WC_NID_undef;
     }
 #endif
 #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
@@ -19091,7 +20580,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
     WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_txt2obj(const char* s, int no_name)
     {
         int i, ret;
-        int nid = NID_undef;
+        int nid = WC_NID_undef;
         unsigned int outSz = MAX_OID_SZ;
         unsigned char out[MAX_OID_SZ];
         WOLFSSL_ASN1_OBJECT* obj;
@@ -19122,7 +20611,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
             i = SetObjectId((int)outSz, (byte*)obj->obj);
             XMEMCPY((byte*)obj->obj + i, out, outSz);
-            obj->objSz = i + outSz;
+            obj->objSz = (word32)i + outSz;
             return obj;
         }
 
@@ -19138,7 +20627,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
             }
         }
 
-        if (nid != NID_undef)
+        if (nid != WC_NID_undef)
             return wolfSSL_OBJ_nid2obj(nid);
 
         return NULL;
@@ -19196,7 +20685,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
         }
     #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) \
         || defined(WOLFSSL_HAPROXY)
-        if (ret == -ASN_NO_PEM_HEADER)
+        if (ret == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))
             return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
     #endif
     #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON)
@@ -19213,11 +20702,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
 
 #endif /* OPENSSL_EXTRA */
 
-#if defined(HAVE_EX_DATA) && \
-   (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
-    defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \
-    defined(WOLFSSL_WPAS_SMALL)
+#ifdef HAVE_EX_DATA_CRYPTO
 CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session = NULL;
 
 static int crypto_ex_cb_new(CRYPTO_EX_cb_ctx** dst, long ctx_l, void* ctx_ptr,
@@ -19227,7 +20712,7 @@ static int crypto_ex_cb_new(CRYPTO_EX_cb_ctx** dst, long ctx_l, void* ctx_ptr,
     CRYPTO_EX_cb_ctx* new_ctx = (CRYPTO_EX_cb_ctx*)XMALLOC(
             sizeof(CRYPTO_EX_cb_ctx), NULL, DYNAMIC_TYPE_OPENSSL);
     if (new_ctx == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     new_ctx->ctx_l = ctx_l;
     new_ctx->ctx_ptr = ctx_ptr;
     new_ctx->new_func = new_func;
@@ -19331,7 +20816,7 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr,
         case WOLF_CRYPTO_EX_INDEX_SSL_SESSION:
             if (crypto_ex_cb_new(&crypto_ex_cb_ctx_session, ctx_l, ctx_ptr,
                     new_func, dup_func, free_func) != 0)
-                return -1;
+                return WOLFSSL_FATAL_ERROR;
             idx = ssl_session_idx++;
             break;
 
@@ -19352,26 +20837,12 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr,
             break;
     }
     if (idx >= MAX_EX_DATA)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return idx;
 }
-#endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */
-
-#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL)
-void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
-{
-    WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
-#ifdef HAVE_EX_DATA
-    if(ctx != NULL) {
-        return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx);
-    }
-#else
-    (void)ctx;
-    (void)idx;
-#endif
-    return NULL;
-}
+#endif /* HAVE_EX_DATA_CRYPTO */
 
+#ifdef HAVE_EX_DATA_CRYPTO
 int wolfSSL_CTX_get_ex_new_index(long idx, void* arg,
                                  WOLFSSL_CRYPTO_EX_new* new_func,
                                  WOLFSSL_CRYPTO_EX_dup* dup_func,
@@ -19397,21 +20868,35 @@ int wolfSSL_get_ex_new_index(long argValue, void* arg,
     return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL, argValue, arg,
             cb1, cb2, cb3);
 }
+#endif /* HAVE_EX_DATA_CRYPTO */
 
+#ifdef OPENSSL_EXTRA
+void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
+#ifdef HAVE_EX_DATA
+    if (ctx != NULL) {
+        return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx);
+    }
+#else
+    (void)ctx;
+    (void)idx;
+#endif
+    return NULL;
+}
 
 int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data");
-    #ifdef HAVE_EX_DATA
-    if (ctx != NULL)
-    {
+#ifdef HAVE_EX_DATA
+    if (ctx != NULL) {
         return wolfSSL_CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
     }
-    #else
+#else
     (void)ctx;
     (void)idx;
     (void)data;
-    #endif
+#endif
     return WOLFSSL_FAILURE;
 }
 
@@ -19423,16 +20908,14 @@ int wolfSSL_CTX_set_ex_data_with_cleanup(
     wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data_with_cleanup");
-    if (ctx != NULL)
-    {
+    if (ctx != NULL) {
         return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data,
                                                        cleanup_routine);
     }
     return WOLFSSL_FAILURE;
 }
 #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
-
-#endif /* defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) */
+#endif /* OPENSSL_EXTRA */
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
@@ -19464,15 +20947,11 @@ int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) {
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
-#if defined(HAVE_EX_DATA) || defined(OPENSSL_EXTRA) || \
-    defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)
-
 int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
 {
     WOLFSSL_ENTER("wolfSSL_set_ex_data");
 #ifdef HAVE_EX_DATA
-    if (ssl != NULL)
-    {
+    if (ssl != NULL) {
         return wolfSSL_CRYPTO_set_ex_data(&ssl->ex_data, idx, data);
     }
 #else
@@ -19516,8 +20995,6 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
     return 0;
 }
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
-
 #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
     || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
 
@@ -19547,11 +21024,15 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
         return;
 
     /* ctx still owns certificate, certChain, key, dh, and cm */
-    if (ssl->buffers.weOwnCert)
+    if (ssl->buffers.weOwnCert) {
         FreeDer(&ssl->buffers.certificate);
+        ssl->buffers.weOwnCert = 0;
+    }
     ssl->buffers.certificate = NULL;
-    if (ssl->buffers.weOwnCertChain)
+    if (ssl->buffers.weOwnCertChain) {
         FreeDer(&ssl->buffers.certChain);
+        ssl->buffers.weOwnCertChain = 0;
+    }
     ssl->buffers.certChain = NULL;
 #ifdef WOLFSSL_TLS13
     ssl->buffers.certChainCnt = 0;
@@ -19561,6 +21042,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
     #ifdef WOLFSSL_BLIND_PRIVATE_KEY
         FreeDer(&ssl->buffers.keyMask);
     #endif
+        ssl->buffers.weOwnKey = 0;
     }
     ssl->buffers.key      = NULL;
 #ifdef WOLFSSL_BLIND_PRIVATE_KEY
@@ -19577,6 +21059,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
     #ifdef WOLFSSL_BLIND_PRIVATE_KEY
         FreeDer(&ssl->buffers.altKeyMask);
     #endif
+        ssl->buffers.weOwnAltKey = 0;
     }
     ssl->buffers.altKey     = NULL;
 #ifdef WOLFSSL_BLIND_PRIVATE_KEY
@@ -19691,10 +21174,10 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt)
         if ((ctrl_opt & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE)
                      == WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) {
             WOLFSSL_MSG("Using Server's Cipher Preference.");
-            ctx->useClientOrder = FALSE;
+            ctx->useClientOrder = 0;
         } else {
             WOLFSSL_MSG("Using Client's Cipher Preference.");
-            ctx->useClientOrder = TRUE;
+            ctx->useClientOrder = 1;
         }
         #endif /* WOLFSSL_QT */
 
@@ -19814,7 +21297,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio,
         return NULL;
     }
 
-    mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap,
+                                    DYNAMIC_TYPE_TMP_BUFFER);
     if (mem == NULL) {
         WOLFSSL_MSG("Malloc failure");
         return NULL;
@@ -19839,7 +21323,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio,
             int i;
             int j = 0;
 
-            extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL,
+            extraBioMem = (unsigned char *)XMALLOC((size_t)extraBioMemSz, NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
             if (extraBioMem == NULL) {
                 WOLFSSL_MSG("Malloc failure");
@@ -19920,10 +21404,7 @@ void wolfSSL_print_all_errors_fp(XFILE fp)
 
 /* Note: This is a huge section of API's - through
  *       wolfSSL_X509_OBJECT_get0_X509_CRL */
-#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
-    (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-    defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
-    defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
 
 #if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_DEBUG_MEMORY) && \
     !defined(WOLFSSL_STATIC_MEMORY)
@@ -20030,7 +21511,7 @@ int wolfSSL_FIPS_mode_set(int r)
 
 int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_ENTER("wolfSSL_CIPHER_get_bits");
 
     #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
@@ -20091,6 +21572,7 @@ int wolfSSL_set_tlsext_host_name(WOLFSSL* ssl, const char* host_name)
     return ret;
 }
 
+#ifndef NO_WOLFSSL_SERVER
 /* May be called by server to get the requested accepted name and by the client
  * to get the requested name. */
 const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type)
@@ -20102,6 +21584,8 @@ const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type)
             !wolfSSL_is_server(ssl));
     return (const char *)serverName;
 }
+#endif
+
 #endif /* HAVE_SNI */
 
 WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
@@ -20136,7 +21620,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
         InitSSL_CTX_Suites(ctx);
     }
 
-    wolfSSL_RefInc(&ctx->ref, &ret);
+    wolfSSL_RefWithMutexInc(&ctx->ref, &ret);
 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
     if (ret != 0) {
         /* can only fail on serious stuff, like mutex not working
@@ -20156,30 +21640,32 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     if (ctx->certificate != NULL) {
         if (ssl->buffers.certificate != NULL) {
             FreeDer(&ssl->buffers.certificate);
+            ssl->buffers.certificate = NULL;
         }
         ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer,
             ctx->certificate->length, ctx->certificate->type,
             ctx->certificate->heap);
         if (ret != 0) {
+            ssl->buffers.weOwnCert = 0;
             return NULL;
         }
 
         ssl->buffers.weOwnCert = 1;
-        ret = WOLFSSL_SUCCESS;
     }
     if (ctx->certChain != NULL) {
         if (ssl->buffers.certChain != NULL) {
             FreeDer(&ssl->buffers.certChain);
+            ssl->buffers.certChain = NULL;
         }
         ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer,
             ctx->certChain->length, ctx->certChain->type,
             ctx->certChain->heap);
         if (ret != 0) {
+            ssl->buffers.weOwnCertChain = 0;
             return NULL;
         }
 
         ssl->buffers.weOwnCertChain = 1;
-        ret = WOLFSSL_SUCCESS;
     }
 #else
     /* ctx owns certificate, certChain and key */
@@ -20190,18 +21676,41 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
 #ifndef WOLFSSL_BLIND_PRIVATE_KEY
-    ssl->buffers.key      = ctx->privateKey;
-#else
+#ifdef WOLFSSL_COPY_KEY
     if (ctx->privateKey != NULL) {
-        AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+        if (ssl->buffers.key != NULL) {
+            FreeDer(&ssl->buffers.key);
+            ssl->buffers.key = NULL;
+        }
+        ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
             ctx->privateKey->length, ctx->privateKey->type,
             ctx->privateKey->heap);
+        if (ret != 0) {
+            ssl->buffers.weOwnKey = 0;
+            return NULL;
+        }
+        ssl->buffers.weOwnKey = 1;
+    }
+    else {
+        ssl->buffers.key      = ctx->privateKey;
+    }
+#else
+    ssl->buffers.key      = ctx->privateKey;
+#endif
+#else
+    if (ctx->privateKey != NULL) {
+        ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+            ctx->privateKey->length, ctx->privateKey->type,
+            ctx->privateKey->heap);
+        if (ret != 0) {
+            return NULL;
+        }
         /* Blind the private key for the SSL with new random mask. */
         wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask);
         ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
             &ssl->buffers.keyMask);
         if (ret != 0) {
-            return ret;
+            return NULL;
         }
     }
 #endif
@@ -20223,15 +21732,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     ssl->buffers.altKey   = ctx->altPrivateKey;
 #else
     if (ctx->altPrivateKey != NULL) {
-        AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
+        ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
             ctx->altPrivateKey->length, ctx->altPrivateKey->type,
             ctx->altPrivateKey->heap);
+        if (ret != 0) {
+            return NULL;
+        }
         /* Blind the private key for the SSL with new random mask. */
         wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask);
         ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
             &ssl->buffers.altKeyMask);
         if (ret != 0) {
-            return ret;
+            return NULL;
         }
     }
 #endif
@@ -20304,9 +21816,7 @@ void wolfSSL_THREADID_set_numeric(void* id, unsigned long val)
 }
 #endif
 
-#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (HAVE_STUNNEL || WOLFSSL_NGINX ||
-        * HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH ||
-        * HAVE_SBLIM_SFCB)) */
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA */
 
 #ifdef HAVE_SNI
 
@@ -20351,11 +21861,11 @@ unsigned long wolfSSL_ERR_peek_last_error(void)
             WOLFSSL_MSG("Issue peeking at error node in queue");
             return 0;
         }
-        if (ret == -ASN_NO_PEM_HEADER)
-            return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
+        if (ret == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))
+            return (WOLFSSL_ERR_LIB_PEM << 24) | -WC_NO_ERR_TRACE(WOLFSSL_PEM_R_NO_START_LINE_E);
     #if defined(WOLFSSL_PYTHON)
         if (ret == ASN1_R_HEADER_TOO_LONG)
-            return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG;
+            return (WOLFSSL_ERR_LIB_ASN1 << 24) | -WC_NO_ERR_TRACE(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E);
     #endif
         return (unsigned long)ret;
     }
@@ -20406,11 +21916,12 @@ WOLFSSL_CTX* wolfSSL_get_SSL_CTX(const WOLFSSL* ssl)
     return ssl->ctx;
 }
 
-#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)) \
-    || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
 
 /* TODO: Doesn't currently track SSL_VERIFY_CLIENT_ONCE */
-int wolfSSL_get_verify_mode(const WOLFSSL* ssl) {
+int wolfSSL_get_verify_mode(const WOLFSSL* ssl)
+{
     int mode = 0;
     WOLFSSL_ENTER("wolfSSL_get_verify_mode");
 
@@ -20558,21 +22069,22 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
     err = wc_PeekErrorNodeLineData(file, line, data, flags, peek_ignore_err);
 
     if (err == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))
-        return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
+        return (WOLFSSL_ERR_LIB_PEM << 24) | -WC_NO_ERR_TRACE(WOLFSSL_PEM_R_NO_START_LINE_E);
 #ifdef OPENSSL_ALL
     /* PARSE_ERROR is returned if an HTTP request is detected. */
     else if (err == -WC_NO_ERR_TRACE(PARSE_ERROR))
-        return (ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST;
+        return (WOLFSSL_ERR_LIB_SSL << 24) | -WC_NO_ERR_TRACE(PARSE_ERROR) /* SSL_R_HTTP_REQUEST */;
 #endif
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON)
-    else if (err == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG))
-        return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG;
+    else if (err == ASN1_R_HEADER_TOO_LONG)
+        return (WOLFSSL_ERR_LIB_ASN1 << 24) | -WC_NO_ERR_TRACE(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E);
 #endif
   return err;
 }
 #endif
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
 
 #if !defined(WOLFSSL_USER_IO)
 /* converts an IPv6 or IPv4 address into an octet string for use with rfc3280
@@ -20740,11 +22252,86 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
     }
     return ssl->suitesStack;
 }
-#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+#endif /* OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+#ifdef OPENSSL_ALL
+/* returned pointer is to an internal element in WOLFSSL struct and should not
+ * be free'd. It gets free'd when the WOLFSSL struct is free'd. */
+WOLF_STACK_OF(WOLFSSL_CIPHER)*  wolfSSL_get_client_ciphers(WOLFSSL* ssl)
+{
+    WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL;
+    const CipherSuiteInfo* cipher_names = GetCipherNames();
+    int cipherSz = GetCipherNamesSize();
+    const Suites* suites;
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
-    defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK)
+    WOLFSSL_ENTER("wolfSSL_get_client_ciphers");
+
+    if (ssl == NULL) {
+        return NULL;
+    }
+
+    /* return NULL if is client side */
+    if (wolfSSL_is_server(ssl) == 0) {
+        return NULL;
+    }
+
+    suites = ssl->clSuites;
+    if (suites == NULL) {
+        WOLFSSL_MSG("No client suites stored");
+    }
+    else if (ssl->clSuitesStack != NULL) {
+        ret = ssl->clSuitesStack;
+    }
+    else { /* generate cipher suites stack if not already done */
+        int i;
+        int j;
+
+        ret = wolfSSL_sk_new_node(ssl->heap);
+        if (ret != NULL) {
+            ret->type = STACK_TYPE_CIPHER;
+
+            /* higher priority of cipher suite will be on top of stack */
+            for (i = suites->suiteSz - 2; i >= 0; i -= 2) {
+                WOLFSSL_CIPHER cipher;
+
+                /* A couple of suites are placeholders for special options,
+                 * skip those. */
+                if (SCSV_Check(suites->suites[i], suites->suites[i+1])
+                        || sslCipherMinMaxCheck(ssl, suites->suites[i],
+                                                suites->suites[i+1])) {
+                    continue;
+                }
+
+                cipher.cipherSuite0 = suites->suites[i];
+                cipher.cipherSuite  = suites->suites[i+1];
+                cipher.ssl          = ssl;
+                for (j = 0; j < cipherSz; j++) {
+                    if (cipher_names[j].cipherSuite0 ==
+                            cipher.cipherSuite0 &&
+                            cipher_names[j].cipherSuite ==
+                                    cipher.cipherSuite) {
+                        cipher.offset = (unsigned long)j;
+                        break;
+                    }
+                }
+
+                /* in_stack is checked in wolfSSL_CIPHER_description */
+                cipher.in_stack     = 1;
+
+                if (wolfSSL_sk_CIPHER_push(ret, &cipher) <= 0) {
+                    WOLFSSL_MSG("Error pushing client cipher onto stack");
+                    wolfSSL_sk_CIPHER_free(ret);
+                    ret = NULL;
+                    break;
+                }
+            }
+        }
+        ssl->clSuitesStack = ret;
+    }
+    return ret;
+}
+#endif /* OPENSSL_ALL */
+
+#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
 long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx)
 {
     WOLFSSL_ENTER("wolfSSL_SSL_CTX_get_timeout");
@@ -20784,7 +22371,7 @@ int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, WOLFSSL_EC_KEY *ecdh)
 }
 #endif
 #ifndef NO_BIO
-BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s)
+WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s)
 {
     WOLFSSL_ENTER("wolfSSL_SSL_get_rbio");
     /* Nginx sets the buffer size if the read BIO is different to write BIO.
@@ -20795,7 +22382,7 @@ BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s)
 
     return s->biord;
 }
-BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s)
+WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s)
 {
     WOLFSSL_ENTER("wolfSSL_SSL_get_wbio");
     (void)s;
@@ -20809,6 +22396,7 @@ BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s)
 }
 #endif /* !NO_BIO */
 
+#ifndef NO_TLS
 int wolfSSL_SSL_do_handshake_internal(WOLFSSL *s)
 {
     WOLFSSL_ENTER("wolfSSL_SSL_do_handshake_internal");
@@ -20842,6 +22430,7 @@ int wolfSSL_SSL_do_handshake(WOLFSSL *s)
 #endif
     return wolfSSL_SSL_do_handshake_internal(s);
 }
+#endif /* !NO_TLS */
 
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 int wolfSSL_SSL_in_init(const WOLFSSL *ssl)
@@ -21403,7 +22992,7 @@ int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen,
     byte lenIn, lenClient;
 
     if (out == NULL || outLen == NULL || in == NULL || clientNames == NULL)
-        return OPENSSL_NPN_UNSUPPORTED;
+        return WOLFSSL_NPN_UNSUPPORTED;
 
     for (i = 0; i < inLen; i += lenIn) {
         lenIn = in[i++];
@@ -21416,14 +23005,14 @@ int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen,
             if (XMEMCMP(in + i, clientNames + j, lenIn) == 0) {
                 *out = (unsigned char *)(in + i);
                 *outLen = lenIn;
-                return OPENSSL_NPN_NEGOTIATED;
+                return WOLFSSL_NPN_NEGOTIATED;
             }
         }
     }
 
     *out = (unsigned char *)clientNames + 1;
     *outLen = clientNames[0];
-    return OPENSSL_NPN_NO_OVERLAP;
+    return WOLFSSL_NPN_NO_OVERLAP;
 }
 
 void wolfSSL_set_alpn_select_cb(WOLFSSL *ssl,
@@ -21527,49 +23116,85 @@ int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, word16 curve_id)
 
 const WOLF_EC_NIST_NAME kNistCurves[] = {
 #ifdef HAVE_ECC
-    {CURVE_NAME("P-160"),   NID_secp160r1, WOLFSSL_ECC_SECP160R1},
-    {CURVE_NAME("P-160-2"), NID_secp160r2, WOLFSSL_ECC_SECP160R2},
-    {CURVE_NAME("P-192"),   NID_X9_62_prime192v1, WOLFSSL_ECC_SECP192R1},
-    {CURVE_NAME("P-224"),   NID_secp224r1, WOLFSSL_ECC_SECP224R1},
-    {CURVE_NAME("P-256"),   NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
-    {CURVE_NAME("P-384"),   NID_secp384r1, WOLFSSL_ECC_SECP384R1},
-    {CURVE_NAME("P-521"),   NID_secp521r1, WOLFSSL_ECC_SECP521R1},
-    {CURVE_NAME("K-160"),   NID_secp160k1, WOLFSSL_ECC_SECP160K1},
-    {CURVE_NAME("K-192"),   NID_secp192k1, WOLFSSL_ECC_SECP192K1},
-    {CURVE_NAME("K-224"),   NID_secp224k1, WOLFSSL_ECC_SECP224R1},
-    {CURVE_NAME("K-256"),   NID_secp256k1, WOLFSSL_ECC_SECP256K1},
-    {CURVE_NAME("B-256"),   NID_brainpoolP256r1, WOLFSSL_ECC_BRAINPOOLP256R1},
-    {CURVE_NAME("B-384"),   NID_brainpoolP384r1, WOLFSSL_ECC_BRAINPOOLP384R1},
-    {CURVE_NAME("B-512"),   NID_brainpoolP512r1, WOLFSSL_ECC_BRAINPOOLP512R1},
+    {CURVE_NAME("P-160"),   WC_NID_secp160r1, WOLFSSL_ECC_SECP160R1},
+    {CURVE_NAME("P-160-2"), WC_NID_secp160r2, WOLFSSL_ECC_SECP160R2},
+    {CURVE_NAME("P-192"),   WC_NID_X9_62_prime192v1, WOLFSSL_ECC_SECP192R1},
+    {CURVE_NAME("P-224"),   WC_NID_secp224r1, WOLFSSL_ECC_SECP224R1},
+    {CURVE_NAME("P-256"),   WC_NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
+    {CURVE_NAME("P-384"),   WC_NID_secp384r1, WOLFSSL_ECC_SECP384R1},
+    {CURVE_NAME("P-521"),   WC_NID_secp521r1, WOLFSSL_ECC_SECP521R1},
+    {CURVE_NAME("K-160"),   WC_NID_secp160k1, WOLFSSL_ECC_SECP160K1},
+    {CURVE_NAME("K-192"),   WC_NID_secp192k1, WOLFSSL_ECC_SECP192K1},
+    {CURVE_NAME("K-224"),   WC_NID_secp224k1, WOLFSSL_ECC_SECP224R1},
+    {CURVE_NAME("K-256"),   WC_NID_secp256k1, WOLFSSL_ECC_SECP256K1},
+    {CURVE_NAME("B-256"),   WC_NID_brainpoolP256r1, WOLFSSL_ECC_BRAINPOOLP256R1},
+    {CURVE_NAME("B-384"),   WC_NID_brainpoolP384r1, WOLFSSL_ECC_BRAINPOOLP384R1},
+    {CURVE_NAME("B-512"),   WC_NID_brainpoolP512r1, WOLFSSL_ECC_BRAINPOOLP512R1},
 #endif
 #ifdef HAVE_CURVE25519
-    {CURVE_NAME("X25519"),  NID_X25519, WOLFSSL_ECC_X25519},
+    {CURVE_NAME("X25519"),  WC_NID_X25519, WOLFSSL_ECC_X25519},
 #endif
 #ifdef HAVE_CURVE448
-    {CURVE_NAME("X448"),    NID_X448, WOLFSSL_ECC_X448},
+    {CURVE_NAME("X448"),    WC_NID_X448, WOLFSSL_ECC_X448},
 #endif
-#ifdef WOLFSSL_HAVE_KYBER
+#ifdef WOLFSSL_HAVE_MLKEM
+#ifndef WOLFSSL_NO_ML_KEM
+    {CURVE_NAME("ML_KEM_512"), WOLFSSL_ML_KEM_512, WOLFSSL_ML_KEM_512},
+    {CURVE_NAME("ML_KEM_768"), WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_768},
+    {CURVE_NAME("ML_KEM_1024"), WOLFSSL_ML_KEM_1024, WOLFSSL_ML_KEM_1024},
+#if (defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC)
+    {CURVE_NAME("P256_ML_KEM_512"), WOLFSSL_P256_ML_KEM_512,
+     WOLFSSL_P256_ML_KEM_512},
+    {CURVE_NAME("P384_ML_KEM_768"), WOLFSSL_P384_ML_KEM_768,
+     WOLFSSL_P384_ML_KEM_768},
+    {CURVE_NAME("P256_ML_KEM_768"), WOLFSSL_P256_ML_KEM_768,
+     WOLFSSL_P256_ML_KEM_768},
+    {CURVE_NAME("P521_ML_KEM_1024"), WOLFSSL_P521_ML_KEM_1024,
+     WOLFSSL_P521_ML_KEM_1024},
+    {CURVE_NAME("P384_ML_KEM_1024"), WOLFSSL_P384_ML_KEM_1024,
+     WOLFSSL_P384_ML_KEM_1024},
+    {CURVE_NAME("X25519_ML_KEM_512"), WOLFSSL_X25519_ML_KEM_512,
+     WOLFSSL_X25519_ML_KEM_512},
+    {CURVE_NAME("X448_ML_KEM_768"), WOLFSSL_X448_ML_KEM_768,
+     WOLFSSL_X448_ML_KEM_768},
+    {CURVE_NAME("X25519_ML_KEM_768"), WOLFSSL_X25519_ML_KEM_768,
+     WOLFSSL_X25519_ML_KEM_768},
+#endif
+#endif /* !WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_MLKEM_KYBER
     {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1},
-    {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL1},
-    {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL1},
-#if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC)
-    {CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P256_KYBER_LEVEL1},
-    {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P256_KYBER_LEVEL1},
-    {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1},
-#endif
+    {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL3},
+    {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL5},
+#if (defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC)
+    {CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1,
+     WOLFSSL_P256_KYBER_LEVEL1},
+    {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3,
+     WOLFSSL_P384_KYBER_LEVEL3},
+    {CURVE_NAME("P256_KYBER_LEVEL3"), WOLFSSL_P256_KYBER_LEVEL3,
+     WOLFSSL_P256_KYBER_LEVEL3},
+    {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5,
+     WOLFSSL_P521_KYBER_LEVEL5},
+    {CURVE_NAME("X25519_KYBER_LEVEL1"), WOLFSSL_X25519_KYBER_LEVEL1,
+     WOLFSSL_X25519_KYBER_LEVEL1},
+    {CURVE_NAME("X448_KYBER_LEVEL3"), WOLFSSL_X448_KYBER_LEVEL3,
+     WOLFSSL_X448_KYBER_LEVEL3},
+    {CURVE_NAME("X25519_KYBER_LEVEL3"), WOLFSSL_X25519_KYBER_LEVEL3,
+     WOLFSSL_X25519_KYBER_LEVEL3},
 #endif
+#endif /* WOLFSSL_MLKEM_KYBER */
+#endif /* WOLFSSL_HAVE_MLKEM */
 #ifdef WOLFSSL_SM2
-    {CURVE_NAME("SM2"),     NID_sm2, WOLFSSL_ECC_SM2P256V1},
+    {CURVE_NAME("SM2"),     WC_NID_sm2, WOLFSSL_ECC_SM2P256V1},
 #endif
 #ifdef HAVE_ECC
     /* Alternative curve names */
-    {CURVE_NAME("prime256v1"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
-    {CURVE_NAME("secp256r1"),  NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
-    {CURVE_NAME("secp384r1"),  NID_secp384r1, WOLFSSL_ECC_SECP384R1},
-    {CURVE_NAME("secp521r1"),  NID_secp521r1, WOLFSSL_ECC_SECP521R1},
+    {CURVE_NAME("prime256v1"), WC_NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
+    {CURVE_NAME("secp256r1"),  WC_NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
+    {CURVE_NAME("secp384r1"),  WC_NID_secp384r1, WOLFSSL_ECC_SECP384R1},
+    {CURVE_NAME("secp521r1"),  WC_NID_secp521r1, WOLFSSL_ECC_SECP521R1},
 #endif
 #ifdef WOLFSSL_SM2
-    {CURVE_NAME("sm2p256v1"),  NID_sm2, WOLFSSL_ECC_SM2P256V1},
+    {CURVE_NAME("sm2p256v1"),  WC_NID_sm2, WOLFSSL_ECC_SM2P256V1},
 #endif
     {0, NULL, 0, 0},
 };
@@ -21607,13 +23232,13 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
         if (len > MAX_CURVE_NAME_SZ - 1)
             goto leave;
 
-        XMEMCPY(name, names + start, len);
+        XMEMCPY(name, names + start, (size_t)len);
         name[len] = 0;
         curve = WOLFSSL_NAMED_GROUP_INVALID;
 
         for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
             if (len == nist_name->name_len &&
-                    XSTRNCMP(name, nist_name->name, len) == 0) {
+                    XSTRNCMP(name, nist_name->name, (size_t)len) == 0) {
                 curve = nist_name->curve;
                 break;
             }
@@ -21636,7 +23261,7 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
                 goto leave;
             }
 
-            curve = GetCurveByOID(eccSet->oidSum);
+            curve = GetCurveByOID((int)eccSet->oidSum);
         #else
             WOLFSSL_MSG("API not present to search farther using name");
             goto leave;
@@ -21682,7 +23307,7 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
         else {
             disabled &= ~(1U << curve);
         }
-    #ifdef HAVE_SUPPORTED_CURVES
+    #if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_TLS)
     #if !defined(WOLFSSL_OLD_SET_CURVES_LIST)
         /* using the wolfSSL API to set the groups, this will populate
          * (ssl|ctx)->groups and reset any TLSX_SUPPORTED_GROUPS.
@@ -21705,12 +23330,12 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
             goto leave;
         }
     #endif
-    #endif /* HAVE_SUPPORTED_CURVES */
+    #endif /* HAVE_SUPPORTED_CURVES && !NO_TLS */
     }
 
-    if (ssl)
+    if (ssl != NULL)
         ssl->disabledCurves = disabled;
-    else
+    else if (ctx != NULL)
         ctx->disabledCurves = disabled;
     ret = WOLFSSL_SUCCESS;
 
@@ -21744,6 +23369,7 @@ int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names)
 #endif /* (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) */
 #endif /* OPENSSL_EXTRA || HAVE_CURL */
 
+
 #ifdef OPENSSL_EXTRA
 /* Sets a callback for when sending and receiving protocol messages.
  * This callback is copied to all WOLFSSL objects created from the ctx.
@@ -21825,7 +23451,7 @@ void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file,
     if (data == NULL || siz >= INT_MAX)
         return NULL;
 
-    ret = OPENSSL_malloc(siz);
+    ret = wolfSSL_OPENSSL_malloc(siz);
     if (ret == NULL) {
         return NULL;
     }
@@ -21980,45 +23606,45 @@ word32 nid2oid(int nid, int grp)
         case oidHashType:
             switch (nid) {
             #ifdef WOLFSSL_MD2
-                case NID_md2:
+                case WC_NID_md2:
                     return MD2h;
             #endif
             #ifndef NO_MD5
-                case NID_md5:
+                case WC_NID_md5:
                     return MD5h;
             #endif
             #ifndef NO_SHA
-                case NID_sha1:
+                case WC_NID_sha1:
                     return SHAh;
             #endif
-                case NID_sha224:
+                case WC_NID_sha224:
                     return SHA224h;
             #ifndef NO_SHA256
-                case NID_sha256:
+                case WC_NID_sha256:
                     return SHA256h;
             #endif
             #ifdef WOLFSSL_SHA384
-                case NID_sha384:
+                case WC_NID_sha384:
                     return SHA384h;
             #endif
             #ifdef WOLFSSL_SHA512
-                case NID_sha512:
+                case WC_NID_sha512:
                     return SHA512h;
             #endif
             #ifndef WOLFSSL_NOSHA3_224
-                case NID_sha3_224:
+                case WC_NID_sha3_224:
                     return SHA3_224h;
             #endif
             #ifndef WOLFSSL_NOSHA3_256
-                case NID_sha3_256:
+                case WC_NID_sha3_256:
                     return SHA3_256h;
             #endif
             #ifndef WOLFSSL_NOSHA3_384
-                case NID_sha3_384:
+                case WC_NID_sha3_384:
                     return SHA3_384h;
             #endif
             #ifndef WOLFSSL_NOSHA3_512
-                case NID_sha3_512:
+                case WC_NID_sha3_512:
                     return SHA3_512h;
             #endif
             }
@@ -22028,56 +23654,56 @@ word32 nid2oid(int nid, int grp)
         case oidSigType:
             switch (nid) {
             #ifndef NO_DSA
-                case NID_dsaWithSHA1:
+                case WC_NID_dsaWithSHA1:
                     return CTC_SHAwDSA;
-                case NID_dsa_with_SHA256:
+                case WC_NID_dsa_with_SHA256:
                     return CTC_SHA256wDSA;
             #endif /* NO_DSA */
             #ifndef NO_RSA
-                case NID_md2WithRSAEncryption:
+                case WC_NID_md2WithRSAEncryption:
                     return CTC_MD2wRSA;
-                case NID_md5WithRSAEncryption:
+                case WC_NID_md5WithRSAEncryption:
                     return CTC_MD5wRSA;
-                case NID_sha1WithRSAEncryption:
+                case WC_NID_sha1WithRSAEncryption:
                     return CTC_SHAwRSA;
-                case NID_sha224WithRSAEncryption:
+                case WC_NID_sha224WithRSAEncryption:
                     return CTC_SHA224wRSA;
-                case NID_sha256WithRSAEncryption:
+                case WC_NID_sha256WithRSAEncryption:
                     return CTC_SHA256wRSA;
-                case NID_sha384WithRSAEncryption:
+                case WC_NID_sha384WithRSAEncryption:
                     return CTC_SHA384wRSA;
-                case NID_sha512WithRSAEncryption:
+                case WC_NID_sha512WithRSAEncryption:
                     return CTC_SHA512wRSA;
                 #ifdef WOLFSSL_SHA3
-                case NID_RSA_SHA3_224:
+                case WC_NID_RSA_SHA3_224:
                     return CTC_SHA3_224wRSA;
-                case NID_RSA_SHA3_256:
+                case WC_NID_RSA_SHA3_256:
                     return CTC_SHA3_256wRSA;
-                case NID_RSA_SHA3_384:
+                case WC_NID_RSA_SHA3_384:
                     return CTC_SHA3_384wRSA;
-                case NID_RSA_SHA3_512:
+                case WC_NID_RSA_SHA3_512:
                     return CTC_SHA3_512wRSA;
                 #endif
             #endif /* NO_RSA */
             #ifdef HAVE_ECC
-                case NID_ecdsa_with_SHA1:
+                case WC_NID_ecdsa_with_SHA1:
                     return CTC_SHAwECDSA;
-                case NID_ecdsa_with_SHA224:
+                case WC_NID_ecdsa_with_SHA224:
                     return CTC_SHA224wECDSA;
-                case NID_ecdsa_with_SHA256:
+                case WC_NID_ecdsa_with_SHA256:
                     return CTC_SHA256wECDSA;
-                case NID_ecdsa_with_SHA384:
+                case WC_NID_ecdsa_with_SHA384:
                     return CTC_SHA384wECDSA;
-                case NID_ecdsa_with_SHA512:
+                case WC_NID_ecdsa_with_SHA512:
                     return CTC_SHA512wECDSA;
                 #ifdef WOLFSSL_SHA3
-                case NID_ecdsa_with_SHA3_224:
+                case WC_NID_ecdsa_with_SHA3_224:
                     return CTC_SHA3_224wECDSA;
-                case NID_ecdsa_with_SHA3_256:
+                case WC_NID_ecdsa_with_SHA3_256:
                     return CTC_SHA3_256wECDSA;
-                case NID_ecdsa_with_SHA3_384:
+                case WC_NID_ecdsa_with_SHA3_384:
                     return CTC_SHA3_384wECDSA;
-                case NID_ecdsa_with_SHA3_512:
+                case WC_NID_ecdsa_with_SHA3_512:
                     return CTC_SHA3_512wECDSA;
                 #endif
             #endif /* HAVE_ECC */
@@ -22088,15 +23714,15 @@ word32 nid2oid(int nid, int grp)
         case oidKeyType:
             switch (nid) {
             #ifndef NO_DSA
-                case NID_dsa:
+                case WC_NID_dsa:
                     return DSAk;
             #endif /* NO_DSA */
             #ifndef NO_RSA
-                case NID_rsaEncryption:
+                case WC_NID_rsaEncryption:
                     return RSAk;
             #endif /* NO_RSA */
             #ifdef HAVE_ECC
-                case NID_X9_62_id_ecPublicKey:
+                case WC_NID_X9_62_id_ecPublicKey:
                     return ECDSAk;
             #endif /* HAVE_ECC */
             }
@@ -22106,59 +23732,59 @@ word32 nid2oid(int nid, int grp)
     #ifdef HAVE_ECC
         case oidCurveType:
             switch (nid) {
-            case NID_X9_62_prime192v1:
+            case WC_NID_X9_62_prime192v1:
                 return ECC_SECP192R1_OID;
-            case NID_X9_62_prime192v2:
+            case WC_NID_X9_62_prime192v2:
                 return ECC_PRIME192V2_OID;
-            case NID_X9_62_prime192v3:
+            case WC_NID_X9_62_prime192v3:
                 return ECC_PRIME192V3_OID;
-            case NID_X9_62_prime239v1:
+            case WC_NID_X9_62_prime239v1:
                 return ECC_PRIME239V1_OID;
-            case NID_X9_62_prime239v2:
+            case WC_NID_X9_62_prime239v2:
                 return ECC_PRIME239V2_OID;
-            case NID_X9_62_prime239v3:
+            case WC_NID_X9_62_prime239v3:
                 return ECC_PRIME239V3_OID;
-            case NID_X9_62_prime256v1:
+            case WC_NID_X9_62_prime256v1:
                 return ECC_SECP256R1_OID;
-            case NID_secp112r1:
+            case WC_NID_secp112r1:
                 return ECC_SECP112R1_OID;
-            case NID_secp112r2:
+            case WC_NID_secp112r2:
                 return ECC_SECP112R2_OID;
-            case NID_secp128r1:
+            case WC_NID_secp128r1:
                 return ECC_SECP128R1_OID;
-            case NID_secp128r2:
+            case WC_NID_secp128r2:
                 return ECC_SECP128R2_OID;
-            case NID_secp160r1:
+            case WC_NID_secp160r1:
                 return ECC_SECP160R1_OID;
-            case NID_secp160r2:
+            case WC_NID_secp160r2:
                 return ECC_SECP160R2_OID;
-            case NID_secp224r1:
+            case WC_NID_secp224r1:
                 return ECC_SECP224R1_OID;
-            case NID_secp384r1:
+            case WC_NID_secp384r1:
                 return ECC_SECP384R1_OID;
-            case NID_secp521r1:
+            case WC_NID_secp521r1:
                 return ECC_SECP521R1_OID;
-            case NID_secp160k1:
+            case WC_NID_secp160k1:
                 return ECC_SECP160K1_OID;
-            case NID_secp192k1:
+            case WC_NID_secp192k1:
                 return ECC_SECP192K1_OID;
-            case NID_secp224k1:
+            case WC_NID_secp224k1:
                 return ECC_SECP224K1_OID;
-            case NID_secp256k1:
+            case WC_NID_secp256k1:
                 return ECC_SECP256K1_OID;
-            case NID_brainpoolP160r1:
+            case WC_NID_brainpoolP160r1:
                 return ECC_BRAINPOOLP160R1_OID;
-            case NID_brainpoolP192r1:
+            case WC_NID_brainpoolP192r1:
                 return ECC_BRAINPOOLP192R1_OID;
-            case NID_brainpoolP224r1:
+            case WC_NID_brainpoolP224r1:
                 return ECC_BRAINPOOLP224R1_OID;
-            case NID_brainpoolP256r1:
+            case WC_NID_brainpoolP256r1:
                 return ECC_BRAINPOOLP256R1_OID;
-            case NID_brainpoolP320r1:
+            case WC_NID_brainpoolP320r1:
                 return ECC_BRAINPOOLP320R1_OID;
-            case NID_brainpoolP384r1:
+            case WC_NID_brainpoolP384r1:
                 return ECC_BRAINPOOLP384R1_OID;
-            case NID_brainpoolP512r1:
+            case WC_NID_brainpoolP512r1:
                 return ECC_BRAINPOOLP512R1_OID;
             }
             break;
@@ -22180,9 +23806,9 @@ word32 nid2oid(int nid, int grp)
                     return AES256CBCb;
             #endif
             #ifndef NO_DES3
-                case NID_des:
+                case WC_NID_des:
                     return DESb;
-                case NID_des3:
+                case WC_NID_des3:
                     return DES3b;
             #endif
             }
@@ -22191,7 +23817,7 @@ word32 nid2oid(int nid, int grp)
     #ifdef HAVE_OCSP
         case oidOcspType:
             switch (nid) {
-                case NID_id_pkix_OCSP_basic:
+                case WC_NID_id_pkix_OCSP_basic:
                     return OCSP_BASIC_OID;
                 case OCSP_NONCE_OID:
                     return OCSP_NONCE_OID;
@@ -22202,27 +23828,27 @@ word32 nid2oid(int nid, int grp)
         /* oidCertExtType */
         case oidCertExtType:
             switch (nid) {
-                case NID_basic_constraints:
+                case WC_NID_basic_constraints:
                     return BASIC_CA_OID;
-                case NID_subject_alt_name:
+                case WC_NID_subject_alt_name:
                     return ALT_NAMES_OID;
-                case NID_crl_distribution_points:
+                case WC_NID_crl_distribution_points:
                     return CRL_DIST_OID;
-                case NID_info_access:
+                case WC_NID_info_access:
                     return AUTH_INFO_OID;
-                case NID_authority_key_identifier:
+                case WC_NID_authority_key_identifier:
                     return AUTH_KEY_OID;
-                case NID_subject_key_identifier:
+                case WC_NID_subject_key_identifier:
                     return SUBJ_KEY_OID;
-                case NID_inhibit_any_policy:
+                case WC_NID_inhibit_any_policy:
                     return INHIBIT_ANY_OID;
-                case NID_key_usage:
+                case WC_NID_key_usage:
                     return KEY_USAGE_OID;
-                case NID_name_constraints:
+                case WC_NID_name_constraints:
                     return NAME_CONS_OID;
-                case NID_certificate_policies:
+                case WC_NID_certificate_policies:
                     return CERT_POLICY_OID;
-                case NID_ext_key_usage:
+                case WC_NID_ext_key_usage:
                     return EXT_KEY_USAGE_OID;
             }
             break;
@@ -22230,9 +23856,9 @@ word32 nid2oid(int nid, int grp)
         /* oidCertAuthInfoType */
         case oidCertAuthInfoType:
             switch (nid) {
-                case NID_ad_OCSP:
+                case WC_NID_ad_OCSP:
                     return AIA_OCSP_OID;
-                case NID_ad_ca_issuers:
+                case WC_NID_ad_ca_issuers:
                     return AIA_CA_ISSUER_OID;
             }
             break;
@@ -22240,7 +23866,7 @@ word32 nid2oid(int nid, int grp)
         /* oidCertPolicyType */
         case oidCertPolicyType:
             switch (nid) {
-                case NID_any_policy:
+                case WC_NID_any_policy:
                     return CP_ANY_OID;
             }
             break;
@@ -22248,7 +23874,7 @@ word32 nid2oid(int nid, int grp)
         /* oidCertAltNameType */
         case oidCertAltNameType:
             switch (nid) {
-                case NID_hw_name_oid:
+                case WC_NID_hw_name_oid:
                     return HW_NAME_OID;
             }
             break;
@@ -22256,7 +23882,7 @@ word32 nid2oid(int nid, int grp)
         /* oidCertKeyUseType */
         case oidCertKeyUseType:
             switch (nid) {
-                case NID_anyExtendedKeyUsage:
+                case WC_NID_anyExtendedKeyUsage:
                     return EKU_ANY_OID;
                 case EKU_SERVER_AUTH_OID:
                     return EKU_SERVER_AUTH_OID;
@@ -22335,15 +23961,15 @@ word32 nid2oid(int nid, int grp)
     #ifdef WOLFSSL_CERT_REQ
         case oidCsrAttrType:
             switch (nid) {
-                case NID_pkcs9_contentType:
+                case WC_NID_pkcs9_contentType:
                     return PKCS9_CONTENT_TYPE_OID;
-                case NID_pkcs9_challengePassword:
+                case WC_NID_pkcs9_challengePassword:
                     return CHALLENGE_PASSWORD_OID;
-                case NID_serialNumber:
+                case WC_NID_serialNumber:
                     return SERIAL_NUMBER_OID;
-                case NID_userId:
+                case WC_NID_userId:
                     return USER_ID_OID;
-                case NID_surname:
+                case WC_NID_surname:
                     return SURNAME_OID;
             }
             break;
@@ -22369,29 +23995,29 @@ int oid2nid(word32 oid, int grp)
             switch (oid) {
             #ifdef WOLFSSL_MD2
                 case MD2h:
-                    return NID_md2;
+                    return WC_NID_md2;
             #endif
             #ifndef NO_MD5
                 case MD5h:
-                    return NID_md5;
+                    return WC_NID_md5;
             #endif
             #ifndef NO_SHA
                 case SHAh:
-                    return NID_sha1;
+                    return WC_NID_sha1;
             #endif
                 case SHA224h:
-                    return NID_sha224;
+                    return WC_NID_sha224;
             #ifndef NO_SHA256
                 case SHA256h:
-                    return NID_sha256;
+                    return WC_NID_sha256;
             #endif
             #ifdef WOLFSSL_SHA384
                 case SHA384h:
-                    return NID_sha384;
+                    return WC_NID_sha384;
             #endif
             #ifdef WOLFSSL_SHA512
                 case SHA512h:
-                    return NID_sha512;
+                    return WC_NID_sha512;
             #endif
             }
             break;
@@ -22401,60 +24027,60 @@ int oid2nid(word32 oid, int grp)
             switch (oid) {
             #ifndef NO_DSA
                 case CTC_SHAwDSA:
-                    return NID_dsaWithSHA1;
+                    return WC_NID_dsaWithSHA1;
                 case CTC_SHA256wDSA:
-                    return NID_dsa_with_SHA256;
+                    return WC_NID_dsa_with_SHA256;
             #endif /* NO_DSA */
             #ifndef NO_RSA
                 case CTC_MD2wRSA:
-                    return NID_md2WithRSAEncryption;
+                    return WC_NID_md2WithRSAEncryption;
                 case CTC_MD5wRSA:
-                    return NID_md5WithRSAEncryption;
+                    return WC_NID_md5WithRSAEncryption;
                 case CTC_SHAwRSA:
-                    return NID_sha1WithRSAEncryption;
+                    return WC_NID_sha1WithRSAEncryption;
                 case CTC_SHA224wRSA:
-                    return NID_sha224WithRSAEncryption;
+                    return WC_NID_sha224WithRSAEncryption;
                 case CTC_SHA256wRSA:
-                    return NID_sha256WithRSAEncryption;
+                    return WC_NID_sha256WithRSAEncryption;
                 case CTC_SHA384wRSA:
-                    return NID_sha384WithRSAEncryption;
+                    return WC_NID_sha384WithRSAEncryption;
                 case CTC_SHA512wRSA:
-                    return NID_sha512WithRSAEncryption;
+                    return WC_NID_sha512WithRSAEncryption;
                 #ifdef WOLFSSL_SHA3
                 case CTC_SHA3_224wRSA:
-                    return NID_RSA_SHA3_224;
+                    return WC_NID_RSA_SHA3_224;
                 case CTC_SHA3_256wRSA:
-                    return NID_RSA_SHA3_256;
+                    return WC_NID_RSA_SHA3_256;
                 case CTC_SHA3_384wRSA:
-                    return NID_RSA_SHA3_384;
+                    return WC_NID_RSA_SHA3_384;
                 case CTC_SHA3_512wRSA:
-                    return NID_RSA_SHA3_512;
+                    return WC_NID_RSA_SHA3_512;
                 #endif
                 #ifdef WC_RSA_PSS
                 case CTC_RSASSAPSS:
-                    return NID_rsassaPss;
+                    return WC_NID_rsassaPss;
                 #endif
             #endif /* NO_RSA */
             #ifdef HAVE_ECC
                 case CTC_SHAwECDSA:
-                    return NID_ecdsa_with_SHA1;
+                    return WC_NID_ecdsa_with_SHA1;
                 case CTC_SHA224wECDSA:
-                    return NID_ecdsa_with_SHA224;
+                    return WC_NID_ecdsa_with_SHA224;
                 case CTC_SHA256wECDSA:
-                    return NID_ecdsa_with_SHA256;
+                    return WC_NID_ecdsa_with_SHA256;
                 case CTC_SHA384wECDSA:
-                    return NID_ecdsa_with_SHA384;
+                    return WC_NID_ecdsa_with_SHA384;
                 case CTC_SHA512wECDSA:
-                    return NID_ecdsa_with_SHA512;
+                    return WC_NID_ecdsa_with_SHA512;
                 #ifdef WOLFSSL_SHA3
                 case CTC_SHA3_224wECDSA:
-                    return NID_ecdsa_with_SHA3_224;
+                    return WC_NID_ecdsa_with_SHA3_224;
                 case CTC_SHA3_256wECDSA:
-                    return NID_ecdsa_with_SHA3_256;
+                    return WC_NID_ecdsa_with_SHA3_256;
                 case CTC_SHA3_384wECDSA:
-                    return NID_ecdsa_with_SHA3_384;
+                    return WC_NID_ecdsa_with_SHA3_384;
                 case CTC_SHA3_512wECDSA:
-                    return NID_ecdsa_with_SHA3_512;
+                    return WC_NID_ecdsa_with_SHA3_512;
                 #endif
             #endif /* HAVE_ECC */
             }
@@ -22465,19 +24091,19 @@ int oid2nid(word32 oid, int grp)
             switch (oid) {
             #ifndef NO_DSA
                 case DSAk:
-                    return NID_dsa;
+                    return WC_NID_dsa;
             #endif /* NO_DSA */
             #ifndef NO_RSA
                 case RSAk:
-                    return NID_rsaEncryption;
+                    return WC_NID_rsaEncryption;
                 #ifdef WC_RSA_PSS
                 case RSAPSSk:
-                    return NID_rsassaPss;
+                    return WC_NID_rsassaPss;
                 #endif
             #endif /* NO_RSA */
             #ifdef HAVE_ECC
                 case ECDSAk:
-                    return NID_X9_62_id_ecPublicKey;
+                    return WC_NID_X9_62_id_ecPublicKey;
             #endif /* HAVE_ECC */
             }
             break;
@@ -22487,59 +24113,59 @@ int oid2nid(word32 oid, int grp)
         case oidCurveType:
             switch (oid) {
             case ECC_SECP192R1_OID:
-                return NID_X9_62_prime192v1;
+                return WC_NID_X9_62_prime192v1;
             case ECC_PRIME192V2_OID:
-                return NID_X9_62_prime192v2;
+                return WC_NID_X9_62_prime192v2;
             case ECC_PRIME192V3_OID:
-                return NID_X9_62_prime192v3;
+                return WC_NID_X9_62_prime192v3;
             case ECC_PRIME239V1_OID:
-                return NID_X9_62_prime239v1;
+                return WC_NID_X9_62_prime239v1;
             case ECC_PRIME239V2_OID:
-                return NID_X9_62_prime239v2;
+                return WC_NID_X9_62_prime239v2;
             case ECC_PRIME239V3_OID:
-                return NID_X9_62_prime239v3;
+                return WC_NID_X9_62_prime239v3;
             case ECC_SECP256R1_OID:
-                return NID_X9_62_prime256v1;
+                return WC_NID_X9_62_prime256v1;
             case ECC_SECP112R1_OID:
-                return NID_secp112r1;
+                return WC_NID_secp112r1;
             case ECC_SECP112R2_OID:
-                return NID_secp112r2;
+                return WC_NID_secp112r2;
             case ECC_SECP128R1_OID:
-                return NID_secp128r1;
+                return WC_NID_secp128r1;
             case ECC_SECP128R2_OID:
-                return NID_secp128r2;
+                return WC_NID_secp128r2;
             case ECC_SECP160R1_OID:
-                return NID_secp160r1;
+                return WC_NID_secp160r1;
             case ECC_SECP160R2_OID:
-                return NID_secp160r2;
+                return WC_NID_secp160r2;
             case ECC_SECP224R1_OID:
-                return NID_secp224r1;
+                return WC_NID_secp224r1;
             case ECC_SECP384R1_OID:
-                return NID_secp384r1;
+                return WC_NID_secp384r1;
             case ECC_SECP521R1_OID:
-                return NID_secp521r1;
+                return WC_NID_secp521r1;
             case ECC_SECP160K1_OID:
-                return NID_secp160k1;
+                return WC_NID_secp160k1;
             case ECC_SECP192K1_OID:
-                return NID_secp192k1;
+                return WC_NID_secp192k1;
             case ECC_SECP224K1_OID:
-                return NID_secp224k1;
+                return WC_NID_secp224k1;
             case ECC_SECP256K1_OID:
-                return NID_secp256k1;
+                return WC_NID_secp256k1;
             case ECC_BRAINPOOLP160R1_OID:
-                return NID_brainpoolP160r1;
+                return WC_NID_brainpoolP160r1;
             case ECC_BRAINPOOLP192R1_OID:
-                return NID_brainpoolP192r1;
+                return WC_NID_brainpoolP192r1;
             case ECC_BRAINPOOLP224R1_OID:
-                return NID_brainpoolP224r1;
+                return WC_NID_brainpoolP224r1;
             case ECC_BRAINPOOLP256R1_OID:
-                return NID_brainpoolP256r1;
+                return WC_NID_brainpoolP256r1;
             case ECC_BRAINPOOLP320R1_OID:
-                return NID_brainpoolP320r1;
+                return WC_NID_brainpoolP320r1;
             case ECC_BRAINPOOLP384R1_OID:
-                return NID_brainpoolP384r1;
+                return WC_NID_brainpoolP384r1;
             case ECC_BRAINPOOLP512R1_OID:
-                return NID_brainpoolP512r1;
+                return WC_NID_brainpoolP512r1;
             }
             break;
     #endif /* HAVE_ECC */
@@ -22561,9 +24187,9 @@ int oid2nid(word32 oid, int grp)
             #endif
             #ifndef NO_DES3
                 case DESb:
-                    return NID_des;
+                    return WC_NID_des;
                 case DES3b:
-                    return NID_des3;
+                    return WC_NID_des3;
             #endif
             }
             break;
@@ -22572,7 +24198,7 @@ int oid2nid(word32 oid, int grp)
         case oidOcspType:
             switch (oid) {
                 case OCSP_BASIC_OID:
-                    return NID_id_pkix_OCSP_basic;
+                    return WC_NID_id_pkix_OCSP_basic;
                 case OCSP_NONCE_OID:
                     return OCSP_NONCE_OID;
             }
@@ -22583,27 +24209,27 @@ int oid2nid(word32 oid, int grp)
         case oidCertExtType:
             switch (oid) {
                 case BASIC_CA_OID:
-                    return NID_basic_constraints;
+                    return WC_NID_basic_constraints;
                 case ALT_NAMES_OID:
-                    return NID_subject_alt_name;
+                    return WC_NID_subject_alt_name;
                 case CRL_DIST_OID:
-                    return NID_crl_distribution_points;
+                    return WC_NID_crl_distribution_points;
                 case AUTH_INFO_OID:
-                    return NID_info_access;
+                    return WC_NID_info_access;
                 case AUTH_KEY_OID:
-                    return NID_authority_key_identifier;
+                    return WC_NID_authority_key_identifier;
                 case SUBJ_KEY_OID:
-                    return NID_subject_key_identifier;
+                    return WC_NID_subject_key_identifier;
                 case INHIBIT_ANY_OID:
-                    return NID_inhibit_any_policy;
+                    return WC_NID_inhibit_any_policy;
                 case KEY_USAGE_OID:
-                    return NID_key_usage;
+                    return WC_NID_key_usage;
                 case NAME_CONS_OID:
-                    return NID_name_constraints;
+                    return WC_NID_name_constraints;
                 case CERT_POLICY_OID:
-                    return NID_certificate_policies;
+                    return WC_NID_certificate_policies;
                 case EXT_KEY_USAGE_OID:
-                    return NID_ext_key_usage;
+                    return WC_NID_ext_key_usage;
             }
             break;
 
@@ -22611,9 +24237,9 @@ int oid2nid(word32 oid, int grp)
         case oidCertAuthInfoType:
             switch (oid) {
                 case AIA_OCSP_OID:
-                    return NID_ad_OCSP;
+                    return WC_NID_ad_OCSP;
                 case AIA_CA_ISSUER_OID:
-                    return NID_ad_ca_issuers;
+                    return WC_NID_ad_ca_issuers;
             }
             break;
 
@@ -22621,7 +24247,7 @@ int oid2nid(word32 oid, int grp)
         case oidCertPolicyType:
             switch (oid) {
                 case CP_ANY_OID:
-                    return NID_any_policy;
+                    return WC_NID_any_policy;
             }
             break;
 
@@ -22629,7 +24255,7 @@ int oid2nid(word32 oid, int grp)
         case oidCertAltNameType:
             switch (oid) {
                 case HW_NAME_OID:
-                    return NID_hw_name_oid;
+                    return WC_NID_hw_name_oid;
             }
             break;
 
@@ -22637,7 +24263,7 @@ int oid2nid(word32 oid, int grp)
         case oidCertKeyUseType:
             switch (oid) {
                 case EKU_ANY_OID:
-                    return NID_anyExtendedKeyUsage;
+                    return WC_NID_anyExtendedKeyUsage;
                 case EKU_SERVER_AUTH_OID:
                     return EKU_SERVER_AUTH_OID;
                 case EKU_CLIENT_AUTH_OID:
@@ -22715,13 +24341,13 @@ int oid2nid(word32 oid, int grp)
         case oidCsrAttrType:
             switch (oid) {
                 case PKCS9_CONTENT_TYPE_OID:
-                    return NID_pkcs9_contentType;
+                    return WC_NID_pkcs9_contentType;
                 case CHALLENGE_PASSWORD_OID:
-                    return NID_pkcs9_challengePassword;
+                    return WC_NID_pkcs9_challengePassword;
                 case SERIAL_NUMBER_OID:
-                    return NID_serialNumber;
+                    return WC_NID_serialNumber;
                 case USER_ID_OID:
-                    return NID_userId;
+                    return WC_NID_userId;
             }
             break;
 #endif
@@ -22736,7 +24362,7 @@ int oid2nid(word32 oid, int grp)
         }
     }
 
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 /* frees all nodes in the current threads error queue
@@ -22766,7 +24392,7 @@ static int bio_get_data(WOLFSSL_BIO* bio, byte** data)
 
     ret = wolfSSL_BIO_get_len(bio);
     if (ret > 0) {
-        mem = (byte*)XMALLOC(ret, bio->heap, DYNAMIC_TYPE_OPENSSL);
+        mem = (byte*)XMALLOC((size_t)ret, bio->heap, DYNAMIC_TYPE_OPENSSL);
         if (mem == NULL) {
             WOLFSSL_MSG("Memory error");
             ret = MEMORY_E;
@@ -22859,7 +24485,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
      */
     ret = GetSequence(der, &idx, &len, keyLen);
     if (ret >= 0) {
-        word32 end = idx + len;
+        word32 end = idx + (word32)len;
         while (ret >= 0 && idx < end) {
             /* Skip type */
             idx++;
@@ -22867,10 +24493,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
             len = 0;
             ret = GetLength(der, &idx, &len, keyLen);
             if (ret >= 0) {
-                if (idx + len > end)
+                if (idx + (word32)len > end)
                     ret = ASN_PARSE_E;
                 else {
-                    idx += len;
+                    idx += (word32)len;
                     cnt++;
                 }
             }
@@ -22881,9 +24507,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
         int type;
         /* ECC includes version, private[, curve][, public key] */
         if (cnt >= 2 && cnt <= 4)
-            type = EVP_PKEY_EC;
+            type = WC_EVP_PKEY_EC;
         else
-            type = EVP_PKEY_RSA;
+            type = WC_EVP_PKEY_RSA;
 
         key = wolfSSL_d2i_PrivateKey(type, pkey, &der, keyLen);
         *pp = der;
@@ -23343,8 +24969,12 @@ int wolfSSL_CTX_set_dh_auto(WOLFSSL_CTX* ctx, int onoff)
 }
 
 /**
- * set security level (wolfSSL doesn't support security level)
- * @param ctx  a pointer to WOLFSSL_EVP_PKEY_CTX structure
+ * Set security level (wolfSSL doesn't support setting the security level).
+ *
+ * The security level can only be set through a system wide crypto-policy
+ * with wolfSSL_crypto_policy_enable().
+ *
+ * @param ctx  a pointer to WOLFSSL_CTX structure
  * @param level security level
  */
 void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level)
@@ -23353,16 +24983,20 @@ void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level)
     (void)ctx;
     (void)level;
 }
-/**
- * get security level (wolfSSL doesn't support security level)
- * @param ctx  a pointer to WOLFSSL_EVP_PKEY_CTX structure
- * @return always 0(level 0)
- */
-int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX* ctx)
+
+int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX * ctx)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_get_security_level");
+    #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    if (ctx == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    return ctx->secLevel;
+    #else
     (void)ctx;
     return 0;
+    #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 }
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
@@ -23392,7 +25026,86 @@ wolfSSL_CTX_keylog_cb_func wolfSSL_CTX_get_keylog_callback(
 
 #endif /* OPENSSL_EXTRA */
 
-#ifndef NO_CERTS
+#ifdef WOLFSSL_THREADED_CRYPT
+int wolfSSL_AsyncEncryptReady(WOLFSSL* ssl, int idx)
+{
+    ThreadCrypt* encrypt;
+
+    if (ssl == NULL) {
+        return 0;
+    }
+
+    encrypt = &ssl->buffers.encrypt[idx];
+    return (encrypt->avail == 0) && (encrypt->done == 0);
+}
+
+int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx)
+{
+    ThreadCrypt* encrypt;
+
+    if (ssl == NULL) {
+        return 1;
+    }
+
+    encrypt = &ssl->buffers.encrypt[idx];
+    return encrypt->stop;
+}
+
+int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx)
+{
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+    ThreadCrypt* encrypt = &ssl->buffers.encrypt[idx];
+
+    if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
+        unsigned char* out = encrypt->buffer.buffer + encrypt->offset;
+        unsigned char* input = encrypt->buffer.buffer + encrypt->offset;
+        word32 encSz = encrypt->buffer.length - encrypt->offset;
+
+        ret =
+#if !defined(NO_GCM_ENCRYPT_EXTRA) && \
+    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
+              wc_AesGcmEncrypt_ex
+#else
+              wc_AesGcmEncrypt
+#endif
+              (encrypt->encrypt.aes,
+               out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
+               encSz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
+               encrypt->nonce, AESGCM_NONCE_SZ,
+               out + encSz - ssl->specs.aead_mac_size,
+               ssl->specs.aead_mac_size,
+               encrypt->additional, AEAD_AUTH_DATA_SZ);
+#if !defined(NO_PUBLIC_GCM_SET_IV) && \
+    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
+        XMEMCPY(out, encrypt->nonce + AESGCM_IMP_IV_SZ, AESGCM_EXP_IV_SZ);
+#endif
+        encrypt->done = 1;
+    }
+
+    return ret;
+}
+
+int wolfSSL_AsyncEncryptSetSignal(WOLFSSL* ssl, int idx,
+    WOLFSSL_THREAD_SIGNAL signal, void* ctx)
+{
+    int ret = 0;
+
+    if (ssl == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    else {
+        ssl->buffers.encrypt[idx].signal = signal;
+        ssl->buffers.encrypt[idx].signalCtx = ctx;
+    }
+
+    return ret;
+}
+#endif
+
+
+#ifndef NO_CERT
 #define WOLFSSL_X509_INCLUDED
 #include "src/x509.c"
 #endif
@@ -23457,21 +25170,17 @@ void *wolfSSL_CRYPTO_malloc(size_t num, const char *file, int line)
 /*******************************************************************************
  * START OF EX_DATA APIs
  ******************************************************************************/
-#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
-    (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-     defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
-     defined(WOLFSSL_OPENSSH)))
-void wolfSSL_CRYPTO_cleanup_all_ex_data(void){
-    WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data");
-}
-#endif
-
 #ifdef HAVE_EX_DATA
+void wolfSSL_CRYPTO_cleanup_all_ex_data(void)
+{
+    WOLFSSL_ENTER("wolfSSL_CRYPTO_cleanup_all_ex_data");
+}
+
 void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx)
 {
-    WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
+    WOLFSSL_ENTER("wolfSSL_CRYPTO_get_ex_data");
 #ifdef MAX_EX_DATA
-    if(ex_data && idx < MAX_EX_DATA && idx >= 0) {
+    if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
         return ex_data->ex_data[idx];
     }
 #else
@@ -23489,6 +25198,8 @@ int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
     if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
 #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
         if (ex_data->ex_data_cleanup_routines[idx]) {
+            /* call cleanup then remove cleanup callback,
+             * since different value is being set */
             if (ex_data->ex_data[idx])
                 ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]);
             ex_data->ex_data_cleanup_routines[idx] = NULL;
@@ -23523,7 +25234,9 @@ int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
     return WOLFSSL_FAILURE;
 }
 #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
+#endif /* HAVE_EX_DATA */
 
+#ifdef HAVE_EX_DATA_CRYPTO
 /**
  * Issues unique index for the class specified by class_index.
  * Other parameter except class_index are ignored.
@@ -23549,7 +25262,7 @@ int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
     return wolfssl_get_ex_new_index(class_index, argl, argp, new_func,
             dup_func, free_func);
 }
-#endif /* HAVE_EX_DATA */
+#endif /* HAVE_EX_DATA_CRYPTO */
 
 /*******************************************************************************
  * END OF EX_DATA APIs
@@ -23605,8 +25318,18 @@ int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len,
     /* expand size, to handle growth */
     mx = (len_int + 3) / 3 * 4;
 
+#ifdef WOLFSSL_NO_REALLOC
+    tmp = (char*)XMALLOC(mx, NULL, DYNAMIC_TYPE_OPENSSL);
+    if (tmp != NULL && buf->data != NULL) {
+       XMEMCPY(tmp, buf->data, len_int);
+       XFREE(buf->data, NULL, DYNAMIC_TYPE_OPENSSL);
+       buf->data = NULL;
+    }
+#else
     /* use realloc */
     tmp = (char*)XREALLOC(buf->data, mx, NULL, DYNAMIC_TYPE_OPENSSL);
+#endif
+
     if (tmp == NULL) {
         return 0; /* ERR_R_MALLOC_FAILURE; */
     }
@@ -23648,7 +25371,18 @@ int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len)
     mx = ((int)len + 3) / 3 * 4;
 
     /* We want to shrink the internal buffer */
+#ifdef WOLFSSL_NO_REALLOC
+    tmp = (char*)XMALLOC(mx, NULL, DYNAMIC_TYPE_OPENSSL);
+    if (tmp != NULL && buf->data != NULL)
+    {
+        XMEMCPY(tmp, buf->data, len);
+        XFREE(buf->data,NULL,DYNAMIC_TYPE_OPENSSL);
+        buf->data = NULL;
+    }
+#else
     tmp = (char*)XREALLOC(buf->data, mx, NULL, DYNAMIC_TYPE_OPENSSL);
+#endif
+
     if (tmp == NULL)
         return 0;
 
@@ -23708,7 +25442,7 @@ static int wolfSSL_RAND_InitMutex(void)
  */
 int wolfSSL_RAND_Init(void)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #ifdef HAVE_GLOBAL_RNG
     if (wc_LockMutex(&globalRNGMutex) == 0) {
         if (initGlobalRNG == 0) {
@@ -23764,7 +25498,7 @@ int wolfSSL_RAND_seed(const void* seed, int len)
  */
 const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
 {
-#if !defined(NO_FILESYSTEM) && defined(XGETENV)
+#if !defined(NO_FILESYSTEM) && defined(XGETENV) && !defined(NO_GETENV)
     char* rt;
 
     WOLFSSL_ENTER("wolfSSL_RAND_file_name");
@@ -23775,6 +25509,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
 
     XMEMSET(fname, 0, len);
 
+/* // NOLINTBEGIN(concurrency-mt-unsafe) */
     if ((rt = XGETENV("RANDFILE")) != NULL) {
         if (len > XSTRLEN(rt)) {
             XMEMCPY(fname, rt, XSTRLEN(rt));
@@ -23784,6 +25519,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
             rt = NULL;
         }
     }
+/* // NOLINTEND(concurrency-mt-unsafe) */
 
     /* $RANDFILE was not set or is too large, check $HOME */
     if (rt == NULL) {
@@ -23791,6 +25527,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
 
         WOLFSSL_MSG("Environment variable RANDFILE not set");
 
+/* // NOLINTBEGIN(concurrency-mt-unsafe) */
         if ((rt = XGETENV("HOME")) == NULL) {
             #ifdef XALTHOMEVARNAME
             if ((rt = XGETENV(XALTHOMEVARNAME)) == NULL) {
@@ -23803,6 +25540,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
             return NULL;
             #endif
         }
+/* // NOLINTEND(concurrency-mt-unsafe) */
 
         if (len > XSTRLEN(rt) + XSTRLEN(ap)) {
             fname[0] = '\0';
@@ -24369,150 +26107,150 @@ int wolfSSL_RAND_load_file(const char* fname, long len)
         switch (ctx->cipherType) {
 #ifndef NO_AES
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-            case AES_128_CBC_TYPE :
-            case AES_192_CBC_TYPE :
-            case AES_256_CBC_TYPE :
+            case WC_AES_128_CBC_TYPE :
+            case WC_AES_192_CBC_TYPE :
+            case WC_AES_256_CBC_TYPE :
                 WOLFSSL_MSG("AES CBC");
                 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz);
                 break;
 #endif
 #ifdef HAVE_AESGCM
-            case AES_128_GCM_TYPE :
-            case AES_192_GCM_TYPE :
-            case AES_256_GCM_TYPE :
+            case WC_AES_128_GCM_TYPE :
+            case WC_AES_192_GCM_TYPE :
+            case WC_AES_256_GCM_TYPE :
                 WOLFSSL_MSG("AES GCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz);
                 break;
 #endif /* HAVE_AESGCM */
 #ifdef HAVE_AESCCM
-            case AES_128_CCM_TYPE :
-            case AES_192_CCM_TYPE :
-            case AES_256_CCM_TYPE :
+            case WC_AES_128_CCM_TYPE :
+            case WC_AES_192_CCM_TYPE :
+            case WC_AES_256_CCM_TYPE :
                 WOLFSSL_MSG("AES CCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz);
                 break;
 #endif /* HAVE_AESCCM */
 #ifdef HAVE_AES_ECB
-            case AES_128_ECB_TYPE :
-            case AES_192_ECB_TYPE :
-            case AES_256_ECB_TYPE :
+            case WC_AES_128_ECB_TYPE :
+            case WC_AES_192_ECB_TYPE :
+            case WC_AES_256_ECB_TYPE :
                 WOLFSSL_MSG("AES ECB");
                 break;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
-            case AES_128_CTR_TYPE :
-            case AES_192_CTR_TYPE :
-            case AES_256_CTR_TYPE :
+            case WC_AES_128_CTR_TYPE :
+            case WC_AES_192_CTR_TYPE :
+            case WC_AES_256_CTR_TYPE :
                 WOLFSSL_MSG("AES CTR");
-                XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
+                XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, WC_AES_BLOCK_SIZE);
                 break;
 #endif /* WOLFSSL_AES_COUNTER */
 #ifdef WOLFSSL_AES_CFB
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-            case AES_128_CFB1_TYPE:
-            case AES_192_CFB1_TYPE:
-            case AES_256_CFB1_TYPE:
+            case WC_AES_128_CFB1_TYPE:
+            case WC_AES_192_CFB1_TYPE:
+            case WC_AES_256_CFB1_TYPE:
                 WOLFSSL_MSG("AES CFB1");
                 break;
-            case AES_128_CFB8_TYPE:
-            case AES_192_CFB8_TYPE:
-            case AES_256_CFB8_TYPE:
+            case WC_AES_128_CFB8_TYPE:
+            case WC_AES_192_CFB8_TYPE:
+            case WC_AES_256_CFB8_TYPE:
                 WOLFSSL_MSG("AES CFB8");
                 break;
 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
-            case AES_128_CFB128_TYPE:
-            case AES_192_CFB128_TYPE:
-            case AES_256_CFB128_TYPE:
+            case WC_AES_128_CFB128_TYPE:
+            case WC_AES_192_CFB128_TYPE:
+            case WC_AES_256_CFB128_TYPE:
                 WOLFSSL_MSG("AES CFB128");
                 break;
 #endif /* WOLFSSL_AES_CFB */
 #if defined(WOLFSSL_AES_OFB)
-            case AES_128_OFB_TYPE:
-            case AES_192_OFB_TYPE:
-            case AES_256_OFB_TYPE:
+            case WC_AES_128_OFB_TYPE:
+            case WC_AES_192_OFB_TYPE:
+            case WC_AES_256_OFB_TYPE:
                 WOLFSSL_MSG("AES OFB");
                 break;
 #endif /* WOLFSSL_AES_OFB */
 #ifdef WOLFSSL_AES_XTS
-            case AES_128_XTS_TYPE:
-            case AES_256_XTS_TYPE:
+            case WC_AES_128_XTS_TYPE:
+            case WC_AES_256_XTS_TYPE:
                 WOLFSSL_MSG("AES XTS");
                 break;
 #endif /* WOLFSSL_AES_XTS */
 #endif /* NO_AES */
 
 #ifdef HAVE_ARIA
-            case ARIA_128_GCM_TYPE :
-            case ARIA_192_GCM_TYPE :
-            case ARIA_256_GCM_TYPE :
+            case WC_ARIA_128_GCM_TYPE :
+            case WC_ARIA_192_GCM_TYPE :
+            case WC_ARIA_256_GCM_TYPE :
                 WOLFSSL_MSG("ARIA GCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.aria.nonce, ARIA_BLOCK_SIZE);
                 break;
 #endif /* HAVE_ARIA */
 
 #ifndef NO_DES3
-            case DES_CBC_TYPE :
+            case WC_DES_CBC_TYPE :
                 WOLFSSL_MSG("DES CBC");
                 XMEMCPY(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
                 break;
 
-            case DES_EDE3_CBC_TYPE :
+            case WC_DES_EDE3_CBC_TYPE :
                 WOLFSSL_MSG("DES EDE3 CBC");
                 XMEMCPY(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_DES_ECB
-            case DES_ECB_TYPE :
+            case WC_DES_ECB_TYPE :
                 WOLFSSL_MSG("DES ECB");
                 break;
-            case DES_EDE3_ECB_TYPE :
+            case WC_DES_EDE3_ECB_TYPE :
                 WOLFSSL_MSG("DES3 ECB");
                 break;
 #endif
-            case ARC4_TYPE :
+            case WC_ARC4_TYPE :
                 WOLFSSL_MSG("ARC4");
                 break;
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-            case CHACHA20_POLY1305_TYPE:
+            case WC_CHACHA20_POLY1305_TYPE:
                 break;
 #endif
 
 #ifdef HAVE_CHACHA
-            case CHACHA20_TYPE:
+            case WC_CHACHA20_TYPE:
                 break;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-            case SM4_ECB_TYPE:
+            case WC_SM4_ECB_TYPE:
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CBC
-            case SM4_CBC_TYPE:
+            case WC_SM4_CBC_TYPE:
                 WOLFSSL_MSG("SM4 CBC");
                 XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-            case SM4_CTR_TYPE:
+            case WC_SM4_CTR_TYPE:
                 WOLFSSL_MSG("SM4 CTR");
                 XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-            case SM4_GCM_TYPE:
+            case WC_SM4_GCM_TYPE:
                 WOLFSSL_MSG("SM4 GCM");
                 XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-            case SM4_CCM_TYPE:
+            case WC_SM4_CCM_TYPE:
                 WOLFSSL_MSG("SM4 CCM");
                 XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE);
                 break;
 #endif
 
-            case NULL_CIPHER_TYPE :
+            case WC_NULL_CIPHER_TYPE :
                 WOLFSSL_MSG("NULL");
                 break;
 
@@ -24539,112 +26277,112 @@ int wolfSSL_RAND_load_file(const char* fname, long len)
 
 #ifndef NO_AES
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-            case AES_128_CBC_TYPE :
-            case AES_192_CBC_TYPE :
-            case AES_256_CBC_TYPE :
+            case WC_AES_128_CBC_TYPE :
+            case WC_AES_192_CBC_TYPE :
+            case WC_AES_256_CBC_TYPE :
                 WOLFSSL_MSG("AES CBC");
-                XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
+                XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, WC_AES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef HAVE_AESGCM
-            case AES_128_GCM_TYPE :
-            case AES_192_GCM_TYPE :
-            case AES_256_GCM_TYPE :
+            case WC_AES_128_GCM_TYPE :
+            case WC_AES_192_GCM_TYPE :
+            case WC_AES_256_GCM_TYPE :
                 WOLFSSL_MSG("AES GCM");
-                XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
+                XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, WC_AES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef HAVE_AES_ECB
-            case AES_128_ECB_TYPE :
-            case AES_192_ECB_TYPE :
-            case AES_256_ECB_TYPE :
+            case WC_AES_128_ECB_TYPE :
+            case WC_AES_192_ECB_TYPE :
+            case WC_AES_256_ECB_TYPE :
                 WOLFSSL_MSG("AES ECB");
                 break;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
-            case AES_128_CTR_TYPE :
-            case AES_192_CTR_TYPE :
-            case AES_256_CTR_TYPE :
+            case WC_AES_128_CTR_TYPE :
+            case WC_AES_192_CTR_TYPE :
+            case WC_AES_256_CTR_TYPE :
                 WOLFSSL_MSG("AES CTR");
-                XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
+                XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, WC_AES_BLOCK_SIZE);
                 break;
 #endif
 
 #endif /* NO_AES */
 
 #ifdef HAVE_ARIA
-            case ARIA_128_GCM_TYPE :
-            case ARIA_192_GCM_TYPE :
-            case ARIA_256_GCM_TYPE :
+            case WC_ARIA_128_GCM_TYPE :
+            case WC_ARIA_192_GCM_TYPE :
+            case WC_ARIA_256_GCM_TYPE :
                 WOLFSSL_MSG("ARIA GCM");
                 XMEMCPY(&ctx->cipher.aria.nonce, ctx->iv, ARIA_BLOCK_SIZE);
                 break;
 #endif /* HAVE_ARIA */
 
 #ifndef NO_DES3
-            case DES_CBC_TYPE :
+            case WC_DES_CBC_TYPE :
                 WOLFSSL_MSG("DES CBC");
                 XMEMCPY(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
                 break;
 
-            case DES_EDE3_CBC_TYPE :
+            case WC_DES_EDE3_CBC_TYPE :
                 WOLFSSL_MSG("DES EDE3 CBC");
                 XMEMCPY(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_DES_ECB
-            case DES_ECB_TYPE :
+            case WC_DES_ECB_TYPE :
                 WOLFSSL_MSG("DES ECB");
                 break;
-            case DES_EDE3_ECB_TYPE :
+            case WC_DES_EDE3_ECB_TYPE :
                 WOLFSSL_MSG("DES3 ECB");
                 break;
 #endif
 
-            case ARC4_TYPE :
+            case WC_ARC4_TYPE :
                 WOLFSSL_MSG("ARC4");
                 break;
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-            case CHACHA20_POLY1305_TYPE:
+            case WC_CHACHA20_POLY1305_TYPE:
                 break;
 #endif
 
 #ifdef HAVE_CHACHA
-            case CHACHA20_TYPE:
+            case WC_CHACHA20_TYPE:
                 break;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-            case SM4_ECB_TYPE:
+            case WC_SM4_ECB_TYPE:
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CBC
-            case SM4_CBC_TYPE:
+            case WC_SM4_CBC_TYPE:
                 WOLFSSL_MSG("SM4 CBC");
                 XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-            case SM4_CTR_TYPE:
+            case WC_SM4_CTR_TYPE:
                 WOLFSSL_MSG("SM4 CTR");
                 XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-            case SM4_GCM_TYPE:
+            case WC_SM4_GCM_TYPE:
                 WOLFSSL_MSG("SM4 GCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz);
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-            case SM4_CCM_TYPE:
+            case WC_SM4_CCM_TYPE:
                 WOLFSSL_MSG("SM4 CCM");
                 XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz);
                 break;
 #endif
 
-            case NULL_CIPHER_TYPE :
+            case WC_NULL_CIPHER_TYPE :
                 WOLFSSL_MSG("NULL");
                 break;
 
@@ -24696,7 +26434,7 @@ void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
     if (doset)
        (void)wc_AesSetIV(&ctx->cipher.aes, iv);  /* OpenSSL compat, no ret */
     else
-        XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
+        XMEMCPY(iv, &ctx->cipher.aes.reg, WC_AES_BLOCK_SIZE);
 }
 
 #endif /* NO_AES */
@@ -24724,7 +26462,7 @@ void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
 #if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG)
 int wolfSSL_FIPS_drbg_init(WOLFSSL_DRBG_CTX *ctx, int type, unsigned int flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL) {
         XMEMSET(ctx, 0, sizeof(WOLFSSL_DRBG_CTX));
         ctx->type = type;
@@ -24736,7 +26474,7 @@ int wolfSSL_FIPS_drbg_init(WOLFSSL_DRBG_CTX *ctx, int type, unsigned int flags)
 }
 WOLFSSL_DRBG_CTX* wolfSSL_FIPS_drbg_new(int type, unsigned int flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_DRBG_CTX* ctx = (WOLFSSL_DRBG_CTX*)XMALLOC(sizeof(WOLFSSL_DRBG_CTX),
         NULL, DYNAMIC_TYPE_OPENSSL);
     ret = wolfSSL_FIPS_drbg_init(ctx, type, flags);
@@ -24753,7 +26491,7 @@ WOLFSSL_DRBG_CTX* wolfSSL_FIPS_drbg_new(int type, unsigned int flags)
 int wolfSSL_FIPS_drbg_instantiate(WOLFSSL_DRBG_CTX* ctx,
     const unsigned char* pers, size_t perslen)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL && ctx->rng == NULL) {
     #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
         (defined(HAVE_FIPS) && FIPS_VERSION_GE(5,0)))
@@ -24787,7 +26525,7 @@ int wolfSSL_FIPS_drbg_set_callbacks(WOLFSSL_DRBG_CTX* ctx,
     size_t entropy_blocklen,
     drbg_nonce_get none_get, drbg_nonce_clean nonce_clean)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL) {
         ctx->entropy_get = entropy_get;
         ctx->entropy_clean = entropy_clean;
@@ -24808,7 +26546,7 @@ void wolfSSL_FIPS_rand_add(const void* buf, int num, double entropy)
 int wolfSSL_FIPS_drbg_reseed(WOLFSSL_DRBG_CTX* ctx, const unsigned char* adin,
     size_t adinlen)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL && ctx->rng != NULL) {
     #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
         (defined(HAVE_FIPS) && FIPS_VERSION_GE(2,0)))
@@ -24827,7 +26565,7 @@ int wolfSSL_FIPS_drbg_generate(WOLFSSL_DRBG_CTX* ctx, unsigned char* out,
     size_t outlen, int prediction_resistance, const unsigned char* adin,
     size_t adinlen)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     if (ctx != NULL && ctx->rng != NULL) {
         ret = wc_RNG_GenerateBlock(ctx->rng, out, (word32)outlen);
         if (ret == 0) {
diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c
index e9c4840d1..535c67261 100644
--- a/src/ssl_asn1.c
+++ b/src/ssl_asn1.c
@@ -1,6 +1,6 @@
 /* ssl_asn1.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
-
- #include <wolfssl/internal.h>
+#include <wolfssl/internal.h>
 #ifndef WC_NO_RNG
     #include <wolfssl/wolfcrypt/random.h>
 #endif
@@ -46,212 +42,197 @@
 
 #ifdef OPENSSL_ALL
 
-/* Create an ASN1 item of the specified type.
- *
- * @param [out] item  Pointer to location to place new ASN1 item.
- * @param [in]  type  Type of ASN1 item to create.
- * @return  0 on success.
- * @return  1 when item type not supported.
- * @return  1 when item type allocation fails.
- */
-static int wolfssl_asn1_item_new(void** item, int type)
+/* Provides access to the member of the obj offset by offset */
+#define asn1Mem(obj, offset) (*(void**)(((byte*)(obj)) + (offset)))
+#define asn1Type(obj, offset) (*(int*)(((byte*)(obj)) + (offset)))
+
+static void* asn1_new_tpl(const WOLFSSL_ASN1_TEMPLATE *mem)
 {
-    int err = 0;
+    if (mem->sequence)
+        return wolfSSL_sk_new_null();
+    else
+        return mem->new_func();
+}
 
-    switch (type) {
-        case WOLFSSL_X509_ALGOR_ASN1:
-            *(WOLFSSL_X509_ALGOR**)item = wolfSSL_X509_ALGOR_new();
+static void* asn1_item_alloc(const WOLFSSL_ASN1_ITEM* item)
+{
+    void* ret = NULL;
+
+    /* allocation */
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+        case WOLFSSL_ASN1_CHOICE:
+            ret = (void *)XMALLOC(item->size, NULL, DYNAMIC_TYPE_OPENSSL);
+            if (ret != NULL)
+                XMEMSET(ret, 0, item->size);
             break;
-        case WOLFSSL_ASN1_BIT_STRING_ASN1:
-            *(WOLFSSL_ASN1_BIT_STRING**)item = wolfSSL_ASN1_BIT_STRING_new();
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            if (item->mcount != 1 || item->members->offset) {
+                WOLFSSL_MSG("incorrect member count or offset");
+                return NULL;
+            }
+            ret = asn1_new_tpl(item->members);
             break;
-        case WOLFSSL_ASN1_INTEGER_ASN1:
-           *(WOLFSSL_ASN1_INTEGER**)item = wolfSSL_ASN1_INTEGER_new();
-           break;
         default:
-            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_new");
-            *(void**)item = NULL;
-    }
-    /* Check whether an item was put in. */
-    if (*(void**)item == NULL) {
-        err = 1;
+            WOLFSSL_MSG("ASN1 type not implemented");
+            return NULL;
     }
 
-    return err;
+    return ret;
+}
+
+static int asn1_item_init(void* obj, const WOLFSSL_ASN1_ITEM* item)
+{
+    const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
+    size_t i;
+    int ret = 0;
+
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+            for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+                asn1Mem(obj, mem->offset) = asn1_new_tpl(mem);
+                if (asn1Mem(obj, mem->offset) == NULL) {
+                    ret = WOLFSSL_FATAL_ERROR;
+                    break;
+                }
+            }
+            break;
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            /* Initialized by new_func. Nothing to do. */
+            break;
+        case WOLFSSL_ASN1_CHOICE:
+            asn1Type(obj, item->toffset) = -1;
+            /* We don't know what to initialize. Nothing to do. */
+            break;
+        default:
+            WOLFSSL_MSG("ASN1 type not implemented");
+            ret = WOLFSSL_FATAL_ERROR;
+            break;
+    }
+
+    return ret;
 }
 
 /* Create a new ASN1 item based on a template.
  *
- * @param [in] tpl  Template of ASN1 items.
+ * @param [in] item  Info about ASN1 items.
  * @return  A new ASN1 item on success.
- * @return  NULL when tpl is NULL, dynamic memory allocation fails or ASN1
+ * @return  NULL when item is NULL, dynamic memory allocation fails or ASN1
  *          item type not supported.
  */
-void* wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM* tpl)
+void* wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM* item)
 {
-    int err = 0;
     void* ret = NULL;
-    const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
-    size_t i;
 
     WOLFSSL_ENTER("wolfSSL_ASN1_item_new");
 
-    if (tpl != NULL) {
-        ret = (void *)XMALLOC(tpl->size, NULL, DYNAMIC_TYPE_OPENSSL);
-    }
+    if (item == NULL)
+        return NULL;
 
-    if (ret != NULL) {
-        XMEMSET(ret, 0, tpl->size);
-        for (mem = tpl->members, i = 0; i < tpl->mcount; mem++, i++) {
-            if ((err = wolfssl_asn1_item_new(
-                    (void**)(((byte*)ret) + mem->offset), mem->type))) {
-                break;
-            }
-        }
-    }
+    /* allocation */
+    ret = asn1_item_alloc(item);
+    if (ret == NULL)
+        return NULL;
 
-    if (err) {
-        wolfSSL_ASN1_item_free(ret, tpl);
+    /* initialization */
+    if (asn1_item_init(ret, item) != 0) {
+        wolfSSL_ASN1_item_free(ret, item);
         ret = NULL;
     }
+
     return ret;
 }
 
-/* Dispose of an ASN1 item of the specified type.
- *
- * @param [in, out] item  Pointer to an anonymized ASN1 item to free.
- * @param [in]      type  Type of ASN1 item to free.
- */
-static void wolfssl_asn1_item_free(void** item, int type)
+static void asn1_free_tpl(void *obj, const WOLFSSL_ASN1_TEMPLATE *mem)
 {
-    switch (type) {
-        case WOLFSSL_X509_ALGOR_ASN1:
-            wolfSSL_X509_ALGOR_free(*(WOLFSSL_X509_ALGOR**)item);
-            break;
-        case WOLFSSL_ASN1_BIT_STRING_ASN1:
-            wolfSSL_ASN1_BIT_STRING_free(*(WOLFSSL_ASN1_BIT_STRING**)item);
-            break;
-        case WOLFSSL_ASN1_INTEGER_ASN1:
-            wolfSSL_ASN1_INTEGER_free(*(WOLFSSL_ASN1_INTEGER**)item);
-            break;
-        default:
-            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_free");
+    if (obj != NULL) {
+        if (mem->sequence)
+            wolfSSL_sk_pop_free((WOLFSSL_STACK *)obj, mem->free_func);
+        else
+            mem->free_func(obj);
     }
 }
 
 /* Dispose of ASN1 item based on a template.
  *
  * @param [in, out] val  ASN item to free.
- * @param [in,      tpl  Template of ASN1 items.
+ * @param [in,      item Info about ASN1 items.
  */
-void wolfSSL_ASN1_item_free(void *items, const WOLFSSL_ASN1_ITEM *tpl)
+void wolfSSL_ASN1_item_free(void *obj, const WOLFSSL_ASN1_ITEM *item)
 {
     const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
     size_t i;
 
     WOLFSSL_ENTER("wolfSSL_ASN1_item_free");
 
-    if (items != NULL) {
-        for (mem = tpl->members, i = 0; i < tpl->mcount; mem++, i++) {
-            wolfssl_asn1_item_free((void**)(((byte*)items) + mem->offset),
-                mem->type);
+    if (obj != NULL) {
+        switch (item->type) {
+            case WOLFSSL_ASN1_SEQUENCE:
+                for (mem = item->members, i = 0; i < item->mcount; mem++, i++)
+                    asn1_free_tpl(asn1Mem(obj, mem->offset), mem);
+                XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
+                break;
+            case WOLFSSL_ASN1_CHOICE:
+                if (asn1Type(obj, item->toffset) < 0)
+                    break; /* type not set */
+                for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+                    if (asn1Type(obj, item->toffset) == mem->tag) {
+                        asn1_free_tpl(asn1Mem(obj, mem->offset), mem);
+                        break;
+                    }
+                }
+                XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
+                break;
+            case WOLFSSL_ASN1_OBJECT_TYPE:
+                asn1_free_tpl(obj, item->members);
+                break;
+            default:
+                WOLFSSL_MSG("ASN1 type not implemented");
+                break;
         }
     }
-    XFREE(items, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
-/* Offset buf if not NULL or NULL. */
-#define bufLenOrNull(buf, len) (((buf) != NULL) ? ((buf) + (len)) : NULL)
-
-/* Encode X509 algorithm as DER.
- *
- * @param [in]      algor  X509 algorithm object.
- * @param [in, out] buf    Buffer to encode into. May be NULL.
- * @return  Length of DER encoding on success.
- * @return  0 on failure.
- */
-static int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* algor, byte* buf)
+static int i2d_asn1_items(const void* obj, byte** buf,
+        const WOLFSSL_ASN1_TEMPLATE* mem)
 {
-    int ret;
-    word32 oid = 0;
-    word32 idx = 0;
-
-    if (algor->algorithm == 0) {
-        WOLFSSL_MSG("X509_ALGOR algorithm not set");
-        ret = 0;
-    }
-    else if (GetObjectId(algor->algorithm->obj, &idx, &oid,
-            (word32)algor->algorithm->grp, algor->algorithm->objSz) < 0) {
-        WOLFSSL_MSG("Issue getting OID of object");
-        ret = 0;
+    int len = 0;
+    int ret = 0;
+    if (mem->sequence) {
+        const WOLFSSL_STACK* sk = (WOLFSSL_STACK *)asn1Mem(obj, mem->offset);
+        int ski; /* stack index */
+        int innerLen = 0;
+        /* Figure out the inner length first */
+        for (ski = 0; ski < wolfSSL_sk_num(sk); ski++) {
+            ret = mem->i2d_func(wolfSSL_sk_value(sk, ski), NULL);
+            if (ret <= 0)
+                break;
+            innerLen += ret;
+        }
+        if (ret <= 0)
+            return 0;
+        if (buf != NULL && *buf != NULL) {
+            /* Now write it out */
+            int writeLen = 0;
+            *buf += SetSequence((word32)innerLen, *buf);
+            for (ski = 0; ski < wolfSSL_sk_num(sk); ski++) {
+                ret = mem->i2d_func(wolfSSL_sk_value(sk, ski), buf);
+                if (ret <= 0)
+                    break;
+                writeLen += ret;
+            }
+            if (ret <= 0 || writeLen != innerLen)
+                return 0;
+        }
+        len = (int)SetSequence((word32)innerLen, NULL) + innerLen;
     }
     else {
-        ret = (int)SetAlgoID((int)oid, buf, algor->algorithm->grp, 0);
+        ret = mem->i2d_func(asn1Mem(obj, mem->offset),
+                buf != NULL && *buf != NULL ? buf : NULL);
+        if (ret <= 0)
+            return 0;
+        len = ret;
     }
-
-    return ret;
-}
-
-/* Encode ASN.1 BIT_STRING as DER.
- *
- * @param [in]      bit_str  BIT_STRING object.
- * @param [in, out] buf      Buffer to encode into. May be NULL.
- * @return  Length of DER encoding on success.
- */
-static int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bit_str,
-    byte* buf)
-{
-    int len;
-
-    len = (int)SetBitString((word32)bit_str->length, 0, buf);
-    if ((buf != NULL) && (bit_str->data != NULL)) {
-        XMEMCPY(buf + len, bit_str->data, (size_t)bit_str->length);
-    }
-
-    return len + bit_str->length;
-}
-
-/* Encode ASN item as DER.
- *
- * @param [in]      item  Pointer to anonymized ASN item.
- * @param [in, out] buf   Buffer to encode into. May be NULL.
- * @return  Length of DER encoding on success.
- * @return  0 on failure.
- */
-static int wolfssl_i2d_asn1_item(void** item, int type, byte* buf)
-{
-    int len;
-
-    switch (type) {
-        case WOLFSSL_X509_ALGOR_ASN1:
-            len = wolfSSL_i2d_X509_ALGOR(*(const WOLFSSL_X509_ALGOR**)item,
-                buf);
-            break;
-        case WOLFSSL_ASN1_BIT_STRING_ASN1:
-            len = wolfSSL_i2d_ASN1_BIT_STRING(
-                *(const WOLFSSL_ASN1_BIT_STRING**)item, buf);
-            break;
-        case WOLFSSL_ASN1_INTEGER_ASN1:
-        {
-            byte *tmp_buf = buf;
-            len = wolfSSL_i2d_ASN1_INTEGER(
-                *(const WOLFSSL_ASN1_INTEGER**)item, &tmp_buf);
-            if ((buf == NULL) && (tmp_buf != NULL)) {
-                XFREE(tmp_buf, NULL, DYNAMIC_TYPE_ASN1);
-                tmp_buf = NULL;
-            }
-        }
-        break;
-        default:
-            WOLFSSL_MSG("Type not support in processMembers");
-            len = 0;
-    }
-
-    if (len < 0) {
-        len = 0; /* wolfSSL_i2d_ASN1_INTEGER can return a value less than 0
-                  * on error */
-    }
-
     return len;
 }
 
@@ -264,7 +245,7 @@ static int wolfssl_i2d_asn1_item(void** item, int type, byte* buf)
  * @return  Length of DER encoding on success.
  * @return  0 on failure.
  */
-static int wolfssl_i2d_asn1_items(const void* src, byte*buf,
+static int wolfssl_i2d_asn1_items(const void* obj, byte* buf,
     const WOLFSSL_ASN1_TEMPLATE* members, size_t mcount)
 {
     const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
@@ -275,12 +256,36 @@ static int wolfssl_i2d_asn1_items(const void* src, byte*buf,
     WOLFSSL_ENTER("wolfssl_i2d_asn1_items");
 
     for (mem = members, i = 0; i < mcount; mem++, i++) {
-        ret = wolfssl_i2d_asn1_item((void**)(((byte*)src) + mem->offset),
-            mem->type, bufLenOrNull(buf, len));
-        if (ret == 0) {
+        byte* tmp = buf;
+        if (mem->ex && mem->tag >= 0) {
+            /* Figure out the inner length */
+            int innerLen = 0;
+            int hdrLen = 0;
+            ret = i2d_asn1_items(obj, NULL, mem);
+            if (ret <= 0) {
+                len = 0;
+                break;
+            }
+            innerLen = ret;
+            hdrLen = SetExplicit((byte)mem->tag, (word32)innerLen, buf, 0);
+            len += hdrLen;
+            if (buf != NULL)
+                buf += hdrLen;
+        }
+
+        ret = i2d_asn1_items(obj, &buf, mem);
+        if (ret <= 0) {
             len = 0;
             break;
         }
+
+        if (buf != NULL && tmp != NULL && !mem->ex && mem->tag >= 0) {
+            byte imp[ASN_TAG_SZ + MAX_LENGTH_SZ];
+            /* Encode the implicit tag; There's other stuff in the upper bits
+             * of the integer tag, so strip out everything else for value. */
+            SetImplicit(tmp[0], (byte)(mem->tag), 0, imp, 0);
+            tmp[0] = imp[0];
+        }
         len += ret;
     }
 
@@ -297,25 +302,55 @@ static int wolfssl_i2d_asn1_items(const void* src, byte*buf,
  * @return  Length of DER encoding on success.
  * @return  0 on failure.
  */
-static int i2d_ASN_SEQUENCE(const void* src, byte* buf,
-    const WOLFSSL_ASN1_ITEM* tpl)
+static int i2d_ASN_SEQUENCE(const void* obj, byte* buf,
+    const WOLFSSL_ASN1_ITEM* item)
 {
     word32 seq_len;
     word32 len = 0;
 
-    seq_len = (word32)wolfssl_i2d_asn1_items(src, NULL, tpl->members,
-        tpl->mcount);
+    seq_len = (word32)wolfssl_i2d_asn1_items(obj, NULL, item->members,
+        item->mcount);
     if (seq_len != 0) {
         len = SetSequence(seq_len, buf);
         if (buf != NULL) {
-            wolfssl_i2d_asn1_items(src, buf + len, tpl->members, tpl->mcount);
+            if (wolfssl_i2d_asn1_items(obj, buf + len, item->members,
+                    item->mcount) > 0)
+                len += seq_len; /* success */
+            else
+                len = 0; /* error */
         }
-        len += seq_len;
+        else
+            len += seq_len;
     }
 
     return (int)len;
 }
 
+static int i2d_ASN_CHOICE(const void* obj, byte* buf,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
+    size_t i;
+
+    if (asn1Type(obj, item->toffset) < 0)
+        return 0; /* type not set */
+    for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+        if (asn1Type(obj, item->toffset) == mem->tag) {
+            return wolfssl_i2d_asn1_items(obj, buf, mem, 1);
+        }
+    }
+    return 0;
+}
+
+static int i2d_ASN_OBJECT_TYPE(const void* obj, byte* buf,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    /* To be able to use wolfssl_i2d_asn1_items without any modifications,
+     * pass in a pointer to obj so that asn1Mem uses the correct pointer. */
+    const void ** obj_pp = &obj;
+    return wolfssl_i2d_asn1_items(obj_pp, buf, item->members, item->mcount);
+}
+
 /* Encode ASN1 template item.
  *
  * @param [in]      src  ASN1 items to encode.
@@ -324,14 +359,20 @@ static int i2d_ASN_SEQUENCE(const void* src, byte* buf,
  * @return  Length of DER encoding on success.
  * @return  0 on failure.
  */
-static int wolfssl_asn1_item_encode(const void* src, byte* buf,
-    const WOLFSSL_ASN1_ITEM* tpl)
+static int wolfssl_asn1_item_encode(const void* obj, byte* buf,
+    const WOLFSSL_ASN1_ITEM* item)
 {
     int len;
 
-    switch (tpl->type) {
-        case ASN_SEQUENCE:
-            len = i2d_ASN_SEQUENCE(src, buf, tpl);
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+            len = i2d_ASN_SEQUENCE(obj, buf, item);
+            break;
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            len = i2d_ASN_OBJECT_TYPE(obj, buf, item);
+            break;
+        case WOLFSSL_ASN1_CHOICE:
+            len = i2d_ASN_CHOICE(obj, buf, item);
             break;
         default:
             WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_i2d");
@@ -347,10 +388,10 @@ static int wolfssl_asn1_item_encode(const void* src, byte* buf,
  * @param [in, out] dest  Pointer to buffer to encode into. May be NULL.
  * @param [in]      tpl   Template of ASN1 items.
  * @return  Length of DER encoding on success.
- * @return  0 on failure.
+ * @return  WOLFSSL_FATAL_ERROR on failure.
  */
-int wolfSSL_ASN1_item_i2d(const void* src, byte** dest,
-    const WOLFSSL_ASN1_ITEM* tpl)
+int wolfSSL_ASN1_item_i2d(const void* obj, byte** dest,
+    const WOLFSSL_ASN1_ITEM* item)
 {
     int ret = 1;
     int len = 0;
@@ -359,35 +400,320 @@ int wolfSSL_ASN1_item_i2d(const void* src, byte** dest,
     WOLFSSL_ENTER("wolfSSL_ASN1_item_i2d");
 
     /* Validate parameters. */
-    if ((src == NULL) || (tpl == NULL)) {
+    if ((obj == NULL) || (item == NULL)) {
         ret = 0;
     }
 
-    if ((ret == 1) && ((len = wolfssl_asn1_item_encode(src, NULL, tpl)) == 0)) {
+    if ((ret == 1) && ((len = wolfssl_asn1_item_encode(obj, NULL, item)) == 0))
         ret = 0;
-    }
 
     if ((ret == 1) && (dest != NULL)) {
         if (*dest == NULL) {
             buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
             if (buf == NULL)
                 ret = 0;
-            *dest = buf;
+        }
+        else
+            buf = *dest;
+
+        if (ret == 1) {
+            len = wolfssl_asn1_item_encode(obj, buf, item);
+            if (len <= 0)
+                ret = 0;
         }
 
         if (ret == 1) {
-            len = wolfssl_asn1_item_encode(src, *dest, tpl);
+            if (*dest == NULL)
+                *dest = buf;
+            else
+                *dest += len;
         }
     }
 
     if (ret == 0) {
-        XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
-        len = 0;
+        if (*dest == NULL)
+            XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
+        len = WOLFSSL_FATAL_ERROR;
     }
     WOLFSSL_LEAVE("wolfSSL_ASN1_item_i2d", len);
     return len;
 }
 
+static void* d2i_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
+        long* len)
+{
+    void* ret;
+    const byte* tmp = *src;
+    ret = mem->d2i_func(NULL, &tmp, *len);
+    if (ret == NULL) {
+        WOLFSSL_MSG("d2i error");
+        return NULL;
+    }
+    if (tmp <= *src) {
+        WOLFSSL_MSG("ptr not advanced");
+        mem->free_func(ret); /* never a stack so we can call this directly */
+        return NULL;
+    }
+    *len -= (long)(tmp - *src);
+    *src = tmp;
+    return ret;
+}
+
+static void* d2i_generic_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
+        long* len)
+{
+    void* ret = NULL;
+    if (mem->sequence) {
+        long skl = 0;
+        int slen = 0;
+        WOLFSSL_STACK* sk = NULL;
+        word32 idx = 0;
+        const byte* tmp = *src;
+        if (GetSequence(tmp, &idx, &slen, (word32)*len) < 0)
+            goto error;
+        skl = (long)slen;
+        tmp += idx;
+        ret = sk = wolfSSL_sk_new_null();
+        while (skl > 0) {
+            void* new_obj = d2i_obj(mem, &tmp, &skl);
+            if (new_obj == NULL) {
+                WOLFSSL_MSG("d2i_obj failed");
+                goto error;
+            }
+            if (wolfSSL_sk_insert(sk, new_obj, -1) <= 0) {
+                mem->free_func(new_obj);
+                WOLFSSL_MSG("push failed");
+                goto error;
+            }
+        }
+        if (skl != 0) {
+            WOLFSSL_MSG("l not zero after sequence");
+            goto error;
+        }
+        *len -= (long)slen;
+        *src = tmp;
+    }
+    else {
+        ret = d2i_obj(mem, src, len);
+    }
+    return ret;
+error:
+    asn1_free_tpl(ret, mem);
+    return NULL;
+}
+
+static int d2i_handle_tags(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
+        long* len, byte** impBuf, int* asnLen)
+{
+    if (mem->tag >= 0) {
+        byte tag = 0;
+        word32 idx = 0;
+        if (mem->ex) {
+            if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 ||
+                    (byte)(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | mem->tag)
+                        != tag ||
+                    GetLength(*src, &idx, asnLen, (word32)*len) < 0) {
+                WOLFSSL_MSG("asn tag error");
+                return WOLFSSL_FATAL_ERROR;
+            }
+            *len -= idx;
+            *src += idx;
+        }
+        else {
+            /* Underlying d2i functions won't be able to handle the implicit
+             * tag so we substitute it for the expected tag. */
+            if (mem->first_byte == 0) {
+                WOLFSSL_MSG("first byte not set");
+                return WOLFSSL_FATAL_ERROR;
+            }
+            if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 ||
+                    (byte)mem->tag != (tag & ASN_TYPE_MASK) ||
+                    GetLength(*src, &idx, asnLen, (word32)*len) < 0) {
+                WOLFSSL_MSG("asn tag error");
+                return WOLFSSL_FATAL_ERROR;
+            }
+            *asnLen += idx; /* total buffer length */
+            *impBuf = (byte*)XMALLOC(*asnLen, NULL,
+                    DYNAMIC_TYPE_TMP_BUFFER);
+            if (*impBuf == NULL) {
+                WOLFSSL_MSG("malloc error");
+                return WOLFSSL_FATAL_ERROR;
+            }
+            XMEMCPY(*impBuf, *src, *asnLen);
+            (*impBuf)[0] = mem->first_byte;
+        }
+    }
+    return 0;
+}
+
+static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem,
+        const byte** src, long* len)
+{
+    int asnLen = -1;
+    const byte *tmp = NULL;
+    void* ret = NULL;
+    byte* impBuf = NULL;
+    long l;
+
+    if (*len <= 0) {
+        WOLFSSL_MSG("buffer too short");
+        return NULL;
+    }
+
+    if (d2i_handle_tags(mem, src, len, &impBuf, &asnLen) != 0) {
+        WOLFSSL_MSG("tags error");
+        goto error;
+    }
+
+    if (impBuf != NULL)
+        tmp = impBuf;
+    else
+        tmp = *src;
+    l = (long)(asnLen >= 0 ? asnLen : *len);
+    ret = d2i_generic_obj(mem, &tmp, &l);
+    if (l < 0) {
+        WOLFSSL_MSG("ptr advanced too far");
+        goto error;
+    }
+    if (impBuf != NULL) {
+        tmp = *src + (tmp - impBuf); /* for the next calculation */
+        XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        impBuf = NULL;
+    }
+    if (asnLen >= 0 && (int)(tmp - *src) != asnLen) {
+        WOLFSSL_MSG("ptr not advanced enough");
+        goto error;
+    }
+    *len -= (long)(tmp - *src);
+    *src = tmp;
+    return ret;
+error:
+    asn1_free_tpl(ret, mem);
+    if (impBuf != NULL)
+        XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return NULL;
+}
+
+static int d2i_ASN_SEQUENCE(void* obj, const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
+    int err;
+    word32 idx = 0;
+    int slen = 0;
+    size_t i;
+    const byte* s = *src;
+
+    err = GetSequence(s, &idx, &slen, (word32)len);
+    if (err <= 0) {
+        WOLFSSL_MSG("GetSequence error");
+        return WOLFSSL_FATAL_ERROR;
+    }
+    s += idx;
+    len -= idx;
+
+    for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+        asn1Mem(obj, mem->offset) = d2i_generic(mem, &s, &len);
+        if (asn1Mem(obj, mem->offset) == NULL) {
+            WOLFSSL_MSG("d2i error");
+            return WOLFSSL_FATAL_ERROR;
+        }
+    }
+    *src = s;
+    return 0;
+}
+
+static int d2i_ASN_CHOICE(void* obj, const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
+    size_t i;
+
+    for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
+        asn1Mem(obj, mem->offset) = d2i_generic(mem, src, &len);
+        if (asn1Mem(obj, mem->offset) != NULL) {
+            asn1Type(obj, item->toffset) = mem->tag;
+            return 0;
+        }
+    }
+    WOLFSSL_MSG("der does not decode with any CHOICE");
+    return WOLFSSL_FATAL_ERROR;
+}
+
+static void* d2i_ASN_OBJECT_TYPE(const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    return d2i_generic(item->members, src, &len);
+}
+
+void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item)
+{
+    void* obj = NULL;
+    int err = 0;
+    const byte *tmp;
+
+    WOLFSSL_ENTER("wolfSSL_ASN1_item_d2i");
+
+    if (src == NULL || *src == NULL || len <= 0 || item == NULL) {
+        WOLFSSL_LEAVE("wolfSSL_ASN1_item_d2i", 0);
+        return NULL;
+    }
+
+    tmp = *src;
+
+    /* Create an empty object. */
+
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+        case WOLFSSL_ASN1_CHOICE:
+            obj = asn1_item_alloc(item);
+            if (obj == NULL)
+                return NULL;
+            break;
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            /* allocated later */
+            break;
+        default:
+            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i");
+            return NULL;
+    }
+
+    switch (item->type) {
+        case WOLFSSL_ASN1_SEQUENCE:
+            err = d2i_ASN_SEQUENCE(obj, &tmp, len, item);
+            break;
+        case WOLFSSL_ASN1_CHOICE:
+            err = d2i_ASN_CHOICE(obj, &tmp, len, item);
+            break;
+        case WOLFSSL_ASN1_OBJECT_TYPE:
+            obj = d2i_ASN_OBJECT_TYPE(&tmp, len, item);
+            if (obj == NULL)
+                err = WOLFSSL_FATAL_ERROR;
+            break;
+        default:
+            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i");
+            err = WOLFSSL_FATAL_ERROR;
+            break;
+    }
+
+    if (err == 0)
+        *src = tmp;
+    else {
+        wolfSSL_ASN1_item_free(obj, item);
+        obj = NULL;
+    }
+
+    if (dst != NULL && obj != NULL) {
+        if (*dst != NULL)
+            wolfSSL_ASN1_item_free(*dst, item);
+        *dst = obj;
+    }
+
+    WOLFSSL_LEAVE("wolfSSL_ASN1_item_d2i", obj != NULL);
+    return obj;
+}
+
 #endif /* OPENSSL_ALL */
 
 #endif /* OPENSSL_EXTRA */
@@ -453,9 +779,6 @@ int wolfSSL_ASN1_BIT_STRING_get_bit(const WOLFSSL_ASN1_BIT_STRING* bitStr,
 
     return bit;
 }
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
-
-#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
 
 /* Grow data to require length.
  *
@@ -470,15 +793,25 @@ static int wolfssl_asn1_bit_string_grow(WOLFSSL_ASN1_BIT_STRING* bitStr,
     int ret = 1;
     byte* tmp;
 
+#ifdef WOLFSSL_NO_REALLOC
+    tmp = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_OPENSSL);
+    if (tmp != NULL && bitStr->data != NULL) {
+       XMEMCPY(tmp, bitStr->data, bitStr->length);
+       XFREE(bitStr->data, NULL, DYNAMIC_TYPE_OPENSSL);
+       bitStr->data = NULL;
+    }
+#else
     /* Realloc to length required. */
     tmp = (byte*)XREALLOC(bitStr->data, (size_t)len, NULL,
         DYNAMIC_TYPE_OPENSSL);
+#endif
     if (tmp == NULL) {
         ret = 0;
     }
     else {
         /* Clear out new, top bytes. */
-        XMEMSET(tmp + bitStr->length, 0, (size_t)(len - bitStr->length));
+        if (len > bitStr->length)
+            XMEMSET(tmp + bitStr->length, 0, (size_t)(len - bitStr->length));
         bitStr->data = tmp;
         bitStr->length = len;
     }
@@ -527,7 +860,99 @@ int wolfSSL_ASN1_BIT_STRING_set_bit(WOLFSSL_ASN1_BIT_STRING* bitStr, int idx,
     return ret;
 }
 
-#endif /* OPENSSL_ALL && !NO_CERTS */
+/* Serialize object to DER encoding
+ *
+ * @param bstr Object to serialize
+ * @param pp  Output
+ * @return Length on success
+ *         Negative number on failure
+ */
+int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bstr,
+        unsigned char** pp)
+{
+    int len;
+    unsigned char* buf;
+
+    if (bstr == NULL || (bstr->data == NULL && bstr->length != 0))
+        return WOLFSSL_FATAL_ERROR;
+
+    len = (int)SetBitString((word32)bstr->length, 0, NULL) + bstr->length;
+    if (pp != NULL) {
+        word32 idx;
+
+        if (*pp != NULL)
+            buf = *pp;
+        else {
+            buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
+            if (buf == NULL)
+                return WOLFSSL_FATAL_ERROR;
+        }
+
+        idx = SetBitString((word32)bstr->length, 0, buf);
+        if (bstr->length > 0)
+            XMEMCPY(buf + idx, bstr->data, (size_t)bstr->length);
+
+        if (*pp != NULL)
+            *pp += len;
+        else
+            *pp = buf;
+    }
+
+    return len;
+}
+
+WOLFSSL_ASN1_BIT_STRING* wolfSSL_d2i_ASN1_BIT_STRING(
+        WOLFSSL_ASN1_BIT_STRING** out, const byte** src, long len)
+{
+    WOLFSSL_ASN1_BIT_STRING* ret = NULL;
+#ifdef WOLFSSL_ASN_TEMPLATE
+    word32 idx = 0;
+    byte tag = 0;
+    int length = 0;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_BIT_STRING");
+
+    if (src == NULL || *src == NULL || len == 0)
+        return NULL;
+
+    if (GetASNTag(*src, &idx, &tag, (word32)len) < 0)
+        return NULL;
+    if (tag != ASN_BIT_STRING)
+        return NULL;
+    if (GetLength(*src, &idx, &length, (word32)len) < 0)
+        return NULL;
+    if (GetASN_BitString(*src, idx, length) != 0)
+        return NULL;
+    idx++; /* step over unused bits */
+    length--;
+
+    ret = wolfSSL_ASN1_BIT_STRING_new();
+    if (ret == NULL)
+        return NULL;
+
+    if (wolfssl_asn1_bit_string_grow(ret, length) != 1) {
+        wolfSSL_ASN1_BIT_STRING_free(ret);
+        return NULL;
+    }
+
+    XMEMCPY(ret->data, *src + idx, length);
+    *src += idx + (word32)length;
+
+    if (out != NULL) {
+        if (*out != NULL)
+            wolfSSL_ASN1_BIT_STRING_free(*out);
+        *out = ret;
+    }
+#else
+    WOLFSSL_MSG("d2i_ASN1_BIT_STRING needs --enable-asn=template");
+    (void)out;
+    (void)src;
+    (void)len;
+#endif
+    return ret;
+}
+
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 /*******************************************************************************
  * ASN1_INTEGER APIs
@@ -601,7 +1026,7 @@ static void wolfssl_asn1_integer_reset_data(WOLFSSL_ASN1_INTEGER* a)
     /* No data, not negative. */
     a->negative = 0;
     /* Set type to positive INTEGER. */
-    a->type = V_ASN1_INTEGER;
+    a->type = WOLFSSL_V_ASN1_INTEGER;
 }
 #endif /* OPENSSL_EXTRA */
 
@@ -664,36 +1089,36 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len,
  */
 WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src)
 {
-    WOLFSSL_ASN1_INTEGER* dup = NULL;
+    WOLFSSL_ASN1_INTEGER* dst = NULL;
 
     WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_dup");
 
     /* Check for object to duplicate. */
     if (src != NULL) {
         /* Create a new ASN.1 INTEGER object to be copied into. */
-        dup = wolfSSL_ASN1_INTEGER_new();
+        dst = wolfSSL_ASN1_INTEGER_new();
     }
     /* Check for object to copy into. */
-    if (dup != NULL) {
+    if (dst != NULL) {
         /* Copy simple fields. */
-        dup->length   = src->length;
-        dup->negative = src->negative;
-        dup->type     = src->type;
+        dst->length   = src->length;
+        dst->negative = src->negative;
+        dst->type     = src->type;
 
         if (!src->isDynamic) {
             /* Copy over data from/to fixed buffer. */
-            XMEMCPY(dup->intData, src->intData, WOLFSSL_ASN1_INTEGER_MAX);
+            XMEMCPY(dst->intData, src->intData, WOLFSSL_ASN1_INTEGER_MAX);
         }
-        else if (wolfssl_asn1_integer_require_len(dup, src->length, 0) == 0) {
-            wolfSSL_ASN1_INTEGER_free(dup);
-            dup = NULL;
+        else if (wolfssl_asn1_integer_require_len(dst, src->length, 0) == 0) {
+            wolfSSL_ASN1_INTEGER_free(dst);
+            dst = NULL;
         }
         else {
-            XMEMCPY(dup->data, src->data, (size_t)src->length);
+            XMEMCPY(dst->data, src->data, (size_t)src->length);
         }
     }
 
-    return dup;
+    return dst;
 }
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
@@ -706,7 +1131,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src)
  * @return Negative value when a is less than b.
  * @return 0 when a equals b.
  * @return Positive value when a is greater than b.
- * @return -1 when a or b is NULL.
+ * @return WOLFSSL_FATAL_ERROR when a or b is NULL.
  */
 int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
     const WOLFSSL_ASN1_INTEGER* b)
@@ -718,11 +1143,11 @@ int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
     /* Validate parameters. */
     if ((a == NULL) || (b == NULL)) {
         WOLFSSL_MSG("Bad parameter.");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Negative value < Positive value */
     else if (a->negative && !b->negative) {
-        ret = -1;
+        ret = -2; /* avoid collision with WOLFSSL_FATAL_ERROR */
     }
     /* Positive value > Negative value */
     else if (!a->negative && b->negative) {
@@ -772,7 +1197,7 @@ static void wolfssl_twos_compl(byte* data, int length)
 
 /* Calculate 2's complement of DER encoding.
  *
- * @param [in]  data    Array that is number.
+ * @param [in|out] data Array that is number.
  * @param [in]  length  Number of bytes in array.
  * @param [out] neg     When NULL, 2's complement data.
  *                      When not NULL, check for negative first and return.
@@ -787,7 +1212,7 @@ static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg)
 
     /* Get length from DER header. */
     if (GetLength(data, &idx, &len, (word32)length) < 0) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         if (neg != NULL) {
@@ -811,60 +1236,48 @@ static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg)
  * @return  -1 when a is NULL or no data, out is NULL, dynamic memory allocation
  *          fails or encoding length fails.
  */
-int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, unsigned char** out)
+int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, unsigned char** pp)
 {
-    int ret = 0;
-    byte* buf = NULL;
-
     WOLFSSL_ENTER("wolfSSL_i2d_ASN1_INTEGER");
 
     /* Validate parameters. */
-    if ((a == NULL) || (a->data == NULL) || (a->length <= 0) || (out == NULL)) {
+    if (a == NULL || a->data == NULL || a->length <= 0) {
         WOLFSSL_MSG("Bad parameter.");
-        ret = -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
-    if ((ret == 0) && (*out == NULL)) {
-        /* Allocate buffer to hold encoding. */
-        buf = (unsigned char*)XMALLOC((size_t)a->length, NULL,
-            DYNAMIC_TYPE_ASN1);
-        if (buf == NULL) {
-            WOLFSSL_MSG("Failed to allocate output buffer.");
-            ret = -1;
+    if (pp != NULL) {
+        byte* buf;
+
+        if (*pp != NULL)
+            buf = *pp;
+        else {
+            buf = (byte*)XMALLOC((size_t)a->length, NULL, DYNAMIC_TYPE_ASN1);
+            if (buf == NULL)
+                return WOLFSSL_FATAL_ERROR;
         }
-        /* Return any allocated buffer. */
-        *out = buf;
-    }
-    if (ret == 0) {
+
         /* Copy the data (including tag and length) into output buffer. */
-        XMEMCPY(*out, a->data, (size_t)a->length);
+        XMEMCPY(buf, a->data, (size_t)a->length);
         /* Only magnitude of the number stored (i.e. the sign isn't encoded).
          * The "negative" field is 1 if the value must be interpreted as
          * negative and we need to output the 2's complement of the value in
          * the DER output.
          */
-        if (a->negative) {
-            ret = wolfssl_asn1_int_twos_compl(*out, a->length, NULL);
+        if (a->negative &&
+                wolfssl_asn1_int_twos_compl(buf, a->length, NULL) != 0) {
+            if (*pp == NULL)
+                XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
+            return WOLFSSL_FATAL_ERROR;
         }
-    }
-    if (ret == 0) {
-        ret = a->length;
-        /* Move pointer on passed encoding when buffer passed in. */
-        if (buf == NULL) {
-            *out += a->length;
-        }
-    }
-    /* Dispose of any dynamically allocated data on error. */
-    else if (buf != NULL) {
-        /* Dispose of buffer allocated locally on error. */
-        XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
-        /* Don't return freed buffer. */
-        *out = NULL;
+
+        if (*pp != NULL)
+            *pp += a->length;
+        else
+            *pp = buf;
     }
 
-    WOLFSSL_LEAVE("wolfSSL_i2d_ASN1_INTEGER", ret);
-
-    return ret;
+    return a->length;
 }
 
 /* Decode DER encoding of ASN.1 INTEGER.
@@ -912,7 +1325,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a,
     }
     if (!err) {
         /* Set type. */
-        ret->type = V_ASN1_INTEGER;
+        ret->type = WOLFSSL_V_ASN1_INTEGER;
 
         /* Copy DER encoding and length. */
         XMEMCPY(ret->data, *in, (size_t)(idx + (word32)len));
@@ -925,7 +1338,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a,
     }
     if ((!err) && ret->negative) {
         /* Update type if number was negative. */
-        ret->type |= V_ASN1_NEG_INTEGER;
+        ret->type |= WOLFSSL_V_ASN1_NEG_INTEGER;
     }
 
     if (err) {
@@ -1084,7 +1497,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
  * @return  0 when bp or a is NULL.
  * @return  0 DER header in data is invalid.
  */
-int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
+int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
 {
     int err = 0;
     word32 idx = 1;     /* Skip ASN.1 INTEGER tag byte. */
@@ -1345,10 +1758,10 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn,
         int length;
 
         /* Set type and negative. */
-        a->type = V_ASN1_INTEGER;
+        a->type = WOLFSSL_V_ASN1_INTEGER;
         if (wolfSSL_BN_is_negative(bn) && !wolfSSL_BN_is_zero(bn)) {
             a->negative = 1;
-            a->type |= V_ASN1_NEG_INTEGER;
+            a->type |= WOLFSSL_V_ASN1_NEG_INTEGER;
         }
 
         /* Get length in bytes of encoded number. */
@@ -1427,7 +1840,7 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* a)
         /* Create a big number from the DER encoding. */
         bn = wolfSSL_ASN1_INTEGER_to_BN(a, NULL);
         if (bn == NULL) {
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
     if (ret > 0) {
@@ -1477,7 +1890,7 @@ int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
         if (v < 0) {
             /* Set negative and 2's complement the value. */
             a->negative = 1;
-            a->type |= V_ASN1_NEG;
+            a->type |= WOLFSSL_V_ASN1_NEG;
             v = -v;
         }
 
@@ -1700,6 +2113,36 @@ int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
     return ret;
 }
 
+int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len,
+        int addHdr)
+{
+    word32 idx = 0;
+
+    if (obj == NULL || der == NULL || len == 0)
+        return WOLFSSL_FAILURE;
+
+    if (addHdr)
+        idx = SetHeader(ASN_OBJECT_ID, (word32)len, NULL, 0);
+
+    if (obj->obj != NULL) {
+        XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
+        obj->obj = NULL;
+        obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
+    }
+
+    obj->obj =(unsigned char*)XMALLOC(idx + len, obj->heap, DYNAMIC_TYPE_ASN1);
+    if (obj->obj == NULL)
+        return WOLFSSL_FAILURE;
+
+    if (addHdr)
+        SetHeader(ASN_OBJECT_ID, (word32)len, (byte*)obj->obj, 0);
+
+    XMEMCPY((byte*)obj->obj + idx, der, len);
+    obj->objSz = (unsigned int)(idx + len);
+    obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
+    return WOLFSSL_SUCCESS;
+}
+
 /* Creates and ASN.1 OBJECT_ID object from DER encoding.
  *
  * @param [out]     a       Pointer to return new ASN.1 OBJECT_ID through.
@@ -1714,38 +2157,43 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
     const unsigned char **der, long length)
 {
     WOLFSSL_ASN1_OBJECT* ret = NULL;
-    int err = 0;
-    const unsigned char *d;
-    long len = 0;
-    int tag = 0;
-    int cls;
+    int len = 0;
+    word32 idx = 0;
 
     WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OBJECT");
 
     /* Validate parameters. */
     if ((der == NULL) || (*der == NULL) || (length <= 0)) {
         WOLFSSL_MSG("Bad parameter");
-        err = 1;
+        return NULL;
     }
-    if (!err) {
-        /* Get pointer to be modified along the way. */
-        d = *der;
 
-        /* Move d to value and get length and tag. */
-        if (wolfSSL_ASN1_get_object(&d, &len, &tag, &cls, length) & 0x80) {
-            WOLFSSL_MSG("wolfSSL_ASN1_get_object error");
-            err = 1;
-        }
+    if (GetASNHeader(*der, ASN_OBJECT_ID, &idx, &len, (word32)length) < 0) {
+        WOLFSSL_MSG("error getting tag");
+        return NULL;
     }
-    /* Check it DER encoding is of an OBJECT_ID. */
-    if ((!err) && (tag != ASN_OBJECT_ID)) {
-        WOLFSSL_MSG("Not an ASN object");
-        err = 1;
+
+    if (len <= 0) {
+        WOLFSSL_MSG("zero length");
+        return NULL;
     }
-    /* Create an ASN.1 OBJECT_ID_object from value. TODO: not DER encoding? */
-    if ((!err) && ((ret = wolfSSL_c2i_ASN1_OBJECT(a, &d, len)) != NULL)) {
-        /* Update pointer to after decoded bytes. */
-        *der = d;
+
+    ret = wolfSSL_ASN1_OBJECT_new();
+    if (ret == NULL) {
+        WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
+        return NULL;
+    }
+
+    if (wolfssl_asn1_obj_set(ret, *der, idx + len, 0) != WOLFSSL_SUCCESS) {
+        wolfSSL_ASN1_OBJECT_free(ret);
+        return NULL;
+    }
+
+    *der += idx + len;
+    if (a != NULL) {
+        if (*a != NULL)
+            wolfSSL_ASN1_OBJECT_free(*a);
+        *a = ret;
     }
 
     return ret;
@@ -1821,7 +2269,6 @@ int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp)
 WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
         const unsigned char **pp, long len)
 {
-    int err = 0;
     WOLFSSL_ASN1_OBJECT* ret = NULL;
 
     WOLFSSL_ENTER("wolfSSL_c2i_ASN1_OBJECT");
@@ -1829,40 +2276,29 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
     /* Validate parameters. */
     if ((pp == NULL) || (*pp == NULL) || (len <= 0)) {
         WOLFSSL_MSG("Bad parameter");
-        err = 1;
+        return NULL;
     }
 
     /* Create a new ASN.1 OBJECT_ID object. */
-    if ((!err) && ((ret = wolfSSL_ASN1_OBJECT_new()) == NULL)) {
+    ret = wolfSSL_ASN1_OBJECT_new();
+    if (ret == NULL) {
         WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
-        err = 1;
+        return NULL;
     }
 
-    if (!err) {
-        /* Allocate memory for content octets. */
-        ret->obj = (const unsigned char*)XMALLOC((size_t)len, NULL,
-            DYNAMIC_TYPE_ASN1);
-        if (ret->obj == NULL) {
-            WOLFSSL_MSG("error allocating asn data memory");
-            wolfSSL_ASN1_OBJECT_free(ret);
-            ret = NULL;
-            err = 1;
-        }
+    if (wolfssl_asn1_obj_set(ret, *pp, (word32)len, 1) != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("wolfssl_asn1_obj_set error");
+        wolfSSL_ASN1_OBJECT_free(ret);
+        return NULL;
     }
 
-    if (!err) {
-        /* Content octets buffer was dynamically allocated. */
-        ret->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
-        /* Copy in content octets and set size. */
-        XMEMCPY((byte*)ret->obj, *pp, (size_t)len);
-        ret->objSz = (unsigned int)len;
-
-        /* Move pointer to after data copied out. */
-        *pp += len;
-        /* Return ASN.1 OBJECT_ID object through a if required. */
-        if (a != NULL) {
-            *a = ret;
-        }
+    /* Move pointer to after data copied out. */
+    *pp += len;
+    /* Return ASN.1 OBJECT_ID object through a if required. */
+    if (a != NULL) {
+        if (*a != NULL)
+            wolfSSL_ASN1_OBJECT_free(*a);
+        *a = ret;
     }
 
     return ret;
@@ -1916,7 +2352,7 @@ int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a)
         length = wolfSSL_BIO_write(bp, null_str, (int)XSTRLEN(null_str));
     }
     /* Try getting text version and write it out. */
-    else if ((length = i2t_ASN1_OBJECT(buf, sizeof(buf), a)) > 0) {
+    else if ((length = wolfSSL_i2t_ASN1_OBJECT(buf, sizeof(buf), a)) > 0) {
         length = wolfSSL_BIO_write(bp, buf, length);
     }
     /* Look for DER header. */
@@ -1992,16 +2428,9 @@ void wolfSSL_sk_ASN1_OBJECT_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
 int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
     WOLFSSL_ASN1_OBJECT* obj)
 {
-    int ret = 0;
-
     WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_push");
 
-    /* Push on when we have a stack and object to work with. */
-    if ((sk != NULL) && (obj != NULL)) {
-        ret = wolfSSL_sk_push(sk, obj);
-    }
-
-    return ret;
+    return wolfSSL_sk_push(sk, obj);
 }
 
 /* Pop off a WOLFSSL_ASN1_OBJECT from the stack.
@@ -2163,7 +2592,7 @@ WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1)
  * @return Negative value when a is less than b.
  * @return 0 when a equals b.
  * @return Positive value when a is greater than b.
- * @return -1 when a or b is NULL.
+ * @return WOLFSSL_FATAL_ERROR when a or b is NULL.
  */
 int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a,
     const WOLFSSL_ASN1_STRING *b)
@@ -2173,7 +2602,7 @@ int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a,
 
     /* Validate parameters. */
     if ((a == NULL) || (b == NULL)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Compare length of data. */
     else if (a->length != b->length) {
@@ -2229,7 +2658,7 @@ int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s)
     }
 
     /* Check type of ASN.1 STRING. */
-    if ((ret == 1) && (s->type != V_ASN1_UNIVERSALSTRING)) {
+    if ((ret == 1) && (s->type != WOLFSSL_V_ASN1_UNIVERSALSTRING)) {
         WOLFSSL_MSG("Input is not a universal string");
         ret = 0;
     }
@@ -2263,7 +2692,7 @@ int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s)
         *copy = '\0';
         /* Update length and type. */
         s->length /= 4;
-        s->type = V_ASN1_PRINTABLESTRING;
+        s->type = WOLFSSL_V_ASN1_PRINTABLESTRING;
     }
 
     return ret;
@@ -2296,7 +2725,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1)
         len = wolfSSL_ASN1_STRING_length(asn1);
         /* Check data and length are usable. */
         if ((data == NULL) || (len < 0)) {
-            len = -1;
+            len = WOLFSSL_FATAL_ERROR;
         }
     }
     if (len != -1) {
@@ -2304,7 +2733,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1)
         buf = (unsigned char*)XMALLOC((size_t)(len + 1), NULL,
             DYNAMIC_TYPE_OPENSSL);
         if (buf == NULL) {
-            len = -1;
+            len = WOLFSSL_FATAL_ERROR;
         }
     }
     if (len != -1) {
@@ -2318,7 +2747,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1)
 }
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
-#if defined(OPENSSL_EXTRA)
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 
 /* Encode ASN.1 STRING data as hex digits separated by colon.
  *
@@ -2397,7 +2826,155 @@ char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
 
     return ret;
 }
-#endif /* OPENSSL_EXTRA */
+
+static int i2d_ASN1_STRING(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp, byte tag)
+{
+    int idx;
+    int len;
+    unsigned char* out;
+
+    if (s == NULL || s->data == NULL || s->length == 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    len = SetHeader(tag, s->length, NULL, 0) + s->length;
+
+    if (pp == NULL)
+        return len;
+
+    if (*pp == NULL) {
+        out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1);
+        if (out == NULL)
+            return WOLFSSL_FATAL_ERROR;
+    }
+    else {
+        out = *pp;
+    }
+
+    idx = (int)SetHeader(tag, s->length, out, 0);
+    XMEMCPY(out + idx, s->data, s->length);
+    if (*pp == NULL)
+        *pp = out;
+    else
+        *pp += len;
+
+    return len;
+}
+
+int wolfSSL_i2d_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
+{
+    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_GENERALSTRING");
+
+    return i2d_ASN1_STRING(s, pp, ASN_GENERALSTRING);
+}
+
+int wolfSSL_i2d_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
+{
+    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_OCTET_STRING");
+
+    return i2d_ASN1_STRING(s, pp, ASN_OCTET_STRING);
+}
+
+int wolfSSL_i2d_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
+{
+    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_UTF8STRING");
+
+    return i2d_ASN1_STRING(s, pp, ASN_UTF8STRING);
+}
+
+int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp)
+{
+    unsigned char* out;
+
+    if (s == NULL || s->data == NULL || s->length == 0)
+        return WOLFSSL_FATAL_ERROR;
+
+    if (pp == NULL)
+        return s->length;
+
+    if (*pp == NULL) {
+        out = (unsigned char*)XMALLOC(s->length, NULL, DYNAMIC_TYPE_ASN1);
+        if (out == NULL)
+            return WOLFSSL_FATAL_ERROR;
+    }
+    else {
+        out = *pp;
+    }
+
+    XMEMCPY(out, s->data, s->length);
+    if (*pp == NULL)
+        *pp = out;
+    else
+        *pp += s->length;
+
+    return s->length;
+}
+
+static WOLFSSL_ASN1_STRING* d2i_ASN1_STRING(WOLFSSL_ASN1_STRING** out,
+        const byte** src, long len, byte expTag)
+{
+    WOLFSSL_ASN1_STRING* ret = NULL;
+    word32 idx = 0;
+    byte tag = 0;
+    int length = 0;
+
+    WOLFSSL_ENTER("d2i_ASN1_STRING");
+
+    if (src == NULL || *src == NULL || len == 0)
+        return NULL;
+
+    if (GetASNTag(*src, &idx, &tag, (word32)len) < 0)
+        return NULL;
+    if (tag != expTag)
+        return NULL;
+    if (GetLength(*src, &idx, &length, (word32)len) < 0)
+        return NULL;
+
+    ret = wolfSSL_ASN1_STRING_new();
+    if (ret == NULL)
+        return NULL;
+
+    if (wolfSSL_ASN1_STRING_set(ret, *src + idx, length) != 1) {
+        wolfSSL_ASN1_STRING_free(ret);
+        return NULL;
+    }
+
+    if (out != NULL) {
+        if (*out != NULL)
+            wolfSSL_ASN1_STRING_free(*out);
+        *out = ret;
+    }
+    *src += idx + length;
+
+    return ret;
+}
+
+WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING** out,
+        const byte** src, long len)
+{
+    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_GENERALSTRING");
+
+    return d2i_ASN1_STRING(out, src, len, ASN_GENERALSTRING);
+}
+
+WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING** out,
+        const byte** src, long len)
+{
+    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OCTET_STRING");
+
+    return d2i_ASN1_STRING(out, src, len, ASN_OCTET_STRING);
+}
+
+WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING** out,
+        const byte** src, long len)
+{
+    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_UTF8STRING");
+
+    return d2i_ASN1_STRING(out, src, len, ASN_UTF8STRING);
+}
+
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 #endif /* NO_ASN */
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
@@ -2470,7 +3047,7 @@ unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
  * @return  String length on success.
  * @return  0 when asn is NULL or no data set.
  */
-int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn)
+int wolfSSL_ASN1_STRING_length(const WOLFSSL_ASN1_STRING* asn)
 {
     int len = 0;
 
@@ -2637,10 +3214,10 @@ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
 
     if (ret == 1) {
         switch (asn_in->type) {
-            case MBSTRING_UTF8:
-            case V_ASN1_PRINTABLESTRING:
+            case WOLFSSL_MBSTRING_UTF8:
+            case WOLFSSL_V_ASN1_PRINTABLESTRING:
                 /* Set type to UTF8. */
-                asn_out->type = MBSTRING_UTF8;
+                asn_out->type = WOLFSSL_MBSTRING_UTF8;
                 /* Dispose of any dynamic data already in asn_out. */
                 if (asn_out->isDynamic) {
                     XFREE(asn_out->data, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -2757,8 +3334,8 @@ const char* wolfSSL_ASN1_tag2str(int tag)
     const char* str = "(unknown)";
 
     /* Clear negative flag. */
-    if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) {
-        tag &= ~V_ASN1_NEG;
+    if ((tag == WOLFSSL_V_ASN1_NEG_INTEGER) || (tag == WOLFSSL_V_ASN1_NEG_ENUMERATED)) {
+        tag &= ~WOLFSSL_V_ASN1_NEG;
     }
     /* Check for known basic types. */
     if ((tag >= 0) && (tag <= 30)) {
@@ -2820,7 +3397,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio,
 
     /* Write out hash character to indicate hex string. */
     if (wolfSSL_BIO_write(bio, hash, 1) != 1) {
-        str_len = -1;
+        str_len = WOLFSSL_FATAL_ERROR;
     }
     else {
         /* Check if we are to write out DER header. */
@@ -2832,7 +3409,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio,
             str_len += 4;
             /* Write out tag and length as hex digits. */
             if (wolfSSL_BIO_write(bio, hex_tmp, 4) != 4) {
-                str_len = -1;
+                str_len = WOLFSSL_FATAL_ERROR;
             }
         }
     }
@@ -2850,7 +3427,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio,
             str_len += 2;
             /* Write out character as hex digites. */
             if (wolfSSL_BIO_write(bio, hex_tmp, 2) != 2) {
-                str_len = -1;
+                str_len = WOLFSSL_FATAL_ERROR;
                 break;
             }
         }
@@ -2905,7 +3482,7 @@ static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio,
             str_len++;
             /* Write out escaping character. */
             if (wolfSSL_BIO_write(bio,"\\", 1) != 1) {
-                str_len = -1;
+                str_len = WOLFSSL_FATAL_ERROR;
                 break;
             }
         }
@@ -2913,7 +3490,7 @@ static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio,
         str_len++;
         /* Write out character. */
         if (wolfSSL_BIO_write(bio, p, 1) != 1) {
-            str_len = -1;
+            str_len = WOLFSSL_FATAL_ERROR;
             break;
         }
     }
@@ -2944,7 +3521,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str,
         err = 1;
     }
     /* Check if ASN.1 type is to be printed. */
-    if ((!err) && (flags & ASN1_STRFLGS_SHOW_TYPE)) {
+    if ((!err) && (flags & WOLFSSL_ASN1_STRFLGS_SHOW_TYPE)) {
         /* Print type and colon to BIO. */
         type_len = wolfssl_string_print_type(bio, str);
         if (type_len == 0) {
@@ -2953,12 +3530,12 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str,
     }
 
     if (!err) {
-        if (flags & ASN1_STRFLGS_DUMP_ALL) {
+        if (flags & WOLFSSL_ASN1_STRFLGS_DUMP_ALL) {
             /* Dump hex. */
             str_len = wolfssl_asn1_string_dump_hex(bio, str,
-                flags & ASN1_STRFLGS_DUMP_DER);
+                flags & WOLFSSL_ASN1_STRFLGS_DUMP_DER);
         }
-        else if (flags & ASN1_STRFLGS_ESC_2253) {
+        else if (flags & WOLFSSL_ASN1_STRFLGS_ESC_2253) {
             /* Print out string with escaping. */
             str_len = wolfssl_asn1_string_print_esc_2253(bio, str);
         }
@@ -3051,7 +3628,7 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio,
         ret = BAD_FUNC_ARG;
     }
     /* Check type is GENERALIZED TIME. */
-    if ((ret == 1) && (asnTime->type != V_ASN1_GENERALIZEDTIME)) {
+    if ((ret == 1) && (asnTime->type != WOLFSSL_V_ASN1_GENERALIZEDTIME)) {
         WOLFSSL_MSG("Error, not GENERALIZED_TIME");
         ret = 0;
     }
@@ -3242,7 +3819,6 @@ static int wolfssl_asn1_time_to_secs(const WOLFSSL_ASN1_TIME* t,
  * @param [in]  from  ASN.1 TIME object as start time.
  * @param [in]  to    ASN.1 TIME object as end time.
  * @return  1 on success.
- * @return  0 when days or secs is NULL.
  * @return  0 when conversion of time fails.
  */
 int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
@@ -3252,21 +3828,15 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
 
     WOLFSSL_ENTER("wolfSSL_ASN1_TIME_diff");
 
-    /* Validate parameters. */
-    if (days == NULL) {
-        WOLFSSL_MSG("days is NULL");
-        ret = 0;
+    if ((from == NULL) && (to == NULL)) {
+        if (days != NULL) {
+            *days = 0;
+        }
+        if (secs != NULL) {
+            *secs = 0;
+        }
     }
-    if ((ret == 1) && (secs == NULL)) {
-        WOLFSSL_MSG("secs is NULL");
-        ret = 0;
-    }
-
-    if ((ret == 1) && ((from == NULL) && (to == NULL))) {
-        *days = 0;
-        *secs = 0;
-    }
-    else if (ret == 1) {
+    else {
         const long long SECS_PER_DAY = 24 * 60 * 60;
         long long fromSecs;
         long long toSecs = 0;
@@ -3277,8 +3847,13 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
         }
         if (ret == 1) {
             long long diffSecs = toSecs - fromSecs;
-            *days = (int) (diffSecs / SECS_PER_DAY);
-            *secs = (int) (diffSecs - ((long long)*days * SECS_PER_DAY));
+            if (days != NULL) {
+                *days = (int) (diffSecs / SECS_PER_DAY);
+            }
+            if (secs != NULL) {
+                *secs = (int) (diffSecs -
+                        ((long long)(diffSecs / SECS_PER_DAY) * SECS_PER_DAY));
+            }
         }
     }
 
@@ -3417,7 +3992,7 @@ unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t)
  */
 int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
 {
-    int ret = 1;
+    int ret = WOLFSSL_SUCCESS;
     char buf[MAX_TIME_STRING_SZ];
 
     WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check");
@@ -3425,7 +4000,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
     /* If can convert to human readable then format good. */
     if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf,
             MAX_TIME_STRING_SZ) == NULL) {
-        ret = 0;
+        ret = WOLFSSL_FAILURE;
     }
 
     return ret;
@@ -3443,7 +4018,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
  */
 int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
 {
-    int ret = 1;
+    int ret = WOLFSSL_SUCCESS;
     int slen = 0;
 
     WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string");
@@ -3452,27 +4027,42 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
         WOLFSSL_MSG("Bad parameter");
         ret = 0;
     }
-    if (ret == 1) {
+    if (ret == WOLFSSL_SUCCESS) {
         /* Get length of string including NUL terminator. */
         slen = (int)XSTRLEN(str) + 1;
         if (slen > CTC_DATE_SIZE) {
             WOLFSSL_MSG("Date string too long");
-            ret = 0;
+            ret = WOLFSSL_FAILURE;
         }
     }
-    if ((ret == 1) && (t != NULL)) {
+    if ((ret == WOLFSSL_SUCCESS) && (t != NULL)) {
         /* Copy in string including NUL terminator. */
         XMEMCPY(t->data, str, (size_t)slen);
         /* Do not include NUL terminator in length. */
         t->length = slen - 1;
         /* Set ASN.1 type based on string length. */
-        t->type = ((slen == ASN_UTC_TIME_SIZE) ? V_ASN1_UTCTIME :
-            V_ASN1_GENERALIZEDTIME);
+        t->type = ((slen == ASN_UTC_TIME_SIZE) ? WOLFSSL_V_ASN1_UTCTIME :
+            WOLFSSL_V_ASN1_GENERALIZEDTIME);
     }
 
     return ret;
 }
 
+int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str)
+{
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string_X509");
+
+    if (t == NULL)
+        ret = WOLFSSL_FAILURE;
+    if (ret == WOLFSSL_SUCCESS)
+        ret = wolfSSL_ASN1_TIME_set_string(t, str);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = wolfSSL_ASN1_TIME_check(t);
+    return ret;
+}
+
 /* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object.
  *
  * @param [in]      t    ASN.1 TIME object.
@@ -3493,8 +4083,8 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
         WOLFSSL_MSG("Invalid ASN_TIME value");
     }
     /* Ensure ASN.1 type is one that is supported. */
-    else if ((t->type != V_ASN1_UTCTIME) &&
-             (t->type != V_ASN1_GENERALIZEDTIME)) {
+    else if ((t->type != WOLFSSL_V_ASN1_UTCTIME) &&
+             (t->type != WOLFSSL_V_ASN1_GENERALIZEDTIME)) {
         WOLFSSL_MSG("Invalid ASN_TIME type.");
     }
     /* Check for ASN.1 GENERALIZED TIME object being passed in. */
@@ -3512,9 +4102,9 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
 
     if (ret != NULL) {
         /* Set the ASN.1 type and length of string. */
-        ret->type = V_ASN1_GENERALIZEDTIME;
+        ret->type = WOLFSSL_V_ASN1_GENERALIZEDTIME;
 
-        if (t->type == V_ASN1_GENERALIZEDTIME) {
+        if (t->type == WOLFSSL_V_ASN1_GENERALIZEDTIME) {
             ret->length = ASN_GENERALIZED_TIME_SIZE;
 
             /* Just copy as data already appropriately formatted. */
@@ -3566,7 +4156,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t)
         ret = NULL;
     }
     else {
-        ret->type = V_ASN1_UTCTIME;
+        ret->type = WOLFSSL_V_ASN1_UTCTIME;
     }
 
     return ret;
@@ -3726,7 +4316,7 @@ static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime,
         /* Zero out values in broken-down time. */
         XMEMSET(tm, 0, sizeof(struct tm));
 
-        if (asnTime->type == V_ASN1_UTCTIME) {
+        if (asnTime->type == WOLFSSL_V_ASN1_UTCTIME) {
             /* Get year from UTC TIME string. */
             int tm_year;
             if ((ret = wolfssl_utctime_year(asn1TimeBuf, asn1TimeBufLen,
@@ -3736,7 +4326,7 @@ static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime,
                 i = 2;
             }
         }
-        else if (asnTime->type == V_ASN1_GENERALIZEDTIME) {
+        else if (asnTime->type == WOLFSSL_V_ASN1_GENERALIZEDTIME) {
             /* Get year from GENERALIZED TIME string. */
             int tm_year;
             if ((ret = wolfssl_gentime_year(asn1TimeBuf, asn1TimeBufLen,
@@ -3937,7 +4527,7 @@ int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
         ret = 0;
     }
     /* Validate ASN.1 UTC TIME object is of type UTC_TIME. */
-    if ((ret == 1) && (a->type != V_ASN1_UTCTIME)) {
+    if ((ret == 1) && (a->type != WOLFSSL_V_ASN1_UTCTIME)) {
         WOLFSSL_MSG("Error, not UTC_TIME");
         ret = 0;
     }
@@ -3989,27 +4579,28 @@ WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void)
 static void wolfssl_asn1_type_free_value(WOLFSSL_ASN1_TYPE* at)
 {
     switch (at->type) {
-        case V_ASN1_NULL:
+        case WOLFSSL_V_ASN1_NULL:
             break;
-        case V_ASN1_OBJECT:
+        case WOLFSSL_V_ASN1_OBJECT:
             wolfSSL_ASN1_OBJECT_free(at->value.object);
             break;
-        case V_ASN1_UTCTIME:
+        case WOLFSSL_V_ASN1_UTCTIME:
         #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA)
             wolfSSL_ASN1_TIME_free(at->value.utctime);
         #endif
             break;
-        case V_ASN1_GENERALIZEDTIME:
+        case WOLFSSL_V_ASN1_GENERALIZEDTIME:
         #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA)
             wolfSSL_ASN1_TIME_free(at->value.generalizedtime);
         #endif
             break;
-        case V_ASN1_UTF8STRING:
-        case V_ASN1_PRINTABLESTRING:
-        case V_ASN1_T61STRING:
-        case V_ASN1_IA5STRING:
-        case V_ASN1_UNIVERSALSTRING:
-        case V_ASN1_SEQUENCE:
+        case WOLFSSL_V_ASN1_UTF8STRING:
+        case WOLFSSL_V_ASN1_OCTET_STRING:
+        case WOLFSSL_V_ASN1_PRINTABLESTRING:
+        case WOLFSSL_V_ASN1_T61STRING:
+        case WOLFSSL_V_ASN1_IA5STRING:
+        case WOLFSSL_V_ASN1_UNIVERSALSTRING:
+        case WOLFSSL_V_ASN1_SEQUENCE:
             wolfSSL_ASN1_STRING_free(at->value.asn1_string);
             break;
         default:
@@ -4032,6 +4623,41 @@ void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
     XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
+int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp)
+{
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
+
+    if (at == NULL)
+        return WOLFSSL_FATAL_ERROR;
+
+    switch (at->type) {
+        case WOLFSSL_V_ASN1_NULL:
+            break;
+        case WOLFSSL_V_ASN1_OBJECT:
+            ret = wolfSSL_i2d_ASN1_OBJECT(at->value.object, pp);
+            break;
+        case WOLFSSL_V_ASN1_UTF8STRING:
+            ret = wolfSSL_i2d_ASN1_UTF8STRING(at->value.utf8string, pp);
+            break;
+        case WOLFSSL_V_ASN1_GENERALIZEDTIME:
+            ret = wolfSSL_i2d_ASN1_GENERALSTRING(at->value.utf8string, pp);
+            break;
+        case WOLFSSL_V_ASN1_SEQUENCE:
+            ret = wolfSSL_i2d_ASN1_SEQUENCE(at->value.sequence, pp);
+            break;
+        case WOLFSSL_V_ASN1_UTCTIME:
+        case WOLFSSL_V_ASN1_PRINTABLESTRING:
+        case WOLFSSL_V_ASN1_T61STRING:
+        case WOLFSSL_V_ASN1_IA5STRING:
+        case WOLFSSL_V_ASN1_UNIVERSALSTRING:
+        default:
+            WOLFSSL_MSG("asn1 i2d type not supported");
+            break;
+    }
+
+    return ret;
+}
+
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS) || \
@@ -4040,16 +4666,16 @@ void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
  * Set ASN.1 TYPE object with a type and value.
  *
  * Type of value for different types:
- *   V_ASN1_NULL            : Value should be NULL.
- *   V_ASN1_OBJECT          : WOLFSSL_ASN1_OBJECT.
- *   V_ASN1_UTCTIME         : WOLFSSL_ASN1_TIME.
- *   V_ASN1_GENERALIZEDTIME : WOLFSSL_ASN1_TIME.
- *   V_ASN1_UTF8STRING      : WOLFSSL_ASN1_STRING.
- *   V_ASN1_PRINTABLESTRING : WOLFSSL_ASN1_STRING.
- *   V_ASN1_T61STRING       : WOLFSSL_ASN1_STRING.
- *   V_ASN1_IA5STRING       : WOLFSSL_ASN1_STRING.
- *   V_ASN1_UNINVERSALSTRING: WOLFSSL_ASN1_STRING.
- *   V_ASN1_SEQUENCE        : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_NULL            : Value should be NULL.
+ *   WOLFSSL_V_ASN1_OBJECT          : WOLFSSL_ASN1_OBJECT.
+ *   WOLFSSL_V_ASN1_UTCTIME         : WOLFSSL_ASN1_TIME.
+ *   WOLFSSL_V_ASN1_GENERALIZEDTIME : WOLFSSL_ASN1_TIME.
+ *   WOLFSSL_V_ASN1_UTF8STRING      : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_PRINTABLESTRING : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_T61STRING       : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_IA5STRING       : WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_UNINVERSALSTRING: WOLFSSL_ASN1_STRING.
+ *   WOLFSSL_V_ASN1_SEQUENCE        : WOLFSSL_ASN1_STRING.
  *
  * @param [in, out] a      ASN.1 TYPE object to set.
  * @param [in]      type   ASN.1 type of value.
@@ -4059,21 +4685,22 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
 {
     if (a != NULL) {
         switch (type) {
-            case V_ASN1_NULL:
+            case WOLFSSL_V_ASN1_NULL:
                 if (value != NULL) {
                     WOLFSSL_MSG("NULL tag meant to be always empty!");
                     /* No way to return error - value will not be used. */
                 }
                 FALL_THROUGH;
-            case V_ASN1_OBJECT:
-            case V_ASN1_UTCTIME:
-            case V_ASN1_GENERALIZEDTIME:
-            case V_ASN1_UTF8STRING:
-            case V_ASN1_PRINTABLESTRING:
-            case V_ASN1_T61STRING:
-            case V_ASN1_IA5STRING:
-            case V_ASN1_UNIVERSALSTRING:
-            case V_ASN1_SEQUENCE:
+            case WOLFSSL_V_ASN1_OBJECT:
+            case WOLFSSL_V_ASN1_UTCTIME:
+            case WOLFSSL_V_ASN1_GENERALIZEDTIME:
+            case WOLFSSL_V_ASN1_UTF8STRING:
+            case WOLFSSL_V_ASN1_OCTET_STRING:
+            case WOLFSSL_V_ASN1_PRINTABLESTRING:
+            case WOLFSSL_V_ASN1_T61STRING:
+            case WOLFSSL_V_ASN1_IA5STRING:
+            case WOLFSSL_V_ASN1_UNIVERSALSTRING:
+            case WOLFSSL_V_ASN1_SEQUENCE:
                 /* Dispose of any value currently set. */
                 wolfssl_asn1_type_free_value(a);
                 /* Assign anonymously typed input to anonymously typed field. */
@@ -4088,6 +4715,14 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
     }
 }
 
+int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a)
+{
+    if (a != NULL && (a->type == WOLFSSL_V_ASN1_BOOLEAN || a->type == WOLFSSL_V_ASN1_NULL
+            || a->value.ptr != NULL))
+        return a->type;
+    return 0;
+}
+
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_WPAS */
 
 #endif /* !NO_ASN */
diff --git a/src/ssl_bn.c b/src/ssl_bn.c
index d4ecee4f2..e88ca03c2 100644
--- a/src/ssl_bn.c
+++ b/src/ssl_bn.c
@@ -1,6 +1,6 @@
 /* ssl_bn.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #include <wolfssl/internal.h>
 #ifndef WC_NO_RNG
@@ -64,7 +60,7 @@ static int wolfssl_bn_set_neg(WOLFSSL_BIGNUM* bn, int neg)
 
     if (BN_IS_NULL(bn)) {
         WOLFSSL_MSG("bn NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 #if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_INT_NEGATIVE)
     else if (neg) {
@@ -102,17 +98,17 @@ int wolfssl_bn_get_value(WOLFSSL_BIGNUM* bn, mp_int* mpi)
     /* Validate parameters. */
     if (BN_IS_NULL(bn)) {
         WOLFSSL_MSG("bn NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else if (mpi == NULL) {
         WOLFSSL_MSG("mpi NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Copy the internal representation into MP integer. */
     if ((ret == 1) && mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
         WOLFSSL_MSG("mp_copy error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
@@ -145,7 +141,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi)
     /* Validate parameters. */
     if ((bn == NULL) || (mpi == NULL)) {
         WOLFSSL_MSG("mpi or bn NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Allocate a new big number if one not passed in. */
@@ -153,7 +149,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi)
         a = wolfSSL_BN_new();
         if (a == NULL) {
             WOLFSSL_MSG("wolfssl_bn_set_value alloc failed");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
         *bn = a;
     }
@@ -161,12 +157,12 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi)
     /* Copy MP integer value into internal representation of big number. */
     if ((ret == 1) && (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY)) {
         WOLFSSL_MSG("mp_copy error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Dispose of any allocated big number on error. */
     if ((ret == -1) && (a != NULL)) {
-        BN_free(a);
+        wolfSSL_BN_free(a);
         *bn = NULL;
     }
     return ret;
@@ -455,7 +451,7 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
     /* Validate parameters. */
     if (BN_IS_NULL(bn)) {
         WOLFSSL_MSG("NULL bn error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     else {
         /* Get the length of the encoding. */
@@ -464,7 +460,7 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
         if ((r != NULL) && (mp_to_unsigned_bin((mp_int*)bn->internal, r) !=
                 MP_OKAY)) {
             WOLFSSL_MSG("mp_to_unsigned_bin error");
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -492,7 +488,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
     WOLFSSL_ENTER("wolfSSL_BN_bin2bn");
 
     /* Validate parameters. */
-    if ((data == NULL) || (len < 0)) {
+    if (len < 0) {
         ret = NULL;
     }
     /* Allocate a new big number when ret is NULL. */
@@ -507,7 +503,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
         if (ret->internal == NULL) {
             ret = NULL;
         }
-        else {
+        else if (data != NULL) {
             /* Decode into big number. */
             if (mp_read_unsigned_bin((mp_int*)ret->internal, data, (word32)len)
                     != 0) {
@@ -516,10 +512,15 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
                 ret = NULL;
             }
             else {
-                /* Don't free bn as we may be returning it. */
+                /* Don't free bn as we are returning it. */
                 bn = NULL;
             }
         }
+        else if (data == NULL) {
+            wolfSSL_BN_zero(ret);
+            /* Don't free bn as we are returning it. */
+            bn = NULL;
+        }
     }
 
     /* Dispose of allocated BN not being returned. */
@@ -1129,8 +1130,7 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
             ret = 0;
         }
         else {
-            /* NULL less than not NULL. */
-            ret = -1;
+            ret = -1; /* NULL less than not NULL. */
         }
     }
     else if (bIsNull) {
@@ -1147,9 +1147,12 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
         else if (ret == MP_GT) {
             ret = 1;
         }
-        else {
+        else if (ret == MP_LT) {
             ret = -1;
         }
+        else {
+            ret = WOLFSSL_FATAL_ERROR; /* also -1 */
+        }
     }
 
     return ret;
@@ -1266,105 +1269,139 @@ int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
  * Word operation APIs.
  ******************************************************************************/
 
-/* Add/subtract a word to/from a big number.
+enum BN_WORD_OP {
+    BN_WORD_ADD = 0,
+    BN_WORD_SUB = 1,
+    BN_WORD_MUL = 2,
+    BN_WORD_DIV = 3,
+    BN_WORD_MOD = 4
+};
+
+/* Helper function for word operations.
  *
- * Internal function for adding/subtracting an unsigned long from a
- * WOLFSSL_BIGNUM. To add, pass "sub" as 0. To subtract, pass it as 1.
- *
- * @param [in, out] bn   Big number to operate on.
- * @param [in]      w    Word to operate with.
- * @param [in]      sub  Indicates whether operation to perform is a subtract.
+ * @param [in, out] bn  Big number to operate on.
+ * @param [in]      w   Word to operate with.
+ * @param [in]      op  Operation to perform. See BN_WORD_OP for valid values.
+ * @param [out]     mod_res Result of the modulo operation.
  * @return  1 on success.
- * @return  0 in failure.
+ * @return  0 on failure.
  */
-static int wolfssl_bn_add_word_int(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w,
-    int sub)
+static int bn_word_helper(const WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w,
+        enum BN_WORD_OP op, WOLFSSL_BN_ULONG* mod_res)
 {
     int ret = 1;
-#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
-#ifdef WOLFSSL_SMALL_STACK
-    mp_int* w_mp = NULL;
-#else
-    mp_int w_mp[1];
-#endif /* WOLFSSL_SMALL_STACK */
-#endif
 
-#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
-#ifdef WOLFSSL_SMALL_STACK
-    /* Allocate temporary MP integer. */
-    w_mp = (mp_int*)XMALLOC(sizeof(*w_mp), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (w_mp == NULL) {
-        ret = 0;
-    }
-    else
-#endif /* WOLFSSL_SMALL_STACK */
-    {
-        /* Clear out MP integer so it can be freed. */
-        XMEMSET(w_mp, 0, sizeof(*w_mp));
-    }
-#endif
+    WOLFSSL_ENTER("bn_word_helper");
 
     /* Validate parameters. */
-    if (BN_IS_NULL(bn)) {
+    if (ret == 1 && BN_IS_NULL(bn)) {
         WOLFSSL_MSG("bn NULL error");
         ret = 0;
     }
 
     if (ret == 1) {
-        int rc = 0;
+        int rc = MP_OKAY;
 #if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
+        /* When input 'w' is greater than what can be stored in one digit */
         if (w > (WOLFSSL_BN_ULONG)MP_MASK) {
-            /* Initialize temporary MP integer. */
-            if (mp_init(w_mp) != MP_OKAY) {
+            DECL_MP_INT_SIZE_DYN(w_mp, sizeof(WOLFSSL_BN_ULONG) * CHAR_BIT,
+                                       sizeof(WOLFSSL_BN_ULONG) * CHAR_BIT);
+            NEW_MP_INT_SIZE(w_mp, sizeof(WOLFSSL_BN_ULONG) * CHAR_BIT, NULL,
+                    DYNAMIC_TYPE_TMP_BUFFER);
+#ifdef MP_INT_SIZE_CHECK_NULL
+            if (w_mp == NULL) {
+                WOLFSSL_MSG("NEW_MP_INT_SIZE error");
                 ret = 0;
             }
-            /* Set value into temporary MP integer. */
-            if ((ret == 1) && (mp_set_int(w_mp, w) != MP_OKAY)) {
+#endif
+            if (ret == 1 && mp_set_int(w_mp, w) != MP_OKAY) {
+                WOLFSSL_MSG("mp_set_int error");
                 ret = 0;
             }
             if (ret == 1) {
-                if (sub) {
-                    /* Subtract as MP integer. */
-                    rc = mp_sub((mp_int *)bn->internal, w_mp,
-                        (mp_int *)bn->internal);
-                }
-                else {
-                    /* Add as MP integer. */
-                    rc = mp_add((mp_int *)bn->internal, w_mp,
-                        (mp_int *)bn->internal);
-                }
-                if (rc != MP_OKAY) {
-                    WOLFSSL_MSG("mp_add/sub error");
-                    ret = 0;
+                switch (op) {
+                    case BN_WORD_ADD:
+                        rc = mp_add((mp_int*)bn->internal, w_mp,
+                                (mp_int*)bn->internal);
+                        break;
+                    case BN_WORD_SUB:
+                        rc = mp_sub((mp_int*)bn->internal, w_mp,
+                                (mp_int*)bn->internal);
+                        break;
+                    case BN_WORD_MUL:
+                        rc = mp_mul((mp_int*)bn->internal, w_mp,
+                                (mp_int*)bn->internal);
+                        break;
+                    case BN_WORD_DIV:
+                        rc = mp_div((mp_int*)bn->internal, w_mp,
+                                (mp_int*)bn->internal, NULL);
+                        break;
+                    case BN_WORD_MOD:
+                        rc = mp_mod((mp_int*) bn->internal, w_mp,
+                                w_mp);
+                        if (rc == MP_OKAY && mod_res != NULL)
+                            *mod_res = wolfssl_bn_get_word_1(w_mp);
+                        break;
+                    default:
+                        rc = WOLFSSL_NOT_IMPLEMENTED;
+                        break;
                 }
             }
+            FREE_MP_INT_SIZE(w_mp, NULL, DYNAMIC_TYPE_RSA);
         }
         else
 #endif
         {
-            if (sub) {
-                /* Subtract word from MP integer. */
-                rc = mp_sub_d((mp_int*)bn->internal, (mp_digit)w,
-                    (mp_int*)bn->internal);
-            }
-            else {
-                /* Add word from MP integer. */
-                rc = mp_add_d((mp_int*)bn->internal, (mp_digit)w,
-                    (mp_int*)bn->internal);
-            }
-            if (rc != MP_OKAY) {
-                WOLFSSL_MSG("mp_add/sub_d error");
-                ret = 0;
+            switch (op) {
+                case BN_WORD_ADD:
+                    rc = mp_add_d((mp_int*)bn->internal, (mp_digit)w,
+                            (mp_int*)bn->internal);
+                    break;
+                case BN_WORD_SUB:
+                    rc = mp_sub_d((mp_int*)bn->internal, (mp_digit)w,
+                            (mp_int*)bn->internal);
+                    break;
+                case BN_WORD_MUL:
+                    rc = mp_mul_d((mp_int*)bn->internal, (mp_digit)w,
+                            (mp_int*)bn->internal);
+                    break;
+                case BN_WORD_DIV:
+#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+/* copied from sp_int.h */
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
+    defined(WC_MP_TO_RADIX)
+                    rc = mp_div_d((mp_int*)bn->internal, (mp_digit)w,
+                            (mp_int*)bn->internal, NULL);
+#else
+                    rc = WOLFSSL_NOT_IMPLEMENTED;
+#endif
+#else
+                    rc = WOLFSSL_NOT_IMPLEMENTED;
+#endif
+                    break;
+                case BN_WORD_MOD:
+                    {
+                        mp_digit _mod_res;
+                        rc = mp_mod_d((mp_int*) bn->internal, (mp_digit) w,
+                                &_mod_res);
+                        if (rc == MP_OKAY && mod_res != NULL)
+                            *mod_res = (WOLFSSL_BN_ULONG)_mod_res;
+                    }
+                    break;
+                default:
+                    rc = WOLFSSL_NOT_IMPLEMENTED;
+                    break;
             }
         }
+        if (ret == 1 && rc != MP_OKAY) {
+            WOLFSSL_MSG("mp word operation error or not implemented");
+            ret = 0;
+        }
     }
 
-#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
-    mp_free(w_mp);
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(w_mp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif /* WOLFSSL_SMALL_STACK */
-#endif
+    WOLFSSL_LEAVE("bn_word_helper", ret);
+
     return ret;
 }
 
@@ -1383,7 +1420,7 @@ int wolfSSL_BN_add_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
 
     WOLFSSL_ENTER("wolfSSL_BN_add_word");
 
-    ret = wolfssl_bn_add_word_int(bn, w, 0);
+    ret = bn_word_helper(bn, w, BN_WORD_ADD, NULL);
 
     WOLFSSL_LEAVE("wolfSSL_BN_add_word", ret);
 
@@ -1405,13 +1442,40 @@ int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
 
     WOLFSSL_ENTER("wolfSSL_BN_sub_word");
 
-    ret = wolfssl_bn_add_word_int(bn, w, 1);
+    ret = bn_word_helper(bn, w, BN_WORD_SUB, NULL);
 
     WOLFSSL_LEAVE("wolfSSL_BN_sub_word", ret);
 
     return ret;
 }
 
+int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_BN_mul_word");
+
+    ret = bn_word_helper(bn, w, BN_WORD_MUL, NULL);
+
+    WOLFSSL_LEAVE("wolfSSL_BN_mul_word", ret);
+
+    return ret;
+}
+
+
+int wolfSSL_BN_div_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
+{
+    int ret;
+
+    WOLFSSL_ENTER("wolfSSL_BN_div_word");
+
+    ret = bn_word_helper(bn, w, BN_WORD_DIV, NULL);
+
+    WOLFSSL_LEAVE("wolfSSL_BN_div_word", ret);
+
+    return ret;
+}
+
 #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
     !defined(NO_DSA))
 /* Calculate bn modulo word w. bn % w
@@ -1424,70 +1488,16 @@ int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
 WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
     WOLFSSL_BN_ULONG w)
 {
-    WOLFSSL_BN_ULONG ret = 0;
+    int ret;
+    WOLFSSL_BN_ULONG res = 0;
 
     WOLFSSL_ENTER("wolfSSL_BN_mod_word");
 
-    /* Validate parameters. */
-    if (BN_IS_NULL(bn)) {
-        WOLFSSL_MSG("bn NULL error");
-        ret = (WOLFSSL_BN_ULONG)-1;
-    }
+    ret = bn_word_helper(bn, w, BN_WORD_MOD, &res);
 
-#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
-    if ((ret == 0) && (w > (WOLFSSL_BN_ULONG)MP_MASK)) {
-        /* TODO: small stack */
-        mp_int w_mp;
-        mp_int r_mp;
+    WOLFSSL_LEAVE("wolfSSL_BN_mod_word", ret);
 
-        /* Memset MP integers to be safe to free. */
-        XMEMSET(&w_mp, 0, sizeof(w_mp));
-        XMEMSET(&r_mp, 0, sizeof(r_mp));
-
-        /* Initialize MP integer to hold word. */
-        if (mp_init(&w_mp) != MP_OKAY) {
-            ret = (WOLFSSL_BN_ULONG)-1;
-        }
-        /* Initialize MP integer to hold result word. */
-        if ((ret == 0) && (mp_init(&r_mp) != MP_OKAY)) {
-            ret = (WOLFSSL_BN_ULONG)-1;
-        }
-        /* Set modulus word into MP integer. */
-        if ((ret == 0) && (mp_set_int(&w_mp, w) != MP_OKAY)) {
-            ret = (WOLFSSL_BN_ULONG)-1;
-        }
-        /* Calculate modulus result. */
-        if ((ret == 0) && (mp_mod((mp_int *)bn->internal, &w_mp, &r_mp) !=
-                MP_OKAY)) {
-            WOLFSSL_MSG("mp_mod error");
-            ret = (WOLFSSL_BN_ULONG)-1;
-        }
-        if (ret == 0) {
-            /* Get modulus result into an unsigned long. */
-            ret = wolfssl_bn_get_word_1(&r_mp);
-        }
-
-        /* Dispose of dynamically allocated data. */
-        mp_free(&r_mp);
-        mp_free(&w_mp);
-    }
-    else
-#endif
-    if (ret == 0) {
-        mp_digit mp_ret;
-
-        /* Calculate modulus result using wolfCrypt. */
-        if (mp_mod_d((mp_int*)bn->internal, (mp_digit)w, &mp_ret) != MP_OKAY) {
-            WOLFSSL_MSG("mp_add_d error");
-            ret = (WOLFSSL_BN_ULONG)-1;
-        }
-        else {
-            /* Return result. */
-            ret = (WOLFSSL_BN_ULONG)mp_ret;
-        }
-    }
-
-    return ret;
+    return ret == 1 ? res : (WOLFSSL_BN_ULONG)-1;
 }
 #endif /* WOLFSSL_KEY_GEN && (!NO_RSA || !NO_DH || !NO_DSA) */
 
@@ -2268,18 +2278,18 @@ int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int checks,
 
     if (BN_IS_NULL(bn)) {
         WOLFSSL_MSG("bn NULL error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     /* Create a new RNG or use global. */
     if ((ret == 1) && ((rng = wolfssl_make_rng(tmpRng, &localRng)) == NULL)) {
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if ((ret == 1) && (mp_prime_is_prime_ex((mp_int*)bn->internal, checks, &res,
             rng) != MP_OKAY)) {
         WOLFSSL_MSG("mp_prime_is_prime_ex error");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     if (localRng) {
@@ -2348,65 +2358,77 @@ int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn)
 }
 #endif /* !NO_FILESYSTEM && XFPRINTF */
 
+#ifndef NO_WOLFSSL_BN_CTX
 /*******************************************************************************
  * BN_CTX APIs
  ******************************************************************************/
 
-/* Allocate and return a new BN context object.
+/* Create a new BN context object.
  *
- * BN context not needed for operations.
- *
- * @return  Pointer to dummy object.
+ * @return  BN context object on success.
+ * @return  NULL on failure.
  */
 WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void)
 {
-    /* wolfcrypt doesn't need BN context. */
-    static int ctx;
+    WOLFSSL_BN_CTX* ctx = NULL;
+
     WOLFSSL_ENTER("wolfSSL_BN_CTX_new");
-    return (WOLFSSL_BN_CTX*)&ctx;
-}
+    ctx = (WOLFSSL_BN_CTX*)XMALLOC(sizeof(WOLFSSL_BN_CTX), NULL,
+            DYNAMIC_TYPE_OPENSSL);
+    if (ctx != NULL) {
+        XMEMSET(ctx, 0, sizeof(WOLFSSL_BN_CTX));
+    }
 
-/* Initialize a BN context object.
- *
- * BN context not needed for operations.
- *
- * @param [in] ctx  Dummy BN context.
- */
-void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx)
-{
-    (void)ctx;
-    WOLFSSL_ENTER("wolfSSL_BN_CTX_init");
+    return ctx;
 }
 
-
 /* Free a BN context object.
  *
- * BN context not needed for operations.
- *
- * @param [in] ctx  Dummy BN context.
+ * @param [in] ctx  BN context object.
  */
 void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx)
 {
-    (void)ctx;
     WOLFSSL_ENTER("wolfSSL_BN_CTX_free");
-    /* Don't do anything since using dummy, static BN context. */
+    if (ctx != NULL) {
+        while (ctx->list != NULL) {
+            struct WOLFSSL_BN_CTX_LIST* tmp = ctx->list;
+            ctx->list = ctx->list->next;
+            wolfSSL_BN_free(tmp->bn);
+            XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
+        }
+        XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
 }
 
-/* Get a big number based on the BN context.
+/* Get a big number from the BN context.
  *
- * @param [in] ctx  BN context. Not used.
+ * @param [in] ctx  BN context object.
  * @return  Big number on success.
  * @return  NULL on failure.
  */
 WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
 {
-    /* ctx is not used - returning a new big number. */
-    (void)ctx;
+    WOLFSSL_BIGNUM* bn = NULL;
 
     WOLFSSL_ENTER("wolfSSL_BN_CTX_get");
+    if (ctx != NULL) {
+        struct WOLFSSL_BN_CTX_LIST* node = (struct WOLFSSL_BN_CTX_LIST*)XMALLOC(
+                sizeof(struct WOLFSSL_BN_CTX_LIST), NULL, DYNAMIC_TYPE_OPENSSL);
+        if (node != NULL) {
+            XMEMSET(node, 0, sizeof(struct WOLFSSL_BN_CTX_LIST));
+            bn = node->bn = wolfSSL_BN_new();
+            if (node->bn != NULL) {
+                node->next = ctx->list;
+                ctx->list = node;
+            }
+            else {
+                XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
+                node = NULL;
+            }
+        }
+    }
 
-    /* Return a new big number. */
-    return wolfSSL_BN_new();
+    return bn;
 }
 
 #ifndef NO_WOLFSSL_STUB
@@ -2426,6 +2448,75 @@ void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx)
 }
 #endif
 
+#endif /* NO_WOLFSSL_BN_CTX */
+
+/*******************************************************************************
+ * BN_MONT_CTX APIs
+ ******************************************************************************/
+
+WOLFSSL_BN_MONT_CTX* wolfSSL_BN_MONT_CTX_new(void)
+{
+    /* wolfcrypt doesn't need BN MONT context. */
+    static int mont;
+    WOLFSSL_ENTER("wolfSSL_BN_MONT_CTX_new");
+    return (WOLFSSL_BN_MONT_CTX*)&mont;
+}
+
+void wolfSSL_BN_MONT_CTX_free(WOLFSSL_BN_MONT_CTX *mont)
+{
+    (void)mont;
+    WOLFSSL_ENTER("wolfSSL_BN_MONT_CTX_free");
+    /* Don't do anything since using dummy, static BN context. */
+}
+
+int wolfSSL_BN_MONT_CTX_set(WOLFSSL_BN_MONT_CTX *mont,
+        const WOLFSSL_BIGNUM *mod, WOLFSSL_BN_CTX *ctx)
+{
+    (void) mont;
+    (void) mod;
+    (void) ctx;
+    WOLFSSL_ENTER("wolfSSL_BN_MONT_CTX_set");
+    return WOLFSSL_SUCCESS;
+}
+
+/* Calculate r = a ^ p % m.
+ *
+ * @param [out] r    Big number to store the result.
+ * @param [in]  a    Base as an unsigned long.
+ * @param [in]  p    Exponent as a big number.
+ * @param [in]  m    Modulus as a big number.
+ * @param [in]  ctx  BN context object. Unused.
+ * @param [in]  mont Montgomery context object. Unused.
+ *
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_BN_mod_exp_mont_word(WOLFSSL_BIGNUM *r, WOLFSSL_BN_ULONG a,
+        const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx,
+        WOLFSSL_BN_MONT_CTX *mont)
+{
+    WOLFSSL_BIGNUM* tmp = NULL;
+    int ret = WOLFSSL_SUCCESS;
+
+    (void)mont;
+    WOLFSSL_ENTER("wolfSSL_BN_mod_exp_mont_word");
+
+    if (ret == WOLFSSL_SUCCESS && (tmp = wolfSSL_BN_new()) == NULL) {
+        WOLFSSL_MSG("wolfSSL_BN_new failed");
+        ret = WOLFSSL_FAILURE;
+    }
+    if (ret == WOLFSSL_SUCCESS && (wolfSSL_BN_set_word(tmp, (unsigned long)a))
+                                   == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+        WOLFSSL_MSG("wolfSSL_BN_set_word failed");
+        ret = WOLFSSL_FAILURE;
+    }
+    if (ret == WOLFSSL_SUCCESS)
+        ret = wolfSSL_BN_mod_exp(r, tmp, p, m, ctx);
+
+    wolfSSL_BN_free(tmp);
+    return ret;
+}
+
 #endif /* OPENSSL_EXTRA */
 
 #endif /* !WOLFSSL_SSL_BN_INCLUDED */
diff --git a/src/ssl_certman.c b/src/ssl_certman.c
index d520f2470..bfa24826b 100644
--- a/src/ssl_certman.c
+++ b/src/ssl_certman.c
@@ -1,6 +1,6 @@
 /* ssl_certman.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #include <wolfssl/internal.h>
 
@@ -44,6 +40,7 @@
  */
 static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void* heap)
 {
+    (void)heap;
     #ifndef NO_WOLFSSL_CLIENT
         #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
             return wolfSSLv3_client_method_ex(heap);
@@ -398,7 +395,7 @@ WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm)
         }
 
         /* Decode certificate. */
-        if ((!err) && (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS)) {
+        if ((!err) && (wolfSSL_sk_X509_push(sk, x509) <= 0)) {
             wolfSSL_X509_free(x509);
             err = 1;
         }
@@ -455,11 +452,12 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
     return ret;
 }
 
-int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm)
+static int wolfSSL_CertManagerUnloadIntermediateCertsEx(
+                                WOLFSSL_CERT_MANAGER* cm, byte type)
 {
     int ret = WOLFSSL_SUCCESS;
 
-    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts");
+    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCertsEx");
 
     /* Validate parameter. */
     if (cm == NULL) {
@@ -471,7 +469,7 @@ int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm)
     }
     if (ret == WOLFSSL_SUCCESS) {
         /* Dispose of CA table. */
-        FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, WOLFSSL_CHAIN_CA,
+        FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, type,
                 cm->heap);
 
         /* Unlock CA table. */
@@ -481,6 +479,22 @@ int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm)
     return ret;
 }
 
+#if defined(OPENSSL_EXTRA)
+static int wolfSSL_CertManagerUnloadTempIntermediateCerts(
+    WOLFSSL_CERT_MANAGER* cm)
+{
+    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTempIntermediateCerts");
+    return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_TEMP_CA);
+}
+#endif
+
+int wolfSSL_CertManagerUnloadIntermediateCerts(
+    WOLFSSL_CERT_MANAGER* cm)
+{
+    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts");
+    return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_CHAIN_CA);
+}
+
 #ifdef WOLFSSL_TRUST_PEER_CERT
 /* Unload the trusted peers table.
  *
@@ -607,7 +621,7 @@ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc)
         cm->verifyCallback = vc;
     }
 }
-#endif /* NO_WOLFSSL_CM_VERIFY */
+#endif /* !NO_WOLFSSL_CM_VERIFY */
 
 #ifdef WC_ASN_UNKNOWN_EXT_CB
 void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm,
@@ -1858,6 +1872,61 @@ int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb)
     return ret;
 }
 
+int wolfSSL_CertManagerSetCRL_ErrorCb(WOLFSSL_CERT_MANAGER* cm, crlErrorCb cb,
+                                      void* ctx)
+{
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfSSL_CertManagerSetCRL_Cb");
+
+    /* Validate parameters. */
+    if (cm == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Store callback. */
+        cm->crlCb = cb;
+        cm->crlCbCtx = ctx;
+    }
+
+    return ret;
+}
+
+#ifdef HAVE_CRL_UPDATE_CB
+int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info,
+    const byte* buff, long sz, int type)
+{
+    return GetCRLInfo(cm->crl, info, buff, sz, type);
+}
+
+/* Set the callback to be called when a CRL entry has
+ * been updated (new entry had the same issuer hash and
+ * a newer CRL number).
+ *
+ * @param [in] cm  Certificate manager.
+ * @param [in] cb  CRL update callback.
+ * @return  WOLFSSL_SUCCESS on success.
+ * @return  BAD_FUNC_ARG when cm is NULL.
+ */
+int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm, CbUpdateCRL cb)
+{
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfSSL_CertManagerSetCRLUpdate_Cb");
+
+    /* Validate parameters. */
+    if (cm == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Store callback. */
+        cm->cbUpdateCRL = cb;
+    }
+
+    return ret;
+}
+#endif
+
 #ifdef HAVE_CRL_IO
 /* Set the CRL I/O callback.
  *
diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c
index 296e74a14..474430449 100644
--- a/src/ssl_crypto.c
+++ b/src/ssl_crypto.c
@@ -1,6 +1,6 @@
 /* ssl_crypto.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef WOLFSSL_SSL_CRYPTO_INCLUDED
     #ifndef WOLFSSL_IGNORE_FILE_WARN
@@ -45,13 +40,12 @@
 void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4)
 {
     /* Ensure WOLFSSL_MD4_CTX is big enough for wolfCrypt Md4. */
-    typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
-    (void)sizeof(ok);
+    WOLFSSL_ASSERT_SIZEOF_GE(md4->buffer, wc_Md4);
 
     WOLFSSL_ENTER("MD4_Init");
 
     /* Initialize wolfCrypt MD4 object. */
-    wc_InitMd4((Md4*)md4);
+    wc_InitMd4((wc_Md4*)md4);
 }
 
 /* Update MD4 hash with data.
@@ -66,7 +60,7 @@ void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data,
     WOLFSSL_ENTER("MD4_Update");
 
     /* Update wolfCrypt MD4 object with data. */
-    wc_Md4Update((Md4*)md4, (const byte*)data, (word32)len);
+    wc_Md4Update((wc_Md4*)md4, (const byte*)data, (word32)len);
 }
 
 /* Finalize MD4 hash and return output.
@@ -80,7 +74,7 @@ void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4)
     WOLFSSL_ENTER("MD4_Final");
 
     /* Finalize wolfCrypt MD4 hash into digest. */
-    wc_Md4Final((Md4*)md4, digest);
+    wc_Md4Final((wc_Md4*)md4, digest);
 }
 
 #endif /* NO_MD4 */
@@ -97,8 +91,7 @@ void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4)
 int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5)
 {
     /* Ensure WOLFSSL_MD5_CTX is big enough for wolfCrypt wc_Md5. */
-    typedef char md5_test[sizeof(WOLFSSL_MD5_CTX) >= sizeof(wc_Md5) ? 1 : -1];
-    (void)sizeof(md5_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_MD5_CTX, wc_Md5);
 
     WOLFSSL_ENTER("MD5_Init");
 
@@ -212,8 +205,7 @@ unsigned char* wolfSSL_MD5(const unsigned char* data, size_t len,
 int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
 {
     /* Ensure WOLFSSL_SHA_CTX is big enough for wolfCrypt wc_Sha. */
-    typedef char sha_test[sizeof(WOLFSSL_SHA_CTX) >= sizeof(wc_Sha) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA_CTX, wc_Sha);
 
     WOLFSSL_ENTER("SHA_Init");
 
@@ -296,7 +288,7 @@ int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha)
 {
     WOLFSSL_ENTER("SHA1_Init");
 
-    return SHA_Init(sha);
+    return wolfSSL_SHA_Init(sha);
 }
 
 
@@ -313,7 +305,7 @@ int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
 {
     WOLFSSL_ENTER("SHA1_Update");
 
-    return SHA_Update(sha, input, sz);
+    return wolfSSL_SHA_Update(sha, input, sz);
 }
 
 /* Finalize SHA-1 hash and return output.
@@ -328,7 +320,7 @@ int wolfSSL_SHA1_Final(byte* output, WOLFSSL_SHA_CTX* sha)
 {
     WOLFSSL_ENTER("SHA1_Final");
 
-    return SHA_Final(output, sha);
+    return wolfSSL_SHA_Final(output, sha);
 }
 
 #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
@@ -362,8 +354,7 @@ int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char* data)
 int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha224)
 {
     /* Ensure WOLFSSL_SHA224_CTX is big enough for wolfCrypt wc_Sha224. */
-    typedef char sha_test[sizeof(SHA224_CTX) >= sizeof(wc_Sha224) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA224_CTX, wc_Sha224);
 
     WOLFSSL_ENTER("SHA224_Init");
 
@@ -422,8 +413,7 @@ int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha224)
 int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
 {
     /* Ensure WOLFSSL_SHA256_CTX is big enough for wolfCrypt wc_Sha256. */
-    typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(wc_Sha256) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA256_CTX, wc_Sha256);
 
     WOLFSSL_ENTER("SHA256_Init");
 
@@ -512,8 +502,7 @@ int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256,
 int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha384)
 {
     /* Ensure WOLFSSL_SHA384_CTX is big enough for wolfCrypt wc_Sha384. */
-    typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(wc_Sha384) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA384_CTX, wc_Sha384);
 
     WOLFSSL_ENTER("SHA384_Init");
 
@@ -572,8 +561,7 @@ int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha384)
 int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha512)
 {
     /* Ensure WOLFSSL_SHA512_CTX is big enough for wolfCrypt wc_Sha512. */
-    typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(wc_Sha512) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA512_CTX, wc_Sha512);
 
     WOLFSSL_ENTER("SHA512_Init");
 
@@ -809,8 +797,7 @@ int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
 int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX* sha3_224)
 {
     /* Ensure WOLFSSL_SHA3_224_CTX is big enough for wolfCrypt wc_Sha3. */
-    typedef char sha_test[sizeof(SHA3_224_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_224_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_224_Init");
 
@@ -869,8 +856,7 @@ int wolfSSL_SHA3_224_Final(byte* output, WOLFSSL_SHA3_224_CTX* sha3)
 int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX* sha3_256)
 {
     /* Ensure WOLFSSL_SHA3_256_CTX is big enough for wolfCrypt wc_Sha3. */
-    typedef char sha_test[sizeof(SHA3_256_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_256_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_256_Init");
 
@@ -929,8 +915,7 @@ int wolfSSL_SHA3_256_Final(byte* output, WOLFSSL_SHA3_256_CTX* sha3)
 int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX* sha3_384)
 {
     /* Ensure WOLFSSL_SHA3_384_CTX is big enough for wolfCrypt wc_Sha3. */
-    typedef char sha_test[sizeof(SHA3_384_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_384_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_384_Init");
 
@@ -989,8 +974,7 @@ int wolfSSL_SHA3_384_Final(byte* output, WOLFSSL_SHA3_384_CTX* sha3)
 int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX* sha3_512)
 {
     /* Ensure WOLFSSL_SHA3_512_CTX is big enough for wolfCrypt wc_Sha3. */
-    typedef char sha_test[sizeof(SHA3_512_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
-    (void)sizeof(sha_test);
+    WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_512_CTX, wc_Sha3);
 
     WOLFSSL_ENTER("SHA3_512_Init");
 
@@ -1733,7 +1717,7 @@ const WOLFSSL_EVP_MD* wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX* ctx)
  * @return  0 on failure.
  */
 int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, int keySz,
-    const EVP_MD* type, WOLFSSL_ENGINE* e)
+    const WOLFSSL_EVP_MD* type, WOLFSSL_ENGINE* e)
 {
     WOLFSSL_ENTER("wolfSSL_HMAC_Init_ex");
 
@@ -1757,7 +1741,7 @@ int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, int keySz,
  * @return  0 on failure.
  */
 int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
-    const EVP_MD* type)
+    const WOLFSSL_EVP_MD* type)
 {
     int ret = 1;
     void* heap = NULL;
@@ -2239,7 +2223,7 @@ int wolfSSL_CMAC_Update(WOLFSSL_CMAC_CTX* ctx, const void* data, size_t len)
  *
  * @param [in, out] ctx  CMAC context object.
  * @param [out]     out  Buffer to place CMAC result into.
- *                       Must be able to hold AES_BLOCK_SIZE bytes.
+ *                       Must be able to hold WC_AES_BLOCK_SIZE bytes.
  * @param [out]     len  Length of CMAC result. May be NULL.
  * @return  1 on success.
  * @return  0 when ctx is NULL.
@@ -2259,7 +2243,7 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len)
 
     if (ret == 1) {
         /* Get the expected output size. */
-        blockSize = EVP_CIPHER_CTX_block_size(ctx->cctx);
+        blockSize = wolfSSL_EVP_CIPHER_CTX_block_size(ctx->cctx);
         /* Check value is valid. */
         if (blockSize <= 0) {
             ret = 0;
@@ -2442,7 +2426,7 @@ int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* key,
     /* Check key parity is odd. */
     if ((ret == 0) && (!wolfSSL_DES_check_key_parity(key))) {
         WOLFSSL_MSG("Odd parity test fail");
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
     /* Check whether key is weak. */
     if ((ret == 0) && wolfSSL_DES_is_weak_key(key)) {
@@ -2554,21 +2538,23 @@ WOLFSSL_DES_LONG wolfSSL_DES_cbc_cksum(const unsigned char* in,
     if ((!err) && (dataSz % DES_BLOCK_SIZE)) {
         /* Allocate a buffer big enough to hold padded input. */
         dataSz += DES_BLOCK_SIZE - (dataSz % DES_BLOCK_SIZE);
-        data = (unsigned char*)XMALLOC(dataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        data = (unsigned char*)XMALLOC((size_t)dataSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
         if (data == NULL) {
             WOLFSSL_MSG("Issue creating temporary buffer");
             err = 1;
         }
         else {
             /* Copy input and pad with 0s. */
-            XMEMCPY(data, in, length);
-            XMEMSET(data + length, 0, dataSz - length);
+            XMEMCPY(data, in, (size_t)length);
+            XMEMSET(data + length, 0, (size_t)(dataSz - length));
         }
     }
 
     if (!err) {
         /* Allocate buffer to hold encrypted data. */
-        tmp = (unsigned char*)XMALLOC(dataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        tmp = (unsigned char*)XMALLOC((size_t)dataSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp == NULL) {
             WOLFSSL_MSG("Issue creating temporary buffer");
             err = 1;
@@ -2578,7 +2564,7 @@ WOLFSSL_DES_LONG wolfSSL_DES_cbc_cksum(const unsigned char* in,
     if (!err) {
         /* Encrypt data into temporary. */
         wolfSSL_DES_cbc_encrypt(data, tmp, dataSz, sc, (WOLFSSL_DES_cblock*)iv,
-            DES_ENCRYPT);
+            WC_DES_ENCRYPT);
         /* Copy out last block. */
         XMEMCPY((unsigned char*)out, tmp + (dataSz - DES_BLOCK_SIZE),
             DES_BLOCK_SIZE);
@@ -2625,7 +2611,7 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output,
     WOLFSSL_ENTER("wolfSSL_DES_cbc_encrypt");
 
 #ifdef WOLFSSL_SMALL_STACK
-    des = XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER);
+    des = (Des*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER);
     if (des == NULL) {
         WOLFSSL_MSG("Failed to allocate memory for Des object");
     }
@@ -2642,13 +2628,13 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output,
         /* Length of data that is a multiple of a block. */
         word32 len   = (word32)(length - lb_sz);
 
-        if (enc == DES_ENCRYPT) {
+        if (enc == WC_DES_ENCRYPT) {
             /* Encrypt full blocks into output. */
             wc_Des_CbcEncrypt(des, output, input, len);
             if (lb_sz != 0) {
                 /* Create a 0 padded block from remaining bytes. */
                 XMEMSET(lastBlock, 0, DES_BLOCK_SIZE);
-                XMEMCPY(lastBlock, input + len, lb_sz);
+                XMEMCPY(lastBlock, input + len, (size_t)lb_sz);
                 /* Encrypt last block into output. */
                 wc_Des_CbcEncrypt(des, output + len, lastBlock,
                     (word32)DES_BLOCK_SIZE);
@@ -2662,7 +2648,7 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output,
                 wc_Des_CbcDecrypt(des, lastBlock, input + len,
                     (word32)DES_BLOCK_SIZE);
                 /* Copy out the required amount of the decrypted block. */
-                XMEMCPY(output + len, lastBlock, lb_sz);
+                XMEMCPY(output + len, lastBlock, (size_t)lb_sz);
             }
         }
     }
@@ -2698,7 +2684,7 @@ void wolfSSL_DES_ncbc_encrypt(const unsigned char* input, unsigned char* output,
     offset = (offset + DES_BLOCK_SIZE - 1) / DES_BLOCK_SIZE;
     offset *= DES_BLOCK_SIZE;
     offset -= DES_BLOCK_SIZE;
-    if (enc == DES_ENCRYPT) {
+    if (enc == WC_DES_ENCRYPT) {
         /* Encrypt data. */
         wolfSSL_DES_cbc_encrypt(input, output, length, schedule, ivec, enc);
         /* Use last encrypted block as new IV. */
@@ -2743,7 +2729,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
     WOLFSSL_ENTER("wolfSSL_DES_ede3_cbc_encrypt");
 
 #ifdef WOLFSSL_SMALL_STACK
-    des3 = XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER);
+    des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER);
     if (des3 == NULL) {
         WOLFSSL_MSG("Failed to allocate memory for Des3 object");
         sz = 0;
@@ -2772,7 +2758,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
         ret = wc_Des3Init(des3, NULL, INVALID_DEVID);
         (void)ret;
 
-        if (enc == DES_ENCRYPT) {
+        if (enc == WC_DES_ENCRYPT) {
             /* Initialize wolfCrypt DES3 object. */
             if (wc_Des3_SetKey(des3, key, (const byte*)ivec, DES_ENCRYPTION)
                     == 0) {
@@ -2786,7 +2772,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
                 if (lb_sz != 0) {
                     /* Create a 0 padded block from remaining bytes. */
                     XMEMSET(lastBlock, 0, DES_BLOCK_SIZE);
-                    XMEMCPY(lastBlock, input + len, lb_sz);
+                    XMEMCPY(lastBlock, input + len, (size_t)lb_sz);
                     /* Encrypt last block into output. */
                     ret = wc_Des3_CbcEncrypt(des3, output + len, lastBlock,
                         (word32)DES_BLOCK_SIZE);
@@ -2836,7 +2822,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
                     (void)ret;
                 #endif
                     /* Copy out the required amount of the decrypted block. */
-                    XMEMCPY(output + len, lastBlock, lb_sz);
+                    XMEMCPY(output + len, lastBlock, (size_t)lb_sz);
                 }
             }
         }
@@ -2869,22 +2855,24 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* in, WOLFSSL_DES_cblock* out,
 
     /* Validate parameters. */
     if ((in == NULL) || (out == NULL) || (key == NULL) ||
-           ((enc != DES_ENCRYPT) && (enc != DES_DECRYPT))) {
+           ((enc != WC_DES_ENCRYPT) && (enc != WC_DES_DECRYPT))) {
         WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt");
     }
 #ifdef WOLFSSL_SMALL_STACK
-    else if ((des = XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_CIPHER)) == NULL) {
+    else if ((des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_CIPHER))
+             == NULL)
+    {
         WOLFSSL_MSG("Failed to allocate memory for Des object");
     }
 #endif
     /* Set key in wolfCrypt DES object for encryption or decryption.
-     * DES_ENCRYPT = 1, wolfSSL DES_ENCRYPTION = 0.
-     * DES_DECRYPT = 0, wolfSSL DES_DECRYPTION = 1.
+     * WC_DES_ENCRYPT = 1, wolfSSL DES_ENCRYPTION = 0.
+     * WC_DES_DECRYPT = 0, wolfSSL DES_DECRYPTION = 1.
      */
     else if (wc_Des_SetKey(des, (const byte*)key, NULL, !enc) != 0) {
         WOLFSSL_MSG("wc_Des_SetKey return error.");
     }
-    else if (enc == DES_ENCRYPT) {
+    else if (enc == WC_DES_ENCRYPT) {
         /* Encrypt a block with wolfCrypt DES object. */
         if (wc_Des_EcbEncrypt(des, (byte*)out, (const byte*)in, DES_KEY_SIZE)
                 != 0) {
@@ -2926,33 +2914,32 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* in, WOLFSSL_DES_cblock* out,
  * @param [in]  key   Key data.
  * @param [in]  bits  Number of bits in key.
  * @param [out] aes   AES key object.
- * @param [in]  enc   Whether to encrypt. AES_ENCRYPT or AES_DECRYPT.
+ * @param [in]  enc   Whether to encrypt. AES_ENCRYPTION or AES_DECRYPTION.
  * @return  0 on success.
  * @return  -1 when key or aes is NULL.
  * @return  -1 when setting key with wolfCrypt fails.
  */
 static int wolfssl_aes_set_key(const unsigned char *key, const int bits,
-    AES_KEY *aes, int enc)
+    WOLFSSL_AES_KEY *aes, int enc)
 {
-    typedef char aes_test[sizeof(AES_KEY) >= sizeof(Aes) ? 1 : -1];
-    (void)sizeof(aes_test);
+    wc_static_assert(sizeof(WOLFSSL_AES_KEY) >= sizeof(Aes));
 
     /* Validate parameters. */
     if ((key == NULL) || (aes == NULL)) {
         WOLFSSL_MSG("Null argument passed in");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
-    XMEMSET(aes, 0, sizeof(AES_KEY));
+    XMEMSET(aes, 0, sizeof(WOLFSSL_AES_KEY));
 
     if (wc_AesInit((Aes*)aes, NULL, INVALID_DEVID) != 0) {
         WOLFSSL_MSG("Error in initting AES key");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
-    if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, enc) != 0) {
+    if (wc_AesSetKey((Aes*)aes, key, (word32)((bits)/8), NULL, enc) != 0) {
         WOLFSSL_MSG("Error in setting AES key");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     return 0;
 }
@@ -2967,11 +2954,11 @@ static int wolfssl_aes_set_key(const unsigned char *key, const int bits,
  * @return  -1 when setting key with wolfCrypt fails.
  */
 int wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits,
-    AES_KEY *aes)
+    WOLFSSL_AES_KEY *aes)
 {
     WOLFSSL_ENTER("wolfSSL_AES_set_encrypt_key");
 
-    return wolfssl_aes_set_key(key, bits, aes, AES_ENCRYPT);
+    return wolfssl_aes_set_key(key, bits, aes, AES_ENCRYPTION);
 }
 
 /* Sets the key into the AES key object for decryption.
@@ -2984,11 +2971,11 @@ int wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits,
  * @return  -1 when setting key with wolfCrypt fails.
  */
 int wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits,
-    AES_KEY *aes)
+    WOLFSSL_AES_KEY *aes)
 {
     WOLFSSL_ENTER("wolfSSL_AES_set_decrypt_key");
 
-    return wolfssl_aes_set_key(key, bits, aes, AES_DECRYPT);
+    return wolfssl_aes_set_key(key, bits, aes, AES_DECRYPTION);
 }
 
 #ifdef WOLFSSL_AES_DIRECT
@@ -2996,15 +2983,15 @@ int wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits,
  *
  * wolfSSL_AES_set_encrypt_key() must have been called.
  *
- * #input must contain AES_BLOCK_SIZE bytes of data.
- * #output must be a buffer at least AES_BLOCK_SIZE bytes in length.
+ * #input must contain WC_AES_BLOCK_SIZE bytes of data.
+ * #output must be a buffer at least WC_AES_BLOCK_SIZE bytes in length.
  *
  * @param [in]  input   Data to encrypt.
  * @param [out] output  Encrypted data.
  * @param [in]  key     AES key to use for encryption.
  */
 void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output,
-    AES_KEY *key)
+    WOLFSSL_AES_KEY *key)
 {
     WOLFSSL_ENTER("wolfSSL_AES_encrypt");
 
@@ -3014,7 +3001,8 @@ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output,
     }
     else
 #if !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \
+    || defined(WOLFSSL_LINUXKM))
     /* Encrypt a block with wolfCrypt AES. */
     if (wc_AesEncryptDirect((Aes*)key, output, input) != 0) {
         WOLFSSL_MSG("wc_AesEncryptDirect failed");
@@ -3032,15 +3020,15 @@ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output,
  *
  * wolfSSL_AES_set_decrypt_key() must have been called.
  *
- * #input must contain AES_BLOCK_SIZE bytes of data.
- * #output must be a buffer at least AES_BLOCK_SIZE bytes in length.
+ * #input must contain WC_AES_BLOCK_SIZE bytes of data.
+ * #output must be a buffer at least WC_AES_BLOCK_SIZE bytes in length.
  *
  * @param [in]  input   Data to decrypt.
  * @param [out] output  Decrypted data.
  * @param [in]  key     AES key to use for encryption.
  */
 void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output,
-    AES_KEY *key)
+    WOLFSSL_AES_KEY *key)
 {
     WOLFSSL_ENTER("wolfSSL_AES_decrypt");
 
@@ -3050,7 +3038,7 @@ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output,
     }
     else
 #if !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION3_GE(5,3,0)))
     /* Decrypt a block with wolfCrypt AES. */
     if (wc_AesDecryptDirect((Aes*)key, output, input) != 0) {
         WOLFSSL_MSG("wc_AesDecryptDirect failed");
@@ -3072,17 +3060,17 @@ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output,
  * wolfSSL_AES_set_encrypt_key() or wolfSSL_AES_set_decrypt_key ()must have been
  * called.
  *
- * #input must contain AES_BLOCK_SIZE bytes of data.
- * #output must be a buffer at least AES_BLOCK_SIZE bytes in length.
+ * #input must contain WC_AES_BLOCK_SIZE bytes of data.
+ * #output must be a buffer at least WC_AES_BLOCK_SIZE bytes in length.
  *
  * @param [in]  in   Data to encipher.
  * @param [out] out  Enciphered data.
  * @param [in]  key  AES key to use for encryption/decryption.
  * @param [in]  enc  Whether to encrypt.
- *                   AES_ENCRPT for encryption, AES_DECRYPT for decryption.
+ *                   AES_ENCRPT for encryption, AES_DECRYPTION for decryption.
  */
 void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out,
-    AES_KEY *key, const int enc)
+    WOLFSSL_AES_KEY *key, const int enc)
 {
     WOLFSSL_ENTER("wolfSSL_AES_ecb_encrypt");
 
@@ -3090,16 +3078,16 @@ void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out,
     if ((key == NULL) || (in == NULL) || (out == NULL)) {
         WOLFSSL_MSG("Error, Null argument passed in");
     }
-    else if (enc == AES_ENCRYPT) {
+    else if (enc == AES_ENCRYPTION) {
         /* Encrypt block. */
-        if (wc_AesEcbEncrypt((Aes*)key, out, in, AES_BLOCK_SIZE) != 0) {
+        if (wc_AesEcbEncrypt((Aes*)key, out, in, WC_AES_BLOCK_SIZE) != 0) {
             WOLFSSL_MSG("Error with AES CBC encrypt");
         }
     }
     else {
     #ifdef HAVE_AES_DECRYPT
         /* Decrypt block. */
-        if (wc_AesEcbDecrypt((Aes*)key, out, in, AES_BLOCK_SIZE) != 0) {
+        if (wc_AesEcbDecrypt((Aes*)key, out, in, WC_AES_BLOCK_SIZE) != 0) {
             WOLFSSL_MSG("Error with AES CBC decrypt");
         }
     #else
@@ -3123,10 +3111,10 @@ void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out,
  *                        On in, used with first block.
  *                        On out, IV for further operations.
  * @param [in]       enc  Whether to encrypt.
- *                   AES_ENCRPT for encryption, AES_DECRYPT for decryption.
+ *                   AES_ENCRPT for encryption, AES_DECRYPTION for decryption.
  */
 void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
-    size_t len, AES_KEY *key, unsigned char* iv, const int enc)
+    size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, const int enc)
 {
     WOLFSSL_ENTER("wolfSSL_AES_cbc_encrypt");
 
@@ -3143,7 +3131,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
         if ((ret = wc_AesSetIV(aes, (const byte*)iv)) != 0) {
             WOLFSSL_MSG("Error with setting iv");
         }
-        else if (enc == AES_ENCRYPT) {
+        else if (enc == AES_ENCRYPTION) {
             /* Encrypt with wolfCrypt AES object. */
             if ((ret = wc_AesCbcEncrypt(aes, out, in, (word32)len)) != 0) {
                 WOLFSSL_MSG("Error with AES CBC encrypt");
@@ -3158,7 +3146,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
 
         if (ret == 0) {
             /* Get IV for next operation. */
-            XMEMCPY(iv, (byte*)(aes->reg), AES_BLOCK_SIZE);
+            XMEMCPY(iv, (byte*)(aes->reg), WC_AES_BLOCK_SIZE);
         }
     }
 }
@@ -3178,10 +3166,10 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
  *                        On out, IV for further operations.
  * @param [out]      num  Number of bytes used from last incomplete block.
  * @param [in]       enc  Whether to encrypt.
- *                   AES_ENCRPT for encryption, AES_DECRYPT for decryption.
+ *                   AES_ENCRPT for encryption, AES_DECRYPTION for decryption.
  */
 void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
-    size_t len, AES_KEY *key, unsigned char* iv, int* num, const int enc)
+    size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, int* num, const int enc)
 {
 #ifndef WOLFSSL_AES_CFB
     WOLFSSL_MSG("CFB mode not enabled please use macro WOLFSSL_AES_CFB");
@@ -3208,9 +3196,9 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
          * leftover bytes field "left", and this function relies on the leftover
          * bytes being preserved between calls.
          */
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
 
-        if (enc == AES_ENCRYPT) {
+        if (enc == AES_ENCRYPTION) {
             /* Encrypt data with AES-CFB. */
             if ((ret = wc_AesCfbEncrypt(aes, out, in, (word32)len)) != 0) {
                 WOLFSSL_MSG("Error with AES CBC encrypt");
@@ -3225,11 +3213,11 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
 
         if (ret == 0) {
             /* Copy IV out after operation. */
-            XMEMCPY(iv, (byte*)(aes->reg), AES_BLOCK_SIZE);
+            XMEMCPY(iv, (byte*)(aes->reg), WC_AES_BLOCK_SIZE);
 
             /* Store number of left over bytes to num. */
             if (num != NULL) {
-                *num = (AES_BLOCK_SIZE - aes->left) % AES_BLOCK_SIZE;
+                *num = (WC_AES_BLOCK_SIZE - aes->left) % WC_AES_BLOCK_SIZE;
             }
         }
     }
@@ -3249,7 +3237,7 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
  * @return  0 when key, iv, out or in is NULL.
  * @return  0 when key length is not valid.
  */
-int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+int wolfSSL_AES_wrap_key(WOLFSSL_AES_KEY *key, const unsigned char *iv,
     unsigned char *out, const unsigned char *in, unsigned int inSz)
 {
     int ret = 0;
@@ -3284,7 +3272,7 @@ int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
  * @return  0 when key, iv, out or in is NULL.
  * @return  0 when wrapped key data length is not valid.
  */
-int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+int wolfSSL_AES_unwrap_key(WOLFSSL_AES_KEY *key, const unsigned char *iv,
     unsigned char *out, const unsigned char *in, unsigned int inSz)
 {
     int ret = 0;
@@ -3345,7 +3333,7 @@ size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in,
         }
 
         /* Encrypt data up to last block */
-        (*cbc)(in, out, len - lastBlkLen, key, iv, AES_ENCRYPT);
+        (*cbc)(in, out, len - lastBlkLen, key, iv, AES_ENCRYPTION);
 
         /* Move to last block */
         in += len - lastBlkLen;
@@ -3358,7 +3346,7 @@ size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in,
         XMEMCPY(out, out - WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen);
         /* Encrypt last block. */
         (*cbc)(lastBlk, out - WOLFSSL_CTS128_BLOCK_SZ, WOLFSSL_CTS128_BLOCK_SZ,
-                key, iv, AES_ENCRYPT);
+                key, iv, AES_ENCRYPTION);
     }
 
     return len;
@@ -3413,13 +3401,13 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
          * Use 0 buffer as IV to do straight decryption.
          * This places the Cn-1 block at lastBlk */
         XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ);
-        (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, AES_DECRYPT);
+        (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, AES_DECRYPTION);
         /* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn
          *          to create En. */
         XMEMCPY(prevBlk, in + WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen);
         /* Cn and Cn-1 can now be decrypted */
-        (*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPT);
-        (*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPT);
+        (*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPTION);
+        (*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPTION);
         XMEMCPY(out + WOLFSSL_CTS128_BLOCK_SZ, lastBlk, lastBlkLen);
     }
 
@@ -3449,8 +3437,7 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
 void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len,
     const unsigned char* data)
 {
-    typedef char rc4_test[sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4) ? 1 : -1];
-    (void)sizeof(rc4_test);
+    wc_static_assert(sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4));
 
     WOLFSSL_ENTER("wolfSSL_RC4_set_key");
 
diff --git a/src/ssl_load.c b/src/ssl_load.c
index da4279e39..542289f72 100644
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@@ -1,6 +1,6 @@
 /* ssl_load.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /*
  * WOLFSSL_SYS_CA_CERTS
@@ -35,8 +30,10 @@
 #ifdef WOLFSSL_SYS_CA_CERTS
 
 #ifdef _WIN32
+    #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
     #include <windows.h>
     #include <wincrypt.h>
+    #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
 
     /* mingw gcc does not support pragma comment, and the
      * linking with crypt32 is handled in configure.ac */
@@ -132,11 +129,12 @@ static int DataToDerBuffer(const unsigned char* buff, word32 len, int format,
     /* Data in buffer has PEM format - extract DER data. */
     if (format == WOLFSSL_FILETYPE_PEM) {
     #ifdef WOLFSSL_PEM_TO_DER
-        ret = PemToDer(buff, len, type, der, heap, info, algId);
+        ret = PemToDer(buff, (long)(len), type, der, heap, info, algId);
         if (ret != 0) {
             FreeDer(der);
         }
     #else
+        (void)algId;
         ret = NOT_COMPILED_IN;
     #endif
     }
@@ -913,7 +911,7 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         /* Free dynamically allocated data in key. */
         wc_falcon_free(key);
     }
-    else if ((ret == ALGO_ID_E) && (*keyFormat == 0)) {
+    else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) {
         WOLFSSL_MSG("Not a Falcon key");
         /* Format unknown so keep trying. */
         ret = 0;
@@ -960,21 +958,38 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     ret = wc_dilithium_init(key);
     if (ret == 0) {
         /* Set up key to parse the format specified. */
-        if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) &&
+        if ((*keyFormat == ML_DSA_LEVEL2k) || ((*keyFormat == 0) &&
+            ((der->length == ML_DSA_LEVEL2_KEY_SIZE) ||
+             (der->length == ML_DSA_LEVEL2_PRV_KEY_SIZE)))) {
+            ret = wc_dilithium_set_level(key, WC_ML_DSA_44);
+        }
+        else if ((*keyFormat == ML_DSA_LEVEL3k) || ((*keyFormat == 0) &&
+            ((der->length == ML_DSA_LEVEL3_KEY_SIZE) ||
+             (der->length == ML_DSA_LEVEL3_PRV_KEY_SIZE)))) {
+            ret = wc_dilithium_set_level(key, WC_ML_DSA_65);
+        }
+        else if ((*keyFormat == ML_DSA_LEVEL5k) || ((*keyFormat == 0) &&
+            ((der->length == ML_DSA_LEVEL5_KEY_SIZE) ||
+             (der->length == ML_DSA_LEVEL5_PRV_KEY_SIZE)))) {
+            ret = wc_dilithium_set_level(key, WC_ML_DSA_87);
+        }
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        else if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) &&
             ((der->length == DILITHIUM_LEVEL2_KEY_SIZE) ||
              (der->length == DILITHIUM_LEVEL2_PRV_KEY_SIZE)))) {
-            ret = wc_dilithium_set_level(key, 2);
+            ret = wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT);
         }
         else if ((*keyFormat == DILITHIUM_LEVEL3k) || ((*keyFormat == 0) &&
             ((der->length == DILITHIUM_LEVEL3_KEY_SIZE) ||
              (der->length == DILITHIUM_LEVEL3_PRV_KEY_SIZE)))) {
-            ret = wc_dilithium_set_level(key, 3);
+            ret = wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT);
         }
         else if ((*keyFormat == DILITHIUM_LEVEL5k) || ((*keyFormat == 0) &&
             ((der->length == DILITHIUM_LEVEL5_KEY_SIZE) ||
              (der->length == DILITHIUM_LEVEL5_PRV_KEY_SIZE)))) {
-            ret = wc_dilithium_set_level(key, 5);
+            ret = wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT);
         }
+        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
         else {
             wc_dilithium_free(key);
             ret = ALGO_ID_E;
@@ -992,7 +1007,20 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                                  ctx->minDilithiumKeySz;
 
             /* Format is known. */
-            if (*keyFormat == DILITHIUM_LEVEL2k) {
+            if (*keyFormat == ML_DSA_LEVEL2k) {
+                *keyType = dilithium_level2_sa_algo;
+                *keySize = ML_DSA_LEVEL2_KEY_SIZE;
+            }
+            else if (*keyFormat == ML_DSA_LEVEL3k) {
+                *keyType = dilithium_level3_sa_algo;
+                *keySize = ML_DSA_LEVEL3_KEY_SIZE;
+            }
+            else if (*keyFormat == ML_DSA_LEVEL5k) {
+                *keyType = dilithium_level5_sa_algo;
+                *keySize = ML_DSA_LEVEL5_KEY_SIZE;
+            }
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+            else if (*keyFormat == DILITHIUM_LEVEL2k) {
                 *keyType = dilithium_level2_sa_algo;
                 *keySize = DILITHIUM_LEVEL2_KEY_SIZE;
             }
@@ -1004,6 +1032,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                 *keyType = dilithium_level5_sa_algo;
                 *keySize = DILITHIUM_LEVEL5_KEY_SIZE;
             }
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
 
             /* Check that the size of the Dilithium key is enough. */
             if (*keySize < minKeySz) {
@@ -1021,7 +1050,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         /* Free dynamically allocated data in key. */
         wc_dilithium_free(key);
     }
-    else if ((ret == ALGO_ID_E) && (*keyFormat == 0)) {
+    else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) {
         WOLFSSL_MSG("Not a Dilithium key");
         /* Format unknown so keep trying. */
         ret = 0;
@@ -1056,6 +1085,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     int devId = wolfSSL_CTX_GetDevId(ctx, ssl);
     byte* keyType = NULL;
     int* keySz = NULL;
+    int matchAnyKey = 0;
 
     (void)heap;
     (void)devId;
@@ -1107,8 +1137,19 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         ret = ProcessBufferTryDecodeRsa(ctx, ssl, der, keyFormat, heap, devId,
             keyType, keySz);
 #endif
+        matchAnyKey = 1;
     }
-#endif
+#ifdef WC_RSA_PSS
+    if(*keyFormat == RSAPSSk) {
+        /*
+            Require logic to verify that the der is RSAPSSk (when *keyFormat == RSAPSSK),
+            and to detect that the der is RSAPSSk (when *keyFormat == 0).
+        */
+
+        matchAnyKey = 1;
+    }
+#endif /* WC_RSA_PSS */
+#endif /* NO_RSA */
 #ifdef HAVE_ECC
     /* Try ECC if key format is ECDSA or SM2, or yet unknown. */
     if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == ECDSAk)
@@ -1118,6 +1159,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         )) {
         ret = ProcessBufferTryDecodeEcc(ctx, ssl, der, keyFormat, heap, devId,
             keyType, keySz);
+        matchAnyKey = 1;
     }
 #endif /* HAVE_ECC */
 #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
@@ -1125,6 +1167,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     if ((ret == 0) && ((*keyFormat == 0 || *keyFormat == ED25519k))) {
         ret = ProcessBufferTryDecodeEd25519(ctx, ssl, der, keyFormat, heap,
             devId, keyType, keySz);
+        matchAnyKey = 1;
     }
 #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */
 #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
@@ -1132,6 +1175,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     if ((ret == 0) && ((*keyFormat == 0 || *keyFormat == ED448k))) {
         ret = ProcessBufferTryDecodeEd448(ctx, ssl, der, keyFormat, heap, devId,
             keyType, keySz);
+        matchAnyKey = 1;
     }
 #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
 #if defined(HAVE_FALCON)
@@ -1140,22 +1184,33 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
             (*keyFormat == FALCON_LEVEL5k))) {
         ret = ProcessBufferTryDecodeFalcon(ctx, ssl, der, keyFormat, heap,
             keyType, keySz);
+        matchAnyKey = 1;
     }
 #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
     !defined(WOLFSSL_DILITHIUM_NO_ASN1)
     /* Try Falcon if key format is Dilithium level 2k, 3k or 5k or yet unknown.
      */
-    if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == DILITHIUM_LEVEL2k) ||
-            (*keyFormat == DILITHIUM_LEVEL3k) ||
-            (*keyFormat == DILITHIUM_LEVEL5k))) {
+    if ((ret == 0) &&
+        ((*keyFormat == 0) ||
+        (*keyFormat == ML_DSA_LEVEL2k) ||
+        (*keyFormat == ML_DSA_LEVEL3k) ||
+        (*keyFormat == ML_DSA_LEVEL5k)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (*keyFormat == DILITHIUM_LEVEL2k)
+     || (*keyFormat == DILITHIUM_LEVEL3k)
+     || (*keyFormat == DILITHIUM_LEVEL5k)
+    #endif
+        )) {
         ret = ProcessBufferTryDecodeDilithium(ctx, ssl, der, keyFormat, heap,
             keyType, keySz);
+        matchAnyKey = 1;
     }
 #endif /* HAVE_DILITHIUM */
 
     /* Check we know the format. */
-    if ((ret == 0) && (*keyFormat == 0)) {
+    if ((ret == 0) &&
+        ((*keyFormat == 0) || ((*keyFormat != 0) && (matchAnyKey == 0)))) {
         WOLFSSL_MSG("Not a supported key type");
         /* Not supported key format. */
         ret = WOLFSSL_BAD_FILE;
@@ -1212,7 +1267,7 @@ static int ProcessBufferPrivPkcs8Dec(EncryptedInfo* info, DerBuffer* der,
     }
     if (ret >= 0) {
         /* Zero out encrypted data not overwritten. */
-        ForceZero(der->buffer + ret, der->length - ret);
+        ForceZero(der->buffer + ret, der->length - (word32)ret);
         /* Set decrypted data length. */
         der->length = (word32)ret;
     }
@@ -1396,7 +1451,7 @@ static int ProcessBufferPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     #ifdef OPENSSL_EXTRA
         /* Decryption password is probably wrong. */
         if (info->passwd_cb) {
-            EVPerr(0, EVP_R_BAD_DECRYPT);
+            WOLFSSL_EVPerr(0, -WOLFSSL_EVP_R_BAD_DECRYPT_E);
         }
     #endif
         WOLFSSL_ERROR(WOLFSSL_BAD_FILE);
@@ -1460,9 +1515,14 @@ static void wolfssl_set_have_from_key_oid(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
             break;
     #endif /* HAVE_FALCON */
     #ifdef HAVE_DILITHIUM
+        case ML_DSA_LEVEL2k:
+        case ML_DSA_LEVEL3k:
+        case ML_DSA_LEVEL5k:
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2k:
         case DILITHIUM_LEVEL3k:
         case DILITHIUM_LEVEL5k:
+        #endif
             if (ssl != NULL) {
                 ssl->options.haveDilithiumSig = 1;
             }
@@ -1531,9 +1591,14 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
             break;
     #endif
     #ifdef HAVE_DILITHIUM
+        case CTC_ML_DSA_LEVEL2:
+        case CTC_ML_DSA_LEVEL3:
+        case CTC_ML_DSA_LEVEL5:
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case CTC_DILITHIUM_LEVEL2:
         case CTC_DILITHIUM_LEVEL3:
         case CTC_DILITHIUM_LEVEL5:
+        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
             WOLFSSL_MSG("Dilithium cert signature");
             if (ssl) {
                 ssl->options.haveDilithiumSig = 1;
@@ -1560,7 +1625,9 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     }
     #endif
 #ifndef WC_STRICT_SIG
-    wolfssl_set_have_from_key_oid(ctx, ssl, cert->keyOID);
+    if ((ctx != NULL) || (ssl != NULL)) {
+        wolfssl_set_have_from_key_oid(ctx, ssl, (int)cert->keyOID);
+    }
 #else
     /* Set whether ECC is available based on signature available. */
     if (ssl != NULL) {
@@ -1702,6 +1769,7 @@ static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
             break;
     #endif /* HAVE_FALCON */
     #if defined(HAVE_DILITHIUM)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2k:
             keyType = dilithium_level2_sa_algo;
             /* Dilithium is fixed key size */
@@ -1732,6 +1800,37 @@ static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                     DILITHIUM_KEY_SIZE_E);
             }
             break;
+        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+        case ML_DSA_LEVEL2k:
+            keyType = dilithium_level2_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = ML_DSA_LEVEL2_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        case ML_DSA_LEVEL3k:
+            keyType = dilithium_level3_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = ML_DSA_LEVEL3_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        case ML_DSA_LEVEL5k:
+            keyType = dilithium_level5_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = ML_DSA_LEVEL5_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
     #endif /* HAVE_DILITHIUM */
 
         default:
@@ -1891,6 +1990,7 @@ static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
             break;
     #endif /* HAVE_FALCON */
     #if defined(HAVE_DILITHIUM)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2k:
             keyType = dilithium_level2_sa_algo;
             /* Dilithium is fixed key size */
@@ -1921,6 +2021,37 @@ static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                     DILITHIUM_KEY_SIZE_E);
             }
             break;
+        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+        case ML_DSA_LEVEL2k:
+            keyType = dilithium_level2_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = ML_DSA_LEVEL2_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        case ML_DSA_LEVEL3k:
+            keyType = dilithium_level3_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = ML_DSA_LEVEL3_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
+        case ML_DSA_LEVEL5k:
+            keyType = dilithium_level5_sa_algo;
+            /* Dilithium is fixed key size */
+            keySz = ML_DSA_LEVEL5_KEY_SIZE;
+            if (checkKeySz) {
+                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
+                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
+                    DILITHIUM_KEY_SIZE_E);
+            }
+            break;
     #endif /* HAVE_DILITHIUM */
 
         default:
@@ -2198,9 +2329,9 @@ static int ProcessBufferResetSuites(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int type)
                 InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz,
                     WOLFSSL_HAVE_RSA, SSL_HAVE_PSK(ssl), ssl->options.haveDH,
                     ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE,
-                    ssl->options.haveStaticECC, ssl->options.haveFalconSig,
-                    ssl->options.haveDilithiumSig, ssl->options.useAnon, TRUE,
-                    ssl->options.side);
+                    ssl->options.haveStaticECC,
+                    ssl->options.useAnon, TRUE,
+                    TRUE, TRUE, TRUE, ssl->options.side);
             }
         }
     }
@@ -2215,8 +2346,8 @@ static int ProcessBufferResetSuites(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int type)
             InitSuites(ctx->suites, ctx->method->version, ctx->privateKeySz,
                 WOLFSSL_HAVE_RSA, CTX_HAVE_PSK(ctx), ctx->haveDH,
                 ctx->haveECDSAsig, ctx->haveECC, TRUE, ctx->haveStaticECC,
-                ctx->haveFalconSig, ctx->haveDilithiumSig, CTX_USE_ANON(ctx),
-                TRUE, ctx->method->side);
+                CTX_USE_ANON(ctx),
+                TRUE, TRUE, TRUE, TRUE, ctx->method->side);
         }
     }
 
@@ -2329,7 +2460,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
     #endif
     }
     else if (ret == 0) {
-        /* Processing a cerificate. */
+        /* Processing a certificate. */
         if (userChain) {
             /* Take original buffer and add to user chain to send in TLS
              * handshake. */
@@ -2367,7 +2498,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
     if (ret == 0) {
         ret = 1;
     }
-    else if (ret == WOLFSSL_FATAL_ERROR) {
+    else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
         ret = 0;
     }
     WOLFSSL_LEAVE("ProcessBuffer", ret);
@@ -2704,7 +2835,7 @@ static int wolfssl_ctx_load_path(WOLFSSL_CTX* ctx, const char* path,
             /* Load file. */
             ret = wolfssl_ctx_load_path_file(ctx, name, verify, (int)flags,
                 &failCount, &successCount);
-            /* Get next filenmae. */
+            /* Get next filename. */
             fileRet = wc_ReadDirNext(readCtx, path, &name);
         }
         /* Cleanup directory reading context. */
@@ -2800,7 +2931,7 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
         }
 
         if (file != NULL) {
-            /* Load the PEM formatted CA file. */
+            /* Load the PEM formatted CA file */
             ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0,
                 NULL, verify);
     #ifndef NO_WOLFSSL_DIR
@@ -4143,6 +4274,77 @@ int wolfSSL_CTX_use_AltPrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
 #endif /* WOLF_PRIVATE_KEY_ID */
 
+#if defined(WOLF_CRYPTO_CB) && !defined(NO_CERTS)
+
+static int wolfSSL_CTX_use_certificate_ex(WOLFSSL_CTX* ctx,
+    const char *label, const unsigned char *id, int idLen, int devId)
+{
+    int ret;
+    byte *certData = NULL;
+    word32 certDataLen = 0;
+    word32 labelLen = 0;
+    int certFormat = 0;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ex");
+
+    if (label != NULL) {
+        labelLen = (word32)XSTRLEN(label);
+    }
+
+    ret = wc_CryptoCb_GetCert(devId, label, labelLen, id, idLen,
+        &certData, &certDataLen, &certFormat, ctx->heap);
+    if (ret != 0) {
+        ret = WOLFSSL_FAILURE;
+        goto exit;
+    }
+
+    ret = ProcessBuffer(ctx, certData, certDataLen, certFormat,
+        CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
+
+exit:
+    XFREE(certData, ctx->heap, DYNAMIC_TYPE_CERT);
+    return ret;
+}
+
+/* Load the label name of a certificate into the SSL context.
+ *
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      label  Buffer holding label.
+ * @param [in]      devId  Device identifier.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_certificate_label(WOLFSSL_CTX* ctx,
+    const char *label, int devId)
+{
+    if ((ctx == NULL) || (label == NULL)) {
+        return WOLFSSL_FAILURE;
+    }
+
+    return wolfSSL_CTX_use_certificate_ex(ctx, label, NULL, 0, devId);
+}
+
+/* Load the id of a certificate into SSL context.
+ *
+ * @param [in, out] ctx    SSL context object.
+ * @param [in]      id     Buffer holding id.
+ * @param [in]      idLen  Size of data in bytes.
+ * @param [in]      devId  Device identifier.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+int wolfSSL_CTX_use_certificate_id(WOLFSSL_CTX* ctx,
+    const unsigned char *id, int idLen, int devId)
+{
+    if ((ctx == NULL) || (id == NULL) || (idLen <= 0)) {
+        return WOLFSSL_FAILURE;
+    }
+
+    return wolfSSL_CTX_use_certificate_ex(ctx, NULL, id, idLen, devId);
+}
+
+#endif /* if defined(WOLF_CRYPTO_CB) && !defined(NO_CERTS) */
+
 /* Load a certificate chain in a buffer into SSL context.
  *
  * @param [in, out] ctx     SSL context object.
@@ -4788,7 +4990,7 @@ int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
         /* Use the certificate. */
         ret = wolfSSL_CTX_use_certificate(ctx, x509);
     }
-    /* Increate reference count as we will store it. */
+    /* Increase reference count as we will store it. */
     else if ((ret == 1) && ((ret = wolfSSL_X509_up_ref(x509)) == 1)) {
         /* Load the DER encoding. */
         ret = wolfSSL_CTX_load_verify_buffer(ctx, x509->derCert->buffer,
@@ -4809,7 +5011,8 @@ int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
         }
         if (ret == 1) {
             /* Push the X509 object onto stack. */
-            ret = wolfSSL_sk_X509_push(ctx->x509Chain, x509);
+            ret = wolfSSL_sk_X509_push(ctx->x509Chain, x509) > 0
+                    ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
         }
 
         if (ret != 1) {
@@ -4873,7 +5076,8 @@ int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509)
         }
         if (ret == 1) {
             /* Push X509 object onto stack to be freed. */
-            ret = wolfSSL_sk_X509_push(ssl->ourCertChain, x509);
+            ret = wolfSSL_sk_X509_push(ssl->ourCertChain, x509) > 0
+                    ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
             if (ret != 1) {
                 /* Free it now on error. */
                 wolfSSL_X509_free(x509);
@@ -4941,19 +5145,19 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
     if (ret == 1) {
         switch (pkey->type) {
     #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             WOLFSSL_MSG("populating RSA key");
             ret = PopulateRSAEvpPkeyDer(pkey);
             break;
     #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
     #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
             defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA)
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
             break;
     #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) &&
             * !NO_DSA */
     #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             WOLFSSL_MSG("populating ECC key");
             ret = ECC_populate_EVP_PKEY(pkey, pkey->ecc);
             break;
@@ -4967,7 +5171,7 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
         /* ptr for WOLFSSL_EVP_PKEY struct is expected to be DER format */
         ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
             (const unsigned char*)pkey->pkey.ptr, pkey->pkey_sz,
-            SSL_FILETYPE_ASN1);
+            WOLFSSL_FILETYPE_ASN1);
     }
 
     return ret;
@@ -4996,7 +5200,7 @@ int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz,
     if ((ctx == NULL) || (der == NULL)) {
         ret = 0;
     }
-    /* Load DER encoded cerificate into SSL context. */
+    /* Load DER encoded certificate into SSL context. */
     if ((ret == 1) && (wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
             WOLFSSL_FILETYPE_ASN1) != 1)) {
         ret = 0;
@@ -5018,7 +5222,7 @@ int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz,
 int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
 {
     int ret = 1;
-    int derSize;
+    int derSize = 0;
     unsigned char* der = NULL;
     unsigned char* p;
 
@@ -5037,7 +5241,8 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
 
     if (ret == 1) {
         /* Allocate memory to hold DER encoding.. */
-        der = (unsigned char*)XMALLOC(derSize, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        der = (unsigned char*)XMALLOC((size_t)derSize, NULL,
+                                            DYNAMIC_TYPE_TMP_BUFFER);
         if (der == NULL) {
             WOLFSSL_MSG("Malloc failure");
             ret = MEMORY_E;
@@ -5055,7 +5260,7 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
     }
 
     if (ret == 1) {
-        /* Load DER encoded cerificate into SSL context. */
+        /* Load DER encoded certificate into SSL context. */
         ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSize,
             SSL_FILETYPE_ASN1);
         if (ret != WOLFSSL_SUCCESS) {
@@ -5094,7 +5299,7 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
 int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
 {
     int ret;
-#ifdef XGETENV
+#if defined(XGETENV) && !defined(NO_GETENV)
     char* certDir = NULL;
     char* certFile = NULL;
     word32 flags = 0;
@@ -5104,7 +5309,8 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
 
     WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths");
 
-#ifdef XGETENV
+#if defined(XGETENV) && !defined(NO_GETENV)
+    /* // NOLINTBEGIN(concurrency-mt-unsafe) */
     certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER);
     certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER);
     flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY;
@@ -5128,6 +5334,7 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
             ret = 0;
         }
     }
+    /* // NOLINTEND(concurrency-mt-unsafe) */
     else
 #endif
 
@@ -5139,7 +5346,7 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
     #elif defined(WOLFSSL_SYS_CA_CERTS)
         /* Load the system CA certificates. */
         ret = wolfSSL_CTX_load_system_CA_certs(ctx);
-        if (ret == WOLFSSL_BAD_PATH) {
+        if (ret == WC_NO_ERR_TRACE(WOLFSSL_BAD_PATH)) {
             /* OpenSSL doesn't treat the lack of a system CA cert directory as a
              * failure. We do the same here.
              */
@@ -5152,7 +5359,7 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
     #endif
     }
 
-#ifdef XGETENV
+#if defined(XGETENV) && !defined(NO_GETENV)
     XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
@@ -5231,9 +5438,9 @@ static int wolfssl_set_tmp_dh(WOLFSSL* ssl, unsigned char* p, int pSz,
         InitSuites(ssl->suites, ssl->version, SSL_KEY_SZ(ssl),
             WOLFSSL_HAVE_RSA, SSL_HAVE_PSK(ssl), ssl->options.haveDH,
             ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE,
-            ssl->options.haveStaticECC, ssl->options.haveFalconSig,
-            ssl->options.haveDilithiumSig, ssl->options.useAnon, TRUE,
-            ssl->options.side);
+            ssl->options.haveStaticECC,
+            ssl->options.useAnon, TRUE,
+            TRUE, TRUE, TRUE, ssl->options.side);
     }
 
     return ret;
@@ -5268,8 +5475,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
 
     if (ret == 1) {
         /* Allocate buffers for p and g to be assigned into SSL. */
-        pAlloc = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        gAlloc = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        pAlloc = (byte*)XMALLOC((size_t)pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        gAlloc = (byte*)XMALLOC((size_t)gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         if ((pAlloc == NULL) || (gAlloc == NULL)) {
             /* Memory will be freed below in the (ret != 1) block */
             ret = MEMORY_E;
@@ -5277,8 +5484,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
     }
     if (ret == 1) {
         /* Copy p and g into allocated buffers. */
-        XMEMCPY(pAlloc, p, pSz);
-        XMEMCPY(gAlloc, g, gSz);
+        XMEMCPY(pAlloc, p, (size_t)pSz);
+        XMEMCPY(gAlloc, g, (size_t)gSz);
         /* Set the buffers into SSL. */
         ret = wolfssl_set_tmp_dh(ssl, pAlloc, pSz, gAlloc, gSz);
     }
@@ -5328,7 +5535,7 @@ static int wolfssl_check_dh_key(unsigned char* p, int pSz, unsigned char* g,
         /* Initialize a DH object. */
         if ((ret = wc_InitDhKey(checkKey)) == 0) {
             /* Check DH parameters. */
-            ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, gSz, NULL, 0, 0, &rng);
+            ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, (word32)gSz, NULL, 0, 0, &rng);
             /* Dispose of DH object. */
             wc_FreeDhKey(checkKey);
         }
@@ -5427,8 +5634,8 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
 
     if (ret == 1) {
         /* Allocate buffers for p and g to be assigned into SSL context. */
-        pAlloc = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        gAlloc = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        pAlloc = (byte*)XMALLOC((size_t)pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        gAlloc = (byte*)XMALLOC((size_t)gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         if ((pAlloc == NULL) || (gAlloc == NULL)) {
             ret = MEMORY_E;
         }
@@ -5436,8 +5643,8 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
 
     if (ret == 1) {
         /* Copy p and g into allocated buffers. */
-        XMEMCPY(pAlloc, p, pSz);
-        XMEMCPY(gAlloc, g, gSz);
+        XMEMCPY(pAlloc, p, (size_t)pSz);
+        XMEMCPY(gAlloc, g, (size_t)gSz);
         /* Set the buffers into SSL context. */
         ret = wolfssl_ctx_set_tmp_dh(ctx, pAlloc, pSz, gAlloc, gSz);
     }
@@ -5489,8 +5696,8 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
 
     if (ret == 1) {
         /* Allocate buffers for p and g to be assigned into SSL. */
-        p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        p = (byte*)XMALLOC((size_t)pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        g = (byte*)XMALLOC((size_t)gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         if ((p == NULL) || (g == NULL)) {
             ret = MEMORY_E;
         }
@@ -5555,8 +5762,8 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
 
     if (ret == 1) {
         /* Allocate buffers for p and g to be assigned into SSL. */
-        p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-        g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        p = (byte*)XMALLOC((size_t)pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        g = (byte*)XMALLOC((size_t)gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         if ((p == NULL) || (g == NULL)) {
             ret = MEMORY_E;
         }
@@ -5683,11 +5890,11 @@ static int ws_ctx_ssl_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         }
         else if (ssl != NULL) {
             /* Set p and g into SSL. */
-            res = wolfssl_set_tmp_dh(ssl, p, (int)pSz, g, gSz);
+            res = wolfssl_set_tmp_dh(ssl, p, (int)pSz, g, (int)gSz);
         }
         else {
             /* Set p and g into SSL context. */
-            res = wolfssl_ctx_set_tmp_dh(ctx, p, (int)pSz, g, gSz);
+            res = wolfssl_ctx_set_tmp_dh(ctx, p, (int)pSz, g, (int)gSz);
         }
     }
 
diff --git a/src/ssl_misc.c b/src/ssl_misc.c
index 38fa51146..56a71e804 100644
--- a/src/ssl_misc.c
+++ b/src/ssl_misc.c
@@ -1,6 +1,6 @@
 /* ssl_misc.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if !defined(WOLFSSL_SSL_MISC_INCLUDED)
     #ifndef WOLFSSL_IGNORE_FILE_WARN
@@ -165,7 +159,15 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz,
     if (bio->type == WOLFSSL_BIO_MEMORY) {
         ret = wolfSSL_BIO_get_mem_data(bio, data);
         if (ret > 0) {
-            bio->rdIdx += ret;
+            /* Advance the write index in the memory bio */
+            WOLFSSL_BIO* mem_bio = bio;
+            for (; mem_bio != NULL; mem_bio = mem_bio->next) {
+                if (mem_bio->type == WOLFSSL_BIO_MEMORY)
+                    break;
+            }
+            if (mem_bio == NULL)
+                mem_bio = bio; /* Default to input */
+            mem_bio->rdIdx += ret;
         }
         *memAlloced = 0;
     }
diff --git a/src/ssl_p7p12.c b/src/ssl_p7p12.c
index a60a356a8..85f4b0217 100644
--- a/src/ssl_p7p12.c
+++ b/src/ssl_p7p12.c
@@ -1,6 +1,6 @@
 /* ssl_p7p12.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(OPENSSL_EXTRA) && (defined(HAVE_FIPS) || defined(HAVE_SELFTEST))
     #include <wolfssl/wolfcrypt/pkcs7.h>
@@ -229,7 +225,7 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
         if (!ret)
             ret = wolfSSL_sk_X509_new_null();
         if (x509) {
-            if (wolfSSL_sk_X509_push(ret, x509) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_X509_push(ret, x509) <= 0) {
                 wolfSSL_X509_free(x509);
                 WOLFSSL_MSG("wolfSSL_sk_X509_push error");
                 goto error;
@@ -294,7 +290,7 @@ WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs,
         return NULL;
     }
 
-    if (wolfSSL_sk_X509_push(signers, x509) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_sk_X509_push(signers, x509) <= 0) {
         wolfSSL_sk_X509_pop_free(signers, NULL);
         return NULL;
     }
@@ -351,7 +347,7 @@ int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out)
     int localBuf = 0;
     int len;
     WC_RNG rng;
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_ENTER("wolfSSL_i2d_PKCS7");
 
     if (!out || !p7) {
@@ -396,9 +392,9 @@ cleanup:
         wc_FreeRng(&rng);
         p7->rng = NULL;
     }
-    if (ret == WOLFSSL_FAILURE && localBuf && output)
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE) && localBuf)
         XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (ret != WOLFSSL_FAILURE)
+    if (ret != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
         *out = output;
     return ret;
 }
@@ -407,7 +403,7 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
 {
     byte* output = NULL;
     int len;
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio");
 
     if (!bio || !p7) {
@@ -415,7 +411,9 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
         return WOLFSSL_FAILURE;
     }
 
-    if ((len = wolfSSL_i2d_PKCS7(p7, &output)) == WOLFSSL_FAILURE) {
+    if ((len = wolfSSL_i2d_PKCS7(p7, &output)) ==
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+    {
         WOLFSSL_MSG("wolfSSL_i2d_PKCS7 error");
         goto cleanup;
     }
@@ -600,7 +598,7 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
             canonLineLen = (word32)lineLen;
             if ((canonLine = wc_MIME_single_canonicalize(
                                 line, &canonLineLen)) == NULL) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 break;
             }
 
@@ -610,7 +608,7 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
             }
 
             if (wolfSSL_BIO_write(out, canonLine, (int)canonLineLen) < 0) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 break;
             }
             XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
@@ -619,7 +617,7 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
         else {
             /* no line ending in current line, write direct to out */
             if (wolfSSL_BIO_write(out, line, lineLen) < 0) {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 break;
             }
         }
@@ -946,7 +944,7 @@ int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7)
     int    pemSz = -1;
     enum wc_HashType hashType;
     byte hashBuf[WC_MAX_DIGEST_SIZE];
-    word32 hashSz = -1;
+    word32 hashSz = 0;
 
     WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PKCS7");
 
@@ -1152,7 +1150,8 @@ PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
             }
             XMEMSET(boundary, 0, (word32)(boundLen+1));
             boundary[0] = boundary[1] = '-';
-            XSTRNCPY(&boundary[2], curParam->value, boundLen-2);
+            /* analyzers have issues with using strncpy and strcpy here */
+            XMEMCPY(&boundary[2], curParam->value, boundLen - 2);
 
             /* Parse up to first boundary, ignore everything here. */
             lineLen = wolfSSL_BIO_gets(in, section, remainLen);
@@ -1473,7 +1472,9 @@ int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in,
 
     if (ret > 0) {
         /* Generate signedData bundle, DER in output (dynamic) */
-        if ((len = wolfSSL_i2d_PKCS7((PKCS7*)p7, &p7out)) == WOLFSSL_FAILURE) {
+        if ((len = wolfSSL_i2d_PKCS7((PKCS7*)p7, &p7out)) ==
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
             WOLFSSL_MSG("Error in wolfSSL_i2d_PKCS7");
             ret = 0;
         }
@@ -1702,7 +1703,7 @@ WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12)
  */
 int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_i2d_PKCS12_bio");
 
@@ -1929,7 +1930,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
                 }
                 FreeDecodedCert(DeCert);
 
-                if (wolfSSL_sk_X509_push(*ca, x509) != 1) {
+                if (wolfSSL_sk_X509_push(*ca, x509) <= 0) {
                     WOLFSSL_MSG("Failed to push x509 onto stack");
                     wolfSSL_X509_free(x509);
                     wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;
@@ -2007,7 +2008,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
     #ifndef NO_RSA
         {
             const unsigned char* pt = pk;
-            if (wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, pkey, &pt, pkSz) !=
+            if (wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_RSA, pkey, &pt, pkSz) !=
                     NULL) {
                 ret = 0;
             }
@@ -2017,7 +2018,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
     #ifdef HAVE_ECC
         if (ret != 0) { /* if is in fail state check if ECC key */
             const unsigned char* pt = pk;
-            if (wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, pkey, &pt, pkSz) !=
+            if (wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_EC, pkey, &pt, pkSz) !=
                     NULL) {
                 ret = 0;
             }
diff --git a/src/ssl_sess.c b/src/ssl_sess.c
index 62caa7a1c..dda518c91 100644
--- a/src/ssl_sess.c
+++ b/src/ssl_sess.c
@@ -1,6 +1,6 @@
 /* ssl_sess.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if !defined(WOLFSSL_SSL_SESS_INCLUDED)
     #ifndef WOLFSSL_IGNORE_FILE_WARN
@@ -113,10 +108,10 @@
     } SessionRow;
     #define SIZEOF_SESSION_ROW (sizeof(WOLFSSL_SESSION) + (sizeof(int) * 2))
 
-    static WOLFSSL_GLOBAL SessionRow SessionCache[SESSION_ROWS];
+    static WC_THREADSHARED SessionRow SessionCache[SESSION_ROWS];
 
     #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
-        static WOLFSSL_GLOBAL word32 PeakSessions;
+        static WC_THREADSHARED word32 PeakSessions;
     #endif
 
     #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
@@ -124,8 +119,8 @@
     #define SESSION_ROW_WR_LOCK(row)   wc_LockRwLock_Wr(&(row)->row_lock)
     #define SESSION_ROW_UNLOCK(row)    wc_UnLockRwLock(&(row)->row_lock);
     #else
-    static WOLFSSL_GLOBAL wolfSSL_RwLock session_lock; /* SessionCache lock */
-    static WOLFSSL_GLOBAL int session_lock_valid = 0;
+    static WC_THREADSHARED wolfSSL_RwLock session_lock; /* SessionCache lock */
+    static WC_THREADSHARED int session_lock_valid = 0;
     #define SESSION_ROW_RD_LOCK(row)   wc_LockRwLock_Rd(&session_lock)
     #define SESSION_ROW_WR_LOCK(row)   wc_LockRwLock_Wr(&session_lock)
     #define SESSION_ROW_UNLOCK(row)    wc_UnLockRwLock(&session_lock);
@@ -176,22 +171,22 @@
             ClientSession Clients[CLIENT_SESSIONS_PER_ROW];
         } ClientRow;
 
-        static WOLFSSL_GLOBAL ClientRow ClientCache[CLIENT_SESSION_ROWS];
+        static WC_THREADSHARED ClientRow ClientCache[CLIENT_SESSION_ROWS];
                                                      /* Client Cache */
                                                      /* uses session mutex */
 
         /* ClientCache mutex */
-        static WOLFSSL_GLOBAL wolfSSL_Mutex clisession_mutex
+        static WC_THREADSHARED wolfSSL_Mutex clisession_mutex
             WOLFSSL_MUTEX_INITIALIZER_CLAUSE(clisession_mutex);
         #ifndef WOLFSSL_MUTEX_INITIALIZER
-        static WOLFSSL_GLOBAL int clisession_mutex_valid = 0;
+        static WC_THREADSHARED int clisession_mutex_valid = 0;
         #endif
     #endif /* !NO_CLIENT_CACHE */
 
     void EvictSessionFromCache(WOLFSSL_SESSION* session)
     {
 #ifdef HAVE_EX_DATA
-        int save_ownExData = session->ownExData;
+        byte save_ownExData = session->ownExData;
         session->ownExData = 1; /* Make sure ex_data access doesn't lead back
                                  * into the cache. */
 #endif
@@ -375,7 +370,7 @@ int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
         WOLFSSL_MSG("Valid ServerID not cached already");
 
         ssl->session->idLen = (word16)len;
-        XMEMCPY(ssl->session->serverID, id, len);
+        XMEMCPY(ssl->session->serverID, id, (size_t)len);
     }
 #ifdef HAVE_EXT_CACHE
     else {
@@ -823,10 +818,8 @@ void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm)
 void wolfSSL_CTX_flush_sessions(WOLFSSL_CTX* ctx, long tm)
 {
     int i, j;
-    byte id[ID_LEN];
 
     (void)ctx;
-    XMEMSET(id, 0, ID_LEN);
     WOLFSSL_ENTER("wolfSSL_flush_sessions");
     for (i = 0; i < SESSION_ROWS; ++i) {
         if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) {
@@ -843,7 +836,7 @@ void wolfSSL_CTX_flush_sessions(WOLFSSL_CTX* ctx, long tm)
 #ifdef SESSION_CACHE_DYNAMIC_MEM
                 s != NULL &&
 #endif
-                XMEMCMP(s->sessionID, id, ID_LEN) != 0 &&
+                s->sessionIDSz > 0 &&
                 s->bornOn + s->timeout < (word32)tm
                 )
             {
@@ -873,7 +866,7 @@ int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to)
     return WOLFSSL_SUCCESS;
 }
 
-
+#ifndef NO_TLS
 /**
  * Sets ctx session timeout in seconds.
  * The timeout value set here should be reflected in the
@@ -934,7 +927,7 @@ int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to)
     return ret;
 #endif /* WOLFSSL_ERROR_CODE_OPENSSL */
 }
-
+#endif /* !NO_TLS */
 
 #ifndef NO_CLIENT_CACHE
 
@@ -1004,7 +997,7 @@ WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
 #else
         current = &sessRow->Sessions[clSess[idx].serverIdx];
 #endif
-        if (current && XMEMCMP(current->serverID, id, len) == 0) {
+        if (current && XMEMCMP(current->serverID, id, (unsigned long)len) == 0) {
             WOLFSSL_MSG("Found a serverid match for client");
             if (LowResTimer() < (current->bornOn + current->timeout)) {
                 WOLFSSL_MSG("Session valid");
@@ -1120,7 +1113,9 @@ static int TlsSessionCacheGetAndLock(const byte *id,
 #else
         s = &sessRow->Sessions[idx];
 #endif
-        if (s && XMEMCMP(s->sessionID, id, ID_LEN) == 0 && s->side == side) {
+        /* match session ID value and length */
+        if (s && s->sessionIDSz == ID_LEN && s->side == side &&
+                XMEMCMP(s->sessionID, id, ID_LEN) == 0) {
             *sess = s;
             break;
         }
@@ -1625,7 +1620,7 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx,
                     ID_LEN, &error) % CLIENT_SESSION_ROWS;
         }
         else {
-            error = -1;
+            error = WOLFSSL_FATAL_ERROR;
         }
         if (error == 0 && wc_LockMutex(&clisession_mutex) == 0) {
             clientIdx = (word32)ClientCache[clientRow].nextIdx;
@@ -1644,7 +1639,7 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx,
                 }
             }
             else {
-                error = -1;
+                error = WOLFSSL_FATAL_ERROR;
                 ClientCache[clientRow].nextIdx = 0; /* reset index as safety */
                 WOLFSSL_MSG("Invalid client cache index! "
                             "Possible corrupted memory");
@@ -1709,14 +1704,14 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
         if (clientSession->serverRow >= SESSION_ROWS ||
                 clientSession->serverIdx >= SESSIONS_PER_ROW) {
             WOLFSSL_MSG("Client cache serverRow or serverIdx invalid");
-            error = -1;
+            error = WOLFSSL_FATAL_ERROR;
         }
-        /* Prevent memory access before clientSession->serverRow and
-         * clientSession->serverIdx are sanitized. */
-        XFENCE();
         if (error == 0) {
             /* Lock row */
             sessRow = &SessionCache[clientSession->serverRow];
+            /* Prevent memory access before clientSession->serverRow and
+             * clientSession->serverIdx are sanitized. */
+            XFENCE();
             error = SESSION_ROW_RD_LOCK(sessRow);
             if (error != 0) {
                 WOLFSSL_MSG("Session cache row lock failure");
@@ -1729,10 +1724,12 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
 #else
             cacheSession = &sessRow->Sessions[clientSession->serverIdx];
 #endif
+            /* Prevent memory access */
+            XFENCE();
             if (cacheSession && cacheSession->sessionIDSz == 0) {
                 cacheSession = NULL;
                 WOLFSSL_MSG("Session cache entry not set");
-                error = -1;
+                error = WOLFSSL_FATAL_ERROR;
             }
         }
         if (error == 0) {
@@ -1817,7 +1814,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
     ticLen = addSession->ticketLen;
     /* Alloc Memory here to avoid syscalls during lock */
     if (ticLen > SESSION_TICKET_LEN) {
-        ticBuff = (byte*)XMALLOC(ticLen, NULL,
+        ticBuff = (byte*)XMALLOC((size_t)ticLen, NULL,
                 DYNAMIC_TYPE_SESSION_TICK);
         if (ticBuff == NULL) {
             return MEMORY_E;
@@ -1837,7 +1834,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
         }
         preallocNonceLen = addSession->ticketNonce.len;
     }
-#endif /* WOLFSSL_TLS13 && WOLFSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3) */
+#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
 #endif /* HAVE_SESSION_TICKET */
 
     /* Find a position for the new session in cache and use that */
@@ -1847,7 +1844,8 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
         WOLFSSL_MSG("Hash session failed");
     #ifdef HAVE_SESSION_TICKET
         XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
-    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC)
+    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&      \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
         XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
     #endif
     #endif
@@ -1858,7 +1856,8 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
     if (SESSION_ROW_WR_LOCK(sessRow) != 0) {
     #ifdef HAVE_SESSION_TICKET
         XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
-    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC)
+    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
         XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
     #endif
     #endif
@@ -1897,7 +1896,8 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
         if (cacheSession == NULL) {
         #ifdef HAVE_SESSION_TICKET
             XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK);
-        #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC)
+        #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) &&          \
+        (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
             XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK);
         #endif
         #endif
@@ -1911,7 +1911,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
     cacheSession = &sessRow->Sessions[idx];
 #endif
 
-#ifdef HAVE_EX_DATA
+#ifdef HAVE_EX_DATA_CRYPTO
     if (overwrite) {
         /* Figure out who owns the ex_data */
         if (cacheSession->ownExData) {
@@ -1973,7 +1973,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
         /* Copy in the certs from the session */
         addSession->chain.count = cacheSession->chain.count;
         XMEMCPY(addSession->chain.certs, cacheSession->chain.certs,
-                sizeof(x509_buffer) * cacheSession->chain.count);
+                sizeof(x509_buffer) * (size_t)cacheSession->chain.count);
     }
 #endif /* SESSION_CERTS */
 #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
@@ -1986,10 +1986,12 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
 #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) &&                  \
     defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                   \
     (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-    ret = wolfSSL_DupSessionEx(addSession, cacheSession, 1, preallocNonce,
-        &preallocNonceLen, &preallocNonceUsed) == WOLFSSL_FAILURE;
+    ret = (wolfSSL_DupSessionEx(addSession, cacheSession, 1, preallocNonce,
+                                &preallocNonceLen, &preallocNonceUsed)
+           == WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #else
-    ret = wolfSSL_DupSession(addSession, cacheSession, 1) == WOLFSSL_FAILURE;
+    ret = (wolfSSL_DupSession(addSession, cacheSession, 1)
+           == WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC
           && FIPS_VERSION_GE(5,3)*/
 #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
@@ -2662,7 +2664,8 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p)
         unsigned char *data;
 
         if (*p == NULL)
-            *p = (unsigned char*)XMALLOC(size, NULL, DYNAMIC_TYPE_OPENSSL);
+            *p = (unsigned char*)XMALLOC((size_t)size, NULL,
+                                                DYNAMIC_TYPE_OPENSSL);
         if (*p == NULL)
             return 0;
         data = *p;
@@ -2686,7 +2689,7 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p)
             c16toa((word16)sess->chain.certs[i].length, data + idx);
             idx += OPAQUE16_LEN;
             XMEMCPY(data + idx, sess->chain.certs[i].buffer,
-                    sess->chain.certs[i].length);
+                    (size_t)sess->chain.certs[i].length);
             idx += sess->chain.certs[i].length;
         }
 #endif
@@ -3101,7 +3104,7 @@ long wolfSSL_SESSION_set_time(WOLFSSL_SESSION *ses, long t)
     return t;
 }
 
-#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */
+#endif /* !NO_SESSION_CACHE && (OPENSSL_EXTRA || HAVE_EXT_CACHE) */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
     defined(HAVE_EX_DATA)
@@ -3125,6 +3128,10 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx,
     id = session->sessionID;
     if (session->haveAltSessionID)
         id = session->altSessionID;
+    else if (session->sessionIDSz != ID_LEN) {
+        WOLFSSL_MSG("Incorrect sessionIDSz");
+        return;
+    }
 
     row = (int)(HashObject(id, ID_LEN, &error) % SESSION_ROWS);
     if (error != 0) {
@@ -3149,7 +3156,7 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx,
 #else
         cacheSession = &sessRow->Sessions[i];
 #endif
-        if (cacheSession &&
+        if (cacheSession && cacheSession->sessionIDSz == ID_LEN &&
                 XMEMCMP(id, cacheSession->sessionID, ID_LEN) == 0
                 && session->side == cacheSession->side
         #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
@@ -3513,7 +3520,7 @@ int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
         size = outSz;
     }
 
-    XMEMCPY(out, ses->masterSecret, size);
+    XMEMCPY(out, ses->masterSecret, (size_t)size);
     return size;
 }
 
@@ -3554,7 +3561,16 @@ void SetupSession(WOLFSSL* ssl)
     session->side = (byte)ssl->options.side;
     if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL)
         XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN);
-    session->haveEMS = ssl->options.haveEMS;
+    /* RFC8446 Appendix D.
+     *   implementations which support both TLS 1.3 and earlier versions SHOULD
+     *   indicate the use of the Extended Master Secret extension in their APIs
+     *   whenever TLS 1.3 is used.
+     * Set haveEMS so that we send the extension in subsequent connections that
+     * offer downgrades. */
+    if (IsAtLeastTLSv1_3(ssl->version))
+        session->haveEMS = 1;
+    else
+        session->haveEMS = ssl->options.haveEMS;
 #ifdef WOLFSSL_SESSION_ID_CTX
     /* If using compatibility layer then check for and copy over session context
      * id. */
@@ -3675,10 +3691,12 @@ WOLFSSL_SESSION* wolfSSL_NewSession(void* heap)
     #endif
 #ifdef HAVE_EX_DATA
         ret->ownExData = 1;
+        #ifdef HAVE_EX_DATA_CRYPTO
         if (crypto_ex_cb_ctx_session != NULL) {
             crypto_ex_cb_setup_new_data(ret, crypto_ex_cb_ctx_session,
                     &ret->ex_data);
         }
+        #endif
 #endif
     }
     return ret;
@@ -3732,7 +3750,7 @@ int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session)
  * @param ticketNonceBuf If not null and @avoidSysCalls is true, the copy of the
  *                      ticketNonce will happen in this pre allocated buffer
  * @param ticketNonceLen @ticketNonceBuf len as input, used length on output
- * @param ticketNonceUsed if @ticketNonceBuf was used to copy the ticket noncet
+ * @param ticketNonceUsed if @ticketNonceBuf was used to copy the ticket nonce
  * @return              WOLFSSL_SUCCESS on success
  *                      WOLFSSL_FAILURE on failure
  */
@@ -3741,10 +3759,10 @@ static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input,
     byte* ticketNonceLen, byte* preallocUsed)
 {
 #ifdef HAVE_SESSION_TICKET
-    int   ticLenAlloc = 0;
+    word16 ticLenAlloc = 0;
     byte *ticBuff = NULL;
 #endif
-    const size_t copyOffset = OFFSETOF(WOLFSSL_SESSION, heap) +
+    const size_t copyOffset = WC_OFFSETOF(WOLFSSL_SESSION, heap) +
         sizeof(input->heap);
     int ret = WOLFSSL_SUCCESS;
 
@@ -3957,7 +3975,7 @@ static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input,
 
 #endif /* HAVE_SESSION_TICKET */
 
-#ifdef HAVE_EX_DATA
+#ifdef HAVE_EX_DATA_CRYPTO
     if (input->type != WOLFSSL_SESSION_TYPE_CACHE &&
             output->type != WOLFSSL_SESSION_TYPE_CACHE) {
         /* Not called with cache as that passes ownership of ex_data */
@@ -4037,7 +4055,7 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
 
     WOLFSSL_MSG("wolfSSL_FreeSession full free");
 
-#ifdef HAVE_EX_DATA
+#ifdef HAVE_EX_DATA_CRYPTO
     if (session->ownExData) {
         crypto_ex_cb_free_data(session, crypto_ex_cb_ctx_session,
                 &session->ex_data);
@@ -4083,7 +4101,7 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
     ForceZero(session->sessionID, ID_LEN);
 
     if (session->type == WOLFSSL_SESSION_TYPE_HEAP) {
-        XFREE(session, session->heap, DYNAMIC_TYPE_SESSION);
+        XFREE(session, session->heap, DYNAMIC_TYPE_SESSION); /* // NOLINT(clang-analyzer-unix.Malloc) */
     }
 }
 
@@ -4157,7 +4175,8 @@ int wolfSSL_SESSION_set1_id(WOLFSSL_SESSION *s,
     if (sid_len > ID_LEN) {
         return WOLFSSL_FAILURE;
     }
-    s->sessionIDSz = sid_len;
+
+    s->sessionIDSz = (byte)sid_len;
     if (sid != s->sessionID) {
         XMEMCPY(s->sessionID, sid, sid_len);
     }
@@ -4173,7 +4192,7 @@ int wolfSSL_SESSION_set1_id_context(WOLFSSL_SESSION *s,
     if (sid_ctx_len > ID_LEN) {
         return WOLFSSL_FAILURE;
     }
-    s->sessionCtxSz = sid_ctx_len;
+    s->sessionCtxSz = (byte)sid_ctx_len;
     if (sid_ctx != s->sessionCtx) {
         XMEMCPY(s->sessionCtx, sid_ctx, sid_ctx_len);
     }
@@ -4223,12 +4242,11 @@ const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session)
 
 #endif
 
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
-    defined(HAVE_EX_DATA)
+#ifdef HAVE_EX_DATA
 
 int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data");
 #ifdef HAVE_EX_DATA
     session = ClientSessionToSession(session);
@@ -4294,13 +4312,8 @@ void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
 #endif
     return ret;
 }
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_EX_DATA */
 
-#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
-    (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-    defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
-    defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))
-#ifdef HAVE_EX_DATA
+#ifdef HAVE_EX_DATA_CRYPTO
 int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
         WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func,
         WOLFSSL_CRYPTO_EX_free* free_func)
@@ -4309,9 +4322,8 @@ int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
     return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION, ctx_l,
             ctx_ptr, new_func, dup_func, free_func);
 }
-#endif
-#endif
-
+#endif /* HAVE_EX_DATA_CRYPTO */
+#endif /* HAVE_EX_DATA */
 
 #if defined(OPENSSL_ALL) || \
     defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \
diff --git a/src/tls.c b/src/tls.c
index a2f3705cf..34c04902f 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1,6 +1,6 @@
 /* tls.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef WOLFCRYPT_ONLY
 
@@ -48,12 +42,12 @@
 #ifdef HAVE_CURVE448
     #include <wolfssl/wolfcrypt/curve448.h>
 #endif
-#ifdef WOLFSSL_HAVE_KYBER
-    #include <wolfssl/wolfcrypt/kyber.h>
-#ifdef WOLFSSL_WC_KYBER
-    #include <wolfssl/wolfcrypt/wc_kyber.h>
-#elif defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
-    #include <wolfssl/wolfcrypt/ext_kyber.h>
+#ifdef WOLFSSL_HAVE_MLKEM
+    #include <wolfssl/wolfcrypt/mlkem.h>
+#ifdef WOLFSSL_WC_MLKEM
+    #include <wolfssl/wolfcrypt/wc_mlkem.h>
+#elif defined(HAVE_LIBOQS)
+    #include <wolfssl/wolfcrypt/ext_mlkem.h>
 #endif
 #endif
 
@@ -645,12 +639,24 @@ int MakeTlsMasterSecret(WOLFSSL* ssl)
         XMEMSET(handshake_hash, 0, HSHASH_SZ);
         ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
         if (ret == 0) {
-            ret = _MakeTlsExtendedMasterSecret(
-                ssl->arrays->masterSecret, SECRET_LEN,
-                ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
-                handshake_hash, hashSz,
-                IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
-                ssl->heap, ssl->devId);
+        #if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS)
+            ret = PROTOCOLCB_UNAVAILABLE;
+            if (ssl->ctx->GenExtMasterCb) {
+                void* ctx = wolfSSL_GetGenExtMasterSecretCtx(ssl);
+                ret = ssl->ctx->GenExtMasterCb(ssl, handshake_hash, hashSz,
+                                                ctx);
+            }
+            if (!ssl->ctx->GenExtMasterCb ||
+                ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE))
+        #endif /* (HAVE_SECRET_CALLBACK) && (HAVE_EXT_SECRET_CALLBACK) */
+            {
+                ret = _MakeTlsExtendedMasterSecret(
+                    ssl->arrays->masterSecret, SECRET_LEN,
+                    ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
+                    handshake_hash, hashSz,
+                    IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
+                    ssl->heap, ssl->devId);
+            }
             ForceZero(handshake_hash, hashSz);
         }
 
@@ -760,6 +766,15 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
     if (ssl == NULL || inner == NULL)
         return BAD_FUNC_ARG;
 
+    if (content == dtls12_cid
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+       || (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0)
+#endif
+    ) {
+        WOLFSSL_MSG("wolfSSL_SetTlsHmacInner doesn't support CID");
+        return BAD_FUNC_ARG;
+    }
+
     XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ);
 
     WriteSEQ(ssl, verify, inner);
@@ -918,10 +933,11 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
  * in      Message data.
  * sz      Size of the message data.
  * header  Constructed record header with length of handshake data.
+ * headerSz Length of header
  * returns 0 on success, otherwise failure.
  */
 static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
-                               word32 sz, int macLen, byte* header)
+                           word32 sz, int macLen, byte* header, word32 headerSz)
 {
     byte         lenBytes[8];
     int          i, j;
@@ -929,7 +945,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
     int          blockBits, blockMask;
     int          lastBlockLen, extraLen, eocIndex;
     int          blocks, safeBlocks, lenBlock, eocBlock;
-    unsigned int maxLen;
+    word32       maxLen;
     int          blockSz, padSz;
     int          ret;
     word32       realLen;
@@ -982,29 +998,30 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
     blockMask = blockSz - 1;
 
     /* Size of data to HMAC if padding length byte is zero. */
-    maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen;
+    maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - (word32)macLen;
+
     /* Complete data (including padding) has block for EOC and/or length. */
-    extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz);
+    extraBlock = ctSetLTE(((int)maxLen + padSz) & blockMask, padSz);
     /* Total number of blocks for data including padding. */
-    blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock;
+    blocks = ((int)(maxLen + (word32)blockSz - 1) >> blockBits) + extraBlock;
     /* Up to last 6 blocks can be hashed safely. */
     safeBlocks = blocks - 6;
 
     /* Length of message data. */
     realLen = maxLen - in[sz - 1];
     /* Number of message bytes in last block. */
-    lastBlockLen = realLen & blockMask;
+    lastBlockLen = (int)realLen & blockMask;
     /* Number of padding bytes in last block. */
     extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1;
     /* Number of blocks to create for hash. */
-    lenBlock = (realLen + extraLen) >> blockBits;
+    lenBlock = ((int)realLen + extraLen) >> blockBits;
     /* Block containing EOC byte. */
-    eocBlock = realLen >> blockBits;
+    eocBlock = (int)(realLen >> (word32)blockBits);
     /* Index of EOC byte in block. */
-    eocIndex = realLen & blockMask;
+    eocIndex = (int)(realLen & (word32)blockMask);
 
     /* Add length of hmac's ipad to total length. */
-    realLen += blockSz;
+    realLen += (word32)blockSz;
     /* Length as bits - 8 bytes bigendian. */
     c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes);
     c32toa(realLen << 3, lenBytes + sizeof(word32));
@@ -1013,21 +1030,22 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
     if (ret != 0)
         return ret;
 
-    XMEMSET(hmac->innerHash, 0, macLen);
+    XMEMSET(hmac->innerHash, 0, (size_t)macLen);
 
     if (safeBlocks > 0) {
-        ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
+        ret = Hmac_HashUpdate(hmac, header, headerSz);
         if (ret != 0)
             return ret;
-        ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz -
-                                                     WOLFSSL_TLS_HMAC_INNER_SZ);
+        ret = Hmac_HashUpdate(hmac, in, (word32)(safeBlocks * blockSz -
+                                WOLFSSL_TLS_HMAC_INNER_SZ));
+
         if (ret != 0)
             return ret;
     }
     else
         safeBlocks = 0;
 
-    XMEMSET(digest, 0, macLen);
+    XMEMSET(digest, 0, (size_t)macLen);
     k = (unsigned int)(safeBlocks * blockSz);
     for (i = safeBlocks; i < blocks; i++) {
         unsigned char hashBlock[WC_MAX_BLOCK_SIZE];
@@ -1039,10 +1057,10 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
             unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock;
             unsigned char b = 0;
 
-            if (k < WOLFSSL_TLS_HMAC_INNER_SZ)
+            if (k < headerSz)
                 b = header[k];
             else if (k < maxLen)
-                b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ];
+                b = in[k - headerSz];
             k++;
 
             b = ctMaskSel(atEoc, 0x80, b);
@@ -1085,10 +1103,11 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
  * in      Message data.
  * sz      Size of the message data.
  * header  Constructed record header with length of handshake data.
+ * headerSz Length of header
  * returns 0 on success, otherwise failure.
  */
 static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
-                            word32 sz, byte* header)
+                            word32 sz, byte* header, word32 headerSz)
 {
     byte       dummy[WC_MAX_BLOCK_SIZE] = {0};
     int        ret = 0;
@@ -1174,11 +1193,11 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
     /* Calculate whole blocks. */
     msgBlocks--;
 
-    ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ);
+    ret = wc_HmacUpdate(hmac, header, headerSz);
     if (ret == 0) {
         /* Fill the rest of the block with any available data. */
-        word32 currSz = ctMaskLT((int)msgSz, blockSz) & msgSz;
-        currSz |= ctMaskGTE((int)msgSz, blockSz) & blockSz;
+        word32 currSz = ctMaskLT((int)msgSz, (int)blockSz) & msgSz;
+        currSz |= ctMaskGTE((int)msgSz, (int)blockSz) & blockSz;
         currSz -= WOLFSSL_TLS_HMAC_INNER_SZ;
         currSz &= ~(0 - (currSz >> 31));
         ret = wc_HmacUpdate(hmac, in, currSz);
@@ -1210,11 +1229,66 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
 
 #endif
 
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+#define TLS_HMAC_CID_SZ(s, v) \
+                ((v) ? DtlsGetCidRxSize((s)) \
+                     : DtlsGetCidTxSize((s)))
+#define TLS_HMAC_CID(s, v, b, c) \
+                ((v) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \
+                     : wolfSSL_dtls_cid_get_tx((s), (b), (c)))
+#endif
+
+static int TLS_hmac_SetInner(WOLFSSL* ssl, byte* inner, word32* innerSz,
+        word32 sz, int content, int verify, int epochOrder)
+{
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    unsigned int cidSz = 0;
+    if (ssl->options.dtls && (cidSz = TLS_HMAC_CID_SZ(ssl, verify)) > 0) {
+        word32 idx = 0;
+        if (cidSz > DTLS_CID_MAX_SIZE) {
+            WOLFSSL_MSG("DTLS CID too large");
+            return DTLS_CID_ERROR;
+        }
+
+        XMEMSET(inner + idx, 0xFF, SEQ_SZ);
+        idx += SEQ_SZ;
+        inner[idx++] = dtls12_cid;
+        inner[idx++] = (byte)cidSz;
+        inner[idx++] = dtls12_cid;
+        inner[idx++] = ssl->version.major;
+        inner[idx++] = ssl->version.minor;
+        WriteSEQ(ssl, epochOrder, inner + idx);
+        idx += SEQ_SZ;
+        if (TLS_HMAC_CID(ssl, verify, inner + idx, cidSz) ==
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+            WOLFSSL_MSG("DTLS CID write failed");
+            return DTLS_CID_ERROR;
+        }
+        idx += cidSz;
+        c16toa((word16)sz, inner + idx);
+        idx += LENGTH_SZ;
+
+        *innerSz = idx;
+        return 0;
+    }
+#endif
+    *innerSz = WOLFSSL_TLS_HMAC_INNER_SZ;
+    return wolfSSL_SetTlsHmacInner(ssl, inner, sz, content,
+            !ssl->options.dtls ? verify : epochOrder);
+}
+
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+#define TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_CID_INNER_SZ
+#else
+#define TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_INNER_SZ
+#endif
+
 int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
              int content, int verify, int epochOrder)
 {
     Hmac   hmac;
-    byte   myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
+    byte   myInner[TLS_HMAC_INNER_SZ];
+    word32 innerSz = TLS_HMAC_INNER_SZ;
     int    ret = 0;
     const byte* macSecret = NULL;
     word32 hashSz = 0;
@@ -1242,10 +1316,10 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
     }
 #endif
 
-    if (!ssl->options.dtls)
-        wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
-    else
-        wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, epochOrder);
+    ret = TLS_hmac_SetInner(ssl, myInner, &innerSz, sz, content, verify,
+                            epochOrder);
+    if (ret != 0)
+        return ret;
 
     ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId);
     if (ret != 0)
@@ -1256,10 +1330,8 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
     if (ssl->options.dtls)
         macSecret = wolfSSL_GetDtlsMacSecret(ssl, verify, epochOrder);
     else
-        macSecret = wolfSSL_GetMacSecret(ssl, verify);
-#else
-    macSecret = wolfSSL_GetMacSecret(ssl, verify);
 #endif
+        macSecret = wolfSSL_GetMacSecret(ssl, verify);
     ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
                                               macSecret,
                                               ssl->specs.hash_size);
@@ -1272,21 +1344,24 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
     #ifdef HAVE_BLAKE2
             if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) {
                 ret = Hmac_UpdateFinal(&hmac, digest, in,
-                                              sz + hashSz + padSz + 1, myInner);
+                        sz + hashSz + (word32)padSz + 1, myInner, innerSz);
             }
             else
     #endif
             {
                 ret = Hmac_UpdateFinal_CT(&hmac, digest, in,
-                                      sz + hashSz + padSz + 1, hashSz, myInner);
+                                      (sz + hashSz + (word32)padSz + 1),
+                                      (int)hashSz, myInner, innerSz);
+
             }
 #else
-            ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1,
-                                                                       myInner);
+            ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz +
+                                        (word32)(padSz) + 1,
+                                        myInner, innerSz);
 #endif
         }
         else {
-            ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
+            ret = wc_HmacUpdate(&hmac, myInner, innerSz);
             if (ret == 0)
                 ret = wc_HmacUpdate(&hmac, in, sz);                /* content */
             if (ret == 0)
@@ -1830,7 +1905,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length,
                                  byte isRequest)
 {
     word16  size = 0, offset = 0, wlen;
-    int     r = BUFFER_ERROR;
+    int     r = WC_NO_ERR_TRACE(BUFFER_ERROR);
     const byte *s;
 
     if (OPAQUE16_LEN > length)
@@ -3116,51 +3191,136 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap)
 
 static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap)
 {
+    int i;
+
     switch (csr->status_type) {
         case WOLFSSL_CSR_OCSP:
-            FreeOcspRequest(&csr->request.ocsp);
+            for (i = 0; i <= csr->requests; i++) {
+                FreeOcspRequest(&csr->request.ocsp[i]);
+            }
         break;
     }
-
 #ifdef WOLFSSL_TLS13
-    if (csr->response.buffer != NULL) {
-        XFREE(csr->response.buffer, csr->ssl->heap,
+    for (i = 0; i < MAX_CERT_EXTENSIONS; i++) {
+        if (csr->responses[i].buffer != NULL) {
+            XFREE(csr->responses[i].buffer, heap,
                 DYNAMIC_TYPE_TMP_BUFFER);
+        }
     }
 #endif
     XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
     (void)heap;
 }
 
-static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
+word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest,
+                                                             int idx)
 {
     word16 size = 0;
 
     /* shut up compiler warnings */
     (void) csr; (void) isRequest;
-
 #ifndef NO_WOLFSSL_CLIENT
     if (isRequest) {
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP:
                 size += ENUM_LEN + 2 * OPAQUE16_LEN;
 
-                if (csr->request.ocsp.nonceSz)
+                if (csr->request.ocsp[0].nonceSz)
                     size += OCSP_NONCE_EXT_SZ;
             break;
         }
     }
 #endif
 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
-    if (!isRequest && csr->ssl->options.tls1_3)
-        return OPAQUE8_LEN + OPAQUE24_LEN + csr->response.length;
+    if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) {
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+        if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL &&
+                SSL_CM(csr->ssl)->ocsp_stapling != NULL &&
+                SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL &&
+                idx == 0) {
+            return OPAQUE8_LEN + OPAQUE24_LEN + csr->ssl->ocspRespSz;
+        }
+#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
+        return (word16)(OPAQUE8_LEN + OPAQUE24_LEN +
+                csr->responses[idx].length);
+    }
+#else
+    (void)idx;
 #endif
-
     return size;
 }
 
-static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
-                          byte isRequest)
+#if (defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)) && \
+(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
+static int TLSX_CSR_SetResponseWithStatusCB(WOLFSSL *ssl)
+{
+    void *ioCtx = NULL;
+    WOLFSSL_OCSP *ocsp;
+    int ret;
+
+    if (ssl == NULL || SSL_CM(ssl) == NULL)
+        return BAD_FUNC_ARG;
+    ocsp = SSL_CM(ssl)->ocsp_stapling;
+    if (ocsp == NULL || ocsp->statusCb == NULL)
+        return BAD_FUNC_ARG;
+    ioCtx = (ssl->ocspIOCtx != NULL) ? ssl->ocspIOCtx : ocsp->cm->ocspIOCtx;
+    ret = ocsp->statusCb(ssl, ioCtx);
+    switch (ret) {
+        case SSL_TLSEXT_ERR_OK:
+            if (ssl->ocspRespSz > 0) {
+                /* ack the extension, status cb provided the response in
+                 * ssl->ocspResp */
+                TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST);
+                ssl->status_request = WOLFSSL_CSR_OCSP;
+            }
+            ret = 0;
+            break;
+        case SSL_TLSEXT_ERR_NOACK:
+            /* suppressing as not critical */
+            ret = 0;
+            break;
+        case SSL_TLSEXT_ERR_ALERT_FATAL:
+        default:
+            ret = WOLFSSL_FATAL_ERROR;
+            break;
+    }
+    return ret;
+}
+
+static int TLSX_CSR_WriteWithStatusCB(CertificateStatusRequest* csr,
+    byte* output)
+{
+    WOLFSSL *ssl = csr->ssl;
+    WOLFSSL_OCSP *ocsp;
+    word16 offset = 0;
+    byte *response;
+    int respSz;
+
+    if (ssl == NULL || SSL_CM(ssl) == NULL)
+        return BAD_FUNC_ARG;
+    ocsp = SSL_CM(ssl)->ocsp_stapling;
+    if (ocsp == NULL || ocsp->statusCb == NULL)
+        return BAD_FUNC_ARG;
+    response = ssl->ocspResp;
+    respSz = ssl->ocspRespSz;
+    if (response == NULL || respSz == 0)
+        return BAD_FUNC_ARG;
+    output[offset++] = WOLFSSL_CSR_OCSP;
+    c32to24(respSz, output + offset);
+    offset += OPAQUE24_LEN;
+    XMEMCPY(output + offset, response, respSz);
+    return offset + respSz;
+}
+#endif /* (TLS13 && !NO_WOLFSLL_SERVER) && (OPENSSL_ALL || WOLFSSL_NGINX ||
+WOLFSSL_HAPROXY) */
+
+static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
+{
+    return TLSX_CSR_GetSize_ex(csr, isRequest, 0);
+}
+
+int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output,
+                          byte isRequest, int idx)
 {
     /* shut up compiler warnings */
     (void) csr; (void) output; (void) isRequest;
@@ -3181,8 +3341,8 @@ static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
                 offset += OPAQUE16_LEN;
 
                 /* request extensions */
-                if (csr->request.ocsp.nonceSz) {
-                    ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp,
+                if (csr->request.ocsp[0].nonceSz) {
+                    ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp[0],
                                                  output + offset + OPAQUE16_LEN,
                                                  OCSP_NONCE_EXT_SZ);
 
@@ -3204,20 +3364,120 @@ static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
     }
 #endif
 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
-    if (!isRequest && csr->ssl->options.tls1_3) {
+    if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) {
         word16 offset = 0;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+        if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL &&
+                SSL_CM(csr->ssl)->ocsp_stapling != NULL &&
+                SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL &&
+                idx == 0) {
+            return TLSX_CSR_WriteWithStatusCB(csr, output);
+        }
+#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
         output[offset++] = csr->status_type;
-        c32to24(csr->response.length, output + offset);
+        c32to24(csr->responses[idx].length, output + offset);
         offset += OPAQUE24_LEN;
-        XMEMCPY(output + offset, csr->response.buffer, csr->response.length);
-        offset += csr->response.length;
+        XMEMCPY(output + offset, csr->responses[idx].buffer,
+                                        csr->responses[idx].length);
+        offset += (word16)csr->responses[idx].length;
         return offset;
     }
+#else
+    (void)idx;
 #endif
 
     return 0;
 }
 
+static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
+                          byte isRequest)
+{
+    return TLSX_CSR_Write_ex(csr, output, isRequest, 0);
+}
+
+#if !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \
+    defined(WOLFSSL_TLS_OCSP_MULTI)
+/* Process OCSP request certificate chain
+ *
+ * ssl       SSL/TLS object.
+ * returns 0 on success, otherwise failure.
+ */
+static int ProcessChainOCSPRequest(WOLFSSL* ssl)
+{
+    DecodedCert* cert;
+    OcspRequest* request;
+    TLSX* extension;
+    CertificateStatusRequest* csr;
+    DerBuffer* chain;
+    word32 pos = 0;
+    buffer der;
+    int i = 1;
+    int ret = 0;
+    byte ctxOwnsRequest = 0;
+
+    /* use certChain if available, otherwise use peer certificate */
+    chain = ssl->buffers.certChain;
+    if (chain == NULL) {
+        chain = ssl->buffers.certificate;
+    }
+
+    extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
+    csr = extension ?
+                (CertificateStatusRequest*)extension->data : NULL;
+    if (csr == NULL)
+        return MEMORY_ERROR;
+
+    cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
+                                         DYNAMIC_TYPE_DCERT);
+    if (cert == NULL) {
+        return MEMORY_E;
+    }
+
+    if (chain && chain->buffer) {
+        while (ret == 0 && pos + OPAQUE24_LEN < chain->length) {
+            c24to32(chain->buffer + pos, &der.length);
+            pos += OPAQUE24_LEN;
+            der.buffer = chain->buffer + pos;
+            pos += der.length;
+
+            if (pos > chain->length)
+                break;
+            request = &csr->request.ocsp[i];
+            if (ret == 0) {
+                ret = CreateOcspRequest(ssl, request, cert,
+                        der.buffer, der.length, &ctxOwnsRequest);
+                if (ctxOwnsRequest) {
+                    wolfSSL_Mutex* ocspLock =
+                        &SSL_CM(ssl)->ocsp_stapling->ocspLock;
+                    if (wc_LockMutex(ocspLock) == 0) {
+                        /* the request is ours */
+                        ssl->ctx->certOcspRequest = NULL;
+                    }
+                    wc_UnLockMutex(ocspLock);
+                }
+            }
+
+            if (ret == 0) {
+                request->ssl = ssl;
+                ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling,
+                                 request, &csr->responses[i], ssl->heap);
+                /* Suppressing, not critical */
+                if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) ||
+                    ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN) ||
+                    ret == WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL)) {
+                    ret = 0;
+                }
+                i++;
+                csr->requests++;
+            }
+        }
+    }
+    XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
+
+    return ret;
+}
+#endif
+
 static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                           byte isRequest)
 {
@@ -3272,14 +3532,14 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
             switch (csr->status_type) {
                 case WOLFSSL_CSR_OCSP:
                     /* propagate nonce */
-                    if (csr->request.ocsp.nonceSz) {
+                    if (csr->request.ocsp[0].nonceSz) {
                         request =
                             (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions);
 
                         if (request) {
-                            XMEMCPY(request->nonce, csr->request.ocsp.nonce,
-                                                    csr->request.ocsp.nonceSz);
-                            request->nonceSz = csr->request.ocsp.nonceSz;
+                            XMEMCPY(request->nonce, csr->request.ocsp[0].nonce,
+                                        (size_t)csr->request.ocsp[0].nonceSz);
+                            request->nonceSz = csr->request.ocsp[0].nonceSz;
                         }
                     }
                 break;
@@ -3310,14 +3570,21 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                     ret = BUFFER_ERROR;
             }
             if (ret == 0) {
-                csr->response.buffer = (byte*)XMALLOC(resp_length, ssl->heap,
+                if (ssl->response_idx < (1 + MAX_CHAIN_DEPTH))
+                    csr->responses[ssl->response_idx].buffer =
+                    (byte*)XMALLOC(resp_length, ssl->heap,
                         DYNAMIC_TYPE_TMP_BUFFER);
-                if (csr->response.buffer == NULL)
+                else
+                    ret = BAD_FUNC_ARG;
+
+                if (ret == 0 &&
+                        csr->responses[ssl->response_idx].buffer == NULL)
                     ret = MEMORY_ERROR;
             }
             if (ret == 0) {
-                XMEMCPY(csr->response.buffer, input + offset, resp_length);
-                csr->response.length = resp_length;
+                XMEMCPY(csr->responses[ssl->response_idx].buffer,
+                                            input + offset, resp_length);
+                csr->responses[ssl->response_idx].length = resp_length;
             }
 
             return ret;
@@ -3382,6 +3649,13 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
 
     #if defined(WOLFSSL_TLS13)
         if (ssl->options.tls1_3) {
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+            if (ssl != NULL && SSL_CM(ssl) != NULL &&
+                    SSL_CM(ssl)->ocsp_stapling != NULL &&
+                    SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) {
+            return TLSX_CSR_SetResponseWithStatusCB(ssl);
+}
+#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
             if (ssl->buffers.certificate == NULL) {
                 WOLFSSL_MSG("Certificate buffer not set!");
                 return BUFFER_ERROR;
@@ -3412,19 +3686,33 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
             }
             FreeDecodedCert(cert);
             XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
-
             extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
             csr = extension ?
                 (CertificateStatusRequest*)extension->data : NULL;
             if (csr == NULL)
                 return MEMORY_ERROR;
 
-            request = &csr->request.ocsp;
-            ret = CreateOcspResponse(ssl, &request, &csr->response);
+            request = &csr->request.ocsp[0];
+            ret = CreateOcspResponse(ssl, &request, &csr->responses[0]);
+            if (request != &csr->request.ocsp[0] &&
+                    ssl->buffers.weOwnCert) {
+                /* request will be allocated in CreateOcspResponse() */
+                FreeOcspRequest(request);
+                XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
+            }
             if (ret != 0)
                 return ret;
-            if (csr->response.buffer)
+
+            if (csr->responses[0].buffer)
                 TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST);
+        #if defined(WOLFSSL_TLS_OCSP_MULTI)
+            /* process OCSP request in certificate chain */
+            if ((ret = ProcessChainOCSPRequest(ssl)) != 0) {
+                WOLFSSL_MSG("Process Cert Chain OCSP request failed");
+                WOLFSSL_ERROR_VERBOSE(ret);
+                return ret;
+            }
+        #endif
         }
         else
     #endif
@@ -3436,9 +3724,10 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     return 0;
 }
 
-int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
+int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert,
+                                                            void* heap, int idx)
 {
-    TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
+     TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
     CertificateStatusRequest* csr = extension ?
         (CertificateStatusRequest*)extension->data : NULL;
     int ret = 0;
@@ -3447,18 +3736,33 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP: {
                 byte nonce[MAX_OCSP_NONCE_SZ];
-                int  nonceSz = csr->request.ocsp.nonceSz;
+                int  req_cnt = idx == -1 ? csr->requests : idx;
+                int  nonceSz = csr->request.ocsp[0].nonceSz;
+                OcspRequest* request;
 
+                request = &csr->request.ocsp[req_cnt];
+                if (request->serial != NULL) {
+                    /* clear request contents before reuse */
+                    FreeOcspRequest(request);
+                    if (csr->requests > 0)
+                        csr->requests--;
+                }
                 /* preserve nonce */
-                XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz);
+                XMEMCPY(nonce, csr->request.ocsp->nonce, (size_t)nonceSz);
 
-                if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap))
-                                                                           != 0)
-                    return ret;
+                if (req_cnt < MAX_CERT_EXTENSIONS) {
+                    if ((ret = InitOcspRequest(request, cert, 0, heap)) != 0)
+                        return ret;
 
-                /* restore nonce */
-                XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz);
-                csr->request.ocsp.nonceSz = nonceSz;
+                    /* restore nonce */
+                    XMEMCPY(csr->request.ocsp->nonce, nonce, (size_t)nonceSz);
+                    request->nonceSz = nonceSz;
+                    csr->requests++;
+                }
+                else {
+                    WOLFSSL_ERROR_VERBOSE(MAX_CERT_EXTENSIONS_ERR);
+                    return MAX_CERT_EXTENSIONS_ERR;
+                }
             }
             break;
         }
@@ -3467,22 +3771,37 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
     return ret;
 }
 
-void* TLSX_CSR_GetRequest(TLSX* extensions)
+int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
+{
+    return TLSX_CSR_InitRequest_ex(extensions, cert, heap, -1);
+}
+
+void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx)
 {
     TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
     CertificateStatusRequest* csr = extension ?
                               (CertificateStatusRequest*)extension->data : NULL;
 
-    if (csr) {
+    if (csr && csr->ssl) {
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP:
-                return &csr->request.ocsp;
+                if (IsAtLeastTLSv1_3(csr->ssl->version)) {
+                    return idx < csr->requests ? &csr->request.ocsp[idx] : NULL;
+                }
+                else {
+                    return idx == 0 ? &csr->request.ocsp[0] : NULL;
+                }
         }
     }
 
     return NULL;
 }
 
+void* TLSX_CSR_GetRequest(TLSX* extensions)
+{
+    return TLSX_CSR_GetRequest_ex(extensions, 0);
+}
+
 int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
 {
     TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
@@ -3493,9 +3812,9 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
         switch (csr->status_type) {
             case WOLFSSL_CSR_OCSP:
                 if (SSL_CM(ssl)->ocspEnabled) {
-                    csr->request.ocsp.ssl = ssl;
+                    csr->request.ocsp[0].ssl = ssl;
                     return CheckOcspRequest(SSL_CM(ssl)->ocsp,
-                                              &csr->request.ocsp, NULL, NULL);
+                                              &csr->request.ocsp[0], NULL, NULL);
                 }
                 else {
                     WOLFSSL_ERROR_VERBOSE(OCSP_LOOKUP_FAIL);
@@ -3523,7 +3842,9 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
         return MEMORY_E;
 
     ForceZero(csr, sizeof(CertificateStatusRequest));
-
+#if defined(WOLFSSL_TLS13)
+    XMEMSET(csr->responses, 0, sizeof(csr->responses));
+#endif
     csr->status_type = status_type;
     csr->options     = options;
     csr->ssl         = ssl;
@@ -3540,9 +3861,9 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
                 (void)devId;
             #endif
                 if (ret == 0) {
-                    if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce,
+                    if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp[0].nonce,
                                                         MAX_OCSP_NONCE_SZ) == 0)
-                        csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ;
+                        csr->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ;
 
                     wc_FreeRng(&rng);
                 }
@@ -3749,7 +4070,7 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                             if (request) {
                                 XMEMCPY(request->nonce,
                                         csr2->request.ocsp[0].nonce,
-                                        csr2->request.ocsp[0].nonceSz);
+                                        (size_t)csr2->request.ocsp[0].nonceSz);
 
                                 request->nonceSz =
                                                   csr2->request.ocsp[0].nonceSz;
@@ -3831,6 +4152,14 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                     continue;
             }
 
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+            /* OpenSSL status CB supports only CERTIFICATE STATUS REQ V1 */
+            if (ssl != NULL && SSL_CM(ssl) != NULL &&
+                    SSL_CM(ssl)->ocsp_stapling != NULL &&
+                    SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) {
+                    return 0;
+            }
+#endif
             /* if using status_request and already sending it, remove it
              * and prefer to use the v2 version */
             #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
@@ -3886,7 +4215,7 @@ int TLSX_CSR2_AddPendingSigner(TLSX *extensions, Signer *s)
 
     csr2 = TLSX_CSR2_GetMulti(extensions);
     if (!csr2)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
 
     s->next = csr2->pendingSigners;
     csr2->pendingSigners = s;
@@ -3961,7 +4290,8 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer,
                     int  nonceSz = csr2->request.ocsp[0].nonceSz;
 
                     /* preserve nonce, replicating nonce of ocsp[0] */
-                    XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz);
+                    XMEMCPY(nonce, csr2->request.ocsp[0].nonce,
+                    (size_t)nonceSz);
 
                     if ((ret = InitOcspRequest(
                                       &csr2->request.ocsp[csr2->requests], cert,
@@ -3970,7 +4300,7 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer,
 
                     /* restore nonce */
                     XMEMCPY(csr2->request.ocsp[csr2->requests].nonce,
-                                                                nonce, nonceSz);
+                                                        nonce, (size_t)nonceSz);
                     csr2->request.ocsp[csr2->requests].nonceSz = nonceSz;
                     csr2->requests++;
                 }
@@ -4088,6 +4418,11 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
         CertificateStatusRequestItemV2* last =
                                (CertificateStatusRequestItemV2*)extension->data;
 
+        if (last == NULL) {
+            XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
+            return BAD_FUNC_ARG;
+        }
+
         for (; last->next; last = last->next);
 
         last->next = csr2;
@@ -4121,7 +4456,7 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
 #ifdef HAVE_SUPPORTED_CURVES
 
 #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448) \
-                       && !defined(HAVE_FFDHE) && !defined(WOLFSSL_HAVE_KYBER)
+                       && !defined(HAVE_FFDHE) && !defined(WOLFSSL_HAVE_MLKEM)
 #error Elliptic Curves Extension requires Elliptic Curve Cryptography or liboqs groups. \
        Use --enable-ecc and/or --enable-liboqs in the configure script or \
        define HAVE_ECC. Alternatively use FFDHE for DH cipher suites.
@@ -4581,7 +4916,7 @@ static int tlsx_ffdhe_find_group(WOLFSSL* ssl, SupportedCurve* clientGroup,
     const DhParams* params = NULL;
 
     for (; serverGroup != NULL; serverGroup = serverGroup->next) {
-        if (!WOLFSSL_NAMED_GROUP_IS_FFHDE(serverGroup->name))
+        if (!WOLFSSL_NAMED_GROUP_IS_FFDHE(serverGroup->name))
             continue;
 
         for (group = clientGroup; group != NULL; group = group->next) {
@@ -4658,7 +4993,7 @@ static int tlsx_ffdhe_find_group(WOLFSSL* ssl, SupportedCurve* clientGroup,
     word32 p_len;
 
     for (; serverGroup != NULL; serverGroup = serverGroup->next) {
-        if (!WOLFSSL_NAMED_GROUP_IS_FFHDE(serverGroup->name))
+        if (!WOLFSSL_NAMED_GROUP_IS_FFDHE(serverGroup->name))
             continue;
 
         for (group = clientGroup; group != NULL; group = group->next) {
@@ -4762,7 +5097,7 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl)
         return 0;
     clientGroup = (SupportedCurve*)extension->data;
     for (group = clientGroup; group != NULL; group = group->next) {
-        if (WOLFSSL_NAMED_GROUP_IS_FFHDE(group->name)) {
+        if (WOLFSSL_NAMED_GROUP_IS_FFDHE(group->name)) {
             found = 1;
             break;
         }
@@ -5677,14 +6012,25 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, const byte* input,
                     /* SERVER: ticket is peer auth. */
                     ssl->options.peerAuthGood = 1;
                 }
-            } else if (ret == WOLFSSL_TICKET_RET_REJECT) {
+            } else if (ret == WOLFSSL_TICKET_RET_REJECT ||
+                    ret == WC_NO_ERR_TRACE(VERSION_ERROR)) {
                 WOLFSSL_MSG("Process client ticket rejected, not using");
-                ssl->options.rejectTicket = 1;
+                if (ret == WC_NO_ERR_TRACE(VERSION_ERROR))
+                    WOLFSSL_MSG("\tbad TLS version");
                 ret = 0;  /* not fatal */
-            } else if (ret == WC_NO_ERR_TRACE(VERSION_ERROR)) {
-                WOLFSSL_MSG("Process client ticket rejected, bad TLS version");
+
                 ssl->options.rejectTicket = 1;
-                ret = 0;  /* not fatal */
+                /* If we have session tickets enabled then send a new ticket */
+                if (!TLSX_CheckUnsupportedExtension(ssl, TLSX_SESSION_TICKET)) {
+                    ret = TLSX_UseSessionTicket(&ssl->extensions, NULL,
+                                                ssl->heap);
+                    if (ret == WOLFSSL_SUCCESS) {
+                        ret = 0;
+                        TLSX_SetResponse(ssl, TLSX_SESSION_TICKET);
+                        ssl->options.createTicket = 1;
+                        ssl->options.useTicket    = 1;
+                    }
+                }
             } else if (ret == WOLFSSL_TICKET_RET_FATAL) {
                 WOLFSSL_MSG("Process client ticket fatal error, not using");
             } else if (ret < 0) {
@@ -6211,7 +6557,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
         if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls13Minor)
         #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
             defined(WOLFSSL_WPAS_SMALL)
-            && (ssl->options.mask & SSL_OP_NO_TLSv1_3) == 0
+            && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == 0
         #endif
         ) {
             cnt++;
@@ -6223,7 +6569,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
                     isDtls, ssl->options.minDowngrade, tls12Minor)
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) ||                       \
     defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1_2) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == 0
 #endif
             ) {
                 cnt++;
@@ -6234,7 +6580,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
                     isDtls, ssl->options.minDowngrade, tls11Minor)
             #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1_1) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == 0
             #endif
             ) {
                 cnt++;
@@ -6243,7 +6589,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz)
             if (!ssl->options.dtls && (ssl->options.minDowngrade <= TLSv1_MINOR)
             #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == 0
             #endif
             ) {
                 cnt++;
@@ -6308,7 +6654,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
         if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls13minor)
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) ||                       \
     defined(WOLFSSL_WPAS_SMALL)
-            && (ssl->options.mask & SSL_OP_NO_TLSv1_3) == 0
+            && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == 0
 #endif
         ) {
             *cnt += OPAQUE16_LEN;
@@ -6328,7 +6674,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
             if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls12minor)
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1_2) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == 0
             #endif
             ) {
                 *cnt += OPAQUE16_LEN;
@@ -6341,7 +6687,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
             if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls11minor)
             #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1_1) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == 0
             #endif
             ) {
                 *cnt += OPAQUE16_LEN;
@@ -6352,7 +6698,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
             if (!ssl->options.dtls && (ssl->options.minDowngrade <= TLSv1_MINOR)
             #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                 defined(WOLFSSL_WPAS_SMALL)
-                && (ssl->options.mask & SSL_OP_NO_TLSv1) == 0
+                && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == 0
             #endif
             ) {
                 *cnt += OPAQUE16_LEN;
@@ -6910,8 +7256,7 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
 
         if (ret == 0) {
             CopyDecodedName(name, cert, ASN_SUBJECT);
-            if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
-                    == WOLFSSL_FAILURE)
+            if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name) <= 0)
                 ret = MEMORY_ERROR;
         }
 
@@ -6930,15 +7275,16 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
     return 0;
 }
 
-#define CAN_GET_SIZE  TLSX_CA_Names_GetSize
-#define CAN_WRITE     TLSX_CA_Names_Write
-#define CAN_PARSE     TLSX_CA_Names_Parse
+#define CAN_GET_SIZE(data)      TLSX_CA_Names_GetSize(data)
+#define CAN_WRITE(data, output) TLSX_CA_Names_Write(data, output)
+#define CAN_PARSE(ssl, input, length, isRequest) \
+                                TLSX_CA_Names_Parse(ssl, input, length, isRequest)
 
 #else
 
-#define CAN_GET_SIZE(...)  0
-#define CAN_WRITE(...)     0
-#define CAN_PARSE(...)     0
+#define CAN_GET_SIZE(data)                       0
+#define CAN_WRITE(data, output)                  0
+#define CAN_PARSE(ssl, input, length, isRequest) 0
 
 #endif
 
@@ -7436,6 +7782,7 @@ static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse)
         if (ret == 0) {
             /* setting "key" means okay to call wc_curve25519_free */
             key = (curve25519_key*)kse->key;
+            kse->keyLen = CURVE25519_KEYSIZE;
 
         #ifdef WOLFSSL_STATIC_EPHEMERAL
             ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_CURVE25519, kse->key);
@@ -7521,6 +7868,7 @@ static int TLSX_KeyShare_GenX448Key(WOLFSSL *ssl, KeyShareEntry* kse)
         ret = wc_curve448_init((curve448_key*)kse->key);
         if (ret == 0) {
             key = (curve448_key*)kse->key;
+            kse->keyLen = CURVE448_KEY_SIZE;
 
             #ifdef WOLFSSL_STATIC_EPHEMERAL
             ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_CURVE448, kse->key);
@@ -7660,11 +8008,11 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
 
         #ifdef WOLFSSL_STATIC_EPHEMERAL
             ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_ECDH, kse->key);
-            if (ret != 0)
+            if (ret != 0 || eccKey->dp->id != curveId)
         #endif
             {
                 /* set curve info for EccMakeKey "peer" info */
-                ret = wc_ecc_set_curve(eccKey, kse->keyLen, curveId);
+                ret = wc_ecc_set_curve(eccKey, (int)kse->keyLen, curveId);
                 if (ret == 0) {
             #ifdef WOLFSSL_ASYNC_CRYPT
                     /* Detect when private key generation is done */
@@ -7738,12 +8086,46 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
     return ret;
 }
 
-#ifdef WOLFSSL_HAVE_KYBER
-static int kyber_id2type(int id, int *type)
+#ifdef WOLFSSL_HAVE_MLKEM
+#if defined(WOLFSSL_MLKEM_CACHE_A) && \
+    !defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY)
+    /* Store KyberKey object rather than private key bytes in key share entry.
+     * Improves performance at cost of more dynamic memory being used. */
+    #define WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+#endif
+#if defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY) && \
+    defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ)
+    #error "Choose WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY or "
+           "WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"
+#endif
+
+#if !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) || \
+    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    (!defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \
+     !defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ))
+static int mlkem_id2type(int id, int *type)
 {
     int ret = 0;
 
     switch (id) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifndef WOLFSSL_NO_ML_KEM_512
+        case WOLFSSL_ML_KEM_512:
+            *type = WC_ML_KEM_512;
+            break;
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_768
+        case WOLFSSL_ML_KEM_768:
+            *type = WC_ML_KEM_768;
+            break;
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_1024
+        case WOLFSSL_ML_KEM_1024:
+            *type = WC_ML_KEM_1024;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     #ifdef WOLFSSL_KYBER512
         case WOLFSSL_KYBER_LEVEL1:
             *type = KYBER512;
@@ -7759,6 +8141,7 @@ static int kyber_id2type(int id, int *type)
             *type = KYBER1024;
             break;
     #endif
+#endif
         default:
             ret = NOT_COMPILED_IN;
             break;
@@ -7766,72 +8149,92 @@ static int kyber_id2type(int id, int *type)
 
     return ret;
 }
+#endif
 
+/* Structures and objects needed for hybrid key exchanges using both classic
+ * ECDHE and PQC KEM key material. */
 typedef struct PqcHybridMapping {
     int hybrid;
     int ecc;
     int pqc;
+    int pqc_first;
 } PqcHybridMapping;
 
 static const PqcHybridMapping pqc_hybrid_mapping[] = {
-    {.hybrid = WOLFSSL_P256_KYBER_LEVEL1,     .ecc = WOLFSSL_ECC_SECP256R1,
-     .pqc = WOLFSSL_KYBER_LEVEL1},
-    {.hybrid = WOLFSSL_P384_KYBER_LEVEL3,     .ecc = WOLFSSL_ECC_SECP384R1,
-     .pqc = WOLFSSL_KYBER_LEVEL3},
-    {.hybrid = WOLFSSL_P521_KYBER_LEVEL5,     .ecc = WOLFSSL_ECC_SECP521R1,
-     .pqc = WOLFSSL_KYBER_LEVEL5},
-    {.hybrid = 0, .ecc = 0, .pqc = 0}
+#ifndef WOLFSSL_NO_ML_KEM
+    {WOLFSSL_P256_ML_KEM_512, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_512, 0},
+    {WOLFSSL_P384_ML_KEM_768, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_768, 0},
+    {WOLFSSL_P256_ML_KEM_768, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_768, 0},
+    {WOLFSSL_P521_ML_KEM_1024, WOLFSSL_ECC_SECP521R1, WOLFSSL_ML_KEM_1024, 0},
+    {WOLFSSL_P384_ML_KEM_1024, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_1024, 0},
+#ifdef HAVE_CURVE25519
+    {WOLFSSL_X25519_ML_KEM_512, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_512, 1},
+    {WOLFSSL_X25519_ML_KEM_768, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_768, 1},
+#endif
+#ifdef HAVE_CURVE448
+    {WOLFSSL_X448_ML_KEM_768, WOLFSSL_ECC_X448, WOLFSSL_ML_KEM_768, 1},
+#endif
+#endif /* WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_MLKEM_KYBER
+    {WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_ECC_SECP256R1, WOLFSSL_KYBER_LEVEL1, 0},
+    {WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_ECC_SECP384R1, WOLFSSL_KYBER_LEVEL3, 0},
+    {WOLFSSL_P256_KYBER_LEVEL3, WOLFSSL_ECC_SECP256R1, WOLFSSL_KYBER_LEVEL3, 0},
+    {WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_ECC_SECP521R1, WOLFSSL_KYBER_LEVEL5, 0},
+#ifdef HAVE_CURVE25519
+    {WOLFSSL_X25519_KYBER_LEVEL1, WOLFSSL_ECC_X25519, WOLFSSL_KYBER_LEVEL1, 0},
+    {WOLFSSL_X25519_KYBER_LEVEL3, WOLFSSL_ECC_X25519, WOLFSSL_KYBER_LEVEL3, 0},
+#endif
+#ifdef HAVE_CURVE448
+    {WOLFSSL_X448_KYBER_LEVEL3, WOLFSSL_ECC_X448, WOLFSSL_KYBER_LEVEL3, 0},
+#endif
+#endif /* WOLFSSL_MLKEM_KYBER */
+    {0, 0, 0, 0}
 };
 
-/* This will map an ecc-pqs hybrid group into its ecc group and pqc kem group.
- * If it cannot find a mapping then *pqc is set to group. ecc is optional. */
-static void findEccPqc(int *ecc, int *pqc, int group)
+/* Map an ecc-pqc hybrid group into its ecc group and pqc kem group. */
+static void findEccPqc(int *ecc, int *pqc, int *pqc_first, int group)
 {
     int i;
-    if (pqc == NULL) {
-        return;
-    }
 
-    *pqc = 0;
-    if (ecc != NULL) {
+    if (pqc != NULL)
+        *pqc = 0;
+    if (ecc != NULL)
         *ecc = 0;
-    }
+    if (pqc_first != NULL)
+        *pqc_first = 0;
 
     for (i = 0; pqc_hybrid_mapping[i].hybrid != 0; i++) {
         if (pqc_hybrid_mapping[i].hybrid == group) {
-            *pqc = pqc_hybrid_mapping[i].pqc;
-            if (ecc != NULL) {
+            if (pqc != NULL)
+                *pqc = pqc_hybrid_mapping[i].pqc;
+            if (ecc != NULL)
                 *ecc = pqc_hybrid_mapping[i].ecc;
-            }
+            if (pqc_first != NULL)
+                *pqc_first = pqc_hybrid_mapping[i].pqc_first;
             break;
         }
     }
-
-    if (*pqc == 0) {
-        /* It is not a hybrid, so maybe its simple. */
-        *pqc = group;
-    }
 }
 
-/* Create a key share entry using liboqs parameters group.
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+/* Create a key share entry using pqc parameters group on the client side.
  * Generates a key pair.
  *
  * ssl   The SSL/TLS object.
  * kse   The key share entry object.
  * returns 0 on success, otherwise failure.
  */
-static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
+static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse)
 {
     int ret = 0;
     int type = 0;
+#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
     KyberKey kem[1];
-    byte* pubKey = NULL;
     byte* privKey = NULL;
-    KeyShareEntry *ecc_kse = NULL;
-    int oqs_group = 0;
-    int ecc_group = 0;
     word32 privSz = 0;
-    word32 pubSz = 0;
+#else
+    KyberKey* kem = NULL;
+#endif
 
     /* This gets called twice. Once during parsing of the key share and once
      * during the population of the extension. No need to do work the second
@@ -7840,13 +8243,14 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
         return ret;
     }
 
-    findEccPqc(&ecc_group, &oqs_group, kse->group);
-    ret = kyber_id2type(oqs_group, &type);
+    /* Get the type of key we need from the key share group. */
+    ret = mlkem_id2type(kse->group, &type);
     if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
         WOLFSSL_MSG("Invalid Kyber algorithm specified.");
         ret = BAD_FUNC_ARG;
     }
 
+#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
     if (ret == 0) {
         ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
         if (ret != 0) {
@@ -7855,36 +8259,10 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
     }
 
     if (ret == 0) {
-        ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
-                   DYNAMIC_TYPE_TLSX);
-        if (ecc_kse == NULL) {
-            WOLFSSL_MSG("ecc_kse memory allocation failure");
-            ret = MEMORY_ERROR;
-        }
-    }
-
-    if (ret == 0) {
-        XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
-
         ret = wc_KyberKey_PrivateKeySize(kem, &privSz);
     }
     if (ret == 0) {
-        ret = wc_KyberKey_PublicKeySize(kem, &pubSz);
-    }
-
-    if (ret == 0 && ecc_group != 0) {
-        ecc_kse->group = ecc_group;
-        ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
-        /* If fail, no error message,  TLSX_KeyShare_GenEccKey will do it. */
-    }
-
-    if (ret == 0) {
-        pubKey = (byte*)XMALLOC(ecc_kse->pubKeyLen + pubSz, ssl->heap,
-                                DYNAMIC_TYPE_PUBLIC_KEY);
-        if (pubKey == NULL) {
-            WOLFSSL_MSG("pubkey memory allocation failure");
-            ret = MEMORY_ERROR;
-        }
+        ret = wc_KyberKey_PublicKeySize(kem, &kse->pubKeyLen);
     }
 
     if (ret == 0) {
@@ -7894,6 +8272,35 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
             ret = MEMORY_ERROR;
         }
     }
+#else
+    if (ret == 0) {
+        /* Allocate a Kyber key to hold private key. */
+        kem = (KyberKey*)XMALLOC(sizeof(KyberKey), ssl->heap,
+                                 DYNAMIC_TYPE_PRIVATE_KEY);
+        if (kem == NULL) {
+            WOLFSSL_MSG("KEM memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+    }
+    if (ret == 0) {
+        ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
+        if (ret != 0) {
+            WOLFSSL_MSG("Failed to initialize Kyber Key.");
+        }
+    }
+    if (ret == 0) {
+        ret = wc_KyberKey_PublicKeySize(kem, &kse->pubKeyLen);
+    }
+#endif
+
+    if (ret == 0) {
+        kse->pubKey = (byte*)XMALLOC(kse->pubKeyLen, ssl->heap,
+                                     DYNAMIC_TYPE_PUBLIC_KEY);
+        if (kse->pubKey == NULL) {
+            WOLFSSL_MSG("pubkey memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+    }
 
     if (ret == 0) {
         ret = wc_KyberKey_MakeKey(kem, ssl->rng);
@@ -7902,28 +8309,172 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
         }
     }
     if (ret == 0) {
-        ret = wc_KyberKey_EncodePublicKey(kem, pubKey + ecc_kse->pubKeyLen,
-            pubSz);
+        ret = wc_KyberKey_EncodePublicKey(kem, kse->pubKey,
+                                          kse->pubKeyLen);
     }
+
+#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
     if (ret == 0) {
         ret = wc_KyberKey_EncodePrivateKey(kem, privKey, privSz);
     }
-    if (ret == 0) {
-        if (ecc_kse->pubKeyLen > 0)
-            XMEMCPY(pubKey, ecc_kse->pubKey, ecc_kse->pubKeyLen);
-        kse->pubKey = pubKey;
-        kse->pubKeyLen = ecc_kse->pubKeyLen + pubSz;
-        pubKey = NULL;
+#endif
 
-        /* Note we are saving the OQS private key and ECC private key
-         * separately. That's because the ECC private key is not simply a
-         * buffer. Its is an ecc_key struct. Typically do not need the private
-         * key size, but will need to zero it out upon freeing. */
-        kse->privKey = privKey;
-        privKey = NULL;
+#ifdef WOLFSSL_DEBUG_TLS
+    WOLFSSL_MSG("Public Kyber Key");
+    WOLFSSL_BUFFER(kse->pubKey, kse->pubKeyLen );
+#endif
+
+    if (ret != 0) {
+        /* Data owned by key share entry otherwise. */
+        wc_KyberKey_Free(kem);
+        XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        kse->pubKey = NULL;
+    #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+        XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    #else
+        XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->key = NULL;
+    #endif
+    }
+    else {
+    #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+        wc_KyberKey_Free(kem);
+        kse->privKey = (byte*)privKey;
         kse->privKeyLen = privSz;
+    #else
+        kse->key = kem;
+    #endif
+    }
 
+    return ret;
+}
+
+/* Create a key share entry using both ecdhe and pqc parameters groups.
+ * Generates two key pairs on the client side.
+ *
+ * ssl   The SSL/TLS object.
+ * kse   The key share entry object.
+ * returns 0 on success, otherwise failure.
+ */
+static int TLSX_KeyShare_GenPqcHybridKeyClient(WOLFSSL *ssl, KeyShareEntry* kse)
+{
+    int ret = 0;
+    KeyShareEntry *ecc_kse = NULL;
+    KeyShareEntry *pqc_kse = NULL;
+    int pqc_group = 0;
+    int ecc_group = 0;
+    int pqc_first = 0;
+
+    /* This gets called twice. Once during parsing of the key share and once
+     * during the population of the extension. No need to do work the second
+     * time. Just return success if its already been done. */
+    if (kse->pubKey != NULL) {
+        return ret;
+    }
+
+    /* Determine the ECC and PQC group of the hybrid combination */
+    findEccPqc(&ecc_group, &pqc_group, &pqc_first, kse->group);
+    if (ecc_group == 0 || pqc_group == 0) {
+        WOLFSSL_MSG("Invalid hybrid group");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
+                   DYNAMIC_TYPE_TLSX);
+        if (ecc_kse == NULL) {
+            WOLFSSL_MSG("kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+        else {
+            XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
+        }
+    }
+    if (ret == 0) {
+        pqc_kse = (KeyShareEntry*)XMALLOC(sizeof(*pqc_kse), ssl->heap,
+                   DYNAMIC_TYPE_TLSX);
+        if (pqc_kse == NULL) {
+            WOLFSSL_MSG("kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+        else {
+            XMEMSET(pqc_kse, 0, sizeof(*pqc_kse));
+        }
+    }
+
+    /* Generate ECC key share part */
+    if (ret == 0) {
+        ecc_kse->group = ecc_group;
+    #ifdef HAVE_CURVE25519
+        if (ecc_group == WOLFSSL_ECC_X25519) {
+            ret = TLSX_KeyShare_GenX25519Key(ssl, ecc_kse);
+        }
+        else
+    #endif
+    #ifdef HAVE_CURVE448
+        if (ecc_group == WOLFSSL_ECC_X448) {
+            ret = TLSX_KeyShare_GenX448Key(ssl, ecc_kse);
+        }
+        else
+    #endif
+        {
+            ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
+        }
+        /* No error message, TLSX_KeyShare_Gen*Key will do it. */
+    }
+
+    /* Generate PQC key share part */
+    if (ret == 0) {
+        pqc_kse->group = pqc_group;
+        ret = TLSX_KeyShare_GenPqcKeyClient(ssl, pqc_kse);
+        /* No error message, TLSX_KeyShare_GenPqcKeyClient will do it. */
+    }
+
+    /* Allocate memory for combined public key */
+    if (ret == 0) {
+        kse->pubKey = (byte*)XMALLOC(ecc_kse->pubKeyLen + pqc_kse->pubKeyLen,
+                                     ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        if (kse->pubKey == NULL) {
+            WOLFSSL_MSG("pubkey memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+    }
+
+    /* Create combined public key. The order of classic/pqc key material is
+     * indicated by the pqc_first variable. */
+    if (ret == 0) {
+        if (pqc_first) {
+            XMEMCPY(kse->pubKey, pqc_kse->pubKey, pqc_kse->pubKeyLen);
+            XMEMCPY(kse->pubKey + pqc_kse->pubKeyLen, ecc_kse->pubKey,
+                    ecc_kse->pubKeyLen);
+        }
+        else {
+            XMEMCPY(kse->pubKey, ecc_kse->pubKey, ecc_kse->pubKeyLen);
+            XMEMCPY(kse->pubKey + ecc_kse->pubKeyLen, pqc_kse->pubKey,
+                    pqc_kse->pubKeyLen);
+        }
+        kse->pubKeyLen = ecc_kse->pubKeyLen + pqc_kse->pubKeyLen;
+    }
+
+    /* Store the private keys.
+     * Note we are saving the PQC private key and ECC private key
+     * separately. That's because the ECC private key is not simply a
+     * buffer. Its is an ecc_key struct. */
+    if (ret == 0) {
+    #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+        /* PQC private key is an encoded byte array */
+        kse->privKey = pqc_kse->privKey;
+        kse->privKeyLen = pqc_kse->privKeyLen;
+        pqc_kse->privKey = NULL;
+    #else
+        /* PQC private key is a pointer to KyberKey object */
+        kse->privKey = (byte*)pqc_kse->key;
+        kse->privKeyLen = 0;
+        pqc_kse->key = NULL;
+    #endif
+        /* ECC private key is a pointer to ecc_key object */
         kse->key = ecc_kse->key;
+        kse->keyLen = ecc_kse->keyLen;
         ecc_kse->key = NULL;
     }
 
@@ -7932,14 +8483,13 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
     WOLFSSL_BUFFER(kse->pubKey, kse->pubKeyLen );
 #endif
 
-    wc_KyberKey_Free(kem);
     TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
-    XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap);
 
     return ret;
 }
-#endif /* WOLFSSL_HAVE_KYBER */
+#endif /* !WOLFSSL_MLKEM_NO_MAKE_KEY */
+#endif /* WOLFSSL_HAVE_MLKEM */
 
 /* Generate a secret/key using the key share entry.
  *
@@ -7950,15 +8500,17 @@ int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse)
 {
     int ret;
     /* Named FFDHE groups have a bit set to identify them. */
-    if (WOLFSSL_NAMED_GROUP_IS_FFHDE(kse->group))
+    if (WOLFSSL_NAMED_GROUP_IS_FFDHE(kse->group))
         ret = TLSX_KeyShare_GenDhKey(ssl, kse);
     else if (kse->group == WOLFSSL_ECC_X25519)
         ret = TLSX_KeyShare_GenX25519Key(ssl, kse);
     else if (kse->group == WOLFSSL_ECC_X448)
         ret = TLSX_KeyShare_GenX448Key(ssl, kse);
-#ifdef WOLFSSL_HAVE_KYBER
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MAKE_KEY)
     else if (WOLFSSL_NAMED_GROUP_IS_PQC(kse->group))
-        ret = TLSX_KeyShare_GenPqcKey(ssl, kse);
+        ret = TLSX_KeyShare_GenPqcKeyClient(ssl, kse);
+    else if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(kse->group))
+        ret = TLSX_KeyShare_GenPqcHybridKeyClient(ssl, kse);
 #endif
     else
         ret = TLSX_KeyShare_GenEccKey(ssl, kse);
@@ -7979,7 +8531,7 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
 
     while ((current = list) != NULL) {
         list = current->next;
-        if (WOLFSSL_NAMED_GROUP_IS_FFHDE(current->group)) {
+        if (WOLFSSL_NAMED_GROUP_IS_FFDHE(current->group)) {
 #ifndef NO_DH
             wc_FreeDhKey((DhKey*)current->key);
 #endif
@@ -7994,17 +8546,43 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
             wc_curve448_free((curve448_key*)current->key);
 #endif
         }
-#ifdef WOLFSSL_HAVE_KYBER
+#ifdef WOLFSSL_HAVE_MLKEM
         else if (WOLFSSL_NAMED_GROUP_IS_PQC(current->group)) {
-            if (current->key != NULL) {
-                ForceZero((byte*)current->key, current->keyLen);
-            }
-            XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
-            current->pubKey = NULL;
+            wc_KyberKey_Free((KyberKey*)current->key);
+        #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
             if (current->privKey != NULL) {
                 ForceZero(current->privKey, current->privKeyLen);
-                XFREE(current->privKey, heap, DYNAMIC_TYPE_PRIVATE_KEY);
-                current->privKey = NULL;
+            }
+        #endif
+        }
+        else if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(current->group)) {
+            int ecc_group = 0;
+            findEccPqc(&ecc_group, NULL, NULL, current->group);
+
+            /* Free PQC private key */
+        #ifdef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+            wc_KyberKey_Free((KyberKey*)current->privKey);
+        #else
+            if (current->privKey != NULL) {
+                ForceZero(current->privKey, current->privKeyLen);
+            }
+        #endif
+
+            /* Free ECC private key */
+            if (ecc_group == WOLFSSL_ECC_X25519) {
+            #ifdef HAVE_CURVE25519
+                wc_curve25519_free((curve25519_key*)current->key);
+            #endif
+            }
+            else if (ecc_group == WOLFSSL_ECC_X448) {
+            #ifdef HAVE_CURVE448
+                wc_curve448_free((curve448_key*)current->key);
+            #endif
+            }
+            else {
+            #ifdef HAVE_ECC
+                wc_ecc_free((ecc_key*)current->key);
+            #endif
             }
         }
 #endif
@@ -8014,7 +8592,7 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
 #endif
         }
         XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY);
-    #if !defined(NO_DH) && (!defined(NO_CERTS) || !defined(NO_PSK))
+    #if !defined(NO_DH) || defined(WOLFSSL_HAVE_MLKEM)
         XFREE(current->privKey, heap, DYNAMIC_TYPE_PRIVATE_KEY);
     #endif
         XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
@@ -8240,10 +8818,15 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
  *
  * ssl            The SSL/TLS object.
  * keyShareEntry  The key share entry object to use to calculate shared secret.
+ * ssOutput       The destination buffer for the shared secret.
+ * ssOutSz        The size of the generated shared secret.
+ *
  * returns 0 on success and other values indicate failure.
  */
-static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
-                                       KeyShareEntry* keyShareEntry)
+static int TLSX_KeyShare_ProcessX25519_ex(WOLFSSL* ssl,
+                                          KeyShareEntry* keyShareEntry,
+                                          unsigned char* ssOutput,
+                                          word32* ssOutSz)
 {
     int ret;
 
@@ -8292,11 +8875,13 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
 
     if (ret == 0) {
         ssl->ecdhCurveOID = ECC_X25519_OID;
-
+    #ifdef WOLFSSL_CURVE25519_BLINDING
+        ret = wc_curve25519_set_rng(key, ssl->rng);
+    }
+    if (ret == 0) {
+    #endif
         ret = wc_curve25519_shared_secret_ex(key, peerX25519Key,
-                                                   ssl->arrays->preMasterSecret,
-                                                   &ssl->arrays->preMasterSz,
-                                                   EC25519_LITTLE_ENDIAN);
+                    ssOutput, ssOutSz, EC25519_LITTLE_ENDIAN);
     }
 
     wc_curve25519_free(peerX25519Key);
@@ -8304,9 +8889,13 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
     wc_curve25519_free((curve25519_key*)keyShareEntry->key);
     XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
     keyShareEntry->key = NULL;
+    XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    keyShareEntry->ke = NULL;
 #else
     (void)ssl;
     (void)keyShareEntry;
+    (void)ssOutput;
+    (void)ssOutSz;
 
     ret = PEER_KEY_ERROR;
     WOLFSSL_ERROR_VERBOSE(ret);
@@ -8315,13 +8904,33 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
     return ret;
 }
 
+/* Process the X25519 key share extension on the client side.
+ *
+ * ssl            The SSL/TLS object.
+ * keyShareEntry  The key share entry object to use to calculate shared secret.
+ *
+ * returns 0 on success and other values indicate failure.
+ */
+static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
+                                       KeyShareEntry* keyShareEntry)
+{
+    return TLSX_KeyShare_ProcessX25519_ex(ssl, keyShareEntry,
+                ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz);
+}
+
 /* Process the X448 key share extension on the client side.
  *
  * ssl            The SSL/TLS object.
  * keyShareEntry  The key share entry object to use to calculate shared secret.
+ * ssOutput       The destination buffer for the shared secret.
+ * ssOutSz        The size of the generated shared secret.
+ *
  * returns 0 on success and other values indicate failure.
  */
-static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
+static int TLSX_KeyShare_ProcessX448_ex(WOLFSSL* ssl,
+                                        KeyShareEntry* keyShareEntry,
+                                        unsigned char* ssOutput,
+                                        word32* ssOutSz)
 {
     int ret;
 
@@ -8372,9 +8981,7 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
         ssl->ecdhCurveOID = ECC_X448_OID;
 
         ret = wc_curve448_shared_secret_ex(key, peerX448Key,
-                                                   ssl->arrays->preMasterSecret,
-                                                   &ssl->arrays->preMasterSz,
-                                                   EC448_LITTLE_ENDIAN);
+                    ssOutput, ssOutSz, EC448_LITTLE_ENDIAN);
     }
 
     wc_curve448_free(peerX448Key);
@@ -8382,9 +8989,13 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     wc_curve448_free((curve448_key*)keyShareEntry->key);
     XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
     keyShareEntry->key = NULL;
+    XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    keyShareEntry->ke = NULL;
 #else
     (void)ssl;
     (void)keyShareEntry;
+    (void)ssOutput;
+    (void)ssOutSz;
 
     ret = PEER_KEY_ERROR;
     WOLFSSL_ERROR_VERBOSE(ret);
@@ -8393,13 +9004,31 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     return ret;
 }
 
-/* Process the ECC key share extension on the client side.
+/* Process the X448 key share extension on the client side.
  *
  * ssl            The SSL/TLS object.
  * keyShareEntry  The key share entry object to use to calculate shared secret.
  * returns 0 on success and other values indicate failure.
  */
-static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
+static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
+{
+    return TLSX_KeyShare_ProcessX448_ex(ssl, keyShareEntry,
+                ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz);
+}
+
+/* Process the ECC key share extension on the client side.
+ *
+ * ssl            The SSL/TLS object.
+ * keyShareEntry  The key share entry object to use to calculate shared secret.
+ * ssOutput       The destination buffer for the shared secret.
+ * ssOutSz        The size of the generated shared secret.
+ *
+ * returns 0 on success and other values indicate failure.
+ */
+static int TLSX_KeyShare_ProcessEcc_ex(WOLFSSL* ssl,
+                                       KeyShareEntry* keyShareEntry,
+                                       unsigned char* ssOutput,
+                                       word32* ssOutSz)
 {
     int ret = 0;
 #ifdef HAVE_ECC
@@ -8499,9 +9128,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     if (ret == 0) {
         ret = EccSharedSecret(ssl, eccKey, ssl->peerEccKey,
             keyShareEntry->ke, &keyShareEntry->keLen,
-            ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz,
-            ssl->options.side
-        );
+            ssOutput, ssOutSz, ssl->options.side);
     #ifdef WOLFSSL_ASYNC_CRYPT
         if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             return ret;
@@ -8529,6 +9156,8 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
 #else
     (void)ssl;
     (void)keyShareEntry;
+    (void)ssOutput;
+    (void)ssOutSz;
 
     ret = PEER_KEY_ERROR;
     WOLFSSL_ERROR_VERBOSE(ret);
@@ -8537,174 +9166,364 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     return ret;
 }
 
-#ifdef WOLFSSL_HAVE_KYBER
-/* Process the Kyber key share extension on the client side.
+/* Process the ECC key share extension on the client side.
  *
  * ssl            The SSL/TLS object.
  * keyShareEntry  The key share entry object to use to calculate shared secret.
  * returns 0 on success and other values indicate failure.
  */
-static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
+static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
 {
-    int      ret = 0;
-    int      type;
-    KyberKey kem[1];
-    byte*    sharedSecret = NULL;
-    word32   sharedSecretLen = 0;
-    int      oqs_group = 0;
-    int      ecc_group = 0;
-    ecc_key  eccpubkey;
-    word32   outlen = 0;
-    word32   privSz = 0;
-    word32   ctSz = 0;
-    word32   ssSz = 0;
+    return TLSX_KeyShare_ProcessEcc_ex(ssl, keyShareEntry,
+                ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz);
+}
 
-    if (keyShareEntry->ke == NULL) {
-        WOLFSSL_MSG("Invalid OQS algorithm specified.");
-        return BAD_FUNC_ARG;
-    }
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+/* Process the Kyber key share extension on the client side.
+ *
+ * ssl            The SSL/TLS object.
+ * keyShareEntry  The key share entry object to use to calculate shared secret.
+ * ssOutput       The destination buffer for the shared secret.
+ * ssOutSz        The size of the generated shared secret.
+ *
+ * returns 0 on success and other values indicate failure.
+ */
+static int TLSX_KeyShare_ProcessPqcClient_ex(WOLFSSL* ssl,
+                                             KeyShareEntry* keyShareEntry,
+                                             unsigned char* ssOutput,
+                                             word32* ssOutSz)
+{
+    int       ret = 0;
+    KyberKey* kem = (KyberKey*)keyShareEntry->key;
+#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+    word32    privSz = 0;
+#endif
+    word32    ctSz = 0;
+    word32    ssSz = 0;
 
     if (ssl->options.side == WOLFSSL_SERVER_END) {
         /* I am the server, the shared secret has already been generated and
-         * is in keyShareEntry->ke; copy it to the pre-master secret
-         * pre-allocated buffer. */
-        if (keyShareEntry->keLen > ENCRYPT_LEN) {
-            WOLFSSL_MSG("shared secret is too long.");
-            return LENGTH_ERROR;
-        }
-
-        XMEMCPY(ssl->arrays->preMasterSecret, keyShareEntry->ke,
-                keyShareEntry->keLen);
-        ssl->arrays->preMasterSz = keyShareEntry->keLen;
-        XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_SECRET);
-        keyShareEntry->ke = NULL;
-        keyShareEntry->keLen = 0;
+         * is in ssl->arrays->preMasterSecret, so nothing really to do here. */
         return 0;
     }
 
-    /* I am the client, the ciphertext is in keyShareEntry->ke */
-    findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group);
-
-    ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId);
-    if (ret != 0) {
-        WOLFSSL_MSG("Memory allocation error.");
-        return MEMORY_E;
-    }
-
-    ret = kyber_id2type(oqs_group, &type);
-    if (ret != 0) {
-        wc_ecc_free(&eccpubkey);
-        WOLFSSL_MSG("Invalid OQS algorithm specified.");
+    if (keyShareEntry->ke == NULL) {
+        WOLFSSL_MSG("Invalid PQC algorithm specified.");
         return BAD_FUNC_ARG;
     }
+    if (ssOutSz == NULL)
+        return BAD_FUNC_ARG;
 
-    ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
-    if (ret != 0) {
-        wc_ecc_free(&eccpubkey);
-        WOLFSSL_MSG("Error creating Kyber KEM");
-        return MEMORY_E;
+#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+    if (kem == NULL) {
+        int type = 0;
+
+        /* Allocate a Kyber key to hold private key. */
+        kem = (KyberKey*) XMALLOC(sizeof(KyberKey), ssl->heap,
+                                  DYNAMIC_TYPE_PRIVATE_KEY);
+        if (kem == NULL) {
+            WOLFSSL_MSG("GenPqcKey memory error");
+            ret = MEMORY_E;
+        }
+        if (ret == 0) {
+            ret = mlkem_id2type(keyShareEntry->group, &type);
+        }
+        if (ret != 0) {
+            WOLFSSL_MSG("Invalid PQC algorithm specified.");
+            ret = BAD_FUNC_ARG;
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
+            if (ret != 0) {
+                WOLFSSL_MSG("Error creating Kyber KEM");
+            }
+        }
     }
+#else
+    if (kem == NULL || keyShareEntry->privKeyLen != 0) {
+        WOLFSSL_MSG("Invalid Kyber key.");
+        ret = BAD_FUNC_ARG;
+    }
+#endif
 
     if (ret == 0) {
         ret = wc_KyberKey_SharedSecretSize(kem, &ssSz);
     }
-    if (ret == 0) {
-        sharedSecretLen = ssSz;
-        switch (ecc_group) {
-        case WOLFSSL_ECC_SECP256R1:
-            sharedSecretLen += 32;
-            outlen = 32;
-            break;
-        case WOLFSSL_ECC_SECP384R1:
-            sharedSecretLen += 48;
-            outlen = 48;
-            break;
-        case WOLFSSL_ECC_SECP521R1:
-            sharedSecretLen += 66;
-            outlen = 66;
-            break;
-        default:
-            break;
-        }
-    }
-    if (ret == 0) {
-        sharedSecret = (byte*)XMALLOC(sharedSecretLen, ssl->heap,
-                                      DYNAMIC_TYPE_TLSX);
-        if (sharedSecret == NULL) {
-            WOLFSSL_MSG("Memory allocation error.");
-            ret = MEMORY_E;
-        }
-    }
     if (ret == 0) {
         ret = wc_KyberKey_CipherTextSize(kem, &ctSz);
     }
+
+#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
     if (ret == 0) {
         ret = wc_KyberKey_PrivateKeySize(kem, &privSz);
     }
+    if (ret == 0 && privSz != keyShareEntry->privKeyLen) {
+        WOLFSSL_MSG("Invalid private key size.");
+        ret = BAD_FUNC_ARG;
+    }
     if (ret == 0) {
         ret = wc_KyberKey_DecodePrivateKey(kem, keyShareEntry->privKey, privSz);
     }
+#endif
+
     if (ret == 0) {
-        ret = wc_KyberKey_Decapsulate(kem, sharedSecret + outlen,
-            keyShareEntry->ke + keyShareEntry->keLen - ctSz, ctSz);
+        ret = wc_KyberKey_Decapsulate(kem, ssOutput,
+                                      keyShareEntry->ke, ctSz);
         if (ret != 0) {
             WOLFSSL_MSG("wc_KyberKey decapsulation failure.");
             ret = BAD_FUNC_ARG;
         }
     }
-
-    if (ecc_group != 0) {
-        if (ret == 0) {
-            /* Point is validated by import function. */
-            ret = wc_ecc_import_x963(keyShareEntry->ke,
-                                     keyShareEntry->keLen - ctSz,
-                                     &eccpubkey);
-            if (ret != 0) {
-                WOLFSSL_MSG("ECC Public key import error.");
-            }
-        }
-
-#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
-    !defined(HAVE_SELFTEST)
-        if (ret == 0) {
-            ret = wc_ecc_set_rng((ecc_key *)keyShareEntry->key, ssl->rng);
-            if (ret != 0) {
-                WOLFSSL_MSG("Failure to set the ECC private key RNG.");
-            }
-        }
-#endif
-
-        if (ret == 0) {
-            PRIVATE_KEY_UNLOCK();
-            ret = wc_ecc_shared_secret((ecc_key *)keyShareEntry->key,
-                &eccpubkey, sharedSecret, &outlen);
-            PRIVATE_KEY_LOCK();
-            if (outlen != sharedSecretLen - ssSz) {
-                WOLFSSL_MSG("ECC shared secret derivation error.");
-                ret = BAD_FUNC_ARG;
-            }
-        }
+    if (ret == 0) {
+        *ssOutSz = ssSz;
     }
-    if ((ret == 0) && (sharedSecretLen > ENCRYPT_LEN)) {
-        WOLFSSL_MSG("shared secret is too long.");
-        ret = LENGTH_ERROR;
+
+    wc_KyberKey_Free(kem);
+
+    XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    keyShareEntry->key = NULL;
+
+    XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+    keyShareEntry->ke = NULL;
+
+    return ret;
+}
+
+/* Process the Kyber key share extension on the client side.
+ *
+ * ssl            The SSL/TLS object.
+ * keyShareEntry  The key share entry object to use to calculate shared secret.
+ *
+ * returns 0 on success and other values indicate failure.
+ */
+static int TLSX_KeyShare_ProcessPqcClient(WOLFSSL* ssl,
+                                          KeyShareEntry* keyShareEntry)
+{
+    return TLSX_KeyShare_ProcessPqcClient_ex(ssl, keyShareEntry,
+                                             ssl->arrays->preMasterSecret,
+                                             &ssl->arrays->preMasterSz);
+}
+
+/* Process the hybrid key share extension on the client side.
+ *
+ * ssl            The SSL/TLS object.
+ * keyShareEntry  The key share entry object to use to calculate shared secret.
+ * returns 0 on success and other values indicate failure.
+ */
+static int TLSX_KeyShare_ProcessPqcHybridClient(WOLFSSL* ssl,
+                                                KeyShareEntry* keyShareEntry)
+{
+    int      ret = 0;
+    int      pqc_group = 0;
+    int      ecc_group = 0;
+    int      pqc_first = 0;
+    KeyShareEntry* pqc_kse = NULL;
+    KeyShareEntry *ecc_kse = NULL;
+    word32   ctSz = 0;
+    word32   ssSzPqc = 0;
+    word32   ssSzEcc = 0;
+
+    if (ssl->options.side == WOLFSSL_SERVER_END) {
+        /* I am the server, the shared secret has already been generated and
+         * is in ssl->arrays->preMasterSecret, so nothing really to do here. */
+        return 0;
+    }
+
+    if (keyShareEntry->ke == NULL) {
+        WOLFSSL_MSG("Invalid PQC algorithm specified.");
+        return BAD_FUNC_ARG;
+    }
+
+    /* I am the client, both the PQC ciphertext and the ECHD public key are in
+     * keyShareEntry->ke */
+
+    /* Determine the ECC and PQC group of the hybrid combination */
+    findEccPqc(&ecc_group, &pqc_group, &pqc_first, keyShareEntry->group);
+    if (ecc_group == 0 || pqc_group == 0) {
+        WOLFSSL_MSG("Invalid hybrid group");
+        ret = BAD_FUNC_ARG;
     }
 
     if (ret == 0) {
-         /* Copy the shared secret to the  pre-master secret pre-allocated
-          * buffer. */
-        XMEMCPY(ssl->arrays->preMasterSecret, sharedSecret, sharedSecretLen);
-        ssl->arrays->preMasterSz = (word32) sharedSecretLen;
+        ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
+                   DYNAMIC_TYPE_TLSX);
+        if (ecc_kse == NULL) {
+            WOLFSSL_MSG("kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+        else {
+            XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
+        }
+    }
+    if (ret == 0) {
+        pqc_kse = (KeyShareEntry*)XMALLOC(sizeof(*pqc_kse), ssl->heap,
+                   DYNAMIC_TYPE_TLSX);
+        if (pqc_kse == NULL) {
+            WOLFSSL_MSG("kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+        else {
+            XMEMSET(pqc_kse, 0, sizeof(*pqc_kse));
+        }
     }
 
-    XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
+    /* The ciphertext and shared secret sizes of a KEM are fixed. Hence, we
+     * decode these sizes to separate the KEM ciphertext from the ECDH public
+     * key. */
+    if (ret == 0) {
+    #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+        int type;
+
+        pqc_kse->privKey = keyShareEntry->privKey;
+
+        ret = mlkem_id2type(pqc_group, &type);
+        if (ret != 0) {
+            WOLFSSL_MSG("Invalid Kyber algorithm specified.");
+            ret = BAD_FUNC_ARG;
+        }
+        if (ret == 0) {
+            pqc_kse->key = XMALLOC(sizeof(KyberKey), ssl->heap,
+                                DYNAMIC_TYPE_PRIVATE_KEY);
+            if (pqc_kse->key == NULL) {
+                WOLFSSL_MSG("GenPqcKey memory error");
+                ret = MEMORY_E;
+            }
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_Init(type, (KyberKey*)pqc_kse->key,
+                                   ssl->heap, ssl->devId);
+            if (ret != 0) {
+                WOLFSSL_MSG("Error creating Kyber KEM");
+            }
+        }
+    #else
+        pqc_kse->key = keyShareEntry->privKey;
+    #endif
+
+        pqc_kse->group = pqc_group;
+        pqc_kse->privKeyLen = keyShareEntry->privKeyLen;
+
+        if (ret == 0) {
+            ret = wc_KyberKey_SharedSecretSize((KyberKey*)pqc_kse->key,
+                                               &ssSzPqc);
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_CipherTextSize((KyberKey*)pqc_kse->key,
+                                             &ctSz);
+            if (ret == 0 && keyShareEntry->keLen <= ctSz) {
+                WOLFSSL_MSG("Invalid ciphertext size.");
+                ret = BAD_FUNC_ARG;
+            }
+        }
+        if (ret == 0) {
+            pqc_kse->keLen = ctSz;
+            pqc_kse->ke = (byte*)XMALLOC(pqc_kse->keLen, ssl->heap,
+                                         DYNAMIC_TYPE_PUBLIC_KEY);
+            if (pqc_kse->ke == NULL) {
+                WOLFSSL_MSG("pqc_kse memory allocation failure");
+                ret = MEMORY_ERROR;
+            }
+            /* Copy the PQC KEM ciphertext. Depending on the pqc_first flag,
+             * the KEM ciphertext comes before or after the ECDH public key. */
+            if (ret == 0) {
+                int offset = keyShareEntry->keLen - ctSz;
+
+                if (pqc_first)
+                    offset = 0;
+
+                XMEMCPY(pqc_kse->ke, keyShareEntry->ke + offset, ctSz);
+            }
+        }
+    }
+
+    if (ret == 0) {
+        ecc_kse->group = ecc_group;
+        ecc_kse->keLen = keyShareEntry->keLen - ctSz;
+        ecc_kse->key = keyShareEntry->key;
+        ecc_kse->ke = (byte*)XMALLOC(ecc_kse->keLen, ssl->heap,
+                                        DYNAMIC_TYPE_PUBLIC_KEY);
+        if (ecc_kse->ke == NULL) {
+            WOLFSSL_MSG("ecc_kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+        /* Copy the ECDH public key. Depending on the pqc_first flag, the
+         * KEM ciphertext comes before or after the ECDH public key. */
+        if (ret == 0) {
+            int offset = 0;
+
+            if (pqc_first)
+                offset = ctSz;
+
+            XMEMCPY(ecc_kse->ke, keyShareEntry->ke + offset, ecc_kse->keLen);
+        }
+    }
+
+    /* Process ECDH key share part. The generated shared secret is directly
+     * stored in the ssl->arrays->preMasterSecret buffer. Depending on the
+     * pqc_first flag, the ECDH shared secret part goes before or after the
+     * KEM part. */
+    if (ret == 0) {
+        int offset = 0;
+
+        /* Set the ECC size variable to the initial buffer size */
+        ssSzEcc = ssl->arrays->preMasterSz;
+
+        if (pqc_first)
+            offset = ssSzPqc;
+
+    #ifdef HAVE_CURVE25519
+        if (ecc_group == WOLFSSL_ECC_X25519) {
+            ret = TLSX_KeyShare_ProcessX25519_ex(ssl, ecc_kse,
+                    ssl->arrays->preMasterSecret + offset, &ssSzEcc);
+        }
+        else
+    #endif
+    #ifdef HAVE_CURVE448
+        if (ecc_group == WOLFSSL_ECC_X448) {
+            ret = TLSX_KeyShare_ProcessX448_ex(ssl, ecc_kse,
+                    ssl->arrays->preMasterSecret + offset, &ssSzEcc);
+        }
+        else
+    #endif
+        {
+            ret = TLSX_KeyShare_ProcessEcc_ex(ssl, ecc_kse,
+                    ssl->arrays->preMasterSecret + offset, &ssSzEcc);
+        }
+    }
+
+    if (ret == 0) {
+        keyShareEntry->key = ecc_kse->key;
+
+        if ((ret == 0) && ((ssSzEcc + ssSzPqc) > ENCRYPT_LEN)) {
+            WOLFSSL_MSG("shared secret is too long.");
+            ret = LENGTH_ERROR;
+        }
+    }
+
+    /* Process PQC KEM key share part. Depending on the pqc_first flag, the
+     * KEM shared secret part goes before or after the ECDH part. */
+    if (ret == 0) {
+        int offset = ssSzEcc;
+
+        if (pqc_first)
+            offset = 0;
+
+        ret = TLSX_KeyShare_ProcessPqcClient_ex(ssl, pqc_kse,
+                ssl->arrays->preMasterSecret + offset, &ssSzPqc);
+    }
+
+    if (ret == 0) {
+        keyShareEntry->privKey = (byte*)pqc_kse->key;
+
+        ssl->arrays->preMasterSz = ssSzEcc + ssSzPqc;
+    }
+
+    TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
+    TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap);
 
-    wc_ecc_free(&eccpubkey);
-    wc_KyberKey_Free(kem);
     return ret;
 }
-#endif /* WOLFSSL_HAVE_KYBER */
+#endif /* WOLFSSL_HAVE_MLKEM && !WOLFSSL_MLKEM_NO_DECAPSULATE */
 
 /* Process the key share extension on the client side.
  *
@@ -8724,15 +9543,17 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
         ssl->arrays->preMasterSz = ENCRYPT_LEN;
 
     /* Use Key Share Data from server. */
-    if (WOLFSSL_NAMED_GROUP_IS_FFHDE(keyShareEntry->group))
+    if (WOLFSSL_NAMED_GROUP_IS_FFDHE(keyShareEntry->group))
         ret = TLSX_KeyShare_ProcessDh(ssl, keyShareEntry);
     else if (keyShareEntry->group == WOLFSSL_ECC_X25519)
         ret = TLSX_KeyShare_ProcessX25519(ssl, keyShareEntry);
     else if (keyShareEntry->group == WOLFSSL_ECC_X448)
         ret = TLSX_KeyShare_ProcessX448(ssl, keyShareEntry);
-#ifdef WOLFSSL_HAVE_KYBER
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
     else if (WOLFSSL_NAMED_GROUP_IS_PQC(keyShareEntry->group))
-        ret = TLSX_KeyShare_ProcessPqc(ssl, keyShareEntry);
+        ret = TLSX_KeyShare_ProcessPqcClient(ssl, keyShareEntry);
+    else if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(keyShareEntry->group))
+        ret = TLSX_KeyShare_ProcessPqcHybridClient(ssl, keyShareEntry);
 #endif
     else
         ret = TLSX_KeyShare_ProcessEcc(ssl, keyShareEntry);
@@ -8781,11 +9602,18 @@ static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input,
     if (keLen > length - offset)
         return BUFFER_ERROR;
 
-#ifdef WOLFSSL_HAVE_KYBER
-    if (WOLFSSL_NAMED_GROUP_IS_PQC(group) &&
+#ifdef WOLFSSL_HAVE_MLKEM
+    if ((WOLFSSL_NAMED_GROUP_IS_PQC(group) ||
+         WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) &&
         ssl->options.side == WOLFSSL_SERVER_END) {
-        /* For KEMs, the public key is not stored. Casting away const because
-         * we know for KEMs, it will be read-only.*/
+        /* When handling a key share containing a KEM public key on the server
+         * end, we have to perform the encapsulation immediately in order to
+         * send the resulting ciphertext back to the client in the ServerHello
+         * message. As the public key is not stored and we do not modify it, we
+         * don't have to create a copy of it.
+         * In case of a hybrid key exchange, the ECDH part is also performed
+         * immediately (to not split the generation of the master secret).
+         * Hence, we also don't have to store this public key either.  */
         ke = (byte *)&input[offset];
     } else
 #endif
@@ -8960,7 +9788,7 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length,
 
         /* Not in list sent if there isn't a private key. */
         if (keyShareEntry == NULL || (keyShareEntry->key == NULL
-        #if !defined(NO_DH) || defined(WOLFSSL_HAVE_KYBER)
+        #if !defined(NO_DH) || defined(WOLFSSL_HAVE_MLKEM)
             && keyShareEntry->privKey == NULL
         #endif
         )) {
@@ -8985,13 +9813,15 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length,
         if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
     #endif
         {
-            /* Check the selected group was supported by ClientHello extensions. */
+            /* Check the selected group was supported by ClientHello extensions.
+             */
             if (!TLSX_SupportedGroups_Find(ssl, group, ssl->extensions)) {
                 WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA);
                 return BAD_KEY_SHARE_DATA;
             }
 
-            /* Check if the group was sent. */
+            /* Make sure KeyShare for server requested group was not sent in
+             * ClientHello. */
             if (TLSX_KeyShare_Find(ssl, group)) {
                 WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA);
                 return BAD_KEY_SHARE_DATA;
@@ -9052,133 +9882,92 @@ static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap,
     return 0;
 }
 
-#ifdef WOLFSSL_HAVE_KYBER
-static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
-    KeyShareEntry* keyShareEntry, byte* data, word16 len)
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE)
+/* Process the Kyber key share extension on the server side.
+ *
+ * ssl            The SSL/TLS object.
+ * keyShareEntry  The key share entry object to be sent to the client.
+ * data           The key share data received from the client.
+ * len            The length of the key share data from the client.
+ * ssOutput       The destination buffer for the shared secret.
+ * ssOutSz        The size of the generated shared secret.
+ *
+ * returns 0 on success and other values indicate failure.
+ */
+static int TLSX_KeyShare_HandlePqcKeyServer(WOLFSSL* ssl,
+    KeyShareEntry* keyShareEntry, byte* clientData, word16 clientLen,
+    unsigned char* ssOutput, word32* ssOutSz)
 {
-    /* I am the server. The data parameter is the client's public key. I need
-     * to generate the public information (AKA ciphertext) and shared secret
-     * here. Note the "public information" is equivalent to a the public key in
-     * key exchange parlance. That's why it is being assigned to pubKey.
-     */
-    int type;
-    KyberKey kem[1];
-    byte* sharedSecret = NULL;
+    /* We are on the server side. The key share contains a PQC KEM public key
+     * that we are using for an encapsulate operation. The resulting ciphertext
+     * is stored in the server key share. */
+    KyberKey* kemKey = (KyberKey*)keyShareEntry->key;
     byte* ciphertext = NULL;
     int ret = 0;
-    int oqs_group = 0;
-    int ecc_group = 0;
-    KeyShareEntry *ecc_kse = NULL;
-    ecc_key eccpubkey;
-    word32 outlen = 0;
     word32 pubSz = 0;
     word32 ctSz = 0;
     word32 ssSz = 0;
 
-    findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group);
-    ret = kyber_id2type(oqs_group, &type);
-    if (ret != 0) {
-        WOLFSSL_MSG("Invalid Kyber algorithm specified.");
+    if (clientData == NULL) {
+        WOLFSSL_MSG("No KEM public key from the client.");
         return BAD_FUNC_ARG;
     }
 
-    ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId);
-    if (ret != 0) {
-        WOLFSSL_MSG("Could not do ECC public key initialization.");
-        return MEMORY_E;
-    }
+    if (kemKey == NULL) {
+        int type = 0;
 
-    ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
-    if (ret != 0) {
-        wc_ecc_free(&eccpubkey);
-        WOLFSSL_MSG("Error creating Kyber KEM");
-        return MEMORY_E;
-    }
-
-    if (ret == 0) {
-        ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
-            DYNAMIC_TYPE_TLSX);
-        if (ecc_kse == NULL) {
-            WOLFSSL_MSG("ecc_kse memory allocation failure");
-            ret = MEMORY_ERROR;
+        /* Allocate a Kyber key to hold private key. */
+        kemKey = (KyberKey*) XMALLOC(sizeof(KyberKey), ssl->heap,
+                                     DYNAMIC_TYPE_PRIVATE_KEY);
+        if (kemKey == NULL) {
+            WOLFSSL_MSG("GenPqcKey memory error");
+            ret = MEMORY_E;
+        }
+        if (ret == 0) {
+            ret = mlkem_id2type(keyShareEntry->group, &type);
+        }
+        if (ret != 0) {
+            WOLFSSL_MSG("Invalid PQC algorithm specified.");
+            ret = BAD_FUNC_ARG;
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_Init(type, kemKey, ssl->heap, ssl->devId);
+            if (ret != 0) {
+                WOLFSSL_MSG("Error creating Kyber KEM");
+            }
         }
     }
 
     if (ret == 0) {
-        XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
-    }
-
-    if (ret == 0 && ecc_group != 0) {
-        ecc_kse->group = ecc_group;
-        ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
-        /* No message, TLSX_KeyShare_GenEccKey() will do it. */
-    }
-
-    if (ret == 0) {
-        ret = wc_KyberKey_PublicKeySize(kem, &pubSz);
+        ret = wc_KyberKey_PublicKeySize(kemKey, &pubSz);
     }
     if (ret == 0) {
-        ret = wc_KyberKey_CipherTextSize(kem, &ctSz);
+        ret = wc_KyberKey_CipherTextSize(kemKey, &ctSz);
     }
     if (ret == 0) {
-        ret = wc_KyberKey_SharedSecretSize(kem, &ssSz);
+        ret = wc_KyberKey_SharedSecretSize(kemKey, &ssSz);
     }
 
-    if (ret == 0 && len != pubSz + ecc_kse->pubKeyLen) {
+    if (ret == 0 && clientLen != pubSz) {
         WOLFSSL_MSG("Invalid public key.");
         ret = BAD_FUNC_ARG;
     }
 
     if (ret == 0) {
-        sharedSecret = (byte*)XMALLOC(ecc_kse->keyLen + ssSz, ssl->heap,
-            DYNAMIC_TYPE_SECRET);
-        ciphertext = (byte*)XMALLOC(ecc_kse->pubKeyLen + ctSz, ssl->heap,
-            DYNAMIC_TYPE_TLSX);
+        ciphertext = (byte*)XMALLOC(ctSz, ssl->heap, DYNAMIC_TYPE_TLSX);
 
-        if (sharedSecret == NULL || ciphertext == NULL) {
-            WOLFSSL_MSG("Ciphertext/shared secret memory allocation failure.");
+        if (ciphertext == NULL) {
+            WOLFSSL_MSG("Ciphertext memory allocation failure.");
             ret = MEMORY_E;
         }
     }
 
-    if (ecc_group != 0) {
-        if (ret == 0) {
-            /* Point is validated by import function. */
-            ret = wc_ecc_import_x963(data, len - pubSz, &eccpubkey);
-            if (ret != 0) {
-                WOLFSSL_MSG("Bad ECC public key.");
-            }
-        }
-
-#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
-    !defined(HAVE_SELFTEST)
-        if (ret == 0) {
-            ret = wc_ecc_set_rng((ecc_key *)ecc_kse->key, ssl->rng);
-        }
-#endif
-
-        if (ret == 0) {
-            outlen = ecc_kse->keyLen;
-            PRIVATE_KEY_UNLOCK();
-            ret = wc_ecc_shared_secret((ecc_key *)ecc_kse->key, &eccpubkey,
-                                       sharedSecret,
-                                       &outlen);
-            PRIVATE_KEY_LOCK();
-            if (outlen != ecc_kse->keyLen) {
-                WOLFSSL_MSG("Data length mismatch.");
-                ret = BAD_FUNC_ARG;
-            }
-        }
-    }
-
     if (ret == 0) {
-        ret = wc_KyberKey_DecodePublicKey(kem, data + ecc_kse->pubKeyLen,
-            pubSz);
+        ret = wc_KyberKey_DecodePublicKey(kemKey, clientData, pubSz);
     }
     if (ret == 0) {
-        ret = wc_KyberKey_Encapsulate(kem, ciphertext + ecc_kse->pubKeyLen,
-            sharedSecret + outlen, ssl->rng);
+        ret = wc_KyberKey_Encapsulate(kemKey, ciphertext,
+                                      ssOutput, ssl->rng);
         if (ret != 0) {
             WOLFSSL_MSG("wc_KyberKey encapsulation failure.");
         }
@@ -9187,14 +9976,248 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
     if (ret == 0) {
         XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
 
-        keyShareEntry->ke = sharedSecret;
-        keyShareEntry->keLen = outlen + ssSz;
-        sharedSecret = NULL;
+        *ssOutSz = ssSz;
+        keyShareEntry->ke = NULL;
+        keyShareEntry->keLen = 0;
 
-        if (ecc_kse->pubKeyLen > 0)
-            XMEMCPY(ciphertext, ecc_kse->pubKey, ecc_kse->pubKeyLen);
         keyShareEntry->pubKey = ciphertext;
-        keyShareEntry->pubKeyLen = (word32)(ecc_kse->pubKeyLen + ctSz);
+        keyShareEntry->pubKeyLen = ctSz;
+        ciphertext = NULL;
+
+        /* Set namedGroup so wolfSSL_get_curve_name() can function properly on
+         * the server side. */
+        ssl->namedGroup = keyShareEntry->group;
+    }
+
+    XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX);
+
+    wc_KyberKey_Free(kemKey);
+    XFREE(kemKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    keyShareEntry->key = NULL;
+    return ret;
+}
+
+static int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl,
+    KeyShareEntry* keyShareEntry, byte* data, word16 len)
+{
+    /* I am the server. The data parameter is the concatenation of the client's
+     * ECDH public key and the KEM public key. I need to generate a matching
+     * public key for ECDH and encapsulate a shared secret using the KEM public
+     * key. We send the ECDH public key and the KEM ciphertext back to the
+     * client. Additionally, we create the ECDH shared secret here already.
+     */
+    int    type;
+    byte*  ciphertext = NULL;
+    int    ret = 0;
+    int    pqc_group = 0;
+    int    ecc_group = 0;
+    int    pqc_first = 0;
+    KeyShareEntry *ecc_kse = NULL;
+    KeyShareEntry *pqc_kse = NULL;
+    word32 pubSz = 0;
+    word32 ctSz = 0;
+    word32 ssSzPqc = 0;
+    word32 ssSzEcc = 0;
+
+    if (data == NULL) {
+        WOLFSSL_MSG("No hybrid key share data from the client.");
+        return BAD_FUNC_ARG;
+    }
+
+    /* Determine the ECC and PQC group of the hybrid combination */
+    findEccPqc(&ecc_group, &pqc_group, &pqc_first, keyShareEntry->group);
+    if (ecc_group == 0 || pqc_group == 0) {
+        WOLFSSL_MSG("Invalid hybrid group");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
+                   DYNAMIC_TYPE_TLSX);
+        pqc_kse = (KeyShareEntry*)XMALLOC(sizeof(*pqc_kse), ssl->heap,
+                   DYNAMIC_TYPE_TLSX);
+        if (ecc_kse == NULL || pqc_kse == NULL) {
+            WOLFSSL_MSG("kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+    }
+
+    /* The ciphertext and shared secret sizes of a KEM are fixed. Hence, we
+     * decode these sizes to properly concatenate the KEM ciphertext with the
+     * ECDH public key. */
+    if (ret == 0) {
+        XMEMSET(pqc_kse, 0, sizeof(*pqc_kse));
+        pqc_kse->group = pqc_group;
+
+        /* Allocate a Kyber key to hold private key. */
+        pqc_kse->key = (KyberKey*) XMALLOC(sizeof(KyberKey), ssl->heap,
+                                           DYNAMIC_TYPE_PRIVATE_KEY);
+        if (pqc_kse->key == NULL) {
+            WOLFSSL_MSG("GenPqcKey memory error");
+            ret = MEMORY_E;
+        }
+        if (ret == 0) {
+            ret = mlkem_id2type(pqc_kse->group, &type);
+        }
+        if (ret != 0) {
+            WOLFSSL_MSG("Invalid PQC algorithm specified.");
+            ret = BAD_FUNC_ARG;
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_Init(type, (KyberKey*)pqc_kse->key,
+                                   ssl->heap, ssl->devId);
+            if (ret != 0) {
+                WOLFSSL_MSG("Error creating Kyber KEM");
+            }
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_SharedSecretSize((KyberKey*)pqc_kse->key,
+                                               &ssSzPqc);
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_CipherTextSize((KyberKey*)pqc_kse->key,
+                                             &ctSz);
+        }
+        if (ret == 0) {
+            ret = wc_KyberKey_PublicKeySize((KyberKey*)pqc_kse->key,
+                                            &pubSz);
+        }
+    }
+
+    /* Generate the ECDH key share part to be sent to the client */
+    if (ret == 0 && ecc_group != 0) {
+        XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
+        ecc_kse->group = ecc_group;
+    #ifdef HAVE_CURVE25519
+        if (ecc_group == WOLFSSL_ECC_X25519) {
+            ret = TLSX_KeyShare_GenX25519Key(ssl, ecc_kse);
+        }
+        else
+    #endif
+    #ifdef HAVE_CURVE448
+        if (ecc_group == WOLFSSL_ECC_X448) {
+            ret = TLSX_KeyShare_GenX448Key(ssl, ecc_kse);
+        }
+        else
+    #endif
+        {
+            ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
+        }
+        /* No error message, TLSX_KeyShare_GenKey will do it. */
+    }
+
+    if (ret == 0 && len != pubSz + ecc_kse->pubKeyLen) {
+        WOLFSSL_MSG("Invalid public key.");
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Allocate buffer for the concatenated client key share data
+     * (PQC KEM ciphertext + ECDH public key) */
+    if (ret == 0) {
+        ciphertext = (byte*)XMALLOC(ecc_kse->pubKeyLen + ctSz, ssl->heap,
+            DYNAMIC_TYPE_TLSX);
+
+        if (ciphertext == NULL) {
+            WOLFSSL_MSG("Ciphertext memory allocation failure.");
+            ret = MEMORY_E;
+        }
+    }
+
+    /* Process ECDH key share part. The generated shared secret is directly
+     * stored in the ssl->arrays->preMasterSecret buffer. Depending on the
+     * pqc_first flag, the ECDH shared secret part goes before or after the
+     * KEM part. */
+    if (ret == 0) {
+        ecc_kse->keLen = len - pubSz;
+        ecc_kse->ke = (byte*)XMALLOC(ecc_kse->keLen, ssl->heap,
+                                     DYNAMIC_TYPE_PUBLIC_KEY);
+        if (ecc_kse->ke == NULL) {
+            WOLFSSL_MSG("ecc_kse memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+        if (ret == 0) {
+            int pubOffset = 0;
+            int ssOffset = 0;
+
+            /* Set the ECC size variable to the initial buffer size */
+            ssSzEcc = ssl->arrays->preMasterSz;
+
+            if (pqc_first) {
+                pubOffset = pubSz;
+                ssOffset = ssSzPqc;
+            }
+
+            XMEMCPY(ecc_kse->ke, data + pubOffset, ecc_kse->keLen);
+
+        #ifdef HAVE_CURVE25519
+            if (ecc_group == WOLFSSL_ECC_X25519) {
+                ret = TLSX_KeyShare_ProcessX25519_ex(ssl, ecc_kse,
+                        ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc);
+            }
+            else
+        #endif
+        #ifdef HAVE_CURVE448
+            if (ecc_group == WOLFSSL_ECC_X448) {
+                ret = TLSX_KeyShare_ProcessX448_ex(ssl, ecc_kse,
+                        ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc);
+            }
+            else
+        #endif
+            {
+                ret = TLSX_KeyShare_ProcessEcc_ex(ssl, ecc_kse,
+                        ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc);
+            }
+        }
+        if (ret == 0) {
+            if (ssSzEcc != ecc_kse->keyLen) {
+                WOLFSSL_MSG("Data length mismatch.");
+                ret = BAD_FUNC_ARG;
+            }
+        }
+    }
+
+    if (ret == 0 && ssSzEcc + ssSzPqc > ENCRYPT_LEN) {
+        WOLFSSL_MSG("shared secret is too long.");
+        ret = LENGTH_ERROR;
+    }
+
+    /* Process PQC KEM key share part. Depending on the pqc_first flag, the
+     * KEM shared secret part goes before or after the ECDH part. */
+    if (ret == 0) {
+        int input_offset = ecc_kse->keLen;
+        int output_offset = ssSzEcc;
+
+        if (pqc_first) {
+            input_offset = 0;
+            output_offset = 0;
+        }
+
+        ret = TLSX_KeyShare_HandlePqcKeyServer(ssl, pqc_kse,
+                data + input_offset, pubSz,
+                ssl->arrays->preMasterSecret + output_offset, &ssSzPqc);
+    }
+
+    if (ret == 0) {
+        XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+
+        ssl->arrays->preMasterSz = ssSzEcc + ssSzPqc;
+        keyShareEntry->ke = NULL;
+        keyShareEntry->keLen = 0;
+
+        /* Concatenate the ECDH public key and the PQC KEM ciphertext. Based on
+         * the pqc_first flag, the ECDH public key goes before or after the KEM
+         * ciphertext. */
+        if (pqc_first) {
+            XMEMCPY(ciphertext, pqc_kse->pubKey, ctSz);
+            XMEMCPY(ciphertext + ctSz, ecc_kse->pubKey, ecc_kse->pubKeyLen);
+        }
+        else {
+            XMEMCPY(ciphertext, ecc_kse->pubKey, ecc_kse->pubKeyLen);
+            XMEMCPY(ciphertext + ecc_kse->pubKeyLen, pqc_kse->pubKey, ctSz);
+        }
+
+        keyShareEntry->pubKey = ciphertext;
+        keyShareEntry->pubKeyLen = ecc_kse->pubKeyLen + ctSz;
         ciphertext = NULL;
 
         /* Set namedGroup so wolfSSL_get_curve_name() can function properly on
@@ -9203,13 +10226,11 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
     }
 
     TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
-    XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
+    TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap);
     XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX);
-    wc_ecc_free(&eccpubkey);
-    wc_KyberKey_Free(kem);
     return ret;
 }
-#endif /* WOLFSSL_HAVE_KYBER */
+#endif /* WOLFSSL_HAVE_MLKEM && !WOLFSSL_MLKEM_NO_ENCAPSULATE */
 
 /* Use the data to create a new key share object in the extensions.
  *
@@ -9258,11 +10279,22 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data,
     }
 
 
-#ifdef WOLFSSL_HAVE_KYBER
-    if (WOLFSSL_NAMED_GROUP_IS_PQC(group) &&
-        ssl->options.side == WOLFSSL_SERVER_END) {
-        ret = server_generate_pqc_ciphertext((WOLFSSL*)ssl, keyShareEntry, data,
-                                             len);
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE)
+    if (ssl->options.side == WOLFSSL_SERVER_END &&
+            WOLFSSL_NAMED_GROUP_IS_PQC(group)) {
+        ret = TLSX_KeyShare_HandlePqcKeyServer((WOLFSSL*)ssl,
+                                               keyShareEntry,
+                                               data, len,
+                                               ssl->arrays->preMasterSecret,
+                                               &ssl->arrays->preMasterSz);
+        if (ret != 0)
+            return ret;
+    }
+    else if (ssl->options.side == WOLFSSL_SERVER_END &&
+             WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) {
+        ret = TLSX_KeyShare_HandlePqcHybridKeyServer((WOLFSSL*)ssl,
+                                                     keyShareEntry,
+                                                     data, len);
         if (ret != 0)
             return ret;
     }
@@ -9423,15 +10455,93 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
             break;
         #endif
     #endif
-#ifdef WOLFSSL_HAVE_KYBER
-    #ifdef WOLFSSL_WC_KYBER
+#ifdef WOLFSSL_HAVE_MLKEM
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_MLKEM
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            case WOLFSSL_ML_KEM_512:
+            case WOLFSSL_P256_ML_KEM_512:
+        #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+            case WOLFSSL_X25519_ML_KEM_512:
+        #endif
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            case WOLFSSL_ML_KEM_768:
+            case WOLFSSL_P384_ML_KEM_768:
+            case WOLFSSL_P256_ML_KEM_768:
+        #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+            case WOLFSSL_X25519_ML_KEM_768:
+        #endif
+        #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+            case WOLFSSL_X448_ML_KEM_768:
+        #endif
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+            case WOLFSSL_ML_KEM_1024:
+            case WOLFSSL_P521_ML_KEM_1024:
+            case WOLFSSL_P384_ML_KEM_1024:
+        #endif
+                break;
+    #elif defined(HAVE_LIBOQS)
+        case WOLFSSL_ML_KEM_512:
+        case WOLFSSL_ML_KEM_768:
+        case WOLFSSL_ML_KEM_1024:
+        {
+            int ret;
+            int id;
+            ret = mlkem_id2type(namedGroup, &id);
+            if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
+                return 0;
+            }
+
+            if (! ext_mlkem_enabled(id)) {
+                return 0;
+            }
+            break;
+        }
+        case WOLFSSL_P256_ML_KEM_512:
+        case WOLFSSL_P384_ML_KEM_768:
+        case WOLFSSL_P256_ML_KEM_768:
+        case WOLFSSL_P521_ML_KEM_1024:
+        case WOLFSSL_P384_ML_KEM_1024:
+        case WOLFSSL_X25519_ML_KEM_512:
+        case WOLFSSL_X448_ML_KEM_768:
+        case WOLFSSL_X25519_ML_KEM_768:
+        {
+            int ret;
+            int id;
+            findEccPqc(NULL, &namedGroup, NULL, namedGroup);
+            ret = mlkem_id2type(namedGroup, &id);
+            if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
+                return 0;
+            }
+
+            if (! ext_mlkem_enabled(id)) {
+                return 0;
+            }
+            break;
+        }
+    #endif
+#endif /* WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifdef WOLFSSL_WC_MLKEM
         #ifdef WOLFSSL_KYBER512
             case WOLFSSL_KYBER_LEVEL1:
             case WOLFSSL_P256_KYBER_LEVEL1:
+        #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+            case WOLFSSL_X25519_KYBER_LEVEL1:
+        #endif
         #endif
         #ifdef WOLFSSL_KYBER768
             case WOLFSSL_KYBER_LEVEL3:
             case WOLFSSL_P384_KYBER_LEVEL3:
+            case WOLFSSL_P256_KYBER_LEVEL3:
+        #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+            case WOLFSSL_X25519_KYBER_LEVEL3:
+        #endif
+        #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+            case WOLFSSL_X448_KYBER_LEVEL3:
+        #endif
         #endif
         #ifdef WOLFSSL_KYBER1024
             case WOLFSSL_KYBER_LEVEL5:
@@ -9442,28 +10552,43 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
         case WOLFSSL_KYBER_LEVEL1:
         case WOLFSSL_KYBER_LEVEL3:
         case WOLFSSL_KYBER_LEVEL5:
-        case WOLFSSL_P256_KYBER_LEVEL1:
-        case WOLFSSL_P384_KYBER_LEVEL3:
-        case WOLFSSL_P521_KYBER_LEVEL5:
         {
             int ret;
             int id;
-            findEccPqc(NULL, &namedGroup, namedGroup);
-            ret = kyber_id2type(namedGroup, &id);
+            ret = mlkem_id2type(namedGroup, &id);
             if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
                 return 0;
             }
 
-            if (! ext_kyber_enabled(id)) {
+            if (! ext_mlkem_enabled(id)) {
                 return 0;
             }
             break;
         }
-    #elif defined(HAVE_PQM4)
-        case WOLFSSL_KYBER_LEVEL1:
+        case WOLFSSL_P256_KYBER_LEVEL1:
+        case WOLFSSL_P384_KYBER_LEVEL3:
+        case WOLFSSL_P256_KYBER_LEVEL3:
+        case WOLFSSL_P521_KYBER_LEVEL5:
+        case WOLFSSL_X25519_KYBER_LEVEL1:
+        case WOLFSSL_X448_KYBER_LEVEL3:
+        case WOLFSSL_X25519_KYBER_LEVEL3:
+        {
+            int ret;
+            int id;
+            findEccPqc(NULL, &namedGroup, NULL, namedGroup);
+            ret = mlkem_id2type(namedGroup, &id);
+            if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
+                return 0;
+            }
+
+            if (! ext_mlkem_enabled(id)) {
+                return 0;
+            }
             break;
+        }
     #endif
 #endif
+#endif /* WOLFSSL_HAVE_MLKEM */
         default:
             return 0;
     }
@@ -9509,14 +10634,69 @@ static const word16 preferredGroup[] = {
 #if defined(HAVE_FFDHE_8192)
     WOLFSSL_FFDHE_8192,
 #endif
-#ifdef WOLFSSL_WC_KYBER
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_MLKEM
+    #ifndef WOLFSSL_NO_ML_KEM_512
+    WOLFSSL_ML_KEM_512,
+    WOLFSSL_P256_ML_KEM_512,
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    WOLFSSL_X25519_ML_KEM_512,
+    #endif
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_768
+    WOLFSSL_ML_KEM_768,
+    WOLFSSL_P384_ML_KEM_768,
+    WOLFSSL_P256_ML_KEM_768,
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    WOLFSSL_X25519_ML_KEM_768,
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    WOLFSSL_X448_ML_KEM_768,
+    #endif
+    #endif
+    #ifndef WOLFSSL_NO_ML_KEM_1024
+    WOLFSSL_ML_KEM_1024,
+    WOLFSSL_P521_ML_KEM_1024,
+    WOLFSSL_P384_ML_KEM_1024,
+    #endif
+#elif defined(HAVE_LIBOQS)
+    /* These require a runtime call to TLSX_KeyShare_IsSupported to use */
+    WOLFSSL_ML_KEM_512,
+    WOLFSSL_ML_KEM_768,
+    WOLFSSL_ML_KEM_1024,
+    WOLFSSL_P256_ML_KEM_512,
+    WOLFSSL_P384_ML_KEM_768,
+    WOLFSSL_P256_ML_KEM_768,
+    WOLFSSL_P521_ML_KEM_1024,
+    WOLFSSL_P384_ML_KEM_1024,
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    WOLFSSL_X25519_ML_KEM_512,
+    WOLFSSL_X25519_ML_KEM_768,
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    WOLFSSL_X448_ML_KEM_768,
+    #endif
+#endif
+#endif /* !WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_MLKEM_KYBER
+#ifdef WOLFSSL_WC_MLKEM
     #ifdef WOLFSSL_KYBER512
     WOLFSSL_KYBER_LEVEL1,
     WOLFSSL_P256_KYBER_LEVEL1,
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    WOLFSSL_X25519_KYBER_LEVEL1,
+    #endif
     #endif
     #ifdef WOLFSSL_KYBER768
     WOLFSSL_KYBER_LEVEL3,
     WOLFSSL_P384_KYBER_LEVEL3,
+    WOLFSSL_P256_KYBER_LEVEL3,
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    WOLFSSL_X25519_KYBER_LEVEL3,
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    WOLFSSL_X448_KYBER_LEVEL3,
+    #endif
     #endif
     #ifdef WOLFSSL_KYBER1024
     WOLFSSL_KYBER_LEVEL5,
@@ -9529,10 +10709,17 @@ static const word16 preferredGroup[] = {
     WOLFSSL_KYBER_LEVEL5,
     WOLFSSL_P256_KYBER_LEVEL1,
     WOLFSSL_P384_KYBER_LEVEL3,
+    WOLFSSL_P256_KYBER_LEVEL3,
     WOLFSSL_P521_KYBER_LEVEL5,
-#elif defined(HAVE_PQM4)
-    WOLFSSL_KYBER_LEVEL1,
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    WOLFSSL_X25519_KYBER_LEVEL1,
+    WOLFSSL_X25519_KYBER_LEVEL3,
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    WOLFSSL_X448_KYBER_LEVEL3,
+    #endif
 #endif
+#endif /* WOLFSSL_MLKEM_KYBER */
     WOLFSSL_NAMED_GROUP_INVALID
 };
 
@@ -9555,8 +10742,7 @@ static int TLSX_KeyShare_GroupRank(const WOLFSSL* ssl, int group)
     byte numGroups;
 
     if (ssl->numGroups == 0) {
-        groups = preferredGroup;
-        numGroups = PREFERRED_GROUP_SZ;
+        return 0;
     }
     else {
         groups = ssl->group;
@@ -9565,14 +10751,14 @@ static int TLSX_KeyShare_GroupRank(const WOLFSSL* ssl, int group)
 
 #ifdef HAVE_LIBOQS
       if (!TLSX_KeyShare_IsSupported(group))
-          return -1;
+          return WOLFSSL_FATAL_ERROR;
 #endif
 
     for (i = 0; i < numGroups; i++)
         if (groups[i] == (word16)group)
             return i;
 
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 /* Set a key share that is supported by the client into extensions.
@@ -9702,10 +10888,11 @@ int TLSX_CKS_Set(WOLFSSL* ssl, TLSX** extensions)
 int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input, word16 length,
                    TLSX** extensions)
 {
-    (void) extensions;
     int ret;
     int i, j;
 
+    (void) extensions;
+
     /* Validating the input. */
     if (length == 0)
         return BUFFER_ERROR;
@@ -9724,6 +10911,16 @@ int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input, word16 length,
         }
     }
 
+    /* This could be a situation where the client tried to start with TLS 1.3
+     * when it sent ClientHello and the server down-graded to TLS 1.2. In that
+     * case, erroring out because it is TLS 1.2 is not a reasonable thing to do.
+     * In the case of TLS 1.2, the CKS values will be ignored. */
+    if (!IsAtLeastTLSv1_3(ssl->version)) {
+        ssl->sigSpec = NULL;
+        ssl->sigSpecSz = 0;
+        return 0;
+    }
+
     /* Extension data is valid, but if we are the server and we don't have an
      * alt private key, do not respond with CKS extension. */
     if (wolfSSL_is_server(ssl) && ssl->buffers.altKey == NULL) {
@@ -9815,7 +11012,9 @@ int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions,
 
     /* Use server's preference order. */
     for (clientKSE = list; clientKSE != NULL; clientKSE = clientKSE->next) {
-        if (clientKSE->ke == NULL)
+        if ((clientKSE->ke == NULL) &&
+            (!WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group)) &&
+            (!WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(clientKSE->group)))
             continue;
 
 #ifdef WOLFSSL_SM2
@@ -9835,11 +11034,12 @@ int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions,
         if (!TLSX_SupportedGroups_Find(ssl, clientKSE->group, extensions))
             continue;
 
-        if (!WOLFSSL_NAMED_GROUP_IS_FFHDE(clientKSE->group)) {
+        if (!WOLFSSL_NAMED_GROUP_IS_FFDHE(clientKSE->group)) {
             /* Check max value supported. */
             if (clientKSE->group > WOLFSSL_ECC_MAX) {
-#ifdef WOLFSSL_HAVE_KYBER
-                if (!WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group))
+#ifdef WOLFSSL_HAVE_MLKEM
+                if (!WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group) &&
+                    !WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(clientKSE->group))
 #endif
                     continue;
             }
@@ -9894,7 +11094,7 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE)
         return BAD_FUNC_ARG;
     }
 
-    /* Generate a new key pair except in the case of OQS KEM because we
+    /* Generate a new key pair except in the case of PQC KEM because we
      * are going to encapsulate and that does not require us to generate a
      * key pair.
      */
@@ -9903,8 +11103,9 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE)
         return ret;
 
     if (clientKSE->key == NULL) {
-#ifdef WOLFSSL_HAVE_KYBER
-        if (WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group)) {
+#ifdef WOLFSSL_HAVE_MLKEM
+        if (WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group) ||
+            WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(clientKSE->group)) {
             /* Going to need the public key (AKA ciphertext). */
             serverKSE->pubKey = clientKSE->pubKey;
             clientKSE->pubKey = NULL;
@@ -9920,7 +11121,7 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE)
         /* for async do setup of serverKSE below, but return WC_PENDING_E */
         if (ret != 0
         #ifdef WOLFSSL_ASYNC_CRYPT
-            && ret != WC_PENDING_E
+            && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             TLSX_KeyShare_FreeAll(list, ssl->heap);
@@ -11665,41 +12866,35 @@ static int TLSX_ECH_Use(WOLFSSL_EchConfig* echConfig, TLSX** extensions,
 {
     int ret = 0;
     int suiteIndex;
+    TLSX* echX;
     WOLFSSL_ECH* ech;
-
     if (extensions == NULL)
         return BAD_FUNC_ARG;
-
+    /* skip if we already have an ech extension, we will for hrr */
+    echX = TLSX_Find(*extensions, TLSX_ECH);
+    if (echX != NULL)
+        return 0;
     /* find a supported cipher suite */
     suiteIndex = EchConfigGetSupportedCipherSuite(echConfig);
-
     if (suiteIndex < 0)
         return suiteIndex;
-
     ech = (WOLFSSL_ECH*)XMALLOC(sizeof(WOLFSSL_ECH), heap,
         DYNAMIC_TYPE_TMP_BUFFER);
-
     if (ech == NULL)
         return MEMORY_E;
-
     ForceZero(ech, sizeof(WOLFSSL_ECH));
-
     ech->state = ECH_WRITE_REAL;
-
     ech->echConfig = echConfig;
-
     /* 0 for outer */
     ech->type = ECH_TYPE_OUTER;
     /* kemId */
     ech->kemId = echConfig->kemId;
-
     /* cipherSuite kdf */
     ech->cipherSuite.kdfId = echConfig->cipherSuites[suiteIndex].kdfId;
     /* cipherSuite aead */
     ech->cipherSuite.aeadId = echConfig->cipherSuites[suiteIndex].aeadId;
     /* configId */
     ech->configId = echConfig->configId;
-
     /* encLen */
     switch (echConfig->kemId)
     {
@@ -11719,30 +12914,23 @@ static int TLSX_ECH_Use(WOLFSSL_EchConfig* echConfig, TLSX** extensions,
             ech->encLen = DHKEM_X448_ENC_LEN;
             break;
     }
-
     /* setup hpke */
     ech->hpke = (Hpke*)XMALLOC(sizeof(Hpke), heap, DYNAMIC_TYPE_TMP_BUFFER);
-
     if (ech->hpke == NULL) {
         XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER);
         return MEMORY_E;
     }
-
     ret = wc_HpkeInit(ech->hpke, ech->kemId, ech->cipherSuite.kdfId,
         ech->cipherSuite.aeadId, heap);
-
     /* setup the ephemeralKey */
     if (ret == 0)
         ret = wc_HpkeGenerateKeyPair(ech->hpke, &ech->ephemeralKey, rng);
-
     if (ret == 0)
         ret = TLSX_Push(extensions, TLSX_ECH, ech, heap);
-
     if (ret != 0) {
         XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
-
     return ret;
 }
 
@@ -11753,41 +12941,31 @@ static int TLSX_ServerECH_Use(TLSX** extensions, void* heap,
     int ret;
     WOLFSSL_ECH* ech;
     TLSX* echX;
-
     if (extensions == NULL)
         return BAD_FUNC_ARG;
-
     /* if we already have ech don't override it */
     echX = TLSX_Find(*extensions, TLSX_ECH);
     if (echX != NULL)
         return 0;
-
     ech = (WOLFSSL_ECH*)XMALLOC(sizeof(WOLFSSL_ECH), heap,
         DYNAMIC_TYPE_TMP_BUFFER);
-
     if (ech == NULL)
         return MEMORY_E;
-
     ForceZero(ech, sizeof(WOLFSSL_ECH));
-
     ech->state = ECH_WRITE_NONE;
-
     /* 0 for outer */
     ech->type = ECH_TYPE_OUTER;
-
     ech->echConfig = configs;
-
     /* setup the rest of the settings when we receive ech from the client */
     ret = TLSX_Push(extensions, TLSX_ECH, ech, heap);
-
     if (ret != 0)
         XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER);
-
     return ret;
 }
 
-/* return length after writing the ech */
-static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte* writeBuf, word16* offset)
+/* return status after writing the ech and updating offset */
+static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte msgType, byte* writeBuf,
+    word16* offset)
 {
     int ret = 0;
     int rngRet = -1;
@@ -11801,84 +12979,75 @@ static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte* writeBuf, word16* offset)
     Hpke hpke[1];
     WC_RNG rng[1];
 #endif
-
     WOLFSSL_MSG("TLSX_ECH_Write");
-
+    if (msgType == hello_retry_request) {
+        /* reserve space to write the confirmation to */
+        *offset += ECH_ACCEPT_CONFIRMATION_SZ;
+        /* set confBuf */
+        ech->confBuf = writeBuf;
+        return 0;
+    }
     if (ech->state == ECH_WRITE_NONE || ech->state == ECH_PARSED_INTERNAL)
         return 0;
-
     if (ech->state == ECH_WRITE_RETRY_CONFIGS) {
         /* get size then write */
         ret = GetEchConfigsEx(ech->echConfig, NULL, &configsLen);
-
         if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             return ret;
-
         ret = GetEchConfigsEx(ech->echConfig, writeBuf, &configsLen);
-
         if (ret != WOLFSSL_SUCCESS)
             return ret;
-
         *offset += configsLen;
-
         return 0;
     }
-
-#ifdef WOLFSSL_SMALL_STACK
-    hpke = (Hpke*)XMALLOC(sizeof(Hpke), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-    if (hpke == NULL)
-        return MEMORY_E;
-
-    rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
-
-    if (rng == NULL) {
-        XFREE(hpke, NULL, DYNAMIC_TYPE_RNG);
-        return MEMORY_E;
-    }
-#endif
-
     /* type */
     *writeBuf_p = ech->type;
     writeBuf_p += sizeof(ech->type);
-
     /* outer has body, inner does not */
     if (ech->type == ECH_TYPE_OUTER) {
         /* kdfId */
         c16toa(ech->cipherSuite.kdfId, writeBuf_p);
         writeBuf_p += sizeof(ech->cipherSuite.kdfId);
-
         /* aeadId */
         c16toa(ech->cipherSuite.aeadId, writeBuf_p);
         writeBuf_p += sizeof(ech->cipherSuite.aeadId);
-
         /* configId */
         *writeBuf_p = ech->configId;
         writeBuf_p += sizeof(ech->configId);
-
         /* encLen */
-        c16toa(ech->encLen, writeBuf_p);
+        if (ech->hpkeContext == NULL) {
+            c16toa(ech->encLen, writeBuf_p);
+        }
+        else {
+            /* set to 0 if this is clientInner 2 */
+            c16toa(0, writeBuf_p);
+        }
         writeBuf_p += 2;
-
         if (ech->state == ECH_WRITE_GREASE) {
+#ifdef WOLFSSL_SMALL_STACK
+            hpke = (Hpke*)XMALLOC(sizeof(Hpke), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (hpke == NULL)
+                return MEMORY_E;
+            rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
+            if (rng == NULL) {
+                XFREE(hpke, NULL, DYNAMIC_TYPE_RNG);
+                return MEMORY_E;
+            }
+#endif
             /* hpke init */
             ret = wc_HpkeInit(hpke, ech->kemId, ech->cipherSuite.kdfId,
                 ech->cipherSuite.aeadId, NULL);
-
             if (ret == 0)
                 rngRet = ret = wc_InitRng(rng);
-
             /* create the ephemeralKey */
             if (ret == 0)
                 ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng);
-
             /* enc */
             if (ret == 0) {
                 ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, writeBuf_p,
                     &ech->encLen);
                 writeBuf_p += ech->encLen;
             }
-
             if (ret == 0) {
                 /* innerClientHelloLen */
                 c16toa(GREASE_ECH_SIZE + ((writeBuf_p + 2 - writeBuf) % 32),
@@ -11890,45 +13059,40 @@ static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte* writeBuf, word16* offset)
                     ((writeBuf_p - writeBuf) % 32));
                 writeBuf_p += GREASE_ECH_SIZE + ((writeBuf_p - writeBuf) % 32);
             }
-
             if (rngRet == 0)
                 wc_FreeRng(rng);
-
             if (ephemeralKey != NULL)
                 wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap);
+#ifdef WOLFSSL_SMALL_STACK
+            XFREE(hpke, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
+#endif
         }
         else {
-            /* write enc to writeBuf_p */
-            ret = wc_HpkeSerializePublicKey(ech->hpke, ech->ephemeralKey,
-                writeBuf_p, &ech->encLen);
-            writeBuf_p += ech->encLen;
-
+            /* only write enc if this is our first ech, no hpke context */
+            if (ech->hpkeContext == NULL) {
+                /* write enc to writeBuf_p */
+                ret = wc_HpkeSerializePublicKey(ech->hpke, ech->ephemeralKey,
+                    writeBuf_p, &ech->encLen);
+                writeBuf_p += ech->encLen;
+            }
             /* innerClientHelloLen */
             c16toa(ech->innerClientHelloLen, writeBuf_p);
             writeBuf_p += 2;
-
             /* set payload offset for when we finalize */
             ech->outerClientPayload = writeBuf_p;
-
             /* write zeros for payload */
             XMEMSET(writeBuf_p, 0, ech->innerClientHelloLen);
             writeBuf_p += ech->innerClientHelloLen;
         }
     }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(hpke, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
-#endif
-
     if (ret == 0)
         *offset += (writeBuf_p - writeBuf);
-
     return ret;
 }
 
 /* return the size needed for the ech extension */
-static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech)
+static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech, byte msgType)
 {
     int ret;
     word32 size;
@@ -11940,6 +13104,9 @@ static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech)
 
         size += GREASE_ECH_SIZE + (size % 32);
     }
+    else if (msgType == hello_retry_request) {
+        size = ECH_ACCEPT_CONFIRMATION_SZ;
+    }
     else if (ech->state == ECH_WRITE_NONE ||
         ech->state == ECH_PARSED_INTERNAL) {
         size = 0;
@@ -11958,8 +13125,11 @@ static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech)
     else
     {
         size = sizeof(ech->type) + sizeof(ech->cipherSuite) +
-            sizeof(ech->configId) + sizeof(word16) + ech->encLen +
-            sizeof(word16) + ech->innerClientHelloLen;
+            sizeof(ech->configId) + sizeof(word16) + sizeof(word16) +
+            ech->innerClientHelloLen;
+        /* only set encLen if this is inner hello 1 */
+        if (ech->hpkeContext == NULL)
+            size += ech->encLen;
     }
 
     return (int)size;
@@ -11977,10 +13147,8 @@ static int TLSX_ExtractEch(WOLFSSL_ECH* ech, WOLFSSL_EchConfig* echConfig,
     word32 rawConfigLen = 0;
     byte* info = NULL;
     word32 infoLen = 0;
-
     if (ech == NULL || echConfig == NULL || aad == NULL)
         return BAD_FUNC_ARG;
-
     /* verify the kem and key len */
     switch (echConfig->kemId)
     {
@@ -12003,10 +13171,8 @@ static int TLSX_ExtractEch(WOLFSSL_ECH* ech, WOLFSSL_EchConfig* echConfig,
             expectedEncLen = 0;
             break;
     }
-
     if (expectedEncLen != ech->encLen)
         return BAD_FUNC_ARG;
-
     /* verify the cipher suite */
     for (i = 0; i < echConfig->numCipherSuites; i++) {
         if (echConfig->cipherSuites[i].kdfId == ech->cipherSuite.kdfId &&
@@ -12014,54 +13180,69 @@ static int TLSX_ExtractEch(WOLFSSL_ECH* ech, WOLFSSL_EchConfig* echConfig,
             break;
         }
     }
-
     if (i >= echConfig->numCipherSuites) {
         return BAD_FUNC_ARG;
     }
-
-    ech->hpke = (Hpke*)XMALLOC(sizeof(Hpke), heap, DYNAMIC_TYPE_TMP_BUFFER);
-
-    if (ech->hpke == NULL)
-        return MEMORY_E;
-
-    ret = wc_HpkeInit(ech->hpke, echConfig->kemId, ech->cipherSuite.kdfId,
-        ech->cipherSuite.aeadId, heap);
-
-    /* get the rawConfigLen */
-    if (ret == 0)
-        ret = GetEchConfig(echConfig, NULL, &rawConfigLen);
-
-    if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))
-        ret = 0;
-
-    /* create info */
-    if (ret == 0) {
-        infoLen = TLS_INFO_CONST_STRING_SZ + 1 + rawConfigLen;
-        info = (byte*)XMALLOC(infoLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
-
-        if (info == NULL)
+    /* check if hpke already exists, may if HelloRetryRequest */
+    if (ech->hpke == NULL) {
+        ech->hpke = (Hpke*)XMALLOC(sizeof(Hpke), heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (ech->hpke == NULL)
             ret = MEMORY_E;
-        else {
-            XMEMCPY(info, (byte*)TLS_INFO_CONST_STRING,
-                TLS_INFO_CONST_STRING_SZ + 1);
-            ret = GetEchConfig(echConfig, info +
-                TLS_INFO_CONST_STRING_SZ + 1, &rawConfigLen);
+        /* init the hpke struct */
+        if (ret == 0) {
+            ret = wc_HpkeInit(ech->hpke, echConfig->kemId,
+                ech->cipherSuite.kdfId, ech->cipherSuite.aeadId, heap);
+        }
+        if (ret == 0) {
+            /* allocate hpkeContext */
+            ech->hpkeContext =
+                (HpkeBaseContext*)XMALLOC(sizeof(HpkeBaseContext),
+                ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            if (ech->hpkeContext == NULL)
+                ret = MEMORY_E;
+        }
+        /* get the rawConfigLen */
+        if (ret == 0)
+            ret = GetEchConfig(echConfig, NULL, &rawConfigLen);
+        if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))
+            ret = 0;
+        /* create info */
+        if (ret == 0) {
+            infoLen = TLS_INFO_CONST_STRING_SZ + 1 + rawConfigLen;
+            info = (byte*)XMALLOC(infoLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
+
+            if (info == NULL)
+                ret = MEMORY_E;
+            else {
+                XMEMCPY(info, (byte*)TLS_INFO_CONST_STRING,
+                    TLS_INFO_CONST_STRING_SZ + 1);
+                ret = GetEchConfig(echConfig, info +
+                    TLS_INFO_CONST_STRING_SZ + 1, &rawConfigLen);
+            }
+        }
+        /* init the context for opening */
+        if (ret == 0) {
+            ret = wc_HpkeInitOpenContext(ech->hpke, ech->hpkeContext,
+                echConfig->receiverPrivkey, ech->enc, ech->encLen, info,
+                infoLen);
         }
     }
-
     /* decrypt the ech payload */
-    if (ret == 0)
-        ret = wc_HpkeOpenBase(ech->hpke, echConfig->receiverPrivkey, ech->enc,
-            ech->encLen, info, infoLen, aad, aadLen, ech->outerClientPayload,
-            ech->innerClientHelloLen,
+    if (ret == 0) {
+        ret = wc_HpkeContextOpenBase(ech->hpke, ech->hpkeContext, aad, aadLen,
+            ech->outerClientPayload, ech->innerClientHelloLen,
             ech->innerClientHello + HANDSHAKE_HEADER_SZ);
-
+    }
+    /* free the hpke and context on failure */
     if (ret != 0) {
         XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER);
         ech->hpke = NULL;
+        XFREE(ech->hpkeContext, heap, DYNAMIC_TYPE_TMP_BUFFER);
+        ech->hpkeContext = NULL;
     }
 
-    XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (info != NULL)
+        XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     return ret;
 }
@@ -12078,89 +13259,98 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
     WOLFSSL_EchConfig* echConfig;
     byte* aadCopy;
     byte* readBuf_p = (byte*)readBuf;
-
     WOLFSSL_MSG("TLSX_ECH_Parse");
-
     if (size == 0)
         return BAD_FUNC_ARG;
-
+    if (ssl->options.disableECH) {
+        WOLFSSL_MSG("TLSX_ECH_Parse: ECH disabled. Ignoring.");
+        return 0;
+    }
+    /* retry configs */
     if (msgType == encrypted_extensions) {
         ret = wolfSSL_SetEchConfigs(ssl, readBuf, size);
 
         if (ret == WOLFSSL_SUCCESS)
             ret = 0;
     }
-    else if (msgType == client_hello && ssl->ctx->echConfigs != NULL) {
+    /* HRR with special confirmation */
+    else if (msgType == hello_retry_request && ssl->options.useEch) {
+        /* length must be 8 */
+        if (size != ECH_ACCEPT_CONFIRMATION_SZ)
+            return BAD_FUNC_ARG;
+        /* get extension */
+        echX = TLSX_Find(ssl->extensions, TLSX_ECH);
+        if (echX == NULL)
+            return BAD_FUNC_ARG;
+        ech = (WOLFSSL_ECH*)echX->data;
+        ech->confBuf = (byte*)readBuf;
+    }
+    else if (msgType == client_hello && ssl->ctx->echConfigs != NULL) {
+        /* get extension */
         echX = TLSX_Find(ssl->extensions, TLSX_ECH);
-
         if (echX == NULL)
             return BAD_FUNC_ARG;
-
         ech = (WOLFSSL_ECH*)echX->data;
-
         /* read the ech parameters before the payload */
         ech->type = *readBuf_p;
         readBuf_p++;
-
         if (ech->type == ECH_TYPE_INNER) {
             ech->state = ECH_PARSED_INTERNAL;
             return 0;
         }
-
         /* technically the payload would only be 1 byte at this length */
         if (size < 11 + ech->encLen)
             return BAD_FUNC_ARG;
-
+        /* read kdfId */
         ato16(readBuf_p, &ech->cipherSuite.kdfId);
         readBuf_p += 2;
-
+        /* read aeadId */
         ato16(readBuf_p, &ech->cipherSuite.aeadId);
         readBuf_p += 2;
-
+        /* read configId */
         ech->configId = *readBuf_p;
         readBuf_p++;
-
-        ato16(readBuf_p, &ech->encLen);
-        readBuf_p += 2;
-
-        if (ech->encLen > HPKE_Npk_MAX)
-            return BAD_FUNC_ARG;
-
-        XMEMCPY(ech->enc, readBuf_p, ech->encLen);
-        readBuf_p += ech->encLen;
-
+        /* only get enc if we don't already have the hpke context */
+        if (ech->hpkeContext == NULL) {
+            /* read encLen */
+            ato16(readBuf_p, &ech->encLen);
+            readBuf_p += 2;
+            if (ech->encLen > HPKE_Npk_MAX)
+                return BAD_FUNC_ARG;
+            /* read enc */
+            XMEMCPY(ech->enc, readBuf_p, ech->encLen);
+            readBuf_p += ech->encLen;
+        }
+        else {
+            readBuf_p += 2;
+        }
+        /* read hello inner len */
         ato16(readBuf_p, &ech->innerClientHelloLen);
-        ech->innerClientHelloLen -= AES_BLOCK_SIZE;
+        ech->innerClientHelloLen -= WC_AES_BLOCK_SIZE;
         readBuf_p += 2;
-
         ech->outerClientPayload = readBuf_p;
-
         /* make a copy of the aad */
         aadCopy = (byte*)XMALLOC(ech->aadLen, ssl->heap,
             DYNAMIC_TYPE_TMP_BUFFER);
-
         if (aadCopy == NULL)
             return MEMORY_E;
-
         XMEMCPY(aadCopy, ech->aad, ech->aadLen);
-
         /* set the ech payload of the copy to zeros */
         XMEMSET(aadCopy + (readBuf_p - ech->aad), 0,
-            ech->innerClientHelloLen + AES_BLOCK_SIZE);
-
+            ech->innerClientHelloLen + WC_AES_BLOCK_SIZE);
+        /* free the old ech in case this is our second client hello */
+        if (ech->innerClientHello != NULL)
+            XFREE(ech->innerClientHello, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
         /* allocate the inner payload buffer */
         ech->innerClientHello =
             (byte*)XMALLOC(ech->innerClientHelloLen + HANDSHAKE_HEADER_SZ,
             ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-
         if (ech->innerClientHello == NULL) {
             XFREE(aadCopy, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
             return MEMORY_E;
         }
-
         /* first check if the config id matches */
         echConfig = ssl->ctx->echConfigs;
-
         while (echConfig != NULL) {
             /* decrypt with this config */
             if (echConfig->configId == ech->configId) {
@@ -12168,26 +13358,20 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
                     ssl->heap);
                 break;
             }
-
             echConfig = echConfig->next;
         }
-
         /* try to decrypt with all configs */
         if (echConfig == NULL || ret != 0) {
             echConfig = ssl->ctx->echConfigs;
-
             while (echConfig != NULL) {
                 ret = TLSX_ExtractEch(ech, echConfig, aadCopy, ech->aadLen,
                     ssl->heap);
-
                 if (ret== 0)
                     break;
-
                 echConfig = echConfig->next;
             }
         }
-
-        /* if we failed to extract */
+        /* if we failed to extract, set state to retry configs */
         if (ret != 0) {
             XFREE(ech->innerClientHello, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
             ech->innerClientHello = NULL;
@@ -12195,19 +13379,15 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
         }
         else {
             i = 0;
-
             /* decrement until before the padding */
             while (ech->innerClientHello[ech->innerClientHelloLen +
                 HANDSHAKE_HEADER_SZ - i - 1] != ECH_TYPE_INNER) {
                 i++;
             }
-
             /* subtract the length of the padding from the length */
             ech->innerClientHelloLen -= i;
         }
-
         XFREE(aadCopy, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-
         return 0;
     }
 
@@ -12221,7 +13401,10 @@ static void TLSX_ECH_Free(WOLFSSL_ECH* ech, void* heap)
     if (ech->ephemeralKey != NULL)
         wc_HpkeFreeKey(ech->hpke, ech->hpke->kem, ech->ephemeralKey,
             ech->hpke->heap);
-    XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (ech->hpke != NULL)
+        XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (ech->hpkeContext != NULL)
+        XFREE(ech->hpkeContext, heap, DYNAMIC_TYPE_TMP_BUFFER);
 
     XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER);
     (void)heap;
@@ -12231,58 +13414,65 @@ static void TLSX_ECH_Free(WOLFSSL_ECH* ech, void* heap)
  * status */
 int TLSX_FinalizeEch(WOLFSSL_ECH* ech, byte* aad, word32 aadLen)
 {
-    int ret;
+    int ret = 0;
     void* receiverPubkey = NULL;
-    byte* info;
-    int infoLen;
-    byte* aadCopy;
-
-    /* import the server public key */
-    ret = wc_HpkeDeserializePublicKey(ech->hpke, &receiverPubkey,
-        ech->echConfig->receiverPubkey, ech->encLen);
-
-    if (ret == 0) {
-        /* create info */
-        infoLen = TLS_INFO_CONST_STRING_SZ + 1 + ech->echConfig->rawLen;
-        info = (byte*)XMALLOC(infoLen, ech->hpke->heap,
-            DYNAMIC_TYPE_TMP_BUFFER);
-        if (info == NULL)
-            ret = MEMORY_E;
-
+    byte* info = NULL;
+    int infoLen = 0;
+    byte* aadCopy = NULL;
+    /* setup hpke context to seal, should be done at most once per connection */
+    if (ech->hpkeContext == NULL) {
+        /* import the server public key */
+        ret = wc_HpkeDeserializePublicKey(ech->hpke, &receiverPubkey,
+            ech->echConfig->receiverPubkey, ech->encLen);
+        if (ret == 0) {
+            /* allocate hpke context */
+            ech->hpkeContext =
+                (HpkeBaseContext*)XMALLOC(sizeof(HpkeBaseContext),
+                ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            if (ech->hpkeContext == NULL)
+                ret = MEMORY_E;
+        }
+        if (ret == 0) {
+            /* create info */
+            infoLen = TLS_INFO_CONST_STRING_SZ + 1 + ech->echConfig->rawLen;
+            info = (byte*)XMALLOC(infoLen, ech->hpke->heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+            if (info == NULL)
+                ret = MEMORY_E;
+        }
         if (ret == 0) {
             /* puts the null byte in for me */
-            XMEMCPY(info, (byte*)TLS_INFO_CONST_STRING, TLS_INFO_CONST_STRING_SZ
-                + 1);
-            XMEMCPY(info + TLS_INFO_CONST_STRING_SZ + 1, ech->echConfig->raw,
-                ech->echConfig->rawLen);
-
-            /* make a copy of the aad since we overwrite it */
-            aadCopy = (byte*)XMALLOC(aadLen, ech->hpke->heap,
-                DYNAMIC_TYPE_TMP_BUFFER);
-            if (aadCopy == NULL) {
-                XFREE(info, ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
-                ret = MEMORY_E;
-            }
-        }
-
-        if (ret == 0) {
-            XMEMCPY(aadCopy, aad, aadLen);
-
-            /* seal the payload */
-            ret = wc_HpkeSealBase(ech->hpke, ech->ephemeralKey, receiverPubkey,
-                info, (word32)infoLen, aadCopy, aadLen, ech->innerClientHello,
-                ech->innerClientHelloLen - ech->hpke->Nt,
-                ech->outerClientPayload);
-
-            XFREE(info, ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            XFREE(aadCopy, ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            XMEMCPY(info, (byte*)TLS_INFO_CONST_STRING,
+                TLS_INFO_CONST_STRING_SZ + 1);
+            XMEMCPY(info + TLS_INFO_CONST_STRING_SZ + 1,
+                ech->echConfig->raw, ech->echConfig->rawLen);
+            /* init the context for seal with info and keys */
+            ret = wc_HpkeInitSealContext(ech->hpke, ech->hpkeContext,
+                ech->ephemeralKey, receiverPubkey, info, infoLen);
         }
     }
-
+    if (ret == 0) {
+        /* make a copy of the aad since we overwrite it */
+        aadCopy = (byte*)XMALLOC(aadLen, ech->hpke->heap,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (aadCopy == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+    if (ret == 0) {
+        XMEMCPY(aadCopy, aad, aadLen);
+        /* seal the payload with context */
+        ret = wc_HpkeContextSealBase(ech->hpke, ech->hpkeContext, aadCopy,
+            aadLen, ech->innerClientHello,
+            ech->innerClientHelloLen - ech->hpke->Nt, ech->outerClientPayload);
+    }
+    if (info != NULL)
+        XFREE(info, ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (aadCopy != NULL)
+        XFREE(aadCopy, ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
     if (receiverPubkey != NULL)
         wc_HpkeFreeKey(ech->hpke, ech->hpke->kem, receiverPubkey,
             ech->hpke->heap);
-
     return ret;
 }
 
@@ -12388,6 +13578,26 @@ void TLSX_FreeAll(TLSX* list, void* heap)
                 WOLFSSL_MSG("Encrypt-Then-Mac extension free");
                 break;
 #endif
+
+#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+            case TLSX_PRE_SHARED_KEY:
+                WOLFSSL_MSG("Pre-Shared Key extension free");
+                PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
+                break;
+
+        #ifdef WOLFSSL_TLS13
+            case TLSX_PSK_KEY_EXCHANGE_MODES:
+                WOLFSSL_MSG("PSK Key Exchange Modes extension free");
+                break;
+        #endif
+    #endif
+
+            case TLSX_KEY_SHARE:
+                WOLFSSL_MSG("Key Share extension free");
+                KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
+                break;
+#endif
 #ifdef WOLFSSL_TLS13
             case TLSX_SUPPORTED_VERSIONS:
                 WOLFSSL_MSG("Supported Versions extension free");
@@ -12400,17 +13610,6 @@ void TLSX_FreeAll(TLSX* list, void* heap)
                 break;
     #endif
 
-    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-            case TLSX_PRE_SHARED_KEY:
-                WOLFSSL_MSG("Pre-Shared Key extension free");
-                PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
-                break;
-
-            case TLSX_PSK_KEY_EXCHANGE_MODES:
-                WOLFSSL_MSG("PSK Key Exchange Modes extension free");
-                break;
-    #endif
-
     #ifdef WOLFSSL_EARLY_DATA
             case TLSX_EARLY_DATA:
                 WOLFSSL_MSG("Early Data extension free");
@@ -12428,11 +13627,6 @@ void TLSX_FreeAll(TLSX* list, void* heap)
                 WOLFSSL_MSG("Signature Algorithms extension free");
                 break;
     #endif
-
-            case TLSX_KEY_SHARE:
-                WOLFSSL_MSG("Key Share extension free");
-                KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
-                break;
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
             case TLSX_CERTIFICATE_AUTHORITIES:
                 WOLFSSL_MSG("Certificate Authorities extension free");
@@ -12506,7 +13700,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
             continue; /* skip! */
 
         /* ssl level extensions are expected to override ctx level ones. */
-        if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
+        if (!IS_OFF(semaphore, TLSX_ToSemaphore((word16)extension->type)))
             continue; /* skip! */
 
         /* extension type + extension data length. */
@@ -12583,6 +13777,24 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
                 ret = ETM_GET_SIZE(msgType, &length);
                 break;
 #endif /* HAVE_ENCRYPT_THEN_MAC */
+
+#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+            case TLSX_PRE_SHARED_KEY:
+                ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType,
+                                                                       &length);
+                break;
+        #ifdef WOLFSSL_TLS13
+            case TLSX_PSK_KEY_EXCHANGE_MODES:
+                ret = PKM_GET_SIZE((byte)extension->val, msgType, &length);
+                break;
+        #endif
+    #endif
+            case TLSX_KEY_SHARE:
+                length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
+                break;
+#endif
+
 #ifdef WOLFSSL_TLS13
             case TLSX_SUPPORTED_VERSIONS:
                 ret = SV_GET_SIZE(extension->data, msgType, &length);
@@ -12594,17 +13806,6 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
                 break;
     #endif
 
-    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-            case TLSX_PRE_SHARED_KEY:
-                ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType,
-                                                                       &length);
-                break;
-
-            case TLSX_PSK_KEY_EXCHANGE_MODES:
-                ret = PKM_GET_SIZE((byte)extension->val, msgType, &length);
-                break;
-    #endif
-
     #ifdef WOLFSSL_EARLY_DATA
             case TLSX_EARLY_DATA:
                 ret = EDI_GET_SIZE(msgType, &length);
@@ -12623,9 +13824,6 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
                 break;
     #endif
 
-            case TLSX_KEY_SHARE:
-                length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType);
-                break;
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
             case TLSX_CERTIFICATE_AUTHORITIES:
                 length += CAN_GET_SIZE(extension->data);
@@ -12662,7 +13860,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
 #endif /* WOLFSSL_DTLS_CID */
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
             case TLSX_ECH:
-                length += ECH_GET_SIZE((WOLFSSL_ECH*)extension->data);
+                length += ECH_GET_SIZE((WOLFSSL_ECH*)extension->data, msgType);
                 break;
 #endif
             default:
@@ -12671,7 +13869,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
 
         /* marks the extension as processed so ctx level */
         /* extensions don't overlap with ssl level ones. */
-        TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
+        TURN_ON(semaphore, TLSX_ToSemaphore((word16)extension->type));
     }
 
     *pLength += length;
@@ -12698,11 +13896,11 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
             continue; /* skip! */
 
         /* ssl level extensions are expected to override ctx level ones. */
-        if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
+        if (!IS_OFF(semaphore, TLSX_ToSemaphore((word16)extension->type)))
             continue; /* skip! */
 
         /* writes extension type. */
-        c16toa(extension->type, output + offset);
+        c16toa((word16)extension->type, output + offset);
         offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
         length_offset = offset;
 
@@ -12807,20 +14005,8 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                 ret = ETM_WRITE(extension->data, output, msgType, &offset);
                 break;
 #endif /* HAVE_ENCRYPT_THEN_MAC */
-#ifdef WOLFSSL_TLS13
-            case TLSX_SUPPORTED_VERSIONS:
-                WOLFSSL_MSG("Supported Versions extension to write");
-                ret = SV_WRITE(extension->data, output + offset, msgType, &offset);
-                break;
-
-    #ifdef WOLFSSL_SEND_HRR_COOKIE
-            case TLSX_COOKIE:
-                WOLFSSL_MSG("Cookie extension to write");
-                ret = CKE_WRITE((Cookie*)extension->data, output + offset,
-                                msgType, &offset);
-                break;
-    #endif
 
+#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
     #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
             case TLSX_PRE_SHARED_KEY:
                 WOLFSSL_MSG("Pre-Shared Key extension to write");
@@ -12828,11 +14014,33 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                                                               msgType, &offset);
                 break;
 
+        #ifdef WOLFSSL_TLS13
             case TLSX_PSK_KEY_EXCHANGE_MODES:
                 WOLFSSL_MSG("PSK Key Exchange Modes extension to write");
                 ret = PKM_WRITE((byte)extension->val, output + offset, msgType,
                                                                        &offset);
                 break;
+        #endif
+    #endif
+            case TLSX_KEY_SHARE:
+                WOLFSSL_MSG("Key Share extension to write");
+                offset += KS_WRITE((KeyShareEntry*)extension->data,
+                                                      output + offset, msgType);
+                break;
+#endif
+#ifdef WOLFSSL_TLS13
+            case TLSX_SUPPORTED_VERSIONS:
+                WOLFSSL_MSG("Supported Versions extension to write");
+                ret = SV_WRITE(extension->data, output + offset, msgType,
+                                                                       &offset);
+                break;
+
+    #ifdef WOLFSSL_SEND_HRR_COOKIE
+            case TLSX_COOKIE:
+                WOLFSSL_MSG("Cookie extension to write");
+                ret = CKE_WRITE((Cookie*)extension->data, output + offset,
+                                msgType, &offset);
+                break;
     #endif
 
     #ifdef WOLFSSL_EARLY_DATA
@@ -12857,11 +14065,6 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                 break;
     #endif
 
-            case TLSX_KEY_SHARE:
-                WOLFSSL_MSG("Key Share extension to write");
-                offset += KS_WRITE((KeyShareEntry*)extension->data,
-                                                      output + offset, msgType);
-                break;
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
             case TLSX_CERTIFICATE_AUTHORITIES:
                 WOLFSSL_MSG("Certificate Authorities extension to write");
@@ -12907,7 +14110,7 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
             case TLSX_ECH:
                 WOLFSSL_MSG("ECH extension to write");
-                ret = ECH_WRITE((WOLFSSL_ECH*)extension->data,
+                ret = ECH_WRITE((WOLFSSL_ECH*)extension->data, msgType,
                     output + offset, &offset);
                 break;
 #endif
@@ -12920,7 +14123,7 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
 
         /* marks the extension as processed so ctx level */
         /* extensions don't overlap with ssl level ones. */
-        TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
+        TURN_ON(semaphore, TLSX_ToSemaphore((word16)extension->type));
 
         /* if we encountered an error propagate it */
         if (ret != 0)
@@ -13124,8 +14327,94 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
         #endif
 #endif
 
-#ifdef WOLFSSL_HAVE_KYBER
-#ifdef WOLFSSL_WC_KYBER
+#ifdef WOLFSSL_HAVE_MLKEM
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_MLKEM
+#ifndef WOLFSSL_NO_ML_KEM_512
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512,
+                                     ssl->heap);
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_512,
+                                     ssl->heap);
+    #endif
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_768,
+                                     ssl->heap);
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_768,
+                                     ssl->heap);
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_ML_KEM_768,
+                                     ssl->heap);
+    #endif
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_1024,
+                                     ssl->heap);
+#endif
+#elif defined(HAVE_LIBOQS)
+    ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_768,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_1024,
+                                     ssl->heap);
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_512,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_768,
+                                     ssl->heap);
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_ML_KEM_768,
+                                     ssl->heap);
+    #endif
+#endif /* HAVE_LIBOQS */
+#endif /* !WOLFSSL_NO_ML_KEM */
+#ifdef WOLFSSL_MLKEM_KYBER
+#ifdef WOLFSSL_WC_MLKEM
 #ifdef WOLFSSL_KYBER512
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1,
@@ -13133,6 +14422,11 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL1,
                                      ssl->heap);
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL1,
+                                     ssl->heap);
+    #endif
 #endif
 #ifdef WOLFSSL_KYBER768
     if (ret == WOLFSSL_SUCCESS)
@@ -13141,8 +14435,21 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3,
                                      ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL3,
+                                     ssl->heap);
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL3,
+                                     ssl->heap);
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_KYBER_LEVEL3,
+                                     ssl->heap);
+    #endif
 #endif
-#ifdef WOLFSSL_KYBER768
+#ifdef WOLFSSL_KYBER1024
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5,
                                      ssl->heap);
@@ -13164,13 +14471,28 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3,
                                      ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL3,
+                                     ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5,
                                      ssl->heap);
-#elif defined(HAVE_PQM4)
-    ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap);
+    #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL1,
+                                     ssl->heap);
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL3,
+                                     ssl->heap);
+    #endif
+    #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
+    if (ret == WOLFSSL_SUCCESS)
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_KYBER_LEVEL3,
+                                     ssl->heap);
+    #endif
 #endif /* HAVE_LIBOQS */
-#endif /* WOLFSSL_HAVE_KYBER */
+#endif /* WOLFSSL_MLKEM_KYBER */
+#endif /* WOLFSSL_HAVE_MLKEM */
 
     (void)ssl;
     (void)extensions;
@@ -13205,7 +14527,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
             return ret;
 #endif /* HAVE_RPK */
 
-#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
+#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) && \
+    !defined(WOLFSSL_NO_TLS12)
         if (!ssl->options.disallowEncThenMac) {
             ret = TLSX_EncryptThenMac_Use(ssl);
             if (ret != 0)
@@ -13378,11 +14701,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                 word64 now, milli;
             #endif
 
-                if (sess->ticketLen > MAX_PSK_ID_LEN) {
-                    WOLFSSL_MSG("Session ticket length for PSK ext is too large");
-                    return BUFFER_ERROR;
-                }
-
                 /* Determine the MAC algorithm for the cipher suite used. */
                 ssl->options.cipherSuite0 = sess->cipherSuite0;
                 ssl->options.cipherSuite  = sess->cipherSuite;
@@ -13503,7 +14821,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                         ssl->arrays->client_identity, MAX_PSK_ID_LEN,
                         ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName);
                     if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
-                                        &cipherSuite, &cipherSuiteFlags) != 0) {
+                            &cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) {
                         return PSK_KEY_ERROR;
                     }
                 }
@@ -13589,18 +14907,21 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
         #endif
 #if defined(HAVE_ECH)
             /* GREASE ECH */
-            if (ssl->echConfigs == NULL) {
-                ret = GREASE_ECH_USE(&(ssl->extensions), ssl->heap, ssl->rng);
-            }
-            else if (ssl->echConfigs != NULL) {
-                ret = ECH_USE(ssl->echConfigs, &(ssl->extensions), ssl->heap,
-                    ssl->rng);
+            if (!ssl->options.disableECH) {
+                if (ssl->echConfigs == NULL) {
+                    ret = GREASE_ECH_USE(&(ssl->extensions), ssl->heap,
+                            ssl->rng);
+                }
+                else if (ssl->echConfigs != NULL) {
+                    ret = ECH_USE(ssl->echConfigs, &(ssl->extensions),
+                            ssl->heap, ssl->rng);
+                }
             }
 #endif
         }
 #if defined(HAVE_ECH)
         else if (IsAtLeastTLSv1_3(ssl->version)) {
-            if (ssl->ctx->echConfigs != NULL) {
+            if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) {
                 ret = SERVER_ECH_USE(&(ssl->extensions), ssl->heap,
                     ssl->ctx->echConfigs);
 
@@ -13647,7 +14968,9 @@ static int TLSX_GetSizeWithEch(WOLFSSL* ssl, byte* semaphore, byte msgType,
         echX = TLSX_Find(ssl->ctx->extensions, TLSX_ECH);
 
     /* if type is outer change sni to public name */
-    if (echX != NULL && ((WOLFSSL_ECH*)echX->data)->type == ECH_TYPE_OUTER) {
+    if (echX != NULL && ((WOLFSSL_ECH*)echX->data)->type == ECH_TYPE_OUTER &&
+        (ssl->options.echAccepted ||
+        ((WOLFSSL_ECH*)echX->data)->innerCount == 0)) {
         if (ssl->extensions) {
             serverNameX = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
 
@@ -13790,7 +15113,8 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word32* pLength)
     }
     #endif
 #if defined(HAVE_ECH)
-    if (ssl->options.useEch == 1 && msgType == client_hello) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH
+            && msgType == client_hello) {
         ret = TLSX_GetSizeWithEch(ssl, semaphore, msgType, &length);
         if (ret != 0)
             return ret;
@@ -13853,7 +15177,9 @@ static int TLSX_WriteWithEch(WOLFSSL* ssl, byte* output, byte* semaphore,
     }
 
     /* if type is outer change sni to public name */
-    if (echX != NULL && ((WOLFSSL_ECH*)echX->data)->type == ECH_TYPE_OUTER) {
+    if (echX != NULL && ((WOLFSSL_ECH*)echX->data)->type == ECH_TYPE_OUTER &&
+        (ssl->options.echAccepted ||
+        ((WOLFSSL_ECH*)echX->data)->innerCount == 0)) {
         if (ssl->extensions) {
             serverNameX = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME);
 
@@ -13913,31 +15239,36 @@ static int TLSX_WriteWithEch(WOLFSSL* ssl, byte* output, byte* semaphore,
             msgType, pOffset);
     }
 
-    if (echX != NULL) {
-        /* turn off and write it last */
-        TURN_OFF(semaphore, TLSX_ToSemaphore(echX->type));
-    }
+    /* only write if have a shot at acceptance */
+    if (echX != NULL &&
+        (ssl->options.echAccepted ||
+        ((WOLFSSL_ECH*)echX->data)->innerCount == 0)) {
+        if (echX != NULL) {
+            /* turn off and write it last */
+            TURN_OFF(semaphore, TLSX_ToSemaphore(echX->type));
+        }
 
-    if (ret == 0 && ssl->extensions) {
-        ret = TLSX_Write(ssl->extensions, output + *pOffset, semaphore,
-            msgType, pOffset);
-    }
+        if (ret == 0 && ssl->extensions) {
+            ret = TLSX_Write(ssl->extensions, output + *pOffset, semaphore,
+                msgType, pOffset);
+        }
 
-    if (ret == 0 && ssl->ctx && ssl->ctx->extensions) {
-        ret = TLSX_Write(ssl->ctx->extensions, output + *pOffset, semaphore,
-            msgType, pOffset);
-    }
+        if (ret == 0 && ssl->ctx && ssl->ctx->extensions) {
+            ret = TLSX_Write(ssl->ctx->extensions, output + *pOffset, semaphore,
+                msgType, pOffset);
+        }
 
-    if (serverNameX != NULL) {
-        /* remove the public name SNI */
-        TLSX_Remove(extensions, TLSX_SERVER_NAME, ssl->heap);
+        if (serverNameX != NULL) {
+            /* remove the public name SNI */
+            TLSX_Remove(extensions, TLSX_SERVER_NAME, ssl->heap);
 
-        ret = TLSX_UseSNI(extensions, WOLFSSL_SNI_HOST_NAME, tmpServerName,
-            XSTRLEN(tmpServerName), ssl->heap);
+            ret = TLSX_UseSNI(extensions, WOLFSSL_SNI_HOST_NAME, tmpServerName,
+                XSTRLEN(tmpServerName), ssl->heap);
 
-        /* restore the inner server name */
-        if (ret == WOLFSSL_SUCCESS)
-            ret = 0;
+            /* restore the inner server name */
+            if (ret == WOLFSSL_SUCCESS)
+                ret = 0;
+        }
     }
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -14035,7 +15366,8 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word32* pOffset)
     #endif
 #endif
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
-    if (ssl->options.useEch == 1 && msgType == client_hello) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH
+            && msgType == client_hello) {
         ret = TLSX_WriteWithEch(ssl, output, semaphore,
                          msgType, &offset);
         if (ret != 0)
@@ -14121,9 +15453,6 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
                 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
                     TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
                 #endif
-                #ifdef WOLFSSL_DTLS_CID
-                    TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
-                #endif
                 }
             #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
                 else {
@@ -14135,6 +15464,9 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
                 #endif
                 }
             #endif
+            #ifdef WOLFSSL_DTLS_CID
+                TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
+            #endif
         #endif /* WOLFSSL_TLS13 */
             break;
 
@@ -14154,6 +15486,10 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
         #ifdef WOLFSSL_SEND_HRR_COOKIE
             TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
         #endif
+#ifdef HAVE_ECH
+            /* send the special confirmation */
+            TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_ECH));
+#endif
             break;
     #endif
 
@@ -14248,7 +15584,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
 #ifndef NO_WOLFSSL_SERVER
             case server_hello:
                 PF_VALIDATE_RESPONSE(ssl, semaphore);
-    #ifdef WOLFSSL_TLS13
+        #ifdef WOLFSSL_TLS13
                 if (IsAtLeastTLSv1_3(ssl->version)) {
                     XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
                     TURN_OFF(semaphore,
@@ -14265,21 +15601,23 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
             #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
                     TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
             #endif
-            #ifdef WOLFSSL_DTLS_CID
-                    TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
-            #endif /* WOLFSSL_DTLS_CID */
                 }
+                else
+        #endif /* WOLFSSL_TLS13 */
+                {
         #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
-                else {
             #ifdef HAVE_SUPPORTED_CURVES
                     TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
             #endif
             #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
                     TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
             #endif
-                }
         #endif
-    #endif
+                    WC_DO_NOTHING; /* avoid empty brackets */
+                }
+        #ifdef WOLFSSL_DTLS_CID
+                TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
+        #endif /* WOLFSSL_DTLS_CID */
                 break;
 
     #ifdef WOLFSSL_TLS13
@@ -14295,6 +15633,10 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
                     TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
                 }
         #endif
+#ifdef HAVE_ECH
+                /* send the special confirmation */
+                TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_ECH));
+#endif
                 /* Cookie is written below as last extension. */
                 break;
     #endif
@@ -14506,9 +15848,9 @@ static word16 TLSX_GetMinSize_Client(word16* type)
             return 0;
     }
 }
-    #define TLSX_GET_MIN_SIZE_CLIENT TLSX_GetMinSize_Client
+    #define TLSX_GET_MIN_SIZE_CLIENT(type) TLSX_GetMinSize_Client(type)
 #else
-    #define TLSX_GET_MIN_SIZE_CLIENT(...) 0
+    #define TLSX_GET_MIN_SIZE_CLIENT(type) 0
 #endif
 
 
@@ -14575,9 +15917,9 @@ static word16 TLSX_GetMinSize_Server(const word16 *type)
             return 0;
     }
 }
-    #define TLSX_GET_MIN_SIZE_SERVER TLSX_GetMinSize_Server
+    #define TLSX_GET_MIN_SIZE_SERVER(type) TLSX_GetMinSize_Server(type)
 #else
-    #define TLSX_GET_MIN_SIZE_SERVER(...) 0
+    #define TLSX_GET_MIN_SIZE_SERVER(type) 0
 #endif
 
 
@@ -14782,9 +16124,8 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
 #ifdef WOLFSSL_DUAL_ALG_CERTS
             case TLSX_CKS:
                 WOLFSSL_MSG("CKS extension received");
-                if (!IsAtLeastTLSv1_3(ssl->version) ||
-                    (msgType != client_hello &&
-                     msgType != encrypted_extensions)) {
+                if (msgType != client_hello &&
+                     msgType != encrypted_extensions) {
                         WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED);
                         return EXT_NOT_ALLOWED;
                 }
@@ -15185,10 +16526,6 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
 #endif /* WOLFSSL_QUIC */
 #if defined(WOLFSSL_DTLS_CID)
             case TLSX_CONNECTION_ID:
-                /* connection ID not supported in DTLSv1.2 */
-                if (!IsAtLeastTLSv1_3(ssl->version))
-                    break;
-
                 if (msgType != client_hello && msgType != server_hello)
                     return EXT_NOT_ALLOWED;
 
@@ -15277,7 +16614,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
         #elif defined(WOLFSSL_ALLOW_TLSV10)
             InitSSL_Method(method, MakeTLSv1());
         #else
-            #error No TLS version enabled!
+        #error No TLS version enabled! Consider using NO_TLS or WOLFCRYPT_ONLY.
         #endif
 
             method->downgrade = 1;
@@ -15604,6 +16941,26 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
         return m;
     }
     #endif /* !WOLFSSL_NO_TLS12 */
+    #ifdef WOLFSSL_DTLS13
+    WOLFSSL_METHOD* wolfDTLSv1_3_method(void)
+    {
+        return wolfDTLSv1_3_method_ex(NULL);
+    }
+    WOLFSSL_METHOD* wolfDTLSv1_3_method_ex(void* heap)
+    {
+        WOLFSSL_METHOD* m;
+        WOLFSSL_ENTER("DTLSv1_3_method");
+    #ifndef NO_WOLFSSL_CLIENT
+        m = wolfDTLSv1_3_client_method_ex(heap);
+    #else
+        m = wolfDTLSv1_3_server_method_ex(heap);
+    #endif
+        if (m != NULL) {
+            m->side = WOLFSSL_NEITHER_END;
+        }
+        return m;
+    }
+    #endif /* WOLFSSL_DTLS13 */
 #endif /* WOLFSSL_DTLS */
 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
 
@@ -15632,7 +16989,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
         #elif defined(WOLFSSL_ALLOW_TLSV10)
             InitSSL_Method(method, MakeTLSv1());
         #else
-            #error No TLS version enabled!
+        #error No TLS version enabled! Consider using NO_TLS or WOLFCRYPT_ONLY.
         #endif
 
             method->downgrade = 1;
diff --git a/src/tls13.c b/src/tls13.c
index 55c9fabe5..a44a41f01 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -1,6 +1,6 @@
 /* tls13.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /*
  * BUILD_GCM
@@ -88,16 +89,7 @@
  *    Default behavior is to return a signed 64-bit value.
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef WOLFSSL_TLS13
-#ifdef HAVE_SESSION_TICKET
-    #include <wolfssl/wolfcrypt/wc_port.h>
-#endif
+#if !defined(NO_TLS) && defined(WOLFSSL_TLS13)
 
 #ifndef WOLFCRYPT_ONLY
 
@@ -180,11 +172,14 @@ static const byte dtls13ProtocolLabel[DTLS13_PROTOCOL_LABEL_SZ + 1] = "dtls13";
 #endif /* WOLFSSL_DTLS13 */
 
 #if defined(HAVE_ECH)
-#define ECH_ACCEPT_CONFIRMATION_SZ 8
 #define ECH_ACCEPT_CONFIRMATION_LABEL_SZ 23
+#define ECH_HRR_ACCEPT_CONFIRMATION_LABEL_SZ 27
 static const byte
     echAcceptConfirmationLabel[ECH_ACCEPT_CONFIRMATION_LABEL_SZ + 1] =
     "ech accept confirmation";
+static const byte
+    echHrrAcceptConfirmationLabel[ECH_HRR_ACCEPT_CONFIRMATION_LABEL_SZ + 1] =
+    "hrr ech accept confirmation";
 #endif
 
 #ifndef NO_CERTS
@@ -221,7 +216,7 @@ static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
 #endif
     (void)ssl;
     PRIVATE_KEY_UNLOCK();
-#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
     ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
                                      protocol, protocolLen,
                                      label, labelLen,
@@ -261,7 +256,7 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
         return ret;
 #endif
 
-#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
     ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
                                       protocol, protocolLen,
                                       label, labelLen,
@@ -1024,7 +1019,7 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
     ret = Tls13HKDFExpandLabel(ssl, firstExpand, hashLen,
             ssl->arrays->exporterSecret, hashLen,
             protocol, protocolLen, (byte*)label, (word32)labelLen,
-            emptyHash, hashLen, hashType);
+            emptyHash, hashLen, (int)hashType);
     if (ret != 0)
         return ret;
 
@@ -1035,7 +1030,7 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
 
     ret = Tls13HKDFExpandLabel(ssl, out, (word32)outLen, firstExpand, hashLen,
             protocol, protocolLen, exporterLabel, EXPORTER_LABEL_SZ,
-            hashOut, hashLen, hashType);
+            hashOut, hashLen, (int)hashType);
 
     return ret;
 }
@@ -1137,7 +1132,7 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt,
 #endif
     {
     #if !defined(HAVE_FIPS) || \
-        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
         ret = wc_Tls13_HKDF_Extract_ex(prk, salt, (word32)saltLen, ikm, (word32)ikmLen, digest,
             ssl->heap, ssl->devId);
     #else
@@ -2413,6 +2408,9 @@ static WC_INLINE void WriteSEQTls13(WOLFSSL* ssl, int verifyOrder, byte* out)
         if (seq[1] > ssl->keys.sequence_number_lo)
             ssl->keys.sequence_number_hi++;
     }
+#ifdef WOLFSSL_DEBUG_TLS
+    WOLFSSL_MSG_EX("TLS 1.3 Write Sequence %d %d", seq[0], seq[1]);
+#endif
 
     c32toa(seq[0], out);
     c32toa(seq[1], out + OPAQUE32_LEN);
@@ -2428,14 +2426,11 @@ static WC_INLINE void WriteSEQTls13(WOLFSSL* ssl, int verifyOrder, byte* out)
 static WC_INLINE void BuildTls13Nonce(WOLFSSL* ssl, byte* nonce, const byte* iv,
                                    int order)
 {
-    int  i;
-
+    int seq_offset = AEAD_NONCE_SZ - SEQ_SZ;
     /* The nonce is the IV with the sequence XORed into the last bytes. */
-    WriteSEQTls13(ssl, order, nonce + AEAD_NONCE_SZ - SEQ_SZ);
-    for (i = 0; i < AEAD_NONCE_SZ - SEQ_SZ; i++)
-        nonce[i] = iv[i];
-    for (; i < AEAD_NONCE_SZ; i++)
-        nonce[i] ^= iv[i];
+    WriteSEQTls13(ssl, order, nonce + seq_offset);
+    XMEMCPY(nonce, iv, seq_offset);
+    xorbuf(nonce + seq_offset, iv + seq_offset, SEQ_SZ);
 }
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
@@ -2534,7 +2529,6 @@ static int Tls13IntegrityOnly_Encrypt(WOLFSSL* ssl, byte* output,
     /* Copy the input to output if not the same buffer */
     if (ret == 0 && output != input)
         XMEMCPY(output, input, sz);
-
     return ret;
 }
 #endif
@@ -2930,7 +2924,6 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output,
     /* Copy the input to output if not the same buffer */
     if (ret == 0 && output != input)
         XMEMCPY(output, input, sz);
-
     return ret;
 }
 #endif
@@ -3199,6 +3192,7 @@ typedef struct BuildMsg13Args {
     word32 idx;
     word32 headerSz;
     word16 size;
+    word32 paddingSz;
 } BuildMsg13Args;
 
 static void FreeBuildMsg13Args(WOLFSSL* ssl, void* pArgs)
@@ -3304,7 +3298,14 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             args->sz++;
             /* Authentication data at the end. */
             args->sz += ssl->specs.aead_mac_size;
-
+#ifdef WOLFSSL_DTLS13
+            /* Pad to minimum length */
+            if (ssl->options.dtls &&
+                    args->sz < (word32)Dtls13MinimumRecordLength(ssl)) {
+                args->paddingSz = Dtls13MinimumRecordLength(ssl) - args->sz;
+                args->sz = Dtls13MinimumRecordLength(ssl);
+            }
+#endif
             if (sizeOnly)
                 return (int)args->sz;
 
@@ -3348,6 +3349,9 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 
             /* The real record content type goes at the end of the data. */
             output[args->idx++] = (byte)type;
+            /* Double check that any necessary padding is zero'd out */
+            XMEMSET(output + args->idx, 0, args->paddingSz);
+            args->idx += args->paddingSz;
 
             ssl->options.buildMsgState = BUILD_MSG_ENCRYPT;
         }
@@ -3393,7 +3397,8 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
 #ifdef WOLFSSL_DTLS13
                 if (ret == 0 && ssl->options.dtls) {
                     /* AAD points to the header. Reuse the variable  */
-                    ret = Dtls13EncryptRecordNumber(ssl, (byte*)aad, (word16)args->sz);
+                    ret = Dtls13EncryptRecordNumber(ssl, (byte*)aad,
+                                                    (word16)args->sz);
                 }
 #endif /* WOLFSSL_DTLS13 */
             }
@@ -3600,7 +3605,7 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
     macSz = WC_SHA256_DIGEST_SIZE;
 #endif /* NO_SHA256 */
 
-    ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID);
+    ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId);
     if (ret == 0) {
         ret = wc_HmacSetKey(&cookieHmac, cookieType,
                             ssl->buffers.tls13CookieSecret.buffer,
@@ -3611,6 +3616,7 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
 #ifdef WOLFSSL_DTLS13
     /* Tie cookie to peer address */
     if (ret == 0) {
+        /* peerLock not necessary. Still in handshake phase. */
         if (ssl->options.dtls && ssl->buffers.dtlsCtx.peer.sz > 0) {
             ret = wc_HmacUpdate(&cookieHmac,
                 (byte*)ssl->buffers.dtlsCtx.peer.sa,
@@ -3940,7 +3946,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello)
                     MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN,
                     &cipherName);
             if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
-                                       &cipherSuite, &cipherSuiteFlags) != 0) {
+                            &cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) {
                 WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
                 return PSK_KEY_ERROR;
             }
@@ -4008,6 +4014,10 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
 
     WOLFSSL_ENTER("WritePSKBinders");
 
+    if (idx > WOLFSSL_MAX_16BIT) {
+        return INPUT_SIZE_E;
+    }
+
     ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
     if (ext == NULL)
         return SANITY_MSG_E;
@@ -4023,7 +4033,7 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
 #ifdef WOLFSSL_DTLS13
     if (ssl->options.dtls)
         ret = Dtls13HashHandshake(ssl, output + Dtls13GetRlHeaderLength(ssl, 0),
-            idx - Dtls13GetRlHeaderLength(ssl, 0));
+                                 (word16)idx - Dtls13GetRlHeaderLength(ssl, 0));
     else
 #endif /* WOLFSSL_DTLS13 */
         ret = HashOutput(ssl, output, (int)idx, 0);
@@ -4145,41 +4155,68 @@ int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config)
             return i;
     }
 
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 /* returns status after we hash the ech inner */
 static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech)
 {
-    int ret;
+    int ret = 0;
+    word32 realSz;
     HS_Hashes* tmpHashes;
+#ifdef WOLFSSL_DTLS13
+    byte falseHeader[DTLS13_HANDSHAKE_HEADER_SZ];
+#else
     byte falseHeader[HANDSHAKE_HEADER_SZ];
+#endif
 
     if (ssl == NULL || ech == NULL)
         return BAD_FUNC_ARG;
-
-    /* switch hsHashes to the ech version */
-    InitHandshakeHashesAndCopy(ssl, ssl->hsHashes, &ssl->hsHashesEch);
-
-    /* swap hsHashes so the regular hash functions work */
+    realSz = ech->innerClientHelloLen - ech->paddingLen - ech->hpke->Nt;
     tmpHashes = ssl->hsHashes;
-    ssl->hsHashes = ssl->hsHashesEch;
-
-    /* do the handshake header then the body */
-    AddTls13HandShakeHeader(falseHeader,
-        ech->innerClientHelloLen - ech->paddingLen - ech->hpke->Nt, 0, 0,
-        client_hello, ssl);
-    ret = HashRaw(ssl, falseHeader, HANDSHAKE_HEADER_SZ);
-
-    /* hash the body */
+    ssl->hsHashes = NULL;
+    /* init the ech hashes */
+    ret = InitHandshakeHashes(ssl);
     if (ret == 0) {
-        ret = HashRaw(ssl, ech->innerClientHello,
-              (int)(ech->innerClientHelloLen - ech->paddingLen - ech->hpke->Nt));
-    }
+        ssl->hsHashesEch = ssl->hsHashes;
+        /* do the handshake header then the body */
+        AddTls13HandShakeHeader(falseHeader, realSz, 0, 0, client_hello, ssl);
+        ret = HashRaw(ssl, falseHeader, HANDSHAKE_HEADER_SZ);
+        /* hash with inner */
+        if (ret == 0) {
+            /* init hsHashesEchInner */
+            if (ech->innerCount == 0) {
+                ssl->hsHashes = ssl->hsHashesEchInner;
+                ret = InitHandshakeHashes(ssl);
+                if (ret == 0) {
+                    ssl->hsHashesEchInner = ssl->hsHashes;
+                    ech->innerCount = 1;
+                }
+            }
+            else {
+                /* switch back to hsHashes so we have hrr -> echInner2 */
+                ssl->hsHashes = tmpHashes;
+                ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashes,
+                                                 &ssl->hsHashesEchInner);
+            }
 
+            if (ret == 0) {
+                ssl->hsHashes = ssl->hsHashesEchInner;
+                ret = HashRaw(ssl, falseHeader, HANDSHAKE_HEADER_SZ);
+                ssl->hsHashes = ssl->hsHashesEch;
+            }
+        }
+    }
+    /* hash the body */
+    if (ret == 0)
+        ret = HashRaw(ssl, ech->innerClientHello, realSz);
+    /* hash with inner */
+    if (ret == 0) {
+        ssl->hsHashes = ssl->hsHashesEchInner;
+        ret = HashRaw(ssl, ech->innerClientHello, realSz);
+    }
     /* swap hsHashes back */
     ssl->hsHashes = tmpHashes;
-
     return ret;
 }
 #endif
@@ -4415,32 +4452,35 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 
     /* find length of outer and inner */
 #if defined(HAVE_ECH)
-    if (ssl->options.useEch == 1) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH) {
         TLSX* echX = TLSX_Find(ssl->extensions, TLSX_ECH);
         if (echX == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 
         args->ech = (WOLFSSL_ECH*)echX->data;
         if (args->ech == NULL)
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
 
-        /* set the type to inner */
-        args->ech->type = ECH_TYPE_INNER;
-        args->preXLength = (int)args->length;
+        /* only prepare if we have a chance at acceptance */
+        if (ssl->options.echAccepted || args->ech->innerCount == 0) {
+            /* set the type to inner */
+            args->ech->type = ECH_TYPE_INNER;
+            args->preXLength = (int)args->length;
 
-        /* get size for inner */
-        ret = TLSX_GetRequestSize(ssl, client_hello, &args->length);
-        if (ret != 0)
-            return ret;
+            /* get size for inner */
+            ret = TLSX_GetRequestSize(ssl, client_hello, &args->length);
+            if (ret != 0)
+                return ret;
 
-        /* set the type to outer */
-        args->ech->type = 0;
-        /* set innerClientHelloLen to ClientHelloInner + padding + tag */
-        args->ech->paddingLen = 31 - ((args->length - 1) % 32);
-        args->ech->innerClientHelloLen = (word16)(args->length +
-            args->ech->paddingLen + args->ech->hpke->Nt);
-        /* set the length back to before we computed ClientHelloInner size */
-        args->length = (word32)args->preXLength;
+            /* set the type to outer */
+            args->ech->type = 0;
+            /* set innerClientHelloLen to ClientHelloInner + padding + tag */
+            args->ech->paddingLen = 31 - ((args->length - 1) % 32);
+            args->ech->innerClientHelloLen = (word16)(args->length +
+                args->ech->paddingLen + args->ech->hpke->Nt);
+            /* set the length back to before we computed ClientHelloInner size */
+            args->length = (word32)args->preXLength;
+        }
     }
 #endif
 
@@ -4455,8 +4495,17 @@ int SendTls13ClientHello(WOLFSSL* ssl)
         if (ret != 0)
             return ret;
 
+        /* Total message size. */
+        args->sendSz =
+                (int)(args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ);
+
+#ifdef WOLFSSL_DTLS13
+        if (ssl->options.dtls)
+            args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
+#endif /* WOLFSSL_DTLS13 */
+
 #ifdef WOLFSSL_DTLS_CH_FRAG
-        if (ssl->options.dtls && args->length > maxFrag &&
+        if (ssl->options.dtls && args->sendSz > maxFrag &&
                 TLSX_Find(ssl->extensions, TLSX_COOKIE) == NULL) {
             /* Try again with an empty key share if we would be fragmenting
              * without a cookie */
@@ -4467,7 +4516,9 @@ int SendTls13ClientHello(WOLFSSL* ssl)
             ret = TLSX_GetRequestSize(ssl, client_hello, &args->length);
             if (ret != 0)
                 return ret;
-            if (args->length > maxFrag) {
+            args->sendSz = (int)(args->length +
+                    DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ);
+            if (args->sendSz > maxFrag) {
                 WOLFSSL_MSG("Can't fit first CH in one fragment.");
                 return BUFFER_ERROR;
             }
@@ -4476,14 +4527,6 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 #endif
     }
 
-    /* Total message size. */
-    args->sendSz = (int)(args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ);
-
-#ifdef WOLFSSL_DTLS13
-    if (ssl->options.dtls)
-        args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
-#endif /* WOLFSSL_DTLS13 */
-
     /* Check buffers are big enough and grow if needed. */
     if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0)
         return ret;
@@ -4563,42 +4606,41 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 
 #if defined(HAVE_ECH)
     /* write inner then outer */
-    if (ssl->options.useEch == 1) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH &&
+        (ssl->options.echAccepted || args->ech->innerCount == 0)) {
         /* set the type to inner */
         args->ech->type = ECH_TYPE_INNER;
-
+        /* innerClientHello may already exist from hrr, free if it does */
+        if (args->ech->innerClientHello != NULL) {
+            XFREE(args->ech->innerClientHello, ssl->heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+        }
         /* allocate the inner */
         args->ech->innerClientHello =
             (byte*)XMALLOC(args->ech->innerClientHelloLen - args->ech->hpke->Nt,
             ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (args->ech->innerClientHello == NULL)
             return MEMORY_E;
-
         /* set the padding bytes to 0 */
         XMEMSET(args->ech->innerClientHello + args->ech->innerClientHelloLen -
             args->ech->hpke->Nt - args->ech->paddingLen, 0,
             args->ech->paddingLen);
-
         /* copy the client hello to the ech innerClientHello, exclude record */
         /* and handshake headers */
         XMEMCPY(args->ech->innerClientHello,
             args->output + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ,
             args->idx - (RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ));
-
         /* copy the client random to inner */
         XMEMCPY(ssl->arrays->clientRandomInner, ssl->arrays->clientRandom,
             RAN_LEN);
-
         /* change the outer client random */
         ret = wc_RNG_GenerateBlock(ssl->rng, args->output +
             args->clientRandomOffset, RAN_LEN);
         if (ret != 0)
             return ret;
-
         /* copy the new client random */
         XMEMCPY(ssl->arrays->clientRandom, args->output +
             args->clientRandomOffset, RAN_LEN);
-
         /* write the extensions for inner */
         args->length = 0;
         ret = TLSX_WriteRequest(ssl, args->ech->innerClientHello + args->idx -
@@ -4606,7 +4648,6 @@ int SendTls13ClientHello(WOLFSSL* ssl)
             &args->length);
         if (ret != 0)
             return ret;
-
         /* set the type to outer */
         args->ech->type = 0;
     }
@@ -4623,7 +4664,8 @@ int SendTls13ClientHello(WOLFSSL* ssl)
 
 #if defined(HAVE_ECH)
     /* encrypt and pack the ech innerClientHello */
-    if (ssl->options.useEch == 1) {
+    if (ssl->options.useEch == 1 && !ssl->options.disableECH &&
+        (ssl->options.echAccepted || args->ech->innerCount == 0)) {
         ret = TLSX_FinalizeEch(args->ech,
             args->output + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ,
             (word32)(args->sendSz - (RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ)));
@@ -4653,11 +4695,10 @@ int SendTls13ClientHello(WOLFSSL* ssl)
         {
 #if defined(HAVE_ECH)
             /* compute the inner hash */
-            if (ssl->options.useEch == 1) {
+            if (ssl->options.useEch == 1 && !ssl->options.disableECH &&
+                (ssl->options.echAccepted || args->ech->innerCount == 0))
                 ret = EchHashHelloInner(ssl, args->ech);
-            }
 #endif
-
             /* compute the outer hash */
             if (ret == 0)
                 ret = HashOutput(ssl, args->output, (int)args->idx, 0);
@@ -4748,15 +4789,15 @@ static int Dtls13ClientDoDowngrade(WOLFSSL* ssl)
 #endif /* WOLFSSL_DTLS13 && !WOLFSSL_NO_CLIENT*/
 
 #if defined(HAVE_ECH)
-/* check if the server accepted ech or not */
-static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
-    int serverRandomOffset, int helloSz)
+/* check if the server accepted ech or not, must be run after an hsHashes
+ * restart */
+static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
+    const byte* input, int acceptOffset, int helloSz)
 {
     int ret = 0;
     int digestType = 0;
     int digestSize = 0;
     HS_Hashes* tmpHashes;
-    HS_Hashes* acceptHashes;
     byte zeros[WC_MAX_DIGEST_SIZE];
     byte transcriptEchConf[WC_MAX_DIGEST_SIZE];
     byte expandLabelPrk[WC_MAX_DIGEST_SIZE];
@@ -4765,22 +4806,20 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
     XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf));
     XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk));
     XMEMSET(acceptConfirmation, 0, sizeof(acceptConfirmation));
-    /* copy ech hashes to accept */
-    ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes);
-    /* swap hsHashes to acceptHashes */
+    /* store so we can restore regardless of the outcome */
     tmpHashes = ssl->hsHashes;
-    ssl->hsHashes = acceptHashes;
+    /* swap hsHashes to hsHashesEch */
+    ssl->hsHashes = ssl->hsHashesEch;
     /* hash up to the last 8 bytes */
-    if (ret == 0)
-        ret = HashRaw(ssl, input, serverRandomOffset + RAN_LEN -
-            ECH_ACCEPT_CONFIRMATION_SZ);
+    ret = HashRaw(ssl, input, acceptOffset);
     /* hash 8 zeros */
     if (ret == 0)
         ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ);
     /* hash the rest of the hello */
     if (ret == 0) {
-        ret = HashRaw(ssl, input + serverRandomOffset + RAN_LEN,
-            helloSz + HANDSHAKE_HEADER_SZ - (serverRandomOffset + RAN_LEN));
+        ret = HashRaw(ssl, input + acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ,
+            helloSz + HANDSHAKE_HEADER_SZ -
+            (acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ));
     }
     /* get the modified transcript hash */
     if (ret == 0)
@@ -4815,7 +4854,7 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
                 break;
 #endif /* WOLFSSL_SM3 */
             default:
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 break;
         }
     }
@@ -4823,7 +4862,7 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
     #if !defined(HAVE_FIPS) || \
-        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
         ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize,
             ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk,
             ssl->heap, ssl->devId);
@@ -4836,97 +4875,83 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
     /* tls expand with the confirmation label */
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
-        ret = Tls13HKDFExpandKeyLabel(ssl,
-            acceptConfirmation, ECH_ACCEPT_CONFIRMATION_SZ,
-            expandLabelPrk, (word32)digestSize,
-            tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ,
-            echAcceptConfirmationLabel, ECH_ACCEPT_CONFIRMATION_LABEL_SZ,
-            transcriptEchConf, (word32)digestSize, digestType, WOLFSSL_SERVER_END);
+        ret = Tls13HKDFExpandKeyLabel(ssl, acceptConfirmation,
+            ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, (word32)digestSize,
+            tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, label, labelSz,
+            transcriptEchConf, (word32)digestSize, digestType,
+            WOLFSSL_SERVER_END);
         PRIVATE_KEY_LOCK();
     }
     if (ret == 0) {
         /* last 8 bytes should match our expand output */
-        ret = XMEMCMP(acceptConfirmation,
-            ssl->arrays->serverRandom + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ,
+        ret = XMEMCMP(acceptConfirmation, input + acceptOffset,
             ECH_ACCEPT_CONFIRMATION_SZ);
         /* ech accepted */
         if (ret == 0) {
-            /* use the inner random for client random */
-            XMEMCPY(ssl->arrays->clientRandom, ssl->arrays->clientRandomInner,
-              RAN_LEN);
-            /* switch back to original hsHashes to free */
+            /* set echAccepted to 1 */
+            ssl->options.echAccepted = 1;
+            /* free hsHashes and go with inner */
             ssl->hsHashes = tmpHashes;
-            /* set the final hsHashes to the ech hashes */
-            tmpHashes = ssl->hsHashesEch;
+            FreeHandshakeHashes(ssl);
+            ssl->hsHashes = ssl->hsHashesEch;
+            tmpHashes = ssl->hsHashesEchInner;
+            ssl->hsHashesEchInner = NULL;
         }
         /* ech rejected */
         else {
-            /* switch to hsHashesEch to free */
-            ssl->hsHashes = ssl->hsHashesEch;
+            /* set echAccepted to 0, needed in case HRR */
+            ssl->options.echAccepted = 0;
+            /* free inner since we're continuing with outer */
+            ssl->hsHashes = ssl->hsHashesEchInner;
+            FreeHandshakeHashes(ssl);
+            ssl->hsHashesEchInner = NULL;
         }
-        /* free hsHashes */
-        FreeHandshakeHashes(ssl);
-        /* set hsHashesEch to NULL to avoid double free */
-        ssl->hsHashesEch = NULL;
         /* continue with outer if we failed to verify ech was accepted */
         ret = 0;
     }
-    /* switch to acceptHashes */
-    ssl->hsHashes = acceptHashes;
-    /* free acceptHashes */
     FreeHandshakeHashes(ssl);
-    /* swap to tmp, will ech if accepted, hsHashes if rejected */
+    /* set hsHashesEch to NULL to avoid double free */
+    ssl->hsHashesEch = NULL;
+    /* swap to tmp, will be inner if accepted, hsHashes if rejected */
     ssl->hsHashes = tmpHashes;
     return ret;
 }
 
-/* replace the last 8 bytes of the server random with the ech acceptance
- * parameter, return status */
-static int EchWriteAcceptance(WOLFSSL* ssl, byte* output,
-  int serverRandomOffset, int helloSz)
+/* replace the last acceptance field for either sever hello or hrr with the ech
+ * acceptance parameter, return status */
+static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
+    byte* output, int acceptOffset, int helloSz, byte msgType)
 {
     int ret = 0;
     int digestType = 0;
     int digestSize = 0;
     HS_Hashes* tmpHashes = NULL;
-    HS_Hashes* acceptHashes = NULL;
     byte zeros[WC_MAX_DIGEST_SIZE];
     byte transcriptEchConf[WC_MAX_DIGEST_SIZE];
     byte expandLabelPrk[WC_MAX_DIGEST_SIZE];
     XMEMSET(zeros, 0, sizeof(zeros));
     XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf));
     XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk));
-
-    /* copy ech hashes to accept */
-    ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashes, &acceptHashes);
-
-    /* swap hsHashes to acceptHashes */
+    /* store so we can restore regardless of the outcome */
     tmpHashes = ssl->hsHashes;
-    ssl->hsHashes = acceptHashes;
-
-    /* hash up to the last 8 bytes */
-    if (ret == 0)
-        ret = HashRaw(ssl, output, serverRandomOffset + RAN_LEN -
-            ECH_ACCEPT_CONFIRMATION_SZ);
-
+    ssl->hsHashes = ssl->hsHashesEch;
+    /* hash up to the acceptOffset */
+    ret = HashRaw(ssl, output, acceptOffset);
     /* hash 8 zeros */
     if (ret == 0)
-        ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ);
-
+       ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ);
     /* hash the rest of the hello */
-    if (ret == 0)
-        ret = HashRaw(ssl, output + serverRandomOffset + RAN_LEN,
-            helloSz - (serverRandomOffset + RAN_LEN));
-
+    if (ret == 0) {
+        ret = HashRaw(ssl, output + acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ,
+            helloSz - (acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ));
+    }
     /* get the modified transcript hash */
     if (ret == 0)
         ret = GetMsgHash(ssl, transcriptEchConf);
-
     if (ret > 0)
         ret = 0;
-
     /* pick the right type and size based on mac_algorithm */
-    if (ret == 0)
+    if (ret == 0) {
         switch (ssl->specs.mac_algorithm) {
 #ifndef NO_SHA256
             case sha256_mac:
@@ -4953,15 +4978,15 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output,
                 break;
 #endif /* WOLFSSL_SM3 */
             default:
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 break;
         }
-
+    }
     /* extract clientRandom with a key of all zeros */
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
     #if !defined(HAVE_FIPS) || \
-        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
+        (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
         ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize,
             ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk,
             ssl->heap, ssl->devId);
@@ -4971,29 +4996,23 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output,
     #endif
         PRIVATE_KEY_LOCK();
     }
-
     /* tls expand with the confirmation label */
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
-        ret = Tls13HKDFExpandKeyLabel(ssl,
-            output + serverRandomOffset + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ,
-                ECH_ACCEPT_CONFIRMATION_SZ,
-            expandLabelPrk, (word32)digestSize,
-            tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ,
-            echAcceptConfirmationLabel, ECH_ACCEPT_CONFIRMATION_LABEL_SZ,
-            transcriptEchConf, (word32)digestSize, digestType, WOLFSSL_SERVER_END);
+        ret = Tls13HKDFExpandKeyLabel(ssl, output + acceptOffset,
+            ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, (word32)digestSize,
+            tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, label, labelSz,
+            transcriptEchConf, (word32)digestSize, digestType,
+            WOLFSSL_SERVER_END);
         PRIVATE_KEY_LOCK();
     }
-
-    if (ret == 0)
-        XMEMCPY(ssl->arrays->serverRandom, output + serverRandomOffset,
-            RAN_LEN);
-
-    /* free acceptHashes */
+    /* mark that ech was accepted */
+    if (ret == 0 && msgType != hello_retry_request)
+        ssl->options.echAccepted = 1;
+    /* free hsHashesEch, if this is an HRR we will start at client hello 2*/
     FreeHandshakeHashes(ssl);
-
+    ssl->hsHashesEch = NULL;
     ssl->hsHashes = tmpHashes;
-
     return ret;
 }
 #endif
@@ -5019,7 +5038,10 @@ typedef struct Dsh13Args {
     byte            sessIdSz;
     byte            extMsgType;
 #if defined(HAVE_ECH)
-    int             serverRandomOffset;
+    TLSX* echX;
+    byte* acceptLabel;
+    word32 acceptOffset;
+    word16 acceptLabelSz;
 #endif
 } Dsh13Args;
 
@@ -5176,7 +5198,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     /* Server random - keep for debugging. */
     XMEMCPY(ssl->arrays->serverRandom, input + args->idx, RAN_LEN);
 #if defined(HAVE_ECH)
-    args->serverRandomOffset = (int)args->idx;
+    /* last 8 bytes of server random */
+    args->acceptOffset = args->idx + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ;
 #endif
     args->idx += RAN_LEN;
 
@@ -5270,7 +5293,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     defined(WOLFSSL_WPAS_SMALL)
             /* Check if client has disabled TLS 1.2 */
             if (args->pv.minor == TLSv1_2_MINOR &&
-                (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
+                (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2)
+                == WOLFSSL_OP_NO_TLSv1_2)
+            {
                 WOLFSSL_MSG("\tOption set to not allow TLSv1.2");
                 WOLFSSL_ERROR_VERBOSE(VERSION_ERROR);
                 return VERSION_ERROR;
@@ -5470,15 +5495,6 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     if (ret != 0)
         return ret;
 
-#if defined(HAVE_ECH)
-    /* check for acceptConfirmation and HashInput with 8 0 bytes */
-    if (ssl->options.useEch == 1) {
-        ret = EchCheckAcceptance(ssl, input, args->serverRandomOffset, (int)helloSz);
-        if (ret != 0)
-            return ret;
-    }
-#endif
-
 #ifdef HAVE_NULL_CIPHER
     if (ssl->options.cipherSuite0 == ECC_BYTE &&
                               (ssl->options.cipherSuite == TLS_SHA256_SHA256 ||
@@ -5516,6 +5532,36 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         return MATCH_SUITE_ERROR;
     }
 
+#if defined(HAVE_ECH)
+    /* check for acceptConfirmation, must be done after hashes restart */
+    if (ssl->options.useEch == 1) {
+        args->echX = TLSX_Find(ssl->extensions, TLSX_ECH);
+        /* account for hrr extension instead of server random */
+        if (args->extMsgType == hello_retry_request) {
+            args->acceptOffset =
+                (word32)(((WOLFSSL_ECH*)args->echX->data)->confBuf - input);
+            args->acceptLabel = (byte*)echHrrAcceptConfirmationLabel;
+            args->acceptLabelSz = ECH_HRR_ACCEPT_CONFIRMATION_LABEL_SZ;
+        }
+        else {
+            args->acceptLabel = (byte*)echAcceptConfirmationLabel;
+            args->acceptLabelSz = ECH_ACCEPT_CONFIRMATION_LABEL_SZ;
+        }
+        /* check acceptance */
+        if (ret == 0) {
+            ret = EchCheckAcceptance(ssl, args->acceptLabel,
+                args->acceptLabelSz, input, args->acceptOffset, helloSz);
+        }
+        if (ret != 0)
+            return ret;
+        /* use the inner random for client random */
+        if (args->extMsgType != hello_retry_request) {
+            XMEMCPY(ssl->arrays->clientRandom, ssl->arrays->clientRandomInner,
+                RAN_LEN);
+        }
+    }
+#endif /* HAVE_ECH */
+
     if (*extMsgType == server_hello) {
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
         PreSharedKey* psk = NULL;
@@ -5851,7 +5897,7 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
          if (*psk_keySz != 0) {
              int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE;
              *found = (GetCipherSuiteFromName(cipherName, &cipherSuite0,
-                 &cipherSuite, &cipherSuiteFlags) == 0);
+                 &cipherSuite, NULL, NULL, &cipherSuiteFlags) == 0);
              (void)cipherSuiteFlags;
          }
     }
@@ -6253,7 +6299,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
         return ret;
 
     if (*usingPSK != 0) {
-        word16 modes;
+        word32 modes;
     #ifdef WOLFSSL_EARLY_DATA
         TLSX*  extEarlyData;
 
@@ -6377,7 +6423,7 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz)
         return HRR_COOKIE_ERROR;
     cookieSz -= macSz;
 
-    ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID);
+    ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId);
     if (ret == 0) {
         ret = wc_HmacSetKey(&cookieHmac, cookieType,
                             ssl->buffers.tls13CookieSecret.buffer,
@@ -6388,6 +6434,7 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz)
 #ifdef WOLFSSL_DTLS13
     /* Tie cookie to peer address */
     if (ret == 0) {
+        /* peerLock not necessary. Still in handshake phase. */
         if (ssl->options.dtls && ssl->buffers.dtlsCtx.peer.sz > 0) {
             ret = wc_HmacUpdate(&cookieHmac,
                 (byte*)ssl->buffers.dtlsCtx.peer.sa,
@@ -6651,7 +6698,6 @@ static int DoTls13SupportedVersions(WOLFSSL* ssl, const byte* input, word32 i,
 
 typedef struct Dch13Args {
     ProtocolVersion pv;
-    Suites*         clSuites;
     word32          idx;
     word32          begin;
     int             usingPSK;
@@ -6659,17 +6705,17 @@ typedef struct Dch13Args {
 
 static void FreeDch13Args(WOLFSSL* ssl, void* pArgs)
 {
-    Dch13Args* args = (Dch13Args*)pArgs;
-
-    (void)ssl;
-
-    if (args && args->clSuites) {
-        XFREE(args->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
-        args->clSuites = NULL;
+    /* openssl compat builds hang on to the client suites until WOLFSSL object
+     * is destroyed */
+#ifndef OPENSSL_EXTRA
+    if (ssl->clSuites) {
+        XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
+        ssl->clSuites = NULL;
     }
-#ifdef OPENSSL_EXTRA
-    ssl->clSuites = NULL;
 #endif
+    (void)ssl;
+    (void)pArgs;
+
 }
 
 int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
@@ -6684,6 +6730,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif
 #if defined(HAVE_ECH)
     TLSX* echX = NULL;
+    HS_Hashes* tmpHashes;
 #endif
 
     WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO);
@@ -6879,28 +6926,31 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 #endif /* WOLFSSL_DTLS13 */
 
-    args->clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
+    XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
+    ssl->clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
         DYNAMIC_TYPE_SUITES);
-    if (args->clSuites == NULL) {
+    if (ssl->clSuites == NULL) {
         ERROR_OUT(MEMORY_E, exit_dch);
     }
 
     /* Cipher suites */
     if ((args->idx - args->begin) + OPAQUE16_LEN > helloSz)
         ERROR_OUT(BUFFER_ERROR, exit_dch);
-    ato16(&input[args->idx], &args->clSuites->suiteSz);
+    ato16(&input[args->idx], &ssl->clSuites->suiteSz);
     args->idx += OPAQUE16_LEN;
-    if ((args->clSuites->suiteSz % 2) != 0) {
+    if ((ssl->clSuites->suiteSz % 2) != 0) {
         ERROR_OUT(INVALID_PARAMETER, exit_dch);
     }
     /* suites and compression length check */
-    if ((args->idx - args->begin) + args->clSuites->suiteSz + OPAQUE8_LEN > helloSz)
+    if ((args->idx - args->begin) + ssl->clSuites->suiteSz + OPAQUE8_LEN >
+            helloSz) {
         ERROR_OUT(BUFFER_ERROR, exit_dch);
-    if (args->clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ)
+    }
+    if (ssl->clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ)
         ERROR_OUT(BUFFER_ERROR, exit_dch);
-    XMEMCPY(args->clSuites->suites, input + args->idx, args->clSuites->suiteSz);
-    args->idx += args->clSuites->suiteSz;
-    args->clSuites->hashSigAlgoSz = 0;
+    XMEMCPY(ssl->clSuites->suites, input + args->idx, ssl->clSuites->suiteSz);
+    args->idx += ssl->clSuites->suiteSz;
+    ssl->clSuites->hashSigAlgoSz = 0;
 
     /* Compression */
     b = input[args->idx++];
@@ -6932,12 +6982,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         goto exit_dch;
 
 #if defined(HAVE_ECH)
-    if (ssl->ctx->echConfigs != NULL) {
+    if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) {
         /* save the start of the buffer so we can use it when parsing ech */
         echX = TLSX_Find(ssl->extensions, TLSX_ECH);
 
         if (echX == NULL)
-            return -1;
+            ERROR_OUT(WOLFSSL_FATAL_ERROR, exit_dch);
 
         ((WOLFSSL_ECH*)echX->data)->aad = input + HANDSHAKE_HEADER_SZ;
         ((WOLFSSL_ECH*)echX->data)->aadLen = helloSz;
@@ -6946,7 +6996,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     /* Parse extensions */
     if ((ret = TLSX_Parse(ssl, input + args->idx, totalExtSz, client_hello,
-                                                            args->clSuites))) {
+                                                            ssl->clSuites))) {
         goto exit_dch;
     }
 
@@ -7004,14 +7054,30 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 #endif
 
+#if defined(HAVE_ECH)
+    /* hash clientHelloInner to hsHashesEch independently since it can't include
+     * the HRR */
+    if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) {
+        tmpHashes = ssl->hsHashes;
+        ssl->hsHashes = NULL;
+        ret = InitHandshakeHashes(ssl);
+        if (ret != 0)
+            goto exit_dch;
+        if ((ret = HashInput(ssl, input + args->begin, (int)helloSz)) != 0)
+            goto exit_dch;
+        ssl->hsHashesEch = ssl->hsHashes;
+        ssl->hsHashes = tmpHashes;
+    }
+#endif
+
 #if (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \
                                                     defined(HAVE_TLS_EXTENSIONS)
-    ret = CheckPreSharedKeys(ssl, input + args->begin, helloSz, args->clSuites,
+    ret = CheckPreSharedKeys(ssl, input + args->begin, helloSz, ssl->clSuites,
         &args->usingPSK);
     if (ret != 0)
         goto exit_dch;
 #else
-    if ((ret = HashInput(ssl, input + args->begin, helloSz)) != 0)
+    if ((ret = HashInput(ssl, input + args->begin, (int)helloSz)) != 0)
         goto exit_dch;
 #endif
 
@@ -7030,7 +7096,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             WOLFSSL_MSG("Client did not send a KeyShare extension");
             ERROR_OUT(INCOMPLETE_DATA, exit_dch);
         }
-        if (TLSX_Find(ssl->extensions, TLSX_SIGNATURE_ALGORITHMS) == NULL) {
+        /* Can't check ssl->extensions here as SigAlgs are unconditionally
+           set by TLSX_PopulateExtensions */
+        if (ssl->clSuites->hashSigAlgoSz == 0) {
             WOLFSSL_MSG("Client did not send a SignatureAlgorithms extension");
             ERROR_OUT(INCOMPLETE_DATA, exit_dch);
         }
@@ -7056,13 +7124,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     case TLS_ASYNC_DO:
     {
 #ifdef OPENSSL_EXTRA
-    ssl->clSuites = args->clSuites;
     if ((ret = CertSetupCbWrapper(ssl)) != 0)
         goto exit_dch;
 #endif
 #ifndef NO_CERTS
     if (!args->usingPSK) {
-        if ((ret = MatchSuite(ssl, args->clSuites)) < 0) {
+        if ((ret = MatchSuite(ssl, ssl->clSuites)) < 0) {
         #ifdef WOLFSSL_ASYNC_CRYPT
             if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
         #endif
@@ -7155,7 +7222,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             ERROR_OUT(MATCH_SUITE_ERROR, exit_dch);
         }
 
-    #ifdef HAVE_SESSION_TICKET
+    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
         if (ssl->options.resuming) {
             ssl->options.resuming = 0;
             ssl->arrays->psk_keySz = 0;
@@ -7283,7 +7350,9 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
     int    sendSz;
 #if defined(HAVE_ECH)
     TLSX* echX = NULL;
-    word32 serverRandomOffset;
+    byte* acceptLabel = (byte*)echAcceptConfirmationLabel;
+    word32 acceptOffset;
+    word16 acceptLabelSz = ECH_ACCEPT_CONFIRMATION_LABEL_SZ;
 #endif
 
     WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND);
@@ -7342,7 +7411,8 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
     }
 
 #if defined(HAVE_ECH)
-    serverRandomOffset = idx;
+    /* last 8 bytes of server random */
+    acceptOffset = idx + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ;
 #endif
 
     /* Store in SSL for debugging. */
@@ -7404,20 +7474,39 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
 #endif /* WOLFSSL_DTLS13 */
         {
 #if defined(HAVE_ECH)
-            if (ssl->ctx->echConfigs != NULL) {
+            if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) {
                 echX = TLSX_Find(ssl->extensions, TLSX_ECH);
-
                 if (echX == NULL)
-                    return -1;
-
+                    return WOLFSSL_FATAL_ERROR;
+                /* use hrr offset */
+                if (extMsgType == hello_retry_request) {
+                    acceptOffset =
+                        (word32)(((WOLFSSL_ECH*)echX->data)->confBuf - output);
+                    acceptLabel = (byte*)echHrrAcceptConfirmationLabel;
+                    acceptLabelSz = ECH_HRR_ACCEPT_CONFIRMATION_LABEL_SZ;
+                }
                 /* replace the last 8 bytes of server random with the accept */
                 if (((WOLFSSL_ECH*)echX->data)->state == ECH_PARSED_INTERNAL) {
-                    ret = EchWriteAcceptance(ssl, output + RECORD_HEADER_SZ,
-                        serverRandomOffset - RECORD_HEADER_SZ,
-                        sendSz - RECORD_HEADER_SZ);
-
-                    /* remove ech so we don't keep sending it in write */
-                    TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap);
+                    if (ret == 0) {
+                        ret = EchWriteAcceptance(ssl, acceptLabel,
+                            acceptLabelSz, output + RECORD_HEADER_SZ,
+                            acceptOffset - RECORD_HEADER_SZ,
+                            sendSz - RECORD_HEADER_SZ, extMsgType);
+                    }
+                    if (extMsgType == hello_retry_request) {
+                        /* reset the ech state for round 2 */
+                        ((WOLFSSL_ECH*)echX->data)->state = ECH_WRITE_NONE;
+                    }
+                    else {
+                        if (ret == 0) {
+                            /* update serverRandom on success */
+                            XMEMCPY(ssl->arrays->serverRandom,
+                                output + acceptOffset -
+                                (RAN_LEN -ECH_ACCEPT_CONFIRMATION_SZ), RAN_LEN);
+                        }
+                        /* remove ech so we don't keep sending it in write */
+                        TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap);
+                    }
                 }
             }
 #endif
@@ -7455,7 +7544,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
     }
 #endif /* WOLFSSL_DTLS13 */
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
 
     if (!ssl->options.groupMessages || extMsgType != server_hello)
         ret = SendBuffered(ssl);
@@ -7603,11 +7692,12 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
 
     /* This handshake message is always encrypted. */
     sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ,
-                               idx - RECORD_HEADER_SZ, handshake, 1, 0, 0);
+                               (int)(idx - RECORD_HEADER_SZ),
+                               handshake, 1, 0, 0);
     if (sendSz < 0)
         return sendSz;
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
     ssl->options.buildingMsg = 0;
     ssl->options.serverState = SERVER_ENCRYPTED_EXTENSIONS_COMPLETE;
 
@@ -7633,7 +7723,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
  * returns 0 on success, otherwise failure.
  */
 static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
-                                       int reqCtxLen)
+                                       word32 reqCtxLen)
 {
     byte*   output;
     int    ret;
@@ -7721,7 +7811,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
 
     /* Always encrypted. */
     sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ,
-                               i - RECORD_HEADER_SZ, handshake, 1, 0, 0);
+                               (int)(i - RECORD_HEADER_SZ), handshake, 1, 0, 0);
     if (sendSz < 0)
         return sendSz;
 
@@ -7736,7 +7826,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
         }
     #endif
 
-    ssl->buffers.outputBuffer.length += sendSz;
+    ssl->buffers.outputBuffer.length += (word32)sendSz;
     ssl->options.buildingMsg = 0;
     if (!ssl->options.groupMessages)
         ret = SendBuffered(ssl);
@@ -7914,6 +8004,27 @@ static void EncodeDualSigAlg(byte sigAlg, byte altSigAlg, byte* output)
 }
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
 
+static enum wc_MACAlgorithm GetNewSAHashAlgo(int typeIn)
+{
+    switch (typeIn) {
+        case RSA_PSS_RSAE_SHA256_MINOR:
+        case RSA_PSS_PSS_SHA256_MINOR:
+            return sha256_mac;
+
+        case RSA_PSS_RSAE_SHA384_MINOR:
+        case RSA_PSS_PSS_SHA384_MINOR:
+            return sha384_mac;
+
+        case RSA_PSS_RSAE_SHA512_MINOR:
+        case RSA_PSS_PSS_SHA512_MINOR:
+        case ED25519_SA_MINOR:
+        case ED448_SA_MINOR:
+            return sha512_mac;
+        default:
+            return no_mac;
+    }
+}
+
 /* Decode the signature algorithm.
  *
  * input     The encoded signature algorithm.
@@ -7938,17 +8049,23 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
             break;
     #endif
         case NEW_SA_MAJOR:
-            /* PSS signatures: 0x080[4-6] */
-            if (input[1] >= sha256_mac && input[1] <= sha512_mac) {
+            *hashAlgo = GetNewSAHashAlgo(input[1]);
+
+            /* PSS encryption: 0x080[4-6] */
+            if (input[1] >= RSA_PSS_RSAE_SHA256_MINOR &&
+                    input[1] <= RSA_PSS_RSAE_SHA512_MINOR) {
+                *hsType   = input[0];
+            }
+            /* PSS signature: 0x080[9-B] */
+            else if (input[1] >= RSA_PSS_PSS_SHA256_MINOR &&
+                    input[1] <= RSA_PSS_PSS_SHA512_MINOR) {
                 *hsType   = input[0];
-                *hashAlgo = input[1];
             }
     #ifdef HAVE_ED25519
             /* ED25519: 0x0807 */
             else if (input[1] == ED25519_SA_MINOR) {
                 *hsType = ed25519_sa_algo;
                 /* Hash performed as part of sign/verify operation. */
-                *hashAlgo = sha512_mac;
             }
     #endif
     #ifdef HAVE_ED448
@@ -7956,15 +8073,13 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
             else if (input[1] == ED448_SA_MINOR) {
                 *hsType = ed448_sa_algo;
                 /* Hash performed as part of sign/verify operation. */
-                *hashAlgo = sha512_mac;
             }
     #endif
             else
                 ret = INVALID_PARAMETER;
             break;
-#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
-        case PQC_SA_MAJOR:
 #if defined(HAVE_FALCON)
+        case FALCON_SA_MAJOR:
             if (input[1] == FALCON_LEVEL1_SA_MINOR) {
                 *hsType = falcon_level1_sa_algo;
                 /* Hash performed as part of sign/verify operation. */
@@ -7975,8 +8090,11 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
                 *hashAlgo = sha512_mac;
             }
             else
+                ret = INVALID_PARAMETER;
+            break;
 #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM)
+        case DILITHIUM_SA_MAJOR:
             if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
                 *hsType = dilithium_level2_sa_algo;
                 /* Hash performed as part of sign/verify operation. */
@@ -7991,12 +8109,11 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
                 *hashAlgo = sha512_mac;
             }
             else
-#endif /* HAVE_DILITHIUM */
             {
                 ret = INVALID_PARAMETER;
             }
             break;
-#endif
+#endif /* HAVE_DILITHIUM */
         default:
             *hashAlgo = input[0];
             *hsType   = input[1];
@@ -8403,6 +8520,75 @@ static word32 NextCert(byte* data, word32 length, word32* idx)
     return len;
 }
 
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER)
+/* Write certificate status request into certificate to buffer.
+ *
+ * ssl       SSL/TLS object.
+ * certExts  DerBuffer array. buffers written
+ * extSz     word32 array.
+ *           Length of the certificate status request data for the certificate.
+ * extSz_num number of the CSR written
+ * extIdx    The index number of certificate status request data
+ *           for the certificate.
+ * offset    index offset
+ * returns   Total number of bytes written.
+ */
+static int WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts,
+                                word16* extSz,  word16 extSz_num)
+{
+    int    ret = 0;
+    TLSX* ext;
+    CertificateStatusRequest* csr;
+    word32 ex_offset = HELLO_EXT_TYPE_SZ + OPAQUE16_LEN /* extension type */
+                    + OPAQUE16_LEN /* extension length */;
+    word32 totalSz = 0;
+    word32 tmpSz;
+    word32 extIdx;
+    DerBuffer* der;
+
+    ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST);
+    csr = ext ? (CertificateStatusRequest*)ext->data : NULL;
+
+    if (csr) {
+        for (extIdx = 0; extIdx < (word16)(extSz_num); extIdx++) {
+            tmpSz = TLSX_CSR_GetSize_ex(csr, 0, (int)extIdx);
+
+            if (tmpSz > (OPAQUE8_LEN + OPAQUE24_LEN) &&
+                certExts[extIdx] == NULL) {
+                /* csr extension is not zero */
+                extSz[extIdx] = tmpSz;
+
+                ret = AllocDer(&certExts[extIdx], extSz[extIdx] + ex_offset,
+                                                    CERT_TYPE, ssl->heap);
+                if (ret < 0)
+                    return ret;
+                der = certExts[extIdx];
+
+                /* write extension type */
+                c16toa(ext->type, der->buffer
+                                + OPAQUE16_LEN);
+                /* writes extension data length. */
+                c16toa(extSz[extIdx], der->buffer
+                            + HELLO_EXT_TYPE_SZ + OPAQUE16_LEN);
+                /* write extension data */
+                extSz[extIdx] = (word16)TLSX_CSR_Write_ex(csr,
+                        der->buffer + ex_offset, 0, extIdx);
+                /* add extension offset */
+                extSz[extIdx] += (word16)ex_offset;
+                /* extension length */
+                c16toa(extSz[extIdx] - OPAQUE16_LEN,
+                            der->buffer);
+            }
+            totalSz += extSz[extIdx];
+        }
+    }
+    else {
+        /* chain cert empty extension size */
+        totalSz += OPAQUE16_LEN * extSz_num;
+    }
+    return (int)totalSz;
+}
+#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
 /* Add certificate data and empty extension to output up to the fragment size.
  *
  * ssl     SSL/TLS object.
@@ -8412,10 +8598,11 @@ static word32 NextCert(byte* data, word32 length, word32* idx)
  * idx     The start of the certificate data to write out.
  * fragSz  The maximum size of this fragment.
  * output  The buffer to write to.
+ * extIdx  The index number of the extension data with the certificate
  * returns the number of bytes written.
  */
 static word32 AddCertExt(WOLFSSL* ssl, byte* cert, word32 len, word16 extSz,
-                         word32 idx, word32 fragSz, byte* output)
+                         word32 idx, word32 fragSz, byte* output, word16 extIdx)
 {
     word32 i = 0;
     word32 copySz = min(len - idx, fragSz);
@@ -8436,7 +8623,7 @@ static word32 AddCertExt(WOLFSSL* ssl, byte* cert, word32 len, word16 extSz,
         }
     }
     else {
-        byte* certExts = ssl->buffers.certExts->buffer + idx + i - len;
+        byte* certExts = ssl->buffers.certExts[extIdx]->buffer + idx + i - len;
         /* Put out as much of the extensions' data as will fit in fragment. */
         if (copySz > fragSz - i)
             copySz = fragSz - i;
@@ -8458,13 +8645,16 @@ static int SendTls13Certificate(WOLFSSL* ssl)
 {
     int    ret = 0;
     word32 certSz, certChainSz, headerSz, listSz, payloadSz;
-    word16 extSz = 0;
-    word32 length, maxFragment;
+    word16 extSz[MAX_CERT_EXTENSIONS];
+    word16 extIdx = 0;
+    word32 maxFragment;
+    word32 totalextSz = 0;
     word32 len = 0;
     word32 idx = 0;
     word32 offset = OPAQUE16_LEN;
     byte*  p = NULL;
     byte   certReqCtxLen = 0;
+    sword32 length;
 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
     byte*  certReqCtx = NULL;
 #endif
@@ -8477,6 +8667,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
     WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND);
     WOLFSSL_ENTER("SendTls13Certificate");
 
+    XMEMSET(extSz, 0, sizeof(extSz));
+
     ssl->options.buildingMsg = 1;
 
 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
@@ -8506,11 +8698,11 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         certSz = 0;
         certChainSz = 0;
         headerSz = OPAQUE8_LEN + certReqCtxLen + CERT_HEADER_SZ;
-        length = headerSz;
+        length = (sword32)headerSz;
         listSz = 0;
     }
     else {
-        if (!ssl->buffers.certificate) {
+        if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer) {
             WOLFSSL_MSG("Send Cert missing certificate buffer");
             return NO_CERT_ERROR;
         }
@@ -8519,35 +8711,42 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         /* Cert Req Ctx Len | Cert Req Ctx | Cert List Len | Cert Data Len */
         headerSz = OPAQUE8_LEN + certReqCtxLen + CERT_HEADER_SZ +
                    CERT_HEADER_SZ;
+        /* set empty extension as default */
+        for (extIdx = 0; extIdx < (word16)XELEM_CNT(extSz); extIdx++)
+            extSz[extIdx] = OPAQUE16_LEN;
 
-        ret = TLSX_GetResponseSize(ssl, certificate, &extSz);
-        if (ret < 0)
-            return ret;
-
-        /* Create extensions' data if none already present. */
-        if (extSz > OPAQUE16_LEN && ssl->buffers.certExts == NULL) {
-            ret = AllocDer(&ssl->buffers.certExts, extSz, CERT_TYPE, ssl->heap);
-            if (ret < 0)
-                return ret;
-
-            extSz = 0;
-            ret = TLSX_WriteResponse(ssl, ssl->buffers.certExts->buffer,
-                                                           certificate, &extSz);
+    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER)
+        /* We only send CSR on the server side. On client side, the CSR data
+         * is populated with the server response. We would be sending the server
+         * its own stapling data. */
+        if (ssl->options.side == WOLFSSL_SERVER_END) {
+            ret = WriteCSRToBuffer(ssl, &ssl->buffers.certExts[0], &extSz[0],
+                    1 /* +1 for leaf */ + ssl->buffers.certChainCnt);
             if (ret < 0)
                 return ret;
+            totalextSz += ret;
+            ret = 0; /* Clear to signal no error */
+        }
+        else
+    #endif
+        {
+            /* Leaf cert empty extension size */
+            totalextSz += OPAQUE16_LEN;
+            /* chain cert empty extension size */
+            totalextSz += OPAQUE16_LEN * ssl->buffers.certChainCnt;
         }
 
         /* Length of message data with one certificate and extensions. */
-        length = headerSz + certSz + extSz;
+        length = (sword32)(headerSz + certSz + totalextSz);
         /* Length of list data with one certificate and extensions. */
-        listSz = CERT_HEADER_SZ + certSz + extSz;
+        listSz = CERT_HEADER_SZ + certSz + totalextSz;
 
         /* Send rest of chain if sending cert (chain has leading size/s). */
         if (certSz > 0 && ssl->buffers.certChainCnt > 0) {
             p = ssl->buffers.certChain->buffer;
             /* Chain length including extensions. */
-            certChainSz = ssl->buffers.certChain->length +
-                          OPAQUE16_LEN * ssl->buffers.certChainCnt;
+            certChainSz = ssl->buffers.certChain->length;
+
             length += certChainSz;
             listSz += certChainSz;
         }
@@ -8555,13 +8754,15 @@ static int SendTls13Certificate(WOLFSSL* ssl)
             certChainSz = 0;
     }
 
-    payloadSz = length;
+    payloadSz = (word32)length;
 
     if (ssl->fragOffset != 0)
         length -= (ssl->fragOffset + headerSz);
 
     maxFragment = (word32)wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE);
 
+    extIdx = 0;
+
     while (length > 0 && ret == 0) {
         byte*  output = NULL;
         word32 fragSz = 0;
@@ -8576,15 +8777,15 @@ static int SendTls13Certificate(WOLFSSL* ssl)
 #endif /* WOLFSSL_DTLS13 */
 
         if (ssl->fragOffset == 0) {
-            if (headerSz + certSz + extSz + certChainSz <=
+            if (headerSz + certSz + totalextSz + certChainSz <=
                                             maxFragment - HANDSHAKE_HEADER_SZ) {
-                fragSz = headerSz + certSz + extSz + certChainSz;
+                fragSz = headerSz + certSz + totalextSz + certChainSz;
             }
 #ifdef WOLFSSL_DTLS13
             else if (ssl->options.dtls){
                 /* short-circuit the fragmentation logic here. DTLS
                    fragmentation will be done in dtls13HandshakeSend() */
-                fragSz = headerSz + certSz + extSz + certChainSz;
+                fragSz = headerSz + certSz + totalextSz + certChainSz;
             }
 #endif /* WOLFSSL_DTLS13 */
             else {
@@ -8601,7 +8802,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
 #endif /* WOLFSSL_DTLS13 */
         }
         else {
-            fragSz = min(length, maxFragment);
+            fragSz = min((word32)length, maxFragment);
             sendSz += fragSz;
         }
 
@@ -8643,20 +8844,23 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         else
             AddTls13RecordHeader(output, fragSz, handshake, ssl);
 
-        if (certSz > 0 && ssl->fragOffset < certSz + extSz) {
-            /* Put in the leaf certificate with extensions. */
-            word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer,
-                            certSz, extSz, ssl->fragOffset, fragSz, output + i);
-            i += copySz;
-            ssl->fragOffset += copySz;
-            length -= copySz;
-            fragSz -= copySz;
-            if (ssl->fragOffset == certSz + extSz)
-                FreeDer(&ssl->buffers.certExts);
+        if (extIdx == 0) {
+            if (certSz > 0 && ssl->fragOffset < certSz + extSz[0]) {
+                /* Put in the leaf certificate with extensions. */
+                word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer,
+                                certSz, extSz[0], ssl->fragOffset, fragSz,
+                                output + i, 0);
+                i += copySz;
+                ssl->fragOffset += copySz;
+                length -= copySz;
+                fragSz -= copySz;
+                if (ssl->fragOffset == certSz + extSz[0])
+                    FreeDer(&ssl->buffers.certExts[0]);
+            }
         }
         if (certChainSz > 0 && fragSz > 0) {
-            /* Put in the CA certificates with empty extensions. */
-            while (fragSz > 0) {
+             /* Put in the CA certificates with extensions. */
+             while (fragSz > 0) {
                 word32 l;
 
                 if (offset == len + OPAQUE16_LEN) {
@@ -8665,19 +8869,30 @@ static int SendTls13Certificate(WOLFSSL* ssl)
                     /* Point to the start of current cert in chain buffer. */
                     p = ssl->buffers.certChain->buffer + idx;
                     len = NextCert(ssl->buffers.certChain->buffer,
-                                   ssl->buffers.certChain->length, &idx);
+                            ssl->buffers.certChain->length, &idx);
                     if (len == 0)
                         break;
+                #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
+                        !defined(NO_WOLFSSL_SERVER)
+                    if (MAX_CERT_EXTENSIONS > extIdx)
+                        extIdx++;
+                #endif
                 }
-
-                /* Write out certificate and empty extension. */
-                l = AddCertExt(ssl, p, len, OPAQUE16_LEN, offset, fragSz,
-                                                                    output + i);
+                /* Write out certificate and extension. */
+                l = AddCertExt(ssl, p, len, extSz[extIdx], offset, fragSz,
+                                                       output + i, extIdx);
                 i += l;
                 ssl->fragOffset += l;
                 length -= l;
                 fragSz -= l;
                 offset += l;
+
+                if (extIdx != 0 && extIdx < MAX_CERT_EXTENSIONS &&
+                    ssl->buffers.certExts[extIdx] != NULL &&
+                                offset == len + extSz[extIdx])
+                    FreeDer(&ssl->buffers.certExts[extIdx]);
+                /* for next chain cert */
+                len += extSz[extIdx] - OPAQUE16_LEN;
             }
         }
 
@@ -8699,7 +8914,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
         {
             /* This message is always encrypted. */
             sendSz = BuildTls13Message(ssl, output, sendSz,
-                output + RECORD_HEADER_SZ, i - RECORD_HEADER_SZ, handshake, 1,
+                output + RECORD_HEADER_SZ, (int)(i - RECORD_HEADER_SZ),
+                handshake, 1,
                 0, 0);
             if (sendSz < 0)
                 return sendSz;
@@ -8715,14 +8931,14 @@ static int SendTls13Certificate(WOLFSSL* ssl)
             }
 #endif
 
-            ssl->buffers.outputBuffer.length += sendSz;
+            ssl->buffers.outputBuffer.length += (word32)sendSz;
             ssl->options.buildingMsg = 0;
             if (!ssl->options.groupMessages)
                 ret = SendBuffered(ssl);
         }
     }
 
-    if (ret != WANT_WRITE) {
+    if (ret != WC_NO_ERR_TRACE(WANT_WRITE)) {
         /* Clean up the fragment offset. */
         ssl->options.buildingMsg = 0;
         ssl->fragOffset = 0;
@@ -8759,6 +8975,10 @@ typedef struct Scv13Args {
     byte   sigAlgo;
     byte*  sigData;
     word16 sigDataSz;
+#ifndef NO_RSA
+    byte*  toSign; /* not allocated */
+    word32 toSignSz;
+#endif
 #ifdef WOLFSSL_DUAL_ALG_CERTS
     byte   altSigAlgo;
     word32 altSigLen;    /* Only used in the case of both native and alt. */
@@ -8879,7 +9099,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 return 0;  /* sent blank cert, can't verify */
             }
 
-            args->sendSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
+            args->sendSz = WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
             /* Always encrypted.  */
             args->sendSz += MAX_MSG_EXTRA;
 
@@ -8988,41 +9208,12 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
         #endif
         #if defined(HAVE_FALCON)
             else if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
-                falcon_key* fkey = (falcon_key*)ssl->hsKey;
-                byte level = 0;
-                if (wc_falcon_get_level(fkey, &level) != 0) {
-                    ERROR_OUT(ALGO_ID_E, exit_scv);
-                }
-                if (level == 1) {
-                    args->sigAlgo = falcon_level1_sa_algo;
-                }
-                else if (level == 5) {
-                    args->sigAlgo = falcon_level5_sa_algo;
-                }
-                else {
-                    ERROR_OUT(ALGO_ID_E, exit_scv);
-                }
+                args->sigAlgo = ssl->buffers.keyType;
             }
         #endif /* HAVE_FALCON */
         #if defined(HAVE_DILITHIUM)
             else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
-                dilithium_key* fkey = (dilithium_key*)ssl->hsKey;
-                byte level = 0;
-                if (wc_dilithium_get_level(fkey, &level) != 0) {
-                    ERROR_OUT(ALGO_ID_E, exit_scv);
-                }
-                if (level == 2) {
-                    args->sigAlgo = dilithium_level2_sa_algo;
-                }
-                else if (level == 3) {
-                    args->sigAlgo = dilithium_level3_sa_algo;
-                }
-                else if (level == 5) {
-                    args->sigAlgo = dilithium_level5_sa_algo;
-                }
-                else {
-                    ERROR_OUT(ALGO_ID_E, exit_scv);
-                }
+                args->sigAlgo = ssl->buffers.keyType;
             }
         #endif /* HAVE_DILITHIUM */
             else {
@@ -9146,7 +9337,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
         #endif /* !NO_RSA */
         #ifdef HAVE_ECC
             if (ssl->hsType == DYNAMIC_TYPE_ECC) {
-                args->sigLen = args->sendSz - args->idx - HASH_SIG_SIZE -
+                args->sigLen = (word32)args->sendSz - args->idx -
+                               HASH_SIG_SIZE -
                                VERIFY_HEADER;
             #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                 if (ssl->buffers.keyType != sm2_sa_algo)
@@ -9305,15 +9497,27 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
         #endif /* HAVE_FALCON */
         #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
             if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
-                ret = wc_dilithium_sign_msg(args->sigData, args->sigDataSz,
-                                         sigOut, &args->sigLen,
-                                         (dilithium_key*)ssl->hsKey, ssl->rng);
+                ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->sigData,
+                                                args->sigDataSz, sigOut,
+                                                &args->sigLen,
+                                                (dilithium_key*)ssl->hsKey,
+                                                ssl->rng);
                 args->length = (word16)args->sigLen;
             }
         #endif /* HAVE_DILITHIUM */
         #ifndef NO_RSA
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
-                ret = RsaSign(ssl, rsaSigBuf->buffer, (word32)rsaSigBuf->length,
+                args->toSign = rsaSigBuf->buffer;
+                args->toSignSz = (word32)rsaSigBuf->length;
+            #if defined(HAVE_PK_CALLBACKS) && \
+                defined(TLS13_RSA_PSS_SIGN_CB_NO_PREHASH)
+                /* Pass full data to sign (args->sigData), not hash of */
+                if (ssl->ctx->RsaPssSignCb) {
+                    args->toSign = args->sigData;
+                    args->toSignSz = args->sigDataSz;
+                }
+            #endif
+                ret = RsaSign(ssl, (const byte*)args->toSign, args->toSignSz,
                               sigOut, &args->sigLen, args->sigAlgo,
                               ssl->options.hashAlgo, (RsaKey*)ssl->hsKey,
                               ssl->buffers.key);
@@ -9357,10 +9561,20 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             #endif /* HAVE_ECC */
             #ifndef NO_RSA
                 if (ssl->hsAltType == DYNAMIC_TYPE_RSA) {
-                    ret = RsaSign(ssl, rsaSigBuf->buffer,
-                                  (word32)rsaSigBuf->length, sigOut,
-                                  &args->altSigLen, args->altSigAlgo,
-                                  ssl->options.hashAlgo, (RsaKey*)ssl->hsAltKey,
+                    args->toSign = rsaSigBuf->buffer;
+                    args->toSignSz = (word32)rsaSigBuf->length;
+                #if defined(HAVE_PK_CALLBACKS) && \
+                    defined(TLS13_RSA_PSS_SIGN_CB_NO_PREHASH)
+                    /* Pass full data to sign (args->altSigData), not hash of */
+                    if (ssl->ctx->RsaPssSignCb) {
+                        args->toSign = args->altSigData;
+                        args->toSignSz = (word32)args->altSigDataSz;
+                    }
+                #endif
+                    ret = RsaSign(ssl, (const byte*)args->toSign,
+                                  args->toSignSz, sigOut, &args->altSigLen,
+                                  args->altSigAlgo, ssl->options.hashAlgo,
+                                  (RsaKey*)ssl->hsAltKey,
                                   ssl->buffers.altKey);
 
                     if (ret == 0) {
@@ -9379,11 +9593,9 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             #endif /* HAVE_FALCON */
             #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
                 if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) {
-                    ret = wc_dilithium_sign_msg(args->altSigData,
-                                                args->altSigDataSz, sigOut,
-                                                &args->altSigLen,
-                                                (dilithium_key*)ssl->hsAltKey,
-                                                ssl->rng);
+                    ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->altSigData,
+                                args->altSigDataSz, sigOut, &args->altSigLen,
+                                (dilithium_key*)ssl->hsAltKey, ssl->rng);
                 }
             #endif /* HAVE_DILITHIUM */
 
@@ -9450,11 +9662,17 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 else
             #endif
                 {
+                #ifdef HAVE_PK_CALLBACKS
+                    buffer tmp;
+
+                    tmp.length = ssl->buffers.key->length;
+                    tmp.buffer = ssl->buffers.key->buffer;
+                #endif
                     ret = EccVerify(ssl, sigOut, args->sigLen,
                             args->sigData, args->sigDataSz,
                             (ecc_key*)ssl->hsKey,
                 #ifdef HAVE_PK_CALLBACKS
-                            ssl->buffers.key
+                            &tmp
                 #else
                             NULL
                 #endif
@@ -9515,7 +9733,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             if (ssl->options.dtls) {
                 ssl->options.buildingMsg = 0;
                 ret = Dtls13HandshakeSend(ssl, args->output,
-                    MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA,
+                    WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA,
                     (word16)args->sendSz, certificate_verify, 1);
                 if (ret != 0)
                     goto exit_scv;
@@ -9526,7 +9744,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
 
             /* This message is always encrypted. */
             ret = BuildTls13Message(ssl, args->output,
-                                    MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA,
+                                    WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA,
                                     args->output + RECORD_HEADER_SZ,
                                     args->sendSz - RECORD_HEADER_SZ, handshake,
                                     1, 0, 0);
@@ -9551,7 +9769,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             }
         #endif
 
-            ssl->buffers.outputBuffer.length += args->sendSz;
+            ssl->buffers.outputBuffer.length += (word32)args->sendSz;
             ssl->options.buildingMsg = 0;
             if (!ssl->options.groupMessages)
                 ret = SendBuffered(ssl);
@@ -9967,13 +10185,13 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
             #endif
             #ifdef HAVE_DILITHIUM
                 case dilithium_level2_sa_algo:
-                    ret = decodeDilithiumKey(ssl, 2);
+                    ret = decodeDilithiumKey(ssl, WC_ML_DSA_44);
                     break;
                 case dilithium_level3_sa_algo:
-                    ret = decodeDilithiumKey(ssl, 3);
+                    ret = decodeDilithiumKey(ssl, WC_ML_DSA_65);
                     break;
                 case dilithium_level5_sa_algo:
-                    ret = decodeDilithiumKey(ssl, 5);
+                    ret = decodeDilithiumKey(ssl, WC_ML_DSA_87);
                     break;
             #endif
             #ifdef HAVE_FALCON
@@ -10362,6 +10580,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                                                    (void**)&ssl->peerFalconKey);
                     ssl->peerFalconKeyPresent = 0;
                 }
+                else if ((ret >= 0) && (res == 0)) {
+                    WOLFSSL_MSG("Falcon signature verification failed");
+                    ret = SIG_VERIFY_E;
+                }
             }
         #endif /* HAVE_FALCON */
         #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
@@ -10371,9 +10593,9 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 (ssl->peerDilithiumKeyPresent)) {
                 int res = 0;
                 WOLFSSL_MSG("Doing Dilithium peer cert verify");
-                ret = wc_dilithium_verify_msg(sig, args->sigSz,
-                                              args->sigData, args->sigDataSz,
-                                              &res, ssl->peerDilithiumKey);
+                ret = wc_dilithium_verify_ctx_msg(sig, args->sigSz, NULL, 0,
+                                                  args->sigData, args->sigDataSz,
+                                                  &res, ssl->peerDilithiumKey);
 
                 if ((ret >= 0) && (res == 1)) {
                     /* CLIENT/SERVER: data verified with public key from
@@ -10384,6 +10606,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                             (void**)&ssl->peerDilithiumKey);
                     ssl->peerDilithiumKeyPresent = 0;
                 }
+                else if ((ret >= 0) && (res == 0)) {
+                    WOLFSSL_MSG("Dilithium signature verification failed");
+                    ret = SIG_VERIFY_E;
+                }
             }
         #endif /* HAVE_DILITHIUM */
 
@@ -10464,6 +10690,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                                                 (void**)&ssl->peerFalconKey);
                         ssl->peerFalconKeyPresent = 0;
                     }
+                    else if ((ret >= 0) && (res == 0)) {
+                        WOLFSSL_MSG("Falcon signature verification failed");
+                        ret = SIG_VERIFY_E;
+                    }
                 }
             #endif /* HAVE_FALCON */
             #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
@@ -10473,9 +10703,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                     (ssl->peerDilithiumKeyPresent)) {
                     int res = 0;
                     WOLFSSL_MSG("Doing Dilithium peer cert alt verify");
-                    ret = wc_dilithium_verify_msg(sig, args->altSignatureSz,
-                                        args->altSigData, args->altSigDataSz,
-                                        &res, ssl->peerDilithiumKey);
+                    ret = wc_dilithium_verify_ctx_msg(sig, args->altSignatureSz,
+                                        NULL, 0, args->altSigData,
+                                        args->altSigDataSz, &res,
+                                        ssl->peerDilithiumKey);
 
                     if ((ret >= 0) && (res == 1)) {
                         /* CLIENT/SERVER: data verified with public key from
@@ -10486,6 +10717,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                                             (void**)&ssl->peerDilithiumKey);
                         ssl->peerDilithiumKeyPresent = 0;
                     }
+                    else if ((ret >= 0) && (res == 0)) {
+                        WOLFSSL_MSG("Dilithium signature verification failed");
+                        ret = SIG_VERIFY_E;
+                    }
                 }
             #endif /* HAVE_DILITHIUM */
 
@@ -10713,15 +10948,19 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 
     if (sniff == NO_SNIFF) {
+
         ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz);
     #ifdef WOLFSSL_HAVE_TLS_UNIQUE
+        if (finishedSz > TLS_FINISHED_SZ_MAX) {
+            return BUFFER_ERROR;
+        }
         if (ssl->options.side == WOLFSSL_CLIENT_END) {
             XMEMCPY(ssl->serverFinished, mac, finishedSz);
-            ssl->serverFinished_len = finishedSz;
+            ssl->serverFinished_len = (byte)finishedSz;
         }
         else {
             XMEMCPY(ssl->clientFinished, mac, finishedSz);
-            ssl->clientFinished_len = finishedSz;
+            ssl->clientFinished_len = (byte)finishedSz;
         }
     #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
         if (ret != 0)
@@ -10749,6 +10988,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     /* Force input exhaustion at ProcessReply by consuming padSz. */
     *inOutIdx += size + ssl->keys.padSz;
 
+#ifndef NO_WOLFSSL_SERVER
     if (ssl->options.side == WOLFSSL_SERVER_END &&
                                                   !ssl->options.handShakeDone) {
 #ifdef WOLFSSL_EARLY_DATA
@@ -10761,6 +11001,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
             return ret;
     }
+#endif
 
 #ifndef NO_WOLFSSL_CLIENT
     if (ssl->options.side == WOLFSSL_CLIENT_END)
@@ -10803,7 +11044,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
  */
 static int SendTls13Finished(WOLFSSL* ssl)
 {
-    int   finishedSz = ssl->specs.hash_size;
+    byte  finishedSz = ssl->specs.hash_size;
     byte* input;
     byte* output;
     int   ret;
@@ -10842,7 +11083,8 @@ static int SendTls13Finished(WOLFSSL* ssl)
         input = output + Dtls13GetRlHeaderLength(ssl, 1);
 #endif /* WOLFSSL_DTLS13 */
 
-    AddTls13HandShakeHeader(input, (word32)finishedSz, 0, finishedSz, finished, ssl);
+    AddTls13HandShakeHeader(input, (word32)finishedSz, 0, (word32)finishedSz,
+            finished, ssl);
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     if (ssl->options.side == WOLFSSL_CLIENT_END) {
@@ -10903,7 +11145,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
         dtlsRet = Dtls13HandshakeSend(ssl, output, (word16)outputSz,
             (word16)(Dtls13GetRlHeaderLength(ssl, 1) + headerSz + finishedSz), finished,
             1);
-        if (dtlsRet != 0 && dtlsRet != WANT_WRITE)
+        if (dtlsRet != 0 && dtlsRet != WC_NO_ERR_TRACE(WANT_WRITE))
             return ret;
 
     } else
@@ -10927,7 +11169,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
             }
         #endif
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
         ssl->options.buildingMsg = 0;
     }
 
@@ -10992,14 +11234,14 @@ static int SendTls13Finished(WOLFSSL* ssl)
                                                   !ssl->options.handShakeDone) {
 #ifdef WOLFSSL_EARLY_DATA
         if (ssl->earlyData != no_early_data) {
-            if ((ret = DeriveTls13Keys(ssl, no_key, ENCRYPT_AND_DECRYPT_SIDE,
+            if ((ret = DeriveTls13Keys(ssl, no_key, ENCRYPT_SIDE_ONLY,
                                                                      1)) != 0) {
                     return ret;
             }
         }
 #endif
         /* Setup keys for application data messages. */
-        if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0)
+        if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
             return ret;
 
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@@ -11067,7 +11309,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
  * ssl  The SSL/TLS object.
  * returns 0 on success, otherwise failure.
  */
-static int SendTls13KeyUpdate(WOLFSSL* ssl)
+int SendTls13KeyUpdate(WOLFSSL* ssl)
 {
     byte*  input;
     byte*  output;
@@ -11136,12 +11378,12 @@ static int SendTls13KeyUpdate(WOLFSSL* ssl)
             }
         #endif
 
-        ssl->buffers.outputBuffer.length += sendSz;
+        ssl->buffers.outputBuffer.length += (word32)sendSz;
 
         ret = SendBuffered(ssl);
 
 
-        if (ret != 0 && ret != WANT_WRITE)
+        if (ret != 0 && ret != WC_NO_ERR_TRACE(WANT_WRITE))
             return ret;
     }
 
@@ -11244,7 +11486,12 @@ static int DoTls13KeyUpdate(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         }
 #endif /* WOLFSSL_DTLS13 */
 
+#ifndef WOLFSSL_RW_THREADED
         return SendTls13KeyUpdate(ssl);
+#else
+        ssl->options.sendKeyUpdate = 1;
+        return 0;
+#endif
     }
 
     WOLFSSL_LEAVE("DoTls13KeyUpdate", ret);
@@ -11657,9 +11904,9 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
 {
     byte*  output;
     int    ret;
+    word32 length;
     int    sendSz;
     word16 extSz;
-    word32 length;
     word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
 
     WOLFSSL_START(WC_FUNC_NEW_SESSION_TICKET_SEND);
@@ -11730,7 +11977,7 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
     /* Nonce */
     length += TICKET_NONCE_LEN_SZ + DEF_TICKET_NONCE_SZ;
 
-    sendSz = (int)(idx + length + MAX_MSG_EXTRA);
+    sendSz = (word16)(idx + length + MAX_MSG_EXTRA);
 
     /* Check buffers are big enough and grow if needed. */
     if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
@@ -11786,6 +12033,10 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
     idx += EXTS_SZ;
 #endif
 
+    if (idx > WOLFSSL_MAX_16BIT) {
+        return BAD_LENGTH_E;
+    }
+
     ssl->options.haveSessionId = 1;
 
     SetupSession(ssl);
@@ -11798,12 +12049,15 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl)
 
 #ifdef WOLFSSL_DTLS13
     if (ssl->options.dtls)
-        return Dtls13HandshakeSend(ssl, output, sendSz, idx, session_ticket, 0);
+        return Dtls13HandshakeSend(ssl, output, (word16)sendSz,
+                                   (word16)idx, session_ticket, 0);
 #endif /* WOLFSSL_DTLS13 */
 
     /* This message is always encrypted. */
-    sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ,
-                               idx - RECORD_HEADER_SZ, handshake, 0, 0, 0);
+    sendSz = BuildTls13Message(ssl, output, sendSz,
+                               output + RECORD_HEADER_SZ,
+                               (word16)idx - RECORD_HEADER_SZ,
+                               handshake, 0, 0, 0);
     if (sendSz < 0)
         return sendSz;
 
@@ -12347,7 +12601,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 {
     int ret = 0, tmp;
     word32 inIdx = *inOutIdx;
-    int alertType = invalid_alert;
+    int alertType;
 #if defined(HAVE_ECH)
     TLSX* echX = NULL;
     word32 echInOutIdx;
@@ -12493,16 +12747,15 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
             if (echX != NULL &&
                 ((WOLFSSL_ECH*)echX->data)->state == ECH_WRITE_NONE) {
-
                 /* reset the inOutIdx to the outer start */
                 *inOutIdx = echInOutIdx;
-
                 /* call again with the inner hello */
-                ret = DoTls13ClientHello(ssl,
-                    ((WOLFSSL_ECH*)echX->data)->innerClientHello,
-                    &echInOutIdx,
-                    ((WOLFSSL_ECH*)echX->data)->innerClientHelloLen);
-
+                if (ret == 0) {
+                    ret = DoTls13ClientHello(ssl,
+                        ((WOLFSSL_ECH*)echX->data)->innerClientHello,
+                        &echInOutIdx,
+                        ((WOLFSSL_ECH*)echX->data)->innerClientHelloLen);
+                }
                 /* if the inner ech parsed successfully we have successfully
                  * handled the hello and can skip the whole message */
                 if (ret == 0)
@@ -12651,7 +12904,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         #ifdef WOLFSSL_QUIC
                 if (WOLFSSL_IS_QUIC(ssl) && ssl->earlyData != no_early_data) {
                     /* QUIC never sends/receives EndOfEarlyData, but having
-                     * early data means the last encrpytion keys had not been
+                     * early data means the last encryption keys had not been
                      * set yet. */
                     if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
                         return ret;
@@ -12662,12 +12915,21 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                     ssl->earlyData == no_early_data)) != 0) {
                     return ret;
                 }
+                if (ssl->earlyData != no_early_data) {
+                    if ((ret = DeriveTls13Keys(ssl, no_key, DECRYPT_SIDE_ONLY,
+                                                                  1)) != 0) {
+                            return ret;
+                    }
+                }
         #else
                 if ((ret = DeriveTls13Keys(ssl, traffic_key,
                                         ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) {
                     return ret;
                 }
         #endif
+                /* Setup keys for application data messages. */
+                if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
+                    return ret;
             }
         #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
             if (type == certificate_request &&
@@ -12887,7 +13149,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
     }
 
     /* make sure this wolfSSL object has arrays and rng setup. Protects
-     * case where the WOLFSSL object is re-used via wolfSSL_clear() */
+     * case where the WOLFSSL object is reused via wolfSSL_clear() */
     if ((ret = ReinitSSL(ssl, ssl->ctx, 0)) != 0) {
         return ret;
     }
@@ -12932,7 +13194,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* do not send buffered or advance state if last error was an
             async pending operation */
-        && ssl->error != WC_PENDING_E
+        && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
         if ((ret = SendBuffered(ssl)) == 0) {
@@ -13394,8 +13656,9 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group)
     }
 #endif
 
-#if defined(WOLFSSL_HAVE_KYBER)
-    if (WOLFSSL_NAMED_GROUP_IS_PQC(group)) {
+#if defined(WOLFSSL_HAVE_MLKEM)
+    if (WOLFSSL_NAMED_GROUP_IS_PQC(group) ||
+        WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) {
 
         if (ssl->ctx != NULL && ssl->ctx->method != NULL &&
             !IsAtLeastTLSv1_3(ssl->version)) {
@@ -13614,7 +13877,7 @@ int wolfSSL_update_keys(WOLFSSL* ssl)
 {
     int ret;
     ret = Tls13UpdateKeys(ssl);
-    if (ret == WANT_WRITE)
+    if (ret == WC_NO_ERR_TRACE(WANT_WRITE))
         ret = WOLFSSL_ERROR_WANT_WRITE;
     else if (ret == 0)
         ret = WOLFSSL_SUCCESS;
@@ -13715,7 +13978,7 @@ int wolfSSL_request_certificate(WOLFSSL* ssl)
     ssl->msgsReceived.got_finished = 0;
 
     ret = SendTls13CertificateRequest(ssl, &certReqCtx->ctx, certReqCtx->len);
-    if (ret == WANT_WRITE)
+    if (ret == WC_NO_ERR_TRACE(WANT_WRITE))
         ret = WOLFSSL_ERROR_WANT_WRITE;
     else if (ret == 0)
         ret = WOLFSSL_SUCCESS;
@@ -13807,8 +14070,7 @@ void wolfSSL_set_psk_client_cs_callback(WOLFSSL* ssl,
     InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
                ssl->options.haveDH, ssl->options.haveECDSAsig,
                ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-               ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-               ssl->options.useAnon, TRUE, ssl->options.side);
+               ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side);
 }
 
 /* Set the PSK callback that returns the cipher suite for a client to use
@@ -13860,8 +14122,7 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
     InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
                ssl->options.haveDH, ssl->options.haveECDSAsig,
                ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-               ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-               ssl->options.useAnon, TRUE, ssl->options.side);
+               ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side);
 }
 
 /* Set the PSK callback that returns the cipher suite for a server to use
@@ -13910,8 +14171,7 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
     InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
                ssl->options.haveDH, ssl->options.haveECDSAsig,
                ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
-               ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
-               ssl->options.useAnon, TRUE, ssl->options.side);
+               ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side);
 }
 
 /* Get name of first supported cipher suite that uses the hash indicated.
@@ -13988,7 +14248,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
     }
 
     /* make sure this wolfSSL object has arrays and rng setup. Protects
-     * case where the WOLFSSL object is re-used via wolfSSL_clear() */
+     * case where the WOLFSSL object is reused via wolfSSL_clear() */
     if ((ret = ReinitSSL(ssl, ssl->ctx, 0)) != 0) {
         return ret;
     }
@@ -14070,7 +14330,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
     #ifdef WOLFSSL_ASYNC_CRYPT
         /* do not send buffered or advance state if last error was an
             async pending operation */
-        && ssl->error != WC_PENDING_E
+        && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
 
@@ -14448,7 +14708,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
             WOLFSSL_LEAVE("wolfSSL_accept", WOLFSSL_SUCCESS);
             return WOLFSSL_SUCCESS;
 
-        default :
+        default:
             WOLFSSL_MSG("Unknown accept state ERROR");
             return WOLFSSL_FATAL_ERROR;
     }
@@ -14679,10 +14939,10 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
             return WOLFSSL_FATAL_ERROR;
     }
     if (ssl->options.handShakeState == SERVER_FINISHED_COMPLETE) {
-        ret = ReceiveData(ssl, (byte*)data, sz, FALSE);
+        ret = ReceiveData(ssl, (byte*)data, (size_t)sz, FALSE);
         if (ret > 0)
             *outSz = ret;
-        if (ssl->error == ZERO_RETURN) {
+        if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) {
             ssl->error = WOLFSSL_ERROR_NONE;
 #ifdef WOLFSSL_DTLS13
             if (ssl->options.dtls) {
@@ -14817,4 +15077,4 @@ int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* secret,
 
 #endif /* !WOLFCRYPT_ONLY */
 
-#endif /* WOLFSSL_TLS13 */
+#endif /* !NO_TLS && WOLFSSL_TLS13 */
diff --git a/src/wolfio.c b/src/wolfio.c
index d6a285a91..080973472 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -1,6 +1,6 @@
 /* wolfio.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,17 +24,17 @@
 #define WOLFSSL_STRERROR_BUFFER_SIZE 256
 #endif
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef WOLFCRYPT_ONLY
 
-#ifdef _WIN32_WCE
-    /* On WinCE winsock2.h must be included before windows.h for socket stuff */
-    #include <winsock2.h>
+#if defined(HAVE_ERRNO_H) && defined(WOLFSSL_NO_SOCK) && \
+    (defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT))
+    /* error codes are needed for TranslateIoReturnCode() and
+     * wolfIO_TcpConnect() even if defined(WOLFSSL_NO_SOCK), which inhibits
+     * inclusion of errno.h by wolfio.h.
+     */
+    #include <errno.h>
 #endif
 
 #include <wolfssl/internal.h>
@@ -47,7 +47,9 @@ int Nucleus_Net_Errno;
 #endif
 
 #if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT)
-    #ifndef USE_WINDOWS_API
+    #ifdef USE_WINDOWS_API
+        #include <winsock2.h>
+    #else
         #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
         #elif defined(ARDUINO)
         #elif defined(FREESCALE_MQX)
@@ -116,7 +118,7 @@ Possible IO enable options:
  *
  * DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER: This flag has effect only if
  * ASN_NO_TIME is enabled. If enabled invalid peers messages are ignored
- * indefinetely. If not enabled EmbedReceiveFrom will return timeout after
+ * indefinitely. If not enabled EmbedReceiveFrom will return timeout after
  * DTLS_RECEIVEFROM_MAX_INVALID_PEER number of packets from invalid peers. When
  * enabled, without a timer, EmbedReceivefrom can't check if the timeout is
  * expired and it may never return under a continuous flow of invalid packets.
@@ -220,7 +222,7 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction)
         else
             return WOLFSSL_CBIO_ERR_TIMEOUT;
     }
-#endif
+#endif /* SOCKET_ETIMEDOUT */
 
     else if (err == SOCKET_ECONNRESET) {
         WOLFSSL_MSG("\tConnection reset");
@@ -239,7 +241,7 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction)
         return WOLFSSL_CBIO_ERR_CONN_CLOSE;
     }
 
-#if defined(_WIN32)
+#if defined(_WIN32) && !defined(__WATCOMC__)
     strcpy_s(errstr, sizeof(errstr), "\tGeneral error: ");
     errstr_offset = strlen(errstr);
     FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
@@ -251,7 +253,7 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction)
         NULL);
     WOLFSSL_MSG(errstr);
 #else
-    WOLFSSL_MSG("\tGeneral error");
+    WOLFSSL_MSG_EX("\tGeneral error: %d", err);
 #endif
     return WOLFSSL_CBIO_ERR_GENERAL;
 }
@@ -259,6 +261,68 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction)
 
 #ifdef OPENSSL_EXTRA
 #ifndef NO_BIO
+
+int wolfSSL_BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
+{
+    return SslBioSend(ssl, buf, sz, ctx);
+}
+
+int wolfSSL_BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+    return SslBioReceive(ssl, buf, sz, ctx);
+}
+
+int BioReceiveInternal(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr, char* buf,
+                       int sz)
+{
+    int recvd = WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_GENERAL);
+
+    WOLFSSL_ENTER("SslBioReceive");
+
+    if (biord == NULL) {
+        WOLFSSL_MSG("WOLFSSL biord not set");
+        return WOLFSSL_CBIO_ERR_GENERAL;
+    }
+
+    recvd = wolfSSL_BIO_read(biord, buf, sz);
+    if (recvd <= 0) {
+        if (/* ssl->biowr->wrIdx is checked for Bind9 */
+            wolfSSL_BIO_method_type(biowr) == WOLFSSL_BIO_BIO &&
+            wolfSSL_BIO_wpending(biowr) != 0 &&
+            /* Not sure this pending check is necessary but let's double
+             * check that the read BIO is empty before we signal a write
+             * need */
+            wolfSSL_BIO_supports_pending(biord) &&
+            wolfSSL_BIO_ctrl_pending(biord) == 0) {
+            /* Let's signal to the app layer that we have
+             * data pending that needs to be sent. */
+            return WOLFSSL_CBIO_ERR_WANT_WRITE;
+        }
+        else if (biord->type == WOLFSSL_BIO_SOCKET) {
+            if (recvd == 0) {
+                WOLFSSL_MSG("SslBioReceive connection closed");
+                return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+            }
+        #ifdef USE_WOLFSSL_IO
+            recvd = TranslateIoReturnCode(recvd, biord->num.fd,
+                                          SOCKET_RECEIVING);
+        #endif
+            return recvd;
+        }
+
+        /* If retry and read flags are set, return WANT_READ */
+        if ((biord->flags & WOLFSSL_BIO_FLAG_READ) &&
+            (biord->flags & WOLFSSL_BIO_FLAG_RETRY)) {
+            return WOLFSSL_CBIO_ERR_WANT_READ;
+        }
+
+        WOLFSSL_MSG("BIO general error");
+        return WOLFSSL_CBIO_ERR_GENERAL;
+    }
+
+    return recvd;
+}
+
 /* Use the WOLFSSL read BIO for receiving data. This is set by the function
  * wolfSSL_set_bio and can also be set by wolfSSL_CTX_SetIORecv.
  *
@@ -270,55 +334,11 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction)
  *
  * returns the amount of data read or want read. See WOLFSSL_CBIO_ERR_* values.
  */
-int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+int SslBioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 {
-    int recvd = WOLFSSL_CBIO_ERR_GENERAL;
-
-    WOLFSSL_ENTER("BioReceive");
-
-    if (ssl->biord == NULL) {
-        WOLFSSL_MSG("WOLFSSL biord not set");
-        return WOLFSSL_CBIO_ERR_GENERAL;
-    }
-
-    recvd = wolfSSL_BIO_read(ssl->biord, buf, sz);
-    if (recvd <= 0) {
-        if (/* ssl->biowr->wrIdx is checked for Bind9 */
-            wolfSSL_BIO_method_type(ssl->biowr) == WOLFSSL_BIO_BIO &&
-            wolfSSL_BIO_wpending(ssl->biowr) != 0 &&
-            /* Not sure this pending check is necessary but let's double
-             * check that the read BIO is empty before we signal a write
-             * need */
-            wolfSSL_BIO_supports_pending(ssl->biord) &&
-            wolfSSL_BIO_ctrl_pending(ssl->biord) == 0) {
-            /* Let's signal to the app layer that we have
-             * data pending that needs to be sent. */
-            return WOLFSSL_CBIO_ERR_WANT_WRITE;
-        }
-        else if (ssl->biord->type == WOLFSSL_BIO_SOCKET) {
-            if (recvd == 0) {
-                WOLFSSL_MSG("BioReceive connection closed");
-                return WOLFSSL_CBIO_ERR_CONN_CLOSE;
-            }
-        #ifdef USE_WOLFSSL_IO
-            recvd = TranslateIoReturnCode(recvd, ssl->biord->num.fd,
-                                          SOCKET_RECEIVING);
-        #endif
-            return recvd;
-        }
-
-        /* If retry and read flags are set, return WANT_READ */
-        if ((ssl->biord->flags & WOLFSSL_BIO_FLAG_READ) &&
-            (ssl->biord->flags & WOLFSSL_BIO_FLAG_RETRY)) {
-            return WOLFSSL_CBIO_ERR_WANT_READ;
-        }
-
-        WOLFSSL_MSG("BIO general error");
-        return WOLFSSL_CBIO_ERR_GENERAL;
-    }
-
+    WOLFSSL_ENTER("SslBioReceive");
     (void)ctx;
-    return recvd;
+    return BioReceiveInternal(ssl->biord, ssl->biowr, buf, sz);
 }
 
 
@@ -332,11 +352,11 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
  *
  * returns the amount of data sent or want send. See WOLFSSL_CBIO_ERR_* values.
  */
-int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
+int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
 {
-    int sent = WOLFSSL_CBIO_ERR_GENERAL;
+    int sent = WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_GENERAL);
 
-    WOLFSSL_ENTER("BioSend");
+    WOLFSSL_ENTER("SslBioSend");
 
     if (ssl->biowr == NULL) {
         WOLFSSL_MSG("WOLFSSL biowr not set");
@@ -542,7 +562,7 @@ STATIC int nucyassl_sendto(INT sd, CHAR *buf, UINT16 sz, INT16 flags,
     #define DTLS_RECVFROM_FUNCTION recvfrom
 #endif
 
-static int sockAddrEqual(
+int sockAddrEqual(
     SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen)
 {
     if (aLen != bLen)
@@ -632,8 +652,18 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
 #elif !defined(DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER)
     word32 invalidPeerPackets = 0;
 #endif
+    int newPeer = 0;
+    int ret = 0;
 
     WOLFSSL_ENTER("EmbedReceiveFrom");
+    (void)ret; /* possibly unused */
+
+    XMEMSET(&lclPeer, 0, sizeof(lclPeer));
+
+#ifdef WOLFSSL_RW_THREADED
+    if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        return WOLFSSL_CBIO_ERR_GENERAL;
+#endif
 
     if (dtlsCtx->connected) {
         peer = NULL;
@@ -642,37 +672,49 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
 #ifndef WOLFSSL_IPV6
         if (PeerIsIpv6((SOCKADDR_S*)dtlsCtx->peer.sa, dtlsCtx->peer.sz)) {
             WOLFSSL_MSG("ipv6 dtls peer set but no ipv6 support compiled");
-            return NOT_COMPILED_IN;
+            ret = WOLFSSL_CBIO_ERR_GENERAL;
         }
 #endif
         peer = &lclPeer;
-        XMEMSET(&lclPeer, 0, sizeof(lclPeer));
         peerSz = sizeof(lclPeer);
     }
     else {
         /* Store the peer address. It is used to calculate the DTLS cookie. */
-        if (dtlsCtx->peer.sa == NULL) {
-            dtlsCtx->peer.sa = (void*)XMALLOC(sizeof(SOCKADDR_S),
-                    ssl->heap, DYNAMIC_TYPE_SOCKADDR);
-            dtlsCtx->peer.sz = 0;
-            if (dtlsCtx->peer.sa != NULL)
-                dtlsCtx->peer.bufSz = sizeof(SOCKADDR_S);
-            else
-                dtlsCtx->peer.bufSz = 0;
+        newPeer = dtlsCtx->peer.sa == NULL || !ssl->options.dtlsStateful;
+        peer = &lclPeer;
+        if (dtlsCtx->peer.sa != NULL) {
+            XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, MIN(sizeof(lclPeer),
+                    dtlsCtx->peer.sz));
         }
-        peer = (SOCKADDR_S*)dtlsCtx->peer.sa;
-        peerSz = dtlsCtx->peer.bufSz;
+        peerSz = sizeof(lclPeer);
     }
 
+#ifdef WOLFSSL_RW_THREADED
+    /* We make a copy above to avoid holding the lock for the entire function */
+    if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+        return WOLFSSL_CBIO_ERR_GENERAL;
+#endif
+
+    if (ret != 0)
+        return ret;
+
     /* Don't use ssl->options.handShakeDone since it is true even if
      * we are in the process of renegotiation */
     doDtlsTimeout = ssl->options.handShakeState != HANDSHAKE_DONE;
 
 #ifdef WOLFSSL_DTLS13
     if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
-        doDtlsTimeout =
-            doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL ||
+        doDtlsTimeout = doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL;
+#ifdef WOLFSSL_RW_THREADED
+        ret = wc_LockMutex(&ssl->dtls13Rtx.mutex);
+        if (ret != 0)
+            return ret;
+#endif
+        doDtlsTimeout = doDtlsTimeout ||
             (ssl->dtls13FastTimeout && ssl->dtls13Rtx.seenRecords != NULL);
+#ifdef WOLFSSL_RW_THREADED
+        wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
+#endif
     }
 #endif /* WOLFSSL_DTLS13 */
 
@@ -717,7 +759,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
             else
             #endif /* WOLFSSL_DTLS13 */
                 timeout.tv_sec = dtls_timeout;
-        #endif
+        #endif /* USE_WINDOWS_API */
             if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
                     sizeof(timeout)) != 0) {
                 WOLFSSL_MSG("setsockopt rcvtimeo failed");
@@ -737,33 +779,23 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
         }
 #endif /* !NO_ASN_TIME */
 
-        recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, ssl->rflags,
-            (SOCKADDR*)peer, peer != NULL ? &peerSz : NULL);
-
-        /* From the RECV(2) man page
-         * The returned address is truncated if the buffer provided is too
-         * small; in this case, addrlen will return a value greater than was
-         * supplied to the call.
-         */
-        if (dtlsCtx->connected) {
-            /* No need to sanitize the value of peerSz */
-        }
-        else if (dtlsCtx->userSet) {
-            /* Truncate peer size */
-            if (peerSz > (XSOCKLENT)sizeof(lclPeer))
-                peerSz = (XSOCKLENT)sizeof(lclPeer);
-        }
-        else {
-            /* Truncate peer size */
-            if (peerSz > (XSOCKLENT)dtlsCtx->peer.bufSz)
-                peerSz = (XSOCKLENT)dtlsCtx->peer.bufSz;
+        {
+            XSOCKLENT inPeerSz = peerSz;
+            recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz,
+                 ssl->rflags, (SOCKADDR*)peer, peer != NULL ? &inPeerSz : NULL);
+            /* Truncate peerSz. From the RECV(2) man page
+             * The returned address is truncated if the buffer provided is too
+             * small; in this case, addrlen will return a value greater than was
+             * supplied to the call.
+             */
+            peerSz = MIN(peerSz, inPeerSz);
         }
 
         recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING);
 
         if (recvd < 0) {
             WOLFSSL_MSG("Embed Receive From error");
-            if (recvd == WOLFSSL_CBIO_ERR_WANT_READ &&
+            if (recvd == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) &&
                 !wolfSSL_dtls_get_using_nonblock(ssl)) {
                 recvd = WOLFSSL_CBIO_ERR_TIMEOUT;
             }
@@ -785,11 +817,23 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
         }
         else if (dtlsCtx->userSet) {
             /* Check we received the packet from the correct peer */
+            int ignore = 0;
+#ifdef WOLFSSL_RW_THREADED
+            if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0)
+                return WOLFSSL_CBIO_ERR_GENERAL;
+#endif
             if (dtlsCtx->peer.sz > 0 &&
                 (peerSz != (XSOCKLENT)dtlsCtx->peer.sz ||
                     !sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa,
                         dtlsCtx->peer.sz))) {
                 WOLFSSL_MSG("    Ignored packet from invalid peer");
+                ignore = 1;
+            }
+#ifdef WOLFSSL_RW_THREADED
+            if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+                return WOLFSSL_CBIO_ERR_GENERAL;
+#endif
+            if (ignore) {
 #if defined(NO_ASN_TIME) &&                                                    \
     !defined(DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER)
                 if (doDtlsTimeout) {
@@ -804,8 +848,30 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
             }
         }
         else {
-            /* Store size of saved address */
-            dtlsCtx->peer.sz = peerSz;
+            if (newPeer) {
+                /* Store size of saved address. Locking handled internally. */
+                if (wolfSSL_dtls_set_peer(ssl, peer, peerSz) != WOLFSSL_SUCCESS)
+                    return WOLFSSL_CBIO_ERR_GENERAL;
+            }
+#ifndef WOLFSSL_PEER_ADDRESS_CHANGES
+            else {
+                ret = 0;
+    #ifdef WOLFSSL_RW_THREADED
+                if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0)
+                    return WOLFSSL_CBIO_ERR_GENERAL;
+    #endif /* WOLFSSL_RW_THREADED */
+                if (!sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa,
+                                    dtlsCtx->peer.sz)) {
+                    ret = WOLFSSL_CBIO_ERR_GENERAL;
+                }
+    #ifdef WOLFSSL_RW_THREADED
+                if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0)
+                    return WOLFSSL_CBIO_ERR_GENERAL;
+    #endif /* WOLFSSL_RW_THREADED */
+                if (ret != 0)
+                    return ret;
+            }
+#endif /* !WOLFSSL_PEER_ADDRESS_CHANGES */
         }
 #ifndef NO_ASN_TIME
         ssl->dtls_start_timeout = 0;
@@ -876,7 +942,7 @@ int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, int sz, void *ctx)
 
     if (recvd < 0) {
         WOLFSSL_MSG("Embed Receive From error");
-        if (recvd == WOLFSSL_CBIO_ERR_WANT_READ &&
+        if (recvd == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) &&
             !wolfSSL_dtls_get_using_nonblock(ssl)) {
             recvd = WOLFSSL_CBIO_ERR_TIMEOUT;
         }
@@ -989,7 +1055,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
                 }
                 ((SOCKADDR_IN*)&addr)->sin_port = XHTONS(port);
 
-                /* peer sa is free'd in SSL_ResourceFree */
+                /* peer sa is free'd in wolfSSL_ResourceFree */
                 if ((ret = wolfSSL_dtls_set_peer(ssl, (SOCKADDR_IN*)&addr,
                                           sizeof(SOCKADDR_IN)))!= WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("Import DTLS peer info error");
@@ -1006,7 +1072,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
                 }
                 ((SOCKADDR_IN6*)&addr)->sin6_port = XHTONS(port);
 
-                /* peer sa is free'd in SSL_ResourceFree */
+                /* peer sa is free'd in wolfSSL_ResourceFree */
                 if ((ret = wolfSSL_dtls_set_peer(ssl, (SOCKADDR_IN6*)&addr,
                                          sizeof(SOCKADDR_IN6)))!= WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("Import DTLS peer info error");
@@ -1022,7 +1088,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
 
         return WOLFSSL_SUCCESS;
     }
-#endif
+#endif /* WOLFSSL_DTLS */
 
     /* get the peer information in human readable form (ip, port, family)
      * default function assumes BSD sockets
@@ -1180,7 +1246,10 @@ int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wr
         unsigned long blocking = non_blocking;
         ret = ioctlsocket(sockfd, FIONBIO, &blocking);
         if (ret == SOCKET_ERROR)
-            ret = -1;
+            ret = WOLFSSL_FATAL_ERROR;
+    #elif defined(__WATCOMC__) && defined(__OS2__)
+        if (ioctl(sockfd, FIONBIO, &non_blocking) == -1)
+            ret = WOLFSSL_FATAL_ERROR;
     #else
         ret = fcntl(sockfd, F_GETFL, 0);
         if (ret >= 0) {
@@ -1210,7 +1279,7 @@ int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wr
 
         if ((sockfd < 0) || (sockfd >= FD_SETSIZE)) {
             WOLFSSL_MSG("socket fd out of FDSET range");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     #endif
 
@@ -1220,9 +1289,9 @@ int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wr
 
         ret = select(nfds, &rfds, &wfds, NULL, &timeout);
         if (ret == 0) {
-        #ifdef DEBUG_HTTP
+    #ifdef DEBUG_HTTP
             fprintf(stderr, "Timeout: %d\n", ret);
-        #endif
+    #endif
             return HTTP_TIMEOUT;
         }
         else if (ret > 0) {
@@ -1287,16 +1356,16 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 #else
     HOSTENT *entry;
 #endif
-#endif
+#endif /* !WOLFSSL_USE_POPEN_HOST */
 #ifdef WOLFSSL_IPV6
     SOCKADDR_IN6 *sin;
 #else
     SOCKADDR_IN *sin;
-#endif
-#endif /* HAVE_SOCKADDR */
+#endif /* WOLFSSL_IPV6 */
+#endif /* HAVE_GETADDRINFO */
 
     if (sockfd == NULL || ip == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #if !defined(HAVE_GETADDRINFO)
@@ -1304,8 +1373,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
     sockaddr_len = sizeof(SOCKADDR_IN6);
 #else
     sockaddr_len = sizeof(SOCKADDR_IN);
-#endif
-#endif
+#endif /* WOLFSSL_IPV6 */
+#endif /* !HAVE_GETADDRINFO */
     XMEMSET(&addr, 0, sizeof(addr));
 
 #ifdef WOLFIO_DEBUG
@@ -1325,12 +1394,12 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 
     if (wolfIO_Word16ToString(strPort, port) == 0) {
         WOLFSSL_MSG("invalid port number for responder");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     if (getaddrinfo(ip, strPort, &hints, &answer) < 0 || answer == NULL) {
         WOLFSSL_MSG("no addr info for responder");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     sockaddr_len = answer->ai_addrlen;
@@ -1394,7 +1463,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
         }
         else {
             WOLFSSL_MSG("no addr info for responder");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 #else
@@ -1423,7 +1492,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
         sin = (SOCKADDR_IN *)&addr;
         sin->sin_family = AF_INET;
         sin->sin_port = XHTONS(port);
-        XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0], entry->h_length);
+        XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0],
+                (size_t)entry->h_length);
     #endif
     }
 
@@ -1434,7 +1504,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 
     if (entry == NULL) {
         WOLFSSL_MSG("no addr info for responder");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
@@ -1447,7 +1517,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
     {
         WOLFSSL_MSG("bad socket fd, out of fds?");
         *sockfd = SOCKET_INVALID;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #ifdef HAVE_IO_TIMEOUT
@@ -1457,7 +1527,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
     }
 #else
     (void)to_sec;
-#endif
+#endif /* HAVE_IO_TIMEOUT */
 
     ret = connect(*sockfd, (SOCKADDR *)&addr, sockaddr_len);
 #ifdef HAVE_IO_TIMEOUT
@@ -1476,12 +1546,12 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
             wolfIO_SetBlockingMode(*sockfd, 0);
         }
     }
-#endif
+#endif /* HAVE_IO_TIMEOUT */
     if (ret != 0) {
         WOLFSSL_MSG("Responder tcp connect failed");
         CloseSocket(*sockfd);
         *sockfd = SOCKET_INVALID;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     return ret;
 #else
@@ -1489,7 +1559,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
     (void)ip;
     (void)port;
     (void)to_sec;
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 #endif /* HAVE_SOCKADDR */
 }
 
@@ -1502,7 +1572,7 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port)
     SOCKADDR_IN *sin = (SOCKADDR_IN *)&addr;
 
     if (sockfd == NULL || port < 1) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     XMEMSET(&addr, 0, sizeof(addr));
@@ -1520,7 +1590,7 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port)
     {
         WOLFSSL_MSG("socket failed");
         *sockfd = SOCKET_INVALID;
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\
@@ -1541,14 +1611,14 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port)
         WOLFSSL_MSG("wolfIO_TcpBind failed");
         CloseSocket(*sockfd);
         *sockfd = SOCKET_INVALID;
-        ret = -1;
+        ret = WOLFSSL_FATAL_ERROR;
     }
 
     return ret;
 #else
     (void)sockfd;
     (void)port;
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 #endif /* HAVE_SOCKADDR */
 }
 
@@ -1628,7 +1698,7 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath,
             }
 
             for (j = 0; j < i; j++) {
-                if (port[j] < '0' || port[j] > '9') return -1;
+                if (port[j] < '0' || port[j] > '9') return WOLFSSL_FATAL_ERROR;
                 bigPort = (bigPort * 10) + (word32)(port[j] - '0');
             }
             if (outPort)
@@ -1659,8 +1729,9 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath,
     return result;
 }
 
-static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
-    int* recvBufSz, int chunkSz, char* start, int len, int dynType, void* heap)
+static int wolfIO_HttpProcessResponseBuf(WolfSSLGenericIORecvCb ioCb,
+    void* ioCbCtx, byte **recvBuf, int* recvBufSz, int chunkSz, char* start,
+    int len, int dynType, void* heap)
 {
     byte* newRecvBuf = NULL;
     int newRecvSz = *recvBufSz + chunkSz;
@@ -1707,13 +1778,13 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
         else {
             WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf bad size");
             XFREE(newRecvBuf, heap, dynType);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
     /* receive the remainder of chunk */
     while (len < chunkSz) {
-        int rxSz = wolfIO_Recv(sfd, (char*)&newRecvBuf[pos], chunkSz-len, 0);
+        int rxSz = ioCb((char*)&newRecvBuf[pos], chunkSz-len, ioCbCtx);
         if (rxSz > 0) {
             len += rxSz;
             pos += rxSz;
@@ -1721,7 +1792,7 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
         else {
             WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf recv failed");
             XFREE(newRecvBuf, heap, dynType);
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
     }
 
@@ -1731,8 +1802,9 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
     return 0;
 }
 
-int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
-    byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap)
+int wolfIO_HttpProcessResponseGenericIO(WolfSSLGenericIORecvCb ioCb,
+    void* ioCbCtx, const char** appStrList, unsigned char** respBuf,
+    unsigned char* httpBuf, int httpBufSz, int dynType, void* heap)
 {
     static const char HTTP_PROTO[] = "HTTP/1.";
     static const char HTTP_STATUS_200[] = "200";
@@ -1753,8 +1825,8 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
     do {
         if (state == phr_get_chunk_data) {
             /* get chunk of data */
-            result = wolfIO_HttpProcessResponseBuf(sfd, respBuf, &respBufSz,
-                chunkSz, start, len, dynType, heap);
+            result = wolfIO_HttpProcessResponseBuf(ioCb, ioCbCtx, respBuf,
+                &respBufSz, chunkSz, start, len, dynType, heap);
 
             state = (result != 0) ? phr_http_end : phr_get_chunk_len;
             end = NULL;
@@ -1768,14 +1840,14 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
                                       * can.
                                       */
             }
-            result = wolfIO_Recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0);
+            result = ioCb((char*)httpBuf+len, httpBufSz-len-1, ioCbCtx);
             if (result > 0) {
                 len += result;
                 start = (char*)httpBuf;
                 start[len] = 0;
             }
             else {
-                if (result == WOLFSSL_CBIO_ERR_WANT_READ) {
+                if (result == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) {
                     return OCSP_WANT_READ;
                 }
 
@@ -1894,8 +1966,8 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
     } while (state != phr_http_end);
 
     if (!isChunked) {
-        result = wolfIO_HttpProcessResponseBuf(sfd, respBuf, &respBufSz, chunkSz,
-                                                    start, len, dynType, heap);
+        result = wolfIO_HttpProcessResponseBuf(ioCb, ioCbCtx, respBuf,
+                &respBufSz, chunkSz, start, len, dynType, heap);
     }
 
     if (result >= 0) {
@@ -1907,6 +1979,22 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
 
     return result;
 }
+
+static int httpResponseIoCb(char* buf, int sz, void* ctx)
+{
+    /* Double cast to silence the compiler int/pointer width msg */
+    return wolfIO_Recv((SOCKET_T)(uintptr_t)ctx, buf, sz, 0);
+}
+
+int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
+    byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap)
+{
+    return wolfIO_HttpProcessResponseGenericIO(httpResponseIoCb,
+            /* Double cast to silence the compiler int/pointer width msg */
+            (void*)(uintptr_t)sfd, appStrList, respBuf, httpBuf, httpBufSz,
+            dynType, heap);
+}
+
 int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName,
                                const char *path, int pathLen, int reqSz, const char *contentType,
                                byte *buf, int bufSize)
@@ -2028,17 +2116,25 @@ int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path,
         ocspReqSz, "application/ocsp-request", cacheCtl, buf, bufSize);
 }
 
+static const char* ocspAppStrList[] = {
+    "application/ocsp-response",
+    NULL
+};
+
+WOLFSSL_API int wolfIO_HttpProcessResponseOcspGenericIO(
+    WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, unsigned char** respBuf,
+    unsigned char* httpBuf, int httpBufSz, void* heap)
+{
+    return wolfIO_HttpProcessResponseGenericIO(ioCb, ioCbCtx,
+          ocspAppStrList, respBuf, httpBuf, httpBufSz, DYNAMIC_TYPE_OCSP, heap);
+}
+
 /* return: >0 OCSP Response Size
  *         -1 error */
 int wolfIO_HttpProcessResponseOcsp(int sfd, byte** respBuf,
                                        byte* httpBuf, int httpBufSz, void* heap)
 {
-    const char* appStrList[] = {
-        "application/ocsp-response",
-        NULL
-    };
-
-    return wolfIO_HttpProcessResponse(sfd, appStrList,
+    return wolfIO_HttpProcessResponse(sfd, ocspAppStrList,
         respBuf, httpBuf, httpBufSz, DYNAMIC_TYPE_OCSP, heap);
 }
 
@@ -2273,6 +2369,20 @@ void wolfSSL_SSLSetIOSend(WOLFSSL *ssl, CallbackIOSend CBIOSend)
     }
 }
 
+void wolfSSL_SSLDisableRead(WOLFSSL *ssl)
+{
+    if (ssl) {
+        ssl->options.disableRead = 1;
+    }
+}
+
+void wolfSSL_SSLEnableRead(WOLFSSL *ssl)
+{
+    if (ssl) {
+        ssl->options.disableRead = 0;
+    }
+}
+
 
 void wolfSSL_SetIOReadCtx(WOLFSSL* ssl, void *rctx)
 {
@@ -2558,7 +2668,7 @@ int MicriumReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
             }
         }
     }
-    #endif
+    #endif /* WOLFSSL_DTLS */
 
     ret = NetSock_RxData(sd, buf, sz, ssl->rflags, &err);
     if (ret < 0) {
@@ -3010,7 +3120,7 @@ int uIPReceive(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
 {
     uip_wolfssl_ctx *ctx = (uip_wolfssl_ctx *)_ctx;
     if (!ctx || !ctx->ssl_rx_databuf)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     (void)ssl;
     if (ctx->ssl_rb_len > 0) {
         if (sz > ctx->ssl_rb_len - ctx->ssl_rb_off)
@@ -3162,7 +3272,7 @@ int LwIPNativeSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 
     ret = tcp_write(nlwip->pcb, buf, sz, TCP_WRITE_FLAG_COPY);
     if (ret != ERR_OK) {
-        sz = -1;
+        sz = WOLFSSL_FATAL_ERROR;
     }
 
     return sz;
@@ -3310,7 +3420,7 @@ int wolfSSL_SetIO_LwIP(WOLFSSL* ssl, void* pcb,
 
     return ERR_OK;
 }
-#endif
+#endif /* WOLFSSL_LWIP_NATIVE */
 
 #ifdef WOLFSSL_ISOTP
 static int isotp_send_single_frame(struct isotp_wolfssl_ctx *ctx, char *buf,
@@ -3695,5 +3805,5 @@ int wolfSSL_SetIO_ISOTP(WOLFSSL *ssl, isotp_wolfssl_ctx *ctx,
     }
     return 0;
 }
-#endif
+#endif /* WOLFSSL_ISOTP */
 #endif /* WOLFCRYPT_ONLY */
diff --git a/src/x509.c b/src/x509.c
index 2e443a023..47d8a3529 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -1,6 +1,6 @@
 /* x509.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if !defined(WOLFSSL_X509_INCLUDED)
     #ifndef WOLFSSL_IGNORE_FILE_WARN
@@ -49,10 +44,10 @@ unsigned int wolfSSL_X509_get_extension_flags(WOLFSSL_X509* x509)
 
     if (x509 != NULL) {
         if (x509->keyUsageSet) {
-            flags |= EXFLAG_KUSAGE;
+            flags |= WOLFSSL_EXFLAG_KUSAGE;
         }
         if (x509->extKeyUsageSrc != NULL) {
-            flags |= EXFLAG_XKUSAGE;
+            flags |= WOLFSSL_EXFLAG_XKUSAGE;
         }
     }
 
@@ -92,19 +87,19 @@ unsigned int wolfSSL_X509_get_extended_key_usage(WOLFSSL_X509* x509)
 
     if (x509 != NULL) {
         if (x509->extKeyUsage & EXTKEYUSE_OCSP_SIGN)
-            ret |= XKU_OCSP_SIGN;
+            ret |= WOLFSSL_XKU_OCSP_SIGN;
         if (x509->extKeyUsage & EXTKEYUSE_TIMESTAMP)
-            ret |= XKU_TIMESTAMP;
+            ret |= WOLFSSL_XKU_TIMESTAMP;
         if (x509->extKeyUsage & EXTKEYUSE_EMAILPROT)
-            ret |= XKU_SMIME;
+            ret |= WOLFSSL_XKU_SMIME;
         if (x509->extKeyUsage & EXTKEYUSE_CODESIGN)
-            ret |= XKU_CODE_SIGN;
+            ret |= WOLFSSL_XKU_CODE_SIGN;
         if (x509->extKeyUsage & EXTKEYUSE_CLIENT_AUTH)
-            ret |= XKU_SSL_CLIENT;
+            ret |= WOLFSSL_XKU_SSL_CLIENT;
         if (x509->extKeyUsage & EXTKEYUSE_SERVER_AUTH)
-            ret |= XKU_SSL_SERVER;
+            ret |= WOLFSSL_XKU_SSL_SERVER;
         if (x509->extKeyUsage & EXTKEYUSE_ANY)
-            ret |= XKU_ANYEKU;
+            ret |= WOLFSSL_XKU_ANYEKU;
     }
 
     WOLFSSL_LEAVE("wolfSSL_X509_get_extended_key_usage", ret);
@@ -314,7 +309,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_create_by_OBJ(
         if (ret == NULL) {
             err = 1;
         }
-    } else {
+    }
+    else {
         /* Prevent potential memory leaks and dangling pointers. */
         wolfSSL_ASN1_OBJECT_free(ret->obj);
         ret->obj = NULL;
@@ -360,73 +356,12 @@ WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void)
 /* This function does NOT return 1 on success. It returns 0 on fail, and the
  * number of items in the stack upon success. This is for compatibility with
  * OpenSSL. */
-int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,WOLFSSL_X509_EXTENSION* ext)
+int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,
+    WOLFSSL_X509_EXTENSION* ext)
 {
-    WOLFSSL_STACK* node;
-
     WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_push");
 
-    if (sk == NULL || ext == NULL) {
-        return WOLFSSL_FAILURE;
-    }
-
-    /* no previous values in stack */
-    if (sk->data.ext == NULL) {
-        sk->data.ext = ext;
-        sk->num += 1;
-        return (int)sk->num;
-    }
-
-    /* stack already has value(s) create a new node and add more */
-    node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
-                                                             DYNAMIC_TYPE_X509);
-    if (node == NULL) {
-        WOLFSSL_MSG("Memory error");
-        return WOLFSSL_FAILURE;
-    }
-    XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
-
-    /* push new obj onto head of stack */
-    node->data.ext  = sk->data.ext;
-    node->next      = sk->next;
-    node->type      = sk->type;
-    sk->next        = node;
-    sk->data.ext    = ext;
-    sk->num        += 1;
-
-    return (int)sk->num;
-}
-
-/* Free the structure for X509_EXTENSION stack
- *
- * sk  stack to free nodes in
- */
-void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk)
-{
-    WOLFSSL_STACK* node;
-
-    WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_free");
-
-    if (sk == NULL) {
-        return;
-    }
-
-    /* parse through stack freeing each node */
-    node = sk->next;
-    while ((node != NULL) && (sk->num > 1)) {
-        WOLFSSL_STACK* tmp = node;
-        node = node->next;
-
-        wolfSSL_X509_EXTENSION_free(tmp->data.ext);
-        XFREE(tmp, NULL, DYNAMIC_TYPE_X509);
-        sk->num -= 1;
-    }
-
-    /* free head of stack */
-    if (sk->num == 1) {
-        wolfSSL_X509_EXTENSION_free(sk->data.ext);
-    }
-    XFREE(sk, NULL, DYNAMIC_TYPE_X509);
+    return wolfSSL_sk_push(sk, ext);
 }
 
 static WOLFSSL_STACK* generateExtStack(const WOLFSSL_X509 *x)
@@ -523,22 +458,40 @@ int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x,
 
     if (!x || !obj) {
         WOLFSSL_MSG("Bad parameter");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     sk = wolfSSL_X509_get0_extensions(x);
     if (!sk) {
         WOLFSSL_MSG("No extensions");
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
     lastpos++;
     if (lastpos < 0)
         lastpos = 0;
     for (; lastpos < wolfSSL_sk_num(sk); lastpos++)
-        if (wolfSSL_OBJ_cmp((WOLFSSL_ASN1_OBJECT*)wolfSSL_sk_value(sk,
-                        lastpos), obj) == 0)
+        if (wolfSSL_OBJ_cmp(wolfSSL_sk_X509_EXTENSION_value(sk,
+                        lastpos)->obj, obj) == 0)
             return lastpos;
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
+}
+
+
+int wolfSSL_X509_OBJECT_set1_X509(WOLFSSL_X509_OBJECT *a, WOLFSSL_X509 *obj)
+{
+    WOLFSSL_STUB("wolfSSL_X509_OBJECT_set1_X509");
+    (void)a;
+    (void)obj;
+    return 0;
+}
+
+int wolfSSL_X509_OBJECT_set1_X509_CRL(WOLFSSL_X509_OBJECT *a,
+    WOLFSSL_X509_CRL *obj)
+{
+    WOLFSSL_STUB("wolfSSL_X509_OBJECT_set1_X509_CRL");
+    (void)a;
+    (void)obj;
+    return 0;
 }
 
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA */
@@ -556,10 +509,10 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
     WOLFSSL_GENERAL_NAME* gn)
 {
     int ret = 0;
-    WOLFSSL_ASN1_OBJECT* obj;
-    WOLFSSL_ASN1_TYPE* type;
-    WOLFSSL_ASN1_STRING* str;
-    byte tag;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_TYPE* type = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+    byte tag = 0;
     unsigned char* p = (unsigned char *)dns->name;
     long len = dns->len;
 
@@ -594,7 +547,7 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
             goto err;
         }
 
-        tag = ASN_UTF8STRING;
+        tag = WOLFSSL_V_ASN1_UTF8STRING;
     }
     else
 #endif
@@ -604,54 +557,34 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
 
         /* Create an object id for general name from DER encoding. */
         obj = wolfSSL_d2i_ASN1_OBJECT(NULL, (const unsigned char**)&p, len);
-        if (obj == NULL) {
+        if (obj == NULL)
             goto err;
-        }
         /* Pointer moved on and now update length of remaining data. */
         len -= (long)((size_t)p - (size_t)dns->name);
 
-        /* Next is: [0]. Check tag and length. */
-        if (GetASNTag(p, &idx, &tag, (word32)len) < 0) {
-            wolfSSL_ASN1_OBJECT_free(obj);
+        /* Next is "value      [0] EXPLICIT ANY DEFINED BY type-id" */
+        if (GetASNHeader(p, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0,
+                &idx, &nameLen, (word32)len) < 0)
             goto err;
-        }
-        if (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)) {
-            wolfSSL_ASN1_OBJECT_free(obj);
-            goto err;
-        }
-        if (GetLength(p, &idx, &nameLen, (word32)len) <= 1) {
-            wolfSSL_ASN1_OBJECT_free(obj);
-            goto err;
-        }
-
-        /* Next is a string of some type. */
-        if (GetASNTag(p, &idx, &tag, (word32)len) < 0) {
-            wolfSSL_ASN1_OBJECT_free(obj);
-            goto err;
-        }
-        if (GetLength(p, &idx, &nameLen, (word32)len) <= 0) {
-            wolfSSL_ASN1_OBJECT_free(obj);
-            goto err;
-        }
         p += idx;
         len -= idx;
+
+        /* Set the tag to object so that it gets output in raw form */
+        tag = WOLFSSL_V_ASN1_SEQUENCE;
     }
 
+
     /* Create a WOLFSSL_ASN1_STRING from the DER. */
     str = wolfSSL_ASN1_STRING_type_new(tag);
     if (str == NULL) {
-        wolfSSL_ASN1_OBJECT_free(obj);
         goto err;
     }
     wolfSSL_ASN1_STRING_set(str, p, (int)len);
 
     /* Wrap string in a WOLFSSL_ASN1_TYPE. */
     type = wolfSSL_ASN1_TYPE_new();
-    if (type == NULL) {
-        wolfSSL_ASN1_OBJECT_free(obj);
-        wolfSSL_ASN1_STRING_free(str);
+    if (type == NULL)
         goto err;
-    }
     wolfSSL_ASN1_TYPE_set(type, tag, str);
 
     /* Store the object and string in general name. */
@@ -660,11 +593,85 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
 
     ret = 1;
 err:
+    if (ret != 1) {
+        wolfSSL_ASN1_OBJECT_free(obj);
+        wolfSSL_ASN1_STRING_free(str);
+    }
     return ret;
 }
 #endif /* OPENSSL_ALL || WOLFSSL_WPAS_SMALL */
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+static int DNS_to_GENERAL_NAME(WOLFSSL_GENERAL_NAME* gn, DNS_entry* dns)
+{
+    gn->type = dns->type;
+    switch (gn->type) {
+        case WOLFSSL_GEN_OTHERNAME:
+                if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) {
+                    WOLFSSL_MSG("OTHERNAME set failed");
+                    return WOLFSSL_FAILURE;
+                }
+            break;
+
+        case WOLFSSL_GEN_EMAIL:
+        case WOLFSSL_GEN_DNS:
+        case WOLFSSL_GEN_URI:
+        case WOLFSSL_GEN_IPADD:
+        case WOLFSSL_GEN_IA5:
+                gn->d.ia5->length = dns->len;
+                if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
+                        gn->d.ia5->length) != WOLFSSL_SUCCESS) {
+                    WOLFSSL_MSG("ASN1_STRING_set failed");
+                    return WOLFSSL_FAILURE;
+                }
+                break;
+
+
+        case WOLFSSL_GEN_DIRNAME:
+            /* wolfSSL_GENERAL_NAME_new() mallocs this by default */
+            wolfSSL_ASN1_STRING_free(gn->d.ia5);
+            gn->d.ia5 = NULL;
+
+            gn->d.dirn = wolfSSL_X509_NAME_new();;
+            /* @TODO extract dir name info from DNS_entry */
+            break;
+
+#ifdef WOLFSSL_RID_ALT_NAME
+        case WOLFSSL_GEN_RID:
+            /* wolfSSL_GENERAL_NAME_new() mallocs this by default */
+            wolfSSL_ASN1_STRING_free(gn->d.ia5);
+            gn->d.ia5 = NULL;
+
+            gn->d.registeredID = wolfSSL_ASN1_OBJECT_new();
+            if (gn->d.registeredID == NULL) {
+                return WOLFSSL_FAILURE;
+            }
+            gn->d.registeredID->obj = (const unsigned char*)XMALLOC(dns->len,
+                gn->d.registeredID->heap, DYNAMIC_TYPE_ASN1);
+            if (gn->d.registeredID->obj == NULL) {
+                /* registeredID gets free'd up by caller after failure */
+                return WOLFSSL_FAILURE;
+            }
+            gn->d.registeredID->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
+            XMEMCPY((byte*)gn->d.registeredID->obj, dns->ridString, dns->len);
+            gn->d.registeredID->objSz = dns->len;
+            gn->d.registeredID->grp = oidCertExtType;
+            gn->d.registeredID->nid = WC_NID_registeredAddress;
+            break;
+#endif
+
+        case WOLFSSL_GEN_X400:
+            /* Unsupported: fall through */
+        case WOLFSSL_GEN_EDIPARTY:
+            /* Unsupported: fall through */
+        default:
+            WOLFSSL_MSG("Unsupported type conversion");
+            return WOLFSSL_FAILURE;
+    }
+    return WOLFSSL_SUCCESS;
+}
+
+
 static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
     WOLFSSL_X509_EXTENSION* ext)
 {
@@ -702,27 +709,13 @@ static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
                 goto err;
             }
 
-            gn->type = dns->type;
-            if (gn->type == GEN_OTHERNAME) {
-                if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) {
-                    WOLFSSL_MSG("OTHERNAME set failed");
-                    wolfSSL_GENERAL_NAME_free(gn);
-                    wolfSSL_sk_pop_free(sk, NULL);
-                    goto err;
-                }
-            }
-            else {
-                gn->d.ia5->length = dns->len;
-                if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
-                        gn->d.ia5->length) != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("ASN1_STRING_set failed");
-                    wolfSSL_GENERAL_NAME_free(gn);
-                    wolfSSL_sk_pop_free(sk, NULL);
-                    goto err;
-                }
+            if (DNS_to_GENERAL_NAME(gn, dns) != WOLFSSL_SUCCESS) {
+                wolfSSL_GENERAL_NAME_free(gn);
+                wolfSSL_sk_pop_free(sk, NULL);
+                goto err;
             }
 
-            if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) {
                 WOLFSSL_MSG("Error pushing onto stack");
                 wolfSSL_GENERAL_NAME_free(gn);
                 wolfSSL_sk_pop_free(sk, NULL);
@@ -763,12 +756,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
 
     WOLFSSL_ENTER("wolfSSL_X509_set_ext");
 
-    if(x509 == NULL){
+    if (x509 == NULL) {
         WOLFSSL_MSG("\tNot passed a certificate");
         return NULL;
     }
 
-    if(loc <0 || (loc > wolfSSL_X509_get_ext_count(x509))){
+    if (loc < 0 || (loc > wolfSSL_X509_get_ext_count(x509))) {
         WOLFSSL_MSG("\tBad location argument");
         return NULL;
     }
@@ -917,11 +910,37 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
 
         switch (oid) {
             case BASIC_CA_OID:
+            {
+                word32 dataIdx = idx;
+                word32 dummyOid;
+                int dataLen = 0;
+
                 if (!isSet)
                     break;
                 /* Set pathlength */
                 a = wolfSSL_ASN1_INTEGER_new();
-                if (a == NULL) {
+
+                /* Set the data */
+                ret = GetObjectId(input, &dataIdx, &dummyOid, oidCertExtType,
+                        (word32)sz) == 0;
+                if (ret && dataIdx < (word32)sz) {
+                    /* Skip the critical information */
+                    if (input[dataIdx] == ASN_BOOLEAN) {
+                        dataIdx++;
+                        ret = GetLength(input, &dataIdx, &dataLen, sz) >= 0;
+                        dataIdx += dataLen;
+                    }
+                }
+                if (ret) {
+                    ret = GetOctetString(input, &dataIdx, &dataLen,
+                            (word32)sz) > 0;
+                }
+                if (ret) {
+                    ret = wolfSSL_ASN1_STRING_set(&ext->value, input + dataIdx,
+                            dataLen) == 1;
+                }
+
+                if (a == NULL || !ret) {
                     wolfSSL_X509_EXTENSION_free(ext);
                     FreeDecodedCert(cert);
                 #ifdef WOLFSSL_SMALL_STACK
@@ -937,7 +956,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                 ext->obj->ca = x509->isCa;
                 ext->crit = x509->basicConstCrit;
                 break;
-
+            }
             case AUTH_INFO_OID:
                 if (!isSet)
                     break;
@@ -974,9 +993,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                     obj->obj = (byte*)x509->authInfoCaIssuer;
                     obj->objSz = (unsigned int)x509->authInfoCaIssuerSz;
                     obj->grp = oidCertAuthInfoType;
-                    obj->nid = NID_ad_ca_issuers;
+                    obj->nid = WC_NID_ad_ca_issuers;
 
-                    ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj);
+                    ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0
+                            ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
                     if (ret != WOLFSSL_SUCCESS) {
                         WOLFSSL_MSG("Error pushing ASN1 object onto stack");
                         wolfSSL_ASN1_OBJECT_free(obj);
@@ -1009,9 +1029,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                     obj->obj = x509->authInfo;
                     obj->objSz = (unsigned int)x509->authInfoSz;
                     obj->grp = oidCertAuthInfoType;
-                    obj->nid = NID_ad_OCSP;
+                    obj->nid = WC_NID_ad_OCSP;
 
-                    ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj);
+                    ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0
+                            ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
                     if (ret != WOLFSSL_SUCCESS) {
                         WOLFSSL_MSG("Error pushing ASN1 object onto stack");
                         wolfSSL_ASN1_OBJECT_free(obj);
@@ -1173,12 +1194,24 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                     }
                 }
 
-                ext->obj->objSz = (unsigned int)objSz;
-                if(((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
-                   (ext->obj->obj == NULL)) {
-                        ext->obj->obj =(byte*)XREALLOC((byte*)ext->obj->obj,
-                                             ext->obj->objSz,
-                                             NULL,DYNAMIC_TYPE_ASN1);
+                if (((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
+                    (ext->obj->obj == NULL)) {
+                #ifdef WOLFSSL_NO_REALLOC
+                    byte* tmp = NULL;
+
+                    tmp = (byte*)XMALLOC(objSz, NULL, DYNAMIC_TYPE_ASN1);
+                    if (tmp != NULL && ext->obj->obj != NULL) {
+                        XMEMCPY(tmp, ext->obj->obj, ext->obj->objSz);
+                        XFREE((byte*)ext->obj->obj, NULL, DYNAMIC_TYPE_ASN1);
+                    }
+                    else if (tmp == NULL) {
+                        ext->obj->obj = tmp;
+                    }
+                    ext->obj->obj = tmp;
+                #else
+                    ext->obj->obj = (byte*)XREALLOC((byte*)ext->obj->obj, objSz,
+                                           NULL, DYNAMIC_TYPE_ASN1);
+                #endif
                     if (ext->obj->obj == NULL) {
                         wolfSSL_X509_EXTENSION_free(ext);
                         FreeDecodedCert(cert);
@@ -1189,9 +1222,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                         return NULL;
                     }
                     ext->obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
-                } else {
+                }
+                else {
                     ext->obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
                 }
+                ext->obj->objSz = (unsigned int)objSz;
+
                 /* Get OID from input and copy to ASN1_OBJECT buffer */
                 XMEMCPY(oidBuf+2, input+idx, length);
                 XMEMCPY((byte*)ext->obj->obj, oidBuf, ext->obj->objSz);
@@ -1227,7 +1263,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                 #endif
                     return NULL;
                 }
-                ext->value.data = (char*)XMALLOC(length, NULL, DYNAMIC_TYPE_ASN1);
+                ext->value.data = (char*)XMALLOC(length, NULL,
+                    DYNAMIC_TYPE_ASN1);
                 ext->value.isDynamic = 1;
                 if (ext->value.data == NULL) {
                     WOLFSSL_MSG("Failed to malloc ASN1_STRING data");
@@ -1251,7 +1288,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
      */
     if (x509->ext_sk == NULL)
         x509->ext_sk = wolfSSL_sk_new_x509_ext();
-    if (wolfSSL_sk_X509_EXTENSION_push(x509->ext_sk, ext) == WOLFSSL_FAILURE) {
+    if (wolfSSL_sk_insert(x509->ext_sk, ext, -1) <= 0) {
         wolfSSL_X509_EXTENSION_free(ext);
         ext = NULL;
     }
@@ -1271,16 +1308,13 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
  * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error
  */
 static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf,
-        word32* len, void* heap) {
-    if (!str || !buf || !len) {
-        return WOLFSSL_FAILURE;
-    }
+        word32* len, void* heap)
+{
     if (str->data && str->length > 0) {
         if (*buf)
             XFREE(*buf, heap, DYNAMIC_TYPE_X509_EXT);
         *len = 0;
-        *buf = (byte*)XMALLOC(str->length, heap,
-                DYNAMIC_TYPE_X509_EXT);
+        *buf = (byte*)XMALLOC(str->length, heap, DYNAMIC_TYPE_X509_EXT);
         if (!*buf) {
             WOLFSSL_MSG("malloc error");
             return WOLFSSL_FAILURE;
@@ -1293,7 +1327,8 @@ static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf,
     return WOLFSSL_SUCCESS;
 }
 
-int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int loc)
+int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext,
+    int loc)
 {
     int nid;
 
@@ -1306,7 +1341,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
     nid = (ext->obj != NULL) ? ext->obj->type : ext->value.nid;
 
     switch (nid) {
-    case NID_authority_key_identifier:
+    case WC_NID_authority_key_identifier:
         if (x509->authKeyIdSrc != NULL) {
             /* If authKeyId points into authKeyIdSrc then free it and
              * revert to old functionality */
@@ -1321,7 +1356,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         }
         x509->authKeyIdCrit = (byte)ext->crit;
         break;
-    case NID_subject_key_identifier:
+    case WC_NID_subject_key_identifier:
         if (asn1_string_copy_to_buffer(&ext->value, &x509->subjKeyId,
                 &x509->subjKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("asn1_string_copy_to_buffer error");
@@ -1329,7 +1364,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         }
         x509->subjKeyIdCrit = (byte)ext->crit;
         break;
-    case NID_subject_alt_name:
+    case WC_NID_subject_alt_name:
     {
         WOLFSSL_GENERAL_NAMES* gns = ext->ext_sk;
         while (gns) {
@@ -1340,7 +1375,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
                 word32 len = 0;
 
                 len = SetOthername(gn->d.otherName, NULL);
-                if (len == WOLFSSL_FAILURE) {
+                if (len == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                     return WOLFSSL_FAILURE;
                 }
 
@@ -1356,7 +1391,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
                 ret = wolfSSL_X509_add_altname_ex(x509, buf, len,
                                                   ASN_OTHER_TYPE);
                 XFREE(buf, x509->heap, DYNAMIC_TYPE_X509_EXT);
-                if (ret == WOLFSSL_FAILURE) {
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                      WOLFSSL_MSG("wolfSSL_X509_add_altname_ex() failed");
                      return WOLFSSL_FAILURE;
                 }
@@ -1373,11 +1408,14 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
         x509->subjAltNameCrit = (byte)ext->crit;
         break;
     }
-    case NID_key_usage:
+    case WC_NID_key_usage:
         if (ext && ext->value.data) {
             if (ext->value.length == sizeof(word16)) {
                 /* if ext->value is already word16, set directly */
                 x509->keyUsage = *(word16*)ext->value.data;
+#ifdef BIG_ENDIAN_ORDER
+                x509->keyUsage = rotlFixed16(x509->keyUsage, 8U);
+#endif
                 x509->keyUsageCrit = (byte)ext->crit;
                 x509->keyUsageSet = 1;
             }
@@ -1395,10 +1433,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
             }
         }
         break;
-    case NID_ext_key_usage:
+    case WC_NID_ext_key_usage:
         if (ext && ext->value.data) {
             if (ext->value.length == sizeof(byte)) {
-                /* if ext->value is already word16, set directly */
+                /* if ext->value is already 1 byte, set directly */
                 x509->extKeyUsage = *(byte*)ext->value.data;
                 x509->extKeyUsageCrit = (byte)ext->crit;
             }
@@ -1415,12 +1453,14 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
             }
         }
         break;
-    case NID_basic_constraints:
+    case WC_NID_basic_constraints:
         if (ext->obj) {
             x509->isCa = (byte)ext->obj->ca;
             x509->basicConstCrit = (byte)ext->crit;
-            if (ext->obj->pathlen)
+            if (ext->obj->pathlen) {
                 x509->pathLength = (word32)ext->obj->pathlen->length;
+                x509->basicConstPlSet = 1;
+            }
             x509->basicConstSet = 1;
         }
         break;
@@ -1465,9 +1505,16 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
             return WOLFSSL_FAILURE;
         }
 
+        /* ext->crit is WOLFSSL_ASN1_BOOLEAN */
+        if (ext->crit != 0 && ext->crit != -1) {
+            XFREE(val, x509->heap, DYNAMIC_TYPE_X509_EXT);
+            XFREE(oid, x509->heap, DYNAMIC_TYPE_X509_EXT);
+            return WOLFSSL_FAILURE;
+        }
+
         /* x509->custom_exts now owns the buffers and they must be managed. */
         x509->custom_exts[x509->customExtCount].oid = oid;
-        x509->custom_exts[x509->customExtCount].crit = ext->crit;
+        x509->custom_exts[x509->customExtCount].crit = (byte)ext->crit;
         x509->custom_exts[x509->customExtCount].val = val;
         x509->custom_exts[x509->customExtCount].valSz = ext->value.length;
         x509->customExtCount++;
@@ -1488,10 +1535,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
 int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
         unsigned long flag, int indent)
 {
-    ASN1_OBJECT* obj;
-    ASN1_STRING* str;
+    WOLFSSL_ASN1_OBJECT* obj;
+    WOLFSSL_ASN1_STRING* str;
     int nid;
-    int rc = WOLFSSL_FAILURE;
+    int rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     char tmp[CTC_NAME_SIZE*2 + 1];
     const int tmpSz = sizeof(tmp);
     int tmpLen = 0;
@@ -1640,13 +1687,13 @@ int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION* ex, int crit)
  * not NULL, get the NID of the extension object and populate the
  * extension type-specific X509V3_EXT_* function(s) in v3_ext_method.
  *
- * Returns NULL on error or pointer to the v3_ext_method populated with extension
- * type-specific X509V3_EXT_* function(s).
+ * Returns NULL on error or pointer to the v3_ext_method populated with
+ * extension type-specific X509V3_EXT_* function(s).
  *
- * NOTE: NID_subject_key_identifier is currently the only extension implementing
- * the X509V3_EXT_* functions, as it is the only type called directly by QT. The
- * other extension types return a pointer to a v3_ext_method struct that contains
- * only the NID.
+ * NOTE: WC_NID_subject_key_identifier is currently the only extension
+ * implementing the X509V3_EXT_* functions, as it is the only type called
+ * directly by QT. The other extension types return a pointer to a
+ * v3_ext_method struct that contains only the NID.
  */
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex)
@@ -1670,32 +1717,32 @@ WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex)
         WOLFSSL_MSG("Failed to get nid from passed extension object");
         return NULL;
     }
-    XMEMSET(&method, 0, sizeof(WOLFSSL_v3_ext_method));
     switch (nid) {
-        case NID_basic_constraints:
+        case WC_NID_basic_constraints:
             break;
-        case NID_subject_key_identifier:
-            method.i2s = (X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING;
+        case WC_NID_subject_key_identifier:
+            method.i2s = (WOLFSSL_X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING;
             break;
-        case NID_subject_alt_name:
-            WOLFSSL_MSG("i2v function not yet implemented for Subject Alternative Name");
+        case WC_NID_subject_alt_name:
+            WOLFSSL_MSG("i2v function not yet implemented for Subject "
+                        "Alternative Name");
             break;
-        case NID_key_usage:
+        case WC_NID_key_usage:
             WOLFSSL_MSG("i2v function not yet implemented for Key Usage");
             break;
-        case NID_authority_key_identifier:
+        case WC_NID_authority_key_identifier:
             WOLFSSL_MSG("i2v function not yet implemented for Auth Key Id");
             break;
-        case NID_info_access:
+        case WC_NID_info_access:
             WOLFSSL_MSG("i2v function not yet implemented for Info Access");
             break;
-        case NID_ext_key_usage:
+        case WC_NID_ext_key_usage:
             WOLFSSL_MSG("i2v function not yet implemented for Ext Key Usage");
             break;
-        case NID_certificate_policies:
+        case WC_NID_certificate_policies:
             WOLFSSL_MSG("r2i function not yet implemented for Cert Policies");
             break;
-        case NID_crl_distribution_points:
+        case WC_NID_crl_distribution_points:
             WOLFSSL_MSG("r2i function not yet implemented for CRL Dist Points");
             break;
         default:
@@ -1798,7 +1845,7 @@ static WOLFSSL_AUTHORITY_INFO_ACCESS* wolfssl_x509v3_ext_aia_d2i(
         }
 
         /* Set the type of general name to URI (only type supported). */
-        ret = wolfSSL_GENERAL_NAME_set_type(ad->location, GEN_URI);
+        ret = wolfSSL_GENERAL_NAME_set_type(ad->location, WOLFSSL_GEN_URI);
         if (ret != WOLFSSL_SUCCESS) {
             err = 1;
             break;
@@ -1813,7 +1860,8 @@ static WOLFSSL_AUTHORITY_INFO_ACCESS* wolfssl_x509v3_ext_aia_d2i(
             break;
         }
         /* Push onto AUTHORITY_INFO_ACCESS stack. */
-        ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(aia, ad);
+        ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(aia, ad) > 0
+                ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
         if (ret != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Error pushing ASN1 AD onto stack");
             err = 1;
@@ -1861,27 +1909,27 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
 
     WOLFSSL_ENTER("wolfSSL_X509V3_EXT_d2i");
 
-    if(ext == NULL) {
+    if (ext == NULL) {
         WOLFSSL_MSG("Bad function Argument");
         return NULL;
     }
 
+    object = wolfSSL_X509_EXTENSION_get_object(ext);
+    if (object == NULL) {
+        WOLFSSL_MSG("X509_EXTENSION_get_object failed");
+        return NULL;
+    }
     /* extract extension info */
     method = wolfSSL_X509V3_EXT_get(ext);
     if (method == NULL) {
         WOLFSSL_MSG("wolfSSL_X509V3_EXT_get error");
         return NULL;
     }
-    object = wolfSSL_X509_EXTENSION_get_object(ext);
-    if (object == NULL) {
-        WOLFSSL_MSG("X509_EXTENSION_get_object failed");
-        return NULL;
-    }
 
     /* Return pointer to proper internal structure based on NID */
     switch (object->type) {
         /* basicConstraints */
-        case (NID_basic_constraints):
+        case WC_NID_basic_constraints:
             WOLFSSL_MSG("basicConstraints");
             /* Allocate new BASIC_CONSTRAINTS structure */
             bc = wolfSSL_BASIC_CONSTRAINTS_new();
@@ -1891,7 +1939,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             }
             /* Copy pathlen and CA into BASIC_CONSTRAINTS from object */
             bc->ca = object->ca;
-            if (object->pathlen->length > 0) {
+            if (object->pathlen != NULL && object->pathlen->length > 0) {
                 bc->pathlen = wolfSSL_ASN1_INTEGER_dup(object->pathlen);
                 if (bc->pathlen == NULL) {
                     WOLFSSL_MSG("Failed to duplicate ASN1_INTEGER");
@@ -1904,7 +1952,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return bc;
 
         /* subjectKeyIdentifier */
-        case (NID_subject_key_identifier):
+        case WC_NID_subject_key_identifier:
             WOLFSSL_MSG("subjectKeyIdentifier");
             asn1String = wolfSSL_X509_EXTENSION_get_data(ext);
             if (asn1String == NULL) {
@@ -1927,7 +1975,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return newString;
 
         /* authorityKeyIdentifier */
-        case (NID_authority_key_identifier):
+        case WC_NID_authority_key_identifier:
             WOLFSSL_MSG("AuthorityKeyIdentifier");
 
             akey = (WOLFSSL_AUTHORITY_KEYID*)
@@ -1970,7 +2018,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return akey;
 
         /* keyUsage */
-        case (NID_key_usage):
+        case WC_NID_key_usage:
             WOLFSSL_MSG("keyUsage");
             /* This may need to be updated for future use. The i2v method for
                 keyUsage is not currently set. For now, return the ASN1_STRING
@@ -1996,21 +2044,21 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return newString;
 
         /* extKeyUsage */
-        case (NID_ext_key_usage):
+        case WC_NID_ext_key_usage:
             WOLFSSL_MSG("extKeyUsage not supported yet");
             return NULL;
 
         /* certificatePolicies */
-        case (NID_certificate_policies):
+        case WC_NID_certificate_policies:
             WOLFSSL_MSG("certificatePolicies not supported yet");
             return NULL;
 
         /* cRLDistributionPoints */
-        case (NID_crl_distribution_points):
+        case WC_NID_crl_distribution_points:
             WOLFSSL_MSG("cRLDistributionPoints not supported yet");
             return NULL;
 
-        case NID_subject_alt_name:
+        case WC_NID_subject_alt_name:
             if (ext->ext_sk == NULL) {
                 WOLFSSL_MSG("Subject alt name stack NULL");
                 return NULL;
@@ -2023,7 +2071,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             return sk;
 
         /* authorityInfoAccess */
-        case NID_info_access:
+        case WC_NID_info_access:
             WOLFSSL_MSG("AuthorityInfoAccess");
             return wolfssl_x509v3_ext_aia_d2i(ext);
 
@@ -2041,7 +2089,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
  * lastPos : Start search from extension after lastPos.
  *           Set to -1 to search from index 0.
  * return >= 0 If successful the extension index is returned.
- * return -1 If extension is not found or error is encountered.
+ * return WOLFSSL_FATAL_ERROR If extension is not found or error is encountered.
  */
 int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
 {
@@ -2058,12 +2106,12 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
 
     WOLFSSL_ENTER("wolfSSL_X509_get_ext_by_NID");
 
-    if(x509 == NULL){
+    if (x509 == NULL) {
         WOLFSSL_MSG("\tNot passed a certificate");
         return WOLFSSL_FATAL_ERROR;
     }
 
-    if(lastPos < -1 || (lastPos > (wolfSSL_X509_get_ext_count(x509) - 1))){
+    if (lastPos < -1 || (lastPos > (wolfSSL_X509_get_ext_count(x509) - 1))) {
         WOLFSSL_MSG("\tBad location argument");
         return WOLFSSL_FATAL_ERROR;
     }
@@ -2144,8 +2192,8 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
 
         if (extCount >= loc) {
             /* extCount >= loc. Now check if extension has been set */
-            isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, (int)foundNID);
-
+            isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509,
+                (int)foundNID);
             if (isSet && ((word32)nid == foundNID)) {
                 found = 1;
                 break;
@@ -2307,12 +2355,15 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                                 WOLFSSL_MSG("ASN1_STRING_set failed");
                                 goto err;
                             }
-                            gn->d.dNSName->type = V_ASN1_IA5STRING;
+                            gn->d.dNSName->type = WOLFSSL_V_ASN1_IA5STRING;
                     }
 
                     dns = dns->next;
-                    if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) !=
-                                                      WOLFSSL_SUCCESS) {
+                    /* Using wolfSSL_sk_insert to maintain backwards
+                     * compatibility with earlier versions of _push API that
+                     * pushed items to the start of the list instead of the
+                     * end. */
+                    if (wolfSSL_sk_insert(sk, gn, 0) <= 0) {
                         WOLFSSL_MSG("Error pushing ASN1 object onto stack");
                         goto err;
                     }
@@ -2346,7 +2397,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                     goto err;
                 }
 
-                if (wolfSSL_GENERAL_NAME_set_type(gn, GEN_URI) !=
+                if (wolfSSL_GENERAL_NAME_set_type(gn, WOLFSSL_GEN_URI) !=
                         WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("Error setting GENERAL_NAME type");
                     goto err;
@@ -2367,13 +2418,13 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
 
                 /* push GENERAL_NAME onto fullname stack */
                 if (wolfSSL_sk_GENERAL_NAME_push(dp->distpoint->name.fullname,
-                                                 gn) != WOLFSSL_SUCCESS) {
+                                                 gn) <= 0) {
                     WOLFSSL_MSG("wolfSSL_sk_GENERAL_NAME_push error");
                     goto err;
                 }
 
                 /* push DIST_POINT onto stack */
-                if (wolfSSL_sk_DIST_POINT_push(sk, dp) != WOLFSSL_SUCCESS) {
+                if (wolfSSL_sk_DIST_POINT_push(sk, dp) <= 0) {
                     WOLFSSL_MSG("Error pushing DIST_POINT onto stack");
                     goto err;
                 }
@@ -2412,7 +2463,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
             if (x509->authKeyIdSet) {
                 WOLFSSL_AUTHORITY_KEYID* akey = wolfSSL_AUTHORITY_KEYID_new();
                 if (!akey) {
-                    WOLFSSL_MSG("Issue creating WOLFSSL_AUTHORITY_KEYID struct");
+                    WOLFSSL_MSG(
+                        "Issue creating WOLFSSL_AUTHORITY_KEYID struct");
                     return NULL;
                 }
 
@@ -2480,7 +2532,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                 for (i = 0; i < x509->certPoliciesNb - 1; i++) {
                     obj = wolfSSL_ASN1_OBJECT_new();
                     if (obj == NULL) {
-                        WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
+                        WOLFSSL_MSG(
+                            "Issue creating WOLFSSL_ASN1_OBJECT struct");
                         wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
                         return NULL;
                     }
@@ -2488,14 +2541,14 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                     obj->grp   = oidCertExtType;
                     obj->obj   = (byte*)(x509->certPolicies[i]);
                     obj->objSz = MAX_CERTPOL_SZ;
-                    if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj)
-                                                           != WOLFSSL_SUCCESS) {
+                    if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) {
                         WOLFSSL_MSG("Error pushing ASN1 object onto stack");
                         wolfSSL_ASN1_OBJECT_free(obj);
                         wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
                         sk = NULL;
                     }
                 }
+
                 obj = wolfSSL_ASN1_OBJECT_new();
                 if (obj == NULL) {
                     WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
@@ -2506,6 +2559,15 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                 obj->grp   = oidCertExtType;
                 obj->obj   = (byte*)(x509->certPolicies[i]);
                 obj->objSz = MAX_CERTPOL_SZ;
+
+                if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) {
+                    WOLFSSL_MSG("Error pushing ASN1 object onto stack");
+                    wolfSSL_ASN1_OBJECT_free(obj);
+                    wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                    sk = NULL;
+                }
+
+                obj = NULL;
             }
             else {
                 WOLFSSL_MSG("No Cert Policy set");
@@ -2565,6 +2627,44 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
 
         case EXT_KEY_USAGE_OID:
             if (x509->extKeyUsageSrc != NULL) {
+                const byte* ekuSrc = x509->extKeyUsageSrc;
+                word32 i;
+
+                sk = wolfSSL_sk_new_asn1_obj();
+                if (sk == NULL) {
+                    WOLFSSL_MSG("Issue creating stack");
+                    return NULL;
+                }
+
+                for (i = 0; i < x509->extKeyUsageCount; i++) {
+                    long ekuSrcLen = (long)(x509->extKeyUsageSz -
+                            (word32)(ekuSrc - x509->extKeyUsageSrc));
+                    WOLFSSL_ASN1_OBJECT* ekuObj = wolfSSL_d2i_ASN1_OBJECT(NULL,
+                            &ekuSrc, ekuSrcLen);
+                    if (ekuObj == NULL) {
+                        wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                        WOLFSSL_MSG("d2i obj error");
+                        return NULL;
+                    }
+                    ekuObj->type  = EXT_KEY_USAGE_OID;
+                    ekuObj->grp   = oidCertExtType;
+                    /* Push to end to maintain order */
+                    if (wolfSSL_sk_insert(sk, ekuObj, -1) <= 0) {
+                        wolfSSL_ASN1_OBJECT_free(ekuObj);
+                        wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                        WOLFSSL_MSG("d2i obj error");
+                        return NULL;
+                    }
+                }
+
+                if ((word32)(ekuSrc - x509->extKeyUsageSrc)
+                        != x509->extKeyUsageSz ||
+                        i != x509->extKeyUsageCount) {
+                    wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                    WOLFSSL_MSG("incorrect eku count or buffer not exhausted");
+                    return NULL;
+                }
+
                 if (c != NULL) {
                     if (x509->extKeyUsageCount > 1) {
                         *c = -2;
@@ -2573,15 +2673,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                         *c = x509->extKeyUsageCrit;
                     }
                 }
-                obj = wolfSSL_ASN1_OBJECT_new();
-                if (obj == NULL) {
-                    WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
-                    return NULL;
-                }
-                obj->type  = EXT_KEY_USAGE_OID;
-                obj->grp   = oidCertExtType;
-                obj->obj   = x509->extKeyUsageSrc;
-                obj->objSz = x509->extKeyUsageSz;
             }
             else {
                 WOLFSSL_MSG("No Extended Key Usage set");
@@ -2628,7 +2719,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
         }
     }
     if (obj) {
-        if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) {
             WOLFSSL_MSG("Error pushing ASN1_OBJECT object onto "
                         "stack.");
             goto err;
@@ -2755,9 +2846,6 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
 {
     WOLFSSL_X509_EXTENSION* ext;
 
-    if (value == NULL)
-        return NULL;
-
     ext = wolfSSL_X509_EXTENSION_new();
     if (ext == NULL) {
         WOLFSSL_MSG("memory error");
@@ -2766,8 +2854,8 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
     ext->value.nid = nid;
 
     switch (nid) {
-        case NID_subject_key_identifier:
-        case NID_authority_key_identifier:
+        case WC_NID_subject_key_identifier:
+        case WC_NID_authority_key_identifier:
             if (wolfSSL_ASN1_STRING_set(&ext->value, value, -1)
                     != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
@@ -2775,7 +2863,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
             }
             ext->value.type = CTC_UTF8;
             break;
-        case NID_subject_alt_name:
+        case WC_NID_subject_alt_name:
         {
             WOLFSSL_GENERAL_NAMES* gns;
             WOLFSSL_GENERAL_NAME* gn;
@@ -2801,7 +2889,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
                 WOLFSSL_MSG("wolfSSL_GENERAL_NAME_new error");
                 goto err_cleanup;
             }
-            if (wolfSSL_sk_GENERAL_NAME_push(gns, gn) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_GENERAL_NAME_push(gns, gn) <= 0) {
                 WOLFSSL_MSG("wolfSSL_sk_GENERAL_NAME_push error");
                 wolfSSL_GENERAL_NAME_free(gn);
                 goto err_cleanup;
@@ -2814,7 +2902,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
             gn->type = ASN_DNS_TYPE;
             break;
         }
-        case NID_key_usage:
+        case WC_NID_key_usage:
             if (wolfSSL_ASN1_STRING_set(&ext->value, value, -1)
                     != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
@@ -2822,7 +2910,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
             }
             ext->value.type = KEY_USAGE_OID;
             break;
-        case NID_ext_key_usage:
+        case WC_NID_ext_key_usage:
             if (wolfSSL_ASN1_STRING_set(&ext->value, value, -1)
                     != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
@@ -2913,22 +3001,22 @@ static void wolfSSL_X509V3_EXT_METHOD_populate(WOLFSSL_v3_ext_method *method,
 
     WOLFSSL_ENTER("wolfSSL_X509V3_EXT_METHOD_populate");
     switch (nid) {
-    case NID_subject_key_identifier:
-        method->i2s = (X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING;
+    case WC_NID_subject_key_identifier:
+        method->i2s = (WOLFSSL_X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING;
         FALL_THROUGH;
-    case NID_authority_key_identifier:
-    case NID_key_usage:
-    case NID_certificate_policies:
-    case NID_policy_mappings:
-    case NID_subject_alt_name:
-    case NID_issuer_alt_name:
-    case NID_basic_constraints:
-    case NID_name_constraints:
-    case NID_policy_constraints:
-    case NID_ext_key_usage:
-    case NID_crl_distribution_points:
-    case NID_inhibit_any_policy:
-    case NID_info_access:
+    case WC_NID_authority_key_identifier:
+    case WC_NID_key_usage:
+    case WC_NID_certificate_policies:
+    case WC_NID_policy_mappings:
+    case WC_NID_subject_alt_name:
+    case WC_NID_issuer_alt_name:
+    case WC_NID_basic_constraints:
+    case WC_NID_name_constraints:
+    case WC_NID_policy_constraints:
+    case WC_NID_ext_key_usage:
+    case WC_NID_crl_distribution_points:
+    case WC_NID_inhibit_any_policy:
+    case WC_NID_info_access:
         WOLFSSL_MSG("Nothing to populate for current NID");
         break;
     default:
@@ -2940,7 +3028,7 @@ static void wolfSSL_X509V3_EXT_METHOD_populate(WOLFSSL_v3_ext_method *method,
 }
 
 /**
- * @param nid One of the NID_* constants defined in asn.h
+ * @param nid One of the WC_NID_* constants defined in asn.h
  * @param crit
  * @param data This data is copied to the returned extension.
  * @return
@@ -2964,9 +3052,9 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
     wolfSSL_X509V3_EXT_METHOD_populate(&ext->ext_method, nid);
 
     switch (nid) {
-    case NID_subject_key_identifier:
+    case WC_NID_subject_key_identifier:
         /* WOLFSSL_ASN1_STRING */
-    case NID_key_usage:
+    case WC_NID_key_usage:
         /* WOLFSSL_ASN1_STRING */
     {
         asn1str = (WOLFSSL_ASN1_STRING*)data;
@@ -2993,13 +3081,13 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
 
         break;
     }
-    case NID_subject_alt_name:
+    case WC_NID_subject_alt_name:
         /* typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES */
-    case NID_issuer_alt_name:
+    case WC_NID_issuer_alt_name:
         /* typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES */
-    case NID_ext_key_usage:
+    case WC_NID_ext_key_usage:
         /* typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE */
-    case NID_info_access:
+    case WC_NID_info_access:
         /* typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS */
     {
         WOLFSSL_STACK* sk = (WOLFSSL_STACK*)data;
@@ -3020,7 +3108,7 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
 
         break;
     }
-    case NID_basic_constraints:
+    case WC_NID_basic_constraints:
     {
         /* WOLFSSL_BASIC_CONSTRAINTS */
         WOLFSSL_BASIC_CONSTRAINTS* bc = (WOLFSSL_BASIC_CONSTRAINTS*)data;
@@ -3040,7 +3128,7 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
         }
         break;
     }
-    case NID_authority_key_identifier:
+    case WC_NID_authority_key_identifier:
     {
         /* AUTHORITY_KEYID */
         WOLFSSL_AUTHORITY_KEYID* akey = (WOLFSSL_AUTHORITY_KEYID*)data;
@@ -3067,22 +3155,22 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
             }
         }
         else {
-            WOLFSSL_MSG("NID_authority_key_identifier empty data");
+            WOLFSSL_MSG("WC_NID_authority_key_identifier empty data");
             goto err_cleanup;
         }
         break;
     }
-    case NID_inhibit_any_policy:
+    case WC_NID_inhibit_any_policy:
         /* ASN1_INTEGER */
-    case NID_certificate_policies:
+    case WC_NID_certificate_policies:
         /* STACK_OF(POLICYINFO) */
-    case NID_policy_mappings:
+    case WC_NID_policy_mappings:
         /* STACK_OF(POLICY_MAPPING) */
-    case NID_name_constraints:
+    case WC_NID_name_constraints:
         /* NAME_CONSTRAINTS */
-    case NID_policy_constraints:
+    case WC_NID_policy_constraints:
         /* POLICY_CONSTRAINTS */
-    case NID_crl_distribution_points:
+    case WC_NID_crl_distribution_points:
         /* typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS */
     default:
         WOLFSSL_MSG("Unknown or unsupported NID");
@@ -3100,11 +3188,11 @@ err_cleanup:
 }
 
 /* Returns pointer to ASN1_OBJECT from an X509_EXTENSION object */
-WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object \
-    (WOLFSSL_X509_EXTENSION* ext)
+WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(
+    WOLFSSL_X509_EXTENSION* ext)
 {
     WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_object");
-    if(ext == NULL)
+    if (ext == NULL)
         return NULL;
     return ext->obj;
 }
@@ -3133,7 +3221,8 @@ int wolfSSL_X509_EXTENSION_set_object(WOLFSSL_X509_EXTENSION* ext,
 #endif /* OPENSSL_ALL */
 
 /* Returns pointer to ASN1_STRING in X509_EXTENSION object */
-WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext)
+WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(
+    WOLFSSL_X509_EXTENSION* ext)
 {
     WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_data");
     if (ext == NULL)
@@ -3243,6 +3332,7 @@ int wolfSSL_X509_pubkey_digest(const WOLFSSL_X509 *x509,
 #endif /* OPENSSL_EXTRA */
 
 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
+    defined(KEEP_OUR_CERT) || \
     defined(OPENSSL_EXTRA)  || defined(OPENSSL_EXTRA_X509_SMALL)
 
 /* user externally called free X509, if dynamic go ahead with free, otherwise
@@ -3265,16 +3355,14 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
             if (ret != 0) {
                 WOLFSSL_MSG("Couldn't lock x509 mutex");
             }
-        #endif /* OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA */
-
-        #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
             if (doFree)
         #endif /* OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA */
             {
                 FreeX509(x509);
                 XFREE(x509, x509->heap, DYNAMIC_TYPE_X509);
             }
-        } else {
+        }
+        else {
             WOLFSSL_MSG("free called on non dynamic object, not freeing");
         }
     }
@@ -3284,10 +3372,13 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
 WOLFSSL_ABI
 void wolfSSL_X509_free(WOLFSSL_X509* x509)
 {
-    WOLFSSL_ENTER("wolfSSL_FreeX509");
+    WOLFSSL_ENTER("wolfSSL_X509_free");
     ExternalFreeX509(x509);
 }
+#endif
 
+#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
+    defined(OPENSSL_EXTRA)  || defined(OPENSSL_EXTRA_X509_SMALL)
 
 /* copy name into in buffer, at most sz bytes, if buffer is null will
    malloc buffer, call responsible for freeing                     */
@@ -3296,15 +3387,15 @@ char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
 {
     int copySz;
 
+    WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline");
+
     if (name == NULL) {
         WOLFSSL_MSG("WOLFSSL_X509_NAME pointer was NULL");
         return NULL;
     }
 
-    copySz = (int)min((word32)sz, (word32)name->sz);
-
-    WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline");
-    if (!name->sz) return in;
+    if (name->sz == 0)
+        return in;
 
     if (!in) {
     #ifdef WOLFSSL_STATIC_MEMORY
@@ -3312,13 +3403,16 @@ char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
         return NULL;
     #else
         in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL);
-        if (!in ) return in;
+        if (!in)
+            return in;
         copySz = name->sz;
     #endif
     }
-
-    if (copySz <= 0)
-        return in;
+    else {
+        copySz = (int)min((word32)sz, (word32)name->sz);
+        if (copySz <= 0)
+            return in;
+    }
 
     XMEMCPY(in, name->name, copySz - 1);
     in[copySz - 1] = 0;
@@ -3358,7 +3452,7 @@ static unsigned long X509NameHash(WOLFSSL_X509_NAME* name,
         return 0;
     }
 
-    rc = wc_Hash(hashType, (const byte*)canonName,(word32)size, digest,
+    rc = wc_Hash(hashType, (const byte*)canonName, (word32)size, digest,
         sizeof(digest));
 
     if (rc == 0) {
@@ -3523,7 +3617,8 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
                 WOLFSSL_MSG("Memory error");
                 return NULL;
             }
-            if ((strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s", sn, buf)) >= strSz) {
+            if ((strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s", sn,
+                    buf)) >= strSz) {
                 WOLFSSL_MSG("buffer overrun");
                 XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 return NULL;
@@ -3669,6 +3764,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509,
 {
     return d2i_X509orX509REQ(x509, in, len, 1, NULL);
 }
+
+WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req,
+        const unsigned char** in, int len)
+{
+    WOLFSSL_X509* ret = NULL;
+    WOLFSSL_ENTER("wolfSSL_d2i_X509_REQ_INFO");
+
+    if (in == NULL) {
+        WOLFSSL_MSG("NULL input for wolfSSL_d2i_X509");
+        return NULL;
+    }
+
+    ret = wolfSSL_X509_REQ_d2i(req, *in, len);
+    if (ret != NULL) {
+        *in += ret->derCert->length;
+    }
+    return ret;
+}
 #endif
 
 #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA ||
@@ -3691,7 +3804,7 @@ int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #if defined(OPENSSL_EXTRA) || \
-    defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
+    defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT)
 
 /* return the next, if any, altname from the peer cert */
 WOLFSSL_ABI
@@ -3868,7 +3981,8 @@ const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz)
     return x509->derCert->buffer;
 }
 
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_OUR_CERT || KEEP_PEER_CERT || SESSION_CERTS */
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_OUR_CERT ||
+        * KEEP_PEER_CERT || SESSION_CERTS */
 
 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) || \
     defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || \
@@ -3886,7 +4000,8 @@ const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509)
     XMEMSET(x509->notBeforeData, 0, sizeof(x509->notBeforeData));
     x509->notBeforeData[0] = (byte)x509->notBefore.type;
     x509->notBeforeData[1] = (byte)x509->notBefore.length;
-    XMEMCPY(&x509->notBeforeData[2], x509->notBefore.data, x509->notBefore.length);
+    XMEMCPY(&x509->notBeforeData[2], x509->notBefore.data,
+        x509->notBefore.length);
 
     return x509->notBeforeData;
 }
@@ -3965,6 +4080,7 @@ byte* wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, byte* in, int *inOutSz)
     int copySz;
 
     WOLFSSL_ENTER("wolfSSL_X509_get_dev_type");
+    if (x509 == NULL) return NULL;
     if (inOutSz == NULL) return NULL;
     if (!x509->deviceTypeSz) return in;
 
@@ -3993,6 +4109,7 @@ byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz)
     int copySz;
 
     WOLFSSL_ENTER("wolfSSL_X509_get_hw_type");
+    if (x509 == NULL) return NULL;
     if (inOutSz == NULL) return NULL;
     if (!x509->hwTypeSz) return in;
 
@@ -4022,6 +4139,7 @@ byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,
     int copySz;
 
     WOLFSSL_ENTER("wolfSSL_X509_get_hw_serial_number");
+    if (x509 == NULL) return NULL;
     if (inOutSz == NULL) return NULL;
     if (!x509->hwTypeSz) return in;
 
@@ -4072,8 +4190,9 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509)
 }
 
 
-/* return 1 on success 0 on fail */
-int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509)
+/* return number of elements on success 0 on fail */
+int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
+    WOLFSSL_X509* x509)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_push");
 
@@ -4088,30 +4207,7 @@ int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x50
 /* Return and remove the last x509 pushed on stack */
 WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
 {
-    WOLFSSL_STACK* node;
-    WOLFSSL_X509*  x509;
-
-    if (sk == NULL) {
-        return NULL;
-    }
-
-    node = sk->next;
-    x509 = sk->data.x509;
-
-    if (node != NULL) { /* update sk and remove node from stack */
-        sk->data.x509 = node->data.x509;
-        sk->next = node->next;
-        XFREE(node, NULL, DYNAMIC_TYPE_X509);
-    }
-    else { /* last x509 in stack */
-        sk->data.x509 = NULL;
-    }
-
-    if (sk->num > 0) {
-        sk->num -= 1;
-    }
-
-    return x509;
+    return (WOLFSSL_X509*)wolfSSL_sk_pop(sk);
 }
 
 /* Getter function for WOLFSSL_X509 pointer
@@ -4122,7 +4218,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
  * returns a pointer to a WOLFSSL_X509 structure on success and NULL on
  *         fail
  */
-WOLFSSL_X509* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i)
+WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)* sk, int i)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_value");
 
@@ -4138,38 +4234,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i)
 /* Return and remove the first x509 pushed on stack */
 WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)* sk)
 {
-    WOLFSSL_STACK* node;
-    WOLFSSL_X509*  x509;
-
-    if (sk == NULL) {
-        return NULL;
-    }
-
-    node = sk->next;
-    x509 = sk->data.x509;
-
-    if (node != NULL) {
-        /* walk to end of stack to first node pushed, and remove it */
-        WOLFSSL_STACK* prevNode = sk;
-
-        while (node->next != NULL) {
-            prevNode = node;
-            node = node->next;
-        }
-
-        x509 = node->data.x509;
-        prevNode->next = NULL;
-        XFREE(node, NULL, DYNAMIC_TYPE_X509);
-    }
-    else { /* only one x509 in stack */
-        sk->data.x509 = NULL;
-    }
-
-    if (sk->num > 0) {
-        sk->num -= 1;
-    }
-
-    return x509;
+    return (WOLFSSL_X509*)wolfSSL_sk_pop_node(sk, 0);
 }
 
 #endif /* OPENSSL_EXTRA */
@@ -4181,7 +4246,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)* sk)
  * sk  stack to free nodes in
  * f   X509 free function
  */
-void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk,
+void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk,
     void (*f) (WOLFSSL_X509*))
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free");
@@ -4216,8 +4281,9 @@ void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk)
     wolfSSL_sk_X509_CRL_pop_free(sk, NULL);
 }
 
-/* return 1 on success 0 on fail */
-int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, WOLFSSL_X509_CRL* crl)
+/* return number of elements on success 0 on fail */
+int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk,
+    WOLFSSL_X509_CRL* crl)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_push");
 
@@ -4249,7 +4315,7 @@ int wolfSSL_sk_X509_CRL_num(WOLF_STACK_OF(WOLFSSL_X509)* sk)
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)
-/* return 1 on success 0 on fail */
+/* return number of elements on success 0 on fail */
 int wolfSSL_sk_ACCESS_DESCRIPTION_push(WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk,
                                               WOLFSSL_ACCESS_DESCRIPTION* a)
 {
@@ -4332,7 +4398,7 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void)
         wolfSSL_GENERAL_NAME_free(gn);
         return NULL;
     }
-    gn->type = GEN_IA5;
+    gn->type = WOLFSSL_GEN_IA5;
     return gn;
 }
 
@@ -4356,33 +4422,33 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn)
     dupl->d.ia5 = NULL;
     switch (gn->type) {
     /* WOLFSSL_ASN1_STRING types */
-    case GEN_DNS:
+    case WOLFSSL_GEN_DNS:
         if (!(dupl->d.dNSName = wolfSSL_ASN1_STRING_dup(gn->d.dNSName))) {
             WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error");
             goto error;
         }
         break;
-    case GEN_IPADD:
+    case WOLFSSL_GEN_IPADD:
         if (!(dupl->d.iPAddress = wolfSSL_ASN1_STRING_dup(gn->d.iPAddress))) {
             WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error");
             goto error;
         }
         break;
-    case GEN_EMAIL:
+    case WOLFSSL_GEN_EMAIL:
         if (!(dupl->d.rfc822Name = wolfSSL_ASN1_STRING_dup(gn->d.rfc822Name))) {
             WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error");
             goto error;
         }
         break;
-    case GEN_URI:
+    case WOLFSSL_GEN_URI:
         if (!(dupl->d.uniformResourceIdentifier =
                 wolfSSL_ASN1_STRING_dup(gn->d.uniformResourceIdentifier))) {
             WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error");
             goto error;
         }
         break;
-    case GEN_OTHERNAME:
-        if (gn->d.otherName->value->type != V_ASN1_UTF8STRING) {
+    case WOLFSSL_GEN_OTHERNAME:
+        if (gn->d.otherName->value->type != WOLFSSL_V_ASN1_UTF8STRING) {
             WOLFSSL_MSG("Unsupported othername value type");
             goto error;
         }
@@ -4413,10 +4479,10 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn)
             goto error;
         }
         break;
-    case GEN_X400:
-    case GEN_DIRNAME:
-    case GEN_EDIPARTY:
-    case GEN_RID:
+    case WOLFSSL_GEN_X400:
+    case WOLFSSL_GEN_DIRNAME:
+    case WOLFSSL_GEN_EDIPARTY:
+    case WOLFSSL_GEN_RID:
     default:
         WOLFSSL_MSG("Unrecognized or unsupported GENERAL_NAME type");
         goto error;
@@ -4425,9 +4491,7 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn)
 
     return dupl;
 error:
-    if (dupl) {
-        wolfSSL_GENERAL_NAME_free(dupl);
-    }
+    wolfSSL_GENERAL_NAME_free(dupl);
     return NULL;
 }
 
@@ -4440,7 +4504,8 @@ error:
  *          WOLFSSL_SUCCESS otherwise.
  */
 int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen,
-                                        ASN1_OBJECT* oid, ASN1_TYPE* value)
+                                        WOLFSSL_ASN1_OBJECT* oid,
+                                        WOLFSSL_ASN1_TYPE* value)
 {
     WOLFSSL_ASN1_OBJECT *x = NULL;
 
@@ -4454,49 +4519,19 @@ int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen,
         return WOLFSSL_FAILURE;
     }
 
-    gen->type = GEN_OTHERNAME;
+    gen->type = WOLFSSL_GEN_OTHERNAME;
     gen->d.otherName->type_id = x;
     gen->d.otherName->value = value;
     return WOLFSSL_SUCCESS;
 }
 
-/* return 1 on success 0 on fail */
+/* return number of elements on success 0 on fail */
 int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk,
                                  WOLFSSL_GENERAL_NAME* gn)
 {
-    WOLFSSL_STACK* node;
     WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_push");
 
-    if (sk == NULL || gn == NULL) {
-        return WOLFSSL_FAILURE;
-    }
-
-    /* no previous values in stack */
-    if (sk->data.gn == NULL) {
-        sk->data.gn = gn;
-        sk->num += 1;
-
-        return WOLFSSL_SUCCESS;
-    }
-
-    /* stack already has value(s) create a new node and add more */
-    node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
-                                                             DYNAMIC_TYPE_ASN1);
-    if (node == NULL) {
-        WOLFSSL_MSG("Memory error");
-        return WOLFSSL_FAILURE;
-    }
-    XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
-
-    /* push new obj onto head of stack */
-    node->type    = STACK_TYPE_GEN_NAME;
-    node->data.gn = sk->data.gn;
-    node->next    = sk->next;
-    sk->next      = node;
-    sk->data.gn   = gn;
-    sk->num      += 1;
-
-    return WOLFSSL_SUCCESS;
+    return wolfSSL_sk_push(sk, gn);
 }
 
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
@@ -4512,17 +4547,7 @@ int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk,
  */
 WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value(WOLFSSL_STACK* sk, int idx)
 {
-    WOLFSSL_STACK* ret;
-
-    if (sk == NULL) {
-        return NULL;
-    }
-
-    ret = wolfSSL_sk_get_node(sk, idx);
-    if (ret != NULL) {
-        return ret->data.gn;
-    }
-    return NULL;
+    return (WOLFSSL_GENERAL_NAME*)wolfSSL_sk_value(sk, idx);
 }
 
 /* Gets the number of nodes in the stack
@@ -4535,11 +4560,7 @@ int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk)
 {
     WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num");
 
-    if (sk == NULL) {
-        return -1;
-    }
-
-    return (int)sk->num;
+    return wolfSSL_sk_num(sk);
 }
 
 /* Allocates an empty GENERAL NAME stack */
@@ -4668,7 +4689,7 @@ void wolfSSL_DIST_POINTS_free(WOLFSSL_DIST_POINTS *dps)
     wolfSSL_sk_free(dps);
 }
 
-/* return 1 on success 0 on fail */
+/* return number of elements on success 0 on fail */
 int wolfSSL_sk_DIST_POINT_push(WOLFSSL_DIST_POINTS* sk, WOLFSSL_DIST_POINT* dp)
 {
     WOLFSSL_ENTER("wolfSSL_sk_DIST_POINT_push");
@@ -4707,7 +4728,7 @@ int wolfSSL_sk_DIST_POINT_num(WOLFSSL_STACK* sk)
     WOLFSSL_ENTER("wolfSSL_sk_DIST_POINT_num");
 
     if (sk == NULL) {
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 
     return wolfSSL_sk_num(sk);
@@ -4766,35 +4787,35 @@ static void wolfSSL_GENERAL_NAME_type_free(WOLFSSL_GENERAL_NAME* name)
 {
     if (name != NULL) {
         switch (name->type) {
-        case GEN_IA5:
+        case WOLFSSL_GEN_IA5:
             wolfSSL_ASN1_STRING_free(name->d.ia5);
             name->d.ia5 = NULL;
             break;
-        case GEN_EMAIL:
+        case WOLFSSL_GEN_EMAIL:
             wolfSSL_ASN1_STRING_free(name->d.rfc822Name);
             name->d.rfc822Name = NULL;
             break;
-        case GEN_DNS:
+        case WOLFSSL_GEN_DNS:
             wolfSSL_ASN1_STRING_free(name->d.dNSName);
             name->d.dNSName = NULL;
             break;
-        case GEN_DIRNAME:
+        case WOLFSSL_GEN_DIRNAME:
             wolfSSL_X509_NAME_free(name->d.dirn);
             name->d.dirn = NULL;
             break;
-        case GEN_URI:
+        case WOLFSSL_GEN_URI:
             wolfSSL_ASN1_STRING_free(name->d.uniformResourceIdentifier);
             name->d.uniformResourceIdentifier = NULL;
             break;
-        case GEN_IPADD:
+        case WOLFSSL_GEN_IPADD:
             wolfSSL_ASN1_STRING_free(name->d.iPAddress);
             name->d.iPAddress = NULL;
             break;
-        case GEN_RID:
+        case WOLFSSL_GEN_RID:
             wolfSSL_ASN1_OBJECT_free(name->d.registeredID);
             name->d.registeredID = NULL;
             break;
-        case GEN_OTHERNAME:
+        case WOLFSSL_GEN_OTHERNAME:
             if (name->d.otherName != NULL) {
                 wolfSSL_ASN1_OBJECT_free(name->d.otherName->type_id);
                 wolfSSL_ASN1_TYPE_free(name->d.otherName->value);
@@ -4802,9 +4823,9 @@ static void wolfSSL_GENERAL_NAME_type_free(WOLFSSL_GENERAL_NAME* name)
                 name->d.otherName = NULL;
             }
             break;
-        case GEN_X400:
+        case WOLFSSL_GEN_X400:
             /* Unsupported: fall through */
-        case GEN_EDIPARTY:
+        case WOLFSSL_GEN_EDIPARTY:
             /* Unsupported: fall through */
         default:
             WOLFSSL_MSG("wolfSSL_GENERAL_NAME_type_free: possible leak");
@@ -4825,13 +4846,13 @@ int wolfSSL_GENERAL_NAME_set_type(WOLFSSL_GENERAL_NAME* name, int typ)
         name->type = typ;
 
         switch (typ) {
-            case GEN_URI:
+            case WOLFSSL_GEN_URI:
                 name->d.uniformResourceIdentifier = wolfSSL_ASN1_STRING_new();
                 if (name->d.uniformResourceIdentifier == NULL)
                     ret = MEMORY_E;
                 break;
             default:
-                name->type = GEN_IA5;
+                name->type = WOLFSSL_GEN_IA5;
                 name->d.ia5 = wolfSSL_ASN1_STRING_new();
                 if (name->d.ia5 == NULL)
                     ret = MEMORY_E;
@@ -4866,16 +4887,15 @@ void wolfSSL_GENERAL_NAME_set0_value(WOLFSSL_GENERAL_NAME *a, int type,
         return;
     }
 
-    if (type != GEN_DNS) {
-        WOLFSSL_MSG("Only GEN_DNS is supported");
+    if (type != WOLFSSL_GEN_DNS) {
+        WOLFSSL_MSG("Only WOLFSSL_GEN_DNS is supported");
         return;
     }
 
     wolfSSL_GENERAL_NAME_type_free(a);
     a->type = type;
-    if (type == GEN_DNS) {
-        a->d.dNSName = val;
-    }
+    /* Only when WOLFSSL_GEN_DNS. */
+    a->d.dNSName = val;
 }
 
 /* Frees GENERAL_NAME objects.
@@ -5035,6 +5055,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen)
 
     case GEN_RID:
         ret = wolfSSL_BIO_printf(out, "Registered ID:");
+        ret = (ret > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
         if (ret == WOLFSSL_SUCCESS) {
             ret = wolfSSL_i2a_ASN1_OBJECT(out, gen->d.registeredID);
         }
@@ -5045,7 +5066,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen)
         break;
     }
 
-    if (ret == WOLFSSL_FAILURE)
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
         return WOLFSSL_FAILURE;
     else
         return WOLFSSL_SUCCESS;
@@ -5074,19 +5095,9 @@ int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk)
 
 /* returns null on failure and pointer to internal value on success */
 WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
-        WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx)
+        const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx)
 {
-    WOLFSSL_STACK* ret;
-
-    if (sk == NULL) {
-        return NULL;
-    }
-
-    ret = wolfSSL_sk_get_node(sk, idx);
-    if (ret != NULL) {
-        return ret->data.ext;
-    }
-    return NULL;
+    return (WOLFSSL_X509_EXTENSION*)wolfSSL_sk_value(sk, idx);
 }
 
 /* frees all of the nodes and the values in stack */
@@ -5097,9 +5108,15 @@ void wolfSSL_sk_X509_EXTENSION_pop_free(
     wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
 }
 
+void wolfSSL_sk_X509_EXTENSION_free(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk)
+{
+    wolfSSL_sk_pop_free(sk, NULL);
+}
+
 #endif /* OPENSSL_EXTRA */
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_STDIO_FILESYSTEM)
 
 WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
 {
@@ -5169,12 +5186,12 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
     if (file == XBADFILE)
         return NULL;
 
-    if (XFSEEK(file, 0, XSEEK_END) != 0){
+    if (XFSEEK(file, 0, XSEEK_END) != 0) {
         XFCLOSE(file);
         return NULL;
     }
     sz = XFTELL(file);
-    if (XFSEEK(file, 0, XSEEK_SET) != 0){
+    if (XFSEEK(file, 0, XSEEK_SET) != 0) {
         XFCLOSE(file);
         return NULL;
     }
@@ -5214,7 +5231,8 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
 #endif /* !NO_FILESYSTEM */
 
 static WOLFSSL_X509* loadX509orX509REQFromBuffer(
-    const unsigned char* buf, int sz, int format, int type)
+    const unsigned char* buf, int sz, int format, int type,
+    wc_pem_password_cb *cb, void *u)
 {
 
     int ret = 0;
@@ -5224,8 +5242,15 @@ static WOLFSSL_X509* loadX509orX509REQFromBuffer(
     WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex");
 
     if (format == WOLFSSL_FILETYPE_PEM) {
+        EncryptedInfo info;
+        XMEMSET(&info, 0, sizeof(EncryptedInfo));
+    #ifdef WOLFSSL_ENCRYPTED_KEYS
+        info.passwd_cb       = cb;
+        info.passwd_userdata = u;
+    #endif
+
     #ifdef WOLFSSL_PEM_TO_DER
-        ret = PemToDer(buf, sz, type, &der, NULL, NULL, NULL);
+        ret = PemToDer(buf, sz, type, &der, NULL, &info, NULL);
         if (ret != 0) {
             FreeDer(&der);
         }
@@ -5289,6 +5314,9 @@ static WOLFSSL_X509* loadX509orX509REQFromBuffer(
         WOLFSSL_ERROR(ret);
     }
 
+    /* unused parameter when built without WOLFSSL_ENCRYPTED_KEYS */
+    (void)cb;
+    (void)u;
     return x509;
 }
 
@@ -5296,7 +5324,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
     const unsigned char* buf, int sz, int format)
 {
     return loadX509orX509REQFromBuffer(buf, sz,
-            format, CERT_TYPE);
+            format, CERT_TYPE, NULL, NULL);
 }
 
 #ifdef WOLFSSL_CERT_REQ
@@ -5304,11 +5332,12 @@ WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
     const unsigned char* buf, int sz, int format)
 {
     return loadX509orX509REQFromBuffer(buf, sz,
-            format, CERTREQ_TYPE);
+            format, CERTREQ_TYPE, NULL, NULL);
 }
 #endif
 
-#endif /* KEEP_PEER_CERT || SESSION_CERTS */
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_PEER_CERT || \
+          SESSION_CERTS */
 
 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(KEEP_PEER_CERT) || \
     defined(SESSION_CERTS)
@@ -5373,7 +5402,7 @@ int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name)
 {
     WOLFSSL_ENTER("wolfSSL_X509_NAME_get_sz");
     if (!name)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return name->sz;
 }
 
@@ -5387,11 +5416,6 @@ static WOLFSSL_X509_NAME_ENTRY* GetEntryByNID(WOLFSSL_X509_NAME* name, int nid,
     int i;
     WOLFSSL_X509_NAME_ENTRY* ret = NULL;
 
-    /* and index of less than 0 is assumed to be starting from 0 */
-    if (*idx < 0) {
-        *idx = 0;
-    }
-
     for (i = *idx; i < MAX_NAME_ENTRIES; i++) {
         if (name->entry[i].nid == nid) {
             ret = &name->entry[i];
@@ -5453,14 +5477,15 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,
         WOLFSSL_MSG("Buffer is NULL, returning buffer size only");
         return textSz;
     }
+    if (len <= 0) {
+        return 0;
+    }
 
-    /* buf is not NULL from above */
-    if (text != NULL) {
-        textSz = (int)min((word32)textSz + 1, (word32)len); /* + 1 to account for null char */
-        if (textSz > 0) {
-            XMEMCPY(buf, text, textSz - 1);
-            buf[textSz - 1] = '\0';
-        }
+    /* + 1 to account for null char */
+    textSz = (int)min((word32)textSz + 1, (word32)len);
+    if (textSz > 0) {
+        XMEMCPY(buf, text, textSz - 1);
+        buf[textSz - 1] = '\0';
     }
 
     WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz);
@@ -5483,13 +5508,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
         key = wolfSSL_EVP_PKEY_new_ex(x509->heap);
         if (key != NULL) {
             if (x509->pubKeyOID == RSAk) {
-                key->type = EVP_PKEY_RSA;
+                key->type = WC_EVP_PKEY_RSA;
             }
             else if (x509->pubKeyOID == DSAk) {
-                key->type = EVP_PKEY_DSA;
+                key->type = WC_EVP_PKEY_DSA;
             }
             else {
-                key->type = EVP_PKEY_EC;
+                key->type = WC_EVP_PKEY_EC;
             }
             key->save_type = 0;
             key->pkey.ptr = (char*)XMALLOC(
@@ -5508,7 +5533,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
 
             /* decode RSA key */
             #ifndef NO_RSA
-            if (key->type == EVP_PKEY_RSA) {
+            if (key->type == WC_EVP_PKEY_RSA) {
                 key->ownRsa = 1;
                 key->rsa = wolfSSL_RSA_new();
                 if (key->rsa == NULL) {
@@ -5527,7 +5552,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
 
             /* decode ECC key */
             #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
-            if (key->type == EVP_PKEY_EC) {
+            if (key->type == WC_EVP_PKEY_EC) {
                 word32 idx = 0;
 
                 key->ownEcc = 1;
@@ -5560,7 +5585,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
             #endif /* HAVE_ECC && OPENSSL_EXTRA */
 
             #ifndef NO_DSA
-            if (key->type == EVP_PKEY_DSA) {
+            if (key->type == WC_EVP_PKEY_DSA) {
                 key->ownDsa = 1;
                 key->dsa = wolfSSL_DSA_new();
                 if (key->dsa == NULL) {
@@ -5588,7 +5613,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
  * size of this subset and its memory usage */
 #endif /* OPENSSL_EXTRA_X509_SMALL || KEEP_PEER_CERT || SESSION_CERTS */
 
-#if defined(OPENSSL_ALL)
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
 /*
  * Converts a and b to DER and then does an XMEMCMP to check if they match.
  * Returns 0 when certificates match and WOLFSSL_FATAL_ERROR when they don't.
@@ -5600,17 +5625,17 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
         int outSzA = 0;
         int outSzB = 0;
 
-        if (a == NULL || b == NULL){
+        if (a == NULL || b == NULL) {
             return BAD_FUNC_ARG;
         }
 
         derA = wolfSSL_X509_get_der((WOLFSSL_X509*)a, &outSzA);
-        if (derA == NULL){
+        if (derA == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_get_der - certificate A has failed");
             return WOLFSSL_FATAL_ERROR;
         }
         derB = wolfSSL_X509_get_der((WOLFSSL_X509*)b, &outSzB);
-        if (derB == NULL){
+        if (derB == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_get_der - certificate B has failed");
             return WOLFSSL_FATAL_ERROR;
         }
@@ -5635,18 +5660,26 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
 
         if (x509 != NULL) {
             switch (nid) {
-                case NID_basic_constraints: isSet = x509->basicConstSet; break;
-                case NID_subject_alt_name: isSet = x509->subjAltNameSet; break;
-                case NID_authority_key_identifier: isSet = x509->authKeyIdSet; break;
-                case NID_subject_key_identifier: isSet = x509->subjKeyIdSet; break;
-                case NID_key_usage: isSet = x509->keyUsageSet; break;
-                case NID_crl_distribution_points: isSet = x509->CRLdistSet; break;
-                case NID_ext_key_usage: isSet = ((x509->extKeyUsageSrc) ? 1 : 0);
-                    break;
-                case NID_info_access: isSet = x509->authInfoSet; break;
-                #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
-                    case NID_certificate_policies: isSet = x509->certPolicySet; break;
-                #endif /* WOLFSSL_SEP || WOLFSSL_QT */
+                case WC_NID_basic_constraints:
+                    isSet = x509->basicConstSet; break;
+                case WC_NID_subject_alt_name:
+                    isSet = x509->subjAltNameSet; break;
+                case WC_NID_authority_key_identifier:
+                    isSet = x509->authKeyIdSet; break;
+                case WC_NID_subject_key_identifier:
+                    isSet = x509->subjKeyIdSet; break;
+                case WC_NID_key_usage:
+                    isSet = x509->keyUsageSet; break;
+                case WC_NID_crl_distribution_points:
+                    isSet = x509->CRLdistSet; break;
+                case WC_NID_ext_key_usage:
+                    isSet = ((x509->extKeyUsageSrc) ? 1 : 0); break;
+                case WC_NID_info_access:
+                    isSet = x509->authInfoSet; break;
+            #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+                case WC_NID_certificate_policies:
+                    isSet = x509->certPolicySet; break;
+            #endif /* WOLFSSL_SEP || WOLFSSL_QT */
                 default:
                     WOLFSSL_MSG("NID not in table");
             }
@@ -5666,15 +5699,23 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
 
         if (x509 != NULL) {
             switch (nid) {
-                case NID_basic_constraints: crit = x509->basicConstCrit; break;
-                case NID_subject_alt_name: crit = x509->subjAltNameCrit; break;
-                case NID_authority_key_identifier: crit = x509->authKeyIdCrit; break;
-                case NID_subject_key_identifier: crit = x509->subjKeyIdCrit; break;
-                case NID_key_usage: crit = x509->keyUsageCrit; break;
-                case NID_crl_distribution_points: crit= x509->CRLdistCrit; break;
-                case NID_ext_key_usage: crit= x509->extKeyUsageCrit; break;
+                case WC_NID_basic_constraints:
+                    crit = x509->basicConstCrit; break;
+                case WC_NID_subject_alt_name:
+                    crit = x509->subjAltNameCrit; break;
+                case WC_NID_authority_key_identifier:
+                    crit = x509->authKeyIdCrit; break;
+                case WC_NID_subject_key_identifier:
+                    crit = x509->subjKeyIdCrit; break;
+                case WC_NID_key_usage:
+                    crit = x509->keyUsageCrit; break;
+                case WC_NID_crl_distribution_points:
+                    crit= x509->CRLdistCrit; break;
+                case WC_NID_ext_key_usage:
+                    crit= x509->extKeyUsageCrit; break;
             #ifdef WOLFSSL_SEP
-                case NID_certificate_policies: crit = x509->certPolicyCrit; break;
+                case WC_NID_certificate_policies:
+                    crit = x509->certPolicyCrit; break;
             #endif /* WOLFSSL_SEP */
             }
         }
@@ -5783,6 +5824,34 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
 
         return id;
     }
+
+    const WOLFSSL_ASN1_STRING *wolfSSL_X509_get0_subject_key_id(
+            WOLFSSL_X509 *x509)
+    {
+        WOLFSSL_ASN1_STRING* ret = NULL;
+
+        WOLFSSL_ENTER("wolfSSL_X509_get0_subject_key_id");
+
+        if (x509 != NULL && x509->subjKeyIdSet) {
+            if (x509->subjKeyIdStr == NULL) {
+                x509->subjKeyIdStr = wolfSSL_ASN1_STRING_new();
+                if (x509->subjKeyIdStr != NULL) {
+                    if (wolfSSL_ASN1_STRING_set(x509->subjKeyIdStr,
+                            x509->subjKeyId, x509->subjKeyIdSz) == 1) {
+                    }
+                    else {
+                        wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr);
+                        x509->subjKeyIdStr = NULL;
+                    }
+                }
+            }
+            ret = x509->subjKeyIdStr;
+        }
+
+        WOLFSSL_LEAVE("wolfSSL_X509_get0_subject_key_id", ret != NULL);
+
+        return ret;
+    }
 #endif /* OPENSSL_EXTRA */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
@@ -5835,6 +5904,229 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
     #define MAX_WIDTH 80
 #endif
 
+#if defined(WOLFSSL_ACERT)
+#define ACERT_NUM_DIR_TAGS 4
+
+/* Convenience struct and function for printing the Holder sub fields
+ * of an X509 Attribute struct. */
+struct acert_dir_print_t {
+    const char * pfx;
+    const byte   tag[3];
+};
+
+static struct acert_dir_print_t acert_dir_print[ACERT_NUM_DIR_TAGS] =
+{
+    { "C=", {0x55, 0x04, ASN_COUNTRY_NAME} },
+    { "O=", {0x55, 0x04, ASN_ORG_NAME} },
+    { "OU=", {0x55, 0x04, ASN_ORGUNIT_NAME} },
+    { "CN=", {0x55, 0x04, ASN_COMMON_NAME} },
+};
+
+/* Print an entry of ASN_DIR_TYPE into dst of length max_len.
+ *
+ * Returns total_len of str on success.
+ * Returns < 0 on failure.
+ * */
+static int X509PrintDirType(char * dst, int max_len, const DNS_entry * entry)
+{
+    word32       k = 0;
+    word32       i = 0;
+    const char * src = entry->name;
+    word32       src_len = (word32)XSTRLEN(src);
+    int          total_len = 0;
+    int          bytes_left = max_len;
+    int          fld_len = 0;
+    int          match_found = 0;
+
+    XMEMSET(dst, 0, max_len);
+
+    /* loop over printable DIR tags. */
+    for (k = 0; k < ACERT_NUM_DIR_TAGS; ++k) {
+        const char * pfx = acert_dir_print[k].pfx;
+        const byte * tag = acert_dir_print[k].tag;
+        byte         asn_tag;
+
+        /* walk through entry looking for matches. */
+        for (i = 0; i < src_len - 5; ++i) {
+            if (XMEMCMP(tag, &src[i], 3) == 0) {
+                if (bytes_left < 5) {
+                    /* Not enough space left for name oid + tag + len. */
+                    break;
+                }
+
+                if (match_found) {
+                    /* append a {',', ' '} before doing anything else. */
+                    *dst++ = ',';
+                    *dst++ = ' ';
+                    total_len += 2;
+                    bytes_left -= 2;
+                }
+
+                i += 3;
+
+                /* Get the ASN Tag. */
+                if (GetASNTag((const byte *)src, &i, &asn_tag, src_len) < 0) {
+                    WOLFSSL_MSG("error: GetASNTag failed");
+                    break;
+                }
+
+                /* Check it is printable. */
+                if ((asn_tag != ASN_PRINTABLE_STRING) &&
+                    (asn_tag != ASN_IA5_STRING) &&
+                    (asn_tag != ASN_UTF8STRING)) {
+                    /* Don't know what this is but we can't print it. */
+                    WOLFSSL_MSG("error: asn tag not printable string");
+                    break;
+                }
+
+                /* Now get the length of the printable string. */
+                if (GetLength((const byte *)src, &i, &fld_len, src_len) < 0) {
+                    break;
+                }
+
+                /* Make sure we have space to fit it. */
+                if ((int) XSTRLEN(pfx) > bytes_left) {
+                    /* Not enough space left. */
+                    break;
+                }
+
+                /* Copy it in, decrement available space. */
+                XSTRNCPY(dst, pfx, bytes_left);
+                dst += XSTRLEN(pfx);
+                total_len += (int)XSTRLEN(pfx);
+                bytes_left -= (int)XSTRLEN(pfx);
+
+                if (fld_len > bytes_left) {
+                    /* Not enough space left. */
+                    break;
+                }
+
+                XMEMCPY(dst, &src[i], fld_len);
+                i += fld_len;
+                dst += fld_len;
+                total_len += fld_len;
+                bytes_left -= fld_len;
+
+                match_found = 1;
+            }
+        }
+    }
+
+    return total_len;
+}
+
+static int X509_ACERT_print_name_entry(WOLFSSL_BIO* bio,
+                                       const DNS_entry* entry, int indent)
+{
+    int  ret = WOLFSSL_SUCCESS;
+    int  nameCount = 0;
+    char scratch[MAX_WIDTH];
+    int  len;
+
+    if (bio == NULL || entry == NULL) {
+        return WOLFSSL_FAILURE;
+    }
+
+    len = XSNPRINTF(scratch, MAX_WIDTH, "%*s", indent, "");
+    if (len >= MAX_WIDTH) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    while (entry != NULL) {
+        ++nameCount;
+        if (nameCount > 1) {
+            if (wolfSSL_BIO_write(bio, ", ", 2) <= 0) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+
+        if (entry->type == ASN_DNS_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "DNS:%s", entry->name);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+    #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+        else if (entry->type == ASN_IP_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s",
+                    entry->ipString);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+    #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
+        else if (entry->type == ASN_RFC822_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "email:%s",
+                    entry->name);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+        else if (entry->type == ASN_DIR_TYPE) {
+            len = X509PrintDirType(scratch, MAX_WIDTH, entry);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+        else if (entry->type == ASN_URI_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "URI:%s",
+                entry->name);
+             if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+    #if defined(OPENSSL_ALL)
+        else if (entry->type == ASN_RID_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s",
+                entry->ridString);
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+    #endif
+        else if (entry->type == ASN_OTHER_TYPE) {
+            len = XSNPRINTF(scratch, MAX_WIDTH,
+                "othername <unsupported>");
+            if (len >= MAX_WIDTH) {
+                ret = WOLFSSL_FAILURE;
+                break;
+            }
+        }
+        else {
+            WOLFSSL_MSG("Bad alt name type.");
+            ret = WOLFSSL_FAILURE;
+            break;
+        }
+
+        if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch))
+                <= 0) {
+            ret = WOLFSSL_FAILURE;
+            break;
+        }
+
+        entry = entry->next;
+    }
+
+    if (ret == WOLFSSL_SUCCESS && wolfSSL_BIO_write(bio, "\n", 1) <= 0) {
+        ret = WOLFSSL_FAILURE;
+    }
+
+    return ret;
+}
+
+#endif /* if WOLFSSL_ACERT*/
+
 static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
         int indent)
 {
@@ -6163,6 +6455,70 @@ static int X509PrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
     return WOLFSSL_SUCCESS;
 }
 
+#ifndef NO_ASN_TIME
+static int X509PrintValidity(WOLFSSL_BIO* bio, WOLFSSL_ASN1_TIME * notBefore,
+                             WOLFSSL_ASN1_TIME * notAfter, int indent)
+{
+    char tmp[80];
+    (void) indent;
+
+    if (wolfSSL_BIO_write(bio, "        Validity\n",
+                  (int)XSTRLEN("        Validity\n")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(bio, "            Not Before: ",
+                  (int)XSTRLEN("            Not Before: ")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+    if (notBefore->length > 0) {
+        if (GetTimeString(notBefore->data, ASN_UTC_TIME,
+            tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
+            if (GetTimeString(notBefore->data, ASN_GENERALIZED_TIME,
+            tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
+                WOLFSSL_MSG("Error getting not before date");
+                return WOLFSSL_FAILURE;
+            }
+        }
+    }
+    else {
+        XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
+    }
+    tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
+    if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(bio, "\n            Not After : ",
+                  (int)XSTRLEN("\n            Not After : ")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+    if (notAfter->length > 0) {
+        if (GetTimeString(notAfter->data, ASN_UTC_TIME,
+            tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
+            if (GetTimeString(notAfter->data, ASN_GENERALIZED_TIME,
+                tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
+                WOLFSSL_MSG("Error getting not after date");
+                return WOLFSSL_FAILURE;
+            }
+        }
+    }
+    else {
+        XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
+    }
+    tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
+    if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* ifndef NO_ASN_TIME */
+
 /* iterate through certificate extensions printing them out in human readable
  * form
  * return WOLFSSL_SUCCESS on success
@@ -6205,7 +6561,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
         return WOLFSSL_FAILURE;
     }
 
-    for (i = 0; (i < count) && (ret != WOLFSSL_FAILURE); i++) {
+    for (i = 0; (i < count) && (ret != WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); i++) {
         WOLFSSL_X509_EXTENSION* ext;
 
         ext = wolfSSL_X509_get_ext(x509, i);
@@ -6222,7 +6578,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                 break;
             }
             if (wolfSSL_OBJ_obj2txt(buf, MAX_WIDTH, obj, 0)
-                == WOLFSSL_FAILURE)
+                == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             {
                 ret = WOLFSSL_FAILURE;
                 break;
@@ -6245,11 +6601,11 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
             }
             nid = wolfSSL_OBJ_obj2nid(obj);
             switch (nid) {
-            case NID_subject_alt_name:
+            case WC_NID_subject_alt_name:
                 ret = X509PrintSubjAltName(bio, x509, indent + 8);
                 break;
 
-            case NID_subject_key_identifier:
+            case WC_NID_subject_key_identifier:
                 if (!x509->subjKeyIdSet || x509->subjKeyId == NULL ||
                     x509->subjKeyIdSz == 0)
                 {
@@ -6285,7 +6641,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                     XMEMCPY(scratch + scratchLen, val, valLen);
                     scratchLen += valLen;
                 }
-                if (ret == WOLFSSL_FAILURE)
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
                     break;
                 if (wolfSSL_BIO_write(bio, scratch,
                                       scratchLen) <= 0) {
@@ -6294,7 +6650,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                 }
                 break;
 
-            case NID_authority_key_identifier:
+            case WC_NID_authority_key_identifier:
                 if (!x509->authKeyIdSet || x509->authKeyId == NULL ||
                     x509->authKeyIdSz == 0) {
                     ret = WOLFSSL_FAILURE;
@@ -6334,7 +6690,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                     XMEMCPY(scratch + scratchLen, val, valLen);
                     scratchLen += valLen;
                 }
-                if (ret == WOLFSSL_FAILURE)
+                if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
                     break;
                 if (wolfSSL_BIO_write(bio, scratch,
                                       scratchLen) <= 0) {
@@ -6343,7 +6699,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                 }
                 break;
 
-            case NID_basic_constraints:
+            case WC_NID_basic_constraints:
                 if (!x509->basicConstSet) {
                     ret = WOLFSSL_FAILURE;
                     break;
@@ -6364,11 +6720,11 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
                 }
                 break;
 
-            case NID_key_usage:
+            case WC_NID_key_usage:
                 ret = X509PrintKeyUsage(bio, x509, indent + 8);
                 break;
 
-            case NID_ext_key_usage:
+            case WC_NID_ext_key_usage:
                 ret = X509PrintExtendedKeyUsage(bio, x509, indent + 8);
                 break;
 
@@ -6432,7 +6788,7 @@ static int X509PrintSignature_ex(WOLFSSL_BIO* bio, byte* sig,
     }
     if (ret == WOLFSSL_SUCCESS) {
         if (wolfSSL_OBJ_obj2txt(scratch, MAX_WIDTH, obj, 0)
-            == WOLFSSL_FAILURE)
+            == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
         {
             ret = WOLFSSL_FAILURE;
         }
@@ -6593,7 +6949,8 @@ static int X509PrintPubKey(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
     if (bio == NULL || x509 == NULL)
         return BAD_FUNC_ARG;
 
-    len = XSNPRINTF(scratch, MAX_WIDTH, "%*sSubject Public Key Info:\n", indent, "");
+    len = XSNPRINTF(scratch, MAX_WIDTH, "%*sSubject Public Key Info:\n", indent,
+        "");
     if (len >= MAX_WIDTH)
         return WOLFSSL_FAILURE;
     if (wolfSSL_BIO_write(bio, scratch, len) <= 0)
@@ -6727,7 +7084,7 @@ static int X509PrintReqAttributes(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
             const byte* data;
 
             if (wolfSSL_OBJ_obj2txt(lName, lNameSz, attr->object, 0)
-                == WOLFSSL_FAILURE)
+                == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             {
                 return WOLFSSL_FAILURE;
             }
@@ -6778,8 +7135,10 @@ int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
             return WOLFSSL_FAILURE;
     }
 
-    /* print version of cert */
-    if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8)
+    /* print version of cert.  Note that we increment by 1 because for REQs,
+     * the value stored in x509->version is the actual value of the field; not
+     * the version. */
+    if (X509PrintVersion(bio, (int)wolfSSL_X509_REQ_get_version(x509) + 1, 8)
             != WOLFSSL_SUCCESS) {
         return WOLFSSL_FAILURE;
     }
@@ -6879,65 +7238,13 @@ int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
         return WOLFSSL_FAILURE;
     }
 
-#ifndef NO_ASN_TIME
+    #ifndef NO_ASN_TIME
     /* print validity */
-    {
-        char tmp[80];
-
-        if (wolfSSL_BIO_write(bio, "        Validity\n",
-                      (int)XSTRLEN("        Validity\n")) <= 0) {
-            return WOLFSSL_FAILURE;
-        }
-
-        if (wolfSSL_BIO_write(bio, "            Not Before: ",
-                      (int)XSTRLEN("            Not Before: ")) <= 0) {
-            return WOLFSSL_FAILURE;
-        }
-        if (x509->notBefore.length > 0) {
-            if (GetTimeString(x509->notBefore.data, ASN_UTC_TIME,
-                tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
-                if (GetTimeString(x509->notBefore.data, ASN_GENERALIZED_TIME,
-                tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("Error getting not before date");
-                    return WOLFSSL_FAILURE;
-                }
-            }
-        }
-        else {
-            XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
-        }
-        tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
-        if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
-            return WOLFSSL_FAILURE;
-        }
-
-        if (wolfSSL_BIO_write(bio, "\n            Not After : ",
-                      (int)XSTRLEN("\n            Not After : ")) <= 0) {
-            return WOLFSSL_FAILURE;
-        }
-        if (x509->notAfter.length > 0) {
-            if (GetTimeString(x509->notAfter.data, ASN_UTC_TIME,
-                tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
-                if (GetTimeString(x509->notAfter.data, ASN_GENERALIZED_TIME,
-                    tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("Error getting not after date");
-                    return WOLFSSL_FAILURE;
-                }
-            }
-        }
-        else {
-            XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
-        }
-        tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
-        if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
-            return WOLFSSL_FAILURE;
-        }
-
-        if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) {
-            return WOLFSSL_FAILURE;
-        }
+    if (X509PrintValidity(bio, &x509->notBefore, &x509->notAfter, 8)
+        != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
     }
-    #endif
+    #endif /* NO_ASN_TIME */
 
     /* print subject */
     if (X509PrintName(bio, wolfSSL_X509_get_subject_name(x509), subjType, 8)
@@ -6972,6 +7279,202 @@ int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
     return wolfSSL_X509_print_ex(bio, x509, 0, 0);
 }
 
+#if defined(WOLFSSL_ACERT)
+/* Retrieve sig NID from an ACERT.
+ *
+ * returns  NID on success
+ * returns  0 on failure
+ */
+int wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT *x509)
+{
+    if (x509 == NULL) {
+        return 0;
+    }
+
+    return oid2nid((word32)x509->sigOID, oidSigType);
+}
+
+static int X509AcertPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509,
+                                   int algOnly, int indent)
+{
+    int sigSz = 0;
+    if (wolfSSL_X509_ACERT_get_signature(x509, NULL, &sigSz) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (sigSz > 0) {
+        unsigned char* sig;
+        int sigNid;
+
+        sigNid = wolfSSL_X509_ACERT_get_signature_nid(x509);
+        if (sigNid <= 0) {
+            return WOLFSSL_FAILURE;
+        }
+
+        sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (sig == NULL) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (wolfSSL_X509_ACERT_get_signature(x509, sig, &sigSz) <= 0) {
+            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return WOLFSSL_FAILURE;
+        }
+
+        if (X509PrintSignature_ex(bio, sig, sigSz, sigNid, algOnly, indent)
+                != WOLFSSL_SUCCESS) {
+            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return WOLFSSL_FAILURE;
+        }
+
+        if (sig != NULL) {
+            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+
+static int X509AcertPrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509,
+                                int indent)
+{
+    unsigned char serial[32];
+    int  sz = sizeof(serial);
+
+    XMEMSET(serial, 0, sz);
+    if (wolfSSL_X509_ACERT_get_serial_number(x509, serial, &sz)
+        == WOLFSSL_SUCCESS) {
+        X509PrintSerial_ex(bio, serial, sz, 1, indent);
+    }
+    return WOLFSSL_SUCCESS;
+}
+
+int wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509)
+{
+    const char * hdr =                "Attribute Certificate:\n";
+    const char * data_hdr =           "    Data:\n";
+    const char * holder_hdr =         "        Holder:\n";
+    const char * holder_issuer_hdr =  "            Issuer:";
+    const char * holder_name_hdr =    "            Name:";
+    const char * attcert_issuer_hdr = "        Issuer:";
+
+    if (bio == NULL || x509 == NULL) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print acert header */
+    if (wolfSSL_BIO_write(bio, hdr, (int)XSTRLEN(hdr)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print data header */
+    if (wolfSSL_BIO_write(bio, data_hdr, (int)XSTRLEN(data_hdr)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print version of cert */
+    if (X509PrintVersion(bio, wolfSSL_X509_ACERT_version(x509), 8)
+            != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print serial number out */
+    if (X509AcertPrintSerial(bio, x509, 8) != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* print holder field */
+    if (wolfSSL_BIO_write(bio, holder_hdr, (int)XSTRLEN(holder_hdr)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (x509->holderEntityName != NULL) {
+        /* print issuer header */
+        if (wolfSSL_BIO_write(bio, holder_name_hdr,
+            (int)XSTRLEN(holder_name_hdr)) <= 0) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (X509_ACERT_print_name_entry(bio, x509->holderEntityName, 1)
+                != WOLFSSL_SUCCESS) {
+            return WOLFSSL_FAILURE;
+        }
+    }
+
+    if (x509->holderIssuerName != NULL) {
+        /* print issuer header */
+        if (wolfSSL_BIO_write(bio, holder_issuer_hdr,
+            (int)XSTRLEN(holder_issuer_hdr)) <= 0) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (X509_ACERT_print_name_entry(bio, x509->holderIssuerName, 1)
+            != WOLFSSL_SUCCESS) {
+            return WOLFSSL_FAILURE;
+        }
+    }
+
+    if (x509->holderSerialSz > 0) {
+        X509PrintSerial_ex(bio, x509->holderSerial, x509->holderSerialSz,
+                           1, 12);
+    }
+
+    /* print issuer header */
+    if (wolfSSL_BIO_write(bio, attcert_issuer_hdr,
+        (int)XSTRLEN(attcert_issuer_hdr)) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    if (x509->AttCertIssuerName != NULL) {
+        if (X509_ACERT_print_name_entry(bio, x509->AttCertIssuerName, 1)
+                != WOLFSSL_SUCCESS) {
+            return WOLFSSL_FAILURE;
+        }
+    }
+    else {
+        const char * msg = " Issuer type not supported.\n";
+        if (wolfSSL_BIO_write(bio, msg, (int)XSTRLEN(msg)) <= 0) {
+            return WOLFSSL_FAILURE;
+        }
+    }
+
+    #ifndef NO_ASN_TIME
+    /* print validity */
+    if (X509PrintValidity(bio, &x509->notBefore, &x509->notAfter, 8)
+        != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+    #endif /* NO_ASN_TIME */
+
+    /* print raw attributes */
+    if (x509->rawAttr && x509->rawAttrLen > 0) {
+        char attr_hdr[128]; /* buffer for XSNPRINTF */
+
+        if (XSNPRINTF(attr_hdr, 128, "%*s%s: %d bytes\n", 8, "",
+                    "Attributes", x509->rawAttrLen) >= 128) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (wolfSSL_BIO_write(bio, attr_hdr, (int)XSTRLEN(attr_hdr)) <= 0) {
+                return WOLFSSL_FAILURE;
+        }
+    }
+
+    /* print out sig algo and signature */
+    if (X509AcertPrintSignature(bio, x509, 0, 8) != WOLFSSL_SUCCESS) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* done with print out */
+    if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) {
+        return WOLFSSL_FAILURE;
+    }
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* WOLFSSL_ACERT */
+
 #ifndef NO_FILESYSTEM
 int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509)
 {
@@ -6990,7 +7493,7 @@ int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509)
         return WOLFSSL_FAILURE;
     }
 
-    if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
+    if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("wolfSSL_BIO_set_fp error");
         wolfSSL_BIO_free(bio);
         return WOLFSSL_FAILURE;
@@ -7097,13 +7600,12 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
 {
 #if !defined(NO_FILESYSTEM) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
-    int           ret = WOLFSSL_FAILURE;
+    int           ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     XFILE         fp;
     long          sz;
     byte*         pem = NULL;
     byte*         curr = NULL;
     byte*         prev = NULL;
-    WOLFSSL_X509* x509;
     const char* header = NULL;
     const char* footer = NULL;
 
@@ -7114,12 +7616,12 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
     if (fp == XBADFILE)
         return WS_RETURN_CODE(BAD_FUNC_ARG, (int)WOLFSSL_FAILURE);
 
-    if(XFSEEK(fp, 0, XSEEK_END) != 0) {
+    if (XFSEEK(fp, 0, XSEEK_END) != 0) {
         XFCLOSE(fp);
         return WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE);
     }
     sz = XFTELL(fp);
-    if(XFSEEK(fp, 0, XSEEK_SET) != 0) {
+    if (XFSEEK(fp, 0, XSEEK_SET) != 0) {
         XFCLOSE(fp);
         return WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE);
     }
@@ -7164,12 +7666,8 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
         }
         else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 &&
                 XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) {
-            x509 = wolfSSL_X509_load_certificate_buffer(curr, (int)sz,
-                                                        WOLFSSL_FILETYPE_PEM);
-            if (x509 == NULL)
-                 goto end;
-            ret = wolfSSL_X509_STORE_add_cert(lookup->store, x509);
-            wolfSSL_X509_free(x509);
+            ret = X509StoreLoadCertBuffer(lookup->store, curr,
+                                        (word32)sz, WOLFSSL_FILETYPE_PEM);
             if (ret != WOLFSSL_SUCCESS)
                 goto end;
             curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz);
@@ -7305,8 +7803,7 @@ static int x509AddCertDir(WOLFSSL_BY_DIR *ctx, const char *argc, long argl)
                 XSTRNCPY(entry->dir_name, buf, pathLen);
                 entry->dir_name[pathLen] = '\0';
 
-                if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry)
-                                                    != WOLFSSL_SUCCESS) {
+                if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry) <= 0) {
                     wolfSSL_BY_DIR_entry_free(entry);
                     #ifdef WOLFSSL_SMALL_STACK
                         XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
@@ -7352,7 +7849,7 @@ static int x509AddCertDir(WOLFSSL_BY_DIR *ctx, const char *argc, long argl)
 int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd,
         const char *argc, long argl, char **ret)
 {
-    int lret = WOLFSSL_FAILURE;
+    int lret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_X509_LOOKUP_ctrl");
 #if !defined(NO_FILESYSTEM)
@@ -7409,9 +7906,10 @@ static int wolfssl_x509_make_der(WOLFSSL_X509* x509, int req,
  *
  * returns WOLFSSL_SUCCESS on success
  */
-static int loadX509orX509REQFromBio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int req)
+static int loadX509orX509REQFromBio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
+    int req)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     /* Get large buffer to hold cert der */
     int derSz = X509_BUFFER_SZ;
 #ifdef WOLFSSL_SMALL_STACK
@@ -7518,11 +8016,22 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out)
 }
 
 #ifdef WOLFSSL_DUAL_ALG_CERTS
+/* Generate a der preTBS from a decoded cert, and write
+ * to buffer.
+ *
+ * @param [in]  cert  The decoded cert to parse.
+ * @param [out] der   The der buffer to write in.
+ * @param [in]  derSz The der buffer size.
+ *
+ * @return  preTBS der size on success.
+ * */
 int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) {
     int ret = 0;
     WOLFSSL_X509 *x = NULL;
     byte certIsCSR = 0;
 
+    WOLFSSL_ENTER("wc_GeneratePreTBS");
+
     if ((cert == NULL) || (der == NULL) || (derSz <= 0)) {
         return BAD_FUNC_ARG;
     }
@@ -7586,7 +8095,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio,
     size = wolfSSL_BIO_get_len(bio);
     if (size <= 0) {
         WOLFSSL_MSG("wolfSSL_BIO_get_len error. Possibly no pending data.");
-        WOLFSSL_ERROR(ASN1_R_HEADER_TOO_LONG);
+        WOLFSSL_ERROR(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E);
         return NULL;
     }
 
@@ -7644,7 +8153,8 @@ WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509)
 /* Use the public key to verify the signature. Note: this only verifies
  * the certificate signature.
  * returns WOLFSSL_SUCCESS on successful signature verification */
-static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, int req)
+static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
+    int req)
 {
     int ret;
     const byte* der;
@@ -7664,15 +8174,15 @@ static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, int r
     }
 
     switch (pkey->type) {
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             type = RSAk;
             break;
 
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             type = ECDSAk;
             break;
 
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
             type = DSAk;
             break;
 
@@ -7761,7 +8271,8 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
             if ((newx509 = wc_PKCS12_new()) == NULL) {
                 goto err_exit;
             }
-            if (wc_d2i_PKCS12(fileBuffer, (word32)sz, (WC_PKCS12*)newx509) < 0) {
+            if (wc_d2i_PKCS12(fileBuffer, (word32)sz,
+                                                     (WC_PKCS12*)newx509) < 0) {
                 goto err_exit;
             }
         }
@@ -7833,16 +8344,19 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             if (wolfSSL_X509_STORE_add_cert(ctx->store, x509)
                                     == WOLFSSL_SUCCESS) {
                 cnt++;
-            } else {
+            }
+            else {
                 WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert error");
             }
             wolfSSL_X509_free(x509);
             x509 = NULL;
-        } else {
+        }
+        else {
             WOLFSSL_MSG("wolfSSL_X509_load_certificate_file error");
         }
 
-    } else {
+    }
+    else {
 #if defined(OPENSSL_ALL)
     #if !defined(NO_BIO)
         STACK_OF(WOLFSSL_X509_INFO) *info;
@@ -7850,7 +8364,7 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
         int i;
         int num = 0;
         WOLFSSL_BIO *bio = wolfSSL_BIO_new_file(file, "rb");
-        if(!bio) {
+        if (!bio) {
             WOLFSSL_MSG("wolfSSL_BIO_new error");
             return cnt;
         }
@@ -7868,19 +8382,21 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             info_tmp = wolfSSL_sk_X509_INFO_value(info, i);
 
             if (info_tmp->x509) {
-                if(wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509) ==
+                if (wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509) ==
                     WOLFSSL_SUCCESS) {
                     cnt ++;
-                } else {
+                }
+                else {
                     WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert failed");
                 }
             }
 #ifdef HAVE_CRL
             if (info_tmp->crl) {
-                if(wolfSSL_X509_STORE_add_crl(ctx->store, info_tmp->crl) ==
+                if (wolfSSL_X509_STORE_add_crl(ctx->store, info_tmp->crl) ==
                     WOLFSSL_SUCCESS) {
                     cnt ++;
-                } else {
+                }
+                else {
                     WOLFSSL_MSG("wolfSSL_X509_STORE_add_crl failed");
                 }
             }
@@ -7973,7 +8489,8 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
 WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl)
 {
     WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp");
-    return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE);
+    return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl,
+        CRL_TYPE);
 }
 
 /* Read CRL file, and add it to store and corresponding cert manager     */
@@ -7985,7 +8502,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
                                              const char *file, int type)
 {
 #ifndef NO_BIO
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     int count = 0;
     WOLFSSL_BIO *bio = NULL;
     WOLFSSL_X509_CRL *crl = NULL;
@@ -8019,7 +8536,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             }
 
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
-            if (ret == WOLFSSL_FAILURE) {
+            if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
                 break;
             }
@@ -8034,15 +8551,18 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
         crl = wolfSSL_d2i_X509_CRL_bio(bio, NULL);
         if (crl == NULL) {
             WOLFSSL_MSG("Load crl failed");
-        } else {
+        }
+        else {
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
-            if (ret == WOLFSSL_FAILURE) {
+            if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
-            } else {
+            }
+            else {
                 ret = 1;/* handled a file */
             }
         }
-    } else {
+    }
+    else {
         WOLFSSL_MSG("Invalid file type");
     }
 
@@ -8052,7 +8572,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
     WOLFSSL_LEAVE("wolfSSL_X509_load_crl_file", ret);
     return ret;
 #else
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     int count = 0;
     XFILE fp;
     WOLFSSL_X509_CRL *crl = NULL;
@@ -8076,7 +8596,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
             }
 
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
-            if (ret == WOLFSSL_FAILURE) {
+            if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
                 break;
             }
@@ -8095,7 +8615,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
         }
         else {
             ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
-            if (ret == WOLFSSL_FAILURE) {
+            if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("Adding crl failed");
             }
             else {
@@ -8127,21 +8647,25 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl,
 
     if (in == NULL) {
         WOLFSSL_MSG("Bad argument value");
-    } else {
+    }
+    else {
         newcrl =(WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL,
                 DYNAMIC_TYPE_CRL);
-        if (newcrl == NULL){
+        if (newcrl == NULL) {
             WOLFSSL_MSG("New CRL allocation failed");
-        } else {
+        }
+        else {
             ret = InitCRL(newcrl, NULL);
             if (ret < 0) {
                 WOLFSSL_MSG("Init tmp CRL failed");
-            } else {
+            }
+            else {
                 ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1,
                     NO_VERIFY);
                 if (ret != WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("Buffer Load CRL failed");
-                } else {
+                }
+                else {
                     if (crl) {
                         *crl = newcrl;
                     }
@@ -8150,7 +8674,7 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl,
         }
     }
 
-    if((ret != WOLFSSL_SUCCESS) && (newcrl != NULL)) {
+    if ((ret != WOLFSSL_SUCCESS) && (newcrl != NULL)) {
         wolfSSL_X509_CRL_free(newcrl);
         newcrl = NULL;
     }
@@ -8218,8 +8742,15 @@ int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl,
         crl->crlList->signature == NULL || bufSz == NULL)
         return BAD_FUNC_ARG;
 
-    if (buf != NULL)
-        XMEMCPY(buf, crl->crlList->signature, *bufSz);
+    if (buf != NULL) {
+        if (*bufSz < (int)crl->crlList->signatureSz) {
+            WOLFSSL_MSG("Signature buffer too small");
+            return BUFFER_E;
+        }
+        else {
+            XMEMCPY(buf, crl->crlList->signature, crl->crlList->signatureSz);
+        }
+    }
     *bufSz = (int)crl->crlList->signatureSz;
 
     return WOLFSSL_SUCCESS;
@@ -8404,8 +8935,8 @@ static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
                 }
                 tmp[0] = '\0';
             }
-            if (XSNPRINTF(val, (size_t)valSz, ":%02X", crl->crlList->extAuthKeyId[i])
-                >= valSz)
+            if (XSNPRINTF(val, (size_t)valSz, ":%02X",
+                    crl->crlList->extAuthKeyId[i]) >= valSz)
             {
                 WOLFSSL_MSG("buffer overrun");
                 return WOLFSSL_FAILURE;
@@ -8708,7 +9239,7 @@ void wolfSSL_X509_VERIFY_PARAM_free(WOLFSSL_X509_VERIFY_PARAM *param)
 int wolfSSL_X509_VERIFY_PARAM_set_flags(WOLFSSL_X509_VERIFY_PARAM *param,
         unsigned long flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (param != NULL) {
         param->flags |= flags;
@@ -8734,7 +9265,7 @@ int wolfSSL_X509_VERIFY_PARAM_get_flags(WOLFSSL_X509_VERIFY_PARAM *param)
 int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
         unsigned long flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (param != NULL) {
         param->flags &= ~flags;
@@ -8768,10 +9299,16 @@ static const WOLFSSL_X509_VERIFY_PARAM x509_verify_param_builtins[] = {
     }
 };
 
-const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *name)
+const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(
+    const char *name)
 {
     const WOLFSSL_X509_VERIFY_PARAM *param = &x509_verify_param_builtins[0],
-        *param_end = &x509_verify_param_builtins[XELEM_CNT(x509_verify_param_builtins)];
+        *param_end = &x509_verify_param_builtins[
+                                         XELEM_CNT(x509_verify_param_builtins)];
+
+    if (name == NULL) {
+        return NULL;
+    }
     while (param < param_end) {
         if (XSTRCMP(name, param->name) == 0)
             return param;
@@ -8792,7 +9329,7 @@ const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *na
 int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
                                          const WOLFSSL_X509_VERIFY_PARAM *from)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WOLFSSL_SUCCESS;
     int isOverWrite = 0;
     int isDefault = 0;
     unsigned int flags;
@@ -8894,7 +9431,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
 int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM *to,
                                    const WOLFSSL_X509_VERIFY_PARAM *from)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     unsigned int _inherit_flags;
 
     if (!to) {
@@ -8936,7 +9473,7 @@ void wolfSSL_X509_VERIFY_PARAM_set_hostflags(WOLFSSL_X509_VERIFY_PARAM* param,
 int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param,
         const char *ipasc)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (param != NULL) {
         if (ipasc == NULL) {
@@ -8961,7 +9498,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param,
 int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
     const unsigned char* ip, size_t iplen)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #ifndef NO_FILESYSTEM
     char* buf = NULL;
     char* p = NULL;
@@ -8976,6 +9513,10 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
         WOLFSSL_MSG("bad function arg");
         return ret;
     }
+    if (ip == NULL && iplen != 0) {
+        WOLFSSL_MSG("bad function arg");
+        return ret;
+    }
 #ifndef NO_FILESYSTEM
     if (iplen == 4) {
         /* ipv4 www.xxx.yyy.zzz max 15 length + Null termination */
@@ -9022,7 +9563,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param,
         p = buf;
         for (i = 0; i < 16; i += 2) {
             val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF;
-            if (val == 0){
+            if (val == 0) {
                 if (!write_zero) {
                     *p = ':';
                 }
@@ -9092,12 +9633,13 @@ int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime)
     return wolfSSL_X509_cmp_time(asnTime, NULL);
 }
 
-/* return -1 if asnTime is earlier than or equal to cmpTime, and 1 otherwise
+/* return WOLFSSL_FATAL_ERROR if asnTime is earlier than or equal to cmpTime,
+ * and 1 otherwise
  * return 0 on error
  */
 int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     time_t tmpTime, *pTime = &tmpTime;
     struct tm ts, *tmpTs, *ct;
 #if defined(NEED_TMP_TIME)
@@ -9177,7 +9719,7 @@ WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl)
 {
     (void)crl;
     WOLFSSL_STUB("X509_CRL_get_REVOKED");
-    return 0;
+    return NULL;
 }
 #endif
 
@@ -9188,7 +9730,7 @@ WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
     (void)revoked;
     (void)value;
     WOLFSSL_STUB("sk_X509_REVOKED_value");
-    return 0;
+    return NULL;
 }
 #endif
 
@@ -9226,7 +9768,8 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
         }
         a->dataMax   = (unsigned int)x509->serialSz + 2;
         a->isDynamic = 1;
-    } else {
+    }
+    else {
         /* Use array instead of dynamic memory */
         a->data    = a->intData;
         a->dataMax = WOLFSSL_ASN1_INTEGER_MAX;
@@ -9306,8 +9849,8 @@ void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype,
             *pptype = algor->parameter->type;
         }
         else {
-            /* Default to V_ASN1_OBJECT */
-            *pptype = V_ASN1_OBJECT;
+            /* Default to WOLFSSL_V_ASN1_OBJECT */
+            *pptype = WOLFSSL_V_ASN1_OBJECT;
         }
     }
 }
@@ -9322,8 +9865,8 @@ void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype,
  * @return WOLFSSL_SUCCESS on success
  *         WOLFSSL_FAILURE on missing parameters or bad malloc
  */
-int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj,
-                            int ptype, void *pval)
+int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor,
+                            WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval)
 {
     if (!algor) {
         return WOLFSSL_FAILURE;
@@ -9344,6 +9887,110 @@ int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj
     return WOLFSSL_SUCCESS;
 }
 
+/**
+ * Serialize object to DER encoding
+ *
+ * @param alg Object to serialize
+ * @param pp  Output
+ * @return Length on success
+ *         Negative number on failure
+ */
+int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* alg,
+        unsigned char** pp)
+{
+    int len;
+    word32 oid = 0;
+    word32 idx = 0;
+    unsigned char* buf = NULL;
+
+    if (alg == NULL || alg->algorithm == 0) {
+        WOLFSSL_MSG("alg is NULL or algorithm not set");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (GetObjectId(alg->algorithm->obj, &idx, &oid,
+            (word32)alg->algorithm->grp, alg->algorithm->objSz) < 0) {
+        WOLFSSL_MSG("Issue getting OID of object");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    len = (int)SetAlgoID((int)oid, NULL, alg->algorithm->grp, 0);
+    if (len == 0) {
+        WOLFSSL_MSG("SetAlgoID error");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (pp != NULL) {
+        if (*pp != NULL)
+            buf = *pp;
+        else {
+            buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
+            if (buf == NULL)
+                return WOLFSSL_FATAL_ERROR;
+        }
+
+        len = (int)SetAlgoID((int)oid, buf, alg->algorithm->grp, 0);
+        if (len == 0) {
+            WOLFSSL_MSG("SetAlgoID error");
+            if (*pp == NULL)
+                XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
+            return WOLFSSL_FATAL_ERROR;
+        }
+
+        if (*pp != NULL)
+            *pp += len;
+        else
+            *pp = buf;
+    }
+
+    return len;
+}
+
+WOLFSSL_X509_ALGOR* wolfSSL_d2i_X509_ALGOR(WOLFSSL_X509_ALGOR** out,
+        const byte** src, long len)
+{
+    WOLFSSL_X509_ALGOR* ret = NULL;
+    word32 idx = 0;
+    word32 oid = 0;
+    int grp;
+
+    WOLFSSL_ENTER("wolfSSL_d2i_X509_ALGOR");
+
+    if (src == NULL || *src == NULL || len == 0)
+        return NULL;
+
+    if (GetAlgoId(*src, &idx, &oid, oidIgnoreType, (word32)len) != 0)
+        return NULL;
+
+    /* Try to guess the type */
+    for (grp = 0; grp < oidIgnoreType; grp++) {
+        word32 oidSz;
+        if (OidFromId(oid, (word32)grp, &oidSz) != NULL)
+            break;
+    }
+    if (grp == oidIgnoreType)
+        return NULL;
+
+    ret = wolfSSL_X509_ALGOR_new();
+    if (ret == NULL)
+        return NULL;
+
+    ret->algorithm = wolfSSL_OBJ_nid2obj(oid2nid(oid, grp));
+    if (ret->algorithm == NULL) {
+        wolfSSL_X509_ALGOR_free(ret);
+        return NULL;
+    }
+    *src += idx;
+
+    if (out != NULL) {
+        if (*out != NULL)
+            wolfSSL_X509_ALGOR_free(*out);
+        *out = ret;
+    }
+
+    return ret;
+}
+
 /**
  * Allocate a new WOLFSSL_X509_PUBKEY object.
  *
@@ -9475,14 +10122,14 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
 
     switch (key->type) {
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         pval = NULL;
-        ptype = V_ASN1_NULL;
+        ptype = WOLFSSL_V_ASN1_NULL;
         pk->pubKeyOID = RSAk;
         break;
 #endif
 #ifndef NO_DSA
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         if (!key->dsa->p || !key->dsa->q || !key->dsa->g)
             goto error;
 
@@ -9499,12 +10146,12 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
         str->isDynamic = 1;
 
         pval = str;
-        ptype = V_ASN1_SEQUENCE;
+        ptype = WOLFSSL_V_ASN1_SEQUENCE;
         pk->pubKeyOID = DSAk;
         break;
 #endif
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         group = wolfSSL_EC_KEY_get0_group(key->ecc);
         if (!group)
             goto error;
@@ -9520,7 +10167,7 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
         if (!pval)
             goto error;
 
-        ptype = V_ASN1_OBJECT;
+        ptype = WOLFSSL_V_ASN1_OBJECT;
         pk->pubKeyOID = ECDSAk;
         break;
 #endif
@@ -9531,7 +10178,7 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
 
     keyTypeObj = wolfSSL_OBJ_nid2obj(key->type);
     if (keyTypeObj == NULL) {
-        if (ptype == V_ASN1_OBJECT)
+        if (ptype == WOLFSSL_V_ASN1_OBJECT)
             ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT *)pval);
         else
             ASN1_STRING_free((WOLFSSL_ASN1_STRING *)pval);
@@ -9540,7 +10187,7 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
     if (!wolfSSL_X509_ALGOR_set0(pk->algor, keyTypeObj, ptype, pval)) {
         WOLFSSL_MSG("Failed to create algorithm object");
         ASN1_OBJECT_free(keyTypeObj);
-        if (ptype == V_ASN1_OBJECT)
+        if (ptype == WOLFSSL_V_ASN1_OBJECT)
             ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT *)pval);
         else
             ASN1_STRING_free((WOLFSSL_ASN1_STRING *)pval);
@@ -9563,11 +10210,13 @@ error:
     return WOLFSSL_FAILURE;
 }
 
-#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY || WOLFSSL_WPAS */
+#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY ||
+        * WOLFSSL_WPAS */
 
 #if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(NO_PWDBASED)
 
-int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der)
+int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey,
+    unsigned char** der)
 {
     if (x509_PubKey == NULL)
         return WOLFSSL_FATAL_ERROR;
@@ -9623,7 +10272,7 @@ WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void)
 void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id)
 {
     WOLFSSL_ENTER("wolfSSL_AUTHORITY_KEYID_free");
-    if(id == NULL) {
+    if (id == NULL) {
         WOLFSSL_MSG("Argument is NULL");
         return;
     }
@@ -9679,6 +10328,19 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
 }
 #endif
 
+#if defined(OPENSSL_EXTRA)
+
+WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_sk_X509_OBJECT_deep_copy(
+    const WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk,
+    WOLFSSL_X509_OBJECT* (*c)(const WOLFSSL_X509_OBJECT*),
+    void (*f)(WOLFSSL_X509_OBJECT*))
+{
+    (void)f; /* free function */
+    (void)c; /* copy function */
+    return wolfSSL_sk_dup((WOLFSSL_STACK*)sk);
+}
+#endif
+
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name)
     {
@@ -9741,7 +10403,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
 
 #ifdef WOLFSSL_CERT_GEN
 
-#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
+#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
+    defined(OPENSSL_EXTRA)
     /* Helper function to copy cert name from a WOLFSSL_X509_NAME structure to
     * a Cert structure.
     *
@@ -9750,7 +10413,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
     static int CopyX509NameToCert(WOLFSSL_X509_NAME* n, byte* out)
     {
         unsigned char* der = NULL;
-        int length = BAD_FUNC_ARG, ret;
+        int length = WC_NO_ERR_TRACE(BAD_FUNC_ARG), ret;
         word32 idx = 0;
 
         ret = wolfSSL_i2d_X509_NAME(n, &der);
@@ -9816,8 +10479,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
 
         #if defined(OPENSSL_ALL)
             idx = wolfSSL_X509_REQ_get_attr_by_NID(req,
-                    NID_pkcs9_unstructuredName, -1);
-            if (idx != WOLFSSL_FATAL_ERROR) {
+                    WC_NID_pkcs9_unstructuredName, -1);
+            if (idx != WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
                 WOLFSSL_X509_ATTRIBUTE *attr;
                 attr = wolfSSL_X509_REQ_get_attr(req, idx);
                 if (attr != NULL) {
@@ -9874,221 +10537,227 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
     }
 #endif /* WOLFSSL_CERT_REQ */
 
-    /* converts WOLFSSL_AN1_TIME to Cert form, returns positive size on
-     * success */
-    static int CertDateFromX509(byte* out, int outSz, WOLFSSL_ASN1_TIME* t)
-    {
-        int sz, i;
+/* converts WOLFSSL_AN1_TIME to Cert form, returns positive size on
+ * success */
+static int CertDateFromX509(byte* out, int outSz, WOLFSSL_ASN1_TIME* t)
+{
+    int sz, i;
 
-        if (t->length + 1 >= outSz) {
-            return BUFFER_E;
-        }
-
-        out[0] = (byte) t->type;
-        sz = (int)SetLength((word32)t->length, out + 1) + 1;  /* gen tag */
-        for (i = 0; i < t->length; i++) {
-            out[sz + i] = t->data[i];
-        }
-        return t->length + sz;
+    if (t->length + 1 >= outSz) {
+        return BUFFER_E;
     }
 
-    /* convert a WOLFSSL_X509 to a Cert structure for writing out */
-    static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
-    {
-        int ret;
-        #ifdef WOLFSSL_CERT_EXT
-        int i;
-        #endif
+    out[0] = (byte) t->type;
+    sz = (int)SetLength((word32)t->length, out + 1) + 1;  /* gen tag */
+    for (i = 0; i < t->length; i++) {
+        out[sz + i] = t->data[i];
+    }
+    return t->length + sz;
+}
 
-        WOLFSSL_ENTER("wolfSSL_X509_to_Cert");
+/* convert a WOLFSSL_X509 to a Cert structure for writing out */
+static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
+{
+    int ret;
+#ifdef WOLFSSL_CERT_EXT
+    int i;
+#endif
 
-        if (x509 == NULL || cert == NULL) {
-            return BAD_FUNC_ARG;
+    WOLFSSL_ENTER("wolfSSL_X509_to_Cert");
+
+    if (x509 == NULL || cert == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    wc_InitCert(cert);
+
+    cert->version = (int)wolfSSL_X509_get_version(x509);
+
+    if (x509->notBefore.length > 0) {
+        cert->beforeDateSz = CertDateFromX509(cert->beforeDate,
+                    CTC_DATE_SIZE, &x509->notBefore);
+        if (cert->beforeDateSz <= 0) {
+            WOLFSSL_MSG("Error converting WOLFSSL_X509 not before date");
+            return WOLFSSL_FAILURE;
         }
+    }
+    else {
+        cert->beforeDateSz = 0;
+    }
 
-        wc_InitCert(cert);
+    if (x509->notAfter.length > 0) {
+        cert->afterDateSz = CertDateFromX509(cert->afterDate,
+                    CTC_DATE_SIZE, &x509->notAfter);
+        if (cert->afterDateSz <= 0) {
+            WOLFSSL_MSG("Error converting WOLFSSL_X509 not after date");
+            return WOLFSSL_FAILURE;
+        }
+    }
+    else {
+        cert->afterDateSz = 0;
+    }
 
-        cert->version = (int)wolfSSL_X509_get_version(x509);
+#ifdef WOLFSSL_ALT_NAMES
+    cert->altNamesSz = FlattenAltNames(cert->altNames,
+            sizeof(cert->altNames), x509->altNames);
+#endif /* WOLFSSL_ALT_NAMES */
 
-        if (x509->notBefore.length > 0) {
-            cert->beforeDateSz = CertDateFromX509(cert->beforeDate,
-                        CTC_DATE_SIZE, &x509->notBefore);
-            if (cert->beforeDateSz <= 0){
-                WOLFSSL_MSG("Error converting WOLFSSL_X509 not before date");
-                return WOLFSSL_FAILURE;
-            }
+    cert->sigType = wolfSSL_X509_get_signature_type(x509);
+    cert->keyType = x509->pubKeyOID;
+    cert->isCA    = wolfSSL_X509_get_isCA(x509);
+    cert->basicConstCrit = x509->basicConstCrit;
+    cert->basicConstSet = x509->basicConstSet;
+    cert->pathLen = x509->pathLength;
+    cert->pathLenSet = x509->pathLengthSet;
+
+#ifdef WOLFSSL_CERT_EXT
+    if (x509->subjKeyIdSz <= CTC_MAX_SKID_SIZE) {
+        if (x509->subjKeyId) {
+            XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
+        }
+        cert->skidSz = (int)x509->subjKeyIdSz;
+    }
+    else {
+        WOLFSSL_MSG("Subject Key ID too large");
+        WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+        return WOLFSSL_FAILURE;
+    }
+
+    if (x509->authKeyIdSz < sizeof(cert->akid)) {
+    #ifdef WOLFSSL_AKID_NAME
+        cert->rawAkid = 0;
+        if (x509->authKeyIdSrc) {
+            XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
+            cert->akidSz = (int)x509->authKeyIdSrcSz;
+            cert->rawAkid = 1;
+        }
+        else
+    #endif
+        if (x509->authKeyId) {
+            XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
+            cert->akidSz = (int)x509->authKeyIdSz;
+        }
+    }
+    else {
+        WOLFSSL_MSG("Auth Key ID too large");
+        WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+        return WOLFSSL_FAILURE;
+    }
+
+    for (i = 0; i < x509->certPoliciesNb; i++) {
+        /* copy the smaller of MAX macros, by default they are currently equal*/
+        if ((int)CTC_MAX_CERTPOL_SZ <= (int)MAX_CERTPOL_SZ) {
+            XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
+                    CTC_MAX_CERTPOL_SZ);
         }
         else {
-            cert->beforeDateSz = 0;
+            XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
+                    MAX_CERTPOL_SZ);
         }
+    }
+    cert->certPoliciesNb = (word16)x509->certPoliciesNb;
 
-        if (x509->notAfter.length > 0) {
-            cert->afterDateSz = CertDateFromX509(cert->afterDate,
-                        CTC_DATE_SIZE, &x509->notAfter);
-            if (cert->afterDateSz <= 0){
-                WOLFSSL_MSG("Error converting WOLFSSL_X509 not after date");
-                return WOLFSSL_FAILURE;
-            }
-        }
-        else {
-            cert->afterDateSz = 0;
-        }
+    cert->keyUsage = x509->keyUsage;
+    cert->extKeyUsage = x509->extKeyUsage;
+    cert->nsCertType = x509->nsCertType;
 
-    #ifdef WOLFSSL_ALT_NAMES
-        cert->altNamesSz = FlattenAltNames(cert->altNames,
-                sizeof(cert->altNames), x509->altNames);
-    #endif /* WOLFSSL_ALT_NAMES */
-
-        cert->sigType = wolfSSL_X509_get_signature_type(x509);
-        cert->keyType = x509->pubKeyOID;
-        cert->isCA    = wolfSSL_X509_get_isCA(x509);
-        cert->basicConstSet = x509->basicConstSet;
-
-    #ifdef WOLFSSL_CERT_EXT
-        if (x509->subjKeyIdSz <= CTC_MAX_SKID_SIZE) {
-            if (x509->subjKeyId) {
-                XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
-            }
-            cert->skidSz = (int)x509->subjKeyIdSz;
-        }
-        else {
-            WOLFSSL_MSG("Subject Key ID too large");
+    if (x509->rawCRLInfo != NULL) {
+        if (x509->rawCRLInfoSz > CTC_MAX_CRLINFO_SZ) {
+            WOLFSSL_MSG("CRL Info too large");
             WOLFSSL_ERROR_VERBOSE(BUFFER_E);
             return WOLFSSL_FAILURE;
         }
+        XMEMCPY(cert->crlInfo, x509->rawCRLInfo, x509->rawCRLInfoSz);
+        cert->crlInfoSz = x509->rawCRLInfoSz;
+    }
 
-        if (x509->authKeyIdSz < sizeof(cert->akid)) {
-        #ifdef WOLFSSL_AKID_NAME
-            cert->rawAkid = 0;
-            if (x509->authKeyIdSrc) {
-                XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
-                cert->akidSz = (int)x509->authKeyIdSrcSz;
-                cert->rawAkid = 1;
-            }
-            else
-        #endif
-            if (x509->authKeyId) {
-                XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
-                cert->akidSz = (int)x509->authKeyIdSz;
-            }
-        }
-        else {
-            WOLFSSL_MSG("Auth Key ID too large");
-            WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* We point to instance in x509 so DON'T need to be free'd. */
+    cert->sapkiDer = x509->sapkiDer;
+    cert->sapkiLen = x509->sapkiLen;
+    cert->sapkiCrit = x509->sapkiCrit;
+    cert->altSigAlgDer = x509->altSigAlgDer;
+    cert->altSigAlgLen  = x509->altSigAlgLen;
+    cert->altSigAlgCrit = x509->altSigAlgCrit;
+    cert->altSigValDer = x509->altSigValDer;
+    cert->altSigValLen = x509->altSigValLen;
+    cert->altSigValCrit = x509->altSigValCrit;
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+#endif /* WOLFSSL_CERT_EXT */
+
+#ifdef WOLFSSL_CERT_REQ
+    /* copy over challenge password for REQ certs */
+    XMEMCPY(cert->challengePw, x509->challengePw, CTC_NAME_SIZE);
+#endif
+
+    /* Only makes sense to do this for OPENSSL_EXTRA because without
+     * this define the function will error out below */
+    #ifdef OPENSSL_EXTRA
+    if (x509->serialSz == 0 && x509->serialNumber != NULL &&
+            /* Check if the buffer contains more than just the
+             * ASN tag and length */
+            x509->serialNumber->length > 2) {
+        if (wolfSSL_X509_set_serialNumber(x509, x509->serialNumber)
+                != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("Failed to set serial number");
             return WOLFSSL_FAILURE;
         }
-
-        for (i = 0; i < x509->certPoliciesNb; i++) {
-            /* copy the smaller of MAX macros, by default they are currently equal*/
-            if ((int)CTC_MAX_CERTPOL_SZ <= (int)MAX_CERTPOL_SZ) {
-                XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
-                        CTC_MAX_CERTPOL_SZ);
-            }
-            else {
-                XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
-                        MAX_CERTPOL_SZ);
-            }
-        }
-        cert->certPoliciesNb = (word16)x509->certPoliciesNb;
-
-        cert->keyUsage = x509->keyUsage;
-        cert->extKeyUsage = x509->extKeyUsage;
-        cert->nsCertType = x509->nsCertType;
-
-        if (x509->rawCRLInfo != NULL) {
-            if (x509->rawCRLInfoSz > CTC_MAX_CRLINFO_SZ) {
-                WOLFSSL_MSG("CRL Info too large");
-                WOLFSSL_ERROR_VERBOSE(BUFFER_E);
-                return WOLFSSL_FAILURE;
-            }
-            XMEMCPY(cert->crlInfo, x509->rawCRLInfo, x509->rawCRLInfoSz);
-            cert->crlInfoSz = x509->rawCRLInfoSz;
-        }
-
-    #ifdef WOLFSSL_DUAL_ALG_CERTS
-        /* We point to instance in x509 so DON'T need to be free'd. */
-        cert->sapkiDer = x509->sapkiDer;
-        cert->sapkiLen = x509->sapkiLen;
-        cert->altSigAlgDer = x509->altSigAlgDer;
-        cert->altSigAlgLen = x509->altSigAlgLen;
-        cert->altSigValDer = x509->altSigValDer;
-        cert->altSigValLen = x509->altSigValLen;
-    #endif /* WOLFSSL_DUAL_ALG_CERTS */
-    #endif /* WOLFSSL_CERT_EXT */
-
-    #ifdef WOLFSSL_CERT_REQ
-        /* copy over challenge password for REQ certs */
-        XMEMCPY(cert->challengePw, x509->challengePw, CTC_NAME_SIZE);
+    }
     #endif
 
-        /* Only makes sense to do this for OPENSSL_EXTRA because without
-         * this define the function will error out below */
-        #ifdef OPENSSL_EXTRA
-        if (x509->serialSz == 0 && x509->serialNumber != NULL &&
-                /* Check if the buffer contains more than just the
-                 * ASN tag and length */
-                x509->serialNumber->length > 2) {
-            if (wolfSSL_X509_set_serialNumber(x509, x509->serialNumber)
-                    != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG("Failed to set serial number");
-                return WOLFSSL_FAILURE;
-            }
-        }
-        #endif
+    /* set serial number */
+    if (x509->serialSz > 0) {
+    #if defined(OPENSSL_EXTRA)
+        byte serial[EXTERNAL_SERIAL_SIZE];
+        int  serialSz = EXTERNAL_SERIAL_SIZE;
 
-        /* set serial number */
-        if (x509->serialSz > 0) {
-        #if defined(OPENSSL_EXTRA)
-            byte serial[EXTERNAL_SERIAL_SIZE];
-            int  serialSz = EXTERNAL_SERIAL_SIZE;
-
-            ret = wolfSSL_X509_get_serial_number(x509, serial, &serialSz);
-            if (ret != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG("Serial size error");
-                return WOLFSSL_FAILURE;
-            }
-
-            if (serialSz > EXTERNAL_SERIAL_SIZE ||
-                    serialSz > CTC_SERIAL_SIZE) {
-                WOLFSSL_MSG("Serial size too large error");
-                WOLFSSL_ERROR_VERBOSE(BUFFER_E);
-                return WOLFSSL_FAILURE;
-            }
-            XMEMCPY(cert->serial, serial, serialSz);
-            cert->serialSz = serialSz;
-        #else
-            WOLFSSL_MSG("Getting X509 serial number not supported");
+        ret = wolfSSL_X509_get_serial_number(x509, serial, &serialSz);
+        if (ret != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("Serial size error");
             return WOLFSSL_FAILURE;
-        #endif
         }
 
-        /* copy over Name structures */
-        if (x509->issuerSet)
-            cert->selfSigned = 0;
+        if (serialSz > EXTERNAL_SERIAL_SIZE ||
+                serialSz > CTC_SERIAL_SIZE) {
+            WOLFSSL_MSG("Serial size too large error");
+            WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+            return WOLFSSL_FAILURE;
+        }
+        XMEMCPY(cert->serial, serial, serialSz);
+        cert->serialSz = serialSz;
+    #else
+        WOLFSSL_MSG("Getting X509 serial number not supported");
+        return WOLFSSL_FAILURE;
+    #endif
+    }
 
-    #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
-        ret = CopyX509NameToCert(&x509->subject, cert->sbjRaw);
+    /* copy over Name structures */
+    if (x509->issuerSet)
+        cert->selfSigned = 0;
+
+#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
+    ret = CopyX509NameToCert(&x509->subject, cert->sbjRaw);
+    if (ret < 0) {
+        WOLFSSL_MSG("Subject conversion error");
+        return MEMORY_E;
+    }
+    if (cert->selfSigned) {
+        XMEMCPY(cert->issRaw, cert->sbjRaw, sizeof(CertName));
+    }
+    else {
+        ret = CopyX509NameToCert(&x509->issuer, cert->issRaw);
         if (ret < 0) {
-            WOLFSSL_MSG("Subject conversion error");
+            WOLFSSL_MSG("Issuer conversion error");
             return MEMORY_E;
         }
-        if (cert->selfSigned) {
-            XMEMCPY(cert->issRaw, cert->sbjRaw, sizeof(CertName));
-        }
-        else {
-            ret = CopyX509NameToCert(&x509->issuer, cert->issRaw);
-            if (ret < 0) {
-                WOLFSSL_MSG("Issuer conversion error");
-                return MEMORY_E;
-            }
-        }
-    #endif
-
-        cert->heap = x509->heap;
-
-        (void)ret;
-        return WOLFSSL_SUCCESS;
     }
+#endif
+
+    cert->heap = x509->heap;
+
+    (void)ret;
+    return WOLFSSL_SUCCESS;
+}
 
 
     /* returns the sig type to use on success i.e CTC_SHAwRSA and WOLFSSL_FALURE
@@ -10101,11 +10770,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
         int sigType = WOLFSSL_FAILURE;
 
         /* Convert key type and hash algorithm to a signature algorithm */
-        if (wolfSSL_EVP_get_hashinfo(md, &hashType, NULL) == WOLFSSL_FAILURE) {
+        if (wolfSSL_EVP_get_hashinfo(md, &hashType, NULL)
+            == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
             return WOLFSSL_FAILURE;
         }
 
-        if (pkey->type == EVP_PKEY_RSA) {
+        if (pkey->type == WC_EVP_PKEY_RSA) {
             switch (hashType) {
                 case WC_HASH_TYPE_SHA:
                     sigType = CTC_SHAwRSA;
@@ -10140,7 +10811,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
                     return WOLFSSL_FAILURE;
             }
         }
-        else if (pkey->type == EVP_PKEY_EC) {
+        else if (pkey->type == WC_EVP_PKEY_EC) {
             switch (hashType) {
                 case WC_HASH_TYPE_SHA:
                     sigType = CTC_SHAwECDSA;
@@ -10196,7 +10867,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
     static int wolfssl_x509_make_der(WOLFSSL_X509* x509, int req,
             unsigned char* der, int* derSz, int includeSig)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
         int totalLen;
         Cert* cert = NULL;
         void* key = NULL;
@@ -10385,9 +11056,15 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
         }
     #endif
     #if defined(HAVE_DILITHIUM)
-        if ((x509->pubKeyOID == DILITHIUM_LEVEL2k) ||
-            (x509->pubKeyOID == DILITHIUM_LEVEL3k) ||
-            (x509->pubKeyOID == DILITHIUM_LEVEL5k)) {
+        if ((x509->pubKeyOID == ML_DSA_LEVEL2k) ||
+            (x509->pubKeyOID == ML_DSA_LEVEL3k) ||
+            (x509->pubKeyOID == ML_DSA_LEVEL5k)
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+         || (x509->pubKeyOID == DILITHIUM_LEVEL2k)
+         || (x509->pubKeyOID == DILITHIUM_LEVEL3k)
+         || (x509->pubKeyOID == DILITHIUM_LEVEL5k)
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+            ) {
             dilithium = (dilithium_key*)XMALLOC(sizeof(dilithium_key), NULL,
                                           DYNAMIC_TYPE_DILITHIUM);
             if (dilithium == NULL) {
@@ -10403,18 +11080,32 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
                 return ret;
             }
 
-            if (x509->pubKeyOID == DILITHIUM_LEVEL2k) {
+            if (x509->pubKeyOID == ML_DSA_LEVEL2k) {
+                type = ML_DSA_LEVEL2_TYPE;
+                wc_dilithium_set_level(dilithium, WC_ML_DSA_44);
+            }
+            else if (x509->pubKeyOID == ML_DSA_LEVEL3k) {
+                type = ML_DSA_LEVEL3_TYPE;
+                wc_dilithium_set_level(dilithium, WC_ML_DSA_65);
+            }
+            else if (x509->pubKeyOID == ML_DSA_LEVEL5k) {
+                type = ML_DSA_LEVEL5_TYPE;
+                wc_dilithium_set_level(dilithium, WC_ML_DSA_87);
+            }
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+            else if (x509->pubKeyOID == DILITHIUM_LEVEL2k) {
                 type = DILITHIUM_LEVEL2_TYPE;
-                wc_dilithium_set_level(dilithium, 2);
+                wc_dilithium_set_level(dilithium, WC_ML_DSA_44_DRAFT);
             }
             else if (x509->pubKeyOID == DILITHIUM_LEVEL3k) {
                 type = DILITHIUM_LEVEL3_TYPE;
-                wc_dilithium_set_level(dilithium, 3);
+                wc_dilithium_set_level(dilithium, WC_ML_DSA_65_DRAFT);
             }
             else if (x509->pubKeyOID == DILITHIUM_LEVEL5k) {
                 type = DILITHIUM_LEVEL5_TYPE;
-                wc_dilithium_set_level(dilithium, 5);
+                wc_dilithium_set_level(dilithium, WC_ML_DSA_87_DRAFT);
             }
+            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
 
             ret = wc_Dilithium_PublicKeyDecode(x509->pubKey.buffer, &idx,
                                     dilithium, x509->pubKey.length);
@@ -10595,9 +11286,15 @@ cleanup:
         }
     #endif
     #if defined(HAVE_DILITHIUM)
-        if ((x509->pubKeyOID == DILITHIUM_LEVEL2k) ||
-            (x509->pubKeyOID == DILITHIUM_LEVEL3k) ||
-            (x509->pubKeyOID == DILITHIUM_LEVEL5k)) {
+        if ((x509->pubKeyOID == ML_DSA_LEVEL2k) ||
+            (x509->pubKeyOID == ML_DSA_LEVEL3k) ||
+            (x509->pubKeyOID == ML_DSA_LEVEL5k)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+         || (x509->pubKeyOID == DILITHIUM_LEVEL2k)
+         || (x509->pubKeyOID == DILITHIUM_LEVEL3k)
+         || (x509->pubKeyOID == DILITHIUM_LEVEL5k)
+        #endif
+        ) {
             wc_dilithium_free(dilithium);
             XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
         }
@@ -10640,7 +11337,7 @@ cleanup:
         WOLFSSL_ENTER("wolfSSL_X509_resign_cert");
 
         sigType = wolfSSL_sigTypeFromPKEY(md, pkey);
-        if (sigType == WOLFSSL_FAILURE) {
+        if (sigType == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
             WOLFSSL_MSG("Error getting signature type from pkey");
             return WOLFSSL_FATAL_ERROR;
         }
@@ -10648,13 +11345,13 @@ cleanup:
 
         /* Get the private key object and type from pkey. */
     #ifndef NO_RSA
-        if (pkey->type == EVP_PKEY_RSA) {
+        if (pkey->type == WC_EVP_PKEY_RSA) {
             type = RSA_TYPE;
             key = pkey->rsa->internal;
         }
     #endif
     #ifdef HAVE_ECC
-        if (pkey->type == EVP_PKEY_EC) {
+        if (pkey->type == WC_EVP_PKEY_EC) {
             type = ECC_TYPE;
             key = pkey->ecc->internal;
         }
@@ -10664,7 +11361,8 @@ cleanup:
         ret = wc_InitRng(&rng);
         if (ret != 0)
             return ret;
-        ret = wc_SignCert_ex(certBodySz, sigType, der, (word32)derSz, type, key, &rng);
+        ret = wc_SignCert_ex(certBodySz, sigType, der, (word32)derSz, type, key,
+            &rng);
         wc_FreeRng(&rng);
         if (ret < 0) {
             WOLFSSL_LEAVE("wolfSSL_X509_resign_cert", ret);
@@ -10730,70 +11428,71 @@ cleanup:
     }
 
 
-    #ifndef WC_MAX_X509_GEN
-        /* able to override max size until dynamic buffer created */
-        #define WC_MAX_X509_GEN 4096
-    #endif
+#ifndef WC_MAX_X509_GEN
+    /* able to override max size until dynamic buffer created */
+    #define WC_MAX_X509_GEN 4096
+#endif
 
-    /* returns the size of signature on success */
-    int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
-            const WOLFSSL_EVP_MD* md)
-    {
-        int  ret;
-        /* @TODO dynamic set based on expected cert size */
-        byte *der = (byte *)XMALLOC(WC_MAX_X509_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        int  derSz = WC_MAX_X509_GEN;
+/* returns the size of signature on success */
+int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
+        const WOLFSSL_EVP_MD* md)
+{
+    int  ret;
+    /* @TODO dynamic set based on expected cert size */
+    byte *der = (byte *)XMALLOC(WC_MAX_X509_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    int  derSz = WC_MAX_X509_GEN;
 
-        WOLFSSL_ENTER("wolfSSL_X509_sign");
+    WOLFSSL_ENTER("wolfSSL_X509_sign");
 
-        if (x509 == NULL || pkey == NULL || md == NULL) {
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-
-        x509->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey);
-        if ((ret = wolfssl_x509_make_der(x509, 0, der, &derSz, 0)) !=
-                WOLFSSL_SUCCESS) {
-            WOLFSSL_MSG("Unable to make DER for X509");
-            WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
-            (void)ret;
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-
-        ret = wolfSSL_X509_resign_cert(x509, 0, der, WC_MAX_X509_GEN, derSz,
-                (WOLFSSL_EVP_MD*)md, pkey);
-        if (ret <= 0) {
-            WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
-            ret = WOLFSSL_FAILURE;
-            goto out;
-        }
-
-    out:
-        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-        return ret;
+    if (x509 == NULL || pkey == NULL || md == NULL) {
+        ret = WOLFSSL_FAILURE;
+        goto out;
     }
 
+    x509->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey);
+    if ((ret = wolfssl_x509_make_der(x509, 0, der, &derSz, 0)) !=
+            WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("Unable to make DER for X509");
+        WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
+        (void)ret;
+        ret = WOLFSSL_FAILURE;
+        goto out;
+    }
+
+    ret = wolfSSL_X509_resign_cert(x509, 0, der, WC_MAX_X509_GEN, derSz,
+            (WOLFSSL_EVP_MD*)md, pkey);
+    if (ret <= 0) {
+        WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
+        ret = WOLFSSL_FAILURE;
+        goto out;
+    }
+
+out:
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    return ret;
+}
+
 #if defined(OPENSSL_EXTRA)
-    int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx)
-    {
-        WOLFSSL_ENTER("wolfSSL_X509_sign_ctx");
+int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_sign_ctx");
 
-        if (!x509 || !ctx || !ctx->pctx || !ctx->pctx->pkey) {
-            WOLFSSL_MSG("Bad parameter");
-            return WOLFSSL_FAILURE;
-        }
-
-        return wolfSSL_X509_sign(x509, ctx->pctx->pkey, wolfSSL_EVP_MD_CTX_md(ctx));
+    if (!x509 || !ctx || !ctx->pctx || !ctx->pctx->pkey) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
     }
+
+    return wolfSSL_X509_sign(x509, ctx->pctx->pkey,
+        wolfSSL_EVP_MD_CTX_md(ctx));
+}
 #endif /* OPENSSL_EXTRA */
 #endif /* WOLFSSL_CERT_GEN */
 
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
     defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)
-/* Converts from NID_* value to wolfSSL value if needed.
+/* Converts from WC_NID_* value to wolfSSL value if needed.
  *
  * @param [in] nid  Numeric Id of a domain name component.
  * @return  Domain name tag values - wolfSSL internal values.
@@ -10802,37 +11501,39 @@ cleanup:
 static int ConvertNIDToWolfSSL(int nid)
 {
     switch (nid) {
-        case NID_commonName : return ASN_COMMON_NAME;
+        case WC_NID_commonName : return ASN_COMMON_NAME;
     #ifdef WOLFSSL_CERT_NAME_ALL
-        case NID_name :       return ASN_NAME;
-        case NID_givenName:   return ASN_GIVEN_NAME;
-        case NID_dnQualifier :   return ASN_DNQUALIFIER;
-        case NID_initials:   return ASN_INITIALS;
+        case WC_NID_name :       return ASN_NAME;
+        case WC_NID_givenName:   return ASN_GIVEN_NAME;
+        case WC_NID_dnQualifier :   return ASN_DNQUALIFIER;
+        case WC_NID_initials:   return ASN_INITIALS;
     #endif /* WOLFSSL_CERT_NAME_ALL */
-        case NID_surname :    return ASN_SUR_NAME;
-        case NID_countryName: return ASN_COUNTRY_NAME;
-        case NID_localityName: return ASN_LOCALITY_NAME;
-        case NID_stateOrProvinceName: return ASN_STATE_NAME;
-        case NID_streetAddress: return ASN_STREET_ADDR;
-        case NID_organizationName: return ASN_ORG_NAME;
-        case NID_organizationalUnitName: return ASN_ORGUNIT_NAME;
-        case NID_emailAddress: return ASN_EMAIL_NAME;
-        case NID_pkcs9_contentType: return ASN_CONTENT_TYPE;
-        case NID_serialNumber: return ASN_SERIAL_NUMBER;
-        case NID_userId: return ASN_USER_ID;
-        case NID_businessCategory: return ASN_BUS_CAT;
-        case NID_domainComponent: return ASN_DOMAIN_COMPONENT;
-        case NID_postalCode: return ASN_POSTAL_CODE;
-        case NID_favouriteDrink: return ASN_FAVOURITE_DRINK;
+        case WC_NID_surname :    return ASN_SUR_NAME;
+        case WC_NID_countryName: return ASN_COUNTRY_NAME;
+        case WC_NID_localityName: return ASN_LOCALITY_NAME;
+        case WC_NID_stateOrProvinceName: return ASN_STATE_NAME;
+        case WC_NID_streetAddress: return ASN_STREET_ADDR;
+        case WC_NID_organizationName: return ASN_ORG_NAME;
+        case WC_NID_organizationalUnitName: return ASN_ORGUNIT_NAME;
+        case WC_NID_emailAddress: return ASN_EMAIL_NAME;
+        case WC_NID_pkcs9_contentType: return ASN_CONTENT_TYPE;
+        case WC_NID_serialNumber: return ASN_SERIAL_NUMBER;
+        case WC_NID_userId: return ASN_USER_ID;
+        case WC_NID_businessCategory: return ASN_BUS_CAT;
+        case WC_NID_domainComponent: return ASN_DOMAIN_COMPONENT;
+        case WC_NID_postalCode: return ASN_POSTAL_CODE;
+        case WC_NID_rfc822Mailbox: return ASN_RFC822_MAILBOX;
+        case WC_NID_favouriteDrink: return ASN_FAVOURITE_DRINK;
         default:
             WOLFSSL_MSG("Attribute NID not found");
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
     }
 }
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA ||
           OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL*/
 
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
+    defined(OPENSSL_EXTRA_X509_SMALL)
 /* This is to convert the x509 name structure into canonical DER format     */
 /*  , which has the following rules:                                        */
 /*   convert to UTF8                                                        */
@@ -11022,15 +11723,16 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
             type    = wolfSSL_ASN1_STRING_type(data);
 
             switch (type) {
-                case MBSTRING_UTF8:
+                case WOLFSSL_MBSTRING_UTF8:
                     type = CTC_UTF8;
                     break;
-                case MBSTRING_ASC:
-                case V_ASN1_PRINTABLESTRING:
+                case WOLFSSL_MBSTRING_ASC:
+                case WOLFSSL_V_ASN1_PRINTABLESTRING:
                     type = CTC_PRINTABLE;
                     break;
                 default:
-                    WOLFSSL_MSG("Unknown encoding type conversion UTF8 by default");
+                    WOLFSSL_MSG(
+                        "Unknown encoding type conversion UTF8 by default");
                     type = CTC_UTF8;
             }
             ret = wc_EncodeName(&names[i], nameStr, (char)type,
@@ -11201,81 +11903,137 @@ cleanup:
 
 #ifndef NO_BIO
 
-    static WOLFSSL_X509 *loadX509orX509REQFromPemBio(WOLFSSL_BIO *bp,
-            WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u, int type)
-    {
-        WOLFSSL_X509* x509 = NULL;
+static WOLFSSL_X509 *loadX509orX509REQFromPemBio(WOLFSSL_BIO *bp,
+        WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u, int type)
+{
+    WOLFSSL_X509* x509 = NULL;
 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
-        unsigned char* pem = NULL;
-        int pemSz;
-        long  i = 0, l, footerSz;
-        const char* footer = NULL;
+    unsigned char* pem = NULL;
+    int pemSz;
+    long  i = 0, l, footerSz;
+    const char* footer = NULL;
 
-        WOLFSSL_ENTER("loadX509orX509REQFromPemBio");
+    WOLFSSL_ENTER("loadX509orX509REQFromPemBio");
 
-        if (bp == NULL || (type != CERT_TYPE && type != CERTREQ_TYPE)) {
-            WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG);
-            return NULL;
-        }
+    if (bp == NULL || (type != CERT_TYPE && type != CERTREQ_TYPE)) {
+        WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG);
+        return NULL;
+    }
 
-        if ((l = wolfSSL_BIO_get_len(bp)) <= 0) {
-            /* No certificate in buffer */
+    if ((l = wolfSSL_BIO_get_len(bp)) <= 0) {
+        /* No certificate in buffer */
 #if defined (WOLFSSL_HAPROXY)
-            WOLFSSL_ERROR(PEM_R_NO_START_LINE);
+        WOLFSSL_ERROR(PEM_R_NO_START_LINE);
 #else
-            WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
+        WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
 #endif
+        return NULL;
+    }
+
+    pemSz = (int)l;
+    pem   = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
+    if (pem == NULL)
+        return NULL;
+    XMEMSET(pem, 0, pemSz);
+
+    i = 0;
+    if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) {
+        XFREE(pem, 0, DYNAMIC_TYPE_PEM);
+        return NULL;
+    }
+    footerSz = (long)XSTRLEN(footer);
+
+    /* TODO: Inefficient
+     * reading in one byte at a time until see the footer
+     */
+    while ((l = wolfSSL_BIO_read(bp, (char *)&pem[i], 1)) == 1) {
+        i++;
+        if (i > footerSz && XMEMCMP((char *)&pem[i-footerSz], footer,
+                footerSz) == 0) {
+            if (wolfSSL_BIO_read(bp, (char *)&pem[i], 1) == 1) {
+                /* attempt to read newline following footer */
+                i++;
+                if (pem[i-1] == '\r') {
+                    /* found \r , Windows line ending is \r\n so try to read one
+                     * more byte for \n, ignoring return value */
+                    (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1);
+                }
+            }
+            break;
+        }
+    }
+    if (l == 0)
+        WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
+    if (i > pemSz) {
+        WOLFSSL_MSG("Error parsing PEM");
+    }
+    else {
+        pemSz = (int)i;
+    #ifdef WOLFSSL_CERT_REQ
+        if (type == CERTREQ_TYPE)
+            x509 = loadX509orX509REQFromBuffer(pem, pemSz, WOLFSSL_FILETYPE_PEM,
+                CERTREQ_TYPE, cb, u);
+        else
+    #endif
+            x509 = loadX509orX509REQFromBuffer(pem, pemSz, WOLFSSL_FILETYPE_PEM,
+                CERT_TYPE, cb, u);
+    }
+
+    if (x != NULL) {
+        *x = x509;
+    }
+
+    XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+
+#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
+    (void)bp;
+    (void)x;
+    (void)cb;
+    (void)u;
+
+    return x509;
+}
+
+
+#if defined(WOLFSSL_ACERT)
+    WOLFSSL_X509_ACERT *wolfSSL_PEM_read_bio_X509_ACERT(WOLFSSL_BIO *bp,
+                                                        WOLFSSL_X509_ACERT **x,
+                                                        wc_pem_password_cb *cb,
+                                                        void *u)
+    {
+        WOLFSSL_X509_ACERT* x509 = NULL;
+#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
+        unsigned char * pem = NULL;
+        int             pemSz;
+
+        WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509_ACERT");
+
+        if (bp == NULL) {
+            WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509_ACERT", BAD_FUNC_ARG);
             return NULL;
         }
 
-        pemSz = (int)l;
-        pem   = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
-        if (pem == NULL)
+        if ((pemSz = wolfSSL_BIO_get_len(bp)) <= 0) {
+            /* No certificate in buffer */
+            WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
             return NULL;
+        }
+
+        pem   = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
+
+        if (pem == NULL) {
+            return NULL;
+        }
+
         XMEMSET(pem, 0, pemSz);
 
-        i = 0;
-        if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) {
-            XFREE(pem, 0, DYNAMIC_TYPE_PEM);
+        if (wolfSSL_BIO_read(bp, pem, pemSz) != pemSz) {
+            XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
             return NULL;
         }
-        footerSz = (long)XSTRLEN(footer);
 
-        /* TODO: Inefficient
-         * reading in one byte at a time until see the footer
-         */
-        while ((l = wolfSSL_BIO_read(bp, (char *)&pem[i], 1)) == 1) {
-            i++;
-            if (i > footerSz && XMEMCMP((char *)&pem[i-footerSz], footer,
-                    footerSz) == 0) {
-                if (wolfSSL_BIO_read(bp, (char *)&pem[i], 1) == 1) {
-                    /* attempt to read newline following footer */
-                    i++;
-                    if (pem[i-1] == '\r') {
-                        /* found \r , Windows line ending is \r\n so try to read one
-                         * more byte for \n, ignoring return value */
-                        (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1);
-                    }
-                }
-                break;
-            }
-        }
-        if (l == 0)
-            WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
-        if (i > pemSz) {
-            WOLFSSL_MSG("Error parsing PEM");
-        }
-        else {
-            pemSz = (int)i;
-        #ifdef WOLFSSL_CERT_REQ
-            if (type == CERTREQ_TYPE)
-                x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz,
+        x509 = wolfSSL_X509_ACERT_load_certificate_buffer(pem, pemSz,
                                                           WOLFSSL_FILETYPE_PEM);
-            else
-        #endif
-                x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
-                                                          WOLFSSL_FILETYPE_PEM);
-        }
 
         if (x != NULL) {
             *x = x509;
@@ -11290,8 +12048,9 @@ cleanup:
         (void)u;
 
         return x509;
-    }
 
+    }
+#endif /* WOLFSSL_ACERT */
 
     WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
                                             wc_pem_password_cb *cb, void *u)
@@ -11321,11 +12080,11 @@ cleanup:
     }
 
 #ifdef WOLFSSL_CERT_REQ
-    WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
+WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
                                                 wc_pem_password_cb *cb, void *u)
-    {
-        return loadX509orX509REQFromPemBio(bp, x, cb, u, CERTREQ_TYPE);
-    }
+{
+    return loadX509orX509REQFromPemBio(bp, x, cb, u, CERTREQ_TYPE);
+}
 
 #ifndef NO_FILESYSTEM
     WOLFSSL_X509* wolfSSL_PEM_read_X509_REQ(XFILE fp, WOLFSSL_X509** x,
@@ -11349,7 +12108,7 @@ cleanup:
                 err = 1;
             }
         }
-        if (err == 0 && wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE)
+        if (err == 0 && wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_CLOSE)
                 != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Failed to set BIO file pointer.");
             err = 1;
@@ -11358,9 +12117,7 @@ cleanup:
             ret = wolfSSL_PEM_read_bio_X509_REQ(bio, x, cb, u);
         }
 
-        if (bio != NULL) {
-            wolfSSL_BIO_free(bio);
-        }
+        wolfSSL_BIO_free(bio);
 
         return ret;
     }
@@ -11390,17 +12147,17 @@ cleanup:
             goto err;
         }
 
-        if((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) {
+        if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) {
             goto err;
         }
         derSz = (int)der->length;
-        if((crl = wolfSSL_d2i_X509_CRL(x, der->buffer, derSz)) == NULL) {
+        if ((crl = wolfSSL_d2i_X509_CRL(x, der->buffer, derSz)) == NULL) {
             goto err;
         }
 
 err:
         XFREE(pem, 0, DYNAMIC_TYPE_PEM);
-        if(der != NULL) {
+        if (der != NULL) {
             FreeDer(&der);
         }
 
@@ -11421,106 +12178,107 @@ err:
 #endif /* !NO_BIO */
 
 #if !defined(NO_FILESYSTEM)
-    static void* wolfSSL_PEM_read_X509_ex(XFILE fp, void **x,
-        wc_pem_password_cb *cb, void *u, int type)
-    {
-        unsigned char* pem = NULL;
-        int pemSz;
-        long i = 0, l;
-        void *newx509;
-        int derSz;
-        DerBuffer* der = NULL;
+static void* wolfSSL_PEM_read_X509_ex(XFILE fp, void **x,
+    wc_pem_password_cb *cb, void *u, int type)
+{
+    unsigned char* pem = NULL;
+    int pemSz;
+    long i = 0, l;
+    void *newx509;
+    int derSz;
+    DerBuffer* der = NULL;
 
-        WOLFSSL_ENTER("wolfSSL_PEM_read_X509");
-
-        if (fp == XBADFILE) {
-            WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
-            return NULL;
-        }
-        /* Read cert from file */
-        i = XFTELL(fp);
-        if (i < 0) {
-            WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
-            return NULL;
-        }
-
-        if (XFSEEK(fp, 0, XSEEK_END) != 0)
-            return NULL;
-        l = XFTELL(fp);
-        if (l < 0)
-            return NULL;
-        if (XFSEEK(fp, i, SEEK_SET) != 0)
-            return NULL;
-        pemSz = (int)(l - i);
-
-        /* check calculated length */
-        if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz <= 0) {
-            WOLFSSL_MSG("PEM_read_X509_ex file size error");
-            return NULL;
-        }
-
-        /* allocate pem buffer */
-        pem = (unsigned char*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_PEM);
-        if (pem == NULL)
-            return NULL;
-
-        if ((int)XFREAD((char *)pem, 1, (size_t)pemSz, fp) != pemSz)
-            goto err_exit;
-
-        switch (type) {
-            case CERT_TYPE:
-                newx509 = (void *)wolfSSL_X509_load_certificate_buffer(pem,
-                    pemSz, WOLFSSL_FILETYPE_PEM);
-                break;
-
-        #ifdef HAVE_CRL
-            case CRL_TYPE:
-                if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0)
-                    goto err_exit;
-                derSz = (int)der->length;
-                newx509 = (void*)wolfSSL_d2i_X509_CRL((WOLFSSL_X509_CRL **)x,
-                    (const unsigned char *)der->buffer, derSz);
-                if (newx509 == NULL)
-                    goto err_exit;
-                FreeDer(&der);
-                break;
-        #endif
-
-            default:
-                goto err_exit;
-        }
-        if (x != NULL) {
-            *x = newx509;
-        }
-        XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
-        return newx509;
-
-    err_exit:
-        XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
-        if (der != NULL)
-            FreeDer(&der);
-
-        /* unused */
-        (void)cb;
-        (void)u;
-        (void)derSz;
+    WOLFSSL_ENTER("wolfSSL_PEM_read_X509");
 
+    if (fp == XBADFILE) {
+        WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
+        return NULL;
+    }
+    /* Read cert from file */
+    i = XFTELL(fp);
+    if (i < 0) {
+        WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
         return NULL;
     }
 
-    WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x,
-                                                    wc_pem_password_cb *cb,
-                                                    void *u)
-    {
-        return (WOLFSSL_X509* )wolfSSL_PEM_read_X509_ex(fp, (void **)x, cb, u, CERT_TYPE);
+    if (XFSEEK(fp, 0, XSEEK_END) != 0)
+        return NULL;
+    l = XFTELL(fp);
+    if (l < 0)
+        return NULL;
+    if (XFSEEK(fp, i, SEEK_SET) != 0)
+        return NULL;
+    pemSz = (int)(l - i);
+
+    /* check calculated length */
+    if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz <= 0) {
+        WOLFSSL_MSG("PEM_read_X509_ex file size error");
+        return NULL;
     }
 
-#if defined(HAVE_CRL)
-    WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl,
-                                                    wc_pem_password_cb *cb, void *u)
-    {
-        return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u, CRL_TYPE);
+    /* allocate pem buffer */
+    pem = (unsigned char*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_PEM);
+    if (pem == NULL)
+        return NULL;
+
+    if ((int)XFREAD((char *)pem, 1, (size_t)pemSz, fp) != pemSz)
+        goto err_exit;
+
+    switch (type) {
+        case CERT_TYPE:
+            newx509 = (void *)wolfSSL_X509_load_certificate_buffer(pem,
+                pemSz, WOLFSSL_FILETYPE_PEM);
+            break;
+
+    #ifdef HAVE_CRL
+        case CRL_TYPE:
+            if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0)
+                goto err_exit;
+            derSz = (int)der->length;
+            newx509 = (void*)wolfSSL_d2i_X509_CRL((WOLFSSL_X509_CRL **)x,
+                (const unsigned char *)der->buffer, derSz);
+            if (newx509 == NULL)
+                goto err_exit;
+            FreeDer(&der);
+            break;
+    #endif
+
+        default:
+            goto err_exit;
     }
+    if (x != NULL) {
+        *x = newx509;
+    }
+    XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+    return newx509;
+
+err_exit:
+    XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
+    if (der != NULL)
+        FreeDer(&der);
+
+    /* unused */
+    (void)cb;
+    (void)u;
+    (void)derSz;
+
+    return NULL;
+}
+
+WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x,
+                                                wc_pem_password_cb *cb, void *u)
+{
+    return (WOLFSSL_X509* )wolfSSL_PEM_read_X509_ex(fp, (void **)x, cb, u,
+         CERT_TYPE);
+}
+
+#if defined(HAVE_CRL)
+WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp,
+                        WOLFSSL_X509_CRL **crl, wc_pem_password_cb *cb, void *u)
+{
+    return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u,
+         CRL_TYPE);
+}
 #endif
 
 #ifdef WOLFSSL_CERT_GEN
@@ -11530,14 +12288,14 @@ err:
         int ret;
         WOLFSSL_BIO* bio;
 
-        if (x == NULL)
+        if (x == NULL || fp == XBADFILE)
             return 0;
 
         bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
         if (bio == NULL)
             return 0;
 
-        if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
             wolfSSL_BIO_free(bio);
             bio = NULL;
         }
@@ -11712,7 +12470,7 @@ err:
                         "-----BEGIN X509 CRL-----")) {
                 /* We have a crl */
                 WOLFSSL_MSG("Parsing crl");
-                if((PemToDer((const unsigned char*) header,
+                if ((PemToDer((const unsigned char*) header,
                         (long)(footerEnd - header), CRL_TYPE, &der, NULL, NULL,
                         NULL)) < 0) {
                     WOLFSSL_MSG("PemToDer error");
@@ -11783,7 +12541,7 @@ err:
             XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
             pem_password_cb* cb, void* u)
     {
-        WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE);
+        WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, WOLFSSL_BIO_NOCLOSE);
         WOLF_STACK_OF(WOLFSSL_X509_INFO)* ret = NULL;
 
         WOLFSSL_ENTER("wolfSSL_PEM_X509_INFO_read");
@@ -11851,8 +12609,7 @@ err:
                         ret = MEMORY_E;
                         break;
                     }
-                    if (wolfSSL_sk_X509_INFO_push(localSk, current) !=
-                            WOLFSSL_SUCCESS) {
+                    if (wolfSSL_sk_X509_INFO_push(localSk, current) <= 0) {
                         wolfSSL_X509_INFO_free(current);
                         current = NULL;
                         ret = WOLFSSL_FAILURE;
@@ -11944,19 +12701,16 @@ err:
         return ne;
     }
 
+
     static void wolfssl_x509_name_entry_set(WOLFSSL_X509_NAME_ENTRY* ne,
         int nid, int type, const unsigned char *data, int dataSz)
     {
-        WOLFSSL_ASN1_OBJECT* object;
-
         ne->nid = nid;
         /* Reuse the object if already available. */
-        object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object);
-        if (object != NULL) {
-            /* Set the object when no error. */
-            ne->object = object;
+        ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object);
+        if (ne->value == NULL) {
+            ne->value = wolfSSL_ASN1_STRING_type_new(type);
         }
-        ne->value = wolfSSL_ASN1_STRING_type_new(type);
         if (ne->value != NULL) {
             if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data,
                                             dataSz) == WOLFSSL_SUCCESS) {
@@ -11990,7 +12744,7 @@ err:
         }
 
         nid = wolfSSL_OBJ_txt2nid(txt);
-        if (nid == NID_undef) {
+        if (nid == WC_NID_undef) {
             WOLFSSL_MSG("Unable to find text");
             ne = NULL;
         }
@@ -12229,8 +12983,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
             if (name->entries == NULL) {
                 name->entries = wolfSSL_sk_X509_NAME_new(NULL);
             }
-            if (wolfSSL_sk_X509_NAME_ENTRY_push(name->entries, current
-                                                         ) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_X509_NAME_ENTRY_push(name->entries, current) <= 0) {
                 ret = WOLFSSL_FAILURE;
             }
         #endif
@@ -12258,7 +13011,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
                                            const unsigned char *bytes, int len,
                                            int loc, int set)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
         int nid;
         WOLFSSL_X509_NAME_ENTRY* entry;
 
@@ -12268,7 +13021,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
         if (name == NULL || field == NULL)
             return WOLFSSL_FAILURE;
 
-        if ((nid = wolfSSL_OBJ_txt2nid(field)) == NID_undef) {
+        if ((nid = wolfSSL_OBJ_txt2nid(field)) == WC_NID_undef) {
             WOLFSSL_MSG("Unable convert text to NID");
             return WOLFSSL_FAILURE;
         }
@@ -12328,7 +13081,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
                                            int idx) {
         if (!name || idx >= MAX_NAME_ENTRIES ||
                 !obj || !obj->obj) {
-            return -1;
+            return WOLFSSL_FATAL_ERROR;
         }
 
         if (idx < 0) {
@@ -12338,20 +13091,32 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
         for (idx++; idx < MAX_NAME_ENTRIES; idx++) {
             /* Find index of desired name */
             if (name->entry[idx].set) {
-                if (XSTRLEN(obj->sName) == XSTRLEN(name->entry[idx].object->sName) &&
+                if (XSTRLEN(obj->sName) ==
+                        XSTRLEN(name->entry[idx].object->sName) &&
                     XSTRNCMP((const char*) obj->sName,
                         name->entry[idx].object->sName, obj->objSz - 1) == 0) {
                     return idx;
                 }
             }
         }
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     }
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
     defined(OPENSSL_EXTRA_X509_SMALL)
 
+#ifdef OPENSSL_EXTRA
+    int wolfSSL_X509_NAME_ENTRY_set(const WOLFSSL_X509_NAME_ENTRY *ne)
+    {
+        if (ne != NULL) {
+            return ne->set;
+        }
+        return 0;
+    }
+#endif
+
+
     /* returns a pointer to the internal entry at location 'loc' on success,
      * a null pointer is returned in fail cases */
     WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(
@@ -12389,26 +13154,26 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
 
 #ifdef OPENSSL_EXTRA
 
-    int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key)
-    {
-        WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
+int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
 
-        if (!x509 || !key) {
-            WOLFSSL_MSG("Bad parameter");
-            return WOLFSSL_FAILURE;
-        }
-
-    #ifndef NO_CHECK_PRIVATE_KEY
-        return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz,
-                x509->pubKey.buffer, x509->pubKey.length,
-                (enum Key_Sum)x509->pubKeyOID) == 1 ?
-                        WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
-    #else
-        /* not compiled in */
-        return WOLFSSL_SUCCESS;
-    #endif
+    if (!x509 || !key) {
+        WOLFSSL_MSG("Bad parameter");
+        return WOLFSSL_FAILURE;
     }
 
+#ifndef NO_CHECK_PRIVATE_KEY
+    return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz,
+            x509->pubKey.buffer, x509->pubKey.length,
+            (enum Key_Sum)x509->pubKeyOID, key->heap) == 1 ?
+                    WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+#else
+    /* not compiled in */
+    return WOLFSSL_SUCCESS;
+#endif
+}
+
 #endif /* OPENSSL_EXTRA */
 
 #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
@@ -12570,9 +13335,10 @@ error:
 #endif /* !NO_BIO */
 #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */
 
-#if defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-        defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
-        defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)
+#if defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \
+        defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
+        defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) || \
+        defined(HAVE_SBLIM_SFCB)
 
 WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(
         WOLF_SK_COMPARE_CB(WOLFSSL_X509_NAME, cb))
@@ -12608,39 +13374,17 @@ int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk)
  * returns a pointer to a WOLFSSL_X509_NAME structure on success and NULL on
  *         fail
  */
-WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* sk,
-    int i)
+WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(
+    const WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, int i)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value");
     return (WOLFSSL_X509_NAME*)wolfSSL_sk_value(sk, i);
 }
 
-WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
+WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(
+    WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
 {
-    WOLFSSL_STACK* node;
-    WOLFSSL_X509_NAME* name;
-
-    if (sk == NULL) {
-        return NULL;
-    }
-
-    node = sk->next;
-    name = sk->data.name;
-
-    if (node != NULL) { /* update sk and remove node from stack */
-        sk->data.name = node->data.name;
-        sk->next = node->next;
-        XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
-    }
-    else { /* last x509 in stack */
-        sk->data.name = NULL;
-    }
-
-    if (sk->num > 0) {
-        sk->num -= 1;
-    }
-
-    return name;
+    return (WOLFSSL_X509_NAME*)wolfSSL_sk_pop(sk);
 }
 
 void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
@@ -12681,7 +13425,7 @@ int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk,
             return i;
         }
     }
-    return -1;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 /* Name Entry */
@@ -12708,7 +13452,8 @@ WOLFSSL_X509_NAME_ENTRY* wolfSSL_sk_X509_NAME_ENTRY_value(
     return (WOLFSSL_X509_NAME_ENTRY*)wolfSSL_sk_value(sk, i);
 }
 
-int wolfSSL_sk_X509_NAME_ENTRY_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* sk)
+int wolfSSL_sk_X509_NAME_ENTRY_num(
+    const WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* sk)
 {
     if (sk == NULL)
         return BAD_FUNC_ARG;
@@ -12790,30 +13535,7 @@ WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_value(
 WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_pop(
         WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk)
 {
-    WOLFSSL_STACK* node;
-    WOLFSSL_X509_INFO* info;
-
-    if (sk == NULL) {
-        return NULL;
-    }
-
-    node = sk->next;
-    info = sk->data.info;
-
-    if (node != NULL) { /* update sk and remove node from stack */
-        sk->data.info = node->data.info;
-        sk->next = node->next;
-        wolfSSL_sk_free_node(node);
-    }
-    else { /* last x509 in stack */
-        sk->data.info = NULL;
-    }
-
-    if (sk->num > 0) {
-        sk->num -= 1;
-    }
-
-    return info;
+    return (WOLFSSL_X509_INFO*)wolfSSL_sk_pop(sk);
 }
 
 #if defined(OPENSSL_ALL)
@@ -12833,7 +13555,7 @@ void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk)
 /* Adds the WOLFSSL_X509_INFO to the stack "sk". "sk" takes control of "in" and
  * tries to free it when the stack is free'd.
  *
- * return 1 on success 0 on fail
+ * return number of elements on success 0 on fail
  */
 int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
                                                       WOLFSSL_X509_INFO* in)
@@ -12861,7 +13583,7 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
 
     for (i = 0; i < num; i++) {
         name = wolfSSL_X509_NAME_dup(wolfSSL_sk_X509_NAME_value(sk, i));
-        if (name == NULL || WOLFSSL_SUCCESS != wolfSSL_sk_X509_NAME_push(copy, name)) {
+        if (name == NULL || wolfSSL_sk_X509_NAME_push(copy, name) <= 0) {
             WOLFSSL_MSG("Memory error");
             wolfSSL_sk_X509_NAME_pop_free(copy, wolfSSL_X509_NAME_free);
             wolfSSL_X509_NAME_free(name);
@@ -12872,7 +13594,8 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
     return copy;
 }
 
-void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i)
+void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk,
+    int i)
 {
     WOLFSSL_ENTER("wolfSSL_sk_X509_OBJECT_value");
     for (; sk != NULL && i > 0; i--)
@@ -12888,7 +13611,8 @@ int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *s)
     WOLFSSL_ENTER("wolfSSL_sk_X509_OBJECT_num");
     if (s) {
         return (int)s->num;
-    } else {
+    }
+    else {
         return 0;
     }
 }
@@ -12918,82 +13642,86 @@ static int get_dn_attr_by_nid(int n, const char** buf)
 
     switch(n)
     {
-        case NID_commonName :
+        case WC_NID_commonName :
             str = "CN";
             len = 2;
             break;
-        case NID_countryName:
+        case WC_NID_countryName:
             str = "C";
             len = 1;
             break;
-        case NID_localityName:
+        case WC_NID_localityName:
             str = "L";
             len = 1;
             break;
-        case NID_stateOrProvinceName:
+        case WC_NID_stateOrProvinceName:
             str = "ST";
             len = 2;
             break;
-        case NID_streetAddress:
+        case WC_NID_streetAddress:
             str = "street";
             len = 6;
             break;
-        case NID_organizationName:
+        case WC_NID_organizationName:
             str = "O";
             len = 1;
             break;
-        case NID_organizationalUnitName:
+        case WC_NID_organizationalUnitName:
             str = "OU";
             len = 2;
             break;
-        case NID_postalCode:
+        case WC_NID_postalCode:
             str = "postalCode";
             len = 10;
             break;
-        case NID_emailAddress:
+        case WC_NID_emailAddress:
             str = "emailAddress";
             len = 12;
             break;
-        case NID_surname:
+        case WC_NID_surname:
             str = "SN";
             len = 2;
             break;
-        case NID_givenName:
+        case WC_NID_givenName:
             str = "GN";
             len = 2;
             break;
-        case NID_dnQualifier:
+        case WC_NID_dnQualifier:
             str = "dnQualifier";
             len = 11;
             break;
-        case NID_name:
+        case WC_NID_name:
             str = "name";
             len = 4;
             break;
-        case NID_initials:
+        case WC_NID_initials:
             str = "initials";
             len = 8;
             break;
-        case NID_domainComponent:
+        case WC_NID_domainComponent:
             str = "DC";
             len = 2;
             break;
-        case NID_pkcs9_contentType:
+        case WC_NID_pkcs9_contentType:
             str = "contentType";
             len = 11;
             break;
-        case NID_userId:
+        case WC_NID_userId:
             str = "UID";
             len = 3;
             break;
-        case NID_serialNumber:
+        case WC_NID_serialNumber:
             str = "serialNumber";
             len = 12;
             break;
-        case NID_title:
+        case WC_NID_title:
             str = "title";
             len = 5;
             break;
+        case WC_NID_rfc822Mailbox:
+            str = "mail";
+            len = 4;
+            break;
         default:
             WOLFSSL_MSG("Attribute type not found");
             str = NULL;
@@ -13096,7 +13824,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
         return WOLFSSL_FAILURE;
 
     XMEMSET(eqStr, 0, sizeof(eqStr));
-    if (flags & XN_FLAG_SPC_EQ) {
+    if (flags & WOLFSSL_XN_FLAG_SPC_EQ) {
         eqSpace = 2;
         XSTRNCPY(eqStr, " = ", 4);
     }
@@ -13116,9 +13844,11 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
         int tmpSz;
 
         /* reverse name order for RFC2253 and DN_REV */
-        if ((flags & XN_FLAG_RFC2253) || (flags & XN_FLAG_DN_REV)) {
+        if ((flags & WOLFSSL_XN_FLAG_RFC2253) ||
+            (flags & WOLFSSL_XN_FLAG_DN_REV)) {
             ne = wolfSSL_X509_NAME_get_entry(name, count - i - 1);
-        } else {
+        }
+        else {
             ne = wolfSSL_X509_NAME_get_entry(name, i);
         }
         if (ne == NULL)
@@ -13128,7 +13858,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
         if (str == NULL)
             return WOLFSSL_FAILURE;
 
-        if (flags & XN_FLAG_RFC2253) {
+        if (flags & WOLFSSL_XN_FLAG_RFC2253) {
             /* escape string for RFC 2253, ret sz not counting null term */
             escapeSz = wolfSSL_EscapeString_RFC2253(str->data,
                             str->length, escaped, sizeof(escaped));
@@ -13175,10 +13905,12 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
                 return WOLFSSL_FAILURE;
             }
             tmpSz = len + nameStrSz + 1 + eqSpace; /* 1 for '=' */
-            if (bio->type != WOLFSSL_BIO_FILE && bio->type != WOLFSSL_BIO_MEMORY)
+            if (bio->type != WOLFSSL_BIO_FILE &&
+                                              bio->type != WOLFSSL_BIO_MEMORY) {
                 ++tmpSz; /* include the terminating null when not writing to a
                           * file.
                           */
+            }
         }
 
         if (wolfSSL_BIO_write(bio, tmp, tmpSz) != tmpSz) {
@@ -13201,7 +13933,7 @@ int wolfSSL_X509_NAME_print_ex_fp(XFILE file, WOLFSSL_X509_NAME* name,
 
     WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex_fp");
 
-    if (!(bio = wolfSSL_BIO_new_fp(file, BIO_NOCLOSE))) {
+    if (!(bio = wolfSSL_BIO_new_fp(file, WOLFSSL_BIO_NOCLOSE))) {
         WOLFSSL_MSG("wolfSSL_BIO_new_fp error");
         return WOLFSSL_FAILURE;
     }
@@ -13251,6 +13983,11 @@ void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj)
         if (obj->type == WOLFSSL_X509_LU_X509) {
             wolfSSL_X509_free(obj->data.x509);
         }
+    #ifdef HAVE_CRL
+        else if (obj->type == WOLFSSL_X509_LU_CRL) {
+            wolfSSL_X509_CRL_free(obj->data.crl);
+        }
+    #endif
         else {
             /* We don't free as this will point to
              * store->cm->crl which we don't own */
@@ -13259,6 +13996,29 @@ void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj)
         XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
     }
 }
+
+WOLFSSL_X509_OBJECT *wolfSSL_X509_OBJECT_retrieve_by_subject(
+        WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *sk,
+        WOLFSSL_X509_LOOKUP_TYPE type,
+        WOLFSSL_X509_NAME *name)
+{
+    int i;
+
+    WOLFSSL_ENTER("wolfSSL_X509_OBJECT_retrieve_by_subject");
+
+    if (sk == NULL || name == NULL)
+        return NULL;
+
+    for (i = 0; i < wolfSSL_sk_X509_OBJECT_num(sk); i++) {
+        WOLFSSL_X509_OBJECT* obj = (WOLFSSL_X509_OBJECT *)
+            wolfSSL_sk_X509_OBJECT_value(sk, i);
+        if (obj != NULL && obj->type == type &&
+            wolfSSL_X509_NAME_cmp(
+                wolfSSL_X509_get_subject_name(obj->data.x509), name) == 0)
+            return obj;
+    }
+    return NULL;
+}
 #endif /* OPENSSL_ALL */
 
 #ifndef NO_WOLFSSL_STUB
@@ -13299,16 +14059,13 @@ int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
     WOLFSSL_ENTER("wolfSSL_sk_X509_num");
 
     if (s == NULL)
-        return -1;
+        return WOLFSSL_FATAL_ERROR;
     return (int)s->num;
 }
 
 #endif /* OPENSSL_EXTRA */
 
-#if defined(HAVE_EX_DATA) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) \
-     || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)                   \
-     || defined(HAVE_LIGHTY))
-
+#ifdef HAVE_EX_DATA_CRYPTO
 int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
                                   WOLFSSL_CRYPTO_EX_new* new_func,
                                   WOLFSSL_CRYPTO_EX_dup* dup_func,
@@ -13316,14 +14073,13 @@ int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
 {
     WOLFSSL_ENTER("wolfSSL_X509_get_ex_new_index");
 
-    return wolfssl_get_ex_new_index(CRYPTO_EX_INDEX_X509, idx, arg,
+    return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509, idx, arg,
                                     new_func, dup_func, free_func);
 }
 #endif
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
-    defined(WOLFSSL_WPAS_SMALL)
-void *wolfSSL_X509_get_ex_data(X509 *x509, int idx)
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx)
 {
     WOLFSSL_ENTER("wolfSSL_X509_get_ex_data");
 #ifdef HAVE_EX_DATA
@@ -13337,12 +14093,11 @@ void *wolfSSL_X509_get_ex_data(X509 *x509, int idx)
     return NULL;
 }
 
-int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data)
+int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, void *data)
 {
     WOLFSSL_ENTER("wolfSSL_X509_set_ex_data");
 #ifdef HAVE_EX_DATA
-    if (x509 != NULL)
-    {
+    if (x509 != NULL) {
         return wolfSSL_CRYPTO_set_ex_data(&x509->ex_data, idx, data);
     }
 #else
@@ -13355,7 +14110,7 @@ int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data)
 
 #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
 int wolfSSL_X509_set_ex_data_with_cleanup(
-    X509 *x509,
+    WOLFSSL_X509 *x509,
     int idx,
     void *data,
     wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
@@ -13369,8 +14124,7 @@ int wolfSSL_X509_set_ex_data_with_cleanup(
     return WOLFSSL_FAILURE;
 }
 #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
-
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 
 #ifndef NO_ASN
@@ -13388,7 +14142,6 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
     WOLFSSL_ENTER("wolfSSL_X509_check_host");
 
     /* flags and peername not needed for Nginx. */
-    (void)flags;
     (void)peername;
 
     if ((x == NULL) || (chk == NULL)) {
@@ -13431,7 +14184,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
     else {
         for (i = 0; i < (chklen > 1 ? chklen - 1 : chklen); i++) {
             if (chk[i] == '\0') {
-                ret = -1;
+                ret = WOLFSSL_FATAL_ERROR;
                 goto out;
             }
         }
@@ -13440,7 +14193,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
         chklen--;
     }
 
-    ret = CheckHostName(dCert, (char *)chk, chklen);
+    ret = CheckHostName(dCert, (char *)chk, chklen, flags);
 
 out:
 
@@ -13458,7 +14211,7 @@ out:
 int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
         unsigned int flags)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #ifdef WOLFSSL_SMALL_STACK
     DecodedCert *dCert = NULL;
 #else
@@ -13507,7 +14260,9 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT);
+    if (x != NULL) {
+        XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT);
+    }
 #endif
 
     return ret;
@@ -13536,7 +14291,7 @@ int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, size_t chkLen,
         return WOLFSSL_FAILURE;
 
     /* Call with NULL buffer to get required length. */
-    emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, NID_emailAddress,
+    emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, WC_NID_emailAddress,
                                                  NULL, 0);
     if (emailLen < 0)
         return WOLFSSL_FAILURE;
@@ -13547,7 +14302,7 @@ int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, size_t chkLen,
     if (emailBuf == NULL)
         return WOLFSSL_FAILURE;
 
-    emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, NID_emailAddress,
+    emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, WC_NID_emailAddress,
                                                  emailBuf, emailLen);
     if (emailLen < 0) {
         XFREE(emailBuf, x->heap, DYNAMIC_TYPE_OPENSSL);
@@ -13595,76 +14350,6 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name,
 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
     defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
 
-/**
- * Find the issuing cert of the input cert. On a self-signed cert this
- * function will return an error.
- * @param issuer The issuer x509 struct is returned here
- * @param cm     The cert manager that is queried for the issuer
- * @param x      This cert's issuer will be queried in cm
- * @return       WOLFSSL_SUCCESS on success
- *               WOLFSSL_FAILURE on error
- */
-static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
-        WOLFSSL_X509 *x)
-{
-    Signer* ca = NULL;
-#ifdef WOLFSSL_SMALL_STACK
-    DecodedCert* cert = NULL;
-#else
-    DecodedCert  cert[1];
-#endif
-
-    if (cm == NULL || x == NULL || x->derCert == NULL) {
-        WOLFSSL_MSG("No cert DER buffer or NULL cm. Defining "
-                    "WOLFSSL_SIGNER_DER_CERT could solve the issue");
-        return WOLFSSL_FAILURE;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
-    if (cert == NULL)
-        return WOLFSSL_FAILURE;
-#endif
-
-    /* Use existing CA retrieval APIs that use DecodedCert. */
-    InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap);
-    if (ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL) == 0
-            && !cert->selfSigned) {
-    #ifndef NO_SKID
-        if (cert->extAuthKeyIdSet)
-            ca = GetCA(cm, cert->extAuthKeyId);
-        if (ca == NULL)
-            ca = GetCAByName(cm, cert->issuerHash);
-    #else /* NO_SKID */
-        ca = GetCA(cm, cert->issuerHash);
-    #endif /* NO SKID */
-    }
-    FreeDecodedCert(cert);
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-#endif
-
-    if (ca == NULL)
-        return WOLFSSL_FAILURE;
-
-#ifdef WOLFSSL_SIGNER_DER_CERT
-    /* populate issuer with Signer DER */
-    if (wolfSSL_X509_d2i_ex(issuer, ca->derCert->buffer,
-            ca->derCert->length, cm->heap) == NULL)
-        return WOLFSSL_FAILURE;
-#else
-    /* Create an empty certificate as CA doesn't have a certificate. */
-    *issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0,
-        DYNAMIC_TYPE_OPENSSL);
-    if (*issuer == NULL)
-        return WOLFSSL_FAILURE;
-
-    InitX509((*issuer), 1, NULL);
-#endif
-
-    return WOLFSSL_SUCCESS;
-}
-
 void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk)
 {
     WOLFSSL_STACK *curr;
@@ -13730,7 +14415,7 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
 #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
-    defined(KEEP_PEER_CERT)
+    defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
 WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
 {
     WOLFSSL_ENTER("wolfSSL_X509_dup");
@@ -13748,7 +14433,8 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
     return wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, x->derCert->length,
         x->heap);
 }
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_PEER_CERT || \
+          SESSION_CERTS */
 
 #if defined(OPENSSL_EXTRA)
 int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509)
@@ -13773,7 +14459,7 @@ long wolfSSL_X509_get_version(const WOLFSSL_X509 *x509)
 
     WOLFSSL_ENTER("wolfSSL_X509_get_version");
 
-    if (x509 == NULL){
+    if (x509 == NULL) {
         WOLFSSL_MSG("invalid parameter");
         return 0L;
     }
@@ -14017,7 +14703,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
     /* Regenerate since pkey->pkey.ptr may contain private key */
     switch (pkey->type) {
 #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA)
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         {
             RsaKey* rsa;
 
@@ -14043,7 +14729,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
 #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
 #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
         defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA)
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         {
             DsaKey* dsa;
 
@@ -14061,12 +14747,12 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
                 XFREE(p, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
                 return WOLFSSL_FAILURE;
             }
-            cert->pubKeyOID = RSAk;
+            cert->pubKeyOID = DSAk;
         }
         break;
 #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) && !NO_DSA */
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         {
             ecc_key* ecc;
 
@@ -14093,6 +14779,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
     default:
         return WOLFSSL_FAILURE;
     }
+    XFREE(cert->pubKey.buffer, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
     cert->pubKey.buffer = p;
     cert->pubKey.length = (unsigned int)derSz;
 
@@ -14112,7 +14799,7 @@ int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v)
 
 #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && WOLFSSL_CERT_GEN */
 
-#if defined(OPENSSL_ALL) && \
+#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) &&           \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
 
 void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
@@ -14147,10 +14834,10 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
 
     /* Set parameters in ctx as long as ret == WOLFSSL_SUCCESS */
     if (ret == WOLFSSL_SUCCESS && issuer)
-        ret = wolfSSL_X509_set_issuer_name(ctx->x509,&issuer->issuer);
+        ret = wolfSSL_X509_set_issuer_name(ctx->x509, &issuer->issuer);
 
     if (ret == WOLFSSL_SUCCESS && subject)
-        ret = wolfSSL_X509_set_subject_name(ctx->x509,&subject->subject);
+        ret = wolfSSL_X509_set_subject_name(ctx->x509, &subject->subject);
 
     if (ret == WOLFSSL_SUCCESS && req) {
         WOLFSSL_MSG("req not implemented.");
@@ -14173,7 +14860,7 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
 int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out)
 {
     int derSz = 0;
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     WOLFSSL_BIO* bio = NULL;
     WOLFSSL_ENTER("wolfSSL_i2d_X509_REQ");
 
@@ -14224,6 +14911,25 @@ void wolfSSL_X509_REQ_free(WOLFSSL_X509* req)
     wolfSSL_X509_free(req);
 }
 
+int wolfSSL_X509_REQ_set_version(WOLFSSL_X509 *x, long version)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_REQ_set_version");
+    if ((x == NULL) || (version < 0) || (version >= INT_MAX)) {
+        return WOLFSSL_FAILURE;
+    }
+    x->version = (int)version;
+    return WOLFSSL_SUCCESS;
+}
+
+long wolfSSL_X509_REQ_get_version(const WOLFSSL_X509 *req)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_REQ_get_version");
+    if (req == NULL) {
+        return 0; /* invalid arg */
+    }
+    return (long)req->version;
+}
+
 int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
                           const WOLFSSL_EVP_MD *md)
 {
@@ -14285,21 +14991,23 @@ int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
 static int regenX509REQDerBuffer(WOLFSSL_X509* x509)
 {
     int derSz = X509_BUFFER_SZ;
-    int ret = WOLFSSL_FAILURE;
-#ifdef WOLFSSL_SMALL_STACK
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+#ifndef WOLFSSL_SMALL_STACK
+    byte der[X509_BUFFER_SZ];
+#else
     byte* der;
+
     der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (!der) {
         WOLFSSL_MSG("malloc failed");
         return WOLFSSL_FAILURE;
     }
-#else
-    byte der[X509_BUFFER_SZ];
 #endif
 
     if (wolfssl_x509_make_der(x509, 1, der, &derSz, 0) == WOLFSSL_SUCCESS) {
         FreeDer(&x509->derCert);
-        if (AllocDer(&x509->derCert, (word32)derSz, CERT_TYPE, x509->heap) == 0) {
+        if (AllocDer(&x509->derCert, (word32)derSz, CERT_TYPE,
+                                                             x509->heap) == 0) {
             XMEMCPY(x509->derCert->buffer, der, derSz);
             ret = WOLFSSL_SUCCESS;
         }
@@ -14425,13 +15133,13 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
 
     WOLFSSL_ENTER("wolfSSL_X509_REQ_add1_attr_by_NID");
 
-    if (!req || !bytes || type != MBSTRING_ASC) {
+    if (!req || !bytes || type != WOLFSSL_MBSTRING_ASC) {
         WOLFSSL_MSG("Bad parameter");
         return WOLFSSL_FAILURE;
     }
 
     switch (nid) {
-    case NID_pkcs9_challengePassword:
+    case WC_NID_pkcs9_challengePassword:
         if (len < 0)
             len = (int)XSTRLEN((char*)bytes);
         if (len < CTC_NAME_SIZE) {
@@ -14444,7 +15152,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
             return WOLFSSL_FAILURE;
         }
         break;
-    case NID_serialNumber:
+    case WC_NID_serialNumber:
         if (len < 0)
             len = (int)XSTRLEN((char*)bytes);
         if (len + 1 > EXTERNAL_SERIAL_SIZE) {
@@ -14456,12 +15164,12 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
         req->serialSz = len;
         break;
 
-    case NID_pkcs9_unstructuredName:
-    case NID_pkcs9_contentType:
-    case NID_surname:
-    case NID_initials:
-    case NID_givenName:
-    case NID_dnQualifier:
+    case WC_NID_pkcs9_unstructuredName:
+    case WC_NID_pkcs9_contentType:
+    case WC_NID_surname:
+    case WC_NID_initials:
+    case WC_NID_givenName:
+    case WC_NID_dnQualifier:
         break;
 
     default:
@@ -14471,7 +15179,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
 
     attr = wolfSSL_X509_ATTRIBUTE_new();
     ret = wolfSSL_X509_ATTRIBUTE_set(attr, (const char*)bytes, len,
-            V_ASN1_PRINTABLESTRING, nid);
+            WOLFSSL_V_ASN1_PRINTABLESTRING, nid);
     if (ret != WOLFSSL_SUCCESS) {
         wolfSSL_X509_ATTRIBUTE_free(attr);
     }
@@ -14482,10 +15190,17 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
                 req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR;
             }
         }
-        if (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR)
-            ret = wolfSSL_sk_push(req->reqAttributes, attr);
-        else
+        if ((req->reqAttributes != NULL) &&
+                (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR)) {
+            /* Using wolfSSL_sk_insert to maintain backwards compatibility with
+             * earlier versions of _push API that pushed items to the start of
+             * the list instead of the end. */
+            ret = wolfSSL_sk_insert(req->reqAttributes, attr, 0) > 0
+                    ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+        }
+        else {
             ret = WOLFSSL_FAILURE;
+        }
         if (ret != WOLFSSL_SUCCESS)
             wolfSSL_X509_ATTRIBUTE_free(attr);
     }
@@ -14565,7 +15280,6 @@ WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
 int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
         int nid, int lastpos)
 {
-    WOLFSSL_STACK* sk;
     int idx;
 
     WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr_by_NID");
@@ -14576,26 +15290,14 @@ int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
     }
 
     /* search through stack for first matching nid */
-    idx = lastpos + 1;
-    do {
-        sk = wolfSSL_sk_get_node(req->reqAttributes, idx);
-        if (sk != NULL) {
-            WOLFSSL_X509_ATTRIBUTE* attr;
-            attr = (WOLFSSL_X509_ATTRIBUTE*)sk->data.generic;
-            if (nid == attr->object->nid) {
-                /* found a match */
-                break;
-            }
-        }
-        idx++;
-    } while (sk != NULL);
-
-    /* no matches found */
-    if (sk == NULL) {
-        idx = WOLFSSL_FATAL_ERROR;
+    for (idx = lastpos + 1; idx < wolfSSL_sk_num(req->reqAttributes); idx++) {
+        WOLFSSL_X509_ATTRIBUTE* attr =
+             (WOLFSSL_X509_ATTRIBUTE*)wolfSSL_sk_value(req->reqAttributes, idx);
+        if (attr != NULL && attr->object != NULL && attr->object->nid == nid)
+            return idx;
     }
 
-    return idx;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void)
@@ -14637,7 +15339,439 @@ void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr)
         XFREE(attr, NULL, DYNAMIC_TYPE_OPENSSL);
     }
 }
-#endif
+#endif /* (OPENSSL_ALL || OPENSSL_EXTRA) &&
+          (WOLFSSL_CERT_GEN || WOLFSSL_CERT_REQ) */
+
+#if defined(WOLFSSL_ACERT) && \
+   (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA))
+
+/* Allocate and return a new WOLFSSL_X509_ACERT struct pointer.
+ *
+ * @param [in]      heap        heap hint
+ *
+ * @return  pointer  on success
+ * @return  NULL     on error
+ * */
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void* heap)
+{
+    WOLFSSL_X509_ACERT * x509 = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_new");
+
+    x509 = (WOLFSSL_X509_ACERT*) XMALLOC(sizeof(WOLFSSL_X509_ACERT), heap,
+                                         DYNAMIC_TYPE_X509_ACERT);
+
+    if (x509 != NULL) {
+        wolfSSL_X509_ACERT_init(x509, 1, heap);
+    }
+
+    return x509;
+}
+
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void)
+{
+    return wolfSSL_X509_ACERT_new_ex(NULL);
+}
+
+/* Initialize a WOLFSSL_X509_ACERT struct.
+ *
+ * If dynamic == 1, then the x509 pointer will be freed
+ * in wolfSSL_X509_ACERT_free.
+ *
+ * @param [in]      x509        x509 acert pointer
+ * @param [in]      dynamic     dynamic mem flag
+ * @param [in]      heap        heap hint
+ *
+ * @return  void
+ * */
+void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, int dynamic, void* heap)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_init");
+
+    if (x509 == NULL) {
+        WOLFSSL_MSG("error: InitX509Acert: null parameter");
+        return;
+    }
+
+    XMEMSET(x509, 0, sizeof(*x509));
+
+    x509->heap = heap;
+    x509->dynamic = dynamic;
+}
+
+/* Free a WOLFSSL_X509_ACERT struct and its sub-fields.
+ *
+ * If this ACERT was initialized with dynamic == 1, then
+ * the x509 pointer itself will be freed as well.
+ *
+ * @param [in]      x509        x509 acert pointer
+ *
+ * @return  void
+ * */
+void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT * x509)
+{
+    int    dynamic = 0;
+    void * heap = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_free");
+
+    if (x509 == NULL) {
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_free: null parameter");
+        return;
+    }
+
+    dynamic = x509->dynamic;
+    heap = x509->heap;
+
+    /* Free holder and att cert issuer structures. */
+    if (x509->holderIssuerName) {
+        FreeAltNames(x509->holderIssuerName, heap);
+        x509->holderIssuerName = NULL;
+    }
+
+    if (x509->holderEntityName) {
+        FreeAltNames(x509->holderEntityName, heap);
+        x509->holderEntityName = NULL;
+    }
+
+    if (x509->AttCertIssuerName) {
+        FreeAltNames(x509->AttCertIssuerName, heap);
+        x509->AttCertIssuerName = NULL;
+    }
+
+    if (x509->rawAttr != NULL) {
+        XFREE(x509->rawAttr, heap, DYNAMIC_TYPE_X509_EXT);
+        x509->rawAttr = NULL;
+        x509->rawAttrLen = 0;
+    }
+
+    /* Free derCert source and signature buffer. */
+    FreeDer(&x509->derCert);
+
+    if (x509->sig.buffer != NULL) {
+        XFREE(x509->sig.buffer, heap, DYNAMIC_TYPE_SIGNATURE);
+        x509->sig.buffer = NULL;
+    }
+
+    /* Finally memset and free x509 acert structure. */
+    XMEMSET(x509, 0, sizeof(*x509));
+
+    if (dynamic == 1) {
+        XFREE(x509, heap, DYNAMIC_TYPE_X509_ACERT);
+    }
+
+    return;
+}
+
+#if defined(OPENSSL_EXTRA)
+long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT* x509)
+{
+    int version = 0;
+
+    if (x509 == NULL) {
+        return 0L;
+    }
+
+    version = x509->version;
+
+    return version != 0 ? (long)version - 1L : 0L;
+}
+#endif /* OPENSSL_EXTRA */
+
+int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509)
+{
+    if (x509 == NULL) {
+        return 0;
+    }
+
+    return x509->version;
+}
+
+/* Retrieve the serial number from an ACERT.
+ *
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  buf     the serial number buffer pointer
+ * @param [in, out]  bufSz   the serial number buffer size pointer
+ *
+ * buf may be null, but bufSz is required. On success, sets
+ * bufSz pointer to signature length, and copies signature
+ * to buf if provided.
+ *
+ * Returns  WWOLFSSL_FATAL_ERROR if bufSz is null or too small.
+ * Returns  WOLFSSL_SUCCESS on success.
+ */
+int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509,
+                                         byte* buf, int* bufSz)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_serial_number");
+
+    if (x509 == NULL || bufSz == NULL) {
+        WOLFSSL_MSG("error: null argument passed in");
+        return BAD_FUNC_ARG;
+    }
+
+    if (buf != NULL) {
+        if (*bufSz < x509->serialSz) {
+            WOLFSSL_MSG("error: serial buffer too small");
+            return BUFFER_E;
+        }
+
+        XMEMCPY(buf, x509->serial, x509->serialSz);
+    }
+
+    *bufSz = x509->serialSz;
+
+    return WOLFSSL_SUCCESS;
+}
+
+/* Sets buf pointer and len to raw Attribute buffer and buffer len
+ * in X509 struct.
+ *
+ * Returns WOLFSSL_SUCCESS on success.
+ * Returns BAD_FUNC_ARG if input pointers are null.
+ * */
+WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
+                                                const byte ** rawAttr,
+                                                word32 * rawAttrLen)
+{
+    if (x509 == NULL || rawAttr == NULL || rawAttrLen == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    *rawAttr = x509->rawAttr;
+    *rawAttrLen = x509->rawAttrLen;
+
+    return WOLFSSL_SUCCESS;
+}
+
+#ifndef NO_WOLFSSL_STUB
+WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509,
+                                        WOLFSSL_EVP_PKEY * pkey,
+                                        const WOLFSSL_EVP_MD * md)
+{
+    WOLFSSL_STUB("X509_ACERT_sign");
+    (void) x509;
+    (void) pkey;
+    (void) md;
+    return WOLFSSL_NOT_IMPLEMENTED;
+}
+#endif /* NO_WOLFSSL_STUB */
+
+/* Helper function for ACERT_verify.
+ *
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  outSz   the x509 der length
+ *
+ * @return  der buffer on success
+ * @return  NULL on error
+ * */
+static const byte* acert_get_der(WOLFSSL_X509_ACERT * x509, int* outSz)
+{
+    if (x509 == NULL || x509->derCert == NULL || outSz == NULL) {
+        return NULL;
+    }
+
+    *outSz = (int)x509->derCert->length;
+    return x509->derCert->buffer;
+}
+
+/* Given an X509_ACERT and EVP_PKEY, verify the acert's signature.
+ *
+ * @param [in]    x509    the x509 attribute certificate
+ * @param [in]    pkey    the evp_pkey
+ *
+ * @return  WOLFSSL_SUCCESS on verify success
+ * @return  < 0 on error
+ * */
+int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey)
+{
+    int          ret = 0;
+    const byte * der = NULL;
+    int          derSz = 0;
+    int          pkey_type;
+
+    if (x509 == NULL || pkey == NULL) {
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: bad arg");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_verify");
+
+    der = acert_get_der(x509, &derSz);
+
+    if (der == NULL || derSz <= 0) {
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: get der failed");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    switch (pkey->type) {
+    case WC_EVP_PKEY_RSA:
+        pkey_type = RSAk;
+        break;
+
+    case WC_EVP_PKEY_EC:
+        pkey_type = ECDSAk;
+        break;
+
+    case WC_EVP_PKEY_DSA:
+        pkey_type = DSAk;
+        break;
+
+    default:
+        WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: unknown pkey type");
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+
+    ret = VerifyX509Acert(der, (word32)derSz,
+                          (const byte *)pkey->pkey.ptr, pkey->pkey_sz,
+                          pkey_type, x509->heap);
+
+    return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+
+/* Loads an x509 attribute certificate from buffer, and returns
+ * pointer to new WOLFSSL_X509_ACERT struct on success.
+ *
+ * @param [in]  buf    The acert buffer to load.
+ * @param [in]  sz     The size of the buffer.
+ * @param [in]  format The format of the buffer data.
+ * @param [in]  heap   Dynamic memory allocation hint.
+ *
+ * @return  pointer to WOLFSSL_X509_ACERT on success.
+ * @return  NULL on error.
+ * */
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex(
+    const unsigned char* buf, int sz, int format, void * heap)
+{
+    int                  ret = 0;
+    WOLFSSL_X509_ACERT * x509 = NULL;
+    DerBuffer *          der = NULL;
+    #ifdef WOLFSSL_SMALL_STACK
+    DecodedAcert *       acert = NULL;
+    #else
+    DecodedAcert         acert[1];
+    #endif
+
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_load_certificate_buffer");
+
+    if (format == WOLFSSL_FILETYPE_PEM) {
+    #ifdef WOLFSSL_PEM_TO_DER
+        ret = PemToDer(buf, sz, ACERT_TYPE, &der, heap, NULL, NULL);
+
+        if (ret != 0 || der == NULL || der->buffer == NULL) {
+            WOLFSSL_ERROR(ret);
+
+            if (der != NULL) {
+                FreeDer(&der);
+            }
+
+            return NULL;
+        }
+    #else
+        WOLFSSL_ERROR(NOT_COMPILED_IN);
+        return NULL;
+    #endif
+    }
+    else {
+        ret = AllocDer(&der, (word32)sz, ACERT_TYPE, heap);
+
+        if (ret != 0 || der == NULL || der->buffer == NULL) {
+            WOLFSSL_ERROR(ret);
+            return NULL;
+        }
+
+        XMEMCPY(der->buffer, buf, sz);
+    }
+
+    #ifdef WOLFSSL_SMALL_STACK
+    acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), heap,
+                                   DYNAMIC_TYPE_DCERT);
+    if (acert == NULL) {
+        WOLFSSL_ERROR(MEMORY_ERROR);
+        FreeDer(&der);
+        return NULL;
+    }
+    #endif
+
+    InitDecodedAcert(acert, der->buffer, der->length, heap);
+
+    ret = ParseX509Acert(acert, VERIFY_SKIP_DATE);
+
+    if (ret == 0) {
+        x509 = wolfSSL_X509_ACERT_new_ex(heap);
+
+        if (x509 != NULL) {
+            ret = CopyDecodedAcertToX509(x509, acert);
+
+            if (ret != 0) {
+                wolfSSL_X509_ACERT_free(x509);
+                x509 = NULL;
+            }
+        }
+        else {
+            ret = MEMORY_ERROR;
+        }
+    }
+
+    FreeDecodedAcert(acert);
+
+    #ifdef WOLFSSL_SMALL_STACK
+    XFREE(acert, heap, DYNAMIC_TYPE_DCERT);
+    #endif
+
+    FreeDer(&der);
+
+    if (ret != 0) {
+        WOLFSSL_ERROR(ret);
+    }
+
+    return x509;
+}
+
+WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer(
+    const unsigned char* buf, int sz, int format)
+{
+    return wolfSSL_X509_ACERT_load_certificate_buffer_ex(buf, sz, format, NULL);
+}
+
+/* Retrieve the signature from an ACERT.
+ *
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  buf     the signature buffer pointer
+ * @param [in, out]  bufSz   the signature buffer size pointer
+ *
+ * buf may be null, but bufSz is required. On success, sets
+ * bufSz pointer to signature length, and copies signature
+ * to buf if provided.
+ *
+ * Returns  WWOLFSSL_FATAL_ERROR if bufSz is null or too small.
+ * Returns  WOLFSSL_SUCCESS on success.
+ */
+int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509,
+                                     unsigned char* buf, int* bufSz)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_signature");
+
+    if (x509 == NULL || bufSz == NULL) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    /* If buf array is provided, it must be long enough. */
+    if (buf != NULL && *bufSz < (int)x509->sig.length) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    if (buf != NULL) {
+        /* Copy in buffer if provided. */
+        XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
+    }
+
+    *bufSz = (int)x509->sig.length;
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */
 
 #endif /* !NO_CERTS */
 
diff --git a/src/x509_str.c b/src/x509_str.c
index 705cb32dc..f16131d74 100644
--- a/src/x509_str.c
+++ b/src/x509_str.c
@@ -1,6 +1,6 @@
 /* x509_str.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if !defined(WOLFSSL_X509_STORE_INCLUDED)
     #ifndef WOLFSSL_IGNORE_FILE_WARN
@@ -36,9 +31,21 @@
 
 #ifndef NO_CERTS
 
-/*******************************************************************************
+#ifdef OPENSSL_EXTRA
+static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer,
+                            WOLFSSL_STACK *certs, WOLFSSL_X509 *x);
+static int X509StoreAddCa(WOLFSSL_X509_STORE* store,
+                                          WOLFSSL_X509* x509, int type);
+#endif
+
+/* Based on OpenSSL default max depth */
+#ifndef WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH
+#define WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH 100
+#endif
+
+/******************************************************************************
  * START OF X509_STORE_CTX APIs
- ******************************************************************************/
+ *****************************************************************************/
 
 /* This API is necessary outside of OPENSSL_EXTRA because it is used in
  * SetupStoreCtxCallback */
@@ -53,11 +60,16 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap)
         XMEMSET(ctx, 0, sizeof(WOLFSSL_X509_STORE_CTX));
         ctx->heap = heap;
 #ifdef OPENSSL_EXTRA
-        if (wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) !=
-                WOLFSSL_SUCCESS) {
+        if ((ctx->owned = wolfSSL_sk_X509_new_null()) == NULL) {
             XFREE(ctx, heap, DYNAMIC_TYPE_X509_CTX);
             ctx = NULL;
         }
+        if (ctx != NULL &&
+            wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) !=
+                WOLFSSL_SUCCESS) {
+            wolfSSL_X509_STORE_CTX_free(ctx);
+            ctx = NULL;
+        }
 #endif
     }
 
@@ -78,6 +90,17 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
 #ifdef OPENSSL_EXTRA
         XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
         ctx->param = NULL;
+
+        if (ctx->chain != NULL) {
+            wolfSSL_sk_X509_free(ctx->chain);
+        }
+        if (ctx->owned != NULL) {
+            wolfSSL_sk_X509_pop_free(ctx->owned, NULL);
+        }
+
+        if (ctx->current_issuer != NULL) {
+            wolfSSL_X509_free(ctx->current_issuer);
+        }
 #endif
 
         XFREE(ctx, ctx->heap, DYNAMIC_TYPE_X509_CTX);
@@ -86,6 +109,79 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
 
 #ifdef OPENSSL_EXTRA
 
+#if defined(SESSION_CERTS) || defined(WOLFSSL_SIGNER_DER_CERT)
+
+/**
+ * Find the issuing cert of the input cert. On a self-signed cert this
+ * function will return an error.
+ * @param issuer The issuer x509 struct is returned here
+ * @param cm     The cert manager that is queried for the issuer
+ * @param x      This cert's issuer will be queried in cm
+ * @return       WOLFSSL_SUCCESS on success
+ *               WOLFSSL_FAILURE on error
+ */
+static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
+        WOLFSSL_X509 *x)
+{
+    Signer* ca = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedCert* cert = NULL;
+#else
+    DecodedCert  cert[1];
+#endif
+
+    if (cm == NULL || x == NULL || x->derCert == NULL) {
+        WOLFSSL_MSG("No cert DER buffer or NULL cm. Defining "
+                    "WOLFSSL_SIGNER_DER_CERT could solve the issue");
+        return WOLFSSL_FAILURE;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
+    if (cert == NULL)
+        return WOLFSSL_FAILURE;
+#endif
+
+    /* Use existing CA retrieval APIs that use DecodedCert. */
+    InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap);
+    if (ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL) == 0
+            && !cert->selfSigned) {
+    #ifndef NO_SKID
+        if (cert->extAuthKeyIdSet)
+            ca = GetCA(cm, cert->extAuthKeyId);
+        if (ca == NULL)
+            ca = GetCAByName(cm, cert->issuerHash);
+    #else /* NO_SKID */
+        ca = GetCA(cm, cert->issuerHash);
+    #endif /* NO SKID */
+    }
+    FreeDecodedCert(cert);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+#endif
+
+    if (ca == NULL)
+        return WOLFSSL_FAILURE;
+
+#ifdef WOLFSSL_SIGNER_DER_CERT
+    /* populate issuer with Signer DER */
+    if (wolfSSL_X509_d2i_ex(issuer, ca->derCert->buffer,
+            ca->derCert->length, cm->heap) == NULL)
+        return WOLFSSL_FAILURE;
+#else
+    /* Create an empty certificate as CA doesn't have a certificate. */
+    *issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0,
+        DYNAMIC_TYPE_OPENSSL);
+    if (*issuer == NULL)
+        return WOLFSSL_FAILURE;
+
+    InitX509((*issuer), 1, NULL);
+#endif
+
+    return WOLFSSL_SUCCESS;
+}
+#endif /* SESSION_CERTS || WOLFSSL_SIGNER_DER_CERT */
+
 WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
 {
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_new");
@@ -96,8 +192,6 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
      WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509,
      WOLF_STACK_OF(WOLFSSL_X509)* sk)
 {
-    int ret = 0;
-    (void)sk;
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init");
 
     if (ctx != NULL) {
@@ -106,52 +200,24 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
         ctx->current_cert = x509;
         #else
         if(x509 != NULL){
-            ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, x509->derCert->buffer,
-                    x509->derCert->length, x509->heap);
+            ctx->current_cert = wolfSSL_X509_d2i_ex(NULL,
+                    x509->derCert->buffer,
+                    x509->derCert->length,
+                    x509->heap);
             if(ctx->current_cert == NULL)
                 return WOLFSSL_FAILURE;
         } else
             ctx->current_cert = NULL;
         #endif
 
-        ctx->chain  = sk;
-        /* Add intermediate certs, that verify to a loaded CA, to the store */
-        if (sk != NULL) {
-            byte addedAtLeastOne = 1;
-            WOLF_STACK_OF(WOLFSSL_X509)* head = wolfSSL_shallow_sk_dup(sk);
-            if (head == NULL)
-                return WOLFSSL_FAILURE;
-            while (addedAtLeastOne) {
-                WOLF_STACK_OF(WOLFSSL_X509)* cur = head;
-                WOLF_STACK_OF(WOLFSSL_X509)** prev = &head;
-                addedAtLeastOne = 0;
-                while (cur) {
-                    WOLFSSL_X509* cert = cur->data.x509;
-                    if (cert != NULL && cert->derCert != NULL &&
-                            wolfSSL_CertManagerVerifyBuffer(store->cm,
-                                    cert->derCert->buffer,
-                                    cert->derCert->length,
-                                    WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) {
-                        ret = wolfSSL_X509_STORE_add_cert(store, cert);
-                        if (ret < 0) {
-                            wolfSSL_sk_free(head);
-                            return WOLFSSL_FAILURE;
-                        }
-                        addedAtLeastOne = 1;
-                        *prev = cur->next;
-                        wolfSSL_sk_free_node(cur);
-                        cur = *prev;
-                    }
-                    else {
-                        prev = &cur->next;
-                        cur = cur->next;
-                    }
-                }
-            }
-            wolfSSL_sk_free(head);
+        ctx->ctxIntermediates = sk;
+        if (ctx->chain != NULL) {
+            wolfSSL_sk_X509_free(ctx->chain);
+            ctx->chain = NULL;
         }
-
+#ifdef SESSION_CERTS
         ctx->sesChain = NULL;
+#endif
         ctx->domain = NULL;
 #ifdef HAVE_EX_DATA
         XMEMSET(&ctx->ex_data, 0, sizeof(ctx->ex_data));
@@ -192,10 +258,11 @@ void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx)
 }
 
 
-void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STACK_OF(WOLFSSL_X509) *sk)
+void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx,
+                                          WOLF_STACK_OF(WOLFSSL_X509) *sk)
 {
     if (ctx != NULL) {
-        ctx->chain = sk;
+        ctx->setTrustedSk = sk;
     }
 }
 
@@ -221,10 +288,14 @@ int GetX509Error(int e)
         case WC_NO_ERR_TRACE(ASN_SIG_HASH_E):
         case WC_NO_ERR_TRACE(ASN_SIG_KEY_E):
             return WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE;
+        /* We can't disambiguate if its the before or after date that caused
+         * the error. Assume expired. */
+        case WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR):
+            return WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED;
         case WC_NO_ERR_TRACE(CRL_CERT_REVOKED):
             return WOLFSSL_X509_V_ERR_CERT_REVOKED;
         case WC_NO_ERR_TRACE(CRL_MISSING):
-            return X509_V_ERR_UNABLE_TO_GET_CRL;
+            return WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL;
         case 0:
         case 1:
             return 0;
@@ -238,41 +309,50 @@ int GetX509Error(int e)
     }
 }
 
-static void SetupStoreCtxError(WOLFSSL_X509_STORE_CTX* ctx, int ret)
+static void SetupStoreCtxError_ex(WOLFSSL_X509_STORE_CTX* ctx, int ret,
+                                                                    int depth)
 {
-    int depth = 0;
     int error = GetX509Error(ret);
 
-    /* Set error depth */
-    if (ctx->chain)
-        depth = (int)ctx->chain->num;
-
     wolfSSL_X509_STORE_CTX_set_error(ctx, error);
     wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth);
 }
 
-/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX
- * returns 0 on success or < 0 on failure.
- */
-int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
+static void SetupStoreCtxError(WOLFSSL_X509_STORE_CTX* ctx, int ret)
 {
-    WOLFSSL_ENTER("wolfSSL_X509_verify_cert");
+    int depth = 0;
 
-    if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
-         && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) {
-        int ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm,
-                ctx->current_cert->derCert->buffer,
-                ctx->current_cert->derCert->length,
-                WOLFSSL_FILETYPE_ASN1);
+    /* Set error depth */
+    if (ctx->chain)
+        depth = (int)ctx->chain->num;
+
+    SetupStoreCtxError_ex(ctx, ret, depth);
+}
+
+static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx)
+{
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    WOLFSSL_ENTER("X509StoreVerifyCert");
+
+    if (ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) {
+        ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm,
+                    ctx->current_cert->derCert->buffer,
+                    ctx->current_cert->derCert->length,
+                    WOLFSSL_FILETYPE_ASN1);
         SetupStoreCtxError(ctx, ret);
+    #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+        if (ctx->store->verify_cb)
+            ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ?
+                                                        WOLFSSL_SUCCESS : ret;
+    #endif
 
     #ifndef NO_ASN_TIME
         if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) &&
             ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) {
             /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or
-             ASN_BEFORE_DATE_E if there are no additional errors found in the
-             cert. Therefore, check if the cert is expired or not yet valid
-             in order to return the correct expected error. */
+             * ASN_BEFORE_DATE_E if there are no additional errors found in the
+             * cert. Therefore, check if the cert is expired or not yet valid
+             * in order to return the correct expected error. */
             byte *afterDate = ctx->current_cert->notAfter.data;
             byte *beforeDate = ctx->current_cert->notBefore.data;
 
@@ -285,24 +365,220 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
                 ret = ASN_BEFORE_DATE_E;
             }
             SetupStoreCtxError(ctx, ret);
+        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+            if (ctx->store->verify_cb)
+                ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0,
+                                            ctx) == 1 ? WOLFSSL_SUCCESS : -1;
+        #endif
         }
     #endif
-
-    #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-        if (ctx->store && ctx->store->verify_cb)
-            ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : -1;
-    #endif
-
-        return ret >= 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
     }
-    return WOLFSSL_FATAL_ERROR;
+
+    return ret;
+}
+
+static int addAllButSelfSigned(WOLF_STACK_OF(WOLFSSL_X509)*to,
+                               WOLF_STACK_OF(WOLFSSL_X509)*from, int *numAdded)
+{
+    int ret = WOLFSSL_SUCCESS;
+    int i = 0;
+    int cnt = 0;
+    WOLFSSL_X509 *x = NULL;
+
+    for (i = 0; i < wolfSSL_sk_X509_num(from); i++) {
+        x = wolfSSL_sk_X509_value(from, i);
+        if (wolfSSL_X509_NAME_cmp(&x->issuer, &x->subject) != 0) {
+            if (wolfSSL_sk_X509_push(to, x) <= 0) {
+                ret = WOLFSSL_FAILURE;
+                goto exit;
+            }
+            cnt++;
+        }
+    }
+
+exit:
+    if (numAdded != NULL) {
+        *numAdded = cnt;
+    }
+    return ret;
+}
+
+/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX
+ * returns 0 on success or < 0 on failure.
+ */
+int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
+{
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    int done = 0;
+    int added = 0;
+    int i = 0;
+    int numInterAdd = 0;
+    int depth = 0;
+    WOLFSSL_X509 *issuer = NULL;
+    WOLFSSL_X509 *orig = NULL;
+    WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL;
+    WOLF_STACK_OF(WOLFSSL_X509)* certsToUse = NULL;
+    WOLFSSL_ENTER("wolfSSL_X509_verify_cert");
+
+    if (ctx == NULL || ctx->store == NULL || ctx->store->cm == NULL
+         || ctx->current_cert == NULL || ctx->current_cert->derCert == NULL) {
+        return WOLFSSL_FATAL_ERROR;
+    }
+
+    certs = ctx->store->certs;
+    if (ctx->setTrustedSk != NULL) {
+        certs = ctx->setTrustedSk;
+    }
+
+    if (certs == NULL &&
+        wolfSSL_sk_X509_num(ctx->ctxIntermediates) > 0) {
+        certsToUse = wolfSSL_sk_X509_new_null();
+        ret = addAllButSelfSigned(certsToUse, ctx->ctxIntermediates, NULL);
+    }
+    else {
+        /* Add the intermediates provided on init to the list of untrusted
+         * intermediates to be used */
+        ret = addAllButSelfSigned(certs, ctx->ctxIntermediates, &numInterAdd);
+    }
+    if (ret != WOLFSSL_SUCCESS) {
+        goto exit;
+    }
+
+    if (ctx->chain != NULL) {
+        wolfSSL_sk_X509_free(ctx->chain);
+    }
+    ctx->chain = wolfSSL_sk_X509_new_null();
+
+    if (ctx->depth > 0) {
+        depth = ctx->depth + 1;
+    }
+    else {
+        depth = WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH + 1;
+    }
+
+    orig = ctx->current_cert;
+    while(done == 0 && depth > 0) {
+        issuer = NULL;
+
+        /* Try to find an untrusted issuer first */
+        ret = X509StoreGetIssuerEx(&issuer, certs,
+                                               ctx->current_cert);
+        if (ret == WOLFSSL_SUCCESS) {
+            if (ctx->current_cert == issuer) {
+                wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+                break;
+            }
+
+            /* We found our issuer in the non-trusted cert list, add it
+             * to the CM and verify the current cert against it */
+        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+            /* OpenSSL doesn't allow the cert as CA if it is not CA:TRUE for
+             * intermediate certs.
+             */
+            if (!issuer->isCa) {
+                /* error depth is current depth + 1 */
+                SetupStoreCtxError_ex(ctx, X509_V_ERR_INVALID_CA,
+                                (ctx->chain) ? (int)(ctx->chain->num + 1) : 1);
+                if (ctx->store->verify_cb) {
+                    ret = ctx->store->verify_cb(0, ctx);
+                    if (ret != WOLFSSL_SUCCESS) {
+                        goto exit;
+                    }
+                }
+            } else {
+        #endif
+            ret = X509StoreAddCa(ctx->store, issuer,
+                                            WOLFSSL_TEMP_CA);
+            if (ret != WOLFSSL_SUCCESS) {
+                goto exit;
+            }
+            added = 1;
+            ret = X509StoreVerifyCert(ctx);
+            if (ret != WOLFSSL_SUCCESS) {
+                goto exit;
+            }
+            /* Add it to the current chain and look at the issuer cert next */
+            wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+            }
+        #endif
+            ctx->current_cert = issuer;
+        }
+        else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
+            /* Could not find in untrusted list, only place left is
+             * a trusted CA in the CM */
+            ret = X509StoreVerifyCert(ctx);
+            if (ret != WOLFSSL_SUCCESS) {
+                if (((ctx->flags & WOLFSSL_PARTIAL_CHAIN) ||
+                     (ctx->store->param->flags & WOLFSSL_PARTIAL_CHAIN)) &&
+                    (added == 1)) {
+                    wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+                    ret = WOLFSSL_SUCCESS;
+                }
+                goto exit;
+            }
+
+            /* Cert verified, finish building the chain */
+            wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+            issuer = NULL;
+    #ifdef WOLFSSL_SIGNER_DER_CERT
+            x509GetIssuerFromCM(&issuer, ctx->store->cm, ctx->current_cert);
+            if (issuer != NULL && ctx->owned != NULL) {
+                wolfSSL_sk_X509_push(ctx->owned, issuer);
+            }
+    #else
+            if (ctx->setTrustedSk == NULL) {
+                X509StoreGetIssuerEx(&issuer,
+                    ctx->store->trusted, ctx->current_cert);
+            }
+            else {
+                X509StoreGetIssuerEx(&issuer,
+                    ctx->setTrustedSk, ctx->current_cert);
+            }
+    #endif
+            if (issuer != NULL) {
+                wolfSSL_sk_X509_push(ctx->chain, issuer);
+            }
+
+            done = 1;
+        }
+        else {
+            goto exit;
+        }
+
+        depth--;
+    }
+
+exit:
+    /* Remove additional intermediates from init from the store */
+    if (ctx != NULL && numInterAdd > 0) {
+        for (i = 0; i < numInterAdd; i++) {
+            wolfSSL_sk_X509_pop(ctx->store->certs);
+        }
+    }
+    /* Remove intermediates that were added to CM */
+    if (ctx != NULL) {
+        if (ctx->store != NULL) {
+            if (added == 1) {
+                wolfSSL_CertManagerUnloadTempIntermediateCerts(ctx->store->cm);
+            }
+        }
+        if (orig != NULL) {
+            ctx->current_cert = orig;
+        }
+    }
+    if (certsToUse != NULL) {
+        wolfSSL_sk_X509_free(certsToUse);
+    }
+
+    return ret == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
 }
 
 #endif /* OPENSSL_EXTRA */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
     WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
-                                                    WOLFSSL_X509_STORE_CTX* ctx)
+                                                WOLFSSL_X509_STORE_CTX* ctx)
     {
         WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert");
         if (ctx)
@@ -400,14 +676,6 @@ int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx,
     WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_purpose (not implemented)");
     return 0;
 }
-
-void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
-        unsigned long flags)
-{
-    (void)ctx;
-    (void)flags;
-    WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_flags (not implemented)");
-}
 #endif /* !NO_WOLFSSL_STUB */
 
 #endif /* WOLFSSL_QT || OPENSSL_ALL */
@@ -415,6 +683,14 @@ void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
 
 #ifdef OPENSSL_EXTRA
 
+void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
+        unsigned long flags)
+{
+    if ((ctx != NULL) && (flags & WOLFSSL_PARTIAL_CHAIN)){
+        ctx->flags |= WOLFSSL_PARTIAL_CHAIN;
+    }
+}
+
 /* set X509_STORE_CTX ex_data, max idx is MAX_EX_DATA. Return WOLFSSL_SUCCESS
  * on success, WOLFSSL_FAILURE on error. */
 int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx,
@@ -446,8 +722,8 @@ int wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup(
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup");
     if (ctx != NULL)
     {
-        return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data,
-                                                       cleanup_routine);
+        return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx,
+                                                        data, cleanup_routine);
     }
     return WOLFSSL_FAILURE;
 }
@@ -462,22 +738,24 @@ void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx, int depth)
 }
 #endif
 
-
 WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer(
         WOLFSSL_X509_STORE_CTX* ctx)
 {
-    int ret;
-    WOLFSSL_X509* issuer;
-
+    WOLFSSL_STACK* node;
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get0_current_issuer");
 
-    if (ctx == NULL) {
+    if (ctx == NULL)
         return NULL;
-    }
 
-    ret = wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, ctx->current_cert);
-    if (ret == WOLFSSL_SUCCESS) {
-        return issuer;
+    /* get0 only checks currently built chain */
+    if (ctx->chain != NULL) {
+        for (node = ctx->chain; node != NULL; node = node->next) {
+            if (wolfSSL_X509_check_issued(node->data.x509,
+                                          ctx->current_cert) ==
+                                                WOLFSSL_X509_V_OK) {
+                return node->data.x509;
+            }
+        }
     }
 
     return NULL;
@@ -497,7 +775,7 @@ void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int er)
 
 /* Set the error depth in the X509 STORE CTX */
 void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx,
-                                                                      int depth)
+                                                                    int depth)
 {
     WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_error_depth");
 
@@ -525,9 +803,27 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
         if (sk == NULL)
             return NULL;
 
-#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
+        for (i = 0; i < c->count; i++) {
+            WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i);
+
+            if (x509 == NULL) {
+                WOLFSSL_MSG("Unable to get x509 from chain");
+                error = 1;
+                break;
+            }
+
+            if (wolfSSL_sk_X509_push(sk, x509) <= 0) {
+                WOLFSSL_MSG("Unable to load x509 into stack");
+                wolfSSL_X509_free(x509);
+                error = 1;
+                break;
+            }
+        }
+
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+    defined(OPENSSL_EXTRA)
         /* add CA used to verify top of chain to the list */
-        if (c->count > 0) {
+        if (!error && c->count > 0) {
             WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1);
             WOLFSSL_X509* issuer = NULL;
             if (x509 != NULL) {
@@ -537,9 +833,10 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
                      * signed and that a issuer was found */
                     if (issuer != NULL && wolfSSL_X509_NAME_cmp(&x509->issuer,
                                 &x509->subject) != 0) {
-                        if (wolfSSL_sk_X509_push(sk, issuer) != WOLFSSL_SUCCESS) {
+                        if (wolfSSL_sk_X509_push(sk, issuer) <= 0) {
                             WOLFSSL_MSG("Unable to load CA x509 into stack");
                             error = 1;
+                            wolfSSL_X509_free(issuer);
                         }
                     }
                     else {
@@ -552,30 +849,8 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
                 }
             }
             wolfSSL_X509_free(x509);
-            if (error) {
-                wolfSSL_sk_X509_pop_free(sk, NULL);
-                wolfSSL_X509_free(issuer);
-                return NULL;
-            }
         }
 #endif
-
-        for (i = c->count - 1; i >= 0; i--) {
-            WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i);
-
-            if (x509 == NULL) {
-                WOLFSSL_MSG("Unable to get x509 from chain");
-                error = 1;
-                break;
-            }
-
-            if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
-                WOLFSSL_MSG("Unable to load x509 into stack");
-                wolfSSL_X509_free(x509);
-                error = 1;
-                break;
-            }
-        }
         if (error) {
             wolfSSL_sk_X509_pop_free(sk, NULL);
             return NULL;
@@ -688,13 +963,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
             if (certToFilterName != NULL) {
                 if (wolfSSL_X509_NAME_cmp(certToFilterName, name) == 0) {
                     filteredCert = wolfSSL_X509_dup(certToFilter->data.x509);
-                    if (filteredCert == NULL) {
+                    if (filteredCert == NULL ||
+                            wolfSSL_sk_X509_push(filteredCerts, filteredCert)
+                                <= 0) {
                         err = 1;
+                        wolfSSL_X509_free(filteredCert);
                         break;
                     }
-                    else {
-                        wolfSSL_sk_X509_push(filteredCerts, filteredCert);
-                    }
                 }
             }
             certToFilter = certToFilter->next;
@@ -726,34 +1001,63 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
 int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
     WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x)
 {
-    WOLFSSL_STACK* node;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get1_issuer");
 
     if (issuer == NULL || ctx == NULL || x == NULL)
         return WOLFSSL_FATAL_ERROR;
 
-    if (ctx->chain != NULL) {
-        for (node = ctx->chain; node != NULL; node = node->next) {
-            if (wolfSSL_X509_check_issued(node->data.x509, x) ==
-                                                            WOLFSSL_X509_V_OK) {
-                *issuer = x;
+    ret = X509StoreGetIssuerEx(issuer, ctx->store->certs, x);
+    if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) {
+        return wolfSSL_X509_up_ref(*issuer);
+    }
+
+#ifdef WOLFSSL_SIGNER_DER_CERT
+    ret = x509GetIssuerFromCM(issuer, ctx->store->cm, x);
+#else
+    ret = X509StoreGetIssuerEx(issuer, ctx->store->trusted, x);
+    if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) {
+        return wolfSSL_X509_up_ref(*issuer);
+    }
+#endif
+
+    return ret;
+}
+#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
+
+#ifdef OPENSSL_EXTRA
+
+static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer,
+                            WOLFSSL_STACK * certs, WOLFSSL_X509 *x)
+{
+    int i;
+
+    if (issuer == NULL || x == NULL)
+        return WOLFSSL_FATAL_ERROR;
+
+    if (certs != NULL) {
+        for (i = 0; i < wolfSSL_sk_X509_num(certs); i++) {
+            if (wolfSSL_X509_check_issued(
+                    wolfSSL_sk_X509_value(certs, i), x) ==
+                    WOLFSSL_X509_V_OK) {
+                *issuer = wolfSSL_sk_X509_value(certs, i);
                 return WOLFSSL_SUCCESS;
             }
         }
     }
 
-    /* Result is ignored when passed to wolfSSL_OCSP_cert_to_id(). */
-
-    return x509GetIssuerFromCM(issuer, ctx->store->cm, x);
+    return WOLFSSL_FAILURE;
 }
-#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
 
-/*******************************************************************************
+#endif
+
+/******************************************************************************
  * END OF X509_STORE_CTX APIs
- ******************************************************************************/
+ *****************************************************************************/
 
-/*******************************************************************************
+/******************************************************************************
  * START OF X509_STORE APIs
- ******************************************************************************/
+ *****************************************************************************/
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
     defined(WOLFSSL_WPAS_SMALL)
@@ -781,10 +1085,23 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
     if ((store->cm = wolfSSL_CertManagerNew()) == NULL)
         goto err_exit;
 
+#ifdef OPENSSL_EXTRA
+    if ((store->certs = wolfSSL_sk_X509_new_null()) == NULL)
+        goto err_exit;
+
+    if ((store->owned = wolfSSL_sk_X509_new_null()) == NULL)
+        goto err_exit;
+
+    if ((store->trusted = wolfSSL_sk_X509_new_null()) == NULL)
+        goto err_exit;
+#endif
+
 #ifdef HAVE_CRL
     store->crl = store->cm->crl;
 #endif
 
+    store->numAdded = 0;
+
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 
     /* Link store's new Certificate Manager to self by default */
@@ -819,6 +1136,33 @@ err_exit:
     return NULL;
 }
 
+#ifdef OPENSSL_ALL
+static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store,
+                  WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* objs)
+{
+    int i;
+    WOLFSSL_X509_OBJECT *obj = NULL;
+    int cnt = store->numAdded;
+
+    /* -1 here because it is later used as an index value into the object stack.
+     * With there being the chance that the only object in the stack is one from
+     * the numAdded to the store >= is used when comparing to 0. */
+    i = wolfSSL_sk_X509_OBJECT_num(objs) - 1;
+    while (cnt > 0 && i >= 0) {
+        /* The inner X509 is owned by somebody else, NULL out the reference */
+        obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(objs, i);
+        if (obj != NULL) {
+            obj->type = (WOLFSSL_X509_LOOKUP_TYPE)0;
+            obj->data.ptr = NULL;
+        }
+        cnt--;
+        i--;
+    }
+
+    wolfSSL_sk_X509_OBJECT_pop_free(objs, NULL);
+}
+#endif
+
 void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
 {
     int doFree = 0;
@@ -841,9 +1185,23 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
                 wolfSSL_CertManagerFree(store->cm);
                 store->cm = NULL;
             }
+#if defined(OPENSSL_EXTRA)
+            if (store->certs != NULL) {
+                wolfSSL_sk_X509_pop_free(store->certs, NULL);
+                store->certs = NULL;
+            }
+            if (store->owned != NULL) {
+                wolfSSL_sk_X509_pop_free(store->owned, NULL);
+                store->owned = NULL;
+            }
+            if (store->trusted != NULL) {
+                wolfSSL_sk_X509_pop_free(store->trusted, NULL);
+                store->trusted = NULL;
+            }
+#endif
 #ifdef OPENSSL_ALL
             if (store->objs != NULL) {
-                wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL);
+                X509StoreFreeObjList(store, store->objs);
             }
 #endif
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@@ -853,7 +1211,8 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
             if (store->lookup.dirs != NULL) {
 #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
                 if (store->lookup.dirs->dir_entry) {
-                    wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry);
+                    wolfSSL_sk_BY_DIR_entry_free(
+                        store->lookup.dirs->dir_entry);
                 }
 #endif
                 wc_FreeMutex(&store->lookup.dirs->lock);
@@ -861,6 +1220,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
                 store->lookup.dirs = NULL;
             }
 #endif
+            wolfSSL_RefFree(&store->ref);
             XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
         }
     }
@@ -914,7 +1274,7 @@ int wolfSSL_X509_STORE_up_ref(WOLFSSL_X509_STORE* store)
  * @return WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure
  */
 int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store, int idx,
-                                                                     void *data)
+                                                                void *data)
 {
     WOLFSSL_ENTER("wolfSSL_X509_STORE_set_ex_data");
 #ifdef HAVE_EX_DATA
@@ -1001,22 +1361,74 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
     return &store->lookup;
 }
 
-int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
+static int X509StoreAddCa(WOLFSSL_X509_STORE* store,
+                                          WOLFSSL_X509* x509, int type)
 {
-    int result = WOLFSSL_FATAL_ERROR;
-
-    WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
-    if (store != NULL && store->cm != NULL && x509 != NULL
-                                                && x509->derCert != NULL) {
-        DerBuffer* derCert = NULL;
+    int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
+    DerBuffer* derCert = NULL;
 
+    WOLFSSL_ENTER("X509StoreAddCa");
+    if (store != NULL && x509 != NULL && x509->derCert != NULL) {
         result = AllocDer(&derCert, x509->derCert->length,
             x509->derCert->type, NULL);
         if (result == 0) {
             /* AddCA() frees the buffer. */
             XMEMCPY(derCert->buffer,
                             x509->derCert->buffer, x509->derCert->length);
-            result = AddCA(store->cm, &derCert, WOLFSSL_USER_CA, VERIFY);
+            result = AddCA(store->cm, &derCert, type, VERIFY);
+        }
+    }
+
+    return result;
+}
+
+
+int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
+{
+    int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
+
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
+    if (store != NULL && store->cm != NULL && x509 != NULL
+                                                && x509->derCert != NULL) {
+        /* Mimic the openssl behavior, must be self signed to be considered
+         * trusted, addCA() internals will do additional checks for
+         * CA=TRUE */
+        if (wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) == 0) {
+            result = X509StoreAddCa(store, x509, WOLFSSL_USER_CA);
+            if (result == WOLFSSL_SUCCESS && store->trusted != NULL) {
+                result = wolfSSL_X509_up_ref(x509);
+                if (result == WOLFSSL_SUCCESS) {
+                    result = wolfSSL_sk_X509_push(store->trusted, x509);
+                    if (result > 0) {
+                        result = WOLFSSL_SUCCESS;
+                    }
+                    else {
+                        result = WOLFSSL_FATAL_ERROR;
+                        wolfSSL_X509_free(x509);
+                    }
+                }
+            }
+        }
+        else {
+            if (store->certs != NULL) {
+                result = wolfSSL_X509_up_ref(x509);
+                if (result == WOLFSSL_SUCCESS) {
+                    result = wolfSSL_sk_X509_push(store->certs, x509);
+                    if (result > 0) {
+                        result = WOLFSSL_SUCCESS;
+                    }
+                    else {
+                        result = WOLFSSL_FATAL_ERROR;
+                        wolfSSL_X509_free(x509);
+                    }
+                }
+            }
+            else {
+                /* If store->certs is NULL, this is an X509_STORE managed by an
+                 * SSL_CTX, preserve behavior and always add as USER_CA */
+                result = X509StoreAddCa(
+                            store, x509, WOLFSSL_USER_CA);
+            }
         }
     }
 
@@ -1046,23 +1458,124 @@ int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag)
         ret = wolfSSL_CertManagerDisableCRL(store->cm);
     }
 #endif
+    if (flag & WOLFSSL_PARTIAL_CHAIN) {
+        store->param->flags |= WOLFSSL_PARTIAL_CHAIN;
+    }
     return ret;
 }
 
-
-int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store)
+int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str,
+                                        byte *buf, word32 bufLen, int type)
 {
-    (void)store;
-    return WOLFSSL_SUCCESS;
+    int ret = WOLFSSL_SUCCESS;
+    WOLFSSL_X509 *x509 = NULL;
+
+    if (str == NULL || buf == NULL) {
+        return WOLFSSL_FAILURE;
+    }
+
+    /* OpenSSL X509_STORE_load_file fails on DER file, we will as well */
+    x509 = wolfSSL_X509_load_certificate_buffer(buf, bufLen, type);
+    if (x509 != NULL) {
+        ret = wolfSSL_X509_STORE_add_cert(str, x509);
+        if (ret != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("Failed to load file");
+            ret = WOLFSSL_FAILURE;
+        }
+        if (ret == WOLFSSL_SUCCESS && str->owned != NULL) {
+            if (wolfSSL_sk_X509_push(str->owned, x509) <= 0) {
+                ret = WOLFSSL_FAILURE;
+            }
+            else {
+                x509 = NULL;
+            }
+        }
+        wolfSSL_X509_free(x509);
+
+    }
+    else {
+        ret = WOLFSSL_FAILURE;
+    }
+
+    return ret;
 }
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+
+static int X509StoreReadFile(const char *fname,
+                StaticBuffer *content, word32 *bytesRead, int *type)
+{
+    int ret = -1;
+    long sz = 0;
+#ifdef HAVE_CRL
+    const char* header = NULL;
+    const char* footer = NULL;
+#endif
+
+    ret = wolfssl_read_file_static(fname, content, NULL, DYNAMIC_TYPE_FILE,
+        &sz);
+    if (ret == 0) {
+        *type = CERT_TYPE;
+        *bytesRead = (word32)sz;
+#ifdef HAVE_CRL
+        /* Look for CRL header and footer. */
+        if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 &&
+                (XSTRNSTR((char*)content->buffer, header, (word32)sz) !=
+                    NULL)) {
+            *type = CRL_TYPE;
+        }
+#endif
+    }
+
+    return (ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE);
+}
+
+static int X509StoreLoadFile(WOLFSSL_X509_STORE *str,
+                                        const char *fname)
+{
+    int ret = WOLFSSL_SUCCESS;
+    int type = 0;
+#ifndef WOLFSSL_SMALL_STACK
+    byte   stackBuffer[FILE_BUFFER_SIZE];
+#endif
+    StaticBuffer content;
+    word32 contentLen = 0;
+
+#ifdef WOLFSSL_SMALL_STACK
+    static_buffer_init(&content);
+#else
+    static_buffer_init(&content, stackBuffer, FILE_BUFFER_SIZE);
+#endif
+
+    WOLFSSL_MSG_EX("X509StoreLoadFile: Loading file: %s", fname);
+
+    ret = X509StoreReadFile(fname, &content, &contentLen, &type);
+    if (ret != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("Failed to load file");
+        ret = WOLFSSL_FAILURE;
+    }
+
+    if ((ret == WOLFSSL_SUCCESS) && (type == CERT_TYPE)) {
+        ret = X509StoreLoadCertBuffer(str, content.buffer,
+                                        contentLen, WOLFSSL_FILETYPE_PEM);
+    }
+#ifdef HAVE_CRL
+    else if ((ret == WOLFSSL_SUCCESS) && (type == CRL_TYPE)) {
+        ret = BufferLoadCRL(str->cm->crl, content.buffer, contentLen,
+                                        WOLFSSL_FILETYPE_PEM, 0);
+    }
+#endif
+
+    static_buffer_free(&content, NULL, DYNAMIC_TYPE_FILE);
+    return ret;
+}
+
 /* Loads certificate(s) files in pem format into X509_STORE struct from either
  * a file or directory.
  * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE if an error occurs.
  */
 WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
-                                              const char *file, const char *dir)
+                                            const char *file, const char *dir)
 {
     WOLFSSL_CTX* ctx;
     char *name = NULL;
@@ -1102,10 +1615,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
 
     /* Load individual file */
     if (file) {
-        /* Try to process file with type DETECT_CERT_TYPE to parse the
-           correct certificate header and footer type */
-        ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE,
-                                                      NULL, 0, str->cm->crl, 0);
+        ret = X509StoreLoadFile(str, file);
         if (ret != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Failed to load file");
             ret = WOLFSSL_FAILURE;
@@ -1118,7 +1628,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
 
         #ifdef WOLFSSL_SMALL_STACK
             readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                                    DYNAMIC_TYPE_TMP_BUFFER);
             if (readCtx == NULL) {
                 WOLFSSL_MSG("Memory error");
                 wolfSSL_CTX_free(ctx);
@@ -1130,10 +1640,8 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
         ret = wc_ReadDirFirst(readCtx, dir, &name);
         while (ret == 0 && name) {
             WOLFSSL_MSG(name);
-            /* Try to process file with type DETECT_CERT_TYPE to parse the
-               correct certificate header and footer type */
-            ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE,
-                                                      NULL, 0, str->cm->crl, 0);
+
+            ret = X509StoreLoadFile(str, name);
             /* Not failing on load errors */
             if (ret != WOLFSSL_SUCCESS)
                 WOLFSSL_MSG("Failed to load file in path, continuing");
@@ -1162,6 +1670,27 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
 
     return ret;
 }
+
+#if defined(XGETENV) && !defined(NO_GETENV)
+int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE *str)
+{
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    char* certDir = NULL;
+    char* certFile = NULL;
+
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_set_default_paths");
+
+    certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER);
+    certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER);
+
+    ret = wolfSSL_X509_STORE_load_locations(str, certFile, certDir);
+
+    XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return ret;
+}
+#endif /* XGETENV && !NO_GETENV */
+
 #endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
 
 int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store)
@@ -1176,17 +1705,23 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store)
     }
 
     table = store->cm->caTable;
-    if (table){
+    if (table || (store->certs != NULL)){
         if (wc_LockMutex(&store->cm->caLock) == 0){
-            int i = 0;
-            for (i = 0; i < CA_TABLE_SIZE; i++) {
-                Signer* signer = table[i];
-                while (signer) {
-                    Signer* next = signer->next;
-                    cnt_ret++;
-                    signer = next;
+            if (table) {
+                int i = 0;
+                for (i = 0; i < CA_TABLE_SIZE; i++) {
+                    Signer* signer = table[i];
+                    while (signer) {
+                        Signer* next = signer->next;
+                        cnt_ret++;
+                        signer = next;
+                    }
                 }
             }
+
+            if (store->certs != NULL) {
+                cnt_ret += wolfSSL_sk_X509_num(store->certs);
+            }
             wc_UnLockMutex(&store->cm->caLock);
         }
     }
@@ -1195,7 +1730,8 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store)
 }
 
 /******************************************************************************
-* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx
+* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate
+*                               store ctx
 *
 * This API can be used in SSL verify callback function to view cert chain
 * See examples/client/client.c and myVerify() function in test.h
@@ -1226,7 +1762,8 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
         /* get certificate buffer */
         cert = &s->certs[certIdx];
 
-        dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
+        dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
+                                                DYNAMIC_TYPE_DCERT);
 
         if (dCert == NULL) {
             goto error;
@@ -1248,7 +1785,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
 
         if (CopyDecodedToX509(x509, dCert) == 0) {
 
-            if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
+            if (wolfSSL_sk_X509_push(sk, x509) <= 0) {
                 WOLFSSL_MSG("Unable to load x509 into stack");
                 wolfSSL_X509_free(x509);
                 goto error;
@@ -1289,7 +1826,14 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
 {
     WOLFSSL_STACK* ret = NULL;
     WOLFSSL_STACK* cert_stack = NULL;
+#if ((defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)) || \
+     (defined(HAVE_CRL)))
+    WOLFSSL_X509_OBJECT* obj = NULL;
+#endif
+#if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
     WOLFSSL_X509* x509 = NULL;
+    int i = 0;
+#endif
     WOLFSSL_ENTER("wolfSSL_X509_STORE_get0_objects");
 
     if (store == NULL || store->cm == NULL) {
@@ -1300,7 +1844,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
     if (store->objs != NULL) {
 #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
         /* want to update objs stack by cm stack again before returning it*/
-        wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL);
+        X509StoreFreeObjList(store, store->objs);
         store->objs = NULL;
 #else
         if (wolfSSL_sk_X509_OBJECT_num(store->objs) == 0) {
@@ -1320,37 +1864,62 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
 
 #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
     cert_stack = wolfSSL_CertManagerGetCerts(store->cm);
-    /* wolfSSL_sk_X509_pop checks for NULL */
-    while ((x509 = wolfSSL_sk_X509_pop(cert_stack)) != NULL) {
-        WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new();
+    store->numAdded = 0;
+    if (cert_stack == NULL && wolfSSL_sk_X509_num(store->certs) > 0) {
+        cert_stack = wolfSSL_sk_X509_new_null();
+        if (cert_stack == NULL) {
+            WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_new error");
+            goto err_cleanup;
+        }
+    }
+    for (i = 0; i < wolfSSL_sk_X509_num(store->certs); i++) {
+        if (wolfSSL_sk_X509_push(cert_stack,
+                             wolfSSL_sk_X509_value(store->certs, i)) > 0) {
+            store->numAdded++;
+        }
+    }
+    /* Do not modify stack until after we guarantee success to
+     * simplify cleanup logic handling cert merging above */
+    for (i = 0; i < wolfSSL_sk_X509_num(cert_stack); i++) {
+        x509 = (WOLFSSL_X509 *)wolfSSL_sk_value(cert_stack, i);
+        obj  = wolfSSL_X509_OBJECT_new();
         if (obj == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
             goto err_cleanup;
         }
-        if (wolfSSL_sk_X509_OBJECT_push(ret, obj) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_X509_OBJECT_push(ret, obj) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_push error");
             wolfSSL_X509_OBJECT_free(obj);
             goto err_cleanup;
         }
         obj->type = WOLFSSL_X509_LU_X509;
         obj->data.x509 = x509;
-        x509 = NULL;
+    }
+
+    while (wolfSSL_sk_X509_num(cert_stack) > 0) {
+        wolfSSL_sk_X509_pop(cert_stack);
     }
 #endif
 
 #ifdef HAVE_CRL
     if (store->cm->crl != NULL) {
-        WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new();
+        int res;
+        obj = wolfSSL_X509_OBJECT_new();
         if (obj == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
             goto err_cleanup;
         }
-        if (wolfSSL_sk_X509_OBJECT_push(ret, obj) != WOLFSSL_SUCCESS) {
+        if (wolfSSL_sk_X509_OBJECT_push(ret, obj) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_push error");
             wolfSSL_X509_OBJECT_free(obj);
             goto err_cleanup;
         }
         obj->type = WOLFSSL_X509_LU_CRL;
+        wolfSSL_RefInc(&store->cm->crl->ref, &res);
+        if (res != 0) {
+            WOLFSSL_MSG("Failed to lock crl mutex");
+            goto err_cleanup;
+        }
         obj->data.crl = store->cm->crl;
     }
 #endif
@@ -1361,11 +1930,14 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
     return ret;
 err_cleanup:
     if (ret != NULL)
-        wolfSSL_sk_X509_OBJECT_pop_free(ret, NULL);
-    if (cert_stack != NULL)
+        X509StoreFreeObjList(store, ret);
+    if (cert_stack != NULL) {
+        while (store->numAdded > 0) {
+            wolfSSL_sk_X509_pop(cert_stack);
+            store->numAdded--;
+        }
         wolfSSL_sk_X509_pop_free(cert_stack, NULL);
-    if (x509 != NULL)
-        wolfSSL_X509_free(x509);
+    }
     return NULL;
 }
 #endif /* OPENSSL_ALL */
@@ -1379,11 +1951,21 @@ WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(
         return NULL;
     return ctx->param;
 }
+
+#ifdef OPENSSL_EXTRA
+int wolfSSL_X509_STORE_set1_param(WOLFSSL_X509_STORE *ctx,
+        WOLFSSL_X509_VERIFY_PARAM *param)
+{
+    if (ctx == NULL)
+        return WOLFSSL_FAILURE;
+    return wolfSSL_X509_VERIFY_PARAM_set1(ctx->param, param);
+}
+#endif
 #endif
 
-/*******************************************************************************
+/******************************************************************************
  * END OF X509_STORE APIs
- ******************************************************************************/
+ *****************************************************************************/
 
 #endif /* NO_CERTS */
 
diff --git a/sslSniffer/README.md b/sslSniffer/README.md
index 27a6f5278..dbf68955e 100644
--- a/sslSniffer/README.md
+++ b/sslSniffer/README.md
@@ -197,7 +197,7 @@ Frees all resources consumed by the wolfSSL sniffer and should be called when us
 int ssl_Trace(const char* traceFile, char* error);
 ```
 
-Enables Tracing when a file is passed in.  Disables Tracing if previously on and a NULL value is passed in for the file.
+Enables Tracing when a file is passed in. When `traceFile` is "-", then the trace will be printed to STDOUT. Disables Tracing if previously on and a NULL value is passed in for the file.
 
 Returns Values:
 
diff --git a/sslSniffer/sslSniffer.vcxproj b/sslSniffer/sslSniffer.vcxproj
index 7395cac1f..88bbc963f 100644
--- a/sslSniffer/sslSniffer.vcxproj
+++ b/sslSniffer/sslSniffer.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}</ProjectGuid>
@@ -36,6 +44,12 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -46,6 +60,11 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -55,12 +74,18 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -75,6 +100,11 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -85,6 +115,11 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -123,6 +158,24 @@
       <SubSystem>Windows</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;SSL_SNIFFER_EXPORTS;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Windows</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -166,6 +219,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;SSL_SNIFFER_EXPORTS;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Windows</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\src\sniffer.c" />
   </ItemGroup>
diff --git a/sslSniffer/sslSnifferTest/README_WIN.md b/sslSniffer/sslSnifferTest/README_WIN.md
index 4215ff7e7..a58bf96e2 100644
--- a/sslSniffer/sslSnifferTest/README_WIN.md
+++ b/sslSniffer/sslSnifferTest/README_WIN.md
@@ -27,4 +27,4 @@
 
 
 
-For details on usage, see [sniffer README.md](../README.md#command-line-options) for more details. 
+For details on usage, see [sniffer README.md](../README.md#command-line-options) for more details.
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 0cfb38859..8eb25affa 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -1,6 +1,6 @@
 /* snifftest.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,6 +24,9 @@
     #include <config.h>
 #endif
 
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/logging.h>
@@ -145,7 +148,7 @@ enum {
 #endif
 
 #define DEFAULT_SERVER_IP   "127.0.0.1"
-#define DEFAULT_SERVER_PORT (443)
+#define DEFAULT_SERVER_PORT (11111)
 
 #ifdef WOLFSSL_SNIFFER_WATCH
 static const byte rsaHash[] = {
@@ -166,6 +169,7 @@ static const byte eccHash[] = {
 static pcap_t* pcap = NULL;
 static pcap_if_t* alldevs = NULL;
 static struct bpf_program pcap_fp;
+static const char *traceFile = "./tracefile.txt";
 
 static void FreeAll(void)
 {
@@ -377,7 +381,6 @@ static int load_key(const char* name, const char* server, int port,
 
         if (loadCount == 0) {
             printf("Failed loading private key %s: ret %d\n", keyFile, ret);
-            printf("Please run directly from wolfSSL root dir\n");
             ret = -1;
         }
         else {
@@ -843,7 +846,7 @@ static void* snifferWorker(void* arg)
     char err[PCAP_ERRBUF_SIZE];
 
     ssl_InitSniffer_ex2(worker->id);
-    ssl_Trace("./tracefile.txt", err);
+    ssl_Trace(traceFile, err);
     ssl_EnableRecovery(1, -1, err);
 #ifdef WOLFSSL_SNIFFER_WATCH
     ssl_SetWatchKeyCallback(myWatchCb, err);
@@ -951,39 +954,90 @@ int main(int argc, char** argv)
     int          i = 0, defDev = 0;
     int          packetNumber = 0;
     int          frame = ETHER_IF_FRAME_LEN;
+    char         cmdLineArg[128];
+    char        *pcapFile = NULL;
+    char        *deviceName = NULL;
     char         err[PCAP_ERRBUF_SIZE];
-    char         filter[32];
+    char         filter[128];
     const char  *keyFilesSrc = NULL;
 #ifdef WOLFSSL_SNIFFER_KEYLOGFILE
     const char  *sslKeyLogFile = NULL;
 #endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
     char         keyFilesBuf[MAX_FILENAME_SZ];
     char         keyFilesUser[MAX_FILENAME_SZ];
-    const char  *server = DEFAULT_SERVER_IP;
-    int          port   = DEFAULT_SERVER_PORT;
+    const char  *server = NULL;
+    int          port   = -1;
     const char  *sniName = NULL;
     const char  *passwd = NULL;
     pcap_if_t   *d;
     pcap_addr_t *a;
 #ifdef THREADED_SNIFFTEST
     int workerThreadCount;
-#ifdef HAVE_SESSION_TICKET
-    /* Multiple threads on resume not yet supported */
-    workerThreadCount = 1;
-#else
-    workerThreadCount = 5;
 #endif
+
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_ON();
 #endif
 
     show_appinfo();
 
     signal(SIGINT, sig_handler);
 
+    for (i = 1; i < argc; i++) {
+        if (strcmp(argv[i], "-pcap") == 0 && i + 1 < argc) {
+            pcapFile = argv[++i];
+        }
+        else if (strcmp(argv[i], "-deviceName") == 0 && i + 1 < argc) {
+            deviceName = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0 && i + 1 < argc) {
+            keyFilesSrc = argv[++i];
+        }
+        else if (strcmp(argv[i], "-server") == 0 && i + 1 < argc) {
+            server = argv[++i];
+        }
+        else if (strcmp(argv[i], "-port") == 0 && i + 1 < argc) {
+            port = XATOI(argv[++i]);
+        }
+        else if (strcmp(argv[i], "-password") == 0 && i + 1 < argc) {
+            passwd = argv[++i];
+        }
+        else if (strcmp(argv[i], "-tracefile") == 0 && i + 1 < argc) {
+            traceFile = argv[++i];
+        }
+#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
+        else if (strcmp(argv[i], "-keylogfile") == 0 && i + 1 < argc) {
+            sslKeyLogFile = argv[++i];
+        }
+#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
+#if defined(THREADED_SNIFFTEST)
+        else if (strcmp(argv[i], "-threads") == 0 && i + 1 < argc) {
+            workerThreadCount = XATOI(argv[++i]);
+        }
+#endif /* THREADED_SNIFFTEST */
+        else {
+            fprintf(stderr, "Error parsing: %s\n", argv[i]);
+            fprintf(stderr, "Usage: %s -pcap pcap_arg -key key_arg"
+                    " [-deviceName deviceName_arg]"
+                    " [-password password_arg] [-server server_arg]"
+                    " [-port port_arg]"
+                    " [-tracefile tracefile_arg]"
+#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
+                    " [-keylogfile keylogfile_arg]"
+#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
+#if defined(THREADED_SNIFFTEST)
+                    " [-threads threads_arg]"
+#endif /* THREADED_SNIFFTEST */
+                    "\n", argv[0]);
+            exit(EXIT_FAILURE);
+        }
+    }
+
 #ifndef THREADED_SNIFFTEST
     #ifndef _WIN32
     ssl_InitSniffer();   /* dll load on Windows */
     #endif
-    ssl_Trace("./tracefile.txt", err);
+    ssl_Trace(traceFile, err);
     ssl_EnableRecovery(1, -1, err);
     #ifdef WOLFSSL_SNIFFER_WATCH
     ssl_SetWatchKeyCallback(myWatchCb, err);
@@ -991,101 +1045,175 @@ int main(int argc, char** argv)
     #ifdef WOLFSSL_SNIFFER_STORE_DATA_CB
     ssl_SetStoreDataCallback(myStoreDataCb);
     #endif
+#else
+#ifdef HAVE_SESSION_TICKET
+    /* Multiple threads on resume not yet supported */
+    workerThreadCount = 1;
+#else
+    workerThreadCount = 5;
 #endif
+#endif
+    SNPRINTF(filter, sizeof(filter), "(ip6 or ip) and tcp");
 
-    if (argc == 1) {
-        char cmdLineArg[128];
+
+    if (pcapFile == NULL) {
         /* normal case, user chooses device and port */
 
         if (pcap_findalldevs(&alldevs, err) == -1)
             err_sys("Error in pcap_findalldevs");
 
-        for (d = alldevs; d; d=d->next) {
-            printf("%d. %s", ++i, d->name);
-            if (strcmp(d->name, "lo0") == 0) {
-                defDev = i;
+        if (deviceName == NULL) {
+            for (d = alldevs, i = 0; d; d=d->next) {
+                printf("%d. %s", ++i, d->name);
+                if (strcmp(d->name, "lo0") == 0) {
+                    defDev = i;
+                }
+                if (d->description)
+                    printf(" (%s)\n", d->description);
+                else
+                    printf(" (No description available)\n");
+            }
+
+            if (i == 0)
+                err_sys("No interfaces found! Make sure pcap or WinPcap is"
+                        " installed correctly and you have sufficient permissions");
+
+            printf("Enter the interface number (1-%d) [default: %d]: ", i, defDev);
+            XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
+            if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin))
+                inum = XATOI(cmdLineArg);
+            if (inum == 0)
+                inum = defDev;
+            else if (inum < 1 || inum > i)
+                err_sys("Interface number out of range");
+
+            /* Jump to the selected adapter */
+            for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
+        } else {
+            int deviceNameSz = (int)XSTRLEN(deviceName);
+            for (d = alldevs; d; d = d->next) {
+                if (XSTRNCMP(d->name,deviceName,deviceNameSz) == 0) {
+                    fprintf(stderr, "%s == %s\n", d->name, deviceName);
+                    break;
+                }
+            }
+            if (d == NULL) {
+                err_sys("Can't find the device you're looking for");
             }
-            if (d->description)
-                printf(" (%s)\n", d->description);
-            else
-                printf(" (No description available)\n");
         }
 
-        if (i == 0)
-            err_sys("No interfaces found! Make sure pcap or WinPcap is"
-                    " installed correctly and you have sufficient permissions");
-
-        printf("Enter the interface number (1-%d) [default: %d]: ", i, defDev);
-        XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
-        if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin))
-            inum = XATOI(cmdLineArg);
-        if (inum == 0)
-            inum = defDev;
-        else if (inum < 1 || inum > i)
-            err_sys("Interface number out of range");
-
-        /* Jump to the selected adapter */
-        for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
-
+        printf("Selected %s\n", d->name);
         pcap = pcap_create(d->name, err);
+        if (pcap == NULL) fprintf(stderr, "pcap_create failed %s\n", err);
 
-        if (pcap == NULL) printf("pcap_create failed %s\n", err);
-
-        /* print out addresses for selected interface */
-        for (a = d->addresses; a; a = a->next) {
-            if (a->addr->sa_family == AF_INET) {
-                server =
-                    iptos(&((struct sockaddr_in *)a->addr)->sin_addr);
-                printf("server = %s\n", server);
-            }
-            else if (a->addr->sa_family == AF_INET6) {
-                server =
-                    ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr);
-                printf("server = %s\n", server);
+        if (server == NULL) {
+            /* print out addresses for selected interface */
+            for (a = d->addresses; a; a = a->next) {
+                if (a->addr->sa_family == AF_INET) {
+                    server =
+                        iptos(&((struct sockaddr_in *)a->addr)->sin_addr);
+                    printf("server = %s\n", server);
+                }
+                else if (a->addr->sa_family == AF_INET6) {
+                    server =
+                        ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr);
+                    printf("server = %s\n", server);
+                }
             }
         }
-        if (server == NULL)
-            err_sys("Unable to get device IPv4 or IPv6 address");
 
         ret = pcap_set_snaplen(pcap, 65536);
-        if (ret != 0) printf("pcap_set_snaplen failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+            fprintf(stderr, "pcap_set_snaplen failed %s\n", pcap_geterr(pcap));
 
         ret = pcap_set_timeout(pcap, 1000);
-        if (ret != 0) printf("pcap_set_timeout failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+            fprintf(stderr, "pcap_set_timeout failed %s\n", pcap_geterr(pcap));
 
         ret = pcap_set_buffer_size(pcap, 1000000);
         if (ret != 0)
-            printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap));
+            fprintf(stderr, "pcap_set_buffer_size failed %s\n",
+                    pcap_geterr(pcap));
 
         ret = pcap_set_promisc(pcap, 1);
-        if (ret != 0) printf("pcap_set_promisc failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+            fprintf(stderr,"pcap_set_promisc failed %s\n", pcap_geterr(pcap));
 
 
         ret = pcap_activate(pcap);
-        if (ret != 0) printf("pcap_activate failed %s\n", pcap_geterr(pcap));
+        if (ret != 0)
+            fprintf(stderr, "pcap_activate failed %s\n", pcap_geterr(pcap));
 
-        printf("Enter the port to scan [default: 11111]: ");
+    }
+    else {
+        saveFile = 1;
+        pcap = pcap_open_offline(pcapFile , err);
+        if (pcap == NULL) {
+            fprintf(stderr, "pcap_open_offline failed %s\n", err);
+            err_sys(err);
+        }
+    }
+
+    if (server == NULL) {
+        server = DEFAULT_SERVER_IP;
+    }
+
+    if (port < 0) {
+        printf("Enter the port to scan [default: %d, '0' for all]: ",
+                DEFAULT_SERVER_PORT);
         XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg));
         if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) {
             port = XATOI(cmdLineArg);
         }
-        if (port <= 0)
-            port = 11111;
+        if ((port < 0) || (cmdLineArg[0] == '\n'))
+            port = DEFAULT_SERVER_PORT;
 
-        SNPRINTF(filter, sizeof(filter), "tcp and port %d", port);
+    }
+    if (port > 0) {
+        SNPRINTF(cmdLineArg, sizeof(filter), " and port %d", port);
+        XSTRLCAT(filter, cmdLineArg, sizeof(filter));
+    }
 
-        ret = pcap_compile(pcap, &pcap_fp, filter, 0, 0);
-        if (ret != 0) printf("pcap_compile failed %s\n", pcap_geterr(pcap));
+#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
+    /* If we offer keylog support, then user must provide EITHER a pubkey
+     * OR a keylog file but NOT both */
+    if (keyFilesSrc && sslKeyLogFile) {
+        fprintf(stderr,
+                "Error: either -key OR -keylogfile option but NOT both.\n");
+        exit(EXIT_FAILURE);
+    }
 
-        ret = pcap_setfilter(pcap, &pcap_fp);
-        if (ret != 0) printf("pcap_setfilter failed %s\n", pcap_geterr(pcap));
+    if (sslKeyLogFile != NULL) {
+        ret = ssl_LoadSecretsFromKeyLogFile(sslKeyLogFile, err);
+        if (ret != 0) {
+            fprintf(stderr,
+                    "ERROR=%d, unable to load secrets from keylog file\n",ret);
+            err_sys(err);
+        }
 
+        ret = ssl_CreateKeyLogSnifferServer(server, port, err);
+        if (ret != 0) {
+            fprintf(stderr,
+                    "ERROR=%d, unable to create keylog sniffer server\n",ret);
+            err_sys(err);
+        }
+    }
+    else
+#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
+    if (keyFilesSrc) {
+        ret = load_key(NULL, server, port, keyFilesSrc, passwd, err);
+        if (ret != 0) {
+            fprintf(stderr, "Failed to load key\n");
+            err_sys(err);
+        }
+    }
+    else {
         /* optionally enter the private key to use */
-    #if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(DEFAULT_SERVER_EPH_KEY)
+#if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(DEFAULT_SERVER_EPH_KEY)
         keyFilesSrc = DEFAULT_SERVER_EPH_KEY;
-    #else
+#else
         keyFilesSrc = DEFAULT_SERVER_KEY;
-    #endif
+#endif
         printf("Enter the server key [default: %s]: ", keyFilesSrc);
         XMEMSET(keyFilesBuf, 0, sizeof(keyFilesBuf));
         XMEMSET(keyFilesUser, 0, sizeof(keyFilesUser));
@@ -1109,137 +1237,24 @@ int main(int argc, char** argv)
         }
     #endif /* !WOLFSSL_SNIFFER_WATCH && HAVE_SNI */
 
-        /* get IPv4 or IPv6 addresses for selected interface */
-        for (a = d->addresses; a; a = a->next) {
-            server = NULL;
-            if (a->addr->sa_family == AF_INET) {
-                server =
-                    iptos(&((struct sockaddr_in *)a->addr)->sin_addr);
-            }
-            else if (a->addr->sa_family == AF_INET6) {
-                server =
-                    ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr);
-            }
-
-            if (server) {
-                XSTRNCPY(keyFilesBuf, keyFilesSrc, sizeof(keyFilesBuf));
-                ret = load_key(sniName, server, port, keyFilesBuf, NULL, err);
-                if (ret != 0) {
-                    exit(EXIT_FAILURE);
-                }
-            }
+        ret = load_key(sniName, server, port, keyFilesBuf, NULL, err);
+        if (ret != 0) {
+            exit(EXIT_FAILURE);
         }
     }
-    else {
-        char *pcapFile = NULL;
 
-        for (i = 1; i < argc; i++) {
-            if (strcmp(argv[i], "-pcap") == 0 && i + 1 < argc) {
-                pcapFile = argv[++i];
-            }
-            else if (strcmp(argv[i], "-key") == 0 && i + 1 < argc) {
-                keyFilesSrc = argv[++i];
-            }
-            else if (strcmp(argv[i], "-server") == 0 && i + 1 < argc) {
-                server = argv[++i];
-            }
-            else if (strcmp(argv[i], "-port") == 0 && i + 1 < argc) {
-                port = XATOI(argv[++i]);
-            }
-            else if (strcmp(argv[i], "-password") == 0 && i + 1 < argc) {
-                passwd = argv[++i];
-            }
-#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
-            else if (strcmp(argv[i], "-keylogfile") == 0 && i + 1 < argc) {
-                sslKeyLogFile = argv[++i];
-            }
-#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
-#if defined(THREADED_SNIFFTEST)
-            else if (strcmp(argv[i], "-threads") == 0 && i + 1 < argc) {
-                workerThreadCount = XATOI(argv[++i]);
-            }
-#endif /* THREADED_SNIFFTEST */
-            else {
-                fprintf(stderr, "Invalid option or missing argument: %s\n", argv[i]);
-                fprintf(stderr, "Usage: %s -pcap pcap_arg -key key_arg"
-                        " [-password password_arg] [-server server_arg] [-port port_arg]"
-#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
-                        " [-keylogfile keylogfile_arg]"
-#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
-#if defined(THREADED_SNIFFTEST)
-                        " [-threads threads_arg]"
-#endif /* THREADED_SNIFFTEST */
-                        "\n", argv[0]);
-                exit(EXIT_FAILURE);
-            }
-        }
+    /* Only let through TCP/IP packets */
+    printf("Using packet filter: %s\n", filter);
+    ret = pcap_compile(pcap, &pcap_fp, filter, 0, 0);
+    if (ret != 0) {
+        fprintf(stderr, "pcap_compile failed %s\n", pcap_geterr(pcap));
+        exit(EXIT_FAILURE);
+    }
 
-        if (!pcapFile) {
-            fprintf(stderr, "Error: -pcap option is required.\n");
-            exit(EXIT_FAILURE);
-        }
-
-#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
-        /* If we offer keylog support, then user must provide EITHER a pubkey
-         * OR a keylog file but NOT both */
-        if ((!keyFilesSrc && !sslKeyLogFile) || (keyFilesSrc && sslKeyLogFile)) {
-            fprintf(stderr, "Error: either -key OR -keylogfile option required but NOT both.\n");
-            exit(EXIT_FAILURE);
-        }
-#else
-        if (!keyFilesSrc) {
-            fprintf(stderr, "Error: -key option is required.\n");
-            exit(EXIT_FAILURE);
-        }
-#endif
-
-        saveFile = 1;
-        pcap = pcap_open_offline(pcapFile , err);
-        if (pcap == NULL) {
-            fprintf(stderr, "pcap_open_offline failed %s\n", err);
-            err_sys(err);
-        }
-        else {
-#if defined(WOLFSSL_SNIFFER_KEYLOGFILE)
-            if (sslKeyLogFile != NULL) {
-                ret = ssl_LoadSecretsFromKeyLogFile(sslKeyLogFile, err);
-                if (ret != 0) {
-                    fprintf(stderr, "ERROR=%d, unable to load secrets from keylog file\n",ret);
-                    err_sys(err);
-                }
-
-                ret = ssl_CreateKeyLogSnifferServer(server, port, err);
-                if (ret != 0) {
-                    fprintf(stderr, "ERROR=%d, unable to create keylog sniffer server\n",ret);
-                    err_sys(err);
-                }
-            }
-            else
-#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */
-            {
-                ret = load_key(NULL, server, port, keyFilesSrc, passwd, err);
-                if (ret != 0) {
-                    fprintf(stderr, "Failed to load key\n");
-                    err_sys(err);
-                }
-            }
-
-
-            /* Only let through TCP/IP packets */
-            ret = pcap_compile(pcap, &pcap_fp, "(ip6 or ip) and tcp", 0, 0);
-            if (ret != 0) {
-                fprintf(stderr, "pcap_compile failed %s\n", pcap_geterr(pcap));
-                exit(EXIT_FAILURE);
-            }
-
-            ret = pcap_setfilter(pcap, &pcap_fp);
-            if (ret != 0) {
-                fprintf(stderr, "pcap_setfilter failed %s\n", pcap_geterr(pcap));
-                exit(EXIT_FAILURE);
-            }
-
-
-        }
+    ret = pcap_setfilter(pcap, &pcap_fp);
+    if (ret != 0) {
+        fprintf(stderr, "pcap_setfilter failed %s\n", pcap_geterr(pcap));
+        exit(EXIT_FAILURE);
     }
 
     if (ret != 0)
@@ -1263,7 +1278,7 @@ int main(int argc, char** argv)
 #endif
 
     while (1) {
-        struct pcap_pkthdr header;
+        struct pcap_pkthdr *header;
         const unsigned char* packet = NULL;
         byte* data = NULL; /* pointer to decrypted data */
 #ifdef THREADED_SNIFFTEST
@@ -1290,22 +1305,28 @@ int main(int argc, char** argv)
         if (data == NULL) {
         /* grab next pcap packet */
             packetNumber++;
-            packet = pcap_next(pcap, &header);
+            if(pcap_next_ex(pcap, &header, &packet) < 0) {
+                break;
+            }
         }
 
         if (packet) {
-            if (header.caplen > 40)  { /* min ip(20) + min tcp(20) */
+            if (header->caplen > 40)  { /* min ip(20) + min tcp(20) */
                 packet        += frame;
-                header.caplen -= frame;
+                header->caplen -= frame;
             }
             else {
                 /* packet doesn't contain minimum ip/tcp header */
                 continue;
             }
+            if (pcap_datalink(pcap) == DLT_LINUX_SLL) {
+                packet += 2;
+                header->caplen -= 2;
+            }
 #ifdef THREADED_SNIFFTEST
             XMEMSET(&info, 0, sizeof(SnifferStreamInfo));
 
-            ret = ssl_DecodePacket_GetStream(&info, packet, header.caplen, err);
+            ret = ssl_DecodePacket_GetStream(&info, packet, header->caplen, err);
 
             /* calculate SnifferStreamInfo checksum */
             infoSum = 0;
@@ -1328,7 +1349,7 @@ int main(int argc, char** argv)
 
             /* add the packet to the worker's linked list */
             if (SnifferWorkerPacketAdd(&workers[threadNum], ret, (byte*)packet,
-                                   header.caplen, packetNumber)) {
+                                   header->caplen, packetNumber)) {
                 printf("Unable to add packet %d to worker", packetNumber);
                 break;
             }
@@ -1337,7 +1358,7 @@ int main(int argc, char** argv)
 #else
             /* Decode Packet, ret value will indicate whether a
              * bad packet was encountered */
-            hadBadPacket = DecodePacket((byte*)packet, header.caplen,
+            hadBadPacket = DecodePacket((byte*)packet, header->caplen,
                                         packetNumber,err);
 #endif
         }
diff --git a/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj b/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj
index 72770eba5..8d4cb32ac 100644
--- a/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj
+++ b/sslSniffer/sslSnifferTest/sslSniffTest.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}</ProjectGuid>
@@ -37,6 +45,12 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v141</PlatformToolset>
@@ -47,6 +61,11 @@
     <PlatformToolset>v141</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -56,12 +75,18 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>15.0.28307.799</_ProjectFileVersion>
@@ -78,6 +103,12 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <TargetName>snifftest</TargetName>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <TargetName>snifftest</TargetName>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -90,6 +121,12 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <TargetName>snifftest</TargetName>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <TargetName>snifftest</TargetName>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -129,6 +166,25 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../../WpdPack/Include;../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;WOLFSSL_USER_SETTINGS;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>wpcap.lib;Packet.lib;sslSniffer.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>../../../WpdPack/Lib/x64;$(SolutionDir)$(Configuration)\$(Platform)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -173,6 +229,28 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../../WpdPack/Include;../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;WOLFSSL_USER_SETTINGS;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>wpcap.lib;Packet.lib;sslSniffer.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>../../../WpdPack/Lib/x64;$(SolutionDir)$(Configuration)\$(Platform)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="snifftest.c" />
   </ItemGroup>
diff --git a/support/gen-debug-trace-error-codes.sh b/support/gen-debug-trace-error-codes.sh
index 01f32faa8..540a95273 100755
--- a/support/gen-debug-trace-error-codes.sh
+++ b/support/gen-debug-trace-error-codes.sh
@@ -12,15 +12,20 @@ BEGIN {
     print("#undef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H") >> "wolfssl/debug-untrace-error-codes.h";
 }
 {
-    if (match($0, "^[[:space:]]+([A-Z][A-Z0-9_]+)[[:space:]]*=[[:space:]]*(-[0-9]+)[,[:space:]]")) {
+    if (match($0, "^[[:space:]]+([A-Z][A-Z0-9_]+)[[:space:]]*=[[:space:]]*(-[0-9]+)([,[:space:]]|$)")) {
 
         # for mawkward compatibility -- gawk allows errcode_a as the 3rd arg to match().
         gsub("^[[:space:]]+", "", $0);
         split($0, errcode_a, "[[:space:]=,]+");
 
         if ((errcode_a[1] == "MIN_CODE_E") ||
-            (errcode_a[1] == "WC_LAST_E") ||
-            (errcode_a[1] == "MAX_CODE_E"))
+            (errcode_a[1] == "MAX_CODE_E") ||
+            (errcode_a[1] ~ "WC.*MIN_CODE_E") ||
+            (errcode_a[1] ~ "WC.*MAX_CODE_E") ||
+            (errcode_a[1] ~ "WC.*_FIRST_E") ||
+            (errcode_a[1] ~ "WC.*_LAST_E") ||
+            (errcode_a[1] ~ "WOLFSSL.*_FIRST_E") ||
+            (errcode_a[1] ~ "WOLFSSL.*_LAST_E"))
         {
             next;
         }
diff --git a/tests/api.c b/tests/api.c
index 6dc73cce8..bdf4c1bbe 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -1,6 +1,6 @@
 /* api.c API unit tests
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,12 +29,7 @@
  | Includes
  *----------------------------------------------------------------------------*/
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#include <tests/unit.h>
 
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/hash.h>
@@ -60,8 +55,8 @@
 #include <wolfssl/error-ssl.h>
 
 #include <wolfssl/test.h>
-#include <tests/unit.h>
 #include <tests/utils.h>
+#include <testsuite/utils.h>
 
 /* for testing compatibility layer callbacks */
 #include "examples/server/server.h"
@@ -180,10 +175,10 @@
     #include <wolfssl/wolfcrypt/curve448.h>
 #endif
 
-#ifdef WOLFSSL_HAVE_KYBER
-    #include <wolfssl/wolfcrypt/kyber.h>
-#ifdef WOLFSSL_WC_KYBER
-    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#ifdef WOLFSSL_HAVE_MLKEM
+    #include <wolfssl/wolfcrypt/mlkem.h>
+#ifdef WOLFSSL_WC_MLKEM
+    #include <wolfssl/wolfcrypt/wc_mlkem.h>
 #endif
 #endif
 #ifdef HAVE_DILITHIUM
@@ -225,6 +220,7 @@
     #include <wolfssl/openssl/modes.h>
     #include <wolfssl/openssl/fips_rand.h>
     #include <wolfssl/openssl/kdf.h>
+    #include <wolfssl/openssl/x509_vfy.h>
 #ifdef OPENSSL_ALL
     #include <wolfssl/openssl/txt_db.h>
     #include <wolfssl/openssl/lhash.h>
@@ -275,15 +271,6 @@
     #include "wolfssl/internal.h"
 #endif
 
-/* force enable test buffers */
-#ifndef USE_CERT_BUFFERS_2048
-    #define USE_CERT_BUFFERS_2048
-#endif
-#ifndef USE_CERT_BUFFERS_256
-    #define USE_CERT_BUFFERS_256
-#endif
-#include <wolfssl/certs_test.h>
-
 /* include misc.c here regardless of NO_INLINE, because misc.c implementations
  * have default (hidden) visibility, and in the absence of visibility, it's
  * benign to mask out the library implementation.
@@ -291,32 +278,72 @@
 #define WOLFSSL_MISC_INCLUDED
 #include <wolfcrypt/src/misc.c>
 
+#include <tests/api/api.h>
+#include <tests/api/api_decl.h>
 
+/* Gather test declarations to include them in the testCases array */
+#include <tests/api/test_md2.h>
+#include <tests/api/test_md4.h>
+#include <tests/api/test_md5.h>
+#include <tests/api/test_sha.h>
+#include <tests/api/test_sha256.h>
+#include <tests/api/test_sha512.h>
+#include <tests/api/test_sha3.h>
+#include <tests/api/test_blake2.h>
+#include <tests/api/test_sm3.h>
+#include <tests/api/test_ripemd.h>
+#include <tests/api/test_hash.h>
+#include <tests/api/test_hmac.h>
+#include <tests/api/test_cmac.h>
+#include <tests/api/test_des3.h>
+#include <tests/api/test_chacha.h>
+#include <tests/api/test_poly1305.h>
+#include <tests/api/test_chacha20_poly1305.h>
+#include <tests/api/test_camellia.h>
+#include <tests/api/test_arc4.h>
+#include <tests/api/test_rc2.h>
+#include <tests/api/test_aes.h>
+#include <tests/api/test_ascon.h>
+#include <tests/api/test_sm4.h>
+#include <tests/api/test_wc_encrypt.h>
+#include <tests/api/test_random.h>
+#include <tests/api/test_wolfmath.h>
+#include <tests/api/test_rsa.h>
+#include <tests/api/test_dsa.h>
+#include <tests/api/test_dh.h>
+#include <tests/api/test_ecc.h>
+#include <tests/api/test_sm2.h>
+#include <tests/api/test_curve25519.h>
+#include <tests/api/test_ed25519.h>
+#include <tests/api/test_curve448.h>
+#include <tests/api/test_ed448.h>
+#include <tests/api/test_mlkem.h>
+#include <tests/api/test_mldsa.h>
+#include <tests/api/test_signature.h>
+#include <tests/api/test_dtls.h>
+#include <tests/api/test_ocsp.h>
+#include <tests/api/test_evp.h>
+#include <tests/api/test_tls_ext.h>
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_RSA)        && !defined(SINGLE_THREADED) && \
     !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
     #define HAVE_IO_TESTS_DEPENDENCIES
 #endif
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && \
     !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
     !defined(WOLFSSL_TIRTOS)
     #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES
 #endif
 
 #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
-    !defined(WOLFSSL_NO_CLIENT_AUTH))
+    !defined(NO_CERTS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
     #define HAVE_CERT_CHAIN_VALIDATION
 #endif
 
-#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
-    /* FIPS build has replaced ecc.h. */
-    #define wc_ecc_key_get_priv(key) (&((key)->k))
-    #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
-#endif
-
 #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY)
     #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || defined(SESSION_CERTS)
         #ifdef OPENSSL_EXTRA
@@ -329,114 +356,6 @@
     #endif
 #endif
 
-#ifdef HAVE_ECC
-    #ifndef ECC_ASN963_MAX_BUF_SZ
-        #define ECC_ASN963_MAX_BUF_SZ 133
-    #endif
-    #ifndef ECC_PRIV_KEY_BUF
-        #define ECC_PRIV_KEY_BUF 66  /* For non user defined curves. */
-    #endif
-    /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */
-    /* logic to choose right key ECC size */
-    #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
-        #define KEY14 14
-    #else
-        #define KEY14 32
-    #endif
-    #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
-        #define KEY16 16
-    #else
-        #define KEY16 32
-    #endif
-    #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
-        #define KEY20 20
-    #else
-        #define KEY20 32
-    #endif
-    #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
-        #define KEY24 24
-    #else
-        #define KEY24 32
-    #endif
-    #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
-        #define KEY28 28
-    #else
-        #define KEY28 32
-    #endif
-    #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
-        #define KEY30 30
-    #else
-        #define KEY30 32
-    #endif
-    #define KEY32 32
-    #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
-        #define KEY40 40
-    #else
-        #define KEY40 32
-    #endif
-    #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
-        #define KEY48 48
-    #else
-        #define KEY48 32
-    #endif
-    #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
-        #define KEY64 64
-    #else
-        #define KEY64 32
-    #endif
-
-    #if !defined(HAVE_COMP_KEY)
-        #if !defined(NOCOMP)
-            #define NOCOMP 0
-        #endif
-    #else
-        #if !defined(COMP)
-            #define COMP 1
-        #endif
-    #endif
-    #if !defined(DER_SZ)
-        #define DER_SZ(ks) ((ks) * 2 + 1)
-    #endif
-#endif /* HAVE_ECC */
-
-#ifndef NO_DSA
-    #ifndef DSA_SIG_SIZE
-        #define DSA_SIG_SIZE 40
-    #endif
-    #ifndef MAX_DSA_PARAM_SIZE
-        #define MAX_DSA_PARAM_SIZE 256
-    #endif
-#endif
-
-#ifndef NO_RSA
-    #define GEN_BUF  294
-#endif
-
-#ifndef ONEK_BUF
-    #define ONEK_BUF 1024
-#endif
-#ifndef TWOK_BUF
-    #define TWOK_BUF 2048
-#endif
-#ifndef FOURK_BUF
-    #define FOURK_BUF 4096
-#endif
-
-#ifndef HEAP_HINT
-    #define HEAP_HINT NULL
-#endif
-
-
-
-
-typedef struct testVector {
-    const char* input;
-    const char* output;
-    size_t inLen;
-    size_t outLen;
-
-} testVector;
-
 #if defined(HAVE_PKCS7)
     typedef struct {
         const byte* content;
@@ -463,65 +382,6 @@ typedef struct testVector {
     #endif
 #endif /* HAVE_PKCS7 */
 
-typedef int (*ctx_cb)(WOLFSSL_CTX* ctx);
-typedef int (*ssl_cb)(WOLFSSL* ssl);
-typedef int (*test_cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
-typedef int (*hs_cb)(WOLFSSL_CTX **ctx, WOLFSSL **ssl);
-
-typedef struct test_ssl_cbf {
-    method_provider method;
-    ctx_cb ctx_ready;
-    ssl_cb ssl_ready;
-    ssl_cb on_result;
-    ctx_cb on_ctx_cleanup;
-    ssl_cb on_cleanup;
-    hs_cb  on_handshake;
-    WOLFSSL_CTX* ctx;
-    const char* caPemFile;
-    const char* certPemFile;
-    const char* keyPemFile;
-    const char* crlPemFile;
-#ifdef WOLFSSL_STATIC_MEMORY
-    byte*               mem;
-    word32              memSz;
-    wolfSSL_method_func method_ex;
-#endif
-    int devId;
-    int return_code;
-    int last_err;
-    unsigned char isSharedCtx:1;
-    unsigned char loadToSSL:1;
-    unsigned char ticNoInit:1;
-    unsigned char doUdp:1;
-} test_ssl_cbf;
-
-#define TEST_SSL_MEMIO_BUF_SZ   (64 * 1024)
-typedef struct test_ssl_memio_ctx {
-    WOLFSSL_CTX* s_ctx;
-    WOLFSSL_CTX* c_ctx;
-    WOLFSSL* s_ssl;
-    WOLFSSL* c_ssl;
-
-    const char* c_ciphers;
-    const char* s_ciphers;
-
-    char* c_msg;
-    int c_msglen;
-    char* s_msg;
-    int s_msglen;
-
-    test_ssl_cbf s_cb;
-    test_ssl_cbf c_cb;
-
-    byte c_buff[TEST_SSL_MEMIO_BUF_SZ];
-    int c_len;
-    byte s_buff[TEST_SSL_MEMIO_BUF_SZ];
-    int s_len;
-} test_ssl_memio_ctx;
-
-int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
-    test_ssl_cbf* server_cb, test_cbType client_on_handshake);
-
 #ifdef WOLFSSL_DUMP_MEMIO_STREAM
 const char* currentTestName;
 char tmpDirName[16];
@@ -532,48 +392,7 @@ int tmpDirNameSet = 0;
  | Constants
  *----------------------------------------------------------------------------*/
 
-/* Test result constants and macros. */
-
-/* Test succeeded. */
-#define TEST_SUCCESS    (1)
-/* Test failed. */
-#define TEST_FAIL       (0)
-/* Test skipped - not run. */
-#define TEST_SKIPPED    (-7777)
-
-/* Returns the result based on whether check is true.
- *
- * @param [in] check  Condition for success.
- * @return  When condition is true: TEST_SUCCESS.
- * @return  When condition is false: TEST_FAIL.
- */
-#ifdef DEBUG_WOLFSSL_VERBOSE
-#define XSTRINGIFY(s) STRINGIFY(s)
-#define STRINGIFY(s)  #s
-#define TEST_RES_CHECK(check) ({ \
-    int _ret = (check) ? TEST_SUCCESS : TEST_FAIL; \
-    if (_ret == TEST_FAIL) { \
-        fprintf(stderr, " check \"%s\" at %d ", \
-            XSTRINGIFY(check), __LINE__); \
-    } \
-    _ret; })
-#else
-#define TEST_RES_CHECK(check) \
-    ((check) ? TEST_SUCCESS : TEST_FAIL)
-#endif /* DEBUG_WOLFSSL_VERBOSE */
-
-#define TEST_STRING    "Everyone gets Friday off."
-#define TEST_STRING_SZ 25
-
-#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
-#define TEST_RSA_BITS 1024
-#else
-#define TEST_RSA_BITS 2048
-#endif
-#define TEST_RSA_BYTES (TEST_RSA_BITS/8)
-
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
     static const char* bogusFile  =
     #ifdef _WIN32
@@ -591,12 +410,11 @@ enum {
 
 #ifdef WOLFSSL_QNX_CAAM
 #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
-static int testDevId = WOLFSSL_CAAM_DEVID;
+int testDevId = WOLFSSL_CAAM_DEVID;
 #else
-static int testDevId = INVALID_DEVID;
+int testDevId = INVALID_DEVID;
 #endif
 
-
 /*----------------------------------------------------------------------------*
  | BIO with fixed read/write size
  *----------------------------------------------------------------------------*/
@@ -613,7 +431,7 @@ static int wolfssl_bio_s_fixed_mem_write(WOLFSSL_BIO* bio, const char* data,
         if (bio->wrSz - bio->wrIdx < len) {
             len = bio->wrSz - bio->wrIdx;
         }
-        XMEMCPY(bio->ptr.mem_buf_data + bio->wrIdx, data, len);
+        XMEMCPY(bio->ptr.mem_buf_data + bio->wrIdx, data, (size_t)len);
         bio->wrIdx += len;
     }
 
@@ -629,7 +447,7 @@ static int wolfssl_bio_s_fixed_mem_read(WOLFSSL_BIO* bio, char* data, int len)
         if (bio->wrSz - bio->rdIdx < len) {
             len = bio->wrSz - bio->rdIdx;
         }
-        XMEMCPY(data, bio->ptr.mem_buf_data + bio->rdIdx, len);
+        XMEMCPY(data, bio->ptr.mem_buf_data + bio->rdIdx, (size_t)len);
         bio->rdIdx += len;
     }
 
@@ -716,14 +534,14 @@ static int test_wc_LoadStaticMemory_ex(void)
 
     /* Pass in zero everything. */
     ExpectIntEQ(wc_LoadStaticMemory_ex(NULL, 0, NULL, NULL, NULL, 0, 0, 0),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Set the heap pointer to NULL. */
     ExpectIntEQ(wc_LoadStaticMemory_ex(NULL,
                 WOLFMEM_DEF_BUCKETS, sizeList, distList,
                 staticMemory, (word32)sizeof(staticMemory),
                 0, 1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Set other pointer values to NULL one at a time. */
     heap = NULL;
@@ -731,19 +549,19 @@ static int test_wc_LoadStaticMemory_ex(void)
                 WOLFMEM_DEF_BUCKETS, NULL, distList,
                 staticMemory, (word32)sizeof(staticMemory),
                 0, 1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     heap = NULL;
     ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
                 WOLFMEM_DEF_BUCKETS, sizeList, NULL,
                 staticMemory, (word32)sizeof(staticMemory),
                 0, 1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     heap = NULL;
     ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
                 WOLFMEM_DEF_BUCKETS, sizeList, distList,
                 NULL, (word32)sizeof(staticMemory),
                 0, 1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Set the size of the static buffer to 0. */
     heap = NULL;
@@ -751,7 +569,7 @@ static int test_wc_LoadStaticMemory_ex(void)
                 WOLFMEM_DEF_BUCKETS, sizeList, distList,
                 staticMemory, 0,
                 0, 1),
-            BUFFER_E);
+            WC_NO_ERR_TRACE(BUFFER_E));
 
     /* Set the size of the static buffer to one less than minimum allowed. */
     heap = NULL;
@@ -760,7 +578,7 @@ static int test_wc_LoadStaticMemory_ex(void)
                 staticMemory,
                 (word32)(sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT)) - 1,
                 0, 1),
-            BUFFER_E);
+            WC_NO_ERR_TRACE(BUFFER_E));
 
     /* Set the size of the static buffer to exactly the minimum size. */
     heap = NULL;
@@ -794,6 +612,47 @@ static int test_wc_LoadStaticMemory_ex(void)
 }
 
 
+static int test_wc_LoadStaticMemory_CTX(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_STATIC_MEMORY) && !defined(NO_WOLFSSL_CLIENT)
+    byte staticMemory[TEST_LSM_STATIC_SIZE];
+    word32 sizeList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_BUCKETS };
+    word32 distList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_DIST };
+    WOLFSSL_HEAP_HINT* heap;
+    WOLFSSL_CTX *ctx1 = NULL, *ctx2 = NULL;
+
+
+    /* Set the size of the static buffer to exactly the minimum size. */
+    heap = NULL;
+    ExpectIntEQ(wc_LoadStaticMemory_ex(&heap,
+                WOLFMEM_DEF_BUCKETS, sizeList, distList,
+                staticMemory, sizeof(staticMemory), 0, 1),
+            0);
+
+    /* Creating two WOLFSSL_CTX objects from the same heap hint and free'ing
+     * them should not cause issues. */
+    ExpectNotNull((ctx1 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap),
+        heap)));
+    wolfSSL_CTX_free(ctx1);
+    ExpectNotNull((ctx2 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap),
+        heap)));
+    wolfSSL_CTX_free(ctx2);
+
+    /* two CTX's at once */
+    ExpectNotNull((ctx1 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap),
+        heap)));
+    ExpectNotNull((ctx2 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap),
+        heap)));
+    wolfSSL_CTX_free(ctx1);
+    wolfSSL_CTX_free(ctx2);
+
+    wc_UnloadStaticMemory(heap);
+#endif /* WOLFSSL_STATIC_MEMORY */
+    return EXPECT_RESULT();
+}
+
+
 /*----------------------------------------------------------------------------*
  | Platform dependent function test
  *----------------------------------------------------------------------------*/
@@ -856,6 +715,7 @@ static int test_wolfSSL_Method_Allocators(void)
     #define TEST_INVALID_METHOD_ALLOCATOR(a) \
             TEST_METHOD_ALLOCATOR(a, ExpectNull)
 
+#ifndef NO_TLS
 #ifndef NO_OLD_TLS
     #ifdef WOLFSSL_ALLOW_SSLV3
         #ifndef NO_WOLFSSL_SERVER
@@ -958,9 +818,12 @@ static int test_wolfSSL_Method_Allocators(void)
         #ifndef WOLFSSL_NO_TLS12
             TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method);
         #endif /* !WOLFSSL_NO_TLS12 */
+        #ifdef WOLFSSL_DTLS13
+            TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_3_method);
+        #endif /* WOLFSSL_DTLS13 */
     #endif /* WOLFSSL_DTLS */
 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
-
+#endif /* !NO_TLS */
     return EXPECT_RESULT();
 }
 
@@ -1048,6 +911,12 @@ static int do_dual_alg_root_certgen(byte **out, char *caKeyFile,
     strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE);
     strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
     strncpy(newCert.subject.email, "root@wolfssl.com", CTC_NAME_SIZE);
+    strncpy((char*)newCert.beforeDate, "\x18\x0f""20250101000000Z",
+        CTC_DATE_SIZE);
+    newCert.beforeDateSz = 17;
+    strncpy((char*)newCert.afterDate, "\x18\x0f""20493112115959Z",
+        CTC_DATE_SIZE);
+    newCert.afterDateSz = 17;
     newCert.sigType = CTC_SHA256wRSA;
     newCert.isCA    = 1;
 
@@ -1061,6 +930,7 @@ static int do_dual_alg_root_certgen(byte **out, char *caKeyFile,
     XMEMSET(scratchBuf, 0, scratchSz);
     ExpectIntGT(scratchSz = wc_MakeSelfCert(&newCert, scratchBuf, scratchSz,
                 &caKey, &rng), 0);
+
     wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0);
     ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0);
 
@@ -1080,6 +950,7 @@ static int do_dual_alg_root_certgen(byte **out, char *caKeyFile,
     ExpectIntGT(outSz = wc_MakeSelfCert(&newCert, outBuf, outSz, &caKey, &rng),
                 0);
     *out = outBuf;
+
     wc_FreeRsaKey(&caKey);
     wc_FreeRng(&rng);
     wc_FreeDecodedCert(&preTBS);
@@ -1180,6 +1051,12 @@ static int do_dual_alg_server_certgen(byte **out, char *caKeyFile,
     strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE);
     strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
     strncpy(newCert.subject.email, "server@wolfssl.com", CTC_NAME_SIZE);
+    strncpy((char*)newCert.beforeDate, "\x18\x0f""20250101000000Z",
+        CTC_DATE_SIZE);
+    newCert.beforeDateSz = 17;
+    strncpy((char*)newCert.afterDate, "\x18\x0f""20493112115959Z",
+        CTC_DATE_SIZE);
+    newCert.afterDateSz = 17;
 
     newCert.sigType = CTC_SHA256wRSA;
     newCert.isCA    = 0;
@@ -1249,6 +1126,400 @@ static int do_dual_alg_tls13_connection(byte *caCert, word32 caCertSz,
     return EXPECT_RESULT();
 }
 
+/**
+ * Function to generate a root certificate with dual algorithm support and
+ * configurable criticality for extensions and path length constraints.
+ *
+ * @param out         [out] Pointer to store the generated certificate
+ * @param caKeyFile   [in]  Path to the CA key file
+ * @param sapkiFile   [in]  Path to the subject alternative public key info file
+ * @param altPrivFile [in]  Path to the alternative private key file
+ * @param setCrit     [in]  Flag to set criticality of extensions (1=critical, 0=non-critical)
+ * @param setPathLen  [in]  Flag to set path length constraint (1=set, 0=don't set)
+ * @param pathLen     [in]  Path length value (only used if setPathLen=1)
+ * @return            Size of the generated certificate or negative on error
+ */
+static int do_dual_alg_root_certgen_crit(byte **out, char *caKeyFile,
+                                      char *sapkiFile, char *altPrivFile,
+                                      int setCrit, int setPathLen, int pathLen)
+{
+    EXPECT_DECLS;
+    FILE* file = NULL;
+    Cert newCert;
+    DecodedCert preTBS;
+
+    byte caKeyBuf[LARGE_TEMP_SZ];
+    word32 caKeySz = LARGE_TEMP_SZ;
+    byte sapkiBuf[LARGE_TEMP_SZ];
+    word32 sapkiSz = LARGE_TEMP_SZ;
+    byte altPrivBuf[LARGE_TEMP_SZ];
+    word32 altPrivSz = LARGE_TEMP_SZ;
+    byte altSigAlgBuf[LARGE_TEMP_SZ];
+    word32 altSigAlgSz = LARGE_TEMP_SZ;
+    byte scratchBuf[LARGE_TEMP_SZ];
+    word32 scratchSz = LARGE_TEMP_SZ;
+    byte preTbsBuf[LARGE_TEMP_SZ];
+    word32 preTbsSz = LARGE_TEMP_SZ;
+    byte altSigValBuf[LARGE_TEMP_SZ];
+    word32 altSigValSz = LARGE_TEMP_SZ;
+    byte *outBuf = NULL;
+    word32 outSz = LARGE_TEMP_SZ;
+    WC_RNG rng;
+    RsaKey caKey;
+    ecc_key altCaKey;
+    word32 idx = 0;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(&caKey, 0, sizeof(RsaKey));
+    XMEMSET(&altCaKey, 0, sizeof(ecc_key));
+
+    ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL,
+                  DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    XMEMSET(caKeyBuf, 0, caKeySz);
+    ExpectNotNull(file = fopen(caKeyFile, "rb"));
+    ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0);
+    idx = 0;
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey, caKeySz),
+                0);
+    XMEMSET(sapkiBuf, 0, sapkiSz);
+    ExpectNotNull(file = fopen(sapkiFile, "rb"));
+    ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    XMEMSET(altPrivBuf, 0, altPrivSz);
+    ExpectNotNull(file = fopen(altPrivFile, "rb"));
+    ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    wc_ecc_init(&altCaKey);
+    idx = 0;
+    ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey,
+                                       (word32)altPrivSz), 0);
+    XMEMSET(altSigAlgBuf, 0, altSigAlgSz);
+    ExpectIntGT(altSigAlgSz = SetAlgoID(CTC_SHA256wECDSA, altSigAlgBuf,
+                                         oidSigType, 0), 0);
+    wc_InitCert(&newCert);
+    strncpy(newCert.subject.country, "US", CTC_NAME_SIZE);
+    strncpy(newCert.subject.state, "MT", CTC_NAME_SIZE);
+    strncpy(newCert.subject.locality, "Bozeman", CTC_NAME_SIZE);
+    strncpy(newCert.subject.org, "wolfSSL", CTC_NAME_SIZE);
+    strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE);
+    strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
+    strncpy(newCert.subject.email, "root@wolfssl.com", CTC_NAME_SIZE);
+    strncpy((char*)newCert.beforeDate, "\x18\x0f""20250101000000Z",
+        CTC_DATE_SIZE);
+    newCert.beforeDateSz = 17;
+    strncpy((char*)newCert.afterDate, "\x18\x0f""20493112115959Z",
+        CTC_DATE_SIZE);
+    newCert.afterDateSz = 17;
+    newCert.sigType = CTC_SHA256wRSA;
+    newCert.isCA    = 1;
+
+    /* Set criticality of basic constraint extension if requested */
+    if (setCrit) {
+        newCert.basicConstCrit = 1;
+    }
+
+    /* Set pathlen if requested */
+    if (setPathLen) {
+        newCert.pathLen = pathLen;
+        newCert.pathLenSet = 1;
+    }
+
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "1.2.3.4.5",
+                (const byte *)"This is NOT a critical extension", 32), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, setCrit, "2.5.29.72", sapkiBuf,
+                sapkiSz), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, setCrit, "2.5.29.73",
+                                      altSigAlgBuf, altSigAlgSz), 0);
+
+    XMEMSET(scratchBuf, 0, scratchSz);
+    ExpectIntGT(scratchSz = wc_MakeSelfCert(&newCert, scratchBuf, scratchSz,
+                &caKey, &rng), 0);
+
+    wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0);
+    ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0);
+
+    XMEMSET(preTbsBuf, 0, preTbsSz);
+    ExpectIntGT(preTbsSz = wc_GeneratePreTBS(&preTBS, preTbsBuf, preTbsSz), 0);
+    XMEMSET(altSigValBuf, 0, altSigValSz);
+    ExpectIntGT(altSigValSz = wc_MakeSigWithBitStr(altSigValBuf, altSigValSz,
+                CTC_SHA256wECDSA, preTbsBuf, preTbsSz, ECC_TYPE, &altCaKey,
+                &rng), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, setCrit, "2.5.29.74",
+                                      altSigValBuf, altSigValSz), 0);
+
+    /* Finally, generate the new certificate. */
+    if (outBuf != NULL) {
+        XMEMSET(outBuf, 0, outSz);
+        ExpectIntGT(outSz = wc_MakeSelfCert(&newCert, outBuf, outSz, &caKey,
+                    &rng), 0);
+        *out = outBuf;
+    }
+    else {
+        outSz = 0;
+    }
+
+    wc_FreeDecodedCert(&preTBS);
+    wc_ecc_free(&altCaKey);
+    wc_FreeRsaKey(&caKey);
+    wc_FreeRng(&rng);
+
+    return (int)outSz;
+}
+
+/**
+ * Function to generate a server certificate with dual algorithm support and
+ * configurable criticality for extensions and path length constraints.
+ *
+ * @param out           [out] Pointer to store the generated certificate
+ * @param caKeyFile     [in]  Path to the CA key file
+ * @param sapkiFile     [in]  Path to the subject alternative public key info file
+ * @param altPrivFile   [in]  Path to the alternative private key file
+ * @param serverKeyFile [in]  Path to the server key file
+ * @param caCertBuf     [in]  Buffer containing the CA certificate
+ * @param caCertSz      [in]  Size of the CA certificate buffer
+ * @param setCrit       [in]  Flag to set criticality of extensions (1=critical, 0=non-critical)
+ * @param setPathLen    [in]  Flag to set path length constraint (1=set, 0=don't set)
+ * @param pathLen       [in]  Path length value (only used if setPathLen=1)
+ * @return              Size of the generated certificate or negative on error
+ */
+static int do_dual_alg_server_certgen_crit(byte **out, char *caKeyFile,
+                                        char *sapkiFile, char *altPrivFile,
+                                        char *serverKeyFile,
+                                        byte *caCertBuf, int caCertSz,
+                                        int setCrit)
+{
+    EXPECT_DECLS;
+    FILE* file = NULL;
+    Cert newCert;
+    DecodedCert preTBS;
+
+    byte serverKeyBuf[LARGE_TEMP_SZ];
+    word32 serverKeySz = LARGE_TEMP_SZ;
+    byte caKeyBuf[LARGE_TEMP_SZ];
+    word32 caKeySz = LARGE_TEMP_SZ;
+    byte sapkiBuf[LARGE_TEMP_SZ];
+    word32 sapkiSz = LARGE_TEMP_SZ;
+    byte altPrivBuf[LARGE_TEMP_SZ];
+    word32 altPrivSz = LARGE_TEMP_SZ;
+    byte altSigAlgBuf[LARGE_TEMP_SZ];
+    word32 altSigAlgSz = LARGE_TEMP_SZ;
+    byte scratchBuf[LARGE_TEMP_SZ];
+    word32 scratchSz = LARGE_TEMP_SZ;
+    byte preTbsBuf[LARGE_TEMP_SZ];
+    word32 preTbsSz = LARGE_TEMP_SZ;
+    byte altSigValBuf[LARGE_TEMP_SZ];
+    word32 altSigValSz = LARGE_TEMP_SZ;
+    byte *outBuf = NULL;
+    word32 outSz = LARGE_TEMP_SZ;
+    WC_RNG rng;
+    RsaKey caKey;
+    RsaKey serverKey;
+    ecc_key altCaKey;
+    word32 idx = 0;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(&caKey, 0, sizeof(RsaKey));
+    XMEMSET(&serverKey, 0, sizeof(RsaKey));
+    XMEMSET(&altCaKey, 0, sizeof(ecc_key));
+
+    ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL,
+                  DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    XMEMSET(serverKeyBuf, 0, serverKeySz);
+    ExpectNotNull(file = fopen(serverKeyFile, "rb"));
+    ExpectIntGT(serverKeySz = (word32)fread(serverKeyBuf, 1, serverKeySz, file),
+                0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    ExpectIntEQ(wc_InitRsaKey_ex(&serverKey, NULL, INVALID_DEVID), 0);
+    idx = 0;
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(serverKeyBuf, &idx, &serverKey,
+                                       serverKeySz), 0);
+    XMEMSET(caKeyBuf, 0, caKeySz);
+    ExpectNotNull(file = fopen(caKeyFile, "rb"));
+    ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0);
+    idx = 0;
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey, caKeySz), 0);
+    XMEMSET(sapkiBuf, 0, sapkiSz);
+    ExpectNotNull(file = fopen(sapkiFile, "rb"));
+    ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    XMEMSET(altPrivBuf, 0, altPrivSz);
+    ExpectNotNull(file = fopen(altPrivFile, "rb"));
+    ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0);
+    if (file) {
+        fclose(file);
+        file = NULL;
+    }
+    wc_ecc_init(&altCaKey);
+    idx = 0;
+    ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey,
+                                       (word32)altPrivSz), 0);
+    XMEMSET(altSigAlgBuf, 0, altSigAlgSz);
+    ExpectIntGT(altSigAlgSz = SetAlgoID(CTC_SHA256wECDSA, altSigAlgBuf,
+                                         oidSigType, 0), 0);
+    wc_InitCert(&newCert);
+    strncpy(newCert.subject.country, "US", CTC_NAME_SIZE);
+    strncpy(newCert.subject.state, "MT", CTC_NAME_SIZE);
+    strncpy(newCert.subject.locality, "Bozeman", CTC_NAME_SIZE);
+    strncpy(newCert.subject.org, "wolfSSL", CTC_NAME_SIZE);
+    strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE);
+    strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
+    strncpy(newCert.subject.email, "server@wolfssl.com", CTC_NAME_SIZE);
+    strncpy((char*)newCert.beforeDate, "\x18\x0f""20250101000000Z",
+        CTC_DATE_SIZE);
+    newCert.beforeDateSz = 17;
+    strncpy((char*)newCert.afterDate, "\x18\x0f""20493112115959Z",
+        CTC_DATE_SIZE);
+    newCert.afterDateSz = 17;
+
+    newCert.sigType = CTC_SHA256wRSA;
+    newCert.isCA    = 0;
+    ExpectIntEQ(wc_SetIssuerBuffer(&newCert, caCertBuf, caCertSz), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, setCrit, "2.5.29.72", sapkiBuf,
+                                      sapkiSz), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, setCrit, "2.5.29.73",
+                                      altSigAlgBuf, altSigAlgSz), 0);
+    XMEMSET(scratchBuf, 0, scratchSz);
+    ExpectIntGT(wc_MakeCert(&newCert, scratchBuf, scratchSz, &serverKey, NULL,
+                &rng), 0);
+    ExpectIntGT(scratchSz = wc_SignCert(newCert.bodySz, newCert.sigType,
+                scratchBuf, scratchSz, &caKey, NULL, &rng), 0);
+    wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0);
+    ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0);
+    XMEMSET(preTbsBuf, 0, preTbsSz);
+    ExpectIntGT(preTbsSz = wc_GeneratePreTBS(&preTBS, preTbsBuf, preTbsSz), 0);
+    XMEMSET(altSigValBuf, 0, altSigValSz);
+    ExpectIntGT(altSigValSz = wc_MakeSigWithBitStr(altSigValBuf, altSigValSz,
+                CTC_SHA256wECDSA, preTbsBuf, preTbsSz, ECC_TYPE, &altCaKey,
+                &rng), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&newCert, setCrit, "2.5.29.74",
+                                      altSigValBuf, altSigValSz), 0);
+
+    /* Finally, generate the new certificate. */
+    if (outBuf != NULL) {
+        XMEMSET(outBuf, 0, outSz);
+        ExpectIntGT(outSz = wc_SignCert(newCert.bodySz, newCert.sigType, scratchBuf,
+                    outSz, &caKey, NULL, &rng), 0);
+        *out = outBuf;
+    }
+    else {
+        outSz = 0;
+    }
+
+    wc_FreeDecodedCert(&preTBS);
+    wc_ecc_free(&altCaKey);
+    wc_FreeRsaKey(&serverKey);
+    wc_FreeRsaKey(&caKey);
+    wc_FreeRng(&rng);
+
+    return (int)outSz;
+}
+
+/**
+ * Test dual-alg ECDSA + ML-DSA with critical extensions and path length
+ * constraints:
+ *  - keygen + certgen
+ *
+ * TLS tests not designed to pass with these extensions marked critical. No
+ * TLS connection.
+ * */
+static int test_dual_alg_crit_ext_support(void)
+{
+    EXPECT_DECLS;
+    /* Root CA and server keys will be the same. This is only appropriate for
+     * testing. */
+    char keyFile[] = "./certs/ca-key.der";
+    char sapkiFile[] = "./certs/ecc-keyPub.der";
+    char altPrivFile[] = "./certs/ecc-key.der";
+    byte *serverKey = NULL;
+    size_t serverKeySz = 0;
+    byte *root = NULL;
+    int rootSz = 0;
+    byte *server = NULL;
+    int serverSz = 0;
+
+    ExpectIntEQ(load_file(keyFile, &serverKey, &serverKeySz), 0);
+
+    /* Test with critical extensions and pathlen set to 1 */
+    if (EXPECT_SUCCESS()) {
+        rootSz = do_dual_alg_root_certgen_crit(&root, keyFile, sapkiFile,
+            altPrivFile, 1, 1, 1);
+    }
+    ExpectNotNull(root);
+    ExpectIntGT(rootSz, 0);
+    if (EXPECT_SUCCESS()) {
+        serverSz = do_dual_alg_server_certgen_crit(&server, keyFile, sapkiFile,
+            altPrivFile, keyFile, root, rootSz, 1);
+    }
+    ExpectNotNull(server);
+    ExpectIntGT(serverSz, 0);
+    XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    root = NULL;
+    XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    server = NULL;
+
+    /* Test with critical extensions and pathlen set to 0 */
+    if (EXPECT_SUCCESS()) {
+        rootSz = do_dual_alg_root_certgen_crit(&root, keyFile, sapkiFile,
+            altPrivFile, 1, 1, 0);
+    }
+    ExpectNotNull(root);
+    ExpectIntGT(rootSz, 0);
+    if (EXPECT_SUCCESS()) {
+        serverSz = do_dual_alg_server_certgen_crit(&server, keyFile, sapkiFile,
+            altPrivFile, keyFile, root, rootSz, 1);
+    }
+    ExpectNotNull(server);
+    ExpectIntGT(serverSz, 0);
+    XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    root = NULL;
+    XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    server = NULL;
+
+    /* Test with critical alt extensions and no pathlen set */
+    if (EXPECT_SUCCESS()) {
+        rootSz = do_dual_alg_root_certgen_crit(&root, keyFile, sapkiFile,
+            altPrivFile, 1, 0, 0);
+    }
+    ExpectNotNull(root);
+    ExpectIntGT(rootSz, 0);
+    if (EXPECT_SUCCESS()) {
+        serverSz = do_dual_alg_server_certgen_crit(&server, keyFile, sapkiFile,
+            altPrivFile, keyFile, root, rootSz, 0);
+    }
+    ExpectNotNull(server);
+    ExpectIntGT(serverSz, 0);
+    XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    free(serverKey);
+
+    return EXPECT_RESULT();
+}
+
 static int test_dual_alg_support(void)
 {
     EXPECT_DECLS;
@@ -1328,21 +1599,176 @@ static int test_dual_alg_support(void)
 {
     return TEST_SKIPPED;
 }
+
+static int test_dual_alg_crit_ext_support(void)
+{
+    return TEST_SKIPPED;
+}
+
 #endif /* WOLFSSL_DUAL_ALG_CERTS && !NO_FILESYSTEM */
 
+/**
+ * Test dual-alg ECDSA + ML-DSA:
+ *  - keygen + certgen + cert manager load
+ * */
+static int test_dual_alg_ecdsa_mldsa(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_DUAL_ALG_CERTS) && defined(HAVE_DILITHIUM) && \
+    defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
+    defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_SMALL_STACK)
+    WOLFSSL_CERT_MANAGER * cm = NULL;
+    MlDsaKey    alt_ca_key;
+    ecc_key     ca_key;
+    WC_RNG      rng;
+    int         ret = 0;
+    DecodedCert d_cert;
+    Cert        new_cert;
+    /* various tmp buffs.  */
+    byte        alt_pub_der[LARGE_TEMP_SZ];
+    word32      alt_pub_sz = LARGE_TEMP_SZ;
+    byte        alt_sig_alg[LARGE_TEMP_SZ];
+    word32      alt_sig_alg_sz = LARGE_TEMP_SZ;
+    byte        tbs_der[LARGE_TEMP_SZ];
+    word32      tbs_der_sz = LARGE_TEMP_SZ;
+    byte        alt_sig[LARGE_TEMP_SZ];
+    word32      alt_sig_sz = LARGE_TEMP_SZ;
+    /* Intermediate der. */
+    byte        der[LARGE_TEMP_SZ];
+    word32      der_sz = LARGE_TEMP_SZ;
+    /* The final der will be large because of ML-DSA signature. */
+    byte        final_der[2 * LARGE_TEMP_SZ];
+    word32      final_der_sz = 2 * LARGE_TEMP_SZ;
+
+    XMEMSET(alt_pub_der, 0, alt_pub_sz);
+    XMEMSET(alt_sig_alg, 0, alt_sig_alg_sz);
+    XMEMSET(tbs_der, 0, tbs_der_sz);
+    XMEMSET(alt_sig, 0, alt_sig_sz);
+    XMEMSET(der, 0, der_sz);
+    XMEMSET(final_der, 0, final_der_sz);
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    /**
+     * ML-DSA key gen.
+     * */
+    ret = wc_MlDsaKey_Init(&alt_ca_key, NULL, INVALID_DEVID);
+    ExpectIntEQ(ret, 0);
+    ret = wc_MlDsaKey_SetParams(&alt_ca_key, WC_ML_DSA_44);
+    ExpectIntEQ(ret, 0);
+    ret = wc_MlDsaKey_MakeKey(&alt_ca_key, &rng);
+    ExpectIntEQ(ret, 0);
+    alt_pub_sz = wc_MlDsaKey_PublicKeyToDer(&alt_ca_key, alt_pub_der,
+                                            alt_pub_sz, 1);
+    ExpectIntGT(alt_pub_sz, 0);
+
+    alt_sig_alg_sz = SetAlgoID(CTC_SHA256wECDSA, alt_sig_alg, oidSigType, 0);
+    ExpectIntGT(alt_sig_alg_sz, 0);
+
+    /**
+     * ECC key gen.
+     * */
+    ret = wc_ecc_init(&ca_key);
+    ExpectIntEQ(ret, 0);
+    ret = wc_ecc_make_key(&rng, KEY32, &ca_key);
+    ExpectIntEQ(ret, 0);
+
+    /**
+     * Cert gen.
+     * */
+    wc_InitCert(&new_cert);
+    strncpy(new_cert.subject.country, "US", CTC_NAME_SIZE);
+    strncpy(new_cert.subject.state, "MT", CTC_NAME_SIZE);
+    strncpy(new_cert.subject.locality, "Bozeman", CTC_NAME_SIZE);
+    strncpy(new_cert.subject.org, "wolfSSL", CTC_NAME_SIZE);
+    strncpy(new_cert.subject.unit, "Engineering", CTC_NAME_SIZE);
+    strncpy(new_cert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
+    strncpy(new_cert.subject.email, "root@wolfssl.com", CTC_NAME_SIZE);
+    new_cert.sigType = CTC_SHA256wECDSA;
+    new_cert.isCA    = 1;
+
+    ret = wc_SetCustomExtension(&new_cert, 0, "1.2.3.4.5",
+                         (const byte *)"This is NOT a critical extension", 32);
+    ExpectIntEQ(ret, 0);
+
+    ExpectIntEQ(wc_SetCustomExtension(&new_cert, 0, "2.5.29.72", alt_pub_der,
+                alt_pub_sz), 0);
+    ExpectIntEQ(wc_SetCustomExtension(&new_cert, 0, "2.5.29.73", alt_sig_alg,
+                alt_sig_alg_sz), 0);
+
+    ret = wc_MakeCert_ex(&new_cert, der, der_sz, ECC_TYPE, &ca_key, &rng);
+    ExpectIntGT(ret, 0);
+
+    der_sz = wc_SignCert_ex(new_cert.bodySz, new_cert.sigType, der, der_sz,
+                            ECC_TYPE, &ca_key, &rng);
+    ExpectIntGT(der_sz, 0);
+
+    wc_InitDecodedCert(&d_cert, der, der_sz, 0);
+    ret = wc_ParseCert(&d_cert, CERT_TYPE, NO_VERIFY, NULL);
+    ExpectIntEQ(ret, 0);
+
+    tbs_der_sz = wc_GeneratePreTBS(&d_cert, tbs_der, tbs_der_sz);
+    ExpectIntGT(tbs_der_sz, 0);
+
+    alt_sig_sz = wc_MakeSigWithBitStr(alt_sig, alt_sig_sz,
+                                      CTC_ML_DSA_LEVEL2, tbs_der, tbs_der_sz,
+                                      ML_DSA_LEVEL2_TYPE, &alt_ca_key, &rng);
+    ExpectIntGT(alt_sig_sz, 0);
+
+    ret = wc_SetCustomExtension(&new_cert, 0, "2.5.29.74", alt_sig, alt_sig_sz);
+    ExpectIntEQ(ret, 0);
+
+    /* Finally generate the new certificate. */
+    ret = wc_MakeCert_ex(&new_cert, final_der, final_der_sz, ECC_TYPE, &ca_key,
+                         &rng);
+    ExpectIntGT(ret, 0);
+
+    final_der_sz = wc_SignCert_ex(new_cert.bodySz, new_cert.sigType, final_der,
+                                  final_der_sz, ECC_TYPE, &ca_key, &rng);
+    ExpectIntGT(final_der_sz, 0);
+
+    cm = wolfSSL_CertManagerNew();
+    ExpectNotNull(cm);
+
+    /* Load the certificate into CertManager. */
+    if (cm != NULL && final_der_sz > 0) {
+        ret = wolfSSL_CertManagerLoadCABuffer(cm, final_der, final_der_sz,
+                                              WOLFSSL_FILETYPE_ASN1);
+        ExpectIntEQ(ret, WOLFSSL_SUCCESS);
+    }
+
+    if (cm != NULL) {
+        wolfSSL_CertManagerFree(cm);
+        cm = NULL;
+    }
+
+    wc_FreeDecodedCert(&d_cert);
+    wc_ecc_free(&ca_key);
+    wc_MlDsaKey_Free(&alt_ca_key);
+    wc_FreeRng(&rng);
+
+#endif /* WOLFSSL_DUAL_ALG_CERTS && DILITHIUM and more */
+    return EXPECT_RESULT();
+}
+
+
 /*----------------------------------------------------------------------------*
  | Context
  *----------------------------------------------------------------------------*/
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
 static int test_wolfSSL_CTX_new(void)
 {
     EXPECT_DECLS;
     WOLFSSL_CTX *ctx;
-    WOLFSSL_METHOD* method;
+    WOLFSSL_METHOD* method = NULL;
 
     ExpectNull(ctx = wolfSSL_CTX_new(NULL));
     ExpectNotNull(method = wolfSSLv23_server_method());
-    ExpectNotNull(ctx = wolfSSL_CTX_new(method));
+    if (method != NULL)
+        ExpectNotNull(ctx = wolfSSL_CTX_new(method));
 
     wolfSSL_CTX_free(ctx);
 
@@ -1351,6 +1777,7 @@ static int test_wolfSSL_CTX_new(void)
 #endif
 
 #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+    !defined(NO_TLS) && \
     (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM)
 static int test_for_double_Free(void)
 {
@@ -1512,7 +1939,8 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void)
     EXPECT_DECLS;
 #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
-    (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM)
+    (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_TLS)
     const char* testCertFile;
     const char* testKeyFile;
     WOLFSSL_CTX* ctx = NULL;
@@ -1712,7 +2140,8 @@ static int test_wolfSSL_CTX_use_certificate(void)
     defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \
     defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \
     defined(WOLFSSL_HAPROXY)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx = NULL;
     X509* x509 = NULL;
 
@@ -1733,7 +2162,7 @@ static int test_wolfSSL_CTX_use_certificate(void)
 
     wolfSSL_X509_free(x509);
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
+#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */
 #endif
     return EXPECT_RESULT();
 }
@@ -1741,7 +2170,8 @@ static int test_wolfSSL_CTX_use_certificate(void)
 static int test_wolfSSL_CTX_use_certificate_file(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_SERVER)
     WOLFSSL_CTX *ctx = NULL;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
@@ -1775,20 +2205,21 @@ static int test_wolfSSL_CTX_use_certificate_file(void)
 static int test_wolfSSL_CTX_use_certificate_ASN1(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN)
+#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN) && \
+    !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
     /* Failure cases. */
     ExpectIntEQ(SSL_CTX_use_certificate_ASN1(NULL, 0, NULL                ),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx , 0, NULL                ),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_CTX_use_certificate_ASN1(NULL, 0, server_cert_der_2048),
-       WOLFSSL_FAILURE);
+       WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx , 0, server_cert_der_2048),
-       WOLFSSL_FAILURE);
+       WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048,
         server_cert_der_2048), WOLFSSL_SUCCESS);
@@ -1807,21 +2238,21 @@ static int test_wolfSSL_CTX_use_certificate_ASN1(void)
 static int test_wolfSSL_CTX_use_certificate_buffer(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \
-        !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_WOLFSSL_SERVER) && \
+    defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
     WOLFSSL_CTX* ctx = NULL;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
     /* Invalid parameters. */
     ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(NULL, NULL, 0,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, NULL, 0,
-        WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
     ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(NULL, server_cert_der_2048,
-        0, WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, 0,
-        WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
 
     ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx,
         server_cert_der_2048, sizeof_server_cert_der_2048,
@@ -1836,8 +2267,8 @@ static int test_wolfSSL_CTX_use_certificate_buffer(void)
 static int test_wolfSSL_use_certificate_buffer(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \
-        !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) && \
+    defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL*     ssl = NULL;
 
@@ -1846,13 +2277,13 @@ static int test_wolfSSL_use_certificate_buffer(void)
 
     /* Invalid parameters. */
     ExpectIntEQ(wolfSSL_use_certificate_buffer(NULL, NULL, 0,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, NULL, 0,
-        WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
     ExpectIntEQ(wolfSSL_use_certificate_buffer(NULL, client_cert_der_2048, 0,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048, 0,
-        WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
 
     ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl,
         client_cert_der_2048, sizeof_client_cert_der_2048,
@@ -1867,7 +2298,8 @@ static int test_wolfSSL_use_certificate_buffer(void)
 static int test_wolfSSL_CTX_use_PrivateKey_file(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_SERVER)
     WOLFSSL_CTX *ctx = NULL;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
@@ -1881,6 +2313,10 @@ static int test_wolfSSL_CTX_use_PrivateKey_file(void)
     /* invalid key type */
     ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999));
 
+    /* invalid key format */
+    ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, "./certs/dh-priv-2048.pem",
+                                                         WOLFSSL_FILETYPE_PEM));
+
     /* success */
 #ifdef NO_RSA
     /* rsa needed */
@@ -1900,7 +2336,7 @@ static int test_wolfSSL_CTX_use_PrivateKey_file(void)
 static int test_wolfSSL_CTX_use_RSAPrivateKey_file(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA)
     WOLFSSL_CTX *ctx = NULL;
 
@@ -1908,19 +2344,19 @@ static int test_wolfSSL_CTX_use_RSAPrivateKey_file(void)
 
     /* invalid context */
     ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(NULL, svrKeyFile,
-        WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* invalid key file */
     ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, bogusFile,
-        WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* invalid key type */
     ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile, 9999),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* success */
 #ifdef NO_RSA
     /* rsa needed */
     ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile,
-        WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #else
     /* success */
     ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile,
@@ -1935,7 +2371,7 @@ static int test_wolfSSL_CTX_use_RSAPrivateKey_file(void)
 static int test_wolfSSL_use_RSAPrivateKey_file(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_WOLFSSL_CLIENT) && defined(OPENSSL_EXTRA)
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL*     ssl = NULL;
@@ -1945,19 +2381,19 @@ static int test_wolfSSL_use_RSAPrivateKey_file(void)
 
     /* invalid context */
     ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(NULL, svrKeyFile,
-        WOLFSSL_FILETYPE_PEM), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* invalid key file */
     ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, bogusFile,
-        WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* invalid key type */
     ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile, 9999),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* success */
 #ifdef NO_RSA
     /* rsa needed */
     ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile,
-        WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #else
     /* success */
     ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile,
@@ -1973,7 +2409,7 @@ static int test_wolfSSL_use_RSAPrivateKey_file(void)
 static int test_wolfSSL_CTX_use_PrivateKey(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL_EVP_PKEY* pkey = NULL;
@@ -1984,11 +2420,11 @@ static int test_wolfSSL_CTX_use_PrivateKey(void)
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
-    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* No data. */
-    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     wolfSSL_EVP_PKEY_free(pkey);
     pkey = NULL;
 
@@ -2000,7 +2436,7 @@ static int test_wolfSSL_CTX_use_PrivateKey(void)
 #if defined(WOLFSSL_KEY_GEN)
     ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     wolfSSL_EVP_PKEY_free(pkey);
     pkey = NULL;
@@ -2013,9 +2449,9 @@ static int test_wolfSSL_CTX_use_PrivateKey(void)
 #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
     defined(WOLFSSL_CERT_GEN))
     /* Not supported in ProcessBuffer. */
-    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_BAD_FILE);
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
 #else
-    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     wolfSSL_EVP_PKEY_free(pkey);
     pkey = NULL;
@@ -2027,7 +2463,7 @@ static int test_wolfSSL_CTX_use_PrivateKey(void)
     ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &p,
         sizeof_dh_ffdhe_statickey_der_2048));
     /* Not supported. */
-    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     wolfSSL_EVP_PKEY_free(pkey);
     pkey = NULL;
 #endif
@@ -2042,7 +2478,7 @@ static int test_wolfSSL_CTX_use_PrivateKey(void)
 #endif
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
         (unsigned char*)"01234567012345670123456701234567", 32));
-    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     wolfSSL_EVP_PKEY_free(pkey);
     pkey = NULL;
 
@@ -2056,7 +2492,7 @@ static int test_wolfSSL_CTX_trust_peer_cert(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \
-    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
+    !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL* ssl = NULL;
 
@@ -2129,7 +2565,8 @@ static int test_wolfSSL_CTX_trust_peer_cert(void)
 static int test_wolfSSL_CTX_load_verify_locations(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX *ctx = NULL;
 #ifndef NO_RSA
     WOLFSSL_CERT_MANAGER* cm = NULL;
@@ -2155,13 +2592,14 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
 
     /* invalid arguments */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* invalid ca file */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL),
-        WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE));
+        WS_RETURN_CODE(WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE),
+                       WC_NO_ERR_TRACE(WOLFSSL_FAILURE)));
 
 
 #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \
@@ -2169,7 +2607,7 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
   !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR))
     /* invalid path */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile),
-        WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE));
+        WS_RETURN_CODE(WC_NO_ERR_TRACE(BAD_PATH_ERROR),WC_NO_ERR_TRACE(WOLFSSL_FAILURE)));
 #endif
 #if defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH)
     /* test ignoring the invalid path */
@@ -2180,7 +2618,7 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
     /* load ca cert */
 #ifdef NO_RSA
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
-        WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE));
+        WS_RETURN_CODE(WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E),WC_NO_ERR_TRACE(WOLFSSL_FAILURE)));
 #else /* Skip the following test without RSA certs. */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
         WOLFSSL_SUCCESS);
@@ -2189,51 +2627,51 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
     /* Get cert cache size */
     ExpectIntGT(cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx), 0);
 
-    ExpectNotNull(cache = (byte*)XMALLOC(cacheSz, NULL,
+    ExpectNotNull(cache = (byte*)XMALLOC((size_t)cacheSz, NULL,
                             DYNAMIC_TYPE_TMP_BUFFER));
 
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, -1, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, NULL, -1, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, cache, -1, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, cacheSz, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, -1, &used),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, cache, cacheSz, &used),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, NULL, cacheSz, &used),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, -1, &used),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz - 10, &used),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz, &used), 1);
     ExpectIntEQ(cacheSz, used);
 
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, NULL, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, NULL, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, cache, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, NULL, cacheSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, cache, cacheSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, NULL, cacheSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Smaller than header. */
-    ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, 1), BUFFER_E);
+    ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, 1), WC_NO_ERR_TRACE(BUFFER_E));
     for (i = 1; i < cacheSz; i++) {
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz - i),
-            BUFFER_E);
+            WC_NO_ERR_TRACE(BUFFER_E));
     }
     if (EXPECT_SUCCESS()) {
         /* Modify header for bad results! */
@@ -2241,22 +2679,22 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
         /* version */
         t = p[0]; p[0] = 0xff;
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
-            CACHE_MATCH_ERROR);
+            WC_NO_ERR_TRACE(CACHE_MATCH_ERROR));
         p[0] = t; p++;
         /* rows */
         t = p[0]; p[0] = 0xff;
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
-            CACHE_MATCH_ERROR);
+            WC_NO_ERR_TRACE(CACHE_MATCH_ERROR));
         p[0] = t; p++;
         /* columns[0] */
         t = p[0]; p[0] = -1;
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
-            PARSE_ERROR);
+            WC_NO_ERR_TRACE(PARSE_ERROR));
         p[0] = t; p += CA_TABLE_SIZE;
         /* signerSz*/
         t = p[0]; p[0] = 0xff;
         ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
-            CACHE_MATCH_ERROR);
+            WC_NO_ERR_TRACE(CACHE_MATCH_ERROR));
         p[0] = t;
     }
 
@@ -2264,20 +2702,20 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
     ExpectIntEQ(cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx), used);
 
 #ifndef NO_FILESYSTEM
-    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, cacheFile), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, cacheFile), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, cacheFile), 1);
 
-    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, cacheFile), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, cacheFile), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, "no-file"),
-        WOLFSSL_BAD_FILE);
+        WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
     ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, cacheFile), 1);
     /* File contents is not a cache. */
     ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, "./certs/ca-cert.pem"),
-        CACHE_MATCH_ERROR);
+        WC_NO_ERR_TRACE(CACHE_MATCH_ERROR));
 #endif
 
     XFREE(cache, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2319,7 +2757,8 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
 
     /* Test loading path with no files */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL,
-        load_no_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE);
+        load_no_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Test loading expired CA certificates */
     #ifdef NO_RSA
@@ -2337,7 +2776,7 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
     /* Test loading CA certificates and ignoring all errors */
     #ifdef NO_RSA
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
-        WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE);
+        WOLFSSL_LOAD_FLAG_IGNORE_ERR), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     #else
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
         WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS);
@@ -2354,7 +2793,7 @@ static int test_wolfSSL_CTX_load_system_CA_certs(void)
 {
     int res = TEST_SKIPPED;
 #if defined(WOLFSSL_SYS_CA_CERTS) && !defined(NO_WOLFSSL_CLIENT) && \
-    (!defined(NO_RSA) || defined(HAVE_ECC))
+    !defined(NO_TLS) && (!defined(NO_RSA) || defined(HAVE_ECC))
     WOLFSSL_CTX* ctx;
     byte dirValid = 0;
     int ret = 0;
@@ -2365,7 +2804,8 @@ static int test_wolfSSL_CTX_load_system_CA_certs(void)
         ret = -1;
     }
     if (ret == 0) {
-    #if defined(USE_WINDOWS_API) || defined(__APPLE__)
+    #if defined(USE_WINDOWS_API) || defined(__APPLE__) || \
+        defined(NO_WOLFSSL_DIR)
         dirValid = 1;
     #else
         word32 numDirs;
@@ -2416,7 +2856,7 @@ static int test_wolfSSL_CTX_load_system_CA_certs(void)
     return res;
 }
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS)
 static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz,
     int file_type)
 {
@@ -2429,7 +2869,7 @@ static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz,
         return -1;
     }
 
-    ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type);
+    ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, (sword32)cert_sz, file_type);
 
     wolfSSL_CertManagerFree(cm);
 
@@ -2468,7 +2908,8 @@ static int test_cm_load_ca_file(const char* ca_cert_file)
     #if defined(WOLFSSL_PEM_TO_DER)
         if (ret == WOLFSSL_SUCCESS) {
             /* test loading DER */
-            ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
+            ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer,
+                    NULL, NULL, NULL);
             if (ret == 0 && pDer != NULL) {
                 ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length,
                     WOLFSSL_FILETYPE_ASN1);
@@ -2496,7 +2937,7 @@ static int test_cm_load_ca_buffer_ex(const byte* cert_buf, size_t cert_sz,
         return -1;
     }
 
-    ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, cert_sz, file_type,
+    ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, (sword32)cert_sz, file_type,
                                              0, flags);
 
     wolfSSL_CertManagerFree(cm);
@@ -2537,7 +2978,8 @@ static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags)
     #if defined(WOLFSSL_PEM_TO_DER)
         if (ret == WOLFSSL_SUCCESS) {
             /* test loading DER */
-            ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
+            ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer,
+                              NULL, NULL, NULL);
             if (ret == 0 && pDer != NULL) {
                 ret = test_cm_load_ca_buffer_ex(pDer->buffer, pDer->length,
                     WOLFSSL_FILETYPE_ASN1, flags);
@@ -2566,31 +3008,31 @@ static int test_wolfSSL_CertManagerAPI(void)
 
     wolfSSL_CertManagerFree(NULL);
     ExpectIntEQ(wolfSSL_CertManager_up_ref(NULL), 0);
-    ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_TRUST_PEER_CERT
-    ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer_ex(NULL, &c, 1,
-        WOLFSSL_FILETYPE_ASN1, 0, 0), WOLFSSL_FATAL_ERROR);
+        WOLFSSL_FILETYPE_ASN1, 0, 0), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, 1, -1),
-        WOLFSSL_BAD_FILETYPE);
+        WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE));
 #endif
 
 #if !defined(NO_FILESYSTEM)
@@ -2603,37 +3045,37 @@ static int test_wolfSSL_CertManagerAPI(void)
 
     #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
         ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, NULL, -1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, NULL, WOLFSSL_FILETYPE_ASN1),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, ca_cert,
-            WOLFSSL_FILETYPE_PEM), BAD_FUNC_ARG);
+            WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert, -1),
-            WOLFSSL_BAD_FILETYPE);
+            WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, "no-file",
-            WOLFSSL_FILETYPE_ASN1), WOLFSSL_BAD_FILE);
+            WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert_der,
-            WOLFSSL_FILETYPE_PEM), ASN_NO_PEM_HEADER);
+            WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
     #endif
 
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, NULL),
-            WOLFSSL_FATAL_ERROR);
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, NULL),
-            WOLFSSL_FATAL_ERROR);
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, ca_path),
-            WOLFSSL_FATAL_ERROR);
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, ca_path),
-            WOLFSSL_FATAL_ERROR);
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     }
 #endif
 
 #ifdef OPENSSL_COMPATIBLE_DEFAULTS
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), 1);
 #elif !defined(HAVE_CRL)
-    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), NOT_COMPILED_IN);
+    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 
-    ExpectIntEQ(wolfSSL_CertManagerDisableCRL(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerDisableCRL(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerDisableCRL(cm), 1);
 #ifdef HAVE_CRL
     /* Test APIs when CRL is disabled. */
@@ -2646,43 +3088,43 @@ static int test_wolfSSL_CertManagerAPI(void)
 #endif
 
     /* OCSP */
-    ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #if !defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
     !defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), NOT_COMPILED_IN);
-    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), NOT_COMPILED_IN);
-    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), NOT_COMPILED_IN);
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+    ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 
 #ifdef HAVE_OCSP
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, -1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, -1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, -1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, -1), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, NULL, 0,
-        NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, NULL, 1,
-        NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, &c, 1,
-        NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
+        NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, ""),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, NULL), 1);
 
     ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(NULL, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(cm, NULL, NULL, NULL), 1);
 
     ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(cm), 1);
@@ -2730,28 +3172,28 @@ static int test_wolfSSL_CertManagerAPI(void)
 static int test_wolfSSL_CertManagerLoadCABuffer(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS)
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
     int ret;
 
     ExpectIntLE(ret = test_cm_load_ca_file(ca_cert), 1);
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_RSA)
-    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E));
 #else
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
 
     ExpectIntLE(ret = test_cm_load_ca_file(ca_expired_cert), 1);
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_RSA)
-    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E));
 #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
       !defined(NO_ASN_TIME)
-    ExpectIntEQ(ret, ASN_AFTER_DATE_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_AFTER_DATE_E));
 #else
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
@@ -2762,7 +3204,7 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
 static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS)
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
     int ret;
@@ -2770,9 +3212,9 @@ static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
     ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_cert, WOLFSSL_LOAD_FLAG_NONE),
         1);
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_RSA)
-    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E));
 #else
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
@@ -2780,13 +3222,13 @@ static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
     ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_expired_cert,
         WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), 1);
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_RSA)
-    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E));
 #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
       !defined(NO_ASN_TIME) && defined(WOLFSSL_TRUST_PEER_CERT) && \
       defined(OPENSSL_COMPATIBLE_DEFAULTS)
-    ExpectIntEQ(ret, ASN_AFTER_DATE_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_AFTER_DATE_E));
 #else
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
@@ -2832,10 +3274,10 @@ static int test_wolfSSL_CertManagerGetCerts(void)
     /* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT
      * and full OpenSSL compatibility */
     ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-        WOLFSSL_FILETYPE_ASN1), ASN_SELF_SIGNED_E);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E));
 #else
     ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-        WOLFSSL_FILETYPE_ASN1), ASN_NO_SIGNER_E);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
 #endif
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
@@ -2869,7 +3311,7 @@ static int test_wolfSSL_CertManagerGetCerts(void)
 static int test_wolfSSL_CertManagerSetVerify(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
     WOLFSSL_CERT_MANAGER* cm = NULL;
@@ -2903,7 +3345,7 @@ static int test_wolfSSL_CertManagerSetVerify(void)
         myVerifyAction = VERIFY_FORCE_FAIL;
 
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, verifyCert,
-            WOLFSSL_FILETYPE_ASN1), VERIFY_CERT_ERROR);
+            WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(VERIFY_CERT_ERROR));
     }
 #endif
 
@@ -2979,7 +3421,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void)
                 WOLFSSL_FILETYPE_ASN1));
     ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
     if (EXPECT_SUCCESS() && (der != NULL)) {
-        XMEMCPY(der, pt, derSz);
+        XMEMCPY(der, pt, (size_t)derSz);
 
         /* find the name constraint extension and alter it */
         pt = der;
@@ -3008,7 +3450,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void)
 
     ExpectNotNull(cm = wolfSSL_CertManagerNew());
     ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
     wolfSSL_CertManagerFree(cm);
 
     XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3086,7 +3528,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 
     wolfSSL_CertManagerFree(cm);
     wolfSSL_X509_free(x509);
@@ -3164,6 +3606,15 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
+    /* Test no name case. */
+    ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, NULL, 0, ASN_DIR_TYPE),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_altname(x509, "", ASN_DIR_TYPE),
+        WOLFSSL_SUCCESS);
+    /* IP not supported. */
+    ExpectIntEQ(wolfSSL_X509_add_altname(x509, "127.0.0.1", ASN_IP_TYPE),
+        WOLFSSL_FAILURE);
+
     /* add in matching DIR alt name and resign */
     wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
@@ -3196,7 +3647,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 #ifndef WOLFSSL_NO_ASN_STRICT
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 #else
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -3222,7 +3673,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 #ifndef WOLFSSL_NO_ASN_STRICT
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 #else
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -3247,7 +3698,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 #ifndef WOLFSSL_NO_ASN_STRICT
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 #else
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -3282,7 +3733,7 @@ static int test_wolfSSL_CertManagerNameConstraint2(void)
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 #ifndef WOLFSSL_NO_ASN_STRICT
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 #else
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -3411,7 +3862,7 @@ static int test_wolfSSL_CertManagerNameConstraint3(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 
     wolfSSL_CertManagerFree(cm);
     wolfSSL_X509_free(x509);
@@ -3559,7 +4010,7 @@ static int test_wolfSSL_CertManagerNameConstraint4(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -3584,7 +4035,7 @@ static int test_wolfSSL_CertManagerNameConstraint4(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
 
     wolfSSL_CertManagerFree(cm);
     wolfSSL_X509_free(x509);
@@ -3678,7 +4129,7 @@ static int test_wolfSSL_CertManagerNameConstraint5(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -3704,7 +4155,7 @@ static int test_wolfSSL_CertManagerNameConstraint5(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -3730,7 +4181,7 @@ static int test_wolfSSL_CertManagerNameConstraint5(void)
 
     ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
-                WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -3775,79 +4226,80 @@ static int test_wolfSSL_CertManagerCRL(void)
     const char* crl_rsapss = "./certs/crl/crl_rsapss.pem";
     const char* ca_rsapss  = "./certs/rsapss/ca-rsapss.pem";
 #endif
+    /* ./certs/crl/crl.der */
     const unsigned char crl_buff[] = {
-        0x30, 0x82, 0x02, 0x04, 0x30, 0x81, 0xed, 0x02,
-        0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
-        0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-        0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09,
+        0x30, 0x82, 0x02, 0x04, 0x30, 0x81, 0xED, 0x02,
+        0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+        0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05,
+        0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
-        0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
-        0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74,
-        0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06,
-        0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f,
-        0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30,
-        0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08,
-        0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68,
+        0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+        0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
+        0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06,
+        0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F,
+        0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30,
+        0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08,
+        0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68,
         0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
-        0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
-        0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30,
-        0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
-        0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66,
-        0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31,
-        0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
-        0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10,
-        0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c,
-        0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
-        0x17, 0x0d, 0x32, 0x32, 0x31, 0x32, 0x31, 0x36,
-        0x32, 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, 0x17,
-        0x0d, 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32,
-        0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, 0x30, 0x14,
-        0x30, 0x12, 0x02, 0x01, 0x02, 0x17, 0x0d, 0x32,
-        0x32, 0x31, 0x32, 0x31, 0x36, 0x32, 0x31, 0x31,
-        0x37, 0x35, 0x30, 0x5a, 0xa0, 0x0e, 0x30, 0x0c,
-        0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x14, 0x04,
-        0x03, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
-        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
-        0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
-        0x39, 0x44, 0xff, 0x39, 0xf4, 0x04, 0x45, 0x79,
-        0x7e, 0x73, 0xe2, 0x42, 0x48, 0xdb, 0x85, 0x66,
-        0xfd, 0x99, 0x76, 0x94, 0x7c, 0xb5, 0x79, 0x5d,
-        0x15, 0x71, 0x36, 0xa9, 0x87, 0xf0, 0x73, 0x05,
-        0x50, 0x08, 0x6b, 0x1c, 0x6e, 0xde, 0x96, 0x45,
-        0x31, 0xc3, 0xc0, 0xba, 0xba, 0xf5, 0x08, 0x1d,
-        0x05, 0x4a, 0x52, 0x39, 0xe9, 0x03, 0xef, 0x59,
-        0xc8, 0x1d, 0x4a, 0xf2, 0x86, 0x05, 0x99, 0x7b,
-        0x4b, 0x74, 0xf6, 0xd3, 0x75, 0x8d, 0xb2, 0x57,
-        0xba, 0xac, 0xa7, 0x11, 0x14, 0xd6, 0x6c, 0x71,
-        0xc4, 0x4c, 0x1c, 0x68, 0xbc, 0x49, 0x78, 0xf0,
-        0xc9, 0x52, 0x8a, 0xe7, 0x8b, 0x54, 0xe6, 0x20,
-        0x58, 0x20, 0x60, 0x66, 0xf5, 0x14, 0xd8, 0xcb,
-        0xff, 0xe0, 0xa0, 0x45, 0xbc, 0xb4, 0x81, 0xad,
-        0x1d, 0xbc, 0xcf, 0xf8, 0x8e, 0xa8, 0x87, 0x24,
-        0x55, 0x99, 0xd9, 0xce, 0x47, 0xf7, 0x5b, 0x4a,
-        0x33, 0x6d, 0xdb, 0xbf, 0x93, 0x64, 0x1a, 0xa6,
-        0x46, 0x5f, 0x27, 0xdc, 0xd8, 0xd4, 0xf9, 0xc2,
-        0x42, 0x2a, 0x7e, 0xb2, 0x7c, 0xdd, 0x98, 0x77,
-        0xf5, 0x88, 0x7d, 0x15, 0x25, 0x08, 0xbc, 0xe0,
-        0xd0, 0x8d, 0xf4, 0xc3, 0xc3, 0x04, 0x41, 0xa4,
-        0xd1, 0xb1, 0x39, 0x4a, 0x6b, 0x2c, 0xb5, 0x2e,
-        0x9a, 0x65, 0x43, 0x0d, 0x0e, 0x73, 0xf4, 0x06,
-        0xe1, 0xb3, 0x49, 0x34, 0x94, 0xb0, 0xb7, 0xff,
-        0xc0, 0x27, 0xc1, 0xb5, 0xea, 0x06, 0xf7, 0x71,
-        0x71, 0x97, 0xbb, 0xbc, 0xc7, 0x1a, 0x9f, 0xeb,
-        0xf6, 0x3d, 0xa5, 0x7b, 0x55, 0xa7, 0xbf, 0xdd,
-        0xd7, 0xee, 0x97, 0xb8, 0x9d, 0xdc, 0xcd, 0xe3,
-        0x06, 0xdb, 0x9a, 0x2c, 0x60, 0xbf, 0x70, 0x84,
-        0xfa, 0x6b, 0x8d, 0x70, 0x7d, 0xde, 0xe8, 0xb7,
-        0xab, 0xb0, 0x38, 0x68, 0x6c, 0xc0, 0xb1, 0xe1,
-        0xba, 0x45, 0xe0, 0xd7, 0x12, 0x3d, 0x71, 0x5b
+        0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75,
+        0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30,
+        0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
+        0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+        0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+        0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
+        0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
+        0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x17, 0x0D, 0x32, 0x34, 0x30, 0x31, 0x30, 0x39,
+        0x30, 0x30, 0x33, 0x34, 0x33, 0x30, 0x5A, 0x17,
+        0x0D, 0x32, 0x36, 0x31, 0x30, 0x30, 0x35, 0x30,
+        0x30, 0x33, 0x34, 0x33, 0x30, 0x5A, 0x30, 0x14,
+        0x30, 0x12, 0x02, 0x01, 0x02, 0x17, 0x0D, 0x32,
+        0x34, 0x30, 0x31, 0x30, 0x39, 0x30, 0x30, 0x33,
+        0x34, 0x33, 0x30, 0x5A, 0xA0, 0x0E, 0x30, 0x0C,
+        0x30, 0x0A, 0x06, 0x03, 0x55, 0x1D, 0x14, 0x04,
+        0x03, 0x02, 0x01, 0x02, 0x30, 0x0D, 0x06, 0x09,
+        0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
+        0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
+        0xB3, 0x6F, 0xED, 0x72, 0xD2, 0x73, 0x6A, 0x77,
+        0xBF, 0x3A, 0x55, 0xBC, 0x54, 0x18, 0x6A, 0x71,
+        0xBC, 0x6A, 0xCC, 0xCD, 0x5D, 0x90, 0xF5, 0x64,
+        0x8D, 0x1B, 0xF0, 0xE0, 0x48, 0x7B, 0xF2, 0x7B,
+        0x06, 0x86, 0x53, 0x63, 0x9B, 0xD8, 0x24, 0x15,
+        0x10, 0xB1, 0x19, 0x96, 0x9B, 0xD2, 0x75, 0xA8,
+        0x25, 0xA2, 0x35, 0xA9, 0x14, 0xD6, 0xD5, 0x5E,
+        0x53, 0xE3, 0x34, 0x9D, 0xF2, 0x8B, 0x07, 0x19,
+        0x9B, 0x1F, 0xF1, 0x02, 0x0F, 0x04, 0x46, 0xE8,
+        0xB8, 0xB6, 0xF2, 0x8D, 0xC7, 0xC0, 0x15, 0x3E,
+        0x3E, 0x8E, 0x96, 0x73, 0x15, 0x1E, 0x62, 0xF6,
+        0x4E, 0x2A, 0xF7, 0xAA, 0xA0, 0x91, 0x80, 0x12,
+        0x7F, 0x81, 0x0C, 0x65, 0xCC, 0x38, 0xBE, 0x58,
+        0x6C, 0x14, 0xA5, 0x21, 0xA1, 0x8D, 0xF7, 0x8A,
+        0xB9, 0x24, 0xF4, 0x2D, 0xCA, 0xC0, 0x67, 0x43,
+        0x0B, 0xC8, 0x1C, 0xB4, 0x7D, 0x12, 0x7F, 0xA2,
+        0x1B, 0x19, 0x0E, 0x94, 0xCF, 0x7B, 0x9F, 0x75,
+        0xA0, 0x08, 0x9A, 0x67, 0x3F, 0x87, 0x89, 0x3E,
+        0xF8, 0x58, 0xA5, 0x8A, 0x1B, 0x2D, 0xDA, 0x9B,
+        0xD0, 0x1B, 0x18, 0x92, 0xC3, 0xD2, 0x6A, 0xD7,
+        0x1C, 0xFC, 0x45, 0x69, 0x77, 0xC3, 0x57, 0x65,
+        0x75, 0x99, 0x9E, 0x47, 0x2A, 0x20, 0x25, 0xEF,
+        0x90, 0xF2, 0x5F, 0x3B, 0x7D, 0x9C, 0x7D, 0x00,
+        0xEA, 0x92, 0x54, 0xEB, 0x0B, 0xE7, 0x17, 0xAF,
+        0x24, 0x1A, 0xF9, 0x7C, 0x83, 0x50, 0x68, 0x1D,
+        0xDC, 0x5B, 0x60, 0x12, 0xA7, 0x52, 0x78, 0xD9,
+        0xA9, 0xB0, 0x1F, 0x59, 0x48, 0x36, 0xC7, 0xA6,
+        0x97, 0x34, 0xC7, 0x87, 0x3F, 0xAE, 0xFD, 0xA9,
+        0x56, 0x5D, 0x48, 0xCC, 0x89, 0x7A, 0x79, 0x60,
+        0x8F, 0x9B, 0x2B, 0x63, 0x3C, 0xB3, 0x04, 0x1D,
+        0x5F, 0xF7, 0x20, 0xD2, 0xFD, 0xF2, 0x51, 0xB1,
+        0x96, 0x93, 0x13, 0x5B, 0xAB, 0x74, 0x82, 0x8B
     };
 
     WOLFSSL_CERT_MANAGER* cm = NULL;
 
     ExpectNotNull(cm = wolfSSL_CertManagerNew());
 
-    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1);
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECK), 1);
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm,
@@ -3855,59 +4307,59 @@ static int test_wolfSSL_CertManagerCRL(void)
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 16), 1);
     ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1);
 
-    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, -1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, -1), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, -1),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, 1), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, 1),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, 1), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, -1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048,
-        sizeof_server_cert_der_2048), ASN_NO_SIGNER_E);
+        sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
 
-    ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(cm, NULL), 1);
 #ifdef HAVE_CRL_IO
-    ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(cm, NULL), 1);
 #endif
 
 #ifndef NO_FILESYSTEM
     ExpectIntEQ(wolfSSL_CertManagerLoadCRL(NULL, NULL, WOLFSSL_FILETYPE_ASN1,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, NULL, WOLFSSL_FILETYPE_ASN1,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* -1 seen as !WOLFSSL_FILETYPE_PEM */
     ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, "./certs/crl", -1, 0), 1);
 
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(NULL, NULL,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, NULL, WOLFSSL_FILETYPE_ASN1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* -1 seen as !WOLFSSL_FILETYPE_PEM */
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, "./certs/crl/crl.pem", -1),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
 #endif
 
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, 1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, -1,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
-    ExpectIntEQ(wolfSSL_CertManagerFreeCRL(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CertManagerFreeCRL(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     DoExpectIntEQ(wolfSSL_CertManagerFreeCRL(cm), 1);
 
     ExpectIntEQ(WOLFSSL_SUCCESS,
@@ -3924,9 +4376,9 @@ static int test_wolfSSL_CertManagerCRL(void)
     ExpectIntEQ(WOLFSSL_SUCCESS,
         wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
     ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048,
-        sizeof_server_cert_der_2048), CRL_MISSING);
+        sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(CRL_MISSING));
     ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server_cert_der_2048,
-        sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), CRL_MISSING);
+        sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(CRL_MISSING));
 #endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */
 
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, sizeof(crl_buff),
@@ -3935,7 +4387,7 @@ static int test_wolfSSL_CertManagerCRL(void)
 #if !defined(NO_FILESYSTEM) && defined(WC_RSA_PSS)
     /* loading should fail without the CA set */
     ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss,
-        WOLFSSL_FILETYPE_PEM), ASN_CRL_NO_SIGNER_E);
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E));
 
     /* now successfully load the RSA-PSS crl once loading in it's CA */
     ExpectIntEQ(WOLFSSL_SUCCESS,
@@ -4003,8 +4455,8 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
         0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, /* ......in */
         0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */
         0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, /* sl.com.. */
-        0x32, 0x30, 0x32, 0x33, 0x31, 0x31, 0x30, 0x38, /* 20231108 */
-        0x30, 0x30, 0x32, 0x36, 0x33, 0x37, 0x5a, 0x30, /* 002637Z0 */
+        0x32, 0x30, 0x32, 0x34, 0x31, 0x32, 0x32, 0x30, /* 20241220 */
+        0x31, 0x37, 0x30, 0x37, 0x30, 0x34, 0x5a, 0x30, /* 170704Z0 */
         0x64, 0x30, 0x62, 0x30, 0x3a, 0x30, 0x09, 0x06, /* d0b0:0.. */
         0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, /* .+...... */
         0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, /* ..qM.#@Y */
@@ -4013,50 +4465,50 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
         0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, /* ..:.,... */
         0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, /* ..L.*.q. */
         0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, /* dD...... */
-        0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x33, 0x31, /* ...20231 */
-        0x31, 0x30, 0x38, 0x30, 0x30, 0x32, 0x36, 0x33, /* 10800263 */
-        0x37, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, /* 7Z....20 */
-        0x35, 0x31, 0x30, 0x33, 0x32, 0x35, 0x30, 0x30, /* 51032500 */
-        0x32, 0x36, 0x33, 0x37, 0x5a, 0xa1, 0x23, 0x30, /* 2637Z.#0 */
+        0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x31, /* ...20241 */
+        0x32, 0x32, 0x30, 0x31, 0x37, 0x30, 0x37, 0x30, /* 22017070 */
+        0x34, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, /* 4Z....20 */
+        0x35, 0x32, 0x30, 0x35, 0x30, 0x36, 0x31, 0x37, /* 52050617 */
+        0x30, 0x37, 0x30, 0x34, 0x5a, 0xa1, 0x23, 0x30, /* 0704Z.#0 */
         0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, /* !0...+.. */
         0x05, 0x05, 0x07, 0x30, 0x01, 0x02, 0x04, 0x12, /* ...0.... */
-        0x04, 0x10, 0xdb, 0xbc, 0x2a, 0x76, 0xa0, 0xb4, /* ....*v.. */
-        0x1e, 0x5d, 0xf6, 0x2b, 0x8e, 0x38, 0x62, 0xdb, /* .].+.8b. */
-        0x90, 0xed, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, /* ..0...*. */
+        0x04, 0x10, 0x12, 0x7c, 0x27, 0xbd, 0x22, 0x28, /* ...|'."( */
+        0x5e, 0x62, 0x81, 0xed, 0x6d, 0x2c, 0x2d, 0x59, /* ^b..m,-Y */
+        0x42, 0xd7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, /* B.0...*. */
         0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, /* H....... */
-        0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x87, 0xde, /* ........ */
-        0xfb, 0xf9, 0x3a, 0x90, 0x1f, 0x90, 0xde, 0xcf, /* ..:..... */
-        0xfe, 0xad, 0x64, 0x19, 0x34, 0x17, 0xf8, 0x15, /* ..d.4... */
-        0x01, 0x22, 0x5f, 0x67, 0x41, 0xa4, 0x18, 0xf7, /* ."_gA... */
-        0x16, 0xb7, 0xc9, 0xf3, 0xe1, 0x9f, 0xcd, 0x40, /* .......@ */
-        0x56, 0x77, 0x6e, 0x6a, 0xfb, 0x92, 0x6a, 0x6f, /* Vwnj..jo */
-        0x28, 0x3e, 0x22, 0x48, 0xa1, 0xc2, 0xd8, 0x1d, /* (>"H.... */
-        0xc7, 0xe6, 0x78, 0x7f, 0xb6, 0x09, 0xfe, 0x2c, /* ..x...., */
-        0xb5, 0xef, 0x29, 0x7c, 0xc5, 0x51, 0x16, 0x7b, /* ..)|.Q.{ */
-        0x8f, 0xfb, 0x44, 0xa8, 0xcd, 0xf5, 0x5c, 0x0f, /* ..D...\. */
-        0x46, 0x0e, 0xb1, 0xa4, 0xeb, 0x5b, 0xf5, 0x86, /* F....[.. */
-        0x11, 0x0f, 0xcd, 0xe2, 0xe5, 0x3c, 0x91, 0x72, /* .....<.r */
-        0x0d, 0x6a, 0xcb, 0x95, 0x99, 0x39, 0x91, 0x48, /* .j...9.H */
-        0x65, 0x97, 0xb9, 0x78, 0xb5, 0x88, 0x7f, 0x76, /* e..x...v */
-        0xa1, 0x43, 0x2f, 0xf6, 0x1f, 0x49, 0xb7, 0x08, /* .C/..I.. */
-        0x36, 0xe4, 0x2e, 0x34, 0x25, 0xda, 0x16, 0x74, /* 6..4%..t */
-        0x47, 0x62, 0x56, 0xff, 0x2f, 0x02, 0x03, 0x44, /* GbV./..D */
-        0x89, 0x04, 0xe7, 0xb8, 0xde, 0x0a, 0x35, 0x43, /* ......5C */
-        0xae, 0xd7, 0x54, 0xbe, 0xc3, 0x7c, 0x95, 0xa5, /* ..T..|.. */
-        0xc8, 0xe0, 0x2e, 0x52, 0xb6, 0xea, 0x99, 0x45, /* ...R...E */
-        0xfd, 0xda, 0x4b, 0xd5, 0x79, 0x07, 0x64, 0xca, /* ..K.y.d. */
-        0x64, 0xba, 0x52, 0x12, 0x62, 0x8c, 0x08, 0x9a, /* d.R.b... */
-        0x32, 0xeb, 0x85, 0x65, 0x05, 0x39, 0x07, 0x5d, /* 2..e.9.] */
-        0x39, 0x4a, 0xcf, 0xa5, 0x30, 0xf6, 0xd1, 0xf7, /* 9J..0... */
-        0x29, 0xaa, 0x23, 0x42, 0xc6, 0x85, 0x16, 0x7f, /* ).#B.... */
-        0x64, 0x16, 0xb1, 0xb0, 0x5d, 0xcd, 0x88, 0x2d, /* d...]..- */
-        0x06, 0xb0, 0xa9, 0xdf, 0xa3, 0x9f, 0x25, 0x41, /* ......%A */
-        0x89, 0x9a, 0x19, 0xe1, 0xaa, 0xcd, 0xdf, 0x51, /* .......Q */
-        0xcb, 0xa9, 0xc3, 0x7e, 0x27, 0xbc, 0x7d, 0x9b, /* ...~'.}. */
-        0x6f, 0x4d, 0x79, 0x87, 0x09, 0x3f, 0xac, 0xd2, /* oMy..?.. */
-        0x4a, 0x3b, 0xbe, 0xf8, 0x7a, 0xa4, 0x93, 0x45, /* J;..z..E */
-        0x11, 0x64, 0x40, 0xc5, 0x03, 0xc9, 0x24, 0x5b, /* .d@...$[ */
-        0xe9, 0x6d, 0xfc, 0x94, 0x08, 0xbe, 0xa0, 0x82, /* .m...... */
+        0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x6c, 0xce, /* ......l. */
+        0xa8, 0xe8, 0xfe, 0xaf, 0x33, 0xe2, 0xce, 0x4e, /* ....3..N */
+        0x63, 0x8d, 0x61, 0x16, 0x0f, 0x70, 0xb2, 0x0c, /* c.a..p.. */
+        0x9a, 0xe3, 0x01, 0xd5, 0xca, 0xe5, 0x9b, 0x70, /* .......p */
+        0x81, 0x6f, 0x94, 0x09, 0xe8, 0x88, 0x98, 0x1a, /* .o...... */
+        0x67, 0xa0, 0xc2, 0xe7, 0x8f, 0x9b, 0x5f, 0x13, /* g....._. */
+        0x17, 0x8d, 0x93, 0x8c, 0x31, 0x61, 0x7d, 0x72, /* ....1a}r */
+        0x34, 0xbd, 0x21, 0x48, 0xca, 0xb2, 0xc9, 0xae, /* 4.!H.... */
+        0x28, 0x5f, 0x97, 0x19, 0xcb, 0xdf, 0xed, 0xd4, /* (_...... */
+        0x6e, 0x89, 0x30, 0x89, 0x11, 0xd1, 0x05, 0x08, /* n.0..... */
+        0x81, 0xe9, 0xa7, 0xba, 0xf7, 0x16, 0x0c, 0xbe, /* ........ */
+        0x48, 0x2e, 0xc0, 0x05, 0xac, 0x90, 0xc2, 0x35, /* H......5 */
+        0xce, 0x6c, 0x94, 0x5d, 0x2b, 0xad, 0x4f, 0x19, /* .l.]+.O. */
+        0xea, 0x7b, 0xd9, 0x4f, 0x49, 0x20, 0x8d, 0x98, /* .{.OI .. */
+        0xa9, 0xe4, 0x53, 0x6d, 0xca, 0x34, 0xdb, 0x4a, /* ..Sm.4.J */
+        0x28, 0xb3, 0x33, 0xfb, 0xfd, 0xcc, 0x4b, 0xfa, /* (.3...K. */
+        0xdb, 0x70, 0xe1, 0x96, 0xc8, 0xd4, 0xf1, 0x85, /* .p...... */
+        0x99, 0xaf, 0x06, 0xeb, 0xfd, 0x96, 0x21, 0x86, /* ......!. */
+        0x81, 0xee, 0xcf, 0xd2, 0xf4, 0x83, 0xc9, 0x1d, /* ........ */
+        0x8f, 0x42, 0xd1, 0xc1, 0xbc, 0x50, 0x0a, 0xfb, /* .B...P.. */
+        0x95, 0x39, 0x4c, 0x36, 0xa8, 0xfe, 0x2b, 0x8e, /* .9L6..+. */
+        0xc5, 0xb5, 0xe0, 0xab, 0xdb, 0xc0, 0xbf, 0x1d, /* ........ */
+        0x35, 0x4d, 0xc0, 0x52, 0xfb, 0x08, 0x04, 0x4c, /* 5M.R...L */
+        0x98, 0xf0, 0xb5, 0x5b, 0xff, 0x99, 0x74, 0xce, /* ...[..t. */
+        0xb7, 0xc9, 0xe3, 0xe5, 0x70, 0x2e, 0xd3, 0x1d, /* ....p... */
+        0x46, 0x38, 0xf9, 0x51, 0x17, 0x73, 0xd1, 0x08, /* F8.Q.s.. */
+        0x8d, 0x3d, 0x12, 0x47, 0xd0, 0x66, 0x77, 0xaf, /* .=.G.fw. */
+        0xfd, 0x4c, 0x75, 0x1f, 0xe9, 0x6c, 0xf4, 0x5a, /* .Lu..l.Z */
+        0xde, 0xec, 0x37, 0xc7, 0xc4, 0x0a, 0xbe, 0x91, /* ..7..... */
+        0xbc, 0x05, 0x08, 0x86, 0x47, 0x30, 0x2a, 0xc6, /* ....G0*. */
+        0x85, 0x4b, 0x55, 0x6c, 0xef, 0xdf, 0x2d, 0x5a, /* .KUl..-Z */
+        0xf7, 0x5b, 0xb5, 0xba, 0xed, 0x38, 0xb0, 0xcb, /* .[...8.. */
+        0xeb, 0x7e, 0x84, 0x3a, 0x69, 0x2c, 0xa0, 0x82, /* .~.:i,.. */
         0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, /* ..0...0. */
         0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, /* ..0..... */
         0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, /* ......0. */
@@ -4081,10 +4533,10 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
         0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, /* .......i */
         0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, /* nfo@wolf */
         0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, /* ssl.com0 */
-        0x1e, 0x17, 0x0d, 0x32, 0x32, 0x31, 0x32, 0x31, /* ...22121 */
-        0x36, 0x32, 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, /* 6211750Z */
-        0x17, 0x0d, 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, /* ..250911 */
-        0x32, 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, 0x30, /* 211750Z0 */
+        0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, /* ...24121 */
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, /* 8212531Z */
+        0x17, 0x0d, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, /* ..270914 */
+        0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x30, /* 212531Z0 */
         0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, /* ..1.0... */
         0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, /* U....US1 */
         0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, /* .0...U.. */
@@ -4178,38 +4630,38 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
         0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, /* ....0... */
         0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, /* *.H..... */
         0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, /* ........ */
-        0x2f, 0xb7, 0x6b, 0xec, 0xb7, 0x12, 0x63, 0xb9, /* /.k...c. */
-        0x57, 0xdc, 0x04, 0x4d, 0x9c, 0x67, 0x74, 0x98, /* W..M.gt. */
-        0x06, 0x28, 0x68, 0x37, 0x34, 0xc2, 0x50, 0xe9, /* .(h74.P. */
-        0x2a, 0xd4, 0x1a, 0xb2, 0x32, 0x1a, 0x9d, 0x2b, /* *...2..+ */
-        0x4f, 0x23, 0x50, 0xea, 0xb4, 0x95, 0x86, 0xc3, /* O#P..... */
-        0xb9, 0x5f, 0x34, 0x3e, 0x99, 0x91, 0xa7, 0x80, /* ._4>.... */
-        0x5f, 0x6e, 0x1b, 0x6e, 0xdb, 0xe9, 0x02, 0x38, /* _n.n...8 */
-        0x6f, 0xdf, 0xc5, 0x9b, 0x0d, 0xa3, 0x1c, 0xa9, /* o....... */
-        0x15, 0x76, 0x16, 0x66, 0xa8, 0x4e, 0xfb, 0xd3, /* .v.f.N.. */
-        0x43, 0x76, 0xf1, 0x72, 0xb7, 0xd1, 0xfa, 0xee, /* Cv.r.... */
-        0x39, 0xa6, 0x96, 0xc1, 0xa2, 0x93, 0xa4, 0x9b, /* 9....... */
-        0x1e, 0x9f, 0xba, 0x71, 0x8f, 0xba, 0xbd, 0x67, /* ...q...g */
-        0x6a, 0xf2, 0x15, 0x5f, 0xf1, 0x64, 0xe7, 0xcf, /* j.._.d.. */
-        0x26, 0xb8, 0x4c, 0xc0, 0xeb, 0x85, 0x04, 0x58, /* &.L....X */
-        0xd9, 0x4a, 0x6b, 0xd9, 0x86, 0xf5, 0x80, 0x21, /* .Jk....! */
-        0xbf, 0x91, 0xc8, 0x4b, 0x9f, 0x04, 0xed, 0x57, /* ...K...W */
-        0x7a, 0xd2, 0x58, 0xac, 0x5b, 0x47, 0xaf, 0x4d, /* z.X.[G.M */
-        0x7f, 0x5b, 0x1d, 0x6d, 0x68, 0x9b, 0x84, 0x98, /* .[.mh... */
-        0x2a, 0x31, 0x02, 0x2c, 0xe9, 0x1b, 0xaf, 0x11, /* *1.,.... */
-        0x0b, 0x78, 0x49, 0xbe, 0x68, 0x68, 0xcb, 0x9c, /* .xI.hh.. */
-        0x41, 0x56, 0xe8, 0xb5, 0x59, 0xda, 0xff, 0xca, /* AV..Y... */
-        0x59, 0x99, 0x17, 0x3e, 0x11, 0x0a, 0x8f, 0x49, /* Y..>...I */
-        0x24, 0x0b, 0x81, 0x42, 0x63, 0xcd, 0x4f, 0xf6, /* $..Bc.O. */
-        0x2b, 0x9d, 0xd1, 0x79, 0x75, 0xd7, 0x4a, 0xcc, /* +..yu.J. */
-        0x4c, 0xb7, 0x2b, 0xd7, 0xe8, 0xe7, 0xd4, 0x48, /* L.+....H */
-        0x3c, 0x14, 0x3b, 0x1c, 0x28, 0xe8, 0x46, 0x7a, /* <.;.(.Fz */
-        0xdc, 0x11, 0x9d, 0x7f, 0x1c, 0xab, 0x10, 0x95, /* ........ */
-        0x17, 0xb2, 0xc7, 0x7a, 0xbb, 0x17, 0x44, 0x59, /* ...z..DY */
-        0x69, 0x8e, 0x16, 0x05, 0x94, 0x8c, 0x88, 0xd9, /* i....... */
-        0xdc, 0x9a, 0xfd, 0xf2, 0x93, 0xbe, 0x68, 0xba, /* ......h. */
-        0x3c, 0xd6, 0x2b, 0x61, 0x3a, 0x8b, 0xf7, 0x66, /* <.+a:..f */
-        0xcb, 0x54, 0xe8, 0xe4, 0xdb, 0x9f, 0xcc, 0x9e  /* .T...... */
+        0x4d, 0xa2, 0xd8, 0x55, 0xe0, 0x2b, 0xf4, 0xad, /* M..U.+.. */
+        0x65, 0xe2, 0x92, 0x35, 0xcb, 0x60, 0xa0, 0xa2, /* e..5.`.. */
+        0x6b, 0xa6, 0x88, 0xc1, 0x86, 0x58, 0x57, 0x37, /* k....XW7 */
+        0xbd, 0x2e, 0x28, 0x6e, 0x1c, 0x56, 0x2a, 0x35, /* ..(n.V*5 */
+        0xde, 0xff, 0x3e, 0x8e, 0x3d, 0x47, 0x21, 0x1a, /* ..>.=G!. */
+        0xe9, 0xd3, 0xc6, 0xb4, 0xe2, 0xcb, 0x3e, 0xc6, /* ......>. */
+        0xaf, 0x9b, 0xef, 0x23, 0x88, 0x56, 0x95, 0x73, /* ...#.V.s */
+        0x2e, 0xb3, 0xed, 0xc5, 0x11, 0x4b, 0x69, 0xf7, /* .....Ki. */
+        0x13, 0x3a, 0x05, 0xe1, 0xaf, 0xba, 0xc9, 0x59, /* .:.....Y */
+        0xfd, 0xe2, 0xa0, 0x81, 0xa0, 0x4c, 0x0c, 0x2c, /* .....L., */
+        0xcb, 0x57, 0xad, 0x96, 0x3a, 0x8c, 0x32, 0xa6, /* .W..:.2. */
+        0x4a, 0xf8, 0x72, 0xb8, 0xec, 0xb3, 0x26, 0x69, /* J.r...&i */
+        0xd6, 0x6a, 0x4c, 0x4c, 0x78, 0x18, 0x3c, 0xca, /* .jLLx.<. */
+        0x19, 0xf1, 0xb5, 0x8e, 0x23, 0x81, 0x5b, 0x27, /* ....#.[' */
+        0x90, 0xe0, 0x5c, 0x2b, 0x17, 0x4d, 0x78, 0x99, /* ..\+.Mx. */
+        0x6b, 0x25, 0xbd, 0x2f, 0xae, 0x1b, 0xaa, 0xce, /* k%./.... */
+        0x84, 0xb9, 0x44, 0x21, 0x46, 0xc0, 0x34, 0x6b, /* ..D!F.4k */
+        0x5b, 0xb9, 0x1b, 0xca, 0x5c, 0x60, 0xf1, 0xef, /* [...\`.. */
+        0xe6, 0x66, 0xbc, 0x84, 0x63, 0x56, 0x50, 0x7d, /* .f..cVP} */
+        0xbb, 0x2c, 0x2f, 0x7b, 0x47, 0xb4, 0xfd, 0x58, /* .,/{G..X */
+        0x77, 0x87, 0xee, 0x27, 0x20, 0x96, 0x72, 0x8e, /* w..' .r. */
+        0x4c, 0x7e, 0x4f, 0x93, 0xeb, 0x5f, 0x8f, 0x9c, /* L~O.._.. */
+        0x1e, 0x59, 0x7a, 0x96, 0xaa, 0x53, 0x77, 0x22, /* .Yz..Sw" */
+        0x41, 0xd8, 0xd3, 0xf9, 0x89, 0x8f, 0xe8, 0x9d, /* A....... */
+        0x65, 0xbd, 0x0c, 0x71, 0x3c, 0xbb, 0xa3, 0x07, /* e..q<... */
+        0xbf, 0xfb, 0xa8, 0xd1, 0x18, 0x0a, 0xb4, 0xc4, /* ........ */
+        0xf7, 0x83, 0xb3, 0x86, 0x2b, 0xf0, 0x5b, 0x05, /* ....+.[. */
+        0x28, 0xc1, 0x01, 0x31, 0x73, 0x5c, 0x2b, 0xbd, /* (..1s\+. */
+        0x60, 0x97, 0xa3, 0x36, 0x82, 0x96, 0xd7, 0x83, /* `..6.... */
+        0xdf, 0x75, 0xee, 0x29, 0x42, 0x97, 0x86, 0x41, /* .u.)B..A */
+        0x55, 0xb9, 0x70, 0x87, 0xd5, 0x02, 0x85, 0x13, /* U.p..... */
+        0x41, 0xf8, 0x25, 0x05, 0xab, 0x6a, 0xaa, 0x57  /* A.%..j.W */
     };
     OcspEntry entry[1];
     CertStatus status[1];
@@ -4255,7 +4707,7 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
 
 #ifndef NO_FILESYSTEM
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048,
-        sizeof(server_cert_der_2048)), ASN_NO_SIGNER_E);
+        sizeof(server_cert_der_2048)), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
     ExpectIntEQ(WOLFSSL_SUCCESS,
         wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
     ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048,
@@ -4420,7 +4872,11 @@ static int test_wolfSSL_CheckOCSPResponse(void)
         wolfSSL_CertManagerFree(cm);
     }
 
-#if defined(WC_RSA_PSS)
+/* FIPS v2 and below don't support long salts. */
+#if defined(WC_RSA_PSS) && \
+    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+     (HAVE_FIPS_VERSION > 2))) && (!defined(HAVE_SELFTEST) || \
+     (defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2)))
     {
         const char* responsePssFile = "./certs/ocsp/test-response-rsapss.der";
 
@@ -4457,6 +4913,7 @@ static int test_wolfSSL_FPKI(void)
 #if defined(WOLFSSL_FPKI) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
     XFILE f = XBADFILE;
     const char* fpkiCert = "./certs/fpki-cert.der";
+    const char* fpkiCertPolCert = "./certs/fpki-certpol-cert.der";
     DecodedCert cert;
     byte buf[4096];
     byte* uuid = NULL;
@@ -4472,13 +4929,38 @@ static int test_wolfSSL_FPKI(void)
 
     wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
     ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
-    ExpectIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), LENGTH_ONLY_E) ;
+    ExpectIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    ExpectNotNull(fascn = (byte*)XMALLOC(fascnSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(wc_GetFASCNFromCert(&cert, fascn, &fascnSz), 0);
+    XFREE(fascn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    fascn = NULL;
+
+    ExpectIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    ExpectNotNull(uuid = (byte*)XMALLOC(uuidSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(wc_GetUUIDFromCert(&cert, uuid, &uuidSz), 0);
+    XFREE(uuid, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    uuid = NULL;
+    wc_FreeDecodedCert(&cert);
+
+    XMEMSET(buf, 0, 4096);
+    fascnSz = uuidSz = bytes = 0;
+    f = XBADFILE;
+
+    ExpectTrue((f = XFOPEN(fpkiCertPolCert, "rb")) != XBADFILE);
+    ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
+    if (f != XBADFILE)
+        XFCLOSE(f);
+
+    wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL);
+    ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
+    ExpectIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectNotNull(fascn = (byte*)XMALLOC(fascnSz, NULL,
         DYNAMIC_TYPE_TMP_BUFFER));
     ExpectIntEQ(wc_GetFASCNFromCert(&cert, fascn, &fascnSz), 0);
     XFREE(fascn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-    ExpectIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), LENGTH_ONLY_E);
+    ExpectIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectNotNull(uuid = (byte*)XMALLOC(uuidSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
     ExpectIntEQ(wc_GetUUIDFromCert(&cert, uuid, &uuidSz), 0);
     XFREE(uuid, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4576,8 +5058,8 @@ static int test_wolfSSL_CertRsaPss(void)
 static int test_wolfSSL_CTX_load_verify_locations_ex(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
     WOLFSSL_CTX* ctx = NULL;
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
@@ -4609,8 +5091,9 @@ static int test_wolfSSL_CTX_load_verify_locations_ex(void)
 static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx;
     const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der";
     byte ca_expired_cert[TWOK_BUF];
@@ -4660,15 +5143,14 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
     /* Fail when ctx is NULL. */
     ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(NULL, ca_expired_cert,
             sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
-            WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), BAD_FUNC_ARG);
+            WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Load as modified cert - bad initial length. */
     ca_expired_cert[2] = 0x7f;
     ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
             sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 1,
-            WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), ASN_PARSE_E);
+            WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WC_NO_ERR_TRACE(ASN_PARSE_E));
 
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif
 
     return EXPECT_RESULT();
@@ -4679,6 +5161,7 @@ static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
     EXPECT_DECLS;
 #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \
     defined(USE_CERT_BUFFERS_2048) && (WOLFSSL_MIN_RSA_BITS <= 1024) && \
+    !defined(NO_TLS) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx = NULL;
 
@@ -4703,7 +5186,8 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \
-    defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
+    defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX*        ctx;
     WOLFSSL*            ssl = NULL;
     const char *certChain[] = {
@@ -4781,62 +5265,73 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
 static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    !defined(NO_WOLFSSL_CLIENT) && defined(USE_CERT_BUFFERS_2048)
+#if !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA) && \
+    (!defined(NO_FILESYSTEM) || defined(USE_CERT_BUFFERS_2048))
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
+#ifndef NO_FILESYSTEM
     const char* cert = "./certs/server-cert.pem";
     unsigned char* buf = NULL;
-    size_t len;
+    size_t len = 0;
 
     ExpectIntEQ(load_file(cert, &buf, &len), 0);
+#endif
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
     /* Invalid parameters. */
+#ifndef NO_FILESYSTEM
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(NULL,
-        NULL, 0, WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        NULL, 0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
-        NULL, 0, WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
+        NULL, 0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, NULL, 0),
+        WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf,
+        (sword32)len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, NULL, 0),
+        WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (sword32)len),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buf,
+        (sword32)len, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (sword32)len),
+        WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, buf, (sword32)len),
+        WOLFSSL_SUCCESS);
+#endif /* !NO_FILESYSTEM */
+
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(NULL,
         server_cert_der_2048, sizeof_server_cert_der_2048,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, NULL, 0),
-        ASN_NO_PEM_HEADER);
-    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf, (long)len),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, NULL, 0),
-        ASN_NO_PEM_HEADER);
-    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (long)len),
-        BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
         server_cert_der_2048, sizeof_server_cert_der_2048,
         WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buf,
-        (long)len, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
-
-    ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (long)len),
-        WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx,
-        server_cert_der_2048, sizeof_server_cert_der_2048), ASN_NO_PEM_HEADER);
+        server_cert_der_2048, sizeof_server_cert_der_2048),
+        WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
 
-    ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, buf, (long)len),
-        WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048,
-        sizeof_server_cert_der_2048), ASN_NO_PEM_HEADER);
+        sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
 
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
+#ifndef NO_FILESYSTEM
     if (buf != NULL) {
         free(buf);
     }
+#endif
 #endif
     return EXPECT_RESULT();
 }
@@ -4844,7 +5339,8 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void)
 static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     const char* server_chain_der = "./certs/server-cert-chain.der";
     const char* client_single_pem = "./certs/client-cert.pem";
@@ -4873,8 +5369,8 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
 static int test_wolfSSL_use_certificate_chain_file(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
     const char* server_chain_der = "./certs/server-cert-chain.der";
     const char* client_single_pem = "./certs/client-cert.pem";
     WOLFSSL_CTX* ctx = NULL;
@@ -4888,17 +5384,18 @@ static int test_wolfSSL_use_certificate_chain_file(void)
 
     /* Invalid parameters. */
     ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(NULL, NULL,
-        WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, NULL,
-        WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+        WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(NULL,
-       server_chain_der, WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, NULL), WOLFSSL_FAILURE);
+       server_chain_der, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, NULL),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, client_single_pem),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, server_chain_der),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl,
         server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
@@ -4916,7 +5413,8 @@ static int test_wolfSSL_use_certificate_chain_file(void)
 static int test_wolfSSL_CTX_SetTmpDH_file(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_DH) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX *ctx = NULL;
 #if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
@@ -4958,7 +5456,7 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void)
 static int test_wolfSSL_CTX_SetTmpDH_buffer(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_DH) && \
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_DH) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX *ctx = NULL;
 
@@ -5000,7 +5498,7 @@ static int test_wolfSSL_CTX_SetTmpDH_buffer(void)
 static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_DH) && \
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_DH) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX *ctx;
 
@@ -5015,7 +5513,7 @@ static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
 
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048));
@@ -5026,7 +5524,7 @@ static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
 
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_CTX_SetTmpDH_buffer(ctx,
                 dh_key_der_2048, sizeof_dh_key_der_2048,
                 WOLFSSL_FILETYPE_ASN1));
 
@@ -5045,6 +5543,7 @@ static int test_wolfSSL_CTX_der_load_verify_locations(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_DER_LOAD) && \
+    !defined(NO_TLS) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx = NULL;
     const char* derCert = "./certs/server-cert.der";
@@ -5054,7 +5553,7 @@ static int test_wolfSSL_CTX_der_load_verify_locations(void)
 
     /* der load Case 1 ctx NULL */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
-                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
   #ifndef NO_WOLFSSL_CLIENT
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
@@ -5064,16 +5563,16 @@ static int test_wolfSSL_CTX_der_load_verify_locations(void)
 
     /* Case 2 filePath NULL */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath,
-                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Case 3 invalid format */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
-                WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Case 4 filePath not valid */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath,
-                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Case 5 filePath empty */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath,
-                WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
+                WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_RSA
     /* Case 6 success case */
     ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
@@ -5089,31 +5588,31 @@ static int test_wolfSSL_CTX_der_load_verify_locations(void)
 static int test_wolfSSL_CTX_enable_disable(void)
 {
     EXPECT_DECLS;
-#ifndef NO_CERTS
+#if !defined(NO_CERTS) && !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
 
   #ifdef HAVE_CRL
-    ExpectIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_DisableCRL(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
   #endif
 
   #ifdef HAVE_OCSP
-    ExpectIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
   #endif
 
   #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
       defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
-    ExpectIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
   #endif
 
   #ifndef NO_WOLFSSL_CLIENT
 
     #ifdef HAVE_EXTENDED_MASTER
-    ExpectIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #endif
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
 
@@ -5151,7 +5650,7 @@ static int test_wolfSSL_CTX_enable_disable(void)
     #endif
         wolfSSL_CTX_free(ctx);
   #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
-#endif /* NO_CERTS */
+#endif /* !NO_CERTS && !NO_CERTS */
 
     return EXPECT_RESULT();
 }
@@ -5159,7 +5658,8 @@ static int test_wolfSSL_CTX_enable_disable(void)
 static int test_wolfSSL_CTX_ticket_API(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
+#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
     void *userCtx = (void*)"this is my ctx";
 
@@ -5172,14 +5672,14 @@ static int test_wolfSSL_CTX_ticket_API(void)
 
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx));
     ExpectNull(wolfSSL_CTX_get_TicketEncCtx(NULL));
-#endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */
+#endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER && !NO_TLS */
     return EXPECT_RESULT();
 }
 
 static int test_wolfSSL_set_minmax_proto_version(void)
 {
     EXPECT_DECLS;
-#ifdef OPENSSL_EXTRA
+#if defined(OPENSSL_EXTRA) && !defined(NO_TLS)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL *ssl = NULL;
 
@@ -5189,14 +5689,14 @@ static int test_wolfSSL_set_minmax_proto_version(void)
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
-    ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
-    ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
 
-    ExpectIntEQ(wolfSSL_set_min_proto_version(NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_min_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_set_min_proto_version(ssl, 0), SSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_set_max_proto_version(NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_max_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_set_max_proto_version(ssl, 0), SSL_SUCCESS);
 
     wolfSSL_free(ssl);
@@ -5206,8 +5706,8 @@ static int test_wolfSSL_set_minmax_proto_version(void)
 #ifndef NO_WOLFSSL_SERVER
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
-    ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
-    ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
 
@@ -5274,8 +5774,9 @@ static int test_wolfSSL_CTX_set_max_proto_version(void)
 static int test_server_wolfSSL_new(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-        !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_RSA)
+
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL_CTX *ctx_nocert = NULL;
     WOLFSSL *ssl = NULL;
@@ -5310,8 +5811,9 @@ static int test_server_wolfSSL_new(void)
 static int test_client_wolfSSL_new(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-        !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
+
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL_CTX *ctx_nocert = NULL;
     WOLFSSL *ssl = NULL;
@@ -5343,8 +5845,9 @@ static int test_client_wolfSSL_new(void)
 static int test_wolfSSL_SetTmpDH_file(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
-        !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_DH)
+
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL *ssl = NULL;
     const char* dhX942ParamFile = "./certs/x942dh2048.pem";
@@ -5406,7 +5909,8 @@ static int test_wolfSSL_SetTmpDH_file(void)
 static int test_wolfSSL_SetTmpDH_buffer(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(NO_DH)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL *ssl = NULL;
 
@@ -5443,7 +5947,8 @@ static int test_wolfSSL_SetTmpDH_buffer(void)
 static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(NO_DH)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL_CTX *ctx2 = NULL;
     WOLFSSL *ssl = NULL;
@@ -5464,7 +5969,7 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
     ExpectNotNull(ssl2 = wolfSSL_new(ctx2));
 
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048));
@@ -5472,7 +5977,7 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072));
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
@@ -5483,7 +5988,7 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024));
-    ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
                 sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
 
     wolfSSL_free(ssl2);
@@ -5502,7 +6007,7 @@ static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
 static int test_wolfSSL_SetMinVersion(void)
 {
     int                 res = TEST_SKIPPED;
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
     int                 failFlag = WOLFSSL_SUCCESS;
     WOLFSSL_CTX*        ctx = NULL;
     WOLFSSL*            ssl = NULL;
@@ -6865,7 +7370,7 @@ static int test_wolfSSL_EVP_CIPHER_CTX(void)
     ExpectIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc);
 
     ExpectIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS);
-    ExpectIntEQ(EVP_CIPHER_CTX_reset(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_CIPHER_CTX_reset(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     EVP_CIPHER_CTX_free(ctx);
     /* test EVP_CIPHER_CTX_cleanup with NULL */
@@ -6882,15 +7387,10 @@ static int test_wolfSSL_EVP_CIPHER_CTX(void)
 #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) || \
     defined(HAVE_IO_TESTS_DEPENDENCIES)
 #ifdef WOLFSSL_HAVE_TLS_UNIQUE
-    #ifdef WC_SHA512_DIGEST_SIZE
-        #define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE
-    #else
-        #define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE
-    #endif
-    byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */
-    byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */
-    byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */
-    byte client_side_msg2[MD_MAX_SIZE] = {0};/* msg received from server */
+    byte server_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by server */
+    byte server_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from client */
+    byte client_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by client */
+    byte client_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from server */
 #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
 
 /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
@@ -7041,9 +7541,9 @@ static WC_INLINE int test_ssl_memio_read_cb(WOLFSSL *ssl, char *data, int sz,
     return read_sz;
 }
 
-static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
+int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
 {
-    EXPECT_DECLS;
+    EXPECT_DECLS_NO_MSGS(-2000);
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     int c_sharedCtx = 0;
     int s_sharedCtx = 0;
@@ -7241,7 +7741,7 @@ static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
     return EXPECT_RESULT();
 }
 
-static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
+int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
     int* rounds)
 {
     int handshake_complete = 0;
@@ -7269,7 +7769,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
                     err != WOLFSSL_ERROR_WANT_WRITE) {
                     char buff[WOLFSSL_MAX_ERROR_SZ];
                     fprintf(stderr, "error = %d, %s\n", err,
-                        wolfSSL_ERR_error_string(err, buff));
+                        wolfSSL_ERR_error_string((word32)err, buff));
                     failing_c = 1;
                     hs_c = 1;
                     if (failing_c && failing_s) {
@@ -7291,7 +7791,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
                     err != WOLFSSL_ERROR_WANT_WRITE) {
                     char buff[WOLFSSL_MAX_ERROR_SZ];
                     fprintf(stderr, "error = %d, %s\n", err,
-                        wolfSSL_ERR_error_string(err, buff));
+                        wolfSSL_ERR_error_string((word32)err, buff));
                     failing_s = 1;
                     hs_s = 1;
                     if (failing_c && failing_s) {
@@ -7316,7 +7816,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
 
 static int test_ssl_memio_read_write(test_ssl_memio_ctx* ctx)
 {
-    EXPECT_DECLS;
+    EXPECT_DECLS_NO_MSGS(-3000);
     char input[1024];
     int idx = 0;
     const char* msg_c = "hello wolfssl!";
@@ -7361,7 +7861,7 @@ static int test_ssl_memio_read_write(test_ssl_memio_ctx* ctx)
     return EXPECT_RESULT();
 }
 
-static void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
+void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
 {
     ctx->c_cb.last_err = wolfSSL_get_error(ctx->c_ssl, 0);
     ctx->s_cb.last_err = wolfSSL_get_error(ctx->s_ssl, 0);
@@ -7402,10 +7902,18 @@ static void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
     }
 }
 
-int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
-    test_ssl_cbf* server_cb, cbType client_on_handshake)
+static int test_wolfSSL_client_server_nofail_memio_ex(test_ssl_cbf* client_cb,
+    test_ssl_cbf* server_cb, cbType client_on_handshake,
+    cbType server_on_handshake)
 {
-    EXPECT_DECLS;
+    /* We use EXPECT_DECLS_NO_MSGS() here because this helper routine is used
+     * for numerous but varied expected-to-fail scenarios that should not emit
+     * error messages on the expected failures.  Instead, we return a distinct
+     * code for each failure point, allowing the caller to assert on a
+     * particular mode of expected failure.  On success, the usual TEST_SUCCESS
+     * is returned.
+     */
+    EXPECT_DECLS_NO_MSGS(-1000);
     struct test_ssl_memio_ctx test_ctx;
 #ifdef WOLFSSL_HAVE_TLS_UNIQUE
     size_t msg_len;
@@ -7417,8 +7925,8 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
 
     test_ctx.c_ctx = client_cb->ctx;
     test_ctx.s_ctx = server_cb->ctx;
-    test_ctx.c_cb.return_code = TEST_FAIL;
-    test_ctx.s_cb.return_code = TEST_FAIL;
+    test_ctx.c_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID;
+    test_ctx.s_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID;
 
     ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS);
     ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS);
@@ -7427,6 +7935,10 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
         ExpectIntEQ(client_on_handshake(test_ctx.c_ctx, test_ctx.c_ssl),
             TEST_SUCCESS);
     }
+    if (server_on_handshake != NULL) {
+        ExpectIntEQ(server_on_handshake(test_ctx.s_ctx, test_ctx.s_ssl),
+            TEST_SUCCESS);
+    }
     if (client_cb->on_handshake != NULL) {
         ExpectIntEQ(client_cb->on_handshake(&test_ctx.c_ctx, &test_ctx.c_ssl),
             TEST_SUCCESS);
@@ -7436,14 +7948,14 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
             TEST_SUCCESS);
     }
 #ifdef WOLFSSL_HAVE_TLS_UNIQUE
-    XMEMSET(server_side_msg2, 0, MD_MAX_SIZE);
+    XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE);
     msg_len = wolfSSL_get_peer_finished(test_ctx.s_ssl, server_side_msg2,
-        MD_MAX_SIZE);
+        WC_MAX_DIGEST_SIZE);
     ExpectIntGE(msg_len, 0);
 
-    XMEMSET(server_side_msg1, 0, MD_MAX_SIZE);
+    XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE);
     msg_len = wolfSSL_get_finished(test_ctx.s_ssl, server_side_msg1,
-        MD_MAX_SIZE);
+        WC_MAX_DIGEST_SIZE);
     ExpectIntGE(msg_len, 0);
 #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
 
@@ -7457,6 +7969,13 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
 
     return EXPECT_RESULT();
 }
+
+int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
+    test_ssl_cbf* server_cb, cbType client_on_handshake)
+{
+    return (test_wolfSSL_client_server_nofail_memio_ex(client_cb, server_cb,
+        client_on_handshake, NULL));
+}
 #endif
 
 #ifdef HAVE_IO_TESTS_DEPENDENCIES
@@ -7503,7 +8022,7 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
@@ -7521,7 +8040,7 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
                 return WOLFSSL_FATAL_ERROR;
             }
         }
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -7790,29 +8309,29 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_negotiate(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buff));
+            wolfSSL_ERR_error_string((word32)err, buff));
         /*err_sys("SSL_accept failed");*/
         goto done;
     }
 
 #ifdef WOLFSSL_HAVE_TLS_UNIQUE
-    XMEMSET(server_side_msg2, 0, MD_MAX_SIZE);
-    msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, MD_MAX_SIZE);
+    XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE);
+    msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, WC_MAX_DIGEST_SIZE);
     AssertIntGE(msg_len, 0);
 
-    XMEMSET(server_side_msg1, 0, MD_MAX_SIZE);
-    msg_len = wolfSSL_get_finished(ssl, server_side_msg1, MD_MAX_SIZE);
+    XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE);
+    msg_len = wolfSSL_get_finished(ssl, server_side_msg1, WC_MAX_DIGEST_SIZE);
     AssertIntGE(msg_len, 0);
 #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
 
@@ -8015,14 +8534,14 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
         #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             ret = wolfSSL_accept(ssl);
             err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != WOLFSSL_SUCCESS) {
             char buff[WOLFSSL_MAX_ERROR_SZ];
             fprintf(stderr, "error = %d, %s\n", err,
@@ -8063,7 +8582,7 @@ done:
     if (!sharedCtx)
         wolfSSL_CTX_free(ctx);
 
-    if (clientfd >= 0)
+    if (clientfd != SOCKET_INVALID)
         CloseSocket(clientfd);
 
 #ifdef WOLFSSL_TIRTOS
@@ -8169,6 +8688,13 @@ static int test_client_nofail(void* args, cbType cb)
         goto done;
     }
 
+#ifdef WOLFSSL_SRTP
+    /* make sure that NULL (error condition) returns 1 */
+    if (wolfSSL_CTX_set_tlsext_use_srtp(ctx, NULL) != 1) {
+         goto done;
+    }
+#endif
+
 #ifdef HAVE_CRL
     if (cbf != NULL && cbf->crlPemFile != NULL) {
         if (wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS)
@@ -8211,6 +8737,13 @@ static int test_client_nofail(void* args, cbType cb)
         goto done;
     }
 
+#ifdef WOLFSSL_SRTP
+    /* make sure that NULL (error condition) returns 1 */
+    if (wolfSSL_set_tlsext_use_srtp(ssl, NULL) != 1) {
+         goto done;
+    }
+#endif
+
     if (!doUdp) {
         if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
             /*err_sys("SSL_set_fd failed");*/
@@ -8238,18 +8771,18 @@ static int test_client_nofail(void* args, cbType cb)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_negotiate(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buff));
+            wolfSSL_ERR_error_string((word32)err, buff));
         /*err_sys("SSL_connect failed");*/
         goto done;
     }
@@ -8259,7 +8792,7 @@ static int test_client_nofail(void* args, cbType cb)
     cipherSuite = wolfSSL_get_current_cipher_suite(ssl);
     cipherName1 = wolfSSL_get_cipher_name(ssl);
     cipherName2 = wolfSSL_get_cipher_name_from_suite(
-        (cipherSuite >> 8), cipherSuite & 0xFF);
+        (byte)(cipherSuite >> 8), cipherSuite & 0xFF);
     AssertStrEQ(cipherName1, cipherName2);
 
     /* IANA Cipher Suites Names */
@@ -8272,7 +8805,7 @@ static int test_client_nofail(void* args, cbType cb)
 #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
     !defined(WOLFSSL_QT)
     cipherName1 = wolfSSL_get_cipher_name_iana_from_suite(
-            (cipherSuite >> 8), cipherSuite & 0xFF);
+            (byte)(cipherSuite >> 8), cipherSuite & 0xFF);
     AssertStrEQ(cipherName1, cipherName2);
 #endif
 
@@ -8455,7 +8988,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
     if (ssl == NULL) {
         goto done;
     }
-    /* keep handshake resources for re-using WOLFSSL obj */
+    /* keep handshake resources for reusing WOLFSSL obj */
     wolfSSL_KeepArrays(ssl);
     if (wolfSSL_KeepHandshakeResources(ssl)) {
         /* err_sys("SSL_KeepHandshakeResources failed"); */
@@ -8489,14 +9022,14 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -8519,7 +9052,7 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
         fprintf(stderr, "Server response: %s\n", reply);
     }
 
-    /* Session Resumption by re-using WOLFSSL object */
+    /* Session Resumption by reusing WOLFSSL object */
     wolfSSL_set_quiet_shutdown(ssl, 1);
     if (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) {
         /* err_sys ("SSL shutdown failed"); */
@@ -8553,14 +9086,14 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -8808,18 +9341,18 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
 #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_accept(ssl);
         err = wolfSSL_get_error(ssl, ret);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "accept error = %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buff));
+            wolfSSL_ERR_error_string((word32)err, buff));
         /*err_sys("SSL_accept failed");*/
     }
     else {
@@ -8828,14 +9361,14 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             idx = wolfSSL_read(ssl, input, sizeof(input)-1);
             err = wolfSSL_get_error(ssl, idx);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (idx > 0) {
             input[idx] = 0;
             fprintf(stderr, "Client message: %s\n", input);
@@ -8846,14 +9379,14 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
     #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             ret = wolfSSL_write(ssl, msg, len);
             err = wolfSSL_get_error(ssl, ret);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (len != ret) {
             goto cleanup;
         }
@@ -9026,18 +9559,18 @@ static void run_wolfssl_client(void* args)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, ret);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
-            wolfSSL_ERR_error_string(err, buff));
+            wolfSSL_ERR_error_string((word32)err, buff));
         /*err_sys("SSL_connect failed");*/
     }
     else {
@@ -9046,14 +9579,14 @@ static void run_wolfssl_client(void* args)
         #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             ret = wolfSSL_write(ssl, msg, len);
             err = wolfSSL_get_error(ssl, ret);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (len != ret)
             goto cleanup;
 
@@ -9062,14 +9595,14 @@ static void run_wolfssl_client(void* args)
         #endif
         do {
         #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
                 if (ret < 0) { break; } else if (ret == 0) { continue; }
             }
         #endif
             ret = wolfSSL_read(ssl, input, sizeof(input)-1);
             err = wolfSSL_get_error(ssl, ret);
-        } while (err == WC_PENDING_E);
+        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret > 0) {
             input[ret] = '\0'; /* null term */
             fprintf(stderr, "Server response: %s\n", input);
@@ -9154,12 +9687,51 @@ static int test_wolfSSL_read_write(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_read_write_ex(void)
+{
+    EXPECT_DECLS;
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    const char *test_str = "test";
+    int test_str_size;
+    size_t count;
+    byte buf[255];
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfSSLv23_client_method, wolfSSLv23_server_method), 0);
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+    test_str_size = XSTRLEN("test") + 1;
+    ExpectIntEQ(wolfSSL_write_ex(ssl_c, test_str, test_str_size, &count),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(count, test_str_size);
+    count = 0;
+    ExpectIntEQ(wolfSSL_read_ex(ssl_s, buf, sizeof(buf), &count), WOLFSSL_SUCCESS);
+    ExpectIntEQ(count, test_str_size);
+    ExpectIntEQ(XSTRCMP((char*)buf, test_str), 0);
+
+
+    ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+    return TEST_SUCCESS;
+}
+
 static int test_wolfSSL_reuse_WOLFSSLobj(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \
     !defined(WOLFSSL_NO_TLS12)
-    /* The unit test for session resumption by re-using WOLFSSL object.
+    /* The unit test for session resumption by reusing WOLFSSL object.
      * WOLFSSL object is not cleared after first session. It reuse the object
      * for second connection.
     */
@@ -9219,7 +9791,7 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_1_ctx_ready(
     WOLFSSL_CTX* ctx)
 {
     wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     wolfSSL_CTX_set_verify_depth(ctx, 2);
     return TEST_SUCCESS;
 }
@@ -9299,7 +9871,7 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3_ctx_ready(
     WOLFSSL_CTX* ctx)
 {
     wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     wolfSSL_CTX_set_verify_depth(ctx, 0);
     return TEST_SUCCESS;
 }
@@ -9327,12 +9899,12 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void)
      * therefore, handshake becomes failure.
      */
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
-        &server_cbf, NULL), TEST_FAIL);
+        &server_cbf, NULL), -1001);
 
-    ExpectIntEQ(client_cbf.return_code, TEST_FAIL);
-    ExpectIntEQ(server_cbf.return_code, TEST_FAIL);
-    ExpectIntEQ(client_cbf.last_err, MAX_CHAIN_ERROR);
-    ExpectIntEQ(server_cbf.last_err, FATAL_ERROR);
+    ExpectIntEQ(client_cbf.return_code, -1000);
+    ExpectIntEQ(server_cbf.return_code, -1000);
+    ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(MAX_CHAIN_ERROR));
+    ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR));
 #endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
 
     return EXPECT_RESULT();
@@ -9431,12 +10003,12 @@ static int test_wolfSSL_get_finished_client_on_handshake(WOLFSSL_CTX* ctx,
 
     /* get_finished test */
     /* 1. get own sent message */
-    XMEMSET(client_side_msg1, 0, MD_MAX_SIZE);
-    msg_len = wolfSSL_get_finished(ssl, client_side_msg1, MD_MAX_SIZE);
+    XMEMSET(client_side_msg1, 0, WC_MAX_DIGEST_SIZE);
+    msg_len = wolfSSL_get_finished(ssl, client_side_msg1, WC_MAX_DIGEST_SIZE);
     ExpectIntGE(msg_len, 0);
     /* 2. get peer message */
-    XMEMSET(client_side_msg2, 0, MD_MAX_SIZE);
-    msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, MD_MAX_SIZE);
+    XMEMSET(client_side_msg2, 0, WC_MAX_DIGEST_SIZE);
+    msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, WC_MAX_DIGEST_SIZE);
     ExpectIntGE(msg_len, 0);
 
     return EXPECT_RESULT();
@@ -9459,8 +10031,8 @@ static int test_wolfSSL_get_finished(void)
         TEST_SUCCESS);
 
     /* test received msg vs sent msg */
-    ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE));
-    ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE));
+    ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, WC_MAX_DIGEST_SIZE));
+    ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, WC_MAX_DIGEST_SIZE));
 #endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES && WOLFSSL_HAVE_TLS_UNIQUE */
 
     return EXPECT_RESULT();
@@ -9492,6 +10064,11 @@ static void test_wolfSSL_CTX_add_session_ctx_ready(WOLFSSL_CTX* ctx)
 static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl)
 {
     WOLFSSL_SESSION** sess;
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+    static wolfSSL_Mutex m = WOLFSSL_MUTEX_INITIALIZER(m);
+
+    (void)wc_LockMutex(&m);
+#endif
     if (wolfSSL_is_server(ssl))
         sess = &test_wolfSSL_CTX_add_session_server_sess;
     else
@@ -9525,6 +10102,10 @@ static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl)
          * resuming on that session */
         AssertIntEQ(wolfSSL_session_reused(ssl), 1);
     }
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+    wc_UnLockMutex(&m);
+#endif
+
     /* Save CTX to be able to decrypt tickets */
     if (wolfSSL_is_server(ssl) &&
             test_wolfSSL_CTX_add_session_server_ctx == NULL) {
@@ -10502,9 +11083,9 @@ static int test_wolfSSL_dtls_export(void)
         ExpectIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
 
         /* test importing bad length and bad version */
-        version_3[2] += 1;
+        version_3[2]++;
         ExpectIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
-        version_3[2] -= 1; version_3[1] = 0XA0;
+        version_3[2]--; version_3[1] = 0XA0;
         ExpectIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
         wolfSSL_free(ssl);
         wolfSSL_CTX_free(ctx);
@@ -11106,8 +11687,8 @@ static int test_wolfSSL_UseSNI_params(void)
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    NULL, 0, "ssl", 3));
     /* invalid type */
-    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
-    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    ssl, -1, "ssl", 3));
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, (byte)-1, "ctx", 3));
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    ssl, (byte)-1, "ssl", 3));
     /* invalid data */
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx,  0, NULL,  3));
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI(    ssl,  0, NULL,  3));
@@ -11178,12 +11759,13 @@ static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
 
 static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl)
 {
-    AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
+    AssertIntEQ(WC_NO_ERR_TRACE(UNKNOWN_SNI_HOST_NAME_E),
+                wolfSSL_get_error(ssl, 0));
 }
 
 static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl)
 {
-    AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0));
+    AssertIntEQ(WC_NO_ERR_TRACE(SNI_ABSENT_ERROR), wolfSSL_get_error(ssl, 0));
 }
 
 static void verify_SNI_no_matching(WOLFSSL* ssl)
@@ -11221,7 +11803,7 @@ static void verify_SNI_fake_matching(WOLFSSL* ssl)
 
 static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)
 {
-    AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
+    AssertIntEQ(WC_NO_ERR_TRACE(FATAL_ERROR), wolfSSL_get_error(ssl, 0));
 }
 /* END of connection tests callbacks */
 
@@ -11436,19 +12018,19 @@ static int test_wolfSSL_SNI_GetFromBuffer(void)
     ExpectIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
                                                            1, result, &length));
 
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
                                                            0, result, &length));
     buff[0] = 0x16;
 
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
                                                            0, result, &length));
     buff[1] = 0x03;
 
-    ExpectIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff,
+    ExpectIntEQ(WC_NO_ERR_TRACE(SNI_UNSUPPORTED), wolfSSL_SNI_GetFromBuffer(buff,
                                            sizeof(buff), 0, result, &length));
     buff[2] = 0x03;
 
-    ExpectIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff,
+    ExpectIntEQ(WC_NO_ERR_TRACE(INCOMPLETE_DATA), wolfSSL_SNI_GetFromBuffer(buff,
                                            sizeof(buff), 0, result, &length));
     buff[4] = 0x64;
 
@@ -11467,19 +12049,19 @@ static int test_wolfSSL_SNI_GetFromBuffer(void)
     ExpectStrEQ("api.textmate.org", (const char*) result);
 
     /* SSL v2.0 tests */
-    ExpectIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5,
+    ExpectIntEQ(WC_NO_ERR_TRACE(SNI_UNSUPPORTED), wolfSSL_SNI_GetFromBuffer(buff5,
                                           sizeof(buff5), 0, result, &length));
 
     buff5[2] = 0x02;
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff5,
                                           sizeof(buff5), 0, result, &length));
 
     buff5[2] = 0x01; buff5[6] = 0x08;
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff5,
                                           sizeof(buff5), 0, result, &length));
 
     buff5[6] = 0x09; buff5[8] = 0x01;
-    ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
+    ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff5,
                                           sizeof(buff5), 0, result, &length));
 
     return EXPECT_RESULT();
@@ -11602,7 +12184,8 @@ static int test_wolfSSL_UseTrustedCA(void)
     EXPECT_DECLS;
 #if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
     && !defined(NO_RSA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL     *ssl = NULL;
     byte        id[20];
@@ -11644,7 +12227,7 @@ static int test_wolfSSL_UseTrustedCA(void)
 
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
+#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */
 #endif /* HAVE_TRUSTED_CA */
     return EXPECT_RESULT();
 }
@@ -11655,7 +12238,8 @@ static int test_wolfSSL_UseMaxFragment(void)
 #if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \
     !defined(NO_FILESYSTEM) && !defined(NO_RSA)
 
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
   #ifndef NO_WOLFSSL_SERVER
     WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
   #else
@@ -11697,7 +12281,7 @@ static int test_wolfSSL_UseMaxFragment(void)
 
     /* success case */
   #ifdef OPENSSL_EXTRA
-    ExpectIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_8));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_8));
   #else
     ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_8));
   #endif
@@ -11706,9 +12290,9 @@ static int test_wolfSSL_UseMaxFragment(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_11));
     ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_12));
   #ifdef OPENSSL_EXTRA
-    ExpectIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
 
-    ExpectIntEQ(BAD_FUNC_ARG, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_8));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), UseMaxFragment(    ssl,  WOLFSSL_MFL_2_8));
   #else
     ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx,  WOLFSSL_MFL_2_13));
 
@@ -11720,7 +12304,7 @@ static int test_wolfSSL_UseMaxFragment(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_12));
 
   #ifdef OPENSSL_EXTRA
-    ExpectIntEQ(BAD_FUNC_ARG, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_13));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), UseMaxFragment(    ssl,  WOLFSSL_MFL_2_13));
   #else
     ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment(    ssl,  WOLFSSL_MFL_2_13));
   #endif
@@ -11755,7 +12339,7 @@ static int test_wolfSSL_UseMaxFragment(void)
         wolfSSL_CTX_free(ctx_s);
     }
 #endif
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
+#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */
 #endif
     return EXPECT_RESULT();
 }
@@ -11763,7 +12347,7 @@ static int test_wolfSSL_UseMaxFragment(void)
 static int test_wolfSSL_UseTruncatedHMAC(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \
+#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_FILESYSTEM) && !defined(NO_RSA)
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
   #ifndef NO_WOLFSSL_SERVER
@@ -11834,7 +12418,7 @@ static int test_wolfSSL_UseSupportedCurve(void)
 
 static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl)
 {
-    AssertIntEQ(UNKNOWN_ALPN_PROTOCOL_NAME_E, wolfSSL_get_error(ssl, 0));
+    AssertIntEQ(WC_NO_ERR_TRACE(UNKNOWN_ALPN_PROTOCOL_NAME_E), wolfSSL_get_error(ssl, 0));
 }
 
 static void use_ALPN_all(WOLFSSL* ssl)
@@ -11908,7 +12492,7 @@ static void verify_ALPN_not_matching_continue(WOLFSSL* ssl)
     char *proto = NULL;
     word16 protoSz = 0;
 
-    AssertIntEQ(WOLFSSL_ALPN_NOT_FOUND,
+    AssertIntEQ(WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND),
                 wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
 
     /* check value */
@@ -12281,34 +12865,11 @@ static int test_wolfSSL_set_alpn_protos(void)
 
 #endif /* HAVE_ALPN_PROTOS_SUPPORT */
 
-static int test_wolfSSL_DisableExtendedMasterSecret(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
-    WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
-    WOLFSSL     *ssl = wolfSSL_new(ctx);
-
-    ExpectNotNull(ctx);
-    ExpectNotNull(ssl);
-
-    /* error cases */
-    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL));
-    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL));
-
-    /* success cases */
-    ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx));
-    ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl));
-
-    wolfSSL_free(ssl);
-    wolfSSL_CTX_free(ctx);
-#endif
-    return EXPECT_RESULT();
-}
-
 static int test_wolfSSL_wolfSSL_UseSecureRenegotiation(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(NO_TLS)
     WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
     WOLFSSL     *ssl = wolfSSL_new(ctx);
 
@@ -12354,11 +12915,11 @@ static int test_wolfSSL_SCR_Reconnect(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_s));
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
     /* WOLFSSL_FATAL_ERROR since it will block */
-    ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
                 WOLFSSL_ERROR_WANT_READ);
-    ExpectIntEQ(wolfSSL_read(ssl_c, &data, 1), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_read(ssl_c, &data, 1), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
                 WOLFSSL_ERROR_WANT_READ);
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
     wolfSSL_free(ssl_c);
@@ -12379,8 +12940,8 @@ static int test_wolfSSL_SCR_Reconnect(void)
     return EXPECT_RESULT();
 }
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_SERVER) && \
-    (!defined(NO_RSA) || defined(HAVE_ECC))
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \
+    !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
 /* Called when writing. */
 static int DummySend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 {
@@ -12407,7 +12968,7 @@ static int BufferInfoRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
     XMEMCPY(buf, msg->buffer, len);
     /* Move over returned data. */
     msg->buffer += len;
-    msg->length -= len;
+    msg->length -= (word32)len;
 
     /* Amount actually copied. */
     return len;
@@ -12420,8 +12981,8 @@ static int BufferInfoRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
 static int test_tls_ext_duplicate(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_WOLFSSL_SERVER) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \
-    !defined(NO_FILESYSTEM)
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \
+    !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
     const unsigned char clientHelloDupTlsExt[] = {
         0x16, 0x03, 0x03, 0x00, 0x6a, 0x01, 0x00, 0x00,
         0x66, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe,
@@ -12478,8 +13039,8 @@ static int test_tls_ext_duplicate(void)
     ExpectIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
     /* can return duplicate ext error or socket error if the peer closed down
      * while sending alert */
-    if (wolfSSL_get_error(ssl, 0) != SOCKET_ERROR_E) {
-        ExpectIntEQ(wolfSSL_get_error(ssl, 0), DUPLICATE_TLS_EXT_E);
+    if (wolfSSL_get_error(ssl, 0) != WC_NO_ERR_TRACE(SOCKET_ERROR_E)) {
+        ExpectIntEQ(wolfSSL_get_error(ssl, 0), WC_NO_ERR_TRACE(DUPLICATE_TLS_EXT_E));
     }
 
     wolfSSL_free(ssl);
@@ -12521,6 +13082,7 @@ static int test_wolfSSL_X509_NAME_get_entry(void)
     ExpectNotNull(name = X509_get_subject_name(x509));
     ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0);
     ExpectNotNull(ne = X509_NAME_get_entry(name, idx));
+    ExpectNull(X509_NAME_ENTRY_get_data(NULL));
     ExpectNotNull(asn = X509_NAME_ENTRY_get_data(ne));
     ExpectNotNull(subCN = (char*)ASN1_STRING_data(asn));
     wolfSSL_FreeX509(x509);
@@ -12538,6 +13100,8 @@ static int test_wolfSSL_X509_NAME_get_entry(void)
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
     ExpectIntEQ(X509_NAME_print_ex(bio, name, 4,
                     (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_NAME_print_ex_fp(XBADFILE, name, 4,
+                    (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_NAME_print_ex_fp(stderr, name, 4,
                     (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
     BIO_free(bio);
@@ -12563,7 +13127,7 @@ static int test_wolfSSL_PKCS12(void)
                    * Password Key
                    */
 #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_STDIO_FILESYSTEM) && \
+    !defined(NO_STDIO_FILESYSTEM) && !defined(NO_TLS) && \
     !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
     !defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO)
     byte buf[6000];
@@ -12962,8 +13526,8 @@ static int test_wolfSSL_PKCS12(void)
     #define TEST_PKCS8_ENC
 #endif
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
-    && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
+    defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_TLS)
 
 /* used to keep track if FailTestCallback was called */
 static int failTestCallbackCalled = 0;
@@ -12985,8 +13549,8 @@ static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userda
 static int test_wolfSSL_no_password_cb(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
-    && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
+    defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
     byte buff[FOURK_BUF];
     const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
@@ -13027,7 +13591,7 @@ static int test_wolfSSL_no_password_cb(void)
     return EXPECT_RESULT();
 }
 
-#ifdef TEST_PKCS8_ENC
+#if defined(TEST_PKCS8_ENC) && !defined(NO_TLS)
 /* for PKCS8 test case */
 static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
 {
@@ -13049,14 +13613,15 @@ static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
             return BAD_FUNC_ARG;
     }
 }
-#endif /* TEST_PKCS8_ENC */
+#endif /* TEST_PKCS8_ENC && !NO_TLS */
 
 /* Testing functions dealing with PKCS8 */
 static int test_wolfSSL_PKCS8(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
-    !defined(WOLFCRYPT_ONLY)
+    !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) && \
+    (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13))
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
     byte buff[FOURK_BUF];
     byte der[FOURK_BUF];
@@ -13255,7 +13820,7 @@ static int test_wolfSSL_PKCS8(void)
 #else
     /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
     ExpectIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der,
-        (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
+        (word32)sizeof(der), NULL)), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
 #endif /* HAVE_ECC */
 
     wolfSSL_CTX_free(ctx);
@@ -13279,13 +13844,17 @@ static int test_wolfSSL_PKCS8_ED25519(void)
     "-----END ENCRYPTED PRIVATE KEY-----\n";
     const char password[] = "abcdefghijklmnopqrstuvwxyz";
     byte der[FOURK_BUF];
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx = NULL;
+#endif
     int bytes;
 
     XMEMSET(der, 0, sizeof(der));
     ExpectIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
         (word32)sizeof(der), password)), 0);
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
 #ifndef NO_WOLFSSL_SERVER
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 #else
@@ -13295,7 +13864,7 @@ static int test_wolfSSL_PKCS8_ED25519(void)
         WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
+#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */
 #endif
     return EXPECT_RESULT();
 }
@@ -13315,13 +13884,17 @@ static int test_wolfSSL_PKCS8_ED448(void)
     "-----END ENCRYPTED PRIVATE KEY-----\n";
     const char password[] = "abcdefghijklmnopqrstuvwxyz";
     byte der[FOURK_BUF];
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx = NULL;
+#endif
     int bytes;
 
     XMEMSET(der, 0, sizeof(der));
     ExpectIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
         (word32)sizeof(der), password)), 0);
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
 #ifndef NO_WOLFSSL_SERVER
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 #else
@@ -13331,7 +13904,7 @@ static int test_wolfSSL_PKCS8_ED448(void)
         WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
+#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */
 #endif
     return EXPECT_RESULT();
 }
@@ -13412,6 +13985,11 @@ static int test_wolfSSL_TBS(void)
     const unsigned char* tbs;
     int tbsSz;
 
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile,
         WOLFSSL_FILETYPE_PEM));
 
@@ -13435,21 +14013,26 @@ static int test_wolfSSL_X509_verify(void)
     WOLFSSL_EVP_PKEY* pkey = NULL;
     unsigned char buf[2048];
     const unsigned char* pt = NULL;
-    int bufSz;
+    int bufSz = 0;
 
     ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile,
         WOLFSSL_FILETYPE_PEM));
 
+    ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, NULL),
+        WOLFSSL_SUCCESS);
     ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(bufSz, 294);
 
+    bufSz--;
+    ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
+        WOLFSSL_SUCCESS);
     bufSz = 2048;
     ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
         WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk);
 
 
@@ -13472,10 +14055,16 @@ static int test_wolfSSL_X509_verify(void)
         WOLFSSL_SUCCESS);
     pt = buf;
     ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
-    ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(NULL));
+    ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(serv));
+#endif
 
-    ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR);
     wolfSSL_EVP_PKEY_free(pkey);
 
     wolfSSL_FreeX509(ca);
@@ -13484,6 +14073,507 @@ static int test_wolfSSL_X509_verify(void)
     return EXPECT_RESULT();
 }
 
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
+/* Given acert file and its pubkey file, read them and then
+ * attempt to verify signed acert.
+ *
+ * If expect_pass is true, then verification should pass.
+ * If expect_pass is false, then verification should fail.
+ * */
+static int do_acert_verify_test(const char * acert_file,
+                                const char * pkey_file,
+                                size_t       expect_pass)
+{
+    X509_ACERT * x509 = NULL;
+    EVP_PKEY *   pkey = NULL;
+    BIO *        bp = NULL;
+    int          verify_rc = 0;
+
+    /* First read the attribute certificate. */
+    bp = BIO_new_file(acert_file, "r");
+    if (bp == NULL) {
+        return -1;
+    }
+
+    x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL);
+    BIO_free(bp);
+    bp = NULL;
+
+    if (x509 == NULL) {
+        return -1;
+    }
+
+    /* Next read the associated pub key. */
+    bp = BIO_new_file(pkey_file, "r");
+
+    if (bp == NULL) {
+        X509_ACERT_free(x509);
+        x509 = NULL;
+        return -1;
+    }
+
+    pkey = PEM_read_bio_PUBKEY(bp, &pkey, NULL, NULL);
+    BIO_free(bp);
+    bp = NULL;
+
+    if (pkey == NULL) {
+        X509_ACERT_free(x509);
+        x509 = NULL;
+        return -1;
+    }
+
+    /* Finally, do verification. */
+    verify_rc = X509_ACERT_verify(x509, pkey);
+
+    X509_ACERT_free(x509);
+    x509 = NULL;
+
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+    if (expect_pass && verify_rc != 1) {
+        return -1;
+    }
+
+    if (!expect_pass && verify_rc == 1) {
+        return -1;
+    }
+
+    return 0;
+}
+#endif
+
+static int test_wolfSSL_X509_ACERT_verify(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
+    /* Walk over list of signed ACERTs and their pubkeys.
+     * All should load and pass verification. */
+    const char * acerts[4] = {"certs/acert/acert.pem",
+                              "certs/acert/acert_ietf.pem",
+                              "certs/acert/rsa_pss/acert.pem",
+                              "certs/acert/rsa_pss/acert_ietf.pem"};
+    const char * pkeys[4] =  {"certs/acert/acert_pubkey.pem",
+                              "certs/acert/acert_ietf_pubkey.pem",
+                              "certs/acert/rsa_pss/acert_pubkey.pem",
+                              "certs/acert/rsa_pss/acert_ietf_pubkey.pem"};
+    int    rc = 0;
+    size_t i = 0;
+    size_t j = 0;
+
+    for (i = 0; i < 4; ++i) {
+        for (j = i; j < 4; ++j) {
+            rc = do_acert_verify_test(acerts[i], pkeys[j], i == j);
+
+            if (rc) {
+                fprintf(stderr, "error: %s: i = %zu, j = %zu, rc = %d\n",
+                        "do_acert_verify_test", i, j, rc);
+                break;
+            }
+        }
+
+        if (rc) { break; }
+    }
+
+    ExpectIntEQ(rc, 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_ACERT_misc_api(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
+    const char * acerts[4] = {"certs/acert/acert.pem",
+                              "certs/acert/acert_ietf.pem",
+                              "certs/acert/rsa_pss/acert.pem",
+                              "certs/acert/rsa_pss/acert_ietf.pem"};
+    int          rc = 0;
+    X509_ACERT * x509 = NULL;
+    BIO *        bp = NULL;
+    long         ver_long = 0;
+    int          ver = 0;
+    int          nid = 0;
+    const byte * raw_attr = NULL;
+    word32       attr_len = 0;
+    size_t       i = 0;
+    int          buf_len = 0;
+    byte         ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02,
+                                  0xa2, 0xaa, 0xb5, 0x40, 0x21,
+                                  0x44, 0xb8, 0x2c, 0x4f, 0xd9,
+                                  0x80, 0x1b, 0x5f, 0x57, 0xc2};
+
+    for (i = 0; i < 4; ++i) {
+        const char * acert_file = acerts[i];
+        int          is_rsa_pss = 0;
+        int          is_ietf_acert = 0;
+        byte         serial[64];
+        int          serial_len = sizeof(serial);
+
+        XMEMSET(serial, 0, sizeof(serial));
+
+        is_rsa_pss = XSTRSTR(acert_file, "rsa_pss") != NULL ? 1 : 0;
+        is_ietf_acert = XSTRSTR(acert_file, "ietf.pem") != NULL ? 1 : 0;
+
+        /* First read the attribute certificate. */
+        bp = BIO_new_file(acert_file, "r");
+        ExpectNotNull(bp);
+
+        x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL);
+        ExpectNotNull(x509);
+
+        /* We're done with the bio for now. */
+        if (bp != NULL) {
+            BIO_free(bp);
+            bp = NULL;
+        }
+
+        /* Check version and signature NID. */
+        ver_long = X509_ACERT_get_version(x509);
+        ExpectIntEQ(ver_long, 1);
+
+        ver = wolfSSL_X509_ACERT_version(x509);
+        ExpectIntEQ(ver, 2);
+
+        nid = X509_ACERT_get_signature_nid(x509);
+
+        if (is_rsa_pss) {
+            ExpectIntEQ(nid, NID_rsassaPss);
+        }
+        else {
+            ExpectIntEQ(nid, NID_sha256WithRSAEncryption);
+        }
+
+        /* Get the serial number buffer.
+         * The ietf acert example has a 20 byte serial number. */
+        rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+
+        if (is_ietf_acert) {
+            ExpectIntEQ(serial_len, 20);
+            ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0);
+        }
+        else {
+            ExpectIntEQ(serial_len, 1);
+            ExpectTrue(serial[0] == 0x01);
+        }
+
+        /* Repeat the same but with null serial buffer. This is ok. */
+        rc = wolfSSL_X509_ACERT_get_serial_number(x509, NULL, &serial_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+
+        if (is_ietf_acert) {
+            ExpectIntEQ(serial_len, 20);
+        }
+        else {
+            ExpectIntEQ(serial_len, 1);
+            ExpectTrue(serial[0] == 0x01);
+        }
+
+        /* Get the attributes buffer. */
+        rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+
+        if (is_ietf_acert) {
+            /* This cert has a 65 byte attributes field. */
+            ExpectNotNull(raw_attr);
+            ExpectIntEQ(attr_len, 65);
+        }
+        else {
+            /* This cert has a 237 byte attributes field. */
+            ExpectNotNull(raw_attr);
+            ExpectIntEQ(attr_len, 237);
+        }
+
+        /* Test printing acert to memory bio. */
+        ExpectNotNull(bp = BIO_new(BIO_s_mem()));
+        rc = X509_ACERT_print(bp, x509);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+
+        /* Now do a bunch of invalid stuff with partially valid inputs. */
+        rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, NULL);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
+        rc = wolfSSL_X509_ACERT_get_attr_buf(x509, NULL, &attr_len);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
+        rc = wolfSSL_X509_ACERT_get_attr_buf(NULL, &raw_attr, &attr_len);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
+        ver_long = X509_ACERT_get_version(NULL);
+        ExpectIntEQ(ver_long, 0);
+
+        ver = wolfSSL_X509_ACERT_version(NULL);
+        ExpectIntEQ(ver, 0);
+
+        rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, NULL);
+        ExpectIntEQ(rc, WOLFSSL_FATAL_ERROR);
+
+        rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, &buf_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+        ExpectIntEQ(buf_len, 256);
+
+        rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, NULL);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
+        rc = X509_ACERT_print(bp, NULL);
+        ExpectIntEQ(rc, WOLFSSL_FAILURE);
+
+        rc = X509_ACERT_print(NULL, x509);
+        ExpectIntEQ(rc, WOLFSSL_FAILURE);
+
+        /* Finally free the acert and bio, we're done with them. */
+        if (x509 != NULL) {
+            X509_ACERT_free(x509);
+            x509 = NULL;
+        }
+
+        if (bp != NULL) {
+            BIO_free(bp);
+            bp = NULL;
+        }
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_ACERT_buffer(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \
+    !defined(NO_RSA) && defined(WC_RSA_PSS) && \
+    (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA))
+    const byte acert_ietf[] = \
+    "-----BEGIN ATTRIBUTE CERTIFICATE-----\n"
+    "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n"
+    "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n"
+    "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n"
+    "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n"
+    "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n"
+    "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n"
+    "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n"
+    "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n"
+    "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n"
+    "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n"
+    "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n"
+    "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n"
+    "Bw==\n"
+    "-----END ATTRIBUTE CERTIFICATE-----\n";
+    X509_ACERT * x509 = NULL;
+    int          rc = 0;
+    byte         ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02,
+                                  0xa2, 0xaa, 0xb5, 0x40, 0x21,
+                                  0x44, 0xb8, 0x2c, 0x4f, 0xd9,
+                                  0x80, 0x1b, 0x5f, 0x57, 0xc2};
+    byte         serial[64];
+    int          serial_len = sizeof(serial);
+    const byte * raw_attr = NULL;
+    word32       attr_len = 0;
+
+    x509 = wolfSSL_X509_ACERT_load_certificate_buffer_ex(acert_ietf,
+                                                         sizeof(acert_ietf),
+                                                         WOLFSSL_FILETYPE_PEM,
+                                                         HEAP_HINT);
+
+    rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len);
+    ExpectIntEQ(rc, SSL_SUCCESS);
+
+    ExpectIntEQ(serial_len, 20);
+    ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0);
+
+    /* Get the attributes buffer. */
+    rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len);
+    ExpectIntEQ(rc, SSL_SUCCESS);
+
+    /* This cert has a 65 byte attributes field. */
+    ExpectNotNull(raw_attr);
+    ExpectIntEQ(attr_len, 65);
+
+    ExpectNotNull(x509);
+
+    if (x509 != NULL) {
+        wolfSSL_X509_ACERT_free(x509);
+        x509 = NULL;
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+/* note: when ACERT generation and signing are implemented,
+ * this test will be filled out appropriately.
+ * */
+static int test_wolfSSL_X509_ACERT_new_and_sign(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \
+    !defined(NO_RSA) && defined(WC_RSA_PSS) && \
+    (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA))
+    X509_ACERT * x509 = NULL;
+    int          rc = 0;
+
+    x509 = X509_ACERT_new();
+    ExpectNotNull(x509);
+
+    if (x509 != NULL) {
+        wolfSSL_X509_ACERT_free(x509);
+        x509 = NULL;
+    }
+
+    /* Same but with static memory hint. */
+    x509 = wolfSSL_X509_ACERT_new_ex(HEAP_HINT);
+    ExpectNotNull(x509);
+
+    #ifndef NO_WOLFSSL_STUB
+    /* ACERT sign not implemented yet. */
+    if (x509 != NULL) {
+        rc = wolfSSL_X509_ACERT_sign(x509, NULL, NULL);
+        ExpectIntEQ(rc, WOLFSSL_NOT_IMPLEMENTED);
+    }
+    #else
+    (void) rc;
+    #endif /* NO_WOLFSSL_STUB */
+
+    if (x509 != NULL) {
+        wolfSSL_X509_ACERT_free(x509);
+        x509 = NULL;
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Test ACERT support, but with ASN functions only.
+ *
+ * This example acert_ietf has both Holder IssuerSerial
+ * and Holder entityName fields.
+ * */
+static int test_wolfSSL_X509_ACERT_asn(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS)
+    const byte     acert_ietf[] = \
+    "-----BEGIN ATTRIBUTE CERTIFICATE-----\n"
+    "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n"
+    "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n"
+    "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n"
+    "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n"
+    "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n"
+    "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n"
+    "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n"
+    "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n"
+    "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n"
+    "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n"
+    "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n"
+    "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n"
+    "Bw==\n"
+    "-----END ATTRIBUTE CERTIFICATE-----\n";
+    int            rc = 0;
+    int            n_diff = 0;
+    byte           ietf_serial[] =      {0x03, 0xb5, 0x90, 0x59, 0x02,
+                                         0xa2, 0xaa, 0xb5, 0x40, 0x21,
+                                         0x44, 0xb8, 0x2c, 0x4f, 0xd9,
+                                         0x80, 0x1b, 0x5f, 0x57, 0xc2};
+    byte           holderIssuerName[] = {0x31, 0x0b, 0x30, 0x09, 0x06,
+                                         0x03, 0x55, 0x04, 0x03, 0x0c,
+                                         0x02, 0x43, 0x41};
+    byte           holderEntityName[] = {0x31, 0x17, 0x30, 0x15, 0x06,
+                                         0x03, 0x55, 0x04, 0x03, 0x0c,
+                                         0x0e, 0x73, 0x65, 0x72, 0x76,
+                                         0x65, 0x72, 0x2e, 0x65, 0x78,
+                                         0x61, 0x6d, 0x70, 0x6c, 0x65};
+    DerBuffer *    der = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedAcert * acert = NULL;
+#else
+    DecodedAcert   acert[1];
+#endif
+
+    rc = wc_PemToDer(acert_ietf, sizeof(acert_ietf), ACERT_TYPE, &der,
+                     HEAP_HINT, NULL, NULL);
+
+    ExpectIntEQ(rc, 0);
+    ExpectNotNull(der);
+
+    if (der != NULL) {
+        ExpectNotNull(der->buffer);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), HEAP_HINT,
+                                   DYNAMIC_TYPE_DCERT);
+    ExpectNotNull(acert);
+#else
+    XMEMSET(acert, 0, sizeof(DecodedAcert));
+#endif
+
+    if (der != NULL && der->buffer != NULL
+#ifdef WOLFSSL_SMALL_STACK
+        && acert != NULL
+#endif
+    ) {
+        wc_InitDecodedAcert(acert, der->buffer, der->length, HEAP_HINT);
+        rc = wc_ParseX509Acert(acert, VERIFY_SKIP_DATE);
+        ExpectIntEQ(rc, 0);
+
+        ExpectIntEQ(acert->serialSz, 20);
+        ExpectIntEQ(XMEMCMP(acert->serial, ietf_serial, sizeof(ietf_serial)),
+                    0);
+
+        /* This cert has a 65 byte attributes field. */
+        ExpectNotNull(acert->rawAttr);
+        ExpectIntEQ(acert->rawAttrLen, 65);
+
+        ExpectNotNull(acert->holderIssuerName);
+        ExpectNotNull(acert->holderEntityName);
+
+        if ((acert->holderIssuerName != NULL) &&
+            (acert->holderEntityName != NULL)) {
+            ExpectNotNull(acert->holderEntityName->name);
+            ExpectNotNull(acert->holderIssuerName->name);
+        }
+
+        if ((acert->holderIssuerName != NULL) &&
+            (acert->holderEntityName != NULL) &&
+            (acert->holderIssuerName->name != NULL) &&
+            (acert->holderEntityName->name != NULL)) {
+            ExpectIntEQ(acert->holderIssuerName->len,
+                        sizeof(holderIssuerName));
+            ExpectIntEQ(acert->holderEntityName->len,
+                        sizeof(holderEntityName));
+
+            ExpectIntEQ(acert->holderIssuerName->type, ASN_DIR_TYPE);
+            ExpectIntEQ(acert->holderEntityName->type, ASN_DIR_TYPE);
+
+            n_diff = XMEMCMP(acert->holderIssuerName->name, holderIssuerName,
+                             sizeof(holderIssuerName));
+            ExpectIntEQ(n_diff, 0);
+
+            n_diff = XMEMCMP(acert->holderEntityName->name, holderEntityName,
+                             sizeof(holderEntityName));
+            ExpectIntEQ(n_diff, 0);
+        }
+
+        wc_FreeDecodedAcert(acert);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    if (acert != NULL) {
+        XFREE(acert, HEAP_HINT, DYNAMIC_TYPE_DCERT);
+        acert = NULL;
+    }
+#endif
+
+    if (der != NULL) {
+        wc_FreeDer(&der);
+        der = NULL;
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
 
 #if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \
          defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
@@ -13558,7 +14648,7 @@ static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store)
 {
     EXPECT_DECLS;
 #ifndef OPENSSL_COMPATIBLE_DEFAULTS
-    ExpectIntEQ(store->error, ASN_VERSION_E);
+    ExpectIntEQ(store->error, WC_NO_ERR_TRACE(ASN_VERSION_E));
 #else
     ExpectIntEQ(store->error, 0);
 #endif
@@ -13605,7 +14695,7 @@ static int test_wolfSSL_X509_TLS_version_test_1(void)
 
 #ifndef OPENSSL_COMPATIBLE_DEFAULTS
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
-        &func_cb_server, NULL), TEST_FAIL);
+        &func_cb_server, NULL), -1001);
 #else
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
         &func_cb_server, NULL), TEST_SUCCESS);
@@ -13655,7 +14745,7 @@ static int test_wolfSSL_X509_TLS_version_test_2(void)
 static int test_wolfSSL_CTX_SetMinVersion(void)
 {
     int                     res = TEST_SKIPPED;
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
     int                     failFlag = WOLFSSL_SUCCESS;
     WOLFSSL_CTX*            ctx;
     int                     itr;
@@ -13707,7 +14797,7 @@ static int test_wolfSSL_UseOCSPStapling(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \
-        !defined(NO_WOLFSSL_CLIENT)
+    !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX*    ctx = NULL;
     WOLFSSL*        ssl = NULL;
 
@@ -13727,13 +14817,13 @@ static int test_wolfSSL_UseOCSPStapling(void)
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
     ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR2_OCSP,
-        WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
+        WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
         WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
 #else
     ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
-        WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
+        WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     wolfSSL_free(ssl);
@@ -13752,7 +14842,7 @@ static int test_wolfSSL_UseOCSPStaplingV2(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \
-        !defined(NO_WOLFSSL_CLIENT)
+    !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX*        ctx = NULL;
     WOLFSSL*            ssl = NULL;
 
@@ -13772,13 +14862,13 @@ static int test_wolfSSL_UseOCSPStaplingV2(void)
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
     ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP,
-        WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
+        WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
         WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
 #else
     ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
-        WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
+        WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     wolfSSL_free(ssl);
@@ -13833,6564 +14923,6 @@ static int test_wolfSSL_mcast(void)
  |  Wolfcrypt
  *----------------------------------------------------------------------------*/
 
-/*
- * Unit test for the wc_InitBlake2b()
- */
-static int test_wc_InitBlake2b(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_BLAKE2
-    Blake2b blake;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitBlake2b(&blake, 64), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitBlake2b(NULL, 64), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b(NULL, 128), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b(&blake, 128), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b(&blake, 0), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-}     /* END test_wc_InitBlake2b*/
-
-/*
- * Unit test for the wc_InitBlake2b_WithKey()
- */
-static int test_wc_InitBlake2b_WithKey(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_BLAKE2
-    Blake2b     blake;
-    word32      digestSz = BLAKE2B_KEYBYTES;
-    byte        key[BLAKE2B_KEYBYTES];
-    word32      keylen = BLAKE2B_KEYBYTES;
-
-    XMEMSET(key, 0, sizeof(key));
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, 256),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen), 0);
-#endif
-    return EXPECT_RESULT();
-}     /* END wc_InitBlake2b_WithKey*/
-
-/*
- * Unit test for the wc_InitBlake2s_WithKey()
- */
-static int test_wc_InitBlake2s_WithKey(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_BLAKE2S
-    Blake2s     blake;
-    word32      digestSz = BLAKE2S_KEYBYTES;
-    byte        *key = (byte*)"01234567890123456789012345678901";
-    word32      keylen = BLAKE2S_KEYBYTES;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, 256),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen), 0);
-#endif
-    return EXPECT_RESULT();
-}     /* END wc_InitBlake2s_WithKey*/
-
-/*
- * Unit test for the wc_InitMd5()
- */
-static int test_wc_InitMd5(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_MD5
-    wc_Md5 md5;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitMd5(&md5), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitMd5(NULL), BAD_FUNC_ARG);
-
-    wc_Md5Free(&md5);
-#endif
-    return EXPECT_RESULT();
-}     /* END test_wc_InitMd5 */
-
-
-/*
- * Testing wc_UpdateMd5()
- */
-static int test_wc_Md5Update(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_MD5
-    wc_Md5 md5;
-    byte hash[WC_MD5_DIGEST_SIZE];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitMd5(&md5), 0);
-
-    /* Input */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Md5Update(&md5, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Md5Final(&md5, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
-               "\x72";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Md5Update(&md5, (byte*) a.input, (word32) a.inLen), 0);
-    ExpectIntEQ(wc_Md5Final(&md5, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE), 0);
-
-    /* Pass in bad values. */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_Md5Update(&md5, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = WC_MD5_DIGEST_SIZE;
-    ExpectIntEQ(wc_Md5Update(&md5, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_Md5Free(&md5);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Md5Update()  */
-
-
-/*
- *  Unit test on wc_Md5Final() in wolfcrypt/src/md5.c
- */
-static int test_wc_Md5Final(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_MD5
-    /* Instantiate */
-    wc_Md5 md5;
-    byte* hash_test[3];
-    byte hash1[WC_MD5_DIGEST_SIZE];
-    byte hash2[2*WC_MD5_DIGEST_SIZE];
-    byte hash3[5*WC_MD5_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitMd5(&md5), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test)/sizeof(byte*);
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(wc_Md5Final(&md5, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Md5Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Final(&md5, NULL), BAD_FUNC_ARG);
-
-    wc_Md5Free(&md5);
-#endif
-    return EXPECT_RESULT();
-}
-
-/*
- * Unit test for the wc_InitSha()
- */
-static int test_wc_InitSha(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA
-    wc_Sha sha;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha(&sha), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha(NULL), BAD_FUNC_ARG);
-
-    wc_ShaFree(&sha);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitSha */
-
-/*
- *  Tesing wc_ShaUpdate()
- */
-static int test_wc_ShaUpdate(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA
-    wc_Sha sha;
-    byte hash[WC_SHA_DIGEST_SIZE];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitSha(&sha), 0);
-
-    /* Input. */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-
-    ExpectIntEQ(wc_ShaUpdate(&sha, NULL, 0), 0);
-    ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_ShaFinal(&sha, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
-               "\x6C\x9C\xD0\xD8\x9D";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_ShaFinal(&sha, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE), 0);
-
-    /* Try passing in bad values. */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = WC_SHA_DIGEST_SIZE;
-    ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_ShaFree(&sha);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ShaUpdate() */
-
-
-/*
- * Unit test on wc_ShaFinal
- */
-static int test_wc_ShaFinal(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA
-    wc_Sha sha;
-    byte* hash_test[3];
-    byte hash1[WC_SHA_DIGEST_SIZE];
-    byte hash2[2*WC_SHA_DIGEST_SIZE];
-    byte hash3[5*WC_SHA_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize*/
-    ExpectIntEQ(wc_InitSha(&sha), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test)/sizeof(byte*);
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(wc_ShaFinal(&sha, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ShaFinal(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaFinal(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaFinal(&sha, NULL), BAD_FUNC_ARG);
-
-    wc_ShaFree(&sha);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ShaFinal */
-
-
-/*
- * Unit test for wc_InitSha256()
- */
-static int test_wc_InitSha256(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha256(NULL), BAD_FUNC_ARG);
-
-    wc_Sha256Free(&sha256);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitSha256 */
-
-
-/*
- * Unit test for wc_Sha256Update()
- */
-static int test_wc_Sha256Update(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-    byte hash[WC_SHA256_DIGEST_SIZE];
-    byte hash_unaligned[WC_SHA256_DIGEST_SIZE+1];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-
-    /*  Input. */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Sha256Update(&sha256, NULL, 0), 0);
-    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha256Final(&sha256, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
-               "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
-               "\x15\xAD";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha256Final(&sha256, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0);
-
-    /* Unaligned check. */
-    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input+1, (word32)a.inLen-1),
-        0);
-    ExpectIntEQ(wc_Sha256Final(&sha256, hash_unaligned + 1), 0);
-
-    /* Try passing in bad values */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = WC_SHA256_DIGEST_SIZE;
-    ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_Sha256Free(&sha256);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256Update */
-
-
-/*
- * Unit test function for wc_Sha256Final()
- */
-static int test_wc_Sha256Final(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-    byte* hash_test[3];
-    byte hash1[WC_SHA256_DIGEST_SIZE];
-    byte hash2[2*WC_SHA256_DIGEST_SIZE];
-    byte hash3[5*WC_SHA256_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(wc_Sha256Final(&sha256, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha256Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Final(&sha256, NULL), BAD_FUNC_ARG);
-
-    wc_Sha256Free(&sha256);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256Final */
-/*
- * Unit test function for wc_Sha256FinalRaw()
- */
-static int test_wc_Sha256FinalRaw(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-    wc_Sha256 sha256;
-    byte* hash_test[3];
-    byte hash1[WC_SHA256_DIGEST_SIZE];
-    byte hash2[2*WC_SHA256_DIGEST_SIZE];
-    byte hash3[5*WC_SHA256_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(wc_Sha256FinalRaw(&sha256, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha256FinalRaw(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256FinalRaw(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256FinalRaw(&sha256, NULL), BAD_FUNC_ARG);
-
-    wc_Sha256Free(&sha256);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Sha256FinalRaw */
-/*
- * Unit test function for wc_Sha256GetFlags()
- */
-static int test_wc_Sha256GetFlags(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha256 sha256;
-    word32 flags = 0;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-
-    ExpectIntEQ(wc_Sha256GetFlags(&sha256, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-
-    wc_Sha256Free(&sha256);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Sha256GetFlags */
-/*
- * Unit test function for wc_Sha256Free()
- */
-static int test_wc_Sha256Free(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA256
-    wc_Sha256Free(NULL);
-    /* Set result to SUCCESS. */
-    ExpectTrue(1);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256Free */
-/*
- * Unit test function for wc_Sha256GetHash()
- */
-static int test_wc_Sha256GetHash(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-    byte hash1[WC_SHA256_DIGEST_SIZE];
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-
-    ExpectIntEQ(wc_Sha256GetHash(&sha256, hash1), 0);
-
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha256GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256GetHash(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256GetHash(&sha256, NULL), BAD_FUNC_ARG);
-
-    wc_Sha256Free(&sha256);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256GetHash */
-/*
- * Unit test function for wc_Sha256Copy()
- */
-static int test_wc_Sha256Copy(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-    wc_Sha256 temp;
-
-    XMEMSET(&sha256, 0, sizeof(sha256));
-    XMEMSET(&temp, 0, sizeof(temp));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha256(&sha256), 0);
-    ExpectIntEQ(wc_InitSha256(&temp), 0);
-
-    ExpectIntEQ(wc_Sha256Copy(&sha256, &temp), 0);
-
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha256Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Copy(&sha256, NULL), BAD_FUNC_ARG);
-
-    wc_Sha256Free(&sha256);
-    wc_Sha256Free(&temp);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256Copy */
-/*
- * Testing wc_InitSha512()
- */
-static int test_wc_InitSha512(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha512(NULL), BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitSha512 */
-
-
-/*
- *  wc_Sha512Update() test.
- */
-static int test_wc_Sha512Update(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-    byte hash[WC_SHA512_DIGEST_SIZE];
-    byte hash_unaligned[WC_SHA512_DIGEST_SIZE + 1];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-
-    /* Input. */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Sha512Update(&sha512, NULL, 0), 0);
-    ExpectIntEQ(wc_Sha512Update(&sha512,(byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha512Final(&sha512, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
-               "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b"
-               "\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c"
-               "\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a"
-               "\x9a\xc9\x4f\xa5\x4c\xa4\x9f";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Sha512Update(&sha512, (byte*) a.input, (word32) a.inLen), 0);
-    ExpectIntEQ(wc_Sha512Final(&sha512, hash), 0);
-
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE), 0);
-
-    /* Unaligned check. */
-    ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)a.input+1, (word32)a.inLen-1),
-        0);
-    ExpectIntEQ(wc_Sha512Final(&sha512, hash_unaligned+1), 0);
-
-    /* Try passing in bad values */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = WC_SHA512_DIGEST_SIZE;
-    ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Sha512Update  */
-
-#ifdef WOLFSSL_SHA512
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
-        (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
-/* Performs test for
- * - wc_Sha512Final/wc_Sha512FinalRaw
- * - wc_Sha512_224Final/wc_Sha512_224Final
- * - wc_Sha512_256Final/wc_Sha512_256Final
- * parameter:
- * - type : must be one of WC_HASH_TYPE_SHA512, WC_HASH_TYPE_SHA512_224 or
- *          WC_HASH_TYPE_SHA512_256
- * - isRaw: if is non-zero, xxxFinalRaw function will be tested
- *return 0 on success
- */
-static int test_Sha512_Family_Final(int type, int isRaw)
-{
-    EXPECT_DECLS;
-    wc_Sha512 sha512;
-    byte* hash_test[3];
-    byte hash1[WC_SHA512_DIGEST_SIZE];
-    byte hash2[2*WC_SHA512_DIGEST_SIZE];
-    byte hash3[5*WC_SHA512_DIGEST_SIZE];
-    int times, i;
-
-    int(*initFp)(wc_Sha512*);
-    int(*finalFp)(wc_Sha512*, byte*);
-    void(*freeFp)(wc_Sha512*);
-
-    if (type == WC_HASH_TYPE_SHA512) {
-        initFp  = wc_InitSha512;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-        finalFp = (isRaw)? wc_Sha512FinalRaw : wc_Sha512Final;
-#else
-        finalFp = (isRaw)? NULL : wc_Sha512Final;
-#endif
-        freeFp  = wc_Sha512Free;
-    }
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if !defined(WOLFSSL_NOSHA512_224)
-    else if (type == WC_HASH_TYPE_SHA512_224) {
-        initFp  = wc_InitSha512_224;
-    #if !defined(WOLFSSL_NO_HASH_RAW)
-        finalFp = (isRaw)? wc_Sha512_224FinalRaw : wc_Sha512_224Final;
-    #else
-        finalFp = (isRaw)? NULL : wc_Sha512_224Final;
-    #endif
-        freeFp  = wc_Sha512_224Free;
-    }
-#endif
-#if !defined(WOLFSSL_NOSHA512_256)
-    else if (type == WC_HASH_TYPE_SHA512_256) {
-        initFp  = wc_InitSha512_256;
-    #if !defined(WOLFSSL_NO_HASH_RAW)
-        finalFp = (isRaw)? wc_Sha512_256FinalRaw : wc_Sha512_256Final;
-    #else
-        finalFp = (isRaw)? NULL : wc_Sha512_256Final;
-    #endif
-        freeFp  = wc_Sha512_256Free;
-    }
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    else
-        return TEST_FAIL;
-
-    /* Initialize  */
-    ExpectIntEQ(initFp(&sha512), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte *);
-
-    /* Good test args. */
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0);
-    }
-    /* Test bad args. */
-    ExpectIntEQ(finalFp(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(finalFp(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(finalFp(&sha512, NULL), BAD_FUNC_ARG);
-
-    freeFp(&sha512);
-
-    return EXPECT_RESULT();
-}
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
-                        (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
-#endif /* WOLFSSL_SHA512 */
-/*
- * Unit test function for wc_Sha512Final()
- */
-static int test_wc_Sha512Final(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-    byte* hash_test[3];
-    byte hash1[WC_SHA512_DIGEST_SIZE];
-    byte hash2[2*WC_SHA512_DIGEST_SIZE];
-    byte hash3[5*WC_SHA512_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize  */
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte *);
-    for (i = 0; i < times; i++) {
-         ExpectIntEQ(wc_Sha512Final(&sha512, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha512Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Final(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha512Final */
-/*
- * Unit test function for wc_Sha512GetFlags()
- */
-static int test_wc_Sha512GetFlags(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha512 sha512;
-    word32 flags = 0;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-
-    ExpectIntEQ(wc_Sha512GetFlags(&sha512, &flags), 0);
-    ExpectIntEQ((flags & WC_HASH_FLAG_ISCOPY), 0);
-
-    wc_Sha512Free(&sha512);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha512GetFlags */
-/*
- * Unit test function for wc_Sha512FinalRaw()
- */
-static int test_wc_Sha512FinalRaw(void)
-{
-    EXPECT_DECLS;
-#if (defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-    wc_Sha512 sha512;
-    byte* hash_test[3];
-    byte hash1[WC_SHA512_DIGEST_SIZE];
-    byte hash2[2*WC_SHA512_DIGEST_SIZE];
-    byte hash3[5*WC_SHA512_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    /* Good test args. */
-    for (i = 0; i < times; i++) {
-         ExpectIntEQ(wc_Sha512FinalRaw(&sha512, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha512FinalRaw(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512FinalRaw(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512FinalRaw(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha512FinalRaw */
-
-/*
- * Unit test function for wc_Sha512Free()
- */
-static int test_wc_Sha512Free(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA512
-    wc_Sha512Free(NULL);
-    /* Set result to SUCCESS. */
-    ExpectTrue(1);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha512Free */
-#ifdef WOLFSSL_SHA512
-
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
-        (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
-static int test_Sha512_Family_GetHash(int type )
-{
-    EXPECT_DECLS;
-    int(*initFp)(wc_Sha512*);
-    int(*ghashFp)(wc_Sha512*, byte*);
-    wc_Sha512 sha512;
-    byte hash1[WC_SHA512_DIGEST_SIZE];
-
-    if (type == WC_HASH_TYPE_SHA512) {
-        initFp  = wc_InitSha512;
-        ghashFp = wc_Sha512GetHash;
-    }
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if !defined(WOLFSSL_NOSHA512_224)
-    else if (type == WC_HASH_TYPE_SHA512_224) {
-        initFp  = wc_InitSha512_224;
-        ghashFp = wc_Sha512_224GetHash;
-    }
-#endif
-#if !defined(WOLFSSL_NOSHA512_256)
-    else if (type == WC_HASH_TYPE_SHA512_256) {
-        initFp  = wc_InitSha512_256;
-        ghashFp = wc_Sha512_256GetHash;
-    }
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    else {
-        initFp  = NULL;
-        ghashFp = NULL;
-    }
-
-    if (initFp == NULL || ghashFp == NULL)
-        return TEST_FAIL;
-
-    ExpectIntEQ(initFp(&sha512), 0);
-    ExpectIntEQ(ghashFp(&sha512, hash1), 0);
-
-    /* test bad arguments*/
-    ExpectIntEQ(ghashFp(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(ghashFp(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(ghashFp(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-    return EXPECT_RESULT();
-}
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
-                        (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
-#endif /* WOLFSSL_SHA512 */
-/*
- * Unit test function for wc_Sha512GetHash()
- */
-static int test_wc_Sha512GetHash(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-    byte hash1[WC_SHA512_DIGEST_SIZE];
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-
-    ExpectIntEQ(wc_Sha512GetHash(&sha512, hash1), 0);
-
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha512GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512GetHash(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512GetHash(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha512GetHash */
-
-/*
- * Unit test function for wc_Sha512Copy()
- */
-static int test_wc_Sha512Copy(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-    wc_Sha512 temp;
-
-    XMEMSET(&sha512, 0, sizeof(wc_Sha512));
-    XMEMSET(&temp, 0, sizeof(wc_Sha512));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512(&sha512), 0);
-    ExpectIntEQ(wc_InitSha512(&temp), 0);
-
-    ExpectIntEQ(wc_Sha512Copy(&sha512, &temp), 0);
-
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha512Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Copy(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512Free(&sha512);
-    wc_Sha512Free(&temp);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha512Copy */
-
-static int test_wc_InitSha512_224(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    wc_Sha512 sha512;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha512_224(NULL), BAD_FUNC_ARG);
-
-    wc_Sha512_224Free(&sha512);
-#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_224Update(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    wc_Sha512 sha512;
-    byte hash[WC_SHA512_DIGEST_SIZE];
-    testVector a, c;
-
-    ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
-
-    /* Input. */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Sha512_224Update(&sha512, NULL, 0), 0);
-    ExpectIntEQ(wc_Sha512_224Update(&sha512,(byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_Sha512_224Update(&sha512, (byte*)a.input, (word32)a.inLen),
-        0);
-    ExpectIntEQ(wc_Sha512_224Final(&sha512, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\x46\x34\x27\x0f\x70\x7b\x6a\x54\xda\xae\x75\x30\x46\x08"
-               "\x42\xe2\x0e\x37\xed\x26\x5c\xee\xe9\xa4\x3e\x89\x24\xaa";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Sha512_224Update(&sha512, (byte*) a.input, (word32) a.inLen),
-        0);
-    ExpectIntEQ(wc_Sha512_224Final(&sha512, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA512_224_DIGEST_SIZE), 0);
-
-    c.input = NULL;
-    c.inLen = WC_SHA512_224_DIGEST_SIZE;
-    ExpectIntEQ(wc_Sha512_224Update(&sha512, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_224Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_Sha512_224Free(&sha512);
-#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_224Final(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    ExpectIntEQ(test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 0),
-        TEST_SUCCESS);
-#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_224GetFlags(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha512 sha512;
-    wc_Sha512 copy;
-    word32 flags = 0;
-
-    XMEMSET(&sha512, 0, sizeof(wc_Sha512));
-    XMEMSET(&copy, 0, sizeof(wc_Sha512));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
-    ExpectIntEQ(wc_InitSha512_224(&copy), 0);
-
-    ExpectIntEQ(wc_Sha512_224GetFlags(&sha512, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-
-    ExpectIntEQ(wc_Sha512_224Copy(&sha512, &copy), 0);
-    ExpectIntEQ(wc_Sha512_224GetFlags(&copy, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == WC_HASH_FLAG_ISCOPY);
-
-    wc_Sha512_224Free(&copy);
-    wc_Sha512_224Free(&sha512);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_224FinalRaw(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
-    defined(WOLFSSL_SHA512) &&  !defined(WOLFSSL_NOSHA512_224) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-    ExpectIntEQ(test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 1),
-        TEST_SUCCESS);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_224Free(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    wc_Sha512_224Free(NULL);
-    /* Set result to SUCCESS. */
-    ExpectTrue(1);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_224GetHash(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    ExpectIntEQ(test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_224),
-        TEST_SUCCESS);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-static int test_wc_Sha512_224Copy(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    wc_Sha512 sha512;
-    wc_Sha512 temp;
-
-    XMEMSET(&sha512, 0, sizeof(wc_Sha512));
-    XMEMSET(&temp, 0, sizeof(wc_Sha512));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
-    ExpectIntEQ(wc_InitSha512_224(&temp), 0);
-
-    ExpectIntEQ(wc_Sha512_224Copy(&sha512, &temp), 0);
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha512_224Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_224Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_224Copy(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512_224Free(&sha512);
-    wc_Sha512_224Free(&temp);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_InitSha512_256(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    wc_Sha512 sha512;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha512_256(NULL), BAD_FUNC_ARG);
-
-    wc_Sha512_256Free(&sha512);
-#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_256Update(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    wc_Sha512 sha512;
-    byte hash[WC_SHA512_DIGEST_SIZE];
-    testVector a, c;
-
-    ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
-
-    /* Input. */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Sha512_256Update(&sha512, NULL, 0), 0);
-    ExpectIntEQ(wc_Sha512_256Update(&sha512,(byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_Sha512_256Update(&sha512, (byte*)a.input, (word32)a.inLen),
-        0);
-    ExpectIntEQ(wc_Sha512_256Final(&sha512, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\x53\x04\x8e\x26\x81\x94\x1e\xf9\x9b\x2e\x29\xb7\x6b\x4c"
-               "\x7d\xab\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46\xe0\xe2\xf1\x31"
-               "\x07\xe7\xaf\x23";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Sha512_256Update(&sha512, (byte*) a.input, (word32) a.inLen),
-        0);
-    ExpectIntEQ(wc_Sha512_256Final(&sha512, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA512_256_DIGEST_SIZE), 0);
-
-    c.input = NULL;
-    c.inLen = WC_SHA512_256_DIGEST_SIZE;
-    ExpectIntEQ(wc_Sha512_256Update(&sha512, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_256Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_Sha512_256Free(&sha512);
-#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_256Final(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    ExpectIntEQ(test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 0),
-        TEST_SUCCESS);
-#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_256GetFlags(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha512 sha512, copy;
-    word32 flags = 0;
-
-    XMEMSET(&sha512, 0, sizeof(wc_Sha512));
-    XMEMSET(&copy, 0, sizeof(wc_Sha512));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
-    ExpectIntEQ(wc_InitSha512_256(&copy), 0);
-
-    ExpectIntEQ(wc_Sha512_256GetFlags(&sha512, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-
-    ExpectIntEQ(wc_Sha512_256Copy(&sha512, &copy), 0);
-    ExpectIntEQ(wc_Sha512_256GetFlags(&copy, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == WC_HASH_FLAG_ISCOPY);
-
-    wc_Sha512_256Free(&sha512);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_256FinalRaw(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
-    defined(WOLFSSL_SHA512) &&  !defined(WOLFSSL_NOSHA512_256) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-    ExpectIntEQ(test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 1),
-        TEST_SUCCESS);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_256Free(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    wc_Sha512_256Free(NULL);
-    /* Set result to SUCCESS. */
-    ExpectTrue(1);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Sha512_256GetHash(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    ExpectIntEQ(test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_256),
-        TEST_SUCCESS);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-
-}
-static int test_wc_Sha512_256Copy(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    wc_Sha512 sha512;
-    wc_Sha512 temp;
-
-    XMEMSET(&sha512, 0, sizeof(wc_Sha512));
-    XMEMSET(&temp, 0, sizeof(wc_Sha512));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
-    ExpectIntEQ(wc_InitSha512_256(&temp), 0);
-
-    ExpectIntEQ(wc_Sha512_256Copy(&sha512, &temp), 0);
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha512_256Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_256Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_256Copy(&sha512, NULL), BAD_FUNC_ARG);
-
-    wc_Sha512_256Free(&sha512);
-    wc_Sha512_256Free(&temp);
-#endif
-#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-
-
-/*
- * Testing wc_InitSha384()
- */
-static int test_wc_InitSha384(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha384(NULL), BAD_FUNC_ARG);
-
-    wc_Sha384Free(&sha384);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitSha384 */
-
-
-/*
- * test wc_Sha384Update()
- */
-static int test_wc_Sha384Update(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-    byte hash[WC_SHA384_DIGEST_SIZE];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-
-    /* Input */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Sha384Update(&sha384, NULL, 0), 0);
-    ExpectIntEQ(wc_Sha384Update(&sha384, (byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha384Final(&sha384, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
-               "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
-               "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
-               "\xc8\x25\xa7";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha384Final(&sha384, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE), 0);
-
-    /* Pass in bad values. */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_Sha384Update(&sha384, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = WC_SHA384_DIGEST_SIZE;
-    ExpectIntEQ( wc_Sha384Update(&sha384, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Update(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-
-    wc_Sha384Free(&sha384);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384Update */
-
-/*
- * Unit test function for wc_Sha384Final();
- */
-static int test_wc_Sha384Final(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-    byte* hash_test[3];
-    byte hash1[WC_SHA384_DIGEST_SIZE];
-    byte hash2[2*WC_SHA384_DIGEST_SIZE];
-    byte hash3[5*WC_SHA384_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    /* Good test args. */
-    for (i = 0; i < times; i++) {
-         ExpectIntEQ(wc_Sha384Final(&sha384, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha384Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Final(&sha384, NULL), BAD_FUNC_ARG);
-
-    wc_Sha384Free(&sha384);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384Final */
-/*
- * Unit test function for wc_Sha384GetFlags()
- */
-static int test_wc_Sha384GetFlags(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha384 sha384;
-    word32 flags = 0;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-    ExpectIntEQ(wc_Sha384GetFlags(&sha384, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-
-    wc_Sha384Free(&sha384);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Sha384GetFlags */
-/*
- * Unit test function for wc_Sha384FinalRaw()
- */
-static int test_wc_Sha384FinalRaw(void)
-{
-    EXPECT_DECLS;
-#if (defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-    wc_Sha384 sha384;
-    byte* hash_test[3];
-    byte hash1[WC_SHA384_DIGEST_SIZE];
-    byte hash2[2*WC_SHA384_DIGEST_SIZE];
-    byte hash3[5*WC_SHA384_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    /* Good test args. */
-    for (i = 0; i < times; i++) {
-         ExpectIntEQ(wc_Sha384FinalRaw(&sha384, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha384FinalRaw(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384FinalRaw(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384FinalRaw(&sha384, NULL), BAD_FUNC_ARG);
-
-    wc_Sha384Free(&sha384);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384FinalRaw */
-/*
- * Unit test function for wc_Sha384Free()
- */
-static int test_wc_Sha384Free(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA384
-    wc_Sha384Free(NULL);
-    /* Set result to SUCCESS. */
-    ExpectTrue(1);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Sha384Free */
-/*
- * Unit test function for wc_Sha384GetHash()
- */
-static int test_wc_Sha384GetHash(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-    byte hash1[WC_SHA384_DIGEST_SIZE];
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-
-    ExpectIntEQ(wc_Sha384GetHash(&sha384, hash1), 0);
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha384GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384GetHash(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384GetHash(&sha384, NULL), BAD_FUNC_ARG);
-
-    wc_Sha384Free(&sha384);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384GetHash */
-/*
- * Unit test function for wc_Sha384Copy()
- */
-static int test_wc_Sha384Copy(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-    wc_Sha384 temp;
-
-    XMEMSET(&sha384, 0, sizeof(wc_Sha384));
-    XMEMSET(&temp, 0, sizeof(wc_Sha384));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha384(&sha384), 0);
-    ExpectIntEQ(wc_InitSha384(&temp), 0);
-
-    ExpectIntEQ(wc_Sha384Copy(&sha384, &temp), 0);
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha384Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha384Copy(&sha384, NULL), BAD_FUNC_ARG);
-
-    wc_Sha384Free(&sha384);
-    wc_Sha384Free(&temp);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384Copy */
-
-/*
- * Testing wc_InitSha224();
- */
-static int test_wc_InitSha224(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitSha224(NULL), BAD_FUNC_ARG);
-
-    wc_Sha224Free(&sha224);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitSha224 */
-
-/*
- * Unit test on wc_Sha224Update
- */
-static int test_wc_Sha224Update(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-    byte hash[WC_SHA224_DIGEST_SIZE];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-
-    /* Input. */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_Sha224Update(&sha224, NULL, 0), 0);
-    ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)a.input, 0), 0);
-    ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha224Final(&sha224, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2"
-               "\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_Sha224Final(&sha224, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE), 0);
-
-    /* Pass in bad values. */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = WC_SHA224_DIGEST_SIZE;
-    ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)c.input, (word32)c.inLen),
-       BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Update(NULL, (byte*)a.input, (word32)a.inLen),
-       BAD_FUNC_ARG);
-
-    wc_Sha224Free(&sha224);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224Update */
-
-/*
- * Unit test for wc_Sha224Final();
- */
-static int test_wc_Sha224Final(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-    byte* hash_test[3];
-    byte hash1[WC_SHA224_DIGEST_SIZE];
-    byte hash2[2*WC_SHA224_DIGEST_SIZE];
-    byte hash3[5*WC_SHA224_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    /* Good test args. */
-    /* Testing oversized buffers. */
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(wc_Sha224Final(&sha224, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha224Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Final(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Final(&sha224, NULL), BAD_FUNC_ARG);
-
-    wc_Sha224Free(&sha224);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224Final */
-
-/*
- * Unit test function for wc_Sha224SetFlags()
- */
-static int test_wc_Sha224SetFlags(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha224 sha224;
-    word32 flags = WC_HASH_FLAG_WILLCOPY;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-
-    ExpectIntEQ(wc_Sha224SetFlags(&sha224, flags), 0);
-    flags = 0;
-    ExpectIntEQ(wc_Sha224GetFlags(&sha224, &flags), 0);
-    ExpectTrue(flags == WC_HASH_FLAG_WILLCOPY);
-
-    wc_Sha224Free(&sha224);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224SetFlags */
-
-/*
- * Unit test function for wc_Sha224GetFlags()
- */
-static int test_wc_Sha224GetFlags(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha224 sha224;
-    word32 flags = 0;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-
-    ExpectIntEQ(wc_Sha224GetFlags(&sha224, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-
-    wc_Sha224Free(&sha224);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224GetFlags */
-/*
- * Unit test function for wc_Sha224Free()
- */
-static int test_wc_Sha224Free(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA224
-    wc_Sha224Free(NULL);
-    /* Set result to SUCCESS. */
-    ExpectTrue(1);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Sha224Free */
-
-/*
- * Unit test function for wc_Sha224GetHash()
- */
-static int test_wc_Sha224GetHash(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-    byte hash1[WC_SHA224_DIGEST_SIZE];
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-
-    ExpectIntEQ(wc_Sha224GetHash(&sha224, hash1), 0);
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha224GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224GetHash(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224GetHash(&sha224, NULL), BAD_FUNC_ARG);
-
-    wc_Sha224Free(&sha224);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224GetHash */
-
-/*
- * Unit test function for wc_Sha224Copy()
- */
-static int test_wc_Sha224Copy(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-    wc_Sha224 temp;
-
-    XMEMSET(&sha224, 0, sizeof(wc_Sha224));
-    XMEMSET(&temp, 0, sizeof(wc_Sha224));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha224(&sha224), 0);
-    ExpectIntEQ(wc_InitSha224(&temp), 0);
-
-    ExpectIntEQ(wc_Sha224Copy(&sha224, &temp), 0);
-    /* test bad arguments*/
-    ExpectIntEQ(wc_Sha224Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Copy(NULL, &temp), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha224Copy(&sha224, NULL), BAD_FUNC_ARG);
-
-    wc_Sha224Free(&sha224);
-    wc_Sha224Free(&temp);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224Copy */
-
-
-/*
- * Testing wc_InitRipeMd()
- */
-static int test_wc_InitRipeMd(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_RIPEMD
-    RipeMd ripemd;
-
-    /* Test good arg. */
-    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
-    /* Test bad arg. */
-    ExpectIntEQ(wc_InitRipeMd(NULL), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_InitRipeMd */
-
-/*
- * Testing wc_RipeMdUpdate()
- */
-static int test_wc_RipeMdUpdate(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_RIPEMD
-    RipeMd ripemd;
-    byte hash[RIPEMD_DIGEST_SIZE];
-    testVector a, b, c;
-
-    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
-
-    /* Input */
-    a.input = "a";
-    a.inLen = XSTRLEN(a.input);
-    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
-
-    /* Update input. */
-    a.input = "abc";
-    a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
-               "\xb0\x87\xf1\x5a\x0b\xfc";
-    a.inLen = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, RIPEMD_DIGEST_SIZE), 0);
-
-    /* Pass in bad values. */
-    b.input = NULL;
-    b.inLen = 0;
-    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)b.input, (word32)b.inLen), 0);
-    c.input = NULL;
-    c.inLen = RIPEMD_DIGEST_SIZE;
-    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)c.input, (word32)c.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RipeMdUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_RipeMdUdpate */
-
-/*
- * Unit test function for wc_RipeMdFinal()
- */
-static int test_wc_RipeMdFinal(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_RIPEMD
-    RipeMd ripemd;
-    byte* hash_test[3];
-    byte hash1[RIPEMD_DIGEST_SIZE];
-    byte hash2[2*RIPEMD_DIGEST_SIZE];
-    byte hash3[5*RIPEMD_DIGEST_SIZE];
-    int times, i;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
-
-    hash_test[0] = hash1;
-    hash_test[1] = hash2;
-    hash_test[2] = hash3;
-    times = sizeof(hash_test) / sizeof(byte*);
-    /* Testing oversized buffers. */
-    for (i = 0; i < times; i++) {
-         ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash_test[i]), 0);
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_RipeMdFinal(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RipeMdFinal(NULL, hash1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RipeMdFinal(&ripemd, NULL), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_RipeMdFinal */
-
-
-/*
- * Testing wc_InitSha3_224, wc_InitSha3_256, wc_InitSha3_384, and
- * wc_InitSha3_512
- */
-static int test_wc_InitSha3(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3)
-    wc_Sha3 sha3;
-
-    (void)sha3;
-
-#if !defined(WOLFSSL_NOSHA3_224)
-    ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitSha3_224(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
-    wc_Sha3_224_Free(&sha3);
-#endif /* NOSHA3_224 */
-#if !defined(WOLFSSL_NOSHA3_256)
-    ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitSha3_256(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
-    wc_Sha3_256_Free(&sha3);
-#endif /* NOSHA3_256 */
-#if !defined(WOLFSSL_NOSHA3_384)
-    ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitSha3_384(NULL, HEAP_HINT, testDevId),  BAD_FUNC_ARG);
-    wc_Sha3_384_Free(&sha3);
-#endif /* NOSHA3_384 */
-#if !defined(WOLFSSL_NOSHA3_512)
-    ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitSha3_512(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
-    wc_Sha3_512_Free(&sha3);
-#endif /* NOSHA3_512 */
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitSha3 */
-
-
-/*
- * Testing wc_Sha3_Update()
- */
-static int testing_wc_Sha3_Update(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
-   !defined(WOLFSSL_AFALG_XILINX)
-    wc_Sha3 sha3;
-    byte    msg[] = "Everybody's working for the weekend.";
-    byte    msg2[] = "Everybody gets Friday off.";
-    byte    msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
-                    "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
-                    "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
-                    "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
-                    "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
-    word32  msglen = sizeof(msg) - 1;
-    word32  msg2len = sizeof(msg2);
-    word32  msgCmplen = sizeof(msgCmp);
-
-    #if !defined(WOLFSSL_NOSHA3_224)
-        ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_224_Update(&sha3, msg, msglen), 0);
-        ExpectIntEQ(XMEMCMP(msg, sha3.t, msglen), 0);
-        ExpectTrue(sha3.i == msglen);
-
-        ExpectIntEQ(wc_Sha3_224_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
-
-        /* Pass bad args. */
-        ExpectIntEQ(wc_Sha3_224_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sha3_224_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
-        wc_Sha3_224_Free(&sha3);
-
-        ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_224_Update(&sha3, NULL, 0), 0);
-        ExpectIntEQ(wc_Sha3_224_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(msg2, sha3.t, msg2len), 0);
-        wc_Sha3_224_Free(&sha3);
-    #endif /* SHA3_224 */
-
-    #if !defined(WOLFSSL_NOSHA3_256)
-        ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_256_Update(&sha3, msg, msglen), 0);
-        ExpectIntEQ(XMEMCMP(msg, sha3.t, msglen), 0);
-        ExpectTrue(sha3.i == msglen);
-
-        ExpectIntEQ(wc_Sha3_256_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
-
-        /* Pass bad args. */
-        ExpectIntEQ(wc_Sha3_256_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sha3_256_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
-        wc_Sha3_256_Free(&sha3);
-
-        ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_256_Update(&sha3, NULL, 0), 0);
-        ExpectIntEQ(wc_Sha3_256_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(msg2, sha3.t, msg2len), 0);
-        wc_Sha3_256_Free(&sha3);
-    #endif /* SHA3_256 */
-
-    #if !defined(WOLFSSL_NOSHA3_384)
-        ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_384_Update(&sha3, msg, msglen), 0);
-        ExpectIntEQ(XMEMCMP(msg, sha3.t, msglen), 0);
-        ExpectTrue(sha3.i == msglen);
-
-        ExpectIntEQ(wc_Sha3_384_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
-
-        /* Pass bad args. */
-        ExpectIntEQ(wc_Sha3_384_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sha3_384_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
-        wc_Sha3_384_Free(&sha3);
-
-        ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_384_Update(&sha3, NULL, 0), 0);
-        ExpectIntEQ(wc_Sha3_384_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(msg2, sha3.t, msg2len), 0);
-        wc_Sha3_384_Free(&sha3);
-    #endif /* SHA3_384 */
-
-    #if !defined(WOLFSSL_NOSHA3_512)
-        ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_512_Update(&sha3, msg, msglen), 0);
-        ExpectIntEQ(XMEMCMP(msg, sha3.t, msglen), 0);
-        ExpectTrue(sha3.i == msglen);
-
-        ExpectIntEQ(wc_Sha3_512_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
-
-        /* Pass bad args. */
-        ExpectIntEQ(wc_Sha3_512_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sha3_512_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
-        wc_Sha3_512_Free(&sha3);
-
-        ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
-        ExpectIntEQ(wc_Sha3_512_Update(&sha3, NULL, 0), 0);
-        ExpectIntEQ(wc_Sha3_512_Update(&sha3, msg2, msg2len), 0);
-        ExpectIntEQ(XMEMCMP(msg2, sha3.t, msg2len), 0);
-        wc_Sha3_512_Free(&sha3);
-    #endif /* SHA3_512 */
-#endif /* WOLFSSL_SHA3 */
-    return EXPECT_RESULT();
-} /* END testing_wc_Sha3_Update */
-
-/*
- *  Testing wc_Sha3_224_Final()
- */
-static int test_wc_Sha3_224_Final(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-    wc_Sha3     sha3;
-    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
-                         "nopnopq";
-    const char* expOut = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55"
-                         "\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2"
-                         "\x64\xea\xd0\xfc\xce\x33";
-    byte        hash[WC_SHA3_224_DIGEST_SIZE];
-    byte        hashRet[WC_SHA3_224_DIGEST_SIZE];
-
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-
-    ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_224_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_224_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_224_Final(NULL, hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_224_Final(&sha3, NULL), BAD_FUNC_ARG);
-    wc_Sha3_224_Free(&sha3);
-
-    ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashRet, 0, sizeof(hashRet));
-    ExpectIntEQ(wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_224_GetHash(&sha3, hashRet), 0);
-    ExpectIntEQ(wc_Sha3_224_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_224_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_224_GetHash(NULL, hashRet), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_224_GetHash(&sha3, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_224_Free(&sha3);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_224_Final */
-
-
-/*
- *  Testing wc_Sha3_256_Final()
- */
-static int test_wc_Sha3_256_Final(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-    wc_Sha3     sha3;
-    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
-                         "nopnopq";
-    const char* expOut = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8"
-                        "\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32"
-                        "\xdd\x97\x49\x6d\x33\x76";
-    byte        hash[WC_SHA3_256_DIGEST_SIZE];
-    byte        hashRet[WC_SHA3_256_DIGEST_SIZE];
-
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-
-    ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_256_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_256_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_256_Final(NULL, hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_256_Final(&sha3, NULL), BAD_FUNC_ARG);
-    wc_Sha3_256_Free(&sha3);
-
-    ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashRet, 0, sizeof(hashRet));
-    ExpectIntEQ(wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_256_GetHash(&sha3, hashRet), 0);
-    ExpectIntEQ(wc_Sha3_256_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_256_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_256_GetHash(NULL, hashRet), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_256_GetHash(&sha3, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_256_Free(&sha3);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_256_Final */
-
-
-/*
- *  Testing wc_Sha3_384_Final()
- */
-static int test_wc_Sha3_384_Final(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-    wc_Sha3        sha3;
-    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
-                         "nopnopq";
-    const char* expOut = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7"
-                         "\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd"
-                         "\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe"
-                         "\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22";
-    byte        hash[WC_SHA3_384_DIGEST_SIZE];
-    byte        hashRet[WC_SHA3_384_DIGEST_SIZE];
-
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-
-    ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_384_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_384_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_384_Final(NULL, hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_384_Final(&sha3, NULL), BAD_FUNC_ARG);
-    wc_Sha3_384_Free(&sha3);
-
-    ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashRet, 0, sizeof(hashRet));
-    ExpectIntEQ(wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_384_GetHash(&sha3, hashRet), 0);
-    ExpectIntEQ(wc_Sha3_384_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_384_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_384_GetHash(NULL, hashRet), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_384_GetHash(&sha3, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_384_Free(&sha3);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_384_Final */
-
-
-
-/*
- *  Testing wc_Sha3_512_Final()
- */
-static int test_wc_Sha3_512_Final(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) && \
-   !defined(WOLFSSL_NOSHA3_384)
-    wc_Sha3     sha3;
-    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
-                         "nopnopq";
-    const char* expOut = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10"
-                         "\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7"
-                         "\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53"
-                         "\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4"
-                         "\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e";
-    byte        hash[WC_SHA3_512_DIGEST_SIZE];
-    byte        hashRet[WC_SHA3_512_DIGEST_SIZE];
-
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-
-    ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_512_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_512_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_512_Final(NULL, hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_512_Final(&sha3, NULL), BAD_FUNC_ARG);
-    wc_Sha3_512_Free(&sha3);
-
-    ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashRet, 0, sizeof(hashRet));
-    ExpectIntEQ(wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
-    ExpectIntEQ(wc_Sha3_512_GetHash(&sha3, hashRet), 0);
-    ExpectIntEQ(wc_Sha3_512_Final(&sha3, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_512_DIGEST_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_512_GetHash(NULL, hashRet), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_512_GetHash(&sha3, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_512_Free(&sha3);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_512_Final */
-
-
-/*
- *  Testing wc_Sha3_224_Copy()
- */
-static int test_wc_Sha3_224_Copy(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-    wc_Sha3     sha3, sha3Cpy;
-    const char* msg = TEST_STRING;
-    word32      msglen = (word32)TEST_STRING_SZ;
-    byte        hash[WC_SHA3_224_DIGEST_SIZE];
-    byte        hashCpy[WC_SHA3_224_DIGEST_SIZE];
-
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashCpy, 0, sizeof(hashCpy));
-    XMEMSET(&sha3, 0, sizeof(wc_Sha3));
-    XMEMSET(&sha3Cpy, 0, sizeof(wc_Sha3));
-
-    ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_InitSha3_224(&sha3Cpy, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_224_Update(&sha3, (byte*)msg, msglen), 0);
-    ExpectIntEQ(wc_Sha3_224_Copy(&sha3Cpy, &sha3), 0);
-    ExpectIntEQ(wc_Sha3_224_Final(&sha3, hash), 0);
-    ExpectIntEQ(wc_Sha3_224_Final(&sha3Cpy, hashCpy), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_224_Copy(NULL, &sha3), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_224_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_224_Free(&sha3);
-    wc_Sha3_224_Free(&sha3Cpy);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_224_Copy */
-
-
-
-/*
- *  Testing wc_Sha3_256_Copy()
- */
-static int test_wc_Sha3_256_Copy(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-    wc_Sha3     sha3, sha3Cpy;
-    const char* msg = TEST_STRING;
-    word32      msglen = (word32)TEST_STRING_SZ;
-    byte        hash[WC_SHA3_256_DIGEST_SIZE];
-    byte        hashCpy[WC_SHA3_256_DIGEST_SIZE];
-
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashCpy, 0, sizeof(hashCpy));
-    XMEMSET(&sha3, 0, sizeof(wc_Sha3));
-    XMEMSET(&sha3Cpy, 0, sizeof(wc_Sha3));
-
-    ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_InitSha3_256(&sha3Cpy, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_256_Update(&sha3, (byte*)msg, msglen), 0);
-    ExpectIntEQ(wc_Sha3_256_Copy(&sha3Cpy, &sha3), 0);
-    ExpectIntEQ(wc_Sha3_256_Final(&sha3, hash), 0);
-    ExpectIntEQ(wc_Sha3_256_Final(&sha3Cpy, hashCpy), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_256_Copy(NULL, &sha3), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_256_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_256_Free(&sha3);
-    wc_Sha3_256_Free(&sha3Cpy);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_256_Copy */
-
-
-
-/*
- *  Testing wc_Sha3_384_Copy()
- */
-static int test_wc_Sha3_384_Copy(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-    wc_Sha3     sha3, sha3Cpy;
-    const char* msg = TEST_STRING;
-    word32      msglen = (word32)TEST_STRING_SZ;
-    byte        hash[WC_SHA3_384_DIGEST_SIZE];
-    byte        hashCpy[WC_SHA3_384_DIGEST_SIZE];
-
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashCpy, 0, sizeof(hashCpy));
-    XMEMSET(&sha3, 0, sizeof(wc_Sha3));
-    XMEMSET(&sha3Cpy, 0, sizeof(wc_Sha3));
-
-    ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_InitSha3_384(&sha3Cpy, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_384_Update(&sha3, (byte*)msg, msglen), 0);
-    ExpectIntEQ(wc_Sha3_384_Copy(&sha3Cpy, &sha3), 0);
-    ExpectIntEQ(wc_Sha3_384_Final(&sha3, hash), 0);
-    ExpectIntEQ(wc_Sha3_384_Final(&sha3Cpy, hashCpy), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_384_Copy(NULL, &sha3), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_384_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_384_Free(&sha3);
-    wc_Sha3_384_Free(&sha3Cpy);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_384_Copy */
-
-
-/*
- *  Testing wc_Sha3_512_Copy()
- */
-static int test_wc_Sha3_512_Copy(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-    wc_Sha3     sha3, sha3Cpy;
-    const char* msg = TEST_STRING;
-    word32      msglen = (word32)TEST_STRING_SZ;
-    byte        hash[WC_SHA3_512_DIGEST_SIZE];
-    byte        hashCpy[WC_SHA3_512_DIGEST_SIZE];
-
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashCpy, 0, sizeof(hashCpy));
-    XMEMSET(&sha3, 0, sizeof(wc_Sha3));
-    XMEMSET(&sha3Cpy, 0, sizeof(wc_Sha3));
-
-    ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_InitSha3_512(&sha3Cpy, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_512_Update(&sha3, (byte*)msg, msglen), 0);
-    ExpectIntEQ(wc_Sha3_512_Copy(&sha3Cpy, &sha3), 0);
-    ExpectIntEQ(wc_Sha3_512_Final(&sha3, hash), 0);
-    ExpectIntEQ(wc_Sha3_512_Final(&sha3Cpy, hashCpy), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Sha3_512_Copy(NULL, &sha3), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha3_512_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
-
-    wc_Sha3_512_Free(&sha3);
-    wc_Sha3_512_Free(&sha3Cpy);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_512_Copy */
-/*
- * Unit test function for wc_Sha3_GetFlags()
- */
-static int test_wc_Sha3_GetFlags(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sha3 sha3;
-    word32  flags = 0;
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Sha3_GetFlags(&sha3, &flags), 0);
-    ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-    wc_Sha3_224_Free(&sha3);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha3_GetFlags */
-
-
-static int test_wc_InitShake256(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHAKE256
-    wc_Shake shake;
-
-    ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitShake256(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
-
-    wc_Shake256_Free(&shake);
-#endif
-    return EXPECT_RESULT();
-}
-
-
-static int testing_wc_Shake256_Update(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHAKE256
-    wc_Shake shake;
-    byte     msg[] = "Everybody's working for the weekend.";
-    byte     msg2[] = "Everybody gets Friday off.";
-    byte     msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
-                        "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
-                        "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
-                        "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
-                        "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
-    word32   msglen = sizeof(msg) - 1;
-    word32   msg2len = sizeof(msg2);
-    word32   msgCmplen = sizeof(msgCmp);
-
-    ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Shake256_Update(&shake, msg, msglen), 0);
-    ExpectIntEQ(XMEMCMP(msg, shake.t, msglen), 0);
-    ExpectTrue(shake.i == msglen);
-
-    ExpectIntEQ(wc_Shake256_Update(&shake, msg2, msg2len), 0);
-    ExpectIntEQ(XMEMCMP(shake.t, msgCmp, msgCmplen), 0);
-
-    /* Pass bad args. */
-    ExpectIntEQ(wc_Shake256_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Shake256_Update(&shake, NULL, 5), BAD_FUNC_ARG);
-    wc_Shake256_Free(&shake);
-
-    ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Shake256_Update(&shake, NULL, 0), 0);
-    ExpectIntEQ(wc_Shake256_Update(&shake, msg2, msg2len), 0);
-    ExpectIntEQ(XMEMCMP(msg2, shake.t, msg2len), 0);
-    wc_Shake256_Free(&shake);
-#endif /* WOLFSSL_SHAKE256 */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_Shake256_Final(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHAKE256
-    wc_Shake    shake;
-    const char* msg    = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
-                         "nopnopq";
-    const char* expOut = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f"
-                         "\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b"
-                         "\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59"
-                         "\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96"
-                         "\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37"
-                         "\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97"
-                         "\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2"
-                         "\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67"
-                         "\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
-    byte        hash[114];
-
-    /* Init stack variables. */
-    XMEMSET(hash, 0, sizeof(hash));
-
-    ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_Shake256_Update(&shake, (byte*)msg, (word32)XSTRLEN(msg)),
-        0);
-    ExpectIntEQ(wc_Shake256_Final(&shake, hash, (word32)sizeof(hash)), 0);
-    ExpectIntEQ(XMEMCMP(expOut, hash, (word32)sizeof(hash)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Shake256_Final(NULL, hash, (word32)sizeof(hash)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Shake256_Final(&shake, NULL, (word32)sizeof(hash)),
-        BAD_FUNC_ARG);
-
-    wc_Shake256_Free(&shake);
-#endif
-    return EXPECT_RESULT();
-}
-/*
- *  Testing wc_Shake256_Copy()
- */
-static int test_wc_Shake256_Copy(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHAKE256
-    wc_Shake    shake, shakeCpy;
-    const char* msg = TEST_STRING;
-    word32      msglen = (word32)TEST_STRING_SZ;
-    byte        hash[144];
-    byte        hashCpy[144];
-    word32      hashLen = sizeof(hash);
-    word32      hashLenCpy = sizeof(hashCpy);
-
-    XMEMSET(hash, 0, sizeof(hash));
-    XMEMSET(hashCpy, 0, sizeof(hashCpy));
-
-    ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_InitShake256(&shakeCpy, HEAP_HINT, testDevId), 0);
-
-    ExpectIntEQ(wc_Shake256_Update(&shake, (byte*)msg, msglen), 0);
-    ExpectIntEQ(wc_Shake256_Copy(&shakeCpy, &shake), 0);
-    ExpectIntEQ(wc_Shake256_Final(&shake, hash, hashLen), 0);
-    ExpectIntEQ(wc_Shake256_Final(&shakeCpy, hashCpy, hashLenCpy), 0);
-    ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Shake256_Copy(NULL, &shake), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Shake256_Copy(&shakeCpy, NULL), BAD_FUNC_ARG);
-
-    wc_Shake256_Free(&shake);
-    wc_Shake256_Free(&shakeCpy);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Shake256_Copy */
-/*
- * Unit test function for wc_Shake256Hash()
- */
-static int test_wc_Shake256Hash(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SHAKE256
-    const byte data[] = { /* Hello World */
-        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
-        0x72,0x6c,0x64
-    };
-    word32     len = sizeof(data);
-    byte       hash[144];
-    word32     hashLen = sizeof(hash);
-
-    ExpectIntEQ(wc_Shake256Hash(data, len, hash, hashLen), 0);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_Shake256Hash */
-
-
-/*
- *  Testing wc_InitSm3(), wc_Sm3Free()
- */
-static int test_wc_InitSm3Free(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SM3
-    wc_Sm3 sm3;
-
-    /* Invalid Parameters */
-    ExpectIntEQ(wc_InitSm3(NULL, NULL, INVALID_DEVID), BAD_FUNC_ARG);
-
-    /* Valid Parameters */
-    ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
-
-    wc_Sm3Free(NULL);
-    wc_Sm3Free(&sm3);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_InitSm3 */
-
-/*
- *  Testing wc_Sm3Update(), wc_Sm3Final()
- */
-static int test_wc_Sm3UpdateFinal(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SM3
-    wc_Sm3 sm3;
-    byte data[WC_SM3_BLOCK_SIZE * 4];
-    byte hash[WC_SM3_DIGEST_SIZE];
-    byte calcHash[WC_SM3_DIGEST_SIZE];
-    byte expHash[WC_SM3_DIGEST_SIZE] = {
-        0x38, 0x48, 0x15, 0xa7, 0x0e, 0xae, 0x0b, 0x27,
-        0x5c, 0xde, 0x9d, 0xa5, 0xd1, 0xa4, 0x30, 0xa1,
-        0xca, 0xd4, 0x54, 0x58, 0x44, 0xa2, 0x96, 0x1b,
-        0xd7, 0x14, 0x80, 0x3f, 0x80, 0x1a, 0x07, 0xb6
-    };
-    word32 chunk;
-    word32 i;
-
-    XMEMSET(data, 0, sizeof(data));
-
-    ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
-
-    /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3Update(NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Update(NULL, data, 1), BAD_FUNC_ARG);
-
-    /* Valid Parameters */
-    ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, 1), 0);
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, 1), 0);
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_BLOCK_SIZE - 2), 0);
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_BLOCK_SIZE * 2), 0);
-    /* Ensure too many bytes for lengths. */
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_PAD_SIZE), 0);
-
-    /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3Final(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Final(&sm3, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Final(NULL, hash), BAD_FUNC_ARG);
-
-    /* Valid Parameters */
-    ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
-    ExpectBufEQ(hash, expHash, WC_SM3_DIGEST_SIZE);
-
-    /* Chunk tests. */
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, sizeof(data)), 0);
-    ExpectIntEQ(wc_Sm3Final(&sm3, calcHash), 0);
-    for (chunk = 1; chunk <= WC_SM3_BLOCK_SIZE + 1; chunk++) {
-        for (i = 0; i + chunk <= (word32)sizeof(data); i += chunk) {
-            ExpectIntEQ(wc_Sm3Update(&sm3, data + i, chunk), 0);
-        }
-        if (i < (word32)sizeof(data)) {
-            ExpectIntEQ(wc_Sm3Update(&sm3, data + i, (word32)sizeof(data) - i),
-                0);
-        }
-        ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
-        ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE);
-    }
-
-    /* Not testing when the low 32-bit length overflows. */
-
-    wc_Sm3Free(&sm3);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_Sm3Update */
-
-/*
- *  Testing wc_Sm3GetHash()
- */
-static int test_wc_Sm3GetHash(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_SM3
-    wc_Sm3 sm3;
-    byte hash[WC_SM3_DIGEST_SIZE];
-    byte calcHash[WC_SM3_DIGEST_SIZE];
-    byte data[WC_SM3_BLOCK_SIZE];
-
-    XMEMSET(data, 0, sizeof(data));
-
-    ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm3Final(&sm3, calcHash), 0);
-
-    /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3GetHash(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3GetHash(&sm3, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3GetHash(NULL, hash), BAD_FUNC_ARG);
-
-    /* Valid Parameters */
-    ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0);
-    ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE);
-
-    /* With update. */
-    ExpectIntEQ(wc_Sm3Update(&sm3, data, sizeof(data)), 0);
-    ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0);
-    ExpectIntEQ(wc_Sm3Final(&sm3, calcHash), 0);
-    ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE);
-
-    wc_Sm3Free(&sm3);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_Sm3Update */
-
-/*
- *  Testing wc_Sm3Copy()
- */
-static int test_wc_Sm3Copy(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sm3 sm3;
-    wc_Sm3 sm3Copy;
-    byte hash[WC_SM3_DIGEST_SIZE];
-    byte hashCopy[WC_SM3_DIGEST_SIZE];
-    byte data[WC_SM3_BLOCK_SIZE + 1];
-    int i;
-
-    ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_InitSm3(&sm3Copy, NULL, INVALID_DEVID), 0);
-
-    /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3Copy(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Copy(&sm3, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Copy(NULL, &sm3Copy), BAD_FUNC_ARG);
-
-    /* Valid Parameters */
-    ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3Copy), 0);
-
-    /* Ensure all parts of data updated during hashing are copied. */
-    for (i = 0; i < WC_SM3_BLOCK_SIZE + 1; i++) {
-        ExpectIntEQ(wc_Sm3Update(&sm3, data, i), 0);
-        ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3Copy), 0);
-        ExpectIntEQ(wc_Sm3Update(&sm3, data, 1), 0);
-        ExpectIntEQ(wc_Sm3Update(&sm3Copy, data, 1), 0);
-        ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
-        ExpectIntEQ(wc_Sm3Final(&sm3Copy, hashCopy), 0);
-        ExpectBufEQ(hash, hashCopy, WC_SM3_DIGEST_SIZE);
-    }
-
-    wc_Sm3Free(&sm3Copy);
-    wc_Sm3Free(&sm3);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_Sm3Copy */
-
-/*
- * Testing wc_Sm3FinalRaw()
- */
-static int test_wc_Sm3FinalRaw(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SM3) && !defined(HAVE_SELFTEST) && \
-    !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
-    !defined(WOLFSSL_NO_HASH_RAW)
-    wc_Sm3 sm3;
-    byte hash1[WC_SM3_DIGEST_SIZE];
-    byte hash2[WC_SM3_DIGEST_SIZE];
-    byte hash3[WC_SM3_DIGEST_SIZE];
-    byte* hash_test[3] = { hash1, hash2, hash3 };
-    int times;
-    int i;
-
-    XMEMSET(&sm3, 0, sizeof(sm3));
-
-    /* Initialize */
-    ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
-
-    /* Invalid Parameters */
-    ExpectIntEQ(wc_Sm3FinalRaw(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3FinalRaw(&sm3, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3FinalRaw(NULL, hash1), BAD_FUNC_ARG);
-
-    times = sizeof(hash_test) / sizeof(byte*);
-    for (i = 0; i < times; i++) {
-        ExpectIntEQ(wc_Sm3FinalRaw(&sm3, hash_test[i]), 0);
-    }
-
-    wc_Sm3Free(&sm3);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sm3FinalRaw */
-/*
- *  Testing wc_Sm3GetFlags, wc_Sm3SetFlags()
- */
-static int test_wc_Sm3GetSetFlags(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS)
-    wc_Sm3 sm3;
-    wc_Sm3 sm3Copy;
-    word32 flags = 0;
-
-    ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_InitSm3(&sm3Copy, NULL, INVALID_DEVID), 0);
-
-    ExpectIntEQ(wc_Sm3GetFlags(NULL, &flags), 0);
-    ExpectIntEQ(flags, 0);
-    ExpectIntEQ(wc_Sm3SetFlags(NULL, WC_HASH_FLAG_WILLCOPY), 0);
-    ExpectIntEQ(wc_Sm3GetFlags(NULL, &flags), 0);
-    ExpectIntEQ(flags, 0);
-    ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0);
-    ExpectIntEQ(flags, 0);
-    ExpectIntEQ(wc_Sm3SetFlags(&sm3, WC_HASH_FLAG_WILLCOPY), 0);
-    ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0);
-    ExpectIntEQ(flags, WC_HASH_FLAG_WILLCOPY);
-
-    ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3Copy), 0);
-    ExpectIntEQ(wc_Sm3GetFlags(&sm3Copy, &flags), 0);
-    ExpectIntEQ(flags, WC_HASH_FLAG_ISCOPY | WC_HASH_FLAG_WILLCOPY);
-
-    wc_Sm3Free(&sm3Copy);
-    wc_Sm3Free(&sm3);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_Sm3Update */
-
-/*
- *  Testing wc_Sm3Hash()
- */
-static int test_wc_Sm3Hash(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS)
-    byte data[WC_SM3_BLOCK_SIZE];
-    byte hash[WC_SM3_DIGEST_SIZE];
-
-    /* Invalid parameters. */
-    ExpectIntEQ(wc_Sm3Hash(NULL, sizeof(data), hash), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm3Hash(data, sizeof(data), NULL), BAD_FUNC_ARG);
-
-    /* Valid parameters. */
-    ExpectIntEQ(wc_Sm3Hash(data, sizeof(data), hash), 0);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_Sm3Hash */
-
-/*
- * Test function for wc_HmacSetKey
- */
-static int test_wc_Md5HmacSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_MD5)
-    Hmac hmac;
-    int ret, times, itr;
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
-#ifndef HAVE_FIPS
-        "Jefe", /* smaller than minimum FIPS key size */
-#endif
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-    };
-    times = sizeof(keys) / sizeof(char*);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-
-    for (itr = 0; itr < times; itr++) {
-        ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr],
-            (word32)XSTRLEN(keys[itr]));
-#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
-        wc_HmacFree(&hmac);
-        ExpectIntEQ(ret, BAD_FUNC_ARG);
-#else
-        ExpectIntEQ(ret, 0);
-#endif
-    }
-
-    /* Bad args. */
-    ExpectIntEQ(wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0);
-#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
-    ExpectIntEQ(ret, BAD_FUNC_ARG);
-#elif defined(HAVE_FIPS)
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
-#else
-    ExpectIntEQ(ret, 0);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Md5HmacSetKey */
-
-
-/*
- * testing wc_HmacSetKey() on wc_Sha hash.
- */
-static int test_wc_ShaHmacSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_SHA)
-    Hmac hmac;
-    int ret, times, itr;
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b",
-#ifndef HAVE_FIPS
-        "Jefe", /* smaller than minimum FIPS key size */
-#endif
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
-    };
-
-    times = sizeof(keys) / sizeof(char*);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-
-    for (itr = 0; itr < times; itr++) {
-        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr],
-            (word32)XSTRLEN(keys[itr])), 0);
-    }
-
-    /* Bad args. */
-    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-
-    ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0);
-#ifdef HAVE_FIPS
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
-#else
-    ExpectIntEQ(ret, 0);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ShaHmacSetKey() */
-
-/*
- * testing wc_HmacSetKey() on Sha224 hash.
- */
-static int test_wc_Sha224HmacSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
-    Hmac hmac;
-    int ret, times, itr;
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b",
-#ifndef HAVE_FIPS
-        "Jefe", /* smaller than minimum FIPS key size */
-#endif
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
-    };
-    times = sizeof(keys) / sizeof(char*);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-
-    for (itr = 0; itr < times; itr++) {
-        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr],
-            (word32)XSTRLEN(keys[itr])), 0);
-    }
-
-    /* Bad args. */
-    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0);
-#ifdef HAVE_FIPS
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
-#else
-    ExpectIntEQ(ret, 0);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224HmacSetKey() */
-
- /*
-  * testing wc_HmacSetKey() on Sha256 hash
-  */
-static int test_wc_Sha256HmacSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_SHA256)
-    Hmac hmac;
-    int ret, times, itr;
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b",
-#ifndef HAVE_FIPS
-        "Jefe", /* smaller than minimum FIPS key size */
-#endif
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
-    };
-    times = sizeof(keys) / sizeof(char*);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-
-    for (itr = 0; itr < times; itr++) {
-        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr],
-            (word32)XSTRLEN(keys[itr])), 0);
-    }
-
-    /* Bad args. */
-    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0);
-#ifdef HAVE_FIPS
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
-#else
-    ExpectIntEQ(ret, 0);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256HmacSetKey() */
-
-
-/*
- * testing wc_HmacSetKey on Sha384 hash.
- */
-static int test_wc_Sha384HmacSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
-    Hmac hmac;
-    int ret, times, itr;
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b",
-#ifndef HAVE_FIPS
-        "Jefe", /* smaller than minimum FIPS key size */
-#endif
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
-    };
-    times = sizeof(keys) / sizeof(char*);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-
-    for (itr = 0; itr < times; itr++) {
-        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr],
-            (word32)XSTRLEN(keys[itr])), 0);
-    }
-
-    /* Bad args. */
-    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0])),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
-        (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
-    ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0);
-#ifdef HAVE_FIPS
-    ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
-#else
-    ExpectIntEQ(ret, 0);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384HmacSetKey() */
-
-
-/*
- * testing wc_HmacUpdate on wc_Md5 hash.
- */
-static int test_wc_Md5HmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5))
-    Hmac hmac;
-    testVector a, b;
-#ifdef HAVE_FIPS
-    const char* keys =
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-#else
-    const char* keys = "Jefe";
-#endif
-
-    a.input = "what do ya want for nothing?";
-    a.inLen  = XSTRLEN(a.input);
-    b.input = "Hi There";
-    b.inLen = XSTRLEN(b.input);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys,
-        (word32)XSTRLEN(keys)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
-    /* Update Hmac. */
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Md5HmacUpdate */
-
-/*
- * testing wc_HmacUpdate on SHA hash.
- */
-static int test_wc_ShaHmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_SHA)
-    Hmac hmac;
-    testVector a, b;
-#ifdef HAVE_FIPS
-    const char* keys =
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-#else
-    const char* keys = "Jefe";
-#endif
-
-    a.input = "what do ya want for nothing?";
-    a.inLen  = XSTRLEN(a.input);
-    b.input = "Hi There";
-    b.inLen = XSTRLEN(b.input);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys,
-        (word32)XSTRLEN(keys)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
-    /* Update Hmac. */
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ShaHmacUpdate */
-
-/*
- * testing wc_HmacUpdate on SHA224 hash.
- */
-static int test_wc_Sha224HmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
-    Hmac hmac;
-    testVector a, b;
-#ifdef HAVE_FIPS
-    const char* keys =
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-#else
-    const char* keys = "Jefe";
-#endif
-
-    a.input = "what do ya want for nothing?";
-    a.inLen  = XSTRLEN(a.input);
-    b.input = "Hi There";
-    b.inLen = XSTRLEN(b.input);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys,
-        (word32)XSTRLEN(keys)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
-    /* Update Hmac. */
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224HmacUpdate */
-
-/*
- * testing wc_HmacUpdate on SHA256 hash.
- */
-static int test_wc_Sha256HmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_SHA256)
-    Hmac hmac;
-    testVector a, b;
-#ifdef HAVE_FIPS
-    const char* keys =
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-#else
-    const char* keys = "Jefe";
-#endif
-
-    a.input = "what do ya want for nothing?";
-    a.inLen  = XSTRLEN(a.input);
-    b.input = "Hi There";
-    b.inLen = XSTRLEN(b.input);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys,
-        (word32)XSTRLEN(keys)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
-    /* Update Hmac. */
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256HmacUpdate */
-
-/*
- * testing wc_HmacUpdate on SHA384  hash.
- */
-static int test_wc_Sha384HmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
-    Hmac hmac;
-    testVector a, b;
-#ifdef HAVE_FIPS
-    const char* keys =
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-#else
-    const char* keys = "Jefe";
-#endif
-
-    a.input = "what do ya want for nothing?";
-    a.inLen  = XSTRLEN(a.input);
-    b.input = "Hi There";
-    b.inLen = XSTRLEN(b.input);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys,
-        (word32)XSTRLEN(keys)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
-    /* Update Hmac. */
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384HmacUpdate */
-
-/*
- * Testing wc_HmacFinal() with MD5
- */
-
-static int test_wc_Md5HmacFinal(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5))
-    Hmac hmac;
-    byte hash[WC_MD5_DIGEST_SIZE];
-    testVector a;
-    const char* key;
-
-    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-    a.input = "Hi There";
-    a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
-               "\x9d";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key)),
-        0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE), 0);
-
-    /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
-#ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Md5HmacFinal */
-
-/*
- * Testing wc_HmacFinal() with SHA
- */
-static int test_wc_ShaHmacFinal(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_SHA)
-    Hmac hmac;
-    byte hash[WC_SHA_DIGEST_SIZE];
-    testVector a;
-    const char* key;
-
-    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b";
-    a.input = "Hi There";
-    a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
-               "\x8e\xf1\x46\xbe\x00";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key)),
-        0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE), 0);
-
-    /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
-#ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ShaHmacFinal */
-
-
-/*
- * Testing wc_HmacFinal() with SHA224
- */
-static int test_wc_Sha224HmacFinal(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
-    Hmac hmac;
-    byte hash[WC_SHA224_DIGEST_SIZE];
-    testVector a;
-    const char* key;
-
-    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b";
-    a.input = "Hi There";
-    a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
-               "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key,
-        (word32)XSTRLEN(key)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE), 0);
-
-    /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
-#ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha224HmacFinal */
-
-/*
- * Testing wc_HmacFinal() with SHA256
- */
-static int test_wc_Sha256HmacFinal(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && !defined(NO_SHA256)
-    Hmac hmac;
-    byte hash[WC_SHA256_DIGEST_SIZE];
-    testVector a;
-    const char* key;
-
-    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b";
-    a.input = "Hi There";
-    a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
-               "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
-               "\xcf\xf7";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key,
-        (word32)XSTRLEN(key)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0);
-
-    /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
-#ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha256HmacFinal */
-
-/*
- * Testing wc_HmacFinal() with SHA384
- */
-static int test_wc_Sha384HmacFinal(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
-    Hmac hmac;
-    byte hash[WC_SHA384_DIGEST_SIZE];
-    testVector a;
-    const char* key;
-
-    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b";
-    a.input = "Hi There";
-    a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
-               "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
-               "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
-               "\xfa\x9c\xb6";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key,
-        (word32)XSTRLEN(key)), 0);
-    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
-    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
-    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE), 0);
-
-    /* Try bad parameters. */
-    ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
-#ifndef HAVE_FIPS
-    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
-#endif
-
-    wc_HmacFree(&hmac);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Sha384HmacFinal */
-
-
-
-/*
- * Testing wc_InitCmac()
- */
-static int test_wc_InitCmac(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
-    Cmac        cmac1;
-    Cmac        cmac2;
-    Cmac        cmac3;
-    /* AES 128 key. */
-    byte        key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
-                         "\x09\x10\x11\x12\x13\x14\x15\x16";
-    /* AES 192 key. */
-    byte        key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
-                         "\x09\x01\x11\x12\x13\x14\x15\x16"
-                         "\x01\x02\x03\x04\x05\x06\x07\x08";
-    /* AES 256 key. */
-    byte        key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
-                         "\x09\x01\x11\x12\x13\x14\x15\x16"
-                         "\x01\x02\x03\x04\x05\x06\x07\x08"
-                         "\x09\x01\x11\x12\x13\x14\x15\x16";
-    word32      key1Sz = (word32)sizeof(key1) - 1;
-    word32      key2Sz = (word32)sizeof(key2) - 1;
-    word32      key3Sz = (word32)sizeof(key3) - 1;
-    int         type   = WC_CMAC_AES;
-
-    (void)key1;
-    (void)key1Sz;
-    (void)key2;
-    (void)key2Sz;
-
-    XMEMSET(&cmac1, 0, sizeof(Cmac));
-    XMEMSET(&cmac2, 0, sizeof(Cmac));
-    XMEMSET(&cmac3, 0, sizeof(Cmac));
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_InitCmac(&cmac1, key1, key1Sz, type, NULL), 0);
-#endif
-#ifdef WOLFSSL_AES_192
-    wc_AesFree(&cmac1.aes);
-    ExpectIntEQ(wc_InitCmac(&cmac2, key2, key2Sz, type, NULL), 0);
-#endif
-#ifdef WOLFSSL_AES_256
-    wc_AesFree(&cmac2.aes);
-    ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, type, NULL), 0);
-#endif
-
-    wc_AesFree(&cmac3.aes);
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitCmac(NULL, key3, key3Sz, type, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitCmac(&cmac3, key3, 0, type, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitCmac */
-
-
-/*
- * Testing wc_CmacUpdate()
- */
-static int test_wc_CmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
-    Cmac        cmac;
-    byte        key[] = {
-        0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
-        0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
-    };
-    byte        in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64"
-                       "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17"
-                       "\xb3\x78\xcf\x85\x22\x41\x74\xd9"
-                       "\xa0\x97\x39\x71\x62\xf1\x8e\x8f"
-                       "\xf4";
-    word32      inSz  = (word32)sizeof(in) - 1;
-    word32      keySz = (word32)sizeof(key);
-    int         type  = WC_CMAC_AES;
-
-    XMEMSET(&cmac, 0, sizeof(Cmac));
-
-    ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0);
-    ExpectIntEQ(wc_CmacUpdate(&cmac, in, inSz), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_CmacUpdate(NULL, in, inSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacUpdate(&cmac, NULL, 30), BAD_FUNC_ARG);
-    wc_AesFree(&cmac.aes);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_CmacUpdate */
-
-
-/*
- * Testing wc_CmacFinal()
- */
-static int test_wc_CmacFinal(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
-    Cmac        cmac;
-    byte        key[] = {
-        0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
-        0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
-    };
-    byte        msg[] = {
-        0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64,
-        0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17,
-        0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9,
-        0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f,
-        0xf4
-    };
-    /* Test vectors from CMACGenAES128.rsp from
-     * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac
-     * Per RFC4493 truncation of lsb is possible.
-     */
-    byte        expMac[] = {
-        0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae,
-        0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb
-    };
-    byte        mac[AES_BLOCK_SIZE];
-    word32      msgSz    = (word32)sizeof(msg);
-    word32      keySz    = (word32)sizeof(key);
-    word32      macSz    = sizeof(mac);
-    word32      badMacSz = 17;
-    int         expMacSz = sizeof(expMac);
-    int         type     = WC_CMAC_AES;
-
-    XMEMSET(&cmac, 0, sizeof(Cmac));
-    XMEMSET(mac, 0, macSz);
-
-    ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0);
-    ExpectIntEQ(wc_CmacUpdate(&cmac, msg, msgSz), 0);
-
-#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_CmacFinalNoFree(NULL, mac, &macSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacFinalNoFree(&cmac, NULL, &macSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacFinalNoFree(&cmac, mac, &badMacSz), BUFFER_E);
-
-    /* For the last call, use the API with implicit wc_CmacFree(). */
-    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0);
-    ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
-#else /* !HAVE_FIPS || FIPS>=5.3 */
-    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0);
-    ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_CmacFinal(NULL, mac, &macSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacFinal(&cmac, NULL, &macSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &badMacSz), BUFFER_E);
-#endif /* !HAVE_FIPS || FIPS>=5.3 */
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_CmacFinal */
-
-
-/*
- * Testing wc_AesCmacGenerate() && wc_AesCmacVerify()
- */
-static int test_wc_AesCmacGenerate(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
-    byte        key[] = {
-        0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e,
-        0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69
-    };
-    byte        msg[]    = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8"
-                           "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4";
-    byte        expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6"
-                           "\x3d\x32\x65\x4c\x66\x23\xc5";
-    byte        mac[AES_BLOCK_SIZE];
-    word32      keySz    = sizeof(key);
-    word32      macSz    = sizeof(mac);
-    word32      msgSz    = sizeof(msg) - 1;
-    word32      expMacSz = sizeof(expMac) - 1;
-
-    XMEMSET(mac, 0, macSz);
-
-    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz), 0);
-    ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz),
-        BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz),
-        BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_AesCmacGenerate */
-
-
-/*
- * Testing streaming AES-GCM API.
- */
-static int test_wc_AesGcmStream(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \
-    defined(WOLFSSL_AESGCM_STREAM)
-    int i;
-    WC_RNG rng[1];
-    Aes aesEnc[1];
-    Aes aesDec[1];
-    byte tag[AES_BLOCK_SIZE];
-    byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, };
-    byte out[AES_BLOCK_SIZE * 3 + 2];
-    byte plain[AES_BLOCK_SIZE * 3 + 2];
-    byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, };
-    byte key[AES_128_KEY_SIZE] = { 0, };
-    byte iv[AES_IV_SIZE] = { 1, };
-    byte ivOut[AES_IV_SIZE];
-    static const byte expTagAAD1[AES_BLOCK_SIZE] = {
-        0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f,
-        0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05
-    };
-    static const byte expTagPlain1[AES_BLOCK_SIZE] = {
-        0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78,
-        0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1
-    };
-    static const byte expTag[AES_BLOCK_SIZE] = {
-        0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96,
-        0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d
-    };
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(&aesEnc, 0, sizeof(Aes));
-    XMEMSET(&aesDec, 0, sizeof(Aes));
-
-    /* Create a random for generating IV/nonce. */
-    ExpectIntEQ(wc_InitRng(rng), 0);
-
-    /* Initialize data structures. */
-    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
-
-    /* BadParameters to streaming init. */
-    ExpectIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ),
-        BAD_FUNC_ARG);
-
-    /* Bad parameters to encrypt update. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1),
-        BAD_FUNC_ARG);
-    /* Bad parameters to decrypt update. */
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1),
-        BAD_FUNC_ARG);
-
-    /* Bad parameters to encrypt final. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1),
-        BAD_FUNC_ARG);
-    /* Bad parameters to decrypt final. */
-    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1),
-        BAD_FUNC_ARG);
-
-    /* Check calling final before setting key fails. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY);
-    /* Check calling update before setting key else fails. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
-        MISSING_KEY);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
-        MISSING_KEY);
-
-    /* Set key but not IV. */
-    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0);
-    /* Check calling final before setting IV fails. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV);
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV);
-    /* Check calling update before setting IV else fails. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
-        MISSING_IV);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
-        MISSING_IV);
-
-    /* Set IV using fixed part IV and external IV APIs. */
-    ExpectIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ,
-        rng), 0);
-    ExpectIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut,
-        GCM_NONCE_MID_SZ), 0);
-    ExpectIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0);
-    /* Encrypt and decrypt data. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0);
-    ExpectIntEQ(XMEMCMP(plain, in, 1), 0);
-    /* Finalize and check tag matches. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
-
-    /* Set key and IV through streaming init API. */
-    wc_AesFree(aesEnc);
-    wc_AesFree(aesDec);
-    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    /* Encrypt/decrypt one block and AAD of one block. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad,
-        AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad,
-        AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0);
-    /* Finalize and check tag matches. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
-
-    /* Set key and IV through streaming init API. */
-    wc_AesFree(aesEnc);
-    wc_AesFree(aesDec);
-    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    /* No data to encrypt/decrypt one byte of AAD. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0);
-    /* Finalize and check tag matches. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
-
-    /* Set key and IV through streaming init API. */
-    wc_AesFree(aesEnc);
-    wc_AesFree(aesDec);
-    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    /* Encrypt/decrypt one byte and no AAD. */
-    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0);
-    ExpectIntEQ(XMEMCMP(plain, in, 1), 0);
-    /* Finalize and check tag matches. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
-
-    /* Set key and IV through streaming init API. */
-    wc_AesFree(aesEnc);
-    wc_AesFree(aesDec);
-    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    /* Encryption AES is one byte at a time */
-    for (i = 0; i < (int)sizeof(aad); i++) {
-        ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1),
-            0);
-    }
-    for (i = 0; i < (int)sizeof(in); i++) {
-        ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0),
-            0);
-    }
-    /* Decryption AES is two bytes at a time */
-    for (i = 0; i < (int)sizeof(aad); i += 2) {
-        ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2),
-            0);
-    }
-    for (i = 0; i < (int)sizeof(aad); i += 2) {
-        ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL,
-            0), 0);
-    }
-    ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
-    /* Finalize and check tag matches. */
-    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
-
-    /* Check streaming encryption can be decrypted with one shot. */
-    wc_AesFree(aesDec);
-    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
-    ExpectIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0);
-    ExpectIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv,
-        AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
-
-    wc_AesFree(aesEnc);
-    wc_AesFree(aesDec);
-    wc_FreeRng(rng);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_AesGcmStream */
-
-
-/*
- * Testing streaming SM4 API.
- */
-static int test_wc_Sm4(void)
-{
-    int res = TEST_SKIPPED;
-#ifdef WOLFSSL_SM4
-    EXPECT_DECLS;
-    wc_Sm4 sm4;
-#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \
-    defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM)
-    unsigned char key[SM4_KEY_SIZE];
-#endif
-#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR)
-    unsigned char iv[SM4_IV_SIZE];
-#endif
-
-    /* Invalid parameters - wc_Sm4Init */
-    ExpectIntEQ(wc_Sm4Init(NULL, NULL, INVALID_DEVID), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4Init */
-    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-
-#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \
-    defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM)
-    XMEMSET(key, 0, sizeof(key));
-
-    /* Invalid parameters - wc_Sm4SetKey. */
-    ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(NULL, key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(NULL, key, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE-1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE+1), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4SetKey. */
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
-#endif
-
-#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR)
-    XMEMSET(iv, 0, sizeof(iv));
-
-    /* Invalid parameters - wc_Sm4SetIV. */
-    ExpectIntEQ(wc_Sm4SetIV(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4SetIV(NULL, iv), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4SetIV. */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-#endif
-
-    /* Valid cases - wc_Sm4Free */
-    wc_Sm4Free(NULL);
-    wc_Sm4Free(&sm4);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-} /* END test_wc_Sm4 */
-
-/*
- * Testing block based SM4-ECB API.
- */
-static int test_wc_Sm4Ecb(void)
-{
-    int res = TEST_SKIPPED;
-#ifdef WOLFSSL_SM4_ECB
-    EXPECT_DECLS;
-    wc_Sm4 sm4;
-    unsigned char key[SM4_KEY_SIZE];
-    unsigned char in[SM4_BLOCK_SIZE * 2];
-    unsigned char out[SM4_BLOCK_SIZE * 2];
-    unsigned char out2[SM4_BLOCK_SIZE];
-
-    XMEMSET(key, 0, sizeof(key));
-    XMEMSET(in, 0, sizeof(in));
-
-    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), MISSING_KEY);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), MISSING_KEY);
-
-    /* Tested in test_wc_Sm4. */
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
-
-    /* Invalid parameters - wc_Sm4EcbEncrypt. */
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4EcbEncrypt. */
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), 0);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
-    /*   In and out are same pointer. */
-    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
-
-    /* Invalid parameters - wc_Sm4EcbDecrypt. */
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4EcbDecrypt. */
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), 0);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
-    /*   In and out are same pointer. */
-    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
-
-    wc_Sm4Free(&sm4);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-} /* END test_wc_Sm4Ecb */
-
-/*
- * Testing block based SM4-CBC API.
- */
-static int test_wc_Sm4Cbc(void)
-{
-    int res = TEST_SKIPPED;
-#ifdef WOLFSSL_SM4_CBC
-    EXPECT_DECLS;
-    wc_Sm4 sm4;
-    unsigned char key[SM4_KEY_SIZE];
-    unsigned char iv[SM4_IV_SIZE];
-    unsigned char in[SM4_BLOCK_SIZE * 2];
-    unsigned char out[SM4_BLOCK_SIZE * 2];
-    unsigned char out2[SM4_BLOCK_SIZE];
-
-    XMEMSET(key, 0, sizeof(key));
-    XMEMSET(iv, 0, sizeof(iv));
-    XMEMSET(in, 0, sizeof(in));
-
-    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), MISSING_KEY);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), MISSING_KEY);
-    /* Tested in test_wc_Sm4. */
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), MISSING_IV);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), MISSING_IV);
-    /* Tested in test_wc_Sm4. */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-
-    /* Invalid parameters - wc_Sm4CbcEncrypt. */
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4CbcEncrypt. */
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), 0);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
-    /*   In and out are same pointer. */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
-
-    /* Invalid parameters - wc_Sm4CbcDecrypt. */
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    /* Valid cases - wc_Sm4CbcDecrypt. */
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), 0);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
-    /*   In and out are same pointer. */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
-
-    wc_Sm4Free(&sm4);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-} /* END test_wc_Sm4Cbc */
-
-/*
- * Testing streaming SM4-CTR API.
- */
-static int test_wc_Sm4Ctr(void)
-{
-    int res = TEST_SKIPPED;
-#ifdef WOLFSSL_SM4_CTR
-    EXPECT_DECLS;
-    wc_Sm4 sm4;
-    unsigned char key[SM4_KEY_SIZE];
-    unsigned char iv[SM4_IV_SIZE];
-    unsigned char in[SM4_BLOCK_SIZE * 4];
-    unsigned char out[SM4_BLOCK_SIZE * 4];
-    unsigned char out2[SM4_BLOCK_SIZE * 4];
-    word32 chunk;
-    word32 i;
-
-    XMEMSET(key, 0, sizeof(key));
-    XMEMSET(iv, 0, sizeof(iv));
-    XMEMSET(in, 0, sizeof(in));
-
-    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), MISSING_KEY);
-    /* Tested in test_wc_Sm4. */
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), MISSING_IV);
-    /* Tested in test_wc_Sm4. */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-
-    /* Invalid parameters - wc_Sm4CtrEncrypt. */
-    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, in, 0), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4CtrEncrypt. */
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, 1), 0);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 2), 0);
-    ExpectIntEQ(XMEMCMP(out, out2, 1), 0);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(out2, out, 2), 0);
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
-    /*   In and out are same pointer. Also check encrypt of cipher text produces
-     *   plaintext.
-     */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, out, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
-
-    /* Chunking tests. */
-    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, (word32)sizeof(in)), 0);
-    for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) {
-        ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-        for (i = 0; i + chunk <= (word32)sizeof(in); i += chunk) {
-             ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i, chunk), 0);
-        }
-        if (i < (word32)sizeof(in)) {
-             ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i,
-                 (word32)sizeof(in) - i), 0);
-        }
-        ExpectIntEQ(XMEMCMP(out, out2, (word32)sizeof(out)), 0);
-    }
-
-    for (i = 0; i < (word32)sizeof(iv); i++) {
-        iv[i] = 0xff;
-        ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-        ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
-        ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
-        ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, out, SM4_BLOCK_SIZE * 2), 0);
-        ExpectIntEQ(XMEMCMP(out2, in, SM4_BLOCK_SIZE * 2), 0);
-    }
-
-    wc_Sm4Free(&sm4);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-} /* END test_wc_Sm4Ctr */
-
-/*
- * Testing stream SM4-GCM API.
- */
-static int test_wc_Sm4Gcm(void)
-{
-    int res = TEST_SKIPPED;
-#ifdef WOLFSSL_SM4_GCM
-    EXPECT_DECLS;
-    wc_Sm4 sm4;
-    unsigned char key[SM4_KEY_SIZE];
-    unsigned char nonce[GCM_NONCE_MAX_SZ];
-    unsigned char in[SM4_BLOCK_SIZE * 2];
-    unsigned char in2[SM4_BLOCK_SIZE * 2];
-    unsigned char out[SM4_BLOCK_SIZE * 2];
-    unsigned char out2[SM4_BLOCK_SIZE * 2];
-    unsigned char dec[SM4_BLOCK_SIZE * 2];
-    unsigned char tag[SM4_BLOCK_SIZE];
-    unsigned char aad[SM4_BLOCK_SIZE * 2];
-    word32 i;
-
-    XMEMSET(key, 0, sizeof(key));
-    XMEMSET(nonce, 0, sizeof(nonce));
-    XMEMSET(in, 0, sizeof(in));
-    XMEMSET(in2, 0, sizeof(in2));
-    XMEMSET(aad, 0, sizeof(aad));
-
-    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
-
-    /* Invalid parameters - wc_Sm4GcmSetKey. */
-    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, SM4_KEY_SIZE), BAD_FUNC_ARG);
-
-    /* Valid parameters - wc_Sm4GcmSetKey. */
-    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, SM4_KEY_SIZE), 0);
-
-    /* Invalid parameters - wc_Sm4GcmEncrypt. */
-    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ,
-        NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
-        SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, 0, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ,
-        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), BAD_FUNC_ARG);
-
-    /* Invalid parameters - wc_Sm4GcmDecrypt. */
-    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ,
-        NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
-        SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, 0, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ,
-        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
-        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0);
-
-    /* Check vald values of nonce - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-        GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-        GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
-        GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)),
-        SM4_GCM_AUTH_E);
-
-    /* Check valid values of tag size - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
-    for (i = WOLFSSL_MIN_AUTH_TAG_SZ; i < SM4_BLOCK_SIZE; i++) {
-        ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-            GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0);
-        ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-            GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0);
-    }
-
-    /* Check different in/out sizes. */
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce,
-        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) {
-        XMEMCPY(out2, out, i - 1);
-        ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, i, nonce, GCM_NONCE_MID_SZ,
-            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0);
-        ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, dec, out, i, nonce, GCM_NONCE_MID_SZ,
-            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(XMEMCMP(in, dec, i), 0);
-    }
-
-    /* Force the counter to roll over in first byte. */
-    {
-        static unsigned char largeIn[256 * SM4_BLOCK_SIZE];
-        static unsigned char largeOut[256 * SM4_BLOCK_SIZE];
-
-        ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn),
-            nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn),
-            nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0);
-    }
-
-    wc_Sm4Free(&sm4);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-} /* END test_wc_Sm4Gcm */
-
-/*
- * Testing stream SM4-CCM API.
- */
-static int test_wc_Sm4Ccm(void)
-{
-    int res = TEST_SKIPPED;
-#ifdef WOLFSSL_SM4_CCM
-    EXPECT_DECLS;
-    wc_Sm4 sm4;
-    unsigned char key[SM4_KEY_SIZE];
-    unsigned char nonce[CCM_NONCE_MAX_SZ];
-    unsigned char in[SM4_BLOCK_SIZE * 2];
-    unsigned char in2[SM4_BLOCK_SIZE * 2];
-    unsigned char out[SM4_BLOCK_SIZE * 2];
-    unsigned char out2[SM4_BLOCK_SIZE * 2];
-    unsigned char dec[SM4_BLOCK_SIZE * 2];
-    unsigned char tag[SM4_BLOCK_SIZE];
-    unsigned char aad[SM4_BLOCK_SIZE * 2];
-    word32 i;
-
-    XMEMSET(key, 0, sizeof(key));
-    XMEMSET(nonce, 0, sizeof(nonce));
-    XMEMSET(in, 0, sizeof(in));
-    XMEMSET(in2, 0, sizeof(in2));
-    XMEMSET(aad, 0, sizeof(aad));
-
-    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
-    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
-
-    /* Invalid parameters - wc_Sm4CcmEncrypt. */
-    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
-        NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
-        SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, 0, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ,
-        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), BAD_FUNC_ARG);
-
-    /* Invalid parameters - wc_Sm4CcmDecrypt. */
-    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
-        NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
-        SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, 0, tag,
-        SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ,
-        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        WOLFSSL_MIN_AUTH_TAG_SZ - 1, aad, sizeof(aad)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
-        SM4_BLOCK_SIZE + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
-
-    /* Valid cases - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
-        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0);
-
-    /* Check vald values of nonce - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
-    for (i = CCM_NONCE_MIN_SZ; i <= CCM_NONCE_MAX_SZ; i++) {
-        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-            i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-            i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-    }
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-        CCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)),
-        SM4_CCM_AUTH_E);
-
-    /* Check invalid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
-    for (i = 0; i < 4; i++) {
-        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
-    }
-    /*   Odd values in range 4..SM4_BLOCK_SIZE. */
-    for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) {
-        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
-    }
-    /* Check valid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt.
-     * Even values in range 4..SM4_BLOCK_SIZE.
-     */
-    for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) {
-        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0);
-        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
-            CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0);
-    }
-
-    /* Check different in/out sizes. */
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce,
-        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
-    for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) {
-        XMEMCPY(out2, out, i - 1);
-        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, i, nonce, CCM_NONCE_MAX_SZ,
-            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0);
-        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, dec, out, i, nonce, CCM_NONCE_MAX_SZ,
-            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(XMEMCMP(in, dec, i), 0);
-    }
-
-    /* Force the counter to roll over in first byte. */
-    {
-        static unsigned char largeIn[256 * SM4_BLOCK_SIZE];
-        static unsigned char largeOut[256 * SM4_BLOCK_SIZE];
-
-        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn),
-            nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn),
-            nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
-        ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0);
-    }
-
-    wc_Sm4Free(&sm4);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-} /* END test_wc_Sm4Ccm */
-
-
-/*
- * unit test for wc_Des3_SetIV()
- */
-static int test_wc_Des3_SetIV(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_DES3
-    Des3 des;
-    const byte key[] = {
-        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
-        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
-        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
-    };
-    const byte iv[] = {
-        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
-        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
-    };
-
-    XMEMSET(&des, 0, sizeof(Des3));
-
-    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
-
-    /* DES_ENCRYPTION or DES_DECRYPTION */
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
-    ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0);
-
-#ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */
-    /* Test explicitly wc_Des3_SetIV()  */
-    ExpectIntEQ(wc_Des3_SetIV(NULL, iv), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_SetIV(&des, NULL), 0);
-#endif
-    wc_Des3Free(&des);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Des3_SetIV */
-
-/*
- * unit test for wc_Des3_SetKey()
- */
-static int test_wc_Des3_SetKey(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_DES3
-    Des3 des;
-    const byte key[] = {
-        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
-        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
-        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
-    };
-    const byte iv[] = {
-        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
-        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
-    };
-
-    XMEMSET(&des, 0, sizeof(Des3));
-
-    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
-
-    /* DES_ENCRYPTION or DES_DECRYPTION */
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
-    ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, -1), BAD_FUNC_ARG);
-    /* Default case. Should return 0. */
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION), 0);
-
-    wc_Des3Free(&des);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Des3_SetKey */
-
-
-/*
- * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
- */
-static int test_wc_Des3_CbcEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_DES3
-    Des3 des;
-    byte cipher[24];
-    byte plain[24];
-    const byte key[] = {
-        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
-        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
-        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
-    };
-    const byte iv[] = {
-        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
-        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
-    };
-    const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-
-    XMEMSET(&des, 0, sizeof(Des3));
-
-    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
-
-    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, vector, 24), 0);
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION), 0);
-    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, cipher, 24), 0);
-    ExpectIntEQ(XMEMCMP(plain, vector, 24), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_Des3_CbcEncrypt(NULL, cipher, vector, 24), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, NULL, vector, 24), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector)),
-        BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_Des3_CbcDecrypt(NULL, plain, cipher, 24), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, NULL, cipher, 24), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, NULL, 24), BAD_FUNC_ARG);
-
-    wc_Des3Free(&des);
-#endif
-    return EXPECT_RESULT();
-
-} /* END wc_Des3_CbcEncrypt */
-
-/*
- *  Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey
- */
-static int test_wc_Des3_CbcEncryptDecryptWithKey(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_DES3
-    word32 vectorSz, cipherSz;
-    byte cipher[24];
-    byte plain[24];
-    byte vector[] = { /* Now is the time for all w/o trailing 0 */
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-    byte key[] = {
-        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
-        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
-        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
-    };
-    byte iv[] = {
-        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
-        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
-    };
-
-    vectorSz = sizeof(byte) * 24;
-    cipherSz = sizeof(byte) * 24;
-
-    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv),
-        0);
-    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv), 0);
-    ExpectIntEQ(XMEMCMP(plain, vector, 24), 0);
-
-    /* pass in bad args. */
-    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, NULL),
-        0);
-
-    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL),
-        0);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Des3_CbcEncryptDecryptWithKey */
-/*
- *  Unit test for wc_Des3_EcbEncrypt
- */
-static int test_wc_Des3_EcbEncrypt(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
-    Des3    des;
-    byte    cipher[24];
-    word32  cipherSz = sizeof(cipher);
-    const byte key[] = {
-        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
-        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
-        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
-    };
-    const byte iv[] = {
-        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
-        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
-    };
-    const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-
-    XMEMSET(&des, 0, sizeof(Des3));
-
-    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
-
-    /* Bad Cases */
-    ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, 0, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, 0), 0);
-
-    /* Good Cases */
-    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz), 0);
-
-    wc_Des3Free(&des);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Des3_EcbEncrypt */
-
-/*
- * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV()
- */
-static int test_wc_Chacha_SetKey(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CHACHA
-    ChaCha     ctx;
-    const byte key[] = {
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
-    };
-    word32 keySz = (word32)(sizeof(key)/sizeof(byte));
-    byte       cipher[128];
-
-    XMEMSET(cipher, 0, sizeof(cipher));
-    ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, keySz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_Chacha_SetKey(NULL, key, keySz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, 18), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_Chacha_SetIV(&ctx, cipher, 0), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_Chacha_SetIV(NULL, cipher, 0), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Chacha_SetKey */
-
-/*
- * unit test for wc_Poly1305SetKey()
- */
-static int test_wc_Poly1305SetKey(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_POLY1305
-    Poly1305    ctx;
-    const byte  key[] =
-    {
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
-    };
-    word32 keySz = (word32)(sizeof(key)/sizeof(byte));
-
-    ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, keySz), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Poly1305SetKey(NULL, key,keySz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Poly1305SetKey(&ctx, NULL, keySz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, 18), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Poly1305_SetKey() */
-
-/*
- * Testing wc_Chacha_Process()
- */
-static int test_wc_Chacha_Process(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CHACHA
-    ChaCha      enc, dec;
-    byte        cipher[128];
-    byte        plain[128];
-    const byte  key[] =
-    {
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
-    };
-    const char* input = "Everybody gets Friday off.";
-    word32      keySz = sizeof(key)/sizeof(byte);
-    unsigned long int inlen = XSTRLEN(input);
-
-    /* Initialize stack variables. */
-    XMEMSET(cipher, 0, 128);
-    XMEMSET(plain, 0, 128);
-
-    ExpectIntEQ(wc_Chacha_SetKey(&enc, key, keySz), 0);
-    ExpectIntEQ(wc_Chacha_SetKey(&dec, key, keySz), 0);
-    ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0);
-    ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0);
-
-    ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen),
-        0);
-    ExpectIntEQ(wc_Chacha_Process(&dec, plain, cipher, (word32)inlen), 0);
-    ExpectIntEQ(XMEMCMP(input, plain, (int)inlen), 0);
-
-#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
-    /* test checking and using leftovers, currently just in C code */
-    ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0);
-    ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0);
-
-    ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input,
-        (word32)inlen - 2), 0);
-    ExpectIntEQ(wc_Chacha_Process(&enc, cipher + (inlen - 2),
-        (byte*)input + (inlen - 2), 2), 0);
-    ExpectIntEQ(wc_Chacha_Process(&dec, plain, (byte*)cipher,
-        (word32)inlen - 2), 0);
-    ExpectIntEQ(wc_Chacha_Process(&dec, cipher + (inlen - 2),
-        (byte*)input + (inlen - 2), 2), 0);
-    ExpectIntEQ(XMEMCMP(input, plain, (int)inlen), 0);
-
-    /* check edge cases with counter increment */
-    {
-        /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/
-        const byte expected[] = {
-            0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F,
-            0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D,
-            0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20,
-            0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29,
-            0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37,
-            0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38,
-            0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88,
-            0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5,
-            0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E,
-            0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51,
-            0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5,
-            0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43,
-            0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07,
-            0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E,
-            0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4,
-            0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37,
-            0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9,
-            0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04,
-            0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06,
-            0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8,
-            0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B,
-            0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35,
-            0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54,
-            0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19,
-            0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3,
-            0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B,
-            0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23,
-            0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3,
-            0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41,
-            0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2,
-            0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35,
-            0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14
-        };
-        const byte iv2[] = {
-            0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9,
-            0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93
-        };
-        byte input2[256];
-        int i;
-
-        for (i = 0; i < 256; i++)
-            input2[i] = i;
-
-        ExpectIntEQ(wc_Chacha_SetIV(&enc, iv2, 0), 0);
-
-        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2, 64), 0);
-        ExpectIntEQ(XMEMCMP(expected, cipher, 64), 0);
-
-        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 64, 128), 0);
-        ExpectIntEQ(XMEMCMP(expected + 64, cipher, 128), 0);
-
-        /* partial */
-        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 192, 32), 0);
-        ExpectIntEQ(XMEMCMP(expected + 192, cipher, 32), 0);
-
-        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 224, 32), 0);
-        ExpectIntEQ(XMEMCMP(expected + 224, cipher, 32), 0);
-    }
-#endif
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen),
-        BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Chacha_Process */
-
-/*
- * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt()
- */
-static int test_wc_ChaCha20Poly1305_aead(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-    const byte  key[] = {
-        0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
-        0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
-        0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
-        0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
-    };
-    const byte  plaintext[] = {
-        0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
-        0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
-        0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
-        0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
-        0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
-        0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
-        0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
-        0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
-        0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
-        0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
-        0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
-        0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
-        0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
-        0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
-        0x74, 0x2e
-    };
-    const byte  iv[] = {
-        0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
-        0x44, 0x45, 0x46, 0x47
-    };
-    const byte  aad[] = { /* additional data */
-        0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
-        0xc4, 0xc5, 0xc6, 0xc7
-    };
-    const byte  cipher[] = { /* expected output from operation */
-        0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
-        0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
-        0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
-        0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
-        0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
-        0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
-        0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
-        0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
-        0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
-        0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
-        0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
-        0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
-        0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
-        0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
-        0x61, 0x16
-    };
-    const byte  authTag[] = { /* expected output from operation */
-        0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
-        0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
-    };
-    byte        generatedCiphertext[272];
-    byte        generatedPlaintext[272];
-    byte        generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
-
-    /* Initialize stack variables. */
-    XMEMSET(generatedCiphertext, 0, 272);
-    XMEMSET(generatedPlaintext, 0, 272);
-
-    /* Test Encrypt */
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
-        plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        0);
-    ExpectIntEQ(XMEMCMP(generatedCiphertext, cipher,
-        sizeof(cipher)/sizeof(byte)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad),
-        plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad),
-        plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL,
-        sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
-        NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
-        plaintext, sizeof(plaintext), NULL, generatedAuthTag), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
-        plaintext, sizeof(plaintext), generatedCiphertext, NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
-        sizeof(cipher), authTag, generatedPlaintext), 0);
-    ExpectIntEQ(XMEMCMP(generatedPlaintext, plaintext,
-        sizeof(plaintext)/sizeof(byte)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher,
-        sizeof(cipher), authTag, generatedPlaintext),  BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad),
-        cipher, sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
-        sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
-        sizeof(cipher), NULL, generatedPlaintext), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
-        sizeof(cipher), authTag, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
-        sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ChaCha20Poly1305_aead */
-
-
-/*
- * Testing function for wc_Rc2SetKey().
- */
-static int test_wc_Rc2SetKey(void)
-{
-    EXPECT_DECLS;
-#ifdef WC_RC2
-    Rc2  rc2;
-    byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
-    byte iv[]    = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
-
-    /* valid key and IV */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
-        iv, 40), 0);
-    /* valid key, no IV */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
-        NULL, 40), 0);
-
-    /* bad arguments  */
-    /* null Rc2 struct */
-    ExpectIntEQ(wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte),
-        iv, 40), BAD_FUNC_ARG);
-    /* null key */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte),
-        iv, 40), BAD_FUNC_ARG);
-    /* key size == 0 */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 0, iv, 40), WC_KEY_SIZE_E);
-    /* key size > 128 */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 129, iv, 40), WC_KEY_SIZE_E);
-    /* effective bits == 0 */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
-        iv, 0), WC_KEY_SIZE_E);
-    /* effective bits > 1024 */
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
-        iv, 1025), WC_KEY_SIZE_E);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Rc2SetKey */
-
-/*
- * Testing function for wc_Rc2SetIV().
- */
-static int test_wc_Rc2SetIV(void)
-{
-    EXPECT_DECLS;
-#ifdef WC_RC2
-    Rc2  rc2;
-    byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
-
-    /* valid IV */
-    ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0);
-    /* valid NULL IV */
-    ExpectIntEQ(wc_Rc2SetIV(&rc2, NULL), 0);
-
-    /* bad arguments */
-    ExpectIntEQ(wc_Rc2SetIV(NULL, iv), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Rc2SetIV(NULL, NULL), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Rc2SetIV */
-
-/*
- * Testing function for wc_Rc2EcbEncrypt() and wc_Rc2EcbDecrypt().
- */
-static int test_wc_Rc2EcbEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#ifdef WC_RC2
-    Rc2 rc2;
-    int effectiveKeyBits = 63;
-    byte cipher[RC2_BLOCK_SIZE];
-    byte plain[RC2_BLOCK_SIZE];
-    byte key[]    = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-    byte input[]  = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-    byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff };
-
-    XMEMSET(cipher, 0, sizeof(cipher));
-    XMEMSET(plain, 0, sizeof(plain));
-
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
-        NULL, effectiveKeyBits), 0);
-    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(cipher, output, RC2_BLOCK_SIZE), 0);
-
-    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(plain, input, RC2_BLOCK_SIZE), 0);
-
-    /* Rc2EcbEncrypt bad arguments */
-    /* null Rc2 struct */
-    ExpectIntEQ(wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    /* null out buffer */
-    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    /* null input buffer */
-    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    /* output buffer sz != RC2_BLOCK_SIZE (8) */
-    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, 7), BUFFER_E);
-
-    /* Rc2EcbDecrypt bad arguments */
-    /* null Rc2 struct */
-    ExpectIntEQ(wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    /* null out buffer */
-    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    /* null input buffer */
-    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    /* output buffer sz != RC2_BLOCK_SIZE (8) */
-    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, output, 7), BUFFER_E);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Rc2EcbEncryptDecrypt */
-
-/*
- * Testing function for wc_Rc2CbcEncrypt() and wc_Rc2CbcDecrypt().
- */
-static int test_wc_Rc2CbcEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#ifdef WC_RC2
-    Rc2 rc2;
-    int effectiveKeyBits = 63;
-    byte cipher[RC2_BLOCK_SIZE*2];
-    byte plain[RC2_BLOCK_SIZE*2];
-    /* vector taken from test.c */
-    byte key[] = {
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-    };
-    byte iv[] = {
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-    };
-    byte input[] = {
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-    };
-    byte output[] = {
-        0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff,
-        0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57
-    };
-
-    XMEMSET(cipher, 0, sizeof(cipher));
-    XMEMSET(plain, 0, sizeof(plain));
-
-    ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
-        iv, effectiveKeyBits), 0);
-    ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input)), 0);
-    ExpectIntEQ(XMEMCMP(cipher, output, sizeof(output)), 0);
-
-    /* reset IV for decrypt */
-    ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0);
-    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher)), 0);
-    ExpectIntEQ(XMEMCMP(plain, input, sizeof(input)), 0);
-
-    /* Rc2CbcEncrypt bad arguments */
-    /* null Rc2 struct */
-    ExpectIntEQ(wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input)),
-        BAD_FUNC_ARG);
-    /* null out buffer */
-    ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input)),
-        BAD_FUNC_ARG);
-    /* null input buffer */
-    ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input)),
-        BAD_FUNC_ARG);
-
-    /* Rc2CbcDecrypt bad arguments */
-    /* in size is 0 */
-    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, output, 0), 0);
-    /* null Rc2 struct */
-    ExpectIntEQ(wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output)),
-        BAD_FUNC_ARG);
-    /* null out buffer */
-    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output)),
-        BAD_FUNC_ARG);
-    /* null input buffer */
-    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output)),
-        BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_Rc2CbcEncryptDecrypt */
-
-
-/*
- * Testing function for wc_AesSetIV
- */
-static int test_wc_AesSetIV(void)
-{
-    int res = TEST_SKIPPED;
-#if !defined(NO_AES) && defined(WOLFSSL_AES_128)
-    Aes     aes;
-    int     ret = 0;
-    byte    key16[] =
-    {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-    byte    iv1[]    = "1234567890abcdef";
-    byte    iv2[]    = "0987654321fedcba";
-
-    ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
-    if (ret != 0)
-        return ret;
-
-    ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
-                                                     iv1, AES_ENCRYPTION);
-    if (ret == 0) {
-        ret = wc_AesSetIV(&aes, iv2);
-    }
-    /* Test bad args. */
-    if (ret == 0) {
-        ret = wc_AesSetIV(NULL, iv1);
-        if (ret == BAD_FUNC_ARG) {
-            /* NULL iv should return 0. */
-            ret = wc_AesSetIV(&aes, NULL);
-        }
-        else {
-            ret = WOLFSSL_FATAL_ERROR;
-        }
-    }
-
-    wc_AesFree(&aes);
-
-    res = TEST_RES_CHECK(ret == 0);
-#endif
-    return res;
-} /* test_wc_AesSetIV */
-
-
-/*
- * Testing function for wc_AesSetKey().
- */
-static int test_wc_AesSetKey(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_AES
-    Aes  aes;
-    byte key16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#ifdef WOLFSSL_AES_192
-    byte key24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
-    };
-#endif
-#ifdef WOLFSSL_AES_256
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#endif
-    byte badKey16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
-    };
-    byte iv[] = "1234567890abcdef";
-
-    XMEMSET(&aes, 0, sizeof(Aes));
-
-    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_AesSetKey(&aes, key16, (word32)sizeof(key16) / sizeof(byte),
-        iv, AES_ENCRYPTION), 0);
-#endif
-#ifdef WOLFSSL_AES_192
-    ExpectIntEQ(wc_AesSetKey(&aes, key24, (word32)sizeof(key24) / sizeof(byte),
-        iv, AES_ENCRYPTION), 0);
-#endif
-#ifdef WOLFSSL_AES_256
-    ExpectIntEQ(wc_AesSetKey(&aes, key32, (word32)sizeof(key32) / sizeof(byte),
-        iv, AES_ENCRYPTION), 0);
-#endif
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_AesSetKey(NULL, key16, (word32)sizeof(key16) / sizeof(byte),
-        iv, AES_ENCRYPTION), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesSetKey(&aes, badKey16,
-        (word32)sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION),
-        BAD_FUNC_ARG);
-
-    wc_AesFree(&aes);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_AesSetKey */
-
-
-
-/*
- * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(),
- * and wc_AesCbcDecryptWithKey()
- */
-static int test_wc_AesCbcEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \
-    defined(WOLFSSL_AES_256)
-    Aes  aes;
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-    byte vector[] = { /* Now is the time for all good men w/o trailing 0 */
-        0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
-        0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
-        0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20,
-        0x67, 0x6f, 0x6f, 0x64, 0x20, 0x6d, 0x65, 0x6e
-    };
-    byte    iv[]   = "1234567890abcdef";
-    byte    enc[sizeof(vector)];
-    byte    dec[sizeof(vector)];
-    byte    dec2[sizeof(vector)];
-
-    /* Init stack variables. */
-    XMEMSET(&aes, 0, sizeof(Aes));
-    XMEMSET(enc, 0, sizeof(enc));
-    XMEMSET(dec, 0, sizeof(vector));
-    XMEMSET(dec2, 0, sizeof(vector));
-
-    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv,
-        AES_ENCRYPTION), 0);
-    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector)), 0);
-
-    /* Re init for decrypt and set flag. */
-    ExpectIntEQ(wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv,
-        AES_DECRYPTION), 0);
-    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector)), 0);
-    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
-
-    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, key32,
-        sizeof(key32)/sizeof(byte), iv), 0);
-    ExpectIntEQ(XMEMCMP(vector, dec2, AES_BLOCK_SIZE), 0);
-
-    /* Pass in bad args */
-    ExpectIntEQ(wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector)),
-        BAD_FUNC_ARG);
-#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1),
-        BAD_LENGTH_E);
-#endif
-#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
-    (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI)
-    fprintf(stderr, "Zero length inputs not supported with AESNI in FIPS "
-                    "mode (v2), skip test");
-#else
-    /* Test passing in size of 0  */
-    XMEMSET(enc, 0, sizeof(enc));
-    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, 0), 0);
-    /* Check enc was not modified */
-    {
-        int i;
-        for (i = 0; i < (int)sizeof(enc); i++)
-            ExpectIntEQ(enc[i], 0);
-    }
-#endif
-
-    ExpectIntEQ(wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1),
-        BAD_LENGTH_E);
-#else
-    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1),
-        BAD_FUNC_ARG);
-#endif
-
-    /* Test passing in size of 0  */
-    XMEMSET(dec, 0, sizeof(dec));
-    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, 0), 0);
-    /* Check dec was not modified */
-    {
-        int i;
-        for (i = 0; i < (int)sizeof(dec); i++)
-            ExpectIntEQ(dec[i], 0);
-    }
-
-    ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE,
-        key32, sizeof(key32)/sizeof(byte), iv), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE,
-        key32, sizeof(key32)/sizeof(byte), iv), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
-        NULL, sizeof(key32)/sizeof(byte), iv), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
-        key32, sizeof(key32)/sizeof(byte), NULL), BAD_FUNC_ARG);
-
-    wc_AesFree(&aes);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_AesCbcEncryptDecrypt */
-
-/*
- * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt
- */
-static int test_wc_AesCtrEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
-    Aes aesEnc;
-    Aes aesDec;
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-    byte vector[] = { /* Now is the time for all w/o trailing 0 */
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-    byte iv[] = "1234567890abcdef";
-    byte enc[AES_BLOCK_SIZE * 2];
-    byte dec[AES_BLOCK_SIZE * 2];
-
-    /* Init stack variables. */
-    XMEMSET(&aesEnc, 0, sizeof(Aes));
-    XMEMSET(&aesDec, 0, sizeof(Aes));
-    XMEMSET(enc, 0, AES_BLOCK_SIZE * 2);
-    XMEMSET(dec, 0, AES_BLOCK_SIZE * 2);
-
-    ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0);
-
-    ExpectIntEQ(wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2, iv,
-        AES_ENCRYPTION), 0);
-    ExpectIntEQ(wc_AesCtrEncrypt(&aesEnc, enc, vector,
-        sizeof(vector)/sizeof(byte)), 0);
-    /* Decrypt with wc_AesCtrEncrypt() */
-    ExpectIntEQ(wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2, iv,
-        AES_ENCRYPTION), 0);
-    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte)),
-        0);
-    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)),
-        BAD_FUNC_ARG);
-
-    wc_AesFree(&aesEnc);
-    wc_AesFree(&aesDec);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_AesCtrEncryptDecrypt */
-
-/*
- * test function for wc_AesGcmSetKey()
- */
-static int test_wc_AesGcmSetKey(void)
-{
-    EXPECT_DECLS;
-#if  !defined(NO_AES) && defined(HAVE_AESGCM)
-    Aes aes;
-#ifdef WOLFSSL_AES_128
-    byte key16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#endif
-#ifdef WOLFSSL_AES_192
-    byte key24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
-    };
-#endif
-#ifdef WOLFSSL_AES_256
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#endif
-    byte badKey16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
-    };
-    byte badKey24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
-    };
-    byte badKey32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
-    };
-
-    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)), 0);
-#endif
-#ifdef WOLFSSL_AES_192
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)), 0);
-#endif
-#ifdef WOLFSSL_AES_256
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0);
-#endif
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)),
-        BAD_FUNC_ARG);
-
-    wc_AesFree(&aes);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_AesGcmSetKey */
-
-/*
- * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt
- */
-static int test_wc_AesGcmEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-    /* WOLFSSL_AFALG requires 12 byte IV */
-#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \
-    !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES)
-    Aes  aes;
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-    byte vector[] = { /* Now is the time for all w/o trailing 0 */
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-    const byte a[] = {
-        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-        0xab, 0xad, 0xda, 0xd2
-    };
-    byte iv[] = "1234567890a";
-    byte longIV[] = "1234567890abcdefghij";
-    byte enc[sizeof(vector)];
-    byte resultT[AES_BLOCK_SIZE];
-    byte dec[sizeof(vector)];
-
-    /* Init stack variables. */
-    XMEMSET(&aes, 0, sizeof(Aes));
-    XMEMSET(enc, 0, sizeof(vector));
-    XMEMSET(dec, 0, sizeof(vector));
-    XMEMSET(resultT, 0, AES_BLOCK_SIZE);
-
-    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
-
-    ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0);
-    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0);
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0);
-    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
-
-    /* Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */
-    ExpectIntEQ(wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) - 5, a, sizeof(a)),
-        BAD_FUNC_ARG);
-
-#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
-        (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \
-        defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
-        /* FIPS does not check the lower bound of ivSz */
-#else
-        ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, 0,
-            resultT, sizeof(resultT), a, sizeof(a)), BAD_FUNC_ARG);
-#endif
-
-    /* This case is now considered good. Long IVs are now allowed.
-     * Except for the original FIPS release, it still has an upper
-     * bound on the IV length. */
-#if (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
-    !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
-    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
-        sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        0);
-#else
-    (void)longIV;
-#endif /* Old FIPS */
-    /* END wc_AesGcmEncrypt */
-
-#ifdef HAVE_AES_DECRYPT
-    ExpectIntEQ(wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), NULL,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
-        sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)),
-        BAD_FUNC_ARG);
-    #if (defined(HAVE_FIPS) && FIPS_VERSION_LE(2,0) && defined(WOLFSSL_ARMASM))
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
-        AES_GCM_AUTH_E);
-    #else
-    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
-        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
-        BAD_FUNC_ARG);
-    #endif
-    #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
-            (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \
-            !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
-            /* FIPS does not check the lower bound of ivSz */
-    #else
-        ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
-            iv, 0, resultT, sizeof(resultT), a, sizeof(a)), BAD_FUNC_ARG);
-    #endif
-#endif /* HAVE_AES_DECRYPT */
-
-    wc_AesFree(&aes);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_AesGcmEncryptDecrypt */
-
-/*
- * test function for mixed (one-shot encrpytion + stream decryption) AES GCM
- * using a long IV (older FIPS does NOT support long IVs).  Relates to zd15423
- */
-static int test_wc_AesGcmMixedEncDecLongIV(void)
-{
-    EXPECT_DECLS;
-#if  (!defined(HAVE_FIPS) || \
-      (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
-     !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)
-    const byte key[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-    const byte in[] = {
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-    const byte aad[] = {
-        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-        0xab, 0xad, 0xda, 0xd2
-    };
-    Aes aesEnc;
-    Aes aesDec;
-    byte iv[] = "1234567890abcdefghij";
-    byte out[sizeof(in)];
-    byte plain[sizeof(in)];
-    byte tag[AES_BLOCK_SIZE];
-
-    XMEMSET(&aesEnc, 0, sizeof(Aes));
-    XMEMSET(&aesDec, 0, sizeof(Aes));
-    XMEMSET(out, 0, sizeof(out));
-    XMEMSET(plain, 0, sizeof(plain));
-    XMEMSET(tag, 0, sizeof(tag));
-
-    /* Perform one-shot encryption using long IV */
-    ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmSetKey(&aesEnc, key, sizeof(key)), 0);
-    ExpectIntEQ(wc_AesGcmEncrypt(&aesEnc, out, in, sizeof(in), iv, sizeof(iv),
-        tag, sizeof(tag), aad, sizeof(aad)), 0);
-
-    /* Perform streaming decryption using long IV */
-    ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesGcmInit(&aesDec, key, sizeof(key), iv, sizeof(iv)), 0);
-    ExpectIntEQ(wc_AesGcmDecryptUpdate(&aesDec, plain, out, sizeof(out), aad,
-        sizeof(aad)), 0);
-    ExpectIntEQ(wc_AesGcmDecryptFinal(&aesDec, tag, sizeof(tag)), 0);
-    ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
-
-    /* Free resources */
-    wc_AesFree(&aesEnc);
-    wc_AesFree(&aesDec);
-#endif
-    return EXPECT_RESULT();
-
-} /* END wc_AesGcmMixedEncDecLongIV */
-
-/*
- * unit test for wc_GmacSetKey()
- */
-static int test_wc_GmacSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(HAVE_AESGCM)
-    Gmac gmac;
-    byte key16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#ifdef WOLFSSL_AES_192
-    byte key24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
-    };
-#endif
-#ifdef WOLFSSL_AES_256
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#endif
-    byte badKey16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66
-    };
-    byte badKey24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
-    };
-    byte badKey32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-
-    XMEMSET(&gmac, 0, sizeof(Gmac));
-
-    ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)), 0);
-#endif
-#ifdef WOLFSSL_AES_192
-    ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0);
-#endif
-#ifdef WOLFSSL_AES_256
-    ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0);
-#endif
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)),
-        BAD_FUNC_ARG);
-
-    wc_AesFree(&gmac.aes);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_GmacSetKey */
-
-/*
- * unit test for wc_GmacUpdate
- */
-static int test_wc_GmacUpdate(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(HAVE_AESGCM)
-    Gmac gmac;
-#ifdef WOLFSSL_AES_128
-    const byte key16[] = {
-        0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
-        0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
-    };
-#endif
-#ifdef WOLFSSL_AES_192
-    byte key24[] = {
-        0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52,
-        0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a,
-        0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0
-    };
-#endif
-#ifdef WOLFSSL_AES_256
-   byte key32[] = {
-        0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35,
-        0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00,
-        0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4,
-        0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23
-    };
-#endif
-#ifdef WOLFSSL_AES_128
-    const byte authIn[] = {
-        0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
-        0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
-    };
-#endif
-#ifdef WOLFSSL_AES_192
-    const byte authIn2[] = {
-       0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f,
-       0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1
-    };
-#endif
-    const byte authIn3[] = {
-        0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71,
-        0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36
-    };
-#ifdef WOLFSSL_AES_128
-    const byte tag1[] = { /* Known. */
-        0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
-        0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
-    };
-#endif
-#ifdef WOLFSSL_AES_192
-    const byte tag2[] = { /* Known */
-        0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf,
-        0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05
-    };
-#endif
-    const byte tag3[] = { /* Known */
-        0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22,
-        0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76
-    };
-#ifdef WOLFSSL_AES_128
-    const byte iv[] = {
-        0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
-        0xe2, 0x8c, 0x8f, 0x16
-    };
-#endif
-#ifdef WOLFSSL_AES_192
-    const byte iv2[] = {
-        0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66,
-        0x7e, 0x1a, 0x6f, 0xbc
-    };
-#endif
-    const byte iv3[] = {
-        0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93,
-        0xc3, 0xfb, 0x6c, 0x8a
-    };
-    byte tagOut[16];
-    byte tagOut2[24];
-    byte tagOut3[32];
-
-    /* Init stack variables. */
-    XMEMSET(&gmac, 0, sizeof(Gmac));
-    XMEMSET(tagOut, 0, sizeof(tagOut));
-    XMEMSET(tagOut2, 0, sizeof(tagOut2));
-    XMEMSET(tagOut3, 0, sizeof(tagOut3));
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)), 0);
-    ExpectIntEQ(wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn),
-        tagOut, sizeof(tag1)), 0);
-    ExpectIntEQ(XMEMCMP(tag1, tagOut, sizeof(tag1)), 0);
-    wc_AesFree(&gmac.aes);
-#endif
-
-#ifdef WOLFSSL_AES_192
-    ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac)));
-    ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0);
-    ExpectIntEQ(wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, sizeof(authIn2),
-        tagOut2, sizeof(tag2)), 0);
-    ExpectIntEQ(XMEMCMP(tagOut2, tag2, sizeof(tag2)), 0);
-    wc_AesFree(&gmac.aes);
-#endif
-
-#ifdef WOLFSSL_AES_256
-    ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac)));
-    ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0);
-    ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
-        tagOut3, sizeof(tag3)), 0);
-    ExpectIntEQ(XMEMCMP(tag3, tagOut3, sizeof(tag3)), 0);
-    wc_AesFree(&gmac.aes);
-#endif
-
-    /* Pass bad args. */
-    ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
-        tagOut3, sizeof(tag3)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
-        tagOut3, sizeof(tag3) - 5), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
-        tagOut3, sizeof(tag3) + 1),  BAD_FUNC_ARG);
-    wc_AesFree(&gmac.aes);
-
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_GmacUpdate */
-
-
-/*
- * testing wc_CamelliaSetKey
- */
-static int test_wc_CamelliaSetKey(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CAMELLIA
-    Camellia camellia;
-    /*128-bit key*/
-    static const byte key16[] = {
-        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
-    };
-    /* 192-bit key */
-    static const byte key24[] = {
-        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
-    };
-    /* 256-bit key */
-    static const byte key32[] = {
-        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
-    };
-    static const byte iv[] = {
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-    };
-
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv),
-        0);
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16),
-        NULL), 0);
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv),
-        0);
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
-        NULL), 0);
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), iv),
-        0);
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32),
-        NULL), 0);
-
-    /* Bad args. */
-    ExpectIntEQ(wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv),
-        BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_CammeliaSetKey */
-
-/*
- * Testing wc_CamelliaSetIV()
- */
-static int test_wc_CamelliaSetIV(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CAMELLIA
-    Camellia    camellia;
-    static const byte iv[] = {
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-    };
-
-    ExpectIntEQ(wc_CamelliaSetIV(&camellia, iv), 0);
-    ExpectIntEQ(wc_CamelliaSetIV(&camellia, NULL), 0);
-
-    /* Bad args. */
-    ExpectIntEQ(wc_CamelliaSetIV(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaSetIV(NULL, iv), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_CamelliaSetIV*/
-
-/*
- * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect
- */
-static int test_wc_CamelliaEncryptDecryptDirect(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CAMELLIA
-    Camellia camellia;
-    static const byte key24[] = {
-        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
-    };
-    static const byte iv[] = {
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-    };
-    static const byte plainT[] = {
-        0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
-        0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
-    };
-    byte    enc[sizeof(plainT)];
-    byte    dec[sizeof(enc)];
-
-    /* Init stack variables.*/
-    XMEMSET(enc, 0, 16);
-    XMEMSET(enc, 0, 16);
-
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv),
-        0);
-    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, plainT), 0);
-    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, enc), 0);
-    ExpectIntEQ(XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE), 0);
-
-    /* Pass bad args. */
-    ExpectIntEQ(wc_CamelliaEncryptDirect(NULL, enc, plainT), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, NULL, plainT),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_CamelliaDecryptDirect(NULL, dec, enc), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, NULL, enc), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, NULL), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test-wc_CamelliaEncryptDecryptDirect */
-
-/*
- * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt
- */
-static int test_wc_CamelliaCbcEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CAMELLIA
-    Camellia camellia;
-    static const byte key24[] = {
-        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
-    };
-    static const byte plainT[] = {
-        0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
-        0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
-    };
-    byte    enc[CAMELLIA_BLOCK_SIZE];
-    byte    dec[CAMELLIA_BLOCK_SIZE];
-
-    /* Init stack variables. */
-    XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
-    XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
-
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
-        NULL), 0);
-    ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, plainT,
-        CAMELLIA_BLOCK_SIZE), 0);
-
-    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
-        NULL), 0);
-    ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, enc, CAMELLIA_BLOCK_SIZE),
-        0);
-    ExpectIntEQ(XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, NULL, plainT,
-        CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, NULL,
-        CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, NULL, enc,
-        CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
-        CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_CamelliaCbcEncryptDecrypt */
-
-
-/*
- * Testing wc_Arc4SetKey()
- */
-static int test_wc_Arc4SetKey(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_RC4
-    Arc4 arc;
-    const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
-    int keyLen = 8;
-
-    ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, (word32)keyLen), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_Arc4SetKey(NULL, (byte*)key, (word32)keyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Arc4SetKey(&arc, NULL      , (word32)keyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, 0     ), BAD_FUNC_ARG);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Arc4SetKey */
-
-/*
- * Testing wc_Arc4Process for ENC/DEC.
- */
-static int test_wc_Arc4Process(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_RC4
-    Arc4 enc;
-    Arc4 dec;
-    const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
-    int keyLen = 8;
-    const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
-    byte cipher[8];
-    byte plain[8];
-
-    /* Init stack variables */
-    XMEMSET(&enc, 0, sizeof(Arc4));
-    XMEMSET(&dec, 0, sizeof(Arc4));
-    XMEMSET(cipher, 0, sizeof(cipher));
-    XMEMSET(plain, 0, sizeof(plain));
-
-    /* Use for async. */
-    ExpectIntEQ(wc_Arc4Init(&enc, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_Arc4Init(&dec, NULL, INVALID_DEVID), 0);
-
-    ExpectIntEQ(wc_Arc4SetKey(&enc, (byte*)key, (word32)keyLen), 0);
-    ExpectIntEQ(wc_Arc4SetKey(&dec, (byte*)key, (word32)keyLen), 0);
-
-    ExpectIntEQ(wc_Arc4Process(&enc, cipher, (byte*)input, (word32)keyLen), 0);
-    ExpectIntEQ(wc_Arc4Process(&dec, plain, cipher, (word32)keyLen), 0);
-    ExpectIntEQ(XMEMCMP(plain, input, keyLen), 0);
-
-    /* Bad args. */
-    ExpectIntEQ(wc_Arc4Process(NULL, plain, cipher, (word32)keyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Arc4Process(&dec, NULL, cipher, (word32)keyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Arc4Process(&dec, plain, NULL, (word32)keyLen), BAD_FUNC_ARG);
-
-    wc_Arc4Free(&enc);
-    wc_Arc4Free(&dec);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_Arc4Process */
-
-
-/*
- * Testing wc_Init RsaKey()
- */
-static int test_wc_InitRsaKey(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_RSA
-    RsaKey key;
-
-    XMEMSET(&key, 0, sizeof(RsaKey));
-
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_InitRsaKey */
-
-
-/*
- * Testing wc_RsaPrivateKeyDecode()
- */
-static int test_wc_RsaPrivateKeyDecode(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
-        || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
-    RsaKey key;
-    byte*  tmp = NULL;
-    word32 idx = 0;
-    int    bytes = 0;
-
-    XMEMSET(&key, 0, sizeof(RsaKey));
-
-    ExpectNotNull(tmp = (byte*)XMALLOC(FOURK_BUF, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER));
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    if (tmp != NULL) {
-    #ifdef USE_CERT_BUFFERS_1024
-        XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
-        bytes = sizeof_client_key_der_1024;
-    #else
-        XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
-        bytes = sizeof_client_key_der_2048;
-    #endif /* Use cert buffers. */
-    }
-
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes),
-        BAD_FUNC_ARG);
-
-    XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_RsaPrivateKeyDecode */
-
-/*
- * Testing wc_RsaPublicKeyDecode()
- */
-static int test_wc_RsaPublicKeyDecode(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
-        || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
-    RsaKey keyPub;
-    byte*  tmp = NULL;
-    word32 idx = 0;
-    int    bytes = 0;
-    word32 keySz = 0;
-    word32 tstKeySz = 0;
-#if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM)
-    XFILE f = XBADFILE;
-    const char* rsaPssPubKey = "./certs/rsapss/ca-rsapss-key.der";
-    const char* rsaPssPubKeyNoParams = "./certs/rsapss/ca-3072-rsapss-key.der";
-    byte buf[4096];
-#endif
-
-    XMEMSET(&keyPub, 0, sizeof(RsaKey));
-
-    ExpectNotNull(tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER));
-    ExpectIntEQ(wc_InitRsaKey(&keyPub, HEAP_HINT), 0);
-    if (tmp != NULL) {
-    #ifdef USE_CERT_BUFFERS_1024
-        XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
-        bytes = sizeof_client_keypub_der_1024;
-        keySz = 1024;
-    #else
-        XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
-        bytes = sizeof_client_keypub_der_2048;
-        keySz = 2048;
-    #endif
-    }
-
-    ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes),
-        BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRsaKey(&keyPub), 0);
-
-    /* Test for getting modulus key size */
-    idx = 0;
-    ExpectIntEQ(wc_RsaPublicKeyDecode_ex(tmp, &idx, (word32)bytes, NULL,
-        &tstKeySz, NULL, NULL), 0);
-    ExpectIntEQ(tstKeySz, keySz/8);
-
-#if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM)
-    ExpectTrue((f = XFOPEN(rsaPssPubKey, "rb")) != XBADFILE);
-    ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
-    if (f != XBADFILE) {
-        XFCLOSE(f);
-        f = XBADFILE;
-    }
-    idx = 0;
-    ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, (word32)bytes, NULL, NULL, NULL,
-        NULL), 0);
-    ExpectTrue((f = XFOPEN(rsaPssPubKeyNoParams, "rb")) != XBADFILE);
-    ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
-    if (f != XBADFILE)
-        XFCLOSE(f);
-    idx = 0;
-    ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, (word32)bytes, NULL, NULL, NULL,
-        NULL), 0);
-#endif
-
-    XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_RsaPublicKeyDecode */
-
-/*
- * Testing wc_RsaPublicKeyDecodeRaw()
- */
-static int test_wc_RsaPublicKeyDecodeRaw(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA)
-    RsaKey     key;
-    const byte n = 0x23;
-    const byte e = 0x03;
-    int        nSz = sizeof(n);
-    int        eSz = sizeof(e);
-
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key),
-       BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key),
-       BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL),
-       BAD_FUNC_ARG);
-
-
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_RsaPublicKeyDecodeRaw */
-
-
-/*
- * Testing wc_RsaPrivateKeyDecodeRaw()
- */
-static int test_wc_RsaPrivateKeyDecodeRaw(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) \
-    && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    RsaKey key;
-    const byte n = 33;
-    const byte e = 3;
-    const byte d = 7;
-    const byte u = 2;
-    const byte p = 3;
-    const byte q = 11;
-    const byte dp = 1;
-    const byte dq = 7;
-
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
-                &p, sizeof(p), &q, sizeof(q), NULL, 0,
-                NULL, 0, &key), 0);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
-                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                NULL, 0, &key), 0);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
-                &p, sizeof(p), &q, sizeof(q), NULL, 0,
-                &dq, sizeof(dq), &key), 0);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
-                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(NULL, sizeof(n),
-                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
-                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, 0,
-                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
-                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                NULL, sizeof(e), &d, sizeof(d), &u, sizeof(u),
-                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, 0, &d, sizeof(d), &u, sizeof(u),
-                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), NULL, sizeof(d), &u, sizeof(u),
-                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), &d, 0, &u, sizeof(u),
-                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
-                NULL, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
-                &p, 0, &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
-                &p, sizeof(p), NULL, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
-                &p, sizeof(p), &q, 0, &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), &d, sizeof(d), &u, 0,
-                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), &d, sizeof(d), NULL, sizeof(u),
-                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
-                &e, sizeof(e), &d, sizeof(d), &u, 0,
-                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
-                &dq, sizeof(dq), &key), BAD_FUNC_ARG);
-#endif
-
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-#endif
-    return EXPECT_RESULT();
-} /* END  test_wc_RsaPrivateKeyDecodeRaw */
-
-
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
-    /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
-     * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
-     * trying until it gets a probable prime. */
-    #ifdef HAVE_FIPS
-        static int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng)
-        {
-            int ret;
-
-            for (;;) {
-                ret = wc_MakeRsaKey(key, size, e, rng);
-                if (ret != PRIME_GEN_E) break;
-                fprintf(stderr, "MakeRsaKey couldn't find prime; "
-                                "trying again.\n");
-            }
-
-            return ret;
-        }
-        #define MAKE_RSA_KEY(a, b, c, d) MakeRsaKeyRetry(a, b, c, d)
-    #else
-        #define MAKE_RSA_KEY(a, b, c, d) wc_MakeRsaKey(a, b, c, d)
-    #endif
-#endif
-
-
-/*
- * Testing wc_MakeRsaKey()
- */
-static int test_wc_MakeRsaKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
-
-    RsaKey genKey;
-    WC_RNG rng;
-#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
-    int bits = 1024;
-#else
-    int bits = 2048;
-#endif
-
-    XMEMSET(&genKey, 0, sizeof(RsaKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRsaKey(&genKey, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
-    DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL),
-        BAD_FUNC_ARG);
-    /* e < 3 */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng), BAD_FUNC_ARG);
-    /* e & 1 == 0 */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_MakeRsaKey */
-
-/*
- * Test the bounds checking on the cipher text versus the key modulus.
- * 1. Make a new RSA key.
- * 2. Set c to 1.
- * 3. Decrypt c into k. (error)
- * 4. Copy the key modulus to c and sub 1 from the copy.
- * 5. Decrypt c into k. (error)
- * Valid bounds test cases are covered by all the other RSA tests.
- */
-static int test_RsaDecryptBoundsCheck(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WC_RSA_NO_PADDING) && \
-    (defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \
-    defined(WOLFSSL_PUBLIC_MP) && !defined(NO_RSA_BOUNDS_CHECK)
-    WC_RNG rng;
-    RsaKey key;
-    byte flatC[256];
-    word32 flatCSz;
-    byte out[256];
-    word32 outSz = sizeof(out);
-
-    XMEMSET(&key, 0, sizeof(RsaKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    if (EXPECT_SUCCESS()) {
-        const byte* derKey;
-        word32 derKeySz;
-        word32 idx = 0;
-
-        #ifdef USE_CERT_BUFFERS_1024
-            derKey = server_key_der_1024;
-            derKeySz = (word32)sizeof_server_key_der_1024;
-            flatCSz = 128;
-        #else
-            derKey = server_key_der_2048;
-            derKeySz = (word32)sizeof_server_key_der_2048;
-            flatCSz = 256;
-        #endif
-
-        ExpectIntEQ(wc_RsaPrivateKeyDecode(derKey, &idx, &key, derKeySz), 0);
-    }
-
-    if (EXPECT_SUCCESS()) {
-        XMEMSET(flatC, 0, flatCSz);
-        flatC[flatCSz-1] = 1;
-
-        ExpectIntEQ(wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
-            RSA_PRIVATE_DECRYPT, &rng), RSA_OUT_OF_RANGE_E);
-        if (EXPECT_SUCCESS()) {
-            mp_int c;
-            ExpectIntEQ(mp_init_copy(&c, &key.n), 0);
-            ExpectIntEQ(mp_sub_d(&c, 1, &c), 0);
-            ExpectIntEQ(mp_to_unsigned_bin(&c, flatC), 0);
-            ExpectIntEQ(wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
-                RSA_PRIVATE_DECRYPT, NULL), RSA_OUT_OF_RANGE_E);
-            mp_clear(&c);
-        }
-    }
-
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_RsaDecryptBoundsCheck */
-
 /*
  * Testing wc_SetKeyUsage()
  */
@@ -20409,238 +14941,16 @@ static int test_wc_SetKeyUsage(void)
     ExpectIntEQ(wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign"), 0);
 
     /* Test bad args. */
-    ExpectIntEQ(wc_SetKeyUsage(NULL, "decipherOnly"), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_SetKeyUsage(&myCert, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_SetKeyUsage(&myCert, ""), KEYUSAGE_E);
-    ExpectIntEQ(wc_SetKeyUsage(&myCert, ","), KEYUSAGE_E);
+    ExpectIntEQ(wc_SetKeyUsage(NULL, "decipherOnly"), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_SetKeyUsage(&myCert, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_SetKeyUsage(&myCert, ""), WC_NO_ERR_TRACE(KEYUSAGE_E));
+    ExpectIntEQ(wc_SetKeyUsage(&myCert, ","), WC_NO_ERR_TRACE(KEYUSAGE_E));
     ExpectIntEQ(wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign"),
-        KEYUSAGE_E);
+        WC_NO_ERR_TRACE(KEYUSAGE_E));
 #endif
     return EXPECT_RESULT();
 } /* END  test_wc_SetKeyUsage */
 
-/*
- * Testing wc_CheckProbablePrime()
- */
-static int test_wc_CheckProbablePrime(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
- !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
-#define CHECK_PROBABLE_PRIME_KEY_BITS 2048
-    RsaKey key;
-    WC_RNG rng;
-    byte   e[3];
-    word32 eSz = (word32)sizeof(e);
-    byte   n[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
-    word32 nSz = (word32)sizeof(n);
-    byte   d[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
-    word32 dSz = (word32)sizeof(d);
-    byte   p[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
-    word32 pSz = (word32)sizeof(p);
-    byte   q[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
-    word32 qSz = (word32)sizeof(q);
-    int    nlen = CHECK_PROBABLE_PRIME_KEY_BITS;
-    int*   isPrime;
-    int    test[5];
-    isPrime = test;
-
-    XMEMSET(&key, 0, sizeof(RsaKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
-    ExpectIntEQ(wc_MakeRsaKey(&key, CHECK_PROBABLE_PRIME_KEY_BITS,
-        WC_RSA_EXPONENT, &rng), 0);
-    PRIVATE_KEY_UNLOCK();
-    ExpectIntEQ(wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q,
-        &qSz), 0);
-    PRIVATE_KEY_LOCK();
-
-    /* Bad cases */
-    ExpectIntEQ(wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CheckProbablePrime(p, 0, q, qSz, e, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, 0, e, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz, nlen, isPrime),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, e, 0, nlen, isPrime),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0, nlen, isPrime),
-        BAD_FUNC_ARG);
-
-    /* Good case */
-    ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz, nlen, isPrime),
-        0);
-
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-    wc_FreeRng(&rng);
-#undef CHECK_PROBABLE_PRIME_KEY_BITS
-#endif
-    return EXPECT_RESULT();
-} /* END  test_wc_CheckProbablePrime */
-/*
- * Testing wc_RsaPSS_Verify()
- */
-static int test_wc_RsaPSS_Verify(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
- !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
-    RsaKey        key;
-    WC_RNG        rng;
-    int           sz = 256;
-    const char*   szMessage = "This is the string to be signed";
-    unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
-    unsigned char pDecrypted[2048/8];
-    byte*         pt = pDecrypted;
-    word32        outLen = sizeof(pDecrypted);
-
-    XMEMSET(&key, 0, sizeof(RsaKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
-    ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
-
-    ExpectIntGT(sz = wc_RsaPSS_Sign((byte*)szMessage,
-        (word32)XSTRLEN(szMessage)+1, pSignature, sizeof(pSignature),
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
-
-    /* Bad cases */
-    ExpectIntEQ(wc_RsaPSS_Verify(NULL, (word32)sz, pt, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPSS_Verify(pSignature, 0, pt, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPSS_Verify(pSignature, (word32)sz, NULL, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPSS_Verify(NULL, 0, NULL, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-
-    /* Good case */
-    ExpectIntGT(wc_RsaPSS_Verify(pSignature, (word32)sz, pt, outLen,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0);
-
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-    wc_FreeRng(&rng);
-#endif
-    return EXPECT_RESULT();
-} /* END  test_wc_RsaPSS_Verify */
-/*
- * Testing wc_RsaPSS_VerifyCheck()
- */
-static int test_wc_RsaPSS_VerifyCheck(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
- !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
-    RsaKey        key;
-    WC_RNG        rng;
-    int           sz = 256; /* 2048/8 */
-    byte          digest[32];
-    word32        digestSz = sizeof(digest);
-    unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
-    word32        pSignatureSz = sizeof(pSignature);
-    unsigned char pDecrypted[2048/8];
-    byte*         pt = pDecrypted;
-    word32        outLen = sizeof(pDecrypted);
-
-    XMEMSET(&key, 0, sizeof(RsaKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    XMEMSET(digest, 0, sizeof(digest));
-    XMEMSET(pSignature, 0, sizeof(pSignature));
-
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
-    ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
-    ExpectTrue((digestSz = (word32)wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > 0);
-    ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, (word32)sz, digest, digestSz),
-        0);
-
-    ExpectIntGT(sz = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
-        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
-
-    /* Bad cases */
-    ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, (word32)sz, pt, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, (word32)sz, NULL, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-
-    /* Good case */
-    ExpectIntGT(wc_RsaPSS_VerifyCheck(pSignature, (word32)sz, pt, outLen, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0);
-
-    ExpectIntEQ(wc_FreeRsaKey(&key), 0);
-    wc_FreeRng(&rng);
-#endif
-    return EXPECT_RESULT();
-} /* END  test_wc_RsaPSS_VerifyCheck */
-/*
- * Testing wc_RsaPSS_VerifyCheckInline()
- */
-static int test_wc_RsaPSS_VerifyCheckInline(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
- !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
-    RsaKey        key;
-    WC_RNG        rng;
-    int           sz = 256;
-    byte          digest[32];
-    word32        digestSz = sizeof(digest);
-    unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
-    unsigned char pDecrypted[2048/8];
-    byte*         pt = pDecrypted;
-
-    XMEMSET(&key, 0, sizeof(RsaKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    XMEMSET(digest, 0, sizeof(digest));
-    XMEMSET(pSignature, 0, sizeof(pSignature));
-
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
-    ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
-    ExpectTrue((digestSz = (word32)wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > 0);
-    ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, (word32)sz, digest, digestSz),
-        0);
-
-    ExpectIntGT(sz = wc_RsaPSS_Sign(digest, digestSz, pSignature,
-        sizeof(pSignature), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
-
-    /* Bad Cases */
-    ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, (word32)sz, &pt, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, (word32)sz, &pt, digest,
-        digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
-
-    /* Good case */
-    ExpectIntGT(wc_RsaPSS_VerifyCheckInline(pSignature, (word32)sz, &pt, digest,
-        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0);
-
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-    wc_FreeRng(&rng);
-#endif
-    return EXPECT_RESULT();
-} /* END  test_wc_RsaPSS_VerifyCheckInline */
-
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
 static void sample_mutex_cb (int flag, int type, const char* file, int line)
 {
@@ -20663,7 +14973,7 @@ static int test_wc_LockMutex_ex(void)
     int line = 0;
 
     /* without SetMutexCb */
-    ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), BAD_STATE_E);
+    ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), WC_NO_ERR_TRACE(BAD_STATE_E));
     /* with SetMutexCb */
     ExpectIntEQ(wc_SetMutexCb(sample_mutex_cb), 0);
     ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), 0);
@@ -20684,6414 +14994,6 @@ static int test_wc_SetMutexCb(void)
     return EXPECT_RESULT();
 } /* End test_wc_SetMutexCb*/
 
-/*
- * Testing wc_RsaKeyToDer()
- */
-static int test_wc_RsaKeyToDer(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
-    RsaKey genKey;
-    WC_RNG rng;
-    byte*  der = NULL;
-#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
-    int     bits = 1024;
-    word32  derSz = 611;
-    /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
-       + 3 (e) + 8 (ASN tag) + 10 (ASN length) + 4 seqSz + 3 version */
-#else
-    int     bits = 2048;
-    word32  derSz = 1196;
-    /* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00)
-       + 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */
-#endif
-
-    XMEMSET(&rng, 0, sizeof(rng));
-    XMEMSET(&genKey, 0, sizeof(genKey));
-
-    ExpectNotNull(der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
-    /* Init structures. */
-    ExpectIntEQ(wc_InitRsaKey(&genKey, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    /* Make key. */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
-
-    ExpectIntGT(wc_RsaKeyToDer(&genKey, der, derSz), 0);
-
-    /* Pass good/bad args. */
-    ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
-    /* Get just the output length */
-    ExpectIntGT(wc_RsaKeyToDer(&genKey, NULL, 0), 0);
-    /* Try Public Key. */
-    genKey.type = 0;
-    ExpectIntEQ(wc_RsaKeyToDer(&genKey, der, FOURK_BUF), BAD_FUNC_ARG);
-    #ifdef WOLFSSL_CHECK_MEM_ZERO
-        /* Put back to Private Key */
-        genKey.type = 1;
-    #endif
-
-    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_RsaKeyToDer */
-
-/*
- *  Testing wc_RsaKeyToPublicDer()
- */
-static int test_wc_RsaKeyToPublicDer(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
-    RsaKey key;
-    WC_RNG rng;
-    byte*  der = NULL;
-#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
-    int    bits = 1024;
-    word32 derLen = 162;
-#else
-    int    bits = 2048;
-    word32 derLen = 294;
-#endif
-    int    ret;
-
-    XMEMSET(&rng, 0, sizeof(rng));
-    XMEMSET(&key, 0, sizeof(key));
-
-    ExpectNotNull(der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER));
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
-
-    /* test getting size only */
-    ExpectIntGT(wc_RsaKeyToPublicDer(&key, NULL, derLen), 0);
-    ExpectIntGT(wc_RsaKeyToPublicDer(&key, der, derLen), 0);
-
-    /* test getting size only */
-    ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0), 0);
-    ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen), BAD_FUNC_ARG);
-    ExpectIntLT(ret = wc_RsaKeyToPublicDer(&key, der, -1), 0);
-    ExpectTrue((ret == BUFFER_E) || (ret == BAD_FUNC_ARG));
-
-    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_RsaKeyToPublicDer */
-
-/*
- *  Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt()
- */
-static int test_wc_RsaPublicEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
-    RsaKey key;
-    WC_RNG rng;
-    const char inStr[] = TEST_STRING;
-    const word32 plainLen = (word32)TEST_STRING_SZ;
-    const word32 inLen = (word32)TEST_STRING_SZ;
-    int          bits = TEST_RSA_BITS;
-    const word32 cipherLen = TEST_RSA_BYTES;
-    word32 cipherLenResult = cipherLen;
-    WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
-    WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
-    WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
-
-    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
-    WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
-    WC_ALLOC_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
-
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    ExpectNotNull(in);
-    ExpectNotNull(plain);
-    ExpectNotNull(cipher);
-#endif
-    ExpectNotNull(XMEMCPY(in, inStr, inLen));
-
-    /* Initialize stack structures. */
-    XMEMSET(&key, 0, sizeof(RsaKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
-
-    /* Encrypt. */
-    ExpectIntGT(cipherLenResult = (word32)wc_RsaPublicEncrypt(in, inLen, cipher,
-        cipherLen, &key, &rng), 0);
-    /* Pass bad args - tested in another testing function.*/
-
-    /* Decrypt */
-#if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
-    /* Bind rng */
-    ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
-#endif
-    ExpectIntGE(wc_RsaPrivateDecrypt(cipher, cipherLenResult, plain, plainLen,
-        &key), 0);
-    ExpectIntEQ(XMEMCMP(plain, inStr, plainLen), 0);
-    /* Pass bad args - tested in another testing function.*/
-
-    WC_FREE_VAR(in, NULL);
-    WC_FREE_VAR(plain, NULL);
-    WC_FREE_VAR(cipher, NULL);
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_RsaPublicEncryptDecrypt */
-
-/*
- * Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex()
- */
-static int test_wc_RsaPublicEncryptDecrypt_ex(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
-        && !defined(WC_NO_RSA_OAEP) && !defined(NO_SHA256)
-    RsaKey  key;
-    WC_RNG  rng;
-    const char inStr[] = TEST_STRING;
-    const word32 inLen = (word32)TEST_STRING_SZ;
-    const word32 plainSz = (word32)TEST_STRING_SZ;
-    byte*   res = NULL;
-    int     idx = 0;
-    int          bits = TEST_RSA_BITS;
-    const word32 cipherSz = TEST_RSA_BYTES;
-
-    WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
-    WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
-    WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
-
-    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
-    WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
-    WC_ALLOC_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
-
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    ExpectNotNull(in);
-    ExpectNotNull(plain);
-    ExpectNotNull(cipher);
-#endif
-    ExpectNotNull(XMEMCPY(in, inStr, inLen));
-
-    /* Initialize stack structures. */
-    XMEMSET(&key, 0, sizeof(RsaKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
-
-    /* Encrypt */
-    ExpectIntGE(idx = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key,
-        &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0), 0);
-    /* Pass bad args - tested in another testing function.*/
-
-#ifndef WOLFSSL_RSA_PUBLIC_ONLY
-    /* Decrypt */
-    #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
-        ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
-    #endif
-    ExpectIntGE(wc_RsaPrivateDecrypt_ex(cipher, (word32)idx, plain, plainSz,
-        &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0), 0);
-    ExpectIntEQ(XMEMCMP(plain, inStr, plainSz), 0);
-    /* Pass bad args - tested in another testing function.*/
-
-    ExpectIntGE(wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx, &res, &key,
-        WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0), 0);
-    ExpectIntEQ(XMEMCMP(inStr, res, plainSz), 0);
-#endif
-
-    WC_FREE_VAR(in, NULL);
-    WC_FREE_VAR(plain, NULL);
-    WC_FREE_VAR(cipher, NULL);
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_RsaPublicEncryptDecrypt_ex */
-
-/*
- * Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify()
- */
-static int test_wc_RsaSSL_SignVerify(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
-    RsaKey key;
-    WC_RNG rng;
-    const char inStr[] = TEST_STRING;
-    const word32 plainSz = (word32)TEST_STRING_SZ;
-    const word32 inLen = (word32)TEST_STRING_SZ;
-    word32 idx = 0;
-    int    bits = TEST_RSA_BITS;
-    const word32 outSz = TEST_RSA_BYTES;
-
-    WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
-    WC_DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL);
-    WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
-
-    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
-    WC_ALLOC_VAR(out, byte, TEST_RSA_BYTES, NULL);
-    WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
-
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    ExpectNotNull(in);
-    ExpectNotNull(out);
-    ExpectNotNull(plain);
-#endif
-    ExpectNotNull(XMEMCPY(in, inStr, inLen));
-
-    XMEMSET(&key, 0, sizeof(RsaKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
-
-    /* Sign. */
-    ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng), (int)outSz);
-    idx = (int)outSz;
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng),
-        BAD_FUNC_ARG);
-
-    /* Verify. */
-    ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, &key), (int)inLen);
-
-    /* Pass bad args. */
-    ExpectIntEQ(wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaSSL_Verify(out, 0, plain, plainSz, &key),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL),
-        BAD_FUNC_ARG);
-
-    WC_FREE_VAR(in, NULL);
-    WC_FREE_VAR(out, NULL);
-    WC_FREE_VAR(plain, NULL);
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_RsaSSL_SignVerify */
-
-/*
- * Testing wc_RsaEncryptSize()
- */
-static int test_wc_RsaEncryptSize(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
-    RsaKey key;
-    WC_RNG rng;
-
-    XMEMSET(&key, 0, sizeof(RsaKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
-    ExpectIntEQ(MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng), 0);
-
-    ExpectIntEQ(wc_RsaEncryptSize(&key), 128);
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-#endif
-
-    ExpectIntEQ(MAKE_RSA_KEY(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
-    ExpectIntEQ(wc_RsaEncryptSize(&key), 256);
-
-    /* Pass in bad arg. */
-    ExpectIntEQ(wc_RsaEncryptSize(NULL), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_RsaEncryptSize*/
-
-/*
- * Testing wc_RsaFlattenPublicKey()
- */
-static int test_wc_RsaFlattenPublicKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
-    RsaKey key;
-    WC_RNG rng;
-    byte   e[256];
-    byte   n[256];
-    word32 eSz = sizeof(e);
-    word32 nSz = sizeof(n);
-    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
-    int    bits = 1024;
-    #else
-    int    bits = 2048;
-    #endif
-
-    XMEMSET(&key, 0, sizeof(RsaKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
-
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz), 0);
-
-    /* Pass bad args. */
-    ExpectIntEQ(wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL),
-        BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_RsaFlattenPublicKey */
-
-
-
-/*
- * unit test for wc_AesCcmSetKey
- */
-static int test_wc_AesCcmSetKey(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_AESCCM
-    Aes aes;
-    const byte key16[] = {
-        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
-        0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
-    };
-    const byte key24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
-    };
-    const byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-
-    XMEMSET(&aes, 0, sizeof(Aes));
-
-    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0);
-#endif
-#ifdef WOLFSSL_AES_192
-    ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24)), 0);
-#endif
-#ifdef WOLFSSL_AES_256
-    ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32)), 0);
-#endif
-
-    /* Test bad args. */
-   ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1), BAD_FUNC_ARG);
-   ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1), BAD_FUNC_ARG);
-   ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1), BAD_FUNC_ARG);
-
-    wc_AesFree(&aes);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_AesCcmSetKey */
-
-/*
- * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt
- */
-static int test_wc_AesCcmEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
-    Aes aes;
-    const byte key16[] = {
-        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
-        0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
-    };
-    /* plaintext */
-    const byte plainT[] = {
-        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
-    };
-    /* nonce */
-    const byte iv[] = {
-        0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
-        0xa1, 0xa2, 0xa3, 0xa4, 0xa5
-    };
-    const byte c[] = { /* cipher text. */
-        0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
-        0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
-        0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
-    };
-    const byte t[] = { /* Auth tag */
-        0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
-    };
-    const byte authIn[] = {
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
-    };
-    byte cipherOut[sizeof(plainT)];
-    byte authTag[sizeof(t)];
-#ifdef HAVE_AES_DECRYPT
-    byte plainOut[sizeof(cipherOut)];
-#endif
-
-    XMEMSET(&aes, 0, sizeof(Aes));
-
-    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0);
-
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), 0);
-    ExpectIntEQ(XMEMCMP(cipherOut, c, sizeof(c)), 0);
-    ExpectIntEQ(XMEMCMP(t, authTag, sizeof(t)), 0);
-#ifdef HAVE_AES_DECRYPT
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), 0);
-    ExpectIntEQ(XMEMCMP(plainOut, plainT, sizeof(plainT)), 0);
-#endif
-
-    /* Pass in bad args. Encrypt*/
-    ExpectIntEQ(wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
-        NULL, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
-        iv, sizeof(iv), NULL, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
-        iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
-        iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn , sizeof(authIn)),
-        BAD_FUNC_ARG);
-
-#ifdef HAVE_AES_DECRYPT
-    /* Pass in bad args. Decrypt*/
-    ExpectIntEQ(wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut),
-        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
-        NULL, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
-        iv, sizeof(iv), NULL, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
-        iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
-        iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn, sizeof(authIn)),
-        BAD_FUNC_ARG);
-    #endif
-
-    wc_AesFree(&aes);
-#endif  /* HAVE_AESCCM */
-    return EXPECT_RESULT();
-} /* END test_wc_AesCcmEncryptDecrypt */
-
-
-#if defined(WOLFSSL_AES_EAX) && \
-    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
-
-/*
- * Testing test_wc_AesEaxVectors()
- */
-static int test_wc_AesEaxVectors(void)
-{
-    EXPECT_DECLS;
-
-    typedef struct {
-        byte key[AES_256_KEY_SIZE];
-        int key_length;
-        byte iv[AES_BLOCK_SIZE];
-        int iv_length;
-        byte aad[AES_BLOCK_SIZE * 2];
-        int aad_length;
-        byte msg[AES_BLOCK_SIZE * 5];
-        int msg_length;
-        byte ct[AES_BLOCK_SIZE * 5];
-        int ct_length;
-        byte tag[AES_BLOCK_SIZE];
-        int tag_length;
-        int valid;
-    } AadVector;
-
-    /*  Test vectors obtained from Google wycheproof project
-     *  https://github.com/google/wycheproof
-     *  from testvectors/aes_eax_test.json
-     */
-    const AadVector vectors[] = {
-        {
-            /* key, key length  */
-            {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
-             0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16,
-            /* iv, iv length  */
-            {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
-             0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16,
-            /* aad, aad length  */
-            {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8,
-            /* msg, msg length  */
-            {0x00}, 0,
-            /* ct, ct length  */
-            {0x00}, 0,
-            /* tag, tag length  */
-            {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b,
-             0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b,
-             0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4}, 16,
-            /* iv, iv length  */
-            {0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84,
-             0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd}, 16,
-            /* aad, aad length  */
-            {0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa}, 8,
-            /* msg, msg length  */
-            {0xf7, 0xfb}, 2,
-            /* ct, ct length  */
-            {0x19, 0xdd}, 2,
-            /* tag, tag length  */
-            {0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda,
-             0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7,
-             0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23}, 16,
-            /* iv, iv length  */
-            {0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84,
-             0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e}, 16,
-            /* aad, aad length  */
-            {0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6}, 8,
-            /* msg, msg length  */
-            {0x1a, 0x47, 0xcb, 0x49, 0x33}, 5,
-            /* ct, ct length  */
-            {0xd8, 0x51, 0xd5, 0xba, 0xe0}, 5,
-            /* tag, tag length  */
-            {0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19,
-             0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0xd0, 0x7c, 0xf6, 0xcb, 0xb7, 0xf3, 0x13, 0xbd,
-             0xde, 0x66, 0xb7, 0x27, 0xaf, 0xd3, 0xc5, 0xe8}, 16,
-            /* iv, iv length  */
-            {0x84, 0x08, 0xdf, 0xff, 0x3c, 0x1a, 0x2b, 0x12,
-             0x92, 0xdc, 0x19, 0x9e, 0x46, 0xb7, 0xd6, 0x17}, 16,
-            /* aad, aad length  */
-            {0x33, 0xcc, 0xe2, 0xea, 0xbf, 0xf5, 0xa7, 0x9d}, 8,
-            /* msg, msg length  */
-            {0x48, 0x1c, 0x9e, 0x39, 0xb1}, 5,
-            /* ct, ct length  */
-            {0x63, 0x2a, 0x9d, 0x13, 0x1a}, 5,
-            /* tag, tag length  */
-            {0xd4, 0xc1, 0x68, 0xa4, 0x22, 0x5d, 0x8e, 0x1f,
-             0xf7, 0x55, 0x93, 0x99, 0x74, 0xa7, 0xbe, 0xde}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x35, 0xb6, 0xd0, 0x58, 0x00, 0x05, 0xbb, 0xc1,
-             0x2b, 0x05, 0x87, 0x12, 0x45, 0x57, 0xd2, 0xc2}, 16,
-            /* iv, iv length  */
-            {0xfd, 0xb6, 0xb0, 0x66, 0x76, 0xee, 0xdc, 0x5c,
-             0x61, 0xd7, 0x42, 0x76, 0xe1, 0xf8, 0xe8, 0x16}, 16,
-            /* aad, aad length  */
-            {0xae, 0xb9, 0x6e, 0xae, 0xbe, 0x29, 0x70, 0xe9}, 8,
-            /* msg, msg length  */
-            {0x40, 0xd0, 0xc0, 0x7d, 0xa5, 0xe4}, 6,
-            /* ct, ct length  */
-            {0x07, 0x1d, 0xfe, 0x16, 0xc6, 0x75}, 6,
-            /* tag, tag length  */
-            {0xcb, 0x06, 0x77, 0xe5, 0x36, 0xf7, 0x3a, 0xfe,
-             0x6a, 0x14, 0xb7, 0x4e, 0xe4, 0x98, 0x44, 0xdd}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0xbd, 0x8e, 0x6e, 0x11, 0x47, 0x5e, 0x60, 0xb2,
-             0x68, 0x78, 0x4c, 0x38, 0xc6, 0x2f, 0xeb, 0x22}, 16,
-            /* iv, iv length  */
-            {0x6e, 0xac, 0x5c, 0x93, 0x07, 0x2d, 0x8e, 0x85,
-             0x13, 0xf7, 0x50, 0x93, 0x5e, 0x46, 0xda, 0x1b}, 16,
-            /* aad, aad length  */
-            {0xd4, 0x48, 0x2d, 0x1c, 0xa7, 0x8d, 0xce, 0x0f}, 8,
-            /* msg, msg length  */
-            {0x4d, 0xe3, 0xb3, 0x5c, 0x3f, 0xc0, 0x39, 0x24,
-             0x5b, 0xd1, 0xfb, 0x7d}, 12,
-            /* ct, ct length  */
-            {0x83, 0x5b, 0xb4, 0xf1, 0x5d, 0x74, 0x3e, 0x35,
-             0x0e, 0x72, 0x84, 0x14}, 12,
-            /* tag, tag length  */
-            {0xab, 0xb8, 0x64, 0x4f, 0xd6, 0xcc, 0xb8, 0x69,
-             0x47, 0xc5, 0xe1, 0x05, 0x90, 0x21, 0x0a, 0x4f}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x7c, 0x77, 0xd6, 0xe8, 0x13, 0xbe, 0xd5, 0xac,
-             0x98, 0xba, 0xa4, 0x17, 0x47, 0x7a, 0x2e, 0x7d}, 16,
-            /* iv, iv length  */
-            {0x1a, 0x8c, 0x98, 0xdc, 0xd7, 0x3d, 0x38, 0x39,
-             0x3b, 0x2b, 0xf1, 0x56, 0x9d, 0xee, 0xfc, 0x19}, 16,
-            /* aad, aad length  */
-            {0x65, 0xd2, 0x01, 0x79, 0x90, 0xd6, 0x25, 0x28}, 8,
-            /* msg, msg length  */
-            {0x8b, 0x0a, 0x79, 0x30, 0x6c, 0x9c, 0xe7, 0xed,
-             0x99, 0xda, 0xe4, 0xf8, 0x7f, 0x8d, 0xd6, 0x16,
-             0x36}, 17,
-            /* ct, ct length  */
-            {0x02, 0x08, 0x3e, 0x39, 0x79, 0xda, 0x01, 0x48,
-             0x12, 0xf5, 0x9f, 0x11, 0xd5, 0x26, 0x30, 0xda,
-             0x30}, 17,
-            /* tag, tag length  */
-            {0x13, 0x73, 0x27, 0xd1, 0x06, 0x49, 0xb0, 0xaa,
-             0x6e, 0x1c, 0x18, 0x1d, 0xb6, 0x17, 0xd7, 0xf2}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x5f, 0xff, 0x20, 0xca, 0xfa, 0xb1, 0x19, 0xca,
-             0x2f, 0xc7, 0x35, 0x49, 0xe2, 0x0f, 0x5b, 0x0d}, 16,
-            /* iv, iv length  */
-            {0xdd, 0xe5, 0x9b, 0x97, 0xd7, 0x22, 0x15, 0x6d,
-             0x4d, 0x9a, 0xff, 0x2b, 0xc7, 0x55, 0x98, 0x26}, 16,
-            /* aad, aad length  */
-            {0x54, 0xb9, 0xf0, 0x4e, 0x6a, 0x09, 0x18, 0x9a}, 8,
-            /* msg, msg length  */
-            {0x1b, 0xda, 0x12, 0x2b, 0xce, 0x8a, 0x8d, 0xba,
-             0xf1, 0x87, 0x7d, 0x96, 0x2b, 0x85, 0x92, 0xdd,
-             0x2d, 0x56}, 18,
-            /* ct, ct length  */
-            {0x2e, 0xc4, 0x7b, 0x2c, 0x49, 0x54, 0xa4, 0x89,
-             0xaf, 0xc7, 0xba, 0x48, 0x97, 0xed, 0xcd, 0xae,
-             0x8c, 0xc3}, 18,
-            /* tag, tag length  */
-            {0x3b, 0x60, 0x45, 0x05, 0x99, 0xbd, 0x02, 0xc9,
-             0x63, 0x82, 0x90, 0x2a, 0xef, 0x7f, 0x83, 0x2a}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0xa4, 0xa4, 0x78, 0x2b, 0xcf, 0xfd, 0x3e, 0xc5,
-             0xe7, 0xef, 0x6d, 0x8c, 0x34, 0xa5, 0x61, 0x23}, 16,
-            /* iv, iv length  */
-            {0xb7, 0x81, 0xfc, 0xf2, 0xf7, 0x5f, 0xa5, 0xa8,
-             0xde, 0x97, 0xa9, 0xca, 0x48, 0xe5, 0x22, 0xec}, 16,
-            /* aad, aad length  */
-            {0x89, 0x9a, 0x17, 0x58, 0x97, 0x56, 0x1d, 0x7e}, 8,
-            /* msg, msg length  */
-            {0x6c, 0xf3, 0x67, 0x20, 0x87, 0x2b, 0x85, 0x13,
-             0xf6, 0xea, 0xb1, 0xa8, 0xa4, 0x44, 0x38, 0xd5,
-             0xef, 0x11}, 18,
-            /* ct, ct length  */
-            {0x0d, 0xe1, 0x8f, 0xd0, 0xfd, 0xd9, 0x1e, 0x7a,
-             0xf1, 0x9f, 0x1d, 0x8e, 0xe8, 0x73, 0x39, 0x38,
-             0xb1, 0xe8}, 18,
-            /* tag, tag length  */
-            {0xe7, 0xf6, 0xd2, 0x23, 0x16, 0x18, 0x10, 0x2f,
-             0xdb, 0x7f, 0xe5, 0x5f, 0xf1, 0x99, 0x17, 0x00}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x83, 0x95, 0xfc, 0xf1, 0xe9, 0x5b, 0xeb, 0xd6,
-             0x97, 0xbd, 0x01, 0x0b, 0xc7, 0x66, 0xaa, 0xc3}, 16,
-            /* iv, iv length  */
-            {0x22, 0xe7, 0xad, 0xd9, 0x3c, 0xfc, 0x63, 0x93,
-             0xc5, 0x7e, 0xc0, 0xb3, 0xc1, 0x7d, 0x6b, 0x44}, 16,
-            /* aad, aad length  */
-            {0x12, 0x67, 0x35, 0xfc, 0xc3, 0x20, 0xd2, 0x5a}, 8,
-            /* msg, msg length  */
-            {0xca, 0x40, 0xd7, 0x44, 0x6e, 0x54, 0x5f, 0xfa,
-             0xed, 0x3b, 0xd1, 0x2a, 0x74, 0x0a, 0x65, 0x9f,
-             0xfb, 0xbb, 0x3c, 0xea, 0xb7}, 21,
-            /* ct, ct length  */
-            {0xcb, 0x89, 0x20, 0xf8, 0x7a, 0x6c, 0x75, 0xcf,
-             0xf3, 0x96, 0x27, 0xb5, 0x6e, 0x3e, 0xd1, 0x97,
-             0xc5, 0x52, 0xd2, 0x95, 0xa7}, 21,
-            /* tag, tag length  */
-            {0xcf, 0xc4, 0x6a, 0xfc, 0x25, 0x3b, 0x46, 0x52,
-             0xb1, 0xaf, 0x37, 0x95, 0xb1, 0x24, 0xab, 0x6e}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
-             0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
-            /* ct, ct length  */
-            {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
-             0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
-             0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
-             0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32,
-            /* tag, tag length  */
-            {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
-             0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0xae, 0xf0, 0x3d, 0x00, 0x59, 0x84, 0x94, 0xe9,
-             0xfb, 0x03, 0xcd, 0x7d, 0x8b, 0x59, 0x08, 0x66}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
-            /* ct, ct length  */
-            {0xd1, 0x9a, 0xc5, 0x98, 0x49, 0x02, 0x6a, 0x91,
-             0xaa, 0x1b, 0x9a, 0xec, 0x29, 0xb1, 0x1a, 0x20,
-             0x2a, 0x4d, 0x73, 0x9f, 0xd8, 0x6c, 0x28, 0xe3,
-             0xae, 0x3d, 0x58, 0x8e, 0xa2, 0x1d, 0x70, 0xc6}, 32,
-            /* tag, tag length  */
-            {0xc3, 0x0f, 0x6c, 0xd9, 0x20, 0x20, 0x74, 0xed,
-             0x6e, 0x2a, 0x2a, 0x36, 0x0e, 0xac, 0x8c, 0x47}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x55, 0xd1, 0x25, 0x11, 0xc6, 0x96, 0xa8, 0x0d,
-             0x05, 0x14, 0xd1, 0xff, 0xba, 0x49, 0xca, 0xda}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
-            /* ct, ct length  */
-            {0x21, 0x08, 0x55, 0x8a, 0xc4, 0xb2, 0xc2, 0xd5,
-             0xcc, 0x66, 0xce, 0xa5, 0x1d, 0x62, 0x10, 0xe0,
-             0x46, 0x17, 0x7a, 0x67, 0x63, 0x1c, 0xd2, 0xdd,
-             0x8f, 0x09, 0x46, 0x97, 0x33, 0xac, 0xb5, 0x17}, 32,
-            /* tag, tag length  */
-            {0xfc, 0x35, 0x5e, 0x87, 0xa2, 0x67, 0xbe, 0x3a,
-             0xe3, 0xe4, 0x4c, 0x0b, 0xf3, 0xf9, 0x9b, 0x2b}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x79, 0x42, 0x2d, 0xdd, 0x91, 0xc4, 0xee, 0xe2,
-             0xde, 0xae, 0xf1, 0xf9, 0x68, 0x30, 0x53, 0x04}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
-            /* ct, ct length  */
-            {0x4d, 0x2c, 0x15, 0x24, 0xca, 0x4b, 0xaa, 0x4e,
-             0xef, 0xcc, 0xe6, 0xb9, 0x1b, 0x22, 0x7e, 0xe8,
-             0x3a, 0xba, 0xff, 0x81, 0x05, 0xdc, 0xaf, 0xa2,
-             0xab, 0x19, 0x1f, 0x5d, 0xf2, 0x57, 0x50, 0x35}, 32,
-            /* tag, tag length  */
-            {0xe2, 0xc8, 0x65, 0xce, 0x2d, 0x7a, 0xbd, 0xac,
-             0x02, 0x4c, 0x6f, 0x99, 0x1a, 0x84, 0x83, 0x90}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x0a, 0xf5, 0xaa, 0x7a, 0x76, 0x76, 0xe2, 0x83,
-             0x06, 0x30, 0x6b, 0xcd, 0x9b, 0xf2, 0x00, 0x3a}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
-            /* ct, ct length  */
-            {0x8e, 0xb0, 0x1e, 0x62, 0x18, 0x5d, 0x78, 0x2e,
-             0xb9, 0x28, 0x7a, 0x34, 0x1a, 0x68, 0x62, 0xac,
-             0x52, 0x57, 0xd6, 0xf9, 0xad, 0xc9, 0x9e, 0xe0,
-             0xa2, 0x4d, 0x9c, 0x22, 0xb3, 0xe9, 0xb3, 0x8a}, 32,
-            /* tag, tag length  */
-            {0x39, 0xc3, 0x39, 0xbc, 0x8a, 0x74, 0xc7, 0x5e,
-             0x2c, 0x65, 0xc6, 0x11, 0x95, 0x44, 0xd6, 0x1e}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0xaf, 0x5a, 0x03, 0xae, 0x7e, 0xdd, 0x73, 0x47,
-             0x1b, 0xdc, 0xdf, 0xac, 0x5e, 0x19, 0x4a, 0x60}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
-            /* ct, ct length  */
-            {0x94, 0xc5, 0xd2, 0xac, 0xa6, 0xdb, 0xbc, 0xe8,
-             0xc2, 0x45, 0x13, 0xa2, 0x5e, 0x09, 0x5c, 0x0e,
-             0x54, 0xa9, 0x42, 0x86, 0x0d, 0x32, 0x7a, 0x22,
-             0x2a, 0x81, 0x5c, 0xc7, 0x13, 0xb1, 0x63, 0xb4}, 32,
-            /* tag, tag length  */
-            {0xf5, 0x0b, 0x30, 0x30, 0x4e, 0x45, 0xc9, 0xd4,
-             0x11, 0xe8, 0xdf, 0x45, 0x08, 0xa9, 0x86, 0x12}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0xb3, 0x70, 0x87, 0x68, 0x0f, 0x0e, 0xdd, 0x5a,
-             0x52, 0x22, 0x8b, 0x8c, 0x7a, 0xae, 0xa6, 0x64}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
-             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
-             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
-             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33}, 64,
-            /* ct, ct length  */
-            {0x3b, 0xb6, 0x17, 0x3e, 0x37, 0x72, 0xd4, 0xb6,
-             0x2e, 0xef, 0x37, 0xf9, 0xef, 0x07, 0x81, 0xf3,
-             0x60, 0xb6, 0xc7, 0x4b, 0xe3, 0xbf, 0x6b, 0x37,
-             0x10, 0x67, 0xbc, 0x1b, 0x09, 0x0d, 0x9d, 0x66,
-             0x22, 0xa1, 0xfb, 0xec, 0x6a, 0xc4, 0x71, 0xb3,
-             0x34, 0x9c, 0xd4, 0x27, 0x7a, 0x10, 0x1d, 0x40,
-             0x89, 0x0f, 0xbf, 0x27, 0xdf, 0xdc, 0xd0, 0xb4,
-             0xe3, 0x78, 0x1f, 0x98, 0x06, 0xda, 0xab, 0xb6}, 64,
-            /* tag, tag length  */
-            {0xa0, 0x49, 0x87, 0x45, 0xe5, 0x99, 0x99, 0xdd,
-             0xc3, 0x2d, 0x5b, 0x14, 0x02, 0x41, 0x12, 0x4e}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x4f, 0x80, 0x2d, 0xa6, 0x2a, 0x38, 0x45, 0x55,
-             0xa1, 0x9b, 0xc2, 0xb3, 0x82, 0xeb, 0x25, 0xaf}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
-             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
-             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
-             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
-             0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
-             0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44}, 80,
-            /* ct, ct length  */
-            {0xe9, 0xb0, 0xbb, 0x88, 0x57, 0x81, 0x8c, 0xe3,
-             0x20, 0x1c, 0x36, 0x90, 0xd2, 0x1d, 0xaa, 0x7f,
-             0x26, 0x4f, 0xb8, 0xee, 0x93, 0xcc, 0x7a, 0x46,
-             0x74, 0xea, 0x2f, 0xc3, 0x2b, 0xf1, 0x82, 0xfb,
-             0x2a, 0x7e, 0x8a, 0xd5, 0x15, 0x07, 0xad, 0x4f,
-             0x31, 0xce, 0xfc, 0x23, 0x56, 0xfe, 0x79, 0x36,
-             0xa7, 0xf6, 0xe1, 0x9f, 0x95, 0xe8, 0x8f, 0xdb,
-             0xf1, 0x76, 0x20, 0x91, 0x6d, 0x3a, 0x6f, 0x3d,
-             0x01, 0xfc, 0x17, 0xd3, 0x58, 0x67, 0x2f, 0x77,
-             0x7f, 0xd4, 0x09, 0x92, 0x46, 0xe4, 0x36, 0xe1}, 80,
-            /* tag, tag length  */
-            {0x67, 0x91, 0x0b, 0xe7, 0x44, 0xb8, 0x31, 0x5a,
-             0xe0, 0xeb, 0x61, 0x24, 0x59, 0x0c, 0x5d, 0x8b}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0xb6, 0x7b, 0x1a, 0x6e, 0xfd, 0xd4, 0x0d, 0x37,
-             0x08, 0x0f, 0xbe, 0x8f, 0x80, 0x47, 0xae, 0xb9}, 16,
-            /* iv, iv length  */
-            {0xfa, 0x29, 0x4b, 0x12, 0x99, 0x72, 0xf7, 0xfc,
-             0x5b, 0xbd, 0x5b, 0x96, 0xbb, 0xa8, 0x37, 0xc9}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x00}, 0,
-            /* ct, ct length  */
-            {0x00}, 0,
-            /* tag, tag length  */
-            {0xb1, 0x4b, 0x64, 0xfb, 0x58, 0x98, 0x99, 0x69,
-             0x95, 0x70, 0xcc, 0x91, 0x60, 0xe3, 0x98, 0x96}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x20, 0x9e, 0x6d, 0xbf, 0x2a, 0xd2, 0x6a, 0x10,
-             0x54, 0x45, 0xfc, 0x02, 0x07, 0xcd, 0x9e, 0x9a}, 16,
-            /* iv, iv length  */
-            {0x94, 0x77, 0x84, 0x9d, 0x6c, 0xcd, 0xfc, 0xa1,
-             0x12, 0xd9, 0x2e, 0x53, 0xfa, 0xe4, 0xa7, 0xca}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x01}, 1,
-            /* ct, ct length  */
-            {0x1d}, 1,
-            /* tag, tag length  */
-            {0x52, 0xa5, 0xf6, 0x00, 0xfe, 0x53, 0x38, 0x02,
-             0x6a, 0x7c, 0xb0, 0x9c, 0x11, 0x64, 0x00, 0x82}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0xa5, 0x49, 0x44, 0x2e, 0x35, 0x15, 0x40, 0x32,
-             0xd0, 0x7c, 0x86, 0x66, 0x00, 0x6a, 0xa6, 0xa2}, 16,
-            /* iv, iv length  */
-            {0x51, 0x71, 0x52, 0x45, 0x68, 0xe8, 0x1d, 0x97,
-             0xe8, 0xc4, 0xde, 0x4b, 0xa5, 0x6c, 0x10, 0xa0}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x11, 0x82, 0xe9, 0x35, 0x96, 0xca, 0xc5, 0x60,
-             0x89, 0x46, 0x40, 0x0b, 0xc7, 0x3f, 0x3a}, 15,
-            /* ct, ct length  */
-            {0xd7, 0xb8, 0xa6, 0xb4, 0x3d, 0x2e, 0x9f, 0x98,
-             0xc2, 0xb4, 0x4c, 0xe5, 0xe3, 0xcf, 0xdb}, 15,
-            /* tag, tag length  */
-            {0x1b, 0xdd, 0x52, 0xfc, 0x98, 0x7d, 0xaf, 0x0e,
-             0xe1, 0x92, 0x34, 0xc9, 0x05, 0xea, 0x64, 0x5f}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x95, 0x8b, 0xcd, 0xb6, 0x6a, 0x39, 0x52, 0xb5,
-             0x37, 0x01, 0x58, 0x2a, 0x68, 0xa0, 0xe4, 0x74}, 16,
-            /* iv, iv length  */
-            {0x0e, 0x6e, 0xc8, 0x79, 0xb0, 0x2c, 0x6f, 0x51,
-             0x69, 0x76, 0xe3, 0x58, 0x98, 0x42, 0x8d, 0xa7}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x14, 0x04, 0x15, 0x82, 0x3e, 0xcc, 0x89, 0x32,
-             0xa0, 0x58, 0x38, 0x4b, 0x73, 0x8e, 0xa6, 0xea,
-             0x6d, 0x4d, 0xfe, 0x3b, 0xbe, 0xee}, 22,
-            /* ct, ct length  */
-            {0x73, 0xe5, 0xc6, 0xf0, 0xe7, 0x03, 0xa5, 0x2d,
-             0x02, 0xf7, 0xf7, 0xfa, 0xeb, 0x1b, 0x77, 0xfd,
-             0x4f, 0xd0, 0xcb, 0x42, 0x1e, 0xaf}, 22,
-            /* tag, tag length  */
-            {0x6c, 0x15, 0x4a, 0x85, 0x96, 0x8e, 0xdd, 0x74,
-             0x77, 0x65, 0x75, 0xa4, 0x45, 0x0b, 0xd8, 0x97}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x96, 0x5b, 0x75, 0x7b, 0xa5, 0x01, 0x8a, 0x8d,
-             0x66, 0xed, 0xc7, 0x8e, 0x0c, 0xee, 0xe8, 0x6b}, 16,
-            /* iv, iv length  */
-            {0x2e, 0x35, 0x90, 0x1a, 0xe7, 0xd4, 0x91, 0xee,
-             0xcc, 0x88, 0x38, 0xfe, 0xdd, 0x63, 0x14, 0x05}, 16,
-            /* aad, aad length  */
-            {0xdf, 0x10, 0xd0, 0xd2, 0x12, 0x24, 0x24, 0x50}, 8,
-            /* msg, msg length  */
-            {0x36, 0xe5, 0x7a, 0x76, 0x39, 0x58, 0xb0, 0x2c,
-             0xea, 0x9d, 0x6a, 0x67, 0x6e, 0xbc, 0xe8, 0x1f}, 16,
-            /* ct, ct length  */
-            {0x93, 0x6b, 0x69, 0xb6, 0xc9, 0x55, 0xad, 0xfd,
-             0x15, 0x53, 0x9b, 0x9b, 0xe4, 0x98, 0x9c, 0xb6}, 16,
-            /* tag, tag length  */
-            {0xee, 0x15, 0xa1, 0x45, 0x4e, 0x88, 0xfa, 0xad,
-             0x8e, 0x48, 0xa8, 0xdf, 0x29, 0x83, 0xb4, 0x25}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x88, 0xd0, 0x20, 0x33, 0x78, 0x1c, 0x7b, 0x41,
-             0x64, 0x71, 0x1a, 0x05, 0x42, 0x0f, 0x25, 0x6e}, 16,
-            /* iv, iv length  */
-            {0x7f, 0x29, 0x85, 0x29, 0x63, 0x15, 0x50, 0x7a,
-             0xa4, 0xc0, 0xa9, 0x3d, 0x5c, 0x12, 0xbd, 0x77}, 16,
-            /* aad, aad length  */
-            {0x7c, 0x57, 0x1d, 0x2f, 0xbb, 0x5f, 0x62, 0x52,
-             0x3c, 0x0e, 0xb3, 0x38, 0xbe, 0xf9, 0xa9}, 15,
-            /* msg, msg length  */
-            {0xd9, 0x8a, 0xdc, 0x03, 0xd9, 0xd5, 0x82, 0x73,
-             0x2e, 0xb0, 0x7d, 0xf2, 0x3d, 0x7b, 0x9f, 0x74}, 16,
-            /* ct, ct length  */
-            {0x67, 0xca, 0xac, 0x35, 0x44, 0x3a, 0x31, 0x38,
-             0xd2, 0xcb, 0x81, 0x1f, 0x0c, 0xe0, 0x4d, 0xd2}, 16,
-            /* tag, tag length  */
-            {0xb7, 0x96, 0x8e, 0x0b, 0x56, 0x40, 0xe3, 0xb2,
-             0x36, 0x56, 0x96, 0x53, 0x20, 0x8b, 0x9d, 0xeb}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x51, 0x58, 0x40, 0xcf, 0x67, 0xd2, 0xe4, 0x0e,
-             0xb6, 0x5e, 0x54, 0xa2, 0x4c, 0x72, 0xcb, 0xf2}, 16,
-            /* iv, iv length  */
-            {0xbf, 0x47, 0xaf, 0xdf, 0xd4, 0x92, 0x13, 0x7a,
-             0x24, 0x23, 0x6b, 0xc3, 0x67, 0x97, 0xa8, 0x8e}, 16,
-            /* aad, aad length  */
-            {0x16, 0x84, 0x3c, 0x09, 0x1d, 0x43, 0xb0, 0xa1,
-             0x91, 0xd0, 0xc7, 0x3d, 0x15, 0x60, 0x1b, 0xe9}, 16,
-            /* msg, msg length  */
-            {0xc8, 0x34, 0x58, 0x8c, 0xb6, 0xda, 0xf9, 0xf0,
-             0x6d, 0xd2, 0x35, 0x19, 0xf4, 0xbe, 0x9f, 0x56}, 16,
-            /* ct, ct length  */
-            {0x20, 0x0a, 0xc4, 0x51, 0xfb, 0xeb, 0x0f, 0x61,
-             0x51, 0xd6, 0x15, 0x83, 0xa4, 0x3b, 0x73, 0x43}, 16,
-            /* tag, tag length  */
-            {0x2a, 0xd4, 0x3e, 0x4c, 0xaa, 0x51, 0x98, 0x3a,
-             0x9d, 0x4d, 0x24, 0x48, 0x1b, 0xf4, 0xc8, 0x39}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x2e, 0x44, 0x92, 0xd4, 0x44, 0xe5, 0xb6, 0xf4,
-             0xce, 0xc8, 0xc2, 0xd3, 0x61, 0x5a, 0xc8, 0x58}, 16,
-            /* iv, iv length  */
-            {0xd0, 0x2b, 0xf0, 0x76, 0x3a, 0x9f, 0xef, 0xbf,
-             0x70, 0xc3, 0x3a, 0xee, 0x1e, 0x9d, 0xa1, 0xd6}, 16,
-            /* aad, aad length  */
-            {0x90, 0x4d, 0x86, 0xf1, 0x33, 0xce, 0xc1, 0x5a,
-             0x0c, 0x3c, 0xaf, 0x14, 0xd7, 0xe0, 0x29, 0xc8,
-             0x2a, 0x07, 0x70, 0x5a, 0x23, 0xf0, 0xd0, 0x80}, 24,
-            /* msg, msg length  */
-            {0x9e, 0x62, 0xd6, 0x51, 0x1b, 0x0b, 0xda, 0x7d,
-             0xd7, 0x74, 0x0b, 0x61, 0x4d, 0x97, 0xba, 0xe0}, 16,
-            /* ct, ct length  */
-            {0x27, 0xc6, 0xe9, 0xa6, 0x53, 0xc5, 0x25, 0x3c,
-             0xa1, 0xc5, 0x67, 0x3f, 0x97, 0xb9, 0xb3, 0x3e}, 16,
-            /* tag, tag length  */
-            {0x2d, 0x58, 0x12, 0x71, 0xe1, 0xfa, 0x9e, 0x36,
-             0x86, 0x13, 0x6c, 0xaa, 0x8f, 0x4d, 0x6c, 0x8e}, 16,
-            /* valid */
-            1,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe4, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0x66, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0f, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x12, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x11, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0xd2, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0xb8, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb0, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9a, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x99, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x1b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa6}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa5}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xe7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
-             0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0x72,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72,
-             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0x19, 0xf1, 0x83, 0xaf, 0xec, 0x59, 0x24, 0x0d,
-             0xad, 0x67, 0x4e, 0x6d, 0x64, 0x3c, 0xa9, 0x58}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-             0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0x66, 0x8e, 0xfc, 0xd0, 0x93, 0x26, 0x5b, 0x72,
-             0xd2, 0x18, 0x31, 0x12, 0x1b, 0x43, 0xd6, 0x27}, 16,
-            /* valid */
-            0,
-        },
-        {
-            /* key, key length  */
-            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
-            /* iv, iv length  */
-            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
-            /* aad, aad length  */
-            {0x00}, 0,
-            /* msg, msg length  */
-            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
-            /* ct, ct length  */
-            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
-             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
-            /* tag, tag length  */
-            {0xe7, 0x0f, 0x7d, 0x51, 0x12, 0xa7, 0xda, 0xf3,
-             0x53, 0x99, 0xb0, 0x93, 0x9a, 0xc2, 0x57, 0xa6}, 16,
-            /* valid */
-            0,
-        },
-    };
-
-    byte ciphertext[sizeof(vectors[0].ct)];
-    byte authtag[sizeof(vectors[0].tag)];
-    int i;
-    int len;
-    int ret;
-
-
-    for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) {
-
-        XMEMSET(ciphertext, 0, sizeof(ciphertext));
-
-        len = sizeof(authtag);
-        ExpectIntEQ(wc_AesEaxEncryptAuth(vectors[i].key, vectors[i].key_length,
-                                         ciphertext,
-                                         vectors[i].msg, vectors[i].msg_length,
-                                         vectors[i].iv, vectors[i].iv_length,
-                                         authtag, len,
-                                         vectors[i].aad, vectors[i].aad_length),
-                                         0);
-
-        /* check ciphertext matches vector */
-        ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].ct, vectors[i].ct_length),
-                    0);
-
-        /* check that computed tag matches vector only for vectors marked as valid */
-        ret = XMEMCMP(authtag, vectors[i].tag, len);
-        if (vectors[i].valid) {
-            ExpectIntEQ(ret, 0);
-        }
-        else {
-            ExpectIntNE(ret, 0);
-        }
-
-        XMEMSET(ciphertext, 0, sizeof(ciphertext));
-
-        /* Decrypt, checking that the computed auth tags match */
-        ExpectIntEQ(wc_AesEaxDecryptAuth(vectors[i].key, vectors[i].key_length,
-                                         ciphertext,
-                                         vectors[i].ct, vectors[i].ct_length,
-                                         vectors[i].iv, vectors[i].iv_length,
-                                         authtag, len,
-                                         vectors[i].aad, vectors[i].aad_length),
-                                         0);
-
-        /* check decrypted ciphertext matches vector plaintext */
-        ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].msg, vectors[i].msg_length),
-                    0);
-    }
-    return EXPECT_RESULT();
-} /* END test_wc_AesEaxVectors */
-
-
-/*
- * Testing test_wc_AesEaxEncryptAuth()
- */
-static int test_wc_AesEaxEncryptAuth(void)
-{
-    EXPECT_DECLS;
-
-    const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
-    const byte iv[]  = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
-    const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
-    const byte msg[] = {0x00, 0x01, 0x02, 0x03, 0x04};
-
-    byte ciphertext[sizeof(msg)];
-    byte authtag[AES_BLOCK_SIZE];
-    int i;
-    int len;
-
-    len = sizeof(authtag);
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     ciphertext,
-                                     msg, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     authtag, (word32)len,
-                                     aad, sizeof(aad)),
-                                     0);
-
-    /* Test null checking */
-    ExpectIntEQ(wc_AesEaxEncryptAuth(NULL, sizeof(key),
-                                     ciphertext,
-                                     msg, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     authtag, (word32)len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     NULL,
-                                     msg, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     authtag, (word32)len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     ciphertext,
-                                     NULL, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     authtag, (word32)len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     ciphertext,
-                                     msg, sizeof(msg),
-                                     NULL, sizeof(iv),
-                                     authtag, (word32)len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     ciphertext,
-                                     msg, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     NULL, (word32)len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     ciphertext,
-                                     msg, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     authtag, (word32)len,
-                                     NULL, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-
-    /* Test bad key lengths */
-    for (i = 0; i <= 32; i++) {
-        int exp_ret;
-        if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
-                                  || i == AES_256_KEY_SIZE) {
-            exp_ret = 0;
-        }
-        else {
-            exp_ret = BAD_FUNC_ARG;
-        }
-
-        ExpectIntEQ(wc_AesEaxEncryptAuth(key, (word32)i,
-                                         ciphertext,
-                                         msg, sizeof(msg),
-                                         iv, sizeof(iv),
-                                         authtag, (word32)len,
-                                         aad, sizeof(aad)),
-                                         exp_ret);
-    }
-
-
-    /* Test auth tag size out of range */
-    len = AES_BLOCK_SIZE + 1;
-    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
-                                     ciphertext,
-                                     msg, sizeof(msg),
-                                     iv, sizeof(iv),
-                                     authtag, (word32)len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-
-    return EXPECT_RESULT();
-} /* END test_wc_AesEaxEncryptAuth() */
-
-
-/*
- * Testing test_wc_AesEaxDecryptAuth()
- */
-static int test_wc_AesEaxDecryptAuth(void)
-{
-    EXPECT_DECLS;
-
-    const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
-    const byte iv[]  = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
-    const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
-    const byte ct[] =  {0x00, 0x01, 0x02, 0x03, 0x04};
-    /* Garbage tag that should always fail for above aad */
-    const byte tag[] = {0xFE, 0xED, 0xBE, 0xEF, 0xDE, 0xAD, 0xC0, 0xDE,
-                        0xCA, 0xFE, 0xBE, 0xEF, 0xDE, 0xAF, 0xBE, 0xEF};
-
-    byte plaintext[sizeof(ct)];
-    int i;
-    int len;
-
-    len = sizeof(tag);
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     plaintext,
-                                     ct, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     tag, (word32)len,
-                                     aad, sizeof(aad)),
-                                     AES_EAX_AUTH_E);
-
-    /* Test null checking */
-    ExpectIntEQ(wc_AesEaxDecryptAuth(NULL, sizeof(key),
-                                     plaintext,
-                                     ct, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     tag, (word32)len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     NULL,
-                                     ct, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     tag, (word32)len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     plaintext,
-                                     NULL, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     tag, (word32)len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     plaintext,
-                                     ct, sizeof(ct),
-                                     NULL, sizeof(iv),
-                                     tag, (word32)len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     plaintext,
-                                     ct, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     NULL, (word32)len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     plaintext,
-                                     ct, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     tag, (word32)len,
-                                     NULL, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-
-    /* Test bad key lengths */
-    for (i = 0; i <= 32; i++) {
-        int exp_ret;
-        if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
-                                  || i == AES_256_KEY_SIZE) {
-            exp_ret = AES_EAX_AUTH_E;
-        }
-        else {
-            exp_ret = BAD_FUNC_ARG;
-        }
-
-        ExpectIntEQ(wc_AesEaxDecryptAuth(key, (word32)i,
-                                         plaintext,
-                                         ct, sizeof(ct),
-                                         iv, sizeof(iv),
-                                         tag, (word32)len,
-                                         aad, sizeof(aad)),
-                                         exp_ret);
-    }
-
-
-    /* Test auth tag size out of range */
-    len = AES_BLOCK_SIZE + 1;
-    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
-                                     plaintext,
-                                     ct, sizeof(ct),
-                                     iv, sizeof(iv),
-                                     tag, (word32)len,
-                                     aad, sizeof(aad)),
-                                     BAD_FUNC_ARG);
-
-    return EXPECT_RESULT();
-} /* END test_wc_AesEaxDecryptAuth() */
-
-#endif /* WOLFSSL_AES_EAX &&
-        * (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST
-        */
-
-/*
- * Testing wc_InitDsaKey()
- */
-static int test_wc_InitDsaKey(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_DSA
-    DsaKey key;
-
-    XMEMSET(&key, 0, sizeof(DsaKey));
-
-    ExpectIntEQ(wc_InitDsaKey(&key), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_InitDsaKey(NULL), BAD_FUNC_ARG);
-
-    wc_FreeDsaKey(&key);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_InitDsaKey */
-
-/*
- * Testing wc_DsaSign() and wc_DsaVerify()
- */
-static int test_wc_DsaSignVerify(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DSA)
-    DsaKey key;
-    WC_RNG rng;
-    wc_Sha sha;
-    byte   signature[DSA_SIG_SIZE];
-    byte   hash[WC_SHA_DIGEST_SIZE];
-    word32 idx = 0;
-    word32 bytes;
-    int    answer;
-#ifdef USE_CERT_BUFFERS_1024
-    byte   tmp[ONEK_BUF];
-
-    XMEMSET(tmp, 0, sizeof(tmp));
-    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
-    bytes = sizeof_dsa_key_der_1024;
-#elif defined(USE_CERT_BUFFERS_2048)
-    byte   tmp[TWOK_BUF];
-
-    XMEMSET(tmp, 0, sizeof(tmp));
-    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
-    bytes = sizeof_dsa_key_der_2048;
-#else
-    byte   tmp[TWOK_BUF];
-    XFILE  fp = XBADFILE;
-
-    XMEMSET(tmp, 0, sizeof(tmp));
-    ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE);
-    ExpectTrue((bytes = (word32)XFREAD(tmp, 1, sizeof(tmp), fp)) > 0);
-    if (fp != XBADFILE)
-        XFCLOSE(fp);
-#endif /* END USE_CERT_BUFFERS_1024 */
-
-    ExpectIntEQ(wc_InitSha(&sha), 0);
-    ExpectIntEQ(wc_ShaUpdate(&sha, tmp, bytes), 0);
-    ExpectIntEQ(wc_ShaFinal(&sha, hash), 0);
-    ExpectIntEQ(wc_InitDsaKey(&key), 0);
-    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    /* Sign. */
-    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_DsaSign(NULL, signature, &key, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaSign(hash, NULL, &key, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaSign(hash, signature, NULL, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaSign(hash, signature, &key, NULL), BAD_FUNC_ARG);
-
-    /* Verify. */
-    ExpectIntEQ(wc_DsaVerify(hash, signature, &key, &answer), 0);
-    ExpectIntEQ(answer, 1);
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_DsaVerify(NULL, signature, &key, &answer), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaVerify(hash, NULL, &key, &answer), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaVerify(hash, signature, NULL, &answer), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaVerify(hash, signature, &key, NULL), BAD_FUNC_ARG);
-
-#if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP)
-    /* hard set q to 0 and test fail case */
-    mp_free(&key.q);
-    mp_init(&key.q);
-    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
-
-    mp_set(&key.q, 1);
-    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
-#endif
-
-    DoExpectIntEQ(wc_FreeRng(&rng),0);
-    wc_FreeDsaKey(&key);
-    wc_ShaFree(&sha);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_DsaSign */
-
-/*
- * Testing wc_DsaPrivateKeyDecode() and wc_DsaPublicKeyDecode()
- */
-static int test_wc_DsaPublicPrivateKeyDecode(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DSA)
-    DsaKey key;
-    word32 bytes = 0;
-    word32 idx  = 0;
-    int    ret = 0;
-#ifdef USE_CERT_BUFFERS_1024
-    byte   tmp[ONEK_BUF];
-
-    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
-    bytes = sizeof_dsa_key_der_1024;
-#elif defined(USE_CERT_BUFFERS_2048)
-    byte   tmp[TWOK_BUF];
-
-    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
-    bytes = sizeof_dsa_key_der_2048;
-#else
-    byte   tmp[TWOK_BUF];
-    XFILE  fp = XBADFILE;
-
-    XMEMSET(tmp, 0, sizeof(tmp));
-    ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE);
-    ExpectTrue((bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp)) > 0);
-    if (fp != XBADFILE)
-        XFCLOSE(fp);
-#endif /* END USE_CERT_BUFFERS_1024 */
-
-    ExpectIntEQ(wc_InitDsaKey(&key), 0);
-    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes), BAD_FUNC_ARG);
-    ExpectIntLT(ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
-    ExpectTrue((ret == ASN_PARSE_E) || (ret == BUFFER_E));
-    wc_FreeDsaKey(&key);
-
-    ExpectIntEQ(wc_InitDsaKey(&key), 0);
-    idx = 0; /* Reset */
-    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes), BAD_FUNC_ARG);
-    ExpectIntLT(ret = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes), 0);
-    ExpectTrue((ret == ASN_PARSE_E) || (ret == BUFFER_E));
-    wc_FreeDsaKey(&key);
-#endif /* !NO_DSA */
-    return EXPECT_RESULT();
-
-} /* END test_wc_DsaPublicPrivateKeyDecode */
-
-
-/*
- * Testing wc_MakeDsaKey() and wc_MakeDsaParameters()
- */
-static int test_wc_MakeDsaKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
-    DsaKey genKey;
-    WC_RNG rng;
-
-    XMEMSET(&genKey, 0, sizeof(genKey));
-    XMEMSET(&rng, 0, sizeof(rng));
-
-    ExpectIntEQ(wc_InitDsaKey(&genKey), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey),
-        BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_MakeDsaKey(&rng, &genKey), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_MakeDsaKey(NULL, &genKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_MakeDsaKey(&rng, NULL), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_FreeDsaKey(&genKey);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_MakeDsaKey */
-
-/*
- * Testing wc_DsaKeyToDer()
- */
-static int test_wc_DsaKeyToDer(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
-    DsaKey key;
-    word32 bytes;
-    word32 idx = 0;
-#ifdef USE_CERT_BUFFERS_1024
-    byte   tmp[ONEK_BUF];
-    byte   der[ONEK_BUF];
-
-    XMEMSET(tmp, 0, sizeof(tmp));
-    XMEMSET(der, 0, sizeof(der));
-    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
-    bytes = sizeof_dsa_key_der_1024;
-#elif defined(USE_CERT_BUFFERS_2048)
-    byte   tmp[TWOK_BUF];
-    byte   der[TWOK_BUF];
-
-    XMEMSET(tmp, 0, sizeof(tmp));
-    XMEMSET(der, 0, sizeof(der));
-    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
-    bytes = sizeof_dsa_key_der_2048;
-#else
-    byte   tmp[TWOK_BUF];
-    byte   der[TWOK_BUF];
-    XFILE fp = XBADFILE;
-
-    XMEMSET(tmp, 0, sizeof(tmp));
-    XMEMSET(der, 0, sizeof(der));
-    ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE);
-    ExpectTrue((bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp)) > 0);
-    if (fp != XBADFILE)
-        XFCLOSE(fp);
-#endif /* END USE_CERT_BUFFERS_1024 */
-
-    XMEMSET(&key, 0, sizeof(DsaKey));
-
-    ExpectIntEQ(wc_InitDsaKey(&key), 0);
-    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
-    ExpectIntGE(wc_DsaKeyToDer(&key, der, bytes), 0);
-    ExpectIntEQ(XMEMCMP(der, tmp, bytes), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_DsaKeyToDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaKeyToDer(&key, NULL, FOURK_BUF), BAD_FUNC_ARG);
-
-    wc_FreeDsaKey(&key);
-#endif /* !NO_DSA && WOLFSSL_KEY_GEN */
-    return EXPECT_RESULT();
-
-} /* END test_wc_DsaKeyToDer */
-
-/*
- *  Testing wc_DsaKeyToPublicDer()
- *  (indirectly testing setDsaPublicKey())
- */
-static int test_wc_DsaKeyToPublicDer(void)
-{
-    EXPECT_DECLS;
-#ifndef HAVE_SELFTEST
-#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
-    DsaKey key;
-    WC_RNG rng;
-    byte*  der = NULL;
-    word32 sz = 0;
-    word32 idx = 0;
-
-    XMEMSET(&key, 0, sizeof(DsaKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectNotNull(der = (byte*)XMALLOC(ONEK_BUF, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER));
-    ExpectIntEQ(wc_InitDsaKey(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, &key), 0);
-    ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0);
-
-    ExpectIntGE(sz = (word32)wc_DsaKeyToPublicDer(&key, der, ONEK_BUF), 0);
-    wc_FreeDsaKey(&key);
-
-    idx = 0;
-    ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0);
-
-    /* Test without the SubjectPublicKeyInfo header */
-    ExpectIntGE(sz = (word32)wc_SetDsaPublicKey(der, &key, ONEK_BUF, 0), 0);
-    wc_FreeDsaKey(&key);
-    idx = 0;
-    ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DsaKeyToPublicDer(&key, NULL, FOURK_BUF), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_FreeDsaKey(&key);
-    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif /* !NO_DSA && WOLFSSL_KEY_GEN */
-#endif /* !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-
-} /* END test_wc_DsaKeyToPublicDer */
-
-/*
- * Testing wc_DsaImportParamsRaw()
- */
-static int test_wc_DsaImportParamsRaw(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DSA)
-    DsaKey key;
-    /* [mod = L=1024, N=160], from CAVP KeyPair */
-    const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
-                    "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
-                    "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
-                    "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
-                    "47123188f8dc551054ee162b634d60f097f719076640e209"
-                    "80a0093113a8bd73";
-    const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
-    const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
-                    "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
-                    "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
-                    "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
-                    "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
-                    "76341a7e7d9";
-    /* invalid p and q parameters */
-    const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
-    const char* invalidQ = "96c5390a";
-
-    XMEMSET(&key, 0, sizeof(DsaKey));
-
-    ExpectIntEQ(wc_InitDsaKey(&key), 0);
-    ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, q, g), 0);
-
-    /* test bad args */
-    /* null key struct */
-    ExpectIntEQ(wc_DsaImportParamsRaw(NULL, p, q, g), BAD_FUNC_ARG);
-    /* null param pointers */
-    ExpectIntEQ(wc_DsaImportParamsRaw(&key, NULL, NULL, NULL), BAD_FUNC_ARG);
-    /* illegal p length */
-    ExpectIntEQ(wc_DsaImportParamsRaw(&key, invalidP, q, g), BAD_FUNC_ARG);
-    /* illegal q length */
-    ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, invalidQ, g), BAD_FUNC_ARG);
-
-    wc_FreeDsaKey(&key);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_DsaImportParamsRaw */
-
-/*
- * Testing wc_DsaImportParamsRawCheck()
- */
-static int test_wc_DsaImportParamsRawCheck(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-    DsaKey key;
-    int    trusted = 0;
-    /* [mod = L=1024, N=160], from CAVP KeyPair */
-    const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
-                    "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
-                    "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
-                    "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
-                    "47123188f8dc551054ee162b634d60f097f719076640e209"
-                    "80a0093113a8bd73";
-    const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
-    const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
-                    "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
-                    "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
-                    "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
-                    "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
-                    "76341a7e7d9";
-    /* invalid p and q parameters */
-    const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
-    const char* invalidQ = "96c5390a";
-
-    ExpectIntEQ(wc_InitDsaKey(&key), 0);
-    ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL), 0);
-
-    /* test bad args */
-    /* null key struct */
-    ExpectIntEQ(wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL),
-        BAD_FUNC_ARG);
-    /* null param pointers */
-    ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted,
-        NULL), BAD_FUNC_ARG);
-    /* illegal p length */
-    ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL),
-        BAD_FUNC_ARG);
-    /* illegal q length */
-    ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL),
-        BAD_FUNC_ARG);
-
-    wc_FreeDsaKey(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_DsaImportParamsRawCheck */
-
-/*
- * Testing wc_DsaExportParamsRaw()
- */
-static int test_wc_DsaExportParamsRaw(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DSA)
-    DsaKey key;
-    /* [mod = L=1024, N=160], from CAVP KeyPair */
-    const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
-                    "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
-                    "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
-                    "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
-                    "47123188f8dc551054ee162b634d60f097f719076640e209"
-                    "80a0093113a8bd73";
-    const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
-    const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
-                    "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
-                    "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
-                    "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
-                    "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
-                    "76341a7e7d9";
-    const char* pCompare = "\xd3\x83\x11\xe2\xcd\x38\x8c\x3e\xd6\x98\xe8\x2f"
-                           "\xdf\x88\xeb\x92\xb5\xa9\xa4\x83\xdc\x88\x00\x5d"
-                           "\x4b\x72\x5e\xf3\x41\xea\xbb\x47\xcf\x8a\x7a\x8a"
-                           "\x41\xe7\x92\xa1\x56\xb7\xce\x97\x20\x6c\x4f\x9c"
-                           "\x5c\xe6\xfc\x5a\xe7\x91\x21\x02\xb6\xb5\x02\xe5"
-                           "\x90\x50\xb5\xb2\x1c\xe2\x63\xdd\xdb\x20\x44\xb6"
-                           "\x52\x23\x6f\x4d\x42\xab\x4b\x5d\x6a\xa7\x31\x89"
-                           "\xce\xf1\xac\xe7\x78\xd7\x84\x5a\x5c\x1c\x1c\x71"
-                           "\x47\x12\x31\x88\xf8\xdc\x55\x10\x54\xee\x16\x2b"
-                           "\x63\x4d\x60\xf0\x97\xf7\x19\x07\x66\x40\xe2\x09"
-                           "\x80\xa0\x09\x31\x13\xa8\xbd\x73";
-    const char* qCompare = "\x96\xc5\x39\x0a\x8b\x61\x2c\x0e\x42\x2b\xb2\xb0"
-                           "\xea\x19\x4a\x3e\xc9\x35\xa2\x81";
-    const char* gCompare = "\x06\xb7\x86\x1a\xbb\xd3\x5c\xc8\x9e\x79\xc5\x2f"
-                           "\x68\xd2\x08\x75\x38\x9b\x12\x73\x61\xca\x66\x82"
-                           "\x21\x38\xce\x49\x91\xd2\xb8\x62\x25\x9d\x6b\x45"
-                           "\x48\xa6\x49\x5b\x19\x5a\xa0\xe0\xb6\x13\x7c\xa3"
-                           "\x7e\xb2\x3b\x94\x07\x4d\x3c\x3d\x30\x00\x42\xbd"
-                           "\xf1\x57\x62\x81\x2b\x63\x33\xef\x7b\x07\xce\xba"
-                           "\x78\x60\x76\x10\xfc\xc9\xee\x68\x49\x1d\xbc\x1e"
-                           "\x34\xcd\x12\x61\x54\x74\xe5\x2b\x18\xbc\x93\x4f"
-                           "\xb0\x0c\x61\xd3\x9e\x7d\xa8\x90\x22\x91\xc4\x43"
-                           "\x4a\x4e\x22\x24\xc3\xf4\xfd\x9f\x93\xcd\x6f\x4f"
-                           "\x17\xfc\x07\x63\x41\xa7\xe7\xd9";
-    byte pOut[MAX_DSA_PARAM_SIZE];
-    byte qOut[MAX_DSA_PARAM_SIZE];
-    byte gOut[MAX_DSA_PARAM_SIZE];
-    word32 pOutSz;
-    word32 qOutSz;
-    word32 gOutSz;
-
-    XMEMSET(&key, 0, sizeof(DsaKey));
-
-    ExpectIntEQ(wc_InitDsaKey(&key), 0);
-    /* first test using imported raw parameters, for expected */
-    ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, q, g), 0);
-    pOutSz = sizeof(pOut);
-    qOutSz = sizeof(qOut);
-    gOutSz = sizeof(gOut);
-    ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), 0);
-    /* validate exported parameters are correct */
-    ExpectIntEQ(XMEMCMP(pOut, pCompare, pOutSz), 0);
-    ExpectIntEQ(XMEMCMP(qOut, qCompare, qOutSz), 0);
-    ExpectIntEQ(XMEMCMP(gOut, gCompare, gOutSz), 0);
-
-    /* test bad args */
-    /* null key struct */
-    ExpectIntEQ(wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), BAD_FUNC_ARG);
-    /* null output pointers */
-    ExpectIntEQ(wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz, NULL,
-        &gOutSz), LENGTH_ONLY_E);
-    /* null output size pointers */
-    ExpectIntEQ( wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL, gOut,
-        NULL), BAD_FUNC_ARG);
-    /* p output buffer size too small */
-    pOutSz = 1;
-    ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), BUFFER_E);
-    pOutSz = sizeof(pOut);
-    /* q output buffer size too small */
-    qOutSz = 1;
-    ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), BUFFER_E);
-    qOutSz = sizeof(qOut);
-    /* g output buffer size too small */
-    gOutSz = 1;
-    ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
-        &gOutSz), BUFFER_E);
-
-    wc_FreeDsaKey(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_DsaExportParamsRaw */
-
-/*
- * Testing wc_DsaExportKeyRaw()
- */
-static int test_wc_DsaExportKeyRaw(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
-    DsaKey key;
-    WC_RNG rng;
-    byte xOut[MAX_DSA_PARAM_SIZE];
-    byte yOut[MAX_DSA_PARAM_SIZE];
-    word32 xOutSz, yOutSz;
-
-    XMEMSET(&key, 0, sizeof(key));
-    XMEMSET(&rng, 0, sizeof(rng));
-
-    ExpectIntEQ(wc_InitDsaKey(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_MakeDsaParameters(&rng, 1024, &key), 0);
-    ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0);
-
-    /* try successful export */
-    xOutSz = sizeof(xOut);
-    yOutSz = sizeof(yOut);
-    ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz), 0);
-
-    /* test bad args */
-    /* null key struct */
-    ExpectIntEQ(wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz),
-        BAD_FUNC_ARG);
-    /* null output pointers */
-    ExpectIntEQ(wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz),
-        LENGTH_ONLY_E);
-    /* null output size pointers */
-    ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL),
-        BAD_FUNC_ARG);
-    /* x output buffer size too small */
-    xOutSz = 1;
-    ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz),
-        BUFFER_E);
-    xOutSz = sizeof(xOut);
-    /* y output buffer size too small */
-    yOutSz = 1;
-    ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz),
-        BUFFER_E);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_FreeDsaKey(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_DsaExportParamsRaw */
-
-
-/*
- * Testing wc_ed25519_make_key().
- */
-static int test_wc_ed25519_make_key(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED25519) && defined(HAVE_ED25519_MAKE_KEY)
-    ed25519_key   key;
-    WC_RNG        rng;
-    unsigned char pubkey[ED25519_PUB_KEY_SIZE+1];
-    int           pubkey_sz = ED25519_PUB_KEY_SIZE;
-
-    XMEMSET(&key, 0, sizeof(ed25519_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    ExpectIntEQ(wc_ed25519_make_public(&key, pubkey, (word32)pubkey_sz),
-        ECC_PRIV_KEY_E);
-    ExpectIntEQ(wc_ed25519_make_public(&key, pubkey+1, (word32)pubkey_sz),
-        ECC_PRIV_KEY_E);
-    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key),
-        BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed25519_make_key */
-
-/*
- * Testing wc_ed25519_init()
- */
-static int test_wc_ed25519_init(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED25519)
-    ed25519_key key;
-
-    XMEMSET(&key, 0, sizeof(ed25519_key));
-
-    ExpectIntEQ(wc_ed25519_init(&key), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_init(NULL), BAD_FUNC_ARG);
-
-    wc_ed25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed25519_init */
-
-/*
- * Test wc_ed25519_sign_msg() and wc_ed25519_verify_msg()
- */
-static int test_wc_ed25519_sign_msg(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN)
-    WC_RNG      rng;
-    ed25519_key key;
-    byte        msg[] = "Everybody gets Friday off.\n";
-    byte        sig[ED25519_SIG_SIZE+1];
-    word32      msglen = sizeof(msg);
-    word32      siglen = ED25519_SIG_SIZE;
-    word32      badSigLen = ED25519_SIG_SIZE - 1;
-#ifdef HAVE_ED25519_VERIFY
-    int         verify_ok = 0; /*1 = Verify success.*/
-#endif
-
-    /* Initialize stack variables. */
-    XMEMSET(&key, 0, sizeof(ed25519_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(sig, 0, sizeof(sig));
-
-    /* Initialize key. */
-    ExpectIntEQ(wc_ed25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
-
-    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key), 0);
-    ExpectIntEQ(siglen, ED25519_SIG_SIZE);
-    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig+1, &siglen, &key), 0);
-    ExpectIntEQ(siglen, ED25519_SIG_SIZE);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key),
-        BUFFER_E);
-    ExpectIntEQ(badSigLen, ED25519_SIG_SIZE);
-    badSigLen -= 1;
-
-#ifdef HAVE_ED25519_VERIFY
-    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok,
-        &key), 0);
-    ExpectIntEQ(verify_ok, 1);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen - 1, msg, msglen,
-        &verify_ok, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen + 1, msg, msglen,
-        &verify_ok, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
-        &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, NULL, msglen, &verify_ok,
-        &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, NULL, &key),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, badSigLen, msg, msglen, &verify_ok,
-        &key), BAD_FUNC_ARG);
-#endif /* Verify. */
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_ed25519_sign_msg */
-
-/*
- * Testing wc_ed25519_import_public()
- */
-static int test_wc_ed25519_import_public(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
-    ed25519_key pubKey;
-    WC_RNG      rng;
-    const byte  in[] = "Ed25519PublicKeyUnitTest......\n";
-    word32      inlen = sizeof(in);
-
-    XMEMSET(&pubKey, 0, sizeof(ed25519_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed25519_init(&pubKey), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-#ifdef HAVE_ED25519_MAKE_KEY
-    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &pubKey), 0);
-#endif
-
-    ExpectIntEQ(wc_ed25519_import_public_ex(in, inlen, &pubKey, 1), 0);
-    ExpectIntEQ(XMEMCMP(in, pubKey.p, inlen), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_import_public(NULL, inlen, &pubKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_import_public(in, inlen, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_import_public(in, inlen - 1, &pubKey), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed25519_free(&pubKey);
-#endif
-    return EXPECT_RESULT();
-} /* END wc_ed25519_import_public */
-
-/*
- * Testing wc_ed25519_import_private_key()
- */
-static int test_wc_ed25519_import_private_key(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
-    ed25519_key key;
-    WC_RNG      rng;
-    const byte  privKey[] = "Ed25519PrivateKeyUnitTest.....\n";
-    const byte  pubKey[] = "Ed25519PublicKeyUnitTest......\n";
-    word32      privKeySz = sizeof(privKey);
-    word32      pubKeySz = sizeof(pubKey);
-#ifdef HAVE_ED25519_KEY_EXPORT
-    byte        bothKeys[sizeof(privKey) + sizeof(pubKey)];
-    word32      bothKeysSz = sizeof(bothKeys);
-#endif
-
-    XMEMSET(&key, 0, sizeof(ed25519_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-#ifdef HAVE_ED25519_MAKE_KEY
-    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
-#endif
-
-    ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, privKeySz, pubKey,
-        pubKeySz, &key, 1), 0);
-    ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
-    ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
-
-#ifdef HAVE_ED25519_KEY_EXPORT
-    PRIVATE_KEY_UNLOCK();
-    ExpectIntEQ(wc_ed25519_export_private(&key, bothKeys, &bothKeysSz), 0);
-    PRIVATE_KEY_LOCK();
-    ExpectIntEQ(wc_ed25519_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0,
-        &key, 1), 0);
-    ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
-    ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
-#endif
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
-        &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, NULL,
-        pubKeySz, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
-        pubKeySz, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey,
-        pubKeySz, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
-        pubKeySz - 1, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, NULL, 0,
-        &key), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed25519_import_private_key */
-
-/*
- * Testing wc_ed25519_export_public() and wc_ed25519_export_private_only()
- */
-static int test_wc_ed25519_export(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
-    ed25519_key key;
-    WC_RNG      rng;
-    byte        priv[ED25519_PRV_KEY_SIZE];
-    byte        pub[ED25519_PUB_KEY_SIZE];
-    word32      privSz = sizeof(priv);
-    word32      pubSz = sizeof(pub);
-#ifndef HAVE_ED25519_MAKE_KEY
-    const byte  privKey[] = {
-        0xf8, 0x55, 0xb7, 0xb6, 0x49, 0x3f, 0x99, 0x9c,
-        0x88, 0xe3, 0xc5, 0x42, 0x6a, 0xa4, 0x47, 0x4a,
-        0xe4, 0x95, 0xda, 0xdb, 0xbf, 0xf8, 0xa7, 0x42,
-        0x9d, 0x0e, 0xe7, 0xd0, 0x57, 0x8f, 0x16, 0x69
-    };
-    const byte  pubKey[] = {
-        0x42, 0x3b, 0x7a, 0xf9, 0x82, 0xcf, 0xf9, 0xdf,
-        0x19, 0xdd, 0xf3, 0xf0, 0x32, 0x29, 0x6d, 0xfa,
-        0xfd, 0x76, 0x4f, 0x68, 0xc2, 0xc2, 0xe0, 0x6c,
-        0x47, 0xae, 0xc2, 0x55, 0x68, 0xac, 0x0d, 0x4d
-    };
-#endif
-
-    XMEMSET(&key, 0, sizeof(ed25519_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-#ifdef HAVE_ED25519_MAKE_KEY
-    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
-#else
-    ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, sizeof(privKey),
-        pubKey, sizeof(pubKey), &key, 1), 0);
-#endif
-
-    PRIVATE_KEY_UNLOCK();
-    ExpectIntEQ(wc_ed25519_export_public(&key, pub, &pubSz), 0);
-    ExpectIntEQ(pubSz, ED25519_KEY_SIZE);
-    ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_export_public(NULL, pub, &pubSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_public(&key, NULL, &pubSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_public(&key, pub, NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, &privSz), 0);
-    ExpectIntEQ(privSz, ED25519_KEY_SIZE);
-    ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_export_private_only(NULL, priv, &privSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_private_only(&key, NULL, &privSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, NULL),
-        BAD_FUNC_ARG);
-    PRIVATE_KEY_LOCK();
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed25519_export */
-
-/*
- *  Testing wc_ed25519_size()
- */
-static int test_wc_ed25519_size(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED25519)
-    ed25519_key key;
-    WC_RNG      rng;
-#ifndef HAVE_ED25519_MAKE_KEY
-    const byte  privKey[] = {
-        0xf8, 0x55, 0xb7, 0xb6, 0x49, 0x3f, 0x99, 0x9c,
-        0x88, 0xe3, 0xc5, 0x42, 0x6a, 0xa4, 0x47, 0x4a,
-        0xe4, 0x95, 0xda, 0xdb, 0xbf, 0xf8, 0xa7, 0x42,
-        0x9d, 0x0e, 0xe7, 0xd0, 0x57, 0x8f, 0x16, 0x69
-    };
-    const byte  pubKey[] = {
-        0x42, 0x3b, 0x7a, 0xf9, 0x82, 0xcf, 0xf9, 0xdf,
-        0x19, 0xdd, 0xf3, 0xf0, 0x32, 0x29, 0x6d, 0xfa,
-        0xfd, 0x76, 0x4f, 0x68, 0xc2, 0xc2, 0xe0, 0x6c,
-        0x47, 0xae, 0xc2, 0x55, 0x68, 0xac, 0x0d, 0x4d
-    };
-#endif
-
-    XMEMSET(&key, 0, sizeof(ed25519_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-#ifdef HAVE_ED25519_MAKE_KEY
-    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
-#else
-    ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, sizeof(privKey),
-        pubKey, sizeof(pubKey), &key, 1), 0);
-#endif
-
-    ExpectIntEQ(wc_ed25519_size(&key), ED25519_KEY_SIZE);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_size(NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ed25519_sig_size(&key), ED25519_SIG_SIZE);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_sig_size(NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ed25519_pub_size(&key), ED25519_PUB_KEY_SIZE);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_pub_size(NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ed25519_priv_size(&key), ED25519_PRV_KEY_SIZE);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_priv_size(NULL), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed25519_size */
-
-/*
- * Testing wc_ed25519_export_private() and wc_ed25519_export_key()
- */
-static int test_wc_ed25519_exportKey(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
-    WC_RNG      rng;
-    ed25519_key key;
-    byte        priv[ED25519_PRV_KEY_SIZE];
-    byte        pub[ED25519_PUB_KEY_SIZE];
-    byte        privOnly[ED25519_PRV_KEY_SIZE];
-    word32      privSz      = sizeof(priv);
-    word32      pubSz       = sizeof(pub);
-    word32      privOnlySz  = sizeof(privOnly);
-#ifndef HAVE_ED25519_MAKE_KEY
-    const byte  privKey[] = {
-        0xf8, 0x55, 0xb7, 0xb6, 0x49, 0x3f, 0x99, 0x9c,
-        0x88, 0xe3, 0xc5, 0x42, 0x6a, 0xa4, 0x47, 0x4a,
-        0xe4, 0x95, 0xda, 0xdb, 0xbf, 0xf8, 0xa7, 0x42,
-        0x9d, 0x0e, 0xe7, 0xd0, 0x57, 0x8f, 0x16, 0x69
-    };
-    const byte  pubKey[] = {
-        0x42, 0x3b, 0x7a, 0xf9, 0x82, 0xcf, 0xf9, 0xdf,
-        0x19, 0xdd, 0xf3, 0xf0, 0x32, 0x29, 0x6d, 0xfa,
-        0xfd, 0x76, 0x4f, 0x68, 0xc2, 0xc2, 0xe0, 0x6c,
-        0x47, 0xae, 0xc2, 0x55, 0x68, 0xac, 0x0d, 0x4d
-    };
-#endif
-
-    XMEMSET(&key, 0, sizeof(ed25519_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-#ifdef HAVE_ED25519_MAKE_KEY
-    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
-#else
-    ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, sizeof(privKey),
-        pubKey, sizeof(pubKey), &key, 1), 0);
-#endif
-
-    PRIVATE_KEY_UNLOCK();
-    ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, &privOnlySz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_export_private(NULL, privOnly, &privOnlySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_private(&key, NULL, &privOnlySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, NULL),
-        BAD_FUNC_ARG);
-    PRIVATE_KEY_LOCK();
-
-    /* Cross check output. */
-    ExpectIntEQ(XMEMCMP(priv, privOnly, privSz), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed25519_exportKey */
-
-/*
- * Testing wc_Ed25519PublicKeyToDer
- */
-static int test_wc_Ed25519PublicKeyToDer(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
-    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
-    ed25519_key key;
-    byte        derBuf[1024];
-
-    XMEMSET(&key, 0, sizeof(ed25519_key));
-
-    /* Test bad args */
-    ExpectIntEQ(wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed25519_init(&key), 0);
-    ExpectIntEQ(wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0), BUFFER_E);
-    wc_ed25519_free(&key);
-
-    /*  Test good args */
-    if (EXPECT_SUCCESS()) {
-        WC_RNG rng;
-
-        XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-        ExpectIntEQ(wc_ed25519_init(&key), 0);
-        ExpectIntEQ(wc_InitRng(&rng), 0);
-        ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
-        /* length only */
-        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 0), 0);
-        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 1), 0);
-        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, derBuf,
-                    (word32)sizeof(derBuf), 1), 0);
-
-        DoExpectIntEQ(wc_FreeRng(&rng), 0);
-        wc_ed25519_free(&key);
-    }
-#endif
-    return EXPECT_RESULT();
-} /* END testing wc_Ed25519PublicKeyToDer */
-
-/*
- * Testing wc_curve25519_init and wc_curve25519_free.
- */
-static int test_wc_curve25519_init(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE25519)
-    curve25519_key key;
-
-    ExpectIntEQ(wc_curve25519_init(&key), 0);
-    /* Test bad args for wc_curve25519_init */
-    ExpectIntEQ(wc_curve25519_init(NULL), BAD_FUNC_ARG);
-
-    /* Test good args for wc_curve_25519_free */
-    wc_curve25519_free(&key);
-    /* Test bad args for wc_curve25519 free. */
-    wc_curve25519_free(NULL);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve25519_init and wc_curve_25519_free*/
-/*
- * Testing test_wc_curve25519_size.
- */
-static int test_wc_curve25519_size(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE25519)
-    curve25519_key key;
-
-    ExpectIntEQ(wc_curve25519_init(&key), 0);
-
-    /* Test good args for wc_curve25519_size */
-    ExpectIntEQ(wc_curve25519_size(&key), CURVE25519_KEYSIZE);
-    /* Test bad args for wc_curve25519_size */
-    ExpectIntEQ(wc_curve25519_size(NULL), 0);
-
-    wc_curve25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve25519_size*/
-
-/*
- * Testing test_wc_curve25519_export_key_raw().
- */
-static int test_wc_curve25519_export_key_raw(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
-    curve25519_key key;
-    WC_RNG         rng;
-    byte           privateKey[CURVE25519_KEYSIZE];
-    byte           publicKey[CURVE25519_KEYSIZE];
-    word32         prvkSz;
-    word32         pubkSz;
-    byte           prik[CURVE25519_KEYSIZE];
-    byte           pubk[CURVE25519_KEYSIZE];
-    word32         prksz;
-    word32         pbksz;
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
-
-    /* bad-argument-test cases - target function should return BAD_FUNC_ARG */
-    prvkSz = CURVE25519_KEYSIZE;
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw(NULL, privateKey, &prvkSz,
-        publicKey, &pubkSz), BAD_FUNC_ARG);
-    prvkSz = CURVE25519_KEYSIZE;
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw(&key, NULL, &prvkSz, publicKey,
-        &pubkSz), BAD_FUNC_ARG);
-    prvkSz = CURVE25519_KEYSIZE;
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, NULL,
-        publicKey, &pubkSz), BAD_FUNC_ARG);
-    /* prvkSz = CURVE25519_KEYSIZE; */
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
-        NULL, &pubkSz), BAD_FUNC_ARG);
-    prvkSz = CURVE25519_KEYSIZE;
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
-        publicKey, NULL), BAD_FUNC_ARG);
-
-    /* cross-testing */
-    prksz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_private_raw(&key, prik, &prksz), 0);
-    pbksz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_public(&key, pubk, &pbksz), 0);
-    prvkSz = CURVE25519_KEYSIZE;
-    /* pubkSz = CURVE25519_KEYSIZE; */
-    ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
-        publicKey,  &pubkSz), 0);
-    ExpectIntEQ(prksz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(pbksz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE), 0);
-    ExpectIntEQ(XMEMCMP(publicKey,  pubk, CURVE25519_KEYSIZE), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* end of test_wc_curve25519_export_key_raw */
-
-/*
- * Testing test_wc_curve25519_export_key_raw_ex().
- */
-static int test_wc_curve25519_export_key_raw_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
-    curve25519_key key;
-    WC_RNG         rng;
-    byte           privateKey[CURVE25519_KEYSIZE];
-    byte           publicKey[CURVE25519_KEYSIZE];
-    word32         prvkSz;
-    word32         pubkSz;
-    byte           prik[CURVE25519_KEYSIZE];
-    byte           pubk[CURVE25519_KEYSIZE];
-    word32         prksz;
-    word32         pbksz;
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
-
-    /* bad-argument-test cases - target function should return BAD_FUNC_ARG */
-    prvkSz = CURVE25519_KEYSIZE;
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(NULL, privateKey,
-        &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
-    prvkSz = CURVE25519_KEYSIZE;
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, NULL,
-        &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
-    prvkSz = CURVE25519_KEYSIZE;
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        NULL, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
-    /* prvkSz = CURVE25519_KEYSIZE; */
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
-    prvkSz = CURVE25519_KEYSIZE;
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
-    prvkSz = CURVE25519_KEYSIZE;
-    /* pubkSz = CURVE25519_KEYSIZE; */
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(NULL, privateKey,
-        &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
-    prvkSz = CURVE25519_KEYSIZE;
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, NULL,
-        &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
-    prvkSz = CURVE25519_KEYSIZE;
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
-    /* prvkSz = CURVE25519_KEYSIZE; */
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
-    prvkSz = CURVE25519_KEYSIZE;
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
-        &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
-
-    /* illegal value for endian */
-    prvkSz = CURVE25519_KEYSIZE;
-    /* pubkSz = CURVE25519_KEYSIZE; */
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz,
-        publicKey, NULL, EC25519_BIG_ENDIAN + 10), BAD_FUNC_ARG);
-
-    /* cross-testing */
-    prksz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_private_raw( &key, prik, &prksz), 0);
-    pbksz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_public( &key, pubk, &pbksz), 0);
-    prvkSz = CURVE25519_KEYSIZE;
-    /* pubkSz = CURVE25519_KEYSIZE; */
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz,
-        publicKey, &pubkSz, EC25519_BIG_ENDIAN), 0);
-    ExpectIntEQ(prksz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(pbksz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE), 0);
-    ExpectIntEQ(XMEMCMP(publicKey,  pubk, CURVE25519_KEYSIZE), 0);
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz,
-        publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), 0);
-    ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE);
-
-    /* try once with another endian */
-    prvkSz = CURVE25519_KEYSIZE;
-    pubkSz = CURVE25519_KEYSIZE;
-    ExpectIntEQ(wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz,
-        publicKey, &pubkSz, EC25519_BIG_ENDIAN), 0);
-    ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* end of test_wc_curve25519_export_key_raw_ex */
-
-/*
- * Testing wc_curve25519_make_key
- */
-static int test_wc_curve25519_make_key(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE25519)
-    curve25519_key key;
-    WC_RNG         rng;
-    int            keysize;
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
-    ExpectIntEQ(keysize = wc_curve25519_size(&key), CURVE25519_KEYSIZE);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, &key), 0);
-    /* test bad cases*/
-    ExpectIntEQ(wc_curve25519_make_key(NULL, 0, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_make_key(NULL, keysize, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, 0, &key), ECC_BAD_ARG_E);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve25519_make_key*/
-
-/*
- * Testing wc_curve25519_shared_secret_ex
- */
-static int test_wc_curve25519_shared_secret_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE25519)
-    curve25519_key private_key;
-    curve25519_key public_key;
-    WC_RNG         rng;
-    byte           out[CURVE25519_KEYSIZE];
-    word32         outLen = sizeof(out);
-    int            endian = EC25519_BIG_ENDIAN;
-
-    ExpectIntEQ(wc_curve25519_init(&private_key), 0);
-    ExpectIntEQ(wc_curve25519_init(&public_key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key),
-        0);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key),
-        0);
-
-    ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
-        &outLen, endian), 0);
-
-    /* test bad cases*/
-    ExpectIntEQ(wc_curve25519_shared_secret_ex(NULL, NULL, NULL, 0, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_shared_secret_ex(NULL, &public_key, out, &outLen,
-        endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, NULL, out, &outLen,
-        endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL,
-        &outLen, endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
-        NULL, endian), BAD_FUNC_ARG);
-
-    /* curve25519.c is checking for public_key size less than or equal to 0x7f,
-     * increasing to 0x8f checks for error being returned*/
-    public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F;
-    ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
-        &outLen, endian), ECC_BAD_ARG_E);
-
-    outLen = outLen - 2;
-    ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
-        &outLen, endian), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve25519_free(&private_key);
-    wc_curve25519_free(&public_key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve25519_shared_secret_ex*/
-
-/*
- * Testing wc_curve25519_make_pub
- */
-static int test_wc_curve25519_make_pub(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_CURVE25519
-    curve25519_key key;
-    WC_RNG         rng;
-    byte           out[CURVE25519_KEYSIZE];
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
-
-    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof(out), out,
-        (int)sizeof(key.k), key.k), 0);
-    /* test bad cases*/
-    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof(key.k) - 1, key.k,
-        (int)sizeof out, out), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
-        NULL), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out - 1, out,
-        (int)sizeof(key.k), key.k), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, NULL,
-        (int)sizeof(key.k), key.k), ECC_BAD_ARG_E);
-    /* verify clamping test */
-    key.k[0] |= ~248;
-    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
-        key.k), ECC_BAD_ARG_E);
-    key.k[0] &= 248;
-    /* repeat the expected-to-succeed test. */
-    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
-        key.k), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve25519_make_pub */
-
-/*
- * Testing test_wc_curve25519_export_public_ex
- */
-static int test_wc_curve25519_export_public_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE25519)
-    curve25519_key key;
-    WC_RNG         rng;
-    byte           out[CURVE25519_KEYSIZE];
-    word32         outLen = sizeof(out);
-    int            endian = EC25519_BIG_ENDIAN;
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
-
-    ExpectIntEQ(wc_curve25519_export_public(&key, out, &outLen), 0);
-    ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, &outLen, endian), 0);
-    /* test bad cases*/
-    ExpectIntEQ(wc_curve25519_export_public_ex(NULL, NULL, NULL, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_export_public_ex(NULL, out, &outLen, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_export_public_ex(&key, NULL, &outLen, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, NULL, endian),
-        BAD_FUNC_ARG);
-    outLen = outLen - 2;
-    ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, &outLen, endian),
-        ECC_BAD_ARG_E);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve25519_export_public_ex*/
-/*
- * Testing test_wc_curve25519_import_private_raw_ex
- */
-static int test_wc_curve25519_import_private_raw_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE25519)
-    curve25519_key key;
-    WC_RNG         rng;
-    byte           priv[CURVE25519_KEYSIZE];
-    byte           pub[CURVE25519_KEYSIZE];
-    word32         privSz = sizeof(priv);
-    word32         pubSz = sizeof(pub);
-    int            endian = EC25519_BIG_ENDIAN;
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
-
-    ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, priv, &privSz,
-        endian), 0);
-    ExpectIntEQ(wc_curve25519_export_public(&key, pub, &pubSz), 0);
-    ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
-        &key, endian), 0);
-    /* test bad cases*/
-    ExpectIntEQ(wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL,
-        endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz,
-        &key, endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz,
-        &key, endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
-        NULL, endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz,
-        &key, endian), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0,
-        &key, endian), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
-        &key, EC25519_LITTLE_ENDIAN), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve25519_import_private_raw_ex*/
-
-/*
- * Testing test_wc_curve25519_import_private
- */
-static int test_wc_curve25519_import_private(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE25519)
-    curve25519_key key;
-    WC_RNG         rng;
-    byte           priv[CURVE25519_KEYSIZE];
-    word32         privSz = sizeof(priv);
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve25519_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
-
-    ExpectIntEQ(wc_curve25519_export_private_raw(&key, priv, &privSz), 0);
-    ExpectIntEQ(wc_curve25519_import_private(priv, privSz, &key), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve25519_import*/
-
-/*
- * Testing test_wc_curve25519_export_private_raw_ex
- */
-static int test_wc_curve25519_export_private_raw_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE25519)
-    curve25519_key key;
-    byte           out[CURVE25519_KEYSIZE];
-    word32         outLen = sizeof(out);
-    int            endian = EC25519_BIG_ENDIAN;
-
-    ExpectIntEQ(wc_curve25519_init(&key), 0);
-
-    ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian),
-        0);
-    /* test bad cases*/
-    ExpectIntEQ(wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, NULL, &outLen,
-        endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, NULL, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen,
-        EC25519_LITTLE_ENDIAN), 0);
-    outLen = outLen - 2;
-    ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian),
-        ECC_BAD_ARG_E);
-
-    wc_curve25519_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve25519_export_private_raw_ex*/
-
-/*
- * Testing wc_ed448_make_key().
- */
-static int test_wc_ed448_make_key(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED448)
-    ed448_key     key;
-    WC_RNG        rng;
-    unsigned char pubkey[ED448_PUB_KEY_SIZE];
-
-    XMEMSET(&key, 0, sizeof(ed448_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed448_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    ExpectIntEQ(wc_ed448_make_public(&key, pubkey, sizeof(pubkey)),
-        ECC_PRIV_KEY_E);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key),
-        BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed448_make_key */
-
-
-/*
- * Testing wc_ed448_init()
- */
-static int test_wc_ed448_init(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED448)
-    ed448_key key;
-
-    XMEMSET(&key, 0, sizeof(ed448_key));
-
-    ExpectIntEQ(wc_ed448_init(&key), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_init(NULL), BAD_FUNC_ARG);
-
-    wc_ed448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed448_init */
-
-/*
- * Test wc_ed448_sign_msg() and wc_ed448_verify_msg()
- */
-static int test_wc_ed448_sign_msg(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN)
-    ed448_key key;
-    WC_RNG    rng;
-    byte      msg[] = "Everybody gets Friday off.\n";
-    byte      sig[ED448_SIG_SIZE];
-    word32    msglen = sizeof(msg);
-    word32    siglen = sizeof(sig);
-    word32    badSigLen = sizeof(sig) - 1;
-#ifdef HAVE_ED448_VERIFY
-    int       verify_ok = 0; /*1 = Verify success.*/
-#endif
-
-    /* Initialize stack variables. */
-    XMEMSET(&key, 0, sizeof(ed448_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(sig, 0, siglen);
-
-    /* Initialize key. */
-    ExpectIntEQ(wc_ed448_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
-
-    ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &siglen, &key, NULL, 0), 0);
-    ExpectIntEQ(siglen, ED448_SIG_SIZE);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key, NULL, 0),
-        BUFFER_E);
-    ExpectIntEQ(badSigLen, ED448_SIG_SIZE);
-    badSigLen -= 1;
-
-#ifdef HAVE_ED448_VERIFY
-    ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key,
-        NULL, 0), 0);
-    ExpectIntEQ(verify_ok, 1);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, NULL, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, NULL,
-        &key, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok,
-        NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_verify_msg(sig, badSigLen, msg, msglen, &verify_ok,
-        &key, NULL, 0), BAD_FUNC_ARG);
-#endif /* Verify. */
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed448_sign_msg */
-
-/*
- * Testing wc_ed448_import_public()
- */
-static int test_wc_ed448_import_public(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
-    ed448_key  pubKey;
-    WC_RNG     rng;
-    const byte in[] =
-                    "Ed448PublicKeyUnitTest.................................\n";
-    word32     inlen = sizeof(in);
-
-    XMEMSET(&pubKey, 0, sizeof(ed448_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed448_init(&pubKey), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &pubKey), 0);
-
-    ExpectIntEQ(wc_ed448_import_public_ex(in, inlen, &pubKey, 1), 0);
-    ExpectIntEQ(XMEMCMP(in, pubKey.p, inlen), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_import_public(NULL, inlen, &pubKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_import_public(in, inlen, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_import_public(in, inlen - 1, &pubKey), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed448_free(&pubKey);
-#endif
-    return EXPECT_RESULT();
-} /* END wc_ed448_import_public */
-
-/*
- * Testing wc_ed448_import_private_key()
- */
-static int test_wc_ed448_import_private_key(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
-    ed448_key  key;
-    WC_RNG     rng;
-    const byte privKey[] =
-        "Ed448PrivateKeyUnitTest................................\n";
-    const byte pubKey[] =
-        "Ed448PublicKeyUnitTest.................................\n";
-    word32     privKeySz = sizeof(privKey);
-    word32     pubKeySz = sizeof(pubKey);
-#ifdef HAVE_ED448_KEY_EXPORT
-    byte       bothKeys[sizeof(privKey) + sizeof(pubKey)];
-    word32     bothKeysSz = sizeof(bothKeys);
-#endif
-
-    XMEMSET(&key, 0, sizeof(ed448_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed448_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
-
-    ExpectIntEQ(wc_ed448_import_private_key_ex(privKey, privKeySz, pubKey,
-        pubKeySz, &key, 1), 0);
-    ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
-    ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
-
-#ifdef HAVE_ED448_KEY_EXPORT
-    PRIVATE_KEY_UNLOCK();
-    ExpectIntEQ(wc_ed448_export_private(&key, bothKeys, &bothKeysSz), 0);
-    PRIVATE_KEY_LOCK();
-    ExpectIntEQ(wc_ed448_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0,
-        &key, 1), 0);
-    ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
-    ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
-#endif
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
-        &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, NULL, pubKeySz,
-        &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, pubKey,
-        pubKeySz, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey,
-        pubKeySz, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, pubKey,
-        pubKeySz - 1, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, NULL, 0, &key),
-        BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed448_import_private_key */
-
-/*
- * Testing wc_ed448_export_public() and wc_ed448_export_private_only()
- */
-static int test_wc_ed448_export(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
-    ed448_key key;
-    WC_RNG    rng;
-    byte      priv[ED448_PRV_KEY_SIZE];
-    byte      pub[ED448_PUB_KEY_SIZE];
-    word32    privSz = sizeof(priv);
-    word32    pubSz = sizeof(pub);
-
-    XMEMSET(&key, 0, sizeof(ed448_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed448_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
-
-    ExpectIntEQ(wc_ed448_export_public(&key, pub, &pubSz), 0);
-    ExpectIntEQ(pubSz, ED448_KEY_SIZE);
-    ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_export_public(NULL, pub, &pubSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_public(&key, NULL, &pubSz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_public(&key, pub, NULL), BAD_FUNC_ARG);
-
-    PRIVATE_KEY_UNLOCK();
-    ExpectIntEQ(wc_ed448_export_private_only(&key, priv, &privSz), 0);
-    ExpectIntEQ(privSz, ED448_KEY_SIZE);
-    ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_export_private_only(NULL, priv, &privSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_private_only(&key, NULL, &privSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_private_only(&key, priv, NULL), BAD_FUNC_ARG);
-    PRIVATE_KEY_LOCK();
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed448_export */
-
-/*
- *  Testing wc_ed448_size()
- */
-static int test_wc_ed448_size(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED448)
-    ed448_key key;
-    WC_RNG    rng;
-
-    XMEMSET(&key, 0, sizeof(ed448_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed448_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
-
-    ExpectIntEQ(wc_ed448_size(&key), ED448_KEY_SIZE);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_size(NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ed448_sig_size(&key), ED448_SIG_SIZE);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_sig_size(NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ed448_pub_size(&key), ED448_PUB_KEY_SIZE);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_pub_size(NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ed448_priv_size(&key), ED448_PRV_KEY_SIZE);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_priv_size(NULL), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed448_size */
-
-/*
- * Testing wc_ed448_export_private() and wc_ed448_export_key()
- */
-static int test_wc_ed448_exportKey(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
-    ed448_key key;
-    WC_RNG    rng;
-    byte      priv[ED448_PRV_KEY_SIZE];
-    byte      pub[ED448_PUB_KEY_SIZE];
-    byte      privOnly[ED448_PRV_KEY_SIZE];
-    word32    privSz      = sizeof(priv);
-    word32    pubSz       = sizeof(pub);
-    word32    privOnlySz  = sizeof(privOnly);
-
-    XMEMSET(&key, 0, sizeof(ed448_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed448_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
-
-    PRIVATE_KEY_UNLOCK();
-    ExpectIntEQ(wc_ed448_export_private(&key, privOnly, &privOnlySz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_export_private(NULL, privOnly, &privOnlySz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_private(&key, NULL, &privOnlySz), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_private(&key, privOnly, NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_key(&key, priv, NULL, pub, &pubSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, NULL),
-        BAD_FUNC_ARG);
-    PRIVATE_KEY_LOCK();
-
-    /* Cross check output. */
-    ExpectIntEQ(XMEMCMP(priv, privOnly, privSz), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ed448_exportKey */
-
-/*
- * Testing wc_Ed448PublicKeyToDer
- */
-static int test_wc_Ed448PublicKeyToDer(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
-    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
-    ed448_key key;
-    byte      derBuf[1024];
-
-    XMEMSET(&key, 0, sizeof(ed448_key));
-
-    /* Test bad args */
-    ExpectIntEQ(wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ed448_init(&key), 0);
-    ExpectIntEQ(wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0), BUFFER_E);
-    wc_ed448_free(&key);
-
-    /*  Test good args */
-    if (EXPECT_SUCCESS()) {
-        WC_RNG rng;
-
-        XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-        ExpectIntEQ(wc_ed448_init(&key), 0);
-        ExpectIntEQ(wc_InitRng(&rng), 0);
-        ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
-        /* length only */
-        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 0), 0);
-        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 1), 0);
-        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, derBuf,
-                    (word32)sizeof(derBuf), 1), 0);
-
-        DoExpectIntEQ(wc_FreeRng(&rng), 0);
-        wc_ed448_free(&key);
-    }
-#endif
-    return EXPECT_RESULT();
-} /* END testing wc_Ed448PublicKeyToDer */
-
-/*
- * Testing wc_curve448_init and wc_curve448_free.
- */
-static int test_wc_curve448_init(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE448)
-    curve448_key key;
-
-    /* Test bad args for wc_curve448_init */
-    ExpectIntEQ(wc_curve448_init(&key), 0);
-    /* Test bad args for wc_curve448_init */
-    ExpectIntEQ(wc_curve448_init(NULL), BAD_FUNC_ARG);
-
-    /* Test good args for wc_curve_448_free */
-    wc_curve448_free(&key);
-    /* Test bad args for wc_curve448_free */
-    wc_curve448_free(NULL);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve448_init and wc_curve_448_free*/
-
-/*
- * Testing wc_curve448_make_key
- */
-static int test_wc_curve448_make_key(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE448)
-    curve448_key key;
-    WC_RNG       rng;
-    int          keysize;
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve448_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
-    ExpectIntEQ(keysize = wc_curve448_size(&key), CURVE448_KEY_SIZE);
-    ExpectIntEQ(wc_curve448_make_key(&rng, keysize, &key), 0);
-
-    /* test bad cases */
-    ExpectIntEQ(wc_curve448_make_key(NULL, 0, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_make_key(&rng, keysize, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_make_key(NULL, keysize, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_make_key(&rng, 0, &key), ECC_BAD_ARG_E);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve448_make_key*/
-/*
- * Testing test_wc_curve448_shared_secret_ex
- */
-static int test_wc_curve448_shared_secret_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE448)
-    curve448_key private_key;
-    curve448_key public_key;
-    WC_RNG       rng;
-    byte         out[CURVE448_KEY_SIZE];
-    word32       outLen = sizeof(out);
-    int          endian = EC448_BIG_ENDIAN;
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve448_init(&private_key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &private_key), 0);
-
-    ExpectIntEQ(wc_curve448_init(&public_key), 0);
-    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &public_key), 0);
-    ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
-        &outLen, endian), 0);
-
-    /* test bad cases */
-    ExpectIntEQ(wc_curve448_shared_secret_ex(NULL, NULL, NULL, 0, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_shared_secret_ex(NULL, &public_key, out, &outLen,
-        endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, NULL, out, &outLen,
-        endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, NULL,
-        &outLen, endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
-        NULL, endian), BAD_FUNC_ARG);
-    outLen = outLen - 2;
-    ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
-        &outLen, endian), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve448_free(&private_key);
-    wc_curve448_free(&public_key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve448_shared_secret_ex*/
-
-/*
- * Testing test_wc_curve448_export_public_ex
- */
-static int test_wc_curve448_export_public_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE448)
-    WC_RNG        rng;
-    curve448_key  key;
-    byte          out[CURVE448_KEY_SIZE];
-    word32        outLen = sizeof(out);
-    int           endian = EC448_BIG_ENDIAN;
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve448_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
-
-    ExpectIntEQ(wc_curve448_export_public(&key, out, &outLen), 0);
-    ExpectIntEQ(wc_curve448_export_public_ex(&key, out, &outLen, endian), 0);
-    /* test bad cases*/
-    ExpectIntEQ(wc_curve448_export_public_ex(NULL, NULL, NULL, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_export_public_ex(NULL, out, &outLen, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_export_public_ex(&key, NULL, &outLen, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_export_public_ex(&key, out, NULL, endian),
-        BAD_FUNC_ARG);
-    outLen = outLen - 2;
-    ExpectIntEQ(wc_curve448_export_public_ex(&key, out, &outLen, endian),
-        ECC_BAD_ARG_E);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve448_export_public_ex*/
-
-/*
- * Testing test_wc_curve448_export_private_raw_ex
- */
-static int test_wc_curve448_export_private_raw_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE448)
-    curve448_key key;
-    byte         out[CURVE448_KEY_SIZE];
-    word32       outLen = sizeof(out);
-    int          endian = EC448_BIG_ENDIAN;
-
-    ExpectIntEQ(wc_curve448_init(&key), 0);
-    ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen, endian),
-        0);
-    /* test bad cases*/
-    ExpectIntEQ(wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, NULL, endian),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen,
-        EC448_LITTLE_ENDIAN), 0);
-    outLen = outLen - 2;
-    ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen, endian),
-        ECC_BAD_ARG_E);
-
-    wc_curve448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve448_export_private_raw_ex*/
-
-/*
- * Testing test_wc_curve448_import_private_raw_ex
- */
-static int test_wc_curve448_import_private_raw_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE448)
-    curve448_key key;
-    WC_RNG       rng;
-    byte         priv[CURVE448_KEY_SIZE];
-    byte         pub[CURVE448_KEY_SIZE];
-    word32       privSz = sizeof(priv);
-    word32       pubSz = sizeof(pub);
-    int          endian = EC448_BIG_ENDIAN;
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve448_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
-
-    ExpectIntEQ(wc_curve448_export_private_raw(&key, priv, &privSz), 0);
-    ExpectIntEQ(wc_curve448_export_public(&key, pub, &pubSz), 0);
-    ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
-        &key, endian), 0);
-    /* test bad cases */
-    ExpectIntEQ(wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz,
-        &key, endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz,
-        &key, endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
-        NULL, endian), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz,
-        &key, endian), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, 0,
-        &key, endian), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
-        &key, EC448_LITTLE_ENDIAN), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve448_import_private_raw_ex*/
-/*
- * Testing test_curve448_export_key_raw
- */
-static int test_wc_curve448_export_key_raw(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE448)
-    curve448_key key;
-    WC_RNG       rng;
-    byte         priv[CURVE448_KEY_SIZE];
-    byte         pub[CURVE448_KEY_SIZE];
-    word32       privSz = sizeof(priv);
-    word32       pubSz = sizeof(pub);
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve448_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
-
-    ExpectIntEQ(wc_curve448_export_private_raw(&key, priv, &privSz), 0);
-    ExpectIntEQ(wc_curve448_export_public(&key, pub, &pubSz), 0);
-    ExpectIntEQ(wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz),
-        0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve448_import_private_raw_ex*/
-
-/*
- * Testing test_wc_curve448_import_private
- */
-static int test_wc_curve448_import_private(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE448)
-    curve448_key key;
-    WC_RNG       rng;
-    byte         priv[CURVE448_KEY_SIZE];
-    word32       privSz = sizeof(priv);
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve448_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
-
-    ExpectIntEQ(wc_curve448_export_private_raw(&key, priv, &privSz), 0);
-    ExpectIntEQ(wc_curve448_import_private(priv, privSz, &key), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve448_import*/
-/*
- * Testing test_wc_curve448_size.
- */
-static int test_wc_curve448_size(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE448)
-    curve448_key key;
-
-    ExpectIntEQ(wc_curve448_init(&key), 0);
-
-    /*  Test good args for wc_curve448_size */
-    ExpectIntEQ(wc_curve448_size(&key), CURVE448_KEY_SIZE);
-    /* Test bad args for wc_curve448_size */
-    ExpectIntEQ(wc_curve448_size(NULL), 0);
-
-    wc_curve448_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_curve448_size*/
-
-/*
- * Testing wc_ecc_make_key.
- */
-static int test_wc_ecc_make_key(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
-    ecc_key key;
-    WC_RNG  rng;
-    int     ret;
-
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, KEY14, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_make_key(NULL, KEY14, &key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_make_key(&rng, KEY14, NULL), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&key);
-
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_make_key */
-
-
-/*
- * Testing wc_ecc_init()
- */
-static int test_wc_ecc_init(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_ECC
-    ecc_key key;
-
-    XMEMSET(&key, 0, sizeof(ecc_key));
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_init(NULL), BAD_FUNC_ARG);
-
-    wc_ecc_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_init */
-
-/*
- * Testing wc_ecc_check_key()
- */
-static int test_wc_ecc_check_key(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
-    ecc_key key;
-    WC_RNG  rng;
-    int     ret;
-
-    XMEMSET(&rng, 0, sizeof(rng));
-    XMEMSET(&key, 0, sizeof(key));
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, KEY14, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    ExpectIntEQ(wc_ecc_check_key(&key), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_check_key(NULL), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&key);
-
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_check_key */
-
-/*
- * Testing wc_ecc_get_generator()
- */
-static int test_wc_ecc_get_generator(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
-    !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
-    ecc_point* pt = NULL;
-
-    ExpectNotNull(pt = wc_ecc_new_point());
-
-    ExpectIntEQ(wc_ecc_get_generator(pt, wc_ecc_get_curve_idx(ECC_SECP256R1)),
-        MP_OKAY);
-
-    /* Test bad args. */
-    /* Returns Zero for bad arg. */
-    ExpectIntNE(wc_ecc_get_generator(pt, -1), MP_OKAY);
-    ExpectIntNE(wc_ecc_get_generator(NULL, wc_ecc_get_curve_idx(ECC_SECP256R1)),
-        MP_OKAY);
-    /* If we ever get to 1000 curves increase this number */
-    ExpectIntNE(wc_ecc_get_generator(pt, 1000), MP_OKAY);
-    ExpectIntNE(wc_ecc_get_generator(NULL, -1), MP_OKAY);
-
-    wc_ecc_del_point(pt);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_get_generator */
-
-/*
- * Testing wc_ecc_size()
- */
-static int test_wc_ecc_size(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
-    WC_RNG      rng;
-    ecc_key     key;
-    int         ret;
-
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, KEY14, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    ExpectIntEQ(wc_ecc_size(&key), KEY14);
-    /* Test bad args. */
-    /* Returns Zero for bad arg. */
-    ExpectIntEQ(wc_ecc_size(NULL), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_size */
-
-static int test_wc_ecc_params(void)
-{
-    EXPECT_DECLS;
-    /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`.
-        It was added after certifications */
-#if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-    const ecc_set_type* ecc_set;
-#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
-    /* Test for SECP256R1 curve */
-    int curve_id = ECC_SECP256R1;
-    int curve_idx;
-
-    ExpectIntNE(curve_idx = wc_ecc_get_curve_idx(curve_id), ECC_CURVE_INVALID);
-    ExpectNotNull(ecc_set = wc_ecc_get_curve_params(curve_idx));
-    ExpectIntEQ(ecc_set->id, curve_id);
-#endif
-    /* Test case when SECP256R1 is not enabled */
-    /* Test that we get curve params for index 0 */
-    ExpectNotNull(ecc_set = wc_ecc_get_curve_params(0));
-#endif /* HAVE_ECC && !HAVE_FIPS && !HAVE_SELFTEST */
-    return EXPECT_RESULT();
-}
-
-/*
- * Testing wc_ecc_sign_hash() and wc_ecc_verify_hash()
- */
-static int test_wc_ecc_signVerify_hash(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG)
-    ecc_key key;
-    WC_RNG  rng;
-    int     ret;
-#ifdef HAVE_ECC_VERIFY
-    int     verify = 0;
-#endif
-    word32  siglen = ECC_BUFSIZE;
-    byte    sig[ECC_BUFSIZE];
-    byte    adjustedSig[ECC_BUFSIZE+1];
-    byte    digest[] = TEST_STRING;
-    word32  digestlen = (word32)TEST_STRING_SZ;
-
-    /* Init stack var */
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(sig, 0, siglen);
-    XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1);
-
-    /* Init structs. */
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, KEY14, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, &key),
-        0);
-
-    /* Check bad args. */
-    ExpectIntEQ(wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, NULL, &siglen, &rng, &key),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, NULL, &rng, &key),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, NULL, &key),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, NULL),
-        ECC_BAD_ARG_E);
-
-#ifdef HAVE_ECC_VERIFY
-    ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify,
-        &key), 0);
-    ExpectIntEQ(verify, 1);
-
-    /* test check on length of signature passed in */
-    XMEMCPY(adjustedSig, sig, siglen);
-    adjustedSig[1] = adjustedSig[1] + 1; /* add 1 to length for extra byte*/
-#ifndef NO_STRICT_ECDSA_LEN
-    ExpectIntNE(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
-        &verify, &key), 0);
-#else
-    /* if NO_STRICT_ECDSA_LEN is set then extra bytes after the signature
-     * is allowed */
-    ExpectIntEQ(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
-        &verify, &key), 0);
-#endif
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_verify_hash(NULL, siglen, digest, digestlen, &verify,
-        &key), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, NULL, digestlen, &verify, &key),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, NULL, &key),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify,
-        NULL), ECC_BAD_ARG_E);
-#endif /* HAVE_ECC_VERIFY */
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&key);
-
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-#endif
-    return EXPECT_RESULT();
-} /*  END test_wc_ecc_sign_hash */
-
-
-/*
- * Testing wc_ecc_shared_secret()
- */
-static int test_wc_ecc_shared_secret(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
-    ecc_key     key;
-    ecc_key     pubKey;
-    WC_RNG      rng;
-#if defined(NO_ECC256)
-    int         ret;
-#endif
-    byte        out[KEY32];
-    int         keySz = sizeof(out);
-    word32      outlen = (word32)sizeof(out);
-
-#if defined(HAVE_ECC) && !defined(NO_ECC256)
-    const char* qx =
-        "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
-    const char* qy =
-        "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
-    const char* d  =
-        "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
-    const char* curveName = "SECP256R1";
-    const byte expected_shared_secret[] =
-        {
-            0x65, 0xc0, 0xd4, 0x61, 0x17, 0xe6, 0x09, 0x75,
-            0xf0, 0x12, 0xa0, 0x4d, 0x0b, 0x41, 0x30, 0x7a,
-            0x51, 0xf0, 0xb3, 0xaf, 0x23, 0x8f, 0x0f, 0xdf,
-            0xf1, 0xff, 0x23, 0x64, 0x28, 0xca, 0xf8, 0x06
-        };
-#endif
-
-    PRIVATE_KEY_UNLOCK();
-
-    /* Initialize variables. */
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&pubKey, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(out, 0, keySz);
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_ecc_init(&pubKey), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-#if !defined(NO_ECC256)
-    ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, curveName), 0);
-    ExpectIntEQ(wc_ecc_import_raw(&pubKey, qx, qy, NULL, curveName), 0);
-#else
-    ret = wc_ecc_make_key(&rng, keySz, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-    ret = wc_ecc_make_key(&rng, keySz, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-#endif
-
-#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
-    !defined(HAVE_SELFTEST)
-    ExpectIntEQ(wc_ecc_set_rng(&key, &rng), 0);
-#endif
-
-    ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, &outlen), 0);
-
-#if !defined(NO_ECC256)
-    ExpectIntEQ(XMEMCMP(out, expected_shared_secret, outlen), 0);
-#endif
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_shared_secret(NULL, &pubKey, out, &outlen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_shared_secret(&key, NULL, out, &outlen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, NULL),
-        BAD_FUNC_ARG);
-    /* Invalid length */
-    outlen = 1;
-    ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, &outlen),
-        BUFFER_E);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&pubKey);
-    wc_ecc_free(&key);
-
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-
-    PRIVATE_KEY_LOCK();
-#endif
-    return EXPECT_RESULT();
-} /* END tests_wc_ecc_shared_secret */
-
-/*
- * testint wc_ecc_export_x963()
- */
-static int test_wc_ecc_export_x963(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
-    ecc_key key;
-    WC_RNG  rng;
-    byte    out[ECC_ASN963_MAX_BUF_SZ];
-    word32  outlen = sizeof(out);
-    int     ret;
-
-    PRIVATE_KEY_UNLOCK();
-
-    /* Initialize variables. */
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(out, 0, outlen);
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, KEY20, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_export_x963(NULL, out, &outlen), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_export_x963(&key, NULL, &outlen), LENGTH_ONLY_E);
-    ExpectIntEQ(wc_ecc_export_x963(&key, out, NULL), ECC_BAD_ARG_E);
-    key.idx = -4;
-    ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), ECC_BAD_ARG_E);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&key);
-
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-
-    PRIVATE_KEY_LOCK();
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_export_x963 */
-
-/*
- * Testing wc_ecc_export_x963_ex()
- * compile with --enable-compkey will use compression.
- */
-static int test_wc_ecc_export_x963_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
-    ecc_key key;
-    WC_RNG  rng;
-    int     ret;
-    byte    out[ECC_ASN963_MAX_BUF_SZ];
-    word32  outlen = sizeof(out);
-    #ifdef HAVE_COMP_KEY
-        word32  badOutLen = 5;
-    #endif
-
-    /* Init stack variables. */
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(out, 0, outlen);
-    PRIVATE_KEY_UNLOCK();
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, KEY64, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-#ifdef HAVE_COMP_KEY
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, COMP), 0);
-#else
-    ExpectIntEQ(ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP), 0);
-#endif
-
-    /* Test bad args. */
-#ifdef HAVE_COMP_KEY
-    ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, COMP), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, COMP), BAD_FUNC_ARG);
-#if defined(HAVE_FIPS) && (!defined(FIPS_VERSION_LT) || FIPS_VERSION_LT(5,3))
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP), BUFFER_E);
-#else
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP),
-        LENGTH_ONLY_E);
-#endif
-    key.idx = -4;
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, COMP), ECC_BAD_ARG_E);
-#else
-    ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP),
-        LENGTH_ONLY_E);
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, 1), NOT_COMPILED_IN);
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP),
-        ECC_BAD_ARG_E);
-    key.idx = -4;
-    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP),
-        ECC_BAD_ARG_E);
-#endif
-    PRIVATE_KEY_LOCK();
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&key);
-
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_export_x963_ex */
-
-/*
- * testing wc_ecc_import_x963()
- */
-static int test_wc_ecc_import_x963(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
-    defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
-    ecc_key pubKey;
-    ecc_key key;
-    WC_RNG  rng;
-    byte    x963[ECC_ASN963_MAX_BUF_SZ];
-    word32  x963Len = (word32)sizeof(x963);
-    int     ret;
-
-    /* Init stack variables. */
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&pubKey, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(x963, 0, x963Len);
-
-    ExpectIntEQ(wc_ecc_init(&pubKey), 0);
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-#if FIPS_VERSION3_GE(6,0,0)
-    ret = wc_ecc_make_key(&rng, KEY32, &key);
-#else
-    ret = wc_ecc_make_key(&rng, KEY24, &key);
-#endif
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-
-    ExpectIntEQ(ret, 0);
-
-    PRIVATE_KEY_UNLOCK();
-    ExpectIntEQ(wc_ecc_export_x963(&key, x963, &x963Len), 0);
-    PRIVATE_KEY_LOCK();
-
-    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, &pubKey), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_import_x963(NULL, x963Len, &pubKey), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len + 1, &pubKey), ECC_BAD_ARG_E);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&key);
-    wc_ecc_free(&pubKey);
-
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-#endif
-    return EXPECT_RESULT();
-} /* END wc_ecc_import_x963 */
-
-/*
- * testing wc_ecc_import_private_key()
- */
-static int test_wc_ecc_import_private_key(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
-    defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
-    ecc_key key;
-    ecc_key keyImp;
-    WC_RNG  rng;
-    byte    privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/
-    byte    x963Key[ECC_ASN963_MAX_BUF_SZ];
-    word32  privKeySz = (word32)sizeof(privKey);
-    word32  x963KeySz = (word32)sizeof(x963Key);
-    int     ret;
-
-    /* Init stack variables. */
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&keyImp, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(privKey, 0, privKeySz);
-    XMEMSET(x963Key, 0, x963KeySz);
-    PRIVATE_KEY_UNLOCK();
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_ecc_init(&keyImp), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, KEY48, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    PRIVATE_KEY_UNLOCK();
-    ExpectIntEQ(wc_ecc_export_x963(&key, x963Key, &x963KeySz), 0);
-    PRIVATE_KEY_LOCK();
-    ExpectIntEQ(wc_ecc_export_private_only(&key, privKey, &privKeySz), 0);
-
-    ExpectIntEQ(wc_ecc_import_private_key(privKey, privKeySz, x963Key,
-        x963KeySz, &keyImp), 0);
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_import_private_key(privKey, privKeySz, x963Key,
-        x963KeySz, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_private_key(NULL, privKeySz, x963Key, x963KeySz,
-        &keyImp), BAD_FUNC_ARG);
-    PRIVATE_KEY_LOCK();
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&keyImp);
-    wc_ecc_free(&key);
-
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_import_private_key */
-
-
-/*
- * Testing wc_ecc_export_private_only()
- */
-static int test_wc_ecc_export_private_only(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
-    ecc_key key;
-    WC_RNG  rng;
-    byte    out[ECC_PRIV_KEY_BUF];
-    word32  outlen = sizeof(out);
-    int     ret;
-
-    /* Init stack variables. */
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(out, 0, outlen);
-    PRIVATE_KEY_UNLOCK();
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, KEY32, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    ExpectIntEQ(wc_ecc_export_private_only(&key, out, &outlen), 0);
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_export_private_only(NULL, out, &outlen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_export_private_only(&key, NULL, &outlen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_export_private_only(&key, out, NULL), BAD_FUNC_ARG);
-    PRIVATE_KEY_LOCK();
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&key);
-
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_export_private_only */
-
-
-/*
- * Testing wc_ecc_rs_to_sig()
- */
-static int test_wc_ecc_rs_to_sig(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(NO_ASN)
-    /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
-    const char* R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
-    const char* S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
-    const char* zeroStr = "0";
-    byte        sig[ECC_MAX_SIG_SIZE];
-    word32      siglen = (word32)sizeof(sig);
-    /* R and S max size is the order of curve. 2^192.*/
-    int         keySz = KEY24;
-    byte        r[KEY24];
-    byte        s[KEY24];
-    word32      rlen = (word32)sizeof(r);
-    word32      slen = (word32)sizeof(s);
-
-    /* Init stack variables. */
-    XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
-    XMEMSET(r, 0, keySz);
-    XMEMSET(s, 0, keySz);
-
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, &siglen), 0);
-    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_rs_to_sig(NULL, S, sig, &siglen), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, NULL, sig, &siglen), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, NULL), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, NULL, &siglen), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen), MP_ZERO_E);
-    ExpectIntEQ(wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen), MP_ZERO_E);
-    ExpectIntEQ(wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL),
-        ECC_BAD_ARG_E);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_rs_to_sig */
-
-static int test_wc_ecc_import_raw(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(NO_ECC256)
-    ecc_key     key;
-    const char* qx =
-        "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
-    const char* qy =
-        "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
-    const char* d  =
-        "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
-    const char* curveName = "SECP256R1";
-#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
-    const char* kNullStr = "";
-    int ret;
-#endif
-
-    XMEMSET(&key, 0, sizeof(ecc_key));
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-
-    /* Test good import */
-    ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, curveName), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_import_raw(NULL, qx, qy, d, curveName), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_raw(&key, NULL, qy, d, curveName), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_raw(&key, qx, NULL, d, curveName), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, NULL), BAD_FUNC_ARG);
-#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
-    #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
-        wc_ecc_free(&key);
-    #endif
-    ExpectIntLT(ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr,
-        curveName), 0);
-    ExpectTrue((ret == ECC_INF_E) || (ret == BAD_FUNC_ARG));
-#endif
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
-        wc_ecc_free(&key);
-    #endif
-#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
-    ExpectIntLT(ret = wc_ecc_import_raw(&key, "0", qy, d, curveName), 0);
-    ExpectTrue((ret == BAD_FUNC_ARG) || (ret == MP_VAL));
-#else
-    ExpectIntEQ(wc_ecc_import_raw(&key, "0", qy, d, curveName), 0);
-#endif
-    #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
-        wc_ecc_free(&key);
-    #endif
-#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
-    ExpectIntLT(ret = wc_ecc_import_raw(&key, qx, "0", d, curveName), 0);
-    ExpectTrue((ret == BAD_FUNC_ARG) || (ret == MP_VAL));
-#else
-    ExpectIntEQ(wc_ecc_import_raw(&key, qx, "0", d, curveName), 0);
-#endif
-    #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
-        wc_ecc_free(&key);
-    #endif
-    ExpectIntEQ(wc_ecc_import_raw(&key, "0", "0", d, curveName), ECC_INF_E);
-#endif
-
-    wc_ecc_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_import_raw */
-
-static int test_wc_ecc_import_unsigned(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
-     HAVE_FIPS_VERSION >= 2))
-    ecc_key    key;
-    const byte qx[] = {
-        0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6,
-        0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36,
-        0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa,
-        0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61
-    };
-    const byte qy[] = {
-        0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a,
-        0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf,
-        0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8,
-        0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8
-    };
-    const byte d[] = {
-        0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85,
-        0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac,
-        0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c,
-        0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c
-    };
-#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
-    const byte nullBytes[32] = {0};
-    int ret;
-#endif
-    int        curveId = ECC_SECP256R1;
-
-    XMEMSET(&key, 0, sizeof(ecc_key));
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-
-    ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
-        curveId), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d,
-        curveId), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d,
-        curveId), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d,
-        curveId), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
-        ECC_CURVE_INVALID), BAD_FUNC_ARG);
-#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
-    ExpectIntLT(ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes,
-        (byte*)nullBytes, (byte*)nullBytes, curveId), 0);
-    ExpectTrue((ret == ECC_INF_E) || (ret == BAD_FUNC_ARG));
-#endif
-
-    wc_ecc_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_import_unsigned */
-
-
-/*
- * Testing wc_ecc_sig_size()
- */
-static int test_wc_ecc_sig_size(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
-    ecc_key key;
-    WC_RNG  rng;
-    int     keySz = KEY16;
-    int     ret;
-
-    XMEMSET(&rng, 0, sizeof(rng));
-    XMEMSET(&key, 0, sizeof(key));
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, keySz, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    ExpectIntLE(wc_ecc_sig_size(&key),
-         (2 * keySz + SIG_HEADER_SZ + ECC_MAX_PAD_SZ));
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_sig_size */
-
-/*
- * Testing wc_ecc_ctx_new()
- */
-static int test_wc_ecc_ctx_new(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
-    WC_RNG    rng;
-    ecEncCtx* cli = NULL;
-    ecEncCtx* srv = NULL;
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectNotNull(cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng));
-    ExpectNotNull(srv = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng));
-    wc_ecc_ctx_free(cli);
-    cli = NULL;
-    wc_ecc_ctx_free(srv);
-
-    /* Test bad args. */
-    /* wc_ecc_ctx_new_ex() will free if returned NULL. */
-    ExpectNull(cli = wc_ecc_ctx_new(0, &rng));
-    ExpectNull(cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, NULL));
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_ctx_free(cli);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_ctx_new */
-
-/*
- * Tesing wc_ecc_reset()
- */
-static int test_wc_ecc_ctx_reset(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
-    ecEncCtx* ctx = NULL;
-    WC_RNG    rng;
-
-    XMEMSET(&rng, 0, sizeof(rng));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectNotNull(ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng));
-
-    ExpectIntEQ(wc_ecc_ctx_reset(ctx, &rng), 0);
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_ctx_reset(NULL, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_ctx_reset(ctx, NULL), BAD_FUNC_ARG);
-
-    wc_ecc_ctx_free(ctx);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_ctx_reset */
-
-/*
- * Testing wc_ecc_ctx_set_peer_salt() and wc_ecc_ctx_get_own_salt()
- */
-static int test_wc_ecc_ctx_set_peer_salt(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
-    WC_RNG      rng;
-    ecEncCtx*   cliCtx      = NULL;
-    ecEncCtx*   servCtx     = NULL;
-    const byte* cliSalt     = NULL;
-    const byte* servSalt    = NULL;
-
-    XMEMSET(&rng, 0, sizeof(rng));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectNotNull(cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng));
-    ExpectNotNull(servCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng));
-
-    /* Test bad args. */
-    ExpectNull(cliSalt = wc_ecc_ctx_get_own_salt(NULL));
-
-    ExpectNotNull(cliSalt = wc_ecc_ctx_get_own_salt(cliCtx));
-    ExpectNotNull(servSalt = wc_ecc_ctx_get_own_salt(servCtx));
-
-    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, servSalt), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(NULL, servSalt), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, NULL), BAD_FUNC_ARG);
-
-    wc_ecc_ctx_free(cliCtx);
-    wc_ecc_ctx_free(servCtx);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-
-} /* END test_wc_ecc_ctx_set_peer_salt */
-
-/*
- * Testing wc_ecc_ctx_set_info()
- */
-static int test_wc_ecc_ctx_set_info(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
-    ecEncCtx*   ctx = NULL;
-    WC_RNG      rng;
-    const char* optInfo = "Optional Test Info.";
-    int         optInfoSz = (int)XSTRLEN(optInfo);
-    const char* badOptInfo = NULL;
-
-    XMEMSET(&rng, 0, sizeof(rng));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectNotNull(ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng));
-
-    ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1), BAD_FUNC_ARG);
-
-    wc_ecc_ctx_free(ctx);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_ctx_set_info */
-
-/*
- * Testing wc_ecc_encrypt() and wc_ecc_decrypt()
- */
-static int test_wc_ecc_encryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \
-    defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
-    ecc_key     srvKey;
-    ecc_key     cliKey;
-    ecc_key     tmpKey;
-    WC_RNG      rng;
-    int         ret;
-    const char* msg   = "EccBlock Size 16";
-    word32      msgSz = (word32)XSTRLEN("EccBlock Size 16");
-#ifdef WOLFSSL_ECIES_OLD
-    byte        out[(sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE];
-#elif defined(WOLFSSL_ECIES_GEN_IV)
-    byte        out[KEY20 * 2 + 1 + AES_BLOCK_SIZE +
-                    (sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE];
-#else
-    byte        out[KEY20 * 2 + 1 + (sizeof("EccBlock Size 16") - 1) +
-                    WC_SHA256_DIGEST_SIZE];
-#endif
-    word32      outSz = (word32)sizeof(out);
-    byte        plain[sizeof("EccBlock Size 16")];
-    word32      plainSz = (word32)sizeof(plain);
-    int         keySz = KEY20;
-
-    /* Init stack variables. */
-    XMEMSET(out, 0, outSz);
-    XMEMSET(plain, 0, plainSz);
-    XMEMSET(&rng, 0, sizeof(rng));
-    XMEMSET(&srvKey, 0, sizeof(ecc_key));
-    XMEMSET(&cliKey, 0, sizeof(ecc_key));
-    XMEMSET(&tmpKey, 0, sizeof(ecc_key));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ecc_init(&cliKey), 0);
-    ret = wc_ecc_make_key(&rng, keySz, &cliKey);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    ExpectIntEQ(wc_ecc_init(&srvKey), 0);
-    ret = wc_ecc_make_key(&rng, keySz, &srvKey);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &srvKey.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    ExpectIntEQ(wc_ecc_init(&tmpKey), 0);
-
-#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
-    !defined(HAVE_SELFTEST)
-    ExpectIntEQ(wc_ecc_set_rng(&srvKey, &rng), 0);
-    ExpectIntEQ(wc_ecc_set_rng(&cliKey, &rng), 0);
-#endif
-
-    ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
-        &outSz, NULL), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out, &outSz,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out, &outSz,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out, &outSz,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL,
-        &outSz, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out, NULL,
-        NULL), BAD_FUNC_ARG);
-
-#ifdef WOLFSSL_ECIES_OLD
-    tmpKey.dp = cliKey.dp;
-    ExpectIntEQ(wc_ecc_copy_point(&cliKey.pubkey, &tmpKey.pubkey), 0);
-#endif
-
-    ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, &plainSz,
-         NULL), 0);
-    ExpectIntEQ(wc_ecc_decrypt(NULL, &tmpKey, out, outSz, plain, &plainSz,
-         NULL), BAD_FUNC_ARG);
-#ifdef WOLFSSL_ECIES_OLD
-    /* NULL parameter allowed in new implementations - public key comes from
-     * the message. */
-    ExpectIntEQ(wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain, &plainSz,
-        NULL), BAD_FUNC_ARG);
-#endif
-    ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, NULL, outSz, plain, &plainSz,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, NULL, &plainSz,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, NULL, NULL),
-        BAD_FUNC_ARG);
-
-    ExpectIntEQ(XMEMCMP(msg, plain, msgSz), 0);
-
-    wc_ecc_free(&tmpKey);
-    wc_ecc_free(&srvKey);
-    wc_ecc_free(&cliKey);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_encryptDecrypt */
-
-/*
- * Testing wc_ecc_del_point() and wc_ecc_new_point()
- */
-static int test_wc_ecc_del_point(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC)
-    ecc_point* pt = NULL;
-
-    ExpectNotNull(pt = wc_ecc_new_point());
-    wc_ecc_del_point(pt);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_del_point */
-
-/*
- * Testing wc_ecc_point_is_at_infinity(), wc_ecc_export_point_der(),
- * wc_ecc_import_point_der(), wc_ecc_copy_point(), wc_ecc_point_is_on_curve(),
- * and wc_ecc_cmp_point()
- */
-static int test_wc_ecc_pointFns(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
-    !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
-    !defined(WOLFSSL_ATECC608A)
-    ecc_key    key;
-    WC_RNG     rng;
-    int        ret;
-    ecc_point* point = NULL;
-    ecc_point* cpypt = NULL;
-    int        idx = 0;
-    int        keySz = KEY32;
-    byte       der[DER_SZ(KEY32)];
-    word32     derlenChk = 0;
-    word32     derSz = DER_SZ(KEY32);
-
-    /* Init stack variables. */
-    XMEMSET(der, 0, derSz);
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ret = wc_ecc_make_key(&rng, keySz, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    ExpectNotNull(point = wc_ecc_new_point());
-    ExpectNotNull(cpypt = wc_ecc_new_point());
-
-    /* Export */
-    ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, NULL,
-        &derlenChk), LENGTH_ONLY_E);
-    /* Check length value. */
-    ExpectIntEQ(derSz, derlenChk);
-    ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der,
-        &derSz), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der,
-        NULL), ECC_BAD_ARG_E);
-
-    /* Import */
-    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, point), 0);
-    ExpectIntEQ(wc_ecc_cmp_point(&key.pubkey, point), 0);
-    /* Test bad args. */
-    ExpectIntEQ( wc_ecc_import_point_der(NULL, derSz, idx, point),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, NULL), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, -1, point), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_import_point_der(der, derSz + 1, idx, point),
-        ECC_BAD_ARG_E);
-
-    /* Copy */
-    ExpectIntEQ(wc_ecc_copy_point(point, cpypt), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_copy_point(NULL, cpypt), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_copy_point(point, NULL), ECC_BAD_ARG_E);
-
-    /* Compare point */
-    ExpectIntEQ(wc_ecc_cmp_point(point, cpypt), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_cmp_point(NULL, cpypt), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_cmp_point(point, NULL), BAD_FUNC_ARG);
-
-    /* At infinity if return == 1, otherwise return == 0. */
-    ExpectIntEQ(wc_ecc_point_is_at_infinity(point), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_point_is_at_infinity(NULL), BAD_FUNC_ARG);
-
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
-#ifdef USE_ECC_B_PARAM
-    /* On curve if ret == 0 */
-    ExpectIntEQ(wc_ecc_point_is_on_curve(point, idx), 0);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_point_is_on_curve(NULL, idx), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_point_is_on_curve(point, 1000), ECC_BAD_ARG_E);
-#endif /* USE_ECC_B_PARAM */
-#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
-
-    /* Free */
-    wc_ecc_del_point(point);
-    wc_ecc_del_point(cpypt);
-    wc_ecc_free(&key);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_pointFns */
-
-
-/*
- * Testing wc_ecc_shared_secret_ssh()
- */
-static int test_wc_ecc_shared_secret_ssh(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
-    !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
-    !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
-    !defined(WOLFSSL_CRYPTOCELL)
-    ecc_key key;
-    ecc_key key2;
-    WC_RNG  rng;
-    int     ret;
-    int     keySz = KEY32;
-#if FIPS_VERSION3_GE(6,0,0)
-    int     key2Sz = KEY28;
-#else
-    int     key2Sz = KEY24;
-#endif
-    byte    secret[KEY32];
-    word32  secretLen = (word32)keySz;
-
-    /* Init stack variables. */
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&key2, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(secret, 0, secretLen);
-    PRIVATE_KEY_UNLOCK();
-
-    /* Make keys */
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, keySz, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-
-    ExpectIntEQ(wc_ecc_init(&key2), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, key2Sz, &key2);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
-    !defined(HAVE_SELFTEST)
-    ExpectIntEQ(wc_ecc_set_rng(&key, &rng), 0);
-#endif
-
-    ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret,
-        &secretLen), 0);
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret,
-        &secretLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL),
-        BAD_FUNC_ARG);
-    key.type = ECC_PUBLICKEY;
-    ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret,
-        &secretLen), ECC_BAD_ARG_E);
-    PRIVATE_KEY_LOCK();
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&key);
-    wc_ecc_free(&key2);
-
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_shared_secret_ssh */
-
-/*
- * Testing wc_ecc_verify_hash_ex() and wc_ecc_verify_hash_ex()
- */
-static int test_wc_ecc_verify_hash_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
-    && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
-       !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_KCAPI_ECC)
-    ecc_key       key;
-    WC_RNG        rng;
-    int           ret;
-    mp_int        r;
-    mp_int        s;
-    mp_int        z;
-    unsigned char hash[] = "Everyone gets Friday off.EccSig";
-    unsigned char iHash[] = "Everyone gets Friday off.......";
-    unsigned char shortHash[] = TEST_STRING;
-    word32        hashlen = sizeof(hash);
-    word32        iHashLen = sizeof(iHash);
-    word32        shortHashLen = sizeof(shortHash);
-    int           keySz = KEY32;
-    int           verify_ok = 0;
-
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(&r, 0, sizeof(mp_int));
-    XMEMSET(&s, 0, sizeof(mp_int));
-    XMEMSET(&z, 0, sizeof(mp_int));
-
-    /* Initialize r, s and z. */
-    ExpectIntEQ(mp_init_multi(&r, &s, &z, NULL, NULL, NULL), MP_OKAY);
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, keySz, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, &s), 0);
-    /* verify_ok should be 1. */
-    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &verify_ok, &key),
-        0);
-    ExpectIntEQ(verify_ok, 1);
-
-    /* verify_ok should be 0 */
-    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, iHash, iHashLen, &verify_ok,
-        &key), 0);
-    ExpectIntEQ(verify_ok, 0);
-
-    /* verify_ok should be 0. */
-    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
-        &verify_ok, &key), 0);
-    ExpectIntEQ(verify_ok, 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL),
-        ECC_BAD_ARG_E);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen,
-        &verify_ok, &key), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen,
-        &verify_ok, &key), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_verify_hash_ex(&z, &s, shortHash, shortHashLen,
-        &verify_ok, &key), MP_ZERO_E);
-    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &z, shortHash, shortHashLen,
-        &verify_ok, &key), MP_ZERO_E);
-    ExpectIntEQ(wc_ecc_verify_hash_ex(&z, &z, shortHash, shortHashLen,
-        &verify_ok, &key), MP_ZERO_E);
-    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok,
-        &key), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, NULL,
-        &key), ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
-        &verify_ok, NULL), ECC_BAD_ARG_E);
-
-    wc_ecc_free(&key);
-    mp_free(&r);
-    mp_free(&s);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_verify_hash_ex */
-
-/*
- * Testing wc_ecc_mulmod()
- */
-
-static int test_wc_ecc_mulmod(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
-    !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
-      defined(WOLFSSL_VALIDATE_ECC_IMPORT))
-    ecc_key     key1;
-    ecc_key     key2;
-    ecc_key     key3;
-    WC_RNG      rng;
-    int         ret;
-
-    XMEMSET(&key1, 0, sizeof(ecc_key));
-    XMEMSET(&key2, 0, sizeof(ecc_key));
-    XMEMSET(&key3, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ecc_init(&key1), 0);
-    ExpectIntEQ(wc_ecc_init(&key2), 0);
-    ExpectIntEQ(wc_ecc_init(&key3), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, KEY32, &key1);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key1.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-
-    ExpectIntEQ(wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy,
-        key1.dp->Af, ECC_SECP256R1), 0);
-    ExpectIntEQ(wc_ecc_import_raw_ex(&key3, key1.dp->Gx, key1.dp->Gy,
-        key1.dp->prime, ECC_SECP256R1), 0);
-
-    ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey,
-        &key3.pubkey, wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3),
-        1), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey,
-        wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), NULL, &key3.pubkey,
-        wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey, NULL,
-        wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
-        ECC_BAD_ARG_E);
-    ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey,
-        &key3.pubkey, wc_ecc_key_get_priv(&key2), NULL, 1), ECC_BAD_ARG_E);
-
-    wc_ecc_free(&key1);
-    wc_ecc_free(&key2);
-    wc_ecc_free(&key3);
-
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-#endif /* HAVE_ECC && !WOLFSSL_ATECC508A */
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_mulmod */
-
-/*
- * Testing wc_ecc_is_valid_idx()
- */
-static int test_wc_ecc_is_valid_idx(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
-    ecc_key key;
-    WC_RNG  rng;
-    int     ret;
-    int     iVal = -2;
-    int     iVal2 = 3000;
-
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, 32, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    ExpectIntEQ(wc_ecc_is_valid_idx(key.idx), 1);
-    /* Test bad args. */
-    ExpectIntEQ(wc_ecc_is_valid_idx(iVal), 0);
-    ExpectIntEQ(wc_ecc_is_valid_idx(iVal2), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&key);
-
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_is_valid_idx */
-
-/*
- * Testing wc_ecc_get_curve_id_from_oid()
- */
-static int test_wc_ecc_get_curve_id_from_oid(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
-    !defined(HAVE_FIPS)
-    const byte oid[] = {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07};
-    word32 len = sizeof(oid);
-
-    /* Bad Cases */
-    ExpectIntEQ(wc_ecc_get_curve_id_from_oid(NULL, len), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_get_curve_id_from_oid(oid, 0), ECC_CURVE_INVALID);
-    /* Good Case */
-    ExpectIntEQ(wc_ecc_get_curve_id_from_oid(oid, len), ECC_SECP256R1);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_get_curve_id_from_oid */
-
-/*
- * Testing wc_ecc_sig_size_calc()
- */
-static int test_wc_ecc_sig_size_calc(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST)
-    ecc_key key;
-    WC_RNG  rng;
-    int     sz = 0;
-    int     ret;
-
-    XMEMSET(&key, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ecc_init(&key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ret = wc_ecc_make_key(&rng, 16, &key);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-#if FIPS_VERSION3_GE(6,0,0)
-    ExpectIntEQ(ret, BAD_FUNC_ARG);
-#else
-    ExpectIntEQ(ret, 0);
-#endif
-#if FIPS_VERSION3_LT(6,0,0)
-    sz = key.dp->size;
-    ExpectIntGT(wc_ecc_sig_size_calc(sz), 0);
-#else
-    (void) sz;
-#endif
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ecc_free(&key);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_ecc_sig_size_calc */
-
-/*
- * Testing wc_ecc_sm2_make_key()
- */
-static int test_wc_ecc_sm2_make_key(void)
-{
-    int res = TEST_SKIPPED;
-#if defined(HAVE_ECC) && defined(WOLFSSL_SM2)
-    EXPECT_DECLS;
-    WC_RNG  rng[1];
-    ecc_key key[1];
-
-    XMEMSET(rng, 0, sizeof(*rng));
-    XMEMSET(key, 0, sizeof(*key));
-
-    ExpectIntEQ(wc_InitRng(rng), 0);
-    ExpectIntEQ(wc_ecc_init(key), 0);
-
-    /* Test invalid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_make_key(NULL, NULL, WC_ECC_FLAG_NONE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_make_key(rng, NULL, WC_ECC_FLAG_NONE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_make_key(NULL, key, WC_ECC_FLAG_NONE),
-        BAD_FUNC_ARG);
-
-    /* Test valid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
-    ExpectIntEQ(key->dp->id, ECC_SM2P256V1);
-
-    wc_ecc_free(key);
-    wc_FreeRng(rng);
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-}
-
-/*
- * Testing wc_ecc_sm2_shared_secret()
- */
-static int test_wc_ecc_sm2_shared_secret(void)
-{
-    int res = TEST_SKIPPED;
-#if defined(HAVE_ECC) && defined(WOLFSSL_SM2)
-    EXPECT_DECLS;
-    WC_RNG  rng[1];
-    ecc_key keyA[1];
-    ecc_key keyB[1];
-    byte outA[32];
-    byte outB[32];
-    word32 outALen = 32;
-    word32 outBLen = 32;
-
-    XMEMSET(rng, 0, sizeof(*rng));
-    XMEMSET(keyA, 0, sizeof(*keyA));
-    XMEMSET(keyB, 0, sizeof(*keyB));
-
-    ExpectIntEQ(wc_InitRng(rng), 0);
-    ExpectIntEQ(wc_ecc_init(keyA), 0);
-    ExpectIntEQ(wc_ecc_init(keyB), 0);
-    ExpectIntEQ(wc_ecc_sm2_make_key(rng, keyA, WC_ECC_FLAG_NONE), 0);
-    ExpectIntEQ(wc_ecc_sm2_make_key(rng, keyB, WC_ECC_FLAG_NONE), 0);
-
-#ifdef ECC_TIMING_RESISTANT
-    ExpectIntEQ(wc_ecc_set_rng(keyA, rng), 0);
-    ExpectIntEQ(wc_ecc_set_rng(keyB, rng), 0);
-#endif
-
-    /* Test invalid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, outA, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, &outALen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, outA, &outALen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, outA, &outALen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, NULL, &outALen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, NULL), BAD_FUNC_ARG);
-
-    /* Test valid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, &outALen), 0);
-    ExpectIntLE(outALen, 32);
-    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyB, keyA, outB, &outBLen), 0);
-    ExpectIntLE(outBLen, 32);
-    ExpectIntEQ(outALen, outBLen);
-    ExpectBufEQ(outA, outB, outALen);
-
-    wc_ecc_free(keyB);
-    wc_ecc_free(keyA);
-    wc_FreeRng(rng);
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-}
-
-/*
- * Testing wc_ecc_sm2_create_digest()
- */
-static int test_wc_ecc_sm2_create_digest(void)
-{
-    int res = TEST_SKIPPED;
-#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && !defined(NO_HASH_WRAPPER) && \
-    (defined(WOLFSSL_SM3) || !defined(NO_SHA256))
-    EXPECT_DECLS;
-    ecc_key key[1];
-    enum wc_HashType hashType;
-    unsigned char pub[] = {
-        0x04,
-        0x63, 0x7F, 0x1B, 0x13, 0x50, 0x36, 0xC9, 0x33,
-        0xDC, 0x3F, 0x7A, 0x8E, 0xBB, 0x1B, 0x7B, 0x2F,
-        0xD1, 0xDF, 0xBD, 0x26, 0x8D, 0x4F, 0x89, 0x4B,
-        0x5A, 0xD4, 0x7D, 0xBD, 0xBE, 0xCD, 0x55, 0x8F,
-        0xE8, 0x81, 0x01, 0xD0, 0x80, 0x48, 0xE3, 0x6C,
-        0xCB, 0xF6, 0x1C, 0xA3, 0x8D, 0xDF, 0x7A, 0xBA,
-        0x54, 0x2B, 0x44, 0x86, 0xE9, 0x9E, 0x49, 0xF3,
-        0xA7, 0x47, 0x0A, 0x85, 0x7A, 0x09, 0x64, 0x33
-    };
-    unsigned char id[] = {
-        0x01, 0x02, 0x03,
-    };
-    unsigned char msg[] = {
-        0x01, 0x02, 0x03,
-    };
-    unsigned char hash[32];
-#ifdef WOLFSSL_SM3
-    unsigned char expHash[32] = {
-        0xc1, 0xdd, 0x92, 0xc5, 0x60, 0xd3, 0x94, 0x28,
-        0xeb, 0x0f, 0x57, 0x79, 0x3f, 0xc9, 0x96, 0xc5,
-        0xfa, 0xf5, 0x90, 0xb2, 0x64, 0x2f, 0xaf, 0x9c,
-        0xc8, 0x57, 0x21, 0x6a, 0x52, 0x7e, 0xf1, 0x95
-    };
-#else
-    unsigned char expHash[32] = {
-        0xea, 0x41, 0x55, 0x21, 0x61, 0x00, 0x5c, 0x9a,
-        0x57, 0x35, 0x6b, 0x49, 0xca, 0x8f, 0x65, 0xc2,
-        0x0e, 0x29, 0x0c, 0xa0, 0x1d, 0xa7, 0xc4, 0xed,
-        0xdd, 0x51, 0x12, 0xf6, 0xe7, 0x55, 0xc5, 0xf4
-    };
-#endif
-
-#ifdef WOLFSSL_SM3
-    hashType = WC_HASH_TYPE_SM3;
-#else
-    hashType = WC_HASH_TYPE_SHA256;
-#endif
-
-    XMEMSET(key, 0, sizeof(*key));
-
-    ExpectIntEQ(wc_ecc_init(key), 0);
-
-    /* Test with no curve set. */
-    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, hash, sizeof(hash), key), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
-
-    /* Test invalid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
-        hashType, NULL, sizeof(hash), NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), NULL, sizeof(msg),
-        hashType, NULL, sizeof(hash), NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), msg, sizeof(msg),
-        hashType, NULL, sizeof(hash), NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
-        hashType, hash, sizeof(hash), NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
-        hashType, NULL, sizeof(hash), key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), msg, sizeof(msg),
-        hashType, hash, sizeof(hash), key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), NULL, sizeof(msg),
-        hashType, hash, sizeof(hash), key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, NULL, sizeof(hash), key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, hash, sizeof(hash), NULL), BAD_FUNC_ARG);
-
-    /* Bad hash type. */
-    /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        -1, hash, 0, key), BAD_FUNC_ARG);
-    /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    /* Bad hash size. */
-    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, hash, 0, key), BUFFER_E);
-
-    /* Test valid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
-        hashType, hash, sizeof(hash), key), 0);
-    ExpectBufEQ(hash, expHash, sizeof(expHash));
-
-    wc_ecc_free(key);
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-}
-/*
- * Testing wc_ecc_sm2_verify_hash_ex()
- */
-static int test_wc_ecc_sm2_verify_hash_ex(void)
-{
-    int res = TEST_SKIPPED;
-#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_VERIFY) && \
-    defined(WOLFSSL_PUBLIC_MP)
-    EXPECT_DECLS;
-    ecc_key key[1];
-    mp_int r[1];
-    mp_int s[1];
-    int verified;
-    unsigned char pub[] = {
-        0x04,
-        0x63, 0x7F, 0x1B, 0x13, 0x50, 0x36, 0xC9, 0x33,
-        0xDC, 0x3F, 0x7A, 0x8E, 0xBB, 0x1B, 0x7B, 0x2F,
-        0xD1, 0xDF, 0xBD, 0x26, 0x8D, 0x4F, 0x89, 0x4B,
-        0x5A, 0xD4, 0x7D, 0xBD, 0xBE, 0xCD, 0x55, 0x8F,
-        0xE8, 0x81, 0x01, 0xD0, 0x80, 0x48, 0xE3, 0x6C,
-        0xCB, 0xF6, 0x1C, 0xA3, 0x8D, 0xDF, 0x7A, 0xBA,
-        0x54, 0x2B, 0x44, 0x86, 0xE9, 0x9E, 0x49, 0xF3,
-        0xA7, 0x47, 0x0A, 0x85, 0x7A, 0x09, 0x64, 0x33
-    };
-    unsigned char hash[] = {
-        0x3B, 0xFA, 0x5F, 0xFB, 0xC4, 0x27, 0x8C, 0x9D,
-        0x02, 0x3A, 0x19, 0xCB, 0x1E, 0xAA, 0xD2, 0xF1,
-        0x50, 0x69, 0x5B, 0x20
-    };
-    unsigned char rData[] = {
-        0xD2, 0xFC, 0xA3, 0x88, 0xE3, 0xDF, 0xA3, 0x00,
-        0x73, 0x9B, 0x3C, 0x2A, 0x0D, 0xAD, 0x44, 0xA2,
-        0xFC, 0x62, 0xD5, 0x6B, 0x84, 0x54, 0xD8, 0x40,
-        0x22, 0x62, 0x3D, 0x5C, 0xA6, 0x61, 0x9B, 0xE7,
-    };
-    unsigned char sData[] = {
-        0x1D,
-        0xB5, 0xB5, 0xD9, 0xD8, 0xF1, 0x20, 0xDD, 0x97,
-        0x92, 0xBF, 0x7E, 0x9B, 0x3F, 0xE6, 0x3C, 0x4B,
-        0x03, 0xD8, 0x80, 0xBD, 0xB7, 0x27, 0x7E, 0x6A,
-        0x84, 0x23, 0xDE, 0x61, 0x7C, 0x8D, 0xDC
-    };
-    unsigned char rBadData[] = {
-        0xD2, 0xFC, 0xA3, 0x88, 0xE3, 0xDF, 0xA3, 0x00,
-        0x73, 0x9B, 0x3C, 0x2A, 0x0D, 0xAD, 0x44, 0xA2,
-        0xFC, 0x62, 0xD5, 0x6B, 0x84, 0x54, 0xD8, 0x40,
-        0x22, 0x62, 0x3D, 0x5C, 0xA6, 0x61, 0x9B, 0xE8,
-    };
-
-    XMEMSET(key, 0, sizeof(*key));
-    XMEMSET(r, 0, sizeof(*r));
-    XMEMSET(s, 0, sizeof(*s));
-
-    ExpectIntEQ(mp_init(r), 0);
-    ExpectIntEQ(mp_init(s), 0);
-    ExpectIntEQ(mp_read_unsigned_bin(r, rData, sizeof(rData)), 0);
-    ExpectIntEQ(mp_read_unsigned_bin(s, sData, sizeof(sData)), 0);
-
-    ExpectIntEQ(wc_ecc_init(key), 0);
-
-    /* Test with no curve set. */
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
-
-    /* Test invalid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, NULL, NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, s, NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, hash, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
-        &verified, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
-        NULL, key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, s, hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, NULL, hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, NULL, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        NULL, key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        &verified, NULL), BAD_FUNC_ARG);
-
-    /* Make key not on the SM2 curve. */
-    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
-
-    /* Test valid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        &verified, key), 0);
-    ExpectIntEQ(verified, 1);
-
-    ExpectIntEQ(mp_read_unsigned_bin(r, rBadData, sizeof(rBadData)), 0);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
-        &verified, key), 0);
-    ExpectIntEQ(verified, 0);
-
-    mp_free(s);
-    mp_free(r);
-    wc_ecc_free(key);
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-}
-
-/*
- * Testing wc_ecc_sm2_verify_hash()
- */
-static int test_wc_ecc_sm2_verify_hash(void)
-{
-    int res = TEST_SKIPPED;
-#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_VERIFY)
-    EXPECT_DECLS;
-    ecc_key key[1];
-    int verified;
-    unsigned char pub[] = {
-        0x04,
-        0x63, 0x7F, 0x1B, 0x13, 0x50, 0x36, 0xC9, 0x33,
-        0xDC, 0x3F, 0x7A, 0x8E, 0xBB, 0x1B, 0x7B, 0x2F,
-        0xD1, 0xDF, 0xBD, 0x26, 0x8D, 0x4F, 0x89, 0x4B,
-        0x5A, 0xD4, 0x7D, 0xBD, 0xBE, 0xCD, 0x55, 0x8F,
-        0xE8, 0x81, 0x01, 0xD0, 0x80, 0x48, 0xE3, 0x6C,
-        0xCB, 0xF6, 0x1C, 0xA3, 0x8D, 0xDF, 0x7A, 0xBA,
-        0x54, 0x2B, 0x44, 0x86, 0xE9, 0x9E, 0x49, 0xF3,
-        0xA7, 0x47, 0x0A, 0x85, 0x7A, 0x09, 0x64, 0x33
-    };
-    unsigned char hash[] = {
-        0x3B, 0xFA, 0x5F, 0xFB, 0xC4, 0x27, 0x8C, 0x9D,
-        0x02, 0x3A, 0x19, 0xCB, 0x1E, 0xAA, 0xD2, 0xF1,
-        0x50, 0x69, 0x5B, 0x20
-    };
-    unsigned char sig[] = {
-        0x30, 0x45, 0x02, 0x21, 0x00, 0xD2, 0xFC, 0xA3,
-        0x88, 0xE3, 0xDF, 0xA3, 0x00, 0x73, 0x9B, 0x3C,
-        0x2A, 0x0D, 0xAD, 0x44, 0xA2, 0xFC, 0x62, 0xD5,
-        0x6B, 0x84, 0x54, 0xD8, 0x40, 0x22, 0x62, 0x3D,
-        0x5C, 0xA6, 0x61, 0x9B, 0xE7, 0x02, 0x20, 0x1D,
-        0xB5, 0xB5, 0xD9, 0xD8, 0xF1, 0x20, 0xDD, 0x97,
-        0x92, 0xBF, 0x7E, 0x9B, 0x3F, 0xE6, 0x3C, 0x4B,
-        0x03, 0xD8, 0x80, 0xBD, 0xB7, 0x27, 0x7E, 0x6A,
-        0x84, 0x23, 0xDE, 0x61, 0x7C, 0x8D, 0xDC
-    };
-    unsigned char sigBad[] = {
-        0x30, 0x45, 0x02, 0x21, 0x00, 0xD2, 0xFC, 0xA3,
-        0x88, 0xE3, 0xDF, 0xA3, 0x00, 0x73, 0x9B, 0x3C,
-        0x2A, 0x0D, 0xAD, 0x44, 0xA2, 0xFC, 0x62, 0xD5,
-        0x6B, 0x84, 0x54, 0xD8, 0x40, 0x22, 0x62, 0x3D,
-        0x5C, 0xA6, 0x61, 0x9B, 0xE7, 0x02, 0x20, 0x1D,
-        0xB5, 0xB5, 0xD9, 0xD8, 0xF1, 0x20, 0xDD, 0x97,
-        0x92, 0xBF, 0x7E, 0x9B, 0x3F, 0xE6, 0x3C, 0x4B,
-        0x03, 0xD8, 0x80, 0xBD, 0xB7, 0x27, 0x7E, 0x6A,
-        0x84, 0x23, 0xDE, 0x61, 0x7C, 0x8D, 0xDD
-    };
-
-
-    XMEMSET(key, 0, sizeof(*key));
-    ExpectIntEQ(wc_ecc_init(key), 0);
-
-    /* Test with no curve set. */
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
-
-    /* Test invalid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), NULL, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), hash, sizeof(hash),
-        NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
-        &verified, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
-        NULL, key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), NULL, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        NULL, key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        &verified, NULL), BAD_FUNC_ARG);
-
-    /* Make key not on the SM2 curve. */
-    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        &verified, key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
-
-    /* Test valid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
-        &verified, key), 0);
-    ExpectIntEQ(verified, 1);
-
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(sigBad, sizeof(sigBad), hash,
-        sizeof(hash), &verified, key), 0);
-    ExpectIntEQ(verified, 0);
-
-    wc_ecc_free(key);
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-}
-
-/*
- * Testing wc_ecc_sm2_verify_hash_ex()
- */
-static int test_wc_ecc_sm2_sign_hash_ex(void)
-{
-    int res = TEST_SKIPPED;
-#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_SIGN) && \
-    defined(WOLFSSL_PUBLIC_MP)
-    EXPECT_DECLS;
-    WC_RNG  rng[1];
-    ecc_key key[1];
-    mp_int r[1];
-    mp_int s[1];
-    unsigned char hash[32];
-#ifdef HAVE_ECC_VERIFY
-    int verified;
-#endif
-
-    XMEMSET(rng, 0, sizeof(*rng));
-    XMEMSET(key, 0, sizeof(*key));
-    XMEMSET(r, 0, sizeof(*r));
-    XMEMSET(s, 0, sizeof(*s));
-
-    ExpectIntEQ(wc_InitRng(rng), 0);
-    ExpectIntEQ(mp_init(r), 0);
-    ExpectIntEQ(mp_init(s), 0);
-    ExpectIntEQ(wc_RNG_GenerateBlock(rng, hash, sizeof(hash)), 0);
-
-    ExpectIntEQ(wc_ecc_init(key), 0);
-
-    /* Test with no curve set. */
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
-        BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
-
-    /* Test invalid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), NULL, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), rng, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, key, NULL,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, r,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, NULL,
-        s), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), rng, key, r, s),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), NULL, key, r, s),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, NULL, r, s),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, NULL, s),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, NULL),
-        BAD_FUNC_ARG);
-
-    /* Make key not on the SM2 curve. */
-    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
-
-#ifdef WOLFSSL_SP_MATH_ALL
-    {
-        mp_int smallR[1];
-        sp_init_size(smallR, 1);
-        /* Force failure in _ecc_sm2_calc_r_s by r being too small. */
-        ExpectIntLT(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key,
-            smallR, s), 0);
-    }
-#endif
-
-    /* Test valid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
-        0);
-#ifdef HAVE_ECC_VERIFY
-    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash), &verified,
-        key), 0);
-    ExpectIntEQ(verified, 1);
-#endif
-
-    mp_free(s);
-    mp_free(r);
-    wc_ecc_free(key);
-    wc_FreeRng(rng);
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-}
-
-
-/*
- * Testing wc_ecc_sm2_verify_hash()
- */
-static int test_wc_ecc_sm2_sign_hash(void)
-{
-    int res = TEST_SKIPPED;
-#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_SIGN)
-    EXPECT_DECLS;
-    WC_RNG  rng[1];
-    ecc_key key[1];
-    unsigned char hash[32];
-    unsigned char sig[72];
-    word32 sigSz = sizeof(sig);
-#ifdef HAVE_ECC_VERIFY
-    int verified;
-#endif
-
-    XMEMSET(rng, 0, sizeof(*rng));
-    XMEMSET(key, 0, sizeof(*key));
-
-    ExpectIntEQ(wc_InitRng(rng), 0);
-    ExpectIntEQ(wc_RNG_GenerateBlock(rng, hash, sizeof(hash)), 0);
-
-    ExpectIntEQ(wc_ecc_init(key), 0);
-
-    /* Test with no curve set. */
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
-        BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
-
-    /* Test invalid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), NULL, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), sig, NULL, NULL,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, &sigSz, NULL,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, rng,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, NULL,
-        key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), sig, &sigSz, rng,
-        key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), NULL, &sigSz, rng,
-        key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, NULL, rng,
-        key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, NULL,
-        key), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng,
-        NULL), BAD_FUNC_ARG);
-
-    /* Make key not on the SM2 curve. */
-    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
-
-    /* Test valid parameters. */
-    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
-        0);
-#ifdef HAVE_ECC_VERIFY
-    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sigSz, hash, sizeof(hash),
-        &verified, key), 0);
-    ExpectIntEQ(verified, 1);
-#endif
-
-    wc_ecc_free(key);
-    wc_FreeRng(rng);
-#ifdef FP_ECC
-    wc_ecc_fp_free();
-#endif
-
-    res = EXPECT_RESULT();
-#endif
-    return res;
-}
-
 
 /*
  * Testing ToTraditional
@@ -27114,10801 +15016,17 @@ static int test_ToTraditional(void)
     /* Good case */
     ExpectIntGT(ToTraditional(input, sz), 0);
     /* Bad cases */
-    ExpectIntEQ(ToTraditional(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(ToTraditional(NULL, sz), BAD_FUNC_ARG);
+    ExpectIntEQ(ToTraditional(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(ToTraditional(NULL, sz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifdef WOLFSSL_ASN_TEMPLATE
-    ExpectIntEQ(ToTraditional(input, 0), BUFFER_E);
+    ExpectIntEQ(ToTraditional(input, 0), WC_NO_ERR_TRACE(BUFFER_E));
 #else
-    ExpectIntEQ(ToTraditional(input, 0), ASN_PARSE_E);
+    ExpectIntEQ(ToTraditional(input, 0), WC_NO_ERR_TRACE(ASN_PARSE_E));
 #endif
 #endif
     return EXPECT_RESULT();
 } /* End test_ToTraditional*/
 
-/*
- * Testing wc_EccPrivateKeyToDer
- */
-static int test_wc_EccPrivateKeyToDer(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
-    byte    output[ONEK_BUF];
-    ecc_key eccKey;
-    WC_RNG  rng;
-    word32  inLen;
-    word32  outLen = 0;
-    int     ret;
-
-    XMEMSET(&eccKey, 0, sizeof(ecc_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    PRIVATE_KEY_UNLOCK();
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ecc_init(&eccKey), 0);
-    ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    ExpectIntEQ(ret, 0);
-
-    inLen = (word32)sizeof(output);
-    /* Bad Cases */
-    ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, NULL, inLen), LENGTH_ONLY_E);
-    ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0), BAD_FUNC_ARG);
-    /* Good Case */
-    ExpectIntGT(outLen = (word32)wc_EccPrivateKeyToDer(&eccKey, output, inLen), 0);
-
-    wc_ecc_free(&eccKey);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ALL_CURVES)
-    {
-        /* test importing private only into a PKEY struct */
-        EC_KEY*   ec = NULL;
-        EVP_PKEY* pkey = NULL;
-        const unsigned char* der;
-
-        der = output;
-        ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &der, outLen));
-
-        der = output;
-        ExpectNotNull(ec = d2i_ECPrivateKey(NULL, &der, outLen));
-        ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ec), SSL_SUCCESS);
-        if (EXPECT_FAIL()) {
-            EC_KEY_free(ec);
-        }
-        EVP_PKEY_free(pkey); /* EC_KEY should be free'd by free'ing pkey */
-    }
-#endif
-    PRIVATE_KEY_LOCK();
-#endif
-    return EXPECT_RESULT();
-} /* End test_wc_EccPrivateKeyToDer*/
-
-/*
- * Testing wc_DhPublicKeyDecode
- */
-static int test_wc_DhPublicKeyDecode(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_DH
-#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048)
-    DhKey  key;
-    word32 inOutIdx;
-
-    XMEMSET(&key, 0, sizeof(DhKey));
-
-    ExpectIntEQ(wc_InitDhKey(&key), 0);
-
-    ExpectIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
-        BAD_FUNC_ARG);
-    inOutIdx = 0;
-    ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0),
-        BAD_FUNC_ARG);
-    inOutIdx = 0;
-    ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0),
-        BAD_FUNC_ARG);
-    inOutIdx = 0;
-    ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key,
-        sizeof_dh_pub_key_der_2048), 0);
-    ExpectIntNE(key.p.used, 0);
-    ExpectIntNE(key.g.used, 0);
-    ExpectIntEQ(key.q.used, 0);
-    ExpectIntNE(key.pub.used, 0);
-    ExpectIntEQ(key.priv.used, 0);
-
-    DoExpectIntEQ(wc_FreeDhKey(&key), 0);
-#endif
-#endif /* !NO_DH */
-    return EXPECT_RESULT();
-}
-
-/*
- * Testing wc_Ed25519KeyToDer
- */
-static int test_wc_Ed25519KeyToDer(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
-    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
-    byte        output[ONEK_BUF];
-    ed25519_key ed25519Key;
-    WC_RNG      rng;
-    word32      inLen;
-
-    XMEMSET(&ed25519Key, 0, sizeof(ed25519_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed25519_init(&ed25519Key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key), 0);
-    inLen = (word32)sizeof(output);
-
-    /* Bad Cases */
-    ExpectIntEQ(wc_Ed25519KeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed25519KeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0), BUFFER_E);
-    /* Good Cases */
-    /* length only */
-    ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, 0), 0);
-    ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen), 0);
-    ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, output, inLen), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed25519_free(&ed25519Key);
-#endif
-    return EXPECT_RESULT();
-} /* End test_wc_Ed25519KeyToDer*/
-
-/*
- * Testing wc_Ed25519PrivateKeyToDer
- */
-static int test_wc_Ed25519PrivateKeyToDer(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
-    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
-    byte        output[ONEK_BUF];
-    ed25519_key ed25519PrivKey;
-    WC_RNG      rng;
-    word32      inLen;
-
-    XMEMSET(&ed25519PrivKey, 0, sizeof(ed25519_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed25519_init(&ed25519PrivKey), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519PrivKey),
-        0);
-    inLen = (word32)sizeof(output);
-
-    /* Bad Cases */
-    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0),
-        BUFFER_E);
-    /* Good Cases */
-    /* length only */
-    ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, 0), 0);
-    ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed25519_free(&ed25519PrivKey);
-#endif
-    return EXPECT_RESULT();
-} /* End test_wc_Ed25519PrivateKeyToDer*/
-
-/*
- * Testing wc_Ed448KeyToDer
- */
-static int test_wc_Ed448KeyToDer(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
-    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
-    byte      output[ONEK_BUF];
-    ed448_key ed448Key;
-    WC_RNG    rng;
-    word32    inLen;
-
-    XMEMSET(&ed448Key, 0, sizeof(ed448_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed448_init(&ed448Key), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key), 0);
-    inLen = (word32)sizeof(output);
-
-    /* Bad Cases */
-    ExpectIntEQ(wc_Ed448KeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed448KeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0), BUFFER_E);
-    /* Good Cases */
-    /* length only */
-    ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, 0), 0);
-    ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, output, inLen), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed448_free(&ed448Key);
-#endif
-    return EXPECT_RESULT();
-} /* End test_wc_Ed448KeyToDer*/
-
-/*
- * Testing wc_Ed448PrivateKeyToDer
- */
-static int test_wc_Ed448PrivateKeyToDer(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
-    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
-    byte      output[ONEK_BUF];
-    ed448_key ed448PrivKey;
-    WC_RNG    rng;
-    word32    inLen;
-
-    XMEMSET(&ed448PrivKey, 0, sizeof(ed448_key));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_ed448_init(&ed448PrivKey), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448PrivKey),
-        0);
-    inLen = (word32)sizeof(output);
-
-    /* Bad Cases */
-    ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0),
-        BUFFER_E);
-    /* Good cases */
-    /* length only */
-    ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, 0), 0);
-    ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_ed448_free(&ed448PrivKey);
-#endif
-    return EXPECT_RESULT();
-} /* End test_wc_Ed448PrivateKeyToDer*/
-
-/*
- * Testing wc_Curve448PrivateKeyToDer
- */
-static int test_wc_Curve448PrivateKeyToDer(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT) && \
-    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
-    byte      output[ONEK_BUF];
-    curve448_key curve448PrivKey;
-    WC_RNG    rng;
-    word32    inLen;
-
-    XMEMSET(&curve448PrivKey, 0, sizeof(curve448PrivKey));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_curve448_init(&curve448PrivKey), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &curve448PrivKey),
-        0);
-    inLen = (word32)sizeof(output);
-
-    /* Bad Cases */
-    ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, 0),
-        BUFFER_E);
-    /* Good cases */
-    /* length only */
-    ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, NULL, 0), 0);
-    ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, inLen), 0);
-
-    /* Bad Cases */
-    ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, NULL, 0, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, output, inLen, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, 0, 0),
-        BUFFER_E);
-    ExpectIntEQ(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, 0, 1),
-        BUFFER_E);
-    /* Good cases */
-    /* length only */
-    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 0), 0);
-    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 1), 0);
-    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 0), 0);
-    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 1), 0);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-    wc_curve448_free(&curve448PrivKey);
-#endif
-    return EXPECT_RESULT();
-} /* End wc_Curve448PrivateKeyToDer*/
-
-static int test_wc_kyber_make_key_kats(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \
-    defined(WOLFSSL_ML_KEM)
-    KyberKey* key;
-#ifndef WOLFSSL_NO_KYBER512
-    static const byte seed_512[KYBER_MAKEKEY_RAND_SZ] = {
-        0xCD, 0x11, 0x9A, 0xFD, 0xC8, 0x55, 0x94, 0x42,
-        0x42, 0x4A, 0x87, 0xC1, 0x3E, 0xA1, 0x01, 0xE2,
-        0x9F, 0xCA, 0x11, 0x88, 0x18, 0x69, 0x07, 0x7E,
-        0x40, 0x92, 0xE7, 0x51, 0xBE, 0xDC, 0xA8, 0xBC,
-        0xCD, 0x11, 0x9A, 0xFD, 0xC8, 0x55, 0x94, 0x42,
-        0x42, 0x4A, 0x87, 0xC1, 0x3E, 0xA1, 0x01, 0xE2,
-        0x9F, 0xCA, 0x11, 0x88, 0x18, 0x69, 0x07, 0x7E,
-        0x40, 0x92, 0xE7, 0x51, 0xBE, 0xDC, 0xA8, 0xBC
-    };
-    static const byte ek_512[KYBER512_PUBLIC_KEY_SIZE] = {
-        0xC6, 0x5A, 0x1D, 0x9D, 0x47, 0x97, 0x77, 0xE6,
-        0x90, 0x5A, 0x91, 0xA5, 0xCB, 0x24, 0x55, 0x1C,
-        0x8B, 0x1E, 0x52, 0xA3, 0xC7, 0x7B, 0x63, 0x31,
-        0x3F, 0xFC, 0x8B, 0x58, 0x17, 0x81, 0x52, 0x59,
-        0xA6, 0xAD, 0xB5, 0x96, 0x45, 0xDC, 0x4B, 0xB1,
-        0x43, 0x6D, 0x51, 0xE6, 0x2A, 0x09, 0x68, 0x34,
-        0xAF, 0x43, 0x77, 0x25, 0x10, 0xC4, 0xED, 0xF3,
-        0x4C, 0xDE, 0x0A, 0x5B, 0x57, 0xC1, 0x45, 0xE6,
-        0x87, 0xCB, 0x87, 0x16, 0x2F, 0x00, 0x1C, 0x21,
-        0xC9, 0xE1, 0x93, 0x4A, 0xC1, 0x1A, 0xAF, 0xA7,
-        0x0F, 0xF8, 0x10, 0x73, 0x26, 0x50, 0xB3, 0x2A,
-        0x30, 0x18, 0xA7, 0xC5, 0x0C, 0xD7, 0x36, 0x79,
-        0x62, 0x22, 0xC8, 0xAB, 0x82, 0x1A, 0x92, 0x83,
-        0xBE, 0x1C, 0xC2, 0x04, 0xC3, 0xF1, 0x63, 0x0D,
-        0x3C, 0xCC, 0xDB, 0x0A, 0x9A, 0x3D, 0x17, 0x55,
-        0x2B, 0x91, 0x58, 0xC0, 0x66, 0x4E, 0x5D, 0x6A,
-        0x04, 0xB0, 0xFA, 0x36, 0xDE, 0x45, 0x86, 0x2A,
-        0x46, 0xA3, 0x9E, 0xC5, 0x97, 0xAE, 0x42, 0xC3,
-        0x11, 0xC4, 0xAC, 0x22, 0x4A, 0x72, 0xD6, 0xF2,
-        0x53, 0xBB, 0x52, 0x35, 0xF7, 0xA2, 0xB8, 0xB0,
-        0xF2, 0x4D, 0x13, 0x76, 0xAF, 0x58, 0x87, 0x46,
-        0xF3, 0xBB, 0x8E, 0x03, 0x65, 0x07, 0x87, 0x61,
-        0xCA, 0xB9, 0x83, 0xA4, 0xA6, 0xA9, 0x40, 0xA3,
-        0xD9, 0x97, 0x04, 0x7A, 0x8F, 0x36, 0xA7, 0x31,
-        0xE8, 0x96, 0x52, 0x36, 0xC3, 0x7B, 0xF2, 0x00,
-        0x08, 0x2F, 0x82, 0x1D, 0xCA, 0x77, 0x16, 0xC4,
-        0x44, 0xA9, 0x0B, 0xEC, 0x53, 0x07, 0x4B, 0xBA,
-        0x58, 0xC1, 0x32, 0xBF, 0xB9, 0xA2, 0xAC, 0xE2,
-        0xCE, 0xC9, 0xAA, 0x65, 0x8E, 0xAC, 0x12, 0x32,
-        0xCC, 0xCA, 0x3C, 0x81, 0x7A, 0x92, 0xC1, 0x19,
-        0x5C, 0x05, 0xC0, 0xE1, 0xD6, 0x63, 0x9F, 0xD2,
-        0xAD, 0xE5, 0x31, 0x60, 0x7D, 0x48, 0x8B, 0x74,
-        0xA7, 0x47, 0xCF, 0xF4, 0x7F, 0xCA, 0x5C, 0x8B,
-        0x21, 0x63, 0xCA, 0x03, 0xC5, 0x45, 0xED, 0x10,
-        0x32, 0x78, 0x43, 0x0C, 0x60, 0xB2, 0x38, 0x1A,
-        0x09, 0x42, 0x7F, 0xD1, 0x30, 0xF8, 0x59, 0xBF,
-        0x5D, 0xB7, 0x76, 0xDA, 0x09, 0x5D, 0xCA, 0x58,
-        0x04, 0xFA, 0x63, 0xB0, 0xD7, 0xD8, 0x7F, 0xA9,
-        0x41, 0x5C, 0x72, 0xFB, 0x51, 0x87, 0x2A, 0x98,
-        0x9F, 0x46, 0x6C, 0x98, 0x4B, 0xC7, 0x4C, 0x29,
-        0xB8, 0x63, 0x20, 0x19, 0xCA, 0x04, 0x0C, 0x9C,
-        0xA3, 0x5E, 0x22, 0x60, 0x8D, 0xAA, 0x70, 0x35,
-        0x7A, 0xE2, 0xC3, 0xAD, 0x83, 0x63, 0x1F, 0xAA,
-        0x17, 0x4E, 0x0A, 0xCD, 0xF5, 0xDB, 0xBF, 0x3C,
-        0xF6, 0x8A, 0x05, 0xB6, 0x54, 0x3A, 0xB6, 0x26,
-        0x8E, 0x1A, 0x51, 0xB0, 0x93, 0x2C, 0x17, 0xB0,
-        0x0A, 0x13, 0x71, 0xB2, 0xDA, 0xB2, 0x41, 0xF9,
-        0x2A, 0x43, 0xFF, 0xB4, 0x56, 0xD0, 0xA8, 0xC8,
-        0x86, 0x0A, 0x8E, 0x28, 0xA6, 0x1A, 0x21, 0x30,
-        0x7C, 0xC0, 0x45, 0x6D, 0xA4, 0x24, 0x29, 0x05,
-        0xCB, 0x1D, 0x3D, 0x0B, 0xBD, 0x81, 0xBB, 0x8E,
-        0xE2, 0x74, 0xA4, 0x3C, 0x76, 0xC3, 0x10, 0x01,
-        0x95, 0x15, 0xFC, 0xC1, 0x40, 0x46, 0x7C, 0x33,
-        0x37, 0x0C, 0x86, 0x80, 0x8E, 0xCA, 0xA5, 0x8E,
-        0x3B, 0xA9, 0x3A, 0x2C, 0x11, 0x90, 0x46, 0x1C,
-        0x1D, 0xFA, 0x11, 0x30, 0x20, 0x01, 0xBB, 0xAB,
-        0x4C, 0xB1, 0xE3, 0x64, 0x2E, 0xF8, 0xCB, 0x26,
-        0x30, 0x9B, 0x60, 0x52, 0x3B, 0xC2, 0x18, 0x87,
-        0xB0, 0x7F, 0x89, 0x8C, 0xE5, 0x62, 0xA6, 0xCA,
-        0x77, 0x8E, 0xA0, 0x15, 0x05, 0x85, 0x13, 0x78,
-        0xCE, 0xA8, 0xBB, 0x7F, 0xC0, 0x9D, 0x11, 0x96,
-        0x1B, 0x6C, 0x59, 0x6F, 0x93, 0x54, 0x2A, 0x99,
-        0x04, 0x86, 0x4E, 0xB1, 0x0C, 0xD0, 0xA7, 0x03,
-        0xDB, 0xA9, 0x89, 0x21, 0x86, 0x1A, 0x87, 0xB0,
-        0x56, 0x52, 0x5C, 0x71, 0xA8, 0x43, 0x55, 0x3E,
-        0x64, 0x00, 0x77, 0x74, 0x37, 0xC9, 0x5C, 0xCC,
-        0x80, 0x85, 0xCC, 0x0C, 0x47, 0x7D, 0x66, 0x5A,
-        0x44, 0x79, 0x01, 0x9D, 0x4C, 0xD4, 0x42, 0xF7,
-        0x4A, 0x3C, 0xD8, 0x16, 0x9F, 0x42, 0x62, 0xB8,
-        0x27, 0x1B, 0x5D, 0x5A, 0x67, 0xC8, 0xC1, 0x61,
-        0x1A, 0xAE, 0x7B, 0x3D, 0x05, 0x34, 0xC0, 0x85,
-        0x97, 0x16, 0xFD, 0xF0, 0xBB, 0x68, 0x94, 0x90,
-        0x94, 0xC0, 0x6A, 0x1B, 0x73, 0xC9, 0xAA, 0x1C,
-        0xBD, 0xF3, 0x31, 0x54, 0x3D, 0xE0, 0x02, 0xA8,
-        0xC0, 0x6F, 0x94, 0xE8, 0x81, 0x0A, 0x5C, 0xB3,
-        0x73, 0x83, 0x27, 0x45, 0xD7, 0x20, 0x68, 0x3B,
-        0x57, 0x48, 0x75, 0xA6, 0x66, 0x94, 0x6D, 0x02,
-        0x96, 0x89, 0x3F, 0x2B, 0x59, 0xE9, 0x07, 0x48,
-        0x8D, 0x8C, 0x84, 0x89, 0xD4, 0x74, 0xD9, 0x29,
-        0xA0, 0x5A, 0x57, 0x3E, 0xD6, 0x67, 0x49, 0x03,
-        0x71, 0xA4, 0x6D, 0x45, 0x56, 0xCB, 0xB6, 0x8A,
-        0xAA, 0x79, 0xCC, 0x3E, 0xC6, 0x65, 0x34, 0x13,
-        0x57, 0x6C, 0x22, 0x8E, 0x37, 0x9A, 0x14, 0xCB,
-        0x90, 0xB7, 0xB7, 0x59, 0x1B, 0x19, 0xA7, 0xBD,
-        0x37, 0xA1, 0xC4, 0xD3, 0x78, 0x59, 0x89, 0x22,
-        0x19, 0x44, 0x2B, 0xB0, 0xB9, 0xB9, 0xBA, 0x67,
-        0xBA, 0x3B, 0xC0, 0xD0, 0x95, 0xC8, 0x80, 0x3C,
-        0xEB, 0xE9, 0x7A, 0xFF, 0x0B, 0x1C, 0x15, 0x35,
-        0x78, 0xA1, 0x30, 0xCD, 0x81, 0x57, 0xCF, 0x74,
-        0x59, 0x46, 0xC2, 0xF5, 0x72, 0x6D, 0x9C, 0x11,
-        0x27, 0x35, 0x75, 0x50, 0x52, 0x91, 0x34, 0x65,
-        0x28, 0xEE, 0x0B, 0xAC, 0x04, 0x7C, 0xC9, 0x84,
-        0x53, 0x8B, 0x97, 0xBB, 0xAB, 0xFC, 0xC3, 0x57,
-        0xDC, 0xB8, 0xA9, 0x8F, 0xB8, 0x57, 0xC9, 0xC5,
-        0x2D, 0x1B, 0x78, 0x67, 0x49, 0xCA, 0x61, 0x89,
-        0x2B, 0x09, 0x75, 0x99, 0x80, 0x52, 0x00, 0x91,
-        0xB9, 0xB4, 0x77, 0xC7, 0x0E, 0x6C, 0x46, 0x58,
-        0x6B, 0x1C, 0xCE, 0xBE, 0x87, 0xBC, 0xF6, 0xDF,
-        0x03, 0xC2, 0xB2, 0x7C, 0xB0, 0x9F, 0xA0, 0x3F,
-        0x63, 0x16, 0x09, 0x58, 0x38, 0x3B, 0xE6, 0x36
-    };
-    static const byte dk_512[KYBER512_PRIVATE_KEY_SIZE] = {
-        0x37, 0xEC, 0x47, 0x7E, 0x21, 0x7B, 0xFB, 0x40,
-        0x38, 0x4C, 0x85, 0x0E, 0x51, 0xC1, 0x83, 0x71,
-        0x58, 0xBD, 0xBC, 0x23, 0xA3, 0x18, 0x32, 0xBC,
-        0x25, 0xC9, 0x1B, 0x31, 0x21, 0x44, 0x4A, 0xD4,
-        0x53, 0x37, 0x33, 0xBA, 0xFF, 0x07, 0xCA, 0x81,
-        0x7B, 0x64, 0xB2, 0xCA, 0x42, 0x99, 0xAA, 0x26,
-        0x45, 0x4C, 0xBA, 0xFB, 0x35, 0xB6, 0xAB, 0xE1,
-        0x18, 0x5C, 0xB4, 0x7C, 0x4C, 0xD6, 0x1A, 0xF9,
-        0x83, 0x83, 0xC4, 0x81, 0x4B, 0x20, 0xAB, 0x87,
-        0x54, 0xFC, 0x51, 0x4F, 0x23, 0x07, 0x41, 0x14,
-        0xC3, 0xE5, 0xA8, 0x10, 0xA4, 0x53, 0xB8, 0x55,
-        0xAA, 0x7F, 0x13, 0x10, 0xC7, 0x4B, 0x0B, 0x01,
-        0xE5, 0xAA, 0xB2, 0xE8, 0x71, 0x73, 0x8F, 0xAC,
-        0x27, 0x86, 0xC7, 0xA0, 0x5D, 0x6B, 0x3B, 0x32,
-        0xA0, 0x50, 0xD0, 0xFB, 0x22, 0x39, 0x56, 0xC9,
-        0x5C, 0xA0, 0xC2, 0xC1, 0xD5, 0x41, 0x54, 0xA7,
-        0x7B, 0xD3, 0x37, 0x37, 0xA4, 0x9A, 0x00, 0x65,
-        0xD1, 0x42, 0x4A, 0x2A, 0xBA, 0xFD, 0x52, 0xAA,
-        0x93, 0x4C, 0x98, 0x04, 0x93, 0x92, 0x08, 0xF0,
-        0x5C, 0xCF, 0x8B, 0x8B, 0x80, 0x86, 0x31, 0x6E,
-        0x09, 0x43, 0xA0, 0x87, 0x10, 0x50, 0x0C, 0x91,
-        0x8A, 0x2B, 0x21, 0x8D, 0x37, 0xB8, 0x5A, 0xE2,
-        0x80, 0x22, 0xCB, 0x01, 0x34, 0xFB, 0x49, 0xF5,
-        0xC4, 0x5D, 0x98, 0xD3, 0xC0, 0x4B, 0x75, 0x5A,
-        0x60, 0x88, 0x04, 0x22, 0x66, 0x8E, 0x2B, 0x30,
-        0x1B, 0x18, 0xD5, 0x19, 0x4D, 0xE9, 0x91, 0xB2,
-        0x65, 0xBF, 0x94, 0x69, 0x7E, 0x6A, 0x4B, 0x81,
-        0x50, 0xC8, 0xB8, 0x52, 0x03, 0x39, 0x15, 0x63,
-        0x5E, 0x30, 0x66, 0x5B, 0xDA, 0x21, 0x91, 0xDA,
-        0xA5, 0x05, 0xD4, 0x33, 0x44, 0xFD, 0x29, 0xC9,
-        0xFC, 0xC1, 0xC5, 0x07, 0x69, 0x1D, 0x47, 0x5B,
-        0x61, 0x7C, 0x94, 0x8F, 0xCC, 0x84, 0xB1, 0xB0,
-        0x8A, 0x1C, 0x63, 0x8C, 0x3E, 0x13, 0x58, 0x0C,
-        0xE3, 0x59, 0x78, 0x9A, 0x98, 0x60, 0xE5, 0x46,
-        0x9C, 0xC7, 0x54, 0xB0, 0x8E, 0xE3, 0x3F, 0x09,
-        0x21, 0xBD, 0xEF, 0x15, 0xA9, 0x06, 0x96, 0x9F,
-        0x2D, 0xC5, 0x7A, 0x25, 0xE8, 0x0C, 0xE4, 0xC4,
-        0x5F, 0x11, 0xE0, 0x4A, 0x51, 0x9A, 0xB0, 0x8B,
-        0x9B, 0x92, 0x7C, 0x3A, 0x13, 0xA0, 0x81, 0xCF,
-        0xFA, 0x11, 0x0F, 0xAC, 0xCC, 0x5E, 0x8D, 0xC2,
-        0x94, 0x95, 0x97, 0x8B, 0x55, 0x53, 0x10, 0x4D,
-        0x47, 0x3A, 0x17, 0x59, 0x18, 0xAD, 0x5B, 0x54,
-        0x87, 0xBB, 0xA6, 0x97, 0x12, 0xAE, 0x93, 0xF6,
-        0x15, 0xC6, 0x0A, 0x8D, 0x38, 0x7B, 0xCE, 0x3F,
-        0x65, 0x1E, 0x56, 0x88, 0x0A, 0x52, 0x2B, 0x2D,
-        0xB8, 0x63, 0x51, 0xCA, 0xB6, 0x5D, 0x13, 0xB4,
-        0x69, 0x3D, 0xB0, 0xB2, 0xC8, 0x09, 0x36, 0xFA,
-        0xD1, 0xCE, 0x67, 0x92, 0x5E, 0x6B, 0xB7, 0xC1,
-        0x10, 0xC4, 0x3E, 0x83, 0x24, 0x7D, 0x22, 0x60,
-        0x8D, 0x8C, 0x10, 0x23, 0x43, 0x1C, 0xB6, 0x92,
-        0x90, 0xA4, 0xF8, 0xA9, 0x59, 0x3B, 0xF1, 0x24,
-        0x1D, 0x73, 0x7C, 0x0C, 0xD1, 0x6D, 0x75, 0xEB,
-        0x50, 0xC6, 0x84, 0x2C, 0xE0, 0xA2, 0x1D, 0xCE,
-        0x49, 0x40, 0x36, 0x82, 0x4C, 0xE6, 0x32, 0x52,
-        0xE9, 0x32, 0x5F, 0x05, 0xB7, 0x34, 0x45, 0x2B,
-        0x12, 0x91, 0x32, 0xB1, 0x96, 0x08, 0x4A, 0x37,
-        0x88, 0xBB, 0xB1, 0xF2, 0x0A, 0x37, 0xD2, 0xC2,
-        0xB3, 0xF9, 0x0E, 0x0D, 0xD7, 0xA2, 0x74, 0xC9,
-        0xB1, 0xA9, 0xF0, 0x2E, 0xC7, 0xE7, 0x21, 0xF4,
-        0xA4, 0x3D, 0x40, 0x9A, 0x25, 0xFB, 0xC9, 0x9A,
-        0x44, 0xD4, 0x76, 0x31, 0x07, 0xC7, 0x87, 0x62,
-        0x09, 0x41, 0x76, 0x1E, 0xD4, 0x8C, 0x93, 0x29,
-        0x24, 0xBA, 0x62, 0x09, 0x86, 0xCF, 0x27, 0x7A,
-        0x23, 0x47, 0x1C, 0x7B, 0x13, 0x33, 0x3D, 0x93,
-        0x6C, 0x0D, 0xD4, 0x9E, 0x0F, 0xF3, 0x4C, 0xA3,
-        0xAB, 0x82, 0x34, 0xC4, 0x2A, 0xEB, 0xE4, 0x59,
-        0xC6, 0x12, 0x05, 0x2B, 0x97, 0x16, 0xE9, 0x6B,
-        0x20, 0xBE, 0xC7, 0x18, 0x12, 0x60, 0x40, 0xA9,
-        0x09, 0x1F, 0x6B, 0xA9, 0x44, 0x5F, 0x45, 0x80,
-        0x6A, 0xEB, 0x6E, 0x38, 0x16, 0x71, 0x0F, 0x7C,
-        0xBF, 0xED, 0x11, 0x01, 0x46, 0x12, 0x84, 0xDD,
-        0x96, 0x2B, 0x7B, 0x12, 0x04, 0x7C, 0x0A, 0x0A,
-        0x90, 0x6A, 0x05, 0x89, 0xB4, 0xA9, 0xA4, 0x26,
-        0x46, 0x9B, 0xDA, 0x39, 0x46, 0x09, 0x1A, 0x37,
-        0x5B, 0x19, 0x52, 0xA9, 0x1C, 0x23, 0x1C, 0x0F,
-        0xE6, 0xB5, 0x7F, 0x7C, 0xC9, 0x7E, 0xFE, 0xD0,
-        0xBC, 0x10, 0x01, 0x36, 0x78, 0x23, 0xBE, 0x18,
-        0x86, 0x30, 0x8B, 0x3A, 0x21, 0x45, 0x2B, 0x7E,
-        0x45, 0x50, 0x66, 0x71, 0x9C, 0xCC, 0xEA, 0xF6,
-        0xA7, 0x26, 0xFC, 0x22, 0xBC, 0x83, 0x99, 0xF5,
-        0x4B, 0xBF, 0xCA, 0xF7, 0xCA, 0x63, 0xBA, 0x73,
-        0x17, 0x3C, 0x7A, 0xA8, 0x61, 0x9A, 0x3F, 0x48,
-        0x5C, 0x3E, 0x33, 0x04, 0x21, 0x00, 0x67, 0x66,
-        0x74, 0x6F, 0x4E, 0xF6, 0x65, 0x3E, 0x44, 0x0E,
-        0x5C, 0xDC, 0x59, 0x53, 0x40, 0x18, 0xC3, 0x52,
-        0xC0, 0x23, 0x58, 0x4C, 0xBB, 0x37, 0x4E, 0xB7,
-        0xA9, 0xB7, 0x83, 0x68, 0x32, 0xBE, 0x53, 0xAF,
-        0x27, 0x2A, 0x06, 0x97, 0x55, 0xCE, 0x2F, 0xF2,
-        0x9C, 0xD8, 0xB3, 0x94, 0xC5, 0x24, 0x22, 0xB3,
-        0x47, 0x0E, 0x27, 0x41, 0x5F, 0x41, 0xB3, 0x97,
-        0x53, 0x59, 0x59, 0xF1, 0x60, 0x00, 0x3B, 0x45,
-        0x2C, 0xF4, 0x96, 0x97, 0xB7, 0xA5, 0x36, 0x89,
-        0x85, 0x2B, 0xBE, 0x6C, 0xCF, 0xDF, 0xB4, 0x0B,
-        0x48, 0xE9, 0x32, 0x8D, 0xE1, 0x15, 0x22, 0xD0,
-        0xA4, 0x31, 0xB1, 0x15, 0xA5, 0xC0, 0xC2, 0xF4,
-        0x30, 0x7D, 0x98, 0x62, 0xC0, 0xDD, 0x1B, 0x40,
-        0xC6, 0x5A, 0x1D, 0x9D, 0x47, 0x97, 0x77, 0xE6,
-        0x90, 0x5A, 0x91, 0xA5, 0xCB, 0x24, 0x55, 0x1C,
-        0x8B, 0x1E, 0x52, 0xA3, 0xC7, 0x7B, 0x63, 0x31,
-        0x3F, 0xFC, 0x8B, 0x58, 0x17, 0x81, 0x52, 0x59,
-        0xA6, 0xAD, 0xB5, 0x96, 0x45, 0xDC, 0x4B, 0xB1,
-        0x43, 0x6D, 0x51, 0xE6, 0x2A, 0x09, 0x68, 0x34,
-        0xAF, 0x43, 0x77, 0x25, 0x10, 0xC4, 0xED, 0xF3,
-        0x4C, 0xDE, 0x0A, 0x5B, 0x57, 0xC1, 0x45, 0xE6,
-        0x87, 0xCB, 0x87, 0x16, 0x2F, 0x00, 0x1C, 0x21,
-        0xC9, 0xE1, 0x93, 0x4A, 0xC1, 0x1A, 0xAF, 0xA7,
-        0x0F, 0xF8, 0x10, 0x73, 0x26, 0x50, 0xB3, 0x2A,
-        0x30, 0x18, 0xA7, 0xC5, 0x0C, 0xD7, 0x36, 0x79,
-        0x62, 0x22, 0xC8, 0xAB, 0x82, 0x1A, 0x92, 0x83,
-        0xBE, 0x1C, 0xC2, 0x04, 0xC3, 0xF1, 0x63, 0x0D,
-        0x3C, 0xCC, 0xDB, 0x0A, 0x9A, 0x3D, 0x17, 0x55,
-        0x2B, 0x91, 0x58, 0xC0, 0x66, 0x4E, 0x5D, 0x6A,
-        0x04, 0xB0, 0xFA, 0x36, 0xDE, 0x45, 0x86, 0x2A,
-        0x46, 0xA3, 0x9E, 0xC5, 0x97, 0xAE, 0x42, 0xC3,
-        0x11, 0xC4, 0xAC, 0x22, 0x4A, 0x72, 0xD6, 0xF2,
-        0x53, 0xBB, 0x52, 0x35, 0xF7, 0xA2, 0xB8, 0xB0,
-        0xF2, 0x4D, 0x13, 0x76, 0xAF, 0x58, 0x87, 0x46,
-        0xF3, 0xBB, 0x8E, 0x03, 0x65, 0x07, 0x87, 0x61,
-        0xCA, 0xB9, 0x83, 0xA4, 0xA6, 0xA9, 0x40, 0xA3,
-        0xD9, 0x97, 0x04, 0x7A, 0x8F, 0x36, 0xA7, 0x31,
-        0xE8, 0x96, 0x52, 0x36, 0xC3, 0x7B, 0xF2, 0x00,
-        0x08, 0x2F, 0x82, 0x1D, 0xCA, 0x77, 0x16, 0xC4,
-        0x44, 0xA9, 0x0B, 0xEC, 0x53, 0x07, 0x4B, 0xBA,
-        0x58, 0xC1, 0x32, 0xBF, 0xB9, 0xA2, 0xAC, 0xE2,
-        0xCE, 0xC9, 0xAA, 0x65, 0x8E, 0xAC, 0x12, 0x32,
-        0xCC, 0xCA, 0x3C, 0x81, 0x7A, 0x92, 0xC1, 0x19,
-        0x5C, 0x05, 0xC0, 0xE1, 0xD6, 0x63, 0x9F, 0xD2,
-        0xAD, 0xE5, 0x31, 0x60, 0x7D, 0x48, 0x8B, 0x74,
-        0xA7, 0x47, 0xCF, 0xF4, 0x7F, 0xCA, 0x5C, 0x8B,
-        0x21, 0x63, 0xCA, 0x03, 0xC5, 0x45, 0xED, 0x10,
-        0x32, 0x78, 0x43, 0x0C, 0x60, 0xB2, 0x38, 0x1A,
-        0x09, 0x42, 0x7F, 0xD1, 0x30, 0xF8, 0x59, 0xBF,
-        0x5D, 0xB7, 0x76, 0xDA, 0x09, 0x5D, 0xCA, 0x58,
-        0x04, 0xFA, 0x63, 0xB0, 0xD7, 0xD8, 0x7F, 0xA9,
-        0x41, 0x5C, 0x72, 0xFB, 0x51, 0x87, 0x2A, 0x98,
-        0x9F, 0x46, 0x6C, 0x98, 0x4B, 0xC7, 0x4C, 0x29,
-        0xB8, 0x63, 0x20, 0x19, 0xCA, 0x04, 0x0C, 0x9C,
-        0xA3, 0x5E, 0x22, 0x60, 0x8D, 0xAA, 0x70, 0x35,
-        0x7A, 0xE2, 0xC3, 0xAD, 0x83, 0x63, 0x1F, 0xAA,
-        0x17, 0x4E, 0x0A, 0xCD, 0xF5, 0xDB, 0xBF, 0x3C,
-        0xF6, 0x8A, 0x05, 0xB6, 0x54, 0x3A, 0xB6, 0x26,
-        0x8E, 0x1A, 0x51, 0xB0, 0x93, 0x2C, 0x17, 0xB0,
-        0x0A, 0x13, 0x71, 0xB2, 0xDA, 0xB2, 0x41, 0xF9,
-        0x2A, 0x43, 0xFF, 0xB4, 0x56, 0xD0, 0xA8, 0xC8,
-        0x86, 0x0A, 0x8E, 0x28, 0xA6, 0x1A, 0x21, 0x30,
-        0x7C, 0xC0, 0x45, 0x6D, 0xA4, 0x24, 0x29, 0x05,
-        0xCB, 0x1D, 0x3D, 0x0B, 0xBD, 0x81, 0xBB, 0x8E,
-        0xE2, 0x74, 0xA4, 0x3C, 0x76, 0xC3, 0x10, 0x01,
-        0x95, 0x15, 0xFC, 0xC1, 0x40, 0x46, 0x7C, 0x33,
-        0x37, 0x0C, 0x86, 0x80, 0x8E, 0xCA, 0xA5, 0x8E,
-        0x3B, 0xA9, 0x3A, 0x2C, 0x11, 0x90, 0x46, 0x1C,
-        0x1D, 0xFA, 0x11, 0x30, 0x20, 0x01, 0xBB, 0xAB,
-        0x4C, 0xB1, 0xE3, 0x64, 0x2E, 0xF8, 0xCB, 0x26,
-        0x30, 0x9B, 0x60, 0x52, 0x3B, 0xC2, 0x18, 0x87,
-        0xB0, 0x7F, 0x89, 0x8C, 0xE5, 0x62, 0xA6, 0xCA,
-        0x77, 0x8E, 0xA0, 0x15, 0x05, 0x85, 0x13, 0x78,
-        0xCE, 0xA8, 0xBB, 0x7F, 0xC0, 0x9D, 0x11, 0x96,
-        0x1B, 0x6C, 0x59, 0x6F, 0x93, 0x54, 0x2A, 0x99,
-        0x04, 0x86, 0x4E, 0xB1, 0x0C, 0xD0, 0xA7, 0x03,
-        0xDB, 0xA9, 0x89, 0x21, 0x86, 0x1A, 0x87, 0xB0,
-        0x56, 0x52, 0x5C, 0x71, 0xA8, 0x43, 0x55, 0x3E,
-        0x64, 0x00, 0x77, 0x74, 0x37, 0xC9, 0x5C, 0xCC,
-        0x80, 0x85, 0xCC, 0x0C, 0x47, 0x7D, 0x66, 0x5A,
-        0x44, 0x79, 0x01, 0x9D, 0x4C, 0xD4, 0x42, 0xF7,
-        0x4A, 0x3C, 0xD8, 0x16, 0x9F, 0x42, 0x62, 0xB8,
-        0x27, 0x1B, 0x5D, 0x5A, 0x67, 0xC8, 0xC1, 0x61,
-        0x1A, 0xAE, 0x7B, 0x3D, 0x05, 0x34, 0xC0, 0x85,
-        0x97, 0x16, 0xFD, 0xF0, 0xBB, 0x68, 0x94, 0x90,
-        0x94, 0xC0, 0x6A, 0x1B, 0x73, 0xC9, 0xAA, 0x1C,
-        0xBD, 0xF3, 0x31, 0x54, 0x3D, 0xE0, 0x02, 0xA8,
-        0xC0, 0x6F, 0x94, 0xE8, 0x81, 0x0A, 0x5C, 0xB3,
-        0x73, 0x83, 0x27, 0x45, 0xD7, 0x20, 0x68, 0x3B,
-        0x57, 0x48, 0x75, 0xA6, 0x66, 0x94, 0x6D, 0x02,
-        0x96, 0x89, 0x3F, 0x2B, 0x59, 0xE9, 0x07, 0x48,
-        0x8D, 0x8C, 0x84, 0x89, 0xD4, 0x74, 0xD9, 0x29,
-        0xA0, 0x5A, 0x57, 0x3E, 0xD6, 0x67, 0x49, 0x03,
-        0x71, 0xA4, 0x6D, 0x45, 0x56, 0xCB, 0xB6, 0x8A,
-        0xAA, 0x79, 0xCC, 0x3E, 0xC6, 0x65, 0x34, 0x13,
-        0x57, 0x6C, 0x22, 0x8E, 0x37, 0x9A, 0x14, 0xCB,
-        0x90, 0xB7, 0xB7, 0x59, 0x1B, 0x19, 0xA7, 0xBD,
-        0x37, 0xA1, 0xC4, 0xD3, 0x78, 0x59, 0x89, 0x22,
-        0x19, 0x44, 0x2B, 0xB0, 0xB9, 0xB9, 0xBA, 0x67,
-        0xBA, 0x3B, 0xC0, 0xD0, 0x95, 0xC8, 0x80, 0x3C,
-        0xEB, 0xE9, 0x7A, 0xFF, 0x0B, 0x1C, 0x15, 0x35,
-        0x78, 0xA1, 0x30, 0xCD, 0x81, 0x57, 0xCF, 0x74,
-        0x59, 0x46, 0xC2, 0xF5, 0x72, 0x6D, 0x9C, 0x11,
-        0x27, 0x35, 0x75, 0x50, 0x52, 0x91, 0x34, 0x65,
-        0x28, 0xEE, 0x0B, 0xAC, 0x04, 0x7C, 0xC9, 0x84,
-        0x53, 0x8B, 0x97, 0xBB, 0xAB, 0xFC, 0xC3, 0x57,
-        0xDC, 0xB8, 0xA9, 0x8F, 0xB8, 0x57, 0xC9, 0xC5,
-        0x2D, 0x1B, 0x78, 0x67, 0x49, 0xCA, 0x61, 0x89,
-        0x2B, 0x09, 0x75, 0x99, 0x80, 0x52, 0x00, 0x91,
-        0xB9, 0xB4, 0x77, 0xC7, 0x0E, 0x6C, 0x46, 0x58,
-        0x6B, 0x1C, 0xCE, 0xBE, 0x87, 0xBC, 0xF6, 0xDF,
-        0x03, 0xC2, 0xB2, 0x7C, 0xB0, 0x9F, 0xA0, 0x3F,
-        0x63, 0x16, 0x09, 0x58, 0x38, 0x3B, 0xE6, 0x36,
-        0xC0, 0xEC, 0xC8, 0xDD, 0xAE, 0x8B, 0x59, 0x4A,
-        0x14, 0x03, 0x78, 0x68, 0xBE, 0xC0, 0xB2, 0x23,
-        0x00, 0xDE, 0xFD, 0xFA, 0xA1, 0xD9, 0x73, 0xAC,
-        0x5C, 0xEC, 0x84, 0xAE, 0x43, 0x86, 0xB8, 0xFB,
-        0xCD, 0x11, 0x9A, 0xFD, 0xC8, 0x55, 0x94, 0x42,
-        0x42, 0x4A, 0x87, 0xC1, 0x3E, 0xA1, 0x01, 0xE2,
-        0x9F, 0xCA, 0x11, 0x88, 0x18, 0x69, 0x07, 0x7E,
-        0x40, 0x92, 0xE7, 0x51, 0xBE, 0xDC, 0xA8, 0xBC
-    };
-#endif
-#ifndef WOLFSSL_NO_KYBER768
-    static const byte seed_768[KYBER_MAKEKEY_RAND_SZ] = {
-        0x92, 0xAC, 0x7D, 0x1F, 0x83, 0xBA, 0xFA, 0xE6,
-        0xEE, 0x86, 0xFE, 0x00, 0xF9, 0x5D, 0x81, 0x33,
-        0x75, 0x77, 0x24, 0x34, 0x86, 0x0F, 0x5F, 0xF7,
-        0xD5, 0x4F, 0xFC, 0x37, 0x39, 0x9B, 0xC4, 0xCC,
-        0x92, 0xAC, 0x7D, 0x1F, 0x83, 0xBA, 0xFA, 0xE6,
-        0xEE, 0x86, 0xFE, 0x00, 0xF9, 0x5D, 0x81, 0x33,
-        0x75, 0x77, 0x24, 0x34, 0x86, 0x0F, 0x5F, 0xF7,
-        0xD5, 0x4F, 0xFC, 0x37, 0x39, 0x9B, 0xC4, 0xCC
-    };
-    static const byte ek_768[KYBER768_PUBLIC_KEY_SIZE] = {
-        0xD2, 0xE6, 0x9A, 0x05, 0x53, 0x4A, 0x72, 0x32,
-        0xC5, 0xF1, 0xB7, 0x66, 0xE9, 0x3A, 0x5E, 0xE2,
-        0xEA, 0x1B, 0x26, 0xE8, 0x60, 0xA3, 0x44, 0x1A,
-        0xDE, 0xA9, 0x1E, 0xDB, 0x78, 0x2C, 0xAB, 0xC8,
-        0xA5, 0xD0, 0x11, 0xA2, 0x1B, 0xC3, 0x88, 0xE7,
-        0xF4, 0x86, 0xF0, 0xB7, 0x99, 0x30, 0x79, 0xAE,
-        0x3F, 0x1A, 0x7C, 0x85, 0xD2, 0x7D, 0x0F, 0x49,
-        0x21, 0x84, 0xD5, 0x90, 0x62, 0x14, 0x2B, 0x76,
-        0xA4, 0x37, 0x34, 0xA9, 0x0D, 0x55, 0x6A, 0x95,
-        0xDC, 0x48, 0x3D, 0xD8, 0x21, 0x04, 0xED, 0x58,
-        0xCA, 0x15, 0x71, 0xC3, 0x96, 0x85, 0x82, 0x79,
-        0x51, 0x43, 0x4C, 0xC1, 0x00, 0x1A, 0xA4, 0xC8,
-        0x13, 0x26, 0x1E, 0x4F, 0x93, 0x02, 0x8E, 0x14,
-        0xCD, 0x08, 0xF7, 0x68, 0xA4, 0x54, 0x31, 0x0C,
-        0x3B, 0x01, 0x0C, 0x83, 0xB7, 0x4D, 0x04, 0xA5,
-        0x7B, 0xB9, 0x77, 0xB3, 0xD8, 0xBC, 0xF3, 0xAA,
-        0xA7, 0x8C, 0xA1, 0x2B, 0x78, 0xF0, 0x10, 0xD9,
-        0x51, 0x34, 0x92, 0x8A, 0x5E, 0x5D, 0x96, 0xA0,
-        0x29, 0xB4, 0x42, 0xA4, 0x18, 0x88, 0x03, 0x8B,
-        0x29, 0xC2, 0xF1, 0x22, 0xB0, 0xB6, 0xB3, 0xAF,
-        0x12, 0x1A, 0xEA, 0x29, 0xA0, 0x55, 0x53, 0xBD,
-        0xF1, 0xDB, 0x60, 0x7A, 0xFB, 0x17, 0x00, 0x18,
-        0x60, 0xAF, 0x18, 0x23, 0xBC, 0xF0, 0x3D, 0xB3,
-        0xB4, 0x41, 0xDA, 0x16, 0x3A, 0x28, 0xC5, 0x23,
-        0xA5, 0xFB, 0x46, 0x69, 0xA6, 0x42, 0x34, 0xA4,
-        0xBC, 0xD1, 0x21, 0x7F, 0xF2, 0x63, 0x5B, 0xD9,
-        0x76, 0x80, 0xFF, 0x93, 0x8D, 0xBC, 0xF1, 0x0E,
-        0x95, 0x32, 0xA9, 0xA7, 0x9A, 0x5B, 0x07, 0x3A,
-        0x9E, 0x8D, 0xB2, 0x12, 0x3D, 0x21, 0x0F, 0xAE,
-        0xA2, 0x00, 0xB6, 0x64, 0x83, 0x8E, 0x80, 0x07,
-        0x1F, 0x2B, 0xA2, 0x54, 0xAA, 0xC8, 0x90, 0xA4,
-        0x6E, 0x28, 0xEC, 0x34, 0x2D, 0x92, 0x81, 0x2B,
-        0x01, 0x59, 0x30, 0x71, 0x65, 0x7E, 0x7A, 0x3A,
-        0x4A, 0x75, 0xCB, 0x3D, 0x52, 0x79, 0xCE, 0x88,
-        0x40, 0x5A, 0xC5, 0xAD, 0xAC, 0xB2, 0x05, 0x1E,
-        0x02, 0x2E, 0xE0, 0xAC, 0x9B, 0xBF, 0xE3, 0x2D,
-        0xEF, 0x98, 0x66, 0x7E, 0xD3, 0x47, 0xAD, 0xCB,
-        0x39, 0x30, 0xF3, 0xCA, 0xD0, 0x31, 0x39, 0x1B,
-        0x70, 0x9A, 0x4E, 0x61, 0xB8, 0xDD, 0x4B, 0x3F,
-        0xB7, 0x41, 0xB5, 0xBD, 0x60, 0xBF, 0x30, 0x40,
-        0x15, 0xEE, 0x75, 0x46, 0xA2, 0x4B, 0x59, 0xEA,
-        0xDC, 0xA1, 0x37, 0xC7, 0x12, 0x50, 0x74, 0x72,
-        0x6B, 0x76, 0x86, 0xEC, 0x55, 0x1B, 0x7B, 0xC2,
-        0x6B, 0xBD, 0xB2, 0x0F, 0xC3, 0x78, 0x35, 0x34,
-        0xE3, 0x4E, 0xE1, 0xF1, 0xBC, 0x6B, 0x77, 0xAB,
-        0x49, 0xA6, 0x66, 0x78, 0x46, 0x97, 0x57, 0x78,
-        0xC3, 0xC5, 0x36, 0x83, 0x04, 0x50, 0xA3, 0xFA,
-        0x91, 0x02, 0x59, 0x72, 0x2F, 0x3F, 0x80, 0x6E,
-        0x6E, 0xB4, 0xB9, 0x34, 0x67, 0x63, 0xFE, 0xF0,
-        0x92, 0x2B, 0xC4, 0xB6, 0xEB, 0x38, 0x26, 0xAF,
-        0xF2, 0x4E, 0xAD, 0xC6, 0xCF, 0x6E, 0x47, 0x7C,
-        0x2E, 0x05, 0x5C, 0xFB, 0x7A, 0x90, 0xA5, 0x5C,
-        0x06, 0xD0, 0xB2, 0xA2, 0xF5, 0x11, 0x60, 0x69,
-        0xE6, 0x4A, 0x5B, 0x50, 0x78, 0xC0, 0x57, 0x7B,
-        0xC8, 0xE7, 0x90, 0x0E, 0xA7, 0x1C, 0x34, 0x1C,
-        0x02, 0xAD, 0x85, 0x4E, 0xA5, 0xA0, 0x1A, 0xF2,
-        0xA6, 0x05, 0xCB, 0x20, 0x68, 0xD5, 0x24, 0x38,
-        0xCD, 0xDC, 0x60, 0xB0, 0x38, 0x82, 0xCC, 0x02,
-        0x4D, 0x13, 0x04, 0x5F, 0x2B, 0xA6, 0xB0, 0xF4,
-        0x46, 0xAA, 0xA5, 0x95, 0x87, 0x60, 0x61, 0x79,
-        0x45, 0x37, 0x1F, 0xD7, 0x8C, 0x28, 0xA4, 0x06,
-        0x77, 0xA6, 0xE7, 0x2F, 0x51, 0x3B, 0x9E, 0x06,
-        0x67, 0xA9, 0xBA, 0xF4, 0x46, 0xC1, 0xBA, 0x93,
-        0x1B, 0xA8, 0x18, 0x34, 0x23, 0x47, 0x92, 0xA2,
-        0xA2, 0xB2, 0xB3, 0x70, 0x1F, 0x31, 0xB7, 0xCF,
-        0x46, 0x7C, 0x80, 0xF1, 0x98, 0x11, 0x41, 0xBB,
-        0x45, 0x77, 0x93, 0xE1, 0x30, 0x70, 0x91, 0xC4,
-        0x8B, 0x59, 0x14, 0x64, 0x6A, 0x60, 0xCE, 0x1A,
-        0x30, 0x15, 0x43, 0x77, 0x9D, 0x7C, 0x33, 0x42,
-        0xAD, 0x17, 0x97, 0x96, 0xC2, 0xC4, 0x40, 0xD9,
-        0x9D, 0xF9, 0xD4, 0x1B, 0x52, 0xE3, 0x26, 0x25,
-        0xA8, 0x2A, 0xA5, 0xF5, 0x79, 0xA9, 0x92, 0x0B,
-        0xFF, 0xBA, 0x96, 0x4F, 0xA7, 0x0D, 0xB2, 0x59,
-        0xC8, 0x5E, 0x68, 0xC8, 0x13, 0x81, 0x7B, 0x13,
-        0x47, 0xBF, 0x19, 0x81, 0x4D, 0xA5, 0xE9, 0x36,
-        0x4A, 0x46, 0x45, 0xE6, 0x21, 0x92, 0x3D, 0x95,
-        0x5C, 0x21, 0x1A, 0x55, 0xD3, 0x55, 0xC8, 0x16,
-        0xDA, 0x04, 0x73, 0x0A, 0xA3, 0x24, 0x08, 0x5E,
-        0x62, 0x2B, 0x51, 0xD6, 0x10, 0x9B, 0x49, 0xF6,
-        0x73, 0xAD, 0xD0, 0x0E, 0x41, 0x47, 0x55, 0xC8,
-        0x02, 0x4A, 0xA0, 0x16, 0x4F, 0x24, 0x55, 0x6D,
-        0xED, 0x96, 0x3D, 0x61, 0x14, 0x38, 0x56, 0xCB,
-        0x4F, 0xF0, 0x56, 0x7E, 0x33, 0x20, 0x73, 0x0D,
-        0xBC, 0xBF, 0x12, 0xF6, 0x6E, 0x2B, 0x70, 0xB2,
-        0x00, 0x54, 0xA6, 0xDE, 0xA4, 0x26, 0x14, 0xB5,
-        0x0E, 0xF7, 0x2B, 0x15, 0x6F, 0x51, 0x49, 0xFC,
-        0x26, 0x3D, 0xD7, 0xE0, 0x39, 0xC5, 0x5A, 0x3E,
-        0xE9, 0x82, 0x7D, 0xF9, 0x2C, 0x56, 0x5D, 0x24,
-        0xC5, 0x5E, 0x0A, 0x81, 0xC6, 0x49, 0x46, 0x95,
-        0x34, 0x4D, 0x94, 0x87, 0x48, 0xAF, 0xBA, 0x9F,
-        0x76, 0x2C, 0x0E, 0xA9, 0x0B, 0xB7, 0x24, 0x89,
-        0x79, 0x02, 0x00, 0x07, 0x75, 0x61, 0x39, 0x49,
-        0x60, 0x2C, 0x48, 0xC7, 0x8A, 0x94, 0x40, 0x67,
-        0x8C, 0x24, 0x08, 0x6D, 0x32, 0x6D, 0x79, 0x64,
-        0x3B, 0xAF, 0x70, 0x36, 0xC6, 0x6C, 0x7E, 0x02,
-        0x6A, 0xAE, 0xFD, 0xA2, 0x80, 0x7A, 0x60, 0xBD,
-        0x7F, 0xC9, 0x13, 0x63, 0xBB, 0x02, 0x34, 0xA5,
-        0x90, 0x98, 0x4A, 0xA0, 0x11, 0xF1, 0x1D, 0x40,
-        0x26, 0x82, 0x18, 0xA1, 0x58, 0x83, 0x77, 0xB3,
-        0xD7, 0x67, 0x1B, 0x8B, 0x99, 0x78, 0x99, 0x19,
-        0xB8, 0x6E, 0xE8, 0x2B, 0x18, 0xEC, 0x22, 0xD4,
-        0xE8, 0x0A, 0x1F, 0x27, 0x85, 0x3D, 0x88, 0x94,
-        0x19, 0xD4, 0x60, 0xDE, 0xF7, 0x56, 0x7A, 0xA4,
-        0x56, 0x79, 0x69, 0xC4, 0x30, 0x48, 0xC3, 0x2B,
-        0x84, 0x62, 0xA9, 0xC9, 0x38, 0x6E, 0xB3, 0x15,
-        0x2A, 0x69, 0x76, 0xAA, 0x78, 0x3C, 0xDD, 0x1A,
-        0x8C, 0x57, 0xA9, 0xB6, 0xBB, 0xD8, 0x37, 0xA0,
-        0x06, 0x24, 0xB5, 0x8B, 0x4B, 0xA3, 0xDB, 0xB6,
-        0x3B, 0xB8, 0x20, 0x0E, 0x7B, 0xC8, 0x88, 0x81,
-        0xBE, 0xBD, 0xA9, 0x25, 0xBC, 0xA0, 0x28, 0xE2,
-        0x91, 0xAA, 0x1C, 0x22, 0x53, 0x9C, 0xD0, 0x4F,
-        0x90, 0x09, 0x0D, 0x7F, 0x74, 0x10, 0x8C, 0x32,
-        0xB8, 0x02, 0x2C, 0x15, 0x91, 0xC8, 0x81, 0xE7,
-        0x63, 0x04, 0xE2, 0x40, 0x81, 0x90, 0xE2, 0x0F,
-        0x09, 0xA5, 0x4F, 0xC2, 0x34, 0x20, 0xE2, 0x62,
-        0x0E, 0x9D, 0x87, 0xA3, 0x10, 0x8A, 0x94, 0xFE,
-        0xEA, 0x72, 0xD5, 0xAB, 0x7F, 0xCF, 0xB9, 0x72,
-        0xE6, 0x56, 0x1B, 0x1A, 0x7B, 0x06, 0x2F, 0x1A,
-        0x68, 0x2E, 0x02, 0x0A, 0xA2, 0x56, 0x28, 0x12,
-        0xB2, 0x96, 0x54, 0x7B, 0x91, 0x78, 0x24, 0xCD,
-        0xB8, 0x8C, 0x58, 0x2B, 0x5A, 0x68, 0x90, 0x17,
-        0x7B, 0xC7, 0x0C, 0x91, 0xAC, 0xAC, 0x9A, 0xBE,
-        0x29, 0x0A, 0xEB, 0x2C, 0x34, 0xA7, 0xE2, 0x36,
-        0x89, 0x55, 0xCB, 0x45, 0x6A, 0x34, 0x53, 0x68,
-        0xAB, 0xE3, 0xB9, 0x1B, 0x47, 0xFC, 0x30, 0xB0,
-        0x23, 0x3A, 0x09, 0xBA, 0x79, 0xFB, 0x11, 0x23,
-        0x8A, 0xC5, 0x08, 0xCC, 0xE6, 0x10, 0x95, 0xF8,
-        0x54, 0xC2, 0x32, 0x04, 0xA8, 0xD3, 0x6B, 0xFC,
-        0x2C, 0x6E, 0x05, 0xA7, 0x2A, 0xF5, 0x24, 0x4B,
-        0x17, 0xC1, 0x21, 0x01, 0xE0, 0x14, 0x51, 0x57,
-        0x0E, 0xB1, 0x10, 0x56, 0x7E, 0x85, 0x0E, 0x79,
-        0xC0, 0x00, 0x14, 0x24, 0x41, 0xFE, 0x41, 0x60,
-        0x02, 0x75, 0x45, 0xF6, 0x29, 0x0E, 0x85, 0x45,
-        0x1B, 0x80, 0x23, 0x4A, 0x94, 0x06, 0xC3, 0x90,
-        0xB0, 0xCE, 0xA3, 0xC8, 0x33, 0x5D, 0x4C, 0x6F,
-        0x85, 0x50, 0xB5, 0x44, 0xC9, 0x34, 0x3E, 0x61,
-        0xBA, 0x1C, 0x84, 0x89, 0xD1, 0xB0, 0x39, 0x97,
-        0x39, 0x16, 0x8A, 0xF7, 0x40, 0xA4, 0x81, 0xB0,
-        0xF5, 0xC3, 0x37, 0x25, 0x30, 0xCA, 0x06, 0xB5,
-        0x08, 0xEC, 0xE8, 0x38, 0xAB, 0x78, 0xBE, 0xE1,
-        0xE5, 0x97, 0xA9, 0xB1, 0x4F, 0x6A, 0xEC, 0x7A,
-        0x3B, 0xD1, 0xAA, 0x8D, 0x10, 0xBA, 0xC2, 0x3B,
-        0x98, 0x02, 0x90, 0x2C, 0xD5, 0x29, 0xAB, 0x6E,
-        0xF5, 0x4D, 0xB3, 0x11, 0x0C, 0xFB, 0x56, 0x1E,
-        0x7E, 0x69, 0x48, 0xE6, 0x52, 0x81, 0x25, 0x04,
-        0x16, 0xC3, 0x49, 0xC8, 0x10, 0x0B, 0x3B, 0x4D,
-        0x3D, 0x0F, 0x62, 0xAC, 0xAD, 0x8D, 0x16, 0x11,
-        0x75, 0xB1, 0x34, 0xF7, 0x56, 0x49, 0x37, 0xCD
-    };
-    static const byte dk_768[KYBER768_PRIVATE_KEY_SIZE] = {
-        0x19, 0xD7, 0x4A, 0xD5, 0x47, 0x2A, 0x8B, 0x2B,
-        0xAA, 0xD2, 0xA5, 0x67, 0x02, 0xC9, 0xB3, 0xB5,
-        0x51, 0x0E, 0xF3, 0x92, 0x48, 0x58, 0x06, 0x1D,
-        0x57, 0xF9, 0x0D, 0xD9, 0xA1, 0xA0, 0x1F, 0xEC,
-        0x2F, 0x57, 0xC5, 0x1A, 0x88, 0x88, 0x05, 0x34,
-        0x1B, 0x61, 0x7C, 0x51, 0x55, 0x39, 0x59, 0x77,
-        0x50, 0x83, 0x5C, 0x3E, 0xD7, 0xA0, 0x33, 0xB0,
-        0x39, 0xD7, 0x24, 0x91, 0x33, 0x2C, 0x5D, 0xF4,
-        0xA6, 0x9B, 0x6D, 0xF2, 0x61, 0x71, 0x87, 0x7A,
-        0xD1, 0xE5, 0x0A, 0xC5, 0x01, 0x00, 0xBE, 0x47,
-        0x28, 0x78, 0x66, 0x85, 0xDA, 0x7A, 0x73, 0x9E,
-        0x84, 0x3F, 0xF0, 0xD4, 0x59, 0x22, 0xD7, 0x28,
-        0x1E, 0x21, 0x0D, 0x5E, 0x82, 0xB9, 0x44, 0x65,
-        0x2F, 0x48, 0x62, 0xCF, 0xB3, 0xD9, 0x02, 0xDE,
-        0x60, 0xAF, 0xD0, 0xA1, 0x64, 0x47, 0x1B, 0x26,
-        0x14, 0x4A, 0x1D, 0x7A, 0x38, 0x09, 0x65, 0x03,
-        0x09, 0x59, 0x11, 0x76, 0x2E, 0xBA, 0x79, 0x62,
-        0xC4, 0x51, 0x1D, 0x05, 0xA1, 0x28, 0xF2, 0x78,
-        0x1E, 0xCB, 0x3D, 0x1F, 0x5B, 0xB1, 0x24, 0x42,
-        0x37, 0x61, 0x1A, 0xBA, 0xB9, 0x24, 0x99, 0x1F,
-        0x8A, 0x27, 0x32, 0xE2, 0x70, 0x32, 0x35, 0x79,
-        0x20, 0xF1, 0x97, 0xC7, 0x69, 0x2D, 0x60, 0xA9,
-        0x44, 0x44, 0x72, 0x25, 0x8C, 0xB4, 0x57, 0xC1,
-        0xB7, 0x1B, 0x77, 0x99, 0x54, 0x69, 0xF3, 0xA9,
-        0x62, 0xF3, 0xAB, 0xA6, 0x69, 0x96, 0x14, 0xFC,
-        0xCC, 0xEA, 0x74, 0x1E, 0x21, 0xC6, 0x00, 0xC4,
-        0x35, 0x7B, 0xBF, 0xAB, 0x45, 0x29, 0x27, 0xC3,
-        0xD4, 0x41, 0xBF, 0x8E, 0xD7, 0x31, 0x52, 0xF7,
-        0x5C, 0x08, 0xF5, 0x40, 0xE1, 0x86, 0xAC, 0xCA,
-        0x33, 0x26, 0xF4, 0x22, 0xC8, 0x4B, 0x98, 0x8D,
-        0x77, 0xE6, 0x1A, 0xE6, 0x18, 0x59, 0xCF, 0x85,
-        0x41, 0xF8, 0x92, 0x09, 0xE4, 0x98, 0x30, 0x40,
-        0xC5, 0x61, 0x76, 0x54, 0x80, 0x88, 0x52, 0xB6,
-        0x49, 0xB8, 0x99, 0xA3, 0x99, 0xAE, 0xC2, 0xC8,
-        0xBB, 0xA8, 0xA5, 0x42, 0xF3, 0x45, 0xAB, 0xF2,
-        0x81, 0x3F, 0x65, 0xE9, 0xA7, 0x91, 0xD3, 0x2C,
-        0xC2, 0xD7, 0x60, 0x26, 0xFB, 0x8D, 0x0C, 0x94,
-        0xB6, 0x57, 0x48, 0x9A, 0xBB, 0x48, 0x7D, 0xA4,
-        0xA2, 0xC0, 0xE3, 0x86, 0x8D, 0x3C, 0xF4, 0x7F,
-        0x1C, 0xBB, 0x2F, 0xA7, 0x9C, 0x53, 0xCF, 0xF6,
-        0x26, 0x47, 0x77, 0xC0, 0x9B, 0x17, 0x7C, 0x91,
-        0x31, 0x54, 0x84, 0xD2, 0xB3, 0x0B, 0x0C, 0xA2,
-        0x1F, 0x55, 0xAD, 0xD2, 0x3C, 0x57, 0xE1, 0x91,
-        0x1C, 0x3F, 0x08, 0x6B, 0xCA, 0xD2, 0x17, 0x98,
-        0x48, 0x6E, 0xB4, 0x7B, 0x7C, 0x58, 0x57, 0x73,
-        0x81, 0xC0, 0x9F, 0x52, 0x52, 0x58, 0x2D, 0x1B,
-        0x27, 0xA7, 0xD5, 0xB8, 0xE0, 0x60, 0xCE, 0x78,
-        0x20, 0x9C, 0xC8, 0x2B, 0xAE, 0x4D, 0xA6, 0x06,
-        0x80, 0x0C, 0x8D, 0xB1, 0x26, 0x8F, 0x7A, 0xD2,
-        0xB7, 0x93, 0xA4, 0x4F, 0x34, 0x61, 0x2C, 0xCE,
-        0xA3, 0x1C, 0xE7, 0xD7, 0x96, 0xA6, 0x5A, 0x26,
-        0x91, 0xD6, 0x15, 0x00, 0x62, 0x5F, 0x83, 0xE7,
-        0xBE, 0x57, 0x07, 0x7E, 0xE9, 0xC1, 0xB8, 0xC1,
-        0xCA, 0xA1, 0x37, 0xCC, 0x4B, 0x65, 0x73, 0x30,
-        0x8C, 0x19, 0x66, 0x8B, 0x24, 0xB0, 0x1E, 0x96,
-        0x69, 0x03, 0xAB, 0xBC, 0xB7, 0x9B, 0x67, 0xBE,
-        0x0A, 0x3E, 0x3E, 0x05, 0x8A, 0xAD, 0xA1, 0x89,
-        0xB9, 0xEA, 0x80, 0x35, 0x9A, 0xC2, 0x6F, 0x4C,
-        0x5C, 0x53, 0x73, 0x5F, 0xE4, 0xFC, 0x35, 0x24,
-        0x73, 0x37, 0x76, 0x0C, 0xCA, 0x35, 0x29, 0xB8,
-        0xD2, 0x66, 0xBB, 0x6C, 0x48, 0x01, 0x06, 0x54,
-        0xCD, 0xBC, 0x5A, 0x3E, 0x97, 0x57, 0x52, 0x46,
-        0x75, 0xAB, 0xC4, 0x13, 0x13, 0x0C, 0xC2, 0x70,
-        0x1F, 0x28, 0x93, 0x3E, 0xAB, 0xB8, 0x39, 0x2B,
-        0x0D, 0x6D, 0x05, 0x9C, 0xFC, 0x3A, 0x30, 0x32,
-        0x6C, 0x4F, 0xCC, 0x81, 0x0B, 0x37, 0xA4, 0x74,
-        0x8C, 0x1C, 0x53, 0x92, 0x8A, 0x49, 0x13, 0xE4,
-        0x8B, 0x18, 0x66, 0x97, 0x16, 0x2C, 0x33, 0xFF,
-        0xFB, 0x06, 0xDD, 0x51, 0x61, 0xC8, 0x63, 0x9D,
-        0xB1, 0x95, 0xC6, 0xCA, 0x64, 0x82, 0x9B, 0x2B,
-        0x3A, 0x2E, 0x4C, 0x96, 0x83, 0xB6, 0x6D, 0xF7,
-        0xFB, 0x19, 0x09, 0x90, 0x4E, 0x00, 0x02, 0x0D,
-        0xBA, 0x13, 0x4E, 0x02, 0xA1, 0x68, 0xD7, 0x6A,
-        0xC0, 0x76, 0xBB, 0x77, 0xD4, 0xDC, 0x84, 0x96,
-        0xB4, 0xBB, 0xE7, 0xB4, 0x69, 0x0B, 0xA2, 0x9B,
-        0x62, 0xA9, 0x1A, 0xBE, 0x72, 0xBE, 0xF3, 0x23,
-        0xA4, 0x4C, 0x89, 0x03, 0xE4, 0x82, 0xB6, 0x0D,
-        0x99, 0xBA, 0x61, 0xD1, 0xBB, 0xCF, 0x9C, 0xB9,
-        0x67, 0x35, 0x34, 0xC1, 0xD6, 0x47, 0x66, 0x23,
-        0x74, 0xEE, 0x2C, 0x7C, 0x5F, 0x00, 0x81, 0xBA,
-        0xD1, 0x49, 0xF4, 0x42, 0x06, 0x71, 0x76, 0x84,
-        0xD9, 0x74, 0x6B, 0x20, 0x48, 0x63, 0x3A, 0xF7,
-        0xA6, 0x8C, 0x68, 0x65, 0xFB, 0x59, 0x03, 0x58,
-        0xD8, 0xCF, 0x82, 0x14, 0x58, 0x36, 0x9B, 0x0C,
-        0x31, 0xEB, 0x59, 0x7C, 0xF5, 0xBE, 0x78, 0xEB,
-        0x48, 0x0E, 0xA0, 0x4E, 0x35, 0xFA, 0xCC, 0x38,
-        0x03, 0x72, 0xC8, 0xC0, 0xA0, 0x4D, 0xE2, 0x76,
-        0xB1, 0xA7, 0x21, 0x21, 0xE5, 0x96, 0xCB, 0xB2,
-        0x5E, 0xF7, 0x53, 0x6A, 0xD3, 0x80, 0x41, 0x84,
-        0xA8, 0x7B, 0xDF, 0xB5, 0xA7, 0x69, 0x16, 0x0B,
-        0xFB, 0xB0, 0xCA, 0x3C, 0x36, 0x07, 0x90, 0xE5,
-        0x56, 0x2B, 0xB7, 0x8E, 0xFE, 0x00, 0x69, 0xC7,
-        0x74, 0x83, 0xAD, 0x35, 0xCA, 0xC2, 0x37, 0xC6,
-        0x1D, 0xE7, 0x8A, 0x7D, 0xB4, 0x6F, 0xC9, 0x17,
-        0x12, 0x4C, 0xA1, 0x75, 0x10, 0xDB, 0x7D, 0xA2,
-        0x18, 0x89, 0x0F, 0x44, 0x8E, 0xF6, 0x31, 0x86,
-        0x13, 0xA1, 0xC9, 0x7C, 0x92, 0x8E, 0x2B, 0x7B,
-        0x6A, 0x54, 0x61, 0x7B, 0xCC, 0xB6, 0xCD, 0xF2,
-        0x78, 0xAE, 0x54, 0x2B, 0x56, 0xAD, 0x7B, 0xB5,
-        0xEC, 0xD8, 0xC4, 0x6A, 0x66, 0xC4, 0xFA, 0x09,
-        0x50, 0xCE, 0x41, 0x35, 0x2C, 0xB8, 0x57, 0x11,
-        0x89, 0x04, 0x58, 0xF2, 0x99, 0xBF, 0x40, 0xBA,
-        0x6F, 0xF2, 0xC0, 0x71, 0x38, 0x62, 0x26, 0x8B,
-        0x5F, 0x08, 0xE4, 0x98, 0x45, 0xB0, 0x94, 0x43,
-        0x99, 0x7A, 0xB2, 0x9A, 0x62, 0x07, 0x3C, 0x0D,
-        0x98, 0x18, 0xC0, 0x20, 0x16, 0x7D, 0x47, 0x49,
-        0x23, 0x1C, 0x05, 0x9E, 0x6F, 0x48, 0x3F, 0x97,
-        0x68, 0x17, 0xC9, 0x0C, 0x20, 0xA9, 0xC9, 0x37,
-        0x07, 0x9C, 0x2D, 0x4B, 0xE3, 0x0D, 0xA9, 0x74,
-        0xA9, 0x7E, 0x4B, 0xC5, 0x3E, 0xD9, 0x6A, 0x55,
-        0x16, 0x9F, 0x4A, 0x23, 0xA3, 0xEA, 0x24, 0xBD,
-        0x8E, 0x01, 0xB8, 0xFA, 0xEB, 0x95, 0xD4, 0xE5,
-        0x3F, 0xFF, 0xEC, 0xB6, 0x08, 0x02, 0xC3, 0x88,
-        0xA4, 0x0F, 0x46, 0x60, 0x54, 0x0B, 0x1B, 0x1F,
-        0x81, 0x76, 0xC9, 0x81, 0x1B, 0xB2, 0x6A, 0x68,
-        0x3C, 0xA7, 0x89, 0x56, 0x4A, 0x29, 0x40, 0xFC,
-        0xEB, 0x2C, 0xE6, 0xA9, 0x2A, 0x1E, 0xE4, 0x5E,
-        0xE4, 0xC3, 0x18, 0x57, 0xC9, 0xB9, 0xB8, 0xB5,
-        0x6A, 0x79, 0xD9, 0x5A, 0x46, 0xCB, 0x39, 0x3A,
-        0x31, 0xA2, 0x73, 0x7B, 0xAF, 0xEA, 0x6C, 0x81,
-        0x06, 0x6A, 0x67, 0x2B, 0x34, 0xC1, 0x0A, 0xA9,
-        0x89, 0x57, 0xC9, 0x17, 0x66, 0xB7, 0x30, 0x03,
-        0x6A, 0x56, 0xD9, 0x40, 0xAA, 0x4E, 0xBC, 0xB7,
-        0x58, 0xB0, 0x83, 0x51, 0xE2, 0xC4, 0xFD, 0x19,
-        0x45, 0x3B, 0xF3, 0xA6, 0x29, 0x2A, 0x99, 0x3D,
-        0x67, 0xC7, 0xEC, 0xC7, 0x2F, 0x42, 0xF7, 0x82,
-        0xE9, 0xEB, 0xAA, 0x1A, 0x8B, 0x3B, 0x0F, 0x56,
-        0x7A, 0xB3, 0x94, 0x21, 0xF6, 0xA6, 0x7A, 0x6B,
-        0x84, 0x10, 0xFD, 0x94, 0xA7, 0x21, 0xD3, 0x65,
-        0xF1, 0x63, 0x9E, 0x9D, 0xDA, 0xBF, 0xD0, 0xA6,
-        0xCE, 0x1A, 0x46, 0x05, 0xBD, 0x2B, 0x1C, 0x9B,
-        0x97, 0x7B, 0xD1, 0xEA, 0x32, 0x86, 0x73, 0x68,
-        0xD6, 0xE6, 0x39, 0xD0, 0x19, 0xAC, 0x10, 0x18,
-        0x53, 0xBC, 0x15, 0x3C, 0x86, 0xF8, 0x52, 0x80,
-        0xFC, 0x76, 0x3B, 0xA2, 0x4F, 0xB5, 0x7A, 0x29,
-        0x6C, 0xB1, 0x2D, 0x32, 0xE0, 0x8A, 0xB3, 0x2C,
-        0x55, 0x1D, 0x5A, 0x45, 0xA4, 0xA2, 0x8F, 0x9A,
-        0xDC, 0x28, 0xF7, 0xA2, 0x90, 0x0E, 0x25, 0xA4,
-        0x0B, 0x51, 0x90, 0xB2, 0x2A, 0xB1, 0x9D, 0xFB,
-        0x24, 0x6F, 0x42, 0xB2, 0x4F, 0x97, 0xCC, 0xA9,
-        0xB0, 0x9B, 0xEA, 0xD2, 0x46, 0xE1, 0x73, 0x4F,
-        0x44, 0x66, 0x77, 0xB3, 0x8B, 0x75, 0x22, 0xB7,
-        0x80, 0x72, 0x7C, 0x11, 0x74, 0x40, 0xC9, 0xF1,
-        0xA0, 0x24, 0x52, 0x0C, 0x14, 0x1A, 0x69, 0xCD,
-        0xD2, 0xE6, 0x9A, 0x05, 0x53, 0x4A, 0x72, 0x32,
-        0xC5, 0xF1, 0xB7, 0x66, 0xE9, 0x3A, 0x5E, 0xE2,
-        0xEA, 0x1B, 0x26, 0xE8, 0x60, 0xA3, 0x44, 0x1A,
-        0xDE, 0xA9, 0x1E, 0xDB, 0x78, 0x2C, 0xAB, 0xC8,
-        0xA5, 0xD0, 0x11, 0xA2, 0x1B, 0xC3, 0x88, 0xE7,
-        0xF4, 0x86, 0xF0, 0xB7, 0x99, 0x30, 0x79, 0xAE,
-        0x3F, 0x1A, 0x7C, 0x85, 0xD2, 0x7D, 0x0F, 0x49,
-        0x21, 0x84, 0xD5, 0x90, 0x62, 0x14, 0x2B, 0x76,
-        0xA4, 0x37, 0x34, 0xA9, 0x0D, 0x55, 0x6A, 0x95,
-        0xDC, 0x48, 0x3D, 0xD8, 0x21, 0x04, 0xED, 0x58,
-        0xCA, 0x15, 0x71, 0xC3, 0x96, 0x85, 0x82, 0x79,
-        0x51, 0x43, 0x4C, 0xC1, 0x00, 0x1A, 0xA4, 0xC8,
-        0x13, 0x26, 0x1E, 0x4F, 0x93, 0x02, 0x8E, 0x14,
-        0xCD, 0x08, 0xF7, 0x68, 0xA4, 0x54, 0x31, 0x0C,
-        0x3B, 0x01, 0x0C, 0x83, 0xB7, 0x4D, 0x04, 0xA5,
-        0x7B, 0xB9, 0x77, 0xB3, 0xD8, 0xBC, 0xF3, 0xAA,
-        0xA7, 0x8C, 0xA1, 0x2B, 0x78, 0xF0, 0x10, 0xD9,
-        0x51, 0x34, 0x92, 0x8A, 0x5E, 0x5D, 0x96, 0xA0,
-        0x29, 0xB4, 0x42, 0xA4, 0x18, 0x88, 0x03, 0x8B,
-        0x29, 0xC2, 0xF1, 0x22, 0xB0, 0xB6, 0xB3, 0xAF,
-        0x12, 0x1A, 0xEA, 0x29, 0xA0, 0x55, 0x53, 0xBD,
-        0xF1, 0xDB, 0x60, 0x7A, 0xFB, 0x17, 0x00, 0x18,
-        0x60, 0xAF, 0x18, 0x23, 0xBC, 0xF0, 0x3D, 0xB3,
-        0xB4, 0x41, 0xDA, 0x16, 0x3A, 0x28, 0xC5, 0x23,
-        0xA5, 0xFB, 0x46, 0x69, 0xA6, 0x42, 0x34, 0xA4,
-        0xBC, 0xD1, 0x21, 0x7F, 0xF2, 0x63, 0x5B, 0xD9,
-        0x76, 0x80, 0xFF, 0x93, 0x8D, 0xBC, 0xF1, 0x0E,
-        0x95, 0x32, 0xA9, 0xA7, 0x9A, 0x5B, 0x07, 0x3A,
-        0x9E, 0x8D, 0xB2, 0x12, 0x3D, 0x21, 0x0F, 0xAE,
-        0xA2, 0x00, 0xB6, 0x64, 0x83, 0x8E, 0x80, 0x07,
-        0x1F, 0x2B, 0xA2, 0x54, 0xAA, 0xC8, 0x90, 0xA4,
-        0x6E, 0x28, 0xEC, 0x34, 0x2D, 0x92, 0x81, 0x2B,
-        0x01, 0x59, 0x30, 0x71, 0x65, 0x7E, 0x7A, 0x3A,
-        0x4A, 0x75, 0xCB, 0x3D, 0x52, 0x79, 0xCE, 0x88,
-        0x40, 0x5A, 0xC5, 0xAD, 0xAC, 0xB2, 0x05, 0x1E,
-        0x02, 0x2E, 0xE0, 0xAC, 0x9B, 0xBF, 0xE3, 0x2D,
-        0xEF, 0x98, 0x66, 0x7E, 0xD3, 0x47, 0xAD, 0xCB,
-        0x39, 0x30, 0xF3, 0xCA, 0xD0, 0x31, 0x39, 0x1B,
-        0x70, 0x9A, 0x4E, 0x61, 0xB8, 0xDD, 0x4B, 0x3F,
-        0xB7, 0x41, 0xB5, 0xBD, 0x60, 0xBF, 0x30, 0x40,
-        0x15, 0xEE, 0x75, 0x46, 0xA2, 0x4B, 0x59, 0xEA,
-        0xDC, 0xA1, 0x37, 0xC7, 0x12, 0x50, 0x74, 0x72,
-        0x6B, 0x76, 0x86, 0xEC, 0x55, 0x1B, 0x7B, 0xC2,
-        0x6B, 0xBD, 0xB2, 0x0F, 0xC3, 0x78, 0x35, 0x34,
-        0xE3, 0x4E, 0xE1, 0xF1, 0xBC, 0x6B, 0x77, 0xAB,
-        0x49, 0xA6, 0x66, 0x78, 0x46, 0x97, 0x57, 0x78,
-        0xC3, 0xC5, 0x36, 0x83, 0x04, 0x50, 0xA3, 0xFA,
-        0x91, 0x02, 0x59, 0x72, 0x2F, 0x3F, 0x80, 0x6E,
-        0x6E, 0xB4, 0xB9, 0x34, 0x67, 0x63, 0xFE, 0xF0,
-        0x92, 0x2B, 0xC4, 0xB6, 0xEB, 0x38, 0x26, 0xAF,
-        0xF2, 0x4E, 0xAD, 0xC6, 0xCF, 0x6E, 0x47, 0x7C,
-        0x2E, 0x05, 0x5C, 0xFB, 0x7A, 0x90, 0xA5, 0x5C,
-        0x06, 0xD0, 0xB2, 0xA2, 0xF5, 0x11, 0x60, 0x69,
-        0xE6, 0x4A, 0x5B, 0x50, 0x78, 0xC0, 0x57, 0x7B,
-        0xC8, 0xE7, 0x90, 0x0E, 0xA7, 0x1C, 0x34, 0x1C,
-        0x02, 0xAD, 0x85, 0x4E, 0xA5, 0xA0, 0x1A, 0xF2,
-        0xA6, 0x05, 0xCB, 0x20, 0x68, 0xD5, 0x24, 0x38,
-        0xCD, 0xDC, 0x60, 0xB0, 0x38, 0x82, 0xCC, 0x02,
-        0x4D, 0x13, 0x04, 0x5F, 0x2B, 0xA6, 0xB0, 0xF4,
-        0x46, 0xAA, 0xA5, 0x95, 0x87, 0x60, 0x61, 0x79,
-        0x45, 0x37, 0x1F, 0xD7, 0x8C, 0x28, 0xA4, 0x06,
-        0x77, 0xA6, 0xE7, 0x2F, 0x51, 0x3B, 0x9E, 0x06,
-        0x67, 0xA9, 0xBA, 0xF4, 0x46, 0xC1, 0xBA, 0x93,
-        0x1B, 0xA8, 0x18, 0x34, 0x23, 0x47, 0x92, 0xA2,
-        0xA2, 0xB2, 0xB3, 0x70, 0x1F, 0x31, 0xB7, 0xCF,
-        0x46, 0x7C, 0x80, 0xF1, 0x98, 0x11, 0x41, 0xBB,
-        0x45, 0x77, 0x93, 0xE1, 0x30, 0x70, 0x91, 0xC4,
-        0x8B, 0x59, 0x14, 0x64, 0x6A, 0x60, 0xCE, 0x1A,
-        0x30, 0x15, 0x43, 0x77, 0x9D, 0x7C, 0x33, 0x42,
-        0xAD, 0x17, 0x97, 0x96, 0xC2, 0xC4, 0x40, 0xD9,
-        0x9D, 0xF9, 0xD4, 0x1B, 0x52, 0xE3, 0x26, 0x25,
-        0xA8, 0x2A, 0xA5, 0xF5, 0x79, 0xA9, 0x92, 0x0B,
-        0xFF, 0xBA, 0x96, 0x4F, 0xA7, 0x0D, 0xB2, 0x59,
-        0xC8, 0x5E, 0x68, 0xC8, 0x13, 0x81, 0x7B, 0x13,
-        0x47, 0xBF, 0x19, 0x81, 0x4D, 0xA5, 0xE9, 0x36,
-        0x4A, 0x46, 0x45, 0xE6, 0x21, 0x92, 0x3D, 0x95,
-        0x5C, 0x21, 0x1A, 0x55, 0xD3, 0x55, 0xC8, 0x16,
-        0xDA, 0x04, 0x73, 0x0A, 0xA3, 0x24, 0x08, 0x5E,
-        0x62, 0x2B, 0x51, 0xD6, 0x10, 0x9B, 0x49, 0xF6,
-        0x73, 0xAD, 0xD0, 0x0E, 0x41, 0x47, 0x55, 0xC8,
-        0x02, 0x4A, 0xA0, 0x16, 0x4F, 0x24, 0x55, 0x6D,
-        0xED, 0x96, 0x3D, 0x61, 0x14, 0x38, 0x56, 0xCB,
-        0x4F, 0xF0, 0x56, 0x7E, 0x33, 0x20, 0x73, 0x0D,
-        0xBC, 0xBF, 0x12, 0xF6, 0x6E, 0x2B, 0x70, 0xB2,
-        0x00, 0x54, 0xA6, 0xDE, 0xA4, 0x26, 0x14, 0xB5,
-        0x0E, 0xF7, 0x2B, 0x15, 0x6F, 0x51, 0x49, 0xFC,
-        0x26, 0x3D, 0xD7, 0xE0, 0x39, 0xC5, 0x5A, 0x3E,
-        0xE9, 0x82, 0x7D, 0xF9, 0x2C, 0x56, 0x5D, 0x24,
-        0xC5, 0x5E, 0x0A, 0x81, 0xC6, 0x49, 0x46, 0x95,
-        0x34, 0x4D, 0x94, 0x87, 0x48, 0xAF, 0xBA, 0x9F,
-        0x76, 0x2C, 0x0E, 0xA9, 0x0B, 0xB7, 0x24, 0x89,
-        0x79, 0x02, 0x00, 0x07, 0x75, 0x61, 0x39, 0x49,
-        0x60, 0x2C, 0x48, 0xC7, 0x8A, 0x94, 0x40, 0x67,
-        0x8C, 0x24, 0x08, 0x6D, 0x32, 0x6D, 0x79, 0x64,
-        0x3B, 0xAF, 0x70, 0x36, 0xC6, 0x6C, 0x7E, 0x02,
-        0x6A, 0xAE, 0xFD, 0xA2, 0x80, 0x7A, 0x60, 0xBD,
-        0x7F, 0xC9, 0x13, 0x63, 0xBB, 0x02, 0x34, 0xA5,
-        0x90, 0x98, 0x4A, 0xA0, 0x11, 0xF1, 0x1D, 0x40,
-        0x26, 0x82, 0x18, 0xA1, 0x58, 0x83, 0x77, 0xB3,
-        0xD7, 0x67, 0x1B, 0x8B, 0x99, 0x78, 0x99, 0x19,
-        0xB8, 0x6E, 0xE8, 0x2B, 0x18, 0xEC, 0x22, 0xD4,
-        0xE8, 0x0A, 0x1F, 0x27, 0x85, 0x3D, 0x88, 0x94,
-        0x19, 0xD4, 0x60, 0xDE, 0xF7, 0x56, 0x7A, 0xA4,
-        0x56, 0x79, 0x69, 0xC4, 0x30, 0x48, 0xC3, 0x2B,
-        0x84, 0x62, 0xA9, 0xC9, 0x38, 0x6E, 0xB3, 0x15,
-        0x2A, 0x69, 0x76, 0xAA, 0x78, 0x3C, 0xDD, 0x1A,
-        0x8C, 0x57, 0xA9, 0xB6, 0xBB, 0xD8, 0x37, 0xA0,
-        0x06, 0x24, 0xB5, 0x8B, 0x4B, 0xA3, 0xDB, 0xB6,
-        0x3B, 0xB8, 0x20, 0x0E, 0x7B, 0xC8, 0x88, 0x81,
-        0xBE, 0xBD, 0xA9, 0x25, 0xBC, 0xA0, 0x28, 0xE2,
-        0x91, 0xAA, 0x1C, 0x22, 0x53, 0x9C, 0xD0, 0x4F,
-        0x90, 0x09, 0x0D, 0x7F, 0x74, 0x10, 0x8C, 0x32,
-        0xB8, 0x02, 0x2C, 0x15, 0x91, 0xC8, 0x81, 0xE7,
-        0x63, 0x04, 0xE2, 0x40, 0x81, 0x90, 0xE2, 0x0F,
-        0x09, 0xA5, 0x4F, 0xC2, 0x34, 0x20, 0xE2, 0x62,
-        0x0E, 0x9D, 0x87, 0xA3, 0x10, 0x8A, 0x94, 0xFE,
-        0xEA, 0x72, 0xD5, 0xAB, 0x7F, 0xCF, 0xB9, 0x72,
-        0xE6, 0x56, 0x1B, 0x1A, 0x7B, 0x06, 0x2F, 0x1A,
-        0x68, 0x2E, 0x02, 0x0A, 0xA2, 0x56, 0x28, 0x12,
-        0xB2, 0x96, 0x54, 0x7B, 0x91, 0x78, 0x24, 0xCD,
-        0xB8, 0x8C, 0x58, 0x2B, 0x5A, 0x68, 0x90, 0x17,
-        0x7B, 0xC7, 0x0C, 0x91, 0xAC, 0xAC, 0x9A, 0xBE,
-        0x29, 0x0A, 0xEB, 0x2C, 0x34, 0xA7, 0xE2, 0x36,
-        0x89, 0x55, 0xCB, 0x45, 0x6A, 0x34, 0x53, 0x68,
-        0xAB, 0xE3, 0xB9, 0x1B, 0x47, 0xFC, 0x30, 0xB0,
-        0x23, 0x3A, 0x09, 0xBA, 0x79, 0xFB, 0x11, 0x23,
-        0x8A, 0xC5, 0x08, 0xCC, 0xE6, 0x10, 0x95, 0xF8,
-        0x54, 0xC2, 0x32, 0x04, 0xA8, 0xD3, 0x6B, 0xFC,
-        0x2C, 0x6E, 0x05, 0xA7, 0x2A, 0xF5, 0x24, 0x4B,
-        0x17, 0xC1, 0x21, 0x01, 0xE0, 0x14, 0x51, 0x57,
-        0x0E, 0xB1, 0x10, 0x56, 0x7E, 0x85, 0x0E, 0x79,
-        0xC0, 0x00, 0x14, 0x24, 0x41, 0xFE, 0x41, 0x60,
-        0x02, 0x75, 0x45, 0xF6, 0x29, 0x0E, 0x85, 0x45,
-        0x1B, 0x80, 0x23, 0x4A, 0x94, 0x06, 0xC3, 0x90,
-        0xB0, 0xCE, 0xA3, 0xC8, 0x33, 0x5D, 0x4C, 0x6F,
-        0x85, 0x50, 0xB5, 0x44, 0xC9, 0x34, 0x3E, 0x61,
-        0xBA, 0x1C, 0x84, 0x89, 0xD1, 0xB0, 0x39, 0x97,
-        0x39, 0x16, 0x8A, 0xF7, 0x40, 0xA4, 0x81, 0xB0,
-        0xF5, 0xC3, 0x37, 0x25, 0x30, 0xCA, 0x06, 0xB5,
-        0x08, 0xEC, 0xE8, 0x38, 0xAB, 0x78, 0xBE, 0xE1,
-        0xE5, 0x97, 0xA9, 0xB1, 0x4F, 0x6A, 0xEC, 0x7A,
-        0x3B, 0xD1, 0xAA, 0x8D, 0x10, 0xBA, 0xC2, 0x3B,
-        0x98, 0x02, 0x90, 0x2C, 0xD5, 0x29, 0xAB, 0x6E,
-        0xF5, 0x4D, 0xB3, 0x11, 0x0C, 0xFB, 0x56, 0x1E,
-        0x7E, 0x69, 0x48, 0xE6, 0x52, 0x81, 0x25, 0x04,
-        0x16, 0xC3, 0x49, 0xC8, 0x10, 0x0B, 0x3B, 0x4D,
-        0x3D, 0x0F, 0x62, 0xAC, 0xAD, 0x8D, 0x16, 0x11,
-        0x75, 0xB1, 0x34, 0xF7, 0x56, 0x49, 0x37, 0xCD,
-        0xEC, 0xE9, 0xE2, 0x46, 0xAA, 0xD1, 0x10, 0x21,
-        0xA6, 0x7B, 0x20, 0xEB, 0x8F, 0x77, 0x65, 0xAC,
-        0x28, 0x23, 0xA9, 0xD1, 0x8C, 0x93, 0xEC, 0x28,
-        0x2D, 0x6D, 0xBC, 0x53, 0xCD, 0x6D, 0xF5, 0x75,
-        0x92, 0xAC, 0x7D, 0x1F, 0x83, 0xBA, 0xFA, 0xE6,
-        0xEE, 0x86, 0xFE, 0x00, 0xF9, 0x5D, 0x81, 0x33,
-        0x75, 0x77, 0x24, 0x34, 0x86, 0x0F, 0x5F, 0xF7,
-        0xD5, 0x4F, 0xFC, 0x37, 0x39, 0x9B, 0xC4, 0xCC
-    };
-#endif
-#ifndef WOLFSSL_NO_KYBER1024
-    static const byte seed_1024[KYBER_MAKEKEY_RAND_SZ] = {
-        0x7A, 0xF6, 0x50, 0x22, 0xE0, 0xA4, 0x72, 0xED,
-        0x63, 0x88, 0x63, 0x8E, 0xA2, 0x9D, 0x82, 0xDA,
-        0x68, 0xB4, 0xCF, 0x9F, 0xFD, 0xF2, 0xB6, 0x7C,
-        0xD7, 0x08, 0xEA, 0x5A, 0x37, 0x0C, 0x6A, 0x7C,
-        0x7A, 0xF6, 0x50, 0x22, 0xE0, 0xA4, 0x72, 0xED,
-        0x63, 0x88, 0x63, 0x8E, 0xA2, 0x9D, 0x82, 0xDA,
-        0x68, 0xB4, 0xCF, 0x9F, 0xFD, 0xF2, 0xB6, 0x7C,
-        0xD7, 0x08, 0xEA, 0x5A, 0x37, 0x0C, 0x6A, 0x7C
-    };
-    static const byte ek_1024[KYBER1024_PUBLIC_KEY_SIZE] = {
-        0x70, 0xE1, 0x3F, 0x30, 0x15, 0x17, 0xB5, 0xA4,
-        0x0D, 0x70, 0x36, 0x1F, 0x63, 0x09, 0x41, 0x60,
-        0x67, 0x64, 0x6D, 0x2B, 0x71, 0x36, 0x62, 0x6B,
-        0xCC, 0xCC, 0x17, 0x0C, 0x66, 0xCE, 0xD4, 0x90,
-        0xC7, 0x35, 0x34, 0x4B, 0x62, 0x77, 0x09, 0x7C,
-        0xA9, 0x14, 0x21, 0x2A, 0x29, 0x2D, 0xD1, 0x22,
-        0xFB, 0xB6, 0x9F, 0xDE, 0xCA, 0x47, 0xFA, 0xB4,
-        0x53, 0x2B, 0x8C, 0x80, 0xCE, 0xB7, 0x7F, 0x9C,
-        0x54, 0x3E, 0x0B, 0xF1, 0x53, 0x6D, 0x1C, 0x0C,
-        0xAE, 0x07, 0x7E, 0x2C, 0xA7, 0x86, 0x2B, 0x45,
-        0xA4, 0x10, 0x46, 0x9C, 0xC5, 0xB7, 0x06, 0xBA,
-        0xE0, 0x05, 0x1C, 0xB2, 0x96, 0x1D, 0xB7, 0x27,
-        0x0B, 0x75, 0xB7, 0x11, 0x69, 0x8D, 0x2B, 0x80,
-        0x70, 0x40, 0xD5, 0x62, 0x81, 0x29, 0x43, 0x6F,
-        0xBB, 0x58, 0xF1, 0x20, 0x3F, 0x75, 0x56, 0x14,
-        0x65, 0xF5, 0x42, 0x57, 0xE4, 0x4D, 0x33, 0xF5,
-        0x12, 0xD6, 0x33, 0x43, 0x1D, 0x00, 0xA2, 0xFB,
-        0x02, 0x30, 0xC9, 0xBB, 0x9C, 0xDD, 0xFC, 0x83,
-        0xBD, 0x65, 0xC9, 0x74, 0x45, 0x30, 0x21, 0x86,
-        0xA1, 0x72, 0x23, 0xAD, 0x21, 0x33, 0x28, 0x03,
-        0xB9, 0x09, 0xE5, 0xE5, 0x67, 0x19, 0x70, 0xBB,
-        0xB0, 0xF1, 0xC4, 0x83, 0x7B, 0xB8, 0x42, 0x73,
-        0xBA, 0x67, 0x5A, 0xC0, 0x74, 0xC5, 0x29, 0x0B,
-        0x41, 0x1C, 0x25, 0x00, 0x65, 0x70, 0x59, 0x33,
-        0x9D, 0xE3, 0x92, 0xF9, 0xCA, 0x30, 0x89, 0x52,
-        0xA2, 0x20, 0x1A, 0x58, 0x87, 0x67, 0xAD, 0xC0,
-        0x35, 0xBD, 0xF3, 0x30, 0x24, 0xEA, 0x3B, 0x9A,
-        0x83, 0xC5, 0xA0, 0xB9, 0xC5, 0x42, 0x5D, 0x14,
-        0x07, 0x0C, 0x81, 0xAA, 0xDA, 0x26, 0xBA, 0xC3,
-        0xFB, 0xB8, 0xD4, 0xB7, 0xCF, 0xEE, 0x03, 0x92,
-        0x37, 0x5C, 0x68, 0x42, 0x73, 0x51, 0xDF, 0xEC,
-        0x63, 0x60, 0x9B, 0xBB, 0x50, 0xB4, 0x63, 0xE0,
-        0x40, 0x92, 0x85, 0x70, 0x09, 0xD1, 0xE5, 0xB8,
-        0x1D, 0x70, 0x7D, 0x14, 0xB8, 0x33, 0xCD, 0x4A,
-        0x0B, 0x55, 0x1B, 0xAA, 0x13, 0xEC, 0x48, 0x8A,
-        0x15, 0x03, 0xB0, 0x46, 0x7E, 0xE4, 0x02, 0x3C,
-        0x3F, 0xE0, 0x32, 0xC7, 0x82, 0x25, 0x06, 0x38,
-        0x86, 0xE2, 0x46, 0x8E, 0x00, 0xF7, 0x00, 0x07,
-        0x2A, 0x2E, 0xC8, 0xDA, 0x6A, 0xFB, 0x20, 0x6C,
-        0x91, 0x90, 0x44, 0x33, 0xBB, 0xCC, 0xB0, 0xE7,
-        0x6F, 0x42, 0x46, 0x8C, 0x40, 0xEB, 0x5F, 0x59,
-        0xCB, 0x9A, 0xE1, 0xB0, 0x35, 0xE5, 0x21, 0x51,
-        0x0B, 0xF2, 0x16, 0xA1, 0xAB, 0xCB, 0x19, 0x03,
-        0x3B, 0x7A, 0x65, 0x88, 0x97, 0xC6, 0x58, 0x74,
-        0xD5, 0x13, 0x51, 0x83, 0x14, 0x9F, 0x97, 0x9E,
-        0x55, 0x3C, 0xCF, 0xBF, 0xA3, 0x90, 0x0C, 0xDA,
-        0x6F, 0x01, 0x96, 0x0B, 0x75, 0x15, 0x7F, 0x54,
-        0x53, 0xAA, 0x6E, 0x73, 0xB3, 0xED, 0x90, 0x2F,
-        0x7D, 0x7C, 0x93, 0x05, 0x97, 0x1B, 0xDF, 0x72,
-        0x2E, 0x29, 0x37, 0x16, 0x9A, 0x1B, 0xC0, 0xFA,
-        0xEB, 0x6C, 0x92, 0xF7, 0x15, 0x0D, 0x23, 0x30,
-        0x87, 0x7C, 0x5D, 0xC5, 0x24, 0x9A, 0xAE, 0x20,
-        0x30, 0x26, 0x34, 0xC5, 0xC5, 0xB2, 0x30, 0x53,
-        0x52, 0x10, 0x28, 0x12, 0x25, 0x42, 0xF4, 0x85,
-        0xA0, 0xEA, 0xC8, 0x69, 0x22, 0x37, 0x20, 0x63,
-        0x36, 0x51, 0xF5, 0xB2, 0x47, 0xC6, 0x62, 0xB3,
-        0x1A, 0x10, 0x53, 0x8C, 0xA7, 0x49, 0x1B, 0x14,
-        0x37, 0xAA, 0x74, 0xF4, 0x28, 0x2D, 0x12, 0x97,
-        0x4D, 0x9C, 0x93, 0x4D, 0xF2, 0x14, 0x78, 0x5B,
-        0x64, 0x18, 0x46, 0x8B, 0x92, 0xE5, 0x25, 0x28,
-        0xC8, 0x44, 0x7A, 0x1C, 0xA4, 0x22, 0xFA, 0x6C,
-        0xC8, 0x8E, 0x28, 0xB0, 0x59, 0xF0, 0x4B, 0x23,
-        0x59, 0x73, 0x23, 0xF7, 0x2F, 0x3E, 0x23, 0x36,
-        0xF8, 0x7C, 0x47, 0x90, 0x5C, 0xBA, 0x65, 0x5B,
-        0xB7, 0x3F, 0xC3, 0x2E, 0x18, 0xD4, 0xB7, 0x87,
-        0x05, 0xC7, 0x82, 0xEB, 0xCB, 0x43, 0xE2, 0x78,
-        0x5C, 0x82, 0xC5, 0xAF, 0x24, 0xB0, 0xE1, 0x69,
-        0x9C, 0xFB, 0xC0, 0x25, 0x74, 0x75, 0x79, 0x9A,
-        0x53, 0x9B, 0x11, 0xA5, 0x0F, 0x4D, 0xF2, 0xB7,
-        0xFA, 0xA2, 0x0B, 0xD8, 0x82, 0x75, 0x15, 0xCA,
-        0x37, 0x0F, 0x89, 0xC0, 0xD4, 0xC6, 0x09, 0x02,
-        0xF6, 0x56, 0x7C, 0xD6, 0x0B, 0x08, 0x60, 0xA5,
-        0x5B, 0xC8, 0x57, 0x2C, 0x43, 0x6C, 0x24, 0x6A,
-        0xC2, 0x76, 0x64, 0x4E, 0x7D, 0x60, 0x2A, 0xA5,
-        0x7C, 0x01, 0x66, 0x20, 0x18, 0x14, 0x99, 0x1C,
-        0x1B, 0xD7, 0x5C, 0x7C, 0x47, 0xC3, 0x48, 0xB6,
-        0x7D, 0x77, 0x61, 0x33, 0x86, 0x90, 0x81, 0x44,
-        0xEA, 0x83, 0xFF, 0x72, 0x1F, 0x9A, 0x50, 0x07,
-        0x6C, 0x51, 0x01, 0x64, 0xD1, 0x8E, 0x05, 0xD0,
-        0x5D, 0x98, 0x84, 0xC4, 0x41, 0x46, 0xA0, 0x7C,
-        0xCA, 0xCF, 0x89, 0x04, 0x98, 0xED, 0x1A, 0x19,
-        0xB2, 0xA1, 0x54, 0x31, 0x72, 0x9D, 0xC1, 0xF1,
-        0x2B, 0x7E, 0xA1, 0x0F, 0x9F, 0x92, 0x80, 0x62,
-        0xD1, 0x45, 0x4B, 0x4B, 0x9F, 0x68, 0xE5, 0x99,
-        0x90, 0x29, 0x0B, 0xE3, 0x72, 0x8B, 0x32, 0x89,
-        0x56, 0x93, 0x63, 0xAB, 0x10, 0x05, 0x13, 0x1B,
-        0x23, 0x81, 0xA0, 0x8C, 0xC2, 0xBF, 0x94, 0x3E,
-        0x95, 0xD5, 0xB2, 0x1B, 0xC6, 0xAA, 0xBC, 0x22,
-        0x73, 0x34, 0x8B, 0xC7, 0x2B, 0xD0, 0x93, 0xB7,
-        0xB5, 0x61, 0x7A, 0xE8, 0x7F, 0x60, 0x2B, 0xB9,
-        0x89, 0xE6, 0xAF, 0xC4, 0x4B, 0x81, 0x51, 0x20,
-        0x76, 0xA3, 0xA8, 0x76, 0xE0, 0xE2, 0x5F, 0x97,
-        0x62, 0xB4, 0x62, 0x08, 0x19, 0x85, 0x50, 0x2F,
-        0x26, 0xB2, 0x87, 0xA2, 0x93, 0x6D, 0x5B, 0x1A,
-        0xCF, 0xFC, 0xEC, 0x4E, 0xEE, 0x77, 0xA9, 0xCB,
-        0xA9, 0x80, 0xEB, 0x9B, 0x5F, 0xDE, 0x75, 0x53,
-        0x9F, 0x65, 0x09, 0x04, 0x67, 0x7D, 0xBE, 0x29,
-        0xAB, 0x8B, 0xB9, 0x18, 0xA3, 0x49, 0x48, 0x03,
-        0xEC, 0xA5, 0x9A, 0x2C, 0x32, 0xE5, 0xB5, 0xC8,
-        0x3B, 0x0B, 0x80, 0xB1, 0x10, 0x2C, 0xD7, 0xD9,
-        0x48, 0x2B, 0x45, 0x9B, 0x6B, 0x74, 0x49, 0x1E,
-        0xC3, 0x0C, 0x4B, 0xE7, 0x7C, 0x2B, 0x52, 0x4A,
-        0xF7, 0xB3, 0xAD, 0x1F, 0x71, 0x34, 0x1D, 0xF0,
-        0xA7, 0x6F, 0x25, 0x5C, 0x29, 0x03, 0xC8, 0x82,
-        0x08, 0x07, 0x93, 0x79, 0x93, 0x0A, 0x95, 0x13,
-        0xF3, 0x90, 0x12, 0x6E, 0x73, 0x2A, 0x2B, 0xB0,
-        0x94, 0xBF, 0xA6, 0xBF, 0x0A, 0x43, 0x2B, 0xCD,
-        0x65, 0x7D, 0xAF, 0xCB, 0x25, 0xC8, 0xBB, 0x15,
-        0xE0, 0x95, 0x5D, 0x09, 0x9B, 0x74, 0xFF, 0x1A,
-        0x4D, 0xE6, 0x55, 0x9C, 0xD6, 0x79, 0x7C, 0x38,
-        0xC4, 0x8C, 0x11, 0x34, 0xCA, 0x2C, 0x97, 0x92,
-        0x43, 0xF3, 0x15, 0x2A, 0xF4, 0xBB, 0xE4, 0xD7,
-        0xA6, 0xBC, 0x09, 0x87, 0x21, 0x33, 0x92, 0x0C,
-        0xD2, 0x3B, 0x3E, 0xF9, 0x84, 0x8C, 0xCC, 0x68,
-        0x45, 0xD6, 0x47, 0xB5, 0x38, 0x75, 0x57, 0x73,
-        0x65, 0x13, 0xD5, 0x85, 0x60, 0x84, 0x51, 0x92,
-        0xF9, 0x26, 0x51, 0x59, 0x93, 0x2E, 0x57, 0x2A,
-        0x88, 0xC4, 0x4E, 0x65, 0x66, 0x76, 0x0C, 0x06,
-        0x1C, 0x67, 0xFC, 0xB5, 0xBF, 0x21, 0x00, 0x95,
-        0xE2, 0x14, 0xDA, 0x74, 0x53, 0x57, 0xE3, 0x69,
-        0x96, 0xD8, 0xC0, 0x66, 0x31, 0x1B, 0xBC, 0x76,
-        0x1A, 0x1F, 0xD2, 0x52, 0x73, 0xD2, 0x1E, 0xAB,
-        0x50, 0x01, 0x05, 0x63, 0xCD, 0x64, 0x68, 0xA4,
-        0xEA, 0x83, 0x6B, 0x6D, 0x64, 0xBD, 0x2B, 0xD7,
-        0x6D, 0xBE, 0x35, 0x82, 0xD5, 0x73, 0x6A, 0x60,
-        0x5A, 0x55, 0x09, 0xFC, 0x28, 0x78, 0x9B, 0x56,
-        0xB8, 0x84, 0xAE, 0x9A, 0x60, 0x41, 0x5F, 0x55,
-        0x67, 0x4B, 0xE6, 0x01, 0x57, 0x6C, 0x7C, 0xEE,
-        0x58, 0x14, 0x3B, 0xF0, 0x54, 0x80, 0x6A, 0xBC,
-        0xB3, 0x45, 0xA2, 0x56, 0xCB, 0xC4, 0x54, 0xE3,
-        0x43, 0xF3, 0xCC, 0x7A, 0xDE, 0x65, 0x56, 0x2F,
-        0xD2, 0x9E, 0xB2, 0x59, 0x73, 0x7B, 0xB3, 0xCF,
-        0x96, 0x49, 0xBD, 0xEA, 0x28, 0x3F, 0xB0, 0x72,
-        0x65, 0x67, 0x7C, 0x98, 0x08, 0xD1, 0x31, 0x19,
-        0xC0, 0xA2, 0xAD, 0xF7, 0x45, 0xDE, 0x69, 0x75,
-        0xF4, 0x56, 0x2C, 0xD6, 0x15, 0x57, 0xB3, 0x96,
-        0x5D, 0x2B, 0x07, 0x2F, 0x00, 0x0A, 0xA7, 0xE0,
-        0xA3, 0x57, 0xE1, 0x25, 0x3E, 0xAF, 0xEA, 0x7F,
-        0xDF, 0xCC, 0x92, 0xFA, 0x87, 0x63, 0x0D, 0xD2,
-        0x27, 0x6C, 0xE4, 0x2E, 0x82, 0x0B, 0x69, 0xD1,
-        0xFC, 0x2E, 0x47, 0xD5, 0xC4, 0x98, 0xA5, 0x5B,
-        0x3B, 0x29, 0xC3, 0x4E, 0x64, 0x90, 0x3D, 0x04,
-        0x7A, 0xB1, 0xC0, 0x40, 0x24, 0x95, 0x8F, 0x70,
-        0x11, 0x95, 0xF5, 0xD1, 0x3E, 0xC6, 0x70, 0x6B,
-        0x84, 0x48, 0x50, 0x3A, 0x54, 0x99, 0x22, 0xA5,
-        0x8A, 0x24, 0xB6, 0x7C, 0x93, 0x63, 0x27, 0x56,
-        0xB7, 0x7D, 0x22, 0x54, 0x07, 0x31, 0x61, 0x71,
-        0xDE, 0xEC, 0x56, 0x71, 0x44, 0x35, 0xCF, 0x94,
-        0xCC, 0xF4, 0x59, 0x9E, 0x00, 0xD1, 0x0E, 0x56,
-        0x96, 0x22, 0xBA, 0xDA, 0x82, 0x0C, 0x45, 0x2F,
-        0x25, 0x42, 0xAD, 0xF0, 0x87, 0x65, 0xCA, 0x93,
-        0xAE, 0x38, 0xEB, 0x02, 0x5D, 0xE3, 0x1C, 0xFF,
-        0x79, 0x74, 0x54, 0x9A, 0x78, 0x25, 0xA8, 0x31,
-        0xDD, 0x05, 0x4E, 0x87, 0xB8, 0x4C, 0x5F, 0x25,
-        0x47, 0xFF, 0x47, 0xB4, 0x6F, 0x88, 0xC9, 0x9F,
-        0x15, 0x48, 0xE9, 0x33, 0xA6, 0xF4, 0xD8, 0x7F,
-        0x1A, 0x4A, 0x1B, 0x00, 0xE3, 0x9E, 0x02, 0xD6,
-        0x0E, 0x51, 0xEB, 0x60, 0x3C, 0x1C, 0x0D, 0x80,
-        0x7A, 0xCD, 0xAB, 0x08, 0xBA, 0xA2, 0xB9, 0x98,
-        0x69, 0xB7, 0x5C, 0xA2, 0xC4, 0xB9, 0x63, 0x68,
-        0xB5, 0x17, 0x80, 0xBD, 0x1E, 0xC7, 0x5B, 0x11,
-        0x0B, 0x9F, 0xA6, 0x65, 0x56, 0x87, 0x6C, 0x5F,
-        0x48, 0x79, 0x7D, 0x09, 0x01, 0x38, 0xF7, 0x54,
-        0xAE, 0x30, 0x53, 0x3D, 0x36, 0xAA, 0x44, 0xB9,
-        0xB1, 0x70, 0x2A, 0x6A, 0x8A, 0x56, 0x62, 0x6B,
-        0xF0, 0x45, 0x1A, 0x37, 0xA7, 0xAC, 0x1A, 0x33,
-        0x70, 0x76, 0xE5, 0x1E, 0x0A, 0x6B, 0x03, 0x00,
-        0xC2, 0xC7, 0x90, 0xA4, 0x43, 0x7E, 0xA2, 0x8D,
-        0x7E, 0xC9, 0x8C, 0x41, 0x9B, 0x37, 0xD6, 0xAA,
-        0x97, 0x04, 0x17, 0x43, 0x5F, 0x91, 0xBE, 0xDC,
-        0x2B, 0x1F, 0x4B, 0xC8, 0x15, 0x8A, 0x51, 0xB1,
-        0xF4, 0x71, 0x51, 0x6F, 0xE8, 0x24, 0x28, 0x7C,
-        0x89, 0x6B, 0x89, 0x1B, 0x49, 0xF2, 0x54, 0xDD,
-        0x36, 0x35, 0x9B, 0x89, 0xC8, 0x24, 0xEB, 0x3F,
-        0x62, 0x48, 0x02, 0x7F, 0xBB, 0xAD, 0x4C, 0xF2,
-        0x91, 0x18, 0xCB, 0x50, 0xEB, 0xB6, 0x25, 0xA3,
-        0x7C, 0x53, 0x7A, 0x02, 0x23, 0xF0, 0xEB, 0x70,
-        0x85, 0xB5, 0xC7, 0xEC, 0x60, 0x75, 0x70, 0xDB,
-        0x91, 0x85, 0xD5, 0x99, 0x02, 0xBC, 0x26, 0xC6,
-        0x54, 0xA2, 0x80, 0x4C, 0x0D, 0x94, 0x67, 0x93,
-        0xD8, 0xA2, 0x14, 0x82, 0xAC, 0x4F, 0x05, 0xE9,
-        0x01, 0x62, 0x60, 0x33, 0x1D, 0xCC, 0x58, 0xBC,
-        0x66, 0xAF, 0x3C, 0xA7, 0x58, 0x54, 0x40, 0x21,
-        0x6A, 0xA0, 0x26, 0x3B, 0x2A, 0x72, 0x5E, 0x08,
-        0x0F, 0x6F, 0x9C, 0x5B, 0x6A, 0x9C, 0x9D, 0xA2,
-        0x93, 0x55, 0x18, 0x9B, 0x4B, 0x95, 0xB1, 0x37,
-        0xD1, 0x22, 0x5F, 0x25, 0x2A, 0xC7, 0x97, 0xB0,
-        0x64, 0x6C, 0xAC, 0x52, 0x16, 0x4B, 0x59, 0x72,
-        0xA9, 0x92, 0x65, 0xD3, 0x47, 0xFC, 0x7C, 0x35,
-        0x91, 0xD1, 0x5F, 0xFE, 0x68, 0x1C, 0x06, 0xD4,
-        0x38, 0xCC, 0xEB, 0x60, 0xBB, 0x63, 0x10, 0xB7,
-        0x95, 0x32, 0x89, 0x72, 0x0E, 0x2C, 0x72, 0x87,
-        0x30, 0x05, 0x23, 0x37, 0xAC, 0xA7, 0xC8, 0x52,
-        0x1A, 0xB4, 0x4F, 0x1E, 0x2A, 0x04, 0x9B, 0x83,
-        0xE0, 0x77, 0x4C, 0x96, 0xCD, 0x8C, 0x87, 0x6F,
-        0xA6, 0x75, 0xD0, 0x92, 0x39, 0x77, 0x27, 0x1B
-    };
-    static const byte dk_1024[KYBER1024_PRIVATE_KEY_SIZE] = {
-        0x8A, 0xD0, 0xB5, 0xF0, 0x9A, 0x25, 0xAA, 0x93,
-        0x5D, 0xD9, 0xDA, 0x34, 0xAB, 0x82, 0xCA, 0x75,
-        0xA1, 0x2D, 0x66, 0xE9, 0x9C, 0xF4, 0x8B, 0xCA,
-        0x45, 0xB9, 0xB2, 0xDB, 0x44, 0x1B, 0xC2, 0x97,
-        0x1B, 0xDC, 0x99, 0x22, 0xB5, 0xF8, 0xBC, 0x3C,
-        0x06, 0x78, 0x54, 0x67, 0x59, 0x07, 0x3C, 0xB8,
-        0x8E, 0x26, 0xBA, 0xD1, 0xB1, 0xB3, 0xA4, 0x64,
-        0x6A, 0x65, 0x29, 0xC6, 0x32, 0xEA, 0xA3, 0x47,
-        0x73, 0x4A, 0x3B, 0xE5, 0x83, 0xD4, 0x71, 0x78,
-        0x09, 0x4C, 0x4A, 0x67, 0x0C, 0xBC, 0x41, 0xEC,
-        0x06, 0x89, 0x76, 0x56, 0x68, 0x54, 0x2E, 0x6F,
-        0x15, 0xA7, 0xD5, 0x86, 0xC9, 0xE2, 0x6A, 0x6A,
-        0x03, 0xC7, 0x14, 0x69, 0xC2, 0xC5, 0x3F, 0x7B,
-        0x14, 0x1B, 0x23, 0x2D, 0x86, 0x21, 0x6A, 0x25,
-        0xC7, 0xA8, 0xF3, 0x68, 0x52, 0x85, 0x8C, 0x07,
-        0xA9, 0x52, 0x4E, 0xE1, 0x7B, 0xA6, 0x34, 0x0A,
-        0xA2, 0xA2, 0x15, 0xC1, 0xEA, 0x85, 0x21, 0x67,
-        0xB6, 0x89, 0x1C, 0xC1, 0x66, 0xC2, 0xFA, 0x13,
-        0xA0, 0x27, 0x0A, 0x22, 0x98, 0x34, 0x13, 0xE0,
-        0xAC, 0xC4, 0x44, 0xBF, 0x40, 0xE2, 0x8C, 0x45,
-        0xE1, 0x4E, 0x07, 0x40, 0x4F, 0x62, 0x99, 0x63,
-        0x69, 0x59, 0x7F, 0x10, 0xFC, 0xC1, 0x80, 0xEC,
-        0xAC, 0xAD, 0x1A, 0x67, 0x19, 0xAB, 0x9F, 0x1B,
-        0x44, 0x7A, 0xE1, 0x9A, 0x2C, 0xB0, 0x2A, 0x7D,
-        0x04, 0x20, 0x61, 0x72, 0x16, 0x8C, 0x4F, 0x0A,
-        0x99, 0xBA, 0xFA, 0x93, 0x2D, 0x66, 0x49, 0xE8,
-        0x94, 0xA8, 0xF0, 0x57, 0x7B, 0x81, 0xC6, 0x64,
-        0x83, 0xC5, 0xB5, 0xCF, 0x60, 0xAE, 0x75, 0xA4,
-        0x44, 0x52, 0x6A, 0x9B, 0x36, 0x74, 0x32, 0x5F,
-        0xBA, 0x38, 0xF5, 0x32, 0x96, 0x42, 0x1A, 0x78,
-        0x50, 0x11, 0xC1, 0xDD, 0xB3, 0xA6, 0x99, 0x77,
-        0x45, 0xDB, 0x83, 0xCD, 0x58, 0x3C, 0x0C, 0x41,
-        0x77, 0xC7, 0x97, 0xD4, 0x0A, 0x4F, 0x69, 0x9F,
-        0x1F, 0x40, 0xC5, 0x41, 0x3A, 0xC4, 0xE4, 0x23,
-        0x73, 0x49, 0x2B, 0x6A, 0x2C, 0x6A, 0x40, 0x6D,
-        0x43, 0x7F, 0x42, 0x57, 0x0B, 0x5E, 0x94, 0x9E,
-        0xF4, 0x35, 0x0D, 0xEA, 0x79, 0x0C, 0xFE, 0xB7,
-        0x2D, 0x12, 0x87, 0x51, 0x7F, 0xE3, 0x27, 0x3D,
-        0x3C, 0xA6, 0x5A, 0x13, 0xCA, 0x6E, 0x23, 0xC5,
-        0x7B, 0xF0, 0x7D, 0xA0, 0x4B, 0x85, 0x1C, 0xF3,
-        0xAF, 0xA1, 0x8B, 0xAF, 0x5E, 0xF0, 0x20, 0x79,
-        0x28, 0x57, 0xA9, 0xE7, 0x21, 0xF0, 0x1B, 0x9F,
-        0xEA, 0x7B, 0x61, 0x2E, 0x4C, 0x6E, 0x29, 0x07,
-        0x93, 0x66, 0xB0, 0x22, 0x86, 0x88, 0xBE, 0x2A,
-        0x06, 0x7F, 0xBE, 0x92, 0x84, 0x2D, 0xD2, 0x80,
-        0xB3, 0xC7, 0x4D, 0xFA, 0xB7, 0x61, 0xE6, 0x13,
-        0xA8, 0x60, 0x4C, 0x47, 0x6E, 0x15, 0x46, 0x66,
-        0x85, 0xC6, 0x95, 0xAC, 0x35, 0x79, 0x1A, 0x91,
-        0x59, 0x94, 0x2F, 0x60, 0x17, 0x0C, 0xA2, 0x14,
-        0xC7, 0xC0, 0x9B, 0x1A, 0x4B, 0x1B, 0xCC, 0x4F,
-        0x4C, 0xC6, 0x0D, 0xF0, 0x1A, 0x10, 0x19, 0x15,
-        0xA9, 0xA2, 0xBC, 0x55, 0x31, 0x19, 0x66, 0x50,
-        0x32, 0xDC, 0xD9, 0x47, 0x6F, 0xBA, 0x7B, 0xB0,
-        0x71, 0x57, 0xD3, 0x3C, 0x9C, 0x8E, 0xFA, 0x6B,
-        0xD0, 0xAC, 0x38, 0xC1, 0xAC, 0x26, 0x5F, 0xB5,
-        0x18, 0x57, 0xD0, 0x15, 0x17, 0x61, 0x53, 0x26,
-        0xCA, 0x0E, 0x08, 0x65, 0x0B, 0xA6, 0xFA, 0x40,
-        0x83, 0x2C, 0x7B, 0x4C, 0x41, 0xB6, 0x44, 0x71,
-        0x60, 0x22, 0xB6, 0x52, 0xB1, 0x92, 0x7D, 0x55,
-        0xC9, 0xB3, 0x7F, 0xE2, 0x5F, 0x1A, 0xB6, 0x7A,
-        0x9A, 0x03, 0xC7, 0x00, 0x8C, 0x84, 0xB0, 0x7C,
-        0x49, 0x26, 0xB6, 0x38, 0x1E, 0x40, 0xCF, 0xD4,
-        0x41, 0x04, 0x12, 0x35, 0x18, 0x74, 0x16, 0xCE,
-        0xC3, 0x66, 0xCA, 0x6F, 0xB7, 0x6F, 0xA0, 0xAB,
-        0x6E, 0x32, 0x8A, 0x26, 0x41, 0xFC, 0x47, 0xDC,
-        0xD7, 0x6E, 0x91, 0xCA, 0x94, 0x31, 0xE1, 0x9B,
-        0xFF, 0x02, 0xCE, 0x62, 0x28, 0xC2, 0x33, 0x63,
-        0x82, 0xF8, 0xA1, 0x0E, 0x9E, 0xE2, 0xC8, 0xF1,
-        0x75, 0x93, 0x90, 0xA2, 0x00, 0x24, 0xA1, 0x5B,
-        0x3B, 0x09, 0x0C, 0x13, 0x90, 0xCA, 0x03, 0x43,
-        0x79, 0x72, 0x84, 0x24, 0x6B, 0xD8, 0x94, 0x35,
-        0x07, 0xB7, 0xA6, 0xB7, 0x1F, 0xC3, 0x3A, 0x03,
-        0xB7, 0xA8, 0x83, 0x66, 0xE4, 0xAF, 0xED, 0x51,
-        0x57, 0x39, 0xE5, 0xC6, 0x9F, 0x8A, 0x26, 0x6E,
-        0x4A, 0x1F, 0x53, 0xD7, 0x39, 0x30, 0xE9, 0x87,
-        0x55, 0x69, 0x31, 0x2B, 0x27, 0x03, 0x7E, 0x5C,
-        0x7F, 0x85, 0x21, 0x00, 0xC2, 0xBA, 0x36, 0x48,
-        0xB1, 0xB9, 0xC1, 0xB1, 0x49, 0xF6, 0x25, 0x0E,
-        0x0A, 0x6B, 0x06, 0x52, 0x13, 0x13, 0x4F, 0x30,
-        0x25, 0x69, 0x75, 0x5B, 0x8C, 0x5C, 0x4F, 0xFC,
-        0x68, 0x0B, 0xF7, 0x81, 0x18, 0x45, 0x34, 0x00,
-        0x35, 0xF1, 0x70, 0xB0, 0x68, 0xBA, 0x67, 0xA4,
-        0xC3, 0xB0, 0x16, 0x6D, 0x03, 0xCC, 0x82, 0x61,
-        0x84, 0x01, 0x90, 0xA2, 0x0F, 0x9A, 0x3B, 0x1E,
-        0xF4, 0x65, 0xC2, 0xF2, 0x18, 0x2D, 0xA8, 0xDA,
-        0x8D, 0x3B, 0x3C, 0x8C, 0xB1, 0x29, 0x15, 0xF7,
-        0xD9, 0x3E, 0x04, 0xD8, 0x84, 0x0C, 0x35, 0x67,
-        0x25, 0x5A, 0x7B, 0xD6, 0xD4, 0x33, 0xCF, 0x10,
-        0x68, 0xD8, 0x84, 0x52, 0xCF, 0xC1, 0x1F, 0x99,
-        0x1B, 0x7C, 0xE3, 0x79, 0x27, 0xD6, 0xCA, 0xAE,
-        0x88, 0x10, 0x74, 0x2F, 0x42, 0x14, 0x8B, 0x89,
-        0x6E, 0xC4, 0xEB, 0xB5, 0x34, 0x03, 0x86, 0x31,
-        0x5B, 0x2C, 0x1E, 0x2B, 0x43, 0x91, 0x5C, 0x04,
-        0x54, 0x9C, 0xC8, 0xC1, 0x9A, 0xB4, 0x0E, 0x3B,
-        0x7C, 0x31, 0x1B, 0x42, 0x61, 0x10, 0xA9, 0xBB,
-        0xB1, 0x8D, 0x3B, 0x99, 0x2A, 0x42, 0xC0, 0x18,
-        0x92, 0x90, 0xBE, 0x67, 0x3A, 0x39, 0x7C, 0x40,
-        0x90, 0x44, 0x3B, 0x88, 0xC5, 0xD5, 0xC5, 0x65,
-        0xA1, 0x0F, 0xEA, 0x05, 0x60, 0x3D, 0x36, 0x24,
-        0x4A, 0x4A, 0xA8, 0xE9, 0x25, 0x5C, 0xF1, 0x84,
-        0xAE, 0x69, 0x53, 0x5A, 0x83, 0x99, 0xC1, 0xC6,
-        0xF7, 0x6C, 0xF2, 0x34, 0x2A, 0xDF, 0xEA, 0x6A,
-        0x44, 0x7B, 0xB4, 0x50, 0x1B, 0x9A, 0x6C, 0x44,
-        0x59, 0x3E, 0xB0, 0x43, 0xE7, 0xA5, 0x50, 0x2F,
-        0x58, 0x6C, 0xF3, 0x40, 0x7D, 0xEB, 0x7A, 0x0F,
-        0xC3, 0x2B, 0x3F, 0x46, 0xF1, 0x24, 0x5C, 0x55,
-        0x96, 0xE0, 0xF1, 0xBE, 0xD9, 0x37, 0x20, 0x7C,
-        0x45, 0x09, 0xE1, 0xD8, 0x98, 0x5B, 0xE7, 0x45,
-        0xFD, 0x69, 0xBF, 0x44, 0x80, 0x92, 0x43, 0x30,
-        0x28, 0xBE, 0x25, 0x95, 0x90, 0x33, 0x11, 0x47,
-        0x95, 0x86, 0xA3, 0x4B, 0x2D, 0x49, 0x10, 0x74,
-        0x10, 0xBC, 0x4B, 0xD2, 0x96, 0x53, 0x17, 0xFC,
-        0x76, 0x35, 0x2B, 0x63, 0x8D, 0xF3, 0xB3, 0xA3,
-        0x15, 0x32, 0x50, 0x26, 0x80, 0x9E, 0x3B, 0xC4,
-        0x60, 0x8C, 0x0B, 0x2C, 0xB8, 0x4D, 0xF0, 0xC9,
-        0x5B, 0xC0, 0x52, 0x70, 0x7F, 0xC1, 0xA3, 0x77,
-        0xB2, 0xB4, 0x65, 0xEB, 0x7A, 0x5D, 0x64, 0x4A,
-        0xB4, 0x27, 0x8D, 0xDC, 0xE5, 0xB6, 0x1E, 0x2B,
-        0xB3, 0xA7, 0x10, 0x52, 0x55, 0x5C, 0xB3, 0xBA,
-        0xC6, 0x93, 0xEF, 0x02, 0x5F, 0xF0, 0x03, 0x53,
-        0xFB, 0x76, 0x94, 0x5B, 0x8A, 0xA3, 0xE9, 0x95,
-        0x0F, 0x92, 0x73, 0x81, 0x87, 0x91, 0xCC, 0xAD,
-        0x56, 0x88, 0x46, 0x58, 0x14, 0x2A, 0x2B, 0x4D,
-        0xF3, 0xC5, 0x7E, 0xCA, 0x13, 0xAD, 0x44, 0xB4,
-        0x9B, 0x63, 0x46, 0xC6, 0x3E, 0xE8, 0x90, 0x78,
-        0x58, 0x9E, 0x9E, 0xB9, 0xA9, 0x80, 0x4A, 0x03,
-        0xBF, 0x7A, 0x27, 0x6F, 0x86, 0xB9, 0x67, 0x6C,
-        0x58, 0xD3, 0xE7, 0x1D, 0x2C, 0x87, 0x70, 0x80,
-        0x4A, 0x61, 0x59, 0x21, 0x78, 0xB4, 0x49, 0xC7,
-        0x95, 0x5B, 0xBE, 0x8C, 0xF4, 0x2F, 0x31, 0x67,
-        0x25, 0xE3, 0xB1, 0x6D, 0x55, 0xB5, 0x27, 0xCF,
-        0xB2, 0x32, 0x68, 0x1B, 0x21, 0xB2, 0xCB, 0x2F,
-        0x30, 0xAC, 0x76, 0x01, 0x5B, 0xB5, 0x41, 0x6A,
-        0x04, 0x11, 0xC1, 0x74, 0x58, 0x92, 0x41, 0x2E,
-        0x68, 0x3A, 0x98, 0xD7, 0x36, 0xED, 0x1A, 0x4C,
-        0xD9, 0x80, 0x61, 0x7D, 0x08, 0x21, 0xC2, 0xAB,
-        0x02, 0x82, 0x07, 0x0A, 0x61, 0x1A, 0x11, 0xD1,
-        0x97, 0x01, 0xFB, 0xD5, 0x5A, 0x21, 0x27, 0xB3,
-        0x24, 0xE6, 0x90, 0x1D, 0x84, 0x98, 0x6C, 0x04,
-        0x64, 0xDE, 0x71, 0x20, 0xAF, 0x45, 0x10, 0xAF,
-        0x59, 0x1D, 0xD9, 0xBB, 0x79, 0x47, 0x9C, 0x5F,
-        0xA8, 0x87, 0x14, 0xC6, 0xA9, 0x97, 0x14, 0xF7,
-        0x6A, 0x1E, 0x40, 0x2C, 0x8F, 0x38, 0x4A, 0x4E,
-        0xE6, 0xBC, 0xD4, 0x15, 0x00, 0x72, 0x4C, 0xC1,
-        0x79, 0x3A, 0xBF, 0xD8, 0xD3, 0xC2, 0xF3, 0x20,
-        0x39, 0x71, 0x34, 0xB0, 0x0F, 0x76, 0x2D, 0xBA,
-        0x85, 0xA2, 0x3A, 0xF1, 0x55, 0xE6, 0xCC, 0x03,
-        0x73, 0x80, 0xC1, 0xDD, 0x64, 0xA9, 0x73, 0xDB,
-        0x35, 0xB7, 0x44, 0x70, 0x44, 0x8B, 0x24, 0x21,
-        0x20, 0x62, 0x76, 0x47, 0x87, 0xE5, 0xA9, 0x3A,
-        0x48, 0x80, 0x71, 0x71, 0xA7, 0x71, 0x5C, 0xFC,
-        0x89, 0xBC, 0xBC, 0x9E, 0x14, 0x18, 0x86, 0xF8,
-        0x07, 0xA1, 0xF9, 0xD6, 0x84, 0xC8, 0x42, 0x6F,
-        0x01, 0x22, 0x88, 0x7D, 0x9C, 0x4C, 0x27, 0xEA,
-        0x69, 0xCC, 0x15, 0x1B, 0x4D, 0x49, 0xB5, 0x1E,
-        0x5A, 0x4E, 0xAA, 0xA5, 0xAD, 0x06, 0xAB, 0xA8,
-        0x6D, 0xF9, 0x42, 0xE9, 0x86, 0xA5, 0xD5, 0x79,
-        0x20, 0x80, 0xFC, 0x48, 0x03, 0x96, 0xB3, 0x94,
-        0x86, 0x68, 0xFB, 0x38, 0x2C, 0xC8, 0xFC, 0x15,
-        0x47, 0x48, 0xCB, 0x30, 0xB7, 0x64, 0x1F, 0x02,
-        0x70, 0xC8, 0x34, 0x38, 0xB4, 0xFC, 0x3D, 0x19,
-        0x01, 0x26, 0x58, 0x80, 0x40, 0x51, 0x77, 0xBC,
-        0x7F, 0x44, 0x78, 0x82, 0x51, 0xAB, 0xC4, 0x74,
-        0x27, 0x35, 0x31, 0x21, 0x2A, 0x66, 0x27, 0x9E,
-        0x70, 0x33, 0x7A, 0x23, 0x09, 0xFD, 0xF4, 0x9E,
-        0x05, 0x9B, 0xBD, 0xAF, 0x49, 0x73, 0xA5, 0x37,
-        0x7A, 0x4D, 0x51, 0x7B, 0xA7, 0x55, 0x70, 0x2C,
-        0x37, 0xCC, 0x35, 0x56, 0x85, 0x40, 0x4C, 0x95,
-        0x2F, 0xB6, 0x7E, 0x04, 0x19, 0xC7, 0x8D, 0x15,
-        0x84, 0xD0, 0x94, 0x92, 0x54, 0xD0, 0x49, 0x52,
-        0xF7, 0x24, 0x3B, 0xF1, 0x40, 0x28, 0x03, 0xC9,
-        0xFC, 0x73, 0x73, 0x25, 0x88, 0x13, 0x78, 0xCA,
-        0x77, 0xEE, 0xF5, 0xC4, 0x15, 0xFB, 0x03, 0x7D,
-        0x68, 0x9A, 0x58, 0x54, 0xA1, 0xD2, 0x4B, 0x65,
-        0x27, 0xA5, 0x9B, 0x9B, 0x16, 0x95, 0x93, 0x84,
-        0x35, 0x8C, 0x42, 0x3C, 0x79, 0x64, 0x5C, 0xCF,
-        0x31, 0x33, 0xE2, 0x1B, 0x4B, 0x64, 0x95, 0x7B,
-        0x14, 0xF6, 0x3F, 0x2A, 0xA2, 0x63, 0x57, 0xB1,
-        0xC2, 0x62, 0xF2, 0xA9, 0x0F, 0x7C, 0xCC, 0x2A,
-        0x15, 0x93, 0x69, 0x99, 0xB0, 0xA1, 0xB4, 0x98,
-        0xAB, 0x3B, 0x32, 0x43, 0x30, 0x32, 0xC9, 0xCA,
-        0x23, 0x08, 0x1C, 0x55, 0xD3, 0x1C, 0xAD, 0x36,
-        0xE9, 0x0C, 0x1C, 0xE0, 0xB5, 0xFC, 0x24, 0x7C,
-        0xE8, 0xC8, 0x43, 0xF2, 0x88, 0x35, 0x24, 0xB6,
-        0x64, 0xFA, 0xC1, 0xB2, 0x0B, 0xE6, 0x02, 0xA1,
-        0x0A, 0xAF, 0x65, 0x73, 0x86, 0x80, 0xBB, 0x10,
-        0x25, 0x44, 0x26, 0xF9, 0xCB, 0x09, 0xA1, 0x95,
-        0x4D, 0xB7, 0x65, 0x56, 0x22, 0x30, 0x8F, 0xAE,
-        0xF5, 0x05, 0xAC, 0xB4, 0x97, 0x55, 0x4A, 0x8F,
-        0xCF, 0xA9, 0x6A, 0x85, 0x25, 0x5A, 0xD8, 0x46,
-        0x54, 0x20, 0x13, 0xB8, 0x41, 0x59, 0x51, 0xBD,
-        0xD4, 0x5C, 0x01, 0x93, 0x1E, 0xBE, 0x58, 0x3E,
-        0x70, 0xE1, 0x3F, 0x30, 0x15, 0x17, 0xB5, 0xA4,
-        0x0D, 0x70, 0x36, 0x1F, 0x63, 0x09, 0x41, 0x60,
-        0x67, 0x64, 0x6D, 0x2B, 0x71, 0x36, 0x62, 0x6B,
-        0xCC, 0xCC, 0x17, 0x0C, 0x66, 0xCE, 0xD4, 0x90,
-        0xC7, 0x35, 0x34, 0x4B, 0x62, 0x77, 0x09, 0x7C,
-        0xA9, 0x14, 0x21, 0x2A, 0x29, 0x2D, 0xD1, 0x22,
-        0xFB, 0xB6, 0x9F, 0xDE, 0xCA, 0x47, 0xFA, 0xB4,
-        0x53, 0x2B, 0x8C, 0x80, 0xCE, 0xB7, 0x7F, 0x9C,
-        0x54, 0x3E, 0x0B, 0xF1, 0x53, 0x6D, 0x1C, 0x0C,
-        0xAE, 0x07, 0x7E, 0x2C, 0xA7, 0x86, 0x2B, 0x45,
-        0xA4, 0x10, 0x46, 0x9C, 0xC5, 0xB7, 0x06, 0xBA,
-        0xE0, 0x05, 0x1C, 0xB2, 0x96, 0x1D, 0xB7, 0x27,
-        0x0B, 0x75, 0xB7, 0x11, 0x69, 0x8D, 0x2B, 0x80,
-        0x70, 0x40, 0xD5, 0x62, 0x81, 0x29, 0x43, 0x6F,
-        0xBB, 0x58, 0xF1, 0x20, 0x3F, 0x75, 0x56, 0x14,
-        0x65, 0xF5, 0x42, 0x57, 0xE4, 0x4D, 0x33, 0xF5,
-        0x12, 0xD6, 0x33, 0x43, 0x1D, 0x00, 0xA2, 0xFB,
-        0x02, 0x30, 0xC9, 0xBB, 0x9C, 0xDD, 0xFC, 0x83,
-        0xBD, 0x65, 0xC9, 0x74, 0x45, 0x30, 0x21, 0x86,
-        0xA1, 0x72, 0x23, 0xAD, 0x21, 0x33, 0x28, 0x03,
-        0xB9, 0x09, 0xE5, 0xE5, 0x67, 0x19, 0x70, 0xBB,
-        0xB0, 0xF1, 0xC4, 0x83, 0x7B, 0xB8, 0x42, 0x73,
-        0xBA, 0x67, 0x5A, 0xC0, 0x74, 0xC5, 0x29, 0x0B,
-        0x41, 0x1C, 0x25, 0x00, 0x65, 0x70, 0x59, 0x33,
-        0x9D, 0xE3, 0x92, 0xF9, 0xCA, 0x30, 0x89, 0x52,
-        0xA2, 0x20, 0x1A, 0x58, 0x87, 0x67, 0xAD, 0xC0,
-        0x35, 0xBD, 0xF3, 0x30, 0x24, 0xEA, 0x3B, 0x9A,
-        0x83, 0xC5, 0xA0, 0xB9, 0xC5, 0x42, 0x5D, 0x14,
-        0x07, 0x0C, 0x81, 0xAA, 0xDA, 0x26, 0xBA, 0xC3,
-        0xFB, 0xB8, 0xD4, 0xB7, 0xCF, 0xEE, 0x03, 0x92,
-        0x37, 0x5C, 0x68, 0x42, 0x73, 0x51, 0xDF, 0xEC,
-        0x63, 0x60, 0x9B, 0xBB, 0x50, 0xB4, 0x63, 0xE0,
-        0x40, 0x92, 0x85, 0x70, 0x09, 0xD1, 0xE5, 0xB8,
-        0x1D, 0x70, 0x7D, 0x14, 0xB8, 0x33, 0xCD, 0x4A,
-        0x0B, 0x55, 0x1B, 0xAA, 0x13, 0xEC, 0x48, 0x8A,
-        0x15, 0x03, 0xB0, 0x46, 0x7E, 0xE4, 0x02, 0x3C,
-        0x3F, 0xE0, 0x32, 0xC7, 0x82, 0x25, 0x06, 0x38,
-        0x86, 0xE2, 0x46, 0x8E, 0x00, 0xF7, 0x00, 0x07,
-        0x2A, 0x2E, 0xC8, 0xDA, 0x6A, 0xFB, 0x20, 0x6C,
-        0x91, 0x90, 0x44, 0x33, 0xBB, 0xCC, 0xB0, 0xE7,
-        0x6F, 0x42, 0x46, 0x8C, 0x40, 0xEB, 0x5F, 0x59,
-        0xCB, 0x9A, 0xE1, 0xB0, 0x35, 0xE5, 0x21, 0x51,
-        0x0B, 0xF2, 0x16, 0xA1, 0xAB, 0xCB, 0x19, 0x03,
-        0x3B, 0x7A, 0x65, 0x88, 0x97, 0xC6, 0x58, 0x74,
-        0xD5, 0x13, 0x51, 0x83, 0x14, 0x9F, 0x97, 0x9E,
-        0x55, 0x3C, 0xCF, 0xBF, 0xA3, 0x90, 0x0C, 0xDA,
-        0x6F, 0x01, 0x96, 0x0B, 0x75, 0x15, 0x7F, 0x54,
-        0x53, 0xAA, 0x6E, 0x73, 0xB3, 0xED, 0x90, 0x2F,
-        0x7D, 0x7C, 0x93, 0x05, 0x97, 0x1B, 0xDF, 0x72,
-        0x2E, 0x29, 0x37, 0x16, 0x9A, 0x1B, 0xC0, 0xFA,
-        0xEB, 0x6C, 0x92, 0xF7, 0x15, 0x0D, 0x23, 0x30,
-        0x87, 0x7C, 0x5D, 0xC5, 0x24, 0x9A, 0xAE, 0x20,
-        0x30, 0x26, 0x34, 0xC5, 0xC5, 0xB2, 0x30, 0x53,
-        0x52, 0x10, 0x28, 0x12, 0x25, 0x42, 0xF4, 0x85,
-        0xA0, 0xEA, 0xC8, 0x69, 0x22, 0x37, 0x20, 0x63,
-        0x36, 0x51, 0xF5, 0xB2, 0x47, 0xC6, 0x62, 0xB3,
-        0x1A, 0x10, 0x53, 0x8C, 0xA7, 0x49, 0x1B, 0x14,
-        0x37, 0xAA, 0x74, 0xF4, 0x28, 0x2D, 0x12, 0x97,
-        0x4D, 0x9C, 0x93, 0x4D, 0xF2, 0x14, 0x78, 0x5B,
-        0x64, 0x18, 0x46, 0x8B, 0x92, 0xE5, 0x25, 0x28,
-        0xC8, 0x44, 0x7A, 0x1C, 0xA4, 0x22, 0xFA, 0x6C,
-        0xC8, 0x8E, 0x28, 0xB0, 0x59, 0xF0, 0x4B, 0x23,
-        0x59, 0x73, 0x23, 0xF7, 0x2F, 0x3E, 0x23, 0x36,
-        0xF8, 0x7C, 0x47, 0x90, 0x5C, 0xBA, 0x65, 0x5B,
-        0xB7, 0x3F, 0xC3, 0x2E, 0x18, 0xD4, 0xB7, 0x87,
-        0x05, 0xC7, 0x82, 0xEB, 0xCB, 0x43, 0xE2, 0x78,
-        0x5C, 0x82, 0xC5, 0xAF, 0x24, 0xB0, 0xE1, 0x69,
-        0x9C, 0xFB, 0xC0, 0x25, 0x74, 0x75, 0x79, 0x9A,
-        0x53, 0x9B, 0x11, 0xA5, 0x0F, 0x4D, 0xF2, 0xB7,
-        0xFA, 0xA2, 0x0B, 0xD8, 0x82, 0x75, 0x15, 0xCA,
-        0x37, 0x0F, 0x89, 0xC0, 0xD4, 0xC6, 0x09, 0x02,
-        0xF6, 0x56, 0x7C, 0xD6, 0x0B, 0x08, 0x60, 0xA5,
-        0x5B, 0xC8, 0x57, 0x2C, 0x43, 0x6C, 0x24, 0x6A,
-        0xC2, 0x76, 0x64, 0x4E, 0x7D, 0x60, 0x2A, 0xA5,
-        0x7C, 0x01, 0x66, 0x20, 0x18, 0x14, 0x99, 0x1C,
-        0x1B, 0xD7, 0x5C, 0x7C, 0x47, 0xC3, 0x48, 0xB6,
-        0x7D, 0x77, 0x61, 0x33, 0x86, 0x90, 0x81, 0x44,
-        0xEA, 0x83, 0xFF, 0x72, 0x1F, 0x9A, 0x50, 0x07,
-        0x6C, 0x51, 0x01, 0x64, 0xD1, 0x8E, 0x05, 0xD0,
-        0x5D, 0x98, 0x84, 0xC4, 0x41, 0x46, 0xA0, 0x7C,
-        0xCA, 0xCF, 0x89, 0x04, 0x98, 0xED, 0x1A, 0x19,
-        0xB2, 0xA1, 0x54, 0x31, 0x72, 0x9D, 0xC1, 0xF1,
-        0x2B, 0x7E, 0xA1, 0x0F, 0x9F, 0x92, 0x80, 0x62,
-        0xD1, 0x45, 0x4B, 0x4B, 0x9F, 0x68, 0xE5, 0x99,
-        0x90, 0x29, 0x0B, 0xE3, 0x72, 0x8B, 0x32, 0x89,
-        0x56, 0x93, 0x63, 0xAB, 0x10, 0x05, 0x13, 0x1B,
-        0x23, 0x81, 0xA0, 0x8C, 0xC2, 0xBF, 0x94, 0x3E,
-        0x95, 0xD5, 0xB2, 0x1B, 0xC6, 0xAA, 0xBC, 0x22,
-        0x73, 0x34, 0x8B, 0xC7, 0x2B, 0xD0, 0x93, 0xB7,
-        0xB5, 0x61, 0x7A, 0xE8, 0x7F, 0x60, 0x2B, 0xB9,
-        0x89, 0xE6, 0xAF, 0xC4, 0x4B, 0x81, 0x51, 0x20,
-        0x76, 0xA3, 0xA8, 0x76, 0xE0, 0xE2, 0x5F, 0x97,
-        0x62, 0xB4, 0x62, 0x08, 0x19, 0x85, 0x50, 0x2F,
-        0x26, 0xB2, 0x87, 0xA2, 0x93, 0x6D, 0x5B, 0x1A,
-        0xCF, 0xFC, 0xEC, 0x4E, 0xEE, 0x77, 0xA9, 0xCB,
-        0xA9, 0x80, 0xEB, 0x9B, 0x5F, 0xDE, 0x75, 0x53,
-        0x9F, 0x65, 0x09, 0x04, 0x67, 0x7D, 0xBE, 0x29,
-        0xAB, 0x8B, 0xB9, 0x18, 0xA3, 0x49, 0x48, 0x03,
-        0xEC, 0xA5, 0x9A, 0x2C, 0x32, 0xE5, 0xB5, 0xC8,
-        0x3B, 0x0B, 0x80, 0xB1, 0x10, 0x2C, 0xD7, 0xD9,
-        0x48, 0x2B, 0x45, 0x9B, 0x6B, 0x74, 0x49, 0x1E,
-        0xC3, 0x0C, 0x4B, 0xE7, 0x7C, 0x2B, 0x52, 0x4A,
-        0xF7, 0xB3, 0xAD, 0x1F, 0x71, 0x34, 0x1D, 0xF0,
-        0xA7, 0x6F, 0x25, 0x5C, 0x29, 0x03, 0xC8, 0x82,
-        0x08, 0x07, 0x93, 0x79, 0x93, 0x0A, 0x95, 0x13,
-        0xF3, 0x90, 0x12, 0x6E, 0x73, 0x2A, 0x2B, 0xB0,
-        0x94, 0xBF, 0xA6, 0xBF, 0x0A, 0x43, 0x2B, 0xCD,
-        0x65, 0x7D, 0xAF, 0xCB, 0x25, 0xC8, 0xBB, 0x15,
-        0xE0, 0x95, 0x5D, 0x09, 0x9B, 0x74, 0xFF, 0x1A,
-        0x4D, 0xE6, 0x55, 0x9C, 0xD6, 0x79, 0x7C, 0x38,
-        0xC4, 0x8C, 0x11, 0x34, 0xCA, 0x2C, 0x97, 0x92,
-        0x43, 0xF3, 0x15, 0x2A, 0xF4, 0xBB, 0xE4, 0xD7,
-        0xA6, 0xBC, 0x09, 0x87, 0x21, 0x33, 0x92, 0x0C,
-        0xD2, 0x3B, 0x3E, 0xF9, 0x84, 0x8C, 0xCC, 0x68,
-        0x45, 0xD6, 0x47, 0xB5, 0x38, 0x75, 0x57, 0x73,
-        0x65, 0x13, 0xD5, 0x85, 0x60, 0x84, 0x51, 0x92,
-        0xF9, 0x26, 0x51, 0x59, 0x93, 0x2E, 0x57, 0x2A,
-        0x88, 0xC4, 0x4E, 0x65, 0x66, 0x76, 0x0C, 0x06,
-        0x1C, 0x67, 0xFC, 0xB5, 0xBF, 0x21, 0x00, 0x95,
-        0xE2, 0x14, 0xDA, 0x74, 0x53, 0x57, 0xE3, 0x69,
-        0x96, 0xD8, 0xC0, 0x66, 0x31, 0x1B, 0xBC, 0x76,
-        0x1A, 0x1F, 0xD2, 0x52, 0x73, 0xD2, 0x1E, 0xAB,
-        0x50, 0x01, 0x05, 0x63, 0xCD, 0x64, 0x68, 0xA4,
-        0xEA, 0x83, 0x6B, 0x6D, 0x64, 0xBD, 0x2B, 0xD7,
-        0x6D, 0xBE, 0x35, 0x82, 0xD5, 0x73, 0x6A, 0x60,
-        0x5A, 0x55, 0x09, 0xFC, 0x28, 0x78, 0x9B, 0x56,
-        0xB8, 0x84, 0xAE, 0x9A, 0x60, 0x41, 0x5F, 0x55,
-        0x67, 0x4B, 0xE6, 0x01, 0x57, 0x6C, 0x7C, 0xEE,
-        0x58, 0x14, 0x3B, 0xF0, 0x54, 0x80, 0x6A, 0xBC,
-        0xB3, 0x45, 0xA2, 0x56, 0xCB, 0xC4, 0x54, 0xE3,
-        0x43, 0xF3, 0xCC, 0x7A, 0xDE, 0x65, 0x56, 0x2F,
-        0xD2, 0x9E, 0xB2, 0x59, 0x73, 0x7B, 0xB3, 0xCF,
-        0x96, 0x49, 0xBD, 0xEA, 0x28, 0x3F, 0xB0, 0x72,
-        0x65, 0x67, 0x7C, 0x98, 0x08, 0xD1, 0x31, 0x19,
-        0xC0, 0xA2, 0xAD, 0xF7, 0x45, 0xDE, 0x69, 0x75,
-        0xF4, 0x56, 0x2C, 0xD6, 0x15, 0x57, 0xB3, 0x96,
-        0x5D, 0x2B, 0x07, 0x2F, 0x00, 0x0A, 0xA7, 0xE0,
-        0xA3, 0x57, 0xE1, 0x25, 0x3E, 0xAF, 0xEA, 0x7F,
-        0xDF, 0xCC, 0x92, 0xFA, 0x87, 0x63, 0x0D, 0xD2,
-        0x27, 0x6C, 0xE4, 0x2E, 0x82, 0x0B, 0x69, 0xD1,
-        0xFC, 0x2E, 0x47, 0xD5, 0xC4, 0x98, 0xA5, 0x5B,
-        0x3B, 0x29, 0xC3, 0x4E, 0x64, 0x90, 0x3D, 0x04,
-        0x7A, 0xB1, 0xC0, 0x40, 0x24, 0x95, 0x8F, 0x70,
-        0x11, 0x95, 0xF5, 0xD1, 0x3E, 0xC6, 0x70, 0x6B,
-        0x84, 0x48, 0x50, 0x3A, 0x54, 0x99, 0x22, 0xA5,
-        0x8A, 0x24, 0xB6, 0x7C, 0x93, 0x63, 0x27, 0x56,
-        0xB7, 0x7D, 0x22, 0x54, 0x07, 0x31, 0x61, 0x71,
-        0xDE, 0xEC, 0x56, 0x71, 0x44, 0x35, 0xCF, 0x94,
-        0xCC, 0xF4, 0x59, 0x9E, 0x00, 0xD1, 0x0E, 0x56,
-        0x96, 0x22, 0xBA, 0xDA, 0x82, 0x0C, 0x45, 0x2F,
-        0x25, 0x42, 0xAD, 0xF0, 0x87, 0x65, 0xCA, 0x93,
-        0xAE, 0x38, 0xEB, 0x02, 0x5D, 0xE3, 0x1C, 0xFF,
-        0x79, 0x74, 0x54, 0x9A, 0x78, 0x25, 0xA8, 0x31,
-        0xDD, 0x05, 0x4E, 0x87, 0xB8, 0x4C, 0x5F, 0x25,
-        0x47, 0xFF, 0x47, 0xB4, 0x6F, 0x88, 0xC9, 0x9F,
-        0x15, 0x48, 0xE9, 0x33, 0xA6, 0xF4, 0xD8, 0x7F,
-        0x1A, 0x4A, 0x1B, 0x00, 0xE3, 0x9E, 0x02, 0xD6,
-        0x0E, 0x51, 0xEB, 0x60, 0x3C, 0x1C, 0x0D, 0x80,
-        0x7A, 0xCD, 0xAB, 0x08, 0xBA, 0xA2, 0xB9, 0x98,
-        0x69, 0xB7, 0x5C, 0xA2, 0xC4, 0xB9, 0x63, 0x68,
-        0xB5, 0x17, 0x80, 0xBD, 0x1E, 0xC7, 0x5B, 0x11,
-        0x0B, 0x9F, 0xA6, 0x65, 0x56, 0x87, 0x6C, 0x5F,
-        0x48, 0x79, 0x7D, 0x09, 0x01, 0x38, 0xF7, 0x54,
-        0xAE, 0x30, 0x53, 0x3D, 0x36, 0xAA, 0x44, 0xB9,
-        0xB1, 0x70, 0x2A, 0x6A, 0x8A, 0x56, 0x62, 0x6B,
-        0xF0, 0x45, 0x1A, 0x37, 0xA7, 0xAC, 0x1A, 0x33,
-        0x70, 0x76, 0xE5, 0x1E, 0x0A, 0x6B, 0x03, 0x00,
-        0xC2, 0xC7, 0x90, 0xA4, 0x43, 0x7E, 0xA2, 0x8D,
-        0x7E, 0xC9, 0x8C, 0x41, 0x9B, 0x37, 0xD6, 0xAA,
-        0x97, 0x04, 0x17, 0x43, 0x5F, 0x91, 0xBE, 0xDC,
-        0x2B, 0x1F, 0x4B, 0xC8, 0x15, 0x8A, 0x51, 0xB1,
-        0xF4, 0x71, 0x51, 0x6F, 0xE8, 0x24, 0x28, 0x7C,
-        0x89, 0x6B, 0x89, 0x1B, 0x49, 0xF2, 0x54, 0xDD,
-        0x36, 0x35, 0x9B, 0x89, 0xC8, 0x24, 0xEB, 0x3F,
-        0x62, 0x48, 0x02, 0x7F, 0xBB, 0xAD, 0x4C, 0xF2,
-        0x91, 0x18, 0xCB, 0x50, 0xEB, 0xB6, 0x25, 0xA3,
-        0x7C, 0x53, 0x7A, 0x02, 0x23, 0xF0, 0xEB, 0x70,
-        0x85, 0xB5, 0xC7, 0xEC, 0x60, 0x75, 0x70, 0xDB,
-        0x91, 0x85, 0xD5, 0x99, 0x02, 0xBC, 0x26, 0xC6,
-        0x54, 0xA2, 0x80, 0x4C, 0x0D, 0x94, 0x67, 0x93,
-        0xD8, 0xA2, 0x14, 0x82, 0xAC, 0x4F, 0x05, 0xE9,
-        0x01, 0x62, 0x60, 0x33, 0x1D, 0xCC, 0x58, 0xBC,
-        0x66, 0xAF, 0x3C, 0xA7, 0x58, 0x54, 0x40, 0x21,
-        0x6A, 0xA0, 0x26, 0x3B, 0x2A, 0x72, 0x5E, 0x08,
-        0x0F, 0x6F, 0x9C, 0x5B, 0x6A, 0x9C, 0x9D, 0xA2,
-        0x93, 0x55, 0x18, 0x9B, 0x4B, 0x95, 0xB1, 0x37,
-        0xD1, 0x22, 0x5F, 0x25, 0x2A, 0xC7, 0x97, 0xB0,
-        0x64, 0x6C, 0xAC, 0x52, 0x16, 0x4B, 0x59, 0x72,
-        0xA9, 0x92, 0x65, 0xD3, 0x47, 0xFC, 0x7C, 0x35,
-        0x91, 0xD1, 0x5F, 0xFE, 0x68, 0x1C, 0x06, 0xD4,
-        0x38, 0xCC, 0xEB, 0x60, 0xBB, 0x63, 0x10, 0xB7,
-        0x95, 0x32, 0x89, 0x72, 0x0E, 0x2C, 0x72, 0x87,
-        0x30, 0x05, 0x23, 0x37, 0xAC, 0xA7, 0xC8, 0x52,
-        0x1A, 0xB4, 0x4F, 0x1E, 0x2A, 0x04, 0x9B, 0x83,
-        0xE0, 0x77, 0x4C, 0x96, 0xCD, 0x8C, 0x87, 0x6F,
-        0xA6, 0x75, 0xD0, 0x92, 0x39, 0x77, 0x27, 0x1B,
-        0xE6, 0xE8, 0x32, 0xF2, 0x49, 0x8C, 0xA5, 0xA3,
-        0x43, 0x1F, 0x40, 0xD3, 0x18, 0x7B, 0x1E, 0xD9,
-        0x65, 0xFD, 0xD6, 0x69, 0x3B, 0x37, 0xF6, 0xEB,
-        0x40, 0x8A, 0x99, 0x97, 0x7A, 0xE4, 0x96, 0x44,
-        0x7A, 0xF6, 0x50, 0x22, 0xE0, 0xA4, 0x72, 0xED,
-        0x63, 0x88, 0x63, 0x8E, 0xA2, 0x9D, 0x82, 0xDA,
-        0x68, 0xB4, 0xCF, 0x9F, 0xFD, 0xF2, 0xB6, 0x7C,
-        0xD7, 0x08, 0xEA, 0x5A, 0x37, 0x0C, 0x6A, 0x7C
-    };
-#endif
-    static byte pubKey[KYBER_MAX_PUBLIC_KEY_SIZE];
-    static byte privKey[KYBER_MAX_PRIVATE_KEY_SIZE];
-
-    key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(key);
-    if (key != NULL) {
-        XMEMSET(key, 0, sizeof(KyberKey));
-    }
-
-#ifndef WOLFSSL_NO_KYBER512
-    ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_512, sizeof(seed_512)),
-        0);
-    ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey,
-        KYBER512_PUBLIC_KEY_SIZE), 0);
-    ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey,
-        KYBER512_PRIVATE_KEY_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(pubKey, ek_512, KYBER512_PUBLIC_KEY_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(privKey, dk_512, KYBER512_PRIVATE_KEY_SIZE), 0);
-    wc_KyberKey_Free(key);
-#endif
-#ifndef WOLFSSL_NO_KYBER768
-    ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_768, sizeof(seed_768)),
-        0);
-    ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey,
-        KYBER768_PUBLIC_KEY_SIZE), 0);
-    ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey,
-        KYBER768_PRIVATE_KEY_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(pubKey, ek_768, KYBER768_PUBLIC_KEY_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(privKey, dk_768, KYBER768_PRIVATE_KEY_SIZE), 0);
-    wc_KyberKey_Free(key);
-#endif
-#ifndef WOLFSSL_NO_KYBER1024
-    ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_1024,
-        sizeof(seed_1024)), 0);
-    ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey,
-        KYBER1024_PUBLIC_KEY_SIZE), 0);
-    ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey,
-        KYBER1024_PRIVATE_KEY_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(pubKey, ek_1024, KYBER1024_PUBLIC_KEY_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(privKey, dk_1024, KYBER1024_PRIVATE_KEY_SIZE), 0);
-    wc_KyberKey_Free(key);
-#endif
-
-    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_kyber_encapsulate_kats(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \
-    defined(WOLFSSL_ML_KEM)
-    KyberKey* key;
-#ifndef WOLFSSL_NO_KYBER512
-    static const byte ek_512[KYBER512_PUBLIC_KEY_SIZE] = {
-        0xA5, 0x40, 0x97, 0x18, 0xCB, 0x72, 0xF2, 0x43,
-        0x8A, 0x35, 0x55, 0xA3, 0xC8, 0xF1, 0x8F, 0x26,
-        0x71, 0xA1, 0xF8, 0x14, 0x03, 0xDF, 0x7B, 0x5A,
-        0x46, 0x59, 0xA5, 0x1F, 0x50, 0x82, 0x7B, 0xA6,
-        0x57, 0x7A, 0xA7, 0x08, 0x00, 0xD7, 0x8D, 0x8B,
-        0xC5, 0xAA, 0x86, 0xB8, 0x9E, 0x08, 0xB5, 0x8F,
-        0x34, 0x80, 0xA8, 0x9E, 0x10, 0x4D, 0xC6, 0x92,
-        0x2E, 0xDB, 0xC1, 0x2D, 0x06, 0xF8, 0x91, 0x02,
-        0x7C, 0x65, 0x4E, 0x99, 0x4A, 0x22, 0xF9, 0x1A,
-        0x2A, 0xF6, 0x34, 0x04, 0xCA, 0x98, 0xD7, 0xB6,
-        0x7E, 0xEA, 0x25, 0x91, 0x1B, 0x24, 0xC7, 0x0D,
-        0xEB, 0x81, 0x46, 0xA0, 0x82, 0x1F, 0x34, 0xA3,
-        0x02, 0x55, 0x1F, 0x2D, 0x51, 0x0C, 0x05, 0x88,
-        0xC8, 0xBC, 0xA7, 0x4E, 0xB4, 0xDC, 0x0C, 0xFA,
-        0x46, 0x03, 0xC1, 0xC5, 0xA3, 0xC5, 0x53, 0x70,
-        0x61, 0x78, 0x90, 0x68, 0x68, 0x2C, 0x4C, 0xC3,
-        0x14, 0x3F, 0xBA, 0x9B, 0xB5, 0x54, 0x2F, 0x97,
-        0x78, 0xBD, 0xF2, 0x3B, 0x36, 0x52, 0xF2, 0xA7,
-        0x52, 0x47, 0x56, 0xFA, 0x73, 0x90, 0x9D, 0xDA,
-        0xC7, 0xE5, 0x32, 0x52, 0x26, 0x59, 0x21, 0x8C,
-        0xBA, 0x25, 0xF3, 0x3B, 0x6B, 0x04, 0x58, 0xCB,
-        0x03, 0xDA, 0x79, 0x35, 0xBA, 0x59, 0x11, 0x19,
-        0x55, 0x31, 0x2B, 0x15, 0xCC, 0xE2, 0xC0, 0xF7,
-        0x34, 0x66, 0xA8, 0x00, 0x62, 0x83, 0xA2, 0xAA,
-        0x7C, 0xBB, 0x61, 0x02, 0x2A, 0xBB, 0xC2, 0xD1,
-        0x9F, 0x29, 0x20, 0xBC, 0x30, 0x24, 0x72, 0xDC,
-        0x97, 0xC4, 0xA1, 0x78, 0x8C, 0x9B, 0xD3, 0xBB,
-        0xED, 0xC9, 0x12, 0x2B, 0x82, 0x7B, 0x27, 0x9C,
-        0x07, 0x4C, 0x80, 0x44, 0x31, 0x41, 0x11, 0x9F,
-        0x4B, 0x16, 0x29, 0xF6, 0x2F, 0x10, 0xD4, 0xCE,
-        0x2B, 0xE3, 0xBB, 0x34, 0x38, 0x16, 0xCA, 0xD1,
-        0x6A, 0x1C, 0x87, 0x58, 0x2F, 0x2B, 0x70, 0xE2,
-        0x66, 0x35, 0xB0, 0x8B, 0xB3, 0x90, 0xC1, 0x33,
-        0x98, 0xFC, 0xCD, 0xA7, 0xE9, 0xBB, 0x3D, 0x9B,
-        0x0B, 0x78, 0x03, 0x75, 0x0C, 0x95, 0x5C, 0x57,
-        0xA0, 0x28, 0xA5, 0xD2, 0x6C, 0x27, 0x03, 0x16,
-        0xBB, 0x2B, 0x81, 0x5C, 0x3B, 0x97, 0x2B, 0xA6,
-        0x78, 0x2D, 0xAB, 0x02, 0xF3, 0x06, 0x82, 0x1E,
-        0x61, 0x28, 0x5B, 0xB0, 0x72, 0xBF, 0x79, 0x78,
-        0x1C, 0xAB, 0xC3, 0x86, 0x14, 0x2A, 0x50, 0xC7,
-        0xAA, 0xAE, 0x66, 0xA9, 0x47, 0x58, 0x5B, 0xB0,
-        0xD8, 0x28, 0x8D, 0xBC, 0xAF, 0x4B, 0x3B, 0x85,
-        0xBB, 0x79, 0x26, 0x98, 0x7B, 0xAF, 0x76, 0x43,
-        0xAA, 0xB5, 0xFB, 0x02, 0x21, 0x05, 0x80, 0xA0,
-        0x26, 0x43, 0x52, 0xE6, 0x9C, 0x60, 0x98, 0x98,
-        0x9C, 0xFB, 0x87, 0x48, 0x33, 0x95, 0x96, 0x0A,
-        0x3A, 0x4F, 0x31, 0xBE, 0xFD, 0xA8, 0x0B, 0x5F,
-        0x28, 0x6E, 0xCF, 0xDA, 0xA5, 0x55, 0xD4, 0x39,
-        0x0A, 0xF6, 0xB5, 0x5D, 0x31, 0x39, 0x20, 0x92,
-        0x90, 0x93, 0x44, 0x9C, 0xD6, 0x72, 0x9D, 0x00,
-        0x21, 0x8E, 0x2D, 0x86, 0x57, 0x0A, 0xDC, 0x0C,
-        0x4F, 0x65, 0x45, 0xFF, 0xB5, 0x63, 0x2E, 0xFB,
-        0x3A, 0xAE, 0x26, 0x25, 0xA6, 0x98, 0x26, 0x70,
-        0xFA, 0xCE, 0x8D, 0x16, 0x12, 0x6F, 0xA6, 0x07,
-        0xE6, 0xD0, 0xA1, 0xFF, 0x61, 0x6A, 0x46, 0xEC,
-        0xA6, 0x42, 0xCC, 0x6A, 0xAC, 0x55, 0x4D, 0xBB,
-        0xC4, 0x3D, 0xFC, 0xF5, 0x7F, 0x36, 0x4C, 0x19,
-        0x0C, 0xEA, 0x57, 0x76, 0xC1, 0xCE, 0xB5, 0x8B,
-        0x70, 0x07, 0x50, 0x5F, 0xD7, 0x9C, 0x5F, 0x00,
-        0x5A, 0x4B, 0xA2, 0x18, 0xCF, 0x06, 0x93, 0xB0,
-        0x58, 0xB5, 0x10, 0xA4, 0xCA, 0x20, 0x43, 0x24,
-        0x60, 0x2F, 0x59, 0xBB, 0x8F, 0x22, 0x81, 0xC4,
-        0xD7, 0xB0, 0xBC, 0x86, 0x25, 0xE7, 0x88, 0x16,
-        0x50, 0xF5, 0x7C, 0x89, 0xE3, 0x2C, 0xF4, 0x80,
-        0x91, 0x44, 0x77, 0x5C, 0x90, 0x73, 0xB6, 0x73,
-        0xE3, 0x94, 0x12, 0xA2, 0x7C, 0x91, 0x43, 0x21,
-        0xCC, 0xB6, 0xA7, 0xCF, 0x7C, 0x37, 0xC5, 0xBC,
-        0xBE, 0x7C, 0xA5, 0x1B, 0xE0, 0xC9, 0x28, 0x46,
-        0x6A, 0x45, 0x8E, 0xB7, 0x78, 0xD6, 0x46, 0x6A,
-        0x89, 0x2A, 0x0A, 0xCB, 0xC0, 0x96, 0x38, 0x78,
-        0x4A, 0x27, 0x73, 0x9C, 0x97, 0x0C, 0xA5, 0x8B,
-        0xC2, 0x59, 0x5A, 0xD6, 0xBF, 0xA4, 0xE5, 0x2E,
-        0xB4, 0x38, 0xAC, 0x97, 0xC4, 0x16, 0x23, 0x80,
-        0x22, 0x48, 0xE1, 0x10, 0xB0, 0x74, 0x83, 0x8F,
-        0x31, 0xA6, 0xE7, 0x50, 0x37, 0x37, 0x70, 0x4E,
-        0x7A, 0xE4, 0xAD, 0x91, 0x29, 0x95, 0x72, 0xA8,
-        0xC1, 0x36, 0x03, 0x50, 0x0F, 0x36, 0x09, 0xB6,
-        0x25, 0xB4, 0xE2, 0x4C, 0xAE, 0x33, 0x2B, 0x0D,
-        0x7A, 0x5B, 0xB4, 0x7A, 0x03, 0x85, 0x12, 0xA0,
-        0x81, 0xBC, 0x27, 0xCD, 0xF0, 0xF2, 0x92, 0x3C,
-        0xD3, 0x47, 0x9F, 0x53, 0x07, 0x02, 0x0B, 0x77,
-        0xF1, 0x49, 0x58, 0x45, 0x64, 0x06, 0x0E, 0x50,
-        0x83, 0xCE, 0xD5, 0x53, 0x12, 0xB6, 0xA6, 0xA4,
-        0x65, 0xA8, 0x2B, 0x45, 0x77, 0xD6, 0x3A, 0x4B,
-        0x49, 0xC8, 0x0B, 0x07, 0xA9, 0x36, 0x7E, 0x39,
-        0x77, 0x8A, 0xF7, 0x6F, 0xA8, 0xEC, 0x2C, 0xF5,
-        0x28, 0x72, 0x28, 0x56, 0xCE, 0x78, 0x13, 0x40,
-        0x1A, 0x83, 0x83, 0xBD, 0xB7, 0x15, 0x1B, 0x9B,
-        0x6D, 0x2D, 0xD6, 0xBF, 0xF5, 0x54, 0x01, 0xD2,
-        0x8A, 0xC6, 0x12, 0x81, 0x8C, 0x88, 0xC9, 0x28,
-        0x73, 0x47, 0xB0, 0x98, 0xA9, 0x66, 0xEB, 0x9C,
-        0x0A, 0x2D, 0xB7, 0x1F, 0x0A, 0x75, 0x55, 0x5E,
-        0x17, 0x57, 0xD3, 0xAC, 0x4E, 0x3D, 0x80, 0x2C,
-        0x8D, 0xC6, 0xA2, 0x61, 0x52, 0x12, 0x55, 0x18,
-        0x6A, 0xBB, 0x98, 0xC2, 0x48, 0x03, 0x01, 0xB8,
-        0xC6, 0xB3, 0x12, 0x28, 0xB5, 0x44, 0x61, 0xBC,
-        0x44, 0xEA, 0x3C, 0x2C, 0xF9, 0x4B, 0x86, 0xC7,
-        0xA5, 0xB8, 0x2C, 0x55, 0x16, 0x7A, 0x76, 0x06,
-        0xCA, 0x9D, 0xC8, 0x25, 0x3B, 0x76, 0x04, 0xE4,
-        0x4A, 0x07, 0xF3, 0xED, 0x55, 0xCD, 0x5B, 0x5E
-    };
-    static const byte seed_512[KYBER_ENC_RAND_SZ] = {
-        0x10, 0x9A, 0x24, 0x8F, 0xE8, 0x05, 0x2F, 0x84,
-        0x27, 0x1F, 0xF5, 0x7B, 0xAC, 0x15, 0x6B, 0x1B,
-        0xA6, 0xA5, 0x09, 0xCD, 0xCD, 0xBC, 0xC9, 0x6C,
-        0xCD, 0xB1, 0xCC, 0xB8, 0x5C, 0xA4, 0x93, 0x15
-    };
-    static const byte c_512[KYBER512_CIPHER_TEXT_SIZE] = {
-        0x59, 0x7A, 0x06, 0xDE, 0xB8, 0x81, 0x72, 0xBA,
-        0x8D, 0x7C, 0xDE, 0x8D, 0x82, 0xCA, 0xA2, 0x34,
-        0xB8, 0x11, 0x2A, 0xF8, 0xA7, 0x2F, 0x1A, 0xB4,
-        0xCE, 0xA1, 0xEF, 0xCB, 0x2D, 0x86, 0x8D, 0x53,
-        0xD2, 0x12, 0xE3, 0x03, 0xB7, 0x0E, 0x7E, 0x52,
-        0x1A, 0xB0, 0xF4, 0xB5, 0xDB, 0x4F, 0x51, 0x15,
-        0x92, 0x48, 0xBF, 0xB2, 0x75, 0x36, 0x1B, 0xEF,
-        0x88, 0x37, 0x52, 0xC7, 0x8B, 0x8D, 0x47, 0x12,
-        0x27, 0x53, 0x85, 0x53, 0x6A, 0x4B, 0x0A, 0x96,
-        0xE3, 0xC2, 0x3E, 0xA6, 0xC1, 0x7E, 0xA9, 0x2B,
-        0x60, 0x26, 0x16, 0xE5, 0x82, 0x1E, 0x57, 0x53,
-        0xA4, 0x73, 0x6C, 0x40, 0x39, 0xC2, 0x0C, 0x92,
-        0x3C, 0xCE, 0xCB, 0x57, 0x98, 0x05, 0x58, 0x7C,
-        0x0C, 0xE7, 0x22, 0x18, 0xBB, 0x1A, 0xB1, 0x24,
-        0x52, 0xF8, 0xE1, 0x54, 0xCB, 0x86, 0x43, 0x32,
-        0x81, 0x42, 0xF9, 0xB3, 0x40, 0xA6, 0x41, 0xC6,
-        0xF2, 0x95, 0xE5, 0xEC, 0xF2, 0xE0, 0x48, 0xBC,
-        0x7F, 0xC7, 0x9B, 0xC5, 0xB9, 0x42, 0x77, 0xC8,
-        0x68, 0xD8, 0xE5, 0x36, 0xB5, 0x04, 0x25, 0x80,
-        0x9D, 0xCF, 0xA0, 0x24, 0xA3, 0x90, 0x5C, 0xBA,
-        0x55, 0x0A, 0xD3, 0xBB, 0x52, 0xB4, 0x59, 0xAC,
-        0x38, 0xFA, 0xBC, 0x9B, 0xC0, 0x0E, 0xBA, 0x03,
-        0xEC, 0x09, 0x06, 0x72, 0x5B, 0x4F, 0xE4, 0xE9,
-        0x76, 0xF1, 0x74, 0x32, 0x00, 0x47, 0xB3, 0x1D,
-        0x15, 0x89, 0x13, 0x65, 0xBA, 0x48, 0x23, 0x88,
-        0xF0, 0xFB, 0x97, 0x3B, 0x85, 0x22, 0x4F, 0xB0,
-        0x0B, 0xA8, 0x65, 0xAF, 0xAB, 0x3C, 0x9A, 0x1B,
-        0x7D, 0x48, 0x9F, 0x7B, 0x98, 0x2D, 0x0B, 0xD4,
-        0x70, 0xEF, 0x94, 0x8E, 0xCB, 0x5B, 0x39, 0x20,
-        0xAF, 0x89, 0x03, 0x59, 0x60, 0x12, 0x3B, 0x1F,
-        0x86, 0x30, 0xD7, 0x63, 0x68, 0x1B, 0xFD, 0x67,
-        0x15, 0x67, 0xEF, 0xBB, 0x1E, 0x62, 0x76, 0xAA,
-        0x4F, 0xB2, 0xDF, 0xA9, 0xC3, 0x94, 0x8D, 0xB7,
-        0xF0, 0x83, 0xF2, 0x83, 0x83, 0xB7, 0x7B, 0xC5,
-        0x14, 0xAF, 0x9D, 0x68, 0xD2, 0x2E, 0x24, 0x87,
-        0xC2, 0x01, 0x63, 0xC0, 0x2B, 0x0B, 0xBF, 0x23,
-        0xBB, 0xCE, 0x06, 0x50, 0xF8, 0x4F, 0xF8, 0xCE,
-        0x02, 0xC7, 0x4E, 0x9E, 0x11, 0xD6, 0xF3, 0x0E,
-        0xC5, 0xFA, 0x8A, 0x01, 0x2A, 0xDC, 0x3B, 0x89,
-        0x62, 0x7C, 0x7D, 0xE8, 0x55, 0xC1, 0xFB, 0xBE,
-        0xB5, 0xDC, 0xDE, 0x84, 0xD0, 0x5E, 0x36, 0xC5,
-        0x56, 0x6E, 0x55, 0x51, 0xB5, 0x87, 0x50, 0xA4,
-        0x11, 0x64, 0x26, 0x39, 0xB2, 0x78, 0x64, 0xF7,
-        0xE0, 0x05, 0x97, 0x8F, 0xFE, 0x25, 0x6B, 0x75,
-        0x7D, 0x13, 0xDA, 0x66, 0x3F, 0xC3, 0xBB, 0x07,
-        0x94, 0xA2, 0x7C, 0xF7, 0x58, 0x5D, 0x12, 0xF2,
-        0x2D, 0x95, 0x3B, 0x28, 0x54, 0x59, 0xFD, 0xC9,
-        0xBC, 0xDF, 0xCD, 0xCC, 0xB7, 0xBF, 0x3E, 0x4E,
-        0x36, 0x2D, 0x28, 0x91, 0xD5, 0x83, 0x85, 0x5F,
-        0x5D, 0x94, 0x87, 0xE6, 0xFB, 0x21, 0x7E, 0x2E,
-        0x45, 0xEE, 0x0B, 0xD9, 0xAF, 0xC2, 0x89, 0xF4,
-        0xD5, 0x64, 0x58, 0x12, 0x09, 0xA3, 0xAC, 0xA3,
-        0x17, 0x95, 0xA1, 0x24, 0xBD, 0x1B, 0xBA, 0xEA,
-        0x84, 0x67, 0x55, 0xC8, 0xEA, 0x78, 0x10, 0xEA,
-        0xA7, 0x30, 0x60, 0xE8, 0x6F, 0xB5, 0xFD, 0xF3,
-        0xFB, 0xE7, 0x2F, 0x80, 0x6B, 0xB1, 0xBF, 0xBF,
-        0xBA, 0xC0, 0xC7, 0xB1, 0x6B, 0xFE, 0x74, 0x25,
-        0x02, 0x77, 0xEC, 0xF5, 0xF5, 0x41, 0x57, 0x1B,
-        0x8A, 0x97, 0x50, 0x50, 0x91, 0x7F, 0xDF, 0x78,
-        0x1F, 0xEA, 0x17, 0xB5, 0x85, 0xE3, 0xC6, 0xDB,
-        0xFE, 0x77, 0xB1, 0xE4, 0x8A, 0x16, 0x50, 0x4C,
-        0x3A, 0x38, 0x90, 0x11, 0x56, 0x10, 0x0C, 0xAF,
-        0xEC, 0x2E, 0xD9, 0x39, 0xAE, 0x9A, 0x9E, 0xDF,
-        0xC9, 0xC0, 0xF8, 0xC7, 0xF5, 0x5C, 0xC9, 0x3E,
-        0x5D, 0xDD, 0x0B, 0x3D, 0xE1, 0xC6, 0xED, 0xAE,
-        0x2B, 0x7E, 0xE3, 0x4C, 0x61, 0x01, 0xF0, 0x11,
-        0xB5, 0x90, 0x4F, 0x69, 0x3D, 0x28, 0x63, 0x56,
-        0xB5, 0x4C, 0x86, 0xCE, 0x8B, 0xCF, 0xEA, 0x9D,
-        0xBF, 0xEC, 0x21, 0xC1, 0xEF, 0x0E, 0xCC, 0x91,
-        0x05, 0x00, 0x5B, 0xAA, 0x37, 0x7D, 0x82, 0x9D,
-        0xCA, 0x2C, 0xBF, 0x5E, 0xA5, 0xF3, 0x1B, 0x71,
-        0xD4, 0x46, 0xB8, 0x33, 0xE0, 0x06, 0x19, 0x81,
-        0x9D, 0x7F, 0xC6, 0x02, 0x40, 0x52, 0x49, 0x97,
-        0x57, 0xA2, 0x76, 0x5F, 0x19, 0xCD, 0x2B, 0x36,
-        0xC2, 0x48, 0x85, 0x99, 0xDC, 0x52, 0x47, 0x49,
-        0x4F, 0xAB, 0xE8, 0x1E, 0xEB, 0xEF, 0xD3, 0xBE,
-        0x75, 0xC4, 0x78, 0x0E, 0x43, 0xA5, 0x04, 0x18,
-        0xC5, 0xDB, 0x2F, 0xF3, 0x59, 0xC5, 0xA6, 0xDE,
-        0x28, 0x6E, 0xF5, 0x95, 0x1E, 0x27, 0x09, 0x48,
-        0x6E, 0xDC, 0x9C, 0xC4, 0x9D, 0x07, 0x24, 0xEC,
-        0xA3, 0xF2, 0xC0, 0xB7, 0x5F, 0x8A, 0x36, 0xCE,
-        0x86, 0x23, 0x88, 0xF0, 0x0B, 0x3C, 0x59, 0x3D,
-        0x1C, 0x8C, 0x6A, 0xC4, 0x5D, 0x73, 0xA7, 0x2F,
-        0xF6, 0xB4, 0xF8, 0x05, 0xB1, 0x31, 0xED, 0x4E,
-        0xAF, 0x56, 0x01, 0xD7, 0xB7, 0x3B, 0x0E, 0x37,
-        0x24, 0xE7, 0x5D, 0x58, 0xDD, 0x50, 0xF5, 0x87,
-        0x1C, 0x54, 0xA3, 0x7C, 0x14, 0x81, 0x33, 0x17,
-        0x59, 0xF4, 0xBE, 0x86, 0xFB, 0x58, 0xA2, 0xEE,
-        0x00, 0x31, 0x30, 0xF6, 0x6E, 0x18, 0x7C, 0x8B,
-        0xA5, 0x01, 0x5B, 0xE7, 0x13, 0x29, 0x65, 0x89,
-        0xAC, 0xAF, 0xBF, 0x65, 0x96, 0x89, 0x7E, 0x03,
-        0xD4, 0x92, 0x0C, 0x91, 0xF2, 0x63, 0x33, 0xB7,
-        0xBF, 0x17, 0x98, 0xAF, 0x81, 0x5C, 0x93, 0xD4,
-        0xDF, 0x55, 0xBD, 0x47, 0xA0, 0x82, 0x49, 0xBF,
-        0x11, 0x30, 0x63, 0xFB, 0xB3, 0x95, 0x03, 0xE9,
-        0xB6, 0xD4, 0x3E, 0xAC, 0x7B, 0x0C, 0x30, 0x5A
-    };
-    static const byte k_512[KYBER_SS_SZ] = {
-        0x4D, 0xDD, 0x30, 0x4E, 0x27, 0x48, 0x99, 0xBD,
-        0x82, 0x97, 0x18, 0x56, 0x82, 0x4B, 0x58, 0x71,
-        0x30, 0x92, 0x79, 0x52, 0x06, 0x01, 0x21, 0x85,
-        0x8F, 0x9A, 0xDE, 0xB9, 0x6A, 0xB7, 0xF5, 0x71
-    };
-#endif
-#ifndef WOLFSSL_NO_KYBER768
-    static const byte ek_768[KYBER768_PUBLIC_KEY_SIZE] = {
-        0x14, 0x56, 0xA2, 0xEE, 0x8C, 0x35, 0x56, 0x05,
-        0x4A, 0xBC, 0x79, 0xB4, 0x88, 0x2C, 0x31, 0x90,
-        0xE5, 0xCA, 0x72, 0x6A, 0xB4, 0x02, 0xE5, 0xB0,
-        0x97, 0x28, 0xC0, 0xF4, 0xF7, 0x9C, 0x9F, 0xC2,
-        0xAD, 0xD8, 0x28, 0xAB, 0xE4, 0x32, 0xB1, 0x50,
-        0x1B, 0x60, 0xF4, 0x6C, 0xCB, 0xC8, 0x6A, 0x33,
-        0x78, 0xC3, 0x48, 0x95, 0x70, 0x8A, 0x13, 0x67,
-        0x1B, 0x20, 0xB3, 0x89, 0x47, 0x9A, 0xAA, 0x01,
-        0xC6, 0x9D, 0x6B, 0x3B, 0x7D, 0x07, 0xD1, 0xC3,
-        0xAB, 0x54, 0xB9, 0x1C, 0x58, 0x0F, 0x5A, 0x33,
-        0x6B, 0x30, 0x06, 0x9A, 0x4F, 0x13, 0x4F, 0xFD,
-        0x37, 0x64, 0xCE, 0x73, 0xA0, 0x47, 0xE2, 0x84,
-        0x47, 0x71, 0x74, 0x2B, 0xF4, 0x71, 0x0B, 0x97,
-        0x2D, 0x4F, 0x65, 0x90, 0xA1, 0xC5, 0x3A, 0x97,
-        0x53, 0x68, 0xC2, 0x71, 0xB6, 0x70, 0xF1, 0xA4,
-        0x03, 0x64, 0x41, 0x05, 0x4A, 0x66, 0xE8, 0x81,
-        0x59, 0x97, 0x51, 0x22, 0x88, 0x55, 0x2F, 0xD7,
-        0x14, 0x9F, 0xFB, 0x70, 0x5A, 0xAE, 0x13, 0x3F,
-        0x84, 0x14, 0x06, 0x0D, 0x00, 0x92, 0xFA, 0x8A,
-        0x16, 0x27, 0xD7, 0x8A, 0xB2, 0xAB, 0xC6, 0x69,
-        0x62, 0x88, 0xBA, 0xF5, 0xC6, 0x0E, 0xF3, 0x70,
-        0x82, 0x7A, 0x7E, 0xFA, 0x72, 0xAE, 0x5C, 0x67,
-        0x41, 0xA5, 0xDA, 0x04, 0x3D, 0x59, 0x40, 0xF1,
-        0x21, 0x48, 0x53, 0x72, 0xA9, 0x8F, 0x47, 0x2D,
-        0x60, 0xF0, 0x5F, 0x74, 0xD9, 0x5F, 0x01, 0xA1,
-        0x99, 0x1E, 0x73, 0xA3, 0xE0, 0xA9, 0x53, 0x64,
-        0x67, 0xA4, 0x73, 0x8A, 0xB4, 0xCF, 0x38, 0x5B,
-        0xA7, 0x72, 0x82, 0x7E, 0xB8, 0xCC, 0x05, 0x8B,
-        0x35, 0x72, 0xE4, 0x0B, 0x59, 0x84, 0x44, 0xC1,
-        0x81, 0xC7, 0xF6, 0xD9, 0xB7, 0x60, 0xA7, 0xB9,
-        0x07, 0x09, 0x2E, 0x9C, 0x33, 0x51, 0xEA, 0x23,
-        0x4E, 0x44, 0x49, 0xBD, 0x9B, 0x61, 0xA1, 0x34,
-        0x65, 0x4E, 0x2D, 0xA1, 0x91, 0xFF, 0x07, 0x93,
-        0x96, 0x15, 0x69, 0xD3, 0x59, 0x44, 0x48, 0xBB,
-        0xC2, 0x58, 0x69, 0x99, 0xA6, 0x67, 0x1E, 0xFC,
-        0xA9, 0x57, 0xF3, 0xA6, 0x69, 0x9A, 0x4A, 0x1B,
-        0x2F, 0x47, 0x07, 0xAB, 0xA0, 0xB2, 0xDB, 0x20,
-        0x11, 0x4F, 0xE6, 0x8A, 0x4E, 0x28, 0x15, 0xAF,
-        0x3A, 0xAC, 0x4B, 0x8C, 0x6B, 0xE5, 0x64, 0x8C,
-        0x50, 0xCC, 0x35, 0xC2, 0x7C, 0x57, 0x28, 0x80,
-        0x28, 0xD3, 0x61, 0x70, 0x8D, 0x30, 0x2E, 0xEB,
-        0xB8, 0x60, 0xBE, 0xE6, 0x91, 0xF6, 0x56, 0xA2,
-        0x55, 0x0C, 0xB3, 0x21, 0xE9, 0x29, 0x3D, 0x75,
-        0x16, 0xC5, 0x99, 0x81, 0x7B, 0x76, 0x6B, 0xA9,
-        0x28, 0xB1, 0x08, 0x77, 0x9A, 0x1C, 0x87, 0x12,
-        0xE7, 0x4C, 0x76, 0x84, 0x1A, 0xC5, 0x8B, 0x8C,
-        0x51, 0x5B, 0xF4, 0x74, 0x9B, 0xF7, 0x15, 0x98,
-        0x44, 0x45, 0xB2, 0xB5, 0x30, 0x63, 0x38, 0x40,
-        0x01, 0xE5, 0x5F, 0x68, 0x86, 0x7B, 0x1A, 0xF4,
-        0x6C, 0xA7, 0x0C, 0xA8, 0xEA, 0x74, 0x17, 0x2D,
-        0xB8, 0x0B, 0x52, 0x18, 0xBD, 0xE4, 0xF0, 0x0A,
-        0x0E, 0x65, 0x8D, 0xB5, 0xA1, 0x8D, 0x94, 0xE1,
-        0x42, 0x7A, 0xF7, 0xAE, 0x35, 0x8C, 0xCE, 0xB2,
-        0x38, 0x77, 0x2F, 0xCC, 0x83, 0xF1, 0x08, 0x28,
-        0xA4, 0xA3, 0x67, 0xD4, 0x2C, 0x4C, 0xB6, 0x93,
-        0x3F, 0xDD, 0x1C, 0x1C, 0x7B, 0x86, 0xAD, 0x8B,
-        0x00, 0x96, 0x57, 0xA9, 0x62, 0x22, 0xD7, 0xBA,
-        0x92, 0xF5, 0x27, 0xAF, 0x87, 0x79, 0x70, 0xA8,
-        0x32, 0x47, 0xF4, 0x7A, 0x23, 0xFC, 0x22, 0x85,
-        0x11, 0x8B, 0x57, 0x71, 0x77, 0x15, 0x20, 0x46,
-        0x74, 0xDA, 0x9C, 0x94, 0xB6, 0x2B, 0xC7, 0x83,
-        0x8C, 0xF8, 0x72, 0x00, 0x15, 0x6B, 0x26, 0xBA,
-        0x46, 0x71, 0x15, 0x99, 0x31, 0xC4, 0x93, 0x22,
-        0xD8, 0x06, 0x71, 0xA0, 0xF3, 0x32, 0xEA, 0xA2,
-        0xBB, 0xF8, 0x93, 0xBE, 0x40, 0x8B, 0x9E, 0xAC,
-        0x6A, 0x50, 0x54, 0x83, 0xAA, 0x90, 0x75, 0xBD,
-        0x13, 0x68, 0xB5, 0x1F, 0x99, 0x21, 0x1F, 0x48,
-        0x0A, 0x9C, 0x54, 0x2A, 0x75, 0xB5, 0xBE, 0x08,
-        0xE4, 0x3A, 0xDA, 0xF3, 0x01, 0xDD, 0x72, 0x9A,
-        0x85, 0x95, 0x40, 0x10, 0xE6, 0x48, 0x92, 0xA2,
-        0xAA, 0x4F, 0x15, 0xC0, 0xBD, 0x70, 0xB3, 0xD8,
-        0x56, 0x49, 0x4F, 0xF9, 0xBA, 0x0F, 0xE4, 0xCE,
-        0x12, 0x99, 0x1C, 0xA0, 0x6B, 0x5E, 0x3D, 0x0B,
-        0x2A, 0xF1, 0xF7, 0x97, 0xB7, 0xA2, 0xB7, 0x60,
-        0x91, 0x0A, 0xE9, 0xF8, 0x33, 0xD0, 0xD4, 0x26,
-        0x7A, 0x58, 0x05, 0x2C, 0x29, 0x90, 0xF1, 0x61,
-        0xB8, 0x86, 0xE2, 0x51, 0x71, 0x1C, 0x09, 0xD0,
-        0x85, 0xC3, 0xD9, 0x58, 0xB1, 0x44, 0x19, 0x2C,
-        0x9C, 0xC3, 0x22, 0x4A, 0x46, 0x07, 0x15, 0xB6,
-        0x78, 0x4E, 0xB0, 0xB2, 0x6F, 0x23, 0x71, 0x87,
-        0x50, 0x7D, 0x85, 0xC5, 0x11, 0x0A, 0xCC, 0x71,
-        0xCE, 0x47, 0x19, 0x8F, 0x25, 0x45, 0x53, 0x35,
-        0x6D, 0xAB, 0x44, 0x8C, 0x38, 0xD2, 0x43, 0xA7,
-        0xC0, 0x2B, 0xE4, 0x0C, 0x90, 0x8C, 0x82, 0x8D,
-        0x05, 0xC0, 0x81, 0xDF, 0xAB, 0x8F, 0xC6, 0xB5,
-        0xCF, 0xE7, 0xD5, 0x6E, 0x73, 0x17, 0x15, 0x7D,
-        0xC0, 0x53, 0xB2, 0xB3, 0x48, 0x99, 0x86, 0xB0,
-        0x81, 0x28, 0x88, 0x71, 0x81, 0x85, 0x85, 0xE0,
-        0x99, 0x31, 0x09, 0x5E, 0x32, 0x74, 0xA0, 0x84,
-        0x11, 0x5B, 0xE2, 0x76, 0x43, 0x82, 0x54, 0xA7,
-        0x96, 0x27, 0x0A, 0x7B, 0x43, 0x06, 0xF0, 0x8B,
-        0x98, 0xD9, 0xC2, 0xAA, 0xEC, 0xF7, 0x06, 0x5E,
-        0x74, 0x44, 0x6B, 0x7C, 0x69, 0x6D, 0xBA, 0xAF,
-        0x8B, 0x46, 0x25, 0xA1, 0x0B, 0x07, 0x82, 0x7B,
-        0x4A, 0x8B, 0xAB, 0xAB, 0x09, 0xB6, 0x4A, 0xE1,
-        0xC3, 0x75, 0xBB, 0x78, 0x54, 0x41, 0xF3, 0x19,
-        0xFB, 0x9A, 0xC2, 0xF1, 0x4C, 0x95, 0xFF, 0xB2,
-        0x52, 0xAB, 0xBB, 0x80, 0x9C, 0x69, 0x09, 0xCD,
-        0x97, 0x70, 0x6E, 0x40, 0x69, 0x1C, 0xBA, 0x61,
-        0xC9, 0x25, 0x2B, 0xD3, 0x8A, 0x04, 0x31, 0x1C,
-        0xA5, 0xBB, 0x2C, 0xA7, 0x95, 0x78, 0x34, 0x75,
-        0x05, 0xD0, 0x88, 0x88, 0x51, 0xE0, 0x82, 0x64,
-        0x8B, 0xD0, 0x03, 0xBE, 0x97, 0xC0, 0xF8, 0xF6,
-        0x67, 0x59, 0xEC, 0x96, 0xA9, 0x6A, 0x08, 0x1C,
-        0x68, 0x22, 0xC4, 0x51, 0x05, 0x59, 0x53, 0x70,
-        0x42, 0xFC, 0x15, 0xF0, 0x69, 0xA6, 0x49, 0xB7,
-        0x4A, 0x10, 0x96, 0x1B, 0x35, 0x4A, 0x1F, 0x62,
-        0x5B, 0x04, 0xE2, 0x5B, 0x29, 0x3C, 0xF6, 0x5F,
-        0xB4, 0xF5, 0x3A, 0x80, 0xCC, 0x73, 0x3D, 0x7A,
-        0x17, 0x57, 0x75, 0xBF, 0x8A, 0x9A, 0xBB, 0x92,
-        0x01, 0x62, 0x0E, 0x83, 0xA7, 0xF3, 0xE7, 0x24,
-        0xD1, 0x28, 0x7D, 0xBC, 0x44, 0xBD, 0xD5, 0xD8,
-        0x5F, 0xC7, 0x15, 0x45, 0xA9, 0x27, 0xBE, 0xED,
-        0xE5, 0x37, 0xA7, 0x76, 0x87, 0x35, 0xCC, 0x14,
-        0x86, 0xC7, 0xC3, 0xF3, 0x11, 0x04, 0xDB, 0x67,
-        0x34, 0x3F, 0x43, 0x5D, 0x2D, 0x45, 0x55, 0x4B,
-        0xAA, 0xC9, 0xCD, 0xB5, 0x82, 0x2E, 0x84, 0x22,
-        0xAE, 0x83, 0x21, 0xC7, 0x8A, 0xBE, 0x9F, 0x26,
-        0x1F, 0xD4, 0x81, 0x0A, 0x79, 0xE3, 0x3E, 0x94,
-        0xE6, 0x3B, 0x33, 0x41, 0x87, 0x2C, 0x92, 0x25,
-        0x35, 0x21, 0x99, 0x7C, 0x08, 0x4F, 0xBC, 0x06,
-        0x0B, 0x8B, 0x12, 0x5C, 0xCC, 0x88, 0xAC, 0x85,
-        0xAC, 0x5F, 0xE3, 0x16, 0x8A, 0xCB, 0x05, 0x9B,
-        0x3F, 0x11, 0x9C, 0x4E, 0x05, 0x0A, 0x20, 0x73,
-        0x2F, 0x50, 0x1B, 0xB9, 0xB3, 0xE6, 0x87, 0xC8,
-        0x46, 0xB5, 0xC2, 0x65, 0x3F, 0x88, 0x86, 0x37,
-        0x3E, 0x10, 0x04, 0xA2, 0xAB, 0x8D, 0x1B, 0xB9,
-        0x70, 0xA7, 0xE5, 0x71, 0xD8, 0xA4, 0x6E, 0xE8,
-        0x1B, 0x78, 0x2F, 0x26, 0x94, 0x2D, 0xD3, 0x94,
-        0xFD, 0xD9, 0xA5, 0xE4, 0xC5, 0x63, 0x1D, 0x98,
-        0x55, 0x28, 0x60, 0x4B, 0x1C, 0xC9, 0x76, 0x27,
-        0x5B, 0x6A, 0xC8, 0xA6, 0x7C, 0xEE, 0xC1, 0x0F,
-        0xFA, 0xCB, 0xBA, 0x3D, 0x3B, 0xB1, 0x41, 0x32,
-        0x1D, 0xFC, 0x3C, 0x92, 0x31, 0xFC, 0x96, 0xE4,
-        0x48, 0xB9, 0xAB, 0x84, 0x70, 0x21, 0xE2, 0xC8,
-        0xD9, 0x0C, 0x6B, 0xCA, 0xF2, 0xB1, 0x24, 0x07,
-        0x83, 0xB6, 0x2C, 0x79, 0xDE, 0xDC, 0x07, 0x2A,
-        0x57, 0x63, 0xE6, 0x60, 0xAF, 0x2C, 0x27, 0xC3,
-        0xF0, 0xC3, 0xC0, 0x92, 0x07, 0xCA, 0xD9, 0x90,
-        0xBB, 0x41, 0xA7, 0xBF, 0xCE, 0xC9, 0x9F, 0x51,
-        0x59, 0x6A, 0x0E, 0x83, 0x77, 0x8F, 0x85, 0xC0,
-        0x06, 0xAC, 0x6D, 0x1F, 0xE9, 0x81, 0xB4, 0xC4,
-        0xBA, 0x1C, 0xB5, 0x75, 0xA7, 0xD0, 0x7A, 0xE2,
-        0xD3, 0x1B, 0xA7, 0x60, 0x09, 0x5F, 0x74, 0xBC,
-        0x16, 0x38, 0x41, 0xCF, 0x8F, 0xF7, 0x7F, 0x89,
-        0x4A, 0xBC, 0x6D, 0x26, 0x1E, 0xD8, 0x7A, 0x45,
-        0x30, 0x36, 0x3B, 0x94, 0x9C, 0x4A, 0xD2, 0x4E,
-        0xFB, 0x3A, 0x56, 0x80, 0x94, 0x78, 0xDD, 0xA2
-    };
-    static const byte seed_768[KYBER_ENC_RAND_SZ] = {
-        0x40, 0xBE, 0x9D, 0xCA, 0xC1, 0x6E, 0x9C, 0xA7,
-        0x3D, 0x49, 0xD0, 0xC8, 0x3F, 0x9D, 0x3D, 0x89,
-        0xBB, 0x71, 0x57, 0x4A, 0x42, 0x19, 0xA0, 0xF3,
-        0x93, 0xDF, 0xEC, 0xE2, 0x98, 0x83, 0x94, 0xC4
-    };
-    static const byte c_768[KYBER768_CIPHER_TEXT_SIZE] = {
-        0x77, 0x8D, 0x6B, 0x03, 0x79, 0x1A, 0xCA, 0xF5,
-        0x6C, 0xAA, 0xFC, 0xC7, 0x8C, 0xEE, 0x5C, 0xBC,
-        0xA1, 0xDE, 0x87, 0x37, 0xE9, 0xC7, 0xFF, 0x4A,
-        0xE5, 0xF3, 0x84, 0xD3, 0x44, 0xE0, 0x82, 0x23,
-        0xC7, 0x4C, 0x82, 0x4C, 0xB5, 0x84, 0x85, 0x20,
-        0x51, 0x7C, 0x7F, 0x0E, 0xA0, 0x64, 0x5E, 0xB6,
-        0xF8, 0x89, 0x51, 0x7A, 0xE5, 0x21, 0x6B, 0x0C,
-        0xF4, 0x1D, 0xDC, 0x3F, 0x0D, 0x1D, 0xF9, 0xBC,
-        0x6E, 0x4D, 0xEC, 0xB2, 0x36, 0xA5, 0xEA, 0x8B,
-        0x21, 0x4F, 0x64, 0x26, 0x6D, 0x3C, 0xDE, 0x08,
-        0xE0, 0xCB, 0x00, 0xE5, 0xD9, 0x1F, 0x58, 0x67,
-        0x06, 0xB1, 0xEE, 0x53, 0x3D, 0x20, 0x47, 0x6F,
-        0x44, 0x23, 0xB7, 0x8F, 0x91, 0x6B, 0x17, 0x26,
-        0xEE, 0xEA, 0x95, 0x9F, 0xFB, 0x9A, 0xC6, 0x34,
-        0xD0, 0x4A, 0x94, 0xD0, 0x99, 0x23, 0xCB, 0x0D,
-        0x4E, 0x73, 0x0C, 0xCA, 0x41, 0x44, 0xE7, 0xC4,
-        0x88, 0x49, 0x21, 0x65, 0x2D, 0xA4, 0x92, 0x8C,
-        0x68, 0xE6, 0x44, 0xF6, 0x73, 0xCF, 0xC5, 0x7D,
-        0x3E, 0x87, 0xCF, 0x5B, 0xE5, 0x81, 0xA8, 0x9F,
-        0x9C, 0xB8, 0xF0, 0xFC, 0xE2, 0x78, 0x2D, 0x68,
-        0x1E, 0x5C, 0xE8, 0x8A, 0xF5, 0x84, 0x58, 0xC3,
-        0xD6, 0x3D, 0x80, 0x75, 0x72, 0xDE, 0x5A, 0xA8,
-        0xE1, 0xFA, 0xF2, 0xDC, 0xD1, 0x4E, 0xDB, 0x73,
-        0x49, 0x56, 0x5B, 0x7D, 0x32, 0x71, 0xDD, 0xBE,
-        0xB0, 0xB6, 0xCC, 0x7A, 0xFE, 0x08, 0x63, 0x57,
-        0x84, 0x31, 0x11, 0x59, 0x73, 0x3C, 0x46, 0xE5,
-        0xFD, 0xC5, 0xE0, 0xCD, 0x36, 0xCE, 0x56, 0x85,
-        0xAC, 0xFB, 0x1A, 0xFE, 0x50, 0xAB, 0xB4, 0x6F,
-        0x44, 0x75, 0x21, 0xE6, 0x0D, 0x9C, 0x8F, 0x0E,
-        0x4C, 0xA2, 0x8C, 0x19, 0x0A, 0xBB, 0x40, 0xC3,
-        0x65, 0xF4, 0x12, 0x47, 0x1E, 0x95, 0xA8, 0xEA,
-        0x39, 0x6D, 0x4B, 0xD8, 0x07, 0x0E, 0xEB, 0x1F,
-        0x02, 0xB0, 0x7C, 0x82, 0x53, 0x67, 0xAA, 0x1E,
-        0xC0, 0xF1, 0x0C, 0x38, 0x62, 0x41, 0x6B, 0xB2,
-        0x1A, 0xD6, 0xCA, 0x74, 0x8A, 0x86, 0xE9, 0x82,
-        0x9E, 0xFC, 0x1A, 0x04, 0x99, 0x09, 0x3C, 0x85,
-        0x17, 0x6D, 0x37, 0xF5, 0x74, 0xC7, 0x5C, 0xF5,
-        0xED, 0xFA, 0x8D, 0x92, 0x0D, 0x32, 0x68, 0xCB,
-        0x34, 0xC6, 0xA4, 0xBB, 0x00, 0x02, 0x86, 0x9B,
-        0xC0, 0x5D, 0x7C, 0x8F, 0xCC, 0x06, 0x58, 0xD4,
-        0xA0, 0x1E, 0xAC, 0xD7, 0x45, 0x57, 0xA3, 0x7D,
-        0x98, 0xA7, 0x63, 0x07, 0x47, 0x52, 0xDF, 0xDD,
-        0x64, 0x29, 0x88, 0x1C, 0xAF, 0xF5, 0x77, 0xD3,
-        0xA0, 0x48, 0x03, 0x1B, 0xD5, 0x2C, 0x4E, 0x97,
-        0x26, 0x39, 0x85, 0x90, 0xF9, 0x51, 0x9F, 0xD5,
-        0x94, 0x05, 0xD6, 0xB3, 0xC3, 0x07, 0xAF, 0xCB,
-        0x16, 0x8A, 0x98, 0x57, 0x85, 0xD9, 0x54, 0xA6,
-        0xD1, 0xDC, 0x1E, 0xA9, 0x2E, 0x1E, 0xB6, 0xF9,
-        0x46, 0xA4, 0xD9, 0x9D, 0xD6, 0xCA, 0x30, 0x7A,
-        0xBF, 0xD8, 0x36, 0x2F, 0xAB, 0xA9, 0x8B, 0xB2,
-        0x64, 0xC6, 0x9C, 0x5F, 0x55, 0x5D, 0x60, 0x88,
-        0x3C, 0xC5, 0x60, 0x19, 0xFE, 0xB4, 0xE8, 0x00,
-        0x0C, 0x48, 0xB7, 0xE6, 0x8C, 0xD6, 0x67, 0xF0,
-        0x0B, 0x52, 0x50, 0xCE, 0xF2, 0x93, 0xA4, 0xA9,
-        0xE7, 0x78, 0x72, 0x6E, 0x62, 0xF1, 0x20, 0x36,
-        0x1E, 0x21, 0xAB, 0x31, 0x40, 0x46, 0x4C, 0xDC,
-        0x6A, 0xBD, 0xE9, 0xEA, 0x05, 0x19, 0x8D, 0x8B,
-        0x3B, 0xB6, 0x71, 0xB9, 0x11, 0x1A, 0x2F, 0x31,
-        0x75, 0x82, 0x84, 0x7C, 0xA5, 0x01, 0x56, 0x64,
-        0xF2, 0x2C, 0xDB, 0x08, 0xC1, 0x43, 0x18, 0x7B,
-        0xDE, 0x21, 0x29, 0xB5, 0x4F, 0x34, 0x16, 0x02,
-        0x95, 0xD7, 0x5F, 0xE9, 0xA4, 0x94, 0xFD, 0x7E,
-        0x67, 0xAA, 0xA7, 0x6B, 0x57, 0xAA, 0xFF, 0xD8,
-        0x9D, 0x01, 0xA7, 0x1D, 0xF5, 0xC8, 0x15, 0x86,
-        0x20, 0x29, 0x8D, 0x58, 0x2B, 0xBE, 0xFA, 0x6D,
-        0x09, 0xAC, 0x41, 0x2A, 0x99, 0xAA, 0x3B, 0xE9,
-        0xC3, 0x83, 0x50, 0x49, 0x48, 0xC4, 0x3D, 0xD5,
-        0xAF, 0x41, 0x27, 0xB1, 0x43, 0x58, 0x04, 0xF4,
-        0x4B, 0xAF, 0xA1, 0x42, 0xBF, 0xC2, 0xA9, 0x5D,
-        0x95, 0xFB, 0x2E, 0xF0, 0x64, 0x1A, 0xBE, 0x71,
-        0x06, 0x4D, 0xE5, 0x1D, 0x6B, 0x9E, 0xC5, 0x08,
-        0x57, 0xB8, 0xEE, 0xF7, 0xF4, 0x80, 0x36, 0x31,
-        0x3D, 0x0E, 0x93, 0x67, 0x63, 0xB8, 0xF7, 0xBD,
-        0xE6, 0x9B, 0x06, 0x4D, 0xD5, 0x76, 0x1D, 0x80,
-        0xEA, 0x6F, 0x1A, 0x8B, 0x37, 0x56, 0x57, 0x53,
-        0xC5, 0x79, 0xBB, 0xB8, 0x95, 0xEF, 0xB9, 0xFC,
-        0xB3, 0xFC, 0x5F, 0xA3, 0x36, 0x2E, 0x37, 0x74,
-        0xF0, 0xF7, 0x71, 0x40, 0xB9, 0x73, 0xCA, 0xE5,
-        0x87, 0xBA, 0xD2, 0xF3, 0xB5, 0x66, 0xA9, 0xC2,
-        0x5A, 0x96, 0x93, 0x47, 0xE5, 0xC5, 0x4F, 0x87,
-        0xF1, 0x10, 0x5E, 0x9C, 0x07, 0x48, 0x67, 0xD9,
-        0x40, 0x77, 0xCC, 0xAE, 0x3A, 0xBE, 0xA5, 0x45,
-        0x20, 0xED, 0xB5, 0x1D, 0x9D, 0xAA, 0xBE, 0x78,
-        0x48, 0xE7, 0x8F, 0xDF, 0x66, 0xE0, 0x7E, 0x2E,
-        0x22, 0xB3, 0x02, 0x51, 0x93, 0x1E, 0x89, 0x0B,
-        0xAF, 0x1F, 0x5E, 0x17, 0x7D, 0x4D, 0x9C, 0xEC,
-        0x9E, 0x49, 0x69, 0x48, 0x1F, 0xD7, 0xC1, 0x33,
-        0x5A, 0x0E, 0xD5, 0x87, 0x9F, 0x34, 0xEF, 0x4B,
-        0xB4, 0xF6, 0x6C, 0x28, 0x80, 0x3C, 0xEA, 0x16,
-        0x2B, 0xA4, 0x61, 0x50, 0x6D, 0x52, 0xEB, 0x3A,
-        0xE1, 0x69, 0x51, 0x92, 0x2B, 0x06, 0x82, 0x51,
-        0x86, 0xC3, 0xD4, 0xCE, 0x1B, 0x51, 0xF3, 0xC9,
-        0x2F, 0x3C, 0x52, 0xF2, 0xD0, 0x4D, 0x1F, 0x13,
-        0xB2, 0xB1, 0x7C, 0x9E, 0xEB, 0x88, 0x2C, 0xCE,
-        0x0E, 0xB8, 0x8B, 0x7E, 0xA9, 0xA1, 0xCE, 0x4E,
-        0x37, 0x41, 0x5C, 0xC8, 0x4C, 0x7B, 0xC4, 0x36,
-        0xA4, 0x62, 0x83, 0x86, 0xCC, 0x77, 0xD9, 0xAF,
-        0xD2, 0x07, 0x91, 0x1B, 0xD9, 0xBF, 0xD8, 0xA7,
-        0xFA, 0x05, 0xC2, 0x75, 0xBE, 0x0C, 0x4C, 0x6A,
-        0x8F, 0xC0, 0xA6, 0x1B, 0xDA, 0x1D, 0x67, 0xAE,
-        0x33, 0xB5, 0x31, 0x0B, 0xE1, 0x29, 0x0D, 0xC7,
-        0x1C, 0x14, 0x18, 0xEB, 0x57, 0x44, 0xBF, 0x28,
-        0x42, 0xC1, 0x65, 0x21, 0x73, 0xA4, 0x9A, 0x69,
-        0x2E, 0x71, 0xFE, 0x43, 0x25, 0x8A, 0x20, 0x5B,
-        0x3C, 0xAA, 0xB9, 0x0C, 0x03, 0x04, 0xA5, 0x1E,
-        0x77, 0xD0, 0x1B, 0x40, 0x4A, 0x01, 0xFA, 0xE2,
-        0xF8, 0x3A, 0xB8, 0x0C, 0x5D, 0xBF, 0x6C, 0xF5,
-        0x18, 0xC0, 0x01, 0xF4, 0x6A, 0x63, 0x3F, 0xA1,
-        0x69, 0xB1, 0xBD, 0xB7, 0x7A, 0x9D, 0x0B, 0x1E,
-        0x0C, 0x00, 0x78, 0x35, 0xC0, 0x9F, 0x6A, 0xBB,
-        0xA9, 0x6F, 0x3F, 0x53, 0x56, 0x4D, 0xA5, 0x08,
-        0xEE, 0x88, 0x61, 0xA4, 0x83, 0xA8, 0x17, 0x49,
-        0xD4, 0xA4, 0x46, 0x72, 0xB1, 0xEF, 0x16, 0x05,
-        0xF2, 0x9D, 0x16, 0x8B, 0x74, 0xB7, 0x36, 0xB4,
-        0xF1, 0x35, 0x01, 0xD7, 0xAD, 0x12, 0x13, 0x11,
-        0x8A, 0x78, 0x32, 0xE6, 0x66, 0xA5, 0x0B, 0xE8,
-        0x01, 0x0D, 0x54, 0x32, 0x2A, 0x52, 0x6C, 0xF7,
-        0xA4, 0xE5, 0x43, 0xA7, 0x9D, 0x0D, 0x98, 0xE0,
-        0x04, 0xFB, 0xEC, 0x76, 0xEA, 0x3F, 0x7E, 0x88,
-        0x7B, 0xDB, 0xAF, 0x50, 0xDA, 0xDF, 0xDD, 0xDF,
-        0x3F, 0xFE, 0xCF, 0x6D, 0x3F, 0x77, 0xEA, 0x4B,
-        0x9B, 0x16, 0xDC, 0x75, 0x4F, 0x4A, 0x68, 0xE5,
-        0xEF, 0x32, 0xF6, 0xA1, 0x37, 0xE7, 0xC9, 0xE3,
-        0xC3, 0xE8, 0xC2, 0xE2, 0x36, 0xC7, 0xEB, 0xC4,
-        0x5D, 0x46, 0xEC, 0x16, 0x77, 0xA5, 0xA8, 0xBB,
-        0x26, 0x68, 0x44, 0x3B, 0x0B, 0xE8, 0x69, 0x3D,
-        0xC2, 0x57, 0xF1, 0x3D, 0x8B, 0x9A, 0x90, 0x10,
-        0x0B, 0x92, 0xB4, 0xD1, 0x76, 0x1B, 0x81, 0x96,
-        0x73, 0x83, 0x2C, 0x32, 0x02, 0x06, 0x71, 0xBF,
-        0xB3, 0xD0, 0x22, 0x0A, 0x36, 0x3E, 0x4B, 0xED,
-        0x6D, 0x64, 0x9D, 0x3F, 0x73, 0x68, 0xCF, 0xE0,
-        0x81, 0xE1, 0x96, 0xA4, 0x3D, 0x47, 0x08, 0x79,
-        0x8E, 0x31, 0xBB, 0x2A, 0x2F, 0x61, 0x82, 0x46,
-        0x74, 0xAB, 0xA2, 0xFC, 0x9D, 0xCD, 0x05, 0xDB,
-        0x84, 0xB8, 0x62, 0x7A, 0xE1, 0x14, 0x88, 0x88,
-        0x6F, 0x92, 0x1B, 0xC7, 0x9A, 0xE1, 0xFD, 0x03
-    };
-    static const byte k_768[KYBER_SS_SZ] = {
-        0x61, 0x6E, 0x0B, 0x75, 0x3A, 0x3B, 0x7F, 0x40,
-        0xFE, 0xF9, 0xA3, 0x89, 0xF5, 0x8F, 0x16, 0xBF,
-        0xBB, 0x04, 0x62, 0x29, 0x41, 0xD2, 0x46, 0x4B,
-        0xDA, 0xE7, 0x67, 0x82, 0x0D, 0xFA, 0xC3, 0x8E
-    };
-#endif
-#ifndef WOLFSSL_NO_KYBER1024
-    static const byte ek_1024[KYBER1024_PUBLIC_KEY_SIZE] = {
-        0x27, 0x66, 0x9A, 0x66, 0x76, 0x67, 0xB8, 0xD5,
-        0x46, 0x68, 0x58, 0x60, 0x22, 0x60, 0x11, 0x5B,
-        0x62, 0x09, 0xBC, 0x2C, 0x45, 0xDF, 0x7A, 0x4E,
-        0x64, 0x93, 0x2B, 0x75, 0xC7, 0x8B, 0x9F, 0x70,
-        0x83, 0xF1, 0x31, 0xBC, 0xD4, 0xE2, 0x0E, 0xFF,
-        0x8C, 0xCF, 0x69, 0x73, 0x6B, 0xDB, 0xC8, 0x84,
-        0x06, 0xF9, 0xB6, 0x9A, 0xD3, 0xCE, 0x35, 0x6A,
-        0x0F, 0x5E, 0x67, 0x6D, 0xD0, 0xA7, 0xC4, 0xAB,
-        0xB1, 0xA1, 0xC9, 0xD6, 0x20, 0x21, 0xBB, 0x38,
-        0x4A, 0x40, 0x14, 0xFB, 0x04, 0xCD, 0x2F, 0x82,
-        0x18, 0x90, 0xD9, 0x04, 0x27, 0xC4, 0x9F, 0x4A,
-        0x62, 0x8E, 0xCE, 0xC2, 0x73, 0x1F, 0xAC, 0x02,
-        0x52, 0x37, 0x36, 0x0D, 0x58, 0x2C, 0xD0, 0x66,
-        0x47, 0xB1, 0x10, 0x9A, 0xA6, 0xC2, 0xAC, 0x5D,
-        0x43, 0x37, 0x58, 0xC1, 0xCA, 0xA5, 0x35, 0x55,
-        0xFF, 0xF5, 0x77, 0xEB, 0xB5, 0x21, 0xFB, 0xE3,
-        0x2D, 0x10, 0xF7, 0x90, 0x60, 0x4C, 0x53, 0xC2,
-        0xF8, 0x2C, 0x17, 0xB0, 0x8E, 0xF3, 0x62, 0x56,
-        0x74, 0x21, 0x48, 0x44, 0x90, 0x6D, 0xB3, 0xFB,
-        0x95, 0x20, 0x03, 0x14, 0x22, 0xA1, 0x3B, 0xD7,
-        0x61, 0x2D, 0x42, 0x01, 0xC2, 0x7D, 0x15, 0xB9,
-        0xD1, 0x94, 0x83, 0x0C, 0xC3, 0x66, 0x9B, 0xB8,
-        0xBA, 0x34, 0xC2, 0x52, 0x37, 0x64, 0x41, 0x39,
-        0x71, 0xC4, 0x0D, 0x84, 0xAE, 0xE6, 0x56, 0x75,
-        0xD5, 0x21, 0x53, 0x09, 0xDA, 0x83, 0x67, 0xF0,
-        0x01, 0x49, 0x75, 0x46, 0xEC, 0xE0, 0x7C, 0xBF,
-        0x00, 0x2D, 0x78, 0x1B, 0x83, 0x06, 0x82, 0x48,
-        0x40, 0x80, 0xAD, 0x6F, 0x95, 0x58, 0xB3, 0x6B,
-        0x6B, 0xF6, 0x10, 0x91, 0x71, 0x30, 0xB7, 0x41,
-        0x9B, 0x39, 0xF8, 0x50, 0x29, 0x62, 0x12, 0x64,
-        0xCF, 0x2C, 0x8A, 0xE4, 0xD8, 0x08, 0x38, 0x7B,
-        0x20, 0xCC, 0x5A, 0xA0, 0xB9, 0x69, 0xC3, 0x9B,
-        0xC8, 0x0E, 0x6C, 0xB9, 0xCA, 0x03, 0x51, 0xA3,
-        0xF6, 0x0A, 0xCE, 0xAF, 0x12, 0xBD, 0x41, 0xFA,
-        0x09, 0x96, 0xE3, 0x99, 0x06, 0xA9, 0xB6, 0x16,
-        0x97, 0xB7, 0x47, 0xC2, 0x03, 0x1C, 0x76, 0x02,
-        0x88, 0x36, 0x44, 0x57, 0x42, 0x5B, 0xBB, 0xB4,
-        0x0F, 0x48, 0x98, 0xAD, 0x08, 0x58, 0x76, 0x60,
-        0x8A, 0x77, 0xA5, 0xEB, 0x9D, 0x12, 0x4B, 0xC9,
-        0x92, 0x26, 0x51, 0xB7, 0x63, 0x95, 0x88, 0x15,
-        0x58, 0xCA, 0xD0, 0x6F, 0x3C, 0x4B, 0xCF, 0x08,
-        0xE4, 0x5B, 0x67, 0xBA, 0x51, 0x60, 0x38, 0xA3,
-        0x64, 0xB7, 0x74, 0x0E, 0x97, 0x40, 0xEE, 0x2B,
-        0x93, 0xC5, 0xC6, 0x5F, 0x49, 0x02, 0x0A, 0xD4,
-        0x2B, 0x3C, 0x0A, 0xEA, 0x5B, 0xF2, 0x42, 0xA4,
-        0xF1, 0xB0, 0x89, 0xB5, 0xA3, 0x45, 0x8B, 0xE8,
-        0xA3, 0x71, 0xCA, 0x1F, 0x29, 0x3C, 0x53, 0xF2,
-        0x78, 0x0E, 0xCE, 0x28, 0x12, 0x93, 0xD9, 0x91,
-        0xE6, 0xE5, 0x79, 0x04, 0x2B, 0xAB, 0xC1, 0x69,
-        0x72, 0x4F, 0x10, 0x68, 0x1F, 0xD1, 0xC7, 0xD2,
-        0xFB, 0x16, 0x48, 0xB0, 0xBF, 0x80, 0x81, 0x8A,
-        0x7D, 0xD3, 0xB7, 0x09, 0x73, 0x4D, 0x38, 0x97,
-        0x2E, 0x3E, 0x44, 0x87, 0x5A, 0xF0, 0x92, 0x7A,
-        0x9A, 0xAD, 0xE8, 0x26, 0x13, 0xFC, 0xA0, 0x5E,
-        0xE5, 0xB3, 0x21, 0x06, 0x47, 0xA5, 0x63, 0x2A,
-        0xA1, 0x70, 0xD0, 0x9E, 0x70, 0xB5, 0x6A, 0x2F,
-        0x04, 0x33, 0x7A, 0x33, 0x7E, 0xE9, 0x52, 0x38,
-        0x3A, 0x1A, 0x8A, 0xEE, 0xA6, 0xCD, 0xB9, 0x0C,
-        0xCD, 0x86, 0xA8, 0x18, 0xD1, 0xBB, 0x39, 0x46,
-        0x5B, 0xA3, 0x13, 0xD2, 0x66, 0xBB, 0xB1, 0x05,
-        0x81, 0xFA, 0x18, 0x7D, 0x92, 0x6A, 0xC3, 0xA8,
-        0xB7, 0x49, 0xF6, 0x44, 0x45, 0xFA, 0xB5, 0x6C,
-        0x99, 0x27, 0x55, 0x57, 0x93, 0xFB, 0x4A, 0xCF,
-        0xB0, 0x39, 0xB1, 0xAA, 0x54, 0x3B, 0x1B, 0x87,
-        0xAE, 0x6A, 0x49, 0xAB, 0x56, 0x29, 0x33, 0xC4,
-        0xC9, 0x7B, 0xD7, 0x4C, 0x07, 0xBF, 0x29, 0x85,
-        0x1A, 0x46, 0x98, 0x51, 0xA9, 0x82, 0x59, 0x55,
-        0x96, 0xFE, 0x7A, 0xCA, 0xE0, 0xDB, 0x23, 0x53,
-        0x30, 0x28, 0xAA, 0x34, 0x67, 0x6F, 0x7A, 0x9B,
-        0x29, 0x26, 0x3E, 0x7A, 0xA2, 0x79, 0x00, 0x10,
-        0x4B, 0x1B, 0xA1, 0xB5, 0x67, 0x47, 0x39, 0xB2,
-        0xFC, 0x4E, 0xD8, 0xA3, 0x30, 0xBB, 0xA5, 0xA0,
-        0xB6, 0x24, 0x7C, 0x63, 0xF1, 0x15, 0x3D, 0xA0,
-        0x1D, 0xC8, 0xF6, 0x16, 0xF1, 0x04, 0x83, 0xA6,
-        0x93, 0xA6, 0x34, 0xC1, 0xBA, 0x6A, 0xE1, 0xAB,
-        0x2F, 0x16, 0x34, 0x00, 0xBB, 0x57, 0x71, 0xE7,
-        0x01, 0x71, 0xFC, 0xB5, 0x41, 0x55, 0xAB, 0xFC,
-        0xB2, 0x04, 0x4F, 0xCB, 0x30, 0xBA, 0xD6, 0x7F,
-        0x74, 0x21, 0x83, 0x86, 0x18, 0x19, 0xED, 0xB1,
-        0xAA, 0x6C, 0x77, 0x1F, 0xC8, 0xE1, 0x1A, 0x92,
-        0xE0, 0x8B, 0x71, 0xF4, 0x0D, 0x03, 0x6C, 0x15,
-        0xD2, 0x89, 0x6A, 0x20, 0x47, 0x25, 0xBA, 0x90,
-        0xA0, 0x3B, 0x47, 0x8D, 0x98, 0xC4, 0x90, 0x84,
-        0x38, 0x2F, 0x1D, 0x22, 0x3F, 0xE1, 0x29, 0x80,
-        0xE9, 0x47, 0xA4, 0x15, 0xE5, 0x5F, 0xE6, 0x7B,
-        0x85, 0xDA, 0x40, 0x44, 0x13, 0x42, 0x44, 0x5B,
-        0x46, 0xC2, 0xFC, 0x42, 0x02, 0x0D, 0x04, 0x76,
-        0x9A, 0x2A, 0x1C, 0x64, 0x64, 0x1F, 0x0C, 0x36,
-        0x63, 0x6B, 0xA6, 0xC4, 0x65, 0x2B, 0x26, 0x7A,
-        0x4B, 0x92, 0x19, 0xE3, 0x33, 0xA0, 0x68, 0x17,
-        0xB5, 0x81, 0x7B, 0x6E, 0x6C, 0xC4, 0x85, 0xE3,
-        0x52, 0x61, 0x41, 0x69, 0xAB, 0xC2, 0x0E, 0x18,
-        0x91, 0xB7, 0xA0, 0x00, 0xC5, 0x2A, 0xF1, 0x5A,
-        0x7B, 0x90, 0x4C, 0x97, 0x6C, 0x1B, 0xFD, 0x3A,
-        0x23, 0x77, 0xEB, 0x76, 0xB5, 0x50, 0x33, 0xC7,
-        0xC4, 0xC6, 0x9E, 0x71, 0x74, 0xAA, 0xF2, 0x77,
-        0x15, 0x75, 0x63, 0x16, 0xCA, 0xCC, 0xCE, 0x63,
-        0xA5, 0xA2, 0x24, 0x35, 0xC7, 0xD1, 0x02, 0x04,
-        0x43, 0xAA, 0x71, 0x69, 0x3B, 0xF0, 0x62, 0x30,
-        0x3D, 0x13, 0x33, 0x1F, 0x79, 0x54, 0x24, 0xC2,
-        0x0D, 0x26, 0x6C, 0x1D, 0x90, 0x30, 0x5F, 0xC8,
-        0xC2, 0x53, 0x66, 0x84, 0xA9, 0x3D, 0x50, 0x6D,
-        0xE6, 0x32, 0x9B, 0x61, 0x62, 0x40, 0x59, 0x99,
-        0xBD, 0x5C, 0xAA, 0x7D, 0xDB, 0x96, 0x13, 0xC8,
-        0x23, 0x8C, 0xC6, 0xD3, 0x35, 0xA1, 0xEB, 0x40,
-        0x82, 0xE7, 0x71, 0x0D, 0x07, 0x9F, 0x87, 0xA4,
-        0xBF, 0xF6, 0x47, 0x8B, 0x5F, 0x0C, 0x58, 0x77,
-        0x86, 0xAF, 0x42, 0x71, 0x92, 0xD9, 0xA3, 0x4A,
-        0x4F, 0xA3, 0x3B, 0xF0, 0xD3, 0xCC, 0x58, 0xFB,
-        0x46, 0x3B, 0x48, 0x38, 0xCA, 0x2C, 0x33, 0x7E,
-        0x65, 0x39, 0x7D, 0xA1, 0x56, 0x90, 0xC5, 0x2A,
-        0xC0, 0xE5, 0x46, 0x8B, 0xDC, 0x03, 0xDF, 0x5A,
-        0x62, 0xF7, 0x02, 0x09, 0x34, 0xE2, 0x67, 0xE0,
-        0xF7, 0xCF, 0x95, 0x59, 0x94, 0x35, 0xF9, 0x52,
-        0xFA, 0xB7, 0x4C, 0xFE, 0xB4, 0x30, 0x8B, 0x17,
-        0x3F, 0x12, 0xE0, 0x73, 0xF7, 0xF0, 0x40, 0xDB,
-        0x4C, 0x63, 0xC1, 0xC4, 0x8A, 0x7B, 0x7A, 0x41,
-        0xF4, 0x77, 0x9A, 0x6B, 0x57, 0xA9, 0x22, 0xC9,
-        0x70, 0x77, 0x11, 0x80, 0x00, 0x84, 0x93, 0xD4,
-        0xC7, 0x68, 0x05, 0x40, 0x0B, 0x7C, 0x66, 0x4D,
-        0x0B, 0x92, 0xB2, 0x2C, 0x49, 0x55, 0x1B, 0x12,
-        0x47, 0xE6, 0x2C, 0x85, 0xE1, 0xE5, 0x40, 0xC8,
-        0x20, 0x93, 0x37, 0x10, 0x13, 0xC4, 0x67, 0x6C,
-        0xEA, 0xD7, 0x7C, 0x5F, 0x30, 0x64, 0xA3, 0x73,
-        0x49, 0xC7, 0x16, 0x5E, 0xB3, 0xAA, 0x7D, 0xEF,
-        0x87, 0x31, 0xE9, 0xD6, 0x6A, 0x56, 0x36, 0x8F,
-        0x19, 0x5C, 0x04, 0x5B, 0x2A, 0x50, 0xE5, 0x97,
-        0x86, 0x16, 0x1A, 0x63, 0x0D, 0x28, 0x00, 0x89,
-        0x80, 0x12, 0x98, 0xC1, 0x30, 0xE4, 0x48, 0x31,
-        0x50, 0xCA, 0x91, 0x52, 0xC2, 0xA0, 0xF2, 0x47,
-        0x75, 0x0C, 0x06, 0x22, 0x59, 0xB8, 0x4C, 0x28,
-        0x23, 0x6C, 0x3F, 0xB5, 0x46, 0x25, 0xD5, 0xCD,
-        0xBE, 0xCC, 0x68, 0xDB, 0xA2, 0x2F, 0xB1, 0x55,
-        0x80, 0x55, 0xFB, 0x9B, 0x24, 0x35, 0x01, 0xC7,
-        0x58, 0x51, 0xE7, 0x6A, 0xBE, 0x48, 0x47, 0xB9,
-        0xB9, 0x72, 0xA7, 0x34, 0x11, 0xA6, 0xB4, 0x28,
-        0x2B, 0xF5, 0x98, 0x3A, 0x82, 0xDA, 0x74, 0x13,
-        0xE5, 0x4B, 0xA3, 0x5B, 0xAB, 0x37, 0xA9, 0xB3,
-        0xC6, 0x28, 0x84, 0xB6, 0x43, 0xC1, 0x34, 0x16,
-        0x5C, 0x98, 0x70, 0xC6, 0xBB, 0x39, 0x0F, 0x6B,
-        0x7A, 0x1E, 0x57, 0x45, 0x15, 0x8F, 0xB2, 0x51,
-        0xD6, 0x90, 0x94, 0x33, 0x55, 0x1F, 0xEB, 0xD3,
-        0x0B, 0xA5, 0x75, 0xA1, 0xE2, 0xF1, 0x09, 0x58,
-        0x49, 0x8D, 0x9F, 0x14, 0x7E, 0xD9, 0x53, 0x13,
-        0x22, 0xA1, 0x60, 0x97, 0xF5, 0x5D, 0x81, 0x17,
-        0x95, 0x45, 0x79, 0x12, 0x91, 0x2B, 0x1C, 0x65,
-        0xF3, 0x80, 0x25, 0x42, 0x9B, 0x3E, 0x76, 0x4A,
-        0x2E, 0x1A, 0xBC, 0x4E, 0x30, 0xC2, 0x88, 0x08,
-        0x27, 0x42, 0x99, 0x55, 0x90, 0x98, 0x1C, 0x43,
-        0xDB, 0xB3, 0x65, 0x96, 0x6B, 0xCB, 0x97, 0x20,
-        0xB1, 0x78, 0xC5, 0xEB, 0x96, 0x3B, 0x82, 0x93,
-        0x4C, 0x02, 0x81, 0x4B, 0x75, 0x25, 0x54, 0x6D,
-        0xB7, 0xC9, 0x6D, 0x65, 0x82, 0x2E, 0x49, 0x42,
-        0xE4, 0xA4, 0xAC, 0x13, 0xC9, 0x94, 0x90, 0xE7,
-        0xAB, 0x4A, 0x70, 0x23, 0x71, 0xF2, 0x13, 0x16,
-        0xA5, 0x79, 0x06, 0xB1, 0x92, 0x58, 0x42, 0x88,
-        0x01, 0x19, 0x25, 0x67, 0xC2, 0x04, 0x5B, 0xF8,
-        0x77, 0x5C, 0xF5, 0x8C, 0x5D, 0xB2, 0x8B, 0xA1,
-        0xB0, 0x5E, 0x04, 0x2A, 0x18, 0x59, 0xE6, 0x42,
-        0x86, 0xB5, 0xB1, 0x14, 0xF3, 0x9F, 0xCA, 0xCC,
-        0x12, 0x7B, 0xE6, 0x3D, 0xFF, 0x59, 0x0B, 0xC1,
-        0x84, 0xB8, 0x3B, 0x16, 0x8C, 0x30, 0x19, 0x98,
-        0x90, 0x37, 0x41, 0x00, 0xE4, 0x0D, 0x2F, 0xC7,
-        0x75, 0x2B, 0x14, 0x30, 0x35, 0x50, 0x22, 0xF3,
-        0xD5, 0x89, 0x25, 0xD1, 0x99, 0x1B, 0xF3, 0xB9,
-        0x8A, 0x90, 0x39, 0x5F, 0x85, 0x79, 0x64, 0x6C,
-        0x84, 0x13, 0xBA, 0xB3, 0xC0, 0xC0, 0x70, 0x7A,
-        0x23, 0x8A, 0x27, 0xD0, 0x9F, 0xA5, 0x7A, 0x32,
-        0xFF, 0x85, 0x39, 0x2F, 0xD0, 0x8C, 0x2F, 0x22,
-        0x86, 0xAB, 0xDB, 0x2B, 0x69, 0x36, 0xB9, 0xD3,
-        0x50, 0x38, 0x02, 0xC6, 0xB5, 0x1E, 0x41, 0x5B,
-        0x81, 0x67, 0x3C, 0xC7, 0x80, 0x54, 0xF1, 0xB2,
-        0xC4, 0xBD, 0xFA, 0x73, 0x3E, 0x52, 0x64, 0xC5,
-        0x5A, 0x7C, 0x4D, 0xA5, 0xB7, 0x39, 0x44, 0x40,
-        0x24, 0x62, 0x03, 0x3D, 0x08, 0xAE, 0x62, 0x0B,
-        0xD0, 0x56, 0x44, 0xB4, 0x77, 0xAB, 0x31, 0x5E,
-        0x93, 0x6D, 0x3F, 0x25, 0xB5, 0xBA, 0x7A, 0xC1,
-        0x9E, 0xB5, 0x59, 0xA5, 0xC1, 0x19, 0x5F, 0x56,
-        0x8B, 0x31, 0x3C, 0x26, 0x75, 0x09, 0x2E, 0x6D,
-        0xF5, 0x8F, 0xF3, 0x99, 0xC4, 0x2C, 0xAB, 0x63,
-        0x63, 0xAA, 0x03, 0x36, 0x91, 0xCB, 0x8C, 0xE0,
-        0x66, 0x99, 0xE7, 0x01, 0xF2, 0xB9, 0x25, 0x97,
-        0xCB, 0x8F, 0xC2, 0x35, 0x16, 0xE9, 0xF4, 0x0C,
-        0xE7, 0x5B, 0x7B, 0xC1, 0xE0, 0x52, 0x0A, 0x5A,
-        0x38, 0x95, 0xEB, 0x7D, 0x8D, 0x47, 0x40, 0x09,
-        0xA0, 0xCB, 0x0A, 0xDC, 0x2D, 0xF4, 0x76, 0xB5,
-        0x16, 0x41, 0x12, 0xC3, 0xB6, 0x00, 0xB6, 0x77,
-        0x6D, 0xAB, 0x49, 0xB2, 0x03, 0x81, 0xA4, 0x01,
-        0x46, 0x91, 0x65, 0x2A, 0x3C, 0x31, 0x61, 0xAA,
-        0xC6, 0x61, 0x6C, 0xFA, 0xA2, 0x65, 0x63, 0x8C,
-        0x6C, 0x66, 0x5A, 0x84, 0x54, 0xF3, 0x67, 0x80,
-        0xB7, 0x89, 0xCF, 0xA3, 0x5D, 0x2A, 0xF4, 0x9E,
-        0x6D, 0x5F, 0x48, 0x2B, 0xFA, 0x3C, 0x86, 0x4B,
-        0x0E, 0xF2, 0x9E, 0x18, 0xD2, 0xEF, 0xFF, 0x92,
-        0xDB, 0x18, 0x76, 0xA2, 0x20, 0x76, 0xAB, 0x1A,
-        0xAC, 0x0A, 0x73, 0x93, 0xED, 0x9E, 0x5A, 0x48
-    };
-    static const byte seed_1024[KYBER_ENC_RAND_SZ] = {
-        0x03, 0x4F, 0xF1, 0x4A, 0x56, 0x24, 0x9C, 0x25,
-        0x21, 0xD4, 0x27, 0x9E, 0xBA, 0x3D, 0x04, 0x93,
-        0x1C, 0xC8, 0x92, 0xBB, 0xC4, 0x50, 0x02, 0xB5,
-        0xB3, 0x3D, 0x9F, 0x01, 0x88, 0xAC, 0xBA, 0xF6
-    };
-    static const byte c_1024[KYBER1024_CIPHER_TEXT_SIZE] = {
-        0x8D, 0x4E, 0x2C, 0xB3, 0x9F, 0xFD, 0xE4, 0x31,
-        0x1A, 0xEE, 0xDB, 0x23, 0x38, 0xBF, 0x58, 0xCE,
-        0x11, 0xFA, 0xDA, 0xBD, 0xC9, 0x81, 0x3A, 0x32,
-        0x19, 0x30, 0xF4, 0x67, 0x56, 0xDD, 0x13, 0xA8,
-        0xE7, 0x91, 0x9F, 0xAC, 0x4F, 0x59, 0xCC, 0x9F,
-        0x8B, 0x91, 0xC8, 0x33, 0xB3, 0xB3, 0xF9, 0x1A,
-        0xDC, 0x6F, 0x9F, 0xBD, 0xBD, 0xE2, 0xF7, 0xDA,
-        0xE8, 0x84, 0x1B, 0xE5, 0x23, 0x8B, 0x98, 0x50,
-        0xA5, 0xEE, 0xBE, 0x67, 0x5D, 0xDE, 0xF4, 0x2A,
-        0x93, 0x14, 0xF6, 0x90, 0x59, 0x5D, 0x51, 0x52,
-        0x3E, 0x81, 0x17, 0xF2, 0x22, 0x66, 0x03, 0x4F,
-        0x09, 0xB7, 0x7D, 0x99, 0x1E, 0xE5, 0x75, 0x80,
-        0x2A, 0xFE, 0x44, 0x63, 0x74, 0xEB, 0x3D, 0x9E,
-        0x1B, 0xEB, 0x8F, 0x25, 0x04, 0x9C, 0x6E, 0xFA,
-        0x96, 0x32, 0x73, 0x66, 0xC0, 0x24, 0xCD, 0xFB,
-        0xE8, 0xDC, 0x27, 0xEF, 0x56, 0x49, 0x2C, 0x90,
-        0x40, 0x9E, 0x87, 0x13, 0x9C, 0x60, 0x88, 0x48,
-        0x8E, 0x17, 0xB8, 0x2D, 0x15, 0x56, 0xC2, 0x51,
-        0x31, 0xAC, 0xEE, 0x7D, 0xAF, 0xFE, 0x2D, 0x43,
-        0x7C, 0xEC, 0x34, 0x41, 0xBB, 0xBB, 0xAB, 0x80,
-        0xC4, 0xBF, 0x17, 0x7E, 0x65, 0x3A, 0xE0, 0x83,
-        0x1C, 0x9B, 0x4C, 0xEB, 0x70, 0x50, 0x57, 0x27,
-        0xD6, 0x3C, 0x4D, 0x47, 0x4F, 0xED, 0xC5, 0x20,
-        0x19, 0xBE, 0x41, 0x1C, 0x9A, 0x43, 0xB8, 0x71,
-        0x70, 0xF5, 0x89, 0x3F, 0x06, 0xEC, 0xD8, 0xD7,
-        0x82, 0x06, 0x3D, 0xF8, 0x93, 0xA1, 0xB6, 0x82,
-        0x24, 0x6D, 0x1C, 0x64, 0xF8, 0xF5, 0xA8, 0xC6,
-        0xFC, 0xDF, 0x07, 0x92, 0x7F, 0x4D, 0x5B, 0x7A,
-        0x39, 0x7F, 0xBC, 0xBD, 0x07, 0x50, 0x45, 0xDF,
-        0x2C, 0x4A, 0x36, 0xF5, 0x30, 0x4C, 0x95, 0xF4,
-        0x4A, 0xF9, 0x27, 0xAE, 0x91, 0x66, 0x42, 0x0B,
-        0x39, 0x44, 0x87, 0x94, 0xF5, 0xB3, 0xC3, 0x52,
-        0x27, 0xC3, 0xC9, 0xDF, 0x92, 0x56, 0x02, 0xA1,
-        0xAC, 0x98, 0xF8, 0x51, 0xAA, 0xDB, 0x65, 0xC9,
-        0x3F, 0xDD, 0x63, 0x27, 0xAE, 0xD8, 0xAE, 0x41,
-        0x29, 0x72, 0x44, 0x36, 0xA3, 0x3A, 0xA0, 0x8A,
-        0xA5, 0x66, 0x08, 0x85, 0x5F, 0xF8, 0x0A, 0xAA,
-        0x42, 0xAC, 0xA4, 0x56, 0x2B, 0x2D, 0x78, 0xDB,
-        0xBD, 0x2F, 0x91, 0xAE, 0xF2, 0x51, 0x56, 0x6B,
-        0x8C, 0x6F, 0x98, 0x21, 0x37, 0x84, 0xC9, 0x9D,
-        0xD7, 0xD7, 0x1F, 0x49, 0x55, 0x64, 0xC9, 0x08,
-        0x50, 0x1E, 0x35, 0xE3, 0xBF, 0xBB, 0x67, 0x5C,
-        0xCB, 0x66, 0x63, 0x52, 0x87, 0xCB, 0x64, 0x66,
-        0xE6, 0xE3, 0x8E, 0xA8, 0xAB, 0x11, 0xCE, 0x7E,
-        0xC6, 0x0B, 0xED, 0x86, 0x20, 0xB3, 0xDC, 0xD6,
-        0x94, 0x3D, 0x12, 0x79, 0xA4, 0x1F, 0x93, 0xA8,
-        0x7F, 0xA3, 0x59, 0xE5, 0x13, 0xC8, 0x1D, 0xE9,
-        0x18, 0xDA, 0x88, 0x32, 0x2B, 0x1B, 0x08, 0x81,
-        0x40, 0xE0, 0x74, 0xBE, 0x39, 0xBC, 0x17, 0xE3,
-        0xC5, 0x1A, 0xB7, 0x19, 0xDF, 0x6E, 0x42, 0x6D,
-        0x64, 0xFF, 0x94, 0xB8, 0x66, 0x2B, 0x9D, 0xD2,
-        0x6A, 0x32, 0xA3, 0xC3, 0x68, 0x7B, 0xF9, 0x29,
-        0x4C, 0x53, 0x7A, 0x22, 0x68, 0xF9, 0xDE, 0xD3,
-        0x80, 0xCC, 0x8A, 0x0F, 0x11, 0x27, 0xEE, 0x5A,
-        0x32, 0x2B, 0x4D, 0xF2, 0x4D, 0x87, 0xFB, 0xCE,
-        0x76, 0xF5, 0x60, 0xB0, 0x37, 0xC6, 0x59, 0xB6,
-        0xFB, 0x15, 0xC1, 0x56, 0x07, 0x1A, 0xED, 0xC2,
-        0x6E, 0xF1, 0x11, 0x40, 0xDE, 0x88, 0xD0, 0x8D,
-        0x46, 0x3E, 0xA0, 0xEA, 0xF0, 0x80, 0xA0, 0xB2,
-        0xE6, 0x27, 0xD9, 0xFF, 0x1D, 0x56, 0xC5, 0x02,
-        0x33, 0x55, 0x24, 0x26, 0x97, 0x27, 0xA0, 0x32,
-        0xDA, 0xCD, 0x16, 0x54, 0x3A, 0xDA, 0x83, 0x42,
-        0xCD, 0x6C, 0xB4, 0x0E, 0x72, 0x28, 0x59, 0x2C,
-        0x35, 0x74, 0xD9, 0x82, 0xE0, 0xB9, 0x14, 0x5E,
-        0xB8, 0x65, 0xDB, 0x2E, 0xE7, 0x81, 0x07, 0x26,
-        0xA9, 0x16, 0xB8, 0x37, 0xCA, 0x4F, 0x14, 0xC2,
-        0xCB, 0x9E, 0x95, 0x1B, 0xDE, 0x76, 0xBE, 0x16,
-        0xB8, 0xB1, 0xCD, 0xC2, 0xEE, 0xCD, 0xC0, 0x69,
-        0x49, 0xB8, 0xBE, 0xB1, 0x17, 0x86, 0xB8, 0xF2,
-        0x5F, 0x4C, 0x9A, 0xFA, 0x55, 0x97, 0xCE, 0xB1,
-        0xD8, 0x5F, 0xC9, 0xB9, 0xC9, 0x1D, 0xC6, 0x19,
-        0x66, 0xF3, 0x96, 0x09, 0x1E, 0x54, 0xC9, 0x6C,
-        0x97, 0xA4, 0x30, 0x0E, 0x99, 0xFD, 0x9F, 0x75,
-        0x2C, 0x0B, 0xEF, 0x5D, 0x88, 0xCA, 0xFB, 0xDC,
-        0xB3, 0x99, 0x3F, 0xCF, 0x6C, 0x7A, 0x8C, 0x55,
-        0x19, 0xFC, 0xEC, 0xB6, 0xA7, 0x91, 0x17, 0xE9,
-        0xB5, 0x21, 0x68, 0x01, 0x97, 0xD8, 0xA9, 0x1A,
-        0xB7, 0x5F, 0x18, 0x14, 0xDB, 0xC5, 0x80, 0x75,
-        0xEF, 0x4F, 0x07, 0x98, 0x7A, 0xBC, 0x56, 0xA7,
-        0x5D, 0xA4, 0x41, 0x6E, 0xDB, 0x9D, 0x6F, 0x3D,
-        0x77, 0x1A, 0xD3, 0x40, 0xD5, 0xCB, 0xCF, 0xC0,
-        0xE5, 0x71, 0xFA, 0x70, 0xAA, 0xC1, 0xC7, 0xDB,
-        0xBB, 0x5F, 0x5C, 0x5E, 0x1D, 0x8B, 0x10, 0x36,
-        0xF5, 0xA6, 0xFC, 0xFD, 0x06, 0x25, 0xAB, 0x5B,
-        0xBD, 0xA5, 0x71, 0x83, 0x9C, 0x58, 0x35, 0xDD,
-        0x69, 0x79, 0x77, 0x8F, 0x59, 0xD3, 0x48, 0x68,
-        0x4F, 0xA6, 0xCF, 0xC2, 0xA6, 0x25, 0x35, 0xB4,
-        0x7F, 0xAD, 0x7F, 0x97, 0xB5, 0x21, 0x88, 0x72,
-        0xD5, 0x2D, 0xCA, 0xCE, 0x9D, 0x3C, 0x1B, 0x11,
-        0x62, 0x8D, 0x35, 0x2A, 0xD8, 0x21, 0x90, 0x0F,
-        0x44, 0xE1, 0x4B, 0x64, 0x7F, 0x6B, 0xFA, 0x70,
-        0xF6, 0x46, 0xB5, 0xC7, 0xAF, 0x53, 0x13, 0x17,
-        0x7A, 0x10, 0x95, 0x49, 0x44, 0x22, 0x91, 0x53,
-        0xA4, 0x49, 0xFC, 0xF8, 0x9A, 0x62, 0x63, 0xBD,
-        0xBF, 0x85, 0x56, 0xE9, 0x81, 0xE5, 0xD6, 0x25,
-        0x13, 0x40, 0xF9, 0xF4, 0x3C, 0x66, 0x92, 0x03,
-        0x0F, 0xB9, 0x60, 0x5B, 0xB9, 0x9F, 0x33, 0xE9,
-        0x6F, 0x06, 0xD1, 0xE4, 0xE6, 0xAB, 0xBE, 0x65,
-        0xE1, 0x46, 0x96, 0xD5, 0x30, 0xF1, 0xB5, 0x25,
-        0xFF, 0xF8, 0x7D, 0x54, 0xC1, 0xAC, 0x2F, 0x5E,
-        0x96, 0x4D, 0x46, 0xEE, 0x37, 0xF4, 0x04, 0x5B,
-        0x54, 0xE6, 0x09, 0x8F, 0x76, 0xB2, 0x8E, 0xAF,
-        0x69, 0xE9, 0x98, 0x88, 0x8D, 0x25, 0xE0, 0x21,
-        0xA5, 0x38, 0xFD, 0x19, 0x56, 0xA7, 0xFC, 0x30,
-        0xAE, 0x83, 0xF8, 0xBA, 0x99, 0x47, 0xF8, 0x64,
-        0xFD, 0x59, 0x73, 0x1A, 0x6F, 0xBB, 0x40, 0x2A,
-        0xF2, 0x99, 0x0E, 0x1E, 0xD2, 0xD5, 0x6B, 0xF6,
-        0x2A, 0xA6, 0xCE, 0xAE, 0x6F, 0x76, 0x9D, 0x2D,
-        0x0C, 0x6C, 0x31, 0x3D, 0x7A, 0xAF, 0x97, 0x4E,
-        0x69, 0xDC, 0x02, 0xCC, 0x43, 0x18, 0xB9, 0x45,
-        0x7B, 0x8C, 0xC4, 0x06, 0x56, 0xAB, 0x7B, 0x61,
-        0x34, 0xDE, 0x3F, 0x98, 0x01, 0xCE, 0x01, 0x96,
-        0x99, 0xCE, 0x85, 0x5E, 0xBE, 0x9C, 0x6C, 0x02,
-        0xFD, 0x08, 0x50, 0x6F, 0x00, 0x4A, 0x4E, 0xED,
-        0x2C, 0xA1, 0x66, 0xC9, 0x54, 0xC7, 0xDB, 0x88,
-        0x10, 0x70, 0x0C, 0xA6, 0x71, 0xEF, 0x37, 0x2A,
-        0x29, 0x0B, 0x00, 0xE1, 0xBF, 0xBB, 0x97, 0xE3,
-        0xE6, 0x74, 0xD3, 0xDC, 0xCC, 0x57, 0xCE, 0x59,
-        0xF4, 0x65, 0xB1, 0x48, 0x8F, 0xF7, 0x6F, 0x62,
-        0x39, 0x00, 0x8B, 0xE3, 0xE7, 0x61, 0xEF, 0x9C,
-        0x11, 0x3D, 0xF0, 0x10, 0x7B, 0x8E, 0xEA, 0xE3,
-        0xFE, 0xBA, 0x55, 0xB3, 0x5E, 0x4C, 0x1D, 0xA3,
-        0xB6, 0xC8, 0x7A, 0x8D, 0x20, 0x11, 0x0E, 0x1C,
-        0xD7, 0x71, 0xCC, 0xBC, 0x30, 0xDF, 0xF7, 0x61,
-        0xE6, 0x03, 0xD4, 0x88, 0xE5, 0x5B, 0x85, 0x3A,
-        0xAE, 0x7D, 0xAA, 0xDF, 0x2A, 0x00, 0x7B, 0x83,
-        0x93, 0xDF, 0x08, 0xAF, 0x53, 0x4F, 0x9F, 0x53,
-        0xA7, 0x37, 0x57, 0xBA, 0xBE, 0x21, 0xC8, 0x64,
-        0x26, 0xCF, 0x05, 0x8E, 0xCA, 0x81, 0x7E, 0xF2,
-        0x37, 0xBF, 0xC5, 0x8A, 0xC2, 0x98, 0xFB, 0xF2,
-        0xA1, 0x48, 0x1C, 0x4D, 0x12, 0xDC, 0xF1, 0xB7,
-        0x37, 0xFD, 0x63, 0x97, 0x69, 0xA2, 0x53, 0x1E,
-        0xF9, 0x31, 0xA3, 0x62, 0xA4, 0x44, 0x56, 0xEE,
-        0x2C, 0xA4, 0x85, 0x98, 0xB4, 0x62, 0x59, 0xFC,
-        0xC9, 0x77, 0x07, 0x6C, 0x59, 0xFA, 0x4E, 0x29,
-        0x54, 0xE9, 0x96, 0x7D, 0xA4, 0x5D, 0xA7, 0xCB,
-        0xF7, 0x86, 0x33, 0xEC, 0x59, 0xC4, 0x63, 0xFE,
-        0x48, 0xA8, 0x3B, 0x80, 0x1A, 0x54, 0xDB, 0x3F,
-        0xEA, 0xB4, 0x45, 0xA3, 0x57, 0xE4, 0x18, 0xB0,
-        0x65, 0x3F, 0x29, 0x40, 0xB2, 0xB7, 0x13, 0x81,
-        0xB2, 0xDF, 0x9E, 0xCF, 0x81, 0x00, 0x84, 0x8E,
-        0x29, 0x12, 0xF4, 0xBD, 0x50, 0x3A, 0xF0, 0x75,
-        0xAA, 0xAF, 0x36, 0xC1, 0x36, 0xA4, 0x13, 0xC9,
-        0x5B, 0xE2, 0xF2, 0x5A, 0x6D, 0x29, 0x19, 0x76,
-        0xCD, 0x66, 0xA2, 0x76, 0x43, 0x53, 0x7E, 0x35,
-        0xE1, 0xDF, 0x89, 0xB1, 0xE4, 0x94, 0xB3, 0x6B,
-        0x08, 0xF3, 0xD0, 0x19, 0x6C, 0xD7, 0xE9, 0x0B,
-        0xA5, 0xBB, 0x21, 0x00, 0x9F, 0x37, 0xA8, 0x43,
-        0x19, 0x9E, 0x08, 0xDD, 0x95, 0xCA, 0x49, 0x48,
-        0xC5, 0x33, 0xCB, 0x26, 0x3B, 0x5D, 0x40, 0x5A,
-        0xF2, 0xFA, 0x11, 0x99, 0x81, 0xA8, 0x53, 0x6E,
-        0xB7, 0x1C, 0x88, 0x22, 0x6C, 0x41, 0x53, 0x4C,
-        0x26, 0x87, 0xBF, 0x1E, 0xED, 0x34, 0x75, 0xE8,
-        0x48, 0x8B, 0xDE, 0x90, 0x9A, 0x93, 0xD4, 0xDB,
-        0x55, 0xB6, 0xE8, 0x34, 0xB5, 0xE7, 0x86, 0x0A,
-        0xA9, 0x8F, 0xD8, 0xBC, 0xB1, 0x3A, 0xB0, 0x77,
-        0xB7, 0xBF, 0xD7, 0x5B, 0x35, 0xFA, 0x39, 0x3E,
-        0x93, 0xE3, 0xBF, 0xB4, 0xB9, 0xBA, 0x1D, 0xAA,
-        0x74, 0x65, 0xFD, 0x5B, 0x23, 0xA5, 0xB4, 0xCD,
-        0x17, 0x16, 0xD4, 0xBD, 0xF7, 0xB8, 0xD5, 0x57,
-        0x4B, 0x15, 0x6D, 0xB8, 0x7D, 0x8D, 0xE1, 0xE5,
-        0x26, 0xC9, 0x7F, 0x8E, 0xB2, 0x87, 0xBD, 0x97,
-        0xEE, 0xEE, 0xEF, 0x07, 0x4D, 0xBC, 0xB2, 0xC4,
-        0xDB, 0x51, 0xA4, 0xEF, 0xF1, 0xFA, 0x7F, 0xFF,
-        0x32, 0x8A, 0x57, 0x2D, 0x72, 0x70, 0x01, 0x71,
-        0x08, 0xAC, 0xE2, 0xED, 0x25, 0x09, 0x3D, 0xA5,
-        0x35, 0xC7, 0xA2, 0x6D, 0x3B, 0x91, 0x2A, 0xA5,
-        0x7F, 0xB3, 0x22, 0xE5, 0x3B, 0xB2, 0x22, 0xE9,
-        0x4E, 0x7C, 0xF6, 0x8C, 0xD8, 0xA2, 0x1A, 0xD7,
-        0xC0, 0x6A, 0x4A, 0xF9, 0x78, 0xED, 0x1D, 0xEB,
-        0x10, 0xE3, 0xF2, 0x41, 0x2A, 0xC6, 0x54, 0x3C,
-        0x18, 0x20, 0x68, 0xEF, 0xFB, 0xD8, 0x7F, 0x31,
-        0x76, 0x5F, 0x5A, 0xE6, 0x81, 0xEE, 0x8B, 0x2E,
-        0x9A, 0xEB, 0x5B, 0xC9, 0x40, 0xA9, 0x4E, 0xC0,
-        0xEE, 0xF5, 0xBE, 0xF7, 0x48, 0x74, 0x16, 0x9E,
-        0xAB, 0xEC, 0xF1, 0x51, 0x25, 0x65, 0xC5, 0x1E,
-        0xA5, 0x87, 0x21, 0xDD, 0x3A, 0xF1, 0x69, 0x03,
-        0x65, 0xDB, 0x22, 0xE1, 0x87, 0x7F, 0x2A, 0x5C,
-        0x01, 0x72, 0x3F, 0x69, 0xB7, 0x72, 0x52, 0x77,
-        0xAE, 0x4E, 0x9E, 0xFA, 0xCD, 0x3A, 0xFA, 0x5A,
-        0xDC, 0xAF, 0x38, 0x57, 0x77, 0xE7, 0xCE, 0x10,
-        0xF9, 0x56, 0xB4, 0x64, 0x2C, 0x6F, 0xC1, 0xC9,
-        0x78, 0x08, 0x99, 0x3E, 0xFD, 0x99, 0x4C, 0xA6,
-        0x5C, 0x75, 0xF4, 0x59, 0xAC, 0x58, 0x72, 0xF8,
-        0x24, 0x88, 0xC5, 0x7F, 0xB7, 0xAF, 0x9A, 0xB9,
-        0x69, 0xD5, 0xE3, 0x69, 0xC1, 0x6D, 0x0B, 0x2B,
-        0xF7, 0x80, 0x0B, 0x93, 0x8D, 0x67, 0x84, 0xC7,
-        0xF6, 0x4D, 0x0C, 0x55, 0xCA, 0x77, 0x94, 0x65,
-        0x49, 0x38, 0x94, 0x9E, 0x14, 0x21, 0x70, 0x55,
-        0xD3, 0x41, 0x01, 0xF9, 0x41, 0x7D, 0x37, 0x0A,
-        0x8A, 0xDD, 0x72, 0xFC, 0x0B, 0x57, 0x66, 0xEC,
-        0x1D, 0x8A, 0xDD, 0xD7, 0x02, 0x33, 0x4A, 0x2A,
-        0xC2, 0x77, 0x09, 0xC5, 0xAC, 0x5A, 0xE5, 0x60,
-        0x1D, 0xBA, 0x95, 0x2B, 0xE2, 0x58, 0xD9, 0x33,
-        0x6D, 0xF3, 0xE0, 0xF6, 0x58, 0x78, 0xA8, 0x58,
-        0x61, 0x32, 0x58, 0xFB, 0x5E, 0x47, 0x94, 0x1B
-    };
-    static const byte k_1024[KYBER_SS_SZ] = {
-        0x46, 0xC2, 0x00, 0xF3, 0xF6, 0xEE, 0x8E, 0x11,
-        0xD4, 0x76, 0x53, 0x80, 0x1E, 0x34, 0x82, 0x24,
-        0x1C, 0xB7, 0x83, 0xB9, 0xD7, 0x94, 0xEB, 0x11,
-        0x6A, 0x4B, 0xDA, 0x08, 0x5A, 0xEB, 0x6B, 0xB7
-    };
-#endif
-    static byte ct[KYBER_MAX_CIPHER_TEXT_SIZE];
-    static byte ss[KYBER_SS_SZ];
-
-    key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(key);
-    if (key != NULL) {
-        XMEMSET(key, 0, sizeof(KyberKey));
-    }
-
-#ifndef WOLFSSL_NO_KYBER512
-    ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_512, sizeof(ek_512)), 0);
-    ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_512,
-        sizeof(seed_512)), 0);
-    ExpectIntEQ(XMEMCMP(ct, c_512, KYBER512_CIPHER_TEXT_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(ss, k_512, KYBER_SS_SZ), 0);
-    wc_KyberKey_Free(key);
-#endif
-#ifndef WOLFSSL_NO_KYBER768
-    ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_768, sizeof(ek_768)), 0);
-    ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_768,
-        sizeof(seed_768)), 0);
-    ExpectIntEQ(XMEMCMP(ct, c_768, KYBER768_CIPHER_TEXT_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(ss, k_768, KYBER_SS_SZ), 0);
-    wc_KyberKey_Free(key);
-#endif
-#ifndef WOLFSSL_NO_KYBER1024
-    ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_1024, sizeof(ek_1024)), 0);
-    ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_1024,
-        sizeof(seed_1024)), 0);
-    ExpectIntEQ(XMEMCMP(ct, c_1024, KYBER1024_CIPHER_TEXT_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(ss, k_1024, KYBER_SS_SZ), 0);
-    wc_KyberKey_Free(key);
-#endif
-
-    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_kyber_decapsulate_kats(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \
-    defined(WOLFSSL_ML_KEM)
-    KyberKey* key;
-#ifndef WOLFSSL_NO_KYBER512
-    static const byte dk_512[KYBER512_PRIVATE_KEY_SIZE] = {
-        0x17, 0x43, 0x13, 0xEF, 0xA9, 0x35, 0x20, 0xE2,
-        0x8A, 0x70, 0x76, 0xC8, 0x88, 0x09, 0x6E, 0x02,
-        0xB0, 0xBD, 0xD8, 0x68, 0x30, 0x49, 0x7B, 0x61,
-        0xFD, 0xEA, 0xB6, 0x20, 0x9C, 0x6C, 0xF7, 0x1C,
-        0x62, 0x5C, 0x46, 0x80, 0x77, 0x5C, 0x34, 0x77,
-        0x58, 0x1C, 0x42, 0x7A, 0x6F, 0xE1, 0xB0, 0x35,
-        0x6E, 0xAB, 0x04, 0x8B, 0xCA, 0x43, 0x4F, 0x83,
-        0xB5, 0x42, 0xC8, 0xB8, 0x60, 0x01, 0x06, 0x96,
-        0xA5, 0x72, 0x99, 0xBB, 0x26, 0x22, 0x68, 0x89,
-        0x1F, 0xFC, 0x72, 0x14, 0x2C, 0xA1, 0xA8, 0x66,
-        0x18, 0x5C, 0xA8, 0x2D, 0x05, 0x40, 0x66, 0x95,
-        0xBA, 0x57, 0xD4, 0xC9, 0x30, 0xF9, 0xC1, 0x7D,
-        0x62, 0x23, 0x52, 0x3C, 0xF5, 0xA4, 0xF2, 0xA4,
-        0x33, 0xA3, 0x64, 0x45, 0x9A, 0xC0, 0xAC, 0xDE,
-        0x72, 0x54, 0x48, 0x13, 0x29, 0x28, 0x8B, 0x1B,
-        0xE1, 0x87, 0xCC, 0x25, 0x21, 0x9F, 0x48, 0xC2,
-        0x44, 0x3C, 0x53, 0x21, 0x99, 0x85, 0x93, 0x55,
-        0x32, 0x0D, 0x04, 0xF0, 0xB8, 0x0D, 0xE9, 0x69,
-        0xF1, 0x69, 0xA3, 0xD2, 0xBA, 0x34, 0x11, 0xB4,
-        0xAD, 0xBC, 0x01, 0xB6, 0x62, 0x71, 0x82, 0x4C,
-        0xD9, 0x54, 0x3C, 0x78, 0xBA, 0x48, 0x04, 0xAE,
-        0x81, 0xF3, 0xAF, 0x00, 0x33, 0x6C, 0x5C, 0xC3,
-        0x69, 0x83, 0x54, 0xC0, 0xE0, 0x18, 0x73, 0xA2,
-        0xA1, 0x7D, 0x6A, 0x95, 0xA3, 0x12, 0x68, 0x9A,
-        0x99, 0xDC, 0x89, 0x08, 0x41, 0x50, 0xA8, 0xD5,
-        0x2B, 0xB3, 0x1C, 0x3F, 0xF3, 0xD4, 0x21, 0x5F,
-        0xA3, 0xC4, 0x11, 0x1B, 0x40, 0x19, 0x92, 0x86,
-        0x6E, 0x51, 0x3E, 0x51, 0x28, 0xA2, 0x0E, 0xD9,
-        0x5F, 0xDE, 0xE6, 0x14, 0x85, 0xDC, 0x93, 0x7E,
-        0x09, 0x9D, 0x76, 0xF7, 0x9B, 0x92, 0x73, 0x4D,
-        0xC4, 0xCB, 0xB9, 0xA7, 0xA4, 0x13, 0xFE, 0xA6,
-        0x28, 0x5B, 0xC0, 0xC2, 0x7C, 0x96, 0x1E, 0x47,
-        0xD1, 0x98, 0x36, 0x44, 0xC4, 0xBF, 0x91, 0x3D,
-        0x72, 0xF4, 0xB0, 0x30, 0xD3, 0x47, 0x38, 0x42,
-        0x72, 0x63, 0xE8, 0x7A, 0xB4, 0xC0, 0xB7, 0xDF,
-        0x0B, 0x72, 0xCA, 0x8A, 0xA0, 0xBA, 0xA6, 0x7B,
-        0x07, 0x99, 0x39, 0xD5, 0x87, 0x80, 0x1D, 0x60,
-        0xC8, 0x7A, 0x20, 0x40, 0x5E, 0x5C, 0x52, 0x60,
-        0x3C, 0x07, 0x2F, 0xDB, 0x63, 0xE2, 0xE1, 0xC2,
-        0xA9, 0x5C, 0xC2, 0x6F, 0x5A, 0xBE, 0xF6, 0x08,
-        0x83, 0x33, 0x80, 0x08, 0x86, 0xD0, 0x93, 0xCA,
-        0x01, 0xA7, 0x6F, 0x57, 0x00, 0x5E, 0x05, 0x35,
-        0x69, 0x54, 0x2E, 0x0A, 0x07, 0x6B, 0x98, 0x73,
-        0x6D, 0x4D, 0x39, 0xB0, 0x0F, 0xC1, 0x65, 0x3F,
-        0xBC, 0x2D, 0x12, 0xEA, 0x32, 0xA9, 0x4B, 0x9B,
-        0x92, 0xC6, 0x8B, 0xA4, 0xB6, 0x8A, 0x4E, 0x7B,
-        0x37, 0x0A, 0x23, 0xB0, 0x3F, 0xE8, 0x22, 0x16,
-        0x39, 0xB0, 0x12, 0x44, 0x80, 0x6C, 0x27, 0x06,
-        0x7A, 0x58, 0x03, 0x1D, 0xB8, 0x0D, 0x2D, 0x03,
-        0x66, 0x1A, 0x01, 0x7B, 0xB4, 0x6B, 0xB3, 0x71,
-        0x1A, 0xCB, 0x56, 0x8A, 0x4F, 0xAB, 0xEB, 0xAF,
-        0xC5, 0xFA, 0x06, 0xF7, 0xCA, 0x0E, 0x4D, 0x96,
-        0x2E, 0x31, 0x70, 0xCB, 0x11, 0xC0, 0xA8, 0xD1,
-        0x8A, 0x09, 0xCE, 0x27, 0xA6, 0xA9, 0x76, 0x3E,
-        0x12, 0x38, 0x85, 0x45, 0x02, 0x24, 0xDE, 0x07,
-        0xCC, 0x17, 0x54, 0x6C, 0x17, 0x95, 0x1F, 0xDE,
-        0x47, 0x6E, 0x08, 0x35, 0x83, 0xEF, 0x10, 0xBF,
-        0x76, 0xA9, 0x8A, 0xFF, 0xF9, 0xB1, 0x2D, 0xB5,
-        0x40, 0x1C, 0xD3, 0x67, 0x34, 0x95, 0x39, 0x2D,
-        0x74, 0x12, 0x91, 0xC3, 0xAA, 0x78, 0x42, 0x0C,
-        0x8A, 0x7C, 0xB5, 0xFF, 0xE6, 0x50, 0x12, 0x99,
-        0x7C, 0x4D, 0xA4, 0x32, 0x2E, 0xA9, 0x0B, 0x50,
-        0x14, 0xB5, 0xB4, 0xD0, 0x18, 0x01, 0x00, 0x24,
-        0x70, 0x47, 0x34, 0x1E, 0x4C, 0x24, 0xB9, 0x6B,
-        0x8D, 0x7C, 0x00, 0x20, 0x52, 0x4B, 0x7C, 0x1D,
-        0x66, 0xC3, 0xE0, 0x8C, 0xB2, 0x99, 0xEB, 0x4E,
-        0xC6, 0xFA, 0x0E, 0xE8, 0xEA, 0x05, 0xFD, 0x43,
-        0x0F, 0x57, 0x60, 0x5E, 0x89, 0x2B, 0x23, 0x2D,
-        0x20, 0x47, 0xCA, 0x9B, 0x4E, 0xCA, 0xD9, 0xBD,
-        0xD0, 0x9C, 0x99, 0x51, 0x19, 0x69, 0x16, 0x52,
-        0x5D, 0x1E, 0xC9, 0x21, 0xB6, 0xE3, 0xCE, 0x0E,
-        0xE6, 0x92, 0xEB, 0xA7, 0x28, 0xB4, 0xDB, 0x10,
-        0xF3, 0x38, 0x1F, 0xBF, 0x58, 0x4A, 0xBB, 0x7B,
-        0x6A, 0x92, 0x10, 0xC7, 0xC4, 0x24, 0xCE, 0x4A,
-        0x36, 0x93, 0x70, 0xCB, 0x48, 0xD6, 0x08, 0x63,
-        0x4A, 0xBA, 0x0B, 0xFF, 0x91, 0xC5, 0x62, 0x0A,
-        0x11, 0x89, 0xD0, 0xCA, 0x97, 0x42, 0x1D, 0x42,
-        0x34, 0x29, 0xFB, 0x66, 0x39, 0x52, 0xDC, 0x12,
-        0x31, 0xB4, 0x36, 0x2B, 0x71, 0x62, 0xFE, 0x3A,
-        0x42, 0x11, 0x1C, 0x91, 0xD7, 0x6A, 0x96, 0x4C,
-        0xB4, 0x15, 0x41, 0x94, 0x20, 0x9E, 0xDB, 0xAA,
-        0x1F, 0x48, 0x1B, 0xD1, 0x26, 0xC3, 0x25, 0xD1,
-        0x56, 0x78, 0xE3, 0x9B, 0xCC, 0xE4, 0xC7, 0x04,
-        0xEA, 0x48, 0x72, 0x46, 0x64, 0x8A, 0x6C, 0x6C,
-        0x25, 0x40, 0xB5, 0xF6, 0x80, 0xA3, 0x5E, 0xE2,
-        0x82, 0x42, 0x46, 0x45, 0x0A, 0x72, 0x93, 0xF2,
-        0x1A, 0x90, 0xCF, 0xD1, 0x4E, 0xFA, 0xF7, 0x8F,
-        0xA3, 0xD7, 0x32, 0x22, 0x51, 0xC6, 0x41, 0xA5,
-        0x0E, 0x95, 0xBB, 0x5E, 0xC5, 0xCA, 0x0B, 0x60,
-        0xE8, 0x9D, 0x7C, 0x18, 0xB7, 0xA4, 0x4A, 0x0F,
-        0xAF, 0xB4, 0xBC, 0xAD, 0xE9, 0xB5, 0x88, 0xD1,
-        0xB7, 0xFC, 0xF1, 0x2B, 0xA1, 0xE1, 0x08, 0x4D,
-        0x56, 0xB1, 0x97, 0xEA, 0x90, 0xA7, 0x9A, 0x3D,
-        0x83, 0x92, 0x7A, 0x23, 0x07, 0x60, 0x3B, 0xC2,
-        0x11, 0xC0, 0x83, 0x0C, 0xB7, 0x06, 0x2C, 0x04,
-        0x25, 0x48, 0x24, 0x57, 0x5B, 0x22, 0x6C, 0xAD,
-        0x9A, 0x27, 0xC2, 0xA4, 0x55, 0x19, 0xAE, 0x39,
-        0x54, 0x64, 0x67, 0x69, 0x04, 0x85, 0x49, 0x8A,
-        0x32, 0x0A, 0xD5, 0x69, 0x93, 0xB1, 0x5A, 0x9D,
-        0x22, 0xC6, 0x19, 0x14, 0x46, 0xCB, 0x40, 0xAA,
-        0x75, 0x47, 0x40, 0x16, 0x81, 0xDC, 0xC7, 0xE3,
-        0x65, 0x96, 0xB1, 0x0C, 0x07, 0xFA, 0x2A, 0x20,
-        0xB4, 0x3C, 0x4B, 0x01, 0x24, 0x40, 0x1F, 0x8A,
-        0x0E, 0x74, 0x48, 0x78, 0xC7, 0x29, 0x66, 0x23,
-        0xC7, 0x39, 0x5B, 0x69, 0x94, 0xD1, 0x8C, 0x47,
-        0x87, 0xA2, 0x89, 0xDB, 0xB0, 0x5C, 0xB1, 0x82,
-        0x74, 0x51, 0xD8, 0x3F, 0x07, 0x29, 0x04, 0x53,
-        0x75, 0x94, 0xF5, 0x15, 0xCA, 0x10, 0x17, 0x99,
-        0x16, 0x20, 0xA3, 0x3E, 0x09, 0x6E, 0xE0, 0xDC,
-        0x09, 0x1A, 0xE4, 0xCA, 0x96, 0x06, 0x03, 0xB1,
-        0x01, 0xB5, 0xB4, 0xE2, 0x3E, 0x9A, 0x5B, 0x65,
-        0xE1, 0xF6, 0xC2, 0xA8, 0xCC, 0x89, 0x34, 0x13,
-        0x83, 0xB7, 0x06, 0x72, 0x5E, 0xD5, 0xB3, 0x48,
-        0x57, 0x69, 0x18, 0x1B, 0x8F, 0x76, 0x43, 0x9C,
-        0x05, 0x63, 0x6A, 0x0C, 0x34, 0x36, 0xFF, 0xBA,
-        0x8B, 0x86, 0xA5, 0x30, 0x6F, 0xA1, 0x11, 0xF6,
-        0xFC, 0x71, 0xEB, 0x77, 0x9B, 0x25, 0x70, 0x7C,
-        0xFA, 0xE0, 0xA6, 0xDA, 0x7B, 0x0A, 0xD5, 0xD9,
-        0x4B, 0x10, 0xF2, 0x1E, 0x4F, 0xCA, 0x92, 0x89,
-        0x3B, 0x9F, 0xFE, 0x73, 0x21, 0x07, 0x63, 0x40,
-        0x13, 0x77, 0x83, 0x7A, 0x10, 0xCA, 0x96, 0x25,
-        0x34, 0x6C, 0x42, 0xAD, 0xC7, 0x05, 0xBD, 0x92,
-        0xDB, 0x34, 0x26, 0xD9, 0x26, 0xCE, 0x4B, 0x5E,
-        0xC2, 0x4A, 0x5C, 0xDF, 0x27, 0xCB, 0x91, 0xE5,
-        0xA7, 0xE7, 0x16, 0x4D, 0x1B, 0xDC, 0x99, 0xD7,
-        0x56, 0x79, 0xFB, 0xC9, 0x3A, 0x58, 0xF6, 0x47,
-        0xDA, 0xC1, 0x08, 0x6C, 0xE9, 0x31, 0xBC, 0x08,
-        0x92, 0x33, 0xE9, 0x48, 0x7E, 0x08, 0x67, 0xBC,
-        0x58, 0x47, 0x2B, 0x01, 0xBF, 0x28, 0x95, 0xC3,
-        0x23, 0xB6, 0x4D, 0xBE, 0x4A, 0x17, 0xA9, 0xE8,
-        0x41, 0xB0, 0x53, 0xCA, 0xDB, 0x5C, 0x76, 0xD0,
-        0x35, 0x72, 0x4C, 0x32, 0x1B, 0xBC, 0x13, 0x66,
-        0x6F, 0x0A, 0x35, 0xDF, 0xDA, 0x07, 0x21, 0xE8,
-        0x98, 0x76, 0x23, 0x25, 0x6A, 0x99, 0x4D, 0x95,
-        0xFA, 0x1C, 0x05, 0xF5, 0x7C, 0x1E, 0x15, 0xA3,
-        0x0C, 0x4A, 0x0C, 0x83, 0x18, 0xA0, 0xD8, 0x3C,
-        0x41, 0x0C, 0x36, 0x28, 0x62, 0xE8, 0x17, 0xDD,
-        0x6A, 0xBB, 0xAA, 0x4B, 0xBE, 0x75, 0xB7, 0x36,
-        0xCC, 0xCB, 0xB4, 0xAF, 0x2A, 0x18, 0x84, 0x02,
-        0xBD, 0x4C, 0xE5, 0x97, 0x93, 0x20, 0x08, 0x86,
-        0x28, 0x65, 0x33, 0x25, 0x62, 0xF3, 0x24, 0xC7,
-        0xA4, 0x24, 0x15, 0x1F, 0xB5, 0x9D, 0x0A, 0xE1,
-        0x82, 0x1F, 0x28, 0x64, 0xC7, 0xE6, 0x98, 0x12,
-        0x7A, 0xAD, 0x92, 0xC3, 0x3B, 0x31, 0x39, 0x88,
-        0xC2, 0x9A, 0x09, 0xE2, 0x60, 0x44, 0x9B, 0xCA,
-        0x7B, 0xEE, 0x36, 0x08, 0x62, 0x31, 0x4E, 0x47,
-        0x51, 0x9E, 0xF3, 0x91, 0x8D, 0xDD, 0xE4, 0x03,
-        0xE7, 0xB9, 0x2A, 0xC9, 0x90, 0x8F, 0x93, 0xC6,
-        0x36, 0x9C, 0xC5, 0xC4, 0x7B, 0x8C, 0xB1, 0xDC,
-        0x3A, 0x34, 0x79, 0xC7, 0x62, 0xF6, 0x2A, 0x18,
-        0xFE, 0x05, 0xA9, 0xB0, 0x64, 0x5A, 0x53, 0x11,
-        0xA0, 0x18, 0x28, 0x72, 0x3A, 0xEB, 0x51, 0xFA,
-        0x50, 0x5E, 0x96, 0xB2, 0x9E, 0x3D, 0x2B, 0x6E,
-        0x5B, 0x13, 0x27, 0xDE, 0x3A, 0x61, 0xAB, 0x0C,
-        0x50, 0xBE, 0x01, 0x24, 0xB6, 0x4B, 0x33, 0x31,
-        0x4B, 0x32, 0xD6, 0x12, 0x25, 0x10, 0xE4, 0x64,
-        0x45, 0x85, 0x7A, 0xA0, 0xE2, 0xC4, 0xB0, 0xD2,
-        0x56, 0x95, 0x56, 0x20, 0xA8, 0x68, 0x1D, 0x1E,
-        0x55, 0x51, 0x26, 0xD0, 0x05, 0x09, 0xE3, 0x5B,
-        0xF5, 0x96, 0x83, 0xDD, 0xAA, 0x40, 0xE8, 0x2C,
-        0x51, 0x9B, 0x85, 0x58, 0x52, 0xC3, 0x66, 0xCB,
-        0x54, 0x45, 0x2B, 0xF9, 0x10, 0xB0, 0x01, 0x69,
-        0x23, 0x30, 0x34, 0x57, 0x08, 0x65, 0x3F, 0x51,
-        0x18, 0x00, 0xB1, 0x0E, 0x00, 0x9D, 0x9F, 0x7D,
-        0x10, 0xA5, 0x3B, 0x8B, 0x30, 0xBF, 0x13, 0xB0,
-        0x6F, 0x25, 0x4E, 0xC8, 0xA6, 0xBA, 0x53, 0x97,
-        0x00, 0xF6, 0x35, 0x8D, 0xE0, 0x46, 0x3A, 0x01,
-        0x95, 0x40, 0xC9, 0x87, 0x3F, 0x3F, 0x46, 0x80,
-        0xE2, 0x11, 0x3A, 0x7C, 0xCC, 0x55, 0xFF, 0x75,
-        0x4D, 0x85, 0xAA, 0x67, 0xE9, 0xE5, 0x5F, 0x88,
-        0x74, 0x24, 0xE0, 0xB2, 0x62, 0x56, 0x82, 0xA5,
-        0xDD, 0xA2, 0x18, 0xF0, 0x3C, 0x3C, 0x10, 0xA2,
-        0x46, 0xCD, 0xB0, 0xCC, 0x91, 0xD1, 0x9D, 0x8F,
-        0x02, 0x4D, 0xB9, 0xB1, 0x41, 0x5F, 0x50, 0xAC,
-        0xD8, 0xF6, 0x5D, 0xE2, 0x78, 0x7B, 0x91, 0x03,
-        0xC5, 0x75, 0xB6, 0x87, 0x76, 0x55, 0x72, 0xCF,
-        0xFA, 0x59, 0x02, 0x6C, 0x2B, 0xCE, 0xE7, 0x74,
-        0x23, 0xBC, 0xAF, 0xD3, 0x05, 0x4B, 0xF8, 0xE2,
-        0x71, 0x3F, 0xB8, 0x5B, 0x0B, 0xF6, 0xA4, 0x6E,
-        0x71, 0x61, 0x52, 0xF5, 0xC9, 0xA3, 0x01, 0x1E,
-        0xC9, 0x01, 0x14, 0xC7, 0x6B, 0x01, 0x51, 0x67,
-        0x99, 0xBD, 0x59, 0x11, 0x41, 0x5B, 0x70, 0x45,
-        0x44, 0x07, 0x7F, 0x18, 0x88, 0x06, 0x75, 0x5E,
-        0xEC, 0x41, 0x31, 0xE5, 0x55, 0x56, 0xDB, 0x90,
-        0x3F, 0x42, 0x84, 0xC1, 0xF9, 0x00, 0x86, 0xFF,
-        0x43, 0x1B, 0x68, 0xF5, 0x1F, 0x62, 0x98, 0x12,
-        0xF3, 0x20, 0xB5, 0x5F, 0x21, 0x9D, 0x72, 0xA1,
-        0x92, 0x8F, 0x38, 0xC9, 0xA1, 0xEC, 0x82, 0x3B,
-        0xA1, 0x98, 0xBA, 0x9A, 0xBB, 0xAC, 0xF6, 0x29,
-        0x02, 0xB3, 0xCA, 0x0A, 0xFC, 0x95, 0xEA, 0x8A,
-        0xC3, 0x03, 0xFB, 0x8B, 0xDD, 0x29, 0xBB, 0x9D,
-        0x18, 0xA0, 0x3B, 0xA4, 0x4E, 0x58, 0xB1, 0xB0,
-        0xB8, 0x5A, 0x2A, 0x16, 0x62, 0xE6, 0xA3, 0x1D,
-        0xA7, 0x54, 0x55, 0x11, 0xA4, 0x78, 0xA1, 0x81,
-        0x77, 0x88, 0x90, 0x61, 0xEF, 0x76, 0x63, 0x12,
-        0x64, 0x23, 0x9A, 0xDE, 0xBD, 0x04, 0xA8, 0xC5,
-        0x2B, 0x72, 0xE2, 0xB1, 0xF3, 0xA2, 0xDF, 0xBB,
-        0xD8, 0xC0, 0x54, 0xE7, 0x0C, 0xC2, 0xA7, 0x42,
-        0xE7, 0xB7, 0xD4, 0x17, 0xDF, 0xED, 0x31, 0x44,
-        0x22, 0x18, 0x7D, 0xE1, 0xB2, 0x95, 0x44, 0x81,
-        0x19, 0x57, 0x55, 0xEC, 0x04, 0xBB, 0x76, 0x71,
-        0xC4, 0x33, 0x14, 0x46, 0xBB, 0xE8, 0x95, 0x25,
-        0x14, 0x90, 0x53, 0x21, 0xA2, 0x17, 0x6E, 0x93,
-        0x5B, 0x54, 0x20, 0xC0, 0xD5, 0xEA, 0x44, 0x65
-    };
-    static const byte c_512[KYBER512_CIPHER_TEXT_SIZE] = {
-        0x84, 0xA1, 0x88, 0xA0, 0x72, 0xE4, 0xD4, 0xF4,
-        0x49, 0xA4, 0xBE, 0x17, 0x02, 0x74, 0xDD, 0x2A,
-        0x5F, 0x3E, 0x35, 0x6E, 0x95, 0xB9, 0x6E, 0x40,
-        0xAD, 0x3F, 0xF1, 0x45, 0x5E, 0x36, 0xC6, 0xA7,
-        0x1E, 0x90, 0x9D, 0xD2, 0xC0, 0xDF, 0xF8, 0xAD,
-        0x2C, 0x9F, 0x50, 0x3B, 0xAC, 0x90, 0x65, 0x71,
-        0x62, 0x48, 0x08, 0x3B, 0xDA, 0x40, 0xCE, 0xCB,
-        0x38, 0xE3, 0xB3, 0x05, 0x8B, 0xAF, 0x51, 0xA7,
-        0x57, 0x23, 0x84, 0xFF, 0x84, 0x06, 0xA8, 0x13,
-        0x6A, 0x4F, 0xC6, 0xD9, 0x12, 0xA5, 0x4B, 0x2E,
-        0xB5, 0xB9, 0xD5, 0x98, 0xFB, 0x68, 0x9E, 0x72,
-        0xED, 0x3D, 0xEF, 0xD2, 0xFF, 0x83, 0x55, 0xED,
-        0x9E, 0x9C, 0xCA, 0x53, 0xE8, 0x2C, 0x08, 0x86,
-        0xE0, 0x94, 0xC5, 0x92, 0xC3, 0x92, 0x31, 0x1F,
-        0x04, 0xFE, 0xC6, 0x8F, 0x9A, 0x1C, 0x53, 0x1C,
-        0xF3, 0x41, 0x90, 0x30, 0x89, 0x2B, 0x5B, 0xDC,
-        0xAC, 0xEE, 0xF6, 0xA0, 0xE7, 0xF1, 0xBD, 0x44,
-        0x90, 0x3F, 0x49, 0xDE, 0x8E, 0x37, 0xB0, 0x2B,
-        0xA3, 0xFC, 0x51, 0x21, 0xD9, 0x9F, 0x8C, 0xC3,
-        0x04, 0x0F, 0x66, 0x83, 0x2F, 0x77, 0x02, 0x1B,
-        0x4C, 0xA3, 0x5F, 0x7A, 0x48, 0x25, 0x03, 0x89,
-        0x36, 0x56, 0x4C, 0xA2, 0xE6, 0x73, 0xFF, 0x9C,
-        0xC0, 0x51, 0x9C, 0x25, 0xF6, 0xA5, 0x2D, 0x87,
-        0xED, 0xD9, 0x65, 0xB2, 0x46, 0x4A, 0xA3, 0x65,
-        0xD2, 0xBF, 0x06, 0x8B, 0x72, 0xFC, 0x68, 0xB6,
-        0x5E, 0x88, 0x51, 0x5E, 0x2C, 0x83, 0x2B, 0xBD,
-        0xB2, 0x7D, 0x61, 0xBF, 0x51, 0x2B, 0x5F, 0xC2,
-        0xD8, 0x59, 0x0F, 0xB3, 0x5F, 0x49, 0x50, 0x0C,
-        0xAF, 0xE7, 0x0E, 0x7D, 0x07, 0x76, 0xB5, 0xC4,
-        0xE4, 0x50, 0x3A, 0x71, 0x89, 0xAD, 0xBA, 0xFF,
-        0x5D, 0x5B, 0x51, 0x5C, 0xC6, 0x8B, 0x2F, 0x81,
-        0xD9, 0x93, 0xC6, 0xD7, 0xFA, 0x7D, 0x3D, 0x1D,
-        0x90, 0xEB, 0xFF, 0x51, 0xDA, 0x3F, 0xBB, 0xB4,
-        0x43, 0x0E, 0x5B, 0xBE, 0xDB, 0xCA, 0x8D, 0xA0,
-        0x78, 0xDC, 0xE8, 0xEC, 0x81, 0x5B, 0x16, 0x8B,
-        0xFC, 0x09, 0xAB, 0x4A, 0x20, 0x67, 0x88, 0x70,
-        0xF4, 0x86, 0x8B, 0x1F, 0xAE, 0x28, 0xD2, 0x09,
-        0xC7, 0x53, 0x68, 0xA7, 0x99, 0x31, 0x7D, 0xFA,
-        0x08, 0xC2, 0xB6, 0x51, 0xFA, 0xC7, 0x2D, 0xCA,
-        0x2A, 0x1B, 0x4C, 0xBB, 0x75, 0xE8, 0x73, 0xF1,
-        0x5C, 0x51, 0xB6, 0xD0, 0xB5, 0xE6, 0xF5, 0xE6,
-        0x0E, 0x2A, 0xF6, 0xC4, 0x0D, 0x2C, 0xAB, 0xCB,
-        0xF3, 0x58, 0x8F, 0x44, 0xBC, 0xEA, 0x6D, 0x72,
-        0xD3, 0x59, 0xF4, 0x0F, 0x9C, 0xF5, 0xE0, 0xEC,
-        0x40, 0xA5, 0x21, 0x5E, 0x5A, 0xCE, 0xEA, 0xF0,
-        0xDA, 0x00, 0xD9, 0x23, 0xD4, 0xCE, 0xFF, 0x5C,
-        0x3A, 0x3A, 0xB1, 0xE4, 0x6C, 0x75, 0x4F, 0x4A,
-        0xE0, 0x52, 0xC2, 0xBC, 0x49, 0xFD, 0xB4, 0x52,
-        0x1A, 0xE4, 0x4D, 0xF6, 0x34, 0xD5, 0x6E, 0x43,
-        0x3D, 0xAD, 0x3D, 0xF3, 0xC0, 0x71, 0x15, 0x40,
-        0x6F, 0xF8, 0xBF, 0xD0, 0xD7, 0xC9, 0x3B, 0x49,
-        0x41, 0xD0, 0xF0, 0x92, 0x13, 0xC1, 0x68, 0x1C,
-        0xFD, 0x5C, 0x86, 0x63, 0xDF, 0x02, 0x04, 0x1A,
-        0x3C, 0xBD, 0x16, 0x2F, 0x5C, 0x4D, 0x80, 0xCB,
-        0x1D, 0xC7, 0xD4, 0xA5, 0x01, 0xAD, 0x06, 0xFE,
-        0x96, 0xEB, 0x34, 0x8B, 0x6E, 0x33, 0x1C, 0x82,
-        0x96, 0xFE, 0x90, 0x4E, 0xB9, 0x7C, 0x08, 0x74,
-        0x56, 0x32, 0x8D, 0x70, 0x3B, 0x85, 0xBD, 0xAC,
-        0x2F, 0xB4, 0x3C, 0x72, 0x8D, 0x0B, 0x05, 0xFC,
-        0x54, 0xB8, 0xC1, 0x55, 0xC0, 0x10, 0xEF, 0x0D,
-        0xB1, 0x4C, 0xC6, 0x68, 0xD1, 0xB1, 0xBC, 0x72,
-        0x7A, 0xF8, 0x86, 0x40, 0x76, 0x73, 0x6B, 0x89,
-        0x8B, 0xAB, 0xA1, 0xC8, 0x1D, 0xCA, 0x20, 0x53,
-        0xF5, 0x85, 0x87, 0xD3, 0xC4, 0xE3, 0x3C, 0x69,
-        0x4A, 0x26, 0x4B, 0xE2, 0x89, 0x7E, 0x7D, 0x2E,
-        0xEF, 0xAD, 0xDA, 0x9F, 0xF8, 0x8D, 0x70, 0xBF,
-        0x37, 0x31, 0xF1, 0x22, 0x8C, 0xB3, 0xE1, 0x31,
-        0xEB, 0x0C, 0xB7, 0x6F, 0xDB, 0xD2, 0xCC, 0xB1,
-        0xCB, 0xC1, 0x8D, 0x14, 0x50, 0xAC, 0x7A, 0x16,
-        0x34, 0x9E, 0x71, 0x29, 0xCA, 0xB7, 0x20, 0xD5,
-        0xCB, 0x70, 0xB5, 0x6E, 0x85, 0x5E, 0x83, 0x05,
-        0xDC, 0xDA, 0x73, 0x0B, 0xBD, 0x0E, 0xA3, 0x3E,
-        0xF0, 0x81, 0x5D, 0x02, 0x19, 0x0B, 0xB9, 0x8E,
-        0x30, 0xF7, 0x3B, 0xF7, 0x78, 0x9C, 0xDD, 0x67,
-        0x3C, 0x61, 0x3B, 0x0C, 0x57, 0xCB, 0x2E, 0xF3,
-        0x2E, 0x67, 0x0A, 0x98, 0xD2, 0xD6, 0x30, 0x67,
-        0x07, 0x73, 0xC5, 0x9D, 0x8A, 0x6A, 0x2C, 0xFC,
-        0xFF, 0x1C, 0x7C, 0xA1, 0xBB, 0x55, 0xC1, 0x7A,
-        0x32, 0xCB, 0x65, 0xA2, 0xEA, 0x19, 0xC7, 0xB8,
-        0xE2, 0x95, 0xC6, 0x89, 0x8C, 0xF3, 0x2F, 0xEE,
-        0x1D, 0xEB, 0x01, 0x47, 0x2B, 0xE7, 0x6C, 0x3A,
-        0x78, 0xCB, 0x24, 0x2E, 0xDF, 0xE2, 0x1D, 0x96,
-        0x1F, 0xCB, 0x85, 0xC3, 0xCF, 0x6C, 0xEE, 0x21,
-        0x89, 0x86, 0xC1, 0xBD, 0x93, 0x2B, 0xF9, 0x7B,
-        0xC6, 0xDE, 0xCA, 0xAB, 0xF8, 0xC6, 0x29, 0x40,
-        0xC0, 0xA5, 0x8E, 0x87, 0xC6, 0xED, 0xDC, 0xD7,
-        0x4B, 0x7F, 0x71, 0x5D, 0x8C, 0x22, 0x52, 0x05,
-        0x46, 0x23, 0x9F, 0x3A, 0xAA, 0x10, 0xA4, 0x35,
-        0x82, 0x01, 0x03, 0xB4, 0xE3, 0x29, 0x53, 0x11,
-        0xD9, 0x92, 0xC9, 0xC8, 0x77, 0x1A, 0x3C, 0xE8,
-        0x49, 0x86, 0x8F, 0x36, 0xF3, 0x12, 0x14, 0xF9,
-        0x63, 0x9C, 0x02, 0x8F, 0x4A, 0x5F, 0x49, 0x45,
-        0xF2, 0xBE, 0xC9, 0x58, 0x50, 0x77, 0xBF, 0x2F,
-        0x63, 0x7D, 0x25, 0x49, 0xF8, 0x34, 0x8C, 0x00,
-        0xEC, 0xBF, 0x19, 0xC4, 0x70, 0xDF, 0x25, 0x5E,
-        0xFF, 0x62, 0x32, 0x81, 0x34, 0x29, 0xF8, 0x53
-    };
-    static const byte kprime_512[KYBER_SS_SZ] = {
-        0x22, 0x4B, 0x9C, 0x05, 0x12, 0x13, 0xEF, 0x46,
-        0x54, 0x92, 0x43, 0x79, 0x65, 0x32, 0x28, 0x29,
-        0x73, 0xFA, 0x7C, 0xF9, 0x7E, 0x89, 0x13, 0xC3,
-        0x39, 0xC1, 0x94, 0x0A, 0xC1, 0x7E, 0x05, 0xE0
-    };
-#endif
-#ifndef WOLFSSL_NO_KYBER768
-    static const byte dk_768[KYBER768_PRIVATE_KEY_SIZE] = {
-        0x34, 0x56, 0x85, 0x9B, 0xF7, 0x07, 0xE6, 0x72,
-        0xAC, 0x71, 0x2B, 0x7E, 0x70, 0xF5, 0x42, 0x75,
-        0x74, 0x59, 0x75, 0x02, 0xB8, 0x1D, 0xE8, 0x93,
-        0x1C, 0x92, 0xA9, 0xC0, 0xD2, 0x2A, 0x8E, 0x17,
-        0x73, 0xCB, 0x87, 0x47, 0x22, 0x05, 0xA3, 0x1C,
-        0x32, 0x20, 0x6B, 0xA4, 0xBC, 0xF4, 0x22, 0x59,
-        0x53, 0x3C, 0xB3, 0xA1, 0x9C, 0x02, 0x00, 0x86,
-        0x02, 0x44, 0xA6, 0xC3, 0xF6, 0x92, 0x18, 0x45,
-        0xB0, 0xA0, 0x58, 0x50, 0x18, 0x7A, 0x43, 0x10,
-        0xB3, 0xD5, 0x22, 0x3A, 0xAA, 0xA0, 0xC7, 0x9B,
-        0x9B, 0xBC, 0xFC, 0xCB, 0x3F, 0x75, 0x12, 0x14,
-        0xEB, 0x0C, 0xFA, 0xC1, 0xA2, 0x9E, 0xD8, 0x84,
-        0x8A, 0x5A, 0x49, 0xBA, 0x84, 0xBA, 0x68, 0xE6,
-        0xB6, 0xF5, 0x05, 0x7D, 0x49, 0x31, 0x05, 0xFF,
-        0x38, 0xA9, 0xF4, 0x4B, 0x4E, 0x7F, 0x6C, 0xBE,
-        0x7D, 0x21, 0x64, 0x08, 0xF7, 0xB4, 0x86, 0x05,
-        0xB2, 0x70, 0xB2, 0x53, 0xB0, 0x01, 0xA5, 0x40,
-        0x1C, 0x0C, 0x91, 0x27, 0xCC, 0x18, 0x5B, 0x1B,
-        0x0C, 0xF9, 0x2B, 0x99, 0xFB, 0xA0, 0xD9, 0x5A,
-        0x29, 0x5F, 0x87, 0x35, 0x15, 0x52, 0x0C, 0x86,
-        0x32, 0x1B, 0x8C, 0x96, 0x6C, 0x83, 0x7A, 0xAB,
-        0x34, 0xB2, 0xBF, 0xFA, 0xB2, 0xA2, 0xA4, 0x30,
-        0x1B, 0x35, 0x6B, 0x26, 0xCD, 0xC4, 0x56, 0x38,
-        0x02, 0x90, 0x1B, 0x47, 0x62, 0xF2, 0x84, 0x28,
-        0x1A, 0x38, 0x2E, 0x5F, 0x76, 0x2B, 0xEF, 0x47,
-        0xB5, 0x19, 0xA8, 0x1A, 0x10, 0x86, 0x57, 0xEB,
-        0xE9, 0x62, 0xBE, 0x12, 0x0B, 0x5F, 0xB3, 0xB9,
-        0xED, 0x33, 0x8C, 0xCF, 0x47, 0xB3, 0xA0, 0x39,
-        0x52, 0xA1, 0x66, 0x33, 0xF6, 0xE6, 0xB5, 0x34,
-        0xE6, 0xB6, 0x3D, 0x05, 0x70, 0x6E, 0xFA, 0x0F,
-        0x94, 0xC0, 0x3A, 0x2B, 0x85, 0x6A, 0xE5, 0x51,
-        0x42, 0x2F, 0x90, 0x11, 0xF2, 0x58, 0x9A, 0x41,
-        0xB9, 0x6A, 0x2C, 0xD2, 0x13, 0xC6, 0x99, 0x9B,
-        0x09, 0xE9, 0x1F, 0xF4, 0x23, 0xCB, 0x10, 0x6A,
-        0x1A, 0x92, 0x0B, 0x84, 0xB8, 0x11, 0x46, 0x94,
-        0x97, 0x15, 0x42, 0x23, 0x98, 0x7F, 0x00, 0x5C,
-        0x72, 0xF8, 0xAF, 0x38, 0x8B, 0x09, 0x0C, 0x63,
-        0x9F, 0x8C, 0x77, 0x4F, 0xC5, 0xA2, 0x94, 0xC7,
-        0x4A, 0x21, 0x2C, 0x91, 0xA8, 0x6C, 0x32, 0x8A,
-        0xEB, 0xEA, 0x55, 0x8A, 0xB4, 0x3F, 0x8B, 0x87,
-        0x35, 0x34, 0xFA, 0x2E, 0xF9, 0xE6, 0x6C, 0xEF,
-        0x3C, 0x52, 0xCD, 0x47, 0x1A, 0xB7, 0x83, 0x75,
-        0xE7, 0x45, 0xB9, 0xD0, 0xAA, 0x65, 0xD2, 0x27,
-        0x8B, 0x92, 0x75, 0xAE, 0x53, 0x48, 0xB1, 0x6C,
-        0xF6, 0x2A, 0xC8, 0x06, 0x57, 0x34, 0xE4, 0xBD,
-        0x77, 0xB8, 0x0C, 0xCF, 0x89, 0x76, 0x05, 0xEB,
-        0x76, 0xF4, 0x85, 0xAF, 0x8A, 0x0B, 0x46, 0x65,
-        0x57, 0xA8, 0x3C, 0x02, 0x92, 0xCC, 0xF9, 0x03,
-        0xEE, 0x7A, 0xA5, 0x7C, 0x3B, 0x51, 0xAD, 0x66,
-        0x01, 0x89, 0xB8, 0x61, 0x39, 0xE3, 0x80, 0x42,
-        0x5B, 0x31, 0xA9, 0x26, 0x89, 0xDF, 0x24, 0x31,
-        0xBF, 0xA7, 0xB6, 0x9E, 0xAB, 0x17, 0x27, 0x45,
-        0x1B, 0x29, 0xDA, 0x8B, 0x8B, 0xF8, 0x51, 0xE1,
-        0xBC, 0x2D, 0x3A, 0x63, 0x13, 0x4C, 0xA9, 0x66,
-        0x3C, 0x57, 0xAE, 0xC6, 0x98, 0x5C, 0xEB, 0xD5,
-        0x6D, 0xB0, 0x44, 0x7B, 0x13, 0x6B, 0x01, 0x7A,
-        0x97, 0x47, 0x61, 0xC3, 0xC6, 0x7D, 0x33, 0x77,
-        0x2F, 0x99, 0x64, 0xE5, 0x43, 0x4D, 0x64, 0x35,
-        0x04, 0x33, 0x2A, 0x30, 0x27, 0x29, 0x4A, 0x07,
-        0x8C, 0x59, 0x9C, 0xB2, 0x91, 0x63, 0x10, 0x9C,
-        0xE3, 0xB5, 0x6C, 0xE6, 0x98, 0xB4, 0xD3, 0xF5,
-        0x9E, 0x29, 0x56, 0xA1, 0xF0, 0x3A, 0x4B, 0x95,
-        0x55, 0x93, 0xF2, 0xD2, 0x45, 0x7F, 0xFA, 0xAE,
-        0x96, 0x24, 0xA0, 0x71, 0x10, 0x45, 0xB3, 0xF5,
-        0x52, 0x92, 0xF2, 0x0C, 0xC9, 0xD0, 0xCD, 0x79,
-        0x1A, 0x21, 0x59, 0x7B, 0x0F, 0x2C, 0xD9, 0x80,
-        0xF3, 0x51, 0x0F, 0x0B, 0x02, 0x39, 0x02, 0x20,
-        0x00, 0xD7, 0x35, 0x58, 0x6E, 0xE6, 0xA7, 0x3F,
-        0x3A, 0x3D, 0xCB, 0xD6, 0xBD, 0x1A, 0x85, 0xC8,
-        0x65, 0x12, 0xAB, 0xF3, 0xC5, 0x1C, 0xE0, 0x0A,
-        0x03, 0x31, 0xF6, 0x53, 0x60, 0x46, 0x2C, 0x02,
-        0x23, 0x29, 0x59, 0x7A, 0x81, 0xC3, 0xF9, 0x2F,
-        0xC1, 0x79, 0x38, 0xC9, 0x13, 0x8F, 0x41, 0x11,
-        0x38, 0x79, 0x79, 0xC2, 0x8F, 0x03, 0x34, 0xF9,
-        0x01, 0x19, 0x22, 0x13, 0x74, 0xDA, 0xB0, 0x45,
-        0x92, 0x9B, 0x49, 0xE4, 0x3A, 0x96, 0x46, 0xA2,
-        0x43, 0xF4, 0x46, 0x4D, 0xAF, 0x81, 0x1A, 0xB0,
-        0x06, 0x30, 0xC7, 0x59, 0x61, 0xBC, 0xD4, 0xAF,
-        0x5D, 0x99, 0x11, 0x5A, 0x37, 0x49, 0x19, 0x1B,
-        0xA8, 0xFD, 0x41, 0xCE, 0x0B, 0x3C, 0x89, 0xA6,
-        0x95, 0xB4, 0xBB, 0x85, 0x06, 0x4F, 0xD3, 0xAF,
-        0x95, 0xC9, 0xB4, 0xAE, 0xE0, 0x9A, 0xC7, 0xB0,
-        0xCC, 0x69, 0xEC, 0xA3, 0x6A, 0x00, 0x4B, 0x6C,
-        0xD6, 0x62, 0xA6, 0xD3, 0x27, 0x95, 0x05, 0x3E,
-        0xF0, 0xA0, 0x3A, 0xDA, 0x3B, 0x98, 0xBF, 0xE3,
-        0xB4, 0x6A, 0x79, 0x72, 0x3E, 0x3A, 0x45, 0xAB,
-        0x3C, 0x31, 0x95, 0x06, 0x69, 0xAD, 0x77, 0x07,
-        0x20, 0x62, 0xCC, 0x3B, 0x50, 0x4D, 0xF1, 0x33,
-        0x4F, 0xD6, 0x90, 0x9E, 0xAC, 0x79, 0x15, 0xF1,
-        0xD5, 0xAD, 0x16, 0x63, 0x9F, 0x5F, 0xB5, 0x64,
-        0x41, 0x64, 0x54, 0x25, 0x91, 0x34, 0xD5, 0x65,
-        0x88, 0x2C, 0xB3, 0x81, 0xCB, 0xA5, 0x8B, 0x76,
-        0x88, 0x07, 0x67, 0xB5, 0x0A, 0xC1, 0xB8, 0x57,
-        0x95, 0xD7, 0x26, 0x84, 0x33, 0xB3, 0x71, 0x23,
-        0x0E, 0xD4, 0xC7, 0x2F, 0x99, 0xAB, 0x1A, 0xD1,
-        0xE5, 0x95, 0xA4, 0x59, 0xCF, 0x0A, 0x23, 0x34,
-        0xAA, 0x14, 0x63, 0xAD, 0xE4, 0xBD, 0xC9, 0x24,
-        0x96, 0x05, 0x38, 0x18, 0x57, 0xBB, 0x98, 0x09,
-        0x5B, 0x41, 0x13, 0x29, 0x46, 0xCA, 0x24, 0x57,
-        0xDF, 0xAA, 0x91, 0x49, 0x58, 0x2A, 0xA1, 0x99,
-        0x27, 0xB6, 0x36, 0x89, 0xE2, 0x92, 0x9A, 0xA4,
-        0x10, 0x27, 0xBE, 0xF4, 0x92, 0x19, 0x70, 0xBA,
-        0xD4, 0xA5, 0x54, 0x90, 0xD9, 0x1A, 0xBE, 0x25,
-        0x1D, 0xEF, 0x45, 0x52, 0xCA, 0x88, 0x03, 0x41,
-        0x06, 0xA0, 0x2C, 0xE4, 0xB0, 0x58, 0xF8, 0xB5,
-        0x96, 0x24, 0xB6, 0x7E, 0x06, 0x3B, 0xF1, 0x78,
-        0xB0, 0x15, 0xE4, 0x28, 0x1E, 0xB1, 0x14, 0xA2,
-        0xBC, 0x24, 0x54, 0x94, 0x3A, 0x4B, 0x46, 0x47,
-        0x12, 0x2C, 0x42, 0xCB, 0xEA, 0x4E, 0x94, 0x15,
-        0x4F, 0xD3, 0xE4, 0xB7, 0x91, 0xF6, 0x29, 0x0B,
-        0x78, 0x29, 0x94, 0x20, 0x68, 0x53, 0xD6, 0x70,
-        0x00, 0xA6, 0x33, 0xF3, 0x20, 0xA8, 0xA3, 0x74,
-        0xCA, 0x5D, 0x40, 0x38, 0xF9, 0xCA, 0x42, 0x44,
-        0xDC, 0xB0, 0x2E, 0x9A, 0x84, 0xE1, 0xF7, 0xC8,
-        0xA8, 0x21, 0x13, 0x2B, 0x32, 0xB9, 0xA8, 0x40,
-        0x55, 0x7B, 0x34, 0x78, 0x06, 0x65, 0x30, 0x17,
-        0x24, 0xBA, 0x26, 0x06, 0x68, 0x1D, 0x94, 0x5E,
-        0x34, 0xD7, 0xCF, 0x94, 0x1B, 0x89, 0x63, 0xCA,
-        0xA1, 0x00, 0x1A, 0x49, 0x1B, 0x8B, 0x2E, 0x43,
-        0x57, 0x0E, 0x9A, 0xB9, 0x5C, 0x0A, 0x57, 0xC5,
-        0x03, 0xF0, 0xAB, 0x96, 0x0B, 0x48, 0x56, 0xD0,
-        0x25, 0x15, 0x74, 0x71, 0x0F, 0xE5, 0xCB, 0x47,
-        0x42, 0x84, 0xFC, 0x10, 0x49, 0xAA, 0x2A, 0x7B,
-        0x03, 0x69, 0x4A, 0x1C, 0x76, 0x3E, 0x99, 0xDA,
-        0xC6, 0xAD, 0x0B, 0xA8, 0x03, 0x8B, 0x13, 0x8A,
-        0x64, 0x43, 0x2E, 0x34, 0x91, 0x16, 0xA0, 0x31,
-        0xE8, 0xC7, 0x92, 0x78, 0x17, 0x51, 0xBA, 0x47,
-        0x3C, 0xBD, 0xF5, 0x57, 0x20, 0x00, 0x5A, 0xBD,
-        0xAA, 0x13, 0xD5, 0x01, 0x82, 0xF0, 0xE6, 0x33,
-        0x77, 0x6B, 0xB0, 0x67, 0x5C, 0x40, 0x47, 0x2B,
-        0xAD, 0x1F, 0x96, 0x72, 0x76, 0x91, 0x83, 0xD0,
-        0xCC, 0xC8, 0x10, 0xBC, 0x25, 0xA8, 0x57, 0x32,
-        0x20, 0x56, 0x9F, 0x6A, 0xC4, 0xBA, 0xC2, 0x2A,
-        0x13, 0x54, 0xD8, 0xB3, 0x6C, 0x05, 0x80, 0xD0,
-        0xE5, 0x29, 0x9E, 0x62, 0x9C, 0x50, 0x6C, 0xC7,
-        0x65, 0x55, 0x46, 0xFF, 0x27, 0x81, 0x0C, 0x97,
-        0xB5, 0x1B, 0xA0, 0x56, 0xBB, 0xF8, 0x6E, 0xD9,
-        0xCB, 0x7C, 0x0A, 0x53, 0x7F, 0x72, 0xD0, 0xCF,
-        0x9A, 0xD2, 0xC2, 0x31, 0xE2, 0x9E, 0xBF, 0x55,
-        0x3F, 0x61, 0x3C, 0xBB, 0x15, 0xB3, 0x72, 0x1A,
-        0x20, 0x07, 0x7E, 0x50, 0x5F, 0xD3, 0x90, 0xCB,
-        0x19, 0xF6, 0x48, 0x8A, 0x10, 0x7D, 0xEE, 0x1C,
-        0xAC, 0x58, 0xAB, 0x70, 0x34, 0xBA, 0x69, 0x03,
-        0x00, 0x21, 0x95, 0x95, 0xB3, 0x69, 0x5C, 0x12,
-        0x34, 0xE8, 0xB5, 0x7E, 0x33, 0xC8, 0xD3, 0xA0,
-        0x48, 0x45, 0x4A, 0x61, 0x6D, 0xF3, 0xC9, 0xB5,
-        0x6A, 0x6F, 0xF2, 0x02, 0x6A, 0xF9, 0x97, 0x72,
-        0x5F, 0xC9, 0x55, 0x79, 0x04, 0x3B, 0xAE, 0x93,
-        0x99, 0xB6, 0x79, 0x0D, 0x63, 0x7B, 0x4F, 0xA8,
-        0x20, 0xB0, 0xB2, 0xD2, 0xCA, 0xB6, 0x07, 0xBA,
-        0xF6, 0xA3, 0x72, 0x73, 0x4C, 0x31, 0xEE, 0x00,
-        0x26, 0xF3, 0xC0, 0x76, 0xD1, 0x4A, 0x8E, 0x3E,
-        0xE6, 0x6A, 0xAD, 0x8B, 0xBB, 0xCC, 0xEB, 0x9D,
-        0xC7, 0x0C, 0x7B, 0x6B, 0xB0, 0xBB, 0x76, 0xC2,
-        0x00, 0xC2, 0x31, 0x60, 0x1C, 0xA0, 0x87, 0x3E,
-        0xC8, 0x71, 0x0F, 0x4B, 0x18, 0xD5, 0x72, 0x90,
-        0xB0, 0x33, 0x72, 0x7C, 0x60, 0x1E, 0xDB, 0x71,
-        0xC2, 0xB0, 0xF0, 0xC2, 0x1D, 0x55, 0x3E, 0x0E,
-        0x7A, 0x4F, 0x77, 0x71, 0x68, 0x39, 0xC7, 0xC8,
-        0x44, 0x8A, 0xBB, 0x9F, 0x66, 0xA5, 0x4E, 0x8A,
-        0x4B, 0x08, 0xA7, 0x9D, 0x9A, 0x39, 0x2C, 0xA1,
-        0x27, 0x00, 0x31, 0x38, 0x8B, 0xAD, 0x56, 0x21,
-        0x7E, 0x32, 0xAE, 0xF5, 0x54, 0x11, 0x97, 0x49,
-        0x06, 0xA2, 0x45, 0xC0, 0x07, 0x12, 0xB3, 0xCB,
-        0xB1, 0x17, 0x06, 0x85, 0x19, 0x3F, 0xE2, 0x5A,
-        0xCD, 0x7A, 0xC1, 0x3D, 0x32, 0x07, 0x3F, 0x38,
-        0x79, 0xA5, 0xD7, 0x83, 0x75, 0xF0, 0x05, 0x2C,
-        0xF7, 0x91, 0x75, 0xBA, 0xB4, 0x6D, 0x22, 0x37,
-        0x05, 0x97, 0xBD, 0x06, 0x78, 0x9E, 0xDD, 0x07,
-        0x11, 0xCC, 0x42, 0x43, 0x50, 0x7A, 0x02, 0xB4,
-        0xFA, 0xAD, 0xBB, 0x62, 0x25, 0x0C, 0xC9, 0x97,
-        0xAE, 0x03, 0x27, 0xAE, 0xB0, 0x0D, 0xEB, 0x52,
-        0x91, 0x92, 0xA6, 0x4B, 0x10, 0x96, 0xA8, 0x6B,
-        0x19, 0x67, 0x4D, 0x0B, 0x0A, 0xF0, 0x5C, 0x4A,
-        0xAE, 0x17, 0x8C, 0x2C, 0x9A, 0x64, 0x42, 0xE9,
-        0x4E, 0xD0, 0xA5, 0x60, 0x33, 0xA1, 0x1E, 0xE4,
-        0x26, 0x32, 0xC0, 0xB4, 0xAA, 0x51, 0xD4, 0x21,
-        0x50, 0x79, 0x0F, 0x41, 0x06, 0x2B, 0x77, 0x25,
-        0x3C, 0x25, 0xBA, 0x4D, 0xE5, 0x59, 0x76, 0x1F,
-        0x0A, 0x90, 0x06, 0x83, 0x89, 0x72, 0x8B, 0xC9,
-        0x77, 0xF7, 0x0C, 0xF7, 0xBC, 0xCF, 0xBD, 0x88,
-        0x3D, 0xF1, 0x3C, 0x79, 0xF5, 0xF2, 0xC3, 0x43,
-        0x12, 0xCB, 0x1D, 0x5A, 0x55, 0xD7, 0x8C, 0x1B,
-        0x24, 0x20, 0x96, 0xA8, 0xC0, 0x59, 0x3C, 0xFB,
-        0x27, 0x53, 0x46, 0x0B, 0xD3, 0x0A, 0xBA, 0x30,
-        0x6C, 0x74, 0x17, 0x39, 0x95, 0x74, 0x83, 0x85,
-        0xD0, 0x0B, 0x36, 0x70, 0xE6, 0x13, 0x24, 0xD8,
-        0x7D, 0xE8, 0xA1, 0x44, 0x50, 0xDC, 0x49, 0x37,
-        0x68, 0x77, 0x7F, 0xF0, 0xCE, 0x68, 0x10, 0x93,
-        0x7A, 0x71, 0x12, 0x29, 0x56, 0x1A, 0x5E, 0xF2,
-        0xBB, 0x69, 0x86, 0x10, 0x74, 0xE0, 0x0B, 0xD9,
-        0x32, 0x66, 0xE4, 0xB8, 0x62, 0x69, 0xE1, 0x8E,
-        0xEA, 0x2C, 0xAA, 0xCB, 0x60, 0xA1, 0x35, 0x86,
-        0x36, 0xCD, 0x7A, 0x7C, 0xA6, 0xBB, 0x68, 0x21,
-        0x30, 0x24, 0x17, 0x84, 0xB1, 0x01, 0xEA, 0x5B,
-        0xFD, 0x6C, 0x3A, 0x07, 0x15, 0x86, 0x21, 0x61,
-        0x47, 0x36, 0xF6, 0x99, 0x6D, 0x5A, 0x4E, 0x14,
-        0x96, 0x3A, 0x12, 0xD8, 0x36, 0xE5, 0x33, 0xA0,
-        0xC8, 0x91, 0x2D, 0xB7, 0xE1, 0x16, 0x85, 0xA4,
-        0xA5, 0x3D, 0x82, 0x85, 0xF0, 0x87, 0x50, 0xDF,
-        0xF6, 0x6D, 0xA2, 0x7C, 0x23, 0xB9, 0x75, 0x42,
-        0xDE, 0xFB, 0x99, 0xE4, 0x70, 0xAC, 0xD5, 0xE6,
-        0x47, 0xC9, 0x40, 0xCB, 0x57, 0x30, 0x1B, 0x43,
-        0xCC, 0x3E, 0x68, 0xE6, 0x4E, 0x28, 0xB0, 0x67,
-        0x70, 0x69, 0x5E, 0xF6, 0x09, 0x26, 0x5E, 0x06,
-        0xC6, 0x0F, 0x22, 0xCB, 0x87, 0x58, 0x49, 0xE6,
-        0x2B, 0xAB, 0x88, 0xCC, 0x10, 0xEC, 0xF6, 0x22,
-        0xC3, 0x79, 0xCB, 0x54, 0xF1, 0x3D, 0x8B, 0x2B,
-        0xAC, 0x90, 0x2B, 0x9A, 0xB0, 0x2B, 0xB3, 0x30,
-        0xB4, 0x5A, 0xC8, 0xB7, 0x41, 0xC2, 0x64, 0x7A,
-        0xC4, 0x5B, 0x5B, 0xF4, 0x8A, 0x6D, 0x3F, 0xE0,
-        0x39, 0x98, 0x6C, 0xC9, 0x40, 0xC6, 0x0A, 0x94,
-        0xE6, 0x6C, 0xF6, 0x44, 0x53, 0x10, 0x16, 0xA5,
-        0x27, 0x24, 0x50, 0x82, 0x43, 0x14, 0xB5, 0x66,
-        0x2A, 0x0A, 0x90, 0x9A, 0xBF, 0xB4, 0x6F, 0xD2,
-        0x7B, 0xAE, 0xD3, 0xAB, 0xA8, 0x25, 0x93, 0x61,
-        0x59, 0x68, 0x82, 0xB0, 0x8B, 0x2A, 0xC7, 0x23,
-        0x39, 0x30, 0xFC, 0x37, 0x86, 0x73, 0x8E, 0xD2,
-        0xF8, 0x1E, 0xE6, 0x38, 0xC4, 0x5C, 0x3B, 0x9C,
-        0xFD, 0x19, 0x51, 0xDB, 0x5B, 0xCC, 0x14, 0x45,
-        0xC2, 0xC1, 0x62, 0x5D, 0x57, 0xD5, 0x7B, 0x53,
-        0x90, 0x4B, 0x6A, 0x1A, 0xB6, 0x81, 0x58, 0x07,
-        0x55, 0xE8, 0x9F, 0xA7, 0x97, 0x75, 0xA6, 0x57,
-        0xCD, 0x62, 0xB4, 0x42, 0x63, 0x04, 0xBC, 0x0C,
-        0x71, 0x1E, 0x28, 0x07, 0xA2, 0xC9, 0xE8, 0x52,
-        0xD4, 0xB4, 0x35, 0x9E, 0xE6, 0xB5, 0x3E, 0x46,
-        0x75, 0xF5, 0x23, 0xC9, 0x07, 0x82, 0x57, 0x2D,
-        0xC7, 0x36, 0x8F, 0xB4, 0x00, 0xC3, 0x28, 0xC7,
-        0x0F, 0xC8, 0x46, 0xB5, 0xE9, 0x8A, 0x43, 0x30,
-        0xBB, 0xB6, 0x27, 0xBD, 0xD7, 0x84, 0xB4, 0xDA,
-        0xF0, 0xB1, 0xF6, 0x45, 0x94, 0x49, 0x42, 0xB4,
-        0xC2, 0xB6, 0x22, 0x5C, 0x8B, 0x31, 0xE9, 0x89,
-        0x54, 0x55, 0x22, 0xBA, 0x6F, 0x10, 0x39, 0x60,
-        0x34, 0xCB, 0x1C, 0xA7, 0x45, 0x97, 0x78, 0x44,
-        0xD5, 0x70, 0x89, 0x4C, 0x61, 0x1A, 0x56, 0x08,
-        0xA7, 0x57, 0x41, 0x6D, 0x6D, 0xE5, 0x99, 0x63,
-        0xC3, 0x27, 0x98, 0xC4, 0x93, 0xEF, 0xD2, 0x26,
-        0x4C, 0x23, 0x19, 0x10, 0xE9, 0xA3, 0x00, 0x90,
-        0xCA, 0x7B, 0x53, 0x84, 0xF2, 0x31, 0xB8, 0x9B,
-        0xA6, 0x8A, 0x23, 0x81, 0x90, 0xEF, 0x1A, 0x2A,
-        0x43, 0xCB, 0x01, 0x70, 0x34, 0x70, 0xA0, 0xF0,
-        0x61, 0xA7, 0x07, 0x38, 0x94, 0x4B, 0xCD, 0x9B,
-        0x70, 0x04, 0xF2, 0x47, 0x97, 0xAE, 0xCB, 0x88,
-        0xB1, 0x09, 0x1C, 0xFE, 0xD0, 0x59, 0x0B, 0x04,
-        0x15, 0x45, 0x3C, 0x39, 0xB6, 0xEC, 0x45, 0xB6,
-        0x63, 0x05, 0xFA, 0xEA, 0x6B, 0x55, 0xA4, 0xB7,
-        0x96, 0x75, 0x05, 0xFE, 0x38, 0x62, 0xA2, 0x67,
-        0xAD, 0xBF, 0xE0, 0x5B, 0x91, 0x81, 0xA0, 0x65,
-        0x01, 0x89, 0x33, 0x91, 0x65, 0x0E, 0xAA, 0xA4,
-        0xA6, 0xD1, 0x68, 0x53, 0x34, 0x92, 0x76, 0xF9,
-        0x8E, 0x0F, 0x44, 0xCD, 0x72, 0x66, 0x15, 0xC6,
-        0x1C, 0x16, 0x71, 0x30, 0x94, 0xD8, 0xAB, 0x09,
-        0x3C, 0xAC, 0x71, 0xF2, 0x80, 0x3E, 0x7D, 0x39,
-        0x10, 0x9E, 0xF5, 0x00, 0x9C, 0x9C, 0x2C, 0xDA,
-        0xF7, 0xB7, 0xA6, 0xB3, 0x7A, 0x33, 0xA4, 0x98,
-        0x81, 0xF4, 0xBB, 0x5D, 0x72, 0x45, 0xA1, 0x4C,
-        0x50, 0x42, 0x28, 0x0C, 0x76, 0xA8, 0x4E, 0x63,
-        0xF4, 0x9D, 0x0D, 0x61, 0x9D, 0x46, 0xD7, 0x23,
-        0xBA, 0xA7, 0x47, 0xA3, 0xBA, 0x90, 0xA6, 0xFB,
-        0x63, 0x7A, 0x9A, 0x1D, 0xC0, 0x22, 0x68, 0xFD,
-        0x5C, 0x04, 0x3D, 0x18, 0xCB, 0xA1, 0x52, 0x8A,
-        0xC8, 0xE2, 0x25, 0xC1, 0xF9, 0x23, 0xD1, 0xCC,
-        0x84, 0xF2, 0xE7, 0x8E, 0x25, 0xDC, 0x3C, 0xCE,
-        0x93, 0x53, 0xC9, 0xDA, 0xC2, 0xAD, 0x72, 0x6A,
-        0x79, 0xF6, 0x49, 0x40, 0x80, 0x1D, 0xD5, 0x70,
-        0x1E, 0xFB, 0xDC, 0xB8, 0x0A, 0x98, 0xA2, 0x59,
-        0x93, 0xCD, 0x7F, 0x80, 0x59, 0x13, 0x20, 0xB6,
-        0x31, 0x72, 0x71, 0x86, 0x47, 0xB9, 0x76, 0xA9,
-        0x8A, 0x77, 0x16, 0x86, 0xF0, 0x12, 0x0A, 0x05,
-        0x3B, 0x0C, 0x44, 0x74, 0x60, 0x43, 0x05, 0x89,
-        0x0F, 0xEC, 0xAF, 0x23, 0x47, 0x5D, 0xDC, 0xC1,
-        0x1B, 0xC0, 0x8A, 0x9C, 0x5F, 0x59, 0x2A, 0xBB,
-        0x1A, 0x15, 0x3D, 0xB1, 0xB8, 0x83, 0xC0, 0x50,
-        0x7E, 0xB6, 0x8F, 0x78, 0xE0, 0xA1, 0x4D, 0xEB,
-        0xBF, 0xEE, 0xC6, 0x21, 0xE1, 0x0A, 0x69, 0xB6,
-        0xDA, 0xAF, 0xAA, 0x91, 0x6B, 0x53, 0x95, 0x33,
-        0xE5, 0x08, 0x00, 0x7C, 0x41, 0x88, 0xCE, 0x05,
-        0xC8, 0x62, 0xD1, 0x01, 0xD4, 0xDB, 0x1D, 0xF3,
-        0xC4, 0x50, 0x2B, 0x8C, 0x8A, 0xE1, 0x45, 0x74,
-        0x88, 0xA3, 0x6E, 0xAD, 0x26, 0x65, 0xBF, 0xAC,
-        0xB3, 0x21, 0x76, 0x02, 0x81, 0xDB, 0x9C, 0xA7,
-        0x2C, 0x76, 0x14, 0x36, 0x34, 0x04, 0xA0, 0xA8,
-        0xEA, 0xBC, 0x05, 0x8A, 0x23, 0xA3, 0x46, 0x87,
-        0x5F, 0xA9, 0x6B, 0xB1, 0x8A, 0xC2, 0xCC, 0xF0,
-        0x93, 0xB8, 0xA8, 0x55, 0x67, 0x38, 0x11, 0xCE,
-        0xD4, 0x7C, 0xBE, 0x1E, 0xE8, 0x1D, 0x2C, 0xF0,
-        0x7E, 0x43, 0xFC, 0x48, 0x72, 0x09, 0x08, 0x53,
-        0x74, 0x31, 0x08, 0x86, 0x5F, 0x02, 0xC5, 0x61,
-        0x2A, 0xA8, 0x71, 0x66, 0x70, 0x7E, 0xE9, 0x0F,
-        0xFD, 0x5B, 0x80, 0x21, 0xF0, 0xAA, 0x01, 0x6E,
-        0x5D, 0xBC, 0xD9, 0x1F, 0x57, 0xB3, 0x56, 0x2D,
-        0x3A, 0x2B, 0xCF, 0xA2, 0x0A, 0x4C, 0x03, 0x01,
-        0x0B, 0x8A, 0xA1, 0x44, 0xE6, 0x48, 0x28, 0x04,
-        0xB4, 0x74, 0xFE, 0xC1, 0xF5, 0xE1, 0x38, 0xBE,
-        0x63, 0x2A, 0x3B, 0x9C, 0x82, 0x48, 0x3D, 0xC6,
-        0x89, 0x0A, 0x13, 0xB1, 0xE8, 0xEE, 0x6A, 0xF7,
-        0x14, 0xEC, 0x5E, 0xFA, 0xC3, 0xB1, 0x97, 0x6B,
-        0x29, 0xDA, 0xDB, 0x60, 0x5B, 0x14, 0xD3, 0x73,
-        0x2B, 0x5D, 0xE1, 0x18, 0x59, 0x65, 0x16, 0x85,
-        0x81, 0x17, 0xE2, 0x63, 0x4C, 0x4E, 0xA0, 0xCC
-    };
-    static const byte c_768[KYBER768_CIPHER_TEXT_SIZE] = {
-        0xDF, 0xA6, 0xB9, 0xD7, 0x2A, 0x63, 0xB4, 0x20,
-        0xB8, 0x9D, 0xDE, 0x50, 0xF7, 0xE0, 0xD5, 0x6E,
-        0xCF, 0x87, 0x6B, 0xFE, 0xF9, 0x91, 0xFC, 0xE9,
-        0x1C, 0x8D, 0x28, 0x6F, 0xA6, 0xEA, 0xBA, 0xC1,
-        0x73, 0x0F, 0xD8, 0x77, 0x41, 0xFE, 0x4A, 0xD7,
-        0x17, 0xB2, 0x82, 0xA2, 0x1E, 0x23, 0x5A, 0x55,
-        0xC3, 0x75, 0x7D, 0x88, 0xD4, 0xCE, 0x62, 0xF4,
-        0x14, 0xEB, 0x77, 0xEB, 0x9D, 0x35, 0x7E, 0xE2,
-        0x9D, 0x00, 0x08, 0x7B, 0xF8, 0x11, 0x0E, 0x5B,
-        0xBB, 0xC7, 0xC9, 0x04, 0x19, 0x07, 0x2E, 0xAE,
-        0x04, 0x4B, 0xF7, 0xE1, 0x83, 0xD4, 0x3A, 0x94,
-        0xB2, 0x63, 0x2A, 0xA1, 0x46, 0x49, 0x61, 0x9B,
-        0x70, 0x64, 0x95, 0x21, 0xBC, 0x19, 0x37, 0x09,
-        0x42, 0xEF, 0x70, 0xF3, 0x6C, 0x34, 0xC8, 0xC2,
-        0x35, 0x91, 0xEE, 0x0C, 0xA7, 0x1A, 0x12, 0xD2,
-        0x79, 0xE0, 0xF5, 0x2D, 0x39, 0xED, 0x0F, 0x91,
-        0x3F, 0x8C, 0x26, 0x26, 0x21, 0xFB, 0x24, 0x2E,
-        0x68, 0x0D, 0xEB, 0x30, 0x7B, 0x07, 0x49, 0xC6,
-        0xB3, 0x93, 0xA8, 0xEF, 0x66, 0xF8, 0xB0, 0x4A,
-        0xAF, 0xA8, 0x77, 0xB9, 0x51, 0xAB, 0x93, 0xF5,
-        0x98, 0xB4, 0xB2, 0xFA, 0xB0, 0x4F, 0x88, 0xAC,
-        0x80, 0x39, 0x84, 0xFF, 0x37, 0xE3, 0xFE, 0x74,
-        0xF3, 0xA6, 0x16, 0xD5, 0x31, 0x4E, 0xB3, 0xA8,
-        0x26, 0xF8, 0x74, 0xF8, 0xEC, 0xD3, 0xA5, 0x64,
-        0x7D, 0x04, 0x94, 0x2A, 0x57, 0xEF, 0xC0, 0x96,
-        0x38, 0x47, 0x0D, 0xC0, 0xA9, 0xDF, 0x40, 0xB3,
-        0x17, 0x57, 0x1D, 0x39, 0x84, 0xA7, 0x8C, 0xF7,
-        0xD1, 0x17, 0x51, 0x09, 0x07, 0x22, 0xB3, 0x05,
-        0x9E, 0x07, 0x59, 0x1C, 0xC4, 0xA2, 0xED, 0x9B,
-        0xA0, 0xDC, 0xE9, 0x9B, 0xE9, 0xE5, 0xEE, 0x5D,
-        0xB8, 0xD6, 0x98, 0xCD, 0xEB, 0x58, 0x14, 0x75,
-        0x9B, 0xA9, 0x77, 0xC9, 0x00, 0x79, 0xCF, 0x2A,
-        0xFD, 0xE4, 0x78, 0x06, 0x9C, 0x51, 0x3A, 0x60,
-        0x09, 0x1A, 0x3A, 0x5D, 0x01, 0x11, 0xE2, 0x2D,
-        0xE0, 0x6C, 0xB1, 0x45, 0xC1, 0x4E, 0x22, 0xA2,
-        0x14, 0xCB, 0x27, 0x8C, 0x81, 0x52, 0xB0, 0x68,
-        0x1B, 0xCA, 0xFF, 0x54, 0xD5, 0x52, 0xB5, 0x4A,
-        0x67, 0x1C, 0x0D, 0xFE, 0xF7, 0x75, 0xE7, 0xC5,
-        0x4F, 0xEF, 0xC4, 0x85, 0x38, 0x68, 0xC9, 0x55,
-        0x97, 0x1A, 0xBD, 0xAC, 0x2A, 0x76, 0x29, 0x2C,
-        0xCC, 0xD4, 0xFD, 0x1C, 0x70, 0x6B, 0x7D, 0x36,
-        0x14, 0x15, 0x96, 0x73, 0xE9, 0xD7, 0xB2, 0x9A,
-        0x2D, 0x3F, 0x63, 0x36, 0x31, 0x29, 0xE7, 0xA2,
-        0x1E, 0x80, 0x3A, 0x46, 0x0F, 0x27, 0x14, 0xE3,
-        0xE2, 0x59, 0x22, 0x78, 0x0A, 0xF3, 0x82, 0x57,
-        0xCD, 0x14, 0x95, 0xAC, 0xD1, 0xE0, 0x19, 0x80,
-        0x63, 0x8D, 0xF5, 0x8A, 0x15, 0x3D, 0xAB, 0x07,
-        0xEF, 0xB5, 0xC7, 0xE7, 0x8A, 0xDA, 0xCF, 0x63,
-        0x19, 0x56, 0xD6, 0x9C, 0xCD, 0xA0, 0x70, 0x45,
-        0x95, 0x68, 0xBD, 0x9D, 0x11, 0xA2, 0x93, 0x4B,
-        0xCF, 0x16, 0x43, 0xBC, 0x99, 0x46, 0x82, 0x38,
-        0x91, 0x0B, 0x1F, 0x74, 0x2E, 0xBB, 0x3C, 0x03,
-        0xD3, 0x9F, 0xD4, 0x5C, 0xFB, 0x85, 0xBA, 0x30,
-        0x9E, 0x29, 0xDD, 0x9B, 0x5C, 0xD5, 0x60, 0x81,
-        0x9E, 0xC7, 0x29, 0xFC, 0xAC, 0x8B, 0x9D, 0x72,
-        0x5E, 0x3E, 0x8A, 0xBE, 0xDE, 0x4B, 0x52, 0x98,
-        0xA8, 0x65, 0x8E, 0xE3, 0xF7, 0x81, 0xB0, 0xCE,
-        0x68, 0x3C, 0xBB, 0x73, 0x35, 0xCD, 0x57, 0xEF,
-        0xE2, 0x20, 0x4A, 0x8F, 0x19, 0x74, 0x46, 0xD7,
-        0x31, 0x4C, 0xDB, 0xF4, 0xC5, 0xD0, 0x8C, 0xCC,
-        0x41, 0xF8, 0x08, 0x57, 0xCC, 0x95, 0x71, 0xFB,
-        0xFB, 0x90, 0x60, 0x60, 0xF7, 0xE1, 0x7C, 0x8C,
-        0xEF, 0x0F, 0x27, 0x4A, 0xFF, 0x83, 0xE3, 0x93,
-        0xB1, 0x5F, 0x2F, 0x95, 0x89, 0xA1, 0x3A, 0xF4,
-        0xBC, 0x78, 0xE1, 0x6C, 0xDD, 0xE6, 0x23, 0x61,
-        0xD6, 0x3B, 0x8D, 0xC9, 0x03, 0xB7, 0x0C, 0x01,
-        0xA4, 0x34, 0x19, 0xCD, 0x20, 0x52, 0x15, 0x0B,
-        0xD2, 0x87, 0x19, 0xF6, 0x1F, 0xF3, 0x1F, 0x4A,
-        0x9B, 0xEC, 0x4D, 0xDB, 0xCE, 0xC1, 0xF8, 0xFB,
-        0x2E, 0xFB, 0xF3, 0x7D, 0xFF, 0xFA, 0x4C, 0x7F,
-        0xEC, 0xA8, 0xCE, 0x6D, 0x62, 0x6B, 0xFD, 0xA1,
-        0x6E, 0xE7, 0x08, 0xD9, 0x20, 0x68, 0x14, 0xA2,
-        0xEF, 0x98, 0x85, 0x25, 0x61, 0x5D, 0x4A, 0xC9,
-        0xBE, 0x60, 0x8C, 0x4B, 0x03, 0xAB, 0xEE, 0x95,
-        0xB3, 0x2A, 0x5D, 0xB7, 0x4A, 0x96, 0x11, 0x9A,
-        0x7E, 0x15, 0x9A, 0xF9, 0x9C, 0xD9, 0x8E, 0x88,
-        0xEA, 0xF0, 0x9F, 0x0D, 0x78, 0x0E, 0x7C, 0x7E,
-        0x81, 0x4B, 0x8E, 0x88, 0xB4, 0xF4, 0xE1, 0x5F,
-        0xA5, 0x49, 0x95, 0xD0, 0xEC, 0xBA, 0xD3, 0xEF,
-        0x04, 0x6A, 0x49, 0x47, 0xF3, 0xE8, 0xB9, 0xE7,
-        0x44, 0x24, 0x14, 0x89, 0xB8, 0x06, 0xFE, 0x94,
-        0x01, 0xE7, 0x8B, 0xAF, 0xC8, 0xE8, 0x82, 0xE9,
-        0xD6, 0xD0, 0x70, 0x0F, 0x72, 0x0C, 0x00, 0x24,
-        0xE7, 0xDA, 0x49, 0x06, 0x1C, 0x5D, 0x18, 0xA6,
-        0x20, 0x74, 0x04, 0x0A, 0xBC, 0x00, 0x03, 0x20,
-        0x0E, 0xD4, 0x65, 0x23, 0x17, 0x97, 0x93, 0x0A,
-        0x2E, 0x2A, 0xA5, 0x01, 0xF6, 0x48, 0x62, 0xDD,
-        0xA1, 0x30, 0x14, 0xA9, 0x9F, 0x9D, 0x32, 0x70,
-        0xAA, 0x90, 0x7E, 0xEB, 0x3F, 0xDB, 0xFF, 0x29,
-        0x16, 0x00, 0xDF, 0x1F, 0x6B, 0x39, 0x68, 0x4B,
-        0x11, 0xE3, 0x96, 0xB7, 0x0D, 0x86, 0xF9, 0x04,
-        0x92, 0xE8, 0x2B, 0x09, 0xBA, 0x25, 0x60, 0x7B,
-        0x0C, 0x28, 0x6F, 0xBC, 0x07, 0x01, 0x82, 0xAC,
-        0x76, 0xFA, 0x7C, 0x85, 0x9A, 0xAF, 0xEA, 0x87,
-        0x01, 0x6A, 0xED, 0x22, 0xC3, 0x60, 0x5A, 0x27,
-        0x89, 0xA1, 0xD4, 0x39, 0xFD, 0x8D, 0x93, 0x33,
-        0x42, 0xDA, 0xB7, 0x45, 0xA3, 0xE5, 0x50, 0xE7,
-        0xD7, 0x7C, 0x01, 0xA6, 0x23, 0x4B, 0xDA, 0x7D,
-        0x6B, 0xB1, 0x9D, 0x49, 0x5E, 0x65, 0x60, 0xFC,
-        0xE8, 0x39, 0x6F, 0xC3, 0xC6, 0xE0, 0x88, 0xED,
-        0x60, 0xF5, 0xF2, 0x77, 0x14, 0x16, 0xEA, 0x3B,
-        0xE5, 0xBE, 0x47, 0x2B, 0x64, 0x04, 0x90, 0x6C,
-        0x91, 0xE7, 0x1D, 0x9A, 0x86, 0x72, 0xF3, 0x90,
-        0x08, 0x36, 0x55, 0xAB, 0x7D, 0x0E, 0xC6, 0xED,
-        0xFE, 0x86, 0x78, 0x9C, 0xE2, 0x0B, 0xE2, 0xEA,
-        0x90, 0xCA, 0x5C, 0xC3, 0x14, 0x16, 0xFB, 0x24,
-        0xCB, 0xAF, 0x94, 0xDA, 0x14, 0x68, 0xFE, 0x69,
-        0x6B, 0xCD, 0xF5, 0x24, 0x7C, 0xF1, 0x17, 0xCB,
-        0xE9, 0x33, 0x40, 0x76, 0xCA, 0x68, 0x96, 0xB2,
-        0xF6, 0xA0, 0x16, 0xB1, 0xF7, 0xC7, 0x37, 0x28,
-        0x80, 0x78, 0x98, 0xD8, 0xB1, 0x99, 0x75, 0x6C,
-        0x2B, 0x0A, 0xA2, 0x45, 0x7E, 0x1B, 0x4F, 0x77,
-        0x54, 0xC4, 0x57, 0x6C, 0xE5, 0x64, 0x56, 0x14,
-        0xEA, 0x15, 0xC1, 0xAE, 0x28, 0xB0, 0x94, 0xEB,
-        0x21, 0x7C, 0x7A, 0x7A, 0x41, 0x23, 0x95, 0x76,
-        0xCB, 0xDA, 0x38, 0x0E, 0xE6, 0x87, 0x83, 0x43,
-        0x27, 0x30, 0xAD, 0x5E, 0xBE, 0x7F, 0x51, 0xD6,
-        0xBE, 0x7F, 0xB0, 0x2A, 0xB3, 0x7B, 0xE0, 0xC9,
-        0x6A, 0xAC, 0x9F, 0x3C, 0x79, 0x0A, 0x18, 0xD1,
-        0x59, 0xE6, 0xBA, 0xBA, 0x71, 0xEC, 0x88, 0xC1,
-        0x10, 0xFD, 0x84, 0xC3, 0x36, 0xDF, 0x63, 0x0F,
-        0x27, 0x1C, 0xF7, 0x93, 0x28, 0xB6, 0xC8, 0x79,
-        0xDF, 0x7C, 0xDE, 0x0F, 0x70, 0x71, 0x22, 0x20,
-        0xB1, 0xFB, 0xB9, 0xAC, 0xB4, 0x82, 0x48, 0xD9,
-        0x1F, 0x0E, 0x2B, 0x6E, 0x3B, 0xE4, 0x0C, 0x2B,
-        0x22, 0x1E, 0x62, 0x6E, 0x7E, 0x33, 0x0D, 0x9D,
-        0x83, 0xCC, 0x06, 0x68, 0xF7, 0x30, 0x85, 0x91,
-        0xE1, 0x4C, 0x7D, 0x72, 0xB8, 0x41, 0xA6, 0xF0,
-        0x5F, 0x3F, 0xDC, 0x13, 0x9E, 0xEC, 0xC1, 0x53,
-        0x67, 0x65, 0x65, 0x0B, 0x55, 0xA9, 0xCE, 0xC6,
-        0xBB, 0xF5, 0x4C, 0xCE, 0xC5, 0xC3, 0xAC, 0x9A,
-        0x0E, 0x39, 0xF4, 0x8F, 0x23, 0x7B, 0xD4, 0xC6,
-        0x60, 0xCB, 0x1A, 0x8D, 0x25, 0x0B, 0xB6, 0xC8,
-        0xC0, 0x10, 0xFE, 0xC3, 0x4C, 0xC3, 0xD9, 0x15,
-        0x99, 0x27, 0x1C, 0x75, 0x31, 0x33, 0x0F, 0x12,
-        0xA3, 0xE4, 0x4F, 0xAF, 0xD9, 0x05, 0xD2, 0xC6
-    };
-    static const byte kprime_768[KYBER_SS_SZ] = {
-        0xBD, 0x72, 0x56, 0xB2, 0x42, 0xF4, 0x04, 0x86,
-        0x9D, 0x66, 0x2F, 0x80, 0xBF, 0x67, 0x7A, 0x16,
-        0xC0, 0xC6, 0xFC, 0x15, 0x68, 0xCC, 0xA5, 0xB6,
-        0x45, 0x82, 0xA0, 0x1A, 0x6A, 0x14, 0x2D, 0x71
-    };
-#endif
-#ifndef WOLFSSL_NO_KYBER1024
-    static const byte dk_1024[KYBER1024_PRIVATE_KEY_SIZE] = {
-        0x0F, 0xEA, 0x26, 0xC4, 0xA5, 0x44, 0xA5, 0x14,
-        0x44, 0x4A, 0x97, 0x1B, 0x5C, 0x5A, 0x82, 0x58,
-        0x27, 0xC0, 0x9D, 0x42, 0x46, 0x9E, 0x59, 0x34,
-        0x4C, 0xF2, 0xAC, 0x06, 0xA2, 0x8D, 0x33, 0xE9,
-        0xA0, 0x12, 0xCA, 0xA3, 0x71, 0x7B, 0x2C, 0x3B,
-        0x29, 0x0A, 0x07, 0x15, 0x82, 0x11, 0x09, 0xC4,
-        0xCC, 0xEA, 0xC4, 0x9F, 0x34, 0x1D, 0xAD, 0xD3,
-        0x77, 0xD4, 0x2A, 0x37, 0x26, 0x19, 0x16, 0xAC,
-        0x7B, 0xB9, 0xE4, 0x1C, 0x09, 0x6C, 0xA8, 0x18,
-        0x1C, 0xF5, 0x83, 0x50, 0x57, 0x3F, 0x60, 0x56,
-        0x84, 0xA1, 0xBC, 0xA5, 0x3D, 0x88, 0x25, 0x74,
-        0x53, 0xC5, 0x35, 0x16, 0x5C, 0x4E, 0xD7, 0x2A,
-        0x9F, 0xF0, 0x56, 0x45, 0x71, 0x29, 0x01, 0xF6,
-        0x6C, 0x10, 0xD0, 0x4F, 0x5E, 0xB4, 0xA2, 0xEC,
-        0x37, 0x72, 0xE9, 0x49, 0x8E, 0x9D, 0xC4, 0x4B,
-        0xBD, 0xAB, 0x71, 0xBB, 0xDB, 0xBC, 0xFC, 0x85,
-        0xB8, 0x01, 0x36, 0x30, 0x89, 0xEA, 0x60, 0xEF,
-        0xE5, 0x86, 0xE1, 0xE2, 0x18, 0x0C, 0x38, 0xB2,
-        0xE7, 0xB4, 0xA6, 0x3E, 0xD6, 0x07, 0x49, 0x0B,
-        0xC5, 0xBA, 0x7A, 0x58, 0xAC, 0x3B, 0x1C, 0x0E,
-        0x43, 0x96, 0x72, 0x00, 0xC7, 0x98, 0x02, 0x90,
-        0xEB, 0xF4, 0x11, 0x82, 0x84, 0x39, 0xEE, 0x8C,
-        0x8E, 0x61, 0x29, 0xB2, 0x58, 0xE1, 0x3D, 0x12,
-        0x7C, 0xB1, 0x5A, 0x00, 0xCB, 0x7B, 0x46, 0x8D,
-        0x40, 0x23, 0xB5, 0x09, 0x7B, 0x9B, 0x2E, 0x50,
-        0x9B, 0x50, 0xE8, 0x90, 0xB6, 0x3B, 0x47, 0x07,
-        0x48, 0x79, 0x61, 0xA2, 0x9E, 0x18, 0x65, 0x6D,
-        0xD2, 0xD0, 0x9E, 0x6A, 0x3B, 0x88, 0x43, 0xE2,
-        0x84, 0x3C, 0xB4, 0x85, 0x4F, 0x18, 0x11, 0x6E,
-        0x71, 0x7D, 0xDB, 0x03, 0x55, 0xA7, 0x51, 0x35,
-        0xB2, 0x02, 0x6A, 0x75, 0x2C, 0x8E, 0x7F, 0xF1,
-        0x8E, 0x0F, 0x4A, 0x39, 0x1C, 0xA3, 0x7F, 0x5B,
-        0x2B, 0xCC, 0x88, 0xC9, 0x99, 0xB4, 0xE4, 0x77,
-        0x50, 0xC4, 0x65, 0x47, 0xEC, 0x07, 0x6A, 0xC2,
-        0x15, 0x30, 0x72, 0x2C, 0xFA, 0xF9, 0x67, 0x99,
-        0x61, 0xC9, 0x86, 0x88, 0xC3, 0x56, 0x2B, 0x17,
-        0xCC, 0x80, 0x81, 0x46, 0xA1, 0x25, 0x72, 0xC9,
-        0xB5, 0xFF, 0x15, 0x1A, 0xAB, 0x54, 0x41, 0x09,
-        0x01, 0x84, 0x0E, 0x26, 0x42, 0x39, 0x87, 0xC5,
-        0xE0, 0xD2, 0x8E, 0xF2, 0xEA, 0x53, 0xEA, 0xE5,
-        0x95, 0x1E, 0x62, 0xAC, 0x7B, 0xD5, 0x18, 0xB9,
-        0x83, 0x0A, 0x4D, 0xBC, 0xCE, 0x6A, 0x93, 0x65,
-        0x91, 0xEA, 0x8E, 0xF2, 0x75, 0x07, 0x8A, 0x09,
-        0x73, 0x85, 0x2A, 0x4D, 0x13, 0x04, 0x95, 0xD0,
-        0x0B, 0x3F, 0x21, 0x85, 0x15, 0x99, 0x90, 0x1C,
-        0xFD, 0xF9, 0x36, 0x83, 0x44, 0xC8, 0x10, 0x42,
-        0x2F, 0xFE, 0xA0, 0x8A, 0xED, 0xCB, 0x1A, 0x7F,
-        0xD3, 0x62, 0x5F, 0x26, 0xB0, 0x34, 0x81, 0x2F,
-        0xA3, 0x07, 0xAB, 0x2C, 0x20, 0x94, 0x54, 0x65,
-        0x54, 0x6D, 0x31, 0xA3, 0x41, 0xA4, 0x01, 0x3D,
-        0x81, 0x89, 0xB4, 0xF5, 0x0F, 0xE8, 0x60, 0xA6,
-        0x68, 0xDA, 0xC7, 0xB1, 0x03, 0x44, 0x1E, 0x96,
-        0x1F, 0xCE, 0xB0, 0xC5, 0xB1, 0xF3, 0x4D, 0xF2,
-        0xE5, 0x98, 0xC6, 0xD8, 0xCF, 0x60, 0xB8, 0x64,
-        0x15, 0x0C, 0x70, 0x3D, 0x2B, 0xBE, 0xAC, 0x9B,
-        0x00, 0x1A, 0xA2, 0x10, 0x81, 0x47, 0xAE, 0x6B,
-        0x8A, 0xAE, 0x2C, 0x77, 0x91, 0xDB, 0xE9, 0x56,
-        0xC1, 0xF9, 0xB2, 0x04, 0x7A, 0x15, 0x76, 0x09,
-        0x43, 0x87, 0x06, 0x4C, 0x3A, 0x80, 0x1B, 0x0D,
-        0x89, 0xC9, 0x96, 0xA5, 0xCF, 0xA3, 0xB0, 0x12,
-        0xC1, 0x44, 0x38, 0xB9, 0xF3, 0x53, 0x0C, 0x0C,
-        0x5F, 0xA9, 0x38, 0x9F, 0x10, 0xFB, 0x3E, 0xF1,
-        0xE2, 0x01, 0x33, 0x38, 0x41, 0x5F, 0x7B, 0x1D,
-        0xB4, 0x11, 0xAD, 0xF9, 0x1C, 0x73, 0xB6, 0x45,
-        0x6B, 0x68, 0xAB, 0x7C, 0xFC, 0x7B, 0xC9, 0x29,
-        0xE4, 0x4E, 0x58, 0xEB, 0x34, 0xCA, 0x10, 0xAE,
-        0x31, 0xF0, 0x3B, 0x2C, 0x3B, 0xA6, 0xCC, 0xA2,
-        0x7E, 0xB3, 0x5C, 0xB1, 0x37, 0x9A, 0x13, 0x0A,
-        0xAC, 0x87, 0xE3, 0xB8, 0x75, 0xCF, 0xE2, 0x53,
-        0xAF, 0x03, 0xC4, 0xBD, 0x78, 0x3F, 0x18, 0xC5,
-        0xA2, 0xF8, 0x49, 0x2B, 0xBF, 0x7C, 0x56, 0x87,
-        0x55, 0x98, 0xB1, 0xB6, 0x3F, 0xE6, 0xCB, 0x06,
-        0x94, 0xD0, 0x48, 0x0C, 0xA1, 0xC8, 0xF8, 0x86,
-        0x7C, 0x11, 0xB8, 0xBF, 0x33, 0xA3, 0x2C, 0x20,
-        0xB7, 0x9F, 0x9C, 0xA4, 0x86, 0x85, 0x86, 0x10,
-        0xB1, 0x97, 0x83, 0xBE, 0xF7, 0x84, 0xBF, 0x6B,
-        0x0F, 0x85, 0x8C, 0x1A, 0x79, 0x11, 0x30, 0xDA,
-        0x69, 0x57, 0xF2, 0x12, 0x23, 0x4E, 0xC9, 0x86,
-        0x79, 0x81, 0x4B, 0xE8, 0x39, 0xBF, 0x11, 0x0B,
-        0x45, 0xC1, 0xC8, 0x83, 0xEC, 0xDC, 0x3D, 0xB3,
-        0xF8, 0x22, 0xA4, 0xF7, 0xC1, 0x25, 0x56, 0x6E,
-        0xD1, 0x66, 0x35, 0x68, 0xC8, 0x41, 0x3C, 0xD0,
-        0x1C, 0x22, 0x46, 0x7A, 0xD5, 0x20, 0x1A, 0x0A,
-        0xDC, 0x76, 0x34, 0x35, 0xA2, 0xCB, 0x05, 0xCD,
-        0xC4, 0x70, 0x72, 0xA9, 0x43, 0x70, 0xF5, 0xB4,
-        0x34, 0xF7, 0x5C, 0x07, 0x8B, 0x41, 0x59, 0x93,
-        0xE8, 0x54, 0xDD, 0xE1, 0x7B, 0xBF, 0x86, 0xC0,
-        0xC6, 0xC9, 0xA3, 0x24, 0x85, 0x32, 0xD9, 0xC2,
-        0x13, 0x9E, 0xF3, 0xC7, 0x5A, 0x9B, 0xC6, 0x93,
-        0x78, 0x10, 0x60, 0xDC, 0xAE, 0x2F, 0xFA, 0x58,
-        0xD9, 0xCC, 0x54, 0x8F, 0x19, 0xC1, 0xCE, 0x53,
-        0x64, 0x88, 0x0C, 0x7F, 0xB5, 0x0C, 0xC7, 0xBE,
-        0x40, 0x53, 0x12, 0xD6, 0xCC, 0x94, 0x03, 0x76,
-        0x18, 0xF3, 0x88, 0xC4, 0x90, 0xAF, 0x8F, 0x61,
-        0xB9, 0xB4, 0x04, 0x4C, 0xF7, 0x5A, 0x5C, 0xD7,
-        0x1A, 0x15, 0x85, 0x3B, 0x5F, 0xD6, 0x22, 0x4C,
-        0x6B, 0x95, 0x90, 0xE5, 0x85, 0x01, 0xD2, 0x81,
-        0x42, 0x00, 0xC9, 0x19, 0xF2, 0x83, 0xCC, 0x2B,
-        0x49, 0xAD, 0x8B, 0xFA, 0x5B, 0xAA, 0xA2, 0x97,
-        0x7F, 0x03, 0x82, 0x3F, 0x60, 0x9E, 0xFB, 0x24,
-        0x26, 0xF9, 0x36, 0xC3, 0x02, 0x87, 0x09, 0x7B,
-        0xD6, 0xB7, 0xBD, 0xC6, 0x78, 0x62, 0x85, 0x88,
-        0x83, 0xDB, 0x59, 0x54, 0x08, 0x04, 0x29, 0xB9,
-        0xCD, 0x02, 0xCA, 0x96, 0xBC, 0x1C, 0xCB, 0xDB,
-        0x51, 0x21, 0xDF, 0xF8, 0x05, 0xB0, 0x82, 0x4A,
-        0xEE, 0x99, 0x9E, 0x2B, 0xBB, 0x2D, 0x82, 0x35,
-        0x3E, 0x6D, 0x3A, 0x30, 0x07, 0x92, 0x78, 0x10,
-        0x58, 0xC5, 0x6E, 0xF7, 0x09, 0x8A, 0xB3, 0x58,
-        0x4E, 0xA0, 0x62, 0x1E, 0x20, 0x33, 0x7D, 0x3A,
-        0x97, 0x5D, 0x93, 0xCF, 0x32, 0x58, 0x6D, 0x6A,
-        0x71, 0xA2, 0xC4, 0xBB, 0xB2, 0x02, 0xB8, 0x53,
-        0xFF, 0x09, 0xC4, 0x07, 0xB4, 0x3B, 0x1C, 0x19,
-        0xB1, 0xC4, 0xCC, 0xB8, 0x21, 0x48, 0x2D, 0xDD,
-        0x27, 0x37, 0x81, 0x77, 0xAA, 0x7F, 0x61, 0x78,
-        0x49, 0x7C, 0x3F, 0xBA, 0x79, 0x71, 0x53, 0x84,
-        0x8C, 0x5D, 0x0B, 0x1F, 0x40, 0xB5, 0x4E, 0x9D,
-        0x51, 0x93, 0x90, 0x4A, 0x30, 0x3F, 0x72, 0x5F,
-        0x0C, 0xCC, 0x66, 0xC6, 0xCC, 0xB1, 0x58, 0x85,
-        0x06, 0x05, 0x34, 0x6D, 0xB4, 0x2B, 0x87, 0x7D,
-        0xD9, 0xCE, 0xA5, 0xF6, 0x9C, 0x12, 0xB2, 0x21,
-        0xC7, 0xEC, 0x51, 0x00, 0xF7, 0x65, 0x87, 0xB9,
-        0x83, 0x4B, 0xC0, 0xC6, 0x41, 0x53, 0x8F, 0x83,
-        0xE8, 0x5B, 0xB3, 0x09, 0x0D, 0xBA, 0xFB, 0xCB,
-        0x0B, 0x71, 0x18, 0xFF, 0x7C, 0x97, 0xE9, 0x52,
-        0x63, 0x15, 0x70, 0x41, 0xF8, 0xAC, 0x40, 0x52,
-        0xD0, 0x40, 0x35, 0x00, 0xCC, 0x4F, 0x68, 0x94,
-        0x55, 0x97, 0x4C, 0xEB, 0x5B, 0x07, 0x67, 0x90,
-        0xA0, 0x50, 0xE0, 0xB3, 0xF6, 0x77, 0x2A, 0x77,
-        0x67, 0x54, 0x1F, 0xF6, 0xB6, 0x7B, 0x2A, 0x1D,
-        0x54, 0x07, 0x82, 0x06, 0x47, 0x68, 0x8F, 0x36,
-        0x0A, 0x2B, 0x01, 0x47, 0x37, 0x67, 0x71, 0x29,
-        0x09, 0xB2, 0x27, 0x65, 0x8B, 0xE6, 0x45, 0x78,
-        0x48, 0xC4, 0x40, 0x75, 0x71, 0x68, 0x06, 0x18,
-        0x88, 0x58, 0x9C, 0xB0, 0x5A, 0x99, 0x9E, 0x55,
-        0x49, 0x67, 0x91, 0xB1, 0x1A, 0xF2, 0x06, 0x6B,
-        0xB8, 0xCA, 0x74, 0x60, 0x51, 0xC4, 0x68, 0x0A,
-        0x0B, 0xC0, 0x73, 0x82, 0x41, 0x2A, 0xB8, 0xB8,
-        0xA3, 0x19, 0xDB, 0xC7, 0x94, 0xDD, 0xC6, 0x94,
-        0xBF, 0xDB, 0x81, 0x3F, 0x80, 0xB5, 0x8B, 0x72,
-        0x21, 0x8D, 0xD6, 0x4D, 0xFC, 0xDB, 0xA1, 0xAB,
-        0x48, 0xA9, 0x4F, 0x7A, 0x8D, 0xCA, 0x92, 0x66,
-        0xCD, 0x15, 0xA4, 0x2D, 0x9B, 0xA5, 0xFB, 0x67,
-        0x67, 0xA9, 0x55, 0x52, 0x6C, 0x05, 0x0D, 0xE2,
-        0x59, 0x8B, 0x11, 0x2A, 0x2B, 0x10, 0x3A, 0xA2,
-        0xD1, 0xF0, 0x60, 0x6F, 0xE6, 0x8A, 0x55, 0x19,
-        0x1E, 0xF5, 0x3B, 0x30, 0x2F, 0x7C, 0x19, 0x22,
-        0xC3, 0x01, 0xCE, 0xEA, 0x98, 0x9A, 0x62, 0x13,
-        0x40, 0x90, 0xA8, 0x60, 0x76, 0x77, 0x6F, 0xA4,
-        0x46, 0x27, 0xB7, 0x31, 0x63, 0x86, 0x57, 0x6A,
-        0x67, 0x81, 0x75, 0xB2, 0x18, 0xE6, 0xF4, 0x82,
-        0xB5, 0x2B, 0xC6, 0x02, 0x7B, 0xBE, 0xB3, 0x46,
-        0x98, 0xB9, 0x80, 0x2F, 0xD6, 0x76, 0x34, 0xC1,
-        0xA9, 0x4D, 0xD4, 0xC5, 0xCD, 0x49, 0xEC, 0x6E,
-        0x2D, 0x66, 0x5F, 0x72, 0x77, 0x81, 0xD1, 0xEC,
-        0x10, 0xAA, 0xF6, 0x6A, 0xD8, 0x27, 0x9B, 0x9B,
-        0xF2, 0x4C, 0x99, 0xE8, 0x75, 0xEC, 0x94, 0x35,
-        0x2D, 0x96, 0x05, 0xFA, 0x30, 0xCB, 0x3D, 0x8B,
-        0x26, 0x86, 0xB0, 0x39, 0x71, 0xA7, 0x60, 0xB3,
-        0x05, 0x3B, 0x34, 0x34, 0x6D, 0x0D, 0x71, 0xB4,
-        0x4D, 0x8B, 0x7D, 0x2E, 0xA6, 0x1A, 0x5C, 0x10,
-        0xA9, 0x33, 0xD3, 0x8B, 0xA4, 0x83, 0x36, 0x71,
-        0x11, 0x74, 0x54, 0x61, 0x47, 0xD4, 0x4B, 0x29,
-        0x14, 0xF8, 0x56, 0x89, 0xD9, 0xC1, 0xBF, 0x00,
-        0x37, 0xC7, 0xF7, 0x37, 0x7C, 0xD9, 0x30, 0xCF,
-        0xF6, 0x0F, 0x84, 0xB0, 0xA2, 0x00, 0x5D, 0x3E,
-        0xFE, 0x55, 0xC7, 0x31, 0x1B, 0x1B, 0x61, 0x32,
-        0x76, 0x8B, 0x52, 0x90, 0xD8, 0x36, 0xB8, 0x2B,
-        0xC4, 0x43, 0xC3, 0x2B, 0x4F, 0xEC, 0x96, 0x02,
-        0x19, 0xDB, 0x21, 0x32, 0xF7, 0x99, 0x0A, 0xD6,
-        0x84, 0xA3, 0x72, 0x9F, 0x3D, 0x1A, 0x2C, 0xEA,
-        0x3A, 0x1F, 0xE4, 0xB1, 0x26, 0x75, 0xC4, 0x89,
-        0xEF, 0x33, 0x19, 0x8F, 0x01, 0xA1, 0x06, 0x80,
-        0x6E, 0xFC, 0xE8, 0x92, 0x1D, 0xC4, 0x6E, 0x97,
-        0x1C, 0x0A, 0x0A, 0x56, 0x4A, 0xF9, 0xE5, 0x6C,
-        0xA7, 0x27, 0xA7, 0x64, 0x1C, 0x56, 0x8C, 0x95,
-        0xAA, 0x59, 0x56, 0x91, 0x0B, 0x28, 0x84, 0x29,
-        0xF8, 0x0E, 0xE7, 0x22, 0x6E, 0x9D, 0xC4, 0x06,
-        0x7E, 0x34, 0x94, 0x4F, 0x06, 0x92, 0x6D, 0x44,
-        0xB2, 0xCF, 0x87, 0x64, 0xF7, 0x13, 0x59, 0x3B,
-        0x44, 0x29, 0xF8, 0x2B, 0x8F, 0xCC, 0x60, 0x77,
-        0x98, 0x91, 0x6B, 0x81, 0x5B, 0x90, 0x98, 0x33,
-        0x0E, 0xC3, 0x34, 0x29, 0x0D, 0xB8, 0xC0, 0x4B,
-        0x08, 0x3D, 0xF3, 0xCA, 0x10, 0xCE, 0x35, 0x75,
-        0x07, 0x30, 0x28, 0xE9, 0x94, 0xA2, 0x5B, 0xE7,
-        0x28, 0x78, 0x49, 0x2F, 0xE1, 0xB6, 0x96, 0xBA,
-        0x5C, 0xB1, 0xA7, 0x73, 0x19, 0x3A, 0x3B, 0x28,
-        0xA4, 0xF4, 0x40, 0xAE, 0x58, 0x2D, 0xC7, 0xC2,
-        0x4F, 0xE7, 0x45, 0x1D, 0x66, 0x76, 0x23, 0x2B,
-        0xB9, 0x61, 0xC5, 0x04, 0x0C, 0x9E, 0x52, 0x01,
-        0xAA, 0xF3, 0xCD, 0x4D, 0xE4, 0x0A, 0xD5, 0xA9,
-        0x57, 0x8A, 0xF5, 0x28, 0x10, 0xB5, 0x93, 0xE9,
-        0x81, 0x5E, 0x23, 0xF6, 0x3F, 0x56, 0x40, 0x61,
-        0xA4, 0x84, 0x07, 0x21, 0x3A, 0xA1, 0xB0, 0x90,
-        0x8F, 0x4B, 0x17, 0x4F, 0x86, 0xD5, 0x73, 0xFA,
-        0x04, 0x38, 0x64, 0x98, 0xBE, 0x68, 0x39, 0x8E,
-        0x8D, 0x72, 0x0D, 0x27, 0x81, 0x11, 0xD8, 0xB1,
-        0x73, 0x03, 0x60, 0x2A, 0x96, 0xE3, 0x5F, 0x56,
-        0xFB, 0x25, 0x17, 0x3C, 0x4F, 0x4A, 0x03, 0xCA,
-        0x2A, 0xC9, 0xBF, 0x79, 0xDC, 0xAB, 0x76, 0x4B,
-        0xCE, 0x44, 0x10, 0x40, 0x1E, 0x10, 0x13, 0xE6,
-        0x52, 0x8C, 0xCC, 0x51, 0x13, 0x35, 0x85, 0x77,
-        0xDA, 0x83, 0x75, 0xE0, 0x23, 0x43, 0x10, 0x8C,
-        0x29, 0x24, 0xD2, 0x55, 0x1E, 0x5C, 0xC5, 0xA1,
-        0xB0, 0x4D, 0xEF, 0x88, 0x32, 0x4D, 0x85, 0x4F,
-        0xC9, 0x2C, 0x4A, 0xDF, 0x7C, 0x23, 0x01, 0x33,
-        0x7E, 0x45, 0x20, 0xBF, 0xC3, 0x65, 0x56, 0x6F,
-        0x66, 0x09, 0x2E, 0x36, 0x7A, 0xE6, 0x06, 0x12,
-        0x74, 0x46, 0x53, 0xC1, 0xEB, 0x47, 0xF0, 0x82,
-        0x09, 0x51, 0xA2, 0xA1, 0x4C, 0x42, 0x59, 0x09,
-        0x34, 0x0D, 0x87, 0x27, 0x18, 0x8E, 0xAA, 0x08,
-        0xE4, 0x86, 0x78, 0x98, 0x48, 0x76, 0xD0, 0x00,
-        0x8D, 0xAE, 0x99, 0x01, 0x5B, 0x36, 0x63, 0xFD,
-        0xCB, 0x72, 0x57, 0x41, 0x53, 0x0B, 0xC3, 0x89,
-        0x5B, 0x11, 0x62, 0x0C, 0xE3, 0xB4, 0x17, 0xA3,
-        0x20, 0xE1, 0x88, 0x13, 0xB9, 0x9C, 0x23, 0x5A,
-        0xC0, 0x6F, 0x55, 0x60, 0x0F, 0x98, 0x38, 0x82,
-        0xBF, 0xF0, 0x02, 0x36, 0x10, 0x7B, 0x50, 0x42,
-        0x54, 0x5B, 0x6B, 0x77, 0x58, 0x68, 0xAE, 0xFB,
-        0x79, 0xB5, 0x95, 0x59, 0x69, 0x02, 0xC6, 0x9B,
-        0x9E, 0xCA, 0x3D, 0x35, 0x8C, 0x61, 0xFE, 0xE0,
-        0x36, 0xD2, 0x18, 0xAC, 0x43, 0xBA, 0x3F, 0x52,
-        0xC0, 0x6A, 0x8F, 0x88, 0x1A, 0x7E, 0xD7, 0x03,
-        0x86, 0x14, 0x2C, 0xBA, 0xC5, 0xCC, 0x04, 0xFC,
-        0xC3, 0x1E, 0x16, 0x27, 0x76, 0x51, 0xCE, 0x2D,
-        0xCC, 0x50, 0x14, 0xF6, 0xBA, 0x5A, 0x91, 0x5C,
-        0x13, 0x38, 0x83, 0x4E, 0xF4, 0x74, 0xB6, 0x71,
-        0x59, 0x13, 0xBC, 0x7A, 0x4E, 0x59, 0x3C, 0x68,
-        0x87, 0x66, 0xAD, 0xD7, 0x06, 0x98, 0xB3, 0x7E,
-        0x06, 0xE5, 0x39, 0x15, 0xF3, 0x85, 0x38, 0x8C,
-        0x25, 0xC4, 0x26, 0x5E, 0x1C, 0xB4, 0x4F, 0xE3,
-        0xD0, 0x19, 0xD1, 0x21, 0xAE, 0x4C, 0x32, 0x43,
-        0x4F, 0x37, 0xB0, 0xA4, 0xCB, 0x69, 0xC7, 0xCC,
-        0x95, 0x70, 0x73, 0x50, 0xC3, 0x49, 0x3D, 0x0F,
-        0xB1, 0x1C, 0xD4, 0xD0, 0x9F, 0x29, 0xDC, 0x56,
-        0xC0, 0x7B, 0xC8, 0xEB, 0x0B, 0xD0, 0x08, 0x2B,
-        0x41, 0x44, 0x21, 0x45, 0x66, 0x3C, 0x21, 0xAB,
-        0x43, 0x34, 0x67, 0xB9, 0x5E, 0xC2, 0x47, 0x84,
-        0x23, 0xC1, 0x8B, 0xF2, 0xEC, 0x70, 0x3E, 0xFB,
-        0xA2, 0x8C, 0xDA, 0xBD, 0x42, 0xB7, 0xB8, 0x33,
-        0x15, 0x0D, 0x6D, 0xA2, 0x5E, 0xB0, 0x0A, 0x83,
-        0x28, 0x90, 0x2E, 0x2D, 0x08, 0x9B, 0x55, 0xD6,
-        0x9A, 0xAD, 0x9A, 0x94, 0xD8, 0x18, 0x26, 0x4C,
-        0x54, 0xB0, 0x4D, 0x61, 0x4D, 0x14, 0x7A, 0x30,
-        0xAB, 0xFC, 0x03, 0xD9, 0x92, 0x9D, 0x96, 0xBA,
-        0x7F, 0x81, 0x86, 0x5D, 0xA3, 0x53, 0xC4, 0x54,
-        0xBA, 0x7A, 0xA7, 0x88, 0x1A, 0xB9, 0x74, 0xC1,
-        0xB8, 0xF0, 0x83, 0x1E, 0x79, 0xC4, 0x41, 0x86,
-        0x64, 0xE9, 0x53, 0xA5, 0x4D, 0xE9, 0x32, 0x13,
-        0x69, 0x72, 0x81, 0x34, 0x1D, 0x37, 0xF5, 0x08,
-        0xE8, 0xCB, 0xAE, 0x3D, 0x81, 0x85, 0x05, 0x45,
-        0x67, 0xDE, 0xFC, 0x8E, 0x3B, 0xBC, 0xAA, 0x42,
-        0x47, 0x90, 0x7C, 0x48, 0x3B, 0x8F, 0x1B, 0x84,
-        0xB3, 0x24, 0xC1, 0xA7, 0xCA, 0x84, 0x42, 0xDB,
-        0x6B, 0x7B, 0x12, 0x8C, 0x83, 0x13, 0xBE, 0x1F,
-        0xE2, 0x57, 0x91, 0x20, 0x9B, 0x86, 0x4A, 0x3E,
-        0x1A, 0x61, 0x8D, 0x56, 0xD7, 0x10, 0xD6, 0xF3,
-        0xBF, 0x55, 0x95, 0x10, 0x16, 0x7C, 0x46, 0x4C,
-        0x6B, 0x9B, 0x8B, 0xC4, 0x90, 0xB8, 0xE0, 0x39,
-        0x25, 0xD0, 0x3D, 0x0E, 0xEB, 0x5D, 0x78, 0x17,
-        0x94, 0x28, 0xBB, 0x80, 0xD3, 0xFB, 0x14, 0x88,
-        0x40, 0x70, 0x9C, 0x41, 0x14, 0x7A, 0x68, 0x6F,
-        0xC9, 0xBC, 0xBD, 0xCD, 0xF7, 0xC7, 0xEA, 0x7C,
-        0x30, 0xFB, 0x64, 0x0F, 0xF0, 0x5B, 0x75, 0x39,
-        0xAB, 0xAB, 0x70, 0x89, 0x29, 0x08, 0xE9, 0x3C,
-        0xC9, 0xC3, 0x47, 0xF8, 0xAC, 0x88, 0x9E, 0x56,
-        0x46, 0x8A, 0x13, 0x5B, 0x99, 0x75, 0x47, 0x38,
-        0xE1, 0x5F, 0x4E, 0x67, 0x7D, 0xF3, 0x75, 0xBF,
-        0x1B, 0x43, 0x60, 0x6A, 0x2C, 0x47, 0x38, 0x0B,
-        0x10, 0xA0, 0xC1, 0x4C, 0x28, 0x58, 0x3C, 0x83,
-        0x31, 0x1A, 0x28, 0x54, 0xB2, 0xA9, 0x93, 0x1F,
-        0xD6, 0x60, 0x86, 0xC1, 0x07, 0x49, 0xF3, 0x34,
-        0x57, 0x7F, 0xD7, 0x0B, 0x51, 0xB9, 0x50, 0x60,
-        0x07, 0x51, 0x99, 0x31, 0x9B, 0x3F, 0x7C, 0xB5,
-        0xB2, 0x37, 0x30, 0x2C, 0x37, 0x0A, 0x23, 0x17,
-        0x5E, 0x4E, 0x01, 0x3C, 0x56, 0x28, 0x1B, 0xAF,
-        0xE2, 0xBE, 0x9F, 0x82, 0x5A, 0x30, 0x66, 0xAB,
-        0x8B, 0xBA, 0x57, 0x93, 0xE2, 0x1E, 0x7A, 0x48,
-        0x97, 0x8C, 0xF6, 0x0C, 0x09, 0x1B, 0x1F, 0x80,
-        0xC0, 0xC2, 0x38, 0x14, 0xA3, 0x0F, 0x77, 0x60,
-        0x60, 0x1A, 0xCE, 0xAB, 0xB1, 0x21, 0x52, 0x00,
-        0x94, 0x0F, 0xFA, 0x15, 0x22, 0x72, 0x09, 0x6D,
-        0x45, 0x8D, 0x00, 0xDD, 0x03, 0x9F, 0x23, 0x6B,
-        0x27, 0x27, 0xB5, 0x88, 0xC6, 0x22, 0x04, 0xE7,
-        0x9C, 0x45, 0x16, 0x81, 0xDF, 0xE4, 0x10, 0xEE,
-        0xC4, 0x2B, 0x74, 0x94, 0x5A, 0xEC, 0x03, 0x13,
-        0xA3, 0x91, 0x94, 0x2A, 0xE1, 0xB1, 0x22, 0x17,
-        0x4D, 0xBE, 0x59, 0xAB, 0x1E, 0x39, 0x0C, 0xD6,
-        0x49, 0x41, 0x43, 0x6C, 0x75, 0xA9, 0x32, 0x3C,
-        0x69, 0xA6, 0x41, 0x88, 0x08, 0x70, 0xFB, 0xB2,
-        0x80, 0xB3, 0xB3, 0x7B, 0x3B, 0xD9, 0x82, 0xB8,
-        0x29, 0x55, 0x62, 0x0B, 0x07, 0x83, 0xB8, 0x2E,
-        0x89, 0x61, 0xA4, 0x04, 0x3B, 0xC7, 0xF6, 0x6C,
-        0x0E, 0xF2, 0x5A, 0x5E, 0xD1, 0x53, 0x26, 0xF8,
-        0x81, 0x6E, 0x5E, 0xA4, 0x16, 0x7E, 0xE8, 0xBF,
-        0x66, 0x66, 0x45, 0x1D, 0x31, 0x5B, 0x2C, 0x75,
-        0x14, 0x41, 0x17, 0x2C, 0x27, 0x83, 0x00, 0x26,
-        0x82, 0x61, 0xC7, 0x8C, 0x6F, 0x0C, 0x46, 0x56,
-        0x27, 0x79, 0xB3, 0xA1, 0x19, 0x6F, 0x87, 0x83,
-        0x5F, 0x79, 0xFC, 0xB7, 0xE0, 0xCB, 0xA1, 0x53,
-        0x36, 0xCC, 0x83, 0xE1, 0x56, 0xC5, 0x02, 0x28,
-        0x87, 0xA8, 0x09, 0x86, 0xB4, 0x9C, 0x1B, 0x57,
-        0x65, 0x94, 0xA2, 0x31, 0x42, 0x62, 0x4A, 0xBF,
-        0x52, 0x48, 0x22, 0x41, 0x8C, 0x61, 0x01, 0x90,
-        0x52, 0x62, 0x80, 0x65, 0x72, 0x49, 0x4D, 0x37,
-        0x53, 0xC0, 0x62, 0x81, 0xE7, 0xF1, 0x7E, 0x0D,
-        0x79, 0x6C, 0xD7, 0x76, 0x7F, 0xDC, 0xE9, 0x01,
-        0xFE, 0x17, 0x12, 0xA0, 0x0A, 0x3D, 0x36, 0xEB,
-        0x42, 0x3E, 0x29, 0x86, 0x88, 0x46, 0x93, 0x2A,
-        0x94, 0x31, 0xB8, 0xCA, 0x66, 0x0F, 0xC1, 0x97,
-        0x5E, 0x23, 0xA7, 0x5B, 0x4A, 0x51, 0xDE, 0x10,
-        0x69, 0xD3, 0xA5, 0x9F, 0x6E, 0xEB, 0x2A, 0x5C,
-        0xE7, 0x2A, 0x89, 0x16, 0xB5, 0xE8, 0x63, 0x47,
-        0x6E, 0x6A, 0xC5, 0x72, 0x92, 0x9F, 0x2C, 0x29,
-        0xBC, 0x56, 0x27, 0xBA, 0x99, 0x41, 0x63, 0xCE,
-        0xD3, 0x5A, 0xB7, 0x03, 0x1C, 0x00, 0x49, 0x07,
-        0x24, 0x55, 0x5A, 0xCD, 0xE6, 0x13, 0xAE, 0xB4,
-        0xC3, 0xE9, 0x99, 0x81, 0xC6, 0x2B, 0x5D, 0xC6,
-        0xA9, 0xB3, 0x5B, 0xA7, 0x92, 0x20, 0x24, 0x36,
-        0x89, 0xE0, 0x59, 0x49, 0x96, 0x85, 0x7C, 0x04,
-        0x5D, 0x67, 0x19, 0x3D, 0x9E, 0x41, 0x1B, 0x4F,
-        0xF3, 0x9D, 0x0F, 0x8C, 0x3C, 0x0A, 0x70, 0xAD,
-        0xB7, 0x2A, 0x70, 0x21, 0xE3, 0x6D, 0x64, 0xFB,
-        0x29, 0x4D, 0x93, 0x2B, 0x24, 0xE1, 0xA2, 0xBC,
-        0x0B, 0xC4, 0x1C, 0x4A, 0xA3, 0xB5, 0xEC, 0x3C,
-        0xF0, 0xE6, 0x72, 0xDE, 0x14, 0x0F, 0x48, 0x47,
-        0x33, 0xFD, 0x82, 0xBF, 0x08, 0x29, 0x34, 0xB5,
-        0x40, 0xA6, 0x35, 0xC4, 0x48, 0x98, 0xE8, 0xAB,
-        0x8E, 0x06, 0x45, 0x70, 0x5A, 0xA5, 0x81, 0x71,
-        0x8B, 0x41, 0x32, 0xC4, 0x27, 0x92, 0x7F, 0xAE,
-        0x75, 0xBF, 0x96, 0x16, 0xA5, 0x42, 0x4C, 0x20,
-        0x20, 0xEB, 0xC5, 0xCF, 0xC1, 0xBC, 0x0E, 0xD1,
-        0x65, 0x3A, 0xE5, 0x00, 0x5A, 0x17, 0x54, 0x18,
-        0x16, 0x20, 0xB7, 0xF0, 0x6D, 0x71, 0x63, 0x13,
-        0x03, 0x3B, 0xB7, 0x2A, 0x40, 0x64, 0x7A, 0xDB,
-        0x2E, 0x66, 0x73, 0x70, 0xF2, 0xC7, 0x4F, 0xDB,
-        0x94, 0x42, 0x0D, 0xA4, 0x8D, 0xD1, 0x37, 0x9D,
-        0xBA, 0x59, 0xAA, 0x22, 0xF8, 0x57, 0xE2, 0x31,
-        0xC5, 0xC0, 0x83, 0x29, 0x00, 0x66, 0xC5, 0x48,
-        0x76, 0x1B, 0xDF, 0x38, 0x5F, 0x2F, 0x85, 0x81,
-        0x7B, 0x21, 0x20, 0x66, 0xD3, 0x9F, 0x03, 0xB7,
-        0x7F, 0x8E, 0xF4, 0x12, 0x19, 0xE4, 0xBF, 0xB9,
-        0xC1, 0x2E, 0x4F, 0xC9, 0x88, 0x00, 0x57, 0x1D,
-        0x22, 0x3A, 0xA9, 0x2A, 0x32, 0xC7, 0xA3, 0xC2,
-        0xA7, 0xCF, 0x9C, 0x99, 0x5A, 0xE0, 0xA7, 0xB5,
-        0x93, 0x91, 0xFE, 0x9A, 0x4F, 0x0D, 0x63, 0x3B,
-        0xFB, 0x79, 0x8C, 0x34, 0xB7, 0x2B, 0xBA, 0x6A,
-        0x9F, 0x16, 0xC4, 0x13, 0x2E, 0x88, 0xB5, 0x70,
-        0x75, 0x8B, 0xD5, 0x51, 0xC9, 0x1B, 0xD2, 0xAD,
-        0xEB, 0x53, 0xA7, 0x2A, 0xC6, 0xAA, 0x03, 0x68,
-        0x9D, 0xD6, 0x4B, 0x03, 0x57, 0x09, 0xA8, 0xAF,
-        0x46, 0x85, 0x43, 0xCB, 0x17, 0x36, 0xDB, 0xC9,
-        0xC7, 0x2B, 0x52, 0x9E, 0x70, 0x59, 0x6D, 0x18,
-        0xB1, 0x9C, 0xA6, 0x8E, 0x61, 0x7A, 0x14, 0x7C,
-        0x18, 0x9D, 0x28, 0x3A, 0x77, 0x68, 0x8C, 0xAF,
-        0x94, 0xDA, 0x5A, 0x0E, 0x9B, 0x63, 0x18, 0x1A,
-        0x40, 0xBB, 0xE7, 0xBD, 0x41, 0x68, 0xA2, 0x4D,
-        0x27, 0x43, 0x19, 0xA9, 0x93, 0xBC, 0xEA, 0x8A,
-        0xBF, 0x50, 0x5F, 0xE8, 0x62, 0x12, 0x96, 0x92,
-        0xB5, 0xBD, 0xE8, 0x49, 0xF3, 0x6A, 0xC9, 0x2F,
-        0x71, 0x71, 0xE5, 0x38, 0x59, 0x31, 0x36, 0x04,
-        0xEA, 0xC1, 0x0B, 0xE2, 0x78, 0x6F, 0xF3, 0x85,
-        0xB9, 0xC7, 0x18, 0x15, 0x48, 0x18, 0x77, 0x2F,
-        0xA7, 0xB8, 0x99, 0xC0, 0x4E, 0xFD, 0x18, 0xA8,
-        0x01, 0x9A, 0x79, 0xB6, 0xF6, 0x4D, 0x5B, 0x9A,
-        0x2C, 0x55, 0xE7, 0x84, 0xCB, 0x47, 0xCA, 0x29,
-        0x48, 0x56, 0x68, 0x9A, 0xA6, 0xA7, 0x0C, 0xC2,
-        0x7B, 0x6C, 0x20, 0xD4, 0xD1, 0xC7, 0x29, 0xC4,
-        0x09, 0xD0, 0xB9, 0x25, 0xC4, 0x0C, 0x30, 0xC0,
-        0x77, 0x78, 0x15, 0x07, 0x77, 0x49, 0x48, 0x8B,
-        0x8D, 0xF0, 0x39, 0x06, 0x95, 0xAB, 0xDB, 0x04,
-        0x8C, 0x7C, 0xE1, 0x85, 0x36, 0x02, 0xA5, 0x4D,
-        0x15, 0x3C, 0xF2, 0xA5, 0x16, 0x17, 0x84, 0x7B,
-        0x11, 0xE6, 0x3C, 0x4C, 0x76, 0x19, 0x66, 0xD5,
-        0xAD, 0x93, 0x35, 0x0D, 0xBA, 0xDA, 0x4A, 0x15,
-        0xC1, 0x24, 0xBD, 0x80, 0x88, 0x71, 0x99, 0x3F,
-        0xC7, 0x75, 0xB6, 0xE4, 0x10, 0xC3, 0x86, 0x59,
-        0x0F, 0x73, 0x0A, 0x8E, 0xC9, 0x47, 0x5E, 0xEE,
-        0x91, 0x50, 0x39, 0xE9, 0x1B, 0x6F, 0xE4, 0x25,
-        0xB9, 0x06, 0x68, 0xC6, 0xAC, 0x52, 0x58, 0xB7,
-        0xAF, 0x10, 0x3B, 0x9F, 0x5E, 0x23, 0x0B, 0x71,
-        0x9B, 0xBB, 0x09, 0x87, 0x1D, 0xC1, 0x62, 0x15,
-        0x17, 0xBA, 0x2A, 0x83, 0x9C, 0x96, 0xAA, 0xA6,
-        0x44, 0x0A, 0x87, 0x5E, 0xAC, 0x90, 0xB2, 0x98,
-        0xD6, 0x1B, 0xD3, 0xF3, 0xAC, 0x89, 0xB4, 0x05,
-        0xDB, 0x39, 0x42, 0x32, 0x68, 0x6A, 0x2B, 0xE0,
-        0xF3, 0xC7, 0x5F, 0x15, 0xE6, 0x4E, 0x61, 0xF0,
-        0x70, 0x79, 0x1E, 0xB4, 0xBB, 0x97, 0xB7, 0x01,
-        0x98, 0x25, 0xF1, 0x17, 0xC7, 0xD7, 0x3A, 0x12,
-        0xFD, 0x3D, 0xCC, 0x22, 0xD5, 0x81, 0xB0, 0xE4,
-        0x1B, 0x78, 0x63, 0x74, 0xA4, 0x61, 0xEA, 0x0D,
-        0x88, 0xDA, 0xA8, 0x9B, 0x65, 0x9F, 0x0D, 0xC8,
-        0x24, 0x43, 0x42, 0x35, 0x15, 0xB6, 0x33, 0xB0,
-        0x05, 0xC9, 0x58, 0xEC, 0x26, 0x56, 0x1B, 0x6D,
-        0xB8, 0x18, 0xF4, 0xB8, 0xCB, 0x2E, 0x28, 0x99,
-        0x0E, 0x74, 0x84, 0x17, 0x58, 0x7F, 0xEC, 0x38,
-        0xA1, 0x28, 0x4B, 0xBB, 0x4F, 0xF9, 0xE4, 0x78
-    };
-    static const byte c_1024[KYBER1024_CIPHER_TEXT_SIZE] = {
-        0x61, 0xFF, 0x1A, 0x8B, 0x61, 0x17, 0xEF, 0x11,
-        0x83, 0x28, 0xE8, 0x8B, 0x32, 0x27, 0x99, 0x30,
-        0x14, 0xDC, 0xD0, 0x75, 0xB8, 0xA1, 0xA7, 0xF9,
-        0x80, 0x18, 0x93, 0xEE, 0xE6, 0x40, 0x5B, 0xB9,
-        0x60, 0xB6, 0xB7, 0xF6, 0xA1, 0xA2, 0x75, 0x18,
-        0xA3, 0x40, 0x91, 0x39, 0xA4, 0x8B, 0x85, 0x96,
-        0x81, 0xCC, 0x75, 0x8F, 0x2B, 0xCC, 0x3E, 0xEF,
-        0xB0, 0x43, 0x94, 0xA3, 0x75, 0xA5, 0xCD, 0x71,
-        0x31, 0x64, 0x90, 0x93, 0x8A, 0xBF, 0xD1, 0x94,
-        0xB2, 0x0B, 0xCD, 0x31, 0xB3, 0x98, 0x02, 0x61,
-        0xC9, 0xED, 0x69, 0xBF, 0x9B, 0x1D, 0x7D, 0x76,
-        0x59, 0xA8, 0x04, 0x0D, 0xB1, 0xE2, 0x5D, 0x2B,
-        0xA6, 0xF7, 0x03, 0x48, 0x66, 0x24, 0xB7, 0x3C,
-        0xAC, 0xDC, 0xA2, 0x7D, 0xB0, 0xF7, 0xE2, 0x40,
-        0x8C, 0x94, 0x48, 0xE3, 0x88, 0x73, 0x28, 0x0F,
-        0x5E, 0x99, 0x50, 0xD7, 0xCC, 0xE2, 0x52, 0xA6,
-        0x47, 0x58, 0x0C, 0x19, 0x90, 0x4F, 0xAD, 0x62,
-        0xAE, 0xC3, 0x00, 0xBC, 0x8E, 0x38, 0xF0, 0x59,
-        0x48, 0xB6, 0x3B, 0xAD, 0x5C, 0xE7, 0xC9, 0x0E,
-        0x40, 0xC4, 0xBC, 0x65, 0x11, 0x77, 0x61, 0xF5,
-        0xF8, 0x86, 0x8F, 0x80, 0x25, 0xD6, 0xCE, 0xB2,
-        0xC5, 0xDF, 0x60, 0xDE, 0x38, 0xC3, 0x23, 0x29,
-        0x22, 0x08, 0x7E, 0xFC, 0xF2, 0xCD, 0x95, 0xDE,
-        0x5E, 0x87, 0xB6, 0x88, 0x8B, 0x88, 0xC8, 0x6C,
-        0xC7, 0x83, 0x15, 0x58, 0x5B, 0x2C, 0xC6, 0x88,
-        0xA7, 0x1B, 0x47, 0x7B, 0xFA, 0x38, 0x8D, 0xC2,
-        0x33, 0x4D, 0xFA, 0x8A, 0xA9, 0x55, 0x03, 0xD5,
-        0x39, 0x7E, 0x2A, 0xE0, 0x35, 0x29, 0x03, 0xEA,
-        0x6A, 0x0A, 0xE8, 0xB6, 0x49, 0xA9, 0x14, 0xB3,
-        0x52, 0x5F, 0xE5, 0x8F, 0x56, 0x4B, 0xF1, 0x9C,
-        0xC0, 0x9F, 0x54, 0xE1, 0x05, 0xD1, 0x9B, 0xD8,
-        0x10, 0x54, 0xE5, 0x70, 0x01, 0xF7, 0x0B, 0xBD,
-        0xD7, 0x71, 0x94, 0x49, 0x68, 0x7E, 0x9A, 0x53,
-        0xB1, 0x6C, 0xA5, 0x36, 0x6A, 0x19, 0x10, 0x5A,
-        0x8B, 0xA0, 0x85, 0x89, 0xAD, 0x08, 0xDF, 0x13,
-        0x00, 0xEF, 0x4F, 0x92, 0x3B, 0xA9, 0xE7, 0x62,
-        0xA8, 0x2F, 0xB0, 0x9B, 0x76, 0xE1, 0x25, 0xF2,
-        0xF2, 0x74, 0xD6, 0x17, 0xBF, 0x30, 0xEA, 0xB4,
-        0x65, 0xEC, 0xF2, 0x4D, 0x37, 0x07, 0xAD, 0x30,
-        0x0D, 0x9A, 0xFC, 0x1C, 0xF1, 0xDC, 0x40, 0xEE,
-        0x7D, 0x4E, 0xEA, 0x6D, 0x15, 0x0E, 0x6F, 0x0A,
-        0x31, 0xDB, 0x9F, 0x8F, 0x92, 0xBA, 0x8E, 0xEE,
-        0xB3, 0x5D, 0x74, 0x45, 0x58, 0x9B, 0x04, 0x6B,
-        0xA7, 0x9E, 0xFE, 0x23, 0x11, 0x06, 0xCF, 0x0A,
-        0x75, 0x71, 0x2A, 0xB3, 0x92, 0x72, 0x4C, 0x53,
-        0xEF, 0xF9, 0xF5, 0x73, 0x3B, 0xEE, 0x0D, 0x6A,
-        0x44, 0xD0, 0xB6, 0xF5, 0x15, 0xD0, 0xF5, 0xE4,
-        0x0B, 0x1B, 0x1E, 0x17, 0xE6, 0x7A, 0xED, 0x3C,
-        0x81, 0xD0, 0x0A, 0xC4, 0x68, 0xA2, 0x8F, 0x84,
-        0x53, 0xD4, 0xB0, 0xDA, 0x80, 0x9E, 0x57, 0xD8,
-        0x23, 0xF2, 0x8D, 0x61, 0xED, 0x0B, 0x59, 0xA0,
-        0x8C, 0x62, 0x29, 0x72, 0xD9, 0x91, 0x79, 0xDA,
-        0x86, 0x36, 0xC4, 0x5F, 0x1C, 0xE8, 0xF6, 0x25,
-        0x2A, 0xC8, 0x6D, 0x91, 0xB5, 0xE9, 0x29, 0x97,
-        0x01, 0x4E, 0x3F, 0x50, 0x89, 0xE6, 0x8B, 0xC5,
-        0x2C, 0xED, 0x5D, 0xAE, 0x6D, 0x5B, 0x17, 0x5F,
-        0xE2, 0xD6, 0x19, 0x28, 0x46, 0x50, 0x59, 0x72,
-        0x4C, 0x83, 0x59, 0x02, 0xD7, 0x61, 0x2C, 0xDB,
-        0x69, 0xCD, 0xAC, 0x66, 0x4F, 0xC1, 0xC9, 0xCB,
-        0x11, 0x20, 0x3A, 0x8C, 0x7B, 0x71, 0x48, 0x6E,
-        0x97, 0xB7, 0xD1, 0xBC, 0x6A, 0x98, 0xF4, 0x93,
-        0xDC, 0xBE, 0xC8, 0xE6, 0x29, 0x55, 0x8E, 0xD3,
-        0x61, 0x09, 0x12, 0x93, 0xD1, 0xB5, 0xD2, 0x09,
-        0x6C, 0xEB, 0x9F, 0xC7, 0xAF, 0xEE, 0x71, 0xDB,
-        0x7C, 0xCF, 0xE4, 0x82, 0xB6, 0x8A, 0x19, 0x64,
-        0x29, 0xFF, 0x04, 0xD1, 0x59, 0x03, 0xE7, 0xA7,
-        0x5C, 0x7B, 0xB5, 0xF6, 0x22, 0xC3, 0x69, 0x71,
-        0x69, 0x45, 0x59, 0xFF, 0x07, 0xDF, 0xAA, 0x79,
-        0xE4, 0x1C, 0x36, 0x2B, 0x22, 0x64, 0x3C, 0xD3,
-        0x9B, 0xD9, 0xE1, 0xD3, 0xD6, 0xC2, 0xA3, 0x06,
-        0xB5, 0xF1, 0x10, 0x2C, 0x26, 0x6E, 0xEE, 0x67,
-        0xDC, 0xDA, 0xCF, 0x36, 0x69, 0x7A, 0x83, 0x6F,
-        0x20, 0x38, 0x38, 0xEC, 0x11, 0x03, 0x08, 0xC9,
-        0x0A, 0x3D, 0x01, 0x57, 0x0C, 0xB3, 0x66, 0x8A,
-        0xBA, 0x50, 0x34, 0x0E, 0x40, 0xF5, 0x4C, 0xFA,
-        0x6A, 0x9E, 0x88, 0x62, 0x53, 0x2F, 0x5F, 0x19,
-        0x84, 0x8A, 0xA1, 0x1F, 0xD3, 0x4F, 0xC8, 0x6B,
-        0x7F, 0xCB, 0x16, 0x37, 0xF4, 0xE5, 0xA1, 0xD0,
-        0x3A, 0xFC, 0xE4, 0x41, 0x24, 0xE4, 0xE4, 0x60,
-        0xB8, 0x4C, 0x63, 0x49, 0x6A, 0xDE, 0xD5, 0x58,
-        0x01, 0xDF, 0x25, 0x17, 0xA9, 0x0A, 0xB0, 0x61,
-        0xC8, 0xE6, 0x3A, 0xB6, 0xB1, 0x4B, 0xE1, 0x69,
-        0x4D, 0x6F, 0x38, 0x9D, 0xD8, 0x5F, 0x56, 0x39,
-        0xC5, 0x78, 0x3A, 0xFC, 0xA0, 0x14, 0x6E, 0x6A,
-        0x1E, 0xB0, 0xC4, 0x05, 0x63, 0xC1, 0x37, 0x01,
-        0x0D, 0xB6, 0x0B, 0xBC, 0x3D, 0x63, 0x74, 0xD6,
-        0xF3, 0xA8, 0x92, 0xDE, 0xBC, 0x06, 0x47, 0x01,
-        0xC6, 0x4B, 0xEC, 0xCB, 0x8E, 0x2C, 0x33, 0xB7,
-        0x40, 0xCC, 0x7E, 0xD4, 0x9D, 0x10, 0x8A, 0x8C,
-        0x46, 0x56, 0x81, 0x8D, 0xF5, 0xF7, 0xD9, 0x1E,
-        0xAA, 0xA4, 0x46, 0xAC, 0x6C, 0xCD, 0xE3, 0x0C,
-        0x6D, 0x3D, 0x1B, 0xF6, 0x6E, 0x4E, 0x3B, 0x7B,
-        0x6B, 0x81, 0xE3, 0xCB, 0x17, 0x22, 0x7F, 0x80,
-        0xDB, 0x00, 0x96, 0xE6, 0xBE, 0x7D, 0x85, 0x9C,
-        0x09, 0x71, 0x37, 0x49, 0xFC, 0xA2, 0x15, 0x30,
-        0xFE, 0x1A, 0x71, 0x6E, 0xBE, 0x32, 0x55, 0x04,
-        0x31, 0x9B, 0xD0, 0xEA, 0x2A, 0x7D, 0x77, 0x13,
-        0x60, 0x7C, 0xB6, 0x79, 0xB0, 0xA0, 0xB2, 0x26,
-        0x8D, 0x49, 0x3B, 0x67, 0xC0, 0x48, 0x18, 0x72,
-        0x17, 0x7F, 0xFD, 0x25, 0x93, 0xF3, 0xAC, 0xF6,
-        0x91, 0xCE, 0xE9, 0x9A, 0x36, 0xEC, 0xA7, 0x22,
-        0x57, 0x9E, 0xFA, 0xA5, 0x9A, 0xCC, 0x59, 0xEF,
-        0x8C, 0xEA, 0x91, 0x08, 0xE6, 0x20, 0xB0, 0x60,
-        0x56, 0xC1, 0x9D, 0x3C, 0x1E, 0xB9, 0x1E, 0x86,
-        0x34, 0xDE, 0x49, 0x57, 0x70, 0x6D, 0xFA, 0x8F,
-        0x9D, 0x0A, 0x9E, 0x0C, 0xD4, 0x09, 0x4F, 0x6B,
-        0x95, 0xA8, 0x3F, 0x11, 0x8A, 0x51, 0x3E, 0xBF,
-        0xE5, 0xE9, 0x9A, 0xEB, 0x88, 0xA2, 0x68, 0xE0,
-        0x09, 0x7F, 0xCC, 0x3C, 0x7A, 0xE2, 0x50, 0xB6,
-        0x81, 0x93, 0x3B, 0xBC, 0x2A, 0x8F, 0x53, 0x81,
-        0xF9, 0x4D, 0x15, 0x64, 0x34, 0xA8, 0x7E, 0x9E,
-        0xE3, 0x7E, 0x78, 0xC2, 0x7A, 0x0C, 0xDA, 0xEE,
-        0xA9, 0x81, 0x4B, 0xCB, 0x43, 0xDF, 0x53, 0x8D,
-        0xBE, 0x62, 0x8C, 0x80, 0x2C, 0x1A, 0x94, 0xE0,
-        0xCD, 0xDC, 0xD0, 0xCD, 0x5A, 0x0F, 0x82, 0x20,
-        0xDA, 0x97, 0xC2, 0x38, 0x39, 0x36, 0xA3, 0x39,
-        0x19, 0xFC, 0xDC, 0x11, 0xD7, 0x0E, 0xD4, 0x43,
-        0x7D, 0xD2, 0xD7, 0xC7, 0x3C, 0xD0, 0xC3, 0xBB,
-        0x90, 0xCA, 0x70, 0x70, 0x22, 0x8F, 0xE8, 0xD6,
-        0x4A, 0x1C, 0x9D, 0x56, 0xE6, 0xB3, 0x48, 0x30,
-        0xEF, 0x30, 0x0B, 0x5A, 0xA6, 0xEC, 0x6C, 0x78,
-        0xA5, 0x42, 0x5A, 0xE6, 0xF7, 0xAD, 0x0E, 0xFD,
-        0xD5, 0x27, 0xCF, 0x0A, 0xF8, 0xE0, 0x9B, 0x56,
-        0xE4, 0x95, 0xBE, 0x66, 0xF6, 0x65, 0xC6, 0x4B,
-        0x0A, 0x42, 0xC5, 0xC4, 0xB2, 0x46, 0x80, 0x48,
-        0x0A, 0xD2, 0xE5, 0xC1, 0x1D, 0x99, 0x1F, 0x7E,
-        0x3D, 0xA7, 0x59, 0xAE, 0xC8, 0x02, 0xF1, 0x76,
-        0xDD, 0xF1, 0x1E, 0xF7, 0x14, 0x69, 0xDC, 0x13,
-        0xB3, 0xA3, 0xE0, 0x36, 0x99, 0x51, 0x98, 0x58,
-        0xAC, 0x6F, 0xC6, 0x5C, 0x27, 0xFA, 0x4C, 0xEF,
-        0xDA, 0x09, 0xC8, 0x2E, 0x8F, 0x95, 0x8E, 0x01,
-        0x8D, 0xD5, 0x25, 0x5C, 0xA2, 0xF6, 0x28, 0xE0,
-        0xDA, 0x73, 0x91, 0xAB, 0xED, 0x6D, 0x37, 0x70,
-        0x55, 0x28, 0xAB, 0x22, 0xEC, 0x71, 0xDC, 0x88,
-        0x36, 0xD7, 0xFD, 0x46, 0x45, 0x94, 0x47, 0x03,
-        0xA5, 0x1C, 0xC7, 0x4D, 0x29, 0x70, 0x92, 0xFC,
-        0xE1, 0x39, 0xE8, 0x97, 0x6F, 0x8B, 0xE9, 0xC5,
-        0xF8, 0x63, 0x90, 0xB7, 0x4D, 0x40, 0x1A, 0x8C,
-        0x81, 0x53, 0x11, 0x22, 0x01, 0x13, 0x3D, 0x0C,
-        0x51, 0x7C, 0x6C, 0xE7, 0xA3, 0x8C, 0x08, 0x60,
-        0x69, 0xCE, 0x39, 0x71, 0xF1, 0xAD, 0x28, 0xF3,
-        0xE5, 0xD0, 0x1B, 0x56, 0xA4, 0x80, 0xB4, 0x17,
-        0xA0, 0x16, 0xAE, 0xA4, 0x63, 0x94, 0xCD, 0xF7,
-        0x64, 0x81, 0x29, 0x18, 0xD8, 0xAB, 0x05, 0x01,
-        0xD5, 0xD1, 0x8C, 0xE1, 0x3F, 0xBD, 0x3D, 0xE9,
-        0x1F, 0x50, 0x42, 0x15, 0xCC, 0xD0, 0xE2, 0xD1,
-        0x7B, 0x7E, 0x96, 0x3C, 0x86, 0x7F, 0x6F, 0x13,
-        0x21, 0x14, 0xE3, 0x64, 0x59, 0xFC, 0x5A, 0xF7,
-        0xCE, 0xE9, 0x9B, 0x78, 0x96, 0x73, 0xE5, 0x24,
-        0x13, 0x1F, 0x7D, 0xC7, 0x13, 0x60, 0x95, 0x1A,
-        0x99, 0x7A, 0x9C, 0xE5, 0x0D, 0xD5, 0xFA, 0xFC,
-        0x45, 0x21, 0x14, 0x44, 0x41, 0xC0, 0x6B, 0xB4,
-        0x1C, 0x79, 0xE8, 0xED, 0x53, 0x28, 0x5D, 0x13,
-        0x7D, 0x54, 0xF3, 0x25, 0xA6, 0xC2, 0xF2, 0xEF,
-        0x74, 0xE3, 0x4C, 0x0F, 0x87, 0x7A, 0x61, 0x4C,
-        0xE4, 0x5D, 0xC0, 0xAE, 0xDD, 0xF9, 0x5A, 0x0E,
-        0x2E, 0x4E, 0xDA, 0xE2, 0x9A, 0xF4, 0x11, 0xC9,
-        0xCC, 0x2A, 0xF9, 0x5C, 0x9E, 0xA9, 0xA9, 0x4A,
-        0x79, 0x61, 0xC8, 0x24, 0x6E, 0x65, 0x4F, 0xA2,
-        0x8F, 0x3D, 0x56, 0x8D, 0x5F, 0xEE, 0x93, 0x35,
-        0x2C, 0x2E, 0x0D, 0x60, 0xCC, 0xAF, 0x5B, 0x00,
-        0x09, 0x0A, 0xB6, 0xE7, 0xA5, 0x3A, 0xA0, 0x6A,
-        0x8C, 0xD3, 0x73, 0x7E, 0xBF, 0x1B, 0x65, 0xD6,
-        0x25, 0xBC, 0xF2, 0x20, 0xF7, 0x4D, 0xE2, 0x2D,
-        0x98, 0x71, 0xEF, 0xC3, 0x76, 0xBF, 0x08, 0x2D,
-        0x4B, 0x87, 0x2A, 0x30, 0x3C, 0x32, 0x42, 0x7A,
-        0x0C, 0x98, 0xBE, 0xCF, 0x58, 0x95, 0x9C, 0x9F,
-        0x9E, 0x2E, 0x88, 0x7D, 0xBC, 0x42, 0xAA, 0xB1,
-        0x65, 0x6A, 0xD1, 0x56, 0x37, 0xA6, 0xA8, 0xF4,
-        0xBF, 0x96, 0x34, 0x09, 0x54, 0x91, 0xF8, 0xC9,
-        0x92, 0x42, 0x91, 0x38, 0x91, 0x43, 0x7E, 0x6C,
-        0x5B, 0x50, 0xA2, 0x13, 0xDD, 0xE8, 0x0D, 0x21,
-        0x96, 0xBE, 0x12, 0xC3, 0x93, 0x7F, 0xE3, 0x23,
-        0x9B, 0xF6, 0x75, 0x9A, 0xBB, 0x8C, 0x1C, 0x94,
-        0x66, 0xF4, 0x2F, 0xBD, 0x53, 0x89, 0x4A, 0xE5,
-        0x2F, 0xB5, 0x33, 0x32, 0x14, 0x29, 0xFC, 0xE4,
-        0xFE, 0xC1, 0xDB, 0x35, 0x2C, 0x49, 0x58, 0x3A,
-        0x7D, 0x81, 0x7E, 0xAF, 0x62, 0x00, 0x08, 0x88,
-        0xEC, 0xB0, 0xEB, 0xFF, 0xEF, 0x69, 0xFF, 0x8E,
-        0x59, 0x0C, 0xFA, 0x25, 0xBE, 0xAB, 0x21, 0x60,
-        0x5B, 0x63, 0x5A, 0xBC, 0x2C, 0xA2, 0x36, 0x80,
-        0x78, 0x97, 0x25, 0xCF, 0x70, 0x0F, 0x55, 0x3C,
-        0x88, 0x35, 0x2F, 0x31, 0x61, 0x61, 0x54, 0x87,
-        0x3D, 0x18, 0xB6, 0xC6, 0xEB, 0x51, 0x9F, 0xC6,
-        0x39, 0xB0, 0x70, 0xFD, 0x67, 0xF8, 0x6A, 0xAB,
-        0x62, 0x34, 0x9D, 0xBF, 0xFA, 0x89, 0xF9, 0x30,
-        0x51, 0xA7, 0xC7, 0xB7, 0xBD, 0x16, 0x1F, 0xCD,
-        0x73, 0x67, 0x2C, 0xEE, 0xF5, 0x9A, 0x9B, 0xB7,
-        0xF5, 0x71, 0xEA, 0xBE, 0x25, 0x70, 0xC5, 0xBF,
-        0x31, 0xEC, 0xAA, 0x1F, 0x9C, 0xA7, 0xA9, 0xC6,
-        0xD3, 0x1E, 0xA5, 0xFB, 0x7C, 0x97, 0x9C, 0xDD,
-        0x26, 0x13, 0x89, 0x7E, 0x7D, 0x15, 0x03, 0xFB,
-        0x0C, 0x19, 0xAD, 0xDC, 0xFB, 0x3A, 0x63, 0xE2,
-        0x18, 0x5F, 0xC4, 0x10, 0x18, 0x38, 0xDA, 0x66,
-        0xCC, 0xE2, 0xD3, 0xD9, 0xFF, 0xB4, 0x77, 0x46,
-        0xC2, 0x00, 0x3E, 0xDD, 0x86, 0xC2, 0xF8, 0xC3
-    };
-    static const byte kprime_1024[KYBER_SS_SZ] = {
-        0xC6, 0x1F, 0x73, 0xD2, 0xBF, 0xB1, 0x85, 0x94,
-        0xE1, 0xBA, 0x5D, 0x3B, 0x58, 0xB4, 0xC9, 0x34,
-        0x20, 0x6D, 0x3A, 0x6F, 0x8E, 0xC9, 0x13, 0x95,
-        0xAB, 0x77, 0x79, 0xC6, 0x1F, 0xA1, 0xDD, 0x6F
-    };
-#endif
-    static byte ss[KYBER_SS_SZ];
-
-    key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(key);
-    if (key != NULL) {
-        XMEMSET(key, 0, sizeof(KyberKey));
-    }
-
-#ifndef WOLFSSL_NO_KYBER512
-    ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_512, sizeof(dk_512)), 0);
-    ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_512, sizeof(c_512)), 0);
-    ExpectIntEQ(XMEMCMP(ss, kprime_512, KYBER_SS_SZ), 0);
-    wc_KyberKey_Free(key);
-#endif
-#ifndef WOLFSSL_NO_KYBER768
-    ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_768, sizeof(dk_768)), 0);
-    ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_768, sizeof(c_768)), 0);
-    ExpectIntEQ(XMEMCMP(ss, kprime_768, KYBER_SS_SZ), 0);
-    wc_KyberKey_Free(key);
-#endif
-#ifndef WOLFSSL_NO_KYBER1024
-    ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_1024, sizeof(dk_1024)), 0);
-    ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_1024, sizeof(c_1024)), 0);
-    ExpectIntEQ(XMEMCMP(ss, kprime_1024, KYBER_SS_SZ), 0);
-    wc_KyberKey_Free(key);
-#endif
-
-    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
-    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_NO_ML_DSA_44)
-static const byte ml_dsa_44_pub_key[] = {
-    0xf1, 0xdf, 0x1e, 0xfc, 0x6b, 0x41, 0xe7,
-    0x5e, 0xcb, 0xb5, 0xb5, 0xd2, 0x3c, 0xc8,
-    0xd3, 0x99, 0x73, 0x36, 0x9a, 0x0b, 0x32,
-    0x71, 0x7a, 0x9f, 0x6d, 0x66, 0x07, 0xb8,
-    0x31, 0x5f, 0x25, 0xb6, 0x2e, 0xee, 0x4f,
-    0x63, 0x13, 0x02, 0x45, 0x3c, 0xd1, 0x3d,
-    0x79, 0x6b, 0x3c, 0xfe, 0xd9, 0x2f, 0x39,
-    0xe8, 0x62, 0x60, 0xf0, 0x04, 0x83, 0x28,
-    0xaa, 0xdc, 0x15, 0x90, 0xef, 0x55, 0x48,
-    0xf9, 0xd2, 0xcd, 0x53, 0x87, 0x0e, 0x42,
-    0xba, 0x16, 0x87, 0x7b, 0x32, 0xa8, 0xbf,
-    0xed, 0x32, 0xa1, 0x19, 0x66, 0x44, 0xfe,
-    0x57, 0xec, 0x26, 0xed, 0x9e, 0x73, 0xa0,
-    0x87, 0xe8, 0x8a, 0x93, 0x3c, 0xec, 0x1d,
-    0xa0, 0xcc, 0x2e, 0x0d, 0x37, 0x5b, 0xb1,
-    0x74, 0x77, 0x18, 0x4b, 0xde, 0x4b, 0xc9,
-    0xac, 0xf8, 0xda, 0x23, 0x7a, 0x2a, 0x39,
-    0xfa, 0x96, 0x01, 0xff, 0xf0, 0xc7, 0xa7,
-    0x34, 0xca, 0x9d, 0xe9, 0xda, 0x4d, 0x85,
-    0x00, 0xc9, 0xe9, 0xcf, 0xb0, 0x3e, 0x21,
-    0xe6, 0xae, 0x52, 0x67, 0x4f, 0xe3, 0x93,
-    0x2f, 0x50, 0x47, 0xdd, 0x89, 0xa2, 0x48,
-    0xf8, 0xfe, 0x93, 0xfe, 0xce, 0x68, 0x9c,
-    0xe9, 0x4d, 0xdd, 0xbd, 0x9f, 0xeb, 0x14,
-    0x8d, 0x38, 0x7a, 0xc6, 0xf2, 0x50, 0x00,
-    0x91, 0x65, 0xd0, 0xd1, 0xeb, 0x51, 0xab,
-    0x3a, 0x0e, 0x45, 0x5c, 0xbd, 0x65, 0xf5,
-    0x78, 0xc6, 0xa0, 0xaa, 0xae, 0x50, 0xf2,
-    0x19, 0x1f, 0x90, 0x1a, 0x9f, 0x34, 0xa0,
-    0xa1, 0x95, 0x94, 0x86, 0x30, 0xc2, 0xb2,
-    0x95, 0x82, 0x13, 0xf6, 0x73, 0xe2, 0x03,
-    0xe3, 0x7c, 0x09, 0x8e, 0x5d, 0x07, 0xd6,
-    0x33, 0x93, 0x8a, 0x1b, 0x67, 0xc9, 0xb1,
-    0x76, 0x74, 0x1c, 0x22, 0x58, 0x05, 0x5a,
-    0xa8, 0x83, 0x68, 0xce, 0x64, 0xfc, 0x52,
-    0x7f, 0x35, 0x80, 0x6e, 0xdf, 0xf5, 0x2d,
-    0xd2, 0xd1, 0x17, 0xdc, 0xce, 0x95, 0xe8,
-    0xe6, 0x42, 0xb1, 0xb1, 0x61, 0xc1, 0x24,
-    0x79, 0x1c, 0x51, 0xfc, 0x3c, 0xba, 0x40,
-    0xf7, 0x70, 0x35, 0x22, 0x73, 0x31, 0x53,
-    0x21, 0xea, 0x09, 0xf7, 0xaa, 0x07, 0xb8,
-    0xfa, 0x0b, 0xa0, 0xa9, 0xb4, 0x8c, 0x83,
-    0xbb, 0x25, 0xfe, 0x39, 0x29, 0xef, 0x34,
-    0xd5, 0xe2, 0xc7, 0x9e, 0x87, 0xbd, 0x50,
-    0x86, 0x71, 0x12, 0x3e, 0x8a, 0x78, 0xe2,
-    0xb3, 0xe1, 0xfa, 0x5b, 0x73, 0x3b, 0x34,
-    0x9f, 0x4e, 0x7d, 0xd5, 0x1b, 0xb9, 0x8e,
-    0x43, 0x76, 0xef, 0x3e, 0x37, 0x70, 0x33,
-    0x36, 0xd1, 0xa1, 0xba, 0x1b, 0xb1, 0x79,
-    0xfb, 0x2c, 0xb1, 0x9b, 0xc3, 0x1b, 0x26,
-    0x83, 0x89, 0x4d, 0x53, 0x40, 0xa5, 0xf9,
-    0x8b, 0xe2, 0xec, 0x30, 0x1f, 0xf6, 0x16,
-    0xd6, 0x55, 0xce, 0x0e, 0x1b, 0xed, 0xe0,
-    0xeb, 0xc9, 0x7a, 0x2e, 0x1a, 0x85, 0x81,
-    0xa4, 0xe2, 0xa8, 0xbe, 0x9f, 0xac, 0x0b,
-    0x23, 0xb4, 0xbb, 0xc2, 0x0f, 0x66, 0x43,
-    0x45, 0x93, 0x20, 0x37, 0x4d, 0x47, 0x23,
-    0x7f, 0x4a, 0x5e, 0x8b, 0x19, 0xec, 0xd9,
-    0x57, 0x69, 0xc4, 0x91, 0xb0, 0xcd, 0x25,
-    0x2a, 0x7d, 0x52, 0xdb, 0x59, 0x18, 0x8b,
-    0x96, 0xad, 0x75, 0x21, 0x81, 0x1a, 0x2c,
-    0xb3, 0x26, 0x30, 0x78, 0x19, 0x2b, 0x22,
-    0x74, 0x6e, 0x92, 0x57, 0xec, 0x3c, 0x75,
-    0x8b, 0xd8, 0x4b, 0x7c, 0xd1, 0x72, 0x1b,
-    0x1f, 0xed, 0xae, 0x15, 0x82, 0xd3, 0xf6,
-    0xaf, 0x01, 0x31, 0xec, 0x1b, 0xca, 0xa5,
-    0xf8, 0x78, 0x7f, 0x8a, 0x8a, 0x03, 0xbd,
-    0x03, 0x0a, 0xc5, 0x4e, 0x15, 0xab, 0xa4,
-    0x76, 0x56, 0x5b, 0xf8, 0x50, 0xa9, 0xee,
-    0x61, 0xbd, 0x05, 0xe0, 0xdf, 0xc6, 0xbe,
-    0x4a, 0xaf, 0xdb, 0x96, 0x0a, 0x7e, 0xcb,
-    0x2e, 0xb0, 0x68, 0x4e, 0x2d, 0x88, 0x32,
-    0x1e, 0xe1, 0xbc, 0x08, 0x15, 0x15, 0x71,
-    0xe6, 0x77, 0x2b, 0xeb, 0x47, 0x81, 0xb7,
-    0xe8, 0x82, 0x9f, 0x5f, 0x94, 0xd2, 0xac,
-    0xa5, 0x89, 0x52, 0xe1, 0x3c, 0x59, 0xe0,
-    0x06, 0xe6, 0x66, 0xe1, 0xf9, 0x9d, 0x32,
-    0x42, 0x9d, 0x77, 0xfe, 0x6a, 0x12, 0x4a,
-    0xa3, 0xd2, 0x49, 0xbb, 0x39, 0xad, 0x42,
-    0xb7, 0x37, 0xfb, 0xde, 0x9d, 0xaf, 0x1b,
-    0xd5, 0x5a, 0x3b, 0x06, 0xa6, 0x51, 0x7d,
-    0x6a, 0x5c, 0x32, 0xdb, 0xde, 0x5d, 0x0d,
-    0x20, 0x88, 0xee, 0x8b, 0xa8, 0x49, 0x5b,
-    0x6c, 0x50, 0x72, 0xdb, 0x68, 0x44, 0x17,
-    0x28, 0xd4, 0xbb, 0x43, 0x8e, 0x00, 0xa5,
-    0xc8, 0x27, 0x00, 0xaa, 0x2b, 0xa4, 0xc2,
-    0x16, 0xcd, 0x2d, 0x59, 0xdc, 0x1a, 0xa2,
-    0x66, 0xe2, 0x96, 0x6b, 0xcc, 0x39, 0xc6,
-    0xe9, 0x2b, 0x14, 0xa7, 0x7d, 0x67, 0x5d,
-    0x54, 0xfc, 0x93, 0x73, 0x52, 0x47, 0xc7,
-    0x24, 0x1e, 0x7e, 0xc9, 0x2d, 0x87, 0x60,
-    0xd3, 0xd8, 0x76, 0xf0, 0x51, 0x04, 0xc7,
-    0xcb, 0x68, 0x0f, 0xd8, 0x4b, 0x22, 0xb2,
-    0x51, 0x87, 0xe9, 0x1e, 0x05, 0x3d, 0xe2,
-    0x8a, 0x6b, 0xb8, 0x96, 0xd6, 0xe0, 0x6e,
-    0x38, 0x74, 0x96, 0xad, 0x7e, 0x4f, 0x52,
-    0x35, 0xcf, 0x4a, 0x50, 0xe7, 0x60, 0x2e,
-    0x58, 0xcf, 0xdc, 0x7a, 0x9a, 0x21, 0x76,
-    0x1d, 0x2c, 0xd1, 0x98, 0xab, 0xab, 0xed,
-    0xf9, 0xec, 0xd5, 0x7b, 0x09, 0xad, 0x2e,
-    0xad, 0x5a, 0xdc, 0xad, 0xd6, 0x46, 0xba,
-    0x2d, 0x55, 0xf7, 0x0c, 0x9a, 0x23, 0x10,
-    0x50, 0x3e, 0x4f, 0xe1, 0xeb, 0x58, 0x8a,
-    0xc0, 0x17, 0x48, 0x41, 0x40, 0x65, 0x0b,
-    0xfb, 0x43, 0x9e, 0xf0, 0x37, 0x4a, 0x89,
-    0x4e, 0x71, 0xad, 0x44, 0x19, 0x13, 0xbb,
-    0x4a, 0x63, 0x83, 0x9e, 0x6a, 0x49, 0x1b,
-    0x28, 0xb0, 0x8e, 0x9c, 0x7b, 0xaf, 0xf9,
-    0x57, 0x5d, 0x35, 0x16, 0x5c, 0xa7, 0x5e,
-    0xd1, 0x0d, 0x83, 0xdc, 0x49, 0xdd, 0x40,
-    0x58, 0x9c, 0x97, 0x91, 0xa6, 0xb0, 0x68,
-    0xb0, 0xfa, 0x9e, 0xc0, 0x3f, 0x81, 0xc6,
-    0xce, 0x58, 0xc5, 0x87, 0xc6, 0xf4, 0x06,
-    0xec, 0x91, 0x57, 0x81, 0xce, 0x3a, 0xe8,
-    0xf1, 0x29, 0x3f, 0x01, 0x93, 0xf0, 0x74,
-    0x22, 0xea, 0x6b, 0x06, 0xd8, 0x65, 0xdb,
-    0xd7, 0x41, 0xd9, 0x60, 0x23, 0xe7, 0x83,
-    0xc8, 0x69, 0x6b, 0x90, 0xc5, 0xc7, 0xb9,
-    0xd5, 0xba, 0x79, 0xc9, 0x4a, 0x87, 0x23,
-    0x1c, 0x95, 0x78, 0xf3, 0x73, 0x10, 0xbe,
-    0xb2, 0x0f, 0x32, 0xec, 0xff, 0x15, 0x51,
-    0x4d, 0xb5, 0x48, 0x3c, 0xca, 0x4c, 0x5b,
-    0x32, 0x29, 0x47, 0x21, 0xba, 0x2a, 0x5d,
-    0xc9, 0x59, 0xfa, 0x8f, 0x33, 0x10, 0x83,
-    0x40, 0x80, 0xf3, 0xce, 0xee, 0x6d, 0xcd,
-    0x9c, 0xbb, 0x23, 0x0b, 0x45, 0xba, 0x7a,
-    0x07, 0xdc, 0x4d, 0x57, 0x97, 0xb4, 0xa4,
-    0xef, 0x94, 0xe8, 0x43, 0xfe, 0x18, 0x47,
-    0x1a, 0xb0, 0xf6, 0xb6, 0x0b, 0x55, 0x05,
-    0xbd, 0x67, 0x2d, 0x37, 0x27, 0x17, 0x13,
-    0x65, 0x22, 0xf2, 0x7c, 0xf7, 0x47, 0xd2,
-    0x85, 0x63, 0x98, 0x83, 0xd2, 0xc1, 0xbf,
-    0x8f, 0x4c, 0xda, 0xbf, 0xa4, 0x10, 0x6b,
-    0x4e, 0x6b, 0x78, 0x5e, 0x3f, 0x7a, 0xec,
-    0x15, 0x84, 0xbe, 0x1a, 0x94, 0xa2, 0x2b,
-    0xb5, 0x3e, 0x55, 0x86, 0x51, 0xec, 0x2e,
-    0x62, 0xcb, 0xd6, 0x9f, 0xe5, 0xa4, 0xb8,
-    0xc0, 0xaa, 0x4e, 0x6d, 0x8a, 0xb1, 0xd6,
-    0xf7, 0x8d, 0x1c, 0x04, 0x32, 0x8b, 0x20,
-    0xf5, 0x80, 0x33, 0xbd, 0xcc, 0x3e, 0x4c,
-    0x16, 0x04, 0xab, 0xd8, 0x64, 0x6d, 0xf9,
-    0xc9, 0x15, 0x7d, 0x4b, 0x00, 0x86, 0xb2,
-    0x70, 0x1d, 0x20, 0xcb, 0x7a, 0xed, 0x7e,
-    0x81, 0x7f, 0x41, 0x33, 0xb8, 0x7b, 0xc0,
-    0xa3, 0xbd, 0x12, 0xd1, 0x67, 0x48, 0xa0,
-    0xb9, 0xeb, 0xd5, 0x29, 0xab, 0x91, 0x9c,
-    0xa2, 0x2f, 0x8e, 0x01, 0x1c, 0x88, 0xc1,
-    0x3e, 0x34, 0x47, 0x36, 0x8a, 0x35, 0x6c,
-    0x2f, 0xc1, 0x8a, 0xb6, 0xd0, 0xa5, 0x01,
-    0x82, 0xee, 0x4f, 0x44, 0xb9, 0xcd, 0x16,
-    0x9c, 0x3a, 0xf8, 0xe9, 0x2a, 0xd2, 0xb6,
-    0x1d, 0xfd, 0x3c, 0x06, 0xdc, 0x42, 0xdd,
-    0x2d, 0x60, 0x6a, 0x44, 0x21, 0xc3, 0x37,
-    0x75, 0x79, 0xc5, 0x29, 0x5c, 0x7e, 0xf5,
-    0x86, 0xbb, 0x56, 0x05, 0x21, 0x46, 0xaf,
-    0x6d, 0x3a, 0xa2, 0x9e, 0x11, 0x6d, 0x9e,
-    0x05, 0x74, 0x8a, 0xfe, 0x84, 0x88, 0x3e,
-    0x76, 0xb4, 0xef, 0x2f, 0xeb, 0x52, 0xcd,
-    0x97, 0x82, 0xba, 0x0c, 0xcc, 0xcb, 0x72,
-    0x8d, 0x8d, 0xd2, 0x32, 0x7c, 0x41, 0x39,
-    0xa6, 0x22, 0xb7, 0xdc, 0x3f, 0x39, 0x43,
-    0xf5, 0xee, 0x0c, 0xfc, 0xbb, 0x2b, 0x43,
-    0xe8, 0xce, 0xae, 0x0c, 0xd9, 0x15, 0x22,
-    0x32, 0xbd, 0x69, 0xad, 0x76, 0xd9, 0xdf,
-    0x81, 0xdf, 0x24, 0x76, 0x7b, 0x53, 0x0b,
-    0xe6, 0xc7, 0x6c, 0x38, 0x2c, 0xbf, 0x28,
-    0x95, 0x03, 0x18, 0xef, 0x98, 0x88, 0xc2,
-    0x6b, 0x1a, 0xf5, 0xb4, 0xf9, 0x19, 0x76,
-    0x25, 0x1d, 0xcf, 0x9b, 0xcd, 0x4c, 0x00,
-    0x06, 0xde, 0x55, 0x58, 0x95, 0x9a, 0x06,
-    0xfb, 0xf9, 0x88, 0x20, 0x85, 0x80, 0xe3,
-    0x27, 0xdf, 0xc5, 0x20, 0x29, 0x7c, 0x58,
-    0x02, 0x07, 0x2e, 0xd2, 0xeb, 0xdc, 0x68,
-    0x58, 0x91, 0x08, 0x71, 0x16, 0xb3, 0x82,
-    0x2f, 0x6c, 0x45, 0xcd, 0xbe, 0xe5, 0x0c,
-    0x07, 0x77, 0x95, 0x3b, 0x2c, 0x59, 0x8e,
-    0xba, 0x07, 0xa8, 0xa1, 0xc6, 0xe5, 0x6a,
-    0x49, 0xb5, 0x85, 0xf2, 0x70, 0x05, 0x22,
-    0xc4, 0x2f, 0x8d, 0xdd, 0x48, 0x8d, 0x87,
-    0xfa, 0xb6, 0xf8, 0x59, 0xc8, 0xb1, 0x18,
-    0x03, 0x5f, 0xce, 0x53, 0x28, 0x96, 0x15,
-    0xd4, 0xb4, 0x10, 0x2c, 0xe2, 0x22, 0x9e,
-    0x88, 0xe5, 0xcd, 0xda, 0xfc, 0xf9, 0x64,
-    0xa4, 0x7b, 0xfb, 0xeb, 0xa8, 0x6a, 0xb6,
-    0xf6, 0x17, 0x84, 0x26, 0x3d, 0xe4, 0x66,
-    0x7e, 0x5c, 0x85, 0x01, 0xaf, 0xdc, 0xdb,
-    0x48, 0x33, 0x4a, 0x20, 0x7c, 0x22, 0x1b,
-    0xd5, 0xeb, 0x2d,
-};
-static const byte ml_dsa_44_good_sig[] = {
-    0xfc, 0x2d, 0xa0, 0x06, 0x85, 0xc2, 0xfc,
-    0x92, 0x47, 0x77, 0x0b, 0x39, 0xbf, 0xe5,
-    0xba, 0xd4, 0x44, 0xbf, 0xde, 0xce, 0x1f,
-    0x04, 0xa2, 0x87, 0xed, 0x4a, 0xce, 0x0e,
-    0xf3, 0x95, 0x61, 0x1e, 0x66, 0x4e, 0x9a,
-    0x5d, 0x00, 0x31, 0x32, 0xf0, 0x90, 0x3d,
-    0x7e, 0xf2, 0x9d, 0xe2, 0x93, 0xa1, 0xc8,
-    0x64, 0x36, 0xf2, 0x59, 0xc7, 0x9e, 0xb6,
-    0xb3, 0x6f, 0xe5, 0x80, 0x8d, 0x92, 0x77,
-    0xd6, 0xb6, 0xe4, 0xc5, 0x5e, 0x79, 0x45,
-    0x4b, 0xd0, 0xfe, 0x53, 0x55, 0xb6, 0x66,
-    0x88, 0xfe, 0x95, 0x40, 0x07, 0xfd, 0xdb,
-    0x40, 0x33, 0x39, 0x67, 0x03, 0x30, 0x8e,
-    0x80, 0x4e, 0xa7, 0x0e, 0xe4, 0x05, 0x04,
-    0xc5, 0x33, 0x72, 0x47, 0x5b, 0x85, 0x0f,
-    0xe1, 0xeb, 0x98, 0x1a, 0x76, 0x79, 0x84,
-    0xce, 0x26, 0x66, 0xe8, 0x92, 0xc9, 0x1f,
-    0x40, 0x96, 0x72, 0xfe, 0x61, 0xae, 0xba,
-    0x84, 0x70, 0xb7, 0x92, 0x2f, 0x7e, 0xc8,
-    0xe8, 0xe4, 0x34, 0x73, 0xd4, 0x69, 0x57,
-    0x3e, 0x28, 0x2b, 0x18, 0x0f, 0xef, 0xb1,
-    0x06, 0xe2, 0xf8, 0x79, 0x70, 0x5a, 0x84,
-    0x84, 0x6c, 0xb3, 0x57, 0x5b, 0x18, 0x42,
-    0xdf, 0xd5, 0xdb, 0xf8, 0x35, 0x5f, 0x7b,
-    0x23, 0x25, 0x2f, 0x0f, 0x17, 0x0b, 0x9a,
-    0xb6, 0xe8, 0x31, 0x30, 0x6b, 0x90, 0x06,
-    0x2c, 0xfd, 0xca, 0xaa, 0xa6, 0xc3, 0xdc,
-    0x88, 0xa7, 0x31, 0x74, 0x67, 0xe2, 0x64,
-    0x8f, 0x5c, 0xc4, 0xc0, 0x4d, 0x34, 0x15,
-    0x0d, 0xd2, 0x23, 0x69, 0xfc, 0x6e, 0xbb,
-    0x82, 0xca, 0xc4, 0xee, 0xf1, 0x14, 0xc1,
-    0xd4, 0x5a, 0x71, 0x78, 0x9b, 0x40, 0x01,
-    0xb9, 0xe4, 0x6e, 0x68, 0xf6, 0x13, 0xca,
-    0xc1, 0xea, 0x70, 0x71, 0x3d, 0xc9, 0x1a,
-    0x62, 0xb9, 0xa9, 0xe0, 0x1e, 0xe2, 0x34,
-    0xf2, 0x9a, 0xf7, 0x23, 0xb3, 0xc1, 0xca,
-    0x35, 0x0e, 0x5e, 0xa7, 0xd1, 0x3d, 0xea,
-    0x51, 0xdc, 0xe2, 0x0e, 0xfc, 0x7d, 0x26,
-    0x75, 0xec, 0x9a, 0x6e, 0x40, 0x1f, 0x60,
-    0x06, 0xd7, 0x56, 0xf8, 0xa4, 0x2a, 0x82,
-    0x9c, 0xef, 0x51, 0x4a, 0xe1, 0x01, 0x2b,
-    0xb0, 0x8b, 0x34, 0x7b, 0xe1, 0x63, 0xa4,
-    0xcc, 0x72, 0x81, 0xd9, 0xb4, 0x20, 0xcc,
-    0x60, 0xe2, 0x15, 0x6d, 0xc7, 0x6c, 0x75,
-    0x65, 0x4d, 0xb6, 0xc0, 0x36, 0x49, 0x87,
-    0x06, 0x3e, 0xca, 0x1c, 0x32, 0x36, 0x2f,
-    0xe3, 0xf6, 0x06, 0x0a, 0xb1, 0xd2, 0xfb,
-    0xee, 0x4e, 0xd7, 0xce, 0x65, 0xcc, 0x89,
-    0xf2, 0x77, 0x14, 0x27, 0x27, 0x84, 0x52,
-    0x97, 0x1b, 0x89, 0x17, 0x31, 0x8d, 0xc4,
-    0x0f, 0xc7, 0xc6, 0x45, 0x44, 0x9a, 0x97,
-    0xd3, 0x88, 0x71, 0x73, 0x97, 0x64, 0xa6,
-    0xe6, 0x3d, 0xf2, 0xd3, 0x7f, 0x7f, 0xfa,
-    0x4f, 0xf4, 0xe9, 0x76, 0x8a, 0x2a, 0xfe,
-    0x28, 0x8e, 0xa5, 0xb3, 0x46, 0x2b, 0xad,
-    0x50, 0x5e, 0x12, 0xcd, 0xf8, 0x46, 0xe4,
-    0x06, 0x12, 0xc2, 0xb8, 0xcd, 0x04, 0x76,
-    0x07, 0x7c, 0xed, 0x2f, 0x0f, 0xd6, 0x97,
-    0x31, 0xa4, 0x0c, 0x18, 0x85, 0x75, 0xd3,
-    0x55, 0xfd, 0xe3, 0x1a, 0xbf, 0x43, 0xde,
-    0x20, 0xa9, 0x19, 0xcd, 0x03, 0x01, 0xdf,
-    0x04, 0x71, 0x09, 0x94, 0x99, 0x51, 0xb0,
-    0x8e, 0x32, 0x80, 0xe6, 0x64, 0x4b, 0xdf,
-    0xa5, 0xec, 0xfa, 0xce, 0xf6, 0xf3, 0xce,
-    0x51, 0xe8, 0x6d, 0x03, 0x1e, 0x69, 0x59,
-    0xef, 0x20, 0x98, 0x71, 0xe2, 0xc3, 0xec,
-    0x19, 0x03, 0xa9, 0x2d, 0x12, 0x21, 0x79,
-    0x7e, 0xb0, 0xcb, 0x76, 0x68, 0x2f, 0x11,
-    0x01, 0x2b, 0x11, 0xef, 0xd6, 0xb7, 0x8b,
-    0x5e, 0x31, 0x78, 0x7b, 0x2d, 0xe6, 0x4a,
-    0xfb, 0xc1, 0xbb, 0x78, 0x92, 0x11, 0xcb,
-    0x91, 0x97, 0x52, 0x1b, 0x8e, 0xfb, 0x59,
-    0x02, 0x22, 0xbe, 0xf7, 0x33, 0xaa, 0x7b,
-    0xfd, 0x93, 0xf7, 0xa8, 0x9b, 0xfc, 0x99,
-    0x36, 0x22, 0x04, 0x1e, 0xdc, 0xa3, 0x2b,
-    0xe6, 0xac, 0x2e, 0x4b, 0x38, 0x0a, 0x25,
-    0xde, 0x3d, 0x8e, 0x0b, 0x95, 0x04, 0x48,
-    0x3d, 0x66, 0x52, 0x99, 0x79, 0xe1, 0x8d,
-    0xe0, 0xa7, 0xd5, 0x23, 0x0d, 0x45, 0x89,
-    0x88, 0xa9, 0x59, 0x4e, 0xc7, 0x64, 0x39,
-    0x93, 0xdd, 0xcb, 0xfe, 0x97, 0xe7, 0x7d,
-    0xab, 0x61, 0x08, 0xf7, 0x7a, 0xff, 0x10,
-    0x1d, 0x8d, 0x11, 0xa9, 0x97, 0xbd, 0x16,
-    0xb5, 0x6c, 0x84, 0x71, 0x61, 0x72, 0x36,
-    0x51, 0xe7, 0x43, 0x8b, 0x15, 0xb2, 0x48,
-    0x6a, 0x14, 0x8a, 0xbe, 0x92, 0xa7, 0xfa,
-    0xce, 0x02, 0x1a, 0x7f, 0xc5, 0xdb, 0x76,
-    0x0a, 0x4c, 0xc7, 0x20, 0x2a, 0x34, 0xf4,
-    0x92, 0x3b, 0x34, 0x69, 0x71, 0x3d, 0xe1,
-    0xf2, 0x2f, 0x52, 0xe1, 0x48, 0xbe, 0x27,
-    0x47, 0x1d, 0x55, 0x96, 0x6e, 0xa3, 0x39,
-    0xc6, 0xd8, 0x12, 0xe0, 0xb2, 0x93, 0x56,
-    0xef, 0x10, 0xf4, 0xa6, 0xf4, 0x5f, 0xa9,
-    0xfd, 0x5d, 0x01, 0x87, 0xb8, 0xe5, 0x4f,
-    0x86, 0x2c, 0xa5, 0x09, 0xfc, 0x29, 0x84,
-    0x5b, 0x44, 0xf9, 0x8d, 0x9c, 0xbb, 0x19,
-    0x97, 0x52, 0xbb, 0xac, 0x19, 0x57, 0x68,
-    0x7d, 0x74, 0xb5, 0x4f, 0xda, 0x8a, 0x9c,
-    0xcf, 0x5d, 0x7b, 0xd9, 0xf0, 0xb3, 0x11,
-    0x76, 0x50, 0x03, 0x06, 0x44, 0xe7, 0x68,
-    0x35, 0xe9, 0x14, 0x20, 0xbd, 0x0d, 0x90,
-    0x96, 0x21, 0xa1, 0x17, 0x8f, 0xf7, 0x50,
-    0x6c, 0xc0, 0x76, 0x3d, 0x34, 0x8d, 0xf2,
-    0x75, 0xf0, 0xa2, 0x6c, 0x8a, 0xc1, 0x56,
-    0x95, 0xb2, 0xd9, 0x87, 0xf2, 0xe4, 0x80,
-    0x25, 0xc7, 0x97, 0xd2, 0xd2, 0xf8, 0x1c,
-    0x7a, 0x48, 0x70, 0x99, 0x6b, 0xf2, 0x50,
-    0x83, 0xf3, 0x10, 0xb1, 0x9b, 0x6d, 0x75,
-    0x53, 0x86, 0x23, 0xc9, 0x60, 0x4d, 0x73,
-    0xc7, 0x52, 0x90, 0x12, 0x6b, 0x92, 0x2d,
-    0x35, 0xbc, 0x4d, 0x86, 0x67, 0xfe, 0x35,
-    0x11, 0x6c, 0xbb, 0x9b, 0x76, 0xaf, 0x26,
-    0xae, 0x50, 0x23, 0x76, 0x68, 0x16, 0x80,
-    0xf0, 0xa4, 0xcc, 0x76, 0x6b, 0xf3, 0x99,
-    0x04, 0x8b, 0x39, 0xf2, 0xa6, 0xa9, 0x72,
-    0x6f, 0xbe, 0xa8, 0xdb, 0x53, 0xf3, 0x93,
-    0x00, 0xac, 0x3e, 0x8f, 0xdd, 0x68, 0x9e,
-    0x2f, 0xe3, 0x48, 0x0b, 0x11, 0xe2, 0x9a,
-    0xfa, 0x98, 0x32, 0x40, 0x26, 0xf8, 0x83,
-    0xc6, 0x00, 0x02, 0x7d, 0xb5, 0xd2, 0xd4,
-    0xdd, 0xc6, 0x02, 0xec, 0xb3, 0x98, 0xd6,
-    0x8e, 0xab, 0x75, 0x06, 0x37, 0x97, 0x4c,
-    0x50, 0xc5, 0xe1, 0x43, 0x34, 0xd6, 0xbd,
-    0xb6, 0xfc, 0xb7, 0x04, 0x0d, 0xd8, 0x35,
-    0xb4, 0x3e, 0x0e, 0x43, 0x22, 0x83, 0xf5,
-    0x5d, 0x2e, 0x0a, 0x8f, 0xa0, 0xec, 0x17,
-    0xd9, 0xa1, 0x84, 0x98, 0x32, 0x5c, 0x99,
-    0x66, 0x05, 0x70, 0x9a, 0xa4, 0x9b, 0xbe,
-    0xd3, 0x3d, 0x2a, 0x13, 0xb1, 0x96, 0x37,
-    0x4f, 0xe7, 0x6f, 0x6b, 0x5e, 0x80, 0xe4,
-    0xb6, 0x98, 0x56, 0xed, 0xff, 0x5b, 0x21,
-    0x5f, 0x79, 0x9a, 0x0f, 0x53, 0x69, 0x76,
-    0xdb, 0xc0, 0x12, 0x9c, 0xed, 0xd4, 0x00,
-    0x64, 0xca, 0xf4, 0xc3, 0x17, 0x49, 0xbb,
-    0xef, 0xbc, 0x7b, 0x73, 0x24, 0x4f, 0x6e,
-    0xcf, 0x25, 0x49, 0x30, 0x4f, 0x9a, 0xb7,
-    0x2a, 0x2f, 0xc2, 0x69, 0x74, 0xe5, 0xa6,
-    0xd7, 0x29, 0x4d, 0x80, 0xe6, 0xf6, 0x66,
-    0x4b, 0xdf, 0xef, 0xfd, 0xb5, 0xaa, 0x53,
-    0x75, 0x0e, 0xf5, 0x92, 0xb3, 0x30, 0x3d,
-    0x5d, 0xa8, 0x49, 0x74, 0xa2, 0x13, 0xb3,
-    0x99, 0x7e, 0xf9, 0x34, 0x08, 0xc2, 0xa6,
-    0xc9, 0xd1, 0xb7, 0x65, 0xf4, 0xa9, 0xda,
-    0x11, 0x07, 0x89, 0x08, 0x92, 0xdf, 0x1a,
-    0x8d, 0xd7, 0x1e, 0xe9, 0xa3, 0x5c, 0x66,
-    0x79, 0xa0, 0x2d, 0xd1, 0xd9, 0x65, 0xa2,
-    0xd3, 0x47, 0xb1, 0xa1, 0xf4, 0xa1, 0x18,
-    0x7f, 0xb0, 0xd1, 0x20, 0x05, 0x06, 0x6f,
-    0xda, 0xe3, 0xef, 0xee, 0x47, 0xdf, 0x80,
-    0x22, 0x14, 0x4b, 0xc2, 0xe4, 0xea, 0x02,
-    0xe7, 0x06, 0xc8, 0x2d, 0x2d, 0xbd, 0xd2,
-    0xef, 0xd3, 0x3b, 0xf0, 0xc8, 0xc1, 0x04,
-    0x53, 0x81, 0x27, 0xb2, 0xf2, 0xf8, 0x5d,
-    0xe1, 0x27, 0xd6, 0xd8, 0x2e, 0x0d, 0x43,
-    0xf4, 0xf0, 0x7a, 0x8c, 0x78, 0x3f, 0x23,
-    0x4d, 0x05, 0xf6, 0xc6, 0x9a, 0xc1, 0x19,
-    0x58, 0x48, 0x02, 0x71, 0xc4, 0xf1, 0x16,
-    0xc2, 0xbf, 0xc2, 0xf5, 0xa6, 0x70, 0x25,
-    0x8b, 0x6c, 0x31, 0xa6, 0x2b, 0x6a, 0x1f,
-    0x26, 0x4a, 0x6b, 0x05, 0x67, 0xa9, 0x5e,
-    0xa6, 0xc7, 0x19, 0xf0, 0x6f, 0xc2, 0xa4,
-    0x07, 0xe1, 0xf8, 0xb6, 0x70, 0x79, 0x85,
-    0x97, 0x1f, 0xc2, 0x97, 0xf3, 0x57, 0x3d,
-    0xd1, 0x70, 0xb1, 0xe8, 0x43, 0x11, 0xe6,
-    0x2f, 0x8a, 0x12, 0x97, 0xe1, 0x1f, 0x86,
-    0x33, 0xa1, 0x30, 0xb3, 0x8e, 0xd7, 0x43,
-    0x99, 0x35, 0xd3, 0x48, 0x04, 0x29, 0xa3,
-    0xf3, 0x2c, 0x0e, 0xda, 0x66, 0xc8, 0xa9,
-    0xd3, 0x28, 0x7f, 0xf0, 0xaa, 0x53, 0xc8,
-    0x4b, 0xa3, 0xde, 0xcc, 0x5f, 0xae, 0x9b,
-    0x2f, 0x20, 0xf7, 0x9a, 0x41, 0xb7, 0xdb,
-    0x7a, 0x92, 0xa1, 0x45, 0x2c, 0x49, 0xb7,
-    0x2d, 0xe5, 0x6e, 0x84, 0xb1, 0xa4, 0x6e,
-    0xea, 0xf9, 0xca, 0xc6, 0x0f, 0xd3, 0xdc,
-    0xad, 0x79, 0xf4, 0x3b, 0xc0, 0x8c, 0x8c,
-    0x6f, 0xdf, 0x2c, 0xbb, 0x2a, 0x9f, 0x74,
-    0x2f, 0x31, 0x7b, 0x05, 0xc5, 0xc4, 0x22,
-    0xfd, 0xfc, 0xdf, 0x95, 0x3b, 0x21, 0x41,
-    0xab, 0x5b, 0xe9, 0x37, 0xdf, 0xd3, 0x4c,
-    0x97, 0x73, 0xac, 0xbd, 0x82, 0x97, 0xd0,
-    0x00, 0x55, 0x47, 0xa4, 0x67, 0x12, 0xcd,
-    0xe3, 0x01, 0x31, 0xe6, 0x1c, 0x61, 0xf8,
-    0xa4, 0xce, 0x23, 0xed, 0xeb, 0x8f, 0x57,
-    0xbf, 0x97, 0x4b, 0x26, 0x75, 0xa0, 0x4b,
-    0xf6, 0x7e, 0xda, 0x1c, 0x90, 0x8a, 0xc4,
-    0xf4, 0x60, 0xfc, 0x65, 0x45, 0x8c, 0x1b,
-    0x5c, 0x65, 0xc4, 0x5d, 0x99, 0x9a, 0xed,
-    0x62, 0xd6, 0x74, 0x43, 0xac, 0x5e, 0x0c,
-    0xfd, 0x7d, 0xf2, 0x4f, 0xc3, 0x02, 0xc8,
-    0x24, 0xa7, 0x17, 0x49, 0xf9, 0xdd, 0xc9,
-    0x64, 0x71, 0x08, 0xb9, 0xac, 0x47, 0x3d,
-    0x6a, 0x4f, 0xdc, 0xa6, 0x56, 0x00, 0x01,
-    0x53, 0x2d, 0xca, 0x32, 0x4e, 0x40, 0xec,
-    0x14, 0x03, 0x69, 0x75, 0xfa, 0x93, 0x49,
-    0x98, 0x04, 0x25, 0x29, 0xe5, 0x78, 0x6e,
-    0x3e, 0x99, 0x58, 0x18, 0x48, 0xf3, 0x29,
-    0x56, 0x8d, 0x23, 0xd1, 0x5d, 0xb2, 0x2a,
-    0x74, 0xa7, 0x53, 0xc5, 0xc6, 0xc4, 0x12,
-    0xfe, 0x65, 0x6c, 0xde, 0xc3, 0x6c, 0x18,
-    0xde, 0xc3, 0x97, 0xaa, 0xed, 0x69, 0x3c,
-    0x4d, 0xc9, 0xa9, 0x63, 0xa9, 0x4d, 0x91,
-    0x63, 0xa3, 0x1c, 0x87, 0x36, 0x19, 0x4a,
-    0xc5, 0xd1, 0xcb, 0xf4, 0x88, 0xfd, 0xa0,
-    0x9b, 0x37, 0x9a, 0x7e, 0xcc, 0x09, 0xac,
-    0x3b, 0xf0, 0xf5, 0xb5, 0x15, 0x72, 0x47,
-    0xb0, 0x42, 0x0d, 0xed, 0x19, 0x42, 0x93,
-    0x5a, 0x56, 0xbf, 0x2c, 0x4b, 0xec, 0xf4,
-    0x13, 0x30, 0x0b, 0xdf, 0x0e, 0xc1, 0x22,
-    0xa5, 0x6c, 0xf4, 0xcf, 0x09, 0x83, 0xe2,
-    0xd0, 0x05, 0x62, 0x8d, 0xda, 0xea, 0x79,
-    0xa9, 0x6c, 0xe1, 0x90, 0xc0, 0xe7, 0x6d,
-    0x63, 0x8e, 0xe5, 0xe0, 0xa9, 0x67, 0x80,
-    0xb7, 0x80, 0x43, 0xfc, 0xa1, 0x11, 0x6d,
-    0xc9, 0x91, 0xa3, 0xcb, 0x1a, 0x6e, 0xf8,
-    0x6e, 0xdb, 0xf0, 0x7d, 0xeb, 0x45, 0x6a,
-    0xee, 0xd8, 0x3e, 0x6b, 0x9a, 0xc4, 0xcd,
-    0x7b, 0x35, 0x19, 0x73, 0x14, 0x22, 0x47,
-    0x86, 0x54, 0x34, 0xc9, 0x02, 0x49, 0xe6,
-    0xb9, 0x45, 0xf7, 0x2c, 0xf7, 0xa4, 0x12,
-    0xc4, 0x7a, 0x95, 0x41, 0x54, 0x8d, 0x51,
-    0xc5, 0x1a, 0x19, 0x75, 0x0c, 0x11, 0x03,
-    0xd0, 0x6f, 0x56, 0x04, 0xb2, 0x87, 0x21,
-    0xdb, 0x47, 0xed, 0x9b, 0xe8, 0xec, 0xa3,
-    0xe1, 0x74, 0x3e, 0x21, 0x50, 0xf2, 0x09,
-    0x2c, 0x5e, 0x3d, 0xca, 0xa7, 0x31, 0x7c,
-    0xbd, 0xe4, 0xf1, 0x15, 0x0d, 0xe6, 0x3d,
-    0x4c, 0x8e, 0x36, 0x45, 0xf7, 0x08, 0x3d,
-    0x56, 0x63, 0xb6, 0x99, 0x46, 0x34, 0x48,
-    0xfa, 0xcf, 0x88, 0xe5, 0x43, 0xf7, 0x88,
-    0xd5, 0x55, 0x13, 0xfe, 0x79, 0x02, 0x49,
-    0x1e, 0x82, 0x45, 0x45, 0x29, 0x8e, 0x0a,
-    0x7c, 0x77, 0x51, 0x1b, 0x8e, 0x75, 0xd5,
-    0xd6, 0x61, 0xff, 0xa5, 0xfe, 0x59, 0x48,
-    0xbf, 0xfc, 0xf2, 0xcd, 0x37, 0x09, 0x4c,
-    0xb6, 0xfc, 0xb0, 0x20, 0x5f, 0x12, 0x7a,
-    0x3f, 0x64, 0x96, 0xdb, 0xc8, 0xe8, 0xd0,
-    0x11, 0x19, 0x47, 0x95, 0x2d, 0x3d, 0xbf,
-    0x56, 0x9c, 0x23, 0x30, 0x07, 0x1f, 0x2c,
-    0x04, 0x5c, 0x7e, 0x4e, 0x2e, 0xa6, 0x20,
-    0x38, 0xa0, 0x88, 0x47, 0x8a, 0x3f, 0x8f,
-    0x8a, 0xe7, 0x6d, 0x0a, 0xf1, 0x2d, 0xd6,
-    0x10, 0x23, 0x01, 0x62, 0x71, 0x5a, 0xbb,
-    0x51, 0x98, 0xa1, 0x27, 0x7d, 0xba, 0x5f,
-    0xe4, 0xdc, 0xd6, 0xd7, 0x4c, 0x1a, 0xe0,
-    0x4d, 0xe1, 0xee, 0x61, 0xb7, 0xc5, 0x50,
-    0x92, 0x99, 0xc7, 0x7b, 0x18, 0xf9, 0x89,
-    0x2b, 0x57, 0xf9, 0xe9, 0xac, 0x23, 0x6e,
-    0xff, 0xbd, 0x5a, 0x93, 0xdf, 0x15, 0x74,
-    0x92, 0x0b, 0x76, 0x84, 0x96, 0x94, 0x1b,
-    0x8f, 0xe4, 0x6e, 0x2b, 0xd7, 0x47, 0xfd,
-    0x24, 0x3b, 0xe4, 0xe4, 0x99, 0xf9, 0x0b,
-    0xf9, 0x29, 0x25, 0x25, 0x6a, 0xc0, 0x1e,
-    0xb8, 0x8c, 0xd6, 0xd0, 0x6e, 0x13, 0x86,
-    0xa8, 0x7c, 0xc3, 0x31, 0x30, 0x2e, 0x9b,
-    0x51, 0xc1, 0x21, 0xea, 0x15, 0x8e, 0xd8,
-    0x06, 0xa2, 0xe9, 0x12, 0x9f, 0xcb, 0x6b,
-    0x24, 0xef, 0x4e, 0x19, 0x6c, 0xa5, 0x98,
-    0x47, 0x8b, 0x4d, 0xbe, 0x00, 0x0c, 0x04,
-    0xe3, 0x4d, 0x84, 0x64, 0x36, 0x20, 0x9f,
-    0xde, 0xe2, 0x55, 0x89, 0x3e, 0x40, 0xe1,
-    0xe3, 0x63, 0x0a, 0xe7, 0x15, 0x4c, 0xcd,
-    0x4b, 0x63, 0x6f, 0x70, 0xc2, 0x84, 0x30,
-    0x5d, 0x22, 0xd0, 0xe4, 0x65, 0xfb, 0x8a,
-    0x07, 0x1a, 0x54, 0xf5, 0x4b, 0x65, 0xad,
-    0x64, 0x91, 0x6e, 0x23, 0x98, 0x31, 0x26,
-    0x79, 0x70, 0x94, 0xff, 0xc0, 0x65, 0x70,
-    0xb4, 0x9d, 0x74, 0x8e, 0x76, 0x6b, 0x9a,
-    0x24, 0x28, 0x0d, 0x8a, 0x93, 0x87, 0x18,
-    0x04, 0x10, 0xfd, 0x0b, 0xaf, 0xd3, 0x92,
-    0xbb, 0xb5, 0x41, 0xd2, 0x87, 0xc7, 0x69,
-    0x89, 0x0c, 0x52, 0xf8, 0x46, 0x70, 0x8e,
-    0xf0, 0x99, 0x96, 0x57, 0x40, 0x9c, 0xef,
-    0x9a, 0xc2, 0x63, 0x47, 0x13, 0x11, 0x68,
-    0x40, 0xab, 0x36, 0x16, 0x53, 0xd6, 0x8f,
-    0x58, 0x5a, 0xdd, 0x0c, 0xd7, 0x17, 0x6a,
-    0x39, 0x34, 0xf1, 0xe7, 0x75, 0x3b, 0x41,
-    0x7e, 0x5a, 0x70, 0xfe, 0x5b, 0x08, 0x30,
-    0xf4, 0x7b, 0x1d, 0xd0, 0x70, 0xae, 0x18,
-    0xad, 0xd4, 0xff, 0xbb, 0xa4, 0x31, 0xec,
-    0x28, 0x72, 0x64, 0x9a, 0x24, 0x16, 0x30,
-    0xe4, 0xc5, 0x3c, 0xb0, 0x3c, 0x81, 0x4f,
-    0xb9, 0xfc, 0xe1, 0x3a, 0x05, 0x17, 0xb2,
-    0x18, 0x4c, 0x98, 0x3b, 0xfc, 0x93, 0xf0,
-    0x0d, 0xb6, 0x3c, 0x54, 0x7b, 0x10, 0xfd,
-    0x7f, 0x63, 0xfe, 0xa5, 0xc6, 0xb5, 0x24,
-    0xb4, 0xf2, 0x2f, 0xb2, 0x6f, 0x7f, 0xdb,
-    0x01, 0xdb, 0xaf, 0x57, 0xdc, 0xdb, 0xf4,
-    0xc8, 0x31, 0xb0, 0xdd, 0x05, 0x8b, 0x9b,
-    0x6e, 0x7c, 0x5e, 0x5e, 0x31, 0x2c, 0x7f,
-    0xbb, 0xa4, 0x26, 0x88, 0xe1, 0x55, 0x3d,
-    0x8d, 0x36, 0x69, 0xb7, 0xc8, 0xcc, 0x05,
-    0xfe, 0x6e, 0xcc, 0xcb, 0xfd, 0x81, 0x14,
-    0x8b, 0xbc, 0x0c, 0xd4, 0x7e, 0xb4, 0x13,
-    0xc0, 0xe2, 0x51, 0xf4, 0x07, 0xde, 0xc4,
-    0x1c, 0xf0, 0xc8, 0x92, 0xd4, 0x38, 0xd7,
-    0x1e, 0x57, 0xa7, 0x4b, 0xc7, 0xf8, 0xca,
-    0xcc, 0x61, 0x86, 0x96, 0x50, 0x4e, 0x6a,
-    0x71, 0xbd, 0x5f, 0xc6, 0x48, 0x8b, 0x6f,
-    0xeb, 0x53, 0x50, 0xea, 0x35, 0x39, 0x79,
-    0xcc, 0xee, 0xae, 0x81, 0x0f, 0xe2, 0xd2,
-    0xbb, 0x81, 0x03, 0x8a, 0xeb, 0x98, 0xc2,
-    0xad, 0xb7, 0xc0, 0x14, 0x68, 0xb9, 0x7e,
-    0x8e, 0x30, 0x11, 0x43, 0x59, 0x8f, 0x04,
-    0x2f, 0x7a, 0x99, 0x36, 0xd0, 0x75, 0x07,
-    0x6b, 0x8e, 0xc2, 0x10, 0xac, 0xc6, 0x4d,
-    0x30, 0x91, 0x9f, 0xde, 0x33, 0x0e, 0xe7,
-    0xbc, 0xe5, 0x94, 0xbf, 0x80, 0xdb, 0xb7,
-    0xe0, 0x8f, 0xb7, 0x74, 0xc3, 0x77, 0x18,
-    0x76, 0x33, 0x34, 0xb8, 0xe4, 0x81, 0xa5,
-    0xd9, 0xf7, 0x78, 0xba, 0xec, 0x62, 0x34,
-    0xcb, 0x54, 0xbe, 0x90, 0xc1, 0x56, 0x59,
-    0x22, 0x94, 0x5b, 0x1a, 0x8f, 0xc6, 0x8f,
-    0xf2, 0x84, 0x1f, 0x61, 0x4e, 0xeb, 0x98,
-    0x72, 0xdd, 0xde, 0xc9, 0xc6, 0xab, 0xd1,
-    0xad, 0xd1, 0x02, 0x60, 0x82, 0x89, 0xba,
-    0xf5, 0x1a, 0x6b, 0xde, 0x96, 0x19, 0x64,
-    0x44, 0x0a, 0xd6, 0x27, 0x9f, 0x67, 0x96,
-    0x44, 0xcc, 0x4b, 0xfd, 0x8f, 0x9e, 0xa1,
-    0x1f, 0x06, 0xac, 0x2e, 0xcf, 0xdb, 0xc7,
-    0x08, 0x5e, 0xe3, 0xa2, 0x59, 0xa2, 0x22,
-    0xf1, 0x7a, 0xce, 0xf5, 0x30, 0x53, 0xc0,
-    0xbb, 0x36, 0x13, 0x95, 0x69, 0xe2, 0x28,
-    0x47, 0xad, 0xb1, 0x82, 0xfd, 0x14, 0xf6,
-    0x6e, 0xed, 0x5b, 0xe0, 0xeb, 0x13, 0x5c,
-    0xc6, 0x72, 0xd5, 0x2c, 0xd0, 0xae, 0xc3,
-    0xad, 0xa9, 0x60, 0x2a, 0x68, 0x7b, 0x03,
-    0x54, 0xc5, 0xd1, 0x71, 0xc4, 0x99, 0x48,
-    0x75, 0x18, 0x1e, 0xda, 0x0a, 0x8b, 0xe1,
-    0x2d, 0x67, 0x1f, 0xae, 0x91, 0xc0, 0x37,
-    0x39, 0x8c, 0x7c, 0x9e, 0x42, 0xd3, 0x6e,
-    0xaf, 0x7e, 0x8e, 0xa0, 0x01, 0x45, 0xc1,
-    0xc6, 0xef, 0xc6, 0x2e, 0x87, 0x7b, 0x5a,
-    0x60, 0xe0, 0xec, 0x3b, 0x76, 0x8e, 0xb3,
-    0x0d, 0x57, 0x86, 0xa2, 0xc9, 0x1a, 0x1b,
-    0x38, 0x6b, 0x75, 0x7a, 0x81, 0x8b, 0x97,
-    0x99, 0xa1, 0xbb, 0xd8, 0xda, 0xdf, 0xea,
-    0xef, 0xf0, 0xf9, 0x01, 0x08, 0x11, 0x18,
-    0x26, 0x36, 0x4b, 0x52, 0x56, 0x68, 0x7b,
-    0x98, 0xca, 0xd3, 0xd6, 0xef, 0xf6, 0x05,
-    0x07, 0x09, 0x10, 0x1f, 0x21, 0x28, 0x32,
-    0x39, 0x3a, 0x3c, 0x54, 0x77, 0x7b, 0x81,
-    0x99, 0xa9, 0xb0, 0xb2, 0xce, 0xe5, 0xe7,
-    0x1f, 0x23, 0x3f, 0x4e, 0x50, 0x5d, 0x71,
-    0x7a, 0x7c, 0x91, 0xa7, 0xab, 0xae, 0xd0,
-    0xd6, 0xe1, 0xe6, 0xf1, 0xf3, 0xfa, 0x00,
-    0x00, 0x13, 0x24, 0x3a, 0x4e,
-};
-#endif
-
-static int test_wc_dilithium(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM)
-    dilithium_key* key;
-    byte level;
-#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
-    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
-    WC_RNG rng;
-#endif
-    byte* privKey = NULL;
-#ifndef WOLFSSL_DILITHIUM_NO_SIGN
-    word32 privKeyLen = DILITHIUM_MAX_KEY_SIZE;
-#endif
-    byte* pubKey = NULL;
-#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
-    word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
-#endif
-
-    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(key);
-    privKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(privKey);
-    pubKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(pubKey);
-
-    if (key != NULL) {
-        XMEMSET(key, 0, sizeof(*key));
-    }
-#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
-    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-#endif
-
-#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
-    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-#endif
-
-    ExpectIntEQ(wc_dilithium_init(NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_init_ex(NULL, NULL, INVALID_DEVID), BAD_FUNC_ARG);
-    wc_dilithium_free(NULL);
-
-    ExpectIntEQ(wc_dilithium_init(key), 0);
-    wc_dilithium_free(key);
-    ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0);
-
-#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
-    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen),
-        BAD_FUNC_ARG);
-#endif
-#ifndef WOLFSSL_DILITHIUM_NO_SIGN
-    ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen),
-        BAD_FUNC_ARG);
-#endif
-
-#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
-    ExpectIntEQ(wc_dilithium_size(NULL), BAD_FUNC_ARG);
-#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_priv_size(NULL), BAD_FUNC_ARG);
-#endif
-#endif
-#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_pub_size(NULL), BAD_FUNC_ARG);
-#endif
-#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
-    ExpectIntEQ(wc_dilithium_sig_size(NULL), BAD_FUNC_ARG);
-#endif
-#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
-    ExpectIntEQ(wc_dilithium_size(key), BAD_FUNC_ARG);
-#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_priv_size(key), BAD_FUNC_ARG);
-#endif
-#endif
-#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_pub_size(key), BAD_FUNC_ARG);
-#endif
-#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
-    ExpectIntEQ(wc_dilithium_sig_size(key), BAD_FUNC_ARG);
-#endif
-
-    ExpectIntEQ(wc_dilithium_set_level(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_set_level(key, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_set_level(NULL, WC_ML_DSA_44), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_set_level(key, 1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_set_level(key, 4), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_dilithium_get_level(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_get_level(key, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_get_level(NULL, &level), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_get_level(key, &level), BAD_FUNC_ARG);
-
-#ifndef WOLFSSL_NO_ML_DSA_87
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
-    ExpectIntEQ(wc_dilithium_get_level(key, &level), 0);
-    ExpectIntEQ(level, WC_ML_DSA_87);
-#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
-    ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL5_KEY_SIZE);
-#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL5_PRV_KEY_SIZE);
-#endif
-#endif
-#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL5_PUB_KEY_SIZE);
-#endif
-#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
-    ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL5_SIG_SIZE);
-#endif
-#else
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), NOT_COMPILED_IN);
-#endif
-#ifndef WOLFSSL_NO_ML_DSA_65
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
-    ExpectIntEQ(wc_dilithium_get_level(key, &level), 0);
-    ExpectIntEQ(level, WC_ML_DSA_65);
-#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
-    ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL3_KEY_SIZE);
-#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL3_PRV_KEY_SIZE);
-#endif
-#endif
-#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL3_PUB_KEY_SIZE);
-#endif
-#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
-    ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL3_SIG_SIZE);
-#endif
-#else
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), NOT_COMPILED_IN);
-#endif
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
-    ExpectIntEQ(wc_dilithium_get_level(key, &level), 0);
-    ExpectIntEQ(level, WC_ML_DSA_44);
-#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
-    ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL2_KEY_SIZE);
-#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL2_PRV_KEY_SIZE);
-#endif
-#endif
-#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
-    ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL2_PUB_KEY_SIZE);
-#endif
-#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
-    ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL2_SIG_SIZE);
-#endif
-#else
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), NOT_COMPILED_IN);
-#endif
-
-#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
-    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen),
-        BAD_FUNC_ARG);
-#endif
-#ifndef WOLFSSL_DILITHIUM_NO_SIGN
-    ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen),
-        BAD_FUNC_ARG);
-#endif
-
-    wc_dilithium_free(key);
-#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
-    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
-    wc_FreeRng(&rng);
-#endif
-    XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_dilithium_make_key(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
-    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
-    dilithium_key* key;
-    WC_RNG rng;
-
-    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(key);
-
-    if (key != NULL) {
-        XMEMSET(key, 0, sizeof(*key));
-    }
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_dilithium_init(key), 0);
-
-    ExpectIntEQ(wc_dilithium_make_key(key, &rng), BAD_STATE_E);
-
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
-#else
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
-#endif
-
-    ExpectIntEQ(wc_dilithium_make_key(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_make_key(key, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_make_key(NULL, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
-
-    wc_dilithium_free(key);
-    wc_FreeRng(&rng);
-    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_dilithium_sign(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
-    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
-    dilithium_key* key;
-    dilithium_key* importKey = NULL;
-    WC_RNG rng;
-    byte* privKey = NULL;
-    word32 privKeyLen = DILITHIUM_MAX_KEY_SIZE;
-    word32 badKeyLen;
-    byte msg[32];
-    byte* sig = NULL;
-    word32 sigLen = DILITHIUM_MAX_SIG_SIZE;
-
-    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(key);
-    importKey = (dilithium_key*)XMALLOC(sizeof(*key), NULL,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(importKey);
-    privKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(privKey);
-    sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(sig);
-
-    if (key != NULL) {
-        XMEMSET(key, 0, sizeof(*key));
-    }
-    if (importKey != NULL) {
-        XMEMSET(importKey, 0, sizeof(*importKey));
-    }
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(msg, 0x55, sizeof(msg));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_dilithium_init(key), 0);
-
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
-#else
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
-#endif
-
-#ifdef WOLFSSL_DILITHIUM_NO_MAKE_KEY
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level2_key,
-        sizeof_bench_dilithium_level2_key, key), 0);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level3_key,
-        sizeof_bench_dilithium_level3_key, key), 0);
-#else
-    ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level5_key,
-        sizeof_bench_dilithium_level5_key, key), 0);
-#endif
-#else
-    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
-#endif
-
-    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, NULL, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, sig, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, &sigLen, NULL, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, key, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, NULL, &rng),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, sig, &sigLen, key, &rng),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, NULL, &sigLen, key, &rng),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, NULL, key, &rng),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, NULL, &rng),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0);
-
-    ExpectIntEQ(wc_dilithium_export_private(NULL, NULL, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_private(key, NULL, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_private(NULL, privKey, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_private(NULL, NULL, &privKeyLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_private(NULL, privKey, &privKeyLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_private(key, NULL, &privKeyLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_private(key, privKey, NULL),
-        BAD_FUNC_ARG);
-    badKeyLen = 0;
-    ExpectIntEQ(wc_dilithium_export_private(key, privKey, &badKeyLen),
-        BUFFER_E);
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL2_KEY_SIZE);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL3_KEY_SIZE);
-#else
-    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL5_KEY_SIZE);
-#endif
-    ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen),
-        0);
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL2_KEY_SIZE);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL3_KEY_SIZE);
-#else
-    ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL5_KEY_SIZE);
-#endif
-
-    ExpectIntEQ(wc_dilithium_init(importKey), 0);
-    ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, importKey),
-        BAD_FUNC_ARG);
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_44), 0);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_65), 0);
-#else
-    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_87), 0);
-#endif
-    ExpectIntEQ(wc_dilithium_import_private(NULL, 0, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_private(privKey, 0, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_private(NULL, privKeyLen, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_private(NULL, 0, importKey),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_private(NULL, privKeyLen, importKey),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_private(privKey, 0, importKey),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, importKey),
-        0);
-    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0);
-#ifdef WOLFSSL_DILITHIUM_CHECK_KEY
-    ExpectIntEQ(wc_dilithium_check_key(importKey), PUBLIC_KEY_E);
-#endif
-    wc_dilithium_free(importKey);
-
-    wc_dilithium_free(key);
-    wc_FreeRng(&rng);
-
-    XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(importKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_dilithium_verify(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
-    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
-    (!defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_DILITHIUM_NO_SIGN))
-    dilithium_key* key;
-    dilithium_key* importKey = NULL;
-    WC_RNG rng;
-    byte* pubKey = NULL;
-    word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
-    word32 badKeyLen;
-    byte msg[32];
-    byte* sig = NULL;
-    word32 sigLen = DILITHIUM_MAX_SIG_SIZE;
-    int res;
-#ifndef WOLFSSL_NO_ML_DSA_44
-    byte b;
-#endif
-
-    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(key);
-    importKey = (dilithium_key*)XMALLOC(sizeof(*key), NULL,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(importKey);
-    pubKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(pubKey);
-    sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(sig);
-
-    if (key != NULL) {
-        XMEMSET(key, 0, sizeof(*key));
-    }
-    if (importKey != NULL) {
-        XMEMSET(importKey, 0, sizeof(*importKey));
-    }
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    XMEMSET(msg, 0x55, sizeof(msg));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_dilithium_init(key), 0);
-
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
-#else
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
-#endif
-
-#if !defined(WOLFSSL_NO_ML_DSA_44)
-    ExpectIntEQ(wc_dilithium_import_public(ml_dsa_44_pub_key,
-        (word32)sizeof(ml_dsa_44_pub_key), key), 0);
-    if (sig != NULL) {
-        XMEMCPY(sig, ml_dsa_44_good_sig, sizeof(ml_dsa_44_good_sig));
-    }
-    sigLen = (word32)sizeof(ml_dsa_44_good_sig);
-#else
-#ifdef WOLFSSL_DILITHIUM_NO_MAKE_KEY
-#ifndef WOLFSSL_NO_ML_DSA_65
-    ExpectIntEQ(wc_dilithium_import_public(bench_dilithium_level3_pub_key,
-        sizeof_bench_dilithium_level3_pub_key, key), 0);
-#else
-    ExpectIntEQ(wc_dilithium_import_public(bench_dilithium_level5_pub_key,
-        sizeof_bench_dilithium_level5_pub_key, key), 0);
-#endif /* !WOLFSSL_NO_ML_DSA_65 */
-#else
-    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
-#endif /* WOLFSSL_DILITHIUM_NO_MAKE_KEY */
-
-    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0);
-#endif /* !WOLFSSL_NO_ML_DSA_44 */
-
-    ExpectIntEQ(wc_dilithium_export_public(NULL, NULL, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_public(key, NULL, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_public(NULL, pubKey, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_public(NULL, NULL, &pubKeyLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_public(NULL, pubKey, &pubKeyLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_public(key, NULL, &pubKeyLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, NULL),
-        BAD_FUNC_ARG);
-    badKeyLen = 0;
-    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &badKeyLen),
-        BUFFER_E);
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL2_PUB_KEY_SIZE);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL3_PUB_KEY_SIZE);
-#else
-    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL5_PUB_KEY_SIZE);
-#endif
-    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen), 0);
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL2_PUB_KEY_SIZE);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL3_PUB_KEY_SIZE);
-#else
-    ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL5_PUB_KEY_SIZE);
-#endif
-
-    ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, NULL, NULL),
-       BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_verify_msg(sig, 0, NULL, 32, NULL, NULL),
-       BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, msg, 32, NULL, NULL),
-       BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, &res, NULL),
-       BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, NULL, key),
-       BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_verify_msg(NULL, sigLen, msg, 32, &res, key),
-       BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_verify_msg(sig, 0, msg, 32, &res, key),
-       BUFFER_E);
-    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, NULL, 32, &res, key),
-       BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, NULL, key),
-       BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, NULL),
-       BAD_FUNC_ARG);
-    res = 0;
-    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), 0);
-    ExpectIntEQ(res, 1);
-
-    ExpectIntEQ(wc_dilithium_init(importKey), 0);
-    ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, importKey),
-        BAD_FUNC_ARG);
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_44), 0);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_65), 0);
-#else
-    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_87), 0);
-#endif
-    ExpectIntEQ(wc_dilithium_import_public(NULL, 0, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_public(pubKey, 0, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_public(NULL, pubKeyLen, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_public(NULL, 0, importKey),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_public(NULL, pubKeyLen, importKey),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_public(pubKey, 0, importKey),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, importKey), 0);
-    res = 0;
-    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, importKey),
-        0);
-    ExpectIntEQ(res, 1);
-#ifdef WOLFSSL_DILITHIUM_CHECK_KEY
-    ExpectIntEQ(wc_dilithium_check_key(importKey), BAD_FUNC_ARG);
-#endif
-    wc_dilithium_free(importKey);
-
-#ifndef WOLFSSL_NO_ML_DSA_44
-    if (sig != NULL) {
-        if (sig[sigLen - 5] == 0) {
-            /* Unused hints meant to be 0. */
-            sig[sigLen - 5] = 0xff;
-            res = 1;
-            ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res,
-                key), SIG_VERIFY_E);
-            ExpectIntEQ(res, 0);
-            sig[sigLen - 5] = 0x00;
-        }
-
-        /* Last count of hints must be less than PARAMS_ML_DSA_44_OMEGA == 80 */
-        b = sig[sigLen - 1];
-        sig[sigLen - 1] = 0xff;
-        res = 1;
-        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
-            SIG_VERIFY_E);
-        ExpectIntEQ(res, 0);
-        sig[sigLen - 1] = b;
-
-        if (sig[sigLen - 4] > 1) {
-            /* Index must be less than previous. */
-            b = sig[sigLen - 84];
-            sig[sigLen - 84] = 0xff;
-            res = 1;
-            ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res,
-                key), SIG_VERIFY_E);
-            ExpectIntEQ(res, 0);
-            sig[sigLen - 84] = b;
-        }
-
-        /* Mess up commit hash. */
-        sig[0] ^= 0x80;
-        res = 1;
-        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
-            0);
-        ExpectIntEQ(res, 0);
-        sig[0] ^= 0x80;
-
-        /* Mess up z. */
-        sig[100] ^= 0x80;
-        res = 1;
-        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
-            0);
-        ExpectIntEQ(res, 0);
-        sig[100] ^= 0x80;
-
-        /* Set all indeces to 0. */
-        XMEMSET(sig + sigLen - 4, 0, 4);
-        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
-            SIG_VERIFY_E);
-        ExpectIntEQ(res, 0);
-    }
-#endif
-
-    wc_dilithium_free(key);
-    wc_FreeRng(&rng);
-
-    XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(importKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_dilithium_check_key(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
-    defined(WOLFSSL_DILITHIUM_CHECK_KEY) && \
-    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
-    dilithium_key* checkKey;
-    WC_RNG rng;
-    byte* privCheckKey = NULL;
-    word32 privCheckKeyLen = DILITHIUM_MAX_KEY_SIZE;
-    byte* pubCheckKey = NULL;
-    word32 pubCheckKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
-
-    checkKey = (dilithium_key*)XMALLOC(sizeof(*checkKey), NULL,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(checkKey);
-    privCheckKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(privCheckKey);
-    pubCheckKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(pubCheckKey);
-
-    if (checkKey != NULL) {
-        XMEMSET(checkKey, 0, sizeof(*checkKey));
-    }
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    ExpectIntEQ(wc_dilithium_check_key(NULL), BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_dilithium_init(checkKey), 0);
-
-    ExpectIntEQ(wc_dilithium_export_key(NULL, privCheckKey,
-        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
-        privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
-        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
-        privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), BAD_FUNC_ARG);
-
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_44), 0);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_65), 0);
-#else
-    ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_87), 0);
-#endif
-    ExpectIntEQ(wc_dilithium_make_key(checkKey, &rng), 0);
-
-    ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_key(checkKey, NULL, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_key(NULL, privCheckKey, NULL, NULL, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, &privCheckKeyLen, NULL,
-        NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, pubCheckKey, NULL),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, NULL,
-        &pubCheckKeyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_key(NULL     , privCheckKey,
-        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_key(checkKey, NULL        ,
-        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
-        NULL            , pubCheckKey, &pubCheckKeyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
-        &privCheckKeyLen, NULL       , &pubCheckKeyLen), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
-        &privCheckKeyLen, pubCheckKey, NULL           ), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
-        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), 0);
-
-    /* Modify hash. */
-    if (pubCheckKey != NULL) {
-        pubCheckKey[0] ^= 0x80;
-        ExpectIntEQ(wc_dilithium_import_key(NULL, 0, NULL, 0, NULL),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_dilithium_import_key(privCheckKey, 0, NULL, 0, NULL),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_dilithium_import_key(NULL, 0, pubCheckKey, 0, NULL),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_dilithium_import_key(NULL, 0, NULL, 0, checkKey),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_dilithium_import_key(NULL        ,
-            privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
-            0              , pubCheckKey, pubCheckKeyLen, checkKey),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
-            privCheckKeyLen, NULL       , pubCheckKeyLen, checkKey),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
-            privCheckKeyLen, pubCheckKey, 0             , checkKey),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
-            privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL     ),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
-            privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), 0);
-        ExpectIntEQ(wc_dilithium_check_key(checkKey), PUBLIC_KEY_E);
-        pubCheckKey[0] ^= 0x80;
-
-        /* Modify encoded t1. */
-        pubCheckKey[48] ^= 0x80;
-        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
-            privCheckKeyLen,pubCheckKey, pubCheckKeyLen, checkKey), 0);
-        ExpectIntEQ(wc_dilithium_check_key(checkKey), PUBLIC_KEY_E);
-        pubCheckKey[48] ^= 0x80;
-    }
-
-    wc_dilithium_free(checkKey);
-    wc_FreeRng(&rng);
-
-    XFREE(pubCheckKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(privCheckKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(checkKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
-    defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
-static const unsigned char dilithium_public_der[] = {
-#ifndef WOLFSSL_NO_ML_DSA_44
-    0x30, 0x82, 0x05, 0x34, 0x30, 0x0d, 0x06, 0x0b,
-    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
-    0x0c, 0x04, 0x04, 0x03, 0x82, 0x05, 0x21, 0x00,
-    0x0a, 0xf7, 0xc8, 0xa4, 0x96, 0x01, 0xa7, 0xb2,
-    0x2e, 0x4d, 0xc9, 0xd9, 0x1c, 0xa1, 0x86, 0x09,
-    0xce, 0x14, 0x6f, 0xe8, 0x33, 0x3c, 0x7b, 0xdb,
-    0x19, 0x9c, 0x56, 0x39, 0x6a, 0x6c, 0x5d, 0x1f,
-    0xe4, 0x26, 0xcb, 0x16, 0x91, 0x4d, 0xeb, 0x5a,
-    0x36, 0x22, 0xee, 0xda, 0xdf, 0x46, 0x3e, 0xa1,
-    0x4f, 0x9a, 0x30, 0xb5, 0x3f, 0x60, 0xf7, 0x75,
-    0x47, 0xdc, 0x55, 0xf1, 0xbe, 0xbc, 0x87, 0x6c,
-    0x50, 0x7c, 0x21, 0x55, 0x35, 0xad, 0xa7, 0xf9,
-    0x1c, 0xf8, 0xa1, 0x92, 0x79, 0x10, 0x52, 0x7a,
-    0xc3, 0xba, 0xd3, 0x9d, 0xc6, 0x9b, 0xf4, 0xcb,
-    0x1b, 0xa2, 0xde, 0x83, 0x86, 0xa6, 0x35, 0xea,
-    0xf2, 0x8c, 0xdc, 0xba, 0x3e, 0xef, 0x9c, 0xf5,
-    0x8e, 0xc3, 0xb0, 0xc0, 0x5b, 0xcc, 0x35, 0x6a,
-    0x81, 0xe5, 0x17, 0xb3, 0x9a, 0x57, 0xa6, 0x4a,
-    0x87, 0xb1, 0xa7, 0xf5, 0xa2, 0x96, 0x40, 0x8b,
-    0xc1, 0x62, 0xb2, 0xd9, 0x76, 0xe8, 0x51, 0x33,
-    0x44, 0x3d, 0xeb, 0x14, 0x86, 0x88, 0x2c, 0xc1,
-    0x47, 0xba, 0x2b, 0x85, 0x3b, 0x72, 0xcb, 0x9f,
-    0x40, 0xba, 0x19, 0x58, 0xa4, 0x34, 0x0a, 0xd2,
-    0x8c, 0x97, 0xbd, 0x3d, 0x09, 0xb0, 0x4a, 0xeb,
-    0xaa, 0xee, 0x58, 0x1e, 0xc1, 0x19, 0x26, 0x70,
-    0x15, 0xa5, 0x17, 0x7e, 0xd0, 0xa1, 0x08, 0xf9,
-    0x6d, 0xcf, 0x20, 0x62, 0x95, 0x8e, 0x61, 0xf4,
-    0x29, 0x96, 0x6f, 0x38, 0x1c, 0x67, 0xd5, 0xa6,
-    0x4c, 0xf5, 0x1f, 0xda, 0x12, 0x22, 0x24, 0x6b,
-    0x0d, 0xb7, 0x6a, 0xe5, 0xaf, 0x6c, 0x89, 0x52,
-    0xc2, 0x85, 0x85, 0x5f, 0x16, 0x33, 0x0c, 0xc6,
-    0x7a, 0xe0, 0xa8, 0xed, 0x13, 0x58, 0xf3, 0xa0,
-    0x80, 0x42, 0x3c, 0xe3, 0x57, 0xd1, 0xe2, 0x66,
-    0xc4, 0xe0, 0x3d, 0x49, 0x32, 0x21, 0xd9, 0xa1,
-    0x3c, 0x93, 0x0a, 0xf7, 0x5f, 0x34, 0x65, 0xa4,
-    0x30, 0xf9, 0xe7, 0x8a, 0x96, 0x04, 0xdb, 0xc5,
-    0x16, 0x15, 0x10, 0x74, 0x4f, 0xc9, 0x6b, 0x4b,
-    0x66, 0x29, 0xb0, 0xd1, 0x3b, 0xdd, 0x41, 0x0a,
-    0xfe, 0xdf, 0x5f, 0x72, 0x91, 0xbc, 0x99, 0x2f,
-    0x8d, 0x72, 0x3a, 0x4a, 0xde, 0x11, 0x3a, 0x20,
-    0xb2, 0x56, 0xb5, 0x73, 0x89, 0xb4, 0x63, 0x37,
-    0x86, 0xbd, 0x99, 0x8b, 0x03, 0x56, 0x50, 0x21,
-    0x11, 0x78, 0x8c, 0xd5, 0xc1, 0x92, 0x33, 0x72,
-    0x6e, 0x8d, 0x88, 0x2d, 0x10, 0x8f, 0x31, 0xd3,
-    0x23, 0xe5, 0xaa, 0x1f, 0xe1, 0x37, 0xec, 0x34,
-    0x42, 0x30, 0x75, 0xff, 0xb2, 0x1a, 0x8e, 0x29,
-    0x03, 0x4c, 0xfd, 0xdf, 0x53, 0xf2, 0x0b, 0x2d,
-    0xf9, 0x1c, 0x9e, 0xb6, 0x5a, 0x6c, 0x5e, 0x88,
-    0x48, 0x29, 0x89, 0x42, 0xfc, 0x97, 0xfb, 0x27,
-    0x1c, 0x99, 0x2a, 0xbf, 0x7f, 0x04, 0xb2, 0xcd,
-    0xc9, 0x3a, 0x39, 0xfe, 0x4f, 0x47, 0x92, 0x0b,
-    0x85, 0xfc, 0x92, 0x57, 0xc5, 0x0b, 0x23, 0x1f,
-    0x0b, 0x72, 0xb4, 0xde, 0xfe, 0xbe, 0xb7, 0x39,
-    0xb3, 0xd7, 0x48, 0x03, 0xed, 0x76, 0xac, 0x63,
-    0xf7, 0x2a, 0x58, 0xef, 0xdb, 0x63, 0x5a, 0x56,
-    0x68, 0xcc, 0xb2, 0x8b, 0x22, 0xac, 0xdf, 0xc4,
-    0xad, 0x6f, 0xad, 0x24, 0xfd, 0x30, 0xfb, 0xed,
-    0x6e, 0xde, 0x65, 0x2b, 0xb4, 0x57, 0x35, 0x49,
-    0xc1, 0xc9, 0x82, 0xf4, 0x72, 0x69, 0xef, 0x34,
-    0xc0, 0x37, 0x8b, 0x8b, 0xd3, 0xd3, 0x25, 0xcc,
-    0xe5, 0xf5, 0xf6, 0x9c, 0xa3, 0xe7, 0x88, 0xd7,
-    0x55, 0x73, 0x31, 0x4c, 0xb1, 0x7b, 0x64, 0xb3,
-    0x38, 0xde, 0x47, 0x9a, 0xfc, 0xf1, 0xfa, 0xf8,
-    0x6e, 0xc5, 0x95, 0xb9, 0xaf, 0x6a, 0x7a, 0x94,
-    0x80, 0x0d, 0x29, 0x62, 0x99, 0x0a, 0x34, 0xa2,
-    0x8f, 0xa1, 0x5e, 0x98, 0x7c, 0x4e, 0x18, 0xcd,
-    0x63, 0x68, 0x0e, 0xfa, 0x6f, 0x49, 0x01, 0x02,
-    0xcd, 0xf1, 0xc1, 0x09, 0x57, 0xa3, 0x03, 0xec,
-    0x94, 0x36, 0xab, 0xc6, 0x1c, 0xc0, 0x98, 0x22,
-    0x15, 0x5b, 0x5b, 0x61, 0x3c, 0xc2, 0x5b, 0x6f,
-    0x1c, 0x82, 0x41, 0x39, 0x87, 0xde, 0x92, 0xa9,
-    0xe4, 0x12, 0x74, 0x3b, 0x31, 0x36, 0xac, 0x92,
-    0xb0, 0x23, 0x26, 0xfa, 0xd8, 0xa3, 0xe8, 0x84,
-    0xfc, 0x52, 0xc5, 0x7b, 0xd1, 0x4b, 0xe2, 0x1a,
-    0x33, 0xdd, 0x3c, 0xdf, 0x27, 0x50, 0x6f, 0x12,
-    0xd3, 0x17, 0x66, 0xd7, 0x54, 0x33, 0x30, 0x2b,
-    0xe8, 0xd1, 0x1f, 0x2d, 0xf3, 0x37, 0x81, 0xa0,
-    0x3c, 0x21, 0x8c, 0xea, 0x95, 0xa5, 0x5b, 0x3a,
-    0x24, 0xed, 0xf7, 0x67, 0x7b, 0x72, 0x3a, 0xda,
-    0x31, 0xbd, 0xa7, 0x63, 0xa6, 0x6f, 0xf9, 0xdf,
-    0x06, 0x36, 0xb4, 0xe2, 0x35, 0x4b, 0xa5, 0x8e,
-    0x29, 0x8e, 0x6c, 0x02, 0xc5, 0x06, 0x9b, 0x98,
-    0x6e, 0x5e, 0x00, 0x6a, 0x42, 0x09, 0x4b, 0xc3,
-    0x09, 0x37, 0x67, 0x19, 0x58, 0x6d, 0x40, 0x50,
-    0xb0, 0x62, 0x5b, 0xd6, 0x63, 0x7f, 0xed, 0xb0,
-    0x97, 0x80, 0x9e, 0x91, 0x3f, 0x82, 0xfd, 0x83,
-    0x36, 0xce, 0x06, 0xc4, 0xdc, 0xa4, 0x1e, 0x70,
-    0xd4, 0x94, 0xfc, 0x6e, 0x46, 0xa3, 0xc8, 0xed,
-    0x34, 0x0a, 0xb1, 0x9a, 0x66, 0x5d, 0xc0, 0xce,
-    0x73, 0xd3, 0x65, 0xcb, 0xfb, 0x79, 0xdd, 0xf6,
-    0x19, 0xf6, 0xd8, 0xa9, 0xe6, 0x34, 0x15, 0x86,
-    0x7a, 0x30, 0x79, 0xde, 0x2b, 0x06, 0xa4, 0xc0,
-    0xc8, 0xa2, 0xc1, 0x41, 0xb3, 0x4c, 0xf6, 0xdb,
-    0x16, 0xcd, 0xd2, 0x8b, 0xf1, 0x18, 0x5a, 0xc8,
-    0x3e, 0xd9, 0x54, 0x40, 0xd4, 0xce, 0x88, 0xbb,
-    0x66, 0xf1, 0x74, 0x20, 0xa2, 0x3c, 0x31, 0x09,
-    0xba, 0xac, 0x61, 0x15, 0x9f, 0x73, 0x5f, 0xa7,
-    0xe5, 0x0d, 0xb3, 0xab, 0xa2, 0x72, 0x25, 0xc9,
-    0x87, 0x9b, 0x18, 0xdb, 0xff, 0xfb, 0x39, 0x84,
-    0x8d, 0xf8, 0x97, 0x47, 0xab, 0xc4, 0xfb, 0xc2,
-    0xd8, 0xe8, 0xce, 0x6e, 0x65, 0x76, 0x88, 0x4a,
-    0x22, 0x2f, 0xdd, 0x43, 0xa7, 0xc4, 0x8d, 0x32,
-    0x12, 0x75, 0x0b, 0x72, 0xd6, 0xb7, 0x43, 0x84,
-    0xc8, 0x59, 0xa8, 0xb7, 0x8b, 0x84, 0x33, 0x92,
-    0x8f, 0x94, 0xe8, 0xd0, 0xaf, 0x11, 0x35, 0xde,
-    0xb7, 0x63, 0xb8, 0x91, 0x4c, 0x96, 0x4e, 0x9c,
-    0x62, 0x28, 0xa2, 0xbc, 0x0b, 0x90, 0xae, 0x94,
-    0x90, 0xe9, 0x32, 0xeb, 0xe3, 0x77, 0x60, 0x5f,
-    0x87, 0x48, 0x4b, 0xb0, 0x78, 0x0e, 0xe2, 0x85,
-    0x47, 0x06, 0xa4, 0xc9, 0x26, 0xac, 0x8f, 0xe7,
-    0xc2, 0xc7, 0xce, 0xf5, 0xd1, 0x20, 0xa8, 0x56,
-    0xe1, 0x4f, 0x50, 0x90, 0xb3, 0xc1, 0x03, 0x57,
-    0xd3, 0x62, 0x0e, 0x2a, 0xe8, 0x86, 0xf4, 0x94,
-    0x0e, 0xa5, 0x8b, 0x4e, 0x73, 0xa2, 0x76, 0xac,
-    0x00, 0x29, 0xe5, 0x80, 0x26, 0x02, 0x13, 0xd1,
-    0xb2, 0x68, 0x72, 0x23, 0x38, 0x55, 0xfc, 0x4d,
-    0x05, 0x60, 0x49, 0x7b, 0xfb, 0xaa, 0x17, 0x8f,
-    0x26, 0x0a, 0x08, 0x33, 0x8d, 0x7f, 0x4e, 0xe5,
-    0x6e, 0xf8, 0x84, 0x9b, 0x9f, 0xcb, 0xa2, 0x2b,
-    0xfb, 0xaf, 0xad, 0x21, 0xe2, 0x4f, 0x6f, 0x55,
-    0xc1, 0x78, 0x46, 0xe3, 0xb5, 0x63, 0x06, 0x9b,
-    0x93, 0x7d, 0xac, 0xd4, 0xe0, 0x64, 0x01, 0x8d,
-    0xac, 0x30, 0x8b, 0x8b, 0x55, 0xb7, 0x8a, 0x16,
-    0x3f, 0xc9, 0x82, 0x7f, 0xb5, 0x3b, 0x0d, 0xc0,
-    0x46, 0x89, 0x5c, 0x6c, 0x45, 0x21, 0x78, 0xda,
-    0x84, 0x1f, 0xc8, 0xcf, 0xf1, 0x1e, 0x79, 0x71,
-    0x3b, 0xc8, 0xe2, 0x8b, 0x41, 0xfe, 0xaf, 0x2f,
-    0x3b, 0x23, 0x13, 0xc5, 0x46, 0x87, 0xc6, 0x24,
-    0x37, 0x21, 0x68, 0x8a, 0x3e, 0x45, 0x61, 0xf4,
-    0xad, 0xf5, 0x1c, 0x23, 0x45, 0xa3, 0x42, 0xf2,
-    0xa9, 0xac, 0x94, 0x50, 0xc9, 0x3d, 0x5e, 0x70,
-    0x33, 0x2b, 0x78, 0xd1, 0x5c, 0x13, 0x35, 0xe6,
-    0x13, 0x80, 0x5e, 0x55, 0xa7, 0xcc, 0x67, 0xb0,
-    0x6c, 0xfe, 0xa2, 0x24, 0x02, 0x6d, 0xb3, 0xcb,
-    0x9e, 0x94, 0xb3, 0xc6, 0x01, 0xf3, 0x01, 0x3a,
-    0xe4, 0xa7, 0xa3, 0xdf, 0x56, 0x4c, 0x30, 0xce,
-    0xb1, 0xd5, 0x1b, 0x68, 0x9b, 0x75, 0xae, 0xf4,
-    0xb9, 0x2a, 0xe5, 0x8b, 0x7b, 0xe5, 0x99, 0x46,
-    0x5f, 0x29, 0xf6, 0x82, 0xd0, 0x42, 0xb1, 0x45,
-    0x09, 0x16, 0x5b, 0x32, 0x11, 0xca, 0x48, 0xea,
-    0x51, 0x12, 0x0a, 0x9f, 0x6e, 0x3f, 0x74, 0xe6,
-    0xe0, 0xfe, 0xf8, 0xa5, 0xc0, 0xfd, 0x15, 0x6e,
-    0x2b, 0x4a, 0xd5, 0x76, 0xa8, 0x3d, 0xe3, 0x0d,
-    0xfe, 0x44, 0x11, 0x5e, 0x7a, 0xde, 0x12, 0x29,
-    0x5a, 0x5a, 0x25, 0xc0, 0x8e, 0x98, 0xd1, 0x11,
-    0xc8, 0x00, 0x65, 0xb2, 0xf4, 0xd7, 0x56, 0x32,
-    0x46, 0x2b, 0x4f, 0x7e, 0xc3, 0x4e, 0xf1, 0x17,
-    0xff, 0x03, 0x32, 0xae, 0xe3, 0xbe, 0x0b, 0xab,
-    0xfb, 0x43, 0x0f, 0x6d, 0xa5, 0xc6, 0x44, 0xba,
-    0xc9, 0xe3, 0x3d, 0x40, 0xe7, 0x6c, 0xe8, 0x21,
-    0xb2, 0x46, 0x7b, 0x3b, 0x3d, 0xde, 0x80, 0xc8,
-    0xea, 0xf4, 0x6b, 0xf3, 0x53, 0xca, 0x51, 0x84,
-    0xcf, 0xad, 0x7e, 0xce, 0xce, 0xc2, 0x65, 0xfc,
-    0x03, 0x8c, 0xcb, 0xfa, 0xcb, 0x37, 0x89, 0x82,
-    0x59, 0x5e, 0x36, 0x52, 0xe4, 0xbc, 0x8d, 0x47,
-    0x7c, 0xb8, 0x3f, 0x63, 0x59, 0xdc, 0xd3, 0x74,
-    0x11, 0x33, 0xb4, 0x69, 0x74, 0x40, 0x0d, 0x42,
-    0x63, 0x1d, 0xe6, 0x5c, 0x1b, 0xca, 0x41, 0xff,
-    0x23, 0x4e, 0xe8, 0x3d, 0x14, 0xa8, 0x17, 0x18,
-    0xd0, 0x78, 0x08, 0x87, 0x7d, 0x5e, 0xdc, 0x3a,
-    0x07, 0xba, 0x12, 0x8e, 0x8e, 0x56, 0x0a, 0xcb,
-    0x37, 0xf6, 0x54, 0xeb, 0x55, 0x16, 0x8f, 0x06,
-    0x15, 0x28, 0x6b, 0xfb, 0xed, 0x38, 0x9e, 0x9b,
-    0x98, 0x5b, 0xdc, 0x67, 0x33, 0x0e, 0x02, 0x36,
-    0x1b, 0x7a, 0x9a, 0x43, 0xcd, 0xf2, 0x65, 0xef,
-    0x37, 0x19, 0x24, 0x6f, 0x4b, 0xb9, 0x4d, 0x3e,
-    0x0b, 0x47, 0xd1, 0x67, 0x50, 0x6a, 0x7f, 0x07
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    0x30, 0x82, 0x07, 0xb4, 0x30, 0x0d, 0x06, 0x0b,
-    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
-    0x0c, 0x06, 0x05, 0x03, 0x82, 0x07, 0xa1, 0x00,
-    0xff, 0x89, 0xee, 0xad, 0x20, 0x8f, 0x61, 0xa4,
-    0x07, 0x1c, 0x54, 0x98, 0x8c, 0xf4, 0x2e, 0xd9,
-    0xe6, 0x0f, 0xcb, 0x0e, 0xab, 0xa1, 0x37, 0x4d,
-    0xc0, 0x48, 0x24, 0x78, 0xd6, 0x2d, 0x9b, 0x6f,
-    0x0f, 0x17, 0x08, 0x71, 0xc3, 0xd1, 0xc8, 0x7a,
-    0xe7, 0x32, 0xcb, 0xcd, 0xd6, 0xb5, 0x90, 0x08,
-    0xe1, 0xda, 0xaa, 0x89, 0x3e, 0x4a, 0x62, 0x98,
-    0x3d, 0xc6, 0x71, 0x30, 0xb4, 0x63, 0xa5, 0x3b,
-    0xb3, 0x69, 0x75, 0x10, 0xaf, 0x5e, 0x72, 0x78,
-    0xa2, 0xef, 0x63, 0x63, 0x21, 0xe7, 0xf4, 0xa7,
-    0x9c, 0x50, 0x74, 0x14, 0x3e, 0xdd, 0x73, 0x9e,
-    0x97, 0x65, 0xdd, 0xdf, 0x3c, 0x40, 0x4d, 0x03,
-    0x49, 0xe4, 0xbf, 0x65, 0xe7, 0x44, 0x8f, 0x59,
-    0x00, 0xe2, 0x98, 0xb5, 0x66, 0xa3, 0x3b, 0x11,
-    0x9f, 0xc7, 0xc2, 0x16, 0x61, 0xf0, 0x1e, 0x89,
-    0xc8, 0x96, 0x8d, 0x18, 0xac, 0x86, 0xa0, 0xe2,
-    0xd9, 0x8c, 0xef, 0x53, 0x6d, 0x4e, 0x74, 0xc9,
-    0x66, 0x28, 0x16, 0xf3, 0x62, 0xc4, 0x6f, 0x2b,
-    0x6e, 0x36, 0x03, 0xad, 0xc5, 0xe4, 0x8f, 0x0b,
-    0x90, 0x8c, 0x8f, 0xff, 0x5d, 0xdf, 0x7a, 0xe6,
-    0xaf, 0x9a, 0x43, 0xbc, 0xd4, 0x73, 0x22, 0xdc,
-    0x5f, 0x08, 0xa1, 0x17, 0x97, 0x89, 0x79, 0xf5,
-    0xdc, 0xed, 0x4f, 0x85, 0x8e, 0x0c, 0x23, 0x35,
-    0x3c, 0x34, 0x19, 0x65, 0xf5, 0xd6, 0xc9, 0x2d,
-    0x7a, 0x2e, 0x67, 0xd5, 0xf1, 0x82, 0x97, 0xaa,
-    0x05, 0x26, 0x84, 0x25, 0x47, 0x58, 0x2c, 0xe6,
-    0x59, 0xc7, 0x98, 0x7a, 0xdb, 0x40, 0x45, 0x1c,
-    0x71, 0x55, 0x2e, 0xea, 0x3f, 0x6e, 0x7c, 0x82,
-    0x52, 0x6a, 0x19, 0x3a, 0xd3, 0xa1, 0x3c, 0xce,
-    0x00, 0x06, 0xec, 0xed, 0x97, 0xce, 0xd8, 0xdf,
-    0xde, 0xa3, 0xed, 0xe7, 0x81, 0x62, 0x02, 0x9c,
-    0x1b, 0x51, 0xa1, 0xf4, 0x9d, 0x1b, 0x28, 0x76,
-    0x93, 0x96, 0x20, 0x55, 0x60, 0x1f, 0xaf, 0x52,
-    0xc3, 0xce, 0xb9, 0x12, 0x66, 0xf5, 0x64, 0x22,
-    0x87, 0x86, 0x29, 0x80, 0x8f, 0x18, 0x33, 0xba,
-    0x48, 0x71, 0x1d, 0x00, 0xfe, 0xa5, 0xfc, 0xc6,
-    0x87, 0xbe, 0x44, 0x3c, 0xc9, 0x49, 0xfb, 0x68,
-    0x3c, 0xdf, 0xca, 0xef, 0xa7, 0xdc, 0x67, 0xb8,
-    0x28, 0xd6, 0xad, 0x18, 0xaf, 0xad, 0x1f, 0x4c,
-    0x85, 0xa3, 0x64, 0xac, 0x3f, 0xa9, 0x39, 0x28,
-    0xef, 0x8a, 0x45, 0x7e, 0xb0, 0xf4, 0x89, 0x72,
-    0xf7, 0xb1, 0xef, 0x9d, 0x1c, 0x3c, 0x93, 0xcb,
-    0xa0, 0xfb, 0x2a, 0x90, 0xe2, 0x1d, 0x49, 0x8e,
-    0x36, 0xb8, 0x07, 0xf4, 0xb3, 0x09, 0xf0, 0x6f,
-    0x3c, 0xd9, 0x37, 0x19, 0x57, 0xd4, 0x1e, 0x2a,
-    0xa2, 0xa7, 0x2e, 0xc1, 0xcd, 0x8d, 0x48, 0x47,
-    0xb5, 0x8a, 0x12, 0x93, 0x34, 0xb8, 0xec, 0x32,
-    0x07, 0x49, 0xb6, 0x8d, 0x73, 0xd4, 0x2c, 0x6a,
-    0xa0, 0x33, 0x29, 0x21, 0x5d, 0x37, 0xa9, 0x39,
-    0x40, 0xbe, 0x71, 0x29, 0xbe, 0xd1, 0x4b, 0xbc,
-    0x9a, 0x17, 0x93, 0x52, 0xb8, 0x81, 0xee, 0xc5,
-    0xff, 0x25, 0x78, 0x2f, 0x52, 0x0a, 0x8f, 0xb2,
-    0xef, 0xf3, 0x1d, 0x68, 0x56, 0x31, 0x29, 0x84,
-    0x55, 0x47, 0x32, 0x34, 0x0f, 0x60, 0x07, 0xd6,
-    0x2b, 0xb9, 0x29, 0xaf, 0x0f, 0xcd, 0x1c, 0xc0,
-    0x77, 0x4c, 0xc6, 0x31, 0xdb, 0xf4, 0x17, 0xbe,
-    0x3d, 0xf8, 0x8c, 0xf1, 0x02, 0x7c, 0x6b, 0xd4,
-    0xaf, 0x03, 0xb2, 0xf4, 0x78, 0x8d, 0xd3, 0x4e,
-    0x5c, 0x04, 0xb9, 0x01, 0xe3, 0x73, 0xb4, 0x67,
-    0xe9, 0xa8, 0x77, 0x6f, 0x87, 0x2b, 0xe2, 0x00,
-    0x98, 0x5f, 0x02, 0x43, 0x85, 0x03, 0x4c, 0x71,
-    0xd2, 0xe7, 0x61, 0x03, 0x22, 0x9e, 0xe5, 0xc2,
-    0xa7, 0x66, 0x42, 0x7c, 0x9f, 0xf4, 0xb8, 0x6b,
-    0x2d, 0xe4, 0xaa, 0x51, 0xda, 0x08, 0x73, 0x75,
-    0x26, 0x45, 0xdc, 0xa6, 0x20, 0xd7, 0xcb, 0x00,
-    0xfc, 0xe4, 0xdb, 0x28, 0x92, 0xf8, 0xb0, 0xc7,
-    0xf0, 0x4b, 0x6d, 0xe8, 0xc1, 0x84, 0x38, 0xed,
-    0x1a, 0xd4, 0x66, 0x69, 0xc4, 0x96, 0x40, 0xc4,
-    0x7d, 0xfa, 0x58, 0x70, 0x7e, 0x70, 0x40, 0xba,
-    0xfc, 0x95, 0xb6, 0x4c, 0x7c, 0x58, 0xbc, 0xb3,
-    0x59, 0x08, 0x14, 0x03, 0x35, 0xf3, 0xf1, 0xaa,
-    0xd5, 0xa2, 0x57, 0x70, 0xb6, 0x20, 0x75, 0x0a,
-    0x58, 0x66, 0x74, 0xf7, 0x1c, 0xfd, 0x99, 0x7c,
-    0x20, 0xda, 0xe7, 0x76, 0xcb, 0xf4, 0xa3, 0x9b,
-    0xbc, 0x8f, 0x74, 0xef, 0xe2, 0x46, 0x5a, 0x72,
-    0x33, 0x06, 0x32, 0x1e, 0xbd, 0x4e, 0x4c, 0xf6,
-    0x16, 0x43, 0xa5, 0xa5, 0xa5, 0x6c, 0x76, 0x33,
-    0x35, 0x63, 0xdc, 0xe4, 0xec, 0x7f, 0x8a, 0xfa,
-    0xc3, 0x53, 0x69, 0x28, 0xf7, 0xd6, 0x97, 0xb9,
-    0x3a, 0xf4, 0x15, 0x90, 0x50, 0xd3, 0xdf, 0xf5,
-    0xd3, 0xcf, 0x15, 0x76, 0xe3, 0x3d, 0x24, 0x14,
-    0xfd, 0xd3, 0x01, 0x25, 0x82, 0xb4, 0xe3, 0xd8,
-    0x68, 0x89, 0x86, 0xa8, 0x26, 0x02, 0x5f, 0xc6,
-    0xf4, 0x99, 0x3b, 0x97, 0xa8, 0x65, 0xed, 0x18,
-    0xbb, 0x3c, 0x43, 0x4a, 0x6e, 0xaa, 0xbc, 0x83,
-    0x85, 0x19, 0x9f, 0x9b, 0xb8, 0xa4, 0xa3, 0xb2,
-    0xb7, 0x56, 0x07, 0x6c, 0xbf, 0x7d, 0xff, 0x5d,
-    0xb5, 0x1e, 0x83, 0xc8, 0x74, 0x70, 0x98, 0x17,
-    0x40, 0xe0, 0x2d, 0xad, 0x31, 0x00, 0x8e, 0x42,
-    0xd5, 0xb2, 0x25, 0xaa, 0x82, 0xaf, 0x33, 0xd8,
-    0x5b, 0xe2, 0x07, 0xed, 0xda, 0x84, 0xe9, 0xa2,
-    0xff, 0xbb, 0xa5, 0x47, 0x95, 0x6e, 0xa1, 0x8d,
-    0x59, 0x52, 0xeb, 0xf3, 0x3c, 0x18, 0x29, 0x92,
-    0x72, 0x27, 0x18, 0xfc, 0x95, 0xb9, 0xde, 0x46,
-    0xda, 0xcc, 0x4c, 0x31, 0x1d, 0x78, 0x86, 0xd2,
-    0x8c, 0x38, 0x9c, 0x32, 0xab, 0xf7, 0xca, 0x73,
-    0x85, 0xa5, 0xf1, 0xe0, 0x25, 0x06, 0xf9, 0x18,
-    0x14, 0xab, 0x3b, 0x73, 0x26, 0xee, 0xa0, 0xfd,
-    0x15, 0xac, 0xd6, 0x4e, 0x6b, 0xdb, 0x01, 0xa1,
-    0xdc, 0xd1, 0x2f, 0xd2, 0xb7, 0x5e, 0x12, 0x4f,
-    0x4b, 0x59, 0xd8, 0x03, 0x12, 0x60, 0xc9, 0x81,
-    0xb7, 0x06, 0x23, 0x09, 0xc4, 0xd9, 0xa8, 0x93,
-    0x6e, 0x96, 0xf4, 0x93, 0x53, 0xf0, 0x3d, 0xde,
-    0x10, 0x88, 0xb1, 0xd0, 0xcc, 0xad, 0x2c, 0xbf,
-    0x88, 0x98, 0x8f, 0x25, 0x76, 0xd7, 0x65, 0x77,
-    0xcc, 0x36, 0x1d, 0x1b, 0x6b, 0x60, 0x58, 0xc4,
-    0xfe, 0xe6, 0xca, 0xa8, 0x29, 0x33, 0x69, 0x36,
-    0xb8, 0x12, 0x95, 0x38, 0xd9, 0xd4, 0x16, 0xe9,
-    0x3e, 0x40, 0x8c, 0xc7, 0xae, 0x04, 0x11, 0xdf,
-    0x51, 0xd3, 0xdd, 0xbf, 0xa9, 0x41, 0x43, 0x4c,
-    0xff, 0x87, 0x2f, 0xea, 0x0f, 0x13, 0x66, 0x2a,
-    0x2b, 0x18, 0xe8, 0xc4, 0xff, 0xa0, 0x1c, 0x78,
-    0x79, 0x21, 0xf8, 0xaa, 0x8a, 0xf8, 0x92, 0xdf,
-    0x7b, 0x5f, 0x6a, 0x71, 0x60, 0x67, 0x5d, 0x94,
-    0xf6, 0xbb, 0x1d, 0x90, 0x7c, 0x51, 0x70, 0x1d,
-    0x87, 0xde, 0xf8, 0x91, 0xcb, 0x42, 0x9f, 0xc7,
-    0x4b, 0xa0, 0x16, 0xee, 0xb4, 0x73, 0xe8, 0xe0,
-    0x0b, 0xa5, 0xd3, 0x26, 0x9e, 0x52, 0xda, 0x4a,
-    0x1f, 0xae, 0x76, 0xbf, 0xbb, 0x4d, 0x74, 0x98,
-    0xa6, 0xae, 0xc0, 0x60, 0x96, 0xc5, 0xad, 0x9b,
-    0x91, 0x31, 0xb9, 0x50, 0x3d, 0x9a, 0x0f, 0xe1,
-    0x93, 0xef, 0x08, 0x72, 0xb2, 0x66, 0xe5, 0x5d,
-    0xe4, 0x15, 0x53, 0x8e, 0xb0, 0xb3, 0xf8, 0x78,
-    0xfc, 0x5d, 0x44, 0xc5, 0xbf, 0xf5, 0x01, 0x54,
-    0xc5, 0x45, 0xa9, 0x30, 0xa4, 0xf1, 0x49, 0x79,
-    0x4e, 0xab, 0xfc, 0xb2, 0x93, 0xe7, 0x3a, 0xe1,
-    0x7f, 0x1f, 0x2f, 0x45, 0x3a, 0x53, 0x2b, 0x68,
-    0xb3, 0xa4, 0xac, 0x23, 0x54, 0xb7, 0x5d, 0x25,
-    0xa3, 0xe3, 0x90, 0x8a, 0xb0, 0x02, 0xfb, 0x7f,
-    0x2d, 0xeb, 0x80, 0xc2, 0x5c, 0x62, 0xe1, 0x36,
-    0x5a, 0x82, 0x8f, 0x4e, 0x74, 0xeb, 0x7d, 0x70,
-    0xaf, 0x23, 0x92, 0x65, 0x3a, 0x11, 0xc0, 0x29,
-    0xdb, 0xf7, 0x9a, 0xdc, 0x81, 0x45, 0x25, 0x0c,
-    0x2e, 0x4f, 0x88, 0x41, 0x34, 0x53, 0xc6, 0x08,
-    0x21, 0x77, 0xc1, 0xbb, 0x61, 0x48, 0x20, 0x69,
-    0x1a, 0xbb, 0x71, 0x1b, 0x56, 0x18, 0x79, 0x75,
-    0x16, 0x9a, 0xb3, 0x79, 0x31, 0x11, 0xa2, 0x89,
-    0x8d, 0xea, 0x10, 0xb0, 0x04, 0x7f, 0xf8, 0x6e,
-    0xdc, 0x08, 0x9b, 0x51, 0xa7, 0x64, 0xbd, 0x8d,
-    0xd4, 0xd0, 0x1e, 0x38, 0x50, 0x1a, 0xa8, 0x7e,
-    0x20, 0xae, 0xee, 0x8c, 0xa7, 0x72, 0x94, 0xc9,
-    0xba, 0xf0, 0x67, 0xbd, 0x25, 0x1a, 0x3a, 0xdf,
-    0x75, 0x39, 0xb7, 0xd3, 0x83, 0x3b, 0x89, 0xdf,
-    0xb5, 0x2d, 0xd3, 0x12, 0x24, 0x21, 0x7c, 0x9e,
-    0x92, 0x1c, 0x19, 0xae, 0x28, 0xcb, 0x2e, 0x2e,
-    0x3c, 0xa9, 0x9b, 0xbd, 0xf9, 0x33, 0x30, 0xb2,
-    0xbd, 0x8b, 0xbf, 0xc1, 0x8b, 0x32, 0xf1, 0x20,
-    0xa1, 0x00, 0xfd, 0x11, 0x7d, 0x9a, 0xa8, 0x14,
-    0x2c, 0xce, 0x16, 0x16, 0x4b, 0xdd, 0x56, 0x91,
-    0x15, 0x36, 0x83, 0xcb, 0x01, 0x58, 0x35, 0xe1,
-    0xdc, 0x22, 0x3d, 0xf8, 0xc2, 0x06, 0x54, 0x68,
-    0x77, 0xd1, 0x47, 0x28, 0xdc, 0x09, 0x2a, 0x86,
-    0x13, 0x80, 0xa6, 0xe9, 0xd0, 0xb4, 0xa3, 0x41,
-    0x47, 0xf4, 0x71, 0x24, 0x10, 0x4c, 0x9f, 0xb7,
-    0x57, 0x34, 0x48, 0x1b, 0xb4, 0xed, 0x0e, 0x89,
-    0x4c, 0xf1, 0x73, 0x44, 0xff, 0x35, 0xb6, 0xe0,
-    0x8f, 0x02, 0xa3, 0xa3, 0x81, 0x55, 0x38, 0xb5,
-    0xc1, 0x99, 0xb3, 0x88, 0x84, 0x0d, 0xd9, 0x73,
-    0x77, 0x65, 0x0b, 0xd7, 0xf8, 0x03, 0x88, 0xcb,
-    0xdf, 0x25, 0xaf, 0xc6, 0xf1, 0xfa, 0x5c, 0x4d,
-    0xfa, 0xc3, 0x7b, 0x8f, 0xb8, 0x38, 0x5d, 0x29,
-    0xbb, 0x3d, 0x3e, 0x62, 0x1c, 0xdd, 0xe6, 0x97,
-    0xe6, 0xe9, 0xbe, 0x6e, 0xd2, 0xb7, 0x7a, 0x9a,
-    0x8e, 0xaf, 0xb3, 0xc8, 0x9e, 0x19, 0xee, 0x3d,
-    0x5b, 0x1f, 0xec, 0x34, 0x3a, 0x1c, 0x27, 0x90,
-    0xbd, 0x1e, 0x49, 0x72, 0x25, 0x2e, 0x38, 0x48,
-    0x7d, 0xe1, 0x85, 0x46, 0xa7, 0x1b, 0x4a, 0xd5,
-    0x23, 0x75, 0x6d, 0x8b, 0xc3, 0xf1, 0x87, 0xec,
-    0x8b, 0x45, 0xf0, 0x9b, 0xb2, 0x14, 0x7a, 0x7c,
-    0x8d, 0x78, 0x9c, 0x82, 0x64, 0x14, 0xfe, 0x01,
-    0xfa, 0x04, 0x33, 0x96, 0xdd, 0x5f, 0x56, 0xbc,
-    0xb2, 0x03, 0xe3, 0x0c, 0xa1, 0x09, 0x66, 0xa0,
-    0x5e, 0x44, 0xde, 0x21, 0xae, 0x7d, 0x7a, 0x0e,
-    0x81, 0x27, 0xd2, 0xfb, 0x85, 0xed, 0x27, 0x27,
-    0xac, 0x11, 0x1c, 0xa1, 0x6d, 0xe9, 0xc1, 0xca,
-    0xf6, 0x40, 0x7c, 0x95, 0x01, 0xb7, 0xa8, 0x29,
-    0x9a, 0xd2, 0xcc, 0x62, 0x70, 0x1c, 0x7d, 0x0e,
-    0xe5, 0x60, 0xcb, 0x79, 0xa3, 0xd7, 0x5d, 0x48,
-    0x4b, 0x3c, 0xf8, 0x12, 0xe8, 0x7a, 0x7e, 0x83,
-    0xab, 0x24, 0x33, 0x0f, 0x7b, 0x0a, 0x38, 0xae,
-    0xb1, 0xfc, 0xc3, 0x50, 0x5c, 0x83, 0x53, 0xfd,
-    0x15, 0xd6, 0x49, 0x54, 0xb6, 0x40, 0xe5, 0xe8,
-    0x55, 0xba, 0x08, 0x2f, 0x21, 0xd7, 0x0e, 0x71,
-    0x8a, 0xb2, 0xe1, 0x6b, 0xc6, 0x7e, 0x0f, 0x1c,
-    0x4d, 0x41, 0x9f, 0x38, 0xc2, 0xce, 0x41, 0x41,
-    0x48, 0xcd, 0xec, 0x16, 0x1d, 0x23, 0x8e, 0x41,
-    0xcd, 0x5e, 0xf9, 0x5f, 0x01, 0x5e, 0x73, 0xa2,
-    0xa1, 0xef, 0xe9, 0x57, 0xe0, 0xba, 0xe6, 0xbb,
-    0x2b, 0xff, 0x3e, 0xb8, 0xad, 0xd5, 0x12, 0xc1,
-    0x54, 0x49, 0xca, 0x93, 0xb0, 0x7d, 0x7b, 0xcf,
-    0xf0, 0xc5, 0x94, 0x43, 0x30, 0x94, 0x11, 0x8d,
-    0x15, 0x79, 0x2e, 0x57, 0xb8, 0x24, 0xcd, 0x2e,
-    0xc2, 0x49, 0x3d, 0x92, 0x44, 0x23, 0x0c, 0x3e,
-    0xa0, 0xf9, 0xa5, 0xad, 0x2a, 0x56, 0xec, 0xf4,
-    0x6d, 0x0f, 0x5b, 0xb5, 0xd4, 0x2a, 0x3f, 0x2b,
-    0x17, 0x9f, 0x5d, 0x33, 0x97, 0x42, 0xd4, 0x1e,
-    0x14, 0x49, 0x01, 0xfb, 0xb6, 0x72, 0xbc, 0x14,
-    0x5b, 0x79, 0xf4, 0x0a, 0xc5, 0x49, 0xe1, 0x76,
-    0x44, 0x78, 0x87, 0xd1, 0x8e, 0x5b, 0xd5, 0x95,
-    0xad, 0x19, 0x7c, 0x0d, 0x39, 0x7f, 0x41, 0x2e,
-    0xd7, 0x9e, 0xbc, 0xfd, 0x2c, 0xde, 0xfa, 0x01,
-    0x7d, 0x2b, 0x04, 0xef, 0x4d, 0xf9, 0xf4, 0x5b,
-    0xed, 0x05, 0x9a, 0x50, 0x35, 0xe7, 0xb0, 0xba,
-    0x24, 0xea, 0x16, 0x51, 0xe1, 0x6f, 0x32, 0x08,
-    0x94, 0xd6, 0x19, 0x9d, 0x0e, 0x4c, 0xc1, 0xbb,
-    0x01, 0x87, 0xa5, 0x90, 0x5f, 0x6f, 0xc4, 0xed,
-    0xa1, 0x4c, 0x06, 0x4d, 0x2c, 0x47, 0x24, 0xda,
-    0xae, 0xd2, 0x41, 0x92, 0x1f, 0x46, 0xce, 0xec,
-    0xb1, 0xcc, 0x80, 0x1e, 0xb2, 0xcb, 0x66, 0x48,
-    0x22, 0xec, 0x0e, 0x47, 0xfc, 0xad, 0x17, 0xfe,
-    0x7b, 0xc5, 0x4d, 0x34, 0x95, 0x40, 0xd0, 0x02,
-    0x7e, 0x90, 0xaa, 0x92, 0xaf, 0x48, 0x64, 0xc5,
-    0xc1, 0x56, 0xd8, 0x9b, 0x6c, 0x5f, 0x2e, 0xfa,
-    0xd7, 0x84, 0xdc, 0x71, 0x65, 0x1b, 0xfb, 0xbc,
-    0x21, 0xc7, 0x57, 0xf4, 0x71, 0x2e, 0x6f, 0x34,
-    0x85, 0x99, 0xa8, 0x5c, 0x6f, 0x34, 0x22, 0x44,
-    0x89, 0x01, 0xf9, 0x48, 0xd2, 0xe2, 0xe4, 0x71,
-    0x9d, 0x48, 0x07, 0x97, 0xd4, 0x66, 0xe4, 0x4d,
-    0x48, 0xa3, 0x08, 0x7f, 0x6e, 0xaa, 0x7b, 0xe9,
-    0x93, 0x81, 0x03, 0x0c, 0xd2, 0x48, 0xcf, 0x3f,
-    0x5f, 0xbe, 0x03, 0xfb, 0x0f, 0xad, 0xc3, 0x81,
-    0xd9, 0xce, 0x88, 0x0b, 0xfa, 0xed, 0x29, 0x7e,
-    0x0b, 0xa1, 0x6f, 0x4c, 0x7d, 0xe4, 0x36, 0xff,
-    0xdf, 0x94, 0x1a, 0x24, 0xb3, 0x7b, 0xca, 0x24,
-    0x7e, 0x3a, 0x19, 0x53, 0x13, 0x4a, 0x17, 0x58,
-    0xe7, 0x16, 0x9b, 0x50, 0xd8, 0xda, 0xcc, 0x6e,
-    0x05, 0x25, 0xfe, 0x16, 0xcb, 0x5b, 0xd5, 0x35,
-    0x76, 0x40, 0x44, 0x96, 0x23, 0x97, 0xe2, 0x4a,
-    0x72, 0x0c, 0x54, 0x43, 0xc0, 0x09, 0x85, 0x8e,
-    0x15, 0x85, 0xaf, 0x3c, 0x5e, 0x5f, 0x3c, 0x2d,
-    0x21, 0x42, 0x75, 0xb7, 0xe4, 0x50, 0xf9, 0x00,
-    0xa3, 0x4f, 0xb1, 0x7c, 0xfe, 0x62, 0xd0, 0xe9,
-    0x6d, 0x51, 0xcc, 0x83, 0xc1, 0xdc, 0x37, 0x10,
-    0x90, 0x0a, 0x15, 0xd8, 0xd5, 0x02, 0xf7, 0x74,
-    0xb8, 0x46, 0x84, 0xc3, 0x61, 0x17, 0x26, 0x0f,
-    0xe4, 0xde, 0x1a, 0xcf, 0x42, 0x53, 0x63, 0x2f,
-    0x8d, 0xf7, 0x06, 0x07, 0xc3, 0x33, 0x39, 0x59,
-    0xe9, 0x17, 0xc8, 0x05, 0xd2, 0xa2, 0xae, 0x53,
-    0x2c, 0x7e, 0xd0, 0x9d, 0x5c, 0xb5, 0x42, 0x9f,
-    0x84, 0xd7, 0xfe, 0x93, 0x74, 0xfb, 0xbb, 0xd2,
-    0x1e, 0x57, 0x4e, 0x7f, 0x79, 0xaf, 0xd2, 0xf9,
-    0x5e, 0x41, 0x9e, 0x63, 0x54, 0x61, 0x47, 0x0c,
-    0x92, 0x4c, 0xc9, 0xfe, 0x4f, 0xcb, 0xe5, 0x8e,
-    0x65, 0xb3, 0x97, 0x1b, 0xd8, 0xd1, 0x62, 0xfd
-#else
-    0x30, 0x82, 0x0a, 0x34, 0x30, 0x0d, 0x06, 0x0b,
-    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
-    0x0c, 0x08, 0x07, 0x03, 0x82, 0x0a, 0x21, 0x00,
-    0x7f, 0x5f, 0x63, 0x81, 0x6f, 0x04, 0x4c, 0xec,
-    0xa8, 0xaf, 0x7b, 0x99, 0x41, 0xc6, 0xff, 0xdf,
-    0x77, 0x66, 0x28, 0xc0, 0xe2, 0x58, 0xea, 0x9c,
-    0x60, 0xbb, 0x03, 0x3e, 0xca, 0xa8, 0x38, 0x64,
-    0xfb, 0xf7, 0x1b, 0x3f, 0xec, 0xfd, 0x0f, 0xf1,
-    0x9c, 0xe4, 0xfd, 0xad, 0x83, 0xf7, 0x03, 0x66,
-    0x6e, 0x7f, 0x4d, 0x42, 0xab, 0x6b, 0x73, 0x26,
-    0xde, 0x6f, 0x8c, 0xc4, 0xca, 0x21, 0x66, 0x31,
-    0x79, 0x57, 0x88, 0xcb, 0x1e, 0xab, 0xda, 0x1d,
-    0x56, 0x70, 0xd9, 0x83, 0xa1, 0xb4, 0x83, 0xce,
-    0xcc, 0x0f, 0xeb, 0xd6, 0x63, 0xbd, 0xf6, 0x02,
-    0x5d, 0x5b, 0x0c, 0x17, 0x3c, 0x3e, 0x15, 0x02,
-    0x22, 0xa1, 0x5d, 0xb5, 0xc5, 0x81, 0x28, 0x95,
-    0x0b, 0x34, 0x2b, 0x96, 0x0a, 0xae, 0x6a, 0xa8,
-    0xb5, 0x1d, 0x56, 0xbb, 0x7d, 0x83, 0x9a, 0x15,
-    0xad, 0x63, 0x9e, 0x86, 0x8c, 0x6e, 0x6a, 0xa8,
-    0xde, 0x55, 0xd0, 0xce, 0xc0, 0x2e, 0x05, 0xfe,
-    0x1f, 0x4d, 0xd7, 0x12, 0xa4, 0x5a, 0xe9, 0x04,
-    0x0d, 0x20, 0x84, 0x90, 0xb9, 0xca, 0x64, 0xe4,
-    0xad, 0x2e, 0x74, 0x4b, 0x1d, 0x2f, 0xcc, 0xac,
-    0xd8, 0x1a, 0x5e, 0xb2, 0x78, 0xbe, 0x61, 0xf7,
-    0x36, 0xa3, 0xd1, 0x93, 0x86, 0xb5, 0x15, 0xf1,
-    0x74, 0xf8, 0x9f, 0x6d, 0x6a, 0x8f, 0x6d, 0x86,
-    0x8b, 0x36, 0x61, 0x10, 0xc9, 0x1a, 0x31, 0x39,
-    0x09, 0xe6, 0x15, 0xa0, 0xb1, 0xfa, 0x69, 0xd4,
-    0xc2, 0xb2, 0x56, 0x4c, 0x06, 0x33, 0x13, 0xc4,
-    0x78, 0x53, 0x16, 0xfc, 0x52, 0x99, 0xe6, 0x27,
-    0xc9, 0x3b, 0x24, 0x5c, 0x3e, 0x85, 0x73, 0x76,
-    0x61, 0xa3, 0x61, 0xf0, 0x95, 0xd5, 0xb2, 0xf5,
-    0x21, 0xe7, 0x09, 0xc3, 0x0c, 0x5c, 0xb0, 0x36,
-    0xce, 0x45, 0x68, 0x41, 0x45, 0xcb, 0x1c, 0x36,
-    0x2f, 0x3a, 0x00, 0x07, 0x56, 0xbe, 0x61, 0xd2,
-    0x77, 0x37, 0x63, 0xa4, 0xdb, 0xfa, 0xa9, 0x6b,
-    0x37, 0x90, 0x35, 0xd1, 0x1e, 0x27, 0x5b, 0x3e,
-    0xc0, 0x0a, 0x02, 0x64, 0xe4, 0x58, 0x49, 0xab,
-    0x2d, 0xc1, 0x38, 0x29, 0x3d, 0x44, 0xf9, 0xac,
-    0xb7, 0x65, 0xd1, 0x5f, 0xf8, 0xce, 0x52, 0x76,
-    0x22, 0x15, 0x61, 0x02, 0x1f, 0xa7, 0xcd, 0xff,
-    0xeb, 0xa6, 0x7f, 0x6b, 0xba, 0x75, 0xe3, 0x09,
-    0x01, 0x06, 0x41, 0x20, 0x88, 0x75, 0x64, 0x6b,
-    0x97, 0x38, 0x13, 0xab, 0x4c, 0x0a, 0xd4, 0x7e,
-    0xd2, 0xfa, 0x78, 0xe8, 0x9f, 0x5d, 0xf9, 0x53,
-    0x30, 0x17, 0xf1, 0x10, 0x9e, 0x4a, 0x32, 0x17,
-    0x3a, 0x9b, 0xb9, 0x25, 0x8e, 0xeb, 0xd9, 0x41,
-    0x01, 0xa2, 0xc6, 0x58, 0x4a, 0x9f, 0xc3, 0x73,
-    0xfd, 0xe2, 0xe4, 0x2c, 0x92, 0xb4, 0xa2, 0x3d,
-    0x0f, 0x1f, 0x37, 0x64, 0xf1, 0x17, 0x2a, 0x8c,
-    0xc6, 0xb5, 0xb0, 0x69, 0x7d, 0xfe, 0x08, 0xe0,
-    0x8e, 0xaa, 0xe0, 0x08, 0xd5, 0x28, 0x92, 0x51,
-    0x73, 0x8a, 0x2f, 0x7a, 0x4a, 0xbf, 0x52, 0x8d,
-    0x3e, 0x9b, 0x36, 0x6a, 0xfb, 0x19, 0xf0, 0xea,
-    0xfe, 0x05, 0xbd, 0x2d, 0xa9, 0x58, 0x48, 0x02,
-    0xa8, 0x20, 0x9e, 0xdc, 0x04, 0x57, 0xc2, 0x0c,
-    0xae, 0xc1, 0x03, 0xe7, 0x17, 0x48, 0x80, 0x00,
-    0x8d, 0x1b, 0xd0, 0xc5, 0xdc, 0x2a, 0x02, 0x6e,
-    0x8e, 0x54, 0xf3, 0x79, 0x31, 0x02, 0x93, 0xc5,
-    0xf2, 0x55, 0xea, 0x61, 0xd0, 0xb2, 0x8e, 0xc9,
-    0x74, 0x17, 0x0d, 0x38, 0xf8, 0xab, 0xf4, 0x42,
-    0xd4, 0xc2, 0xdc, 0xf7, 0x1b, 0xdb, 0x65, 0x36,
-    0x9f, 0x56, 0xe2, 0xeb, 0xf7, 0xe5, 0x2d, 0x45,
-    0xae, 0xc0, 0x95, 0xbc, 0xe4, 0x1f, 0x22, 0xdc,
-    0x0f, 0x54, 0xed, 0x14, 0xb8, 0xf1, 0x2f, 0x5d,
-    0xd1, 0x79, 0xa0, 0x81, 0x17, 0x71, 0xa1, 0xd6,
-    0xf0, 0x88, 0x9c, 0x1c, 0xc7, 0x95, 0x07, 0xb0,
-    0xea, 0xf7, 0xd3, 0xa2, 0x55, 0xfe, 0x85, 0x65,
-    0x42, 0x06, 0xec, 0xd2, 0xbe, 0x03, 0x8f, 0x63,
-    0x84, 0x4b, 0xb1, 0x47, 0x48, 0x20, 0x71, 0xd2,
-    0xdf, 0xc9, 0x59, 0xb0, 0x24, 0x8a, 0x6e, 0xf9,
-    0x4a, 0xa1, 0x7b, 0xed, 0x11, 0xb6, 0xf9, 0x9b,
-    0xf7, 0x93, 0x0e, 0xcb, 0x7a, 0x32, 0x22, 0x23,
-    0x4e, 0x86, 0xce, 0xad, 0x9d, 0x1b, 0x84, 0x57,
-    0xaf, 0xa5, 0x04, 0x03, 0x0a, 0xc9, 0x04, 0x97,
-    0xd0, 0xce, 0x8e, 0x2a, 0x9a, 0x00, 0x15, 0xeb,
-    0xac, 0x96, 0x57, 0xde, 0xe6, 0xc1, 0x2d, 0xbd,
-    0xfc, 0xd6, 0x95, 0x0f, 0x5f, 0x19, 0xac, 0xaf,
-    0x6c, 0xd8, 0xa6, 0x1e, 0xd8, 0xdb, 0x14, 0xfd,
-    0xba, 0x0f, 0xd0, 0x3f, 0x61, 0xe3, 0x76, 0xfc,
-    0x47, 0x61, 0x07, 0x24, 0x49, 0x17, 0xca, 0x24,
-    0x31, 0x16, 0x26, 0x4f, 0xdc, 0x2b, 0x39, 0xae,
-    0x5f, 0xfa, 0x4f, 0x82, 0xef, 0xe1, 0x41, 0x8c,
-    0x3e, 0x8e, 0xa7, 0x6c, 0xf2, 0x51, 0xf7, 0x85,
-    0x35, 0x6c, 0xad, 0xea, 0x32, 0x35, 0xf3, 0xc0,
-    0x14, 0x17, 0xe2, 0x98, 0x27, 0x36, 0x7e, 0x60,
-    0x2f, 0x01, 0x60, 0x3e, 0x18, 0xf4, 0x4e, 0xe0,
-    0xf5, 0x14, 0x21, 0x81, 0x05, 0x78, 0x1c, 0x5f,
-    0x4e, 0x89, 0xbb, 0x23, 0x60, 0xb1, 0x8f, 0x07,
-    0x53, 0x16, 0x6e, 0xfb, 0x86, 0x07, 0x90, 0xff,
-    0xa6, 0x27, 0x60, 0xe6, 0x3e, 0x92, 0x2a, 0x3c,
-    0xa3, 0x57, 0xec, 0x97, 0x23, 0xaf, 0xd2, 0x44,
-    0xac, 0x09, 0x87, 0xb0, 0x54, 0xe9, 0x5b, 0x50,
-    0x37, 0xfa, 0x12, 0xa4, 0xcb, 0x6f, 0xed, 0x9f,
-    0x29, 0x73, 0xa7, 0x09, 0x29, 0x91, 0x93, 0x5c,
-    0x54, 0xf4, 0x44, 0xc2, 0x04, 0x64, 0xfc, 0xd2,
-    0xf2, 0x0a, 0x0b, 0x45, 0x1f, 0xc5, 0x18, 0xf0,
-    0xff, 0x10, 0x1f, 0x3a, 0x97, 0xf8, 0xb1, 0x83,
-    0x0e, 0x08, 0xe2, 0x55, 0x75, 0x6a, 0x45, 0x96,
-    0xf8, 0x1b, 0xdc, 0xb6, 0x57, 0x83, 0x8c, 0x28,
-    0xc0, 0x4a, 0x57, 0xc6, 0xfb, 0x27, 0x3d, 0xfa,
-    0x5a, 0x0d, 0x69, 0x56, 0x23, 0x66, 0x02, 0x78,
-    0xca, 0xf1, 0xfa, 0xcb, 0xc1, 0xf6, 0x92, 0x1c,
-    0xa0, 0xe3, 0x09, 0x7d, 0x48, 0x5e, 0x86, 0xa0,
-    0x82, 0xa8, 0xf1, 0x1e, 0xe1, 0xfe, 0xc6, 0x9d,
-    0x4f, 0x2e, 0xf4, 0xfc, 0xc6, 0x48, 0x1d, 0xc1,
-    0x2a, 0x6a, 0xb7, 0xea, 0x46, 0x89, 0x04, 0xe9,
-    0xbd, 0xf1, 0xed, 0x16, 0x76, 0xd8, 0x4b, 0x42,
-    0xd5, 0x43, 0xa4, 0xfb, 0x02, 0x01, 0x54, 0x00,
-    0xaf, 0x55, 0x52, 0x27, 0xff, 0x00, 0xe2, 0xbb,
-    0x4a, 0xf2, 0x69, 0xb4, 0x4e, 0x6c, 0x6b, 0xa3,
-    0x96, 0x4f, 0xf4, 0x65, 0x90, 0x2d, 0xc8, 0x57,
-    0x1f, 0xb2, 0xf0, 0x86, 0x7b, 0x93, 0x09, 0x49,
-    0x31, 0xc4, 0xf4, 0x8f, 0xc8, 0x2d, 0xac, 0x1d,
-    0xfc, 0xba, 0xa4, 0xa5, 0x41, 0x90, 0x76, 0x7d,
-    0x9e, 0x47, 0xdc, 0x10, 0xe6, 0x0c, 0xf7, 0x0f,
-    0xa4, 0xba, 0x4f, 0xe2, 0x46, 0x38, 0x4c, 0x28,
-    0xa0, 0x57, 0xb5, 0x3c, 0xb3, 0x4b, 0x8f, 0x03,
-    0x04, 0xff, 0xf6, 0xec, 0x60, 0x90, 0x62, 0xfe,
-    0x74, 0x76, 0x48, 0xb3, 0xf4, 0x0a, 0x6a, 0x5a,
-    0x5b, 0xad, 0xc8, 0x54, 0x62, 0x11, 0x52, 0xd9,
-    0x84, 0x1a, 0x09, 0x4b, 0xca, 0x66, 0xaa, 0x3c,
-    0x36, 0x08, 0x9d, 0x58, 0xd0, 0x4a, 0x3a, 0x8b,
-    0x24, 0xe0, 0x80, 0x9f, 0xe3, 0x76, 0xb6, 0x07,
-    0xb1, 0xbc, 0x00, 0x98, 0xb0, 0xc1, 0xe0, 0xf6,
-    0x1f, 0x4d, 0xa8, 0xd1, 0x69, 0x44, 0x9c, 0x33,
-    0xb0, 0x0f, 0x9c, 0xc9, 0x0c, 0x8c, 0xbc, 0x03,
-    0x58, 0x81, 0x76, 0xab, 0x0d, 0xef, 0x25, 0x5a,
-    0xf6, 0xab, 0x3b, 0xf1, 0x1f, 0x97, 0x12, 0x8e,
-    0x7f, 0x28, 0x77, 0x26, 0x18, 0xc4, 0xc4, 0xda,
-    0x2c, 0x43, 0x57, 0xd2, 0x1f, 0x67, 0x95, 0x40,
-    0x2c, 0x94, 0x41, 0x69, 0x22, 0x8a, 0x24, 0xd9,
-    0xc7, 0xfc, 0xea, 0x49, 0x83, 0x8f, 0x5d, 0x2e,
-    0x9d, 0xac, 0x17, 0xb6, 0xe0, 0xc4, 0xe7, 0xe6,
-    0xd5, 0xc2, 0x73, 0xa1, 0x8f, 0x33, 0x14, 0x02,
-    0xae, 0x01, 0x9f, 0x6f, 0x40, 0x92, 0x4e, 0x03,
-    0xc2, 0xa9, 0xf1, 0x36, 0x78, 0xe4, 0xde, 0x39,
-    0x4d, 0x29, 0x2e, 0xc2, 0x00, 0x93, 0x79, 0xe4,
-    0xb2, 0x29, 0x4b, 0x81, 0x5c, 0x06, 0x06, 0xbc,
-    0xc1, 0x01, 0x1c, 0xa7, 0x08, 0xf7, 0x47, 0x1f,
-    0x52, 0x4f, 0xdf, 0x94, 0x1e, 0xe6, 0x89, 0xe6,
-    0x26, 0x71, 0x2e, 0xa2, 0xd2, 0xfe, 0x04, 0xf2,
-    0x12, 0x4c, 0x06, 0x78, 0x34, 0xc0, 0xb9, 0x76,
-    0x62, 0x3b, 0x72, 0x25, 0x8c, 0x0d, 0x73, 0x24,
-    0xcf, 0x4b, 0x4c, 0x47, 0x20, 0x9d, 0x04, 0x7f,
-    0x86, 0x2c, 0x45, 0xb8, 0xfe, 0xb2, 0xaa, 0x36,
-    0xf8, 0xe0, 0x24, 0x25, 0x05, 0x23, 0x12, 0x16,
-    0xbf, 0x64, 0x10, 0xdd, 0xe4, 0xc0, 0xb0, 0x85,
-    0xa7, 0xd3, 0xd1, 0x18, 0x1b, 0x81, 0x6b, 0x94,
-    0xfd, 0x07, 0x43, 0xdd, 0x12, 0x37, 0x78, 0x69,
-    0xec, 0x8c, 0xd0, 0x41, 0x2c, 0x42, 0x94, 0x3e,
-    0x9f, 0xe3, 0x49, 0xb3, 0xb8, 0x45, 0x0b, 0x1d,
-    0xc1, 0x9b, 0x4d, 0x21, 0x85, 0x62, 0xea, 0xd1,
-    0xc9, 0x12, 0x30, 0x8c, 0x4b, 0x63, 0xeb, 0x7d,
-    0x02, 0x52, 0x15, 0xa1, 0x95, 0x48, 0x9f, 0xc2,
-    0xce, 0xf3, 0x4b, 0xff, 0x5a, 0xb6, 0x8f, 0xce,
-    0xcd, 0x42, 0x21, 0x40, 0x82, 0xad, 0x08, 0x99,
-    0x4d, 0x24, 0x58, 0x25, 0xf3, 0x7e, 0x42, 0x86,
-    0x06, 0x33, 0x1f, 0x53, 0xbb, 0x07, 0x33, 0xca,
-    0xc0, 0x02, 0x18, 0x30, 0x3c, 0xc5, 0x67, 0x1c,
-    0x32, 0x3f, 0x2d, 0x58, 0x4c, 0x24, 0x6e, 0x60,
-    0x96, 0x1a, 0xf4, 0xd0, 0x55, 0xb8, 0x84, 0xf0,
-    0xb9, 0x83, 0xbf, 0x3d, 0x37, 0xe4, 0xa6, 0x06,
-    0x1c, 0xd1, 0xd7, 0x91, 0x24, 0xdc, 0x3f, 0xcc,
-    0x71, 0xf3, 0x0c, 0x90, 0x2c, 0x1d, 0x2f, 0x90,
-    0xc8, 0x3c, 0x6f, 0x2c, 0x5d, 0xad, 0x8c, 0xdf,
-    0xbb, 0x0d, 0x2a, 0x7f, 0x4a, 0x34, 0x5a, 0xd9,
-    0x83, 0xfd, 0x61, 0x36, 0xe0, 0x0a, 0xb3, 0xf6,
-    0x69, 0xb1, 0xaf, 0x81, 0x22, 0xd6, 0x9e, 0x9a,
-    0xf8, 0xa6, 0x24, 0x8e, 0x0c, 0xcb, 0x25, 0xc2,
-    0xfc, 0xc5, 0x94, 0xbd, 0x23, 0x9c, 0xa9, 0xbd,
-    0x76, 0x28, 0xa4, 0x55, 0x92, 0x7c, 0xe6, 0x76,
-    0xf7, 0x30, 0xf8, 0x7d, 0xdc, 0x0a, 0x93, 0x9e,
-    0x7c, 0x39, 0x0a, 0x70, 0xa0, 0xb2, 0x77, 0xe0,
-    0x7a, 0x89, 0x50, 0xce, 0x75, 0xca, 0x2f, 0xa4,
-    0x12, 0x0e, 0xcb, 0x75, 0x1f, 0x0a, 0x83, 0xe8,
-    0x14, 0x80, 0xa7, 0xb0, 0xe8, 0x11, 0xca, 0x12,
-    0x5e, 0xf7, 0x31, 0x65, 0xbd, 0x20, 0x3d, 0x8c,
-    0xa6, 0x89, 0x83, 0x68, 0x66, 0x03, 0x28, 0x49,
-    0x17, 0xc4, 0x3f, 0x43, 0x02, 0x9b, 0xf8, 0xed,
-    0xae, 0x8e, 0x68, 0xbc, 0x8e, 0x39, 0xe7, 0x15,
-    0x32, 0x45, 0x66, 0x2c, 0x1f, 0xce, 0x56, 0xc7,
-    0xc0, 0x15, 0x52, 0x19, 0x40, 0xcf, 0x87, 0x20,
-    0xcd, 0x3d, 0xec, 0x90, 0x8d, 0x04, 0x01, 0x31,
-    0x0b, 0x74, 0x80, 0x6e, 0x61, 0xa7, 0xf3, 0x4c,
-    0xb2, 0x16, 0x00, 0xd5, 0xdb, 0xcc, 0xbb, 0x2c,
-    0x9f, 0xb6, 0x02, 0x4a, 0xcf, 0x71, 0x06, 0xfd,
-    0x60, 0xe0, 0x00, 0xbe, 0x22, 0xba, 0x39, 0x36,
-    0xa8, 0x7e, 0xe5, 0xcb, 0xea, 0x87, 0xb1, 0xee,
-    0xa2, 0x6c, 0x85, 0x94, 0x18, 0x6c, 0xab, 0x9a,
-    0x93, 0xa7, 0xab, 0x4e, 0x3b, 0x85, 0xf3, 0xef,
-    0x8f, 0x15, 0x74, 0x21, 0x9f, 0x5d, 0x9c, 0x22,
-    0x32, 0x71, 0xb5, 0x4d, 0x7f, 0xaa, 0x85, 0xe0,
-    0x05, 0x2a, 0x53, 0xbb, 0x3c, 0xab, 0xc3, 0xd2,
-    0x73, 0x6e, 0x97, 0xa3, 0xfd, 0x05, 0x58, 0xaa,
-    0x49, 0xc8, 0x69, 0xa9, 0x0b, 0x73, 0xd4, 0xe9,
-    0x1d, 0x84, 0x60, 0x34, 0x2a, 0x09, 0xb3, 0x0f,
-    0x08, 0x13, 0x67, 0x77, 0xb3, 0x24, 0xdf, 0xad,
-    0xbf, 0x51, 0x71, 0x2b, 0xbe, 0x4f, 0x5d, 0xf4,
-    0xe7, 0x25, 0x4c, 0x24, 0xa2, 0x4a, 0x22, 0xec,
-    0xcc, 0x7c, 0x6c, 0x62, 0xee, 0x47, 0x12, 0x43,
-    0x88, 0xe4, 0x71, 0xaa, 0x63, 0xaa, 0x2b, 0xed,
-    0x70, 0xbf, 0x26, 0x37, 0xcc, 0xa4, 0xff, 0xe9,
-    0xb6, 0x65, 0x31, 0x4d, 0x0d, 0x32, 0xd6, 0x84,
-    0xb8, 0xab, 0x98, 0xa7, 0x10, 0x44, 0x77, 0xc7,
-    0x2a, 0x60, 0xf0, 0xf5, 0xd5, 0xd4, 0x3a, 0x73,
-    0x11, 0xa5, 0x1b, 0x18, 0x3c, 0x13, 0xfb, 0xda,
-    0x76, 0x9d, 0xeb, 0x3e, 0xb9, 0x7a, 0xce, 0x02,
-    0xa7, 0x5e, 0x25, 0x96, 0xd2, 0xbc, 0x85, 0x1a,
-    0xd1, 0xa4, 0xe2, 0x02, 0x15, 0x08, 0x49, 0x16,
-    0x7c, 0xaf, 0xc6, 0x38, 0x7b, 0x95, 0xf9, 0x37,
-    0xc0, 0x87, 0x73, 0x6f, 0x01, 0xcd, 0x2b, 0xf1,
-    0xe7, 0x6e, 0x47, 0x18, 0x30, 0xb8, 0x16, 0x87,
-    0x1d, 0x23, 0x62, 0x22, 0x85, 0x92, 0x69, 0x46,
-    0x9c, 0x65, 0xd8, 0xf1, 0x27, 0x32, 0xe4, 0x16,
-    0x7f, 0x9a, 0xba, 0x46, 0x61, 0x60, 0x34, 0xe5,
-    0xc0, 0x14, 0xb5, 0xde, 0x4d, 0xd1, 0x71, 0x39,
-    0x26, 0xdc, 0x0c, 0x0a, 0x53, 0x9e, 0x31, 0x10,
-    0x45, 0x7a, 0xf9, 0xc8, 0xfa, 0x1d, 0x69, 0x5e,
-    0x25, 0xc1, 0xe2, 0x00, 0xbf, 0x94, 0xa3, 0xa2,
-    0x97, 0xca, 0xb4, 0x6a, 0x89, 0x68, 0xdd, 0xed,
-    0x6b, 0x99, 0x5a, 0x87, 0x9e, 0xe9, 0x68, 0xe4,
-    0xf2, 0xc2, 0x7e, 0x37, 0x02, 0xdf, 0x96, 0x1a,
-    0x5b, 0xed, 0xa1, 0xe8, 0xdf, 0x3c, 0xf7, 0xd2,
-    0x25, 0xac, 0xf7, 0x4a, 0x7f, 0x10, 0x27, 0x2b,
-    0x02, 0xc7, 0x95, 0x10, 0x5a, 0xb5, 0xb0, 0xcd,
-    0xa9, 0xe1, 0x36, 0xe2, 0x1c, 0x87, 0x99, 0x0e,
-    0x0a, 0x44, 0xec, 0x97, 0x75, 0xa7, 0x03, 0x27,
-    0x38, 0x3b, 0x16, 0x30, 0x00, 0x98, 0xbe, 0x77,
-    0xfe, 0x3a, 0xac, 0x6f, 0x8f, 0x4d, 0xe1, 0xa9,
-    0x9c, 0xba, 0x39, 0x52, 0xe8, 0xf7, 0xe4, 0xe6,
-    0xf9, 0xe9, 0xb3, 0x57, 0x82, 0xb2, 0x23, 0xd6,
-    0xa5, 0x14, 0xc0, 0x78, 0xb4, 0xa0, 0xf9, 0x96,
-    0xe4, 0x03, 0xe8, 0x6c, 0x27, 0xd8, 0x37, 0x7c,
-    0x8f, 0xf4, 0x80, 0x09, 0x09, 0xc9, 0x32, 0x15,
-    0xe0, 0x3f, 0x37, 0xa7, 0x1a, 0x5f, 0x8c, 0xfb,
-    0xdd, 0xfe, 0x6b, 0x34, 0x28, 0x53, 0x03, 0x4b,
-    0x39, 0x91, 0xf2, 0x48, 0x4c, 0x2a, 0x45, 0xfe,
-    0x66, 0xf7, 0x23, 0x74, 0xb8, 0x30, 0x70, 0xb4,
-    0x0c, 0x2c, 0x65, 0xb1, 0x4e, 0x32, 0x0f, 0x50,
-    0xbb, 0x46, 0x9b, 0x03, 0x34, 0x38, 0xfb, 0xe4,
-    0x25, 0x37, 0x8d, 0x0f, 0xa1, 0x41, 0x50, 0x85,
-    0x92, 0x07, 0x71, 0xff, 0x3c, 0xe6, 0xd9, 0x1d,
-    0x55, 0xb7, 0x10, 0x9c, 0xea, 0x70, 0x5f, 0xa3,
-    0xba, 0x84, 0x99, 0x91, 0x30, 0x3d, 0x4c, 0x98,
-    0x0b, 0x1f, 0x1f, 0xcc, 0x17, 0x94, 0xdd, 0x78,
-    0x7d, 0x50, 0xe5, 0xf5, 0x21, 0x88, 0x5a, 0x52,
-    0x76, 0x5a, 0x97, 0xbe, 0xba, 0xa9, 0xfe, 0x82,
-    0x8a, 0xb5, 0x46, 0xcf, 0x9c, 0xbe, 0xe8, 0x2f,
-    0x01, 0x2f, 0x6a, 0x03, 0x8a, 0xfa, 0x4b, 0x0b,
-    0xdc, 0x78, 0x79, 0x9c, 0x49, 0xc4, 0x01, 0x26,
-    0x16, 0x58, 0xc6, 0xb8, 0xee, 0x6c, 0xc9, 0xa9,
-    0x38, 0x7c, 0xcf, 0xf3, 0xf8, 0xd0, 0x6b, 0x99,
-    0x43, 0x13, 0xe0, 0x43, 0x8e, 0xfb, 0xb2, 0xdb,
-    0x61, 0x67, 0xf4, 0xfc, 0x01, 0x21, 0xd9, 0xb1,
-    0x1e, 0x6c, 0x6f, 0x2a, 0x9a, 0x4b, 0x86, 0x3c,
-    0x62, 0x03, 0x53, 0x83, 0x11, 0x18, 0x1a, 0x59,
-    0x9e, 0x25, 0xfe, 0xdb, 0x85, 0xd0, 0xee, 0x7c,
-    0x97, 0x72, 0xca, 0xf3, 0x0d, 0xd4, 0x19, 0x66,
-    0x14, 0xaf, 0x46, 0x68, 0x75, 0xdb, 0x8f, 0x5f,
-    0x77, 0x7f, 0xfe, 0xa9, 0xe6, 0xa1, 0x9e, 0x46,
-    0x5e, 0x92, 0xda, 0xea, 0xdd, 0x89, 0x01, 0xd9,
-    0xab, 0x25, 0x7d, 0xb4, 0x64, 0x50, 0x8f, 0xa3,
-    0xbe, 0xe2, 0x03, 0xd5, 0xc6, 0x9c, 0xc2, 0xf8,
-    0xac, 0xa4, 0x36, 0xa9, 0x37, 0x10, 0x59, 0x00,
-    0x45, 0xbb, 0x55, 0x33, 0xb9, 0x6f, 0xbc, 0xa2,
-    0x02, 0x9e, 0xa3, 0x1d, 0xf4, 0x17, 0x78, 0x9b,
-    0xbc, 0x42, 0x4e, 0x21, 0xc3, 0xde, 0xb5, 0x70,
-    0x4a, 0x23, 0x1e, 0xd4, 0x36, 0x5d, 0x7a, 0x08,
-    0x37, 0x55, 0x98, 0x07, 0xa0, 0x16, 0xa3, 0x4e,
-    0xa1, 0x2b, 0x96, 0x8b, 0x51, 0x63, 0x48, 0xab,
-    0xc9, 0x19, 0x6f, 0x5f, 0x25, 0x9d, 0xe7, 0x25,
-    0x63, 0xf0, 0x8e, 0xdb, 0x06, 0x2d, 0x42, 0x31,
-    0xfd, 0x14, 0x2b, 0x7a, 0x31, 0x43, 0x04, 0xd5,
-    0xe2, 0x89, 0x2e, 0xa8, 0xe4, 0x6e, 0xd5, 0xa5,
-    0x21, 0x67, 0x9b, 0x92, 0x61, 0x79, 0xdd, 0xe5,
-    0x44, 0x43, 0x45, 0x57, 0x13, 0xec, 0x04, 0xc1,
-    0x41, 0xa3, 0x14, 0x70, 0x86, 0xda, 0x76, 0x5d,
-    0xe8, 0x61, 0xd2, 0xfb, 0x7b, 0xe4, 0x71, 0x46,
-    0xa3, 0x52, 0xbf, 0xf2, 0xa0, 0x3c, 0xc1, 0x90,
-    0x0c, 0x2e, 0xeb, 0xb3, 0x38, 0xae, 0x13, 0x27,
-    0x84, 0xe9, 0x7a, 0xd6, 0x02, 0x40, 0x84, 0xff,
-    0x87, 0x1f, 0x37, 0x44, 0xd8, 0x2e, 0x93, 0xf7,
-    0x0a, 0xff, 0x5b, 0x4d, 0x07, 0x82, 0xfd, 0x6e,
-    0x44, 0xcc, 0x19, 0xc3, 0x7d, 0x7c, 0x31, 0xf9,
-    0x0e, 0xa8, 0x1c, 0x0d, 0xcb, 0x8e, 0xe8, 0x33,
-    0xb2, 0xff, 0x9e, 0x1d, 0x99, 0x7c, 0x46, 0x5b,
-    0xc7, 0x28, 0xec, 0x01, 0x62, 0x82, 0xfe, 0x2a,
-    0x22, 0xa3, 0x86, 0x4e, 0x47, 0xe2, 0x57, 0xf1,
-    0xb4, 0x58, 0x94, 0x89, 0xe5, 0xf1, 0xcd, 0x4d,
-    0x90, 0xd1, 0xa4, 0x4c, 0x34, 0x5d, 0xde, 0xdc,
-    0x39, 0x63, 0x8b, 0x85, 0xfd, 0x02, 0x21, 0xf1,
-    0x12, 0xa3, 0x6d, 0x65, 0x0f, 0x8d, 0xe5, 0xcd,
-    0x70, 0xd5, 0x1d, 0xf8, 0x65, 0x99, 0xfb, 0xe8,
-    0xb5, 0x5a, 0x09, 0x39, 0x9e, 0x09, 0x45, 0x62,
-    0x22, 0x1d, 0xa2, 0x46, 0xbf, 0x75, 0x20, 0xd1,
-    0xe7, 0xb0, 0x06, 0x68, 0xc3, 0x50, 0x48, 0xfc,
-    0xf8, 0x5c, 0x67, 0x69, 0x68, 0x66, 0xb6, 0x81,
-    0x95, 0x91, 0x81, 0x3d, 0xf6, 0x34, 0xd9, 0x4b,
-    0x06, 0x35, 0x17, 0x59, 0x89, 0x18, 0x74, 0x32,
-    0x50, 0xcf, 0x81, 0x16, 0x8e, 0x53, 0x9d, 0x1c,
-    0xad, 0x2d, 0x8e, 0x16, 0x41, 0xda, 0xca, 0xab,
-    0x78, 0x0d, 0xc9, 0x49, 0x61, 0xaa, 0x18, 0xf4,
-    0x56, 0x48, 0x29, 0x8c, 0xe3, 0x9a, 0x7d, 0x58,
-    0xf8, 0x99, 0x72, 0xf1, 0x78, 0xa8, 0x5a, 0x97,
-    0xe3, 0x2a, 0xc6, 0xa9, 0x59, 0xde, 0xcc, 0x62,
-    0xfb, 0xab, 0xc5, 0x9a, 0x0b, 0xc7, 0x16, 0x8f,
-    0x18, 0x20, 0x6e, 0x01, 0x7e, 0x04, 0xef, 0x72,
-    0x83, 0x61, 0xb8, 0x1a, 0x77, 0x0f, 0xd1, 0xa9,
-    0x75, 0xe0, 0x4a, 0x11, 0x69, 0x9d, 0xb6, 0xc9,
-    0x2e, 0xd3, 0xbf, 0xe2, 0x5b, 0x24, 0x77, 0x30,
-    0x85, 0x91, 0xef, 0xa8, 0x93, 0x4e, 0xad, 0x99,
-    0xad, 0xcb, 0x6d, 0x9d, 0x8f, 0xd8, 0x0f, 0xe5,
-    0x41, 0xd9, 0x9e, 0x0b, 0xce, 0x33, 0xd9, 0xbb,
-    0x87, 0x66, 0x2c, 0xa3, 0x0b, 0x68, 0x1b, 0xb0,
-    0x71, 0x30, 0xfa, 0x15, 0x2e, 0xe8, 0xc1, 0x99,
-    0x71, 0x01, 0xcc, 0xdb, 0x6f, 0x9f, 0x8a, 0xfd,
-    0xb4, 0x0f, 0x35, 0xa1, 0x36, 0xf4, 0x3a, 0xc4,
-    0x17, 0x77, 0x43, 0x60, 0x10, 0x18, 0xb4, 0xc2,
-    0xe5, 0xc0, 0x64, 0xd8, 0x38, 0x7c, 0x05, 0x9a,
-    0xfb, 0x2b, 0xb3, 0x9b, 0x9e, 0x34, 0x6b, 0x4b,
-    0xc8, 0x3b, 0x77, 0xe0, 0x6f, 0x08, 0xa1, 0x7b,
-    0x66, 0x69, 0x2f, 0xdb, 0x34, 0x9e, 0x98, 0x90,
-    0x5b, 0x4d, 0x7b, 0xa2, 0x32, 0x8e, 0x64, 0xe6,
-    0x0d, 0x75, 0xc9, 0x96, 0xe3, 0x57, 0xba, 0xad,
-    0x3e, 0x3b, 0x23, 0xfb, 0x9e, 0x7f, 0xc0, 0x3c,
-    0xd5, 0x41, 0x9c, 0xfb, 0xbc, 0xb3, 0x52, 0x49
-#endif
-};
-#endif
-
-static int test_wc_dilithium_public_der_decode(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
-    defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
-    dilithium_key* key;
-    word32 idx = 0;
-
-    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(key);
-
-    if (key != NULL) {
-        XMEMSET(key, 0, sizeof(*key));
-    }
-
-    ExpectIntEQ(wc_dilithium_init(key), 0);
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
-#else
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
-#endif
-    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(dilithium_public_der, &idx, key,
-        (word32)sizeof(dilithium_public_der)), 0);
-
-    wc_dilithium_free(key);
-    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_dilithium_der(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
-    !defined(WOLFSSL_DILITHIUM_NO_ASN1) && \
-    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
-#define DILITHIUM_MAX_DER_SIZE    8192
-    dilithium_key* key;
-    WC_RNG rng;
-    byte* der = NULL;
-    int len;
-    int pubLen;
-    int pubDerLen;
-    int privDerLen;
-    int keyDerLen;
-    word32 idx;
-
-#ifndef WOLFSSL_NO_ML_DSA_44
-    pubLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
-    pubDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + 24;
-    privDerLen = DILITHIUM_LEVEL2_KEY_SIZE + 30;
-    keyDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE + 34;
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    pubLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
-    pubDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + 24;
-    privDerLen = DILITHIUM_LEVEL3_KEY_SIZE + 30;
-    keyDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE + 34;
-#else
-    pubLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
-    pubDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + 24;
-    privDerLen = DILITHIUM_LEVEL5_KEY_SIZE + 30;
-    keyDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE + 34;
-#endif
-
-    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(key);
-    der = (byte*)XMALLOC(DILITHIUM_MAX_DER_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(der);
-
-    if (key != NULL) {
-        XMEMSET(key, 0, sizeof(*key));
-    }
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_dilithium_init(key), 0);
-
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
-        1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
-        BAD_FUNC_ARG);
-
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
-#elif !defined(WOLFSSL_NO_ML_DSA_65)
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
-#else
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
-#endif
-
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
-        1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE),
-        BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
-
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, NULL, 0                     ,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , 0                     ,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE,
-        0), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , der , 0                     ,
-        0), BUFFER_E    );
-    /* Get length only. */
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, 0                     ,
-        0), pubLen);
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE,
-        0), pubLen);
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, 0                     ,
-        1), pubDerLen);
-    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE,
-        1), pubDerLen);
-
-    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL,
-        0                     ), BAD_FUNC_ARG);
-    ExpectIntGT(wc_Dilithium_PrivateKeyToDer(key , NULL,
-        0                     ), 0);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der ,
-        0                     ), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL,
-        DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der ,
-        DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , der ,
-        0                     ), BUFFER_E);
-    /* Get length only. */
-    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL,
-        DILITHIUM_MAX_DER_SIZE), privDerLen);
-
-    ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, 0                     ),
-        BAD_FUNC_ARG);
-    ExpectIntGT(wc_Dilithium_KeyToDer(key , NULL, 0                     ),
-        0           );
-    ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , 0                     ),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_KeyToDer(key , der , 0                     ),
-        BUFFER_E    );
-    /* Get length only. */
-    ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE),
-        keyDerLen);
-
-    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, 0        ),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , NULL, NULL, 0        ),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, &idx, NULL, 0        ),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, key , 0        ),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, pubDerLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, &idx, key , pubDerLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , NULL, key , pubDerLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , &idx, NULL, pubDerLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , &idx, key , 0        ),
-        BAD_FUNC_ARG);
-
-    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, NULL, 0         ),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , NULL, NULL, 0         ),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, &idx, NULL, 0         ),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, key , 0         ),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, NULL, privDerLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, &idx, key , privDerLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , NULL, key , privDerLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , &idx, NULL, privDerLen),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , &idx, key , 0         ),
-        BAD_FUNC_ARG);
-
-    ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der,
-        DILITHIUM_MAX_DER_SIZE, 0), pubLen);
-    ExpectIntEQ(wc_dilithium_import_public(der, len, key), 0);
-
-    ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der,
-        DILITHIUM_MAX_DER_SIZE, 1), pubDerLen);
-    idx = 0;
-{
-    fprintf(stderr, "\n");
-    for (int ii = 0; ii < pubDerLen; ii++) {
-        if ((ii % 8) == 0) fprintf(stderr, "    ");
-        fprintf(stderr, "0x%02x,", der[ii]);
-        if ((ii % 8) == 7) fprintf(stderr, "\n");
-        else               fprintf(stderr, " ");
-    }
-}
-    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0);
-
-    ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der,
-        DILITHIUM_MAX_DER_SIZE), privDerLen);
-    idx = 0;
-    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0);
-
-    ExpectIntEQ(len = wc_Dilithium_KeyToDer(key, der, DILITHIUM_MAX_DER_SIZE),
-        keyDerLen);
-    idx = 0;
-    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0);
-
-
-    wc_dilithium_free(key);
-    wc_FreeRng(&rng);
-
-    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_dilithium_make_key_from_seed(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
-    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
-    dilithium_key* key;
-#ifndef WOLFSSL_NO_ML_DSA_44
-    static const byte seed_44[] = {
-        0xBA, 0xC0, 0x59, 0x52, 0x75, 0x5B, 0x26, 0x47,
-        0x01, 0xCA, 0x7D, 0x80, 0x6D, 0xFA, 0x08, 0x35,
-        0x10, 0x28, 0xF6, 0x7B, 0x0E, 0x83, 0xC4, 0x24,
-        0x01, 0x6F, 0x66, 0xCC, 0x83, 0x87, 0xD4, 0x69
-    };
-    static const byte pk_44[] = {
-        0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E,
-        0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF,
-        0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B,
-        0xD8, 0x03, 0x12, 0x5B, 0x4A, 0xB2, 0x83, 0x61,
-        0xED, 0x7E, 0xA9, 0xED, 0x2D, 0xED, 0x5A, 0x71,
-        0xDD, 0xAE, 0x4A, 0x06, 0xE0, 0x2A, 0x5A, 0xAF,
-        0x99, 0x69, 0x89, 0xC6, 0xAF, 0xE3, 0x2A, 0xFE,
-        0x3D, 0x6E, 0x0A, 0x46, 0x71, 0x48, 0xD7, 0x17,
-        0x99, 0x20, 0x01, 0x78, 0xD5, 0x8B, 0x40, 0xCB,
-        0x81, 0xA0, 0x33, 0x38, 0xAE, 0x2B, 0x83, 0x4A,
-        0xFD, 0x5F, 0xE0, 0xB7, 0xEE, 0xA0, 0xC4, 0x3D,
-        0xB6, 0xA4, 0xD5, 0x59, 0x4B, 0xDD, 0x87, 0x1A,
-        0xFC, 0x03, 0x30, 0xA0, 0xB3, 0xAD, 0x75, 0x3C,
-        0xD4, 0x47, 0x72, 0x59, 0xCE, 0xB7, 0x80, 0xFD,
-        0x34, 0x35, 0x5E, 0x96, 0xC8, 0x42, 0xD9, 0xDD,
-        0x6C, 0xF1, 0xAB, 0xEF, 0x48, 0xD1, 0xA8, 0x02,
-        0x02, 0x0F, 0x5B, 0x71, 0x4D, 0x36, 0x1E, 0x0D,
-        0xC2, 0x09, 0x46, 0x7B, 0xF9, 0xEA, 0x24, 0x8F,
-        0x7C, 0xCF, 0xB8, 0x9C, 0xF7, 0x49, 0x15, 0x8E,
-        0x16, 0x49, 0x7E, 0xC5, 0x54, 0xF5, 0x03, 0x1D,
-        0x16, 0x12, 0x02, 0x72, 0x1B, 0x38, 0x2D, 0x58,
-        0x53, 0x15, 0x5E, 0xB6, 0x72, 0xCC, 0xA1, 0x09,
-        0xB0, 0x2F, 0x10, 0xFA, 0x21, 0x45, 0x46, 0x37,
-        0xD4, 0xFA, 0x7F, 0xFB, 0xB0, 0xD9, 0x20, 0xE2,
-        0xCB, 0x56, 0xB3, 0x1E, 0xDF, 0x82, 0x67, 0x25,
-        0x09, 0xD1, 0x8F, 0xFF, 0xE0, 0x43, 0xBD, 0x37,
-        0x2B, 0x73, 0x0E, 0x13, 0x08, 0xC9, 0x49, 0x88,
-        0x69, 0x69, 0xD9, 0x8C, 0x86, 0xE4, 0x7E, 0x63,
-        0x35, 0xC5, 0xE1, 0xD0, 0x14, 0x9A, 0x89, 0x27,
-        0x28, 0x17, 0xB0, 0x5B, 0x7A, 0x8F, 0xDD, 0x72,
-        0x8B, 0x0A, 0x0D, 0x49, 0x58, 0x59, 0x2F, 0x0D,
-        0x8F, 0x3D, 0x16, 0xCE, 0x7B, 0x11, 0xC7, 0x06,
-        0x5D, 0xD5, 0x6D, 0x7B, 0x96, 0xED, 0x1E, 0x1A,
-        0xF4, 0x10, 0x85, 0xDA, 0xDE, 0x84, 0x2F, 0x2B,
-        0xBA, 0xFB, 0xA2, 0x5F, 0x33, 0x7D, 0x7C, 0x18,
-        0x6B, 0xDF, 0x43, 0x3C, 0xE9, 0xEB, 0xB4, 0xC5,
-        0x8E, 0x52, 0xF5, 0x7E, 0x4C, 0x3E, 0x6A, 0x33,
-        0x41, 0x4C, 0x14, 0x05, 0x8E, 0x2C, 0x19, 0x0E,
-        0x86, 0x91, 0x66, 0xDE, 0xF6, 0x4B, 0x35, 0xC2,
-        0xDF, 0x3D, 0x4C, 0x7B, 0xC5, 0x58, 0x5E, 0x86,
-        0x89, 0x6A, 0xFC, 0x86, 0x48, 0x75, 0xD1, 0x18,
-        0xD1, 0xCB, 0x41, 0xC0, 0xF6, 0xD8, 0x87, 0x79,
-        0xD9, 0xA2, 0x56, 0x2E, 0x83, 0x26, 0x11, 0xC1,
-        0x4B, 0x53, 0x37, 0x85, 0x62, 0xFF, 0x6A, 0x67,
-        0xFD, 0x18, 0x79, 0xD7, 0x55, 0x9B, 0xF7, 0x64,
-        0xA9, 0x21, 0xB6, 0x1B, 0xF6, 0x11, 0x85, 0xF8,
-        0xC0, 0x68, 0xDE, 0x61, 0x0C, 0x61, 0x7E, 0x8E,
-        0xED, 0x9E, 0x58, 0x84, 0x16, 0x1A, 0x28, 0xC5,
-        0x41, 0x63, 0xB3, 0xF0, 0x82, 0xAA, 0xE8, 0x36,
-        0x81, 0x5C, 0xD3, 0xB7, 0xFB, 0x92, 0xF4, 0x7A,
-        0x1E, 0x85, 0xA2, 0xB7, 0x21, 0xD5, 0xFA, 0xC8,
-        0xE8, 0x02, 0x43, 0x5B, 0x56, 0x42, 0x03, 0x17,
-        0x67, 0xEE, 0x3E, 0x31, 0x23, 0x63, 0xC7, 0x33,
-        0x95, 0xDE, 0x07, 0xF6, 0x11, 0x3A, 0x2C, 0x3F,
-        0x7B, 0xBB, 0x2D, 0x5C, 0x23, 0xF9, 0x2F, 0x9C,
-        0x51, 0x19, 0x9F, 0x35, 0xC3, 0x18, 0x9F, 0x83,
-        0x6E, 0xA8, 0x03, 0xF1, 0x79, 0x1F, 0xB0, 0xC8,
-        0x2F, 0xF4, 0x2E, 0x9A, 0x26, 0xF3, 0x44, 0x02,
-        0x8F, 0x45, 0x8B, 0xB0, 0x25, 0x1D, 0xF2, 0xD4,
-        0x55, 0xB7, 0x65, 0xEF, 0xDB, 0x3D, 0x8E, 0x92,
-        0xC8, 0xA0, 0x63, 0x4C, 0x38, 0xA3, 0x54, 0xD3,
-        0xC2, 0x5A, 0x2A, 0x6A, 0x15, 0x27, 0x2A, 0xE2,
-        0xFC, 0x25, 0xB6, 0xC8, 0x68, 0xEB, 0xED, 0x2D,
-        0x23, 0xE8, 0x6D, 0x5C, 0xDD, 0x3F, 0x18, 0xB4,
-        0x6E, 0x79, 0x36, 0xC9, 0x1C, 0xB4, 0x92, 0x41,
-        0xAD, 0x35, 0xD4, 0x15, 0xE4, 0x64, 0x1C, 0x51,
-        0xCB, 0x0C, 0x41, 0xB7, 0xFD, 0xC1, 0x09, 0x3E,
-        0xD2, 0x4D, 0x38, 0x88, 0x77, 0x1C, 0x71, 0x91,
-        0x74, 0xD3, 0x28, 0xE0, 0xCE, 0x9A, 0x11, 0x8D,
-        0xBF, 0x4D, 0x8D, 0xF0, 0x44, 0xF6, 0x79, 0xFC,
-        0x4C, 0xAD, 0x17, 0x88, 0xC0, 0x8C, 0x0B, 0x7A,
-        0x90, 0x01, 0x53, 0x6C, 0x6B, 0x44, 0xF6, 0xE5,
-        0x2E, 0xEC, 0x44, 0x4F, 0xB8, 0x9B, 0x10, 0xBE,
-        0xCF, 0x55, 0x55, 0x29, 0x83, 0xB8, 0xD0, 0x25,
-        0x5B, 0xCE, 0x8F, 0xA5, 0xB7, 0x6C, 0xA7, 0x47,
-        0x65, 0xA9, 0xE9, 0x9B, 0xA5, 0xBC, 0x28, 0x1D,
-        0x9F, 0x1F, 0x5E, 0x97, 0x42, 0x10, 0x84, 0x92,
-        0xFB, 0x38, 0x0B, 0x2E, 0xAC, 0x79, 0x0A, 0x7D,
-        0x00, 0x2C, 0x35, 0xD0, 0x54, 0x0D, 0x28, 0xE7,
-        0xAB, 0x06, 0x02, 0xDA, 0x89, 0xA3, 0x06, 0x8E,
-        0x13, 0x9A, 0xA7, 0xCA, 0x48, 0x09, 0xB0, 0x48,
-        0x37, 0x08, 0xA7, 0x7D, 0xDA, 0xEB, 0x58, 0x64,
-        0x39, 0xB3, 0xF3, 0xB2, 0x4C, 0x00, 0x4B, 0xCB,
-        0x94, 0x36, 0xD4, 0x7C, 0x73, 0x45, 0xC8, 0x93,
-        0xE5, 0x2A, 0x11, 0xF0, 0xEF, 0x0C, 0xED, 0x5F,
-        0x8B, 0x0C, 0x86, 0xAD, 0x3A, 0x01, 0x07, 0x1A,
-        0xC0, 0x34, 0xE8, 0x74, 0x21, 0x27, 0x73, 0x56,
-        0x93, 0x76, 0x5D, 0x80, 0x59, 0xB4, 0xA4, 0xDC,
-        0x80, 0xE7, 0xCE, 0x70, 0x0E, 0x0F, 0xEC, 0x56,
-        0x42, 0x6E, 0x9C, 0x76, 0x3D, 0xF6, 0xB4, 0x41,
-        0xE2, 0x3E, 0xAC, 0x25, 0xE7, 0x86, 0xA7, 0xA7,
-        0x0A, 0x0D, 0x5D, 0x04, 0x1F, 0x45, 0xD4, 0x5B,
-        0x42, 0x38, 0x4C, 0x60, 0xE7, 0xB7, 0x0D, 0xC7,
-        0x28, 0x4F, 0xA5, 0x4E, 0x0C, 0x1B, 0xC4, 0xDA,
-        0x50, 0x1A, 0xA0, 0x93, 0xAE, 0x10, 0x9A, 0x1A,
-        0xC8, 0xC6, 0x56, 0xFC, 0x0A, 0xEA, 0x89, 0x3A,
-        0x28, 0x21, 0xE9, 0x52, 0x9D, 0xEB, 0x07, 0x68,
-        0xC1, 0x57, 0x32, 0x25, 0x1F, 0x93, 0x5D, 0x35,
-        0xB2, 0x4B, 0x58, 0x30, 0xAF, 0x51, 0xC6, 0x7D,
-        0x47, 0xD1, 0xA2, 0xAD, 0xDE, 0x75, 0x48, 0x84,
-        0x74, 0x19, 0x74, 0x18, 0xA0, 0x2C, 0xD8, 0xB2,
-        0xFE, 0x44, 0x78, 0x95, 0x6A, 0xBF, 0x56, 0x4D,
-        0x20, 0x79, 0xE7, 0xE2, 0xE3, 0x56, 0x69, 0xB3,
-        0xFA, 0xE1, 0xEB, 0xE6, 0x11, 0xAC, 0x18, 0xB3,
-        0x98, 0xC1, 0x04, 0x20, 0x96, 0x4B, 0xAD, 0xDE,
-        0x5B, 0x18, 0xEB, 0x7B, 0xBC, 0x15, 0x11, 0x57,
-        0x29, 0x10, 0xE5, 0x80, 0x78, 0x4A, 0xF0, 0x87,
-        0xF6, 0xD1, 0x3C, 0x23, 0xC5, 0xF4, 0x2D, 0xD7,
-        0xAB, 0xA4, 0xD7, 0xB8, 0x45, 0x8E, 0x04, 0x1B,
-        0x78, 0x59, 0x9F, 0x81, 0xE6, 0x04, 0xDF, 0x70,
-        0x2B, 0x14, 0x74, 0x16, 0x49, 0xDA, 0xF0, 0xE1,
-        0xC8, 0x29, 0xCC, 0x87, 0x8C, 0x2F, 0xFB, 0x18,
-        0x3B, 0x47, 0xFC, 0x79, 0x04, 0x84, 0xCB, 0x0A,
-        0xD2, 0x64, 0xBF, 0x86, 0xEA, 0x01, 0xAC, 0xE0,
-        0xBD, 0xEC, 0x3B, 0xE1, 0xA7, 0x6C, 0xDE, 0x1D,
-        0x58, 0x76, 0xCC, 0x53, 0x9E, 0xF6, 0xC6, 0xD4,
-        0x2C, 0x87, 0x92, 0xA2, 0x89, 0x27, 0x31, 0x33,
-        0x01, 0xA5, 0xA2, 0xE8, 0x8F, 0x13, 0x19, 0x0F,
-        0xFD, 0x73, 0xB9, 0x91, 0xBD, 0xB8, 0x80, 0x9A,
-        0xA3, 0xB1, 0x21, 0x6C, 0x91, 0x13, 0x8A, 0xAE,
-        0xC7, 0xCB, 0x67, 0x14, 0xD1, 0xC0, 0x28, 0x89,
-        0x04, 0x8C, 0x9F, 0xDE, 0xA0, 0x9A, 0x99, 0xA8,
-        0x61, 0xE6, 0x8F, 0x8E, 0x39, 0xEF, 0x6B, 0x5E,
-        0x84, 0x5F, 0x5D, 0x24, 0x37, 0x73, 0x9D, 0x75,
-        0xC4, 0xEF, 0xE2, 0xA1, 0xF2, 0xBC, 0x0D, 0xE1,
-        0x0D, 0xEC, 0xFA, 0xEE, 0xC1, 0x63, 0xC8, 0x2E,
-        0x7D, 0x85, 0x65, 0xC3, 0xF2, 0x0D, 0x8B, 0x73,
-        0xF9, 0x3B, 0x0B, 0x3D, 0x49, 0x8B, 0xFB, 0x16,
-        0x5B, 0x75, 0x48, 0x9B, 0x56, 0x0A, 0x83, 0x4C,
-        0x0D, 0x13, 0xB2, 0xB4, 0x25, 0xC7, 0x2C, 0xCB,
-        0xA7, 0x9E, 0xCA, 0x41, 0x44, 0x14, 0x9A, 0x03,
-        0xD3, 0x01, 0x8C, 0xB0, 0xD5, 0xA9, 0x36, 0xA4,
-        0x16, 0x21, 0x49, 0x0A, 0x99, 0xA1, 0x89, 0xA5,
-        0x91, 0x10, 0xA2, 0x1B, 0x3F, 0x98, 0x1E, 0x1C,
-        0x43, 0xAA, 0x9C, 0x16, 0x5A, 0xF0, 0x18, 0x64,
-        0x0F, 0x6A, 0xE3, 0x97, 0x83, 0x31, 0x4E, 0x84,
-        0xC9, 0xEA, 0xD8, 0x9F, 0xEA, 0x9E, 0xD6, 0xF2,
-        0x0E, 0x15, 0xA5, 0x48, 0x15, 0x8B, 0x10, 0x1D,
-        0x77, 0x78, 0x1B, 0x54, 0x03, 0xC1, 0x2C, 0xB1,
-        0xC8, 0x22, 0x11, 0x9D, 0xB8, 0x82, 0x94, 0x26,
-        0xA0, 0xED, 0x6C, 0xAD, 0xA8, 0x03, 0xC2, 0xED,
-        0x02, 0x74, 0x3E, 0x54, 0xBD, 0x77, 0xA6, 0x0B,
-        0x37, 0xFE, 0x04, 0xCD, 0x25, 0x10, 0x2D, 0x52,
-        0xC2, 0xD4, 0x5B, 0x9B, 0xAE, 0xFE, 0x35, 0x73,
-        0x16, 0x61, 0x84, 0x25, 0x1D, 0xBE, 0x95, 0x34,
-        0xA4, 0xF6, 0xB9, 0xA4, 0xF9, 0xAA, 0x5D, 0x1E,
-        0x49, 0xBB, 0x19, 0xD9, 0x64, 0xD7, 0x48, 0x1A,
-        0x0A, 0x93, 0xC3, 0x69, 0x13, 0x12, 0x68, 0xBB,
-        0x97, 0x97, 0xBD, 0x99, 0x69, 0xCE, 0xE6, 0xF5,
-        0x84, 0x7B, 0xCC, 0xE4, 0x7D, 0xD3, 0xCD, 0x8A,
-        0x7A, 0x4B, 0x98, 0xF4, 0x09, 0x9D, 0xEA, 0x5D,
-        0x4E, 0x1F, 0xE1, 0x1E, 0x6C, 0x48, 0xD3, 0x5E,
-        0x67, 0xD9, 0xFF, 0x64, 0x4D, 0xA7, 0x64, 0x7A,
-        0x01, 0xB2, 0xE9, 0x63, 0x14, 0x10, 0xB7, 0x08,
-        0x0C, 0xF9, 0x4D, 0x66, 0x48, 0x46, 0xE3, 0xC2,
-        0x48, 0x6B, 0x47, 0xCE, 0x00, 0x98, 0x92, 0x83,
-        0xF7, 0xE0, 0x1F, 0x96, 0xFA, 0x53, 0xD5, 0x49,
-        0x1C, 0xC7, 0x89, 0xB4, 0xA5, 0x4B, 0x63, 0xBF,
-        0xD2, 0x00, 0x79, 0xDD, 0xC1, 0x60, 0xAA, 0xF2,
-        0x0F, 0x47, 0xB9, 0x4F, 0x8A, 0x66, 0x05, 0x3D,
-        0x96, 0x36, 0x64, 0x48, 0x5F, 0x7E, 0x56, 0x2B,
-        0xB3, 0x47, 0xE2, 0x76, 0x64, 0x21, 0x65, 0x34,
-        0xFC, 0xDD, 0x2D, 0x4C, 0xE2, 0x99, 0x33, 0x04,
-        0xE4, 0x26, 0x15, 0x37, 0x6C, 0x32, 0xB9, 0x17
-    };
-    static const byte sk_44[] = {
-        0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E,
-        0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF,
-        0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B,
-        0xD8, 0x03, 0x12, 0x5B, 0x4A, 0xB2, 0x83, 0x61,
-        0x73, 0x61, 0x49, 0x01, 0x0F, 0x94, 0x08, 0x30,
-        0x26, 0x02, 0x12, 0x63, 0x64, 0x15, 0x7A, 0x4D,
-        0xBA, 0xF5, 0x25, 0xA7, 0xAA, 0x0B, 0x7C, 0x3D,
-        0xCE, 0x05, 0x91, 0x95, 0xEF, 0x17, 0x2F, 0xE2,
-        0x5A, 0x03, 0x5E, 0x2E, 0x4D, 0xFA, 0xE7, 0x5F,
-        0xCD, 0x61, 0x34, 0xFB, 0x3D, 0x3C, 0x5C, 0x60,
-        0x1A, 0x6F, 0x09, 0xB5, 0x9D, 0xDD, 0x90, 0x53,
-        0xF6, 0x89, 0x50, 0xC2, 0xE1, 0xED, 0x0A, 0x61,
-        0x8F, 0xFA, 0xDC, 0x2D, 0xB2, 0x8B, 0xA1, 0x56,
-        0xAC, 0x5E, 0x0E, 0xF1, 0x3B, 0x1E, 0x22, 0x9F,
-        0xAA, 0x05, 0x96, 0xA3, 0x5E, 0x44, 0x86, 0xA8,
-        0xBA, 0x15, 0xD1, 0x11, 0x7D, 0xAA, 0xD0, 0xAA,
-        0x01, 0x27, 0x25, 0x04, 0x82, 0x89, 0xA4, 0x22,
-        0x2E, 0xDB, 0x80, 0x45, 0xD2, 0x30, 0x45, 0x59,
-        0x16, 0x64, 0xE2, 0x08, 0x86, 0x50, 0x00, 0x8E,
-        0xCA, 0x08, 0x51, 0x5A, 0x06, 0x01, 0x54, 0x82,
-        0x20, 0xC4, 0x92, 0x30, 0x02, 0x21, 0x4E, 0x0A,
-        0x93, 0x89, 0x84, 0xB8, 0x70, 0x24, 0x40, 0x51,
-        0x24, 0xB3, 0x44, 0xDB, 0x08, 0x40, 0x1B, 0x37,
-        0x44, 0x21, 0x22, 0x8E, 0x8C, 0x16, 0x42, 0x10,
-        0x22, 0x0E, 0xA1, 0xB2, 0x8D, 0x18, 0x49, 0x30,
-        0xC1, 0x32, 0x69, 0x21, 0x03, 0x8E, 0x49, 0x44,
-        0x08, 0xD3, 0x16, 0x89, 0x10, 0xA4, 0x25, 0x5C,
-        0x22, 0x8A, 0xC0, 0xC8, 0x08, 0xC1, 0x04, 0x6A,
-        0xD2, 0xA0, 0x50, 0x8A, 0x02, 0x52, 0x92, 0x16,
-        0x44, 0x54, 0x30, 0x4A, 0x92, 0x32, 0x0C, 0x4C,
-        0x44, 0x2D, 0x04, 0x15, 0x2A, 0x99, 0x24, 0x42,
-        0x52, 0xA8, 0x30, 0x53, 0x24, 0x85, 0x9A, 0xB8,
-        0x01, 0xE2, 0x08, 0x09, 0x23, 0x28, 0x08, 0xC4,
-        0x98, 0x85, 0x0B, 0xB9, 0x40, 0x60, 0x26, 0x28,
-        0x0A, 0x45, 0x12, 0x0C, 0x43, 0x84, 0x82, 0x16,
-        0x89, 0xC4, 0x48, 0x28, 0x58, 0x18, 0x2A, 0x20,
-        0x07, 0x02, 0xD3, 0x82, 0x45, 0x50, 0xB0, 0x50,
-        0x64, 0x36, 0x91, 0x52, 0x02, 0x45, 0x5A, 0x42,
-        0x26, 0x01, 0x28, 0x71, 0xD4, 0x86, 0x10, 0x19,
-        0xC4, 0x68, 0xC4, 0x30, 0x66, 0xE0, 0x02, 0x49,
-        0x18, 0x34, 0x05, 0x04, 0x02, 0x04, 0x90, 0x94,
-        0x4C, 0x01, 0xA7, 0x80, 0x12, 0x97, 0x08, 0x19,
-        0xC5, 0x41, 0x24, 0xC1, 0x61, 0x08, 0xB0, 0x0C,
-        0x21, 0xC1, 0x49, 0x9B, 0x42, 0x51, 0x62, 0x18,
-        0x22, 0x54, 0x06, 0x06, 0x93, 0x26, 0x70, 0x49,
-        0x86, 0x91, 0x00, 0x28, 0x6C, 0x02, 0xC9, 0x60,
-        0x13, 0xC3, 0x09, 0xCB, 0x14, 0x66, 0x09, 0x17,
-        0x25, 0x1C, 0x16, 0x89, 0x01, 0xB6, 0x01, 0x60,
-        0x86, 0x71, 0x58, 0x96, 0x04, 0x82, 0x38, 0x61,
-        0x43, 0x40, 0x72, 0xCC, 0x46, 0x71, 0x81, 0x20,
-        0x2C, 0x18, 0x20, 0x6E, 0x03, 0x91, 0x11, 0x9A,
-        0x08, 0x89, 0x43, 0x06, 0x48, 0x64, 0x02, 0x6C,
-        0x21, 0x33, 0x8D, 0x48, 0x16, 0x66, 0x9B, 0xA4,
-        0x2D, 0x01, 0x10, 0x66, 0xDC, 0xB0, 0x25, 0x40,
-        0xA0, 0x24, 0xA2, 0xB4, 0x44, 0xC8, 0x26, 0x61,
-        0x0A, 0x10, 0x4E, 0xD0, 0x04, 0x11, 0x4A, 0x82,
-        0x51, 0x03, 0x04, 0x6C, 0x18, 0x88, 0x6C, 0xE0,
-        0x98, 0x41, 0x11, 0x29, 0x06, 0x62, 0x12, 0x8E,
-        0xDA, 0x42, 0x91, 0x09, 0x48, 0x60, 0xD1, 0xB4,
-        0x80, 0x10, 0x30, 0x30, 0x80, 0x38, 0x82, 0xD0,
-        0x84, 0x0D, 0x08, 0x14, 0x92, 0x24, 0x41, 0x40,
-        0x0C, 0x10, 0x89, 0xCC, 0x38, 0x8A, 0x13, 0xB6,
-        0x89, 0x1A, 0xA7, 0x24, 0x5C, 0x10, 0x12, 0x1B,
-        0x21, 0x50, 0x91, 0xB4, 0x29, 0x99, 0xB6, 0x51,
-        0x04, 0xB1, 0x91, 0x59, 0xA6, 0x05, 0x19, 0x08,
-        0x4A, 0x4A, 0x84, 0x6C, 0x1C, 0x49, 0x02, 0x44,
-        0x20, 0x85, 0x14, 0xB1, 0x89, 0x09, 0x44, 0x2C,
-        0x10, 0x02, 0x22, 0xE1, 0xB4, 0x25, 0x01, 0x21,
-        0x71, 0x53, 0xC2, 0x85, 0x82, 0x88, 0x28, 0xC0,
-        0x02, 0x52, 0x19, 0xC5, 0x51, 0x19, 0xA5, 0x09,
-        0xC0, 0x82, 0x91, 0x21, 0x47, 0x0D, 0x1C, 0x30,
-        0x69, 0xDC, 0xB8, 0x6C, 0x04, 0x41, 0x6A, 0x91,
-        0x16, 0x40, 0xA0, 0xC8, 0x24, 0x1A, 0x10, 0x01,
-        0x04, 0x39, 0x25, 0x80, 0x16, 0x02, 0x63, 0x36,
-        0x71, 0x90, 0xB0, 0x8D, 0x44, 0x16, 0x8E, 0xDA,
-        0x16, 0x2E, 0xCB, 0x44, 0x20, 0x54, 0x38, 0x06,
-        0x54, 0xC4, 0x01, 0x51, 0x40, 0x86, 0x52, 0x44,
-        0x0E, 0x82, 0x02, 0x32, 0x21, 0x38, 0x89, 0x19,
-        0x04, 0x40, 0xD8, 0x12, 0x68, 0x21, 0x98, 0x11,
-        0x03, 0x33, 0x8A, 0x18, 0x00, 0x45, 0xCB, 0x22,
-        0x32, 0xC3, 0x04, 0x46, 0x09, 0x18, 0x51, 0x22,
-        0x44, 0x89, 0x13, 0x16, 0x6E, 0xDA, 0x46, 0x45,
-        0x09, 0x19, 0x41, 0x81, 0x10, 0x01, 0xDC, 0x18,
-        0x8E, 0xC8, 0x44, 0x4C, 0x00, 0x17, 0x82, 0x9C,
-        0xA6, 0x4D, 0xC8, 0x08, 0x10, 0x24, 0x42, 0x6D,
-        0x91, 0x38, 0x89, 0x8C, 0x40, 0x6E, 0x00, 0x35,
-        0x11, 0xD3, 0x24, 0x09, 0x1A, 0x01, 0x65, 0x88,
-        0x48, 0x45, 0x09, 0x01, 0x71, 0x43, 0xB8, 0x80,
-        0x11, 0x82, 0x2C, 0x84, 0xB8, 0x49, 0x58, 0x14,
-        0x28, 0x92, 0x20, 0x32, 0x09, 0x12, 0x05, 0x20,
-        0x81, 0x2D, 0x5B, 0x86, 0x11, 0x04, 0x90, 0x45,
-        0x49, 0x80, 0x40, 0xD1, 0xC8, 0x24, 0x98, 0xC2,
-        0x2C, 0x99, 0xA2, 0x30, 0x04, 0x98, 0x8C, 0x53,
-        0x24, 0x02, 0x8A, 0x04, 0x01, 0x4C, 0x28, 0x71,
-        0xC3, 0x86, 0x6C, 0x24, 0x49, 0x81, 0x04, 0x02,
-        0x28, 0x62, 0x44, 0x32, 0x61, 0x20, 0x28, 0x01,
-        0x04, 0x11, 0x0C, 0x09, 0x08, 0x90, 0x98, 0x84,
-        0x63, 0xB2, 0x45, 0x63, 0x38, 0x2E, 0x04, 0xA4,
-        0x0C, 0x18, 0x05, 0x4E, 0xCC, 0x86, 0x90, 0x43,
-        0x40, 0x91, 0x54, 0x02, 0x21, 0x43, 0x28, 0x42,
-        0x23, 0x94, 0x29, 0xC8, 0xA6, 0x91, 0x02, 0x09,
-        0x80, 0xE3, 0x82, 0x00, 0xC1, 0x34, 0x08, 0xD1,
-        0x34, 0x84, 0x12, 0x45, 0x8C, 0x02, 0xC6, 0x81,
-        0x41, 0xC6, 0x6C, 0x1B, 0x12, 0x24, 0x04, 0x08,
-        0x0D, 0x02, 0x00, 0x0C, 0x9C, 0xA2, 0x05, 0x49,
-        0x34, 0x65, 0x00, 0x06, 0x89, 0x88, 0x34, 0x00,
-        0xD8, 0x82, 0x29, 0x92, 0x12, 0x91, 0xE3, 0x36,
-        0x86, 0xD1, 0x80, 0x71, 0x98, 0xB0, 0x50, 0x48,
-        0xC6, 0x11, 0x14, 0x80, 0x0D, 0xA0, 0x12, 0x4D,
-        0x9B, 0xB2, 0x40, 0x21, 0x41, 0x50, 0x4B, 0x36,
-        0x05, 0x52, 0x10, 0x26, 0x19, 0xB2, 0x60, 0x92,
-        0xA2, 0x24, 0xCB, 0x08, 0x00, 0x14, 0x22, 0x49,
-        0x5A, 0xD0, 0x55, 0xBD, 0x2B, 0x45, 0xE4, 0x31,
-        0x41, 0xA8, 0xC3, 0xA3, 0xAD, 0xBD, 0xB6, 0x37,
-        0x92, 0x06, 0x95, 0x6B, 0x3D, 0xD8, 0xE5, 0x33,
-        0x71, 0xB6, 0x62, 0xB7, 0x67, 0x6C, 0x77, 0x84,
-        0x63, 0x2F, 0x41, 0x1D, 0xBA, 0x51, 0x27, 0xE1,
-        0x24, 0x5D, 0xC2, 0x38, 0x71, 0x65, 0x9E, 0x8E,
-        0xE4, 0xEB, 0xBB, 0x1D, 0x89, 0xEB, 0x18, 0xCA,
-        0x0C, 0xA6, 0x86, 0xA3, 0x4D, 0x7C, 0x7A, 0x02,
-        0xAC, 0xDD, 0x34, 0xCE, 0x05, 0x3B, 0x1B, 0x49,
-        0xF4, 0x6D, 0x12, 0x33, 0xBC, 0x52, 0x70, 0x59,
-        0xDF, 0xBC, 0x5D, 0x49, 0x42, 0x6A, 0xED, 0xC7,
-        0xF1, 0x8C, 0xF5, 0x6D, 0x1F, 0xBC, 0xE4, 0xBD,
-        0x45, 0x5D, 0x59, 0xF8, 0xCE, 0x9A, 0x39, 0xB5,
-        0x96, 0x32, 0xFD, 0x93, 0x65, 0x8E, 0x92, 0xF1,
-        0x8F, 0xB0, 0x99, 0xF3, 0x80, 0x0F, 0x66, 0x14,
-        0xFE, 0xEB, 0x23, 0x17, 0x2D, 0x4C, 0x8F, 0x41,
-        0x9A, 0x9B, 0xD1, 0x5B, 0x5B, 0xC0, 0x3D, 0xA6,
-        0x0E, 0xF3, 0xE0, 0xA1, 0x04, 0xDC, 0x24, 0x18,
-        0x9D, 0x90, 0xC6, 0x89, 0x5A, 0x7F, 0x10, 0x1E,
-        0x4B, 0x21, 0xEC, 0x91, 0xD8, 0x5D, 0x65, 0xDB,
-        0xCF, 0x90, 0x62, 0x85, 0xE9, 0x58, 0xA3, 0x47,
-        0x92, 0x1C, 0xD0, 0x0C, 0xA3, 0xF3, 0x3E, 0x36,
-        0xDB, 0x24, 0xA6, 0x98, 0xAB, 0xA7, 0x89, 0x2B,
-        0x71, 0x6C, 0x4D, 0x00, 0xB0, 0xD5, 0xA0, 0xCA,
-        0x1A, 0x76, 0x8E, 0x80, 0xB7, 0xAE, 0x83, 0x89,
-        0x50, 0xF8, 0xA7, 0x52, 0x8B, 0x94, 0xD2, 0x2B,
-        0x9F, 0x49, 0x92, 0x3D, 0x54, 0x0D, 0xB8, 0xD1,
-        0x19, 0x49, 0xAC, 0x91, 0xAF, 0xDB, 0xE9, 0x24,
-        0x4D, 0xD8, 0xE1, 0xD5, 0x16, 0x0E, 0xB1, 0x39,
-        0x40, 0x7D, 0x5F, 0xF5, 0x92, 0xB4, 0xAF, 0xC3,
-        0x76, 0x2B, 0xDB, 0x7D, 0x52, 0x97, 0x62, 0x9F,
-        0xCF, 0x32, 0x19, 0x5F, 0xE6, 0x32, 0xFB, 0x8E,
-        0x39, 0x24, 0xB4, 0xEB, 0xE9, 0x17, 0x9E, 0x47,
-        0x69, 0x4D, 0x92, 0x82, 0x96, 0x88, 0x38, 0x11,
-        0xCE, 0xD6, 0xBF, 0x18, 0xE3, 0x51, 0x40, 0x81,
-        0x11, 0xA0, 0x74, 0xDA, 0x0D, 0x5E, 0xEC, 0xD8,
-        0x5D, 0x33, 0x22, 0x1E, 0xB9, 0x5D, 0xBF, 0x79,
-        0xB0, 0xA1, 0xEF, 0xD1, 0x2D, 0xA0, 0x5F, 0xA1,
-        0xC7, 0x6E, 0xD5, 0x08, 0xB8, 0xD0, 0xC1, 0x95,
-        0x51, 0x9B, 0x07, 0xC3, 0x4A, 0x0A, 0xB5, 0xA1,
-        0x28, 0xFE, 0x95, 0x95, 0x0A, 0xCF, 0x83, 0xA8,
-        0xEB, 0x8F, 0xFB, 0x18, 0xD5, 0xBD, 0x69, 0x50,
-        0xF1, 0xDF, 0x06, 0xFA, 0x9A, 0x65, 0x47, 0xBB,
-        0x56, 0xE9, 0xCB, 0x8F, 0x69, 0x5F, 0xE0, 0xAD,
-        0x19, 0x3A, 0x70, 0xE5, 0x66, 0x42, 0xD7, 0x1C,
-        0x0C, 0xB4, 0x03, 0x89, 0x7D, 0x47, 0x4D, 0x29,
-        0x67, 0x8C, 0x41, 0x73, 0xAB, 0x7D, 0xFD, 0x69,
-        0x15, 0xAD, 0xE3, 0xB7, 0xF8, 0x98, 0x3B, 0xCA,
-        0x8F, 0x27, 0x37, 0x7B, 0x72, 0x2C, 0x5F, 0x23,
-        0x73, 0x15, 0xE2, 0xB6, 0xBD, 0xDE, 0x84, 0xF8,
-        0x7E, 0x22, 0xB9, 0xFD, 0xD3, 0x4D, 0x62, 0x80,
-        0xBA, 0xC5, 0x57, 0x29, 0x30, 0x1B, 0x06, 0x4D,
-        0x20, 0xB1, 0x53, 0x86, 0xCB, 0x6A, 0x4A, 0xE3,
-        0xC1, 0xA9, 0x88, 0xCF, 0xEB, 0x15, 0x2F, 0xA8,
-        0xA8, 0x6F, 0xFC, 0x2A, 0xA8, 0x0E, 0xD9, 0xFA,
-        0xEA, 0xD7, 0x3B, 0xCE, 0xF8, 0x5B, 0xD8, 0x92,
-        0x22, 0x6A, 0x1A, 0x8E, 0x5E, 0x91, 0x37, 0x2C,
-        0x21, 0x05, 0xC4, 0xAC, 0xF7, 0x62, 0x83, 0xBA,
-        0x55, 0xD5, 0x2C, 0xCE, 0xA1, 0x19, 0x93, 0x0E,
-        0xDE, 0xB6, 0xB8, 0x78, 0x0F, 0xBF, 0x4C, 0xA4,
-        0x66, 0xAD, 0x97, 0x2F, 0xEE, 0x34, 0xE9, 0xA2,
-        0xB6, 0x1D, 0x3C, 0x60, 0xFB, 0xB8, 0x7F, 0xF8,
-        0xFD, 0x34, 0x8C, 0xC5, 0xC7, 0x38, 0x72, 0x74,
-        0x19, 0xA9, 0xCF, 0x54, 0x49, 0x5B, 0xBA, 0x70,
-        0x12, 0xC1, 0x61, 0xDC, 0x32, 0x61, 0x49, 0x66,
-        0xF3, 0x57, 0xAA, 0x0F, 0xE6, 0x44, 0x9E, 0x8A,
-        0x19, 0x9C, 0x6B, 0x63, 0x2C, 0x14, 0x1E, 0xDD,
-        0x00, 0x27, 0xE3, 0x95, 0xE3, 0xE7, 0xD9, 0xFF,
-        0x30, 0x2D, 0x14, 0x19, 0x4F, 0x49, 0x20, 0x0B,
-        0x58, 0x2A, 0x23, 0x1C, 0xE2, 0xAD, 0x6B, 0x9C,
-        0x7B, 0xB6, 0x20, 0x63, 0x08, 0x24, 0x55, 0x04,
-        0x58, 0x1F, 0x0E, 0xBE, 0x2A, 0x6F, 0x79, 0x90,
-        0x9E, 0x15, 0x8F, 0x4B, 0xDB, 0xE2, 0xBE, 0xBC,
-        0x28, 0xB1, 0xC8, 0xFE, 0x00, 0x6D, 0x71, 0xCC,
-        0x91, 0x6A, 0xCC, 0xF8, 0x12, 0x8B, 0xEC, 0xF3,
-        0x46, 0x53, 0xB1, 0x7F, 0xB3, 0x79, 0xF0, 0xC7,
-        0xD7, 0xA5, 0xCF, 0x2C, 0xC3, 0x09, 0x66, 0x82,
-        0x53, 0x43, 0xFD, 0xAC, 0xDE, 0xD5, 0x85, 0xB3,
-        0x79, 0x74, 0x55, 0xE8, 0xF6, 0xE5, 0xFB, 0xF0,
-        0x63, 0x0C, 0x36, 0x63, 0x65, 0x10, 0x43, 0xC9,
-        0x60, 0x99, 0xD6, 0x0C, 0xB9, 0x66, 0x1C, 0xA9,
-        0x97, 0x4D, 0xDB, 0xA8, 0x13, 0x9E, 0xAE, 0xCA,
-        0x7A, 0x5F, 0xE3, 0x24, 0xA0, 0xEE, 0x8A, 0x9D,
-        0x7F, 0x03, 0x53, 0x21, 0x6B, 0xAF, 0x3D, 0xF9,
-        0x38, 0xF3, 0x7A, 0x1D, 0xDA, 0xE2, 0xEF, 0xBA,
-        0x86, 0x21, 0x85, 0x1F, 0x36, 0x08, 0x0B, 0xDA,
-        0x37, 0x5A, 0x0A, 0xD7, 0x55, 0x41, 0xD5, 0x84,
-        0x1B, 0x36, 0xA2, 0x50, 0x65, 0xD7, 0xF3, 0xA3,
-        0xEB, 0xE1, 0xDE, 0x0F, 0x85, 0xAA, 0xF6, 0x2F,
-        0xAB, 0xBB, 0xC8, 0xF1, 0x2A, 0xD1, 0x0A, 0x9B,
-        0xE4, 0x7B, 0xBC, 0x4D, 0x42, 0xD8, 0xA3, 0x4C,
-        0x07, 0x6A, 0x60, 0x3E, 0xE2, 0xDA, 0xE7, 0x00,
-        0xDF, 0x27, 0x94, 0xEF, 0x90, 0x99, 0x88, 0x2C,
-        0xCF, 0xAA, 0xE1, 0x71, 0x2D, 0xFD, 0x00, 0x9C,
-        0x55, 0xBF, 0xC4, 0x7A, 0x55, 0xE9, 0xE0, 0xB4,
-        0x7F, 0x3D, 0xE9, 0xB0, 0x01, 0xA7, 0x27, 0x23,
-        0x27, 0x58, 0x31, 0x0E, 0x8E, 0x80, 0xD8, 0xEB,
-        0x64, 0xA0, 0xC3, 0xC9, 0xEA, 0x69, 0x9C, 0x74,
-        0x5E, 0xAF, 0xD5, 0xEF, 0x5C, 0x4E, 0x40, 0x71,
-        0xD6, 0x57, 0x77, 0xE2, 0xAF, 0x0E, 0x1D, 0xB8,
-        0x5A, 0x91, 0x20, 0x4C, 0x33, 0x4D, 0xD8, 0x4F,
-        0x98, 0xE0, 0x86, 0x1D, 0x02, 0xA0, 0xDA, 0x06,
-        0x17, 0xC4, 0x5D, 0x2E, 0x49, 0x31, 0xE6, 0xE4,
-        0xDC, 0x18, 0x23, 0x26, 0xF3, 0x61, 0xF5, 0x8D,
-        0x26, 0x2C, 0x18, 0x4C, 0xDF, 0x71, 0x90, 0x24,
-        0x96, 0xD3, 0xD4, 0x1A, 0x6F, 0x08, 0xAB, 0x29,
-        0x7D, 0xFF, 0x4E, 0x27, 0x6D, 0x39, 0x83, 0x17,
-        0x90, 0xA4, 0x07, 0x8A, 0xDE, 0x79, 0x53, 0xF6,
-        0x99, 0x2E, 0xA6, 0x39, 0x47, 0xC3, 0xBE, 0x12,
-        0xC7, 0xA5, 0x7E, 0xA2, 0x19, 0x57, 0x04, 0x45,
-        0xBE, 0x44, 0x62, 0x92, 0xCA, 0x56, 0xE1, 0xF0,
-        0x45, 0x3B, 0xA4, 0xF8, 0xF5, 0xCD, 0xC7, 0xD2,
-        0xB2, 0x46, 0x57, 0x51, 0x0B, 0x06, 0xDA, 0x54,
-        0x03, 0x9E, 0x52, 0xA2, 0x78, 0x69, 0x25, 0x2E,
-        0x75, 0x83, 0x25, 0x3F, 0xA3, 0x62, 0x27, 0xB9,
-        0xA6, 0x59, 0x7A, 0xB1, 0xB6, 0xE9, 0xC1, 0xDD,
-        0x2F, 0x22, 0x2D, 0x3B, 0xA3, 0x22, 0xD6, 0x11,
-        0x7B, 0x08, 0x27, 0x92, 0x83, 0x7A, 0x5D, 0x0D,
-        0x6B, 0x9D, 0x5B, 0xEB, 0xE9, 0xC0, 0x88, 0xDE,
-        0x44, 0x55, 0xBA, 0x69, 0xC1, 0x7A, 0x4D, 0xE6,
-        0x35, 0x67, 0x6F, 0x99, 0x9B, 0x07, 0xD8, 0x04,
-        0xAA, 0xEA, 0x7D, 0xFF, 0x8E, 0xB8, 0xAA, 0x4C,
-        0x79, 0xE2, 0x88, 0xA8, 0x1D, 0xE8, 0xA6, 0x77,
-        0xCA, 0x06, 0xC0, 0xDF, 0x0E, 0x2B, 0xCB, 0xFF,
-        0x9F, 0x64, 0x67, 0x11, 0xF1, 0xB9, 0x38, 0x83,
-        0x19, 0x05, 0x30, 0x9B, 0x01, 0x11, 0x55, 0x03,
-        0xAD, 0x44, 0x7D, 0x3C, 0x07, 0xEF, 0x88, 0x19,
-        0x92, 0xC0, 0xFE, 0xE1, 0xAB, 0xDB, 0x24, 0x18,
-        0x17, 0xD0, 0x03, 0x5C, 0x91, 0xD4, 0xA6, 0x2A,
-        0xF1, 0xE9, 0x72, 0x62, 0x58, 0x22, 0x7D, 0x55,
-        0x15, 0xE2, 0xA1, 0x70, 0x14, 0x5E, 0x34, 0xB9,
-        0x5A, 0xB7, 0x5D, 0x3F, 0xB8, 0xB5, 0x45, 0x44,
-        0xD2, 0x50, 0xD1, 0xC6, 0x7E, 0xE7, 0x3D, 0xF4,
-        0xD3, 0xEC, 0xFB, 0x97, 0x32, 0x11, 0x72, 0x51,
-        0xB7, 0x4A, 0xC8, 0x38, 0x96, 0xFC, 0x6F, 0x69,
-        0xC2, 0xD5, 0xD3, 0x28, 0xE9, 0x63, 0x14, 0x14,
-        0xFE, 0xB1, 0xA4, 0x02, 0x80, 0x65, 0x73, 0xD3,
-        0x57, 0x07, 0x95, 0x21, 0x40, 0x00, 0x77, 0xA7,
-        0x6D, 0x44, 0x2B, 0x0D, 0x77, 0x07, 0x92, 0x64,
-        0xD4, 0x3A, 0xE2, 0x7F, 0xF2, 0x1C, 0x14, 0x08,
-        0x60, 0x74, 0x8F, 0xFC, 0x0B, 0xE8, 0xEC, 0xA9,
-        0xB7, 0x97, 0xA7, 0x85, 0x8A, 0xEF, 0xD7, 0x7E,
-        0xD5, 0x15, 0xF7, 0x45, 0x8D, 0x9C, 0xBF, 0x23,
-        0xEB, 0x8C, 0x4D, 0xD2, 0x28, 0x7E, 0x0A, 0x61,
-        0x2E, 0xBA, 0xBE, 0x89, 0x1D, 0x64, 0x45, 0x22,
-        0x70, 0x9D, 0x48, 0xEB, 0x2F, 0x96, 0xF1, 0xA7,
-        0xDE, 0xD3, 0x28, 0x4C, 0xC9, 0xFB, 0xF2, 0x9C,
-        0x5B, 0xFC, 0xBE, 0xBE, 0xF4, 0x38, 0xC9, 0x43,
-        0xC3, 0x66, 0x53, 0xA9, 0x06, 0xE5, 0x71, 0x16,
-        0xA4, 0xBB, 0x3B, 0x50, 0x53, 0xCF, 0xF4, 0x1F,
-        0xD6, 0x00, 0x07, 0x46, 0xFB, 0x97, 0x0B, 0xF9,
-        0x3D, 0xF4, 0xC6, 0x60, 0xD0, 0x37, 0x70, 0xC0,
-        0x2D, 0xD1, 0x9F, 0xA5, 0x78, 0xF3, 0x1F, 0x03,
-        0x81, 0xB1, 0x93, 0xBA, 0xE5, 0x82, 0xE6, 0xD1,
-        0x66, 0x93, 0x83, 0x5B, 0xB9, 0xAD, 0xD9, 0x01,
-        0xA5, 0xB6, 0x5C, 0x69, 0x82, 0xD7, 0x2F, 0x35,
-        0x35, 0x98, 0xEE, 0xE9, 0xA0, 0x74, 0xC1, 0x91,
-        0x44, 0x0A, 0x04, 0xCD, 0x97, 0xBE, 0x6B, 0x60,
-        0x90, 0x9A, 0x48, 0x7B, 0x83, 0xA2, 0x28, 0x97,
-        0xB5, 0xBA, 0xB1, 0x4D, 0x35, 0x8B, 0x34, 0x0A,
-        0xA1, 0xCB, 0xA5, 0xC2, 0xA4, 0x6A, 0x36, 0xB3,
-        0x12, 0x46, 0x59, 0xDB, 0x63, 0xE5, 0xF9, 0xF1,
-        0x7F, 0xAD, 0x42, 0xF4, 0x24, 0xF0, 0x02, 0x3D,
-        0x1E, 0x6C, 0xD5, 0xB3, 0x06, 0x8F, 0x1F, 0x59,
-        0x79, 0xCC, 0xF9, 0x5B, 0x4F, 0x8B, 0xD6, 0x03,
-        0xC7, 0x53, 0xE6, 0xCE, 0xBB, 0xD8, 0x52, 0x89,
-        0x70, 0x5D, 0x98, 0x86, 0xA5, 0x9E, 0x44, 0xA9,
-        0xC8, 0x17, 0xA2, 0x6F, 0x43, 0x2D, 0x8D, 0xA7,
-        0xDE, 0x3E, 0xFA, 0xE7, 0x98, 0x7B, 0xB5, 0xBE,
-        0x7B, 0x10, 0xB8, 0xB8, 0xA5, 0x3D, 0x3E, 0xCD,
-        0x94, 0x19, 0x5E, 0x06, 0x51, 0xB8, 0x58, 0x1E,
-        0x0E, 0xCF, 0xFE, 0xE5, 0xED, 0x84, 0xB5, 0xF5,
-        0x0F, 0x34, 0x32, 0xAC, 0x0A, 0x7F, 0x03, 0xF0,
-        0xF8, 0xFC, 0x69, 0xA0, 0x26, 0x0D, 0x2E, 0xFA,
-        0x62, 0x49, 0x5C, 0xC4, 0xE5, 0xF6, 0x8B, 0xC5,
-        0x26, 0x21, 0x23, 0x3B, 0xBD, 0x9A, 0x23, 0x95,
-        0x69, 0xA7, 0x48, 0x94, 0x30, 0x1E, 0xC3, 0x82,
-        0xB6, 0x75, 0x30, 0xA6, 0xF3, 0x1E, 0xBB, 0xBC,
-        0xF7, 0x21, 0x27, 0x12, 0x2C, 0x51, 0x50, 0x55,
-        0x87, 0x0D, 0xF1, 0xCC, 0x6C, 0xFF, 0xEA, 0x7E,
-        0x2C, 0xDA, 0x8B, 0x9B, 0x20, 0xF4, 0x75, 0xFB,
-        0xC2, 0x3F, 0xBE, 0x09, 0xA6, 0xC9, 0x26, 0xE7,
-        0xB5, 0xC7, 0xE6, 0xB9, 0x35, 0x8C, 0xAF, 0xFA,
-        0xC0, 0x8D, 0x43, 0x33, 0x25, 0xBA, 0xAA, 0xDC,
-        0xCF, 0xBC, 0xE4, 0xC4, 0xC6, 0x26, 0x4A, 0x0D,
-        0x9D, 0xCC, 0x2A, 0xE0, 0x5B, 0x1E, 0xC9, 0x78,
-        0xF8, 0xA2, 0xB5, 0x46, 0xE5, 0x49, 0xB8, 0x4C,
-        0xC2, 0x22, 0x40, 0xCE, 0x97, 0x9A, 0x95, 0x40,
-        0xF7, 0xD6, 0x52, 0x54, 0x3B, 0xBB, 0x42, 0xC5,
-        0x6F, 0x00, 0x7F, 0x83, 0xDD, 0x88, 0x71, 0xF7,
-        0xD4, 0x1B, 0x3D, 0x81, 0xC4, 0xB1, 0x49, 0x9B,
-        0xF3, 0x68, 0x15, 0xC5, 0x15, 0x97, 0x0F, 0xC5,
-        0x43, 0xDD, 0x07, 0xBE, 0x98, 0x43, 0x2C, 0xB3,
-        0xEF, 0x08, 0xCA, 0xDC, 0x9C, 0x27, 0x58, 0xFE,
-        0x49, 0xE9, 0x77, 0xD9, 0x1C, 0x62, 0xA4, 0xA2,
-        0xF9, 0x78, 0xCC, 0xB3, 0x21, 0x06, 0x10, 0xDE,
-        0x5A, 0x52, 0xA3, 0x67, 0xBD, 0x5E, 0xBC, 0x9B,
-        0x4E, 0x40, 0x87, 0x93, 0xCF, 0x0E, 0x27, 0x0E,
-        0xE3, 0x11, 0x4B, 0xB3, 0xE0, 0xCE, 0x24, 0xB6,
-        0x0A, 0x53, 0x03, 0xF8, 0x01, 0x6A, 0x7E, 0xFE,
-        0xC8, 0x66, 0x9F, 0x29, 0xF3, 0x45, 0x94, 0xD6,
-        0x0E, 0x30, 0xB5, 0x61, 0xA9, 0xEC, 0x8F, 0x71,
-        0xF7, 0x36, 0xD6, 0x43, 0x4B, 0x0C, 0xCD, 0x45,
-        0xBB, 0xA4, 0xBD, 0xE9, 0xA9, 0xC3, 0xC1, 0x95,
-        0x1E, 0xF9, 0x42, 0x07, 0x18, 0xEA, 0xF5, 0x0B,
-        0x27, 0xB6, 0xDE, 0xEF, 0x67, 0x33, 0x83, 0x0D,
-        0xD9, 0x5E, 0x3A, 0x93, 0xD2, 0xD0, 0xDB, 0xB9,
-        0x98, 0xF0, 0x25, 0x21, 0xF3, 0xDF, 0x0B, 0x1E
-    };
-#endif /* !WOLFSSL_NO_ML_DSA_44 */
-#ifndef WOLFSSL_NO_ML_DSA_65
-    static const byte seed_65[] = {
-        0x41, 0xAF, 0x98, 0x7B, 0x02, 0x6E, 0x47, 0x5F,
-        0x37, 0x91, 0x7F, 0x2A, 0x6A, 0x9A, 0x87, 0xE7,
-        0x51, 0xAD, 0xF9, 0x5B, 0x92, 0x7F, 0x2D, 0xCE,
-        0xF0, 0xD4, 0xF3, 0xDA, 0x8F, 0x8C, 0x86, 0x6B
-    };
-    static const byte pk_65[] = {
-        0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4,
-        0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E,
-        0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F,
-        0xA5, 0x19, 0x41, 0xE4, 0x44, 0x58, 0x66, 0x41,
-        0x39, 0x5D, 0xF9, 0x20, 0x6C, 0x36, 0x0D, 0x4F,
-        0x83, 0x43, 0xBE, 0x86, 0xEF, 0x6C, 0x43, 0xD0,
-        0x3E, 0xD0, 0x63, 0x0A, 0x5B, 0x92, 0x8D, 0x31,
-        0x19, 0x1D, 0xA9, 0x51, 0x61, 0x48, 0xE6, 0x26,
-        0x50, 0x07, 0x54, 0x9B, 0xB0, 0xB7, 0x62, 0x54,
-        0xDB, 0x80, 0x4E, 0x48, 0x7F, 0x48, 0xC5, 0x11,
-        0x91, 0xFC, 0xA9, 0x26, 0x25, 0x08, 0xA5, 0x99,
-        0xA0, 0x3C, 0xB9, 0x0C, 0xCF, 0x6C, 0xCD, 0x83,
-        0x9A, 0x38, 0x6D, 0x22, 0xDE, 0x0A, 0xC3, 0x8F,
-        0xF7, 0xD0, 0x57, 0x40, 0x53, 0xE9, 0xE9, 0x4E,
-        0x73, 0xFA, 0x58, 0x40, 0x9F, 0x6D, 0x8A, 0xD3,
-        0x6F, 0x86, 0x84, 0x4D, 0x18, 0xD7, 0x4C, 0x76,
-        0x39, 0x57, 0x9E, 0xC0, 0xC7, 0xE4, 0xEE, 0x54,
-        0xF4, 0xAD, 0x10, 0xC5, 0x69, 0x59, 0xE0, 0xBC,
-        0x9B, 0xF4, 0x20, 0x8F, 0xBA, 0x0A, 0x94, 0x10,
-        0x55, 0x07, 0x7E, 0xD1, 0xF9, 0x20, 0xCC, 0x2F,
-        0xA9, 0xAE, 0x9D, 0xF5, 0xE4, 0x29, 0x40, 0x7E,
-        0x44, 0xA4, 0xDF, 0xB2, 0xE9, 0x25, 0xE0, 0xBA,
-        0x8D, 0x6C, 0x33, 0x88, 0x9C, 0xEE, 0x27, 0xDB,
-        0xC7, 0x0A, 0x6E, 0x5A, 0x08, 0x92, 0x9B, 0x53,
-        0xF8, 0xFD, 0xF9, 0x5B, 0xEB, 0x03, 0x8E, 0x45,
-        0xCB, 0x91, 0x19, 0x4E, 0x6B, 0x1E, 0xA0, 0xA4,
-        0xF0, 0x43, 0xC9, 0x8F, 0xDF, 0x93, 0x5E, 0x86,
-        0xB0, 0x09, 0xD3, 0x47, 0x38, 0x7C, 0x8E, 0x78,
-        0x85, 0x71, 0x3D, 0x07, 0x2E, 0x2E, 0x12, 0x6F,
-        0x06, 0x97, 0x0E, 0x54, 0xAD, 0x71, 0x09, 0xEF,
-        0xA5, 0x55, 0x0A, 0x39, 0x86, 0xE6, 0x17, 0x17,
-        0x70, 0x9A, 0xA7, 0xA7, 0x1B, 0xCE, 0x78, 0x06,
-        0x2C, 0x61, 0x1A, 0xB9, 0x48, 0x22, 0x41, 0x45,
-        0x15, 0xEB, 0x10, 0x3C, 0x6E, 0x24, 0x37, 0xA4,
-        0xB5, 0xE8, 0x82, 0x4D, 0x6D, 0xCC, 0x44, 0xC6,
-        0xB0, 0x5D, 0xBE, 0x46, 0xDA, 0x5F, 0x00, 0x36,
-        0x5B, 0xBD, 0x87, 0x65, 0x3A, 0x96, 0x21, 0x58,
-        0x45, 0x65, 0xDB, 0xD8, 0x77, 0x76, 0x7B, 0x25,
-        0xC3, 0x78, 0x6E, 0xD9, 0x14, 0xA7, 0x19, 0x69,
-        0x4F, 0xBB, 0x1B, 0xDB, 0x37, 0xCE, 0xAF, 0x8C,
-        0x88, 0x2E, 0x9E, 0x30, 0xF6, 0xAE, 0x43, 0xCC,
-        0x59, 0x0F, 0x67, 0x8A, 0xCB, 0x4F, 0x08, 0x20,
-        0x6D, 0x99, 0xD7, 0xA9, 0xDE, 0xE5, 0xE5, 0xB3,
-        0xFF, 0xAA, 0x45, 0x3C, 0xF1, 0xE3, 0x02, 0x7D,
-        0x2F, 0xEE, 0x69, 0x04, 0x81, 0x73, 0x01, 0x37,
-        0x51, 0x68, 0xC8, 0x0B, 0x51, 0xFD, 0x05, 0xB4,
-        0x05, 0xBB, 0xA1, 0xDB, 0x1D, 0xF6, 0x5F, 0x70,
-        0xD3, 0x0A, 0x37, 0x4B, 0x9C, 0xC4, 0x45, 0x30,
-        0x11, 0x36, 0xE2, 0x48, 0x9F, 0xC4, 0x2E, 0x4E,
-        0x0C, 0x0C, 0xA1, 0x04, 0x41, 0x75, 0x95, 0xAA,
-        0xED, 0xAC, 0xD4, 0xB2, 0xE7, 0x85, 0x7E, 0xE1,
-        0xA6, 0xFE, 0x2A, 0x09, 0x19, 0x09, 0x3D, 0x7C,
-        0x20, 0x1E, 0x98, 0x3D, 0x6E, 0x02, 0xC1, 0xCA,
-        0xBB, 0x24, 0x82, 0x9F, 0x45, 0x1D, 0x26, 0x99,
-        0xAE, 0x02, 0x82, 0xF9, 0x86, 0x3B, 0x67, 0x8C,
-        0xBD, 0xFE, 0xF1, 0xD0, 0xB6, 0xB8, 0xAB, 0x00,
-        0x0F, 0xEC, 0x30, 0xDC, 0x27, 0x58, 0xE2, 0x29,
-        0x18, 0x05, 0x5A, 0x66, 0xA5, 0x88, 0x39, 0x8E,
-        0x49, 0x5B, 0xB9, 0x52, 0x43, 0x84, 0xDC, 0xA9,
-        0x50, 0x2B, 0x83, 0x3C, 0x84, 0x81, 0x37, 0x52,
-        0x30, 0x79, 0xBD, 0x04, 0xB8, 0xDD, 0x47, 0xC1,
-        0x02, 0x2E, 0xEC, 0x24, 0xD0, 0x56, 0x23, 0xE1,
-        0x92, 0xD0, 0x65, 0x7F, 0xC7, 0xC2, 0xF7, 0x60,
-        0x73, 0xB8, 0xAF, 0x0A, 0xF4, 0xEF, 0xFC, 0x1B,
-        0xC2, 0xB9, 0x76, 0x87, 0x8A, 0xA6, 0xC2, 0x3F,
-        0xD3, 0x9F, 0x1F, 0x2D, 0x94, 0xBC, 0x89, 0x4E,
-        0x31, 0x8D, 0x28, 0xD0, 0x90, 0xB5, 0x5B, 0x60,
-        0x30, 0xC6, 0x0B, 0x37, 0x63, 0x5D, 0xDC, 0xC6,
-        0xE0, 0x1A, 0xBA, 0x6B, 0x23, 0xCD, 0x2E, 0x09,
-        0x2D, 0x6A, 0x7E, 0x0C, 0xD9, 0x4F, 0xB1, 0xE2,
-        0x89, 0x67, 0xE7, 0xB1, 0x54, 0x08, 0xB2, 0xFA,
-        0x83, 0x43, 0x7C, 0x77, 0x06, 0xED, 0xE2, 0x29,
-        0x53, 0xB7, 0x09, 0xC4, 0x1B, 0x81, 0x55, 0x12,
-        0x41, 0x8E, 0x8B, 0x03, 0x36, 0xEE, 0x45, 0x70,
-        0x57, 0xA8, 0x73, 0xEF, 0x70, 0x7B, 0x1F, 0x63,
-        0xB0, 0xE8, 0x00, 0xBD, 0x1E, 0xE6, 0xA9, 0x93,
-        0x9D, 0x03, 0x19, 0x22, 0xDF, 0xE1, 0x01, 0xF2,
-        0xA9, 0x6B, 0x90, 0x5C, 0xD2, 0xC1, 0xAC, 0x9F,
-        0xB2, 0x21, 0x1C, 0x2D, 0xC6, 0x80, 0x9A, 0xB5,
-        0x1E, 0x46, 0x95, 0x6C, 0xCE, 0x47, 0x3E, 0x67,
-        0xCD, 0xD6, 0xC9, 0xB9, 0x81, 0x74, 0x7F, 0x17,
-        0xA3, 0xF7, 0x48, 0x99, 0xF3, 0x36, 0x84, 0xF3,
-        0x16, 0x41, 0x55, 0x5F, 0xA7, 0xBF, 0x4B, 0x69,
-        0x8D, 0xA3, 0x3D, 0x1E, 0xEA, 0xF5, 0x1E, 0xC6,
-        0xB8, 0x1C, 0xD6, 0x89, 0x45, 0x68, 0xFA, 0xE7,
-        0xCA, 0x86, 0xE4, 0xB1, 0xC9, 0x9C, 0xB2, 0xAB,
-        0x89, 0x03, 0xE7, 0x19, 0x7B, 0xA9, 0xF2, 0x6B,
-        0x4A, 0x43, 0x1D, 0x90, 0xAF, 0xA4, 0xE3, 0xBC,
-        0xEF, 0xD4, 0x37, 0xC5, 0x55, 0x5C, 0x9E, 0x14,
-        0xC6, 0x18, 0xDD, 0x45, 0x3F, 0x80, 0x49, 0x1C,
-        0x93, 0xFF, 0xBD, 0xDD, 0x75, 0x54, 0x0B, 0xD1,
-        0xA9, 0xF6, 0xBC, 0x89, 0x98, 0x7D, 0x6F, 0x03,
-        0x7B, 0x06, 0xD5, 0x40, 0x7D, 0x85, 0x48, 0x2E,
-        0x11, 0x3E, 0xF0, 0x47, 0x77, 0xD0, 0xBA, 0x03,
-        0x33, 0x58, 0xC4, 0x8F, 0x76, 0xF8, 0x72, 0x47,
-        0x04, 0x21, 0x5E, 0x85, 0x5A, 0x0F, 0x35, 0x77,
-        0xFB, 0x96, 0x29, 0x81, 0x2D, 0x55, 0x6E, 0x53,
-        0xC6, 0x13, 0x1E, 0xFA, 0x4D, 0xCE, 0xA9, 0x36,
-        0x1D, 0x8F, 0xAB, 0xAC, 0x13, 0x19, 0x94, 0xFC,
-        0x4B, 0xCD, 0x36, 0x4C, 0x6E, 0x21, 0xAE, 0xF1,
-        0x13, 0xA4, 0xF7, 0x64, 0x8E, 0xE1, 0xAF, 0x50,
-        0x6A, 0x63, 0x0E, 0xCA, 0x2F, 0xE9, 0x0C, 0x8A,
-        0xE7, 0xF2, 0xE3, 0x68, 0x03, 0xE0, 0x40, 0x1C,
-        0x64, 0xAB, 0xC3, 0xEC, 0xC0, 0x92, 0xE9, 0x57,
-        0x3E, 0x66, 0x72, 0x36, 0x39, 0x22, 0x4E, 0xCD,
-        0x13, 0x08, 0xBA, 0xF8, 0x2B, 0xA1, 0xF2, 0x69,
-        0x44, 0x7E, 0x90, 0x5C, 0xC8, 0xEC, 0xB6, 0xBE,
-        0x8C, 0x30, 0xE0, 0x69, 0xB7, 0x97, 0xA1, 0x1C,
-        0x18, 0xE5, 0x54, 0x62, 0xC3, 0x29, 0x99, 0x21,
-        0x16, 0xD9, 0x78, 0x1C, 0x4C, 0x9C, 0x88, 0x4C,
-        0xA5, 0xE1, 0x11, 0x66, 0x5B, 0x6E, 0x71, 0xE7,
-        0xE2, 0xE7, 0xE4, 0x02, 0xDD, 0x1A, 0x8D, 0x0C,
-        0xF5, 0x32, 0xFD, 0x41, 0x28, 0x35, 0x75, 0xD0,
-        0x0C, 0x5F, 0x06, 0x6A, 0x5A, 0x61, 0x49, 0x59,
-        0xC1, 0x0C, 0xD4, 0x9E, 0xD6, 0x29, 0xE2, 0x37,
-        0xDF, 0x2B, 0x3D, 0xE8, 0x98, 0xB9, 0xDF, 0x8E,
-        0xA0, 0xC4, 0xE2, 0xFC, 0x45, 0x70, 0xE8, 0x1B,
-        0xF4, 0xFA, 0xC5, 0xE6, 0xA7, 0xCF, 0x4F, 0xA2,
-        0xDA, 0x3D, 0x90, 0x49, 0x24, 0x8F, 0x61, 0x54,
-        0xD5, 0x50, 0x8E, 0xE8, 0x0C, 0x14, 0xAD, 0x6F,
-        0x65, 0x88, 0x3A, 0xF6, 0x92, 0xDB, 0x35, 0x5D,
-        0xFF, 0x21, 0x20, 0xAC, 0x01, 0x16, 0x0B, 0xEC,
-        0x84, 0x15, 0x3B, 0xA9, 0x93, 0x92, 0x75, 0xB3,
-        0x73, 0xF1, 0x23, 0x69, 0x94, 0x10, 0xF5, 0xFE,
-        0x20, 0xA8, 0xAF, 0x05, 0x87, 0x49, 0x4E, 0x9C,
-        0xEB, 0x21, 0x0A, 0xCF, 0x0B, 0xA1, 0x65, 0x38,
-        0xA6, 0x18, 0x4D, 0xF7, 0xD8, 0xC1, 0x2C, 0x14,
-        0x4C, 0xD9, 0x40, 0xC2, 0xF7, 0xBF, 0xE3, 0x07,
-        0x79, 0x55, 0xAE, 0xB9, 0xB6, 0x50, 0x06, 0x92,
-        0x94, 0x8C, 0x6A, 0x0E, 0x22, 0x14, 0xE2, 0xCC,
-        0x65, 0xBA, 0x0C, 0x4D, 0xB6, 0x5C, 0x4A, 0xE9,
-        0x0A, 0x08, 0x0C, 0xF9, 0x26, 0xA2, 0x51, 0x85,
-        0x36, 0xE2, 0xC1, 0xF1, 0x0A, 0x66, 0x51, 0x66,
-        0x7A, 0x98, 0x9B, 0x2C, 0x30, 0x1A, 0x0D, 0x49,
-        0x3C, 0x1E, 0xEC, 0x63, 0x53, 0x5E, 0xD9, 0xDD,
-        0x84, 0x69, 0xCD, 0x7E, 0x79, 0x58, 0x3D, 0x6E,
-        0xD9, 0x98, 0x58, 0xD8, 0x0A, 0x48, 0xB5, 0x13,
-        0x3F, 0x72, 0x4C, 0x11, 0x90, 0x15, 0x12, 0x74,
-        0xFF, 0x5C, 0x0D, 0xC6, 0x20, 0x8C, 0xC1, 0x99,
-        0xCA, 0x8E, 0xFC, 0xA2, 0xE8, 0xB8, 0xEE, 0xAA,
-        0x27, 0xC2, 0x97, 0x8D, 0xFA, 0xBE, 0xE0, 0x43,
-        0x99, 0xB6, 0x90, 0x60, 0x00, 0x7C, 0x33, 0xD4,
-        0x87, 0x71, 0x7B, 0x56, 0x6C, 0xAA, 0xE0, 0xAC,
-        0x9D, 0x7E, 0x7E, 0xA3, 0xCF, 0xBB, 0xB3, 0xA0,
-        0x5F, 0xD4, 0xC4, 0x3A, 0xA7, 0xB9, 0x0C, 0xCE,
-        0xF3, 0x05, 0x09, 0x91, 0xA7, 0xE9, 0x11, 0x55,
-        0x32, 0x45, 0xA6, 0x08, 0x0E, 0x10, 0x37, 0x91,
-        0xF3, 0xBF, 0xED, 0x64, 0x26, 0xEB, 0x39, 0xC2,
-        0x57, 0xAE, 0x64, 0x79, 0x33, 0x7C, 0x51, 0xB2,
-        0xC8, 0x85, 0xE0, 0xF9, 0x6D, 0x10, 0x52, 0x9F,
-        0x72, 0xF4, 0xD1, 0x5B, 0x54, 0x5B, 0x93, 0x28,
-        0x36, 0xA8, 0xCD, 0xB3, 0x30, 0x5B, 0x7A, 0xB0,
-        0xB6, 0xF0, 0xD8, 0xA0, 0xBA, 0x24, 0x59, 0x5F,
-        0x43, 0x02, 0x01, 0x57, 0x91, 0x7B, 0x94, 0x07,
-        0x63, 0x23, 0x12, 0x94, 0xFB, 0x9F, 0xF2, 0xC1,
-        0xD6, 0x80, 0x8F, 0x4E, 0xA7, 0x9E, 0x11, 0xD8,
-        0xB3, 0x08, 0xB6, 0x3B, 0x3B, 0xF2, 0xEE, 0x14,
-        0xA5, 0xDB, 0xB0, 0xBB, 0x17, 0xA5, 0x96, 0x3C,
-        0x2F, 0xB9, 0xE7, 0x4A, 0xD7, 0x52, 0x34, 0x98,
-        0xCB, 0x0C, 0xEB, 0x42, 0x5B, 0x2D, 0x2D, 0x2B,
-        0x0D, 0x94, 0x66, 0xD3, 0xAD, 0x08, 0x0A, 0x28,
-        0xF6, 0x0E, 0xDA, 0xD4, 0x54, 0xFD, 0xC6, 0x48,
-        0x08, 0xA1, 0x8D, 0xB0, 0x30, 0xFD, 0x18, 0xB1,
-        0x50, 0xB1, 0xFD, 0xE0, 0x6E, 0x33, 0x25, 0x0D,
-        0x90, 0xB1, 0xC1, 0xE7, 0x88, 0x74, 0x87, 0x05,
-        0xE7, 0xBE, 0xBD, 0xAA, 0x8C, 0x6D, 0xC2, 0x3D,
-        0x6F, 0x95, 0x84, 0xFA, 0x03, 0x74, 0x85, 0xE1,
-        0xED, 0xE5, 0xF4, 0xE8, 0x26, 0x4A, 0x0B, 0x20,
-        0x87, 0xB6, 0xE1, 0x10, 0x75, 0x6D, 0x9F, 0x95,
-        0x39, 0x4C, 0x0F, 0x50, 0x1B, 0xA8, 0x69, 0x82,
-        0xBB, 0xE2, 0xD6, 0x11, 0xD7, 0xBE, 0xFB, 0x4F,
-        0x60, 0xD3, 0x16, 0xC6, 0x04, 0x3A, 0x5A, 0xF5,
-        0x78, 0x9B, 0x0B, 0x21, 0xA1, 0x00, 0x96, 0xCD,
-        0x63, 0x78, 0x1D, 0x2D, 0x4F, 0x6E, 0x50, 0xEE,
-        0x62, 0x2D, 0x88, 0x62, 0x01, 0xF6, 0xB4, 0x17,
-        0x4F, 0x8C, 0xAD, 0xCB, 0x4B, 0xF9, 0xF6, 0x9D,
-        0xC7, 0xD8, 0xCC, 0xBF, 0x96, 0x1B, 0x1B, 0x79,
-        0xF3, 0x25, 0x85, 0x23, 0x10, 0x63, 0x30, 0x8D,
-        0xA8, 0x3A, 0x4B, 0x92, 0x1B, 0x88, 0x53, 0x24,
-        0x2D, 0x29, 0xA5, 0x2E, 0x7A, 0xD5, 0x58, 0xEB,
-        0x1B, 0x1C, 0xE6, 0xB8, 0x94, 0x0C, 0x58, 0x96,
-        0x5B, 0xA0, 0x2C, 0xBF, 0xE2, 0x99, 0xA0, 0x1F,
-        0x0C, 0xCC, 0xBD, 0x83, 0x72, 0x56, 0xBB, 0x13,
-        0x61, 0x5A, 0xC2, 0x04, 0x27, 0x29, 0x1F, 0xD4,
-        0xE4, 0x3D, 0x8A, 0x87, 0xE3, 0x81, 0x91, 0x07,
-        0xD3, 0x9B, 0xBC, 0xA9, 0xB3, 0xBA, 0xF5, 0x8B,
-        0x6A, 0xAD, 0xDE, 0xB0, 0x54, 0x3E, 0xFE, 0xCC,
-        0xD3, 0xCB, 0x2C, 0x69, 0xF0, 0x58, 0xD7, 0xEF,
-        0xA9, 0xC0, 0x15, 0x9B, 0x5A, 0xDF, 0x71, 0x25,
-        0x38, 0x44, 0xEC, 0xA9, 0x18, 0x47, 0x41, 0xCE,
-        0x3D, 0x53, 0x10, 0x12, 0xC3, 0x1B, 0x59, 0x9A,
-        0x93, 0xA1, 0xEA, 0xBE, 0x3E, 0xBA, 0x74, 0xF6,
-        0x2D, 0x40, 0x9D, 0xCB, 0x9E, 0xA1, 0xA5, 0x85,
-        0xFF, 0xDC, 0xC5, 0x60, 0x6F, 0x61, 0xE8, 0x17,
-        0x6C, 0x36, 0x9F, 0x7A, 0x48, 0x47, 0xDD, 0xF1,
-        0xF4, 0x43, 0x21, 0xCB, 0xB3, 0x55, 0x86, 0xD0,
-        0xE9, 0x46, 0x7D, 0xB5, 0x3D, 0x90, 0x34, 0x1E,
-        0xBB, 0x40, 0xD3, 0x2A, 0xEB, 0xE6, 0x4C, 0x46,
-        0x42, 0xA2, 0x8A, 0xBF, 0x90, 0xE7, 0x4B, 0x6D,
-        0x5C, 0x94, 0x97, 0xD2, 0xF0, 0x97, 0x74, 0x4C,
-        0x76, 0x03, 0xAC, 0x3D, 0xDE, 0x15, 0x96, 0x0C,
-        0xEF, 0x18, 0x9D, 0xBD, 0x1A, 0x20, 0x35, 0x7E,
-        0x2A, 0x70, 0x9D, 0xEA, 0x2E, 0x11, 0xDF, 0xF3,
-        0x2F, 0xFE, 0x23, 0xA9, 0xB6, 0xCF, 0xB7, 0xB9,
-        0x3F, 0x4F, 0x30, 0x6B, 0x3B, 0x0D, 0x3B, 0xED,
-        0xCD, 0x77, 0xD4, 0xBF, 0xEE, 0xDD, 0xB6, 0x56,
-        0x24, 0xD4, 0x29, 0x83, 0xDE, 0xDB, 0xC1, 0xFB,
-        0x6A, 0xCE, 0x7F, 0x47, 0xD2, 0xC5, 0xF1, 0x78,
-        0x5C, 0x2C, 0x5A, 0x28, 0x3E, 0x05, 0x50, 0x2E,
-        0xD9, 0xAE, 0x9B, 0x95, 0x64, 0xC7, 0xD2, 0x7B,
-        0xCB, 0xC5, 0x91, 0x80, 0xEB, 0x79, 0xC7, 0xCC,
-        0xA8, 0x06, 0xC8, 0xF9, 0xDF, 0x2A, 0x49, 0x4A,
-        0xF8, 0xFE, 0xBA, 0xA5, 0x85, 0x67, 0x1B, 0xDA,
-        0x51, 0x3B, 0xC2, 0x04, 0xA6, 0xA3, 0xFF, 0x99,
-        0x21, 0xE8, 0x17, 0x91, 0x33, 0x9B, 0x83, 0x75,
-        0x20, 0x5E, 0x95, 0xBE, 0x49, 0xDF, 0x53, 0xFC,
-        0x05, 0xA2, 0x3C, 0xAA, 0x5A, 0x22, 0x15, 0xA5,
-        0x56, 0xE0, 0x51, 0x30, 0x4E, 0x32, 0x14, 0xF2,
-        0x9F, 0x03, 0x51, 0x8E, 0xDD, 0x8B, 0x39, 0x19,
-        0x1E, 0x39, 0xC5, 0xA7, 0x1C, 0xC6, 0xA4, 0xE1,
-        0x77, 0xCA, 0x8C, 0x9D, 0x27, 0xBC, 0xCC, 0x16,
-        0xD6, 0xFC, 0x59, 0x10, 0x23, 0xFF, 0x64, 0x90,
-        0x9C, 0x23, 0x5A, 0xFF, 0x7E, 0x27, 0x1B, 0xC7,
-        0x7F, 0x21, 0x3B, 0x41, 0xDB, 0xBC, 0x96, 0x60,
-        0x0B, 0x35, 0xA1, 0xF3, 0xF8, 0x51, 0x0A, 0x65,
-        0xCF, 0xDF, 0x7A, 0xB8, 0x04, 0x56, 0x49, 0xD7,
-        0xD3, 0xC5, 0x0B, 0x4A, 0x1F, 0x60, 0xE1, 0x86,
-        0x36, 0x53, 0x8E, 0x6C, 0x3E, 0xAF, 0x5B, 0xC1,
-        0xCA, 0xCB, 0x22, 0x1A, 0x07, 0xDA, 0x54, 0xEC,
-        0xAA, 0x06, 0x72, 0x17, 0xCF, 0x80, 0xC4, 0x89,
-        0x56, 0x24, 0x1B, 0xD4, 0xFF, 0x50, 0x6B, 0x51,
-        0x55, 0x4D, 0x6E, 0x79, 0x7E, 0xEC, 0x61, 0xC6,
-        0xE4, 0x21, 0xC8, 0x0E, 0x10, 0x3F, 0x8C, 0x85,
-        0x3A, 0x27, 0xEA, 0x91, 0x07, 0xCB, 0x37, 0x18,
-        0x14, 0xB5, 0x63, 0x6E, 0x00, 0xBC, 0x0F, 0x36,
-        0xF9, 0x54, 0x75, 0xE7, 0x0B, 0xDC, 0xE7, 0xA0,
-        0x59, 0xF0, 0x64, 0xFB, 0x73, 0x07, 0x0E, 0xFE,
-        0x57, 0x7F, 0x0D, 0x12, 0xBC, 0xB0, 0xBF, 0xA2,
-        0x3A, 0x18, 0x08, 0x7E, 0xD5, 0x6C, 0xF0, 0x6F,
-        0xF8, 0x98, 0xFB, 0xA5, 0x10, 0x7B, 0x10, 0x5F,
-        0x6B, 0xC8, 0x6D, 0xDE, 0x2F, 0x1F, 0xE0, 0xC8,
-        0x19, 0xEE, 0xC2, 0x03, 0x39, 0x49, 0x70, 0x3E,
-        0x36, 0xE3, 0x3C, 0x70, 0xE3, 0xEA, 0xAC, 0x34,
-        0x32, 0xB7, 0x0D, 0xBA, 0x7C, 0xAB, 0xE6, 0x18
-    };
-    static const byte sk_65[] = {
-        0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4,
-        0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E,
-        0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F,
-        0xA5, 0x19, 0x41, 0xE4, 0x44, 0x58, 0x66, 0x41,
-        0x52, 0x8D, 0xA0, 0xC7, 0xD2, 0x80, 0xDD, 0x49,
-        0x0D, 0x5E, 0xB7, 0x65, 0xDB, 0x32, 0x33, 0x15,
-        0x0F, 0x9E, 0xC8, 0xEB, 0xC9, 0x6E, 0xE8, 0xE8,
-        0x5C, 0xBD, 0x18, 0x4F, 0xDC, 0xF8, 0xA8, 0xD9,
-        0xC5, 0x33, 0x84, 0x79, 0x5A, 0x5E, 0xB7, 0x3C,
-        0x6D, 0x82, 0xCA, 0xB9, 0xBA, 0x94, 0xB6, 0x46,
-        0xAE, 0x3A, 0xD9, 0x19, 0x6C, 0xB4, 0xDA, 0xE2,
-        0xF1, 0x4B, 0xB6, 0x43, 0xF0, 0x24, 0x08, 0xE5,
-        0xF7, 0x9A, 0x41, 0xF1, 0x15, 0x9C, 0xA8, 0x08,
-        0x79, 0x9F, 0xB8, 0x26, 0xD4, 0x08, 0x32, 0x47,
-        0xC8, 0xF0, 0xD5, 0x31, 0xA1, 0xC1, 0x19, 0x04,
-        0x02, 0x06, 0x2B, 0x4D, 0x46, 0xAE, 0x43, 0x6A,
-        0x25, 0x82, 0x75, 0x41, 0x70, 0x36, 0x42, 0x48,
-        0x78, 0x06, 0x36, 0x50, 0x23, 0x84, 0x68, 0x10,
-        0x87, 0x08, 0x62, 0x00, 0x08, 0x34, 0x20, 0x73,
-        0x32, 0x13, 0x36, 0x61, 0x87, 0x61, 0x43, 0x50,
-        0x30, 0x02, 0x26, 0x07, 0x65, 0x45, 0x32, 0x00,
-        0x25, 0x75, 0x01, 0x04, 0x88, 0x81, 0x58, 0x64,
-        0x52, 0x40, 0x84, 0x22, 0x88, 0x42, 0x82, 0x56,
-        0x47, 0x50, 0x05, 0x21, 0x88, 0x25, 0x32, 0x25,
-        0x12, 0x85, 0x14, 0x52, 0x87, 0x77, 0x67, 0x18,
-        0x46, 0x54, 0x63, 0x07, 0x88, 0x67, 0x37, 0x26,
-        0x72, 0x62, 0x41, 0x02, 0x00, 0x01, 0x17, 0x84,
-        0x33, 0x64, 0x32, 0x57, 0x06, 0x20, 0x05, 0x44,
-        0x88, 0x57, 0x33, 0x45, 0x70, 0x55, 0x14, 0x43,
-        0x12, 0x54, 0x04, 0x38, 0x37, 0x08, 0x42, 0x57,
-        0x36, 0x05, 0x30, 0x03, 0x86, 0x53, 0x02, 0x53,
-        0x75, 0x22, 0x62, 0x13, 0x38, 0x82, 0x48, 0x30,
-        0x83, 0x83, 0x64, 0x83, 0x13, 0x74, 0x57, 0x32,
-        0x46, 0x70, 0x06, 0x05, 0x82, 0x52, 0x73, 0x55,
-        0x25, 0x77, 0x21, 0x78, 0x57, 0x83, 0x66, 0x20,
-        0x38, 0x53, 0x21, 0x41, 0x77, 0x56, 0x77, 0x46,
-        0x34, 0x42, 0x58, 0x31, 0x08, 0x06, 0x03, 0x62,
-        0x20, 0x35, 0x11, 0x42, 0x35, 0x38, 0x63, 0x86,
-        0x64, 0x13, 0x13, 0x75, 0x40, 0x01, 0x53, 0x74,
-        0x41, 0x31, 0x56, 0x64, 0x38, 0x17, 0x14, 0x16,
-        0x62, 0x33, 0x22, 0x12, 0x64, 0x40, 0x67, 0x11,
-        0x62, 0x42, 0x25, 0x60, 0x38, 0x05, 0x83, 0x13,
-        0x51, 0x00, 0x28, 0x36, 0x62, 0x56, 0x41, 0x43,
-        0x58, 0x37, 0x51, 0x22, 0x70, 0x25, 0x82, 0x82,
-        0x35, 0x24, 0x06, 0x83, 0x48, 0x58, 0x81, 0x78,
-        0x07, 0x86, 0x23, 0x15, 0x75, 0x32, 0x46, 0x75,
-        0x35, 0x40, 0x08, 0x43, 0x10, 0x66, 0x74, 0x05,
-        0x13, 0x72, 0x74, 0x08, 0x83, 0x41, 0x81, 0x08,
-        0x75, 0x87, 0x83, 0x28, 0x56, 0x66, 0x20, 0x01,
-        0x18, 0x83, 0x57, 0x22, 0x14, 0x64, 0x18, 0x05,
-        0x27, 0x75, 0x22, 0x84, 0x12, 0x38, 0x87, 0x52,
-        0x32, 0x25, 0x28, 0x08, 0x14, 0x41, 0x81, 0x14,
-        0x03, 0x24, 0x54, 0x23, 0x04, 0x81, 0x40, 0x36,
-        0x38, 0x38, 0x64, 0x42, 0x46, 0x36, 0x68, 0x11,
-        0x55, 0x00, 0x11, 0x25, 0x76, 0x16, 0x43, 0x07,
-        0x23, 0x03, 0x34, 0x10, 0x46, 0x41, 0x14, 0x02,
-        0x26, 0x10, 0x74, 0x38, 0x38, 0x72, 0x07, 0x87,
-        0x54, 0x11, 0x12, 0x83, 0x75, 0x05, 0x82, 0x17,
-        0x45, 0x20, 0x38, 0x41, 0x37, 0x20, 0x00, 0x08,
-        0x32, 0x18, 0x16, 0x25, 0x58, 0x85, 0x16, 0x88,
-        0x71, 0x82, 0x45, 0x60, 0x33, 0x11, 0x13, 0x42,
-        0x43, 0x37, 0x68, 0x11, 0x16, 0x54, 0x04, 0x08,
-        0x52, 0x78, 0x13, 0x56, 0x83, 0x52, 0x15, 0x24,
-        0x03, 0x61, 0x78, 0x44, 0x13, 0x70, 0x67, 0x36,
-        0x74, 0x86, 0x52, 0x50, 0x15, 0x41, 0x88, 0x74,
-        0x53, 0x00, 0x05, 0x18, 0x65, 0x62, 0x14, 0x84,
-        0x12, 0x32, 0x01, 0x88, 0x40, 0x42, 0x34, 0x05,
-        0x32, 0x80, 0x72, 0x55, 0x20, 0x68, 0x16, 0x43,
-        0x14, 0x15, 0x15, 0x38, 0x43, 0x85, 0x27, 0x60,
-        0x70, 0x18, 0x27, 0x35, 0x53, 0x01, 0x28, 0x73,
-        0x27, 0x84, 0x10, 0x53, 0x67, 0x10, 0x45, 0x40,
-        0x81, 0x52, 0x86, 0x06, 0x11, 0x18, 0x04, 0x31,
-        0x57, 0x25, 0x22, 0x44, 0x47, 0x81, 0x45, 0x44,
-        0x55, 0x04, 0x72, 0x57, 0x06, 0x46, 0x76, 0x23,
-        0x38, 0x85, 0x65, 0x30, 0x08, 0x48, 0x20, 0x13,
-        0x22, 0x77, 0x44, 0x60, 0x43, 0x14, 0x15, 0x27,
-        0x86, 0x22, 0x37, 0x37, 0x27, 0x04, 0x27, 0x50,
-        0x74, 0x31, 0x10, 0x82, 0x00, 0x75, 0x80, 0x44,
-        0x38, 0x10, 0x58, 0x40, 0x86, 0x60, 0x63, 0x13,
-        0x65, 0x18, 0x33, 0x70, 0x57, 0x68, 0x05, 0x10,
-        0x81, 0x03, 0x42, 0x05, 0x25, 0x65, 0x33, 0x57,
-        0x38, 0x05, 0x65, 0x34, 0x46, 0x53, 0x68, 0x11,
-        0x75, 0x10, 0x04, 0x54, 0x18, 0x47, 0x52, 0x24,
-        0x63, 0x23, 0x74, 0x45, 0x11, 0x34, 0x68, 0x32,
-        0x35, 0x38, 0x52, 0x85, 0x28, 0x08, 0x71, 0x78,
-        0x37, 0x38, 0x27, 0x10, 0x80, 0x54, 0x26, 0x33,
-        0x31, 0x82, 0x44, 0x88, 0x33, 0x24, 0x62, 0x86,
-        0x32, 0x82, 0x73, 0x31, 0x28, 0x14, 0x73, 0x87,
-        0x06, 0x35, 0x80, 0x36, 0x67, 0x02, 0x33, 0x75,
-        0x27, 0x36, 0x38, 0x16, 0x35, 0x70, 0x52, 0x16,
-        0x87, 0x58, 0x85, 0x17, 0x22, 0x13, 0x54, 0x85,
-        0x07, 0x53, 0x31, 0x26, 0x78, 0x01, 0x85, 0x18,
-        0x08, 0x68, 0x38, 0x52, 0x11, 0x73, 0x32, 0x25,
-        0x58, 0x82, 0x70, 0x70, 0x36, 0x30, 0x50, 0x38,
-        0x65, 0x12, 0x78, 0x31, 0x77, 0x72, 0x18, 0x41,
-        0x05, 0x42, 0x32, 0x26, 0x26, 0x50, 0x52, 0x86,
-        0x15, 0x76, 0x28, 0x66, 0x88, 0x03, 0x78, 0x28,
-        0x70, 0x33, 0x36, 0x27, 0x16, 0x61, 0x43, 0x56,
-        0x62, 0x81, 0x85, 0x75, 0x47, 0x60, 0x63, 0x38,
-        0x66, 0x81, 0x51, 0x78, 0x03, 0x42, 0x60, 0x38,
-        0x01, 0x24, 0x73, 0x63, 0x81, 0x12, 0x01, 0x27,
-        0x63, 0x13, 0x11, 0x78, 0x36, 0x37, 0x15, 0x03,
-        0x84, 0x58, 0x17, 0x25, 0x67, 0x87, 0x57, 0x83,
-        0x71, 0x85, 0x37, 0x53, 0x86, 0x22, 0x33, 0x28,
-        0x77, 0x30, 0x18, 0x15, 0x01, 0x37, 0x85, 0x40,
-        0x15, 0x38, 0x51, 0x33, 0x17, 0x42, 0x64, 0x04,
-        0x56, 0x27, 0x50, 0x45, 0x11, 0x27, 0x20, 0x17,
-        0x76, 0x55, 0x33, 0x37, 0x58, 0x88, 0x88, 0x45,
-        0x16, 0x55, 0x08, 0x53, 0x52, 0x48, 0x72, 0x85,
-        0x30, 0x15, 0x23, 0x44, 0x22, 0x02, 0x43, 0x45,
-        0x41, 0x10, 0x00, 0x52, 0x32, 0x73, 0x05, 0x75,
-        0x72, 0x16, 0x08, 0x11, 0x51, 0x36, 0x20, 0x04,
-        0x76, 0x48, 0x78, 0x56, 0x60, 0x88, 0x07, 0x47,
-        0x70, 0x20, 0x46, 0x40, 0x43, 0x26, 0x04, 0x37,
-        0x17, 0x51, 0x58, 0x46, 0x72, 0x44, 0x50, 0x23,
-        0x67, 0x63, 0x60, 0x84, 0x30, 0x51, 0x52, 0x53,
-        0x21, 0x74, 0x85, 0x45, 0x74, 0x43, 0x11, 0x72,
-        0x52, 0x65, 0x76, 0x08, 0x78, 0x63, 0x14, 0x27,
-        0x41, 0x34, 0x67, 0x07, 0x45, 0x15, 0x10, 0x83,
-        0x24, 0x02, 0x80, 0x53, 0x07, 0x21, 0x58, 0x10,
-        0x34, 0x20, 0x54, 0x12, 0x58, 0x44, 0x25, 0x53,
-        0x33, 0x46, 0x02, 0x38, 0x60, 0x17, 0x70, 0x64,
-        0x18, 0x52, 0x62, 0x26, 0x65, 0x61, 0x42, 0x31,
-        0x22, 0x57, 0x34, 0x57, 0x02, 0x34, 0x62, 0x76,
-        0x74, 0x38, 0x73, 0x21, 0x68, 0x71, 0x07, 0x21,
-        0x61, 0x05, 0x20, 0x20, 0x86, 0x83, 0x30, 0x25,
-        0x50, 0x50, 0x83, 0x30, 0x31, 0x56, 0x30, 0x31,
-        0x76, 0x04, 0x54, 0x80, 0x75, 0x18, 0x82, 0x23,
-        0x61, 0x87, 0x58, 0x25, 0x13, 0x63, 0x21, 0x51,
-        0x48, 0x02, 0x67, 0x37, 0x12, 0x88, 0x70, 0x60,
-        0x07, 0x36, 0x18, 0x15, 0x87, 0x74, 0x55, 0x60,
-        0x00, 0x54, 0x37, 0x11, 0x01, 0x37, 0x14, 0x17,
-        0x11, 0x72, 0x14, 0x55, 0x31, 0x75, 0x77, 0x48,
-        0x10, 0x23, 0x83, 0x20, 0x00, 0x04, 0x32, 0x64,
-        0x66, 0x61, 0x71, 0x31, 0x03, 0x15, 0x44, 0x32,
-        0x57, 0x25, 0x64, 0x31, 0x28, 0x15, 0x33, 0x67,
-        0x86, 0x87, 0x37, 0x03, 0x12, 0x78, 0x86, 0x13,
-        0x47, 0x80, 0x61, 0x42, 0x50, 0x40, 0x23, 0x37,
-        0x01, 0x01, 0x66, 0x24, 0x06, 0x57, 0x82, 0x02,
-        0x22, 0x42, 0x41, 0x02, 0x26, 0x06, 0x41, 0x35,
-        0x64, 0x16, 0x44, 0x42, 0x38, 0x30, 0x86, 0x88,
-        0x47, 0x71, 0x62, 0x33, 0x24, 0x02, 0x12, 0x37,
-        0x42, 0x33, 0x20, 0x81, 0x80, 0x53, 0x07, 0x65,
-        0x71, 0x27, 0x13, 0x53, 0x15, 0x43, 0x76, 0x38,
-        0x71, 0x30, 0x07, 0x87, 0x25, 0x63, 0x03, 0x33,
-        0x70, 0x56, 0x18, 0x13, 0x83, 0x51, 0x44, 0x40,
-        0x04, 0x80, 0x62, 0x24, 0x20, 0x64, 0x54, 0x40,
-        0x20, 0x73, 0x61, 0x45, 0x01, 0x24, 0x47, 0x78,
-        0x23, 0x34, 0x56, 0x10, 0x25, 0x32, 0x02, 0x70,
-        0x08, 0x02, 0x23, 0x24, 0x80, 0x43, 0x04, 0x02,
-        0x81, 0x11, 0x23, 0x82, 0x03, 0x61, 0x30, 0x33,
-        0x15, 0x36, 0x25, 0x32, 0x14, 0x73, 0x22, 0x46,
-        0x81, 0x25, 0x16, 0x13, 0x52, 0x58, 0x71, 0x61,
-        0x67, 0x08, 0x38, 0x76, 0x71, 0x15, 0x88, 0x47,
-        0x31, 0x25, 0x27, 0x18, 0x31, 0x50, 0x40, 0x71,
-        0x06, 0x87, 0x37, 0x30, 0x85, 0x64, 0x62, 0x78,
-        0x32, 0x74, 0x18, 0x83, 0x67, 0x40, 0x37, 0x44,
-        0x56, 0x02, 0x72, 0x61, 0x27, 0x28, 0x38, 0x38,
-        0x67, 0x17, 0x58, 0x04, 0x61, 0x28, 0x67, 0x37,
-        0x46, 0x50, 0x38, 0x15, 0x45, 0x12, 0x71, 0x44,
-        0x22, 0x02, 0x34, 0x83, 0x40, 0x70, 0x55, 0x75,
-        0x54, 0x26, 0x88, 0x07, 0x25, 0x58, 0x73, 0x60,
-        0x58, 0x61, 0x45, 0x63, 0x35, 0x05, 0x48, 0x63,
-        0x48, 0x57, 0x03, 0x31, 0x28, 0x14, 0x05, 0x01,
-        0x57, 0x34, 0x64, 0x50, 0x23, 0x86, 0x75, 0x85,
-        0x18, 0x75, 0x56, 0x88, 0x08, 0x26, 0x01, 0x34,
-        0x01, 0x57, 0x05, 0x28, 0x35, 0x48, 0x17, 0x57,
-        0x71, 0x81, 0x41, 0x33, 0x77, 0x86, 0x07, 0x77,
-        0x02, 0x25, 0x71, 0x74, 0x37, 0x31, 0x20, 0x14,
-        0x32, 0x54, 0x20, 0x35, 0x54, 0x76, 0x83, 0x15,
-        0x80, 0x73, 0x27, 0x23, 0x00, 0x58, 0x22, 0x84,
-        0x64, 0x56, 0x14, 0x84, 0x38, 0x34, 0x16, 0x21,
-        0x77, 0x07, 0x34, 0x81, 0x66, 0x87, 0x40, 0x11,
-        0x62, 0x46, 0x45, 0x01, 0x20, 0x53, 0x21, 0x73,
-        0x07, 0x76, 0x44, 0x15, 0x61, 0x50, 0x83, 0x48,
-        0x58, 0x58, 0x45, 0x33, 0x25, 0x36, 0x07, 0x42,
-        0x70, 0x24, 0x07, 0x41, 0x08, 0x35, 0x00, 0x78,
-        0x41, 0x47, 0x02, 0x56, 0x07, 0x14, 0x68, 0x33,
-        0x55, 0x77, 0x32, 0x40, 0x55, 0x24, 0x50, 0x26,
-        0x47, 0x12, 0x65, 0x58, 0x43, 0x05, 0x52, 0x55,
-        0x75, 0x50, 0x18, 0x46, 0x65, 0x48, 0x03, 0x32,
-        0x85, 0x31, 0x16, 0x52, 0x71, 0x57, 0x87, 0x46,
-        0x76, 0x14, 0x42, 0x81, 0x28, 0x74, 0x60, 0x34,
-        0x35, 0x55, 0x52, 0x16, 0x58, 0x48, 0x61, 0x75,
-        0x80, 0x88, 0x15, 0x32, 0x72, 0x26, 0x31, 0x03,
-        0x05, 0x03, 0x16, 0x04, 0x07, 0x37, 0x37, 0x73,
-        0x43, 0x81, 0x57, 0x31, 0x88, 0x04, 0x72, 0x76,
-        0x01, 0x61, 0x81, 0x17, 0x37, 0x65, 0x44, 0x38,
-        0x61, 0x23, 0x16, 0x26, 0x52, 0x45, 0x00, 0x73,
-        0x83, 0x63, 0x64, 0x62, 0x26, 0x74, 0x60, 0x11,
-        0x81, 0x08, 0x06, 0x30, 0x36, 0x05, 0x10, 0x48,
-        0x47, 0x35, 0x10, 0x85, 0x30, 0x86, 0x71, 0x38,
-        0x16, 0x37, 0x6F, 0x3B, 0x1C, 0x18, 0xB1, 0xE3,
-        0xE8, 0xEE, 0x83, 0x3E, 0x8D, 0x38, 0x43, 0x9E,
-        0x78, 0x1C, 0xA3, 0xB8, 0x94, 0x06, 0x54, 0xEF,
-        0x44, 0x6C, 0x9A, 0xAC, 0xC3, 0xF1, 0xD3, 0x0E,
-        0xE0, 0x10, 0x5B, 0x8F, 0x63, 0xEB, 0x89, 0x74,
-        0x6E, 0xF4, 0xBE, 0xB5, 0x4C, 0xFC, 0xE8, 0x81,
-        0x2C, 0xF9, 0x47, 0xCF, 0x54, 0x54, 0xFB, 0x1C,
-        0xA5, 0x5F, 0x25, 0xA0, 0xFE, 0x57, 0xF5, 0xFC,
-        0xFD, 0x73, 0xB0, 0xDA, 0x04, 0xB0, 0xBF, 0x28,
-        0x92, 0x92, 0xAF, 0x39, 0x74, 0x72, 0x56, 0x69,
-        0xC3, 0x00, 0x03, 0xE0, 0x50, 0x9F, 0xED, 0xC8,
-        0x0F, 0x6C, 0x89, 0x4B, 0xB0, 0x47, 0xC2, 0xE2,
-        0xAF, 0x48, 0x5C, 0xAD, 0x68, 0xC2, 0x1D, 0x80,
-        0xEF, 0x33, 0xB0, 0xC4, 0xFD, 0xA6, 0x7B, 0x85,
-        0x31, 0xA1, 0x58, 0x87, 0x67, 0x54, 0x71, 0x3F,
-        0xF8, 0xA8, 0xA6, 0x8D, 0x9A, 0xBD, 0xC4, 0x81,
-        0x6B, 0x24, 0xB4, 0xA3, 0x6A, 0x8A, 0x2B, 0xB1,
-        0xFD, 0x1C, 0x2C, 0x25, 0xC3, 0x72, 0xC4, 0xB7,
-        0x75, 0xF8, 0xCC, 0x17, 0x39, 0xCF, 0x2C, 0xE9,
-        0xA4, 0x54, 0x58, 0xE4, 0x1A, 0xAE, 0xC6, 0x4A,
-        0xEE, 0xDE, 0x75, 0x7C, 0xE7, 0x38, 0xBC, 0xDF,
-        0x4D, 0xA0, 0xEE, 0x2B, 0xDD, 0x5F, 0x80, 0x5C,
-        0xCF, 0xF7, 0x2A, 0x5F, 0x73, 0x8B, 0xAC, 0x12,
-        0x34, 0x2E, 0xE3, 0xF1, 0x4C, 0xB7, 0x22, 0x68,
-        0xC2, 0xD6, 0x36, 0x7D, 0xF1, 0x7F, 0x20, 0x46,
-        0xA2, 0x4B, 0x47, 0x4B, 0x32, 0x58, 0xF7, 0xB0,
-        0x88, 0x54, 0x6C, 0x99, 0x3B, 0x0D, 0xA1, 0xE2,
-        0x92, 0x92, 0xEB, 0x72, 0x1E, 0xE7, 0xE5, 0xA1,
-        0xF8, 0x6E, 0x14, 0xA5, 0x39, 0xB0, 0x63, 0x6F,
-        0x78, 0x82, 0xA1, 0x9C, 0x8D, 0x79, 0x02, 0x85,
-        0xA6, 0xDF, 0x7D, 0xEE, 0xCE, 0x17, 0x4D, 0x63,
-        0xCF, 0xF3, 0xB2, 0xFF, 0x85, 0x68, 0x81, 0xCB,
-        0x38, 0x6B, 0x1B, 0x38, 0xA2, 0xE0, 0xF2, 0x4C,
-        0x31, 0xE0, 0x91, 0x93, 0xDD, 0xF3, 0x71, 0x47,
-        0xF2, 0x69, 0xD9, 0x4C, 0xDE, 0xF9, 0x90, 0x61,
-        0x34, 0x62, 0x07, 0x71, 0x79, 0xD0, 0xDD, 0x09,
-        0x32, 0x64, 0x39, 0x49, 0x93, 0x1A, 0x02, 0xBA,
-        0xFA, 0x80, 0x17, 0x6E, 0xDF, 0x97, 0xB6, 0xA2,
-        0x31, 0x34, 0x71, 0xF0, 0xB1, 0x9B, 0x3B, 0x59,
-        0xF4, 0x3B, 0xD2, 0x2A, 0x05, 0x49, 0x3E, 0xFB,
-        0x0C, 0xF8, 0xB5, 0xD7, 0xB6, 0x25, 0x2B, 0x09,
-        0x8B, 0x4B, 0xFA, 0x39, 0x5B, 0xF9, 0xA2, 0x09,
-        0xE9, 0xBB, 0x46, 0x01, 0x30, 0x00, 0x90, 0x32,
-        0x58, 0xA6, 0x9B, 0x67, 0xF5, 0x94, 0x11, 0xC8,
-        0x35, 0x95, 0xFA, 0x6E, 0x67, 0x42, 0x8D, 0x96,
-        0x6D, 0x20, 0xFC, 0xD3, 0x09, 0x61, 0x11, 0x86,
-        0x77, 0xC0, 0x86, 0xA3, 0x54, 0xAE, 0x6D, 0x41,
-        0xEE, 0x17, 0xDC, 0xA1, 0xB0, 0xB7, 0x50, 0x43,
-        0xD6, 0xCE, 0x23, 0xBD, 0xB0, 0x1E, 0x02, 0xE5,
-        0x9E, 0xCF, 0xC6, 0x2E, 0x8C, 0x39, 0x71, 0xB1,
-        0x45, 0x02, 0x75, 0xBA, 0x7F, 0x60, 0xB0, 0x8B,
-        0x1C, 0x33, 0xBA, 0x0C, 0xFF, 0x54, 0x63, 0xE3,
-        0x47, 0x5B, 0x07, 0x77, 0x77, 0xC5, 0x72, 0x24,
-        0x60, 0xFA, 0xDB, 0x0B, 0xF6, 0x41, 0x82, 0x69,
-        0x3C, 0x68, 0x37, 0xF5, 0xFD, 0x45, 0x4A, 0x66,
-        0x6C, 0xD7, 0x01, 0x10, 0x78, 0x4A, 0xED, 0x09,
-        0xAE, 0x49, 0x0A, 0x60, 0xC7, 0x78, 0x56, 0x51,
-        0x15, 0xE3, 0x4A, 0xB5, 0xAE, 0xAD, 0x09, 0xD1,
-        0x71, 0xA8, 0xCA, 0x3C, 0x8A, 0xE6, 0xCA, 0x39,
-        0x43, 0x60, 0x56, 0x83, 0x3C, 0x58, 0x04, 0xD4,
-        0xB4, 0x62, 0xDD, 0x53, 0x05, 0xC8, 0x51, 0xAF,
-        0x59, 0xF6, 0x4F, 0x04, 0xC3, 0x1E, 0x69, 0xFF,
-        0x82, 0xBF, 0xD7, 0x89, 0xD2, 0x30, 0x9F, 0xF2,
-        0xE6, 0x38, 0x05, 0x9C, 0xD5, 0x08, 0xB8, 0x25,
-        0xF3, 0x3B, 0x99, 0x85, 0x4E, 0x40, 0xF8, 0x40,
-        0xF2, 0x4B, 0x5C, 0x3A, 0xA8, 0x64, 0x41, 0x92,
-        0xEA, 0xCA, 0x9A, 0x7B, 0xCF, 0xBA, 0x1F, 0xDE,
-        0xE0, 0x9D, 0xCA, 0xAD, 0xB4, 0x0C, 0x90, 0xFF,
-        0xE1, 0x6C, 0xEC, 0xDD, 0x32, 0x38, 0x2A, 0xF7,
-        0x19, 0x20, 0x39, 0xCB, 0x29, 0x67, 0x2F, 0x70,
-        0x71, 0x12, 0x10, 0xB6, 0xB8, 0x3E, 0x8D, 0xFD,
-        0xB5, 0xFB, 0xBD, 0xBF, 0xA8, 0xCA, 0x19, 0xC4,
-        0xC6, 0xAC, 0x37, 0x31, 0xFC, 0x33, 0xC2, 0x7F,
-        0xA2, 0xA2, 0x6D, 0xEB, 0x15, 0x2E, 0xA1, 0x90,
-        0xF8, 0x29, 0xC6, 0x34, 0xD1, 0x39, 0x30, 0x24,
-        0x1C, 0xB9, 0x26, 0xAC, 0xDD, 0xE5, 0x24, 0x9C,
-        0xDD, 0x35, 0x60, 0x7E, 0x38, 0x0C, 0xC1, 0x2A,
-        0x7D, 0x1E, 0xA9, 0xBA, 0xA5, 0x58, 0x4C, 0xDD,
-        0x26, 0x86, 0x09, 0xDC, 0xC3, 0xB0, 0x1F, 0xCD,
-        0xC9, 0xAD, 0xCB, 0x4A, 0x7E, 0x51, 0x67, 0xE5,
-        0xED, 0x5A, 0xD2, 0x21, 0xDB, 0x2E, 0xAB, 0xD9,
-        0x0A, 0xEC, 0xAE, 0x71, 0xFA, 0x23, 0x7A, 0xEF,
-        0x98, 0xDF, 0x53, 0x89, 0x93, 0xE8, 0x71, 0xD7,
-        0x35, 0xDA, 0x6B, 0x88, 0x31, 0xAF, 0x67, 0xF2,
-        0x97, 0x29, 0x1C, 0x39, 0x67, 0xEB, 0xAF, 0x60,
-        0xD9, 0x53, 0xC4, 0x0F, 0x7A, 0x46, 0x4E, 0xF3,
-        0x2F, 0x8E, 0xAE, 0xFA, 0x64, 0x2E, 0x37, 0xDE,
-        0xA9, 0x74, 0x73, 0x5D, 0xDD, 0xBB, 0x83, 0x54,
-        0x27, 0xB9, 0x7A, 0x63, 0x2B, 0x19, 0x8B, 0x26,
-        0x22, 0x28, 0x84, 0xA0, 0x58, 0x00, 0x2D, 0x55,
-        0xEA, 0x2A, 0x80, 0x0D, 0x6C, 0x97, 0x0E, 0x8B,
-        0xF7, 0x67, 0xB2, 0x8B, 0x2D, 0xDE, 0x8F, 0x58,
-        0xFE, 0x97, 0x81, 0xE7, 0xE2, 0x58, 0x8D, 0x7E,
-        0x1B, 0xAB, 0xE5, 0x15, 0x9D, 0x54, 0xF4, 0x00,
-        0x34, 0x1D, 0x12, 0x1B, 0x03, 0x23, 0x2B, 0x06,
-        0x2E, 0x8C, 0xD0, 0x0A, 0xDC, 0x19, 0xA1, 0x69,
-        0x1D, 0x72, 0x91, 0xB4, 0xED, 0x0E, 0x81, 0xF7,
-        0x05, 0x99, 0x84, 0xFC, 0x74, 0x0F, 0x7D, 0xF8,
-        0x9B, 0x3E, 0x7F, 0x63, 0x7C, 0x73, 0xEB, 0xF5,
-        0x36, 0xB3, 0x24, 0x22, 0xAA, 0x33, 0x0C, 0x30,
-        0x42, 0xC3, 0xE2, 0x04, 0x6B, 0x3F, 0x2A, 0x0D,
-        0xAB, 0xE8, 0x5A, 0x9A, 0x09, 0xD7, 0xB6, 0xAA,
-        0x9C, 0x3E, 0xD0, 0x9E, 0xB5, 0x9B, 0x52, 0x7B,
-        0xAF, 0x2D, 0x6B, 0xE0, 0x40, 0x12, 0x34, 0xBE,
-        0x49, 0xAB, 0xD2, 0xC8, 0xB5, 0x89, 0x1B, 0x79,
-        0xEC, 0xAE, 0x88, 0x89, 0x3C, 0x05, 0xC7, 0x75,
-        0xC5, 0x84, 0xF7, 0x10, 0x49, 0x48, 0x92, 0x69,
-        0x9E, 0xD5, 0x56, 0xB2, 0x1E, 0x81, 0x18, 0x78,
-        0xCB, 0x93, 0x5D, 0x70, 0x3A, 0xB2, 0x67, 0xD1,
-        0xCC, 0x8F, 0x83, 0x03, 0xB9, 0x64, 0x46, 0x22,
-        0x78, 0x0D, 0x55, 0x67, 0x22, 0x58, 0x0E, 0x22,
-        0x6B, 0xBA, 0x01, 0xD4, 0x77, 0x05, 0xA7, 0xAC,
-        0xB7, 0xE5, 0xFC, 0xE6, 0x11, 0xCC, 0x92, 0x5A,
-        0x8C, 0xC0, 0x08, 0x24, 0xAF, 0xCC, 0x4D, 0xBD,
-        0x79, 0xD3, 0x5C, 0x52, 0x2C, 0xFF, 0x1A, 0x48,
-        0xBB, 0x91, 0x59, 0x6A, 0x80, 0x32, 0x8C, 0x75,
-        0x7C, 0xD2, 0xC1, 0x94, 0x94, 0xA8, 0x55, 0x4B,
-        0xF2, 0x96, 0xF7, 0x86, 0xF7, 0x53, 0x4F, 0x54,
-        0x74, 0x05, 0x5C, 0xEF, 0x02, 0xA0, 0x8A, 0xD1,
-        0x88, 0x72, 0xEB, 0x1B, 0x82, 0xF9, 0xFB, 0xDA,
-        0xBC, 0xB9, 0x90, 0x98, 0xF2, 0x4B, 0x9A, 0xA6,
-        0x89, 0xD5, 0xB3, 0xD8, 0x7B, 0x94, 0xE3, 0x1F,
-        0x17, 0x4F, 0xEB, 0x24, 0x06, 0x2B, 0xAB, 0x5F,
-        0x27, 0x9B, 0xCD, 0xCE, 0x50, 0x06, 0x40, 0xDD,
-        0x7A, 0x8C, 0x67, 0xF0, 0x8E, 0x07, 0xB4, 0x1C,
-        0x3C, 0x13, 0xB2, 0x07, 0x6A, 0x38, 0x59, 0x94,
-        0x2C, 0xB1, 0x72, 0xA8, 0x77, 0x5B, 0x15, 0x8F,
-        0x88, 0xC4, 0x5C, 0xDC, 0x92, 0xCA, 0xC0, 0xED,
-        0x02, 0xFF, 0x1D, 0x57, 0x25, 0xBE, 0x67, 0x3E,
-        0x4C, 0xE8, 0x95, 0x2A, 0x80, 0xB2, 0x5D, 0xBC,
-        0xFA, 0x17, 0xA9, 0x35, 0x0A, 0x6B, 0x07, 0xC8,
-        0x8F, 0x88, 0x8D, 0xBC, 0x97, 0x84, 0xE2, 0x07,
-        0x57, 0x92, 0x99, 0x4B, 0xE8, 0xDD, 0xD7, 0xA4,
-        0x58, 0xCB, 0x61, 0xCE, 0x16, 0xFC, 0x22, 0xCD,
-        0x4B, 0x1A, 0x08, 0xC9, 0xAD, 0x3D, 0xB1, 0xF2,
-        0xA9, 0x1B, 0x8E, 0xD0, 0xC7, 0xBC, 0xCE, 0xF9,
-        0x0A, 0x7A, 0x4D, 0xBE, 0x82, 0x0A, 0xBD, 0x6C,
-        0x42, 0x99, 0xBF, 0x86, 0x65, 0x53, 0xAA, 0x04,
-        0x79, 0xD6, 0x6D, 0x7E, 0x0F, 0x40, 0xFA, 0xEE,
-        0xCE, 0x38, 0x3B, 0x1C, 0x2F, 0xA4, 0x45, 0xA3,
-        0x78, 0x2B, 0xA0, 0x29, 0xC5, 0xAA, 0xA9, 0x09,
-        0x29, 0x51, 0xDC, 0x5B, 0xB5, 0x95, 0xE4, 0xCE,
-        0xC8, 0x50, 0x71, 0x2D, 0xE9, 0x32, 0x12, 0xA0,
-        0x7C, 0x88, 0x6B, 0xED, 0xE4, 0x38, 0xB7, 0x92,
-        0xCA, 0xE4, 0xDC, 0xD4, 0x05, 0x3B, 0x2B, 0x84,
-        0x95, 0x07, 0xFF, 0xF4, 0x79, 0xFF, 0x1E, 0x73,
-        0x1B, 0x8E, 0xDF, 0xA3, 0x15, 0xBD, 0x56, 0xAC,
-        0xDA, 0xAD, 0x73, 0x95, 0xC2, 0xD3, 0x72, 0xA8,
-        0xF0, 0x8E, 0x6C, 0xE3, 0x7D, 0xBE, 0x4C, 0x87,
-        0xFC, 0x0F, 0xA6, 0x3B, 0xED, 0xA4, 0x0F, 0x4F,
-        0xF1, 0x5D, 0xF2, 0x56, 0x54, 0xD1, 0xCE, 0x6C,
-        0xCA, 0x1C, 0xCB, 0xC2, 0x45, 0x7F, 0x90, 0x61,
-        0x0E, 0x3D, 0xCE, 0xBB, 0x5E, 0x41, 0x38, 0x2B,
-        0xD4, 0x41, 0x7C, 0x67, 0x7C, 0x71, 0x95, 0x34,
-        0xD7, 0xED, 0x4D, 0xAC, 0x6E, 0xF1, 0x46, 0xEA,
-        0x7D, 0xA4, 0x4C, 0x69, 0x0B, 0x9C, 0x2F, 0xAA,
-        0xF1, 0x17, 0x90, 0x1B, 0xF4, 0x4C, 0x03, 0xBE,
-        0x9D, 0x56, 0xCE, 0x0C, 0xCF, 0xE0, 0x87, 0x44,
-        0xBE, 0x2C, 0x52, 0xD3, 0xBC, 0xAE, 0x02, 0x30,
-        0xC7, 0x26, 0x06, 0x88, 0xA6, 0xAA, 0x9D, 0x50,
-        0xF1, 0x94, 0x58, 0xC7, 0x60, 0xF3, 0xA0, 0x6F,
-        0x53, 0x66, 0x53, 0xCD, 0x1D, 0xBE, 0xD1, 0xF2,
-        0x39, 0xBA, 0x1F, 0xE8, 0x40, 0x84, 0xCD, 0x1C,
-        0x8F, 0x3D, 0xB7, 0xD1, 0x51, 0x00, 0xDE, 0xB8,
-        0x11, 0xD9, 0x66, 0xAD, 0xD5, 0xE9, 0x33, 0x09,
-        0xE1, 0xA8, 0x00, 0x58, 0x65, 0xF1, 0xC1, 0x67,
-        0xB4, 0x3A, 0xA7, 0x98, 0x90, 0x6A, 0xDB, 0x91,
-        0xDB, 0x4A, 0x16, 0x35, 0xDC, 0x3D, 0x69, 0xEB,
-        0x7B, 0xDE, 0xCC, 0x91, 0x1B, 0x8D, 0xE6, 0x46,
-        0x61, 0x8E, 0x3F, 0x4C, 0x88, 0x81, 0x85, 0x4A,
-        0x73, 0x08, 0x56, 0x52, 0xAE, 0xE6, 0x4A, 0x60,
-        0x4A, 0x2E, 0x0C, 0x9A, 0x93, 0x76, 0x35, 0xC9,
-        0x36, 0x28, 0x0C, 0x72, 0x19, 0xAD, 0x33, 0xCF,
-        0x2B, 0xFB, 0xCE, 0x1A, 0x7D, 0xAC, 0xAA, 0x75,
-        0x15, 0x76, 0x81, 0x52, 0x55, 0xCC, 0xB9, 0x39,
-        0x07, 0xA3, 0x39, 0x12, 0x8D, 0x6F, 0x53, 0xAF,
-        0xC7, 0x14, 0x7F, 0xC7, 0x96, 0x5A, 0x49, 0x3C,
-        0x5C, 0xB0, 0x26, 0x47, 0xF4, 0x9D, 0xCA, 0x23,
-        0xA6, 0x7D, 0xA6, 0x61, 0xC4, 0xA3, 0x26, 0x40,
-        0x0F, 0xA7, 0x27, 0x09, 0xBC, 0x39, 0xFD, 0xA7,
-        0x75, 0x38, 0x74, 0xD0, 0x9D, 0x29, 0x15, 0x97,
-        0xDE, 0x25, 0x60, 0x4D, 0x19, 0x36, 0x04, 0xFB,
-        0xA5, 0x2C, 0xB0, 0xC8, 0xB5, 0xFE, 0xE5, 0x94,
-        0x7C, 0xE2, 0x1F, 0x84, 0xBB, 0xFB, 0x78, 0x9E,
-        0xA5, 0x7C, 0x5D, 0x4A, 0xB2, 0x48, 0x6F, 0x6E,
-        0x67, 0x95, 0x16, 0x5F, 0x01, 0x2A, 0xF8, 0x70,
-        0x95, 0xCB, 0x06, 0x93, 0x26, 0x6E, 0x7A, 0x75,
-        0xB5, 0xE5, 0x4E, 0x27, 0x1D, 0x8B, 0x30, 0xA6,
-        0x67, 0x67, 0xD6, 0xE2, 0xD6, 0xD1, 0x99, 0xA4,
-        0x55, 0x73, 0x19, 0x32, 0xF6, 0x0B, 0x6B, 0x4A,
-        0xEE, 0x23, 0x33, 0x38, 0x30, 0x68, 0x6F, 0x8E,
-        0x60, 0xA9, 0x60, 0x97, 0x3E, 0xEA, 0x5D, 0xE1,
-        0x40, 0x6F, 0x0C, 0x76, 0x84, 0xCF, 0xAF, 0x86,
-        0x8D, 0x36, 0xE5, 0x7D, 0xAE, 0x9A, 0x13, 0x70,
-        0x22, 0x2A, 0x31, 0xFE, 0xC2, 0xFB, 0xE1, 0x58,
-        0xA5, 0x4E, 0xEF, 0x10, 0x5B, 0x5E, 0xD4, 0x39,
-        0xFC, 0xF9, 0x15, 0x64, 0x78, 0x43, 0x7D, 0x03,
-        0x9F, 0x5B, 0xCB, 0x86, 0xD2, 0xEF, 0x28, 0xBD,
-        0x14, 0xCB, 0x8A, 0x04, 0x1D, 0x59, 0x23, 0x53,
-        0x4D, 0x13, 0xF9, 0x93, 0xFE, 0x19, 0x9C, 0xC3,
-        0x3F, 0xD9, 0xC1, 0x12, 0x94, 0x84, 0x13, 0x95,
-        0x8F, 0xD9, 0x10, 0xAB, 0x37, 0x69, 0x08, 0x04,
-        0x4A, 0x97, 0x82, 0x28, 0x75, 0xBB, 0xC9, 0xF4,
-        0x3F, 0x19, 0x6B, 0x00, 0x4C, 0x56, 0x16, 0x1F,
-        0x50, 0x82, 0xD1, 0x45, 0xFF, 0x0C, 0x37, 0x28,
-        0x04, 0xBB, 0x6C, 0x00, 0x97, 0x3A, 0x79, 0x2D,
-        0x9A, 0xB9, 0xA5, 0x16, 0x52, 0x02, 0xA3, 0x86,
-        0x81, 0xAA, 0x3A, 0x31, 0xE5, 0xB5, 0x44, 0x2D,
-        0x34, 0xE2, 0x7A, 0xD8, 0xFE, 0xA1, 0x36, 0xC0,
-        0x36, 0x65, 0x73, 0x12, 0x9F, 0x61, 0x3F, 0x59,
-        0xC9, 0x68, 0xB6, 0x34, 0x41, 0x40, 0x25, 0xD6,
-        0xE7, 0xAD, 0x25, 0x7D, 0xCB, 0xF1, 0x2A, 0xD8,
-        0x53, 0x48, 0x9D, 0xBF, 0xB5, 0xD5, 0x61, 0x18,
-        0x0E, 0x2A, 0x21, 0x3E, 0x61, 0x18, 0x07, 0x8E,
-        0x6F, 0x9A, 0x96, 0xA8, 0x61, 0xFE, 0x8D, 0x66,
-        0x1A, 0x21, 0x99, 0xD9, 0x60, 0x8B, 0xAC, 0x85,
-        0x84, 0x3D, 0x41, 0xF9, 0x93, 0x35, 0x24, 0x32,
-        0xFF, 0xC0, 0x8A, 0xFA, 0xBC, 0xA7, 0x85, 0x57,
-        0x3C, 0x16, 0x83, 0xAE, 0x90, 0xDE, 0x40, 0x12,
-        0xE4, 0x2B, 0xA2, 0x47, 0xA4, 0x92, 0x73, 0x54,
-        0x6C, 0xA5, 0xB7, 0xEE, 0x62, 0xEA, 0x62, 0x37,
-        0xD9, 0xD7, 0x73, 0x58, 0x43, 0xDB, 0x20, 0x60,
-        0x8C, 0x4F, 0x87, 0x58, 0xB2, 0x2B, 0xC3, 0x40,
-        0xB0, 0xC1, 0xB6, 0xB6, 0xA9, 0xCD, 0xCC, 0x05,
-        0x4F, 0x38, 0x5F, 0x08, 0xB3, 0x3B, 0x08, 0x4D,
-        0x78, 0x6B, 0x0D, 0x40, 0x46, 0xB9, 0x20, 0xDE,
-        0x29, 0x6F, 0x23, 0x96, 0xDA, 0x02, 0xF5, 0x1C,
-        0x1A, 0x1A, 0x36, 0xA3, 0x3A, 0xFA, 0x1D, 0x80,
-        0x36, 0x3C, 0xF6, 0xB4, 0xDC, 0x2C, 0x88, 0x54,
-        0xF7, 0x86, 0xC6, 0xF2, 0x15, 0xF8, 0x85, 0x33,
-        0xFB, 0x21, 0x20, 0x59, 0xCE, 0x60, 0x4B, 0xE8,
-        0xF1, 0xB7, 0x54, 0x17, 0x1E, 0x83, 0xCD, 0x82,
-        0x39, 0x40, 0x14, 0x31, 0xEC, 0x89, 0xC8, 0xE2,
-        0x6A, 0xAE, 0x3F, 0x49, 0x5B, 0x38, 0xE7, 0xCD,
-        0xE2, 0xF6, 0xEF, 0x90, 0x51, 0x10, 0x83, 0x79,
-        0x27, 0x80, 0x2F, 0x45, 0x78, 0x67, 0xAF, 0xF4,
-        0x65, 0x95, 0x2D, 0xFE, 0x00, 0xF3, 0x2A, 0x60,
-        0x00, 0xF7, 0x26, 0xFA, 0x3C, 0xAD, 0xA9, 0xAF,
-        0xCA, 0xF6, 0x69, 0x48, 0x03, 0xBE, 0x18, 0x73,
-        0x54, 0x06, 0x06, 0x3E, 0x4E, 0xAD, 0xFC, 0x8B,
-        0xC3, 0x43, 0x24, 0x5D, 0xE9, 0xDE, 0x78, 0xDC,
-        0xD0, 0xA7, 0x04, 0x77, 0xF0, 0x0D, 0xA3, 0x37,
-        0x8C, 0x5F, 0x8B, 0xDF, 0xBE, 0x90, 0x1F, 0xA6,
-        0xB3, 0x17, 0x9D, 0x68, 0x36, 0x45, 0x11, 0x60,
-        0xFF, 0xF9, 0xBA, 0xDA, 0x80, 0xAA, 0x37, 0x57,
-        0xDD, 0x34, 0x30, 0x42, 0x7A, 0x9C, 0x86, 0xB4,
-        0x91, 0x30, 0xB8, 0xC0, 0xC4, 0x29, 0x15, 0x31,
-        0xF3, 0x9A, 0xB0, 0xCD, 0xAC, 0x8C, 0x7C, 0x8C,
-        0x4A, 0xDC, 0x76, 0xB6, 0x31, 0x30, 0xDE, 0x2D,
-        0x81, 0x04, 0xC7, 0x48, 0x73, 0x69, 0x02, 0x40,
-        0x30, 0x19, 0x66, 0x94, 0x21, 0x65, 0x13, 0x18,
-        0xC2, 0x09, 0x14, 0x5F, 0xC4, 0x2F, 0xC4, 0xD6,
-        0xA6, 0x05, 0x37, 0xAF, 0x72, 0x0C, 0x47, 0x02,
-        0x29, 0x95, 0x08, 0x9D, 0xC9, 0x07, 0x31, 0x38,
-        0xA9, 0xB5, 0xDA, 0x21, 0x76, 0x1D, 0x84, 0xD0,
-        0x15, 0xAF, 0x2A, 0xA3, 0x69, 0x0A, 0xE9, 0x4F,
-        0x75, 0x8A, 0x50, 0xA5, 0x11, 0xD4, 0x5F, 0xAF,
-        0x70, 0x43, 0xCB, 0xD7, 0x03, 0x9E, 0xB0, 0xBD,
-        0x19, 0x47, 0x94, 0x58, 0x22, 0x86, 0xC6, 0xE3,
-        0x62, 0xD8, 0x63, 0x05, 0xD9, 0xE2, 0xE5, 0x4A,
-        0x04, 0x54, 0x5A, 0x55, 0x25, 0xAD, 0x15, 0x5C,
-        0x4B, 0x71, 0x25, 0xE1, 0x50, 0xE3, 0x62, 0x1B,
-        0xD2, 0x43, 0x28, 0xD2, 0x84, 0xE4, 0xE2, 0x05,
-        0xE3, 0x01, 0x4C, 0x8F, 0x38, 0x17, 0x49, 0xFD,
-        0x3B, 0x52, 0x1A, 0x55, 0xB3, 0x1D, 0x69, 0x83,
-        0xAB, 0x9E, 0xC4, 0x73, 0xEE, 0x64, 0x7A, 0x73,
-        0x19, 0xEF, 0xCD, 0x7D, 0xB7, 0xF4, 0x2E, 0xCB,
-        0x55, 0x2A, 0x8A, 0xCC, 0x8F, 0xF8, 0x4E, 0xFB,
-        0xD2, 0x63, 0x8F, 0xF1, 0x10, 0x89, 0x02, 0x93,
-        0x3E, 0xAC, 0xA4, 0xB4, 0x89, 0xC7, 0xF7, 0x8B,
-        0x3E, 0xE1, 0xE8, 0x93, 0xB9, 0x8E, 0x36, 0x25,
-        0xC1, 0xC0, 0xD9, 0x44, 0x81, 0xC0, 0x99, 0x3C,
-        0x2B, 0x89, 0xF7, 0xDF, 0xDB, 0xD8, 0xCC, 0x84,
-        0xE6, 0xFF, 0xFE, 0xAC, 0x21, 0x16, 0xF1, 0xE2,
-        0xEF, 0x0A, 0x32, 0xA7, 0xDE, 0x87, 0x51, 0xEC,
-        0xB1, 0x0C, 0x0B, 0xC7, 0x07, 0xD9, 0x9A, 0xF8,
-        0xE8, 0xB0, 0xFE, 0xA5, 0x67, 0xAF, 0x53, 0x9F,
-        0xEF, 0x23, 0xEF, 0x7D, 0xFF, 0xA8, 0x8E, 0xDE,
-        0x97, 0x93, 0x32, 0xA6, 0x7C, 0xCF, 0x49, 0xBC,
-        0x36, 0x0D, 0x88, 0x90, 0x89, 0x39, 0x76, 0xA8,
-        0x82, 0x19, 0x02, 0xB6, 0x02, 0x82, 0xFE, 0xED,
-        0x9C, 0x28, 0x8D, 0xB0, 0x1E, 0x2B, 0x2A, 0xCF,
-        0xF3, 0x94, 0xFF, 0x66, 0x33, 0x93, 0x31, 0xD6,
-        0xFC, 0xAF, 0xE7, 0xC5, 0x98, 0x01, 0x46, 0xCD,
-        0xCB, 0xC4, 0x41, 0x13, 0x6D, 0x42, 0xF5, 0x13,
-        0xDF, 0xF9, 0x97, 0x65, 0xD4, 0x7B, 0x6E, 0x10,
-        0x79, 0x5D, 0x5A, 0x82, 0xA2, 0x49, 0x53, 0xA7,
-        0x6D, 0x9C, 0xDD, 0x0A, 0x80, 0x98, 0x58, 0x07,
-        0x30, 0xBF, 0x0B, 0x30, 0xAC, 0x24, 0x9E, 0xA0,
-        0xE8, 0xE4, 0x7A, 0x0D, 0xD0, 0x50, 0x82, 0xAE,
-        0xBB, 0xEC, 0x15, 0x30, 0x2A, 0xF2, 0xA7, 0xA6,
-        0x6A, 0xC8, 0xAE, 0x1E, 0x14, 0x80, 0x7C, 0x18,
-        0xE7, 0x2B, 0x88, 0x65, 0xB7, 0x93, 0x12, 0xB3,
-        0xC1, 0x2A, 0x20, 0xAD, 0x3B, 0x2E, 0x84, 0xC4,
-        0x0D, 0xA7, 0x62, 0x5C, 0x79, 0x52, 0x5D, 0x59,
-        0xA4, 0x69, 0x5C, 0x26, 0xFD, 0x4F, 0x80, 0xCC,
-        0xFE, 0x8E, 0x70, 0x72, 0xB1, 0x41, 0xE1, 0x75,
-        0x53, 0x51, 0xCF, 0x4C, 0x0B, 0x57, 0xF2, 0xB8,
-        0x59, 0x76, 0xE6, 0xEF, 0x6D, 0x74, 0xA6, 0x73,
-        0x69, 0x7F, 0x7C, 0xB2, 0x35, 0xFE, 0x8A, 0x02,
-        0x2F, 0xBE, 0x7C, 0x4D, 0x02, 0xBE, 0x8F, 0xFB,
-        0x7A, 0x58, 0x45, 0xEC, 0xBA, 0x1B, 0xC6, 0xB9,
-        0x8D, 0xF5, 0xB0, 0x82, 0xD1, 0xB4, 0x97, 0x86,
-        0x9B, 0x33, 0x54, 0x49, 0x5B, 0x88, 0xD9, 0xB5,
-        0xD0, 0x93, 0x8A, 0x00, 0x5D, 0x0F, 0x37, 0x88,
-        0x57, 0xE3, 0xFA, 0x7E, 0x7B, 0xFA, 0x43, 0x74,
-        0x8D, 0x64, 0x07, 0xD7, 0x07, 0x85, 0x4D, 0x49,
-        0xBC, 0x83, 0xF5, 0xD4, 0x95, 0x3E, 0x3E, 0x09,
-        0x65, 0xF3, 0xFC, 0x88, 0xA7, 0xF0, 0x46, 0x61,
-        0x44, 0x7D, 0x76, 0xED, 0xC9, 0x8D, 0x0F, 0x8D,
-        0xDA, 0x0D, 0x01, 0xC8, 0xB1, 0xA8, 0x9B, 0x4A,
-        0xF0, 0xA3, 0x88, 0x54, 0xC1, 0xD6, 0x52, 0x97
-    };
-#endif /* WOLFSSL_NO_ML_DSA_65 */
-#ifndef WOLFSSL_NO_ML_DSA_87
-    static const byte seed_87[] = {
-        0x22, 0x5F, 0x77, 0x07, 0x5E, 0x66, 0xCE, 0x1C,
-        0x99, 0xBA, 0x95, 0xB4, 0xFC, 0xDF, 0x25, 0x8B,
-        0xBB, 0x6F, 0xA5, 0xFE, 0x9C, 0x34, 0x9F, 0x0F,
-        0xDE, 0x3F, 0x71, 0xD5, 0x33, 0x9F, 0x6F, 0xD8
-    };
-    static const byte pk_87[] = {
-        0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6,
-        0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60,
-        0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81,
-        0xFD, 0x76, 0xC2, 0x51, 0x74, 0x75, 0xA8, 0xFB,
-        0x24, 0xBF, 0x9E, 0x97, 0x9C, 0xD2, 0x3E, 0xDA,
-        0x8A, 0x1B, 0xB6, 0x76, 0xDA, 0x7D, 0x7F, 0x44,
-        0xAD, 0x6B, 0xB9, 0xB0, 0x70, 0xD3, 0xD6, 0x44,
-        0x7F, 0xBE, 0x6C, 0x0C, 0x71, 0x37, 0xC6, 0xFB,
-        0x7B, 0x39, 0x83, 0x63, 0x9C, 0x41, 0x5C, 0xF2,
-        0xC9, 0x15, 0xFF, 0xD4, 0x18, 0xEA, 0xA1, 0x4D,
-        0xA9, 0xD1, 0xAD, 0x3C, 0x09, 0x8E, 0xA9, 0x05,
-        0x34, 0x6C, 0xAA, 0x75, 0x78, 0xF8, 0x6B, 0x6E,
-        0x52, 0xE6, 0x57, 0x55, 0x16, 0xF4, 0x92, 0x3E,
-        0x74, 0x3F, 0x96, 0xA3, 0x2A, 0xD0, 0x0E, 0xEE,
-        0xA1, 0xCE, 0x8A, 0x33, 0xF4, 0x87, 0xB9, 0xF3,
-        0x22, 0x5D, 0x2D, 0x84, 0xCD, 0x27, 0x57, 0xCC,
-        0xCF, 0xE6, 0xA3, 0x66, 0x24, 0x53, 0x0E, 0x52,
-        0x8A, 0x2F, 0x64, 0xFC, 0xE7, 0x04, 0xE7, 0xA7,
-        0x6C, 0x2E, 0x6A, 0xDC, 0x00, 0xEF, 0x9B, 0xEC,
-        0x91, 0x07, 0xB9, 0x69, 0x8F, 0x11, 0x59, 0xFC,
-        0x52, 0xEF, 0x4C, 0x36, 0x5A, 0xFD, 0xB1, 0x50,
-        0xED, 0xC3, 0x43, 0x5E, 0x03, 0xBB, 0x70, 0x26,
-        0x00, 0x6E, 0x5A, 0x55, 0x13, 0x51, 0xA4, 0xB1,
-        0x5F, 0xB8, 0x9F, 0xD2, 0xE9, 0x98, 0x38, 0xE8,
-        0xCF, 0x41, 0x73, 0xFD, 0x0D, 0xF1, 0xF6, 0x80,
-        0x89, 0xE1, 0x51, 0x8D, 0xD4, 0xB5, 0x79, 0x27,
-        0x76, 0xBD, 0xD9, 0x2F, 0xC7, 0xC7, 0x9B, 0xC7,
-        0x99, 0x7F, 0x78, 0x84, 0xD2, 0xB8, 0x80, 0xC5,
-        0xD2, 0xB7, 0xEE, 0xC8, 0x0A, 0xFE, 0x35, 0x59,
-        0x84, 0x5D, 0x39, 0x08, 0x39, 0xBE, 0x5E, 0xBF,
-        0x95, 0x93, 0xA7, 0x3E, 0xD0, 0x1E, 0xF6, 0x7D,
-        0x50, 0x3F, 0xFB, 0x74, 0x47, 0x04, 0xA2, 0xDC,
-        0x49, 0x48, 0x76, 0x2B, 0xC8, 0x43, 0x45, 0x75,
-        0x72, 0x84, 0x4D, 0x15, 0x74, 0xE3, 0xEB, 0x37,
-        0x83, 0x0A, 0x3B, 0x7C, 0xD4, 0x02, 0xC7, 0x6E,
-        0xD5, 0xB4, 0xFC, 0x15, 0xF0, 0x5E, 0x76, 0x03,
-        0x4C, 0xBB, 0x6A, 0x29, 0xDE, 0xBC, 0x7E, 0x2B,
-        0x34, 0xB2, 0x14, 0x2A, 0x57, 0xCF, 0x1B, 0x39,
-        0x73, 0xE5, 0x8B, 0xFF, 0x47, 0x50, 0x42, 0xDC,
-        0x22, 0x6C, 0x7E, 0x13, 0x71, 0xF3, 0x37, 0x51,
-        0x40, 0xF2, 0x90, 0x57, 0xAC, 0xB4, 0x64, 0x7C,
-        0x5F, 0x92, 0x6D, 0x3F, 0xDC, 0xCC, 0xC8, 0xD2,
-        0xE1, 0x6B, 0x81, 0xA9, 0xED, 0xCD, 0x0C, 0x8B,
-        0x5B, 0x2E, 0x11, 0x89, 0x87, 0x42, 0x4B, 0xEC,
-        0xAD, 0x40, 0xA5, 0xE5, 0xB4, 0x6D, 0x1C, 0xB4,
-        0x01, 0x0A, 0x8E, 0x9F, 0x6F, 0x25, 0x92, 0x5D,
-        0xFE, 0x6B, 0x6F, 0x24, 0x64, 0x5F, 0x9C, 0x88,
-        0x86, 0x96, 0xE8, 0x79, 0x64, 0x5B, 0x6A, 0x3A,
-        0x76, 0x21, 0x90, 0xCC, 0xB7, 0xD6, 0x26, 0x9D,
-        0x35, 0x54, 0x79, 0xDF, 0x71, 0x90, 0x55, 0x2A,
-        0x38, 0x52, 0xD1, 0xE9, 0x56, 0x73, 0xE7, 0x19,
-        0x44, 0x6A, 0xD3, 0x10, 0x24, 0xB9, 0x4B, 0xF8,
-        0xBB, 0xC9, 0x7B, 0x04, 0x66, 0x39, 0xCE, 0x12,
-        0x3F, 0xDE, 0xC3, 0x75, 0xAF, 0x9F, 0x8D, 0x4C,
-        0xF7, 0x16, 0x9B, 0xEB, 0x5F, 0xE5, 0x1B, 0xBF,
-        0x82, 0x2C, 0x53, 0xBA, 0x2D, 0x98, 0xA4, 0xA0,
-        0x14, 0xA2, 0xDE, 0x69, 0x7F, 0x03, 0x3C, 0x9E,
-        0x4A, 0x57, 0xC6, 0xED, 0xF6, 0x10, 0x6A, 0x76,
-        0x2A, 0x81, 0x92, 0x9F, 0x3E, 0xF0, 0xFD, 0xE9,
-        0xB7, 0xB3, 0x8A, 0xF6, 0x1A, 0x19, 0x9A, 0x16,
-        0x0F, 0x09, 0x45, 0xBD, 0xBB, 0x96, 0x7C, 0x72,
-        0x40, 0xFE, 0x94, 0xBD, 0xE1, 0x60, 0x50, 0x53,
-        0x13, 0xC9, 0x2B, 0xFA, 0x52, 0x40, 0xA2, 0xA7,
-        0xF0, 0x8C, 0x85, 0x78, 0xDB, 0xD6, 0x7F, 0x21,
-        0x39, 0xB5, 0x06, 0x72, 0xEE, 0x99, 0xA1, 0xBD,
-        0x78, 0x1F, 0xA4, 0xE9, 0x54, 0xF4, 0xFA, 0xDF,
-        0xA7, 0x9E, 0xDD, 0x8E, 0xB1, 0xCF, 0xA8, 0x48,
-        0x84, 0x5D, 0x70, 0xCB, 0x2D, 0xA9, 0x66, 0x09,
-        0x0B, 0x75, 0x75, 0xA2, 0x32, 0xFE, 0xDF, 0x96,
-        0x33, 0x84, 0xA7, 0x84, 0x48, 0x1A, 0xFA, 0x82,
-        0x79, 0x0A, 0x87, 0xE1, 0x1F, 0x11, 0x74, 0xD4,
-        0x3C, 0xC0, 0x8D, 0x4F, 0xD2, 0x5D, 0xBB, 0x40,
-        0x10, 0xB2, 0x6F, 0x23, 0xD2, 0xD6, 0xF4, 0xA5,
-        0x87, 0xEF, 0x7D, 0xE8, 0xC6, 0xF7, 0xC6, 0x0F,
-        0xF9, 0x6F, 0xF8, 0x4C, 0x39, 0xE4, 0x82, 0x1E,
-        0x1E, 0x6A, 0x80, 0x2F, 0xEC, 0x22, 0xD6, 0xA0,
-        0xAA, 0xB6, 0x2C, 0xCB, 0x16, 0x43, 0x68, 0xC2,
-        0x27, 0xF6, 0xA2, 0x31, 0x62, 0x66, 0xEC, 0x2F,
-        0xFF, 0x8D, 0xB4, 0x19, 0x51, 0x19, 0xA0, 0x8C,
-        0x67, 0xE2, 0x04, 0x04, 0xB9, 0x1F, 0x08, 0x70,
-        0x9E, 0xAA, 0xC2, 0xDE, 0xCB, 0x96, 0x19, 0x8F,
-        0x02, 0x74, 0x10, 0xCC, 0x1B, 0x82, 0x5D, 0x9C,
-        0x07, 0x00, 0xE5, 0xD7, 0x04, 0x51, 0xBA, 0x7F,
-        0x67, 0xF9, 0x64, 0x0C, 0xA3, 0x6B, 0xF3, 0x12,
-        0x21, 0x80, 0x68, 0xD6, 0xA2, 0xCA, 0xFF, 0x59,
-        0x33, 0x43, 0x7D, 0x67, 0xBF, 0xD4, 0x88, 0x4A,
-        0x6E, 0x92, 0xBA, 0x41, 0xE1, 0x28, 0xDA, 0xEB,
-        0xE1, 0xEA, 0x25, 0x60, 0xE1, 0x2F, 0xED, 0x2C,
-        0xD4, 0x4B, 0xC9, 0x4E, 0x9E, 0x9D, 0xFA, 0xBB,
-        0xF9, 0x61, 0x41, 0x4C, 0x24, 0x24, 0xFC, 0x9B,
-        0x62, 0xFE, 0x73, 0x74, 0xF6, 0xB8, 0x9B, 0xA9,
-        0x02, 0x96, 0xF4, 0x90, 0x18, 0xA7, 0xF5, 0x49,
-        0xC1, 0xA3, 0x94, 0xB8, 0xED, 0xBD, 0x0B, 0xF3,
-        0xDB, 0xF3, 0xBC, 0x10, 0x6A, 0x6B, 0x3F, 0x79,
-        0x07, 0xF2, 0x11, 0x09, 0xD5, 0x42, 0x8F, 0xA9,
-        0x09, 0x94, 0xBE, 0xF2, 0x0D, 0x3A, 0x91, 0x33,
-        0x01, 0x31, 0x34, 0xBF, 0x0A, 0xCA, 0xF1, 0x3E,
-        0x66, 0x18, 0xA6, 0x69, 0xEC, 0xEA, 0xC5, 0xE9,
-        0x8B, 0x80, 0xFE, 0x4D, 0x93, 0x7B, 0xD4, 0xE5,
-        0x74, 0x90, 0xFA, 0xFD, 0xCE, 0x45, 0xE8, 0xD7,
-        0xD8, 0x8F, 0x08, 0x8B, 0x3A, 0xA8, 0x01, 0xA2,
-        0xB4, 0xE5, 0xF2, 0x29, 0x41, 0x02, 0xBD, 0xCB,
-        0xF9, 0x4A, 0x62, 0x54, 0x99, 0x94, 0x61, 0xB7,
-        0x8F, 0xA5, 0x8A, 0x7F, 0xDC, 0xAD, 0xD2, 0xF2,
-        0x28, 0x1E, 0xF3, 0x18, 0xAE, 0x21, 0x81, 0xF7,
-        0xE9, 0xE5, 0xBF, 0x2B, 0xC2, 0x98, 0x24, 0xB1,
-        0x45, 0x56, 0x57, 0x31, 0xA1, 0x48, 0xAB, 0x39,
-        0xC2, 0x04, 0x29, 0x1B, 0x5B, 0xD3, 0x23, 0x35,
-        0xCC, 0x5A, 0x58, 0x10, 0x11, 0x5B, 0xD5, 0x88,
-        0xC2, 0x60, 0x37, 0x3D, 0x1C, 0x1C, 0x7B, 0x09,
-        0x95, 0xB5, 0x05, 0x12, 0xD8, 0x52, 0x8D, 0xF5,
-        0xBD, 0x4A, 0xA5, 0x45, 0x6F, 0x3D, 0x55, 0x9D,
-        0x90, 0xAD, 0xD7, 0xA9, 0xD0, 0x25, 0x0B, 0xD7,
-        0x55, 0x11, 0x5C, 0x60, 0xBF, 0xBD, 0xFB, 0x9D,
-        0x2A, 0xCE, 0x4F, 0xE6, 0xB8, 0x36, 0x3A, 0x4D,
-        0xE7, 0xB6, 0xFF, 0x6B, 0xD8, 0xBA, 0xD4, 0xEE,
-        0x95, 0x9A, 0x0A, 0x47, 0xD4, 0x76, 0xE0, 0xF7,
-        0xAC, 0x02, 0xB6, 0xA8, 0x10, 0x1E, 0xA5, 0x98,
-        0xC0, 0xF4, 0x68, 0x5E, 0x55, 0xC1, 0x67, 0xCD,
-        0x16, 0x31, 0xBD, 0xA2, 0x86, 0xF3, 0xF8, 0xC0,
-        0xED, 0x4A, 0xFF, 0xE8, 0xF5, 0x2C, 0xFA, 0xD2,
-        0x06, 0x78, 0x6D, 0x34, 0xBE, 0xF9, 0x15, 0x84,
-        0x6D, 0xE5, 0x5F, 0xA4, 0xAC, 0x84, 0x3B, 0x3A,
-        0xA6, 0x2D, 0xC2, 0x01, 0xE0, 0x63, 0x92, 0xC7,
-        0x77, 0xB5, 0x4E, 0x2C, 0x40, 0x90, 0x48, 0xAF,
-        0x8B, 0xE9, 0x6C, 0x1E, 0xEE, 0x16, 0x8F, 0x4E,
-        0x4F, 0xFF, 0x35, 0x15, 0xE5, 0x51, 0xF4, 0xB2,
-        0x23, 0x1C, 0x6A, 0xCE, 0x05, 0xDC, 0xDC, 0xAD,
-        0x7F, 0x9D, 0xDA, 0xB3, 0x0C, 0xAD, 0x9C, 0x62,
-        0x68, 0xD6, 0x84, 0x00, 0x76, 0xFF, 0xD3, 0x01,
-        0x18, 0xB0, 0xC4, 0xE5, 0xE5, 0x0D, 0x87, 0x8E,
-        0xAF, 0x77, 0xEE, 0xCB, 0x56, 0x88, 0x7F, 0xED,
-        0xC5, 0x7C, 0x54, 0xD6, 0x28, 0x46, 0xE0, 0x8C,
-        0xE6, 0x87, 0xF2, 0x4D, 0x0D, 0x2F, 0x12, 0x62,
-        0x06, 0xDF, 0xB2, 0x4E, 0x03, 0x04, 0x78, 0x0B,
-        0x03, 0x4C, 0xCE, 0x86, 0xD1, 0xCD, 0x53, 0x00,
-        0xED, 0xC6, 0xF8, 0x9A, 0xCB, 0x59, 0x14, 0xA6,
-        0x0C, 0x87, 0x35, 0x92, 0x66, 0x0D, 0x02, 0xA9,
-        0xEF, 0x0D, 0x7D, 0xC6, 0x45, 0xF3, 0x11, 0xEF,
-        0x1F, 0x55, 0x72, 0x1F, 0x1B, 0x45, 0xD2, 0xE4,
-        0x8F, 0x3F, 0x9F, 0xEB, 0x27, 0x02, 0xD8, 0x2C,
-        0xEF, 0xAD, 0x7E, 0x7E, 0x10, 0xDD, 0x91, 0x5E,
-        0x39, 0x06, 0x7C, 0x39, 0xEA, 0x61, 0xB9, 0xCC,
-        0xF1, 0x45, 0x56, 0x81, 0x53, 0x55, 0x42, 0xD4,
-        0x37, 0x0F, 0x53, 0xF0, 0x7F, 0xA0, 0xC6, 0x50,
-        0x9B, 0x1D, 0xC6, 0x7E, 0x9F, 0x1D, 0x89, 0x3B,
-        0xEB, 0x85, 0x59, 0x6D, 0x9C, 0x12, 0xEE, 0xAC,
-        0xFC, 0xAE, 0xC0, 0xAE, 0x5F, 0xD4, 0x9C, 0x62,
-        0xE7, 0x09, 0x8C, 0xFA, 0x80, 0x1A, 0x19, 0x09,
-        0x0F, 0x8D, 0x68, 0x9E, 0x45, 0x33, 0xE2, 0x58,
-        0x7B, 0xEF, 0xC7, 0x6A, 0xDC, 0x38, 0x33, 0x3E,
-        0x5C, 0x53, 0xB5, 0x99, 0xDB, 0x04, 0xA7, 0xEA,
-        0xFB, 0x07, 0x9B, 0x25, 0x47, 0xED, 0xAC, 0x5A,
-        0xAA, 0x1E, 0xE5, 0x23, 0xDE, 0x64, 0xE5, 0x87,
-        0x46, 0x8C, 0x41, 0x52, 0xC9, 0x4F, 0x90, 0x48,
-        0x1C, 0xAA, 0xA6, 0xB0, 0x3A, 0x1E, 0xC9, 0x08,
-        0xF7, 0x82, 0x71, 0x13, 0x76, 0x6B, 0x9E, 0x52,
-        0x22, 0x32, 0xE0, 0xC6, 0xF7, 0xD7, 0x4C, 0xBD,
-        0xC3, 0x1C, 0x18, 0xAF, 0xA0, 0x12, 0xD3, 0x22,
-        0x6A, 0xFC, 0x71, 0x8A, 0x64, 0x24, 0xAC, 0x19,
-        0x4E, 0x85, 0x3C, 0x51, 0xE6, 0xA3, 0xAD, 0xA9,
-        0x59, 0x94, 0xD2, 0x7F, 0xC4, 0x9D, 0x93, 0x5B,
-        0x51, 0xD7, 0xF3, 0x03, 0xE7, 0x7D, 0x5B, 0x13,
-        0x0E, 0xCD, 0x7D, 0x0F, 0x77, 0x3E, 0x84, 0xD7,
-        0x4E, 0x69, 0x57, 0x1B, 0x73, 0x99, 0xC9, 0x4D,
-        0xC0, 0x19, 0x6B, 0x9D, 0x5F, 0xBA, 0x69, 0xEE,
-        0x11, 0xBD, 0x7C, 0x45, 0xD9, 0xA9, 0x65, 0x88,
-        0xA7, 0x0E, 0x16, 0xBF, 0xB3, 0x82, 0x5E, 0x5E,
-        0x56, 0x13, 0x02, 0x7D, 0xB1, 0xDC, 0xF5, 0x4A,
-        0x82, 0x73, 0x72, 0x35, 0x9B, 0x91, 0xAC, 0x04,
-        0x69, 0xE9, 0xEA, 0x19, 0xC9, 0xD8, 0x59, 0xEB,
-        0x8F, 0x22, 0x5F, 0x43, 0x11, 0x0C, 0xCF, 0xB4,
-        0x16, 0x6C, 0x7D, 0x60, 0xCE, 0x14, 0x24, 0xAD,
-        0xD7, 0x07, 0xC2, 0x4E, 0x98, 0xA0, 0xDE, 0x9E,
-        0xE6, 0x31, 0xED, 0xF8, 0x5B, 0x9C, 0xAF, 0xF7,
-        0x57, 0x59, 0x10, 0xA9, 0x92, 0xDC, 0x4F, 0x0C,
-        0x2B, 0x88, 0x75, 0x19, 0x1D, 0xB3, 0xBF, 0x70,
-        0x23, 0x17, 0xD5, 0x1A, 0x50, 0x30, 0x18, 0x14,
-        0x1A, 0x14, 0xE6, 0x1D, 0x4F, 0x8A, 0x96, 0x3E,
-        0xD8, 0x6E, 0xD9, 0xBF, 0x94, 0x4E, 0xDE, 0xB8,
-        0xFF, 0xE1, 0x6F, 0xFD, 0x31, 0xE8, 0xFE, 0x43,
-        0xC2, 0x40, 0x82, 0x45, 0x50, 0xFE, 0x1B, 0xBC,
-        0x77, 0x4B, 0xB4, 0x30, 0xA7, 0xD4, 0x46, 0x32,
-        0x6A, 0xF7, 0xC5, 0x92, 0xDA, 0x70, 0xB1, 0xB7,
-        0xA1, 0x5A, 0x5D, 0x17, 0x3B, 0xDB, 0x2F, 0x28,
-        0x8A, 0x6E, 0xEC, 0xDA, 0xC4, 0xF7, 0x2E, 0xCB,
-        0xEB, 0x96, 0x60, 0x92, 0x1B, 0xDD, 0xD6, 0x13,
-        0x7C, 0x85, 0x9F, 0x8A, 0x9A, 0xE9, 0x5F, 0xC4,
-        0x24, 0xFD, 0x33, 0xDF, 0xB3, 0x98, 0x66, 0xF7,
-        0xA1, 0x5A, 0xDC, 0x01, 0xC9, 0xFA, 0x37, 0xF1,
-        0x7B, 0xD0, 0xF6, 0x66, 0x8A, 0x26, 0x7C, 0xC2,
-        0x1B, 0xFF, 0x62, 0xBC, 0xFD, 0xCD, 0x47, 0xDA,
-        0xEE, 0x75, 0xF2, 0xAC, 0x60, 0x69, 0x87, 0x26,
-        0xCC, 0x92, 0x10, 0x1C, 0x92, 0xC1, 0x43, 0x09,
-        0xE9, 0xCE, 0x7D, 0x05, 0x5C, 0x64, 0x55, 0xCB,
-        0xBB, 0x7A, 0xAE, 0x05, 0xDB, 0x38, 0xD3, 0xD5,
-        0xBB, 0xD9, 0x9F, 0xCB, 0xCF, 0xB7, 0x9C, 0xEF,
-        0x7E, 0x7B, 0x2A, 0x6F, 0x84, 0x4E, 0x6A, 0x7F,
-        0xD3, 0x5F, 0xF3, 0xB3, 0xC1, 0xF0, 0x02, 0x9C,
-        0xA2, 0x4C, 0x86, 0x0E, 0x6B, 0xE2, 0x2B, 0x1D,
-        0x1D, 0xB4, 0x55, 0x7F, 0x85, 0x54, 0x2D, 0x85,
-        0x64, 0x89, 0x92, 0x19, 0x65, 0x44, 0xD7, 0x95,
-        0x48, 0x2C, 0x46, 0x8D, 0x0E, 0xBA, 0xFB, 0x13,
-        0x63, 0x52, 0x2E, 0x22, 0x19, 0x3F, 0x7F, 0xFB,
-        0x54, 0x4D, 0x73, 0xA1, 0x3C, 0x22, 0xD6, 0x5D,
-        0x2B, 0x4A, 0xBD, 0xD7, 0xBB, 0x72, 0x55, 0x80,
-        0xD4, 0x57, 0x4E, 0xDC, 0xF2, 0x8B, 0xB3, 0x09,
-        0x6A, 0xF9, 0x1A, 0xD3, 0x41, 0x0E, 0x72, 0x95,
-        0x49, 0xE7, 0xD1, 0xDC, 0x05, 0x22, 0xC3, 0x3E,
-        0x26, 0x95, 0x00, 0x01, 0x8C, 0xE1, 0x54, 0x47,
-        0x84, 0x10, 0xA7, 0x67, 0x45, 0xBB, 0xB9, 0x7B,
-        0x0B, 0xB4, 0x74, 0x82, 0xED, 0x6C, 0x26, 0x6E,
-        0xF2, 0x56, 0xCA, 0x1A, 0xD1, 0x10, 0x68, 0x40,
-        0x28, 0x23, 0xD5, 0x98, 0xB3, 0x6B, 0x75, 0x16,
-        0x13, 0x87, 0xE1, 0xF2, 0x3F, 0xAB, 0xC0, 0x2A,
-        0xF0, 0x16, 0x59, 0x85, 0x1A, 0x5B, 0x41, 0xB7,
-        0x52, 0xB1, 0x79, 0x46, 0x20, 0xDF, 0x59, 0xFB,
-        0x33, 0xB3, 0x05, 0xF1, 0x12, 0x8B, 0xDB, 0x7C,
-        0x51, 0x90, 0xC9, 0x8A, 0xC9, 0x48, 0x10, 0x54,
-        0xF4, 0x0F, 0x88, 0x1D, 0xDB, 0x40, 0x1B, 0x3A,
-        0xD7, 0x62, 0xD1, 0x75, 0x73, 0xD6, 0xCA, 0x23,
-        0x26, 0xB2, 0xBF, 0x4C, 0xCA, 0x22, 0xDD, 0xF6,
-        0xAF, 0x22, 0xB8, 0x4F, 0xC2, 0xC3, 0xB3, 0xD3,
-        0xED, 0xFA, 0xBA, 0x2E, 0x38, 0x28, 0x6A, 0xAE,
-        0x60, 0xE9, 0x2D, 0x11, 0x33, 0xED, 0x7E, 0xE9,
-        0x29, 0x8E, 0x01, 0xB0, 0x0F, 0x13, 0x83, 0x44,
-        0x17, 0xFA, 0xB6, 0x54, 0x7C, 0xAC, 0x1F, 0xED,
-        0xC9, 0x22, 0xF2, 0x4F, 0x69, 0x24, 0x04, 0xFE,
-        0xC2, 0x6A, 0xEB, 0xB0, 0xE4, 0xF5, 0x03, 0xCB,
-        0xB3, 0x99, 0x50, 0x66, 0x1F, 0x6B, 0xF3, 0xFE,
-        0xB7, 0xBF, 0x8D, 0xBA, 0x59, 0x75, 0x75, 0x51,
-        0xB0, 0xA5, 0xB9, 0x66, 0xC8, 0xDD, 0x35, 0xAE,
-        0x20, 0x66, 0x21, 0x9B, 0x04, 0x3F, 0xC6, 0x90,
-        0x6F, 0x2B, 0x5C, 0x78, 0x49, 0x3C, 0x40, 0xE6,
-        0xF9, 0x6B, 0x1A, 0xEF, 0xCE, 0x5A, 0xC1, 0x68,
-        0xD3, 0x34, 0x05, 0xD0, 0x21, 0x6C, 0xF8, 0xA8,
-        0x55, 0xE4, 0x6E, 0x80, 0x9B, 0xAD, 0xA5, 0xC3,
-        0x55, 0x0B, 0x28, 0xBB, 0x54, 0x02, 0xD4, 0xF6,
-        0x82, 0x73, 0xAB, 0x56, 0x0B, 0xB1, 0x5F, 0x94,
-        0xC3, 0xDA, 0x24, 0x1E, 0x7F, 0x62, 0x6B, 0x98,
-        0x6B, 0x2A, 0xF3, 0x92, 0x37, 0x3A, 0xB9, 0xE6,
-        0x27, 0xC4, 0xBB, 0xAB, 0xE4, 0x9A, 0x60, 0xD2,
-        0xAE, 0xCE, 0xFD, 0x44, 0xEB, 0x1C, 0xCF, 0x74,
-        0x54, 0xFC, 0xEC, 0x4F, 0xC2, 0xBA, 0xF4, 0x3B,
-        0xAC, 0x03, 0xC7, 0x2E, 0xE6, 0x62, 0x44, 0x61,
-        0x42, 0xC8, 0xAE, 0xF1, 0xB2, 0xA9, 0xAC, 0xE0,
-        0xCE, 0x23, 0xAF, 0xCC, 0x86, 0x61, 0xFE, 0xC5,
-        0xCB, 0xAC, 0x4A, 0x1B, 0x5C, 0xC7, 0x2B, 0xFF,
-        0x8A, 0x20, 0x62, 0x0E, 0xB9, 0x1D, 0xDD, 0x93,
-        0x19, 0x29, 0xE4, 0xD9, 0x13, 0x1D, 0x28, 0x32,
-        0x03, 0x5A, 0xA6, 0x8E, 0x20, 0xC7, 0xD6, 0xC6,
-        0x4D, 0x19, 0x17, 0xCC, 0x65, 0xB8, 0x84, 0x0C,
-        0x38, 0xB4, 0xA9, 0x45, 0x2B, 0x91, 0x61, 0x79,
-        0x87, 0x08, 0xA6, 0xBD, 0x28, 0x9A, 0x58, 0x48,
-        0xD5, 0x58, 0xC6, 0xCE, 0xC2, 0xC5, 0x72, 0x16,
-        0xD9, 0xF4, 0xED, 0x66, 0xAC, 0xFA, 0x93, 0xE8,
-        0x26, 0x10, 0x3B, 0x3D, 0x8F, 0xEA, 0x51, 0xCC,
-        0x82, 0xC0, 0xDB, 0xDF, 0xA7, 0x13, 0xFB, 0x1B,
-        0x77, 0x7E, 0x6F, 0x9E, 0x3C, 0xC5, 0x86, 0x35,
-        0x92, 0x5B, 0x6F, 0x76, 0xA1, 0x71, 0x0D, 0x8C,
-        0xDC, 0x95, 0x9F, 0xAC, 0x2C, 0x8E, 0x21, 0x01,
-        0x37, 0x06, 0x28, 0x64, 0x4C, 0x23, 0xE2, 0x75,
-        0x0B, 0xA7, 0xA4, 0xF5, 0x90, 0x87, 0xD2, 0x43,
-        0x71, 0x59, 0x7C, 0x8C, 0xCA, 0x77, 0x3B, 0xC5,
-        0x36, 0x46, 0xF7, 0x2F, 0xD3, 0x47, 0x18, 0xD7,
-        0xC9, 0x4E, 0x56, 0x2D, 0x49, 0x82, 0xAC, 0x7D,
-        0xD7, 0x3D, 0xF1, 0xDD, 0x73, 0x8B, 0xE4, 0xA1,
-        0x10, 0x85, 0xB6, 0x94, 0xBE, 0x6A, 0x5E, 0xEE,
-        0xBD, 0x60, 0xEB, 0x95, 0x76, 0xA8, 0x52, 0xE1,
-        0x47, 0x57, 0xA1, 0x9C, 0xEC, 0x44, 0xE5, 0x6F,
-        0x68, 0x34, 0x7E, 0x19, 0xBE, 0xCE, 0x56, 0xC9,
-        0xBE, 0xCE, 0xFC, 0xB8, 0x32, 0x6D, 0xCB, 0x84,
-        0x59, 0xBF, 0x4D, 0xF6, 0xE1, 0x53, 0x41, 0x61,
-        0x5C, 0xFB, 0xD2, 0x48, 0xA6, 0x7F, 0x05, 0xB2,
-        0xFC, 0xE8, 0xB2, 0x8A, 0x55, 0x7D, 0x19, 0xC0,
-        0x69, 0x3B, 0x91, 0x5D, 0x71, 0xE7, 0xBB, 0x72,
-        0x7D, 0xB9, 0x64, 0x6E, 0x8B, 0x5B, 0x70, 0x51,
-        0xB5, 0x69, 0x8C, 0xC0, 0xFC, 0x95, 0xB2, 0x43,
-        0x08, 0xF8, 0x70, 0xE4, 0x6F, 0x87, 0xA7, 0xDF,
-        0x23, 0x84, 0xEE, 0xCF, 0x73, 0x38, 0xDE, 0x99,
-        0x4C, 0xF8, 0xF1, 0x2D, 0xA2, 0x68, 0x99, 0xE3,
-        0x9B, 0xB8, 0xF6, 0xC1, 0x5C, 0x83, 0x07, 0xE9,
-        0xB9, 0xE2, 0x51, 0x62, 0xC8, 0x53, 0xF1, 0xC2,
-        0xF7, 0x57, 0x8A, 0xA0, 0x42, 0x3C, 0x18, 0x36,
-        0xF3, 0x99, 0xFD, 0x34, 0xB2, 0xF0, 0x1D, 0xBA,
-        0x43, 0xEA, 0x72, 0x1C, 0x0B, 0x37, 0x47, 0xBC,
-        0xAF, 0xDA, 0x22, 0x1F, 0x1C, 0x08, 0x16, 0x13,
-        0xBD, 0xAA, 0x07, 0xFD, 0x7E, 0xCA, 0x70, 0x57,
-        0x74, 0xDF, 0x68, 0x6B, 0x9F, 0x2D, 0x56, 0xBD,
-        0x21, 0x89, 0xFA, 0x09, 0x04, 0xCA, 0x09, 0xBD,
-        0x4F, 0xE6, 0x15, 0xF5, 0x89, 0xAB, 0xAC, 0xB2,
-        0xC9, 0xBF, 0xC8, 0xBB, 0x87, 0x83, 0xB4, 0xD3,
-        0xDC, 0xB1, 0x25, 0x9B, 0xAE, 0xC5, 0x75, 0x0C,
-        0x9E, 0x6A, 0x83, 0x41, 0x85, 0x9D, 0x4B, 0xBF,
-        0x62, 0x0C, 0x7D, 0x77, 0xC9, 0x89, 0xA6, 0xE1,
-        0x28, 0xBD, 0x13, 0x5D, 0x41, 0x26, 0x80, 0x75,
-        0x23, 0x57, 0xE7, 0x4F, 0x4D, 0x02, 0x8E, 0x0F,
-        0x43, 0x67, 0xF6, 0xA6, 0xE6, 0xB6, 0x84, 0x8D,
-        0xF5, 0x7B, 0x6A, 0x95, 0x73, 0x27, 0x86, 0x02,
-        0x72, 0xCB, 0xDF, 0x77, 0x1C, 0x6C, 0x5E, 0xD3,
-        0xF0, 0x1C, 0x82, 0x7A, 0x0D, 0xBB, 0x70, 0xA3,
-        0x98, 0x8B, 0x7B, 0x4A, 0xFE, 0x2D, 0xB1, 0x5C,
-        0x61, 0x89, 0x34, 0x4C, 0x81, 0x4B, 0x52, 0x17,
-        0x03, 0x81, 0x54, 0x4F, 0x9E, 0x9E, 0x07, 0x16,
-        0xF3, 0xD9, 0x18, 0x01, 0x11, 0xFD, 0x67, 0x18,
-        0xA2, 0x64, 0x35, 0x42, 0x81, 0x80, 0x4A, 0xBA,
-        0xCB, 0xD5, 0xF5, 0x4A, 0x10, 0x7F, 0xE2, 0xCF,
-        0xA5, 0x1E, 0xCB, 0x0C, 0xAB, 0x3E, 0x03, 0x98,
-        0x73, 0x89, 0xA4, 0x10, 0x75, 0xD5, 0xAC, 0x3D,
-        0xCF, 0x56, 0x75, 0xD8, 0x86, 0xC2, 0x21, 0x42,
-        0x99, 0x8D, 0x1B, 0x49, 0x09, 0xFE, 0x86, 0x41,
-        0xC9, 0xDC, 0x87, 0x8D, 0x5A, 0xF0, 0xF5, 0xBE,
-        0xF5, 0x49, 0x64, 0x5A, 0x7A, 0xC3, 0x5D, 0xE4,
-        0xD6, 0xB7, 0x30, 0x92, 0x2A, 0x15, 0x86, 0x02,
-        0xBE, 0xBA, 0x6E, 0xF6, 0x3D, 0x2D, 0x70, 0x89,
-        0xFB, 0xB5, 0x1E, 0xBA, 0xDA, 0x20, 0x12, 0x49,
-        0x22, 0xA0, 0xD8, 0x33, 0x9E, 0x4C, 0xC0, 0x27,
-        0x0F, 0x9C, 0x1F, 0xD2, 0xA9, 0xF4, 0xD2, 0xA9,
-        0x6D, 0xC5, 0x32, 0x16, 0x35, 0x9F, 0x19, 0x88,
-        0xC1, 0xAA, 0xA4, 0x66, 0x33, 0xE6, 0x2C, 0x6A,
-        0x6E, 0xA2, 0x1B, 0x33, 0xCB, 0xC3, 0x7E, 0xC5,
-        0x31, 0x4D, 0x5C, 0x17, 0x4C, 0x33, 0x7F, 0x09,
-        0x01, 0x33, 0x82, 0x84, 0x37, 0x03, 0xEB, 0x0E,
-        0xB1, 0x5F, 0x1B, 0x60, 0x8A, 0x2C, 0x9F, 0x39
-    };
-    static const byte sk_87[] = {
-        0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6,
-        0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60,
-        0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81,
-        0xFD, 0x76, 0xC2, 0x51, 0x74, 0x75, 0xA8, 0xFB,
-        0x9A, 0xFE, 0xF5, 0x92, 0x58, 0xBB, 0x3C, 0xEB,
-        0x4C, 0x5E, 0x83, 0xF9, 0xFF, 0xBC, 0x3B, 0x49,
-        0xAE, 0xE1, 0xFC, 0x4B, 0x94, 0x4B, 0x8C, 0x75,
-        0xD4, 0x67, 0x75, 0x66, 0x7D, 0x6B, 0xA4, 0xF2,
-        0xDA, 0xC2, 0xB7, 0xC4, 0xD8, 0x50, 0x25, 0xCB,
-        0x5A, 0xDB, 0xA4, 0xAD, 0xBB, 0x44, 0x20, 0x24,
-        0x90, 0xEA, 0xA5, 0x2C, 0xAE, 0x80, 0x22, 0xC9,
-        0x59, 0x02, 0xB7, 0x10, 0xB0, 0x5E, 0x1E, 0x5F,
-        0x52, 0x7D, 0x88, 0xDA, 0xE2, 0x04, 0xBF, 0x45,
-        0xA7, 0xA8, 0x49, 0x97, 0x7D, 0xAD, 0x7C, 0x7C,
-        0x9E, 0x9C, 0x4A, 0xCC, 0x36, 0x33, 0x0F, 0x30,
-        0xFA, 0xDE, 0x52, 0xE9, 0xAE, 0x23, 0x29, 0x13,
-        0x10, 0x17, 0x8A, 0xD0, 0x08, 0x8E, 0xE1, 0x10,
-        0x30, 0xD0, 0x84, 0x65, 0x92, 0x12, 0x2A, 0x81,
-        0x26, 0x2E, 0x11, 0x14, 0x30, 0x61, 0x38, 0x61,
-        0x64, 0x42, 0x05, 0x08, 0x91, 0x90, 0x4C, 0x06,
-        0x82, 0xCC, 0x90, 0x45, 0x10, 0x39, 0x90, 0x22,
-        0x40, 0x2A, 0x9B, 0x16, 0x26, 0x9A, 0xA8, 0x50,
-        0x91, 0x12, 0x70, 0x91, 0x20, 0x4D, 0xC0, 0x34,
-        0x90, 0x18, 0x28, 0x31, 0x10, 0x02, 0x11, 0x22,
-        0xB3, 0x6C, 0x8B, 0xB8, 0x2C, 0x22, 0xB0, 0x69,
-        0x53, 0x36, 0x31, 0x61, 0x42, 0x6C, 0xD9, 0x06,
-        0x6A, 0xD9, 0x04, 0x45, 0xDB, 0x18, 0x05, 0x12,
-        0x37, 0x4A, 0xD4, 0x06, 0x64, 0xD3, 0xA2, 0x85,
-        0xA0, 0x38, 0x8A, 0x14, 0xA5, 0x85, 0x50, 0x20,
-        0x85, 0xE4, 0xA8, 0x24, 0xC3, 0xC6, 0x31, 0xC9,
-        0x34, 0x4E, 0xD2, 0x14, 0x68, 0x82, 0x90, 0x85,
-        0xC4, 0x02, 0x61, 0x24, 0x38, 0x05, 0x01, 0xA3,
-        0x50, 0x48, 0x08, 0x62, 0x20, 0xB0, 0x25, 0x5B,
-        0xA6, 0x4D, 0x98, 0x92, 0x11, 0xC2, 0x06, 0x00,
-        0xD1, 0xB0, 0x4D, 0x21, 0xA4, 0x8C, 0x01, 0x16,
-        0x72, 0x11, 0xA6, 0x20, 0xD0, 0x16, 0x45, 0x10,
-        0x31, 0x8E, 0xCB, 0xC2, 0x69, 0x02, 0x08, 0x91,
-        0xD4, 0x30, 0x89, 0x03, 0x41, 0x05, 0x93, 0x16,
-        0x8E, 0x5A, 0x18, 0x04, 0x41, 0x10, 0x6D, 0x18,
-        0x42, 0x70, 0x53, 0x16, 0x31, 0x52, 0x30, 0x8E,
-        0x0C, 0x49, 0x66, 0x0C, 0x90, 0x0C, 0xA4, 0x08,
-        0x2E, 0x41, 0x92, 0x05, 0x24, 0x07, 0x30, 0x12,
-        0x46, 0x72, 0x13, 0x99, 0x20, 0xE0, 0xA2, 0x4C,
-        0x1B, 0x14, 0x52, 0x5A, 0x90, 0x05, 0x08, 0x82,
-        0x31, 0x53, 0xC2, 0x90, 0xCC, 0x42, 0x68, 0x18,
-        0xB0, 0x2C, 0x00, 0x80, 0x65, 0x58, 0x12, 0x84,
-        0x19, 0x90, 0x08, 0x44, 0x26, 0x4A, 0x10, 0xA9,
-        0x0C, 0x12, 0x25, 0x0C, 0x9C, 0x10, 0x25, 0x0C,
-        0x28, 0x25, 0xD8, 0x46, 0x84, 0x1A, 0x22, 0x71,
-        0x5B, 0x28, 0x6E, 0x98, 0x02, 0x51, 0x61, 0xB4,
-        0x51, 0x01, 0xA1, 0x21, 0x24, 0x39, 0x12, 0xC8,
-        0x08, 0x85, 0xD1, 0x34, 0x64, 0xA4, 0xA8, 0x04,
-        0xA2, 0xC0, 0x09, 0x44, 0x48, 0x48, 0x03, 0x37,
-        0x00, 0x20, 0x05, 0x4D, 0x20, 0xA4, 0x05, 0x11,
-        0x18, 0x82, 0x42, 0x94, 0x4D, 0x24, 0x16, 0x01,
-        0x02, 0x93, 0x4C, 0x00, 0x16, 0x06, 0xC1, 0xC0,
-        0x0C, 0x8B, 0xC0, 0x41, 0x41, 0x06, 0x42, 0xA3,
-        0xC6, 0x64, 0x1A, 0x85, 0x91, 0x41, 0x06, 0x49,
-        0x04, 0xA7, 0x44, 0x82, 0x22, 0x6A, 0x50, 0x08,
-        0x0E, 0x14, 0x18, 0x20, 0x4B, 0x88, 0x91, 0x01,
-        0xA0, 0x49, 0x1A, 0x85, 0x4D, 0x94, 0x18, 0x10,
-        0x0A, 0x05, 0x44, 0x94, 0x38, 0x05, 0x93, 0x40,
-        0x68, 0x23, 0x07, 0x85, 0xE2, 0x12, 0x22, 0x9B,
-        0xB8, 0x08, 0xD2, 0x10, 0x2A, 0x08, 0xA8, 0x10,
-        0x92, 0x40, 0x2D, 0xD8, 0x44, 0x4C, 0xCC, 0x94,
-        0x05, 0x24, 0x43, 0x4C, 0xD3, 0xC2, 0x48, 0x10,
-        0x21, 0x2D, 0xC9, 0xB6, 0x08, 0xC9, 0x06, 0x4D,
-        0xE1, 0x90, 0x20, 0x14, 0x24, 0x70, 0x5C, 0x84,
-        0x28, 0xC0, 0xC2, 0x81, 0x22, 0x13, 0x50, 0x44,
-        0x84, 0x91, 0xCA, 0xA2, 0x48, 0x12, 0x91, 0x05,
-        0x5B, 0x92, 0x8D, 0x92, 0x92, 0x24, 0x82, 0x42,
-        0x48, 0x03, 0x37, 0x46, 0xD8, 0x44, 0x86, 0x44,
-        0x20, 0x89, 0xE4, 0xC2, 0x84, 0xC2, 0x04, 0x65,
-        0x49, 0xA8, 0x4D, 0xA4, 0x38, 0x28, 0xDB, 0xA4,
-        0x64, 0x24, 0x00, 0x51, 0xC8, 0x12, 0x6D, 0x19,
-        0x82, 0x24, 0xCB, 0x00, 0x44, 0x4B, 0x20, 0x20,
-        0x9B, 0x82, 0x4C, 0x5C, 0xA8, 0x08, 0xD2, 0xB6,
-        0x8C, 0x08, 0x35, 0x20, 0xC0, 0x92, 0x45, 0xE3,
-        0xB4, 0x2C, 0x50, 0x32, 0x0E, 0xD1, 0x82, 0x11,
-        0x4A, 0x96, 0x08, 0x1C, 0x86, 0x29, 0x02, 0x19,
-        0x71, 0x12, 0x03, 0x6E, 0x94, 0x08, 0x50, 0x12,
-        0x27, 0x20, 0x0B, 0x10, 0x12, 0xA1, 0x18, 0x06,
-        0x5A, 0x36, 0x4C, 0x93, 0xB4, 0x68, 0x21, 0xA7,
-        0x28, 0x09, 0x34, 0x91, 0x18, 0x93, 0x49, 0x4A,
-        0x32, 0x60, 0x00, 0x29, 0x2D, 0x94, 0x48, 0x44,
-        0x09, 0x94, 0x2C, 0x21, 0x07, 0x6C, 0x41, 0x38,
-        0x60, 0x8C, 0x10, 0x46, 0x11, 0x19, 0x65, 0x01,
-        0x46, 0x60, 0x1A, 0x29, 0x42, 0x23, 0x30, 0x29,
-        0x40, 0x96, 0x85, 0x81, 0xC6, 0x6C, 0x09, 0xA2,
-        0x31, 0x23, 0xC9, 0x84, 0x18, 0x27, 0x61, 0x02,
-        0xA6, 0x05, 0x1B, 0x11, 0x32, 0xD1, 0x80, 0x24,
-        0x59, 0x22, 0x52, 0x21, 0x34, 0x64, 0x0A, 0x21,
-        0x52, 0x10, 0xC2, 0x80, 0x5C, 0x98, 0x0D, 0x81,
-        0xA0, 0x84, 0x14, 0x97, 0x04, 0xCC, 0xC2, 0x04,
-        0x1A, 0x81, 0x45, 0x23, 0x44, 0x6C, 0x13, 0xC0,
-        0x44, 0x59, 0xC2, 0x68, 0x64, 0x08, 0x52, 0x51,
-        0x30, 0x71, 0x12, 0x49, 0x70, 0x12, 0x94, 0x84,
-        0x80, 0x12, 0x12, 0x1B, 0x00, 0x50, 0x84, 0x10,
-        0x45, 0x4A, 0x30, 0x10, 0x22, 0x95, 0x49, 0xC9,
-        0x82, 0x24, 0x03, 0x35, 0x21, 0x18, 0x16, 0x72,
-        0x09, 0x89, 0x65, 0x88, 0xB2, 0x89, 0x41, 0xB4,
-        0x90, 0x92, 0x38, 0x8C, 0x08, 0x23, 0x26, 0x0B,
-        0x80, 0x61, 0x84, 0x28, 0x6A, 0x4C, 0x98, 0x44,
-        0x10, 0xB9, 0x30, 0x93, 0x02, 0x49, 0x22, 0x13,
-        0x80, 0x1C, 0xC3, 0x48, 0x50, 0xA8, 0x20, 0x1C,
-        0x05, 0x00, 0x5B, 0x02, 0x41, 0xD2, 0x84, 0x61,
-        0x4B, 0x40, 0x46, 0x20, 0x21, 0x44, 0xD9, 0xC4,
-        0x21, 0xD3, 0xA4, 0x4D, 0xC0, 0xC0, 0x09, 0x5B,
-        0x28, 0x91, 0x18, 0x15, 0x41, 0x18, 0xC5, 0x4C,
-        0x14, 0xB7, 0x61, 0xDB, 0x34, 0x25, 0x02, 0x06,
-        0x41, 0x14, 0xA9, 0x65, 0x0B, 0x10, 0x04, 0x23,
-        0xC7, 0x49, 0x13, 0x47, 0x0A, 0xD0, 0x30, 0x80,
-        0x99, 0x32, 0x68, 0x50, 0x18, 0x06, 0xA2, 0x28,
-        0x65, 0x13, 0x35, 0x82, 0xD3, 0x06, 0x81, 0x22,
-        0x49, 0x4D, 0x48, 0x44, 0x30, 0xCA, 0x96, 0x2C,
-        0x12, 0xC8, 0x08, 0xA1, 0x24, 0x2C, 0x52, 0xA8,
-        0x28, 0x23, 0x14, 0x0A, 0xD4, 0x20, 0x4D, 0x18,
-        0x12, 0x72, 0xD4, 0x80, 0x44, 0xDC, 0x26, 0x2C,
-        0x88, 0x10, 0x0A, 0x04, 0x14, 0x51, 0xC1, 0x96,
-        0x00, 0xA3, 0x40, 0x30, 0x99, 0x48, 0x92, 0x9B,
-        0x08, 0x86, 0x81, 0x04, 0x20, 0x4C, 0xB2, 0x29,
-        0x18, 0x31, 0x08, 0x09, 0x23, 0x8C, 0x4C, 0x02,
-        0x6A, 0xCA, 0x00, 0x62, 0x09, 0x22, 0x2D, 0x21,
-        0x00, 0x02, 0x0A, 0x39, 0x41, 0x04, 0xA3, 0x50,
-        0x90, 0x80, 0x2D, 0x59, 0xB4, 0x71, 0x13, 0x16,
-        0x31, 0x11, 0x90, 0x4C, 0xC3, 0x14, 0x20, 0x60,
-        0xB2, 0x30, 0x0A, 0xB6, 0x24, 0x21, 0xA9, 0x10,
-        0x89, 0x80, 0x88, 0x44, 0x06, 0x8A, 0x91, 0x22,
-        0x8E, 0xD9, 0x36, 0x86, 0x10, 0x46, 0x0A, 0xE1,
-        0x16, 0x85, 0x42, 0x40, 0x6C, 0x09, 0x49, 0x11,
-        0xE0, 0x88, 0x68, 0x12, 0x08, 0x68, 0x5C, 0x26,
-        0x24, 0x04, 0xA8, 0x70, 0xC8, 0x08, 0x05, 0x13,
-        0x87, 0x41, 0x23, 0x29, 0x72, 0xC9, 0xB8, 0x88,
-        0x1B, 0x22, 0x66, 0x11, 0xA5, 0x2D, 0x11, 0x29,
-        0x12, 0x50, 0x12, 0x70, 0x03, 0x09, 0x6A, 0x4B,
-        0x88, 0x4C, 0xD2, 0xC8, 0x31, 0x40, 0x26, 0x40,
-        0x4C, 0x04, 0x50, 0x58, 0x16, 0x71, 0x90, 0xC2,
-        0x00, 0x0A, 0x30, 0x8A, 0xDC, 0x24, 0x85, 0x19,
-        0xB0, 0x65, 0x1A, 0xA3, 0x64, 0x13, 0xA3, 0x45,
-        0xC8, 0x48, 0x91, 0x91, 0x12, 0x20, 0xDC, 0x42,
-        0x40, 0x24, 0xC0, 0x4D, 0xA3, 0x98, 0x10, 0x40,
-        0x26, 0x25, 0xDC, 0xB4, 0x68, 0x4B, 0xC2, 0x45,
-        0x13, 0x06, 0x91, 0xC8, 0x92, 0x24, 0x82, 0xA8,
-        0x20, 0x4C, 0x30, 0x48, 0x52, 0x06, 0x01, 0x0B,
-        0x24, 0x51, 0x41, 0x36, 0x40, 0x93, 0xC4, 0x70,
-        0x44, 0x40, 0x2C, 0x24, 0x28, 0x22, 0x81, 0xA4,
-        0x4C, 0x43, 0x84, 0x60, 0x20, 0x23, 0x90, 0x01,
-        0x94, 0x6C, 0xDB, 0x28, 0x21, 0x93, 0x30, 0x80,
-        0x93, 0xC0, 0x25, 0xC8, 0xA6, 0x50, 0xCA, 0x24,
-        0x26, 0xD1, 0x40, 0x31, 0x04, 0xC4, 0x8D, 0xE2,
-        0xC0, 0x04, 0x08, 0x33, 0x8C, 0x18, 0x87, 0x91,
-        0xC8, 0xC8, 0x71, 0x40, 0x46, 0x06, 0x00, 0x44,
-        0x20, 0x22, 0x49, 0x70, 0x11, 0x45, 0x90, 0x02,
-        0xC3, 0x61, 0x60, 0xB4, 0x25, 0x80, 0x16, 0x21,
-        0x11, 0x09, 0x04, 0x88, 0x04, 0x05, 0xCC, 0x36,
-        0x20, 0x01, 0xB1, 0x2C, 0x64, 0xB6, 0x50, 0x54,
-        0x32, 0x42, 0x0B, 0x08, 0x8D, 0x12, 0x39, 0x0D,
-        0x10, 0x29, 0x52, 0x88, 0xB0, 0x04, 0x11, 0x38,
-        0x44, 0xD2, 0xA6, 0x71, 0x0B, 0x45, 0x48, 0x9C,
-        0x34, 0x72, 0xA0, 0x28, 0x49, 0x82, 0x16, 0x86,
-        0x12, 0x18, 0x61, 0x04, 0x41, 0x0D, 0x8A, 0xA6,
-        0x41, 0x80, 0xA8, 0x61, 0xDA, 0x30, 0x65, 0x82,
-        0x84, 0x30, 0x08, 0xA3, 0x29, 0x04, 0x33, 0x8E,
-        0x02, 0x24, 0x0D, 0x9C, 0x44, 0x10, 0xC9, 0x02,
-        0x81, 0x53, 0x06, 0x66, 0x8B, 0x06, 0x90, 0x03,
-        0x87, 0x69, 0x21, 0xC9, 0x69, 0x83, 0x46, 0x4E,
-        0x14, 0x24, 0x89, 0x8C, 0xA0, 0x6C, 0x99, 0xA2,
-        0x2C, 0x11, 0x37, 0x66, 0x0C, 0xA6, 0x4D, 0xD3,
-        0xC8, 0x70, 0x03, 0x02, 0x61, 0xC3, 0xB6, 0x65,
-        0x23, 0xC1, 0x6C, 0x10, 0x34, 0x8D, 0x1A, 0xC1,
-        0x31, 0x43, 0x40, 0x44, 0xD4, 0x08, 0x02, 0x0A,
-        0x36, 0x20, 0xE3, 0x26, 0x42, 0x0A, 0x48, 0x26,
-        0x1A, 0x13, 0x44, 0x0C, 0x18, 0x61, 0x91, 0x96,
-        0x84, 0x02, 0x17, 0x46, 0x9C, 0x20, 0x40, 0x41,
-        0xC6, 0x2D, 0x1B, 0x16, 0x0C, 0x98, 0xB2, 0x90,
-        0x1A, 0x20, 0x84, 0xE2, 0x34, 0x2D, 0xCB, 0x14,
-        0x44, 0x93, 0xC6, 0x8D, 0x58, 0xB2, 0x69, 0x22,
-        0xB2, 0x88, 0xC0, 0xB8, 0x2D, 0xA2, 0xC2, 0x31,
-        0x20, 0xA3, 0x24, 0x11, 0x46, 0x48, 0x4A, 0xA6,
-        0x50, 0x24, 0x09, 0x21, 0x1A, 0x01, 0x0D, 0x20,
-        0x36, 0x01, 0xC4, 0x34, 0x70, 0xDA, 0x16, 0x68,
-        0x84, 0x22, 0x4C, 0x11, 0x14, 0x09, 0x13, 0xC4,
-        0x68, 0x11, 0x41, 0x2D, 0x1C, 0x10, 0x31, 0xDC,
-        0xB2, 0x64, 0x42, 0x36, 0x08, 0x5C, 0x10, 0x88,
-        0x04, 0x91, 0x25, 0xE1, 0xA0, 0x20, 0x14, 0x18,
-        0x12, 0x14, 0x94, 0x91, 0x4C, 0xC2, 0x24, 0xD4,
-        0x06, 0x71, 0x21, 0x02, 0x8D, 0xD4, 0x88, 0x30,
-        0xC9, 0x36, 0x0E, 0xE4, 0x82, 0x81, 0xC0, 0x04,
-        0x6D, 0x24, 0x23, 0x09, 0x21, 0x45, 0x45, 0x20,
-        0x06, 0x65, 0xC2, 0x30, 0x2A, 0x18, 0x30, 0x8E,
-        0x24, 0x83, 0x89, 0x93, 0x32, 0x66, 0xC1, 0x48,
-        0x45, 0x62, 0x48, 0x0A, 0x52, 0xB8, 0x80, 0x11,
-        0x86, 0x21, 0x04, 0x34, 0x11, 0x24, 0xB5, 0x6C,
-        0x50, 0x36, 0x0A, 0x19, 0xA7, 0x8C, 0x14, 0x90,
-        0x0D, 0x1A, 0xA5, 0x68, 0x0B, 0xB1, 0x11, 0x50,
-        0x40, 0x08, 0x48, 0xB6, 0x31, 0x14, 0x28, 0x8D,
-        0xE3, 0x47, 0xB4, 0xA1, 0x44, 0x94, 0xCC, 0x9F,
-        0x0B, 0x94, 0x9F, 0x25, 0x49, 0xD9, 0xB3, 0x8F,
-        0x71, 0xF4, 0x17, 0xA4, 0xA6, 0xAC, 0x24, 0x58,
-        0x14, 0x25, 0x03, 0xC8, 0x63, 0x3E, 0x10, 0xA8,
-        0xD4, 0x10, 0xD7, 0x90, 0x4A, 0x28, 0x37, 0x90,
-        0x70, 0x27, 0xE3, 0x56, 0x5F, 0x04, 0x67, 0x76,
-        0xC3, 0x67, 0x3F, 0xF5, 0xA5, 0x11, 0xA2, 0x2C,
-        0x11, 0x01, 0x5D, 0x63, 0x71, 0x1A, 0xE6, 0x70,
-        0x86, 0x46, 0xAB, 0xCE, 0x03, 0xB6, 0x82, 0xAF,
-        0x51, 0xBA, 0x81, 0x94, 0x9C, 0x82, 0x36, 0xA9,
-        0x49, 0xA5, 0xA3, 0x11, 0x08, 0x8C, 0x4B, 0x13,
-        0x41, 0xF0, 0x08, 0xFD, 0xB2, 0x99, 0xED, 0xA8,
-        0x07, 0x61, 0x3C, 0x2E, 0xBC, 0x49, 0x7B, 0x1C,
-        0xBC, 0x87, 0xBC, 0xAE, 0x5F, 0x5E, 0x8F, 0x5D,
-        0xE7, 0xB9, 0x0C, 0x70, 0x36, 0x25, 0x61, 0xFD,
-        0x95, 0x9F, 0xAE, 0x0F, 0x8D, 0xF3, 0xA2, 0x45,
-        0x24, 0xA7, 0xDE, 0x60, 0xD1, 0x4E, 0x6D, 0xAC,
-        0xC7, 0x6A, 0x32, 0x42, 0xC0, 0x73, 0xEB, 0x78,
-        0x50, 0xF4, 0x49, 0x52, 0x5E, 0x6F, 0x81, 0x42,
-        0x54, 0xF8, 0x82, 0x05, 0xC9, 0x64, 0x74, 0x6A,
-        0x60, 0x5E, 0x36, 0x59, 0x40, 0x50, 0xA3, 0xFE,
-        0xDA, 0xE2, 0x6D, 0x8D, 0x6E, 0xE4, 0x5A, 0x27,
-        0x73, 0x89, 0xDB, 0x0C, 0x5B, 0x14, 0xD9, 0xED,
-        0xB2, 0xC7, 0x1D, 0x71, 0x93, 0x91, 0x0A, 0x72,
-        0x32, 0xBE, 0xA3, 0xD8, 0x95, 0x8C, 0x94, 0x7E,
-        0x63, 0xEB, 0xCE, 0x8B, 0xFC, 0xB0, 0x3F, 0x77,
-        0x5C, 0x43, 0x48, 0x18, 0x83, 0xFE, 0xC8, 0xDA,
-        0x89, 0xF2, 0x3B, 0x54, 0x82, 0x44, 0xC6, 0x9C,
-        0xCC, 0x77, 0x0A, 0xC1, 0x6F, 0xB9, 0x98, 0x10,
-        0xD5, 0xF2, 0x60, 0xFF, 0x38, 0xD2, 0x0D, 0xD6,
-        0x8C, 0x38, 0x54, 0x5B, 0xD8, 0x38, 0x84, 0x50,
-        0x36, 0xF4, 0x02, 0xC1, 0x06, 0x0F, 0x15, 0x1B,
-        0xC8, 0x90, 0x9B, 0x6E, 0x36, 0xC8, 0x3F, 0xE9,
-        0x8B, 0x62, 0x15, 0x6F, 0xF0, 0xC2, 0x86, 0x7F,
-        0xD1, 0xB5, 0x97, 0x53, 0xAE, 0x41, 0xAE, 0x21,
-        0x84, 0xAC, 0x57, 0xA5, 0x1F, 0xA7, 0xC7, 0x24,
-        0xDF, 0xDE, 0x2F, 0x3C, 0xCD, 0xA2, 0x7E, 0x1D,
-        0x97, 0xE1, 0x96, 0xC5, 0xB4, 0x7D, 0xF9, 0x5F,
-        0x7E, 0xEF, 0x09, 0xC4, 0xF3, 0x57, 0xF0, 0x51,
-        0x73, 0xAB, 0x0E, 0x6A, 0xCA, 0x64, 0xE4, 0x99,
-        0x0F, 0xD2, 0x20, 0xAC, 0x72, 0xF1, 0xA8, 0x23,
-        0x8F, 0x94, 0x63, 0xDC, 0xB3, 0xBB, 0x62, 0x2C,
-        0xEA, 0xA6, 0x27, 0x5A, 0x93, 0xC6, 0xCD, 0xCE,
-        0x1E, 0x09, 0xAF, 0x89, 0xEC, 0x22, 0xE4, 0x30,
-        0x2D, 0xB9, 0xCD, 0x08, 0x2E, 0x12, 0x76, 0x79,
-        0x99, 0xBC, 0xA0, 0x34, 0x0B, 0xDA, 0x89, 0x08,
-        0x14, 0x60, 0x7B, 0x98, 0xE6, 0xAF, 0xD2, 0xE1,
-        0x87, 0xC8, 0xDA, 0x50, 0xF7, 0x10, 0x2C, 0x72,
-        0x74, 0x50, 0xD0, 0x3C, 0x98, 0x06, 0xFE, 0xEB,
-        0xC6, 0xC5, 0x69, 0x31, 0x06, 0xE2, 0x2E, 0x7E,
-        0x7D, 0x3D, 0x2B, 0x1F, 0x48, 0x43, 0xC5, 0x95,
-        0xDA, 0x84, 0x08, 0x1E, 0x2B, 0x50, 0x6D, 0x91,
-        0xA6, 0x2B, 0xCD, 0x08, 0x43, 0x7B, 0xA2, 0xD8,
-        0x60, 0x6E, 0xF7, 0x80, 0x08, 0xC3, 0x3F, 0x35,
-        0xF3, 0x70, 0xA5, 0xC7, 0x56, 0xFC, 0xBD, 0x34,
-        0x46, 0x7B, 0xBF, 0x63, 0x19, 0xAC, 0xB6, 0xC3,
-        0x1B, 0x81, 0x84, 0x9F, 0xBB, 0x54, 0x05, 0x99,
-        0xAE, 0x43, 0xE2, 0xA5, 0x20, 0xFD, 0x5C, 0xC7,
-        0x25, 0x47, 0xB1, 0xFD, 0x80, 0xB5, 0x78, 0xC2,
-        0x00, 0x98, 0x02, 0xB9, 0x61, 0x2A, 0xBA, 0x39,
-        0xC7, 0x20, 0xB8, 0x7D, 0x7A, 0x03, 0x68, 0xE5,
-        0x37, 0x71, 0x1F, 0x72, 0xAA, 0x41, 0x61, 0xB4,
-        0xC0, 0xC2, 0xD3, 0x7A, 0xCD, 0xD2, 0xED, 0xC2,
-        0xC5, 0x99, 0x8C, 0x62, 0xA3, 0x7D, 0xC8, 0x9C,
-        0xD2, 0x50, 0x02, 0x0D, 0xCB, 0x68, 0x15, 0xB0,
-        0xD6, 0x19, 0x03, 0xC8, 0x01, 0x12, 0x72, 0xA1,
-        0x3A, 0xC2, 0xA6, 0x63, 0x51, 0x26, 0x03, 0x5D,
-        0x3F, 0x1D, 0x3B, 0x0E, 0x30, 0x6B, 0xB7, 0xEC,
-        0xB6, 0x8E, 0x2D, 0x76, 0xC8, 0xD7, 0xAE, 0x59,
-        0x81, 0xFC, 0x5F, 0x57, 0x5E, 0xAD, 0xA0, 0x20,
-        0xC8, 0xB4, 0x91, 0x2D, 0xEC, 0x03, 0xC4, 0xC6,
-        0x55, 0x05, 0x87, 0xA4, 0xA2, 0x21, 0x09, 0x25,
-        0x97, 0x21, 0xA4, 0x46, 0x45, 0x46, 0x40, 0x3B,
-        0xDC, 0x6F, 0xCD, 0xFB, 0xFB, 0xD9, 0xF4, 0x2C,
-        0xEC, 0xF1, 0xC4, 0x73, 0x41, 0x30, 0x60, 0x63,
-        0x9A, 0xF2, 0xA5, 0x26, 0x78, 0x9A, 0x5E, 0x70,
-        0x98, 0xDE, 0x35, 0x10, 0xA0, 0x5D, 0x45, 0xD5,
-        0x95, 0xF7, 0x11, 0xBC, 0x99, 0xD3, 0x00, 0x67,
-        0x9A, 0x30, 0x85, 0x36, 0x50, 0xDB, 0x18, 0xEA,
-        0x6D, 0xB2, 0xF3, 0x14, 0xDA, 0x23, 0xE2, 0x8A,
-        0x44, 0x21, 0x25, 0xD4, 0xA3, 0x28, 0x43, 0xA0,
-        0xC6, 0x5C, 0x99, 0xB0, 0x72, 0x6B, 0xC2, 0x1A,
-        0x30, 0xBE, 0x6B, 0x7B, 0xE0, 0x31, 0x54, 0x8C,
-        0x29, 0xE5, 0xC6, 0x69, 0x53, 0xDE, 0x05, 0x1E,
-        0x43, 0xCC, 0x7E, 0x9A, 0x82, 0x4A, 0xC4, 0x0A,
-        0x50, 0x65, 0xDC, 0xD8, 0xF9, 0x01, 0x32, 0x65,
-        0x1E, 0xF9, 0xA4, 0xCC, 0x07, 0xB9, 0x55, 0x97,
-        0x45, 0xA9, 0x61, 0xF8, 0xBE, 0x99, 0x00, 0x12,
-        0xD8, 0x17, 0x62, 0xFB, 0x89, 0xE7, 0x05, 0x5E,
-        0x1B, 0xCD, 0x2B, 0x09, 0x6C, 0x5A, 0x5C, 0xA3,
-        0x66, 0x4D, 0x02, 0x78, 0x0C, 0xC3, 0x63, 0x30,
-        0xD0, 0xFA, 0x7B, 0x11, 0x00, 0x40, 0xDD, 0xF0,
-        0x8C, 0x7C, 0xBA, 0x4C, 0x63, 0x78, 0xDA, 0xBB,
-        0xDF, 0xF9, 0xC9, 0xA4, 0x40, 0x25, 0x86, 0xD1,
-        0xBA, 0x22, 0xD7, 0x69, 0x98, 0x4E, 0x9D, 0x15,
-        0x21, 0xA8, 0x56, 0xC0, 0xFF, 0x52, 0xE4, 0xB4,
-        0x0F, 0xB2, 0x53, 0xE7, 0xA1, 0x34, 0x18, 0xEA,
-        0x5B, 0x25, 0x42, 0x13, 0xE3, 0x13, 0xE7, 0xDF,
-        0x54, 0x2B, 0x8D, 0x70, 0x51, 0xC7, 0x60, 0xB1,
-        0x1E, 0x4D, 0x3A, 0x46, 0x04, 0xA1, 0x11, 0x43,
-        0xAD, 0x24, 0x29, 0x90, 0xC9, 0x04, 0x15, 0xC5,
-        0x07, 0xE5, 0x46, 0xB8, 0x50, 0x16, 0x6B, 0x66,
-        0xFE, 0x1C, 0x8B, 0xFC, 0x20, 0x9C, 0xC4, 0x88,
-        0x10, 0x36, 0x5E, 0x56, 0xE8, 0x45, 0x75, 0x89,
-        0xFB, 0xD6, 0xD0, 0x8D, 0x9D, 0x53, 0xAE, 0x89,
-        0x19, 0x54, 0xCF, 0xE1, 0xFF, 0x12, 0x13, 0xF2,
-        0xC7, 0xBE, 0x4C, 0x1E, 0xB0, 0x70, 0x6E, 0xDC,
-        0x0A, 0x64, 0x3B, 0x60, 0x3A, 0xEA, 0x0D, 0x41,
-        0xDD, 0x8E, 0x09, 0xB9, 0x96, 0x8F, 0x6A, 0x49,
-        0x50, 0xEF, 0xDF, 0xD7, 0x73, 0x8D, 0x16, 0x32,
-        0xA8, 0x5C, 0x0A, 0x90, 0x18, 0xA1, 0xEB, 0x19,
-        0xCC, 0x50, 0xD5, 0x59, 0xD7, 0x35, 0x3F, 0xBA,
-        0x38, 0x1B, 0x5F, 0x71, 0x56, 0x70, 0xB3, 0x20,
-        0x4D, 0x9E, 0x16, 0xA8, 0xF7, 0x35, 0x19, 0xD2,
-        0x09, 0x0A, 0x22, 0x28, 0x81, 0x61, 0x26, 0x5B,
-        0x9C, 0xEC, 0x9D, 0x4A, 0x61, 0xCF, 0x0D, 0x3C,
-        0x88, 0xEA, 0x0B, 0x7A, 0xA7, 0xC6, 0xAE, 0x31,
-        0xBE, 0xC2, 0xBA, 0x48, 0xBB, 0x9D, 0x06, 0xE1,
-        0x32, 0x6D, 0x80, 0xCE, 0x27, 0x5C, 0x6F, 0x13,
-        0x79, 0x35, 0x9F, 0x9C, 0x11, 0xEA, 0xDB, 0xF5,
-        0x49, 0x15, 0xB6, 0x51, 0x86, 0xFC, 0x62, 0x34,
-        0x3D, 0x58, 0x6B, 0x0E, 0xF8, 0x3B, 0xBB, 0x42,
-        0xF6, 0x2D, 0x5C, 0xE2, 0xF3, 0xAA, 0x9F, 0x03,
-        0x43, 0xE9, 0x9E, 0x90, 0xB9, 0xFF, 0x55, 0x93,
-        0x60, 0xF8, 0x10, 0x2F, 0xFC, 0xBD, 0x40, 0x23,
-        0xB8, 0x4F, 0x4C, 0x7A, 0x74, 0x9F, 0xDC, 0x55,
-        0xDF, 0x5E, 0xCD, 0x23, 0xEB, 0xAC, 0x47, 0x4E,
-        0x0D, 0x0F, 0xBE, 0xDE, 0x02, 0x64, 0x61, 0x7E,
-        0x73, 0x78, 0x8E, 0x25, 0xE9, 0x7D, 0x66, 0xE5,
-        0x82, 0xBF, 0x98, 0x5B, 0x36, 0xCE, 0x17, 0x72,
-        0x56, 0x9C, 0xDA, 0x63, 0x77, 0x55, 0x8B, 0xA9,
-        0x75, 0xF5, 0x28, 0xC3, 0x78, 0x6D, 0x8F, 0xC2,
-        0x75, 0x5F, 0x28, 0x9E, 0x3F, 0xFB, 0xF1, 0xFD,
-        0xB7, 0xDE, 0x05, 0x3C, 0xD3, 0xE8, 0xD7, 0x7A,
-        0x7D, 0xC9, 0xF7, 0x9D, 0x58, 0xB4, 0xA6, 0x21,
-        0x25, 0xFC, 0x52, 0x84, 0x21, 0xF6, 0x0B, 0x6D,
-        0xA6, 0x62, 0x51, 0x97, 0xCD, 0xA9, 0xA1, 0x0C,
-        0x88, 0x21, 0x67, 0xA5, 0xFB, 0x8C, 0x8A, 0x50,
-        0xC5, 0x21, 0x91, 0x3A, 0xAB, 0x95, 0x96, 0xF3,
-        0x30, 0x6D, 0x08, 0x42, 0x07, 0x4B, 0x78, 0x1F,
-        0xC1, 0xD3, 0x41, 0x15, 0x68, 0xED, 0x93, 0x09,
-        0xC7, 0x8B, 0xF9, 0x77, 0x25, 0xD3, 0xCE, 0x2B,
-        0xA2, 0x0D, 0xB4, 0xC6, 0x84, 0x7F, 0x8E, 0xE5,
-        0x24, 0x46, 0x59, 0x8D, 0x6F, 0x0F, 0x0C, 0xA8,
-        0xFC, 0x04, 0x9B, 0x4D, 0x2B, 0xA7, 0x70, 0x1F,
-        0x46, 0x7E, 0x76, 0x03, 0xC6, 0x7E, 0xA5, 0x3D,
-        0x79, 0xE2, 0xF1, 0xAC, 0xBC, 0xDD, 0xF6, 0x91,
-        0x69, 0x4C, 0x44, 0x1F, 0xC3, 0xBF, 0x9F, 0xFC,
-        0x4E, 0xB0, 0x79, 0x30, 0x68, 0x89, 0xAC, 0xF2,
-        0xD7, 0xC6, 0xE1, 0x6C, 0x37, 0xFB, 0xB3, 0x38,
-        0x44, 0x2C, 0x97, 0xAB, 0xDA, 0x2C, 0x88, 0xC7,
-        0xF2, 0x80, 0x08, 0x00, 0x4E, 0x44, 0xED, 0xBE,
-        0xA4, 0x28, 0x3D, 0xC1, 0xCF, 0x9E, 0x83, 0xE7,
-        0x2E, 0x7F, 0xF5, 0x08, 0x47, 0x26, 0xE0, 0xBD,
-        0x1A, 0x17, 0xDB, 0x2F, 0xED, 0x19, 0x2E, 0x65,
-        0x1B, 0x62, 0x5F, 0x08, 0x82, 0x10, 0x61, 0xCB,
-        0xAA, 0xA7, 0xF8, 0x59, 0x4B, 0x46, 0xCB, 0xA2,
-        0xCB, 0x41, 0x34, 0x30, 0x51, 0x58, 0x2A, 0xEE,
-        0xE1, 0x5E, 0xAC, 0xCA, 0xBF, 0x37, 0x45, 0x98,
-        0xBD, 0x93, 0x1B, 0x5A, 0x5E, 0x92, 0x14, 0x05,
-        0x75, 0x2D, 0xFB, 0x8F, 0xBD, 0x24, 0x9B, 0x81,
-        0xCD, 0xDD, 0xF5, 0xBE, 0x05, 0x0D, 0xBD, 0x4B,
-        0x2B, 0x8C, 0x0A, 0xF0, 0x3A, 0x85, 0xD6, 0x74,
-        0x65, 0x7F, 0x98, 0xF8, 0x57, 0xA2, 0x36, 0xA2,
-        0xFE, 0xE4, 0xB4, 0xA4, 0x0D, 0xEA, 0x9A, 0xBE,
-        0x41, 0x79, 0x68, 0x63, 0x70, 0x3F, 0x3E, 0x38,
-        0x60, 0xC3, 0x40, 0x81, 0x72, 0xDD, 0x25, 0x34,
-        0xB4, 0xFE, 0xAC, 0x41, 0x6E, 0x4A, 0xE7, 0xBF,
-        0xE3, 0x87, 0xFA, 0x20, 0x8B, 0xBD, 0x68, 0x9E,
-        0x06, 0xA9, 0x15, 0x23, 0x07, 0x04, 0x4B, 0xFA,
-        0x45, 0x45, 0xB7, 0x75, 0xD3, 0x3E, 0x16, 0x70,
-        0xF6, 0x26, 0xF2, 0x3A, 0x9D, 0xFB, 0xEA, 0xEB,
-        0x47, 0xCE, 0x99, 0x6B, 0x0E, 0xB2, 0xE8, 0x2B,
-        0x18, 0x15, 0x14, 0x2E, 0xF2, 0x14, 0x0D, 0x44,
-        0x47, 0x1E, 0x63, 0x84, 0x5B, 0x3F, 0xA8, 0xEF,
-        0x5F, 0xEB, 0xA0, 0x41, 0x77, 0xC1, 0xF4, 0x4F,
-        0x8E, 0x2E, 0x29, 0xCD, 0xDB, 0xF2, 0x75, 0x24,
-        0x24, 0x46, 0x73, 0xC3, 0x46, 0xB5, 0xCA, 0x13,
-        0x35, 0x12, 0x0A, 0x8D, 0x88, 0x89, 0x17, 0x99,
-        0x13, 0xCA, 0x66, 0x07, 0x67, 0x6B, 0x7B, 0x3B,
-        0x20, 0xD3, 0x5F, 0x78, 0x1C, 0xC0, 0x99, 0x59,
-        0x0A, 0xBA, 0x8F, 0xA0, 0xDB, 0xDF, 0xCC, 0x03,
-        0xC4, 0xA6, 0xC7, 0x08, 0xB9, 0xFD, 0x95, 0xC2,
-        0x45, 0xF9, 0xF3, 0x11, 0x62, 0xF7, 0x14, 0xB9,
-        0xEB, 0x09, 0xB3, 0x7C, 0xF8, 0xF6, 0x67, 0xCC,
-        0x03, 0xB3, 0x06, 0x6F, 0x60, 0xAC, 0x72, 0xF2,
-        0xD3, 0x71, 0x6C, 0x4D, 0xAD, 0x3A, 0x99, 0x75,
-        0x5C, 0x52, 0x2D, 0x87, 0x69, 0x3E, 0xD6, 0x7E,
-        0x12, 0x96, 0xD3, 0x88, 0x8D, 0x11, 0x85, 0xAA,
-        0x0A, 0xA5, 0x32, 0x90, 0x51, 0xC5, 0x65, 0x64,
-        0xE0, 0xA9, 0x73, 0xA4, 0xF3, 0x8A, 0x32, 0x83,
-        0xE5, 0x08, 0x09, 0x39, 0x6A, 0x90, 0x2C, 0xC3,
-        0xFC, 0x92, 0x29, 0x7A, 0x45, 0xBE, 0x02, 0x79,
-        0x15, 0x1B, 0xBB, 0x60, 0xBB, 0xD9, 0x42, 0xF1,
-        0xE5, 0x14, 0xB4, 0xA5, 0xFF, 0x12, 0x42, 0x30,
-        0xB0, 0xCB, 0xD0, 0x1D, 0xB4, 0x62, 0x49, 0xC5,
-        0xB7, 0xDA, 0x37, 0x47, 0x2C, 0x8B, 0x16, 0xCA,
-        0xD2, 0x2C, 0xA1, 0x24, 0xE6, 0x57, 0xFA, 0xEB,
-        0x2C, 0x62, 0x2E, 0x12, 0x74, 0x37, 0x2B, 0x3F,
-        0x56, 0x23, 0x9C, 0xED, 0x90, 0xDE, 0x0D, 0x6E,
-        0x9E, 0x11, 0x78, 0xA4, 0x9C, 0xB3, 0xA1, 0x37,
-        0xF7, 0x4B, 0x09, 0x61, 0xD8, 0x33, 0x1D, 0x80,
-        0x68, 0x5C, 0xDD, 0xBD, 0x3E, 0xAE, 0x9D, 0xB8,
-        0xBA, 0x42, 0x41, 0xDC, 0xC9, 0x93, 0xF1, 0x92,
-        0x2F, 0x7A, 0xF9, 0xFE, 0x67, 0x13, 0x87, 0xBD,
-        0x7D, 0x04, 0x17, 0x91, 0xB6, 0x03, 0x5E, 0xA0,
-        0x5B, 0x23, 0xEA, 0x0C, 0xFA, 0x45, 0xCB, 0x1A,
-        0xC5, 0x7F, 0x63, 0xD6, 0x3D, 0x3C, 0x66, 0x4A,
-        0x83, 0x4E, 0x4E, 0x90, 0xA6, 0x63, 0xB0, 0x8A,
-        0xD7, 0x0D, 0xB4, 0xB7, 0xA9, 0x0F, 0xC6, 0xC7,
-        0x3B, 0xAD, 0x07, 0xA6, 0x94, 0x47, 0xDB, 0x63,
-        0x26, 0x00, 0x18, 0x5E, 0x27, 0xB5, 0xE2, 0xE3,
-        0xED, 0x8D, 0x97, 0x95, 0x38, 0x20, 0x24, 0x9F,
-        0x40, 0x84, 0x44, 0x7E, 0x8C, 0x05, 0xAB, 0xB1,
-        0x89, 0x26, 0x7D, 0x46, 0x2C, 0x9F, 0xE5, 0xC1,
-        0x27, 0xCE, 0x1D, 0x5A, 0x9F, 0xF1, 0xF8, 0x57,
-        0x8F, 0xCF, 0xB7, 0x4E, 0x07, 0xF3, 0xBA, 0x56,
-        0xCF, 0xE9, 0x87, 0x21, 0x61, 0xD6, 0x97, 0x7B,
-        0x26, 0x97, 0x07, 0xB4, 0x87, 0xFE, 0x25, 0x9C,
-        0xA9, 0x8E, 0x06, 0x90, 0x17, 0x2C, 0x98, 0x26,
-        0x23, 0xEE, 0xBB, 0x91, 0x8A, 0x15, 0x38, 0xA1,
-        0x38, 0xCB, 0x8B, 0xA0, 0xF3, 0x4A, 0xF2, 0x12,
-        0xA7, 0xB7, 0x05, 0xB6, 0x09, 0xD0, 0xEC, 0xDD,
-        0x21, 0xB6, 0xFA, 0x29, 0x95, 0xB4, 0x08, 0xD5,
-        0x95, 0xB7, 0xB8, 0x2E, 0x23, 0xAA, 0x89, 0x81,
-        0xE2, 0xD0, 0xFD, 0x9C, 0x8D, 0xF0, 0xCA, 0x61,
-        0xE3, 0x1E, 0x73, 0x9E, 0xD1, 0x72, 0x5C, 0x63,
-        0xB8, 0x74, 0x0E, 0x2C, 0x27, 0x3A, 0x71, 0xF9,
-        0xFE, 0x66, 0x33, 0xE9, 0x41, 0x27, 0x61, 0xA3,
-        0xFA, 0xD8, 0x66, 0x2A, 0x52, 0x6D, 0xAB, 0xBF,
-        0x32, 0xC2, 0x8E, 0x8F, 0xB0, 0x60, 0x52, 0xE1,
-        0x96, 0xC8, 0x1E, 0x9A, 0x3E, 0x07, 0xFA, 0x34,
-        0xFA, 0x9C, 0x4C, 0x0D, 0x29, 0x0F, 0x68, 0xA6,
-        0x59, 0x28, 0x22, 0xB1, 0x99, 0x56, 0x2C, 0x01,
-        0x04, 0x2F, 0x34, 0x65, 0xFD, 0xD4, 0xD0, 0xD5,
-        0x17, 0x7C, 0x14, 0x92, 0x73, 0x6C, 0x31, 0xCE,
-        0xD4, 0xB3, 0x59, 0x83, 0x6B, 0x34, 0x7C, 0x76,
-        0x8C, 0xED, 0xD5, 0xE2, 0x4F, 0x39, 0x44, 0xBF,
-        0x90, 0x53, 0x9A, 0xC7, 0xD4, 0x6A, 0x86, 0xA3,
-        0xE2, 0x15, 0x59, 0xD0, 0x0F, 0x32, 0x92, 0xC2,
-        0x9B, 0x9E, 0xE3, 0xF6, 0x94, 0x96, 0xFD, 0x0B,
-        0xB6, 0x06, 0x8F, 0x0D, 0x1F, 0x38, 0xFC, 0x6F,
-        0xA2, 0x78, 0xAC, 0xC5, 0xB5, 0x6A, 0x6B, 0xEC,
-        0x78, 0x8A, 0x6F, 0xD8, 0x21, 0xB7, 0xCF, 0x66,
-        0x73, 0x03, 0xCA, 0x2E, 0x3C, 0x7F, 0x2F, 0x29,
-        0x41, 0xC9, 0x88, 0xFD, 0x0E, 0xA0, 0x43, 0xD6,
-        0x9E, 0xB1, 0xE7, 0x13, 0x9C, 0xF0, 0x9C, 0xCF,
-        0x33, 0x22, 0x57, 0xEF, 0xE5, 0xCE, 0xD9, 0xAC,
-        0x7D, 0x34, 0x75, 0xBD, 0xAE, 0x84, 0xEE, 0xE8,
-        0x5D, 0x8C, 0x55, 0x86, 0xBA, 0x19, 0xE5, 0x9D,
-        0x35, 0x6D, 0xD8, 0x70, 0xC5, 0xE0, 0xEA, 0x77,
-        0x3A, 0xE5, 0xB5, 0x2C, 0xD2, 0x28, 0xB5, 0xE8,
-        0xAF, 0xB1, 0xD2, 0xC4, 0xE5, 0x59, 0x06, 0xB8,
-        0x2E, 0xA6, 0x8F, 0xC4, 0x9B, 0x30, 0xF9, 0x37,
-        0xDB, 0x29, 0xA1, 0x44, 0x0B, 0xB7, 0xB5, 0xB4,
-        0x12, 0xD3, 0x4E, 0xB3, 0xB7, 0xD8, 0x2F, 0x19,
-        0xDE, 0x3B, 0xC3, 0x53, 0xCE, 0x1C, 0x34, 0x4C,
-        0xA4, 0x6A, 0xE2, 0xD0, 0x04, 0xDF, 0x3C, 0x53,
-        0x8B, 0x06, 0x8F, 0x36, 0xE5, 0x77, 0xB2, 0x7A,
-        0x1A, 0xC0, 0x0C, 0xBD, 0xA3, 0xA0, 0xEE, 0xB6,
-        0x40, 0xAD, 0x5C, 0x04, 0xAE, 0xCF, 0x64, 0x2B,
-        0x8A, 0x18, 0x58, 0x86, 0xDE, 0xC9, 0x3D, 0x7D,
-        0x15, 0xBC, 0xEE, 0x4C, 0x22, 0xF4, 0x98, 0xD9,
-        0x37, 0xEE, 0xE2, 0x40, 0x43, 0xFF, 0xB2, 0x6F,
-        0x05, 0xC0, 0x0E, 0x30, 0xDE, 0xD8, 0x0C, 0x0B,
-        0xAD, 0xED, 0xCC, 0xBC, 0x29, 0x95, 0x07, 0x40,
-        0x10, 0x99, 0xA0, 0xD1, 0x08, 0xF7, 0xD5, 0xF1,
-        0xAD, 0xC9, 0xDD, 0xC8, 0x6A, 0x1E, 0x9E, 0x06,
-        0xDF, 0x12, 0xFF, 0x66, 0x33, 0x5E, 0x21, 0x47,
-        0xC3, 0xDE, 0x36, 0x98, 0x5B, 0xBF, 0x42, 0x9E,
-        0x30, 0xA0, 0x81, 0x5C, 0x28, 0x34, 0x1B, 0x3A,
-        0x32, 0xBC, 0xDE, 0x52, 0x53, 0x25, 0x1E, 0xF6,
-        0xE2, 0x99, 0x12, 0x92, 0x07, 0x1D, 0xEB, 0x08,
-        0x36, 0xA7, 0xD5, 0x18, 0x1F, 0xDB, 0x44, 0xA7,
-        0xE1, 0x13, 0x06, 0xB0, 0xDF, 0x63, 0x82, 0x68,
-        0xEF, 0xF5, 0x2B, 0x04, 0x0B, 0x93, 0xE8, 0xB0,
-        0x92, 0x7B, 0xDE, 0x1F, 0xC9, 0x39, 0x8F, 0x42,
-        0x9D, 0x06, 0x22, 0x13, 0xC9, 0x97, 0x2F, 0x43,
-        0x8A, 0xBA, 0xAF, 0xF9, 0x71, 0xE3, 0x55, 0x5D,
-        0x06, 0x77, 0x38, 0x39, 0xA3, 0xED, 0x41, 0x63,
-        0xFE, 0x2A, 0xB3, 0x23, 0x43, 0x0C, 0xF3, 0x17,
-        0x3B, 0x69, 0xED, 0x32, 0x0A, 0x54, 0xF3, 0x8D,
-        0x76, 0xC6, 0x09, 0xDD, 0x88, 0x5B, 0x23, 0x57,
-        0x72, 0xC4, 0x87, 0xB8, 0x9D, 0xF7, 0xCA, 0xFB,
-        0x7C, 0x61, 0x67, 0x5C, 0x65, 0xF8, 0xD6, 0xD7,
-        0x1E, 0x95, 0xB9, 0x73, 0x4D, 0x2E, 0x1F, 0x43,
-        0x3E, 0x2B, 0x58, 0x92, 0x15, 0x2E, 0xAA, 0x51,
-        0xF0, 0xD4, 0xF2, 0xA6, 0xCD, 0x12, 0x21, 0xD6,
-        0xCA, 0x46, 0x2A, 0xFF, 0xCB, 0x1B, 0x6B, 0xB4,
-        0x09, 0x17, 0x3B, 0xA2, 0x94, 0xDF, 0x1D, 0x68,
-        0x8B, 0x75, 0xEA, 0x11, 0xD6, 0x99, 0x04, 0xD1,
-        0x00, 0xDB, 0x61, 0xBC, 0xF2, 0x3B, 0x88, 0x4B,
-        0x33, 0xDF, 0x0F, 0xD4, 0xFB, 0x14, 0x0C, 0x6A,
-        0x53, 0x61, 0x1F, 0xBD, 0x28, 0xB2, 0x11, 0x19,
-        0x38, 0x71, 0x17, 0x76, 0x4D, 0xEE, 0x01, 0xC4,
-        0x77, 0x53, 0x2A, 0xAF, 0xD3, 0x78, 0xFF, 0x45,
-        0x7F, 0x97, 0x9D, 0x26, 0x92, 0x0E, 0xD9, 0x4E,
-        0x34, 0x1D, 0xE8, 0xDD, 0xBF, 0x5F, 0x87, 0xE6,
-        0x35, 0x9A, 0x39, 0x71, 0x59, 0x20, 0x01, 0xFB,
-        0x53, 0x2C, 0x61, 0x38, 0x0C, 0x8C, 0x02, 0xD3,
-        0xA0, 0x53, 0x95, 0x02, 0xED, 0x5C, 0xFE, 0x9B,
-        0xD3, 0x6A, 0xF3, 0x3F, 0x92, 0x6F, 0x33, 0x37,
-        0x19, 0x97, 0x81, 0x3A, 0x50, 0xE1, 0xD9, 0x27,
-        0x7E, 0x64, 0xF8, 0x01, 0x52, 0x26, 0x51, 0xD1,
-        0x06, 0xAF, 0x20, 0xA0, 0x28, 0x0F, 0x3F, 0xCB,
-        0x21, 0xB7, 0x55, 0x1A, 0x76, 0xB8, 0x9B, 0x4D,
-        0xED, 0x2A, 0x05, 0x0E, 0x6E, 0xAF, 0xCC, 0xA1,
-        0x08, 0x9C, 0xBE, 0x3F, 0x98, 0xE6, 0xB4, 0xB9,
-        0x83, 0xC9, 0x08, 0x41, 0x96, 0xDD, 0xD9, 0x0D,
-        0x52, 0x66, 0x94, 0xA4, 0xEA, 0xFC, 0xE5, 0x48,
-        0x04, 0x73, 0x64, 0x79, 0x68, 0xC9, 0x4A, 0x81,
-        0xA8, 0x07, 0xF8, 0xD9, 0x4E, 0x07, 0x1E, 0xC1,
-        0x8F, 0x62, 0xAB, 0xA6, 0xD7, 0x68, 0xFC, 0x57,
-        0x5E, 0x75, 0x1B, 0xBF, 0x3D, 0xA6, 0x91, 0xC5,
-        0x08, 0x14, 0x5E, 0xF2, 0x4C, 0x22, 0x8B, 0x4E,
-        0x29, 0x2D, 0xC0, 0x46, 0x3A, 0x9C, 0x9D, 0x86,
-        0xCF, 0x51, 0x85, 0x9D, 0x93, 0x23, 0xA1, 0xA1,
-        0xF3, 0x76, 0xB1, 0x56, 0xB0, 0xF4, 0x1F, 0x39,
-        0xDA, 0xDB, 0x13, 0x70, 0x29, 0x89, 0x95, 0xD2,
-        0xC5, 0xF3, 0x76, 0xFE, 0xEE, 0x99, 0xCF, 0xA0,
-        0x84, 0xEC, 0x70, 0xF0, 0xD3, 0xFA, 0x42, 0xDB,
-        0xFD, 0x99, 0x65, 0x2F, 0x84, 0x11, 0x99, 0xCD,
-        0x38, 0xB3, 0x1B, 0xAB, 0x8C, 0x2D, 0x33, 0x04,
-        0xCA, 0xE1, 0xB3, 0x05, 0x9A, 0x20, 0x80, 0xDB,
-        0xED, 0x59, 0x42, 0x30, 0x48, 0x37, 0xB3, 0x85,
-        0x5C, 0xEE, 0x54, 0x06, 0x92, 0x97, 0x4E, 0xFC,
-        0xFA, 0xF7, 0x25, 0xE0, 0x4E, 0x57, 0xC4, 0x72,
-        0x38, 0x59, 0xCA, 0x3C, 0x4A, 0x3F, 0x09, 0xD6,
-        0x09, 0x15, 0x83, 0xEF, 0x24, 0x21, 0xDD, 0xFD,
-        0x66, 0x9E, 0xBF, 0xEE, 0xCC, 0xBF, 0x86, 0x20,
-        0x29, 0x40, 0x5E, 0x42, 0xD2, 0xC0, 0x24, 0x2D,
-        0x76, 0xE6, 0x64, 0xF9, 0x5D, 0xC2, 0x85, 0xB6,
-        0x09, 0x41, 0x04, 0x62, 0x17, 0xDC, 0xF8, 0xFA,
-        0x2A, 0x4C, 0xD1, 0x82, 0x31, 0x57, 0xB7, 0x2B,
-        0x49, 0xE8, 0x40, 0x13, 0x2A, 0xA1, 0x86, 0xD2,
-        0x9A, 0xB8, 0xA9, 0xBE, 0x39, 0xBE, 0xE9, 0xA5,
-        0x35, 0x12, 0x08, 0xF1, 0xA9, 0x9E, 0x57, 0x46,
-        0x3A, 0x55, 0x16, 0xA7, 0x41, 0xD9, 0x25, 0xB8,
-        0x2F, 0xAF, 0xA8, 0x81, 0x5F, 0x5F, 0x46, 0xA4,
-        0x3B, 0xB3, 0xE9, 0x1B, 0x74, 0xEF, 0x5D, 0x57,
-        0x48, 0x4A, 0x72, 0x08, 0xDA, 0xFE, 0x1D, 0x55,
-        0x6B, 0xAB, 0x8B, 0x13, 0x18, 0xBF, 0xDD, 0xF4,
-        0x4E, 0x01, 0x5F, 0x4B, 0xF6, 0x80, 0xD4, 0x16,
-        0x4B, 0x2F, 0x03, 0x4B, 0xF8, 0x93, 0x20, 0x21,
-        0x55, 0x52, 0x49, 0x4A, 0x6C, 0x1F, 0x7D, 0xAD,
-        0x04, 0xEF, 0xB3, 0x74, 0xEE, 0xC5, 0xB6, 0xBC,
-        0x33, 0x7A, 0xCF, 0x64, 0xB9, 0xF9, 0x41, 0x70,
-        0xAF, 0xE9, 0xC7, 0xD6, 0x25, 0x18, 0x17, 0xAB,
-        0xBA, 0xC9, 0x05, 0xEF, 0x40, 0x89, 0xD5, 0x69,
-        0x76, 0xAA, 0xA0, 0x3E, 0x4D, 0x1C, 0xE7, 0x9D,
-        0x9E, 0x74, 0xF4, 0xF2, 0x7B, 0x40, 0xF6, 0x57,
-        0x78, 0x66, 0xFC, 0xDA, 0xE3, 0x6B, 0xD2, 0x6E,
-        0xC7, 0x9D, 0x65, 0x84, 0xAF, 0x7A, 0x1F, 0xE4,
-        0x34, 0xD4, 0x1A, 0x17, 0xA2, 0x72, 0xB0, 0xEE,
-        0x5A, 0x0C, 0xF4, 0x02, 0xAC, 0x1D, 0x6F, 0x4A,
-        0xD0, 0xB2, 0x02, 0x3A, 0x7D, 0x2C, 0xF1, 0x43,
-        0x0E, 0x1E, 0x96, 0xEB, 0x42, 0xF8, 0x3A, 0xF5,
-        0x0B, 0x5D, 0xA9, 0x23, 0x02, 0x28, 0xE5, 0x26,
-        0x5E, 0x69, 0x38, 0x2F, 0x85, 0x34, 0x32, 0x5E,
-        0x5E, 0x29, 0x33, 0x94, 0x05, 0xBD, 0x58, 0xF8,
-        0xE8, 0x9C, 0xBF, 0xB1, 0x5A, 0x05, 0xC6, 0x23,
-        0x9B, 0xBB, 0x57, 0x69, 0x8C, 0xE6, 0x41, 0x97,
-        0x48, 0x01, 0x95, 0xAF, 0xE9, 0x62, 0x8C, 0x6F,
-        0x09, 0x43, 0xF3, 0x64, 0x50, 0x90, 0x2F, 0x14,
-        0xF7, 0x30, 0x07, 0xE0, 0x4B, 0xA8, 0x39, 0xAC,
-        0x21, 0xC4, 0x07, 0x45, 0x5F, 0xD9, 0x87, 0xB1,
-        0x57, 0x47, 0x07, 0x66, 0xFF, 0xC7, 0xAB, 0xEE,
-        0x1F, 0x55, 0x71, 0x50, 0x63, 0xCF, 0x58, 0x3B,
-        0xC8, 0x1B, 0xEA, 0xA5, 0xE2, 0xF1, 0x57, 0xB3,
-        0x77, 0x65, 0xA9, 0xBD, 0x23, 0xC8, 0x30, 0x86,
-        0xC3, 0x5F, 0xBF, 0x16, 0x3F, 0x42, 0x28, 0x0A,
-        0xC6, 0x5A, 0x57, 0x15, 0x2F, 0xA1, 0x96, 0xA9,
-        0x25, 0xC5, 0x8E, 0x32, 0x11, 0x62, 0xB3, 0x54,
-        0x18, 0x00, 0xA4, 0xA6, 0xD4, 0x0F, 0x68, 0x27,
-        0x8F, 0x21, 0x78, 0x02, 0x37, 0x98, 0xBD, 0xCE,
-        0x3F, 0xBC, 0xF2, 0x9C, 0x66, 0x8E, 0x79, 0xA1,
-        0x54, 0x12, 0x55, 0x2E, 0xC0, 0x59, 0xC7, 0x18,
-        0x18, 0x22, 0x4D, 0x27, 0x8B, 0x8D, 0xF3, 0x08,
-        0x99, 0xE6, 0x35, 0x14, 0xB1, 0xE3, 0xB8, 0x7A,
-        0x40, 0x7B, 0x68, 0x7B, 0xFF, 0xDC, 0x54, 0x41,
-        0x06, 0xCA, 0x91, 0xFE, 0xDB, 0x2B, 0xDA, 0x9E,
-        0xC5, 0x20, 0xD8, 0xBF, 0x42, 0xBC, 0xE6, 0x39,
-        0xC4, 0x26, 0x9E, 0xF3, 0x82, 0xD9, 0xF1, 0xA0,
-        0x04, 0xAF, 0xFB, 0x77, 0x13, 0x36, 0xAF, 0xD7,
-        0x91, 0x9B, 0x3A, 0x57, 0x98, 0xFE, 0xAD, 0xCD,
-        0x46, 0xF8, 0xF8, 0xF1, 0x87, 0x53, 0xBD, 0x57,
-        0x3F, 0x99, 0xBC, 0xA6, 0xBD, 0x9B, 0x6E, 0xF4,
-        0x17, 0x7A, 0x78, 0x30, 0x70, 0xA3, 0x43, 0xFF,
-        0x92, 0xCD, 0x99, 0x73, 0xAE, 0x65, 0x6A, 0x10,
-        0xFF, 0x70, 0x47, 0x0F, 0x16, 0x4C, 0x4A, 0x90,
-        0xF4, 0x52, 0x05, 0x79, 0x33, 0x63, 0xDE, 0x14,
-        0x65, 0xAF, 0x8A, 0x5E, 0x67, 0x20, 0x03, 0x9F,
-        0xE6, 0x70, 0x13, 0x6B, 0xE0, 0xF3, 0x6A, 0x4C,
-        0x6B, 0x5B, 0xCB, 0xE1, 0x7C, 0x5D, 0x7D, 0xE3,
-        0x23, 0xFD, 0xB8, 0x6A, 0xDA, 0x56, 0x1E, 0xA8,
-        0x36, 0xC4, 0x29, 0x2D, 0x70, 0x41, 0x03, 0x18,
-        0x31, 0x40, 0x79, 0x2E, 0xC8, 0x22, 0x98, 0x5E,
-        0x11, 0xED, 0xA6, 0xDD, 0xB9, 0xAF, 0x8C, 0x27,
-        0x5C, 0x1B, 0x2E, 0xEA, 0xB8, 0xC6, 0x2F, 0xA0,
-        0x40, 0xB2, 0x64, 0x61, 0xFC, 0x0A, 0x3A, 0x10,
-        0x88, 0xC2, 0x58, 0xEC, 0xA5, 0x8D, 0x14, 0xE9,
-        0x9D, 0x21, 0xAF, 0x64, 0xD6, 0xC2, 0x5D, 0xAA,
-        0x0B, 0x8A, 0x57, 0x0F, 0x84, 0x3E, 0x60, 0x8D,
-        0xED, 0x05, 0x1D, 0x98, 0xED, 0xAE, 0x11, 0xD9,
-        0x27, 0x03, 0x55, 0xED, 0xF5, 0x34, 0x92, 0x52,
-        0xF2, 0x6F, 0x30, 0x3E, 0x69, 0xA5, 0x54, 0xA7,
-        0x2E, 0x1B, 0x85, 0xAB, 0xA2, 0x3B, 0xEC, 0xC8,
-        0x9D, 0xA9, 0xA3, 0xE4, 0xEF, 0x58, 0xB5, 0x33,
-        0x88, 0x55, 0x16, 0x5E, 0x7D, 0x7E, 0x69, 0xFC,
-        0xCA, 0xBD, 0x9C, 0x65, 0xFA, 0x0B, 0xBD, 0x7B,
-        0x16, 0xC4, 0xE2, 0x9C, 0xB4, 0xF1, 0x6A, 0x25,
-        0x70, 0x30, 0x32, 0xED, 0xEA, 0xD3, 0x1D, 0xDB,
-        0x6F, 0x29, 0x2E, 0x42, 0x14, 0xBE, 0x03, 0x29,
-        0x0A, 0x8A, 0x98, 0x9A, 0xD7, 0xB7, 0x0C, 0xF8,
-        0xB9, 0xCF, 0x37, 0xC6, 0xAC, 0xAC, 0x6D, 0xCC,
-        0x03, 0x23, 0x9F, 0x66, 0x85, 0x4B, 0x70, 0x45
-    };
-#endif /* WOLFSSL_NO_ML_DSA_87 */
-
-    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(key);
-
-    if (key != NULL) {
-        XMEMSET(key, 0, sizeof(*key));
-    }
-
-    ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0);
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
-    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44), 0);
-    ExpectIntEQ(XMEMCMP(key->p, pk_44, sizeof(pk_44)), 0);
-    ExpectIntEQ(XMEMCMP(key->k, sk_44, sizeof(sk_44)), 0);
-#endif
-#ifndef WOLFSSL_NO_ML_DSA_65
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
-    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65), 0);
-    ExpectIntEQ(XMEMCMP(key->p, pk_65, sizeof(pk_65)), 0);
-    ExpectIntEQ(XMEMCMP(key->k, sk_65, sizeof(sk_65)), 0);
-#endif
-#ifndef WOLFSSL_NO_ML_DSA_87
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
-    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87), 0);
-    ExpectIntEQ(XMEMCMP(key->p, pk_87, sizeof(pk_87)), 0);
-    ExpectIntEQ(XMEMCMP(key->k, sk_87, sizeof(sk_87)), 0);
-#endif
-
-    wc_dilithium_free(key);
-    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_dilithium_verify_kats(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
-    dilithium_key* key;
-    int res;
-#ifndef WOLFSSL_NO_ML_DSA_44
-    static const byte pk_44[] = {
-        0x35, 0x07, 0x31, 0x3A, 0xE3, 0x7A, 0xF6, 0x96,
-        0x6C, 0x11, 0xA9, 0xE4, 0x0B, 0xEB, 0xEC, 0xE9,
-        0x2B, 0x67, 0x3F, 0xD2, 0x67, 0x3C, 0x1C, 0x4C,
-        0x08, 0xF0, 0x45, 0xA9, 0xDD, 0x5A, 0xB8, 0x8C,
-        0x0A, 0x51, 0xA9, 0xBA, 0x89, 0x0F, 0x4C, 0xCB,
-        0x9D, 0x0A, 0x41, 0x3F, 0x9C, 0xF4, 0x13, 0x36,
-        0x79, 0x49, 0x00, 0x90, 0xBB, 0x57, 0x3B, 0xBD,
-        0x2E, 0x18, 0xB3, 0xD0, 0xA5, 0x0E, 0x6B, 0x67,
-        0xFF, 0x98, 0x8C, 0xDD, 0x07, 0xE8, 0xA7, 0xA1,
-        0x3F, 0xAE, 0xFB, 0xD6, 0xC0, 0xF8, 0xF3, 0x34,
-        0xA5, 0x17, 0xC2, 0x34, 0x88, 0x92, 0x65, 0xA6,
-        0xE8, 0x66, 0x57, 0xFE, 0x86, 0x08, 0xF7, 0xDF,
-        0xA0, 0x5B, 0x70, 0x3E, 0x91, 0x6C, 0x63, 0xA0,
-        0xA3, 0x75, 0x55, 0xF8, 0xB6, 0xAA, 0xD4, 0x1B,
-        0x78, 0x5E, 0x42, 0x9F, 0x96, 0xE4, 0xA0, 0x50,
-        0xB6, 0x94, 0x2D, 0xC3, 0xE3, 0x36, 0x2B, 0x9D,
-        0x6B, 0x7A, 0xEF, 0xF5, 0x68, 0xF2, 0x11, 0xDF,
-        0x87, 0xA0, 0x9A, 0xC4, 0x61, 0xFB, 0xA4, 0x1C,
-        0x98, 0x3F, 0xC9, 0x52, 0x59, 0x3B, 0x47, 0x4D,
-        0xF5, 0x24, 0xA3, 0xD8, 0x63, 0xE1, 0xED, 0xDC,
-        0xFD, 0xEB, 0x96, 0xFB, 0xF3, 0xE7, 0x50, 0x9C,
-        0x72, 0x61, 0xC7, 0x3C, 0xCE, 0xF2, 0xEB, 0x22,
-        0x55, 0x6B, 0x9F, 0x25, 0xE4, 0x45, 0xE1, 0xFB,
-        0x3E, 0x2E, 0x4E, 0x92, 0x4F, 0x8A, 0x85, 0xEB,
-        0x63, 0x2C, 0x05, 0x0F, 0x9A, 0xEC, 0x0E, 0x9D,
-        0x05, 0x81, 0x46, 0x82, 0xEA, 0x74, 0x91, 0xD5,
-        0x2A, 0xBC, 0xCC, 0xBB, 0xD6, 0x7F, 0x5F, 0x9A,
-        0xD3, 0xBD, 0xEB, 0x14, 0xBA, 0x84, 0x27, 0x13,
-        0x32, 0xB5, 0xF3, 0x71, 0xAC, 0x47, 0x19, 0x6B,
-        0x5E, 0x43, 0x50, 0xC2, 0xA8, 0x82, 0xF5, 0x97,
-        0x9B, 0x27, 0x62, 0xFB, 0xB7, 0xFF, 0x6B, 0xC8,
-        0x52, 0x1E, 0xFB, 0x97, 0x39, 0x1E, 0x7F, 0x01,
-        0xF8, 0x34, 0x47, 0xAA, 0xB2, 0x64, 0xB5, 0x9E,
-        0x28, 0x18, 0xCB, 0x4A, 0x94, 0xBE, 0x6A, 0x43,
-        0x5B, 0xAE, 0x21, 0xA4, 0x63, 0x64, 0x46, 0x0C,
-        0x6B, 0x36, 0x1C, 0x2A, 0x3B, 0x64, 0xFA, 0xA0,
-        0xAB, 0xE3, 0x3B, 0x7D, 0xB0, 0x23, 0x99, 0x21,
-        0x55, 0x59, 0xBF, 0xD6, 0xDB, 0xB8, 0xDB, 0x09,
-        0x5E, 0xBC, 0x32, 0x3C, 0xAC, 0xAB, 0x1A, 0x63,
-        0x32, 0x21, 0x10, 0xD5, 0x8D, 0x7A, 0x5F, 0xCE,
-        0x72, 0x8D, 0x2A, 0xED, 0x1D, 0x30, 0x38, 0x5D,
-        0x3E, 0x62, 0xC2, 0x8E, 0xC9, 0x9F, 0x8C, 0x50,
-        0x3F, 0xC6, 0xCE, 0x86, 0x4D, 0x67, 0x3D, 0x09,
-        0xB6, 0x27, 0x14, 0x57, 0x14, 0xED, 0xC9, 0x8F,
-        0xAC, 0x9E, 0xAC, 0x6F, 0xB5, 0xB2, 0xE6, 0x8D,
-        0x9D, 0x5E, 0xE6, 0x78, 0x77, 0x09, 0x94, 0x35,
-        0x5E, 0x3B, 0x64, 0x04, 0x38, 0xD4, 0x5B, 0x04,
-        0xB8, 0x6C, 0x33, 0x97, 0xE1, 0x58, 0x54, 0x32,
-        0xB3, 0x0F, 0x37, 0x69, 0x39, 0xCE, 0x57, 0x31,
-        0x5C, 0x75, 0xA8, 0x94, 0xD0, 0x39, 0x2D, 0xB4,
-        0x73, 0xA7, 0xA4, 0x7C, 0xBE, 0x34, 0x03, 0x2D,
-        0x99, 0x1D, 0xDF, 0x32, 0x26, 0xB7, 0x45, 0x1B,
-        0x03, 0xCD, 0xEE, 0x9D, 0x58, 0xA8, 0xA7, 0x76,
-        0x1B, 0x17, 0x42, 0xD9, 0x69, 0x0F, 0x26, 0x3A,
-        0x9D, 0x70, 0x9B, 0x4E, 0x81, 0xEB, 0x96, 0x02,
-        0xB5, 0xB3, 0x92, 0x31, 0xFE, 0xBC, 0x38, 0x11,
-        0x5A, 0x47, 0xED, 0x0A, 0x2A, 0xE2, 0xB8, 0x47,
-        0x13, 0x5E, 0x43, 0x97, 0xD5, 0xFA, 0x31, 0x02,
-        0x58, 0xE9, 0x9E, 0xB5, 0x3F, 0x85, 0x92, 0x0E,
-        0xB9, 0xDB, 0xE0, 0xEE, 0x56, 0x76, 0x64, 0x8F,
-        0xF2, 0xE2, 0x47, 0x81, 0xD4, 0xA4, 0x82, 0x43,
-        0x69, 0xAE, 0x8E, 0x48, 0x50, 0x84, 0x93, 0x3B,
-        0x9C, 0x65, 0xD3, 0x6F, 0xCD, 0x90, 0xA0, 0xD8,
-        0xA0, 0xE1, 0x79, 0xCC, 0xD5, 0x1F, 0x71, 0x73,
-        0x93, 0xE7, 0xB2, 0xB0, 0x78, 0x17, 0xD7, 0x79,
-        0xDE, 0xCC, 0x83, 0x7D, 0x5A, 0xF2, 0x0E, 0xA6,
-        0xB1, 0x76, 0x61, 0x15, 0x88, 0x8E, 0xD7, 0xA6,
-        0x51, 0xBF, 0x9C, 0xD1, 0x0A, 0xFC, 0xDA, 0x65,
-        0xA5, 0x65, 0xFE, 0xB2, 0xED, 0x07, 0x74, 0x42,
-        0x4C, 0xF5, 0x42, 0x3D, 0xAF, 0x5F, 0x4D, 0x72,
-        0x51, 0xE6, 0x3F, 0x68, 0xCC, 0xC5, 0x2D, 0x89,
-        0x01, 0xD8, 0x80, 0xB4, 0xFC, 0xEB, 0x3B, 0xBE,
-        0x7C, 0xFA, 0x24, 0x27, 0xE1, 0x05, 0x94, 0x67,
-        0xAD, 0xB3, 0x47, 0x7D, 0x28, 0x18, 0xC1, 0xC9,
-        0xB8, 0xA1, 0x2A, 0x95, 0xBB, 0x5D, 0xC9, 0x42,
-        0x4F, 0x64, 0x94, 0x07, 0x5F, 0x65, 0xD3, 0xA5,
-        0x65, 0xEE, 0x67, 0x2C, 0x10, 0x65, 0x81, 0x4D,
-        0x7F, 0xAF, 0x2E, 0x97, 0x9E, 0x11, 0xA3, 0xF5,
-        0x3E, 0xDE, 0xB1, 0x1D, 0x44, 0x72, 0x90, 0x74,
-        0xFD, 0x47, 0x82, 0xA6, 0x04, 0x3E, 0x28, 0x3C,
-        0x15, 0xDF, 0xC4, 0x7A, 0x7C, 0xF5, 0x5A, 0xC6,
-        0xFB, 0xE4, 0xC2, 0xE0, 0x6E, 0x4C, 0x09, 0x2E,
-        0xE3, 0xE6, 0x3A, 0xEF, 0xF6, 0x54, 0xDC, 0x92,
-        0xBE, 0x8F, 0x24, 0x8E, 0x70, 0x53, 0x90, 0x3D,
-        0x06, 0xA5, 0x0A, 0x72, 0xA0, 0x7B, 0x22, 0x14,
-        0x80, 0x43, 0xAD, 0xDC, 0x11, 0xFC, 0xFF, 0xCF,
-        0x5E, 0xA4, 0x69, 0x1C, 0x09, 0x09, 0xC3, 0x3D,
-        0xF5, 0xE7, 0x05, 0x6F, 0x16, 0x33, 0x75, 0xB4,
-        0x9B, 0x7B, 0x26, 0xDB, 0xE7, 0x27, 0x56, 0xD3,
-        0x91, 0x82, 0x9D, 0xEB, 0x96, 0x3E, 0xE8, 0x40,
-        0xAB, 0x5D, 0x6C, 0xB7, 0xA6, 0x36, 0x07, 0xD4,
-        0xE7, 0x7C, 0xD4, 0x5C, 0x36, 0xE4, 0xFC, 0x7C,
-        0x8A, 0x36, 0x8D, 0x53, 0x43, 0xD4, 0xAC, 0x0B,
-        0x1B, 0xBA, 0x32, 0x88, 0xFA, 0xCE, 0xC1, 0xB9,
-        0x34, 0x3C, 0xAC, 0xA0, 0xF4, 0xF2, 0x83, 0xA8,
-        0xBB, 0x6F, 0x12, 0xC6, 0xB5, 0x3C, 0xDE, 0xA8,
-        0x49, 0x66, 0x97, 0xD7, 0x7E, 0x37, 0xF7, 0xCE,
-        0x7C, 0xF8, 0xC8, 0xBB, 0x8C, 0xB5, 0x3B, 0x3F,
-        0xB9, 0x51, 0x68, 0x00, 0xD7, 0x2E, 0x1C, 0x10,
-        0xAF, 0x9F, 0x3C, 0xD2, 0xAC, 0xE5, 0xBE, 0x94,
-        0xB9, 0x60, 0xF5, 0xB2, 0x70, 0x24, 0xE8, 0x8A,
-        0x2C, 0xD8, 0x95, 0xAF, 0xAA, 0xA9, 0xA5, 0x2B,
-        0xCA, 0xE0, 0x58, 0x44, 0x02, 0x3F, 0xF8, 0x21,
-        0x0C, 0x29, 0xB7, 0xD5, 0x08, 0x9E, 0x69, 0x81,
-        0xD4, 0x6C, 0xC5, 0x0B, 0xF6, 0xEF, 0xAB, 0x01,
-        0xEA, 0xDF, 0x36, 0x2C, 0x5C, 0xFB, 0xEB, 0xC8,
-        0x4F, 0x71, 0x80, 0xD7, 0x00, 0xC9, 0x32, 0x5D,
-        0x02, 0x4F, 0x96, 0x94, 0x71, 0xCD, 0x98, 0xC4,
-        0x25, 0x7A, 0x92, 0xF1, 0x9B, 0xA0, 0x34, 0x30,
-        0x6C, 0x41, 0x59, 0xD5, 0x01, 0x5D, 0xD6, 0x56,
-        0xEA, 0x05, 0xF2, 0xFC, 0xF8, 0x58, 0xFA, 0x12,
-        0x9C, 0x5A, 0x5C, 0xD5, 0x3D, 0xC7, 0x5D, 0x1B,
-        0x99, 0x2A, 0x6A, 0x4C, 0xF9, 0xEA, 0x9D, 0x70,
-        0x53, 0xBC, 0xBE, 0xAD, 0x61, 0xC7, 0x2D, 0x77,
-        0xEF, 0x61, 0xC7, 0xBE, 0x9C, 0x73, 0xC1, 0xD5,
-        0xD4, 0x5C, 0x5F, 0x21, 0x6A, 0x5C, 0xEE, 0x78,
-        0xAA, 0xC6, 0x6C, 0x56, 0xDB, 0x38, 0x5A, 0x94,
-        0x12, 0xB8, 0x73, 0x7C, 0xDF, 0x9A, 0x27, 0xCD,
-        0xC5, 0xD1, 0xD3, 0xCA, 0x0E, 0x37, 0x0A, 0xC1,
-        0x6F, 0xAD, 0xE3, 0x32, 0x94, 0x6C, 0x20, 0xB5,
-        0xED, 0xE6, 0x2D, 0x34, 0x39, 0x58, 0xD2, 0x1E,
-        0x63, 0x8D, 0xFA, 0xFF, 0xB5, 0xE8, 0x40, 0xC8,
-        0x42, 0x38, 0x7A, 0x01, 0x80, 0xFF, 0x52, 0x3F,
-        0xE9, 0x89, 0x63, 0xAD, 0x91, 0x5F, 0xCE, 0x0A,
-        0x47, 0x87, 0xF9, 0x6D, 0xD7, 0x79, 0xEF, 0xCE,
-        0x10, 0x7B, 0x73, 0x43, 0xBE, 0x51, 0xA0, 0xDF,
-        0xE5, 0xEC, 0xA9, 0x63, 0xF6, 0x5E, 0x72, 0x36,
-        0x22, 0x86, 0xEE, 0x4E, 0x4A, 0x76, 0xFD, 0x86,
-        0xBA, 0xE6, 0xD6, 0xC4, 0xD2, 0xE6, 0xFF, 0xB2,
-        0x5B, 0x39, 0xF9, 0xC3, 0x29, 0xA8, 0x61, 0x3A,
-        0x33, 0x34, 0x89, 0xC9, 0x83, 0xF9, 0xB2, 0x70,
-        0x21, 0x54, 0x44, 0x94, 0x70, 0xAD, 0x70, 0x18,
-        0x84, 0x38, 0x91, 0xFB, 0xDE, 0x5E, 0x3D, 0xE3,
-        0xB2, 0xA7, 0x3C, 0x1D, 0x49, 0xA6, 0x66, 0x7C,
-        0x4B, 0xEB, 0xB0, 0xA7, 0x7C, 0xC5, 0xAE, 0x45,
-        0x1F, 0xBE, 0x0E, 0x2F, 0x11, 0xDC, 0x92, 0x08,
-        0xAA, 0x18, 0x38, 0xFE, 0x61, 0xBE, 0x9D, 0xC3,
-        0x3A, 0x1F, 0x2F, 0xB6, 0x6E, 0xB6, 0x54, 0x97,
-        0x74, 0x06, 0xBC, 0x12, 0x2D, 0x64, 0x18, 0x14,
-        0x25, 0x5A, 0xCB, 0x7B, 0xD7, 0x9D, 0xC3, 0x2C,
-        0xC2, 0x0B, 0x19, 0x10, 0xD2, 0x57, 0xF0, 0xDF,
-        0xA4, 0x95, 0xA4, 0x5A, 0xA0, 0x2D, 0x0F, 0xA0,
-        0xBC, 0xF7, 0x60, 0x7F, 0x38, 0xE1, 0x17, 0x0D,
-        0x36, 0x08, 0xF5, 0xF9, 0x75, 0x28, 0x75, 0xAC,
-        0xA9, 0x2B, 0x75, 0xC4, 0x41, 0xE0, 0x0D, 0x5C,
-        0xBC, 0x5F, 0x49, 0x16, 0x25, 0x38, 0x16, 0xE1,
-        0x0C, 0x2C, 0x9C, 0x63, 0xA8, 0x5F, 0x70, 0xF4,
-        0x64, 0xC7, 0x10, 0x19, 0x52, 0x19, 0x6E, 0x9B,
-        0x5C, 0x09, 0x4F, 0xEE, 0xB6, 0x7C, 0x85, 0xC9,
-        0x6E, 0xCB, 0x33, 0x32, 0x42, 0x9D, 0x57, 0x18,
-        0xE6, 0x55, 0x94, 0x74, 0x02, 0xEE, 0xEB, 0xAA,
-        0xF7, 0xD3, 0x45, 0x7A, 0x49, 0x6F, 0x83, 0x89,
-        0x00, 0xE4, 0xAA, 0x20, 0x87, 0x10, 0xAD, 0xC0,
-        0x0E, 0xF5, 0x93, 0x57, 0xE5, 0x45, 0x7A, 0xBD,
-        0x82, 0x87, 0x50, 0x0F, 0xE1, 0x2C, 0x0C, 0x6D,
-        0xEE, 0xC8, 0x94, 0xB8, 0x39, 0xF3, 0x3C, 0xFE,
-        0x7E, 0xC1, 0x0F, 0xB4, 0x67, 0xA2, 0xDF, 0xC6,
-        0x9D, 0xB5, 0x9D, 0xB8, 0x72, 0x50, 0xBD, 0xB3,
-        0xDB, 0xF6, 0x87, 0x5E, 0x26, 0x93, 0xF0, 0xD4,
-        0x0D, 0x68, 0xA4, 0x8B, 0xBD, 0x2C, 0x6E, 0xD8,
-        0x4F, 0x81, 0x5D, 0x0D, 0xAC, 0x72, 0x65, 0xEC,
-        0x4E, 0xF2, 0x4E, 0x5F, 0x67, 0x04, 0xF3, 0x08,
-        0x29, 0x4D, 0xB2, 0xE2, 0xD5, 0x9F, 0xD4, 0xB9,
-        0x13, 0xB4, 0x33, 0x80, 0x27, 0x84, 0x7E, 0xF4
-    };
-    static const byte msg_44[] = {
-        0x5C, 0x70, 0x7F, 0xBF, 0xF4, 0xFF, 0xE5, 0x9B,
-        0x09, 0xAA, 0xF8, 0xDB, 0x21, 0xAD, 0xBE, 0xBA,
-        0xC6, 0xB2, 0x65, 0x37, 0x9A, 0x9A, 0x43, 0x3A,
-        0xA8, 0x23, 0x2B, 0x13, 0x9B, 0xBD, 0x46, 0x37,
-        0x30, 0x60, 0xA7, 0x5B, 0xC4, 0x48, 0x63, 0x5F,
-        0x41, 0x35, 0x38, 0x69, 0xF9, 0x6F, 0xB5, 0x65,
-        0x26, 0xDB, 0xAE, 0xB7, 0x5C, 0xFE, 0x2C, 0x03,
-        0xCB, 0x43, 0x08, 0x58, 0x5E, 0x27, 0xD1, 0x42,
-        0x14, 0xF2, 0x4B, 0xD7, 0x13, 0xE4, 0x96, 0x74,
-        0x6A, 0xC1, 0x36, 0xC7, 0x9D, 0x0F, 0x7D, 0xB0,
-        0x7B, 0x8A, 0x3A, 0x6D, 0x00, 0x5B, 0x29, 0x7B,
-        0x37, 0xBA, 0x3F, 0x5B, 0xBD, 0xCE, 0x21, 0x77,
-        0xFD, 0xD6, 0x78, 0x77, 0x20, 0x31, 0xF0, 0x60,
-        0x49, 0xAE, 0x12, 0x86, 0x7A, 0x64, 0xBD, 0x0B,
-        0x9E, 0xC6, 0x26, 0x80, 0x9E, 0xCE, 0x19, 0x8D,
-        0x6A, 0x6B, 0x09, 0x03, 0x45, 0xDF, 0x22, 0x7D
-    };
-    static const byte sig_44[] = {
-        0x08, 0xF0, 0x10, 0xFA, 0x63, 0x3F, 0x2B, 0xA1,
-        0x46, 0x81, 0x34, 0xC4, 0xBC, 0xAB, 0x62, 0x17,
-        0x0B, 0x64, 0xEA, 0x00, 0x2D, 0xD6, 0x8A, 0xE5,
-        0xC2, 0x45, 0x29, 0xB9, 0xEC, 0x6F, 0x3B, 0xF2,
-        0xDC, 0x2F, 0xC7, 0x34, 0x5A, 0x1E, 0xFE, 0x0C,
-        0xCA, 0xB9, 0x6A, 0xD8, 0xDA, 0xBA, 0xAA, 0x80,
-        0x90, 0xDC, 0x8C, 0x6C, 0x22, 0xFF, 0xC4, 0x90,
-        0x9E, 0xE9, 0xA5, 0x45, 0xFC, 0xE8, 0x64, 0x53,
-        0x9E, 0xC4, 0x17, 0xE1, 0xB2, 0x1A, 0x31, 0x40,
-        0x26, 0x9D, 0x5E, 0x03, 0x6A, 0xC6, 0x09, 0x19,
-        0xDD, 0xB3, 0x63, 0xE0, 0x35, 0xCD, 0xB4, 0x2E,
-        0x25, 0x38, 0x6E, 0x6C, 0x76, 0xA9, 0x19, 0x75,
-        0x68, 0x6E, 0xB7, 0xAB, 0xAD, 0x8F, 0x63, 0x64,
-        0x97, 0x4E, 0x56, 0x82, 0x30, 0x45, 0x86, 0x22,
-        0x64, 0xDA, 0xD2, 0xAE, 0x54, 0x70, 0x5C, 0xF1,
-        0xEB, 0xD1, 0x84, 0x8D, 0xFF, 0x86, 0x15, 0xE6,
-        0x20, 0xCE, 0x14, 0x89, 0xEF, 0xFA, 0x2E, 0xF8,
-        0x60, 0xCA, 0x53, 0x52, 0xE4, 0xD5, 0xC8, 0x2E,
-        0x50, 0xD5, 0x9D, 0x90, 0xA6, 0x12, 0xC7, 0xF1,
-        0x70, 0x0D, 0xE2, 0x89, 0x5B, 0x31, 0x6A, 0x21,
-        0x79, 0x9C, 0xBE, 0x77, 0x6E, 0xA6, 0xBF, 0x51,
-        0x05, 0x2A, 0x83, 0x50, 0x7E, 0x86, 0x14, 0xD1,
-        0x50, 0x53, 0x1F, 0x1C, 0x5E, 0x50, 0x24, 0x69,
-        0x6C, 0x91, 0x55, 0x35, 0x19, 0x6F, 0xE0, 0xDC,
-        0xB5, 0xD6, 0x48, 0x7E, 0x78, 0x61, 0x59, 0x2C,
-        0xD0, 0x1B, 0x42, 0x58, 0xAF, 0x7A, 0x39, 0xCA,
-        0x02, 0x1C, 0x50, 0xEF, 0xE9, 0xE1, 0xDE, 0x31,
-        0x8D, 0x09, 0x51, 0xC9, 0xDB, 0x16, 0xF9, 0xB9,
-        0x45, 0x54, 0x81, 0x16, 0xD7, 0x14, 0xD8, 0xBE,
-        0x9C, 0xCA, 0x53, 0xFE, 0x8F, 0x24, 0x99, 0x0D,
-        0xBA, 0x7F, 0x99, 0x42, 0x11, 0x9B, 0x32, 0xDD,
-        0x93, 0x5C, 0xBA, 0x2D, 0xD3, 0xB3, 0xF2, 0x48,
-        0x13, 0x9C, 0x80, 0xBB, 0x8D, 0xF4, 0xC7, 0xAA,
-        0xEB, 0xC6, 0xFD, 0xB8, 0x35, 0x95, 0x87, 0x2B,
-        0x9E, 0xCF, 0x48, 0xF3, 0x2D, 0xFF, 0x70, 0xF4,
-        0xCE, 0x35, 0x68, 0x7E, 0x9D, 0xDF, 0xD5, 0x0C,
-        0xCD, 0xE3, 0x51, 0xB0, 0x90, 0x86, 0xE5, 0xD1,
-        0xF1, 0x3B, 0x72, 0x42, 0x73, 0x07, 0x03, 0xE2,
-        0xFB, 0x40, 0x3F, 0xD4, 0xC8, 0x30, 0xB6, 0x86,
-        0x49, 0x8A, 0x17, 0xDB, 0x8F, 0x46, 0x6C, 0x3A,
-        0xC3, 0x49, 0xCD, 0x59, 0x68, 0x81, 0x66, 0x03,
-        0xD7, 0x24, 0xAF, 0x1F, 0x77, 0xC7, 0xFB, 0xF7,
-        0x83, 0xCD, 0xA2, 0x6D, 0x35, 0x0C, 0x8B, 0xBC,
-        0x29, 0x3A, 0x7F, 0xAC, 0xB9, 0xF9, 0x78, 0x50,
-        0x6A, 0x67, 0xFC, 0xDC, 0x6F, 0x01, 0x65, 0x06,
-        0x82, 0x81, 0xB0, 0x7D, 0x25, 0x5D, 0x74, 0x0B,
-        0x68, 0x5F, 0x51, 0x2C, 0x82, 0xF3, 0x1D, 0x92,
-        0xF6, 0xA9, 0xA9, 0x6A, 0x77, 0x57, 0x58, 0xAA,
-        0x7C, 0xBE, 0x35, 0xF4, 0x56, 0xDE, 0x42, 0x01,
-        0x2D, 0xB8, 0x28, 0x83, 0x7B, 0xA0, 0xA9, 0x7D,
-        0xC3, 0x30, 0x13, 0x52, 0xD0, 0xA1, 0xC8, 0xA1,
-        0x2C, 0x51, 0x49, 0xAE, 0xA8, 0x04, 0xCB, 0xA8,
-        0x66, 0x01, 0x26, 0xDF, 0x2D, 0x1C, 0x21, 0xA2,
-        0x4E, 0xBD, 0xA5, 0x48, 0x2A, 0x2D, 0x56, 0x60,
-        0x20, 0x98, 0x4D, 0x15, 0x7D, 0x02, 0xB6, 0x3A,
-        0xE4, 0x11, 0xAE, 0xF7, 0x3E, 0x5D, 0x56, 0x4F,
-        0x6A, 0xA3, 0x0A, 0xEA, 0xCC, 0x35, 0x8A, 0xB7,
-        0xC4, 0x8F, 0x25, 0x3E, 0x42, 0x41, 0x2B, 0xA5,
-        0x1F, 0xA7, 0x3B, 0x87, 0x22, 0x86, 0x79, 0xD5,
-        0xE5, 0x2A, 0xA2, 0xCD, 0x68, 0xCE, 0xB8, 0x18,
-        0x6D, 0xEF, 0x1C, 0x36, 0x7F, 0x75, 0x50, 0x36,
-        0x1B, 0x58, 0xEB, 0x32, 0xA1, 0xC8, 0xAF, 0x47,
-        0xE1, 0x26, 0x73, 0x1F, 0x5D, 0x73, 0x30, 0x13,
-        0x2F, 0xC7, 0x8B, 0xA3, 0x03, 0xB4, 0xA8, 0x86,
-        0x25, 0x29, 0xD1, 0x75, 0x10, 0xEE, 0x7F, 0x56,
-        0xBC, 0x0D, 0x59, 0xB4, 0xAE, 0xC9, 0x44, 0x0A,
-        0xF7, 0x0D, 0xBF, 0x17, 0x6A, 0x22, 0x9C, 0x75,
-        0x2B, 0x3E, 0x22, 0xB8, 0x2F, 0x4B, 0x68, 0xF1,
-        0x07, 0xE3, 0x47, 0x47, 0x21, 0x9C, 0xA3, 0x5B,
-        0x31, 0x0A, 0x14, 0xD9, 0x7C, 0xA8, 0xC0, 0xC6,
-        0x5C, 0xAD, 0x05, 0xD6, 0x15, 0xD3, 0xEC, 0xEC,
-        0x32, 0xC2, 0xFF, 0xF4, 0x96, 0x9C, 0xC8, 0x65,
-        0xA0, 0xB2, 0xD6, 0xF4, 0x98, 0xBB, 0xB1, 0x4E,
-        0xA5, 0x11, 0x3B, 0x4E, 0xA8, 0xEB, 0x90, 0xAB,
-        0xD8, 0x25, 0x10, 0xE3, 0x66, 0xB5, 0xA5, 0x11,
-        0x60, 0xA0, 0xCB, 0xDF, 0x77, 0x8A, 0x80, 0x4C,
-        0x07, 0x9B, 0x1B, 0x45, 0x95, 0x29, 0x1D, 0x88,
-        0x85, 0xAC, 0x32, 0x94, 0x26, 0x87, 0x12, 0x0A,
-        0x2F, 0x9E, 0xAE, 0x69, 0x79, 0x25, 0x5A, 0x50,
-        0xF4, 0xDB, 0x15, 0x20, 0x9F, 0x7A, 0x7A, 0xF2,
-        0xE5, 0x8A, 0x63, 0x6A, 0xDD, 0xBD, 0x06, 0xCB,
-        0x42, 0xF0, 0x20, 0xA9, 0x3B, 0x52, 0xD8, 0x68,
-        0x37, 0x71, 0x07, 0xB8, 0x5B, 0xFE, 0xA0, 0xEC,
-        0xBD, 0x75, 0xFF, 0x9C, 0x89, 0xDF, 0x01, 0xE7,
-        0x17, 0x7D, 0xA7, 0xE8, 0x27, 0x9E, 0xA2, 0x41,
-        0x66, 0xE6, 0xDB, 0x8B, 0x5A, 0x3F, 0x6C, 0xC9,
-        0xE3, 0x4F, 0x0D, 0xD0, 0x92, 0x1E, 0x27, 0x41,
-        0xF2, 0xB3, 0x08, 0x32, 0x03, 0x6D, 0x2C, 0x4F,
-        0x78, 0xEC, 0x99, 0xB3, 0x94, 0x6C, 0xC1, 0x89,
-        0xD9, 0x34, 0x0F, 0xEF, 0x10, 0xF0, 0xDA, 0xCE,
-        0x09, 0x69, 0x7A, 0x93, 0xC6, 0xFF, 0x19, 0x4F,
-        0xBD, 0xDE, 0xA6, 0x54, 0x8A, 0xE5, 0x81, 0x3F,
-        0x96, 0xD3, 0xA0, 0x77, 0x7C, 0xF2, 0x4B, 0xF1,
-        0x68, 0xA2, 0x23, 0x3D, 0xD4, 0x16, 0xC1, 0x66,
-        0xDA, 0x13, 0x53, 0xE1, 0x9F, 0x9A, 0x36, 0x09,
-        0x4D, 0x72, 0x08, 0x09, 0xEB, 0x87, 0x74, 0x9A,
-        0xB2, 0x8C, 0x60, 0x7F, 0xFB, 0x70, 0x17, 0x51,
-        0xB1, 0xAC, 0x18, 0xDF, 0xCB, 0x43, 0x2A, 0xD3,
-        0x89, 0xDA, 0x78, 0xAE, 0xDC, 0xEA, 0xB2, 0x22,
-        0xCA, 0x2F, 0xF1, 0xE4, 0xA7, 0xCC, 0xAF, 0xB1,
-        0x63, 0x1B, 0x5D, 0xDD, 0xD1, 0x49, 0xB8, 0x90,
-        0x2E, 0xC9, 0xC0, 0x83, 0x0D, 0xAB, 0x88, 0x88,
-        0x4C, 0x74, 0x72, 0x00, 0x7D, 0xFE, 0xF2, 0x46,
-        0x73, 0xFD, 0x99, 0xEC, 0x89, 0x8B, 0x3B, 0x0F,
-        0xCE, 0x35, 0x5A, 0xEA, 0x13, 0x4F, 0x67, 0x67,
-        0xFD, 0x0D, 0x87, 0xFC, 0xB1, 0x36, 0x48, 0x07,
-        0x33, 0x0B, 0xCA, 0xD4, 0xD7, 0xD0, 0xCC, 0xA1,
-        0x8F, 0xF0, 0x3F, 0x01, 0x8B, 0x6B, 0x74, 0x44,
-        0x2F, 0x1B, 0xE0, 0x65, 0x31, 0x1B, 0x4E, 0xDB,
-        0x67, 0x65, 0xA9, 0x34, 0xE8, 0x4D, 0x0C, 0xF3,
-        0x29, 0xED, 0x53, 0xAB, 0x8A, 0x98, 0x07, 0x2B,
-        0xE0, 0xCD, 0xC0, 0x08, 0x82, 0x4A, 0x72, 0x28,
-        0x72, 0xA2, 0xAC, 0xFE, 0xF7, 0xBF, 0x6E, 0x8E,
-        0xF8, 0x3E, 0x04, 0x58, 0xA4, 0x36, 0x46, 0x33,
-        0xAB, 0xDD, 0x0E, 0xBF, 0x01, 0xD2, 0xEF, 0x19,
-        0x5B, 0x78, 0x2B, 0x30, 0x51, 0x25, 0x50, 0xD0,
-        0xB5, 0x82, 0xC7, 0x20, 0x0D, 0xA1, 0x2C, 0x38,
-        0xAF, 0x44, 0xFC, 0xBD, 0x49, 0xB8, 0x7F, 0x89,
-        0xEF, 0xBE, 0x37, 0x5C, 0xCB, 0xA2, 0x11, 0x75,
-        0x7D, 0xDA, 0xA8, 0x7B, 0x3A, 0x3C, 0x10, 0x11,
-        0x4D, 0x9F, 0x99, 0xAB, 0x4B, 0xA2, 0x20, 0x7A,
-        0x5F, 0x96, 0xEF, 0x1C, 0x00, 0xD7, 0x27, 0x17,
-        0x77, 0x7C, 0x51, 0x58, 0x4B, 0x13, 0x97, 0x53,
-        0x2A, 0xC6, 0x86, 0x4D, 0x3B, 0x8E, 0xBB, 0x4F,
-        0xB8, 0xA0, 0x84, 0x87, 0xF6, 0xEF, 0x55, 0x12,
-        0x2B, 0xCF, 0x9E, 0x5C, 0xD0, 0x0E, 0xBC, 0x1E,
-        0x79, 0x53, 0xE7, 0x8C, 0x4D, 0x8B, 0xCB, 0x20,
-        0xF6, 0xEA, 0x72, 0x0A, 0x63, 0x2F, 0x0C, 0xCF,
-        0x57, 0x27, 0x26, 0xF4, 0x3A, 0x95, 0xCA, 0xBE,
-        0xB5, 0x7C, 0x47, 0x60, 0x10, 0xCD, 0x28, 0x9E,
-        0x02, 0x64, 0xC9, 0x8D, 0x82, 0x49, 0xD0, 0xD6,
-        0x60, 0xF8, 0xDC, 0xC8, 0x4B, 0x7D, 0xB5, 0xEF,
-        0x11, 0x17, 0xC7, 0x94, 0x5F, 0x0D, 0x99, 0xBE,
-        0x75, 0x48, 0x49, 0xC6, 0x58, 0x43, 0x64, 0x99,
-        0x1A, 0x5A, 0x41, 0xBA, 0xC2, 0x31, 0xB3, 0xE0,
-        0x45, 0x1B, 0x81, 0xD2, 0x12, 0xBE, 0x90, 0xDB,
-        0xFF, 0xBC, 0xCB, 0x99, 0xA3, 0xF0, 0x74, 0xE8,
-        0x2C, 0x48, 0x58, 0xB3, 0x17, 0xA4, 0x9A, 0xD2,
-        0x22, 0x46, 0xFB, 0xF5, 0x85, 0x8D, 0x07, 0xDF,
-        0xDB, 0x78, 0x07, 0xF4, 0x99, 0xA8, 0x6C, 0xEE,
-        0x6E, 0x96, 0x20, 0xB8, 0xC2, 0xA9, 0xFA, 0x8B,
-        0x6E, 0xA6, 0x79, 0x6D, 0xF9, 0xC3, 0x0C, 0x77,
-        0x74, 0xAE, 0xB0, 0x40, 0xA9, 0xE5, 0xA7, 0x0B,
-        0x30, 0x40, 0x4B, 0x4F, 0xB1, 0x0A, 0x0B, 0x7B,
-        0xEE, 0x1F, 0x69, 0xFA, 0xD0, 0xF0, 0x2D, 0x5D,
-        0x00, 0xB5, 0x4D, 0xEB, 0x32, 0x84, 0xB2, 0xB7,
-        0x60, 0xAA, 0x6C, 0xF9, 0x98, 0x18, 0xB3, 0xD9,
-        0xC1, 0x54, 0x8D, 0xAC, 0x12, 0xB0, 0x3A, 0x26,
-        0xB2, 0x23, 0x2D, 0x9B, 0xF8, 0x20, 0xEE, 0x90,
-        0xE0, 0x6D, 0x31, 0xDE, 0xF5, 0xCA, 0xBA, 0x6A,
-        0x53, 0x40, 0x29, 0x6C, 0x18, 0x62, 0xA5, 0x8A,
-        0xB8, 0x17, 0xA0, 0xAB, 0xCB, 0xDC, 0xE1, 0x3B,
-        0xD6, 0xC6, 0x29, 0xA3, 0x1C, 0x5F, 0x8D, 0x6E,
-        0x73, 0xF6, 0x98, 0x10, 0x0F, 0x9F, 0x7E, 0xCA,
-        0x4C, 0xD8, 0xEB, 0xE4, 0xB8, 0xDF, 0x72, 0x78,
-        0x65, 0xAF, 0x4A, 0x20, 0xFE, 0x7C, 0xB4, 0xCA,
-        0x07, 0x81, 0xFD, 0xC5, 0xC5, 0xFD, 0x33, 0x4D,
-        0xB8, 0x37, 0x37, 0xC4, 0x21, 0x81, 0x66, 0x45,
-        0xAE, 0x81, 0x34, 0x13, 0xA6, 0x40, 0x81, 0x39,
-        0x55, 0x90, 0xE6, 0xF1, 0x42, 0x56, 0x74, 0xFF,
-        0x06, 0x9B, 0x50, 0x1F, 0x0F, 0xDA, 0x6B, 0x31,
-        0xC6, 0x4B, 0xC5, 0xC2, 0x14, 0xE7, 0x01, 0x5E,
-        0xA9, 0xDA, 0x12, 0x2D, 0x6C, 0xE0, 0x8C, 0xEB,
-        0x2D, 0xF6, 0x2C, 0x45, 0xBC, 0x01, 0x73, 0x34,
-        0x6D, 0xAB, 0xBC, 0x15, 0x4C, 0x16, 0x03, 0x35,
-        0x9D, 0xD4, 0xF0, 0xAC, 0x49, 0x84, 0x4A, 0xEE,
-        0x46, 0x47, 0x64, 0x93, 0xF2, 0x49, 0x59, 0x86,
-        0x26, 0xFB, 0x24, 0x6B, 0x99, 0xB3, 0x9A, 0xCB,
-        0xB4, 0x2B, 0x28, 0x4E, 0x0C, 0x2D, 0x3F, 0x9E,
-        0xCE, 0x32, 0x71, 0xC4, 0xD5, 0xE0, 0x6C, 0x48,
-        0x25, 0xEA, 0x1A, 0x8F, 0x08, 0x57, 0x23, 0x85,
-        0x89, 0xCD, 0xC5, 0x48, 0x37, 0x19, 0x8E, 0xD4,
-        0x23, 0x4D, 0xD0, 0x31, 0x73, 0xA8, 0x8E, 0x43,
-        0xEE, 0x95, 0x67, 0xF5, 0x7A, 0x93, 0x27, 0xD3,
-        0x90, 0x36, 0x30, 0x4C, 0xA1, 0xCD, 0xB5, 0xF8,
-        0x65, 0xC5, 0x89, 0x54, 0x57, 0x2C, 0xAE, 0xF8,
-        0x75, 0xF1, 0x2E, 0x14, 0x14, 0x14, 0x0D, 0x97,
-        0x5B, 0x24, 0x52, 0x46, 0x7A, 0x57, 0x6D, 0x9C,
-        0x4C, 0x79, 0xDB, 0x0A, 0xE0, 0x23, 0x69, 0x52,
-        0x9B, 0xF8, 0x1B, 0x54, 0x40, 0x18, 0xDF, 0xE0,
-        0x1E, 0xF0, 0x61, 0xE4, 0x79, 0x81, 0xF9, 0x98,
-        0x9A, 0x8C, 0x48, 0xFF, 0x86, 0x93, 0x0B, 0x68,
-        0x96, 0x78, 0x2F, 0xF1, 0x2D, 0xDC, 0x60, 0x1F,
-        0x8B, 0x1C, 0x04, 0x43, 0x4E, 0x60, 0x96, 0x5B,
-        0x8A, 0xF6, 0x89, 0xCC, 0xC8, 0xB2, 0x9B, 0xBF,
-        0x87, 0x16, 0x2E, 0xA8, 0x6F, 0x9B, 0x4B, 0xFD,
-        0x74, 0x4E, 0x8F, 0x36, 0x33, 0x23, 0xDE, 0x94,
-        0xD2, 0xA1, 0x72, 0x4F, 0xB2, 0xE6, 0x75, 0x3D,
-        0x6E, 0x47, 0x9B, 0xDB, 0x58, 0xE5, 0x4A, 0x0C,
-        0x09, 0x8F, 0x9C, 0x83, 0x63, 0x98, 0x8B, 0xA4,
-        0xF7, 0x3D, 0x01, 0xA6, 0x8B, 0x93, 0x97, 0x48,
-        0x84, 0x75, 0x32, 0xC7, 0xD7, 0x03, 0xDF, 0x7E,
-        0x94, 0x8C, 0x8A, 0xA6, 0x78, 0x1A, 0xAE, 0xDE,
-        0x36, 0x8A, 0xAD, 0x13, 0x7E, 0xF0, 0x16, 0xC2,
-        0x3B, 0xAF, 0xF9, 0xD8, 0x66, 0x12, 0x30, 0x72,
-        0x76, 0x6D, 0x21, 0x4C, 0xF3, 0xEF, 0x0D, 0x8C,
-        0x11, 0xA4, 0x12, 0xBE, 0xF5, 0x7E, 0x8E, 0x6A,
-        0x11, 0x13, 0x48, 0x8D, 0xC2, 0x62, 0xCF, 0x45,
-        0x7C, 0xE3, 0x91, 0x88, 0x59, 0xFF, 0xB0, 0xF1,
-        0xC3, 0xBC, 0x1D, 0x2A, 0x3E, 0x9B, 0x78, 0xF3,
-        0xB1, 0x2E, 0xB0, 0x27, 0xD8, 0x16, 0xF8, 0x9B,
-        0x2A, 0xAF, 0xF1, 0xAB, 0xB0, 0xF1, 0x8C, 0x7F,
-        0x94, 0x31, 0x97, 0x85, 0xDA, 0xF0, 0xF4, 0x27,
-        0x51, 0x3E, 0x5A, 0xE1, 0xDD, 0x6D, 0x9E, 0x98,
-        0x39, 0xBB, 0xDF, 0xA2, 0xBA, 0x2C, 0x08, 0xAD,
-        0x1D, 0x3F, 0x86, 0xF6, 0xC2, 0x1A, 0x8C, 0xAD,
-        0xE0, 0xDC, 0xDD, 0x02, 0x47, 0x4C, 0x7E, 0x2D,
-        0xDA, 0x1D, 0x70, 0x92, 0x39, 0xAA, 0x4E, 0xBA,
-        0x14, 0xC7, 0xEC, 0x26, 0xBD, 0x9D, 0x1F, 0x6D,
-        0x91, 0x58, 0x3C, 0xB5, 0xEF, 0x37, 0xB9, 0x66,
-        0x4E, 0x04, 0x7C, 0x29, 0xCF, 0xD7, 0x8E, 0x47,
-        0x84, 0xF3, 0xD2, 0x21, 0x84, 0xC5, 0xF8, 0xDC,
-        0xC9, 0xF2, 0x52, 0xD5, 0x6A, 0xBF, 0xF1, 0xF1,
-        0xDE, 0x9E, 0x7A, 0xF1, 0xD5, 0x5A, 0xF6, 0xEF,
-        0x94, 0x66, 0xF9, 0x25, 0x44, 0x7F, 0x8D, 0x92,
-        0xA2, 0x25, 0x1C, 0x72, 0x92, 0x30, 0x2A, 0xB7,
-        0xEF, 0x18, 0xF3, 0x8C, 0xEF, 0x69, 0xA5, 0x5C,
-        0x19, 0x3E, 0xC5, 0xBD, 0xEE, 0x2C, 0x2D, 0x71,
-        0xDB, 0x89, 0xD4, 0x11, 0xA6, 0x27, 0x80, 0x8F,
-        0x5A, 0x39, 0x9A, 0x04, 0x28, 0x4F, 0x9F, 0x00,
-        0xBE, 0xF9, 0xF7, 0x9B, 0x46, 0x69, 0xD6, 0xAC,
-        0x12, 0xE9, 0xA7, 0xC2, 0xD1, 0xC8, 0xAD, 0x5D,
-        0xF7, 0xCB, 0x0C, 0x98, 0x78, 0x2D, 0x04, 0x4D,
-        0x2D, 0x41, 0xAB, 0xC6, 0x3F, 0x81, 0x1D, 0xB9,
-        0x2C, 0x1F, 0x3F, 0x59, 0x11, 0xF4, 0x80, 0x4F,
-        0x0B, 0xCA, 0x9F, 0x81, 0x6E, 0x9C, 0xD1, 0xB4,
-        0x74, 0x06, 0x48, 0x0A, 0x87, 0x2C, 0xFD, 0x4D,
-        0x85, 0xD4, 0x21, 0x65, 0x7C, 0x96, 0x69, 0x53,
-        0x51, 0xC0, 0xC4, 0xB0, 0xEB, 0x20, 0xDB, 0xE0,
-        0x41, 0x09, 0xA7, 0x62, 0xB2, 0xF3, 0xC7, 0x6A,
-        0x1D, 0x53, 0xA0, 0x39, 0xBA, 0xCF, 0x78, 0x9E,
-        0xBF, 0x1D, 0xA5, 0x98, 0x09, 0x8E, 0xA7, 0x1A,
-        0xE7, 0x95, 0xFF, 0x10, 0x38, 0xCC, 0x8F, 0x44,
-        0xCB, 0xE7, 0xF6, 0xD6, 0x2C, 0xFF, 0xA8, 0x1C,
-        0xFF, 0xA3, 0x65, 0xE8, 0x4E, 0xAE, 0xC7, 0xEF,
-        0x61, 0xE1, 0x16, 0x4B, 0x8C, 0xA8, 0xC8, 0xFB,
-        0xA5, 0x2C, 0xD1, 0x0A, 0x39, 0xAB, 0x4A, 0xF9,
-        0xEE, 0x0B, 0x9B, 0xB4, 0x33, 0x5E, 0x25, 0x15,
-        0xD0, 0xAA, 0x93, 0xC4, 0x53, 0x42, 0x91, 0xC5,
-        0x98, 0x15, 0x34, 0x9A, 0x22, 0x1D, 0x9A, 0xE7,
-        0x0E, 0x81, 0xF6, 0x99, 0x55, 0xB3, 0xD6, 0x49,
-        0x1B, 0xB8, 0xA8, 0xBE, 0xDF, 0x54, 0xF0, 0x78,
-        0xF7, 0x02, 0x97, 0x74, 0x84, 0x67, 0x6B, 0xAE,
-        0x2F, 0xEC, 0x6E, 0x59, 0x20, 0x68, 0xD8, 0xE3,
-        0x5A, 0x07, 0x48, 0xE1, 0x99, 0x90, 0xEE, 0xCD,
-        0x17, 0x2B, 0xB6, 0xD6, 0xAA, 0x1A, 0xF8, 0x97,
-        0x4E, 0xE0, 0x67, 0x9E, 0x4C, 0x35, 0xFE, 0x68,
-        0x71, 0x54, 0x43, 0x5D, 0x43, 0x59, 0x19, 0xEB,
-        0x58, 0x8E, 0x9A, 0xF6, 0xBD, 0x88, 0x71, 0xEE,
-        0x89, 0xC6, 0xF2, 0x10, 0x04, 0x33, 0x13, 0x88,
-        0xCD, 0x08, 0xB5, 0xE3, 0x5D, 0xA8, 0xBC, 0x43,
-        0xB3, 0x84, 0x5F, 0x70, 0x94, 0xD9, 0xAC, 0xAE,
-        0x74, 0x70, 0x13, 0x1E, 0x21, 0xFB, 0xD5, 0x7F,
-        0xEC, 0x66, 0x2F, 0xA0, 0xB1, 0x1D, 0xE3, 0xF8,
-        0xB9, 0x36, 0x48, 0x25, 0x3D, 0xBA, 0x7D, 0x44,
-        0x08, 0xC5, 0x71, 0x74, 0xDA, 0xD3, 0x4F, 0x97,
-        0x86, 0xF1, 0x16, 0x38, 0xD8, 0xC9, 0xE3, 0x3A,
-        0xA7, 0x2E, 0x06, 0x4D, 0x9D, 0xE8, 0xFC, 0x38,
-        0x58, 0x2A, 0x8D, 0x2D, 0x07, 0x99, 0xEA, 0xDF,
-        0xF3, 0x00, 0x3B, 0xBC, 0x5F, 0x67, 0x1E, 0x4B,
-        0x6C, 0xF1, 0x4A, 0x47, 0xB0, 0x71, 0x90, 0x5A,
-        0x3B, 0x75, 0x93, 0x75, 0x56, 0x50, 0x4C, 0x70,
-        0xF3, 0xC7, 0x95, 0xD5, 0xEA, 0xCB, 0x4C, 0x92,
-        0x4F, 0x22, 0x4F, 0xD9, 0x34, 0x46, 0x76, 0xFB,
-        0x79, 0xD6, 0xBD, 0x4E, 0x84, 0xEE, 0xE7, 0x78,
-        0x7C, 0xB8, 0x92, 0x9F, 0xAD, 0xF2, 0x17, 0x5D,
-        0x38, 0xB1, 0x88, 0x2E, 0xE9, 0x65, 0xAC, 0x4C,
-        0x24, 0x27, 0x1D, 0x7B, 0xA3, 0x69, 0x96, 0x55,
-        0x5C, 0x26, 0x40, 0xAF, 0x04, 0xB1, 0xCE, 0xA8,
-        0x5D, 0x1E, 0x1F, 0xE5, 0x5A, 0xC3, 0xAE, 0xF9,
-        0x14, 0x03, 0x58, 0x10, 0x1C, 0x8B, 0x1F, 0xDB,
-        0x6C, 0x71, 0x68, 0x60, 0x13, 0x32, 0xF1, 0xA9,
-        0x69, 0x45, 0x28, 0x69, 0x7C, 0xE3, 0xC9, 0x56,
-        0xAF, 0xF3, 0xBD, 0x4B, 0x9E, 0x0A, 0x06, 0x6A,
-        0x62, 0x20, 0x40, 0x65, 0xBD, 0xBC, 0xBF, 0xC7,
-        0x0A, 0x2A, 0xCF, 0x56, 0x7C, 0x0E, 0x64, 0xBB,
-        0x64, 0x71, 0x2D, 0x90, 0xBB, 0x32, 0x00, 0x0A,
-        0x4A, 0x45, 0x44, 0x08, 0x75, 0x2C, 0x86, 0x13,
-        0x86, 0x52, 0x8D, 0x3D, 0xFC, 0xF3, 0x5E, 0x5B,
-        0x3F, 0x7A, 0xAA, 0x98, 0x84, 0xCF, 0x92, 0xF9,
-        0x0B, 0x40, 0x8F, 0xC0, 0xA3, 0x71, 0x84, 0xAD,
-        0xEE, 0xDF, 0xC4, 0x91, 0x7E, 0x87, 0x7D, 0x06,
-        0xCA, 0x65, 0x8C, 0xE4, 0x8E, 0x03, 0xF0, 0x59,
-        0x3E, 0xB4, 0x90, 0x4C, 0xEE, 0x88, 0x29, 0xE4,
-        0x26, 0x7D, 0xA6, 0x54, 0x82, 0x49, 0xC1, 0x9D,
-        0x80, 0xAB, 0x6B, 0xD7, 0xBE, 0x7D, 0x09, 0x80,
-        0x5E, 0xB6, 0xD1, 0x1E, 0xD1, 0x1B, 0xE9, 0x8D,
-        0xFC, 0x6E, 0x9C, 0x14, 0x0C, 0x15, 0x02, 0x87,
-        0xF3, 0x9D, 0x21, 0xF8, 0xCB, 0xC8, 0xB9, 0xBD,
-        0xE1, 0x70, 0xEA, 0xE4, 0x86, 0x4C, 0x97, 0xC1,
-        0xEE, 0x4C, 0x18, 0x95, 0xEC, 0xD2, 0x4D, 0x35,
-        0x9F, 0xC6, 0x56, 0x10, 0x3E, 0xC0, 0xB9, 0x7B,
-        0x13, 0x1A, 0x37, 0x3D, 0x40, 0x4C, 0x88, 0x8B,
-        0x9A, 0xA5, 0xB2, 0xB8, 0xB9, 0xC3, 0xEC, 0xF1,
-        0x14, 0x33, 0x63, 0x67, 0x84, 0x98, 0xC8, 0xF4,
-        0x06, 0x0C, 0x0E, 0x0F, 0x10, 0x12, 0x15, 0x16,
-        0x45, 0x4E, 0x55, 0x5A, 0x5F, 0x8A, 0x94, 0x97,
-        0xA8, 0xAF, 0xB2, 0xCC, 0xD4, 0xDC, 0xE7, 0xF1,
-        0xFE, 0xFF, 0x11, 0x24, 0x53, 0x62, 0x94, 0xB7,
-        0xB9, 0xD3, 0xD9, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x10, 0x18, 0x32, 0x3B
-    };
-#endif
-#ifndef WOLFSSL_NO_ML_DSA_65
-    static const byte pk_65[] = {
-        0x6C, 0x84, 0x14, 0x38, 0x08, 0x56, 0xCB, 0x52,
-        0xD7, 0x9C, 0x4B, 0x29, 0x13, 0x9F, 0xB1, 0x83,
-        0x9B, 0x86, 0x06, 0xF5, 0x94, 0x8B, 0x9D, 0x72,
-        0xA9, 0x56, 0xDC, 0xF1, 0x01, 0x16, 0xDA, 0x9E,
-        0x2D, 0x79, 0x77, 0x01, 0x86, 0xFC, 0x74, 0xD9,
-        0x42, 0xC0, 0xF4, 0xA3, 0xB5, 0x95, 0xFF, 0x6C,
-        0x19, 0x80, 0x4B, 0x49, 0x90, 0x1C, 0x6A, 0xD5,
-        0xFA, 0xF7, 0x16, 0x01, 0xC2, 0xB6, 0x00, 0x31,
-        0x5E, 0x1F, 0x40, 0xC2, 0x05, 0x47, 0x67, 0xB0,
-        0x09, 0x25, 0xDF, 0x3A, 0xA4, 0x90, 0xE8, 0xC7,
-        0x6F, 0x05, 0xFB, 0xFB, 0x74, 0x91, 0x10, 0x75,
-        0xE6, 0x51, 0x8C, 0x5F, 0x1D, 0x91, 0xB8, 0xA0,
-        0xE5, 0xB5, 0x98, 0x30, 0xD3, 0xDF, 0x39, 0x94,
-        0x76, 0x04, 0x11, 0xEB, 0xB9, 0x11, 0xED, 0x4C,
-        0xC2, 0xC1, 0x60, 0xE3, 0x84, 0x9A, 0x93, 0x76,
-        0x2D, 0xFC, 0xA7, 0xB9, 0x81, 0x2B, 0xC7, 0xAE,
-        0xB2, 0xDD, 0xB2, 0x76, 0x7B, 0xEF, 0x36, 0x50,
-        0x56, 0x05, 0xAE, 0x06, 0x92, 0x60, 0xBC, 0xC8,
-        0xDC, 0x47, 0x87, 0xC4, 0x28, 0xCB, 0x3C, 0x07,
-        0x6E, 0xF2, 0xA6, 0xB9, 0x35, 0x61, 0xD8, 0x94,
-        0x3F, 0x45, 0xCA, 0xBE, 0x8F, 0x05, 0x53, 0xFF,
-        0x2E, 0xA1, 0xAC, 0x95, 0xC1, 0xCE, 0x21, 0x59,
-        0x3A, 0x17, 0x54, 0x59, 0xD7, 0xDF, 0x12, 0xC4,
-        0x07, 0x0A, 0xDB, 0x0E, 0xEE, 0x55, 0xB4, 0xAB,
-        0xAE, 0x59, 0xBE, 0x69, 0xC3, 0xFF, 0x0D, 0xE5,
-        0xA9, 0xB0, 0x27, 0xFC, 0x7D, 0x8E, 0x6E, 0x05,
-        0x7B, 0x71, 0x52, 0xEE, 0x6A, 0xB4, 0x80, 0xD1,
-        0x05, 0xD3, 0x0B, 0x0F, 0x50, 0x51, 0xB6, 0x0C,
-        0x79, 0x01, 0xC5, 0x25, 0xC4, 0x63, 0x5F, 0xE6,
-        0x68, 0xCC, 0x00, 0xE9, 0xD3, 0x09, 0x7D, 0xB9,
-        0x9D, 0x66, 0x32, 0x37, 0x15, 0xCE, 0x4F, 0x0B,
-        0x79, 0xB4, 0x26, 0xB4, 0x54, 0x5E, 0x09, 0xF4,
-        0xDE, 0x39, 0x32, 0x3D, 0xD1, 0x4C, 0xCB, 0x0D,
-        0x17, 0x10, 0x8C, 0xD4, 0x6D, 0xEC, 0x61, 0x38,
-        0xCD, 0xFA, 0x28, 0x72, 0xC1, 0xC4, 0xC8, 0xAE,
-        0xAD, 0x5C, 0x8C, 0xE0, 0x41, 0x57, 0xE5, 0x53,
-        0xA3, 0x75, 0x58, 0xC2, 0x34, 0x6A, 0x06, 0x19,
-        0x4C, 0xB5, 0x0B, 0x49, 0x81, 0xBF, 0x4D, 0x09,
-        0x0C, 0xE4, 0xE8, 0x60, 0x12, 0x6A, 0x82, 0x54,
-        0xA4, 0xD4, 0xC0, 0x84, 0xC3, 0xE2, 0x02, 0x0B,
-        0xC0, 0x75, 0x35, 0x21, 0x04, 0x9B, 0x0F, 0xD8,
-        0x89, 0x97, 0xE0, 0x27, 0xAC, 0x51, 0xE7, 0x5C,
-        0xF1, 0x35, 0x0C, 0x3F, 0x30, 0x3A, 0x0E, 0xCE,
-        0x42, 0x64, 0x87, 0x15, 0x3D, 0xAF, 0x1F, 0xAA,
-        0xD6, 0x80, 0x8B, 0x9D, 0x99, 0x07, 0xDA, 0x9F,
-        0x35, 0x18, 0x5B, 0xD3, 0xBE, 0x8D, 0x9C, 0xEB,
-        0xE9, 0x16, 0xCE, 0xD1, 0xFA, 0x29, 0x28, 0xD8,
-        0x85, 0xA9, 0xCB, 0xA8, 0x81, 0x49, 0x70, 0x3F,
-        0x5E, 0x47, 0x72, 0xE4, 0x85, 0x23, 0x12, 0x5D,
-        0xDD, 0x02, 0x6E, 0x71, 0x4C, 0x49, 0xF4, 0xFB,
-        0x4E, 0x54, 0x4B, 0xBF, 0x61, 0x7A, 0x40, 0xB0,
-        0x0B, 0x68, 0xDF, 0x8F, 0x15, 0x5F, 0x58, 0x80,
-        0xD4, 0x11, 0x87, 0x7E, 0x25, 0xB4, 0x2B, 0x24,
-        0x48, 0xB3, 0x6B, 0xEC, 0x2F, 0x1F, 0x8F, 0x9A,
-        0x77, 0x0C, 0x54, 0x51, 0x50, 0xA0, 0x27, 0x8E,
-        0x9B, 0x72, 0x45, 0x00, 0xAE, 0xAA, 0xEA, 0x47,
-        0x1C, 0x11, 0xCF, 0xF0, 0x4E, 0x30, 0xEA, 0xB2,
-        0xF4, 0x73, 0xBC, 0x04, 0x8E, 0x32, 0xCD, 0x31,
-        0xAE, 0xF2, 0x15, 0x79, 0xB6, 0x99, 0x22, 0x5B,
-        0xF9, 0xE1, 0xB6, 0x70, 0x0C, 0x57, 0xE5, 0x09,
-        0xFC, 0xA1, 0xF2, 0x36, 0x29, 0x4A, 0x59, 0x74,
-        0xDA, 0xA1, 0x5F, 0xBC, 0xAD, 0x62, 0xD4, 0xBD,
-        0xDC, 0x45, 0x32, 0xB2, 0x61, 0x41, 0x44, 0xDB,
-        0xE2, 0x88, 0x07, 0x36, 0x8C, 0x28, 0x1A, 0x77,
-        0x0E, 0xA2, 0x2B, 0x1E, 0x5A, 0x3F, 0xA5, 0xBA,
-        0x14, 0x92, 0x6D, 0xC5, 0x5A, 0x54, 0xF8, 0x4A,
-        0x2A, 0x77, 0xC5, 0xA7, 0x08, 0x41, 0xF0, 0x7B,
-        0xC1, 0xDE, 0xEF, 0x74, 0x03, 0xB2, 0x47, 0xAB,
-        0x42, 0xB8, 0x4A, 0xDF, 0x14, 0x1E, 0x03, 0x0C,
-        0x98, 0x46, 0x84, 0x24, 0xDA, 0xAE, 0xB9, 0x9D,
-        0x25, 0x77, 0xF9, 0x50, 0xC2, 0x37, 0x3C, 0xCA,
-        0x1E, 0x2D, 0xC2, 0x76, 0x1B, 0x8E, 0xDD, 0x6D,
-        0x08, 0xFF, 0x79, 0xE5, 0x28, 0x88, 0x0F, 0xFB,
-        0x51, 0xC3, 0x6E, 0xD4, 0x20, 0xAC, 0x5D, 0x50,
-        0xF2, 0x58, 0x2A, 0xA6, 0x64, 0xE5, 0x4E, 0xA5,
-        0xF4, 0x18, 0x9E, 0xA0, 0x17, 0x6D, 0xAA, 0x61,
-        0x22, 0xF6, 0x23, 0x5A, 0x70, 0xB1, 0x5C, 0xEB,
-        0x4D, 0xDD, 0x65, 0xD3, 0xBE, 0x6E, 0xBF, 0x3D,
-        0xC4, 0x31, 0x89, 0xEE, 0x0A, 0x2E, 0x31, 0x05,
-        0x63, 0x8F, 0x23, 0x87, 0x36, 0x95, 0x28, 0x0F,
-        0x1B, 0x74, 0x27, 0x43, 0x52, 0xD6, 0x0A, 0x48,
-        0xE5, 0xD3, 0xDD, 0x02, 0xFB, 0x7A, 0x5E, 0xD8,
-        0x3F, 0xE2, 0x7A, 0x69, 0x82, 0x51, 0x42, 0x1C,
-        0x8E, 0x9C, 0x98, 0x80, 0x61, 0x02, 0x39, 0x6E,
-        0x53, 0x73, 0x90, 0xAC, 0xFD, 0x8C, 0x1D, 0x0B,
-        0x4F, 0x99, 0xB7, 0x02, 0xA9, 0xEA, 0x65, 0x98,
-        0x78, 0x58, 0x3D, 0x92, 0x75, 0x89, 0x41, 0xB3,
-        0x0E, 0xCE, 0x50, 0x7C, 0x10, 0x4B, 0x2C, 0xE4,
-        0x87, 0x67, 0x9E, 0xCF, 0x68, 0xB4, 0xD8, 0xB9,
-        0x80, 0x69, 0x8A, 0xCF, 0x6A, 0xA6, 0xA5, 0x7E,
-        0x8E, 0xD6, 0xAF, 0x3F, 0xF1, 0x8D, 0x26, 0x68,
-        0x95, 0x04, 0x28, 0xB5, 0x7D, 0x18, 0x2F, 0x73,
-        0xBB, 0x49, 0xB9, 0xB0, 0x38, 0xCC, 0xC8, 0x2D,
-        0x56, 0x12, 0x78, 0xA3, 0x86, 0xD5, 0x66, 0x45,
-        0xEC, 0x3F, 0xAF, 0xFB, 0x41, 0x25, 0xE0, 0xE7,
-        0xF3, 0x6B, 0x48, 0xB1, 0x4B, 0x45, 0x25, 0x47,
-        0xA0, 0xB4, 0x81, 0xAA, 0x6B, 0x33, 0x42, 0x29,
-        0x24, 0x91, 0x53, 0xE4, 0x2E, 0xDF, 0x7E, 0x49,
-        0xDD, 0x6E, 0x76, 0x36, 0xBF, 0xC6, 0x15, 0xA2,
-        0x3A, 0x40, 0x1E, 0xFD, 0x40, 0x34, 0xC8, 0x1B,
-        0x4D, 0xCE, 0xF0, 0x27, 0xD3, 0x44, 0xDD, 0xCC,
-        0xE0, 0xA7, 0x16, 0x18, 0xEB, 0x59, 0x10, 0xCE,
-        0xC6, 0x22, 0x28, 0x81, 0x93, 0x85, 0x03, 0x3E,
-        0x8D, 0x0A, 0xBD, 0x49, 0x3D, 0x98, 0x3E, 0x4F,
-        0xC0, 0x87, 0xD7, 0x2B, 0x45, 0x5E, 0x4D, 0xB6,
-        0x3A, 0x2F, 0x82, 0xCE, 0xFF, 0x65, 0xC1, 0xE6,
-        0x28, 0xEA, 0xE6, 0x30, 0x59, 0x6D, 0xEC, 0x27,
-        0xFB, 0x98, 0xB8, 0x4D, 0xBF, 0xDC, 0xDF, 0xAB,
-        0x40, 0xE4, 0x72, 0x24, 0x49, 0x14, 0xAF, 0xF1,
-        0x79, 0x32, 0x6D, 0x54, 0x2D, 0x40, 0x1A, 0x3C,
-        0xBB, 0x86, 0xE5, 0xFF, 0x83, 0x51, 0xEF, 0xE5,
-        0x3A, 0x73, 0xC5, 0x1A, 0xBB, 0x63, 0xFF, 0x55,
-        0x3E, 0x7D, 0x79, 0x57, 0xEF, 0x89, 0x13, 0x5E,
-        0x0F, 0x5B, 0xB1, 0xBD, 0x0C, 0x24, 0xF9, 0xE4,
-        0x5E, 0x32, 0x36, 0x41, 0x3C, 0x60, 0xE1, 0x39,
-        0x6A, 0x47, 0x56, 0x7C, 0x94, 0x39, 0x51, 0x0F,
-        0x00, 0xD4, 0xA4, 0x3C, 0x14, 0x9A, 0x5C, 0xCC,
-        0x04, 0xF3, 0xD4, 0x7E, 0x67, 0xA8, 0xE2, 0x94,
-        0xA4, 0x61, 0xA5, 0xF6, 0x93, 0xDB, 0x0C, 0xAE,
-        0x22, 0xCF, 0xAC, 0x61, 0xE8, 0x53, 0x47, 0x7D,
-        0x33, 0x9A, 0x4E, 0x45, 0xF7, 0xB1, 0x7C, 0x3C,
-        0x11, 0x6D, 0x56, 0xF3, 0xA0, 0x68, 0xFC, 0x5A,
-        0xDF, 0xEF, 0x38, 0xFF, 0x85, 0x33, 0x2B, 0xD5,
-        0x15, 0x3C, 0x4D, 0x8F, 0xB8, 0xF1, 0x48, 0xF1,
-        0x17, 0x65, 0x9C, 0x2E, 0xA9, 0x4D, 0xB4, 0x2A,
-        0xA0, 0xB0, 0xBE, 0xBB, 0x47, 0x5A, 0x11, 0x04,
-        0x12, 0xF3, 0xCD, 0x33, 0x49, 0xFC, 0x1A, 0xD0,
-        0x41, 0xB7, 0xD5, 0x30, 0x4A, 0x85, 0x93, 0x14,
-        0x4E, 0xFA, 0x3A, 0x36, 0x1D, 0x1B, 0x0C, 0x76,
-        0x13, 0xB8, 0x2C, 0x08, 0x6E, 0xA7, 0x12, 0x6E,
-        0x43, 0xC6, 0x16, 0xCE, 0xE8, 0xF1, 0x44, 0x4E,
-        0x99, 0x56, 0xE8, 0x7F, 0x5C, 0xAB, 0x95, 0xC7,
-        0xC7, 0xFB, 0x17, 0x58, 0xEC, 0x7D, 0x97, 0x01,
-        0x9E, 0x5B, 0xA9, 0x35, 0x43, 0xEF, 0x3B, 0xAC,
-        0x1A, 0x17, 0x42, 0x99, 0xCA, 0x48, 0xBF, 0x78,
-        0x59, 0xDB, 0xFB, 0xDF, 0xF2, 0x43, 0xB1, 0x14,
-        0xF6, 0xBF, 0x42, 0x3C, 0xE9, 0x8B, 0x4D, 0x4D,
-        0x09, 0x1D, 0xA4, 0x4F, 0x32, 0x74, 0xD5, 0x73,
-        0xFD, 0xC9, 0x04, 0xBD, 0x88, 0x5E, 0x35, 0xC9,
-        0x15, 0x2A, 0x65, 0x35, 0x48, 0x88, 0xF1, 0x1E,
-        0xD4, 0xF3, 0xD6, 0x3F, 0x26, 0xA7, 0xBE, 0x2F,
-        0x57, 0x26, 0xEA, 0xDA, 0xF4, 0x85, 0x86, 0x59,
-        0x2B, 0xBD, 0xF6, 0xCE, 0xE2, 0x46, 0x76, 0x9E,
-        0x0E, 0xDA, 0x2A, 0x80, 0x77, 0x1F, 0xED, 0x34,
-        0x7D, 0x67, 0xAF, 0xEE, 0xC6, 0x8B, 0x89, 0x46,
-        0x3F, 0xA0, 0x49, 0x6D, 0xBC, 0x15, 0xC8, 0x9E,
-        0x8D, 0x56, 0x99, 0x83, 0xD1, 0xD6, 0x74, 0x73,
-        0x3F, 0x2B, 0xF9, 0xDF, 0x4A, 0x98, 0x0E, 0xA8,
-        0xC5, 0xE3, 0xAF, 0x15, 0x56, 0x0A, 0x0E, 0x28,
-        0xD6, 0x72, 0xB5, 0x80, 0xAB, 0x65, 0x52, 0xED,
-        0x76, 0xAA, 0xCB, 0x5F, 0x80, 0x26, 0x0B, 0x97,
-        0x03, 0x76, 0x9D, 0x33, 0xF4, 0x13, 0x8A, 0xBC,
-        0x10, 0xBF, 0x5B, 0x05, 0x82, 0xDC, 0xC6, 0x2D,
-        0xBE, 0x58, 0xC8, 0x90, 0xF5, 0x1B, 0x41, 0x00,
-        0x12, 0x77, 0x34, 0xFB, 0x7D, 0xB7, 0x44, 0x7A,
-        0x72, 0x0A, 0xAE, 0x00, 0x9D, 0x00, 0xBE, 0x8C,
-        0x61, 0x07, 0x92, 0xC6, 0x4F, 0x13, 0x1F, 0x2D,
-        0x72, 0x11, 0x5C, 0x7E, 0x05, 0x8E, 0x48, 0xB9,
-        0xDE, 0x64, 0xF5, 0x5B, 0x4D, 0x61, 0x0C, 0x36,
-        0xD1, 0x12, 0x71, 0x6A, 0x31, 0xA3, 0xDF, 0xE2,
-        0x66, 0x99, 0xE9, 0xC2, 0xAB, 0xA0, 0x56, 0x58,
-        0xCE, 0xF1, 0xB2, 0xB0, 0x86, 0x7C, 0xF8, 0xD5,
-        0x23, 0x3D, 0xB7, 0x4F, 0xA8, 0xDC, 0x3A, 0xD1,
-        0x45, 0xF5, 0xD2, 0x85, 0x74, 0x36, 0x0A, 0x85,
-        0xE3, 0xB0, 0xB1, 0x0A, 0xC0, 0xA6, 0x46, 0x7A,
-        0x7B, 0x05, 0x98, 0x46, 0x28, 0xEC, 0xA1, 0x04,
-        0x63, 0xF3, 0x48, 0xA3, 0x11, 0x1E, 0x00, 0x57,
-        0x8D, 0x3C, 0xE5, 0x48, 0x0F, 0x53, 0x75, 0xA1,
-        0xEE, 0x23, 0xEE, 0x82, 0x08, 0x7B, 0xAC, 0x41,
-        0x23, 0x3A, 0x14, 0xAA, 0xA7, 0x24, 0x73, 0x4B,
-        0x18, 0x74, 0xA4, 0xAC, 0xE1, 0x13, 0x37, 0x06,
-        0x25, 0x8F, 0x5F, 0xEA, 0x3A, 0x0C, 0x16, 0x09,
-        0xE3, 0x0C, 0x7F, 0xD2, 0x10, 0xDA, 0x0C, 0x4F,
-        0xDE, 0x91, 0x62, 0xDF, 0x66, 0xFB, 0xAF, 0x79,
-        0x2F, 0xA2, 0xAE, 0xAA, 0x51, 0x2F, 0x0F, 0xF7,
-        0x83, 0x7B, 0x9C, 0xC0, 0x2E, 0xE9, 0xBD, 0x95,
-        0x53, 0x9F, 0x00, 0x1B, 0xBD, 0x60, 0xDD, 0x8B,
-        0x42, 0xD6, 0x16, 0xB2, 0xCA, 0x95, 0xF3, 0x83,
-        0x5F, 0x5E, 0x47, 0xD4, 0x3B, 0x14, 0x34, 0xC4,
-        0x56, 0x3F, 0xD8, 0x1C, 0x15, 0xBE, 0xFA, 0x20,
-        0x2C, 0xF3, 0xD9, 0x54, 0x08, 0x73, 0xF6, 0x84,
-        0xAF, 0xE1, 0x9A, 0xB5, 0xC0, 0x1F, 0xA9, 0x2E,
-        0x95, 0xA8, 0xCD, 0x6F, 0x36, 0x07, 0x30, 0x85,
-        0x6E, 0x59, 0xC9, 0xC6, 0xAB, 0x77, 0x0D, 0x65,
-        0x75, 0x96, 0x2A, 0xF7, 0x58, 0x78, 0x57, 0x2A,
-        0x2A, 0x26, 0x41, 0x3D, 0x01, 0xAB, 0x31, 0x8C,
-        0x10, 0x0D, 0xFC, 0x34, 0xDC, 0x1D, 0xEF, 0xA5,
-        0x92, 0x7C, 0x4B, 0x45, 0x99, 0x25, 0xD7, 0x3E,
-        0x1E, 0xB9, 0x14, 0x70, 0xE3, 0x7A, 0x58, 0x45,
-        0x5C, 0x22, 0xA9, 0x61, 0xFD, 0x53, 0xF7, 0xD9,
-        0x90, 0x26, 0xFF, 0x88, 0x4B, 0xF4, 0xA2, 0x57,
-        0x9F, 0x70, 0x63, 0x35, 0xEF, 0xB6, 0xFB, 0x22,
-        0x50, 0xD5, 0x2A, 0xE5, 0x61, 0x89, 0x8B, 0xA1,
-        0x60, 0x6E, 0x51, 0xE9, 0x6D, 0x37, 0xC9, 0xED,
-        0x3E, 0xC6, 0xCF, 0xCB, 0x33, 0xBF, 0xBE, 0x9C,
-        0x31, 0x43, 0xFD, 0x3B, 0x6B, 0x33, 0x4D, 0x5F,
-        0x61, 0x92, 0x2B, 0x36, 0x9A, 0xFB, 0xB3, 0x1C,
-        0x3E, 0x6E, 0x9B, 0x5F, 0x3A, 0xEB, 0xF9, 0x5C,
-        0xB7, 0x08, 0x34, 0x6F, 0xEC, 0xF7, 0x15, 0x9C,
-        0xAD, 0x94, 0xA9, 0x3D, 0x8C, 0xD4, 0xB8, 0xC4,
-        0x89, 0x41, 0x92, 0xDF, 0xE5, 0x3E, 0xA4, 0x36,
-        0xFB, 0xF3, 0xAF, 0x4E, 0x86, 0x4E, 0x8C, 0x39,
-        0x91, 0xEA, 0x02, 0x0A, 0x81, 0x1F, 0x0A, 0xF5,
-        0x0B, 0x42, 0x57, 0x43, 0x6A, 0x3F, 0xF5, 0x22,
-        0xBE, 0x73, 0x67, 0x39, 0x1D, 0x0F, 0x95, 0x0B,
-        0xA6, 0x45, 0x2F, 0xBF, 0xD8, 0xFD, 0x87, 0x28,
-        0xF4, 0x0B, 0xD2, 0xFC, 0xB8, 0x94, 0x52, 0x99,
-        0x85, 0xB4, 0x32, 0xDF, 0xEF, 0x62, 0x30, 0xEB,
-        0x4D, 0xEE, 0x73, 0x7A, 0x8D, 0x10, 0xA3, 0xBC,
-        0xDF, 0xB7, 0x63, 0xE0, 0x86, 0x9B, 0x22, 0x5C,
-        0x1A, 0x8D, 0x0E, 0x1F, 0xBF, 0x2D, 0x16, 0x1C,
-        0x2C, 0x65, 0xD6, 0xDF, 0xB9, 0x58, 0xE9, 0x82,
-        0xD1, 0x17, 0x77, 0xAC, 0xBE, 0xAD, 0x8D, 0xFB,
-        0x6B, 0x1F, 0x5E, 0xB2, 0x1E, 0xA9, 0x42, 0xF7,
-        0xC4, 0x0D, 0xC2, 0x0D, 0x2E, 0x4E, 0xB3, 0xE7,
-        0x29, 0xB4, 0xE2, 0x9F, 0x75, 0x01, 0xDA, 0x34,
-        0x23, 0x45, 0x61, 0xF6, 0x28, 0x88, 0x12, 0xD6,
-        0x12, 0xD4, 0x1D, 0xFA, 0x83, 0xC5, 0xB8, 0xD9,
-        0x0F, 0xF3, 0x8B, 0xA5, 0x48, 0x20, 0x1B, 0x57,
-        0x5B, 0x52, 0x93, 0xAD, 0x78, 0x12, 0x0D, 0x91,
-        0xCE, 0xC0, 0x59, 0xCA, 0xE2, 0xE7, 0x6A, 0x9A,
-        0xB4, 0x3E, 0xF1, 0x28, 0x1E, 0x2B, 0xEF, 0x3E,
-        0x34, 0x8D, 0x28, 0xF2, 0x19, 0x47, 0xC8, 0x88,
-        0x48, 0x96, 0x04, 0x59, 0x48, 0x97, 0x75, 0x17,
-        0x6F, 0x8E, 0x40, 0xEE, 0x06, 0x42, 0x79, 0x53,
-        0x68, 0x7F, 0xB6, 0x3E, 0x47, 0x0F, 0x7D, 0x59,
-        0xFB, 0x60, 0xDF, 0x56, 0x9F, 0x8A, 0x11, 0xE2,
-        0x8E, 0x09, 0x37, 0x16, 0x2C, 0x46, 0xAF, 0xC7,
-        0xD2, 0x21, 0x0A, 0x88, 0x5F, 0xFA, 0x21, 0xB3,
-        0xDB, 0xF5, 0x35, 0x4B, 0x29, 0x41, 0xF4, 0xED,
-        0x5D, 0x50, 0x79, 0x08, 0x90, 0x84, 0x0C, 0xC3,
-        0xB9, 0x73, 0xD2, 0xC3, 0xD0, 0x26, 0x02, 0xB2,
-        0x9B, 0xAC, 0xCB, 0x6C, 0xE1, 0x7C, 0xED, 0xB9,
-        0x7B, 0x08, 0x5A, 0x2A, 0xB3, 0x10, 0x57, 0x2B,
-        0xA7, 0x37, 0x1D, 0x1F, 0x81, 0x20, 0xFF, 0xE3,
-        0x7D, 0x0B, 0x0F, 0xCA, 0x35, 0xAF, 0xC5, 0xB5,
-        0x62, 0xAA, 0x84, 0x99, 0x71, 0x5A, 0x29, 0x9C,
-        0xE0, 0x59, 0xCC, 0xE3, 0xB0, 0xD1, 0x1C, 0xEF,
-        0x0D, 0x92, 0x38, 0x96, 0x1A, 0xD4, 0xBE, 0x11,
-        0xE9, 0xA6, 0xD1, 0xA4, 0x69, 0x21, 0x77, 0xC8,
-        0xB0, 0xC5, 0x3F, 0x11, 0xA8, 0xED, 0x26, 0x50,
-        0x21, 0x2E, 0x7A, 0x2F, 0x80, 0xEB, 0xFF, 0x6D,
-        0xCF, 0xE4, 0x67, 0x21, 0x03, 0x65, 0x84, 0x34,
-        0xD0, 0x32, 0x7A, 0xDD, 0xCD, 0x66, 0xBC, 0xB6
-    };
-    static const byte msg_65[] = {
-        0xDB, 0x84, 0x94, 0xBA, 0x19, 0xC4, 0x11, 0x8F,
-        0xB1, 0x5D, 0x0A, 0xCF, 0x42, 0x54, 0xFD, 0x37,
-        0x48, 0x3F, 0xCF, 0x47, 0x48, 0xFD, 0x18, 0x44,
-        0xF7, 0x17, 0xCE, 0x6F, 0x69, 0x58, 0x9E, 0x61,
-        0x77, 0x2C, 0xFE, 0xFA, 0x7F, 0x97, 0x58, 0x65,
-        0x34, 0x09, 0xD4, 0xEE, 0x5A, 0x26, 0x4B, 0x83,
-        0x4E, 0x60, 0xD6, 0xBB, 0x96, 0x49, 0x9E, 0xBE,
-        0xB2, 0xB0, 0x6B, 0x0B, 0xA8, 0x74, 0xBF, 0x31,
-        0xE6, 0x41, 0x39, 0x4C, 0xFA, 0xA6, 0xA2, 0xD3,
-        0x0D, 0xDB, 0x8F, 0x04, 0x58, 0x76, 0x20, 0x8D,
-        0x2F, 0x51, 0xDE, 0x15, 0xE2, 0x05, 0xE8, 0xC9,
-        0x1B, 0x87, 0xEC, 0xEB, 0x05, 0xFF, 0x31, 0x83,
-        0x27, 0x1B, 0x26, 0x49, 0x66, 0x5D, 0xD3, 0xCC,
-        0x49, 0xBF, 0xDB, 0x99, 0x8D, 0x53, 0x9D, 0xA8,
-        0x09, 0x30, 0x55, 0x16, 0xBB, 0xBE, 0x9C, 0x90,
-        0x60, 0x21, 0x19, 0x1C, 0x52, 0x23, 0xE5, 0x25,
-        0xA8, 0xFC, 0x36, 0x16, 0xA1, 0x76, 0x5E, 0xC3,
-        0xF9, 0xC5, 0xDB, 0x53, 0xCC, 0x33, 0x7E, 0x03,
-        0x9F, 0x18, 0x6A, 0xCF, 0xEA, 0x91, 0x14, 0x8E,
-        0xE2, 0xA7, 0x9C, 0xCA, 0x36, 0x89, 0xED, 0xB6,
-        0x2A, 0xAF, 0x28, 0xB5, 0xD7, 0x52, 0xFD, 0xE2,
-        0x65, 0xEE, 0x52, 0x80, 0xB5, 0x19, 0x72, 0x6C,
-        0x1C, 0xA9, 0x80, 0x32, 0x95, 0xC6, 0x74, 0xB7,
-        0xEF, 0xAF, 0xA4, 0xD6, 0x1B, 0x30, 0x6A, 0x79,
-        0xE3, 0xF6, 0xE7, 0xA8, 0x87, 0xC2, 0xFB, 0x53,
-        0x5B, 0x3B, 0x0F, 0xB3, 0xD9, 0xEB, 0xC8, 0x76,
-        0x03, 0xEA, 0xFE, 0xF1, 0x70, 0xC1, 0xF1, 0xD2,
-        0x8E, 0x99, 0xBB
-    };
-    static const byte sig_65[] = {
-        0xF7, 0x78, 0x9A, 0x45, 0xA3, 0x58, 0x73, 0x30,
-        0xE7, 0xFC, 0xF7, 0x06, 0x95, 0xF7, 0xF6, 0x96,
-        0x88, 0xA2, 0xB8, 0xD0, 0xCE, 0x54, 0xF0, 0x90,
-        0x21, 0x4F, 0x10, 0x9F, 0x56, 0x48, 0x4F, 0x98,
-        0xC3, 0xAD, 0x1A, 0x53, 0xA5, 0x44, 0x1C, 0x2C,
-        0xA7, 0x2A, 0x3B, 0x31, 0x91, 0xBC, 0x04, 0x6F,
-        0x46, 0x37, 0x30, 0x45, 0xB9, 0xE5, 0x40, 0xC7,
-        0x3D, 0xFE, 0x91, 0xB6, 0x1F, 0x05, 0x88, 0xD6,
-        0x13, 0x59, 0x3F, 0xCE, 0x1B, 0x00, 0xEE, 0xF1,
-        0xB2, 0x27, 0x03, 0x4C, 0x6F, 0xD3, 0xB1, 0x8B,
-        0x3F, 0x22, 0x11, 0x10, 0xFB, 0x34, 0x5A, 0xA7,
-        0x86, 0x31, 0xB8, 0xB5, 0x9F, 0xBD, 0xFD, 0xCC,
-        0xDA, 0xE6, 0xA2, 0x4D, 0x25, 0x9D, 0x34, 0xAA,
-        0xBA, 0xD2, 0x18, 0xB3, 0xAE, 0x4E, 0x77, 0x18,
-        0x66, 0x53, 0xB8, 0x56, 0x3A, 0xA6, 0x12, 0x0A,
-        0x0A, 0x53, 0x1A, 0x4E, 0x91, 0x37, 0x30, 0xDC,
-        0x91, 0x4F, 0xE5, 0xE0, 0x08, 0xBE, 0xCE, 0x68,
-        0x69, 0xB0, 0x2B, 0x07, 0xFD, 0xC1, 0x62, 0x14,
-        0x54, 0x0D, 0x31, 0x6C, 0x43, 0xFA, 0x0C, 0x21,
-        0x1B, 0x41, 0xAC, 0x7E, 0x52, 0x65, 0x67, 0x29,
-        0xC7, 0x73, 0xE4, 0xC4, 0xB8, 0x8E, 0xD3, 0x11,
-        0x88, 0x6D, 0xD4, 0xD2, 0x75, 0x41, 0x7D, 0x70,
-        0x19, 0x66, 0x44, 0xEE, 0xD1, 0x5F, 0xA3, 0x15,
-        0x06, 0x60, 0x03, 0xE3, 0x09, 0xF8, 0x32, 0xAF,
-        0x91, 0x26, 0x2C, 0x94, 0x90, 0x11, 0xFC, 0xB0,
-        0xAD, 0x2C, 0xCE, 0x65, 0xDD, 0x9E, 0xFF, 0x56,
-        0x7E, 0xE2, 0x9C, 0xC4, 0x0A, 0x6F, 0xE0, 0x66,
-        0x4E, 0x7D, 0x9F, 0x23, 0x65, 0x68, 0xFC, 0x94,
-        0x29, 0x5D, 0xBB, 0x34, 0x28, 0x82, 0x33, 0xE8,
-        0xC5, 0x11, 0xD2, 0x88, 0x15, 0xEC, 0x72, 0x10,
-        0x32, 0x29, 0x6E, 0x1E, 0xDE, 0xCA, 0x7F, 0x72,
-        0x6A, 0x6E, 0xB0, 0xF7, 0x6C, 0xC5, 0x82, 0x80,
-        0x11, 0xC0, 0xE4, 0x01, 0x3C, 0xC7, 0xEE, 0x43,
-        0x29, 0xB8, 0x1E, 0xCC, 0x0D, 0x52, 0xED, 0x1E,
-        0x49, 0x1D, 0xD6, 0xD5, 0x5C, 0x52, 0x65, 0x66,
-        0x5E, 0xD8, 0xAD, 0x21, 0x9B, 0x89, 0x4F, 0x31,
-        0xC6, 0x8C, 0x61, 0x9A, 0xFC, 0xDB, 0x73, 0x58,
-        0xE5, 0x55, 0x4C, 0x49, 0x5B, 0x8B, 0x6E, 0x33,
-        0x25, 0x68, 0x8F, 0xB8, 0xC1, 0xA2, 0x53, 0x31,
-        0xD5, 0x7B, 0xD3, 0x48, 0xA2, 0x7D, 0x39, 0x09,
-        0x29, 0xBC, 0x46, 0xA1, 0x49, 0x6A, 0xB3, 0x5B,
-        0x46, 0xBA, 0x61, 0xB6, 0xB9, 0xD2, 0x3C, 0xD0,
-        0x63, 0x15, 0xFB, 0x72, 0xC2, 0x47, 0x76, 0x01,
-        0x61, 0x30, 0xAD, 0xB1, 0xCF, 0x2D, 0xC7, 0x29,
-        0x59, 0xEA, 0x9C, 0xAD, 0x96, 0xAF, 0x5D, 0xA9,
-        0x96, 0x12, 0x6C, 0xDD, 0x85, 0xB1, 0x34, 0xCC,
-        0x92, 0x7A, 0x51, 0xFD, 0x23, 0xF8, 0x47, 0x91,
-        0xA3, 0xFC, 0xDA, 0x07, 0x7E, 0x15, 0x99, 0x17,
-        0x48, 0xA0, 0x39, 0x4F, 0x33, 0x4E, 0xB8, 0xBC,
-        0x48, 0xA9, 0x9A, 0xB9, 0xDF, 0xBB, 0x0F, 0x2A,
-        0xAD, 0x6F, 0xBE, 0x48, 0x49, 0x61, 0xD3, 0xA4,
-        0xE8, 0xF8, 0xB2, 0x1A, 0x6A, 0xC0, 0x92, 0xB2,
-        0x26, 0xD6, 0xE1, 0x19, 0xFA, 0xD4, 0x4D, 0x8E,
-        0x57, 0x6F, 0xE9, 0x6C, 0x6C, 0xDB, 0x68, 0x40,
-        0xEA, 0x61, 0x4B, 0xAF, 0xC7, 0x07, 0x86, 0xC5,
-        0x19, 0xE1, 0xD5, 0xDC, 0x0F, 0x98, 0x44, 0x43,
-        0xC8, 0xB1, 0xE5, 0x4F, 0x8E, 0xE1, 0x76, 0xD9,
-        0x8B, 0x2C, 0x70, 0x27, 0xF5, 0x7D, 0x7E, 0x3D,
-        0xE9, 0xB2, 0xA0, 0xA3, 0x69, 0x11, 0xB8, 0xE4,
-        0x71, 0x21, 0xDE, 0x0C, 0x07, 0xEB, 0xBA, 0x5D,
-        0x7B, 0x59, 0x4E, 0xF2, 0x44, 0xC6, 0x83, 0x27,
-        0xEC, 0x6C, 0x6D, 0x1D, 0xD5, 0x01, 0xF4, 0x83,
-        0xFE, 0x9B, 0x95, 0x70, 0x59, 0x7E, 0x70, 0xDF,
-        0x41, 0x3E, 0x7A, 0xF0, 0x38, 0x47, 0xF4, 0x09,
-        0xED, 0x61, 0xE2, 0x84, 0x6E, 0x6C, 0x64, 0x1E,
-        0x6A, 0x7F, 0xFA, 0x79, 0xDE, 0x6B, 0xFA, 0x37,
-        0x3A, 0x06, 0x44, 0xB0, 0x0B, 0xF4, 0x1A, 0x03,
-        0x49, 0x92, 0xA7, 0x94, 0xDA, 0x17, 0xC8, 0x88,
-        0x85, 0x23, 0x90, 0x32, 0xC8, 0x51, 0x76, 0x4E,
-        0x3E, 0x4D, 0xBD, 0xE7, 0xF1, 0x2A, 0x16, 0xC5,
-        0xA2, 0x63, 0xE9, 0x64, 0xC1, 0xE7, 0xFD, 0xD3,
-        0xCC, 0xE5, 0x76, 0xDD, 0x6D, 0x56, 0xB1, 0x81,
-        0x82, 0x84, 0x8B, 0x75, 0x63, 0x64, 0x5D, 0x4E,
-        0x42, 0xFF, 0x22, 0x74, 0x2A, 0x99, 0x67, 0x85,
-        0x16, 0x9D, 0x7F, 0x50, 0x3B, 0x48, 0xA7, 0x15,
-        0x8B, 0x3C, 0xBD, 0x29, 0x93, 0x5E, 0xD3, 0x20,
-        0x49, 0xBE, 0xA1, 0xAD, 0x95, 0x3E, 0xF7, 0x07,
-        0x32, 0x7B, 0x77, 0x8B, 0xFD, 0xDD, 0xFC, 0x60,
-        0x51, 0x1D, 0xA1, 0x13, 0xA3, 0x4F, 0x65, 0x57,
-        0x12, 0xE4, 0xE5, 0x9D, 0x6C, 0xCE, 0x40, 0x4E,
-        0x94, 0xAB, 0xA6, 0x1E, 0x81, 0x35, 0x38, 0x8F,
-        0xC2, 0x1C, 0x8E, 0x41, 0x34, 0x4F, 0x32, 0x4B,
-        0x01, 0xAC, 0x8C, 0x06, 0x9F, 0x92, 0x57, 0x5D,
-        0x34, 0xF8, 0x8B, 0xCA, 0x22, 0xCB, 0x30, 0x7E,
-        0x37, 0x07, 0x00, 0x63, 0x32, 0x02, 0x56, 0xB8,
-        0xBA, 0xD6, 0xEB, 0x7A, 0x81, 0xAF, 0xE9, 0xA2,
-        0x54, 0x01, 0x6E, 0x1C, 0x8A, 0x12, 0x50, 0x89,
-        0xAA, 0xA3, 0xED, 0xE8, 0x4E, 0x5B, 0x6C, 0x2E,
-        0xCF, 0xAE, 0xFA, 0xA5, 0x2B, 0x9F, 0x57, 0x09,
-        0x60, 0x2C, 0x06, 0xAE, 0xA4, 0xA0, 0x38, 0x4E,
-        0x9B, 0x09, 0xE5, 0xB8, 0x81, 0x64, 0xB2, 0x74,
-        0xEA, 0x32, 0x65, 0xFB, 0x51, 0x52, 0x39, 0x7D,
-        0xFF, 0x5A, 0x3A, 0x08, 0x61, 0xE2, 0xBC, 0x12,
-        0xD2, 0x10, 0x92, 0x89, 0x72, 0x97, 0x47, 0xE8,
-        0x3F, 0xDF, 0x24, 0x3A, 0x1D, 0x17, 0xB9, 0x83,
-        0x48, 0x37, 0x98, 0x45, 0xA9, 0xE9, 0x55, 0xE2,
-        0xD6, 0xF9, 0x38, 0xDA, 0xA5, 0x91, 0x8E, 0x2A,
-        0x14, 0xF9, 0x7B, 0xA2, 0xBE, 0x50, 0x1C, 0xCC,
-        0xAF, 0xD6, 0x81, 0x91, 0x0F, 0x4A, 0x4F, 0x06,
-        0x71, 0x5C, 0xE8, 0x40, 0x96, 0xF3, 0x7A, 0x91,
-        0xDC, 0xCA, 0x2A, 0x8A, 0x4B, 0xE8, 0xDA, 0x79,
-        0x21, 0xDB, 0xF8, 0xD3, 0xF4, 0xEF, 0xB9, 0x8C,
-        0x6B, 0x4F, 0x94, 0x0E, 0xCE, 0xF8, 0x32, 0xB5,
-        0x49, 0xD0, 0x68, 0x94, 0x7C, 0x3D, 0xFB, 0x58,
-        0x09, 0xCB, 0x7B, 0x06, 0x0A, 0x3A, 0x0E, 0xF3,
-        0xB2, 0x1C, 0x01, 0x64, 0x50, 0x1D, 0xDE, 0xA7,
-        0xC9, 0xE5, 0xE7, 0x89, 0x7C, 0x6B, 0x1C, 0x46,
-        0x34, 0x8B, 0x2C, 0x3E, 0x80, 0x5F, 0x6F, 0x22,
-        0x87, 0xBA, 0x15, 0x8C, 0xF9, 0x25, 0xA7, 0xBA,
-        0x7F, 0x08, 0x25, 0x49, 0x89, 0xC8, 0x7D, 0x24,
-        0x97, 0x9A, 0xD9, 0x86, 0xAA, 0x97, 0xC5, 0x1B,
-        0x01, 0xF4, 0x5D, 0x4A, 0x1F, 0x24, 0x75, 0x29,
-        0x91, 0xF0, 0x42, 0x05, 0xEB, 0x55, 0x1F, 0xD0,
-        0x2D, 0x41, 0x5F, 0x2D, 0xD1, 0xEF, 0xF1, 0x42,
-        0xB0, 0xD7, 0x04, 0x16, 0xC6, 0xD8, 0x15, 0xEB,
-        0x91, 0x73, 0x2B, 0x26, 0x8F, 0xB2, 0x0D, 0x08,
-        0x67, 0x44, 0x2D, 0x71, 0xDE, 0xC0, 0x57, 0xB2,
-        0x86, 0xCD, 0x93, 0x81, 0x1F, 0xF3, 0xF6, 0x46,
-        0xEB, 0xD5, 0x65, 0xD5, 0x1D, 0x09, 0xA4, 0x2D,
-        0x3A, 0xBA, 0xAC, 0x0F, 0x34, 0xCC, 0x81, 0x7B,
-        0x18, 0x93, 0x8E, 0xCC, 0xBB, 0x1F, 0xEF, 0x05,
-        0xBD, 0x3C, 0x2B, 0x49, 0x4F, 0xA5, 0x29, 0xED,
-        0x4C, 0x63, 0x4C, 0x93, 0x25, 0xA4, 0x81, 0x73,
-        0xF2, 0x0F, 0xFA, 0xC3, 0x2D, 0xC1, 0x01, 0xE6,
-        0xEE, 0x03, 0xB2, 0xFC, 0xBE, 0xC2, 0x46, 0x8D,
-        0xBC, 0x8F, 0x76, 0x75, 0x8C, 0x32, 0x15, 0x47,
-        0x4F, 0x7E, 0xF2, 0x40, 0x65, 0xF7, 0x90, 0x60,
-        0xAC, 0xA3, 0xC8, 0xD5, 0xD7, 0x4A, 0xF7, 0x0F,
-        0x48, 0x30, 0x1D, 0xDB, 0x30, 0xC0, 0x5D, 0xB3,
-        0xEF, 0xA7, 0x26, 0xCF, 0x88, 0x55, 0x59, 0x01,
-        0x84, 0x12, 0x82, 0xAA, 0x08, 0xF6, 0x66, 0xA6,
-        0x53, 0x51, 0xA6, 0xA2, 0x4E, 0xED, 0x6B, 0xE2,
-        0x11, 0x77, 0x31, 0x07, 0xE1, 0x85, 0xE1, 0xB4,
-        0x88, 0xA2, 0xE4, 0x91, 0xB6, 0xC1, 0x41, 0x52,
-        0x84, 0x62, 0xA8, 0x64, 0x94, 0xB5, 0x4F, 0xDC,
-        0xCE, 0xCC, 0xB6, 0xAA, 0x21, 0x25, 0x36, 0x86,
-        0x69, 0x3A, 0xE7, 0x98, 0xC9, 0xCE, 0x9E, 0x0B,
-        0xDD, 0xC6, 0xAE, 0x53, 0xD9, 0xB7, 0x06, 0xDC,
-        0x4F, 0x4D, 0x81, 0xB9, 0xC7, 0x3C, 0x46, 0x1E,
-        0xCD, 0x70, 0x35, 0xC5, 0x17, 0x2E, 0xFA, 0xE5,
-        0x60, 0x2C, 0xAF, 0x88, 0xC6, 0x4E, 0x79, 0xE5,
-        0x32, 0x40, 0x30, 0x55, 0x5D, 0xE2, 0x11, 0xF8,
-        0x9F, 0xD4, 0x24, 0xC3, 0x38, 0xC3, 0x88, 0x3C,
-        0x83, 0xCA, 0x94, 0x05, 0xC2, 0xB5, 0xD1, 0x44,
-        0x5F, 0x7C, 0x98, 0xC4, 0x3E, 0xD3, 0xD2, 0xBE,
-        0xCB, 0xE2, 0x5F, 0x5F, 0x3F, 0x54, 0x4C, 0xCC,
-        0x5B, 0x5A, 0xEA, 0xE4, 0x7D, 0xDF, 0x3F, 0xB5,
-        0x64, 0x9F, 0xF5, 0xD6, 0x1E, 0xAA, 0x02, 0xED,
-        0xEB, 0xC7, 0x5C, 0xE4, 0x78, 0xBA, 0x00, 0x42,
-        0x6C, 0xAF, 0x47, 0x4F, 0xA7, 0x9E, 0x5B, 0x08,
-        0x9E, 0xB1, 0xA8, 0x82, 0xF1, 0x53, 0x54, 0x59,
-        0x26, 0x95, 0x95, 0x2B, 0xA0, 0xA8, 0xEE, 0x91,
-        0xE6, 0x49, 0xE3, 0xF2, 0xC3, 0x82, 0x26, 0x4D,
-        0xAA, 0x30, 0xF6, 0xA6, 0xD2, 0x17, 0xF6, 0x12,
-        0x9C, 0x19, 0x39, 0xB6, 0xDC, 0xAC, 0xCD, 0xA5,
-        0xB6, 0x37, 0x32, 0x6E, 0x8A, 0x83, 0x61, 0xC3,
-        0xB5, 0x6F, 0xCF, 0xFC, 0x48, 0x50, 0x36, 0x86,
-        0x58, 0x22, 0xB9, 0xBB, 0x87, 0xB4, 0x35, 0x10,
-        0xBC, 0xDD, 0x55, 0xBC, 0x35, 0x0D, 0xE7, 0xB2,
-        0xAE, 0x90, 0xA2, 0x1E, 0x9E, 0x19, 0x97, 0x8E,
-        0xDA, 0x10, 0xDF, 0x66, 0x76, 0x14, 0xA4, 0x4F,
-        0xE2, 0xA8, 0x4D, 0x16, 0xBE, 0x04, 0x3E, 0xA8,
-        0x77, 0x36, 0x33, 0xEA, 0x6B, 0xAD, 0xF6, 0x57,
-        0x10, 0x05, 0x2F, 0x34, 0x1F, 0x65, 0xCB, 0xE9,
-        0x28, 0xD3, 0x96, 0x2A, 0x5A, 0x2F, 0xE6, 0x4E,
-        0x46, 0xD6, 0xBF, 0xB8, 0xFD, 0x0D, 0x99, 0x78,
-        0xF0, 0x42, 0x3C, 0xBD, 0x19, 0x5F, 0x72, 0xF3,
-        0xCB, 0x19, 0xD7, 0xEF, 0xD9, 0xEB, 0xE3, 0x3C,
-        0xD2, 0xF5, 0x70, 0x9A, 0x57, 0x80, 0x7D, 0xF9,
-        0x44, 0xEC, 0xE5, 0x68, 0xAA, 0xCA, 0x43, 0x36,
-        0x42, 0x20, 0x83, 0xB0, 0x69, 0x7B, 0x6A, 0xA0,
-        0x05, 0x86, 0xE4, 0xBF, 0x7D, 0xD6, 0x73, 0xA3,
-        0xD5, 0x96, 0xB8, 0x61, 0x8A, 0xC3, 0xB4, 0x06,
-        0x17, 0x50, 0xC6, 0xBE, 0x97, 0xCB, 0x53, 0x75,
-        0x3D, 0x02, 0x39, 0x55, 0x56, 0x07, 0x5A, 0x26,
-        0xF1, 0x40, 0xB9, 0x3F, 0x57, 0x7D, 0xAD, 0x50,
-        0x5E, 0x1C, 0xF2, 0xB5, 0x51, 0xA0, 0x4C, 0x98,
-        0xC7, 0xF0, 0x90, 0x18, 0x31, 0xB3, 0xCA, 0x61,
-        0xD7, 0x5D, 0xA7, 0x93, 0xAC, 0x72, 0xA4, 0x4C,
-        0x7A, 0x07, 0xF7, 0xDB, 0xBA, 0xD6, 0x0A, 0x55,
-        0xF4, 0x9C, 0xBD, 0x79, 0xDE, 0xE4, 0x73, 0x9F,
-        0xFD, 0x36, 0x77, 0x8E, 0xBD, 0x08, 0xEB, 0xDB,
-        0x79, 0xEC, 0x07, 0xA1, 0x62, 0x39, 0xC5, 0xB9,
-        0x21, 0x59, 0x9F, 0xEB, 0xFE, 0xA4, 0x6D, 0xDF,
-        0x96, 0x6A, 0xA4, 0xA0, 0x15, 0x12, 0xE6, 0x10,
-        0x94, 0x3F, 0x5D, 0xC5, 0x4B, 0x4C, 0x76, 0xB7,
-        0x64, 0xB3, 0x80, 0xBF, 0x2F, 0x84, 0xED, 0xE3,
-        0x21, 0x24, 0x91, 0x2F, 0x54, 0xF7, 0xB6, 0xE2,
-        0x07, 0xB7, 0x38, 0x1F, 0x67, 0x0F, 0x7A, 0xA0,
-        0xF3, 0xC3, 0xED, 0x10, 0x15, 0x74, 0x03, 0x84,
-        0xDD, 0x61, 0xA9, 0x76, 0x5E, 0xE4, 0x69, 0x6E,
-        0xAC, 0xF8, 0x2E, 0xA4, 0x10, 0x69, 0x18, 0x05,
-        0xCB, 0x68, 0x89, 0x03, 0x53, 0x5D, 0x70, 0x46,
-        0x10, 0x0D, 0xCC, 0x2B, 0xA7, 0xD8, 0x30, 0x2A,
-        0xCB, 0x04, 0x30, 0xD5, 0x06, 0xCC, 0xC1, 0xC0,
-        0xDD, 0xEA, 0x71, 0x11, 0xA7, 0x6F, 0x45, 0xB4,
-        0x54, 0xE2, 0x5C, 0xDD, 0xFB, 0x63, 0x9B, 0x3D,
-        0x66, 0x4C, 0x36, 0xD8, 0x84, 0x35, 0x13, 0xA3,
-        0xFC, 0xAF, 0x9E, 0x60, 0x57, 0xE9, 0xBC, 0x06,
-        0x82, 0x37, 0xFE, 0x24, 0x19, 0xA2, 0xD2, 0xD9,
-        0x0B, 0x4A, 0x1F, 0xC2, 0xA7, 0x1A, 0x14, 0x6D,
-        0x2B, 0xD0, 0x43, 0x64, 0xC7, 0x9B, 0x8E, 0xBA,
-        0x8E, 0x3E, 0x88, 0xCE, 0x11, 0xE9, 0x16, 0xE4,
-        0xA7, 0x52, 0x84, 0x21, 0x32, 0x8C, 0xF5, 0x4F,
-        0xAA, 0xB2, 0xB1, 0x9F, 0x44, 0x46, 0x87, 0x81,
-        0xF8, 0xAB, 0x84, 0xB7, 0xDD, 0x97, 0x2F, 0xF5,
-        0x61, 0x50, 0x71, 0x43, 0x0A, 0x43, 0x74, 0xDA,
-        0xFC, 0xAE, 0x1E, 0x60, 0x44, 0xAA, 0x98, 0xE9,
-        0x85, 0x94, 0x1B, 0xA6, 0xB9, 0xDB, 0x8C, 0x02,
-        0xF5, 0x89, 0x60, 0x3E, 0xEB, 0x8B, 0xE9, 0x0A,
-        0x70, 0xEF, 0xC0, 0x88, 0xD7, 0x95, 0xE6, 0xDA,
-        0x1F, 0x1F, 0x2E, 0x6E, 0xCE, 0xDD, 0x03, 0x1D,
-        0x81, 0x99, 0xE6, 0x59, 0x12, 0xD4, 0x34, 0xD0,
-        0x9B, 0xFB, 0xE5, 0x94, 0x40, 0x6D, 0xC1, 0x15,
-        0x0E, 0x99, 0x35, 0x8C, 0xEA, 0x7F, 0xAD, 0x2E,
-        0x7C, 0x44, 0xC3, 0x8B, 0x6E, 0x0C, 0xEE, 0xAB,
-        0x9B, 0xDE, 0x0D, 0xB9, 0x7B, 0xCF, 0x5A, 0xC9,
-        0x94, 0x10, 0xC9, 0x47, 0x0E, 0x26, 0x6B, 0x8B,
-        0xE4, 0x5F, 0x66, 0x90, 0x83, 0x1F, 0x41, 0x45,
-        0xE2, 0x63, 0x79, 0xDB, 0x80, 0x7C, 0x26, 0xDD,
-        0xF9, 0x1E, 0x30, 0x9D, 0x4F, 0x4A, 0x3E, 0x7E,
-        0xCA, 0xB7, 0x36, 0x2F, 0x15, 0xD2, 0x0E, 0xA4,
-        0x33, 0xB7, 0xE7, 0x0A, 0x7D, 0xDE, 0x74, 0x16,
-        0xCE, 0xA8, 0x71, 0x49, 0x8B, 0x2C, 0xE3, 0xF5,
-        0x8D, 0x29, 0xD8, 0x62, 0x8C, 0x53, 0x18, 0x40,
-        0xF0, 0x22, 0xDD, 0x3B, 0xD2, 0xF3, 0x80, 0x9B,
-        0x11, 0x68, 0xD3, 0x8E, 0x63, 0xC7, 0xF6, 0x93,
-        0x08, 0xA3, 0x1A, 0x2D, 0x4D, 0x5E, 0xEB, 0x97,
-        0x42, 0x39, 0xB3, 0x4A, 0x62, 0xBC, 0x85, 0xE4,
-        0xEC, 0xF9, 0x0C, 0x33, 0x6A, 0x0C, 0x37, 0xBD,
-        0x9E, 0x0E, 0xF4, 0x26, 0x6B, 0x83, 0x5A, 0xC8,
-        0x90, 0x6A, 0x83, 0xCF, 0x0B, 0x35, 0x13, 0x8A,
-        0x65, 0xE5, 0xD9, 0xA6, 0x1F, 0xCC, 0x9B, 0x2D,
-        0x5A, 0x33, 0x7B, 0x8A, 0xBE, 0xF8, 0x8A, 0x7F,
-        0xB3, 0xC0, 0x94, 0x5D, 0x7C, 0xAF, 0x35, 0x61,
-        0x1A, 0xE0, 0xE4, 0x46, 0x93, 0xA5, 0xBC, 0xE0,
-        0xA6, 0xE2, 0xFE, 0xCA, 0xE9, 0xBD, 0xF4, 0xE3,
-        0x56, 0xD6, 0x53, 0x6B, 0x58, 0x1A, 0x18, 0xF0,
-        0x3A, 0x59, 0x16, 0x4E, 0xD5, 0x44, 0x7C, 0x7E,
-        0xC8, 0xBD, 0x99, 0x7B, 0xE9, 0x53, 0xDE, 0xD9,
-        0x32, 0x53, 0x5B, 0x5F, 0x43, 0x8A, 0x04, 0x31,
-        0x9F, 0x5E, 0x0D, 0x8B, 0x0F, 0xEB, 0xC8, 0xDE,
-        0x81, 0x46, 0x65, 0x8E, 0x52, 0xB9, 0x75, 0x9C,
-        0x73, 0x93, 0x5B, 0x12, 0x0D, 0xC9, 0xB8, 0x54,
-        0xF3, 0xC8, 0xF9, 0x4E, 0xC9, 0x33, 0x90, 0x57,
-        0xD7, 0xD7, 0xCD, 0x91, 0xF7, 0xE0, 0xB9, 0x8D,
-        0x84, 0xEC, 0x7B, 0x2F, 0x92, 0x32, 0x8D, 0x73,
-        0x60, 0x18, 0xB0, 0x31, 0x65, 0xA8, 0x74, 0x5F,
-        0x8E, 0x77, 0xEB, 0x80, 0x29, 0xF9, 0x78, 0x26,
-        0x70, 0xCB, 0xD8, 0x6B, 0x43, 0x16, 0xC7, 0xBE,
-        0x4A, 0x88, 0x03, 0x38, 0xBA, 0xCF, 0xB0, 0x15,
-        0x69, 0x9B, 0xF3, 0x0D, 0x3A, 0x4B, 0x05, 0x32,
-        0x54, 0x35, 0xBA, 0x5F, 0xA3, 0xB9, 0xD2, 0xB2,
-        0xFE, 0x0B, 0x51, 0x9C, 0x2C, 0xB2, 0x46, 0xE5,
-        0x3D, 0x1A, 0x34, 0x3D, 0x66, 0x1A, 0x66, 0x14,
-        0x3C, 0x6F, 0x46, 0x8C, 0x55, 0x38, 0x64, 0x5C,
-        0xC2, 0x6D, 0x4E, 0x2A, 0x87, 0x03, 0xEC, 0x9B,
-        0x10, 0xFC, 0x89, 0xBE, 0x6F, 0x85, 0x99, 0x97,
-        0x70, 0x8F, 0x31, 0x19, 0x4F, 0x0D, 0xFE, 0xE9,
-        0x29, 0x98, 0xB2, 0x5E, 0x93, 0xB9, 0x70, 0x70,
-        0xDE, 0x14, 0x40, 0x9D, 0x5B, 0xA4, 0x3D, 0xF8,
-        0x8D, 0x15, 0xC2, 0xFB, 0xA9, 0x7B, 0xDD, 0xE6,
-        0x18, 0xCC, 0x3F, 0xC0, 0x42, 0xF7, 0x74, 0x81,
-        0x84, 0xBA, 0x9E, 0xC9, 0xCB, 0xA1, 0xB2, 0x00,
-        0x68, 0x81, 0xD0, 0x51, 0x42, 0x64, 0x19, 0x8F,
-        0xB6, 0x91, 0xC5, 0xC0, 0x38, 0xE0, 0x49, 0x50,
-        0xCF, 0x69, 0x09, 0x93, 0x77, 0xFE, 0x66, 0xBA,
-        0x64, 0xE2, 0x19, 0x52, 0xA4, 0x45, 0x81, 0x71,
-        0x96, 0x64, 0xF5, 0xD9, 0x23, 0x97, 0xD2, 0x2A,
-        0xA7, 0x03, 0x2B, 0xF5, 0x89, 0xAF, 0x8A, 0xCA,
-        0x48, 0xDF, 0x6D, 0x14, 0xEB, 0x43, 0xCE, 0xF0,
-        0xA9, 0xC8, 0xA8, 0xF9, 0xAD, 0x32, 0x95, 0x25,
-        0xEF, 0x0A, 0xAA, 0x4F, 0x9E, 0x09, 0xC3, 0x51,
-        0x3C, 0xF0, 0x29, 0xF3, 0xDE, 0xFC, 0xBB, 0x41,
-        0x14, 0xFA, 0x0F, 0x66, 0x8D, 0xB4, 0x72, 0x2F,
-        0xCC, 0xD9, 0xC2, 0x07, 0xB6, 0x6F, 0x10, 0x9E,
-        0xD9, 0x5B, 0x45, 0x4B, 0xB6, 0x19, 0x5D, 0x59,
-        0xC4, 0xA6, 0x78, 0xBA, 0x6F, 0x5A, 0x9B, 0x23,
-        0x41, 0x21, 0xAD, 0x05, 0x16, 0xA1, 0xD4, 0x12,
-        0x3D, 0x38, 0x26, 0xD9, 0x2A, 0x61, 0xB3, 0x5D,
-        0xEB, 0x29, 0x5B, 0xAA, 0x2F, 0xE1, 0xB5, 0xEE,
-        0x25, 0x02, 0x1D, 0xAE, 0xF8, 0x57, 0xB5, 0xDF,
-        0x19, 0x2E, 0x17, 0x5E, 0x3A, 0x2A, 0x0D, 0x3F,
-        0x08, 0x2F, 0x21, 0x1C, 0xB5, 0xBD, 0xC2, 0x36,
-        0x27, 0x4F, 0x86, 0xC5, 0xDC, 0x74, 0xC3, 0x9B,
-        0xE9, 0x7C, 0xCF, 0x5F, 0x57, 0x94, 0xEB, 0x64,
-        0xEC, 0x64, 0x55, 0x45, 0x21, 0x0F, 0xC6, 0x67,
-        0xD1, 0xE0, 0x74, 0x0E, 0x66, 0xCB, 0xED, 0xC2,
-        0x06, 0x48, 0xCA, 0x1F, 0xA7, 0x34, 0x14, 0x59,
-        0x6B, 0xA0, 0x89, 0x17, 0xA1, 0x9A, 0x46, 0x3A,
-        0xD3, 0x02, 0x7C, 0x81, 0x83, 0x6B, 0x8F, 0x4F,
-        0x02, 0xB9, 0x9F, 0xC5, 0x08, 0x3F, 0x06, 0xF3,
-        0x4B, 0xD2, 0x30, 0x9C, 0x23, 0x42, 0xAD, 0x88,
-        0xA8, 0x4F, 0xA9, 0x6E, 0x20, 0x7C, 0x01, 0x08,
-        0xF6, 0x82, 0x54, 0x14, 0x94, 0x4F, 0x26, 0x4E,
-        0xD6, 0xC4, 0x66, 0x7C, 0x78, 0x8D, 0x61, 0xA6,
-        0xBC, 0x2C, 0x45, 0x6A, 0xF6, 0x6C, 0x2F, 0x76,
-        0x9E, 0x16, 0x90, 0x17, 0x06, 0x91, 0x2C, 0xC9,
-        0x0D, 0x4B, 0x6C, 0x90, 0xDC, 0xA1, 0x6C, 0xAC,
-        0x8F, 0xFE, 0xD8, 0x39, 0x70, 0x20, 0xE2, 0x97,
-        0x5E, 0x24, 0xFF, 0x4C, 0x80, 0x7C, 0x8A, 0xB7,
-        0x31, 0xC8, 0x1D, 0x36, 0xCA, 0x84, 0xC9, 0x12,
-        0x1A, 0x85, 0x13, 0xE0, 0xC9, 0xD0, 0xF4, 0x1B,
-        0xC6, 0x8F, 0x88, 0xEA, 0xCA, 0xA3, 0x55, 0x99,
-        0xFA, 0xE3, 0xBB, 0xA6, 0xFC, 0xC6, 0x52, 0x8D,
-        0x47, 0xE4, 0x0C, 0x07, 0x64, 0xCF, 0x9C, 0x83,
-        0x83, 0xB3, 0xA4, 0x45, 0x15, 0xE6, 0x1D, 0x92,
-        0xCD, 0xAE, 0xC9, 0xCB, 0x90, 0x82, 0xB5, 0xA0,
-        0xC0, 0x37, 0x94, 0x60, 0xD9, 0x17, 0x9A, 0x7D,
-        0x9D, 0xF2, 0x9E, 0x0B, 0x4B, 0x6A, 0x41, 0x18,
-        0x28, 0x52, 0x15, 0xE8, 0x7B, 0x6F, 0x11, 0x8E,
-        0x97, 0x31, 0xE4, 0x66, 0xFB, 0x3F, 0xEB, 0xD1,
-        0x95, 0xE1, 0x44, 0xFD, 0x20, 0x37, 0xD1, 0x16,
-        0x62, 0x75, 0x79, 0xAC, 0x55, 0xFE, 0xD5, 0xE3,
-        0x25, 0x85, 0xEC, 0x66, 0x38, 0xA0, 0xDF, 0xBE,
-        0x6E, 0xD6, 0xC5, 0x87, 0x6C, 0xF8, 0x11, 0x4C,
-        0x90, 0x2A, 0xEF, 0xA3, 0x63, 0xF4, 0xC9, 0xB7,
-        0x2E, 0x7D, 0x5C, 0x85, 0x2D, 0xCC, 0x1A, 0xF2,
-        0xB8, 0x85, 0x2A, 0x9D, 0x0F, 0x99, 0x59, 0x38,
-        0x86, 0x50, 0x84, 0xCE, 0x52, 0x13, 0xB3, 0x08,
-        0xA9, 0xCB, 0x37, 0xF6, 0x81, 0x96, 0x0D, 0x84,
-        0xEF, 0xE1, 0xDF, 0x51, 0x34, 0xA5, 0x91, 0x5A,
-        0xE5, 0x87, 0x8B, 0x10, 0xDA, 0x0F, 0xD4, 0xD9,
-        0xAC, 0x2A, 0xEF, 0x0C, 0x7E, 0x01, 0xC2, 0xE9,
-        0xE7, 0xC0, 0x17, 0xE7, 0xBA, 0x74, 0x0C, 0xEE,
-        0x1A, 0x89, 0x94, 0x59, 0xBB, 0x75, 0x03, 0x3E,
-        0xEA, 0xF3, 0x19, 0x0D, 0x67, 0x79, 0xED, 0x9E,
-        0xDD, 0x84, 0x6A, 0x74, 0xE3, 0x21, 0x52, 0x8C,
-        0x03, 0x08, 0x4A, 0x5D, 0x30, 0x87, 0x48, 0x39,
-        0x71, 0x8A, 0x53, 0x54, 0x9B, 0x2E, 0xC6, 0xB2,
-        0xB7, 0x30, 0xAA, 0x93, 0x5C, 0xA6, 0xE1, 0xC4,
-        0xFD, 0x8B, 0xE0, 0x35, 0x7D, 0x93, 0xF6, 0x21,
-        0x74, 0xEE, 0xED, 0xF8, 0xDA, 0xB7, 0x75, 0x5B,
-        0x46, 0x65, 0x7E, 0x59, 0xD7, 0xAA, 0x00, 0xB9,
-        0xF2, 0xF8, 0x5E, 0x4C, 0x0F, 0x77, 0xFA, 0x11,
-        0xA5, 0xD6, 0x9A, 0x23, 0xB1, 0xEF, 0x3A, 0x09,
-        0xF2, 0x19, 0xD8, 0x3B, 0x1F, 0x39, 0x1F, 0x84,
-        0x13, 0x18, 0xEE, 0xF3, 0x5A, 0x32, 0x63, 0x67,
-        0xBF, 0xA2, 0xB1, 0x5F, 0xD7, 0x14, 0x03, 0x20,
-        0x92, 0xB9, 0xD0, 0x2B, 0xF6, 0x13, 0xAF, 0xF7,
-        0x69, 0x6F, 0xAD, 0xF1, 0xDE, 0x2C, 0x81, 0x70,
-        0x77, 0xCB, 0x7C, 0x99, 0x67, 0x76, 0xD6, 0x9E,
-        0xC2, 0x41, 0xA2, 0x42, 0x54, 0xDA, 0x2D, 0x13,
-        0x98, 0x76, 0x91, 0xEA, 0xC7, 0xEB, 0xA8, 0xCD,
-        0x8D, 0xCF, 0xB3, 0x94, 0x7B, 0x1D, 0x99, 0xED,
-        0xF9, 0x62, 0xD2, 0x15, 0xB3, 0x18, 0xBB, 0x5F,
-        0x9A, 0xA0, 0x4D, 0x1C, 0x82, 0x62, 0x6A, 0x41,
-        0x73, 0xD0, 0x2D, 0x41, 0x0C, 0x58, 0x6B, 0xCA,
-        0x4E, 0x51, 0xCA, 0x4F, 0x3E, 0x15, 0x1B, 0x54,
-        0xF1, 0x7A, 0x6B, 0xC9, 0x67, 0x76, 0x09, 0xBB,
-        0xAF, 0x6C, 0x30, 0x38, 0xA6, 0x7C, 0xAD, 0xA6,
-        0x6B, 0x4F, 0xDF, 0xB5, 0x10, 0x29, 0xE0, 0x78,
-        0x07, 0xD7, 0x05, 0x96, 0x9D, 0x96, 0xC9, 0xAB,
-        0xFB, 0x71, 0x62, 0xE4, 0x58, 0x10, 0xA1, 0xDC,
-        0x4B, 0x56, 0xDA, 0x14, 0x77, 0xED, 0x90, 0x0A,
-        0x89, 0xCC, 0xAC, 0x29, 0x8E, 0x17, 0x88, 0x42,
-        0x69, 0xC3, 0x9E, 0x8D, 0x7A, 0xB9, 0x66, 0xF3,
-        0x3D, 0xDA, 0xDB, 0xE5, 0x6A, 0x38, 0x4C, 0xA2,
-        0x0A, 0x7B, 0x18, 0x99, 0xEC, 0x18, 0xE2, 0xAE,
-        0x54, 0x70, 0x00, 0xB9, 0x04, 0xE3, 0x4E, 0x46,
-        0x80, 0x1D, 0x85, 0x74, 0xDB, 0x00, 0x84, 0x17,
-        0xBC, 0xFD, 0xD1, 0xA7, 0x4D, 0xC0, 0x18, 0xE5,
-        0x07, 0xB7, 0x6B, 0x0F, 0xA0, 0x86, 0x26, 0x23,
-        0x5B, 0x1C, 0xE2, 0x4B, 0xCF, 0xC3, 0x20, 0xFA,
-        0xE3, 0x55, 0x1C, 0x1C, 0x92, 0x9B, 0x94, 0xC7,
-        0xC4, 0x96, 0x53, 0x41, 0x82, 0x9D, 0x8A, 0x13,
-        0x47, 0xD6, 0xA7, 0x38, 0x58, 0x03, 0xB0, 0x8B,
-        0xCD, 0xA8, 0x4A, 0x27, 0xEA, 0x5E, 0x49, 0xCA,
-        0x1E, 0x60, 0x06, 0xEA, 0x23, 0x2A, 0x53, 0xEE,
-        0x41, 0x7E, 0xC8, 0x81, 0xD3, 0x32, 0x8A, 0x15,
-        0x63, 0x82, 0xA6, 0xB2, 0x93, 0x89, 0x4D, 0xDF,
-        0x9B, 0x36, 0x9C, 0xDE, 0x6B, 0x2F, 0xF5, 0x9C,
-        0xB6, 0xA5, 0x64, 0xE2, 0x1C, 0x92, 0x79, 0xEC,
-        0xA0, 0x31, 0x1F, 0x5D, 0x80, 0xCE, 0x39, 0xB9,
-        0x8B, 0xF9, 0x0D, 0xB3, 0x27, 0xF7, 0x4D, 0x3F,
-        0x76, 0x2D, 0x11, 0x7D, 0xF5, 0xF9, 0x13, 0x20,
-        0x84, 0xFF, 0xB5, 0x55, 0xA5, 0xD1, 0x47, 0x22,
-        0x1A, 0xF8, 0x63, 0xAB, 0xF7, 0x87, 0x15, 0xB7,
-        0x21, 0x94, 0x52, 0x9A, 0x0E, 0x33, 0x4D, 0x4A,
-        0x19, 0x1D, 0x42, 0xA9, 0x9B, 0xEA, 0x52, 0xAD,
-        0xA2, 0xC7, 0xCC, 0x4A, 0x97, 0x74, 0xD5, 0xCB,
-        0x28, 0xD4, 0xED, 0x82, 0xB6, 0x1F, 0x94, 0xE8,
-        0x9F, 0x60, 0xF0, 0xC8, 0xEA, 0x52, 0xDC, 0x07,
-        0x9D, 0x46, 0x58, 0xBF, 0x8C, 0x85, 0x6D, 0x61,
-        0x52, 0xD9, 0x22, 0x51, 0x94, 0x8B, 0x3B, 0xA0,
-        0x14, 0xD8, 0xBA, 0xF3, 0xDC, 0xD3, 0x6B, 0xC7,
-        0x1F, 0x8E, 0x5B, 0x2C, 0xE6, 0xF5, 0x35, 0xB7,
-        0xB9, 0xAE, 0x13, 0xDA, 0x4A, 0x1E, 0xAF, 0xFC,
-        0x25, 0x3B, 0xE4, 0x3A, 0x9F, 0x60, 0x8E, 0xAC,
-        0xE7, 0x33, 0xCF, 0xCE, 0x52, 0xEA, 0x5C, 0xDA,
-        0x83, 0x59, 0xDB, 0x53, 0xFF, 0x3A, 0xF2, 0xCE,
-        0xFE, 0x87, 0x79, 0xBC, 0xC5, 0x3C, 0x24, 0xA4,
-        0xB1, 0x8D, 0x5E, 0x0D, 0x78, 0x1B, 0xEC, 0xF7,
-        0x5B, 0x54, 0x77, 0x47, 0x3A, 0x20, 0x24, 0xAD,
-        0x56, 0xC5, 0x4A, 0x7F, 0x99, 0x0E, 0xF6, 0xB1,
-        0xDF, 0xAC, 0x50, 0x10, 0x88, 0x50, 0x9D, 0x3A,
-        0x37, 0xF1, 0xC8, 0xD5, 0xC2, 0x64, 0x87, 0xE4,
-        0x20, 0xB7, 0xF4, 0x35, 0x8E, 0x92, 0x69, 0x76,
-        0x1F, 0xF1, 0xFA, 0x3A, 0xFC, 0xBE, 0xCA, 0xEB,
-        0x68, 0xF5, 0xDD, 0xDE, 0x3A, 0xA8, 0xFD, 0x07,
-        0x8C, 0xC4, 0x22, 0x4C, 0xEA, 0x67, 0x13, 0x2D,
-        0x7E, 0xBF, 0x5D, 0x23, 0x2E, 0x43, 0xBA, 0xDD,
-        0x21, 0x8C, 0x0B, 0x4D, 0xBE, 0x1E, 0x16, 0x52,
-        0x98, 0x66, 0xB9, 0xAB, 0x93, 0x58, 0x85, 0xAC,
-        0xB4, 0x15, 0xFB, 0xB1, 0xEE, 0xE6, 0x94, 0x08,
-        0xA5, 0x21, 0xB4, 0x62, 0xEC, 0x59, 0xCD, 0x0D,
-        0x3C, 0x54, 0x96, 0xD9, 0x85, 0xAE, 0xB0, 0xCE,
-        0x37, 0x4F, 0x67, 0x72, 0xA4, 0xE6, 0x39, 0x3A,
-        0x4E, 0xF0, 0x07, 0x43, 0x80, 0x90, 0xA8, 0xA9,
-        0xE5, 0x2D, 0x2F, 0x55, 0x66, 0x6D, 0x70, 0xF0,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
-        0x08, 0x0E, 0x12, 0x19, 0x20
-    };
-#endif
-#ifndef WOLFSSL_NO_ML_DSA_87
-    static const byte pk_87[] = {
-        0x2D, 0x1E, 0x6B, 0xED, 0x84, 0x52, 0xEB, 0xF1,
-        0x26, 0xED, 0xE7, 0x0C, 0xA0, 0xA2, 0xB5, 0x0D,
-        0x03, 0x34, 0x2D, 0x5B, 0x13, 0xB2, 0xAE, 0x21,
-        0x0F, 0x45, 0x62, 0xA3, 0xBF, 0x67, 0x0C, 0xB1,
-        0x5C, 0xE9, 0x25, 0xFD, 0x22, 0xF2, 0x62, 0x42,
-        0xBA, 0xE3, 0x10, 0xB3, 0xAA, 0x41, 0x3B, 0x6E,
-        0x78, 0xD4, 0x42, 0xD9, 0x35, 0xD1, 0x72, 0x8A,
-        0x32, 0x48, 0xCC, 0x20, 0x5C, 0xCD, 0x8D, 0x3F,
-        0xD8, 0x34, 0x95, 0x55, 0x20, 0xCD, 0xFB, 0x2C,
-        0x73, 0xE9, 0x0E, 0x60, 0x8B, 0x2C, 0x3F, 0xA8,
-        0xB7, 0xD1, 0x79, 0xFD, 0xDC, 0xC8, 0x81, 0x11,
-        0xC9, 0xE8, 0x41, 0x71, 0xE9, 0x70, 0x9B, 0x53,
-        0x59, 0x33, 0xE4, 0x92, 0xB6, 0x81, 0x9C, 0x6A,
-        0x92, 0xED, 0xA2, 0x5A, 0xC4, 0x07, 0x77, 0x1A,
-        0x8F, 0xED, 0xB4, 0xE7, 0x11, 0xFB, 0x89, 0xEB,
-        0x7B, 0xDF, 0xCC, 0xEA, 0xC5, 0x3B, 0x4E, 0xF4,
-        0x6B, 0x6F, 0xBE, 0xE1, 0x32, 0xA9, 0xD7, 0xAD,
-        0xB4, 0x36, 0xE7, 0x4A, 0x6D, 0x67, 0x11, 0x83,
-        0xAF, 0x31, 0x1A, 0x7A, 0x31, 0x42, 0x9B, 0x01,
-        0x21, 0x17, 0x52, 0x75, 0x85, 0xF7, 0x92, 0x0F,
-        0x34, 0x8A, 0x69, 0x11, 0x88, 0x5A, 0x02, 0x08,
-        0xB6, 0x6D, 0xE3, 0x07, 0x93, 0xB1, 0x3F, 0xE1,
-        0xD5, 0x7B, 0xD9, 0x51, 0xF7, 0xAA, 0xC0, 0x34,
-        0x9A, 0x78, 0x5D, 0x26, 0xDB, 0xF1, 0xF0, 0xA9,
-        0x1E, 0x5C, 0x9F, 0x4F, 0xA7, 0x43, 0x5C, 0x44,
-        0xA9, 0x43, 0xF1, 0x38, 0x11, 0x45, 0xED, 0xEB,
-        0x1C, 0x8A, 0x05, 0xEE, 0xFF, 0xAB, 0x20, 0x2C,
-        0xF6, 0x2C, 0xEE, 0x77, 0x42, 0x36, 0x3E, 0xE6,
-        0x9D, 0x8E, 0x45, 0x0F, 0xF6, 0x7C, 0x39, 0x62,
-        0xD6, 0xFF, 0x97, 0xBC, 0x3D, 0x02, 0xD6, 0xDF,
-        0x4A, 0x35, 0xDA, 0x3F, 0x89, 0xA4, 0x88, 0x33,
-        0xCD, 0xF2, 0x90, 0xF0, 0xE9, 0x37, 0x2F, 0x65,
-        0xA5, 0x88, 0x65, 0xFD, 0x40, 0x44, 0xAD, 0x09,
-        0x09, 0x92, 0xAA, 0x15, 0x9E, 0xEE, 0xF7, 0x2B,
-        0x0D, 0xA7, 0xCB, 0x3A, 0x5E, 0x0A, 0xED, 0xD6,
-        0x7D, 0x82, 0x8B, 0xBA, 0xCF, 0xE5, 0x9E, 0xE4,
-        0x62, 0xAB, 0x69, 0x6B, 0xBA, 0xD0, 0xE5, 0xA9,
-        0xBB, 0x1F, 0x5A, 0x51, 0xE0, 0xFA, 0x5D, 0xD4,
-        0x4D, 0x8E, 0xC0, 0xDC, 0x43, 0x06, 0xDF, 0x23,
-        0x67, 0xB2, 0x4A, 0xA2, 0xFB, 0x75, 0x2F, 0x82,
-        0xD8, 0x44, 0xE4, 0xC0, 0xCE, 0x15, 0x9E, 0x3F,
-        0xD6, 0xB4, 0x70, 0x5F, 0x3B, 0xD0, 0x56, 0x3E,
-        0x0A, 0x7A, 0x4B, 0x94, 0xBF, 0xBA, 0x01, 0x2B,
-        0x9C, 0x8B, 0x91, 0x35, 0xF2, 0xDB, 0x4C, 0x8C,
-        0x8D, 0xD6, 0xEE, 0xC8, 0x65, 0x8D, 0xF3, 0x05,
-        0x59, 0xBE, 0x3A, 0x17, 0xA7, 0x72, 0x10, 0x56,
-        0x14, 0xEF, 0xB8, 0xC1, 0xBE, 0x18, 0x11, 0x0B,
-        0xE6, 0x70, 0xF8, 0x39, 0xA5, 0x72, 0x7D, 0xF9,
-        0x47, 0xFB, 0xAC, 0xFD, 0x1F, 0xC3, 0x71, 0x33,
-        0x58, 0x44, 0x15, 0xD3, 0x7C, 0x93, 0x2E, 0x70,
-        0x92, 0xFA, 0xBB, 0xF2, 0xD0, 0x9D, 0x25, 0xC4,
-        0xCF, 0x4A, 0xB8, 0xEC, 0xBE, 0x5D, 0x8B, 0x7F,
-        0xA4, 0x7C, 0xAB, 0xAD, 0xE7, 0x1E, 0x93, 0x83,
-        0x92, 0x86, 0x1E, 0x8D, 0x15, 0xA4, 0x1C, 0x5B,
-        0x42, 0x25, 0xDA, 0x3D, 0x16, 0xD3, 0x93, 0xF2,
-        0x85, 0x50, 0x86, 0x0A, 0x86, 0x35, 0x6B, 0x14,
-        0xAB, 0x5F, 0x22, 0xD0, 0xCF, 0x03, 0x7C, 0xEB,
-        0xB4, 0x0E, 0xAC, 0x87, 0xA2, 0x41, 0x42, 0xA0,
-        0x21, 0x93, 0x00, 0xB6, 0x47, 0x6F, 0x96, 0xD0,
-        0x41, 0xD1, 0xC3, 0x0E, 0x3C, 0x52, 0xD2, 0x45,
-        0xAB, 0x6A, 0xE7, 0xA1, 0xE5, 0xFD, 0x73, 0xC5,
-        0x82, 0x9D, 0x60, 0x62, 0x8B, 0x6D, 0x87, 0xFC,
-        0x88, 0x9C, 0x3E, 0xEF, 0xAE, 0xAA, 0xB6, 0x1C,
-        0x18, 0xEE, 0xD7, 0x51, 0x1A, 0x96, 0xC4, 0x93,
-        0x25, 0x05, 0xD3, 0x83, 0x3D, 0xD8, 0x33, 0x16,
-        0x14, 0x44, 0x88, 0xE2, 0xAF, 0xC4, 0xEC, 0x59,
-        0x18, 0x12, 0xB9, 0x99, 0xC1, 0xC9, 0x5F, 0x31,
-        0x79, 0x00, 0x03, 0xF6, 0xC9, 0x55, 0x14, 0xAA,
-        0x29, 0x08, 0x78, 0x24, 0xAF, 0x1D, 0x99, 0x12,
-        0x36, 0xD9, 0x4A, 0xD9, 0x50, 0xEF, 0x66, 0xFC,
-        0x7F, 0xF4, 0xBC, 0x3B, 0xA0, 0xF6, 0xFD, 0xF2,
-        0x62, 0xCA, 0xA5, 0x9D, 0x2B, 0x55, 0xB8, 0x33,
-        0xBC, 0xA6, 0x7A, 0xA5, 0x1E, 0xE1, 0x14, 0x5F,
-        0x94, 0xE2, 0xDC, 0xF0, 0x5B, 0xBD, 0x43, 0x07,
-        0xD8, 0xB1, 0xE0, 0x81, 0x3F, 0x84, 0x54, 0x90,
-        0xBF, 0x23, 0x59, 0x92, 0x3C, 0xA5, 0x98, 0xAB,
-        0x7D, 0x99, 0xD2, 0xF0, 0xED, 0x8E, 0x0B, 0xC9,
-        0x9F, 0xAF, 0xB0, 0x13, 0xED, 0xC7, 0xDD, 0xB8,
-        0x61, 0x72, 0x07, 0x3D, 0xCC, 0x35, 0x73, 0xA0,
-        0xCF, 0x0C, 0xD9, 0x7E, 0x93, 0xDC, 0x63, 0xB8,
-        0x82, 0xEC, 0xF4, 0x30, 0xCE, 0x43, 0x92, 0xEA,
-        0x5E, 0xD8, 0xC8, 0xA1, 0xEC, 0x79, 0xDC, 0xAE,
-        0x64, 0xD4, 0x33, 0xEB, 0x53, 0x8C, 0xFC, 0x49,
-        0x79, 0xBF, 0x7A, 0x28, 0x65, 0x1E, 0x8C, 0xD5,
-        0x21, 0xB0, 0x8E, 0xCA, 0xAD, 0xF8, 0x96, 0x9A,
-        0x98, 0x10, 0x00, 0x35, 0x6D, 0x58, 0x9A, 0xEF,
-        0x84, 0x84, 0x86, 0x72, 0xBA, 0xCD, 0x38, 0x66,
-        0x96, 0x9B, 0xC2, 0x83, 0xB0, 0x65, 0xC1, 0xAB,
-        0xCF, 0x63, 0x8C, 0x2D, 0xC3, 0x42, 0xB2, 0x7D,
-        0xF6, 0xB8, 0xF0, 0x3D, 0x26, 0x21, 0x8F, 0xAE,
-        0x4E, 0x96, 0xF2, 0x55, 0x66, 0xBC, 0x6F, 0xED,
-        0xE7, 0x19, 0xD3, 0x8D, 0xC0, 0xCD, 0x55, 0x20,
-        0x5F, 0x10, 0xCA, 0xDA, 0x09, 0xED, 0x91, 0x4A,
-        0x43, 0x33, 0xD3, 0x82, 0x11, 0x5C, 0x2F, 0x5D,
-        0xEC, 0xCD, 0x54, 0xF9, 0x6C, 0xE4, 0xE5, 0xF2,
-        0x68, 0xBC, 0xE9, 0x27, 0xB2, 0x1D, 0xCA, 0xB5,
-        0xCD, 0x04, 0x01, 0x1E, 0x92, 0xF5, 0xF6, 0x01,
-        0x86, 0x2B, 0x20, 0x20, 0x9B, 0xB0, 0xF9, 0x56,
-        0xD9, 0x33, 0xD5, 0x0A, 0xEC, 0x1B, 0xF4, 0xCE,
-        0xD2, 0xB2, 0xC2, 0xD4, 0x3F, 0x9A, 0x25, 0x76,
-        0x8E, 0x29, 0x87, 0x52, 0x64, 0x86, 0x4A, 0xA5,
-        0x7B, 0x5A, 0x91, 0x72, 0x6E, 0xBE, 0x6D, 0x73,
-        0x0A, 0x8D, 0x89, 0x53, 0x82, 0x33, 0x70, 0x44,
-        0x20, 0xBE, 0xE0, 0xB0, 0x1B, 0x76, 0x30, 0x43,
-        0xA5, 0x5B, 0x8F, 0xAB, 0x7E, 0xB8, 0x61, 0x5F,
-        0x43, 0x70, 0x1B, 0x1A, 0x71, 0x61, 0x56, 0xF9,
-        0x13, 0x31, 0x2A, 0x64, 0x33, 0x14, 0x00, 0x98,
-        0x72, 0xEC, 0x32, 0x88, 0x09, 0xFB, 0x64, 0x46,
-        0x3D, 0x56, 0x02, 0xD9, 0x76, 0xD3, 0xAA, 0x90,
-        0x0F, 0xBD, 0xF0, 0xF9, 0x96, 0x43, 0x7B, 0x62,
-        0x19, 0x26, 0x22, 0x6A, 0x93, 0x91, 0xEC, 0x07,
-        0x34, 0xF5, 0x22, 0x32, 0xB3, 0x65, 0x66, 0xE0,
-        0x6B, 0x11, 0x7F, 0x97, 0x9F, 0x1A, 0x89, 0x46,
-        0xCE, 0x8F, 0xBD, 0xFD, 0x2F, 0xCC, 0x3D, 0xBF,
-        0xF2, 0x83, 0xA4, 0x30, 0xE1, 0x02, 0x72, 0xF8,
-        0x74, 0xE6, 0x21, 0x96, 0x77, 0xE1, 0x57, 0x8A,
-        0xF7, 0x9E, 0xB3, 0x31, 0xAF, 0xD8, 0xC5, 0xD7,
-        0x20, 0xDC, 0xFD, 0xCF, 0x79, 0x06, 0x0F, 0x1F,
-        0xE5, 0x84, 0x3D, 0x0B, 0x9C, 0xB3, 0xC7, 0xAB,
-        0xB8, 0xF1, 0xC0, 0xD0, 0xB5, 0xC7, 0x01, 0xE2,
-        0x0E, 0x3B, 0xAF, 0x7E, 0xAC, 0x44, 0x5A, 0x75,
-        0x50, 0x0A, 0x76, 0x1C, 0x13, 0xDB, 0x25, 0xD4,
-        0x0D, 0x19, 0x75, 0x4C, 0x02, 0xD9, 0xF3, 0xDF,
-        0x6D, 0xBB, 0xCF, 0x47, 0xA6, 0xAE, 0xF6, 0xD1,
-        0xFB, 0xF4, 0xB4, 0x55, 0xD3, 0xA5, 0x87, 0xA1,
-        0x55, 0xFB, 0xBF, 0xCD, 0xF6, 0xA1, 0x64, 0x57,
-        0x12, 0x75, 0x9A, 0x11, 0xA3, 0xCE, 0x42, 0x70,
-        0x84, 0x54, 0x93, 0x12, 0xE1, 0x3A, 0x0F, 0xFA,
-        0xCA, 0xF2, 0x25, 0x91, 0xF1, 0x4D, 0x8F, 0x84,
-        0xB1, 0xB5, 0x35, 0xAC, 0xE9, 0x81, 0x77, 0x34,
-        0x4D, 0x6F, 0x5D, 0x14, 0x9D, 0xB9, 0xE1, 0xF0,
-        0x3F, 0x3C, 0xE7, 0xAD, 0x48, 0xE6, 0x8C, 0x51,
-        0x86, 0xF4, 0x4A, 0xB4, 0xD0, 0x98, 0xEC, 0x3A,
-        0x4E, 0xAB, 0x58, 0x2F, 0x08, 0x9E, 0x5A, 0x9D,
-        0x45, 0x30, 0xB0, 0x85, 0xDF, 0x4A, 0xE7, 0x92,
-        0xC6, 0xC8, 0x18, 0x93, 0x08, 0xCE, 0x9A, 0x8C,
-        0xE2, 0x91, 0x8D, 0x91, 0x57, 0x7B, 0x37, 0xC8,
-        0x80, 0xA2, 0x31, 0x10, 0x0D, 0x4E, 0xEF, 0x51,
-        0x07, 0x94, 0x8E, 0xF8, 0x3C, 0x3C, 0x2E, 0xD5,
-        0x03, 0x26, 0xB8, 0x72, 0x7F, 0xB9, 0xBC, 0xD7,
-        0x95, 0xC4, 0x31, 0x08, 0xEC, 0x6F, 0xEE, 0x11,
-        0xAF, 0xC0, 0xA2, 0xEC, 0xD7, 0xC8, 0x0B, 0xBE,
-        0x15, 0xAE, 0xC9, 0x17, 0xBE, 0x37, 0xE2, 0x40,
-        0x83, 0x65, 0xDE, 0xB3, 0x4E, 0xB4, 0x15, 0xB3,
-        0x5C, 0x14, 0xF6, 0x5F, 0xA9, 0x1F, 0x70, 0xB5,
-        0x23, 0x93, 0x78, 0xB9, 0x47, 0xF9, 0x1D, 0x2B,
-        0x1E, 0x8D, 0xB1, 0x25, 0x7E, 0xE5, 0x85, 0x3C,
-        0x16, 0x9F, 0xD0, 0xC2, 0x67, 0x8B, 0x0D, 0xD2,
-        0x72, 0x4E, 0x74, 0x30, 0xE1, 0xAF, 0xB8, 0x66,
-        0xCB, 0x53, 0xDF, 0xC4, 0xFB, 0xA5, 0x6D, 0x03,
-        0xF2, 0xAE, 0xEE, 0x90, 0xFE, 0xD7, 0x30, 0xAF,
-        0x33, 0x98, 0x09, 0xEB, 0x75, 0xC7, 0x3E, 0xC8,
-        0x2F, 0xE7, 0x22, 0x5F, 0x2F, 0x0A, 0xBD, 0xA4,
-        0x22, 0x88, 0x28, 0x19, 0x35, 0x83, 0x12, 0x86,
-        0xEE, 0x72, 0xB4, 0x26, 0x89, 0x2F, 0xC7, 0x11,
-        0x6E, 0xDD, 0x14, 0x98, 0x22, 0xE7, 0x73, 0x3E,
-        0xFA, 0x46, 0x75, 0xF9, 0x40, 0xC1, 0x84, 0x22,
-        0xBC, 0x75, 0x36, 0xC7, 0x82, 0xD3, 0xAE, 0x6E,
-        0x0D, 0xBF, 0x6F, 0xC3, 0x4B, 0x67, 0x49, 0x19,
-        0xF3, 0x4B, 0x12, 0xF2, 0x83, 0xFD, 0x39, 0x56,
-        0x44, 0x05, 0x3A, 0x24, 0x6A, 0x35, 0x69, 0x12,
-        0xCF, 0xE4, 0x93, 0xFE, 0x26, 0xCC, 0xD6, 0x01,
-        0xA0, 0x4A, 0x84, 0xA8, 0x1D, 0x85, 0xE6, 0x83,
-        0x0F, 0x3C, 0xE6, 0x6D, 0xD2, 0xCB, 0xB1, 0x14,
-        0x8C, 0xEC, 0x10, 0xB3, 0x63, 0x4B, 0x9C, 0xF5,
-        0x11, 0xE0, 0xF9, 0x86, 0x6F, 0xA7, 0xC0, 0x3B,
-        0x9D, 0x25, 0xD7, 0x54, 0xCA, 0x40, 0x4D, 0x26,
-        0xBA, 0x71, 0x8E, 0x25, 0xF5, 0xA7, 0xE3, 0x9B,
-        0x25, 0x20, 0x7F, 0x29, 0x05, 0xB6, 0x27, 0x14,
-        0x17, 0x67, 0x26, 0x10, 0xAD, 0xA3, 0x06, 0x03,
-        0xFE, 0x82, 0x85, 0x5D, 0x01, 0x04, 0x4D, 0xE0,
-        0x64, 0x38, 0x38, 0x5E, 0x83, 0x1E, 0x21, 0x9A,
-        0x39, 0x02, 0xF8, 0xF9, 0x69, 0x85, 0x52, 0xE5,
-        0xEC, 0x6A, 0xAC, 0x96, 0x86, 0xA7, 0x88, 0x69,
-        0xB5, 0xB5, 0x7E, 0x03, 0x1D, 0xA9, 0x68, 0xCA,
-        0x45, 0x0F, 0xF9, 0x14, 0xD6, 0x7B, 0xCF, 0x9C,
-        0x03, 0x6F, 0xD1, 0xD9, 0x6F, 0x01, 0x3D, 0xF8,
-        0xF3, 0x11, 0xF3, 0x29, 0x17, 0x90, 0xE8, 0x9B,
-        0xED, 0x58, 0x9B, 0xF0, 0xBC, 0xC7, 0xBA, 0xF4,
-        0x60, 0xC8, 0xAA, 0x30, 0xB4, 0x2F, 0x22, 0x8F,
-        0xD3, 0xAC, 0x18, 0xC2, 0xB7, 0xC4, 0x7B, 0x31,
-        0x9E, 0x0F, 0x7E, 0x9D, 0xBF, 0xD4, 0x63, 0xC2,
-        0x8B, 0x1B, 0x58, 0x50, 0x33, 0x53, 0x6D, 0x79,
-        0xBB, 0xF8, 0x0D, 0x91, 0x33, 0xD9, 0x07, 0xE7,
-        0xB0, 0x81, 0xD4, 0xB4, 0x47, 0x61, 0x93, 0xF0,
-        0xFB, 0x68, 0xBC, 0x1B, 0x41, 0xC2, 0xF5, 0x43,
-        0x30, 0x7E, 0x76, 0xF9, 0xB1, 0xA3, 0xD6, 0xD4,
-        0x26, 0xEA, 0x77, 0x75, 0x12, 0x7A, 0xC8, 0x30,
-        0x9B, 0xCF, 0x45, 0xBE, 0x74, 0x7D, 0x8A, 0x8B,
-        0xEC, 0xED, 0x11, 0xE6, 0xA1, 0xD1, 0xB8, 0xF1,
-        0x90, 0xAD, 0x6D, 0x6A, 0xC6, 0x54, 0xE9, 0xDB,
-        0xAD, 0x4C, 0x97, 0x39, 0xC8, 0xD8, 0x44, 0xA9,
-        0x1A, 0x37, 0x16, 0x7E, 0x68, 0x45, 0x0C, 0xBB,
-        0x10, 0xF4, 0xAE, 0x8E, 0x2B, 0x69, 0xFA, 0x95,
-        0x3E, 0xA5, 0xC9, 0x91, 0xD3, 0xF1, 0xA3, 0x89,
-        0x3F, 0x90, 0x86, 0x93, 0x1B, 0xF1, 0xA0, 0x89,
-        0xC7, 0xF2, 0x23, 0x57, 0xD4, 0x8E, 0x2F, 0xD5,
-        0x71, 0xCD, 0x36, 0xF1, 0x90, 0xB3, 0x98, 0x3E,
-        0x19, 0xEA, 0xC8, 0x0F, 0x12, 0x9D, 0xBF, 0x58,
-        0xED, 0xDC, 0x6B, 0x9A, 0x79, 0x84, 0xFC, 0xF0,
-        0x4C, 0xC3, 0xB4, 0x0D, 0xB8, 0x7A, 0x8D, 0xAD,
-        0x75, 0x40, 0xD5, 0xD5, 0xDE, 0xC8, 0xCA, 0x39,
-        0x3E, 0x45, 0xE4, 0xBC, 0xF4, 0x33, 0xEA, 0x64,
-        0xE1, 0x5E, 0x94, 0x42, 0x91, 0xAB, 0xBC, 0x42,
-        0x2A, 0xB3, 0xD0, 0x60, 0x23, 0xCE, 0x57, 0x8E,
-        0xFF, 0xAD, 0xA2, 0x2B, 0x64, 0xD9, 0x94, 0xA0,
-        0x80, 0x0F, 0x8E, 0x50, 0x17, 0x08, 0x1D, 0x16,
-        0xCF, 0x51, 0xD0, 0xB9, 0x28, 0xB6, 0x59, 0xEF,
-        0x78, 0xCC, 0xC9, 0x96, 0xF9, 0xCA, 0x87, 0x7A,
-        0xEE, 0xD9, 0x15, 0x5E, 0xDF, 0x5D, 0xBC, 0xC2,
-        0x58, 0xE6, 0x04, 0xEE, 0x17, 0xDC, 0xB3, 0xF9,
-        0x90, 0xF9, 0x88, 0x32, 0x9E, 0xA1, 0xDB, 0x1C,
-        0x38, 0x56, 0x53, 0x90, 0x30, 0x69, 0x2E, 0x52,
-        0x00, 0x2C, 0xF3, 0x0F, 0xD5, 0x80, 0x2E, 0x02,
-        0x5B, 0x99, 0xBF, 0xCD, 0x11, 0x12, 0x64, 0x5B,
-        0x56, 0xC6, 0x0A, 0xE6, 0x38, 0xE7, 0x4D, 0x21,
-        0xE5, 0x98, 0x78, 0x9D, 0xE6, 0xCB, 0x60, 0xB4,
-        0x2E, 0xE4, 0x98, 0x56, 0xCB, 0xAD, 0xE6, 0xDD,
-        0x53, 0xF4, 0xC5, 0x67, 0xA2, 0x9F, 0xA0, 0x5C,
-        0x7C, 0xFB, 0x24, 0x5A, 0xA7, 0x72, 0xD0, 0xE7,
-        0x63, 0xF2, 0x5D, 0xBF, 0xD8, 0xE9, 0xF1, 0x6B,
-        0xB4, 0x29, 0xA6, 0x28, 0xE6, 0x93, 0xD3, 0x87,
-        0xB6, 0xD9, 0x3C, 0x39, 0x8D, 0xEA, 0x28, 0xC0,
-        0x96, 0x3D, 0xF5, 0xC2, 0x3C, 0x29, 0xF2, 0x80,
-        0x21, 0x8A, 0x03, 0x9D, 0x64, 0xF8, 0xBA, 0x81,
-        0xC1, 0xDD, 0xA2, 0x88, 0x2A, 0x84, 0x2E, 0x3C,
-        0xB5, 0x03, 0x95, 0xED, 0xAA, 0x6E, 0xE2, 0x6F,
-        0x5E, 0x99, 0x3C, 0x63, 0xEE, 0xB8, 0x4F, 0x66,
-        0x32, 0x77, 0x42, 0x23, 0x36, 0x29, 0x89, 0xB0,
-        0xED, 0x5F, 0xF2, 0x5A, 0x65, 0x66, 0x3F, 0xD2,
-        0x8B, 0x48, 0x68, 0x65, 0xDC, 0xE0, 0xB0, 0xC2,
-        0x72, 0x73, 0xF1, 0xA4, 0xC6, 0x56, 0x2C, 0x5D,
-        0xD8, 0xC6, 0x5C, 0x41, 0xCE, 0x30, 0x89, 0x59,
-        0xA9, 0xD6, 0x45, 0x96, 0xD0, 0x8E, 0x7B, 0x25,
-        0xE0, 0x13, 0xFB, 0xFE, 0x7C, 0xEA, 0xF3, 0x67,
-        0x0D, 0xB2, 0x9A, 0x21, 0x3C, 0xCE, 0x99, 0x75,
-        0xA9, 0x13, 0xCE, 0xF4, 0x23, 0x6E, 0x64, 0x00,
-        0x30, 0x87, 0x70, 0x9C, 0xAD, 0x61, 0x81, 0x71,
-        0x0E, 0x95, 0x19, 0x26, 0xCA, 0x55, 0x29, 0x71,
-        0x99, 0xA6, 0x08, 0xAE, 0x54, 0x58, 0x75, 0xCD,
-        0xC3, 0x8F, 0xE3, 0x83, 0xC1, 0x45, 0x62, 0xB4,
-        0x8D, 0xCA, 0x66, 0x02, 0xEA, 0x34, 0x05, 0x5D,
-        0x98, 0x3F, 0x38, 0xE6, 0x1C, 0xCE, 0x53, 0x1A,
-        0xD9, 0x3F, 0x58, 0xEC, 0x16, 0x28, 0x45, 0xF5,
-        0x38, 0xCE, 0x48, 0x43, 0x87, 0x1D, 0x3C, 0x4A,
-        0xDF, 0x05, 0xF3, 0x5E, 0x29, 0x7E, 0xA6, 0x2E,
-        0xFC, 0xDD, 0x5E, 0xF9, 0x40, 0x1B, 0xA0, 0x42,
-        0xA2, 0x35, 0x15, 0x0A, 0x09, 0xD9, 0x47, 0x4A,
-        0x3F, 0xB0, 0x3A, 0xAA, 0x19, 0xE7, 0xE3, 0x7A,
-        0x22, 0x8D, 0x5F, 0x5B, 0x07, 0x41, 0x4C, 0x3D,
-        0xA2, 0xAD, 0x2E, 0x5C, 0x75, 0xEC, 0xF0, 0x4C,
-        0x11, 0x2B, 0x90, 0x76, 0x9E, 0x19, 0x96, 0x0E,
-        0x97, 0x5E, 0x8D, 0x19, 0x17, 0xB3, 0xBF, 0xDA,
-        0x84, 0xFD, 0xC6, 0xD2, 0x32, 0x6F, 0xB8, 0xA3,
-        0xB0, 0x0F, 0x95, 0xD9, 0xC5, 0x26, 0x50, 0x11,
-        0x15, 0x72, 0xBE, 0xC2, 0x1B, 0x12, 0x12, 0x7C,
-        0xA5, 0x70, 0xD8, 0xA9, 0x8A, 0xB9, 0x77, 0xEB,
-        0xD8, 0xD7, 0x9A, 0x59, 0x37, 0x5E, 0xE1, 0x4F,
-        0x64, 0xB5, 0xB0, 0x4F, 0xD9, 0x69, 0xFE, 0xB0,
-        0x3D, 0x0A, 0xF7, 0x34, 0x89, 0xE3, 0xBA, 0xEF,
-        0xE7, 0xC7, 0xBC, 0x8D, 0xC7, 0xE8, 0x54, 0x83,
-        0xEE, 0x62, 0xF0, 0x23, 0x98, 0x58, 0x0F, 0x83,
-        0xB9, 0x6D, 0xD8, 0x44, 0x77, 0xB9, 0xC4, 0x8F,
-        0x0B, 0xB3, 0x9F, 0x54, 0x06, 0xA3, 0x70, 0x36,
-        0xD6, 0xF3, 0x6E, 0x2B, 0x1B, 0x6B, 0x53, 0xFE,
-        0x6F, 0xF6, 0x1C, 0x32, 0x7B, 0x29, 0xD4, 0xE0,
-        0x5D, 0xD2, 0xB8, 0x11, 0x74, 0xC6, 0x0B, 0x59,
-        0xC7, 0x9C, 0xB1, 0x97, 0x6B, 0xC0, 0x6E, 0x7A,
-        0xC3, 0x4D, 0xF3, 0xE3, 0x8F, 0x7D, 0x2C, 0x1C,
-        0x0E, 0x31, 0x51, 0xB7, 0x14, 0x7A, 0xB8, 0x31,
-        0x77, 0x47, 0x70, 0x14, 0x3B, 0x92, 0x7B, 0x5F,
-        0xEC, 0x5D, 0xF7, 0x76, 0xC1, 0xD7, 0x2D, 0xB6,
-        0xBC, 0x99, 0x81, 0xD6, 0x58, 0x67, 0x71, 0x3C,
-        0xF2, 0x97, 0xC8, 0xB0, 0xF1, 0xE9, 0x8D, 0x0E,
-        0x16, 0xF0, 0xCC, 0x22, 0x7A, 0x39, 0xE4, 0x7E,
-        0x50, 0xBA, 0x01, 0x16, 0x15, 0x6D, 0x5B, 0x54,
-        0x67, 0x53, 0x66, 0x04, 0xBE, 0x05, 0xCC, 0x2E,
-        0xF4, 0x0A, 0xBC, 0xE8, 0x52, 0xF1, 0x5D, 0xFA,
-        0x2C, 0xAC, 0xF8, 0x6A, 0x78, 0x9E, 0x5B, 0x7B,
-        0x0E, 0x5B, 0xB4, 0xB7, 0x77, 0xCD, 0x7C, 0xC9,
-        0xF6, 0x54, 0x77, 0x9B, 0x10, 0x2F, 0x78, 0xB5,
-        0xAA, 0x4B, 0x94, 0xC3, 0xB4, 0xFD, 0xE5, 0x5F,
-        0xA7, 0xF7, 0xBF, 0x54, 0xAC, 0x22, 0x5E, 0x1F,
-        0x26, 0x16, 0x5B, 0x65, 0xF1, 0x6D, 0x03, 0x21,
-        0x66, 0x9F, 0xD9, 0xF6, 0xE4, 0x7F, 0xCA, 0x1D,
-        0xD3, 0x47, 0x09, 0x6D, 0xF5, 0xDD, 0xA8, 0x64,
-        0x66, 0xA5, 0x7C, 0x5B, 0x06, 0x8D, 0x9C, 0x67,
-        0xB7, 0x32, 0x03, 0x66, 0xEA, 0x19, 0xC8, 0x99,
-        0x3F, 0xF9, 0x0B, 0xD8, 0xFB, 0x06, 0x93, 0xFB,
-        0xA3, 0x70, 0xE6, 0x6D, 0x2B, 0x20, 0x3B, 0x99,
-        0x70, 0x11, 0xB0, 0xD1, 0x5B, 0x94, 0xE2, 0x8B,
-        0xAA, 0x2E, 0xBF, 0x01, 0x77, 0x4F, 0x7A, 0xE7,
-        0x8F, 0x84, 0xED, 0xBD, 0xAD, 0x9F, 0x65, 0xA4,
-        0x50, 0x42, 0x7A, 0x47, 0x74, 0xC6, 0x0C, 0xC8,
-        0x9A, 0x02, 0x0B, 0x37, 0xDA, 0x21, 0xC7, 0x91,
-        0xDA, 0xC8, 0xF7, 0xA7, 0x45, 0x7E, 0x30, 0xD0,
-        0x8B, 0x01, 0x37, 0x51, 0x60, 0x03, 0x9C, 0x30,
-        0x1B, 0x60, 0x51, 0xA9, 0x65, 0xE8, 0xA7, 0xCC,
-        0xA2, 0xAE, 0xF9, 0x3B, 0xD5, 0x2F, 0x82, 0xC0,
-        0x20, 0xBE, 0xCE, 0x90, 0xA1, 0x29, 0x02, 0x4E,
-        0xFE, 0xA4, 0xB2, 0xFA, 0x21, 0x27, 0x0F, 0x8E,
-        0xB5, 0xED, 0x6A, 0xAA, 0xE5, 0x59, 0x29, 0xAA,
-        0xC5, 0x99, 0xA5, 0x77, 0x97, 0x29, 0x57, 0x66,
-        0x0C, 0xC4, 0x7A, 0xC4, 0xE3, 0xCE, 0x77, 0x2B,
-        0xBF, 0x10, 0x05, 0x2D, 0xE7, 0xED, 0xB1, 0xB8,
-        0xA4, 0x49, 0x41, 0xF8, 0x84, 0xC9, 0xF8, 0xBE,
-        0x13, 0x17, 0x46, 0x69, 0x94, 0x56, 0x29, 0xF4,
-        0x6D, 0xE2, 0x46, 0x74, 0x44, 0xF3, 0x10, 0x6A,
-        0x73, 0xFA, 0x27, 0x9C, 0xF0, 0x2A, 0x80, 0x0A,
-        0x04, 0x7E, 0x20, 0xBD, 0x4D, 0x82, 0x0B, 0x38,
-        0x9C, 0x3B, 0xB6, 0xA8, 0x68, 0xA5, 0x38, 0x4C,
-        0xF5, 0x72, 0x4C, 0x20, 0x4C, 0xEF, 0xB1, 0xA6,
-        0xA1, 0xBE, 0xB9, 0x72, 0x3E, 0x36, 0xDD, 0xDD,
-        0xD9, 0xC7, 0x07, 0xC8, 0xF6, 0x3E, 0x8B, 0xC2,
-        0x66, 0x83, 0xCC, 0x8B, 0x43, 0xC7, 0xDF, 0xDA,
-        0xA4, 0x08, 0xAC, 0x4D, 0xD2, 0xBA, 0x9A, 0xEC,
-        0xBC, 0x3B, 0x6D, 0xDA, 0xED, 0xCE, 0x09, 0x4A,
-        0xAB, 0x58, 0xFF, 0x73, 0x2B, 0x19, 0x66, 0x38,
-        0xD8, 0xB8, 0xEF, 0xC4, 0x28, 0xBB, 0xA9, 0x61,
-        0x57, 0x93, 0xC4, 0xDD, 0x9F, 0x00, 0xF9, 0x0D,
-        0x62, 0xC6, 0x76, 0xD1, 0x27, 0xA0, 0xE1, 0x8C,
-        0x14, 0xC6, 0xEE, 0x9C, 0x99, 0x05, 0x10, 0xB0,
-        0x54, 0xAD, 0xB4, 0xB4, 0x17, 0x0A, 0xC7, 0x12,
-        0x7F, 0x93, 0x17, 0x5C, 0x1E, 0xB2, 0x25, 0x12
-    };
-    static const byte msg_87[] = {
-        0x14, 0x42, 0x63, 0x34, 0x94, 0x09, 0x60, 0x77,
-        0x3B, 0xFF, 0x65, 0xF0, 0x8D, 0x1D, 0xE4, 0x89,
-        0xC4, 0xC3, 0xED, 0x36
-    };
-    static const byte sig_87[] = {
-        0x13, 0xE8, 0x99, 0xEE, 0xDC, 0xCC, 0x0F, 0xBA,
-        0x62, 0x91, 0x44, 0xE4, 0xAC, 0x06, 0x79, 0x06,
-        0xB5, 0x32, 0x6B, 0x8F, 0x9A, 0x6C, 0xCB, 0xAB,
-        0xE1, 0x44, 0x4A, 0xDD, 0x46, 0x45, 0x16, 0x0D,
-        0x22, 0x57, 0x82, 0x87, 0x10, 0xD1, 0xEE, 0x10,
-        0x60, 0x21, 0xB5, 0x64, 0x1E, 0x78, 0x81, 0x55,
-        0x75, 0xD4, 0xF0, 0x95, 0xD0, 0x15, 0xD8, 0x46,
-        0x5C, 0x92, 0xD2, 0xDD, 0xF4, 0xAB, 0xDF, 0xBE,
-        0xB1, 0x1E, 0xE5, 0xE0, 0x70, 0xE6, 0xDA, 0x52,
-        0xE5, 0x48, 0xDC, 0x04, 0xFD, 0xEF, 0x54, 0x72,
-        0xE7, 0xE5, 0xF1, 0x82, 0x10, 0xAA, 0xCB, 0xA0,
-        0x4F, 0x4F, 0x18, 0xAE, 0x66, 0x86, 0xB9, 0xAF,
-        0x96, 0x57, 0xE3, 0x8E, 0x3B, 0x9B, 0xDD, 0xB4,
-        0xAA, 0x84, 0xE6, 0x7B, 0x4D, 0x81, 0x92, 0xD0,
-        0x03, 0x87, 0x3D, 0xD3, 0xEE, 0xE7, 0x47, 0x00,
-        0xFB, 0xD8, 0x1E, 0x38, 0x1C, 0x21, 0x98, 0xB7,
-        0xCC, 0xC1, 0x37, 0xC1, 0x71, 0xB2, 0x2F, 0x93,
-        0x53, 0x41, 0x9C, 0x48, 0xC1, 0x4B, 0x8D, 0x63,
-        0x0F, 0x99, 0x63, 0x40, 0x27, 0x5F, 0x6E, 0x60,
-        0x4B, 0x95, 0xC4, 0x35, 0x20, 0x8A, 0xED, 0x2B,
-        0xCA, 0x1B, 0x41, 0x9F, 0x83, 0x63, 0xF0, 0x95,
-        0x0E, 0x24, 0x0D, 0x6F, 0x9E, 0xAB, 0x11, 0x8E,
-        0x4B, 0xD3, 0xDA, 0x0E, 0xC3, 0xA2, 0xBE, 0x26,
-        0xA8, 0xA0, 0x98, 0x57, 0x71, 0x3C, 0x36, 0xDD,
-        0x69, 0xC3, 0x4E, 0xDD, 0x2C, 0x61, 0x9E, 0x88,
-        0x26, 0x70, 0x71, 0xCF, 0x9E, 0xE5, 0xA6, 0x0C,
-        0xA3, 0x14, 0x2D, 0xF1, 0x63, 0xF0, 0x1D, 0x8D,
-        0x79, 0x6A, 0xC8, 0x50, 0xCF, 0xF3, 0x66, 0x60,
-        0x78, 0xB3, 0x18, 0xFB, 0x5B, 0xD1, 0x73, 0x60,
-        0xC8, 0x76, 0xC9, 0xC9, 0x0D, 0x8A, 0x7F, 0x41,
-        0x2C, 0x8A, 0x31, 0x61, 0x6B, 0xE7, 0xA3, 0x74,
-        0x58, 0x71, 0x54, 0x84, 0x86, 0x71, 0x5C, 0x94,
-        0x26, 0x3A, 0x17, 0xB3, 0x6C, 0xA4, 0x99, 0x25,
-        0x45, 0x0C, 0x57, 0x8A, 0xD9, 0xD4, 0xB1, 0xC2,
-        0x00, 0x43, 0xF4, 0x5E, 0x84, 0x31, 0x99, 0x4F,
-        0xA6, 0xD2, 0x6A, 0x14, 0x1B, 0xAD, 0x9E, 0x49,
-        0x6E, 0x00, 0x9E, 0x91, 0x46, 0x16, 0xCA, 0x57,
-        0x0C, 0x09, 0xF6, 0x38, 0xD0, 0x62, 0xBE, 0xC6,
-        0x87, 0x33, 0x3A, 0xC7, 0x28, 0x38, 0x34, 0x53,
-        0x7E, 0xFB, 0x60, 0x42, 0xF3, 0x7D, 0x83, 0xF7,
-        0x29, 0x5D, 0xEA, 0x30, 0xD5, 0x00, 0x90, 0xB6,
-        0x38, 0x4C, 0x17, 0x29, 0xEF, 0x17, 0xA0, 0xD5,
-        0x87, 0x50, 0xC0, 0x03, 0x75, 0x14, 0xE5, 0xE1,
-        0x22, 0x78, 0x53, 0xBC, 0x5A, 0xA3, 0x1E, 0x95,
-        0xBE, 0xEC, 0x37, 0xB1, 0x51, 0x82, 0x69, 0x26,
-        0x2E, 0xA3, 0x5A, 0xDA, 0x4F, 0xDA, 0x77, 0x62,
-        0x7E, 0xED, 0xDA, 0xAF, 0x57, 0x97, 0x1B, 0xA3,
-        0x6D, 0x46, 0x7B, 0x19, 0xA9, 0x0B, 0x99, 0x1C,
-        0xD2, 0x55, 0xDB, 0x79, 0xB0, 0x15, 0x48, 0x86,
-        0x52, 0x30, 0x31, 0xD6, 0xC5, 0xB1, 0xAE, 0x8F,
-        0xCF, 0x9A, 0x43, 0x10, 0xBB, 0xC8, 0x19, 0x74,
-        0x84, 0xB2, 0x92, 0x3B, 0xFE, 0x0B, 0x12, 0x15,
-        0xA1, 0xC4, 0xD8, 0xC6, 0x83, 0x90, 0x89, 0x8A,
-        0xD5, 0x3E, 0x33, 0x69, 0xB7, 0x05, 0x3F, 0xB1,
-        0x8B, 0x0D, 0x87, 0x40, 0x70, 0x90, 0x2A, 0x5D,
-        0x3B, 0x3D, 0x91, 0xD8, 0x1D, 0x4D, 0xF1, 0x08,
-        0x7E, 0xF7, 0xDC, 0x05, 0x84, 0xEB, 0xDC, 0x63,
-        0xD7, 0xBA, 0x3C, 0x0D, 0x31, 0xF8, 0x6D, 0xA6,
-        0xC0, 0xFD, 0x08, 0x11, 0x5C, 0x53, 0xF6, 0xAE,
-        0xFE, 0xC0, 0x82, 0x9A, 0x68, 0xD2, 0xA3, 0x44,
-        0x2E, 0xEE, 0x47, 0x36, 0x70, 0x2D, 0x66, 0x81,
-        0x0D, 0x62, 0x30, 0x8A, 0x8C, 0xC8, 0x2A, 0xA6,
-        0x21, 0x82, 0xF5, 0x98, 0xF4, 0x4E, 0x25, 0x37,
-        0x11, 0xB5, 0xD6, 0x07, 0x88, 0xBD, 0x0D, 0x69,
-        0x0E, 0xF9, 0x8F, 0x9A, 0xD5, 0x93, 0xE0, 0x3C,
-        0xEF, 0x38, 0xB9, 0xC9, 0x77, 0x98, 0x3F, 0x69,
-        0x11, 0xBA, 0x1A, 0xB9, 0xF7, 0x35, 0xE9, 0x28,
-        0xCD, 0xA3, 0x8C, 0x03, 0xE6, 0xAD, 0x83, 0x62,
-        0xF4, 0x60, 0xAE, 0x4C, 0xD0, 0xF4, 0x6E, 0x00,
-        0xEE, 0xEC, 0x74, 0xB6, 0x12, 0x34, 0x98, 0xAB,
-        0x31, 0xE7, 0xA7, 0x9D, 0x33, 0x4D, 0x72, 0xA7,
-        0xA7, 0xEE, 0xF3, 0xB5, 0x51, 0xE7, 0x8D, 0x31,
-        0xBC, 0x2C, 0xAF, 0xFB, 0x13, 0x9C, 0xAC, 0xA4,
-        0xD7, 0x9C, 0x8B, 0xBD, 0x52, 0xBD, 0x78, 0xF4,
-        0x90, 0x65, 0x09, 0xBE, 0x42, 0xE7, 0x76, 0x3A,
-        0xE6, 0xAC, 0xB8, 0x98, 0x28, 0x5E, 0xC9, 0x32,
-        0x3E, 0x68, 0x67, 0x6A, 0x8C, 0xC7, 0x4A, 0x58,
-        0xC8, 0xDA, 0x8B, 0xE9, 0x11, 0xED, 0x6F, 0x51,
-        0x3B, 0x66, 0x08, 0x70, 0x73, 0x10, 0xFB, 0x45,
-        0xCB, 0xD9, 0x7D, 0x5F, 0xF0, 0xD2, 0xAB, 0xA3,
-        0x6F, 0xCE, 0xF7, 0x3D, 0x46, 0xCB, 0x7F, 0x01,
-        0xC2, 0xCF, 0xE3, 0x8E, 0x68, 0xE8, 0x4F, 0x4A,
-        0x30, 0x19, 0x16, 0xD2, 0xF5, 0x10, 0xD8, 0x2B,
-        0x49, 0x69, 0xBE, 0x7A, 0x0E, 0x9C, 0xC6, 0x0E,
-        0xFF, 0x5C, 0x0A, 0x87, 0x17, 0xB8, 0x22, 0x83,
-        0x8C, 0x77, 0xAF, 0x42, 0x06, 0xB1, 0x25, 0x45,
-        0x08, 0x9B, 0xB2, 0xDD, 0x6A, 0x3F, 0xF0, 0x12,
-        0xC8, 0x64, 0x15, 0xBB, 0xA0, 0x4F, 0xD7, 0xD4,
-        0xEC, 0x70, 0x7A, 0xF3, 0xB1, 0x7F, 0x25, 0x57,
-        0x47, 0x66, 0xF1, 0xE9, 0x27, 0x38, 0xE0, 0x62,
-        0x10, 0xF4, 0x8A, 0x5E, 0xF2, 0x55, 0x0E, 0xBD,
-        0xF8, 0x5A, 0x5C, 0xA3, 0x44, 0x97, 0xCF, 0x1D,
-        0x4D, 0x3A, 0x75, 0x86, 0x48, 0xEC, 0x41, 0x17,
-        0x24, 0x43, 0x83, 0x5E, 0x50, 0x91, 0xBE, 0x8F,
-        0x04, 0x78, 0x23, 0xD9, 0x62, 0x0C, 0x2A, 0xD5,
-        0x1C, 0x96, 0x11, 0xAA, 0xEE, 0x39, 0xB2, 0x1E,
-        0x6D, 0x6A, 0xEC, 0x87, 0x0C, 0x89, 0x15, 0xE2,
-        0x66, 0x47, 0x6A, 0x50, 0xEE, 0xCA, 0x59, 0x96,
-        0x22, 0xF7, 0x09, 0x1A, 0x34, 0xC2, 0x3F, 0x14,
-        0xB4, 0x04, 0x29, 0xD9, 0x5E, 0x3E, 0xF9, 0x8F,
-        0xED, 0x3E, 0x74, 0x94, 0x37, 0xF0, 0x4B, 0xB4,
-        0xA3, 0x37, 0x52, 0x2E, 0x68, 0x09, 0xFC, 0x10,
-        0x45, 0x03, 0xE2, 0x53, 0xB4, 0x1C, 0x4F, 0x03,
-        0x01, 0xAF, 0x46, 0x7F, 0x74, 0xD3, 0x31, 0x25,
-        0xFA, 0x83, 0xEF, 0x71, 0x24, 0x45, 0xA1, 0x71,
-        0xFA, 0x40, 0xEB, 0xF4, 0xE6, 0x55, 0x3E, 0x45,
-        0x4A, 0xFE, 0x25, 0x68, 0x02, 0x1D, 0x2B, 0x2A,
-        0x19, 0x8D, 0xEC, 0x9B, 0xF7, 0x20, 0xF9, 0xD7,
-        0x2F, 0x81, 0x52, 0x0B, 0xE8, 0x74, 0x66, 0xAF,
-        0x70, 0xD0, 0x0E, 0x0E, 0x86, 0x0F, 0xF9, 0xAB,
-        0xD0, 0x39, 0x78, 0xC3, 0xE4, 0x29, 0xB5, 0xAA,
-        0x17, 0xB9, 0x7F, 0x9A, 0xE9, 0x34, 0x48, 0x85,
-        0x3D, 0x6E, 0xFD, 0x16, 0x8A, 0x30, 0xC6, 0xCB,
-        0xE8, 0xDE, 0x2D, 0x28, 0x8D, 0x9A, 0x24, 0xEA,
-        0x5D, 0x2A, 0x58, 0x23, 0x33, 0x2B, 0x84, 0xFD,
-        0x2C, 0xE7, 0x93, 0xA2, 0x2B, 0xEC, 0x43, 0x98,
-        0x48, 0xD4, 0xE6, 0x0F, 0x3B, 0xB9, 0xC7, 0x5D,
-        0x7E, 0xB0, 0x87, 0x1E, 0x80, 0x3D, 0x61, 0xB0,
-        0x7E, 0x74, 0x9E, 0xD7, 0x60, 0x72, 0xB2, 0x7C,
-        0x87, 0xB6, 0x9D, 0x6C, 0x01, 0x42, 0x61, 0xF6,
-        0x47, 0xAF, 0xA8, 0x8C, 0x4F, 0x1E, 0xC5, 0x5A,
-        0x75, 0xA5, 0x0F, 0xB4, 0xC7, 0x9D, 0x2C, 0x94,
-        0xC0, 0x50, 0x3D, 0xB2, 0x0D, 0xFD, 0xF7, 0x1F,
-        0x62, 0x88, 0x74, 0x18, 0x8C, 0xDD, 0x73, 0x85,
-        0xC0, 0x33, 0x81, 0xDA, 0xBB, 0x85, 0x4D, 0x4A,
-        0xA9, 0xF4, 0x7B, 0x66, 0x43, 0x8C, 0x43, 0xFF,
-        0x53, 0xEF, 0x5E, 0x78, 0xAB, 0x45, 0x0B, 0x45,
-        0x01, 0x91, 0x27, 0x8A, 0xF6, 0xE2, 0x6A, 0x7B,
-        0x5E, 0x64, 0x61, 0xF5, 0x77, 0xF9, 0x85, 0x2F,
-        0x81, 0xC9, 0x02, 0x03, 0xC7, 0x13, 0xF5, 0xB1,
-        0xF6, 0xC3, 0xEF, 0x55, 0x8C, 0x90, 0x32, 0x51,
-        0x6D, 0x8D, 0x62, 0xFD, 0x5E, 0x24, 0xE4, 0xF0,
-        0xF5, 0x07, 0x18, 0xF5, 0x6B, 0x5A, 0x59, 0xA0,
-        0x09, 0xD5, 0x93, 0x8D, 0xAD, 0x55, 0x91, 0xF6,
-        0x1F, 0x4C, 0x65, 0x9A, 0x76, 0x05, 0x26, 0xEF,
-        0x41, 0x20, 0x2F, 0xA7, 0xE5, 0xF6, 0xC7, 0xD5,
-        0xE0, 0xB0, 0xC0, 0xC4, 0x3B, 0x52, 0x4B, 0x66,
-        0x71, 0x2C, 0x5A, 0x7C, 0x53, 0xC8, 0x4C, 0x50,
-        0xB8, 0x3E, 0xB9, 0xC9, 0x8D, 0x2F, 0xD0, 0x84,
-        0xC9, 0xC5, 0xF2, 0x1F, 0xEE, 0x77, 0x42, 0xE6,
-        0xEF, 0xC8, 0xCB, 0xBE, 0x57, 0x18, 0xB7, 0x0C,
-        0x06, 0x2D, 0x82, 0xE2, 0xF9, 0x86, 0xF3, 0x8D,
-        0xF1, 0xE7, 0x15, 0x89, 0xDC, 0x79, 0x87, 0x24,
-        0x35, 0x62, 0xA2, 0x31, 0x9D, 0x7C, 0x00, 0xB2,
-        0x6E, 0x53, 0x1E, 0x93, 0xC3, 0x84, 0x44, 0x61,
-        0x8C, 0xE7, 0x58, 0x73, 0x4F, 0xDE, 0xCF, 0xD0,
-        0xC6, 0x85, 0x37, 0x28, 0xC6, 0x10, 0x00, 0x78,
-        0x4E, 0xDF, 0xFE, 0xD7, 0xB3, 0x30, 0x86, 0xE1,
-        0x68, 0xD6, 0xCB, 0x63, 0xE3, 0xDA, 0xCA, 0xF3,
-        0x55, 0x2F, 0x88, 0x5B, 0x47, 0x82, 0x62, 0xDE,
-        0x5E, 0x1E, 0x63, 0xCE, 0x7A, 0x4C, 0x66, 0x95,
-        0xD1, 0x19, 0x38, 0x35, 0xE4, 0x5A, 0x67, 0x91,
-        0x8C, 0x42, 0xD3, 0x9B, 0xF8, 0x80, 0x38, 0x53,
-        0x30, 0x31, 0x0F, 0x2C, 0x7B, 0xF9, 0x1E, 0x6C,
-        0x3E, 0x29, 0xB7, 0x81, 0xD0, 0x98, 0x70, 0xC2,
-        0x6D, 0x76, 0xBD, 0x8A, 0xE2, 0x09, 0xC4, 0x2B,
-        0xC7, 0x43, 0x2D, 0xBB, 0x4C, 0x16, 0x52, 0x63,
-        0x57, 0xA5, 0x63, 0x4E, 0xEC, 0xDE, 0x93, 0xC5,
-        0x1D, 0xD4, 0xD6, 0xF0, 0x06, 0x5B, 0x2E, 0xC5,
-        0x7A, 0xD3, 0xB5, 0x82, 0x66, 0x53, 0x95, 0x97,
-        0xC8, 0xF4, 0x2B, 0x55, 0x27, 0x1D, 0x6F, 0x90,
-        0xE9, 0x86, 0xF6, 0x82, 0x8D, 0x95, 0x9E, 0xE8,
-        0x00, 0xDB, 0xEB, 0xCF, 0x48, 0x23, 0x6B, 0xA3,
-        0xDE, 0x25, 0x27, 0xE0, 0xEC, 0xA4, 0xA3, 0xC2,
-        0xA3, 0x4B, 0xBC, 0xDD, 0x6C, 0xBB, 0x3A, 0x9C,
-        0x96, 0xDC, 0x3B, 0xE1, 0x10, 0xD3, 0x49, 0x94,
-        0x66, 0xE2, 0x85, 0x7F, 0xBA, 0x98, 0x12, 0x3A,
-        0x6D, 0xBA, 0x90, 0x14, 0x87, 0x7E, 0x24, 0xEA,
-        0xDC, 0xCA, 0x40, 0xF8, 0xAE, 0x94, 0xB2, 0xFE,
-        0xD2, 0x36, 0xCB, 0xE5, 0xBC, 0xA9, 0xDF, 0xE0,
-        0xCB, 0xA9, 0xA0, 0xF8, 0x62, 0x41, 0x33, 0x18,
-        0x59, 0xF9, 0xD6, 0xC0, 0x87, 0xB2, 0x76, 0xDE,
-        0xC9, 0x35, 0x6F, 0x1F, 0xEF, 0x69, 0xB3, 0x59,
-        0xF9, 0xFB, 0x38, 0x4A, 0x84, 0x02, 0x2D, 0xEC,
-        0xB7, 0x01, 0x08, 0xDA, 0xC8, 0xE9, 0x3B, 0xB6,
-        0xC3, 0x00, 0xC0, 0x34, 0x5F, 0xC6, 0x40, 0xC0,
-        0x06, 0xEA, 0xEB, 0xC1, 0x51, 0x13, 0x81, 0x2F,
-        0xB3, 0x7D, 0xD9, 0x6E, 0x2A, 0x06, 0xA4, 0x63,
-        0xAF, 0xCE, 0x66, 0xC5, 0x9F, 0x8D, 0x71, 0x4A,
-        0xA1, 0xFF, 0x49, 0x4F, 0x08, 0x6F, 0xB9, 0xEA,
-        0xDA, 0x18, 0x45, 0x63, 0xCA, 0x9D, 0x88, 0x08,
-        0xB1, 0x6C, 0x19, 0xA8, 0x24, 0xAD, 0x85, 0x7D,
-        0xDE, 0x51, 0xE5, 0x08, 0xB7, 0x04, 0x12, 0x35,
-        0xF3, 0x00, 0xED, 0x2C, 0x79, 0x9C, 0x18, 0x23,
-        0x05, 0x38, 0x95, 0x76, 0xCF, 0x39, 0x3C, 0xAE,
-        0xB0, 0xD3, 0xBA, 0x3E, 0x4E, 0xE4, 0xB5, 0x77,
-        0xA3, 0xE3, 0x7B, 0x27, 0x5F, 0xD8, 0x05, 0x19,
-        0x42, 0xAE, 0x91, 0x54, 0xE5, 0xBD, 0x7C, 0x35,
-        0xE0, 0xF8, 0x95, 0x52, 0x3A, 0x29, 0xB0, 0xE6,
-        0xB7, 0xAE, 0x20, 0xBE, 0x21, 0xDF, 0xF5, 0x67,
-        0xEC, 0x82, 0x52, 0xFF, 0x5B, 0xD0, 0xAA, 0x14,
-        0x50, 0x15, 0xE1, 0x1C, 0x6A, 0x1B, 0x94, 0x1B,
-        0xCC, 0x76, 0x01, 0xBF, 0x03, 0x94, 0x42, 0xF2,
-        0x00, 0x61, 0x96, 0x58, 0xD9, 0xD0, 0x40, 0x21,
-        0xFA, 0xCE, 0x6B, 0xAB, 0x5D, 0x49, 0xD8, 0xD7,
-        0xBC, 0x9A, 0x66, 0xC2, 0xBA, 0x3F, 0xDC, 0x49,
-        0x0D, 0xA5, 0x5C, 0xB4, 0x67, 0x08, 0x38, 0xEB,
-        0x2D, 0x07, 0x24, 0x5B, 0xB1, 0x22, 0x7B, 0x02,
-        0x4A, 0x8A, 0x53, 0x38, 0xE9, 0x42, 0x8E, 0xA5,
-        0x57, 0x41, 0xD6, 0x71, 0xA7, 0x9D, 0x6A, 0x14,
-        0xD2, 0x7D, 0x13, 0xFB, 0x59, 0xD0, 0xDA, 0xE5,
-        0x23, 0x9E, 0x1B, 0xC4, 0x21, 0x87, 0xBB, 0x78,
-        0xE0, 0x38, 0x01, 0x1D, 0xA0, 0xD1, 0x36, 0x3F,
-        0xD0, 0xA7, 0x8F, 0x86, 0x26, 0x1E, 0xB0, 0x26,
-        0xDE, 0x7E, 0x17, 0x3A, 0x90, 0xFC, 0xC0, 0x17,
-        0xDD, 0x78, 0xF5, 0xA3, 0x2D, 0x3E, 0x29, 0xCE,
-        0x38, 0x45, 0x76, 0xA9, 0x55, 0x11, 0xB6, 0xB4,
-        0xE5, 0x6E, 0xDD, 0x01, 0x4B, 0x16, 0x07, 0x99,
-        0xBD, 0x19, 0x77, 0xF5, 0xD7, 0x9E, 0x39, 0x9E,
-        0xAA, 0x8E, 0x2B, 0x75, 0xC5, 0xEB, 0x33, 0x56,
-        0x6C, 0xD8, 0xB6, 0x3F, 0x3F, 0x4E, 0x81, 0x7E,
-        0x29, 0x0A, 0x68, 0xED, 0x1E, 0x9F, 0xDC, 0x6B,
-        0xFA, 0x18, 0xE3, 0xE5, 0x7D, 0x05, 0x7F, 0x22,
-        0xFA, 0xA2, 0xF6, 0x0F, 0xB6, 0x34, 0x56, 0x72,
-        0x55, 0x16, 0x5E, 0xF4, 0x18, 0xD1, 0x82, 0xFA,
-        0xDD, 0xF7, 0xB8, 0x9F, 0x7D, 0x30, 0x10, 0x69,
-        0xC4, 0x85, 0xD8, 0xE8, 0x34, 0x89, 0xD4, 0x93,
-        0xBE, 0x56, 0xEE, 0xDC, 0x43, 0xD4, 0x82, 0x00,
-        0xFD, 0x1E, 0x2B, 0x06, 0x69, 0x07, 0x1B, 0xBF,
-        0x33, 0x61, 0x39, 0x28, 0xCA, 0x31, 0x91, 0x0B,
-        0xF2, 0xEA, 0x32, 0x8E, 0xA8, 0x64, 0x13, 0x9A,
-        0xEF, 0x79, 0x1A, 0x9A, 0xBE, 0x52, 0x13, 0x32,
-        0x49, 0x93, 0x7D, 0xA8, 0x8C, 0x48, 0xD4, 0xC0,
-        0x1D, 0x10, 0x8A, 0x46, 0x85, 0xAD, 0x29, 0xDF,
-        0x2E, 0xCD, 0x41, 0x83, 0x82, 0x01, 0x28, 0x44,
-        0x0E, 0xE5, 0x37, 0x8D, 0x6B, 0xCA, 0x61, 0x98,
-        0xDE, 0x89, 0xA9, 0x7B, 0xBB, 0x44, 0x48, 0xA2,
-        0x8D, 0x82, 0x3A, 0x57, 0x40, 0x60, 0x7C, 0x6E,
-        0x69, 0x98, 0x98, 0x93, 0xFA, 0x7E, 0x29, 0x9A,
-        0x74, 0x53, 0xD8, 0xDC, 0xB3, 0x4B, 0xDB, 0x7E,
-        0xFE, 0x95, 0xB0, 0xC7, 0x23, 0x14, 0xEF, 0xCB,
-        0x49, 0x3C, 0x09, 0xD7, 0x7B, 0xD0, 0x11, 0x9B,
-        0xAC, 0xF2, 0xC2, 0x2E, 0x7C, 0xCB, 0xCD, 0x59,
-        0x7F, 0x6A, 0x09, 0xFE, 0xFE, 0xDF, 0xA0, 0xA7,
-        0xAC, 0x3C, 0x90, 0xBA, 0x75, 0x19, 0xF4, 0x01,
-        0x60, 0x56, 0xD5, 0xFB, 0x41, 0x2B, 0xA0, 0x2D,
-        0x0D, 0x45, 0xCF, 0xF3, 0xA6, 0x3D, 0x36, 0xEE,
-        0xE1, 0xE4, 0x68, 0xE6, 0xEA, 0x2F, 0x67, 0x3A,
-        0x7A, 0x02, 0x92, 0x6B, 0xB3, 0x18, 0xBA, 0x73,
-        0xEE, 0x1B, 0x2C, 0x13, 0x7D, 0xEF, 0x4A, 0x39,
-        0xE8, 0x03, 0xFF, 0x57, 0x35, 0x53, 0xE9, 0xA5,
-        0xC6, 0xAA, 0x1A, 0x17, 0x21, 0xCA, 0x54, 0x38,
-        0x7C, 0xB1, 0xDF, 0xB8, 0xFA, 0x7D, 0xA7, 0x26,
-        0xB2, 0xAE, 0x7A, 0x05, 0x45, 0x3B, 0x40, 0x0A,
-        0x19, 0xE5, 0x32, 0x52, 0x78, 0x9D, 0xC3, 0x20,
-        0x63, 0x24, 0xB2, 0x58, 0x4B, 0x86, 0x1F, 0x00,
-        0xA2, 0x50, 0xF9, 0x9F, 0xD9, 0xDC, 0x7D, 0x51,
-        0x3D, 0xD7, 0xA6, 0x5A, 0x04, 0x03, 0x4E, 0xB3,
-        0x3D, 0x2D, 0x56, 0xA4, 0x96, 0xB3, 0x6A, 0xBA,
-        0x0A, 0x30, 0x08, 0xE3, 0x0F, 0xC1, 0x38, 0x24,
-        0x88, 0x5D, 0x9E, 0x6F, 0x68, 0x1A, 0x7D, 0xB6,
-        0x2D, 0xDD, 0xE3, 0x50, 0x1B, 0xD4, 0x07, 0x75,
-        0xE2, 0xE2, 0xCC, 0x09, 0xCC, 0x8E, 0x4E, 0x67,
-        0x02, 0x72, 0x02, 0xA8, 0x11, 0x70, 0xA5, 0x7F,
-        0x4A, 0xC1, 0x98, 0xC1, 0x7F, 0xBF, 0x95, 0xBB,
-        0xCE, 0xD3, 0x6D, 0x49, 0x30, 0xB9, 0x50, 0x8C,
-        0xFA, 0x3E, 0x8B, 0xF6, 0xE5, 0x54, 0xE9, 0x1B,
-        0xD7, 0xD6, 0xE5, 0x32, 0x33, 0xBB, 0x91, 0xAD,
-        0xC8, 0x15, 0x76, 0x1A, 0x04, 0x35, 0xDE, 0xCC,
-        0xE1, 0x67, 0x26, 0x4C, 0x2F, 0x4E, 0x34, 0x34,
-        0x3D, 0x1E, 0x5A, 0xF7, 0xBC, 0xE6, 0x0C, 0x9B,
-        0x7B, 0x7E, 0xE5, 0xDF, 0x72, 0x9A, 0x0D, 0xDD,
-        0x4B, 0xE6, 0x6F, 0x82, 0xFB, 0x5E, 0x2C, 0xC0,
-        0x7B, 0x03, 0x85, 0x76, 0x11, 0x0E, 0xFD, 0xC7,
-        0xD5, 0x50, 0x26, 0xBE, 0x75, 0x5E, 0xC1, 0xF0,
-        0x2E, 0x47, 0x62, 0xD6, 0xF1, 0xDA, 0xDF, 0xF4,
-        0x1C, 0xEE, 0x63, 0x52, 0xC4, 0x45, 0x37, 0xE6,
-        0x85, 0xA5, 0x0A, 0x07, 0x54, 0x63, 0x21, 0x7B,
-        0x92, 0xF7, 0x33, 0x0C, 0xD9, 0x29, 0xCF, 0xE3,
-        0xAB, 0xB5, 0xFC, 0xAA, 0x26, 0x20, 0x93, 0x55,
-        0x8A, 0x07, 0x33, 0xB2, 0x7D, 0x95, 0x02, 0x7A,
-        0x76, 0x9E, 0x7D, 0xBB, 0xC1, 0xF3, 0x6E, 0x84,
-        0x10, 0x30, 0x4B, 0x5D, 0x59, 0x73, 0x68, 0xEC,
-        0x2A, 0x63, 0x2D, 0x46, 0xE8, 0xC2, 0xF8, 0xEA,
-        0x2B, 0xC4, 0x4F, 0xA7, 0x6E, 0xF4, 0x74, 0xEB,
-        0x96, 0xA3, 0x64, 0x40, 0x9B, 0x23, 0x63, 0x42,
-        0x4B, 0x8F, 0x85, 0x00, 0x43, 0x04, 0xAD, 0x61,
-        0x76, 0x93, 0xBD, 0xC3, 0x88, 0xC3, 0xFC, 0x29,
-        0x61, 0xBD, 0xB1, 0x5A, 0x1F, 0x5B, 0x20, 0xEF,
-        0x95, 0xED, 0x99, 0x84, 0x96, 0xB2, 0x93, 0x81,
-        0x82, 0xFF, 0xE3, 0xB9, 0x27, 0xEA, 0x9A, 0x23,
-        0xF6, 0x42, 0x8D, 0xD3, 0x5C, 0x86, 0x11, 0xC8,
-        0x39, 0xE3, 0x16, 0xE9, 0xA5, 0x32, 0x7C, 0xC9,
-        0xEA, 0x82, 0x50, 0x9B, 0x21, 0x5C, 0xC9, 0x66,
-        0xBE, 0x1C, 0x78, 0x48, 0xEF, 0x39, 0x2D, 0xA1,
-        0xC6, 0xF3, 0x69, 0xA3, 0x36, 0x25, 0x3A, 0xA1,
-        0x15, 0x2B, 0x6D, 0xCF, 0xDA, 0xA7, 0xCA, 0xDD,
-        0x4D, 0x9A, 0x1D, 0x58, 0x9F, 0x73, 0xD3, 0xEF,
-        0x0F, 0xBF, 0x03, 0x88, 0x2F, 0xDE, 0xB9, 0x44,
-        0xB5, 0xB6, 0xCF, 0xE2, 0x6F, 0x6A, 0xB5, 0x12,
-        0x38, 0x29, 0x55, 0x8C, 0x4C, 0x73, 0x6F, 0x0B,
-        0x68, 0x7A, 0xC7, 0x06, 0x83, 0x80, 0xFE, 0x7F,
-        0x61, 0xBE, 0x6B, 0x40, 0xE3, 0xF0, 0x4D, 0x7B,
-        0x36, 0x82, 0x0F, 0xD8, 0x63, 0x29, 0xB3, 0x10,
-        0x9D, 0x02, 0xEC, 0x63, 0x90, 0xEA, 0xFC, 0x8C,
-        0xA7, 0x30, 0x56, 0x2B, 0x68, 0x08, 0x24, 0x24,
-        0xFD, 0xA9, 0x8D, 0x0B, 0x64, 0xBC, 0x97, 0x34,
-        0xB4, 0x0B, 0x63, 0xF7, 0xE3, 0x7A, 0xF6, 0x89,
-        0x0A, 0xF7, 0xC2, 0xD9, 0x2F, 0x79, 0xEE, 0xA3,
-        0xCC, 0xEA, 0xC6, 0x0A, 0x6F, 0x38, 0x06, 0x92,
-        0xF8, 0x02, 0xB1, 0x55, 0x6A, 0x78, 0xFE, 0x55,
-        0x83, 0xFF, 0x20, 0xA9, 0xC6, 0xA7, 0xBF, 0xCC,
-        0x86, 0x3A, 0x9E, 0x7B, 0x62, 0x01, 0x4D, 0x16,
-        0x05, 0xDE, 0x89, 0x4F, 0xB5, 0x85, 0xE2, 0xD4,
-        0xF9, 0x41, 0x15, 0xE0, 0x29, 0xE5, 0x85, 0x7E,
-        0x6A, 0x0A, 0x73, 0x89, 0x27, 0x5F, 0x53, 0x0D,
-        0x3D, 0x80, 0xCF, 0xAB, 0x1F, 0x22, 0x5D, 0x38,
-        0x33, 0x5D, 0x24, 0x67, 0x91, 0x97, 0xD4, 0x8A,
-        0x01, 0x8A, 0x34, 0x18, 0x7D, 0xE3, 0xBC, 0xCE,
-        0xDE, 0x94, 0xFF, 0x8E, 0xC5, 0x34, 0xC0, 0x2D,
-        0xA7, 0x24, 0xD4, 0x59, 0x8D, 0x66, 0x9E, 0x85,
-        0xA9, 0xC6, 0x0E, 0x45, 0x21, 0x4F, 0xAA, 0x65,
-        0x44, 0xD6, 0xA4, 0x7D, 0x1C, 0x4E, 0xD7, 0x40,
-        0x9D, 0x55, 0xB1, 0xA7, 0xF1, 0x15, 0xAE, 0x15,
-        0x44, 0x3A, 0x1C, 0x31, 0x06, 0x40, 0xD1, 0x16,
-        0x23, 0x84, 0x93, 0xEF, 0x3E, 0xE2, 0x87, 0x9B,
-        0xB8, 0x46, 0x1F, 0x7D, 0x68, 0x73, 0x64, 0x70,
-        0xD4, 0xB5, 0x73, 0xAE, 0x45, 0x49, 0x93, 0xF5,
-        0x32, 0x30, 0x1E, 0x35, 0xCB, 0x9E, 0xEE, 0xDF,
-        0xFE, 0xA8, 0x2F, 0xAC, 0x49, 0x77, 0x53, 0xF7,
-        0x50, 0x19, 0xF2, 0xB3, 0xB0, 0x2C, 0x70, 0xB6,
-        0x4A, 0x57, 0x95, 0x31, 0xC3, 0x26, 0x07, 0x2A,
-        0xCF, 0x1B, 0xD0, 0xAA, 0xA0, 0x9F, 0x0A, 0x97,
-        0x8B, 0x78, 0xAB, 0x22, 0xBD, 0x61, 0x19, 0xF8,
-        0x8D, 0xD2, 0xD5, 0x72, 0xF8, 0x91, 0x9D, 0x47,
-        0x4F, 0x59, 0x1D, 0xAE, 0x9F, 0xCE, 0x47, 0x53,
-        0xC9, 0x85, 0xFB, 0x25, 0x04, 0x25, 0xF2, 0x65,
-        0x61, 0xFF, 0xA9, 0x44, 0x3F, 0x23, 0x76, 0x68,
-        0x9F, 0xEB, 0x48, 0xC4, 0xCE, 0x51, 0x46, 0x04,
-        0x52, 0x6A, 0x10, 0x0A, 0xF3, 0x3F, 0x0D, 0x43,
-        0x37, 0xD1, 0x60, 0x42, 0x22, 0xC4, 0xD9, 0xF9,
-        0x3A, 0x8E, 0x69, 0xE4, 0xCC, 0xD3, 0x66, 0x69,
-        0x09, 0x0C, 0x5D, 0xFB, 0x0E, 0x95, 0x49, 0x42,
-        0x29, 0xFF, 0x9B, 0x20, 0xCC, 0xB1, 0xAC, 0x81,
-        0xB8, 0x1A, 0x36, 0xD6, 0x3A, 0x85, 0x0D, 0xDB,
-        0x33, 0x33, 0x4D, 0xAA, 0x51, 0x46, 0xBF, 0x36,
-        0xFE, 0x18, 0x80, 0x1E, 0x3B, 0xEB, 0xD0, 0xE9,
-        0x1B, 0x5E, 0x1C, 0xFE, 0x7A, 0x98, 0x26, 0x85,
-        0x0A, 0xF4, 0x39, 0x7D, 0x1B, 0x07, 0xD3, 0xB7,
-        0x19, 0xE5, 0x7B, 0xB8, 0x32, 0xAF, 0x42, 0x34,
-        0xC0, 0xCD, 0x9F, 0xD4, 0x0B, 0x88, 0x2F, 0xCE,
-        0xDA, 0x93, 0x7E, 0xF9, 0xA2, 0xDA, 0x24, 0x59,
-        0x2B, 0xCB, 0x5D, 0x1B, 0xE8, 0x3E, 0xC5, 0xF0,
-        0x3D, 0xBD, 0xFB, 0xCB, 0x33, 0x5D, 0x90, 0xD5,
-        0xC8, 0xA0, 0x2E, 0xE5, 0x3D, 0x50, 0x8E, 0xB5,
-        0xDE, 0x4A, 0x96, 0x1B, 0x95, 0x8F, 0x75, 0x1E,
-        0x5F, 0x89, 0xA1, 0xD2, 0x88, 0x95, 0xA3, 0xDB,
-        0x7B, 0x62, 0xEF, 0x4A, 0xE1, 0x6D, 0x28, 0xFB,
-        0x78, 0x9B, 0x32, 0x03, 0xAD, 0x24, 0x63, 0xD6,
-        0xEA, 0xB8, 0x3A, 0x6D, 0x20, 0xCE, 0xA1, 0x31,
-        0x4A, 0xE0, 0x2A, 0x3F, 0xF6, 0xF6, 0x53, 0x15,
-        0x4A, 0xE1, 0x44, 0x23, 0x81, 0x86, 0x21, 0x47,
-        0x41, 0xC2, 0x36, 0x14, 0x81, 0x83, 0xBC, 0x39,
-        0xAE, 0xDF, 0x44, 0xDA, 0x97, 0xF7, 0x31, 0xCE,
-        0x3D, 0xCB, 0x61, 0xA4, 0xCF, 0xE1, 0x4F, 0x9E,
-        0x84, 0xAA, 0x05, 0xAB, 0x1C, 0x1B, 0x95, 0x1D,
-        0x20, 0x15, 0x52, 0x33, 0xFA, 0xFA, 0xF1, 0x6C,
-        0xF1, 0xBD, 0x0B, 0xAF, 0xE1, 0x99, 0xE6, 0x5D,
-        0x56, 0x34, 0x53, 0xBF, 0xE5, 0x5D, 0x5F, 0x47,
-        0x4A, 0xB1, 0x05, 0x94, 0xD7, 0x38, 0xA8, 0xC1,
-        0x06, 0x28, 0x8D, 0x69, 0xD0, 0x7A, 0x16, 0x88,
-        0x60, 0x14, 0x63, 0xF3, 0xBD, 0x21, 0x46, 0x81,
-        0x9C, 0x83, 0x72, 0x6D, 0x14, 0xC6, 0xA8, 0x08,
-        0x39, 0xB8, 0x79, 0x0B, 0x57, 0x16, 0xE7, 0x72,
-        0xF6, 0xC2, 0x4C, 0x2B, 0xEB, 0x7E, 0x2C, 0xF3,
-        0x7B, 0x3F, 0x42, 0xAC, 0xDD, 0x47, 0x3E, 0x8C,
-        0xCD, 0xBE, 0x48, 0x4D, 0x6E, 0x07, 0xB0, 0x73,
-        0xDE, 0xCB, 0x17, 0x4A, 0xC3, 0xB8, 0xBB, 0x2E,
-        0xF5, 0x4E, 0x6D, 0xF9, 0xE0, 0x20, 0x71, 0xFA,
-        0x60, 0x0A, 0xE5, 0x59, 0x67, 0xEB, 0x6F, 0x70,
-        0x2F, 0x71, 0x91, 0x59, 0xF0, 0xEB, 0x06, 0x5C,
-        0xC4, 0x60, 0x48, 0xE8, 0x75, 0xE7, 0xCF, 0x42,
-        0x71, 0xAD, 0x2E, 0xDA, 0xF9, 0x10, 0x82, 0x9A,
-        0xF6, 0x13, 0xBA, 0x89, 0xFC, 0x61, 0x2A, 0x00,
-        0xFD, 0xAE, 0x53, 0x7B, 0x09, 0x3A, 0xE8, 0xCB,
-        0xE6, 0xB7, 0x0D, 0x03, 0x01, 0xFA, 0x2E, 0x13,
-        0xA9, 0x16, 0x38, 0x1C, 0x92, 0xEC, 0xB4, 0x51,
-        0xA3, 0x6E, 0x3F, 0xA8, 0xB7, 0x37, 0x36, 0x20,
-        0xC0, 0x71, 0xA3, 0x05, 0x34, 0xED, 0xCB, 0x4A,
-        0x3F, 0x11, 0x31, 0x17, 0xA5, 0x02, 0xD6, 0xA7,
-        0x2D, 0xE6, 0xC7, 0x7B, 0xBB, 0xF6, 0xAE, 0x99,
-        0x85, 0x9A, 0xAC, 0xE6, 0x4A, 0x92, 0x8C, 0x37,
-        0x4B, 0xD2, 0xC4, 0x65, 0x2A, 0xC9, 0x7E, 0xB7,
-        0x44, 0xD2, 0x9A, 0x70, 0xCE, 0xA9, 0xA1, 0x9D,
-        0x70, 0x13, 0x49, 0x7B, 0xCA, 0xB6, 0x96, 0x31,
-        0x43, 0x3F, 0x9E, 0xD1, 0xFE, 0x20, 0xF8, 0x0B,
-        0x59, 0x83, 0xE1, 0x28, 0x8B, 0xB6, 0xA2, 0xBE,
-        0x91, 0x54, 0x3E, 0xD4, 0x79, 0x28, 0xBB, 0x5E,
-        0x46, 0x2D, 0x01, 0xE9, 0xC0, 0xB7, 0xFF, 0xFA,
-        0xC0, 0x6C, 0x10, 0xF1, 0x52, 0xF4, 0x3C, 0x32,
-        0x9E, 0x89, 0xDF, 0x8A, 0x79, 0x99, 0x6A, 0x09,
-        0x79, 0x8A, 0x36, 0x76, 0x40, 0xBE, 0x9F, 0xB5,
-        0x3D, 0xCE, 0x27, 0xBD, 0x0B, 0xAA, 0x9B, 0xF0,
-        0x21, 0xBF, 0x10, 0xD2, 0xFC, 0xFE, 0x5B, 0x13,
-        0xFD, 0x7D, 0x84, 0xD1, 0xC1, 0xEB, 0xC0, 0xBC,
-        0xEC, 0x26, 0xD0, 0x87, 0x80, 0xD1, 0x3B, 0x99,
-        0x47, 0x67, 0x26, 0x61, 0xE0, 0xFA, 0x5F, 0xAE,
-        0x6F, 0x31, 0x5B, 0x6D, 0xE4, 0x01, 0x68, 0xC2,
-        0x35, 0x1D, 0xE3, 0x1F, 0x41, 0xFF, 0x6C, 0x53,
-        0x32, 0x26, 0xE1, 0xBC, 0xE3, 0xF8, 0xE2, 0x16,
-        0xAF, 0x3B, 0xE6, 0x4C, 0x69, 0x33, 0x72, 0xA0,
-        0x66, 0xB1, 0x75, 0xF7, 0x26, 0xCF, 0xCD, 0x64,
-        0x2B, 0xAE, 0x98, 0x02, 0x92, 0xC1, 0xCB, 0x65,
-        0xE0, 0x1F, 0x07, 0x29, 0x64, 0x0A, 0xB0, 0x09,
-        0xCB, 0x98, 0x89, 0x2D, 0x6C, 0xFE, 0x40, 0x03,
-        0x34, 0x55, 0xDE, 0xE7, 0x30, 0x33, 0xB6, 0xD5,
-        0xE1, 0x9C, 0x59, 0x9F, 0x8A, 0x40, 0x0E, 0xB1,
-        0x41, 0x52, 0x7D, 0xF2, 0xBB, 0xDD, 0xEF, 0x50,
-        0xBB, 0xD5, 0xFB, 0x55, 0xAA, 0x5E, 0xFD, 0xB3,
-        0x5D, 0x08, 0x56, 0x9B, 0x02, 0x97, 0xE2, 0x48,
-        0x14, 0x69, 0xF1, 0x7B, 0x87, 0xB5, 0x08, 0x93,
-        0x6A, 0x9C, 0x5C, 0x11, 0x08, 0x9A, 0xE9, 0xE4,
-        0xB0, 0xCA, 0xC5, 0x74, 0x93, 0x93, 0xC8, 0x03,
-        0xE4, 0x70, 0x39, 0xF5, 0x1B, 0x5C, 0xBD, 0x42,
-        0xA6, 0xC9, 0xE1, 0x9E, 0xC3, 0xF6, 0x3C, 0x23,
-        0x32, 0xE8, 0x77, 0x68, 0xA9, 0x60, 0xFA, 0x02,
-        0x18, 0x6B, 0x7A, 0x2B, 0x02, 0x92, 0x65, 0x09,
-        0x11, 0x46, 0x73, 0x04, 0x63, 0xDF, 0x8B, 0x37,
-        0x5F, 0x24, 0xAA, 0x83, 0xBD, 0xD4, 0x1D, 0x13,
-        0x04, 0xFC, 0x2F, 0xB5, 0x2D, 0xA1, 0x0F, 0x1F,
-        0xED, 0x65, 0x29, 0x08, 0xCF, 0x8C, 0x52, 0x8F,
-        0xB2, 0x62, 0x5F, 0x39, 0x3F, 0xC8, 0xC7, 0xB3,
-        0x3F, 0xAD, 0x45, 0xBA, 0xD4, 0x7D, 0x38, 0x3D,
-        0x2C, 0x04, 0xCF, 0x32, 0xE8, 0x07, 0x42, 0x5F,
-        0x93, 0xD2, 0x35, 0x07, 0x21, 0xB7, 0xB2, 0xF5,
-        0x96, 0x64, 0x8E, 0xB5, 0xE1, 0x38, 0x6B, 0x43,
-        0xD1, 0x2E, 0xFD, 0xDB, 0x8F, 0xE2, 0x43, 0x6A,
-        0xEC, 0x27, 0x8E, 0xE7, 0x68, 0x75, 0xB5, 0x23,
-        0xC5, 0x43, 0x1D, 0x99, 0x48, 0x57, 0x73, 0xD9,
-        0xAD, 0xBC, 0xD0, 0x14, 0xDD, 0x87, 0xBC, 0x68,
-        0xFB, 0x82, 0xEE, 0x47, 0x4B, 0x22, 0xA5, 0x43,
-        0x3A, 0xF9, 0xF9, 0x91, 0xFC, 0x34, 0xB2, 0x58,
-        0x34, 0xDF, 0x13, 0x09, 0x9A, 0x46, 0xF5, 0x68,
-        0xAF, 0xD1, 0x15, 0x5F, 0x32, 0x1B, 0x9D, 0xA9,
-        0xE9, 0xC0, 0x63, 0x47, 0xAB, 0x3C, 0x1F, 0x59,
-        0xF7, 0xEA, 0x0E, 0xD6, 0xCF, 0x47, 0xB3, 0xE9,
-        0xAF, 0x65, 0x7A, 0xA7, 0xAE, 0x9B, 0xF8, 0x26,
-        0x0B, 0x96, 0x9D, 0xE4, 0xAD, 0x24, 0xD3, 0xA8,
-        0xCE, 0x95, 0xE5, 0x77, 0xD0, 0x44, 0x13, 0x05,
-        0x06, 0x4E, 0x07, 0xB9, 0xA2, 0xC7, 0x5C, 0x3C,
-        0x43, 0x80, 0x1F, 0xCE, 0xB7, 0x36, 0xFE, 0x3D,
-        0x27, 0x1B, 0xE1, 0xF3, 0x6B, 0xFF, 0xC8, 0xE4,
-        0x3D, 0xB1, 0x4A, 0x16, 0x24, 0x76, 0xBA, 0xEA,
-        0x9D, 0x34, 0x6B, 0x52, 0x11, 0xAB, 0xD0, 0x06,
-        0x08, 0xB1, 0x5A, 0xF3, 0xB5, 0xE6, 0x3A, 0x00,
-        0xFF, 0x92, 0x8D, 0x1E, 0xA1, 0xA1, 0x8D, 0x75,
-        0xFA, 0x7C, 0x6C, 0x1B, 0x0F, 0xB6, 0x27, 0x2E,
-        0x55, 0xC3, 0xFE, 0x7E, 0x4D, 0x42, 0x05, 0xE5,
-        0xCF, 0x0A, 0x1F, 0x87, 0x18, 0x30, 0x4E, 0x14,
-        0xF2, 0xB4, 0xCC, 0x54, 0x3D, 0x04, 0x37, 0x34,
-        0x1A, 0x4A, 0x31, 0x16, 0x01, 0xA9, 0x2E, 0x92,
-        0x56, 0x6B, 0x7D, 0xFB, 0x42, 0x64, 0xE8, 0x70,
-        0xE1, 0xB3, 0xA8, 0x75, 0xED, 0xBC, 0x00, 0x3A,
-        0x56, 0x19, 0x70, 0xCF, 0x8A, 0x66, 0x9F, 0x3D,
-        0x1B, 0x69, 0x28, 0x8C, 0xC6, 0xE3, 0x59, 0xCE,
-        0x28, 0xCA, 0x65, 0xF9, 0xDA, 0xE8, 0xCE, 0xCA,
-        0x74, 0x3C, 0x1C, 0x8D, 0x9F, 0xFB, 0x55, 0x08,
-        0x82, 0x4A, 0x83, 0x61, 0xE3, 0x3B, 0x43, 0x1A,
-        0x2E, 0x9E, 0x9A, 0x99, 0x78, 0x47, 0xD2, 0xE6,
-        0xE4, 0x3C, 0x83, 0xF0, 0x22, 0x62, 0xE2, 0x94,
-        0x6D, 0xF7, 0x72, 0x6D, 0x54, 0xE3, 0xE6, 0xC9,
-        0xCC, 0xDB, 0x6D, 0x3F, 0x13, 0x63, 0x46, 0xC1,
-        0x1E, 0x59, 0x42, 0xE7, 0xA1, 0xBF, 0x85, 0x0C,
-        0x2E, 0x99, 0xB4, 0xFA, 0xCE, 0x75, 0xFD, 0x40,
-        0x88, 0x69, 0x33, 0x90, 0x7C, 0xCD, 0xFC, 0x0D,
-        0xE1, 0x17, 0x70, 0x20, 0x31, 0x94, 0x1D, 0x00,
-        0x1E, 0x2A, 0x68, 0x3C, 0x55, 0x78, 0xFD, 0x33,
-        0x54, 0x21, 0x2C, 0xEA, 0xD9, 0x69, 0xBF, 0x1C,
-        0x81, 0x23, 0x9E, 0xEC, 0xC7, 0x74, 0xFD, 0x0B,
-        0x88, 0x3D, 0x0E, 0xEE, 0x82, 0x4B, 0x10, 0xB8,
-        0x79, 0xCF, 0x70, 0x7C, 0xB2, 0x68, 0x47, 0x45,
-        0x22, 0x06, 0x1E, 0x92, 0x7B, 0x12, 0x43, 0x24,
-        0x41, 0x15, 0xC6, 0x69, 0xE9, 0xEB, 0x27, 0x2B,
-        0x60, 0xA6, 0x44, 0xF5, 0x19, 0xEF, 0xEC, 0x06,
-        0x34, 0x08, 0xB6, 0x58, 0x47, 0x2E, 0x91, 0x61,
-        0xA1, 0xF7, 0x44, 0xFD, 0x66, 0x16, 0x9F, 0x0C,
-        0xAE, 0x36, 0xB4, 0x2E, 0x23, 0x79, 0xCB, 0xE8,
-        0x1E, 0x6E, 0x51, 0xA0, 0xF5, 0x34, 0x15, 0x18,
-        0x4E, 0xA0, 0x06, 0xB2, 0x27, 0x0B, 0x33, 0xE2,
-        0xCA, 0x36, 0x4C, 0xDB, 0x33, 0xAA, 0xAE, 0x77,
-        0xFF, 0xD9, 0x53, 0xDB, 0x39, 0x70, 0x4D, 0x49,
-        0x0C, 0xE9, 0xAC, 0x6F, 0x2D, 0xD1, 0xC7, 0xA1,
-        0x8E, 0x61, 0x74, 0x19, 0xA9, 0xAA, 0xFB, 0x37,
-        0xE7, 0x23, 0x9B, 0x23, 0x6A, 0x4B, 0x74, 0xCE,
-        0x63, 0xE4, 0xA0, 0xAD, 0xFF, 0x85, 0x5D, 0xCD,
-        0x78, 0xF6, 0x45, 0x8E, 0x76, 0x0B, 0xFD, 0x1D,
-        0x2A, 0xB9, 0x5E, 0x83, 0xC0, 0x3B, 0x6F, 0xAE,
-        0x0C, 0xD3, 0xC5, 0xCE, 0xEE, 0xEE, 0x1C, 0x69,
-        0x51, 0x59, 0x65, 0xA3, 0x35, 0xFC, 0xF7, 0x8E,
-        0x80, 0xAA, 0x73, 0x93, 0x39, 0x54, 0x21, 0x27,
-        0x17, 0x0B, 0x2C, 0x3E, 0xE1, 0x0B, 0x0E, 0xAA,
-        0x09, 0x9A, 0xC7, 0xAD, 0x4C, 0xD7, 0x6E, 0x7F,
-        0xE4, 0xC1, 0x16, 0x4E, 0x62, 0xF4, 0xE5, 0x80,
-        0x7D, 0xC0, 0x06, 0x1F, 0x77, 0xE4, 0xA8, 0xA5,
-        0x28, 0xD7, 0x10, 0x37, 0x59, 0x30, 0xCB, 0x75,
-        0x5B, 0x28, 0xBF, 0xFD, 0x92, 0x8C, 0xB0, 0x7B,
-        0xB4, 0xA1, 0x07, 0xCD, 0xCA, 0xBB, 0x30, 0x8A,
-        0x48, 0x65, 0x0D, 0xA4, 0xE5, 0x74, 0xD9, 0xBF,
-        0x56, 0x07, 0xF5, 0x83, 0xDA, 0xC3, 0x40, 0xD7,
-        0x20, 0x93, 0xEF, 0xB1, 0x2B, 0xBF, 0x93, 0x41,
-        0x0F, 0x1E, 0xF5, 0xC9, 0x51, 0x6C, 0x74, 0x4D,
-        0x23, 0x15, 0xEC, 0x9E, 0x00, 0x0A, 0x8D, 0xC5,
-        0xD1, 0x7A, 0x7B, 0x6F, 0x0D, 0x07, 0x9D, 0x78,
-        0x4B, 0x6D, 0x90, 0x19, 0x3F, 0x6E, 0x3E, 0xE7,
-        0xEA, 0x0E, 0xAB, 0xFC, 0x6F, 0x68, 0xC5, 0x2B,
-        0x37, 0xCB, 0xCE, 0x82, 0x18, 0xAF, 0xA3, 0x67,
-        0x0A, 0x80, 0xBC, 0x17, 0xB9, 0x5D, 0x7B, 0x40,
-        0x53, 0x62, 0x26, 0x35, 0x8F, 0x04, 0xAC, 0xD9,
-        0x2A, 0x1B, 0xE1, 0x5B, 0x26, 0xA4, 0xE5, 0x81,
-        0x7E, 0x62, 0x8B, 0xA6, 0x79, 0xB3, 0x52, 0x72,
-        0x03, 0xCD, 0x36, 0x32, 0x62, 0x8E, 0xC8, 0x3A,
-        0xA4, 0xF2, 0x18, 0x6D, 0x2F, 0x00, 0x5D, 0x5D,
-        0xFE, 0x6F, 0x7F, 0xDB, 0x4F, 0xED, 0xAC, 0x9E,
-        0x89, 0xD6, 0x66, 0xE3, 0x03, 0xBB, 0x56, 0x83,
-        0x06, 0x15, 0x6C, 0x56, 0xF0, 0x95, 0x34, 0xE2,
-        0x5C, 0x61, 0x9A, 0xB3, 0xB9, 0x50, 0x18, 0xF4,
-        0x89, 0x6B, 0xAC, 0xAA, 0x48, 0x34, 0xF6, 0xD2,
-        0xD8, 0xFE, 0x14, 0xA9, 0x38, 0xAA, 0x10, 0xE5,
-        0x30, 0x54, 0xF0, 0x00, 0x84, 0x44, 0xAC, 0x2E,
-        0xEA, 0x25, 0x38, 0xC1, 0x23, 0x0E, 0x6A, 0x18,
-        0xC9, 0x2B, 0x01, 0xD9, 0x14, 0x7F, 0xDC, 0xEF,
-        0xC9, 0xC8, 0xDA, 0xC1, 0xD4, 0xEC, 0xC8, 0xCF,
-        0x1F, 0x96, 0x2E, 0xFA, 0x1B, 0x8C, 0xD3, 0xC9,
-        0x69, 0x00, 0x0B, 0x7E, 0xBA, 0xC5, 0x98, 0xDC,
-        0xA4, 0x5E, 0xB4, 0x0B, 0xCF, 0xB1, 0x98, 0x51,
-        0x48, 0x38, 0x51, 0xCF, 0x34, 0x0F, 0x3E, 0x8C,
-        0x23, 0x7A, 0x9E, 0xFF, 0x1C, 0x9F, 0x21, 0xE4,
-        0x97, 0x55, 0x41, 0xC6, 0x1A, 0x8F, 0xEF, 0x2A,
-        0xC6, 0x05, 0x7F, 0x59, 0xDC, 0xB2, 0x3A, 0x80,
-        0xE8, 0x06, 0x10, 0xCD, 0x85, 0xDB, 0x20, 0x3C,
-        0x35, 0xD2, 0x4B, 0xC8, 0x2B, 0x9C, 0xD7, 0x82,
-        0x46, 0xF5, 0x9F, 0xEB, 0xB2, 0x48, 0x32, 0xD7,
-        0xCD, 0x66, 0x4C, 0x99, 0x51, 0x88, 0xE0, 0x28,
-        0x1C, 0xD7, 0x86, 0x79, 0x00, 0xDC, 0x0D, 0xF4,
-        0x4D, 0x40, 0x90, 0x80, 0x26, 0x8B, 0x79, 0xE9,
-        0x56, 0x82, 0x88, 0x5F, 0x22, 0x87, 0x70, 0x73,
-        0x4F, 0xA5, 0x35, 0x18, 0xEC, 0x80, 0xCE, 0x23,
-        0x06, 0xCE, 0x14, 0x48, 0x52, 0x4E, 0xF0, 0x18,
-        0x43, 0x03, 0xD4, 0x50, 0xC7, 0x6E, 0xA6, 0x3B,
-        0x73, 0x3E, 0xB0, 0xC8, 0xDC, 0x48, 0xBF, 0x12,
-        0x42, 0x3A, 0xD2, 0x38, 0x89, 0xCF, 0xCD, 0xD8,
-        0x91, 0xE5, 0x95, 0x00, 0x47, 0x24, 0x0D, 0xC0,
-        0xC3, 0x8A, 0xB2, 0xDB, 0xC1, 0x65, 0xB8, 0x1E,
-        0x63, 0x10, 0x02, 0xEA, 0x6F, 0x74, 0x11, 0x9E,
-        0x27, 0xF9, 0xF8, 0x60, 0x73, 0xBF, 0x2D, 0xF7,
-        0x10, 0x81, 0x86, 0x76, 0x98, 0x0C, 0x4C, 0xB6,
-        0xBD, 0x53, 0xF9, 0xA5, 0x72, 0x17, 0x78, 0xB8,
-        0x9F, 0x59, 0xC6, 0x8C, 0x89, 0x35, 0xF5, 0x03,
-        0x1C, 0x8A, 0x93, 0x36, 0x7D, 0x71, 0x70, 0x57,
-        0xFD, 0x4D, 0x5E, 0xFA, 0xBE, 0xDE, 0x70, 0x2C,
-        0xC6, 0x45, 0xEF, 0xB6, 0xD7, 0xF4, 0x4C, 0x86,
-        0x0F, 0xFF, 0x76, 0x37, 0xAA, 0xD9, 0x72, 0x24,
-        0x8C, 0x84, 0x4D, 0x15, 0x13, 0x39, 0x20, 0x07,
-        0x38, 0x91, 0xC3, 0x13, 0x5D, 0x29, 0x78, 0x68,
-        0xB7, 0xDA, 0x86, 0xF0, 0x97, 0xD8, 0xFB, 0x39,
-        0xC1, 0x3B, 0xA1, 0x4C, 0x4F, 0x24, 0x75, 0x16,
-        0xAB, 0xA4, 0xC5, 0xF8, 0xCE, 0x38, 0x18, 0x48,
-        0x2C, 0x8F, 0xF6, 0x0C, 0xCA, 0x51, 0xFD, 0xB2,
-        0xCE, 0xE9, 0x6B, 0xC1, 0x13, 0x8D, 0xC0, 0x4A,
-        0x86, 0xF8, 0x57, 0x72, 0x75, 0x91, 0xAA, 0xE6,
-        0xF8, 0x7C, 0x30, 0x05, 0x9B, 0x3E, 0x81, 0xB6,
-        0x80, 0x55, 0xB2, 0x4E, 0xA2, 0xFA, 0x98, 0x36,
-        0x86, 0x49, 0x8B, 0xFC, 0x9D, 0x9E, 0x7D, 0x59,
-        0x50, 0x79, 0xEB, 0x64, 0x6E, 0x85, 0xB2, 0x12,
-        0xCE, 0xDD, 0x21, 0xD0, 0x08, 0x7E, 0x0F, 0x2A,
-        0xF6, 0x63, 0xEB, 0x77, 0x2A, 0x98, 0x47, 0xB1,
-        0xDF, 0x21, 0x97, 0xAF, 0x13, 0x62, 0x6B, 0x89,
-        0x7C, 0x24, 0x63, 0x7A, 0xF5, 0xBF, 0xE8, 0x18,
-        0x16, 0xA8, 0xC9, 0x0D, 0x30, 0x48, 0x37, 0x5B,
-        0x69, 0x94, 0x97, 0x14, 0x3E, 0x57, 0x71, 0x85,
-        0xA7, 0x0E, 0x11, 0x50, 0x58, 0xA3, 0xA9, 0x11,
-        0x2B, 0x2C, 0x43, 0x51, 0xB6, 0xCA, 0xD0, 0x09,
-        0x28, 0x2B, 0x4F, 0x7C, 0xB8, 0xBD, 0xFC, 0x28,
-        0x57, 0x77, 0xD7, 0xDF, 0xE8, 0xF5, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x03, 0x06, 0x0B, 0x11, 0x17,
-        0x1F, 0x27, 0x2E
-
-    };
-#endif
-
-    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ExpectNotNull(key);
-
-    if (key != NULL) {
-        XMEMSET(key, 0, sizeof(*key));
-    }
-
-    ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0);
-#ifndef WOLFSSL_NO_ML_DSA_44
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
-    ExpectIntEQ(wc_dilithium_import_public(pk_44, (word32)sizeof(pk_44), key),
-        0);
-    ExpectIntEQ(wc_dilithium_verify_msg(sig_44, (word32)sizeof(sig_44), msg_44,
-        (word32)sizeof(msg_44), &res, key), 0);
-    ExpectIntEQ(res, 1);
-#endif
-#ifndef WOLFSSL_NO_ML_DSA_65
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
-    ExpectIntEQ(wc_dilithium_import_public(pk_65, (word32)sizeof(pk_65), key),
-        0);
-    ExpectIntEQ(wc_dilithium_verify_msg(sig_65, (word32)sizeof(sig_65), msg_65,
-        (word32)sizeof(msg_65), &res, key), 0);
-    ExpectIntEQ(res, 1);
-#endif
-#ifndef WOLFSSL_NO_ML_DSA_87
-    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
-    ExpectIntEQ(wc_dilithium_import_public(pk_87, (word32)sizeof(pk_87), key),
-        0);
-    ExpectIntEQ(wc_dilithium_verify_msg(sig_87, (word32)sizeof(sig_87), msg_87,
-        (word32)sizeof(msg_87), &res, key), 0);
-    ExpectIntEQ(res, 1);
-#endif
-
-    wc_dilithium_free(key);
-    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
 
 /*
  * Testing wc_SetSubjectBuffer
@@ -37932,7 +15050,7 @@ static int test_wc_SetSubjectBuffer(void)
 
     ExpectIntEQ(wc_InitCert(&cert), 0);
     ExpectIntEQ(wc_SetSubjectBuffer(&cert, der, (int)derSz), 0);
-    ExpectIntEQ(wc_SetSubjectBuffer(NULL, der, (int)derSz), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_SetSubjectBuffer(NULL, der, (int)derSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
@@ -37948,7 +15066,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex(void)
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
     WC_RNG      rng;
     Cert        cert;
-#if !defined(NO_RSA) && defined(HAVE_RSA)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     RsaKey      rsaKey;
     int         bits = 2048;
 #endif
@@ -37971,7 +15089,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex(void)
 
     ExpectIntEQ(wc_InitCert(&cert), 0);
 
-#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     /* RSA */
     XMEMSET(&rsaKey, 0, sizeof(RsaKey));
     ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0);
@@ -38030,7 +15148,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex(void)
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
     WC_RNG      rng;
     Cert        cert;
-#if !defined(NO_RSA) && defined(HAVE_RSA)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     RsaKey      rsaKey;
     int         bits = 2048;
 #endif
@@ -38053,7 +15171,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex(void)
 
     ExpectIntEQ(wc_InitCert(&cert), 0);
 
-#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     /* RSA */
     XMEMSET(&rsaKey, 0, sizeof(RsaKey));
     ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0);
@@ -38129,7 +15247,7 @@ static int test_wc_PKCS7_Init(void)
 
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
     /* Pass in bad args. */
-    ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_PKCS7_Free(pkcs7);
 #endif
@@ -38286,9 +15404,9 @@ static int test_wc_PKCS7_InitWithCert(void)
 
         /* Pass in bad args. No need free for null checks, free at end.*/
         ExpectIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #ifdef HAVE_ECC
         ExpectIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey,
@@ -38408,10 +15526,10 @@ static int test_wc_PKCS7_EncodeData(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
-                                                            BAD_FUNC_ARG);
+                                                            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
-                                                            BAD_FUNC_ARG);
-    ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), BUFFER_E);
+                                                            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), WC_NO_ERR_TRACE(BUFFER_E));
 
     wc_PKCS7_Free(pkcs7);
 #endif
@@ -38489,6 +15607,7 @@ typedef struct encodeSignedDataStream {
     byte out[FOURK_BUF*3];
     int  idx;
     word32 outIdx;
+    word32 chunkSz; /* max amount of data to be returned */
 } encodeSignedDataStream;
 
 
@@ -38499,8 +15618,8 @@ static int GetContentCB(PKCS7* pkcs7, byte** content, void* ctx)
     encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
 
     if (strm->outIdx  < pkcs7->contentSz) {
-        ret = (pkcs7->contentSz > strm->outIdx + FOURK_BUF)?
-                FOURK_BUF : pkcs7->contentSz - strm->outIdx;
+        ret = (pkcs7->contentSz > strm->outIdx + strm->chunkSz)?
+                strm->chunkSz : pkcs7->contentSz - strm->outIdx;
         *content = strm->out + strm->outIdx;
         strm->outIdx += ret;
     }
@@ -38537,6 +15656,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
     word32 badOutSz = 0;
     byte   data[] = "Test data to encode.";
 #ifndef NO_RSA
+    int    encryptOid = RSAk;
     #if defined(USE_CERT_BUFFERS_2048)
         byte        key[sizeof(client_key_der_2048)];
         byte        cert[sizeof(client_cert_der_2048)];
@@ -38579,6 +15699,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
             XFCLOSE(fp);
     #endif
 #elif defined(HAVE_ECC)
+    int    encryptOid = ECDSAk;
     #if defined(USE_CERT_BUFFERS_256)
         unsigned char    cert[sizeof(cliecc_cert_der_256)];
         unsigned char    key[sizeof(ecc_clikey_der_256)];
@@ -38626,7 +15747,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         pkcs7->contentSz = (word32)sizeof(data);
         pkcs7->privateKey = key;
         pkcs7->privateKeySz = (word32)sizeof(key);
-        pkcs7->encryptOID = RSAk;
+        pkcs7->encryptOID = encryptOid;
     #ifdef NO_SHA
         pkcs7->hashOID = SHA256h;
     #else
@@ -38643,13 +15764,20 @@ static int test_wc_PKCS7_EncodeSignedData(void)
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
 
-#ifdef ASN_BER_TO_DER
+#if defined(ASN_BER_TO_DER) && !defined(NO_RSA)
     wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
 
     /* reinitialize and test setting stream mode */
     {
-        int signedSz = 0;
+        int signedSz = 0, i;
         encodeSignedDataStream strm;
+        static const int numberOfChunkSizes = 4;
+        static const word32 chunkSizes[] = { 4080, 4096, 5000, 9999 };
+        /* chunkSizes were chosen to test around the default 4096 octet string
+         * size used in pkcs7.c */
+
+        XMEMSET(&strm, 0, sizeof(strm));
 
         ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
         ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
@@ -38661,7 +15789,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
             pkcs7->contentSz = (word32)sizeof(data);
             pkcs7->privateKey = key;
             pkcs7->privateKeySz = (word32)sizeof(key);
-            pkcs7->encryptOID = RSAk;
+            pkcs7->encryptOID = encryptOid;
         #ifdef NO_SHA
             pkcs7->hashOID = SHA256h;
         #else
@@ -38672,7 +15800,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
         ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
         ExpectIntEQ(wc_PKCS7_SetStreamMode(NULL, 1, NULL, NULL, NULL),
-            BAD_FUNC_ARG);
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 1);
 
         ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, output,
@@ -38684,40 +15812,50 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
 
         /* use exact signed buffer size since BER encoded */
-        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)signedSz), 0);
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output,
+            (word32)signedSz), 0);
         wc_PKCS7_Free(pkcs7);
 
         /* now try with using callbacks for IO */
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+        for (i = 0; i < numberOfChunkSizes; i++) {
+            strm.idx    = 0;
+            strm.outIdx = 0;
+            strm.chunkSz = chunkSizes[i];
 
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
 
-        if (pkcs7 != NULL) {
-            pkcs7->contentSz  = FOURK_BUF*2;
-            pkcs7->privateKey = key;
-            pkcs7->privateKeySz = (word32)sizeof(key);
-            pkcs7->encryptOID = RSAk;
-        #ifdef NO_SHA
-            pkcs7->hashOID = SHA256h;
-        #else
-            pkcs7->hashOID = SHAh;
-        #endif
-            pkcs7->rng = &rng;
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+            if (pkcs7 != NULL) {
+                pkcs7->contentSz  = 10000;
+                pkcs7->privateKey = key;
+                pkcs7->privateKeySz = (word32)sizeof(key);
+                pkcs7->encryptOID = encryptOid;
+            #ifdef NO_SHA
+                pkcs7->hashOID = SHA256h;
+            #else
+                pkcs7->hashOID = SHAh;
+            #endif
+                pkcs7->rng = &rng;
+            }
+            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
+                StreamOutputCB, (void*)&strm), 0);
+
+            ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, NULL, 0),
+                0);
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
+
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+            /* use exact signed buffer size since BER encoded */
+            ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out,
+                (word32)signedSz), 0);
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
         }
-        XMEMSET(&strm, 0, sizeof(strm));
-        ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
-            StreamOutputCB, (void*)&strm), 0);
-
-        ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, NULL, 0), 0);
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-        /* use exact signed buffer size since BER encoded */
-        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out, (word32)signedSz), 0);
     }
 #endif
 #ifndef NO_PKCS7_STREAM
@@ -38736,7 +15874,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         for (z = 0; z < outputSz && ret != 0; z++) {
             ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
             if (ret < 0){
-                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
             }
         }
         ExpectIntEQ(ret, 0);
@@ -38748,15 +15886,15 @@ static int test_wc_PKCS7_EncodeSignedData(void)
 
     /* Pass in bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
-                                badOutSz), BAD_FUNC_ARG);
+                                badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->hashOID = 0; /* bad hashOID */
     }
     ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
     !defined(NO_RSA) && !defined(NO_SHA256)
@@ -38789,167 +15927,6 @@ static int test_wc_PKCS7_EncodeSignedData(void)
     return EXPECT_RESULT();
 } /* END test_wc_PKCS7_EncodeSignedData */
 
-static int test_wc_PKCS7_EncodeSignedData_absent(void)
-{
-        EXPECT_DECLS;
-#if defined(HAVE_PKCS7)
-    PKCS7* pkcs7 = NULL;
-    WC_RNG rng;
-    byte   output[FOURK_BUF];
-    word32 outputSz = (word32)sizeof(output);
-    int withParamsLen = 0;
-    int withoutParamsLen = 0;
-    byte   data[] = "Test data to encode.";
-#ifndef NO_RSA
-    #if defined(USE_CERT_BUFFERS_2048)
-        byte        key[sizeof(client_key_der_2048)];
-        byte        cert[sizeof(client_cert_der_2048)];
-        word32      keySz = (word32)sizeof(key);
-        word32      certSz = (word32)sizeof(cert);
-        XMEMSET(key, 0, keySz);
-        XMEMSET(cert, 0, certSz);
-        XMEMCPY(key, client_key_der_2048, keySz);
-        XMEMCPY(cert, client_cert_der_2048, certSz);
-    #elif defined(USE_CERT_BUFFERS_1024)
-        byte        key[sizeof_client_key_der_1024];
-        byte        cert[sizeof(sizeof_client_cert_der_1024)];
-        word32      keySz = (word32)sizeof(key);
-        word32      certSz = (word32)sizeof(cert);
-        XMEMSET(key, 0, keySz);
-        XMEMSET(cert, 0, certSz);
-        XMEMCPY(key, client_key_der_1024, keySz);
-        XMEMCPY(cert, client_cert_der_1024, certSz);
-    #else
-        unsigned char   cert[ONEK_BUF];
-        unsigned char   key[ONEK_BUF];
-        XFILE           fp = XBADFILE;
-        int             certSz;
-        int             keySz;
-
-        ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
-            fp), 0);
-        if (fp != XBADFILE) {
-            XFCLOSE(fp);
-            fp = XBADFILE;
-        }
-
-        ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
-            0);
-        if (fp != XBADFILE)
-            XFCLOSE(fp);
-    #endif
-#elif defined(HAVE_ECC)
-    #if defined(USE_CERT_BUFFERS_256)
-        unsigned char    cert[sizeof(cliecc_cert_der_256)];
-        unsigned char    key[sizeof(ecc_clikey_der_256)];
-        int              certSz = (int)sizeof(cert);
-        int              keySz = (int)sizeof(key);
-        XMEMSET(cert, 0, certSz);
-        XMEMSET(key, 0, keySz);
-        XMEMCPY(cert, cliecc_cert_der_256, certSz);
-        XMEMCPY(key, ecc_clikey_der_256, keySz);
-    #else
-        unsigned char   cert[ONEK_BUF];
-        unsigned char   key[ONEK_BUF];
-        XFILE           fp = XBADFILE;
-        int             certSz;
-        int             keySz;
-
-        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp), 0);
-        if (fp != XBADFILE) {
-            XFCLOSE(fp);
-            fp = XBADFILE;
-        }
-
-        ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(keySz = (int)XFREAD(key, 1, ONEK_BUF, fp), 0);
-        if (fp != XBADFILE)
-            XFCLOSE(fp);
-    #endif
-#endif
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    XMEMSET(output, 0, outputSz);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    /* First generate and verify with NULL params */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
-
-    if (pkcs7 != NULL) {
-        pkcs7->content = data;
-        pkcs7->contentSz = (word32)sizeof(data);
-        pkcs7->privateKey = key;
-        pkcs7->privateKeySz = (word32)sizeof(key);
-        pkcs7->encryptOID = RSAk;
-    #ifdef NO_SHA
-        pkcs7->hashOID = SHA256h;
-    #else
-        pkcs7->hashOID = SHAh;
-    #endif
-        pkcs7->rng = &rng;
-    }
-
-    withParamsLen = wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz);
-    ExpectIntGT(withParamsLen, 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, withParamsLen), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    XMEMSET(output, 0, outputSz);
-
-    /* Now generate again without params */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
-
-    if (pkcs7 != NULL) {
-        pkcs7->content = data;
-        pkcs7->contentSz = (word32)sizeof(data);
-        pkcs7->privateKey = key;
-        pkcs7->privateKeySz = (word32)sizeof(key);
-        pkcs7->encryptOID = RSAk;
-    #ifdef NO_SHA
-        pkcs7->hashOID = SHA256h;
-    #else
-        pkcs7->hashOID = SHAh;
-    #endif
-        pkcs7->rng = &rng;
-        pkcs7->hashParamsAbsent = TRUE;
-    }
-
-    withoutParamsLen = wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz);
-    ExpectIntGT(withoutParamsLen, 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, withoutParamsLen), 0);
-
-    /* Both are valid PKCS7 with non-zero len, ensure without is shorter */
-    ExpectIntLT(withoutParamsLen, withParamsLen);
-
-    wc_PKCS7_Free(pkcs7);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-
-#endif
-    return EXPECT_RESULT();
-}
 
 /*
  * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex()
@@ -39148,7 +16125,7 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
         for (z = 0; z < outputSz && ret != 0; z++) {
             ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
             if (ret < 0){
-                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
             }
         }
         ExpectIntEQ(ret, 0);
@@ -39166,55 +16143,55 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
 
     /* Pass in bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
-        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
-        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
-        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
-        &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, NULL, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        outputHead, NULL, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, NULL, &outputFootSz), BAD_FUNC_ARG);
+        outputHead, &outputHeadSz, NULL, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, outputFoot, NULL), BAD_FUNC_ARG);
+        outputHead, &outputHeadSz, outputFoot, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->hashOID = 0; /* bad hashOID */
     }
     ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
+        outputHead, &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_PKCS7_STREAM
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 #else
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), BUFFER_E);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BUFFER_E));
 #endif
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
-        outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_PKCS7_STREAM
     /* can pass in 0 buffer length with streaming API */
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, 0, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
+        outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 #else
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, 0, outputFoot, outputFootSz), BAD_FUNC_ARG);
+        outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, NULL, outputFootSz), BAD_FUNC_ARG);
+        outputHead, outputHeadSz, NULL, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_PKCS7_STREAM
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, outputFoot, 0), WC_PKCS7_WANT_READ_E);
+        outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 #else
     ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, outputFoot, 0), BUFFER_E);
+        outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(BUFFER_E));
 #endif
 
     wc_PKCS7_Free(pkcs7);
@@ -39643,7 +16620,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -39716,16 +16693,16 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz),
-                                          BAD_FUNC_ARG);
+                                          WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz),
-                                          BAD_FUNC_ARG);
+                                          WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #ifndef NO_PKCS7_STREAM
         /* can pass in 0 buffer length with streaming API */
         ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
-                                    badOutSz), WC_PKCS7_WANT_READ_E);
+                                    badOutSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
     #else
         ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
-                                    badOutSz), BAD_FUNC_ARG);
+                                    badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #endif
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
@@ -39744,7 +16721,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
         pkcs7->contentSz = sizeof(badContent);
     }
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
-                SIG_VERIFY_E);
+                WC_NO_ERR_TRACE(SIG_VERIFY_E));
 
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
@@ -39760,14 +16737,14 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     ret = -1;
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-        if (ret == WC_PKCS7_WANT_READ_E){
+        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
             continue;
         }
         else if (ret < 0) {
             break;
         }
     }
-    ExpectIntEQ(ret, SIG_VERIFY_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E));
     ExpectIntNE(pkcs7->contentSz, 0);
     ExpectNotNull(pkcs7->contentDynamic);
     wc_PKCS7_Free(pkcs7);
@@ -39799,7 +16776,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -39843,7 +16820,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -39888,7 +16865,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
                     chunkSz;
                 rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz);
                 if (rc < 0 ) {
-                    if (rc == WC_PKCS7_WANT_READ_E) {
+                    if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
                         i += sz;
                         continue;
                     }
@@ -39898,7 +16875,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
                     break;
                 }
             }
-            ExpectIntEQ(rc, PKCS7_SIGNEEDS_CHECK);
+            ExpectIntEQ(rc, WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK));
             wc_PKCS7_Free(pkcs7);
             pkcs7 = NULL;
         }
@@ -39913,7 +16890,7 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
                     chunkSz;
                 rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz);
                 if (rc < 0 ) {
-                    if (rc == WC_PKCS7_WANT_READ_E) {
+                    if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
                         i += sz;
                         continue;
                     }
@@ -39923,12 +16900,13 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
                     break;
                 }
             }
-            ExpectIntEQ(rc, ASN_PARSE_E);
+            ExpectIntEQ(rc, WC_NO_ERR_TRACE(ASN_PARSE_E));
             wc_PKCS7_Free(pkcs7);
             pkcs7 = NULL;
         }
 
-        XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
+        if (buf != NULL)
+            XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
     }
 #endif /* BER and stream */
 #endif
@@ -39984,7 +16962,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -40007,7 +16985,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
         pkcs7->contentSz = sizeof(badContent);
     }
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
-        SIG_VERIFY_E);
+        WC_NO_ERR_TRACE(SIG_VERIFY_E));
     wc_PKCS7_Free(pkcs7);
     pkcs7 = NULL;
 
@@ -40023,14 +17001,14 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     ret = -1;
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-        if (ret == WC_PKCS7_WANT_READ_E){
+        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
             continue;
         }
         else if (ret < 0) {
             break;
         }
     }
-    ExpectIntEQ(ret, SIG_VERIFY_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E));
     ExpectIntNE(pkcs7->contentSz, 0);
     ExpectNotNull(pkcs7->contentDynamic);
     wc_PKCS7_Free(pkcs7);
@@ -40062,7 +17040,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -40109,7 +17087,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
     for (z = 0; z < outputSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -40227,6 +17205,95 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
 #endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */
 
 
+#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
+#define MAX_TEST_DECODE_SIZE 6000
+static int test_wc_PKCS7_DecodeEnvelopedData_stream_decrypt_cb(wc_PKCS7* pkcs7,
+    const byte* output, word32 outputSz, void* ctx) {
+     WOLFSSL_BUFFER_INFO* out = (WOLFSSL_BUFFER_INFO*)ctx;
+
+    if (out == NULL) {
+        return -1;
+    }
+
+    if (outputSz + out->length > MAX_TEST_DECODE_SIZE) {
+        printf("Example buffer size needs increased");
+    }
+
+    /* printf("Decoded in %d bytes\n", outputSz);
+     * for (word32 z = 0; z < outputSz; z++) printf("%02X", output[z]);
+     * printf("\n");
+    */
+
+    XMEMCPY(out->buffer + out->length, output, outputSz);
+    out->length += outputSz;
+
+    (void)pkcs7;
+    return 0;
+}
+#endif /* HAVE_PKCS7 && ASN_BER_TO_DER */
+
+/*
+ * Testing wc_PKCS7_DecodeEnvelopedData with streaming
+ */
+static int test_wc_PKCS7_DecodeEnvelopedData_stream(void)
+{
+#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
+    EXPECT_DECLS;
+    PKCS7*      pkcs7 = NULL;
+    int ret = 0;
+    XFILE f = XBADFILE;
+    const char* testStream = "./certs/test-stream-dec.p7b";
+    byte testStreamBuffer[100];
+    size_t testStreamBufferSz = 0;
+    byte decodedData[MAX_TEST_DECODE_SIZE]; /* large enough to hold result of decode, which is ca-cert.pem */
+    WOLFSSL_BUFFER_INFO out;
+
+    out.length = 0;
+    out.buffer = decodedData;
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
+        sizeof_client_cert_der_2048), 0);
+
+    ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)client_key_der_2048,
+        sizeof_client_key_der_2048), 0);
+    ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL,
+        test_wc_PKCS7_DecodeEnvelopedData_stream_decrypt_cb, (void*)&out), 0);
+
+    ExpectTrue((f = XFOPEN(testStream, "rb")) != XBADFILE);
+    if (EXPECT_SUCCESS()) {
+        do {
+            testStreamBufferSz = XFREAD(testStreamBuffer, 1,
+                sizeof(testStreamBuffer), f);
+            if (testStreamBufferSz == 0) {
+                break;
+            }
+
+            ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, testStreamBuffer,
+                (word32)testStreamBufferSz, NULL, 0);
+            if (testStreamBufferSz < sizeof(testStreamBuffer)) {
+                break;
+            }
+        } while (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+    #ifdef NO_DES3
+        ExpectIntEQ(ret, ALGO_ID_E);
+    #else
+        ExpectIntGT(ret, 0);
+    #endif
+    }
+
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+
+    wc_PKCS7_Free(pkcs7);
+    return EXPECT_RESULT();
+#else
+    return TEST_SKIPPED;
+#endif
+} /* END test_wc_PKCS7_DecodeEnvelopedData_stream() */
+
 /*
  * Testing wc_PKCS7_EncodeEnvelopedData()
  */
@@ -40462,6 +17529,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
 
         if (i == 0) {
             XMEMSET(&strm, 0, sizeof(strm));
+            strm.chunkSz = FOURK_BUF;
             ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
                 StreamOutputCB, (void*)&strm), 0);
             encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, 0);
@@ -40476,23 +17544,23 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
         #ifndef NO_DES3
             case DES3b:
             case DESb:
-                ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
                 break;
         #endif
         #ifdef HAVE_AESCCM
         #ifdef WOLFSSL_AES_128
             case AES128CCMb:
-                ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
                 break;
         #endif
         #ifdef WOLFSSL_AES_192
             case AES192CCMb:
-                ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
                 break;
         #endif
         #ifdef WOLFSSL_AES_256
             case AES256CCMb:
-                ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
                 break;
         #endif
         #endif
@@ -40561,24 +17629,24 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
 
     /* Test bad args. */
     ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
-                    (word32)sizeof(output)), BAD_FUNC_ARG);
+                    (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
-                    (word32)sizeof(output)), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), BAD_FUNC_ARG);
+                    (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Decode.  */
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG);
+        (word32)sizeof(output), NULL, (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), decoded, 0), BAD_FUNC_ARG);
+        (word32)sizeof(output), decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
-        (word32)sizeof(decoded)), BAD_FUNC_ARG);
+        (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
 #if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
     /* only a failure for KARI test cases */
@@ -40589,11 +17657,11 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
     #if defined(WOLFSSL_ASN_TEMPLATE)
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BUFFER_E);
+        WC_NO_ERR_TRACE(BUFFER_E));
     #else
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
     #endif
     if (pkcs7 != NULL) {
         pkcs7->singleCertSz = tempWrd32;
@@ -40607,11 +17675,11 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
      * is returned from kari parse which gets set to bad func arg */
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #else
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
     #endif
   #endif /* !NO_RSA */
     if (pkcs7 != NULL) {
@@ -40625,7 +17693,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
 
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->privateKeySz = tempWrd32;
 
@@ -40634,7 +17702,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
     }
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
         (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->privateKey = tmpBytePtr;
     }
@@ -40844,60 +17912,60 @@ static int test_wc_PKCS7_EncodeEncryptedData(void)
     }
 
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
-        sizeof(encrypted)),BAD_FUNC_ARG);
+        sizeof(encrypted)),WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        0), BAD_FUNC_ARG);
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Testing the struct. */
     if (pkcs7 != NULL) {
         tmpBytePtr = pkcs7->content;
         pkcs7->content = NULL;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->content = tmpBytePtr;
         tmpWrd32 = pkcs7->contentSz;
         pkcs7->contentSz = 0;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->contentSz = tmpWrd32;
         tmpInt = pkcs7->encryptOID;
         pkcs7->encryptOID = 0;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->encryptOID = tmpInt;
         tmpBytePtr = pkcs7->encryptionKey;
         pkcs7->encryptionKey = NULL;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->encryptionKey = tmpBytePtr;
         tmpWrd32 = pkcs7->encryptionKeySz;
         pkcs7->encryptionKeySz = 0;
     }
     ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), BAD_FUNC_ARG);
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->encryptionKeySz = tmpWrd32;
     }
 
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, (word32)encryptedSz,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, (word32)encryptedSz,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
-        NULL, sizeof(decoded)), BAD_FUNC_ARG);
+        NULL, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
-        decoded, 0), BAD_FUNC_ARG);
+        decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* Test struct fields */
 
     if (pkcs7 != NULL) {
@@ -40905,13 +17973,13 @@ static int test_wc_PKCS7_EncodeEncryptedData(void)
         pkcs7->encryptionKey = NULL;
     }
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     if (pkcs7 != NULL) {
         pkcs7->encryptionKey = tmpBytePtr;
         pkcs7->encryptionKeySz = 0;
     }
     ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
-        decoded, sizeof(decoded)), BAD_FUNC_ARG);
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_PKCS7_Free(pkcs7);
 #endif
@@ -40958,7 +18026,7 @@ static int test_wc_PKCS7_Degenerate(void)
     for (z = 0; z < derSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -40975,7 +18043,7 @@ static int test_wc_PKCS7_Degenerate(void)
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
     wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz),
-        PKCS7_NO_SIGNER_E);
+        WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E));
 
     #ifndef NO_PKCS7_STREAM
     wc_PKCS7_Free(pkcs7);
@@ -40989,13 +18057,13 @@ static int test_wc_PKCS7_Degenerate(void)
     ret = -1;
     for (z = 0; z < derSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
-        if (ret == WC_PKCS7_WANT_READ_E){
+        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
             continue;
         }
         else
             break;
     }
-    ExpectIntEQ(ret, PKCS7_NO_SIGNER_E);
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E));
     #endif /* !NO_PKCS7_STREAM */
 
     wc_PKCS7_Free(pkcs7);
@@ -41214,10 +18282,10 @@ static int test_wc_PKCS7_BER(void)
     byte   decoded[2048];
 #endif
     word32 derSz = 0;
-#ifndef NO_PKCS7_STREAM
+#if !defined(NO_PKCS7_STREAM) && !defined(NO_RSA)
     word32 z;
     int ret;
-#endif /* !NO_PKCS7_STREAM */
+#endif /* !NO_PKCS7_STREAM && !NO_RSA */
 
     ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
     ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
@@ -41244,7 +18312,7 @@ static int test_wc_PKCS7_BER(void)
     for (z = 0; z < derSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -41283,14 +18351,14 @@ static int test_wc_PKCS7_BER(void)
 #ifndef NO_RSA
 #ifdef WOLFSSL_SP_MATH
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
-        sizeof(berContent), decoded, sizeof(decoded)), WC_KEY_SIZE_E);
+        sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
 #else
     ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
         sizeof(berContent), decoded, sizeof(decoded)), 0);
 #endif
 #else
     ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
-        sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN);
+        sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
     wc_PKCS7_Free(pkcs7);
 #endif /* !NO_DES3 */
@@ -41401,7 +18469,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
     /* Set no certs in bundle for this test. */
     if (pkcs7 != NULL) {
         ExpectIntEQ(wc_PKCS7_SetNoCerts(pkcs7, 1), 0);
-        ExpectIntEQ(wc_PKCS7_SetNoCerts(NULL, 1), BAD_FUNC_ARG);
+        ExpectIntEQ(wc_PKCS7_SetNoCerts(NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wc_PKCS7_GetNoCerts(pkcs7), 1);
     }
     ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
@@ -41412,7 +18480,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
     ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz),
-            PKCS7_SIGNEEDS_CHECK);
+            WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK));
 
     /* try verifying the signature manually */
     {
@@ -41451,7 +18519,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
     for (z = 0; z < sigSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -41516,7 +18584,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
     for (z = 0; z < sigSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -41556,7 +18624,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
     for (z = 0; z < decodedSz && ret != 0; z++) {
         ret = wc_PKCS7_VerifySignedData(pkcs7, decoded + z, 1);
         if (ret < 0){
-            ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
         }
     }
     ExpectIntEQ(ret, 0);
@@ -41566,6 +18634,36 @@ static int test_wc_PKCS7_signed_enveloped(void)
     pkcs7 = NULL;
 #endif /* !NO_PKCS7_STREAM */
 #endif
+
+    {
+        /* arbitrary custom SKID */
+        const byte customSKID[] = {
+            0x40, 0x25, 0x77, 0x56
+        };
+
+        ExpectIntEQ(wc_InitRng(&rng), 0);
+        sigSz = FOURK_BUF * 2;
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        if (pkcs7 != NULL) {
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+            pkcs7->content    = cert;
+            pkcs7->contentSz  = (word32)certSz;
+            pkcs7->contentOID = DATA;
+            pkcs7->privateKey   = key;
+            pkcs7->privateKeySz = (word32)keySz;
+            pkcs7->encryptOID   = RSAk;
+            pkcs7->hashOID      = SHA256h;
+            pkcs7->rng          = &rng;
+            ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
+            ExpectIntEQ(wc_PKCS7_SetCustomSKID(pkcs7, customSKID,
+                        sizeof(customSKID)), 0);
+            ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig,
+                (word32)sigSz)), 0);
+        }
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        wc_FreeRng(&rng);
+    }
 #endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
     return EXPECT_RESULT();
 }
@@ -41581,7 +18679,7 @@ static int test_wc_PKCS7_NoDefaultSignedAttribs(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
 
-    ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0);
 
     wc_PKCS7_Free(pkcs7);
@@ -41601,7 +18699,7 @@ static int test_wc_PKCS7_SetOriEncryptCtx(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
 
-    ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0);
 
     wc_PKCS7_Free(pkcs7);
@@ -41621,7 +18719,7 @@ static int test_wc_PKCS7_SetOriDecryptCtx(void)
     ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
     ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
 
-    ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0);
 
     wc_PKCS7_Free(pkcs7);
@@ -41729,7 +18827,7 @@ static int test_wc_i2d_PKCS12(void)
 
     ExpectNotNull(pkcs12 = wc_PKCS12_new());
     ExpectIntEQ(wc_d2i_PKCS12(der, (word32)derSz, pkcs12), 0);
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntEQ(outSz, derSz);
 
     outSz = derSz - 1;
@@ -41749,14 +18847,14 @@ static int test_wc_i2d_PKCS12(void)
     /* Run the same test but use wc_d2i_PKCS12_fp. */
     ExpectNotNull(pkcs12 = wc_PKCS12_new());
     ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntEQ(outSz, derSz);
     wc_PKCS12_free(pkcs12);
     pkcs12 = NULL;
 
     /* wc_d2i_PKCS12_fp can also allocate the PKCS12 object for the caller. */
     ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntEQ(outSz, derSz);
     wc_PKCS12_free(pkcs12);
     pkcs12 = NULL;
@@ -41765,299 +18863,6 @@ static int test_wc_i2d_PKCS12(void)
 }
 
 
-/* Testing wc_SignatureGetSize() for signature type ECC */
-static int test_wc_SignatureGetSize_ecc(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_SIG_WRAPPER) && defined(HAVE_ECC) && !defined(NO_ECC256)
-    enum wc_SignatureType sig_type;
-    word32 key_len;
-    ecc_key ecc;
-    const char* qx =
-        "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
-    const char* qy =
-        "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
-    const char* d =
-        "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
-
-    XMEMSET(&ecc, 0, sizeof(ecc_key));
-
-    ExpectIntEQ(wc_ecc_init(&ecc), 0);
-    ExpectIntEQ(wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"), 0);
-    /* Input for signature type ECC */
-    sig_type = WC_SIGNATURE_TYPE_ECC;
-    key_len = sizeof(ecc_key);
-    ExpectIntGT(wc_SignatureGetSize(sig_type, &ecc, key_len), 0);
-
-    /* Test bad args */
-    /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    sig_type = (enum wc_SignatureType) 100;
-    /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), BAD_FUNC_ARG);
-    sig_type = WC_SIGNATURE_TYPE_ECC;
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), 0);
-    key_len = (word32)0;
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_ecc_free(&ecc), 0);
-#endif /* !NO_SIG_WRAPPER && HAVE_ECC && !NO_ECC256 */
-    return EXPECT_RESULT();
-} /* END test_wc_SignatureGetSize_ecc() */
-
-/* Testing wc_SignatureGetSize() for signature type rsa */
-static int test_wc_SignatureGetSize_rsa(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_SIG_WRAPPER) && !defined(NO_RSA)
-    enum wc_SignatureType sig_type;
-    word32 key_len;
-    word32 idx = 0;
-    RsaKey rsa_key;
-    byte* tmp = NULL;
-    size_t bytes;
-
-    XMEMSET(&rsa_key, 0, sizeof(RsaKey));
-
-    #ifdef USE_CERT_BUFFERS_1024
-        bytes = (size_t)sizeof_client_key_der_1024;
-        if (bytes < (size_t)sizeof_client_key_der_1024)
-            bytes = (size_t)sizeof_client_cert_der_1024;
-    #elif defined(USE_CERT_BUFFERS_2048)
-        bytes = (size_t)sizeof_client_key_der_2048;
-        if (bytes < (size_t)sizeof_client_cert_der_2048)
-            bytes = (size_t)sizeof_client_cert_der_2048;
-    #else
-        bytes = FOURK_BUF;
-    #endif
-
-    ExpectNotNull(tmp = (byte*)XMALLOC(bytes, HEAP_HINT,
-        DYNAMIC_TYPE_TMP_BUFFER));
-    if (tmp != NULL) {
-    #ifdef USE_CERT_BUFFERS_1024
-        XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
-    #elif defined(USE_CERT_BUFFERS_2048)
-        XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
-    #elif !defined(NO_FILESYSTEM)
-        XFILE file = XBADFILE;
-        ExpectTrue((file = XFOPEN(clientKey, "rb")) != XBADFILE);
-        ExpectIntGT(bytes = (size_t)XFREAD(tmp, 1, FOURK_BUF, file), 0);
-        if (file != XBADFILE)
-            XFCLOSE(file);
-        }
-    #else
-        ExpectFail();
-    #endif
-    }
-
-    ExpectIntEQ(wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes), 0);
-    /* Input for signature type RSA */
-    sig_type = WC_SIGNATURE_TYPE_RSA;
-    key_len = sizeof(RsaKey);
-    ExpectIntGT(wc_SignatureGetSize(sig_type, &rsa_key, key_len), 0);
-
-    /* Test bad args */
-    /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    sig_type = (enum wc_SignatureType)100;
-    /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), BAD_FUNC_ARG);
-    sig_type = WC_SIGNATURE_TYPE_RSA;
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), BAD_FUNC_ARG);
-    key_len = (word32)0;
-    ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRsaKey(&rsa_key), 0);
-    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-#endif /* !NO_SIG_WRAPPER && !NO_RSA */
-    return EXPECT_RESULT();
-} /* END test_wc_SignatureGetSize_rsa(void) */
-
-/*----------------------------------------------------------------------------*
- | hash.h Tests
- *----------------------------------------------------------------------------*/
-
-static int test_wc_HashInit(void)
-{
-    EXPECT_DECLS;
-    int i;  /* 0 indicates tests passed, 1 indicates failure */
-
-    wc_HashAlg hash;
-
-    /* enum for holding supported algorithms, #ifndef's restrict if disabled */
-    enum wc_HashType enumArray[] = {
-    #ifndef NO_MD5
-        WC_HASH_TYPE_MD5,
-    #endif
-    #ifndef NO_SHA
-        WC_HASH_TYPE_SHA,
-    #endif
-    #ifdef WOLFSSL_SHA224
-        WC_HASH_TYPE_SHA224,
-    #endif
-    #ifndef NO_SHA256
-        WC_HASH_TYPE_SHA256,
-    #endif
-    #ifdef WOLFSSL_SHA384
-        WC_HASH_TYPE_SHA384,
-    #endif
-    #ifdef WOLFSSL_SHA512
-        WC_HASH_TYPE_SHA512,
-    #endif
-    };
-    /* dynamically finds the length */
-    int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
-
-    /* For loop to test various arguments... */
-    for (i = 0; i < enumlen; i++) {
-        /* check for bad args */
-        ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
-        wc_HashFree(&hash, enumArray[i]);
-
-        /* check for null ptr */
-        ExpectIntEQ(wc_HashInit(NULL, enumArray[i]), BAD_FUNC_ARG);
-
-    }  /* end of for loop */
-
-    return EXPECT_RESULT();
-}  /* end of test_wc_HashInit */
-/*
- * Unit test function for wc_HashSetFlags()
- */
-static int test_wc_HashSetFlags(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_HASH_FLAGS
-    wc_HashAlg hash;
-    word32 flags = 0;
-    int i, j;
-    int notSupportedLen;
-
-    /* enum for holding supported algorithms, #ifndef's restrict if disabled */
-    enum wc_HashType enumArray[] = {
-    #ifndef NO_MD5
-            WC_HASH_TYPE_MD5,
-    #endif
-    #ifndef NO_SHA
-            WC_HASH_TYPE_SHA,
-    #endif
-    #ifdef WOLFSSL_SHA224
-            WC_HASH_TYPE_SHA224,
-    #endif
-    #ifndef NO_SHA256
-            WC_HASH_TYPE_SHA256,
-    #endif
-    #ifdef WOLFSSL_SHA384
-            WC_HASH_TYPE_SHA384,
-    #endif
-    #ifdef WOLFSSL_SHA512
-            WC_HASH_TYPE_SHA512,
-    #endif
-    #ifdef WOLFSSL_SHA3
-            WC_HASH_TYPE_SHA3_224,
-    #endif
-    };
-    enum wc_HashType notSupported[] = {
-              WC_HASH_TYPE_MD5_SHA,
-              WC_HASH_TYPE_MD2,
-              WC_HASH_TYPE_MD4,
-              WC_HASH_TYPE_BLAKE2B,
-              WC_HASH_TYPE_BLAKE2S,
-              WC_HASH_TYPE_NONE,
-     };
-
-    /* dynamically finds the length */
-    int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
-
-    /* For loop to test various arguments... */
-    for (i = 0; i < enumlen; i++) {
-        ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
-        ExpectIntEQ(wc_HashSetFlags(&hash, enumArray[i], flags), 0);
-        ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-        ExpectIntEQ(wc_HashSetFlags(NULL, enumArray[i], flags), BAD_FUNC_ARG);
-        wc_HashFree(&hash, enumArray[i]);
-
-    }
-    /* For loop to test not supported cases */
-    notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
-    for (j = 0; j < notSupportedLen; j++) {
-        ExpectIntEQ(wc_HashInit(&hash, notSupported[j]), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_HashSetFlags(&hash, notSupported[j], flags),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_HashFree(&hash, notSupported[j]), BAD_FUNC_ARG);
-    }
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_HashSetFlags */
-/*
- * Unit test function for wc_HashGetFlags()
- */
-static int test_wc_HashGetFlags(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_HASH_FLAGS
-    wc_HashAlg hash;
-    word32 flags = 0;
-    int i, j;
-
-    /* enum for holding supported algorithms, #ifndef's restrict if disabled */
-    enum wc_HashType enumArray[] = {
-    #ifndef NO_MD5
-            WC_HASH_TYPE_MD5,
-    #endif
-    #ifndef NO_SHA
-            WC_HASH_TYPE_SHA,
-    #endif
-    #ifdef WOLFSSL_SHA224
-            WC_HASH_TYPE_SHA224,
-    #endif
-    #ifndef NO_SHA256
-            WC_HASH_TYPE_SHA256,
-    #endif
-    #ifdef WOLFSSL_SHA384
-            WC_HASH_TYPE_SHA384,
-    #endif
-    #ifdef WOLFSSL_SHA512
-            WC_HASH_TYPE_SHA512,
-    #endif
-    #ifdef WOLFSSL_SHA3
-            WC_HASH_TYPE_SHA3_224,
-    #endif
-    };
-    enum wc_HashType notSupported[] = {
-              WC_HASH_TYPE_MD5_SHA,
-              WC_HASH_TYPE_MD2,
-              WC_HASH_TYPE_MD4,
-              WC_HASH_TYPE_BLAKE2B,
-              WC_HASH_TYPE_BLAKE2S,
-              WC_HASH_TYPE_NONE,
-    };
-    int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
-    int notSupportedLen;
-
-    /* For loop to test various arguments... */
-    for (i = 0; i < enumlen; i++) {
-        ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
-        ExpectIntEQ(wc_HashGetFlags(&hash, enumArray[i], &flags), 0);
-        ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
-        ExpectIntEQ(wc_HashGetFlags(NULL, enumArray[i], &flags), BAD_FUNC_ARG);
-        wc_HashFree(&hash, enumArray[i]);
-    }
-    /* For loop to test not supported cases */
-    notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
-    for (j = 0; j < notSupportedLen; j++) {
-        ExpectIntEQ(wc_HashInit(&hash, notSupported[j]), BAD_FUNC_ARG);
-        ExpectIntEQ(wc_HashGetFlags(&hash, notSupported[j], &flags),
-            BAD_FUNC_ARG);
-        ExpectIntEQ(wc_HashFree(&hash, notSupported[j]), BAD_FUNC_ARG);
-    }
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_HashGetFlags */
-
-/*----------------------------------------------------------------------------*
- | Compatibility Tests
- *----------------------------------------------------------------------------*/
-
 /*----------------------------------------------------------------------------*
  | ASN.1 Tests
  *----------------------------------------------------------------------------*/
@@ -42067,6 +18872,8 @@ static int test_wolfSSL_ASN1_BIT_STRING(void)
     EXPECT_DECLS;
 #if !defined(NO_CERTS) && defined(OPENSSL_ALL)
     ASN1_BIT_STRING* str = NULL;
+    ASN1_BIT_STRING* str2 = NULL;
+    unsigned char* der = NULL;
 
     ExpectNotNull(str = ASN1_BIT_STRING_new());
     /* Empty data testing. */
@@ -42102,8 +18909,19 @@ static int test_wolfSSL_ASN1_BIT_STRING(void)
     ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 0), 1);
     ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 0);
 
+    ExpectIntEQ(i2d_ASN1_BIT_STRING(str, NULL), 14);
+    ExpectIntEQ(i2d_ASN1_BIT_STRING(str, &der), 14);
+#ifdef WOLFSSL_ASN_TEMPLATE
+    {
+        const unsigned char* tmp = der;
+        ExpectNotNull(d2i_ASN1_BIT_STRING(&str2, &tmp, 14));
+    }
+#endif
+
     ASN1_BIT_STRING_free(str);
+    ASN1_BIT_STRING_free(str2);
     ASN1_BIT_STRING_free(NULL);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
 #endif
     return EXPECT_RESULT();
 }
@@ -42137,7 +18955,7 @@ static int test_wolfSSL_ASN1_INTEGER(void)
     ASN1_INTEGER_free(a);
     a = NULL;
 
-    p = longDer;
+    p = invalidLenDer;
     ExpectNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer)));
 
     p = longDer;
@@ -42492,7 +19310,7 @@ static int test_wolfSSL_d2i_ASN1_INTEGER(void)
     /* Set a to valid value. */
     ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(a, 1), WOLFSSL_SUCCESS);
     /* NULL output buffer. */
-    ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 0);
+    ExpectIntEQ(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 3);
     wolfSSL_ASN1_INTEGER_free(a);
     a = NULL;
 
@@ -42560,54 +19378,54 @@ static int test_wolfSSL_a2i_ASN1_INTEGER(void)
     ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, NULL, -1), 0);
     ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, NULL, -1), 0);
     ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, tmp, -1), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, 1024), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, tmp, 1024), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, tmp, 1024), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, NULL, 1024), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, sizeof(tmp)), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, tmp, sizeof(tmp)), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, tmp, sizeof(tmp)), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, NULL, sizeof(tmp)), 0);
     ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, -1), 0);
     ExpectIntEQ(i2a_ASN1_INTEGER(NULL, NULL), 0);
     ExpectIntEQ(i2a_ASN1_INTEGER(bio, NULL), 0);
     ExpectIntEQ(i2a_ASN1_INTEGER(NULL, ai), 0);
 
     /* No data to read from BIO. */
-    ExpectIntEQ(a2i_ASN1_INTEGER(out, ai, tmp, 1024), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(out, ai, tmp, sizeof(tmp)), 0);
 
     /* read first line */
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
     ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 6);
-    XMEMSET(tmp, 0, 1024);
-    tmpSz = BIO_read(out, tmp, 1024);
+    XMEMSET(tmp, 0, sizeof(tmp));
+    tmpSz = BIO_read(out, tmp, sizeof(tmp));
     ExpectIntEQ(tmpSz, 6);
     ExpectIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0);
 
     /* fail on second line (not % 2) */
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 0);
 
     /* read 3rd long line */
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
     ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 30);
-    XMEMSET(tmp, 0, 1024);
-    tmpSz = BIO_read(out, tmp, 1024);
+    XMEMSET(tmp, 0, sizeof(tmp));
+    tmpSz = BIO_read(out, tmp, sizeof(tmp));
     ExpectIntEQ(tmpSz, 30);
     ExpectIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0);
 
     /* fail on empty line */
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 0);
 
     BIO_free(bio);
     bio = NULL;
 
     /* Make long integer, requiring dynamic memory, even longer. */
     ExpectNotNull(bio = BIO_new_mem_buf(longStr, -1));
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
     ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 48);
-    XMEMSET(tmp, 0, 1024);
-    tmpSz = BIO_read(out, tmp, 1024);
+    XMEMSET(tmp, 0, sizeof(tmp));
+    tmpSz = BIO_read(out, tmp, sizeof(tmp));
     ExpectIntEQ(tmpSz, 48);
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
     ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 56);
-    XMEMSET(tmp, 0, 1024);
-    tmpSz = BIO_read(out, tmp, 1024);
+    XMEMSET(tmp, 0, sizeof(tmp));
+    tmpSz = BIO_read(out, tmp, sizeof(tmp));
     ExpectIntEQ(tmpSz, 56);
     ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(ai, 1), 1);
     BIO_free(bio);
@@ -42890,7 +19708,7 @@ static int test_wolfSSL_ASN1_get_object(void)
     const unsigned char objDerNotObj[] = { 0x02, 0x01, 0x00 };
     const unsigned char objDerNoData[] = { 0x06, 0x00 };
     const unsigned char* p;
-    unsigned char objDer[8];
+    unsigned char objDer[10];
     unsigned char* der;
     unsigned char* derPtr;
     int len = sizeof_cliecc_cert_der_256;
@@ -42916,7 +19734,7 @@ static int test_wolfSSL_ASN1_get_object(void)
 
     /* SEQUENCE */
     ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0);
-    ExpectIntEQ(asnLen, 861);
+    ExpectIntEQ(asnLen, 862);
     ExpectIntEQ(tag, 0x10);
     ExpectIntEQ(cls, 0);
 
@@ -43004,13 +19822,13 @@ static int test_wolfSSL_ASN1_get_object(void)
     ExpectIntEQ(i2d_ASN1_OBJECT(NULL, NULL), 0);
     ExpectIntEQ(i2d_ASN1_OBJECT(&s, NULL), 0);
 
-    ExpectIntEQ(i2d_ASN1_OBJECT(a, NULL), 8);
+    ExpectIntEQ(i2d_ASN1_OBJECT(a, NULL), 10);
     der = NULL;
-    ExpectIntEQ(i2d_ASN1_OBJECT(a, &der), 8);
+    ExpectIntEQ(i2d_ASN1_OBJECT(a, &der), 10);
     derPtr = objDer;
-    ExpectIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 8);
+    ExpectIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 10);
     ExpectPtrNE(derPtr, objDer);
-    ExpectIntEQ(XMEMCMP(der, objDer, 8), 0);
+    ExpectIntEQ(XMEMCMP(der, objDer, 10), 0);
     XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
 
     ASN1_OBJECT_free(a);
@@ -43026,8 +19844,6 @@ static int test_wolfSSL_i2a_ASN1_OBJECT(void)
     ASN1_OBJECT* a = NULL;
     BIO *bio = NULL;
     const unsigned char notObjDer[] = { 0x04, 0x01, 0xff };
-    const unsigned char badLenDer[] = { 0x06, 0x04, 0x01 };
-    const unsigned char goodDer[] = { 0x06, 0x01, 0x01 };
     const unsigned char* p;
 
     ExpectNotNull(obj = OBJ_nid2obj(NID_sha256));
@@ -43043,22 +19859,10 @@ static int test_wolfSSL_i2a_ASN1_OBJECT(void)
     ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
     ASN1_OBJECT_free(a);
     a = NULL;
-    /* DER encoding - not OBJECT_ID */
+    /* DER encoding */
     p = notObjDer;
     ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
-    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
-    ASN1_OBJECT_free(a);
-    a = NULL;
-    /* Bad length encoding. */
-    p = badLenDer;
-    ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
-    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
-    ASN1_OBJECT_free(a);
-    a = NULL;
-    /* Good encoding - but unknown. */
-    p = goodDer;
-    ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
-    ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
+    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 5);
     ASN1_OBJECT_free(a);
 
     BIO_free(bio);
@@ -43105,9 +19909,9 @@ static int test_wolfSSL_sk_ASN1_OBJECT(void)
     sk = NULL;
 
     ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj());
-    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), -1);
     ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, NULL), 0);
-    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), 0);
+    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), -1);
     ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1);
     wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
     sk = NULL;
@@ -43287,9 +20091,9 @@ static int test_wolfSSL_ASN1_STRING_canon(void)
     ExpectNotNull(canon = ASN1_STRING_new());
 
     /* Invalid parameter testing. */
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
     ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
@@ -43640,9 +20444,9 @@ static int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void)
     ExpectIntEQ(wolfSSL_ASN1_TIME_set_string(gtime, "20180504123500Z"), 1);
 
     /* Invalid parameters testing. */
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, gtime), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, gtime), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 1);
     ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 20);
@@ -43672,7 +20476,7 @@ static int test_wolfSSL_ASN1_TIME(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
     WOLFSSL_ASN1_TIME* asn_time = NULL;
-    unsigned char *data;
+    unsigned char *data = NULL;
 
     ExpectNotNull(asn_time = ASN1_TIME_new());
 
@@ -43695,6 +20499,9 @@ static int test_wolfSSL_ASN1_TIME(void)
     ExpectIntEQ(ASN1_TIME_check(NULL), 0);
     ExpectIntEQ(ASN1_TIME_check(asn_time), 1);
 
+    ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Z"), 1);
+    ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Za"), 0);
+
     ASN1_TIME_free(asn_time);
     ASN1_TIME_free(NULL);
 #endif
@@ -43759,9 +20566,10 @@ static int test_wolfSSL_ASN1_TIME_diff_compare(void)
 
     ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
 
-    /* Error conditions. */
-    ExpectIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime), 0);
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime), 0);
+    /* Test when secsDiff or daysDiff is NULL. */
+    ExpectIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime), 1);
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime), 1);
+    ExpectIntEQ(ASN1_TIME_diff(NULL, NULL, fromTime, toTime), 1);
 
     /* If both times are NULL, difference is 0. */
     ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, NULL), 1);
@@ -44119,7 +20927,7 @@ static int test_wolfSSL_ASN1_TIME_print(void)
 
     ExpectIntEQ(ASN1_TIME_print(bio, notBefore), 1);
     ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
-    ExpectIntEQ(XMEMCMP(buf, "Dec 13 22:19:28 2023 GMT", sizeof(buf) - 1), 0);
+    ExpectIntEQ(XMEMCMP(buf, "Dec 18 21:25:29 2024 GMT", sizeof(buf) - 1), 0);
 
     /* Test BIO_write fails. */
     ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
@@ -44293,7 +21101,7 @@ static int test_wolfSSL_ASN1_TYPE(void)
     return EXPECT_RESULT();
 }
 
-/* Testing code used in dpp.c in hostap */
+/* Testing code used in old dpp.c in hostap */
 #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
 typedef struct {
     /* AlgorithmIdentifier ecPublicKey with optional parameters present
@@ -44310,6 +21118,57 @@ ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY)
 
+typedef struct {
+    int type;
+    union {
+        ASN1_BIT_STRING *str1;
+        ASN1_BIT_STRING *str2;
+        ASN1_BIT_STRING *str3;
+    } d;
+} ASN1_CHOICE_TEST;
+
+ASN1_CHOICE(ASN1_CHOICE_TEST) = {
+    ASN1_IMP(ASN1_CHOICE_TEST, d.str1, ASN1_BIT_STRING, 1),
+    ASN1_IMP(ASN1_CHOICE_TEST, d.str2, ASN1_BIT_STRING, 2),
+    ASN1_IMP(ASN1_CHOICE_TEST, d.str3, ASN1_BIT_STRING, 3)
+} ASN1_CHOICE_END(ASN1_CHOICE_TEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_CHOICE_TEST)
+
+/* Test nested objects */
+typedef struct {
+    DPP_BOOTSTRAPPING_KEY* key;
+    ASN1_INTEGER* asnNum;
+    ASN1_INTEGER* expNum;
+    STACK_OF(ASN1_GENERALSTRING) *strList;
+    ASN1_CHOICE_TEST* str;
+} TEST_ASN1_NEST1;
+
+ASN1_SEQUENCE(TEST_ASN1_NEST1) = {
+    ASN1_SIMPLE(TEST_ASN1_NEST1, key, DPP_BOOTSTRAPPING_KEY),
+    ASN1_SIMPLE(TEST_ASN1_NEST1, asnNum, ASN1_INTEGER),
+    ASN1_EXP(TEST_ASN1_NEST1, expNum, ASN1_INTEGER, 0),
+    ASN1_EXP_SEQUENCE_OF(TEST_ASN1_NEST1, strList, ASN1_GENERALSTRING, 1),
+    ASN1_SIMPLE(TEST_ASN1_NEST1, str, ASN1_CHOICE_TEST)
+} ASN1_SEQUENCE_END(TEST_ASN1_NEST1)
+
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_NEST1)
+
+typedef struct {
+    ASN1_INTEGER* num;
+    DPP_BOOTSTRAPPING_KEY* key;
+    TEST_ASN1_NEST1* asn1_obj;
+} TEST_ASN1_NEST2;
+
+ASN1_SEQUENCE(TEST_ASN1_NEST2) = {
+    ASN1_SIMPLE(TEST_ASN1_NEST2, num, ASN1_INTEGER),
+    ASN1_SIMPLE(TEST_ASN1_NEST2, key, DPP_BOOTSTRAPPING_KEY),
+    ASN1_SIMPLE(TEST_ASN1_NEST2, asn1_obj, TEST_ASN1_NEST1)
+} ASN1_SEQUENCE_END(TEST_ASN1_NEST2)
+
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_NEST2)
+/* End nested objects */
+
 typedef struct {
     ASN1_INTEGER *integer;
 } TEST_ASN1;
@@ -44320,16 +21179,13 @@ ASN1_SEQUENCE(TEST_ASN1) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1)
 
-typedef struct {
-    ASN1_OCTET_STRING *octet_string;
-} TEST_FAIL_ASN1;
+typedef STACK_OF(ASN1_INTEGER) TEST_ASN1_ITEM;
 
-#define WOLFSSL_ASN1_OCTET_STRING_ASN1   4
-ASN1_SEQUENCE(TEST_FAIL_ASN1) = {
-    ASN1_SIMPLE(TEST_FAIL_ASN1, octet_string, ASN1_OCTET_STRING),
-} ASN1_SEQUENCE_END(TEST_FAIL_ASN1)
+ASN1_ITEM_TEMPLATE(TEST_ASN1_ITEM) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, MemName, ASN1_INTEGER)
+ASN1_ITEM_TEMPLATE_END(TEST_ASN1_ITEM)
 
-IMPLEMENT_ASN1_FUNCTIONS(TEST_FAIL_ASN1)
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_ITEM)
 #endif
 
 static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
@@ -44342,7 +21198,9 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     EVP_PKEY *key = NULL;
     size_t len = 0;
     unsigned char *der = NULL;
-    DPP_BOOTSTRAPPING_KEY *bootstrap = NULL;
+    unsigned char *der2 = NULL;
+    const unsigned char *tmp = NULL;
+    DPP_BOOTSTRAPPING_KEY *bootstrap = NULL, *bootstrap2 = NULL;
     const unsigned char *in = ecc_clikey_der_256;
     WOLFSSL_ASN1_OBJECT* ec_obj = NULL;
     WOLFSSL_ASN1_OBJECT* group_obj = NULL;
@@ -44350,7 +21208,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     const EC_POINT *point = NULL;
     int nid;
     TEST_ASN1 *test_asn1 = NULL;
-    TEST_FAIL_ASN1 test_fail_asn1;
+    TEST_ASN1 *test_asn1_2 = NULL;
 
     const unsigned char badObjDer[] = { 0x06, 0x00 };
     const unsigned char goodObjDer[] = {
@@ -44363,9 +21221,9 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
 
     der = NULL;
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), 0);
-    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), 0);
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), -1);
+    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), -1);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), -1);
 
     ExpectNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in,
                                        (long)sizeof_ecc_clikey_der_256));
@@ -44377,6 +21235,10 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
     group_obj = OBJ_nid2obj(nid);
     if ((ec_obj != NULL) && (group_obj != NULL)) {
+        ExpectIntEQ(X509_ALGOR_set0(NULL, ec_obj, V_ASN1_OBJECT,
+            group_obj), 0);
+        ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, NULL, V_ASN1_OBJECT,
+            NULL), 1);
         ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, ec_obj, V_ASN1_OBJECT,
             group_obj), 1);
         if (EXPECT_SUCCESS()) {
@@ -44416,15 +21278,23 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
         bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
     }
 
-    ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 0);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 16+len);
     der = NULL;
-    ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
-    ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16+len);
+    der2 = NULL;
+#ifdef WOLFSSL_ASN_TEMPLATE
+    tmp = der;
+    ExpectNotNull(d2i_DPP_BOOTSTRAPPING_KEY(&bootstrap2, &tmp, 16+len));
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap2, &der2), 16+len);
+    ExpectBufEQ(der, der2, 49);
+#endif
 
     XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+    XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
     EVP_PKEY_free(key);
     EC_KEY_free(eckey);
     DPP_BOOTSTRAPPING_KEY_free(bootstrap);
+    DPP_BOOTSTRAPPING_KEY_free(bootstrap2);
     bootstrap = NULL;
     DPP_BOOTSTRAPPING_KEY_free(NULL);
 
@@ -44448,7 +21318,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     }
     /* Encode with bad OBJECT_ID. */
     der = NULL;
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), -1);
 
     /* Fix OBJECT_ID and encode with empty BIT_STRING. */
     if (EXPECT_SUCCESS()) {
@@ -44458,7 +21328,7 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     }
     der = NULL;
     ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16);
-    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), 0);
+    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), -1);
     XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
     DPP_BOOTSTRAPPING_KEY_free(bootstrap);
 
@@ -44467,24 +21337,250 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
     der = NULL;
     ExpectIntEQ(ASN1_INTEGER_set(test_asn1->integer, 100), 1);
     ExpectIntEQ(i2d_TEST_ASN1(test_asn1, &der), 5);
+    tmp = der;
+    ExpectNotNull(d2i_TEST_ASN1(&test_asn1_2, &tmp, 5));
+    der2 = NULL;
+    ExpectIntEQ(i2d_TEST_ASN1(test_asn1_2, &der2), 5);
+    ExpectBufEQ(der, der2, 5);
     XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+    XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
     TEST_ASN1_free(test_asn1);
+    TEST_ASN1_free(test_asn1_2);
 
     /* Test integer cases. */
     ExpectNull(wolfSSL_ASN1_item_new(NULL));
     TEST_ASN1_free(NULL);
 
-    /* Test error cases. */
-    ExpectNull(TEST_FAIL_ASN1_new());
-    ExpectNull(wolfSSL_ASN1_item_new(NULL));
-    TEST_FAIL_ASN1_free(NULL);
-    XMEMSET(&test_fail_asn1, 0, sizeof(TEST_FAIL_ASN1));
-    ExpectIntEQ(i2d_TEST_FAIL_ASN1(&test_fail_asn1, &der), 0);
+    /* Test nested asn1 objects */
+    {
+        TEST_ASN1_NEST2 *nested_asn1 = NULL;
+        TEST_ASN1_NEST2 *nested_asn1_2 = NULL;
+        int i;
+
+        ExpectNotNull(nested_asn1 = TEST_ASN1_NEST2_new());
+        /* Populate nested_asn1 with some random data */
+        /* nested_asn1->num */
+        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->num, 30003), 1);
+        /* nested_asn1->key */
+        ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
+        group_obj = OBJ_nid2obj(NID_secp256k1);
+        ExpectIntEQ(X509_ALGOR_set0(nested_asn1->key->alg, ec_obj,
+                V_ASN1_OBJECT, group_obj), 1);
+        if (EXPECT_SUCCESS()) {
+            ec_obj = NULL;
+            group_obj = NULL;
+        }
+        else {
+            wolfSSL_ASN1_OBJECT_free(ec_obj);
+            wolfSSL_ASN1_OBJECT_free(group_obj);
+        }
+        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->key->pub_key, 50, 1),
+                1);
+        /* nested_asn1->asn1_obj->key */
+        ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
+        group_obj = OBJ_nid2obj(NID_secp256k1);
+        ExpectIntEQ(X509_ALGOR_set0(nested_asn1->asn1_obj->key->alg, ec_obj,
+                V_ASN1_OBJECT, group_obj), 1);
+        if (EXPECT_SUCCESS()) {
+            ec_obj = NULL;
+            group_obj = NULL;
+        }
+        else {
+            wolfSSL_ASN1_OBJECT_free(ec_obj);
+            wolfSSL_ASN1_OBJECT_free(group_obj);
+        }
+        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->key->pub_key,
+                500, 1), 1);
+        /* nested_asn1->asn1_obj->asnNum */
+        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->asnNum, 666666), 1);
+        /* nested_asn1->asn1_obj->expNum */
+        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->expNum, 22222), 1);
+        /* nested_asn1->asn1_obj->strList */
+        for (i = 10; i >= 0; i--) {
+            ASN1_GENERALSTRING* genStr = NULL;
+            char fmtStr[20];
+
+            ExpectIntGT(snprintf(fmtStr, sizeof(fmtStr), "Bonjour #%d", i), 0);
+            ExpectNotNull(genStr = ASN1_GENERALSTRING_new());
+            ExpectIntEQ(ASN1_GENERALSTRING_set(genStr, fmtStr, -1), 1);
+            ExpectIntGT(
+                    sk_ASN1_GENERALSTRING_push(nested_asn1->asn1_obj->strList,
+                            genStr), 0);
+            if (EXPECT_FAIL()) {
+                ASN1_GENERALSTRING_free(genStr);
+            }
+        }
+        /* nested_asn1->asn1_obj->str */
+        ExpectNotNull(nested_asn1->asn1_obj->str->d.str2
+                = ASN1_BIT_STRING_new());
+        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->str->d.str2,
+                150, 1), 1);
+        if (nested_asn1 != NULL) {
+            nested_asn1->asn1_obj->str->type = 2;
+        }
+
+        der = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1, &der), 285);
+#ifdef WOLFSSL_ASN_TEMPLATE
+        tmp = der;
+        ExpectNotNull(d2i_TEST_ASN1_NEST2(&nested_asn1_2, &tmp, 285));
+        der2 = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1_2, &der2), 285);
+        ExpectBufEQ(der, der2, 285);
+        XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+
+        TEST_ASN1_NEST2_free(nested_asn1);
+        TEST_ASN1_NEST2_free(nested_asn1_2);
+    }
+
+    /* Test ASN1_ITEM_TEMPLATE */
+    {
+        TEST_ASN1_ITEM* asn1_item = NULL;
+        TEST_ASN1_ITEM* asn1_item2 = NULL;
+        int i;
+
+        ExpectNotNull(asn1_item = TEST_ASN1_ITEM_new());
+        for (i = 0; i < 11; i++) {
+            ASN1_INTEGER* asn1_num = NULL;
+
+            ExpectNotNull(asn1_num = ASN1_INTEGER_new());
+            ExpectIntEQ(ASN1_INTEGER_set(asn1_num, i), 1);
+            ExpectIntGT(wolfSSL_sk_insert(asn1_item, asn1_num, -1), 0);
+            if (EXPECT_FAIL()) {
+                ASN1_INTEGER_free(asn1_num);
+            }
+        }
+
+        der = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_ITEM(asn1_item, &der), 35);
+        tmp = der;
+        ExpectNotNull(d2i_TEST_ASN1_ITEM(&asn1_item2, &tmp, 35));
+        der2 = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_ITEM(asn1_item2, &der2), 35);
+        ExpectBufEQ(der, der2, 35);
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
+
+        TEST_ASN1_ITEM_free(asn1_item);
+        TEST_ASN1_ITEM_free(asn1_item2);
+    }
+
 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
 #endif /* OPENSSL_ALL && HAVE_ECC && USE_CERT_BUFFERS_256 */
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_i2d_ASN1_TYPE(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    /* Taken from one of sssd's certs othernames */
+    unsigned char str_bin[] = {
+        0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d,
+        0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93
+    };
+    ASN1_TYPE* asn1type = NULL;
+    unsigned char* der = NULL;
+
+    /* Create ASN1_TYPE manually as we don't have a d2i version yet */
+    {
+        ASN1_STRING* str = NULL;
+        ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE));
+        ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1);
+        ExpectNotNull(asn1type = ASN1_TYPE_new());
+        if (asn1type != NULL) {
+            ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str);
+        }
+        else {
+            ASN1_STRING_free(str);
+        }
+    }
+
+    ExpectIntEQ(i2d_ASN1_TYPE(asn1type, NULL), sizeof(str_bin));
+    ExpectIntEQ(i2d_ASN1_TYPE(asn1type, &der), sizeof(str_bin));
+    ExpectBufEQ(der, str_bin, sizeof(str_bin));
+
+    ASN1_TYPE_free(asn1type);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_i2d_ASN1_SEQUENCE(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    /* Taken from one of sssd's certs othernames */
+    unsigned char str_bin[] = {
+      0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d,
+      0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93
+    };
+    ASN1_STRING* str = NULL;
+    unsigned char* der = NULL;
+
+    ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE));
+    ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1);
+    ExpectIntEQ(i2d_ASN1_SEQUENCE(str, NULL), sizeof(str_bin));
+    ExpectIntEQ(i2d_ASN1_SEQUENCE(str, &der), sizeof(str_bin));
+
+    ASN1_STRING_free(str);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_ASN1_strings(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    char text[] = "\0\0test string";
+    unsigned char* der = NULL;
+    ASN1_STRING* str = NULL;
+
+    /* Set the length byte */
+    text[1] = XSTRLEN(text + 2);
+
+    /* GENERALSTRING */
+    {
+        const unsigned char* p = (const unsigned char*)text;
+        text[0] = ASN_GENERALSTRING;
+        ExpectNotNull(d2i_ASN1_GENERALSTRING(&str, &p, sizeof(text)));
+        ExpectIntEQ(i2d_ASN1_GENERALSTRING(str, &der), 13);
+        ASN1_STRING_free(str);
+        str = NULL;
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        der = NULL;
+    }
+
+    /* OCTET_STRING */
+    {
+        const unsigned char* p = (const unsigned char*)text;
+        text[0] = ASN_OCTET_STRING;
+        ExpectNotNull(d2i_ASN1_OCTET_STRING(&str, &p, sizeof(text)));
+        ExpectIntEQ(i2d_ASN1_OCTET_STRING(str, &der), 13);
+        ASN1_STRING_free(str);
+        str = NULL;
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        der = NULL;
+    }
+
+    /* UTF8STRING */
+    {
+        const unsigned char* p = (const unsigned char*)text;
+        text[0] = ASN_UTF8STRING;
+        ExpectNotNull(d2i_ASN1_UTF8STRING(&str, &p, sizeof(text)));
+        ExpectIntEQ(i2d_ASN1_UTF8STRING(str, &der), 13);
+        ASN1_STRING_free(str);
+        str = NULL;
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        der = NULL;
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
 
 static int test_wolfSSL_lhash(void)
 {
@@ -44512,9 +21608,11 @@ static int test_wolfSSL_X509_NAME(void)
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
      defined(OPENSSL_EXTRA))
     X509* x509 = NULL;
+#ifndef OPENSSL_EXTRA
     const unsigned char* c = NULL;
-    unsigned char buf[4096];
     int bytes = 0;
+#endif
+    unsigned char buf[4096];
     XFILE f = XBADFILE;
     const X509_NAME* a = NULL;
     const X509_NAME* b = NULL;
@@ -44531,6 +21629,10 @@ static int test_wolfSSL_X509_NAME(void)
         0x01, 0x16, 0x00
     };
 #endif
+#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED)
+    byte   digest[64]; /* max digest size */
+    word32 digestSz;
+#endif
 
 #ifndef OPENSSL_EXTRA_X509_SMALL
     /* test compile of deprecated function, returns 0 */
@@ -44538,25 +21640,81 @@ static int test_wolfSSL_X509_NAME(void)
 #endif
 
     ExpectNotNull(a = X509_NAME_new());
+    ExpectNotNull(b = X509_NAME_new());
+#ifndef OPENSSL_EXTRA_X509_SMALL
+    ExpectIntEQ(X509_NAME_cmp(a, b), 0);
+#endif
+    X509_NAME_free((X509_NAME*)b);
     X509_NAME_free((X509_NAME*)a);
     a = NULL;
 
     ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
+#ifndef OPENSSL_EXTRA
     ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
     if (f != XBADFILE)
         XFCLOSE(f);
 
     c = buf;
     ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT));
+#else
+    ExpectNull(wolfSSL_X509_d2i_fp(NULL, XBADFILE));
+    ExpectNotNull(wolfSSL_X509_d2i_fp(&x509, f));
+    if (f != XBADFILE)
+        XFCLOSE(f);
+#endif
 
     /* test cmp function */
+    ExpectNull(X509_get_issuer_name(NULL));
     ExpectNotNull(a = X509_get_issuer_name(x509));
+    ExpectNull(X509_get_subject_name(NULL));
     ExpectNotNull(b = X509_get_subject_name(x509));
-
-#ifndef OPENSSL_EXTRA_X509_SMALL
-    ExpectIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
+#ifdef KEEP_PEER_CERT
+    ExpectNull(wolfSSL_X509_get_subjectCN(NULL));
+    ExpectNotNull(wolfSSL_X509_get_subjectCN(x509));
 #endif
 
+#if defined(OPENSSL_EXTRA)
+    ExpectIntEQ(X509_check_issued(NULL, NULL),
+        WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH);
+    ExpectIntEQ(X509_check_issued(x509, NULL),
+        WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH);
+    ExpectIntEQ(X509_check_issued(NULL, x509),
+        WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH);
+    ExpectIntEQ(X509_check_issued(x509, x509), WOLFSSL_X509_V_OK);
+
+    ExpectIntEQ(X509_NAME_cmp(NULL, NULL), -2);
+    ExpectIntEQ(X509_NAME_cmp(NULL, b), -2);
+    ExpectIntEQ(X509_NAME_cmp(a, NULL), -2);
+    ExpectIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
+
+#if !defined(NO_PWDBASED)
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, NULL, NULL), 0);
+#ifndef NO_SHA256
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), NULL,
+        NULL), 0);
+#endif
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, digest, NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, &digestSz), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, digest,
+        &digestSz), 0);
+#ifndef NO_SHA256
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), digest,
+        &digestSz), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), NULL,
+        &digestSz), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest,
+        NULL), 1);
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest,
+        &digestSz), 1);
+    ExpectTrue(digestSz == 32);
+#endif
+#else
+    ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL),
+        NOT_COMPILED_IN);
+#endif
+#endif /* OPENSSL_EXTRA */
+
     tmp = buf;
     ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0);
     if (sz > 0 && tmp == buf) {
@@ -44583,17 +21741,34 @@ static int test_wolfSSL_X509_NAME(void)
     /* test for givenName and name */
     {
         WOLFSSL_X509_NAME_ENTRY* entry = NULL;
+        WOLFSSL_X509_NAME_ENTRY empty;
         const byte gName[] = "test-given-name";
         const byte name[] = "test-name";
 
+        XMEMSET(&empty, 0, sizeof(empty));
+
+        ExpectNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL,
+            NID_givenName, ASN_UTF8STRING, NULL, sizeof(gName)));
         ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL,
             NID_givenName, ASN_UTF8STRING, gName, sizeof(gName)));
-        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0),
+        ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry,
+            NID_givenName, ASN_UTF8STRING, gName, sizeof(gName)));
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL         , NULL  , -1, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, NULL  , -1, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL         , entry , -1, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, &empty, -1, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , 99, 0),
+            0);
+        ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , -1, 0),
             1);
         wolfSSL_X509_NAME_ENTRY_free(entry);
         entry = NULL;
 
-        ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL,
+        ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry,
             NID_name, ASN_UTF8STRING, name, sizeof(name)));
         ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0),
             1);
@@ -44606,10 +21781,21 @@ static int test_wolfSSL_X509_NAME(void)
 #endif
 
     b = NULL;
+    ExpectNull(X509_NAME_dup(NULL));
     ExpectNotNull(b = X509_NAME_dup((X509_NAME*)a));
 #ifndef OPENSSL_EXTRA_X509_SMALL
     ExpectIntEQ(X509_NAME_cmp(a, b), 0);
 #endif
+    ExpectIntEQ(X509_NAME_entry_count(NULL), 0);
+    ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7);
+    X509_NAME_free((X509_NAME*)b);
+    ExpectNotNull(b = wolfSSL_X509_NAME_new());
+    ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 0);
+    ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, (X509_NAME*)b), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, (X509_NAME*)b), 1);
+    ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7);
     X509_NAME_free((X509_NAME*)b);
     X509_NAME_free(d2i_name);
     d2i_name = NULL;
@@ -44644,6 +21830,12 @@ static int test_wolfSSL_X509_NAME_hash(void)
     !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO)
     BIO* bio = NULL;
     X509* x509 = NULL;
+    X509_NAME* name = NULL;
+
+    ExpectIntEQ(X509_NAME_hash(NULL), 0);
+    ExpectNotNull(name = wolfSSL_X509_NAME_new_ex(NULL));
+    ExpectIntEQ(X509_NAME_hash(name), 0);
+    X509_NAME_free(name);
 
     ExpectNotNull(bio = BIO_new(BIO_s_file()));
     ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0);
@@ -44670,6 +21862,7 @@ static int test_wolfSSL_X509_NAME_print_ex(void)
     BIO* membio = NULL;
     X509* x509 = NULL;
     X509_NAME* name = NULL;
+    X509_NAME* empty = NULL;
 
     const char* expNormal  = "C=US, CN=wolfssl.com";
     const char* expEqSpace = "C = US, CN = wolfssl.com";
@@ -44688,7 +21881,13 @@ static int test_wolfSSL_X509_NAME_print_ex(void)
 
     /* Test without flags */
     ExpectNotNull(membio = BIO_new(BIO_s_mem()));
+    ExpectNotNull(empty = wolfSSL_X509_NAME_new());
+    ExpectIntEQ(X509_NAME_print_ex(NULL, NULL, 0, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_print_ex(membio, NULL, 0, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_print_ex(NULL, name, 0, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_print_ex(membio, empty, 0, 0), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS);
+    wolfSSL_X509_NAME_free(empty);
     BIO_free(membio);
     membio = NULL;
 
@@ -44731,7 +21930,7 @@ static int test_wolfSSL_X509_NAME_print_ex(void)
         membio = NULL;
 
         /* Test with XN_FLAG_ONELINE which should enable XN_FLAG_SPC_EQ for
-           spaces aroun '=' */
+           spaces around '=' */
         ExpectNotNull(membio = BIO_new(BIO_s_mem()));
         ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_ONELINE),
             WOLFSSL_SUCCESS);
@@ -44863,7 +22062,7 @@ static int test_wolfSSL_X509_INFO_multiple_info(void)
         ExpectNotNull(info = sk_X509_INFO_value(info_stack, i));
         ExpectNotNull(info->x509);
         ExpectNull(info->crl);
-        if (i != 0) {
+        if (i != 2) {
             ExpectNotNull(info->x_pkey);
             ExpectIntEQ(X509_check_private_key(info->x509,
                                                info->x_pkey->dec_pkey), 1);
@@ -44956,6 +22155,12 @@ static int test_wolfSSL_X509_subject_name_hash(void)
     unsigned long ret1 = 0;
     unsigned long ret2 = 0;
 
+    ExpectNotNull(x509 = X509_new());
+    ExpectIntEQ(X509_subject_name_hash(NULL), 0);
+    ExpectIntEQ(X509_subject_name_hash(x509), 0);
+    X509_free(x509);
+    x509 = NULL;
+
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                 SSL_FILETYPE_PEM));
     ExpectNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
@@ -44992,6 +22197,12 @@ static int test_wolfSSL_X509_issuer_name_hash(void)
     unsigned long ret1 = 0;
     unsigned long ret2 = 0;
 
+    ExpectNotNull(x509 = X509_new());
+    ExpectIntEQ(X509_issuer_name_hash(NULL), 0);
+    ExpectIntEQ(X509_issuer_name_hash(x509), 0);
+    X509_free(x509);
+    x509 = NULL;
+
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                 SSL_FILETYPE_PEM));
     ExpectNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
@@ -45025,20 +22236,52 @@ static int test_wolfSSL_X509_check_host(void)
     && !defined(NO_SHA) && !defined(NO_RSA)
     X509* x509 = NULL;
     const char altName[] = "example.com";
+    const char badAltName[] = "a.example.com";
 
+    ExpectIntEQ(X509_check_host(NULL, NULL, XSTRLEN(altName), 0, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* cliCertFile has subjectAltName set to 'example.com', '127.0.0.1' */
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                 SSL_FILETYPE_PEM));
 
     ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
             WOLFSSL_SUCCESS);
 
+    ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), 0, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
     ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* Check WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */
+    ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName),
+            WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(X509_check_host(x509, NULL, 0,
+            WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName),
+            WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName),
+        WOLFSSL_NO_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName),
+        WOLFSSL_NO_PARTIAL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName),
+        WOLFSSL_MULTI_LABEL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     X509_free(x509);
 
     ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* Check again with WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */
+    ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName),
+            WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     return EXPECT_RESULT();
 }
@@ -45048,15 +22291,24 @@ static int test_wolfSSL_X509_check_email(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
     X509* x509 = NULL;
+    X509* empty = NULL;
     const char goodEmail[] = "info@wolfssl.com";
     const char badEmail[] = "disinfo@wolfssl.com";
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
                 SSL_FILETYPE_PEM));
+    ExpectNotNull(empty = wolfSSL_X509_new());
+
+    ExpectIntEQ(wolfSSL_X509_check_email(NULL, NULL, 0, 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, XSTRLEN(goodEmail),
+        0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_email(empty, goodEmail, XSTRLEN(goodEmail),
+        0), 0);
 
     /* Should fail on non-matching email address */
     ExpectIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Should succeed on matching email address */
     ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0),
             WOLFSSL_SUCCESS);
@@ -45065,13 +22317,14 @@ static int test_wolfSSL_X509_check_email(void)
             WOLFSSL_SUCCESS);
     /* Should fail when email address is NULL */
     ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
+    X509_free(empty);
     X509_free(x509);
 
     /* Should fail when x509 is NULL */
     ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0),
-            WOLFSSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
     return EXPECT_RESULT();
 }
@@ -45083,6 +22336,7 @@ static int test_wc_PemToDer(void)
     int ret;
     DerBuffer* pDer = NULL;
     const char* ca_cert = "./certs/server-cert.pem";
+    const char* trusted_cert = "./certs/test/ossl-trusted-cert.pem";
     byte* cert_buf = NULL;
     size_t cert_sz = 0;
     int eccKey = 0;
@@ -45101,6 +22355,18 @@ static int test_wc_PemToDer(void)
         cert_buf = NULL;
     }
 
+    /* Test that -----BEGIN TRUSTED CERTIFICATE----- banner parses OK */
+    ExpectIntEQ(ret = load_file(trusted_cert, &cert_buf, &cert_sz), 0);
+    ExpectIntEQ(ret = wc_PemToDer(cert_buf, (long int)cert_sz, TRUSTED_CERT_TYPE, &pDer, NULL,
+        &info, &eccKey), 0);
+    wc_FreeDer(&pDer);
+    pDer = NULL;
+
+    if (cert_buf != NULL) {
+        free(cert_buf);
+        cert_buf = NULL;
+    }
+
 #ifdef HAVE_ECC
     {
         const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem";
@@ -45110,7 +22376,7 @@ static int test_wc_PemToDer(void)
         ExpectIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0);
         key_buf[0] = '\n';
         ExpectNotNull(XMEMCPY(key_buf + 1, cert_buf, cert_sz));
-        ExpectIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE,
+        ExpectIntNE((ret = wc_PemToDer(key_buf, (long int)cert_sz + 1, CERT_TYPE,
             &pDer, NULL, &info, &eccKey)), 0);
 
     #ifdef OPENSSL_EXTRA
@@ -45134,7 +22400,7 @@ static int test_wc_AllocDer(void)
     word32 testSize = 1024;
 
     ExpectIntEQ(wc_AllocDer(NULL, testSize, CERT_TYPE, HEAP_HINT),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT), 0);
     ExpectNotNull(pDer);
     wc_FreeDer(&pDer);
@@ -45159,19 +22425,19 @@ static int test_wc_CertPemToDer(void)
         (int)cert_dersz, CERT_TYPE), 0);
 
     ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, NULL, -1, CERT_TYPE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, NULL, -1, CERT_TYPE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, cert_der, -1, CERT_TYPE),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, NULL, (int)cert_dersz,
-        CERT_TYPE), BAD_FUNC_ARG);
+        CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, cert_der,
-        (int)cert_dersz, CERT_TYPE), BAD_FUNC_ARG);
+        (int)cert_dersz, CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, NULL,
-        (int)cert_dersz, CERT_TYPE), BAD_FUNC_ARG);
+        (int)cert_dersz, CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, -1,
-        CERT_TYPE), BAD_FUNC_ARG);
+        CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     if (cert_der != NULL)
         free(cert_der);
@@ -45222,11 +22488,11 @@ static int test_wc_KeyPemToDer(void)
 
     /* Bad arg: Cert buffer is NULL */
     ExpectIntEQ(wc_KeyPemToDer(NULL, cert_sz, cert_der, cert_dersz, ""),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Bad arg: Cert DER buffer non-NULL but size zero (or less) */
     ExpectIntEQ(wc_KeyPemToDer(cert_buf, cert_sz, (byte*)&cert_der, 0, ""),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Test normal operation */
     cert_dersz = cert_sz; /* DER will be smaller than PEM */
@@ -45266,7 +22532,7 @@ static int test_wc_PubKeyPemToDer(void)
     byte* cert_der = NULL;
 
     ExpectIntEQ(wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
-        cert_der, (int)cert_dersz), BAD_FUNC_ARG);
+        cert_der, (int)cert_dersz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(load_file(key, &cert_buf, &cert_sz), 0);
     cert_dersz = cert_sz; /* DER will be smaller than PEM */
@@ -45306,7 +22572,7 @@ static int test_wc_PemPubKeyToDer(void)
     byte* cert_der = NULL;
 
     ExpectIntGE(wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
     ExpectIntGE(wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz), 0);
@@ -45389,19 +22655,19 @@ static int test_wc_GetPubKeyDerFromCert(void)
     /* test LENGTH_ONLY_E case */
     keyDerSz = 0;
     ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntGT(keyDerSz, 0);
 
     /* bad args: DecodedCert NULL */
-    ExpectIntEQ(wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* bad args: output key buff size */
-    ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* bad args: zero size output key buffer */
     keyDerSz = 0;
     ExpectIntEQ(ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_FreeDecodedCert(&decoded);
 
@@ -45469,7 +22735,7 @@ static int test_wc_GetPubKeyDerFromCert(void)
     /* test LENGTH_ONLY_E case */
     keyDerSz = 0;
     ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectIntGT(keyDerSz, 0);
 
     wc_FreeDecodedCert(&decoded);
@@ -45511,24 +22777,24 @@ static int test_wc_CheckCertSigPubKey(void)
 
     /* No certificate. */
     ExpectIntEQ(wc_CheckCertSigPubKey(NULL, cert_dersz, NULL, keyDer, keyDerSz,
-        ECDSAk), BAD_FUNC_ARG);
+        ECDSAk), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Bad cert size. */
     ExpectIntNE(ret = wc_CheckCertSigPubKey(cert_der, 0, NULL, keyDer, keyDerSz,
         RSAk), 0);
-    ExpectTrue(ret == ASN_PARSE_E || ret == BUFFER_E);
+    ExpectTrue(ret == WC_NO_ERR_TRACE(ASN_PARSE_E) || ret == WC_NO_ERR_TRACE(BUFFER_E));
 
     /* No public key. */
     ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, NULL,
-        keyDerSz, RSAk), ASN_NO_SIGNER_E);
+        keyDerSz, RSAk), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
 
     /* Bad public key size. */
     ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0,
-        RSAk), BAD_FUNC_ARG);
+        RSAk), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Wrong aglo. */
     ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer,
-        keyDerSz, ECDSAk), ASN_PARSE_E);
+        keyDerSz, ECDSAk), WC_NO_ERR_TRACE(ASN_PARSE_E));
 
     wc_FreeDecodedCert(&decoded);
     if (cert_der != NULL)
@@ -45539,11 +22805,46 @@ static int test_wc_CheckCertSigPubKey(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_ext_d2i(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
+    X509* x509 = NULL;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_basic_constraints,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_subject_alt_name,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_authority_key_identifier,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_subject_key_identifier,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_key_usage,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_crl_distribution_points,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_ext_key_usage,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_info_access,
+        NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_certificate_policies,
+        NULL, NULL));
+    /* Invalid NID for an extension. */
+    ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_description,
+        NULL, NULL));
+
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_certs(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_RSA)
+    !defined(NO_TLS) && !defined(NO_RSA)
     X509*  x509ext = NULL;
     X509*  x509 = NULL;
 #ifdef OPENSSL_ALL
@@ -45555,6 +22856,7 @@ static int test_wolfSSL_certs(void)
     STACK_OF(ASN1_OBJECT)* sk = NULL;
     ASN1_STRING* asn1_str = NULL;
     AUTHORITY_KEYID* akey = NULL;
+    WOLFSSL_STACK* skid = NULL;
     BASIC_CONSTRAINTS* bc = NULL;
     int crit = 0;
 
@@ -45567,7 +22869,7 @@ static int test_wolfSSL_certs(void)
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
     #if !defined(NO_CHECK_PRIVATE_KEY)
-    ExpectIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_check_private_key(ctx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     #endif
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
     #if !defined(NO_CHECK_PRIVATE_KEY)
@@ -45577,11 +22879,11 @@ static int test_wolfSSL_certs(void)
 
     /* Invalid parameters. */
     ExpectIntEQ(SSL_use_certificate_file(NULL, NULL, WOLFSSL_FILETYPE_PEM),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(SSL_use_certificate_file(ssl, NULL, WOLFSSL_FILETYPE_PEM),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_use_certificate_file(NULL, "./certs/server-cert.pem",
-        WOLFSSL_FILETYPE_PEM), BAD_FUNC_ARG);
+        WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     #if !defined(NO_CHECK_PRIVATE_KEY)
     ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
@@ -45593,15 +22895,21 @@ static int test_wolfSSL_certs(void)
 
     /* Invalid parameters. */
     ExpectNotNull(x509 = wolfSSL_X509_new());
-    ExpectIntEQ(SSL_use_certificate(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_use_certificate(ssl, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_use_certificate(NULL, x509), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_use_certificate(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_certificate(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_certificate(NULL, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* No data in certificate. */
-    ExpectIntEQ(SSL_use_certificate(ssl, x509), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_use_certificate(ssl, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
     /* create and use x509 */
+    ExpectNull(wolfSSL_X509_load_certificate_file(cliCertFileExt, -1));
+    ExpectNull(wolfSSL_X509_load_certificate_file("/tmp/badfile",
+        WOLFSSL_FILETYPE_PEM));
+    ExpectNull(wolfSSL_X509_load_certificate_file(NULL, WOLFSSL_FILETYPE_PEM));
+    ExpectNull(wolfSSL_X509_load_certificate_file(cliCertFileExt,
+        WOLFSSL_FILETYPE_ASN1));
 #ifdef OPENSSL_ALL
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         WOLFSSL_FILETYPE_PEM));
@@ -45618,13 +22926,13 @@ static int test_wolfSSL_certs(void)
 
     #if defined(USE_CERT_BUFFERS_2048)
         /* Invalid parameters. */
-        ExpectIntEQ(SSL_use_certificate_ASN1(NULL, NULL, 0), WOLFSSL_FAILURE);
-        ExpectIntEQ(SSL_use_certificate_ASN1(ssl, NULL, 0), WOLFSSL_FAILURE);
+        ExpectIntEQ(SSL_use_certificate_ASN1(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        ExpectIntEQ(SSL_use_certificate_ASN1(ssl, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(SSL_use_certificate_ASN1(NULL,
-                (unsigned char*)server_cert_der_2048, 0), WOLFSSL_FAILURE);
+                (unsigned char*)server_cert_der_2048, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         /* No data. */
         ExpectIntEQ(SSL_use_certificate_ASN1(ssl,
-                (unsigned char*)server_cert_der_2048, 0), WOLFSSL_FAILURE);
+                (unsigned char*)server_cert_der_2048, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
         ExpectIntEQ(SSL_use_certificate_ASN1(ssl,
                                   (unsigned char*)server_cert_der_2048,
@@ -45636,31 +22944,101 @@ static int test_wolfSSL_certs(void)
     {
         byte   digest[64]; /* max digest size */
         word32 digestSz;
+        X509*  x509Empty = NULL;
 
         XMEMSET(digest, 0, sizeof(digest));
-        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz),
-                    WOLFSSL_SUCCESS);
-        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, &digestSz),
-                    WOLFSSL_SUCCESS);
-
         ExpectIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
                     WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_digest(x509ext, NULL, digest, &digestSz),
+                    WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), NULL, &digestSz),
+                    WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, NULL),
+                    WOLFSSL_SUCCESS);
+        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz),
+                    WOLFSSL_SUCCESS);
+        ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest,
+                    &digestSz), WOLFSSL_SUCCESS);
+
+        ExpectNotNull(x509Empty = wolfSSL_X509_new());
+        ExpectIntEQ(X509_digest(x509Empty, wolfSSL_EVP_sha256(), digest,
+                    &digestSz), WOLFSSL_FAILURE);
+        wolfSSL_X509_free(x509Empty);
+    }
+    #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */
+
+    #if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
+    /************* Get Digest of Certificate ******************/
+    {
+        byte   digest[64]; /* max digest size */
+        word32 digestSz;
+        X509*  x509Empty = NULL;
+
+        XMEMSET(digest, 0, sizeof(digest));
+        ExpectIntEQ(X509_pubkey_digest(NULL, wolfSSL_EVP_sha1(), digest,
+                    &digestSz), WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, NULL, digest, &digestSz),
+                    WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha1(), NULL,
+                    &digestSz), WOLFSSL_FAILURE);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha1(), digest,
+                    NULL), WOLFSSL_SUCCESS);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha1(), digest,
+                    &digestSz), WOLFSSL_SUCCESS);
+        ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha256(), digest,
+                    &digestSz), WOLFSSL_SUCCESS);
+
+        ExpectNotNull(x509Empty = wolfSSL_X509_new());
+        ExpectIntEQ(X509_pubkey_digest(x509Empty, wolfSSL_EVP_sha256(), digest,
+                    &digestSz), WOLFSSL_FAILURE);
+        wolfSSL_X509_free(x509Empty);
     }
     #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */
 
     /* test and checkout X509 extensions */
+    ExpectNotNull(bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext,
+        NID_basic_constraints, NULL, NULL));
+    BASIC_CONSTRAINTS_free(bc);
+    bc = NULL;
     ExpectNotNull(bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext,
         NID_basic_constraints, &crit, NULL));
     ExpectIntEQ(crit, 0);
 
 #ifdef OPENSSL_ALL
+    ExpectNull(X509V3_EXT_i2d(NID_basic_constraints, crit, NULL));
+    {
+        int i;
+        int unsupportedNid[] = {
+            0,
+            NID_inhibit_any_policy,
+            NID_certificate_policies,
+            NID_policy_mappings,
+            NID_name_constraints,
+            NID_policy_constraints,
+            NID_crl_distribution_points
+        };
+        int unsupportedNidCnt = (int)(sizeof(unsupportedNid) /
+                                      sizeof(*unsupportedNid));
+
+        for (i = 0; i < unsupportedNidCnt; i++) {
+            ExpectNotNull(ext = X509V3_EXT_i2d(unsupportedNid[i], crit, bc));
+            X509_EXTENSION_free(ext);
+            ext = NULL;
+        }
+    }
     ExpectNotNull(ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc));
     X509_EXTENSION_free(ext);
     ext = NULL;
 
     ExpectNotNull(ext = X509_EXTENSION_new());
-    X509_EXTENSION_set_critical(ext, 1);
+    ExpectIntEQ(X509_EXTENSION_set_critical(NULL, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_EXTENSION_set_critical(ext, 1), WOLFSSL_SUCCESS);
     ExpectNotNull(obj = OBJ_nid2obj(NID_basic_constraints));
+    ExpectIntEQ(X509_EXTENSION_set_object(NULL, NULL), SSL_FAILURE);
+    ExpectIntEQ(X509_EXTENSION_set_object(NULL, obj), SSL_FAILURE);
+    ExpectIntEQ(X509_EXTENSION_set_object(ext, NULL), SSL_SUCCESS);
+    ExpectIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS);
+    /* Check old object is being freed. */
     ExpectIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS);
     ASN1_OBJECT_free(obj);
     obj = NULL;
@@ -45668,10 +23046,16 @@ static int test_wolfSSL_certs(void)
     ext = NULL;
 
     ExpectNotNull(ext = X509_EXTENSION_new());
-    X509_EXTENSION_set_critical(ext, 0);
-    ExpectIntEQ(X509_EXTENSION_set_data(ext, NULL), SSL_FAILURE);
-    asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit,
-            NULL);
+    ExpectIntEQ(X509_EXTENSION_set_critical(ext, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_EXTENSION_set_data(ext, NULL),
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
+            NID_key_usage, NULL, NULL));
+    ASN1_STRING_free(asn1_str);
+    asn1_str = NULL;
+    ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
+            NID_key_usage, &crit, NULL));
+    ExpectIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
     ExpectIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
     ASN1_STRING_free(asn1_str); /* X509_EXTENSION_set_data has made a copy
                                  * and X509_get_ext_d2i has created new */
@@ -45680,9 +23064,14 @@ static int test_wolfSSL_certs(void)
     ext = NULL;
 
 #endif
+    BASIC_CONSTRAINTS_free(NULL);
     BASIC_CONSTRAINTS_free(bc);
     bc = NULL;
 
+    ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
+        NID_key_usage, NULL, NULL));
+    ASN1_STRING_free(asn1_str);
+    asn1_str = NULL;
     ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
         NID_key_usage, &crit, NULL));
     ExpectIntEQ(crit, 1);
@@ -45696,6 +23085,11 @@ static int test_wolfSSL_certs(void)
     asn1_str = NULL;
 
 #ifdef OPENSSL_ALL
+    ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
+        NID_ext_key_usage, NULL, NULL));
+    EXTENDED_KEY_USAGE_free(NULL);
+    EXTENDED_KEY_USAGE_free(sk);
+    sk = NULL;
     ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
         NID_ext_key_usage, &crit, NULL));
     ExpectNotNull(ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk));
@@ -45709,6 +23103,11 @@ static int test_wolfSSL_certs(void)
     ExpectNull(sk);
 #endif
 
+    ExpectNotNull(akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
+        NID_authority_key_identifier, NULL, NULL));
+    wolfSSL_AUTHORITY_KEYID_free(NULL);
+    wolfSSL_AUTHORITY_KEYID_free(akey);
+    akey = NULL;
     ExpectNotNull(akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
         NID_authority_key_identifier, &crit, NULL));
 #ifdef OPENSSL_ALL
@@ -45720,6 +23119,21 @@ static int test_wolfSSL_certs(void)
     wolfSSL_AUTHORITY_KEYID_free(akey);
     akey = NULL;
 
+    ExpectNotNull(skid = (WOLFSSL_STACK*)X509_get_ext_d2i(x509ext,
+        NID_subject_key_identifier, NULL, NULL));
+    wolfSSL_sk_ASN1_OBJECT_pop_free(skid, wolfSSL_ASN1_OBJECT_free);
+    skid = NULL;
+    ExpectNotNull(skid = (WOLFSSL_STACK*)X509_get_ext_d2i(x509ext,
+        NID_subject_key_identifier, &crit, NULL));
+#ifdef OPENSSL_ALL
+    ExpectNotNull(ext = X509V3_EXT_i2d(NID_subject_key_identifier, crit,
+        skid));
+    X509_EXTENSION_free(ext);
+    ext = NULL;
+#endif
+    wolfSSL_sk_ASN1_OBJECT_pop_free(skid, wolfSSL_ASN1_OBJECT_free);
+    skid = NULL;
+
     /* NID not yet supported */
     ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
         NID_private_key_usage_period, &crit, NULL));
@@ -45727,6 +23141,10 @@ static int test_wolfSSL_certs(void)
     sk_ASN1_OBJECT_free(sk);
     sk = NULL;
 
+    ExpectNotNull(sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext,
+        NID_subject_alt_name, NULL, NULL));
+    sk_GENERAL_NAME_free(sk);
+    sk = NULL;
     ExpectNotNull(sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext,
         NID_subject_alt_name, &crit, NULL));
     {
@@ -45861,7 +23279,7 @@ static int test_wolfSSL_X509_check_private_key(void)
 static int test_wolfSSL_private_keys(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \
    !defined(NO_FILESYSTEM)
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
     WOLFSSL*     ssl = NULL;
@@ -45882,7 +23300,7 @@ static int test_wolfSSL_private_keys(void)
     /* Have to load a cert before you can check the private key against that
      * certificates public key! */
     #if !defined(NO_CHECK_PRIVATE_KEY)
-    ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     #endif
     ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
         WOLFSSL_FILETYPE_PEM));
@@ -45897,11 +23315,11 @@ static int test_wolfSSL_private_keys(void)
 
     /* Invalid parameters. */
     ExpectIntEQ(SSL_use_PrivateKey_file(NULL, NULL, WOLFSSL_FILETYPE_PEM),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(SSL_use_PrivateKey_file(NULL, svrKeyFile, WOLFSSL_FILETYPE_PEM),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(SSL_use_PrivateKey_file(ssl, NULL, WOLFSSL_FILETYPE_PEM),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifdef USE_CERT_BUFFERS_2048
     {
@@ -45910,18 +23328,18 @@ static int test_wolfSSL_private_keys(void)
     word32 bufSz;
 
     /* Invalid parameters. */
-    ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL, NULL, 0), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL,
-        (unsigned char*)client_key_der_2048, 0), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, NULL, 0), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, NULL, 0), WOLFSSL_FAILURE);
+        (unsigned char*)client_key_der_2048, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, (unsigned char*)server_key, 0),
-        WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, NULL, 0), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, NULL, 0), WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, (unsigned char*)server_key,
-        0), WOLFSSL_FAILURE);
+        0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
                 (unsigned char*)client_key_der_2048,
@@ -45959,11 +23377,11 @@ static int test_wolfSSL_private_keys(void)
 
     /* Invalid parameters. */
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
-    ExpectIntEQ(SSL_use_PrivateKey(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_use_PrivateKey(ssl, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_use_PrivateKey(NULL, pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_use_PrivateKey(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_use_PrivateKey(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* pkey is empty - no key data to use. */
-    ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), ASN_PARSE_E);
+    ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WC_NO_ERR_TRACE(ASN_PARSE_E));
     wolfSSL_EVP_PKEY_free(pkey);
     pkey = NULL;
 
@@ -46058,7 +23476,11 @@ static int test_wolfSSL_private_keys(void)
     ExpectNotNull(ssl = SSL_new(ctx));
 
     #if !defined(NO_CHECK_PRIVATE_KEY)
+    #ifdef HAVE_ED25519_MAKE_KEY
     ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
+    #else
+    ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
+    #endif
     #endif
 
     SSL_free(ssl);
@@ -46380,9 +23802,9 @@ static int test_wolfSSL_PEM_PrivateKey_rsa(void)
     XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));
 
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
-    ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
+    ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
-    ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE);
+    ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key,
         (long)sizeof_server_key_der_2048));
@@ -46391,17 +23813,17 @@ static int test_wolfSSL_PEM_PrivateKey_rsa(void)
     ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key,
         (long)sizeof_server_key_der_2048));
     ExpectIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_bio_PrivateKey(bio,  NULL, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_bio_PrivateKey(bio,  pkey, NULL, NULL, 0, NULL, NULL),
         WOLFSSL_SUCCESS);
     ExpectIntGT(BIO_pending(bio), 0);
     ExpectIntEQ(BIO_pending(bio), 1679);
     /* Check if the pubkey API writes only the public key */
 #ifdef WOLFSSL_KEY_GEN
-    ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS);
     ExpectIntGT(BIO_pending(pub_bio), 0);
     /* Previously both the private key and the pubkey calls would write
@@ -46598,13 +24020,22 @@ static int test_wolfSSL_PEM_PrivateKey_dsa(void)
 
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
 #if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
+#ifdef WOLFSSL_ASN_TEMPLATE
     ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
-        NULL), 0);
+        NULL), 1216);
+#else
+    ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
+        NULL), 1212);
+#endif
 #endif
 
 #ifdef WOLFSSL_KEY_GEN
     ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1);
-    ExpectIntEQ(BIO_pending(bio), 1178);
+#ifdef WOLFSSL_ASN_TEMPLATE
+    ExpectIntEQ(BIO_pending(bio), 2394);
+#else
+    ExpectIntEQ(BIO_pending(bio), 2390);
+#endif
     BIO_reset(bio);
 #endif
 
@@ -46633,6 +24064,7 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void)
      (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
     BIO*      bio = NULL;
     EVP_PKEY* pkey  = NULL;
+    int       expectedBytes = 0;
 
     ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb"));
     /* Private DH EVP_PKEY */
@@ -46644,8 +24076,9 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void)
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
 
 #if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
+    expectedBytes += 806;
     ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
-        NULL), 0);
+        NULL), expectedBytes);
 #endif
 #ifdef WOLFSSL_KEY_GEN
     ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0);
@@ -46653,7 +24086,8 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void)
 
     ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
         1);
-    ExpectIntEQ(BIO_pending(bio), 806);
+    expectedBytes += 806;
+    ExpectIntEQ(BIO_pending(bio), expectedBytes);
 
     BIO_free(bio);
     bio = NULL;
@@ -46668,7 +24102,7 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void)
 static int test_wolfSSL_PEM_PrivateKey(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048)
 #ifndef NO_BIO
     BIO*      bio = NULL;
@@ -46695,7 +24129,7 @@ static int test_wolfSSL_PEM_PrivateKey(void)
         NULL), 0);
 #endif
 #ifdef WOLFSSL_KEY_GEN
-    ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     EVP_PKEY_free(pkey);
     pkey = NULL;
@@ -46722,9 +24156,9 @@ static int test_wolfSSL_PEM_PrivateKey(void)
         #endif
     #else
         #ifndef NO_WOLFSSL_SERVER
-        ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
+        ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method()));
         #else
-        ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
+        ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_client_method()));
         #endif
     #endif
 
@@ -46829,12 +24263,12 @@ static int test_wolfSSL_PEM_file_RSAKey(void)
         XFCLOSE(fp);
     ExpectIntEQ(RSA_size(rsa), 256);
 
-    ExpectIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_RSAPublicKey(stderr, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_RSAPublicKey(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_RSAPublicKey(stderr, rsa), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, rsa), WOLFSSL_SUCCESS);
 
     RSA_free(rsa);
@@ -46853,7 +24287,7 @@ static int test_wolfSSL_PEM_file_RSAPrivateKey(void)
     RSA* rsa = NULL;
     XFILE f = NULL;
 
-    ExpectTrue((f = XFOPEN(svrKeyFile, "r")) != XBADFILE);
+    ExpectTrue((f = XFOPEN(svrKeyFile, "rb")) != XBADFILE);
     ExpectNotNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL)));
     ExpectIntEQ(RSA_size(rsa), 256);
     if (f != XBADFILE) {
@@ -46862,16 +24296,16 @@ static int test_wolfSSL_PEM_file_RSAPrivateKey(void)
     }
 
     ExpectIntEQ(PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL),
         WOLFSSL_SUCCESS);
 
     RSA_free(rsa);
 
 #ifdef HAVE_ECC
-    ExpectTrue((f = XFOPEN(eccKeyFile, "r")) != XBADFILE);
+    ExpectTrue((f = XFOPEN(eccKeyFile, "rb")) != XBADFILE);
     ExpectNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL)));
     if (f != XBADFILE)
         XFCLOSE(f);
@@ -46918,7 +24352,7 @@ static int test_wolfSSL_PEM_bio_RSAKey(void)
     ExpectNotNull(rsa);
     ExpectIntEQ(RSA_size(rsa), 256);
     ExpectIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
-                                            NULL), WOLFSSL_FAILURE);
+                                            NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
@@ -46934,7 +24368,7 @@ static int test_wolfSSL_PEM_bio_RSAKey(void)
     ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL)));
     ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
     ExpectIntEQ(RSA_size(rsa), 256);
-    ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
@@ -47029,7 +24463,7 @@ static int test_wolfSSL_PEM_bio_DSAKey(void)
     ExpectNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
     ExpectIntEQ(BN_num_bytes(dsa->g), 128);
     ExpectIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
@@ -47045,7 +24479,7 @@ static int test_wolfSSL_PEM_bio_DSAKey(void)
     ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL)));
     ExpectNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
     ExpectIntEQ(BN_num_bytes(dsa->g), 128);
-    ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
@@ -47099,11 +24533,11 @@ static int test_wolfSSL_PEM_bio_ECKey(void)
     ExpectIntEQ(ec == ec2, 1);
     ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
     ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, NULL, NULL, NULL, 0, NULL,
-        NULL), WOLFSSL_FAILURE);
+        NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, ec, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     /* Public key data - fail. */
@@ -47118,11 +24552,11 @@ static int test_wolfSSL_PEM_bio_ECKey(void)
     bio = NULL;
 
     ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, NULL, NULL, NULL, 0, NULL,
-        NULL),WOLFSSL_FAILURE);
+        NULL),WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_ECPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, ec, NULL, NULL, 0, NULL, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_ECPrivateKey(stderr, ec, NULL, NULL, 0, NULL, NULL),
         WOLFSSL_SUCCESS);
 
@@ -47157,7 +24591,7 @@ static int test_wolfSSL_PEM_bio_ECKey(void)
     ExpectNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, &ec2, NULL, NULL)));
     ExpectIntEQ(ec == ec2, 1);
     ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
-    ExpectIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio);
     bio = NULL;
     /* Test 0x30, 0x00 fails. */
@@ -47178,9 +24612,9 @@ static int test_wolfSSL_PEM_bio_ECKey(void)
     bio = NULL;
 
     /* Same test as above, but with a file pointer rather than a BIO. */
-    ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, ec), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, ec), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, ec), WOLFSSL_SUCCESS);
 
     EC_KEY_free(ec);
@@ -47336,8 +24770,9 @@ static int test_wolfSSL_tmp_dh(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+    !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO) && \
+    !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     byte buff[6000];
     static const unsigned char p[] = {
         0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba,
@@ -47478,46 +24913,46 @@ static int test_wolfSSL_tmp_dh(void)
 
     /* Failure cases */
     ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, NULL, 0, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , NULL, 0, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, p   , 0, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, NULL, 0, g   , 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , p  , 0, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , NULL, 0, g   , 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, p   , 0, g   , 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , p   , 1, g   , 1),
-        DH_KEY_SIZE_E);
+        WC_NO_ERR_TRACE(DH_KEY_SIZE_E));
     ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , buff, 6000, g   , 1),
-        DH_KEY_SIZE_E);
+        WC_NO_ERR_TRACE(DH_KEY_SIZE_E));
 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
     !defined(HAVE_SELFTEST)
     ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx, bad_p, pSz, g, gSz),
-        DH_CHECK_PUB_E);
+        WC_NO_ERR_TRACE(DH_CHECK_PUB_E));
 #endif
     ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, NULL, 0, NULL, 0),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , NULL, 0, NULL, 0),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, p   , 0, NULL, 0),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, NULL, 0, g   , 0),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , p  , 0, NULL, 0),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , NULL, 0, g   , 0),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, p   , 0, g   , 0),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , p   , 1, g   , 1),
-        DH_KEY_SIZE_E);
+        WC_NO_ERR_TRACE(DH_KEY_SIZE_E));
     ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , buff, 6000, g   , 1),
-        DH_KEY_SIZE_E);
+        WC_NO_ERR_TRACE(DH_KEY_SIZE_E));
 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
     !defined(HAVE_SELFTEST)
 #ifndef NO_WOLFSSL_SERVER
@@ -47528,18 +24963,18 @@ static int test_wolfSSL_tmp_dh(void)
 #endif
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl_c, p, pSz, g, gSz),
-        SIDE_ERROR);
+        WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
-    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , NULL), BAD_FUNC_ARG);
-    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, dh  ), BAD_FUNC_ARG);
-    ExpectIntEQ((int)SSL_set_tmp_dh(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ((int)SSL_set_tmp_dh(ssl , NULL), BAD_FUNC_ARG);
-    ExpectIntEQ((int)SSL_set_tmp_dh(NULL, dh  ), BAD_FUNC_ARG);
+    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, dh  ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_set_tmp_dh(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_set_tmp_dh(ssl , NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ((int)SSL_set_tmp_dh(NULL, dh  ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* No p/g to use. */
     dh2 = wolfSSL_DH_new();
-    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , dh2 ), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ((int)SSL_set_tmp_dh(ssl , dh2 ), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , dh2 ), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ((int)SSL_set_tmp_dh(ssl , dh2 ), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     DH_free(dh2);
     dh2 = NULL;
 
@@ -47549,7 +24984,7 @@ static int test_wolfSSL_tmp_dh(void)
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR);
+    ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 
     BIO_free(bio);
@@ -47570,7 +25005,6 @@ static int test_wolfSSL_tmp_dh(void)
     }
 #endif
     SSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif
     return EXPECT_RESULT();
 }
@@ -47727,21 +25161,21 @@ static int test_wolfSSL_EVP_Digest_all(void)
         "SHA512",
 #endif
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-        "SHA512_224",
+        "SHA512-224",
 #endif
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-        "SHA512_256",
+        "SHA512-256",
 #endif
 #ifdef WOLFSSL_SHA3
 #ifndef WOLFSSL_NOSHA3_224
-        "SHA3_224",
+        "SHA3-224",
 #endif
 #ifndef WOLFSSL_NOSHA3_256
-        "SHA3_256",
+        "SHA3-256",
 #endif
-        "SHA3_384",
+        "SHA3-384",
 #ifndef WOLFSSL_NOSHA3_512
-        "SHA3_512",
+        "SHA3-512",
 #endif
 #endif /* WOLFSSL_SHA3 */
         NULL
@@ -47771,7 +25205,7 @@ static int test_wolfSSL_EVP_MD_size(void)
 #ifndef WOLFSSL_NOSHA3_224
     wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_224"), 1);
+    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-224"), 1);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
@@ -47779,21 +25213,21 @@ static int test_wolfSSL_EVP_MD_size(void)
 #ifndef WOLFSSL_NOSHA3_256
     wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_256"), 1);
+    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-256"), 1);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
 #endif
     wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_384"), 1);
+    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-384"), 1);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
 #ifndef WOLFSSL_NOSHA3_512
     wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_512"), 1);
+    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-512"), 1);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE);
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
@@ -47896,10 +25330,9 @@ static int test_wolfSSL_EVP_MD_size(void)
     /* error case */
     wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), 0);
+    ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), 0);
+    ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), 0);
     /* Cleanup is valid on uninit'ed struct */
     ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
 #endif /* OPENSSL_EXTRA */
@@ -48335,7 +25768,7 @@ static int test_wolfSSL_EVP_MD_ecc_signing(void)
 static int test_wolfSSL_CTX_add_extra_chain_cert(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO)
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
     char caFile[] = "./certs/client-ca.pem";
@@ -48358,15 +25791,15 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void)
         WOLFSSL_FILETYPE_PEM));
 
     /* Negative tests. */
-    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, x509), WOLFSSL_FAILURE);
+    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
 
     ExpectNotNull(x509 = wolfSSL_X509_new());
     /* Empty certificate. */
-    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_FAILURE);
+    ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     wolfSSL_X509_free(x509);
     x509 = NULL;
 
@@ -48551,6 +25984,7 @@ static int test_wolfSSL_X509_Name_canon(void)
 
     /* When output buffer is NULL, should return necessary output buffer
      * length.*/
+    ExpectIntEQ(wolfSSL_i2d_X509_NAME_canon(NULL, NULL), BAD_FUNC_ARG);
     ExpectIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0);
     ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
     ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
@@ -48619,7 +26053,13 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void)
     ExpectNotNull((str = wolfSSL_X509_STORE_new()));
     ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
     ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "",
-                                    SSL_FILETYPE_PEM,NULL), 0);
+                                    SSL_FILETYPE_PEM, NULL), 0);
+    ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_STORE, "",
+        SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED);
+    ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_LOAD_STORE, "",
+        SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED);
+    ExpectIntEQ(X509_LOOKUP_ctrl(lookup, 0, "",
+        SSL_FILETYPE_PEM, NULL), WOLFSSL_FAILURE);
 
     /* free store */
     X509_STORE_free(str);
@@ -48708,6 +26148,14 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
     ExpectNotNull(ctx = X509_STORE_CTX_new());
     ExpectNotNull((str = wolfSSL_X509_STORE_new()));
     ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
+    ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, NULL,
+        WOLFSSL_FILETYPE_PEM), 0);
+    ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(lookup, NULL,
+        WOLFSSL_FILETYPE_PEM), 0);
+    ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, caCertFile,
+        WOLFSSL_FILETYPE_PEM), 0);
+    ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, der       ,
+        WOLFSSL_FILETYPE_PEM), 0);
     ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
                                     SSL_FILETYPE_PEM,NULL), 1);
     ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
@@ -48726,8 +26174,12 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
 
     ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL));
     issuer = X509_STORE_CTX_get0_current_issuer(ctx);
-    ExpectNotNull(issuer);
+    ExpectNull(issuer);
 
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+
+    issuer = X509_STORE_CTX_get0_current_issuer(ctx);
+    ExpectNotNull(issuer);
     caName = X509_get_subject_name(x509Ca);
     ExpectNotNull(caName);
     issuerName = X509_get_subject_name(issuer);
@@ -48736,7 +26188,6 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
     ExpectIntEQ(cmp, 0);
 
     /* load der format */
-    X509_free(issuer);
     issuer = NULL;
     X509_STORE_CTX_free(ctx);
     ctx = NULL;
@@ -48792,7 +26243,7 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
         /* since store knows crl list */
         ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm,
                     "certs/server-revoked-cert.pem",
-                    WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
+                    WOLFSSL_FILETYPE_PEM ), WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
     }
 
     ExpectIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0);
@@ -48814,7 +26265,7 @@ static int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void)
     return res;
 }
 
-static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
+static int test_wolfSSL_X509_STORE_CTX_get_issuer(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
@@ -48836,16 +26287,23 @@ static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
 
     ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
 
+    /* Issuer0 is not set until chain is built for verification */
     ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL));
-    ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx));
+    ExpectNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx));
 
+    /* Issuer1 will use the store to make a new issuer */
+    ExpectIntEQ(X509_STORE_CTX_get1_issuer(&issuer, ctx, x509Svr), 1);
+    ExpectNotNull(issuer);
+    X509_free(issuer);
+
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx));
     ExpectNotNull(caName = X509_get_subject_name(x509Ca));
     ExpectNotNull(issuerName = X509_get_subject_name(issuer));
 #ifdef WOLFSSL_SIGNER_DER_CERT
     ExpectIntEQ(X509_NAME_cmp(caName, issuerName), 0);
 #endif
 
-    X509_free(issuer);
     X509_STORE_CTX_free(ctx);
     X509_free(x509Svr);
     X509_STORE_free(str);
@@ -48887,7 +26345,7 @@ static int test_wolfSSL_PKCS7_certs(void)
         while (EXPECT_SUCCESS() && (sk_X509_INFO_num(info_sk) > 0)) {
             X509_INFO* info = NULL;
             ExpectNotNull(info = sk_X509_INFO_shift(info_sk));
-            ExpectIntEQ(sk_X509_push(sk, info->x509), 1);
+            ExpectIntGT(sk_X509_push(sk, info->x509), 0);
             if (EXPECT_SUCCESS() && (info != NULL)) {
                 info->x509 = NULL;
             }
@@ -48992,11 +26450,9 @@ static int test_wolfSSL_X509_STORE_CTX(void)
     ExpectNotNull((ctx = X509_STORE_CTX_new()));
     ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1);
     ExpectNull((sk2 = X509_STORE_CTX_get_chain(NULL)));
-    ExpectNotNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
-    ExpectIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */
+    ExpectNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
     ExpectNull((sk3 = X509_STORE_CTX_get1_chain(NULL)));
-    ExpectNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
-    ExpectIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */
+    ExpectNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
     X509_STORE_CTX_free(ctx);
     ctx = NULL;
     X509_STORE_free(str);
@@ -49026,7 +26482,7 @@ static int test_wolfSSL_X509_STORE_CTX(void)
         }
     #else
         ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
         ExpectNull(tmpDataRet);
     #endif
@@ -49049,7 +26505,7 @@ static int test_wolfSSL_X509_STORE_CTX(void)
         }
     #else
         ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
         ExpectNull(tmpDataRet);
     #endif
@@ -49063,6 +26519,424 @@ static int test_wolfSSL_X509_STORE_CTX(void)
     return EXPECT_RESULT();
 }
 
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+
+typedef struct {
+    const char *caFile;
+    const char *caIntFile;
+    const char *caInt2File;
+    const char *leafFile;
+    X509 *x509Ca;
+    X509 *x509CaInt;
+    X509 *x509CaInt2;
+    X509 *x509Leaf;
+    STACK_OF(X509)* expectedChain;
+} X509_STORE_test_data;
+
+static X509 * test_wolfSSL_X509_STORE_CTX_ex_helper(const char *file)
+{
+    XFILE fp = XBADFILE;
+    X509 *x = NULL;
+
+    fp = XFOPEN(file, "rb");
+    if (fp == NULL) {
+        return NULL;
+    }
+    x = PEM_read_X509(fp, 0, 0, 0);
+    XFCLOSE(fp);
+
+    return x;
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex1(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 1, add X509 certs to store and verify */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex2(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 2, add certs by filename to store and verify */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caFile, NULL), 1);
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caIntFile, NULL), 1);
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caInt2File, NULL), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex3(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 3, mix and match X509 with files */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caFile, NULL), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex4(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    STACK_OF(X509)* inter = NULL;
+    int i = 0;
+
+    /* Test case 4, CA loaded by file, intermediates passed on init */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_load_locations(
+        store, testData->caFile, NULL), 1);
+    ExpectNotNull(inter = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    sk_X509_free(inter);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex5(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    STACK_OF(X509)* trusted = NULL;
+    int i = 0;
+
+    /* Test case 5, manually set trusted stack */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(trusted = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1);
+    ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    X509_STORE_CTX_trusted_stack(ctx, trusted);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    sk_X509_free(trusted);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex6(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    STACK_OF(X509)* trusted = NULL;
+    STACK_OF(X509)* inter = NULL;
+    int i = 0;
+
+    /* Test case 6, manually set trusted stack will be unified with
+     * any intermediates provided on init */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(trusted = sk_X509_new_null());
+    ExpectNotNull(inter = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1);
+    ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1);
+    X509_STORE_CTX_trusted_stack(ctx, trusted);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    sk_X509_free(trusted);
+    sk_X509_free(inter);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex7(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 7, certs added to store after ctx init are still used */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex8(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    int i = 0;
+
+    /* Test case 8, Only full chain verifies */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
+                             sk_X509_value(testData->expectedChain, i)), 0);
+    }
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex9(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    X509_STORE_CTX* ctx2 = NULL;
+    STACK_OF(X509)* trusted = NULL;
+
+    /* Test case 9, certs added to store should not be reflected in ctx that
+     * has been manually set with a trusted stack, but are reflected in ctx
+     * that has not set trusted stack */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectNotNull(ctx2 = X509_STORE_CTX_new());
+    ExpectNotNull(trusted = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1);
+    ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1);
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    ExpectIntEQ(X509_STORE_CTX_init(ctx2, store, testData->x509Leaf, NULL), 1);
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntNE(X509_verify_cert(ctx2), 1);
+    X509_STORE_CTX_trusted_stack(ctx, trusted);
+    /* CTX1 should now verify */
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectIntNE(X509_verify_cert(ctx2), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    /* CTX2 should now verify */
+    ExpectIntEQ(X509_verify_cert(ctx2), 1);
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_CTX_free(ctx2);
+    X509_STORE_free(store);
+    sk_X509_free(trusted);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex10(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+
+    /* Test case 10, ensure partial chain flag works */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    /* Fails because chain is incomplete */
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1);
+    /* Partial chain now OK */
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_STORE_CTX_ex11(X509_STORE_test_data *testData)
+{
+    EXPECT_DECLS;
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+
+    /* Test case 11, test partial chain flag on ctx itself */
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
+    ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
+    /* Fails because chain is incomplete */
+    ExpectIntNE(X509_verify_cert(ctx), 1);
+    X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_PARTIAL_CHAIN);
+    /* Partial chain now OK */
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_wolfSSL_X509_STORE_CTX_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    X509_STORE_test_data testData;
+    XMEMSET((void *)&testData, 0, sizeof(X509_STORE_test_data));
+    testData.caFile =     "./certs/ca-cert.pem";
+    testData.caIntFile =  "./certs/intermediate/ca-int-cert.pem";
+    testData.caInt2File = "./certs/intermediate/ca-int2-cert.pem";
+    testData.leafFile =   "./certs/intermediate/server-chain.pem";
+
+    ExpectNotNull(testData.x509Ca = \
+                  test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caFile));
+    ExpectNotNull(testData.x509CaInt = \
+                  test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caIntFile));
+    ExpectNotNull(testData.x509CaInt2 = \
+                  test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caInt2File));
+    ExpectNotNull(testData.x509Leaf = \
+                  test_wolfSSL_X509_STORE_CTX_ex_helper(testData.leafFile));
+    ExpectNotNull(testData.expectedChain = sk_X509_new_null());
+    ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Leaf), 1);
+    ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt2), 1);
+    ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt), 1);
+    ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Ca), 1);
+
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex1(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex2(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex3(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex4(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex5(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex6(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex7(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex8(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex10(&testData), 1);
+    ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex11(&testData), 1);
+
+    if(testData.x509Ca) {
+        X509_free(testData.x509Ca);
+    }
+    if(testData.x509CaInt) {
+        X509_free(testData.x509CaInt);
+    }
+    if(testData.x509CaInt2) {
+        X509_free(testData.x509CaInt2);
+    }
+    if(testData.x509Leaf) {
+        X509_free(testData.x509Leaf);
+    }
+    if (testData.expectedChain) {
+        sk_X509_free(testData.expectedChain);
+    }
+
+#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+        * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
+
+    return EXPECT_RESULT();
+}
+
+
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
 static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename,
         STACK_OF(X509)* chain)
@@ -49078,13 +26952,82 @@ static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename,
         XFCLOSE(fp);
         fp = XBADFILE;
     }
-    ExpectIntEQ(sk_X509_push(chain, cert), 1);
+    ExpectIntGT(sk_X509_push(chain, cert), 0);
     if (EXPECT_FAIL())
         X509_free(cert);
 
     return EXPECT_RESULT();
 }
 
+#if defined(OPENSSL_ALL)
+
+static int last_errcode;
+static int last_errdepth;
+
+static int X509Callback(int ok, X509_STORE_CTX *ctx)
+{
+
+    if (!ok) {
+        last_errcode  = X509_STORE_CTX_get_error(ctx);
+        last_errdepth = X509_STORE_CTX_get_error_depth(ctx);
+    }
+    /* Always return OK to allow verification to continue.*/
+    return 1;
+}
+
+static int test_X509_STORE_InvalidCa(void)
+{
+    EXPECT_DECLS;
+    const char* filename = "./certs/intermediate/ca_false_intermediate/"
+                                                    "test_int_not_cacert.pem";
+    const char* srvfile = "./certs/intermediate/ca_false_intermediate/"
+                                            "test_sign_bynoca_srv.pem";
+    X509_STORE_CTX* ctx = NULL;
+    X509_STORE* str = NULL;
+    XFILE fp = XBADFILE;
+    X509* cert = NULL;
+    STACK_OF(X509)* untrusted = NULL;
+
+    last_errcode = 0;
+    last_errdepth = 0;
+
+    ExpectTrue((fp = XFOPEN(srvfile, "rb"))
+            != XBADFILE);
+    ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+
+    ExpectNotNull(str = X509_STORE_new());
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectNotNull(untrusted = sk_X509_new_null());
+
+    /* create cert chain stack */
+    ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(filename,
+                untrusted), TEST_SUCCESS);
+
+    X509_STORE_set_verify_cb(str, X509Callback);
+
+    ExpectIntEQ(X509_STORE_load_locations(str,
+                "./certs/intermediate/ca_false_intermediate/test_ca.pem",
+                                                                    NULL), 1);
+
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectIntEQ(last_errcode, X509_V_ERR_INVALID_CA);
+
+    X509_free(cert);
+    X509_STORE_free(str);
+    X509_STORE_CTX_free(ctx);
+    sk_X509_pop_free(untrusted, NULL);
+
+    return EXPECT_RESULT();
+}
+#endif /* OPENSSL_ALL */
+
+
+
 static int test_X509_STORE_untrusted_certs(const char** filenames, int ret,
         int err, int loadCA)
 {
@@ -49165,9 +27108,15 @@ static int test_X509_STORE_untrusted(void)
     /* Succeeds because path to loaded CA is available. */
     ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1),
             TEST_SUCCESS);
-    /* Fails because root CA is in the untrusted stack */
+    /* Root CA in untrusted chain is OK so long as CA has been loaded
+     * properly */
+    ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1),
+            TEST_SUCCESS);
+    /* Still needs properly loaded CA, while including it in untrusted
+     * list is not an error, it also doesn't count for verify */
     ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0,
-            X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), TEST_SUCCESS);
+                X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0),
+            TEST_SUCCESS);
     /* Succeeds because path to loaded CA is available. */
     ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1),
             TEST_SUCCESS);
@@ -49193,7 +27142,7 @@ static int test_wolfSSL_X509_STORE_set_flags(void)
         WOLFSSL_SUCCESS);
 #else
     ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
-        NOT_COMPILED_IN);
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 
     wolfSSL_X509_free(x509);
@@ -49223,7 +27172,7 @@ static int test_wolfSSL_X509_LOOKUP_load_file(void)
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile,
             WOLFSSL_FILETYPE_PEM), 1);
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
-            WOLFSSL_FILETYPE_PEM), ASN_NO_SIGNER_E);
+            WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
     }
     ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
         X509_FILETYPE_PEM), 1);
@@ -49260,7 +27209,8 @@ static int test_wolfSSL_CTX_get0_set1_param(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     SSL_CTX* ctx = NULL;
     WOLFSSL_X509_VERIFY_PARAM* pParam = NULL;
     WOLFSSL_X509_VERIFY_PARAM* pvpm = NULL;
@@ -49308,8 +27258,8 @@ static int test_wolfSSL_CTX_get0_set1_param(void)
 static int test_wolfSSL_get0_param(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     SSL_CTX* ctx = NULL;
     SSL*     ssl = NULL;
 
@@ -49327,8 +27277,7 @@ static int test_wolfSSL_get0_param(void)
 
     SSL_free(ssl);
     SSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
-#endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
+#endif
     return EXPECT_RESULT();
 }
 
@@ -49344,6 +27293,9 @@ static int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
     if (pParam != NULL) {
         XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
 
+        ExpectIntEQ(X509_VERIFY_PARAM_set1_host(NULL, host, sizeof(host)),
+            WOLFSSL_FAILURE);
+
         X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host));
 
         ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
@@ -49361,8 +27313,8 @@ static int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
 static int test_wolfSSL_set1_host(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     const char host[] = "www.test_wolfSSL_set1_host.com";
     const char emptyStr[] = "";
     SSL_CTX*   ctx = NULL;
@@ -49399,8 +27351,7 @@ static int test_wolfSSL_set1_host(void)
 
     SSL_free(ssl);
     SSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
-#endif /* OPENSSL_EXTRA */
+#endif
     return EXPECT_RESULT();
 }
 
@@ -49413,6 +27364,21 @@ static int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void)
 
     ExpectNotNull(param = X509_VERIFY_PARAM_new());
 
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 4), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, buf, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 4), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 4), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 0), WOLFSSL_FAILURE);
+
+    ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 0), WOLFSSL_SUCCESS);
+
     /* test 127.0.0.1 */
     buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1;
     ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS);
@@ -49493,11 +27459,76 @@ static int test_wolfSSL_X509_STORE_CTX_get0_store(void)
     return EXPECT_RESULT();
 }
 
+#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
+    !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_ECC) && !defined(NO_TLS) && \
+    defined(HAVE_AESGCM)
+static int test_wolfSSL_get_client_ciphers_ctx_ready(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-GCM-SHA256"));
+    return EXPECT_RESULT();
+}
+
+
+static int test_wolfSSL_get_client_ciphers_on_result(WOLFSSL* ssl) {
+    EXPECT_DECLS;
+    WOLF_STACK_OF(WOLFSSL_CIPHER)* ciphers;
+
+    ciphers = SSL_get_client_ciphers(ssl);
+    if (wolfSSL_is_server(ssl) == 0) {
+        ExpectNull(ciphers);
+    }
+    else {
+        WOLFSSL_CIPHER* current;
+
+        /* client should have only sent over one cipher suite */
+        ExpectNotNull(ciphers);
+        ExpectIntEQ(sk_SSL_CIPHER_num(ciphers), 1);
+        current = sk_SSL_CIPHER_value(ciphers, 0);
+        ExpectNotNull(current);
+    #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
+        !defined(WOLFSSL_QT)
+        ExpectStrEQ("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+            SSL_CIPHER_get_name(current));
+    #else
+        ExpectStrEQ("ECDHE-RSA-AES128-GCM-SHA256",
+            SSL_CIPHER_get_name(current));
+    #endif
+    }
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_wolfSSL_get_client_ciphers(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
+    !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_ECC) && !defined(NO_TLS) && \
+    defined(HAVE_AESGCM)
+    test_ssl_cbf server_cb;
+    test_ssl_cbf client_cb;
+
+    XMEMSET(&client_cb, 0, sizeof(test_ssl_cbf));
+    XMEMSET(&server_cb, 0, sizeof(test_ssl_cbf));
+    client_cb.method = wolfTLSv1_2_client_method;
+    server_cb.method = wolfTLSv1_2_server_method;
+    client_cb.devId = testDevId;
+    server_cb.devId = testDevId;
+    client_cb.ctx_ready = test_wolfSSL_get_client_ciphers_ctx_ready;
+    client_cb.on_result = test_wolfSSL_get_client_ciphers_on_result;
+    server_cb.on_result = test_wolfSSL_get_client_ciphers_on_result;
+
+    ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb,
+        &server_cb, NULL), TEST_SUCCESS);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_CTX_set_client_CA_list(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
-    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO)
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO) && !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
     X509_NAME* name = NULL;
@@ -49513,7 +27544,7 @@ static int test_wolfSSL_CTX_set_client_CA_list(void)
     ca_list = SSL_load_client_CA_file(caCertFile);
     ExpectNotNull(ca_list);
     ExpectNotNull(name = sk_X509_NAME_value(ca_list, 0));
-    ExpectIntEQ(sk_X509_NAME_push(names, name), 1);
+    ExpectIntEQ(sk_X509_NAME_push(names, name), 2);
     if (EXPECT_FAIL()) {
         wolfSSL_X509_NAME_free(name);
         name = NULL;
@@ -49525,6 +27556,8 @@ static int test_wolfSSL_CTX_set_client_CA_list(void)
     ExpectNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
     ExpectIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
 
+    ExpectIntEQ(sk_X509_NAME_find(NULL, name), BAD_FUNC_ARG);
+    ExpectIntEQ(sk_X509_NAME_find(names, NULL), WOLFSSL_FATAL_ERROR);
     ExpectIntGT((names_len = sk_X509_NAME_num(names)), 0);
     for (i = 0; i < names_len; i++) {
         ExpectNotNull(name = sk_X509_NAME_value(names, i));
@@ -49626,7 +27659,7 @@ static int test_wolfSSL_CTX_add_client_CA(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
-    !defined(NO_WOLFSSL_CLIENT)
+    !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL_X509* x509 = NULL;
     WOLFSSL_X509* x509_a = NULL;
@@ -49705,7 +27738,7 @@ static THREAD_RETURN WOLFSSL_THREAD server_task_ech(void* args)
         if (ret != WOLFSSL_SUCCESS) {
             err = wolfSSL_get_error(ssl, 0);
         }
-    } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
+    } while (ret != WOLFSSL_SUCCESS && err == WC_NO_ERR_TRACE(WC_PENDING_E));
 
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
@@ -49825,7 +27858,7 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void)
         &server_cbf, NULL), TEST_SUCCESS);
 
     /* check if the keylog file exists */
-    ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "r")) != XBADFILE);
+    ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "rb")) != XBADFILE);
     XFFLUSH(fp); /* Just to make sure any buffers get flushed */
 
     XMEMSET(buff, 0, sizeof(buff));
@@ -49890,7 +27923,7 @@ static int test_wolfSSL_Tls13_Key_Logging_test(void)
         int  numfnd = 0;
         int  i;
 
-        ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "r")) != XBADFILE);
+        ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "rb")) != XBADFILE);
 
         while (EXPECT_SUCCESS() &&
                 XFGETS(buff, (int)sizeof(buff), fp) != NULL) {
@@ -49950,6 +27983,26 @@ static int test_wolfSSL_Tls13_ECH_params(void)
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx,
         "ech-public-name.com", 1000, 1000, 1000));
 
+    /* invalid ctx */
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(NULL,
+        (char*)testBuf, sizeof(testBuf)));
+    /* invalid base64 configs */
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx,
+        NULL, sizeof(testBuf)));
+    /* invalid length */
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx,
+        (char*)testBuf, 0));
+
+    /* invalid ctx */
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(NULL,
+        testBuf, sizeof(testBuf)));
+    /* invalid configs */
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(ctx,
+        NULL, sizeof(testBuf)));
+    /* invalid length */
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(ctx,
+        testBuf, 0));
+
     /* invalid ctx */
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(NULL, NULL,
         &outputLen));
@@ -49987,7 +28040,7 @@ static int test_wolfSSL_Tls13_ECH_params(void)
     return EXPECT_RESULT();
 }
 
-static int test_wolfSSL_Tls13_ECH(void)
+static int test_wolfSSL_Tls13_ECH_ex(int hrr)
 {
     EXPECT_DECLS;
     tcp_ready ready;
@@ -50058,8 +28111,14 @@ static int test_wolfSSL_Tls13_ECH(void)
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME,
         privateName, privateNameLen));
 
+    /* force hello retry request */
+    if (hrr)
+        ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_NoKeyShares(ssl));
+
+    /* connect like normal */
     ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
+    ExpectIntEQ(ssl->options.echAccepted, 1);
     ExpectIntEQ(wolfSSL_write(ssl, privateName, privateNameLen),
         privateNameLen);
     ExpectIntGT((replyLen = wolfSSL_read(ssl, reply, sizeof(reply))), 0);
@@ -50078,6 +28137,16 @@ static int test_wolfSSL_Tls13_ECH(void)
 
     return EXPECT_RESULT();
 }
+
+static int test_wolfSSL_Tls13_ECH(void)
+{
+    return test_wolfSSL_Tls13_ECH_ex(0);
+}
+
+static int test_wolfSSL_Tls13_ECH_HRR(void)
+{
+    return test_wolfSSL_Tls13_ECH_ex(1);
+}
 #endif /* HAVE_ECH && WOLFSSL_TLS13 */
 
 #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
@@ -50098,14 +28167,16 @@ static int post_auth_version_client_cb(WOLFSSL* ssl)
     /* do handshake and then test version error */
     ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
     ExpectStrEQ("TLSv1.2", wolfSSL_get_version(ssl));
-    ExpectIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_verify_client_post_handshake(ssl), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #if defined(OPENSSL_ALL) && !defined(NO_ERROR_QUEUE)
     /* check was added to error queue */
-    ExpectIntEQ(wolfSSL_ERR_get_error(), -UNSUPPORTED_PROTO_VERSION);
+    ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(UNSUPPORTED_PROTO_VERSION));
 
     /* check the string matches expected string */
-    ExpectStrEQ(wolfSSL_ERR_error_string(-UNSUPPORTED_PROTO_VERSION, NULL),
+    #ifndef NO_ERROR_STRINGS
+    ExpectStrEQ(wolfSSL_ERR_error_string(-WC_NO_ERR_TRACE(UNSUPPORTED_PROTO_VERSION), NULL),
             "WRONG_SSL_VERSION");
+    #endif
 #endif
     return EXPECT_RESULT();
 }
@@ -50178,7 +28249,7 @@ static int test_wolfSSL_X509_NID(void)
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
     !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
     int   sigType;
-    int   nameSz;
+    int   nameSz = 0;
 
     X509*  cert = NULL;
     EVP_PKEY*  pubKeyTmp = NULL;
@@ -50203,11 +28274,15 @@ static int test_wolfSSL_X509_NID(void)
     ExpectNotNull(pubKeyTmp = X509_get_pubkey(cert));
 
     /* extract signatureType */
+    ExpectIntEQ(wolfSSL_X509_get_signature_type(NULL), 0);
     ExpectIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0);
 
     /* extract subjectName info */
     ExpectNotNull(name = X509_get_subject_name(cert));
     ExpectIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
+    ExpectIntEQ(X509_NAME_get_text_by_NID(NULL, NID_commonName, NULL, 0), -1);
+    ExpectIntEQ(X509_NAME_get_text_by_NID(name, NID_commonName,
+        commonName, -2), 0);
     ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
         NULL, 0)), 0);
     ExpectIntEQ(nameSz, 15);
@@ -50249,8 +28324,9 @@ static int test_wolfSSL_X509_NID(void)
 static int test_wolfSSL_CTX_set_srp_username(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
-    && !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \
+    !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
     const char *username = "TESTUSER";
@@ -50283,7 +28359,8 @@ static int test_wolfSSL_CTX_set_srp_password(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \
-    !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT)
+    !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL_CTX* ctx = NULL;
     const char *username = "TESTUSER";
     const char *password = "TESTPASSWORD";
@@ -50308,7 +28385,7 @@ static int test_wolfSSL_CTX_set_srp_password(void)
 static int test_wolfSSL_X509_STORE(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS)
     X509_STORE *store = NULL;
 
 #ifdef HAVE_CRL
@@ -50428,7 +28505,8 @@ static int test_wolfSSL_X509_STORE_load_locations(void)
 {
     EXPECT_DECLS;
 #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
-    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
+    !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) && \
+    !defined(NO_TLS)
     SSL_CTX *ctx = NULL;
     X509_STORE *store = NULL;
 
@@ -50454,14 +28532,14 @@ static int test_wolfSSL_X509_STORE_load_locations(void)
 
     /* Test bad arguments */
     ExpectIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL),
-        WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL), WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_STORE_load_locations(store, client_der_file, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_STORE_load_locations(store, ecc_file, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_STORE_load_locations(store, NULL, bad_path),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifdef HAVE_CRL
     /* Test with CRL */
@@ -50481,6 +28559,15 @@ static int test_wolfSSL_X509_STORE_load_locations(void)
     ExpectIntEQ(X509_STORE_load_locations(store, NULL, certs_path),
         WOLFSSL_SUCCESS);
 
+#if defined(XGETENV) && !defined(NO_GETENV) && defined(_POSIX_C_SOURCE) && \
+    _POSIX_C_SOURCE >= 200112L
+    ExpectIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS);
+    /* Test with env vars */
+    ExpectIntEQ(setenv("SSL_CERT_FILE", client_pem_file, 1), 0);
+    ExpectIntEQ(setenv("SSL_CERT_DIR", certs_path, 1), 0);
+    ExpectIntEQ(X509_STORE_set_default_paths(store), WOLFSSL_SUCCESS);
+#endif
+
 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
     /* Clear nodes */
     ERR_clear_error();
@@ -50494,13 +28581,17 @@ static int test_wolfSSL_X509_STORE_load_locations(void)
 static int test_X509_STORE_get0_objects(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && \
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_TLS) && \
     !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
     X509_STORE *store = NULL;
     X509_STORE *store_cpy = NULL;
     SSL_CTX *ctx = NULL;
     X509_OBJECT *obj = NULL;
+#ifdef HAVE_CRL
+    X509_OBJECT *objCopy = NULL;
+#endif
     STACK_OF(X509_OBJECT) *objs = NULL;
+    STACK_OF(X509_OBJECT) *objsCopy = NULL;
     int i;
 
     /* Setup store */
@@ -50538,22 +28629,46 @@ static int test_X509_STORE_get0_objects(void)
     ExpectIntEQ(sk_X509_OBJECT_num(objs), 0);
 #endif
 #endif
-    for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
+    ExpectIntEQ(sk_X509_OBJECT_num(NULL), 0);
+    ExpectNull(sk_X509_OBJECT_value(NULL, 0));
+    ExpectNull(sk_X509_OBJECT_value(NULL, 1));
+    ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs)));
+    ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs) + 1));
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(sk_X509_OBJECT_delete(objs, 0));
+#endif
+    ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL));
+    ExpectIntEQ(sk_X509_OBJECT_num(objs), sk_X509_OBJECT_num(objsCopy));
+    for (i = 0; i < sk_X509_OBJECT_num(objs) && EXPECT_SUCCESS(); i++) {
         obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i);
+    #ifdef HAVE_CRL
+        objCopy = (X509_OBJECT*)sk_X509_OBJECT_value(objsCopy, i);
+    #endif
         switch (X509_OBJECT_get_type(obj)) {
         case X509_LU_X509:
         {
-            WOLFSSL_X509* x509;
+            X509* x509 = NULL;
+            X509_NAME *subj_name = NULL;
+            ExpectNull(X509_OBJECT_get0_X509_CRL(NULL));
+            ExpectNull(X509_OBJECT_get0_X509_CRL(obj));
             ExpectNotNull(x509 = X509_OBJECT_get0_X509(obj));
             ExpectIntEQ(X509_STORE_add_cert(store_cpy, x509), WOLFSSL_SUCCESS);
+            ExpectNotNull(subj_name = X509_get_subject_name(x509));
+            ExpectPtrEq(obj, X509_OBJECT_retrieve_by_subject(objs, X509_LU_X509,
+                    subj_name));
+
             break;
         }
         case X509_LU_CRL:
 #ifdef HAVE_CRL
         {
-            WOLFSSL_CRL* crl = NULL;
+            X509_CRL* crl = NULL;
+            ExpectNull(X509_OBJECT_get0_X509(NULL));
+            ExpectNull(X509_OBJECT_get0_X509(obj));
             ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(obj));
             ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS);
+
+            ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(objCopy));
             break;
         }
 #endif
@@ -50567,6 +28682,18 @@ static int test_X509_STORE_get0_objects(void)
 
     X509_STORE_free(store_cpy);
     SSL_CTX_free(ctx);
+
+    wolfSSL_sk_X509_OBJECT_free(NULL);
+    objs = NULL;
+    wolfSSL_sk_pop_free(objsCopy, NULL);
+    objsCopy = NULL;
+    ExpectNotNull(objs = wolfSSL_sk_X509_OBJECT_new());
+    ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(objs, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, obj), WOLFSSL_FAILURE);
+    ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL));
+    wolfSSL_sk_X509_OBJECT_free(objsCopy);
+    wolfSSL_sk_X509_OBJECT_free(objs);
 #endif
     return EXPECT_RESULT();
 }
@@ -50577,17 +28704,16 @@ static int test_wolfSSL_BN_CTX(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
     !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
     WOLFSSL_BN_CTX* bn_ctx = NULL;
-    WOLFSSL_BIGNUM* t = NULL;
 
-    ExpectNotNull(bn_ctx = wolfSSL_BN_CTX_new());
+    ExpectNotNull(bn_ctx = BN_CTX_new());
 
-    /* No implementation. */
-    BN_CTX_init(NULL);
-
-    ExpectNotNull(t = BN_CTX_get(NULL));
-    BN_free(t);
-    ExpectNotNull(t = BN_CTX_get(bn_ctx));
-    BN_free(t);
+    ExpectNull(BN_CTX_get(NULL));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
 
 #ifndef NO_WOLFSSL_STUB
     /* No implementation. */
@@ -50657,7 +28783,7 @@ static int test_wolfSSL_BN(void)
     ExpectIntEQ(BN_set_word(a, 1), SSL_SUCCESS);
     ExpectIntEQ(BN_set_word(b, 5), SSL_SUCCESS);
     ExpectIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS);
-    ExpectIntEQ(BN_is_word(a, 3), SSL_FAILURE);
+    ExpectIntEQ(BN_is_word(a, 3), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(BN_sub(c, a, b), SSL_SUCCESS);
 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
     {
@@ -50751,19 +28877,34 @@ static int test_wolfSSL_BN_init(void)
     ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
 
     /* a^b mod c = */
-    ExpectIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);
 
     /* check result  3^2 mod 5 */
     ExpectIntEQ(BN_get_word(&dv), 4);
 
     /* a*b mod c = */
-    ExpectIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE);
+    ExpectIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);
 
     /* check result  3*2 mod 5 */
     ExpectIntEQ(BN_get_word(&dv), 1);
 
+    {
+        BN_MONT_CTX* montCtx = NULL;
+        ExpectNotNull(montCtx = BN_MONT_CTX_new());
+
+        ExpectIntEQ(BN_MONT_CTX_set(montCtx, &cv, NULL), SSL_SUCCESS);
+        ExpectIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS);
+        ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
+        ExpectIntEQ(BN_mod_exp_mont_word(&dv, 3, &bv, &cv, NULL, NULL),
+                    WOLFSSL_SUCCESS);
+        /* check result  3^2 mod 5 */
+        ExpectIntEQ(BN_get_word(&dv), 4);
+
+        BN_MONT_CTX_free(montCtx);
+    }
+
     BN_free(ap);
 #endif
 #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
@@ -50792,7 +28933,6 @@ static int test_wolfSSL_BN_enc_dec(void)
     XMEMSET(&emptyBN, 0, sizeof(emptyBN));
     ExpectNotNull(a = BN_new());
     ExpectNotNull(b = BN_new());
-    ExpectIntEQ(BN_set_word(a, 2), 1);
 
     /* Invalid parameters */
     ExpectIntEQ(BN_bn2bin(NULL, NULL), -1);
@@ -50804,8 +28944,16 @@ static int test_wolfSSL_BN_enc_dec(void)
     ExpectNull(BN_bn2dec(NULL));
     ExpectNull(BN_bn2dec(&emptyBN));
 
-    ExpectNull(BN_bin2bn(NULL, sizeof(binNum), NULL));
-    ExpectNull(BN_bin2bn(NULL, sizeof(binNum), a));
+    ExpectNotNull(c = BN_bin2bn(NULL, 0, NULL));
+    BN_clear(c);
+    BN_free(c);
+    c = NULL;
+
+    ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a));
+    BN_free(a);
+    a = NULL;
+    ExpectNotNull(a = BN_new());
+    ExpectIntEQ(BN_set_word(a, 2), 1);
     ExpectNull(BN_bin2bn(binNum, -1, a));
     ExpectNull(BN_bin2bn(binNum, -1, NULL));
     ExpectNull(BN_bin2bn(binNum, sizeof(binNum), &emptyBN));
@@ -50945,6 +29093,16 @@ static int test_wolfSSL_BN_word(void)
     ExpectIntEQ(BN_mod_word(a, 0), -1);
 #endif
 
+    ExpectIntEQ(BN_set_word(a, 5), 1);
+    ExpectIntEQ(BN_mul_word(a, 5), 1);
+    /* check result 5 * 5 */
+    ExpectIntEQ(BN_get_word(a), 25);
+#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+    ExpectIntEQ(BN_div_word(a, 5), 1);
+    /* check result 25 / 5 */
+    ExpectIntEQ(BN_get_word(a), 5);
+#endif
+
     BN_free(c);
     BN_free(b);
     BN_free(a);
@@ -51590,7 +29748,7 @@ static int test_wolfSSL_BN_prime(void)
     return EXPECT_RESULT();
 }
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
 #define TEST_ARG 0x1234
 static void msg_cb(int write_p, int version, int content_type,
@@ -51612,6 +29770,58 @@ static void msg_cb(int write_p, int version, int content_type,
 #if defined(SESSION_CERTS)
 #include "wolfssl/internal.h"
 #endif
+static int msgSrvCb(SSL_CTX *ctx, SSL *ssl)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO)
+    STACK_OF(X509)* sk = NULL;
+    X509* x509 = NULL;
+    int i, num;
+    BIO* bio = NULL;
+#endif
+
+    ExpectNotNull(ctx);
+    ExpectNotNull(ssl);
+
+    fprintf(stderr, "\n===== msgSrvCb called ====\n");
+#if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
+    ExpectTrue(SSL_get_peer_cert_chain(ssl) != NULL);
+    ExpectIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2);
+    ExpectNotNull(SSL_get0_verified_chain(ssl));
+#endif
+
+#if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO)
+    {
+        WOLFSSL_X509* peer = NULL;
+
+        ExpectNotNull(peer= wolfSSL_get_peer_certificate(ssl));
+        ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
+
+        fprintf(stderr, "Peer Certificate = :\n");
+        X509_print(bio,peer);
+        X509_free(peer);
+    }
+
+    ExpectNotNull(sk = SSL_get_peer_cert_chain(ssl));
+    if (sk == NULL) {
+        BIO_free(bio);
+        return TEST_FAIL;
+    }
+    num = sk_X509_num(sk);
+    ExpectTrue(num > 0);
+    for (i = 0; i < num; i++) {
+        ExpectNotNull(x509 = sk_X509_value(sk,i));
+        if (x509 == NULL)
+            break;
+        fprintf(stderr, "Certificate at index [%d] = :\n",i);
+        X509_print(bio,x509);
+        fprintf(stderr, "\n\n");
+    }
+    BIO_free(bio);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int msgCb(SSL_CTX *ctx, SSL *ssl)
 {
     EXPECT_DECLS;
@@ -51672,9 +29882,11 @@ static int test_wolfSSL_msgCb(void)
     client_cb.method  = wolfTLSv1_3_client_method;
     server_cb.method  = wolfTLSv1_3_server_method;
 #endif
+    server_cb.caPemFile = caCertFile;
+    client_cb.certPemFile = "./certs/intermediate/client-chain.pem";
 
-    ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb,
-        &server_cb, msgCb), TEST_SUCCESS);
+    ExpectIntEQ(test_wolfSSL_client_server_nofail_memio_ex(&client_cb,
+        &server_cb, msgCb, msgSrvCb), TEST_SUCCESS);
 #endif
     return EXPECT_RESULT();
 }
@@ -51747,7 +29959,7 @@ static int test_generate_cookie(void)
     ExpectNotNull(ssl = SSL_new(ctx));
 
     /* Test unconnected */
-    ExpectIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E);
+    ExpectIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), WC_NO_ERR_TRACE(GEN_COOKIE_E));
 
     wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie);
 
@@ -51766,8 +29978,9 @@ static int test_generate_cookie(void)
 static int test_wolfSSL_set_options(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_FILESYSTEM) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+    !defined(NO_RSA)
     WOLFSSL*     ssl = NULL;
     WOLFSSL_CTX* ctx = NULL;
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
@@ -51833,7 +30046,7 @@ static int test_wolfSSL_set_options(void)
                     appData, sizeof(appData)), 0);
     }
 #else
-    ExpectIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNull(wolfSSL_get_app_data((const WOLFSSL*)ssl));
 #endif
 #endif
@@ -51887,15 +30100,14 @@ static int test_wolfSSL_set_options(void)
 
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
-#endif /* !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
+#endif
     return EXPECT_RESULT();
 }
 
 static int test_wolfSSL_sk_SSL_CIPHER(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_TLS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
     SSL*     ssl = NULL;
@@ -51932,8 +30144,8 @@ static int test_wolfSSL_sk_SSL_CIPHER(void)
 static int test_wolfSSL_set1_curves_list(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     SSL*     ssl = NULL;
     SSL_CTX* ctx = NULL;
 
@@ -51947,42 +30159,41 @@ static int test_wolfSSL_set1_curves_list(void)
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, SSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifdef HAVE_ECC
-    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS);
 #endif
 #ifdef HAVE_CURVE25519
     ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #ifdef HAVE_CURVE448
     ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
-    ExpectIntEQ(SSL_set1_curves_list(ssl, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_set1_curves_list(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifdef HAVE_ECC
-    ExpectIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS);
 #endif
 
 #ifdef HAVE_CURVE25519
     ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #ifdef HAVE_CURVE448
     ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_SUCCESS);
 #else
-    ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
     SSL_free(ssl);
     SSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif
     return EXPECT_RESULT();
 }
@@ -52033,15 +30244,27 @@ static int test_wolfSSL_curves_mismatch(void)
     } test_params[] = {
 #ifdef WOLFSSL_TLS13
         {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3",
-                FATAL_ERROR, BAD_KEY_SHARE_DATA},
+                WC_NO_ERR_TRACE(FATAL_ERROR), WC_NO_ERR_TRACE(BAD_KEY_SHARE_DATA)},
 #endif
 #ifndef WOLFSSL_NO_TLS12
         {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2",
-                FATAL_ERROR, MATCH_SUITE_ERROR},
+                WC_NO_ERR_TRACE(FATAL_ERROR),
+#ifdef OPENSSL_EXTRA
+                WC_NO_ERR_TRACE(WOLFSSL_ERROR_SYSCALL)
+#else
+                WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)
+#endif
+        },
 #endif
 #ifndef NO_OLD_TLS
         {wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLS 1.1",
-                FATAL_ERROR, MATCH_SUITE_ERROR},
+                WC_NO_ERR_TRACE(FATAL_ERROR),
+#ifdef OPENSSL_EXTRA
+                WC_NO_ERR_TRACE(WOLFSSL_ERROR_SYSCALL)
+#else
+                WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)
+#endif
+        },
 #endif
     };
 
@@ -52058,7 +30281,7 @@ static int test_wolfSSL_curves_mismatch(void)
         func_cb_server.method = test_params[i].server_meth;
 
         ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
-            &func_cb_server, NULL), TEST_FAIL);
+            &func_cb_server, NULL), -1001);
         ExpectIntEQ(func_cb_client.last_err, test_params[i].client_last_err);
         ExpectIntEQ(func_cb_server.last_err, test_params[i].server_last_err);
 
@@ -52073,8 +30296,9 @@ static int test_wolfSSL_curves_mismatch(void)
 static int test_wolfSSL_set1_sigalgs_list(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
-#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     SSL*     ssl = NULL;
     SSL_CTX* ctx = NULL;
 
@@ -52088,29 +30312,29 @@ static int test_wolfSSL_set1_sigalgs_list(void)
     ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
     ExpectNotNull(ssl = SSL_new(ctx));
 
-    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
-    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifndef NO_RSA
     #ifndef NO_SHA256
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, "RSA+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, "RSA+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256"),
                     WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256"),
                     WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         #ifdef WC_RSA_PSS
             ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-PSS+SHA256"),
                         WOLFSSL_SUCCESS);
@@ -52132,17 +30356,17 @@ static int test_wolfSSL_set1_sigalgs_list(void)
             ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl,
                        "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
         #endif
-        ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WOLFSSL_FAILURE);
-        ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WOLFSSL_FAILURE);
+        ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+        ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA:RSA+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA:RSA+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
         ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256+SHA256"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256+RSA"),
-                    WOLFSSL_FAILURE);
+                    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     #endif
 #endif
 #ifdef HAVE_ECC
@@ -52190,7 +30414,6 @@ static int test_wolfSSL_set1_sigalgs_list(void)
 
     SSL_free(ssl);
     SSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif
     return EXPECT_RESULT();
 }
@@ -52229,7 +30452,7 @@ static int test_wolfSSL_PEM_read_bio(void)
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
     byte buff[6000];
     XFILE f = XBADFILE;
-    int  bytes;
+    int  bytes = 0;
     X509* x509 = NULL;
     BIO*  bio = NULL;
     BUF_MEM* buf = NULL;
@@ -52289,7 +30512,7 @@ static int test_wolfSSL_BIO(void)
         buff[i] = i;
     }
     /* test BIO_free with NULL */
-    ExpectIntEQ(BIO_free(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(BIO_free(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Creating and testing type BIO_s_bio */
     ExpectNotNull(bio1 = BIO_new(BIO_s_bio()));
@@ -52341,7 +30564,7 @@ static int test_wolfSSL_BIO(void)
     ExpectIntEQ(BIO_ctrl_reset_read_request(bio1), 1);
 
     /* new pair */
-    ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_FAILURE);
+    ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     BIO_free(bio2); /* free bio2 and automatically remove from pair */
     bio2 = NULL;
     ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS);
@@ -52349,8 +30572,8 @@ static int test_wolfSSL_BIO(void)
     ExpectIntEQ(BIO_nread(bio3, &bufPt, 10), 0);
 
     /* test wrap around... */
-    ExpectIntEQ(BIO_reset(bio1), 0);
-    ExpectIntEQ(BIO_reset(bio3), 0);
+    ExpectIntEQ(BIO_reset(bio1), 1);
+    ExpectIntEQ(BIO_reset(bio3), 1);
 
     /* fill write buffer, read only small amount then write again */
     ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
@@ -52375,7 +30598,7 @@ static int test_wolfSSL_BIO(void)
         ExpectIntEQ(bufPt[i], buff[4 + i]);
     }
 
-    ExpectIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(BIO_nread(bio3, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(BIO_nread0(bio3, &bufPt), 4);
     for (i = 0; i < 4; i++) {
         ExpectIntEQ(bufPt[i], 0);
@@ -52392,7 +30615,7 @@ static int test_wolfSSL_BIO(void)
     ExpectNotNull(XMEMCPY(bufPt, buff, 20));
 
     /* test reset on data in bio1 write buffer */
-    ExpectIntEQ(BIO_reset(bio1), 0);
+    ExpectIntEQ(BIO_reset(bio1), 1);
     ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0);
     ExpectIntEQ(BIO_nread(bio3, &bufPt, 3), 0);
     ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
@@ -52423,7 +30646,7 @@ static int test_wolfSSL_BIO(void)
     {
         BIO* bioA = NULL;
         BIO* bioB = NULL;
-        ExpectIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG);
+        ExpectIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS);
         BIO_free(bioA);
         bioA = NULL;
@@ -52450,7 +30673,7 @@ static int test_wolfSSL_BIO(void)
         ExpectIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
         ExpectIntEQ((int)BIO_set_mem_eof_return(NULL, -1),   0);
 
-        ExpectTrue((f1 = XFOPEN(svrCertFile, "rwb")) != XBADFILE);
+        ExpectTrue((f1 = XFOPEN(svrCertFile, "rb+")) != XBADFILE);
         ExpectIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS);
         ExpectIntEQ(BIO_write_filename(f_bio2, testFile),
                 WOLFSSL_SUCCESS);
@@ -52463,7 +30686,7 @@ static int test_wolfSSL_BIO(void)
         ExpectIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg));
 
         ExpectIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS);
-        ExpectIntEQ(BIO_reset(f_bio2), 0);
+        ExpectIntEQ(BIO_reset(f_bio2), 1);
         ExpectIntEQ(BIO_tell(NULL),-1);
         ExpectIntEQ(BIO_tell(f_bio2),0);
         ExpectIntEQ(BIO_seek(f_bio2, 4), 0);
@@ -52474,7 +30697,7 @@ static int test_wolfSSL_BIO(void)
         BIO_free(f_bio2);
         f_bio2 = NULL;
 
-        ExpectNotNull(f_bio1 = BIO_new_file(svrCertFile, "rwb"));
+        ExpectNotNull(f_bio1 = BIO_new_file(svrCertFile, "rb+"));
         ExpectIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
         ExpectIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
         BIO_free(f_bio1);
@@ -52598,6 +30821,7 @@ static int test_wolfSSL_X509_cmp_time(void)
 
     ExpectIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1);
     ExpectIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));
+    ExpectIntEQ(-1, wolfSSL_X509_cmp_current_time(&asn_time));
 #endif
     return EXPECT_RESULT();
 }
@@ -52714,6 +30938,12 @@ static int test_wolfSSL_X509_bad_altname(void)
      * name of "a*\0*". Ensure that it does not match "aaaaa" */
     ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen,
         WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1);
+
+    /* Also make sure WOLFSSL_LEFT_MOST_WILDCARD_ONLY fails too */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), 1);
+
     X509_free(x509);
 
 #endif
@@ -52834,6 +31064,26 @@ static int test_wolfSSL_X509_name_match(void)
     ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4,
         WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1);
 
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since
+     * 'a*' alt name does not have wildcard left-most */
+
+    /* Ensure that "a*" does not match "aaaaa" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name1, nameLen1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*" does not match "a" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*" does not match "abbbb" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "a*" does not match "bbb" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+
     wolfSSL_X509_free(x509);
 
 #endif
@@ -52956,6 +31206,21 @@ static int test_wolfSSL_X509_name_match2(void)
     ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4,
         WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
 
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since
+     * 'a*b*' alt name does not have wildcard left-most */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name4, nameLen4,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_FAILURE);
+
     /* Ensure that "a*b*" matches "ab", testing openssl behavior replication
      * on check len input handling, 0 for len is OK as it should then use
      * strlen(name1) */
@@ -53069,6 +31334,8 @@ static int test_wolfSSL_X509_name_match3(void)
     int nameLen1 = (int)(XSTRLEN(name1));
     const char *name2 = "x.y.example.com";
     int nameLen2 = (int)(XSTRLEN(name2));
+    const char *name3 = "example.com";
+    int nameLen3 = (int)(XSTRLEN(name3));
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
         cert_der, certSize, WOLFSSL_FILETYPE_ASN1));
@@ -53079,6 +31346,22 @@ static int test_wolfSSL_X509_name_match3(void)
     /* Ensure that "*.example.com" does NOT match "x.y.example.com" */
     ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2,
         WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+    /* Ensure that "*.example.com" does NOT match "example.com" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
+
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should match "foo.example.com" */
+    ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT  match "x.y.example.com" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
+    /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "example.com" */
+    ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3,
+        WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
+        NULL), WOLFSSL_SUCCESS);
 
     wolfSSL_X509_free(x509);
 
@@ -53089,7 +31372,8 @@ static int test_wolfSSL_X509_name_match3(void)
 static int test_wolfSSL_X509_max_altnames(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA)
 
     /* Only test if max alt names has not been modified */
 #if WOLFSSL_MAX_ALT_NAMES <= 1024
@@ -53117,8 +31401,8 @@ static int test_wolfSSL_X509_max_altnames(void)
 static int test_wolfSSL_X509_max_name_constraints(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    !defined(IGNORE_NAME_CONSTRAINTS)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS)
 
     /* Only test if max name constraints has not been modified */
 #if WOLFSSL_MAX_NAME_CONSTRAINTS == 128
@@ -53155,8 +31439,18 @@ static int test_wolfSSL_X509(void)
 #endif
     char der[] = "certs/ca-cert.der";
     XFILE fp = XBADFILE;
+    int derSz = 0;
+
+#ifndef NO_BIO
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+#endif
 
     ExpectNotNull(x509 = X509_new());
+    ExpectNull(wolfSSL_X509_get_der(x509, &derSz));
+#if !defined(NO_BIO) && defined(WOLFSSL_CERT_GEN)
+    ExpectIntEQ(i2d_X509_bio(bio, x509), WOLFSSL_FAILURE);
+#endif
+    ExpectNull(wolfSSL_X509_dup(x509));
     X509_free(x509);
     x509 = NULL;
 
@@ -53164,33 +31458,65 @@ static int test_wolfSSL_X509(void)
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         SSL_FILETYPE_PEM));
 
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-
 #ifdef WOLFSSL_CERT_GEN
+    ExpectIntEQ(i2d_X509_bio(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(i2d_X509_bio(bio, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(i2d_X509_bio(NULL, x509), WOLFSSL_FAILURE);
     ExpectIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
 #endif
 
     ExpectNotNull(ctx = X509_STORE_CTX_new());
 
-    ExpectIntEQ(X509_verify_cert(ctx), SSL_FATAL_ERROR);
+    ExpectIntEQ(X509_verify_cert(ctx), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectNotNull(wolfSSL_X509_verify_cert_error_string(CRL_MISSING));
 
     ExpectNotNull(store = X509_STORE_new());
     ExpectIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
     ExpectIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS);
     ExpectIntEQ(X509_verify_cert(ctx), SSL_SUCCESS);
 
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(X509_get_default_cert_file_env());
+    ExpectNull(X509_get_default_cert_file());
+    ExpectNull(X509_get_default_cert_dir_env());
+    ExpectNull(X509_get_default_cert_dir());
+#endif
+
+    ExpectNull(wolfSSL_X509_get_der(NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_der(x509, NULL));
+    ExpectNull(wolfSSL_X509_get_der(NULL, &derSz));
+
+    ExpectIntEQ(wolfSSL_X509_version(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_version(x509), 3);
 
     X509_STORE_CTX_free(ctx);
     X509_STORE_free(store);
     X509_free(x509);
     x509 = NULL;
     BIO_free(bio);
+    bio = NULL;
 #endif
 
     /** d2i_X509_fp test **/
     ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE);
     ExpectNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
     ExpectNotNull(x509);
+
+#ifdef HAVE_EX_DATA_CRYPTO
+    ExpectIntEQ(wolfSSL_X509_get_ex_new_index(1, NULL, NULL, NULL, NULL), 0);
+#endif
+    ExpectNull(wolfSSL_X509_get_ex_data(NULL, 1));
+    ExpectNull(wolfSSL_X509_get_ex_data(x509, 1));
+#ifdef HAVE_EX_DATA
+    ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0);
+    ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 1);
+    ExpectPtrEq(wolfSSL_X509_get_ex_data(x509, 1), der);
+#else
+    ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0);
+    ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 0);
+    ExpectNull(wolfSSL_X509_get_ex_data(x509, 1));
+#endif
+
     X509_free(x509);
     x509 = NULL;
     if (fp != XBADFILE) {
@@ -53198,12 +31524,24 @@ static int test_wolfSSL_X509(void)
         fp = XBADFILE;
     }
     ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE);
+    ExpectNull((X509 *)d2i_X509_fp(XBADFILE, (X509 **)&x509));
     ExpectNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
     ExpectNotNull(x509);
     X509_free(x509);
+    x509 = NULL;
     if (fp != XBADFILE)
         XFCLOSE(fp);
 
+#ifndef NO_BIO
+    ExpectNotNull(bio = BIO_new_file(der, "rb"));
+    ExpectNull(d2i_X509_bio(NULL, &x509));
+    ExpectNotNull(x509 = d2i_X509_bio(bio, NULL));
+    ExpectNotNull(x509);
+    X509_free(x509);
+    BIO_free(bio);
+    bio = NULL;
+#endif
+
     /* X509_up_ref test */
     ExpectIntEQ(X509_up_ref(NULL), 0);
     ExpectNotNull(x509 = X509_new());   /* refCount = 1 */
@@ -53212,6 +31550,7 @@ static int test_wolfSSL_X509(void)
     X509_free(x509); /* refCount = 2 */
     X509_free(x509); /* refCount = 1 */
     X509_free(x509); /* refCount = 0, free */
+
 #endif
     return EXPECT_RESULT();
 }
@@ -53227,7 +31566,11 @@ static int test_wolfSSL_X509_get_ext_count(void)
     XFILE f = XBADFILE;
 
     /* NULL parameter check */
-    ExpectIntEQ(X509_get_ext_count(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_get_ext_count(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
         SSL_FILETYPE_PEM));
@@ -53247,9 +31590,6 @@ static int test_wolfSSL_X509_get_ext_count(void)
     /* wolfSSL_X509_get_ext_count() valid input */
     ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
 
-    /* wolfSSL_X509_get_ext_count() NULL argument */
-    ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE);
-
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -53284,8 +31624,8 @@ static int test_wolfSSL_X509_sign2(void)
 
     const unsigned char expected[] = {
         0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01,
-        0x02, 0x02, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03, 0x5A, 0xEC, 0x55, 0x8A,
-        0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6, 0x13, 0xD9, 0x59, 0xB8, 0xE8, 0x30,
+        0x02, 0x02, 0x14, 0x4F, 0x0D, 0x8C, 0xC5, 0xFA, 0xEE, 0xA2, 0x9B, 0xB7,
+        0x35, 0x9E, 0xE9, 0x4A, 0x17, 0x99, 0xF0, 0xCC, 0x23, 0xF2, 0xEC, 0x30,
         0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
         0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
@@ -53364,34 +31704,34 @@ static int test_wolfSSL_X509_sign2(void)
         0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E,
         0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
-        0x6F, 0x6D, 0x82, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03, 0x5A, 0xEC, 0x55,
-        0x8A, 0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6, 0x13, 0xD9, 0x59, 0xB8, 0xE8,
+        0x6F, 0x6D, 0x82, 0x14, 0x4F, 0x0D, 0x8C, 0xC5, 0xFA, 0xEE, 0xA2, 0x9B,
+        0xB7, 0x35, 0x9E, 0xE9, 0x4A, 0x17, 0x99, 0xF0, 0xCC, 0x23, 0xF2, 0xEC,
         0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06,
         0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B,
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82,
-        0x01, 0x01, 0x00, 0x14, 0xFB, 0xD0, 0xCE, 0x31, 0x7F, 0xA5, 0x59, 0xFA,
-        0x7C, 0x68, 0x26, 0xA7, 0xE8, 0x0D, 0x9F, 0x50, 0x57, 0xFA, 0x1C, 0x7C,
-        0x5E, 0x43, 0xA4, 0x97, 0x47, 0xB6, 0x41, 0xAC, 0x63, 0xD3, 0x61, 0x8C,
-        0x1F, 0x42, 0xEF, 0x53, 0xD0, 0xBA, 0x31, 0x4D, 0x99, 0x74, 0xA4, 0x60,
-        0xDC, 0xC6, 0x6F, 0xCC, 0x1E, 0x25, 0x98, 0xE1, 0xA4, 0xA0, 0x67, 0x69,
-        0x97, 0xE3, 0x97, 0x7C, 0x83, 0x28, 0xF1, 0xF4, 0x7D, 0x03, 0xA8, 0x31,
-        0x77, 0xCC, 0xD1, 0x37, 0xEF, 0x7B, 0x4A, 0x71, 0x2D, 0x11, 0x7E, 0x92,
-        0xF5, 0x67, 0xB7, 0x56, 0xBA, 0x28, 0xF8, 0xD6, 0xCE, 0x2A, 0x71, 0xE3,
-        0x70, 0x6B, 0x09, 0x0F, 0x67, 0x6F, 0x7A, 0xE0, 0x89, 0xF6, 0x5E, 0x23,
-        0x0C, 0x0A, 0x44, 0x4E, 0x65, 0x8E, 0x7B, 0x68, 0xD0, 0xAD, 0x76, 0x3E,
-        0x2A, 0x0E, 0xA2, 0x05, 0x11, 0x74, 0x24, 0x08, 0x60, 0xED, 0x9F, 0x98,
-        0x18, 0xE9, 0x91, 0x58, 0x36, 0xEC, 0xEC, 0x25, 0x6B, 0xBA, 0x9C, 0x87,
-        0x38, 0x68, 0xDC, 0xDC, 0x15, 0x6F, 0x20, 0x68, 0xC4, 0xBF, 0x05, 0x5B,
-        0x4A, 0x0C, 0x44, 0x2B, 0x92, 0x3F, 0x10, 0x99, 0xDC, 0xF6, 0x6C, 0x0E,
-        0x34, 0x26, 0x6E, 0x6D, 0x4E, 0x12, 0xBC, 0x60, 0x8F, 0x27, 0x1D, 0x7A,
-        0x00, 0x50, 0xBE, 0x23, 0xDE, 0x48, 0x47, 0x9F, 0xAD, 0x2F, 0x94, 0x3D,
-        0x16, 0x73, 0x48, 0x6B, 0xC8, 0x97, 0xE6, 0xB4, 0xB3, 0x4B, 0xE1, 0x68,
-        0x08, 0xC3, 0xE5, 0x34, 0x5F, 0x9B, 0xDA, 0xAB, 0xCA, 0x6D, 0x55, 0x32,
-        0xEF, 0x6C, 0xEF, 0x9B, 0x8B, 0x5B, 0xC7, 0xF0, 0xC2, 0x0F, 0x8E, 0x93,
-        0x09, 0x60, 0x3C, 0x0B, 0xDC, 0xBD, 0xDB, 0x4A, 0x2D, 0xD0, 0x98, 0xAA,
-        0xAB, 0x6C, 0x6F, 0x6D, 0x6B, 0x6A, 0x5C, 0x33, 0xAC, 0xAD, 0xA8, 0x1B,
-        0x38, 0x5D, 0x9F, 0xDA, 0xE7, 0x70, 0x07
+        0x01, 0x01, 0x00, 0xB9, 0x6C, 0xC2, 0xFA, 0x02, 0xC4, 0x3B, 0xB4, 0x68,
+        0xB2, 0xF3, 0xE3, 0x0D, 0xFA, 0x61, 0xAF, 0xB5, 0x54, 0x14, 0x4C, 0x59,
+        0xFC, 0xF8, 0xD0, 0x48, 0x09, 0xAC, 0x0E, 0x16, 0x73, 0x1F, 0xF2, 0x5B,
+        0x43, 0xD8, 0x41, 0xD1, 0x62, 0x8C, 0x07, 0x76, 0x88, 0x3F, 0x73, 0x6E,
+        0xD1, 0xE4, 0x66, 0x3D, 0x6A, 0x57, 0xC8, 0x85, 0x86, 0xBE, 0xAE, 0x7B,
+        0x48, 0xCB, 0x67, 0xB3, 0x80, 0x21, 0x3E, 0xFE, 0x7C, 0x7C, 0x0C, 0x76,
+        0x9F, 0x54, 0xBC, 0xA5, 0x89, 0xDE, 0x6C, 0x0B, 0x0A, 0x26, 0xCA, 0x66,
+        0x4F, 0xC0, 0xB9, 0xDF, 0x3A, 0x14, 0x88, 0xB8, 0x90, 0x7E, 0x32, 0x6D,
+        0x45, 0xF4, 0x14, 0x7B, 0x28, 0x69, 0xCE, 0x80, 0x59, 0x2D, 0x7B, 0x98,
+        0x8D, 0x33, 0xDB, 0x4B, 0x16, 0xAA, 0x5E, 0x5E, 0xED, 0x15, 0x6A, 0x01,
+        0x9F, 0x16, 0xC1, 0xE4, 0x23, 0x89, 0x30, 0xD4, 0xD8, 0xC9, 0xAD, 0x5A,
+        0x05, 0xC0, 0xE7, 0x9D, 0xF8, 0xD2, 0xD1, 0x80, 0x53, 0x9A, 0x00, 0xB6,
+        0xA3, 0xD6, 0x54, 0xFC, 0xFC, 0x4A, 0x9D, 0x31, 0x3F, 0xBB, 0xCD, 0xBC,
+        0xDD, 0x43, 0xFC, 0x25, 0x1A, 0x8F, 0xAE, 0x03, 0x39, 0xC8, 0x1D, 0x32,
+        0x86, 0x3F, 0xDE, 0xD1, 0xD4, 0xD8, 0x7F, 0xC0, 0x2F, 0x11, 0x56, 0x18,
+        0xC6, 0x27, 0x42, 0x2C, 0xB9, 0x10, 0xEC, 0xA9, 0xDE, 0x11, 0x25, 0x0C,
+        0xF3, 0xD6, 0x49, 0x22, 0x1E, 0x6A, 0x9D, 0x64, 0x06, 0x61, 0x26, 0xCE,
+        0x27, 0x3E, 0x22, 0x94, 0xEC, 0x6B, 0x25, 0xE0, 0xDC, 0x33, 0xF6, 0x91,
+        0x7D, 0x6E, 0x2E, 0x13, 0xFB, 0x36, 0x6C, 0x48, 0x1B, 0xAC, 0x3C, 0x1B,
+        0x7A, 0x60, 0x32, 0xCC, 0xE4, 0x05, 0xB4, 0x61, 0x2E, 0xCC, 0x14, 0xA4,
+        0xCE, 0xD0, 0xE9, 0xD6, 0xAF, 0x18, 0x9D, 0x51, 0x0E, 0xEF, 0x8B, 0xE4,
+        0xE0, 0x63, 0x86, 0x83, 0x6A, 0x4B, 0x7F
     };
 
     pt = ca_key_der_2048;
@@ -53414,9 +31754,16 @@ static int test_wolfSSL_X509_sign2(void)
     ExpectIntEQ(notAfter->length, 13);
 
     ExpectTrue(wolfSSL_X509_set_notBefore(x509, notBefore));
+    ExpectTrue(wolfSSL_X509_set1_notBefore(x509, notBefore));
     ExpectTrue(wolfSSL_X509_set_notAfter(x509, notAfter));
+    ExpectTrue(wolfSSL_X509_set1_notAfter(x509, notAfter));
 #endif
 
+    ExpectNull(wolfSSL_X509_notBefore(NULL));
+    ExpectNotNull(wolfSSL_X509_notBefore(x509));
+    ExpectNull(wolfSSL_X509_notAfter(NULL));
+    ExpectNotNull(wolfSSL_X509_notAfter(x509));
+
     ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
     ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
 
@@ -53446,6 +31793,7 @@ static int test_wolfSSL_X509_sign(void)
     char *cn = NULL;
     word32 cnSz = 0;
     X509_NAME *name = NULL;
+    X509_NAME *emptyName = NULL;
     X509 *x509 = NULL;
     X509 *ca = NULL;
     DecodedCert dCert;
@@ -53469,6 +31817,11 @@ static int test_wolfSSL_X509_sign(void)
 #endif
     byte sn[16];
     int snSz = sizeof(sn);
+    int sigSz = 0;
+#ifndef NO_WOLFSSL_STUB
+    const WOLFSSL_ASN1_BIT_STRING* sig = NULL;
+    const WOLFSSL_X509_ALGOR* alg = NULL;
+#endif
 
     /* Set X509_NAME fields */
     ExpectNotNull(name = X509_NAME_new());
@@ -53484,6 +31837,7 @@ static int test_wolfSSL_X509_sign(void)
                                                                   clientKeySz));
     ExpectNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz));
     ExpectNotNull(x509 = X509_new());
+    ExpectIntEQ(X509_sign(x509, priv, EVP_sha256()), 0);
     /* Set version 3 */
     ExpectIntNE(X509_set_version(x509, 2L), 0);
     /* Set subject name, add pubkey, and sign certificate */
@@ -53492,6 +31846,9 @@ static int test_wolfSSL_X509_sign(void)
     name = NULL;
     ExpectIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS);
 #ifdef WOLFSSL_ALT_NAMES
+    ExpectNull(wolfSSL_X509_get_next_altname(NULL));
+    ExpectNull(wolfSSL_X509_get_next_altname(x509));
+
     /* Add some subject alt names */
     ExpectIntNE(wolfSSL_X509_add_altname(NULL,
                 "ipsum", ASN_DNS_TYPE), SSL_SUCCESS);
@@ -53519,6 +31876,26 @@ static int test_wolfSSL_X509_sign(void)
                 sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS);
     }
 #endif
+
+    {
+        int i;
+
+        if (x509 != NULL) {
+            x509->altNamesNext = x509->altNames;
+        }
+#ifdef WOLFSSL_IP_ALT_NAME
+        /* No names in IP address. */
+        ExpectNull(wolfSSL_X509_get_next_altname(x509));
+        ExpectNull(wolfSSL_X509_get_next_altname(x509));
+#endif
+        for (i = 0; i < 3; i++) {
+            ExpectNotNull(wolfSSL_X509_get_next_altname(x509));
+        }
+        ExpectNull(wolfSSL_X509_get_next_altname(x509));
+#ifdef WOLFSSL_MULTICIRCULATE_ALTNAMELIST
+        ExpectNotNull(wolfSSL_X509_get_next_altname(x509));
+#endif
+    }
 #endif /* WOLFSSL_ALT_NAMES */
 
     {
@@ -53530,6 +31907,22 @@ static int test_wolfSSL_X509_sign(void)
 
     /* test valid sign case */
     ExpectIntGT(ret = X509_sign(x509, priv, EVP_sha256()), 0);
+    /* test getting signature */
+#ifndef NO_WOLFSSL_STUB
+    wolfSSL_X509_get0_signature(&sig, &alg, x509);
+#endif
+    ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, &sigSz),
+        WOLFSSL_SUCCESS);
+    ExpectIntGT(sigSz, 0);
+    ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, NULL),
+        WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, NULL),
+        WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, &sigSz),
+        WOLFSSL_FATAL_ERROR);
+    sigSz = 0;
+    ExpectIntEQ(wolfSSL_X509_get_signature(x509, sn, &sigSz),
+        WOLFSSL_FATAL_ERROR);
 
     /* test valid X509_sign_ctx case */
     ExpectNotNull(mctx = EVP_MD_CTX_new());
@@ -53578,15 +31971,37 @@ static int test_wolfSSL_X509_sign(void)
     InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0);
     ExpectIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0);
 
+    ExpectNotNull(emptyName = X509_NAME_new());
     ExpectNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz));
+    ExpectIntEQ(wolfSSL_X509_get_isCA(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_get_isCA(ca), 1);
     ExpectNotNull(name = X509_get_subject_name(ca));
-    cnSz = X509_NAME_get_sz(name);
+    ExpectIntEQ(X509_NAME_get_sz(NULL), WOLFSSL_FATAL_ERROR);
+    ExpectIntGT(cnSz = X509_NAME_get_sz(name), 0);
     ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
-    ExpectNotNull(cn = X509_NAME_oneline(name, cn, (int)cnSz));
+    ExpectNull(X509_NAME_oneline(NULL, cn, (int)cnSz));
+    ExpectPtrEq(X509_NAME_oneline(name, cn, 0), cn);
+    ExpectPtrEq(X509_NAME_oneline(emptyName, cn, (int)cnSz), cn);
+    ExpectNull(X509_NAME_oneline(emptyName, NULL, 0));
+    ExpectPtrEq(X509_NAME_oneline(name, cn, (int)cnSz), cn);
     ExpectIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn)));
     XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
     cn = NULL;
 
+#if defined(XSNPRINTF)
+    ExpectNull(wolfSSL_X509_get_name_oneline(NULL, NULL, 0));
+    ExpectNotNull(cn = wolfSSL_X509_get_name_oneline(name, NULL, 0));
+    ExpectIntGT((int)(cnSz = (word32)XSTRLEN(cn) + 1), 0);
+    ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn);
+    ExpectNull(wolfSSL_X509_get_name_oneline(NULL, cn, (int)cnSz));
+    ExpectNull(wolfSSL_X509_get_name_oneline(name, cn, cnSz - 1));
+    ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn);
+    ExpectPtrEq(wolfSSL_X509_get_name_oneline(emptyName, cn, (int)cnSz), cn);
+    XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
+    cn = NULL;
+#endif
+    X509_NAME_free(emptyName);
+
 #ifdef WOLFSSL_MULTI_ATTRIB
     /* test adding multiple OU's to the signer */
     ExpectNotNull(name = X509_get_subject_name(ca));
@@ -53630,7 +32045,7 @@ static int test_wolfSSL_X509_sign(void)
     ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
 
     /* uses ParseCert which fails on bad version number */
-    ExpectIntEQ(X509_get_ext_count(x509), SSL_FAILURE);
+    ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
     EVP_MD_CTX_free(mctx);
@@ -53667,8 +32082,12 @@ static int test_wolfSSL_X509_ALGOR_get0(void)
     X509* x509 = NULL;
     const ASN1_OBJECT* obj = NULL;
     const X509_ALGOR* alg = NULL;
+    X509_ALGOR* alg2 = NULL;
     int pptype = 0;
     const void *ppval = NULL;
+    byte* der = NULL;
+    const byte* tmp = NULL;
+    const byte badObj[] = { 0x06, 0x00 };
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         SSL_FILETYPE_PEM));
@@ -53679,6 +32098,7 @@ static int test_wolfSSL_X509_ALGOR_get0(void)
     ExpectNull(obj);
 
     /* Valid case */
+    X509_ALGOR_get0(NULL, NULL, NULL, alg);
     X509_ALGOR_get0(&obj, &pptype, &ppval, alg);
     ExpectNotNull(obj);
     ExpectNull(ppval);
@@ -53686,7 +32106,24 @@ static int test_wolfSSL_X509_ALGOR_get0(void)
     /* Make sure NID of X509_ALGOR is Sha256 with RSA */
     ExpectIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption);
 
+    ExpectIntEQ(i2d_X509_ALGOR(NULL, NULL), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(i2d_X509_ALGOR(alg, &der), 15);
+    ExpectNull(d2i_X509_ALGOR(NULL, NULL, 0));
+    /* tmp is NULL. */
+    ExpectNull(d2i_X509_ALGOR(NULL, &tmp, 0));
+    tmp = badObj;
+    ExpectNull(d2i_X509_ALGOR(NULL, &tmp, (long)sizeof(badObj)));
+    tmp = der;
+    ExpectNull(d2i_X509_ALGOR(NULL, &tmp, 0));
+    ExpectNotNull(d2i_X509_ALGOR(&alg2, &tmp, 15));
+    tmp = der;
+    ExpectNotNull(d2i_X509_ALGOR(&alg2, &tmp, 15));
+
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
     X509_free(x509);
+    X509_ALGOR_free(NULL);
+    X509_ALGOR_free(alg2);
+    alg2 = NULL;
 #endif
     return EXPECT_RESULT();
 }
@@ -53802,14 +32239,22 @@ static int test_wolfSSL_X509_VERIFY_PARAM(void)
     ExpectIntEQ(X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL),
         1);
 
+    ExpectIntEQ(X509_VERIFY_PARAM_get_flags(NULL), 0);
     ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo),
         X509_V_FLAG_CRL_CHECK_ALL);
 
+    ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL),
+        WOLFSSL_FAILURE);
     ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(paramTo,
         X509_V_FLAG_CRL_CHECK_ALL), 1);
 
     ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), 0);
 
+    ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup(NULL));
+    ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup(""));
+    ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_client"));
+    ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_server"));
+
     X509_VERIFY_PARAM_free(paramTo);
     X509_VERIFY_PARAM_free(paramFrom);
     X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */
@@ -53921,6 +32366,8 @@ static int test_wolfSSL_X509_PUBKEY_RSA(void)
     X509_PUBKEY* pubKey = NULL;
     X509_PUBKEY* pubKey2 = NULL;
     EVP_PKEY* evpKey = NULL;
+    byte buf[1024];
+    byte* tmp;
 
     const unsigned char *pk = NULL;
     int ppklen;
@@ -53938,11 +32385,23 @@ static int test_wolfSSL_X509_PUBKEY_RSA(void)
     ExpectNotNull(pubKey);
     ExpectIntGT(ppklen, 0);
 
+    tmp = buf;
+    ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, NULL), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, &tmp), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, NULL), 294);
+    ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, &tmp), 294);
+
     ExpectIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption);
 
     ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey));
     ExpectNotNull(pubKey2 = X509_PUBKEY_new());
+    ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, NULL), 0);
+    ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 0);
+    ExpectIntEQ(X509_PUBKEY_set(NULL, NULL), 0);
+    ExpectIntEQ(X509_PUBKEY_set(&pubKey2, NULL), 0);
+    ExpectIntEQ(X509_PUBKEY_set(NULL, evpKey), 0);
     ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
+    ExpectIntEQ(X509_PUBKEY_get0_param(NULL, NULL, NULL, NULL, pubKey2), 1);
     ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
     ExpectNotNull(pk);
     ExpectNotNull(pa);
@@ -53953,6 +32412,7 @@ static int test_wolfSSL_X509_PUBKEY_RSA(void)
     ExpectIntEQ(pptype, V_ASN1_NULL);
     ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA);
 
+    X509_PUBKEY_free(NULL);
     X509_PUBKEY_free(pubKey2);
     X509_free(x509);
     EVP_PKEY_free(evpKey);
@@ -54284,9 +32744,10 @@ static int test_wolfSSL_PKCS8_Compat(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) && \
     !defined(NO_BIO)
     PKCS8_PRIV_KEY_INFO* pt = NULL;
+    PKCS8_PRIV_KEY_INFO* pt2 = NULL;
     BIO* bio = NULL;
     XFILE f = XBADFILE;
-    int bytes;
+    int bytes = 0;
     char pkcs8_buffer[512];
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
     EVP_PKEY *pkey = NULL;
@@ -54306,13 +32767,14 @@ static int test_wolfSSL_PKCS8_Compat(void)
     ExpectIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC);
 
     /* gets PKCS8 pointer to pkey */
-    ExpectNotNull(EVP_PKEY2PKCS8(pkey));
+    ExpectNotNull(pt2 = EVP_PKEY2PKCS8(pkey));
 
     EVP_PKEY_free(pkey);
 #endif
 
     BIO_free(bio);
     PKCS8_PRIV_KEY_INFO_free(pt);
+    PKCS8_PRIV_KEY_INFO_free(pt2);
 #endif
     return EXPECT_RESULT();
 }
@@ -54570,6 +33032,21 @@ static int test_wolfSSL_PKCS8_d2i(void)
     evpPkey = NULL;
     BIO_free(bio);
     bio = NULL;
+
+    /* https://github.com/wolfSSL/wolfssl/issues/8610 */
+    bytes = (int)XSTRLEN((char *)pkcs8_buffer);
+    ExpectNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
+    ExpectIntEQ(BIO_get_mem_data(bio, &p), bytes);
+    ExpectIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
+
+    ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
+            (void*)"yassl123"));
+    ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, evpPkey, NULL,
+            NULL, 0, NULL, NULL), bytes);
+    EVP_PKEY_free(evpPkey);
+    evpPkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
 #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */
     EVP_PKEY_free(pkey);
     pkey = NULL;
@@ -54762,13 +33239,13 @@ static int test_wolfSSL_ERR_get_error_order(void)
     /* Empty the queue. */
     wolfSSL_ERR_clear_error();
 
-    wolfSSL_ERR_put_error(0, 0, ASN_NO_SIGNER_E, "test", 0);
-    wolfSSL_ERR_put_error(0, 0, ASN_SELF_SIGNED_E, "test", 0);
+    wolfSSL_ERR_put_error(0, 0, WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), "test", 0);
+    wolfSSL_ERR_put_error(0, 0, WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E), "test", 0);
 
-    ExpectIntEQ(wolfSSL_ERR_peek_error(), -ASN_NO_SIGNER_E);
-    ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_NO_SIGNER_E);
-    ExpectIntEQ(wolfSSL_ERR_peek_error(), -ASN_SELF_SIGNED_E);
-    ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_SELF_SIGNED_E);
+    ExpectIntEQ(wolfSSL_ERR_peek_error(), -WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
+    ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
+    ExpectIntEQ(wolfSSL_ERR_peek_error(), -WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E));
+    ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E));
 #endif /* WOLFSSL_HAVE_ERROR_QUEUE && OPENSSL_EXTRA */
     return EXPECT_RESULT();
 }
@@ -54811,7 +33288,9 @@ static int test_wolfSSL_ERR_print_errors(void)
     defined(DEBUG_WOLFSSL)
 static int test_wolfSSL_error_cb(const char *str, size_t len, void *u)
 {
-    wolfSSL_BIO_write((BIO*)u, str, (int)len);
+    if (u != NULL) {
+        wolfSSL_BIO_write((BIO*)u, str, (int)len);
+    }
     return 0;
 }
 #endif
@@ -54884,8 +33363,8 @@ static int test_wc_ERR_print_errors_fp(void)
     long sz;
     XFILE fp = XBADFILE;
 
-    WOLFSSL_ERROR(BAD_FUNC_ARG);
-    ExpectTrue((fp = XFOPEN("./tests/test-log-dump-to-file.txt", "ar")) !=
+    WOLFSSL_ERROR(WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectTrue((fp = XFOPEN("./tests/test-log-dump-to-file.txt", "a+")) !=
         XBADFILE);
     wc_ERR_print_errors_fp(fp);
 #if defined(DEBUG_WOLFSSL)
@@ -54945,7 +33424,7 @@ static int test_wolfSSL_MD4(void)
 
     XMEMSET(out, 0, sizeof(out));
     MD4_Init(&md4);
-    MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz);
+    MD4_Update(&md4, (const void*)msg, (word32)msgSz);
     MD4_Final(out, &md4);
     ExpectIntEQ(XMEMCMP(out, test, sizeof(out)), 0);
 #endif
@@ -55050,9 +33529,9 @@ static int test_wolfSSL_MD5_Transform(void)
     ExpectIntEQ(MD5_Transform(NULL, NULL), 0);
     ExpectIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(MD5_Transform(&md5.compat, NULL), 0);
-    ExpectIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Md5Transform(&md5.native, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Md5Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Md5Transform(&md5.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init MD5 CTX */
     ExpectIntEQ(wolfSSL_MD5_Init(&md5.compat), 1);
@@ -55248,9 +33727,9 @@ static int test_wolfSSL_SHA_Transform(void)
     ExpectIntEQ(SHA1_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA1_Transform(&sha.compat, NULL), 0);
-    ExpectIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_ShaTransform(&sha.native, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_ShaTransform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ShaTransform(&sha.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA CTX */
     ExpectIntEQ(SHA_Init(&sha.compat), 1);
@@ -55307,7 +33786,7 @@ static int test_wolfSSL_SHA224(void)
          "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
     size_t inLen;
     byte hash[WC_SHA224_DIGEST_SIZE];
-    unsigned char* p;
+    unsigned char* p = NULL;
 
     inLen  = XSTRLEN((char*)input);
 
@@ -55389,9 +33868,9 @@ static int test_wolfSSL_SHA256_Transform(void)
     ExpectIntEQ(SHA256_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA256_Transform(&sha256.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha256Transform(&sha256.native, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256Transform(&sha256.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA256 CTX */
     ExpectIntEQ(SHA256_Init(&sha256.compat), 1);
@@ -55463,9 +33942,9 @@ static int test_wolfSSL_SHA512_Transform(void)
     ExpectIntEQ(SHA512_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA512_Transform(&sha512.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512Transform(&sha512.native, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA512 CTX */
     ExpectIntEQ(wolfSSL_SHA512_Init(&sha512.compat), 1);
@@ -55533,10 +34012,10 @@ static int test_wolfSSL_SHA512_224_Transform(void)
     ExpectIntEQ(SHA512_224_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA512_224_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA512_224_Transform(&sha512.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha512_224Transform(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512_224Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sha512_224Transform(NULL, (const byte*)&input1),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_224Transform(&sha512.native, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_224Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA512 CTX */
     ExpectIntEQ(wolfSSL_SHA512_224_Init(&sha512.compat), 1);
@@ -55606,10 +34085,10 @@ static int test_wolfSSL_SHA512_256_Transform(void)
     ExpectIntEQ(SHA512_256_Transform(NULL, NULL), 0);
     ExpectIntEQ(SHA512_256_Transform(NULL, (const byte*)&input1), 0);
     ExpectIntEQ(SHA512_256_Transform(&sha512.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha512_256Transform(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wc_Sha512_256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_Sha512_256Transform(NULL, (const byte*)&input1),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wc_Sha512_256Transform(&sha512.native, NULL), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_256Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* Init SHA512 CTX */
     ExpectIntEQ(wolfSSL_SHA512_256_Init(&sha512.compat), 1);
@@ -55915,7 +34394,7 @@ static int test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
     ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 1);
     ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 1);
 #else
-    ExpectIntEQ(HMAC_size(hmac), BAD_FUNC_ARG);
+    ExpectIntEQ(HMAC_size(hmac), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(HMAC_Init(hmac, NULL, 0, NULL), 0);
     ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 0);
     ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 0);
@@ -55923,7 +34402,7 @@ static int test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
     ExpectIntEQ(HMAC_Init_ex(NULL, (void*)key, (int)sizeof(key), md, e), 0);
     ExpectIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e), 1);
 
-    /* re-using test key as data to hash */
+    /* reusing test key as data to hash */
     ExpectIntEQ(HMAC_Update(NULL, key, (int)sizeof(key)), 0);
     ExpectIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), 1);
     ExpectIntEQ(HMAC_Update(hmac, key, 0), 1);
@@ -56030,7 +34509,7 @@ static int test_wolfSSL_CMAC(void)
     ExpectNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
     ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
         NULL), 1);
-    /* re-using test key as data to hash */
+    /* reusing test key as data to hash */
     ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
     ExpectIntEQ(CMAC_Update(cmacCtx, NULL, 0), 1);
     ExpectIntEQ(CMAC_Final(cmacCtx, out, &outLen), 1);
@@ -56688,7 +35167,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
     /* wolfSSL_AES_wrap_key() 256-bit NULL iv */
     ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
     ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
-            15), WOLFSSL_FAILURE);
+            15), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
             sizeof(key256)), sizeof(wrapCipher));
     wc_AesFree((Aes*)&aes);
@@ -56696,7 +35175,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
     /* wolfSSL_AES_unwrap_key() 256-bit NULL iv */
     ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
     ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
-            23), WOLFSSL_FAILURE);
+            23), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
             sizeof(wrapCipher)), sizeof(wrapPlain));
     ExpectIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
@@ -57065,7 +35544,7 @@ static int test_wolfSSL_OBJ(void)
     ASN1_STRING *asn1 = NULL;
     unsigned char *buf_dyn = NULL;
 
-    ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
+    ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy));
     ExpectIntEQ(OBJ_obj2nid(obj), NID_any_policy);
     ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11);
@@ -57100,6 +35579,16 @@ static int test_wolfSSL_OBJ(void)
 
         /* Get the Common Name by using OBJ_txt2obj */
         ExpectNotNull(field_name_obj = OBJ_txt2obj("CN", 0));
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(NULL, NULL, 99),
+            WOLFSSL_FATAL_ERROR);
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, NULL, 99),
+            WOLFSSL_FATAL_ERROR);
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(NULL, field_name_obj, 99),
+            WOLFSSL_FATAL_ERROR);
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, 99),
+            WOLFSSL_FATAL_ERROR);
+        ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, NULL, 0),
+            WOLFSSL_FATAL_ERROR);
         do
         {
             lastpos = tmp;
@@ -57189,10 +35678,10 @@ static int test_wolfSSL_OBJ_cmp(void)
     ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy));
     ExpectNotNull(obj2 = OBJ_nid2obj(NID_sha256));
 
-    ExpectIntEQ(OBJ_cmp(NULL, NULL), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(OBJ_cmp(obj, NULL), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(OBJ_cmp(NULL, obj2), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(OBJ_cmp(obj, obj2), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(OBJ_cmp(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(OBJ_cmp(obj, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(OBJ_cmp(NULL, obj2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(OBJ_cmp(obj, obj2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     ExpectIntEQ(OBJ_cmp(obj, obj), 0);
     ExpectIntEQ(OBJ_cmp(obj2, obj2), 0);
 
@@ -57336,6 +35825,7 @@ static int test_wolfSSL_PEM_write_bio_X509(void)
     BIO* output = NULL;
     X509* x509a = NULL;
     X509* x509b = NULL;
+    X509* empty = NULL;
 
     ASN1_TIME* notBeforeA = NULL;
     ASN1_TIME* notAfterA  = NULL;
@@ -57363,10 +35853,16 @@ static int test_wolfSSL_PEM_write_bio_X509(void)
 
     /* write X509 back to PEM BIO; no need to sign as nothing changed. */
     ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
+    ExpectNotNull(empty = wolfSSL_X509_new());
+    ExpectIntEQ(PEM_write_bio_X509(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509(output, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509(NULL, x509a), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509(output, empty), WOLFSSL_FAILURE);
     ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
     /* compare length against expected */
     expectedLen = 2000;
     ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
+    wolfSSL_X509_free(empty);
 
 #ifndef NO_ASN_TIME
     /* read exported X509 PEM back into struct, sanity check on export,
@@ -57476,10 +35972,12 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
     X509*      x509 = NULL;
 #ifndef NO_BIO
+    X509*      empty = NULL;
     BIO*       bio = NULL;
 #endif
     X509_NAME* nm = NULL;
     X509_NAME_ENTRY* entry = NULL;
+    WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* entries = NULL;
     unsigned char cn[] = "another name to add";
 #ifdef OPENSSL_ALL
     int i;
@@ -57489,24 +35987,37 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     ExpectNotNull(x509 =
             wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
 #ifndef NO_BIO
+    ExpectNotNull(empty = wolfSSL_X509_new());
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509_AUX(bio, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, x509), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_bio_X509_AUX(bio, empty), WOLFSSL_FAILURE);
     ExpectIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS);
+    wolfSSL_X509_free(empty);
 #endif
 
 #ifdef WOLFSSL_CERT_REQ
     {
         X509_REQ* req = NULL;
 #ifndef NO_BIO
+        X509_REQ* emptyReq = NULL;
         BIO*      bReq = NULL;
 #endif
 
         ExpectNotNull(req =
             wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
 #ifndef NO_BIO
+        ExpectNotNull(emptyReq = wolfSSL_X509_REQ_new());
         ExpectNotNull(bReq = BIO_new(BIO_s_mem()));
+        ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, NULL), WOLFSSL_FAILURE);
+        ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, NULL), WOLFSSL_FAILURE);
+        ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, req), WOLFSSL_FAILURE);
+        ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, emptyReq), WOLFSSL_FAILURE);
         ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS);
 
         BIO_free(bReq);
+        X509_REQ_free(emptyReq);
 #endif
         X509_free(req);
     }
@@ -57519,10 +36030,26 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
                 0x0c, cn, (int)sizeof(cn)));
     ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
 
+    /* @TODO the internal name entry set value needs investigated for matching
+     * behavior with OpenSSL. At the moment the getter function for the set
+     * value is being tested only in that it succeeds in getting the internal
+     * value. */
+    ExpectIntGT(X509_NAME_ENTRY_set(X509_NAME_get_entry(nm, 1)), 0);
+
 #ifdef WOLFSSL_CERT_EXT
+    ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, NULL, MBSTRING_UTF8,
+        (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, NULL, MBSTRING_UTF8,
+        (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, "emailAddress", MBSTRING_UTF8,
+        (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8,
-                                           (byte*)"support@wolfssl.com", 19, -1,
-                                           1), WOLFSSL_SUCCESS);
+        (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "commonName", MBSTRING_UTF8,
+        (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS);
+    ExpectNull(wolfSSL_X509_NAME_delete_entry(NULL, -1));
+    ExpectNull(wolfSSL_X509_NAME_delete_entry(nm, -1));
+    ExpectNotNull(wolfSSL_X509_NAME_delete_entry(nm, 0));
 #endif
     X509_NAME_ENTRY_free(entry);
     entry = NULL;
@@ -57530,19 +36057,26 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
 #ifdef WOLFSSL_CERT_REQ
     {
         unsigned char srv_pkcs9p[] = "Server";
+        unsigned char rfc822Mlbx[] = "support@wolfssl.com";
         unsigned char fvrtDrnk[] = "tequila";
         unsigned char* der = NULL;
         char* subject = NULL;
+
         ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType,
             MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS);
 
+        ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_rfc822Mailbox,
+            MBSTRING_ASC, rfc822Mlbx, -1, -1, 0), SSL_SUCCESS);
+
         ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_favouriteDrink,
             MBSTRING_ASC, fvrtDrnk, -1, -1, 0), SSL_SUCCESS);
 
+        ExpectIntEQ(wolfSSL_i2d_X509_NAME(NULL, &der), BAD_FUNC_ARG);
         ExpectIntGT(wolfSSL_i2d_X509_NAME(nm, &der), 0);
         ExpectNotNull(der);
 
-        ExpectNotNull(subject = X509_NAME_oneline(nm, 0, 0));
+        ExpectNotNull(subject = X509_NAME_oneline(nm, NULL, 0));
+        ExpectNotNull(XSTRSTR(subject, "rfc822Mailbox=support@wolfssl.com"));
         ExpectNotNull(XSTRSTR(subject, "favouriteDrink=tequila"));
         ExpectNotNull(XSTRSTR(subject, "contentType=Server"));
     #ifdef DEBUG_WOLFSSL
@@ -57555,9 +36089,13 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     }
 #endif
 
+    ExpectNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, NULL, 0x0c, cn,
+        (int)sizeof(cn)));
     /* Test add entry by text */
     ExpectNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName",
                 0x0c, cn, (int)sizeof(cn)));
+    ExpectPtrEq(X509_NAME_ENTRY_create_by_txt(&entry, "commonName",
+                0x0c, cn, (int)sizeof(cn)), entry);
     #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \
     || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
     ExpectNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown",
@@ -57579,6 +36117,13 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
     }
 #endif
 
+    ExpectNotNull(entries = wolfSSL_sk_X509_NAME_ENTRY_new(NULL));
+    ExpectIntEQ(sk_X509_NAME_ENTRY_num(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(sk_X509_NAME_ENTRY_num(entries), 0);
+    ExpectNull(sk_X509_NAME_ENTRY_value(NULL, 0));
+    ExpectNull(sk_X509_NAME_ENTRY_value(entries, 0));
+    wolfSSL_sk_X509_NAME_ENTRY_free(entries);
+
 #ifndef NO_BIO
     BIO_free(bio);
 #endif
@@ -57588,13 +36133,14 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
 }
 
 /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */
-static int test_GENERAL_NAME_set0_othername(void) {
+static int test_GENERAL_NAME_set0_othername(void)
+{
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
     defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \
     defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \
-    defined(WOLFSSL_FPKI)
+    defined(WOLFSSL_FPKI) && !defined(NO_RSA)
     /* ./configure --enable-opensslall --enable-certgen --enable-certreq
      *  --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID
      *  -DWOLFSSL_ALT_NAMES  -DWOLFSSL_FPKI' */
@@ -57629,6 +36175,20 @@ static int test_GENERAL_NAME_set0_othername(void) {
     if ((value == NULL) || (value->value.ptr != (char*)utf8str)) {
         wolfSSL_ASN1_STRING_free(utf8str);
     }
+    ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, NULL   , NULL ),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(gn  , NULL   , NULL ),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, upn_oid, NULL ),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, NULL   , value),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(gn  , upn_oid, NULL ),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(gn  , NULL   , value),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, upn_oid, value ),
+        WOLFSSL_FAILURE);
     ExpectIntEQ(GENERAL_NAME_set0_othername(gn, upn_oid, value), 1);
     if (EXPECT_FAIL()) {
         ASN1_TYPE_free(value);
@@ -57656,8 +36216,11 @@ static int test_GENERAL_NAME_set0_othername(void) {
     ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509,
         NID_subject_alt_name, NULL, NULL));
 
+    ExpectIntEQ(sk_GENERAL_NAME_num(NULL), 0);
     ExpectIntEQ(sk_GENERAL_NAME_num(gns), 3);
 
+    ExpectNull(sk_GENERAL_NAME_value(NULL, 0));
+    ExpectNull(sk_GENERAL_NAME_value(gns, 20));
     ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 2));
     ExpectIntEQ(gn->type, 0);
 
@@ -57672,13 +36235,14 @@ static int test_GENERAL_NAME_set0_othername(void) {
 }
 
 /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */
-static int test_othername_and_SID_ext(void) {
+static int test_othername_and_SID_ext(void)
+{
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
     defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \
     defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \
-    defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE)
+    defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_RSA)
     /* ./configure --enable-opensslall --enable-certgen --enable-certreq
      *  --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID
      *  -DWOLFSSL_ALT_NAMES  -DWOLFSSL_FPKI' */
@@ -57687,6 +36251,7 @@ static int test_othername_and_SID_ext(void) {
 
     byte der[4096];
     int derSz = 0;
+    byte badDer[2] = { 0x30, 0x00 };
     X509_REQ* x509 = NULL;
     STACK_OF(X509_EXTENSION) *exts = NULL;
 
@@ -57718,6 +36283,8 @@ static int test_othername_and_SID_ext(void) {
     ASN1_OBJECT* sid_oid = NULL;
     ASN1_OCTET_STRING *sid_data = NULL;
 
+    ASN1_OBJECT* alt_names_oid = NULL;
+
     EVP_PKEY* priv = NULL;
     XFILE f = XBADFILE;
     byte* pt = NULL;
@@ -57757,7 +36324,13 @@ static int test_othername_and_SID_ext(void) {
     ExpectNotNull(sid_ext = X509_EXTENSION_create_by_OBJ(NULL, sid_oid, 0,
                                                          sid_data));
     ExpectNotNull(exts = sk_X509_EXTENSION_new_null());
+    wolfSSL_sk_X509_EXTENSION_free(exts);
+    exts = NULL;
+    ExpectNotNull(exts = sk_X509_EXTENSION_new_null());
     /* Ensure an empty stack doesn't raise an error. */
+    ExpectIntEQ(X509_REQ_add_extensions(NULL, NULL), 0);
+    ExpectIntEQ(X509_REQ_add_extensions(x509, NULL), 0);
+    ExpectIntEQ(X509_REQ_add_extensions(NULL, exts), 0);
     ExpectIntEQ(X509_REQ_add_extensions(x509, exts), 1);
     ExpectIntEQ(sk_X509_EXTENSION_push(exts, san_ext), 1);
     if (EXPECT_FAIL()) {
@@ -57778,15 +36351,23 @@ static int test_othername_and_SID_ext(void) {
     ExpectIntGT(X509_REQ_sign(x509, priv, EVP_sha256()), 0);
     pt = der;
     ExpectIntGT(derSz = i2d_X509_REQ(x509, &pt), 0);
+    X509_REQ_free(x509);
+    x509 = NULL;
+    ExpectNull(d2i_X509_REQ_INFO(&x509, NULL, derSz));
+    pt = badDer;
+    ExpectNull(d2i_X509_REQ_INFO(&x509, (const unsigned char**)&pt,
+        sizeof(badDer)));
+    pt = der;
+    ExpectNotNull(d2i_X509_REQ_INFO(&x509, (const unsigned char**)&pt, derSz));
     sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free);
     gns = NULL;
     sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
     exts = NULL;
     ASN1_OBJECT_free(upn_oid);
     ASN1_OBJECT_free(sid_oid);
+    sid_oid = NULL;
     ASN1_OCTET_STRING_free(sid_data);
     X509_REQ_free(x509);
-    x509 = NULL;
     EVP_PKEY_free(priv);
 
     /* At this point everything used to generate what is in der is cleaned up.
@@ -57801,20 +36382,27 @@ static int test_othername_and_SID_ext(void) {
     BIO_free(bio);
     ExpectNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(
         x509));
+    ExpectIntEQ(sk_X509_EXTENSION_num(NULL), WOLFSSL_FATAL_ERROR);
     ExpectIntEQ(sk_X509_EXTENSION_num(exts), 2);
 
     /* Check the SID extension. */
-    ExpectNotNull(ext = sk_X509_EXTENSION_value(exts, 0));
+    ExpectNotNull(sid_oid = OBJ_txt2obj("1.3.6.1.4.1.311.25.2", 1));
+    ExpectNotNull(ext = sk_X509_EXTENSION_value(exts,
+            X509_get_ext_by_OBJ(x509, sid_oid, -1)));
     ExpectNotNull(extval = X509_EXTENSION_get_data(ext));
     ExpectIntEQ(extval->length, sizeof(SidExtension));
     ExpectIntEQ(XMEMCMP(SidExtension, extval->data, sizeof(SidExtension)), 0);
+    ASN1_OBJECT_free(sid_oid);
 
     /* Check the AltNames extension. */
-    ExpectNotNull(ext = sk_X509_EXTENSION_value(exts, 1));
+    ExpectNotNull(alt_names_oid = OBJ_txt2obj("subjectAltName", 0));
+    ExpectNotNull(ext = sk_X509_EXTENSION_value(exts,
+            X509_get_ext_by_OBJ(x509, alt_names_oid, -1)));
     ExpectNotNull(extval = X509_EXTENSION_get_data(ext));
     ExpectIntEQ(extval->length, sizeof(expectedAltName));
     ExpectIntEQ(XMEMCMP(expectedAltName, extval->data, sizeof(expectedAltName)),
                 0);
+    ASN1_OBJECT_free(alt_names_oid);
 
     /* Cleanup */
     ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509,
@@ -57848,14 +36436,14 @@ static int test_wolfSSL_X509_set_name(void)
                                            1), WOLFSSL_SUCCESS);
     ExpectNotNull(x509 = X509_new());
 
-    ExpectIntEQ(X509_set_subject_name(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_set_subject_name(x509, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_set_subject_name(NULL, name), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_set_subject_name(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_set_subject_name(x509, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_set_subject_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(X509_set_issuer_name(NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_set_issuer_name(x509, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_set_issuer_name(NULL, name), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_set_issuer_name(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_set_issuer_name(x509, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_set_issuer_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
 
     X509_free(x509);
@@ -57975,6 +36563,9 @@ static int test_wolfSSL_X509_set_notBefore(void)
     ExpectFalse(wolfSSL_X509_set_notBefore(x, NULL));
     ExpectFalse(wolfSSL_X509_set_notBefore(NULL, asn_time));
 
+    ExpectNull(X509_get_notBefore(NULL));
+    ExpectNull(X509_get_notAfter(NULL));
+
     /*
      * Cleanup
      */
@@ -57997,13 +36588,16 @@ static int test_wolfSSL_X509_set_version(void)
     ExpectNotNull(x509 = X509_new());
     /* These should pass. */
     ExpectTrue(wolfSSL_X509_set_version(x509, v));
+    ExpectIntEQ(0, wolfSSL_X509_get_version(NULL));
     ExpectIntEQ(v, wolfSSL_X509_get_version(x509));
     /* Fail Case: When v(long) is greater than x509->version(int). */
     v = maxInt+1;
     ExpectFalse(wolfSSL_X509_set_version(x509, v));
 
-    ExpectFalse(wolfSSL_X509_set_version(NULL, 2L));
-    ExpectFalse(wolfSSL_X509_set_version(NULL, maxInt+1));
+    ExpectIntEQ(wolfSSL_X509_set_version(NULL, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_set_version(NULL, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_set_version(x509, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_set_version(NULL, maxInt+1), WOLFSSL_FAILURE);
 
     /* Cleanup */
     X509_free(x509);
@@ -58031,7 +36625,7 @@ static int test_wolfSSL_BIO_gets(void)
     /* try with bad args */
     ExpectNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
 #ifdef OPENSSL_ALL
-    ExpectIntEQ(BIO_set_mem_buf(bio, NULL, BIO_NOCLOSE), BAD_FUNC_ARG);
+    ExpectIntEQ(BIO_set_mem_buf(bio, NULL, BIO_NOCLOSE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     /* try with real msg */
@@ -58131,7 +36725,7 @@ static int test_wolfSSL_BIO_gets(void)
     /* check error cases */
     BIO_free(bio);
     bio = NULL;
-    ExpectIntEQ(BIO_gets(NULL, NULL, 0), SSL_FAILURE);
+    ExpectIntEQ(BIO_gets(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
     ExpectIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
 
@@ -58520,7 +37114,8 @@ static int test_wolfSSL_BIO_connect(void)
 static int test_wolfSSL_BIO_tls(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_BIO) && defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_BIO) && defined(OPENSSL_EXTRA) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
     SSL_CTX* ctx = NULL;
     SSL *ssl = NULL;
     BIO *readBio = NULL;
@@ -58542,15 +37137,15 @@ static int test_wolfSSL_BIO_tls(void)
 
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = SSL_connect(ssl);
         err = SSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
-    ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     /* in this use case, should return WANT READ
      * so that Qt will read the data from plain packet for next state.
      */
@@ -58737,6 +37332,25 @@ static int test_wolfSSL_BIO_datagram(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_BIO_s_null(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_BIO) && defined(OPENSSL_EXTRA)
+    BIO *b = NULL;
+    char testData[10] = {'t','e','s','t',0};
+
+    ExpectNotNull(b = BIO_new(BIO_s_null()));
+    ExpectIntEQ(BIO_write(b, testData, sizeof(testData)), sizeof(testData));
+    ExpectIntEQ(BIO_read(b, testData, sizeof(testData)), 0);
+    ExpectIntEQ(BIO_puts(b, testData), 4);
+    ExpectIntEQ(BIO_gets(b, testData, sizeof(testData)), 0);
+    ExpectIntEQ(BIO_pending(b), 0);
+    ExpectIntEQ(BIO_eof(b), 1);
+
+    BIO_free(b);
+#endif
+    return EXPECT_RESULT();
+}
 
 #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
     defined(HAVE_HTTP_CLIENT)
@@ -58924,7 +37538,7 @@ static int test_wolfSSL_BIO_printf(void)
     XMEMSET(out, 0, sizeof(out));
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
     ExpectIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30);
-    ExpectIntEQ(BIO_printf(NULL, ""), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(BIO_printf(NULL, ""), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 30);
     ExpectIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0);
     BIO_free(bio);
@@ -59069,7 +37683,7 @@ static int test_wolfSSL_BIO_reset(void)
     ExpectIntEQ(BIO_write(bio, "WriteToReadonly", 15), 0);
     ExpectIntEQ(BIO_read(bio, buf, 16), -1);
     XMEMSET(buf, 0, 16);
-    ExpectIntEQ(BIO_reset(bio), 0);
+    ExpectIntEQ(BIO_reset(bio), 1);
     ExpectIntEQ(BIO_read(bio, buf, 16), 16);
     ExpectIntEQ(XMEMCMP(buf, "secure your data", 16), 0);
     BIO_free(bio);
@@ -59468,9 +38082,9 @@ static int test_wolfSSL_SESSION(void)
 
     /* TLS v1.3 requires session tickets */
     /* CHACHA and POLY1305 required for myTicketEncCb */
-#if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
-    !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
-            defined(HAVE_POLY1305) && !defined(HAVE_AESGCM)))
+#if !defined(WOLFSSL_NO_TLS12) && (!defined(WOLFSSL_TLS13) || \
+    !(defined(HAVE_SESSION_TICKET) && ((defined(HAVE_CHACHA) && \
+            defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))))
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
 #else
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
@@ -59517,14 +38131,14 @@ static int test_wolfSSL_SESSION(void)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_connect(ssl);
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 
     #ifdef WOLFSSL_ASYNC_CRYPT
@@ -59532,14 +38146,14 @@ static int test_wolfSSL_SESSION(void)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET));
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, (int)XSTRLEN(sendGET));
 
     #ifdef WOLFSSL_ASYNC_CRYPT
@@ -59547,14 +38161,14 @@ static int test_wolfSSL_SESSION(void)
     #endif
     do {
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
             if (ret < 0) { break; } else if (ret == 0) { continue; }
         }
     #endif
         ret = wolfSSL_read(ssl, msg, sizeof(msg));
         err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_PENDING_E);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, 23);
 
     ExpectPtrNE((sess = wolfSSL_get1_session(ssl)), NULL); /* ref count 1 */
@@ -59630,7 +38244,7 @@ static int test_wolfSSL_SESSION(void)
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE)
     /* get session from DER and update the timeout */
-    ExpectIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0);
     wolfSSL_SESSION_free(sess); sess = NULL;
     sess = NULL;
@@ -59656,10 +38270,10 @@ static int test_wolfSSL_SESSION(void)
         char buf[64] = {0};
         word32 bufSz = (word32)sizeof(buf);
 
-        ExpectIntEQ(SSL_SUCCESS,
+        ExpectIntEQ(WOLFSSL_SUCCESS,
             wolfSSL_set_SessionTicket(ssl, (byte *)ticket,
                 (word32)XSTRLEN(ticket)));
-        ExpectIntEQ(SSL_SUCCESS,
+        ExpectIntEQ(WOLFSSL_SUCCESS,
             wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz));
         ExpectStrEQ(ticket, buf);
     }
@@ -59677,7 +38291,7 @@ static int test_wolfSSL_SESSION(void)
 #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
     ExpectIntEQ(wolfSSL_set_session(ssl,sess), SSL_SUCCESS);
 #else
-    ExpectIntEQ(wolfSSL_set_session(ssl,sess), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_session(ssl,sess), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     ExpectIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
 
@@ -59685,15 +38299,15 @@ static int test_wolfSSL_SESSION(void)
     /* fail case with miss match session context IDs (use compatibility API) */
     ExpectIntEQ(SSL_set_session_id_context(ssl, context, contextSz),
             SSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_session(ssl, sess), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     wolfSSL_free(ssl); ssl = NULL;
 
     ExpectIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz),
-            SSL_FAILURE);
+            WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz),
             SSL_SUCCESS);
     ExpectNotNull(ssl = wolfSSL_new(ctx));
-    ExpectIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set_session(ssl, sess), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #endif /* OPENSSL_EXTRA */
 
@@ -59778,15 +38392,12 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
     !defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
     !defined(NO_SESSION_CACHE) && defined(OPENSSL_EXTRA) && \
     !defined(WOLFSSL_NO_TLS12)
-
-    WOLFSSL_CTX* ctx = NULL;
     callback_functions server_cbf, client_cbf;
 
     XMEMSET(&server_cbf, 0, sizeof(callback_functions));
     XMEMSET(&client_cbf, 0, sizeof(callback_functions));
 
     /* force server side to use TLS 1.2 */
-    server_cbf.ctx = ctx;
     server_cbf.method = wolfTLSv1_2_server_method;
 
     client_cbf.method = wolfSSLv23_client_method;
@@ -59798,9 +38409,6 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
     ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
     ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
 
-    /* set the previously created session and wait till expired */
-    server_cbf.ctx = ctx;
-
     client_cbf.method = wolfSSLv23_client_method;
     server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready;
     client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready_wait;
@@ -59811,9 +38419,6 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
     ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
     ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
 
-    /* set the previously created expired session */
-    server_cbf.ctx = ctx;
-
     client_cbf.method = wolfSSLv23_client_method;
     server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready;
     client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready_set;
@@ -59825,18 +38430,22 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
     ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
 
     wolfSSL_SESSION_free(test_wolfSSL_SESSION_expire_sess);
-    wolfSSL_CTX_free(ctx);
-
 #endif
     return EXPECT_RESULT();
 }
 
 #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
     defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE)
-static int clientSessRemCountMalloc = 0;
-static int serverSessRemCountMalloc = 0;
-static int clientSessRemCountFree = 0;
-static int serverSessRemCountFree = 0;
+#ifdef WOLFSSL_ATOMIC_OPS
+    typedef wolfSSL_Atomic_Int SessRemCounter_t;
+#else
+    typedef int SessRemCounter_t;
+#endif
+static SessRemCounter_t clientSessRemCountMalloc;
+static SessRemCounter_t serverSessRemCountMalloc;
+static SessRemCounter_t clientSessRemCountFree;
+static SessRemCounter_t serverSessRemCountFree;
+
 static WOLFSSL_CTX* serverSessCtx = NULL;
 static WOLFSSL_SESSION* serverSess = NULL;
 #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
@@ -59857,9 +38466,9 @@ static void SessRemCtxCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess)
     side = (int*)SSL_SESSION_get_ex_data(sess, serverSessRemIdx);
     if (side != NULL) {
         if (*side == WOLFSSL_CLIENT_END)
-            clientSessRemCountFree++;
+            (void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountFree, 1);
         else
-            serverSessRemCountFree++;
+            (void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountFree, 1);
 
         SSL_SESSION_set_ex_data(sess, serverSessRemIdx, NULL);
     }
@@ -59896,16 +38505,16 @@ static int SessRemSslSetupCb(WOLFSSL* ssl)
 
     if (SSL_is_server(ssl)) {
         side = &sessRemCtx_Server;
-        serverSessRemCountMalloc++;
+        (void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountMalloc, 1);
         ExpectNotNull(serverSess = SSL_get1_session(ssl));
         ExpectIntEQ(SSL_CTX_up_ref(serverSessCtx = SSL_get_SSL_CTX(ssl)),
                 SSL_SUCCESS);
     }
     else {
         side = &sessRemCtx_Client;
-        clientSessRemCountMalloc++;
-    #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
-        !defined(NO_SESSION_CACHE_REF)
+        (void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountMalloc, 1);
+#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
+    !defined(NO_SESSION_CACHE_REF)
         ExpectNotNull(clientSess = SSL_get1_session(ssl));
         ExpectIntEQ(SSL_CTX_up_ref(clientSessCtx = SSL_get_SSL_CTX(ssl)),
                 SSL_SUCCESS);
@@ -59927,6 +38536,11 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
      * session object */
     test_ssl_cbf func_cb;
 
+    wolfSSL_Atomic_Int_Init(&clientSessRemCountMalloc, 0);
+    wolfSSL_Atomic_Int_Init(&serverSessRemCountMalloc, 0);
+    wolfSSL_Atomic_Int_Init(&clientSessRemCountFree, 0);
+    wolfSSL_Atomic_Int_Init(&serverSessRemCountFree, 0);
+
     XMEMSET(&func_cb, 0, sizeof(func_cb));
     func_cb.ctx_ready = SessRemCtxSetupCb;
     func_cb.on_result = SessRemSslSetupCb;
@@ -59980,41 +38594,41 @@ static int test_wolfSSL_ticket_keys(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
-    !defined(NO_WOLFSSL_SERVER)
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
     byte keys[WOLFSSL_TICKET_KEYS_SZ];
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, 0),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
                 WOLFSSL_SUCCESS);
@@ -60086,7 +38700,8 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
     return EXPECT_RESULT();
 }
 
-#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) && \
+    !defined(NO_TLS)
 static int test_wolfSSL_d2i_PrivateKeys_bio(void)
 {
     EXPECT_DECLS;
@@ -60168,13 +38783,18 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
 
 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
     {
+        const unsigned char seqOnly[] = { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00 };
         RSA* rsa = NULL;
         /* Tests bad parameters */
         ExpectNull(d2i_RSAPrivateKey_bio(NULL, NULL));
 
+        /* Test using bad data. */
+        ExpectIntGT(BIO_write(bio, seqOnly, sizeof(seqOnly)), 0);
+        ExpectNull(d2i_RSAPrivateKey_bio(bio, NULL));
+
         /* RSA not set yet, expecting to fail*/
         rsa = wolfSSL_RSA_new();
-        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_FAILURE);
+        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
         wolfSSL_RSA_free(rsa);
         rsa = NULL;
 
@@ -60186,14 +38806,14 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
         ExpectNotNull(rsa);
 
         /* Tests bad parameters */
-        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
-        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, NULL), BAD_FUNC_ARG);
-        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, rsa), BAD_FUNC_ARG);
+        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, rsa), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
         ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);
 
         /* i2d RSAprivate key tests */
-        ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
+        ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192);
         ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
                                                sizeof_client_key_der_2048);
@@ -60208,6 +38828,13 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
                             sizeof_client_key_der_2048), 0);
         XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
 
+        RSA_free(rsa);
+        rsa = NULL;
+        ExpectIntGT(BIO_write(bio, client_key_der_2048,
+                    sizeof_client_key_der_2048), 0);
+        ExpectNotNull(d2i_RSA_PUBKEY_bio(bio, &rsa));
+        (void)BIO_reset(bio);
+
         RSA_free(rsa);
         rsa = RSA_new();
         ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 0);
@@ -60234,6 +38861,7 @@ static int test_wolfSSL_sk_GENERAL_NAME(void)
     !defined(NO_RSA)
     X509* x509 = NULL;
     GENERAL_NAME* gn = NULL;
+    GENERAL_NAME* dup_gn = NULL;
     unsigned char buf[4096];
     const unsigned char* bufPt = NULL;
     int bytes = 0;
@@ -60271,6 +38899,10 @@ static int test_wolfSSL_sk_GENERAL_NAME(void)
                     break;
                 }
             }
+
+            ExpectNotNull(dup_gn = wolfSSL_GENERAL_NAME_dup(gn));
+            wolfSSL_GENERAL_NAME_free(dup_gn);
+            dup_gn = NULL;
         }
         X509_free(x509);
         x509 = NULL;
@@ -60286,6 +38918,11 @@ static int test_wolfSSL_sk_GENERAL_NAME(void)
         }
         sk = NULL;
     }
+
+    ExpectNull(wolfSSL_GENERAL_NAME_dup(NULL));
+    ExpectIntEQ(wolfSSL_GENERAL_NAME_set_type(NULL, WOLFSSL_GEN_IA5),
+        BAD_FUNC_ARG);
+    wolfSSL_GENERAL_NAMES_free(NULL);
 #endif
     return EXPECT_RESULT();
 }
@@ -60296,9 +38933,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
 #if defined(OPENSSL_ALL) && !defined(NO_BIO) && !defined(NO_RSA)
     X509* x509 = NULL;
     GENERAL_NAME* gn = NULL;
+    GENERAL_NAME* dup_gn = NULL;
     unsigned char buf[4096];
     const unsigned char* bufPt = NULL;
-    int bytes;
+    int bytes = 0;
     XFILE f = XBADFILE;
     STACK_OF(GENERAL_NAME)* sk = NULL;
     BIO* out = NULL;
@@ -60308,6 +38946,7 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     AUTHORITY_INFO_ACCESS* aia = NULL;
     ACCESS_DESCRIPTION* ad = NULL;
     ASN1_IA5STRING *dnsname = NULL;
+    ASN1_OBJECT* ridObj = NULL;
 
     const unsigned char v4Addr[] = {192,168,53,1};
     const unsigned char v6Addr[] =
@@ -60316,15 +38955,20 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     const unsigned char email[]  =
                              {'i', 'n', 'f', 'o', '@', 'w', 'o', 'l',
                               'f', 's', 's', 'l', '.', 'c', 'o', 'm'};
+    const unsigned char ridData[] = { 0x06, 0x04, 0x2a, 0x03, 0x04, 0x05 };
+    const unsigned char* p;
+    unsigned long len;
 
-    const char* dnsStr   = "DNS:example.com";
-    const char* uriStr   = "URI:http://127.0.0.1:22220";
-    const char* v4addStr = "IP Address:192.168.53.1";
-    const char* v6addStr = "IP Address:2021:DB8:0:0:0:FF00:42:7777";
-    const char* emailStr = "email:info@wolfssl.com";
-    const char* othrStr  = "othername:<unsupported>";
-    const char* x400Str  = "X400Name:<unsupported>";
-    const char* ediStr   = "EdiPartyName:<unsupported>";
+    const char* dnsStr     = "DNS:example.com";
+    const char* uriStr     = "URI:http://127.0.0.1:22220";
+    const char* v4addStr   = "IP Address:192.168.53.1";
+    const char* v6addStr   = "IP Address:2021:DB8:0:0:0:FF00:42:7777";
+    const char* emailStr   = "email:info@wolfssl.com";
+    const char* othrStr    = "othername:<unsupported>";
+    const char* x400Str    = "X400Name:<unsupported>";
+    const char* ediStr     = "EdiPartyName:<unsupported>";
+    const char* dirNameStr = "DirName:";
+    const char* ridStr     = "Registered ID:1.2.3.4.5";
 
     /* BIO to output */
     ExpectNotNull(out = BIO_new(BIO_s_mem()));
@@ -60373,6 +39017,16 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     XMEMSET(outbuf, 0, sizeof(outbuf));
     ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
     ExpectIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0);
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_IA5, NULL);
+    wolfSSL_GENERAL_NAME_set0_value(dup_gn, WOLFSSL_GEN_IA5, NULL);
+    wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_DNS, NULL);
+    wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_IA5, outbuf);
+    wolfSSL_GENERAL_NAME_set0_value(dup_gn, WOLFSSL_GEN_DNS, NULL);
+    wolfSSL_GENERAL_NAME_set0_value(dup_gn, WOLFSSL_GEN_IA5, outbuf);
+    wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_DNS, outbuf);
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
     GENERAL_NAME_free(gn);
 
     /* test for GEN_URI */
@@ -60392,6 +39046,9 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     if (ad != NULL) {
         gn = ad->location;
     }
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
     ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
     gn = NULL;
 
@@ -60426,6 +39083,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
     ExpectIntEQ(XSTRNCMP((const char*)outbuf, v4addStr, XSTRLEN(v4addStr)), 0);
 
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
+
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -60446,6 +39107,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
     ExpectIntEQ(XSTRNCMP((const char*)outbuf, v6addStr, XSTRLEN(v6addStr)), 0);
 
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
+
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -60466,6 +39131,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
     ExpectIntEQ(XSTRNCMP((const char*)outbuf, emailStr, XSTRLEN(emailStr)), 0);
 
+    ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn));
+    GENERAL_NAME_free(dup_gn);
+    dup_gn = NULL;
+
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -60500,6 +39169,10 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     if (gn != NULL) {
         gn->type = GEN_IA5;
     }
+
+    /* Duplicating GEN_X400 not supported. */
+    ExpectNull(GENERAL_NAME_dup(gn));
+
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -60519,6 +39192,51 @@ static int test_wolfSSL_GENERAL_NAME_print(void)
     if (gn != NULL) {
         gn->type = GEN_IA5;
     }
+
+    /* Duplicating GEN_EDIPARTY not supported. */
+    ExpectNull(dup_gn = GENERAL_NAME_dup(gn));
+
+    GENERAL_NAME_free(gn);
+    gn = NULL;
+
+    /* test for GEN_DIRNAME */
+    ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
+    if (gn != NULL) {
+        gn->type = GEN_DIRNAME;
+    }
+    ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
+    XMEMSET(outbuf,0,sizeof(outbuf));
+    ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
+    ExpectIntEQ(XSTRNCMP((const char*)outbuf, dirNameStr, XSTRLEN(dirNameStr)),
+        0);
+    /* Duplicating GEN_DIRNAME not supported. */
+    ExpectNull(dup_gn = GENERAL_NAME_dup(gn));
+    /* Restore to GEN_IA5 (default) to avoid memory leak. */
+    if (gn != NULL) {
+        gn->type = GEN_IA5;
+    }
+    GENERAL_NAME_free(gn);
+    gn = NULL;
+
+    /* test for GEN_RID */
+    p = ridData;
+    len = sizeof(ridData);
+    ExpectNotNull(ridObj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, len));
+    ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
+    if (gn != NULL) {
+        gn->type = GEN_RID;
+        wolfSSL_ASN1_STRING_free(gn->d.ia5);
+        gn->d.registeredID = ridObj;
+    }
+    else {
+        wolfSSL_ASN1_OBJECT_free(ridObj);
+    }
+    ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
+    XMEMSET(outbuf,0,sizeof(outbuf));
+    ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
+    ExpectIntEQ(XSTRNCMP((const char*)outbuf, ridStr, XSTRLEN(ridStr)), 0);
+    /* Duplicating GEN_DIRNAME not supported. */
+    ExpectNull(dup_gn = GENERAL_NAME_dup(gn));
     GENERAL_NAME_free(gn);
     gn = NULL;
 
@@ -60578,8 +39296,20 @@ static int test_wolfSSL_sk_DIST_POINT(void)
         }
     }
 
+    ExpectNotNull(dp = wolfSSL_DIST_POINT_new());
+    wolfSSL_DIST_POINT_free(NULL);
+    wolfSSL_DIST_POINTS_free(NULL);
+    wolfSSL_sk_DIST_POINT_free(NULL);
+    ExpectIntEQ(wolfSSL_sk_DIST_POINT_push(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_sk_DIST_POINT_push(dps, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_sk_DIST_POINT_push(NULL, dp), WOLFSSL_FAILURE);
+    ExpectNull(wolfSSL_sk_DIST_POINT_value(NULL, 0));
+    ExpectIntEQ(wolfSSL_sk_DIST_POINT_num(NULL), WOLFSSL_FATAL_ERROR);
+    wolfSSL_DIST_POINT_free(dp);
+
     X509_free(x509);
     CRL_DIST_POINTS_free(dps);
+
 #endif
     return EXPECT_RESULT();
 }
@@ -60589,7 +39319,9 @@ static int test_wolfSSL_sk_DIST_POINT(void)
 static int test_wolfSSL_verify_mode(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_RSA)
+#if !defined(NO_RSA) && !defined(NO_TLS) && (defined(OPENSSL_ALL) || \
+    defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
+    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
     WOLFSSL*     ssl = NULL;
     WOLFSSL_CTX* ctx = NULL;
 
@@ -60651,10 +39383,11 @@ static int test_wolfSSL_verify_mode(void)
 static int test_wolfSSL_verify_depth(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL*     ssl = NULL;
     WOLFSSL_CTX* ctx = NULL;
-    long         depth;
+    long         depth = 0;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0);
@@ -60682,12 +39415,12 @@ static int test_wolfSSL_verify_result(void)
 {
     EXPECT_DECLS;
 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
-    defined(OPENSSL_ALL)) && !defined(NO_WOLFSSL_CLIENT)
+    defined(OPENSSL_ALL)) && !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL*     ssl = NULL;
     WOLFSSL_CTX* ctx = NULL;
     long         result = 0xDEADBEEF;
 
-    ExpectIntEQ(WOLFSSL_FAILURE, wolfSSL_get_verify_result(ssl));
+    ExpectIntEQ(WC_NO_ERR_TRACE(WOLFSSL_FAILURE), wolfSSL_get_verify_result(ssl));
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
     ExpectNotNull(ssl = SSL_new(ctx));
@@ -60701,7 +39434,8 @@ static int test_wolfSSL_verify_result(void)
     return EXPECT_RESULT();
 }
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
 static void sslMsgCb(int w, int version, int type, const void* buf,
         size_t sz, SSL* ssl, void* arg)
 {
@@ -60720,7 +39454,8 @@ static void sslMsgCb(int w, int version, int type, const void* buf,
 static int test_wolfSSL_msg_callback(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    !defined(NO_WOLFSSL_CLIENT)
     WOLFSSL*     ssl = NULL;
     WOLFSSL_CTX* ctx = NULL;
 
@@ -60728,7 +39463,7 @@ static int test_wolfSSL_msg_callback(void)
     ExpectNotNull(ssl = SSL_new(ctx));
     ExpectIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS);
     ExpectIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS);
-    ExpectIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), SSL_FAILURE);
+    ExpectIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     SSL_free(ssl);
     SSL_CTX_free(ctx);
@@ -60828,11 +39563,12 @@ static int test_wolfSSL_EVP_Cipher_extra(void)
     };
 
     /* teset data size table */
-    int test_drive1[] = {8, 3, 5, 512, 8, 3, 8, 512, 0};
-    int test_drive2[] = {8, 3, 8, 512, 0};
-    int test_drive3[] = {512, 512, 504, 512, 512, 8, 512, 0};
+    static const int test_drive1[] = {8, 3, 5, 512, 8, 3, 8, 512, 0};
+    static const int test_drive2[] = {8, 3, 8, 512, 0};
+    static const int test_drive3[] = {512, 512, 504, 512, 512, 8, 512, 0};
+
+    static const int *test_drive[] = { test_drive1, test_drive2, test_drive3, NULL };
 
-    int *test_drive[] = {test_drive1, test_drive2, test_drive3, NULL};
     int test_drive_len[100];
 
     int ret = 0;
@@ -61047,12 +39783,16 @@ static int test_wolfSSL_X509_get_serialNumber(void)
     ASN1_INTEGER* a = NULL;
     BIGNUM* bn = NULL;
     X509*   x509 = NULL;
+    X509*   empty = NULL;
     char *serialHex = NULL;
     byte serial[3];
     int  serialSz;
 
+    ExpectNotNull(empty = wolfSSL_X509_new());
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
         SSL_FILETYPE_PEM));
+    ExpectNull(X509_get_serialNumber(NULL));
+    ExpectNotNull(X509_get_serialNumber(empty));
     ExpectNotNull(a = X509_get_serialNumber(x509));
 
     /* check on value of ASN1 Integer */
@@ -61062,7 +39802,22 @@ static int test_wolfSSL_X509_get_serialNumber(void)
     /* test setting serial number and then retrieving it */
     ExpectNotNull(a = ASN1_INTEGER_new());
     ExpectIntEQ(ASN1_INTEGER_set(a, 3), 1);
+    ExpectIntEQ(X509_set_serialNumber(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_set_serialNumber(x509, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_set_serialNumber(NULL, a), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, NULL),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, &serialSz),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, NULL),
+        BAD_FUNC_ARG);
+    serialSz = 0;
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
+        BUFFER_E);
+    ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, NULL, &serialSz),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(serialSz, 1);
     serialSz = sizeof(serial);
     ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
         WOLFSSL_SUCCESS);
@@ -61097,6 +39852,7 @@ static int test_wolfSSL_X509_get_serialNumber(void)
     a = NULL;
 
     X509_free(x509); /* free's a */
+    X509_free(empty);
 
     ExpectNotNull(serialHex = BN_bn2hex(bn));
 #ifndef WC_DISABLE_RADIX_ZERO_PAD
@@ -61120,6 +39876,126 @@ static int test_wolfSSL_X509_get_serialNumber(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_ext_get_critical_by_NID(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
+    WOLFSSL_X509* x509 = NULL;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(NULL,
+        WC_NID_basic_constraints), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_basic_constraints), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_subject_alt_name), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_authority_key_identifier), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_subject_key_identifier), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_key_usage), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_crl_distribution_points), 0);
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_ext_key_usage), 0);
+#ifdef WOLFSSL_SEP
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_certificate_policies), 0);
+#endif
+    ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
+        WC_NID_info_access), 0);
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_CRL_distribution_points(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
+    WOLFSSL_X509* x509 = NULL;
+    const char* file = "./certs/client-crl-dist.pem";
+
+    ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(NULL,
+        WC_NID_crl_distribution_points), 0);
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509,
+        WC_NID_crl_distribution_points), 0);
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
+    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(file,
+         WOLFSSL_FILETYPE_PEM));
+    ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509,
+        WC_NID_crl_distribution_points), 1);
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_SEP(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_SEP)
+    WOLFSSL_X509* x509 = NULL;
+#if 0
+    byte* out;
+#endif
+    int outSz;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+    outSz = 0;
+    ExpectNull(wolfSSL_X509_get_device_type(NULL, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_device_type(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_device_type(NULL, NULL, &outSz));
+    ExpectNull(wolfSSL_X509_get_device_type(x509, NULL, &outSz));
+
+    outSz = 0;
+    ExpectNull(wolfSSL_X509_get_hw_type(NULL, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_hw_type(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_hw_type(NULL, NULL, &outSz));
+    ExpectNull(wolfSSL_X509_get_hw_type(x509, NULL, &outSz));
+
+    outSz = 0;
+    ExpectNull(wolfSSL_X509_get_hw_serial_number(NULL, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_hw_serial_number(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_hw_serial_number(NULL, NULL, &outSz));
+    ExpectNull(wolfSSL_X509_get_hw_serial_number(x509, NULL, &outSz));
+
+    ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509,
+        WC_NID_certificate_policies), 0);
+
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
+#if 0
+    /* Use certificate with the extension here. */
+    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
+        SSL_FILETYPE_PEM));
+
+    outSz = 0;
+    ExpectNotNull(out = wolfSSL_X509_get_device_type(x509, NULL, &outSz));
+    ExpectIntGT(outSz, 0);
+    XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    outSz = 0;
+    ExpectNotNull(out = wolfSSL_X509_get_hw_type(x509, NULL, &outSz));
+    ExpectIntGT(outSz, 0);
+    XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    outSz = 0;
+    ExpectNotNull(out = wolfSSL_X509_get_hw_serial_number(x509, NULL, &outSz));
+    ExpectIntGT(outSz, 0);
+    XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    wolfSSL_X509_free(x509);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
 
 static int test_wolfSSL_OpenSSL_add_all_algorithms(void)
 {
@@ -61219,8 +40095,17 @@ static int test_wolfSSL_X509_check_ca(void)
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
         WOLFSSL_FILETYPE_PEM));
+    ExpectIntEQ(wolfSSL_X509_check_ca(NULL), 0);
     ExpectIntEQ(wolfSSL_X509_check_ca(x509), 1);
     wolfSSL_X509_free(x509);
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_check_ca(x509), 0);
+    if (x509 != NULL) {
+        x509->extKeyUsageCrit = 1;
+    }
+    ExpectIntEQ(wolfSSL_X509_check_ca(x509), 4);
+    wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
 }
@@ -61230,15 +40115,23 @@ static int test_wolfSSL_X509_check_ip_asc(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
     WOLFSSL_X509 *x509 = NULL;
+    WOLFSSL_X509 *empty = NULL;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(empty = wolfSSL_X509_new());
+
 #if 0
     /* TODO: add cert gen for testing positive case */
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
 #endif
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0);
     ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, "0.0.0.0", 0), 0);
+    ExpectIntEQ(wolfSSL_X509_check_ip_asc(empty, "127.128.0.255", 0), 0);
+
+    wolfSSL_X509_free(empty);
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -61354,7 +40247,7 @@ static int test_wolfSSL_make_cert(void)
         if (ret >= 0) {
             ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntGT(ret, 0);
 
 #ifdef OPENSSL_EXTRA
@@ -61403,9 +40296,10 @@ static int test_wolfSSL_make_cert(void)
     ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl");
 #endif /* WOLFSSL_MULTI_ATTRIB */
 
+    ExpectNull(X509_NAME_get_entry(NULL, 0));
     /* try invalid index locations for regression test and sanity check */
-    ExpectNull(entry = X509_NAME_get_entry(x509name, 11));
-    ExpectNull(entry = X509_NAME_get_entry(x509name, 20));
+    ExpectNull(X509_NAME_get_entry(x509name, 11));
+    ExpectNull(X509_NAME_get_entry(x509name, 20));
 
     X509_free(x509);
 #endif /* OPENSSL_EXTRA */
@@ -61416,6 +40310,60 @@ static int test_wolfSSL_make_cert(void)
     return EXPECT_RESULT();
 }
 
+static int test_x509_get_key_id(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    X509 *x509 = NULL;
+    const ASN1_STRING* str = NULL;
+    byte* keyId = NULL;
+    byte keyIdData[32];
+    int len;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    len = (int)sizeof(keyIdData);
+    ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len));
+    ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL));
+    ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
+    ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile,
+        WOLFSSL_FILETYPE_PEM));
+
+    ExpectNotNull(str = X509_get0_subject_key_id(x509));
+    ExpectNull(wolfSSL_X509_get_subjectKeyID(NULL, NULL, NULL));
+    ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL));
+    ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+    ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, keyIdData, NULL));
+    ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+    len = (int)sizeof(keyIdData);
+    ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, &len));
+    ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+    ExpectNotNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len));
+    ExpectIntEQ(len, ASN1_STRING_length(str));
+    ExpectBufEQ(keyIdData, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+    ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
+            ASN1_STRING_length(str));
+
+    ExpectNull(wolfSSL_X509_get_authorityKeyID(NULL, NULL, NULL));
+    ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL));
+    ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, NULL));
+    len = (int)sizeof(keyIdData);
+    ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, &len));
+    ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len));
+    ExpectIntEQ(len, 20);
+
+    X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
 
 static int test_wolfSSL_X509_get_version(void)
 {
@@ -61435,7 +40383,7 @@ static int test_wolfSSL_X509_get_version(void)
 static int test_wolfSSL_sk_CIPHER_description(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_RSA)
+#if !defined(NO_RSA) && !defined(NO_TLS)
     const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
     int i;
     int numCiphers = 0;
@@ -61497,7 +40445,7 @@ static int test_wolfSSL_sk_CIPHER_description(void)
 static int test_wolfSSL_get_ciphers_compat(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_RSA)
+#if !defined(NO_RSA) && !defined(NO_TLS)
     const SSL_METHOD *method = NULL;
     const char certPath[] = "./certs/client-cert.pem";
     STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
@@ -61557,6 +40505,91 @@ static int test_wolfSSL_X509_PUBKEY_get(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_set_pubkey(void)
+{
+    EXPECT_DECLS;
+    WOLFSSL_X509* x509 = NULL;
+    WOLFSSL_EVP_PKEY* pkey = NULL;
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+#if !defined(NO_RSA)
+    {
+        WOLFSSL_RSA* rsa = NULL;
+
+        ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+        if (pkey != NULL) {
+            pkey->type = WC_EVP_PKEY_RSA;
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+        ExpectNotNull(rsa = wolfSSL_RSA_new());
+        ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_RSA, rsa),
+            WOLFSSL_SUCCESS);
+        if (EXPECT_FAIL()) {
+            wolfSSL_RSA_free(rsa);
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS);
+        wolfSSL_EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+#endif
+#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
+        defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA)
+    {
+        WOLFSSL_DSA* dsa = NULL;
+
+        ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+        if (pkey != NULL) {
+            pkey->type = WC_EVP_PKEY_DSA;
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+        ExpectNotNull(dsa = wolfSSL_DSA_new());
+        ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_DSA, dsa),
+            WOLFSSL_SUCCESS);
+        if (EXPECT_FAIL()) {
+            wolfSSL_DSA_free(dsa);
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+        wolfSSL_EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+#endif
+#if defined(HAVE_ECC)
+    {
+        WOLFSSL_EC_KEY* ec = NULL;
+
+        ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+        if (pkey != NULL) {
+            pkey->type = WC_EVP_PKEY_EC;
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+        ExpectNotNull(ec = wolfSSL_EC_KEY_new());
+        ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ec), 1);
+        ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_EC, ec),
+            WOLFSSL_SUCCESS);
+        if (EXPECT_FAIL()) {
+            wolfSSL_EC_KEY_free(ec);
+        }
+        ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS);
+        wolfSSL_EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+#endif
+#if !defined(NO_DH)
+    ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
+    if (pkey != NULL) {
+        pkey->type = WC_EVP_PKEY_DH;
+    }
+    ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE);
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+
+    wolfSSL_X509_free(x509);
+
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
 {
     EXPECT_DECLS;
@@ -61731,10 +40764,10 @@ static int test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
 
     /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */
-    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Should fail since ecKey is empty */
-    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
     ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
 
@@ -61805,7 +40838,7 @@ static int test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
 static int test_wolfSSL_CTX_ctrl(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_FILESYSTEM) && !defined(NO_RSA)
     char caFile[] = "./certs/client-ca.pem";
     char clientFile[] = "./certs/client-cert.pem";
@@ -61891,14 +40924,14 @@ static int test_wolfSSL_CTX_ctrl(void)
 
     /* Tests should fail with passed in NULL pointer */
     ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, NULL),
-        SSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #if !defined(NO_DH) && !defined(NO_DSA)
     ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, NULL),
-        SSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #ifdef HAVE_ECC
     ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, NULL),
-        SSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
     /* Test with SSL_CTRL_EXTRA_CHAIN_CERT
@@ -61997,9 +41030,9 @@ static int test_wolfSSL_EVP_PKEY_assign(void)
     type = EVP_PKEY_RSA;
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
     ExpectNotNull(rsa = wolfSSL_RSA_new());
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, rsa),  WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, rsa),    WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, rsa),  WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, rsa),    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, rsa),  WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
         wolfSSL_RSA_free(rsa);
@@ -62012,9 +41045,9 @@ static int test_wolfSSL_EVP_PKEY_assign(void)
     type = EVP_PKEY_DSA;
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
     ExpectNotNull(dsa = wolfSSL_DSA_new());
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, dsa),  WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, dsa),    WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, dsa),  WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, dsa),    WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, dsa),  WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
         wolfSSL_DSA_free(dsa);
@@ -62027,10 +41060,10 @@ static int test_wolfSSL_EVP_PKEY_assign(void)
     type = EVP_PKEY_EC;
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
     ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, ecKey), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL),  WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, ecKey),   WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL),  WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, ecKey),   WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
     ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
@@ -62069,9 +41102,9 @@ static int test_wolfSSL_EVP_PKEY_assign_DH(void)
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
 
     /* Bad cases */
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Good case */
     ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS);
@@ -62126,15 +41159,15 @@ static int test_wolfSSL_EVP_PKEY_paramgen(void)
     EVP_PKEY*     pkey = NULL;
 
     /* Test error conditions. */
-    ExpectIntEQ(EVP_PKEY_paramgen(NULL, &pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_paramgen(NULL, &pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL));
-    ExpectIntEQ(EVP_PKEY_paramgen(ctx, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_paramgen(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifndef NO_RSA
     EVP_PKEY_CTX_free(ctx);
     /* Parameter generation for RSA not supported yet. */
     ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL));
-    ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
 #ifdef HAVE_ECC
@@ -62175,9 +41208,9 @@ static int test_wolfSSL_EVP_PKEY_keygen(void)
     ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
 
     /* Bad cases */
-    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), 0);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), 0);
+    ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), 0);
 
     /* Good case */
     ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0);
@@ -62477,13 +41510,13 @@ static int test_wolfSSL_EVP_CIPHER_CTX_set_iv(void)
 
     /* Bad cases */
     ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen),
-        WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Good case */
     ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1);
@@ -62722,215 +41755,6 @@ static int test_wolfSSL_EVP_X_STATE_LEN(void)
     return EXPECT_RESULT();
 }
 
-static int test_EVP_PKEY_is_a(void)
-{
-    EXPECT_DECLS;
-    EVP_PKEY *pkey = NULL;
-
-    ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "DH"), 0);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "RSA"), 0);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "EC"), 0);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "DSA"), 0);
-    ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, NULL), 0);
-
-#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
-
-    {
-        const unsigned char* key = dh_key_der_2048;
-        ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
-                                             sizeof_dh_key_der_2048)));
-
-        ExpectIntNE(wolfSSL_EVP_PKEY_is_a(pkey, "DH"), 0);
-
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "RSA"), 0);
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "EC"), 0);
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "DSA"), 0);
-
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, NULL), 0);
-
-        EVP_PKEY_free(pkey);
-        pkey = NULL;
-    }
-#endif /* !NO_DH && (!HAVE_FIPS || FIPS_VERSION_GT(2,0)) */
-
-#ifndef NO_DSA
-    {
-#ifdef USE_CERT_BUFFERS_1024
-        const unsigned char* dsaKeyDer = dsa_key_der_1024;
-        int dsaKeySz  = sizeof_dsa_key_der_1024;
-#elif defined(USE_CERT_BUFFERS_2048)
-        const unsigned char* dsaKeyDer = dsa_key_der_2048;
-        int dsaKeySz  = sizeof_dsa_key_der_2048;
-#endif
-        ExpectNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey, &dsaKeyDer,
-                                     (long)dsaKeySz));
-
-        ExpectIntNE(wolfSSL_EVP_PKEY_is_a(pkey, "DSA"), 0);
-
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "RSA"), 0);
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "EC"), 0);
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "DH"), 0);
-
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, NULL), 0);
-
-        EVP_PKEY_free(pkey);
-        pkey = NULL;
-    }
-#endif /* !NO_DSA */
-
-#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
-    {
-
-        const unsigned char* server_key =
-            (const unsigned char*)server_key_der_2048;
-        ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key,
-            (long)sizeof_server_key_der_2048));
-
-        ExpectIntNE(wolfSSL_EVP_PKEY_is_a(pkey, "RSA"), 0);
-
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "DSA"), 0);
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "EC"), 0);
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "DH"), 0);
-
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, NULL), 0);
-
-        EVP_PKEY_free(pkey);
-        pkey = NULL;
-    }
-#endif /* !NO_RSA && USE_CERT_BUFFERS_2048 */
-
-#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
-    {
-        const unsigned char* client_key =
-            (const unsigned char*)ecc_clikey_der_256;
-        ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key,
-            (long)sizeof_ecc_clikey_der_256)));
-
-        ExpectIntNE(wolfSSL_EVP_PKEY_is_a(pkey, "EC"), 0);
-
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "DSA"), 0);
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "RSA"), 0);
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, "DH"), 0);
-
-        ExpectIntEQ(wolfSSL_EVP_PKEY_is_a(pkey, NULL), 0);
-
-        EVP_PKEY_free(pkey);
-        pkey = NULL;
-    }
-#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */
-
-    return EXPECT_RESULT();
-}
-
-static int test_EVP_CIPHER_key_length(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_AES_CBC) || defined(HAVE_AESGCM) || \
-    defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) || \
-    defined(WOLFSSL_AES_OFB) || !defined(NO_RC4) || \
-    (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
-
-#ifdef HAVE_AES_CBC
-    #ifdef WOLFSSL_AES_128
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_128_cbc()), AES_128_KEY_SIZE);
-    #endif
-    #ifdef WOLFSSL_AES_192
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_192_cbc()), AES_192_KEY_SIZE);
-    #endif
-    #ifdef WOLFSSL_AES_256
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_256_cbc()), AES_256_KEY_SIZE);
-    #endif
-#endif
-
-#ifdef HAVE_AESGCM
-    #ifdef WOLFSSL_AES_128
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_128_gcm()), AES_128_KEY_SIZE);
-    #endif
-    #ifdef WOLFSSL_AES_192
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_192_gcm()), AES_192_KEY_SIZE);
-    #endif
-    #ifdef WOLFSSL_AES_256
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_256_gcm()), AES_256_KEY_SIZE);
-    #endif
-#endif
-
-#ifdef HAVE_AESCCM
-    #ifdef WOLFSSL_AES_128
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_128_ccm()), AES_128_KEY_SIZE);
-    #endif
-    #ifdef WOLFSSL_AES_192
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_192_ccm()), AES_192_KEY_SIZE);
-    #endif
-    #ifdef WOLFSSL_AES_256
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_256_ccm()), AES_256_KEY_SIZE);
-    #endif
-#endif
-
-#ifdef WOLFSSL_AES_COUNTER
-    #ifdef WOLFSSL_AES_128
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_128_ctr()), AES_128_KEY_SIZE);
-    #endif
-    #ifdef WOLFSSL_AES_192
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_192_ctr()), AES_192_KEY_SIZE);
-    #endif
-    #ifdef WOLFSSL_AES_256
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_256_ctr()), AES_256_KEY_SIZE);
-    #endif
-#endif
-
-#ifdef HAVE_AES_ECB
-    #ifdef WOLFSSL_AES_128
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_128_ecb()), AES_128_KEY_SIZE);
-    #endif
-    #ifdef WOLFSSL_AES_192
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_192_ecb()), AES_192_KEY_SIZE);
-    #endif
-    #ifdef WOLFSSL_AES_256
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_256_ecb()), AES_256_KEY_SIZE);
-    #endif
-#endif
-
-#ifdef WOLFSSL_AES_OFB
-    #ifdef WOLFSSL_AES_128
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_128_ofb()), AES_128_KEY_SIZE);
-    #endif
-    #ifdef WOLFSSL_AES_192
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_192_ofb()), AES_192_KEY_SIZE);
-    #endif
-    #ifdef WOLFSSL_AES_256
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_aes_256_ofb()), AES_256_KEY_SIZE);
-    #endif
-#endif
-
-#ifndef NO_RC4
-    ExpectIntEQ(EVP_CIPHER_key_length(wolfSSL_EVP_rc4()), RC4_KEY_SIZE);
-#endif
-
-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-    ExpectIntEQ(EVP_CIPHER_key_length(wolfSSL_EVP_chacha20_poly1305()),
-                CHACHA20_POLY1305_AEAD_KEYSIZE);
-#endif
-#endif
-
-#ifdef WOLFSSL_SM4_ECB
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_sm4_ecb()), SM4_KEY_SIZE);
-#endif
-#ifdef WOLFSSL_SM4_CBC
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_sm4_cbc()), SM4_KEY_SIZE);
-#endif
-#ifdef WOLFSSL_SM4_CTR
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_sm4_ctr()), SM4_KEY_SIZE);
-#endif
-#ifdef WOLFSSL_SM4_GCM
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_sm4_gcm()), SM4_KEY_SIZE);
-#endif
-#ifdef WOLFSSL_SM4_CCM
-    ExpectIntEQ(EVP_CIPHER_key_length(EVP_sm4_ccm()), SM4_KEY_SIZE);
-#endif
-
-    return EXPECT_RESULT();
-}
-
 static int test_wolfSSL_EVP_CIPHER_block_size(void)
 {
     EXPECT_DECLS;
@@ -63157,6 +41981,49 @@ static int test_wolfSSL_EVP_SignInit_ex(void)
 
     return EXPECT_RESULT();
 }
+
+static int test_wolfSSL_EVP_DigestFinalXOF(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) && defined(OPENSSL_ALL)
+    WOLFSSL_EVP_MD_CTX mdCtx;
+    unsigned char      shake[256];
+    unsigned char      zeros[10];
+    unsigned char      data[] = "Test data";
+    unsigned int sz;
+
+    XMEMSET(zeros, 0, sizeof(zeros));
+    wolfSSL_EVP_MD_CTX_init(&mdCtx);
+    ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake256()), WOLFSSL_SUCCESS);
+    ExpectIntEQ(EVP_MD_flags(EVP_shake256()), EVP_MD_FLAG_XOF);
+    ExpectIntEQ(EVP_MD_flags(EVP_sha3_256()), 0);
+    ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS);
+    XMEMSET(shake, 0, sizeof(shake));
+    ExpectIntEQ(EVP_DigestFinalXOF(&mdCtx, shake, 10), WOLFSSL_SUCCESS);
+
+    /* make sure was only size of 10 */
+    ExpectIntEQ(XMEMCMP(&shake[11], zeros, 10), 0);
+    ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
+
+    wolfSSL_EVP_MD_CTX_init(&mdCtx);
+    ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake256()), WOLFSSL_SUCCESS);
+    ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(EVP_DigestFinal(&mdCtx, shake, &sz), WOLFSSL_SUCCESS);
+    ExpectIntEQ(sz, 32);
+    ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
+
+    #if defined(WOLFSSL_SHAKE128)
+    wolfSSL_EVP_MD_CTX_init(&mdCtx);
+    ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake128()), WOLFSSL_SUCCESS);
+    ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(EVP_DigestFinal(&mdCtx, shake, &sz), WOLFSSL_SUCCESS);
+    ExpectIntEQ(sz, 16);
+    ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
+    #endif
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_EVP_DigestFinal_ex(void)
 {
     EXPECT_DECLS;
@@ -63289,7 +42156,7 @@ static int test_wolfSSL_EVP_BytesToKey(void)
                 16);
     md = "2";
     ExpectIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
-                 WOLFSSL_FAILURE);
+                 WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Good case */
     md = EVP_sha256();
@@ -63321,40 +42188,40 @@ static int test_evp_cipher_aes_gcm(void)
         NUM_ENCRYPTIONS = 3,
         AAD_SIZE = 4
     };
-    byte plainText1[] = {
+    static const byte plainText1[] = {
         0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
         0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
         0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23
     };
-    byte plainText2[] = {
+    static const byte plainText2[] = {
         0x42, 0x49, 0x3b, 0x27, 0x03, 0x35, 0x59, 0x14, 0x41, 0x47, 0x37, 0x14,
         0x0e, 0x34, 0x0d, 0x28, 0x63, 0x09, 0x0a, 0x5b, 0x22, 0x57, 0x42, 0x22,
         0x0f, 0x5c, 0x1e, 0x53, 0x45, 0x15, 0x62, 0x08, 0x60, 0x43, 0x50, 0x2c
     };
-    byte plainText3[] = {
+    static const byte plainText3[] = {
         0x36, 0x0d, 0x2b, 0x09, 0x4a, 0x56, 0x3b, 0x4c, 0x21, 0x22, 0x58, 0x0e,
         0x5b, 0x57, 0x10
     };
-    byte* plainTexts[NUM_ENCRYPTIONS] = {
+    static const byte* plainTexts[NUM_ENCRYPTIONS] = {
         plainText1,
         plainText2,
         plainText3
     };
-    const int plainTextSzs[NUM_ENCRYPTIONS] = {
+    static const int plainTextSzs[NUM_ENCRYPTIONS] = {
         sizeof(plainText1),
         sizeof(plainText2),
         sizeof(plainText3)
     };
-    byte aad1[AAD_SIZE] = {
+    static const byte aad1[AAD_SIZE] = {
         0x00, 0x00, 0x00, 0x01
     };
-    byte aad2[AAD_SIZE] = {
+    static const byte aad2[AAD_SIZE] = {
         0x00, 0x00, 0x00, 0x10
     };
-    byte aad3[AAD_SIZE] = {
+    static const byte aad3[AAD_SIZE] = {
         0x00, 0x00, 0x01, 0x00
     };
-    byte* aads[NUM_ENCRYPTIONS] = {
+    static const byte* aads[NUM_ENCRYPTIONS] = {
         aad1,
         aad2,
         aad3
@@ -63396,22 +42263,21 @@ static int test_evp_cipher_aes_gcm(void)
             0x5B, 0xEC, 0x52, 0x49, 0x32,
         }
     };
-
-    const byte expCipherText1[] = {
+    static const byte expCipherText1[] = {
         0xCB, 0x93, 0x4F, 0xC8, 0x22, 0xE2, 0xC0, 0x35, 0xAA, 0x6B, 0x41, 0x15,
         0x17, 0x30, 0x2F, 0x97, 0x20, 0x74, 0x39, 0x28, 0xF8, 0xEB, 0xC5, 0x51,
         0x7B, 0xD9, 0x8A, 0x36, 0xB8, 0xDA, 0x24, 0x80, 0xE7, 0x9E, 0x09, 0xDE
     };
-    const byte expCipherText2[] = {
+    static const byte expCipherText2[] = {
         0xF9, 0x32, 0xE1, 0x87, 0x37, 0x0F, 0x04, 0xC1, 0xB5, 0x59, 0xF0, 0x45,
         0x3A, 0x0D, 0xA0, 0x26, 0xFF, 0xA6, 0x8D, 0x38, 0xFE, 0xB8, 0xE5, 0xC2,
         0x2A, 0x98, 0x4A, 0x54, 0x8F, 0x1F, 0xD6, 0x13, 0x03, 0xB2, 0x1B, 0xC0
     };
-    const byte expCipherText3[] = {
+    static const byte expCipherText3[] = {
         0xD0, 0x37, 0x59, 0x1C, 0x2F, 0x85, 0x39, 0x4D, 0xED, 0xC2, 0x32, 0x5B,
         0x80, 0x5E, 0x6B,
     };
-    const byte* expCipherTexts[NUM_ENCRYPTIONS] = {
+    static const byte* expCipherTexts[NUM_ENCRYPTIONS] = {
         expCipherText1,
         expCipherText2,
         expCipherText3
@@ -63444,7 +42310,7 @@ static int test_evp_cipher_aes_gcm(void)
             ExpectIntEQ(EVP_CipherInit(encCtx, NULL, NULL, iv, 1),
                         SSL_SUCCESS);
             ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
-                        currentIv), SSL_FAILURE);
+                        currentIv), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
             ExpectIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), key, NULL, 0),
                         SSL_SUCCESS);
@@ -63468,7 +42334,7 @@ static int test_evp_cipher_aes_gcm(void)
          * been issued first.
          */
         ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
-                        currentIv), SSL_FAILURE);
+                        currentIv), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
         ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1,
                     (void*)iv), SSL_SUCCESS);
@@ -63489,7 +42355,7 @@ static int test_evp_cipher_aes_gcm(void)
                                              AAD_SIZE), SSL_SUCCESS);
             }
             else {
-                ExpectIntEQ(EVP_Cipher(encCtx, NULL, aads[j], AAD_SIZE),
+                ExpectIntEQ(EVP_Cipher(encCtx, NULL, (byte *)aads[j], AAD_SIZE),
                                        AAD_SIZE);
             }
 
@@ -63503,7 +42369,7 @@ static int test_evp_cipher_aes_gcm(void)
                             SSL_SUCCESS);
             }
             else {
-                ExpectIntEQ(EVP_Cipher(encCtx, cipherText, plainTexts[j],
+                ExpectIntEQ(EVP_Cipher(encCtx, cipherText, (byte *)plainTexts[j],
                             plainTextSzs[j]), plainTextSzs[j]);
             }
 
@@ -63541,7 +42407,7 @@ static int test_evp_cipher_aes_gcm(void)
                                              AAD_SIZE), SSL_SUCCESS);
             }
             else {
-                ExpectIntEQ(EVP_Cipher(decCtx, NULL, aads[j], AAD_SIZE),
+                ExpectIntEQ(EVP_Cipher(decCtx, NULL, (byte *)aads[j], AAD_SIZE),
                             AAD_SIZE);
             }
 
@@ -63658,14 +42524,10 @@ static int test_wolfSSL_OBJ_sn(void)
                            NID_stateOrProvinceName,NID_organizationName,
                            NID_organizationalUnitName,NID_emailAddress};
     const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"};
-    const char* sn_wolf_set[] = {WOLFSSL_COMMON_NAME,WOLFSSL_COUNTRY_NAME,
-                                WOLFSSL_LOCALITY_NAME, WOLFSSL_STATE_NAME,
-                                WOLFSSL_ORG_NAME, WOLFSSL_ORGUNIT_NAME,
-                                WOLFSSL_EMAIL_ADDR};
 
     ExpectIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef);
     for (i = 0; i < maxIdx; i++) {
-        ExpectIntEQ(wolfSSL_OBJ_sn2nid(sn_wolf_set[i]), nid_set[i]);
+        ExpectIntEQ(wolfSSL_OBJ_sn2nid(sn_open_set[i]), nid_set[i]);
         ExpectStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]);
     }
 
@@ -63673,9 +42535,9 @@ static int test_wolfSSL_OBJ_sn(void)
 }
 
 #if !defined(NO_BIO)
-static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s)
+static word32 TXT_DB_hash(const WOLFSSL_STRING *s)
 {
-    return lh_strhash(s[3]);
+    return (word32)lh_strhash(s[3]);
 }
 
 static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b)
@@ -63723,7 +42585,8 @@ static int test_wolfSSL_TXT_DB(void)
     BIO_free(bio);
 
     /* Test index */
-    ExpectIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash,
+    ExpectIntEQ(TXT_DB_create_index(db, 3, NULL,
+        (wolf_sk_hash_cb)(wc_ptr_t)TXT_DB_hash,
         (wolf_lh_compare_cb)TXT_DB_cmp), 1);
     ExpectNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
     fields[3] = "12DA";
@@ -63766,7 +42629,53 @@ static int test_wolfSSL_NCONF(void)
 }
 #endif /* OPENSSL_ALL */
 
-static int test_wolfSSL_X509V3_EXT_get(void) {
+static int test_wolfSSL_X509V3_set_ctx(void)
+{
+    EXPECT_DECLS;
+#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \
+    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
+    WOLFSSL_X509V3_CTX ctx;
+    WOLFSSL_X509* issuer = NULL;
+    WOLFSSL_X509* subject = NULL;
+    WOLFSSL_X509 req;
+    WOLFSSL_X509_CRL crl;
+
+    XMEMSET(&ctx, 0, sizeof(ctx));
+    ExpectNotNull(issuer = wolfSSL_X509_new());
+    ExpectNotNull(subject = wolfSSL_X509_new());
+    XMEMSET(&req, 0, sizeof(req));
+    XMEMSET(&crl, 0, sizeof(crl));
+
+    wolfSSL_X509V3_set_ctx(NULL, NULL, NULL, NULL, NULL, 0);
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, issuer, NULL, NULL, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, subject, NULL, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, &req, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, &crl, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 1);
+    /* X509 allocated in context results in 'failure' (but not return). */
+    wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0);
+    wolfSSL_X509_free(ctx.x509);
+    ctx.x509 = NULL;
+
+    wolfSSL_X509_free(subject);
+    wolfSSL_X509_free(issuer);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509V3_EXT_get(void)
+{
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     XFILE f = XBADFILE;
@@ -63776,6 +42685,36 @@ static int test_wolfSSL_X509V3_EXT_get(void) {
     WOLFSSL_X509* x509 = NULL;
     WOLFSSL_X509_EXTENSION* ext = NULL;
     const WOLFSSL_v3_ext_method* method = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    /* No object in extension. */
+    ExpectNull(wolfSSL_X509V3_EXT_get(ext));
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    /* NID is zero. */
+    ExpectNull(wolfSSL_X509V3_EXT_get(ext));
+    /* NID is not known. */
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = 1;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_get(ext));
+
+    /* NIDs not in certificate. */
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = NID_certificate_policies;
+    }
+    ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
+    ExpectIntEQ(method->ext_nid, NID_certificate_policies);
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = NID_crl_distribution_points;
+    }
+    ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
+    ExpectIntEQ(method->ext_nid, NID_crl_distribution_points);
+
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+    ext = NULL;
 
     ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
@@ -63789,6 +42728,9 @@ static int test_wolfSSL_X509V3_EXT_get(void) {
         ExpectIntNE((extNid = ext->obj->nid), NID_undef);
         ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
         ExpectIntEQ(method->ext_nid, extNid);
+        if (method->ext_nid == NID_subject_key_identifier) {
+            ExpectNotNull(method->i2s);
+        }
     }
 
     /* wolfSSL_X509V3_EXT_get() NULL argument test */
@@ -63833,8 +42775,22 @@ static int test_wolfSSL_X509V3_EXT_nconf(void)
     X509* x509 = NULL;
     unsigned int keyUsageFlags;
     unsigned int extKeyUsageFlags;
+    WOLFSSL_CONF conf;
+    WOLFSSL_X509V3_CTX ctx;
+#ifndef NO_WOLFSSL_STUB
+    WOLFSSL_LHASH lhash;
+#endif
 
     ExpectNotNull(x509 = X509_new());
+    ExpectNull(X509V3_EXT_nconf(NULL, NULL, ext_names[0], NULL));
+    ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[0], NULL));
+    ExpectNull(X509V3_EXT_nconf(NULL, NULL, "", ext_values[0]));
+    ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, 0, ext_values[0]));
+
+    /* conf and ctx ignored. */
+    ExpectNull(X509V3_EXT_nconf_nid(&conf, NULL, 0, ext_values[0]));
+    ExpectNull(X509V3_EXT_nconf_nid(NULL , &ctx, 0, ext_values[0]));
+    ExpectNull(X509V3_EXT_nconf_nid(&conf, &ctx, 0, ext_values[0]));
 
     /* keyUsage / extKeyUsage should match string above */
     keyUsageFlags = KU_DIGITAL_SIGNATURE
@@ -63883,11 +42839,159 @@ static int test_wolfSSL_X509V3_EXT_nconf(void)
         ext = NULL;
     }
     X509_free(x509);
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectIntEQ(wolfSSL_X509V3_EXT_add_nconf(NULL, NULL, NULL, NULL),
+        WOLFSSL_SUCCESS);
+    ExpectNull(wolfSSL_X509V3_EXT_conf_nid(NULL, NULL, 0, NULL));
+    ExpectNull(wolfSSL_X509V3_EXT_conf_nid(&lhash, NULL, 0, NULL));
+    wolfSSL_X509V3_set_ctx_nodb(NULL);
+#endif
 #endif
     return EXPECT_RESULT();
 }
 
-static int test_wolfSSL_X509V3_EXT(void) {
+static int test_wolfSSL_X509V3_EXT_bc(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_BASIC_CONSTRAINTS* bc = NULL;
+    WOLFSSL_ASN1_INTEGER* pathLen = NULL;
+
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+    ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new());
+    if (pathLen != NULL) {
+        pathLen->length = 2;
+    }
+
+    if (obj != NULL) {
+        obj->type = NID_basic_constraints;
+        obj->nid = NID_basic_constraints;
+    }
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectNotNull(wolfSSL_X509V3_EXT_get(ext));
+    /* No pathlen set. */
+    ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
+    wolfSSL_BASIC_CONSTRAINTS_free(bc);
+    bc = NULL;
+
+    if ((ext != NULL) && (ext->obj != NULL)) {
+        ext->obj->pathlen = pathLen;
+        pathLen = NULL;
+    }
+    /* pathlen set. */
+    ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
+
+    wolfSSL_ASN1_INTEGER_free(pathLen);
+    wolfSSL_BASIC_CONSTRAINTS_free(bc);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509V3_EXT_san(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_STACK* sk = NULL;
+
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+
+    if (obj != NULL) {
+        obj->type = NID_subject_alt_name;
+        obj->nid = NID_subject_alt_name;
+    }
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectNotNull(wolfSSL_X509V3_EXT_get(ext));
+    /* No extension stack set. */
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+
+    ExpectNotNull(sk = wolfSSL_sk_new_null());
+    if (ext != NULL) {
+        ext->ext_sk = sk;
+        sk = NULL;
+    }
+    /* Extension stack set. */
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+
+    wolfSSL_sk_free(sk);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509V3_EXT_aia(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_STACK* sk = NULL;
+    WOLFSSL_STACK* node = NULL;
+    WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL;
+    WOLFSSL_ASN1_OBJECT* entry = NULL;
+
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+
+    if (obj != NULL) {
+        obj->type = NID_info_access;
+        obj->nid = NID_info_access;
+    }
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectNotNull(wolfSSL_X509V3_EXT_get(ext));
+    /* No extension stack set. */
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+
+    ExpectNotNull(sk = wolfSSL_sk_new_null());
+    if (ext != NULL) {
+        ext->ext_sk = sk;
+        sk = NULL;
+    }
+    /* Extension stack set but empty. */
+    ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *)wolfSSL_X509V3_EXT_d2i(ext));
+    wolfSSL_AUTHORITY_INFO_ACCESS_free(aia);
+    aia = NULL;
+
+    ExpectNotNull(entry = wolfSSL_ASN1_OBJECT_new());
+    if (entry != NULL) {
+        entry->nid = WC_NID_ad_OCSP;
+        entry->obj = (const unsigned char*)"http://127.0.0.1";
+        entry->objSz = 16;
+    }
+    ExpectNotNull(node = wolfSSL_sk_new_node(NULL));
+    if ((node != NULL) && (ext != NULL)) {
+        node->type = STACK_TYPE_OBJ;
+        node->data.obj = entry;
+        entry = NULL;
+        ExpectIntEQ(wolfSSL_sk_push_node(&ext->ext_sk, node), WOLFSSL_SUCCESS);
+        if (EXPECT_SUCCESS()) {
+            node = NULL;
+        }
+    }
+    ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *)wolfSSL_X509V3_EXT_d2i(ext));
+    wolfSSL_ACCESS_DESCRIPTION_free(NULL);
+
+    wolfSSL_AUTHORITY_INFO_ACCESS_pop_free(aia,
+        wolfSSL_ACCESS_DESCRIPTION_free);
+    wolfSSL_ASN1_OBJECT_free(entry);
+    wolfSSL_sk_free(node);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509V3_EXT(void)
+{
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     XFILE f = XBADFILE;
@@ -63910,6 +43014,34 @@ static int test_wolfSSL_X509V3_EXT(void) {
     /* Check NULL argument */
     ExpectNull(wolfSSL_X509V3_EXT_d2i(NULL));
 
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = ext->obj->type = NID_ext_key_usage;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = ext->obj->type = NID_certificate_policies;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = ext->obj->type = NID_crl_distribution_points;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->nid = ext->obj->type = NID_subject_alt_name;
+    }
+    ExpectNull(wolfSSL_X509V3_EXT_d2i(ext));
+
+    wolfSSL_ASN1_OBJECT_free(obj);
+    obj = NULL;
+    wolfSSL_X509_EXTENSION_free(ext);
+    ext = NULL;
+
     /* Using OCSP cert with X509V3 extensions */
     ExpectTrue((f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb")) != XBADFILE);
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
@@ -63983,11 +43115,11 @@ static int test_wolfSSL_X509V3_EXT(void) {
     ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage);
 
     ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
-    #if defined(WOLFSSL_QT)
+#if defined(WOLFSSL_QT)
     ExpectNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str));
-    #else
+#else
     ExpectNotNull(data = wolfSSL_ASN1_STRING_data(asn1str));
-    #endif
+#endif
     expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN;
     if (data != NULL) {
     #ifdef BIG_ENDIAN_ORDER
@@ -63999,7 +43131,8 @@ static int test_wolfSSL_X509V3_EXT(void) {
     ExpectIntEQ(actual, expected);
     wolfSSL_ASN1_STRING_free(asn1str);
     asn1str = NULL;
-#if 1
+    ExpectIntEQ(wolfSSL_X509_get_keyUsage(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_get_keyUsage(x509), expected);
     i++;
 
     /* Authority Info Access */
@@ -64038,11 +43171,18 @@ static int test_wolfSSL_X509V3_EXT(void) {
     }
     ExpectIntEQ(actual, 0);
 
+    ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(NULL), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(aia), 1);
+    ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(NULL, 0));
+    ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 1));
+    ExpectNotNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 0));
     wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
     aia = NULL;
-#else
-    (void) aia; (void) ad; (void) adObj; (void) gn;
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(wolfSSL_X509_delete_ext(x509, 0));
 #endif
+
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -64058,6 +43198,16 @@ static int test_wolfSSL_X509_get_extension_flags(void)
     unsigned int keyUsageFlags;
     unsigned int extKeyUsageFlags;
 
+    ExpectIntEQ(X509_get_extension_flags(NULL), 0);
+    ExpectIntEQ(X509_get_key_usage(NULL), 0);
+    ExpectIntEQ(X509_get_extended_key_usage(NULL), 0);
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(X509_get_extension_flags(x509), 0);
+    ExpectIntEQ(X509_get_key_usage(x509), -1);
+    ExpectIntEQ(X509_get_extended_key_usage(x509), 0);
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     /* client-int-cert.pem has the following extension flags. */
     extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE;
     /* and the following key usage flags. */
@@ -64127,6 +43277,8 @@ static int test_wolfSSL_X509_get_ext(void)
     /* wolfSSL_X509_get_ext() NULL x509, valid idx */
     ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0));
 
+    ExpectNull(wolfSSL_X509_get0_extensions(NULL));
+
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -64141,6 +43293,12 @@ static int test_wolfSSL_X509_get_ext_by_NID(void)
     WOLFSSL_X509* x509 = NULL;
     ASN1_OBJECT* obj = NULL;
 
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1),
+        WOLFSSL_FATAL_ERROR);
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
     ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
     if (f != XBADFILE)
@@ -64148,6 +43306,8 @@ static int test_wolfSSL_X509_get_ext_by_NID(void)
 
     ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints,
         -1), 0);
+    ExpectIntGE(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, 20),
+        -1);
 
     /* Start search from last location (should fail) */
     ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints,
@@ -64206,6 +43366,381 @@ static int test_wolfSSL_X509_get_ext_subj_alt_name(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_set_ext(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_RSA)
+    WOLFSSL_X509* x509 = NULL;
+    XFILE f = XBADFILE;
+    int loc;
+
+    ExpectNull(wolfSSL_X509_set_ext(NULL, 0));
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+    /* Location too small. */
+    ExpectNull(wolfSSL_X509_set_ext(x509, -1));
+    /* Location too big. */
+    ExpectNull(wolfSSL_X509_set_ext(x509, 1));
+    /* No DER encoding. */
+    ExpectNull(wolfSSL_X509_set_ext(x509, 0));
+    wolfSSL_X509_free(x509);
+    x509 = NULL;
+
+    ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
+    ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+    }
+    for (loc = 0; loc < wolfSSL_X509_get_ext_count(x509); loc++) {
+        ExpectNotNull(wolfSSL_X509_set_ext(x509, loc));
+    }
+
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(OPENSSL_ALL)
+static int test_X509_add_basic_constraints(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte basicConsObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x13 };
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    ASN1_INTEGER* pathLen = NULL;
+
+    p = basicConsObj;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p,
+        sizeof(basicConsObj)));
+    if (obj != NULL) {
+        obj->type = NID_basic_constraints;
+    }
+    ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new());
+    if (pathLen != NULL) {
+        pathLen->length = 2;
+    }
+    if (obj != NULL) {
+        obj->ca = 0;
+    }
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    if (ext != NULL && ext->obj != NULL) {
+        ext->obj->ca = 0;
+        ext->obj->pathlen = pathLen;
+    }
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->isCa, 0);
+    ExpectIntEQ(x509->pathLength, 2);
+    if (ext != NULL && ext->obj != NULL) {
+        /* Add second time to without path length. */
+        ext->obj->ca = 1;
+        ext->obj->pathlen = NULL;
+    }
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->isCa, 1);
+    ExpectIntEQ(x509->pathLength, 2);
+    ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(x509), 1);
+    ExpectIntEQ(wolfSSL_X509_get_pathLength(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_get_pathLength(x509), 2);
+
+    wolfSSL_ASN1_INTEGER_free(pathLen);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+
+static int test_X509_add_key_usage(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f };
+    const byte data[] = { 0x04, 0x02, 0x01, 0x80 };
+    const byte emptyData[] = { 0x04, 0x00 };
+    const char* strData = "digitalSignature,keyCertSign";
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    p = objData;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData)));
+    if (obj != NULL) {
+        obj->type = NID_key_usage;
+    }
+    p = data;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data)));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    /* No Data - no change. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->keyUsage, KEYUSE_DECIPHER_ONLY | KEYUSE_ENCIPHER_ONLY);
+
+    /* Add second time with string to interpret. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->keyUsage, KEYUSE_DIGITAL_SIG | KEYUSE_KEY_CERT_SIGN);
+
+    /* Empty data. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    p = emptyData;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p,
+        (long)sizeof(emptyData)));
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE);
+
+    /* Invalid string to parse. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE);
+
+    wolfSSL_ASN1_STRING_free(str);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+
+static int test_X509_add_ext_key_usage(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 };
+    const byte data[] = { 0x04, 0x01, 0x01 };
+    const byte emptyData[] = { 0x04, 0x00 };
+    const char* strData = "serverAuth,codeSigning";
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    p = objData;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData)));
+    if (obj != NULL) {
+        obj->type = NID_ext_key_usage;
+    }
+    p = data;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data)));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    /* No Data - no change. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_ANY);
+
+    /* Add second time with string to interpret. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_SERVER_AUTH | EXTKEYUSE_CODESIGN);
+
+    /* Empty data. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    p = emptyData;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p,
+        (long)sizeof(emptyData)));
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE);
+
+    /* Invalid string to parse. */
+    wolfSSL_ASN1_STRING_free(str);
+    str = NULL;
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE);
+
+    wolfSSL_ASN1_STRING_free(str);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+
+static int test_x509_add_auth_key_id(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 };
+    const byte data[] = {
+        0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, 0x80, 0x14,
+        0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d,
+        0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d,
+        0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, 0x9a, 0xa4,
+        0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30,
+        0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+        0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+        0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
+        0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
+        0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42,
+        0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11,
+        0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+        0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74,
+        0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+        0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73,
+        0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18,
+        0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+        0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c,
+        0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+        0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86,
+        0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16,
+        0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f,
+        0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
+        0x6d, 0x82, 0x14, 0x33, 0x44, 0x1a, 0xa8, 0x6c,
+        0x01, 0xec, 0xf6, 0x60, 0xf2, 0x70, 0x51, 0x0a,
+        0x4c, 0xd1, 0x14, 0xfa, 0xbc, 0xe9, 0x44
+    };
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    p = objData;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData)));
+    if (obj != NULL) {
+        obj->type = NID_authority_key_identifier;
+    }
+    p = data;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data)));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+
+    /* Add second time with string to interpret. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+
+    wolfSSL_ASN1_STRING_free(str);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+
+static int test_x509_add_subj_key_id(WOLFSSL_X509* x509)
+{
+    EXPECT_DECLS;
+    const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e };
+    const byte data[] = {
+        0x04, 0x16, 0x04, 0x14, 0xb3, 0x11, 0x32, 0xc9,
+        0x92, 0x98, 0x84, 0xe2, 0xc9, 0xf8, 0xd0, 0x3b,
+        0x6e, 0x03, 0x42, 0xca, 0x1f, 0x0e, 0x8e, 0x3c
+    };
+    const byte* p;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    p = objData;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData)));
+    if (obj != NULL) {
+        obj->type = NID_subject_key_identifier;
+    }
+    p = data;
+    ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data)));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    /* Add second time with string to interpret. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+
+    wolfSSL_ASN1_STRING_free(str);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_X509_EXTENSION_free(ext);
+
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_wolfSSL_X509_add_ext(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL)
+    WOLFSSL_X509* x509 = NULL;
+    WOLFSSL_X509_EXTENSION* ext_empty = NULL;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+    WOLFSSL_ASN1_STRING* data = NULL;
+    const byte* p;
+    const byte subjAltNameObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 };
+    const byte subjAltName[] = {
+        0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+        0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01
+    };
+
+    ExpectNotNull(x509 = wolfSSL_X509_new());
+
+    /* Create extension: Subject Alternative Name */
+    ExpectNotNull(ext_empty = wolfSSL_X509_EXTENSION_new());
+    p = subjAltName;
+    ExpectNotNull(data = d2i_ASN1_OCTET_STRING(NULL, &p,
+        (long)sizeof(subjAltName)));
+    p = subjAltNameObj;
+    ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p,
+        sizeof(subjAltNameObj)));
+    if (obj != NULL) {
+        obj->type = NID_subject_alt_name;
+    }
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, data), WOLFSSL_SUCCESS);
+
+    /* Failure cases. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext_empty, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* Add: Subject Alternative Name */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+    /* Add second time to ensure no memory leaks. */
+    ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
+
+    wolfSSL_X509_EXTENSION_free(ext);
+    wolfSSL_ASN1_OBJECT_free(obj);
+    wolfSSL_ASN1_STRING_free(data);
+    wolfSSL_X509_EXTENSION_free(ext_empty);
+
+    EXPECT_TEST(test_X509_add_basic_constraints(x509));
+    EXPECT_TEST(test_X509_add_key_usage(x509));
+    EXPECT_TEST(test_X509_add_ext_key_usage(x509));
+    EXPECT_TEST(test_x509_add_auth_key_id(x509));
+    EXPECT_TEST(test_x509_add_subj_key_id(x509));
+
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_X509_EXTENSION_new(void)
 {
     EXPECT_DECLS;
@@ -64215,6 +43750,24 @@ static int test_wolfSSL_X509_EXTENSION_new(void)
     ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
     ExpectNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new());
 
+    wolfSSL_X509_EXTENSION_free(NULL);
+    wolfSSL_X509_EXTENSION_free(ext);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_EXTENSION_dup(void)
+{
+    EXPECT_DECLS;
+#if defined (OPENSSL_ALL)
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_X509_EXTENSION* dup = NULL;
+
+    ExpectNull(wolfSSL_X509_EXTENSION_dup(NULL));
+    ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
+    ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext));
+
+    wolfSSL_X509_EXTENSION_free(dup);
     wolfSSL_X509_EXTENSION_free(ext);
 #endif
     return EXPECT_RESULT();
@@ -64226,6 +43779,7 @@ static int test_wolfSSL_X509_EXTENSION_get_object(void)
 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
     WOLFSSL_X509* x509 = NULL;
     WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_X509_EXTENSION* dup = NULL;
     WOLFSSL_ASN1_OBJECT* o = NULL;
     XFILE file = XBADFILE;
 
@@ -64239,6 +43793,8 @@ static int test_wolfSSL_X509_EXTENSION_get_object(void)
     ExpectNull(wolfSSL_X509_EXTENSION_get_object(NULL));
     ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
     ExpectIntEQ(o->nid, 128);
+    ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext));
+    wolfSSL_X509_EXTENSION_free(dup);
 
     /* wolfSSL_X509_EXTENSION_get_object() NULL argument */
     ExpectNull(o = wolfSSL_X509_EXTENSION_get_object(NULL));
@@ -64286,7 +43842,7 @@ static int test_wolfSSL_X509_EXTENSION_get_critical(void)
         XFCLOSE(file);
     ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
 
-    ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0);
 
     wolfSSL_X509_free(x509);
@@ -64294,6 +43850,62 @@ static int test_wolfSSL_X509_EXTENSION_get_critical(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_EXTENSION_create_by_OBJ(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
+    XFILE file = XBADFILE;
+    WOLFSSL_X509* x509 = NULL;
+    WOLFSSL_X509* empty = NULL;
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+    WOLFSSL_X509_EXTENSION* ext2 = NULL;
+    WOLFSSL_X509_EXTENSION* ext3 = NULL;
+    WOLFSSL_ASN1_OBJECT* o = NULL;
+    int crit = 0;
+    WOLFSSL_ASN1_STRING* str = NULL;
+
+    ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
+    ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
+    if (file != XBADFILE)
+        XFCLOSE(file);
+    ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
+
+    ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
+    ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0);
+    ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext));
+
+    ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, NULL));
+    ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, 0, NULL));
+    ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, str));
+    ExpectNotNull(ext2 = wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, crit,
+        str));
+    ExpectNotNull(ext3 = wolfSSL_X509_EXTENSION_create_by_OBJ(ext2, o, crit,
+        str));
+    if (ext3 == NULL) {
+        wolfSSL_X509_EXTENSION_free(ext2);
+    }
+    wolfSSL_X509_EXTENSION_free(ext3);
+
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, NULL, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, o, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectNotNull(empty = wolfSSL_X509_new());
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, NULL, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, o, -1),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    wolfSSL_X509_free(empty);
+    empty = NULL;
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, -2), 0);
+    ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, 0),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+
+    wolfSSL_X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_X509V3_EXT_print(void)
 {
     EXPECT_DECLS;
@@ -64317,6 +43929,15 @@ static int test_wolfSSL_X509V3_EXT_print(void)
         ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509,
             NID_basic_constraints, -1), -1);
         ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
+
+        /* Failure cases. */
+        ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, NULL, 0, 0),
+            WOLFSSL_FAILURE);
+        ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio , NULL, 0, 0),
+            WOLFSSL_FAILURE);
+        ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, ext , 0, 0),
+            WOLFSSL_FAILURE);
+        /* Good case. */
         ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
 
         ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509,
@@ -64367,6 +43988,46 @@ static int test_wolfSSL_X509V3_EXT_print(void)
         BIO_free(bio);
         X509_free(x509);
     }
+
+    {
+        BIO* bio = NULL;
+        X509_EXTENSION* ext = NULL;
+        WOLFSSL_ASN1_OBJECT* obj = NULL;
+
+        ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
+        ExpectNotNull(ext = X509_EXTENSION_new());
+
+        /* No object. */
+        ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_FAILURE);
+
+        ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+        ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj),
+            WOLFSSL_SUCCESS);
+
+        /* NID not supported yet - just doesn't write anything. */
+        if (ext != NULL && ext->obj != NULL) {
+            ext->obj->nid = AUTH_INFO_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+            ext->obj->nid = CERT_POLICY_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+            ext->obj->nid = CRL_DIST_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+            ext->obj->nid = KEY_USAGE_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+
+            ext->obj->nid = EXT_KEY_USAGE_OID;
+            ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0),
+                WOLFSSL_SUCCESS);
+        }
+
+        wolfSSL_ASN1_OBJECT_free(obj);
+        X509_EXTENSION_free(ext);
+        BIO_free(bio);
+    }
 #endif
     return EXPECT_RESULT();
 }
@@ -64379,6 +44040,7 @@ static int test_wolfSSL_X509_cmp(void)
     XFILE file2 = XBADFILE;
     WOLFSSL_X509* cert1 = NULL;
     WOLFSSL_X509* cert2 = NULL;
+    WOLFSSL_X509* empty = NULL;
 
     ExpectTrue((file1 = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
     ExpectTrue((file2 = XFOPEN("./certs/3072/client-cert.pem", "rb")) !=
@@ -64391,6 +44053,8 @@ static int test_wolfSSL_X509_cmp(void)
     if (file2 != XBADFILE)
         fclose(file2);
 
+    ExpectNotNull(empty = wolfSSL_X509_new());
+
     /* wolfSSL_X509_cmp() testing matching certs */
     ExpectIntEQ(0, wolfSSL_X509_cmp(cert1, cert1));
 
@@ -64398,16 +44062,21 @@ static int test_wolfSSL_X509_cmp(void)
     ExpectIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2));
 
     /* wolfSSL_X509_cmp() testing NULL, valid args */
-    ExpectIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, cert2));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, cert2));
 
     /* wolfSSL_X509_cmp() testing valid, NULL args */
-    ExpectIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(cert1, NULL));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(cert1, NULL));
 
     /* wolfSSL_X509_cmp() testing NULL, NULL args */
-    ExpectIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, NULL));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, NULL));
 
-    wolfSSL_X509_free(cert1);
+    /* wolfSSL_X509_cmp() testing empty cert */
+    ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(empty, cert2));
+    ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(cert1, empty));
+
+    wolfSSL_X509_free(empty);
     wolfSSL_X509_free(cert2);
+    wolfSSL_X509_free(cert1);
 #endif
     return EXPECT_RESULT();
 }
@@ -64476,10 +44145,10 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     int derLen;
     unsigned char pub_buf[65];
     const int pub_len = 65;
-    BN_CTX* ctx;
+    BN_CTX* ctx = NULL;
     EC_GROUP* curve = NULL;
     EC_KEY* ephemeral_key = NULL;
-    const EC_POINT* h;
+    const EC_POINT* h = NULL;
 
     /* Generate an x963 key pair and get public part into pub_buf */
     ExpectNotNull(ctx = BN_CTX_new());
@@ -64516,6 +44185,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     EVP_PKEY_free(pkey);
     EC_KEY_free(ephemeral_key);
     EC_GROUP_free(curve);
+    BN_CTX_free(ctx);
 #endif
     return EXPECT_RESULT();
 }
@@ -64635,7 +44305,8 @@ static int test_wolfSSL_OCSP_id_get0_info(void)
 {
     EXPECT_DECLS;
 #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && \
-    defined(HAVE_OCSP) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    defined(HAVE_OCSP) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
+    !defined(WOLFSSL_SM2) && !defined(WOLFSSL_SM3)
     X509* cert = NULL;
     X509* issuer = NULL;
     OCSP_CERTID* id = NULL;
@@ -64670,6 +44341,7 @@ static int test_wolfSSL_OCSP_id_get0_info(void)
     ExpectNotNull(x509Int = X509_get_serialNumber(cert));
     ExpectIntEQ(x509Int->length, serial->length);
     ExpectIntEQ(XMEMCMP(x509Int->data, serial->data, serial->length), 0);
+    ExpectNotNull(x509Int = X509_get_serialNumber(cert));
 
     /* test OCSP_id_cmp */
     ExpectIntNE(OCSP_id_cmp(NULL, NULL), 0);
@@ -64744,7 +44416,6 @@ static int test_wolfSSL_d2i_OCSP_CERTID(void)
 {
     EXPECT_DECLS;
 #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP)
-    WOLFSSL_OCSP_CERTID* certId;
     WOLFSSL_OCSP_CERTID* certIdGood;
     WOLFSSL_OCSP_CERTID* certIdBad;
     const unsigned char* rawCertIdPtr;
@@ -64763,40 +44434,45 @@ static int test_wolfSSL_d2i_OCSP_CERTID(void)
 
     /* If the cert ID is NULL the function should allocate it and copy the
      * data to it. */
-    certId = NULL;
-    ExpectNotNull(certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr,
-        sizeof(rawCertId)));
-    ExpectIntEQ(certId->rawCertIdSize, sizeof(rawCertId));
-    if (certId != NULL) {
-        XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
-        XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
+    {
+        WOLFSSL_OCSP_CERTID* certId = NULL;
+        ExpectNotNull(certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr,
+                                                       sizeof(rawCertId)));
+        if (certId != NULL) {
+            XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
+            wolfSSL_OCSP_CERTID_free(certId);
+        }
     }
 
     /* If the cert ID is not NULL the function will just copy the data to it. */
-    ExpectNotNull(certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*certId), NULL,
-        DYNAMIC_TYPE_TMP_BUFFER));
-    ExpectNotNull(certId);
-    ExpectNotNull(XMEMSET(certId, 0, sizeof(*certId)));
+    {
+        WOLFSSL_OCSP_CERTID* certId = NULL;
+        ExpectNotNull(certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*certId), NULL,
+                                                             DYNAMIC_TYPE_TMP_BUFFER));
+        ExpectNotNull(certId);
+        if (certId != NULL)
+            XMEMSET(certId, 0, sizeof(*certId));
 
-    /* Reset rawCertIdPtr since it was push forward in the previous call. */
-    rawCertIdPtr = &rawCertId[0];
-    ExpectNotNull(certIdGood = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr,
-        sizeof(rawCertId)));
-    ExpectPtrEq(certIdGood, certId);
-    ExpectIntEQ(certId->rawCertIdSize, sizeof(rawCertId));
-    if (certId != NULL) {
-        XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
-        XFREE(certId, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        certId = NULL;
+        /* Reset rawCertIdPtr since it was push forward in the previous call. */
+        rawCertIdPtr = &rawCertId[0];
+        ExpectNotNull(certIdGood = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr,
+                                                           sizeof(rawCertId)));
+        ExpectPtrEq(certIdGood, certId);
+        if (certId != NULL) {
+            XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
+            wolfSSL_OCSP_CERTID_free(certId);
+            certId = NULL;
+        }
     }
 
     /* The below tests should fail when passed bad parameters. NULL should
      * always be returned. */
-    ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(NULL, &rawCertIdPtr,
-        sizeof(rawCertId)));
-    ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, NULL,
-        sizeof(rawCertId)));
-    ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, 0));
+    {
+        WOLFSSL_OCSP_CERTID* certId = NULL;
+        ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, NULL,
+                                                       sizeof(rawCertId)));
+        ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, 0));
+    }
 #endif
     return EXPECT_RESULT();
 }
@@ -64912,6 +44588,320 @@ static int test_wolfSSL_OCSP_resp_get0(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_OCSP_parse_url(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(HAVE_OCSP)
+#define CK_OPU_OK(u, h, po, pa, s) do { \
+    char* host = NULL; \
+    char* port = NULL; \
+    char* path = NULL; \
+    int isSsl = 0; \
+    ExpectIntEQ(OCSP_parse_url(u, &host, &port, &path, &isSsl), 1); \
+    ExpectStrEQ(host, h); \
+    ExpectStrEQ(port, po); \
+    ExpectStrEQ(path, pa); \
+    ExpectIntEQ(isSsl, s); \
+    XFREE(host, NULL, DYNAMIC_TYPE_OPENSSL); \
+    XFREE(port, NULL, DYNAMIC_TYPE_OPENSSL); \
+    XFREE(path, NULL, DYNAMIC_TYPE_OPENSSL); \
+} while(0)
+
+#define CK_OPU_FAIL(u) do { \
+    char* host = NULL; \
+    char* port = NULL; \
+    char* path = NULL; \
+    int isSsl = 0; \
+    ExpectIntEQ(OCSP_parse_url(u, &host, &port, &path, &isSsl), 0); \
+    XFREE(host, NULL, DYNAMIC_TYPE_OPENSSL); \
+    XFREE(port, NULL, DYNAMIC_TYPE_OPENSSL); \
+    XFREE(path, NULL, DYNAMIC_TYPE_OPENSSL); \
+} while(0)
+
+    CK_OPU_OK("http://localhost", "localhost", "80", "/", 0);
+    CK_OPU_OK("https://wolfssl.com", "wolfssl.com", "443", "/", 1);
+    CK_OPU_OK("https://www.wolfssl.com/fips-140-3-announcement-to-the-world/",
+         "www.wolfssl.com", "443", "/fips-140-3-announcement-to-the-world/", 1);
+    CK_OPU_OK("http://localhost:1234", "localhost", "1234", "/", 0);
+    CK_OPU_OK("https://localhost:1234", "localhost", "1234", "/", 1);
+
+    CK_OPU_FAIL("ftp://localhost");
+    /* two strings to cppcheck doesn't mark it as a c++ style comment */
+    CK_OPU_FAIL("http/""/localhost");
+    CK_OPU_FAIL("http:/localhost");
+    CK_OPU_FAIL("https://localhost/path:1234");
+
+#undef CK_OPU_OK
+#undef CK_OPU_FAIL
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \
+    defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_ASN_TIME) && \
+    !defined(WOLFSSL_SM2) && !defined(WOLFSSL_SM3)
+static time_t test_wolfSSL_OCSP_REQ_CTX_time_cb(time_t* t)
+{
+    if (t != NULL) {
+        *t = 1722006780;
+    }
+
+    return 1722006780;
+}
+#endif
+
+static int test_wolfSSL_OCSP_REQ_CTX(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \
+    defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) && \
+    !defined(WOLFSSL_SM2) && !defined(WOLFSSL_SM3)
+    /* This buffer was taken from the ocsp-stapling.test test case 1. The ocsp
+     * response was captured in wireshark. It contains both the http and binary
+     * parts. The time test_wolfSSL_OCSP_REQ_CTX_time_cb is set exactly so that
+     * the time check passes. */
+    unsigned char ocspRespBin[] = {
+      0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30,
+      0x20, 0x4f, 0x4b, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74,
+      0x2d, 0x74, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x61, 0x70, 0x70, 0x6c, 0x69,
+      0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2d,
+      0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x0d, 0x0a, 0x43, 0x6f,
+      0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68,
+      0x3a, 0x20, 0x31, 0x38, 0x32, 0x31, 0x0d, 0x0a, 0x0d, 0x0a, 0x30, 0x82,
+      0x07, 0x19, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x12, 0x30, 0x82, 0x07,
+      0x0e, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01,
+      0x04, 0x82, 0x06, 0xff, 0x30, 0x82, 0x06, 0xfb, 0x30, 0x82, 0x01, 0x19,
+      0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
+      0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
+      0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e,
+      0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
+      0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10,
+      0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c,
+      0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
+      0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69,
+      0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+      0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53,
+      0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31,
+      0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+      0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c,
+      0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30,
+      0x32, 0x34, 0x30, 0x37, 0x32, 0x36, 0x31, 0x35, 0x31, 0x32, 0x30, 0x35,
+      0x5a, 0x30, 0x62, 0x30, 0x60, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b,
+      0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59,
+      0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18,
+      0xda, 0x04, 0x04, 0x14, 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02,
+      0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e,
+      0x02, 0x01, 0x05, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x30,
+      0x37, 0x32, 0x36, 0x31, 0x35, 0x31, 0x32, 0x30, 0x35, 0x5a, 0xa0, 0x11,
+      0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x30, 0x37, 0x32, 0x36, 0x31, 0x35,
+      0x31, 0x33, 0x30, 0x35, 0x5a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+      0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01,
+      0x00, 0x89, 0x7a, 0xe9, 0x6b, 0x66, 0x47, 0x8e, 0x52, 0x16, 0xf9, 0x8a,
+      0x5a, 0x1e, 0x7a, 0x35, 0xbb, 0x1d, 0x6c, 0xd8, 0x31, 0xbb, 0x24, 0xd2,
+      0xd7, 0xa4, 0x30, 0x27, 0x06, 0x17, 0x66, 0xd1, 0xf9, 0x8d, 0x24, 0xb0,
+      0x49, 0x37, 0x62, 0x13, 0x78, 0x5e, 0xa6, 0x6d, 0xea, 0xe3, 0xd0, 0x30,
+      0x82, 0x7d, 0xb6, 0xf6, 0x55, 0x82, 0x11, 0xdc, 0xe7, 0x0f, 0xd6, 0x24,
+      0xb4, 0x80, 0x23, 0x4f, 0xfd, 0xa7, 0x9a, 0x4b, 0xac, 0xf2, 0xd3, 0xde,
+      0x42, 0x10, 0xfb, 0x4b, 0x29, 0x06, 0x02, 0x7b, 0x47, 0x36, 0x70, 0x75,
+      0x45, 0x38, 0x8d, 0x3e, 0x55, 0x9c, 0xce, 0x78, 0xd8, 0x18, 0x45, 0x47,
+      0x2d, 0x2a, 0x46, 0x65, 0x13, 0x93, 0x1a, 0x98, 0x90, 0xc6, 0x2d, 0xd5,
+      0x05, 0x2a, 0xfc, 0xcb, 0xac, 0x53, 0x73, 0x93, 0x42, 0x4e, 0xdb, 0x17,
+      0x91, 0xcb, 0xe1, 0x08, 0x03, 0xd1, 0x33, 0x57, 0x4b, 0x1d, 0xb8, 0x71,
+      0x84, 0x01, 0x04, 0x47, 0x6f, 0x06, 0xfa, 0x76, 0x7d, 0xd9, 0x37, 0x64,
+      0x57, 0x37, 0x3a, 0x8f, 0x4d, 0x88, 0x11, 0xa5, 0xd4, 0xaa, 0xcb, 0x49,
+      0x47, 0x86, 0xdd, 0xcf, 0x46, 0xa6, 0xfa, 0x8e, 0xf2, 0x62, 0x0f, 0xc9,
+      0x25, 0xf2, 0x39, 0x62, 0x3e, 0x2d, 0x35, 0xc4, 0x76, 0x7b, 0xae, 0xd5,
+      0xe8, 0x85, 0xa1, 0xa6, 0x2d, 0x41, 0xd6, 0x8e, 0x3c, 0xfa, 0xdc, 0x6c,
+      0x66, 0xe2, 0x61, 0xe7, 0xe5, 0x90, 0xa1, 0xfd, 0x7f, 0xdb, 0x18, 0xd0,
+      0xeb, 0x6d, 0x73, 0x08, 0x5f, 0x6a, 0x65, 0x44, 0x50, 0xad, 0x38, 0x9d,
+      0xb6, 0xfb, 0xbf, 0x28, 0x55, 0x84, 0x65, 0xfa, 0x0e, 0x34, 0xfc, 0x43,
+      0x19, 0x80, 0x5c, 0x7d, 0x2d, 0x5b, 0xd8, 0x60, 0xec, 0x0e, 0xf9, 0x1e,
+      0x6e, 0x32, 0x3f, 0x35, 0xf7, 0xec, 0x7e, 0x47, 0xba, 0xb5, 0xd2, 0xaa,
+      0x5a, 0x9d, 0x07, 0x2c, 0xc5, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04,
+      0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02,
+      0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+      0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31,
+      0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+      0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57,
+      0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
+      0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74,
+      0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a,
+      0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30,
+      0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69,
+      0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06,
+      0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53,
+      0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30,
+      0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
+      0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73,
+      0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34,
+      0x30, 0x37, 0x32, 0x36, 0x31, 0x35, 0x31, 0x32, 0x30, 0x34, 0x5a, 0x17,
+      0x0d, 0x32, 0x37, 0x30, 0x34, 0x32, 0x32, 0x31, 0x35, 0x31, 0x32, 0x30,
+      0x34, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+      0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+      0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
+      0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
+      0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30,
+      0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66,
+      0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
+      0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
+      0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16,
+      0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50,
+      0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f,
+      0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
+      0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66,
+      0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30,
+      0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
+      0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02,
+      0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, 0x14,
+      0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85, 0x23,
+      0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c,
+      0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b,
+      0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, 0xd6,
+      0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b, 0xfe,
+      0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3,
+      0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43,
+      0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, 0x55,
+      0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a, 0x73,
+      0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87,
+      0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97,
+      0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, 0x66,
+      0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb, 0x17,
+      0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19,
+      0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08,
+      0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, 0xcf,
+      0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b, 0xd8,
+      0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73,
+      0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84,
+      0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, 0x1c,
+      0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01, 0x00,
+      0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06,
+      0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03,
+      0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79,
+      0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56,
+      0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
+      0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f,
+      0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e,
+      0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97,
+      0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
+      0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a,
+      0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
+      0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61,
+      0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
+      0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14,
+      0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67,
+      0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16,
+      0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+      0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f,
+      0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
+      0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66,
+      0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13,
+      0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b,
+      0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+      0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
+      0x01, 0x01, 0x00, 0x37, 0xb9, 0x66, 0xd3, 0xa1, 0x08, 0xfc, 0x37, 0x58,
+      0x4e, 0xe0, 0x8c, 0xd3, 0x7f, 0xa6, 0x0f, 0x59, 0xd3, 0x14, 0xf7, 0x4b,
+      0x36, 0xf7, 0x2e, 0x98, 0xeb, 0x7c, 0x03, 0x3f, 0x3a, 0xd6, 0x9c, 0xcd,
+      0xb4, 0x9e, 0x8d, 0x5f, 0x92, 0xa6, 0x6f, 0x63, 0x87, 0x34, 0xe8, 0x83,
+      0xfd, 0x6d, 0x34, 0x64, 0xb5, 0xf0, 0x9c, 0x71, 0x02, 0xb8, 0xf6, 0x2f,
+      0x10, 0xa0, 0x92, 0x8f, 0x3f, 0x86, 0x3e, 0xe2, 0x01, 0x5a, 0x56, 0x39,
+      0x0a, 0x8d, 0xb1, 0xbe, 0x03, 0xf7, 0xf8, 0xa7, 0x88, 0x46, 0xef, 0x81,
+      0xa0, 0xad, 0x86, 0xc9, 0xe6, 0x23, 0x89, 0x1d, 0xa6, 0x24, 0x45, 0xf2,
+      0x6a, 0x83, 0x2d, 0x8e, 0x92, 0x17, 0x1e, 0x44, 0x19, 0xfa, 0x0f, 0x47,
+      0x6b, 0x8f, 0x4a, 0xa2, 0xda, 0xab, 0xd5, 0x2b, 0xcd, 0xcb, 0x14, 0xf0,
+      0xb5, 0xcf, 0x7c, 0x76, 0x42, 0x32, 0x90, 0x21, 0xdc, 0xdd, 0x52, 0xfc,
+      0x53, 0x7e, 0xff, 0x7f, 0xd9, 0x58, 0x6b, 0x1f, 0x73, 0xee, 0x83, 0xf4,
+      0x67, 0xfa, 0x4a, 0x4f, 0x24, 0xe4, 0x2b, 0x10, 0x74, 0x89, 0x52, 0x9a,
+      0xf7, 0xa4, 0xe0, 0xaf, 0xf5, 0x63, 0xd7, 0xfa, 0x0b, 0x2c, 0xc9, 0x39,
+      0x5d, 0xbd, 0x44, 0x93, 0x69, 0xa4, 0x1d, 0x01, 0xe2, 0x66, 0xe7, 0xc1,
+      0x11, 0x44, 0x7d, 0x0a, 0x7e, 0x5d, 0x1d, 0x26, 0xc5, 0x4a, 0x26, 0x2e,
+      0xa3, 0x58, 0xc4, 0xf7, 0x10, 0xcb, 0xba, 0xe6, 0x27, 0xfc, 0xdb, 0x54,
+      0xe2, 0x60, 0x08, 0xc2, 0x0e, 0x4b, 0xd4, 0xaa, 0x22, 0x23, 0x93, 0x9f,
+      0xe1, 0xcb, 0x85, 0xa4, 0x41, 0x6f, 0x26, 0xa7, 0x77, 0x8a, 0xef, 0x66,
+      0xd0, 0xf8, 0x33, 0xf6, 0xfd, 0x6d, 0x37, 0x7a, 0x89, 0xcc, 0x88, 0x3b,
+      0x82, 0xd0, 0xa9, 0xdf, 0xf1, 0x3d, 0xdc, 0xb0, 0x06, 0x1c, 0xe4, 0x4b,
+      0x57, 0xb4, 0x0c, 0x65, 0xb9, 0xb4, 0x6c
+    };
+    OCSP_REQ_CTX *ctx = NULL;
+    OCSP_REQUEST *req = NULL;
+    OCSP_CERTID *cid = NULL;
+    OCSP_RESPONSE *rsp = NULL;
+    BIO* bio1 = NULL;
+    BIO* bio2 = NULL;
+    X509* cert = NULL;
+    X509* empty = NULL;
+    X509 *issuer = NULL;
+    X509_LOOKUP *lookup = NULL;
+    X509_STORE *store = NULL;
+    STACK_OF(X509_OBJECT) *str_objs = NULL;
+    X509_OBJECT *x509_obj = NULL;
+    STACK_OF(WOLFSSL_STRING) *skStr = NULL;
+
+    ExpectNotNull(bio1 = BIO_new(BIO_s_bio()));
+    ExpectNotNull(bio2 = BIO_new(BIO_s_bio()));
+    ExpectIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS);
+
+    /* Load the leaf cert */
+    ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(
+            "certs/ocsp/server1-cert.pem", WOLFSSL_FILETYPE_PEM));
+    ExpectNull(wolfSSL_X509_get1_ocsp(NULL));
+    ExpectNotNull(skStr = wolfSSL_X509_get1_ocsp(cert));
+    wolfSSL_X509_email_free(NULL);
+    wolfSSL_X509_email_free(skStr);
+    ExpectNotNull(empty = wolfSSL_X509_new());
+    ExpectNull(wolfSSL_X509_get1_ocsp(empty));
+    wolfSSL_X509_free(empty);
+
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
+    ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ocsp/server1-cert.pem",
+            X509_FILETYPE_PEM), 1);
+    ExpectNotNull(str_objs = X509_STORE_get0_objects(store));
+    ExpectNull(X509_OBJECT_retrieve_by_subject(NULL, X509_LU_X509, NULL));
+    ExpectNull(X509_OBJECT_retrieve_by_subject(str_objs, X509_LU_X509, NULL));
+    ExpectNull(X509_OBJECT_retrieve_by_subject(NULL, X509_LU_X509,
+            X509_get_issuer_name(cert)));
+    ExpectNull(X509_OBJECT_retrieve_by_subject(str_objs,
+            X509_LU_CRL, X509_get_issuer_name(cert)));
+    ExpectNotNull(x509_obj = X509_OBJECT_retrieve_by_subject(str_objs,
+            X509_LU_X509, X509_get_issuer_name(cert)));
+    ExpectNotNull(issuer = X509_OBJECT_get0_X509(x509_obj));
+    ExpectTrue(wolfSSL_X509_OBJECT_get_type(NULL) == WOLFSSL_X509_LU_NONE);
+#ifndef NO_WOLFSSL_STUB
+    /* Not implemented and not in OpenSSL 1.1.0+ */
+    wolfSSL_X509_OBJECT_free_contents(x509_obj);
+#endif
+    wolfSSL_X509_OBJECT_free(NULL);
+
+    ExpectNotNull(req = OCSP_REQUEST_new());
+    ExpectNotNull(cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer));
+    ExpectNotNull(OCSP_request_add0_id(req, cid));
+    ExpectIntEQ(OCSP_request_add1_nonce(req, NULL, -1), 1);
+
+    ExpectNotNull(ctx = OCSP_sendreq_new(bio1, "/", NULL, -1));
+    ExpectIntEQ(OCSP_REQ_CTX_add1_header(ctx, "Host", "127.0.0.1"), 1);
+    ExpectIntEQ(OCSP_REQ_CTX_set1_req(ctx, req), 1);
+    ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), -1);
+    ExpectIntEQ(BIO_write(bio2, ocspRespBin, sizeof(ocspRespBin)),
+            sizeof(ocspRespBin));
+#ifndef NO_ASN_TIME
+    ExpectIntEQ(wc_SetTimeCb(test_wolfSSL_OCSP_REQ_CTX_time_cb), 0);
+    ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), 1);
+    ExpectIntEQ(wc_SetTimeCb(NULL), 0);
+    ExpectNotNull(rsp);
+#endif
+
+    OCSP_REQ_CTX_free(ctx);
+    OCSP_REQUEST_free(req);
+    OCSP_RESPONSE_free(rsp);
+    BIO_free(bio1);
+    BIO_free(bio2);
+    X509_free(cert);
+    X509_STORE_free(store);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_EVP_PKEY_derive(void)
 {
     EXPECT_DECLS;
@@ -65116,7 +45106,7 @@ static int test_wc_CreateEncryptedPKCS8Key(void)
     ExpectIntEQ(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
         sizeof_server_key_der_2048, NULL, &encKeySz, password, (int)passwordSz,
         PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
-        LENGTH_ONLY_E);
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
     ExpectNotNull(encKey = (byte*)XMALLOC(encKeySz, HEAP_HINT,
         DYNAMIC_TYPE_TMP_BUFFER));
     /* Call with the allocated out buffer. */
@@ -65148,6 +45138,7 @@ static int test_wc_GetPkcs8TraditionalOffset(void)
     int derSz = 0;
     word32 inOutIdx;
     const char* path = "./certs/server-keyPkcs8.der";
+    const char* pathAttributes = "./certs/ca-key-pkcs8-attribute.der";
     XFILE file = XBADFILE;
     byte der[2048];
 
@@ -65155,6 +45146,7 @@ static int test_wc_GetPkcs8TraditionalOffset(void)
     ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0);
     if (file != XBADFILE)
         XFCLOSE(file);
+    file = XBADFILE; /* reset file to avoid warning of use after close */
 
     /* valid case */
     inOutIdx = 0;
@@ -65164,18 +45156,28 @@ static int test_wc_GetPkcs8TraditionalOffset(void)
     /* inOutIdx > sz */
     inOutIdx = 4000;
     ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* null input */
     inOutIdx = 0;
     ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* invalid input, fill buffer with 1's */
     XMEMSET(der, 1, sizeof(der));
     inOutIdx = 0;
     ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
+
+    /* test parsing with attributes */
+    ExpectTrue((file = XFOPEN(pathAttributes, "rb")) != XBADFILE);
+    ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0);
+    if (file != XBADFILE)
+        XFCLOSE(file);
+
+    inOutIdx = 0;
+    ExpectIntGT(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx,
+        (word32)derSz), 0);
 #endif /* NO_ASN */
     return EXPECT_RESULT();
 }
@@ -65227,7 +45229,7 @@ static int test_wc_SetIssuerRaw(void)
     const char* joiCertFile = "./certs/test/cert-ext-joi.der";
     WOLFSSL_X509* x509 = NULL;
     int peerCertSz;
-    const byte* peerCertBuf;
+    const byte* peerCertBuf = NULL;
     Cert forgedCert;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile,
@@ -65252,7 +45254,7 @@ static int test_wc_SetIssueBuffer(void)
     const char* joiCertFile = "./certs/test/cert-ext-joi.der";
     WOLFSSL_X509* x509 = NULL;
     int peerCertSz;
-    const byte* peerCertBuf;
+    const byte* peerCertBuf = NULL;
     Cert forgedCert;
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile,
@@ -65283,7 +45285,7 @@ static int test_wc_SetSubjectKeyId(void)
     ExpectIntEQ(0, wc_InitCert(&cert));
     ExpectIntEQ(0, wc_SetSubjectKeyId(&cert, file));
 
-    ExpectIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SetSubjectKeyId(NULL, file));
     ExpectIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name"));
 #endif
     return EXPECT_RESULT();
@@ -65303,7 +45305,7 @@ static int test_wc_SetSubject(void)
     ExpectIntEQ(0, wc_InitCert(&cert));
     ExpectIntEQ(0, wc_SetSubject(&cert, file));
 
-    ExpectIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SetSubject(NULL, file));
     ExpectIntGT(0, wc_SetSubject(&cert, "badfile.name"));
 #endif
     return EXPECT_RESULT();
@@ -65321,13 +45323,13 @@ static int test_CheckCertSignature(void)
     int   certSz;
 #endif
 
-    ExpectIntEQ(BAD_FUNC_ARG, wc_CheckCertSignature(NULL, 0, NULL, NULL));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_CheckCertSignature(NULL, 0, NULL, NULL));
     ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
-    ExpectIntEQ(BAD_FUNC_ARG, wc_CheckCertSignature(NULL, 0, NULL, cm));
+    ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_CheckCertSignature(NULL, 0, NULL, cm));
 
 #ifndef NO_RSA
 #ifdef USE_CERT_BUFFERS_1024
-    ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(server_cert_der_1024,
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(server_cert_der_1024,
                 sizeof_server_cert_der_1024, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
                 ca_cert_der_1024, sizeof_ca_cert_der_1024,
@@ -65335,7 +45337,7 @@ static int test_CheckCertSignature(void)
     ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_1024,
                 sizeof_server_cert_der_1024, NULL, cm));
 #elif defined(USE_CERT_BUFFERS_2048)
-    ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(server_cert_der_2048,
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(server_cert_der_2048,
                 sizeof_server_cert_der_2048, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
                 ca_cert_der_2048, sizeof_ca_cert_der_2048,
@@ -65346,7 +45348,7 @@ static int test_CheckCertSignature(void)
 #endif
 
 #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
-    ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(serv_ecc_der_256,
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(serv_ecc_der_256,
                 sizeof_serv_ecc_der_256, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
                 ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
@@ -65366,7 +45368,7 @@ static int test_CheckCertSignature(void)
         XFCLOSE(fp);
         fp = XBADFILE;
     }
-    ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(cert, certSz, NULL, cm));
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(cert, certSz, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
                 "./certs/ca-cert.pem", NULL));
     ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm));
@@ -65378,7 +45380,7 @@ static int test_CheckCertSignature(void)
         XFCLOSE(fp);
         fp = XBADFILE;
     }
-    ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(cert, certSz, NULL, cm));
+    ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(cert, certSz, NULL, cm));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
                 "./certs/ca-ecc-cert.pem", NULL));
     ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm));
@@ -65437,19 +45439,22 @@ static int test_wc_ParseCert_Error(void)
     const byte c4[] = { 0x02, 0x80, 0x10, 0x00, 0x00};
 
     /* Test data */
-    const struct testStruct {
+    struct testStruct {
         const byte* c;
-        const int cSz;
-        const int expRet;
-    } t[] = {
-        {c0, sizeof(c0), ASN_PARSE_E}, /* Invalid bit-string length */
-        {c1, sizeof(c1), ASN_PARSE_E}, /* Invalid bit-string length */
-        {c2, sizeof(c2), ASN_PARSE_E}, /* Invalid integer length (zero) */
-        {c3, sizeof(c3), ASN_PARSE_E}, /* Valid INTEGER, but buffer too short */
-        {c4, sizeof(c4), ASN_PARSE_E}, /* Valid INTEGER, but not in bit-string */
-    };
+        word32 cSz;
+        int expRet;
+    } t[5];
     const int tSz = (int)(sizeof(t) / sizeof(struct testStruct));
 
+    #define INIT_TEST_DATA(i,x,y) \
+        t[i].c = x; t[i].cSz = sizeof(x); t[i].expRet = y
+    INIT_TEST_DATA(0, c0, WC_NO_ERR_TRACE(ASN_PARSE_E) );
+    INIT_TEST_DATA(1, c1, WC_NO_ERR_TRACE(ASN_PARSE_E) );
+    INIT_TEST_DATA(2, c2, WC_NO_ERR_TRACE(ASN_PARSE_E) );
+    INIT_TEST_DATA(3, c3, WC_NO_ERR_TRACE(ASN_PARSE_E) );
+    INIT_TEST_DATA(4, c4, WC_NO_ERR_TRACE(ASN_PARSE_E) );
+    #undef INIT_TEST_DATA
+
     for (i = 0; i < tSz; i++) {
         WOLFSSL_MSG_EX("i == %d", i);
         wc_InitDecodedCert(&decodedCert, t[i].c, t[i].cSz, NULL);
@@ -65575,7 +45580,7 @@ static int test_MakeCertWith0Ser(void)
 
 #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON)
     ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL),
-        ASN_PARSE_E);
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
 #else
     ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0);
 #endif
@@ -65645,171 +45650,6 @@ static int test_MakeCertWithCaFalse(void)
     return EXPECT_RESULT();
 }
 
-/*----------------------------------------------------------------------------*
- | wolfCrypt ECC
- *----------------------------------------------------------------------------*/
-
-static int test_wc_ecc_get_curve_size_from_name(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_ECC
-    #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
-        ExpectIntEQ(wc_ecc_get_curve_size_from_name("SECP256R1"), 32);
-    #endif
-    /* invalid case */
-    ExpectIntEQ(wc_ecc_get_curve_size_from_name("BADCURVE"), -1);
-    /* NULL input */
-    ExpectIntEQ(wc_ecc_get_curve_size_from_name(NULL), BAD_FUNC_ARG);
-#endif /* HAVE_ECC */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_ecc_get_curve_id_from_name(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_ECC
-    #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
-        ExpectIntEQ(wc_ecc_get_curve_id_from_name("SECP256R1"),
-            ECC_SECP256R1);
-    #endif
-    /* invalid case */
-    ExpectIntEQ(wc_ecc_get_curve_id_from_name("BADCURVE"), -1);
-    /* NULL input */
-    ExpectIntEQ(wc_ecc_get_curve_id_from_name(NULL), BAD_FUNC_ARG);
-#endif /* HAVE_ECC */
-    return EXPECT_RESULT();
-}
-
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
-    !defined(HAVE_SELFTEST) && \
-    !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
-static int test_wc_ecc_get_curve_id_from_dp_params(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
-    ecc_key* key;
-    const ecc_set_type* params = NULL;
-    int ret;
-#endif
-    WOLFSSL_EC_KEY *ecKey = NULL;
-
-    #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
-        ExpectIntEQ(wc_ecc_get_curve_id_from_name("SECP256R1"), ECC_SECP256R1);
-        ExpectNotNull(ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
-
-        if (EXPECT_SUCCESS()) {
-            ret = EC_KEY_generate_key(ecKey);
-        } else
-            ret = 0;
-
-        if (ret == 1) {
-            /* normal test */
-            key = (ecc_key*)ecKey->internal;
-            if (key != NULL) {
-                params = key->dp;
-            }
-
-            ExpectIntEQ(wc_ecc_get_curve_id_from_dp_params(params),
-                ECC_SECP256R1);
-        }
-    #endif
-    /* invalid case, NULL input*/
-    ExpectIntEQ(wc_ecc_get_curve_id_from_dp_params(NULL), BAD_FUNC_ARG);
-
-    wolfSSL_EC_KEY_free(ecKey);
-
-    return EXPECT_RESULT();
-}
-#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
-
-static int test_wc_ecc_get_curve_id_from_params(void)
-{
-    EXPECT_DECLS;
-#ifdef HAVE_ECC
-    const byte prime[] =
-    {
-        0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
-        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
-        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-    };
-
-    const byte primeInvalid[] =
-    {
-        0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
-        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
-        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x01,0x01
-    };
-
-    const byte Af[] =
-    {
-        0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
-        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
-        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC
-    };
-
-    const byte Bf[] =
-    {
-        0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,
-        0xB3,0xEB,0xBD,0x55,0x76,0x98,0x86,0xBC,
-        0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6,
-        0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B
-    };
-
-    const byte order[] =
-    {
-        0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
-        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84,
-        0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51
-    };
-
-    const byte Gx[] =
-    {
-        0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,
-        0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2,
-        0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0,
-        0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96
-    };
-
-    const byte Gy[] =
-    {
-        0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B,
-        0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16,
-        0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,
-        0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5
-    };
-
-    int cofactor = 1;
-    int fieldSize = 256;
-
-    #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
-        ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize,
-            prime, sizeof(prime), Af, sizeof(Af), Bf, sizeof(Bf),
-            order, sizeof(order), Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor),
-            ECC_SECP256R1);
-    #endif
-
-    /* invalid case, fieldSize = 0 */
-    ExpectIntEQ(wc_ecc_get_curve_id_from_params(0, prime, sizeof(prime),
-        Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
-        Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), ECC_CURVE_INVALID);
-
-    /* invalid case, NULL prime */
-    ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime),
-        Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
-        Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), BAD_FUNC_ARG);
-
-    /* invalid case, invalid prime */
-    ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize,
-        primeInvalid, sizeof(primeInvalid),
-        Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
-        Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), ECC_CURVE_INVALID);
-#endif
-    return EXPECT_RESULT();
-}
 static int test_wolfSSL_EVP_PKEY_encrypt(void)
 {
     EXPECT_DECLS;
@@ -66070,7 +45910,7 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
         WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_PKEY_verify(
         ctx_verify, sig, siglen, zero, SHA256_DIGEST_LENGTH),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
     !defined(HAVE_SELFTEST)
@@ -66179,8 +46019,8 @@ static int test_EVP_PKEY_rsa(void)
 
     ExpectNotNull(rsa = wolfSSL_RSA_new());
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
-    ExpectIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
         wolfSSL_RSA_free(rsa);
@@ -66201,10 +46041,10 @@ static int test_EVP_PKEY_ec(void)
 
     ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
     ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
-    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Should fail since ecKey is empty */
-    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
     ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
     if (EXPECT_FAIL()) {
@@ -66326,9 +46166,11 @@ static int test_ERR_load_crypto_strings(void)
 }
 
 #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
+static WOLFSSL_X509 x1;
+static WOLFSSL_X509 x2;
 static void free_x509(X509* x)
 {
-    AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1);
+    AssertIntEQ((x == &x1 || x == &x2), 1);
 }
 #endif
 
@@ -66339,7 +46181,7 @@ static int test_sk_X509(void)
     {
         STACK_OF(X509)* s = NULL;
 
-        ExpectNotNull(s = sk_X509_new_null());
+        ExpectNotNull(s = wolfSSL_sk_X509_new(NULL));
         ExpectIntEQ(sk_X509_num(s), 0);
         sk_X509_pop_free(s, NULL);
 
@@ -66348,14 +46190,25 @@ static int test_sk_X509(void)
         sk_X509_pop_free(s, NULL);
 
         ExpectNotNull(s = sk_X509_new_null());
-        sk_X509_push(s, (X509*)1);
+
+        /* Test invalid parameters. */
+        ExpectIntEQ(sk_X509_push(NULL, NULL), WOLFSSL_FAILURE);
+        ExpectIntEQ(sk_X509_push(s, NULL), WOLFSSL_FAILURE);
+        ExpectIntEQ(sk_X509_push(NULL, (X509*)1), WOLFSSL_FAILURE);
+        ExpectNull(sk_X509_pop(NULL));
+        ExpectNull(sk_X509_value(NULL, 0));
+        ExpectNull(sk_X509_value(NULL, 1));
+
+        sk_X509_push(s, &x1);
         ExpectIntEQ(sk_X509_num(s), 1);
-        ExpectIntEQ((sk_X509_value(s, 0) == (X509*)1), 1);
-        sk_X509_push(s, (X509*)2);
+        ExpectIntEQ((sk_X509_value(s, 0) == &x1), 1);
+        sk_X509_push(s, &x2);
         ExpectIntEQ(sk_X509_num(s), 2);
-        ExpectIntEQ((sk_X509_value(s, 0) == (X509*)2), 1);
-        ExpectIntEQ((sk_X509_value(s, 1) == (X509*)1), 1);
-        sk_X509_push(s, (X509*)2);
+        ExpectNull(sk_X509_value(s, 2));
+        ExpectIntEQ((sk_X509_value(s, 0) == &x1), 1);
+        ExpectIntEQ((sk_X509_value(s, 1) == &x2), 1);
+        sk_X509_push(s, &x2);
+
         sk_X509_pop_free(s, free_x509);
     }
 
@@ -66378,20 +46231,20 @@ static int test_sk_X509(void)
         for (i = 0; i < len; ++i) {
             sk_X509_push(s, xList[i]);
             ExpectIntEQ(sk_X509_num(s), i + 1);
-            ExpectIntEQ((sk_X509_value(s, 0) == xList[i]), 1);
-            ExpectIntEQ((sk_X509_value(s, i) == xList[0]), 1);
+            ExpectIntEQ((sk_X509_value(s, 0) == xList[0]), 1);
+            ExpectIntEQ((sk_X509_value(s, i) == xList[i]), 1);
         }
 
-        /* pop returns and removes last pushed on stack, which is index 0
+        /* pop returns and removes last pushed on stack, which is the last index
          * in sk_x509_value */
-        for (i = 0; i < len; ++i) {
-            X509 * x = sk_X509_value(s, 0);
+        for (i = len-1; i >= 0; --i) {
+            X509 * x = sk_X509_value(s, i);
             X509 * y = sk_X509_pop(s);
-            X509 * z = xList[len - 1 - i];
+            X509 * z = xList[i];
 
-            ExpectIntEQ((x == y), 1);
-            ExpectIntEQ((x == z), 1);
-            ExpectIntEQ(sk_X509_num(s), len - 1 - i);
+            ExpectPtrEq(x, y);
+            ExpectPtrEq(x, z);
+            ExpectIntEQ(sk_X509_num(s), i);
         }
 
         sk_free(s);
@@ -66403,14 +46256,14 @@ static int test_sk_X509(void)
         for (i = 0; i < len; ++i) {
             sk_X509_push(s, xList[i]);
             ExpectIntEQ(sk_X509_num(s), i + 1);
-            ExpectIntEQ((sk_X509_value(s, 0) == xList[i]), 1);
-            ExpectIntEQ((sk_X509_value(s, i) == xList[0]), 1);
+            ExpectIntEQ((sk_X509_value(s, 0) == xList[0]), 1);
+            ExpectIntEQ((sk_X509_value(s, i) == xList[i]), 1);
         }
 
         /* shift returns and removes first pushed on stack, which is index i
          * in sk_x509_value() */
         for (i = 0; i < len; ++i) {
-            X509 * x = sk_X509_value(s, len - 1 - i);
+            X509 * x = sk_X509_value(s, 0);
             X509 * y = sk_X509_shift(s);
             X509 * z = xList[i];
 
@@ -66418,6 +46271,8 @@ static int test_sk_X509(void)
             ExpectIntEQ((x == z), 1);
             ExpectIntEQ(sk_X509_num(s), len - 1 - i);
         }
+        ExpectNull(sk_X509_shift(NULL));
+        ExpectNull(sk_X509_shift(s));
 
         sk_free(s);
 
@@ -66435,6 +46290,150 @@ static int test_sk_X509_CRL(void)
     X509_CRL* crl = NULL;
     XFILE fp = XBADFILE;
     STACK_OF(X509_CRL)* s = NULL;
+#ifndef NO_BIO
+    BIO* bio = NULL;
+#endif
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+    RevokedCert* rev = NULL;
+    byte buff[1024];
+    int len = 0;
+#endif
+#if (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) || \
+    !defined(NO_BIO)
+    X509_CRL empty;
+#endif
+    WOLFSSL_X509_REVOKED revoked;
+    WOLFSSL_ASN1_INTEGER* asnInt = NULL;
+    const WOLFSSL_ASN1_INTEGER* sn;
+
+#if (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) || \
+    !defined(NO_BIO)
+    XMEMSET(&empty, 0, sizeof(X509_CRL));
+#endif
+
+#ifndef NO_BIO
+    ExpectNotNull(bio = BIO_new_file("./certs/crl/crl.der", "rb"));
+    ExpectNull(wolfSSL_d2i_X509_CRL_bio(NULL, NULL));
+    ExpectNotNull(crl = wolfSSL_d2i_X509_CRL_bio(bio, NULL));
+    BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(wolfSSL_X509_CRL_print(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_CRL_print(bio, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_CRL_print(NULL, crl), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_CRL_print(bio, &empty), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_CRL_print(bio, crl), WOLFSSL_SUCCESS);
+#ifndef NO_ASN_TIME
+    ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1466);
+#else
+    ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1324);
+#endif
+    BIO_free(bio);
+
+    wolfSSL_X509_CRL_free(crl);
+    crl = NULL;
+#endif
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+    ExpectTrue((fp = XFOPEN("./certs/crl/crl.der", "rb")) != XBADFILE);
+    ExpectNotNull(crl = d2i_X509_CRL_fp(fp, (X509_CRL **)NULL));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+    wolfSSL_X509_CRL_free(crl);
+    crl = NULL;
+
+    ExpectTrue((fp = XFOPEN("./certs/crl/crl.der", "rb")) != XBADFILE);
+    ExpectIntEQ(len = (int)XFREAD(buff, 1, sizeof(buff), fp), 520);
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+    ExpectNull(crl = d2i_X509_CRL((X509_CRL **)NULL, NULL, len));
+    ExpectNotNull(crl = d2i_X509_CRL((X509_CRL **)NULL, buff, len));
+    ExpectNotNull(rev = crl->crlList->certs);
+
+    ExpectNull(wolfSSL_X509_CRL_get_issuer_name(NULL));
+    ExpectNull(wolfSSL_X509_CRL_get_issuer_name(&empty));
+    ExpectIntEQ(wolfSSL_X509_CRL_version(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_version(&empty), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(&empty), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(NULL), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(&empty), 0);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl , NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, &len), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(&empty, NULL, &len),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(NULL, NULL, NULL),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev , NULL, NULL),
+        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(NULL, NULL, &len),
+        BAD_FUNC_ARG);
+    ExpectNull(wolfSSL_X509_CRL_get_lastUpdate(NULL));
+    ExpectNull(wolfSSL_X509_CRL_get_lastUpdate(&empty));
+    ExpectNull(wolfSSL_X509_CRL_get_nextUpdate(NULL));
+    ExpectNull(wolfSSL_X509_CRL_get_nextUpdate(&empty));
+
+    ExpectNotNull(wolfSSL_X509_CRL_get_issuer_name(crl));
+    ExpectIntEQ(wolfSSL_X509_CRL_version(crl), 2);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(crl), CTC_SHA256wRSA);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(crl),
+        WC_NID_sha256WithRSAEncryption);
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, NULL, &len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(len, 256);
+    len--;
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, buff, &len), BUFFER_E);
+    len += 2;
+    ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, buff, &len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(len, 256);
+    ExpectNotNull(wolfSSL_X509_CRL_get_lastUpdate(crl));
+    ExpectNotNull(wolfSSL_X509_CRL_get_nextUpdate(crl));
+
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev, NULL, &len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(len, 1);
+    len--;
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev, buff, &len),
+        BUFFER_E);
+    len += 2;
+    ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev, buff, &len),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(len, 1);
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectIntEQ(wolfSSL_sk_X509_REVOKED_num(NULL), 0);
+    ExpectIntEQ(wolfSSL_sk_X509_REVOKED_num(&revoked), 0);
+    ExpectNull(wolfSSL_X509_CRL_get_REVOKED(NULL));
+    ExpectNull(wolfSSL_X509_CRL_get_REVOKED(crl));
+    ExpectNull(wolfSSL_sk_X509_REVOKED_value(NULL, 0));
+    ExpectNull(wolfSSL_sk_X509_REVOKED_value(&revoked, 0));
+    ExpectIntEQ(wolfSSL_X509_CRL_verify(NULL, NULL), 0);
+    ExpectIntEQ(X509_OBJECT_set1_X509_CRL(NULL, NULL), 0);
+    ExpectIntEQ(X509_OBJECT_set1_X509(NULL, NULL), 0);
+#endif
+
+    wolfSSL_X509_CRL_free(crl);
+    crl = NULL;
+#endif
+
+    ExpectNotNull(asnInt = wolfSSL_ASN1_INTEGER_new());
+    ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(asnInt, 1), 1);
+    revoked.serialNumber = asnInt;
+    ExpectNull(wolfSSL_X509_REVOKED_get0_serial_number(NULL));
+    ExpectNotNull(sn = wolfSSL_X509_REVOKED_get0_serial_number(&revoked));
+    ExpectPtrEq(sn, asnInt);
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(wolfSSL_X509_REVOKED_get0_revocation_date(NULL));
+    ExpectNull(wolfSSL_X509_REVOKED_get0_revocation_date(&revoked));
+#endif
+    wolfSSL_ASN1_INTEGER_free(asnInt);
 
     ExpectTrue((fp = XFOPEN("./certs/crl/crl.pem", "rb")) != XBADFILE);
     ExpectNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
@@ -66443,6 +46442,13 @@ static int test_sk_X509_CRL(void)
         XFCLOSE(fp);
 
     ExpectNotNull(s = sk_X509_CRL_new());
+
+    ExpectIntEQ(sk_X509_CRL_push(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(sk_X509_CRL_push(NULL, crl), WOLFSSL_FAILURE);
+    ExpectIntEQ(sk_X509_CRL_push(s, NULL), WOLFSSL_FAILURE);
+    ExpectNull(sk_X509_CRL_value(NULL, 0));
+    ExpectIntEQ(sk_X509_CRL_num(NULL), 0);
+
     ExpectIntEQ(sk_X509_CRL_num(s), 0);
     ExpectIntEQ(sk_X509_CRL_push(s, crl), 1);
     if (EXPECT_FAIL()) {
@@ -66450,6 +46456,7 @@ static int test_sk_X509_CRL(void)
     }
     ExpectIntEQ(sk_X509_CRL_num(s), 1);
     ExpectPtrEq(sk_X509_CRL_value(s, 0), crl);
+
     sk_X509_CRL_free(s);
 #endif
     return EXPECT_RESULT();
@@ -66500,7 +46507,11 @@ static int test_X509_REQ(void)
 #ifdef HAVE_ECC
     const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256;
     const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256;
+    BIO* bio = NULL;
 #endif
+    unsigned char tooLongPassword[WC_CTC_NAME_SIZE + 1];
+
+    XMEMSET(tooLongPassword, 0, sizeof(tooLongPassword));
 
     ExpectNotNull(name = X509_NAME_new());
     ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
@@ -66514,16 +46525,19 @@ static int test_X509_REQ(void)
     ExpectNotNull(pub = d2i_PUBKEY(NULL, &rsaPub,
         (long)sizeof_client_keypub_der_2048));
     ExpectNotNull(req = X509_REQ_new());
-    ExpectIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_set_subject_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_REQ_set_subject_name(req, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
-    ExpectIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_set_pubkey(NULL, pub), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_REQ_set_pubkey(req, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
-    ExpectIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE);
-    ExpectIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(X509_REQ_sign(req, priv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
+    ExpectIntEQ(i2d_X509_REQ(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(i2d_X509_REQ(req, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(i2d_X509_REQ(NULL, &der), BAD_FUNC_ARG);
     len = i2d_X509_REQ(req, &der);
     DEBUG_WRITE_DER(der, len, "req.der");
 #ifdef USE_CERT_BUFFERS_1024
@@ -66537,6 +46551,9 @@ static int test_X509_REQ(void)
     mctx = EVP_MD_CTX_new();
     ExpectIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv),
         WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_sign_ctx(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_sign_ctx(req, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_sign_ctx(NULL, mctx), WOLFSSL_FAILURE);
     ExpectIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS);
 
     EVP_MD_CTX_free(mctx);
@@ -66591,8 +46608,13 @@ static int test_X509_REQ(void)
     /* Signature is random and may be shorter or longer. */
     ExpectIntGE((len = i2d_X509_REQ(req, &der)), 245);
     ExpectIntLE(len, 253);
+    ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
+    ExpectIntEQ(X509_REQ_print(bio, req), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_print(bio, NULL), WOLFSSL_FAILURE);
+    BIO_free(bio);
     XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
     X509_REQ_free(req);
+    req = NULL;
     EVP_PKEY_free(pub);
     EVP_PKEY_free(priv);
 
@@ -66602,6 +46624,140 @@ static int test_X509_REQ(void)
 #endif /* HAVE_ECC */
 
     X509_NAME_free(name);
+
+    ExpectNull(wolfSSL_X509_REQ_get_extensions(NULL));
+    /* Stub function. */
+    ExpectNull(wolfSSL_X509_to_X509_REQ(NULL, NULL, NULL));
+
+    ExpectNotNull(req = X509_REQ_new());
+#ifdef HAVE_LIBEST
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, NULL,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, "name",
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL,
+        WOLFSSL_MBSTRING_ASC, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL,
+        WOLFSSL_MBSTRING_UTF8, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+
+
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, "name",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, NULL,
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "name",
+        WOLFSSL_MBSTRING_UTF8, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "name",
+        WOLFSSL_MBSTRING_ASC, NULL, 0), WOLFSSL_FAILURE);
+
+    /* Unsupported bytes. */
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "name",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.23", 16), WOLFSSL_FAILURE);
+
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "MAC Address",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "ecpublicKey",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.2.840.10045.2.1", -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "ecdsa-with-SHA384",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.2.840.10045.4.3.3", -1),
+        WOLFSSL_SUCCESS);
+#else
+    /* Stub function. */
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "MAC Address",
+        WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE);
+#endif
+
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_ASC, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_UTF8, (byte*)"password", 8), WOLFSSL_FAILURE);
+
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_ASC, (byte*)"password", 8), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_subject_alt_name,
+        WOLFSSL_MBSTRING_ASC, (byte*)"password", 8), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_UTF8, (byte*)"password", 8), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_ASC, NULL, -1), WOLFSSL_FAILURE);
+
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_ASC, (byte*)"password", -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword,
+        WOLFSSL_MBSTRING_ASC, tooLongPassword, sizeof(tooLongPassword)),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_serialNumber,
+        WOLFSSL_MBSTRING_ASC, (byte*)"123456", -1), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_serialNumber,
+        WOLFSSL_MBSTRING_ASC, tooLongPassword, sizeof(tooLongPassword)),
+        WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_unstructuredName,
+        WOLFSSL_MBSTRING_ASC, (byte*)"name", 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_contentType,
+        WOLFSSL_MBSTRING_ASC, (byte*)"type", 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_surname,
+        WOLFSSL_MBSTRING_ASC, (byte*)"surname", 7), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_initials,
+        WOLFSSL_MBSTRING_ASC, (byte*)"s.g", 3), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_givenName,
+        WOLFSSL_MBSTRING_ASC, (byte*)"givenname", 9), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_dnQualifier,
+        WOLFSSL_MBSTRING_ASC, (byte*)"dnQualifier", 11), WOLFSSL_SUCCESS);
+
+    wolfSSL_X509_REQ_free(req);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_X509_REQ_print(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
+    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
+    WOLFSSL_X509* req = NULL;
+    XFILE fp = XBADFILE;
+    const char* csrFileName = "certs/csr.attr.der";
+    const char* csrExtFileName = "certs/csr.ext.der";
+    BIO* bio = NULL;
+
+    ExpectTrue((fp = XFOPEN(csrFileName, "rb")) != XBADFILE);
+    ExpectNotNull(req = d2i_X509_REQ_fp(fp, NULL));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(wolfSSL_X509_REQ_print(bio, req), WOLFSSL_SUCCESS);
+    ExpectIntEQ(BIO_get_mem_data(bio, NULL), 2681);
+
+    BIO_free(bio);
+    bio = NULL;
+    wolfSSL_X509_REQ_free(req);
+    req = NULL;
+
+    ExpectTrue((fp = XFOPEN(csrExtFileName, "rb")) != XBADFILE);
+    ExpectNotNull(req = d2i_X509_REQ_fp(fp, NULL));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+    }
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(wolfSSL_X509_REQ_print(bio, req), WOLFSSL_SUCCESS);
+    ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1889);
+
+    BIO_free(bio);
+    wolfSSL_X509_REQ_free(req);
 #endif
     return EXPECT_RESULT();
 }
@@ -66630,7 +46786,7 @@ static int test_wolfssl_PKCS7(void)
     ExpectNull(pkcs7 = d2i_PKCS7(NULL, &p, 0));
     ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len));
     ExpectIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL,
-        PKCS7_NOVERIFY), WOLFSSL_FAILURE);
+        PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     PKCS7_free(pkcs7);
     pkcs7 = NULL;
 
@@ -66638,7 +46794,7 @@ static int test_wolfssl_PKCS7(void)
     p = data;
     ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len));
     ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
-        0), WOLFSSL_FAILURE);
+        0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     PKCS7_free(pkcs7);
     pkcs7 = NULL;
 
@@ -66765,7 +46921,7 @@ static int test_wolfSSL_PKCS7_sign(void)
         for (z = 0; z < outLen && ret != 0; z++) {
             ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
             if (ret < 0){
-                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
             }
         }
         ExpectIntEQ(ret, 0);
@@ -66855,7 +47011,7 @@ static int test_wolfSSL_PKCS7_sign(void)
         for (z = 0; z < outLen && ret != 0; z++) {
             ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
             if (ret < 0){
-                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
             }
         }
         ExpectIntEQ(ret, 0);
@@ -66914,7 +47070,7 @@ static int test_wolfSSL_PKCS7_sign(void)
         for (z = 0; z < outLen && ret != 0; z++) {
             ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
             if (ret < 0){
-                ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
             }
         }
         ExpectIntEQ(ret, 0);
@@ -67106,7 +47262,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
     XFILE smimeTestFile = XBADFILE;
 
-    ExpectTrue((smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r")) !=
+    ExpectTrue((smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "rb")) !=
         XBADFILE);
 
     /* smime-test.p7s */
@@ -67127,7 +47283,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     pkcs7 = NULL;
 
     /* smime-test-multipart.p7s */
-    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r");
+    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "rb");
     ExpectFalse(smimeTestFile == XBADFILE);
     ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
@@ -67144,13 +47300,14 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     pkcs7 = NULL;
 
     /* smime-test-multipart-badsig.p7s */
-    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r");
+    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s",
+        "rb");
     ExpectFalse(smimeTestFile == XBADFILE);
     ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
     ExpectNotNull(pkcs7); /* can read in the unverified smime bundle */
     ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
-        PKCS7_NOVERIFY), SSL_FAILURE);
+        PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     if (smimeTestFile != XBADFILE) {
         XFCLOSE(smimeTestFile);
         smimeTestFile = XBADFILE;
@@ -67161,7 +47318,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     pkcs7 = NULL;
 
     /* smime-test-canon.p7s */
-    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
+    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb");
     ExpectFalse(smimeTestFile == XBADFILE);
     ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
@@ -67178,7 +47335,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
     pkcs7 = NULL;
 
     /* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */
-    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
+    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb");
     ExpectFalse(smimeTestFile == XBADFILE);
     ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
     pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
@@ -67414,7 +47571,7 @@ static int test_X509_STORE_No_SSL_CTX(void)
 
     /* Perform verification, which should NOT indicate CRL missing due to the
      * store CM's X509 store pointer being NULL */
-    ExpectIntNE(X509_verify_cert(storeCtx), CRL_MISSING);
+    ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING));
 
     X509_CRL_free(crl);
     X509_STORE_free(store);
@@ -67485,7 +47642,7 @@ static int test_X509_LOOKUP_add_dir(void)
     ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
 
     /* Perform verification, which should NOT return CRL missing */
-    ExpectIntNE(X509_verify_cert(storeCtx), CRL_MISSING);
+    ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING));
 
     X509_CRL_free(crl);
     crl = NULL;
@@ -67533,7 +47690,7 @@ static int test_X509_LOOKUP_add_dir(void)
 
     /* Now we SHOULD get CRL_MISSING, because we looked for PEM
      * in dir containing only ASN1/DER. */
-    ExpectIntEQ(X509_verify_cert(storeCtx), WOLFSSL_FAILURE);
+    ExpectIntEQ(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx),
             X509_V_ERR_UNABLE_TO_GET_CRL);
 
@@ -67624,14 +47781,14 @@ static int test_RsaSigFailure_cm(void)
         /* test bad cert */
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA),
-           WOLFSSL_FATAL_ERROR);
+           WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_ASN_CRYPT)
         /* RSA verify is not called when ASN crypt support is disabled */
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA),
            WOLFSSL_SUCCESS);
 #else
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA),
-           ASN_SIG_CONFIRM_E);
+           WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E));
 #endif
     }
 
@@ -67661,14 +47818,14 @@ static int test_EccSigFailure_cm(void)
         /* test bad cert */
 #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC),
-           WOLFSSL_FATAL_ERROR);
+           WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #elif defined(NO_ASN_CRYPT)
         /* ECC verify is not called when ASN crypt support is disabled */
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC),
            WOLFSSL_SUCCESS);
 #else
         ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC),
-           ASN_SIG_CONFIRM_E);
+           WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E));
 #endif
     }
 
@@ -67702,7 +47859,10 @@ static       char earlyDataBuffer[1];
 static int test_tls13_apis(void)
 {
     EXPECT_DECLS;
+#if defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC) && \
+    (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
     int          ret;
+#endif
 #ifndef WOLFSSL_NO_TLS12
 #ifndef NO_WOLFSSL_CLIENT
     WOLFSSL_CTX* clientTls12Ctx = NULL;
@@ -67721,8 +47881,13 @@ static int test_tls13_apis(void)
     WOLFSSL_CTX* serverCtx = NULL;
     WOLFSSL*     serverSsl = NULL;
 #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+#ifndef NO_RSA
     const char*  ourCert = svrCertFile;
     const char*  ourKey  = svrKeyFile;
+#elif defined(HAVE_ECC)
+    const char*  ourCert = eccCertFile;
+    const char*  ourKey  = eccKeyFile;
+#endif
 #endif
 #endif
     int          required;
@@ -67731,8 +47896,24 @@ static int test_tls13_apis(void)
 #endif
 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
     int          groups[2] = { WOLFSSL_ECC_SECP256R1,
-#ifdef WOLFSSL_HAVE_KYBER
+#ifdef WOLFSSL_HAVE_MLKEM
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifndef WOLFSSL_NO_KYBER512
                                WOLFSSL_KYBER_LEVEL1
+    #elif !defined(WOLFSSL_NO_KYBER768)
+                               WOLFSSL_KYBER_LEVEL3
+    #else
+                               WOLFSSL_KYBER_LEVEL5
+    #endif
+#else
+    #ifndef WOLFSSL_NO_ML_KEM_512
+                               WOLFSSL_ML_KEM_512
+    #elif !defined(WOLFSSL_NO_ML_KEM_768)
+                               WOLFSSL_ML_KEM_768
+    #else
+                               WOLFSSL_ML_KEM_1024
+    #endif
+#endif
 #else
                                WOLFSSL_ECC_SECP256R1
 #endif
@@ -67759,18 +47940,60 @@ static int test_tls13_apis(void)
 #endif
 #if (!defined(NO_ECC256)  || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
             "P-256:secp256r1"
-#if defined(WOLFSSL_HAVE_KYBER)
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
+    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifndef WOLFSSL_NO_KYBER512
             ":P256_KYBER_LEVEL1"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":P256_KYBER_LEVEL3"
+    #else
+            ":P256_KYBER_LEVEL5"
+    #endif
+#else
+    #ifndef WOLFSSL_NO_KYBER512
+            ":P256_ML_KEM_512"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":P256_ML_KEM_768"
+    #else
+            ":P256_ML_KEM_1024"
+    #endif
+#endif
 #endif
 #endif
 #endif /* !defined(NO_ECC_SECP) */
-#if defined(WOLFSSL_HAVE_KYBER)
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
+    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifndef WOLFSSL_NO_KYBER512
             ":KYBER_LEVEL1"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":KYBER_LEVEL3"
+    #else
+            ":KYBER_LEVEL5"
+    #endif
+#else
+    #ifndef WOLFSSL_NO_KYBER512
+            ":ML_KEM_512"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":ML_KEM_768"
+    #else
+            ":ML_KEM_1024"
+    #endif
+#endif
 #endif
             "";
 #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
-
-    (void)ret;
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
+    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+    int mlkemLevel;
+#endif
 
 #ifndef WOLFSSL_NO_TLS12
 #ifndef NO_WOLFSSL_CLIENT
@@ -67779,10 +48002,23 @@ static int test_tls13_apis(void)
 #endif
 #ifndef NO_WOLFSSL_SERVER
     serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
-#if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+#if !defined(NO_CERTS)
+    #if !defined(NO_FILESYSTEM)
     wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert);
     wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey,
         WOLFSSL_FILETYPE_PEM);
+    #elif defined(USE_CERT_BUFFERS_2048)
+    wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx,
+        server_cert_der_2048, sizeof_server_cert_der_2048,
+        WOLFSSL_FILETYPE_ASN1);
+    wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, server_key_der_2048,
+        sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1);
+    #elif defined(USE_CERT_BUFFERS_256)
+    wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx,
+        serv_ecc_der_256, sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
+    wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, ecc_key_der_256,
+        sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
+    #endif
 #endif
     serverTls12Ssl = wolfSSL_new(serverTls12Ctx);
 #endif
@@ -67794,23 +48030,37 @@ static int test_tls13_apis(void)
 #endif
 #ifndef NO_WOLFSSL_SERVER
     serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
-#if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+#if !defined(NO_CERTS)
+    /* ignore load failures, since we just need the server to have a cert set */
+    #if !defined(NO_FILESYSTEM)
     wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert);
     wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM);
+    #elif defined(USE_CERT_BUFFERS_2048)
+    wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx,
+        server_cert_der_2048, sizeof_server_cert_der_2048,
+        WOLFSSL_FILETYPE_ASN1);
+    wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, server_key_der_2048,
+        sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1);
+    #elif defined(USE_CERT_BUFFERS_256)
+    wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx, serv_ecc_der_256,
+        sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
+    wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, ecc_key_der_256,
+        sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
+    #endif
 #endif
     serverSsl = wolfSSL_new(serverCtx);
     ExpectNotNull(serverSsl);
 #endif
 
 #ifdef WOLFSSL_SEND_HRR_COOKIE
-    ExpectIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
     ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
@@ -67822,16 +48072,16 @@ static int test_tls13_apis(void)
 #ifdef HAVE_SUPPORTED_CURVES
 #ifdef HAVE_ECC
     ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
     do {
         ret = wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             wolfSSL_AsyncPoll(serverSsl, WOLF_POLL_FLAG_CHECK_HW);
     #endif
     }
-    while (ret == WC_PENDING_E);
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
 #ifndef NO_WOLFSSL_CLIENT
@@ -67839,25 +48089,25 @@ static int test_tls13_apis(void)
     do {
         ret = wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             wolfSSL_AsyncPoll(clientTls12Ssl, WOLF_POLL_FLAG_CHECK_HW);
     #endif
     }
-    while (ret == WC_PENDING_E);
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
     do {
         ret = wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1);
     #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_PENDING_E)
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
             wolfSSL_AsyncPoll(clientSsl, WOLF_POLL_FLAG_CHECK_HW);
     #endif
     }
-    while (ret == WC_PENDING_E);
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 #endif
 #elif defined(HAVE_CURVE25519)
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
         WOLFSSL_SUCCESS);
@@ -67871,7 +48121,7 @@ static int test_tls13_apis(void)
         WOLFSSL_SUCCESS);
 #endif
 #elif defined(HAVE_CURVE448)
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448),
         WOLFSSL_SUCCESS);
@@ -67886,36 +48136,57 @@ static int test_tls13_apis(void)
 #endif
 #else
     ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
-        NOT_COMPILED_IN);
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
     ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
-        NOT_COMPILED_IN);
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
 #endif
 #endif
 
-#if defined(WOLFSSL_HAVE_KYBER)
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG);
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
+    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+#ifndef WOLFSSL_NO_ML_KEM
+#ifndef WOLFSSL_NO_ML_KEM_768
+    mlkemLevel = WOLFSSL_ML_KEM_768;
+#elif !defined(WOLFSSL_NO_ML_KEM_1024)
+    mlkemLevel = WOLFSSL_ML_KEM_1024;
+#else
+    mlkemLevel = WOLFSSL_ML_KEM_512;
+#endif
+#else
+#ifndef WOLFSSL_NO_KYBER768
+    mlkemLevel = WOLFSSL_KYBER_LEVEL3;
+#elif !defined(WOLFSSL_NO_KYBER1024)
+    mlkemLevel = WOLFSSL_KYBER_LEVEL5;
+#else
+    mlkemLevel = WOLFSSL_KYBER_LEVEL1;
+#endif
+#endif
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, mlkemLevel),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_KYBER_LEVEL3),
+    ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, mlkemLevel),
         WOLFSSL_SUCCESS);
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_KYBER_LEVEL3),
-        BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, mlkemLevel),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_KYBER_LEVEL3),
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, mlkemLevel),
         WOLFSSL_SUCCESS);
 #endif
 #endif
 
-    ExpectIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_NoKeyShares(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_NoKeyShares(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
@@ -67925,32 +48196,32 @@ static int test_tls13_apis(void)
 #endif
 #endif /* HAVE_SUPPORTED_CURVES */
 
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
 #endif
@@ -67958,10 +48229,10 @@ static int test_tls13_apis(void)
     ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
 #endif
@@ -67969,139 +48240,139 @@ static int test_tls13_apis(void)
     ExpectIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_update_keys(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_update_keys(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR);
+    ExpectIntEQ(wolfSSL_update_keys(clientSsl), WC_NO_ERR_TRACE(BUILD_MSG_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR);
+    ExpectIntEQ(wolfSSL_update_keys(serverSsl), WC_NO_ERR_TRACE(BUILD_MSG_ERROR));
 #endif
 
-    ExpectIntEQ(wolfSSL_key_update_response(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_key_update_response(NULL, &required), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_key_update_response(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_key_update_response(NULL, &required), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_key_update_response(clientSsl, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_key_update_response(clientSsl, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_key_update_response(serverSsl, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_key_update_response(serverSsl, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
 #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
-    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
 #endif
 
-    ExpectIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_request_certificate(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_request_certificate(clientSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR);
+    ExpectIntEQ(wolfSSL_request_certificate(serverSsl), WC_NO_ERR_TRACE(NOT_READY_ERROR));
 #endif
 #endif
 
 #ifdef HAVE_ECC
 #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
-    ExpectIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_preferred_group(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_preferred_group(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_preferred_group(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR);
+    ExpectIntEQ(wolfSSL_preferred_group(clientSsl), WC_NO_ERR_TRACE(NOT_READY_ERROR));
 #endif
 #endif
 
 #ifdef HAVE_SUPPORTED_CURVES
-    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
         WOLFSSL_SUCCESS);
 #endif
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
-        WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
+        WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
-    ExpectIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_groups(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
-    ExpectIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
         WOLFSSL_SUCCESS);
 #endif
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups,
-        WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
+        WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 
 #ifdef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
     ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
@@ -68115,11 +48386,11 @@ static int test_tls13_apis(void)
         WOLFSSL_SUCCESS);
 #endif
 
-    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
-    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
@@ -68138,31 +48409,31 @@ static int test_tls13_apis(void)
 
 #ifdef WOLFSSL_EARLY_DATA
 #ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
-    ExpectIntEQ(SSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(SSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(SSL_CTX_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_CTX_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
+    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), WC_NO_ERR_TRACE(SIDE_ERROR));
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
 #else
-    ExpectIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
-    ExpectIntEQ(SSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
+    ExpectIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), WC_NO_ERR_TRACE(SIDE_ERROR));
+    ExpectIntEQ(SSL_CTX_get_max_early_data(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
 #ifndef OPENSSL_EXTRA
     ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
     ExpectIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0),
-        BAD_FUNC_ARG);
-    ExpectIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #endif
 #ifndef OPENSSL_EXTRA
@@ -68180,11 +48451,11 @@ static int test_tls13_apis(void)
 #endif
 
 #ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_get_max_early_data(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
-    ExpectIntEQ(SSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(SSL_get_max_early_data(NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(SSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef OPENSSL_EXTRA
@@ -68202,11 +48473,11 @@ static int test_tls13_apis(void)
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
 #ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #else
-    ExpectIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
-    ExpectIntEQ(SSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
+    ExpectIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_get_max_early_data(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #endif
 #ifndef OPENSSL_EXTRA
@@ -68224,49 +48495,49 @@ static int test_tls13_apis(void)
 
 
     ExpectIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
-        &outSz), BAD_FUNC_ARG);
+        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData),
-        &outSz), BAD_FUNC_ARG);
+        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz),
-        BAD_FUNC_ARG);
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
-        sizeof(earlyData), NULL), BAD_FUNC_ARG);
+        sizeof(earlyData), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
-        sizeof(earlyData), &outSz), SIDE_ERROR);
+        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
-        sizeof(earlyData), &outSz), BAD_FUNC_ARG);
+        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
-        sizeof(earlyData), &outSz), WOLFSSL_FATAL_ERROR);
+        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #endif
 
     ExpectIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #ifndef NO_WOLFSSL_SERVER
     ExpectIntEQ(wolfSSL_read_early_data(serverSsl, NULL,
-        sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1,
-        &outSz), BAD_FUNC_ARG);
+        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), NULL), BAD_FUNC_ARG);
+        sizeof(earlyDataBuffer), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
 #ifndef NO_WOLFSSL_CLIENT
     ExpectIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), SIDE_ERROR);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR));
 #endif
 #ifndef NO_WOLFSSL_SERVER
 #ifndef WOLFSSL_NO_TLS12
     ExpectIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 #endif
     ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), WOLFSSL_FATAL_ERROR);
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
 #endif
 #endif
 
@@ -68445,7 +48716,7 @@ static int test_tls13_cipher_suites(void)
         }
     }
     /* Test multiple occurrences of same cipher suite. */
-    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     wolfSSL_free(ssl);
     ssl = NULL;
 
@@ -68464,7 +48735,7 @@ static int test_tls13_cipher_suites(void)
     /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */
     ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
     /* Negotiate cipher suites in server order: TLS13-AES256-GCM-SHA384 */
-    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     /* Check refined order - server order. */
     ExpectIntEQ(ssl->suites->suiteSz, 4);
     ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE);
@@ -68483,7 +48754,7 @@ static int test_tls13_cipher_suites(void)
     ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_UseClientSuites(ssl), 0);
     /* Negotiate cipher suites in client order: TLS13-AES128-GCM-SHA256 */
-    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     /* Check refined order - client order. */
     ExpectIntEQ(ssl->suites->suiteSz, 4);
     ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE);
@@ -68565,7 +48836,7 @@ static int test_dh_ssl_setup(WOLFSSL* ssl)
     wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx);
     ExpectIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx);
     ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
-    if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
+    if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(SIDE_ERROR)) {
         ExpectIntEQ(ret, WOLFSSL_SUCCESS);
     }
     return EXPECT_RESULT();
@@ -68579,7 +48850,7 @@ static int test_dh_ssl_setup_fail(WOLFSSL* ssl)
     wolfSSL_SetDhAgreeCtx(ssl, NULL);
     ExpectNull(wolfSSL_GetDhAgreeCtx(ssl));
     ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
-    if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
+    if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(SIDE_ERROR)) {
         ExpectIntEQ(ret, WOLFSSL_SUCCESS);
     }
     return EXPECT_RESULT();
@@ -68600,7 +48871,7 @@ static int test_DhCallbacks(void)
 
     /* Test that DH callback APIs work. */
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
-    ExpectIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback);
     /* load client ca cert */
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
@@ -68646,254 +48917,12 @@ static int test_DhCallbacks(void)
     func_cb_server.method = wolfTLSv1_2_server_method;
 
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
-        &func_cb_server, NULL), TEST_FAIL);
+        &func_cb_server, NULL), -1001);
 #endif
     return EXPECT_RESULT();
 }
 #endif /* HAVE_PK_CALLBACKS */
 
-#ifdef HAVE_HASHDRBG
-
-#ifdef TEST_RESEED_INTERVAL
-static int test_wc_RNG_GenerateBlock_Reseed(void)
-{
-    EXPECT_DECLS;
-    int i;
-    WC_RNG rng;
-    byte key[32];
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    for (i = 0; i < WC_RESEED_INTERVAL + 10; i++) {
-        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, key, sizeof(key)), 0);
-    }
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-
-    return EXPECT_RESULT();
-}
-#endif /* TEST_RESEED_INTERVAL */
-
-static int test_wc_RNG_GenerateBlock(void)
-{
-    EXPECT_DECLS;
-    int i;
-    WC_RNG rng;
-    byte key[32];
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    for (i = 0; i < 10; i++) {
-        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, key, sizeof(key)), 0);
-    }
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-
-    return EXPECT_RESULT();
-}
-
-#endif /* HAVE_HASHDRBG */
-
-/*
- * Testing get_rand_digit
- */
-static int test_get_rand_digit(void)
-{
-    EXPECT_DECLS;
-#if !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP)
-    WC_RNG   rng;
-    mp_digit d;
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    ExpectIntEQ(get_rand_digit(&rng, &d), 0);
-    ExpectIntEQ(get_rand_digit(NULL, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(get_rand_digit(NULL, &d), BAD_FUNC_ARG);
-    ExpectIntEQ(get_rand_digit(&rng, NULL), BAD_FUNC_ARG);
-
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* End test_get_rand_digit*/
-
-/*
- * Testing get_digit_count
- */
-static int test_get_digit_count(void)
-{
-    EXPECT_DECLS;
-#if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_PUBLIC_MP)
-    mp_int a;
-
-    XMEMSET(&a, 0, sizeof(mp_int));
-
-    ExpectIntEQ(mp_init(&a), 0);
-
-    ExpectIntEQ(get_digit_count(NULL), 0);
-    ExpectIntEQ(get_digit_count(&a), 0);
-
-    mp_clear(&a);
-#endif
-    return EXPECT_RESULT();
-} /* End test_get_digit_count*/
-
-/*
- * Testing mp_cond_copy
- */
-static int test_mp_cond_copy(void)
-{
-    EXPECT_DECLS;
-#if (defined(HAVE_ECC) || defined(WOLFSSL_MP_COND_COPY)) && \
-    defined(WOLFSSL_PUBLIC_MP)
-    mp_int a;
-    mp_int b;
-    int    copy = 0;
-
-    XMEMSET(&a, 0, sizeof(mp_int));
-    XMEMSET(&b, 0, sizeof(mp_int));
-
-    ExpectIntEQ(mp_init(&a), MP_OKAY);
-    ExpectIntEQ(mp_init(&b), MP_OKAY);
-
-    ExpectIntEQ(mp_cond_copy(NULL, copy, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(mp_cond_copy(NULL, copy, &b), BAD_FUNC_ARG);
-    ExpectIntEQ(mp_cond_copy(&a, copy, NULL), BAD_FUNC_ARG);
-    ExpectIntEQ(mp_cond_copy(&a, copy, &b), 0);
-
-    mp_clear(&a);
-    mp_clear(&b);
-#endif
-    return EXPECT_RESULT();
-} /* End test_mp_cond_copy*/
-
-/*
- * Testing mp_rand
- */
-static int test_mp_rand(void)
-{
-    EXPECT_DECLS;
-#if defined(WC_RSA_BLINDING) && defined(WOLFSSL_PUBLIC_MP)
-    mp_int a;
-    WC_RNG rng;
-    int    digits = 1;
-
-    XMEMSET(&a, 0, sizeof(mp_int));
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    ExpectIntEQ(mp_init(&a), MP_OKAY);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    ExpectIntEQ(mp_rand(&a, digits, NULL), MISSING_RNG_E);
-    ExpectIntEQ(mp_rand(NULL, digits, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(mp_rand(&a, 0, &rng), BAD_FUNC_ARG);
-    ExpectIntEQ(mp_rand(&a, digits, &rng), 0);
-
-    mp_clear(&a);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* End test_mp_rand*/
-
-/*
- * Testing get_digit
- */
-static int test_get_digit(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_PUBLIC_MP)
-    mp_int a;
-    int    n = 0;
-
-    XMEMSET(&a, 0, sizeof(mp_int));
-
-    ExpectIntEQ(mp_init(&a), MP_OKAY);
-    ExpectIntEQ(get_digit(NULL, n), 0);
-    ExpectIntEQ(get_digit(&a, n), 0);
-
-    mp_clear(&a);
-#endif
-    return EXPECT_RESULT();
-} /* End test_get_digit*/
-
-/*
- * Testing wc_export_int
- */
-static int test_wc_export_int(void)
-{
-    EXPECT_DECLS;
-#if (defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT)) && \
-    defined(WOLFSSL_PUBLIC_MP)
-    mp_int mp;
-    byte   buf[32];
-    word32 keySz = (word32)sizeof(buf);
-    word32 len = (word32)sizeof(buf);
-
-    XMEMSET(&mp, 0, sizeof(mp_int));
-
-    ExpectIntEQ(mp_init(&mp), MP_OKAY);
-    ExpectIntEQ(mp_set(&mp, 1234), 0);
-
-    ExpectIntEQ(wc_export_int(NULL, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN),
-        BAD_FUNC_ARG);
-    len = sizeof(buf)-1;
-    ExpectIntEQ(wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN),
-        BUFFER_E);
-    len = sizeof(buf);
-    ExpectIntEQ(wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN), 0);
-    len = 4; /* test input too small */
-    ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), BUFFER_E);
-    len = sizeof(buf);
-    ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), 0);
-    /* hex version of 1234 is 04D2 and should be 4 digits + 1 null */
-    ExpectIntEQ(len, 5);
-
-    mp_clear(&mp);
-#endif
-    return EXPECT_RESULT();
-
-} /* End test_wc_export_int*/
-
-static int test_wc_InitRngNonce(void)
-{
-    EXPECT_DECLS;
-#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
-     HAVE_FIPS_VERSION >= 2))
-    WC_RNG rng;
-    byte   nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
-                     "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
-    word32 nonceSz = sizeof(nonce);
-
-    ExpectIntEQ(wc_InitRngNonce(&rng, nonce, nonceSz), 0);
-    ExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* End test_wc_InitRngNonce*/
-
-/*
- * Testing wc_InitRngNonce_ex
- */
-static int test_wc_InitRngNonce_ex(void)
-{
-    EXPECT_DECLS;
-#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
-     HAVE_FIPS_VERSION >= 2))
-    WC_RNG rng;
-    byte   nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
-                     "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
-    word32 nonceSz = sizeof(nonce);
-
-    ExpectIntEQ(wc_InitRngNonce_ex(&rng, nonce, nonceSz, HEAP_HINT, testDevId),
-        0);
-    ExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* End test_wc_InitRngNonce_ex */
-
-
 
 static int test_wolfSSL_X509_CRL(void)
 {
@@ -69035,6 +49064,7 @@ static int test_wolfSSL_X509_load_crl_file(void)
             "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1);
     }
 
+    ExpectIntEQ(X509_load_crl_file(lookup, pem[0], 0), 0);
     for (i = 0; pem[i][0] != '\0'; i++) {
         ExpectIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM),
             1);
@@ -69044,11 +49074,11 @@ static int test_wolfSSL_X509_load_crl_file(void)
         /* since store knows crl list */
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
             "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM),
-            CRL_CERT_REVOKED);
+            WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
 #ifdef WC_RSA_PSS
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
             "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM),
-            CRL_CERT_REVOKED);
+            WC_NO_ERR_TRACE(ASN_NO_SIGNER_E));
 #endif
     }
     /* once feeing store */
@@ -69079,7 +49109,7 @@ static int test_wolfSSL_X509_load_crl_file(void)
         /* since store knows crl list */
         ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
             "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM),
-            CRL_CERT_REVOKED);
+            WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
     }
 
     /* test for incorrect parameter */
@@ -69100,8 +49130,15 @@ static int test_wolfSSL_i2d_X509(void)
     const unsigned char* cert_buf = server_cert_der_2048;
     unsigned char* out = NULL;
     unsigned char* tmp = NULL;
+    const unsigned char* nullPtr = NULL;
+    const unsigned char notCert[2] = { 0x30, 0x00 };
+    const unsigned char* notCertPtr = notCert;
     X509* cert = NULL;
 
+    ExpectNull(d2i_X509(NULL, NULL, sizeof_server_cert_der_2048));
+    ExpectNull(d2i_X509(NULL, &nullPtr, sizeof_server_cert_der_2048));
+    ExpectNull(d2i_X509(NULL, &cert_buf, 0));
+    ExpectNull(d2i_X509(NULL, &notCertPtr, sizeof(notCert)));
     ExpectNotNull(d2i_X509(&cert, &cert_buf, sizeof_server_cert_der_2048));
     /* Pointer should be advanced */
     ExpectPtrGT(cert_buf, server_cert_der_2048);
@@ -69110,6 +49147,11 @@ static int test_wolfSSL_i2d_X509(void)
     tmp = out;
     ExpectIntGT(i2d_X509(cert, &tmp), 0);
     ExpectPtrGT(tmp, out);
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_FILESYSTEM)
+    ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, NULL), 0);
+    ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, cert), 0);
+    ExpectIntEQ(wolfSSL_PEM_write_X509(stderr, cert), 1);
+#endif
 
     XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
     X509_free(cert);
@@ -69166,10 +49208,13 @@ static int test_wolfSSL_d2i_X509_REQ(void)
         pub_key = NULL;
     }
     {
+        X509_REQ* empty = NULL;
 #ifdef OPENSSL_ALL
         X509_ATTRIBUTE* attr = NULL;
         ASN1_TYPE *at = NULL;
 #endif
+
+        ExpectNotNull(empty = wolfSSL_X509_REQ_new());
         ExpectNotNull(bio = BIO_new_file(csrPopFile, "rb"));
         ExpectNotNull(d2i_X509_REQ_bio(bio, &req));
 
@@ -69183,13 +49228,29 @@ static int test_wolfSSL_d2i_X509_REQ(void)
          */
         ExpectIntEQ(X509_REQ_verify(req, pub_key), 1);
 
+        ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(NULL), 0);
+        ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(empty), 0);
+#ifdef OPENSSL_ALL
+        ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(req), 2);
+#else
+        ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(req), 0);
+#endif
 #ifdef OPENSSL_ALL
         /*
          * Obtain the challenge password from the CSR
          */
+        ExpectIntEQ(X509_REQ_get_attr_by_NID(NULL, NID_pkcs9_challengePassword,
+            -1), -1);
         ExpectIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword,
             -1), 1);
+        ExpectNull(X509_REQ_get_attr(NULL, 3));
+        ExpectNull(X509_REQ_get_attr(req, 3));
+        ExpectNull(X509_REQ_get_attr(NULL, 0));
+        ExpectNull(X509_REQ_get_attr(empty, 0));
         ExpectNotNull(attr = X509_REQ_get_attr(req, 1));
+        ExpectNull(X509_ATTRIBUTE_get0_type(NULL, 1));
+        ExpectNull(X509_ATTRIBUTE_get0_type(attr, 1));
+        ExpectNull(X509_ATTRIBUTE_get0_type(NULL, 0));
         ExpectNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
         ExpectNotNull(at->value.asn1_string);
         ExpectStrEQ((char*)ASN1_STRING_data(at->value.asn1_string),
@@ -69203,6 +49264,7 @@ static int test_wolfSSL_d2i_X509_REQ(void)
         bio = NULL;
         EVP_PKEY_free(pub_key);
         pub_key = NULL;
+        wolfSSL_X509_REQ_free(empty);
     }
     {
 #ifdef OPENSSL_ALL
@@ -69272,7 +49334,11 @@ static int test_wolfSSL_d2i_X509_REQ(void)
         /* Run the same test, but with a file pointer instead of a BIO.
          * (PEM_read_X509_REQ)*/
         ExpectTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE);
-        ExpectNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL));
+        ExpectNull(PEM_read_X509_REQ(XBADFILE, &req, NULL, NULL));
+        if (EXPECT_SUCCESS())
+            ExpectNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL));
+        else if (f != XBADFILE)
+            XFCLOSE(f);
         ExpectIntEQ(X509_REQ_verify(req, pub_key), 1);
 
         X509_free(req);
@@ -69338,10 +49404,10 @@ static int test_wolfSSL_PEM_read(void)
     ExpectTrue((fp = XFOPEN(filename, "rb")) != XBADFILE);
 
     /* Fail cases. */
-    ExpectIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_read(fp, NULL, &header, &data, &len), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_read(fp, &name, NULL, &data, &len), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_read(fp, &name, &header, NULL, &len), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_read(fp, &name, &header, &data, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
 
@@ -69393,9 +49459,9 @@ static int test_wolfSSL_PEM_read(void)
     ExpectIntGT(len, 0);
 
     /* Fail cases. */
-    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 #ifndef NO_DES3
     ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS);
@@ -69403,22 +49469,22 @@ static int test_wolfSSL_PEM_read(void)
 
     /* Fail cases. */
     ExpectIntEQ(PEM_do_header(NULL, data, &len, PasswordCallBack,
-        (void*)"yassl123"), WOLFSSL_FAILURE);
+        (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack,
-        (void*)"yassl123"), WOLFSSL_FAILURE);
+        (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack,
-        (void*)"yassl123"), WOLFSSL_FAILURE);
+        (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(PEM_do_header(&cipher, data, &len, NULL,
-        (void*)"yassl123"), WOLFSSL_FAILURE);
+        (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(PEM_do_header(&cipher, data, &len, NoPasswordCallBack,
-                              (void*)"yassl123"), WOLFSSL_FAILURE);
+                              (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #if !defined(NO_DES3) && !defined(NO_MD5)
     ExpectIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
                               (void*)"yassl123"), WOLFSSL_SUCCESS);
 #else
     ExpectIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
-                              (void*)"yassl123"), WOLFSSL_FAILURE);
+                              (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 
     BIO_free(bio);
@@ -69706,7 +49772,7 @@ static int test_wolfssl_EVP_aes_gcm(void)
         ciphertxtSz += len;
         ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG,
             AES_BLOCK_SIZE, tag));
-        ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]);
 
         EVP_CIPHER_CTX_init(&de[i]);
         if (i == 0) {
@@ -69791,7 +49857,7 @@ static int test_wolfssl_EVP_aes_gcm(void)
         ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
         ExpectIntEQ(0, len);
 
-        ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]);
     }
 #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */
     return EXPECT_RESULT();
@@ -70132,19 +50198,22 @@ static int test_wolfssl_EVP_chacha20_poly1305(void)
     EVP_CIPHER_CTX* ctx = NULL;
     int outSz;
 
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(iv, 0, sizeof(iv));
+
     /* Encrypt. */
     ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL,
                 NULL), WOLFSSL_SUCCESS);
     /* Invalid IV length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
-                CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WOLFSSL_FAILURE);
+                CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Valid IV length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
                 CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS);
     /* Invalid tag length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
-                CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WOLFSSL_FAILURE);
+                CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Valid tag length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
                 CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, NULL), WOLFSSL_SUCCESS);
@@ -70159,7 +50228,7 @@ static int test_wolfssl_EVP_chacha20_poly1305(void)
     ExpectIntEQ(outSz, 0);
     /* Invalid tag length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
-                CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WOLFSSL_FAILURE);
+                CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Valid tag length. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
                 CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS);
@@ -70228,7 +50297,7 @@ static int test_wolfssl_EVP_chacha20(void)
                 NULL), WOLFSSL_SUCCESS);
     /* Any tag length must fail - not an AEAD cipher. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
-                16, NULL), WOLFSSL_FAILURE);
+                16, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
                 sizeof(plainText)), WOLFSSL_SUCCESS);
@@ -70293,7 +50362,7 @@ static int test_wolfssl_EVP_sm4_ecb(void)
         WOLFSSL_SUCCESS);
     /* Any tag length must fail - not an AEAD cipher. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL),
         WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
@@ -70350,7 +50419,7 @@ static int test_wolfssl_EVP_sm4_cbc(void)
         WOLFSSL_SUCCESS);
     /* Any tag length must fail - not an AEAD cipher. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
         sizeof(plainText)), WOLFSSL_SUCCESS);
@@ -70418,7 +50487,7 @@ static int test_wolfssl_EVP_sm4_ctr(void)
         WOLFSSL_SUCCESS);
     /* Any tag length must fail - not an AEAD cipher. */
     ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL),
-        WOLFSSL_FAILURE);
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
     ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
         sizeof(plainText)), WOLFSSL_SUCCESS);
@@ -70814,48 +50883,48 @@ static int test_wolfSSL_EVP_PKEY_hkdf(void)
     ExpectNotNull((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)));
     ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
     /* NULL ctx. */
-    ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL md. */
-    ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_sha256()), WOLFSSL_SUCCESS);
     /* NULL ctx. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(NULL, salt, sizeof(salt)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL salt is ok. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, sizeof(salt)),
                 WOLFSSL_SUCCESS);
     /* Salt length <= 0. */
     /* Length 0 salt is ok. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, 0), WOLFSSL_SUCCESS);
-    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)),
                 WOLFSSL_SUCCESS);
     /* NULL ctx. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(NULL, key, sizeof(key)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL key. */
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, NULL, sizeof(key)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Key length <= 0 */
-    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, sizeof(key)),
                 WOLFSSL_SUCCESS);
     /* NULL ctx. */
     ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(NULL, info, sizeof(info)),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL info is ok. */
     ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, NULL, sizeof(info)),
                 WOLFSSL_SUCCESS);
     /* Info length <= 0 */
     /* Length 0 info is ok. */
     ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, 0), WOLFSSL_SUCCESS);
-    ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, sizeof(info)),
                 WOLFSSL_SUCCESS);
     /* NULL ctx. */
     ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(NULL, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY),
-                WOLFSSL_FAILURE);
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Extract and expand (default). */
     ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
     ExpectIntEQ(outKeySz, sizeof(extractAndExpand));
@@ -70896,6 +50965,7 @@ static int test_wolfSSL_PEM_X509_INFO_read_bio(void)
     BIO* bio = NULL;
     X509_INFO* info = NULL;
     STACK_OF(X509_INFO)* sk = NULL;
+    STACK_OF(X509_INFO)* sk2 = NULL;
     char* subject = NULL;
     char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/"
                   "CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
@@ -70908,12 +50978,14 @@ static int test_wolfSSL_PEM_X509_INFO_read_bio(void)
     ExpectIntEQ(sk_X509_INFO_num(sk), 2);
 
     /* using dereference to maintain testing for Apache port*/
+    ExpectNull(sk_X509_INFO_pop(NULL));
     ExpectNotNull(info = sk_X509_INFO_pop(sk));
     ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509),
         0, 0));
 
     ExpectIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1)));
     XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
+    subject = NULL;
     X509_INFO_free(info);
     info = NULL;
 
@@ -70923,11 +50995,47 @@ static int test_wolfSSL_PEM_X509_INFO_read_bio(void)
 
     ExpectIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2)));
     XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
+    subject = NULL;
     X509_INFO_free(info);
     ExpectNull(info = sk_X509_INFO_pop(sk));
 
     sk_X509_INFO_pop_free(sk, X509_INFO_free);
+    sk = NULL;
     BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null());
+    ExpectNotNull(bio = BIO_new(BIO_s_file()));
+    ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0);
+    ExpectNotNull(sk2 = PEM_X509_INFO_read_bio(bio, sk, NULL, NULL));
+    ExpectPtrEq(sk, sk2);
+    if (sk2 != sk) {
+        sk_X509_INFO_pop_free(sk, X509_INFO_free);
+    }
+    sk = NULL;
+    BIO_free(bio);
+    sk_X509_INFO_pop_free(sk2, X509_INFO_free);
+
+    ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null());
+    sk_X509_INFO_free(sk);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wolfSSL_PEM_X509_INFO_read(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    XFILE fp = XBADFILE;
+    STACK_OF(X509_INFO)* sk = NULL;
+
+    ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE);
+    ExpectNull(wolfSSL_PEM_X509_INFO_read(XBADFILE, NULL, NULL, NULL));
+    ExpectNotNull(sk = wolfSSL_PEM_X509_INFO_read(fp, NULL, NULL, NULL));
+
+    sk_X509_INFO_pop_free(sk, X509_INFO_free);
+    if (fp != XBADFILE)
+        XFCLOSE(fp);
 #endif
     return EXPECT_RESULT();
 }
@@ -70946,9 +51054,13 @@ static int test_wolfSSL_X509_NAME_ENTRY_get_object(void)
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(name = X509_get_subject_name(x509));
+    ExpectIntGE(X509_NAME_get_index_by_NID(NULL, NID_commonName, -1),
+        BAD_FUNC_ARG);
     ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0);
+    ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -2), 0);
 
     ExpectNotNull(ne = X509_NAME_get_entry(name, idx));
+    ExpectNull(X509_NAME_ENTRY_get_object(NULL));
     ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne));
 
     X509_free(x509);
@@ -71073,7 +51185,7 @@ static int test_wolfSSL_X509_STORE_set_get_crl_verify(int ok,
     }
     /* Ignore CRL missing error */
 #ifndef OPENSSL_COMPATIBLE_DEFAULTS
-    if (cert_error == CRL_MISSING)
+    if (cert_error == WC_NO_ERR_TRACE(CRL_MISSING))
 #else
     if (cert_error == X509_V_ERR_UNABLE_TO_GET_CRL)
 #endif
@@ -71117,12 +51229,22 @@ static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2(WOLFSSL_CTX* ctx)
 #endif
     X509_STORE_set_verify_cb(cert_store,
             test_wolfSSL_X509_STORE_set_get_crl_verify);
-    ExpectNotNull(param = X509_STORE_get0_param(cert_store));
+    ExpectNotNull(X509_STORE_get0_param(cert_store));
+    ExpectNotNull(param = X509_VERIFY_PARAM_new());
+    ExpectIntEQ(X509_VERIFY_PARAM_inherit(NULL, NULL) , WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, NULL) , WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_VERIFY_PARAM_inherit(param,
+            X509_STORE_get0_param(cert_store)), WOLFSSL_SUCCESS);
+    ExpectIntEQ(X509_VERIFY_PARAM_inherit(param,
+            X509_STORE_get0_param(cert_store)), 1);
     ExpectIntEQ(X509_VERIFY_PARAM_set_flags(
         param, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1);
+    ExpectIntEQ(X509_STORE_set1_param(cert_store, param), 1);
     ExpectIntEQ(X509_STORE_set_flags(cert_store,
             X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1);
 
+
+    X509_VERIFY_PARAM_free(param);
     return EXPECT_RESULT();
 }
 #endif
@@ -71175,7 +51297,7 @@ static int test_wolfSSL_dup_CA_list(void)
     for (i = 0; i < 3; i++) {
         name = X509_NAME_new();
         ExpectNotNull(name);
-        ExpectIntEQ(sk_X509_NAME_push(originalStack, name), WOLFSSL_SUCCESS);
+        ExpectIntEQ(sk_X509_NAME_push(originalStack, name), i+1);
         if (EXPECT_FAIL()) {
             X509_NAME_free(name);
         }
@@ -71183,6 +51305,7 @@ static int test_wolfSSL_dup_CA_list(void)
 
     copyStack = SSL_dup_CA_list(originalStack);
     ExpectNotNull(copyStack);
+    ExpectIntEQ(sk_X509_NAME_num(NULL), BAD_FUNC_ARG);
     originalCount = sk_X509_NAME_num(originalStack);
     copyCount = sk_X509_NAME_num(copyStack);
 
@@ -71193,6 +51316,24 @@ static int test_wolfSSL_dup_CA_list(void)
     originalStack = NULL;
     copyStack = NULL;
 
+    originalStack = sk_X509_NAME_new_null();
+    ExpectNull(sk_X509_NAME_pop(NULL));
+    ExpectNull(sk_X509_NAME_pop(originalStack));
+    for (i = 0; i < 3; i++) {
+        name = X509_NAME_new();
+        ExpectNotNull(name);
+        ExpectIntEQ(sk_X509_NAME_push(originalStack, name), i+1);
+        if (EXPECT_FAIL()) {
+            X509_NAME_free(name);
+        }
+        name = NULL;
+    }
+    ExpectNotNull(name = sk_X509_NAME_pop(originalStack));
+    X509_NAME_free(name);
+    wolfSSL_sk_X509_NAME_set_cmp_func(NULL, NULL);
+    wolfSSL_sk_X509_NAME_set_cmp_func(originalStack, NULL);
+    wolfSSL_sk_X509_NAME_pop_free(originalStack, X509_NAME_free);
+
     res = EXPECT_RESULT();
 #endif /* OPENSSL_ALL */
     return res;
@@ -71211,7 +51352,7 @@ static int test_ForceZero(void)
     for (i = 0; i < sizeof(data); i++) {
         for (len = 1; len < sizeof(data) - i; len++) {
             for (j = 0; j < sizeof(data); j++)
-                data[j] = j + 1;
+                data[j] = ((unsigned char)j + 1);
 
             ForceZero(data + i, len);
 
@@ -71293,8 +51434,8 @@ static int test_wolfSSL_X509_print(void)
 static int test_wolfSSL_X509_CRL_print(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_CRL)\
-    && !defined(NO_FILESYSTEM) && defined(XSNPRINTF)
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
+    !defined(NO_RSA) && !defined(NO_FILESYSTEM) && defined(XSNPRINTF)
     X509_CRL* crl = NULL;
     BIO *bio = NULL;
     XFILE fp = XBADFILE;
@@ -71321,7 +51462,7 @@ static int test_wolfSSL_BIO_get_len(void)
     BIO *bio = NULL;
     const char txt[] = "Some example text to push to the BIO.";
 
-    ExpectIntEQ(wolfSSL_BIO_get_len(bio), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
 
@@ -71331,7 +51472,7 @@ static int test_wolfSSL_BIO_get_len(void)
     bio = NULL;
 
     ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
-    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WOLFSSL_BAD_FILE);
+    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
     BIO_free(bio);
 #endif
     return EXPECT_RESULT();
@@ -71368,6 +51509,152 @@ static int test_wolfSSL_RSA(void)
     ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
     ExpectIntEQ(RSA_size(rsa), 256);
 
+#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)) && !defined(HAVE_SELFTEST)
+    {
+        /* Test setting only subset of parameters */
+        RSA *rsa2 = NULL;
+        unsigned char hash[SHA256_DIGEST_LENGTH];
+        unsigned char signature[2048/8];
+        unsigned int signatureLen = 0;
+        BIGNUM* n2 = NULL;
+        BIGNUM* e2 = NULL;
+        BIGNUM* d2 = NULL;
+        BIGNUM* p2 = NULL;
+        BIGNUM* q2 = NULL;
+        BIGNUM* dmp12 = NULL;
+        BIGNUM* dmq12 = NULL;
+        BIGNUM* iqmp2 = NULL;
+
+        XMEMSET(hash, 0, sizeof(hash));
+        RSA_get0_key(rsa, &n, &e, &d);
+        RSA_get0_factors(rsa, &p, &q);
+        RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa), 1);
+        /* Quick sanity check */
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+
+        /* Verifying */
+        ExpectNotNull(n2 = BN_dup(n));
+        ExpectNotNull(e2 = BN_dup(e));
+        ExpectNotNull(p2 = BN_dup(p));
+        ExpectNotNull(q2 = BN_dup(q));
+        ExpectNotNull(dmp12 = BN_dup(dmp1));
+        ExpectNotNull(dmq12 = BN_dup(dmq1));
+        ExpectNotNull(iqmp2 = BN_dup(iqmp));
+
+        ExpectNotNull(rsa2 = RSA_new());
+        ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, NULL), 1);
+        if (EXPECT_SUCCESS()) {
+            n2 = NULL;
+            e2 = NULL;
+        }
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
+        if (EXPECT_SUCCESS()) {
+            p2 = NULL;
+            q2 = NULL;
+        }
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1);
+        if (EXPECT_SUCCESS()) {
+            dmp12 = NULL;
+            dmq12 = NULL;
+            iqmp2 = NULL;
+        }
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa2), 1);
+        RSA_free(rsa2);
+        rsa2 = NULL;
+
+        BN_free(iqmp2);
+        iqmp2 = NULL;
+        BN_free(dmq12);
+        dmq12 = NULL;
+        BN_free(dmp12);
+        dmp12 = NULL;
+        BN_free(q2);
+        q2 = NULL;
+        BN_free(p2);
+        p2 = NULL;
+        BN_free(e2);
+        e2 = NULL;
+        BN_free(n2);
+        n2 = NULL;
+
+        ExpectNotNull(n2 = BN_dup(n));
+        ExpectNotNull(e2 = BN_dup(e));
+        ExpectNotNull(d2 = BN_dup(d));
+        ExpectNotNull(p2 = BN_dup(p));
+        ExpectNotNull(q2 = BN_dup(q));
+        ExpectNotNull(dmp12 = BN_dup(dmp1));
+        ExpectNotNull(dmq12 = BN_dup(dmq1));
+        ExpectNotNull(iqmp2 = BN_dup(iqmp));
+
+        /* Signing */
+        XMEMSET(signature, 0, sizeof(signature));
+        ExpectNotNull(rsa2 = RSA_new());
+        ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, d2), 1);
+        if (EXPECT_SUCCESS()) {
+            n2 = NULL;
+            e2 = NULL;
+            d2 = NULL;
+        }
+#if defined(WOLFSSL_SP_MATH) && !defined(RSA_LOW_MEM)
+        /* SP is not support signing without CRT parameters. */
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 0);
+        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
+        if (EXPECT_SUCCESS()) {
+            p2 = NULL;
+            q2 = NULL;
+        }
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 0);
+#else
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
+        if (EXPECT_SUCCESS()) {
+            p2 = NULL;
+            q2 = NULL;
+        }
+        XMEMSET(signature, 0, sizeof(signature));
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+#endif
+        ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1);
+        if (EXPECT_SUCCESS()) {
+            dmp12 = NULL;
+            dmq12 = NULL;
+            iqmp2 = NULL;
+        }
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+        RSA_free(rsa2);
+        rsa2 = NULL;
+
+        BN_free(iqmp2);
+        BN_free(dmq12);
+        BN_free(dmp12);
+        BN_free(q2);
+        BN_free(p2);
+        BN_free(d2);
+        BN_free(e2);
+        BN_free(n2);
+    }
+#endif
+
 #ifdef WOLFSSL_RSA_KEY_CHECK
     ExpectIntEQ(RSA_check_key(NULL), 0);
     ExpectIntEQ(RSA_check_key(rsa), 1);
@@ -71548,7 +51835,7 @@ static int test_wolfSSL_RSA_DER(void)
     buff = tbl[0].der;
     ExpectNull(d2i_RSAPrivateKey(&rsa, &buff, 1));
 
-    ExpectIntEQ(i2d_RSAPublicKey(NULL, NULL), BAD_FUNC_ARG);
+    ExpectIntEQ(i2d_RSAPublicKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     rsa = RSA_new();
     ExpectIntEQ(i2d_RSAPublicKey(rsa, NULL), 0);
     RSA_free(rsa);
@@ -71894,19 +52181,20 @@ static int test_wolfSSL_RSA_verify(void)
     ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
     if (fp != XBADFILE)
         XFCLOSE(fp);
+    ExpectNull(X509_get_pubkey(NULL));
     ExpectNotNull(evpPubkey = X509_get_pubkey(cert));
     ExpectNotNull(pubKey = EVP_PKEY_get1_RSA(evpPubkey));
     ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
         signatureLength, pubKey), SSL_SUCCESS);
 
     ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, NULL,
-        signatureLength, NULL), SSL_FAILURE);
+        signatureLength, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, signature,
-        signatureLength, pubKey), SSL_FAILURE);
+        signatureLength, pubKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, NULL,
-        signatureLength, pubKey), SSL_FAILURE);
+        signatureLength, pubKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
-        signatureLength, NULL), SSL_FAILURE);
+        signatureLength, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
 
     RSA_free(pKey);
@@ -72482,10 +52770,11 @@ static int test_wolfSSL_RSA_GenAdd(void)
     ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
 
     ExpectIntEQ(wolfSSL_RSA_GenAdd(NULL), -1);
-#ifndef RSA_LOW_MEM
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
+    !defined(RSA_LOW_MEM)
     ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), 1);
 #else
-    /* dmp1 and dmq1 are not set (allocated) when RSA_LOW_MEM. */
+    /* dmp1 and dmq1 are not set (allocated) in this config */
     ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1);
 #endif
 
@@ -72620,8 +52909,8 @@ static int test_wolfSSL_RSA_To_Der(void)
     rsa = NULL;
     ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
 
-    ExpectIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 0, HEAP_HINT), privDerSz);
     outDer = out;
@@ -72641,14 +52930,14 @@ static int test_wolfSSL_RSA_To_Der(void)
     RSA_free(rsa);
 
     ExpectNotNull(rsa = RSA_new());
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     RSA_free(rsa);
 
     der = pubDer;
     rsa = NULL;
     ExpectNotNull(wolfSSL_d2i_RSAPublicKey(&rsa, &der, pubDerSz));
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     RSA_free(rsa);
 #endif
 #endif
@@ -72824,6 +53113,30 @@ static int test_wolfSSL_DH(void)
     ExpectNotNull(dh->g);
     ExpectTrue(pt == buf);
     ExpectIntEQ(DH_generate_key(dh), 1);
+
+    /* first, test for expected successful key agreement. */
+    if (EXPECT_SUCCESS()) {
+        DH *dh2 = NULL;
+        unsigned char buf2[268];
+        int sz1 = 0, sz2 = 0;
+
+        ExpectNotNull(dh2 = d2i_DHparams(NULL, &pt, len));
+        ExpectIntEQ(DH_generate_key(dh2), 1);
+
+        ExpectIntGT(sz1=DH_compute_key(buf, dh2->pub_key, dh), 0);
+        ExpectIntGT(sz2=DH_compute_key(buf2, dh->pub_key, dh2), 0);
+        ExpectIntEQ(sz1, sz2);
+        ExpectIntEQ(XMEMCMP(buf, buf2, (size_t)sz1), 0);
+
+        ExpectIntNE(sz1 = DH_size(dh), 0);
+        ExpectIntEQ(DH_compute_key_padded(buf, dh2->pub_key, dh), sz1);
+        ExpectIntEQ(DH_compute_key_padded(buf2, dh->pub_key, dh2), sz1);
+        ExpectIntEQ(XMEMCMP(buf, buf2, (size_t)sz1), 0);
+
+        if (dh2 != NULL)
+            DH_free(dh2);
+    }
+
     ExpectIntEQ(DH_generate_key(dh), 1);
     ExpectIntEQ(DH_compute_key(NULL, NULL, NULL), -1);
     ExpectNotNull(pub = BN_new());
@@ -73057,7 +53370,7 @@ static int test_wolfSSL_DH(void)
     /* Test DH_up_ref() */
     dh = wolfSSL_DH_new();
     ExpectNotNull(dh);
-    ExpectIntEQ(wolfSSL_DH_up_ref(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_DH_up_ref(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_DH_up_ref(dh), WOLFSSL_SUCCESS);
     DH_free(dh); /* decrease ref count */
     DH_free(dh); /* free WOLFSSL_DH */
@@ -73148,7 +53461,7 @@ static int test_wolfSSL_DH_check(void)
     byte buf[6000];
     char file[] = "./certs/dsaparams.pem";
     XFILE f = XBADFILE;
-    int  bytes;
+    int  bytes = 0;
     BIO* bio = NULL;
     DSA* dsa = NULL;
 #elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
@@ -73566,12 +53879,12 @@ static int test_wolfSSL_PEM_write_DHparams(void)
 
     ExpectNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb"));
     ExpectIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS);
-    ExpectIntEQ(PEM_write_DHparams(fp, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_DHparams(fp, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     DH_free(dh);
     dh = NULL;
 
     dh = wolfSSL_DH_new();
-    ExpectIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_FAILURE);
+    ExpectIntEQ(PEM_write_DHparams(fp, dh), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     if (fp != XBADFILE) {
         XFCLOSE(fp);
         fp = XBADFILE;
@@ -74054,6 +54367,28 @@ static int test_wolfSSL_PEM_read_bio_ECPKParameters(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_i2d_ECPKParameters(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    EC_GROUP* grp = NULL;
+    unsigned char p256_oid[] = {
+        0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
+    };
+    unsigned char *der = p256_oid;
+    unsigned char out_der[sizeof(p256_oid)];
+
+    XMEMSET(out_der, 0, sizeof(out_der));
+    ExpectNotNull(d2i_ECPKParameters(&grp, (const unsigned char **)&der,
+            sizeof(p256_oid)));
+    der = out_der;
+    ExpectIntEQ(i2d_ECPKParameters(grp, &der), sizeof(p256_oid));
+    ExpectBufEQ(p256_oid, out_der, sizeof(p256_oid));
+    EC_GROUP_free(grp);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_EC_POINT(void)
 {
     EXPECT_DECLS;
@@ -74242,7 +54577,7 @@ static int test_wolfSSL_EC_POINT(void)
         ctx), WOLFSSL_SUCCESS);
 
     /* check if point X coordinate is zero */
-    ExpectIntEQ(BN_is_zero(X), WOLFSSL_FAILURE);
+    ExpectIntEQ(BN_is_zero(X), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* set the same X and Y points in another object */
     ExpectIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y,
@@ -74411,9 +54746,9 @@ static int test_wolfSSL_EC_POINT(void)
     ExpectIntEQ(ECPoint_i2d(group, Gxy, NULL, &blen), 1);
     ExpectIntEQ(blen, sizeof(binUncompG));
     ExpectNotNull(buf = (unsigned char*)XMALLOC(blen, NULL, DYNAMIC_TYPE_ECC));
-    blen -= 1;
+    blen--;
     ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 0);
-    blen += 1;
+    blen++;
     ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 1);
     ExpectIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
     XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
@@ -74745,6 +55080,18 @@ static int test_EC_i2d(void)
     ExpectNull(d2i_ECPrivateKey(&copy, &tmp, 1));
     ExpectNull(d2i_ECPrivateKey(&key, &tmp, 0));
 
+    {
+        EC_KEY *pubkey = NULL;
+        BIO* bio = NULL;
+
+        ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+        ExpectIntGT(BIO_write(bio, buf, len), 0);
+        ExpectNotNull(d2i_EC_PUBKEY_bio(bio, &pubkey));
+
+        BIO_free(bio);
+        EC_KEY_free(pubkey);
+    }
+
     ExpectIntEQ(i2d_ECPrivateKey(NULL, &p), 0);
     ExpectIntEQ(i2d_ECPrivateKey(NULL, NULL), 0);
 
@@ -74937,7 +55284,7 @@ static int test_wolfSSL_EC_KEY_dup(void)
     /* Test EC_KEY_up_ref */
     ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_EC_KEY_up_ref(ecKey), WOLFSSL_SUCCESS);
     /* reference count doesn't follow duplicate */
     ExpectNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
@@ -75089,12 +55436,12 @@ static int test_wolfSSL_EC_KEY_print_fp(void)
     EC_KEY* key = NULL;
 
     /* Bad file pointer. */
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* NULL key. */
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(NID_secp224r1)));
     /* Negative indent. */
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS);
@@ -75357,7 +55704,7 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey,
     BIGNUM* serial_number = NULL;
     X509_NAME* name = NULL;
     time_t epoch_off = 0;
-    ASN1_INTEGER* asn1_serial_number;
+    ASN1_INTEGER* asn1_serial_number = NULL;
     long not_before, not_after;
     int derSz;
 
@@ -75496,6 +55843,7 @@ static int test_stubs_are_stubs(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB) && \
+    !defined(NO_TLS) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL_CTX* ctxN = NULL;
@@ -75605,25 +55953,26 @@ static int test_wolfSSL_CTX_LoadCRL(void)
     EXPECT_DECLS;
 #if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
+    WOLFSSL_CERT_MANAGER* cm = NULL;
+    const char* issuerCert = "./certs/client-cert.pem";
+    const char* validFilePath = "./certs/crl/cliCrl.pem";
+    int pemType = WOLFSSL_FILETYPE_PEM;
+#ifndef NO_TLS
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
     const char* badPath = "dummypath";
     const char* validPath = "./certs/crl";
-    const char* validFilePath = "./certs/crl/cliCrl.pem";
-    const char* issuerCert = "./certs/client-cert.pem";
     int derType = WOLFSSL_FILETYPE_ASN1;
-    int pemType = WOLFSSL_FILETYPE_PEM;
 #ifdef HAVE_CRL_MONITOR
     int monitor = WOLFSSL_CRL_MONITOR;
 #else
     int monitor = 0;
 #endif
-    WOLFSSL_CERT_MANAGER* cm = NULL;
 
     #define FAIL_T1(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
-                                                BAD_FUNC_ARG)
+                                       WC_NO_ERR_TRACE(BAD_FUNC_ARG))
     #define FAIL_T2(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
-                                                NOT_COMPILED_IN)
+                                    WC_NO_ERR_TRACE(NOT_COMPILED_IN))
     #define SUCC_T(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
                                                 WOLFSSL_SUCCESS)
 #ifndef NO_WOLFSSL_CLIENT
@@ -75669,6 +56018,7 @@ static int test_wolfSSL_CTX_LoadCRL(void)
     ssl = NULL;
     wolfSSL_CTX_free(ctx);
     ctx = NULL;
+#endif /* !NO_TLS */
 
     ExpectNotNull(cm = wolfSSL_CertManagerNew());
     ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, issuerCert, NULL),
@@ -75680,46 +56030,130 @@ static int test_wolfSSL_CTX_LoadCRL(void)
     return EXPECT_RESULT();
 }
 
-#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL) && \
-    !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP)
-static int test_multiple_crls_same_issuer_ctx_ready(WOLFSSL_CTX* ctx)
+#if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
+    defined(HAVE_CRL_UPDATE_CB)
+int crlUpdateTestStatus = 0;
+WOLFSSL_CERT_MANAGER* updateCrlTestCm = NULL;
+static void updateCrlCb(CrlInfo* old, CrlInfo* cnew)
 {
-    EXPECT_DECLS;
-    wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
-    ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, "./certs/crl/crl.pem",
-        WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
-    return EXPECT_RESULT();
+    const char* crl1 = "./certs/crl/crl.pem";
+    const char* crlRevoked = "./certs/crl/crl.revoked";
+    byte *crl1Buff = NULL;
+    word32 crl1Sz;
+    byte *crlRevBuff = NULL;
+    word32  crlRevSz;
+    WOLFSSL_CERT_MANAGER* cm = updateCrlTestCm;
+    XFILE f;
+    word32 sz;
+    CrlInfo crl1Info;
+    CrlInfo crlRevInfo;
+
+    crlUpdateTestStatus = 0;
+    if (old == NULL || cnew == NULL) {
+        return;
+    }
+
+    AssertTrue((f = XFOPEN(crl1, "rb")) != XBADFILE);
+    AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
+    AssertIntGE(sz = (size_t) XFTELL(f), 1);
+    AssertTrue(XFSEEK(f, 0, XSEEK_SET) == 0);
+    AssertTrue( \
+        (crl1Buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL);
+    AssertTrue(XFREAD(crl1Buff, 1, sz, f) == sz);
+    XFCLOSE(f);
+    crl1Sz = sz;
+
+    AssertTrue((f = XFOPEN(crlRevoked, "rb")) != XBADFILE);
+    AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
+    AssertIntGE(sz = (size_t) XFTELL(f), 1);
+    AssertTrue(XFSEEK(f, 0, XSEEK_SET) == 0);
+    AssertTrue( \
+        (crlRevBuff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL);
+    AssertTrue(XFREAD(crlRevBuff, 1, sz, f) == sz);
+    XFCLOSE(f);
+    crlRevSz = sz;
+
+    AssertIntEQ(wolfSSL_CertManagerGetCRLInfo(
+        cm, &crl1Info, crl1Buff, crl1Sz, WOLFSSL_FILETYPE_PEM),
+        WOLFSSL_SUCCESS);
+    AssertIntEQ(wolfSSL_CertManagerGetCRLInfo(
+        cm, &crlRevInfo, crlRevBuff, crlRevSz, WOLFSSL_FILETYPE_PEM),
+        WOLFSSL_SUCCESS);
+
+    /* Old entry being replaced should match crl1 */
+    AssertIntEQ(crl1Info.issuerHashLen,  old->issuerHashLen);
+    AssertIntEQ(crl1Info.lastDateMaxLen, old->lastDateMaxLen);
+    AssertIntEQ(crl1Info.lastDateFormat, old->lastDateFormat);
+    AssertIntEQ(crl1Info.nextDateMaxLen, old->nextDateMaxLen);
+    AssertIntEQ(crl1Info.nextDateFormat, old->nextDateFormat);
+    AssertIntEQ(crl1Info.crlNumber,      old->crlNumber);
+    AssertIntEQ(XMEMCMP(
+        crl1Info.issuerHash, old->issuerHash, old->issuerHashLen), 0);
+    AssertIntEQ(XMEMCMP(
+        crl1Info.lastDate, old->lastDate, old->lastDateMaxLen), 0);
+    AssertIntEQ(XMEMCMP(
+        crl1Info.nextDate, old->nextDate, old->nextDateMaxLen), 0);
+
+    /* Newer entry should match crl revoked */
+    AssertIntEQ(crlRevInfo.issuerHashLen,  cnew->issuerHashLen);
+    AssertIntEQ(crlRevInfo.lastDateMaxLen, cnew->lastDateMaxLen);
+    AssertIntEQ(crlRevInfo.lastDateFormat, cnew->lastDateFormat);
+    AssertIntEQ(crlRevInfo.nextDateMaxLen, cnew->nextDateMaxLen);
+    AssertIntEQ(crlRevInfo.nextDateFormat, cnew->nextDateFormat);
+    AssertIntEQ(crlRevInfo.crlNumber,      cnew->crlNumber);
+    AssertIntEQ(XMEMCMP(
+        crlRevInfo.issuerHash, cnew->issuerHash, cnew->issuerHashLen), 0);
+    AssertIntEQ(XMEMCMP(
+        crlRevInfo.lastDate, cnew->lastDate, cnew->lastDateMaxLen), 0);
+    AssertIntEQ(XMEMCMP(
+        crlRevInfo.nextDate, cnew->nextDate, cnew->nextDateMaxLen), 0);
+
+    XFREE(crl1Buff, NULL, DYNAMIC_TYPE_FILE);
+    XFREE(crlRevBuff, NULL, DYNAMIC_TYPE_FILE);
+    crlUpdateTestStatus = 1;
 }
 #endif
 
-static int test_multiple_crls_same_issuer(void)
+static int test_wolfSSL_crl_update_cb(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL) && \
-    !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP)
-    test_ssl_cbf client_cbs, server_cbs;
-    struct {
-        const char* server_cert;
-        const char* server_key;
-    } test_params[] = {
-        { "./certs/server-cert.pem", "./certs/server-key.pem" },
-        { "./certs/server-revoked-cert.pem", "./certs/server-revoked-key.pem" }
-    };
-    size_t i;
+#if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
+    defined(HAVE_CRL_UPDATE_CB)
+    const char* crl1 =        "./certs/crl/crl.pem";
+    const char* crlRevoked =  "./certs/crl/crl.revoked";
+    const char* issuerCert =  "./certs/client-cert.pem";
+    const char* caCert     =  "./certs/ca-cert.pem";
+    const char* goodCert =    "./certs/server-cert.pem";
+    const char* revokedCert = "./certs/server-revoked-cert.pem";
+    int pemType = WOLFSSL_FILETYPE_PEM;
+    WOLFSSL_CERT_MANAGER* cm = NULL;
 
-    for (i = 0; i < (sizeof(test_params)/sizeof(*test_params)); i++) {
-        XMEMSET(&client_cbs, 0, sizeof(client_cbs));
-        XMEMSET(&server_cbs, 0, sizeof(server_cbs));
-
-        server_cbs.certPemFile = test_params[i].server_cert;
-        server_cbs.keyPemFile = test_params[i].server_key;
-        client_cbs.crlPemFile = "./certs/crl/extra-crls/general-server-crl.pem";
-
-        client_cbs.ctx_ready = test_multiple_crls_same_issuer_ctx_ready;
-
-        ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
-            &server_cbs, NULL), TEST_FAIL);
-    }
+    updateCrlTestCm = wolfSSL_CertManagerNew();
+    ExpectNotNull(updateCrlTestCm);
+    cm = updateCrlTestCm;
+    ExpectIntEQ(wolfSSL_CertManagerSetCRLUpdate_Cb(cm, updateCrlCb),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, caCert, NULL),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, issuerCert, NULL),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl1, pemType),
+        WOLFSSL_SUCCESS);
+    /* CRL1 does not have good cert revoked */
+    ExpectIntEQ(wolfSSL_CertManagerVerify(cm, goodCert, pemType),
+        WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerVerify(cm, revokedCert, pemType),
+        WOLFSSL_SUCCESS);
+    /* Load newer CRL from same issuer, callback verifies CRL entry details */
+    ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crlRevoked, pemType),
+        WOLFSSL_SUCCESS);
+    /* CRL callback verified entry info was as expected */
+    ExpectIntEQ(crlUpdateTestStatus, 1);
+    /* Ensure that both certs fail with newer CRL */
+    ExpectIntNE(wolfSSL_CertManagerVerify(cm, goodCert, pemType),
+        WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerVerify(cm, revokedCert, pemType),
+        WOLFSSL_SUCCESS);
 #endif
     return EXPECT_RESULT();
 }
@@ -75727,7 +56161,7 @@ static int test_multiple_crls_same_issuer(void)
 static int test_SetTmpEC_DHE_Sz(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT)
+#if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL *ssl = NULL;
 
@@ -75746,7 +56180,7 @@ static int test_SetTmpEC_DHE_Sz(void)
 static int test_wolfSSL_CTX_get0_privatekey(void)
 {
     EXPECT_DECLS;
-#ifdef OPENSSL_ALL
+#if defined(OPENSSL_ALL) && !defined(NO_TLS)
     WOLFSSL_CTX* ctx = NULL;
 
     (void)ctx;
@@ -75806,14 +56240,18 @@ static int test_wolfSSL_dtls_set_mtu(void)
     }
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
-    ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG);
-    ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE);
-    ExpectIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_get_error(ssl, WC_NO_ERR_TRACE(WOLFSSL_FAILURE)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS);
 
+#ifdef OPENSSL_EXTRA
+    ExpectIntEQ(SSL_set_mtu(ssl, 1488), WOLFSSL_SUCCESS);
+#endif
+
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
 #endif
@@ -75882,10 +56320,11 @@ static void test_wolfSSL_dtls_plaintext_server(WOLFSSL* ssl)
 static void test_wolfSSL_dtls_plaintext_client(WOLFSSL* ssl)
 {
     byte ch[50];
-    int fd = wolfSSL_get_fd(ssl);
+    int fd = wolfSSL_get_wfd(ssl);
     byte msg[] = "This is a msg for the server";
     byte reply[40];
 
+    AssertIntGE(fd, 0);
     generateDTLSMsg(ch, sizeof(ch), 20, client_hello, 0);
     /* Server should ignore this datagram */
     AssertIntEQ(send(fd, ch, sizeof(ch), 0), sizeof(ch));
@@ -75936,7 +56375,8 @@ static int test_wolfSSL_dtls_plaintext(void)
     return TEST_RES_CHECK(1);
 }
 #else
-static int test_wolfSSL_dtls_plaintext(void) {
+static int test_wolfSSL_dtls_plaintext(void)
+{
     return TEST_SKIPPED;
 }
 #endif
@@ -75951,7 +56391,7 @@ static void test_wolfSSL_dtls12_fragments_spammer(WOLFSSL* ssl)
     size_t seq_offset = 0;
     size_t msg_offset = 0;
     int i;
-    int fd = wolfSSL_get_fd(ssl);
+    int fd = wolfSSL_get_wfd(ssl);
     int ret = wolfSSL_connect_cert(ssl); /* This gets us past the cookie */
     word32 seq_number = 100; /* start high so server definitely reads this */
     word16 msg_number = 50; /* start high so server has to buffer this */
@@ -76013,7 +56453,7 @@ static void test_wolfSSL_dtls13_fragments_spammer(WOLFSSL* ssl)
     byte b[150]; /* buffer for the messages to send */
     size_t idx = 0;
     size_t msg_offset = 0;
-    int fd = wolfSSL_get_fd(ssl);
+    int fd = wolfSSL_get_wfd(ssl);
     word16 msg_number = 10; /* start high so server has to buffer this */
     int ret = wolfSSL_connect_cert(ssl); /* This gets us past the cookie */
     AssertIntEQ(ret, 1);
@@ -76044,9 +56484,10 @@ static void test_wolfSSL_dtls13_fragments_spammer(WOLFSSL* ssl)
         XMEMSET(&delay, 0, sizeof(delay));
         delay.tv_nsec = 10000000; /* wait 0.01 seconds */
         c16toa(msg_number, b + msg_offset);
-        sendSz = BuildTls13Message(ssl, sendBuf, sendSz, b,
+        ret = sendSz = BuildTls13Message(ssl, sendBuf, sendSz, b,
             (int)idx, handshake, 0, 0, 0);
-        ret = (int)send(fd, sendBuf, (size_t)sendSz, 0);
+        if (sendSz > 0)
+            ret = (int)send(fd, sendBuf, (size_t)sendSz, 0);
         nanosleep(&delay, NULL);
     }
 }
@@ -76089,14 +56530,14 @@ static int test_wolfSSL_dtls_fragments(void)
 
         /* The socket should be closed by the server resulting in a
          * socket error, fatal error or reading a close notify alert */
-        if (func_cb_client.last_err != SOCKET_ERROR_E &&
+        if (func_cb_client.last_err != WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
                 func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN &&
-                func_cb_client.last_err != FATAL_ERROR) {
-            ExpectIntEQ(func_cb_client.last_err, SOCKET_ERROR_E);
+                func_cb_client.last_err != WC_NO_ERR_TRACE(FATAL_ERROR)) {
+            ExpectIntEQ(func_cb_client.last_err, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
         }
         /* Check the server returned an error indicating the msg buffer
          * was full */
-        ExpectIntEQ(func_cb_server.last_err, DTLS_TOO_MANY_FRAGMENTS_E);
+        ExpectIntEQ(func_cb_server.last_err, WC_NO_ERR_TRACE(DTLS_TOO_MANY_FRAGMENTS_E));
 
         if (EXPECT_FAIL())
             break;
@@ -76118,7 +56559,8 @@ static void test_wolfSSL_dtls_send_alert(WOLFSSL* ssl)
         0x46 /* protocol version */
     };
 
-    fd = wolfSSL_get_fd(ssl);
+    fd = wolfSSL_get_wfd(ssl);
+    AssertIntGE(fd, 0);
     ret = (int)send(fd, alert_msg, sizeof(alert_msg), 0);
     AssertIntGT(ret, 0);
 }
@@ -76188,7 +56630,7 @@ static void test_wolfSSL_send_bad_record(WOLFSSL* ssl)
         0x03, 0x18, 0x72
     };
 
-    fd = wolfSSL_get_fd(ssl);
+    fd = wolfSSL_get_wfd(ssl);
     AssertIntGE(fd, 0);
     ret = (int)send(fd, bad_msg, sizeof(bad_msg), 0);
     AssertIntEQ(ret, sizeof(bad_msg));
@@ -76248,13 +56690,16 @@ static int test_wolfSSL_dtls_bad_record(void)
 }
 
 #else
-static int test_wolfSSL_dtls_fragments(void) {
+static int test_wolfSSL_dtls_fragments(void)
+{
     return TEST_SKIPPED;
 }
-static int test_wolfSSL_ignore_alert_before_cookie(void) {
+static int test_wolfSSL_ignore_alert_before_cookie(void)
+{
     return TEST_SKIPPED;
 }
-static int test_wolfSSL_dtls_bad_record(void) {
+static int test_wolfSSL_dtls_bad_record(void)
+{
     return TEST_SKIPPED;
 }
 #endif
@@ -76262,14 +56707,22 @@ static int test_wolfSSL_dtls_bad_record(void) {
 #if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
     !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
     defined(HAVE_IO_TESTS_DEPENDENCIES)
-static byte test_AEAD_fail_decryption = 0;
-static byte test_AEAD_seq_num = 0;
-static byte test_AEAD_done = 0;
+static volatile int test_AEAD_seq_num = 0;
+#ifdef WOLFSSL_ATOMIC_INITIALIZER
+wolfSSL_Atomic_Int test_AEAD_done = WOLFSSL_ATOMIC_INITIALIZER(0);
+#else
+static volatile int test_AEAD_done = 0;
+#endif
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+static wolfSSL_Mutex test_AEAD_mutex = WOLFSSL_MUTEX_INITIALIZER(test_AEAD_mutex);
+#endif
 
+static int test_AEAD_fail_decryption = 0;
 static int test_AEAD_cbiorecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
 {
-    int ret = (int)recv(wolfSSL_get_fd(ssl), buf, sz, 0);
-    if (ret > 0) {
+    int fd = wolfSSL_get_fd(ssl);
+    int ret = -1;
+    if (fd >= 0 && (ret = (int)recv(fd, buf, sz, 0)) > 0) {
         if (test_AEAD_fail_decryption) {
             /* Modify the packet to trigger a decryption failure */
             buf[ret/2] ^= 0xFF;
@@ -76368,12 +56821,19 @@ static void test_AEAD_limit_client(WOLFSSL* ssl)
 
     if (!w64IsZero(sendLimit)) {
         /* Test the sending limit for AEAD ciphers */
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+        (void)wc_LockMutex(&test_AEAD_mutex);
+#endif
         Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit;
         test_AEAD_seq_num = 1;
+        XMEMSET(msgBuf, 0, sizeof(msgBuf));
         ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf));
         AssertIntGT(ret, 0);
         didReKey = 0;
         w64Zero(&counter);
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+        wc_UnLockMutex(&test_AEAD_mutex);
+#endif
         /* 100 read calls should be enough to complete the key update */
         for (i = 0; i < 100; i++) {
             /* Key update should be sent and negotiated */
@@ -76394,10 +56854,14 @@ static void test_AEAD_limit_client(WOLFSSL* ssl)
     w64Decrement(&Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount);
     /* Connection should fail with a DECRYPT_ERROR */
     ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
-    AssertIntEQ(ret, WOLFSSL_FATAL_ERROR);
-    AssertIntEQ(wolfSSL_get_error(ssl, ret), DECRYPT_ERROR);
+    AssertIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    AssertIntEQ(wolfSSL_get_error(ssl, ret), WC_NO_ERR_TRACE(DECRYPT_ERROR));
 
+#ifdef WOLFSSL_ATOMIC_INITIALIZER
+    WOLFSSL_ATOMIC_STORE(test_AEAD_done, 1);
+#else
     test_AEAD_done = 1;
+#endif
 }
 
 int counter = 0;
@@ -76413,8 +56877,18 @@ static void test_AEAD_limit_server(WOLFSSL* ssl)
     tcp_set_nonblocking(&fd); /* So that read doesn't block */
     wolfSSL_dtls_set_using_nonblock(ssl, 1);
     test_AEAD_get_limits(ssl, NULL, NULL, &sendLimit);
-    while (!test_AEAD_done && ret > 0) {
+    while (!
+    #ifdef WOLFSSL_ATOMIC_INITIALIZER
+           WOLFSSL_ATOMIC_LOAD(test_AEAD_done)
+    #else
+           test_AEAD_done
+    #endif
+           && ret > 0)
+    {
         counter++;
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+        (void)wc_LockMutex(&test_AEAD_mutex);
+#endif
         if (test_AEAD_seq_num) {
             /* We need to update the seq number so that we can understand the
              * peer. Otherwise we will incorrectly interpret the seq number. */
@@ -76423,6 +56897,9 @@ static void test_AEAD_limit_server(WOLFSSL* ssl)
             e->nextPeerSeqNumber = sendLimit;
             test_AEAD_seq_num = 0;
         }
+#ifdef WOLFSSL_MUTEX_INITIALIZER
+        wc_UnLockMutex(&test_AEAD_mutex);
+#endif
         (void)wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
         ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf));
         nanosleep(&delay, NULL);
@@ -76511,7 +56988,8 @@ static void test_wolfSSL_dtls_send_ch(WOLFSSL* ssl)
         0x31, 0x68, 0x4c
     };
 
-    fd = wolfSSL_get_fd(ssl);
+    fd = wolfSSL_get_wfd(ssl);
+    AssertIntGE(fd, 0);
     ret = (int)send(fd, ch_msg, sizeof(ch_msg), 0);
     AssertIntGT(ret, 0);
     /* consume the HRR otherwise handshake will fail */
@@ -76582,13 +57060,17 @@ static void test_wolfSSL_dtls_send_ch_with_invalid_cookie(WOLFSSL* ssl)
         0x02, 0x02, 0x2f
     };
 
-    fd = wolfSSL_get_fd(ssl);
-    ret = (int)send(fd, ch_msh_invalid_cookie, sizeof(ch_msh_invalid_cookie), 0);
-    AssertIntGT(ret, 0);
-    /* should reply with an illegal_parameter reply */
-    ret = (int)recv(fd, alert_reply, sizeof(alert_reply), 0);
-    AssertIntEQ(ret, sizeof(expected_alert_reply));
-    AssertIntEQ(XMEMCMP(alert_reply, expected_alert_reply, sizeof(expected_alert_reply)), 0);
+    fd = wolfSSL_get_wfd(ssl);
+    if (fd >= 0) {
+        ret = (int)send(fd, ch_msh_invalid_cookie,
+                sizeof(ch_msh_invalid_cookie), 0);
+        AssertIntGT(ret, 0);
+        /* should reply with an illegal_parameter reply */
+        ret = (int)recv(fd, alert_reply, sizeof(alert_reply), 0);
+        AssertIntEQ(ret, sizeof(expected_alert_reply));
+        AssertIntEQ(XMEMCMP(alert_reply, expected_alert_reply,
+                sizeof(expected_alert_reply)), 0);
+    }
 }
 #endif
 
@@ -76700,7 +57182,7 @@ static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl)
 
     res = wolfSSL_accept(ssl);
     err = wolfSSL_get_error(ssl, res);
-    AssertIntEQ(res, WOLFSSL_FATAL_ERROR);
+    AssertIntEQ(res, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     AssertIntEQ(err, WOLFSSL_ERROR_WANT_READ);
 
     AssertIntEQ(initHash, test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl));
@@ -76781,7 +57263,7 @@ static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
     if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) {
         fprintf(stderr, "loading cert %s failed\n", certA);
         fprintf(stderr, "Error: (%d): %s\n", ret,
-            wolfSSL_ERR_reason_error_string(ret));
+            wolfSSL_ERR_reason_error_string((word32)ret));
         return -1;
     }
 
@@ -76795,7 +57277,7 @@ static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
                                                          != WOLFSSL_SUCCESS) {
         fprintf(stderr, "could not verify the cert: %s\n", certA);
         fprintf(stderr, "Error: (%d): %s\n", ret,
-            wolfSSL_ERR_reason_error_string(ret));
+            wolfSSL_ERR_reason_error_string((word32)ret));
         return -1;
     }
     else {
@@ -77074,7 +57556,7 @@ static int test_wolfSSL_THREADID_hash(void)
     CRYPTO_THREADID id;
 
     CRYPTO_THREADID_current(NULL);
-    /* Hash result is unsigned long. */
+    /* Hash result is word32. */
     ExpectTrue(CRYPTO_THREADID_hash(NULL) == 0UL);
     XMEMSET(&id, 0, sizeof(id));
     ExpectTrue(CRYPTO_THREADID_hash(&id) == 0UL);
@@ -77182,7 +57664,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
             if (ret != WOLFSSL_SUCCESS) {
                 err = wolfSSL_get_error(ssl, 0);
             }
-        } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
+        } while (ret != WOLFSSL_SUCCESS && err == WC_NO_ERR_TRACE(WC_PENDING_E));
     }
 
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
@@ -77216,7 +57698,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
     /* bidirectional shutdown */
     while (EXPECT_SUCCESS()) {
         ret = wolfSSL_shutdown(ssl);
-        ExpectIntNE(ret, WOLFSSL_FATAL_ERROR);
+        ExpectIntNE(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
         if (ret == WOLFSSL_SUCCESS) {
             break;
         }
@@ -77231,7 +57713,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
     }
 
     /* detect TCP disconnect */
-    ExpectIntLE(ret,WOLFSSL_FAILURE);
+    ExpectIntLE(ret,WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_get_error(ssl, ret), WOLFSSL_ERROR_ZERO_RETURN);
 
     ((func_args*)args)->return_code = EXPECT_RESULT();
@@ -77290,7 +57772,7 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args)
             if (ret != WOLFSSL_SUCCESS) {
                 err = wolfSSL_get_error(ssl, 0);
             }
-        } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
+        } while (ret != WOLFSSL_SUCCESS && err == WC_NO_ERR_TRACE(WC_PENDING_E));
     }
 
     ExpectIntGE(wolfSSL_write(ssl, msg, len), 0);
@@ -77383,7 +57865,7 @@ static int test_wolfSSL_read_detect_TCP_disconnect(void)
 static int test_wolfSSL_CTX_get_min_proto_version(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
+#if defined(OPENSSL_EXTRA) && !defined(NO_TLS)
     WOLFSSL_CTX *ctx = NULL;
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
@@ -77442,7 +57924,7 @@ static int test_wolfSSL_CTX_get_min_proto_version(void)
         wolfSSL_CTX_free(ctx);
         ctx = NULL;
     #endif
-#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
+#endif
     return EXPECT_RESULT();
 }
 
@@ -77569,7 +58051,11 @@ static int test_wolfSSL_security_level(void)
         #endif
         SSL_CTX_set_security_level(NULL, 1);
         SSL_CTX_set_security_level(ctx, 1);
+        #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+        ExpectIntEQ(SSL_CTX_get_security_level(NULL), BAD_FUNC_ARG);
+        #else
         ExpectIntEQ(SSL_CTX_get_security_level(NULL), 0);
+        #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
         /* Stub so nothing happens. */
         ExpectIntEQ(SSL_CTX_get_security_level(ctx), 0);
 
@@ -77581,10 +58067,707 @@ static int test_wolfSSL_security_level(void)
     return EXPECT_RESULT();
 }
 
+/* System wide crypto-policy test.
+ *
+ * Loads three different policies (legacy, default, future),
+ * then tests crypt_policy api.
+ * */
+static int test_wolfSSL_crypto_policy(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS)
+    int          rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    const char * policy_list[] = {
+        "examples/crypto_policies/legacy/wolfssl.txt",
+        "examples/crypto_policies/default/wolfssl.txt",
+        "examples/crypto_policies/future/wolfssl.txt",
+    };
+    const char * ciphers_list[] = {
+        "@SECLEVEL=1:EECDH:kRSA:EDH:PSK:DHEPSK:ECDHEPSK:RSAPSK"
+        ":!eNULL:!aNULL",
+        "@SECLEVEL=2:EECDH:kRSA:EDH:PSK:DHEPSK:ECDHEPSK:RSAPSK"
+        ":!RC4:!eNULL:!aNULL",
+        "@SECLEVEL=3:EECDH:EDH:PSK:DHEPSK:ECDHEPSK:!RSAPSK:!kRSA"
+        ":!AES128:!RC4:!eNULL:!aNULL:!SHA1",
+    };
+    int          seclevel_list[] = { 1, 2, 3 };
+    int          i = 0;
+
+    for (i = 0; i < 3; ++i) {
+        const char *  ciphers = NULL;
+        int           n_diff = 0;
+        WOLFSSL_CTX * ctx = NULL;
+        WOLFSSL     * ssl = NULL;
+
+        /* Enable crypto policy. */
+        rc = wolfSSL_crypto_policy_enable(policy_list[i]);
+        ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+        rc = wolfSSL_crypto_policy_is_enabled();
+        ExpectIntEQ(rc, 1);
+
+        /* Trying to enable while already enabled should return
+         * forbidden. */
+        rc = wolfSSL_crypto_policy_enable(policy_list[i]);
+        ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+
+        /* Security level and ciphers should match what is expected. */
+        rc = wolfSSL_crypto_policy_get_level();
+        ExpectIntEQ(rc, seclevel_list[i]);
+
+        ciphers = wolfSSL_crypto_policy_get_ciphers();
+        ExpectNotNull(ciphers);
+
+        if (ciphers != NULL) {
+            n_diff = XSTRNCMP(ciphers, ciphers_list[i], strlen(ciphers));
+            #ifdef DEBUG_WOLFSSL
+            if (n_diff) {
+                printf("error: got \n%s, expected \n%s\n",
+                       ciphers, ciphers_list[i]);
+            }
+            #endif /* DEBUG_WOLFSSL */
+            ExpectIntEQ(n_diff, 0);
+        }
+
+        /* TLSv1_2_method should work for all policies. */
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            ssl = wolfSSL_new(ctx);
+            ExpectNotNull(ssl);
+
+            /* These API should be rejected while enabled. */
+            rc = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_3);
+            ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+
+            rc = wolfSSL_SetMinVersion(ssl, WOLFSSL_TLSV1_3);
+            ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+        }
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        if (ssl != NULL) {
+            wolfSSL_free(ssl);
+            ssl = NULL;
+        }
+
+        wolfSSL_crypto_policy_disable();
+
+        /* Do the same test by buffer. */
+        rc = wolfSSL_crypto_policy_enable_buffer(ciphers_list[i]);
+        ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+        rc = wolfSSL_crypto_policy_is_enabled();
+        ExpectIntEQ(rc, 1);
+
+        /* Security level and ciphers should match what is expected. */
+        rc = wolfSSL_crypto_policy_get_level();
+        ExpectIntEQ(rc, seclevel_list[i]);
+
+        ciphers = wolfSSL_crypto_policy_get_ciphers();
+        ExpectNotNull(ciphers);
+
+        if (ciphers != NULL) {
+            n_diff = XSTRNCMP(ciphers, ciphers_list[i], strlen(ciphers));
+            #ifdef DEBUG_WOLFSSL
+            if (n_diff) {
+                printf("error: got \n%s, expected \n%s\n",
+                       ciphers, ciphers_list[i]);
+            }
+            #endif /* DEBUG_WOLFSSL */
+            ExpectIntEQ(n_diff, 0);
+        }
+
+        wolfSSL_crypto_policy_disable();
+    }
+
+    wolfSSL_crypto_policy_disable();
+
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */
+    return EXPECT_RESULT();
+}
+
+/* System wide crypto-policy test: certs and keys.
+ *
+ * Loads three different policies (legacy, default, future),
+ * then tests loading different certificates and keys of
+ * varying strength.
+ * */
+static int test_wolfSSL_crypto_policy_certs_and_keys(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS)
+    int          rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    const char * policy_list[] = {
+        "examples/crypto_policies/legacy/wolfssl.txt",
+        "examples/crypto_policies/default/wolfssl.txt",
+        "examples/crypto_policies/future/wolfssl.txt",
+    };
+    int          i = 0;
+
+    for (i = 0; i < 3; ++i) {
+        WOLFSSL_CTX * ctx = NULL;
+        WOLFSSL     * ssl = NULL;
+        int           is_legacy = 0;
+        int           is_future = 0;
+        /* certs */
+        const char *  cert1024 = "certs/1024/client-cert.pem";
+        const char *  cert2048 = "certs/client-cert.pem";
+        const char *  cert3072 = "certs/3072/client-cert.pem";
+        const char *  cert256 = "certs/client-ecc-cert.pem";
+        const char *  cert384 = "certs/client-ecc384-cert.pem";
+        /* keys */
+        const char *  key1024 = "certs/1024/client-key.pem";
+        const char *  key2048 = "certs/client-key.pem";
+        const char *  key3072 = "certs/3072/client-key.pem";
+        const char *  key256 = "certs/ecc-key.pem";
+        const char *  key384 = "certs/client-ecc384-key.pem";
+
+        is_legacy = (XSTRSTR(policy_list[i], "legacy") != NULL) ? 1 : 0;
+        is_future = (XSTRSTR(policy_list[i], "future") != NULL) ? 1 : 0;
+
+        /* Enable crypto policy. */
+        rc = wolfSSL_crypto_policy_enable(policy_list[i]);
+        ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+        rc = wolfSSL_crypto_policy_is_enabled();
+        ExpectIntEQ(rc, 1);
+
+        /* TLSv1_2_method should work for all policies. */
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        /* Test certs of varying strength. */
+        if (ctx != NULL) {
+            /* VERIFY_PEER must be set for key/cert checks to be done. */
+            wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
+
+            /* Test loading a cert with 1024 RSA key size.
+             * This should fail for all but legacy. */
+            rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert1024);
+
+            if (is_legacy) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, WOLFSSL_FAILURE);
+            }
+
+            /* Test loading a cert with 2048 RSA key size.
+             * Future crypto-policy is min 3072 RSA and DH key size,
+             * and should fail. */
+            rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert2048);
+
+            if (is_future) {
+                /* Future crypto-policy is min 3072 RSA and DH key size, this
+                 * and should fail. */
+                ExpectIntEQ(rc, WOLFSSL_FAILURE);
+
+                /* Set to VERIFY_NONE. This will disable key size checks,
+                 * it should now succeed. */
+                wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
+                rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert2048);
+
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+                /* Set back to verify peer. */
+                wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
+
+            }
+            else {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+
+            /* Test loading a CA cert with 3072 RSA key size.
+             * This should succeed for all policies. */
+            rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert3072);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* Test loading an ecc cert with 256 key size.
+             * This should succeed for all policies. */
+            rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert256);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* Test loading an ecc cert with 384 key size.
+             * This should succeed for all policies. */
+            rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert384);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* cleanup */
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        /* TLSv1_2_method should work for all policies. */
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        /* Repeat same tests for keys of varying strength. */
+        if (ctx != NULL) {
+            /* 1024 RSA */
+            rc = SSL_CTX_use_PrivateKey_file(ctx, key1024,
+                                             SSL_FILETYPE_PEM);
+
+            if (is_legacy) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, WOLFSSL_FAILURE);
+            }
+
+            /* 2048 RSA */
+            rc = SSL_CTX_use_PrivateKey_file(ctx, key2048,
+                                             SSL_FILETYPE_PEM);
+
+            if (!is_future) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, WOLFSSL_FAILURE);
+            }
+
+            /* 3072 RSA */
+            rc = SSL_CTX_use_PrivateKey_file(ctx, key3072,
+                                             SSL_FILETYPE_PEM);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* 256 ecc */
+            rc = SSL_CTX_use_PrivateKey_file(ctx, key256,
+                                             SSL_FILETYPE_PEM);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* 384 ecc */
+            rc = SSL_CTX_use_PrivateKey_file(ctx, key384,
+                                             SSL_FILETYPE_PEM);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* cleanup */
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        #ifdef HAVE_ECC
+        /* Test set ecc min key size. */
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            ssl = SSL_new(ctx);
+            ExpectNotNull(ssl);
+
+            /* Test setting ctx. */
+            rc = wolfSSL_CTX_SetMinEccKey_Sz(ctx, 160);
+            if (is_legacy) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+            }
+
+            rc = wolfSSL_CTX_SetMinEccKey_Sz(ctx, 224);
+            if (!is_future) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+            }
+
+            rc = wolfSSL_CTX_SetMinEccKey_Sz(ctx, 256);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* Test setting ssl. */
+            if (ssl != NULL) {
+                rc = wolfSSL_SetMinEccKey_Sz(ssl, 160);
+                if (is_legacy) {
+                    ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+                }
+                else {
+                    ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+                }
+
+                rc = wolfSSL_SetMinEccKey_Sz(ssl, 224);
+                if (!is_future) {
+                    ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+                }
+                else {
+                    ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+                }
+
+                rc = wolfSSL_SetMinEccKey_Sz(ssl, 256);
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+                wolfSSL_free(ssl);
+                ssl = NULL;
+            }
+
+            /* cleanup */
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+        #endif /* HAVE_ECC */
+
+        #if !defined(NO_RSA)
+        /* Test set rsa min key size. */
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            ssl = SSL_new(ctx);
+            ExpectNotNull(ssl);
+
+            /* Test setting ctx. */
+            rc = wolfSSL_CTX_SetMinRsaKey_Sz(ctx, 1024);
+            if (is_legacy) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+            }
+
+            rc = wolfSSL_CTX_SetMinRsaKey_Sz(ctx, 2048);
+            if (!is_future) {
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+            }
+            else {
+                ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+            }
+
+            rc = wolfSSL_CTX_SetMinRsaKey_Sz(ctx, 3072);
+            ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+            /* Test setting ssl. */
+            if (ssl != NULL) {
+                rc = wolfSSL_SetMinRsaKey_Sz(ssl, 1024);
+                if (is_legacy) {
+                    ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+                }
+                else {
+                    ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+                }
+
+                rc = wolfSSL_SetMinRsaKey_Sz(ssl, 2048);
+                if (!is_future) {
+                    ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+                }
+                else {
+                    ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN);
+                }
+
+                rc = wolfSSL_SetMinRsaKey_Sz(ssl, 3072);
+                ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+                wolfSSL_free(ssl);
+                ssl = NULL;
+            }
+
+            /* cleanup */
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+        #endif /* !NO_RSA */
+
+        wolfSSL_crypto_policy_disable();
+    }
+
+    wolfSSL_crypto_policy_disable();
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */
+    return EXPECT_RESULT();
+}
+
+/* System wide crypto-policy test: tls and dtls methods.
+ * */
+static int test_wolfSSL_crypto_policy_tls_methods(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS)
+    int          rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    const char * policy_list[] = {
+        "examples/crypto_policies/legacy/wolfssl.txt",
+        "examples/crypto_policies/default/wolfssl.txt",
+        "examples/crypto_policies/future/wolfssl.txt",
+    };
+    int          i = 0;
+
+    for (i = 0; i < 3; ++i) {
+        WOLFSSL_CTX * ctx = NULL;
+        int           is_legacy = 0;
+
+        is_legacy = (XSTRSTR(policy_list[i], "legacy") != NULL) ? 1 : 0;
+
+        /* Enable crypto policy. */
+        rc = wolfSSL_crypto_policy_enable(policy_list[i]);
+        ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+        rc = wolfSSL_crypto_policy_is_enabled();
+        ExpectIntEQ(rc, 1);
+
+        /* Try to use old TLS methods. Only allowed with legacy. */
+        #if !defined(NO_OLD_TLS)
+        ctx = wolfSSL_CTX_new(wolfTLSv1_1_method());
+
+        if (is_legacy) {
+            ExpectNotNull(ctx);
+        }
+        else {
+            ExpectNull(ctx);
+        }
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        #if defined(WOLFSSL_ALLOW_TLSV10)
+        ctx = wolfSSL_CTX_new(wolfTLSv1_method());
+
+        if (is_legacy) {
+            ExpectNotNull(ctx);
+        }
+        else {
+            ExpectNull(ctx);
+        }
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+        #endif /* WOLFSSL_ALLOW_TLSV10 */
+        #else
+        (void) is_legacy;
+        #endif /* !NO_OLD_TLS */
+
+        /* TLSv1_2_method should work for all policies. */
+        ctx = wolfSSL_CTX_new(wolfTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        ctx = wolfSSL_CTX_new(wolfTLSv1_3_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        ctx = wolfSSL_CTX_new(TLS_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        #ifdef WOLFSSL_DTLS
+        ctx = wolfSSL_CTX_new(DTLS_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        ctx = wolfSSL_CTX_new(wolfDTLSv1_2_method());
+        ExpectNotNull(ctx);
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        #ifndef NO_OLD_TLS
+        /* Only allowed with legacy. */
+        ctx = wolfSSL_CTX_new(wolfDTLSv1_method());
+
+        if (is_legacy) {
+            ExpectNotNull(ctx);
+        }
+        else {
+            ExpectNull(ctx);
+        }
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+        #endif /* !NO_OLD_TLS */
+        #endif /* WOLFSSL_DTLS */
+
+        wolfSSL_crypto_policy_disable();
+    }
+
+    wolfSSL_crypto_policy_disable();
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */
+    return EXPECT_RESULT();
+}
+
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS)
+/*  Helper function for test_wolfSSL_crypto_policy_ciphers.
+ *  Searches ssl suites for cipher string.
+ *
+ *  Returns   1 if found.
+ *  Returns   0 if not found.
+ *  Returns < 0 if error.
+ * */
+static int crypto_policy_cipher_found(const WOLFSSL * ssl,
+                                      const char *    cipher,
+                                      int             match)
+{
+    WOLF_STACK_OF(WOLFSSL_CIPHER) * sk = NULL;
+    WOLFSSL_CIPHER *                current = NULL;
+    const char *                    suite;
+    int                             found = 0;
+    int                             i = 0;
+
+    if (ssl == NULL || cipher == NULL || *cipher == '\0') {
+        return -1;
+    }
+
+    sk = wolfSSL_get_ciphers_compat(ssl);
+
+    if (sk == NULL) {
+        return -1;
+    }
+
+    do {
+        current = wolfSSL_sk_SSL_CIPHER_value(sk, i++);
+        if (current) {
+            suite = wolfSSL_CIPHER_get_name(current);
+            if (suite) {
+                if (match == 1) {
+                    /* prefix match */
+                    if (XSTRNCMP(suite, cipher, XSTRLEN(cipher)) == 0) {
+                        found = 1;
+                        break;
+                    }
+                }
+                else if (match == -1) {
+                    /* postfix match */
+                    if (XSTRLEN(suite) > XSTRLEN(cipher)) {
+                        const char * postfix = suite + XSTRLEN(suite)
+                                               - XSTRLEN(cipher);
+                        if (XSTRNCMP(postfix, cipher, XSTRLEN(cipher)) == 0) {
+                            found = 1;
+                            break;
+                        }
+                    }
+                }
+                else {
+                    /* needle in haystack match */
+                    if (XSTRSTR(suite, cipher)) {
+                        found = 1;
+                        break;
+                    }
+                }
+            }
+        }
+    } while (current);
+
+    return found == 1;
+}
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */
+
+/* System wide crypto-policy test: ciphers.
+ * */
+static int test_wolfSSL_crypto_policy_ciphers(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS)
+    int          rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    const char * policy_list[] = {
+        "examples/crypto_policies/legacy/wolfssl.txt",
+        "examples/crypto_policies/default/wolfssl.txt",
+        "examples/crypto_policies/future/wolfssl.txt",
+    };
+    int          seclevel_list[] = { 1, 2, 3 };
+    int          i = 0;
+    int          is_legacy = 0;
+    int          is_future = 0;
+
+    for (i = 0; i < 3; ++i) {
+        WOLFSSL_CTX * ctx = NULL;
+        WOLFSSL     * ssl = NULL;
+        int           found = 0;
+
+        is_legacy = (XSTRSTR(policy_list[i], "legacy") != NULL) ? 1 : 0;
+        is_future = (XSTRSTR(policy_list[i], "future") != NULL) ? 1 : 0;
+
+        (void) is_legacy;
+
+        /* Enable crypto policy. */
+        rc = wolfSSL_crypto_policy_enable(policy_list[i]);
+        ExpectIntEQ(rc, WOLFSSL_SUCCESS);
+
+        rc = wolfSSL_crypto_policy_is_enabled();
+        ExpectIntEQ(rc, 1);
+
+        ctx = wolfSSL_CTX_new(TLS_method());
+        ExpectNotNull(ctx);
+
+        ssl = SSL_new(ctx);
+        ExpectNotNull(ssl);
+
+        rc = wolfSSL_CTX_get_security_level(ctx);
+        ExpectIntEQ(rc, seclevel_list[i]);
+
+        rc = wolfSSL_get_security_level(ssl);
+        ExpectIntEQ(rc, seclevel_list[i]);
+
+        found = crypto_policy_cipher_found(ssl, "RC4", 0);
+        ExpectIntEQ(found, is_legacy);
+
+        /* We return a different cipher string depending on build settings. */
+        #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && \
+        !defined(NO_ERROR_STRINGS) && !defined(WOLFSSL_QT)
+        found = crypto_policy_cipher_found(ssl, "AES_128", 0);
+        ExpectIntEQ(found, !is_future);
+
+        found = crypto_policy_cipher_found(ssl, "TLS_DHE_RSA_WITH_AES", 1);
+        ExpectIntEQ(found, !is_future);
+
+        found = crypto_policy_cipher_found(ssl, "_SHA", -1);
+        ExpectIntEQ(found, !is_future);
+        #else
+        found = crypto_policy_cipher_found(ssl, "AES128", 0);
+        ExpectIntEQ(found, !is_future);
+
+        found = crypto_policy_cipher_found(ssl, "DHE-RSA-AES", 1);
+        ExpectIntEQ(found, !is_future);
+
+        found = crypto_policy_cipher_found(ssl, "-SHA", -1);
+        ExpectIntEQ(found, !is_future);
+        #endif
+
+        if (ssl != NULL) {
+            SSL_free(ssl);
+            ssl = NULL;
+        }
+
+        if (ctx != NULL) {
+            wolfSSL_CTX_free(ctx);
+            ctx = NULL;
+        }
+
+        wolfSSL_crypto_policy_disable();
+    }
+
+    wolfSSL_crypto_policy_disable();
+
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */
+    return EXPECT_RESULT();
+}
+
 static int test_wolfSSL_SSL_in_init(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_BIO)
+#if defined(OPENSSL_ALL) && !defined(NO_BIO) && !defined(NO_TLS)
     SSL_CTX* ctx = NULL;
     SSL*     ssl = NULL;
     const char* testCertFile;
@@ -77632,11 +58815,12 @@ static int test_wolfSSL_SSL_in_init(void)
 static int test_wolfSSL_CTX_set_timeout(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_SESSION_CACHE)
-    int timeout;
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \
+    !defined(NO_SESSION_CACHE)
     WOLFSSL_CTX* ctx = NULL;
-
-    (void)timeout;
+#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
+    int timeout;
+#endif
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
@@ -77644,20 +58828,20 @@ static int test_wolfSSL_CTX_set_timeout(void)
     /* in WOLFSSL_ERROR_CODE_OPENSSL macro guard,
      * wolfSSL_CTX_set_timeout returns previous timeout value on success.
      */
-    ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* giving 0 as timeout value sets default timeout */
     timeout = wolfSSL_CTX_set_timeout(ctx, 0);
     ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout);
     ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20);
 
 #else
-    ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
+    ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1);
     ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1);
 #endif
 
     wolfSSL_CTX_free(ctx);
-#endif /* !NO_WOLFSSL_SERVER && !NO_SESSION_CACHE*/
+#endif
     return EXPECT_RESULT();
 }
 
@@ -77681,7 +58865,7 @@ static int test_wolfSSL_OpenSSL_version(void)
 static int test_CONF_CTX_CMDLINE(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL)
+#if defined(OPENSSL_ALL) && !defined(NO_TLS)
     SSL_CTX* ctx = NULL;
     SSL_CONF_CTX* cctx = NULL;
 
@@ -77698,9 +58882,9 @@ static int test_CONF_CTX_CMDLINE(void)
     /* cmd invalid command */
     ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
     ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
-    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* cmd Certificate and Private Key*/
     {
@@ -77757,7 +58941,7 @@ static int test_CONF_CTX_CMDLINE(void)
 static int test_CONF_CTX_FILE(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_ALL)
+#if defined(OPENSSL_ALL) && !defined(NO_TLS)
     SSL_CTX* ctx = NULL;
     SSL_CONF_CTX* cctx = NULL;
 
@@ -77773,9 +58957,9 @@ static int test_CONF_CTX_FILE(void)
     /* sanity check */
     ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
     ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
-    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
-    ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
+    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* cmd Certificate and Private Key*/
     {
@@ -77836,7 +59020,7 @@ static int test_CONF_CTX_FILE(void)
 static int test_wolfSSL_CRYPTO_get_ex_new_index(void)
 {
     EXPECT_DECLS;
-#ifdef HAVE_EX_DATA
+#ifdef HAVE_EX_DATA_CRYPTO
     int idx1, idx2;
 
     /* test for unsupported class index */
@@ -77901,15 +59085,11 @@ static int test_wolfSSL_CRYPTO_get_ex_new_index(void)
     ExpectIntNE(idx1, -1);
     ExpectIntNE(idx2, -1);
     ExpectIntNE(idx1, idx2);
-#endif /* HAVE_EX_DATA */
+#endif /* HAVE_EX_DATA_CRYPTO */
     return EXPECT_RESULT();
 }
 
-#if defined(HAVE_EX_DATA) && defined(HAVE_EXT_CACHE) && \
-    (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
-        (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-        defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
-        defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))))
+#if defined(HAVE_EX_DATA_CRYPTO) && defined(OPENSSL_EXTRA)
 
 #define SESSION_NEW_IDX_LONG 0xDEADBEEF
 #define SESSION_NEW_IDX_VAL  ((void*)0xAEADAEAD)
@@ -77998,7 +59178,7 @@ static int test_wolfSSL_SESSION_get_ex_new_index(void)
 static int test_wolfSSL_set_psk_use_session_callback(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_PSK)
+#if defined(OPENSSL_EXTRA) && !defined(NO_PSK) && !defined(NO_TLS)
     SSL_CTX* ctx = NULL;
     SSL*     ssl = NULL;
     const char* testCertFile;
@@ -78044,6 +59224,95 @@ static int test_wolfSSL_set_psk_use_session_callback(void)
     return EXPECT_RESULT();
 }
 
+/* similar to error_test() in wolfcrypt/test/test.c, but adding error codes from
+ * TLS layer.
+ */
+static int error_test(void)
+{
+    EXPECT_DECLS;
+    const char* errStr;
+    const char* unknownStr = wc_GetErrorString(0);
+
+#ifdef NO_ERROR_STRINGS
+    /* Ensure a valid error code's string matches an invalid code's.
+     * The string is that error strings are not available.
+     */
+    errStr = wc_GetErrorString(OPEN_RAN_E);
+    ExpectIntEQ(XSTRCMP(errStr, unknownStr), 0);
+    if (EXPECT_FAIL())
+        return OPEN_RAN_E;
+#else
+    int i;
+    int j = 0;
+    /* Values that are not or no longer error codes. */
+    static const struct {
+        int first;
+        int last;
+    } missing[] = {
+#ifndef OPENSSL_EXTRA
+        { 0, 0 },
+#endif
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
+        { -11, -12 },
+        { -15, -17 },
+        { -19, -19 },
+        { -26, -27 },
+        { -30, WC_SPAN1_FIRST_E + 1 },
+#else
+        { -9, WC_SPAN1_FIRST_E + 1 },
+#endif
+        { -124, -124 },
+        { -167, -169 },
+        { -300, -300 },
+        { -334, -336 },
+        { -346, -349 },
+        { -356, -356 },
+        { -358, -358 },
+        { -384, -384 },
+        { -466, -499 },
+        { WOLFSSL_LAST_E - 1, WC_SPAN2_FIRST_E + 1 },
+        { WC_SPAN2_LAST_E - 1, MIN_CODE_E }
+    };
+
+    /* Check that all errors have a string and it's the same through the two
+     * APIs. Check that the values that are not errors map to the unknown
+     * string.
+     */
+    for (i = 0; i >= MIN_CODE_E; i--) {
+        int this_missing = 0;
+        for (j = 0; j < (int)XELEM_CNT(missing); ++j) {
+            if ((i <= missing[j].first) && (i >= missing[j].last)) {
+                this_missing = 1;
+                break;
+            }
+        }
+        errStr = wolfSSL_ERR_reason_error_string((word32)i);
+
+        if (! this_missing) {
+            ExpectIntNE(XSTRCMP(errStr, unknownStr), 0);
+            if (EXPECT_FAIL()) {
+                return i;
+            }
+            ExpectTrue(XSTRLEN(errStr) < WOLFSSL_MAX_ERROR_SZ);
+            if (EXPECT_FAIL()) {
+                return i;
+            }
+        }
+        else {
+            j++;
+            ExpectIntEQ(XSTRCMP(errStr, unknownStr), 0);
+            if (EXPECT_FAIL()) {
+                return i;
+            }
+        }
+    }
+#endif
+
+    return 1;
+}
+
 static int test_wolfSSL_ERR_strings(void)
 {
     EXPECT_DECLS;
@@ -78058,27 +59327,28 @@ static int test_wolfSSL_ERR_strings(void)
     (void)err2;
 
 #if defined(OPENSSL_EXTRA)
-    ExpectNotNull(err = ERR_reason_error_string(UNSUPPORTED_SUITE));
+    ExpectNotNull(err = ERR_reason_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE)));
     ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
 
-    ExpectNotNull(err = ERR_func_error_string(UNSUPPORTED_SUITE));
+    ExpectNotNull(err = ERR_func_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE)));
     ExpectIntEQ((*err == '\0'), 1);
 
     ExpectNotNull(err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD));
     ExpectIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0);
 #else
-    ExpectNotNull(err = wolfSSL_ERR_reason_error_string(UNSUPPORTED_SUITE));
+    ExpectNotNull(err = wolfSSL_ERR_reason_error_string(WC_NO_ERR_TRACE((word32)UNSUPPORTED_SUITE)));
     ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
 
-    ExpectNotNull(err = wolfSSL_ERR_func_error_string(UNSUPPORTED_SUITE));
+    ExpectNotNull(err = wolfSSL_ERR_func_error_string(WC_NO_ERR_TRACE((word32)UNSUPPORTED_SUITE)));
     ExpectIntEQ((*err == '\0'), 1);
 
-    /* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */
-    ExpectNotNull(err = wolfSSL_ERR_lib_error_string(-MIN_CODE_E+2));
+    ExpectNotNull(err = wolfSSL_ERR_lib_error_string(-WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E));
     ExpectIntEQ((*err == '\0'), 1);
 #endif
 #endif
 
+    ExpectIntEQ(error_test(), 1);
+
     return EXPECT_RESULT();
 }
 static int test_wolfSSL_EVP_shake128(void)
@@ -78142,13 +59412,13 @@ static int test_wolfSSL_EVP_sm3(void)
     ExpectTrue(mdCtx != NULL);
 
     /* Invalid Parameters */
-    ExpectIntEQ(EVP_DigestInit(NULL, md), BAD_FUNC_ARG);
+    ExpectIntEQ(EVP_DigestInit(NULL, md), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     /* Valid Parameters */
     ExpectIntEQ(EVP_DigestInit(mdCtx, md), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(EVP_DigestUpdate(NULL, NULL, 1), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 1), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestUpdate(NULL, data, 1), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_DigestUpdate(NULL, NULL, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestUpdate(NULL, data, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Valid Parameters */
     ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 0), WOLFSSL_SUCCESS);
@@ -78165,11 +59435,11 @@ static int test_wolfSSL_EVP_sm3(void)
         WOLFSSL_SUCCESS);
 
     /* Invalid Parameters */
-    ExpectIntEQ(EVP_DigestFinal(NULL, NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WOLFSSL_FAILURE);
-    ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WOLFSSL_FAILURE);
+    ExpectIntEQ(EVP_DigestFinal(NULL, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 
     /* Valid Parameters */
     ExpectIntEQ(EVP_DigestFinal(mdCtx, hash, NULL), WOLFSSL_SUCCESS);
@@ -78212,12 +59482,12 @@ static int test_EVP_blake2(void)
 
 #if defined(HAVE_BLAKE2)
     ExpectNotNull(md = EVP_blake2b512());
-    ExpectIntEQ(XSTRNCMP(md, "BLAKE2B512", XSTRLEN("BLAKE2B512")), 0);
+    ExpectIntEQ(XSTRNCMP(md, "BLAKE2b512", XSTRLEN("BLAKE2b512")), 0);
 #endif
 
 #if defined(HAVE_BLAKE2S)
     ExpectNotNull(md = EVP_blake2s256());
-    ExpectIntEQ(XSTRNCMP(md, "BLAKE2S256", XSTRLEN("BLAKE2S256")), 0);
+    ExpectIntEQ(XSTRNCMP(md, "BLAKE2s256", XSTRLEN("BLAKE2s256")), 0);
 #endif
 #endif
 
@@ -78323,7 +59593,7 @@ static int test_SSL_CIPHER_get_xxx(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
-       !defined(NO_FILESYSTEM)
+    !defined(NO_FILESYSTEM) && !defined(NO_TLS)
     const SSL_CIPHER* cipher = NULL;
     STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
     int i, numCiphers = 0;
@@ -78477,18 +59747,16 @@ static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer,
     (void)encInfo; /* not used in this test */
 
 #ifdef DEBUG_WOLFSSL
-    if (*pDer != NULL) {
-        fprintf(stderr, "%s (%d): Loading PEM %s (len %d) to DER (len %d)\n",
-                (ret == 0) ? "Success" : "Failure", ret, privKeyFile,
-                (int)key_sz, (*pDer)->length);
-    }
+    fprintf(stderr, "%s (%d): Loading PEM %s (len %d) to DER (len %d)\n",
+        (ret == 0) ? "Success" : "Failure", ret, privKeyFile, (int)key_sz,
+        (*pDer)->length);
 #endif
 
     return ret;
 }
 static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
 {
-    int ret = CRYPTOCB_UNAVAILABLE;
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     const char* privKeyFile = (const char*)ctx;
     DerBuffer* pDer = NULL;
     int keyFormat = 0;
@@ -78504,7 +59772,7 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
                 case RSA_PUBLIC_ENCRYPT:
                 case RSA_PUBLIC_DECRYPT:
                     /* perform software based RSA public op */
-                    ret = CRYPTOCB_UNAVAILABLE; /* fallback to software */
+                    ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); /* fallback to software */
                     break;
                 case RSA_PRIVATE_ENCRYPT:
                 case RSA_PRIVATE_DECRYPT:
@@ -78551,6 +59819,77 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
                 info->pk.rsa.type, ret, *info->pk.rsa.outLen);
         #endif
         }
+        #ifdef WOLF_CRYPTO_CB_RSA_PAD
+        else if (info->pk.type == WC_PK_TYPE_RSA_PKCS ||
+                 info->pk.type == WC_PK_TYPE_RSA_PSS  ||
+                 info->pk.type == WC_PK_TYPE_RSA_OAEP) {
+            RsaKey key;
+
+            if (info->pk.rsa.type == RSA_PUBLIC_ENCRYPT ||
+                info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
+                /* Have all public key ops fall back to SW */
+                return CRYPTOCB_UNAVAILABLE;
+            }
+
+            if (info->pk.rsa.padding == NULL) {
+                return BAD_FUNC_ARG;
+            }
+
+            /* Initialize key */
+            ret = load_pem_key_file_as_der(privKeyFile, &pDer,
+                &keyFormat);
+            if (ret != 0) {
+                return ret;
+            }
+
+            ret = wc_InitRsaKey(&key, HEAP_HINT);
+            if (ret == 0) {
+                word32 keyIdx = 0;
+                /* load RSA private key and perform private transform */
+                ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx,
+                    &key, pDer->length);
+            }
+            /* Perform RSA operation */
+            if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_PKCS)) {
+            #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
+                ret = wc_RsaSSL_Sign(info->pk.rsa.in, info->pk.rsa.inLen,
+                    info->pk.rsa.out, *info->pk.rsa.outLen, &key,
+                    info->pk.rsa.rng);
+            #else
+                ret = CRYPTOCB_UNAVAILABLE;
+            #endif
+            }
+            if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_PSS)) {
+            #ifdef WC_RSA_PSS
+                ret = wc_RsaPSS_Sign_ex(info->pk.rsa.in, info->pk.rsa.inLen,
+                    info->pk.rsa.out, *info->pk.rsa.outLen,
+                    info->pk.rsa.padding->hash, info->pk.rsa.padding->mgf,
+                    info->pk.rsa.padding->saltLen, &key, info->pk.rsa.rng);
+            #else
+                ret = CRYPTOCB_UNAVAILABLE;
+            #endif
+            }
+            if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_OAEP)) {
+            #if !defined(WC_NO_RSA_OAEP) || defined(WC_RSA_NO_PADDING)
+                ret = wc_RsaPrivateDecrypt_ex(
+                    info->pk.rsa.in, info->pk.rsa.inLen,
+                    info->pk.rsa.out, *info->pk.rsa.outLen,
+                    &key, WC_RSA_OAEP_PAD, info->pk.rsa.padding->hash,
+                    info->pk.rsa.padding->mgf, info->pk.rsa.padding->label,
+                    info->pk.rsa.padding->labelSz);
+            #else
+                ret = CRYPTOCB_UNAVAILABLE;
+            #endif
+            }
+
+            if (ret > 0) {
+                *info->pk.rsa.outLen = ret;
+            }
+
+            wc_FreeRsaKey(&key);
+            wc_FreeDer(&pDer); pDer = NULL;
+        }
+        #endif /* ifdef WOLF_CRYPTO_CB_RSA_PAD */
     #endif /* !NO_RSA */
     #ifdef HAVE_ECC
         if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
@@ -79091,12 +60430,12 @@ static int test_wolfSSL_FIPS_mode(void)
 #if defined(OPENSSL_ALL)
 #ifdef HAVE_FIPS
     ExpectIntEQ(wolfSSL_FIPS_mode(), 1);
-    ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_SUCCESS);
 #else
     ExpectIntEQ(wolfSSL_FIPS_mode(), 0);
     ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_FAILURE);
+    ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 #endif
 #endif
     return EXPECT_RESULT();
@@ -79340,18 +60679,31 @@ static int test_wolfSSL_dtls_stateless2(void)
     XMEMSET(&test_ctx, 0, sizeof(test_ctx));
     ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
         wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
-    ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c));
-    wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
-    wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c2, NULL,
+        wolfDTLSv1_2_client_method, NULL), 0);
+    ExpectFalse(wolfSSL_is_stateful(ssl_s));
     /* send CH */
-    ExpectTrue((wolfSSL_connect(ssl_c2) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c2->error == WANT_READ));
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ)));
+    ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), WOLFSSL_FAILURE);
+    ExpectFalse(wolfSSL_is_stateful(ssl_s));
     ExpectIntNE(test_ctx.c_len, 0);
     /* consume HRR */
     test_ctx.c_len = 0;
+    /* send CH1 */
+    ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+            WOLFSSL_ERROR_WANT_READ);
+    /* send HRR */
+    ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), WOLFSSL_FAILURE);
+    /* send CH2 */
+    ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+            WOLFSSL_ERROR_WANT_READ);
+    /* send HRR */
+    ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), WOLFSSL_SUCCESS);
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+    ExpectTrue(wolfSSL_is_stateful(ssl_s));
 
     wolfSSL_free(ssl_c2);
     wolfSSL_free(ssl_c);
@@ -79376,19 +60728,20 @@ static int test_wolfSSL_dtls_stateless_maxfrag(void)
     XMEMSET(&test_ctx, 0, sizeof(test_ctx));
     ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
         wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
+    ExpectNotNull(ssl_s);
     ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c));
     ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c2, WOLFSSL_MFL_2_8),
         WOLFSSL_SUCCESS);
     wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
     wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
-    if (ssl_s != NULL) {
+    if (EXPECT_SUCCESS()) {
         max_fragment = ssl_s->max_fragment;
     }
     /* send CH */
-    ExpectTrue((wolfSSL_connect(ssl_c2) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c2->error == WANT_READ));
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ)));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* CH without cookie shouldn't change state */
     ExpectIntEQ(ssl_s->max_fragment, max_fragment);
     ExpectIntNE(test_ctx.c_len, 0);
@@ -79470,10 +60823,10 @@ static int _test_wolfSSL_dtls_stateless_resume(byte useticket, byte bad)
     wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx);
     wolfSSL_SetIOReadCtx(ssl_s, &test_ctx);
     ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
-    ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == WANT_READ));
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     ExpectFalse(bad && !buf_is_hvr(test_ctx.c_buff, test_ctx.c_len));
     ExpectFalse(!bad && buf_is_hvr(test_ctx.c_buff, test_ctx.c_len));
     if (!useticket) {
@@ -79526,10 +60879,10 @@ static int test_wolfSSL_dtls_stateless_downgrade(void)
     wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
     wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
     /* send CH */
-    ExpectTrue((wolfSSL_connect(ssl_c2) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c2->error == WANT_READ));
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ)));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     ExpectIntNE(test_ctx.c_len, 0);
     /* consume HRR */
     test_ctx.c_len = 0;
@@ -79566,23 +60919,23 @@ static int test_WOLFSSL_dtls_version_alert(void)
         wolfDTLSv1_2_client_method, wolfDTLSv1_server_method), 0);
 
     /* client hello */
-    ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* hrr */
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* client hello 1 */
-    ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == WANT_READ));
+    ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* server hello */
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == WANT_READ));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     /* should fail */
-    ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == VERSION_ERROR));
+    ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(VERSION_ERROR)));
     /* shuould fail */
-    ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_s->error == VERSION_ERROR || ssl_s->error == FATAL_ERROR));
+    ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_s->error == WC_NO_ERR_TRACE(VERSION_ERROR) || ssl_s->error == WC_NO_ERR_TRACE(FATAL_ERROR)));
 
     wolfSSL_free(ssl_c);
     wolfSSL_free(ssl_s);
@@ -79678,8 +61031,8 @@ static int test_ticket_nonce_malloc_do(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len)
     char *buf[1024];
 
     ExpectIntEQ(send_new_session_ticket(ssl_s, len, len), 0);
-    ExpectTrue((wolfSSL_recv(ssl_c, buf, 1024, 0) == WOLFSSL_FATAL_ERROR) &&
-        (ssl_c->error == WANT_READ));
+    ExpectTrue((wolfSSL_recv(ssl_c, buf, 1024, 0) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) &&
+        (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
 
     ExpectIntEQ(test_ticket_nonce_check(ssl_c->session, len), 0);
 
@@ -79737,10 +61090,10 @@ static int test_ticket_nonce_malloc(void)
     while (EXPECT_SUCCESS() && (ssl_c->options.handShakeDone == 0) &&
             (ssl_s->options.handShakeDone == 0)) {
         ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_SUCCESS) ||
-            (ssl_c->error == WANT_READ));
+            (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ)));
 
         ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_SUCCESS) ||
-            (ssl_s->error == WANT_READ));
+            (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ)));
     }
 
     small = TLS13_TICKET_NONCE_STATIC_SZ;
@@ -80105,7 +61458,7 @@ static int test_wolfSSL_CRL_CERT_REVOKED_alert(void)
     server_cbs.on_cleanup = test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup;
 
     ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
-        &server_cbs, NULL), TEST_FAIL);
+        &server_cbs, NULL), -1001);
 
     return EXPECT_RESULT();
 }
@@ -80278,7 +61631,7 @@ static int test_extra_alerts_wrong_cs(void)
 
     /* CH */
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     /* consume CH */
@@ -80289,7 +61642,7 @@ static int test_extra_alerts_wrong_cs(void)
     test_ctx.c_len = sizeof(test_extra_alerts_wrong_cs_sh);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntNE(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
     ExpectIntEQ(h.last_tx.code, handshake_failure);
@@ -80342,7 +61695,7 @@ static int test_wrong_cs_downgrade(void)
 
     /* CH */
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     /* consume CH */
@@ -80353,8 +61706,14 @@ static int test_wrong_cs_downgrade(void)
     test_ctx.c_len = sizeof(test_wrong_cs_downgrade_sh);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
-        MATCH_SUITE_ERROR);
+#ifdef OPENSSL_EXTRA
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(WOLFSSL_ERROR_SYSCALL));
+#else
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(MATCH_SUITE_ERROR));
+#endif /* OPENSSL_EXTRA */
+
 
     wolfSSL_free(ssl_c);
     wolfSSL_CTX_free(ctx_c);
@@ -80462,16 +61821,16 @@ static int test_remove_hs_message(byte hs_message_type,
         wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     if (extra_round) {
         ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-        ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
             WOLFSSL_ERROR_WANT_READ);
 
         /* this will complete handshake from server side */
@@ -80490,7 +61849,7 @@ static int test_remove_hs_message(byte hs_message_type,
     }
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntNE(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
     ExpectTrue(alert_type == 0xff || h.last_tx.code == alert_type);
@@ -80565,15 +61924,15 @@ static int test_extra_alerts_bad_psk(void)
     wolfSSL_set_psk_server_callback(ssl_s, test_server_psk_cb);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntNE(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
     ExpectIntEQ(h.last_tx.code, handshake_failure);
@@ -80593,6 +61952,90 @@ static int test_extra_alerts_bad_psk(void)
 }
 #endif
 
+#if defined(OPENSSL_EXTRA) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
+/*
+ * Emulates wolfSSL_shutdown that goes on EAGAIN,
+ * by returning on output WOLFSSL_ERROR_WANT_WRITE.*/
+static int custom_wolfSSL_shutdown(WOLFSSL *ssl, char *buf,
+        int sz, void *ctx)
+{
+    (void)ssl;
+    (void)buf;
+    (void)ctx;
+    (void)sz;
+
+    return WOLFSSL_CBIO_ERR_WANT_WRITE;
+}
+
+static int test_multiple_alerts_EAGAIN(void)
+{
+    EXPECT_DECLS;
+    size_t size_of_last_packet = 0;
+
+    /* declare wolfSSL objects */
+    struct test_memio_ctx test_ctx;
+    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    /* Create and initialize WOLFSSL_CTX and WOLFSSL objects */
+#ifdef USE_TLSV13
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+          wolfTLSv1_3_client_method,  wolfTLSv1_3_server_method), 0);
+#else
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+         wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
+#endif
+    ExpectNotNull(ctx_c);
+    ExpectNotNull(ssl_c);
+    ExpectNotNull(ctx_s);
+    ExpectNotNull(ssl_s);
+
+    /* Load client certificates into WOLFSSL_CTX */
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_c, "./certs/ca-cert.pem", NULL), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+    /*
+     * We set the custom callback for the IO to emulate multiple EAGAINs
+     * on shutdown, so we can check that we don't send multiple packets.
+     * */
+    wolfSSL_SSLSetIOSend(ssl_c, custom_wolfSSL_shutdown);
+
+    /*
+     * We call wolfSSL_shutdown multiple times to reproduce the behaviour,
+     * to check that it doesn't add the CLOSE_NOTIFY packet multiple times
+     * on the output buffer.
+     * */
+    wolfSSL_shutdown(ssl_c);
+    wolfSSL_shutdown(ssl_c);
+
+    if (ssl_c != NULL) {
+        size_of_last_packet = ssl_c->buffers.outputBuffer.length;
+    }
+    wolfSSL_shutdown(ssl_c);
+
+    /*
+     * Finally we check the length of the output buffer.
+     * */
+    ExpectIntEQ((ssl_c->buffers.outputBuffer.length - size_of_last_packet), 0);
+
+    /* Cleanup and return */
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_s);
+    wolfSSL_free(ssl_s);
+
+    return EXPECT_RESULT();
+}
+#else
+static int test_multiple_alerts_EAGAIN(void)
+{
+    return TEST_SKIPPED;
+}
+#endif
+
 #if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
     && !defined(NO_PSK)
 static unsigned int test_tls13_bad_psk_binder_client_cb(WOLFSSL* ssl,
@@ -80642,16 +62085,16 @@ static int test_tls13_bad_psk_binder(void)
     wolfSSL_set_psk_server_callback(ssl_s, test_tls13_bad_psk_binder_server_cb);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ( wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
-        BAD_BINDER);
+    ExpectIntEQ( wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(BAD_BINDER));
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
-        FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(FATAL_ERROR));
     ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
     ExpectIntEQ(h.last_rx.code, illegal_parameter);
     ExpectIntEQ(h.last_rx.level, alert_fatal);
@@ -80721,10 +62164,10 @@ static int test_harden_no_secure_renegotiation(void)
     test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs);
 
     ExpectIntEQ(client_cbs.return_code, TEST_FAIL);
-    ExpectIntEQ(client_cbs.last_err, SECURE_RENEGOTIATION_E);
+    ExpectIntEQ(client_cbs.last_err, WC_NO_ERR_TRACE(SECURE_RENEGOTIATION_E));
     ExpectIntEQ(server_cbs.return_code, TEST_FAIL);
-    ExpectTrue(server_cbs.last_err == SOCKET_ERROR_E ||
-               server_cbs.last_err == FATAL_ERROR);
+    ExpectTrue(server_cbs.last_err == WC_NO_ERR_TRACE(SOCKET_ERROR_E) ||
+               server_cbs.last_err == WC_NO_ERR_TRACE(FATAL_ERROR));
 
     return EXPECT_RESULT();
 }
@@ -80742,13 +62185,13 @@ static int test_override_alt_cert_chain_cert_cb(int preverify,
     fprintf(stderr, "preverify: %d\n", preverify);
     fprintf(stderr, "store->error: %d\n", store->error);
     fprintf(stderr, "error reason: %s\n", wolfSSL_ERR_reason_error_string(store->error));
-    if (store->error == OCSP_INVALID_STATUS) {
+    if (store->error == WC_NO_ERR_TRACE(OCSP_INVALID_STATUS)) {
         fprintf(stderr, "Overriding OCSP error\n");
         return 1;
     }
 #ifndef WOLFSSL_ALT_CERT_CHAINS
-    else if ((store->error == ASN_NO_SIGNER_E ||
-              store->error == ASN_SELF_SIGNED_E
+    else if ((store->error == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) ||
+              store->error == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
     defined(HAVE_WEBSERVER)
             || store->error == WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
@@ -80772,7 +62215,7 @@ static int test_override_alt_cert_chain_ocsp_cb(void* ioCtx, const char* url,
     (void)request;
     (void)requestSz;
     (void)response;
-    return -1;
+    return WOLFSSL_CBIO_ERR_GENERAL;
 }
 
 static int test_override_alt_cert_chain_client_ctx_ready(WOLFSSL_CTX* ctx)
@@ -80822,7 +62265,7 @@ static int test_override_alt_cert_chain(void)
         {test_override_alt_cert_chain_client_ctx_ready,
                 test_override_alt_cert_chain_server_ctx_ready, TEST_SUCCESS},
         {test_override_alt_cert_chain_client_ctx_ready2,
-                test_override_alt_cert_chain_server_ctx_ready, TEST_FAIL},
+                test_override_alt_cert_chain_server_ctx_ready, -1001},
     };
 
     for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
@@ -80838,8 +62281,10 @@ static int test_override_alt_cert_chain(void)
         ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
             &server_cbs, NULL), params[i].result);
 
-        ExpectIntEQ(client_cbs.return_code, params[i].result);
-        ExpectIntEQ(server_cbs.return_code, params[i].result);
+        ExpectIntEQ(client_cbs.return_code,
+                    params[i].result <= 0 ? -1000 : TEST_SUCCESS);
+        ExpectIntEQ(server_cbs.return_code,
+                    params[i].result <= 0 ? -1000 : TEST_SUCCESS);
     }
 
     return EXPECT_RESULT();
@@ -80851,7 +62296,7 @@ static int test_override_alt_cert_chain(void)
 }
 #endif
 
-#if defined(HAVE_RPK)
+#if defined(HAVE_RPK) && !defined(NO_TLS)
 
 #define svrRpkCertFile     "./certs/rpk/server-cert-rpk.der"
 #define clntRpkCertFile    "./certs/rpk/client-cert-rpk.der"
@@ -80958,12 +62403,12 @@ static WC_INLINE int test_rpk_memio_setup(
 
     return 0;
 }
-#endif /* HAVE_RPK */
+#endif /* HAVE_RPK && !NO_TLS */
 
 static int test_rpk_set_xxx_cert_type(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_RPK)
+#if defined(HAVE_RPK) && !defined(NO_TLS)
 
     char ctype[MAX_CLIENT_CERT_TYPE_CNT + 1];   /* prepare bigger buffer */
     WOLFSSL_CTX* ctx = NULL;
@@ -80983,25 +62428,25 @@ static int test_rpk_set_xxx_cert_type(void)
     /* illegal parameter test caces */
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(NULL, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
                                                 sizeof(ctype)),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;  /* set an identical cert type */
     ctype[1] = WOLFSSL_CERT_TYPE_RPK;
 
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_X509;
     ctype[1] = 10;                      /* set unknown cert type */
 
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* pass larger type count */
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;
     ctype[1] = WOLFSSL_CERT_TYPE_X509;
@@ -81009,7 +62454,7 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT + 1),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* should accept NULL for type buffer */
     ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, NULL,
@@ -81031,25 +62476,25 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(NULL, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
                                                 sizeof(ctype)),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;  /* set an identical cert type */
     ctype[1] = WOLFSSL_CERT_TYPE_RPK;
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_X509;
     ctype[1] = 10;                      /* set unknown cert type */
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* pass larger type count */
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;
     ctype[1] = WOLFSSL_CERT_TYPE_X509;
@@ -81057,7 +62502,7 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT + 1),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* should accept NULL for type buffer */
     ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, NULL,
@@ -81079,25 +62524,25 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(NULL, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
                                                 sizeof(ctype)),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;  /* set an identical cert type */
     ctype[1] = WOLFSSL_CERT_TYPE_RPK;
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_X509;
     ctype[1] = 10;                      /* set unknown cert type */
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* pass larger type count */
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;
     ctype[1] = WOLFSSL_CERT_TYPE_X509;
@@ -81105,7 +62550,7 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
                                                 MAX_CLIENT_CERT_TYPE_CNT + 1),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* should accept NULL for type buffer */
     ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, NULL,
@@ -81127,25 +62572,25 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(NULL, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
                                                 sizeof(ctype)),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;  /* set an identical cert type */
     ctype[1] = WOLFSSL_CERT_TYPE_RPK;
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ctype[0] = WOLFSSL_CERT_TYPE_X509;
     ctype[1] = 10;                      /* set unknown cert type */
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     /* pass larger type count */
     ctype[0] = WOLFSSL_CERT_TYPE_RPK;
     ctype[1] = WOLFSSL_CERT_TYPE_X509;
@@ -81153,7 +62598,7 @@ static int test_rpk_set_xxx_cert_type(void)
 
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
                                                 MAX_SERVER_CERT_TYPE_CNT + 1),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     /* should accept NULL for type buffer */
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, NULL,
@@ -81174,16 +62619,16 @@ static int test_rpk_set_xxx_cert_type(void)
     /*------------------------------------------------*/
 
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(NULL, &tp),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl, NULL),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(NULL, &tp),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl, NULL),
-                                                BAD_FUNC_ARG);
+                                                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
 
     /* clean up */
@@ -81251,8 +62696,7 @@ static int test_tls13_rpk_handshake(void)
      *  expecting default settings works and no negotiation performed.
      */
 
-    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
-        return TEST_FAIL;
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
 
     /* confirm no negotiation occurred */
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
@@ -81309,8 +62753,7 @@ static int test_tls13_rpk_handshake(void)
      *  expecting default settings works and no negotiation performed.
      */
 
-    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
-        return TEST_FAIL;
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
 
     /* confirm no negotiation occurred */
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
@@ -81379,8 +62822,7 @@ static int test_tls13_rpk_handshake(void)
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
                                                         WOLFSSL_SUCCESS);
 
-    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
-        return TEST_FAIL;
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
 
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
                                                         WOLFSSL_SUCCESS);
@@ -81687,7 +63129,7 @@ static int test_tls13_rpk_handshake(void)
     if (ret != -1)
         return TEST_FAIL;
 
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, ret), UNSUPPORTED_CERTIFICATE);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, ret), WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE));
 
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
                                                         WOLFSSL_SUCCESS);
@@ -81769,7 +63211,7 @@ static int test_tls13_rpk_handshake(void)
     /* expect server detect cert type mismatch then send Alert */
     ExpectIntNE(ret, 0);
     err = wolfSSL_get_error(ssl_c, ret);
-    ExpectIntEQ(err, UNSUPPORTED_CERTIFICATE);
+    ExpectIntEQ(err, WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE));
 
     /* client did not load RPK cert actually, so negotiation did not happen */
     ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
@@ -81902,7 +63344,7 @@ static int test_dtls13_bad_epoch_ch(void)
     ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
 
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntGE(test_ctx.s_len, EPOCH_OFF + 2);
@@ -81915,7 +63357,7 @@ static int test_dtls13_bad_epoch_ch(void)
     test_ctx.s_buff[EPOCH_OFF + 1] = 0x2;
 
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     ExpectIntNE(ssl_s->msgsReceived.got_client_hello, 1);
@@ -81939,13 +63381,19 @@ static int test_dtls13_bad_epoch_ch(void)
 }
 #endif
 
-#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
+#if ((defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
+      defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TICKET_HAVE_ID) && \
+      !defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)) || \
+     (!defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \
+      !defined(NO_DES3))) || !defined(WOLFSSL_NO_TLS12)) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
+    defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
 static int test_short_session_id_ssl_ready(WOLFSSL* ssl)
 {
     EXPECT_DECLS;
     WOLFSSL_SESSION *sess = NULL;
     /* Setup the session to avoid errors */
-    ssl->session->timeout = -1;
+    ssl->session->timeout = (word32)-1;
     ssl->session->side = WOLFSSL_CLIENT_END;
 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
                                defined(HAVE_SESSION_TICKET))
@@ -82013,7 +63461,6 @@ static int test_short_session_id(void)
         ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
             &server_cbf, NULL), TEST_SUCCESS);
     }
-
     return EXPECT_RESULT();
 }
 #else
@@ -82070,9 +63517,14 @@ static int test_wolfSSL_dtls13_null_cipher(void)
         *ptr = 'H';
         /* bad messages should be ignored in DTLS */
         ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), -1);
-        ExpectIntEQ(ssl_s->error, WANT_READ);
+        ExpectIntEQ(ssl_s->error, WC_NO_ERR_TRACE(WANT_READ));
     }
 
+    ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
+    ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
+
     wolfSSL_free(ssl_c);
     wolfSSL_free(ssl_s);
     wolfSSL_CTX_free(ctx_c);
@@ -82187,7 +63639,8 @@ static int test_dtls_msg_from_other_peer(void)
         *  !defined(SINGLE_THREADED) && !defined(NO_RSA) */
 #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_IPV6) &&               \
     !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) &&   \
-    defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
+    defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) \
+    && !defined(USE_WINDOWS_API)
 static int test_dtls_ipv6_check(void)
 {
     EXPECT_DECLS;
@@ -82219,7 +63672,7 @@ static int test_dtls_ipv6_check(void)
     ExpectIntNE(fcntl(sockfd, F_SETFL, O_NONBLOCK), -1);
     wolfSSL_dtls_set_using_nonblock(ssl_c, 1);
     ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(ssl_c->error, SOCKET_ERROR_E);
+    ExpectIntEQ(ssl_c->error, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
 
     ExpectIntEQ(wolfSSL_dtls_set_peer(ssl_s, &fake_addr6, sizeof(fake_addr6)),
         WOLFSSL_SUCCESS);
@@ -82227,7 +63680,7 @@ static int test_dtls_ipv6_check(void)
     ExpectIntEQ(wolfSSL_set_fd(ssl_c, sockfd), WOLFSSL_SUCCESS);
     wolfSSL_dtls_set_using_nonblock(ssl_s, 1);
     ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ(ssl_s->error, SOCKET_ERROR_E);
+    ExpectIntEQ(ssl_s->error, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
     if (sockfd != -1)
         close(sockfd);
 
@@ -82442,7 +63895,7 @@ static int test_tls_alert_no_server_hello(void)
     test_ctx.c_len = sizeof(alert_msg);
 
     ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(FATAL_ERROR));
 
     wolfSSL_free(ssl_c);
     wolfSSL_CTX_free(ctx_c);
@@ -82456,7 +63909,8 @@ static int test_TLSX_CA_NAMES_bad_extension(void)
 #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
     !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) && \
     defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA384) && \
-    defined(HAVE_NULL_CIPHER)
+    defined(HAVE_NULL_CIPHER) && defined(HAVE_CHACHA) && \
+    defined(HAVE_POLY1305)
     /* This test should only fail (with BUFFER_ERROR) when we actually try to
      * parse the CA Names extension. Otherwise it will return other non-related
      * errors. If CA Names will be parsed in more configurations, that should
@@ -82520,9 +63974,9 @@ static int test_TLSX_CA_NAMES_bad_extension(void)
 
         ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
 #ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
-        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), OUT_OF_ORDER_E);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(OUT_OF_ORDER_E));
 #else
-        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), BUFFER_ERROR);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(BUFFER_ERROR));
 #endif
 
         wolfSSL_free(ssl_c);
@@ -82672,8 +64126,8 @@ static int test_session_ticket_hs_update(void)
     wolfSSL_SetLoggingPrefix("client");
     /* Read the ticket msg */
     ExpectIntEQ(wolfSSL_read(ssl_c, read_data, sizeof(read_data)),
-            WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     wolfSSL_SetLoggingPrefix(NULL);
 
@@ -82688,13 +64142,13 @@ static int test_session_ticket_hs_update(void)
 
     wolfSSL_SetLoggingPrefix("client");
     /* Exchange initial flights for the second connection */
-    ExpectIntEQ(wolfSSL_connect(ssl_c2), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c2, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_connect(ssl_c2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_c2, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     wolfSSL_SetLoggingPrefix(NULL);
     wolfSSL_SetLoggingPrefix("server");
-    ExpectIntEQ(wolfSSL_accept(ssl_s2), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s2, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_accept(ssl_s2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_s2, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     wolfSSL_SetLoggingPrefix(NULL);
 
@@ -82703,8 +64157,8 @@ static int test_session_ticket_hs_update(void)
     /* Read the ticket msg */
     wolfSSL_SetLoggingPrefix("client");
     ExpectIntEQ(wolfSSL_read(ssl_c3, read_data, sizeof(read_data)),
-            WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c3, WOLFSSL_FATAL_ERROR),
+            WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_c3, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
     wolfSSL_SetLoggingPrefix(NULL);
 
@@ -82746,8 +64200,8 @@ static void test_dtls_downgrade_scr_server_on_result(WOLFSSL* ssl)
     char testMsg[] = "Message after SCR";
     char msgBuf[sizeof(testMsg)];
     if (wolfSSL_is_server(ssl)) {
-        AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_FATAL_ERROR);
-        AssertIntEQ(wolfSSL_get_error(ssl, -1), APP_DATA_READY);
+        AssertIntEQ(wolfSSL_Rehandshake(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+        AssertIntEQ(wolfSSL_get_error(ssl, -1), WC_NO_ERR_TRACE(APP_DATA_READY));
         AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf));
         AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_SUCCESS);
         AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)),
@@ -82806,8 +64260,8 @@ static void test_dtls_downgrade_scr_on_result(WOLFSSL* ssl)
     char testMsg[] = "Message after SCR";
     char msgBuf[sizeof(testMsg)];
     if (wolfSSL_is_server(ssl)) {
-        AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_FATAL_ERROR);
-        AssertIntEQ(wolfSSL_get_error(ssl, -1), APP_DATA_READY);
+        AssertIntEQ(wolfSSL_Rehandshake(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+        AssertIntEQ(wolfSSL_get_error(ssl, -1), WC_NO_ERR_TRACE(APP_DATA_READY));
         AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf));
         AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_SUCCESS);
         AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)),
@@ -82916,9 +64370,11 @@ static int test_dtls_client_hello_timeout_downgrade(void)
             /* Drop the SH */
             dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff);
             len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
-            XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
+            if (EXPECT_SUCCESS()) {
+                XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
                     sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len -
                    (sizeof(DtlsRecordLayerHeader) + len));
+            }
             test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len;
             /* Read the remainder of the flight */
             ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
@@ -82947,9 +64403,11 @@ static int test_dtls_client_hello_timeout_downgrade(void)
             /* Drop the SH */
             dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff);
             len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
-            XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
+            if (EXPECT_SUCCESS()) {
+                XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
                     sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len -
                    (sizeof(DtlsRecordLayerHeader) + len));
+            }
             test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len;
             /* Read the remainder of the flight */
             ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
@@ -83265,12 +64723,12 @@ static int test_certreq_sighash_algos(void)
     ExpectIntEQ(wolfSSL_use_certificate_file(ssl_s, "./certs/server-ecc.pem",
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
 
-    ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_connect(ssl_c), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
-    ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_FATAL_ERROR);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+    ExpectIntEQ(wolfSSL_accept(ssl_s), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
         WOLFSSL_ERROR_WANT_READ);
 
     /* Find the CertificateRequest message */
@@ -83323,7 +64781,7 @@ static int test_revoked_loaded_int_cert_ctx_ready1(WOLFSSL_CTX* ctx)
 {
     EXPECT_DECLS;
     wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
             "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
@@ -83343,7 +64801,7 @@ static int test_revoked_loaded_int_cert_ctx_ready2(WOLFSSL_CTX* ctx)
 {
     EXPECT_DECLS;
     wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
             "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
@@ -83363,6 +64821,40 @@ static int test_revoked_loaded_int_cert_ctx_ready2(WOLFSSL_CTX* ctx)
             WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
     return EXPECT_RESULT();
 }
+
+static int test_revoked_loaded_int_cert_ctx_ready3_crl_missing_cb(int ret,
+        WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm, void* ctx)
+{
+    (void)crl;
+    (void)cm;
+    (void)ctx;
+    if (ret == WC_NO_ERR_TRACE(CRL_MISSING))
+        return 1;
+    return 0;
+}
+
+/* Here we are allowing missing CRL's but want to error out when its revoked */
+static int test_revoked_loaded_int_cert_ctx_ready3(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
+    myVerifyAction = VERIFY_USE_PREVERIFY;
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/intermediate/ca-int-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
+            "./certs/intermediate/ca-int2-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL),
+            WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
+            "./certs/crl/extra-crls/ca-int-cert-revoked.pem",
+            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_SetCRL_ErrorCb(ctx,
+            test_revoked_loaded_int_cert_ctx_ready3_crl_missing_cb, NULL),
+            WOLFSSL_SUCCESS);
+    return EXPECT_RESULT();
+}
 #endif
 
 static int test_revoked_loaded_int_cert(void)
@@ -83384,6 +64876,8 @@ static int test_revoked_loaded_int_cert(void)
             "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready2},
         {"./certs/intermediate/server-chain-short.pem",
             "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready2},
+        {"./certs/intermediate/server-chain-short.pem",
+            "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready3},
     };
     size_t i;
 
@@ -83401,9 +64895,9 @@ static int test_revoked_loaded_int_cert(void)
         client_cbf.ctx_ready = test_params[i].client_ctx_ready;
 
         ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
-            &server_cbf, NULL), TEST_FAIL);
-        ExpectIntEQ(client_cbf.last_err, CRL_CERT_REVOKED);
-        ExpectIntEQ(server_cbf.last_err, FATAL_ERROR);
+            &server_cbf, NULL), -1001);
+        ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
+        ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR));
 
         if (!EXPECT_SUCCESS())
             break;
@@ -83426,7 +64920,11 @@ static int test_dtls13_frag_ch_pq(void)
     const char *test_str = "test";
     int test_str_size;
     byte buf[255];
+#ifdef WOLFSSL_MLKEM_KYBER
     int group = WOLFSSL_KYBER_LEVEL5;
+#else
+    int group = WOLFSSL_ML_KEM_1024;
+#endif
 
     XMEMSET(&test_ctx, 0, sizeof(test_ctx));
     ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
@@ -83436,8 +64934,13 @@ static int test_dtls13_frag_ch_pq(void)
     ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, group), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS);
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+#ifdef WOLFSSL_MLKEM_KYBER
     ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "KYBER_LEVEL5");
     ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "KYBER_LEVEL5");
+#else
+    ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "ML_KEM_1024");
+    ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "ML_KEM_1024");
+#endif
     test_str_size = XSTRLEN("test") + 1;
     ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size);
     ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size);
@@ -83462,6 +64965,8 @@ static int test_dtls_frag_ch_count_records(byte* b, int len)
         records++;
         dtlsRH = (DtlsRecordLayerHeader*)b;
         recordLen = (dtlsRH->length[0] << 8) | dtlsRH->length[1];
+        if (recordLen > (size_t)len)
+            break;
         b += sizeof(DtlsRecordLayerHeader) + recordLen;
         len -= sizeof(DtlsRecordLayerHeader) + recordLen;
     }
@@ -83568,8 +65073,18 @@ static int test_dtls_frag_ch(void)
             WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_ECC_SECP521R1),
             WOLFSSL_SUCCESS);
+#ifdef HAVE_FFDHE_2048
     ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_FFDHE_2048),
             WOLFSSL_SUCCESS);
+#endif
+#ifdef HAVE_FFDHE_3072
+    ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_FFDHE_3072),
+            WOLFSSL_SUCCESS);
+#endif
+#ifdef HAVE_FFDHE_4096
+    ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_FFDHE_4096),
+            WOLFSSL_SUCCESS);
+#endif
 
     ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS);
 
@@ -83590,6 +65105,21 @@ static int test_dtls_frag_ch(void)
     /* Expect quietly dropping fragmented first CH */
     ExpectIntEQ(test_ctx.c_len, 0);
 
+#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
+    /* Disable ECH as it pushes it over our MTU */
+    wolfSSL_SetEchEnable(ssl_c, 0);
+#endif
+
+    /* Limit options to make the CH a fixed length */
+    /* See wolfSSL_parse_cipher_list for reason why we provide 1.3 AND 1.2
+     * ciphersuite. This is only necessary when building with OPENSSL_EXTRA. */
+#ifdef OPENSSL_EXTRA
+    ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384"
+                                       ":DHE-RSA-AES256-GCM-SHA384"));
+#else
+    ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384"));
+#endif
+
     /* CH1 */
     ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
     ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
@@ -83688,7 +65218,8 @@ static int test_dtls_empty_keyshare_with_cookie(void)
 static int test_dtls_old_seq_number(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS)
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \
+    !defined(WOLFSSL_NO_TLS12)
     WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
     WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
     struct test_memio_ctx test_ctx;
@@ -83738,17 +65269,210 @@ static int test_dtls_old_seq_number(void)
     return EXPECT_RESULT();
 }
 
+static int test_dtls12_missing_finished(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \
+    !defined(WOLFSSL_NO_TLS12)
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    const char test_str[] = "test string";
+    char test_buf[sizeof(test_str)];
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
+
+    /* CH1 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* HVR */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* CH2 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server first flight */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Client second flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server second flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+    /* Let's clear the output */
+    test_ctx.c_len = 0;
+    /* Let's send some app data */
+    ExpectIntEQ(wolfSSL_write(ssl_s, test_str, sizeof(test_str)),
+                sizeof(test_str));
+    /* Client should not error out on a missing finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server rtx second flight with finished */
+    ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+    /* Client process rest of handshake */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+
+    /* Let's send some app data */
+    ExpectIntEQ(wolfSSL_write(ssl_s, test_str, sizeof(test_str)),
+                sizeof(test_str));
+    ExpectIntEQ(wolfSSL_read(ssl_c, test_buf, sizeof(test_buf)),
+                sizeof(test_str));
+    ExpectBufEQ(test_buf, test_str, sizeof(test_str));
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_dtls13_missing_finished_client(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    const char test_str[] = "test string";
+    char test_buf[sizeof(test_str)];
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
+
+    /* CH1 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* HRR */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* CH2 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server first flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Let's clear the output */
+    test_ctx.c_len = 0;
+    /* Let's send some app data */
+    ExpectIntEQ(wolfSSL_write(ssl_s, test_str, sizeof(test_str)),
+                sizeof(test_str));
+    /* Client second flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server should not error out on a missing finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Client rtx second flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+    /* Client */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+    /* Let's send some app data */
+    ExpectIntEQ(wolfSSL_write(ssl_s, test_str, sizeof(test_str)),
+                sizeof(test_str));
+    ExpectIntEQ(wolfSSL_read(ssl_c, test_buf, sizeof(test_buf)),
+                sizeof(test_str));
+    ExpectBufEQ(test_buf, test_str, sizeof(test_str));
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_dtls13_missing_finished_server(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    const char test_str[] = "test string";
+    char test_buf[sizeof(test_str)];
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
+
+    /* CH1 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* HRR */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* CH2 */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server first flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Client second flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Let's clear the output */
+    test_ctx.s_len = 0;
+    /* We should signal that the handshake is done */
+    ExpectTrue(wolfSSL_is_init_finished(ssl_c));
+    /* Let's send some app data */
+    ExpectIntEQ(wolfSSL_write(ssl_c, test_str, sizeof(test_str)),
+                sizeof(test_str));
+    /* Server should not error out on a missing finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Client rtx second flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    /* Server first flight with finished */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+    /* Let's send some app data */
+    ExpectIntEQ(wolfSSL_write(ssl_c, test_str, sizeof(test_str)),
+                sizeof(test_str));
+    ExpectIntEQ(wolfSSL_read(ssl_s, test_buf, sizeof(test_buf)),
+                sizeof(test_str));
+    ExpectBufEQ(test_buf, test_str, sizeof(test_str));
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
 #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
     defined(HAVE_LIBOQS)
 static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx)
 {
+#ifdef WOLFSSL_MLKEM_KYBER
     int group = WOLFSSL_KYBER_LEVEL5;
+#else
+    int group = WOLFSSL_ML_KEM_1024;
+#endif
     AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS);
 }
 
 static void test_tls13_pq_groups_on_result(WOLFSSL* ssl)
 {
+#ifdef WOLFSSL_MLKEM_KYBER
     AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5");
+#else
+    AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024");
+#endif
 }
 #endif
 
@@ -83835,9 +65559,11 @@ static int test_tls13_early_data(void)
             XMEMSET(&test_ctx, 0, sizeof(test_ctx));
             ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
                     params[i].client_meth, params[i].server_meth), 0);
+            wolfSSL_SetLoggingPrefix("client");
             ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
 #ifdef WOLFSSL_DTLS13
             if (params[i].isUdp) {
+                wolfSSL_SetLoggingPrefix("server");
 #ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME
                 ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1), WOLFSSL_SUCCESS);
 #else
@@ -83849,6 +65575,7 @@ static int test_tls13_early_data(void)
 #endif
 
             /* Test 0-RTT data */
+            wolfSSL_SetLoggingPrefix("client");
             ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
                     &written), sizeof(msg));
             ExpectIntEQ(written, sizeof(msg));
@@ -83860,6 +65587,7 @@ static int test_tls13_early_data(void)
             }
 
             /* Read first 0-RTT data (if split otherwise entire data) */
+            wolfSSL_SetLoggingPrefix("server");
             ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
                     &read), sizeof(msg));
             ExpectIntEQ(read, sizeof(msg));
@@ -83877,8 +65605,9 @@ static int test_tls13_early_data(void)
             }
 
             if (params[i].isUdp) {
+                wolfSSL_SetLoggingPrefix("client");
                 ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
-                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(APP_DATA_READY));
 
                 /* Read server 0.5-RTT data */
                 ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
@@ -83893,17 +65622,21 @@ static int test_tls13_early_data(void)
                  * handshake status to us with non-blocking IO and we can't use
                  * wolfSSL_accept as TLS layer may return ZERO_RETURN due to early data
                  * parsing logic. */
+                wolfSSL_SetLoggingPrefix("server");
                 ExpectFalse(wolfSSL_is_init_finished(ssl_s));
                 ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
                         &read), 0);
                 ExpectIntEQ(read, 0);
                 ExpectTrue(wolfSSL_is_init_finished(ssl_s));
 
+                wolfSSL_SetLoggingPrefix("client");
                 ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
             }
             else {
+                wolfSSL_SetLoggingPrefix("client");
                 ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
 
+                wolfSSL_SetLoggingPrefix("server");
                 ExpectFalse(wolfSSL_is_init_finished(ssl_s));
                 ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
                         &read), 0);
@@ -83911,18 +65644,23 @@ static int test_tls13_early_data(void)
                 ExpectTrue(wolfSSL_is_init_finished(ssl_s));
 
                 /* Read server 0.5-RTT data */
+                wolfSSL_SetLoggingPrefix("client");
                 ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
                 ExpectStrEQ(msg4, msgBuf);
             }
 
             /* Test bi-directional write */
+            wolfSSL_SetLoggingPrefix("client");
             ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
+            wolfSSL_SetLoggingPrefix("server");
             ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), sizeof(msg2));
             ExpectStrEQ(msg2, msgBuf);
             ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3));
+            wolfSSL_SetLoggingPrefix("client");
             ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg3));
             ExpectStrEQ(msg3, msgBuf);
 
+            wolfSSL_SetLoggingPrefix(NULL);
             ExpectTrue(wolfSSL_session_reused(ssl_c));
             ExpectTrue(wolfSSL_session_reused(ssl_s));
 
@@ -84073,7 +65811,7 @@ static int test_tls_multi_handshakes_one_record(void)
     }
     rh = (RecordLayerHeader*)(test_ctx.c_buff);
     len = &rh->length[0];
-    c16toa(newRecIdx - RECORD_HEADER_SZ, len);
+    c16toa((word16)newRecIdx - RECORD_HEADER_SZ, len);
     test_ctx.c_len = newRecIdx;
 
     ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
@@ -84197,7 +65935,7 @@ static int test_write_dup(void)
 
             ExpectNotNull(ssl_c2 = wolfSSL_write_dup(ssl_c));
             ExpectIntEQ(wolfSSL_write(ssl_c, hiWorld, sizeof(hiWorld)),
-                    WRITE_DUP_WRITE_E);
+                    WC_NO_ERR_TRACE(WRITE_DUP_WRITE_E));
             ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)),
                     sizeof(hiWorld));
 
@@ -84207,7 +65945,7 @@ static int test_write_dup(void)
                     sizeof(hiWorld));
 
             ExpectIntEQ(wolfSSL_read(ssl_c2, readData, sizeof(readData)),
-                    WRITE_DUP_READ_E);
+                    WC_NO_ERR_TRACE(WRITE_DUP_READ_E));
             ExpectIntEQ(wolfSSL_read(ssl_c, readData, sizeof(readData)),
                     sizeof(hiWorld));
 
@@ -84450,6 +66188,11 @@ static int test_get_signature_nid(void)
         TGSN_TLS13_ED448("ED448", NID_ED448, NID_sha512),
 #endif
     };
+    /* These correspond to WOLFSSL_SSLV3...WOLFSSL_DTLSV1_3 */
+    const char* tls_desc[] = {
+        "SSLv3", "TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3",
+        "DTLSv1.0", "DTLSv1.2", "DTLSv1.3"
+    };
 
     printf("\n");
 
@@ -84734,7 +66477,7 @@ static int test_ocsp_callback_fails_cb(void* ctx, const char* url, int urlSz,
     (void)ocspReqBuf;
     (void)ocspReqSz;
     (void)ocspRespBuf;
-    return -1;
+    return WOLFSSL_CBIO_ERR_GENERAL;
 }
 static int test_ocsp_callback_fails(void)
 {
@@ -84757,7 +66500,7 @@ static int test_ocsp_callback_fails(void)
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_s, caCertFile, 0), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_SetOCSP_Cb(ssl_s, test_ocsp_callback_fails_cb, NULL, NULL), WOLFSSL_SUCCESS);
     ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), -1);
-    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), OCSP_INVALID_STATUS);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WC_NO_ERR_TRACE(OCSP_INVALID_STATUS));
 
     wolfSSL_free(ssl_c);
     wolfSSL_free(ssl_s);
@@ -84775,22 +66518,140 @@ static int test_ocsp_callback_fails(void)
     defined(HAVE_OCSP) && \
     defined(HAVE_CERTIFICATE_STATUS_REQUEST) */
 
+#ifdef HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES
+static int test_wolfSSL_SSLDisableRead_recv(WOLFSSL *ssl, char *buf, int sz,
+                                             void *ctx)
+{
+    (void)ssl;
+    (void)buf;
+    (void)sz;
+    (void)ctx;
+    return WOLFSSL_CBIO_ERR_GENERAL;
+}
+
+static int test_wolfSSL_SSLDisableRead(void)
+{
+    EXPECT_DECLS;
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL *ssl_c = NULL;
+    struct test_memio_ctx test_ctx;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL,
+            wolfTLS_client_method, NULL), 0);
+    wolfSSL_SSLSetIORecv(ssl_c, test_wolfSSL_SSLDisableRead_recv);
+    wolfSSL_SSLDisableRead(ssl_c);
+
+    /* Disabling reading should not even go into the IO layer */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+    wolfSSL_SSLEnableRead(ssl_c);
+    /* By enabling reading we should reach the IO that will return an error */
+    ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SOCKET_ERROR_E);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    return EXPECT_RESULT();
+}
+#else
+static int test_wolfSSL_SSLDisableRead(void)
+{
+    EXPECT_DECLS;
+    return EXPECT_RESULT();
+}
+#endif
+
+static int test_wolfSSL_inject(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
+    size_t i;
+    struct {
+        method_provider client_meth;
+        method_provider server_meth;
+        const char* tls_version;
+    } params[] = {
+#if defined(WOLFSSL_TLS13)
+/* With WOLFSSL_TLS13_MIDDLEBOX_COMPAT a short ID will result in an error */
+        { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3" },
+#ifdef WOLFSSL_DTLS13
+        { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" },
+#endif
+#endif
+#ifndef WOLFSSL_NO_TLS12
+        { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2" },
+#ifdef WOLFSSL_DTLS
+        { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" },
+#endif
+#endif
+#if !defined(NO_OLD_TLS)
+        { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLSv1_1" },
+#ifdef WOLFSSL_DTLS
+        { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" },
+#endif
+#endif
+    };
+
+    for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) {
+        WOLFSSL_CTX *ctx_c = NULL;
+        WOLFSSL_CTX *ctx_s = NULL;
+        WOLFSSL *ssl_c = NULL;
+        WOLFSSL *ssl_s = NULL;
+        struct test_memio_ctx test_ctx;
+        WOLFSSL_ALERT_HISTORY h;
+        int rounds;
+
+        printf("Testing %s\n", params[i].tls_version);
+
+        XMEMSET(&h, 0, sizeof(h));
+        XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+        ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+                params[i].client_meth, params[i].server_meth), 0);
+
+        for (rounds = 0; rounds < 10 && EXPECT_SUCCESS(); rounds++) {
+            wolfSSL_SetLoggingPrefix("client");
+            if (wolfSSL_negotiate(ssl_c) != 1) {
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1),
+                        WOLFSSL_ERROR_WANT_READ);
+            }
+            wolfSSL_SetLoggingPrefix("server");
+            if (test_ctx.s_len > 0) {
+                ExpectIntEQ(wolfSSL_inject(ssl_s, test_ctx.s_buff,
+                                           test_ctx.s_len), 1);
+                test_ctx.s_len = 0;
+            }
+            if (wolfSSL_negotiate(ssl_s) != 1) {
+                ExpectIntEQ(wolfSSL_get_error(ssl_s, -1),
+                        WOLFSSL_ERROR_WANT_READ);
+            }
+            wolfSSL_SetLoggingPrefix("client");
+            if (test_ctx.c_len > 0) {
+                ExpectIntEQ(wolfSSL_inject(ssl_c, test_ctx.c_buff,
+                                           test_ctx.c_len), 1);
+                test_ctx.c_len = 0;
+            }
+            wolfSSL_SetLoggingPrefix(NULL);
+        }
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+        ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+
+        wolfSSL_free(ssl_c);
+        wolfSSL_free(ssl_s);
+        wolfSSL_CTX_free(ctx_c);
+        wolfSSL_CTX_free(ctx_s);
+    }
+#endif
+    return EXPECT_RESULT();
+}
 
 /*----------------------------------------------------------------------------*
  | Main
  *----------------------------------------------------------------------------*/
 
-typedef int (*TEST_FUNC)(void);
-typedef struct {
-    const char *name;
-    TEST_FUNC func;
-    byte run:1;
-    byte fail:1;
-} TEST_CASE;
-
-#define TEST_DECL(func) { #func, func, 0, 0 }
-
 int testAll = 1;
+int stopOnFail = 0;
 
 TEST_CASE testCases[] = {
     TEST_DECL(test_fileAccess),
@@ -84804,358 +66665,108 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfCrypt_Init),
 
     TEST_DECL(test_wc_LoadStaticMemory_ex),
+    TEST_DECL(test_wc_LoadStaticMemory_CTX),
 
     /* Locking with Compat Mutex */
     TEST_DECL(test_wc_SetMutexCb),
     TEST_DECL(test_wc_LockMutex_ex),
 
     /* Digests */
-    TEST_DECL(test_wc_InitMd5),
-    TEST_DECL(test_wc_Md5Update),
-    TEST_DECL(test_wc_Md5Final),
-    TEST_DECL(test_wc_InitSha),
-    TEST_DECL(test_wc_ShaUpdate),
-    TEST_DECL(test_wc_ShaFinal),
-    TEST_DECL(test_wc_InitSha256),
-    TEST_DECL(test_wc_Sha256Update),
-    TEST_DECL(test_wc_Sha256Final),
-    TEST_DECL(test_wc_Sha256FinalRaw),
-    TEST_DECL(test_wc_Sha256GetFlags),
-    TEST_DECL(test_wc_Sha256Free),
-    TEST_DECL(test_wc_Sha256GetHash),
-    TEST_DECL(test_wc_Sha256Copy),
-
-    TEST_DECL(test_wc_InitSha224),
-    TEST_DECL(test_wc_Sha224Update),
-    TEST_DECL(test_wc_Sha224Final),
-    TEST_DECL(test_wc_Sha224SetFlags),
-    TEST_DECL(test_wc_Sha224GetFlags),
-    TEST_DECL(test_wc_Sha224Free),
-    TEST_DECL(test_wc_Sha224GetHash),
-    TEST_DECL(test_wc_Sha224Copy),
-
-    TEST_DECL(test_wc_InitSha512),
-    TEST_DECL(test_wc_Sha512Update),
-    TEST_DECL(test_wc_Sha512Final),
-    TEST_DECL(test_wc_Sha512GetFlags),
-    TEST_DECL(test_wc_Sha512FinalRaw),
-    TEST_DECL(test_wc_Sha512Free),
-    TEST_DECL(test_wc_Sha512GetHash),
-    TEST_DECL(test_wc_Sha512Copy),
-
-    TEST_DECL(test_wc_InitSha512_224),
-    TEST_DECL(test_wc_Sha512_224Update),
-    TEST_DECL(test_wc_Sha512_224Final),
-    TEST_DECL(test_wc_Sha512_224GetFlags),
-    TEST_DECL(test_wc_Sha512_224FinalRaw),
-    TEST_DECL(test_wc_Sha512_224Free),
-    TEST_DECL(test_wc_Sha512_224GetHash),
-    TEST_DECL(test_wc_Sha512_224Copy),
-    TEST_DECL(test_wc_InitSha512_256),
-    TEST_DECL(test_wc_Sha512_256Update),
-    TEST_DECL(test_wc_Sha512_256Final),
-    TEST_DECL(test_wc_Sha512_256GetFlags),
-    TEST_DECL(test_wc_Sha512_256FinalRaw),
-    TEST_DECL(test_wc_Sha512_256Free),
-    TEST_DECL(test_wc_Sha512_256GetHash),
-    TEST_DECL(test_wc_Sha512_256Copy),
-
-    TEST_DECL(test_wc_InitSha384),
-    TEST_DECL(test_wc_Sha384Update),
-    TEST_DECL(test_wc_Sha384Final),
-    TEST_DECL(test_wc_Sha384GetFlags),
-    TEST_DECL(test_wc_Sha384FinalRaw),
-    TEST_DECL(test_wc_Sha384Free),
-    TEST_DECL(test_wc_Sha384GetHash),
-    TEST_DECL(test_wc_Sha384Copy),
-
-    TEST_DECL(test_wc_InitBlake2b),
-    TEST_DECL(test_wc_InitBlake2b_WithKey),
-    TEST_DECL(test_wc_InitBlake2s_WithKey),
-    TEST_DECL(test_wc_InitRipeMd),
-    TEST_DECL(test_wc_RipeMdUpdate),
-    TEST_DECL(test_wc_RipeMdFinal),
-
-    TEST_DECL(test_wc_InitSha3),
-    TEST_DECL(testing_wc_Sha3_Update),
-    TEST_DECL(test_wc_Sha3_224_Final),
-    TEST_DECL(test_wc_Sha3_256_Final),
-    TEST_DECL(test_wc_Sha3_384_Final),
-    TEST_DECL(test_wc_Sha3_512_Final),
-    TEST_DECL(test_wc_Sha3_224_Copy),
-    TEST_DECL(test_wc_Sha3_256_Copy),
-    TEST_DECL(test_wc_Sha3_384_Copy),
-    TEST_DECL(test_wc_Sha3_512_Copy),
-    TEST_DECL(test_wc_Sha3_GetFlags),
-    TEST_DECL(test_wc_InitShake256),
-    TEST_DECL(testing_wc_Shake256_Update),
-    TEST_DECL(test_wc_Shake256_Final),
-    TEST_DECL(test_wc_Shake256_Copy),
-    TEST_DECL(test_wc_Shake256Hash),
-
-    /* SM3 Digest */
-    TEST_DECL(test_wc_InitSm3Free),
-    TEST_DECL(test_wc_Sm3UpdateFinal),
-    TEST_DECL(test_wc_Sm3GetHash),
-    TEST_DECL(test_wc_Sm3Copy),
-    TEST_DECL(test_wc_Sm3FinalRaw),
-    TEST_DECL(test_wc_Sm3GetSetFlags),
-    TEST_DECL(test_wc_Sm3Hash),
-
-    TEST_DECL(test_wc_HashInit),
-    TEST_DECL(test_wc_HashSetFlags),
-    TEST_DECL(test_wc_HashGetFlags),
+    /* test_md2.c */
+    TEST_MD2_DECLS,
+    /* test_md4.c */
+    TEST_MD4_DECLS,
+    /* test_md5.c */
+    TEST_MD5_DECLS,
+    /* test_sha.c */
+    TEST_SHA_DECLS,
+    /* test_sha256.c */
+    TEST_SHA256_DECLS,
+    TEST_SHA224_DECLS,
+    /* test_sha512.c */
+    TEST_SHA512_DECLS,
+    TEST_SHA512_224_DECLS,
+    TEST_SHA512_256_DECLS,
+    TEST_SHA384_DECLS,
+    /* test_sha3.c */
+    TEST_SHA3_DECLS,
+    TEST_SHAKE128_DECLS,
+    TEST_SHAKE256_DECLS,
+    /* test_blake.c */
+    TEST_BLAKE2B_DECLS,
+    TEST_BLAKE2S_DECLS,
+    /* test_sm3.c: SM3 Digest */
+    TEST_SM3_DECLS,
+    /* test_ripemd.c */
+    TEST_RIPEMD_DECLS,
+    /* test_hash.c */
+    TEST_HASH_DECLS,
 
     /* HMAC */
-    TEST_DECL(test_wc_Md5HmacSetKey),
-    TEST_DECL(test_wc_Md5HmacUpdate),
-    TEST_DECL(test_wc_Md5HmacFinal),
-    TEST_DECL(test_wc_ShaHmacSetKey),
-    TEST_DECL(test_wc_ShaHmacUpdate),
-    TEST_DECL(test_wc_ShaHmacFinal),
-    TEST_DECL(test_wc_Sha224HmacSetKey),
-    TEST_DECL(test_wc_Sha224HmacUpdate),
-    TEST_DECL(test_wc_Sha224HmacFinal),
-    TEST_DECL(test_wc_Sha256HmacSetKey),
-    TEST_DECL(test_wc_Sha256HmacUpdate),
-    TEST_DECL(test_wc_Sha256HmacFinal),
-    TEST_DECL(test_wc_Sha384HmacSetKey),
-    TEST_DECL(test_wc_Sha384HmacUpdate),
-    TEST_DECL(test_wc_Sha384HmacFinal),
-
+    TEST_HMAC_DECLS,
     /* CMAC */
-    TEST_DECL(test_wc_InitCmac),
-    TEST_DECL(test_wc_CmacUpdate),
-    TEST_DECL(test_wc_CmacFinal),
-    TEST_DECL(test_wc_AesCmacGenerate),
+    TEST_CMAC_DECLS,
 
     /* Cipher */
-    TEST_DECL(test_wc_AesGcmStream),
-
-    TEST_DECL(test_wc_Des3_SetIV),
-    TEST_DECL(test_wc_Des3_SetKey),
-    TEST_DECL(test_wc_Des3_CbcEncryptDecrypt),
-    TEST_DECL(test_wc_Des3_CbcEncryptDecryptWithKey),
-    TEST_DECL(test_wc_Des3_EcbEncrypt),
-
-    TEST_DECL(test_wc_Chacha_SetKey),
-    TEST_DECL(test_wc_Chacha_Process),
-    TEST_DECL(test_wc_ChaCha20Poly1305_aead),
-    TEST_DECL(test_wc_Poly1305SetKey),
-
-    TEST_DECL(test_wc_CamelliaSetKey),
-    TEST_DECL(test_wc_CamelliaSetIV),
-    TEST_DECL(test_wc_CamelliaEncryptDecryptDirect),
-    TEST_DECL(test_wc_CamelliaCbcEncryptDecrypt),
-
-    TEST_DECL(test_wc_Arc4SetKey),
-    TEST_DECL(test_wc_Arc4Process),
-
-    TEST_DECL(test_wc_Rc2SetKey),
-    TEST_DECL(test_wc_Rc2SetIV),
-    TEST_DECL(test_wc_Rc2EcbEncryptDecrypt),
-    TEST_DECL(test_wc_Rc2CbcEncryptDecrypt),
+    /* Triple-DES */
+    TEST_DES3_DECLS,
+    /* Chacha20 */
+    TEST_CHACHA_DECLS,
+    /* Poly1305 */
+    TEST_POLY1305_DECLS,
+    /* Chacha20-Poly1305 */
+    TEST_CHACHA20_POLY1305_DECLS,
+    /* Camellia */
+    TEST_CAMELLIA_DECLS,
+    /* ARC4 */
+    TEST_ARC4_DECLS,
+    /* RC2 */
+    TEST_RC2_DECLS,
 
     /* AES cipher and GMAC. */
-    TEST_DECL(test_wc_AesSetKey),
-    TEST_DECL(test_wc_AesSetIV),
-    TEST_DECL(test_wc_AesCbcEncryptDecrypt),
-    TEST_DECL(test_wc_AesCtrEncryptDecrypt),
-    TEST_DECL(test_wc_AesGcmSetKey),
-    TEST_DECL(test_wc_AesGcmEncryptDecrypt),
-    TEST_DECL(test_wc_AesGcmMixedEncDecLongIV),
-    TEST_DECL(test_wc_GmacSetKey),
-    TEST_DECL(test_wc_GmacUpdate),
-    TEST_DECL(test_wc_AesCcmSetKey),
-    TEST_DECL(test_wc_AesCcmEncryptDecrypt),
+    TEST_AES_DECLS,
 #if defined(WOLFSSL_AES_EAX) && \
     (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
-    TEST_DECL(test_wc_AesEaxVectors),
-    TEST_DECL(test_wc_AesEaxEncryptAuth),
-    TEST_DECL(test_wc_AesEaxDecryptAuth),
+    TEST_AES_EAX_DECLS,
 #endif /* WOLFSSL_AES_EAX */
-
+    TEST_GMAC_DECLS,
+    /* Ascon */
+    TEST_ASCON_DECLS,
     /* SM4 cipher */
-    TEST_DECL(test_wc_Sm4),
-    TEST_DECL(test_wc_Sm4Ecb),
-    TEST_DECL(test_wc_Sm4Cbc),
-    TEST_DECL(test_wc_Sm4Ctr),
-    TEST_DECL(test_wc_Sm4Gcm),
-    TEST_DECL(test_wc_Sm4Ccm),
+    TEST_SM4_DECLS,
+    /* wc_encrypt API */
+    TEST_WC_ENCRYPT_DECLS,
 
     /* RNG tests */
-#ifdef HAVE_HASHDRBG
-#ifdef TEST_RESEED_INTERVAL
-    TEST_DECL(test_wc_RNG_GenerateBlock_Reseed),
-#endif
-    TEST_DECL(test_wc_RNG_GenerateBlock),
-#endif
-    TEST_DECL(test_get_rand_digit),
-    TEST_DECL(test_wc_InitRngNonce),
-    TEST_DECL(test_wc_InitRngNonce_ex),
-
-    /* MP API tests */
-    TEST_DECL(test_get_digit_count),
-    TEST_DECL(test_mp_cond_copy),
-    TEST_DECL(test_mp_rand),
-    TEST_DECL(test_get_digit),
-    TEST_DECL(test_wc_export_int),
+    TEST_RANDOM_DECLS,
 
+    /* Public key */
+    /* wolfmath MP API tests */
+    TEST_WOLFMATH_DECLS,
     /* RSA */
-    TEST_DECL(test_wc_InitRsaKey),
-    TEST_DECL(test_wc_RsaPrivateKeyDecode),
-    TEST_DECL(test_wc_RsaPublicKeyDecode),
-    TEST_DECL(test_wc_RsaPublicKeyDecodeRaw),
-    TEST_DECL(test_wc_RsaPrivateKeyDecodeRaw),
-    TEST_DECL(test_wc_MakeRsaKey),
-    TEST_DECL(test_wc_CheckProbablePrime),
-    TEST_DECL(test_wc_RsaPSS_Verify),
-    TEST_DECL(test_wc_RsaPSS_VerifyCheck),
-    TEST_DECL(test_wc_RsaPSS_VerifyCheckInline),
-    TEST_DECL(test_wc_RsaKeyToDer),
-    TEST_DECL(test_wc_RsaKeyToPublicDer),
-    TEST_DECL(test_wc_RsaPublicEncryptDecrypt),
-    TEST_DECL(test_wc_RsaPublicEncryptDecrypt_ex),
-    TEST_DECL(test_wc_RsaEncryptSize),
-    TEST_DECL(test_wc_RsaSSL_SignVerify),
-    TEST_DECL(test_wc_RsaFlattenPublicKey),
-    TEST_DECL(test_RsaDecryptBoundsCheck),
-
+    TEST_RSA_DECLS,
     /* DSA */
-    TEST_DECL(test_wc_InitDsaKey),
-    TEST_DECL(test_wc_DsaSignVerify),
-    TEST_DECL(test_wc_DsaPublicPrivateKeyDecode),
-    TEST_DECL(test_wc_MakeDsaKey),
-    TEST_DECL(test_wc_DsaKeyToDer),
-    TEST_DECL(test_wc_DsaKeyToPublicDer),
-    TEST_DECL(test_wc_DsaImportParamsRaw),
-    TEST_DECL(test_wc_DsaImportParamsRawCheck),
-    TEST_DECL(test_wc_DsaExportParamsRaw),
-    TEST_DECL(test_wc_DsaExportKeyRaw),
-
+    TEST_DSA_DECLS,
     /* DH */
-    TEST_DECL(test_wc_DhPublicKeyDecode),
-
+    TEST_DH_DECLS,
     /* wolfCrypt ECC tests */
-    TEST_DECL(test_wc_ecc_get_curve_size_from_name),
-    TEST_DECL(test_wc_ecc_get_curve_id_from_name),
-    TEST_DECL(test_wc_ecc_get_curve_id_from_params),
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
-    !defined(HAVE_SELFTEST) && \
-    !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
-    TEST_DECL(test_wc_ecc_get_curve_id_from_dp_params),
-#endif
-    TEST_DECL(test_wc_ecc_make_key),
-    TEST_DECL(test_wc_ecc_init),
-    TEST_DECL(test_wc_ecc_check_key),
-    TEST_DECL(test_wc_ecc_get_generator),
-    TEST_DECL(test_wc_ecc_size),
-    TEST_DECL(test_wc_ecc_params),
-    TEST_DECL(test_wc_ecc_signVerify_hash),
-    TEST_DECL(test_wc_ecc_shared_secret),
-    TEST_DECL(test_wc_ecc_export_x963),
-    TEST_DECL(test_wc_ecc_export_x963_ex),
-    TEST_DECL(test_wc_ecc_import_x963),
-    TEST_DECL(test_wc_ecc_import_private_key),
-    TEST_DECL(test_wc_ecc_export_private_only),
-    TEST_DECL(test_wc_ecc_rs_to_sig),
-    TEST_DECL(test_wc_ecc_import_raw),
-    TEST_DECL(test_wc_ecc_import_unsigned),
-    TEST_DECL(test_wc_ecc_sig_size),
-    TEST_DECL(test_wc_ecc_ctx_new),
-    TEST_DECL(test_wc_ecc_ctx_reset),
-    TEST_DECL(test_wc_ecc_ctx_set_peer_salt),
-    TEST_DECL(test_wc_ecc_ctx_set_info),
-    TEST_DECL(test_wc_ecc_encryptDecrypt),
-    TEST_DECL(test_wc_ecc_del_point),
-    TEST_DECL(test_wc_ecc_pointFns),
-    TEST_DECL(test_wc_ecc_shared_secret_ssh),
-    TEST_DECL(test_wc_ecc_verify_hash_ex),
-    TEST_DECL(test_wc_ecc_mulmod),
-    TEST_DECL(test_wc_ecc_is_valid_idx),
-    TEST_DECL(test_wc_ecc_get_curve_id_from_oid),
-    TEST_DECL(test_wc_ecc_sig_size_calc),
-    TEST_DECL(test_wc_EccPrivateKeyToDer),
-
+    TEST_ECC_DECLS,
     /* SM2 elliptic curve */
-    TEST_DECL(test_wc_ecc_sm2_make_key),
-    TEST_DECL(test_wc_ecc_sm2_shared_secret),
-    TEST_DECL(test_wc_ecc_sm2_create_digest),
-    TEST_DECL(test_wc_ecc_sm2_verify_hash_ex),
-    TEST_DECL(test_wc_ecc_sm2_verify_hash),
-    TEST_DECL(test_wc_ecc_sm2_sign_hash_ex),
-    TEST_DECL(test_wc_ecc_sm2_sign_hash),
-
+    TEST_SM2_DECLS,
     /* Curve25519 */
-    TEST_DECL(test_wc_curve25519_init),
-    TEST_DECL(test_wc_curve25519_size),
-    TEST_DECL(test_wc_curve25519_export_key_raw),
-    TEST_DECL(test_wc_curve25519_export_key_raw_ex),
-    TEST_DECL(test_wc_curve25519_make_key),
-    TEST_DECL(test_wc_curve25519_shared_secret_ex),
-    TEST_DECL(test_wc_curve25519_make_pub),
-    TEST_DECL(test_wc_curve25519_export_public_ex),
-    TEST_DECL(test_wc_curve25519_export_private_raw_ex),
-    TEST_DECL(test_wc_curve25519_import_private_raw_ex),
-    TEST_DECL(test_wc_curve25519_import_private),
-
+    TEST_CURVE25519_DECLS,
     /* ED25519 */
-    TEST_DECL(test_wc_ed25519_make_key),
-    TEST_DECL(test_wc_ed25519_init),
-    TEST_DECL(test_wc_ed25519_sign_msg),
-    TEST_DECL(test_wc_ed25519_import_public),
-    TEST_DECL(test_wc_ed25519_import_private_key),
-    TEST_DECL(test_wc_ed25519_export),
-    TEST_DECL(test_wc_ed25519_size),
-    TEST_DECL(test_wc_ed25519_exportKey),
-    TEST_DECL(test_wc_Ed25519PublicKeyToDer),
-    TEST_DECL(test_wc_Ed25519KeyToDer),
-    TEST_DECL(test_wc_Ed25519PrivateKeyToDer),
-
+    TEST_ED25519_DECLS,
     /* Curve448 */
-    TEST_DECL(test_wc_curve448_make_key),
-    TEST_DECL(test_wc_curve448_shared_secret_ex),
-    TEST_DECL(test_wc_curve448_export_public_ex),
-    TEST_DECL(test_wc_curve448_export_private_raw_ex),
-    TEST_DECL(test_wc_curve448_export_key_raw),
-    TEST_DECL(test_wc_curve448_import_private_raw_ex),
-    TEST_DECL(test_wc_curve448_import_private),
-    TEST_DECL(test_wc_curve448_init),
-    TEST_DECL(test_wc_curve448_size),
-
+    TEST_CURVE448_DECLS,
     /* Ed448 */
-    TEST_DECL(test_wc_ed448_make_key),
-    TEST_DECL(test_wc_ed448_init),
-    TEST_DECL(test_wc_ed448_sign_msg),
-    TEST_DECL(test_wc_ed448_import_public),
-    TEST_DECL(test_wc_ed448_import_private_key),
-    TEST_DECL(test_wc_ed448_export),
-    TEST_DECL(test_wc_ed448_size),
-    TEST_DECL(test_wc_ed448_exportKey),
-    TEST_DECL(test_wc_Ed448PublicKeyToDer),
-    TEST_DECL(test_wc_Ed448KeyToDer),
-    TEST_DECL(test_wc_Ed448PrivateKeyToDer),
-    TEST_DECL(test_wc_Curve448PrivateKeyToDer),
-
+    TEST_ED448_DECLS,
     /* Kyber */
-    TEST_DECL(test_wc_kyber_make_key_kats),
-    TEST_DECL(test_wc_kyber_encapsulate_kats),
-    TEST_DECL(test_wc_kyber_decapsulate_kats),
-
+    TEST_MLKEM_DECLS,
     /* Dilithium */
-    TEST_DECL(test_wc_dilithium),
-    TEST_DECL(test_wc_dilithium_make_key),
-    TEST_DECL(test_wc_dilithium_sign),
-    TEST_DECL(test_wc_dilithium_verify),
-    TEST_DECL(test_wc_dilithium_check_key),
-    TEST_DECL(test_wc_dilithium_public_der_decode),
-    TEST_DECL(test_wc_dilithium_der),
-    TEST_DECL(test_wc_dilithium_make_key_from_seed),
-    TEST_DECL(test_wc_dilithium_verify_kats),
-
+    TEST_MLDSA_DECLS,
     /* Signature API */
-    TEST_DECL(test_wc_SignatureGetSize_ecc),
-    TEST_DECL(test_wc_SignatureGetSize_rsa),
+    TEST_SIGNATURE_DECLS,
 
     /* PEM and DER APIs. */
     TEST_DECL(test_wc_PemToDer),
@@ -85197,9 +66808,9 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wc_PKCS7_EncodeData),
     TEST_DECL(test_wc_PKCS7_EncodeSignedData),
     TEST_DECL(test_wc_PKCS7_EncodeSignedData_ex),
-    TEST_DECL(test_wc_PKCS7_EncodeSignedData_absent),
     TEST_DECL(test_wc_PKCS7_VerifySignedData_RSA),
     TEST_DECL(test_wc_PKCS7_VerifySignedData_ECC),
+    TEST_DECL(test_wc_PKCS7_DecodeEnvelopedData_stream),
     TEST_DECL(test_wc_PKCS7_EncodeDecodeEnvelopedData),
     TEST_DECL(test_wc_PKCS7_EncodeEncryptedData),
     TEST_DECL(test_wc_PKCS7_Degenerate),
@@ -85222,6 +66833,9 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_Init),
 
     TEST_DECL(test_dual_alg_support),
+    TEST_DECL(test_dual_alg_crit_ext_support),
+
+    TEST_DECL(test_dual_alg_ecdsa_mldsa),
 
     /*********************************
      * OpenSSL compatibility API tests
@@ -85265,10 +66879,14 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_ASN1_UTCTIME_print),
     TEST_DECL(test_wolfSSL_ASN1_TYPE),
     TEST_DECL(test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS),
+    TEST_DECL(test_wolfSSL_i2d_ASN1_TYPE),
+    TEST_DECL(test_wolfSSL_i2d_ASN1_SEQUENCE),
+    TEST_DECL(test_ASN1_strings),
 
     TEST_DECL(test_wolfSSL_lhash),
 
     TEST_DECL(test_wolfSSL_certs),
+    TEST_DECL(test_wolfSSL_X509_ext_d2i),
 
     TEST_DECL(test_wolfSSL_private_keys),
     TEST_DECL(test_wolfSSL_PEM_def_callback),
@@ -85298,6 +66916,8 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_free),
     TEST_DECL(test_wolfSSL_EVP_EncodeInit),
     TEST_DECL(test_wolfSSL_EVP_EncodeUpdate),
+    TEST_DECL(test_wolfSSL_EVP_CipherUpdate_Null),
+    TEST_DECL(test_wolfSSL_EVP_CIPHER_type_string),
     TEST_DECL(test_wolfSSL_EVP_EncodeFinal),
     TEST_DECL(test_wolfSSL_EVP_DecodeInit),
     TEST_DECL(test_wolfSSL_EVP_DecodeUpdate),
@@ -85314,6 +66934,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_EVP_MD_nid),
 
     TEST_DECL(test_wolfSSL_EVP_DigestFinal_ex),
+    TEST_DECL(test_wolfSSL_EVP_DigestFinalXOF),
 #endif
 
     TEST_DECL(test_EVP_MD_do_all),
@@ -85366,8 +66987,6 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_EVP_CIPHER_iv_length),
     TEST_DECL(test_wolfSSL_EVP_X_STATE),
     TEST_DECL(test_wolfSSL_EVP_X_STATE_LEN),
-    TEST_DECL(test_EVP_PKEY_is_a),
-    TEST_DECL(test_EVP_CIPHER_key_length),
     TEST_DECL(test_wolfSSL_EVP_BytesToKey),
 #endif
 
@@ -85384,7 +67003,8 @@ TEST_CASE testCases[] = {
 #endif
     TEST_DECL(test_wolfSSL_d2i_and_i2d_DSAparams),
     TEST_DECL(test_wolfSSL_i2d_PrivateKey),
-#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) && \
+    !defined(NO_TLS)
 #ifndef NO_BIO
     TEST_DECL(test_wolfSSL_d2i_PrivateKeys_bio),
 #endif /* !NO_BIO */
@@ -85446,9 +67066,13 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_TBS),
 
     TEST_DECL(test_wolfSSL_X509_STORE_CTX),
+    TEST_DECL(test_wolfSSL_X509_STORE_CTX_ex),
     TEST_DECL(test_X509_STORE_untrusted),
+#if defined(OPENSSL_ALL) && !defined(NO_RSA)
+    TEST_DECL(test_X509_STORE_InvalidCa),
+#endif
     TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup),
-    TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_current_issuer),
+    TEST_DECL(test_wolfSSL_X509_STORE_CTX_get_issuer),
     TEST_DECL(test_wolfSSL_X509_STORE_set_flags),
     TEST_DECL(test_wolfSSL_X509_LOOKUP_load_file),
     TEST_DECL(test_wolfSSL_X509_Name_canon),
@@ -85499,9 +67123,11 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_X509_set_notBefore),
     TEST_DECL(test_wolfSSL_X509_set_version),
     TEST_DECL(test_wolfSSL_X509_get_serialNumber),
+    TEST_DECL(test_wolfSSL_X509_ext_get_critical_by_NID),
+    TEST_DECL(test_wolfSSL_X509_CRL_distribution_points),
+    TEST_DECL(test_wolfSSL_X509_SEP),
     TEST_DECL(test_wolfSSL_X509_CRL),
     TEST_DECL(test_wolfSSL_i2d_X509),
-    TEST_DECL(test_wolfSSL_d2i_X509_REQ),
     TEST_DECL(test_wolfSSL_PEM_read_X509),
     TEST_DECL(test_wolfSSL_X509_check_ca),
     TEST_DECL(test_wolfSSL_X509_check_ip_asc),
@@ -85513,17 +67139,27 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_X509_max_name_constraints),
     TEST_DECL(test_wolfSSL_make_cert),
 
+    /* X509 ACERT tests */
+    TEST_DECL(test_wolfSSL_X509_ACERT_verify),
+    TEST_DECL(test_wolfSSL_X509_ACERT_misc_api),
+    TEST_DECL(test_wolfSSL_X509_ACERT_buffer),
+    TEST_DECL(test_wolfSSL_X509_ACERT_new_and_sign),
+    TEST_DECL(test_wolfSSL_X509_ACERT_asn),
+
 #ifndef NO_BIO
     TEST_DECL(test_wolfSSL_X509_INFO_multiple_info),
     TEST_DECL(test_wolfSSL_X509_INFO),
     TEST_DECL(test_wolfSSL_PEM_X509_INFO_read_bio),
+    TEST_DECL(test_wolfSSL_PEM_X509_INFO_read),
 #endif
 
 #ifdef OPENSSL_ALL
     TEST_DECL(test_wolfSSL_X509_PUBKEY_get),
+    TEST_DECL(test_wolfSSL_X509_set_pubkey),
 #endif
 
     TEST_DECL(test_wolfSSL_X509_CA_num),
+    TEST_DECL(test_x509_get_key_id),
     TEST_DECL(test_wolfSSL_X509_get_version),
 #ifndef NO_BIO
     TEST_DECL(test_wolfSSL_X509_print),
@@ -85536,13 +67172,21 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_X509_get_ext_by_NID),
     TEST_DECL(test_wolfSSL_X509_get_ext_subj_alt_name),
     TEST_DECL(test_wolfSSL_X509_get_ext_count),
+    TEST_DECL(test_wolfSSL_X509_set_ext),
+    TEST_DECL(test_wolfSSL_X509_add_ext),
     TEST_DECL(test_wolfSSL_X509_EXTENSION_new),
+    TEST_DECL(test_wolfSSL_X509_EXTENSION_dup),
     TEST_DECL(test_wolfSSL_X509_EXTENSION_get_object),
     TEST_DECL(test_wolfSSL_X509_EXTENSION_get_data),
     TEST_DECL(test_wolfSSL_X509_EXTENSION_get_critical),
+    TEST_DECL(test_wolfSSL_X509_EXTENSION_create_by_OBJ),
+    TEST_DECL(test_wolfSSL_X509V3_set_ctx),
     TEST_DECL(test_wolfSSL_X509V3_EXT_get),
     TEST_DECL(test_wolfSSL_X509V3_EXT_nconf),
     TEST_DECL(test_wolfSSL_X509V3_EXT),
+    TEST_DECL(test_wolfSSL_X509V3_EXT_bc),
+    TEST_DECL(test_wolfSSL_X509V3_EXT_san),
+    TEST_DECL(test_wolfSSL_X509V3_EXT_aia),
     TEST_DECL(test_wolfSSL_X509V3_EXT_print),
     TEST_DECL(test_wolfSSL_X509_cmp),
 
@@ -85555,7 +67199,9 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_sk_X509_CRL),
 
     /* OpenSSL X509 REQ API test */
+    TEST_DECL(test_wolfSSL_d2i_X509_REQ),
     TEST_DECL(test_X509_REQ),
+    TEST_DECL(test_wolfSSL_X509_REQ_print),
 
     /* OpenSSL compatibility outside SSL context w/ CRL lookup directory */
     TEST_DECL(test_X509_STORE_No_SSL_CTX),
@@ -85661,6 +67307,8 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_OCSP_single_get0_status),
     TEST_DECL(test_wolfSSL_OCSP_resp_count),
     TEST_DECL(test_wolfSSL_OCSP_resp_get0),
+    TEST_DECL(test_wolfSSL_OCSP_parse_url),
+    TEST_DECL(test_wolfSSL_OCSP_REQ_CTX),
 
     TEST_DECL(test_wolfSSL_PEM_read),
 
@@ -85763,6 +67411,7 @@ TEST_CASE testCases[] = {
 
 #if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK)
     TEST_DECL(test_wolfSSL_EC_GROUP),
+    TEST_DECL(test_wolfSSL_i2d_ECPKParameters),
     TEST_DECL(test_wolfSSL_PEM_read_bio_ECPKParameters),
     TEST_DECL(test_wolfSSL_EC_POINT),
     TEST_DECL(test_wolfSSL_SPAKE),
@@ -85825,12 +67474,13 @@ TEST_CASE testCases[] = {
      *********************************/
 
     TEST_DECL(test_wolfSSL_Method_Allocators),
-#ifndef NO_WOLFSSL_SERVER
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
     TEST_DECL(test_wolfSSL_CTX_new),
 #endif
     TEST_DECL(test_server_wolfSSL_new),
     TEST_DECL(test_client_wolfSSL_new),
 #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+    !defined(NO_TLS) && \
     (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM)
     TEST_DECL(test_for_double_Free),
 #endif
@@ -85853,6 +67503,10 @@ TEST_CASE testCases[] = {
 #endif
     TEST_DECL(test_wolfSSL_CTX_get_min_proto_version),
     TEST_DECL(test_wolfSSL_security_level),
+    TEST_DECL(test_wolfSSL_crypto_policy),
+    TEST_DECL(test_wolfSSL_crypto_policy_certs_and_keys),
+    TEST_DECL(test_wolfSSL_crypto_policy_tls_methods),
+    TEST_DECL(test_wolfSSL_crypto_policy_ciphers),
     TEST_DECL(test_wolfSSL_SSL_in_init),
     TEST_DECL(test_wolfSSL_CTX_set_timeout),
     TEST_DECL(test_wolfSSL_set_psk_use_session_callback),
@@ -85918,7 +67572,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_use_certificate_chain_file),
     TEST_DECL(test_wolfSSL_CTX_trust_peer_cert),
     TEST_DECL(test_wolfSSL_CTX_LoadCRL),
-    TEST_DECL(test_multiple_crls_same_issuer),
+    TEST_DECL(test_wolfSSL_crl_update_cb),
     TEST_DECL(test_wolfSSL_CTX_SetTmpDH_file),
     TEST_DECL(test_wolfSSL_CTX_SetTmpDH_buffer),
     TEST_DECL(test_wolfSSL_CTX_SetMinMaxDhKey_Sz),
@@ -85940,6 +67594,7 @@ TEST_CASE testCases[] = {
 #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
     defined(HAVE_IO_TESTS_DEPENDENCIES)
     TEST_DECL(test_wolfSSL_read_write),
+    TEST_DECL(test_wolfSSL_read_write_ex),
     /* Can't memory test as server hangs if client fails before second connect.
      */
     TEST_DECL(test_wolfSSL_reuse_WOLFSSLobj),
@@ -85961,6 +67616,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_a2i_IPADDRESS),
     TEST_DECL(test_wolfSSL_BUF),
     TEST_DECL(test_wolfSSL_set_tlsext_status_type),
+    TEST_DECL(test_wolfSSL_get_client_ciphers),
     /* Can't memory test as server hangs. */
     TEST_DECL(test_wolfSSL_CTX_set_client_CA_list),
     TEST_DECL(test_wolfSSL_CTX_add_client_CA),
@@ -86000,6 +67656,7 @@ TEST_CASE testCases[] = {
     /* Uses Assert in handshake callback. */
     TEST_DECL(test_wolfSSL_set_alpn_protos),
 #endif
+    TEST_DECL(test_tls_ems_downgrade),
     TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret),
     TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation),
     TEST_DECL(test_wolfSSL_SCR_Reconnect),
@@ -86009,6 +67666,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_Tls13_ECH_params),
     /* Uses Assert in handshake callback. */
     TEST_DECL(test_wolfSSL_Tls13_ECH),
+    TEST_DECL(test_wolfSSL_Tls13_ECH_HRR),
 #endif
 
     TEST_DECL(test_wolfSSL_X509_TLS_version_test_1),
@@ -86046,6 +67704,7 @@ TEST_CASE testCases[] = {
     /* Can't memory test as server Asserts in thread. */
     TEST_DECL(test_wolfSSL_BIO_accept),
     TEST_DECL(test_wolfSSL_BIO_tls),
+    TEST_DECL(test_wolfSSL_BIO_s_null),
     TEST_DECL(test_wolfSSL_BIO_datagram),
 #endif
 
@@ -86098,6 +67757,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_extra_alerts_wrong_cs),
     TEST_DECL(test_extra_alerts_skip_hs),
     TEST_DECL(test_extra_alerts_bad_psk),
+    TEST_DECL(test_multiple_alerts_EAGAIN),
     TEST_DECL(test_tls13_bad_psk_binder),
     /* Can't memory test as client/server Asserts. */
     TEST_DECL(test_harden_no_secure_renegotiation),
@@ -86129,6 +67789,11 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_dtls13_frag_ch_pq),
     TEST_DECL(test_dtls_empty_keyshare_with_cookie),
     TEST_DECL(test_dtls_old_seq_number),
+    TEST_DECL(test_dtls12_basic_connection_id),
+    TEST_DECL(test_dtls13_basic_connection_id),
+    TEST_DECL(test_dtls12_missing_finished),
+    TEST_DECL(test_dtls13_missing_finished_client),
+    TEST_DECL(test_dtls13_missing_finished_server),
     TEST_DECL(test_tls13_pq_groups),
     TEST_DECL(test_tls13_early_data),
     TEST_DECL(test_tls_multi_handshakes_one_record),
@@ -86137,6 +67802,13 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_get_signature_nid),
     TEST_DECL(test_tls_cert_store_unchanged),
     TEST_DECL(test_wolfSSL_SendUserCanceled),
+    TEST_DECL(test_wolfSSL_SSLDisableRead),
+    TEST_DECL(test_wolfSSL_inject),
+    TEST_DECL(test_wolfSSL_dtls_cid_parse),
+    TEST_DECL(test_ocsp_status_callback),
+    TEST_DECL(test_ocsp_basic_verify),
+    TEST_DECL(test_ocsp_response_parsing),
+    TEST_DECL(test_ocsp_certid_enc_dec),
     /* This test needs to stay at the end to clean up any caches allocated. */
     TEST_DECL(test_wolfSSL_Cleanup)
 };
@@ -86156,6 +67828,11 @@ static void TestCleanup(void)
 #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */
 }
 
+void ApiTest_StopOnFail(void)
+{
+    stopOnFail = 1;
+}
+
 /* Print out all API test cases with numeric identifier.
  */
 void ApiTest_PrintTestCases(void)
@@ -86168,6 +67845,52 @@ void ApiTest_PrintTestCases(void)
     }
 }
 
+/* Print out all API group names.
+ */
+void ApiTest_PrintGroups(void)
+{
+    int i;
+    const char* lastGroup = NULL;
+
+    printf("All Groups:\n");
+    for (i = 0; i < TEST_CASE_CNT; i++) {
+        if ((testCases[i].group != NULL) && ((lastGroup == NULL) ||
+                XSTRCMP(testCases[i].group, lastGroup) != 0)) {
+            printf("  %s\n", testCases[i].group);
+        }
+        lastGroup = testCases[i].group;
+    }
+}
+
+
+/* Add test case with group name to the list to run.
+ *
+ * @param [in]  name  Group name of test case to run.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when group name does not select any tests.
+ */
+int ApiTest_RunGroup(char* name)
+{
+    int i;
+    int cnt = 0;
+
+    for (i = 0; i < TEST_CASE_CNT; i++) {
+        if ((testCases[i].group != NULL) &&
+                (XSTRCMP(testCases[i].group, name) == 0)) {
+            testAll = 0;
+            testCases[i].run = 1;
+            cnt++;
+        }
+    }
+
+    if (cnt == 0) {
+        printf("Group name not found: %s\n", name);
+        printf("Use --groups to see all test group names.\n");
+        return BAD_FUNC_ARG;
+    }
+    return 0;
+}
+
 /* Add test case with index to the list to run.
  *
  * @param [in]  idx  Index of test case to run starting at 1.
@@ -86187,6 +67910,32 @@ int ApiTest_RunIdx(int idx)
     return 0;
 }
 
+/* Add test cases with part of the name to the list to run.
+ *
+ * @param [in]  name  Part of the name of test cases to run.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when name is not a known test case name.
+ */
+int ApiTest_RunPartName(char* name)
+{
+    int i;
+    int cnt = 0;
+
+    for (i = 0; i < TEST_CASE_CNT; i++) {
+        if (XSTRSTR(testCases[i].name, name) != NULL) {
+            cnt++;
+            testAll = 0;
+            testCases[i].run = 1;
+        }
+    }
+    if (cnt > 0)
+        return 0;
+
+    printf("Not found a test case with: %s\n", name);
+    printf("Use --list to see all test case names.\n");
+    return BAD_FUNC_ARG;
+}
+
 /* Add test case with name to the list to run.
  *
  * @param [in]  name  Name of test case to run.
@@ -86236,14 +67985,19 @@ static const char* apitest_res_string(int res)
 
 #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
 static double gettime_secs(void)
-    #if defined(_MSC_VER) && defined(_WIN32)
+    #if defined(_WIN32) && (defined(_MSC_VER) || defined(__WATCOMC__))
     {
         /* there's no gettimeofday for Windows, so we'll use system time */
         #define EPOCH_DIFF 11644473600LL
         FILETIME currentFileTime;
-        GetSystemTimePreciseAsFileTime(&currentFileTime);
-
         ULARGE_INTEGER uli = { 0, 0 };
+
+    #if defined(__WATCOMC__)
+        GetSystemTimeAsFileTime(&currentFileTime);
+    #else
+        GetSystemTimePreciseAsFileTime(&currentFileTime);
+    #endif
+
         uli.LowPart = currentFileTime.dwLowDateTime;
         uli.HighPart = currentFileTime.dwHighDateTime;
 
@@ -86268,6 +68022,9 @@ int ApiTest(void)
 #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
     double timeDiff;
 #endif
+    int passed = 0;
+    int skipped = 0;
+    int failed = 0;
 
     printf(" Begin API Tests\n");
     fflush(stdout);
@@ -86300,6 +68057,8 @@ int ApiTest(void)
     #endif
 
     if (res == 0) {
+        const char* lastGroup = NULL;
+
         for (i = 0; i < TEST_CASE_CNT; ++i) {
             EXPECT_DECLS;
 
@@ -86315,7 +68074,17 @@ int ApiTest(void)
 
             TestSetup();
 
-            printf("   %3d: %-52s:", i + 1, testCases[i].name);
+            if ((lastGroup != NULL) && ((testCases[i].group == NULL) ||
+                    XSTRCMP(testCases[i].group, lastGroup) != 0)) {
+                printf("  Group %s DONE\n", lastGroup);
+            }
+            if ((testCases[i].group != NULL) && ((lastGroup == NULL) ||
+                    XSTRCMP(testCases[i].group, lastGroup) != 0)) {
+                printf("  Group %s START\n", testCases[i].group);
+            }
+            lastGroup = testCases[i].group;
+
+            printf("   %4d: %-51s:", i + 1, testCases[i].name);
             fflush(stdout);
         #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
             timeDiff = gettime_secs();
@@ -86341,7 +68110,22 @@ int ApiTest(void)
             testCases[i].fail = ((ret <= 0) && (ret != TEST_SKIPPED));
             res |= ((ret <= 0) && (ret != TEST_SKIPPED));
 
+            if (testCases[i].fail)
+                failed++;
+            else if (ret == TEST_SKIPPED)
+                skipped++;
+            else
+                passed++;
+
             TestCleanup();
+
+            if (testCases[i].fail && stopOnFail) {
+                testAll = 0;
+                break;
+            }
+        }
+        if (lastGroup != NULL) {
+            printf("  Group %s DONE\n", lastGroup);
         }
     }
 
@@ -86384,6 +68168,8 @@ int ApiTest(void)
 #endif
 
     printf(" End API Tests\n");
+    printf(" Failed/Skipped/Passed/All: %d/%d/%d/%d\n", failed, skipped, passed,
+        failed + skipped + passed);
     fflush(stdout);
     return res;
 }
diff --git a/tests/api/api.h b/tests/api/api.h
new file mode 100644
index 000000000..447236e1c
--- /dev/null
+++ b/tests/api/api.h
@@ -0,0 +1,229 @@
+/* api.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_API_H
+#define WOLFCRYPT_TEST_API_H
+
+
+/* force enable test buffers */
+#ifndef USE_CERT_BUFFERS_2048
+    #define USE_CERT_BUFFERS_2048
+#endif
+#ifndef USE_CERT_BUFFERS_256
+    #define USE_CERT_BUFFERS_256
+#endif
+#include <wolfssl/certs_test.h>
+
+
+#ifndef HEAP_HINT
+    #define HEAP_HINT NULL
+#endif
+
+
+#define TEST_STRING    "Everyone gets Friday off."
+#define TEST_STRING_SZ 25
+
+
+#ifndef ONEK_BUF
+    #define ONEK_BUF 1024
+#endif
+#ifndef TWOK_BUF
+    #define TWOK_BUF 2048
+#endif
+#ifndef FOURK_BUF
+    #define FOURK_BUF 4096
+#endif
+
+
+#ifndef NO_RSA
+#define GEN_BUF  294
+
+#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
+#define TEST_RSA_BITS 1024
+#else
+#define TEST_RSA_BITS 2048
+#endif
+#define TEST_RSA_BYTES (TEST_RSA_BITS/8)
+#endif /* !NO_RSA */
+
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+    /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
+     * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
+     * trying until it gets a probable prime. */
+    #ifdef HAVE_FIPS
+        extern int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng);
+        #define MAKE_RSA_KEY(a, b, c, d) MakeRsaKeyRetry(a, b, c, d)
+    #else
+        #define MAKE_RSA_KEY(a, b, c, d) wc_MakeRsaKey(a, b, c, d)
+    #endif
+#endif
+
+#ifndef NO_DSA
+    #ifndef DSA_SIG_SIZE
+        #define DSA_SIG_SIZE 40
+    #endif
+    #ifndef MAX_DSA_PARAM_SIZE
+        #define MAX_DSA_PARAM_SIZE 256
+    #endif
+#endif
+
+#ifdef HAVE_ECC
+    #ifndef ECC_ASN963_MAX_BUF_SZ
+        #define ECC_ASN963_MAX_BUF_SZ 133
+    #endif
+    #ifndef ECC_PRIV_KEY_BUF
+        #define ECC_PRIV_KEY_BUF 66  /* For non user defined curves. */
+    #endif
+    /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */
+    /* logic to choose right key ECC size */
+    #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
+        #define KEY14 14
+    #else
+        #define KEY14 32
+    #endif
+    #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
+        #define KEY16 16
+    #else
+        #define KEY16 32
+    #endif
+    #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
+        #define KEY20 20
+    #else
+        #define KEY20 32
+    #endif
+    #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
+        #define KEY24 24
+    #else
+        #define KEY24 32
+    #endif
+    #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
+        #define KEY28 28
+    #else
+        #define KEY28 32
+    #endif
+    #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
+        #define KEY30 30
+    #else
+        #define KEY30 32
+    #endif
+    #define KEY32 32
+    #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
+        #define KEY40 40
+    #else
+        #define KEY40 32
+    #endif
+    #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
+        #define KEY48 48
+    #else
+        #define KEY48 32
+    #endif
+    #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
+        #define KEY64 64
+    #else
+        #define KEY64 32
+    #endif
+
+    #if !defined(HAVE_COMP_KEY)
+        #if !defined(NOCOMP)
+            #define NOCOMP 0
+        #endif
+    #else
+        #if !defined(COMP)
+            #define COMP 1
+        #endif
+    #endif
+    #if !defined(DER_SZ)
+        #define DER_SZ(ks) ((ks) * 2 + 1)
+    #endif
+#endif /* HAVE_ECC */
+#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
+    /* FIPS build has replaced ecc.h. */
+    #define wc_ecc_key_get_priv(key) (&((key)->k))
+    #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
+#endif
+
+/* Returns the result based on whether check is true.
+ *
+ * @param [in] check  Condition for success.
+ * @return  When condition is true: TEST_SUCCESS.
+ * @return  When condition is false: TEST_FAIL.
+ */
+#ifdef DEBUG_WOLFSSL_VERBOSE
+#define XSTRINGIFY(s) STRINGIFY(s)
+#define STRINGIFY(s)  #s
+#define TEST_RES_CHECK(check) ({ \
+    int _ret = (check) ? TEST_SUCCESS : TEST_FAIL; \
+    if (_ret == TEST_FAIL) { \
+        fprintf(stderr, " check \"%s\" at %d ", \
+            XSTRINGIFY(check), __LINE__); \
+    } \
+    _ret; })
+#else
+#define TEST_RES_CHECK(check) \
+    ((check) ? TEST_SUCCESS : TEST_FAIL)
+#endif /* DEBUG_WOLFSSL_VERBOSE */
+
+#define PRINT_DATA(name, data, len)             \
+do {                                            \
+    int ii;                                     \
+    fprintf(stderr, "%s\n", name);              \
+    for (ii = 0; ii < (int)(len); ii++) {       \
+        if ((ii % 8) == 0)                      \
+            fprintf(stderr, "        ");        \
+        fprintf(stderr, "0x%02x,", (data)[ii]); \
+        if ((ii % 8) == 7)                      \
+            fprintf(stderr, "\n");              \
+        else                                    \
+            fprintf(stderr, " ");               \
+    }                                           \
+    fprintf(stderr, "\n");                      \
+} while (0)
+
+#define PRINT_DATA_STR(name, data, len)         \
+do {                                            \
+    int ii;                                     \
+    fprintf(stderr, "%s\n", name);              \
+    for (ii = 0; ii < (int)(len); ii++) {       \
+        if ((ii % 8) == 0)                      \
+            fprintf(stderr, "        \"");      \
+        fprintf(stderr, "\\x%02x", (data)[ii]); \
+        if ((ii % 8) == 7)                      \
+            fprintf(stderr, "\"\n");            \
+    }                                           \
+    if ((ii % 8) != 0)                          \
+        fprintf(stderr, "\"");                  \
+    fprintf(stderr, "\n");                      \
+} while (0)
+
+typedef struct testVector {
+    const char* input;
+    const char* output;
+    size_t inLen;
+    size_t outLen;
+} testVector;
+
+
+extern int testDevId;
+
+#endif /* WOLFCRYPT_TEST_API_H */
+
diff --git a/tests/api/api_decl.h b/tests/api/api_decl.h
new file mode 100644
index 000000000..7dc064906
--- /dev/null
+++ b/tests/api/api_decl.h
@@ -0,0 +1,38 @@
+/* api_decl.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_API_DECL_H
+#define WOLFCRYPT_TEST_API_DECL_H
+
+typedef int (*TEST_FUNC)(void);
+typedef struct {
+    const char *group;
+    const char *name;
+    TEST_FUNC func;
+    byte run:1;
+    byte fail:1;
+} TEST_CASE;
+
+#define TEST_DECL(func) { NULL, #func, func, 0, 0 }
+#define TEST_DECL_GROUP(group, func) { group, #func, func, 0, 0 }
+
+#endif /* WOLFCRYPT_TEST_API_DECL_H */
+
diff --git a/tests/api/create_ocsp_test_blobs.py b/tests/api/create_ocsp_test_blobs.py
new file mode 100644
index 000000000..a887efe42
--- /dev/null
+++ b/tests/api/create_ocsp_test_blobs.py
@@ -0,0 +1,453 @@
+#!/usr/bin/env python3
+"""
+    This is a simple generator of OCSP responses that will be used to test
+    wolfSSL OCSP implementation
+"""
+from pyasn1_modules import rfc6960
+from pyasn1.codec.der.encoder import encode
+from pyasn1.codec.der.decoder import decode
+from pyasn1.type import univ, tag, useful, namedtype
+from base64 import b64decode
+from hashlib import sha1, sha256
+from datetime import datetime
+from cryptography.hazmat.primitives import serialization, hashes
+from cryptography.hazmat.primitives.asymmetric import rsa, padding
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+
+WOLFSSL_OCSP_CERT_PATH = './certs/ocsp/'
+
+def response_status(value: int) -> rfc6960.OCSPResponseStatus:
+    return rfc6960.OCSPResponseStatus(value)
+
+def response_type() -> univ.ObjectIdentifier:
+    return rfc6960.id_pkix_ocsp_basic
+
+sha256WithRSAEncryption = (1, 2, 840, 113549, 1, 1, 11)
+sha1_alg_id = (1, 3, 14, 3, 2, 26)
+def cert_id_sha1_alg_id() -> rfc6960.AlgorithmIdentifier:
+    return algorithm(sha1_alg_id)
+
+def signature_algorithm() -> rfc6960.AlgorithmIdentifier:
+    return algorithm(sha256WithRSAEncryption)
+
+def algorithm(value) -> rfc6960.AlgorithmIdentifier:
+    ai = rfc6960.AlgorithmIdentifier()
+    ai['algorithm'] = univ.ObjectIdentifier(value=value)
+    return ai
+
+def cert_pem_to_der(cert_path: str) -> bytes:
+    beg_cert = '-----BEGIN CERTIFICATE-----'
+    end_cert = '-----END CERTIFICATE-----'
+    with open(cert_path, 'r') as f:
+        pem = f.read()
+    cert = pem.split(beg_cert)[1].split(end_cert)[0]
+    return b64decode(cert)
+
+def certs(cert_path: list[str]) -> univ.SequenceOf | None:
+    if len(cert_path) == 0:
+        return None
+    certs = rfc6960.BasicOCSPResponse()['certs']
+    for cp in cert_path:
+        cert_der = cert_pem_to_der(cp)
+        cert, _ = decode(bytes(cert_der), asn1Spec=rfc6960.Certificate())
+        certs.append(cert)
+    return certs
+
+def signature(bitstr: str) -> univ.BitString:
+    return univ.BitString(hexValue=bitstr)
+
+def resp_id_by_name(cert_path: str) -> rfc6960.ResponderID:
+    cert_der = cert_pem_to_der(cert_path)
+    cert, _ = decode(bytes(cert_der), asn1Spec=rfc6960.Certificate())
+    subj = cert['tbsCertificate']['subject']
+    rid = rfc6960.ResponderID()
+    rdi_name = rid['byName']
+    rdi_name['rdnSequence'] = subj['rdnSequence']
+    return rid
+
+def resp_id_by_key(cert_path: str) -> rfc6960.ResponderID:
+    cert_der = cert_pem_to_der(cert_path)
+    cert, _ = decode(bytes(cert_der), asn1Spec=rfc6960.Certificate())
+    key = get_key(cert)
+    key_hash = sha1(key.asOctets()).digest()
+    rid = rfc6960.ResponderID()
+    rid['byKey'] = rfc6960.KeyHash(value=key_hash).subtype(explicitTag=
+                                                           tag.Tag(
+                                                           tag.tagClassContext,
+                                                           tag.tagFormatSimple,
+                                                           2))
+    return rid
+
+def get_key(cert: rfc6960.Certificate) -> univ.BitString:
+    return cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']
+
+def get_name(cert: rfc6960.Certificate) -> rfc6960.Name:
+    return cert['tbsCertificate']['subject']
+
+def cert_id_from_hash(issuer_name_hash: bytes, issuer_key_hash: bytes,
+                      serial: int) -> rfc6960.CertID:
+    cert_id = rfc6960.CertID()
+    cert_id['hashAlgorithm'] = cert_id_sha1_alg_id()
+    cert_id['issuerNameHash'] = univ.OctetString(value=issuer_name_hash)
+    cert_id['issuerKeyHash'] = univ.OctetString(value=issuer_key_hash)
+    cert_id['serialNumber'] = rfc6960.CertificateSerialNumber(serial)
+    return cert_id
+
+def cert_id(issuer_cert_path: str, serial: int) -> rfc6960.CertID:
+    issuer_cert = cert_pem_to_der(issuer_cert_path)
+    issuer, _ = decode(bytes(issuer_cert), asn1Spec=rfc6960.Certificate())
+    issuer_name = get_name(issuer)
+    issuer_key = get_key(issuer)
+    issuer_name_hash = sha1(encode(issuer_name)).digest()
+    issuer_key_hash = sha1(issuer_key.asOctets()).digest()
+    cert_id = rfc6960.CertID()
+    cert_id['hashAlgorithm'] = cert_id_sha1_alg_id()
+    cert_id['issuerNameHash'] = univ.OctetString(value=issuer_name_hash)
+    cert_id['issuerKeyHash'] = univ.OctetString(value=issuer_key_hash)
+    cert_id['serialNumber'] = rfc6960.CertificateSerialNumber(serial)
+
+    return cert_id
+
+CERT_GOOD = 0
+CERT_REVOKED = 1
+CERT_UNKNOWN = 2
+def cert_status(value: int) -> rfc6960.CertStatus:
+    cs = rfc6960.CertStatus()
+
+    if value == CERT_GOOD:
+        good = univ.Null('').subtype(implicitTag=tag.Tag(tag.tagClassContext,
+                                                         tag.tagFormatSimple,
+                                                         0))
+        cs['good'] = good
+    elif value == CERT_REVOKED:
+        revoked = rfc6960.RevokedInfo().subtype(implicitTag=tag.Tag(
+            tag.tagClassContext, tag.tagFormatSimple, 1))
+        revoked['revocationTime'] = useful.GeneralizedTime().fromDateTime(
+            datetime.now())
+        cs['revoked'] = revoked
+
+    return cs
+
+def single_response(issuer_cert_path: str, serial: int,
+                    status: int) -> rfc6960.SingleResponse:
+    cid = cert_id(issuer_cert_path, serial)
+    cs = cert_status(status)
+    sr = rfc6960.SingleResponse().clone()
+    sr.setComponentByName('certID', cid)
+    sr['certStatus'] = cs
+    sr['thisUpdate'] = useful.GeneralizedTime().fromDateTime(datetime.now())
+    return sr
+
+def response_data(rid: rfc6960.ResponderID | None,
+                  responses: list[rfc6960.SingleResponse]) -> rfc6960.ResponseData:
+    rd = rfc6960.ResponseData()
+    rd['version'] = rfc6960.Version('v1').subtype(explicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 0))
+    if rid:
+        rd['responderID'] = rid
+    rd['producedAt'] = useful.GeneralizedTime().fromDateTime(datetime.now())
+    rs = univ.SequenceOf(componentType=rfc6960.SingleResponse())
+    rs.extend(responses)
+    rd['responses'] = rs
+    return rd
+
+def read_key_der_from_pem(key_path: str) -> bytes:
+    with open(key_path, 'r') as f:
+        pem = f.readlines()
+    pem_start = [i for i, line in enumerate(pem) if '-----BEGIN' in line][0]
+    pem_end = [i for i, line in enumerate(pem) if '-----END' in line][0]
+    key = ''.join(pem[pem_start+1:pem_end])
+    return b64decode(key)
+
+def basic_ocsp_response(rd: rfc6960.ResponseData, sig_alg:
+                        rfc6960.AlgorithmIdentifier, sig: univ.BitString,
+                        certs: univ.SequenceOf|None = None) -> rfc6960.BasicOCSPResponse:
+    br = rfc6960.BasicOCSPResponse()
+
+    br['tbsResponseData'] = rd
+    br['signatureAlgorithm'] = sig_alg
+    br['signature'] = sig
+    if certs is not None:
+        br['certs'] = certs
+    return br
+
+def response_bytes(br: rfc6960.BasicOCSPResponse) -> rfc6960.ResponseBytes:
+    rb = rfc6960.ResponseBytes().subtype(explicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatConstructed, 0))
+    rb['responseType'] = response_type()
+    rb['response'] = encode(br)
+    return rb
+
+def ocsp_response(status: rfc6960.OCSPResponseStatus,
+                  response_bytes: rfc6960.ResponseBytes) -> rfc6960.OCSPResponse:
+    orsp = rfc6960.OCSPResponse()
+    orsp['responseStatus'] = status
+    orsp['responseBytes'] = response_bytes
+    return orsp
+
+def get_priv_key(pem_path) -> rsa.RSAPrivateKey:
+    key_der = read_key_der_from_pem(pem_path)
+    private_key = serialization.load_der_private_key(
+        key_der,
+        password=None,
+    )
+    return private_key
+
+def sign_repsonse_data(rd: rfc6960.ResponseData,
+                       key: rsa.RSAPrivateKey) -> univ.BitString:
+    sig = key.sign(encode(rd), padding.PKCS1v15(), hashes.SHA256())
+    return univ.BitString(hexValue=sig.hex())
+
+def get_pub_key(cert_path: str) -> rsa.RSAPublicKey:
+    with open(cert_path, 'rb') as f:
+        cert = f.read()
+    cert = x509.load_pem_x509_certificate(cert, default_backend())
+    return cert.public_key()
+
+def test_signature(ocsp_resp_path: str, key: rsa.RSAPublicKey):
+    with open(ocsp_resp_path, 'rb') as f:
+        ocsp_resp = f.read()
+    ocsp_resp, _ = decode(ocsp_resp, asn1Spec=rfc6960.OCSPResponse())
+    response = ocsp_resp.getComponentByName(
+        'responseBytes').getComponentByName('response')
+    br, _ = decode(response, asn1Spec=rfc6960.BasicOCSPResponse())
+    rd = br.getComponentByName('tbsResponseData')
+    rd_hash = sha256(encode(rd)).digest()
+    di = rfc8017.DigestInfo()
+    di['digestAlgorithm'] = signature_algorithm()
+    di['digest'] = univ.OctetString(rd_hash)
+    sig = br.getComponentByName('signature')
+    key.verify(sig.asOctets(), encode(rd), padding.PKCS1v15(), hashes.SHA256())
+
+def single_response_from_cert(cert_path: str,
+                              status: int) -> rfc6960.SingleResponse:
+    cert_der = cert_pem_to_der(cert_path)
+    cert, _ = decode(bytes(cert_der), asn1Spec=rfc6960.Certificate())
+    serial = cert['tbsCertificate']['serialNumber']
+    issuer = cert['tbsCertificate']['issuer']
+    serialHash = sha1(serial.asOctets()).digest()
+    issuerHash = sha1(encode(issuer)).digest()
+    cid = cert_id_from_hash(issuerHash, serialHash, serial)
+    cs = cert_status(status)
+    sr = rfc6960.SingleResponse().clone()
+    sr.setComponentByName('certID', cid)
+    sr['certStatus'] = cs
+    sr['thisUpdate'] = useful.GeneralizedTime().fromDateTime(datetime.now())
+    return sr
+
+RESPONSE_STATUS_GOOD = 0
+
+def write_buffer(name: str, data: bytes, f):
+    f.write(f"unsigned char {name}[] = {{\n")
+    for i in range(0, len(data), 12):
+        f.write("    " + ", ".join(f"0x{b:02x}" for b in data[i:i+12]) + ",\n")
+    f.write("};\n\n")
+
+def create_response(rd: dict) -> rfc6960.OCSPResponse:
+    """create a response using definition in rd"""
+    cs = response_status(rd.get('response_status', RESPONSE_STATUS_GOOD))
+    sa = rd.get('signature_algorithm', signature_algorithm())
+    c = certs(rd.get('certs_path', []))
+    rid = None
+    if rd.get('responder_by_name') is not None:
+        rid = resp_id_by_name(
+            rd.get(
+                'responder_cert', WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-cert.pem'))
+    elif rd.get('responder_by_key', None) is not None:
+        rid = resp_id_by_key(
+            rd.get('responder_cert', WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-cert.pem'))
+    # implement responder byhash
+    responses = []
+    for entry in rd.get('responses', []):
+        if entry.get('certificate'):
+            sr = single_response_from_cert(entry['certificate'], entry['status'])
+        else:
+            sr = single_response(entry['issuer_cert'], entry['serial'], entry['status'])
+        responses.append(sr)
+    rd_data = response_data(rid, responses)
+    k = get_priv_key(rd.get('responder_key', WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-key.pem'))
+    s = sign_repsonse_data(rd_data, k)
+    br = basic_ocsp_response(rd_data, sa, s, c)
+    rb = response_bytes(br)
+    ocspr = ocsp_response(cs, rb)
+    return ocspr
+
+def create_and_write_response(rd: dict, f):
+    ocspr = create_response(rd)
+    encoded_response = encode(ocspr)
+    write_buffer(rd['name'].replace('-', '_').replace('.', '_'), encoded_response, f)
+
+def add_certificate(cert_path: str, f):
+    cert_der = cert_pem_to_der(cert_path)
+    write_buffer(cert_path.split('/')[-1].replace('-', '_').replace('.', '_'), cert_der, f)
+
+class badOCSPResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('responseBytes', rfc6960.ResponseBytes().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+def create_bad_response(rd: dict) -> bytes:
+    """Creates a malformed OCSP response by removing the response status field"""
+    r = create_response(rd)
+    br = badOCSPResponse()
+    br['responseBytes'] = r['responseBytes']
+    return encode(br)
+
+if __name__ == '__main__':
+    useful.GeneralizedTime._hasSubsecond = False
+    response_definitions = [
+        {
+            'response_status': 0,
+            'signature_algorithm': signature_algorithm(),
+            'certs_path': [WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-cert.pem'],
+            'responder_by_name': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                }
+            ],
+            'responder_key': WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-key.pem',
+            'name': 'resp'
+        },
+        {
+            'response_status': 0,
+            'signature_algorithm': signature_algorithm(),
+            'certs_path': [WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-cert.pem'],
+            'responder_by_key': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                }
+            ],
+            'responder_key': WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-key.pem',
+            'name': 'resp_rid_bykey',
+        },
+        {
+            'response_status': 0,
+            'signature_algorithm': signature_algorithm(),
+            'responder_by_name': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                }
+            ],
+            'responder_key': WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-key.pem',
+            'name': 'resp_nocert'
+        },
+        {
+            'response_status': 0,
+            'signature_algorithm': signature_algorithm(),
+            'responder_by_name': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                },
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x02,
+                    'status': CERT_GOOD
+                }
+            ],
+            'responder_key': WOLFSSL_OCSP_CERT_PATH + 'root-ca-key.pem',
+            'responder_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+            'name': 'resp_multi'
+        },
+        {
+            'response_status': 0,
+            'signature_algorithm': signature_algorithm(),
+            'responder_by_name': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                },
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + '../ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                }
+            ],
+            'responder_key': WOLFSSL_OCSP_CERT_PATH + 'root-ca-key.pem',
+            'responder_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+            'name': 'resp_bad_noauth'
+        },
+        {
+            'response_status': 0,
+            'signature_algorithm': signature_algorithm(),
+            'responder_by_name': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                },
+            ],
+            # unrelated cert
+            'certs_path' : [WOLFSSL_OCSP_CERT_PATH + 'intermediate2-ca-cert.pem'],
+            'responder_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+            'responder_key': WOLFSSL_OCSP_CERT_PATH + 'root-ca-key.pem',
+            'name': 'resp_bad_embedded_cert'
+        },
+    ]
+
+    with open('./tests/api/test_ocsp_test_blobs.h', 'w') as f:
+        f.write(
+"""/*
+* This file is generated automatically by running ./tests/api/create_ocsp_test_blobs.py.
+*
+* ocsp_test_blobs.h
+*
+* Copyright (C) 2006-2025 wolfSSL Inc.
+*
+* This file is part of wolfSSL.
+*
+* wolfSSL is free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 2 of the License, or
+* (at your option) any later version.
+*
+* wolfSSL is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+*
+*/
+""")
+        f.write("#ifndef OCSP_TEST_BLOBS_H\n")
+        f.write("#define OCSP_TEST_BLOBS_H\n\n")
+        for rd in response_definitions:
+            create_and_write_response(rd, f)
+        add_certificate(WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-cert.pem', f)
+        add_certificate(WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem', f)
+        add_certificate(WOLFSSL_OCSP_CERT_PATH + '../ca-cert.pem', f)
+        add_certificate(WOLFSSL_OCSP_CERT_PATH + '../server-cert.pem', f)
+        add_certificate(WOLFSSL_OCSP_CERT_PATH + 'intermediate1-ca-cert.pem', f)
+        br = create_bad_response({
+            'response_status': 0,
+            'responder_by_key': True,
+            'responses': [
+                {
+                    'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem',
+                    'serial': 0x01,
+                    'status': CERT_GOOD
+                }
+            ],
+            'name': 'resp_bad'
+        })
+        write_buffer('resp_bad', br, f)
+        f.write("#endif /* OCSP_TEST_BLOBS_H */\n")
diff --git a/tests/api/include.am b/tests/api/include.am
new file mode 100644
index 000000000..15e28235c
--- /dev/null
+++ b/tests/api/include.am
@@ -0,0 +1,106 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the
+
+if BUILD_TESTS
+# Digests
+tests_unit_test_SOURCES += tests/api/test_md2.c
+tests_unit_test_SOURCES += tests/api/test_md4.c
+tests_unit_test_SOURCES += tests/api/test_md5.c
+tests_unit_test_SOURCES += tests/api/test_sha.c
+tests_unit_test_SOURCES += tests/api/test_sha256.c
+tests_unit_test_SOURCES += tests/api/test_sha512.c
+tests_unit_test_SOURCES += tests/api/test_sha3.c
+tests_unit_test_SOURCES += tests/api/test_blake2.c
+tests_unit_test_SOURCES += tests/api/test_sm3.c
+tests_unit_test_SOURCES += tests/api/test_ripemd.c
+tests_unit_test_SOURCES += tests/api/test_hash.c
+# MAC
+tests_unit_test_SOURCES += tests/api/test_hmac.c
+tests_unit_test_SOURCES += tests/api/test_cmac.c
+# Cipher
+tests_unit_test_SOURCES += tests/api/test_des3.c
+tests_unit_test_SOURCES += tests/api/test_chacha.c
+tests_unit_test_SOURCES += tests/api/test_poly1305.c
+tests_unit_test_SOURCES += tests/api/test_chacha20_poly1305.c
+tests_unit_test_SOURCES += tests/api/test_camellia.c
+tests_unit_test_SOURCES += tests/api/test_arc4.c
+tests_unit_test_SOURCES += tests/api/test_rc2.c
+tests_unit_test_SOURCES += tests/api/test_aes.c
+tests_unit_test_SOURCES += tests/api/test_ascon.c
+tests_unit_test_SOURCES += tests/api/test_sm4.c
+tests_unit_test_SOURCES += tests/api/test_wc_encrypt.c
+# Random
+tests_unit_test_SOURCES += tests/api/test_random.c
+# MP
+tests_unit_test_SOURCES += tests/api/test_wolfmath.c
+# Public Key Algorithm
+tests_unit_test_SOURCES += tests/api/test_rsa.c
+tests_unit_test_SOURCES += tests/api/test_dsa.c
+tests_unit_test_SOURCES += tests/api/test_dh.c
+tests_unit_test_SOURCES += tests/api/test_ecc.c
+tests_unit_test_SOURCES += tests/api/test_sm2.c
+tests_unit_test_SOURCES += tests/api/test_curve25519.c
+tests_unit_test_SOURCES += tests/api/test_ed25519.c
+tests_unit_test_SOURCES += tests/api/test_curve448.c
+tests_unit_test_SOURCES += tests/api/test_ed448.c
+tests_unit_test_SOURCES += tests/api/test_mlkem.c
+tests_unit_test_SOURCES += tests/api/test_mldsa.c
+tests_unit_test_SOURCES += tests/api/test_signature.c
+# TLS Protocol
+tests_unit_test_SOURCES += tests/api/test_dtls.c
+# TLS Feature
+tests_unit_test_SOURCES += tests/api/test_ocsp.c
+tests_unit_test_SOURCES += tests/api/test_evp.c
+tests_unit_test_SOURCES += tests/api/test_tls_ext.c
+endif
+
+EXTRA_DIST += tests/api/api.h
+EXTRA_DIST += tests/api/api_decl.h
+EXTRA_DIST += tests/api/test_md2.h
+EXTRA_DIST += tests/api/test_md4.h
+EXTRA_DIST += tests/api/test_md5.h
+EXTRA_DIST += tests/api/test_sha.h
+EXTRA_DIST += tests/api/test_sha256.h
+EXTRA_DIST += tests/api/test_sha512.h
+EXTRA_DIST += tests/api/test_sha3.h
+EXTRA_DIST += tests/api/test_blake2.h
+EXTRA_DIST += tests/api/test_sm3.h
+EXTRA_DIST += tests/api/test_ripemd.h
+EXTRA_DIST += tests/api/test_digest.h
+EXTRA_DIST += tests/api/test_hash.h
+EXTRA_DIST += tests/api/test_hmac.h
+EXTRA_DIST += tests/api/test_cmac.h
+EXTRA_DIST += tests/api/test_des3.h
+EXTRA_DIST += tests/api/test_chacha.h
+EXTRA_DIST += tests/api/test_poly1305.h
+EXTRA_DIST += tests/api/test_chacha20_poly1305.h
+EXTRA_DIST += tests/api/test_camellia.h
+EXTRA_DIST += tests/api/test_arc4.h
+EXTRA_DIST += tests/api/test_rc2.h
+EXTRA_DIST += tests/api/test_aes.h
+EXTRA_DIST += tests/api/test_ascon.h
+EXTRA_DIST += tests/api/test_sm4.h
+EXTRA_DIST += tests/api/test_ascon_kats.h
+EXTRA_DIST += tests/api/test_wc_encrypt.h
+EXTRA_DIST += tests/api/test_random.h
+EXTRA_DIST += tests/api/test_wolfmath.h
+EXTRA_DIST += tests/api/test_rsa.h
+EXTRA_DIST += tests/api/test_dsa.h
+EXTRA_DIST += tests/api/test_dh.h
+EXTRA_DIST += tests/api/test_ecc.h
+EXTRA_DIST += tests/api/test_sm2.h
+EXTRA_DIST += tests/api/test_curve25519.h
+EXTRA_DIST += tests/api/test_ed25519.h
+EXTRA_DIST += tests/api/test_curve448.h
+EXTRA_DIST += tests/api/test_ed448.h
+EXTRA_DIST += tests/api/test_mlkem.h
+EXTRA_DIST += tests/api/test_mldsa.h
+EXTRA_DIST += tests/api/test_signature.h
+EXTRA_DIST += tests/api/test_dtls.h
+EXTRA_DIST += tests/api/test_ocsp.h
+EXTRA_DIST += tests/api/test_ocsp_test_blobs.h
+EXTRA_DIST += tests/api/create_ocsp_test_blobs.py
+EXTRA_DIST += tests/api/test_evp.h
+EXTRA_DIST += tests/api/test_tls_ext.h
+
diff --git a/tests/api/test_aes.c b/tests/api/test_aes.c
new file mode 100644
index 000000000..181a4cb9d
--- /dev/null
+++ b/tests/api/test_aes.c
@@ -0,0 +1,2677 @@
+/* test_aes.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/wc_encrypt.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_aes.h>
+
+/*******************************************************************************
+ * AES
+ ******************************************************************************/
+
+/*
+ * Testing function for wc_AesSetKey().
+ */
+int test_wc_AesSetKey(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_AES
+    Aes  aes;
+    byte key16[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+#ifdef WOLFSSL_AES_192
+    byte key24[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
+    };
+#endif
+#ifdef WOLFSSL_AES_256
+    byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+#endif
+    byte badKey16[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
+    };
+    byte iv[] = "1234567890abcdef";
+
+    XMEMSET(&aes, 0, sizeof(Aes));
+
+    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
+
+#ifdef WOLFSSL_AES_128
+    ExpectIntEQ(wc_AesSetKey(&aes, key16, (word32)sizeof(key16) / sizeof(byte),
+        iv, AES_ENCRYPTION), 0);
+#endif
+#ifdef WOLFSSL_AES_192
+    ExpectIntEQ(wc_AesSetKey(&aes, key24, (word32)sizeof(key24) / sizeof(byte),
+        iv, AES_ENCRYPTION), 0);
+#endif
+#ifdef WOLFSSL_AES_256
+    ExpectIntEQ(wc_AesSetKey(&aes, key32, (word32)sizeof(key32) / sizeof(byte),
+        iv, AES_ENCRYPTION), 0);
+#endif
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_AesSetKey(NULL, key16, (word32)sizeof(key16) / sizeof(byte),
+        iv, AES_ENCRYPTION), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesSetKey(&aes, badKey16,
+        (word32)sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_AesFree(&aes);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_AesSetKey */
+
+/*
+ * Testing function for wc_AesSetIV
+ */
+int test_wc_AesSetIV(void)
+{
+    int res = TEST_SKIPPED;
+#if !defined(NO_AES) && defined(WOLFSSL_AES_128)
+    Aes     aes;
+    int     ret = 0;
+    byte    key16[] =
+    {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    byte    iv1[]    = "1234567890abcdef";
+    byte    iv2[]    = "0987654321fedcba";
+
+    ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
+    if (ret != 0)
+        return ret;
+
+    ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
+                                                     iv1, AES_ENCRYPTION);
+    if (ret == 0) {
+        ret = wc_AesSetIV(&aes, iv2);
+    }
+    /* Test bad args. */
+    if (ret == 0) {
+        ret = wc_AesSetIV(NULL, iv1);
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+            /* NULL iv should return 0. */
+            ret = wc_AesSetIV(&aes, NULL);
+        }
+        else {
+            ret = WOLFSSL_FATAL_ERROR;
+        }
+    }
+
+    wc_AesFree(&aes);
+
+    res = TEST_RES_CHECK(ret == 0);
+#endif
+    return res;
+} /* test_wc_AesSetIV */
+
+/*******************************************************************************
+ * AES-CBC
+ ******************************************************************************/
+
+/*
+ * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(),
+ * and wc_AesCbcDecryptWithKey()
+ */
+int test_wc_AesCbcEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \
+    defined(WOLFSSL_AES_256)
+    Aes  aes;
+    byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    byte vector[] = { /* Now is the time for all good men w/o trailing 0 */
+        0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
+        0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
+        0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20,
+        0x67, 0x6f, 0x6f, 0x64, 0x20, 0x6d, 0x65, 0x6e
+    };
+    byte    iv[]   = "1234567890abcdef";
+    byte    enc[sizeof(vector)];
+    byte    dec[sizeof(vector)];
+    byte    dec2[sizeof(vector)];
+
+    /* Init stack variables. */
+    XMEMSET(&aes, 0, sizeof(Aes));
+    XMEMSET(enc, 0, sizeof(enc));
+    XMEMSET(dec, 0, sizeof(vector));
+    XMEMSET(dec2, 0, sizeof(vector));
+
+    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesSetKey(&aes, key32, WC_AES_BLOCK_SIZE * 2, iv,
+        AES_ENCRYPTION), 0);
+    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector)), 0);
+
+    /* Re init for decrypt and set flag. */
+    ExpectIntEQ(wc_AesSetKey(&aes, key32, WC_AES_BLOCK_SIZE * 2, iv,
+        AES_DECRYPTION), 0);
+    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector)), 0);
+    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
+
+    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, WC_AES_BLOCK_SIZE, key32,
+        sizeof(key32)/sizeof(byte), iv), 0);
+    ExpectIntEQ(XMEMCMP(vector, dec2, WC_AES_BLOCK_SIZE), 0);
+
+    /* Pass in bad args */
+    ExpectIntEQ(wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1),
+        WC_NO_ERR_TRACE(BAD_LENGTH_E));
+#endif
+#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI)
+    fprintf(stderr, "Zero length inputs not supported with AESNI in FIPS "
+                    "mode (v2), skip test");
+#else
+    /* Test passing in size of 0  */
+    XMEMSET(enc, 0, sizeof(enc));
+    ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, 0), 0);
+    /* Check enc was not modified */
+    {
+        int i;
+        for (i = 0; i < (int)sizeof(enc); i++)
+            ExpectIntEQ(enc[i], 0);
+    }
+#endif
+
+    ExpectIntEQ(wc_AesCbcDecrypt(NULL, dec, enc, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcDecrypt(&aes, NULL, enc, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, NULL, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, WC_AES_BLOCK_SIZE * 2 - 1),
+        WC_NO_ERR_TRACE(BAD_LENGTH_E));
+#else
+    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, WC_AES_BLOCK_SIZE * 2 - 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    /* Test passing in size of 0  */
+    XMEMSET(dec, 0, sizeof(dec));
+    ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, 0), 0);
+    /* Check dec was not modified */
+    {
+        int i;
+        for (i = 0; i < (int)sizeof(dec); i++)
+            ExpectIntEQ(dec[i], 0);
+    }
+
+    ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, enc, WC_AES_BLOCK_SIZE,
+        key32, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, NULL, WC_AES_BLOCK_SIZE,
+        key32, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, WC_AES_BLOCK_SIZE,
+        NULL, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, WC_AES_BLOCK_SIZE,
+        key32, sizeof(key32)/sizeof(byte), NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_AesFree(&aes);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_AesCbcEncryptDecrypt */
+
+/*******************************************************************************
+ * AES-CTR
+ ******************************************************************************/
+
+/*
+ * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt
+ */
+int test_wc_AesCtrEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
+    Aes aesEnc;
+    Aes aesDec;
+    byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    byte vector[] = { /* Now is the time for all w/o trailing 0 */
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+    byte iv[] = "1234567890abcdef";
+    byte enc[WC_AES_BLOCK_SIZE * 2];
+    byte dec[WC_AES_BLOCK_SIZE * 2];
+
+    /* Init stack variables. */
+    XMEMSET(&aesEnc, 0, sizeof(Aes));
+    XMEMSET(&aesDec, 0, sizeof(Aes));
+    XMEMSET(enc, 0, WC_AES_BLOCK_SIZE * 2);
+    XMEMSET(dec, 0, WC_AES_BLOCK_SIZE * 2);
+
+    ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0);
+
+    ExpectIntEQ(wc_AesSetKey(&aesEnc, key32, WC_AES_BLOCK_SIZE * 2, iv,
+        AES_ENCRYPTION), 0);
+    ExpectIntEQ(wc_AesCtrEncrypt(&aesEnc, enc, vector,
+        sizeof(vector)/sizeof(byte)), 0);
+    /* Decrypt with wc_AesCtrEncrypt() */
+    ExpectIntEQ(wc_AesSetKey(&aesDec, key32, WC_AES_BLOCK_SIZE * 2, iv,
+        AES_ENCRYPTION), 0);
+    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte)),
+        0);
+    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_AesFree(&aesEnc);
+    wc_AesFree(&aesDec);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_AesCtrEncryptDecrypt */
+
+/*******************************************************************************
+ * AES-GCM
+ ******************************************************************************/
+
+/*
+ * test function for wc_AesGcmSetKey()
+ */
+int test_wc_AesGcmSetKey(void)
+{
+    EXPECT_DECLS;
+#if  !defined(NO_AES) && defined(HAVE_AESGCM)
+    Aes aes;
+#ifdef WOLFSSL_AES_128
+    byte key16[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+#endif
+#ifdef WOLFSSL_AES_192
+    byte key24[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
+    };
+#endif
+#ifdef WOLFSSL_AES_256
+    byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+#endif
+    byte badKey16[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
+    };
+    byte badKey24[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
+    };
+    byte badKey32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
+    };
+
+    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
+
+#ifdef WOLFSSL_AES_128
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)), 0);
+#endif
+#ifdef WOLFSSL_AES_192
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)), 0);
+#endif
+#ifdef WOLFSSL_AES_256
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0);
+#endif
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_AesFree(&aes);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_AesGcmSetKey */
+
+/*
+ * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt
+ */
+int test_wc_AesGcmEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+    /* WOLFSSL_AFALG requires 12 byte IV */
+#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \
+    !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES)
+    Aes  aes;
+    byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    byte vector[] = { /* Now is the time for all w/o trailing 0 */
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+    const byte a[] = {
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xab, 0xad, 0xda, 0xd2
+    };
+    byte iv[] = "1234567890a";
+    byte longIV[] = "1234567890abcdefghij";
+    byte enc[sizeof(vector)];
+    byte resultT[WC_AES_BLOCK_SIZE];
+    byte dec[sizeof(vector)];
+
+    /* Init stack variables. */
+    XMEMSET(&aes, 0, sizeof(Aes));
+    XMEMSET(enc, 0, sizeof(vector));
+    XMEMSET(dec, 0, sizeof(vector));
+    XMEMSET(resultT, 0, WC_AES_BLOCK_SIZE);
+
+    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
+
+    ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0);
+    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0);
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0);
+    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
+
+    /* Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */
+    ExpectIntEQ(wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) - 5, a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
+        (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \
+        defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
+        /* FIPS does not check the lower bound of ivSz */
+#else
+        ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, 0,
+            resultT, sizeof(resultT), a, sizeof(a)),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    /* This case is now considered good. Long IVs are now allowed.
+     * Except for the original FIPS release, it still has an upper
+     * bound on the IV length. */
+#if (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
+    !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
+    ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
+        sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
+        0);
+#else
+    (void)longIV;
+#endif /* Old FIPS */
+    /* END wc_AesGcmEncrypt */
+
+#ifdef HAVE_AES_DECRYPT
+    ExpectIntEQ(wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), NULL,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    #if (defined(HAVE_FIPS) && FIPS_VERSION_LE(2,0) && defined(WOLFSSL_ARMASM))
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
+        WC_NO_ERR_TRACE(AES_GCM_AUTH_E));
+    #else
+    ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
+        sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    #endif
+    #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
+            (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \
+            !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
+            /* FIPS does not check the lower bound of ivSz */
+    #else
+        ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
+            iv, 0, resultT, sizeof(resultT), a, sizeof(a)),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    #endif
+#endif /* HAVE_AES_DECRYPT */
+
+    wc_AesFree(&aes);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_AesGcmEncryptDecrypt */
+
+/*
+ * test function for mixed (one-shot encryption + stream decryption) AES GCM
+ * using a long IV (older FIPS does NOT support long IVs).  Relates to zd15423
+ */
+int test_wc_AesGcmMixedEncDecLongIV(void)
+{
+    EXPECT_DECLS;
+#if  (!defined(HAVE_FIPS) || \
+      (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
+     !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)
+    const byte key[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+    const byte in[] = {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+    const byte aad[] = {
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xab, 0xad, 0xda, 0xd2
+    };
+    Aes aesEnc;
+    Aes aesDec;
+    byte iv[] = "1234567890abcdefghij";
+    byte out[sizeof(in)];
+    byte plain[sizeof(in)];
+    byte tag[WC_AES_BLOCK_SIZE];
+
+    XMEMSET(&aesEnc, 0, sizeof(Aes));
+    XMEMSET(&aesDec, 0, sizeof(Aes));
+    XMEMSET(out, 0, sizeof(out));
+    XMEMSET(plain, 0, sizeof(plain));
+    XMEMSET(tag, 0, sizeof(tag));
+
+    /* Perform one-shot encryption using long IV */
+    ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmSetKey(&aesEnc, key, sizeof(key)), 0);
+    ExpectIntEQ(wc_AesGcmEncrypt(&aesEnc, out, in, sizeof(in), iv, sizeof(iv),
+        tag, sizeof(tag), aad, sizeof(aad)), 0);
+
+    /* Perform streaming decryption using long IV */
+    ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmInit(&aesDec, key, sizeof(key), iv, sizeof(iv)), 0);
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(&aesDec, plain, out, sizeof(out), aad,
+        sizeof(aad)), 0);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(&aesDec, tag, sizeof(tag)), 0);
+    ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
+
+    /* Free resources */
+    wc_AesFree(&aesEnc);
+    wc_AesFree(&aesDec);
+#endif
+    return EXPECT_RESULT();
+
+} /* END wc_AesGcmMixedEncDecLongIV */
+
+/*
+ * Testing streaming AES-GCM API.
+ */
+int test_wc_AesGcmStream(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \
+    defined(WOLFSSL_AESGCM_STREAM)
+    int i;
+    WC_RNG rng[1];
+    Aes aesEnc[1];
+    Aes aesDec[1];
+    byte tag[WC_AES_BLOCK_SIZE];
+    byte in[WC_AES_BLOCK_SIZE * 3 + 2] = { 0, };
+    byte out[WC_AES_BLOCK_SIZE * 3 + 2];
+    byte plain[WC_AES_BLOCK_SIZE * 3 + 2];
+    byte aad[WC_AES_BLOCK_SIZE * 3 + 2] = { 0, };
+    byte key[AES_128_KEY_SIZE] = { 0, };
+    byte iv[AES_IV_SIZE] = { 1, };
+    byte ivOut[AES_IV_SIZE];
+    static const byte expTagAAD1[WC_AES_BLOCK_SIZE] = {
+        0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f,
+        0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05
+    };
+    static const byte expTagPlain1[WC_AES_BLOCK_SIZE] = {
+        0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78,
+        0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1
+    };
+    static const byte expTag[WC_AES_BLOCK_SIZE] = {
+        0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96,
+        0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d
+    };
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(&aesEnc, 0, sizeof(Aes));
+    XMEMSET(&aesDec, 0, sizeof(Aes));
+
+    /* Create a random for generating IV/nonce. */
+    ExpectIntEQ(wc_InitRng(rng), 0);
+
+    /* Initialize data structures. */
+    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+
+    /* BadParameters to streaming init. */
+    ExpectIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Bad parameters to encrypt update. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Bad parameters to decrypt update. */
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Bad parameters to encrypt final. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE + 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Bad parameters to decrypt final. */
+    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, WC_AES_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE + 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Check calling final before setting key fails. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    /* Check calling update before setting key else fails. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+
+    /* Set key but not IV. */
+    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0);
+    /* Check calling final before setting IV fails. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)),
+        WC_NO_ERR_TRACE(MISSING_IV));
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)),
+        WC_NO_ERR_TRACE(MISSING_IV));
+    /* Check calling update before setting IV else fails. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
+        WC_NO_ERR_TRACE(MISSING_IV));
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
+        WC_NO_ERR_TRACE(MISSING_IV));
+
+    /* Set IV using fixed part IV and external IV APIs. */
+    ExpectIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ,
+        rng), 0);
+    ExpectIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut,
+        GCM_NONCE_MID_SZ), 0);
+    ExpectIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0);
+    /* Encrypt and decrypt data. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0);
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0);
+    ExpectIntEQ(XMEMCMP(plain, in, 1), 0);
+    /* Finalize and check tag matches. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0);
+
+    /* Set key and IV through streaming init API. */
+    wc_AesFree(aesEnc);
+    wc_AesFree(aesDec);
+    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    /* Encrypt/decrypt one block and AAD of one block. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, WC_AES_BLOCK_SIZE, aad,
+        WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, WC_AES_BLOCK_SIZE,
+        aad, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(plain, in, WC_AES_BLOCK_SIZE), 0);
+    /* Finalize and check tag matches. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0);
+
+    /* Set key and IV through streaming init API. */
+    wc_AesFree(aesEnc);
+    wc_AesFree(aesDec);
+    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    /* No data to encrypt/decrypt one byte of AAD. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0);
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0);
+    /* Finalize and check tag matches. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(tag, expTagAAD1, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0);
+
+    /* Set key and IV through streaming init API. */
+    wc_AesFree(aesEnc);
+    wc_AesFree(aesDec);
+    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    /* Encrypt/decrypt one byte and no AAD. */
+    ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0);
+    ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0);
+    ExpectIntEQ(XMEMCMP(plain, in, 1), 0);
+    /* Finalize and check tag matches. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(tag, expTagPlain1, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0);
+
+    /* Set key and IV through streaming init API. */
+    wc_AesFree(aesEnc);
+    wc_AesFree(aesDec);
+    ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    /* Encryption AES is one byte at a time */
+    for (i = 0; i < (int)sizeof(aad); i++) {
+        ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1),
+            0);
+    }
+    for (i = 0; i < (int)sizeof(in); i++) {
+        ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0),
+            0);
+    }
+    /* Decryption AES is two bytes at a time */
+    for (i = 0; i < (int)sizeof(aad); i += 2) {
+        ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2),
+            0);
+    }
+    for (i = 0; i < (int)sizeof(aad); i += 2) {
+        ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL,
+            0), 0);
+    }
+    ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
+    /* Finalize and check tag matches. */
+    ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(tag, expTag, WC_AES_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0);
+
+    /* Check streaming encryption can be decrypted with one shot. */
+    wc_AesFree(aesDec);
+    ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+    ExpectIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0);
+    ExpectIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv,
+        AES_IV_SIZE, tag, WC_AES_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
+
+    wc_AesFree(aesEnc);
+    wc_AesFree(aesDec);
+    wc_FreeRng(rng);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_AesGcmStream */
+
+/*******************************************************************************
+ * GMAC
+ ******************************************************************************/
+
+/*
+ * unit test for wc_GmacSetKey()
+ */
+int test_wc_GmacSetKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_AES) && defined(HAVE_AESGCM)
+    Gmac gmac;
+    byte key16[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+#ifdef WOLFSSL_AES_192
+    byte key24[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
+    };
+#endif
+#ifdef WOLFSSL_AES_256
+    byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+#endif
+    byte badKey16[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66
+    };
+    byte badKey24[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
+    };
+    byte badKey32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+
+    XMEMSET(&gmac, 0, sizeof(Gmac));
+
+    ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
+
+#ifdef WOLFSSL_AES_128
+    ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)), 0);
+#endif
+#ifdef WOLFSSL_AES_192
+    ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0);
+#endif
+#ifdef WOLFSSL_AES_256
+    ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0);
+#endif
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_AesFree(&gmac.aes);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_GmacSetKey */
+
+/*
+ * unit test for wc_GmacUpdate
+ */
+int test_wc_GmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_AES) && defined(HAVE_AESGCM)
+    Gmac gmac;
+#ifdef WOLFSSL_AES_128
+    const byte key16[] = {
+        0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
+        0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
+    };
+#endif
+#ifdef WOLFSSL_AES_192
+    byte key24[] = {
+        0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52,
+        0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a,
+        0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0
+    };
+#endif
+#ifdef WOLFSSL_AES_256
+   byte key32[] = {
+        0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35,
+        0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00,
+        0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4,
+        0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23
+    };
+#endif
+#ifdef WOLFSSL_AES_128
+    const byte authIn[] = {
+        0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
+        0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
+    };
+#endif
+#ifdef WOLFSSL_AES_192
+    const byte authIn2[] = {
+       0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f,
+       0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1
+    };
+#endif
+    const byte authIn3[] = {
+        0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71,
+        0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36
+    };
+#ifdef WOLFSSL_AES_128
+    const byte tag1[] = { /* Known. */
+        0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
+        0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
+    };
+#endif
+#ifdef WOLFSSL_AES_192
+    const byte tag2[] = { /* Known */
+        0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf,
+        0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05
+    };
+#endif
+    const byte tag3[] = { /* Known */
+        0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22,
+        0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76
+    };
+#ifdef WOLFSSL_AES_128
+    const byte iv[] = {
+        0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
+        0xe2, 0x8c, 0x8f, 0x16
+    };
+#endif
+#ifdef WOLFSSL_AES_192
+    const byte iv2[] = {
+        0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66,
+        0x7e, 0x1a, 0x6f, 0xbc
+    };
+#endif
+    const byte iv3[] = {
+        0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93,
+        0xc3, 0xfb, 0x6c, 0x8a
+    };
+    byte tagOut[16];
+    byte tagOut2[24];
+    byte tagOut3[32];
+
+    /* Init stack variables. */
+    XMEMSET(&gmac, 0, sizeof(Gmac));
+    XMEMSET(tagOut, 0, sizeof(tagOut));
+    XMEMSET(tagOut2, 0, sizeof(tagOut2));
+    XMEMSET(tagOut3, 0, sizeof(tagOut3));
+
+#ifdef WOLFSSL_AES_128
+    ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)), 0);
+    ExpectIntEQ(wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn),
+        tagOut, sizeof(tag1)), 0);
+    ExpectIntEQ(XMEMCMP(tag1, tagOut, sizeof(tag1)), 0);
+    wc_AesFree(&gmac.aes);
+#endif
+
+#ifdef WOLFSSL_AES_192
+    ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac)));
+    ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0);
+    ExpectIntEQ(wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, sizeof(authIn2),
+        tagOut2, sizeof(tag2)), 0);
+    ExpectIntEQ(XMEMCMP(tagOut2, tag2, sizeof(tag2)), 0);
+    wc_AesFree(&gmac.aes);
+#endif
+
+#ifdef WOLFSSL_AES_256
+    ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac)));
+    ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0);
+    ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
+        tagOut3, sizeof(tag3)), 0);
+    ExpectIntEQ(XMEMCMP(tag3, tagOut3, sizeof(tag3)), 0);
+    wc_AesFree(&gmac.aes);
+#endif
+
+    /* Pass bad args. */
+    ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
+        tagOut3, sizeof(tag3)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
+        tagOut3, sizeof(tag3) - 5), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
+        tagOut3, sizeof(tag3) + 1),  WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    wc_AesFree(&gmac.aes);
+
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_GmacUpdate */
+
+/*******************************************************************************
+ * AES-CCM
+ ******************************************************************************/
+
+/*
+ * unit test for wc_AesCcmSetKey
+ */
+int test_wc_AesCcmSetKey(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_AESCCM
+    Aes aes;
+    const byte key16[] = {
+        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+        0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
+    };
+    const byte key24[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
+    };
+    const byte key32[] = {
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
+    };
+
+    XMEMSET(&aes, 0, sizeof(Aes));
+
+    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
+
+#ifdef WOLFSSL_AES_128
+    ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0);
+#endif
+#ifdef WOLFSSL_AES_192
+    ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24)), 0);
+#endif
+#ifdef WOLFSSL_AES_256
+    ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32)), 0);
+#endif
+
+    /* Test bad args. */
+   ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+   ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+   ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_AesFree(&aes);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_AesCcmSetKey */
+
+/*
+ * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt
+ */
+int test_wc_AesCcmEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
+    Aes aes;
+    const byte key16[] = {
+        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+        0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
+    };
+    /* plaintext */
+    const byte plainT[] = {
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
+    };
+    /* nonce */
+    const byte iv[] = {
+        0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
+        0xa1, 0xa2, 0xa3, 0xa4, 0xa5
+    };
+    const byte c[] = { /* cipher text. */
+        0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
+        0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
+        0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
+    };
+    const byte t[] = { /* Auth tag */
+        0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
+    };
+    const byte authIn[] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+    };
+    byte cipherOut[sizeof(plainT)];
+    byte authTag[sizeof(t)];
+#ifdef HAVE_AES_DECRYPT
+    byte plainOut[sizeof(cipherOut)];
+#endif
+
+    XMEMSET(&aes, 0, sizeof(Aes));
+
+    ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0);
+
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), 0);
+    ExpectIntEQ(XMEMCMP(cipherOut, c, sizeof(c)), 0);
+    ExpectIntEQ(XMEMCMP(t, authTag, sizeof(t)), 0);
+#ifdef HAVE_AES_DECRYPT
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), 0);
+    ExpectIntEQ(XMEMCMP(plainOut, plainT, sizeof(plainT)), 0);
+#endif
+
+    /* Pass in bad args. Encrypt*/
+    ExpectIntEQ(wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
+        NULL, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
+        iv, sizeof(iv), NULL, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
+        iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
+        iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn , sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#ifdef HAVE_AES_DECRYPT
+    /* Pass in bad args. Decrypt*/
+    ExpectIntEQ(wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut),
+        iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
+        NULL, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
+        iv, sizeof(iv), NULL, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
+        iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
+        iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn, sizeof(authIn)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    #endif
+
+    wc_AesFree(&aes);
+#endif  /* HAVE_AESCCM */
+    return EXPECT_RESULT();
+} /* END test_wc_AesCcmEncryptDecrypt */
+
+#if defined(WOLFSSL_AES_EAX) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+
+/*******************************************************************************
+ * AES-EAX
+ ******************************************************************************/
+
+/*
+ * Testing test_wc_AesEaxVectors()
+ */
+int test_wc_AesEaxVectors(void)
+{
+    EXPECT_DECLS;
+
+    typedef struct {
+        byte key[AES_256_KEY_SIZE];
+        int key_length;
+        byte iv[WC_AES_BLOCK_SIZE];
+        int iv_length;
+        byte aad[WC_AES_BLOCK_SIZE * 2];
+        int aad_length;
+        byte msg[WC_AES_BLOCK_SIZE * 5];
+        int msg_length;
+        byte ct[WC_AES_BLOCK_SIZE * 5];
+        int ct_length;
+        byte tag[WC_AES_BLOCK_SIZE];
+        int tag_length;
+        int valid;
+    } AadVector;
+
+    /*  Test vectors obtained from Google wycheproof project
+     *  https://github.com/google/wycheproof
+     *  from testvectors/aes_eax_test.json
+     */
+    const AadVector vectors[] = {
+        {
+            /* key, key length  */
+            {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
+             0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16,
+            /* iv, iv length  */
+            {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
+             0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16,
+            /* aad, aad length  */
+            {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8,
+            /* msg, msg length  */
+            {0x00}, 0,
+            /* ct, ct length  */
+            {0x00}, 0,
+            /* tag, tag length  */
+            {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b,
+             0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b,
+             0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4}, 16,
+            /* iv, iv length  */
+            {0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84,
+             0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd}, 16,
+            /* aad, aad length  */
+            {0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa}, 8,
+            /* msg, msg length  */
+            {0xf7, 0xfb}, 2,
+            /* ct, ct length  */
+            {0x19, 0xdd}, 2,
+            /* tag, tag length  */
+            {0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda,
+             0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7,
+             0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23}, 16,
+            /* iv, iv length  */
+            {0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84,
+             0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e}, 16,
+            /* aad, aad length  */
+            {0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6}, 8,
+            /* msg, msg length  */
+            {0x1a, 0x47, 0xcb, 0x49, 0x33}, 5,
+            /* ct, ct length  */
+            {0xd8, 0x51, 0xd5, 0xba, 0xe0}, 5,
+            /* tag, tag length  */
+            {0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19,
+             0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0xd0, 0x7c, 0xf6, 0xcb, 0xb7, 0xf3, 0x13, 0xbd,
+             0xde, 0x66, 0xb7, 0x27, 0xaf, 0xd3, 0xc5, 0xe8}, 16,
+            /* iv, iv length  */
+            {0x84, 0x08, 0xdf, 0xff, 0x3c, 0x1a, 0x2b, 0x12,
+             0x92, 0xdc, 0x19, 0x9e, 0x46, 0xb7, 0xd6, 0x17}, 16,
+            /* aad, aad length  */
+            {0x33, 0xcc, 0xe2, 0xea, 0xbf, 0xf5, 0xa7, 0x9d}, 8,
+            /* msg, msg length  */
+            {0x48, 0x1c, 0x9e, 0x39, 0xb1}, 5,
+            /* ct, ct length  */
+            {0x63, 0x2a, 0x9d, 0x13, 0x1a}, 5,
+            /* tag, tag length  */
+            {0xd4, 0xc1, 0x68, 0xa4, 0x22, 0x5d, 0x8e, 0x1f,
+             0xf7, 0x55, 0x93, 0x99, 0x74, 0xa7, 0xbe, 0xde}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x35, 0xb6, 0xd0, 0x58, 0x00, 0x05, 0xbb, 0xc1,
+             0x2b, 0x05, 0x87, 0x12, 0x45, 0x57, 0xd2, 0xc2}, 16,
+            /* iv, iv length  */
+            {0xfd, 0xb6, 0xb0, 0x66, 0x76, 0xee, 0xdc, 0x5c,
+             0x61, 0xd7, 0x42, 0x76, 0xe1, 0xf8, 0xe8, 0x16}, 16,
+            /* aad, aad length  */
+            {0xae, 0xb9, 0x6e, 0xae, 0xbe, 0x29, 0x70, 0xe9}, 8,
+            /* msg, msg length  */
+            {0x40, 0xd0, 0xc0, 0x7d, 0xa5, 0xe4}, 6,
+            /* ct, ct length  */
+            {0x07, 0x1d, 0xfe, 0x16, 0xc6, 0x75}, 6,
+            /* tag, tag length  */
+            {0xcb, 0x06, 0x77, 0xe5, 0x36, 0xf7, 0x3a, 0xfe,
+             0x6a, 0x14, 0xb7, 0x4e, 0xe4, 0x98, 0x44, 0xdd}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0xbd, 0x8e, 0x6e, 0x11, 0x47, 0x5e, 0x60, 0xb2,
+             0x68, 0x78, 0x4c, 0x38, 0xc6, 0x2f, 0xeb, 0x22}, 16,
+            /* iv, iv length  */
+            {0x6e, 0xac, 0x5c, 0x93, 0x07, 0x2d, 0x8e, 0x85,
+             0x13, 0xf7, 0x50, 0x93, 0x5e, 0x46, 0xda, 0x1b}, 16,
+            /* aad, aad length  */
+            {0xd4, 0x48, 0x2d, 0x1c, 0xa7, 0x8d, 0xce, 0x0f}, 8,
+            /* msg, msg length  */
+            {0x4d, 0xe3, 0xb3, 0x5c, 0x3f, 0xc0, 0x39, 0x24,
+             0x5b, 0xd1, 0xfb, 0x7d}, 12,
+            /* ct, ct length  */
+            {0x83, 0x5b, 0xb4, 0xf1, 0x5d, 0x74, 0x3e, 0x35,
+             0x0e, 0x72, 0x84, 0x14}, 12,
+            /* tag, tag length  */
+            {0xab, 0xb8, 0x64, 0x4f, 0xd6, 0xcc, 0xb8, 0x69,
+             0x47, 0xc5, 0xe1, 0x05, 0x90, 0x21, 0x0a, 0x4f}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x7c, 0x77, 0xd6, 0xe8, 0x13, 0xbe, 0xd5, 0xac,
+             0x98, 0xba, 0xa4, 0x17, 0x47, 0x7a, 0x2e, 0x7d}, 16,
+            /* iv, iv length  */
+            {0x1a, 0x8c, 0x98, 0xdc, 0xd7, 0x3d, 0x38, 0x39,
+             0x3b, 0x2b, 0xf1, 0x56, 0x9d, 0xee, 0xfc, 0x19}, 16,
+            /* aad, aad length  */
+            {0x65, 0xd2, 0x01, 0x79, 0x90, 0xd6, 0x25, 0x28}, 8,
+            /* msg, msg length  */
+            {0x8b, 0x0a, 0x79, 0x30, 0x6c, 0x9c, 0xe7, 0xed,
+             0x99, 0xda, 0xe4, 0xf8, 0x7f, 0x8d, 0xd6, 0x16,
+             0x36}, 17,
+            /* ct, ct length  */
+            {0x02, 0x08, 0x3e, 0x39, 0x79, 0xda, 0x01, 0x48,
+             0x12, 0xf5, 0x9f, 0x11, 0xd5, 0x26, 0x30, 0xda,
+             0x30}, 17,
+            /* tag, tag length  */
+            {0x13, 0x73, 0x27, 0xd1, 0x06, 0x49, 0xb0, 0xaa,
+             0x6e, 0x1c, 0x18, 0x1d, 0xb6, 0x17, 0xd7, 0xf2}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x5f, 0xff, 0x20, 0xca, 0xfa, 0xb1, 0x19, 0xca,
+             0x2f, 0xc7, 0x35, 0x49, 0xe2, 0x0f, 0x5b, 0x0d}, 16,
+            /* iv, iv length  */
+            {0xdd, 0xe5, 0x9b, 0x97, 0xd7, 0x22, 0x15, 0x6d,
+             0x4d, 0x9a, 0xff, 0x2b, 0xc7, 0x55, 0x98, 0x26}, 16,
+            /* aad, aad length  */
+            {0x54, 0xb9, 0xf0, 0x4e, 0x6a, 0x09, 0x18, 0x9a}, 8,
+            /* msg, msg length  */
+            {0x1b, 0xda, 0x12, 0x2b, 0xce, 0x8a, 0x8d, 0xba,
+             0xf1, 0x87, 0x7d, 0x96, 0x2b, 0x85, 0x92, 0xdd,
+             0x2d, 0x56}, 18,
+            /* ct, ct length  */
+            {0x2e, 0xc4, 0x7b, 0x2c, 0x49, 0x54, 0xa4, 0x89,
+             0xaf, 0xc7, 0xba, 0x48, 0x97, 0xed, 0xcd, 0xae,
+             0x8c, 0xc3}, 18,
+            /* tag, tag length  */
+            {0x3b, 0x60, 0x45, 0x05, 0x99, 0xbd, 0x02, 0xc9,
+             0x63, 0x82, 0x90, 0x2a, 0xef, 0x7f, 0x83, 0x2a}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0xa4, 0xa4, 0x78, 0x2b, 0xcf, 0xfd, 0x3e, 0xc5,
+             0xe7, 0xef, 0x6d, 0x8c, 0x34, 0xa5, 0x61, 0x23}, 16,
+            /* iv, iv length  */
+            {0xb7, 0x81, 0xfc, 0xf2, 0xf7, 0x5f, 0xa5, 0xa8,
+             0xde, 0x97, 0xa9, 0xca, 0x48, 0xe5, 0x22, 0xec}, 16,
+            /* aad, aad length  */
+            {0x89, 0x9a, 0x17, 0x58, 0x97, 0x56, 0x1d, 0x7e}, 8,
+            /* msg, msg length  */
+            {0x6c, 0xf3, 0x67, 0x20, 0x87, 0x2b, 0x85, 0x13,
+             0xf6, 0xea, 0xb1, 0xa8, 0xa4, 0x44, 0x38, 0xd5,
+             0xef, 0x11}, 18,
+            /* ct, ct length  */
+            {0x0d, 0xe1, 0x8f, 0xd0, 0xfd, 0xd9, 0x1e, 0x7a,
+             0xf1, 0x9f, 0x1d, 0x8e, 0xe8, 0x73, 0x39, 0x38,
+             0xb1, 0xe8}, 18,
+            /* tag, tag length  */
+            {0xe7, 0xf6, 0xd2, 0x23, 0x16, 0x18, 0x10, 0x2f,
+             0xdb, 0x7f, 0xe5, 0x5f, 0xf1, 0x99, 0x17, 0x00}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x83, 0x95, 0xfc, 0xf1, 0xe9, 0x5b, 0xeb, 0xd6,
+             0x97, 0xbd, 0x01, 0x0b, 0xc7, 0x66, 0xaa, 0xc3}, 16,
+            /* iv, iv length  */
+            {0x22, 0xe7, 0xad, 0xd9, 0x3c, 0xfc, 0x63, 0x93,
+             0xc5, 0x7e, 0xc0, 0xb3, 0xc1, 0x7d, 0x6b, 0x44}, 16,
+            /* aad, aad length  */
+            {0x12, 0x67, 0x35, 0xfc, 0xc3, 0x20, 0xd2, 0x5a}, 8,
+            /* msg, msg length  */
+            {0xca, 0x40, 0xd7, 0x44, 0x6e, 0x54, 0x5f, 0xfa,
+             0xed, 0x3b, 0xd1, 0x2a, 0x74, 0x0a, 0x65, 0x9f,
+             0xfb, 0xbb, 0x3c, 0xea, 0xb7}, 21,
+            /* ct, ct length  */
+            {0xcb, 0x89, 0x20, 0xf8, 0x7a, 0x6c, 0x75, 0xcf,
+             0xf3, 0x96, 0x27, 0xb5, 0x6e, 0x3e, 0xd1, 0x97,
+             0xc5, 0x52, 0xd2, 0x95, 0xa7}, 21,
+            /* tag, tag length  */
+            {0xcf, 0xc4, 0x6a, 0xfc, 0x25, 0x3b, 0x46, 0x52,
+             0xb1, 0xaf, 0x37, 0x95, 0xb1, 0x24, 0xab, 0x6e}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
+             0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
+            /* ct, ct length  */
+            {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
+             0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
+             0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
+             0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32,
+            /* tag, tag length  */
+            {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
+             0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0xae, 0xf0, 0x3d, 0x00, 0x59, 0x84, 0x94, 0xe9,
+             0xfb, 0x03, 0xcd, 0x7d, 0x8b, 0x59, 0x08, 0x66}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
+            /* ct, ct length  */
+            {0xd1, 0x9a, 0xc5, 0x98, 0x49, 0x02, 0x6a, 0x91,
+             0xaa, 0x1b, 0x9a, 0xec, 0x29, 0xb1, 0x1a, 0x20,
+             0x2a, 0x4d, 0x73, 0x9f, 0xd8, 0x6c, 0x28, 0xe3,
+             0xae, 0x3d, 0x58, 0x8e, 0xa2, 0x1d, 0x70, 0xc6}, 32,
+            /* tag, tag length  */
+            {0xc3, 0x0f, 0x6c, 0xd9, 0x20, 0x20, 0x74, 0xed,
+             0x6e, 0x2a, 0x2a, 0x36, 0x0e, 0xac, 0x8c, 0x47}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x55, 0xd1, 0x25, 0x11, 0xc6, 0x96, 0xa8, 0x0d,
+             0x05, 0x14, 0xd1, 0xff, 0xba, 0x49, 0xca, 0xda}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
+            /* ct, ct length  */
+            {0x21, 0x08, 0x55, 0x8a, 0xc4, 0xb2, 0xc2, 0xd5,
+             0xcc, 0x66, 0xce, 0xa5, 0x1d, 0x62, 0x10, 0xe0,
+             0x46, 0x17, 0x7a, 0x67, 0x63, 0x1c, 0xd2, 0xdd,
+             0x8f, 0x09, 0x46, 0x97, 0x33, 0xac, 0xb5, 0x17}, 32,
+            /* tag, tag length  */
+            {0xfc, 0x35, 0x5e, 0x87, 0xa2, 0x67, 0xbe, 0x3a,
+             0xe3, 0xe4, 0x4c, 0x0b, 0xf3, 0xf9, 0x9b, 0x2b}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x79, 0x42, 0x2d, 0xdd, 0x91, 0xc4, 0xee, 0xe2,
+             0xde, 0xae, 0xf1, 0xf9, 0x68, 0x30, 0x53, 0x04}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
+            /* ct, ct length  */
+            {0x4d, 0x2c, 0x15, 0x24, 0xca, 0x4b, 0xaa, 0x4e,
+             0xef, 0xcc, 0xe6, 0xb9, 0x1b, 0x22, 0x7e, 0xe8,
+             0x3a, 0xba, 0xff, 0x81, 0x05, 0xdc, 0xaf, 0xa2,
+             0xab, 0x19, 0x1f, 0x5d, 0xf2, 0x57, 0x50, 0x35}, 32,
+            /* tag, tag length  */
+            {0xe2, 0xc8, 0x65, 0xce, 0x2d, 0x7a, 0xbd, 0xac,
+             0x02, 0x4c, 0x6f, 0x99, 0x1a, 0x84, 0x83, 0x90}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x0a, 0xf5, 0xaa, 0x7a, 0x76, 0x76, 0xe2, 0x83,
+             0x06, 0x30, 0x6b, 0xcd, 0x9b, 0xf2, 0x00, 0x3a}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
+            /* ct, ct length  */
+            {0x8e, 0xb0, 0x1e, 0x62, 0x18, 0x5d, 0x78, 0x2e,
+             0xb9, 0x28, 0x7a, 0x34, 0x1a, 0x68, 0x62, 0xac,
+             0x52, 0x57, 0xd6, 0xf9, 0xad, 0xc9, 0x9e, 0xe0,
+             0xa2, 0x4d, 0x9c, 0x22, 0xb3, 0xe9, 0xb3, 0x8a}, 32,
+            /* tag, tag length  */
+            {0x39, 0xc3, 0x39, 0xbc, 0x8a, 0x74, 0xc7, 0x5e,
+             0x2c, 0x65, 0xc6, 0x11, 0x95, 0x44, 0xd6, 0x1e}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0xaf, 0x5a, 0x03, 0xae, 0x7e, 0xdd, 0x73, 0x47,
+             0x1b, 0xdc, 0xdf, 0xac, 0x5e, 0x19, 0x4a, 0x60}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
+            /* ct, ct length  */
+            {0x94, 0xc5, 0xd2, 0xac, 0xa6, 0xdb, 0xbc, 0xe8,
+             0xc2, 0x45, 0x13, 0xa2, 0x5e, 0x09, 0x5c, 0x0e,
+             0x54, 0xa9, 0x42, 0x86, 0x0d, 0x32, 0x7a, 0x22,
+             0x2a, 0x81, 0x5c, 0xc7, 0x13, 0xb1, 0x63, 0xb4}, 32,
+            /* tag, tag length  */
+            {0xf5, 0x0b, 0x30, 0x30, 0x4e, 0x45, 0xc9, 0xd4,
+             0x11, 0xe8, 0xdf, 0x45, 0x08, 0xa9, 0x86, 0x12}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0xb3, 0x70, 0x87, 0x68, 0x0f, 0x0e, 0xdd, 0x5a,
+             0x52, 0x22, 0x8b, 0x8c, 0x7a, 0xae, 0xa6, 0x64}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
+             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33}, 64,
+            /* ct, ct length  */
+            {0x3b, 0xb6, 0x17, 0x3e, 0x37, 0x72, 0xd4, 0xb6,
+             0x2e, 0xef, 0x37, 0xf9, 0xef, 0x07, 0x81, 0xf3,
+             0x60, 0xb6, 0xc7, 0x4b, 0xe3, 0xbf, 0x6b, 0x37,
+             0x10, 0x67, 0xbc, 0x1b, 0x09, 0x0d, 0x9d, 0x66,
+             0x22, 0xa1, 0xfb, 0xec, 0x6a, 0xc4, 0x71, 0xb3,
+             0x34, 0x9c, 0xd4, 0x27, 0x7a, 0x10, 0x1d, 0x40,
+             0x89, 0x0f, 0xbf, 0x27, 0xdf, 0xdc, 0xd0, 0xb4,
+             0xe3, 0x78, 0x1f, 0x98, 0x06, 0xda, 0xab, 0xb6}, 64,
+            /* tag, tag length  */
+            {0xa0, 0x49, 0x87, 0x45, 0xe5, 0x99, 0x99, 0xdd,
+             0xc3, 0x2d, 0x5b, 0x14, 0x02, 0x41, 0x12, 0x4e}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x4f, 0x80, 0x2d, 0xa6, 0x2a, 0x38, 0x45, 0x55,
+             0xa1, 0x9b, 0xc2, 0xb3, 0x82, 0xeb, 0x25, 0xaf}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+             0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
+             0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
+             0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
+             0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44}, 80,
+            /* ct, ct length  */
+            {0xe9, 0xb0, 0xbb, 0x88, 0x57, 0x81, 0x8c, 0xe3,
+             0x20, 0x1c, 0x36, 0x90, 0xd2, 0x1d, 0xaa, 0x7f,
+             0x26, 0x4f, 0xb8, 0xee, 0x93, 0xcc, 0x7a, 0x46,
+             0x74, 0xea, 0x2f, 0xc3, 0x2b, 0xf1, 0x82, 0xfb,
+             0x2a, 0x7e, 0x8a, 0xd5, 0x15, 0x07, 0xad, 0x4f,
+             0x31, 0xce, 0xfc, 0x23, 0x56, 0xfe, 0x79, 0x36,
+             0xa7, 0xf6, 0xe1, 0x9f, 0x95, 0xe8, 0x8f, 0xdb,
+             0xf1, 0x76, 0x20, 0x91, 0x6d, 0x3a, 0x6f, 0x3d,
+             0x01, 0xfc, 0x17, 0xd3, 0x58, 0x67, 0x2f, 0x77,
+             0x7f, 0xd4, 0x09, 0x92, 0x46, 0xe4, 0x36, 0xe1}, 80,
+            /* tag, tag length  */
+            {0x67, 0x91, 0x0b, 0xe7, 0x44, 0xb8, 0x31, 0x5a,
+             0xe0, 0xeb, 0x61, 0x24, 0x59, 0x0c, 0x5d, 0x8b}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0xb6, 0x7b, 0x1a, 0x6e, 0xfd, 0xd4, 0x0d, 0x37,
+             0x08, 0x0f, 0xbe, 0x8f, 0x80, 0x47, 0xae, 0xb9}, 16,
+            /* iv, iv length  */
+            {0xfa, 0x29, 0x4b, 0x12, 0x99, 0x72, 0xf7, 0xfc,
+             0x5b, 0xbd, 0x5b, 0x96, 0xbb, 0xa8, 0x37, 0xc9}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x00}, 0,
+            /* ct, ct length  */
+            {0x00}, 0,
+            /* tag, tag length  */
+            {0xb1, 0x4b, 0x64, 0xfb, 0x58, 0x98, 0x99, 0x69,
+             0x95, 0x70, 0xcc, 0x91, 0x60, 0xe3, 0x98, 0x96}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x20, 0x9e, 0x6d, 0xbf, 0x2a, 0xd2, 0x6a, 0x10,
+             0x54, 0x45, 0xfc, 0x02, 0x07, 0xcd, 0x9e, 0x9a}, 16,
+            /* iv, iv length  */
+            {0x94, 0x77, 0x84, 0x9d, 0x6c, 0xcd, 0xfc, 0xa1,
+             0x12, 0xd9, 0x2e, 0x53, 0xfa, 0xe4, 0xa7, 0xca}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x01}, 1,
+            /* ct, ct length  */
+            {0x1d}, 1,
+            /* tag, tag length  */
+            {0x52, 0xa5, 0xf6, 0x00, 0xfe, 0x53, 0x38, 0x02,
+             0x6a, 0x7c, 0xb0, 0x9c, 0x11, 0x64, 0x00, 0x82}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0xa5, 0x49, 0x44, 0x2e, 0x35, 0x15, 0x40, 0x32,
+             0xd0, 0x7c, 0x86, 0x66, 0x00, 0x6a, 0xa6, 0xa2}, 16,
+            /* iv, iv length  */
+            {0x51, 0x71, 0x52, 0x45, 0x68, 0xe8, 0x1d, 0x97,
+             0xe8, 0xc4, 0xde, 0x4b, 0xa5, 0x6c, 0x10, 0xa0}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x11, 0x82, 0xe9, 0x35, 0x96, 0xca, 0xc5, 0x60,
+             0x89, 0x46, 0x40, 0x0b, 0xc7, 0x3f, 0x3a}, 15,
+            /* ct, ct length  */
+            {0xd7, 0xb8, 0xa6, 0xb4, 0x3d, 0x2e, 0x9f, 0x98,
+             0xc2, 0xb4, 0x4c, 0xe5, 0xe3, 0xcf, 0xdb}, 15,
+            /* tag, tag length  */
+            {0x1b, 0xdd, 0x52, 0xfc, 0x98, 0x7d, 0xaf, 0x0e,
+             0xe1, 0x92, 0x34, 0xc9, 0x05, 0xea, 0x64, 0x5f}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x95, 0x8b, 0xcd, 0xb6, 0x6a, 0x39, 0x52, 0xb5,
+             0x37, 0x01, 0x58, 0x2a, 0x68, 0xa0, 0xe4, 0x74}, 16,
+            /* iv, iv length  */
+            {0x0e, 0x6e, 0xc8, 0x79, 0xb0, 0x2c, 0x6f, 0x51,
+             0x69, 0x76, 0xe3, 0x58, 0x98, 0x42, 0x8d, 0xa7}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x14, 0x04, 0x15, 0x82, 0x3e, 0xcc, 0x89, 0x32,
+             0xa0, 0x58, 0x38, 0x4b, 0x73, 0x8e, 0xa6, 0xea,
+             0x6d, 0x4d, 0xfe, 0x3b, 0xbe, 0xee}, 22,
+            /* ct, ct length  */
+            {0x73, 0xe5, 0xc6, 0xf0, 0xe7, 0x03, 0xa5, 0x2d,
+             0x02, 0xf7, 0xf7, 0xfa, 0xeb, 0x1b, 0x77, 0xfd,
+             0x4f, 0xd0, 0xcb, 0x42, 0x1e, 0xaf}, 22,
+            /* tag, tag length  */
+            {0x6c, 0x15, 0x4a, 0x85, 0x96, 0x8e, 0xdd, 0x74,
+             0x77, 0x65, 0x75, 0xa4, 0x45, 0x0b, 0xd8, 0x97}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x96, 0x5b, 0x75, 0x7b, 0xa5, 0x01, 0x8a, 0x8d,
+             0x66, 0xed, 0xc7, 0x8e, 0x0c, 0xee, 0xe8, 0x6b}, 16,
+            /* iv, iv length  */
+            {0x2e, 0x35, 0x90, 0x1a, 0xe7, 0xd4, 0x91, 0xee,
+             0xcc, 0x88, 0x38, 0xfe, 0xdd, 0x63, 0x14, 0x05}, 16,
+            /* aad, aad length  */
+            {0xdf, 0x10, 0xd0, 0xd2, 0x12, 0x24, 0x24, 0x50}, 8,
+            /* msg, msg length  */
+            {0x36, 0xe5, 0x7a, 0x76, 0x39, 0x58, 0xb0, 0x2c,
+             0xea, 0x9d, 0x6a, 0x67, 0x6e, 0xbc, 0xe8, 0x1f}, 16,
+            /* ct, ct length  */
+            {0x93, 0x6b, 0x69, 0xb6, 0xc9, 0x55, 0xad, 0xfd,
+             0x15, 0x53, 0x9b, 0x9b, 0xe4, 0x98, 0x9c, 0xb6}, 16,
+            /* tag, tag length  */
+            {0xee, 0x15, 0xa1, 0x45, 0x4e, 0x88, 0xfa, 0xad,
+             0x8e, 0x48, 0xa8, 0xdf, 0x29, 0x83, 0xb4, 0x25}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x88, 0xd0, 0x20, 0x33, 0x78, 0x1c, 0x7b, 0x41,
+             0x64, 0x71, 0x1a, 0x05, 0x42, 0x0f, 0x25, 0x6e}, 16,
+            /* iv, iv length  */
+            {0x7f, 0x29, 0x85, 0x29, 0x63, 0x15, 0x50, 0x7a,
+             0xa4, 0xc0, 0xa9, 0x3d, 0x5c, 0x12, 0xbd, 0x77}, 16,
+            /* aad, aad length  */
+            {0x7c, 0x57, 0x1d, 0x2f, 0xbb, 0x5f, 0x62, 0x52,
+             0x3c, 0x0e, 0xb3, 0x38, 0xbe, 0xf9, 0xa9}, 15,
+            /* msg, msg length  */
+            {0xd9, 0x8a, 0xdc, 0x03, 0xd9, 0xd5, 0x82, 0x73,
+             0x2e, 0xb0, 0x7d, 0xf2, 0x3d, 0x7b, 0x9f, 0x74}, 16,
+            /* ct, ct length  */
+            {0x67, 0xca, 0xac, 0x35, 0x44, 0x3a, 0x31, 0x38,
+             0xd2, 0xcb, 0x81, 0x1f, 0x0c, 0xe0, 0x4d, 0xd2}, 16,
+            /* tag, tag length  */
+            {0xb7, 0x96, 0x8e, 0x0b, 0x56, 0x40, 0xe3, 0xb2,
+             0x36, 0x56, 0x96, 0x53, 0x20, 0x8b, 0x9d, 0xeb}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x51, 0x58, 0x40, 0xcf, 0x67, 0xd2, 0xe4, 0x0e,
+             0xb6, 0x5e, 0x54, 0xa2, 0x4c, 0x72, 0xcb, 0xf2}, 16,
+            /* iv, iv length  */
+            {0xbf, 0x47, 0xaf, 0xdf, 0xd4, 0x92, 0x13, 0x7a,
+             0x24, 0x23, 0x6b, 0xc3, 0x67, 0x97, 0xa8, 0x8e}, 16,
+            /* aad, aad length  */
+            {0x16, 0x84, 0x3c, 0x09, 0x1d, 0x43, 0xb0, 0xa1,
+             0x91, 0xd0, 0xc7, 0x3d, 0x15, 0x60, 0x1b, 0xe9}, 16,
+            /* msg, msg length  */
+            {0xc8, 0x34, 0x58, 0x8c, 0xb6, 0xda, 0xf9, 0xf0,
+             0x6d, 0xd2, 0x35, 0x19, 0xf4, 0xbe, 0x9f, 0x56}, 16,
+            /* ct, ct length  */
+            {0x20, 0x0a, 0xc4, 0x51, 0xfb, 0xeb, 0x0f, 0x61,
+             0x51, 0xd6, 0x15, 0x83, 0xa4, 0x3b, 0x73, 0x43}, 16,
+            /* tag, tag length  */
+            {0x2a, 0xd4, 0x3e, 0x4c, 0xaa, 0x51, 0x98, 0x3a,
+             0x9d, 0x4d, 0x24, 0x48, 0x1b, 0xf4, 0xc8, 0x39}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x2e, 0x44, 0x92, 0xd4, 0x44, 0xe5, 0xb6, 0xf4,
+             0xce, 0xc8, 0xc2, 0xd3, 0x61, 0x5a, 0xc8, 0x58}, 16,
+            /* iv, iv length  */
+            {0xd0, 0x2b, 0xf0, 0x76, 0x3a, 0x9f, 0xef, 0xbf,
+             0x70, 0xc3, 0x3a, 0xee, 0x1e, 0x9d, 0xa1, 0xd6}, 16,
+            /* aad, aad length  */
+            {0x90, 0x4d, 0x86, 0xf1, 0x33, 0xce, 0xc1, 0x5a,
+             0x0c, 0x3c, 0xaf, 0x14, 0xd7, 0xe0, 0x29, 0xc8,
+             0x2a, 0x07, 0x70, 0x5a, 0x23, 0xf0, 0xd0, 0x80}, 24,
+            /* msg, msg length  */
+            {0x9e, 0x62, 0xd6, 0x51, 0x1b, 0x0b, 0xda, 0x7d,
+             0xd7, 0x74, 0x0b, 0x61, 0x4d, 0x97, 0xba, 0xe0}, 16,
+            /* ct, ct length  */
+            {0x27, 0xc6, 0xe9, 0xa6, 0x53, 0xc5, 0x25, 0x3c,
+             0xa1, 0xc5, 0x67, 0x3f, 0x97, 0xb9, 0xb3, 0x3e}, 16,
+            /* tag, tag length  */
+            {0x2d, 0x58, 0x12, 0x71, 0xe1, 0xfa, 0x9e, 0x36,
+             0x86, 0x13, 0x6c, 0xaa, 0x8f, 0x4d, 0x6c, 0x8e}, 16,
+            /* valid */
+            1,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe4, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0x66, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0f, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x12, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x11, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0xd2, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0xb8, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb0, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9a, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x99, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x1b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa6}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa5}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xe7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
+             0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0x72,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72,
+             0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0x19, 0xf1, 0x83, 0xaf, 0xec, 0x59, 0x24, 0x0d,
+             0xad, 0x67, 0x4e, 0x6d, 0x64, 0x3c, 0xa9, 0x58}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+             0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0x66, 0x8e, 0xfc, 0xd0, 0x93, 0x26, 0x5b, 0x72,
+             0xd2, 0x18, 0x31, 0x12, 0x1b, 0x43, 0xd6, 0x27}, 16,
+            /* valid */
+            0,
+        },
+        {
+            /* key, key length  */
+            {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
+            /* iv, iv length  */
+            {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
+            /* aad, aad length  */
+            {0x00}, 0,
+            /* msg, msg length  */
+            {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
+            /* ct, ct length  */
+            {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
+             0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
+            /* tag, tag length  */
+            {0xe7, 0x0f, 0x7d, 0x51, 0x12, 0xa7, 0xda, 0xf3,
+             0x53, 0x99, 0xb0, 0x93, 0x9a, 0xc2, 0x57, 0xa6}, 16,
+            /* valid */
+            0,
+        },
+    };
+
+    byte ciphertext[sizeof(vectors[0].ct)];
+    byte authtag[sizeof(vectors[0].tag)];
+    int i;
+    int len;
+    int ret;
+
+
+    for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) {
+
+        XMEMSET(ciphertext, 0, sizeof(ciphertext));
+
+        len = sizeof(authtag);
+        ExpectIntEQ(wc_AesEaxEncryptAuth(vectors[i].key, vectors[i].key_length,
+                                         ciphertext,
+                                         vectors[i].msg, vectors[i].msg_length,
+                                         vectors[i].iv, vectors[i].iv_length,
+                                         authtag, len,
+                                         vectors[i].aad, vectors[i].aad_length),
+                                         0);
+
+        /* check ciphertext matches vector */
+        ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].ct, vectors[i].ct_length),
+                    0);
+
+        /* check that computed tag matches vector only for vectors marked asx
+         * valid */
+        ret = XMEMCMP(authtag, vectors[i].tag, len);
+        if (vectors[i].valid) {
+            ExpectIntEQ(ret, 0);
+        }
+        else {
+            ExpectIntNE(ret, 0);
+        }
+
+        XMEMSET(ciphertext, 0, sizeof(ciphertext));
+
+        /* Decrypt, checking that the computed auth tags match */
+        ExpectIntEQ(wc_AesEaxDecryptAuth(vectors[i].key, vectors[i].key_length,
+                                         ciphertext,
+                                         vectors[i].ct, vectors[i].ct_length,
+                                         vectors[i].iv, vectors[i].iv_length,
+                                         authtag, len,
+                                         vectors[i].aad, vectors[i].aad_length),
+                                         0);
+
+        /* check decrypted ciphertext matches vector plaintext */
+        ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].msg, vectors[i].msg_length),
+                    0);
+    }
+    return EXPECT_RESULT();
+} /* END test_wc_AesEaxVectors */
+
+/*
+ * Testing test_wc_AesEaxEncryptAuth()
+ */
+int test_wc_AesEaxEncryptAuth(void)
+{
+    EXPECT_DECLS;
+
+    const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
+    const byte iv[]  = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
+    const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
+    const byte msg[] = {0x00, 0x01, 0x02, 0x03, 0x04};
+
+    byte ciphertext[sizeof(msg)];
+    byte authtag[WC_AES_BLOCK_SIZE];
+    int i;
+    int len;
+
+    len = sizeof(authtag);
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     ciphertext,
+                                     msg, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     authtag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     0);
+
+    /* Test null checking */
+    ExpectIntEQ(wc_AesEaxEncryptAuth(NULL, sizeof(key),
+                                     ciphertext,
+                                     msg, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     authtag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     NULL,
+                                     msg, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     authtag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     ciphertext,
+                                     NULL, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     authtag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     ciphertext,
+                                     msg, sizeof(msg),
+                                     NULL, sizeof(iv),
+                                     authtag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     ciphertext,
+                                     msg, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     NULL, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     ciphertext,
+                                     msg, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     authtag, (word32)len,
+                                     NULL, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test bad key lengths */
+    for (i = 0; i <= 32; i++) {
+        int exp_ret;
+        if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
+                                  || i == AES_256_KEY_SIZE) {
+            exp_ret = 0;
+        }
+        else {
+            exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+        }
+
+        ExpectIntEQ(wc_AesEaxEncryptAuth(key, (word32)i,
+                                         ciphertext,
+                                         msg, sizeof(msg),
+                                         iv, sizeof(iv),
+                                         authtag, (word32)len,
+                                         aad, sizeof(aad)),
+                                         exp_ret);
+    }
+
+
+    /* Test auth tag size out of range */
+    len = WC_AES_BLOCK_SIZE + 1;
+    ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
+                                     ciphertext,
+                                     msg, sizeof(msg),
+                                     iv, sizeof(iv),
+                                     authtag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    return EXPECT_RESULT();
+} /* END test_wc_AesEaxEncryptAuth() */
+
+/*
+ * Testing test_wc_AesEaxDecryptAuth()
+ */
+int test_wc_AesEaxDecryptAuth(void)
+{
+    EXPECT_DECLS;
+
+    const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
+    const byte iv[]  = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
+    const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
+    const byte ct[] =  {0x00, 0x01, 0x02, 0x03, 0x04};
+    /* Garbage tag that should always fail for above aad */
+    const byte tag[] = {0xFE, 0xED, 0xBE, 0xEF, 0xDE, 0xAD, 0xC0, 0xDE,
+                        0xCA, 0xFE, 0xBE, 0xEF, 0xDE, 0xAF, 0xBE, 0xEF};
+
+    byte plaintext[sizeof(ct)];
+    int i;
+    int len;
+
+    len = sizeof(tag);
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     plaintext,
+                                     ct, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     tag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(AES_EAX_AUTH_E));
+
+    /* Test null checking */
+    ExpectIntEQ(wc_AesEaxDecryptAuth(NULL, sizeof(key),
+                                     plaintext,
+                                     ct, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     tag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     NULL,
+                                     ct, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     tag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     plaintext,
+                                     NULL, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     tag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     plaintext,
+                                     ct, sizeof(ct),
+                                     NULL, sizeof(iv),
+                                     tag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     plaintext,
+                                     ct, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     NULL, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     plaintext,
+                                     ct, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     tag, (word32)len,
+                                     NULL, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test bad key lengths */
+    for (i = 0; i <= 32; i++) {
+        int exp_ret;
+        if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
+                                  || i == AES_256_KEY_SIZE) {
+            exp_ret = WC_NO_ERR_TRACE(AES_EAX_AUTH_E);
+        }
+        else {
+            exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+        }
+
+        ExpectIntEQ(wc_AesEaxDecryptAuth(key, (word32)i,
+                                         plaintext,
+                                         ct, sizeof(ct),
+                                         iv, sizeof(iv),
+                                         tag, (word32)len,
+                                         aad, sizeof(aad)),
+                                         exp_ret);
+    }
+
+
+    /* Test auth tag size out of range */
+    len = WC_AES_BLOCK_SIZE + 1;
+    ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
+                                     plaintext,
+                                     ct, sizeof(ct),
+                                     iv, sizeof(iv),
+                                     tag, (word32)len,
+                                     aad, sizeof(aad)),
+                                     WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    return EXPECT_RESULT();
+} /* END test_wc_AesEaxDecryptAuth() */
+
+#endif /* WOLFSSL_AES_EAX &&
+        * (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST
+        */
+
diff --git a/tests/api/test_aes.h b/tests/api/test_aes.h
new file mode 100644
index 000000000..46d13c541
--- /dev/null
+++ b/tests/api/test_aes.h
@@ -0,0 +1,71 @@
+/* test_aes.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_AES_H
+#define WOLFCRYPT_TEST_AES_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_AesSetKey(void);
+int test_wc_AesSetIV(void);
+int test_wc_AesCbcEncryptDecrypt(void);
+int test_wc_AesCtrEncryptDecrypt(void);
+int test_wc_AesGcmSetKey(void);
+int test_wc_AesGcmEncryptDecrypt(void);
+int test_wc_AesGcmMixedEncDecLongIV(void);
+int test_wc_AesGcmStream(void);
+int test_wc_AesCcmSetKey(void);
+int test_wc_AesCcmEncryptDecrypt(void);
+#if defined(WOLFSSL_AES_EAX) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+int test_wc_AesEaxVectors(void);
+int test_wc_AesEaxEncryptAuth(void);
+int test_wc_AesEaxDecryptAuth(void);
+#endif /* WOLFSSL_AES_EAX */
+
+int test_wc_GmacSetKey(void);
+int test_wc_GmacUpdate(void);
+
+#define TEST_AES_DECLS                                          \
+    TEST_DECL_GROUP("aes", test_wc_AesSetKey),                  \
+    TEST_DECL_GROUP("aes", test_wc_AesSetIV),                   \
+    TEST_DECL_GROUP("aes", test_wc_AesCbcEncryptDecrypt),       \
+    TEST_DECL_GROUP("aes", test_wc_AesCtrEncryptDecrypt),       \
+    TEST_DECL_GROUP("aes", test_wc_AesGcmSetKey),               \
+    TEST_DECL_GROUP("aes", test_wc_AesGcmEncryptDecrypt),       \
+    TEST_DECL_GROUP("aes", test_wc_AesGcmMixedEncDecLongIV),    \
+    TEST_DECL_GROUP("aes", test_wc_AesGcmStream),               \
+    TEST_DECL_GROUP("aes", test_wc_AesCcmSetKey),               \
+    TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt)
+
+#if defined(WOLFSSL_AES_EAX) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+#define TEST_AES_EAX_DECLS                                  \
+    TEST_DECL_GROUP("aes-eax", test_wc_AesEaxVectors),      \
+    TEST_DECL_GROUP("aes-eax", test_wc_AesEaxEncryptAuth),  \
+    TEST_DECL_GROUP("aes-eax", test_wc_AesEaxDecryptAuth)
+#endif /* WOLFSSL_AES_EAX */
+
+#define TEST_GMAC_DECLS                             \
+    TEST_DECL_GROUP("gmac", test_wc_GmacSetKey),    \
+    TEST_DECL_GROUP("gmac", test_wc_GmacUpdate)
+
+#endif /* WOLFCRYPT_TEST_AES_H */
diff --git a/tests/api/test_arc4.c b/tests/api/test_arc4.c
new file mode 100644
index 000000000..d1ecb0cf9
--- /dev/null
+++ b/tests/api/test_arc4.c
@@ -0,0 +1,106 @@
+/* test_arc4.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/arc4.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_arc4.h>
+
+/*
+ * Testing wc_Arc4SetKey()
+ */
+int test_wc_Arc4SetKey(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_RC4
+    Arc4 arc;
+    const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
+    int keyLen = 8;
+
+    ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, (word32)keyLen), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_Arc4SetKey(NULL, (byte*)key, (word32)keyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Arc4SetKey(&arc, NULL      , (word32)keyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, 0     ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_Arc4SetKey */
+
+/*
+ * Testing wc_Arc4Process for ENC/DEC.
+ */
+int test_wc_Arc4Process(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_RC4
+    Arc4 enc;
+    Arc4 dec;
+    const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
+    int keyLen = 8;
+    const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
+    byte cipher[8];
+    byte plain[8];
+
+    /* Init stack variables */
+    XMEMSET(&enc, 0, sizeof(Arc4));
+    XMEMSET(&dec, 0, sizeof(Arc4));
+    XMEMSET(cipher, 0, sizeof(cipher));
+    XMEMSET(plain, 0, sizeof(plain));
+
+    /* Use for async. */
+    ExpectIntEQ(wc_Arc4Init(&enc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Arc4Init(&dec, NULL, INVALID_DEVID), 0);
+
+    ExpectIntEQ(wc_Arc4SetKey(&enc, (byte*)key, (word32)keyLen), 0);
+    ExpectIntEQ(wc_Arc4SetKey(&dec, (byte*)key, (word32)keyLen), 0);
+
+    ExpectIntEQ(wc_Arc4Process(&enc, cipher, (byte*)input, (word32)keyLen), 0);
+    ExpectIntEQ(wc_Arc4Process(&dec, plain, cipher, (word32)keyLen), 0);
+    ExpectIntEQ(XMEMCMP(plain, input, keyLen), 0);
+
+    /* Bad args. */
+    ExpectIntEQ(wc_Arc4Process(NULL, plain, cipher, (word32)keyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Arc4Process(&dec, NULL, cipher, (word32)keyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Arc4Process(&dec, plain, NULL, (word32)keyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_Arc4Free(&enc);
+    wc_Arc4Free(&dec);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_Arc4Process */
+
diff --git a/tests/api/test_arc4.h b/tests/api/test_arc4.h
new file mode 100644
index 000000000..adf1b4180
--- /dev/null
+++ b/tests/api/test_arc4.h
@@ -0,0 +1,34 @@
+/* test_arc4.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_ARC4_H
+#define WOLFCRYPT_TEST_ARC4_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_Arc4SetKey(void);
+int test_wc_Arc4Process(void);
+
+#define TEST_ARC4_DECLS                             \
+    TEST_DECL_GROUP("arc4", test_wc_Arc4SetKey),    \
+    TEST_DECL_GROUP("arc4", test_wc_Arc4Process)
+
+#endif /* WOLFCRYPT_TEST_ARC4_H */
diff --git a/tests/api/test_ascon.c b/tests/api/test_ascon.c
new file mode 100644
index 000000000..354889ec8
--- /dev/null
+++ b/tests/api/test_ascon.c
@@ -0,0 +1,186 @@
+/* test_ascon.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/ascon.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/test_ascon.h>
+
+#ifdef HAVE_ASCON
+#include <tests/api/test_ascon_kats.h>
+#endif
+
+int test_ascon_hash256(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_ASCON
+    byte msg[1024];
+    byte mdOut[ASCON_HASH256_SZ];
+    const size_t test_rounds = sizeof(msg) + 1; /* +1 to test 0-len msg */
+    wc_AsconHash256* asconHash = NULL;
+    word32 i;
+
+    ExpectIntEQ(XELEM_CNT(ascon_hash256_output), test_rounds);
+
+    /* init msg buffer */
+    for (i = 0; i < sizeof(msg); i++)
+        msg[i] = (byte)i;
+
+    ExpectNotNull(asconHash = wc_AsconHash256_New());
+
+    for (i = 0; i < test_rounds && EXPECT_SUCCESS(); i++) {
+        XMEMSET(mdOut, 0, sizeof(mdOut));
+        ExpectIntEQ(wc_AsconHash256_Init(asconHash), 0);
+        ExpectIntEQ(wc_AsconHash256_Update(asconHash, msg, i), 0);
+        ExpectIntEQ(wc_AsconHash256_Final(asconHash, mdOut), 0);
+        ExpectBufEQ(mdOut, ascon_hash256_output[i], ASCON_HASH256_SZ);
+        wc_AsconHash256_Clear(asconHash);
+    }
+
+    /* Test separated update */
+    for (i = 0; i < test_rounds && EXPECT_SUCCESS(); i++) {
+        word32 half_i = i / 2;
+        XMEMSET(mdOut, 0, sizeof(mdOut));
+        ExpectIntEQ(wc_AsconHash256_Init(asconHash), 0);
+        ExpectIntEQ(wc_AsconHash256_Update(asconHash, msg, half_i), 0);
+        ExpectIntEQ(wc_AsconHash256_Update(asconHash, msg + half_i,
+                                           i - half_i), 0);
+        ExpectIntEQ(wc_AsconHash256_Final(asconHash, mdOut), 0);
+        ExpectBufEQ(mdOut, ascon_hash256_output[i], ASCON_HASH256_SZ);
+        wc_AsconHash256_Clear(asconHash);
+    }
+
+    wc_AsconHash256_Free(asconHash);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_ascon_aead128(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_ASCON
+    word32 i;
+    wc_AsconAEAD128* asconAEAD = NULL;
+
+    ExpectNotNull(asconAEAD = wc_AsconAEAD128_New());
+
+    for (i = 0; i < XELEM_CNT(ascon_aead128_kat); i++) {
+        byte key[ASCON_AEAD128_KEY_SZ];
+        byte nonce[ASCON_AEAD128_NONCE_SZ];
+        byte pt[32]; /* longest plaintext we test is 32 bytes */
+        word32 ptSz;
+        byte ad[32]; /* longest AD we test is 32 bytes */
+        word32 adSz;
+        byte ct[48]; /* longest ciphertext we test is 32 bytes + 16 bytes tag */
+        word32 ctSz;
+        word32 j;
+        byte tag[ASCON_AEAD128_TAG_SZ];
+        byte buf[32]; /* longest buffer we test is 32 bytes */
+
+        XMEMSET(key, 0, sizeof(key));
+        XMEMSET(nonce, 0, sizeof(nonce));
+        XMEMSET(pt, 0, sizeof(pt));
+        XMEMSET(ad, 0, sizeof(ad));
+        XMEMSET(ct, 0, sizeof(ct));
+        XMEMSET(tag, 0, sizeof(tag));
+
+        /* Convert HEX strings to byte stream */
+        for (j = 0; ascon_aead128_kat[i][0][j] != '\0'; j += 2) {
+            key[j/2] = HexCharToByte(ascon_aead128_kat[i][0][j]) << 4 |
+                       HexCharToByte(ascon_aead128_kat[i][0][j+1]);
+        }
+        for (j = 0; ascon_aead128_kat[i][1][j] != '\0'; j += 2) {
+            nonce[j/2] = HexCharToByte(ascon_aead128_kat[i][1][j]) << 4 |
+                         HexCharToByte(ascon_aead128_kat[i][1][j+1]);
+        }
+        for (j = 0; ascon_aead128_kat[i][2][j] != '\0'; j += 2) {
+            pt[j/2] = HexCharToByte(ascon_aead128_kat[i][2][j]) << 4 |
+                      HexCharToByte(ascon_aead128_kat[i][2][j+1]);
+        }
+        ptSz = j/2;
+        for (j = 0; ascon_aead128_kat[i][3][j] != '\0'; j += 2) {
+            ad[j/2] = HexCharToByte(ascon_aead128_kat[i][3][j]) << 4 |
+                      HexCharToByte(ascon_aead128_kat[i][3][j+1]);
+        }
+        adSz = j/2;
+        for (j = 0; ascon_aead128_kat[i][4][j] != '\0'; j += 2) {
+            ct[j/2] = HexCharToByte(ascon_aead128_kat[i][4][j]) << 4 |
+                      HexCharToByte(ascon_aead128_kat[i][4][j+1]);
+        }
+        ctSz = j/2 - ASCON_AEAD128_TAG_SZ;
+
+        for (j = 0; j < 4; j++) {
+            ExpectIntEQ(wc_AsconAEAD128_Init(asconAEAD), 0);
+            ExpectIntEQ(wc_AsconAEAD128_SetKey(asconAEAD, key), 0);
+            ExpectIntEQ(wc_AsconAEAD128_SetNonce(asconAEAD, nonce), 0);
+            ExpectIntEQ(wc_AsconAEAD128_SetAD(asconAEAD, ad, adSz), 0);
+            if (j == 0) {
+                /* Encryption test */
+                ExpectIntEQ(wc_AsconAEAD128_EncryptUpdate(asconAEAD, buf, pt,
+                            ptSz), 0);
+                ExpectBufEQ(buf, ct, ptSz);
+                ExpectIntEQ(wc_AsconAEAD128_EncryptFinal(asconAEAD, tag), 0);
+                ExpectBufEQ(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ);
+            }
+            else if (j == 1) {
+                /* Decryption test */
+                ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, buf, ct,
+                            ctSz), 0);
+                ExpectBufEQ(buf, pt, ctSz);
+                ExpectIntEQ(wc_AsconAEAD128_DecryptFinal(asconAEAD, ct + ctSz),
+                            0);
+            }
+            else if (j == 2) {
+                /* Split encryption test */
+                ExpectIntEQ(wc_AsconAEAD128_EncryptUpdate(asconAEAD, buf, pt,
+                        ptSz / 2), 0);
+                ExpectIntEQ(wc_AsconAEAD128_EncryptUpdate(asconAEAD,
+                        buf + (ptSz/2), pt + (ptSz/2), ptSz - (ptSz/2)), 0);
+                ExpectBufEQ(buf, ct, ptSz);
+                ExpectIntEQ(wc_AsconAEAD128_EncryptFinal(asconAEAD, tag), 0);
+                ExpectBufEQ(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ);
+            }
+            else if (j == 3) {
+                /* Split decryption test */
+                ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, buf, ct,
+                        ctSz / 2), 0);
+                ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD,
+                        buf + (ctSz/2), ct + (ctSz/2), ctSz - (ctSz/2)), 0);
+                ExpectBufEQ(buf, pt, ctSz);
+                ExpectIntEQ(wc_AsconAEAD128_DecryptFinal(asconAEAD, ct + ctSz),
+                        0);
+            }
+            wc_AsconAEAD128_Clear(asconAEAD);
+        }
+    }
+
+    wc_AsconAEAD128_Free(asconAEAD);
+#endif
+    return EXPECT_RESULT();
+}
diff --git a/tests/api/test_ascon.h b/tests/api/test_ascon.h
new file mode 100644
index 000000000..f6b36a88b
--- /dev/null
+++ b/tests/api/test_ascon.h
@@ -0,0 +1,34 @@
+/* test_ascon.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef TESTS_API_TEST_ASCON_H
+#define TESTS_API_TEST_ASCON_H
+
+#include <tests/api/api_decl.h>
+
+int test_ascon_hash256(void);
+int test_ascon_aead128(void);
+
+#define TEST_ASCON_DECLS                            \
+    TEST_DECL_GROUP("ascon", test_ascon_hash256),   \
+    TEST_DECL_GROUP("ascon", test_ascon_aead128)
+
+#endif /* TESTS_API_TEST_ASCON_H */
diff --git a/tests/api/test_ascon_kats.h b/tests/api/test_ascon_kats.h
new file mode 100644
index 000000000..0aad58dae
--- /dev/null
+++ b/tests/api/test_ascon_kats.h
@@ -0,0 +1,6517 @@
+/* test_ascon_kats.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef TESTS_API_TEST_ASCON_KATS_H
+#define TESTS_API_TEST_ASCON_KATS_H
+
+/* KATs taken from https://github.com/ascon/ascon-c */
+
+/* crypto_hash/asconhash256/LWC_HASH_KAT_256.txt
+ * The message is just the byte stream 00 01 02 03 ... */
+static const byte ascon_hash256_output[][32] = {
+    { 0x0B, 0x3B, 0xE5, 0x85, 0x0F, 0x2F, 0x6B, 0x98, 0xCA, 0xF2, 0x9F, 0x8F, 0xDE, 0xA8, 0x9B, 0x64, 0xA1, 0xFA, 0x70, 0xAA, 0x24, 0x9B, 0x8F, 0x83, 0x9B, 0xD5, 0x3B, 0xAA, 0x30, 0x4D, 0x92, 0xB2 },
+    { 0x07, 0x28, 0x62, 0x10, 0x35, 0xAF, 0x3E, 0xD2, 0xBC, 0xA0, 0x3B, 0xF6, 0xFD, 0xE9, 0x00, 0xF9, 0x45, 0x6F, 0x53, 0x30, 0xE4, 0xB5, 0xEE, 0x23, 0xE7, 0xF6, 0xA1, 0xE7, 0x02, 0x91, 0xBC, 0x80 },
+    { 0x61, 0x15, 0xE7, 0xC9, 0xC4, 0x08, 0x1C, 0x27, 0x97, 0xFC, 0x8F, 0xE1, 0xBC, 0x57, 0xA8, 0x36, 0xAF, 0xA1, 0xC5, 0x38, 0x1E, 0x55, 0x6D, 0xD5, 0x83, 0x86, 0x0C, 0xA2, 0xDF, 0xB4, 0x8D, 0xD2 },
+    { 0x26, 0x5A, 0xB8, 0x9A, 0x60, 0x9F, 0x5A, 0x05, 0xDC, 0xA5, 0x7E, 0x83, 0xFB, 0xBA, 0x70, 0x0F, 0x9A, 0x2D, 0x2C, 0x42, 0x11, 0xBA, 0x4C, 0xC9, 0xF0, 0xA1, 0xA3, 0x69, 0xE1, 0x7B, 0x91, 0x5C },
+    { 0xD7, 0xE4, 0xC7, 0xED, 0x9B, 0x8A, 0x32, 0x5C, 0xD0, 0x8B, 0x9E, 0xF2, 0x59, 0xF8, 0x87, 0x70, 0x54, 0xEC, 0xD8, 0x30, 0x4F, 0xE1, 0xB2, 0xD7, 0xFD, 0x84, 0x71, 0x37, 0xDF, 0x67, 0x27, 0xEE },
+    { 0xC7, 0xB2, 0x89, 0x62, 0xD4, 0xF5, 0xC2, 0x21, 0x1F, 0x46, 0x6F, 0x83, 0xD3, 0xC5, 0x7A, 0xE1, 0x50, 0x43, 0x87, 0xE2, 0xA3, 0x26, 0x94, 0x97, 0x47, 0xA8, 0x37, 0x64, 0x47, 0xA6, 0xBB, 0x51 },
+    { 0xDC, 0x0C, 0x67, 0x48, 0xAF, 0x8F, 0xFE, 0x63, 0xE1, 0x08, 0x4A, 0xA3, 0xE5, 0x78, 0x6A, 0x19, 0x46, 0x85, 0xC8, 0x8C, 0x21, 0x34, 0x8B, 0x29, 0xE1, 0x84, 0xFB, 0x50, 0x40, 0x97, 0x03, 0xBC },
+    { 0x3E, 0x4D, 0x27, 0x3B, 0xA6, 0x9B, 0x3B, 0x9C, 0x53, 0x21, 0x61, 0x07, 0xE8, 0x8B, 0x75, 0xCD, 0xBE, 0xED, 0xBC, 0xBF, 0x8F, 0xAF, 0x02, 0x19, 0xC3, 0x92, 0x8A, 0xB6, 0x2B, 0x11, 0x65, 0x77 },
+    { 0xB8, 0x8E, 0x49, 0x7A, 0xE8, 0xE6, 0xFB, 0x64, 0x1B, 0x87, 0xEF, 0x62, 0x2E, 0xB8, 0xF2, 0xFC, 0xA0, 0xED, 0x95, 0x38, 0x3F, 0x7F, 0xFE, 0xBE, 0x16, 0x7A, 0xCF, 0x10, 0x99, 0xBA, 0x76, 0x4F },
+    { 0x94, 0x26, 0x9C, 0x30, 0xE0, 0x29, 0x6E, 0x1E, 0xC8, 0x66, 0x55, 0x04, 0x18, 0x41, 0x82, 0x3E, 0xFA, 0x19, 0x27, 0xF5, 0x20, 0xFD, 0x58, 0xC8, 0xE9, 0xBC, 0xE6, 0x19, 0x78, 0x78, 0xC1, 0xA6 },
+    { 0x89, 0x4F, 0x5C, 0x5B, 0xC7, 0x8A, 0x0A, 0x97, 0xAB, 0xC0, 0xD6, 0x31, 0x23, 0xD0, 0x9A, 0x33, 0x5F, 0xB0, 0xD9, 0x24, 0x30, 0xAD, 0xF9, 0xD1, 0x1F, 0xD2, 0x64, 0x38, 0x54, 0x17, 0x99, 0x68 },
+    { 0x68, 0x84, 0x66, 0xB9, 0xEC, 0x50, 0x70, 0x47, 0x6C, 0xEB, 0x93, 0x9F, 0xE3, 0x68, 0xC2, 0xA3, 0x2C, 0x0F, 0x1A, 0x79, 0x5A, 0xF7, 0x61, 0x94, 0x2D, 0x55, 0x18, 0x90, 0x9A, 0x10, 0x81, 0xDA },
+    { 0x8C, 0xAF, 0xA6, 0x56, 0x80, 0x7F, 0xAF, 0xA3, 0xDE, 0x9F, 0xEB, 0x2F, 0xB5, 0x66, 0xD6, 0x23, 0x9B, 0xEB, 0xA7, 0x4A, 0xE4, 0x8C, 0x4E, 0x9A, 0x4C, 0xED, 0x5B, 0xF1, 0xB1, 0x3A, 0x75, 0xC9 },
+    { 0x94, 0x88, 0x3D, 0x2A, 0x44, 0xE8, 0xF1, 0x39, 0x64, 0xF9, 0x26, 0xDE, 0x55, 0x35, 0x83, 0xDB, 0x7B, 0x1A, 0x82, 0xB0, 0xAA, 0xCC, 0x58, 0xEF, 0x2D, 0x48, 0x46, 0xA5, 0xD6, 0xE8, 0xB4, 0xAC },
+    { 0xBE, 0xB6, 0x35, 0x3F, 0x24, 0xE8, 0xDE, 0xE9, 0xF2, 0xB9, 0x92, 0x79, 0xF2, 0x9F, 0x42, 0x5F, 0x7C, 0xCE, 0x30, 0x98, 0xA3, 0x66, 0x5B, 0x7A, 0xF3, 0xAF, 0x86, 0xF7, 0x59, 0xCC, 0x98, 0x5D },
+    { 0x64, 0x21, 0x33, 0x0D, 0xF9, 0x9C, 0x05, 0xEB, 0x71, 0x54, 0x15, 0xEE, 0x17, 0xB4, 0x55, 0xF2, 0x67, 0x4F, 0x86, 0x2A, 0xE3, 0xCC, 0x5B, 0xAD, 0xFF, 0xE4, 0x3A, 0x4A, 0x3E, 0xD2, 0x73, 0xE1 },
+    { 0x31, 0x58, 0xC1, 0x94, 0x0A, 0x2F, 0xBA, 0xDB, 0xD6, 0x8A, 0xB6, 0x61, 0x77, 0x78, 0x59, 0xB9, 0x4A, 0x68, 0x9E, 0x4E, 0xFC, 0x37, 0x59, 0x11, 0x46, 0x7A, 0xDD, 0xD6, 0x41, 0x83, 0x5C, 0x38 },
+    { 0xF1, 0x49, 0xE9, 0x9D, 0xD0, 0xF4, 0x29, 0x59, 0x9B, 0xB8, 0x9B, 0x80, 0x79, 0xBF, 0x3F, 0x4D, 0xCA, 0x3F, 0x29, 0x8E, 0xFE, 0xFC, 0xF9, 0xB1, 0xEA, 0x16, 0xFE, 0x84, 0xF9, 0xB8, 0xB6, 0xE2 },
+    { 0xD0, 0x70, 0xF7, 0xBA, 0x0E, 0x9B, 0xCD, 0xB6, 0xB3, 0x4E, 0x83, 0x57, 0x34, 0x3E, 0x90, 0x41, 0x94, 0x31, 0x46, 0xF3, 0x34, 0xFD, 0xAF, 0x6E, 0x20, 0x09, 0x27, 0x5F, 0x6F, 0x25, 0xCB, 0xED },
+    { 0x75, 0x94, 0x01, 0xBA, 0x2D, 0x33, 0x73, 0xEB, 0x5A, 0x01, 0x52, 0xBD, 0xE6, 0xFC, 0xC7, 0x26, 0xEC, 0x65, 0xDE, 0xE7, 0x95, 0xA5, 0x74, 0xF1, 0xD7, 0x15, 0xF3, 0xCA, 0xC2, 0x1F, 0x03, 0x81 },
+    { 0x98, 0x94, 0x1E, 0x48, 0x4F, 0xBA, 0xE8, 0x74, 0x52, 0xDD, 0xAF, 0x60, 0x30, 0x08, 0x8B, 0x79, 0x8A, 0x56, 0xC3, 0x6E, 0xB6, 0xD4, 0xD3, 0xE9, 0x4B, 0x5C, 0xFF, 0x78, 0xB2, 0x0E, 0x04, 0x81 },
+    { 0x41, 0xC8, 0xF7, 0x33, 0xB9, 0xD8, 0x23, 0xBE, 0x30, 0xB6, 0x4E, 0xE7, 0x17, 0xC3, 0x22, 0xC5, 0x76, 0xD3, 0x67, 0x81, 0xFF, 0xC5, 0xF7, 0xD6, 0xC7, 0x30, 0xEC, 0xA5, 0x49, 0x78, 0x97, 0x25 },
+    { 0x04, 0x18, 0x3F, 0x60, 0x3C, 0xF5, 0x6E, 0xA2, 0x5E, 0x5C, 0x29, 0x9D, 0x3F, 0xBD, 0xB1, 0x72, 0x28, 0xD6, 0x41, 0x1F, 0x15, 0xE9, 0xF7, 0x7C, 0x77, 0x89, 0xCE, 0x89, 0xEC, 0x9B, 0x8B, 0x0E },
+    { 0xB4, 0xF8, 0x8D, 0x12, 0x1E, 0xDD, 0xF6, 0xD1, 0xFE, 0xA9, 0xAE, 0xF1, 0x5F, 0x68, 0xA0, 0xF3, 0xA1, 0x6D, 0x3D, 0x2C, 0xDD, 0x98, 0x17, 0x22, 0x58, 0x09, 0xC2, 0x04, 0x52, 0xB0, 0x4C, 0x61 },
+    { 0x7E, 0x6A, 0x31, 0xFA, 0x65, 0x59, 0x53, 0x6A, 0x7A, 0xD6, 0x16, 0x22, 0xF6, 0x15, 0x0F, 0xA3, 0xB2, 0xA2, 0x9E, 0xBB, 0xF3, 0x9A, 0xD8, 0x01, 0x1B, 0x79, 0x02, 0xCC, 0x61, 0x25, 0x71, 0xE6 },
+    { 0xAC, 0xF3, 0x9F, 0xB4, 0x9C, 0xBA, 0xA0, 0xB4, 0xBC, 0x04, 0xC5, 0x48, 0x22, 0x45, 0x43, 0xB7, 0x50, 0x19, 0xBA, 0x63, 0x9C, 0xE4, 0xD0, 0xA5, 0x8C, 0xAE, 0xDA, 0xF1, 0x7E, 0x0F, 0x8D, 0x9F },
+    { 0xB1, 0xBB, 0x94, 0x8E, 0xDA, 0x56, 0x00, 0x9F, 0x5D, 0x66, 0xED, 0x7B, 0xDC, 0x58, 0x94, 0xE5, 0xE7, 0x72, 0xD4, 0x34, 0x1B, 0xB7, 0x04, 0x05, 0xC3, 0x65, 0x51, 0x89, 0x76, 0xEB, 0x95, 0x73 },
+    { 0xB1, 0x6E, 0xE2, 0x00, 0xDD, 0x3E, 0x0C, 0x85, 0xCC, 0xCD, 0x7F, 0xFC, 0x3D, 0x6B, 0xD7, 0x1E, 0xBC, 0xB7, 0x6B, 0x2F, 0x4C, 0x03, 0x3A, 0xB0, 0x60, 0x2F, 0x68, 0x6F, 0xCA, 0xDF, 0xC3, 0xFA },
+    { 0x09, 0x86, 0xEC, 0xA8, 0xE6, 0x31, 0xD1, 0x84, 0xCF, 0x4A, 0x15, 0xF4, 0xA5, 0x8D, 0x4A, 0x17, 0x62, 0x5E, 0x66, 0xFF, 0x0E, 0xDE, 0x48, 0x6B, 0xA1, 0x19, 0xE5, 0xD4, 0x15, 0x5A, 0x15, 0x45 },
+    { 0x41, 0xDF, 0x85, 0xF3, 0x64, 0x72, 0x36, 0x93, 0x9A, 0xDB, 0xB8, 0x8A, 0xBD, 0x30, 0xA5, 0xE0, 0x52, 0x72, 0x3E, 0x25, 0xDB, 0x09, 0xAB, 0x23, 0xF2, 0x8B, 0xBA, 0x55, 0x40, 0x56, 0xF5, 0xEB },
+    { 0x84, 0xB6, 0x8F, 0xDE, 0xB9, 0xF5, 0xDF, 0xBA, 0x8F, 0xBE, 0x03, 0x14, 0xC4, 0xC7, 0x9A, 0x1E, 0x3E, 0xAE, 0x97, 0xC9, 0xB0, 0x18, 0xFC, 0xAC, 0x88, 0xFD, 0x9B, 0xD4, 0x07, 0x08, 0x6E, 0x70 },
+    { 0xB9, 0x00, 0xCD, 0x3F, 0x06, 0xF1, 0x61, 0x8B, 0x68, 0xC1, 0x66, 0x65, 0x80, 0x72, 0x06, 0xDB, 0xE2, 0x73, 0xDF, 0x40, 0x13, 0x53, 0x61, 0xF4, 0x49, 0x84, 0x7D, 0x57, 0x39, 0x03, 0xFA, 0xBD },
+    { 0xBD, 0x9D, 0x3D, 0x60, 0xA6, 0x6B, 0x53, 0x86, 0x8E, 0xAB, 0x2A, 0x5C, 0x74, 0x53, 0x9A, 0x51, 0x8A, 0x1F, 0x60, 0xF0, 0x1E, 0xB1, 0x76, 0xC6, 0x0E, 0x43, 0xDE, 0xE8, 0x16, 0x80, 0xB3, 0x3E },
+    { 0xA5, 0x86, 0x65, 0xA2, 0xCB, 0x95, 0x30, 0xC5, 0x02, 0x09, 0x6A, 0x79, 0x57, 0xA7, 0x6E, 0x42, 0x8A, 0xF4, 0xAD, 0x04, 0x4B, 0x4D, 0xA5, 0xC4, 0x71, 0xF9, 0xDA, 0x6F, 0x7B, 0x3E, 0x58, 0x68 },
+    { 0x23, 0x3B, 0x38, 0xDC, 0x79, 0x2B, 0x0B, 0xF3, 0xB4, 0x34, 0x5A, 0x4C, 0x12, 0xAE, 0x6E, 0xF2, 0x58, 0x90, 0x7F, 0x9F, 0x23, 0xBB, 0x8A, 0x48, 0xFB, 0x3D, 0x2C, 0x53, 0xC1, 0x71, 0xC4, 0x76 },
+    { 0xD1, 0x0C, 0x48, 0xFE, 0x22, 0xF4, 0x1C, 0xEF, 0x30, 0x0A, 0x09, 0x5C, 0xAE, 0x25, 0xC3, 0x56, 0x8F, 0xA2, 0xE4, 0x8F, 0xF6, 0xA0, 0xAF, 0xF0, 0xE6, 0x45, 0x7C, 0x7A, 0x40, 0x01, 0x35, 0x88 },
+    { 0x6C, 0x73, 0x55, 0x83, 0xF6, 0x0D, 0x13, 0x57, 0x4D, 0xA7, 0x9B, 0x62, 0xBA, 0x7D, 0x3E, 0x87, 0xF5, 0xFD, 0x09, 0x35, 0xD2, 0x26, 0x97, 0xEC, 0xAF, 0xC1, 0x7F, 0x39, 0x58, 0x25, 0xAE, 0x78 },
+    { 0xF2, 0x49, 0x19, 0xE8, 0xFE, 0xA2, 0x71, 0x8C, 0xBF, 0x9A, 0x8B, 0xF0, 0x98, 0x38, 0x1E, 0x0B, 0xE6, 0x6D, 0x1B, 0x96, 0x54, 0xAE, 0xC0, 0x4B, 0xEF, 0x00, 0x12, 0xAD, 0x9D, 0x0B, 0x38, 0x2D },
+    { 0xD9, 0x2A, 0x87, 0x30, 0x36, 0xD0, 0x32, 0x8E, 0xB8, 0x35, 0x76, 0x66, 0x97, 0x72, 0x6C, 0xC8, 0x1A, 0x6A, 0xA2, 0x2A, 0xDA, 0x1A, 0x52, 0x24, 0x8B, 0xE8, 0x04, 0x4C, 0x65, 0xC3, 0xEB, 0xBF },
+    { 0xBA, 0x2A, 0xAD, 0x77, 0x83, 0x0B, 0x4F, 0x5C, 0xFF, 0xDA, 0x77, 0x1F, 0xEF, 0xEF, 0x9E, 0x8C, 0x1E, 0x94, 0x7C, 0x97, 0xA1, 0x07, 0x72, 0x5F, 0x0D, 0x37, 0xE6, 0x9A, 0xF5, 0xB2, 0xFD, 0xC1 },
+    { 0x30, 0xB7, 0x80, 0xA6, 0x2A, 0xF5, 0x95, 0xCA, 0x6D, 0x21, 0xA6, 0x7B, 0xCF, 0x88, 0xAE, 0x12, 0xDA, 0xA3, 0xE3, 0x36, 0xDB, 0xBA, 0x52, 0xF4, 0x11, 0x2D, 0x37, 0x16, 0xBC, 0x0E, 0x63, 0x3C },
+    { 0xD3, 0xC0, 0x61, 0x33, 0x3D, 0x56, 0x3A, 0xFE, 0xDA, 0xE0, 0x90, 0x7A, 0xED, 0x1B, 0x39, 0x8A, 0x0D, 0x9B, 0xBA, 0x6A, 0x7B, 0xF3, 0x81, 0x11, 0xC1, 0x98, 0xD3, 0x73, 0x49, 0x85, 0xAA, 0x30 },
+    { 0x0D, 0x1A, 0x50, 0x49, 0x17, 0x18, 0xB3, 0x00, 0x24, 0x65, 0x2B, 0x02, 0xF6, 0xBB, 0xC8, 0xFD, 0x64, 0x89, 0x96, 0x28, 0x9B, 0x80, 0xBC, 0x68, 0x9B, 0x88, 0x63, 0xF9, 0x2A, 0xF3, 0xF0, 0x2A },
+    { 0xB4, 0xCB, 0x36, 0x55, 0xCF, 0xD0, 0xFF, 0x0C, 0xD9, 0x59, 0x0F, 0x6F, 0x24, 0xC5, 0xF3, 0x4C, 0xF9, 0xB2, 0xC6, 0xFA, 0xC8, 0x77, 0xCD, 0x3E, 0x03, 0x94, 0x25, 0x4D, 0x61, 0xAC, 0xA9, 0x2C },
+    { 0xCC, 0x14, 0x0B, 0xC4, 0x6B, 0x2F, 0x71, 0xE2, 0x2B, 0xDC, 0x55, 0x3F, 0x79, 0x39, 0xEA, 0x69, 0xEB, 0x69, 0x41, 0xDA, 0xCE, 0xCB, 0x1D, 0xD7, 0xE3, 0x64, 0x16, 0xC6, 0x3C, 0x8E, 0xCD, 0x1F },
+    { 0xE0, 0xB6, 0x8F, 0x41, 0x5B, 0x40, 0x82, 0x60, 0xD1, 0x8E, 0x70, 0xCF, 0x9C, 0x9D, 0x0C, 0x0E, 0x73, 0xA8, 0x73, 0x44, 0x81, 0x4F, 0x6D, 0xE5, 0xB4, 0x76, 0x9B, 0x0A, 0xC3, 0x88, 0xBD, 0xDF },
+    { 0x09, 0xA3, 0x7F, 0x0B, 0x5D, 0x1C, 0x58, 0x2A, 0x39, 0xB0, 0x76, 0xA4, 0x29, 0x08, 0x5D, 0xB4, 0x8F, 0xED, 0x6D, 0xD4, 0xA1, 0x96, 0x19, 0xCA, 0x66, 0xCF, 0x29, 0x39, 0x6B, 0x34, 0x91, 0x1D },
+    { 0xEF, 0x8D, 0x86, 0x52, 0xAB, 0xD1, 0xF6, 0xC1, 0xAD, 0x29, 0x8F, 0x37, 0x50, 0xD4, 0xD4, 0x59, 0xF1, 0xE0, 0xA8, 0x23, 0xD8, 0x41, 0x5C, 0x22, 0x4C, 0xB5, 0x0E, 0xDC, 0xF3, 0x47, 0x51, 0x99 },
+    { 0xB1, 0xF1, 0x67, 0x20, 0x71, 0xC9, 0xF7, 0x5A, 0x5F, 0xB2, 0x2B, 0xAF, 0xC9, 0x67, 0x22, 0xCD, 0x97, 0x05, 0xDB, 0x76, 0xD3, 0x4D, 0x00, 0x17, 0x0E, 0x07, 0xD0, 0x77, 0xB2, 0x22, 0x48, 0x63 },
+    { 0xC1, 0x54, 0x8D, 0xC2, 0x08, 0x9F, 0x06, 0x74, 0x07, 0xD0, 0xEE, 0x60, 0x2A, 0xC1, 0x4F, 0x2B, 0x3C, 0x51, 0xD9, 0x59, 0xBB, 0x88, 0x0B, 0x7F, 0xAF, 0x61, 0xAC, 0x11, 0xD7, 0x40, 0xA6, 0xFD },
+    { 0x56, 0xC4, 0xDF, 0x3D, 0x75, 0x03, 0x9D, 0xB9, 0x6B, 0x97, 0x51, 0x29, 0x08, 0xBA, 0xA1, 0xC7, 0x63, 0x21, 0xF2, 0x04, 0x80, 0xB8, 0xEA, 0xE5, 0x5B, 0xD9, 0x7F, 0x48, 0xB3, 0xB4, 0xCB, 0xFB },
+    { 0xA1, 0x8B, 0x3B, 0x8A, 0x87, 0xB0, 0xA3, 0xBA, 0x20, 0x66, 0x73, 0x4E, 0x20, 0xD1, 0xF2, 0x64, 0x65, 0x52, 0xAE, 0x11, 0x6A, 0x35, 0x31, 0xAC, 0x0C, 0x48, 0x39, 0x87, 0xC3, 0xFE, 0x54, 0x26 },
+    { 0xA0, 0x9D, 0x34, 0x48, 0x15, 0x8D, 0x82, 0x46, 0x57, 0xE2, 0x49, 0x63, 0xB0, 0xDD, 0x71, 0x81, 0xBD, 0x11, 0xEE, 0xC4, 0xAD, 0x18, 0x15, 0xA0, 0xCB, 0x7C, 0x0A, 0x45, 0xAF, 0x4F, 0x1E, 0x0A },
+    { 0xD2, 0xD1, 0x0D, 0xC1, 0xB3, 0x2B, 0x54, 0xA6, 0xED, 0x86, 0x6E, 0x9A, 0xE5, 0xEB, 0xD0, 0xD3, 0x0E, 0x17, 0x5D, 0xC0, 0x21, 0x1B, 0x94, 0x5F, 0x0B, 0x1D, 0x97, 0xA4, 0x2F, 0x65, 0x86, 0x0E },
+    { 0xEC, 0x5B, 0x70, 0xB8, 0xB9, 0xCB, 0x77, 0x03, 0x73, 0x49, 0x15, 0xE4, 0xA7, 0x3D, 0xD2, 0x26, 0x84, 0xCC, 0x79, 0x67, 0x81, 0xC8, 0xAF, 0x29, 0x8B, 0x76, 0xC9, 0xC2, 0x20, 0xFC, 0x2C, 0xCD },
+    { 0x7E, 0x1A, 0xC0, 0x99, 0x00, 0x3D, 0x8D, 0xBB, 0x94, 0xB6, 0x17, 0x4E, 0x1D, 0x9A, 0xC9, 0x48, 0x06, 0xFE, 0xA0, 0x50, 0x5D, 0xEC, 0xBB, 0x2F, 0x44, 0xED, 0xF7, 0xA7, 0xF4, 0xC5, 0x5D, 0x9F },
+    { 0xF5, 0xD3, 0x13, 0x4B, 0x3C, 0x08, 0x94, 0x73, 0x80, 0x24, 0xA9, 0x6C, 0xBB, 0x56, 0xFC, 0x2C, 0xDA, 0xB7, 0x2D, 0x99, 0xFD, 0x9E, 0x97, 0x96, 0x5A, 0xDC, 0xB6, 0xB8, 0xA2, 0x43, 0xDE, 0x09 },
+    { 0x7A, 0x73, 0x6E, 0x2E, 0x8E, 0xD2, 0xCF, 0xFF, 0xC3, 0xAC, 0x4B, 0xE0, 0x18, 0x4D, 0x7F, 0xBF, 0xE4, 0x65, 0x34, 0x3A, 0x2F, 0x86, 0x7A, 0x83, 0x50, 0xBE, 0x8E, 0x3D, 0x08, 0x21, 0xEA, 0x76 },
+    { 0x36, 0xBB, 0x5C, 0xCA, 0xFD, 0xBD, 0xEA, 0xD8, 0x49, 0x33, 0xCD, 0xF8, 0x4A, 0xE5, 0x15, 0x23, 0x28, 0x9B, 0xA2, 0xBF, 0x5D, 0x66, 0x2F, 0xDA, 0xE6, 0x73, 0x53, 0xE5, 0xC3, 0x1B, 0xE8, 0x1F },
+    { 0x09, 0xCC, 0x7B, 0xCC, 0xBF, 0x90, 0x8D, 0x95, 0x1F, 0xB0, 0xD9, 0x26, 0x29, 0x8E, 0x0F, 0x54, 0x6B, 0xD6, 0xA7, 0xA9, 0x77, 0x24, 0xAE, 0xFD, 0x26, 0xD6, 0xF7, 0xE5, 0x9D, 0x20, 0x8B, 0x46 },
+    { 0x4A, 0x99, 0xFA, 0x51, 0x04, 0xDC, 0xF3, 0xB3, 0xDB, 0x1A, 0xBF, 0x99, 0x89, 0xF6, 0x05, 0xDB, 0x41, 0xF4, 0x7E, 0x99, 0x64, 0x98, 0xE8, 0x95, 0x08, 0x39, 0x3B, 0xD4, 0x98, 0x01, 0x0D, 0x14 },
+    { 0x55, 0x60, 0x63, 0x49, 0xF7, 0x39, 0x94, 0x3D, 0x50, 0x58, 0x60, 0x7C, 0xEA, 0xC1, 0x96, 0x9F, 0x85, 0x5D, 0x28, 0xB9, 0xA1, 0xA9, 0xB3, 0xAC, 0xD6, 0xFE, 0xDD, 0x4B, 0x39, 0x6A, 0xC5, 0x0F },
+    { 0x10, 0x33, 0x93, 0x4C, 0xD0, 0xB8, 0x8F, 0xF3, 0x75, 0x3D, 0x64, 0xCE, 0x19, 0x44, 0x72, 0xC4, 0x0B, 0xAF, 0x64, 0x4C, 0xD8, 0xB0, 0xFE, 0x6A, 0xE8, 0xE5, 0xD1, 0x27, 0x0A, 0xED, 0x48, 0x28 },
+    { 0x50, 0x72, 0x89, 0x68, 0x62, 0xF6, 0xB9, 0xCF, 0xE8, 0xEF, 0x76, 0xD8, 0x05, 0x59, 0xE1, 0x56, 0x25, 0x47, 0x82, 0xA4, 0x0A, 0xC5, 0xF6, 0x4C, 0xBF, 0x79, 0x34, 0xAD, 0x1F, 0x62, 0x4B, 0x30 },
+    { 0xA6, 0xF2, 0x41, 0xBE, 0xA5, 0xD1, 0x64, 0x05, 0x81, 0x2C, 0x06, 0x01, 0x9D, 0x9F, 0x72, 0xD6, 0x01, 0x32, 0xBD, 0x7C, 0x08, 0x9C, 0x60, 0x54, 0x9B, 0x2E, 0x56, 0xBB, 0x01, 0xC6, 0x4F, 0x48 },
+    { 0xBF, 0xF4, 0xFA, 0x00, 0x6F, 0xE6, 0xFE, 0xAB, 0xB5, 0xCE, 0x9B, 0x21, 0x94, 0x92, 0xD0, 0xD2, 0x30, 0xF4, 0xD0, 0x5F, 0x2B, 0xAC, 0x42, 0xDB, 0x71, 0x89, 0xF4, 0x41, 0xB1, 0xE8, 0x3B, 0x53 },
+    { 0x75, 0x99, 0x0E, 0x96, 0x27, 0xBB, 0xB8, 0xC3, 0xF7, 0xC9, 0xE1, 0xF3, 0x8C, 0xB4, 0x1B, 0x51, 0xE5, 0x11, 0x05, 0x8E, 0x61, 0x90, 0x11, 0xF0, 0xD5, 0x67, 0xE1, 0xC0, 0x31, 0x60, 0x15, 0x1F },
+    { 0xF1, 0xFE, 0x88, 0xE3, 0xEA, 0x13, 0xAE, 0x2F, 0xBA, 0x90, 0x42, 0x7D, 0x2F, 0x2D, 0xDD, 0x29, 0x00, 0x2A, 0x34, 0xFF, 0x19, 0x89, 0x1A, 0x2E, 0xA5, 0x97, 0x5E, 0x16, 0x79, 0xBE, 0x51, 0xD0 },
+    { 0xD2, 0xFF, 0x3D, 0x2E, 0x18, 0x0C, 0x7B, 0x44, 0x01, 0x85, 0x03, 0x6C, 0xBF, 0xAD, 0xEF, 0x95, 0xA7, 0xDE, 0x89, 0x7E, 0xB1, 0xED, 0xD5, 0x65, 0xCB, 0x11, 0x28, 0x45, 0xAD, 0x63, 0x2F, 0xB2 },
+    { 0x9C, 0x6B, 0x59, 0x6A, 0x7B, 0x55, 0xE0, 0x6A, 0x85, 0x76, 0x65, 0xC0, 0x15, 0x36, 0xEB, 0x98, 0x62, 0x1D, 0x5E, 0xFA, 0xA1, 0x86, 0x92, 0x6B, 0xAC, 0x4C, 0x4B, 0xC7, 0x26, 0x80, 0xF5, 0xA5 },
+    { 0x4A, 0xE5, 0x7C, 0xDD, 0xE7, 0x06, 0x24, 0x7B, 0x6A, 0x0F, 0x3F, 0xEB, 0x5E, 0x2E, 0x96, 0x91, 0x35, 0x8A, 0x34, 0xBC, 0x12, 0x7F, 0xE6, 0x29, 0xE5, 0xF0, 0x88, 0x5E, 0x75, 0x1C, 0x68, 0x47 },
+    { 0xF4, 0xD2, 0x5E, 0x0C, 0xED, 0x01, 0x59, 0x65, 0xCA, 0x64, 0xF0, 0xFA, 0x2A, 0x02, 0x43, 0xEA, 0x4B, 0x6A, 0x2A, 0x28, 0x86, 0x91, 0xD3, 0x31, 0x92, 0x3F, 0x89, 0x15, 0xB1, 0x57, 0xC8, 0xE5 },
+    { 0xDC, 0xB2, 0x1F, 0x48, 0x33, 0xA5, 0x06, 0x06, 0x16, 0xE1, 0xE6, 0xF0, 0xAB, 0x19, 0x08, 0x33, 0xCC, 0xF6, 0x5C, 0xE6, 0xA9, 0x6E, 0x93, 0x33, 0x65, 0x82, 0xAE, 0x73, 0x2E, 0xDB, 0x55, 0xCA },
+    { 0x92, 0x10, 0x19, 0xC1, 0x9A, 0x28, 0x7F, 0x9A, 0x26, 0x99, 0x86, 0xEA, 0xE4, 0xF1, 0xC2, 0x7A, 0xF9, 0xAC, 0x6D, 0xA2, 0x84, 0x87, 0xEC, 0xF9, 0xAE, 0x70, 0x57, 0xEA, 0xBC, 0x6E, 0x15, 0x6E },
+    { 0x62, 0x21, 0xD9, 0xD6, 0xAD, 0x78, 0x39, 0x12, 0x7F, 0x69, 0x60, 0x1B, 0x1D, 0xAF, 0xBD, 0x5C, 0x2D, 0xEA, 0xA7, 0xD7, 0xF6, 0x5B, 0xE0, 0xF1, 0x0D, 0x1C, 0x76, 0x6F, 0x18, 0x7D, 0xB3, 0xA1 },
+    { 0x18, 0x89, 0x1B, 0x92, 0x4C, 0x37, 0x86, 0x46, 0x6E, 0x29, 0x48, 0xA1, 0x64, 0xDF, 0xFD, 0xFC, 0xCC, 0x39, 0xD9, 0x0E, 0x02, 0xFE, 0xB2, 0x23, 0xEE, 0x59, 0xC6, 0x84, 0x60, 0x33, 0x30, 0xEE },
+    { 0xF0, 0xF6, 0xD1, 0x14, 0xD5, 0xA9, 0xD7, 0x25, 0x89, 0x31, 0xB0, 0xC2, 0x30, 0xCA, 0xB4, 0x2D, 0x5F, 0xDD, 0x88, 0x5E, 0x10, 0x40, 0xB1, 0x64, 0xD6, 0x7C, 0x5E, 0x0D, 0x81, 0x9D, 0xF0, 0xF5 },
+    { 0xB8, 0xFB, 0x1C, 0x67, 0x45, 0x7E, 0xDA, 0x64, 0x35, 0xFC, 0x12, 0xD6, 0x6A, 0x1D, 0x9C, 0x8F, 0xCB, 0x84, 0xAF, 0x39, 0xE3, 0x66, 0xE1, 0x2D, 0x91, 0x9C, 0x4A, 0xCE, 0xAB, 0xC8, 0x9A, 0x5F },
+    { 0x09, 0xE5, 0x2E, 0x20, 0xE9, 0x27, 0x6C, 0xD9, 0x3D, 0xE5, 0x80, 0xCD, 0x62, 0x24, 0x7C, 0x29, 0x06, 0x67, 0x86, 0x9B, 0x8D, 0xD0, 0x59, 0x4E, 0xE2, 0x06, 0xFA, 0x6C, 0x80, 0x3E, 0x66, 0xB3 },
+    { 0xF6, 0x70, 0xCE, 0x04, 0x25, 0x42, 0xF0, 0x94, 0x17, 0x0A, 0xAE, 0x96, 0x52, 0x9D, 0x9A, 0x66, 0x8D, 0xE5, 0x00, 0x7C, 0xED, 0x22, 0x6D, 0x0C, 0xC3, 0x3D, 0x89, 0x35, 0xC5, 0x89, 0xEC, 0xFE },
+    { 0x12, 0x56, 0xEA, 0xF4, 0x2D, 0xA2, 0x69, 0xCD, 0xF7, 0xB4, 0x06, 0x0F, 0xBF, 0xAC, 0x5C, 0x0C, 0x9E, 0x4F, 0x15, 0x7D, 0x75, 0xA4, 0x28, 0x0D, 0x5A, 0xE3, 0x92, 0xB4, 0x7E, 0xA7, 0x3A, 0x8D },
+    { 0x7E, 0xCC, 0x08, 0xFC, 0x32, 0xC0, 0xD0, 0x8D, 0xCB, 0xB1, 0xA7, 0xD9, 0xD6, 0x59, 0x3D, 0x61, 0x32, 0x55, 0xCA, 0xE7, 0xA0, 0x66, 0x0D, 0x84, 0x58, 0xC8, 0x9B, 0xD1, 0x5F, 0x14, 0x61, 0x32 },
+    { 0x63, 0xE6, 0x9C, 0xB1, 0xED, 0x97, 0x2E, 0xBD, 0xEF, 0xB6, 0x1D, 0xFA, 0x17, 0x2D, 0x4E, 0x7D, 0x26, 0xBE, 0x9A, 0x96, 0x94, 0x07, 0x18, 0xB3, 0xE3, 0xEA, 0x6E, 0x24, 0x5C, 0x34, 0xD2, 0x3D },
+    { 0xC4, 0xE8, 0x6E, 0xCB, 0x29, 0xD9, 0xA5, 0xBC, 0x01, 0x63, 0x7D, 0x11, 0x62, 0x83, 0xDF, 0x12, 0xC3, 0x64, 0xA6, 0xE4, 0x7D, 0x6E, 0x5A, 0x17, 0x5E, 0xBA, 0x86, 0x6E, 0xD8, 0x87, 0x5A, 0x4E },
+    { 0x62, 0x6F, 0x79, 0x54, 0x41, 0x9A, 0x36, 0x21, 0xA5, 0x1A, 0x4E, 0x5B, 0x8E, 0x51, 0x22, 0xFC, 0xA4, 0x64, 0x2C, 0xF4, 0x78, 0x6A, 0x78, 0x05, 0x92, 0x7E, 0x40, 0xC3, 0x77, 0x23, 0xC0, 0x07 },
+    { 0x07, 0xD1, 0x4C, 0xB0, 0x76, 0x8F, 0xB8, 0xB6, 0x62, 0xC9, 0x61, 0x5A, 0x55, 0xF3, 0x6C, 0x6F, 0xE5, 0xB0, 0x4C, 0x10, 0x9A, 0x28, 0xA6, 0x2B, 0xF6, 0xA3, 0x82, 0x21, 0xB7, 0xB3, 0x3C, 0x29 },
+    { 0x56, 0x29, 0xF6, 0x3E, 0x46, 0xBE, 0x54, 0x70, 0xDD, 0x66, 0x82, 0xEA, 0x8E, 0x0A, 0x3D, 0x94, 0x2D, 0xE2, 0x73, 0xBC, 0xAE, 0xDD, 0x80, 0x84, 0xF2, 0xEE, 0x92, 0x12, 0xB2, 0x90, 0x53, 0xE2 },
+    { 0x41, 0x46, 0x44, 0x5D, 0xDC, 0xD6, 0x93, 0x05, 0x7D, 0xEC, 0x80, 0x45, 0x7B, 0xC4, 0x6F, 0xD6, 0xBB, 0x65, 0xC2, 0x6E, 0xDF, 0xB7, 0x8D, 0x42, 0x56, 0x8B, 0xEC, 0x94, 0xD9, 0x9E, 0x1D, 0xF8 },
+    { 0xC0, 0xF2, 0x62, 0xA5, 0x8F, 0x3E, 0x66, 0x49, 0x64, 0x37, 0x5E, 0xDC, 0x29, 0x75, 0xFC, 0xCE, 0x1F, 0x4E, 0xCA, 0xF1, 0x8C, 0x02, 0x58, 0xE7, 0x2D, 0xB4, 0xD2, 0x5C, 0x9E, 0x08, 0xCC, 0x69 },
+    { 0x08, 0xFE, 0x27, 0xA3, 0xF8, 0x20, 0xD8, 0xC5, 0x2D, 0x62, 0x4D, 0xD9, 0x38, 0xAE, 0xD1, 0x61, 0x53, 0x6E, 0x1A, 0x33, 0xE5, 0xCE, 0x4C, 0xC6, 0x23, 0x9D, 0xF0, 0x5F, 0x0A, 0x59, 0xA7, 0x51 },
+    { 0x9C, 0x13, 0xF4, 0xCE, 0x1E, 0x97, 0x5A, 0x80, 0x1F, 0x37, 0x4F, 0x2F, 0x64, 0x70, 0xF1, 0x8F, 0xDE, 0x9F, 0x0D, 0xE8, 0xA8, 0xDF, 0x6B, 0x4E, 0x36, 0x75, 0x8B, 0xB0, 0x26, 0x76, 0x45, 0x42 },
+    { 0xB5, 0xE0, 0x05, 0x74, 0xC2, 0xBA, 0x7A, 0x65, 0xEA, 0x9D, 0xF2, 0xFC, 0x0F, 0x70, 0x67, 0x82, 0xC7, 0xBD, 0xA2, 0x7E, 0xBF, 0x5B, 0x24, 0xE1, 0x9A, 0x20, 0xAB, 0xB8, 0x6E, 0x3B, 0x6F, 0x04 },
+    { 0xD7, 0xCE, 0x45, 0x59, 0xE0, 0xA4, 0x5E, 0x4B, 0x0B, 0xE3, 0x12, 0x70, 0x44, 0x9F, 0xB1, 0xD4, 0x7C, 0x57, 0xE1, 0x79, 0xE3, 0xA4, 0x43, 0x1A, 0xA4, 0x72, 0x3F, 0x32, 0x0A, 0xF9, 0x2A, 0x7D },
+    { 0x00, 0xFF, 0x7C, 0x40, 0xF1, 0xDE, 0xC0, 0x62, 0xD9, 0x21, 0xC2, 0x41, 0xA6, 0xD5, 0xFD, 0x20, 0xAB, 0x48, 0x01, 0xEB, 0x8D, 0xC9, 0x8E, 0xF2, 0x0A, 0xA0, 0xA4, 0xE9, 0x73, 0x16, 0x9F, 0x23 },
+    { 0x1D, 0xBD, 0x86, 0x7B, 0x3D, 0x40, 0x71, 0xCD, 0xED, 0xEF, 0xCE, 0x29, 0x79, 0x07, 0x9A, 0x0D, 0x14, 0x8F, 0xFF, 0xB9, 0x01, 0x89, 0xE2, 0x4F, 0x3E, 0x49, 0x43, 0x52, 0xD5, 0x5B, 0x32, 0xB8 },
+    { 0x58, 0xDB, 0xF7, 0x08, 0x68, 0x7D, 0xF3, 0x97, 0x48, 0x3F, 0xA2, 0xBE, 0x31, 0x06, 0x47, 0xFC, 0x11, 0xF2, 0x4D, 0xB0, 0xCC, 0x07, 0x23, 0xC1, 0xB0, 0x79, 0xEC, 0x2D, 0xD4, 0x33, 0xFA, 0x26 },
+    { 0xEF, 0xA6, 0xAF, 0x2D, 0x55, 0xDA, 0xDD, 0xD7, 0xC4, 0x79, 0x60, 0x67, 0x1F, 0x45, 0x22, 0xF3, 0x46, 0xDB, 0x32, 0xF5, 0x09, 0xF1, 0x39, 0x0B, 0x91, 0x49, 0xFD, 0xA5, 0x5E, 0x88, 0xB7, 0x05 },
+    { 0xE0, 0x05, 0xA4, 0x12, 0x9C, 0xA6, 0xC4, 0x41, 0xD9, 0x2C, 0x59, 0x2F, 0x42, 0x2C, 0x7C, 0x80, 0x93, 0x6E, 0x78, 0xF6, 0xA6, 0x27, 0xC3, 0xCB, 0x17, 0x32, 0x7F, 0xAF, 0x0E, 0x5F, 0x76, 0x04 },
+    { 0x86, 0xCE, 0x35, 0x14, 0x6F, 0x77, 0x12, 0x9E, 0xA1, 0xA2, 0xD3, 0xA2, 0x42, 0xEA, 0x6B, 0xA6, 0x38, 0xC2, 0x69, 0x94, 0xEF, 0x78, 0x70, 0x74, 0x7D, 0x2C, 0xA7, 0xC5, 0x91, 0xF6, 0xFF, 0xE5 },
+    { 0x31, 0xB3, 0xC6, 0xBB, 0x3E, 0xF3, 0xFE, 0xE1, 0xC8, 0x20, 0xF2, 0xBD, 0xA3, 0x1A, 0x52, 0x38, 0x7A, 0xAA, 0xE8, 0x16, 0x00, 0x3D, 0xDB, 0x99, 0x2A, 0xC0, 0x3D, 0x2D, 0xD9, 0xC6, 0xE0, 0x05 },
+    { 0xA4, 0xBC, 0x45, 0x3C, 0x84, 0xF8, 0x24, 0xF1, 0x00, 0x92, 0xE8, 0xE9, 0x03, 0x17, 0x99, 0x95, 0x7E, 0x98, 0x4A, 0x29, 0xBB, 0xAE, 0x5E, 0x84, 0x34, 0x5E, 0x82, 0xF4, 0x8D, 0xD7, 0x11, 0x92 },
+    { 0x53, 0xE2, 0xB4, 0x37, 0x6B, 0xA5, 0xD9, 0xED, 0xB8, 0x32, 0x22, 0xEA, 0x38, 0x48, 0x8F, 0x86, 0x20, 0x76, 0x04, 0x66, 0xFA, 0xFE, 0x2A, 0x13, 0x9A, 0x0A, 0x0E, 0xFB, 0x5A, 0x13, 0xBB, 0xDF },
+    { 0x1F, 0x15, 0x99, 0xE7, 0x8E, 0x22, 0x78, 0xDD, 0xEA, 0x1F, 0x73, 0x08, 0x74, 0xF3, 0x50, 0x43, 0xDF, 0x8D, 0xA1, 0xB3, 0x6A, 0x4C, 0xEC, 0x02, 0x97, 0x36, 0xEB, 0x83, 0x22, 0x55, 0x0E, 0x7C },
+    { 0x69, 0x6A, 0x1A, 0x34, 0x34, 0x07, 0xB0, 0x6B, 0x9A, 0xE6, 0x09, 0x6C, 0x40, 0x7D, 0x09, 0x98, 0xA4, 0xB6, 0x5F, 0xCF, 0xD6, 0xE3, 0xB7, 0xB1, 0xAD, 0xC7, 0xE8, 0xF5, 0x8F, 0x53, 0x6C, 0xF3 },
+    { 0x21, 0x9F, 0x6B, 0xC8, 0x7C, 0x08, 0xBB, 0xAD, 0xF0, 0x3F, 0xA9, 0xC8, 0x9B, 0x7C, 0x21, 0xAE, 0x79, 0x43, 0x7F, 0x6A, 0x28, 0xB3, 0xE6, 0x75, 0x52, 0xB5, 0x19, 0xAB, 0x3D, 0x23, 0xD4, 0x90 },
+    { 0x61, 0x53, 0x0E, 0xC0, 0x48, 0x1A, 0x7F, 0x69, 0x78, 0xF9, 0x44, 0x58, 0xFF, 0x1C, 0x4A, 0x8C, 0x70, 0x96, 0x8E, 0x60, 0x42, 0xAF, 0x77, 0xF6, 0x55, 0x6B, 0x9E, 0xF5, 0x47, 0x50, 0xCC, 0x58 },
+    { 0xD7, 0x87, 0x5C, 0x3A, 0xB1, 0x81, 0x16, 0xFE, 0xD8, 0x66, 0xA0, 0xD7, 0xBB, 0x41, 0x3A, 0x17, 0xDE, 0xA3, 0x00, 0x3C, 0x7F, 0xE3, 0xAB, 0x1C, 0xAF, 0x06, 0xE6, 0x89, 0x46, 0x14, 0x67, 0xF0 },
+    { 0x93, 0x4F, 0xDD, 0xDE, 0xBD, 0x08, 0xE4, 0x38, 0xE8, 0xEB, 0x84, 0x0F, 0x91, 0x01, 0x67, 0x69, 0xE8, 0x5B, 0xD2, 0xB2, 0x39, 0x81, 0xA5, 0xCF, 0x48, 0x71, 0xA6, 0x14, 0xC8, 0xF8, 0x55, 0x47 },
+    { 0xED, 0xD0, 0x1D, 0x5B, 0xCF, 0x39, 0xCD, 0xE3, 0x81, 0x3A, 0xE1, 0x26, 0x17, 0x33, 0x26, 0xE8, 0x9C, 0xCC, 0xE6, 0xAD, 0x45, 0xE5, 0x04, 0x17, 0x6E, 0x81, 0xBF, 0x5A, 0xE8, 0x21, 0x79, 0xF8 },
+    { 0x6D, 0xBD, 0xC2, 0x68, 0x40, 0x26, 0xF5, 0xD8, 0xF4, 0xB0, 0x37, 0x12, 0x89, 0x3B, 0xA2, 0x09, 0xCB, 0xC1, 0x8C, 0x6E, 0xFD, 0xD9, 0x71, 0x47, 0xA8, 0xCD, 0xF0, 0x3A, 0x4C, 0xB0, 0x2B, 0x1D },
+    { 0xBC, 0x3B, 0x15, 0x3E, 0xFA, 0x5E, 0x77, 0x92, 0xE9, 0xD5, 0x02, 0x63, 0xE8, 0xBC, 0x7D, 0x8E, 0x62, 0x29, 0x37, 0x88, 0x7D, 0x22, 0x64, 0x87, 0x65, 0x44, 0xA1, 0xEF, 0xF6, 0xA7, 0x72, 0x05 },
+    { 0x61, 0x57, 0x1D, 0x0E, 0x74, 0x67, 0x3F, 0x6F, 0x4D, 0x69, 0x88, 0xF5, 0xCE, 0x71, 0xC4, 0xD3, 0x56, 0xFE, 0xE4, 0x40, 0xCC, 0xFF, 0x5B, 0x49, 0xF1, 0x60, 0x6C, 0xF6, 0xBC, 0x5B, 0x01, 0xBB },
+    { 0xC3, 0x26, 0x98, 0x8B, 0x13, 0x01, 0x65, 0x60, 0xAD, 0xE4, 0x86, 0xF1, 0x34, 0xCE, 0x76, 0xD8, 0xAB, 0xCE, 0x06, 0x07, 0x2C, 0xCC, 0x1D, 0xFA, 0x22, 0x11, 0x03, 0x00, 0x84, 0x03, 0x00, 0x62 },
+    { 0x16, 0x29, 0xDD, 0xB6, 0x54, 0x2F, 0x0E, 0x98, 0x20, 0x74, 0x31, 0x60, 0x9F, 0xBF, 0xDC, 0x7D, 0xCF, 0x8D, 0x03, 0xFA, 0x44, 0x91, 0xE6, 0x1E, 0x09, 0xC6, 0xFE, 0x4E, 0x41, 0x2C, 0x45, 0xCE },
+    { 0x66, 0x9F, 0x94, 0x36, 0xEF, 0x5C, 0x22, 0xBD, 0x5E, 0xE7, 0xF1, 0xE1, 0xE9, 0xE7, 0xFF, 0x71, 0x71, 0xBC, 0x09, 0xD0, 0x64, 0x11, 0xCD, 0x6F, 0xB5, 0xEE, 0x9D, 0xC0, 0xE1, 0x96, 0x57, 0x3E },
+    { 0x7D, 0x93, 0x48, 0x63, 0xAA, 0xFB, 0xAB, 0xDA, 0x69, 0xD2, 0xD4, 0x26, 0xA1, 0xBF, 0xA4, 0x91, 0x92, 0xC8, 0x49, 0x80, 0x60, 0xD1, 0xD5, 0xCC, 0xE9, 0x34, 0x19, 0xCA, 0xE0, 0x62, 0xE0, 0x09 },
+    { 0xAD, 0xE7, 0xC8, 0xF2, 0xEC, 0xD6, 0xA0, 0x5E, 0x62, 0xFA, 0x8E, 0x80, 0x80, 0x75, 0x11, 0x96, 0xE8, 0x66, 0x4F, 0xB3, 0xA0, 0x82, 0x2D, 0xB5, 0x2B, 0xF7, 0x94, 0x0B, 0x24, 0x25, 0xFA, 0xE2 },
+    { 0xFC, 0x9F, 0x25, 0xF6, 0x45, 0x31, 0x5C, 0x10, 0xE6, 0xF1, 0xEB, 0x7D, 0x71, 0x87, 0x79, 0xB8, 0x28, 0xCB, 0x23, 0xDB, 0xD2, 0x51, 0x56, 0xB5, 0x4D, 0xBF, 0xC6, 0x25, 0xD9, 0x8E, 0x92, 0x99 },
+    { 0x45, 0x58, 0x22, 0xA1, 0x4D, 0x4D, 0xF9, 0xA7, 0xC7, 0x4C, 0x19, 0x4E, 0x15, 0x47, 0x82, 0x9D, 0x12, 0x09, 0xD8, 0xB2, 0x91, 0x22, 0xF6, 0x14, 0x88, 0x0C, 0x47, 0xB0, 0x1F, 0xCC, 0x60, 0x5E },
+    { 0x7A, 0x7E, 0xDA, 0x2F, 0xFA, 0xE6, 0x2B, 0x7B, 0x27, 0xFA, 0x8A, 0xD0, 0xD4, 0x09, 0xE3, 0x33, 0x49, 0x44, 0x1C, 0xC9, 0x29, 0x1E, 0x62, 0xF8, 0xF7, 0x19, 0x1F, 0x0A, 0x64, 0x1F, 0x37, 0x4C },
+    { 0x87, 0x3E, 0xE8, 0x8B, 0x54, 0x5F, 0x27, 0x52, 0x61, 0xEC, 0xFD, 0xC5, 0x40, 0x60, 0x5B, 0xC8, 0x02, 0x6E, 0x76, 0x10, 0x08, 0x46, 0xE5, 0x9F, 0xE8, 0xFD, 0x90, 0x61, 0xDB, 0x13, 0x0B, 0xEF },
+    { 0xEE, 0x36, 0xF1, 0x45, 0x89, 0x1A, 0x5B, 0x2C, 0xF5, 0x9B, 0x7F, 0xCD, 0x90, 0xDE, 0xF5, 0xE4, 0x14, 0x05, 0x44, 0x4B, 0xC7, 0x77, 0x81, 0x76, 0x80, 0xD8, 0xA8, 0x61, 0x76, 0x61, 0xC0, 0xEB },
+    { 0x32, 0x9A, 0x54, 0xEE, 0xAE, 0x68, 0x81, 0xB1, 0xCF, 0xA7, 0x7E, 0xC4, 0x82, 0x89, 0x7C, 0x59, 0x2F, 0x94, 0x21, 0xF1, 0x4E, 0x13, 0xB4, 0x15, 0xB6, 0xDB, 0x1B, 0x90, 0xFF, 0x15, 0x34, 0x34 },
+    { 0x9C, 0x1F, 0x0A, 0x7E, 0xCD, 0x6A, 0x2B, 0xAA, 0xE0, 0x3F, 0x4E, 0x1D, 0x22, 0x0B, 0xB1, 0x13, 0xB9, 0xBC, 0xA8, 0x07, 0x32, 0x92, 0xAD, 0xEE, 0x8D, 0xBE, 0x22, 0x03, 0xCC, 0x37, 0x00, 0x7D },
+    { 0x2D, 0xB4, 0x53, 0x2F, 0x09, 0xC7, 0xBE, 0x12, 0x99, 0x68, 0x1C, 0x6B, 0x75, 0x92, 0xF6, 0x2F, 0xB7, 0xC7, 0xDA, 0x3B, 0xBD, 0x8C, 0xEA, 0xDE, 0x64, 0xF3, 0x8A, 0xA1, 0xC7, 0x50, 0x8C, 0x4A },
+    { 0x07, 0xA6, 0x8E, 0x45, 0x2E, 0xDA, 0x5B, 0x67, 0x3B, 0x28, 0xB9, 0x5A, 0x32, 0x43, 0x19, 0xFF, 0x0B, 0xB8, 0x54, 0x8B, 0x7B, 0xE6, 0x6E, 0x3C, 0x81, 0xA8, 0x91, 0xC1, 0x76, 0x0B, 0xF9, 0xF3 },
+    { 0x46, 0x66, 0xAF, 0xF6, 0xBA, 0x88, 0x68, 0x35, 0x28, 0x11, 0x52, 0xB3, 0x0F, 0xD2, 0x6F, 0x7D, 0x8D, 0x15, 0xC2, 0x60, 0xED, 0x13, 0x66, 0x77, 0xC6, 0xDB, 0x21, 0x59, 0x3A, 0x47, 0x6A, 0x4E },
+    { 0xD9, 0x68, 0x93, 0x8C, 0x7F, 0x78, 0x49, 0x40, 0x31, 0x60, 0xE2, 0x91, 0xEA, 0x54, 0xAD, 0x79, 0xC0, 0xCA, 0xF1, 0x23, 0x7C, 0x13, 0x75, 0xA0, 0xB5, 0x53, 0xD5, 0xC8, 0x12, 0x2F, 0x88, 0xB3 },
+    { 0xCE, 0x8C, 0x10, 0x47, 0x06, 0x35, 0x27, 0xF5, 0x2D, 0xDD, 0xF7, 0x7D, 0xFA, 0x8C, 0xFF, 0x33, 0xCA, 0xD0, 0x7E, 0xDD, 0x98, 0x1A, 0xAE, 0x3F, 0xE8, 0x45, 0x95, 0x82, 0x09, 0xC0, 0xEC, 0x1F },
+    { 0x43, 0x4B, 0xBA, 0xFE, 0xF0, 0x77, 0x14, 0x65, 0x36, 0x01, 0xE7, 0x35, 0xC5, 0xBC, 0x3E, 0xE7, 0x1D, 0x41, 0xE5, 0x9B, 0xB5, 0xF4, 0x18, 0xA5, 0xAA, 0xF0, 0x2F, 0xED, 0xDE, 0x6F, 0x86, 0xA2 },
+    { 0x03, 0x68, 0xA2, 0xCC, 0x22, 0x42, 0x2A, 0x50, 0xD3, 0x15, 0x48, 0x88, 0x4A, 0xA9, 0xF1, 0xBF, 0x53, 0x94, 0x09, 0xC7, 0x34, 0xA3, 0x66, 0x2D, 0xED, 0x43, 0xCF, 0xDE, 0x64, 0x91, 0xF3, 0x69 },
+    { 0xD8, 0x85, 0xE2, 0x41, 0x0C, 0x4F, 0xF1, 0x9D, 0x4F, 0xA9, 0x48, 0x9C, 0x84, 0xE3, 0x91, 0x5E, 0x42, 0x1D, 0x3F, 0x68, 0x71, 0xF6, 0x9E, 0xFC, 0xCF, 0x52, 0xC3, 0x23, 0xBB, 0xA9, 0xCB, 0xFF },
+    { 0x78, 0xAE, 0x31, 0x3E, 0xEE, 0x58, 0xF9, 0x8C, 0xE8, 0xAF, 0x80, 0x13, 0x3A, 0xBA, 0xD2, 0xED, 0x16, 0x46, 0x7D, 0x4E, 0x92, 0x77, 0x2F, 0x2D, 0xA0, 0x5D, 0x58, 0x2E, 0x41, 0x07, 0x01, 0xA6 },
+    { 0xCC, 0x3F, 0xDF, 0x7B, 0xB9, 0xC3, 0x10, 0x13, 0x2E, 0x2A, 0x2E, 0x77, 0xE4, 0x4A, 0x32, 0x7B, 0xA1, 0xD7, 0x39, 0x30, 0xFB, 0x63, 0x64, 0xF0, 0x38, 0x5B, 0x87, 0x16, 0x4E, 0x36, 0x54, 0xEE },
+    { 0x9F, 0xD7, 0x77, 0x2B, 0xF7, 0x18, 0xAF, 0xD4, 0xE2, 0xD6, 0x56, 0xD3, 0x82, 0x9A, 0x6A, 0x84, 0xA1, 0x25, 0x9F, 0x13, 0xD9, 0xBF, 0xBD, 0xE1, 0xB5, 0x67, 0x81, 0x9E, 0xE1, 0x5A, 0xE4, 0x5B },
+    { 0x7C, 0xF9, 0x9C, 0x2F, 0x03, 0x2A, 0xF9, 0x83, 0x34, 0x03, 0xDC, 0x20, 0x1E, 0x42, 0x46, 0xC5, 0x40, 0x2A, 0xA5, 0xAE, 0x9C, 0xA3, 0xB3, 0xA9, 0x28, 0xA3, 0x3F, 0xDB, 0xB8, 0xB5, 0x9A, 0xB2 },
+    { 0xCF, 0xD2, 0x69, 0xB7, 0x3F, 0x73, 0x97, 0xDC, 0xDA, 0xED, 0x32, 0xAC, 0x64, 0xCE, 0x5D, 0x89, 0x63, 0xB5, 0xB3, 0x96, 0xDD, 0x64, 0x1E, 0xA8, 0xBB, 0xD9, 0x20, 0x8B, 0x2A, 0xDB, 0xD2, 0x3A },
+    { 0x21, 0x61, 0xCB, 0x63, 0xE4, 0xA5, 0x17, 0xBC, 0x1F, 0x1F, 0xCA, 0xA6, 0x87, 0x5D, 0x0E, 0x24, 0x53, 0xD9, 0x1F, 0x57, 0x7D, 0x24, 0x70, 0xB7, 0x8A, 0x24, 0xE7, 0xB2, 0xBC, 0xCB, 0xEC, 0xA1 },
+    { 0xA2, 0x49, 0x8F, 0x52, 0xC8, 0x0D, 0x8A, 0x83, 0x3C, 0x2A, 0xA7, 0x92, 0x46, 0xD5, 0xE0, 0xDE, 0x1E, 0x2B, 0x03, 0x76, 0x74, 0x4F, 0xA5, 0x1F, 0xB9, 0xFF, 0x29, 0x5A, 0xE7, 0x4B, 0x35, 0xE0 },
+    { 0x63, 0x4D, 0x01, 0x37, 0xC2, 0x59, 0x24, 0x08, 0x02, 0xA7, 0xE5, 0x74, 0x05, 0x3C, 0x6E, 0x80, 0x4A, 0x0B, 0xEC, 0x70, 0x4B, 0x14, 0x26, 0x05, 0x42, 0x20, 0xB0, 0x3E, 0xC0, 0x73, 0xD8, 0x7E },
+    { 0xBD, 0xEA, 0xB3, 0x9F, 0x4B, 0xDB, 0xFC, 0x12, 0x72, 0xE1, 0x0B, 0x61, 0xD8, 0x6A, 0xFD, 0x2C, 0x29, 0xD5, 0xC0, 0x4A, 0x7D, 0xE9, 0xDF, 0xEE, 0x06, 0x7C, 0x43, 0xF5, 0x3B, 0x28, 0xD3, 0xE6 },
+    { 0x9B, 0x33, 0x09, 0xB8, 0xBC, 0x1F, 0x66, 0xE3, 0xF6, 0xBD, 0x80, 0x8E, 0x7C, 0x35, 0x61, 0xB5, 0x1D, 0x3A, 0xCE, 0x7C, 0x59, 0x46, 0xCB, 0x92, 0xD9, 0x50, 0x71, 0xF0, 0x07, 0x77, 0x87, 0xA2 },
+    { 0xC7, 0x20, 0x54, 0xCD, 0x43, 0xEF, 0x37, 0xA6, 0xE8, 0x5B, 0x46, 0x75, 0xD7, 0xF2, 0x5F, 0x47, 0xC7, 0x8B, 0xC9, 0x6F, 0x7A, 0x1D, 0xB2, 0x4C, 0x87, 0xA3, 0xF9, 0xDA, 0x9D, 0x93, 0x41, 0xEE },
+    { 0xA0, 0xE6, 0xFC, 0xF1, 0xB2, 0xFC, 0x92, 0xA6, 0xB1, 0x56, 0xA3, 0x59, 0x19, 0xF6, 0x26, 0x9F, 0x4E, 0x6F, 0x1C, 0x8F, 0x32, 0x56, 0xD5, 0x83, 0x8D, 0x50, 0x0B, 0x1B, 0x1B, 0xFB, 0xA4, 0xAD },
+    { 0xE8, 0x2E, 0xE2, 0x1E, 0xDB, 0xF3, 0x4E, 0x94, 0xEB, 0x8B, 0xE4, 0x2B, 0xC3, 0xC6, 0x49, 0x92, 0xEA, 0x18, 0x67, 0xCB, 0xBD, 0xE9, 0x42, 0x97, 0xF5, 0x0C, 0x1E, 0xAC, 0xCF, 0x8A, 0xE0, 0x6D },
+    { 0xD1, 0x21, 0xD8, 0x8E, 0x42, 0xF0, 0x26, 0x87, 0x1A, 0x5B, 0x7E, 0xE6, 0xAE, 0x3E, 0x3E, 0x21, 0x45, 0xEB, 0xA5, 0x2B, 0xC4, 0x37, 0x94, 0xD4, 0x71, 0x10, 0x01, 0x7C, 0xB4, 0x63, 0xBC, 0x2F },
+    { 0x0F, 0x2A, 0x06, 0x2B, 0xEE, 0xDB, 0x5A, 0x37, 0x5D, 0xAF, 0xCE, 0x55, 0x0B, 0x00, 0x85, 0x3B, 0x4F, 0xAE, 0x9E, 0x80, 0x5E, 0xBF, 0x9B, 0x5A, 0xFF, 0x73, 0x32, 0x86, 0xC2, 0x3D, 0x97, 0xF7 },
+    { 0xDE, 0x0D, 0x36, 0x64, 0xFA, 0x3B, 0xD1, 0x18, 0x39, 0xBF, 0x02, 0xC9, 0x10, 0xF5, 0x77, 0x43, 0x0D, 0x86, 0x35, 0x0A, 0x15, 0xB5, 0xF4, 0xFB, 0x08, 0x6D, 0xEA, 0xF2, 0xC1, 0x42, 0xD8, 0xA3 },
+    { 0x9B, 0x4F, 0x64, 0xCB, 0x47, 0xF0, 0xD8, 0x30, 0x42, 0x56, 0x95, 0x16, 0x9F, 0x04, 0x53, 0x04, 0x51, 0x1C, 0xBC, 0x76, 0xC6, 0x18, 0xBE, 0x0C, 0x5D, 0xDA, 0xD6, 0xBE, 0x13, 0x3A, 0x80, 0x45 },
+    { 0xE2, 0x65, 0x52, 0x4B, 0x50, 0x41, 0xD1, 0x9A, 0xC7, 0xEE, 0xDB, 0xA7, 0x85, 0x6B, 0xF9, 0x48, 0x83, 0x4B, 0xCD, 0x16, 0x9B, 0x78, 0x0F, 0x62, 0x1C, 0x69, 0x16, 0xEF, 0x80, 0x89, 0x1A, 0xEA },
+    { 0x76, 0x0D, 0xD9, 0x26, 0xB3, 0x65, 0xF2, 0x65, 0x79, 0xB9, 0x4F, 0x3F, 0x7A, 0xBE, 0x51, 0x56, 0x22, 0xAD, 0xD9, 0xA2, 0x98, 0x01, 0xC3, 0x8F, 0x95, 0x28, 0xED, 0x78, 0x19, 0xE8, 0xD5, 0xD1 },
+    { 0xE5, 0xA0, 0xCB, 0x14, 0x92, 0x41, 0x59, 0xC9, 0x10, 0xC5, 0x46, 0x8A, 0xF9, 0x88, 0xFB, 0x7A, 0x03, 0xB1, 0x76, 0x7E, 0x18, 0x5B, 0x92, 0x70, 0x21, 0x51, 0x95, 0x47, 0x53, 0x7A, 0xFE, 0x32 },
+    { 0x19, 0xF5, 0x01, 0x3E, 0xF0, 0x56, 0xCC, 0x58, 0x97, 0xC7, 0x78, 0x51, 0x05, 0x33, 0x08, 0xD5, 0x49, 0xD1, 0xD2, 0xF1, 0x08, 0x4B, 0x44, 0xF4, 0x86, 0xD5, 0x66, 0x05, 0x50, 0xFC, 0x8A, 0x62 },
+    { 0xB9, 0xBB, 0xFE, 0x2F, 0x64, 0xF5, 0x79, 0xD4, 0xD4, 0xC0, 0x57, 0x2E, 0x10, 0x99, 0x13, 0xB2, 0xC4, 0xE2, 0xF7, 0x8C, 0x8E, 0x79, 0x7F, 0x21, 0x97, 0xEC, 0x42, 0xA8, 0x5B, 0xDD, 0x14, 0x22 },
+    { 0x56, 0xC2, 0x1C, 0xE5, 0xCA, 0x96, 0x3B, 0x22, 0xFC, 0x23, 0x93, 0xE9, 0x59, 0x70, 0x29, 0x8B, 0x1A, 0xB6, 0x94, 0x68, 0xA2, 0x09, 0xCF, 0x55, 0xAC, 0xFC, 0xBD, 0xBD, 0xE3, 0xCD, 0x6E, 0x50 },
+    { 0x60, 0xC4, 0x4A, 0xF4, 0xC4, 0xD3, 0x1C, 0xD5, 0x9A, 0x6B, 0xCF, 0xC3, 0xC9, 0x62, 0xCA, 0xCD, 0xBE, 0x10, 0x1A, 0x60, 0x52, 0xE1, 0x8E, 0x11, 0xCB, 0x7D, 0x0D, 0x14, 0xA4, 0x0F, 0x13, 0x02 },
+    { 0xB6, 0x93, 0x52, 0x3A, 0xC5, 0x6D, 0x0F, 0x8B, 0xF2, 0x3A, 0x07, 0xCE, 0x94, 0x36, 0xEE, 0x3D, 0x59, 0xEB, 0x95, 0x91, 0x31, 0x65, 0x01, 0xD6, 0x86, 0xC1, 0xDB, 0xE1, 0xA6, 0x57, 0x5B, 0x70 },
+    { 0xEA, 0xD3, 0x7B, 0x43, 0x72, 0x6A, 0x34, 0xF7, 0x8A, 0x06, 0x50, 0x22, 0x8E, 0x8C, 0x1C, 0xBE, 0x13, 0x51, 0x01, 0x25, 0x1E, 0x98, 0x27, 0xE0, 0x8C, 0x09, 0x44, 0xB7, 0x1A, 0x64, 0x44, 0x77 },
+    { 0x79, 0x92, 0x6A, 0x2D, 0x9A, 0x95, 0x23, 0x47, 0xB6, 0x10, 0xE3, 0x1C, 0x2B, 0x13, 0x0D, 0x9D, 0xEC, 0x28, 0xDC, 0xF2, 0x0C, 0xFA, 0x2E, 0xC5, 0x41, 0xAA, 0x47, 0x38, 0x42, 0xCE, 0x0D, 0x23 },
+    { 0xFB, 0x66, 0x9A, 0x5F, 0x3A, 0x82, 0xD0, 0x7C, 0x9D, 0x26, 0xAE, 0x0E, 0x00, 0xC5, 0x12, 0xF7, 0xD2, 0x07, 0x1F, 0x73, 0xAF, 0x60, 0x91, 0xB3, 0x8E, 0x56, 0x84, 0x66, 0x50, 0x66, 0xE5, 0x7E },
+    { 0xEE, 0xE6, 0x81, 0xAC, 0xB4, 0x52, 0xDC, 0xE9, 0x6C, 0x34, 0xB0, 0x14, 0x22, 0x22, 0xC1, 0x88, 0xE6, 0xBA, 0x9E, 0x4D, 0xD1, 0xAC, 0xC6, 0x49, 0xDA, 0xC1, 0x19, 0x6B, 0xBA, 0x55, 0x63, 0x06 },
+    { 0x6E, 0xDD, 0x4C, 0x0B, 0x40, 0xB3, 0x75, 0x16, 0x51, 0x9C, 0xD4, 0x7A, 0xD1, 0xA9, 0xDB, 0x4B, 0x73, 0xEB, 0x60, 0xE8, 0x99, 0xDA, 0xFF, 0x01, 0xDC, 0xF7, 0x2C, 0xDD, 0xF4, 0x14, 0x8E, 0x6A },
+    { 0x2A, 0x29, 0x8F, 0x19, 0x77, 0xFF, 0xED, 0xF9, 0xBD, 0xCE, 0x3F, 0x96, 0xED, 0x9A, 0x20, 0x4D, 0x33, 0x34, 0x1A, 0x4E, 0xCB, 0xB2, 0xE0, 0x9D, 0x34, 0x24, 0xB3, 0x14, 0x20, 0x95, 0xEF, 0x8F },
+    { 0xF5, 0xD5, 0x74, 0x1B, 0x4F, 0x78, 0x4E, 0x96, 0xD9, 0xED, 0x1F, 0xC0, 0x1B, 0x41, 0x4F, 0x84, 0xD7, 0xCF, 0x2C, 0x29, 0x45, 0x69, 0xFE, 0x9D, 0x41, 0xF5, 0xB9, 0x1B, 0xAD, 0x6F, 0x1C, 0xB8 },
+    { 0xC4, 0x59, 0xF3, 0x06, 0xA6, 0xD1, 0x64, 0x5D, 0xCA, 0xFE, 0xD3, 0x3E, 0x7E, 0x2A, 0xDD, 0xBD, 0xBE, 0x71, 0xD4, 0xC7, 0x26, 0x12, 0x70, 0x1B, 0x6B, 0x04, 0xAA, 0x83, 0x60, 0xE6, 0x47, 0xF4 },
+    { 0xD0, 0xD8, 0xDE, 0xDA, 0x8C, 0x4E, 0x1D, 0x51, 0x71, 0x80, 0x3E, 0x8C, 0x18, 0x17, 0xF2, 0x22, 0x2D, 0xDB, 0x2B, 0xCB, 0xA0, 0x04, 0x6C, 0xFF, 0x7B, 0xAB, 0xEF, 0x0E, 0x77, 0xDC, 0xA6, 0x12 },
+    { 0xAD, 0x6A, 0x76, 0x32, 0x9A, 0x7F, 0x49, 0xFD, 0xB4, 0x9C, 0x71, 0xB4, 0x85, 0x36, 0x36, 0x8A, 0xAA, 0x01, 0x7E, 0xCE, 0x0F, 0xA5, 0x23, 0x30, 0x4D, 0xEA, 0x5E, 0x26, 0x78, 0xF8, 0xD6, 0x87 },
+    { 0xFD, 0x7B, 0xFC, 0x0A, 0x64, 0x51, 0x03, 0xB4, 0xF7, 0x14, 0x34, 0x54, 0xE2, 0x57, 0x4E, 0x25, 0x55, 0xB5, 0xEF, 0x7E, 0x80, 0xEE, 0xE8, 0xD6, 0x08, 0x52, 0x02, 0xCD, 0xA6, 0x8F, 0x0D, 0x25 },
+    { 0xB6, 0xC2, 0x18, 0xB1, 0xC1, 0x6F, 0x13, 0xFF, 0xE0, 0x50, 0x22, 0x07, 0x60, 0x2C, 0x36, 0xCE, 0x02, 0xA5, 0xDE, 0xBE, 0x02, 0x73, 0x82, 0x2F, 0xAF, 0x4D, 0xD0, 0xFB, 0xA8, 0x2C, 0x97, 0xFE },
+    { 0x0E, 0xF8, 0x59, 0x18, 0x88, 0x34, 0x88, 0xDD, 0x82, 0x4F, 0xAE, 0x49, 0x82, 0xBD, 0x8B, 0x25, 0x25, 0xCA, 0xF4, 0x3B, 0xB1, 0x81, 0x59, 0x47, 0x15, 0x53, 0x37, 0xB3, 0xCD, 0xAF, 0xA3, 0x17 },
+    { 0xCD, 0x38, 0x79, 0x28, 0xAC, 0x3A, 0x1B, 0xAF, 0x1F, 0x3B, 0xF7, 0xF9, 0x29, 0xC4, 0x44, 0xA1, 0x67, 0x97, 0x51, 0x08, 0x21, 0x66, 0xE2, 0x88, 0x3D, 0x70, 0xF3, 0x38, 0xC4, 0x7F, 0xCB, 0xB8 },
+    { 0xC6, 0x67, 0xF6, 0x9D, 0xE9, 0xB5, 0x24, 0x36, 0x0D, 0x64, 0x3C, 0xF8, 0xFE, 0x94, 0x5C, 0x56, 0x94, 0x67, 0x1C, 0xE4, 0xE2, 0x14, 0x67, 0x1F, 0xE3, 0xC6, 0x51, 0x7E, 0x6C, 0xBF, 0x78, 0x60 },
+    { 0xB3, 0x06, 0xDC, 0x81, 0x81, 0x05, 0xCF, 0x47, 0x4A, 0x28, 0x5C, 0x5B, 0x29, 0xBC, 0x12, 0x7C, 0x3C, 0xE5, 0x88, 0xC1, 0x2B, 0xBC, 0x99, 0x2D, 0x71, 0x57, 0xA9, 0x06, 0xC8, 0x4E, 0x60, 0x2D },
+    { 0x47, 0x86, 0x43, 0x6A, 0x98, 0x5B, 0x0D, 0x23, 0x2C, 0xDC, 0x8C, 0x0A, 0x20, 0x6F, 0x83, 0x1D, 0x3C, 0x03, 0x4B, 0xB8, 0x24, 0xAD, 0xE7, 0xF5, 0xA8, 0x36, 0x64, 0x91, 0xCA, 0x37, 0x40, 0xB9 },
+    { 0x57, 0xA9, 0x40, 0xC6, 0x70, 0xA2, 0x63, 0x2D, 0x64, 0x1F, 0xB6, 0x65, 0xC8, 0x69, 0xAD, 0x4D, 0x6D, 0x2B, 0x6A, 0xBB, 0xBB, 0xA1, 0xCD, 0xC9, 0x7A, 0x6F, 0xAD, 0xFC, 0x1C, 0x7A, 0x4C, 0xB2 },
+    { 0x11, 0x2E, 0x5A, 0xA2, 0x6B, 0x25, 0x9A, 0xC2, 0x6B, 0xA3, 0xFC, 0x37, 0x79, 0x85, 0x62, 0xAA, 0xCE, 0xAD, 0x69, 0x33, 0x5E, 0x4F, 0xFD, 0x31, 0xE4, 0x4E, 0xC4, 0x30, 0x3A, 0xB4, 0x21, 0x95 },
+    { 0xC1, 0x07, 0x61, 0xA7, 0xB5, 0x36, 0x58, 0xA4, 0xF6, 0x04, 0x5B, 0x46, 0x23, 0xBC, 0x67, 0xCC, 0xA8, 0x63, 0x49, 0xD1, 0xE6, 0x4A, 0x8C, 0xDD, 0x1E, 0x06, 0x58, 0xB5, 0x2E, 0x68, 0xC4, 0x3C },
+    { 0xFB, 0x1A, 0xBE, 0xAE, 0xF4, 0xC3, 0x87, 0xB1, 0xBD, 0xEA, 0xB2, 0xD5, 0x80, 0x7D, 0xE7, 0xEA, 0xF5, 0xD0, 0x99, 0x79, 0xE7, 0xE6, 0xE1, 0x91, 0xC1, 0xE0, 0xF3, 0x17, 0x5D, 0xCD, 0xE8, 0x54 },
+    { 0xB1, 0xDA, 0x70, 0x53, 0x30, 0x5B, 0xBE, 0xC1, 0xE2, 0x49, 0x08, 0x40, 0x70, 0x3D, 0x0C, 0x86, 0xD3, 0x78, 0xB3, 0xEA, 0x2A, 0xD4, 0x96, 0x9A, 0x9F, 0x2D, 0x3B, 0xD2, 0x90, 0xAB, 0x44, 0x8D },
+    { 0x65, 0x71, 0xB9, 0xD4, 0xA7, 0xCA, 0xE6, 0x47, 0x5A, 0x72, 0x0C, 0xCA, 0xB5, 0x60, 0x76, 0x72, 0x53, 0xF2, 0x9D, 0x55, 0x7D, 0x09, 0x3A, 0x33, 0x86, 0x80, 0x37, 0xD7, 0xB8, 0x5A, 0x61, 0xFF },
+    { 0x8C, 0x78, 0x68, 0x44, 0xE0, 0xA1, 0x22, 0x1F, 0x10, 0xB4, 0xF6, 0x31, 0x70, 0xCB, 0xCA, 0xD9, 0xA6, 0xF7, 0x13, 0xA1, 0xE5, 0x59, 0x1A, 0x8C, 0x43, 0x6C, 0xE1, 0x9C, 0xFF, 0x41, 0x2B, 0xEA },
+    { 0x29, 0x0C, 0x0A, 0xE8, 0x50, 0x07, 0x81, 0xA6, 0xDE, 0x9B, 0x84, 0x2F, 0x95, 0x37, 0xAD, 0x8C, 0x08, 0xBC, 0x15, 0xDA, 0x55, 0x4A, 0x17, 0x03, 0xD0, 0xD6, 0x3C, 0x79, 0x75, 0x05, 0xB8, 0xA9 },
+    { 0x82, 0xA7, 0xE9, 0x11, 0x73, 0x83, 0x08, 0xFA, 0x27, 0xC9, 0x14, 0xC5, 0xFC, 0x7C, 0x46, 0x13, 0xBD, 0x0D, 0x10, 0x1A, 0xE2, 0xE2, 0x02, 0xFC, 0x65, 0x4D, 0x60, 0xFD, 0xDF, 0x18, 0xB7, 0x19 },
+    { 0xE2, 0x6F, 0x35, 0xAE, 0x70, 0x5E, 0xDC, 0x6B, 0x74, 0x2A, 0x2F, 0x90, 0xE1, 0x96, 0xDB, 0x9B, 0x4B, 0xE4, 0x58, 0x56, 0x24, 0x52, 0x50, 0xCB, 0xBD, 0x1C, 0x9F, 0x13, 0x14, 0x2A, 0x27, 0xB5 },
+    { 0x01, 0xE0, 0x4E, 0x47, 0x53, 0x05, 0xE6, 0x76, 0x28, 0x75, 0xE7, 0xFB, 0xDD, 0x84, 0xDF, 0x34, 0x72, 0xC1, 0x31, 0xA4, 0x8C, 0x41, 0x71, 0x17, 0x1A, 0x0C, 0x00, 0x01, 0x15, 0x57, 0x76, 0x56 },
+    { 0x41, 0x60, 0xE3, 0xA5, 0x9D, 0x0F, 0xD0, 0x59, 0xCF, 0x97, 0x5E, 0x95, 0xD4, 0x12, 0x7C, 0x1E, 0x92, 0xAF, 0x1B, 0x7B, 0xD0, 0x5D, 0x6E, 0x85, 0xDA, 0x9C, 0x25, 0xF9, 0xEF, 0xC3, 0xE1, 0x09 },
+    { 0x34, 0xAF, 0xB8, 0x89, 0x7C, 0xDC, 0xCE, 0xC7, 0xEE, 0x5F, 0xFE, 0x17, 0x49, 0x19, 0xAC, 0x14, 0xF7, 0x32, 0x96, 0xC3, 0x63, 0x53, 0xB6, 0x15, 0x5B, 0x47, 0x0D, 0xAE, 0xD8, 0xB3, 0xDE, 0x4C },
+    { 0x3F, 0x6A, 0xD7, 0x67, 0x75, 0x1C, 0xAD, 0x4F, 0xCE, 0x71, 0xEF, 0x63, 0x9D, 0x14, 0x3F, 0x4E, 0x33, 0x98, 0xB2, 0x8F, 0xA8, 0x00, 0x45, 0xEA, 0xAB, 0x61, 0xAC, 0x15, 0xDF, 0x42, 0x81, 0x5D },
+    { 0x2F, 0x58, 0xDF, 0x23, 0x0D, 0xB1, 0xF6, 0x94, 0x42, 0xD5, 0x32, 0x3C, 0x1F, 0x23, 0x5C, 0x1E, 0xD7, 0x91, 0x2C, 0xA6, 0x18, 0xA7, 0xA9, 0x02, 0xF4, 0xA5, 0x5F, 0x10, 0xA1, 0xCA, 0xBE, 0xEB },
+    { 0xF7, 0x3C, 0xBC, 0xAF, 0x05, 0xA2, 0xD6, 0x99, 0xA8, 0x99, 0x80, 0xF2, 0x33, 0xC1, 0xE5, 0x57, 0x2C, 0xC1, 0x5B, 0xC9, 0x38, 0x29, 0xD7, 0xB5, 0xEA, 0x13, 0x88, 0x02, 0xBA, 0x6C, 0x17, 0x98 },
+    { 0x3A, 0x6E, 0xA4, 0xE4, 0x1E, 0xA5, 0x82, 0x6B, 0x89, 0x38, 0xE4, 0xC8, 0xB7, 0xAD, 0xD8, 0x9D, 0xAC, 0x7B, 0x53, 0x36, 0x80, 0x26, 0x30, 0x9F, 0x56, 0xC7, 0xBE, 0xC5, 0xFF, 0xB1, 0xA7, 0x3C },
+    { 0x4F, 0xE7, 0x21, 0x18, 0x94, 0x91, 0x3B, 0xBE, 0x8A, 0x53, 0x8B, 0x3C, 0x13, 0x25, 0x73, 0x1F, 0x81, 0xB5, 0xC1, 0x1A, 0xCA, 0x88, 0x91, 0xEE, 0x58, 0x1E, 0x01, 0x6A, 0x8A, 0xD8, 0xCD, 0x1B },
+    { 0xDE, 0xCD, 0x5F, 0xC5, 0x6B, 0x2B, 0xC1, 0x8C, 0xE0, 0x54, 0x9C, 0x93, 0xD3, 0x08, 0x0C, 0x28, 0x27, 0xF2, 0x86, 0xD2, 0x8D, 0xB5, 0x57, 0x31, 0x81, 0x3C, 0xF0, 0x47, 0x3B, 0x07, 0x18, 0x00 },
+    { 0xDC, 0x87, 0xFC, 0x15, 0x68, 0xA9, 0xB7, 0x54, 0x0F, 0x23, 0xAA, 0x5D, 0x07, 0xE0, 0xE1, 0x98, 0x11, 0x02, 0x01, 0x81, 0x01, 0x6B, 0xEA, 0x85, 0x51, 0xF8, 0xBC, 0x20, 0x62, 0x83, 0xCA, 0x69 },
+    { 0x77, 0x8F, 0xB6, 0x71, 0x07, 0x64, 0x54, 0xB0, 0x1E, 0xA2, 0xD0, 0x8F, 0xA7, 0xF0, 0x48, 0x29, 0x6A, 0xCC, 0xD9, 0xA5, 0x38, 0x1D, 0xEB, 0xFE, 0xCC, 0x28, 0xBE, 0x9D, 0x48, 0x9F, 0x33, 0x51 },
+    { 0xA1, 0x33, 0x20, 0xDD, 0x31, 0x37, 0x5D, 0x81, 0x90, 0xD1, 0x3D, 0x18, 0xB1, 0x58, 0xFD, 0x73, 0x2E, 0xD4, 0x43, 0x2F, 0x69, 0x2B, 0xFE, 0x01, 0x85, 0xFD, 0xD5, 0x47, 0x84, 0xD4, 0xA5, 0xA1 },
+    { 0x96, 0x6C, 0xC6, 0x9E, 0x6B, 0x8B, 0xFF, 0x69, 0x1B, 0xA4, 0x73, 0x6D, 0x29, 0x34, 0x41, 0x92, 0xE4, 0x5D, 0x42, 0xFE, 0xCB, 0xAC, 0xAE, 0xDA, 0xD3, 0x14, 0x69, 0x82, 0xF6, 0x4E, 0xA1, 0x62 },
+    { 0xC4, 0x43, 0xF9, 0x35, 0xD2, 0x7A, 0x1B, 0x5B, 0x28, 0x28, 0x54, 0x30, 0xB4, 0xFE, 0xA1, 0x32, 0xD7, 0x84, 0x8F, 0xAD, 0xD6, 0xF3, 0xA2, 0xB4, 0xB9, 0x57, 0xBC, 0xBB, 0x04, 0xFD, 0x65, 0xE6 },
+    { 0x25, 0x30, 0xDB, 0x7B, 0x84, 0xBA, 0x64, 0x33, 0xF6, 0x7D, 0xE0, 0xCB, 0x2F, 0x68, 0x5D, 0x84, 0x12, 0x4E, 0xB0, 0xB9, 0x2E, 0xC2, 0xD9, 0xB5, 0x41, 0xF4, 0x4D, 0x9C, 0x53, 0x98, 0x6E, 0x50 },
+    { 0x60, 0x07, 0xC2, 0xFA, 0xA0, 0xEA, 0xC7, 0x95, 0x53, 0x8C, 0x21, 0x7D, 0xBC, 0x84, 0x40, 0xFD, 0x10, 0xEB, 0x83, 0x5C, 0x24, 0xB2, 0x05, 0x38, 0xE3, 0x3B, 0xEF, 0xA9, 0x22, 0x6E, 0xB1, 0x9F },
+    { 0x71, 0xE0, 0x33, 0x92, 0xEC, 0x64, 0x54, 0xE9, 0x27, 0x49, 0x81, 0x3B, 0x01, 0xFE, 0xC4, 0xA0, 0x53, 0x29, 0x4C, 0x0E, 0x14, 0x25, 0x57, 0x4E, 0x07, 0x4F, 0xAF, 0x17, 0x1F, 0x4C, 0x30, 0x8E },
+    { 0xED, 0x35, 0xF8, 0x99, 0x66, 0xCB, 0x70, 0x85, 0x5B, 0xE4, 0xAC, 0xEF, 0x04, 0x88, 0xE6, 0xAE, 0xFF, 0x9A, 0x1E, 0x28, 0x7B, 0xC0, 0x17, 0x7F, 0xE5, 0x0F, 0x09, 0xB5, 0xB3, 0x9F, 0xE3, 0x30 },
+    { 0x3B, 0xF8, 0xD0, 0xFA, 0xBE, 0x8B, 0x4C, 0x7D, 0x3A, 0xCC, 0xE5, 0x02, 0x61, 0xDB, 0xFA, 0xF1, 0x90, 0x4C, 0x1C, 0x99, 0xC0, 0xF4, 0x13, 0x55, 0x16, 0xD1, 0xE7, 0x19, 0xB6, 0x8F, 0x4A, 0x5D },
+    { 0x28, 0xDE, 0x79, 0x2D, 0x17, 0x83, 0x69, 0x7A, 0xC8, 0x68, 0xB7, 0xE1, 0x7F, 0xAF, 0x5F, 0x0E, 0x60, 0x3D, 0x8A, 0x32, 0x8B, 0x79, 0x02, 0x08, 0x2E, 0x13, 0xFF, 0xB0, 0xED, 0xAD, 0x6A, 0x9C },
+    { 0xFB, 0x3D, 0x2E, 0x41, 0x78, 0xFC, 0x44, 0x68, 0x31, 0x9C, 0x13, 0x09, 0xB8, 0x11, 0x1C, 0x59, 0x86, 0x71, 0xEE, 0xAE, 0xA8, 0xB9, 0x3A, 0xB2, 0xA6, 0xBB, 0x9E, 0xBB, 0x2F, 0xF9, 0x4B, 0x16 },
+    { 0x82, 0x88, 0x77, 0x99, 0x15, 0x90, 0x57, 0x55, 0x1B, 0x39, 0x57, 0xB1, 0xE9, 0xFB, 0x62, 0xC6, 0x7E, 0xEB, 0xEF, 0x8D, 0x73, 0xD9, 0x11, 0x3C, 0xC3, 0xF9, 0x4E, 0x24, 0x9C, 0x4A, 0x3E, 0x68 },
+    { 0x52, 0x69, 0x67, 0x85, 0x61, 0xEA, 0x36, 0x60, 0xE0, 0x03, 0xBB, 0xC8, 0xF8, 0x3D, 0xBE, 0x81, 0xF7, 0x3C, 0xDB, 0x8A, 0xE1, 0x54, 0x57, 0x7C, 0xF1, 0xFA, 0x83, 0x35, 0xD6, 0x17, 0xE2, 0xE0 },
+    { 0x85, 0x41, 0x14, 0x2E, 0x6C, 0x8A, 0xF9, 0x23, 0xC1, 0xB0, 0x32, 0x75, 0xCC, 0xBB, 0x80, 0x92, 0x0C, 0xAD, 0xE0, 0xB8, 0xD0, 0x97, 0xF4, 0x00, 0x50, 0x91, 0x46, 0xE8, 0xD9, 0x16, 0x13, 0x11 },
+    { 0x64, 0xEE, 0x48, 0x21, 0x73, 0xDA, 0x94, 0x17, 0x5C, 0x4C, 0xCE, 0xF6, 0x3A, 0xC3, 0x21, 0x2B, 0x87, 0xA5, 0x5F, 0x68, 0xAE, 0x8D, 0x82, 0xD4, 0x94, 0xC0, 0x0C, 0xBA, 0x6F, 0x30, 0x04, 0x87 },
+    { 0x6B, 0xCE, 0x16, 0x3D, 0x93, 0x2A, 0xE9, 0x2C, 0x68, 0xE6, 0xAA, 0xB9, 0xF8, 0xBC, 0x82, 0x64, 0x25, 0x9E, 0x35, 0x17, 0x52, 0xDE, 0xF6, 0x39, 0xB2, 0xA9, 0x6A, 0x20, 0xCB, 0x18, 0x0C, 0xB2 },
+    { 0x60, 0xCE, 0xF6, 0xA8, 0xD7, 0x86, 0xD6, 0x5D, 0x5B, 0x95, 0x61, 0x1B, 0x94, 0x32, 0xC6, 0x3D, 0x87, 0x59, 0xA7, 0x2A, 0x66, 0xB9, 0xD6, 0xFD, 0x4F, 0x12, 0xF4, 0x3F, 0x5B, 0xAA, 0x8D, 0xED },
+    { 0xE3, 0x59, 0xCC, 0x48, 0x22, 0xEB, 0x67, 0x4D, 0x2F, 0xF8, 0x89, 0x7D, 0xB2, 0x93, 0x0F, 0x99, 0x98, 0x57, 0xA8, 0xC5, 0xA1, 0x6C, 0x37, 0x49, 0xC6, 0x32, 0xF0, 0x75, 0x09, 0x0F, 0x66, 0x9C },
+    { 0x12, 0xA9, 0xE4, 0xFC, 0x96, 0xD0, 0xE5, 0x51, 0x69, 0xB3, 0xAA, 0xAE, 0xF9, 0x42, 0x2A, 0xAE, 0x7B, 0xD8, 0x9C, 0x91, 0xDE, 0x58, 0xEE, 0x0A, 0x97, 0xAD, 0x22, 0xD3, 0xD4, 0xCC, 0x6B, 0x96 },
+    { 0x59, 0x28, 0x19, 0x91, 0xE7, 0x2B, 0xA5, 0xE1, 0xD0, 0x1B, 0x76, 0x17, 0xEE, 0x89, 0xEA, 0xAE, 0x1C, 0x2D, 0xD0, 0x1A, 0x5A, 0xC3, 0x72, 0xD2, 0x3D, 0x01, 0x47, 0xE2, 0x62, 0xCB, 0x00, 0x3D },
+    { 0x13, 0x71, 0x77, 0x28, 0xC1, 0xEF, 0xF4, 0xF0, 0x36, 0x93, 0xC0, 0x39, 0xB8, 0xDF, 0x71, 0x99, 0x00, 0xD9, 0x97, 0x5F, 0x1F, 0x78, 0xD8, 0x90, 0xE5, 0x63, 0x43, 0x5F, 0x5C, 0xF4, 0x9D, 0x2E },
+    { 0xFD, 0x1C, 0xA3, 0x7D, 0x48, 0x7D, 0x27, 0xF4, 0xA9, 0xDD, 0x8F, 0x79, 0x1E, 0x03, 0x9E, 0xAF, 0x08, 0xF1, 0xA1, 0x97, 0xDD, 0x19, 0x77, 0x16, 0xE5, 0xF7, 0x9B, 0x79, 0xA8, 0x1F, 0x0C, 0x6B },
+    { 0x38, 0x2F, 0x6D, 0x5D, 0xF2, 0x76, 0xC2, 0x92, 0x1E, 0xE6, 0xEF, 0x39, 0x19, 0x37, 0x15, 0xA8, 0xAB, 0x92, 0x23, 0xD2, 0x99, 0x43, 0xC9, 0xC4, 0xCA, 0x8C, 0xE7, 0x83, 0xC5, 0xDB, 0x9C, 0xD7 },
+    { 0xDA, 0x80, 0x3C, 0x5D, 0x63, 0xF4, 0x8F, 0xAA, 0x1A, 0x4D, 0x0D, 0x16, 0xFE, 0xE5, 0x5E, 0x39, 0xD0, 0x7C, 0x06, 0xF6, 0x0A, 0xE7, 0x60, 0xE4, 0x43, 0x4C, 0x92, 0x2F, 0xF4, 0xD7, 0xE5, 0x22 },
+    { 0xE5, 0x0A, 0xBB, 0xD9, 0xA6, 0xF1, 0x83, 0x48, 0xBC, 0xDA, 0xFB, 0x69, 0x89, 0x33, 0x29, 0xCD, 0x01, 0x8D, 0xBA, 0xAC, 0x31, 0xE8, 0xB5, 0x25, 0xEB, 0xA6, 0xA3, 0xC0, 0x3C, 0xCB, 0x04, 0x88 },
+    { 0x2D, 0xA8, 0x3F, 0xC0, 0x27, 0x7C, 0x4B, 0x15, 0xD6, 0x94, 0x2A, 0x30, 0x67, 0x3D, 0x1E, 0x45, 0x3E, 0x92, 0x67, 0xF9, 0x8F, 0xA1, 0x2F, 0x70, 0x07, 0x21, 0xFE, 0x29, 0x80, 0x5B, 0x9B, 0x8C },
+    { 0x78, 0x79, 0xE3, 0xA3, 0x1B, 0x70, 0xFB, 0x4F, 0x8B, 0xD4, 0x34, 0x2E, 0x36, 0xEA, 0x71, 0x0C, 0x7B, 0x85, 0xC4, 0x3D, 0xAC, 0xC2, 0x79, 0xF3, 0xDE, 0xA5, 0x51, 0x98, 0x2E, 0xA3, 0xFF, 0x2F },
+    { 0x78, 0xA1, 0xBC, 0x06, 0x27, 0x6F, 0x73, 0x40, 0x7C, 0xBB, 0xF7, 0x64, 0xFD, 0x25, 0x15, 0x63, 0x8C, 0x31, 0x65, 0xA7, 0x55, 0xC4, 0x15, 0xB5, 0x3D, 0x50, 0x6D, 0x64, 0x28, 0x22, 0x4E, 0xF8 },
+    { 0xA5, 0x3B, 0x7E, 0x27, 0xD9, 0xC7, 0x34, 0xF1, 0x25, 0x30, 0x7B, 0x62, 0x14, 0xDB, 0x67, 0x36, 0x5A, 0xC9, 0x4C, 0x71, 0xCF, 0xAD, 0x88, 0x30, 0xB5, 0x39, 0x91, 0x79, 0xF7, 0xE4, 0x43, 0xB2 },
+    { 0xD0, 0x88, 0x27, 0x8A, 0xBD, 0x0B, 0x97, 0xDC, 0xE3, 0xFB, 0x65, 0x28, 0x0E, 0x44, 0x6B, 0x6C, 0x79, 0xB6, 0x67, 0xFD, 0xA2, 0xDB, 0x3F, 0xB2, 0xC9, 0xB4, 0xE7, 0x7E, 0x5D, 0xBF, 0xC0, 0x7B },
+    { 0x56, 0x40, 0xBD, 0x29, 0x4E, 0xAA, 0x0A, 0xA2, 0x75, 0x23, 0x3B, 0x3A, 0xB7, 0xF0, 0x01, 0xDF, 0x5D, 0x02, 0x59, 0x8D, 0x7E, 0x5E, 0x10, 0x15, 0x9D, 0x1C, 0x1A, 0x2F, 0xC6, 0xB5, 0xAB, 0x35 },
+    { 0x39, 0x0C, 0x40, 0x02, 0xBD, 0xA1, 0xC9, 0xD6, 0x09, 0x60, 0xAF, 0xDC, 0xEC, 0x6B, 0xED, 0xA7, 0x41, 0x99, 0x6E, 0x23, 0xD9, 0xF7, 0x13, 0x94, 0x0B, 0xBE, 0xDA, 0x18, 0x8A, 0xA4, 0x47, 0x73 },
+    { 0xF5, 0x24, 0x16, 0x61, 0x22, 0xF5, 0x14, 0xEB, 0xD8, 0xD4, 0x59, 0x16, 0x18, 0xFF, 0xDC, 0x07, 0x46, 0x0A, 0xBA, 0x3E, 0x9C, 0x56, 0x56, 0x84, 0xBC, 0xB3, 0x83, 0xB3, 0x2E, 0x86, 0x54, 0x49 },
+    { 0xCE, 0x69, 0x91, 0x18, 0x46, 0x61, 0x3F, 0x25, 0x77, 0x1E, 0x09, 0xF6, 0x4D, 0xBD, 0x85, 0x8F, 0x47, 0xC8, 0xE6, 0x42, 0x7D, 0x2F, 0xF7, 0x95, 0xD9, 0x5B, 0xDC, 0x2A, 0x29, 0xFD, 0xB0, 0xE4 },
+    { 0xB8, 0xEC, 0xB2, 0xC2, 0x09, 0x95, 0xA7, 0x8E, 0xFA, 0xC7, 0x08, 0x72, 0x77, 0xB2, 0x47, 0xF2, 0xDA, 0xD7, 0x89, 0xCA, 0x78, 0x5D, 0x06, 0x98, 0x26, 0xDA, 0x32, 0x24, 0xF7, 0xD7, 0xB1, 0x50 },
+    { 0x6A, 0x27, 0x48, 0x75, 0xF0, 0xB9, 0xF8, 0x7C, 0x30, 0x3F, 0xAD, 0x4D, 0x06, 0x87, 0xF9, 0x04, 0xF2, 0xD1, 0x21, 0x84, 0x29, 0xD1, 0x0E, 0x6B, 0xAE, 0x35, 0x79, 0x1D, 0xD8, 0xD0, 0xEE, 0x4E },
+    { 0xED, 0x16, 0xA3, 0xF0, 0x93, 0xC2, 0x0B, 0x13, 0xF6, 0xAD, 0x87, 0x70, 0xC7, 0x75, 0x78, 0xF4, 0xD8, 0x9C, 0xCC, 0xD9, 0x41, 0x19, 0x9E, 0x39, 0xE9, 0x13, 0x23, 0xE6, 0x98, 0xF6, 0x4B, 0x0D },
+    { 0x05, 0x9D, 0x75, 0x81, 0xC5, 0x07, 0x60, 0xEA, 0x6A, 0x51, 0x9A, 0xD3, 0x4B, 0x7C, 0x5F, 0x26, 0x29, 0x41, 0x4F, 0xBB, 0x4A, 0x42, 0x60, 0x83, 0x9A, 0xA1, 0x56, 0xF1, 0xDC, 0x92, 0x0D, 0xED },
+    { 0x00, 0x2E, 0xE2, 0x1B, 0x85, 0x15, 0x0D, 0x0B, 0x21, 0xBE, 0xA0, 0x8F, 0x41, 0xCF, 0xAA, 0xA4, 0xBD, 0x09, 0xDF, 0x2E, 0xFC, 0xF6, 0x13, 0x71, 0x8A, 0xE9, 0xF4, 0xB0, 0xB5, 0x75, 0x42, 0xD8 },
+    { 0x29, 0xC1, 0x19, 0xCE, 0x9A, 0x32, 0x92, 0xDB, 0x10, 0xC5, 0x63, 0x7B, 0xA5, 0x0A, 0x9F, 0x8D, 0x84, 0xB7, 0x51, 0x92, 0x4E, 0x37, 0x5B, 0x6E, 0x31, 0xC0, 0x21, 0x37, 0x27, 0x7D, 0x33, 0x7B },
+    { 0xB9, 0x56, 0x20, 0xF3, 0xA1, 0xBA, 0xA6, 0xB6, 0xCD, 0xE0, 0x6F, 0xF8, 0xB7, 0xCD, 0xEB, 0x24, 0x87, 0x79, 0x44, 0x5B, 0x9A, 0x2F, 0x7E, 0xBB, 0xDD, 0x98, 0x1A, 0x8F, 0x22, 0x71, 0x2D, 0xB2 },
+    { 0x5F, 0x49, 0xC7, 0x13, 0x1F, 0x96, 0xBA, 0x08, 0x52, 0x18, 0x0F, 0x5D, 0x53, 0x98, 0x5A, 0xF9, 0x1B, 0xB7, 0x3E, 0x66, 0x23, 0xB2, 0xE2, 0xE0, 0x31, 0x4C, 0x0E, 0x7F, 0x47, 0x56, 0x59, 0x99 },
+    { 0x7D, 0x87, 0xEC, 0x2F, 0x21, 0xEC, 0x8C, 0x59, 0xB5, 0xDF, 0xE9, 0x8D, 0xD4, 0x18, 0xF6, 0x94, 0x39, 0x5E, 0x3D, 0x95, 0x35, 0xB5, 0x7D, 0xB4, 0x49, 0x9A, 0x3D, 0xBD, 0x72, 0x2C, 0x55, 0x98 },
+    { 0x38, 0x20, 0x27, 0x3B, 0xFC, 0x97, 0xF7, 0x53, 0x69, 0xC0, 0xFC, 0x0D, 0x67, 0xF6, 0x3E, 0x00, 0xF9, 0xB4, 0x9D, 0x7E, 0x89, 0xA2, 0x9F, 0xA4, 0x87, 0xD6, 0x9A, 0x30, 0xBE, 0x09, 0x31, 0xE3 },
+    { 0x93, 0x49, 0xE7, 0x53, 0xB1, 0x66, 0x45, 0x1E, 0x6B, 0x84, 0x0B, 0x30, 0xFD, 0x50, 0x52, 0x72, 0x43, 0xC2, 0x6A, 0x1F, 0x93, 0xC6, 0xF6, 0x09, 0xA4, 0xFE, 0xE2, 0x4E, 0xB4, 0x4E, 0xD4, 0xF9 },
+    { 0xEF, 0x19, 0x4D, 0x2D, 0xEC, 0xD0, 0x8F, 0xF4, 0x2D, 0x99, 0x1F, 0x86, 0x29, 0x90, 0xD0, 0xA4, 0x70, 0xF6, 0xCF, 0x9B, 0x1D, 0x21, 0x25, 0xE1, 0xAD, 0xA0, 0x11, 0x40, 0x57, 0x57, 0xD3, 0x90 },
+    { 0xF3, 0xDA, 0xB8, 0xA0, 0xAA, 0xAD, 0xBA, 0xA6, 0xDD, 0x84, 0x45, 0xA8, 0xF3, 0xCE, 0x7B, 0x47, 0xFB, 0x2B, 0x77, 0x46, 0x20, 0xC8, 0x0C, 0x1F, 0xF2, 0x0A, 0x51, 0x83, 0x5A, 0xC9, 0x81, 0x08 },
+    { 0xE7, 0xA9, 0xFE, 0x61, 0xA0, 0xC2, 0x3F, 0x83, 0xF7, 0x6F, 0x75, 0x99, 0x83, 0x89, 0x1A, 0xAC, 0x43, 0xDF, 0xBF, 0x07, 0x86, 0x5E, 0xE2, 0x16, 0xD4, 0xAE, 0x14, 0x43, 0xBD, 0xE1, 0x8C, 0x3F },
+    { 0xBA, 0xD9, 0xC7, 0x03, 0x65, 0x45, 0xA6, 0xF6, 0xF3, 0x44, 0x77, 0x1B, 0x42, 0x03, 0x43, 0xB5, 0xB8, 0x93, 0xD3, 0x1B, 0xC7, 0x5D, 0xFC, 0xA2, 0xF7, 0x82, 0x3A, 0x58, 0xF7, 0xAA, 0xA8, 0x82 },
+    { 0x97, 0xCB, 0xCC, 0xDD, 0xE0, 0xB1, 0x82, 0x07, 0x2C, 0xCC, 0x23, 0xD0, 0x1C, 0xBD, 0x1A, 0x05, 0x2C, 0x86, 0x80, 0x1C, 0x1E, 0xF4, 0xFF, 0x3B, 0x8D, 0x49, 0x9E, 0x3B, 0x5B, 0x71, 0x27, 0x56 },
+    { 0xC0, 0x75, 0xB3, 0x96, 0x64, 0x96, 0x5E, 0xF5, 0xAB, 0x69, 0x2C, 0xE0, 0x29, 0x7D, 0x1B, 0xDD, 0xD4, 0xEB, 0x75, 0x8A, 0x4A, 0x48, 0xD8, 0xED, 0x90, 0xC1, 0xAA, 0x2C, 0x91, 0x02, 0xF0, 0xFC },
+    { 0x03, 0x2F, 0xFD, 0x51, 0x22, 0xAD, 0x94, 0xD2, 0x49, 0x80, 0x7D, 0xEA, 0xE0, 0x34, 0x11, 0x59, 0x12, 0xD7, 0xE3, 0xE6, 0x90, 0xCF, 0xCB, 0x92, 0x7E, 0x93, 0x4E, 0x3A, 0x69, 0xBE, 0xC2, 0xE4 },
+    { 0xC0, 0xEC, 0xAF, 0x87, 0x63, 0x21, 0x2D, 0xD6, 0xD0, 0x7E, 0x7E, 0x53, 0x06, 0x0E, 0x15, 0x44, 0x17, 0xD9, 0xF0, 0xF9, 0x6F, 0x8E, 0x86, 0xB3, 0x85, 0x3E, 0x15, 0x41, 0xC4, 0x34, 0x28, 0x97 },
+    { 0x4E, 0x5B, 0x1A, 0x12, 0x21, 0xBC, 0x72, 0xF7, 0x91, 0xE8, 0xB2, 0xDB, 0xFB, 0x7C, 0xA0, 0x19, 0x38, 0x62, 0x31, 0x09, 0x02, 0xBE, 0x3F, 0x3F, 0x7A, 0x65, 0x3A, 0xB6, 0xA6, 0xAC, 0x05, 0x88 },
+    { 0xA3, 0xAB, 0xFA, 0xD9, 0xB5, 0x32, 0xEA, 0x55, 0x24, 0xB5, 0xBF, 0x30, 0x57, 0x49, 0xFD, 0x25, 0x40, 0x77, 0x1C, 0xC3, 0x0C, 0x54, 0x84, 0x31, 0xAA, 0x71, 0xB4, 0x97, 0x3E, 0xDC, 0x22, 0x79 },
+    { 0x51, 0x1E, 0xEE, 0x62, 0xDF, 0xB8, 0xC4, 0xEB, 0x9B, 0x1A, 0x5D, 0x91, 0x60, 0xF6, 0x22, 0xCC, 0x62, 0xCD, 0x3A, 0xE9, 0x58, 0xF3, 0xF1, 0x57, 0x3F, 0x7C, 0x89, 0x13, 0x4D, 0x78, 0xAF, 0xEC },
+    { 0x4A, 0x1A, 0x5A, 0x44, 0xED, 0xD4, 0x9A, 0xB0, 0x80, 0x24, 0x2D, 0x23, 0x6F, 0x5D, 0x00, 0xD1, 0x57, 0x96, 0x9B, 0x9D, 0x91, 0xDD, 0xF5, 0x43, 0x75, 0xAE, 0x40, 0x66, 0x3F, 0x4A, 0x80, 0x4B },
+    { 0xF1, 0xA6, 0x40, 0x89, 0xEF, 0x90, 0x1A, 0xB7, 0xED, 0xF9, 0x47, 0x4F, 0x1C, 0x04, 0xD3, 0xFA, 0x6A, 0xC8, 0xFE, 0xD2, 0xD8, 0xBE, 0xDD, 0x45, 0xCB, 0xB6, 0x95, 0xC5, 0x6D, 0xEB, 0xA4, 0xFA },
+    { 0x21, 0xBE, 0xA3, 0x73, 0x80, 0x0B, 0x8A, 0xD6, 0xFB, 0x7B, 0xAD, 0x9D, 0x86, 0x05, 0x69, 0x2A, 0x73, 0x9A, 0x6D, 0x8B, 0x54, 0x52, 0x4C, 0x3C, 0xD9, 0x90, 0x83, 0xF4, 0x71, 0xCF, 0x46, 0x64 },
+    { 0xA8, 0x45, 0x63, 0x73, 0x57, 0xAF, 0xF2, 0x92, 0x6F, 0x34, 0x3A, 0x07, 0xF1, 0xC1, 0x3B, 0x3A, 0x6F, 0x07, 0x09, 0x60, 0xC0, 0x31, 0x89, 0xC7, 0xE5, 0xFC, 0x04, 0x84, 0x44, 0x85, 0x92, 0x4A },
+    { 0xF7, 0xC5, 0xEE, 0x43, 0xC5, 0x91, 0x22, 0x10, 0x8C, 0xB3, 0x7E, 0xA6, 0x72, 0x5F, 0x47, 0xFF, 0xB1, 0x5C, 0x40, 0x5F, 0xA1, 0xD6, 0x7D, 0xE1, 0xE9, 0x41, 0x1C, 0x4D, 0x13, 0xED, 0xFE, 0x41 },
+    { 0xAD, 0xA4, 0x96, 0xE2, 0xC0, 0xAD, 0xE8, 0x29, 0xF3, 0x78, 0x32, 0xA8, 0xBA, 0x34, 0xCF, 0x60, 0x59, 0xDF, 0xFB, 0xB3, 0xBE, 0xBA, 0x88, 0xCA, 0x5D, 0xED, 0x33, 0x63, 0x91, 0x4E, 0xA6, 0x9A },
+    { 0xA0, 0x23, 0xCD, 0x5A, 0x05, 0x47, 0x35, 0x45, 0x85, 0x73, 0x70, 0x1A, 0x96, 0x09, 0xC5, 0x4B, 0x01, 0xAA, 0xB0, 0xDA, 0x3A, 0x36, 0x5B, 0x39, 0xCA, 0x30, 0xB9, 0x72, 0xEA, 0xD1, 0x51, 0xA4 },
+    { 0x5A, 0x47, 0x4E, 0xAE, 0xEC, 0x52, 0xDF, 0xFB, 0x5A, 0xC1, 0x28, 0xA7, 0xE7, 0x21, 0xD6, 0xF7, 0x10, 0x2F, 0xCA, 0xEA, 0xC2, 0x3E, 0xA7, 0x22, 0x1C, 0xA0, 0x97, 0x29, 0xF4, 0xE6, 0x5B, 0xEF },
+    { 0xD5, 0xB5, 0xC5, 0x72, 0x83, 0xE6, 0x92, 0x31, 0x15, 0x5A, 0xCB, 0xDB, 0xF0, 0x2B, 0x20, 0x1C, 0xA6, 0x2E, 0xD9, 0x70, 0x85, 0x2A, 0x02, 0xB8, 0xE6, 0x4E, 0x4F, 0x0B, 0x51, 0x68, 0xAC, 0xB4 },
+    { 0xE7, 0x72, 0x38, 0xF4, 0x71, 0xC7, 0xDC, 0xFB, 0xA6, 0x95, 0xCC, 0x26, 0x6D, 0xD0, 0x5D, 0x34, 0x44, 0xFE, 0x10, 0x7F, 0xB5, 0xAA, 0x22, 0xC2, 0x35, 0x01, 0xE4, 0x7C, 0x1F, 0xD7, 0xFA, 0x52 },
+    { 0xD3, 0x7F, 0x01, 0x3A, 0x46, 0x6A, 0xCD, 0xDA, 0x63, 0xD6, 0x5C, 0xBE, 0x94, 0x90, 0xB0, 0x51, 0xC6, 0x83, 0x96, 0x20, 0xB7, 0xCB, 0xE8, 0x13, 0xFF, 0x3A, 0x93, 0xA3, 0x50, 0x70, 0x9C, 0xE2 },
+    { 0x74, 0xD4, 0x34, 0xE1, 0xDC, 0x0F, 0x06, 0xA4, 0xF4, 0xD6, 0x9B, 0x0C, 0x0E, 0xED, 0x0D, 0x35, 0x90, 0x25, 0xEF, 0x65, 0xAF, 0x3D, 0x4A, 0x07, 0xCD, 0x1B, 0x5D, 0xA6, 0x7F, 0x69, 0x32, 0xB5 },
+    { 0xAF, 0x64, 0xAB, 0x63, 0x65, 0x9F, 0xB0, 0x0F, 0xCA, 0x80, 0x26, 0xC5, 0xEA, 0xE9, 0x71, 0x8E, 0x6D, 0x38, 0xC3, 0xE9, 0xD9, 0x5E, 0x28, 0x97, 0x27, 0xF3, 0xC6, 0x06, 0x41, 0xC2, 0xB7, 0x4F },
+    { 0x34, 0x05, 0x09, 0x1C, 0x99, 0xE9, 0xE0, 0xF2, 0x31, 0xC0, 0x69, 0x4D, 0x81, 0xA8, 0x3C, 0x9C, 0x3D, 0xDD, 0x42, 0xAF, 0x12, 0x94, 0xC6, 0x8D, 0x26, 0x73, 0x96, 0xA1, 0x13, 0xC3, 0xE0, 0x34 },
+    { 0x13, 0x44, 0xB2, 0x02, 0x24, 0xD7, 0x80, 0xA3, 0xD4, 0xA4, 0xEF, 0x24, 0xE3, 0xFA, 0xA3, 0x7C, 0x28, 0x0C, 0xAC, 0x88, 0x7F, 0x9D, 0x9C, 0x67, 0x8D, 0x27, 0x36, 0x43, 0x70, 0x46, 0xF5, 0xDA },
+    { 0x93, 0xA0, 0x99, 0xD3, 0x23, 0xA3, 0xE1, 0xAF, 0xDF, 0x6C, 0x6C, 0x03, 0x4E, 0x9D, 0x09, 0x8B, 0xF6, 0xB1, 0xC5, 0xFF, 0x24, 0x8D, 0x3A, 0x2F, 0xF2, 0xF1, 0x62, 0xD0, 0xAD, 0xDD, 0x29, 0x2A },
+    { 0xF2, 0xD4, 0xF9, 0xCC, 0xCF, 0x06, 0x5D, 0x98, 0xAD, 0xEC, 0xE9, 0x2D, 0x60, 0x32, 0xB0, 0x3B, 0x55, 0x0D, 0xF4, 0x15, 0x96, 0x3F, 0xAF, 0x58, 0xA7, 0x14, 0x90, 0x48, 0x64, 0x70, 0xA5, 0xCB },
+    { 0xC0, 0xED, 0xCB, 0xEC, 0x75, 0xCF, 0xEC, 0xDD, 0x76, 0xF9, 0x4B, 0xFD, 0xFC, 0xFF, 0x00, 0x34, 0x04, 0x63, 0x85, 0x3F, 0x33, 0x59, 0x92, 0xC7, 0xCB, 0x75, 0x14, 0x6C, 0x53, 0x57, 0xD6, 0x78 },
+    { 0x01, 0x18, 0x45, 0x64, 0xCE, 0x92, 0xF8, 0x98, 0x7A, 0x61, 0x2A, 0x97, 0x6F, 0x16, 0xCF, 0xB2, 0x3F, 0x0F, 0x85, 0x18, 0x80, 0xEC, 0xE4, 0x09, 0xF4, 0x51, 0xD6, 0x09, 0x94, 0xA5, 0xAE, 0x05 },
+    { 0x06, 0x95, 0xC3, 0x96, 0xD8, 0x92, 0xF5, 0xFF, 0x33, 0x43, 0x36, 0xDB, 0xE7, 0x7D, 0x06, 0x89, 0xAB, 0xDB, 0x58, 0x3D, 0x18, 0x57, 0xF5, 0xCE, 0x5D, 0x10, 0x4D, 0x92, 0x62, 0x66, 0x26, 0x3B },
+    { 0xB1, 0x9F, 0xB8, 0x14, 0xC4, 0xBF, 0xCC, 0xA2, 0x79, 0x14, 0xDD, 0x9B, 0xFD, 0x7F, 0x96, 0x04, 0x62, 0xCE, 0xE9, 0x0C, 0xE0, 0xC7, 0xC9, 0x2E, 0x1C, 0x7D, 0xFE, 0xA2, 0xE8, 0x4B, 0x36, 0xD4 },
+    { 0x17, 0x8A, 0x79, 0x38, 0xD9, 0x6D, 0x88, 0x62, 0x36, 0xCC, 0x20, 0x0F, 0xA8, 0x1E, 0x33, 0xC5, 0xFF, 0x53, 0xD2, 0xDC, 0x49, 0xCD, 0xA9, 0xD4, 0x84, 0x17, 0x68, 0xC5, 0xD9, 0x63, 0xA1, 0xF0 },
+    { 0x19, 0x8D, 0xC0, 0x16, 0x39, 0x9E, 0xDB, 0xA3, 0xD3, 0xE6, 0x34, 0x03, 0xB2, 0x10, 0xD0, 0xCC, 0x49, 0xD7, 0xE1, 0x49, 0xEE, 0x41, 0xF3, 0x10, 0xBA, 0x02, 0xEB, 0x08, 0x8E, 0x24, 0x65, 0x04 },
+    { 0x80, 0xBA, 0xA1, 0xDC, 0x93, 0xB6, 0xAF, 0xC2, 0x78, 0x3A, 0x4B, 0xF8, 0xA8, 0x23, 0x05, 0x10, 0xD9, 0xFF, 0xA6, 0x71, 0x27, 0x6C, 0x42, 0x36, 0xC4, 0x4E, 0x17, 0xFF, 0xDD, 0xCC, 0x37, 0xE6 },
+    { 0x1C, 0xA8, 0x4D, 0x79, 0xAC, 0x11, 0x00, 0x58, 0xAC, 0x53, 0x8A, 0xAF, 0xA2, 0x88, 0x06, 0xDB, 0x42, 0xDF, 0x2F, 0x41, 0x9F, 0x10, 0x4E, 0xE3, 0xA1, 0xFB, 0x53, 0xA2, 0xF6, 0xA6, 0x8C, 0xB7 },
+    { 0x2F, 0xB6, 0xDE, 0x6F, 0xB2, 0x87, 0xCC, 0xD3, 0x01, 0xC7, 0x70, 0xA0, 0x3B, 0xC7, 0xB7, 0x76, 0xFD, 0x4A, 0xE7, 0xAB, 0x2E, 0xA6, 0x0A, 0xDE, 0xFA, 0xD6, 0x74, 0x83, 0x09, 0x1E, 0x6D, 0x7D },
+    { 0x42, 0xF7, 0x0D, 0x4B, 0x7C, 0x9C, 0x8B, 0xE8, 0x7B, 0xD2, 0x3A, 0x86, 0x9C, 0x28, 0x64, 0x60, 0xA2, 0x2C, 0xC4, 0xC4, 0xEE, 0xD6, 0xC2, 0x92, 0xF0, 0x09, 0xE3, 0x53, 0x67, 0x30, 0xDB, 0xC5 },
+    { 0x21, 0x3D, 0xB6, 0x97, 0x6F, 0xD4, 0xBA, 0x50, 0x55, 0x32, 0x23, 0x38, 0x5F, 0x95, 0x89, 0x51, 0x22, 0x9B, 0x3A, 0xA2, 0xEC, 0xFE, 0xCE, 0x62, 0x97, 0xC5, 0xD4, 0xDC, 0x4C, 0x2E, 0x1A, 0x10 },
+    { 0xB6, 0xAC, 0x86, 0x63, 0x32, 0xF2, 0x52, 0x93, 0xCA, 0x12, 0x76, 0x61, 0x97, 0x8E, 0xFF, 0x79, 0x7E, 0x70, 0x70, 0x09, 0x2E, 0x31, 0x3E, 0xC3, 0x77, 0x79, 0xB4, 0x25, 0x52, 0xAA, 0x9F, 0xA6 },
+    { 0x2C, 0x5C, 0x2C, 0x25, 0xE1, 0xB1, 0x75, 0x99, 0x6B, 0x51, 0x4C, 0x2B, 0x0E, 0xB8, 0x95, 0x9B, 0x2D, 0x0A, 0x07, 0x46, 0x4C, 0x82, 0x4B, 0x4C, 0xE5, 0xDC, 0x4B, 0x98, 0x57, 0xE6, 0xAA, 0x39 },
+    { 0x5F, 0x3A, 0xC8, 0x00, 0xBB, 0x46, 0x00, 0xAF, 0x6F, 0x30, 0xC6, 0xF7, 0x21, 0x8F, 0x9C, 0xF4, 0x5B, 0x28, 0x8E, 0xFA, 0x19, 0xC9, 0xAC, 0x21, 0x6A, 0x47, 0x0A, 0x9F, 0x6D, 0x38, 0xEF, 0x63 },
+    { 0x48, 0xB7, 0xD5, 0xF4, 0xFD, 0x19, 0x30, 0x86, 0x9C, 0x88, 0x8C, 0x01, 0xD8, 0xEC, 0x53, 0xB3, 0xEE, 0x04, 0xB3, 0xAB, 0x9E, 0xD1, 0x93, 0x7C, 0xA6, 0xE7, 0x10, 0x44, 0x1B, 0xAE, 0x3A, 0xB0 },
+    { 0x09, 0x02, 0xCF, 0xCE, 0x0A, 0xBC, 0x9D, 0x25, 0xC2, 0x8E, 0x59, 0x35, 0x83, 0x30, 0x15, 0x06, 0xAE, 0x48, 0xBE, 0x8C, 0x5F, 0x8D, 0xBA, 0x94, 0x93, 0xBB, 0xF0, 0x54, 0x3F, 0xAC, 0x78, 0x90 },
+    { 0x9C, 0x2F, 0x86, 0xED, 0xD2, 0xA8, 0x5D, 0x66, 0xCD, 0x07, 0xA1, 0xA3, 0x44, 0x4C, 0x8E, 0x73, 0x2B, 0x2F, 0x71, 0xCD, 0x54, 0xE2, 0x37, 0x99, 0x77, 0xD5, 0xA6, 0x88, 0xFA, 0x5F, 0xEB, 0xBC },
+    { 0x91, 0x7B, 0x16, 0xDD, 0x9A, 0x2E, 0x69, 0xF7, 0xF5, 0x3C, 0xE2, 0x90, 0xEF, 0x00, 0x27, 0xB7, 0xAC, 0x08, 0xBC, 0x04, 0x6D, 0x5E, 0x58, 0x43, 0x94, 0xE4, 0x4A, 0x5A, 0xD6, 0x38, 0xB0, 0xE1 },
+    { 0xF2, 0xDE, 0xB9, 0x33, 0x62, 0xBA, 0xDB, 0x31, 0x30, 0x53, 0x9C, 0xB4, 0x75, 0xF5, 0x17, 0xF1, 0xE7, 0x6A, 0x6C, 0xE7, 0x9B, 0x2D, 0xD8, 0x39, 0x0E, 0xFE, 0x40, 0x95, 0x7F, 0xC4, 0xAD, 0xC7 },
+    { 0x52, 0xF6, 0x69, 0x17, 0x58, 0x18, 0x2C, 0xD7, 0x75, 0x0B, 0x6B, 0x62, 0xF1, 0x82, 0x97, 0x1B, 0x61, 0xF7, 0xF3, 0x79, 0x98, 0xB8, 0x78, 0x00, 0x16, 0x2D, 0xD6, 0x1D, 0x38, 0x15, 0xC8, 0x98 },
+    { 0x60, 0x57, 0x5C, 0x1B, 0xF9, 0xBD, 0x7F, 0xD5, 0x89, 0x5D, 0xBB, 0x8E, 0xDB, 0xC4, 0xDD, 0xFE, 0x9C, 0x2B, 0x50, 0x18, 0x24, 0xCE, 0x89, 0xCB, 0x34, 0x32, 0xE2, 0xF6, 0xB2, 0x14, 0x57, 0xC9 },
+    { 0xE2, 0x2C, 0x84, 0x2A, 0xFB, 0xFB, 0x25, 0xA0, 0x52, 0x4E, 0xA3, 0x99, 0x9D, 0x23, 0x52, 0x8B, 0xF7, 0x88, 0x20, 0x15, 0x2E, 0x53, 0x81, 0x70, 0x7E, 0x4D, 0x31, 0xE9, 0x1A, 0xE8, 0x03, 0x4E },
+    { 0x5F, 0x67, 0x1E, 0x5C, 0xEA, 0xC6, 0x44, 0xC5, 0x1F, 0x91, 0xF6, 0xFF, 0xE4, 0x18, 0x0B, 0x2F, 0xC6, 0xA8, 0x61, 0xA5, 0x4A, 0x97, 0xC3, 0xCF, 0x44, 0x8E, 0xF6, 0xEE, 0x6D, 0xDB, 0xEF, 0x45 },
+    { 0xE5, 0x86, 0x25, 0x4A, 0x3A, 0xE3, 0x2D, 0xAF, 0xC0, 0x37, 0xC3, 0x44, 0xB6, 0xD6, 0x66, 0x51, 0x45, 0x78, 0xE2, 0x3F, 0x0D, 0xF1, 0x67, 0xAE, 0x5C, 0xE3, 0x24, 0x80, 0xEE, 0x49, 0x38, 0x08 },
+    { 0x5C, 0xA0, 0x55, 0x44, 0xE2, 0x4A, 0x53, 0xF2, 0x28, 0x75, 0x26, 0xE7, 0x2B, 0x07, 0x59, 0xD2, 0x3C, 0x8D, 0x56, 0x3B, 0x13, 0x6F, 0x3C, 0xA7, 0x14, 0x32, 0x40, 0xC7, 0x97, 0xD3, 0x55, 0x1E },
+    { 0xA0, 0xA2, 0xB4, 0x16, 0xA8, 0x4B, 0xFC, 0xBD, 0x22, 0xF1, 0xBF, 0xBB, 0xFA, 0xB3, 0xBA, 0xCC, 0xEB, 0x7D, 0xEB, 0x45, 0x81, 0xCA, 0xEA, 0x06, 0x82, 0x6C, 0x5D, 0xDF, 0xF8, 0x44, 0xD4, 0xD4 },
+    { 0xA7, 0xEF, 0x83, 0x22, 0xEC, 0x94, 0x90, 0xF0, 0xE8, 0x24, 0x09, 0xE0, 0x8D, 0x92, 0xEB, 0x1C, 0x15, 0x09, 0x32, 0x8E, 0x3B, 0xA2, 0x57, 0xFA, 0xBF, 0x98, 0x24, 0x0E, 0xB1, 0x2F, 0x56, 0x5D },
+    { 0x1E, 0xC2, 0x9B, 0x52, 0x5B, 0x24, 0xC3, 0xE5, 0xA8, 0xE9, 0xC8, 0x2B, 0xCF, 0xA8, 0x17, 0xC7, 0x02, 0xF4, 0x16, 0x82, 0x00, 0x0E, 0xD2, 0xCD, 0xF4, 0x75, 0x88, 0xD9, 0x24, 0xCF, 0xC3, 0xDB },
+    { 0xD6, 0x34, 0xC9, 0x29, 0x1F, 0x23, 0x48, 0x8F, 0x63, 0x01, 0x46, 0x6C, 0x95, 0xC0, 0x1E, 0x62, 0x77, 0xA9, 0x66, 0x5A, 0x89, 0x73, 0x77, 0xB4, 0x52, 0x8D, 0x2F, 0xED, 0x8E, 0xCF, 0x67, 0x01 },
+    { 0xF1, 0x4A, 0xD9, 0x3E, 0x65, 0x77, 0xDD, 0x06, 0xE8, 0x9C, 0x71, 0xD7, 0xEF, 0x26, 0x35, 0x83, 0xFF, 0xFE, 0xBD, 0x29, 0xE0, 0xB4, 0x34, 0x24, 0x3C, 0xD4, 0x1E, 0xB2, 0xF6, 0xC2, 0x43, 0xC5 },
+    { 0x2E, 0x98, 0xE5, 0x40, 0x47, 0xBF, 0x6B, 0x3E, 0xE4, 0xCD, 0x19, 0xFD, 0x68, 0xC2, 0xB6, 0x9C, 0x92, 0x10, 0xE5, 0xA4, 0x57, 0x90, 0xB8, 0x8E, 0x3F, 0x29, 0x85, 0x94, 0xAD, 0x67, 0x34, 0x3F },
+    { 0x39, 0x91, 0x3A, 0xF8, 0xED, 0x6F, 0x8A, 0x54, 0x40, 0x22, 0x28, 0x40, 0xDB, 0x1C, 0x62, 0xEE, 0xD6, 0x4D, 0x65, 0x03, 0xEA, 0x96, 0x39, 0x9D, 0xD1, 0x51, 0xFC, 0xF0, 0x66, 0x55, 0x53, 0x7F },
+    { 0x4D, 0x48, 0x74, 0xA3, 0xEB, 0x2A, 0x22, 0x04, 0x0C, 0x21, 0x91, 0xCE, 0x91, 0x6B, 0x2D, 0xA9, 0x20, 0x05, 0xCB, 0xC0, 0x09, 0xBF, 0xAB, 0xAB, 0xDD, 0x38, 0x0D, 0xC9, 0x76, 0x80, 0x8F, 0xD6 },
+    { 0xE9, 0xD5, 0xD1, 0xBC, 0x7E, 0xEA, 0x49, 0xBD, 0x2D, 0x16, 0x5B, 0x35, 0x87, 0xD0, 0x04, 0xCD, 0x2B, 0x85, 0xD2, 0x07, 0xBA, 0x19, 0xDA, 0xFF, 0x96, 0x0B, 0xF5, 0xD1, 0x75, 0xDD, 0xC1, 0xE2 },
+    { 0xE2, 0x6B, 0x4E, 0x7B, 0xA4, 0xF3, 0x63, 0x79, 0xB8, 0x94, 0x72, 0x98, 0x0A, 0xBB, 0xC1, 0x62, 0xCE, 0xA5, 0x63, 0x64, 0x0D, 0xFA, 0x4F, 0xB9, 0x37, 0xC4, 0xC7, 0xA9, 0xD9, 0x22, 0x24, 0xE7 },
+    { 0x89, 0x7A, 0xFB, 0xC7, 0x74, 0x31, 0xF5, 0x20, 0x1D, 0xD9, 0xB5, 0x72, 0x67, 0x78, 0x26, 0x2D, 0x2E, 0x7A, 0x1E, 0x16, 0x83, 0xAB, 0x27, 0x6D, 0x53, 0x42, 0x18, 0x8C, 0xD7, 0x3E, 0xE3, 0xEC },
+    { 0x02, 0x2A, 0xBD, 0xB2, 0x74, 0x54, 0x8F, 0xDD, 0xEA, 0xD7, 0xA1, 0x71, 0x65, 0xC0, 0x2A, 0x0B, 0x6C, 0xE9, 0xB9, 0x4D, 0x77, 0xEF, 0x03, 0xE2, 0xD6, 0x16, 0xAA, 0x01, 0xD5, 0x54, 0x03, 0x62 },
+    { 0x02, 0x4B, 0xD6, 0x38, 0x2F, 0x13, 0x4E, 0x47, 0xDC, 0x2A, 0x1F, 0x0B, 0x9A, 0xAD, 0x8B, 0x29, 0x16, 0x53, 0xBC, 0x20, 0xE5, 0x19, 0x7A, 0x54, 0x42, 0xA0, 0x33, 0x5D, 0xD2, 0xEE, 0x40, 0x3C },
+    { 0xD8, 0x8A, 0x3D, 0xC7, 0x02, 0x20, 0x89, 0xEA, 0xA3, 0x30, 0x91, 0x0A, 0x1D, 0xB4, 0xD5, 0x76, 0x06, 0xB4, 0x76, 0x59, 0x02, 0xA2, 0x8A, 0xE3, 0xE3, 0xA3, 0x4D, 0xEE, 0x26, 0x55, 0x0F, 0x1C },
+    { 0xC5, 0x11, 0xB0, 0xDD, 0x90, 0x66, 0x2E, 0xF6, 0x40, 0xD4, 0x17, 0xED, 0x6F, 0x67, 0x2D, 0x5A, 0xB2, 0x16, 0xD0, 0x20, 0x03, 0xD3, 0x65, 0xE6, 0x65, 0x3C, 0x1A, 0x82, 0x6A, 0x9A, 0xFE, 0xC2 },
+    { 0x20, 0x3C, 0x1F, 0x7B, 0xD2, 0xC3, 0xAA, 0x84, 0x1F, 0x16, 0x99, 0x11, 0x00, 0x2B, 0xF1, 0xA9, 0xC9, 0x26, 0xE4, 0xFA, 0x79, 0x56, 0xB1, 0xC3, 0x53, 0xD8, 0x2D, 0xC1, 0xB5, 0x4A, 0x70, 0xD9 },
+    { 0xDA, 0xDD, 0x52, 0x89, 0x29, 0x65, 0x7A, 0xF0, 0x94, 0x04, 0xEA, 0x4B, 0x93, 0xA3, 0x8B, 0x55, 0x5C, 0x56, 0x23, 0x48, 0x0F, 0x0A, 0x46, 0x74, 0xBE, 0x58, 0xAB, 0xEE, 0x84, 0x71, 0x1C, 0x25 },
+    { 0x10, 0xD7, 0xFA, 0x16, 0x87, 0xDD, 0xFE, 0xF8, 0xE9, 0x50, 0x85, 0xAF, 0xCA, 0x2F, 0x48, 0xBB, 0x4E, 0xE2, 0xB7, 0x76, 0xA9, 0x43, 0xC3, 0x4A, 0x08, 0xB7, 0x62, 0x02, 0x5D, 0x15, 0x1A, 0xA3 },
+    { 0x29, 0x0F, 0x94, 0x28, 0xEF, 0xF2, 0x91, 0x72, 0x4A, 0x2A, 0x3A, 0x8A, 0xDB, 0x2A, 0x0B, 0x7D, 0xDA, 0xFE, 0x06, 0xCB, 0x2D, 0x5E, 0xAF, 0xD1, 0xB4, 0xDA, 0x66, 0x17, 0x24, 0x45, 0xFE, 0x79 },
+    { 0x4C, 0x59, 0x0E, 0xC6, 0x72, 0xC6, 0x83, 0xCA, 0x9A, 0xD2, 0x46, 0x99, 0x18, 0x64, 0xB4, 0x04, 0x37, 0xF0, 0x94, 0xF4, 0x27, 0xB8, 0xE7, 0xE9, 0xBA, 0x21, 0xB0, 0xC0, 0x6A, 0xAC, 0xDA, 0xF2 },
+    { 0x25, 0x00, 0x97, 0xB2, 0x1C, 0x30, 0x78, 0xC9, 0xE0, 0x7E, 0x86, 0x15, 0xE4, 0x0E, 0x10, 0xAA, 0xEF, 0x29, 0x29, 0x65, 0x33, 0xBF, 0xA5, 0xB6, 0xDA, 0xF1, 0x96, 0x55, 0x1B, 0x26, 0xB2, 0xA4 },
+    { 0xAE, 0x4D, 0xC3, 0x43, 0x78, 0xF2, 0xF1, 0xD3, 0x9B, 0xC5, 0x35, 0x04, 0xA0, 0x5A, 0x90, 0xD5, 0x63, 0x40, 0xE3, 0xCA, 0x72, 0x3C, 0xBC, 0x6B, 0xD7, 0x98, 0xA2, 0x43, 0xF5, 0xF2, 0x7C, 0x5A },
+    { 0x25, 0x79, 0xC8, 0x64, 0x08, 0x49, 0x38, 0xDF, 0x9D, 0xE7, 0xB7, 0xE0, 0x7B, 0x6A, 0x8B, 0x8A, 0x45, 0x6E, 0x80, 0xE3, 0x0F, 0xDF, 0x9B, 0xEE, 0x9B, 0xEB, 0xB8, 0xFE, 0xDD, 0x6A, 0xEC, 0xC2 },
+    { 0x2D, 0xA7, 0xD5, 0x33, 0xA3, 0xED, 0x29, 0x54, 0x0C, 0x6A, 0x07, 0x60, 0xFC, 0x08, 0x3B, 0x3D, 0x62, 0xA5, 0x81, 0x1A, 0x66, 0x0B, 0x77, 0x2E, 0x46, 0x2E, 0xB5, 0x3F, 0xE5, 0xA9, 0xA5, 0x1B },
+    { 0x3B, 0x63, 0xD8, 0x66, 0x52, 0x33, 0x9C, 0xF1, 0xEE, 0xD6, 0x97, 0x4B, 0x14, 0xBF, 0xD5, 0x7C, 0x1B, 0x56, 0xE7, 0x57, 0x9B, 0xC7, 0x4A, 0xA3, 0xD1, 0x17, 0x51, 0x5E, 0x30, 0xC6, 0x92, 0xE4 },
+    { 0x53, 0x10, 0x43, 0x7E, 0xDC, 0xE9, 0xEC, 0xE2, 0x25, 0xBA, 0x1D, 0x9E, 0x98, 0x77, 0x2E, 0x47, 0x92, 0x85, 0xAC, 0xE5, 0x5C, 0xB2, 0xDB, 0x33, 0xB1, 0xAC, 0x4D, 0x3B, 0x58, 0x65, 0x92, 0xDB },
+    { 0x3B, 0xD7, 0xB3, 0x87, 0x50, 0xAC, 0x25, 0x0F, 0xBA, 0x58, 0xBC, 0x2E, 0x76, 0x59, 0x45, 0x92, 0xF4, 0x84, 0x5F, 0x16, 0xFA, 0x95, 0xF3, 0x33, 0x72, 0x57, 0x6D, 0xAE, 0xFB, 0x61, 0x29, 0xC5 },
+    { 0x85, 0xE6, 0xD5, 0x84, 0x07, 0x93, 0x7B, 0x41, 0xCF, 0x4B, 0x9F, 0xBB, 0x45, 0x03, 0x7C, 0x52, 0x56, 0xEC, 0x4F, 0x6E, 0x34, 0x89, 0xAA, 0x65, 0xF5, 0x4D, 0xAC, 0xFE, 0xC5, 0xD0, 0xDF, 0xC5 },
+    { 0x02, 0xBE, 0x35, 0xF6, 0xC0, 0x13, 0x04, 0xB2, 0x4A, 0x52, 0x1F, 0xBB, 0x90, 0xDC, 0xE8, 0x86, 0x9D, 0x43, 0x51, 0x7C, 0xC8, 0x39, 0xEF, 0x9D, 0x79, 0x80, 0xF0, 0x74, 0xF9, 0x97, 0xEB, 0x80 },
+    { 0xF5, 0x9E, 0x95, 0x42, 0x26, 0xC7, 0x7C, 0x98, 0xD4, 0x6E, 0x05, 0x9B, 0x5B, 0x6A, 0x28, 0xFF, 0x60, 0x6A, 0x8B, 0x3F, 0xFA, 0x79, 0xEE, 0xBA, 0xAC, 0x95, 0x34, 0x8C, 0x3F, 0x8A, 0x94, 0xA7 },
+    { 0x53, 0x16, 0x12, 0x00, 0x58, 0x33, 0x29, 0xE3, 0x83, 0x74, 0x97, 0x05, 0xA7, 0xB5, 0x99, 0xFF, 0x54, 0x60, 0x65, 0x13, 0x86, 0x7E, 0x27, 0xA5, 0x73, 0x3B, 0xD3, 0xD3, 0xC3, 0xF9, 0xBA, 0x6F },
+    { 0x36, 0xE5, 0x52, 0xE8, 0x2C, 0x39, 0x6B, 0x20, 0xC9, 0x24, 0x4A, 0x1D, 0x1C, 0x25, 0x7D, 0xFA, 0xFD, 0xED, 0x11, 0x2D, 0x04, 0x32, 0x0D, 0x96, 0xE6, 0x24, 0x73, 0xA2, 0x23, 0x69, 0x01, 0x1C },
+    { 0x2F, 0x1B, 0xD5, 0x46, 0xD0, 0x0C, 0x97, 0x18, 0xEA, 0x11, 0xA1, 0x0B, 0x20, 0xFF, 0x73, 0x67, 0x5C, 0x47, 0x42, 0x43, 0x48, 0x24, 0xEC, 0x77, 0xCF, 0x01, 0x55, 0xCF, 0xEE, 0x9F, 0x86, 0x7E },
+    { 0xA4, 0x0D, 0xDF, 0xCA, 0xC8, 0x6C, 0xAD, 0x39, 0x2C, 0x78, 0x0B, 0x76, 0x88, 0xEA, 0x60, 0xA3, 0x3C, 0xD1, 0x7A, 0x26, 0xDB, 0x2D, 0x86, 0x38, 0x71, 0x1C, 0xCB, 0x63, 0xB7, 0x4A, 0x10, 0x90 },
+    { 0x8C, 0x0B, 0xCD, 0x5A, 0x39, 0x05, 0xA2, 0x40, 0xCB, 0x33, 0xA0, 0x57, 0xFA, 0xFC, 0x04, 0xA8, 0x2B, 0xDA, 0x5F, 0x9A, 0x44, 0xEC, 0xC9, 0x03, 0xB4, 0x4B, 0x3A, 0x06, 0x00, 0x05, 0x23, 0x97 },
+    { 0x60, 0x74, 0x92, 0x55, 0xA8, 0x5B, 0x95, 0x10, 0xBD, 0x80, 0x38, 0x3B, 0x12, 0x08, 0x48, 0xB7, 0xC1, 0xF4, 0x6E, 0xA2, 0x58, 0xEE, 0x2E, 0x19, 0xA7, 0xC4, 0xED, 0x66, 0x9C, 0x79, 0x5A, 0x83 },
+    { 0xDA, 0x5F, 0x29, 0xCD, 0xE2, 0x8F, 0xB1, 0x9E, 0xC5, 0xEC, 0xE3, 0x27, 0xC3, 0x49, 0x55, 0x24, 0xD9, 0x39, 0x05, 0x77, 0xA3, 0xDF, 0x65, 0x0F, 0x8A, 0xCC, 0x1F, 0x78, 0xC6, 0x8B, 0xCD, 0x4A },
+    { 0x49, 0x24, 0x12, 0x41, 0x94, 0x3F, 0xFB, 0x1E, 0xF2, 0x18, 0x98, 0xE1, 0xB1, 0x35, 0x0E, 0xAB, 0x2A, 0x62, 0x7C, 0x80, 0xD0, 0xBE, 0xAA, 0xF0, 0x5F, 0x77, 0xE2, 0x2C, 0x72, 0x5E, 0x20, 0x57 },
+    { 0x81, 0x84, 0xC0, 0x9B, 0x76, 0x05, 0xFF, 0x21, 0xEA, 0xF5, 0x95, 0xAD, 0x34, 0xBC, 0xCD, 0xE7, 0x97, 0x5C, 0xD3, 0x84, 0xF0, 0xFF, 0x03, 0xB6, 0x97, 0x6F, 0x04, 0x7F, 0xDF, 0x9F, 0x98, 0x1C },
+    { 0x53, 0xA6, 0xE4, 0xE3, 0x70, 0xC1, 0x9B, 0x26, 0xE1, 0xB9, 0x0E, 0x88, 0x93, 0xBE, 0x78, 0xC5, 0x15, 0x1F, 0x50, 0x75, 0x8C, 0x7E, 0xD6, 0x09, 0xC3, 0xFB, 0x88, 0x91, 0x3C, 0xC0, 0xA9, 0xD3 },
+    { 0xAE, 0x74, 0x73, 0xC2, 0xC8, 0x46, 0xED, 0xD2, 0x94, 0x83, 0x49, 0xD9, 0x10, 0x74, 0xD7, 0x75, 0xEC, 0xE1, 0x32, 0xAA, 0x3F, 0x36, 0x7D, 0xEE, 0x34, 0xBF, 0x9A, 0x03, 0xC8, 0xC9, 0x3E, 0x4A },
+    { 0x96, 0xEE, 0xAB, 0x1C, 0x5B, 0xD7, 0x5E, 0xB9, 0xF1, 0x01, 0xCD, 0xFB, 0x65, 0xEF, 0xAD, 0xBB, 0x8A, 0x87, 0x74, 0xF8, 0xA7, 0xC8, 0x24, 0x7C, 0xD1, 0x1F, 0x6F, 0x12, 0x50, 0xBA, 0x0C, 0x2D },
+    { 0x42, 0x32, 0x33, 0xFC, 0x3A, 0x8B, 0x97, 0x22, 0xDA, 0xA1, 0x5F, 0xF4, 0x8B, 0x84, 0x93, 0xA0, 0xDE, 0xD4, 0x3A, 0x86, 0xD2, 0x96, 0x0D, 0x53, 0x2C, 0xA1, 0x74, 0xC4, 0x60, 0x8D, 0xC1, 0x84 },
+    { 0x53, 0x1F, 0x5A, 0x56, 0x2B, 0x17, 0x79, 0x33, 0x93, 0xED, 0x31, 0x28, 0x20, 0x6B, 0x7C, 0x73, 0x4E, 0xF0, 0xBC, 0xA5, 0xCD, 0x91, 0x57, 0x5D, 0x67, 0x3A, 0x27, 0x7E, 0x49, 0x78, 0xB0, 0x54 },
+    { 0xEF, 0x13, 0x06, 0x2E, 0x39, 0x90, 0x5C, 0xA2, 0x53, 0x78, 0x6E, 0x52, 0x6E, 0xAE, 0x01, 0x16, 0xAA, 0x3D, 0x97, 0x25, 0xAF, 0x9A, 0x04, 0x0C, 0xDD, 0xD9, 0xB8, 0xFE, 0xC3, 0xF3, 0x03, 0xE9 },
+    { 0xCE, 0x03, 0xF6, 0xB9, 0xFE, 0x37, 0x6E, 0x3B, 0xC6, 0x72, 0xD4, 0x6E, 0x5D, 0x89, 0x2E, 0xEA, 0xF7, 0x60, 0x79, 0xA8, 0x62, 0xD7, 0x16, 0xA7, 0xC9, 0x24, 0x81, 0xD8, 0xED, 0xC8, 0x11, 0xE1 },
+    { 0x63, 0xCC, 0xC5, 0xA6, 0x21, 0x1E, 0x91, 0xF2, 0xFA, 0xF6, 0xCD, 0x73, 0xD4, 0x58, 0x31, 0x14, 0x97, 0xE4, 0x9B, 0x91, 0x6C, 0x2E, 0x16, 0xCF, 0x4C, 0x86, 0x2E, 0x54, 0x6C, 0x15, 0xE8, 0x95 },
+    { 0x0A, 0xDF, 0x4B, 0xA1, 0x25, 0x0E, 0xB4, 0x15, 0xDE, 0xCF, 0x1B, 0xF1, 0x87, 0x16, 0x3F, 0x73, 0x70, 0xF6, 0x01, 0x8C, 0x5A, 0x2F, 0xD2, 0x9B, 0xF6, 0x9A, 0x6F, 0xE8, 0x3B, 0x0C, 0xB2, 0xF3 },
+    { 0xC8, 0x3B, 0xD1, 0xBB, 0xDD, 0xD0, 0x5E, 0xAF, 0x68, 0x68, 0x90, 0x47, 0x30, 0x9C, 0xE2, 0xEC, 0x57, 0x9E, 0xBF, 0xE3, 0x6C, 0x1B, 0xC0, 0xAF, 0x10, 0xC6, 0x59, 0x29, 0x86, 0xBD, 0xD2, 0x63 },
+    { 0x7E, 0x97, 0xFE, 0xB6, 0x5D, 0xB6, 0x05, 0x55, 0x2D, 0x42, 0x32, 0x0D, 0x1C, 0xB0, 0x60, 0x16, 0xB1, 0x40, 0x76, 0xD3, 0x34, 0x88, 0x2D, 0x84, 0x3B, 0x02, 0x11, 0x76, 0xA4, 0x93, 0x5F, 0x4B },
+    { 0xAF, 0x36, 0xAA, 0x5B, 0x5C, 0xDC, 0xD6, 0xDF, 0x35, 0x69, 0xD0, 0x00, 0x84, 0xC7, 0x2F, 0x1E, 0xED, 0x51, 0xCE, 0xEE, 0x5A, 0xA0, 0xE1, 0x3E, 0xAA, 0x63, 0x95, 0x74, 0x2C, 0xAA, 0xE4, 0x50 },
+    { 0x5E, 0x51, 0xB2, 0x6B, 0xC8, 0xE3, 0xBA, 0x0D, 0x40, 0xEC, 0x3F, 0x37, 0xAE, 0x48, 0x13, 0x70, 0xE4, 0x11, 0xF8, 0x61, 0xAA, 0xE3, 0xCF, 0x05, 0x97, 0x61, 0x44, 0x38, 0x1B, 0x0A, 0xAB, 0xC3 },
+    { 0x06, 0xDA, 0xCF, 0x9A, 0x6A, 0x58, 0xD2, 0x2C, 0x39, 0xC1, 0x0E, 0x85, 0xC7, 0xE6, 0x75, 0xB8, 0x82, 0xD0, 0xDB, 0x5E, 0x9A, 0x2E, 0x3D, 0xE2, 0x0F, 0xF1, 0x98, 0x3E, 0xD9, 0x01, 0x07, 0xD6 },
+    { 0x8C, 0xBC, 0xEF, 0x35, 0x65, 0x92, 0x37, 0x8E, 0x7F, 0xBC, 0xCF, 0x10, 0xC7, 0x5B, 0xB2, 0x64, 0x37, 0x21, 0xF5, 0x8B, 0x08, 0x46, 0xDA, 0xA3, 0xDF, 0x0C, 0x1E, 0x57, 0x6C, 0x1C, 0xC5, 0x4B },
+    { 0x2F, 0xAB, 0xF8, 0x70, 0x11, 0x52, 0xAC, 0xC8, 0xE1, 0x52, 0x85, 0xA0, 0x8B, 0x7B, 0x75, 0x48, 0x6E, 0x61, 0x91, 0x84, 0xE9, 0xB2, 0x5A, 0x42, 0x1C, 0x6E, 0x93, 0x4C, 0xFE, 0x3A, 0xA6, 0x50 },
+    { 0xA7, 0x1E, 0x51, 0xCF, 0x7E, 0xD7, 0xAF, 0xBF, 0x23, 0x6E, 0x0B, 0x81, 0x4E, 0x0D, 0x0E, 0xC4, 0x3C, 0xE6, 0x74, 0x07, 0x52, 0x3B, 0xC0, 0x20, 0x34, 0xD2, 0xB8, 0x56, 0xAA, 0xAE, 0x49, 0x93 },
+    { 0x39, 0x2D, 0x14, 0xB2, 0xBD, 0x1B, 0xFB, 0x11, 0x4B, 0x2F, 0xE7, 0xDB, 0xC1, 0x2E, 0xC0, 0x71, 0x54, 0x36, 0xAE, 0x78, 0x59, 0x9C, 0xE1, 0x61, 0x95, 0xC2, 0x0E, 0xCD, 0xB9, 0x21, 0x94, 0xDB },
+    { 0xDF, 0x14, 0x9B, 0x56, 0x09, 0x9D, 0x7D, 0x72, 0x2B, 0xBC, 0xAF, 0xFE, 0xF8, 0x2F, 0xD1, 0x3A, 0x4D, 0x7B, 0x27, 0xA0, 0xA7, 0x5E, 0xDE, 0x3C, 0x01, 0xEE, 0x0C, 0xDB, 0x54, 0x27, 0x73, 0xF7 },
+    { 0x8E, 0x64, 0xD4, 0xA1, 0x63, 0xF1, 0x0F, 0xCB, 0xFE, 0x95, 0x53, 0xE9, 0x6E, 0x4E, 0xE4, 0xE1, 0x07, 0x8C, 0xAB, 0x9F, 0x51, 0xED, 0x62, 0x7F, 0x6C, 0x22, 0x27, 0xFB, 0xE4, 0x16, 0x12, 0xC3 },
+    { 0xCA, 0xB0, 0xC4, 0xEA, 0xA4, 0x3A, 0xF7, 0x2D, 0xFD, 0x37, 0x8A, 0x0D, 0x05, 0x96, 0xE8, 0xA9, 0x3D, 0x5F, 0x9E, 0x9D, 0x8A, 0xF8, 0xB5, 0x47, 0xFB, 0xB0, 0xB5, 0x71, 0xC3, 0xD8, 0xAE, 0x85 },
+    { 0x07, 0x3D, 0x87, 0xA3, 0x0A, 0x98, 0x5F, 0x53, 0x82, 0xB2, 0xFF, 0x34, 0x4C, 0xCD, 0x1B, 0xAB, 0xC1, 0xB9, 0xE1, 0x97, 0xE6, 0xF4, 0xD7, 0x71, 0x78, 0xF0, 0x96, 0x93, 0xD9, 0xA5, 0xA4, 0x7D },
+    { 0xC9, 0x87, 0xA1, 0x8C, 0xD3, 0x50, 0x3F, 0x83, 0x30, 0x44, 0x14, 0x50, 0xAD, 0x0F, 0xE2, 0xC4, 0xEA, 0xC7, 0xF6, 0x3D, 0xC9, 0xE6, 0x50, 0xA7, 0xEA, 0x22, 0x41, 0xD7, 0x2E, 0x05, 0xE9, 0xF9 },
+    { 0xAF, 0x44, 0x71, 0x82, 0xC0, 0xA6, 0x65, 0x51, 0xED, 0x70, 0x04, 0xAC, 0x8E, 0xD1, 0x9E, 0xA9, 0x21, 0x54, 0xE0, 0x87, 0x96, 0x42, 0xC4, 0xC1, 0xA9, 0x20, 0xDC, 0xB2, 0xF8, 0xA9, 0xEC, 0xFA },
+    { 0xD2, 0x20, 0x63, 0x9D, 0xB0, 0x44, 0x98, 0xCF, 0xBC, 0x35, 0x80, 0xB3, 0x97, 0xB8, 0xE0, 0x4F, 0x7B, 0x0D, 0xE2, 0x4F, 0x16, 0x90, 0xA9, 0x85, 0x4E, 0xAD, 0x15, 0xCC, 0xD7, 0xEA, 0x6D, 0x38 },
+    { 0x1F, 0x64, 0xB2, 0x58, 0x8B, 0xE5, 0x31, 0x8A, 0xB1, 0xE5, 0x01, 0x00, 0x97, 0xB2, 0xB7, 0x4E, 0x31, 0x3F, 0xEA, 0x99, 0xA0, 0x41, 0xEE, 0x4E, 0x09, 0x43, 0x94, 0x1B, 0x20, 0x36, 0xA7, 0x9D },
+    { 0x78, 0x4F, 0x8D, 0x19, 0x35, 0x18, 0xFE, 0x4B, 0x6F, 0x86, 0xA9, 0x1D, 0x87, 0x1B, 0x35, 0x42, 0x48, 0x07, 0xA8, 0xFB, 0x09, 0x96, 0x6E, 0x57, 0xBE, 0x91, 0x70, 0x16, 0x2A, 0x71, 0x98, 0x67 },
+    { 0x9E, 0xB4, 0xCD, 0xEB, 0x1F, 0xD8, 0xB3, 0x8A, 0xC3, 0xC7, 0x8A, 0x99, 0x94, 0xAD, 0xEC, 0x29, 0xB9, 0x33, 0x5C, 0xCE, 0xF2, 0x09, 0x9B, 0xDE, 0xCD, 0x97, 0x46, 0x7E, 0xC8, 0xCB, 0xB1, 0x40 },
+    { 0x2B, 0x3E, 0xF4, 0x50, 0xD3, 0xF0, 0xDA, 0x47, 0x0F, 0x72, 0x2D, 0x0D, 0xB3, 0x94, 0x64, 0x1B, 0x88, 0x65, 0xD2, 0x16, 0x60, 0x87, 0x1C, 0xDD, 0x48, 0xC4, 0x8A, 0xAC, 0xCC, 0xBF, 0x17, 0xA8 },
+    { 0x25, 0xEB, 0xD7, 0xF8, 0x16, 0x47, 0x7A, 0x96, 0x5A, 0xB5, 0x7B, 0x74, 0x94, 0x37, 0x16, 0x0A, 0x8D, 0xD3, 0x70, 0xF7, 0xB4, 0xB8, 0x55, 0xA5, 0xB2, 0x3B, 0x25, 0x7B, 0xAA, 0x64, 0x18, 0x71 },
+    { 0xDA, 0x66, 0x61, 0xAE, 0x4F, 0x09, 0xDE, 0xA6, 0x4F, 0xD1, 0x56, 0x8B, 0x2E, 0xD1, 0x25, 0x4E, 0xA8, 0xC9, 0x44, 0x52, 0xD1, 0x15, 0x8E, 0x2F, 0x50, 0x4C, 0x5C, 0xB2, 0x50, 0x6C, 0xA5, 0xE1 },
+    { 0xC8, 0xC3, 0xE6, 0xF0, 0xEE, 0xA6, 0xDA, 0x34, 0x3F, 0xDF, 0x59, 0x2F, 0x0D, 0x53, 0x2B, 0x4D, 0x85, 0x74, 0x17, 0xC3, 0x38, 0xC9, 0xBC, 0xB2, 0xF0, 0x98, 0xAC, 0xB9, 0x59, 0x2C, 0x6F, 0x72 },
+    { 0x70, 0xDF, 0xCD, 0x34, 0xA0, 0xE4, 0x67, 0xCB, 0xBB, 0x91, 0x72, 0x23, 0xB8, 0x6B, 0xCB, 0x31, 0x4D, 0x3C, 0x4C, 0x58, 0x98, 0x45, 0x9A, 0x9A, 0xB7, 0x11, 0x4D, 0x37, 0x42, 0xE3, 0x56, 0x08 },
+    { 0x10, 0xD0, 0x3D, 0x8E, 0xF0, 0x5F, 0xEE, 0x57, 0x70, 0xFE, 0x77, 0x54, 0x02, 0xE1, 0x48, 0x14, 0xB9, 0xFE, 0xA6, 0x5D, 0x28, 0x8A, 0x33, 0x1C, 0x2D, 0xAE, 0xF4, 0xAA, 0x82, 0xEC, 0xF5, 0xA9 },
+    { 0x75, 0x0B, 0x27, 0xCB, 0x3A, 0x04, 0x3C, 0x49, 0xD1, 0xEF, 0x3F, 0xC4, 0x15, 0x29, 0x07, 0xCC, 0x2B, 0x73, 0x84, 0x80, 0x0A, 0x79, 0xA1, 0xEC, 0x49, 0x08, 0x0D, 0x36, 0x2D, 0x3A, 0xEB, 0xCD },
+    { 0xF4, 0xE1, 0x4D, 0x4E, 0x5A, 0x5F, 0xA0, 0x3E, 0x80, 0x61, 0x64, 0x0F, 0x37, 0x1E, 0xF4, 0xFF, 0xA6, 0x77, 0x18, 0x15, 0x62, 0xA3, 0xE2, 0x0D, 0xF8, 0xBB, 0x05, 0xF0, 0xED, 0xB5, 0xF2, 0x8A },
+    { 0xF5, 0xE0, 0x2F, 0xD9, 0xF4, 0x6F, 0x09, 0xBB, 0x77, 0x74, 0x00, 0x08, 0x35, 0xB1, 0xBA, 0xE5, 0x17, 0xB7, 0x33, 0x41, 0xBC, 0xC5, 0x24, 0x0E, 0x89, 0xD2, 0x71, 0x2F, 0x49, 0x87, 0xE0, 0x43 },
+    { 0x1A, 0x2F, 0x45, 0x4E, 0x43, 0x5D, 0xC5, 0xF8, 0x61, 0xFF, 0x4E, 0x34, 0xF0, 0x6D, 0x3D, 0x58, 0x21, 0xEE, 0xBD, 0xB6, 0x18, 0x31, 0x5A, 0xE4, 0xDE, 0xA8, 0xFF, 0x93, 0xCC, 0x53, 0x90, 0xE2 },
+    { 0x10, 0x33, 0xAF, 0xA1, 0x7D, 0x6B, 0x00, 0xB6, 0xD1, 0xFD, 0xE5, 0xCD, 0xC2, 0x05, 0x14, 0xEC, 0x13, 0x6B, 0xF4, 0xA5, 0xCB, 0xEA, 0xBF, 0x97, 0x7B, 0xCF, 0xCA, 0xDE, 0x64, 0x6F, 0xEA, 0xF5 },
+    { 0xC8, 0x42, 0xF4, 0x52, 0x38, 0x32, 0xDA, 0xE9, 0xC5, 0x9F, 0x29, 0x15, 0xE9, 0x1B, 0xAA, 0x46, 0x8A, 0xA4, 0x6C, 0x3F, 0x40, 0x81, 0xA0, 0x92, 0x52, 0xA7, 0x87, 0x0C, 0x22, 0xCD, 0xD1, 0x52 },
+    { 0x53, 0x31, 0x67, 0xF3, 0x83, 0x9F, 0x74, 0x72, 0xBE, 0x9F, 0x11, 0xFE, 0xA9, 0x81, 0x96, 0xAA, 0x51, 0x14, 0xED, 0xEE, 0x45, 0x3C, 0x0E, 0xF6, 0x33, 0xC0, 0xFD, 0x31, 0x99, 0x66, 0xC2, 0xE9 },
+    { 0x6E, 0xD2, 0xED, 0xED, 0xB0, 0xEC, 0x3C, 0x4A, 0xF7, 0xA2, 0x20, 0xEE, 0x2F, 0x02, 0x3A, 0x76, 0xBE, 0xB3, 0xE6, 0x43, 0xF2, 0x78, 0x8D, 0x6C, 0xC3, 0x21, 0xE5, 0x94, 0xF8, 0xB0, 0x2B, 0x21 },
+    { 0x9B, 0x66, 0x80, 0xB2, 0xCD, 0x0B, 0xCF, 0x4E, 0x68, 0x2D, 0xAD, 0x83, 0xE2, 0x83, 0x48, 0xD3, 0xF0, 0x9C, 0x50, 0x03, 0x81, 0x21, 0x50, 0x41, 0xB9, 0xC8, 0xFA, 0xBB, 0xFA, 0x6C, 0x7D, 0x1F },
+    { 0x87, 0x08, 0x51, 0x02, 0xD4, 0xFC, 0xA7, 0x37, 0xD5, 0xB0, 0x8D, 0x4C, 0x5B, 0xBB, 0xD8, 0xD5, 0xCE, 0x39, 0xCE, 0x39, 0xDD, 0x17, 0xF7, 0x22, 0x20, 0xC7, 0xD6, 0x44, 0x9D, 0x8B, 0x90, 0x1E },
+    { 0x96, 0xCA, 0x46, 0x48, 0xF4, 0xE8, 0xB9, 0xBC, 0x69, 0xA2, 0x77, 0x10, 0x51, 0x8C, 0x80, 0x84, 0xFA, 0x78, 0xC6, 0xD8, 0xA9, 0xD2, 0x85, 0x5D, 0x79, 0xB3, 0x27, 0x28, 0xAC, 0x93, 0xF3, 0xAD },
+    { 0x20, 0x73, 0x7D, 0x95, 0x19, 0x5C, 0xE1, 0x44, 0xA8, 0xC1, 0x9D, 0x1E, 0xB5, 0x79, 0x6E, 0x30, 0xCA, 0xFA, 0xF7, 0xCB, 0x9E, 0xEC, 0x7A, 0x76, 0x26, 0x06, 0xB2, 0x72, 0x4E, 0xE1, 0x76, 0x24 },
+    { 0x44, 0x6B, 0x90, 0xA6, 0x5A, 0x65, 0x26, 0x7A, 0x45, 0xF9, 0x90, 0x7C, 0x8E, 0x24, 0x03, 0x14, 0x06, 0x28, 0x6A, 0x4D, 0x37, 0x08, 0xE6, 0x25, 0xD9, 0x8B, 0xD6, 0x80, 0xD2, 0xDB, 0x9C, 0x35 },
+    { 0xDE, 0xE9, 0x6A, 0x5E, 0x6C, 0xA4, 0xED, 0xDA, 0xBE, 0x5F, 0xB1, 0x6E, 0xC5, 0xF3, 0x06, 0x85, 0xF7, 0x62, 0x41, 0x77, 0x69, 0x34, 0xB5, 0x4F, 0xF6, 0x40, 0xEF, 0x5F, 0xB1, 0xFF, 0x2F, 0x2F },
+    { 0x34, 0xBB, 0xD2, 0xB8, 0xD0, 0x8F, 0x09, 0xC7, 0x60, 0xF3, 0x29, 0xF3, 0x0B, 0x86, 0x02, 0x43, 0xB1, 0xEC, 0xE5, 0xE7, 0x5A, 0x94, 0x6D, 0x58, 0x68, 0xCC, 0x4A, 0xB6, 0x1F, 0x01, 0x93, 0xF0 },
+    { 0xB1, 0x95, 0xEC, 0x8A, 0x54, 0xF5, 0x8E, 0x15, 0x8D, 0xA1, 0xAF, 0x22, 0xF9, 0xA0, 0x5E, 0xB5, 0xC2, 0x7B, 0x09, 0xE9, 0xFD, 0x03, 0x68, 0x8B, 0x7C, 0xFC, 0x20, 0x8A, 0xE6, 0xD5, 0xDE, 0xD6 },
+    { 0x6D, 0x3E, 0x19, 0x98, 0x0A, 0xE1, 0xB7, 0xE2, 0x72, 0x08, 0x92, 0x65, 0x32, 0x31, 0x82, 0xD2, 0x56, 0x19, 0xF7, 0x55, 0x29, 0x9A, 0x5F, 0x0E, 0x96, 0x03, 0xC1, 0x71, 0xED, 0x7D, 0xC1, 0xF2 },
+    { 0xB9, 0x6D, 0xEA, 0x44, 0x34, 0x61, 0x9F, 0xA8, 0x96, 0x22, 0xD6, 0xDE, 0x76, 0x4F, 0x17, 0x13, 0x2A, 0x0F, 0x9C, 0x65, 0x42, 0xA8, 0xB0, 0xE5, 0x6F, 0xC7, 0xE6, 0x34, 0x7F, 0x0C, 0xE2, 0x77 },
+    { 0xA1, 0xF5, 0x50, 0xA9, 0x86, 0x74, 0x13, 0x56, 0x65, 0x57, 0x67, 0x6C, 0x20, 0xF3, 0x37, 0xC1, 0xEF, 0x7A, 0x8A, 0x98, 0x44, 0x1E, 0xB7, 0xC8, 0xAE, 0x9D, 0xD7, 0xDE, 0xC1, 0xE1, 0xDD, 0x60 },
+    { 0x4B, 0xFE, 0x00, 0x99, 0xB5, 0x2D, 0xA6, 0xD2, 0x52, 0x37, 0xCF, 0xAD, 0xCD, 0x2B, 0xD4, 0x07, 0x15, 0x09, 0xE0, 0xD0, 0xEC, 0xBD, 0x58, 0xA8, 0x7F, 0xE8, 0x36, 0x7B, 0x0D, 0x72, 0xEA, 0x86 },
+    { 0x4E, 0xD2, 0x58, 0x63, 0xB2, 0x39, 0xA6, 0x8A, 0xCD, 0xB4, 0x3B, 0x9C, 0xE2, 0x0A, 0xA9, 0x98, 0x29, 0xEA, 0x18, 0x7D, 0x97, 0x96, 0x53, 0x3F, 0x46, 0x4A, 0xF0, 0xD0, 0x0C, 0x9E, 0xF2, 0x17 },
+    { 0xAC, 0x4E, 0x29, 0x13, 0xFD, 0x99, 0x2D, 0x4B, 0xC6, 0x95, 0xE8, 0x08, 0x55, 0xAF, 0x8A, 0xE2, 0x4D, 0x35, 0x5F, 0x3C, 0xF2, 0xE4, 0xDF, 0xF1, 0x02, 0xD6, 0xB1, 0x4A, 0x2B, 0x6C, 0xAB, 0x8F },
+    { 0xC7, 0x21, 0xAD, 0xA7, 0xA8, 0xD3, 0x1C, 0x9F, 0x0F, 0x84, 0x5D, 0xC7, 0xD4, 0xFD, 0xE2, 0x6D, 0x41, 0x19, 0x53, 0xF6, 0xFE, 0x5E, 0x64, 0x49, 0xB3, 0x8E, 0x29, 0xD3, 0xD2, 0x9C, 0xAB, 0x16 },
+    { 0x2B, 0x85, 0xAD, 0xF8, 0x86, 0xE3, 0x17, 0x06, 0x43, 0xA7, 0xBE, 0x3A, 0x31, 0x2F, 0xBE, 0xD7, 0xDB, 0xAB, 0x88, 0x79, 0x68, 0x64, 0xB4, 0x5E, 0xF0, 0x2D, 0xB4, 0x8C, 0x1F, 0x95, 0x97, 0x11 },
+    { 0x9F, 0x72, 0x5A, 0xD8, 0xE0, 0xE1, 0x82, 0x91, 0x31, 0xFF, 0x0D, 0x76, 0xBC, 0xFA, 0x57, 0x43, 0x1C, 0xD9, 0x33, 0x73, 0x7A, 0x31, 0xD2, 0x0D, 0xDB, 0xA1, 0x77, 0x76, 0x8A, 0xDA, 0x60, 0x67 },
+    { 0x88, 0xEA, 0x04, 0x53, 0x12, 0x56, 0xE8, 0x55, 0x46, 0xEB, 0x03, 0x4F, 0x8F, 0x91, 0x17, 0x88, 0xF0, 0x7F, 0x36, 0xBF, 0xC8, 0x19, 0xD2, 0xD6, 0x8D, 0x61, 0x9D, 0xCE, 0x2F, 0xB4, 0x51, 0xDA },
+    { 0x64, 0xD8, 0xB0, 0x78, 0xFB, 0x20, 0x74, 0x8E, 0x5D, 0x0A, 0x99, 0xC4, 0xA9, 0xF6, 0x79, 0xFD, 0x42, 0x4A, 0x5D, 0x68, 0xDC, 0x22, 0xAD, 0xB4, 0x78, 0x6D, 0x75, 0xA3, 0x99, 0x7C, 0xAF, 0xC5 },
+    { 0x54, 0x88, 0x4D, 0xB8, 0x59, 0x82, 0xE2, 0x1F, 0x4B, 0x61, 0xBF, 0xFE, 0xFE, 0xDE, 0xE3, 0x09, 0x30, 0x17, 0x07, 0x33, 0x72, 0x4F, 0x78, 0x51, 0x0D, 0x60, 0xDF, 0x74, 0x79, 0x69, 0xE8, 0xFF },
+    { 0xAC, 0x00, 0x31, 0x7D, 0xC1, 0xBC, 0x95, 0xAC, 0x6B, 0x88, 0x06, 0x25, 0xD2, 0x84, 0x42, 0x8E, 0xF5, 0x0A, 0xB8, 0xD6, 0xAE, 0x76, 0x47, 0xF0, 0x7E, 0x0A, 0x3D, 0x63, 0x7C, 0xF4, 0x05, 0x02 },
+    { 0x03, 0x32, 0xA9, 0xF7, 0xE3, 0xCA, 0x0C, 0x1A, 0xB5, 0xD0, 0x9B, 0xE8, 0x64, 0xF7, 0x3A, 0x91, 0x56, 0x30, 0xCA, 0x78, 0xC5, 0x66, 0xA5, 0xE6, 0x36, 0x3C, 0xFF, 0xAE, 0x32, 0x11, 0xB4, 0x81 },
+    { 0x49, 0x82, 0x49, 0x37, 0x75, 0x3E, 0x06, 0x92, 0x49, 0x64, 0x97, 0x97, 0xA0, 0x80, 0xA4, 0xE2, 0x37, 0x76, 0x7B, 0x8E, 0xF8, 0xA7, 0xC9, 0xA8, 0x86, 0xD6, 0x33, 0xED, 0xE2, 0x9A, 0xFF, 0x02 },
+    { 0x12, 0x84, 0x0B, 0xAD, 0x18, 0x6A, 0x3B, 0x9B, 0x60, 0x4C, 0x08, 0x88, 0xC9, 0x88, 0x83, 0x83, 0x8C, 0xC6, 0x96, 0xE6, 0x24, 0xC0, 0xB4, 0xF9, 0xC0, 0xF6, 0xBB, 0x11, 0x3E, 0x2E, 0x9D, 0xAF },
+    { 0xCA, 0x27, 0xF1, 0x80, 0x8D, 0x6C, 0x8A, 0xCF, 0xF4, 0xE6, 0x0D, 0x08, 0x0B, 0x8A, 0x7E, 0xEA, 0x05, 0xCD, 0xAD, 0x94, 0x0F, 0xD3, 0x6E, 0x65, 0xC6, 0x71, 0xD9, 0xF8, 0x31, 0xF1, 0xCA, 0xD8 },
+    { 0x91, 0x87, 0xA3, 0x19, 0x4B, 0x4F, 0x33, 0xBC, 0x50, 0x5B, 0x5C, 0x4A, 0xE7, 0x39, 0xAF, 0x41, 0x45, 0xAC, 0x44, 0x59, 0x9C, 0x56, 0x98, 0x21, 0x4B, 0xB0, 0x7E, 0x6F, 0x07, 0x7E, 0xBE, 0x17 },
+    { 0x0E, 0x3C, 0x52, 0x1A, 0x5F, 0x11, 0x99, 0x2C, 0x90, 0x92, 0x2F, 0xA1, 0x9B, 0xB6, 0x33, 0xA5, 0x0E, 0x5F, 0x90, 0x95, 0x4F, 0xA3, 0x0F, 0x9A, 0x4D, 0x97, 0xFF, 0x73, 0x41, 0xB5, 0xDB, 0xAA },
+    { 0xFD, 0x7C, 0x34, 0xE3, 0xA3, 0x18, 0xF6, 0x60, 0xA0, 0xF7, 0xCF, 0xCC, 0xC4, 0x8F, 0xE8, 0x47, 0x4A, 0xB0, 0x87, 0xBF, 0x8F, 0xFA, 0x85, 0xBC, 0x2D, 0xCE, 0x68, 0xF7, 0x97, 0x1D, 0x11, 0xA6 },
+    { 0x4D, 0x8E, 0xE5, 0x9A, 0x5B, 0x87, 0x5D, 0xE3, 0xD2, 0xF1, 0x5F, 0x3C, 0x3E, 0xCD, 0x9C, 0x6D, 0x14, 0x9D, 0x2D, 0x24, 0xF8, 0x31, 0xD8, 0xD2, 0xA9, 0x8A, 0x1A, 0x86, 0xDB, 0x64, 0x06, 0x38 },
+    { 0x38, 0x2D, 0x94, 0x1B, 0x66, 0xBC, 0x96, 0xBC, 0xB5, 0xB3, 0xDE, 0x85, 0xA8, 0x0E, 0xEE, 0x3B, 0xB5, 0x32, 0x3D, 0x05, 0x3C, 0xA9, 0x73, 0xA3, 0xCA, 0x34, 0x73, 0xF6, 0xA5, 0x8C, 0x16, 0x91 },
+    { 0xD8, 0x30, 0x73, 0x12, 0xB0, 0xBF, 0x18, 0xBA, 0x6D, 0xF1, 0x0F, 0x11, 0x7E, 0xBA, 0xF8, 0x24, 0xFA, 0x1F, 0x8D, 0xF5, 0xEF, 0x49, 0x07, 0x7F, 0x91, 0x7F, 0xAB, 0x28, 0x54, 0x93, 0x3E, 0x51 },
+    { 0x92, 0xA3, 0x37, 0x17, 0x38, 0xD7, 0x4B, 0x52, 0x4A, 0xF5, 0xD3, 0x16, 0xA4, 0xC3, 0x3F, 0x5A, 0x56, 0xD0, 0x07, 0x60, 0x09, 0x11, 0xE4, 0xFB, 0xB6, 0xD1, 0x9D, 0x49, 0x01, 0x4A, 0xE6, 0x9C },
+    { 0x20, 0xCF, 0xBC, 0x9B, 0xA8, 0x23, 0xA4, 0x67, 0xC5, 0xCE, 0x31, 0xB4, 0x01, 0x13, 0x04, 0x5E, 0xC9, 0x1A, 0x12, 0x75, 0x1D, 0xFD, 0x1E, 0x85, 0x69, 0x83, 0x99, 0x9E, 0xF1, 0xEC, 0x25, 0x0B },
+    { 0xFE, 0x79, 0xDF, 0x29, 0xAA, 0xFD, 0x5F, 0x33, 0x11, 0x1D, 0xC1, 0x19, 0xF1, 0xB9, 0x77, 0x9E, 0xB1, 0x13, 0xF7, 0xEA, 0xFD, 0x46, 0x1B, 0x38, 0x49, 0x40, 0xED, 0x4D, 0x3B, 0x7F, 0x61, 0x96 },
+    { 0x63, 0xDB, 0x6B, 0xF6, 0x92, 0xF7, 0x6E, 0x42, 0xBA, 0xA4, 0x55, 0xA4, 0x68, 0xD6, 0xDA, 0xB9, 0x96, 0xE5, 0xE2, 0x56, 0xEA, 0x61, 0xE8, 0xD1, 0xA7, 0x47, 0x87, 0xAB, 0x91, 0xA8, 0x4B, 0x39 },
+    { 0x9F, 0xE5, 0xFF, 0x3E, 0x46, 0x87, 0xF4, 0xBF, 0x61, 0x64, 0x09, 0x43, 0x03, 0x5C, 0xB3, 0xDC, 0xC7, 0x20, 0x13, 0x3F, 0x81, 0xC9, 0x25, 0xB4, 0x8B, 0x0D, 0x57, 0x84, 0xB3, 0xFA, 0x1D, 0x45 },
+    { 0x38, 0x5C, 0x19, 0xD3, 0xEF, 0x69, 0xEF, 0xD6, 0x86, 0x39, 0x59, 0x30, 0xDE, 0xC8, 0x0D, 0x19, 0xB9, 0xB0, 0x3C, 0x78, 0x66, 0xA5, 0x15, 0x75, 0xBD, 0x1B, 0xDE, 0x78, 0x86, 0x02, 0xCF, 0x6D },
+    { 0xCD, 0x8E, 0x99, 0x1B, 0x2F, 0x4E, 0xF6, 0xCB, 0x63, 0xF5, 0x84, 0x41, 0x63, 0xF3, 0x8B, 0xFE, 0xFC, 0x15, 0x6A, 0x3F, 0x8A, 0xB2, 0x98, 0x6F, 0xD5, 0x54, 0x7C, 0x19, 0xCC, 0x29, 0x2C, 0xBF },
+    { 0x06, 0xEC, 0x75, 0x4F, 0xAC, 0xB0, 0x6D, 0xD9, 0xF0, 0x4A, 0xF2, 0x76, 0xA4, 0x7C, 0x85, 0x29, 0xF4, 0x0F, 0x7D, 0x65, 0x1C, 0xB3, 0xAE, 0x2D, 0x3E, 0x4C, 0x5B, 0xD5, 0xF3, 0x4D, 0xDC, 0x1E },
+    { 0x24, 0x86, 0x00, 0xE1, 0x2D, 0xA7, 0x93, 0x7D, 0x0A, 0x37, 0xAD, 0xC1, 0x56, 0xBC, 0x40, 0xDC, 0x7E, 0x9B, 0x83, 0x69, 0x39, 0xEB, 0x91, 0x22, 0x45, 0xA5, 0x23, 0xA6, 0xD9, 0x99, 0xDE, 0x93 },
+    { 0x5A, 0xED, 0x9E, 0x83, 0x47, 0xFB, 0x37, 0xA2, 0x97, 0x03, 0xA3, 0xF4, 0xB4, 0x7C, 0x0B, 0xEB, 0xD5, 0x71, 0x10, 0xCF, 0x47, 0x96, 0x97, 0x9B, 0x73, 0x90, 0xCC, 0x0C, 0xFA, 0x67, 0xE6, 0x30 },
+    { 0xA8, 0xFC, 0x1A, 0x55, 0xE5, 0xE6, 0x22, 0x65, 0x6F, 0xF9, 0x33, 0x81, 0xD8, 0x3C, 0x99, 0x14, 0xF8, 0x12, 0x23, 0x4D, 0x46, 0x86, 0x9F, 0x0E, 0xB3, 0xC0, 0x1C, 0x60, 0x89, 0x68, 0x05, 0xC9 },
+    { 0x49, 0xB4, 0xA7, 0xEF, 0x49, 0x79, 0x49, 0xA0, 0xF4, 0xCA, 0x24, 0xA3, 0x3E, 0xAE, 0x39, 0x50, 0x87, 0xB6, 0xC9, 0x80, 0xF3, 0x91, 0x4E, 0xA5, 0x3C, 0x1A, 0x39, 0x74, 0x40, 0xDD, 0xE7, 0xFC },
+    { 0x6F, 0x25, 0x2A, 0x22, 0x81, 0x38, 0xE7, 0x7E, 0x0F, 0x06, 0x15, 0x22, 0x24, 0x9B, 0x3F, 0x88, 0xF4, 0x38, 0x18, 0xD0, 0x52, 0x40, 0xD0, 0xE8, 0x01, 0x21, 0x37, 0xD8, 0xB2, 0x3B, 0x36, 0xFC },
+    { 0xEE, 0x46, 0x63, 0x86, 0x97, 0x39, 0xC5, 0xD9, 0xF7, 0x24, 0xA7, 0x2C, 0xB4, 0xCB, 0x5A, 0x3D, 0xF4, 0x39, 0xB3, 0x12, 0x84, 0xE7, 0x9C, 0x87, 0x52, 0x50, 0xB9, 0xC5, 0x50, 0x06, 0xC3, 0xDA },
+    { 0x85, 0xA7, 0x93, 0x0B, 0xCF, 0xE0, 0xCF, 0x0F, 0x13, 0x22, 0xFF, 0xA4, 0x8E, 0x78, 0xFA, 0xC2, 0x95, 0x51, 0xAF, 0x22, 0x93, 0x31, 0xCE, 0x65, 0xDD, 0x89, 0x68, 0x45, 0xD2, 0xA7, 0xED, 0x81 },
+    { 0xE2, 0xC7, 0x6E, 0xE5, 0x0D, 0xDD, 0x98, 0xD1, 0x03, 0xF8, 0x1C, 0x6E, 0x88, 0xBF, 0x86, 0x3E, 0x3C, 0x76, 0x0A, 0x5E, 0x0B, 0x9C, 0xB7, 0xC3, 0xE7, 0x52, 0x5F, 0x5A, 0x9F, 0x5C, 0x9C, 0xB1 },
+    { 0x30, 0x90, 0x49, 0x0F, 0x96, 0xFE, 0x9C, 0x2D, 0xD7, 0x53, 0x31, 0x4B, 0xD4, 0xB6, 0xD0, 0xD0, 0xF0, 0x10, 0x9B, 0x50, 0xD3, 0xAB, 0xCD, 0xAC, 0x15, 0xD1, 0x83, 0xA3, 0x7D, 0xE1, 0x50, 0x43 },
+    { 0xE4, 0x47, 0x75, 0xFB, 0x8D, 0x55, 0x23, 0x50, 0xEC, 0xB6, 0xCC, 0x64, 0x67, 0x30, 0x97, 0x40, 0x94, 0xB6, 0x6A, 0xAC, 0x9C, 0x00, 0x0B, 0x7E, 0xFC, 0xCA, 0x7B, 0xA2, 0xB6, 0x7A, 0xFC, 0x80 },
+    { 0x4F, 0x9E, 0x9A, 0x76, 0x2D, 0x82, 0x1E, 0xC1, 0x8A, 0x7C, 0xE9, 0x34, 0x89, 0x60, 0x03, 0x71, 0xAB, 0xA7, 0x65, 0x75, 0xA1, 0x4C, 0x5C, 0x56, 0x08, 0x96, 0x36, 0x1D, 0x80, 0x45, 0xEC, 0xF0 },
+    { 0xA3, 0xB5, 0x42, 0xA2, 0x74, 0xA8, 0x53, 0xE9, 0xCF, 0x8D, 0x70, 0x22, 0x3C, 0x8D, 0x55, 0xDA, 0xF5, 0x7E, 0xAE, 0xA0, 0x53, 0x0C, 0xB1, 0x81, 0x31, 0xF9, 0x0A, 0xCB, 0xEE, 0x34, 0x57, 0x1F },
+    { 0xD6, 0x7F, 0x57, 0xE2, 0x4B, 0x25, 0x33, 0x25, 0x38, 0xA0, 0x5B, 0xFC, 0x64, 0xC1, 0x38, 0xDD, 0xC1, 0x11, 0x9C, 0x4C, 0x72, 0x42, 0xB1, 0xD8, 0xC1, 0xCC, 0xCF, 0x3B, 0xC0, 0x37, 0x6B, 0x3E },
+    { 0x93, 0xDE, 0x65, 0xEB, 0xBE, 0x4F, 0xA9, 0xD2, 0x06, 0xE0, 0xD5, 0xBD, 0x15, 0xB7, 0xA8, 0x2B, 0x33, 0x2A, 0x5E, 0x5E, 0xC7, 0x8D, 0x37, 0x9E, 0x7C, 0x11, 0x09, 0xE1, 0xE3, 0xEF, 0xF4, 0x90 },
+    { 0xA6, 0x18, 0x23, 0xD6, 0xC4, 0xB4, 0x36, 0x16, 0x34, 0x0E, 0xA3, 0xFD, 0xC3, 0x2F, 0x0A, 0x06, 0x51, 0xF6, 0xA0, 0xD0, 0xC4, 0x7F, 0x74, 0xAA, 0x55, 0xE8, 0xE9, 0x44, 0xE2, 0x77, 0x07, 0xED },
+    { 0x00, 0x6C, 0x5B, 0x51, 0xE5, 0xA3, 0x36, 0x44, 0xE5, 0x53, 0x90, 0x20, 0x58, 0xE4, 0x0C, 0x19, 0x5B, 0x15, 0x69, 0x9E, 0x0C, 0xC9, 0x7E, 0x8A, 0x83, 0x38, 0xCD, 0x85, 0x8B, 0xB3, 0x6E, 0x6E },
+    { 0xC9, 0x81, 0x86, 0x90, 0x8C, 0x19, 0xEB, 0xD7, 0xB2, 0x79, 0x7B, 0xEF, 0x00, 0xC0, 0xA7, 0xFD, 0x61, 0x8D, 0xDE, 0x14, 0x08, 0xB0, 0x35, 0x59, 0xC5, 0xFE, 0x04, 0xF2, 0xA1, 0x77, 0x6D, 0xEE },
+    { 0x4B, 0x71, 0x6C, 0x16, 0x1F, 0x08, 0xD7, 0x4F, 0xB1, 0x91, 0x9C, 0xF1, 0x4D, 0x73, 0xD2, 0xAC, 0xAC, 0x69, 0x0C, 0xA6, 0xEF, 0x85, 0xC5, 0x49, 0x3B, 0x48, 0x2A, 0x65, 0xA3, 0x37, 0x9C, 0x32 },
+    { 0x3A, 0x57, 0xB0, 0xB1, 0xE1, 0xCC, 0x59, 0x38, 0xDC, 0x51, 0x52, 0x38, 0x01, 0xCB, 0x8D, 0xE0, 0x9A, 0xDC, 0x4C, 0xCB, 0x8D, 0xE0, 0xD7, 0x34, 0x6B, 0xA9, 0x9C, 0x8E, 0xAF, 0x31, 0xC0, 0x0F },
+    { 0x87, 0x60, 0x30, 0x9E, 0xC2, 0x2E, 0xC5, 0xC5, 0xE8, 0xD0, 0x52, 0x64, 0x14, 0x05, 0x1A, 0x29, 0xE8, 0x73, 0x46, 0x8B, 0xF4, 0x33, 0x79, 0x8D, 0x30, 0x0A, 0xF9, 0x16, 0x11, 0x82, 0xB9, 0x49 },
+    { 0x00, 0x70, 0xD1, 0x26, 0x45, 0xC6, 0x8B, 0x0C, 0xB6, 0x12, 0xF5, 0x32, 0xD8, 0xB9, 0xC9, 0x19, 0x55, 0x21, 0x00, 0x65, 0x56, 0x42, 0xEC, 0xF3, 0x14, 0x7D, 0x40, 0x2A, 0x88, 0x3F, 0x94, 0xA6 },
+    { 0x57, 0x62, 0x8E, 0xCD, 0x1A, 0x44, 0xBF, 0xDB, 0xA8, 0xD9, 0xFC, 0x56, 0x14, 0xE2, 0x7A, 0x42, 0xE4, 0x30, 0x79, 0xF7, 0x0F, 0xA4, 0xB2, 0x69, 0x89, 0xDA, 0xBA, 0x94, 0x89, 0x7B, 0x56, 0x6B },
+    { 0x0E, 0xE3, 0x45, 0x5E, 0xDA, 0x2A, 0x88, 0xF2, 0x5E, 0x6C, 0x2F, 0xC7, 0xE2, 0x5E, 0x02, 0xD3, 0x58, 0x91, 0x4E, 0x27, 0x56, 0x98, 0xEB, 0xFA, 0x1E, 0x15, 0xBF, 0x75, 0x8D, 0x79, 0x33, 0x74 },
+    { 0x05, 0x17, 0x18, 0x72, 0xD9, 0xA6, 0x60, 0x28, 0x4F, 0xC7, 0x78, 0x38, 0x8B, 0x18, 0x80, 0x04, 0x57, 0x83, 0x3D, 0x9C, 0xC5, 0x9E, 0x44, 0x7C, 0xA2, 0x78, 0x63, 0xF0, 0x1F, 0x5C, 0x87, 0x27 },
+    { 0xBE, 0x0A, 0x62, 0xEE, 0xF6, 0xFD, 0xFC, 0x14, 0xA7, 0xB8, 0xD2, 0xCC, 0x66, 0x29, 0x8F, 0xFD, 0x88, 0xE5, 0x47, 0x46, 0x7A, 0xAE, 0xFD, 0x37, 0x14, 0xB6, 0x75, 0xA7, 0x06, 0xDA, 0xF6, 0x7E },
+    { 0x08, 0x89, 0x49, 0x49, 0x56, 0x9A, 0xDB, 0x0D, 0x63, 0x77, 0xE4, 0xFB, 0xAA, 0x06, 0x32, 0x9E, 0x5F, 0x26, 0x17, 0x68, 0x29, 0xE3, 0xE8, 0x7B, 0x4F, 0x0C, 0xC2, 0x32, 0xF6, 0x10, 0x5F, 0x9E },
+    { 0xCB, 0xC9, 0xB3, 0xD8, 0xA6, 0x60, 0xCD, 0xE4, 0x46, 0x1E, 0x77, 0x95, 0xE3, 0x2F, 0xDF, 0x3F, 0xA5, 0x23, 0x7E, 0x94, 0x81, 0xB3, 0x3C, 0x79, 0xB4, 0xE8, 0x7E, 0x6D, 0x20, 0x21, 0x86, 0x73 },
+    { 0xCA, 0x7D, 0x7F, 0xC1, 0x2C, 0xC2, 0x7C, 0x95, 0xE6, 0x2E, 0x95, 0x44, 0x3A, 0xA1, 0x17, 0x24, 0x14, 0x75, 0x4D, 0xEF, 0x11, 0x81, 0xD0, 0x61, 0xA4, 0x4E, 0x73, 0x9E, 0x66, 0x44, 0x93, 0x41 },
+    { 0xBD, 0xDF, 0x7D, 0x5A, 0x18, 0x24, 0x1E, 0x2B, 0xDA, 0x15, 0xBF, 0x29, 0x37, 0x7A, 0x9F, 0x4E, 0x52, 0x61, 0x02, 0xD1, 0x6B, 0x06, 0x95, 0xAB, 0x1B, 0x6C, 0x8D, 0x5E, 0xDE, 0xC3, 0x76, 0xBB },
+    { 0x7B, 0x7F, 0x9D, 0x58, 0xB3, 0x41, 0x52, 0x88, 0x95, 0xFD, 0xC7, 0x2D, 0x0D, 0xA6, 0xDC, 0x64, 0x1D, 0xB1, 0x3C, 0x7D, 0x93, 0x45, 0x7B, 0xC2, 0xD4, 0xFD, 0x9D, 0xF4, 0x4C, 0x0C, 0x27, 0xFF },
+    { 0xF6, 0x3C, 0x65, 0xFA, 0xAA, 0xCF, 0xDC, 0x0C, 0x6E, 0xBB, 0x71, 0x8E, 0xDA, 0xB7, 0xE8, 0xD2, 0xD5, 0x1A, 0x6F, 0x51, 0xB6, 0x7F, 0xE3, 0x1A, 0x33, 0xE2, 0x98, 0xD5, 0xC5, 0x6B, 0x63, 0xBF },
+    { 0xD1, 0x97, 0xDB, 0xD2, 0x4D, 0x54, 0x05, 0x05, 0xF5, 0x1C, 0xCE, 0x6A, 0xD8, 0x11, 0x3F, 0x88, 0x83, 0x90, 0x56, 0xEF, 0xFD, 0xFA, 0xAA, 0x61, 0x3B, 0xE8, 0x0A, 0x7E, 0xE5, 0xAA, 0xA3, 0x1C },
+    { 0xE1, 0x0D, 0x10, 0xBD, 0x89, 0xBA, 0x8E, 0xC3, 0xF0, 0xA4, 0xCF, 0xAF, 0x78, 0x33, 0x08, 0x21, 0x99, 0x77, 0xCE, 0xA4, 0xCB, 0x79, 0xF8, 0xDC, 0xBC, 0xD1, 0x34, 0x01, 0x74, 0x1E, 0x67, 0x4D },
+    { 0xC1, 0x88, 0xBE, 0xE3, 0x9B, 0xDB, 0x4C, 0xBB, 0xA1, 0x2E, 0x38, 0x3B, 0xE3, 0xEA, 0xE5, 0x54, 0xA3, 0xA0, 0xD6, 0xA9, 0xAA, 0xFD, 0x8A, 0x5F, 0x1C, 0xAC, 0x58, 0x7F, 0x54, 0x6F, 0x58, 0xF8 },
+    { 0x67, 0x1B, 0x7B, 0x6A, 0x00, 0xBC, 0x8B, 0xFC, 0xBC, 0x6E, 0xAD, 0xE5, 0xCA, 0x1E, 0x85, 0xE5, 0x6D, 0xCC, 0x1E, 0xAD, 0x7B, 0x5E, 0xAD, 0xA3, 0xC0, 0xDC, 0xF3, 0x32, 0x59, 0x08, 0xE7, 0x01 },
+    { 0x92, 0xA2, 0x45, 0xA4, 0x76, 0x6E, 0x61, 0x63, 0xCC, 0x07, 0x52, 0xFF, 0x7B, 0xF1, 0x0C, 0x08, 0x2C, 0x38, 0x24, 0xE9, 0x74, 0xF0, 0xB7, 0x82, 0x5E, 0x79, 0x8C, 0x3A, 0x54, 0x1A, 0x0F, 0xC9 },
+    { 0x8D, 0xF0, 0xD3, 0x75, 0xF8, 0x22, 0x66, 0x0E, 0x7C, 0x09, 0xBD, 0xCB, 0x83, 0x30, 0x0B, 0x0B, 0xC0, 0xE8, 0x7F, 0x44, 0x50, 0x3E, 0x6A, 0x86, 0xFE, 0x4C, 0x2C, 0xC8, 0x44, 0xBC, 0x57, 0x73 },
+    { 0x9C, 0x43, 0xE9, 0x77, 0x42, 0x25, 0x69, 0xCC, 0x02, 0x7B, 0xB6, 0xE2, 0x3C, 0x5F, 0xAD, 0xBB, 0xCA, 0xC4, 0x78, 0x21, 0x5D, 0x0E, 0x58, 0xAC, 0x56, 0x1C, 0xB0, 0x87, 0x34, 0x0A, 0x7A, 0x59 },
+    { 0x20, 0xCC, 0xE1, 0xE5, 0x90, 0x8E, 0x87, 0x69, 0x9D, 0x47, 0x93, 0xBF, 0x15, 0x03, 0x08, 0xD9, 0x82, 0x58, 0x7F, 0xB6, 0x20, 0xB5, 0x5A, 0xAA, 0x6F, 0xCA, 0x35, 0x92, 0x69, 0xAC, 0x33, 0x25 },
+    { 0x2B, 0xFC, 0xA1, 0xE5, 0xDA, 0x1B, 0xA7, 0x4E, 0x87, 0x01, 0x90, 0x4D, 0xE1, 0x8F, 0xFE, 0x44, 0x6A, 0x42, 0x85, 0x09, 0x18, 0x3B, 0x00, 0xDE, 0xBE, 0x73, 0x4D, 0x08, 0x6A, 0xF3, 0x78, 0x62 },
+    { 0xE1, 0x7A, 0x75, 0xD1, 0x5D, 0xFB, 0x55, 0x3F, 0xDD, 0x51, 0x2B, 0x2E, 0x41, 0x10, 0x57, 0x17, 0x61, 0xA9, 0x54, 0x40, 0x60, 0x99, 0x71, 0x97, 0x9B, 0xC5, 0xD8, 0x47, 0xC1, 0x2D, 0x77, 0x39 },
+    { 0x57, 0xD8, 0x88, 0xFE, 0xE4, 0x03, 0xB9, 0xED, 0x31, 0xAF, 0x57, 0x2D, 0x0E, 0x36, 0x54, 0x9B, 0xD2, 0x75, 0x70, 0xD4, 0x66, 0xC2, 0x7A, 0xFB, 0xF6, 0x76, 0xF7, 0x93, 0x1C, 0xE0, 0x56, 0xED },
+    { 0x06, 0xE0, 0x8D, 0x7F, 0xDF, 0x16, 0xA9, 0xE3, 0x5D, 0x50, 0x8C, 0x58, 0xE3, 0x26, 0xD0, 0xFD, 0x6C, 0xFB, 0x54, 0x5A, 0xB7, 0x0E, 0xCD, 0x9D, 0x75, 0x61, 0x7E, 0xB7, 0xAD, 0x50, 0x99, 0xD4 },
+    { 0x0C, 0x48, 0x6E, 0x9C, 0xB5, 0xCD, 0x17, 0x1C, 0x9B, 0x42, 0x67, 0xCF, 0x44, 0xD5, 0xA8, 0xBD, 0x6A, 0xE4, 0x4B, 0xA6, 0xA8, 0x34, 0x65, 0x12, 0x1A, 0x61, 0x5A, 0xF6, 0xDC, 0x1C, 0x7F, 0xD7 },
+    { 0xFE, 0xC4, 0x76, 0x36, 0x9A, 0x9B, 0xA1, 0x7D, 0xD5, 0xCF, 0x57, 0xD9, 0x70, 0x02, 0x14, 0x75, 0x2C, 0x0E, 0xA3, 0x19, 0x6E, 0xFE, 0xB4, 0x23, 0xF7, 0x2A, 0xE0, 0x34, 0x92, 0x5B, 0xA1, 0xA0 },
+    { 0xE9, 0xA7, 0xF8, 0xCF, 0xAE, 0xEA, 0xC2, 0x18, 0x23, 0x32, 0x0D, 0x10, 0xF7, 0xCB, 0x3A, 0x00, 0x89, 0xBF, 0xEA, 0x3E, 0xD9, 0x58, 0xF8, 0x61, 0xBE, 0x26, 0x36, 0xFD, 0xEA, 0x67, 0x89, 0x08 },
+    { 0x73, 0xF6, 0xD6, 0x13, 0xFB, 0x2F, 0xA5, 0x87, 0x11, 0x37, 0xB6, 0x2B, 0xFB, 0x87, 0xEE, 0xB2, 0xB4, 0x7D, 0x01, 0x51, 0xBC, 0x85, 0x36, 0xA1, 0x5E, 0x1F, 0x62, 0xB0, 0xBD, 0x80, 0xE8, 0x51 },
+    { 0x69, 0xD2, 0x33, 0x7D, 0x8E, 0x9C, 0x6F, 0x94, 0xB3, 0xC6, 0xAE, 0x09, 0x94, 0xDE, 0x45, 0x4E, 0x3F, 0xD2, 0xD4, 0xE4, 0x32, 0xD4, 0x57, 0x43, 0x2B, 0x4E, 0x4D, 0x4B, 0x80, 0xEE, 0x2C, 0x09 },
+    { 0xCD, 0x8B, 0x00, 0x96, 0x62, 0xAD, 0xA8, 0x86, 0x76, 0xC3, 0x9F, 0x7D, 0x81, 0xA7, 0xC9, 0x3E, 0xB6, 0x1B, 0x48, 0xD8, 0x2D, 0xFB, 0x65, 0xE0, 0xD8, 0xD8, 0x5B, 0x4E, 0x4A, 0x88, 0x5E, 0xC3 },
+    { 0xA8, 0x1C, 0x71, 0x89, 0xF8, 0x72, 0xC7, 0x8F, 0xD5, 0x1C, 0xCE, 0x5A, 0x57, 0xDB, 0xD5, 0x01, 0x46, 0x4D, 0x5D, 0x35, 0x8B, 0x73, 0x6C, 0xBD, 0xE9, 0x37, 0x50, 0x2D, 0x65, 0x05, 0xB6, 0x60 },
+    { 0x6B, 0x6C, 0x9F, 0x89, 0x64, 0xB9, 0x6D, 0x51, 0x74, 0x5D, 0xC6, 0x95, 0x8D, 0xEA, 0xF9, 0xE2, 0x73, 0x46, 0x60, 0xD2, 0x02, 0x55, 0x17, 0x7A, 0x4D, 0x1F, 0xAA, 0xBD, 0x6A, 0xB4, 0xE6, 0x84 },
+    { 0xB6, 0xB7, 0x38, 0xD6, 0x3D, 0x74, 0x39, 0x4C, 0xF8, 0x86, 0x32, 0xF0, 0xC5, 0x65, 0xFF, 0x93, 0x15, 0x47, 0xCC, 0xE0, 0x5D, 0x87, 0xF9, 0x33, 0xE0, 0xB0, 0xCA, 0x01, 0x08, 0x4A, 0x79, 0x7C },
+    { 0x00, 0x99, 0xB9, 0xB9, 0x2B, 0xE6, 0x11, 0xD2, 0x38, 0x3F, 0x85, 0x7F, 0x49, 0xA2, 0xA9, 0xBF, 0xE7, 0x81, 0xDC, 0x37, 0x2A, 0xC0, 0x48, 0x23, 0x4F, 0x0C, 0x82, 0xBC, 0x11, 0x38, 0x34, 0x92 },
+    { 0xF3, 0x27, 0x44, 0xE9, 0x8E, 0xBB, 0xFB, 0x11, 0x74, 0x42, 0xC1, 0xE3, 0x97, 0x0D, 0x24, 0xEF, 0xF2, 0x27, 0x49, 0x6D, 0xA3, 0x1F, 0x28, 0x13, 0x5C, 0x16, 0x70, 0xFE, 0xEF, 0x1D, 0xF9, 0x01 },
+    { 0x1B, 0x03, 0xB9, 0x9B, 0x66, 0x47, 0xD2, 0x63, 0x1F, 0xBF, 0x9B, 0x14, 0x45, 0x4D, 0x42, 0x26, 0xC9, 0xFF, 0xC4, 0x73, 0xD7, 0x30, 0x86, 0x45, 0x73, 0x1E, 0x2A, 0x1F, 0xA4, 0x12, 0x52, 0x5D },
+    { 0x9A, 0x10, 0xD9, 0xB7, 0x80, 0x13, 0x06, 0xEA, 0x3B, 0x4E, 0xA4, 0x38, 0xBA, 0x3E, 0xFF, 0xCB, 0xC9, 0xB0, 0xB9, 0xAE, 0xCD, 0x38, 0x35, 0x76, 0xF1, 0xA4, 0x22, 0x17, 0x5F, 0x27, 0x1A, 0xA0 },
+    { 0x0A, 0x58, 0x3A, 0x19, 0x5D, 0x19, 0x7F, 0xAC, 0x78, 0x23, 0xEF, 0x9F, 0xDF, 0xE5, 0x79, 0xCB, 0x62, 0x71, 0x05, 0xC5, 0x75, 0xD4, 0x46, 0xD9, 0x24, 0x06, 0xCA, 0x6E, 0xE5, 0x42, 0x1C, 0x9E },
+    { 0x43, 0x58, 0x7C, 0x7B, 0x26, 0xFA, 0xCA, 0x35, 0x72, 0xF9, 0x01, 0x6B, 0xE8, 0x88, 0x25, 0x46, 0x88, 0x9F, 0x23, 0x98, 0xAD, 0xD6, 0xB4, 0x3C, 0xCB, 0x33, 0xBD, 0xEB, 0x32, 0x74, 0x68, 0xAE },
+    { 0x73, 0x49, 0x56, 0x54, 0x32, 0x4C, 0x55, 0x14, 0x2E, 0x79, 0xDB, 0xA6, 0xBE, 0x79, 0x9C, 0x7C, 0x96, 0xCE, 0x74, 0x47, 0x86, 0xBF, 0xC6, 0xDA, 0x56, 0x24, 0x40, 0x40, 0xDB, 0x79, 0xED, 0xFD },
+    { 0xC2, 0xD9, 0x81, 0x06, 0x28, 0x23, 0xAE, 0xB1, 0xE7, 0x1B, 0x2B, 0x37, 0x93, 0xAA, 0xF7, 0x4D, 0xCB, 0x27, 0x98, 0x45, 0xF0, 0x01, 0x48, 0xC6, 0xE3, 0x41, 0x7F, 0x29, 0x33, 0x2E, 0x9C, 0xC3 },
+    { 0xFD, 0x39, 0x9E, 0x95, 0x9E, 0x6B, 0x53, 0x3A, 0xBA, 0x81, 0xFC, 0xF9, 0x3A, 0x27, 0x69, 0x66, 0x9F, 0x5F, 0x3E, 0x03, 0xEC, 0xF7, 0x9C, 0xC6, 0x9F, 0x90, 0xBB, 0x94, 0xA2, 0xC2, 0x4F, 0x9F },
+    { 0xF7, 0x4A, 0x59, 0xC7, 0x46, 0x19, 0x67, 0x38, 0x8E, 0x5F, 0xF3, 0x36, 0x1F, 0xE7, 0x87, 0x81, 0x4D, 0x78, 0x86, 0x4C, 0xF9, 0x7A, 0x51, 0x52, 0x04, 0x64, 0xD4, 0x65, 0x55, 0xDC, 0xE6, 0x87 },
+    { 0x70, 0x1A, 0x04, 0x29, 0xB2, 0xAD, 0xB1, 0x99, 0xA3, 0x92, 0x77, 0x86, 0x41, 0x4E, 0x52, 0xD0, 0x0B, 0xEF, 0xFE, 0x91, 0x9C, 0x92, 0xD6, 0x7A, 0x9C, 0x11, 0x4B, 0x3F, 0x38, 0x10, 0x28, 0x53 },
+    { 0x56, 0x26, 0xE4, 0x45, 0xCF, 0xEB, 0xB0, 0xBD, 0xEA, 0xDD, 0x79, 0x26, 0xD6, 0xCA, 0x33, 0x7C, 0xC2, 0x50, 0x3D, 0x54, 0x33, 0x47, 0x24, 0xBC, 0xC2, 0xD5, 0x7B, 0x9A, 0x07, 0x77, 0x69, 0x4A },
+    { 0xA7, 0x80, 0xE5, 0x08, 0x25, 0x14, 0x69, 0x7A, 0x6B, 0xDE, 0x31, 0xA7, 0x34, 0xE3, 0xCA, 0x6A, 0x4B, 0x5A, 0xFB, 0x61, 0x24, 0x4C, 0xB0, 0xC4, 0xD7, 0xE1, 0x2D, 0x22, 0xD4, 0xF8, 0x75, 0x5E },
+    { 0x4C, 0x85, 0x01, 0x25, 0x35, 0x03, 0x4E, 0x85, 0x90, 0xE1, 0x70, 0x02, 0xED, 0xA6, 0x6E, 0x5D, 0xBE, 0x44, 0xC0, 0x99, 0x5D, 0xE7, 0xE1, 0xFA, 0xEF, 0x8D, 0x9F, 0xA0, 0x6F, 0x83, 0xFE, 0x58 },
+    { 0xFA, 0x5B, 0xEA, 0xD8, 0x46, 0x5F, 0x16, 0x99, 0xA0, 0x3D, 0x1B, 0xAD, 0xE3, 0x3E, 0xD3, 0xFB, 0xFB, 0x67, 0x5A, 0x64, 0x97, 0xF0, 0x55, 0xD1, 0x2E, 0xD9, 0x84, 0xF1, 0x89, 0xDE, 0x5A, 0x12 },
+    { 0xF6, 0x07, 0xA2, 0xA3, 0x98, 0x81, 0x3B, 0x6B, 0x4B, 0xF7, 0xEB, 0x1A, 0xD9, 0x02, 0xA7, 0x54, 0x83, 0x29, 0x76, 0xED, 0x98, 0x39, 0xE9, 0x44, 0x6A, 0x8D, 0x99, 0x28, 0x42, 0x3A, 0x95, 0x63 },
+    { 0x1E, 0x2C, 0x95, 0x3A, 0x28, 0xD8, 0x1B, 0xF9, 0x57, 0xCD, 0x29, 0xD3, 0xF1, 0x09, 0xE4, 0xCF, 0x9D, 0xD1, 0x3D, 0x2D, 0x37, 0x3E, 0xCB, 0x6F, 0x4B, 0xA4, 0x9E, 0xC3, 0x6F, 0xC1, 0xFD, 0x43 },
+    { 0xD8, 0xF6, 0xB2, 0x56, 0x2A, 0xCA, 0x61, 0x4E, 0x05, 0xB5, 0xC5, 0x88, 0x8E, 0xCB, 0x97, 0x96, 0x22, 0x7A, 0x1A, 0xE5, 0x7B, 0x2F, 0x2B, 0x93, 0x75, 0xCF, 0xF6, 0xFA, 0xB4, 0x6A, 0x47, 0x6B },
+    { 0xF1, 0xB5, 0x85, 0x24, 0x3B, 0xD1, 0x5F, 0x2A, 0x38, 0x2E, 0xB2, 0xC4, 0x7C, 0xF1, 0xC3, 0xC1, 0x3E, 0x10, 0x59, 0x45, 0xC5, 0x95, 0xA9, 0xB2, 0xC8, 0xA6, 0xE3, 0x91, 0x90, 0x61, 0xA5, 0x1F },
+    { 0x62, 0xCD, 0x38, 0x59, 0xD2, 0xC4, 0xD0, 0x97, 0x48, 0xD5, 0xD0, 0xDF, 0xF5, 0x3E, 0x04, 0x4A, 0x98, 0x4A, 0x49, 0xDC, 0xE2, 0xD1, 0x92, 0x35, 0x25, 0xF0, 0x81, 0x02, 0x1B, 0x47, 0x13, 0x94 },
+    { 0x88, 0x46, 0x72, 0x52, 0xA3, 0xF2, 0xDE, 0xCB, 0x36, 0xB7, 0xD8, 0x8B, 0xF9, 0x92, 0x20, 0x98, 0x9C, 0x61, 0x15, 0x36, 0xE5, 0x4A, 0x33, 0x90, 0xCC, 0x57, 0xFC, 0x32, 0x69, 0x4C, 0x1C, 0xE5 },
+    { 0xF1, 0x97, 0x4C, 0x1B, 0x8B, 0xB8, 0x1A, 0x53, 0x87, 0x00, 0x59, 0x0A, 0x41, 0xAB, 0x92, 0xB7, 0x5E, 0x29, 0x7D, 0xA8, 0xE4, 0x60, 0x03, 0x57, 0x22, 0xAF, 0x72, 0x50, 0xE4, 0x20, 0x3C, 0xD7 },
+    { 0xF5, 0xAB, 0x45, 0x16, 0xF8, 0xE3, 0xE5, 0xF3, 0x30, 0x55, 0x43, 0xFD, 0x99, 0xDA, 0x61, 0x94, 0xF8, 0xAD, 0x98, 0x83, 0x7A, 0xE6, 0x76, 0x83, 0x62, 0x54, 0xD3, 0x5D, 0xDF, 0xAD, 0x89, 0x24 },
+    { 0x46, 0xD4, 0x18, 0xDB, 0x65, 0xA8, 0xC4, 0xF1, 0x1A, 0x1B, 0x1F, 0x1E, 0xFC, 0xA6, 0x27, 0xB5, 0x31, 0xDC, 0x65, 0xCA, 0x01, 0xC8, 0x9D, 0xDB, 0x97, 0x2A, 0x68, 0x9F, 0xB5, 0x2F, 0xA1, 0xA9 },
+    { 0xB6, 0x31, 0x79, 0x52, 0xF4, 0xD8, 0xCF, 0xF7, 0x10, 0xDC, 0x31, 0x04, 0xBD, 0x0B, 0xA7, 0xC9, 0x7D, 0x0B, 0x56, 0x36, 0xE4, 0xEE, 0xD8, 0x07, 0x44, 0xB3, 0xD9, 0x76, 0x59, 0xCD, 0xBD, 0x25 },
+    { 0x53, 0x72, 0xAC, 0x9C, 0x2E, 0x80, 0x82, 0xCC, 0xD2, 0x7D, 0x53, 0x7A, 0xF8, 0xD3, 0x82, 0x18, 0x09, 0x05, 0xFA, 0x6A, 0x27, 0x63, 0x9D, 0xB4, 0x13, 0xAB, 0x01, 0xF7, 0x41, 0x8B, 0x9C, 0x22 },
+    { 0xB6, 0xFB, 0x62, 0x28, 0x0B, 0x27, 0xBD, 0xF6, 0xA6, 0x8B, 0x74, 0xC8, 0x10, 0xF5, 0xF1, 0x38, 0x4C, 0xC3, 0x9F, 0x54, 0xE1, 0x8D, 0xA1, 0xA2, 0x53, 0xFB, 0x72, 0x25, 0x98, 0x1D, 0xE7, 0xB0 },
+    { 0xC4, 0x8A, 0xCB, 0xBC, 0x24, 0x54, 0x15, 0xCC, 0xD9, 0xBC, 0x78, 0xC3, 0x79, 0x04, 0x6A, 0xAD, 0x82, 0x19, 0x66, 0xF7, 0xDD, 0x77, 0x5A, 0x99, 0x62, 0x65, 0x45, 0x39, 0x3E, 0x1E, 0xBF, 0xD9 },
+    { 0x1A, 0xCA, 0x91, 0xD5, 0x8F, 0x8D, 0xFD, 0x77, 0x82, 0xBC, 0x1D, 0xEB, 0x9D, 0x1D, 0x76, 0x3C, 0x86, 0x23, 0xC4, 0x20, 0x3B, 0x5D, 0x62, 0x0F, 0x5B, 0x7D, 0x7D, 0x47, 0x2F, 0x0B, 0x22, 0x9E },
+    { 0x38, 0x54, 0xE3, 0xB5, 0x6F, 0x9E, 0x8B, 0x6F, 0xAD, 0x2B, 0xE2, 0x9E, 0x34, 0x31, 0xE6, 0x2E, 0xBD, 0x0A, 0xFA, 0x95, 0xF5, 0x68, 0x24, 0x5B, 0xC2, 0xEC, 0x6A, 0x74, 0x78, 0xE8, 0xCD, 0xAF },
+    { 0xA2, 0x2E, 0x52, 0x42, 0xAD, 0x74, 0x59, 0x00, 0x5A, 0x75, 0x21, 0x16, 0x35, 0xC7, 0x98, 0x31, 0x4A, 0x26, 0xA5, 0x48, 0x73, 0x8E, 0x4C, 0x59, 0xC7, 0xBB, 0xC8, 0x9C, 0x92, 0xA6, 0x3E, 0x33 },
+    { 0x8B, 0x2B, 0x36, 0x36, 0xE6, 0xBF, 0x91, 0x36, 0x3F, 0x41, 0xB6, 0x65, 0x96, 0x31, 0x59, 0xD3, 0x38, 0xE3, 0xAA, 0x86, 0x65, 0x77, 0x4D, 0x25, 0xB7, 0x48, 0xD3, 0x4C, 0x61, 0xF1, 0xAD, 0x37 },
+    { 0xA0, 0x44, 0xED, 0x12, 0x89, 0x1C, 0x6B, 0xCD, 0x90, 0x94, 0x34, 0xCC, 0xA2, 0xC2, 0x4F, 0x5B, 0x93, 0x98, 0x8D, 0xD0, 0xC9, 0xD0, 0xE1, 0x84, 0xE1, 0x83, 0xED, 0xA9, 0x67, 0x12, 0x53, 0x62 },
+    { 0x6E, 0x59, 0x5C, 0x0A, 0xBB, 0xEA, 0x7E, 0x3F, 0xFE, 0xCE, 0x0C, 0xD1, 0x6D, 0x57, 0x0E, 0xBB, 0x1D, 0x36, 0xCD, 0x69, 0xBE, 0x03, 0x6B, 0xC4, 0xD9, 0x7D, 0x92, 0x1A, 0xFE, 0x93, 0xF0, 0x8B },
+    { 0x7E, 0x50, 0xDC, 0xC5, 0xC0, 0xF1, 0xCA, 0x2E, 0x27, 0xB9, 0x05, 0xFA, 0x28, 0xED, 0xB4, 0x92, 0x45, 0xA9, 0xDF, 0x56, 0x3B, 0x7E, 0x2A, 0xD4, 0x7B, 0xC5, 0x7B, 0xCF, 0x37, 0xD2, 0xF4, 0x43 },
+    { 0x81, 0x74, 0xF5, 0xE8, 0xDF, 0xC9, 0x44, 0x1D, 0xBB, 0x7A, 0x18, 0x3D, 0x56, 0xF4, 0x31, 0xB1, 0xAE, 0xF9, 0x51, 0x3E, 0x74, 0x7A, 0x38, 0x78, 0xBB, 0x80, 0x6B, 0xAE, 0x27, 0x65, 0x5E, 0x3E },
+    { 0xE7, 0x3D, 0x4D, 0xDB, 0x9D, 0x24, 0x8B, 0xF2, 0xC0, 0xF8, 0xD4, 0x98, 0x92, 0xD7, 0x45, 0x5A, 0x4C, 0x30, 0x53, 0x15, 0x3D, 0xE7, 0xF7, 0x9B, 0xA4, 0x48, 0x7C, 0x7D, 0x82, 0x3F, 0x60, 0x5C },
+    { 0xB7, 0x3F, 0xA0, 0x40, 0x79, 0x26, 0x3F, 0x6A, 0x73, 0x3B, 0x67, 0x46, 0x65, 0x52, 0x78, 0x4B, 0x43, 0x61, 0x38, 0xF4, 0x1F, 0x80, 0xB7, 0x2C, 0x4D, 0x5D, 0x03, 0x93, 0x4B, 0x72, 0x20, 0x7D },
+    { 0xF3, 0xE0, 0x25, 0x8A, 0xED, 0x42, 0x83, 0xB5, 0x75, 0x6F, 0x9E, 0x4E, 0xA3, 0x68, 0xE1, 0x2B, 0x16, 0xC2, 0xB7, 0xC5, 0xC4, 0x80, 0x79, 0x4C, 0x40, 0xE5, 0xF0, 0xDD, 0x39, 0xF2, 0xD6, 0x52 },
+    { 0xD8, 0x9A, 0x57, 0x97, 0xFE, 0xF9, 0xEF, 0x6E, 0xBF, 0x9D, 0x9F, 0xB8, 0x57, 0x16, 0x81, 0xF7, 0xC9, 0xAF, 0xA8, 0x86, 0x11, 0x78, 0x7D, 0x47, 0xE7, 0x2B, 0x68, 0x4C, 0x5F, 0x1A, 0xA9, 0x0E },
+    { 0xE2, 0xFE, 0x24, 0x29, 0x61, 0x00, 0x47, 0x64, 0x7E, 0xEF, 0x2F, 0x7D, 0xFE, 0x14, 0xA2, 0x6D, 0x15, 0x74, 0xB7, 0x18, 0x87, 0xF9, 0x29, 0x06, 0xE7, 0x18, 0x4D, 0xBA, 0xE6, 0x05, 0x11, 0x37 },
+    { 0x7A, 0xE8, 0xC9, 0xD8, 0x56, 0x74, 0x93, 0x7C, 0xD7, 0xA6, 0x1B, 0xF4, 0xEA, 0xE6, 0xE2, 0x3D, 0x81, 0x1B, 0x19, 0xBF, 0x73, 0x5D, 0x9A, 0xAF, 0x37, 0xFB, 0x02, 0x57, 0x76, 0x71, 0xED, 0x34 },
+    { 0x68, 0xEF, 0x97, 0x1E, 0x32, 0x32, 0x65, 0x30, 0xD4, 0xD8, 0xAD, 0x09, 0x05, 0x1F, 0x81, 0x71, 0xD6, 0x8B, 0x93, 0xC8, 0xA9, 0x9A, 0xB1, 0xDA, 0x29, 0x06, 0xEE, 0xC4, 0x83, 0xD4, 0x2D, 0x32 },
+    { 0x10, 0x1C, 0x3B, 0x12, 0xC6, 0xA2, 0xE2, 0xA0, 0x5A, 0xE8, 0x25, 0xA9, 0x13, 0x03, 0x9F, 0x46, 0xC3, 0x03, 0xB1, 0xD9, 0x5E, 0x6D, 0x97, 0xA9, 0xAB, 0x90, 0xD3, 0xAE, 0x37, 0x4E, 0x84, 0x1D },
+    { 0xF3, 0x1B, 0x0B, 0x3A, 0xFB, 0x52, 0xA7, 0x1C, 0x2F, 0xD7, 0x99, 0x42, 0x9F, 0x7D, 0xAD, 0x07, 0x00, 0x5F, 0x8F, 0x2C, 0x29, 0x66, 0x4F, 0xEE, 0xFE, 0xB2, 0xB0, 0x5B, 0x41, 0x8A, 0x27, 0x5D },
+    { 0xAD, 0xBF, 0xED, 0xFA, 0xFA, 0x21, 0xD0, 0x3D, 0xEB, 0xDD, 0xAC, 0x0B, 0x71, 0x9A, 0x33, 0x3A, 0x24, 0x22, 0xB4, 0x4B, 0x16, 0xAD, 0x51, 0x36, 0xBA, 0xB5, 0xE3, 0x42, 0xC3, 0x9B, 0xF2, 0x34 },
+    { 0x5D, 0xEE, 0xE1, 0x0F, 0x53, 0x8B, 0x97, 0x2A, 0x36, 0x57, 0x63, 0x5F, 0x28, 0xEE, 0x7A, 0xE3, 0xC2, 0x25, 0x88, 0x8A, 0x0F, 0x65, 0xE7, 0xB4, 0xFF, 0x1A, 0xC4, 0x38, 0xBF, 0xDE, 0x9D, 0xAE },
+    { 0x65, 0xEB, 0x85, 0xCF, 0x95, 0x8A, 0xB4, 0x54, 0x21, 0xA3, 0x90, 0x52, 0xDD, 0x13, 0xE6, 0x10, 0x11, 0xDE, 0xDE, 0xC9, 0xB8, 0x9C, 0x16, 0x1B, 0xD7, 0xD1, 0xAC, 0xE2, 0xA4, 0x8A, 0x18, 0xA9 },
+    { 0x39, 0xB4, 0x04, 0x4B, 0x29, 0x5D, 0x51, 0x75, 0xBD, 0x6B, 0xD8, 0x00, 0x00, 0x21, 0x7B, 0x17, 0x57, 0x72, 0x7A, 0x98, 0x90, 0xF9, 0x37, 0x9C, 0xC7, 0xF6, 0x45, 0xF9, 0x4C, 0x49, 0xE0, 0xE4 },
+    { 0x57, 0xF3, 0x37, 0xD9, 0x14, 0x94, 0x8D, 0xFD, 0x58, 0xE4, 0xDB, 0x24, 0xC1, 0x43, 0x2E, 0x02, 0x0F, 0x5B, 0xAF, 0xE9, 0x2E, 0x11, 0x34, 0x7B, 0x5B, 0xD0, 0xBD, 0x80, 0x02, 0xCB, 0x16, 0x0A },
+    { 0xD6, 0xFB, 0x62, 0x23, 0xCC, 0x20, 0xD7, 0xCC, 0x67, 0x9E, 0x26, 0x4B, 0xB8, 0x9C, 0xE1, 0x6E, 0x76, 0xA0, 0xDB, 0xEA, 0x29, 0xB7, 0xF8, 0x3E, 0xF9, 0xA6, 0x8B, 0x5F, 0xC6, 0xBB, 0x74, 0x17 },
+    { 0xB6, 0x73, 0x10, 0x89, 0x42, 0xBA, 0x15, 0x82, 0xE5, 0xC2, 0x0E, 0xE0, 0x80, 0xF1, 0xAC, 0xFF, 0x71, 0xDF, 0xF6, 0x5F, 0x1B, 0x1E, 0xFB, 0xD9, 0xBC, 0xD4, 0xDF, 0x2C, 0x5C, 0x5F, 0x22, 0xE7 },
+    { 0x59, 0x53, 0x6E, 0xCD, 0x3B, 0x14, 0x32, 0x71, 0xCA, 0x76, 0x40, 0x50, 0x7D, 0xF7, 0xC7, 0x6D, 0x83, 0x60, 0x09, 0xE6, 0x2A, 0x2D, 0xA3, 0xA5, 0x9E, 0xA8, 0x52, 0x93, 0x42, 0xBC, 0x7C, 0x2B },
+    { 0xDA, 0x64, 0x28, 0x97, 0x3E, 0xF0, 0x53, 0x84, 0x7B, 0x80, 0x1C, 0x15, 0x3F, 0xDF, 0x0C, 0x18, 0xDD, 0x21, 0x28, 0xF6, 0x78, 0x18, 0x79, 0x68, 0x25, 0xC1, 0xD8, 0x2E, 0xB5, 0x93, 0xFA, 0x56 },
+    { 0xC2, 0xF9, 0xEA, 0xD3, 0x73, 0x0F, 0x79, 0xB7, 0xBA, 0x6C, 0xAC, 0x61, 0x2E, 0xBC, 0x10, 0x4D, 0xBC, 0x58, 0xB5, 0xBF, 0xD7, 0xEE, 0x3E, 0x25, 0x1C, 0xEA, 0x1C, 0x84, 0x99, 0xB9, 0xA0, 0xC7 },
+    { 0x83, 0xDF, 0xE7, 0x5F, 0x5F, 0x0C, 0x1A, 0x47, 0xBD, 0x68, 0xC5, 0x5E, 0xD2, 0xD4, 0x10, 0xE7, 0xA9, 0x2E, 0x31, 0x04, 0x8D, 0xB9, 0x76, 0xC6, 0xE7, 0xAC, 0x2E, 0x8F, 0x91, 0xB6, 0xFF, 0x8E },
+    { 0x5A, 0x3E, 0x2C, 0x7C, 0x87, 0x60, 0xA7, 0x10, 0x87, 0x23, 0xF0, 0x59, 0xA8, 0x3F, 0x45, 0x4C, 0xD7, 0xB7, 0x1B, 0x25, 0xE6, 0x4D, 0x62, 0x7B, 0xDA, 0xD7, 0xC4, 0x0F, 0xC4, 0x0D, 0x5F, 0xC9 },
+    { 0x8B, 0x3F, 0x7F, 0x61, 0x4B, 0x5C, 0xF2, 0xC0, 0x59, 0x88, 0xEC, 0xD5, 0x12, 0x5B, 0x90, 0x37, 0x7F, 0xEC, 0xDF, 0x3B, 0x34, 0x48, 0xC0, 0x36, 0x80, 0x4C, 0x01, 0xAA, 0x0C, 0xAE, 0x79, 0x5E },
+    { 0x04, 0xD8, 0xB5, 0x50, 0x7F, 0xEA, 0x71, 0xFA, 0x26, 0x2C, 0xC3, 0x1E, 0xCD, 0x88, 0x87, 0xFE, 0x38, 0xA8, 0x3D, 0xE7, 0x97, 0x50, 0xE2, 0x09, 0xEC, 0xA1, 0x9A, 0xF2, 0x43, 0x13, 0x8D, 0x7D },
+    { 0x09, 0x34, 0x6E, 0xEF, 0x65, 0xBF, 0x8E, 0xC3, 0x78, 0x6F, 0x32, 0x50, 0x8C, 0xEC, 0xA1, 0x29, 0x6B, 0x15, 0x68, 0x78, 0x86, 0x6A, 0x7A, 0xAD, 0xED, 0xF2, 0x7B, 0xF0, 0xCD, 0xF0, 0xCB, 0xE3 },
+    { 0x8D, 0x03, 0x50, 0x1C, 0x7D, 0x1C, 0x39, 0x3D, 0x29, 0xA8, 0x02, 0xAF, 0x66, 0xC3, 0x90, 0x45, 0x91, 0xEE, 0x27, 0x54, 0xE4, 0x73, 0x35, 0x30, 0x0B, 0xC0, 0xD9, 0x13, 0x6E, 0x12, 0x60, 0x53 },
+    { 0x8D, 0x59, 0xDA, 0x20, 0x66, 0x6E, 0x08, 0xE9, 0xE9, 0xCE, 0x3E, 0x21, 0x57, 0x06, 0x1E, 0x05, 0xED, 0xB5, 0x24, 0xFE, 0xC1, 0xE5, 0xBD, 0x2E, 0xAA, 0x5C, 0x67, 0x1D, 0xCB, 0x4F, 0xA2, 0x13 },
+    { 0xEA, 0xC3, 0xD6, 0x4C, 0x73, 0xCF, 0x7B, 0x22, 0x7F, 0xD4, 0xF1, 0xAB, 0x19, 0xA8, 0x18, 0xE0, 0x38, 0xEE, 0x88, 0x6D, 0xAC, 0xBB, 0xB1, 0x19, 0x80, 0x06, 0xE6, 0x15, 0x28, 0xD5, 0x81, 0x2B },
+    { 0x7B, 0xAA, 0x9B, 0xAB, 0x9B, 0x83, 0xCD, 0x99, 0xE3, 0x3F, 0x5F, 0xE1, 0xA7, 0xCA, 0x89, 0x9F, 0x6E, 0x29, 0x1B, 0x64, 0xB7, 0xE8, 0xB8, 0xBD, 0x5B, 0x57, 0xC9, 0xA5, 0xE7, 0xCB, 0x6A, 0x4D },
+    { 0x69, 0xF5, 0x50, 0x60, 0xBE, 0xC5, 0x85, 0x6A, 0xDB, 0x38, 0x31, 0xE0, 0x12, 0xB9, 0xC5, 0x57, 0xB9, 0xF8, 0x89, 0xC4, 0x88, 0xAB, 0xF9, 0x80, 0xD4, 0xAB, 0xF5, 0xD1, 0x2D, 0x16, 0xFB, 0xD7 },
+    { 0xDF, 0x1A, 0x5F, 0x6C, 0x90, 0xB9, 0x12, 0xFA, 0xB4, 0x9F, 0x7E, 0xC1, 0x0C, 0xB9, 0xEC, 0x65, 0x24, 0xFF, 0xD4, 0xA6, 0x08, 0x96, 0x87, 0x49, 0x5C, 0xF1, 0xAB, 0xAB, 0x5B, 0xE2, 0x74, 0xEC },
+    { 0x0B, 0xC3, 0x49, 0xEC, 0x69, 0xCA, 0x11, 0x00, 0x1A, 0x8E, 0x12, 0x28, 0x15, 0x87, 0x20, 0x09, 0x6A, 0x14, 0xCF, 0x85, 0xBD, 0x29, 0x0C, 0x91, 0x02, 0x63, 0xC0, 0x54, 0xE5, 0x34, 0xE9, 0x61 },
+    { 0x61, 0x6E, 0x59, 0xE4, 0x4C, 0x50, 0xCF, 0x97, 0x53, 0x60, 0x34, 0xCD, 0xB1, 0xF7, 0x58, 0xCD, 0x87, 0x31, 0x80, 0x69, 0xDB, 0x16, 0x58, 0xEA, 0xFE, 0x24, 0xBA, 0x6F, 0x87, 0x94, 0xF2, 0xE1 },
+    { 0x89, 0x18, 0xA5, 0xA4, 0x39, 0x26, 0x77, 0x19, 0x97, 0x06, 0xF5, 0x51, 0x93, 0x40, 0x39, 0x67, 0x66, 0xB8, 0xA5, 0x42, 0xC0, 0xD6, 0x10, 0x04, 0xF3, 0x32, 0xB0, 0xF7, 0x8E, 0x08, 0xFF, 0xFC },
+    { 0x1D, 0xCA, 0x09, 0x04, 0xEF, 0xC4, 0xB2, 0xA6, 0x70, 0xD9, 0x92, 0x21, 0xDA, 0x00, 0x36, 0xE7, 0x72, 0x60, 0x85, 0x7F, 0x5F, 0x75, 0xAB, 0x9B, 0xD4, 0x84, 0x31, 0x5D, 0x75, 0xF4, 0x06, 0x61 },
+    { 0xF8, 0x2C, 0xAA, 0x09, 0x46, 0x85, 0x9D, 0x55, 0x90, 0x96, 0x7B, 0x4D, 0xE9, 0x88, 0xFB, 0xBB, 0xD4, 0xD1, 0x0B, 0x6F, 0x17, 0xB3, 0x5B, 0x64, 0x50, 0x4F, 0x45, 0x4E, 0x4A, 0x98, 0x2D, 0x45 },
+    { 0xC1, 0x7D, 0x00, 0x26, 0x09, 0x4D, 0xD5, 0x0A, 0xF6, 0x57, 0xB2, 0x46, 0x40, 0x01, 0x73, 0xB3, 0x2A, 0x90, 0x3A, 0x60, 0xB5, 0x71, 0xB3, 0x96, 0xCB, 0xD7, 0xED, 0x01, 0x86, 0x4C, 0x0A, 0x3F },
+    { 0xF7, 0x00, 0x7B, 0xFC, 0xE4, 0x08, 0x1B, 0xAE, 0x52, 0x09, 0x9F, 0x49, 0x36, 0x2A, 0xB4, 0xF5, 0x52, 0x4C, 0xAB, 0x14, 0xCB, 0x2A, 0xF5, 0xBC, 0x7A, 0x03, 0x97, 0xFA, 0xC2, 0x6A, 0x52, 0x2F },
+    { 0xC9, 0x5A, 0x87, 0x77, 0x5B, 0x94, 0x14, 0xAF, 0x89, 0x7F, 0x8E, 0xCE, 0xC4, 0xAD, 0x93, 0x80, 0xFF, 0x22, 0x09, 0xB4, 0x43, 0xA7, 0x8C, 0xD7, 0x5A, 0x37, 0x3B, 0xFF, 0x31, 0xE2, 0xCA, 0xBD },
+    { 0xDE, 0x2C, 0xF2, 0x65, 0x4C, 0x3E, 0xE7, 0x1F, 0xBB, 0x3B, 0x7C, 0x77, 0x89, 0xD8, 0x3E, 0x0D, 0xE2, 0xED, 0x5D, 0x65, 0xA2, 0xC1, 0xBC, 0x55, 0xEA, 0x61, 0x6B, 0x94, 0xCC, 0xA1, 0x6F, 0xD4 },
+    { 0xEE, 0x03, 0x42, 0xA5, 0x5A, 0x49, 0x6A, 0xF5, 0x23, 0xC9, 0x6D, 0x37, 0x1A, 0x5D, 0xD4, 0x51, 0xFC, 0x6F, 0x79, 0x30, 0xB6, 0x72, 0x05, 0xA9, 0xCC, 0x21, 0x83, 0x42, 0xC2, 0x0A, 0xD0, 0x37 },
+    { 0x68, 0x77, 0xCC, 0x1F, 0xA2, 0x98, 0x8A, 0xC9, 0x82, 0xAC, 0xB9, 0x78, 0x9A, 0x4B, 0xF0, 0xB4, 0xF3, 0xA0, 0x47, 0x00, 0xC7, 0x42, 0x67, 0x92, 0x3B, 0x33, 0x8C, 0x84, 0x09, 0x2B, 0x05, 0x9B },
+    { 0x9B, 0x9A, 0x38, 0xAA, 0x1C, 0x3B, 0x28, 0x91, 0x9F, 0x38, 0x76, 0x06, 0xF5, 0x3D, 0x9B, 0xE1, 0x24, 0xC4, 0xC9, 0x83, 0x72, 0x2D, 0x72, 0xAC, 0xE9, 0x2A, 0x26, 0x6E, 0x56, 0x38, 0x32, 0xB5 },
+    { 0x8F, 0xE7, 0x93, 0x64, 0xF6, 0x31, 0x96, 0x42, 0x3F, 0x94, 0xCD, 0x66, 0x32, 0xC2, 0x05, 0xF3, 0x7E, 0x3E, 0x56, 0xB9, 0xFE, 0x10, 0x0E, 0x95, 0x85, 0x6E, 0xBF, 0x0A, 0x31, 0x22, 0xCD, 0x06 },
+    { 0x3F, 0xE4, 0x76, 0x7D, 0x58, 0x56, 0x49, 0x03, 0x23, 0x8B, 0xFC, 0xF2, 0xD9, 0xFD, 0x42, 0x9E, 0xE2, 0x59, 0x2A, 0xE1, 0xF5, 0xFD, 0x18, 0x41, 0x73, 0xB9, 0x02, 0x0D, 0x63, 0x70, 0x42, 0xDD },
+    { 0x8B, 0xBA, 0x96, 0x56, 0x1C, 0x8F, 0xB5, 0x38, 0x04, 0x2F, 0xC9, 0x94, 0x68, 0x11, 0xEA, 0xD5, 0xDE, 0x15, 0xEE, 0xB1, 0xA5, 0x1C, 0x03, 0x8A, 0x5B, 0xCF, 0x59, 0x04, 0x8B, 0xC5, 0x6E, 0x55 },
+    { 0xE1, 0xCD, 0x83, 0xFB, 0xEA, 0xAD, 0x30, 0xCA, 0x83, 0x8E, 0xD4, 0x6B, 0xE1, 0xC1, 0x4B, 0x0B, 0x5C, 0x82, 0x7F, 0xE1, 0xCE, 0xB8, 0xBB, 0x27, 0x73, 0xF2, 0xF0, 0xBE, 0x62, 0x73, 0x10, 0xBE },
+    { 0x42, 0xEA, 0x5C, 0x76, 0xC9, 0xC1, 0xB7, 0x39, 0x48, 0x2E, 0xF1, 0x7A, 0xB8, 0x36, 0x48, 0x64, 0xC3, 0x9C, 0xA2, 0xF6, 0xA1, 0xA2, 0xCC, 0xEA, 0x13, 0x37, 0x5E, 0x7D, 0x57, 0xFF, 0xE8, 0xD0 },
+    { 0x98, 0xDC, 0x28, 0x46, 0xF3, 0xCC, 0xC9, 0x25, 0x15, 0x3C, 0xD9, 0x69, 0x29, 0x6F, 0xA4, 0x6B, 0xB2, 0x2B, 0xD7, 0x85, 0xC1, 0x9F, 0xB6, 0xEC, 0x4C, 0xB1, 0x85, 0xA6, 0x19, 0x3B, 0x6A, 0xBA },
+    { 0x4E, 0xFD, 0xA9, 0xA9, 0xFB, 0xCA, 0xBE, 0xA7, 0xEE, 0xE9, 0x29, 0xBF, 0x56, 0xA9, 0x38, 0xE9, 0x7C, 0x14, 0x50, 0x34, 0xB2, 0xA5, 0xAE, 0xD8, 0x70, 0xB9, 0x6B, 0x10, 0x5C, 0xE5, 0x54, 0xB4 },
+    { 0x1B, 0xBE, 0x63, 0x6A, 0x93, 0xEB, 0xAD, 0x11, 0xA4, 0x34, 0xCC, 0x20, 0xA6, 0x11, 0xA1, 0xD2, 0x97, 0x87, 0x86, 0x02, 0xA1, 0x35, 0x56, 0x5F, 0x44, 0xA4, 0x7F, 0xB9, 0x41, 0x7A, 0x37, 0x1B },
+    { 0x71, 0xEE, 0x60, 0x45, 0xF3, 0x5F, 0x48, 0xA6, 0xBF, 0xD4, 0x13, 0x89, 0x9A, 0x63, 0x44, 0x9E, 0xE0, 0x7F, 0x84, 0x39, 0x9E, 0xA0, 0x30, 0x3F, 0x92, 0x78, 0x63, 0x11, 0xA1, 0xED, 0x6F, 0x5D },
+    { 0xE2, 0x35, 0xDE, 0x00, 0xB2, 0x25, 0xFA, 0xD9, 0x54, 0x7E, 0x21, 0x90, 0xB0, 0xA4, 0xD2, 0x1F, 0xFB, 0xCF, 0xB8, 0x5F, 0xB0, 0x78, 0xF5, 0x02, 0x21, 0xDD, 0xE4, 0x72, 0x9A, 0x14, 0xB3, 0x1B },
+    { 0x39, 0xAB, 0xCC, 0xF1, 0x7E, 0xCD, 0x6E, 0xFD, 0x35, 0xD2, 0x02, 0xD9, 0x11, 0x00, 0x67, 0x62, 0x4A, 0x55, 0x23, 0xCF, 0xC2, 0xD8, 0xBE, 0x59, 0x34, 0x91, 0x6F, 0x0B, 0x20, 0xDE, 0x72, 0x63 },
+    { 0xDD, 0x49, 0xC0, 0xE2, 0x19, 0x90, 0x6A, 0x2B, 0xC0, 0x18, 0x2E, 0x3D, 0x35, 0x26, 0x5D, 0x63, 0xE6, 0x3E, 0xD8, 0x66, 0xF9, 0x2F, 0xC7, 0x83, 0xB9, 0x70, 0x9B, 0x6C, 0x2C, 0x65, 0x91, 0x99 },
+    { 0xD6, 0x26, 0x34, 0x62, 0xA6, 0xDE, 0x69, 0x49, 0x93, 0x42, 0x7A, 0xD9, 0x83, 0x2A, 0xBA, 0xF4, 0x80, 0xAB, 0x43, 0xBF, 0x11, 0xEF, 0x50, 0x93, 0x46, 0xB2, 0x0B, 0xA9, 0x55, 0x40, 0x6A, 0x02 },
+    { 0xD0, 0xC1, 0xD6, 0xAF, 0x24, 0x57, 0xAD, 0xA5, 0x5B, 0xFD, 0x29, 0xF7, 0xD8, 0xF7, 0x34, 0x3E, 0x13, 0x42, 0x68, 0x76, 0x77, 0xCE, 0x91, 0xDC, 0xF2, 0xC5, 0x80, 0x81, 0xA0, 0xB9, 0x3C, 0xE7 },
+    { 0x93, 0x2E, 0xFA, 0x57, 0x01, 0xF0, 0xAB, 0x3A, 0x6C, 0x8C, 0xD8, 0x1D, 0x7A, 0x22, 0x20, 0x76, 0x8B, 0x67, 0xBD, 0x8C, 0xC6, 0x0D, 0xF6, 0xE0, 0x05, 0xDD, 0x78, 0x45, 0x74, 0x58, 0xB2, 0xDF },
+    { 0x68, 0xA8, 0xC1, 0x33, 0xF7, 0x44, 0x89, 0xEB, 0x9A, 0x31, 0x09, 0x8D, 0x51, 0xC1, 0x03, 0x8A, 0xE9, 0xF2, 0xF4, 0xDF, 0x08, 0x45, 0x94, 0x77, 0x84, 0x07, 0x1D, 0x8A, 0xF7, 0x02, 0x47, 0x5E },
+    { 0x01, 0x6D, 0xD6, 0xC8, 0xCB, 0x1E, 0x89, 0x1E, 0x3D, 0xD2, 0x88, 0x2A, 0x11, 0x2F, 0x1A, 0x0C, 0x91, 0x1C, 0x93, 0xC9, 0xCE, 0x19, 0x70, 0xE4, 0x0E, 0xCB, 0xB3, 0x41, 0x9F, 0x8F, 0x77, 0x5B },
+    { 0x5E, 0xC2, 0x26, 0x2D, 0x5D, 0x60, 0x8F, 0xA1, 0xFB, 0xF5, 0xC1, 0xAB, 0xAE, 0x40, 0x51, 0xF0, 0xB2, 0x5C, 0xE1, 0x00, 0xF0, 0x60, 0x28, 0x4B, 0xA5, 0xFA, 0x4C, 0xC8, 0x67, 0x44, 0xEF, 0xCC },
+    { 0x79, 0x5F, 0x79, 0x7D, 0xBC, 0x43, 0x5E, 0x02, 0xB2, 0x58, 0x89, 0xC3, 0xA6, 0x13, 0x8C, 0xBA, 0xF6, 0x0C, 0x03, 0x9A, 0x34, 0x26, 0xCC, 0xCA, 0xD2, 0xCD, 0x04, 0x14, 0x2D, 0x18, 0x2C, 0x2E },
+    { 0xAC, 0x57, 0xEB, 0x3E, 0x68, 0xDA, 0xB7, 0x50, 0xCC, 0x07, 0xE7, 0xBF, 0xD1, 0x4E, 0xDC, 0x6E, 0xEB, 0x60, 0xDC, 0xAE, 0xF9, 0xB1, 0x8D, 0xE9, 0x2A, 0xD4, 0xDA, 0x88, 0x18, 0x7D, 0x4D, 0xB2 },
+    { 0x94, 0x19, 0xBD, 0x21, 0x31, 0x29, 0x17, 0x7E, 0x99, 0x1E, 0x4D, 0x82, 0x46, 0xAE, 0x7B, 0xA0, 0x99, 0x41, 0x85, 0xEF, 0x63, 0xC9, 0xD7, 0x17, 0x92, 0x79, 0x80, 0x90, 0xCB, 0xEF, 0x12, 0x20 },
+    { 0x12, 0xA1, 0x2F, 0xD1, 0xC5, 0x21, 0x8E, 0x36, 0x04, 0x64, 0xAC, 0x1D, 0x9F, 0x06, 0x27, 0xFD, 0xBA, 0xEF, 0xAC, 0x20, 0x77, 0xB3, 0xE6, 0x76, 0xF1, 0xF4, 0xC4, 0x56, 0x30, 0x51, 0xE2, 0xA3 },
+    { 0xDB, 0x6E, 0x9E, 0x55, 0x4B, 0x0B, 0x97, 0x0B, 0x9B, 0x51, 0x62, 0x99, 0xE1, 0xBD, 0xAA, 0x60, 0xC1, 0x40, 0x26, 0xB3, 0x56, 0x21, 0x0A, 0x1D, 0xE5, 0xC7, 0x73, 0x9B, 0x5F, 0x15, 0x0E, 0xC5 },
+    { 0x52, 0x21, 0xD8, 0x21, 0xBD, 0xDD, 0x3C, 0x00, 0xF2, 0xCD, 0xD4, 0x54, 0xBD, 0x74, 0xF4, 0x2B, 0x8B, 0x0E, 0xD1, 0xBE, 0xB7, 0x85, 0x78, 0x3F, 0xDA, 0x3F, 0x69, 0x36, 0xDD, 0xB9, 0x7E, 0xB2 },
+    { 0xF4, 0x11, 0x4B, 0xDC, 0x9B, 0x16, 0x89, 0xD9, 0x03, 0x47, 0x13, 0x50, 0x71, 0x0B, 0xDB, 0xD4, 0x3E, 0xB1, 0xCE, 0x6B, 0x95, 0xCB, 0xFB, 0x10, 0x64, 0xAE, 0x9D, 0x64, 0x76, 0x66, 0x6A, 0xAD },
+    { 0xE8, 0xD9, 0x68, 0x64, 0xF9, 0xC9, 0x64, 0x65, 0xB6, 0x8D, 0x5C, 0x9A, 0x47, 0x1D, 0x81, 0x42, 0x40, 0x0D, 0x4D, 0x65, 0x31, 0x28, 0xD0, 0x20, 0x0E, 0xE7, 0xD4, 0x1A, 0xD9, 0xBA, 0x0A, 0xA6 },
+    { 0x28, 0xFA, 0x2B, 0xEF, 0x73, 0x7A, 0xEB, 0x04, 0xDD, 0x29, 0x62, 0xA8, 0x92, 0x80, 0xF8, 0x2B, 0xA2, 0x2D, 0x77, 0xC5, 0x0D, 0x5A, 0x08, 0xCA, 0x17, 0xE2, 0x85, 0xC4, 0xC8, 0x45, 0x0A, 0xD8 },
+    { 0x10, 0x91, 0x79, 0xAC, 0xE5, 0x3C, 0x0D, 0xF7, 0x90, 0xEA, 0x44, 0x92, 0xC5, 0xC0, 0xCA, 0xCD, 0xBF, 0x86, 0x68, 0x87, 0x7D, 0xC4, 0x24, 0x57, 0xCE, 0xEE, 0xD9, 0x3C, 0x23, 0x49, 0x1A, 0xE5 },
+    { 0x1E, 0x3E, 0xAC, 0xB4, 0xAE, 0xE9, 0x43, 0x7A, 0x8D, 0x09, 0x97, 0xFF, 0xBB, 0x47, 0xAA, 0x1D, 0x0A, 0xB0, 0x62, 0x5D, 0x0B, 0x36, 0xD7, 0x91, 0x3D, 0xF1, 0xDD, 0xA5, 0x91, 0xB4, 0xE4, 0xC1 },
+    { 0x01, 0xB3, 0xD5, 0x15, 0xDA, 0x8F, 0x67, 0x3C, 0x6F, 0x37, 0x29, 0xB9, 0xFD, 0xFB, 0xBD, 0xC5, 0x04, 0x42, 0xE7, 0x9C, 0xD2, 0x91, 0x7D, 0x33, 0x79, 0x2C, 0x62, 0x0F, 0xD7, 0xF8, 0x86, 0x21 },
+    { 0xEC, 0xC8, 0x94, 0x08, 0xF1, 0x50, 0x24, 0x83, 0xCE, 0xA9, 0x51, 0x7A, 0xAF, 0xBE, 0x0B, 0x49, 0x56, 0x86, 0xEF, 0x05, 0x1B, 0x63, 0x59, 0x7C, 0x32, 0x09, 0x04, 0x24, 0x05, 0x37, 0x5B, 0x1F },
+    { 0x71, 0xC2, 0x6B, 0x89, 0x5C, 0x7B, 0x60, 0xC7, 0x91, 0x39, 0x84, 0x0B, 0xCD, 0x33, 0xC1, 0x67, 0x26, 0x5C, 0xA9, 0xD0, 0xFB, 0xDD, 0xE1, 0xAB, 0x7D, 0x07, 0x92, 0xDF, 0x8F, 0x65, 0xF8, 0x2E },
+    { 0xD9, 0xF9, 0xAB, 0x23, 0x43, 0x82, 0x8B, 0x07, 0x1C, 0x88, 0x1F, 0x8F, 0xC5, 0x95, 0x21, 0x24, 0xBD, 0xF6, 0x11, 0xDB, 0xD4, 0xCA, 0x32, 0xDC, 0xB8, 0xE5, 0xDE, 0x1D, 0x37, 0x03, 0xA9, 0xDD },
+    { 0x04, 0x42, 0xF8, 0x22, 0xDC, 0xF8, 0x1C, 0xD7, 0xC0, 0xE0, 0x82, 0x20, 0x08, 0xD5, 0x96, 0x79, 0xF9, 0xBF, 0x32, 0x6E, 0x9F, 0xAD, 0x51, 0x33, 0x9B, 0x6F, 0xC2, 0x98, 0x1C, 0x28, 0xB0, 0x60 },
+    { 0x6F, 0x3A, 0x59, 0x60, 0x5D, 0x92, 0x08, 0xE9, 0x92, 0xB2, 0x81, 0x30, 0xFD, 0xCD, 0xFA, 0x44, 0x24, 0xF0, 0x57, 0xB1, 0x6F, 0xDF, 0x27, 0x8B, 0xA1, 0x5E, 0x82, 0x3C, 0x82, 0xC3, 0xCA, 0xAD },
+    { 0x3D, 0x72, 0x09, 0xF5, 0x29, 0x5A, 0x8C, 0x68, 0x8A, 0x1F, 0xE8, 0xC6, 0x3E, 0xA8, 0xDC, 0x6B, 0xCB, 0x88, 0x70, 0x70, 0xFF, 0x7D, 0xC7, 0xC9, 0x5D, 0x2B, 0x66, 0xEE, 0x07, 0xF0, 0x4B, 0x0E },
+    { 0x1C, 0x03, 0x30, 0xA5, 0xE5, 0x50, 0x0B, 0xB4, 0xC6, 0x62, 0x38, 0x3E, 0x04, 0xC5, 0xB9, 0x0C, 0x7F, 0x91, 0x43, 0xFC, 0x13, 0xD0, 0xCB, 0x78, 0xCF, 0x77, 0x44, 0xBA, 0xA1, 0x20, 0x80, 0x82 },
+    { 0xF8, 0x9A, 0x6F, 0xB2, 0xDE, 0x52, 0x6E, 0x15, 0x65, 0x33, 0xBB, 0x67, 0x56, 0x2B, 0x85, 0x7C, 0xDA, 0xB5, 0x0A, 0x78, 0x87, 0x5A, 0xDD, 0x41, 0xC5, 0xE5, 0x22, 0xB0, 0xF7, 0xFD, 0x92, 0x4B },
+    { 0xD9, 0x13, 0x64, 0x69, 0xC5, 0x96, 0x7A, 0x6A, 0x9A, 0x75, 0xD5, 0x9B, 0xF1, 0x9D, 0x60, 0x85, 0x3C, 0x05, 0x70, 0x93, 0xF0, 0x28, 0x53, 0x81, 0xEA, 0x6B, 0x8B, 0x8D, 0xA8, 0x4C, 0x47, 0x16 },
+    { 0x14, 0x3A, 0xA1, 0x39, 0xE2, 0xD5, 0xF0, 0xD4, 0xAA, 0xBF, 0x8A, 0x5A, 0x0A, 0x93, 0xFB, 0x4F, 0x7C, 0x33, 0xD8, 0xB0, 0xC7, 0xB0, 0xB6, 0x32, 0x63, 0x87, 0xEE, 0x05, 0x59, 0xFF, 0x30, 0x13 },
+    { 0x2F, 0xBB, 0x84, 0x7B, 0xDD, 0x33, 0x22, 0x18, 0x8B, 0x24, 0x9C, 0x7F, 0x51, 0x6B, 0x8B, 0x39, 0x14, 0x33, 0x37, 0x7F, 0x8C, 0x70, 0x08, 0x4B, 0x71, 0xB6, 0x7A, 0x2F, 0x11, 0x3A, 0x5D, 0x86 },
+    { 0xA3, 0xA8, 0x04, 0x43, 0xAB, 0xD7, 0xD7, 0xC2, 0xBF, 0x99, 0x50, 0x93, 0x24, 0x65, 0x93, 0x1B, 0x81, 0x19, 0x72, 0x3D, 0x7A, 0xB9, 0x39, 0x69, 0x1F, 0x5D, 0x47, 0x0A, 0x42, 0x38, 0xE1, 0x00 },
+    { 0xDB, 0x73, 0x26, 0x49, 0x74, 0x45, 0xD8, 0x35, 0x71, 0xBE, 0xE8, 0x9E, 0xE3, 0x25, 0x57, 0x22, 0x45, 0x9F, 0x6F, 0x8F, 0x8E, 0x1C, 0xE6, 0x47, 0x42, 0x00, 0x16, 0xDD, 0x2D, 0x2A, 0x5C, 0x17 },
+    { 0x16, 0xF2, 0x76, 0xF5, 0xD5, 0x6B, 0xAC, 0x03, 0x8C, 0x9D, 0x3A, 0x5E, 0xA2, 0x54, 0xB7, 0x7D, 0x09, 0xDD, 0xBB, 0x90, 0x3F, 0x90, 0x07, 0x38, 0xC9, 0x3A, 0xC8, 0xFF, 0x0B, 0x14, 0x3C, 0xD8 },
+    { 0xC1, 0x18, 0x12, 0x3A, 0xEB, 0x58, 0x91, 0xEB, 0xF5, 0xAA, 0x8F, 0x88, 0x09, 0x58, 0x8A, 0xD4, 0xEC, 0x3E, 0xD8, 0x84, 0x01, 0x51, 0x43, 0x38, 0x87, 0x4F, 0xE0, 0x13, 0xAF, 0xED, 0xA7, 0xB7 },
+    { 0x2D, 0x4B, 0x38, 0x20, 0x3A, 0x1F, 0xAF, 0x9C, 0x02, 0x2F, 0x7A, 0x72, 0xAE, 0x38, 0x15, 0x6F, 0x87, 0x16, 0x3B, 0x5A, 0xE0, 0x34, 0x6C, 0xDB, 0xE4, 0x81, 0x71, 0xC2, 0x36, 0x63, 0x70, 0xBB },
+    { 0x4E, 0x59, 0xD0, 0xC2, 0xFA, 0x79, 0x4C, 0x2D, 0xE1, 0x87, 0xA2, 0x82, 0xA3, 0x01, 0x11, 0x7F, 0xC7, 0xC1, 0xBA, 0x7F, 0x8B, 0x87, 0xF9, 0x23, 0x91, 0x7F, 0x65, 0x08, 0x66, 0xE8, 0x99, 0xAF },
+    { 0x24, 0x82, 0xDD, 0xDB, 0xED, 0xF1, 0x66, 0x89, 0xA9, 0x50, 0x39, 0x2E, 0xC3, 0xDB, 0xBD, 0xFF, 0x56, 0xC8, 0x05, 0x13, 0xAC, 0x0C, 0x06, 0xB9, 0x14, 0xEE, 0x62, 0x25, 0xEE, 0xBE, 0xFA, 0xA8 },
+    { 0xE7, 0xAB, 0x91, 0x00, 0x62, 0x37, 0x10, 0x77, 0x7E, 0x1D, 0xDD, 0xCB, 0x29, 0xDE, 0xEA, 0xDF, 0x82, 0x2F, 0x60, 0x12, 0x0A, 0xBA, 0x12, 0xEE, 0x97, 0x3C, 0x03, 0x26, 0x98, 0xAB, 0x1A, 0xF5 },
+    { 0xC0, 0x9F, 0xF3, 0x9C, 0x44, 0x61, 0x22, 0xC8, 0x3A, 0xE1, 0x99, 0xD4, 0xA7, 0xF4, 0x83, 0x5D, 0x56, 0x28, 0xD5, 0xD8, 0x05, 0x4B, 0xA5, 0xFD, 0x6C, 0xF9, 0x13, 0xB8, 0x43, 0x5E, 0x36, 0x58 },
+    { 0xBC, 0xF2, 0xAD, 0x08, 0x34, 0xE7, 0x32, 0x41, 0xD7, 0x19, 0xB8, 0x34, 0x81, 0x24, 0x0A, 0x2A, 0xEA, 0x52, 0xF7, 0x6F, 0xF2, 0x84, 0x07, 0xC2, 0x03, 0x46, 0xE9, 0x37, 0x34, 0xEF, 0x11, 0x2C },
+    { 0x9E, 0xBA, 0x4A, 0xC2, 0x16, 0xC6, 0xF0, 0x22, 0x9B, 0x39, 0xB9, 0xF3, 0x00, 0x60, 0x0B, 0x59, 0x3B, 0x15, 0x12, 0xE1, 0x8B, 0xDB, 0x1B, 0x23, 0x9C, 0x74, 0x44, 0x3D, 0x9B, 0xEC, 0xCA, 0x79 },
+    { 0xA3, 0x43, 0x92, 0xBF, 0x6D, 0x91, 0x2C, 0xE8, 0x55, 0xD7, 0xE3, 0xF9, 0xE7, 0x40, 0x9C, 0x95, 0x7A, 0xD3, 0x73, 0x33, 0x15, 0x43, 0x58, 0x88, 0xA5, 0x0F, 0xE9, 0x45, 0x1E, 0xAF, 0xE8, 0x97 },
+    { 0xCA, 0x6B, 0xB7, 0xB7, 0x30, 0xCC, 0xE8, 0x3E, 0x1D, 0x56, 0xA9, 0x58, 0xE2, 0x65, 0x01, 0xA7, 0xE0, 0x23, 0x09, 0x3B, 0xBF, 0xA5, 0x6A, 0x84, 0x47, 0xBF, 0xBA, 0x1C, 0x4A, 0xEE, 0x99, 0xB1 },
+    { 0x6B, 0xC9, 0xEE, 0x6F, 0x43, 0xDC, 0xC7, 0x61, 0xFB, 0x5A, 0x28, 0x3B, 0xF4, 0x0D, 0x5C, 0xF0, 0xAB, 0x62, 0x10, 0x03, 0xF3, 0xF3, 0xE7, 0x74, 0x5E, 0x54, 0x18, 0xDA, 0xF6, 0x50, 0x98, 0x62 },
+    { 0x9F, 0xDD, 0xCE, 0x99, 0x46, 0xF8, 0x72, 0xC1, 0x95, 0x98, 0xF4, 0xD3, 0x11, 0x78, 0xEB, 0x7F, 0x76, 0x15, 0x5B, 0x03, 0x0C, 0x96, 0xB8, 0x75, 0xB5, 0x5B, 0x20, 0x3B, 0xC7, 0xE2, 0x68, 0xDB },
+    { 0x02, 0x5C, 0xD3, 0x4B, 0x3C, 0x2A, 0x4D, 0x4A, 0x8F, 0x23, 0xC1, 0x7A, 0x7D, 0x08, 0x14, 0xBE, 0x7E, 0x39, 0x11, 0xB4, 0x4B, 0x32, 0x07, 0xC5, 0xBF, 0x30, 0x86, 0x2F, 0x14, 0x66, 0xA6, 0xAA },
+    { 0x30, 0xC7, 0x54, 0x10, 0xF7, 0xE5, 0x64, 0x67, 0x86, 0x21, 0x4A, 0xEB, 0x82, 0xE9, 0xF9, 0x9B, 0xA2, 0xC4, 0xA9, 0x73, 0x6A, 0x94, 0x7F, 0x8C, 0x5C, 0x21, 0x53, 0x05, 0x50, 0x0C, 0x47, 0x78 },
+    { 0xA4, 0xA7, 0xA8, 0xE6, 0x39, 0xF8, 0xBB, 0x6C, 0x6C, 0xBA, 0x0D, 0x36, 0x5A, 0xF4, 0x47, 0x0D, 0x05, 0x1C, 0xB9, 0xAF, 0x23, 0x50, 0x58, 0x10, 0x8B, 0x58, 0x66, 0xD9, 0x75, 0x47, 0xB7, 0x94 },
+    { 0x7A, 0x5E, 0xE3, 0xC9, 0xED, 0xF1, 0x68, 0x94, 0x03, 0xF3, 0x12, 0x7E, 0xBE, 0x09, 0x50, 0x24, 0xCB, 0x4C, 0x27, 0xCD, 0xFD, 0xDC, 0x4D, 0xA1, 0xA2, 0x9B, 0xA1, 0xD0, 0x0B, 0x31, 0xBD, 0xC0 },
+    { 0xC3, 0xD0, 0x9E, 0x4B, 0xC6, 0xE6, 0x53, 0x73, 0xFE, 0xEB, 0xD4, 0x75, 0x9C, 0x1D, 0xCC, 0xD3, 0x39, 0xFE, 0xC8, 0x3D, 0xAF, 0x7F, 0x25, 0x71, 0xF0, 0x13, 0x70, 0x4C, 0x5A, 0x58, 0x76, 0xA6 },
+    { 0x22, 0xAF, 0x4C, 0xF6, 0x8A, 0xE5, 0x4A, 0x50, 0xF2, 0x8E, 0x88, 0x7A, 0x6D, 0x8C, 0xBE, 0xAA, 0xCF, 0x73, 0xA2, 0xF4, 0x6F, 0x50, 0xE1, 0xE9, 0xE9, 0xAA, 0x01, 0x70, 0x61, 0x17, 0xD1, 0x70 },
+    { 0xC0, 0x4B, 0x8D, 0x20, 0x0E, 0x33, 0x2C, 0x08, 0x77, 0x85, 0x1B, 0xF7, 0x2B, 0xD6, 0xBD, 0x80, 0xE1, 0x06, 0x2D, 0x8F, 0x8E, 0x17, 0xE5, 0xE0, 0xBF, 0xA6, 0x05, 0x2C, 0x1D, 0x66, 0xAC, 0x1A },
+    { 0x7A, 0xAC, 0x51, 0x99, 0x61, 0x71, 0xFC, 0x36, 0x12, 0xB3, 0x6F, 0x9C, 0x06, 0x18, 0xC0, 0x65, 0x74, 0xE6, 0x42, 0x43, 0xED, 0x66, 0xC0, 0xAF, 0x60, 0x01, 0xA6, 0x87, 0x82, 0x98, 0x9C, 0x70 },
+    { 0x59, 0x06, 0xE5, 0xAF, 0x50, 0x09, 0x72, 0xB8, 0xC0, 0xEB, 0x6B, 0x2F, 0x18, 0x7A, 0x49, 0x73, 0x55, 0xE7, 0x7B, 0x59, 0xEB, 0xB6, 0xD1, 0x12, 0x21, 0xDC, 0xC9, 0x82, 0xB8, 0x85, 0xA4, 0x94 },
+    { 0xB2, 0xD6, 0xC8, 0x93, 0xA0, 0xBF, 0x03, 0x08, 0x98, 0x0E, 0x4B, 0xC6, 0xBC, 0xD1, 0x3F, 0x7D, 0x60, 0xEE, 0x55, 0x74, 0x2C, 0xA7, 0xF6, 0x5B, 0xE2, 0xD7, 0x22, 0xF3, 0xC1, 0x4D, 0x0E, 0xDD },
+    { 0xB6, 0x22, 0x1A, 0xF8, 0x24, 0x66, 0x0A, 0x37, 0xC0, 0x0E, 0x0F, 0x7A, 0x2B, 0x9D, 0x84, 0x99, 0x20, 0x9F, 0x34, 0x98, 0x69, 0xF8, 0xE0, 0x26, 0x17, 0x8E, 0x89, 0xFF, 0x02, 0xC0, 0x9A, 0x0D },
+    { 0xD8, 0x79, 0x64, 0xB7, 0x15, 0x67, 0x29, 0x07, 0x93, 0x8F, 0xDD, 0x2E, 0x5C, 0x38, 0x92, 0xB0, 0x79, 0xA1, 0x38, 0xC1, 0x32, 0xDF, 0xFB, 0x68, 0x6B, 0x71, 0x75, 0xF1, 0xC8, 0x4C, 0x59, 0x18 },
+    { 0x26, 0x29, 0xB2, 0x54, 0x9F, 0x6A, 0x7B, 0x0E, 0x38, 0x61, 0x06, 0x20, 0x69, 0xDB, 0xBF, 0x89, 0x5B, 0xDF, 0x65, 0xD1, 0xD6, 0xEA, 0x52, 0x17, 0x27, 0x83, 0x79, 0xBA, 0xC8, 0x2B, 0x6B, 0x3D },
+    { 0x02, 0x16, 0xD2, 0x75, 0x70, 0xC9, 0x71, 0x00, 0xCF, 0xF3, 0x5D, 0xEA, 0x22, 0x59, 0xBB, 0x77, 0x9B, 0x4E, 0xFA, 0x9A, 0x26, 0x68, 0x73, 0xEB, 0x7F, 0xBE, 0x86, 0x5A, 0x3B, 0x44, 0x2B, 0x78 },
+    { 0x37, 0xC6, 0x97, 0x81, 0xA4, 0x36, 0xC5, 0x0F, 0xE6, 0x79, 0x62, 0xE4, 0xC9, 0xBB, 0x38, 0xAB, 0xD1, 0x17, 0xDD, 0x1D, 0x82, 0xA7, 0x21, 0x12, 0x6C, 0x86, 0x08, 0xE9, 0xC6, 0x6F, 0x9F, 0x8E },
+    { 0xD2, 0xB2, 0x14, 0x22, 0x1D, 0xB7, 0x5B, 0xCE, 0xBF, 0x96, 0x4F, 0x16, 0x48, 0xD7, 0x5B, 0x2F, 0x83, 0x2D, 0x02, 0x6D, 0x37, 0x01, 0x5B, 0xEA, 0x19, 0xF8, 0x0E, 0x45, 0x23, 0x56, 0x70, 0x9F },
+    { 0x26, 0x50, 0xDC, 0xFB, 0xC3, 0xFA, 0xFB, 0xD4, 0x7C, 0xD2, 0xEF, 0x10, 0x80, 0x74, 0x90, 0x2C, 0x86, 0x58, 0xA0, 0xE9, 0xA7, 0x0D, 0xA2, 0xF7, 0x90, 0x44, 0x53, 0x97, 0x47, 0x54, 0x01, 0x5F },
+    { 0x7E, 0xDE, 0x7A, 0x6F, 0xB7, 0x94, 0x26, 0xA3, 0xC3, 0x2E, 0x79, 0xC0, 0xBB, 0x3C, 0xA8, 0x5C, 0xC1, 0x66, 0x97, 0x5C, 0xB6, 0x67, 0x50, 0x95, 0x1A, 0x06, 0x9E, 0x1D, 0x0B, 0x84, 0x5A, 0x1C },
+    { 0x87, 0xBE, 0x66, 0xDB, 0x2C, 0x5A, 0x9C, 0x5A, 0xAF, 0xBB, 0xA1, 0xAE, 0x86, 0x9A, 0x9C, 0x78, 0x78, 0xE3, 0x8F, 0xA2, 0xBD, 0x82, 0x0D, 0xDA, 0x3C, 0x00, 0x49, 0x0E, 0xE7, 0x78, 0xBF, 0xB5 },
+    { 0x94, 0x88, 0xBD, 0x26, 0xFA, 0x51, 0x96, 0xE6, 0x78, 0x77, 0x98, 0x04, 0xBA, 0x0C, 0x92, 0x23, 0xB7, 0x88, 0x23, 0xF1, 0xE5, 0x74, 0x1E, 0x8B, 0xE6, 0x03, 0xF9, 0x9A, 0xA6, 0x79, 0xED, 0xD9 },
+    { 0x4F, 0x0A, 0xC5, 0xB3, 0x54, 0x3C, 0xF3, 0x01, 0xBF, 0xCC, 0xA4, 0x19, 0x6E, 0xEC, 0xAB, 0x3F, 0x22, 0x70, 0x2E, 0x58, 0xAC, 0x41, 0x2E, 0xB3, 0xB5, 0xA3, 0x23, 0xA7, 0x3A, 0x59, 0xA4, 0x19 },
+    { 0xFA, 0x72, 0x0F, 0x21, 0x7D, 0xAD, 0x6B, 0x57, 0xC0, 0x2D, 0x3C, 0xA8, 0x46, 0x7E, 0xC4, 0x34, 0xE9, 0x30, 0x80, 0x6D, 0x96, 0x94, 0xA4, 0x48, 0xA9, 0x7C, 0xAA, 0xC9, 0xB6, 0xA9, 0xDB, 0x0E },
+    { 0xD9, 0x25, 0x82, 0x7B, 0xB7, 0xA0, 0xD7, 0x69, 0x3C, 0x25, 0x20, 0x37, 0x53, 0x52, 0x3B, 0x21, 0xAB, 0x1E, 0x59, 0xC1, 0x7C, 0x9F, 0x01, 0x57, 0x14, 0x05, 0x5A, 0x7B, 0x29, 0xF4, 0xC9, 0x8A },
+    { 0x9F, 0xB4, 0xA2, 0xCD, 0x72, 0x24, 0xB6, 0x6D, 0x6A, 0x77, 0x96, 0x7D, 0x77, 0x6D, 0xEA, 0xB3, 0xDE, 0x51, 0xE8, 0x8C, 0x6A, 0xE5, 0x60, 0x79, 0xF6, 0x05, 0x43, 0x05, 0xBD, 0x20, 0x5D, 0x52 },
+    { 0xF3, 0x42, 0x09, 0xB6, 0x9B, 0x87, 0xCF, 0x44, 0xCF, 0xD4, 0x8B, 0xA7, 0x12, 0x33, 0x7B, 0xA1, 0x0E, 0xA6, 0x7D, 0xF5, 0x7C, 0xC0, 0xB6, 0x91, 0x05, 0xFB, 0x6B, 0x3A, 0x17, 0x87, 0xC2, 0x2A },
+    { 0x90, 0xCC, 0x6D, 0xE9, 0xA7, 0x8C, 0xD3, 0x8B, 0xE9, 0x8F, 0x7B, 0xAE, 0x02, 0xBA, 0xD7, 0xC8, 0xD9, 0xDA, 0xA2, 0x2D, 0x51, 0xA7, 0x5F, 0xB3, 0x04, 0xA8, 0xB2, 0xD7, 0x1C, 0x83, 0x7B, 0xF7 },
+    { 0x94, 0x75, 0xF3, 0xED, 0x16, 0x59, 0x23, 0xE1, 0xF3, 0xD0, 0xAA, 0x01, 0x9A, 0x61, 0x7E, 0xD3, 0x80, 0x64, 0xD5, 0xDB, 0xE7, 0x16, 0xB6, 0x86, 0xBC, 0xC3, 0xCB, 0x30, 0x73, 0xCA, 0x15, 0x56 },
+    { 0x11, 0x49, 0xC1, 0xD2, 0x38, 0x43, 0xD7, 0x52, 0xAF, 0xB1, 0xF6, 0xDA, 0x27, 0x99, 0x92, 0xD2, 0x43, 0xE4, 0xB1, 0x96, 0x73, 0xCA, 0xF0, 0xCC, 0xEA, 0xD0, 0xC8, 0xFE, 0x84, 0x59, 0x0B, 0x29 },
+    { 0x2D, 0x6C, 0xC3, 0x9E, 0xD8, 0x28, 0xC2, 0x9C, 0x79, 0x38, 0x81, 0x65, 0x12, 0xAC, 0xA7, 0x43, 0xF7, 0x43, 0x6D, 0x3B, 0xDA, 0x78, 0x4A, 0xBE, 0x7D, 0x87, 0x42, 0x78, 0x6D, 0x99, 0x3F, 0xBD },
+    { 0xC1, 0x95, 0x4D, 0x8D, 0x83, 0x37, 0xDB, 0x1E, 0xC5, 0xE8, 0x8A, 0xA8, 0xA0, 0xE4, 0xAD, 0xCB, 0x16, 0x42, 0x1D, 0xC0, 0x29, 0xB4, 0xC9, 0xEB, 0x36, 0xCA, 0x49, 0x58, 0xF4, 0x56, 0xFE, 0x6D },
+    { 0x31, 0x08, 0xD7, 0x13, 0xC0, 0x63, 0x6F, 0x46, 0xB8, 0xF4, 0x53, 0x63, 0x36, 0x8A, 0x93, 0xEF, 0xDC, 0x7B, 0x70, 0xFD, 0x0B, 0xEB, 0x62, 0x6D, 0x33, 0xD6, 0x74, 0x00, 0x15, 0x7A, 0x08, 0x81 },
+    { 0x2A, 0x3F, 0xD1, 0xEA, 0x98, 0x06, 0xB8, 0xDC, 0x53, 0xA2, 0x40, 0x7A, 0x91, 0xF7, 0x49, 0x13, 0xC0, 0xBC, 0x79, 0xA8, 0xD0, 0x34, 0xE5, 0xFF, 0xE2, 0x09, 0xAC, 0x1F, 0x8E, 0x2B, 0x0F, 0xAF },
+    { 0x5D, 0x1B, 0x6A, 0xC8, 0x48, 0x71, 0xFB, 0x3A, 0xBE, 0x99, 0xED, 0xCD, 0xB9, 0x8D, 0x28, 0x8C, 0xE5, 0x2F, 0x7C, 0xBF, 0x01, 0x7F, 0xB1, 0x7C, 0x5B, 0x8D, 0x80, 0xE0, 0x5F, 0xE2, 0x52, 0x83 },
+    { 0x69, 0x4B, 0xDC, 0x5E, 0xD7, 0x83, 0xC7, 0xEA, 0x0D, 0x76, 0x25, 0x89, 0x94, 0x5D, 0x87, 0x00, 0x09, 0xE8, 0x33, 0x98, 0xF5, 0x00, 0xDD, 0x81, 0x4F, 0xD5, 0xF7, 0xB3, 0x1F, 0xA2, 0xB1, 0xE0 },
+    { 0xC3, 0xE5, 0x8E, 0xCA, 0x3F, 0xBE, 0x33, 0xC1, 0xA0, 0x39, 0x6A, 0x3C, 0x88, 0x06, 0x28, 0x5E, 0x10, 0x92, 0xC0, 0x88, 0x13, 0x35, 0x9A, 0xB3, 0xF1, 0xF2, 0x4C, 0x1C, 0x30, 0xE2, 0xDF, 0xA5 },
+    { 0xCC, 0xDC, 0x4A, 0xBA, 0x8F, 0x7A, 0x21, 0x6B, 0x78, 0xB4, 0xC7, 0x0A, 0xCA, 0xDC, 0x95, 0x92, 0x4B, 0x85, 0x3E, 0x9F, 0xEB, 0x12, 0x01, 0x4B, 0xA9, 0x72, 0x35, 0x93, 0xE0, 0x60, 0x6C, 0x93 },
+    { 0x25, 0xBA, 0x14, 0xDF, 0xF7, 0x65, 0xDB, 0x9F, 0xA3, 0x86, 0x81, 0xF6, 0xE1, 0x6F, 0xA7, 0x9B, 0x9B, 0xE6, 0x8A, 0x37, 0x3A, 0xA7, 0x01, 0x87, 0xD3, 0x96, 0x6D, 0x5C, 0xEB, 0xD2, 0xD7, 0xCE },
+    { 0x8C, 0x37, 0x33, 0x72, 0xF5, 0xB3, 0xBC, 0xAD, 0xE9, 0x02, 0x98, 0x30, 0xB7, 0x02, 0x56, 0xA3, 0x53, 0xCB, 0xFC, 0x28, 0x98, 0x27, 0x9F, 0x9B, 0x51, 0x59, 0xEB, 0x0F, 0xC7, 0x7A, 0xF7, 0xFF },
+    { 0xF9, 0x52, 0x34, 0x3E, 0xCD, 0xD9, 0x0A, 0x08, 0xED, 0xD8, 0x6A, 0x2B, 0x3C, 0xEF, 0xB9, 0x1F, 0x94, 0x2B, 0x9A, 0xC9, 0x5C, 0xBD, 0xB1, 0xBD, 0xC3, 0x3C, 0xF1, 0x07, 0xF1, 0xE1, 0x56, 0xB2 },
+    { 0x3F, 0x22, 0x3E, 0x88, 0x70, 0x66, 0x78, 0x70, 0xC1, 0xC8, 0xA5, 0x6D, 0x59, 0x03, 0xE8, 0x7A, 0x83, 0x29, 0x45, 0xCA, 0xE7, 0x45, 0x96, 0x9D, 0x1B, 0x91, 0xA1, 0xEE, 0x2E, 0x1E, 0xE8, 0x49 },
+    { 0xBF, 0x61, 0x73, 0x5C, 0x05, 0xBD, 0x1B, 0x51, 0xFC, 0x35, 0x56, 0x36, 0x1B, 0x4C, 0x87, 0xF4, 0x6E, 0x11, 0x0B, 0x57, 0x50, 0x67, 0xD0, 0x7D, 0x66, 0x92, 0x8F, 0x47, 0x55, 0x09, 0x62, 0xB5 },
+    { 0x8A, 0x2D, 0x1B, 0x44, 0xF8, 0xA9, 0x52, 0x26, 0x3A, 0xB1, 0x1C, 0x0E, 0xF1, 0x50, 0x37, 0x52, 0x3E, 0x9D, 0x46, 0xA9, 0xEF, 0x10, 0xA8, 0x2F, 0x5F, 0x85, 0xE7, 0x50, 0x27, 0xDB, 0x6D, 0xBF },
+    { 0x3B, 0x01, 0x00, 0x0E, 0x04, 0x4D, 0x21, 0x71, 0xDB, 0x74, 0xAB, 0x8D, 0xE6, 0x43, 0x29, 0xC1, 0xC8, 0xCA, 0xF2, 0xCB, 0xCD, 0xD7, 0xE2, 0x2E, 0x52, 0x94, 0x93, 0x5A, 0x60, 0x12, 0x0F, 0x53 },
+    { 0xF6, 0x40, 0xB5, 0x07, 0x92, 0x07, 0x84, 0x0E, 0xC1, 0x82, 0xE1, 0x2F, 0x43, 0x20, 0x37, 0x70, 0x7B, 0xBB, 0x60, 0xD2, 0x67, 0xE6, 0x06, 0xC6, 0x7D, 0x53, 0xFB, 0x7F, 0xE8, 0xC7, 0xCA, 0xBF },
+    { 0xB0, 0xEE, 0x94, 0x4B, 0xBC, 0x2C, 0x66, 0x46, 0xE2, 0xD0, 0xF7, 0x37, 0x8C, 0xBE, 0xA8, 0x28, 0x65, 0xA9, 0x38, 0xAF, 0x38, 0xB7, 0xC3, 0xC3, 0x30, 0x48, 0x68, 0xCE, 0x6F, 0x2B, 0xF3, 0x7A },
+    { 0xDA, 0x30, 0xB6, 0x16, 0xFF, 0x4B, 0x44, 0x2B, 0x7F, 0x1C, 0x39, 0x5B, 0xA2, 0x49, 0x23, 0x60, 0x38, 0xF5, 0x5F, 0xAF, 0x5F, 0x2D, 0x3B, 0xEC, 0x6E, 0xE0, 0x61, 0x11, 0x15, 0x15, 0x58, 0x0B },
+    { 0x22, 0xE2, 0x23, 0x11, 0x57, 0x56, 0x30, 0xE3, 0x29, 0x37, 0x21, 0x0E, 0x63, 0x9D, 0x6D, 0x20, 0x67, 0x93, 0x39, 0xB2, 0xFB, 0x05, 0x54, 0x40, 0x30, 0x0C, 0xD6, 0x21, 0xAC, 0x8E, 0x7F, 0xD0 },
+    { 0xD3, 0xE8, 0xCF, 0x52, 0x8F, 0xF1, 0x45, 0xAA, 0xA1, 0x99, 0x90, 0x2E, 0x69, 0xF7, 0x0C, 0xA2, 0x0B, 0x38, 0x4F, 0xDA, 0xAA, 0x2B, 0x29, 0xF5, 0xDD, 0x86, 0x9A, 0x1F, 0x25, 0xD5, 0xA9, 0xCB },
+    { 0x28, 0x54, 0xB2, 0x09, 0x1D, 0xAC, 0xE2, 0xB1, 0x19, 0xE0, 0x6F, 0x0C, 0x93, 0x30, 0x90, 0x4C, 0x46, 0x49, 0x85, 0x51, 0x46, 0x8C, 0x4F, 0xAD, 0x26, 0x5E, 0x8C, 0x43, 0xD3, 0x73, 0xD4, 0x43 },
+    { 0x7E, 0x6E, 0xCA, 0x7A, 0xF5, 0xDA, 0xAF, 0x25, 0x01, 0xD1, 0x84, 0xFC, 0x21, 0x25, 0x53, 0x0B, 0xD2, 0xC2, 0x24, 0xEF, 0xD5, 0x24, 0x83, 0x1A, 0x14, 0x55, 0x58, 0xA2, 0xAC, 0xB6, 0x87, 0xDA },
+    { 0xDD, 0x47, 0x1B, 0x52, 0xC1, 0x97, 0x7E, 0xC0, 0xC2, 0x26, 0xCB, 0x12, 0xB2, 0x9E, 0x3D, 0xF5, 0x94, 0xF8, 0x8F, 0x5C, 0x4F, 0x94, 0x15, 0xE3, 0x79, 0xED, 0x14, 0xA2, 0x4A, 0xA4, 0xA5, 0x10 },
+    { 0x91, 0x96, 0x95, 0x5E, 0x5B, 0x4C, 0xF6, 0x45, 0x61, 0xA1, 0xAA, 0xFE, 0x92, 0x1A, 0xF2, 0x2A, 0x57, 0x2E, 0x06, 0x53, 0x99, 0xAF, 0x88, 0xC4, 0xA9, 0x37, 0xB5, 0xD1, 0xC3, 0xF4, 0x0A, 0xD5 },
+    { 0x76, 0xDE, 0x40, 0x86, 0x40, 0x5D, 0xE5, 0xB9, 0x06, 0xA5, 0xE6, 0x59, 0x1D, 0x2C, 0xB3, 0x85, 0xB2, 0xD6, 0x36, 0x3F, 0x7E, 0x9F, 0x65, 0xD1, 0x39, 0xD3, 0xF7, 0x85, 0x7A, 0xAB, 0x6E, 0x62 },
+    { 0x5A, 0x65, 0xB3, 0xED, 0x53, 0x14, 0x2E, 0xD4, 0xC8, 0x35, 0x4D, 0xAA, 0xDC, 0xEB, 0x29, 0x07, 0x21, 0x43, 0x82, 0xD8, 0xB1, 0x25, 0x8E, 0x6D, 0x2E, 0xE7, 0x9F, 0xDF, 0x35, 0xE1, 0x68, 0x31 },
+    { 0xB6, 0x62, 0x40, 0x61, 0x49, 0x1C, 0x48, 0xB6, 0x37, 0x04, 0xE3, 0x16, 0xED, 0x34, 0x9D, 0xD9, 0x0A, 0x93, 0x40, 0x92, 0x53, 0x01, 0xD6, 0xD6, 0xCE, 0x2E, 0xCA, 0x6E, 0x97, 0x58, 0x3A, 0xA8 },
+    { 0x91, 0x82, 0x6E, 0x7F, 0xEA, 0x9A, 0x9D, 0xFB, 0x6E, 0x24, 0x06, 0x9A, 0x6A, 0xC3, 0x0D, 0x10, 0xAA, 0x15, 0xC5, 0x53, 0x43, 0xE4, 0xE8, 0x5E, 0x04, 0xD1, 0x3F, 0x84, 0xFA, 0xF2, 0xB8, 0x8C },
+    { 0xE3, 0xD0, 0xF1, 0xAE, 0x5E, 0xD2, 0xA5, 0x4A, 0xD3, 0x31, 0x60, 0x4C, 0x91, 0x10, 0xFA, 0xAE, 0x90, 0x67, 0xC4, 0x57, 0x24, 0xB1, 0x6E, 0xE5, 0x7A, 0xFC, 0x67, 0xBC, 0xD2, 0xD6, 0xA9, 0x09 },
+    { 0x2C, 0xB8, 0xFF, 0x4F, 0xEB, 0x94, 0xF1, 0x98, 0xAC, 0xC0, 0xE3, 0x3E, 0xDD, 0x6F, 0xC0, 0xD2, 0x8B, 0x2C, 0x0C, 0xA6, 0x0E, 0xF5, 0x37, 0x24, 0xF5, 0x6E, 0x58, 0xC9, 0x5A, 0x0A, 0xAF, 0x0B },
+    { 0x9B, 0x35, 0xDF, 0x6B, 0x90, 0x37, 0x11, 0x08, 0xB9, 0x33, 0x4A, 0xE8, 0xD2, 0x32, 0x98, 0xD3, 0x5E, 0x1C, 0x02, 0x6F, 0x6F, 0xB2, 0x09, 0x65, 0xD4, 0xEB, 0xFB, 0xE9, 0xAF, 0x92, 0x05, 0xD1 },
+    { 0x87, 0x15, 0x5D, 0x2B, 0xC6, 0xD3, 0x8E, 0xB7, 0xE5, 0x3C, 0xD4, 0x9E, 0x23, 0xE0, 0x28, 0x86, 0x16, 0xCC, 0x39, 0x7A, 0xFD, 0x9C, 0xF8, 0xF7, 0xF3, 0x84, 0x5C, 0x21, 0xB8, 0x24, 0x5F, 0x22 },
+    { 0x9E, 0xB7, 0x82, 0x01, 0x0A, 0xA6, 0x9F, 0x4B, 0x92, 0x5D, 0xB4, 0xC7, 0x2F, 0x94, 0xC1, 0x22, 0x8B, 0xF7, 0x4D, 0xA2, 0x3D, 0x66, 0x99, 0xF5, 0x4F, 0xA6, 0x86, 0xA9, 0xCB, 0x11, 0xBD, 0x1C },
+    { 0x5D, 0xFE, 0xF9, 0xCA, 0x90, 0x90, 0xCD, 0x64, 0xE8, 0x08, 0x5F, 0x17, 0x5A, 0x5E, 0x0D, 0x13, 0x11, 0xE5, 0xCC, 0x9F, 0x8E, 0xCB, 0x8B, 0x76, 0x3F, 0x03, 0xAB, 0x5D, 0x85, 0x45, 0x70, 0x04 },
+    { 0xD5, 0x51, 0xC2, 0x41, 0xBD, 0x7C, 0xFD, 0x21, 0xC9, 0xFE, 0x5F, 0x4B, 0x30, 0x49, 0xB2, 0x7C, 0x8F, 0x3F, 0x63, 0x08, 0x88, 0x64, 0xCC, 0xFA, 0x08, 0xBE, 0x48, 0xDE, 0xEF, 0x71, 0x6F, 0x8C },
+    { 0x78, 0xB4, 0xB9, 0x49, 0x10, 0xB7, 0x1F, 0xDA, 0xCC, 0xE0, 0xD1, 0x59, 0x88, 0xE4, 0x62, 0x3B, 0xD3, 0x73, 0x3B, 0xCA, 0xFB, 0x13, 0x71, 0x93, 0x19, 0x28, 0x36, 0xCA, 0x4D, 0x3D, 0x80, 0x90 },
+    { 0x24, 0x23, 0xD1, 0x5F, 0x02, 0xCA, 0xB1, 0x42, 0xF7, 0x49, 0xA6, 0x6E, 0x65, 0x8C, 0x8C, 0x21, 0xBD, 0x37, 0xDC, 0x35, 0x32, 0xBF, 0x9A, 0x91, 0x9E, 0xAC, 0x93, 0x48, 0xB7, 0x7C, 0xD2, 0x19 },
+    { 0xD8, 0x5C, 0xA4, 0x66, 0x4C, 0xAA, 0x7D, 0xD8, 0x0B, 0x61, 0x9F, 0x33, 0xF4, 0xEE, 0xE6, 0x11, 0x80, 0x20, 0x1D, 0xEF, 0xFB, 0x5C, 0x2B, 0x63, 0xD6, 0x1A, 0x54, 0xF4, 0xF6, 0xFD, 0x7E, 0xE6 },
+    { 0xA3, 0xF8, 0xD1, 0xF8, 0xE1, 0x08, 0x6A, 0xF0, 0x3F, 0xA5, 0x96, 0x88, 0xD4, 0x37, 0xA8, 0xCA, 0x86, 0x48, 0x79, 0xD6, 0xC7, 0x1F, 0x87, 0xF0, 0x86, 0x10, 0xA7, 0x6A, 0x54, 0x9A, 0xDC, 0x26 },
+    { 0x1E, 0xF7, 0xDB, 0x0A, 0x22, 0x13, 0xE1, 0x03, 0x95, 0x48, 0xF5, 0xA6, 0xF5, 0xE9, 0xFF, 0x53, 0x14, 0x8A, 0x17, 0x5A, 0xFC, 0x5F, 0xF7, 0x90, 0x57, 0xB7, 0x5C, 0xB9, 0x34, 0xBD, 0x4C, 0x0D },
+    { 0x22, 0x79, 0x9E, 0xDB, 0xB3, 0x50, 0x55, 0x29, 0x39, 0xDD, 0x26, 0xCF, 0x75, 0xC4, 0xB4, 0x78, 0x99, 0xC5, 0x6B, 0xB1, 0x68, 0x35, 0x48, 0x0F, 0xBF, 0x44, 0xD2, 0xD1, 0xFF, 0x7A, 0x7E, 0xE2 },
+    { 0xFC, 0xE3, 0x05, 0x5C, 0xCD, 0x5D, 0x04, 0x46, 0x87, 0xA2, 0x41, 0xE8, 0x3D, 0xE9, 0x28, 0xC8, 0xC4, 0x88, 0x20, 0x39, 0xFB, 0xBD, 0x53, 0x32, 0x7C, 0x30, 0xC3, 0x79, 0x18, 0x84, 0x7D, 0x5F },
+    { 0x60, 0x49, 0x0A, 0x27, 0x11, 0x55, 0x57, 0x1F, 0x22, 0xA2, 0xA0, 0xFC, 0xA5, 0x55, 0xAF, 0x9C, 0x5E, 0xCF, 0x11, 0xC3, 0x78, 0x31, 0x76, 0xE3, 0x1A, 0xE9, 0x67, 0x39, 0x56, 0xF5, 0xB7, 0xA7 },
+    { 0xCD, 0xFB, 0x5F, 0x0D, 0x6C, 0x5D, 0x61, 0x1D, 0x7A, 0x15, 0x9B, 0x62, 0xB0, 0x6C, 0x4C, 0x68, 0x63, 0x1C, 0x1B, 0x9E, 0xD4, 0xD8, 0x7C, 0xFC, 0x66, 0xBE, 0x22, 0x38, 0x20, 0x27, 0x05, 0xF3 },
+    { 0xD4, 0x2A, 0x23, 0x96, 0x1F, 0xCB, 0x7C, 0x94, 0x87, 0x7B, 0xC6, 0xEF, 0xCA, 0xA5, 0xFE, 0xE4, 0xA7, 0x81, 0x44, 0x86, 0xD9, 0x9A, 0xF5, 0x73, 0xFE, 0x28, 0x79, 0x32, 0x0A, 0x97, 0x02, 0x9D },
+    { 0x35, 0x9C, 0x1E, 0xB9, 0x52, 0xFB, 0x8C, 0x37, 0x3F, 0x3F, 0x4D, 0xCB, 0x8E, 0xAD, 0x56, 0xFA, 0x17, 0x23, 0xFF, 0xED, 0xBB, 0xD2, 0x62, 0x77, 0x4C, 0x98, 0x4B, 0x1C, 0x8B, 0x32, 0x9F, 0xFE },
+    { 0xD5, 0x71, 0x77, 0xE5, 0x5B, 0x70, 0x9D, 0x38, 0x0B, 0x08, 0x00, 0xCE, 0x2F, 0x00, 0x0C, 0x37, 0xFF, 0xAB, 0x06, 0x20, 0x98, 0x7F, 0x2B, 0xBA, 0xBC, 0x65, 0x0A, 0x9D, 0x83, 0xC4, 0x98, 0x18 },
+    { 0xA5, 0xE1, 0x38, 0x99, 0x53, 0x01, 0x31, 0xA8, 0x57, 0x8A, 0x05, 0xAB, 0x7E, 0xCC, 0xB5, 0x21, 0x18, 0xEF, 0x93, 0xBD, 0xD8, 0x61, 0xBD, 0x5A, 0xFE, 0x9C, 0x4F, 0x23, 0xC2, 0x9C, 0x18, 0xDD },
+    { 0x88, 0xA0, 0xEB, 0x7F, 0xD4, 0xFE, 0xFC, 0x9B, 0x89, 0x14, 0x18, 0xA0, 0xBC, 0x62, 0xE7, 0xA2, 0x0A, 0x12, 0x05, 0x03, 0xAC, 0xB4, 0x78, 0x69, 0x3B, 0x21, 0x4D, 0xD5, 0x0C, 0xCB, 0xA9, 0x08 },
+    { 0xF5, 0x5F, 0x00, 0xEB, 0xB0, 0x91, 0xFD, 0x52, 0xAC, 0xDC, 0x68, 0x64, 0x35, 0xE5, 0xCA, 0x7A, 0xD7, 0x13, 0xCF, 0xDF, 0x83, 0x97, 0xD5, 0x0C, 0xA3, 0x62, 0x0F, 0xFA, 0xC4, 0xB1, 0xEB, 0xE5 },
+    { 0xDC, 0x6D, 0x16, 0xE8, 0x27, 0xF7, 0x81, 0xB3, 0x3D, 0xBA, 0xF2, 0x7B, 0x71, 0x8E, 0xBE, 0x4C, 0x43, 0x1D, 0xB5, 0x9D, 0x7F, 0xD7, 0x8B, 0xAA, 0xB3, 0xA8, 0x3F, 0x5D, 0xC3, 0x07, 0xA6, 0xC3 },
+    { 0x40, 0x07, 0xA6, 0x86, 0x26, 0xFD, 0x5B, 0x0F, 0xBC, 0xD8, 0x2B, 0x0D, 0x32, 0x63, 0xAB, 0x54, 0x36, 0x3A, 0xD2, 0xF7, 0x4D, 0x83, 0xDC, 0xC7, 0x21, 0xCB, 0xB7, 0xAD, 0xD7, 0x21, 0x03, 0x6E },
+    { 0xAB, 0xAE, 0x3D, 0x3A, 0x02, 0x42, 0x9D, 0x97, 0x25, 0x52, 0x9D, 0x38, 0x02, 0x6C, 0x45, 0x55, 0x20, 0x70, 0xDE, 0x29, 0x94, 0xAC, 0x9F, 0x9E, 0x50, 0xB6, 0x41, 0x62, 0x61, 0x57, 0xDB, 0x8F },
+    { 0xB2, 0xA5, 0x4B, 0x6C, 0x54, 0x49, 0xD6, 0x17, 0x84, 0x61, 0x96, 0x55, 0x77, 0x11, 0x44, 0xC1, 0x98, 0xCB, 0x36, 0x8A, 0x0D, 0x6B, 0x4B, 0x02, 0xF6, 0x38, 0x45, 0x5C, 0x4B, 0xF7, 0xD0, 0xFC },
+    { 0x26, 0x99, 0xCB, 0x65, 0x9A, 0x9E, 0xDA, 0xC2, 0xB9, 0x09, 0xB7, 0x15, 0xDA, 0x4E, 0xAC, 0x47, 0x9C, 0x9E, 0x10, 0x0B, 0x78, 0xD5, 0xFD, 0xE3, 0x32, 0xAB, 0x72, 0x32, 0x23, 0x78, 0x54, 0x6C },
+    { 0x88, 0x7A, 0x83, 0x23, 0x56, 0xDB, 0xB4, 0xF3, 0x73, 0x29, 0x18, 0x0C, 0x35, 0xCC, 0x88, 0xE2, 0xA7, 0x28, 0xAE, 0x95, 0xEA, 0x9B, 0x3D, 0x79, 0xB4, 0xF7, 0x7D, 0xE0, 0x9A, 0x8A, 0x50, 0x44 },
+    { 0x02, 0x8F, 0x34, 0x54, 0x51, 0x18, 0x7A, 0xF8, 0x68, 0x56, 0xB6, 0x8B, 0x39, 0x6D, 0x49, 0x24, 0xE9, 0xE8, 0x2B, 0x1E, 0xB6, 0xBF, 0x95, 0xF8, 0x2A, 0xFA, 0xEA, 0x39, 0xEE, 0xEE, 0x59, 0x09 },
+    { 0x69, 0x87, 0x41, 0x7C, 0xBD, 0xCC, 0x12, 0x88, 0x73, 0x05, 0x56, 0x9B, 0xD0, 0x7A, 0xB0, 0x7D, 0x48, 0x1D, 0xB6, 0xB9, 0x9A, 0xE1, 0x3F, 0xF9, 0x10, 0x77, 0xAD, 0xC1, 0x40, 0xCD, 0x4D, 0x39 },
+    { 0xEC, 0x17, 0xDC, 0x25, 0x62, 0x86, 0x0C, 0xF6, 0x5B, 0xD4, 0xAF, 0x7A, 0xDE, 0x88, 0x70, 0x4D, 0xF0, 0x59, 0xA5, 0x1E, 0xC5, 0xB6, 0xFD, 0xCF, 0x3B, 0x9C, 0x97, 0x08, 0x49, 0xA5, 0xF7, 0x65 },
+    { 0x26, 0x5F, 0x81, 0xAA, 0x3C, 0x67, 0x23, 0xB4, 0x15, 0x0D, 0x43, 0x30, 0x42, 0x1C, 0x33, 0x47, 0x91, 0xFB, 0xAE, 0xA8, 0x0F, 0x37, 0xDA, 0x0A, 0x64, 0x9A, 0xE3, 0x2E, 0xB3, 0x33, 0xDF, 0xBA },
+    { 0xF4, 0x8A, 0x61, 0x81, 0x4B, 0x60, 0xF0, 0x29, 0x4C, 0xA4, 0x8D, 0xD6, 0x26, 0x7C, 0x26, 0xBC, 0x40, 0x9E, 0x06, 0x71, 0x98, 0xE3, 0x78, 0x7A, 0x62, 0x15, 0xED, 0x54, 0xB1, 0xC4, 0x5B, 0x75 },
+    { 0xD5, 0xBA, 0xFE, 0xB1, 0xA1, 0xC2, 0x7C, 0xB3, 0x88, 0x0A, 0xA1, 0x52, 0x02, 0xA3, 0xC1, 0xF2, 0x0D, 0xC0, 0x52, 0x1A, 0x90, 0x1B, 0xD9, 0x7B, 0x4E, 0x43, 0x3B, 0x4E, 0x83, 0xA0, 0x4D, 0xC8 },
+    { 0x39, 0xA7, 0x19, 0xC2, 0xB6, 0xA6, 0x51, 0xFA, 0x75, 0x7B, 0xDB, 0xEA, 0x8E, 0xD8, 0x6E, 0xB3, 0x28, 0x6D, 0x0B, 0x1E, 0xE6, 0x4A, 0x54, 0x6D, 0x3C, 0xFC, 0x17, 0x07, 0x93, 0xD0, 0x20, 0x91 },
+    { 0xB6, 0xED, 0x8C, 0x03, 0x73, 0xD2, 0x3B, 0x03, 0x79, 0x60, 0x34, 0x11, 0x00, 0x6C, 0x4E, 0xF0, 0xD0, 0x04, 0xAD, 0xF8, 0x4C, 0xE5, 0x6E, 0x86, 0xBB, 0xF0, 0xEC, 0x59, 0x87, 0xD5, 0xB6, 0xD0 },
+    { 0x9F, 0x3E, 0xDE, 0x96, 0x02, 0x3A, 0x4E, 0x8B, 0x54, 0xA3, 0xA7, 0xE9, 0x26, 0xE1, 0xAD, 0x96, 0x91, 0xD4, 0xFA, 0x9B, 0x33, 0x9B, 0x94, 0xBE, 0xDC, 0xB2, 0xB6, 0x27, 0x4C, 0xD8, 0x63, 0x52 },
+    { 0xB5, 0xFD, 0x08, 0x4B, 0x19, 0xB8, 0x47, 0xD4, 0x99, 0x7F, 0x90, 0xE8, 0x1E, 0x52, 0x40, 0xA7, 0x5E, 0x89, 0x28, 0x42, 0x35, 0x7C, 0x54, 0xE8, 0x3F, 0xC5, 0x21, 0x3C, 0xCB, 0x76, 0x79, 0x49 },
+    { 0xCC, 0xA3, 0x83, 0x1C, 0xD0, 0x74, 0x66, 0xD9, 0x8F, 0x8B, 0x5A, 0xF9, 0x82, 0x42, 0x81, 0xDD, 0xAA, 0xBE, 0x7E, 0xC5, 0x37, 0x24, 0x05, 0xAA, 0x92, 0x30, 0xA5, 0x96, 0xAE, 0x62, 0x3C, 0xFC },
+    { 0x5E, 0xAB, 0x66, 0x9D, 0xE8, 0xE7, 0xAD, 0xF1, 0x99, 0x88, 0x4A, 0x41, 0x55, 0x0F, 0x50, 0xDF, 0x88, 0xCA, 0x23, 0x8E, 0x24, 0x7F, 0x14, 0xEC, 0x19, 0x82, 0x3A, 0x1B, 0x10, 0x72, 0x80, 0x3D },
+    { 0xC8, 0x8B, 0x10, 0x72, 0xE9, 0xDD, 0x02, 0xEB, 0x04, 0x51, 0x63, 0xA5, 0xF4, 0xC8, 0x62, 0xEE, 0x8A, 0xEB, 0xD4, 0xFF, 0xDF, 0x08, 0x10, 0xBA, 0x63, 0xF6, 0xDF, 0xEA, 0x9D, 0xD6, 0x8C, 0x12 },
+    { 0x14, 0x74, 0x77, 0xCB, 0xC1, 0x91, 0x7D, 0x3E, 0x64, 0x8E, 0x64, 0x3C, 0x1E, 0xA4, 0xC2, 0x02, 0x96, 0xA2, 0x11, 0xE3, 0x62, 0x82, 0x52, 0x76, 0xCC, 0xD4, 0xF9, 0xD4, 0xE1, 0x8A, 0x02, 0x43 },
+    { 0x62, 0x5C, 0x6D, 0xA8, 0x1A, 0xE9, 0x57, 0xC3, 0x98, 0x37, 0x33, 0x74, 0x14, 0x48, 0x13, 0x96, 0xFB, 0x08, 0x76, 0x05, 0xC9, 0x2B, 0x30, 0x12, 0x45, 0x16, 0xFC, 0xEF, 0x2E, 0x21, 0xDD, 0x5D },
+    { 0x34, 0x81, 0x8A, 0x8E, 0x40, 0x2E, 0x0F, 0x77, 0x4E, 0x14, 0x6F, 0xFD, 0x6F, 0xC0, 0x22, 0x04, 0x36, 0x6F, 0xD7, 0x96, 0x01, 0xF9, 0x40, 0xEC, 0x24, 0xA0, 0xB7, 0x41, 0xA4, 0x89, 0xBD, 0xAA },
+    { 0x1D, 0x82, 0x85, 0x93, 0x61, 0x73, 0x05, 0x4A, 0x3C, 0x26, 0x15, 0x8E, 0x59, 0xD8, 0x3A, 0xD1, 0x96, 0x63, 0xCA, 0x56, 0x25, 0x8C, 0x0C, 0xE0, 0xDC, 0xD7, 0x3A, 0x93, 0x28, 0xCE, 0xB6, 0x60 },
+    { 0x03, 0x36, 0x6F, 0xBA, 0x26, 0x12, 0x6D, 0x86, 0x03, 0x77, 0xA0, 0x99, 0xBD, 0x50, 0x74, 0x2D, 0x4E, 0xAF, 0x48, 0x07, 0x96, 0x0B, 0x95, 0x23, 0xBC, 0xD1, 0x92, 0x30, 0x35, 0xE2, 0xB2, 0xCE },
+    { 0xCA, 0x62, 0x9A, 0x9F, 0x9C, 0xC4, 0x2F, 0x3E, 0x5E, 0x87, 0x52, 0x1F, 0xDA, 0xD8, 0x8A, 0x27, 0x79, 0x44, 0x02, 0x7C, 0x4E, 0xA5, 0x30, 0xF1, 0x71, 0xC3, 0xA3, 0x35, 0x5D, 0x17, 0x23, 0x77 },
+    { 0x46, 0xCD, 0x1C, 0xFC, 0x20, 0x48, 0x28, 0x4D, 0xF0, 0x40, 0x22, 0x57, 0xFA, 0x5E, 0x9F, 0x50, 0xA6, 0x7C, 0x66, 0xD4, 0x62, 0xB5, 0xB0, 0x7A, 0xF0, 0xF1, 0x1D, 0x7F, 0x11, 0xCC, 0xFF, 0x5F },
+    { 0x9E, 0x98, 0x24, 0x3E, 0x13, 0x1B, 0x75, 0xA1, 0x58, 0xA9, 0x8F, 0x54, 0xF9, 0x74, 0x7B, 0x63, 0x4F, 0x31, 0xA2, 0xF4, 0x5F, 0xDD, 0x40, 0xB5, 0x83, 0x54, 0x5B, 0x86, 0x50, 0xB5, 0x53, 0x86 },
+    { 0x58, 0xE1, 0x4B, 0x92, 0x3D, 0xCE, 0x27, 0x13, 0x42, 0xA4, 0x7D, 0x4A, 0xE6, 0x93, 0xC6, 0xCD, 0x40, 0x57, 0xE2, 0x30, 0x24, 0x96, 0xA4, 0x4D, 0xBC, 0x26, 0x0A, 0x81, 0x1E, 0xF5, 0xCD, 0x4B },
+    { 0x81, 0xB0, 0x80, 0x49, 0x6B, 0x78, 0x96, 0x0E, 0xEB, 0xBF, 0xF7, 0x31, 0x8E, 0x30, 0x8C, 0xF8, 0x58, 0x88, 0x43, 0x12, 0x75, 0xD2, 0x67, 0xEA, 0x60, 0x34, 0xB1, 0x97, 0x0A, 0x0C, 0x42, 0x6F },
+    { 0xE0, 0x64, 0x62, 0x9C, 0xC3, 0xA5, 0x9C, 0xE4, 0x0D, 0xA5, 0x39, 0xDC, 0x34, 0x64, 0xE4, 0x24, 0x00, 0xC6, 0x3F, 0xB1, 0x99, 0x24, 0x4C, 0x56, 0xC6, 0x4A, 0x50, 0xA5, 0x25, 0x75, 0x46, 0xA3 },
+    { 0xAC, 0x5A, 0x9D, 0x15, 0xB7, 0x3E, 0x9A, 0x2D, 0xEF, 0x69, 0xA5, 0xAF, 0xF6, 0x73, 0x53, 0xC6, 0x9F, 0xA2, 0x7F, 0xA6, 0x62, 0x4B, 0x83, 0x1B, 0x9A, 0xC0, 0x49, 0xFF, 0x55, 0xDF, 0x8B, 0x24 },
+    { 0xA4, 0xF0, 0x03, 0x85, 0xCD, 0x93, 0x8F, 0x8F, 0x30, 0x84, 0x92, 0x3B, 0xA6, 0xAC, 0xC1, 0xF2, 0xB4, 0xBE, 0xDB, 0x11, 0x26, 0x7D, 0x28, 0x30, 0x71, 0x07, 0x9A, 0x8B, 0x45, 0x8C, 0xF7, 0x5F },
+    { 0x03, 0x23, 0xED, 0xE9, 0xBE, 0x1D, 0x1F, 0xFE, 0x61, 0x2B, 0x9A, 0xE4, 0xC8, 0x1E, 0x59, 0xB7, 0xE5, 0xB8, 0xB5, 0x35, 0xBB, 0x7B, 0x11, 0x14, 0x3A, 0x7C, 0xBE, 0x2E, 0x9C, 0xFF, 0x8A, 0x06 },
+    { 0x51, 0xC0, 0x7B, 0xE4, 0x52, 0xED, 0xFA, 0x41, 0x4D, 0x4B, 0xA1, 0x32, 0x39, 0x9D, 0x60, 0x12, 0x45, 0x80, 0xE1, 0xBD, 0xDB, 0xD4, 0xDB, 0xFE, 0xAE, 0x7B, 0x34, 0xC6, 0x03, 0xDA, 0x07, 0xAD },
+    { 0x39, 0x97, 0x7C, 0xD7, 0x80, 0xF5, 0x8D, 0x75, 0xDE, 0x7E, 0xDF, 0xAC, 0x2F, 0xF8, 0x55, 0xE8, 0xFC, 0x2D, 0x73, 0x42, 0xAF, 0x65, 0x8B, 0xC4, 0x7E, 0x13, 0x65, 0x19, 0x75, 0x55, 0xC6, 0x48 },
+    { 0x27, 0x2F, 0xCF, 0x98, 0x93, 0xE2, 0x30, 0x7D, 0xCE, 0x43, 0x38, 0xCB, 0x2C, 0x83, 0xCB, 0x0C, 0x8D, 0xB5, 0x4E, 0xB4, 0xE6, 0x8A, 0xBB, 0x0D, 0x34, 0x2D, 0x79, 0x36, 0xBD, 0xE4, 0xCC, 0x35 },
+    { 0x06, 0x50, 0xE9, 0x3C, 0x2B, 0xB4, 0xC4, 0x91, 0x7E, 0x21, 0xF3, 0xAB, 0xAA, 0xF3, 0x8C, 0x25, 0xE9, 0xA5, 0x38, 0x39, 0x18, 0x96, 0x01, 0xDE, 0x5A, 0x52, 0x59, 0x9F, 0x78, 0x0D, 0xA4, 0xE7 },
+    { 0x23, 0xDF, 0xAC, 0xBE, 0x90, 0x49, 0xCD, 0xB2, 0x0F, 0x10, 0x90, 0x36, 0x8C, 0xE7, 0xFD, 0xEB, 0x1A, 0xA5, 0x43, 0x0D, 0x31, 0x7A, 0x73, 0xA2, 0xDF, 0x5C, 0xFA, 0x3A, 0xCF, 0xD5, 0x8A, 0x35 },
+    { 0x3C, 0xE0, 0x06, 0xBC, 0xC5, 0xDD, 0xE7, 0xC7, 0x35, 0xAD, 0xA2, 0xA1, 0x6F, 0x80, 0xC1, 0xC2, 0x78, 0xEF, 0xFC, 0x7D, 0x63, 0xC4, 0xD4, 0xB8, 0x0D, 0x96, 0xF1, 0x79, 0xEF, 0xA6, 0xF9, 0xCE },
+    { 0x5B, 0x5C, 0x78, 0x5F, 0x9F, 0xEC, 0x70, 0xD8, 0x18, 0x52, 0xBE, 0x61, 0x4B, 0x23, 0x9F, 0x7A, 0x00, 0xDA, 0x85, 0xB1, 0x48, 0xC1, 0x85, 0x13, 0x20, 0x01, 0xFA, 0xC0, 0xDC, 0x77, 0xF3, 0x03 },
+    { 0xD1, 0xCA, 0x2A, 0x82, 0x10, 0x03, 0x61, 0xA3, 0xCD, 0xC3, 0xE0, 0xAA, 0xD9, 0xD4, 0x84, 0x56, 0xB8, 0x24, 0xEB, 0xC4, 0x3C, 0x34, 0xDD, 0xA6, 0x92, 0x77, 0x08, 0x11, 0x15, 0x4A, 0xCB, 0xA2 },
+    { 0xF8, 0x6D, 0xE9, 0x2A, 0x4C, 0xE8, 0x67, 0x80, 0x91, 0xB3, 0x33, 0xD7, 0x9E, 0x23, 0x6E, 0x43, 0xBB, 0x42, 0xFA, 0x5E, 0xDE, 0x1B, 0xE5, 0x71, 0xF6, 0x76, 0xCF, 0x0A, 0x54, 0x72, 0x59, 0x64 },
+    { 0x34, 0x0C, 0x28, 0x58, 0x60, 0x79, 0x13, 0x2F, 0xB3, 0xD4, 0x5F, 0x7A, 0x76, 0x55, 0x9F, 0xAE, 0xF6, 0x37, 0x6F, 0x5E, 0xC6, 0xB8, 0x8F, 0xC4, 0x16, 0xE5, 0x45, 0x63, 0xDA, 0x00, 0x23, 0x06 },
+    { 0xCA, 0x54, 0x31, 0x26, 0x16, 0xF8, 0x2A, 0x58, 0xE4, 0x98, 0x55, 0x76, 0xE3, 0x62, 0x1F, 0x3C, 0x43, 0x6E, 0x04, 0xAD, 0xCB, 0x9A, 0xA7, 0x41, 0xB4, 0x77, 0x84, 0xCB, 0x5B, 0x37, 0x56, 0xDF },
+    { 0xC1, 0x3E, 0x85, 0x96, 0x5B, 0x1F, 0xD2, 0x79, 0xA5, 0x7F, 0x4F, 0x6E, 0xCB, 0xFA, 0xA9, 0x12, 0xF7, 0x23, 0x25, 0x46, 0x4C, 0x75, 0x24, 0xF3, 0xB4, 0x07, 0x21, 0x6B, 0x7B, 0x60, 0x00, 0xB3 },
+    { 0xE5, 0xA0, 0xD5, 0x81, 0x91, 0x8F, 0xFC, 0x2C, 0x3C, 0x38, 0x42, 0xF3, 0xEF, 0xF5, 0xA1, 0x16, 0xA8, 0x6D, 0x9E, 0x42, 0x99, 0x10, 0xF4, 0x28, 0x4E, 0x21, 0x33, 0x85, 0xFC, 0x82, 0x63, 0x31 },
+    { 0x4D, 0x09, 0x4C, 0x60, 0x63, 0xE9, 0xE0, 0x41, 0xA8, 0x9A, 0xF7, 0x95, 0xE3, 0xBC, 0xAB, 0xFF, 0x98, 0x2C, 0xD0, 0x84, 0x29, 0x8E, 0xF6, 0x70, 0x08, 0xC8, 0xED, 0xF3, 0xF6, 0x03, 0x84, 0xAB },
+    { 0xD0, 0x89, 0xC2, 0xF3, 0x34, 0xDE, 0x3B, 0xC3, 0x5F, 0xFD, 0xF2, 0xA9, 0x14, 0xCF, 0x64, 0x16, 0x3F, 0x14, 0x45, 0x2F, 0xE4, 0xE7, 0x8D, 0x61, 0x48, 0xC1, 0xD4, 0xB4, 0x94, 0xEE, 0x8B, 0x42 },
+    { 0xC5, 0x5B, 0x31, 0x1E, 0x27, 0xBF, 0x04, 0x32, 0x4C, 0xDB, 0xF1, 0x47, 0x48, 0x7D, 0x4C, 0x7E, 0x05, 0x02, 0xEE, 0xD3, 0x71, 0x4D, 0x3B, 0x01, 0x2E, 0x03, 0x27, 0x41, 0x86, 0x46, 0xCA, 0x2A },
+    { 0xF2, 0x65, 0x10, 0xF6, 0x19, 0xD9, 0xB8, 0xA6, 0x73, 0x5A, 0xA1, 0xCB, 0xF9, 0xF1, 0xC5, 0xBE, 0x5C, 0x46, 0x6F, 0x91, 0xDF, 0x8B, 0x12, 0xAD, 0x1C, 0x74, 0x8E, 0xFA, 0x79, 0x37, 0x2E, 0x72 },
+    { 0x89, 0xFC, 0x0E, 0x4F, 0xE6, 0xDC, 0x9A, 0x31, 0x60, 0x6E, 0x51, 0x9A, 0x9B, 0xB8, 0x59, 0xB6, 0x51, 0x09, 0xF9, 0x2B, 0x15, 0x3B, 0xB7, 0xA5, 0x4E, 0x14, 0x4A, 0x31, 0x12, 0x20, 0x2E, 0xDE },
+    { 0xD4, 0x5D, 0x85, 0x7D, 0x10, 0xFB, 0x63, 0x0A, 0xF2, 0xDB, 0xBA, 0x3F, 0x05, 0xF4, 0x8B, 0x4F, 0xDC, 0x4F, 0xB2, 0x2B, 0x71, 0x63, 0xA5, 0xEE, 0xFA, 0x90, 0x83, 0x2C, 0xF4, 0xDD, 0x47, 0x28 },
+    { 0x40, 0x79, 0x67, 0x73, 0xBF, 0x7B, 0x5E, 0x6B, 0xF0, 0xF4, 0x19, 0x9F, 0x9B, 0x76, 0xDF, 0x9F, 0x31, 0xD3, 0xED, 0x69, 0x74, 0x48, 0xEC, 0x7D, 0x5B, 0x74, 0x80, 0xDD, 0x9D, 0xE4, 0x04, 0x4A },
+    { 0x31, 0x4E, 0x7F, 0x6D, 0x82, 0x24, 0xF3, 0xAF, 0x6B, 0x11, 0xEB, 0x38, 0xB3, 0x5A, 0x83, 0xFA, 0x5D, 0x56, 0x41, 0x35, 0xF7, 0xD3, 0x37, 0x9B, 0xA4, 0x46, 0xB3, 0x44, 0x4E, 0x90, 0x38, 0xF4 },
+    { 0x45, 0x82, 0xC6, 0x52, 0x62, 0xAE, 0xE5, 0xA8, 0x99, 0xE2, 0xBF, 0x6A, 0x70, 0x47, 0x28, 0xA9, 0x67, 0x47, 0xFE, 0x6D, 0x89, 0xF4, 0x47, 0x81, 0xEB, 0x32, 0x2A, 0xE2, 0x55, 0x37, 0x5E, 0xB1 },
+    { 0xFB, 0x38, 0x8B, 0x6B, 0x58, 0xBC, 0xEC, 0x05, 0x01, 0x8D, 0x3C, 0x03, 0xB4, 0xD5, 0xFC, 0x6B, 0xFD, 0x7C, 0x02, 0x74, 0x6A, 0xF1, 0x7C, 0x61, 0x0F, 0x3B, 0xA5, 0x99, 0xBF, 0x88, 0x57, 0xAF },
+    { 0x8A, 0x6D, 0xD0, 0x43, 0xFB, 0xDE, 0xE3, 0x18, 0x2A, 0xFA, 0xBD, 0x32, 0x69, 0x49, 0x74, 0x1B, 0x01, 0xD1, 0x80, 0xCB, 0xF2, 0xD3, 0x17, 0x50, 0xEB, 0xFA, 0x2D, 0xE8, 0xA0, 0x4F, 0x2C, 0x19 },
+    { 0xA7, 0x0A, 0xF4, 0xB4, 0x75, 0x6A, 0xE1, 0xF3, 0x9A, 0xD9, 0x3B, 0x95, 0xA0, 0x18, 0x35, 0x97, 0x1A, 0x18, 0xA4, 0xFE, 0xAE, 0xB7, 0x9A, 0x4E, 0x45, 0xFA, 0x73, 0xA7, 0x58, 0x1C, 0x1F, 0xA5 },
+    { 0x1D, 0x59, 0xE3, 0x38, 0x86, 0xFA, 0xA3, 0xCC, 0x8A, 0xD3, 0x20, 0x28, 0xC6, 0x11, 0xAD, 0x37, 0x59, 0x43, 0xA0, 0x9F, 0xAE, 0x45, 0xCD, 0xF8, 0xE5, 0x0E, 0xA6, 0x3F, 0xA7, 0xE7, 0x9A, 0xA3 },
+    { 0x8D, 0x50, 0x18, 0xF9, 0xCF, 0x0C, 0x7F, 0xA6, 0x64, 0x13, 0x2E, 0xDF, 0x4E, 0xE6, 0x65, 0xEA, 0x82, 0xE9, 0xA9, 0x07, 0xAE, 0x60, 0xF5, 0x9D, 0xEC, 0x28, 0xBC, 0x9A, 0x06, 0xB7, 0x43, 0xD7 },
+    { 0x3C, 0x01, 0xD6, 0x46, 0x48, 0xB2, 0x83, 0xF8, 0xEB, 0xD2, 0x7E, 0x4C, 0x08, 0x8B, 0x40, 0x2D, 0x9D, 0x0B, 0x6A, 0xAB, 0x7F, 0x60, 0xCC, 0x30, 0xF3, 0x4C, 0x58, 0x2F, 0x14, 0x2F, 0x03, 0x58 },
+    { 0xE6, 0x92, 0x1D, 0x0B, 0xCB, 0x8A, 0x22, 0x2B, 0x62, 0xA4, 0x5E, 0x03, 0xC7, 0x79, 0x15, 0x32, 0xE5, 0x58, 0x1A, 0xAC, 0x2F, 0x8E, 0x27, 0x4E, 0x5A, 0xC7, 0xFB, 0xB2, 0x35, 0x2A, 0x2D, 0x8B },
+    { 0xA9, 0xCD, 0x81, 0x26, 0x32, 0xEE, 0xAA, 0x2C, 0xAE, 0xAA, 0xDE, 0xCC, 0x21, 0x58, 0x50, 0x55, 0x98, 0x8D, 0xC1, 0xB1, 0x3F, 0x41, 0x19, 0x6B, 0x13, 0x62, 0x27, 0xE4, 0xB8, 0x3B, 0x26, 0xE7 },
+    { 0x72, 0x21, 0xC2, 0xFC, 0x55, 0xCF, 0xAA, 0x2F, 0x8D, 0x05, 0x92, 0xB7, 0x85, 0xB0, 0x84, 0x16, 0x6B, 0xA5, 0xDE, 0x6F, 0xC1, 0x50, 0x83, 0xE7, 0x09, 0x3E, 0x51, 0x89, 0x93, 0x14, 0x5E, 0xCA },
+    { 0x4F, 0x1A, 0x50, 0x67, 0x96, 0x01, 0xB4, 0x79, 0x03, 0x07, 0x9C, 0xFC, 0x52, 0xAF, 0x06, 0x90, 0xB5, 0x78, 0x3E, 0xBD, 0x6B, 0x27, 0xBB, 0xAC, 0x50, 0xDC, 0x9C, 0xC8, 0xDD, 0x6B, 0xF5, 0x84 },
+    { 0x37, 0xC7, 0xDD, 0x62, 0x76, 0xCA, 0xDC, 0x8C, 0x44, 0xDC, 0x37, 0xE5, 0xB8, 0x07, 0xF6, 0x65, 0x65, 0x11, 0x1D, 0xD6, 0x5B, 0xCC, 0xA8, 0x08, 0xD2, 0xEA, 0x78, 0x02, 0x44, 0xD4, 0x65, 0x15 },
+    { 0x1B, 0x71, 0x0B, 0xDB, 0xFB, 0x7E, 0x12, 0x79, 0x1E, 0x41, 0x1B, 0xCD, 0x1B, 0x30, 0xC7, 0x08, 0x8E, 0xFA, 0x97, 0xBF, 0x0D, 0xE7, 0x30, 0x6E, 0x9C, 0x2A, 0xC7, 0xC4, 0x18, 0xC0, 0xED, 0x1D },
+    { 0x7D, 0xB3, 0xE1, 0xEA, 0xEF, 0x9F, 0x49, 0x9D, 0x30, 0x91, 0x90, 0xEA, 0x9D, 0x15, 0xB7, 0xD0, 0xC3, 0xD1, 0x20, 0xCC, 0xF6, 0x1E, 0xE2, 0x43, 0xB7, 0xD2, 0x56, 0xA1, 0x91, 0x2A, 0xD5, 0xBA },
+    { 0xC3, 0xF7, 0x6C, 0x4D, 0x6F, 0xD1, 0x9E, 0x9A, 0x76, 0x8C, 0x14, 0xEF, 0xCD, 0x31, 0x23, 0x6A, 0xA6, 0xB0, 0x33, 0x71, 0x49, 0xFC, 0xCC, 0x5B, 0x29, 0xB3, 0xD9, 0x0C, 0x82, 0xBF, 0x90, 0x6A },
+    { 0x32, 0x79, 0x7F, 0x34, 0x46, 0xCA, 0xA8, 0x2E, 0xF0, 0x4D, 0x42, 0x66, 0x1D, 0xF7, 0xFE, 0x33, 0x81, 0x07, 0xCF, 0x6E, 0xED, 0x8D, 0x07, 0x0E, 0x71, 0x6F, 0xEF, 0x84, 0x94, 0x87, 0x17, 0x1A },
+    { 0x1F, 0xC4, 0x1D, 0xEA, 0x66, 0xE9, 0x38, 0x9C, 0x90, 0xC8, 0x5D, 0x95, 0x58, 0x80, 0x56, 0x0D, 0x33, 0x05, 0xB7, 0xC6, 0x05, 0xFE, 0x59, 0x5A, 0x68, 0x31, 0xC5, 0x66, 0x75, 0xFB, 0xB7, 0xC3 },
+    { 0xA5, 0x9E, 0x36, 0x90, 0x87, 0x34, 0x24, 0xCB, 0xDF, 0x88, 0xD2, 0x63, 0x5B, 0xC9, 0xA4, 0x60, 0xA6, 0x13, 0x1D, 0x0B, 0x0A, 0x52, 0x5B, 0xC4, 0xF5, 0x05, 0xBD, 0xBF, 0x40, 0xBD, 0xF6, 0x14 },
+    { 0x5C, 0xD1, 0x30, 0xD0, 0x12, 0x30, 0xF9, 0x6E, 0xDB, 0x16, 0xC1, 0x7E, 0xD6, 0x5A, 0x22, 0xF1, 0x81, 0xE4, 0x86, 0xBB, 0x30, 0x5F, 0xA3, 0x78, 0xFD, 0xD5, 0x0F, 0xCB, 0x90, 0x94, 0x13, 0xF5 },
+    { 0xF5, 0x5F, 0x72, 0x4C, 0xBE, 0xAB, 0x9C, 0xB0, 0x1F, 0x2B, 0x32, 0x29, 0xA6, 0xA4, 0x46, 0x12, 0x97, 0x7C, 0xCF, 0xC8, 0xA8, 0x21, 0x43, 0xAE, 0x03, 0x97, 0xB7, 0x28, 0xD2, 0x7A, 0xD1, 0x3E },
+    { 0xEC, 0x16, 0x92, 0xCD, 0x8A, 0x2C, 0x74, 0xBE, 0xE2, 0xDB, 0x32, 0x7D, 0xC7, 0x74, 0x9B, 0xF0, 0xBA, 0x81, 0xDF, 0x67, 0xB8, 0x42, 0x0C, 0x38, 0x87, 0x9D, 0xBD, 0xFE, 0xB2, 0x40, 0xFA, 0xD2 },
+    { 0xF5, 0x37, 0x78, 0x0C, 0xC9, 0x03, 0xA8, 0xDC, 0x14, 0xBD, 0xF4, 0x0E, 0x45, 0x22, 0x0C, 0xC7, 0xF7, 0xD9, 0x1F, 0x63, 0xDC, 0x40, 0x19, 0xBA, 0x6F, 0xAC, 0x01, 0x18, 0x31, 0xD2, 0x4C, 0x44 },
+    { 0x6C, 0xA6, 0x97, 0x60, 0x67, 0xCB, 0x1A, 0xD6, 0xA4, 0xDA, 0x89, 0xA7, 0x12, 0x65, 0xF7, 0x68, 0x90, 0x05, 0x4D, 0x94, 0xD7, 0xAD, 0x91, 0x10, 0xCD, 0xEB, 0x4C, 0x4F, 0xC5, 0xD5, 0x72, 0xEC },
+    { 0x88, 0x21, 0x55, 0xC1, 0x37, 0x81, 0xB9, 0xC6, 0xD4, 0xC9, 0xC9, 0x6A, 0xCF, 0x1B, 0xF4, 0xB6, 0xEF, 0xB0, 0x73, 0xDD, 0xC4, 0x8B, 0xA4, 0x76, 0xBA, 0x55, 0x67, 0x6F, 0x49, 0x0E, 0xCD, 0x77 },
+    { 0xBE, 0x84, 0xE6, 0x4C, 0x07, 0x88, 0xA8, 0xA0, 0x4D, 0x47, 0x1F, 0x44, 0x91, 0x0C, 0xBC, 0x20, 0xF5, 0x3E, 0x20, 0x35, 0x3A, 0x2B, 0xCC, 0x6C, 0x40, 0x3E, 0xFF, 0x80, 0xFC, 0x3D, 0x25, 0x79 },
+    { 0x4B, 0xF6, 0xA9, 0x2E, 0x75, 0x74, 0xD4, 0x66, 0xDC, 0x0F, 0x44, 0xD5, 0x94, 0x91, 0xAD, 0x96, 0x44, 0xF8, 0xFC, 0x7A, 0x15, 0x0C, 0x43, 0x35, 0x4B, 0x31, 0x4F, 0xE7, 0x35, 0x10, 0x01, 0xB3 },
+    { 0x00, 0x3C, 0x40, 0xA7, 0x88, 0xE4, 0x6F, 0x5A, 0x7C, 0xF3, 0xCC, 0x60, 0x61, 0x20, 0x03, 0x75, 0xD8, 0xC2, 0x86, 0x64, 0xB3, 0x7C, 0xE1, 0x8F, 0x44, 0x81, 0xA7, 0x9F, 0x53, 0xF0, 0xA5, 0xE1 },
+    { 0xA3, 0xCB, 0x7C, 0xB7, 0x00, 0xB4, 0xC7, 0x82, 0xE3, 0x1D, 0xA2, 0x57, 0xCD, 0xFD, 0x78, 0xFB, 0x5A, 0x58, 0x27, 0xC0, 0x10, 0xE7, 0x8C, 0x7F, 0xE4, 0x71, 0x32, 0xD0, 0x99, 0x95, 0x8D, 0xC2 },
+    { 0x60, 0x07, 0x15, 0xAE, 0x47, 0x8D, 0xB2, 0xA2, 0x9A, 0x9B, 0x2E, 0x96, 0x4B, 0xA3, 0xB3, 0xC0, 0x23, 0x93, 0x6B, 0xB4, 0x29, 0x9E, 0xE4, 0x15, 0x75, 0x83, 0x3C, 0x8C, 0x49, 0x76, 0xB5, 0x95 },
+    { 0xC9, 0x1A, 0xA1, 0xF5, 0x28, 0x72, 0x17, 0x11, 0x52, 0x9E, 0x95, 0xF7, 0x90, 0x70, 0x07, 0x8C, 0x25, 0xF4, 0x44, 0x88, 0x2F, 0x14, 0x9F, 0x58, 0xF8, 0xC1, 0x6B, 0xCF, 0x77, 0xFA, 0x1C, 0x98 },
+    { 0x18, 0x1F, 0x02, 0xED, 0x08, 0x7C, 0xDD, 0x6E, 0x00, 0xE6, 0x8E, 0x1B, 0x6E, 0xD9, 0x43, 0xA0, 0x96, 0x55, 0xDC, 0xC9, 0x22, 0x8F, 0xA9, 0xDD, 0xC1, 0x1F, 0xF6, 0x70, 0x83, 0x87, 0x55, 0x2E },
+    { 0xEA, 0x81, 0xEA, 0xA6, 0x91, 0x4C, 0x49, 0xB6, 0x59, 0xBB, 0x54, 0x5E, 0x36, 0x1E, 0xE8, 0x50, 0x15, 0x29, 0x12, 0xBF, 0x4D, 0xAA, 0xA5, 0x57, 0x41, 0xBE, 0x98, 0x4B, 0xE9, 0x2E, 0x40, 0x05 },
+    { 0xDB, 0x67, 0x03, 0xE8, 0xDF, 0x11, 0xDE, 0x31, 0x5D, 0xD2, 0x68, 0x69, 0xDF, 0xA8, 0x71, 0xF3, 0x8F, 0x25, 0x84, 0x62, 0xE3, 0x5D, 0xFB, 0x4D, 0xEE, 0xFB, 0xA4, 0x09, 0x73, 0xF5, 0x1D, 0xA6 },
+    { 0xCB, 0x78, 0x88, 0xE3, 0x01, 0xEB, 0x34, 0xBF, 0x1D, 0xC6, 0xFE, 0x1B, 0xCB, 0xFC, 0x45, 0x70, 0x19, 0x42, 0xD4, 0xB2, 0x4C, 0x0C, 0x77, 0x9C, 0x87, 0x65, 0xF6, 0x65, 0x5B, 0x77, 0x9C, 0x31 },
+    { 0xC8, 0x39, 0x57, 0x07, 0x8C, 0xF1, 0x4A, 0xF5, 0x5E, 0x65, 0x28, 0x9C, 0x8D, 0x37, 0x65, 0x15, 0xA6, 0x00, 0x88, 0x85, 0x34, 0x6D, 0xC0, 0xD1, 0x43, 0xDD, 0x05, 0x0D, 0x8F, 0x40, 0x0D, 0x9F },
+    { 0x71, 0xBD, 0x38, 0xBF, 0x18, 0xAE, 0x02, 0x59, 0xEA, 0x4B, 0x6C, 0x0D, 0xCE, 0x35, 0x67, 0x6F, 0x05, 0x80, 0x77, 0x24, 0xBF, 0xE5, 0x71, 0x5C, 0x1E, 0xA1, 0x16, 0x16, 0x55, 0xA5, 0x28, 0x6B },
+    { 0xBD, 0xA4, 0x2B, 0x99, 0x86, 0x9B, 0x12, 0x30, 0x21, 0xDC, 0x91, 0x87, 0x09, 0x32, 0x59, 0x49, 0xC6, 0x11, 0x91, 0x22, 0x51, 0x8A, 0x11, 0x29, 0x78, 0x85, 0x6B, 0x7D, 0xAC, 0x55, 0xAB, 0xC2 },
+    { 0x27, 0x38, 0xF1, 0x37, 0x4F, 0x16, 0xFF, 0xAE, 0x8B, 0xDE, 0xD4, 0xC4, 0x9C, 0x05, 0x32, 0x21, 0xAA, 0xC6, 0x39, 0xD6, 0x96, 0x71, 0x95, 0x98, 0xAE, 0xD8, 0xBC, 0x46, 0xAF, 0xF1, 0x2B, 0x53 },
+    { 0x1A, 0x92, 0x93, 0x1C, 0xD9, 0xCB, 0xE6, 0x0C, 0x34, 0x1F, 0xAC, 0xAB, 0x15, 0x79, 0xB2, 0x16, 0x24, 0x64, 0xFC, 0xFE, 0xF6, 0xA0, 0x63, 0x10, 0x57, 0xA6, 0x46, 0xDE, 0x94, 0x58, 0x82, 0xCE },
+    { 0x8B, 0x07, 0x9D, 0x8C, 0x63, 0xD5, 0x4B, 0xB0, 0x97, 0xB3, 0x08, 0x72, 0x3C, 0x86, 0xA5, 0x1D, 0xF6, 0xDC, 0x64, 0xCF, 0x46, 0x11, 0x08, 0x7F, 0xC4, 0x58, 0x5D, 0xC6, 0xE8, 0xFF, 0xE3, 0xE8 },
+    { 0x2F, 0xF0, 0xD2, 0xB3, 0xF4, 0x28, 0x02, 0xC6, 0x7E, 0x46, 0x27, 0x6B, 0x4B, 0x5E, 0x63, 0xF5, 0xE8, 0xE9, 0x64, 0xFA, 0xA4, 0x72, 0x01, 0xDD, 0xBA, 0x7A, 0x8E, 0xEE, 0xE3, 0xF1, 0x05, 0x03 },
+    { 0x7C, 0xDE, 0xF9, 0x2D, 0xB7, 0xB1, 0x9F, 0x90, 0xAD, 0xED, 0x25, 0xDD, 0x0D, 0x71, 0xB0, 0xC0, 0x72, 0xE6, 0x1D, 0x6A, 0x27, 0x4F, 0x54, 0x94, 0x06, 0xA3, 0xF6, 0x37, 0x81, 0x83, 0x96, 0xB4 },
+    { 0xEA, 0x78, 0x2A, 0xE7, 0xD1, 0x3B, 0x2A, 0x3E, 0x44, 0x33, 0xB7, 0xA3, 0xA5, 0x57, 0xCF, 0x39, 0x6D, 0x94, 0x5F, 0xFA, 0x6C, 0x4E, 0x81, 0x3D, 0x5C, 0x9E, 0xEA, 0x98, 0x1C, 0xCF, 0x70, 0xD5 },
+    { 0xBA, 0x2B, 0x01, 0x64, 0xA2, 0xB7, 0xD9, 0x48, 0x0E, 0x70, 0x8A, 0x6A, 0x89, 0xA5, 0x64, 0x2C, 0xE1, 0x5E, 0x9F, 0xFD, 0xCE, 0x96, 0x7E, 0xF1, 0xB9, 0x31, 0x73, 0x42, 0xB5, 0xBD, 0x20, 0xB8 },
+    { 0x75, 0x83, 0x97, 0x50, 0x0E, 0x35, 0x37, 0xCE, 0x8C, 0x8C, 0x8A, 0x42, 0x25, 0xCE, 0x39, 0xCA, 0x61, 0x6E, 0x00, 0x0F, 0x38, 0x0F, 0x99, 0xD5, 0xC7, 0xC9, 0x64, 0x77, 0xB1, 0x0E, 0xD6, 0xB6 },
+    { 0x60, 0x33, 0xE5, 0x14, 0xED, 0x62, 0x9D, 0x87, 0x3B, 0x14, 0x95, 0x55, 0x6E, 0x5E, 0x1C, 0xF3, 0x2A, 0x20, 0x6F, 0x17, 0x13, 0xEE, 0x82, 0x84, 0x6A, 0xAC, 0xB9, 0x45, 0x6A, 0x2D, 0xC7, 0x2B },
+    { 0x4B, 0x10, 0xF6, 0x2E, 0xA5, 0xEE, 0x03, 0x9A, 0x36, 0x35, 0xCA, 0xFB, 0x3C, 0xE4, 0x4E, 0xD1, 0x0A, 0x59, 0x7C, 0x2C, 0x43, 0xED, 0x84, 0x92, 0xEB, 0x2C, 0x14, 0xB5, 0x35, 0x52, 0x9F, 0x10 },
+    { 0x18, 0xA8, 0x38, 0x52, 0xA4, 0x08, 0x73, 0xB3, 0xC6, 0x6D, 0x01, 0x6A, 0x1C, 0xBF, 0x42, 0xB3, 0xAD, 0x48, 0x1D, 0xC8, 0xEE, 0xE9, 0x5B, 0x40, 0x47, 0xC4, 0x4B, 0x32, 0x67, 0x64, 0x36, 0x5A },
+    { 0x74, 0xE4, 0xAF, 0x82, 0xF0, 0xC8, 0xF8, 0xB5, 0x95, 0xBA, 0x4C, 0x19, 0x04, 0x0E, 0x46, 0x1F, 0xEE, 0x50, 0xEE, 0x7F, 0x89, 0xBD, 0x02, 0x71, 0x76, 0x1C, 0x40, 0x61, 0xD7, 0x91, 0xCB, 0x2E },
+    { 0xB3, 0x1D, 0x0F, 0x5F, 0x42, 0x03, 0xC8, 0xDC, 0xEA, 0x59, 0xF7, 0xF1, 0x91, 0x16, 0xCE, 0x57, 0xF4, 0xA8, 0x93, 0x19, 0xC6, 0x1F, 0x67, 0x5E, 0x38, 0xFE, 0xE3, 0x81, 0xE7, 0x5E, 0x3A, 0xB6 },
+    { 0xBE, 0x72, 0x9B, 0xA7, 0x5B, 0x4D, 0xC2, 0x90, 0xA5, 0x13, 0xC5, 0x49, 0x96, 0x9A, 0x65, 0xFF, 0x82, 0x91, 0xD2, 0xAD, 0xD6, 0x45, 0x41, 0x71, 0x28, 0x29, 0x9C, 0xE4, 0x29, 0xB7, 0x77, 0x87 },
+    { 0x99, 0x8F, 0x85, 0x08, 0x8A, 0x02, 0xC0, 0xAD, 0xE7, 0x83, 0x68, 0x21, 0x94, 0xAD, 0xF8, 0x99, 0x2D, 0x29, 0x26, 0x51, 0xC3, 0x82, 0x8D, 0xA6, 0x80, 0xA8, 0x23, 0x5A, 0x37, 0x87, 0x85, 0xCD },
+    { 0xE1, 0x31, 0xD7, 0xCC, 0x44, 0xFD, 0x53, 0xCB, 0x7A, 0x42, 0xA3, 0x56, 0x29, 0xDE, 0x62, 0xAD, 0x43, 0x82, 0x08, 0x00, 0xF7, 0x14, 0x49, 0xB7, 0x6D, 0x21, 0x00, 0x23, 0x0F, 0x1C, 0x15, 0xCB },
+    { 0x15, 0x53, 0x4B, 0xA5, 0xCE, 0xDC, 0xFC, 0xCC, 0xDB, 0xFB, 0xCD, 0x09, 0xAE, 0x9D, 0xC1, 0x83, 0xA4, 0xB5, 0x0E, 0x8C, 0x24, 0x94, 0x39, 0xC7, 0x41, 0x15, 0xCF, 0x59, 0x82, 0xE0, 0xD4, 0x19 },
+    { 0x1E, 0x66, 0x2E, 0x1C, 0x35, 0x15, 0x53, 0x3E, 0x58, 0x7B, 0x87, 0xC8, 0x95, 0x86, 0xC8, 0x8F, 0x69, 0xBB, 0x05, 0x6F, 0x6C, 0xC8, 0x4C, 0xE1, 0x93, 0x8B, 0x5B, 0xB1, 0x86, 0x38, 0x40, 0xD7 },
+    { 0x2E, 0x47, 0xE1, 0x6C, 0xCF, 0x6E, 0x6C, 0x01, 0xBB, 0xB1, 0x91, 0xEB, 0x7D, 0x70, 0x5F, 0xF6, 0x60, 0x66, 0x05, 0x9D, 0x97, 0x1B, 0x67, 0x17, 0x61, 0x71, 0x41, 0x1D, 0x72, 0x5F, 0x59, 0xEE },
+    { 0x72, 0x2E, 0xB9, 0xAC, 0x0D, 0xBD, 0x5A, 0x0C, 0xDC, 0xB2, 0xB7, 0x14, 0x03, 0x1F, 0xEB, 0xA5, 0xF7, 0xDB, 0x4F, 0x06, 0x3E, 0xB8, 0x7F, 0xD2, 0x25, 0x6B, 0xB4, 0x7D, 0xF0, 0xFD, 0xBD, 0xDC },
+    { 0xA4, 0xBB, 0x46, 0xA7, 0x2A, 0x3A, 0xC7, 0x2C, 0xA8, 0x03, 0xF4, 0x55, 0x0F, 0x20, 0xCB, 0x48, 0x61, 0xA9, 0x75, 0x69, 0x7B, 0xA8, 0x7A, 0x3E, 0xCA, 0x86, 0x6B, 0x3D, 0xF4, 0x59, 0xFE, 0x5C },
+    { 0x0D, 0xA7, 0x6E, 0x6D, 0x92, 0x9D, 0x86, 0xBB, 0x71, 0x4B, 0x89, 0x69, 0xC7, 0x52, 0xEB, 0x0B, 0x6B, 0x7F, 0x63, 0x87, 0x9B, 0x0D, 0x68, 0x45, 0x8D, 0x8B, 0xE1, 0xE7, 0x2E, 0xB3, 0x80, 0x59 },
+    { 0x2B, 0xB6, 0x5D, 0xD6, 0xAF, 0x5E, 0x9A, 0x00, 0x12, 0x01, 0x76, 0x81, 0x3C, 0x1E, 0x3C, 0xD3, 0x22, 0x79, 0x9E, 0xA9, 0x7F, 0x2D, 0xA5, 0x49, 0x00, 0xE2, 0xC5, 0x4D, 0x03, 0x60, 0x00, 0xA4 },
+    { 0xB9, 0xEB, 0xA7, 0x4F, 0x87, 0x63, 0x8F, 0x09, 0x93, 0x2B, 0xA1, 0xB1, 0xEB, 0xC8, 0x5D, 0x15, 0x28, 0x3E, 0x2E, 0xA6, 0xD9, 0x21, 0x2A, 0x6D, 0x3A, 0x59, 0x52, 0x3E, 0x2E, 0xFD, 0xF7, 0x35 },
+    { 0xD2, 0x43, 0x06, 0xF5, 0x97, 0x05, 0xF4, 0xA9, 0x69, 0x53, 0xCF, 0x39, 0xEB, 0xD2, 0x8D, 0xB5, 0xA8, 0x7B, 0xF3, 0x69, 0x9A, 0x7F, 0xCF, 0x3C, 0x3B, 0x46, 0xFB, 0xE7, 0x15, 0x48, 0x9F, 0x9B },
+    { 0xBF, 0x1B, 0x86, 0x6D, 0xA3, 0x3E, 0x53, 0x68, 0xC5, 0x31, 0x4C, 0xB7, 0xAF, 0x2D, 0x24, 0x14, 0xB2, 0xB4, 0x36, 0xFE, 0xDA, 0x3B, 0x8E, 0x89, 0xD9, 0x63, 0x9F, 0x06, 0xAA, 0xCD, 0x34, 0x73 },
+    { 0x25, 0x28, 0xAA, 0xBA, 0x38, 0x73, 0xCE, 0x29, 0x3D, 0x25, 0xA3, 0x68, 0xED, 0x93, 0x28, 0xAA, 0x47, 0xF8, 0x90, 0x04, 0x8B, 0x8B, 0x5D, 0xDE, 0xE3, 0x1F, 0xA0, 0x92, 0x56, 0x49, 0x2D, 0xD4 },
+    { 0x52, 0x15, 0x11, 0x57, 0xBA, 0x28, 0xEB, 0x98, 0x2D, 0xA7, 0x68, 0x39, 0xCF, 0x4F, 0xFC, 0xD6, 0x90, 0x98, 0xD0, 0x6C, 0x1A, 0x26, 0xAA, 0xDB, 0x89, 0x31, 0x7E, 0x76, 0x3C, 0x8D, 0xD8, 0x49 },
+    { 0x96, 0xCC, 0x86, 0x2A, 0x1C, 0xFD, 0xFE, 0x93, 0xCA, 0xA7, 0xFD, 0x5A, 0x39, 0xE6, 0x2F, 0xFB, 0xDB, 0x9C, 0xF6, 0xDF, 0x9D, 0xA3, 0x37, 0x58, 0xBF, 0x96, 0x9C, 0x18, 0xF7, 0x75, 0xAE, 0x84 },
+    { 0xEB, 0xE7, 0x0D, 0x78, 0x87, 0x86, 0xF3, 0x5E, 0xFD, 0xD0, 0x2C, 0x51, 0xB5, 0xA4, 0x01, 0x19, 0xEC, 0xA6, 0x1D, 0xDF, 0xD1, 0xED, 0x49, 0x17, 0x36, 0xB8, 0x8C, 0x64, 0x1E, 0xC8, 0x7E, 0x24 },
+    { 0xB9, 0xFC, 0x14, 0x78, 0xA9, 0x4C, 0x14, 0x74, 0x6A, 0x26, 0xCB, 0x0D, 0xA4, 0x90, 0x7E, 0xBF, 0xED, 0x63, 0x06, 0xC1, 0x58, 0xB2, 0x43, 0x81, 0xE8, 0x4C, 0xB7, 0xC7, 0x9E, 0xF8, 0xFC, 0x55 },
+    { 0x4C, 0xA4, 0x8B, 0x2B, 0x9A, 0xD8, 0x6F, 0xB8, 0x7E, 0xDD, 0xDC, 0x9A, 0x2E, 0xA7, 0xE9, 0xBD, 0xB9, 0xBC, 0xFD, 0x51, 0x8B, 0xC6, 0x48, 0x8D, 0xD6, 0xB4, 0xE1, 0x7C, 0x1B, 0xC2, 0x54, 0xC2 },
+    { 0xCF, 0x24, 0xDD, 0xFF, 0xCF, 0x07, 0x64, 0xE3, 0xFA, 0x8F, 0xCA, 0x36, 0x72, 0xF6, 0xEA, 0x9F, 0x5B, 0x18, 0xA2, 0x00, 0x63, 0x33, 0x22, 0x67, 0x80, 0x61, 0x7D, 0x12, 0x0D, 0x12, 0x28, 0x21 },
+    { 0x14, 0x4C, 0x4E, 0x5B, 0x3F, 0xD9, 0x2E, 0x05, 0x33, 0x47, 0x3E, 0xEB, 0xD7, 0xD5, 0xF4, 0x21, 0x4E, 0x47, 0x88, 0x2B, 0x80, 0x60, 0x0E, 0xE5, 0xEA, 0x39, 0xFB, 0x86, 0x0B, 0x8A, 0xD2, 0x0D },
+    { 0xAB, 0x62, 0x6B, 0xBA, 0x73, 0x48, 0x74, 0x25, 0x6C, 0x60, 0xE2, 0xDA, 0xEC, 0xEB, 0x18, 0x3F, 0xFA, 0xA1, 0x35, 0x08, 0x01, 0xBF, 0xFC, 0xF5, 0xC4, 0xDF, 0x8E, 0x57, 0x5F, 0x72, 0x4B, 0x90 },
+    { 0x92, 0xC5, 0x42, 0xBC, 0x62, 0xC4, 0xB5, 0x55, 0x08, 0xBB, 0x96, 0x87, 0x75, 0xEA, 0xEB, 0x29, 0xFD, 0x40, 0x69, 0xE9, 0x2D, 0xCB, 0xBF, 0x1B, 0xFE, 0xCD, 0xA5, 0x45, 0xA0, 0x33, 0x08, 0x2E },
+    { 0x27, 0x8B, 0xAD, 0xA0, 0x74, 0x29, 0x44, 0xDC, 0xFE, 0x8B, 0xA9, 0x88, 0xD6, 0xB4, 0xFB, 0x80, 0xA0, 0x3D, 0x53, 0xFC, 0xCE, 0xFA, 0x0A, 0x8B, 0x4E, 0x33, 0xC6, 0x14, 0x5E, 0x25, 0xA8, 0x8B },
+    { 0x90, 0x1F, 0x67, 0xE6, 0x35, 0x76, 0x8D, 0x7A, 0x57, 0xAC, 0x92, 0xAC, 0xFB, 0x58, 0xD2, 0x4A, 0xD2, 0x43, 0x4C, 0x97, 0xEC, 0xA4, 0xDC, 0x2A, 0x7F, 0xBF, 0x23, 0xD0, 0x78, 0x54, 0x86, 0x87 },
+    { 0x03, 0x32, 0x15, 0x85, 0x16, 0xC9, 0x1B, 0xFD, 0x75, 0xDF, 0x30, 0x42, 0x46, 0x4D, 0xB6, 0xF7, 0x56, 0xD3, 0xBF, 0x4D, 0x65, 0xF3, 0x96, 0xDD, 0xD4, 0x39, 0x0E, 0x62, 0x9B, 0x01, 0x9E, 0x8F },
+    { 0x8F, 0xDE, 0x76, 0x45, 0xB2, 0xA5, 0xF2, 0x6D, 0x6B, 0x63, 0xDF, 0xE0, 0x14, 0x6E, 0x0A, 0xF1, 0x86, 0xEB, 0x35, 0xC4, 0xCD, 0x11, 0x2E, 0x96, 0xD8, 0x9D, 0xAA, 0x65, 0x12, 0xE1, 0x3C, 0xDD },
+    { 0x4E, 0x31, 0x93, 0xCB, 0x00, 0xC9, 0x64, 0x2F, 0x21, 0xA0, 0xA9, 0x80, 0x87, 0xA5, 0xF3, 0x12, 0x77, 0xFB, 0x4B, 0x4B, 0x9C, 0xF3, 0xA9, 0x55, 0xE8, 0xE5, 0x7F, 0x45, 0xF5, 0x9E, 0x8B, 0x1A },
+    { 0x4F, 0x44, 0x57, 0x6E, 0x20, 0x3B, 0x73, 0x80, 0xF4, 0xF0, 0x99, 0x4D, 0xC8, 0xDA, 0x3B, 0x52, 0xD6, 0x17, 0xC0, 0x49, 0x62, 0xF9, 0x43, 0x41, 0x07, 0x15, 0x54, 0xC7, 0x4F, 0x35, 0xFD, 0xF3 },
+    { 0x2C, 0xF8, 0x69, 0x7B, 0xCF, 0x35, 0xC8, 0x0C, 0x6F, 0x96, 0xC4, 0xB4, 0xCA, 0xCF, 0x3F, 0xB0, 0x59, 0xCA, 0x46, 0x41, 0x14, 0xE9, 0x82, 0xF2, 0x81, 0x82, 0x8E, 0x78, 0x10, 0x04, 0x95, 0x7C },
+    { 0x93, 0x31, 0xC1, 0x30, 0xE9, 0x13, 0xB2, 0x88, 0xB1, 0x0D, 0x73, 0x15, 0x4E, 0xDE, 0xA0, 0xFF, 0x97, 0x27, 0xC8, 0xEA, 0x77, 0xD3, 0x9B, 0xE9, 0x16, 0x47, 0x15, 0xAA, 0x69, 0x04, 0x83, 0xD5 },
+    { 0xF8, 0xF8, 0x7C, 0xAB, 0xFF, 0x80, 0x30, 0xDA, 0x55, 0x95, 0x3C, 0x58, 0xA0, 0x18, 0x43, 0xB8, 0xEB, 0xFF, 0x2E, 0xF2, 0x62, 0xF5, 0x01, 0xA0, 0x77, 0xE2, 0x0E, 0x67, 0x05, 0xF6, 0xE8, 0x04 },
+    { 0x29, 0x8C, 0xD0, 0xB2, 0x42, 0x89, 0xF9, 0x5E, 0xD7, 0xEF, 0x49, 0x31, 0x2A, 0xAE, 0xEF, 0x9A, 0xE5, 0x9D, 0xC7, 0x93, 0xF5, 0x89, 0xAB, 0xA7, 0x06, 0x38, 0x41, 0x74, 0x8C, 0xEC, 0x43, 0x1D },
+    { 0x60, 0x89, 0xA4, 0xBB, 0xE4, 0xD1, 0x5B, 0xBC, 0x8D, 0x6B, 0x2E, 0xA5, 0x69, 0x18, 0x73, 0xCD, 0xA6, 0x7F, 0x7E, 0xD2, 0xF0, 0xB9, 0xB1, 0xFB, 0xB0, 0xC0, 0x5D, 0xD4, 0xAD, 0xFC, 0x41, 0xA5 },
+    { 0xD1, 0x72, 0x07, 0x9E, 0xF7, 0x1F, 0x7E, 0xBD, 0x34, 0xFE, 0xD9, 0x61, 0x71, 0x39, 0x67, 0x82, 0x3B, 0xDD, 0x17, 0xCA, 0x55, 0xED, 0x37, 0xF4, 0xEF, 0xB0, 0xAF, 0xC0, 0x9D, 0x46, 0x5A, 0xB4 },
+    { 0xA6, 0x63, 0x70, 0x1D, 0xB1, 0xEC, 0xE3, 0xD5, 0x03, 0x61, 0xAD, 0x78, 0xF7, 0x37, 0x9A, 0xE3, 0xC8, 0xD1, 0xC1, 0xA3, 0x6F, 0x76, 0x36, 0x92, 0x58, 0xA8, 0x69, 0x9B, 0x64, 0x61, 0x2B, 0x98 },
+    { 0x07, 0xC1, 0xA0, 0x97, 0x8D, 0x7E, 0x6D, 0xE4, 0x36, 0xDD, 0xD8, 0xAF, 0x6E, 0xD7, 0x70, 0xDC, 0xDE, 0xEB, 0x1D, 0x50, 0x91, 0xEF, 0xCF, 0x54, 0xE2, 0x6F, 0x0A, 0x77, 0xD1, 0x65, 0xE9, 0xF3 },
+    { 0x74, 0x7A, 0x10, 0xDB, 0xA1, 0x03, 0x5D, 0x5D, 0xA7, 0x5A, 0x1C, 0xA2, 0x3E, 0x43, 0x41, 0xCA, 0xBC, 0x27, 0x5B, 0xF6, 0xFA, 0x36, 0x31, 0x47, 0x91, 0x47, 0xA6, 0x37, 0x34, 0xF9, 0x05, 0x7F },
+    { 0x07, 0xED, 0x8F, 0x05, 0x30, 0x15, 0x64, 0xE9, 0x21, 0xCA, 0x41, 0x39, 0xE6, 0x18, 0xCB, 0x55, 0x41, 0xA8, 0x42, 0xFB, 0xE4, 0x35, 0xAB, 0x4D, 0x94, 0x52, 0x2D, 0xA8, 0xDC, 0x3F, 0x2F, 0x01 },
+    { 0xDC, 0xF1, 0xD5, 0x34, 0x79, 0x0D, 0x3E, 0x06, 0xAE, 0x0B, 0x99, 0xE9, 0x2E, 0x83, 0x76, 0x9E, 0x0D, 0x32, 0xD8, 0x22, 0xB4, 0x3A, 0x88, 0x17, 0x92, 0xF8, 0x3A, 0xDE, 0xAA, 0xD7, 0xB5, 0x18 },
+    { 0xB9, 0xDA, 0x49, 0x2B, 0xF4, 0xEC, 0xA3, 0x4B, 0x3A, 0xFA, 0xB1, 0xB4, 0x86, 0xB5, 0xC5, 0x38, 0xCB, 0xC4, 0x01, 0xC5, 0x69, 0xAB, 0xE9, 0x82, 0x99, 0xC0, 0x29, 0xE3, 0x4D, 0xFF, 0x9C, 0x6C },
+    { 0x41, 0x2B, 0x10, 0x65, 0x6D, 0xF0, 0x76, 0x4C, 0x87, 0x7C, 0x2A, 0xC8, 0x80, 0x37, 0xB9, 0x15, 0x9B, 0x52, 0xE2, 0x96, 0x0E, 0x91, 0x14, 0x3B, 0x97, 0x9D, 0x2A, 0x40, 0x3A, 0xC7, 0xC6, 0xB1 },
+    { 0xF9, 0x8B, 0xBC, 0xBA, 0x2E, 0x27, 0x38, 0xDE, 0x90, 0x9F, 0xB6, 0x67, 0x25, 0xF9, 0x31, 0x7B, 0xA6, 0x31, 0xF8, 0x03, 0x01, 0x73, 0x6A, 0x10, 0x4F, 0xE7, 0xCC, 0x1F, 0x5F, 0xEC, 0x73, 0xD8 },
+    { 0x28, 0x49, 0xE8, 0x11, 0xEE, 0x81, 0x63, 0x33, 0x13, 0x41, 0xBC, 0x45, 0x04, 0x30, 0xE5, 0x80, 0x0A, 0x6E, 0xB9, 0x9F, 0x7C, 0x5D, 0x0E, 0xC9, 0xE3, 0xF9, 0x5C, 0x08, 0xA9, 0x54, 0xF0, 0x2C },
+    { 0x6E, 0x77, 0x6F, 0xD1, 0xF1, 0x68, 0xCA, 0x2D, 0xE5, 0x67, 0x74, 0xA7, 0x0D, 0x4D, 0xD6, 0xAD, 0x6C, 0x8C, 0x7D, 0x85, 0xC1, 0xB9, 0x7A, 0x31, 0xC0, 0xDA, 0x79, 0x97, 0xE4, 0x96, 0x6A, 0x6E },
+    { 0x5A, 0x25, 0x19, 0xEF, 0x40, 0xF3, 0x4F, 0x89, 0x51, 0x19, 0xBC, 0x29, 0xE2, 0x91, 0x3F, 0x23, 0xF0, 0x54, 0x4E, 0xE4, 0x14, 0x3C, 0x32, 0x5B, 0x07, 0xC7, 0x42, 0x7D, 0xC2, 0x3D, 0xCA, 0xE8 },
+    { 0x32, 0xF2, 0xF1, 0xD8, 0x10, 0x9C, 0xB2, 0xA1, 0x32, 0xA1, 0xAD, 0x85, 0xA5, 0x7B, 0xF8, 0x15, 0x16, 0x25, 0xD2, 0x84, 0x33, 0x3C, 0x77, 0x74, 0x4A, 0xD7, 0xDD, 0x95, 0x6B, 0x51, 0x03, 0x88 },
+    { 0x98, 0x63, 0x49, 0x9E, 0xB1, 0x66, 0xDF, 0x82, 0x2B, 0x10, 0x44, 0xFA, 0x7A, 0x07, 0x44, 0xAB, 0xF9, 0x80, 0xA1, 0xE2, 0xF9, 0xA1, 0x1F, 0x37, 0xF3, 0x25, 0xA7, 0xB1, 0x5D, 0xFE, 0x70, 0x72 },
+    { 0x30, 0x91, 0x5C, 0x5F, 0x3D, 0xC5, 0xA1, 0xA5, 0xAB, 0x64, 0xAD, 0x30, 0xA3, 0xCD, 0xE7, 0x82, 0x57, 0x58, 0x4F, 0x05, 0x90, 0x37, 0x0A, 0xC7, 0xD2, 0xAC, 0x5E, 0x46, 0xD1, 0x45, 0xDC, 0xD6 },
+    { 0xA6, 0x56, 0x45, 0xBE, 0xE0, 0xCC, 0x3E, 0x53, 0xE4, 0xA5, 0x21, 0xE4, 0xA2, 0x99, 0x6C, 0x31, 0x81, 0xBC, 0x4C, 0x07, 0x2C, 0x24, 0x68, 0x76, 0x16, 0x7C, 0x84, 0x4B, 0xA9, 0x31, 0x54, 0x2D },
+    { 0x96, 0x6F, 0xB1, 0xDC, 0x30, 0x56, 0x41, 0x8C, 0x90, 0xF5, 0x5E, 0x46, 0xB8, 0x29, 0xBF, 0x1A, 0x8E, 0xAA, 0x93, 0x57, 0xE0, 0x3E, 0xE9, 0x54, 0xD7, 0x5A, 0x02, 0x43, 0xDE, 0x8A, 0x15, 0x1C },
+    { 0x10, 0x4D, 0xA9, 0xE4, 0x5A, 0x9A, 0x04, 0x4F, 0xA8, 0x92, 0x35, 0x77, 0x10, 0x0E, 0x40, 0x95, 0xA6, 0x1E, 0xFF, 0xDC, 0x77, 0xB3, 0x1B, 0x82, 0x90, 0x2F, 0x29, 0xCA, 0x8E, 0x41, 0xAF, 0xE7 },
+    { 0xAB, 0x3F, 0x18, 0xF0, 0x3D, 0x04, 0xB6, 0xD9, 0xC7, 0x39, 0x7E, 0x41, 0x72, 0x73, 0x92, 0xE6, 0xAE, 0x50, 0xF3, 0x8F, 0xEE, 0xE0, 0x22, 0x91, 0x04, 0x5B, 0x77, 0x54, 0xD3, 0xC0, 0x04, 0xB8 },
+    { 0x52, 0x48, 0x87, 0x9A, 0xEA, 0xD5, 0xD9, 0x82, 0x3D, 0x3B, 0xCF, 0xE9, 0x8F, 0x19, 0xE8, 0xA5, 0x87, 0x17, 0xEA, 0xC7, 0x32, 0xA1, 0x4A, 0xA0, 0x1B, 0x28, 0x9A, 0xD3, 0x1C, 0x9D, 0xAA, 0x8D },
+    { 0x79, 0xD1, 0xC3, 0x33, 0x83, 0x02, 0xDC, 0xBB, 0x9A, 0x59, 0xD8, 0x69, 0xA2, 0x57, 0x04, 0x1D, 0x27, 0x48, 0xB4, 0xA5, 0x8C, 0x73, 0x43, 0x56, 0x81, 0x4C, 0x96, 0x28, 0x36, 0x92, 0xB2, 0x1D },
+    { 0xDD, 0x41, 0x39, 0xF9, 0x2E, 0xD9, 0xEA, 0xB7, 0xD0, 0x74, 0x6C, 0x49, 0xA6, 0xF9, 0x5F, 0x5B, 0x17, 0xC4, 0x44, 0xF5, 0x1A, 0x76, 0x97, 0xB0, 0x56, 0xA1, 0xEC, 0x6E, 0x54, 0x22, 0x8A, 0x72 },
+    { 0x4C, 0xDA, 0xF8, 0xD2, 0xD0, 0xEC, 0xD1, 0x04, 0x5E, 0x49, 0x64, 0x71, 0xE2, 0x2A, 0x25, 0x90, 0xA9, 0x49, 0x83, 0xC6, 0xCF, 0x32, 0x73, 0xCD, 0x88, 0xBF, 0x80, 0xCC, 0xEB, 0x86, 0xA6, 0x33 },
+    { 0x93, 0x9E, 0xD9, 0x9C, 0x58, 0xE0, 0x64, 0x70, 0xAE, 0xBA, 0x78, 0xEF, 0xD3, 0x9B, 0x04, 0xDD, 0x1A, 0x5B, 0xE8, 0x03, 0xAC, 0x21, 0x59, 0xC0, 0xA0, 0x18, 0xE4, 0x05, 0xCB, 0x13, 0xE9, 0xB7 },
+    { 0x83, 0xB6, 0xBF, 0x71, 0xCD, 0x42, 0x31, 0x77, 0x57, 0x10, 0xBB, 0xED, 0x0D, 0x80, 0x8D, 0xE6, 0x73, 0x2C, 0xDD, 0xD6, 0x4D, 0x51, 0x08, 0xB0, 0x2A, 0x1B, 0x0E, 0x80, 0xCC, 0x61, 0x8E, 0xBD },
+    { 0x3C, 0x14, 0x0C, 0x6E, 0xB5, 0x25, 0x3B, 0xD4, 0xEF, 0xF1, 0x9F, 0xBF, 0xCD, 0xC8, 0xA2, 0xBA, 0x5C, 0x49, 0x96, 0xF9, 0xAC, 0x7B, 0xB5, 0x5E, 0xB3, 0x2A, 0x10, 0xF4, 0x5F, 0x67, 0xAD, 0x32 },
+    { 0xDF, 0x5D, 0x47, 0xDC, 0xB0, 0x39, 0x3E, 0xD4, 0x3C, 0xA7, 0x7C, 0xBF, 0x8D, 0xE1, 0x62, 0x94, 0xD7, 0x15, 0x40, 0xFA, 0xD5, 0x9B, 0x84, 0x03, 0x9D, 0x5B, 0xD2, 0x62, 0x33, 0x5B, 0x7B, 0xB6 },
+    { 0x09, 0xBD, 0xBF, 0xF3, 0x0B, 0xC6, 0x58, 0x09, 0x6D, 0xB3, 0x53, 0xC3, 0x80, 0x16, 0xC4, 0x83, 0x37, 0x6B, 0x72, 0x26, 0x84, 0xDE, 0x43, 0xF0, 0x60, 0x0D, 0xC4, 0xD8, 0xD7, 0xEA, 0x47, 0x9F },
+    { 0xFB, 0x81, 0x2E, 0x6D, 0xCF, 0xB0, 0xAF, 0x15, 0x2D, 0x13, 0x8B, 0xCB, 0x27, 0x4C, 0x1A, 0x4D, 0xA6, 0x26, 0x87, 0x0D, 0x1A, 0x95, 0xC7, 0x2B, 0xB7, 0xD9, 0xCF, 0xA6, 0x26, 0x55, 0x89, 0x5F },
+    { 0x9B, 0x19, 0xF2, 0x4F, 0xCD, 0x8C, 0xD5, 0xE8, 0x36, 0x52, 0xF0, 0xB5, 0x0B, 0xDB, 0x9B, 0x8A, 0x70, 0x08, 0x57, 0x44, 0xE3, 0xBC, 0x48, 0xB2, 0x03, 0xD1, 0x88, 0xE3, 0x1F, 0x66, 0x47, 0x88 },
+    { 0xD9, 0xB9, 0x91, 0x7F, 0x57, 0x2E, 0xEC, 0xFB, 0xE8, 0x6B, 0x9B, 0x8A, 0x62, 0x6B, 0xEE, 0x8E, 0x78, 0xAB, 0x22, 0x9D, 0x38, 0xD5, 0x50, 0xC3, 0xB1, 0xFC, 0x65, 0x83, 0x0B, 0xA4, 0x81, 0xCC },
+    { 0x7A, 0xC3, 0x24, 0x74, 0xC9, 0xC4, 0x86, 0x87, 0x0A, 0xA9, 0x6B, 0x6A, 0x8E, 0x23, 0x34, 0x2B, 0x9B, 0x32, 0xC4, 0xB2, 0x4F, 0xF6, 0xA8, 0xAA, 0x28, 0xAB, 0xB2, 0xB6, 0xE3, 0x60, 0xCC, 0xFB },
+    { 0x3A, 0x58, 0xF2, 0xFD, 0xD7, 0xF6, 0x5E, 0x53, 0xB0, 0x67, 0xBA, 0x21, 0xA8, 0x95, 0x9A, 0x5D, 0x5C, 0x8A, 0x87, 0xE5, 0x65, 0xE1, 0x43, 0x24, 0xED, 0xA8, 0x78, 0xD6, 0xDF, 0xA8, 0x44, 0xA7 },
+    { 0x83, 0x8E, 0x63, 0x3C, 0xAA, 0xD4, 0x84, 0x8F, 0x4C, 0xDD, 0xF4, 0xCF, 0x4B, 0x13, 0xC0, 0x2F, 0x51, 0xBB, 0x20, 0xB8, 0x80, 0x00, 0x82, 0xB5, 0xBB, 0x61, 0x82, 0xC9, 0x56, 0x84, 0x37, 0x93 },
+    { 0xA6, 0x2B, 0x1F, 0x26, 0x30, 0x9F, 0xD5, 0x69, 0x0E, 0x74, 0x80, 0xCE, 0x4F, 0x73, 0x54, 0x41, 0x37, 0x45, 0x3B, 0x65, 0xB7, 0x98, 0x8F, 0x89, 0x42, 0xF3, 0x58, 0x68, 0x4B, 0xA2, 0xBD, 0x00 },
+    { 0x4B, 0x23, 0xBD, 0xD6, 0x13, 0x7E, 0x71, 0x3F, 0xB6, 0xB7, 0xA6, 0xB4, 0x1D, 0xE3, 0xF8, 0x4D, 0xD5, 0xFF, 0x9E, 0x8F, 0xD5, 0xFF, 0xA4, 0x2E, 0x08, 0x7D, 0xCA, 0x68, 0x42, 0x51, 0xDC, 0xBB },
+    { 0x31, 0x29, 0x40, 0x55, 0x42, 0x9B, 0xD5, 0x15, 0xB5, 0xD0, 0x3B, 0xA2, 0x1A, 0x6D, 0xD4, 0xBF, 0xB2, 0xFD, 0xC1, 0xB6, 0x87, 0xF7, 0x6A, 0xBA, 0x26, 0x22, 0x4D, 0x57, 0x0C, 0x68, 0x2D, 0xBA },
+    { 0x8D, 0x56, 0x1F, 0x71, 0x1F, 0xDF, 0x4A, 0x47, 0xF2, 0x95, 0x20, 0x7F, 0x4B, 0x1C, 0x06, 0x5A, 0x20, 0x52, 0xF6, 0x7A, 0xE0, 0x0D, 0xD7, 0xC6, 0x08, 0x2E, 0xA7, 0x38, 0xF5, 0xD0, 0x5F, 0x46 },
+    { 0xBF, 0xE2, 0x1C, 0xF8, 0x2A, 0x36, 0x29, 0xB8, 0x44, 0xD8, 0x6A, 0x55, 0x27, 0x0F, 0x0D, 0x0C, 0x05, 0xE1, 0xED, 0xD9, 0x4F, 0x41, 0xF5, 0x59, 0x52, 0xBC, 0x6E, 0xC8, 0xC8, 0xD1, 0xFE, 0x7E },
+    { 0x0F, 0x6E, 0xEF, 0xA1, 0xAB, 0x35, 0xA1, 0x6F, 0x68, 0x5C, 0x7F, 0x55, 0xBB, 0x21, 0xB7, 0x1E, 0x94, 0x77, 0x85, 0x29, 0x8A, 0x68, 0xE8, 0x44, 0xA4, 0x88, 0x32, 0xB9, 0xAD, 0x61, 0xDB, 0x24 },
+    { 0x10, 0x2B, 0x4D, 0x9A, 0x10, 0xE9, 0x91, 0x00, 0xB6, 0xFF, 0x47, 0x02, 0x6B, 0xFD, 0x97, 0xAF, 0x02, 0x25, 0xC7, 0xF4, 0xEB, 0xF4, 0x3A, 0xCD, 0xDD, 0x02, 0xDB, 0x83, 0x18, 0x31, 0xBC, 0xB2 },
+    { 0xA2, 0x16, 0xEF, 0x79, 0x8F, 0xDB, 0xB8, 0x95, 0xE0, 0xB4, 0x81, 0x5D, 0xB6, 0xC5, 0x23, 0x03, 0x85, 0x7F, 0xF1, 0x2C, 0x3E, 0xA6, 0xDD, 0x57, 0x98, 0x68, 0x38, 0x77, 0x10, 0x7C, 0x5F, 0x27 },
+    { 0xCA, 0x8C, 0x06, 0x7D, 0x13, 0x6D, 0x74, 0x44, 0x33, 0x44, 0x7C, 0xF3, 0xE9, 0x3E, 0x3D, 0xA1, 0x66, 0x3F, 0xA4, 0x41, 0x5D, 0xB8, 0xEF, 0xF8, 0x83, 0x37, 0x12, 0x85, 0x52, 0xC2, 0xD1, 0x2E },
+    { 0x16, 0x1C, 0x1B, 0x01, 0xCF, 0x17, 0xBB, 0x7C, 0x0B, 0xDA, 0xE1, 0x93, 0x20, 0x2C, 0x63, 0xCE, 0x65, 0xAE, 0x65, 0x28, 0x0E, 0xF4, 0xB7, 0x03, 0xB6, 0x32, 0x21, 0x5B, 0x3E, 0xDE, 0x83, 0x72 },
+    { 0xDB, 0x08, 0xDE, 0x97, 0xB4, 0x40, 0x74, 0x57, 0x34, 0x22, 0xE9, 0x08, 0x15, 0x31, 0x6D, 0x77, 0x35, 0x57, 0xF2, 0x06, 0xD8, 0x74, 0x58, 0x93, 0x94, 0xD9, 0xAB, 0xA9, 0x75, 0xF9, 0x04, 0x64 },
+    { 0x69, 0x13, 0x38, 0xEC, 0x05, 0x25, 0xA0, 0xC3, 0xC8, 0x0E, 0x80, 0x16, 0x95, 0xAD, 0x1B, 0x96, 0x09, 0xE1, 0x2D, 0xAC, 0x22, 0x2C, 0xE6, 0x7C, 0xDB, 0xC5, 0x07, 0x9F, 0xCF, 0xB8, 0xF0, 0x7B },
+    { 0x15, 0xC6, 0x38, 0xE6, 0x56, 0xD3, 0x11, 0xCE, 0xC1, 0x14, 0xAE, 0xCD, 0xEC, 0x20, 0xB4, 0xD6, 0x1F, 0x9F, 0x8C, 0xE4, 0xA6, 0x37, 0x7B, 0x9D, 0xE9, 0x81, 0x64, 0xF6, 0xD4, 0xD7, 0xBC, 0xC4 },
+    { 0xB1, 0x80, 0x49, 0x82, 0x71, 0x2D, 0x94, 0xF9, 0xE3, 0x0A, 0x06, 0x4C, 0x1C, 0xBE, 0x69, 0x1E, 0xD6, 0x6E, 0xFD, 0x98, 0x47, 0x9F, 0x37, 0x22, 0xE0, 0x11, 0x9D, 0xB1, 0x7E, 0x78, 0x17, 0xB4 },
+    { 0x99, 0x8C, 0x91, 0x57, 0x6B, 0x32, 0x40, 0x0F, 0xC1, 0x5E, 0x7C, 0x71, 0xAC, 0x17, 0x29, 0x8C, 0x24, 0xB5, 0xA8, 0x34, 0x94, 0xB4, 0x68, 0x98, 0x54, 0x3C, 0x7E, 0xCE, 0x90, 0x70, 0x68, 0x4C },
+    { 0x27, 0xED, 0x5F, 0x49, 0x50, 0x7B, 0xB0, 0xDF, 0x1F, 0xD5, 0xA0, 0x80, 0x2F, 0xFC, 0xF4, 0x15, 0xA5, 0x01, 0x72, 0xB0, 0xB9, 0x76, 0x02, 0x72, 0xE4, 0xFD, 0x29, 0x35, 0xC2, 0xC9, 0x39, 0x18 },
+    { 0x3B, 0xD6, 0xD9, 0x4B, 0xC4, 0xDC, 0x4A, 0x9E, 0x85, 0xB5, 0xC8, 0xF1, 0x72, 0x10, 0x92, 0xCE, 0x7E, 0x3B, 0x3B, 0xA3, 0xDF, 0x2C, 0x2F, 0x19, 0x42, 0xAB, 0x41, 0x23, 0x56, 0x9B, 0x2A, 0x40 },
+    { 0xA8, 0xD9, 0x7C, 0x2B, 0xB8, 0x45, 0x52, 0x7F, 0xF1, 0x84, 0xDE, 0x12, 0xF3, 0xB2, 0x65, 0xD7, 0x74, 0xA8, 0x35, 0x3E, 0x16, 0xEB, 0x60, 0xF4, 0xFC, 0xA3, 0x86, 0x2B, 0xE9, 0x87, 0x53, 0x6A },
+    { 0x41, 0x32, 0xDC, 0xE2, 0x10, 0x57, 0x04, 0xC9, 0x71, 0x38, 0x73, 0x1E, 0x82, 0xD9, 0xF3, 0x49, 0xB9, 0xF9, 0xD0, 0xDA, 0xC5, 0xEA, 0xC3, 0xDA, 0x9B, 0xEA, 0x9C, 0x45, 0xC4, 0x98, 0xE7, 0x54 },
+    { 0xAA, 0x25, 0xD7, 0x85, 0x78, 0x3A, 0x39, 0xE5, 0x88, 0xE6, 0xE4, 0xD9, 0x09, 0x34, 0x78, 0x0C, 0x88, 0xD2, 0x99, 0xD4, 0x3D, 0x67, 0x1E, 0xC0, 0xFE, 0xBB, 0x3B, 0xA6, 0x9A, 0xF4, 0x92, 0x2D },
+    { 0xC4, 0xAA, 0x56, 0x76, 0xC1, 0x7D, 0x30, 0xBA, 0x35, 0x37, 0x8F, 0x03, 0x91, 0xE9, 0xE5, 0xA1, 0xEB, 0xFC, 0xA8, 0x03, 0xE2, 0x6A, 0x76, 0xF7, 0xD6, 0x5E, 0x50, 0xF2, 0x64, 0x57, 0x41, 0x1B },
+    { 0xA2, 0xAE, 0xB7, 0x41, 0xD0, 0xD9, 0xD6, 0x21, 0x59, 0x18, 0x7A, 0x05, 0x2E, 0xBB, 0xBB, 0xCF, 0x7D, 0xD6, 0xC6, 0x87, 0x87, 0xDD, 0x39, 0xD0, 0x64, 0xF2, 0xA1, 0xE8, 0x3C, 0xFE, 0x87, 0xEF },
+    { 0xFA, 0xAE, 0xE8, 0xDD, 0x0C, 0x53, 0x92, 0xC9, 0x0C, 0xE4, 0x5C, 0x4F, 0x41, 0xE5, 0x0C, 0xAE, 0x6B, 0x78, 0xFE, 0x91, 0xD4, 0x2C, 0xF4, 0x07, 0xB0, 0xCA, 0x4D, 0x6F, 0x50, 0x87, 0xA5, 0xB5 },
+    { 0x6C, 0x3B, 0xE8, 0xB6, 0x55, 0x71, 0x0A, 0x7B, 0xEF, 0x08, 0x73, 0x68, 0x06, 0x3B, 0x11, 0x3F, 0x6F, 0xF3, 0x3A, 0xBB, 0x02, 0x5D, 0xEA, 0x8B, 0xB1, 0x43, 0x1B, 0xB4, 0x72, 0x4D, 0x6A, 0x2C },
+    { 0x36, 0x07, 0xE8, 0x69, 0x66, 0x98, 0x8E, 0x87, 0x9C, 0x7A, 0x70, 0x76, 0x75, 0x7C, 0x93, 0x20, 0xF7, 0x93, 0x3F, 0x96, 0xC1, 0x80, 0x90, 0xF2, 0x2C, 0x54, 0xAA, 0x65, 0x9C, 0xEA, 0xAB, 0xAD },
+    { 0xB2, 0x7F, 0xEA, 0x26, 0x17, 0x16, 0x63, 0x58, 0x8D, 0xC3, 0x61, 0x9A, 0x4B, 0x36, 0x2A, 0x38, 0x96, 0x77, 0xFA, 0x1B, 0x28, 0x0F, 0x93, 0xD0, 0x12, 0xC2, 0x1A, 0x55, 0xF7, 0x2F, 0x60, 0xD1 },
+    { 0x00, 0x51, 0xF1, 0x55, 0x1E, 0x6F, 0x30, 0x8D, 0x4B, 0xEE, 0xA7, 0xA0, 0x39, 0x73, 0xE6, 0xB9, 0x56, 0xF2, 0x8A, 0xC6, 0x57, 0xEF, 0x85, 0x2F, 0xF1, 0x7A, 0xB3, 0xC9, 0x27, 0x99, 0xEC, 0xAD },
+    { 0x7C, 0x9C, 0x80, 0x8F, 0x6E, 0x4A, 0x12, 0xF4, 0x13, 0xAD, 0x52, 0xE8, 0xAF, 0x77, 0x24, 0xD8, 0xF5, 0x9B, 0xF5, 0xE6, 0x62, 0xD6, 0xF6, 0xC8, 0x50, 0x8F, 0x93, 0xA0, 0x5C, 0x74, 0x23, 0xE5 },
+    { 0xF5, 0x50, 0xEC, 0x9B, 0xAC, 0x06, 0x3B, 0x87, 0x67, 0xB8, 0xA2, 0xEA, 0xDD, 0xDB, 0x4B, 0xE4, 0xC7, 0xF1, 0x06, 0xAE, 0xDE, 0x97, 0xFC, 0x53, 0x1F, 0x6D, 0x83, 0x74, 0xC2, 0x03, 0x27, 0x9B },
+    { 0xB4, 0x46, 0x3D, 0x5B, 0x7C, 0xBC, 0xFD, 0x19, 0xBC, 0xA5, 0x74, 0x32, 0xB0, 0x1F, 0xA7, 0xD9, 0x80, 0x8E, 0x7E, 0xD2, 0x08, 0x37, 0xF2, 0xAD, 0x73, 0x26, 0x86, 0x86, 0xD2, 0x66, 0x73, 0xB3 },
+    { 0x0A, 0xD5, 0x02, 0x63, 0xC4, 0x5B, 0xE8, 0x58, 0x99, 0x90, 0xDB, 0x8A, 0xEA, 0x8A, 0x41, 0x9F, 0xF9, 0x05, 0x72, 0xB3, 0x32, 0x42, 0x49, 0xEA, 0x20, 0x16, 0x89, 0xA2, 0x01, 0x56, 0x45, 0xC3 },
+    { 0xB1, 0x7D, 0x30, 0xB7, 0xCE, 0x5A, 0x37, 0xBE, 0x9D, 0x01, 0xC6, 0x50, 0x97, 0xBA, 0x63, 0x3E, 0x95, 0xD6, 0x48, 0x00, 0xBA, 0x8B, 0xA7, 0x9F, 0x69, 0x31, 0xF0, 0xF7, 0x9B, 0x07, 0x0F, 0xDD },
+    { 0xDC, 0x4C, 0xD7, 0x19, 0x8F, 0xBE, 0xBB, 0xEA, 0x5E, 0xC7, 0xE4, 0x60, 0xF7, 0xF6, 0xE1, 0xE5, 0x61, 0x15, 0x3C, 0x57, 0x6C, 0xAD, 0x8A, 0x33, 0x6B, 0xF9, 0x99, 0xFA, 0xD6, 0xC3, 0xE6, 0x4A },
+    { 0xE0, 0x6A, 0x33, 0x02, 0x58, 0xE4, 0x39, 0x26, 0x41, 0x1D, 0xB6, 0x27, 0xBE, 0x62, 0x4E, 0xF2, 0x91, 0x91, 0x44, 0xB7, 0xA3, 0x4B, 0x72, 0x07, 0x55, 0x39, 0xBE, 0x4E, 0x35, 0xDC, 0x36, 0xEC },
+    { 0x21, 0x24, 0x05, 0x2C, 0xCA, 0x1E, 0x81, 0xEF, 0x39, 0xC7, 0x6F, 0x56, 0x23, 0xE8, 0x75, 0x67, 0x0C, 0x9C, 0x1C, 0x7A, 0x38, 0x91, 0xE5, 0xA7, 0xDF, 0x64, 0x57, 0x8C, 0x5A, 0xB4, 0x24, 0x37 },
+    { 0x6E, 0xE0, 0x35, 0x7A, 0xE3, 0xC7, 0x1A, 0x3C, 0x79, 0xE3, 0x60, 0xE3, 0xA4, 0xF0, 0xC2, 0x31, 0x01, 0xBF, 0x10, 0x42, 0xB1, 0xCE, 0xDA, 0xC6, 0x44, 0x99, 0x6F, 0xCD, 0x26, 0x08, 0x7F, 0xF9 },
+    { 0x75, 0xB5, 0x0D, 0x34, 0xD8, 0xD3, 0x49, 0x04, 0xED, 0x49, 0xCE, 0x12, 0x1A, 0x5A, 0xC5, 0x41, 0xA4, 0xB4, 0x86, 0x98, 0x49, 0x57, 0xD0, 0x20, 0x4B, 0xA2, 0x16, 0xDF, 0x49, 0xB2, 0xA0, 0xB9 },
+    { 0xAF, 0xFE, 0xF6, 0xFE, 0xC7, 0xA0, 0x39, 0xE8, 0x55, 0x2B, 0xF5, 0x0C, 0xC4, 0xB2, 0x55, 0x27, 0x7F, 0x47, 0xBE, 0xEB, 0x5B, 0x7F, 0x01, 0xDE, 0x95, 0x51, 0x66, 0xB4, 0x19, 0x2F, 0x40, 0xE6 },
+    { 0xFE, 0xD8, 0x44, 0xBF, 0x7B, 0x45, 0x40, 0xB9, 0x60, 0x03, 0x37, 0x4D, 0x23, 0xF3, 0x27, 0x6D, 0x25, 0xB7, 0xAA, 0xBC, 0x3C, 0xF2, 0x1B, 0xB6, 0x21, 0x9B, 0xB4, 0x14, 0x50, 0x30, 0xD7, 0x70 },
+    { 0xF1, 0x4A, 0x1E, 0xCD, 0xBD, 0x04, 0x47, 0xCE, 0x7D, 0x5A, 0x2D, 0xFE, 0xEC, 0x7C, 0xB2, 0x14, 0x9A, 0x72, 0xAD, 0x2A, 0xE5, 0x40, 0x0B, 0xD1, 0x42, 0x57, 0x01, 0xCE, 0x5A, 0x48, 0xF8, 0x6D },
+    { 0xBD, 0x42, 0xBE, 0x49, 0x52, 0x38, 0xA0, 0x00, 0x88, 0x69, 0x2F, 0x65, 0xE4, 0x7D, 0xD9, 0xE2, 0xB8, 0x22, 0xAA, 0x86, 0x16, 0xEA, 0xD1, 0x17, 0x99, 0xF6, 0x0E, 0x62, 0x87, 0x04, 0x2A, 0xA9 },
+    { 0xB7, 0xCD, 0x36, 0xE6, 0x75, 0x8B, 0x5F, 0xE1, 0x6B, 0xFE, 0xDF, 0x6D, 0xF7, 0xF4, 0xFF, 0xFC, 0xBF, 0x76, 0x51, 0x39, 0xE7, 0xCD, 0x05, 0x68, 0x09, 0x26, 0xEF, 0xCA, 0xC3, 0xD2, 0x3E, 0x27 },
+    { 0x2F, 0xC5, 0x59, 0x4E, 0x86, 0x5C, 0x68, 0xD5, 0xEB, 0xD2, 0x73, 0x42, 0xB8, 0x9D, 0x43, 0xA9, 0x1B, 0x08, 0x1C, 0x6B, 0x47, 0x06, 0x6F, 0xC9, 0x49, 0xB2, 0x48, 0xE6, 0x04, 0x46, 0x9B, 0xF3 },
+    { 0x7C, 0x8E, 0x9D, 0xED, 0x13, 0x97, 0x76, 0xE3, 0x8F, 0x4C, 0x3E, 0x35, 0x70, 0x75, 0x5B, 0x55, 0x5D, 0x34, 0x9F, 0xEC, 0xB5, 0x9F, 0x4E, 0x46, 0xB8, 0x6F, 0x45, 0xF2, 0xF2, 0x39, 0x47, 0x98 },
+    { 0xE2, 0x18, 0x85, 0x63, 0x54, 0xA2, 0x62, 0x86, 0xC6, 0xA6, 0xCE, 0x14, 0x54, 0x00, 0x7A, 0xDC, 0x7E, 0x3C, 0x7C, 0x18, 0xA0, 0xFB, 0xDB, 0xD3, 0xD3, 0xCF, 0xBF, 0x0C, 0xDA, 0x59, 0x22, 0xBB },
+    { 0xC0, 0x18, 0xA3, 0x61, 0x24, 0x34, 0x4E, 0x7C, 0x12, 0x54, 0xF5, 0x56, 0xA9, 0xE2, 0x8F, 0xF8, 0xA4, 0xF2, 0x90, 0xF5, 0x29, 0x43, 0x37, 0xDD, 0xEB, 0x77, 0x3D, 0xAC, 0xD9, 0x7D, 0x89, 0x0C },
+    { 0x9B, 0x82, 0xCF, 0xAE, 0x94, 0x42, 0xCA, 0x86, 0x09, 0x8A, 0xC8, 0xB6, 0xF2, 0x9C, 0xB4, 0x9F, 0x5C, 0x87, 0x95, 0xEF, 0x16, 0xD4, 0xEC, 0xD8, 0x8C, 0x8C, 0x2D, 0x14, 0x1A, 0xD3, 0x23, 0x40 },
+    { 0xC4, 0x1A, 0x67, 0x6F, 0x6F, 0xED, 0x49, 0x8A, 0x38, 0xFB, 0x51, 0x5C, 0x34, 0x1F, 0x3F, 0xAD, 0x20, 0xF8, 0xF5, 0xE5, 0xC8, 0x4A, 0xE2, 0xBA, 0x9E, 0x79, 0x72, 0x8C, 0x9F, 0x3F, 0x65, 0x7F },
+    { 0xBD, 0x01, 0xB1, 0x67, 0x47, 0xD5, 0xA2, 0x48, 0x33, 0xA7, 0xAA, 0xE8, 0x25, 0x3F, 0x2A, 0x48, 0xA9, 0xFF, 0xB0, 0x42, 0x9E, 0x23, 0x70, 0x01, 0x3A, 0xFC, 0x6B, 0x5B, 0x74, 0x22, 0x16, 0xCB },
+    { 0x70, 0x8E, 0x9A, 0xC3, 0x67, 0xAB, 0x1F, 0x7A, 0x91, 0x09, 0x20, 0xCF, 0x90, 0x87, 0x81, 0xAA, 0xDF, 0x04, 0x2A, 0xAE, 0x44, 0xA2, 0xF2, 0x91, 0xBB, 0x77, 0x82, 0xB2, 0xEF, 0xDD, 0xAE, 0x46 },
+    { 0xBF, 0xF7, 0xD1, 0xEB, 0xB9, 0x82, 0x51, 0x5E, 0xE4, 0xB0, 0xA5, 0x4C, 0x6A, 0x29, 0xA0, 0x4E, 0xBF, 0x84, 0xAF, 0xDC, 0x48, 0xCA, 0xB2, 0x4C, 0x94, 0xB4, 0x0E, 0xB9, 0x40, 0xE9, 0xDE, 0x0D },
+    { 0xC7, 0x12, 0x81, 0xB3, 0xFD, 0xF8, 0x46, 0x77, 0x74, 0xE6, 0xEE, 0xF1, 0xC8, 0xA0, 0x46, 0xF2, 0xA9, 0xD4, 0x29, 0xAE, 0xBE, 0x34, 0x3C, 0xB6, 0x70, 0x62, 0xC1, 0xAE, 0x9D, 0xA4, 0x63, 0x3D },
+    { 0xFE, 0x3C, 0x1E, 0xA3, 0x85, 0x6D, 0x98, 0x6C, 0xEB, 0xD8, 0x4A, 0x4F, 0x6E, 0xDE, 0x41, 0x61, 0x15, 0x02, 0xAA, 0xB7, 0x11, 0xEB, 0x58, 0xAF, 0xA1, 0xA2, 0xAF, 0xCF, 0xE0, 0x0B, 0x00, 0xB0 },
+    { 0xA9, 0x04, 0x4C, 0xE7, 0xB7, 0xFD, 0x2E, 0xC3, 0x00, 0xC6, 0xB0, 0x70, 0xE1, 0xEA, 0x0D, 0x71, 0xF4, 0x0E, 0x67, 0x54, 0x2A, 0x45, 0xA0, 0x55, 0x59, 0xA7, 0xCD, 0xF7, 0x2F, 0xB8, 0x43, 0x28 },
+    { 0xBF, 0xF0, 0xA7, 0x2F, 0x4F, 0x57, 0x80, 0x0B, 0xF3, 0x44, 0xFB, 0x57, 0x94, 0xC3, 0x33, 0xAC, 0xB2, 0xB9, 0x91, 0x74, 0xC3, 0xAB, 0x10, 0xF8, 0x8E, 0xB1, 0x98, 0xE3, 0x44, 0xED, 0x50, 0x26 },
+    { 0xD5, 0xC6, 0x14, 0x55, 0x4D, 0x87, 0x2A, 0xE4, 0x05, 0x61, 0xAB, 0xC1, 0xDC, 0x3A, 0x80, 0xCC, 0xFE, 0xFD, 0x21, 0x66, 0x95, 0x4F, 0x08, 0x76, 0x29, 0x35, 0x95, 0xE4, 0x0E, 0xC3, 0xB0, 0x8C },
+    { 0xF6, 0xB9, 0x85, 0xAE, 0x6F, 0xE9, 0x61, 0x53, 0x55, 0x52, 0xB0, 0x40, 0x9A, 0x99, 0x97, 0x1C, 0x54, 0xEF, 0x22, 0x88, 0x4F, 0x5B, 0x3A, 0x32, 0x48, 0x2B, 0x8E, 0xE8, 0x16, 0xEA, 0x03, 0x8E },
+    { 0x5B, 0xAB, 0xDF, 0x61, 0x79, 0xA0, 0xC3, 0xD2, 0x4A, 0x4B, 0xAC, 0xFE, 0xEB, 0x8B, 0x11, 0x42, 0xCC, 0xB7, 0x32, 0xF2, 0x9C, 0xC5, 0x15, 0x51, 0xA4, 0x89, 0xB0, 0x01, 0x7E, 0xE5, 0x3D, 0x51 },
+    { 0x1F, 0xBB, 0x58, 0xDF, 0xBF, 0x0B, 0x9D, 0x97, 0x5E, 0xBE, 0x81, 0xE7, 0x55, 0xD9, 0x8C, 0x72, 0xDE, 0x73, 0xAC, 0xEA, 0xF3, 0xD6, 0x72, 0x96, 0xF8, 0x1B, 0x78, 0xB2, 0x8D, 0x55, 0x16, 0x1B },
+    { 0xC8, 0xCD, 0x6A, 0xDA, 0xE5, 0xA8, 0xB1, 0x00, 0xF8, 0xF1, 0xCF, 0xA3, 0x6E, 0x2E, 0x39, 0x6A, 0xD0, 0x02, 0x8B, 0xAE, 0x5A, 0x92, 0xF5, 0x1B, 0xB7, 0x3B, 0xC0, 0x38, 0x34, 0x24, 0xDA, 0xC0 },
+    { 0x44, 0x0E, 0x0F, 0x91, 0xCD, 0x40, 0xC6, 0x3A, 0x56, 0x6E, 0x14, 0xB3, 0x40, 0xD5, 0x65, 0x02, 0x00, 0x23, 0x57, 0xF7, 0xB8, 0x83, 0xA5, 0xDE, 0xEC, 0xBD, 0x8A, 0xAD, 0xA9, 0xE2, 0x9D, 0xC8 },
+    { 0x17, 0xF5, 0xA0, 0x14, 0xF7, 0xC2, 0xCD, 0xBB, 0x37, 0x34, 0x64, 0xD8, 0x26, 0xF6, 0xD2, 0x21, 0xE1, 0x25, 0x62, 0xA9, 0x6E, 0xA2, 0xC8, 0xD3, 0x6A, 0xDF, 0xE4, 0xBB, 0xCF, 0x5B, 0x60, 0x03 },
+    { 0x02, 0xB7, 0x7B, 0xBC, 0xAF, 0xA2, 0x02, 0xDE, 0xB8, 0xA4, 0x59, 0x5F, 0x00, 0x9D, 0x4C, 0x16, 0xE3, 0xE9, 0x9D, 0xD7, 0x2E, 0x9E, 0xFC, 0xFF, 0x63, 0x26, 0x66, 0x18, 0xD1, 0x5A, 0xB7, 0x1E },
+    { 0x1A, 0x7F, 0xD6, 0xD1, 0x5A, 0xF9, 0x81, 0x37, 0xB3, 0x7C, 0xD2, 0x44, 0xAA, 0x57, 0x20, 0xA9, 0xEA, 0x16, 0xD6, 0x54, 0x86, 0x94, 0x33, 0x5B, 0xD0, 0xEC, 0x41, 0xCF, 0x4A, 0x77, 0xA5, 0xD3 },
+    { 0x97, 0xB4, 0x5D, 0x99, 0xCD, 0x21, 0xE1, 0xB1, 0x07, 0x3F, 0xEF, 0x00, 0x4F, 0x80, 0x07, 0x23, 0x00, 0x53, 0x19, 0x92, 0xDF, 0xB8, 0x89, 0x48, 0xB1, 0x7C, 0xD6, 0xDA, 0xBA, 0x3E, 0x84, 0x17 },
+    { 0x16, 0xC5, 0xC9, 0xB5, 0x76, 0xBF, 0xF4, 0xFA, 0xE0, 0x5F, 0xC1, 0x4F, 0xB3, 0x60, 0x02, 0x3B, 0x4C, 0xE9, 0xC7, 0x3D, 0x07, 0x88, 0x5E, 0xE1, 0x08, 0xB2, 0x3E, 0x2D, 0x71, 0x7E, 0x6C, 0x04 },
+    { 0x55, 0xC4, 0x43, 0xDC, 0x1F, 0x1E, 0xBD, 0x7C, 0x83, 0x47, 0x06, 0x3F, 0x5E, 0xB3, 0x0C, 0xE0, 0x54, 0xE5, 0x8F, 0x6E, 0xD3, 0x12, 0x53, 0xE8, 0x1D, 0x30, 0xB5, 0xD9, 0x82, 0xA1, 0xB3, 0x81 },
+    { 0x6B, 0x8F, 0x18, 0x0B, 0x6C, 0x98, 0x35, 0xD0, 0x67, 0x01, 0xD8, 0xF2, 0x2E, 0xAE, 0xD3, 0xC8, 0x4F, 0xF5, 0x84, 0xA6, 0x7C, 0x56, 0xC2, 0x51, 0x17, 0xCB, 0x7A, 0x86, 0x86, 0x3E, 0x46, 0x06 },
+    { 0xEB, 0xA8, 0xA9, 0xC2, 0x66, 0x16, 0xBA, 0x17, 0xDE, 0x28, 0xE9, 0x82, 0x48, 0xA3, 0x87, 0x84, 0x3A, 0xEE, 0x00, 0x3B, 0x4D, 0x98, 0x4D, 0x19, 0x2C, 0x81, 0xE4, 0x31, 0xA1, 0xAF, 0x5A, 0xB2 },
+    { 0xA1, 0x80, 0x9A, 0x61, 0x79, 0xAD, 0xC6, 0x06, 0x7E, 0xDD, 0x81, 0x01, 0x23, 0xAD, 0x2B, 0x59, 0x0B, 0xFD, 0x71, 0xEC, 0x0E, 0xBA, 0xAF, 0xFB, 0xA2, 0xCD, 0x56, 0x41, 0x4F, 0x3F, 0xDB, 0x5D },
+    { 0x29, 0xF3, 0xDB, 0xF7, 0x0F, 0xED, 0x14, 0xBC, 0x2B, 0x4C, 0x95, 0x03, 0xCF, 0xFF, 0x7F, 0x7F, 0xC4, 0x5C, 0x9D, 0x47, 0xA8, 0x59, 0x5F, 0xCD, 0x1B, 0x6C, 0x4A, 0x48, 0x46, 0xAF, 0x95, 0x05 },
+    { 0xEC, 0x21, 0x6E, 0xF1, 0xE9, 0x02, 0xD1, 0x18, 0xAF, 0x0F, 0xC2, 0xDD, 0x6E, 0xD3, 0xB5, 0xAB, 0x5D, 0xF2, 0x60, 0x0E, 0x7B, 0xB3, 0xA7, 0xE0, 0x09, 0x6C, 0xF2, 0x0B, 0x93, 0x3E, 0xCC, 0x0A },
+    { 0xC9, 0x78, 0x6A, 0x90, 0xC9, 0xDD, 0x20, 0x2E, 0x08, 0x66, 0x64, 0x6F, 0x53, 0x93, 0xE3, 0x23, 0xB4, 0x2C, 0xC8, 0x77, 0xD0, 0x4C, 0x35, 0xBF, 0x1F, 0x5E, 0x66, 0xC0, 0xC5, 0x0B, 0xD4, 0x1E },
+    { 0x92, 0x17, 0xD7, 0x92, 0xE4, 0x81, 0x98, 0xAA, 0x29, 0x30, 0x03, 0x3D, 0x54, 0x3E, 0x12, 0xDE, 0x1A, 0x77, 0x46, 0x44, 0x51, 0xFC, 0x3C, 0x3C, 0x2E, 0xAB, 0xE9, 0x9C, 0xEA, 0x33, 0xC3, 0xCA },
+    { 0xE1, 0x02, 0xF6, 0xB9, 0x59, 0x7D, 0xE4, 0xDC, 0x12, 0x89, 0xB7, 0x0A, 0x1B, 0xFC, 0xD5, 0xC0, 0xC8, 0x51, 0x1A, 0x88, 0x78, 0x86, 0x64, 0xE2, 0x65, 0x04, 0xF4, 0x12, 0xAC, 0xF4, 0x30, 0xF0 },
+    { 0xFA, 0xCE, 0x40, 0x47, 0xFE, 0x38, 0x83, 0xD4, 0xB6, 0x22, 0x9C, 0xF1, 0x8A, 0x4B, 0xEA, 0x6E, 0x81, 0x1C, 0xD4, 0x4A, 0x88, 0x1B, 0x22, 0x69, 0x5C, 0x4C, 0xD6, 0x98, 0xE5, 0x42, 0xC5, 0x5C },
+    { 0x9D, 0x17, 0x5D, 0x76, 0xB8, 0xA4, 0x27, 0x12, 0x4A, 0xFF, 0xC4, 0x3C, 0x2E, 0x8B, 0x17, 0xD5, 0x3E, 0xCC, 0xDB, 0x2B, 0xFB, 0x47, 0x53, 0x82, 0x11, 0x99, 0x8D, 0x20, 0x6D, 0x90, 0x3A, 0x5F },
+    { 0x9D, 0x3B, 0xDC, 0xA3, 0xF3, 0x28, 0xEF, 0x66, 0xCB, 0xB1, 0x84, 0xD6, 0xD2, 0xE8, 0xBC, 0x71, 0x71, 0x9E, 0x26, 0xFF, 0x75, 0xCB, 0x79, 0x28, 0x0B, 0x3B, 0x20, 0xE8, 0x16, 0x68, 0x26, 0xF9 },
+    { 0x0D, 0xA1, 0x29, 0x3E, 0x4E, 0xDB, 0xD5, 0x22, 0x3F, 0x40, 0xD1, 0xAF, 0x51, 0xAC, 0x59, 0x83, 0x8C, 0xBD, 0xDD, 0x85, 0xE8, 0x0F, 0x92, 0xF1, 0xCA, 0x7B, 0xE9, 0x06, 0x21, 0x4C, 0x86, 0x19 },
+    { 0x7F, 0x0C, 0x9D, 0xE8, 0x49, 0xC6, 0x4E, 0x21, 0x67, 0xC3, 0x70, 0x81, 0x45, 0x90, 0x40, 0x53, 0x5D, 0x77, 0x48, 0x99, 0x5E, 0x39, 0xCD, 0x9E, 0x33, 0x23, 0x56, 0xF1, 0xD8, 0x89, 0x8C, 0x65 },
+    { 0xE3, 0x6A, 0x98, 0x30, 0x70, 0x54, 0xF9, 0x8F, 0xC1, 0x45, 0x4E, 0x37, 0x5E, 0xD0, 0x49, 0xDC, 0x24, 0x82, 0x78, 0x51, 0x5B, 0xFD, 0x5F, 0x2F, 0x40, 0xFE, 0xFC, 0x0C, 0x08, 0xA2, 0x1B, 0xE6 },
+    { 0xC6, 0x7A, 0xA4, 0xF8, 0x9F, 0xDE, 0xFE, 0xD2, 0x40, 0xBB, 0xE6, 0xBD, 0x11, 0x11, 0x30, 0xCD, 0x3B, 0xBC, 0x5B, 0xE1, 0x55, 0xA5, 0xD4, 0x9B, 0x43, 0xE3, 0x89, 0x47, 0xBF, 0x6C, 0x38, 0xD4 },
+    { 0xF1, 0x16, 0xD1, 0x8E, 0xAE, 0x30, 0x8E, 0x96, 0x1D, 0xE8, 0x73, 0x0F, 0x55, 0x33, 0xE9, 0xB2, 0x4E, 0x28, 0x5B, 0x8E, 0x4D, 0x48, 0xC8, 0x08, 0x2E, 0x41, 0x35, 0x3B, 0xE0, 0xFA, 0x7B, 0x0E },
+    { 0xA5, 0x8F, 0x42, 0x5A, 0x11, 0x52, 0xE8, 0xE2, 0xDD, 0x7C, 0x19, 0xA2, 0xE3, 0xBD, 0xF9, 0x8D, 0x38, 0x45, 0x53, 0x3D, 0x96, 0x0F, 0xD3, 0x54, 0xE0, 0x0E, 0x75, 0xFC, 0x6B, 0x43, 0x37, 0x3A },
+    { 0xB4, 0x85, 0x12, 0xC1, 0x42, 0x8C, 0xDD, 0xF9, 0x2A, 0xD5, 0xAC, 0x62, 0x19, 0x71, 0x74, 0xB7, 0xCC, 0x0B, 0x67, 0xEE, 0x57, 0x62, 0x06, 0x00, 0x8D, 0x6D, 0xB0, 0x97, 0x50, 0x34, 0xA0, 0x0C },
+    { 0x99, 0x2D, 0xA1, 0x75, 0x05, 0xDA, 0x6A, 0x73, 0xCD, 0xF1, 0x84, 0x18, 0xED, 0x50, 0x6E, 0xBF, 0x90, 0xAB, 0xB7, 0xE1, 0x77, 0x02, 0x2F, 0x8C, 0xCC, 0x49, 0x40, 0xE4, 0x15, 0x92, 0xF6, 0x6E },
+    { 0x6F, 0x75, 0x8E, 0xED, 0x58, 0x90, 0x4D, 0xCB, 0xA0, 0xAE, 0x6B, 0xE6, 0x2B, 0xFA, 0x2E, 0x8D, 0x73, 0x18, 0x15, 0xDC, 0x6B, 0x66, 0xB2, 0xC7, 0x3E, 0x23, 0xDC, 0x8A, 0x45, 0xA6, 0xAB, 0x61 },
+    { 0xC7, 0x82, 0x07, 0x97, 0x89, 0x16, 0x16, 0xDB, 0xE1, 0x11, 0xBF, 0xEF, 0x93, 0x65, 0xCB, 0xE4, 0x4F, 0x28, 0xA1, 0x91, 0x62, 0x15, 0xC0, 0x25, 0x0F, 0x6D, 0xE3, 0xB0, 0x58, 0xD4, 0xCE, 0x29 },
+    { 0x8E, 0xD6, 0xC7, 0x92, 0x04, 0xD4, 0x38, 0x22, 0x28, 0x43, 0x9A, 0xC4, 0x07, 0xC7, 0x56, 0xEE, 0x41, 0x17, 0x48, 0x8B, 0x34, 0xA7, 0x42, 0xEF, 0x83, 0x4B, 0xB2, 0xF8, 0x9D, 0xBF, 0x96, 0x25 },
+    { 0x75, 0x8B, 0xBD, 0x7B, 0xA5, 0xFC, 0x20, 0x4D, 0xDE, 0x6C, 0x3E, 0x5B, 0x3F, 0xA1, 0x9E, 0x14, 0xBA, 0x21, 0x4D, 0xE0, 0x95, 0x3D, 0x3E, 0x05, 0xB2, 0xF4, 0x19, 0x64, 0x1C, 0x2D, 0x12, 0xBE },
+    { 0x15, 0xEE, 0x19, 0xA1, 0x36, 0x9B, 0x01, 0xF3, 0x8F, 0x36, 0x3D, 0xDA, 0x95, 0x2A, 0x08, 0xAC, 0x38, 0x93, 0x62, 0xD6, 0xC5, 0x44, 0xBF, 0xCC, 0xF7, 0xF1, 0x75, 0x07, 0x4D, 0x72, 0x55, 0xD9 },
+    { 0x9B, 0x09, 0x25, 0xA7, 0x08, 0x1B, 0x75, 0xC2, 0xD9, 0x8E, 0xDA, 0x58, 0x43, 0x75, 0x19, 0x80, 0xB8, 0xB9, 0x54, 0xB0, 0x48, 0x83, 0x3A, 0x11, 0x37, 0x4E, 0x7F, 0x39, 0xC2, 0xC1, 0xCC, 0xCC },
+    { 0x82, 0x5C, 0x1D, 0x36, 0xF3, 0xB7, 0x37, 0xD6, 0x19, 0xAC, 0xB2, 0x8A, 0xE1, 0x8D, 0x99, 0xC2, 0x57, 0x50, 0x00, 0x86, 0x6D, 0x0C, 0x9D, 0xA4, 0x3B, 0x15, 0xCD, 0x9C, 0x9D, 0x66, 0x0E, 0xD0 },
+    { 0xDB, 0xF5, 0x2D, 0x4E, 0xFD, 0xC7, 0xF5, 0x04, 0xD0, 0x60, 0x38, 0xA1, 0xAF, 0x7F, 0x79, 0xB4, 0x73, 0x75, 0x9E, 0x4C, 0x48, 0xA1, 0x4A, 0x97, 0xE6, 0x36, 0x11, 0x86, 0x9F, 0xC8, 0xD7, 0x4E },
+    { 0x73, 0x6D, 0xC4, 0x1F, 0xCA, 0x7A, 0x64, 0xB5, 0xEA, 0xC4, 0x99, 0x0E, 0x1F, 0x43, 0x98, 0xB5, 0xC4, 0xC7, 0x51, 0x62, 0x11, 0x08, 0x28, 0x6A, 0x3E, 0xE7, 0xC1, 0x06, 0xDD, 0x33, 0xB0, 0x83 },
+    { 0x73, 0xA4, 0x5C, 0x6F, 0x90, 0xE3, 0x24, 0x91, 0xBA, 0x64, 0x80, 0x63, 0x44, 0x1F, 0xE0, 0x3C, 0x32, 0x9F, 0x3F, 0x2D, 0x3C, 0x9E, 0xA3, 0x0B, 0x58, 0x81, 0x36, 0x83, 0x19, 0x2A, 0x8A, 0x42 },
+    { 0x93, 0x0F, 0x89, 0x8F, 0x48, 0xB3, 0xCA, 0xF2, 0xEC, 0xEA, 0x1C, 0xA9, 0xF9, 0x48, 0x71, 0x7B, 0xDD, 0x3D, 0x63, 0x96, 0x79, 0x17, 0x23, 0x4A, 0x8F, 0xDB, 0x75, 0x3A, 0x40, 0x53, 0xB9, 0xB8 },
+    { 0x73, 0x5C, 0x04, 0x76, 0x89, 0x2A, 0xC1, 0x85, 0x70, 0xD9, 0x58, 0x6E, 0x6E, 0x2A, 0x3B, 0x40, 0xC1, 0xEE, 0x00, 0xC9, 0x59, 0xAD, 0x43, 0x9A, 0xC6, 0x4C, 0xAF, 0x2E, 0x6C, 0xCF, 0x01, 0xD5 },
+    { 0x6C, 0x1E, 0xD6, 0xB0, 0x2C, 0x9E, 0x4B, 0x1B, 0x7D, 0xE4, 0x4C, 0x5E, 0xCB, 0x53, 0xC1, 0xF0, 0xEC, 0xA3, 0x31, 0x25, 0x58, 0x3C, 0xCB, 0x42, 0xFC, 0xD8, 0xC9, 0x87, 0xEF, 0x15, 0x5D, 0x52 },
+    { 0x2C, 0x0B, 0x59, 0x95, 0xD2, 0xE1, 0xCC, 0xF6, 0x0E, 0x09, 0x64, 0xFA, 0xCF, 0x6E, 0x7E, 0xFE, 0x4E, 0x33, 0xBB, 0x83, 0x95, 0xAB, 0xFF, 0xB4, 0x10, 0x1E, 0x19, 0x13, 0xD4, 0x47, 0x40, 0xEB },
+    { 0x38, 0x3B, 0xA9, 0x66, 0x88, 0x6D, 0xE3, 0x23, 0x18, 0x1E, 0x00, 0xFB, 0x97, 0x14, 0xF6, 0xA5, 0xC9, 0xB4, 0x15, 0x1E, 0xAB, 0x1C, 0xBE, 0x85, 0x98, 0xC3, 0x03, 0x2B, 0x76, 0x47, 0x2F, 0x89 },
+    { 0x66, 0xD9, 0x05, 0xD9, 0xC9, 0x3F, 0xE8, 0x01, 0x49, 0x62, 0x3A, 0x3B, 0x26, 0x85, 0xF2, 0x86, 0x3E, 0x64, 0x63, 0xF1, 0xB6, 0xC2, 0xA0, 0x0E, 0xA7, 0x70, 0x6F, 0xF2, 0xF2, 0x67, 0xEA, 0x41 },
+    { 0x31, 0x1B, 0xDC, 0x1A, 0x1F, 0x5E, 0xB6, 0xF9, 0x5C, 0x51, 0x14, 0x0D, 0xC8, 0x63, 0x5E, 0x61, 0x46, 0xA2, 0x72, 0xE3, 0x32, 0x62, 0x7E, 0x70, 0xCA, 0xCC, 0xCB, 0x71, 0xD0, 0x71, 0xD2, 0x6B },
+    { 0x79, 0xCE, 0x06, 0x01, 0xBF, 0xF7, 0x7D, 0x3F, 0x7E, 0x3E, 0xFC, 0x7A, 0x5F, 0x1B, 0x43, 0x46, 0x07, 0xA8, 0xC9, 0x6F, 0xDB, 0xBC, 0xBB, 0x29, 0xAC, 0x08, 0x76, 0xA7, 0xBA, 0x5C, 0x34, 0x94 },
+    { 0x90, 0x6F, 0x27, 0xC9, 0xA4, 0x94, 0x96, 0xEC, 0xF0, 0x77, 0x1B, 0x07, 0x53, 0x06, 0xEE, 0x8C, 0x5D, 0x8C, 0xFE, 0xF0, 0xDC, 0xB1, 0x39, 0xFF, 0x8D, 0xCB, 0x85, 0x10, 0x86, 0x87, 0xBE, 0x39 },
+    { 0x7A, 0x68, 0x5A, 0x51, 0xC2, 0x2A, 0x34, 0x23, 0x79, 0x53, 0xB7, 0xE4, 0xAC, 0xAB, 0x98, 0x7E, 0x75, 0xB7, 0x01, 0xA5, 0x97, 0x0F, 0x94, 0xF1, 0x76, 0x9C, 0x0D, 0x8D, 0xD6, 0xC3, 0x06, 0x7C },
+    { 0x45, 0x0B, 0xA0, 0xE6, 0xC7, 0xAF, 0x7C, 0xFD, 0xE5, 0xAE, 0xBF, 0x87, 0x8C, 0x09, 0x5A, 0xA0, 0x97, 0xF8, 0x23, 0xF0, 0xA1, 0xBD, 0xC4, 0x4F, 0xE5, 0xDD, 0x26, 0xA6, 0x50, 0x17, 0x04, 0x06 },
+    { 0x9E, 0x45, 0xD8, 0xB8, 0xF0, 0x0B, 0x3A, 0x29, 0x60, 0x0A, 0x64, 0x6A, 0xF5, 0x70, 0xFA, 0xCA, 0xC0, 0xEA, 0xB0, 0xDC, 0x44, 0x3B, 0x88, 0x21, 0x86, 0x39, 0x5F, 0x1A, 0xD9, 0x49, 0xF6, 0xB3 },
+    { 0x5B, 0x60, 0x65, 0xE6, 0xA9, 0xE8, 0x3A, 0x6F, 0xAE, 0x16, 0x47, 0x0D, 0xA4, 0xC8, 0x56, 0x07, 0x72, 0xD0, 0xCD, 0x2B, 0x61, 0xF8, 0x06, 0x34, 0xAF, 0x69, 0x94, 0x8A, 0xFA, 0x83, 0xDF, 0xFC },
+    { 0x79, 0xA9, 0x2B, 0x54, 0xC7, 0x28, 0x90, 0xBF, 0x45, 0xE6, 0x39, 0x0B, 0xC2, 0xCF, 0xE4, 0xAC, 0x50, 0x5B, 0xC3, 0x95, 0x21, 0x77, 0xD2, 0x68, 0x4B, 0xB8, 0xFF, 0x9A, 0xCC, 0x87, 0x81, 0xDC },
+    { 0x60, 0xD6, 0xA6, 0x62, 0xA5, 0x64, 0xD3, 0xF9, 0x99, 0x04, 0xEB, 0x96, 0x94, 0xC4, 0x61, 0x1C, 0xEA, 0xDE, 0xFC, 0xDF, 0x28, 0xD8, 0xB2, 0xEC, 0xA6, 0x84, 0x7F, 0xEE, 0x7E, 0x17, 0xB5, 0x39 },
+    { 0x9A, 0xD8, 0x81, 0xC4, 0xDB, 0x75, 0x30, 0xEF, 0x5B, 0x98, 0x01, 0x69, 0xDF, 0x41, 0x1A, 0x12, 0x00, 0x71, 0x7D, 0x95, 0xD6, 0xD7, 0x44, 0xF2, 0xF5, 0x0C, 0x5E, 0xDF, 0x8B, 0xCC, 0x06, 0x70 },
+    { 0xAC, 0x8A, 0xA0, 0xCA, 0x80, 0xAD, 0x5A, 0x2C, 0x51, 0x0E, 0xA9, 0x8C, 0x8C, 0xBB, 0x5D, 0xAA, 0xDD, 0x67, 0x20, 0xAA, 0x9F, 0x6D, 0xC8, 0x4B, 0x47, 0xD9, 0x8B, 0xBB, 0x5A, 0xA1, 0x35, 0x49 },
+    { 0xB3, 0x58, 0xD3, 0x49, 0x78, 0x5A, 0x2B, 0x8B, 0x93, 0x11, 0xC2, 0x67, 0xF4, 0x13, 0x5B, 0x06, 0x4A, 0x88, 0x85, 0x92, 0xCB, 0xF0, 0x09, 0x68, 0x36, 0x6B, 0xB5, 0x24, 0x56, 0xBB, 0xD5, 0xC9 },
+    { 0x2A, 0x50, 0xAB, 0xCB, 0x22, 0xC4, 0x1A, 0x75, 0x9B, 0x39, 0x3A, 0x53, 0xED, 0x55, 0xFD, 0xA5, 0xAE, 0x84, 0x27, 0x2E, 0x00, 0x82, 0x9F, 0x33, 0xA8, 0x43, 0x3A, 0xA0, 0x8C, 0x7E, 0xB7, 0xD8 },
+    { 0x69, 0x6C, 0xFC, 0xA0, 0x52, 0xF5, 0x8A, 0x3A, 0xD3, 0xFA, 0xE5, 0x54, 0x7C, 0xB8, 0x25, 0x43, 0x5B, 0xE1, 0xF9, 0x13, 0xA1, 0xA2, 0x67, 0x47, 0x44, 0x81, 0x9D, 0xCE, 0xA1, 0x72, 0x82, 0xD6 },
+    { 0xCD, 0x01, 0xF9, 0x70, 0xCE, 0xB5, 0x8F, 0x49, 0xA2, 0x66, 0x26, 0xE0, 0xBE, 0x31, 0xB6, 0x7D, 0xEF, 0xF7, 0xAB, 0xA2, 0x5D, 0xA9, 0xE7, 0x8B, 0xB0, 0x71, 0x94, 0xC1, 0xB1, 0x6B, 0xF5, 0x82 },
+    { 0x78, 0x8C, 0xF0, 0x75, 0x1B, 0xE0, 0xCA, 0x97, 0xE9, 0x37, 0x56, 0x6D, 0x77, 0x71, 0x0D, 0x1F, 0x52, 0x3D, 0x61, 0x34, 0x92, 0xD8, 0xF0, 0xF2, 0x40, 0x33, 0xEA, 0x65, 0xEE, 0xAA, 0x95, 0xA9 },
+    { 0xD5, 0xB4, 0xAA, 0xA7, 0xEE, 0xFF, 0x27, 0xAF, 0xA3, 0x93, 0x5C, 0x1F, 0x90, 0x47, 0x3E, 0x51, 0x10, 0xBB, 0x4A, 0xA3, 0xA3, 0xD3, 0x3B, 0xEE, 0x07, 0x54, 0xDE, 0x71, 0xC1, 0xC2, 0xF3, 0x36 },
+    { 0xC6, 0xD5, 0xF3, 0xDA, 0x57, 0xC7, 0xAA, 0xA3, 0xEB, 0x50, 0xA8, 0xBF, 0xE0, 0x02, 0x4C, 0x88, 0x68, 0x84, 0xD5, 0xA3, 0x78, 0x00, 0x63, 0x3A, 0xAE, 0xA9, 0xB3, 0x46, 0x91, 0xBA, 0xDA, 0xCD },
+    { 0xD0, 0x65, 0x64, 0x60, 0x92, 0xCF, 0xF1, 0x70, 0x3A, 0x72, 0x65, 0x7A, 0x95, 0xBF, 0xB5, 0x3E, 0xF7, 0x3F, 0xAB, 0xEE, 0x93, 0x0A, 0x3F, 0xE5, 0x9C, 0xED, 0x10, 0xF1, 0x7D, 0x2B, 0x27, 0xC8 },
+    { 0xE1, 0xB3, 0x1A, 0x5B, 0xC6, 0x2B, 0x3A, 0xEA, 0x44, 0xE6, 0xF2, 0x88, 0x8F, 0xBD, 0x4D, 0x45, 0x36, 0x18, 0x4B, 0x7A, 0x73, 0x15, 0x66, 0x12, 0xD1, 0x3C, 0xAE, 0x3A, 0x23, 0x53, 0xF0, 0xA0 },
+    { 0x62, 0x00, 0x5F, 0x7C, 0x5D, 0x30, 0x0A, 0xF7, 0x08, 0x16, 0x2C, 0xD2, 0xAF, 0x59, 0x9E, 0x1F, 0x13, 0xAA, 0x1E, 0x95, 0x81, 0x48, 0xEE, 0x08, 0xB6, 0xB6, 0x07, 0xF0, 0x81, 0x66, 0x8E, 0x98 },
+    { 0xDA, 0x2B, 0xFB, 0xC0, 0xAD, 0xE9, 0x92, 0x90, 0xD5, 0x91, 0xF3, 0x1B, 0xD2, 0x9B, 0xAD, 0xD4, 0x27, 0xCB, 0xD6, 0x5C, 0x3F, 0x51, 0x05, 0xE6, 0x58, 0xA7, 0x26, 0xB6, 0xC0, 0xD7, 0x0E, 0x00 },
+    { 0x77, 0x98, 0x10, 0xF9, 0xE4, 0xB5, 0x86, 0x90, 0xF7, 0xF1, 0x59, 0x46, 0x0C, 0x50, 0x8A, 0x13, 0x22, 0x6C, 0x68, 0x20, 0x36, 0x1C, 0x83, 0x5B, 0xC4, 0x56, 0xAA, 0x58, 0x90, 0xDB, 0x1F, 0xCA },
+    { 0xE9, 0x7A, 0xEC, 0x75, 0x0B, 0x79, 0x61, 0xFC, 0xC9, 0xFC, 0xA4, 0x8B, 0x2F, 0xC1, 0x51, 0x24, 0x3E, 0x0B, 0x1A, 0x1A, 0xC9, 0xF1, 0xB6, 0x14, 0x00, 0xE2, 0x4B, 0xA9, 0xAA, 0x7E, 0x92, 0x11 },
+    { 0x69, 0x1C, 0x70, 0x5E, 0x4F, 0xC4, 0x94, 0xFD, 0xED, 0xAF, 0x6E, 0xB2, 0x1C, 0x32, 0x93, 0x2E, 0x3D, 0x81, 0x64, 0x18, 0x26, 0xDD, 0xA9, 0x69, 0x48, 0x53, 0x98, 0xF7, 0x78, 0xE6, 0x75, 0x91 },
+    { 0x23, 0x4D, 0x2F, 0x60, 0xBF, 0x67, 0x59, 0x0B, 0x45, 0x48, 0x17, 0x66, 0x26, 0x60, 0x2B, 0x89, 0x34, 0x8E, 0x25, 0xB4, 0x6D, 0xDC, 0x60, 0xB5, 0x98, 0xDF, 0xA7, 0x4C, 0xCB, 0x49, 0x1D, 0x87 },
+    { 0x7D, 0x1F, 0x01, 0xE9, 0xC3, 0x10, 0xD7, 0xF3, 0xB4, 0x27, 0x0F, 0x5E, 0x08, 0xF3, 0x01, 0x1B, 0xE3, 0xCD, 0x48, 0x41, 0xF7, 0xBC, 0x02, 0x93, 0x04, 0x75, 0x17, 0x3E, 0x3A, 0x01, 0xBA, 0x02 },
+    { 0x8E, 0x43, 0x20, 0x2C, 0x17, 0x32, 0x72, 0x78, 0xF3, 0x4C, 0xE8, 0xCE, 0xEB, 0x53, 0xF0, 0xA2, 0xC6, 0xB5, 0xA1, 0xBF, 0x86, 0x87, 0xEE, 0xCA, 0x6D, 0x83, 0xE3, 0x84, 0x10, 0x52, 0x1B, 0xFF },
+    { 0x94, 0xE6, 0xBB, 0x82, 0xC2, 0x82, 0x33, 0xA1, 0x71, 0x0A, 0x81, 0x86, 0x99, 0x76, 0x82, 0x20, 0x5C, 0xB3, 0xCF, 0x0C, 0x17, 0xC4, 0x33, 0x10, 0x94, 0x4E, 0xDD, 0xDA, 0xD1, 0x9B, 0x76, 0xFF },
+    { 0x13, 0xC0, 0xE9, 0x9A, 0xB8, 0x64, 0xE4, 0x87, 0xE9, 0xB3, 0x97, 0x0C, 0xDF, 0xA0, 0x87, 0xAB, 0x2B, 0x41, 0x21, 0x1F, 0x53, 0x46, 0xCA, 0x5F, 0x0F, 0x98, 0xCC, 0x1F, 0xEC, 0x1B, 0x6E, 0x9C },
+    { 0xAB, 0xDB, 0x05, 0xBE, 0x84, 0x5D, 0x36, 0xFB, 0x11, 0x4B, 0xA3, 0x75, 0xA4, 0xA2, 0x2F, 0x16, 0x61, 0x21, 0x75, 0xE9, 0x23, 0x05, 0xEB, 0x8E, 0x00, 0xB5, 0xC6, 0x14, 0xD7, 0x70, 0x29, 0xD6 },
+    { 0x23, 0x89, 0xBC, 0x6E, 0x6F, 0x8C, 0x67, 0x7C, 0x61, 0xFE, 0xFE, 0xF4, 0x06, 0xDE, 0x17, 0x58, 0xC2, 0x49, 0x8D, 0x24, 0xBC, 0xC0, 0x09, 0x94, 0x3C, 0x0A, 0xDD, 0xBC, 0x43, 0x0E, 0x34, 0x90 },
+    { 0xAA, 0x39, 0x28, 0xAC, 0x64, 0xB8, 0x03, 0x29, 0x5D, 0xD2, 0x7B, 0x82, 0x62, 0xB5, 0xEF, 0xA3, 0x12, 0x43, 0xE0, 0x04, 0xE1, 0x40, 0x1C, 0x9E, 0x4A, 0x35, 0x67, 0xE3, 0x84, 0x6A, 0x4C, 0xB2 },
+    { 0x58, 0x2D, 0x07, 0x72, 0x8B, 0x7C, 0x4B, 0x0E, 0x43, 0x55, 0x93, 0x49, 0x31, 0x27, 0x63, 0x7E, 0x3F, 0x58, 0xF5, 0xBA, 0x75, 0xCC, 0xCF, 0x58, 0xE6, 0xC7, 0x7B, 0xAE, 0x55, 0xD8, 0x7A, 0x72 },
+    { 0xFA, 0xF4, 0x94, 0x29, 0x66, 0x45, 0x01, 0x60, 0xDE, 0x76, 0x78, 0x7B, 0x9D, 0xC2, 0x37, 0x15, 0x50, 0x56, 0x5A, 0x9C, 0x09, 0x85, 0xE8, 0x4D, 0x18, 0xD4, 0x30, 0x84, 0x02, 0xB5, 0xA2, 0xD4 },
+    { 0x6A, 0xC2, 0xA8, 0xAC, 0x04, 0xB5, 0x8A, 0x57, 0x81, 0x7B, 0x13, 0xFB, 0xD0, 0xC4, 0xFE, 0x7C, 0x1C, 0xF8, 0x6A, 0x2A, 0x56, 0x53, 0x1A, 0x05, 0x11, 0x83, 0xFD, 0x8D, 0xE4, 0xB0, 0x2D, 0x0A },
+    { 0x8B, 0x6F, 0x0C, 0xCD, 0x37, 0xB6, 0xDE, 0x75, 0x94, 0x0D, 0x48, 0x10, 0x00, 0x53, 0x95, 0xD4, 0x49, 0x6A, 0xD9, 0x73, 0x59, 0x10, 0xB2, 0x8C, 0xC8, 0x14, 0xEB, 0x84, 0xFB, 0x4B, 0x86, 0xDC },
+    { 0x67, 0xDD, 0xE5, 0xB0, 0x93, 0x39, 0xB3, 0xAC, 0xDD, 0x65, 0x96, 0x5B, 0x48, 0x3A, 0x7C, 0xEF, 0xF0, 0x32, 0x35, 0x06, 0x6E, 0x5F, 0xD4, 0x53, 0x77, 0x67, 0x41, 0x0E, 0x18, 0x47, 0x74, 0x25 },
+    { 0xE9, 0x30, 0x26, 0xDB, 0xA1, 0x52, 0x20, 0x03, 0x4C, 0x5D, 0x1E, 0x5E, 0xB7, 0xB3, 0x67, 0x5A, 0x51, 0x4B, 0xB8, 0x13, 0xD5, 0x76, 0x8B, 0xAB, 0x87, 0x10, 0x9A, 0x51, 0x63, 0x70, 0x50, 0x0A },
+    { 0x57, 0x55, 0x8D, 0x90, 0xC3, 0xEF, 0x02, 0xCD, 0x09, 0x3B, 0x8E, 0x32, 0xED, 0xCA, 0x40, 0x63, 0x68, 0x84, 0x9E, 0x69, 0x97, 0x7B, 0x88, 0x73, 0x87, 0x77, 0xE7, 0x32, 0x02, 0xE9, 0xB8, 0xB1 },
+    { 0x5B, 0x8E, 0x1F, 0xE0, 0x3F, 0x39, 0x02, 0x19, 0x6F, 0x8E, 0x04, 0x1A, 0x5C, 0x86, 0xF6, 0x22, 0xE2, 0xF6, 0x87, 0x82, 0x44, 0x38, 0x80, 0x4F, 0x4C, 0x75, 0xC3, 0x5F, 0x12, 0xDF, 0xE2, 0x7F },
+    { 0x07, 0xEF, 0xDD, 0xB3, 0xBA, 0x48, 0x72, 0xF1, 0x40, 0xB7, 0xF8, 0x32, 0xE0, 0xB1, 0x5D, 0x80, 0x0F, 0xC2, 0x1C, 0xCB, 0x5C, 0x25, 0x68, 0x2E, 0x10, 0x41, 0xC6, 0xDD, 0x78, 0x04, 0xD1, 0x46 },
+    { 0x21, 0x37, 0x86, 0xD5, 0x37, 0xC9, 0xE1, 0x51, 0x33, 0x72, 0x5E, 0x43, 0x37, 0x01, 0xC0, 0x66, 0xDC, 0x6E, 0xEB, 0x2F, 0x8E, 0x7A, 0x07, 0x10, 0xE6, 0x51, 0x07, 0x8D, 0xB1, 0x5F, 0x09, 0xEE },
+    { 0x4F, 0xC7, 0xE3, 0xE2, 0xD8, 0x7D, 0x7D, 0x5D, 0x59, 0x8F, 0x2E, 0x80, 0x88, 0xFC, 0x08, 0x9E, 0xDB, 0xF8, 0x8C, 0xC7, 0x80, 0xBE, 0x8E, 0xC3, 0x64, 0xDE, 0xD1, 0x62, 0x43, 0x86, 0x41, 0x9A },
+    { 0xD1, 0x1F, 0xB6, 0xEE, 0x53, 0xB2, 0x45, 0x24, 0x3B, 0xEB, 0x8B, 0x9A, 0xFA, 0xC1, 0xF7, 0x5D, 0xF6, 0x65, 0xB7, 0xC5, 0x77, 0x1D, 0xFF, 0xCF, 0x55, 0x83, 0xD6, 0x68, 0xB9, 0x8A, 0xB2, 0xA9 },
+    { 0x39, 0xA5, 0xA2, 0xD2, 0x6E, 0xC4, 0xDC, 0x08, 0x2C, 0xA6, 0xD7, 0xA3, 0x2B, 0x43, 0x7B, 0xFC, 0xA2, 0xC2, 0xB9, 0x6C, 0xA2, 0x6B, 0x01, 0xF4, 0x89, 0xC7, 0x68, 0xE8, 0x9B, 0x3B, 0xE1, 0x75 },
+    { 0x12, 0xFA, 0x98, 0xB8, 0x74, 0x0D, 0x97, 0x01, 0xE6, 0xB3, 0x9C, 0x03, 0x23, 0x79, 0x4D, 0xE4, 0xB1, 0x73, 0xB3, 0x72, 0x91, 0xA2, 0x3F, 0xFD, 0x7F, 0x58, 0x0F, 0x46, 0x58, 0xF3, 0x7B, 0xB6 },
+    { 0xD1, 0x02, 0xB2, 0xF5, 0x96, 0x76, 0x0C, 0xA5, 0xAD, 0x82, 0x8F, 0x79, 0xFD, 0x43, 0x36, 0x91, 0x57, 0xC3, 0x55, 0x9B, 0x54, 0x3B, 0xD9, 0xDD, 0x87, 0x92, 0x97, 0x2E, 0x44, 0x11, 0x9C, 0xEC },
+    { 0xA8, 0x79, 0xA1, 0x33, 0x78, 0x2C, 0x53, 0xA3, 0x59, 0xE2, 0x8B, 0x34, 0xA7, 0x26, 0x58, 0x64, 0x6A, 0x2C, 0x9A, 0x5B, 0x86, 0xCE, 0xDB, 0x23, 0x14, 0x49, 0x3A, 0x9A, 0x3C, 0x8B, 0xB4, 0xD3 },
+    { 0x6B, 0x6D, 0x38, 0x6D, 0x0E, 0x46, 0x0C, 0x8F, 0xC6, 0x25, 0xC3, 0xC6, 0x20, 0x3A, 0xD4, 0xD6, 0x33, 0x53, 0x2B, 0x0A, 0x21, 0x71, 0xC3, 0xBF, 0xF3, 0x9A, 0x50, 0x82, 0x85, 0x05, 0x17, 0xBE },
+    { 0x64, 0x21, 0xC3, 0x5B, 0x8D, 0xF6, 0x43, 0x40, 0xF4, 0x89, 0x32, 0x1B, 0x75, 0xBB, 0x75, 0x96, 0x7E, 0xF0, 0xCC, 0xF4, 0xB7, 0xFF, 0x6F, 0x80, 0x0A, 0xAC, 0xC7, 0x50, 0x50, 0x8D, 0x9E, 0x56 },
+    { 0xE7, 0x5E, 0x8B, 0x3C, 0xB4, 0x79, 0x26, 0xF3, 0xD1, 0x7D, 0xCB, 0xA2, 0xF3, 0x13, 0x3B, 0x0B, 0x4E, 0x21, 0xD9, 0x04, 0x01, 0x22, 0xE6, 0xBE, 0xCB, 0x00, 0x85, 0x36, 0x4D, 0x32, 0xAD, 0x17 },
+    { 0xDD, 0x77, 0x01, 0x94, 0x80, 0xBD, 0x1A, 0xAA, 0x5E, 0x1F, 0xDA, 0x25, 0x1E, 0x0C, 0xF2, 0xFE, 0xEB, 0xC8, 0x0D, 0x92, 0xF5, 0x9F, 0xCE, 0x6A, 0xC4, 0x7E, 0xF0, 0x5D, 0x70, 0x1B, 0x93, 0x15 },
+    { 0x20, 0x74, 0xC7, 0x0A, 0x62, 0xF7, 0x92, 0x1D, 0x24, 0x48, 0x8A, 0x0E, 0x1A, 0x96, 0x81, 0xCB, 0x0D, 0x9B, 0x0E, 0xA5, 0x47, 0x1B, 0x15, 0xC8, 0x04, 0x1A, 0x1E, 0xB6, 0x77, 0x2E, 0x45, 0xDF },
+    { 0xB9, 0x74, 0xC2, 0xA4, 0x9F, 0xDF, 0x58, 0x22, 0xB5, 0x97, 0x5F, 0xD1, 0xC7, 0xDD, 0xCA, 0xD8, 0x35, 0x3C, 0x41, 0x2A, 0xA3, 0xA2, 0xB5, 0xC3, 0xBE, 0x1F, 0x6C, 0xD5, 0xF2, 0x4D, 0x41, 0x13 },
+    { 0x16, 0x0F, 0x55, 0xD1, 0x3C, 0x02, 0x6C, 0x23, 0x15, 0x87, 0x51, 0x8E, 0xA3, 0x6A, 0x65, 0xCD, 0x4F, 0x7C, 0xE9, 0x47, 0x0B, 0xE6, 0xB5, 0x97, 0xFE, 0x2D, 0xF2, 0x0D, 0xDE, 0x86, 0x31, 0x45 },
+    { 0x28, 0xE3, 0xBB, 0x9B, 0x5F, 0x64, 0x0F, 0x0E, 0x02, 0x4A, 0x62, 0x95, 0xC1, 0x92, 0x0C, 0xF4, 0xEB, 0x95, 0x7E, 0x56, 0x7F, 0x7B, 0xB9, 0xB3, 0x62, 0x67, 0x0E, 0x43, 0xB1, 0xDE, 0xA1, 0x5F },
+    { 0xCC, 0xB1, 0xF7, 0xF3, 0xA6, 0x78, 0xC5, 0x96, 0xC6, 0x5B, 0x4A, 0x81, 0x51, 0xC5, 0xD0, 0x63, 0x03, 0xF1, 0x28, 0x56, 0x44, 0xA1, 0x28, 0x31, 0x74, 0xE0, 0x5B, 0x72, 0x3E, 0x20, 0x6D, 0x11 },
+    { 0x56, 0x1A, 0xE0, 0x97, 0xD9, 0xC0, 0x64, 0xA8, 0x6B, 0x46, 0xA8, 0x18, 0xBE, 0xED, 0x4D, 0x47, 0x68, 0x2C, 0xD7, 0xC1, 0x1D, 0x39, 0xCE, 0xC8, 0x1E, 0x6D, 0x15, 0xB8, 0xDF, 0xE0, 0xD9, 0xC5 },
+    { 0x8A, 0xE4, 0x94, 0xEA, 0xE9, 0xBA, 0x5B, 0xD4, 0x4C, 0xC4, 0x84, 0xC7, 0x81, 0xB9, 0xC5, 0xA1, 0xB4, 0xF2, 0x73, 0x0B, 0xF9, 0x5F, 0xF4, 0xF8, 0xEB, 0xA7, 0xBF, 0x6D, 0x8D, 0x36, 0x50, 0x1F },
+    { 0xD0, 0x07, 0x3A, 0xCE, 0xED, 0xCC, 0x96, 0x17, 0x11, 0xE3, 0x69, 0xDC, 0xD5, 0x05, 0xEE, 0x21, 0x59, 0x1D, 0x74, 0x51, 0xA8, 0x57, 0xA9, 0x98, 0x84, 0x73, 0xEC, 0x95, 0x08, 0xD6, 0xC3, 0x09 },
+    { 0x0E, 0x9F, 0xA8, 0x6B, 0x7A, 0xD5, 0xB3, 0xC2, 0x0A, 0x3E, 0x6F, 0xC0, 0x1F, 0x8F, 0x38, 0x9E, 0xE8, 0xC9, 0x6E, 0xE5, 0xE4, 0x81, 0xF4, 0x68, 0xFE, 0x8D, 0x6E, 0xD3, 0xD5, 0x5E, 0x38, 0xB3 },
+    { 0xA4, 0xA4, 0x0E, 0xDB, 0xC0, 0x57, 0x6B, 0x64, 0xA3, 0x58, 0xC0, 0x42, 0xE3, 0x6E, 0x2A, 0x46, 0xE8, 0x4E, 0x12, 0x4E, 0x82, 0x4D, 0x7C, 0x18, 0x0B, 0x2D, 0x77, 0xA5, 0x7A, 0x2B, 0xA4, 0x15 },
+    { 0x2A, 0x05, 0x18, 0x1E, 0x0A, 0xF1, 0x31, 0x56, 0xA8, 0x8D, 0xC6, 0x0D, 0x5B, 0xE1, 0x70, 0xEB, 0x24, 0x75, 0xBB, 0x34, 0xE4, 0xD1, 0x9A, 0x32, 0xA2, 0xB9, 0x71, 0x5A, 0xED, 0xF7, 0x39, 0x05 },
+    { 0x02, 0xCF, 0xCD, 0xF5, 0xFC, 0xDC, 0xB0, 0x77, 0x44, 0xAC, 0x84, 0x81, 0x42, 0xD7, 0xED, 0xCA, 0x02, 0xF8, 0x16, 0x01, 0xB4, 0x8E, 0xDC, 0xB7, 0x6C, 0x77, 0x95, 0x4A, 0xC8, 0x08, 0x58, 0x2E },
+    { 0xFE, 0xCD, 0xCB, 0x5E, 0xA5, 0xFB, 0x00, 0xE3, 0x55, 0x28, 0xB9, 0xB8, 0xD2, 0x0E, 0x8F, 0x41, 0xB8, 0x45, 0x89, 0xD4, 0x2D, 0x4A, 0x59, 0x1E, 0x86, 0x5B, 0x85, 0x8F, 0x9A, 0xAF, 0xC0, 0xBB },
+    { 0xA7, 0x73, 0x64, 0x6D, 0x8B, 0x89, 0x11, 0xAB, 0x00, 0xAF, 0x8A, 0x59, 0x62, 0x64, 0x7D, 0x95, 0x5B, 0x30, 0x75, 0xCA, 0xD5, 0xA0, 0x68, 0x13, 0x9E, 0x4D, 0x79, 0x44, 0x91, 0x21, 0xA5, 0x12 },
+    { 0x92, 0x68, 0x75, 0x4F, 0x01, 0x7C, 0x30, 0xA9, 0x0B, 0x82, 0xE5, 0x7D, 0x3A, 0x6A, 0x64, 0xBE, 0xF3, 0x4F, 0x17, 0x62, 0xF8, 0x8F, 0xEA, 0x58, 0x1E, 0x2D, 0x0E, 0x1A, 0x92, 0x6D, 0xE2, 0x44 },
+    { 0x3C, 0x64, 0x96, 0x9F, 0x86, 0xE6, 0x90, 0x81, 0xBA, 0x64, 0xD5, 0x4F, 0xAA, 0x1D, 0xFD, 0xA5, 0x33, 0x74, 0x1C, 0xB3, 0xAE, 0xEC, 0xE6, 0xBA, 0x7D, 0xF2, 0x1F, 0x7E, 0x48, 0x36, 0x5B, 0x18 },
+    { 0xC5, 0xEE, 0x5E, 0x28, 0x24, 0x4B, 0x87, 0xA3, 0xA7, 0x42, 0x0A, 0xA4, 0xE2, 0xF0, 0x9A, 0x3F, 0xCD, 0x21, 0xBF, 0x0D, 0x57, 0xFF, 0x2F, 0x69, 0x95, 0xFC, 0x82, 0x8C, 0xFA, 0xEE, 0xCE, 0x6F },
+    { 0xB2, 0x46, 0x8D, 0xA3, 0x55, 0x0E, 0x67, 0x6C, 0x6F, 0x00, 0xF1, 0xAC, 0xA2, 0x44, 0x45, 0x1F, 0x39, 0xA4, 0xEA, 0x62, 0x0A, 0x4E, 0xF3, 0xE6, 0x67, 0x7F, 0x9D, 0x87, 0xF7, 0xED, 0xF2, 0x73 },
+    { 0xE3, 0xC4, 0xD9, 0xAC, 0x6F, 0x2E, 0x6F, 0x9A, 0x4F, 0x10, 0xA2, 0x32, 0x5D, 0x9B, 0x6F, 0x9C, 0x0C, 0x9E, 0xB3, 0x58, 0x70, 0x38, 0x50, 0x35, 0x7F, 0xED, 0x9A, 0xED, 0x8D, 0x61, 0x96, 0xFA },
+    { 0xF5, 0x08, 0x4A, 0x0F, 0x0C, 0x3B, 0x5F, 0x0D, 0x76, 0xCA, 0xFA, 0xA3, 0x18, 0xD3, 0x2E, 0x26, 0x4D, 0x57, 0x44, 0x0E, 0xC5, 0x4E, 0xC5, 0xEF, 0x8E, 0xBA, 0xB6, 0xDD, 0xAA, 0x09, 0xF7, 0x81 },
+    { 0x47, 0x3E, 0xD0, 0x4B, 0x5D, 0x4B, 0xC1, 0x5B, 0x21, 0xC8, 0x89, 0x2D, 0x9B, 0xD0, 0x0C, 0x14, 0xB6, 0x7F, 0xE8, 0x43, 0xF1, 0xAA, 0x2D, 0x35, 0xA4, 0x74, 0x93, 0x39, 0x52, 0xFB, 0xDC, 0x1F },
+    { 0x48, 0x14, 0x00, 0x32, 0xBB, 0x7D, 0xF2, 0xE2, 0xB5, 0xC9, 0x5D, 0x40, 0x3C, 0x9A, 0xB6, 0x9B, 0x4B, 0xC0, 0x04, 0x53, 0x98, 0x0B, 0xF8, 0x5F, 0x15, 0xA8, 0x4C, 0xAE, 0x2B, 0x09, 0xA0, 0xE9 },
+};
+
+
+/* crypto_hash/asconaead128/LWC_AEAD_KAT_128_128.txt */
+static const char *ascon_aead128_kat[][5] = {
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "",
+      /* CT = */ "4427D64B8E1E1451FC445960F0839BB0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "00",
+      /* CT = */ "103AB79D913A0321287715A979BB8585", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "0001",
+      /* CT = */ "A50E88E30F923B90A9C810181230DF10", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102",
+      /* CT = */ "AE214C9F66630658ED8DC7D31131174C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "00010203",
+      /* CT = */ "C6FF3CF70575B144B955820D9BC7685E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "0001020304",
+      /* CT = */ "6279C4882F99DFB6D9EC3695C9F2A773", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405",
+      /* CT = */ "078A29237061C0D397B2A0E6EA5C876B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "00010203040506",
+      /* CT = */ "03571475150BCEE52386848E25B06509", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "B26DFF49B1D32299DDAF77393DA1BFB9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "199B9F815BA37A386D283F504B8D2277", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "72ADAF0FB14368FCAE684504B30AC101", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "7A743A79172DA75466F25F40457A6B73", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "3147BDC1FE566B1981841CCF2A6AE34F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "020EBC69E08706864E71E3D1B58B357F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "A82E222AFF512CDBC3DE114D906F19EC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "6FC17A2738F9F525213E59384FB75037", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "B747D3235E971C20D00DCF87406938FD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "D990A242654D0741C7525E6F903653ED", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "578A86396447B8A041BAD515A601A34A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "8DB8ADA4D118B78363846DD3541E2189", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "60ADBE0BFFAD8E8A261E6B8CA48C75DF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "C85D563277DB0C83A2B4E94CD6EA1AEE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "211A251C1766C2E5A3FFDD74B03B2529", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "12004754BA17098AAD179E061E1749E7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "B0C8E78E5E9091F5005D79AABDA96DB2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "AAA1A35A588016DC63EE291946FC6154", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "166C67CC262390C81596F8C463C87B00", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "143DB82F41FE376CFD53D29675078EAC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "6BAF6585E8FFE8F552780C7EADC7DA28", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "D1401CB996969FD5F721A422439DFD2E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "78362CB020E6CE64063595D856AB9173", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "2C899FF0082B24C0E179399DE588F918", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "22133A313FBF0B38029A45870AADC542", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "",
+      /* CT = */ "E79F58F1F541FC51B5D438F8E1DD03F147", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "00",
+      /* CT = */ "25EB4B700ED4AC8517DCBA20F673292230", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "0001",
+      /* CT = */ "49BE454D8C97E1EAB5119BF47D3654DDE2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102",
+      /* CT = */ "D2FDDB3A70AD9A1F2BB342615B97AB191A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "00010203",
+      /* CT = */ "4AC40555DC0E91960643A438D4EB371137", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F3F5CE816E7C1BA5F7453AB9D526B82D0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405",
+      /* CT = */ "7C56A3122EC3F0FBFC89C725171061705D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44ED28EA9A451BE731C7D5B4AAEBD97969", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "10AAC070D4736FAD110E011A42D813E453", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A3D03F3A5AAB12316DB48C0ACFF1B6D0F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2CEE4C21C5E8BE47C62801CF8F99C0F68", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29046A1589F368954B3B520A1582BF3999", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBA99810090A3340A198FF6B536BAFE22E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4B9B02EEEE46735A799825D48A5793E1C6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E1B69707A42C085AB15B212E545AD48C4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B0EA3438393984BFBEBB5642907A511568", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6AF88FDEC9275574DDA9C51F390C301A4F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "98BD6CB9C387D71D275A5D50E5525C643C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "5012CDE984E442C183285468CF95509AAB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64E8A535661ECD9BD9986CEA0A46A8556B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C31E5D2C32CD3BA00B03595D1D80580E5D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "99B94D9B0FDC389333390F467DA793DA18", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "36F8BC8ECBE5373E8CF98A6AF971F4FF82", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C03D53C849AD1DBAFE0CA9084AB60E4967", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BAAE9C333640BCBD5AFD22A6D086BCD48A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4CF2085BF59B1F8D21FF2690EEE3A54E45", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "12647E22AC5BE3FDF70E9FEFC249AD38CD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8B1FAB3F10CAF5CDC2E84954AB7F4169D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "669A01C76EF9F95F4B1C77C362D3789B62", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26C5395877E5027743965CF9CC5C8364C0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F9B7E3321C6F13FBC36CB520FF40E398E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "145D307EAA756D8BA5D06A0BBE704B37CA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C6977B26283789F81CA53EE0C984D3FFA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "",
+      /* CT = */ "E770024EF7895C325CBE02EB5FBE6F9D7E8D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "00",
+      /* CT = */ "25FB41D2732019820A0F8BAB4248B35E7B0B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "0001",
+      /* CT = */ "49E57017A30E8073D1FA284AC8346110F89F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102",
+      /* CT = */ "D2729AEF0954A0B62131B41B77BB07DD1BDF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53C3ABDE1911DBBAFCA250E82B32E6623B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F82CA8DB431D4C88044A58AD984EBDB0767", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC825226D46FFA5AB35DC4F3802BB252B5A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "00010203040506",
+      /* CT = */ "4486D2C8ED8489C9E0D04DFFB8F412149695", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108639EF290EA2810D6A1C03649CB66F6D94", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A25B328B990BF7D77C15C621519779A7126", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F4C9EDE27986D157E41FBAD2D2C805D070", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FC67CBC9D0678F451F593E4C827661F84A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE3268C0D34744D396B233E7C9FCAF5DE6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE58B7A9081226609FCAB0FC439CA9BA4DF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E58968373B211EA0FC538D8AA77E338CEF6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03EA80E65729A8CA944EA44BBBDE99658C5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A2834C4A74578201C95C841BF174402B238", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813A67DFADCF44B938B0DDBBF1C246F24BA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DBB47F895CDE177FAD82CB3C7341A4541", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64ACD2BDDB3E2E206DF00A71418289215105", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C3050C85A58C4967CD61BEFF2C6A5E6D1513", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "99493C7D15D98F80584F6A2B6F19E7827DF5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D092115E687090CE11EDB6E83B4029D51", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EBFBE6F932F2EECD51DA65D220FBA68D7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35F45A5FB21281E4701FAB3C9ADEEA1170", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C8393FAA9930679187C22C63879D6A4A714", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244C10C58F56790662D4E862E0D3595864A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C800EF8E732F5D80CF31022F0A48CA7F5594", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662DF08B8B3404A00343D5D4E616F29AA76C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6577F6634FE09EB7B1B7EEB6D7DA61DF1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55AB1A2B6B649ED9885B1BA67E8ECA6780", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B95CA9B935C15006A74174A16962CBB75", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C0838C27A7741EF0D33DD0312E48657F5FB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "",
+      /* CT = */ "E770D29AB195F40EE49B127840263B2A7F1356", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "00",
+      /* CT = */ "25FBE4381FA4B64A6C6A5C06030EA163AE8082", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "0001",
+      /* CT = */ "49E505D644B6A140B7305500088BBD30A5963B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102",
+      /* CT = */ "D2721F2ED83F53550FCFE2188D4151162A3F9D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9F9BFC2F512F9E90288EF5E4728C4D4CC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F8202100240F484078227FF47F85A47E8CB51", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88B34BECE08E696ED8F527D0C89F05101DC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864F9D866CD8429604894B45AFA35053170F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "10864087901895D83F4902B68968EA8433A7A1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256F60B6870387756DD121FEB63276B3BD99", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B3D4DE1D4214960F7A2A312527B2086CD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD8FEDFE3A8C68B307ECFA86DBE97E5FF9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D722692214C612F12FEE54E7A3E5565AA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547D02164F9B18D92235BB8804454A4AE83", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E5892E6A4BD2A1951254CF8FF9004606EBD18", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607B87982471BC3CDA0F4066BF58758C5C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A2821C812A75544ECBADC70A26480FEC45461", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B79BA0B8F4055963CCF3A8169D250A9E42", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE33089D4192C97E31F939A3A5D6D7AA0C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC7287B8B140172FF8B70B692323AEA189AE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB4A7A86AF2ADD545D828ACC346C47485B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "9949846BD638424096EE64054A358F2ADED190", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61B37E6666E07C7B973529587D2C1F9820", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA797B6CE28687236364C82756322ACF3A1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FAC0B48D847EAF787D6310BD06E0155FD2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29C7591CCB1C4F0BF7EA01E881C7BD878", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5EA6793A91968167CF94F833568FDD265", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E29CEC49F148B8540BCFB863DD5AADECE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D52606D8469F7BCD07C8B4090BF5507BD04", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E702A8F08E0F97B8782A248375B88D6794", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7460C590C19464890AB2EE78C127254F9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8BD2AD5A687F079420012C341C58166C81", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086DCD5125F2AAC592072AF93BA58F4C466E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "",
+      /* CT = */ "E770D289723DBD7401E58C36EB488D1520305D0F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48A550AFEF7CE25BA45A6F0418AB2D671FE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "0001",
+      /* CT = */ "49E505472EF152646BFF0BF584748E6702CC14DA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB763F015C201A7983C9D5D36B463D1E0B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D996863A6CE3E220259BB1D9405103D52E73", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273AC12205DC254A4777C873A050DA7B6DD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDB4AD0FAF4F1DD4F40F80141148AF93D2E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD3DBEA4923D1C581EDDA1ACD0070C6D7DC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BDF5755D678B2C03A9D5F97DFBAB13EE71", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBB24744AD22D95E3208D705E4FE91C95D5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B08E0460C35AF5C3CBF5F1D4E626FC8D558", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75D7877CB464B49B5E93A0EA495F0319AB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88AF62A4D15B897B118A05F9385535B3C4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE54773774E373E54CC5D746C6CAE56D4A540B3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270F4188BD0B38DBF880024DA167E143173", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E6073927D845ABC584B40206A1E4520DC28AE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215EE219C60F71D317B2CA232101CDA4DCE7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B701495B9FB1286FD97880A182818688150C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE331256A6B92A6389F9D8644125E716A52F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72124A2C2750525514AAA8720C1E73B156DA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E9A9A7833C5F6FB36BD82F1C78C322678", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D4BADCDC5496A1358D2540B786B8B2F04C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A83931283B9A628C1A5E82BE2E81429813", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA779641A28CF5D536DFAFBCC99681BD2DFE4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7EC6E681B74F8CF58575D50FD3DE1B03CE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A2969AB6BC3FAE40BB8EFD7109C7622D6AC9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1167196DCD6EDC088A6D1FD392B0522D0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D3B47F7AE734361A6C94058DDD037238D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D5219BF07F68001CA1A177A4F5011514E6BE5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E7657BBD31B35A10BD09C27381DA60542992", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D705915580B4AF6C588D35809636A697B148", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25A30CBD1204ECBB79619CC02A3E2ED020", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27493689F2C080418ACF11125FDE5C2F91", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2E5705A06B6C2FAA93CC7108B5B1502B4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC1C46C0CC9ECB8CEB25053FFEC2C4AC129", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA6CC8555CC75D28EAD641E90E631BE359", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB367493484DB51C8BBBC43E1A1D14029689", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D2C7DBF3BEEBF01EF347B8C773A6C17DB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C61B8B77D367C0D86E0557A43039A0A506", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D993149407C6FB863AFF9894C309931C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD33743ED20D7695A424D3505E437B8501178", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD714CD79EEC957DBC9D194598C083C982C7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD30168BBA48AB95240EA22A53A13225882", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B0813F97AA0A08CAB30E34A22B72D4F06F35B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A40EBAA64F602CAD77EAF94419624A64BD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D8862AB4D9A818CFE0A9772010B53878C93F7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736B01309C6DA7218E0A44213CF96D0D33E2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB4C2A2A5F6A3A1586722395B49C06057", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317FE6FE606F09A10C9C0DCEA94B35B44A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A7B7D538B7076F7061FF4854FD882D3F1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B70130B49A4D7FEC9305A57598B9B85602F87B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EDF7C2C3ED1EE637795B45161B588223A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E3413D5D1308671462856E8461DED4635", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E85B924A8BE14FB58D6CB2515C3FD5FF59B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48BECCFF2A29F142D5AD83B87E1C41B3D76", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D44E33E09D28285ABB4B34325BD3C4504F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792B355FEEB4EAC92C8DD02EB28DA256C2AF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE0B6F05413DFFEC1812B3C7BBCE709732", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686DC383714EDE30D9E1038E254DD33F5E0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B44B314EE6524B54917F90897F9D09548C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D44D34441EA7867C4A6A4472C3431D17C4D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D52198071651F8AB4CF52CD8C51FD0007A843EB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6F4E62701284C7B0033F6D40F1E6C862F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051DB231505F18918C0EAD574C471BBF1939", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E57DE5241D5B15F6259CDF96A9B177DC42", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3EF7065D7335F3321905C61C08462E879", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A4A5D8FAFA197CC29BD868CA5322B1CEBE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155289C7CA4B7561222452AF2417C8A4A21", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C741C71BFA1F2CFDCF8CB9F7E4504759E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5445CD7AF443EC7E6B305B93601A578", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D879358A83E1F9B487EA884B4E9D9854EEF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65287B01F7EB63572CF2E2A5160BE11356F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D7E5D53D8457FFB27516E44D6E8C126CA5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BB9600E5823A16A22384F826CE85791ED6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71341DE5B02980F6F8E8E1F8C4D852E25DEE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3724F7272227A805D7CC4EA25F9F53D4DD5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B0813120C401EB1FEA272BFF28E4431A587A458", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A416204DF88D4BEF5CBFF3DA03DF92F50422", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D886219CE7737ABB8B52EC3ABC35921336AD3D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE14CB26786CCE959BFE361E05F823DDA7D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB802D06896BF3932C4CF603791221D2402", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A295B8B855240BA70D70DBB90C0260F3A8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A60D8D2B69BE469A05A58C36DB58BB6D962", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089C4B588AE68FADC469AD3225FB3662F01", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4292894D9167763AC2F49642BCF1C0E24", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66DC69F8DF81A340F47A926C6C42994536", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DA4BEA085B1C931A90B99BBECE8CAF07D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B445900E803B938F327E6E3288CC67803F3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D48872C1D6060F6B69678B41D2A59DD84405", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5BAC971D7B4A4248A9B5CBC8530701E58", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7CFC2F7AF7D89D0E032826E294B20EFBFC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE9274F8ADEBB2340320399A5EC0D6B202", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B4351FF1DD8DB594F774870E89010D69B0AC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447F6973726765006319B0E81F3EB320C6DB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D5219804260C037C4E8481FE7029C95BED1C5050E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BF495D976762756C7FF4E315D76EA70B8A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D74EB7CC65835F3CDB97AA9F5289A28BC06", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E40CCC85994F5B78A7D9B653BBFD144A4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A036B71D170118B82192E7EFB2FBF59", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44A71B1ED9117B692EDDB148CBB6699A7F1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C100336794354DD81E8675EB922524452C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C750523D92CE28F16BEE9E75B5034B8FF6F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB55BEB58E640B6BA8C4B08196C990FF1F7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BF82DD40FEAC052EA4192AB813105B30DB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C652463A0DF41AAED674E9857368BB6B30DF04", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D706B12F30E2303D3EE71E6DD3F6951776D6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF29552F1B2C0D86C197FA779F20E97B75E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345CD3B1EA3C08BEA6AC30A74C48F7BC2E2A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C3A42F7FF53E518AD829BFB2FB5D19661", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3CE46331B924130CE74A112F778AB5FDE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163D7DA036D478F46A21A46781D675C11D5C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912082CE6BE1330DB520598448155AA0324", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D88662A0E9BCABB519E4A44A6107F823AC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89B5B5A7884AFF4E587F96533EAB43DF6B4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251CCF75D8ECB57BA7863E7596EB262A0FB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FB68CB1FB348DAA426A508A4F09F229D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB2A8E65EE59764BDB6AAB789882779EA8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528D5EC577018F9492C1EFBC6C7E330F4C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A27AEA1C013E631E57BF078868FC1ED894", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF97219BE37E416B942BA4B1A4864B9BD2D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B4BCFE48FEFE0BEC3AFD95C7983A9A2F4E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E80C2E81C095D6F5C9A7C492B124475EA0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9CA2A7EFBC273D59BA25054E3F804A39F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C78D9A4A41EAB23FAC36B8C90458EF56538", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFDE1CCF11C4994F35A1486E7650810D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFC824FB3C14F170CCDF906C80674A20C6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA490C5F38FD825E6B97B266FCFD6F8C77E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423C1E08A4C2AA892BAABFF521A74DA0C43E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE78AE8E46C5A4321B9FAC9F0A917C020A5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D747844B4E03718503CA10850C78FDC6BB0F5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D494C20BA259DACD1C527859F4059302E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A616FEA454758AAD99D6EB53AC3975DE0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEEB076C632E98C61F69CD5DB919B58D204", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C10386CF87FE743D9A2A627FC00DAE5B9B52", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C7547950D3B9804241712431C81D23C03D7D3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E1F8FD3F2BD9F0FF14E7F0B9EBC084D752", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED09BE0A67072FD1F51FE5B1CE7E8BB84C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B7267A2CB1C513FE65991DA288CCBC8985", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D706056C8B219F65945332DEDE9303DEF1D5DF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF2374302FC5DAC7C369371C7171FADBDFD47", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6E37294FAC4BDDCAD22EE5E7178D20132C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C8215F807001FD7678E08FDCD6B37EE9F01", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8941D7A98139835C2A973E67E6361008A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE384DDC15FF1ED2C4A0427C605CB4641EF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED8EBF251E9D01F44DA85C293FC268DF21", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6861CCF3287D781E0377726F81AF65F08", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB2779FB252BD1BD51D3C48C5505BE0673C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B0D199FBBA97AEFC56FDD43971B6A765C6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FA5E3DA35C3EDA411E8D18EA4A253DC57E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB86E59079F8C17FF9705EB3F7B599004E40", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528EE3CEB4CBD39E65B1E4328E8300D8FCF2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202FCF75807DF1FB9524BE8CF4213EA5F4D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B3978F03A1502E04DCEA4B4B8DFF15680", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B494882DC9077A2CF12F66D31A233129F015", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB184219C4DBB58348FE5ED5B33032EA06", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F96293FE69533B1263F98ABF16914DB90D27", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FE8F7EEC9EBC53BB595BFA5239AC4E987", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC501F0788B15A180D61326986793B9DE0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF432D08A17E45051EB02E6C023B1D66E41", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA429B700555F01728766EC33ECBBAC1FC09F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF9BB914B8AB0E0F71FE89504E2509D42E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC2710F5E7FCFF32C81CBCB9C43289B2D3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D5205F1740139CFE40E45C30027C648D50", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D0107E70967DBECB41D7BF40C2D312AAD29", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "0001020304050607",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A23D39116F51D76FE9DE67890FCCD7DC3DB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7C61B4623AC9931D92AC8AAE3F9F78C0CE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103926FD82C34FE8EDE74F8B4BDA0CBE9C500", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C7547848EFD5E4DE60C2580C4B48AC4ACA27F3A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C360520512C49823ACBD6701966E57F77", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED68CFABF4D3B0A4D69F1D04681BF6271659", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76DE40951C91F2C8B18097127BB1C1B59D6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D706059738292F22EC49DDF614846D1712D03227", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DBD36368EE6094699B36657AA033BECDBC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDCD66C67162F61A848D296C4BCB8CBFD46", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F40E10B01156FA225437C2E518FF29C37", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C1C3EB2EE4FA2B8FE58F0B457FD49A3BBE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE31931F35D13C116FE3DCAA7D4CBBE18DC5E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED7365FC752813430D5A45AE29C534620291", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CD48C637890D9B34AD5A702E4A3BE8C1BB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB224589220FCB5A616AD33159ABD95E074AD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B9012988302FE50D9FF044809B0D94A41", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE49D797FAC59DC5A9F1501B82DE55BF79B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A3FA3006697C92747D37905BD9D387ADB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D9181A99F3956898A8484B9B3749B9DCE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A20243012E69A8309583C1DD8C860816B1439F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F1B715DFEFECEE7A83F2D6AEA3CBA3F35", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B494468486B6FAA8AE1DBC985AB8CB58033654", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F68A302A04EEC3B9FE72DD06BC6367EE6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F421E34FD5ABEF1EC7F43B6621A6E20B3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF21138EA057F2307E7DABE42D6A1C823D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3F63030A9CBBB3085CFDF2CB8F30824E0A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF48979024ABA2E259C98E89EC0C7AE18ACBC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945D03C7AD8B0DCFB190F2E9A0AEAD01693", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF5233A5E1D7348DC85F7462505CB7380BCB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0EA959D9DAC45EF5E108685791C08D4364", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53FF23AD62D658D494C051EC5D937923F81", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B17CDF0E9E7BA08769A9AAE211125F0E26", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A23336690C8B42C0B811E74CE6CF0A5F563D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0BA5DFDFE05DBAAE61E1DFF349BE58240", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E1EB44A2A166AF15A0D997B8DA642C1C2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F225F85AC672152F920DFFD248610090CE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C68689CD8F01AEA3BE660AA60EB692DB61D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED6865927D89264E1BFF075CDB8A00F62CD434", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4F38773704C9B4C59E40007517BC1E5182", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B8FC22EB913A41CEE3F01069AFAE92001", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB149250FB8864B8C59BCE4F417F4904C5BC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AE686279EA0C1723AF33EADB5D77EF381", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99F8B1E7E8AFB03983E3B524C05CD53C6C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E1F2E1DE986408917271CC2891D55607B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4900103A5D1A1AA33ECBEF7CAF2BBA7B6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737E8F5A49E06C52CCEC4C58AE9CD82BB5D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE16E3F167A11EC658130C12ABAC3BED8A6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB224085211094DF3959B58E71A4F01F5CAF39E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B307D04637B673770952AEEAD496D4BFA99", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE4204CF4E4DEEA8A532A6A5ED5DEF5B3E900", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742548E1054AF955E532F91979A03351D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BAFD6B5ECC9AB43C252B5F0962CB530EE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433CF2A6BA2326DA11905798274116CB9E1F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8A5C2433C5F7100D27481CEF49FD9590F4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B4944609DCF78D702E4721439B6AA051D87E6E8A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9FB23B82932FC6DB68696A860BC26860EF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F075E48C7CB297F1ED7C963194FB3F18D03", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8BE43287D0137B079F940A363371F35AD1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD44B88CAC3F60962B510675C7BFB9102A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8B5AB5B2897B7F18A9D3B284B13D9E440", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF6560FE45093C9B630E9AFA02B410E568", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E0CE321AF34D5A1A1B7C6F11436119ED1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E259544D5F21C04650FF36AD994E43C966F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BF5FC3DADAC814E396C1B6B339D1AD36C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B1143974536141A7084D3A4AFE730ADB0E2A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "00010203040506070809",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFF9D363D14DCC737C8FAA67ED066DCE62", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A4E063D016DE47F98A7F0B1B344410A944", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E5969931EC0AD6B9CB14904E9E9BB49A02B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A67F63DE77E7B898037AE971E9EB4DE8D6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872614B633DCE534A333E506D26086966C7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED6865858439827C1BB65B7DF6F235BA8D648A5B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8AAB99C2E9AB1E0C6F508FE31D857F862", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCC9AF5943FDD02FE0070703DD45BC3AC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14137BF76BE1C0CDF453929039B6C70282D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC6E3CE10C6733FED240C25B2A6E84D515", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E57762B45EE4594348B19B8CDA7340B1A4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E8423F1450500AA811C8CF28D360E0308D3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3CBCF82C6EEA838AD617067B84CFB72D4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EAD74F20DC2AA0B95BE083FF167AF1545D3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18DD23F4612D23A2B27DE8E591246F186DE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408043B62031CB3A7AAC293EB4A2088BF68AE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F7B9743D878EDF9AD8BBDAACCF10778A47", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095CA57296D9A38F281EC0758B893057FB6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4A403B2F87FE884C6B34977053543418", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC4A249F078C51F6ADAFEA0BDD4D11683E2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C61935F7080C32B1CFE757146EE33720C24", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA25CB842C09B8087DA823958D45441CFD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092E7AF0001B616272F6DD0FAB613454B020", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57DE9FDF3153B4BE00C987A6C9CF869D2D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A27DE83E5306C4D7CA5E9A9883493C868C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7EE8F2F5B376291234338F5EFA24CBE3B9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84BDDF4C43F10930D31BA83B84E86DD104", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD1E9017A1E8EE19988053A60809039AC8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF666CA598FF75070E3CF50D46A73CF41CA0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7ED135881EBD6EC718B52FA5CC8308DA35", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E258877A2D836356067424D228A3A84DFC81B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA0A8C8E06FB60BF627305F287F7EFE50E6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422BED79619A10D8D2CE95A45E25D351D27", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC76375353C06366198CA0BD8954829EF02", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48E4E6A4FF286931434579C0BD704E3D915", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C6EC1848559DA4A363E0D56C6136CA07EB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F9F8D75BF188E83D1FBC93582BF15A3C33", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C687244E486708610E62934EFBDC6D40E90BDE1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE55CE0EA2422AA3F2790539A216B2AB8F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1AEE5F251B92BE69AE7BE8C89773CDB91", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD1ADFFFB6527B90BB2C394274D17FE1A8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139B7C534D271A620CCE5E9BFCC1AF3570C0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC766E448981134131AAB8BA7BD2B4948AC1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C524303CE4F7C99AEEF2CAAFCBD508A4D9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F97741939E99018CEBD55AAC85DE1EB39", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E47C3ACA1BE5DBE1F4C9A7B0E99092CA56", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1A799EFD6EB3D1DAB69BB2C2B0BECB465", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D14FBF208AF27A909A0AEF11E5C7A3B5612", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041D52241FA8E32B128F5E340BE620359204", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744D69E011E60E55A63369595A289AC97A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE4209531D4FF11F1DDE01A82ED0B498E24715DBA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C178483B900A69B3A53241256131DCF25", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467DA548BFFE42584E2DB089D51A61F0718", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C6182716AEFB3022C5BF9E839A1CC8BF37D0A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA4495787DE780A1410B50BADD84AE0639F4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE2998CC94BE03B4FEB2225C6D186B45E72", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D72494D4268983B582233D1A4CA96B9D06", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A2669F55B4B955F999281B76702DCA2B2FD4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41D925132755BEB256513FD4D0700CB058", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD848971F914441B4F89AB9349105D8CFEE382", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04329783BC8F04053DDE5FDF957B79B219", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF333842BEE2E89F4BA375B92319791924", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4FF79E9AA6D09FEDC587AC9D44CEB64F85", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E2588660EF98E139504F92E5E88FA0A89D22F75", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03E5AB7A2238074E8D0D53DD40591C49594", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D98F455B73B776EC563854B20000D888A5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F2A13574D9140D012B69B057657168818E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE38A71EC52FCE382042598A9F3225DFA3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C8EF98D2402A1EB6A3DAFB2A289181C79", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F9364929F9146287F322C38010C1BBA75303", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449BA0F342779F302DA386F7C15096E69C72", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A27B9DBE171DF9A348075E9B55005E247", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD3801FBA7E68B45285FE7FBDC92A2B57", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35502854FBE4C7136EE5A7D1DC40E73AB8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6CCD2ADAF132C61D96566566095F0DE2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3D2F959324D042C62BB360F3B2C5B19C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C52502748AE50F4343902A0DCE8C350D6456", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0AEAF8A7090E8D948AFEA26489B148EAB3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C90D5E2CAD1CC203682F18461D2E866D44", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B1E9DDCD35A88D280627380D6EC8474F1E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430CA3A5C60A60EE2E114D4D9BDEFAA1FB8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF90E30886E64690DD108B34620EEA8DF8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B75621C217F4E7AF4E84B280D94C99C621", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B82B3778B933598FBF3F4359D11261C31", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C1312FDC6CB8554CC51551385A3601012C9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A0AFBE21674E55C72A620F62A5A1410403", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208FFD894880B66C4D42FEC1596C1C97F79", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F22B29F278C6A5BB2E2D39135B246A5BC7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25E7570242793792B517BB860A3722E2EA4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D793B5B4FB493189636C7647E4D8808321F6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6038CE2EDB4B683152454A4B55B811B54", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC64BCEC36CB18E75163D37682B751D520", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6B49D86DFF62950C9F6409973FF29008", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B825AAF34585583E9797A3F7A329B5A600", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF533699F68050362B334F1E277DBA824795", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BA954D61B21523C507EDC8347ED5321B2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657B1D673F89B0B6077F7E2DEA7807A9456", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF24EB02FC8C4B87890382A7A4DD085EC0B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D940315A23C1ABC358C74F53E749F2C4047B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F2218C78BD40D7174F8D158AD297EB11E029", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5202E5BAE52DD5E452F7B6B843B163BAB8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C8814D937B0BC7D7A26EF5BC0E802F14006", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED772921C0C30D6F85E660B37F1EB55EF0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B1132F55C1D299956030E69273287971557", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A284CF180A87F8CA62B92F20C9BD5061475", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD776A6935D3E1DCDF8377826D3368428C0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DA86B4B88395FBABC8E6A07A29567836E1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E67C2B2455146B3D1F3CDBD39C2B09CE3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3B0A3FA61CD4F30D9EAD0901AB5CAB877E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CB77DDF9FACC702DFC3CEFDBDC016B1A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBC03813101144C22ADEA4FE5131EC103B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F1128694A9AB183C5D0B7FB7C13A27916", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FABE811B4B12E9A3F07BE943CDCB5EB48", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BAD091C881BBD3327261B2832E39609AA8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D5146B49BB9D27512811C20B7D049DBCB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71940A51E5C77B95B21AE9E5F0F164F63B1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B181B3D95D5B6158D2F9D65BF3A4B8D6FFA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F156CE91ADA5289EC9C29BCA4290D6289E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A023D237CDE3BA8DA27A628B15F0DA8FF623", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B20F4C73EC1D1886C845CB9C9C2C48B634", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BD41B2B9605BAF759111600266D7038C5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF588BD05CA9FB8C8C39EA1F0EC85043235", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D793502A2BC48F545D62DDEEBA429E23503974", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF9ECD0D84895061B602DEA18A93DA7855", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97D9E06997E811FE95676447F495557561", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F7ED81CA474F733D33A115BA1441765CE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87BDF9463A583CDB25B513124CF11CDD5ED", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375C2DCE9FC6FE329FBF4EAAE5DA899631D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BAB00E72894846E6609319E7B6AB9B6BDE1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E2588665748B7EE3A213082694FF1C6890EA307667D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF29056651660C3375F3EC4266AE67C182B81", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048B35BDA0F89F7D79A585662310A0012A1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172ACE6260894BB22E96C9F382ED552B5E1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE52749EC39B48260DF0B8692D1D5239800449", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A51F1BCFFF90BD2D2D447D0D8A505CE2EC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED94FA56CAB84ED5A2F5072AB61073575470", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117BB3FD1597C7D3982784650EF9AEF01335", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7B64D3EDA09F51BA9F7D619E4C5E77EA0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D13DF95A28388A8DCC7E183097DA04EAB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABDA04070DF1B7072B6E293E6CD58886C1D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1DE26C03879885A624B66C9FE102B9168B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5BA16E25343D2B86A32C7D8D32C155108", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC5B180260510D28819F1793CBBECAAED7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB879E776B6AAA1492138EA11CEFE343049", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D9397FF85D0FF19F13891279A3C9EB5F7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB4375E0EA77576881C298A6FEF1F738A8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA863DD0B48829CD59A69657488076F36917", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55086C4318F5C1FC91C1CD83352B6479B3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965E2CD4BEE393F2DE0D8CD8B8B4827E6E9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187FDC46412B80E88264FE2415762FC76486", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F140C9E7558506B8277CD46BF4619EF4893C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391946E05C9402166B0CFB2E25844EA1277", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281A88BAD044AD709F21728F3EF541F8F3A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADBD6C6675A7D44CCEBEAA89BE8618B89E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF52146ACC5F1907622DE105CB986B4056FDB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E39FBCDB02E055DEA555E497720860FF58", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF87F91504FABD05FBE4C17359AE43611DD4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC978234B069A9291EDBF7C8C0E654AD4C23DD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F516BE676D69734DCD05D340E9CF67338BD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B076CE5F8ABE4451BF4E79D1294E06A4915", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF18B585C0CD01FF9267F92F2BA52E8E43", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0431043CBDE24862C77A3F62DDF4606D1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E67FF0F7CF362C2DFC7132A73A0AA8E7B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C4581F8A5E332162E0C8B1ECE623E53AD0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8A979F770ABAC8CA4052239588187EC23", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A973FD31C0A3F03CEBB3DF3BB7BBCF6D7E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E3EA721F9A8FC4E556F2745972F5A78411", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56BBCAE1D932EEE3D3463DC8CAA44F3EF5B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED94970ABB678CD2213561991F08F5A61A9F1A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B999D3ECB707C921EA87CC2FB6E4163AFC4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D330B31B5D83F19653ABB5C4362BA1B1BD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CCEBBCC91D4DBCBB67DC33806C9AB0D0D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B1ACC4F81FFE3ECF118BBBFAA730FFB50", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25D7EC1D31C8994781052A46722890DD6A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4C6E6AB66848F59AA2CA36C7F4414824A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC36B7E80EE1C0A9285685A95D261CA0AE33", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D1728363A74744BA0ED4CA66D2477BBB3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5F5B5928563EBBF0F4F5FDAE0C71E6B4E0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19F08D351F1C4085D9F6BE99E2C82055ED", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6E5469037AC06D4206BE3D8ECFF3D704", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB94013B2148896577C0F401C50298297E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0821238149850B113A2CAF70A9B65C3D1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99E0C479771A09B5D29AFD05825B013D0D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408EBE839B337BF8289BA39CFF353229E0DA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BFE9DF482A0251E9C355A725CD35B9B049", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F91C0C6B55D6BCC1821CCE2CA6B8D5C7E0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF1E5973F77F1A47C15E4D4FF09D68DA8FB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4EF2C7B174A7C41FCAB40AB9DC0ADFAA7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353C9B63AF867F1531E87D661795CCAC05C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E24658BD441183DB814917AD2B612AACF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F4AC0D6C4E70CACAEF751BBCD5092A0BC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F51762485698C69834A49F84E1C05F0B9880D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B07630AB4A4A21709CA187E6A3DA5959ED254", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF61A5B5CC5CF5C74F4BE93E39504A8B6390", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FFF494D975B4DE29012E58D75929721162", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D096D1C38B4DF6875CC5CA8CE018D0CFB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48BC42BBB51366D28C27FF3C180373C8833", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C804D829BDFB647DF809721ECEEE433520E1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BC6D0EACE132FB02D26512DEF99D3AA62E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381A6132E1D1B072B1F103817B2D454700D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B694C864CD71D1266539E23801DFE750835", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C313DE7AE137C9FD8B0DAE6B53ADFFB6FD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926900D29C2F298AC9E209CFA8DF4F1178B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D30217BCFF911A3FFA48C7F39065B6092038", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC119415E9C145DA8790A1E8F52A6B8F3FD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B377C3843C5858B3006224EF2939BFA901B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D2514C6289FAD15429D7346FDBD112D38798F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DFCAA4EE178055310EB8FA6E1CA6F4FDA2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D6EAB0E6D1C189D9B3A0A6268E9A737F0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D307D0D9561560FE476926D255B4D992F4E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC463529C5FD3B534C95F58AC5E6A3213E8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9C762CA518BE19EE0098BE301E6924260", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6BCF8DE2BCBC8F71E658DC705D8DFE15BD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BCD159F7F92968B02A07FD3E139B59FCF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1D5E576F7118A4E67FD4246766E7E7428", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C58C47A610AD1D15094A4F527D902BBD6B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E9781D46986CBC03B3E6A335581EB9DA954", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF4DEAB958A3870690C5899B22D39FCAA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F92987643DD59BD26F57C017368D058F9FDF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13B9D0C7F9B80A45244BDEDED1A56BBF663", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E4981A2943A2748D066E5CF51251ECE205", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111FE7D30AFDD8AC215BC542FFA87E8B09", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B921F6CEC26CE77E238759A29CA28D638", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F98F2BB975E1438F5D9FAB40C66FA6CD49F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6CA6415C6802CD4511CC14278980AA6CC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4D64F5D4E146CAB4FBA71093AE8A83223", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF61021925FE6C4C23A3BE904FC33AE79150F4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF905A71A8F4B7A39603E766E5CFA5FF91CE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4CA370491E5EA138AAD665CEC4EFB1422B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D55981A135974A5C281BD4D23E3CD7127", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045E24C2BE3EE6DCE07FB187A1922DCF08A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCADA92B2A1CDEA6B1B8DA77294080EAD708", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BA01E0EA2595E8A1298ED9AB925C7A430B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5190D7AECAE313946B30AD835341C6E48", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A5FDC8BF0150C7FFE8E13EA187764148C2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B992679F2DE01627C325FAC1342EEFA58A28EAF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F420375B043C3F372BD02A9F3858ADABB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC170974453EB43684ECB92BC8E6BEEECC694", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B93CE5DE0570F6E4868FD7561DBD25B9B3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140DEAFAAADAEA87E93BE84F137AAB6039A0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44FFD658E6770535C0ABDA9F47E26BA11C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13D066301F046D43DAFECCAF9ED9C7077E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B76D66D84E7F757C30AC8CE399BB74BF43", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473A85C21F34A587C3B3B63DEBF580E4487", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDE695868387BE01A1EA7ECABE67843676", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39596B5BD4381CD78F40ABBD7FADF9C419", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA1D3FCB0E2D4ED80A1DF5D9349C69BD7C6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE63B7C60537954C9BD8F4AFF0701BA78B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D03C271847A2A5BBF71EFCF84AB57CB1D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CF95944BD80DCE8D124F20C04207351DA5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF2F81515016BF469F19C5B7FB795F42566", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7D76B6D8C8E9A31F974B9D60F2F069D31", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEA3112FE09E093C702B56F5280CB73C6B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B3904EA1D5D497E00CA12D7B9B6D0B86D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E3531114C57B945AE1B8C8B25E499F7FF77F8E7B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B5489D20894A5F82035A3B587643D7FB285", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E30D229194F8E8699AD9C127539267015", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B40C0D1FDD9FC5EFDD092FD1E5331889E3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C37C8C3108673186DE37F8373ED0551394", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FCA29DADBA4B5C8C20149581F4173261B3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90076E9343E5EA3ED67E7FF9C6A7B5644EF9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B30EA817D3F150AF2A9D710FCE7F55584", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D0077D6AF4A4CF430EFDCEBF8E41872764B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE79D4FC6CDB0BC7AA84420C8F1341CBE00", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD880B5A1D83C4F24F355A61AE1578E1E550", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD76042A7E82EA5439B942A5EF1584D3B8E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1E66589392B2E9969352609A0A62C917F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A55650829E182B5573CDA45BA5A0CED54A99", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791F6B928D29D4B7E2E1E1F6A945F1B466D4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F066C578B3974A9F987818181ACA2E708C9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC17033DADC9AE39DAE3F35977F2D88898F30D3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998B431D6513C278DB361CB8C1242E68180", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D312DB060FE4DC661688340B57DB2E14FF8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BE15A1F8ED39E6FA8F684DCC1BE746B536", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B730D9F3331F776C4DECB87FCC5EB09EBD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2CFD84B5C030740DC4F117DC37A1D9468", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC47326D6628F171C865049B95ACB10094FB748", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB39A9AFE53D9F5A8ED207F6AA3DE38F9AA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6E954231275446EB3D63070ECAF431B0D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA12550A23EFFC860BA935FAF8AF3FB1E0A9B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A13A6BD607EE4CB834B36D96335EF8C03", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2309F41D31EB4E2DE7C519A735193FB63C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFED58366EFA92B7E0AD2DBF91C21F4390B5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28DC8385063628D8DA0684EE01713098545", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE24CF768720AE6A9CE48D6B365E83E81A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC529F8CFE269D320A4F234B34443D563BA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5C811766A550593539CFD337C5AAAC6D5A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E35311140467EC0054430055D00E0CDE9521D09A61", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541F3E1481572A2BFFD7F364F4D724FD7A9E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E197D6CDD419BCA138D20DC715EDCAE5758", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABE31BE9A7A51853156DFDBA71A38993B2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C3853B9F472BA9BFBA037011C9A500DBC6A2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33288C2CDFC11E2F406AAD754CD1E2FC8A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072CC05E3E73B580EDBF13044A72C2DA550D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7EC2DF39DC68AD83868CBACB0F3B74DCFA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9E74E3F8DCC2E2E37BF1E22ABE4D2DF19", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7741AFEAD7B1D8ADADF1D961DC31887D6D0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8066BEF43C66F5E186A788FE1DA56810F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E1EB410DB6608A9387396A64D0B6FD88A6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C2DC871BB26DC7575ED897042381ABE90F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D3ED93FBB666DF0DB63E2633487525C0FE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD7FACE4487FEA998C8D88E8A5A70C8BF3D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EB8D35B16F784706DDA743676C02294C27", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338EBA14D6B95D20687D1585A6AC5B48509", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207B14C9F2F446D0F71192AFFE70C98364", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F800FEA58531C94CBBF5B41626C91197E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF99F9B9F52CE178E112F53947F02D2ED2E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714938DFBF751165B44414486395A8F2A96", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A253F504E5FBE1BCC508289F663E00EB2ED1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A68963E1BFC5244F9A64497D69BCF61EA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB36783BF33792EEBDB555653F1A0E5386106", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A46E068ED8479EBB94E4117D70C3FF558A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D25A21C1C52F102A4348D1EE7BE13F64", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A35E0517DE679D7DAEBB250FE17BCEDA001", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D23069628AF741BE40A933DE5D40395C687E5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCA3C671D399FBE05D9D28DF3E961CB3C2B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D939B604252A81A6325E2732DB9C88020DA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66517CFC08FF1DAD724E80BD6E531F4929", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54DF097509F683EAB735088E9F72D091489", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC0E3B0F7AB1A4B30E37AC791886750C5C4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E35311140403D638904947DF0A880016384E5E30AC83", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA7B7092858CE21D5DF3A6CEAB9C3070FC6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196EE175660528C6B0079177FDEC8BAF1C1E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF105024B76299B1F8EDE03DFC9E6AF4FF3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F1B420A794A857C30FD0BF0BADDAE41D93", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A4D0BFFDEE1B2D355CCDCC8F338C064A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C740F8635B4DBF4D1934573C9C7661E7480", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E0361660EAAFC3E361193F908545AE87196", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AFD96F9C4525B106E95F4FBAEB00D5EB3D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744D76ED368CAE6A9B45C3276B7805712717", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4427B136D2C172762AAACD306A569FD3F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E1637C3B51865920FB3F01F36CE63C8AD387", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C2255A402CE1981198154D1B1079C777067B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34D8A767A9C904D517B0EA320B6526A40F5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD749F00914C927167B8407247374C7804696", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8DCECF0F5A787C22CD604631AC4605721", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B9F64CA097DB3709A6BD11D0C6285B023D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A75F3FE9B2955DA60A3D488CBCD623B5B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19F37B2D7311FDFA5368EEA8D45D531B4F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE528F1FF9AA57E1E25695644B8F3120A6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B7143020F5C954755C63E73ABA3E9BA5B6513A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A371B9BEF5C4D98ABFDFEFADD2503B96F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E141DB836F92F53414251FA32C0431D61", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E4F22888E43D09B7057CDF8DD62B539532", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE40A399A5DF9BF10ECA510EAF3E56D47E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1FAFCC4C197E011C0A969AB3C016B7445", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356F1F52C0F4C6DC83BC51D502344451D11B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BED4CCEACCA3A5148A5C34D6D2D135AF11", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA645A3A63E10C34F8914B1E89C721389B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D935090BB06D2127B068B5DCBE0F1195B7615", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B793B92B88581786C19CD234407B51359D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8B2847F1BD79D70F802068FC7E0593CEDB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FD25BFC5AA9B9F3BD5C1FDB9FF261C5D5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E35311140403545C733D52B97665F3E62C2144FB016E4B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E093A842817725C631F9E9E6F5BE22684", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED31855EBCD46CB34D3910B9DC87D0DEA73", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143256D7C294658694857EF8B6F18A10E63", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F184478326E9F1AEAE51C3CA305B87C7E255", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A00C127A280F0D4F7C2A369090E68AD325", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E0C5468A71BD0A700158D740234906F2C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB659C541BA7282DDBE249231EE73FEECD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59FED36BC074E552EBEE246D665A234483", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD07E7FB401D9131A2695D23D3CD96BA591", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D7EE52AFC8415C2D767A5BDC06FCCAA99C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DC6E54D095ECBCDB59DF8B4779CC28AFE0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF368B5C971C27A1E531ED15E26FA228A5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE416BD153619E57621A7F55C856EA3EFC4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD749259C4BC8D681AA8E06C6E2C0F2394B502A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35196BBE2DB2B9988217AF821BD50EF5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98C36C3BC0ADD13225E014A9778772228A3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55A34DD6F028BA5A0799134D91F7F8BAA4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C05C664B32273234D589E4E2BB094C77B9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7BB3FD3FD5E71A774C6894F4AA9D20A8BE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309A184FF8E4EC3619D716F4D2C0FD374FAD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A357CD783A1945D02B44F6F2BE17EB4833D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FD2E4CB864BE3C3668C54DDCD6EF1A0B1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F449D8FAFD23D81CFB04BC80E7AC87F30", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4EC54A634FD5C690D0A55DA54E89D0E8F9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E539AE8E2B99546CE7E0D4BB9CBD8A91FC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF03EA938CDAB114B57470851C77986666", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE156BA606E90EEA62412AA3BFE35639234F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA2252140B25B1111ADDE61BF9A8A63CD1A6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9A90B0B6183BA2E518126112D005440CE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779CC861AEFA2BEC2167558845C75D69340", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA3BA8223BF064CCB5E6F9DBBAEB951151", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6C1051D6B2C56B34BE2EA7874C3ECDC56", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451F7A9B3458FDE3C4E42FA2CF1D1BCA6B8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D47DC99B3F631ECB8E3A6160891B7CF90", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384B12A4643C0113B978DB1EE21F3020F3C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DD9497FD9A2D52B61CAD3BFF32A3DC428A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F1840457F9387CF2EC2A000871A670292DF5EC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8AC6AF12AD62DB45D4CC9D29E67A56367", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FC00EAE19115C6404EEF519AB689F4CCE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93FC6D58387955D80E44830908AC635414", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D37CCFB9DC62CDD9E1DE7B35CC4518E892", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD004F1EED0816EC94F283717DFF43E8179D5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E0DE21FF41C5FE116F1F5B2EBF202CAF7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC43D37BF733634D15FE76FACD13605CB8E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3AE3AC4472F25E74FCF65877F1C0B40D9D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CCE819F4692D8D7EBC79AD4FD673497E6A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F013D70AFC00B61DE6478F7E514466A1AB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD357FFE25AE1540062A50D5A35BD7FFD6AD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4E484D5A98B5F9561286C821B07A8C151", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC46EE96F90CF6BCA7BC4604F16873F86D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C059BD465B47858744894F0A48D2395CC33E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69F3A40596C7AD15BD9171E82F67D4A0F6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA917BD015B2FEBB876B8DC12C7A421779", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A357200816AF9D65FF10149196A97621471FD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA7BB2CFA2F6D9FCEA68CE44C1256D08097", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0B223B1CDF0FFEAE96E05F308B2FBFC97F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E43365B6E90147867FE50B2872E77BE95AD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F83292D524D664A0FC04FA8BE2CC6BCFA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF03AEE6806FA02008A5736199F6E8404238", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573DB4BE1D5F4C7AB0C2532C807C080C756", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7B21749273A178107A9020F00C2A14030", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CA302A7A1DC2C8F7A07B845CF7485A8BAA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C1D3E920637DC7D304D2CCAD8C5BFAA973", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10933F0837AB3D76D93DD435DA34D61900", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7C96072286570056F5FF008717AB93497", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E3531114040354519513CC80F0AAF5FD0F9C98FAABCFC93CE9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A9F158190A2470F912DD0D0FCD8B7664B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E70A60E87A982748DEE006E35C40F27E01", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD9781455E019E8E757C5006A28EB364D64", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404430F2DA7A4C292A930E7925C54B21B3779", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5C1DDF5245DC462F44CCB7AEE1E14ED1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE874D8F0EAE1C02A10E5EFCC2B796AC572", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3470DE000F51AB291B3571CDB13E162D4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EF9A24C6095137DC2F5117E0EB7C6AB3FC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF13008BBDF90F0C4CB9CFAB2F902A9CF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50465FD50333149A24F1942FFA2FBD0909", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC497C421CAD7E3A4DF2BE9EACCD8117C717A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D1C37FA000CF7F14D1292240519DA162A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC230774C0524B0D93519802603DFD1294C8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9E1D8D700203C201DC092524957D7253A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C7C3A13A4DFF475AE828D73D0EAE922441", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B3644C77AC426E3C930EC8748FAC43E360", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC995A3B40EF5CFFA2E66753FB1AE9940D69", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FFB480724FD5977A225C9ED8ABC7E4710", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C868BAB4D2BC58FECF3B186070234B6A38", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44FF83CA90C0AF633654E6BF1466F4B3AD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E241C1D4AF53026F3C1F1E39055789F23", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795DED3E085A303C110AD095C91C6D2E3A9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4511B5873E39E1EC8D3677BCE6CA1BD0A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436E2CDF9C41BA76C2DA79780E3C728A1CC0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75F2F4D7AA062DADA76E065C8324FB909C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C420436A4179A327AD848A729F2201E3D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6BD4B3D1465019DC6EF9BEA0FEDD640B4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA0C3523DA5B9FFC3E6CC8DC3D4FD36367", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9DAFBE59DA765099A78EB0BFBB934C51B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14DF81A0085840580FE2FBCA0AF5002907A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8363B3B123E5CE1916C194243E70D41BD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7491C9EC0EDEF3F0873E9365C84F1316107", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E35311140403545195428D6217730F6DBA712A153ADF7C563BD2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A6F96EEE1C5AE4DFBE81154CF9CEED5AA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DD2B386F44B2BEBDD5831EAAECADF9E41E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92D56C0B24679ADB36B174F78F624C60C48", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DFB4D6E7CC26F65FCA9EFF8DCB34D2B76", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5FB78C6872C53021857E4298A48AFF37DD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C2C63783AACB33B9B8822B633AB996C42D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC5A31966531B2FBAC82CCE165CAE57077", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCCD8878D87010E49267C8F6C8D3E691785", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF048282B68E02F547F7C35483EBFBC73B3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622408C3012880E1A58D9FA4F3D615552F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970FEE464255B60E9CC0E29009675FDFC0A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C190891EC8318193A373229C2546BBA9D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F35C92DBE4380DEC34E332D81B38876F53", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9450575789E98D824EA496A80F58C9EF7D7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C768D4D24DA4A38BB07C2558F5D0385E55E7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B2B4250A85106D4C0FCCD668BB068B429", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A9ECB0B9F69E994A6DA9E6E154BE1DC15", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB06EFDA11A466E170BEC185E15D44D4095", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85AF3B96E2806F85EF467964E61C33799A3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD471C4E15858085DE8B0170FA94A451D1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E570E884CA46E06A8F920851044A4E1A176", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B0FF8BBE180F887AC099F83A91FDE022C3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4ACF682BF9828617E0DC846D3C961CDF6A2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EABC40AA73DACAA54FE7C0E669DA40D2F16", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD18248AAFAE15970F226DB09EE7E91CBF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9EE7DFB458B1E697D8F05FB493E88E8585", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E382A72A447DDA92CA81C4915AA9F5CCA1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA812C547DA33141797A957581D17D6838DC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B219F385E889843E9F713697C8B8661892", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18FF31FCF531CF6D0807819E73005B4954", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA3E92F97A10A6F24AB2776F0EBFD299B4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492BBCA07C2D3DDFBC4D17F59B6EDFD66214", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226EA27EF2E6EDE634FCC87A482AC9FB661", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62E967A0D31DA54CD7CEC94635182C2CD5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEBDC85A7823C106488B253F11ADC6C0960", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF82C7B4AF6883D72572FC8C04A794A2B0D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE4591B3FC911902805A8F1B449703CAC0C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F13BA0902646A17E74A4FB3167A72237DD3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A9F1A13413E966429A5415CD5978D124F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC227883A81C03223A4D809F03ECC6F2B5FA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D52FD0F6DA838CABEBFFA00ED6E1DAE16", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B0CDD133CEBACB318749343241B73005D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622DDEF004D51115487FA8D2A8813EA18657", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F786005D5FF17BCE157263989199E84DC15", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C73CE46F92D48534DD5CA3D1E19C64B7140", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C29022F78F0DA130522C3098E2255E5649", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459C1E7E94EC141145D78D952428C9A06D19", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C76806DF75F1A321E30CECF7E2FCD30F9D0924", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AD170303C8FA30A9669BB249ACA5AA4EB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A71DEB3C0D8C9B357A0D5ADD56B2BE93854", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031D093181BB3818DDED8BC78E7A59B05ED", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A958FC051CE45717655F0D929CF7641E1BB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD906F890C0EFBBE835D48D2D61F540EBB3F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E5754EEB221110C19D7865832E0DCEDD6DD7B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067EA1AE225C0C142812AA3382FF6ABE64E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F3C36A75E4693628AA6B530B7BF999C0C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB592D19CE76A99F60E2143A1F470A9FE0A4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BB80BE753B0D6F9C548891496A48DC3AB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E948B096FCA2C76332BB3EAB79C39758D13", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3EC0200D93E1F7F68AC44870330A47828F1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA8104F4A441EF3B0BADFA31BB1946A6755FB9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B73CFEF4CFACAA6499487404BF232D449A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDD3FC89A696B86B569537969056AFEC73", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA91960C5F2359839920BDB1AB46D615418B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55D01FAA6EDF34944AF393396AABA744A4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDEB75CA0F57DAC7F74603A0D4B0D7BF2D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DA067FF116A44684402C709E102E504389", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB24BFAA34FC345FA13B71B5D7C68669066C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5F57FE4173AD4966C29CFB3686157228", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417E79D7B256D52BE5AFB7CB4EFC9DE14A1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F13349A85F26FC9AF40E66CABE820045F6EDB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85B629F622A3EDB42E5B8CB7D49A379306", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF7F44A6ADD47D6C3C2074136AD7CA3ED", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D347F9C6392F2F0B7D9C6C6AB44D5094085", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6C643855105B0BA973BD4AEC3BC0ECDE1F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D789BFE76CE0A2130453F7A05B0B5364BD6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F78734DDB9CE0523B99779E4497AD5964E6C5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379935C053F229C92D664368876B2011791", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CEB9882BB795889D4AEE31E9EA04405FB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA79715549452A9F918CAE4D52ACBA51C6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C768069356836DE14D328579C63AD95BA95DF96A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF98A2B0B5271981599FF69C203245B6C50", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717F732BFC622DD69894029AEBF2C35DB916", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB29DC6847FC70FD80EC17C8AA8C5BAF6C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A95787A5A9FF1968324C0702913253B832393", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909FFE14A59BBF3F300E9FB78D441FB13F3D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B37FB439E9C5CB4CEA08F3A47D71A96C2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B0677008D6DC5CE5E8761AF221E745C627C657", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9FA167C566FA70846600FAA8457823EDE0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920017C8BE261B3527DAAD2E162D1DB1120", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDEBCFB6DB67C43EA35032BC886EFD1647D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E94013EE1C1217DAA7B9B24CE353B970257C4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0225B1C8C72F7BE7EDA082DB418C4FD1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042CF85A9C35E464D5129663C60B2D8B2928", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7769C9B3CA234D5AD37A7FF0D0E51396A86", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA32274938424DD5547FD8247960A8BB7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913DE17A3D510380A8280002CCE30C18B375", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C67854A378E62C2E1D7860330C9338C437", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2E7FEF6411D78766708AF9E771FA9926B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA5550C592C73E531D84F1B4B1198EC58", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247AE6F7EAC22E33990B1F339CD292F02122", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5DE52943526766B92E9EDB0E7BF8B30B67", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE41790D7E9874DF9F1E50C3ACF75B27C40E760", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D8425B8D00EF29C46500F749304729E591", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A2164E68ED7A1BD67999EB77E5FF73424A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6C6849E90348530D6AE2A625971B3950A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E47832ADEBCB69AFDE570DF1D2C186425", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED2D32A4013CED6406F39489C10DDC7CF9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788334FB2AD867472BD640796447077D4998", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873615B1BF7E07D0DFD0303366291F0C13421", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FAAAC5D1351FAE1727CE0BA9CC4B82092D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDBBE1F3D9C6D9E2AC0B43A92029D91A2BE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA792C3849B85749785E8A1B29242FBA2A88", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C768069349410982EE12CC87BE081648520EECFB66", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE9CC04B87820146D6D4A86A6DBDECB2E3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF8DFF86953AB81BC6CB91BDD12C652C71A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C901226DC60B5DC8993FA2227331DC5DB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C707599F7664AD6F3C871A49B6EF2FC0DD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F3207CE2218F0CE99E5878061A010A8EEC9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D7BE52443B10F3200DBBC17CC81465BEF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C3273091B5764C4AB027956C000B33C6B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F77F1A8000686EB011F1AEBB6926BE3E822", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB50E17E7552090E4C904AA7FEF1BAD896", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4B735B92725281AA24D69DDBA2FCEC9F44", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E9401932DA440B79B125551BC821418D1BE4A25", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0D046BF0FBFFB62C298F093881764EF462", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D570AD452403CB99E83788E79C676E7E1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C62FC5E4A3679CCC3C44C0D0407BEC3EC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2FDC44D03A640D612E3C5D2589B81A12A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A8FAD0BA3F4809D1621E8CB88F5664BAF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6602560193EAF9FFA99FE9CA775F813F1A9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F65B20E8A4C237EB98CBBA80B96E7C67", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA022033F750B5C5C2B04423F4AFD526723", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A7285C58D114687832855FADD754794347D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CBC22B0233BF9527E78D9A38F022253A5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905F7CEE504FE9065E580BC3D89BDB6B4EC1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88DD8344D168CA1EE1955E71DF515158CC2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D17DB899AFA425A5F24C8731CDA6C17F0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD3892ABE1218D8566FFF6C56969FBD34B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6A233F14FA3CEBE88FBC844075D5EF10E1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0ED22951AF4016B148D6CACDFA78303BEC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D7883455AAF5E8ADE16FBB36FD476A76B5F5988", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873610D634EBDD09456E5DC2ED6CD5A5FF86793", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FA53C0F55E525E1023B8E6E9513B4EE51E68", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDB6DFE71F0328D900C490648E46AAC9D4082", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA7940D7E3F79349BDB969183E1A48EDC72F52", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C7680693493074BEA0E944FC217A77F54877728BF91F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE4690D0E25CA0307C11D11193E9B6A2D1EC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF870CFCD6A10B058644D4E1280909098E44B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C2D69B0131D48D0DC05B096642FFE827F45", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C77024FCD71415E9DE2E21FB1655F0BC3039", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F327B6BD5F25F7E7E04A778494BD666ECC9A4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D9B352103AC233F21002072E0A7DC3E4739", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C51F0B3353B31AE123D0B649F6349C37124", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F771E0BB4D73C507DF3596E6C654BA6D31CCF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB12870C2B41369AAB1C7D2E78B09C7D74A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4BDAC028AD0195B3CB95E3EA9D256901F249", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E940193629BB55AA5F905DC5DC35CAC1391580489", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0DF8D707751412AB9F5819AAE3FBBD6AB682", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D4E2E663D6EAC31A5377FFF65B3F5D8BCAF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C6D187730437F6996206799A7ED5E2298B4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2EFE717C6C901C73EE6A3FC6ABB0B74A375", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A943587C6DBB56716BC8F09C50B118C6C45", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6607DD458067A071F27E94CDFD080478E5351", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F9671748BAAE80280A25E9935CC6EB9A92", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA0F73A8234C5B06CD0A47F2DEBA68F290558", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A728E287F016B12CB4E4320E4C93A1BEF2161", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CD3EAF8436A80449E750590176EA1C70C04", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905FA64AC13E572557AAFE3B9C869FE347C1F3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88D73AA18D10D1504CB9F41260505FBF70BD4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D43A846FEABE6F85FE9A0D1DBA6E18C5166", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD6E6803AE420D1A57792899CF43ED6C3823", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6AE82601F4B891685C1D025C914994E43338", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0E4FC0B4604271FEF50FA50611B77254BAEB", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788345FAF0DDEF49C8963D18488CA6F992383336", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873610DEB7075EFBF71C194850DE9DA2A50236A60", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FA53BA874D9E05ECA3464427A2896943063027", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDB6D4458468F2AC3D82ADB2D25AA5B2F56CDBA", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA7940BD5A8E37679BB8ED3219BF985CFD74C278", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C76806934930918654B7DA2A75AF4090204A5EDABB559B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE4612B77C2C4550E87B333BBB434C3AD78012", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF8702FF4097F81119F1E4932A06A72C5474F89", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C2DBE006DA16A75677F9A181AF9CEBBB0ACC2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C7705A3C8F60FBA293114A22E92E16B10EA2FC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F327B30500E02A8E8089A98BF778113746075D5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D9BBA277A5993BFE34637D241A9374EAD046C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C518D010539B10558995926316D58ABF2DC29", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F771E2CD2CD2586CE37BCE0BF9054EA011366C6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB12B419D6921FD73CF05E06A2339A2F5CB138", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4BDA18344AF6C7AA31C4FE4EABD7BBFABABFC9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E94019362C555926E326980EAF271CBE6C2432D1077", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0DF819C47B6A78FAD2BE485D4D523E3ADA1EAE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D4E30120A1ACC6753BE432F717776533AFB02", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C6DA840C162E0F19111066B112B0734AF5B19", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2EF50AA94E47E5D6F9F0924E384BD76ADF883", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A94AD6BE35E586291754D0A06D917ED2166A3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6607D5216E01C84A49097436451869E44C124A2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F9B632B26220FB0BC970DA69B1AE523C02F7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA0F769AE8CA4EEAA704D6127F4D78F91A31E8F", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A728ED9C04DF7AD6634225D49480D085585D969", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CD31395024DCB4FD3ED5F6C9886B4E85FDEAE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905FA6B5D8CFF8C9C321E2A1379EF317E589DA16", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88D73E274F44792336787A210718DC48899155C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D43F772A794F27D5ACC2063B77FBD6D79BE5B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD6EBA220D6AF228B692AE090DD47A2F95F3E8", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6AE8D86066282C5512C7D7F7BF835ABACBD337", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0E4F256DADE434F55ADB4DABA13ACA40B781D2", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788345FA7B202C9DB99A6CD7AAB352BFC0E9FA180A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873610DEBBED2E8B3025BB7767D5A9B992787BFA711", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FA53BAD5D7AC8DDFCDB071577ABBC85A3F3EBDF3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDB6D447C7A7A81140204835F9B0F5FCFD8C063A7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA7940BD1BD3321ADE3CD62DA279301477D96BD55D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C7680693493091067F98DDB903C5D684F30F3CD4BDC114FD", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE461202D4668B6D9E0B5AFEE5400BCA3E605B19", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF8702F10256B0DC55184F0EACB8E8809CAE80E6D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C2DBE3B9E31EF3E5C9D02C7BE72ABFA1DA1B252", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C7705ACA84E85A556A93D4F83BC2572A3F803056", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F327B301D3E4AB074CDAFC883FE363DA28C5F107D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D9BBA996D011D99913FF27F37961B26258BF4A0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C518DE8BDCCEAAE3606D1E6E6E79FECE071288D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F771E2C2158128743E9227CE49039593DF72B6CAE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB12B43AC9DC073324C3CC82F899DEF41CF81C9D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4BDA18C0CA35235DE9B4FF8BF4C4E3095936A977", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E94019362C559DBD916D6373BB469C267589A911F725A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0DF819DB8E887F35C143068B14A963D71E9EFA7E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D4E301DF46E8A30DB901442D9259F26980BE630", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C6DA888AB27D593E0BC110DD9718DA52208EAC7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2EF50E591CE9EF909554131E2DB1DF5ED8AF8D1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A94AD72148DE364DEF49DC5144A813F7EC9F93E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6607D52E83D3A452794913709BD7690C11B04FBDF", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F9B695FF9F39E52C178A7791F995DF8D5CE251", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA0F769609BE56EC62AB5043D092DA9929ED7A21E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A728ED97D33BC915A466AE53524DCC2F89499AE3C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CD313181F2BE9D90172C9A88B9649B9F150FCAC", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905FA6B524DC62CF611C80D167A79C32FE260F54D0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88D73E2D9150E7D73DFD6E6CAFF5A53A7EBF5EB0D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D43F7804CC64A7A66ADFADBDDAF6CE57D79762C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD6EBA0BA324E89FF4631ACFED599ACB499EC391", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6AE8D8DF9EA64F7AE36235FC9A84FBD6CE49C390", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0E4F255B196B883137E0D1CAF33AFEBB4B9E72C4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788345FA7BEE2FA78AED259CE07FB15CD65585E407B5", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "",
+      /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873610DEBBEB1A28657F6E82FE53D08B09EFF9330BD2B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "00",
+      /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FA53BAD550B72100ED30B362AD4E54DA95D5FE81BE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "0001",
+      /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDB6D447CDB0F7324DEC1D9F0B3C2125EA5AAD85A12", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102",
+      /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA7940BD1BC1E2A1C710B0814E44188B2207828C7206", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "00010203",
+      /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C7680693493091068DB6219EB3BDEFCA3655D4BD834136383B", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "0001020304",
+      /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE46120201F53D87E6764E4008CBE3FBE87A08ADF9", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405",
+      /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF8702F107074247F782093AD907E7040B22CA7BD7C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "00010203040506",
+      /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C2DBE3BA0DFC1D241CC18E6228544BD816283C38E", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "0001020304050607",
+      /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C7705ACA2E5CAF789E99F9F566DE4EB813B600FE74", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708",
+      /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F327B301DC475C5CD33E913B0B198EFF30508CB9B54", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "00010203040506070809",
+      /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D9BBA99531A32EAA78CB4A105912623AF2C895F95", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A",
+      /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C518DE89A9D3D6FB75EA34A68A5B0A003771EF16D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B",
+      /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F771E2C2195D4C4A1412D57DA00D67B8F561DC04B06", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C",
+      /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB12B43A64D24740A17013ED20E655CDD25E3396EE", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D",
+      /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4BDA18C0793384BDE51781CFEC7EC9CE6961827063", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E",
+      /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E94019362C559A217552DA84151A370BB25D4F78B6F1168", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F",
+      /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0DF819DB87363A60D9CDA76645D7CBED45B7C56470", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10",
+      /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D4E301DACD14E8CB31E60870699542BE0D16800B0", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011",
+      /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C6DA88818F2F5E3B3A0AF95ED6BCDAD67E50DD6A3", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112",
+      /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2EF50E5A50DD77DDD74446DDDA76EB8E599E16084", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213",
+      /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A94AD72F626D2ED4344DCDDB709823A4AFF345F4A", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314",
+      /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6607D52E89F7ADC60EDA79A4CE5CB822A4A371805D6", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415",
+      /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F9B695388820AEC504402E011B974B6B0CEC2A26", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516",
+      /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA0F769601B137B92B496041A8A1B2C7E06000D619D", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617",
+      /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A728ED97D2EF7AB5FC950E9B24177F4FD14557CC12C", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718",
+      /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CD31318E605E2A08F457910F05BE0553A2971BF88", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819",
+      /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905FA6B5247AE8F61A273B6D9357FA8E9869D54DD342", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A",
+      /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88D73E2D95B50459F83BBBBCFC34715D41A58D58610", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B",
+      /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D43F7807334B38C59FE294D019FC599C562790E93", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C",
+      /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD6EBA0B1C7A7122C0D077AE4E76A310EDB67F79F1", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D",
+      /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6AE8D8DF02AABF416D29B6E558DFE1B1E5561DCED7", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E",
+      /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0E4F255BBD4D4A994B5F271A0A659530252583A4C4", },
+    { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+      /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+      /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788345FA7BEE4468915D3F9422289F2349D6A3B4160397", },
+};
+
+#endif /* TESTS_API_TEST_ASCON_KATS_H */
diff --git a/tests/api/test_blake2.c b/tests/api/test_blake2.c
new file mode 100644
index 000000000..e2e7b4655
--- /dev/null
+++ b/tests/api/test_blake2.c
@@ -0,0 +1,545 @@
+/* test_blake2.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/blake2.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_blake2.h>
+
+/*******************************************************************************
+ * BLAKE2b
+ ******************************************************************************/
+
+int test_wc_InitBlake2b(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2
+    Blake2b blake;
+
+    /* Test bad arg. */
+    ExpectIntEQ(wc_InitBlake2b(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b(NULL, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b(&blake, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b(NULL, WC_BLAKE2B_DIGEST_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_InitBlake2b_WithKey(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2
+    Blake2b     blake;
+    word32      digestSz = BLAKE2B_KEYBYTES;
+    byte        key[BLAKE2B_KEYBYTES];
+    word32      keylen = BLAKE2B_KEYBYTES;
+
+    XMEMSET(key, 0, sizeof(key));
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, NULL, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, NULL, keylen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen), 0);
+    ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Blake2bUpdate(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2
+    Blake2b blake;
+
+    ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+
+    /* Pass in bad values. */
+    ExpectIntEQ(wc_Blake2bUpdate(NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2bUpdate(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, NULL, 0), 0);
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, (byte*)"a", 1), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Blake2bFinal(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2
+    Blake2b blake;
+    byte hash[WC_BLAKE2B_DIGEST_SIZE];
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Blake2bFinal(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2bFinal(&blake, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2bFinal(NULL, hash, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define BLAKE2B_KAT_CNT     7
+int test_wc_Blake2b_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2
+    Blake2b blake;
+
+    testVector blake2b_kat[BLAKE2B_KAT_CNT];
+    byte hash[WC_BLAKE2B_DIGEST_SIZE];
+    int i = 0;
+
+    blake2b_kat[i].input = "";
+    blake2b_kat[i].inLen = 0;
+    blake2b_kat[i].output =
+        "\x78\x6a\x02\xf7\x42\x01\x59\x03"
+        "\xc6\xc6\xfd\x85\x25\x52\xd2\x72"
+        "\x91\x2f\x47\x40\xe1\x58\x47\x61"
+        "\x8a\x86\xe2\x17\xf7\x1f\x54\x19"
+        "\xd2\x5e\x10\x31\xaf\xee\x58\x53"
+        "\x13\x89\x64\x44\x93\x4e\xb0\x4b"
+        "\x90\x3a\x68\x5b\x14\x48\xb7\x55"
+        "\xd5\x6f\x70\x1a\xfe\x9b\xe2\xce";
+    blake2b_kat[i].outLen = 0;
+    i++;
+    blake2b_kat[i].input = "a";
+    blake2b_kat[i].inLen = 1;
+    blake2b_kat[i].output =
+        "\x33\x3f\xcb\x4e\xe1\xaa\x7c\x11"
+        "\x53\x55\xec\x66\xce\xac\x91\x7c"
+        "\x8b\xfd\x81\x5b\xf7\x58\x7d\x32"
+        "\x5a\xec\x18\x64\xed\xd2\x4e\x34"
+        "\xd5\xab\xe2\xc6\xb1\xb5\xee\x3f"
+        "\xac\xe6\x2f\xed\x78\xdb\xef\x80"
+        "\x2f\x2a\x85\xcb\x91\xd4\x55\xa8"
+        "\xf5\x24\x9d\x33\x08\x53\xcb\x3c";
+    blake2b_kat[i].outLen = 0;
+    i++;
+    blake2b_kat[i].input = "abc";
+    blake2b_kat[i].inLen = 3;
+    blake2b_kat[i].output =
+        "\xba\x80\xa5\x3f\x98\x1c\x4d\x0d"
+        "\x6a\x27\x97\xb6\x9f\x12\xf6\xe9"
+        "\x4c\x21\x2f\x14\x68\x5a\xc4\xb7"
+        "\x4b\x12\xbb\x6f\xdb\xff\xa2\xd1"
+        "\x7d\x87\xc5\x39\x2a\xab\x79\x2d"
+        "\xc2\x52\xd5\xde\x45\x33\xcc\x95"
+        "\x18\xd3\x8a\xa8\xdb\xf1\x92\x5a"
+        "\xb9\x23\x86\xed\xd4\x00\x99\x23";
+    blake2b_kat[i].outLen = 0;
+    i++;
+    blake2b_kat[i].input = "message digest";
+    blake2b_kat[i].inLen = 14;
+    blake2b_kat[i].output =
+        "\x3c\x26\xce\x48\x7b\x1c\x0f\x06"
+        "\x23\x63\xaf\xa3\xc6\x75\xeb\xdb"
+        "\xf5\xf4\xef\x9b\xdc\x02\x2c\xfb"
+        "\xef\x91\xe3\x11\x1c\xdc\x28\x38"
+        "\x40\xd8\x33\x1f\xc3\x0a\x8a\x09"
+        "\x06\xcf\xf4\xbc\xdb\xcd\x23\x0c"
+        "\x61\xaa\xec\x60\xfd\xfa\xd4\x57"
+        "\xed\x96\xb7\x09\xa3\x82\x35\x9a";
+    blake2b_kat[i].outLen = 0;
+    i++;
+    blake2b_kat[i].input = "abcdefghijklmnopqrstuvwxyz";
+    blake2b_kat[i].inLen = 26;
+    blake2b_kat[i].output =
+        "\xc6\x8e\xde\x14\x3e\x41\x6e\xb7"
+        "\xb4\xaa\xae\x0d\x8e\x48\xe5\x5d"
+        "\xd5\x29\xea\xfe\xd1\x0b\x1d\xf1"
+        "\xa6\x14\x16\x95\x3a\x2b\x0a\x56"
+        "\x66\xc7\x61\xe7\xd4\x12\xe6\x70"
+        "\x9e\x31\xff\xe2\x21\xb7\xa7\xa7"
+        "\x39\x08\xcb\x95\xa4\xd1\x20\xb8"
+        "\xb0\x90\xa8\x7d\x1f\xbe\xdb\x4c";
+    blake2b_kat[i].outLen = 0;
+    i++;
+    blake2b_kat[i].input =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+        "0123456789";
+    blake2b_kat[i].inLen = 62;
+    blake2b_kat[i].output =
+        "\x99\x96\x48\x02\xe5\xc2\x5e\x70"
+        "\x37\x22\x90\x5d\x3f\xb8\x00\x46"
+        "\xb6\xbc\xa6\x98\xca\x9e\x2c\xc7"
+        "\xe4\x9b\x4f\xe1\xfa\x08\x7c\x2e"
+        "\xdf\x03\x12\xdf\xbb\x27\x5c\xf2"
+        "\x50\xa1\xe5\x42\xfd\x5d\xc2\xed"
+        "\xd3\x13\xf9\xc4\x91\x12\x7c\x2e"
+        "\x8c\x0c\x9b\x24\x16\x8e\x2d\x50";
+    blake2b_kat[i].outLen = 0;
+    i++;
+    blake2b_kat[i].input = "1234567890123456789012345678901234567890"
+                           "1234567890123456789012345678901234567890";
+    blake2b_kat[i].inLen = 80;
+    blake2b_kat[i].output =
+        "\x68\x6f\x41\xec\x5a\xff\xf6\xe8"
+        "\x7e\x1f\x07\x6f\x54\x2a\xa4\x66"
+        "\x46\x6f\xf5\xfb\xde\x16\x2c\x48"
+        "\x48\x1b\xa4\x8a\x74\x8d\x84\x27"
+        "\x99\xf5\xb3\x0f\x5b\x67\xfc\x68"
+        "\x47\x71\xb3\x3b\x99\x42\x06\xd0"
+        "\x5c\xc3\x10\xf3\x19\x14\xed\xd7"
+        "\xb9\x7e\x41\x86\x0d\x77\xd2\x82";
+    blake2b_kat[i].outLen = 0;
+
+    for (i = 0; i < BLAKE2B_KAT_CNT; i++) {
+        /* Do KAT. */
+        ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+        ExpectIntEQ(wc_Blake2bUpdate(&blake, (byte*)blake2b_kat[i].input,
+            (word32)blake2b_kat[i].inLen), 0);
+        ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0);
+        ExpectBufEQ(hash, (byte*)blake2b_kat[i].output, WC_BLAKE2B_DIGEST_SIZE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Blake2b_other(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2
+    Blake2b blake;
+    byte hash[WC_BLAKE2B_DIGEST_SIZE + 1];
+    byte data[WC_BLAKE2B_DIGEST_SIZE * 8 + 1];
+    int dataLen = WC_BLAKE2B_DIGEST_SIZE * 8;
+    const char* expHash =
+        "\xfb\xea\x44\x32\x0b\x4a\x40\x44"
+        "\xa0\xad\x54\x0c\x39\x62\xa6\x4d"
+        "\x2a\xc2\x08\x3f\xce\xb4\x1d\x71"
+        "\x77\x04\xa6\xfc\x38\xe5\xd9\x99"
+        "\xe6\x92\xf1\x9f\xe7\x21\x10\x94"
+        "\xe6\x08\xc1\x9c\x1d\xdf\x87\x11"
+        "\xfa\xf4\xe6\x7b\xf1\xe5\xc8\x12"
+        "\x55\x90\x05\x00\xfa\x0d\x61\x3d";
+    int i;
+    int j;
+
+    XMEMSET(data, 0xa5, sizeof(data));
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+
+    /* Unaligned input and output buffer. */
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, data + 1, dataLen), 0);
+    ExpectIntEQ(wc_Blake2bFinal(&blake, hash + 1, WC_BLAKE2B_DIGEST_SIZE), 0);
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_BLAKE2B_DIGEST_SIZE);
+
+    /* Test that empty updates work. */
+    ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, NULL, 0), 0);
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, (byte*)"", 0), 0);
+    ExpectIntEQ(wc_Blake2bUpdate(&blake, data, dataLen), 0);
+    ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0);
+    ExpectBufEQ(hash, (byte*)expHash, WC_BLAKE2B_DIGEST_SIZE);
+
+    /* Ensure chunking works. */
+    for (i = 1; i < dataLen; i++) {
+        ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0);
+        for (j = 0; j < dataLen; j += i) {
+             int len = dataLen - j;
+             if (i < len)
+                 len = i;
+             ExpectIntEQ(wc_Blake2bUpdate(&blake, data + j, len), 0);
+        }
+        ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0);
+        ExpectBufEQ(hash, (byte*)expHash, WC_BLAKE2B_DIGEST_SIZE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * BLAKE2s
+ ******************************************************************************/
+
+int test_wc_InitBlake2s(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2S
+    Blake2s blake;
+
+    /* Test bad arg. */
+    ExpectIntEQ(wc_InitBlake2s(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s(NULL, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s(&blake, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s(NULL, WC_BLAKE2S_DIGEST_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_InitBlake2s_WithKey(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2S
+    Blake2s     blake;
+    word32      digestSz = BLAKE2S_KEYBYTES;
+    byte        *key = (byte*)"01234567890123456789012345678901";
+    word32      keylen = BLAKE2S_KEYBYTES;
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, NULL, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, NULL, keylen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, 256),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen), 0);
+    ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Blake2sUpdate(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2S
+    Blake2s blake;
+
+    ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+
+    /* Pass in bad values. */
+    ExpectIntEQ(wc_Blake2sUpdate(NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2sUpdate(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, NULL, 0), 0);
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, (byte*)"a", 1), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Blake2sFinal(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2S
+    Blake2s blake;
+    byte hash[WC_BLAKE2S_DIGEST_SIZE];
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Blake2sFinal(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2sFinal(&blake, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Blake2sFinal(NULL, hash, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define BLAKE2S_KAT_CNT     7
+int test_wc_Blake2s_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2S
+    Blake2s blake;
+
+    testVector blake2s_kat[BLAKE2S_KAT_CNT];
+    byte hash[WC_BLAKE2S_DIGEST_SIZE];
+    int i = 0;
+
+    blake2s_kat[i].input = "";
+    blake2s_kat[i].inLen = 0;
+    blake2s_kat[i].output =
+        "\x69\x21\x7a\x30\x79\x90\x80\x94"
+        "\xe1\x11\x21\xd0\x42\x35\x4a\x7c"
+        "\x1f\x55\xb6\x48\x2c\xa1\xa5\x1e"
+        "\x1b\x25\x0d\xfd\x1e\xd0\xee\xf9";
+    blake2s_kat[i].outLen = 0;
+    i++;
+    blake2s_kat[i].input = "a";
+    blake2s_kat[i].inLen = 1;
+    blake2s_kat[i].output =
+        "\x4a\x0d\x12\x98\x73\x40\x30\x37"
+        "\xc2\xcd\x9b\x90\x48\x20\x36\x87"
+        "\xf6\x23\x3f\xb6\x73\x89\x56\xe0"
+        "\x34\x9b\xd4\x32\x0f\xec\x3e\x90";
+    blake2s_kat[i].outLen = 0;
+    i++;
+    blake2s_kat[i].input = "abc";
+    blake2s_kat[i].inLen = 3;
+    blake2s_kat[i].output =
+        "\x50\x8c\x5e\x8c\x32\x7c\x14\xe2"
+        "\xe1\xa7\x2b\xa3\x4e\xeb\x45\x2f"
+        "\x37\x45\x8b\x20\x9e\xd6\x3a\x29"
+        "\x4d\x99\x9b\x4c\x86\x67\x59\x82";
+    blake2s_kat[i].outLen = 0;
+    i++;
+    blake2s_kat[i].input = "message digest";
+    blake2s_kat[i].inLen = 14;
+    blake2s_kat[i].output =
+        "\xfa\x10\xab\x77\x5a\xcf\x89\xb7"
+        "\xd3\xc8\xa6\xe8\x23\xd5\x86\xf6"
+        "\xb6\x7b\xdb\xac\x4c\xe2\x07\xfe"
+        "\x14\x5b\x7d\x3a\xc2\x5c\xd2\x8c";
+    blake2s_kat[i].outLen = 0;
+    i++;
+    blake2s_kat[i].input = "abcdefghijklmnopqrstuvwxyz";
+    blake2s_kat[i].inLen = 26;
+    blake2s_kat[i].output =
+        "\xbd\xf8\x8e\xb1\xf8\x6a\x0c\xdf"
+        "\x0e\x84\x0b\xa8\x8f\xa1\x18\x50"
+        "\x83\x69\xdf\x18\x6c\x73\x55\xb4"
+        "\xb1\x6c\xf7\x9f\xa2\x71\x0a\x12";
+    blake2s_kat[i].outLen = 0;
+    i++;
+    blake2s_kat[i].input =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+        "0123456789";
+    blake2s_kat[i].inLen = 62;
+    blake2s_kat[i].output =
+        "\xc7\x54\x39\xea\x17\xe1\xde\x6f"
+        "\xa4\x51\x0c\x33\x5d\xc3\xd3\xf3"
+        "\x43\xe6\xf9\xe1\xce\x27\x73\xe2"
+        "\x5b\x41\x74\xf1\xdf\x8b\x11\x9b";
+    blake2s_kat[i].outLen = 0;
+    i++;
+    blake2s_kat[i].input = "1234567890123456789012345678901234567890"
+                           "1234567890123456789012345678901234567890";
+    blake2s_kat[i].inLen = 80;
+    blake2s_kat[i].output =
+        "\xfd\xae\xdb\x29\x0a\x0d\x5a\xf9"
+        "\x87\x08\x64\xfe\xc2\xe0\x90\x20"
+        "\x09\x89\xdc\x9c\xd5\x3a\x3c\x09"
+        "\x21\x29\xe8\x53\x5e\x8b\x4f\x66";
+    blake2s_kat[i].outLen = 0;
+
+    for (i = 0; i < BLAKE2S_KAT_CNT; i++) {
+        /* Do KAT. */
+        ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+        ExpectIntEQ(wc_Blake2sUpdate(&blake, (byte*)blake2s_kat[i].input,
+            (word32)blake2s_kat[i].inLen), 0);
+        ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0);
+        ExpectBufEQ(hash, (byte*)blake2s_kat[i].output, WC_BLAKE2S_DIGEST_SIZE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Blake2s_other(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_BLAKE2S
+    Blake2s blake;
+    byte hash[WC_BLAKE2S_DIGEST_SIZE + 1];
+    byte data[WC_BLAKE2S_DIGEST_SIZE * 8 + 1];
+    int dataLen = WC_BLAKE2S_DIGEST_SIZE * 8;
+    const char* expHash =
+        "\x30\x1c\x41\x93\xd0\x63\x99\xeb"
+        "\x17\x68\x7a\xfb\xba\x58\x47\x33"
+        "\xad\x62\xea\x91\x77\x20\xf0\x72"
+        "\x11\xe3\x9e\x29\xe9\xc8\x24\x59";
+    int i;
+    int j;
+
+    XMEMSET(data, 0xa5, sizeof(data));
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+
+    /* Unaligned input and output buffer. */
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, data + 1, dataLen), 0);
+    ExpectIntEQ(wc_Blake2sFinal(&blake, hash + 1, WC_BLAKE2S_DIGEST_SIZE), 0);
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_BLAKE2S_DIGEST_SIZE);
+
+    /* Test that empty updates work. */
+    ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, NULL, 0), 0);
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, (byte*)"", 0), 0);
+    ExpectIntEQ(wc_Blake2sUpdate(&blake, data, dataLen), 0);
+    ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0);
+    ExpectBufEQ(hash, (byte*)expHash, WC_BLAKE2S_DIGEST_SIZE);
+
+    /* Ensure chunking works. */
+    for (i = 1; i < dataLen; i++) {
+        ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0);
+        for (j = 0; j < dataLen; j += i) {
+             int len = dataLen - j;
+             if (i < len)
+                 len = i;
+             ExpectIntEQ(wc_Blake2sUpdate(&blake, data + j, len), 0);
+        }
+        ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0);
+        ExpectBufEQ(hash, (byte*)expHash, WC_BLAKE2S_DIGEST_SIZE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_blake2.h b/tests/api/test_blake2.h
new file mode 100644
index 000000000..0d0ef38e6
--- /dev/null
+++ b/tests/api/test_blake2.h
@@ -0,0 +1,57 @@
+/* test_blake2.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_BLAKE2_H
+#define WOLFCRYPT_TEST_BLAKE2_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitBlake2b(void);
+int test_wc_InitBlake2b_WithKey(void);
+int test_wc_Blake2bUpdate(void);
+int test_wc_Blake2bFinal(void);
+int test_wc_Blake2b_KATs(void);
+int test_wc_Blake2b_other(void);
+
+int test_wc_InitBlake2s(void);
+int test_wc_InitBlake2s_WithKey(void);
+int test_wc_Blake2sUpdate(void);
+int test_wc_Blake2sFinal(void);
+int test_wc_Blake2s_KATs(void);
+int test_wc_Blake2s_other(void);
+
+#define TEST_BLAKE2B_DECLS                                      \
+    TEST_DECL_GROUP("blake2b", test_wc_InitBlake2b),            \
+    TEST_DECL_GROUP("blake2b", test_wc_InitBlake2b_WithKey),    \
+    TEST_DECL_GROUP("blake2b", test_wc_Blake2bUpdate),          \
+    TEST_DECL_GROUP("blake2b", test_wc_Blake2bFinal),           \
+    TEST_DECL_GROUP("blake2b", test_wc_Blake2b_KATs),           \
+    TEST_DECL_GROUP("blake2b", test_wc_Blake2b_other)
+
+#define TEST_BLAKE2S_DECLS                                      \
+    TEST_DECL_GROUP("blake2s", test_wc_InitBlake2s),            \
+    TEST_DECL_GROUP("blake2s", test_wc_InitBlake2s_WithKey),    \
+    TEST_DECL_GROUP("blake2s", test_wc_Blake2sUpdate),          \
+    TEST_DECL_GROUP("blake2s", test_wc_Blake2sFinal),           \
+    TEST_DECL_GROUP("blake2s", test_wc_Blake2s_KATs),           \
+    TEST_DECL_GROUP("blake2s", test_wc_Blake2s_other)
+
+#endif /* WOLFCRYPT_TEST_BLAKE2_H */
diff --git a/tests/api/test_camellia.c b/tests/api/test_camellia.c
new file mode 100644
index 000000000..5b2b39527
--- /dev/null
+++ b/tests/api/test_camellia.c
@@ -0,0 +1,216 @@
+/* test_camellia.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/camellia.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_camellia.h>
+
+/*
+ * testing wc_CamelliaSetKey
+ */
+int test_wc_CamelliaSetKey(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CAMELLIA
+    wc_Camellia camellia;
+    /*128-bit key*/
+    static const byte key16[] = {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
+    };
+    /* 192-bit key */
+    static const byte key24[] = {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
+    };
+    /* 256-bit key */
+    static const byte key32[] = {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
+    };
+    static const byte iv[] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+    };
+
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv),
+        0);
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16),
+        NULL), 0);
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv),
+        0);
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
+        NULL), 0);
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), iv),
+        0);
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32),
+        NULL), 0);
+
+    /* Bad args. */
+    ExpectIntEQ(wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_CameliaSetKey */
+
+/*
+ * Testing wc_CamelliaSetIV()
+ */
+int test_wc_CamelliaSetIV(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CAMELLIA
+    wc_Camellia    camellia;
+    static const byte iv[] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+    };
+
+    ExpectIntEQ(wc_CamelliaSetIV(&camellia, iv), 0);
+    ExpectIntEQ(wc_CamelliaSetIV(&camellia, NULL), 0);
+
+    /* Bad args. */
+    ExpectIntEQ(wc_CamelliaSetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaSetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_CamelliaSetIV*/
+
+/*
+ * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect
+ */
+int test_wc_CamelliaEncryptDecryptDirect(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CAMELLIA
+    wc_Camellia camellia;
+    static const byte key24[] = {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
+    };
+    static const byte iv[] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+    };
+    static const byte plainT[] = {
+        0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+        0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
+    };
+    byte    enc[sizeof(plainT)];
+    byte    dec[sizeof(enc)];
+
+    /* Init stack variables.*/
+    XMEMSET(enc, 0, 16);
+    XMEMSET(enc, 0, 16);
+
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv),
+        0);
+    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, plainT), 0);
+    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, enc), 0);
+    ExpectIntEQ(XMEMCMP(plainT, dec, WC_CAMELLIA_BLOCK_SIZE), 0);
+
+    /* Pass bad args. */
+    ExpectIntEQ(wc_CamelliaEncryptDirect(NULL, enc, plainT),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, NULL, plainT),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_CamelliaDecryptDirect(NULL, dec, enc),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, NULL, enc),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test-wc_CamelliaEncryptDecryptDirect */
+
+/*
+ * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt
+ */
+int test_wc_CamelliaCbcEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CAMELLIA
+    wc_Camellia camellia;
+    static const byte key24[] = {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
+    };
+    static const byte plainT[] = {
+        0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+        0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
+    };
+    byte    enc[WC_CAMELLIA_BLOCK_SIZE];
+    byte    dec[WC_CAMELLIA_BLOCK_SIZE];
+
+    /* Init stack variables. */
+    XMEMSET(enc, 0, WC_CAMELLIA_BLOCK_SIZE);
+    XMEMSET(enc, 0, WC_CAMELLIA_BLOCK_SIZE);
+
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
+        NULL), 0);
+    ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, plainT,
+        WC_CAMELLIA_BLOCK_SIZE), 0);
+
+    ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
+        NULL), 0);
+    ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, enc,
+        WC_CAMELLIA_BLOCK_SIZE),
+        0);
+    ExpectIntEQ(XMEMCMP(plainT, dec, WC_CAMELLIA_BLOCK_SIZE), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_CamelliaCbcEncrypt(NULL, enc, plainT,
+        WC_CAMELLIA_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, NULL, plainT,
+        WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, NULL,
+        WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_CamelliaCbcDecrypt(NULL, dec, enc, WC_CAMELLIA_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, NULL, enc,
+        WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
+        WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_CamelliaCbcEncryptDecrypt */
+
diff --git a/tests/api/test_camellia.h b/tests/api/test_camellia.h
new file mode 100644
index 000000000..d981749fa
--- /dev/null
+++ b/tests/api/test_camellia.h
@@ -0,0 +1,38 @@
+/* test_camellia.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_CAMELLIA_H
+#define WOLFCRYPT_TEST_CAMELLIA_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_CamelliaSetKey(void);
+int test_wc_CamelliaSetIV(void);
+int test_wc_CamelliaEncryptDecryptDirect(void);
+int test_wc_CamelliaCbcEncryptDecrypt(void);
+
+#define TEST_CAMELLIA_DECLS                                             \
+    TEST_DECL_GROUP("camellia", test_wc_CamelliaSetKey),                \
+    TEST_DECL_GROUP("camellia", test_wc_CamelliaSetIV),                 \
+    TEST_DECL_GROUP("camellia", test_wc_CamelliaEncryptDecryptDirect),  \
+    TEST_DECL_GROUP("camellia", test_wc_CamelliaCbcEncryptDecrypt)
+
+#endif /* WOLFCRYPT_TEST_CAMELLIA_H */
diff --git a/tests/api/test_chacha.c b/tests/api/test_chacha.c
new file mode 100644
index 000000000..ef48e3afc
--- /dev/null
+++ b/tests/api/test_chacha.c
@@ -0,0 +1,188 @@
+/* test_chacha.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/chacha.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_chacha.h>
+
+/*
+ * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV()
+ */
+int test_wc_Chacha_SetKey(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CHACHA
+    ChaCha     ctx;
+    const byte key[] = {
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
+    };
+    word32 keySz = (word32)(sizeof(key)/sizeof(byte));
+    byte       cipher[128];
+
+    XMEMSET(cipher, 0, sizeof(cipher));
+    ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, keySz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_Chacha_SetKey(NULL, key, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, 18), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Chacha_SetIV(&ctx, cipher, 0), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_Chacha_SetIV(NULL, cipher, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Chacha_SetKey */
+
+/*
+ * Testing wc_Chacha_Process()
+ */
+int test_wc_Chacha_Process(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CHACHA
+    ChaCha      enc, dec;
+    byte        cipher[128];
+    byte        plain[128];
+    const byte  key[] =
+    {
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
+    };
+    const char* input = "Everybody gets Friday off.";
+    word32      keySz = sizeof(key)/sizeof(byte);
+    unsigned long int inlen = XSTRLEN(input);
+
+    /* Initialize stack variables. */
+    XMEMSET(cipher, 0, 128);
+    XMEMSET(plain, 0, 128);
+
+    ExpectIntEQ(wc_Chacha_SetKey(&enc, key, keySz), 0);
+    ExpectIntEQ(wc_Chacha_SetKey(&dec, key, keySz), 0);
+    ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0);
+    ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0);
+
+    ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen),
+        0);
+    ExpectIntEQ(wc_Chacha_Process(&dec, plain, cipher, (word32)inlen), 0);
+    ExpectIntEQ(XMEMCMP(input, plain, inlen), 0);
+
+#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
+    /* test checking and using leftovers, currently just in C code */
+    ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0);
+    ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0);
+
+    ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input,
+        (word32)inlen - 2), 0);
+    ExpectIntEQ(wc_Chacha_Process(&enc, cipher + (inlen - 2),
+        (byte*)input + (inlen - 2), 2), 0);
+    ExpectIntEQ(wc_Chacha_Process(&dec, plain, (byte*)cipher,
+        (word32)inlen - 2), 0);
+    ExpectIntEQ(wc_Chacha_Process(&dec, cipher + (inlen - 2),
+        (byte*)input + (inlen - 2), 2), 0);
+    ExpectIntEQ(XMEMCMP(input, plain, inlen), 0);
+
+    /* check edge cases with counter increment */
+    {
+        /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/
+        const byte expected[] = {
+            0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F,
+            0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D,
+            0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20,
+            0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29,
+            0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37,
+            0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38,
+            0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88,
+            0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5,
+            0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E,
+            0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51,
+            0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5,
+            0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43,
+            0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07,
+            0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E,
+            0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4,
+            0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37,
+            0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9,
+            0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04,
+            0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06,
+            0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8,
+            0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B,
+            0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35,
+            0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54,
+            0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19,
+            0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3,
+            0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B,
+            0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23,
+            0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3,
+            0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41,
+            0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2,
+            0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35,
+            0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14
+        };
+        const byte iv2[] = {
+            0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9,
+            0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93
+        };
+        byte input2[256];
+        int i;
+
+        for (i = 0; i < 256; i++)
+            input2[i] = (byte)i;
+
+        ExpectIntEQ(wc_Chacha_SetIV(&enc, iv2, 0), 0);
+
+        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2, 64), 0);
+        ExpectIntEQ(XMEMCMP(expected, cipher, 64), 0);
+
+        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 64, 128), 0);
+        ExpectIntEQ(XMEMCMP(expected + 64, cipher, 128), 0);
+
+        /* partial */
+        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 192, 32), 0);
+        ExpectIntEQ(XMEMCMP(expected + 192, cipher, 32), 0);
+
+        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 224, 32), 0);
+        ExpectIntEQ(XMEMCMP(expected + 224, cipher, 32), 0);
+    }
+#endif
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Chacha_Process */
+
diff --git a/tests/api/test_chacha.h b/tests/api/test_chacha.h
new file mode 100644
index 000000000..4817ddf47
--- /dev/null
+++ b/tests/api/test_chacha.h
@@ -0,0 +1,34 @@
+/* test_chacha.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_CHACHA_H
+#define WOLFCRYPT_TEST_CHACHA_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_Chacha_SetKey(void);
+int test_wc_Chacha_Process(void);
+
+#define TEST_CHACHA_DECLS                               \
+    TEST_DECL_GROUP("chacha", test_wc_Chacha_SetKey),   \
+    TEST_DECL_GROUP("chacha", test_wc_Chacha_Process)
+
+#endif /* WOLFCRYPT_TEST_CHACHA_H */
diff --git a/tests/api/test_chacha20_poly1305.c b/tests/api/test_chacha20_poly1305.c
new file mode 100644
index 000000000..7001827e3
--- /dev/null
+++ b/tests/api/test_chacha20_poly1305.c
@@ -0,0 +1,156 @@
+/* test_chacha20_poly1305.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_chacha20_poly1305.h>
+
+/*
+ * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt()
+ */
+int test_wc_ChaCha20Poly1305_aead(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+    const byte  key[] = {
+        0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+        0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+        0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+        0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+    };
+    const byte  plaintext[] = {
+        0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
+        0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
+        0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+        0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
+        0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
+        0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+        0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
+        0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
+        0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+        0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
+        0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
+        0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+        0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
+        0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
+        0x74, 0x2e
+    };
+    const byte  iv[] = {
+        0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
+        0x44, 0x45, 0x46, 0x47
+    };
+    const byte  aad[] = { /* additional data */
+        0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
+        0xc4, 0xc5, 0xc6, 0xc7
+    };
+    const byte  cipher[] = { /* expected output from operation */
+        0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
+        0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
+        0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
+        0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
+        0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
+        0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+        0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
+        0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
+        0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
+        0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
+        0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
+        0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+        0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
+        0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
+        0x61, 0x16
+    };
+    const byte  authTag[] = { /* expected output from operation */
+        0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
+        0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
+    };
+    byte        generatedCiphertext[272];
+    byte        generatedPlaintext[272];
+    byte        generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
+
+    /* Initialize stack variables. */
+    XMEMSET(generatedCiphertext, 0, 272);
+    XMEMSET(generatedPlaintext, 0, 272);
+
+    /* Test Encrypt */
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
+        plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
+        0);
+    ExpectIntEQ(XMEMCMP(generatedCiphertext, cipher,
+        sizeof(cipher)/sizeof(byte)), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad),
+        plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad),
+        plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL,
+        sizeof(plaintext), generatedCiphertext, generatedAuthTag),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
+        NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
+        plaintext, sizeof(plaintext), NULL, generatedAuthTag),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
+        plaintext, sizeof(plaintext), generatedCiphertext, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
+        sizeof(cipher), authTag, generatedPlaintext), 0);
+    ExpectIntEQ(XMEMCMP(generatedPlaintext, plaintext,
+        sizeof(plaintext)/sizeof(byte)), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher,
+        sizeof(cipher), authTag, generatedPlaintext),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad),
+        cipher, sizeof(cipher), authTag, generatedPlaintext),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
+        sizeof(cipher), authTag, generatedPlaintext),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
+        sizeof(cipher), NULL, generatedPlaintext),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
+        sizeof(cipher), authTag, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
+        sizeof(cipher), authTag, generatedPlaintext),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ChaCha20Poly1305_aead */
+
diff --git a/tests/api/test_chacha20_poly1305.h b/tests/api/test_chacha20_poly1305.h
new file mode 100644
index 000000000..4d813a5d7
--- /dev/null
+++ b/tests/api/test_chacha20_poly1305.h
@@ -0,0 +1,32 @@
+/* test_chacha20_poly1305.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_CHACHA20_POLY1305_H
+#define WOLFCRYPT_TEST_CHACHA20_POLY1305_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_ChaCha20Poly1305_aead(void);
+
+#define TEST_CHACHA20_POLY1305_DECLS                                    \
+    TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_aead)
+
+#endif /* WOLFCRYPT_TEST_CHACHA20_POLY1305_H */
diff --git a/tests/api/test_cmac.c b/tests/api/test_cmac.c
new file mode 100644
index 000000000..b474db9f8
--- /dev/null
+++ b/tests/api/test_cmac.c
@@ -0,0 +1,251 @@
+/* test_cmac.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/cmac.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_cmac.h>
+
+/*
+ * Testing wc_InitCmac()
+ */
+int test_wc_InitCmac(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
+    Cmac        cmac1;
+    Cmac        cmac2;
+    Cmac        cmac3;
+    /* AES 128 key. */
+    byte        key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
+                         "\x09\x10\x11\x12\x13\x14\x15\x16";
+    /* AES 192 key. */
+    byte        key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
+                         "\x09\x01\x11\x12\x13\x14\x15\x16"
+                         "\x01\x02\x03\x04\x05\x06\x07\x08";
+    /* AES 256 key. */
+    byte        key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
+                         "\x09\x01\x11\x12\x13\x14\x15\x16"
+                         "\x01\x02\x03\x04\x05\x06\x07\x08"
+                         "\x09\x01\x11\x12\x13\x14\x15\x16";
+    word32      key1Sz = (word32)sizeof(key1) - 1;
+    word32      key2Sz = (word32)sizeof(key2) - 1;
+    word32      key3Sz = (word32)sizeof(key3) - 1;
+    int         type   = WC_CMAC_AES;
+
+    (void)key1;
+    (void)key1Sz;
+    (void)key2;
+    (void)key2Sz;
+
+    XMEMSET(&cmac1, 0, sizeof(Cmac));
+    XMEMSET(&cmac2, 0, sizeof(Cmac));
+    XMEMSET(&cmac3, 0, sizeof(Cmac));
+
+#ifdef WOLFSSL_AES_128
+    ExpectIntEQ(wc_InitCmac(&cmac1, key1, key1Sz, type, NULL), 0);
+#endif
+#ifdef WOLFSSL_AES_192
+    wc_AesFree(&cmac1.aes);
+    ExpectIntEQ(wc_InitCmac(&cmac2, key2, key2Sz, type, NULL), 0);
+#endif
+#ifdef WOLFSSL_AES_256
+    wc_AesFree(&cmac2.aes);
+    ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, type, NULL), 0);
+#endif
+
+    wc_AesFree(&cmac3.aes);
+    /* Test bad args. */
+    ExpectIntEQ(wc_InitCmac(NULL, key3, key3Sz, type, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitCmac(&cmac3, key3, 0, type, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitCmac */
+
+/*
+ * Testing wc_CmacUpdate()
+ */
+int test_wc_CmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
+    Cmac        cmac;
+    byte        key[] = {
+        0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
+        0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
+    };
+    byte        in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64"
+                       "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17"
+                       "\xb3\x78\xcf\x85\x22\x41\x74\xd9"
+                       "\xa0\x97\x39\x71\x62\xf1\x8e\x8f"
+                       "\xf4";
+    word32      inSz  = (word32)sizeof(in) - 1;
+    word32      keySz = (word32)sizeof(key);
+    int         type  = WC_CMAC_AES;
+
+    XMEMSET(&cmac, 0, sizeof(Cmac));
+
+    ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0);
+    ExpectIntEQ(wc_CmacUpdate(&cmac, in, inSz), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_CmacUpdate(NULL, in, inSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacUpdate(&cmac, NULL, 30), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    wc_AesFree(&cmac.aes);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_CmacUpdate */
+
+/*
+ * Testing wc_CmacFinal()
+ */
+int test_wc_CmacFinal(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
+    Cmac        cmac;
+    byte        key[] = {
+        0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
+        0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
+    };
+    byte        msg[] = {
+        0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64,
+        0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17,
+        0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9,
+        0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f,
+        0xf4
+    };
+    /* Test vectors from CMACGenAES128.rsp from
+     * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac
+     * Per RFC4493 truncation of lsb is possible.
+     */
+    byte        expMac[] = {
+        0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae,
+        0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb
+    };
+    byte        mac[WC_AES_BLOCK_SIZE];
+    word32      msgSz    = (word32)sizeof(msg);
+    word32      keySz    = (word32)sizeof(key);
+    word32      macSz    = sizeof(mac);
+    word32      badMacSz = 17;
+    int         expMacSz = sizeof(expMac);
+    int         type     = WC_CMAC_AES;
+
+    XMEMSET(&cmac, 0, sizeof(Cmac));
+    XMEMSET(mac, 0, macSz);
+
+    ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0);
+    ExpectIntEQ(wc_CmacUpdate(&cmac, msg, msgSz), 0);
+
+#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_CmacFinalNoFree(NULL, mac, &macSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacFinalNoFree(&cmac, NULL, &macSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacFinalNoFree(&cmac, mac, &badMacSz),
+        WC_NO_ERR_TRACE(BUFFER_E));
+
+    /* For the last call, use the API with implicit wc_CmacFree(). */
+    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0);
+    ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
+#else /* !HAVE_FIPS || FIPS>=5.3 */
+    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0);
+    ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_CmacFinal(NULL, mac, &macSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacFinal(&cmac, NULL, &macSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CmacFinal(&cmac, mac, &badMacSz), WC_NO_ERR_TRACE(BUFFER_E));
+#endif /* !HAVE_FIPS || FIPS>=5.3 */
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_CmacFinal */
+
+/*
+ * Testing wc_AesCmacGenerate() && wc_AesCmacVerify()
+ */
+int test_wc_AesCmacGenerate(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
+    byte        key[] = {
+        0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e,
+        0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69
+    };
+    byte        msg[]    = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8"
+                           "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4";
+    byte        expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6"
+                           "\x3d\x32\x65\x4c\x66\x23\xc5";
+    byte        mac[WC_AES_BLOCK_SIZE];
+    word32      keySz    = sizeof(key);
+    word32      macSz    = sizeof(mac);
+    word32      msgSz    = sizeof(msg) - 1;
+    word32      expMacSz = sizeof(expMac) - 1;
+
+    XMEMSET(mac, 0, macSz);
+
+    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz), 0);
+    ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_AesCmacGenerate */
+
diff --git a/tests/api/test_cmac.h b/tests/api/test_cmac.h
new file mode 100644
index 000000000..9e4cf8dd7
--- /dev/null
+++ b/tests/api/test_cmac.h
@@ -0,0 +1,38 @@
+/* test_cmac.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_CMAC_H
+#define WOLFCRYPT_TEST_CMAC_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitCmac(void);
+int test_wc_CmacUpdate(void);
+int test_wc_CmacFinal(void);
+int test_wc_AesCmacGenerate(void);
+
+#define TEST_CMAC_DECLS                                 \
+    TEST_DECL_GROUP("cmac", test_wc_InitCmac),          \
+    TEST_DECL_GROUP("cmac", test_wc_CmacUpdate),        \
+    TEST_DECL_GROUP("cmac", test_wc_CmacFinal),         \
+    TEST_DECL_GROUP("cmac", test_wc_AesCmacGenerate)
+
+#endif /* WOLFCRYPT_TEST_CMAC_H */
diff --git a/tests/api/test_curve25519.c b/tests/api/test_curve25519.c
new file mode 100644
index 000000000..ff89638a0
--- /dev/null
+++ b/tests/api/test_curve25519.c
@@ -0,0 +1,549 @@
+/* test_curve25519.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/curve25519.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_curve25519.h>
+
+
+/*
+ * Testing wc_curve25519_init and wc_curve25519_free.
+ */
+int test_wc_curve25519_init(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE25519)
+    curve25519_key key;
+
+    ExpectIntEQ(wc_curve25519_init(&key), 0);
+    /* Test bad args for wc_curve25519_init */
+    ExpectIntEQ(wc_curve25519_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args for wc_curve_25519_free */
+    wc_curve25519_free(&key);
+    /* Test bad args for wc_curve25519 free. */
+    wc_curve25519_free(NULL);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve25519_init and wc_curve_25519_free */
+/*
+ * Testing test_wc_curve25519_size.
+ */
+int test_wc_curve25519_size(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE25519)
+    curve25519_key key;
+
+    ExpectIntEQ(wc_curve25519_init(&key), 0);
+
+    /* Test good args for wc_curve25519_size */
+    ExpectIntEQ(wc_curve25519_size(&key), CURVE25519_KEYSIZE);
+    /* Test bad args for wc_curve25519_size */
+    ExpectIntEQ(wc_curve25519_size(NULL), 0);
+
+    wc_curve25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve25519_size */
+
+/*
+ * Testing test_wc_curve25519_export_key_raw().
+ */
+int test_wc_curve25519_export_key_raw(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
+    curve25519_key key;
+    WC_RNG         rng;
+    byte           privateKey[CURVE25519_KEYSIZE];
+    byte           publicKey[CURVE25519_KEYSIZE];
+    word32         prvkSz;
+    word32         pubkSz;
+    byte           prik[CURVE25519_KEYSIZE];
+    byte           pubk[CURVE25519_KEYSIZE];
+    word32         prksz;
+    word32         pbksz;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
+
+    /* bad-argument-test cases - target function should return BAD_FUNC_ARG */
+    prvkSz = CURVE25519_KEYSIZE;
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw(NULL, privateKey, &prvkSz,
+        publicKey, &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    prvkSz = CURVE25519_KEYSIZE;
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw(&key, NULL, &prvkSz, publicKey,
+        &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    prvkSz = CURVE25519_KEYSIZE;
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, NULL,
+        publicKey, &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* prvkSz = CURVE25519_KEYSIZE; */
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
+        NULL, &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    prvkSz = CURVE25519_KEYSIZE;
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
+        publicKey, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* cross-testing */
+    prksz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_private_raw(&key, prik, &prksz), 0);
+    pbksz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_public(&key, pubk, &pbksz), 0);
+    prvkSz = CURVE25519_KEYSIZE;
+    /* pubkSz = CURVE25519_KEYSIZE; */
+    ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
+        publicKey,  &pubkSz), 0);
+    ExpectIntEQ(prksz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(pbksz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE), 0);
+    ExpectIntEQ(XMEMCMP(publicKey,  pubk, CURVE25519_KEYSIZE), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* end of test_wc_curve25519_export_key_raw */
+
+/*
+ * Testing test_wc_curve25519_export_key_raw_ex().
+ */
+int test_wc_curve25519_export_key_raw_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
+    curve25519_key key;
+    WC_RNG         rng;
+    byte           privateKey[CURVE25519_KEYSIZE];
+    byte           publicKey[CURVE25519_KEYSIZE];
+    word32         prvkSz;
+    word32         pubkSz;
+    byte           prik[CURVE25519_KEYSIZE];
+    byte           pubk[CURVE25519_KEYSIZE];
+    word32         prksz;
+    word32         pbksz;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
+
+    /* bad-argument-test cases - target function should return BAD_FUNC_ARG */
+    prvkSz = CURVE25519_KEYSIZE;
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(NULL, privateKey,
+        &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    prvkSz = CURVE25519_KEYSIZE;
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, NULL,
+        &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    prvkSz = CURVE25519_KEYSIZE;
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
+        NULL, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* prvkSz = CURVE25519_KEYSIZE; */
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
+        &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    prvkSz = CURVE25519_KEYSIZE;
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
+        &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    prvkSz = CURVE25519_KEYSIZE;
+    /* pubkSz = CURVE25519_KEYSIZE; */
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(NULL, privateKey,
+        &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    prvkSz = CURVE25519_KEYSIZE;
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, NULL,
+        &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    prvkSz = CURVE25519_KEYSIZE;
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
+        NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* prvkSz = CURVE25519_KEYSIZE; */
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
+        &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    prvkSz = CURVE25519_KEYSIZE;
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
+        &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* illegal value for endian */
+    prvkSz = CURVE25519_KEYSIZE;
+    /* pubkSz = CURVE25519_KEYSIZE; */
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz,
+        publicKey, NULL, EC25519_BIG_ENDIAN + 10),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* cross-testing */
+    prksz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_private_raw( &key, prik, &prksz), 0);
+    pbksz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_public( &key, pubk, &pbksz), 0);
+    prvkSz = CURVE25519_KEYSIZE;
+    /* pubkSz = CURVE25519_KEYSIZE; */
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz,
+        publicKey, &pubkSz, EC25519_BIG_ENDIAN), 0);
+    ExpectIntEQ(prksz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(pbksz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE), 0);
+    ExpectIntEQ(XMEMCMP(publicKey,  pubk, CURVE25519_KEYSIZE), 0);
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz,
+        publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), 0);
+    ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE);
+
+    /* try once with another endian */
+    prvkSz = CURVE25519_KEYSIZE;
+    pubkSz = CURVE25519_KEYSIZE;
+    ExpectIntEQ(wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz,
+        publicKey, &pubkSz, EC25519_BIG_ENDIAN), 0);
+    ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* end of test_wc_curve25519_export_key_raw_ex */
+
+/*
+ * Testing wc_curve25519_make_key
+ */
+int test_wc_curve25519_make_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE25519)
+    curve25519_key key;
+    WC_RNG         rng;
+    int            keysize = 0;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
+    ExpectIntEQ(keysize = wc_curve25519_size(&key), CURVE25519_KEYSIZE);
+    ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, &key), 0);
+    /* test bad cases */
+    ExpectIntEQ(wc_curve25519_make_key(NULL, 0, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_make_key(NULL, keysize, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_make_key(&rng, 0, &key),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve25519_make_key */
+
+/*
+ * Testing wc_curve25519_shared_secret_ex
+ */
+int test_wc_curve25519_shared_secret_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE25519)
+    curve25519_key private_key;
+    curve25519_key public_key;
+    WC_RNG         rng;
+    byte           out[CURVE25519_KEYSIZE];
+    word32         outLen = sizeof(out);
+    int            endian = EC25519_BIG_ENDIAN;
+
+    ExpectIntEQ(wc_curve25519_init(&private_key), 0);
+#ifdef WOLFSSL_CURVE25519_BLINDING
+    ExpectIntEQ(wc_curve25519_set_rng(&private_key, &rng), 0);
+#endif
+    ExpectIntEQ(wc_curve25519_init(&public_key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key),
+        0);
+    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key),
+        0);
+
+    ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
+        &outLen, endian), 0);
+
+    /* test bad cases */
+    ExpectIntEQ(wc_curve25519_shared_secret_ex(NULL, NULL, NULL, 0, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_shared_secret_ex(NULL, &public_key, out, &outLen,
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, NULL, out, &outLen,
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL,
+        &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
+        NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* curve25519.c is checking for public_key size less than or equal to 0x7f,
+     * increasing to 0x8f checks for error being returned */
+    public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F;
+    ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
+        &outLen, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    outLen = outLen - 2;
+    ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
+        &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve25519_free(&private_key);
+    wc_curve25519_free(&public_key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve25519_shared_secret_ex */
+
+/*
+ * Testing wc_curve25519_make_pub
+ */
+int test_wc_curve25519_make_pub(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CURVE25519
+    curve25519_key key;
+    WC_RNG         rng;
+    byte           out[CURVE25519_KEYSIZE];
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
+
+    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof(out), out,
+        (int)sizeof(key.k), key.k), 0);
+    /* test bad cases */
+    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof(key.k) - 1, key.k,
+        (int)sizeof out, out), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
+        NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out - 1, out,
+        (int)sizeof(key.k), key.k), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, NULL,
+        (int)sizeof(key.k), key.k), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    /* verify clamping test */
+    key.k[0] |= ~248;
+    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
+        key.k), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    key.k[0] &= 248;
+    /* repeat the expected-to-succeed test. */
+    ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
+        key.k), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve25519_make_pub */
+
+/*
+ * Testing test_wc_curve25519_export_public_ex
+ */
+int test_wc_curve25519_export_public_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE25519)
+    curve25519_key key;
+    WC_RNG         rng;
+    byte           out[CURVE25519_KEYSIZE];
+    word32         outLen = sizeof(out);
+    int            endian = EC25519_BIG_ENDIAN;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
+
+    ExpectIntEQ(wc_curve25519_export_public(&key, out, &outLen), 0);
+    ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, &outLen, endian), 0);
+    /* test bad cases */
+    ExpectIntEQ(wc_curve25519_export_public_ex(NULL, NULL, NULL, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_export_public_ex(NULL, out, &outLen, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_export_public_ex(&key, NULL, &outLen, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, NULL, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    outLen = outLen - 2;
+    ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, &outLen, endian),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve25519_export_public_ex */
+
+/*
+ * Testing test_wc_curve25519_export_private_raw_ex
+ */
+int test_wc_curve25519_export_private_raw_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE25519)
+    curve25519_key key;
+    byte           out[CURVE25519_KEYSIZE];
+    word32         outLen = sizeof(out);
+    int            endian = EC25519_BIG_ENDIAN;
+
+    ExpectIntEQ(wc_curve25519_init(&key), 0);
+
+    ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian),
+        0);
+    /* test bad cases */
+    ExpectIntEQ(wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, NULL, &outLen,
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, NULL, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen,
+        EC25519_LITTLE_ENDIAN), 0);
+    outLen = outLen - 2;
+    ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    wc_curve25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve25519_export_private_raw_ex */
+
+/*
+ * Testing test_wc_curve25519_import_private_raw_ex
+ */
+int test_wc_curve25519_import_private_raw_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE25519)
+    curve25519_key key;
+    WC_RNG         rng;
+    byte           priv[CURVE25519_KEYSIZE];
+    byte           pub[CURVE25519_KEYSIZE];
+    word32         privSz = sizeof(priv);
+    word32         pubSz = sizeof(pub);
+    int            endian = EC25519_BIG_ENDIAN;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
+
+    ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, priv, &privSz,
+        endian), 0);
+    ExpectIntEQ(wc_curve25519_export_public(&key, pub, &pubSz), 0);
+    ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
+        &key, endian), 0);
+    /* test bad cases */
+    ExpectIntEQ(wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL,
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz,
+        &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz,
+        &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
+        NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz,
+        &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0,
+        &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
+        &key, EC25519_LITTLE_ENDIAN), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve25519_import_private_raw_ex */
+
+/*
+ * Testing test_wc_curve25519_import_private
+ */
+int test_wc_curve25519_import_private(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE25519)
+    curve25519_key key;
+    WC_RNG         rng;
+    byte           priv[CURVE25519_KEYSIZE];
+    word32         privSz = sizeof(priv);
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
+
+    ExpectIntEQ(wc_curve25519_export_private_raw(&key, priv, &privSz), 0);
+    ExpectIntEQ(wc_curve25519_import_private(priv, privSz, &key), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve25519_import */
+
diff --git a/tests/api/test_curve25519.h b/tests/api/test_curve25519.h
new file mode 100644
index 000000000..7dc8b768a
--- /dev/null
+++ b/tests/api/test_curve25519.h
@@ -0,0 +1,52 @@
+/* test_curve25519.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_CURVE25519_H
+#define WOLFCRYPT_TEST_CURVE25519_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_curve25519_init(void);
+int test_wc_curve25519_size(void);
+int test_wc_curve25519_export_key_raw(void);
+int test_wc_curve25519_export_key_raw_ex(void);
+int test_wc_curve25519_make_key(void);
+int test_wc_curve25519_shared_secret_ex(void);
+int test_wc_curve25519_make_pub(void);
+int test_wc_curve25519_export_public_ex(void);
+int test_wc_curve25519_export_private_raw_ex(void);
+int test_wc_curve25519_import_private_raw_ex(void);
+int test_wc_curve25519_import_private(void);
+
+#define TEST_CURVE25519_DECLS                                                  \
+    TEST_DECL_GROUP("curve25519", test_wc_curve25519_init),                    \
+    TEST_DECL_GROUP("curve25519", test_wc_curve25519_size),                    \
+    TEST_DECL_GROUP("curve25519", test_wc_curve25519_export_key_raw),          \
+    TEST_DECL_GROUP("curve25519", test_wc_curve25519_export_key_raw_ex),       \
+    TEST_DECL_GROUP("curve25519", test_wc_curve25519_make_key),                \
+    TEST_DECL_GROUP("curve25519", test_wc_curve25519_shared_secret_ex),        \
+    TEST_DECL_GROUP("curve25519", test_wc_curve25519_make_pub),                \
+    TEST_DECL_GROUP("curve25519", test_wc_curve25519_export_public_ex),        \
+    TEST_DECL_GROUP("curve25519", test_wc_curve25519_export_private_raw_ex),   \
+    TEST_DECL_GROUP("curve25519", test_wc_curve25519_import_private_raw_ex),   \
+    TEST_DECL_GROUP("curve25519", test_wc_curve25519_import_private)
+
+#endif /* WOLFCRYPT_TEST_CURVE25519_H */
diff --git a/tests/api/test_curve448.c b/tests/api/test_curve448.c
new file mode 100644
index 000000000..0ae3736a8
--- /dev/null
+++ b/tests/api/test_curve448.c
@@ -0,0 +1,399 @@
+/* test_curve448.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/curve448.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_curve448.h>
+
+/*
+ * Testing wc_curve448_make_key
+ */
+int test_wc_curve448_make_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448)
+    curve448_key key;
+    WC_RNG       rng;
+    int          keysize = 0;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve448_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
+    ExpectIntEQ(keysize = wc_curve448_size(&key), CURVE448_KEY_SIZE);
+    ExpectIntEQ(wc_curve448_make_key(&rng, keysize, &key), 0);
+
+    /* test bad cases */
+    ExpectIntEQ(wc_curve448_make_key(NULL, 0, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_make_key(&rng, keysize, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_make_key(NULL, keysize, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_make_key(&rng, 0, &key),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve448_make_key */
+
+/*
+ * Testing test_wc_curve448_shared_secret_ex
+ */
+int test_wc_curve448_shared_secret_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448)
+    curve448_key private_key;
+    curve448_key public_key;
+    WC_RNG       rng;
+    byte         out[CURVE448_KEY_SIZE];
+    word32       outLen = sizeof(out);
+    int          endian = EC448_BIG_ENDIAN;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve448_init(&private_key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &private_key), 0);
+
+    ExpectIntEQ(wc_curve448_init(&public_key), 0);
+    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &public_key), 0);
+    ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
+        &outLen, endian), 0);
+
+    /* test bad cases */
+    ExpectIntEQ(wc_curve448_shared_secret_ex(NULL, NULL, NULL, 0, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_shared_secret_ex(NULL, &public_key, out, &outLen,
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, NULL, out, &outLen,
+        endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, NULL,
+        &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
+        NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    outLen = outLen - 2;
+    ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
+        &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve448_free(&private_key);
+    wc_curve448_free(&public_key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve448_shared_secret_ex */
+
+/*
+ * Testing test_wc_curve448_export_public_ex
+ */
+int test_wc_curve448_export_public_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448)
+    WC_RNG        rng;
+    curve448_key  key;
+    byte          out[CURVE448_KEY_SIZE];
+    word32        outLen = sizeof(out);
+    int           endian = EC448_BIG_ENDIAN;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve448_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
+
+    ExpectIntEQ(wc_curve448_export_public(&key, out, &outLen), 0);
+    ExpectIntEQ(wc_curve448_export_public_ex(&key, out, &outLen, endian), 0);
+    /* test bad cases */
+    ExpectIntEQ(wc_curve448_export_public_ex(NULL, NULL, NULL, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_export_public_ex(NULL, out, &outLen, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_export_public_ex(&key, NULL, &outLen, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_export_public_ex(&key, out, NULL, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    outLen = outLen - 2;
+    ExpectIntEQ(wc_curve448_export_public_ex(&key, out, &outLen, endian),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve448_export_public_ex */
+
+/*
+ * Testing test_wc_curve448_export_private_raw_ex
+ */
+int test_wc_curve448_export_private_raw_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448)
+    curve448_key key;
+    byte         out[CURVE448_KEY_SIZE];
+    word32       outLen = sizeof(out);
+    int          endian = EC448_BIG_ENDIAN;
+
+    ExpectIntEQ(wc_curve448_init(&key), 0);
+    ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen, endian),
+        0);
+    /* test bad cases */
+    ExpectIntEQ(wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, NULL, endian),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen,
+        EC448_LITTLE_ENDIAN), 0);
+    outLen = outLen - 2;
+    ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen, endian),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    wc_curve448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve448_export_private_raw_ex */
+
+/*
+ * Testing test_curve448_export_key_raw
+ */
+int test_wc_curve448_export_key_raw(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448)
+    curve448_key key;
+    WC_RNG       rng;
+    byte         priv[CURVE448_KEY_SIZE];
+    byte         pub[CURVE448_KEY_SIZE];
+    word32       privSz = sizeof(priv);
+    word32       pubSz = sizeof(pub);
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve448_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
+
+    ExpectIntEQ(wc_curve448_export_private_raw(&key, priv, &privSz), 0);
+    ExpectIntEQ(wc_curve448_export_public(&key, pub, &pubSz), 0);
+    ExpectIntEQ(wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz),
+        0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve448_import_private_raw_ex */
+
+/*
+ * Testing test_wc_curve448_import_private_raw_ex
+ */
+int test_wc_curve448_import_private_raw_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448)
+    curve448_key key;
+    WC_RNG       rng;
+    byte         priv[CURVE448_KEY_SIZE];
+    byte         pub[CURVE448_KEY_SIZE];
+    word32       privSz = sizeof(priv);
+    word32       pubSz = sizeof(pub);
+    int          endian = EC448_BIG_ENDIAN;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve448_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
+
+    ExpectIntEQ(wc_curve448_export_private_raw(&key, priv, &privSz), 0);
+    ExpectIntEQ(wc_curve448_export_public(&key, pub, &pubSz), 0);
+    ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
+        &key, endian), 0);
+    /* test bad cases */
+    ExpectIntEQ(wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz,
+        &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz,
+        &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
+        NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz,
+        &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, 0,
+        &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
+        &key, EC448_LITTLE_ENDIAN), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve448_import_private_raw_ex */
+
+/*
+ * Testing test_wc_curve448_import_private
+ */
+int test_wc_curve448_import_private(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448)
+    curve448_key key;
+    WC_RNG       rng;
+    byte         priv[CURVE448_KEY_SIZE];
+    word32       privSz = sizeof(priv);
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve448_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
+
+    ExpectIntEQ(wc_curve448_export_private_raw(&key, priv, &privSz), 0);
+    ExpectIntEQ(wc_curve448_import_private(priv, privSz, &key), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve448_import */
+
+/*
+ * Testing wc_curve448_init and wc_curve448_free.
+ */
+int test_wc_curve448_init(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448)
+    curve448_key key;
+
+    /* Test bad args for wc_curve448_init */
+    ExpectIntEQ(wc_curve448_init(&key), 0);
+    /* Test bad args for wc_curve448_init */
+    ExpectIntEQ(wc_curve448_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args for wc_curve_448_free */
+    wc_curve448_free(&key);
+    /* Test bad args for wc_curve448_free */
+    wc_curve448_free(NULL);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve448_init and wc_curve_448_free */
+
+/*
+ * Testing test_wc_curve448_size.
+ */
+int test_wc_curve448_size(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448)
+    curve448_key key;
+
+    ExpectIntEQ(wc_curve448_init(&key), 0);
+
+    /*  Test good args for wc_curve448_size */
+    ExpectIntEQ(wc_curve448_size(&key), CURVE448_KEY_SIZE);
+    /* Test bad args for wc_curve448_size */
+    ExpectIntEQ(wc_curve448_size(NULL), 0);
+
+    wc_curve448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_curve448_size */
+
+/*
+ * Testing wc_Curve448PrivateKeyToDer
+ */
+int test_wc_Curve448PrivateKeyToDer(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT) && \
+    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
+    byte      output[ONEK_BUF];
+    curve448_key curve448PrivKey;
+    WC_RNG    rng;
+    word32    inLen;
+
+    XMEMSET(&curve448PrivKey, 0, sizeof(curve448PrivKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_curve448_init(&curve448PrivKey), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &curve448PrivKey),
+        0);
+    inLen = (word32)sizeof(output);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, output, inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, 0),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    /* Good cases */
+    /* length only */
+    ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, NULL, 0), 0);
+    ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, inLen), 0);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, NULL, 0, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, output, inLen, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, 0, 0),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    ExpectIntEQ(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, 0, 1),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    /* Good cases */
+    /* length only */
+    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 0), 0);
+    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 1), 0);
+    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 0),
+        0);
+    ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 1),
+        0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_curve448_free(&curve448PrivKey);
+#endif
+    return EXPECT_RESULT();
+} /* End wc_Curve448PrivateKeyToDer*/
+
diff --git a/tests/api/test_curve448.h b/tests/api/test_curve448.h
new file mode 100644
index 000000000..9d25a5514
--- /dev/null
+++ b/tests/api/test_curve448.h
@@ -0,0 +1,50 @@
+/* test_curve448.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_CURVE448_H
+#define WOLFCRYPT_TEST_CURVE448_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_curve448_make_key(void);
+int test_wc_curve448_shared_secret_ex(void);
+int test_wc_curve448_export_public_ex(void);
+int test_wc_curve448_export_private_raw_ex(void);
+int test_wc_curve448_export_key_raw(void);
+int test_wc_curve448_import_private_raw_ex(void);
+int test_wc_curve448_import_private(void);
+int test_wc_curve448_init(void);
+int test_wc_curve448_size(void);
+int test_wc_Curve448PrivateKeyToDer(void);
+
+#define TEST_CURVE448_DECLS                                                 \
+    TEST_DECL_GROUP("curve448", test_wc_curve448_make_key),                 \
+    TEST_DECL_GROUP("curve448", test_wc_curve448_shared_secret_ex),         \
+    TEST_DECL_GROUP("curve448", test_wc_curve448_export_public_ex),         \
+    TEST_DECL_GROUP("curve448", test_wc_curve448_export_private_raw_ex),    \
+    TEST_DECL_GROUP("curve448", test_wc_curve448_export_key_raw),           \
+    TEST_DECL_GROUP("curve448", test_wc_curve448_import_private_raw_ex),    \
+    TEST_DECL_GROUP("curve448", test_wc_curve448_import_private),           \
+    TEST_DECL_GROUP("curve448", test_wc_curve448_init),                     \
+    TEST_DECL_GROUP("curve448", test_wc_curve448_size),                     \
+    TEST_DECL_GROUP("curve448", test_wc_Curve448PrivateKeyToDer)
+
+#endif /* WOLFCRYPT_TEST_CURVE448_H */
diff --git a/tests/api/test_des3.c b/tests/api/test_des3.c
new file mode 100644
index 000000000..1feb84357
--- /dev/null
+++ b/tests/api/test_des3.c
@@ -0,0 +1,223 @@
+/* test_des3.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/des3.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_des3.h>
+
+/*
+ * unit test for wc_Des3_SetIV()
+ */
+int test_wc_Des3_SetIV(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_DES3
+    Des3 des;
+    const byte key[] = {
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
+        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
+    };
+    const byte iv[] = {
+        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
+        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
+    };
+
+    XMEMSET(&des, 0, sizeof(Des3));
+
+    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
+
+    /* DES_ENCRYPTION or DES_DECRYPTION */
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
+    ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0);
+
+#ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */
+    /* Test explicitly wc_Des3_SetIV()  */
+    ExpectIntEQ(wc_Des3_SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_SetIV(&des, NULL), 0);
+#endif
+    wc_Des3Free(&des);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_Des3_SetIV */
+
+/*
+ * unit test for wc_Des3_SetKey()
+ */
+int test_wc_Des3_SetKey(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_DES3
+    Des3 des;
+    const byte key[] = {
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
+        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
+    };
+    const byte iv[] = {
+        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
+        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
+    };
+
+    XMEMSET(&des, 0, sizeof(Des3));
+
+    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
+
+    /* DES_ENCRYPTION or DES_DECRYPTION */
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
+    ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, -1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Default case. Should return 0. */
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION), 0);
+
+    wc_Des3Free(&des);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_Des3_SetKey */
+
+/*
+ * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
+ */
+int test_wc_Des3_CbcEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_DES3
+    Des3 des;
+    byte cipher[24];
+    byte plain[24];
+    const byte key[] = {
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
+        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
+    };
+    const byte iv[] = {
+        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
+        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
+    };
+    const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+
+    XMEMSET(&des, 0, sizeof(Des3));
+
+    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
+
+    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, vector, 24), 0);
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION), 0);
+    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, cipher, 24), 0);
+    ExpectIntEQ(XMEMCMP(plain, vector, 24), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_Des3_CbcEncrypt(NULL, cipher, vector, 24),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, NULL, vector, 24),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Des3_CbcDecrypt(NULL, plain, cipher, 24),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, NULL, cipher, 24),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, NULL, 24),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_Des3Free(&des);
+#endif
+    return EXPECT_RESULT();
+
+} /* END wc_Des3_CbcEncrypt */
+
+/*
+ *  Unit test for wc_Des3_EcbEncrypt
+ */
+int test_wc_Des3_EcbEncrypt(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
+    Des3    des;
+    byte    cipher[24];
+    word32  cipherSz = sizeof(cipher);
+    const byte key[] = {
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
+        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
+    };
+    const byte iv[] = {
+        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
+        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
+    };
+    const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+
+    XMEMSET(&des, 0, sizeof(Des3));
+
+    ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, 0, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, 0), 0);
+
+    /* Good Cases */
+    ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz), 0);
+
+    wc_Des3Free(&des);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Des3_EcbEncrypt */
+
diff --git a/tests/api/test_des3.h b/tests/api/test_des3.h
new file mode 100644
index 000000000..c3833fd01
--- /dev/null
+++ b/tests/api/test_des3.h
@@ -0,0 +1,38 @@
+/* test_des3.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_DES3_H
+#define WOLFCRYPT_TEST_DES3_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_Des3_SetIV(void);
+int test_wc_Des3_SetKey(void);
+int test_wc_Des3_CbcEncryptDecrypt(void);
+int test_wc_Des3_EcbEncrypt(void);
+
+#define TEST_DES3_DECLS                                         \
+    TEST_DECL_GROUP("des3", test_wc_Des3_SetIV),                \
+    TEST_DECL_GROUP("des3", test_wc_Des3_SetKey),               \
+    TEST_DECL_GROUP("des3", test_wc_Des3_CbcEncryptDecrypt),    \
+    TEST_DECL_GROUP("des3", test_wc_Des3_CbcEncryptDecrypt)
+
+#endif /* WOLFCRYPT_TEST_DES3_H */
diff --git a/tests/api/test_dh.c b/tests/api/test_dh.c
new file mode 100644
index 000000000..259f0cc2b
--- /dev/null
+++ b/tests/api/test_dh.c
@@ -0,0 +1,76 @@
+/* test_dh.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/dh.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_dh.h>
+
+/*
+ * Testing wc_DhPublicKeyDecode
+ */
+int test_wc_DhPublicKeyDecode(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_DH
+#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048)
+    DhKey  key;
+    word32 inOutIdx;
+
+    XMEMSET(&key, 0, sizeof(DhKey));
+
+    ExpectIntEQ(wc_InitDhKey(&key), 0);
+
+    ExpectIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    inOutIdx = 0;
+    ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    inOutIdx = 0;
+    ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    inOutIdx = 0;
+    ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key,
+        sizeof_dh_pub_key_der_2048), 0);
+    ExpectIntNE(key.p.used, 0);
+    ExpectIntNE(key.g.used, 0);
+    ExpectIntEQ(key.q.used, 0);
+    ExpectIntNE(key.pub.used, 0);
+    ExpectIntEQ(key.priv.used, 0);
+
+    DoExpectIntEQ(wc_FreeDhKey(&key), 0);
+#endif
+#endif /* !NO_DH */
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_dh.h b/tests/api/test_dh.h
new file mode 100644
index 000000000..fe6c92c79
--- /dev/null
+++ b/tests/api/test_dh.h
@@ -0,0 +1,32 @@
+/* test_dh.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_DH_H
+#define WOLFCRYPT_TEST_DH_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_DhPublicKeyDecode(void);
+
+#define TEST_DH_DECLS                                   \
+    TEST_DECL_GROUP("dh", test_wc_DhPublicKeyDecode)
+
+#endif /* WOLFCRYPT_TEST_DH_H */
diff --git a/tests/api/test_digest.h b/tests/api/test_digest.h
new file mode 100644
index 000000000..3ce6eb4c9
--- /dev/null
+++ b/tests/api/test_digest.h
@@ -0,0 +1,873 @@
+/* test_digest.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#define DIGEST_INIT_TEST(type, name)                                           \
+do {                                                                           \
+    type dgst;                                                                 \
+                                                                               \
+    /* Test bad arg. */                                                        \
+    ExpectIntEQ(wc_Init##name(NULL, HEAP_HINT, INVALID_DEVID),                 \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    /* Test good arg. */                                                       \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+    wc_##name##_Free(&dgst);                                                   \
+                                                                               \
+    wc_##name##_Free(NULL);                                                    \
+} while (0)
+
+#define DIGEST_INIT_AND_INIT_EX_TEST(type, name)                               \
+    type dgst;                                                                 \
+                                                                               \
+    /* Test bad arg. */                                                        \
+    ExpectIntEQ(wc_Init##name(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));           \
+    ExpectIntEQ(wc_Init##name##_ex(NULL, HEAP_HINT, INVALID_DEVID),            \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    /* Test good arg. */                                                       \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+    wc_##name##Free(&dgst);                                                    \
+                                                                               \
+    ExpectIntEQ(wc_Init##name##_ex(&dgst, HEAP_HINT, INVALID_DEVID), 0);       \
+    wc_##name##Free(&dgst);                                                    \
+                                                                               \
+    wc_##name##Free(NULL)
+
+#define DIGEST_INIT_ONLY_TEST(type, name)                                      \
+do {                                                                           \
+    type dgst;                                                                 \
+                                                                               \
+    /* Test bad arg. */                                                        \
+    wc_Init##name(NULL);                                                       \
+                                                                               \
+    /* Test good arg. */                                                       \
+    wc_Init##name(&dgst);                                                      \
+} while (0)
+
+#define DIGEST_UPDATE_TEST(type, name)                                         \
+    type dgst;                                                                 \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Pass in bad values. */                                                  \
+    ExpectIntEQ(wc_##name##Update(NULL, NULL, 1),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Update(&dgst, NULL, 1),                             \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Update(NULL, NULL, 0),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Update(NULL, (byte*)"a", 1),                        \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ExpectIntEQ(wc_##name##Update(&dgst, NULL, 0), 0);                         \
+    ExpectIntEQ(wc_##name##Update(&dgst, (byte*)"a", 1), 0);                   \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_ALT_UPDATE_TEST(type, name)                                     \
+do {                                                                           \
+    type dgst;                                                                 \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    /* Pass in bad values. */                                                  \
+    ExpectIntEQ(wc_##name##_Update(NULL, NULL, 1),                             \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_Update(&dgst, NULL, 1),                            \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_Update(NULL, NULL, 0),                             \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_Update(NULL, (byte*)"a", 1),                       \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ExpectIntEQ(wc_##name##_Update(&dgst, NULL, 0), 0);                        \
+    ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)"a", 1), 0);                  \
+                                                                               \
+    wc_##name##_Free(&dgst);                                                   \
+} while (0)
+
+#define DIGEST_UPDATE_ONLY_TEST(type, name)                                    \
+    type dgst;                                                                 \
+                                                                               \
+    wc_Init##name(&dgst);                                                      \
+                                                                               \
+    /* Pass in bad values. */                                                  \
+    wc_##name##Update(NULL, NULL, 1);                                          \
+    wc_##name##Update(&dgst, NULL, 1);                                         \
+    wc_##name##Update(NULL, NULL, 0);                                          \
+    wc_##name##Update(NULL, (byte*)"a", 1);                                    \
+                                                                               \
+    wc_##name##Update(&dgst, NULL, 0);                                         \
+    wc_##name##Update(&dgst, (byte*)"a", 1)
+
+#define DIGEST_FINAL_TEST(type, name, upper)                                   \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+    ExpectIntEQ(wc_##name##Final(&dgst, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \
+    ExpectIntEQ(wc_##name##Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+                                                                               \
+    /* Test good args. */                                                      \
+    ExpectIntEQ(wc_##name##Final(&dgst, hash), 0);                             \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_ALT_FINAL_TEST(type, name, upper)                               \
+do {                                                                           \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##_Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \
+    ExpectIntEQ(wc_##name##_Final(&dgst, NULL),                                \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \
+                                                                               \
+    /* Test good args. */                                                      \
+    ExpectIntEQ(wc_##name##_Final(&dgst, hash), 0);                            \
+                                                                               \
+    wc_##name##_Free(&dgst);                                                   \
+} while (0)
+
+#define DIGEST_COUNT_FINAL_TEST(type, name, upper)                             \
+do {                                                                           \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_COUNT * 8];                                         \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##_Final(NULL, NULL, WC_##upper##_COUNT * 8),         \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_Final(&dgst, NULL, WC_##upper##_COUNT * 8),        \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_Final(NULL, hash, WC_##upper##_COUNT * 8),         \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    /* Test good args. */                                                      \
+    ExpectIntEQ(wc_##name##_Final(&dgst, hash, WC_##upper##_COUNT * 8), 0);    \
+                                                                               \
+    wc_##name##_Free(&dgst);                                                   \
+} while (0)
+
+#define DIGEST_FINAL_ONLY_TEST(type, name, upper)                              \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    /* Initialize */                                                           \
+    wc_Init##name(&dgst);                                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    wc_##name##Final(NULL, NULL);                                              \
+    wc_##name##Final(&dgst, NULL);                                             \
+    wc_##name##Final(NULL, hash);                                              \
+                                                                               \
+    /* Test good args. */                                                      \
+    wc_##name##Final(&dgst, hash);                                             \
+
+#define DIGEST_FINAL_RAW_TEST(type, name, upper, hashStr)                      \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+    const char* expHash = hashStr;                                             \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##FinalRaw(NULL, NULL),                               \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##FinalRaw(&dgst, NULL),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##FinalRaw(NULL, hash),                               \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    /* Test good args. */                                                      \
+    ExpectIntEQ(wc_##name##FinalRaw(&dgst, hash), 0);                          \
+    ExpectBufEQ(hash, expHash, WC_##upper##_DIGEST_SIZE);                      \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_KATS_TEST_VARS(type, upper)                                     \
+    type dgst;                                                                 \
+    testVector dgst_kat[upper##_KAT_CNT];                                      \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+    int i = 0
+
+#define DIGEST_COUNT_KATS_TEST_VARS(type, upper, count)                        \
+    type dgst;                                                                 \
+    testVector dgst_kat[upper##_KAT_CNT];                                      \
+    byte hash[WC_##count##_COUNT * 8];                                         \
+    int i = 0
+
+#define DIGEST_KATS_ADD(in, len, out)                                          \
+    dgst_kat[i].input = in;                                                    \
+    dgst_kat[i].inLen = len;                                                   \
+    dgst_kat[i].output = out;                                                  \
+    dgst_kat[i].outLen = 0;                                                    \
+    i++
+
+#define DIGEST_KATS_TEST(name, upper)                                          \
+    (void)i;                                                                   \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    for (i = 0; i < upper##_KAT_CNT; i++) {                                    \
+        /* Do KAT. */                                                          \
+        ExpectIntEQ(wc_##name##Update(&dgst, (byte*)dgst_kat[i].input,         \
+            (word32)dgst_kat[i].inLen), 0);                                    \
+        ExpectIntEQ(wc_##name##Final(&dgst, hash), 0);                         \
+        ExpectBufEQ(hash, (byte*)dgst_kat[i].output,                           \
+            WC_##upper##_DIGEST_SIZE);                                         \
+    }                                                                          \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_COUNT_KATS_TEST(name, upper, count)                             \
+    (void)i;                                                                   \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    for (i = 0; i < upper##_KAT_CNT; i++) {                                    \
+        /* Do KAT. */                                                          \
+        ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)dgst_kat[i].input,        \
+            (word32)dgst_kat[i].inLen), 0);                                    \
+        ExpectIntEQ(wc_##name##_Final(&dgst, hash, WC_##count##_COUNT * 8),    \
+            0);                                                                \
+        ExpectBufEQ(hash, (byte*)dgst_kat[i].output,                           \
+            WC_##count##_COUNT * 8);                                           \
+    }                                                                          \
+                                                                               \
+    wc_##name##_Free(&dgst)
+
+#define DIGEST_KATS_ONLY_TEST(name, upper)                                     \
+do {                                                                           \
+    (void)i;                                                                   \
+                                                                               \
+    /* Initialize */                                                           \
+    wc_Init##name(&dgst);                                                      \
+                                                                               \
+    for (i = 0; i < upper##_KAT_CNT; i++) {                                    \
+        /* Do KAT. */                                                          \
+        wc_##name##Update(&dgst, (byte*)dgst_kat[i].input,                     \
+            (word32)dgst_kat[i].inLen);                                        \
+        wc_##name##Final(&dgst, hash);                                         \
+        ExpectBufEQ(hash, (byte*)dgst_kat[i].output,                           \
+            WC_##upper##_DIGEST_SIZE);                                         \
+    }                                                                          \
+} while (0)
+
+#define DIGEST_OTHER_TEST(type, name, upper, hashStr)                          \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE + 1];                                   \
+    byte data[WC_##upper##_DIGEST_SIZE * 8 + 1];                               \
+    int dataLen = WC_##upper##_DIGEST_SIZE * 8;                                \
+    const char* expHash = hashStr;                                             \
+    int i;                                                                     \
+    int j;                                                                     \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Unaligned input and output buffer. */                                   \
+    ExpectIntEQ(wc_##name##Update(&dgst, data + 1, dataLen), 0);               \
+    ExpectIntEQ(wc_##name##Final(&dgst, hash + 1), 0);                         \
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_##upper##_DIGEST_SIZE);           \
+                                                                               \
+    /* Test that empty updates work. */                                        \
+    ExpectIntEQ(wc_##name##Update(&dgst, NULL, 0), 0);                         \
+    ExpectIntEQ(wc_##name##Update(&dgst, (byte*)"", 0), 0);                    \
+    ExpectIntEQ(wc_##name##Update(&dgst, data, dataLen), 0);                   \
+    ExpectIntEQ(wc_##name##Final(&dgst, hash), 0);                             \
+    ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE);               \
+                                                                               \
+    /* Ensure chunking works. */                                               \
+    for (i = 1; i < dataLen; i++) {                                            \
+        for (j = 0; j < dataLen; j += i) {                                     \
+             int len = dataLen - j;                                            \
+             if (i < len)                                                      \
+                 len = i;                                                      \
+             ExpectIntEQ(wc_##name##Update(&dgst, data + j, len), 0);          \
+        }                                                                      \
+        ExpectIntEQ(wc_##name##Final(&dgst, hash), 0);                         \
+        ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE);           \
+    }                                                                          \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_ALT_OTHER_TEST(type, name, upper, hashStr)                      \
+do {                                                                           \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE + 1];                                   \
+    byte data[WC_##upper##_DIGEST_SIZE * 8 + 1];                               \
+    int dataLen = WC_##upper##_DIGEST_SIZE * 8;                                \
+    const char* expHash = hashStr;                                             \
+    int i;                                                                     \
+    int j;                                                                     \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    /* Unaligned input and output buffer. */                                   \
+    ExpectIntEQ(wc_##name##_Update(&dgst, data + 1, dataLen), 0);              \
+    ExpectIntEQ(wc_##name##_Final(&dgst, hash + 1), 0);                        \
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_##upper##_DIGEST_SIZE);           \
+                                                                               \
+    /* Test that empty updates work. */                                        \
+    ExpectIntEQ(wc_##name##_Update(&dgst, NULL, 0), 0);                        \
+    ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)"", 0), 0);                   \
+    ExpectIntEQ(wc_##name##_Update(&dgst, data, dataLen), 0);                  \
+    ExpectIntEQ(wc_##name##_Final(&dgst, hash), 0);                            \
+    ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE);               \
+                                                                               \
+    /* Ensure chunking works. */                                               \
+    for (i = 1; i < dataLen; i++) {                                            \
+        for (j = 0; j < dataLen; j += i) {                                     \
+             int len = dataLen - j;                                            \
+             if (i < len)                                                      \
+                 len = i;                                                      \
+             ExpectIntEQ(wc_##name##_Update(&dgst, data + j, len), 0);         \
+        }                                                                      \
+        ExpectIntEQ(wc_##name##_Final(&dgst, hash), 0);                        \
+        ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE);           \
+    }                                                                          \
+                                                                               \
+    wc_##name##_Free(&dgst);                                                   \
+} while (0)
+
+#define DIGEST_COUNT_OTHER_TEST(type, name, upper, hashStr)                    \
+do {                                                                           \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_COUNT * 8 + 1];                                     \
+    byte data[WC_##upper##_COUNT * 8 * 8 + 1];                                 \
+    int dataLen = WC_##upper##_COUNT * 8 * 8;                                  \
+    const char* expHash = hashStr;                                             \
+    int i;                                                                     \
+    int j;                                                                     \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    /* Unaligned input and output buffer. */                                   \
+    ExpectIntEQ(wc_##name##_Update(&dgst, data + 1, dataLen), 0);              \
+    ExpectIntEQ(wc_##name##_Final(&dgst, hash + 1, WC_##upper##_COUNT * 8),    \
+        0);                                                                    \
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_##upper##_COUNT * 8);             \
+                                                                               \
+    /* Test that empty updates work. */                                        \
+    ExpectIntEQ(wc_##name##_Update(&dgst, NULL, 0), 0);                        \
+    ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)"", 0), 0);                   \
+    ExpectIntEQ(wc_##name##_Update(&dgst, data, dataLen), 0);                  \
+    ExpectIntEQ(wc_##name##_Final(&dgst, hash, WC_##upper##_COUNT * 8), 0);    \
+    ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_COUNT * 8);                 \
+                                                                               \
+    /* Ensure chunking works. */                                               \
+    for (i = 1; i < dataLen; i++) {                                            \
+        for (j = 0; j < dataLen; j += i) {                                     \
+             int len = dataLen - j;                                            \
+             if (i < len)                                                      \
+                 len = i;                                                      \
+             ExpectIntEQ(wc_##name##_Update(&dgst, data + j, len), 0);         \
+        }                                                                      \
+        ExpectIntEQ(wc_##name##_Final(&dgst, hash, WC_##upper##_COUNT * 8),    \
+            0);                                                                \
+        ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_COUNT * 8);             \
+    }                                                                          \
+                                                                               \
+    wc_##name##_Free(&dgst);                                                   \
+} while (0)
+
+#define DIGEST_OTHER_ONLY_TEST(type, name, upper, hashStr)                     \
+do {                                                                           \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE + 1];                                   \
+    byte data[WC_##upper##_DIGEST_SIZE * 8 + 1];                               \
+    int dataLen = WC_##upper##_DIGEST_SIZE * 8;                                \
+    const char* expHash = hashStr;                                             \
+    int i;                                                                     \
+    int j;                                                                     \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    /* Initialize */                                                           \
+    wc_Init##name(&dgst);                                                      \
+                                                                               \
+    /* Unaligned input and output buffer. */                                   \
+    wc_##name##Update(&dgst, data + 1, dataLen);                               \
+    wc_##name##Final(&dgst, hash + 1);                                         \
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_##upper##_DIGEST_SIZE);           \
+                                                                               \
+    /* Test that empty updates work. */                                        \
+    wc_##name##Update(&dgst, NULL, 0);                                         \
+    wc_##name##Update(&dgst, (byte*)"", 0);                                    \
+    wc_##name##Update(&dgst, data, dataLen);                                   \
+    wc_##name##Final(&dgst, hash);                                             \
+    ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE);               \
+                                                                               \
+    /* Ensure chunking works. */                                               \
+    for (i = 1; i < dataLen; i++) {                                            \
+        for (j = 0; j < dataLen; j += i) {                                     \
+             int len = dataLen - j;                                            \
+             if (i < len)                                                      \
+                 len = i;                                                      \
+             wc_##name##Update(&dgst, data + j, len);                          \
+        }                                                                      \
+        wc_##name##Final(&dgst, hash);                                         \
+        ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE);           \
+    }                                                                          \
+} while (0)
+
+#define DIGEST_COPY_TEST(type, name, upper, emptyHashStr, abcHashStr)          \
+    type src;                                                                  \
+    type dst;                                                                  \
+    byte hashSrc[WC_##upper##_DIGEST_SIZE];                                    \
+    byte hashDst[WC_##upper##_DIGEST_SIZE];                                    \
+    const char* emptyHash = emptyHashStr;                                      \
+    const char* abcHash = abcHashStr;                                          \
+    byte data[WC_##upper##_BLOCK_SIZE];                                        \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    XMEMSET(&src, 0, sizeof(src));                                             \
+    XMEMSET(&dst, 0, sizeof(dst));                                             \
+    ExpectIntEQ(wc_Init##name(&src), 0);                                       \
+                                                                               \
+    /* Tests bad params. */                                                    \
+    ExpectIntEQ(wc_##name##Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));   \
+    ExpectIntEQ(wc_##name##Copy(&src, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));   \
+    ExpectIntEQ(wc_##name##Copy(NULL, &dst), WC_NO_ERR_TRACE(BAD_FUNC_ARG));   \
+                                                                               \
+    /* Test copy works. */                                                     \
+    ExpectIntEQ(wc_##name##Copy(&src, &dst), 0);                               \
+    ExpectIntEQ(wc_##name##Final(&src, hashSrc), 0);                           \
+    ExpectIntEQ(wc_##name##Final(&dst, hashDst), 0);                           \
+    ExpectBufEQ(hashSrc, emptyHash, WC_##upper##_DIGEST_SIZE);                 \
+    ExpectBufEQ(hashDst, emptyHash, WC_##upper##_DIGEST_SIZE);                 \
+    wc_##name##Free(&dst);                                                     \
+                                                                               \
+    /* Test buffered data is copied. */                                        \
+    ExpectIntEQ(wc_##name##Update(&src, (byte*)"abc", 3), 0);                  \
+    ExpectIntEQ(wc_##name##Copy(&src, &dst), 0);                               \
+    ExpectIntEQ(wc_##name##Final(&src, hashSrc), 0);                           \
+    ExpectIntEQ(wc_##name##Final(&dst, hashDst), 0);                           \
+    ExpectBufEQ(hashSrc, abcHash, WC_##upper##_DIGEST_SIZE);                   \
+    ExpectBufEQ(hashDst, abcHash, WC_##upper##_DIGEST_SIZE);                   \
+    wc_##name##Free(&dst);                                                     \
+                                                                               \
+    /* Test count of length is copied. */                                      \
+    ExpectIntEQ(wc_##name##Update(&src, data, sizeof(data)), 0);               \
+    ExpectIntEQ(wc_##name##Copy(&src, &dst), 0);                               \
+    ExpectIntEQ(wc_##name##Final(&src, hashSrc), 0);                           \
+    ExpectIntEQ(wc_##name##Final(&dst, hashDst), 0);                           \
+    ExpectBufEQ(hashSrc, hashDst, WC_##upper##_DIGEST_SIZE);                   \
+    wc_##name##Free(&dst);                                                     \
+                                                                               \
+    wc_##name##Free(&src)
+
+#define DIGEST_ALT_COPY_TEST(type, name, upper, emptyHashStr, abcHashStr)      \
+do {                                                                           \
+    type src;                                                                  \
+    type dst;                                                                  \
+    byte hashSrc[WC_##upper##_DIGEST_SIZE];                                    \
+    byte hashDst[WC_##upper##_DIGEST_SIZE];                                    \
+    const char* emptyHash = emptyHashStr;                                      \
+    const char* abcHash = abcHashStr;                                          \
+    byte data[WC_##upper##_BLOCK_SIZE];                                        \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&src, HEAP_HINT, INVALID_DEVID), 0);             \
+    XMEMSET(&dst, 0, sizeof(dst));                                             \
+                                                                               \
+    ExpectIntEQ(wc_##name##_Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+    ExpectIntEQ(wc_##name##_Copy(&src, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+    ExpectIntEQ(wc_##name##_Copy(NULL, &dst), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+                                                                               \
+    /* Test copy works. */                                                     \
+    ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0);                              \
+    ExpectIntEQ(wc_##name##_Final(&src, hashSrc), 0);                          \
+    ExpectIntEQ(wc_##name##_Final(&dst, hashDst), 0);                          \
+    ExpectBufEQ(hashSrc, emptyHash, WC_##upper##_DIGEST_SIZE);                 \
+    ExpectBufEQ(hashDst, emptyHash, WC_##upper##_DIGEST_SIZE);                 \
+    wc_##name##_Free(&dst);                                                    \
+                                                                               \
+    /* Test buffered data is copied. */                                        \
+    ExpectIntEQ(wc_##name##_Update(&src, (byte*)"abc", 3), 0);                 \
+    ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0);                              \
+    ExpectIntEQ(wc_##name##_Final(&src, hashSrc), 0);                          \
+    ExpectIntEQ(wc_##name##_Final(&dst, hashDst), 0);                          \
+    ExpectBufEQ(hashSrc, abcHash, WC_##upper##_DIGEST_SIZE);                   \
+    ExpectBufEQ(hashDst, abcHash, WC_##upper##_DIGEST_SIZE);                   \
+    wc_##name##_Free(&dst);                                                    \
+                                                                               \
+    /* Test count of length is copied. */                                      \
+    ExpectIntEQ(wc_##name##_Update(&src, data, sizeof(data)), 0);              \
+    ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0);                              \
+    ExpectIntEQ(wc_##name##_Final(&src, hashSrc), 0);                          \
+    ExpectIntEQ(wc_##name##_Final(&dst, hashDst), 0);                          \
+    ExpectBufEQ(hashSrc, hashDst, WC_##upper##_DIGEST_SIZE);                   \
+    wc_##name##_Free(&dst);                                                    \
+                                                                               \
+    wc_##name##_Free(&src);                                                    \
+} while (0)
+
+#define DIGEST_COUNT_COPY_TEST(type, name, upper, emptyHashStr, abcHashStr)    \
+do {                                                                           \
+    type src;                                                                  \
+    type dst;                                                                  \
+    byte hashSrc[WC_##upper##_COUNT * 8];                                      \
+    byte hashDst[WC_##upper##_COUNT * 8];                                      \
+    const char* emptyHash = emptyHashStr;                                      \
+    const char* abcHash = abcHashStr;                                          \
+    byte data[WC_##upper##_BLOCK_SIZE];                                        \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&src, HEAP_HINT, INVALID_DEVID), 0);             \
+    XMEMSET(&dst, 0, sizeof(dst));                                             \
+                                                                               \
+    ExpectIntEQ(wc_##name##_Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+    ExpectIntEQ(wc_##name##_Copy(&src, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+    ExpectIntEQ(wc_##name##_Copy(NULL, &dst), WC_NO_ERR_TRACE(BAD_FUNC_ARG));  \
+                                                                               \
+    /* Test copy works. */                                                     \
+    ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0);                              \
+    ExpectIntEQ(wc_##name##_Final(&src, hashSrc, WC_##upper##_COUNT * 8), 0);  \
+    ExpectIntEQ(wc_##name##_Final(&dst, hashDst, WC_##upper##_COUNT * 8), 0);  \
+    ExpectBufEQ(hashSrc, emptyHash, WC_##upper##_COUNT * 8);                   \
+    ExpectBufEQ(hashDst, emptyHash, WC_##upper##_COUNT * 8);                   \
+    wc_##name##_Free(&src);                                                    \
+                                                                               \
+    /* Test buffered data is copied. */                                        \
+    ExpectIntEQ(wc_##name##_Update(&src, (byte*)"abc", 3), 0);                 \
+    ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0);                              \
+    ExpectIntEQ(wc_##name##_Final(&src, hashSrc, WC_##upper##_COUNT * 8), 0);  \
+    ExpectIntEQ(wc_##name##_Final(&dst, hashDst, WC_##upper##_COUNT * 8), 0);  \
+    ExpectBufEQ(hashSrc, abcHash, WC_##upper##_COUNT * 8);                     \
+    ExpectBufEQ(hashDst, abcHash, WC_##upper##_COUNT * 8);                     \
+    wc_##name##_Free(&src);                                                    \
+                                                                               \
+    /* Test count of length is copied. */                                      \
+    ExpectIntEQ(wc_##name##_Update(&src, data, sizeof(data)), 0);              \
+    ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0);                              \
+    ExpectIntEQ(wc_##name##_Final(&src, hashSrc, WC_##upper##_COUNT * 8), 0);  \
+    ExpectIntEQ(wc_##name##_Final(&dst, hashDst, WC_##upper##_COUNT * 8), 0);  \
+    ExpectBufEQ(hashSrc, hashDst, WC_##upper##_COUNT * 8);                     \
+    wc_##name##_Free(&dst);                                                    \
+                                                                               \
+    wc_##name##_Free(&src);                                                    \
+} while (0)
+
+#define DIGEST_GET_HASH_TEST(type, name, upper, emptyHashStr, abcHashStr)      \
+    type dgst;                                                                 \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+    const char* emptyHash = emptyHashStr;                                      \
+    const char* abcHash = abcHashStr;                                          \
+                                                                               \
+    XMEMSET(&dgst, 0, sizeof(dgst));                                           \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    ExpectIntEQ(wc_##name##GetHash(NULL, NULL),                                \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##GetHash(&dgst, NULL),                               \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##GetHash(NULL, hash),                                \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ExpectIntEQ(wc_##name##GetHash(&dgst, hash), 0);                           \
+    ExpectBufEQ(hash, emptyHash, WC_##upper##_DIGEST_SIZE);                    \
+    /* Test that the hash state hasn't been modified. */                       \
+    ExpectIntEQ(wc_##name##Update(&dgst, (byte*)"abc", 3), 0);                 \
+    ExpectIntEQ(wc_##name##GetHash(&dgst, hash), 0);                           \
+    ExpectBufEQ(hash, abcHash, WC_##upper##_DIGEST_SIZE);                      \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#ifdef LITTLE_ENDIAN_ORDER
+
+#define DIGEST_TRANSFORM_TEST(type, name, upper, abcBlockStr, abcHashStr)      \
+    type dgst;                                                                 \
+    const char* abc##name##Data = abcBlockStr;                                 \
+    const char* abcHash = abcHashStr;                                          \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##Transform(NULL, NULL),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Transform(&dgst, NULL),                             \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data),            \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abc##name##Data), 0);       \
+    ExpectBufEQ((byte*)dgst.digest, (byte*)abcHash, WC_##upper##_DIGEST_SIZE); \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_TRANSFORM_FINAL_RAW_TEST(type, name, upper, abcBlockStr,        \
+                                        abcHashStr)                            \
+    type dgst;                                                                 \
+    const char* abc##name##Data = abcBlockStr;                                 \
+    const char* abcHash = abcHashStr;                                          \
+    byte abcData[WC_##upper##_BLOCK_SIZE];                                     \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    XMEMCPY(abcData, abc##name##Data, WC_##upper##_BLOCK_SIZE);                \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##Transform(NULL, NULL),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Transform(&dgst, NULL),                             \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data),            \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abcData), 0);               \
+    ExpectIntEQ(wc_##name##FinalRaw(&dgst, hash), 0);                          \
+    ExpectBufEQ(hash, (byte*)abcHash, WC_##upper##_DIGEST_SIZE);               \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#else
+
+#define DIGEST_TRANSFORM_TEST(type, name, upper, abcBlockStr, abcHashStr)      \
+    type dgst;                                                                 \
+    const char* abc##name##Data = abcBlockStr;                                 \
+    const char* abcHash = abcHashStr;                                          \
+    char abc##name##DataBE[WC_##upper##_BLOCK_SIZE];                           \
+    char abcHashBE[WC_##upper##_DIGEST_SIZE];                                  \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##Transform(NULL, NULL),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Transform(&dgst, NULL),                             \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data),            \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ByteReverseWords((word32*)abc##name##DataBE, (word32*)abc##name##Data,     \
+        WC_##upper##_BLOCK_SIZE);                                              \
+    ByteReverseWords((word32*)abcHashBE, (word32*)abcHash,                     \
+        WC_##upper##_DIGEST_SIZE);                                             \
+    ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abc##name##DataBE), 0);     \
+    ExpectBufEQ((byte*)dgst.digest, (byte*)abcHashBE,                          \
+        WC_##upper##_DIGEST_SIZE);                                             \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_TRANSFORM_FINAL_RAW_TEST(type, name, upper, abcBlockStr,        \
+                                        abcHashStr)                            \
+    type dgst;                                                                 \
+    const char* abc##name##Data = abcBlockStr;                                 \
+    const char* abcHash = abcHashStr;                                          \
+    char abc##name##DataBE[WC_##upper##_BLOCK_SIZE];                           \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##Transform(NULL, NULL),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Transform(&dgst, NULL),                             \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data),            \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ByteReverseWords((word32*)abc##name##DataBE, (word32*)abc##name##Data,     \
+        WC_##upper##_BLOCK_SIZE);                                              \
+    ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abc##name##DataBE), 0);     \
+    ExpectIntEQ(wc_##name##FinalRaw(&dgst, hash), 0);                          \
+    ExpectBufEQ(hash, (byte*)abcHash, WC_##upper##_DIGEST_SIZE);               \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#endif
+
+#define DIGEST_TRANSFORM_FINAL_RAW_ALL_TEST(type, name, upper, abcBlockStr,    \
+                                            abcHashStr)                        \
+    type dgst;                                                                 \
+    const char* abc##name##Data = abcBlockStr;                                 \
+    const char* abcHash = abcHashStr;                                          \
+    byte abcData[WC_##upper##_BLOCK_SIZE];                                     \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    XMEMCPY(abcData, abc##name##Data, WC_##upper##_BLOCK_SIZE);                \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Test bad args. */                                                       \
+    ExpectIntEQ(wc_##name##Transform(NULL, NULL),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Transform(&dgst, NULL),                             \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data),            \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abcData), 0);               \
+    ExpectIntEQ(wc_##name##FinalRaw(&dgst, hash), 0);                          \
+    ExpectBufEQ(hash, (byte*)abcHash, WC_##upper##_DIGEST_SIZE);               \
+                                                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_FLAGS_TEST(type, name)                                          \
+    type dgst;                                                                 \
+    type dgst_copy;                                                            \
+    word32 flags;                                                              \
+                                                                               \
+    XMEMSET(&dgst, 0, sizeof(dgst));                                           \
+    XMEMSET(&dgst_copy, 0, sizeof(dgst_copy));                                 \
+    ExpectIntEQ(wc_Init##name(&dgst), 0);                                      \
+                                                                               \
+    /* Do nothing. */                                                          \
+    ExpectIntEQ(wc_##name##GetFlags(NULL, NULL), 0);                           \
+    ExpectIntEQ(wc_##name##GetFlags(&dgst, NULL), 0);                          \
+    ExpectIntEQ(wc_##name##GetFlags(NULL, &flags), 0);                         \
+    ExpectIntEQ(wc_##name##SetFlags(NULL, 1), 0);                              \
+                                                                               \
+    ExpectIntEQ(wc_##name##GetFlags(&dgst, &flags), 0);                        \
+    ExpectIntEQ(flags, 0);                                                     \
+                                                                               \
+    ExpectIntEQ(wc_##name##Copy(&dgst, &dgst_copy), 0);                        \
+    ExpectIntEQ(wc_##name##GetFlags(&dgst, &flags), 0);                        \
+    ExpectIntEQ(flags, 0);                                                     \
+    ExpectIntEQ(wc_##name##GetFlags(&dgst_copy, &flags), 0);                   \
+    ExpectIntEQ(flags, WC_HASH_FLAG_ISCOPY);                                   \
+                                                                               \
+    ExpectIntEQ(wc_##name##SetFlags(&dgst, WC_HASH_FLAG_WILLCOPY), 0);         \
+    ExpectIntEQ(wc_##name##GetFlags(&dgst, &flags), 0);                        \
+    ExpectIntEQ(flags, WC_HASH_FLAG_WILLCOPY);                                 \
+    ExpectIntEQ(wc_##name##SetFlags(&dgst, 0), 0);                             \
+                                                                               \
+    wc_##name##Free(&dgst_copy);                                               \
+    wc_##name##Free(&dgst)
+
+#define DIGEST_ALT_FLAGS_TEST(type, name, inst)                                \
+    type dgst;                                                                 \
+    type dgst_copy;                                                            \
+    word32 flags;                                                              \
+                                                                               \
+    XMEMSET(&dgst_copy, 0, sizeof(dgst_copy));                                 \
+    ExpectIntEQ(wc_Init##inst(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    /* Do nothing. */                                                          \
+    ExpectIntEQ(wc_##name##_GetFlags(NULL, NULL), 0);                          \
+    ExpectIntEQ(wc_##name##_GetFlags(&dgst, NULL), 0);                         \
+    ExpectIntEQ(wc_##name##_GetFlags(NULL, &flags), 0);                        \
+    ExpectIntEQ(wc_##name##_SetFlags(NULL, 1), 0);                             \
+                                                                               \
+    ExpectIntEQ(wc_##name##_GetFlags(&dgst, &flags), 0);                       \
+    ExpectIntEQ(flags, 0);                                                     \
+                                                                               \
+    ExpectIntEQ(wc_##inst##_Copy(&dgst, &dgst_copy), 0);                       \
+    ExpectIntEQ(wc_##name##_GetFlags(&dgst, &flags), 0);                       \
+    ExpectIntEQ(flags, 0);                                                     \
+    ExpectIntEQ(wc_##name##_GetFlags(&dgst_copy, &flags), 0);                  \
+    ExpectIntEQ(flags, WC_HASH_FLAG_ISCOPY);                                   \
+                                                                               \
+    ExpectIntEQ(wc_##name##_SetFlags(&dgst, 1), 0);                            \
+    ExpectIntEQ(wc_##name##_GetFlags(&dgst, &flags), 0);                       \
+    ExpectIntEQ(flags, 1);                                                     \
+    ExpectIntEQ(wc_##name##_SetFlags(&dgst, 0), 0);                            \
+                                                                               \
+    wc_##inst##_Free(&dgst_copy);                                              \
+    wc_##inst##_Free(&dgst)
+
+#define DIGEST_HASH_TEST(name, upper)                                          \
+do {                                                                           \
+    byte data[WC_##upper##_BLOCK_SIZE];                                        \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    /* Invalid parameters. */                                                  \
+    ExpectIntEQ(wc_##name##Hash(NULL, sizeof(data), hash),                     \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Hash(data, sizeof(data), NULL),                     \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Hash_ex(NULL, sizeof(data), hash, HEAP_HINT,        \
+        INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));                        \
+    ExpectIntEQ(wc_##name##Hash_ex(data, sizeof(data), NULL, HEAP_HINT,        \
+        INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));                        \
+                                                                               \
+    /* Valid parameters. */                                                    \
+    ExpectIntEQ(wc_##name##Hash(data, sizeof(data), hash), 0);                 \
+    ExpectIntEQ(wc_##name##Hash_ex(data, sizeof(data), hash, HEAP_HINT,        \
+        INVALID_DEVID), 0);                                                    \
+} while (0)
+
+#define DIGEST_COUNT_HASH_TEST(name, upper)                                    \
+do {                                                                           \
+    byte data[WC_##upper##_COUNT * 8];                                         \
+    byte hash[WC_##upper##_COUNT * 8];                                         \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    /* Invalid parameters. */                                                  \
+    ExpectIntEQ(wc_##name##Hash(NULL, sizeof(data), hash),                     \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Hash(data, sizeof(data), NULL),                     \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##Hash_ex(NULL, sizeof(data), hash, HEAP_HINT,        \
+        INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));                        \
+    ExpectIntEQ(wc_##name##Hash_ex(data, sizeof(data), NULL, HEAP_HINT,        \
+        INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));                        \
+                                                                               \
+    /* Valid parameters. */                                                    \
+    ExpectIntEQ(wc_##name##Hash(data, sizeof(data), hash), 0);                 \
+    ExpectIntEQ(wc_##name##Hash_ex(data, sizeof(data), hash, HEAP_HINT,        \
+        INVALID_DEVID), 0);                                                    \
+} while (0)
+
+#define DIGEST_HASH_ONLY_TEST(name, upper)                                     \
+    byte data[WC_##upper##_BLOCK_SIZE];                                        \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+                                                                               \
+    XMEMSET(data, 0xa5, sizeof(data));                                         \
+                                                                               \
+    /* Invalid parameters. */                                                  \
+    ExpectIntEQ(wc_##name##Hash(NULL, sizeof(data), hash), 0);                 \
+    ExpectIntEQ(wc_##name##Hash(data, sizeof(data), NULL), 0);                 \
+                                                                               \
+    /* Valid parameters. */                                                    \
+    ExpectIntEQ(wc_##name##Hash(data, sizeof(data), hash), 0)
+
diff --git a/tests/api/test_dsa.c b/tests/api/test_dsa.c
new file mode 100644
index 000000000..f406f5a5b
--- /dev/null
+++ b/tests/api/test_dsa.c
@@ -0,0 +1,579 @@
+/* test_dsa.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/dsa.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_dsa.h>
+
+/*
+ * Testing wc_InitDsaKey()
+ */
+int test_wc_InitDsaKey(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_DSA
+    DsaKey key;
+
+    XMEMSET(&key, 0, sizeof(DsaKey));
+
+    ExpectIntEQ(wc_InitDsaKey(&key), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_InitDsaKey(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_FreeDsaKey(&key);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_InitDsaKey */
+
+/*
+ * Testing wc_DsaSign() and wc_DsaVerify()
+ */
+int test_wc_DsaSignVerify(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DSA)
+    DsaKey key;
+    WC_RNG rng;
+    wc_Sha sha;
+    byte   signature[DSA_SIG_SIZE];
+    byte   hash[WC_SHA_DIGEST_SIZE];
+    word32 idx = 0;
+    word32 bytes;
+    int    answer = 0;
+#ifdef USE_CERT_BUFFERS_1024
+    byte   tmp[ONEK_BUF];
+
+    XMEMSET(tmp, 0, sizeof(tmp));
+    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
+    bytes = sizeof_dsa_key_der_1024;
+#elif defined(USE_CERT_BUFFERS_2048)
+    byte   tmp[TWOK_BUF];
+
+    XMEMSET(tmp, 0, sizeof(tmp));
+    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
+    bytes = sizeof_dsa_key_der_2048;
+#else
+    byte   tmp[TWOK_BUF];
+    XFILE  fp = XBADFILE;
+
+    XMEMSET(tmp, 0, sizeof(tmp));
+    ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE);
+    ExpectTrue((bytes = (word32)XFREAD(tmp, 1, sizeof(tmp), fp)) > 0);
+    if (fp != XBADFILE)
+        XFCLOSE(fp);
+#endif /* END USE_CERT_BUFFERS_1024 */
+
+    ExpectIntEQ(wc_InitSha(&sha), 0);
+    ExpectIntEQ(wc_ShaUpdate(&sha, tmp, bytes), 0);
+    ExpectIntEQ(wc_ShaFinal(&sha, hash), 0);
+    ExpectIntEQ(wc_InitDsaKey(&key), 0);
+    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    /* Sign. */
+    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_DsaSign(NULL, signature, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaSign(hash, NULL, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaSign(hash, signature, NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaSign(hash, signature, &key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Verify. */
+    ExpectIntEQ(wc_DsaVerify(hash, signature, &key, &answer), 0);
+    ExpectIntEQ(answer, 1);
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_DsaVerify(NULL, signature, &key, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaVerify(hash, NULL, &key, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaVerify(hash, signature, NULL, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaVerify(hash, signature, &key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP)
+    /* hard set q to 0 and test fail case */
+    mp_free(&key.q);
+    ExpectIntEQ(mp_init(&key.q), 0);
+    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    mp_set(&key.q, 1);
+    ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    DoExpectIntEQ(wc_FreeRng(&rng),0);
+    wc_FreeDsaKey(&key);
+    wc_ShaFree(&sha);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_DsaSign */
+
+/*
+ * Testing wc_DsaPrivateKeyDecode() and wc_DsaPublicKeyDecode()
+ */
+int test_wc_DsaPublicPrivateKeyDecode(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DSA)
+    DsaKey key;
+    word32 bytes = 0;
+    word32 idx  = 0;
+    int    ret = 0;
+#ifdef USE_CERT_BUFFERS_1024
+    byte   tmp[ONEK_BUF];
+
+    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
+    bytes = sizeof_dsa_key_der_1024;
+#elif defined(USE_CERT_BUFFERS_2048)
+    byte   tmp[TWOK_BUF];
+
+    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
+    bytes = sizeof_dsa_key_der_2048;
+#else
+    byte   tmp[TWOK_BUF];
+    XFILE  fp = XBADFILE;
+
+    XMEMSET(tmp, 0, sizeof(tmp));
+    ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE);
+    ExpectTrue((bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp)) > 0);
+    if (fp != XBADFILE)
+        XFCLOSE(fp);
+#endif /* END USE_CERT_BUFFERS_1024 */
+
+    ExpectIntEQ(wc_InitDsaKey(&key), 0);
+    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntLT(ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
+    ExpectTrue((ret == WC_NO_ERR_TRACE(ASN_PARSE_E)) || (ret == WC_NO_ERR_TRACE(BUFFER_E)));
+    wc_FreeDsaKey(&key);
+
+    ExpectIntEQ(wc_InitDsaKey(&key), 0);
+    idx = 0; /* Reset */
+    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntLT(ret = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes), 0);
+    ExpectTrue((ret == WC_NO_ERR_TRACE(ASN_PARSE_E)) || (ret == WC_NO_ERR_TRACE(BUFFER_E)));
+    wc_FreeDsaKey(&key);
+#endif /* !NO_DSA */
+    return EXPECT_RESULT();
+
+} /* END test_wc_DsaPublicPrivateKeyDecode */
+
+/*
+ * Testing wc_MakeDsaKey() and wc_MakeDsaParameters()
+ */
+int test_wc_MakeDsaKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
+    DsaKey genKey;
+    WC_RNG rng;
+
+    XMEMSET(&genKey, 0, sizeof(genKey));
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    ExpectIntEQ(wc_InitDsaKey(&genKey), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_MakeDsaKey(&rng, &genKey), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_MakeDsaKey(NULL, &genKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_MakeDsaKey(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_FreeDsaKey(&genKey);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_MakeDsaKey */
+
+/*
+ * Testing wc_DsaKeyToDer()
+ */
+int test_wc_DsaKeyToDer(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
+    DsaKey key;
+    word32 bytes;
+    word32 idx = 0;
+#ifdef USE_CERT_BUFFERS_1024
+    byte   tmp[ONEK_BUF];
+    byte   der[ONEK_BUF];
+
+    XMEMSET(tmp, 0, sizeof(tmp));
+    XMEMSET(der, 0, sizeof(der));
+    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
+    bytes = sizeof_dsa_key_der_1024;
+#elif defined(USE_CERT_BUFFERS_2048)
+    byte   tmp[TWOK_BUF];
+    byte   der[TWOK_BUF];
+
+    XMEMSET(tmp, 0, sizeof(tmp));
+    XMEMSET(der, 0, sizeof(der));
+    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
+    bytes = sizeof_dsa_key_der_2048;
+#else
+    byte   tmp[TWOK_BUF];
+    byte   der[TWOK_BUF];
+    XFILE fp = XBADFILE;
+
+    XMEMSET(tmp, 0, sizeof(tmp));
+    XMEMSET(der, 0, sizeof(der));
+    ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE);
+    ExpectTrue((bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp)) > 0);
+    if (fp != XBADFILE)
+        XFCLOSE(fp);
+#endif /* END USE_CERT_BUFFERS_1024 */
+
+    XMEMSET(&key, 0, sizeof(DsaKey));
+
+    ExpectIntEQ(wc_InitDsaKey(&key), 0);
+    ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
+    ExpectIntGE(wc_DsaKeyToDer(&key, der, bytes), 0);
+    ExpectIntEQ(XMEMCMP(der, tmp, bytes), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_DsaKeyToDer(NULL, der, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaKeyToDer(&key, NULL, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_FreeDsaKey(&key);
+#endif /* !NO_DSA && WOLFSSL_KEY_GEN */
+    return EXPECT_RESULT();
+
+} /* END test_wc_DsaKeyToDer */
+
+/*
+ *  Testing wc_DsaKeyToPublicDer()
+ *  (indirectly testing setDsaPublicKey())
+ */
+int test_wc_DsaKeyToPublicDer(void)
+{
+    EXPECT_DECLS;
+#ifndef HAVE_SELFTEST
+#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
+    DsaKey key;
+    WC_RNG rng;
+    byte*  der = NULL;
+    word32 sz = 0;
+    word32 idx = 0;
+
+    XMEMSET(&key, 0, sizeof(DsaKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectNotNull(der = (byte*)XMALLOC(ONEK_BUF, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(wc_InitDsaKey(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, &key), 0);
+    ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0);
+
+    ExpectIntGE(sz = (word32)wc_DsaKeyToPublicDer(&key, der, ONEK_BUF), 0);
+    wc_FreeDsaKey(&key);
+
+    idx = 0;
+    ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0);
+
+    /* Test without the SubjectPublicKeyInfo header */
+    ExpectIntGE(sz = (word32)wc_SetDsaPublicKey(der, &key, ONEK_BUF, 0), 0);
+    wc_FreeDsaKey(&key);
+    idx = 0;
+    ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_DsaKeyToPublicDer(&key, NULL, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_FreeDsaKey(&key);
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif /* !NO_DSA && WOLFSSL_KEY_GEN */
+#endif /* !HAVE_SELFTEST */
+    return EXPECT_RESULT();
+
+} /* END test_wc_DsaKeyToPublicDer */
+
+/*
+ * Testing wc_DsaImportParamsRaw()
+ */
+int test_wc_DsaImportParamsRaw(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DSA)
+    DsaKey key;
+    /* [mod = L=1024, N=160], from CAVP KeyPair */
+    const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
+                    "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
+                    "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
+                    "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
+                    "47123188f8dc551054ee162b634d60f097f719076640e209"
+                    "80a0093113a8bd73";
+    const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
+    const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
+                    "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
+                    "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
+                    "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
+                    "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
+                    "76341a7e7d9";
+    /* invalid p and q parameters */
+    const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
+    const char* invalidQ = "96c5390a";
+
+    XMEMSET(&key, 0, sizeof(DsaKey));
+
+    ExpectIntEQ(wc_InitDsaKey(&key), 0);
+    ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, q, g), 0);
+
+    /* test bad args */
+    /* null key struct */
+    ExpectIntEQ(wc_DsaImportParamsRaw(NULL, p, q, g), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null param pointers */
+    ExpectIntEQ(wc_DsaImportParamsRaw(&key, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* illegal p length */
+    ExpectIntEQ(wc_DsaImportParamsRaw(&key, invalidP, q, g), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* illegal q length */
+    ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, invalidQ, g), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_FreeDsaKey(&key);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_DsaImportParamsRaw */
+
+/*
+ * Testing wc_DsaImportParamsRawCheck()
+ */
+int test_wc_DsaImportParamsRawCheck(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+    DsaKey key;
+    int    trusted = 0;
+    /* [mod = L=1024, N=160], from CAVP KeyPair */
+    const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
+                    "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
+                    "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
+                    "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
+                    "47123188f8dc551054ee162b634d60f097f719076640e209"
+                    "80a0093113a8bd73";
+    const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
+    const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
+                    "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
+                    "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
+                    "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
+                    "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
+                    "76341a7e7d9";
+    /* invalid p and q parameters */
+    const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
+    const char* invalidQ = "96c5390a";
+
+    ExpectIntEQ(wc_InitDsaKey(&key), 0);
+    ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL), 0);
+
+    /* test bad args */
+    /* null key struct */
+    ExpectIntEQ(wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null param pointers */
+    ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* illegal p length */
+    ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* illegal q length */
+    ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_FreeDsaKey(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_DsaImportParamsRawCheck */
+
+/*
+ * Testing wc_DsaExportParamsRaw()
+ */
+int test_wc_DsaExportParamsRaw(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DSA)
+    DsaKey key;
+    /* [mod = L=1024, N=160], from CAVP KeyPair */
+    const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
+                    "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
+                    "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
+                    "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
+                    "47123188f8dc551054ee162b634d60f097f719076640e209"
+                    "80a0093113a8bd73";
+    const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
+    const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
+                    "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
+                    "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
+                    "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
+                    "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
+                    "76341a7e7d9";
+    const char* pCompare = "\xd3\x83\x11\xe2\xcd\x38\x8c\x3e\xd6\x98\xe8\x2f"
+                           "\xdf\x88\xeb\x92\xb5\xa9\xa4\x83\xdc\x88\x00\x5d"
+                           "\x4b\x72\x5e\xf3\x41\xea\xbb\x47\xcf\x8a\x7a\x8a"
+                           "\x41\xe7\x92\xa1\x56\xb7\xce\x97\x20\x6c\x4f\x9c"
+                           "\x5c\xe6\xfc\x5a\xe7\x91\x21\x02\xb6\xb5\x02\xe5"
+                           "\x90\x50\xb5\xb2\x1c\xe2\x63\xdd\xdb\x20\x44\xb6"
+                           "\x52\x23\x6f\x4d\x42\xab\x4b\x5d\x6a\xa7\x31\x89"
+                           "\xce\xf1\xac\xe7\x78\xd7\x84\x5a\x5c\x1c\x1c\x71"
+                           "\x47\x12\x31\x88\xf8\xdc\x55\x10\x54\xee\x16\x2b"
+                           "\x63\x4d\x60\xf0\x97\xf7\x19\x07\x66\x40\xe2\x09"
+                           "\x80\xa0\x09\x31\x13\xa8\xbd\x73";
+    const char* qCompare = "\x96\xc5\x39\x0a\x8b\x61\x2c\x0e\x42\x2b\xb2\xb0"
+                           "\xea\x19\x4a\x3e\xc9\x35\xa2\x81";
+    const char* gCompare = "\x06\xb7\x86\x1a\xbb\xd3\x5c\xc8\x9e\x79\xc5\x2f"
+                           "\x68\xd2\x08\x75\x38\x9b\x12\x73\x61\xca\x66\x82"
+                           "\x21\x38\xce\x49\x91\xd2\xb8\x62\x25\x9d\x6b\x45"
+                           "\x48\xa6\x49\x5b\x19\x5a\xa0\xe0\xb6\x13\x7c\xa3"
+                           "\x7e\xb2\x3b\x94\x07\x4d\x3c\x3d\x30\x00\x42\xbd"
+                           "\xf1\x57\x62\x81\x2b\x63\x33\xef\x7b\x07\xce\xba"
+                           "\x78\x60\x76\x10\xfc\xc9\xee\x68\x49\x1d\xbc\x1e"
+                           "\x34\xcd\x12\x61\x54\x74\xe5\x2b\x18\xbc\x93\x4f"
+                           "\xb0\x0c\x61\xd3\x9e\x7d\xa8\x90\x22\x91\xc4\x43"
+                           "\x4a\x4e\x22\x24\xc3\xf4\xfd\x9f\x93\xcd\x6f\x4f"
+                           "\x17\xfc\x07\x63\x41\xa7\xe7\xd9";
+    byte pOut[MAX_DSA_PARAM_SIZE];
+    byte qOut[MAX_DSA_PARAM_SIZE];
+    byte gOut[MAX_DSA_PARAM_SIZE];
+    word32 pOutSz;
+    word32 qOutSz;
+    word32 gOutSz;
+
+    XMEMSET(&key, 0, sizeof(DsaKey));
+
+    ExpectIntEQ(wc_InitDsaKey(&key), 0);
+    /* first test using imported raw parameters, for expected */
+    ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, q, g), 0);
+    pOutSz = sizeof(pOut);
+    qOutSz = sizeof(qOut);
+    gOutSz = sizeof(gOut);
+    ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
+        &gOutSz), 0);
+    /* validate exported parameters are correct */
+    ExpectIntEQ(XMEMCMP(pOut, pCompare, pOutSz), 0);
+    ExpectIntEQ(XMEMCMP(qOut, qCompare, qOutSz), 0);
+    ExpectIntEQ(XMEMCMP(gOut, gCompare, gOutSz), 0);
+
+    /* test bad args */
+    /* null key struct */
+    ExpectIntEQ(wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz, gOut,
+        &gOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null output pointers */
+    ExpectIntEQ(wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz, NULL,
+        &gOutSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    /* null output size pointers */
+    ExpectIntEQ( wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL, gOut,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* p output buffer size too small */
+    pOutSz = 1;
+    ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
+        &gOutSz), WC_NO_ERR_TRACE(BUFFER_E));
+    pOutSz = sizeof(pOut);
+    /* q output buffer size too small */
+    qOutSz = 1;
+    ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
+        &gOutSz), WC_NO_ERR_TRACE(BUFFER_E));
+    qOutSz = sizeof(qOut);
+    /* g output buffer size too small */
+    gOutSz = 1;
+    ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
+        &gOutSz), WC_NO_ERR_TRACE(BUFFER_E));
+
+    wc_FreeDsaKey(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_DsaExportParamsRaw */
+
+/*
+ * Testing wc_DsaExportKeyRaw()
+ */
+int test_wc_DsaExportKeyRaw(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
+    DsaKey key;
+    WC_RNG rng;
+    byte xOut[MAX_DSA_PARAM_SIZE];
+    byte yOut[MAX_DSA_PARAM_SIZE];
+    word32 xOutSz, yOutSz;
+
+    XMEMSET(&key, 0, sizeof(key));
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    ExpectIntEQ(wc_InitDsaKey(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_MakeDsaParameters(&rng, 1024, &key), 0);
+    ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0);
+
+    /* try successful export */
+    xOutSz = sizeof(xOut);
+    yOutSz = sizeof(yOut);
+    ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz), 0);
+
+    /* test bad args */
+    /* null key struct */
+    ExpectIntEQ(wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null output pointers */
+    ExpectIntEQ(wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz),
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    /* null output size pointers */
+    ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* x output buffer size too small */
+    xOutSz = 1;
+    ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    xOutSz = sizeof(xOut);
+    /* y output buffer size too small */
+    yOutSz = 1;
+    ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz),
+        WC_NO_ERR_TRACE(BUFFER_E));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_FreeDsaKey(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_DsaExportParamsRaw */
+
diff --git a/tests/api/test_dsa.h b/tests/api/test_dsa.h
new file mode 100644
index 000000000..460c03f08
--- /dev/null
+++ b/tests/api/test_dsa.h
@@ -0,0 +1,50 @@
+/* test_dsa.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_DSA_H
+#define WOLFCRYPT_TEST_DSA_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitDsaKey(void);
+int test_wc_DsaSignVerify(void);
+int test_wc_DsaPublicPrivateKeyDecode(void);
+int test_wc_MakeDsaKey(void);
+int test_wc_DsaKeyToDer(void);
+int test_wc_DsaKeyToPublicDer(void);
+int test_wc_DsaImportParamsRaw(void);
+int test_wc_DsaImportParamsRawCheck(void);
+int test_wc_DsaExportParamsRaw(void);
+int test_wc_DsaExportKeyRaw(void);
+
+#define TEST_DSA_DECLS                                          \
+    TEST_DECL_GROUP("dsa", test_wc_InitDsaKey),                 \
+    TEST_DECL_GROUP("dsa", test_wc_DsaSignVerify),              \
+    TEST_DECL_GROUP("dsa", test_wc_DsaPublicPrivateKeyDecode),  \
+    TEST_DECL_GROUP("dsa", test_wc_MakeDsaKey),                 \
+    TEST_DECL_GROUP("dsa", test_wc_DsaKeyToDer),                \
+    TEST_DECL_GROUP("dsa", test_wc_DsaKeyToPublicDer),          \
+    TEST_DECL_GROUP("dsa", test_wc_DsaImportParamsRaw),         \
+    TEST_DECL_GROUP("dsa", test_wc_DsaImportParamsRawCheck),    \
+    TEST_DECL_GROUP("dsa", test_wc_DsaExportParamsRaw),         \
+    TEST_DECL_GROUP("dsa", test_wc_DsaExportKeyRaw)
+
+#endif /* WOLFCRYPT_TEST_DSA_H */
diff --git a/tests/api/test_dtls.c b/tests/api/test_dtls.c
new file mode 100644
index 000000000..bb3cf51fd
--- /dev/null
+++ b/tests/api/test_dtls.c
@@ -0,0 +1,597 @@
+/* test_dtls.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/ssl.h>
+#include <wolfssl/internal.h>
+
+#include <tests/utils.h>
+#include <tests/api/test_dtls.h>
+
+int test_dtls12_basic_connection_id(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS_CID)
+    unsigned char client_cid[] = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
+    unsigned char server_cid[] = { 0, 1, 2, 3, 4, 5 };
+    unsigned char readBuf[40];
+    void *        cid = NULL;
+    const char* params[] = {
+#ifndef NO_RSA
+#ifndef NO_SHA256
+#if defined(WOLFSSL_AES_128) && defined(WOLFSSL_STATIC_RSA)
+        "AES128-SHA256",
+#ifdef HAVE_AESCCM
+        "AES128-CCM8",
+#endif
+        "DHE-RSA-AES128-SHA256",
+        "ECDHE-RSA-AES128-SHA256",
+#ifdef HAVE_AESGCM
+        "DHE-RSA-AES128-GCM-SHA256",
+        "ECDHE-RSA-AES128-GCM-SHA256",
+#endif
+#endif /* WOLFSSL_AES_128 && WOLFSSL_STATIC_RSA */
+#endif /* NO_SHA256 */
+#endif /* NO_RSA */
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(HAVE_FIPS)
+        "DHE-RSA-CHACHA20-POLY1305",
+        "DHE-RSA-CHACHA20-POLY1305-OLD",
+        "ECDHE-RSA-CHACHA20-POLY1305",
+        "ECDHE-RSA-CHACHA20-POLY1305-OLD",
+#endif
+#ifndef NO_PSK
+        "DHE-PSK-AES128-CBC-SHA256",
+        "DHE-PSK-AES256-GCM-SHA384",
+#ifdef HAVE_NULL_CIPHER
+        "DHE-PSK-NULL-SHA256",
+#endif
+        "DHE-PSK-AES128-CCM",
+#endif
+    };
+    size_t i;
+    struct {
+        byte drop:1;
+        byte changeCID:1;
+    } run_params[] = {
+        { .drop = 0, .changeCID = 0 },
+        { .drop = 1, .changeCID = 0 },
+        { .drop = 0, .changeCID = 1 },
+    };
+
+    /* We check if the side included the CID in their output */
+#define CLIENT_CID() mymemmem(test_ctx.s_buff, test_ctx.s_len, \
+                              client_cid, sizeof(client_cid))
+#define SERVER_CID() mymemmem(test_ctx.c_buff, test_ctx.c_len, \
+                              server_cid, sizeof(server_cid))
+#define RESET_CID(cid) if ((cid) != NULL) { \
+                           ((char*)(cid))[0] = -1; \
+                       }
+
+
+    printf("\n");
+    for (i = 0; i < XELEM_CNT(params) && EXPECT_SUCCESS(); i++) {
+        size_t j;
+        for (j = 0; j < XELEM_CNT(run_params); j++) {
+            WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+            WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+            struct test_memio_ctx test_ctx;
+
+            printf("Testing %s run #%ld ... ", params[i], (long int)j);
+
+            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
+                &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method),
+                0);
+
+            ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, params[i]), 1);
+            ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, params[i]), 1);
+
+            ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1);
+            ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, server_cid,
+                    sizeof(server_cid)), 1);
+            ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1);
+            ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, client_cid,
+                    sizeof(client_cid)), 1);
+
+#ifndef NO_PSK
+            if (XSTRSTR(params[i], "-PSK-") != NULL) {
+                wolfSSL_set_psk_client_callback(ssl_c, my_psk_client_cb);
+                wolfSSL_set_psk_server_callback(ssl_s, my_psk_server_cb);
+            }
+#endif
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+            ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_c), 1);
+            ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_s), 1);
+#endif
+
+            /* CH1 */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNull(CLIENT_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNull(CLIENT_CID());
+            }
+            /* HVR */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNull(SERVER_CID());
+            /* No point dropping HVR */
+            /* CH2 */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNull(CLIENT_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNull(CLIENT_CID());
+            }
+            /* Server first flight */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNull(SERVER_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNull(SERVER_CID());
+            }
+            /* Client second flight */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(CLIENT_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNotNull(CLIENT_CID());
+            }
+            /* Server second flight */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+            ExpectNotNull(SERVER_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNotNull(SERVER_CID());
+            }
+            /* Client complete connection */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+            ExpectNull(CLIENT_CID());
+
+            /* Write some data */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            ExpectNotNull(CLIENT_CID());
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_write(ssl_s, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            ExpectNotNull(SERVER_CID());
+            /* Read the data */
+            wolfSSL_SetLoggingPrefix("client");
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)),
+                    XSTRLEN(params[i]));
+            ExpectStrEQ(readBuf, params[i]);
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)),
+                    XSTRLEN(params[i]));
+            ExpectStrEQ(readBuf, params[i]);
+            /* Write short data */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i], 1), 1);
+            ExpectNotNull(CLIENT_CID());
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_write(ssl_s, params[i], 1), 1);
+            ExpectNotNull(SERVER_CID());
+            /* Read the short data */
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), 1);
+            ExpectIntEQ(readBuf[0], params[i][0]);
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 1);
+            ExpectIntEQ(readBuf[0], params[i][0]);
+            /* Write some data but with wrong CID */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            /* Reset client cid. */
+            ExpectNotNull(cid = CLIENT_CID());
+            RESET_CID(cid);
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_write(ssl_s, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            /* Reset server cid. */
+            ExpectNotNull(cid = SERVER_CID());
+            RESET_CID(cid);
+            /* Try to read the data but it shouldn't be there */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+            /* do two SCR's */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+            /* SCR's after the first one have extra internal logic */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+            if (run_params[j].changeCID) {
+                ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, client_cid,
+                        sizeof(client_cid)), 0);
+                /* Forcefully change the CID */
+                ssl_c->dtlsCidInfo->rx->id[0] = -1;
+                /* We need to init the rehandshake from the client, otherwise
+                 * we won't be able to test changing the CID. It would be
+                 * rejected by the record CID matching code. */
+                wolfSSL_SetLoggingPrefix("client");
+                ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1),
+                        WOLFSSL_ERROR_WANT_READ);
+                ExpectNotNull(CLIENT_CID());
+                ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 1);
+                /* Server first flight */
+                wolfSSL_SetLoggingPrefix("server");
+                ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+                /* We expect the server to reject the CID change. */
+                ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), DTLS_CID_ERROR);
+                goto loop_exit;
+            }
+            /* Server init'd SCR */
+            /* Server request */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(SERVER_CID());
+            ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 1);
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNotNull(SERVER_CID());
+            }
+            /* Init SCR on client side with the server's request */
+            /* CH no HVR on SCR */
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(CLIENT_CID());
+            ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 1);
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNotNull(CLIENT_CID());
+            }
+            /* Server first flight */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(SERVER_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNotNull(SERVER_CID());
+            }
+            /* Client second flight */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(CLIENT_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1);
+                ExpectNotNull(CLIENT_CID());
+            }
+            ExpectIntEQ(wolfSSL_write(ssl_c, params[i],
+                    (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            /* Server second flight */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), APP_DATA_READY);
+            XMEMSET(readBuf, 0, sizeof(readBuf));
+            ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)),
+                    XSTRLEN(params[i]));
+            ExpectStrEQ(readBuf, params[i]);
+            if (!run_params[j].drop) {
+                ExpectIntEQ(wolfSSL_write(ssl_s, params[i],
+                        (int)XSTRLEN(params[i])), XSTRLEN(params[i]));
+            }
+            ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+            ExpectNotNull(SERVER_CID());
+            if (run_params[j].drop) {
+                test_ctx.c_len = test_ctx.s_len = 0;
+                ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1);
+                ExpectNotNull(SERVER_CID());
+            }
+            /* Test loading old epoch */
+            /* Client complete connection */
+            wolfSSL_SetLoggingPrefix("client");
+            if (!run_params[j].drop) {
+                ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
+                XMEMSET(readBuf, 0, sizeof(readBuf));
+                ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)),
+                        XSTRLEN(params[i]));
+                ExpectStrEQ(readBuf, params[i]);
+            }
+            ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+            ExpectNull(CLIENT_CID());
+            ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 0);
+            ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 0);
+#endif
+            /* Close connection */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
+            ExpectNotNull(CLIENT_CID());
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
+            ExpectNotNull(SERVER_CID());
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
+
+#ifdef HAVE_SECURE_RENEGOTIATION
+loop_exit:
+#endif
+            wolfSSL_SetLoggingPrefix(NULL);
+            wolfSSL_free(ssl_c);
+            wolfSSL_CTX_free(ctx_c);
+            wolfSSL_free(ssl_s);
+            wolfSSL_CTX_free(ctx_s);
+
+            if (EXPECT_SUCCESS())
+                printf("ok\n");
+            else
+                printf("failed\n");
+        }
+
+    }
+
+#undef CLIENT_CID
+#undef SERVER_CID
+#undef RESET_CID
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_dtls13_basic_connection_id(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
+    && defined(WOLFSSL_DTLS_CID)
+    unsigned char client_cid[] = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
+    unsigned char server_cid[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
+    unsigned char readBuf[50];
+    void *        cid = NULL;
+    const char* params[] = {
+#ifndef NO_SHA256
+#ifdef WOLFSSL_AES_128
+#ifdef HAVE_AESGCM
+        "TLS13-AES128-GCM-SHA256",
+#endif
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+        "TLS13-CHACHA20-POLY1305-SHA256",
+#endif
+#ifdef HAVE_AESCCM
+        "TLS13-AES128-CCM-8-SHA256",
+        "TLS13-AES128-CCM-SHA256",
+#endif
+#endif
+#ifdef HAVE_NULL_CIPHER
+        "TLS13-SHA256-SHA256",
+#endif
+#endif
+    };
+    size_t i;
+
+    /* We check if the side included the CID in their output */
+#define CLIENT_CID() mymemmem(test_ctx.s_buff, test_ctx.s_len, \
+                              client_cid, sizeof(client_cid))
+#define SERVER_CID() mymemmem(test_ctx.c_buff, test_ctx.c_len, \
+                              server_cid, sizeof(server_cid))
+#define RESET_CID(cid) if ((cid) != NULL) { \
+                           ((char*)(cid))[0] = -1; \
+                       }
+
+
+    printf("\n");
+    for (i = 0; i < XELEM_CNT(params) && EXPECT_SUCCESS(); i++) {
+        WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+        WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+        struct test_memio_ctx test_ctx;
+
+        printf("Testing %s ... ", params[i]);
+
+        XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+        ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
+
+        ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, params[i]), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, params[i]), WOLFSSL_SUCCESS);
+
+        ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1);
+        ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, server_cid, sizeof(server_cid)),
+                1);
+        ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1);
+        ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, client_cid, sizeof(client_cid)),
+                1);
+
+        /* CH1 */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNull(CLIENT_CID());
+        /* HRR */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNull(SERVER_CID());
+        /* CH2 */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNull(CLIENT_CID());
+        /* Server first flight */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNotNull(SERVER_CID());
+        /* Client second flight */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectNotNull(CLIENT_CID());
+        /* Server process flight */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
+        /* Client process flight */
+        ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
+
+        /* Write some data */
+        ExpectIntEQ(wolfSSL_write(ssl_c, params[i], (int)XSTRLEN(params[i])),
+                XSTRLEN(params[i]));
+        ExpectNotNull(CLIENT_CID());
+        ExpectIntEQ(wolfSSL_write(ssl_s, params[i], (int)XSTRLEN(params[i])),
+                XSTRLEN(params[i]));
+        ExpectNotNull(SERVER_CID());
+        /* Read the data */
+        XMEMSET(readBuf, 0, sizeof(readBuf));
+        ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)),
+                XSTRLEN(params[i]));
+        ExpectStrEQ(readBuf, params[i]);
+        XMEMSET(readBuf, 0, sizeof(readBuf));
+        ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)),
+                XSTRLEN(params[i]));
+        ExpectStrEQ(readBuf, params[i]);
+        /* Write short data */
+        ExpectIntEQ(wolfSSL_write(ssl_c, params[i], 1), 1);
+        ExpectNotNull(CLIENT_CID());
+        ExpectIntEQ(wolfSSL_write(ssl_s, params[i], 1), 1);
+        ExpectNotNull(SERVER_CID());
+        /* Read the short data */
+        XMEMSET(readBuf, 0, sizeof(readBuf));
+        ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), 1);
+        ExpectIntEQ(readBuf[0], params[i][0]);
+        XMEMSET(readBuf, 0, sizeof(readBuf));
+        ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 1);
+        ExpectIntEQ(readBuf[0], params[i][0]);
+        /* Write some data but with wrong CID */
+        ExpectIntEQ(wolfSSL_write(ssl_c, params[i], (int)XSTRLEN(params[i])),
+                XSTRLEN(params[i]));
+        /* Reset client cid. */
+        ExpectNotNull(cid = CLIENT_CID());
+        RESET_CID(cid);
+        ExpectIntEQ(wolfSSL_write(ssl_s, params[i], (int)XSTRLEN(params[i])),
+                XSTRLEN(params[i]));
+        /* Reset server cid. */
+        ExpectNotNull(cid = SERVER_CID());
+        RESET_CID(cid);
+        /* Try to read the data but it shouldn't be there */
+        ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+        ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+
+        /* Close connection */
+        ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE);
+        ExpectNotNull(CLIENT_CID());
+        ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE);
+        ExpectNotNull(SERVER_CID());
+        ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1);
+        ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1);
+
+        if (EXPECT_SUCCESS())
+            printf("ok\n");
+        else
+            printf("failed\n");
+
+        wolfSSL_free(ssl_c);
+        wolfSSL_CTX_free(ctx_c);
+        wolfSSL_free(ssl_s);
+        wolfSSL_CTX_free(ctx_s);
+    }
+
+#undef CLIENT_CID
+#undef SERVER_CID
+#undef RESET_CID
+
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_dtls_cid_parse(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+    /* Taken from Wireshark. Right-click -> copy -> ... as escaped string */
+    /* Plaintext ServerHelloDone. No CID. */
+    byte noCid[] =
+            "\x16\xfe\xfd\x00\x00\x00\x00\x00\x00\x00\x04\x00\x0c\x0e\x00\x00" \
+            "\x00\x00\x04\x00\x00\x00\x00\x00\x00";
+    /* 1.2 app data containing CID */
+    byte cid12[] =
+            "\x19\xfe\xfd\x00\x01\x00\x00\x00\x00\x00\x01\x77\xa3\x79\x34\xb3" \
+            "\xf1\x1f\x34\x00\x1f\xdb\x8c\x28\x25\x9f\xe1\x02\x26\x77\x1c\x3a" \
+            "\x50\x1b\x50\x99\xd0\xb5\x20\xd8\x2c\x2e\xaa\x36\x36\xe0\xb7\xb7" \
+            "\xf7\x7d\xff\xb0";
+#ifdef WOLFSSL_DTLS13
+    /* 1.3 app data containing CID */
+    byte cid13[] =
+            "\x3f\x70\x64\x04\xc6\xfb\x97\x21\xd9\x28\x27\x00\x17\xc1\x01\x86" \
+            "\xe7\x23\x2c\xad\x65\x83\xa8\xf4\xbf\xbf\x7b\x25\x16\x80\x19\xc3" \
+            "\x81\xda\xf5\x3f";
+#endif
+
+    ExpectPtrEq(wolfSSL_dtls_cid_parse(noCid, sizeof(noCid), 8), NULL);
+    ExpectPtrEq(wolfSSL_dtls_cid_parse(cid12, sizeof(cid12), 8), cid12 + 11);
+#ifdef WOLFSSL_DTLS13
+    ExpectPtrEq(wolfSSL_dtls_cid_parse(cid13, sizeof(cid13), 8), cid13 + 1);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
diff --git a/tests/api/test_dtls.h b/tests/api/test_dtls.h
new file mode 100644
index 000000000..68980c3e5
--- /dev/null
+++ b/tests/api/test_dtls.h
@@ -0,0 +1,29 @@
+/* test_dtls.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef TESTS_API_DTLS_H
+#define TESTS_API_DTLS_H
+
+int test_dtls12_basic_connection_id(void);
+int test_dtls13_basic_connection_id(void);
+int test_wolfSSL_dtls_cid_parse(void);
+
+#endif /* TESTS_API_DTLS_H */
diff --git a/tests/api/test_ecc.c b/tests/api/test_ecc.c
new file mode 100644
index 000000000..984403578
--- /dev/null
+++ b/tests/api/test_ecc.c
@@ -0,0 +1,1864 @@
+/* test_ecc.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/ecc.h>
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ecc.h>
+
+int test_wc_ecc_get_curve_size_from_name(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_ECC
+    #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
+        ExpectIntEQ(wc_ecc_get_curve_size_from_name("SECP256R1"), 32);
+    #endif
+    /* invalid case */
+    ExpectIntEQ(wc_ecc_get_curve_size_from_name("BADCURVE"), -1);
+    /* NULL input */
+    ExpectIntEQ(wc_ecc_get_curve_size_from_name(NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif /* HAVE_ECC */
+    return EXPECT_RESULT();
+}
+
+int test_wc_ecc_get_curve_id_from_name(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_ECC
+    #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
+        ExpectIntEQ(wc_ecc_get_curve_id_from_name("SECP256R1"),
+            ECC_SECP256R1);
+    #endif
+    /* invalid case */
+    ExpectIntEQ(wc_ecc_get_curve_id_from_name("BADCURVE"), -1);
+    /* NULL input */
+    ExpectIntEQ(wc_ecc_get_curve_id_from_name(NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif /* HAVE_ECC */
+    return EXPECT_RESULT();
+}
+
+int test_wc_ecc_get_curve_id_from_params(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_ECC
+    const byte prime[] =
+    {
+        0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
+        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
+    };
+
+    const byte primeInvalid[] =
+    {
+        0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
+        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x01,0x01
+    };
+
+    const byte Af[] =
+    {
+        0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
+        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC
+    };
+
+    const byte Bf[] =
+    {
+        0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,
+        0xB3,0xEB,0xBD,0x55,0x76,0x98,0x86,0xBC,
+        0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6,
+        0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B
+    };
+
+    const byte order[] =
+    {
+        0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+        0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84,
+        0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51
+    };
+
+    const byte Gx[] =
+    {
+        0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,
+        0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2,
+        0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0,
+        0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96
+    };
+
+    const byte Gy[] =
+    {
+        0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B,
+        0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16,
+        0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,
+        0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5
+    };
+
+    int cofactor = 1;
+    int fieldSize = 256;
+
+    #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
+        ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize,
+            prime, sizeof(prime), Af, sizeof(Af), Bf, sizeof(Bf),
+            order, sizeof(order), Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor),
+            ECC_SECP256R1);
+    #endif
+
+    /* invalid case, fieldSize = 0 */
+    ExpectIntEQ(wc_ecc_get_curve_id_from_params(0, prime, sizeof(prime),
+        Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
+        Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), ECC_CURVE_INVALID);
+
+    /* invalid case, NULL prime */
+    ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime),
+        Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
+        Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* invalid case, invalid prime */
+    ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize,
+        primeInvalid, sizeof(primeInvalid),
+        Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
+        Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), ECC_CURVE_INVALID);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_ecc_get_curve_id_from_dp_params(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
+    !defined(HAVE_SELFTEST) && \
+    !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
+#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
+    ecc_key* key;
+    const ecc_set_type* params = NULL;
+    int ret;
+#endif
+    WOLFSSL_EC_KEY *ecKey = NULL;
+
+    #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
+        ExpectIntEQ(wc_ecc_get_curve_id_from_name("SECP256R1"), ECC_SECP256R1);
+        ExpectNotNull(ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+
+        if (EXPECT_SUCCESS()) {
+            ret = EC_KEY_generate_key(ecKey);
+        } else
+            ret = 0;
+
+        if (ret == 1) {
+            /* normal test */
+            key = (ecc_key*)ecKey->internal;
+            if (key != NULL) {
+                params = key->dp;
+            }
+
+            ExpectIntEQ(wc_ecc_get_curve_id_from_dp_params(params),
+                ECC_SECP256R1);
+        }
+    #endif
+    /* invalid case, NULL input */
+    ExpectIntEQ(wc_ecc_get_curve_id_from_dp_params(NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wolfSSL_EC_KEY_free(ecKey);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*
+ * Testing wc_ecc_make_key.
+ */
+int test_wc_ecc_make_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
+    ecc_key key;
+    WC_RNG  rng;
+    int     ret;
+
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, KEY14, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_ecc_make_key(NULL, KEY14, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_make_key(&rng, KEY14, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&key);
+
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_make_key */
+
+
+/*
+ * Testing wc_ecc_init()
+ */
+int test_wc_ecc_init(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_ECC
+    ecc_key key;
+
+    XMEMSET(&key, 0, sizeof(ecc_key));
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_ecc_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_ecc_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_init */
+
+/*
+ * Testing wc_ecc_check_key()
+ */
+int test_wc_ecc_check_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
+    ecc_key key;
+    WC_RNG  rng;
+    int     ret;
+
+    XMEMSET(&rng, 0, sizeof(rng));
+    XMEMSET(&key, 0, sizeof(key));
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, KEY14, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    ExpectIntEQ(wc_ecc_check_key(&key), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_ecc_check_key(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&key);
+
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_check_key */
+
+/*
+ * Testing wc_ecc_get_generator()
+ */
+int test_wc_ecc_get_generator(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
+    !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
+    ecc_point* pt = NULL;
+
+    ExpectNotNull(pt = wc_ecc_new_point());
+
+    ExpectIntEQ(wc_ecc_get_generator(pt, wc_ecc_get_curve_idx(ECC_SECP256R1)),
+        MP_OKAY);
+
+    /* Test bad args. */
+    /* Returns Zero for bad arg. */
+    ExpectIntNE(wc_ecc_get_generator(pt, -1), MP_OKAY);
+    ExpectIntNE(wc_ecc_get_generator(NULL, wc_ecc_get_curve_idx(ECC_SECP256R1)),
+        MP_OKAY);
+    /* If we ever get to 1000 curves increase this number */
+    ExpectIntNE(wc_ecc_get_generator(pt, 1000), MP_OKAY);
+    ExpectIntNE(wc_ecc_get_generator(NULL, -1), MP_OKAY);
+
+    wc_ecc_del_point(pt);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_get_generator */
+
+/*
+ * Testing wc_ecc_size()
+ */
+int test_wc_ecc_size(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
+    WC_RNG      rng;
+    ecc_key     key;
+    int         ret;
+
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, KEY14, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    ExpectIntEQ(wc_ecc_size(&key), KEY14);
+    /* Test bad args. */
+    /* Returns Zero for bad arg. */
+    ExpectIntEQ(wc_ecc_size(NULL), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_size */
+
+int test_wc_ecc_params(void)
+{
+    EXPECT_DECLS;
+    /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`.
+        It was added after certifications */
+#if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+    const ecc_set_type* ecc_set = NULL;
+#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
+    /* Test for SECP256R1 curve */
+    int curve_id = ECC_SECP256R1;
+    int curve_idx = 0;
+
+    ExpectIntNE(curve_idx = wc_ecc_get_curve_idx(curve_id), ECC_CURVE_INVALID);
+    ExpectNotNull(ecc_set = wc_ecc_get_curve_params(curve_idx));
+    ExpectIntEQ(ecc_set->id, curve_id);
+#endif
+    /* Test case when SECP256R1 is not enabled */
+    /* Test that we get curve params for index 0 */
+    ExpectNotNull(ecc_set = wc_ecc_get_curve_params(0));
+#endif /* HAVE_ECC && !HAVE_FIPS && !HAVE_SELFTEST */
+    return EXPECT_RESULT();
+}
+
+/*
+ * Testing wc_ecc_sign_hash() and wc_ecc_verify_hash()
+ */
+int test_wc_ecc_signVerify_hash(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && \
+    !defined(WC_NO_RNG)
+    ecc_key key;
+    WC_RNG  rng;
+    int     ret;
+#ifdef HAVE_ECC_VERIFY
+    int     verify = 0;
+#endif
+    word32  siglen = ECC_BUFSIZE;
+    byte    sig[ECC_BUFSIZE];
+    byte    adjustedSig[ECC_BUFSIZE+1];
+    byte    digest[] = TEST_STRING;
+    word32  digestlen = (word32)TEST_STRING_SZ;
+
+    /* Init stack var */
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(sig, 0, siglen);
+    XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1);
+
+    /* Init structs. */
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, KEY14, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, &key),
+        0);
+
+    /* Check bad args. */
+    ExpectIntEQ(wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, NULL, &siglen, &rng, &key),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, NULL, &rng, &key),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, NULL, &key),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, NULL),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+#ifdef HAVE_ECC_VERIFY
+    ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify,
+        &key), 0);
+    ExpectIntEQ(verify, 1);
+
+    /* test check on length of signature passed in */
+    XMEMCPY(adjustedSig, sig, siglen);
+    adjustedSig[1] = adjustedSig[1] + 1; /* add 1 to length for extra byte */
+#ifndef NO_STRICT_ECDSA_LEN
+    ExpectIntNE(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
+        &verify, &key), 0);
+#else
+    /* if NO_STRICT_ECDSA_LEN is set then extra bytes after the signature
+     * is allowed */
+    ExpectIntEQ(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
+        &verify, &key), 0);
+#endif
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_verify_hash(NULL, siglen, digest, digestlen, &verify,
+        &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, NULL, digestlen, &verify, &key),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, NULL, &key),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify,
+        NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+#endif /* HAVE_ECC_VERIFY */
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&key);
+
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+#endif
+    return EXPECT_RESULT();
+} /*  END test_wc_ecc_sign_hash */
+
+/*
+ * Testing wc_ecc_shared_secret()
+ */
+int test_wc_ecc_shared_secret(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
+    ecc_key     key;
+    ecc_key     pubKey;
+    WC_RNG      rng;
+#if defined(NO_ECC256)
+    int         ret;
+#endif
+    byte        out[KEY32];
+    int         keySz = sizeof(out);
+    word32      outlen = (word32)sizeof(out);
+
+#if defined(HAVE_ECC) && !defined(NO_ECC256)
+    const char* qx =
+        "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
+    const char* qy =
+        "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
+    const char* d  =
+        "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
+    const char* curveName = "SECP256R1";
+    const byte expected_shared_secret[] =
+        {
+            0x65, 0xc0, 0xd4, 0x61, 0x17, 0xe6, 0x09, 0x75,
+            0xf0, 0x12, 0xa0, 0x4d, 0x0b, 0x41, 0x30, 0x7a,
+            0x51, 0xf0, 0xb3, 0xaf, 0x23, 0x8f, 0x0f, 0xdf,
+            0xf1, 0xff, 0x23, 0x64, 0x28, 0xca, 0xf8, 0x06
+        };
+#endif
+
+    PRIVATE_KEY_UNLOCK();
+
+    /* Initialize variables. */
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&pubKey, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(out, 0, keySz);
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_ecc_init(&pubKey), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+#if !defined(NO_ECC256)
+    ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, curveName), 0);
+    ExpectIntEQ(wc_ecc_import_raw(&pubKey, qx, qy, NULL, curveName), 0);
+#else
+    ret = wc_ecc_make_key(&rng, keySz, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+    ret = wc_ecc_make_key(&rng, keySz, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+#endif
+
+#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
+    !defined(HAVE_SELFTEST)
+    ExpectIntEQ(wc_ecc_set_rng(&key, &rng), 0);
+#endif
+
+    ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, &outlen), 0);
+
+#if !defined(NO_ECC256)
+    ExpectIntEQ(XMEMCMP(out, expected_shared_secret, outlen), 0);
+#endif
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_shared_secret(NULL, &pubKey, out, &outlen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_shared_secret(&key, NULL, out, &outlen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Invalid length */
+    outlen = 1;
+    ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, &outlen),
+        WC_NO_ERR_TRACE(BUFFER_E));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&pubKey);
+    wc_ecc_free(&key);
+
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
+    PRIVATE_KEY_LOCK();
+#endif
+    return EXPECT_RESULT();
+} /* END tests_wc_ecc_shared_secret */
+
+/*
+ * testint wc_ecc_export_x963()
+ */
+int test_wc_ecc_export_x963(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
+    ecc_key key;
+    WC_RNG  rng;
+    byte    out[ECC_ASN963_MAX_BUF_SZ];
+    word32  outlen = sizeof(out);
+    int     ret;
+
+    PRIVATE_KEY_UNLOCK();
+
+    /* Initialize variables. */
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(out, 0, outlen);
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, KEY20, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_export_x963(NULL, out, &outlen),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_export_x963(&key, NULL, &outlen),
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    ExpectIntEQ(wc_ecc_export_x963(&key, out, NULL),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    key.idx = -4;
+    ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&key);
+
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
+    PRIVATE_KEY_LOCK();
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_export_x963 */
+
+/*
+ * Testing wc_ecc_export_x963_ex()
+ * compile with --enable-compkey will use compression.
+ */
+int test_wc_ecc_export_x963_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
+    ecc_key key;
+    WC_RNG  rng;
+    int     ret;
+    byte    out[ECC_ASN963_MAX_BUF_SZ];
+    word32  outlen = sizeof(out);
+    #ifdef HAVE_COMP_KEY
+        word32  badOutLen = 5;
+    #endif
+
+    /* Init stack variables. */
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(out, 0, outlen);
+    PRIVATE_KEY_UNLOCK();
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, KEY64, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+#ifdef HAVE_COMP_KEY
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, COMP), 0);
+#else
+    ExpectIntEQ(ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP), 0);
+#endif
+
+    /* Test bad args. */
+#ifdef HAVE_COMP_KEY
+    ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, COMP),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, COMP),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#if defined(HAVE_FIPS) && (!defined(FIPS_VERSION_LT) || FIPS_VERSION_LT(5,3))
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP),
+        WC_NO_ERR_TRACE(BUFFER_E));
+#else
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP),
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+#endif
+    key.idx = -4;
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, COMP),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+#else
+    ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP),
+        WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, 1),
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    key.idx = -4;
+    ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+#endif
+    PRIVATE_KEY_LOCK();
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&key);
+
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_export_x963_ex */
+
+/*
+ * testing wc_ecc_import_x963()
+ */
+int test_wc_ecc_import_x963(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
+    defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
+    ecc_key pubKey;
+    ecc_key key;
+    WC_RNG  rng;
+    byte    x963[ECC_ASN963_MAX_BUF_SZ];
+    word32  x963Len = (word32)sizeof(x963);
+    int     ret;
+
+    /* Init stack variables. */
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&pubKey, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(x963, 0, x963Len);
+
+    ExpectIntEQ(wc_ecc_init(&pubKey), 0);
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+#if FIPS_VERSION3_GE(6,0,0)
+    ret = wc_ecc_make_key(&rng, KEY32, &key);
+#else
+    ret = wc_ecc_make_key(&rng, KEY24, &key);
+#endif
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+
+    ExpectIntEQ(ret, 0);
+
+    PRIVATE_KEY_UNLOCK();
+    ExpectIntEQ(wc_ecc_export_x963(&key, x963, &x963Len), 0);
+    PRIVATE_KEY_LOCK();
+
+    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, &pubKey), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_import_x963(NULL, x963Len, &pubKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_x963(x963, x963Len + 1, &pubKey),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&key);
+    wc_ecc_free(&pubKey);
+
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+#endif
+    return EXPECT_RESULT();
+} /* END wc_ecc_import_x963 */
+
+/*
+ * testing wc_ecc_import_private_key()
+ */
+int test_wc_ecc_import_private_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
+    defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
+    ecc_key key;
+    ecc_key keyImp;
+    WC_RNG  rng;
+    byte    privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/
+    byte    x963Key[ECC_ASN963_MAX_BUF_SZ];
+    word32  privKeySz = (word32)sizeof(privKey);
+    word32  x963KeySz = (word32)sizeof(x963Key);
+    int     ret;
+
+    /* Init stack variables. */
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&keyImp, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(privKey, 0, privKeySz);
+    XMEMSET(x963Key, 0, x963KeySz);
+    PRIVATE_KEY_UNLOCK();
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_ecc_init(&keyImp), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, KEY48, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    PRIVATE_KEY_UNLOCK();
+    ExpectIntEQ(wc_ecc_export_x963(&key, x963Key, &x963KeySz), 0);
+    PRIVATE_KEY_LOCK();
+    ExpectIntEQ(wc_ecc_export_private_only(&key, privKey, &privKeySz), 0);
+
+    ExpectIntEQ(wc_ecc_import_private_key(privKey, privKeySz, x963Key,
+        x963KeySz, &keyImp), 0);
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_ecc_import_private_key(privKey, privKeySz, x963Key,
+        x963KeySz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_private_key(NULL, privKeySz, x963Key, x963KeySz,
+        &keyImp), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    PRIVATE_KEY_LOCK();
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&keyImp);
+    wc_ecc_free(&key);
+
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_import_private_key */
+
+/*
+ * Testing wc_ecc_export_private_only()
+ */
+int test_wc_ecc_export_private_only(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
+    ecc_key key;
+    WC_RNG  rng;
+    byte    out[ECC_PRIV_KEY_BUF];
+    word32  outlen = sizeof(out);
+    int     ret;
+
+    /* Init stack variables. */
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(out, 0, outlen);
+    PRIVATE_KEY_UNLOCK();
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, KEY32, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    ExpectIntEQ(wc_ecc_export_private_only(&key, out, &outlen), 0);
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_ecc_export_private_only(NULL, out, &outlen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_export_private_only(&key, NULL, &outlen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_export_private_only(&key, out, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    PRIVATE_KEY_LOCK();
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&key);
+
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_export_private_only */
+
+/*
+ * Testing wc_ecc_rs_to_sig()
+ */
+int test_wc_ecc_rs_to_sig(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(NO_ASN)
+    /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
+    const char* R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
+    const char* S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
+    const char* zeroStr = "0";
+    byte        sig[ECC_MAX_SIG_SIZE];
+    word32      siglen = (word32)sizeof(sig);
+    /* R and S max size is the order of curve. 2^192.*/
+    int         keySz = KEY24;
+    byte        r[KEY24];
+    byte        s[KEY24];
+    word32      rlen = (word32)sizeof(r);
+    word32      slen = (word32)sizeof(s);
+#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+    word32      zeroLen = 0;
+#endif
+
+    /* Init stack variables. */
+    XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
+    XMEMSET(r, 0, keySz);
+    XMEMSET(s, 0, keySz);
+
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, &siglen), 0);
+    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_rs_to_sig(NULL, S, sig, &siglen),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, NULL, sig, &siglen),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, NULL),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, S, NULL, &siglen),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen),
+        WC_NO_ERR_TRACE(MP_ZERO_E));
+    ExpectIntEQ(wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen),
+        WC_NO_ERR_TRACE(MP_ZERO_E));
+    ExpectIntEQ(wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &zeroLen, s, &slen),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &zeroLen),
+        WC_NO_ERR_TRACE(BUFFER_E));
+#endif
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_rs_to_sig */
+
+int test_wc_ecc_import_raw(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(NO_ECC256)
+    ecc_key     key;
+    const char* qx =
+        "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
+    const char* qy =
+        "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
+    const char* d  =
+        "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
+    const char* curveName = "SECP256R1";
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+    const char* kNullStr = "";
+    int ret;
+#endif
+
+    XMEMSET(&key, 0, sizeof(ecc_key));
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+
+    /* Test good import */
+    ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, curveName), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_import_raw(NULL, qx, qy, d, curveName),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_raw(&key, NULL, qy, d, curveName),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_raw(&key, qx, NULL, d, curveName),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+    #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
+        wc_ecc_free(&key);
+    #endif
+    ExpectIntLT(ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr,
+        curveName), 0);
+    ExpectTrue((ret == WC_NO_ERR_TRACE(ECC_INF_E)) ||
+               (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)));
+#endif
+#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+    #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
+        wc_ecc_free(&key);
+    #endif
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+    ExpectIntLT(ret = wc_ecc_import_raw(&key, "0", qy, d, curveName), 0);
+    ExpectTrue((ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) ||
+               (ret == WC_NO_ERR_TRACE(MP_VAL)));
+#else
+    ExpectIntEQ(wc_ecc_import_raw(&key, "0", qy, d, curveName), 0);
+#endif
+    #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
+        wc_ecc_free(&key);
+    #endif
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+    ExpectIntLT(ret = wc_ecc_import_raw(&key, qx, "0", d, curveName), 0);
+    ExpectTrue((ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) ||
+               (ret == WC_NO_ERR_TRACE(MP_VAL)));
+#else
+    ExpectIntEQ(wc_ecc_import_raw(&key, qx, "0", d, curveName), 0);
+#endif
+    #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
+        wc_ecc_free(&key);
+    #endif
+    ExpectIntEQ(wc_ecc_import_raw(&key, "0", "0", d, curveName),
+        WC_NO_ERR_TRACE(ECC_INF_E));
+#endif
+
+    wc_ecc_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_import_raw */
+
+int test_wc_ecc_import_unsigned(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
+    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+     HAVE_FIPS_VERSION >= 2))
+    ecc_key    key;
+    const byte qx[] = {
+        0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6,
+        0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36,
+        0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa,
+        0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61
+    };
+    const byte qy[] = {
+        0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a,
+        0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf,
+        0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8,
+        0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8
+    };
+    const byte d[] = {
+        0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85,
+        0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac,
+        0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c,
+        0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c
+    };
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+    const byte nullBytes[32] = {0};
+    int ret;
+#endif
+    int        curveId = ECC_SECP256R1;
+
+    XMEMSET(&key, 0, sizeof(ecc_key));
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+
+    ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
+        curveId), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d,
+        curveId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d,
+        curveId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d,
+        curveId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
+        ECC_CURVE_INVALID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+    ExpectIntLT(ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes,
+        (byte*)nullBytes, (byte*)nullBytes, curveId), 0);
+    ExpectTrue((ret == WC_NO_ERR_TRACE(ECC_INF_E)) ||
+               (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)));
+#endif
+
+    wc_ecc_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_import_unsigned */
+
+/*
+ * Testing wc_ecc_sig_size()
+ */
+int test_wc_ecc_sig_size(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
+    ecc_key key;
+    WC_RNG  rng;
+    int     keySz = KEY16;
+    int     ret;
+
+    XMEMSET(&rng, 0, sizeof(rng));
+    XMEMSET(&key, 0, sizeof(key));
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, keySz, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    ExpectIntLE(wc_ecc_sig_size(&key),
+         (2 * keySz + SIG_HEADER_SZ + ECC_MAX_PAD_SZ));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_sig_size */
+
+/*
+ * Testing wc_ecc_ctx_new()
+ */
+int test_wc_ecc_ctx_new(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
+    WC_RNG    rng;
+    ecEncCtx* cli = NULL;
+    ecEncCtx* srv = NULL;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectNotNull(cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng));
+    ExpectNotNull(srv = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng));
+    wc_ecc_ctx_free(cli);
+    cli = NULL;
+    wc_ecc_ctx_free(srv);
+
+    /* Test bad args. */
+    /* wc_ecc_ctx_new_ex() will free if returned NULL. */
+    ExpectNull(cli = wc_ecc_ctx_new(0, &rng));
+    ExpectNull(cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, NULL));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_ctx_free(cli);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_ctx_new */
+
+/*
+ * Tesing wc_ecc_reset()
+ */
+int test_wc_ecc_ctx_reset(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
+    ecEncCtx* ctx = NULL;
+    WC_RNG    rng;
+
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectNotNull(ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng));
+
+    ExpectIntEQ(wc_ecc_ctx_reset(ctx, &rng), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_ecc_ctx_reset(NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_ctx_reset(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_ecc_ctx_free(ctx);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_ctx_reset */
+
+/*
+ * Testing wc_ecc_ctx_set_peer_salt() and wc_ecc_ctx_get_own_salt()
+ */
+int test_wc_ecc_ctx_set_peer_salt(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
+    WC_RNG      rng;
+    ecEncCtx*   cliCtx      = NULL;
+    ecEncCtx*   servCtx     = NULL;
+    const byte* cliSalt     = NULL;
+    const byte* servSalt    = NULL;
+
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectNotNull(cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng));
+    ExpectNotNull(servCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng));
+
+    /* Test bad args. */
+    ExpectNull(cliSalt = wc_ecc_ctx_get_own_salt(NULL));
+
+    ExpectNotNull(cliSalt = wc_ecc_ctx_get_own_salt(cliCtx));
+    ExpectNotNull(servSalt = wc_ecc_ctx_get_own_salt(servCtx));
+
+    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, servSalt), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(NULL, servSalt),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_ecc_ctx_free(cliCtx);
+    wc_ecc_ctx_free(servCtx);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_ecc_ctx_set_peer_salt */
+
+/*
+ * Testing wc_ecc_ctx_set_info()
+ */
+int test_wc_ecc_ctx_set_info(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
+    ecEncCtx*   ctx = NULL;
+    WC_RNG      rng;
+    const char* optInfo = "Optional Test Info.";
+    int         optInfoSz = (int)XSTRLEN(optInfo);
+    const char* badOptInfo = NULL;
+
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectNotNull(ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng));
+
+    ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_ecc_ctx_free(ctx);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_ctx_set_info */
+
+/*
+ * Testing wc_ecc_encrypt() and wc_ecc_decrypt()
+ */
+int test_wc_ecc_encryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \
+    defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
+    ecc_key     srvKey;
+    ecc_key     cliKey;
+    ecc_key     tmpKey;
+    WC_RNG      rng;
+    int         ret;
+    const char* msg   = "EccBlock Size 16";
+    word32      msgSz = (word32)XSTRLEN("EccBlock Size 16");
+#ifdef WOLFSSL_ECIES_OLD
+    byte        out[(sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE];
+#elif defined(WOLFSSL_ECIES_GEN_IV)
+    byte        out[KEY20 * 2 + 1 + AES_BLOCK_SIZE +
+                    (sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE];
+#else
+    byte        out[KEY20 * 2 + 1 + (sizeof("EccBlock Size 16") - 1) +
+                    WC_SHA256_DIGEST_SIZE];
+#endif
+    word32      outSz = (word32)sizeof(out);
+    byte        plain[sizeof("EccBlock Size 16")];
+    word32      plainSz = (word32)sizeof(plain);
+    int         keySz = KEY20;
+
+    /* Init stack variables. */
+    XMEMSET(out, 0, outSz);
+    XMEMSET(plain, 0, plainSz);
+    XMEMSET(&rng, 0, sizeof(rng));
+    XMEMSET(&srvKey, 0, sizeof(ecc_key));
+    XMEMSET(&cliKey, 0, sizeof(ecc_key));
+    XMEMSET(&tmpKey, 0, sizeof(ecc_key));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ecc_init(&cliKey), 0);
+    ret = wc_ecc_make_key(&rng, keySz, &cliKey);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    ExpectIntEQ(wc_ecc_init(&srvKey), 0);
+    ret = wc_ecc_make_key(&rng, keySz, &srvKey);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &srvKey.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    ExpectIntEQ(wc_ecc_init(&tmpKey), 0);
+
+#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
+    !defined(HAVE_SELFTEST)
+    ExpectIntEQ(wc_ecc_set_rng(&srvKey, &rng), 0);
+    ExpectIntEQ(wc_ecc_set_rng(&cliKey, &rng), 0);
+#endif
+
+    ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
+        &outSz, NULL), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out, &outSz,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out, &outSz,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out, &outSz,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL,
+        &outSz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out, NULL,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#ifdef WOLFSSL_ECIES_OLD
+    tmpKey.dp = cliKey.dp;
+    ExpectIntEQ(wc_ecc_copy_point(&cliKey.pubkey, &tmpKey.pubkey), 0);
+#endif
+
+    ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, &plainSz,
+         NULL), 0);
+    ExpectIntEQ(wc_ecc_decrypt(NULL, &tmpKey, out, outSz, plain, &plainSz,
+         NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_ECIES_OLD
+    /* NULL parameter allowed in new implementations - public key comes from
+     * the message. */
+    ExpectIntEQ(wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain, &plainSz,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, NULL, outSz, plain, &plainSz,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, NULL, &plainSz,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(XMEMCMP(msg, plain, msgSz), 0);
+
+    wc_ecc_free(&tmpKey);
+    wc_ecc_free(&srvKey);
+    wc_ecc_free(&cliKey);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_encryptDecrypt */
+
+/*
+ * Testing wc_ecc_del_point() and wc_ecc_new_point()
+ */
+int test_wc_ecc_del_point(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC)
+    ecc_point* pt = NULL;
+
+    ExpectNotNull(pt = wc_ecc_new_point());
+    wc_ecc_del_point(pt);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_del_point */
+
+/*
+ * Testing wc_ecc_point_is_at_infinity(), wc_ecc_export_point_der(),
+ * wc_ecc_import_point_der(), wc_ecc_copy_point(), wc_ecc_point_is_on_curve(),
+ * and wc_ecc_cmp_point()
+ */
+int test_wc_ecc_pointFns(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
+    !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
+    !defined(WOLFSSL_ATECC608A)
+    ecc_key    key;
+    WC_RNG     rng;
+    int        ret;
+    ecc_point* point = NULL;
+    ecc_point* cpypt = NULL;
+    int        idx = 0;
+    int        keySz = KEY32;
+    byte       der[DER_SZ(KEY32)];
+    word32     derlenChk = 0;
+    word32     derSz = DER_SZ(KEY32);
+
+    /* Init stack variables. */
+    XMEMSET(der, 0, derSz);
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ret = wc_ecc_make_key(&rng, keySz, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    ExpectNotNull(point = wc_ecc_new_point());
+    ExpectNotNull(cpypt = wc_ecc_new_point());
+
+    /* Export */
+    ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, NULL,
+        &derlenChk), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    /* Check length value. */
+    ExpectIntEQ(derSz, derlenChk);
+    ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der,
+        &derSz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der,
+        NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    /* Import */
+    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, point), 0);
+    ExpectIntEQ(wc_ecc_cmp_point(&key.pubkey, point), 0);
+    /* Test bad args. */
+    ExpectIntEQ( wc_ecc_import_point_der(NULL, derSz, idx, point),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, NULL),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_import_point_der(der, derSz, -1, point),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_import_point_der(der, derSz + 1, idx, point),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    /* Copy */
+    ExpectIntEQ(wc_ecc_copy_point(point, cpypt), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_copy_point(NULL, cpypt), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_copy_point(point, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    /* Compare point */
+    ExpectIntEQ(wc_ecc_cmp_point(point, cpypt), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_cmp_point(NULL, cpypt), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_cmp_point(point, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* At infinity if return == 1, otherwise return == 0. */
+    ExpectIntEQ(wc_ecc_point_is_at_infinity(point), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_point_is_at_infinity(NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
+#ifdef USE_ECC_B_PARAM
+    /* On curve if ret == 0 */
+    ExpectIntEQ(wc_ecc_point_is_on_curve(point, idx), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_point_is_on_curve(NULL, idx),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_point_is_on_curve(point, 1000),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+#endif /* USE_ECC_B_PARAM */
+#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
+
+    /* Free */
+    wc_ecc_del_point(point);
+    wc_ecc_del_point(cpypt);
+    wc_ecc_free(&key);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_pointFns */
+
+/*
+ * Testing wc_ecc_shared_secret_ssh()
+ */
+int test_wc_ecc_shared_secret_ssh(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
+    !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
+    !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
+    !defined(WOLFSSL_CRYPTOCELL)
+    ecc_key key;
+    ecc_key key2;
+    WC_RNG  rng;
+    int     ret;
+    int     keySz = KEY32;
+#if FIPS_VERSION3_GE(6,0,0)
+    int     key2Sz = KEY28;
+#else
+    int     key2Sz = KEY24;
+#endif
+    byte    secret[KEY32];
+    word32  secretLen = (word32)keySz;
+
+    /* Init stack variables. */
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&key2, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(secret, 0, secretLen);
+    PRIVATE_KEY_UNLOCK();
+
+    /* Make keys */
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, keySz, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+
+    ExpectIntEQ(wc_ecc_init(&key2), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, key2Sz, &key2);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
+    !defined(HAVE_SELFTEST)
+    ExpectIntEQ(wc_ecc_set_rng(&key, &rng), 0);
+#endif
+
+    ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret,
+        &secretLen), 0);
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret,
+        &secretLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    key.type = ECC_PUBLICKEY;
+    ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret,
+        &secretLen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    PRIVATE_KEY_LOCK();
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&key);
+    wc_ecc_free(&key2);
+
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_shared_secret_ssh */
+
+/*
+ * Testing wc_ecc_verify_hash_ex() and wc_ecc_verify_hash_ex()
+ */
+int test_wc_ecc_verify_hash_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
+    && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
+       !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_KCAPI_ECC)
+    ecc_key       key;
+    WC_RNG        rng;
+    int           ret;
+    mp_int        r;
+    mp_int        s;
+    mp_int        z;
+    unsigned char hash[] = "Everyone gets Friday off.EccSig";
+    unsigned char iHash[] = "Everyone gets Friday off.......";
+    unsigned char shortHash[] = TEST_STRING;
+    word32        hashlen = sizeof(hash);
+    word32        iHashLen = sizeof(iHash);
+    word32        shortHashLen = sizeof(shortHash);
+    int           keySz = KEY32;
+    int           verify_ok = 0;
+
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(&r, 0, sizeof(mp_int));
+    XMEMSET(&s, 0, sizeof(mp_int));
+    XMEMSET(&z, 0, sizeof(mp_int));
+
+    /* Initialize r, s and z. */
+    ExpectIntEQ(mp_init_multi(&r, &s, &z, NULL, NULL, NULL), MP_OKAY);
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, keySz, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, &s), 0);
+    /* verify_ok should be 1. */
+    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &verify_ok, &key),
+        0);
+    ExpectIntEQ(verify_ok, 1);
+
+    /* verify_ok should be 0 */
+    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, iHash, iHashLen, &verify_ok,
+        &key), 0);
+    ExpectIntEQ(verify_ok, 0);
+
+    /* verify_ok should be 0. */
+    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
+        &verify_ok, &key), 0);
+    ExpectIntEQ(verify_ok, 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen,
+        &verify_ok, &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen,
+        &verify_ok, &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_verify_hash_ex(&z, &s, shortHash, shortHashLen,
+        &verify_ok, &key), WC_NO_ERR_TRACE(MP_ZERO_E));
+    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &z, shortHash, shortHashLen,
+        &verify_ok, &key), WC_NO_ERR_TRACE(MP_ZERO_E));
+    ExpectIntEQ(wc_ecc_verify_hash_ex(&z, &z, shortHash, shortHashLen,
+        &verify_ok, &key), WC_NO_ERR_TRACE(MP_ZERO_E));
+    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok,
+        &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, NULL,
+        &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
+        &verify_ok, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    wc_ecc_free(&key);
+    mp_free(&r);
+    mp_free(&s);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_verify_hash_ex */
+
+/*
+ * Testing wc_ecc_mulmod()
+ */
+int test_wc_ecc_mulmod(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
+    !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
+      defined(WOLFSSL_VALIDATE_ECC_IMPORT))
+    ecc_key     key1;
+    ecc_key     key2;
+    ecc_key     key3;
+    WC_RNG      rng;
+    int         ret;
+
+    XMEMSET(&key1, 0, sizeof(ecc_key));
+    XMEMSET(&key2, 0, sizeof(ecc_key));
+    XMEMSET(&key3, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ecc_init(&key1), 0);
+    ExpectIntEQ(wc_ecc_init(&key2), 0);
+    ExpectIntEQ(wc_ecc_init(&key3), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, KEY32, &key1);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key1.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+
+    ExpectIntEQ(wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy,
+        key1.dp->Af, ECC_SECP256R1), 0);
+    ExpectIntEQ(wc_ecc_import_raw_ex(&key3, key1.dp->Gx, key1.dp->Gy,
+        key1.dp->prime, ECC_SECP256R1), 0);
+
+    ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey,
+        &key3.pubkey, wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3),
+        1), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey,
+        wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), NULL, &key3.pubkey,
+        wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey, NULL,
+        wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+    ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey,
+        &key3.pubkey, wc_ecc_key_get_priv(&key2), NULL, 1),
+        WC_NO_ERR_TRACE(ECC_BAD_ARG_E));
+
+    wc_ecc_free(&key1);
+    wc_ecc_free(&key2);
+    wc_ecc_free(&key3);
+
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+#endif /* HAVE_ECC && !WOLFSSL_ATECC508A */
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_mulmod */
+
+/*
+ * Testing wc_ecc_is_valid_idx()
+ */
+int test_wc_ecc_is_valid_idx(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
+    ecc_key key;
+    WC_RNG  rng;
+    int     ret;
+    int     iVal = -2;
+    int     iVal2 = 3000;
+
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, 32, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    ExpectIntEQ(wc_ecc_is_valid_idx(key.idx), 1);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ecc_is_valid_idx(iVal), 0);
+    ExpectIntEQ(wc_ecc_is_valid_idx(iVal2), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&key);
+
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_is_valid_idx */
+
+/*
+ * Testing wc_ecc_get_curve_id_from_oid()
+ */
+int test_wc_ecc_get_curve_id_from_oid(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
+    !defined(HAVE_FIPS)
+    const byte oid[] = {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07};
+    word32 len = sizeof(oid);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_ecc_get_curve_id_from_oid(NULL, len),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_get_curve_id_from_oid(oid, 0), ECC_CURVE_INVALID);
+    /* Good Case */
+    ExpectIntEQ(wc_ecc_get_curve_id_from_oid(oid, len), ECC_SECP256R1);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_get_curve_id_from_oid */
+
+/*
+ * Testing wc_ecc_sig_size_calc()
+ */
+int test_wc_ecc_sig_size_calc(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST)
+    ecc_key key;
+    WC_RNG  rng;
+    int     sz = 0;
+    int     ret;
+
+    XMEMSET(&key, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ecc_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ret = wc_ecc_make_key(&rng, 16, &key);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+#if FIPS_VERSION3_GE(6,0,0)
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
+    ExpectIntEQ(ret, 0);
+#endif
+#if FIPS_VERSION3_LT(6,0,0)
+    sz = key.dp->size;
+    ExpectIntGT(wc_ecc_sig_size_calc(sz), 0);
+#else
+    (void) sz;
+#endif
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ecc_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ecc_sig_size_calc */
+
+/*
+ * Testing wc_EccPrivateKeyToDer
+ */
+int test_wc_EccPrivateKeyToDer(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
+    byte    output[ONEK_BUF];
+    ecc_key eccKey;
+    WC_RNG  rng;
+    word32  inLen = 0;
+    word32  outLen = 0;
+    int     ret;
+
+    XMEMSET(&eccKey, 0, sizeof(ecc_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    PRIVATE_KEY_UNLOCK();
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ecc_init(&eccKey), 0);
+    ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    ExpectIntEQ(ret, 0);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, output, inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    inLen = wc_EccPrivateKeyToDer(&eccKey, NULL, 0);
+    ExpectIntGT(inLen, 0);
+    ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Good Case */
+    ExpectIntGT(outLen = (word32)wc_EccPrivateKeyToDer(&eccKey, output, inLen),
+        0);
+
+    wc_ecc_free(&eccKey);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ALL_CURVES)
+    {
+        /* test importing private only into a PKEY struct */
+        EC_KEY*   ec = NULL;
+        EVP_PKEY* pkey = NULL;
+        const unsigned char* der;
+
+        der = output;
+        ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &der, outLen));
+
+        der = output;
+        ExpectNotNull(ec = d2i_ECPrivateKey(NULL, &der, outLen));
+        ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ec), SSL_SUCCESS);
+        if (EXPECT_FAIL()) {
+            EC_KEY_free(ec);
+        }
+        EVP_PKEY_free(pkey); /* EC_KEY should be free'd by free'ing pkey */
+    }
+#endif
+    PRIVATE_KEY_LOCK();
+#endif
+    return EXPECT_RESULT();
+} /* End test_wc_EccPrivateKeyToDer */
+
diff --git a/tests/api/test_ecc.h b/tests/api/test_ecc.h
new file mode 100644
index 000000000..d92e99b2c
--- /dev/null
+++ b/tests/api/test_ecc.h
@@ -0,0 +1,100 @@
+/* test_ecc.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_ECC_H
+#define WOLFCRYPT_TEST_ECC_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_ecc_get_curve_size_from_name(void);
+int test_wc_ecc_get_curve_id_from_name(void);
+int test_wc_ecc_get_curve_id_from_params(void);
+int test_wc_ecc_get_curve_id_from_dp_params(void);
+int test_wc_ecc_make_key(void);
+int test_wc_ecc_init(void);
+int test_wc_ecc_check_key(void);
+int test_wc_ecc_get_generator(void);
+int test_wc_ecc_size(void);
+int test_wc_ecc_params(void);
+int test_wc_ecc_signVerify_hash(void);
+int test_wc_ecc_shared_secret(void);
+int test_wc_ecc_export_x963(void);
+int test_wc_ecc_export_x963_ex(void);
+int test_wc_ecc_import_x963(void);
+int test_wc_ecc_import_private_key(void);
+int test_wc_ecc_export_private_only(void);
+int test_wc_ecc_rs_to_sig(void);
+int test_wc_ecc_import_raw(void);
+int test_wc_ecc_import_unsigned(void);
+int test_wc_ecc_sig_size(void);
+int test_wc_ecc_ctx_new(void);
+int test_wc_ecc_ctx_reset(void);
+int test_wc_ecc_ctx_set_peer_salt(void);
+int test_wc_ecc_ctx_set_info(void);
+int test_wc_ecc_encryptDecrypt(void);
+int test_wc_ecc_del_point(void);
+int test_wc_ecc_pointFns(void);
+int test_wc_ecc_shared_secret_ssh(void);
+int test_wc_ecc_verify_hash_ex(void);
+int test_wc_ecc_mulmod(void);
+int test_wc_ecc_is_valid_idx(void);
+int test_wc_ecc_get_curve_id_from_oid(void);
+int test_wc_ecc_sig_size_calc(void);
+int test_wc_EccPrivateKeyToDer(void);
+
+#define TEST_ECC_DECLS                                                  \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_get_curve_size_from_name),       \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_get_curve_id_from_name),         \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_get_curve_id_from_params),       \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_get_curve_id_from_dp_params),    \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_make_key),                       \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_init),                           \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_check_key),                      \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_get_generator),                  \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_size),                           \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_params),                         \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_signVerify_hash),                \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_shared_secret),                  \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_export_x963),                    \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_export_x963_ex),                 \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_import_x963),                    \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_import_private_key),             \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_export_private_only),            \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_rs_to_sig),                      \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_import_raw),                     \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_import_unsigned),                \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_sig_size),                       \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_ctx_new),                        \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_ctx_reset),                      \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_ctx_set_peer_salt),              \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_ctx_set_info),                   \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_encryptDecrypt),                 \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_del_point),                      \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_pointFns),                       \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_shared_secret_ssh),              \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_verify_hash_ex),                 \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_mulmod),                         \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_is_valid_idx),                   \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_get_curve_id_from_oid),          \
+    TEST_DECL_GROUP("ecc", test_wc_ecc_sig_size_calc),                  \
+    TEST_DECL_GROUP("ecc", test_wc_EccPrivateKeyToDer)
+
+#endif /* WOLFCRYPT_TEST_ECC_H */
diff --git a/tests/api/test_ed25519.c b/tests/api/test_ed25519.c
new file mode 100644
index 000000000..884d4e1ed
--- /dev/null
+++ b/tests/api/test_ed25519.c
@@ -0,0 +1,597 @@
+/* test_ed25519.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/ed25519.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ed25519.h>
+
+/*
+ * Testing wc_ed25519_make_key().
+ */
+int test_wc_ed25519_make_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED25519) && defined(HAVE_ED25519_MAKE_KEY)
+    ed25519_key   key;
+    WC_RNG        rng;
+    unsigned char pubkey[ED25519_PUB_KEY_SIZE+1];
+    int           pubkey_sz = ED25519_PUB_KEY_SIZE;
+
+    XMEMSET(&key, 0, sizeof(ed25519_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectIntEQ(wc_ed25519_make_public(&key, pubkey, (word32)pubkey_sz),
+        WC_NO_ERR_TRACE(ECC_PRIV_KEY_E));
+    ExpectIntEQ(wc_ed25519_make_public(&key, pubkey+1, (word32)pubkey_sz),
+        WC_NO_ERR_TRACE(ECC_PRIV_KEY_E));
+    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed25519_make_key */
+
+/*
+ * Testing wc_ed25519_init()
+ */
+int test_wc_ed25519_init(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED25519)
+    ed25519_key key;
+
+    XMEMSET(&key, 0, sizeof(ed25519_key));
+
+    ExpectIntEQ(wc_ed25519_init(&key), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_ed25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed25519_init */
+
+/*
+ * Test wc_ed25519_sign_msg() and wc_ed25519_verify_msg()
+ */
+int test_wc_ed25519_sign_msg(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN)
+    WC_RNG      rng;
+    ed25519_key key;
+    byte        msg[] = "Everybody gets Friday off.\n";
+    byte        sig[ED25519_SIG_SIZE+1];
+    word32      msglen = sizeof(msg);
+    word32      siglen = ED25519_SIG_SIZE;
+    word32      badSigLen = ED25519_SIG_SIZE - 1;
+#ifdef HAVE_ED25519_VERIFY
+    int         verify_ok = 0; /*1 = Verify success.*/
+#endif
+
+    /* Initialize stack variables. */
+    XMEMSET(&key, 0, sizeof(ed25519_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(sig, 0, sizeof(sig));
+
+    /* Initialize key. */
+    ExpectIntEQ(wc_ed25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
+
+    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key), 0);
+    ExpectIntEQ(siglen, ED25519_SIG_SIZE);
+    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig+1, &siglen, &key), 0);
+    ExpectIntEQ(siglen, ED25519_SIG_SIZE);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    ExpectIntEQ(badSigLen, ED25519_SIG_SIZE);
+    badSigLen--;
+
+#ifdef HAVE_ED25519_VERIFY
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok,
+        &key), 0);
+    ExpectIntEQ(verify_ok, 1);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen - 1, msg, msglen,
+        &verify_ok, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen + 1, msg, msglen,
+        &verify_ok, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, NULL, msglen, &verify_ok,
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, NULL, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_verify_msg(sig+1, badSigLen, msg, msglen, &verify_ok,
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif /* Verify. */
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_ed25519_sign_msg */
+
+/*
+ * Testing wc_ed25519_import_public()
+ */
+int test_wc_ed25519_import_public(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
+    ed25519_key pubKey;
+    WC_RNG      rng;
+    const byte  in[] = "Ed25519PublicKeyUnitTest......\n";
+    word32      inlen = sizeof(in);
+
+    XMEMSET(&pubKey, 0, sizeof(ed25519_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed25519_init(&pubKey), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+#ifdef HAVE_ED25519_MAKE_KEY
+    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &pubKey), 0);
+#endif
+
+    ExpectIntEQ(wc_ed25519_import_public_ex(in, inlen, &pubKey, 1), 0);
+    ExpectIntEQ(XMEMCMP(in, pubKey.p, inlen), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_import_public(NULL, inlen, &pubKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_import_public(in, inlen, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_import_public(in, inlen - 1, &pubKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed25519_free(&pubKey);
+#endif
+    return EXPECT_RESULT();
+} /* END wc_ed25519_import_public */
+
+/*
+ * Testing wc_ed25519_import_private_key()
+ */
+int test_wc_ed25519_import_private_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
+    ed25519_key key;
+    WC_RNG      rng;
+    const byte  privKey[] = "Ed25519PrivateKeyUnitTest.....\n";
+    const byte  pubKey[] = "Ed25519PublicKeyUnitTest......\n";
+    word32      privKeySz = sizeof(privKey);
+    word32      pubKeySz = sizeof(pubKey);
+#ifdef HAVE_ED25519_KEY_EXPORT
+    byte        bothKeys[sizeof(privKey) + sizeof(pubKey)];
+    word32      bothKeysSz = sizeof(bothKeys);
+#endif
+
+    XMEMSET(&key, 0, sizeof(ed25519_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+#ifdef HAVE_ED25519_MAKE_KEY
+    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
+#endif
+
+    ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, privKeySz, pubKey,
+        pubKeySz, &key, 1), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
+    ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
+
+#ifdef HAVE_ED25519_KEY_EXPORT
+    PRIVATE_KEY_UNLOCK();
+    ExpectIntEQ(wc_ed25519_export_private(&key, bothKeys, &bothKeysSz), 0);
+    PRIVATE_KEY_LOCK();
+    ExpectIntEQ(wc_ed25519_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0,
+        &key, 1), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
+    ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
+#endif
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, NULL,
+        pubKeySz, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
+        pubKeySz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey,
+        pubKeySz, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
+        pubKeySz - 1, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, NULL, 0,
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed25519_import_private_key */
+
+/*
+ * Testing wc_ed25519_export_public() and wc_ed25519_export_private_only()
+ */
+int test_wc_ed25519_export(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
+    ed25519_key key;
+    WC_RNG      rng;
+    byte        priv[ED25519_PRV_KEY_SIZE];
+    byte        pub[ED25519_PUB_KEY_SIZE];
+    word32      privSz = sizeof(priv);
+    word32      pubSz = sizeof(pub);
+#ifndef HAVE_ED25519_MAKE_KEY
+    const byte  privKey[] = {
+        0xf8, 0x55, 0xb7, 0xb6, 0x49, 0x3f, 0x99, 0x9c,
+        0x88, 0xe3, 0xc5, 0x42, 0x6a, 0xa4, 0x47, 0x4a,
+        0xe4, 0x95, 0xda, 0xdb, 0xbf, 0xf8, 0xa7, 0x42,
+        0x9d, 0x0e, 0xe7, 0xd0, 0x57, 0x8f, 0x16, 0x69
+    };
+    const byte  pubKey[] = {
+        0x42, 0x3b, 0x7a, 0xf9, 0x82, 0xcf, 0xf9, 0xdf,
+        0x19, 0xdd, 0xf3, 0xf0, 0x32, 0x29, 0x6d, 0xfa,
+        0xfd, 0x76, 0x4f, 0x68, 0xc2, 0xc2, 0xe0, 0x6c,
+        0x47, 0xae, 0xc2, 0x55, 0x68, 0xac, 0x0d, 0x4d
+    };
+#endif
+
+    XMEMSET(&key, 0, sizeof(ed25519_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+#ifdef HAVE_ED25519_MAKE_KEY
+    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
+#else
+    ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, sizeof(privKey),
+        pubKey, sizeof(pubKey), &key, 1), 0);
+#endif
+
+    PRIVATE_KEY_UNLOCK();
+    ExpectIntEQ(wc_ed25519_export_public(&key, pub, &pubSz), 0);
+    ExpectIntEQ(pubSz, ED25519_KEY_SIZE);
+    ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_export_public(NULL, pub, &pubSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_public(&key, NULL, &pubSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_public(&key, pub, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, &privSz), 0);
+    ExpectIntEQ(privSz, ED25519_KEY_SIZE);
+    ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_export_private_only(NULL, priv, &privSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_private_only(&key, NULL, &privSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    PRIVATE_KEY_LOCK();
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed25519_export */
+
+/*
+ *  Testing wc_ed25519_size()
+ */
+int test_wc_ed25519_size(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED25519)
+    ed25519_key key;
+    WC_RNG      rng;
+#ifndef HAVE_ED25519_MAKE_KEY
+    const byte  privKey[] = {
+        0xf8, 0x55, 0xb7, 0xb6, 0x49, 0x3f, 0x99, 0x9c,
+        0x88, 0xe3, 0xc5, 0x42, 0x6a, 0xa4, 0x47, 0x4a,
+        0xe4, 0x95, 0xda, 0xdb, 0xbf, 0xf8, 0xa7, 0x42,
+        0x9d, 0x0e, 0xe7, 0xd0, 0x57, 0x8f, 0x16, 0x69
+    };
+    const byte  pubKey[] = {
+        0x42, 0x3b, 0x7a, 0xf9, 0x82, 0xcf, 0xf9, 0xdf,
+        0x19, 0xdd, 0xf3, 0xf0, 0x32, 0x29, 0x6d, 0xfa,
+        0xfd, 0x76, 0x4f, 0x68, 0xc2, 0xc2, 0xe0, 0x6c,
+        0x47, 0xae, 0xc2, 0x55, 0x68, 0xac, 0x0d, 0x4d
+    };
+#endif
+
+    XMEMSET(&key, 0, sizeof(ed25519_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+#ifdef HAVE_ED25519_MAKE_KEY
+    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
+#else
+    ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, sizeof(privKey),
+        pubKey, sizeof(pubKey), &key, 1), 0);
+#endif
+
+    ExpectIntEQ(wc_ed25519_size(&key), ED25519_KEY_SIZE);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ed25519_sig_size(&key), ED25519_SIG_SIZE);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_sig_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ed25519_pub_size(&key), ED25519_PUB_KEY_SIZE);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_pub_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ed25519_priv_size(&key), ED25519_PRV_KEY_SIZE);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_priv_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed25519_size */
+
+/*
+ * Testing wc_ed25519_export_private() and wc_ed25519_export_key()
+ */
+int test_wc_ed25519_exportKey(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
+    WC_RNG      rng;
+    ed25519_key key;
+    byte        priv[ED25519_PRV_KEY_SIZE];
+    byte        pub[ED25519_PUB_KEY_SIZE];
+    byte        privOnly[ED25519_PRV_KEY_SIZE];
+    word32      privSz      = sizeof(priv);
+    word32      pubSz       = sizeof(pub);
+    word32      privOnlySz  = sizeof(privOnly);
+#ifndef HAVE_ED25519_MAKE_KEY
+    const byte  privKey[] = {
+        0xf8, 0x55, 0xb7, 0xb6, 0x49, 0x3f, 0x99, 0x9c,
+        0x88, 0xe3, 0xc5, 0x42, 0x6a, 0xa4, 0x47, 0x4a,
+        0xe4, 0x95, 0xda, 0xdb, 0xbf, 0xf8, 0xa7, 0x42,
+        0x9d, 0x0e, 0xe7, 0xd0, 0x57, 0x8f, 0x16, 0x69
+    };
+    const byte  pubKey[] = {
+        0x42, 0x3b, 0x7a, 0xf9, 0x82, 0xcf, 0xf9, 0xdf,
+        0x19, 0xdd, 0xf3, 0xf0, 0x32, 0x29, 0x6d, 0xfa,
+        0xfd, 0x76, 0x4f, 0x68, 0xc2, 0xc2, 0xe0, 0x6c,
+        0x47, 0xae, 0xc2, 0x55, 0x68, 0xac, 0x0d, 0x4d
+    };
+#endif
+
+    XMEMSET(&key, 0, sizeof(ed25519_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed25519_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+#ifdef HAVE_ED25519_MAKE_KEY
+    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
+#else
+    ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, sizeof(privKey),
+        pubKey, sizeof(pubKey), &key, 1), 0);
+#endif
+
+    PRIVATE_KEY_UNLOCK();
+    ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, &privOnlySz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_export_private(NULL, privOnly, &privOnlySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_private(&key, NULL, &privOnlySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    PRIVATE_KEY_LOCK();
+
+    /* Cross check output. */
+    ExpectIntEQ(XMEMCMP(priv, privOnly, privSz), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed25519_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed25519_exportKey */
+
+/*
+ * Testing wc_Ed25519PublicKeyToDer
+ */
+int test_wc_Ed25519PublicKeyToDer(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
+    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
+    ed25519_key key;
+    byte        derBuf[1024];
+
+    XMEMSET(&key, 0, sizeof(ed25519_key));
+
+    /* Test bad args */
+    ExpectIntEQ(wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed25519_init(&key), 0);
+    ExpectIntEQ(wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    wc_ed25519_free(&key);
+
+    /*  Test good args */
+    if (EXPECT_SUCCESS()) {
+        WC_RNG rng;
+
+        XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+        ExpectIntEQ(wc_ed25519_init(&key), 0);
+        ExpectIntEQ(wc_InitRng(&rng), 0);
+        ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
+        /* length only */
+        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 0), 0);
+        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 1), 0);
+        ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, derBuf,
+                    (word32)sizeof(derBuf), 1), 0);
+
+        DoExpectIntEQ(wc_FreeRng(&rng), 0);
+        wc_ed25519_free(&key);
+    }
+#endif
+    return EXPECT_RESULT();
+} /* END testing wc_Ed25519PublicKeyToDer */
+
+/*
+ * Testing wc_Ed25519KeyToDer
+ */
+int test_wc_Ed25519KeyToDer(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
+    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
+    byte        output[ONEK_BUF];
+    ed25519_key ed25519Key;
+    WC_RNG      rng;
+    word32      inLen;
+
+    XMEMSET(&ed25519Key, 0, sizeof(ed25519_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed25519_init(&ed25519Key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key), 0);
+    inLen = (word32)sizeof(output);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_Ed25519KeyToDer(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed25519KeyToDer(NULL, output, inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    /* Good Cases */
+    /* length only */
+    ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, 0), 0);
+    ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen), 0);
+    ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, output, inLen), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed25519_free(&ed25519Key);
+#endif
+    return EXPECT_RESULT();
+} /* End test_wc_Ed25519KeyToDer*/
+
+/*
+ * Testing wc_Ed25519PrivateKeyToDer
+ */
+int test_wc_Ed25519PrivateKeyToDer(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
+    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
+    byte        output[ONEK_BUF];
+    ed25519_key ed25519PrivKey;
+    WC_RNG      rng;
+    word32      inLen;
+
+    XMEMSET(&ed25519PrivKey, 0, sizeof(ed25519_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed25519_init(&ed25519PrivKey), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519PrivKey),
+        0);
+    inLen = (word32)sizeof(output);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, output, inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    /* Good Cases */
+    /* length only */
+    ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, 0), 0);
+    ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed25519_free(&ed25519PrivKey);
+#endif
+    return EXPECT_RESULT();
+} /* End test_wc_Ed25519PrivateKeyToDer*/
+
diff --git a/tests/api/test_ed25519.h b/tests/api/test_ed25519.h
new file mode 100644
index 000000000..e46304101
--- /dev/null
+++ b/tests/api/test_ed25519.h
@@ -0,0 +1,52 @@
+/* test_ed25519.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_ED25519_H
+#define WOLFCRYPT_TEST_ED25519_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_ed25519_make_key(void);
+int test_wc_ed25519_init(void);
+int test_wc_ed25519_sign_msg(void);
+int test_wc_ed25519_import_public(void);
+int test_wc_ed25519_import_private_key(void);
+int test_wc_ed25519_export(void);
+int test_wc_ed25519_size(void);
+int test_wc_ed25519_exportKey(void);
+int test_wc_Ed25519PublicKeyToDer(void);
+int test_wc_Ed25519KeyToDer(void);
+int test_wc_Ed25519PrivateKeyToDer(void);
+
+#define TEST_ED25519_DECLS                                          \
+    TEST_DECL_GROUP("ed25519", test_wc_ed25519_make_key),           \
+    TEST_DECL_GROUP("ed25519", test_wc_ed25519_init),               \
+    TEST_DECL_GROUP("ed25519", test_wc_ed25519_sign_msg),           \
+    TEST_DECL_GROUP("ed25519", test_wc_ed25519_import_public),      \
+    TEST_DECL_GROUP("ed25519", test_wc_ed25519_import_private_key), \
+    TEST_DECL_GROUP("ed25519", test_wc_ed25519_export),             \
+    TEST_DECL_GROUP("ed25519", test_wc_ed25519_size),               \
+    TEST_DECL_GROUP("ed25519", test_wc_ed25519_exportKey),          \
+    TEST_DECL_GROUP("ed25519", test_wc_Ed25519PublicKeyToDer),      \
+    TEST_DECL_GROUP("ed25519", test_wc_Ed25519KeyToDer),            \
+    TEST_DECL_GROUP("ed25519", test_wc_Ed25519PrivateKeyToDer)
+
+#endif /* WOLFCRYPT_TEST_ED25519_H */
diff --git a/tests/api/test_ed448.c b/tests/api/test_ed448.c
new file mode 100644
index 000000000..87ec0e17d
--- /dev/null
+++ b/tests/api/test_ed448.c
@@ -0,0 +1,531 @@
+/* test_ed448.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/ed448.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ed448.h>
+
+
+/*
+ * Testing wc_ed448_make_key().
+ */
+int test_wc_ed448_make_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED448)
+    ed448_key     key;
+    WC_RNG        rng;
+    unsigned char pubkey[ED448_PUB_KEY_SIZE];
+
+    XMEMSET(&key, 0, sizeof(ed448_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed448_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectIntEQ(wc_ed448_make_public(&key, pubkey, sizeof(pubkey)),
+        WC_NO_ERR_TRACE(ECC_PRIV_KEY_E));
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed448_make_key */
+
+
+/*
+ * Testing wc_ed448_init()
+ */
+int test_wc_ed448_init(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED448)
+    ed448_key key;
+
+    XMEMSET(&key, 0, sizeof(ed448_key));
+
+    ExpectIntEQ(wc_ed448_init(&key), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_ed448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed448_init */
+
+/*
+ * Test wc_ed448_sign_msg() and wc_ed448_verify_msg()
+ */
+int test_wc_ed448_sign_msg(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN)
+    ed448_key key;
+    WC_RNG    rng;
+    byte      msg[] = "Everybody gets Friday off.\n";
+    byte      sig[ED448_SIG_SIZE];
+    word32    msglen = sizeof(msg);
+    word32    siglen = sizeof(sig);
+    word32    badSigLen = sizeof(sig) - 1;
+#ifdef HAVE_ED448_VERIFY
+    int       verify_ok = 0; /*1 = Verify success.*/
+#endif
+
+    /* Initialize stack variables. */
+    XMEMSET(&key, 0, sizeof(ed448_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(sig, 0, siglen);
+
+    /* Initialize key. */
+    ExpectIntEQ(wc_ed448_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
+
+    ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &siglen, &key, NULL, 0), 0);
+    ExpectIntEQ(siglen, ED448_SIG_SIZE);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key, NULL, 0),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    ExpectIntEQ(badSigLen, ED448_SIG_SIZE);
+    badSigLen--;
+
+#ifdef HAVE_ED448_VERIFY
+    ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key,
+        NULL, 0), 0);
+    ExpectIntEQ(verify_ok, 1);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg, msglen, &verify_ok,
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg, msglen, &verify_ok,
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, NULL, msglen, &verify_ok,
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, NULL,
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok,
+        NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_verify_msg(sig, badSigLen, msg, msglen, &verify_ok,
+        &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif /* Verify. */
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed448_sign_msg */
+
+/*
+ * Testing wc_ed448_import_public()
+ */
+int test_wc_ed448_import_public(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
+    ed448_key  pubKey;
+    WC_RNG     rng;
+    const byte in[] =
+                    "Ed448PublicKeyUnitTest.................................\n";
+    word32     inlen = sizeof(in);
+
+    XMEMSET(&pubKey, 0, sizeof(ed448_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed448_init(&pubKey), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &pubKey), 0);
+
+    ExpectIntEQ(wc_ed448_import_public_ex(in, inlen, &pubKey, 1), 0);
+    ExpectIntEQ(XMEMCMP(in, pubKey.p, inlen), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_import_public(NULL, inlen, &pubKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_import_public(in, inlen, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_import_public(in, inlen - 1, &pubKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed448_free(&pubKey);
+#endif
+    return EXPECT_RESULT();
+} /* END wc_ed448_import_public */
+
+/*
+ * Testing wc_ed448_import_private_key()
+ */
+int test_wc_ed448_import_private_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
+    ed448_key  key;
+    WC_RNG     rng;
+    const byte privKey[] =
+        "Ed448PrivateKeyUnitTest................................\n";
+    const byte pubKey[] =
+        "Ed448PublicKeyUnitTest.................................\n";
+    word32     privKeySz = sizeof(privKey);
+    word32     pubKeySz = sizeof(pubKey);
+#ifdef HAVE_ED448_KEY_EXPORT
+    byte       bothKeys[sizeof(privKey) + sizeof(pubKey)];
+    word32     bothKeysSz = sizeof(bothKeys);
+#endif
+
+    XMEMSET(&key, 0, sizeof(ed448_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed448_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
+
+    ExpectIntEQ(wc_ed448_import_private_key_ex(privKey, privKeySz, pubKey,
+        pubKeySz, &key, 1), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
+    ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
+
+#ifdef HAVE_ED448_KEY_EXPORT
+    PRIVATE_KEY_UNLOCK();
+    ExpectIntEQ(wc_ed448_export_private(&key, bothKeys, &bothKeysSz), 0);
+    PRIVATE_KEY_LOCK();
+    ExpectIntEQ(wc_ed448_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0,
+        &key, 1), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
+    ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
+#endif
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, NULL, pubKeySz,
+        &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, pubKey,
+        pubKeySz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey,
+        pubKeySz, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, pubKey,
+        pubKeySz - 1, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, NULL, 0, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed448_import_private_key */
+
+/*
+ * Testing wc_ed448_export_public() and wc_ed448_export_private_only()
+ */
+int test_wc_ed448_export(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
+    ed448_key key;
+    WC_RNG    rng;
+    byte      priv[ED448_PRV_KEY_SIZE];
+    byte      pub[ED448_PUB_KEY_SIZE];
+    word32    privSz = sizeof(priv);
+    word32    pubSz = sizeof(pub);
+
+    XMEMSET(&key, 0, sizeof(ed448_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed448_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
+
+    ExpectIntEQ(wc_ed448_export_public(&key, pub, &pubSz), 0);
+    ExpectIntEQ(pubSz, ED448_KEY_SIZE);
+    ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_export_public(NULL, pub, &pubSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_public(&key, NULL, &pubSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_public(&key, pub, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    PRIVATE_KEY_UNLOCK();
+    ExpectIntEQ(wc_ed448_export_private_only(&key, priv, &privSz), 0);
+    ExpectIntEQ(privSz, ED448_KEY_SIZE);
+    ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_export_private_only(NULL, priv, &privSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_private_only(&key, NULL, &privSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_private_only(&key, priv, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    PRIVATE_KEY_LOCK();
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed448_export */
+
+/*
+ *  Testing wc_ed448_size()
+ */
+int test_wc_ed448_size(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED448)
+    ed448_key key;
+    WC_RNG    rng;
+
+    XMEMSET(&key, 0, sizeof(ed448_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed448_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
+
+    ExpectIntEQ(wc_ed448_size(&key), ED448_KEY_SIZE);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ed448_sig_size(&key), ED448_SIG_SIZE);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_sig_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ed448_pub_size(&key), ED448_PUB_KEY_SIZE);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_pub_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ed448_priv_size(&key), ED448_PRV_KEY_SIZE);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_priv_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed448_size */
+
+/*
+ * Testing wc_ed448_export_private() and wc_ed448_export_key()
+ */
+int test_wc_ed448_exportKey(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
+    ed448_key key;
+    WC_RNG    rng;
+    byte      priv[ED448_PRV_KEY_SIZE];
+    byte      pub[ED448_PUB_KEY_SIZE];
+    byte      privOnly[ED448_PRV_KEY_SIZE];
+    word32    privSz      = sizeof(priv);
+    word32    pubSz       = sizeof(pub);
+    word32    privOnlySz  = sizeof(privOnly);
+
+    XMEMSET(&key, 0, sizeof(ed448_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed448_init(&key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
+
+    PRIVATE_KEY_UNLOCK();
+    ExpectIntEQ(wc_ed448_export_private(&key, privOnly, &privOnlySz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_export_private(NULL, privOnly, &privOnlySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_private(&key, NULL, &privOnlySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_private(&key, privOnly, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz), 0);
+    /* Test bad args. */
+    ExpectIntEQ(wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_key(&key, priv, NULL, pub, &pubSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    PRIVATE_KEY_LOCK();
+
+    /* Cross check output. */
+    ExpectIntEQ(XMEMCMP(priv, privOnly, privSz), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed448_free(&key);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ed448_exportKey */
+
+/*
+ * Testing wc_Ed448PublicKeyToDer
+ */
+int test_wc_Ed448PublicKeyToDer(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
+    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
+    ed448_key key;
+    byte      derBuf[1024];
+
+    XMEMSET(&key, 0, sizeof(ed448_key));
+
+    /* Test bad args */
+    ExpectIntEQ(wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ed448_init(&key), 0);
+    ExpectIntEQ(wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    wc_ed448_free(&key);
+
+    /*  Test good args */
+    if (EXPECT_SUCCESS()) {
+        WC_RNG rng;
+
+        XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+        ExpectIntEQ(wc_ed448_init(&key), 0);
+        ExpectIntEQ(wc_InitRng(&rng), 0);
+        ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
+        /* length only */
+        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 0), 0);
+        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 1), 0);
+        ExpectIntGT(wc_Ed448PublicKeyToDer(&key, derBuf,
+                    (word32)sizeof(derBuf), 1), 0);
+
+        DoExpectIntEQ(wc_FreeRng(&rng), 0);
+        wc_ed448_free(&key);
+    }
+#endif
+    return EXPECT_RESULT();
+} /* END testing wc_Ed448PublicKeyToDer */
+
+/*
+ * Testing wc_Ed448KeyToDer
+ */
+int test_wc_Ed448KeyToDer(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
+    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
+    byte      output[ONEK_BUF];
+    ed448_key ed448Key;
+    WC_RNG    rng;
+    word32    inLen;
+
+    XMEMSET(&ed448Key, 0, sizeof(ed448_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed448_init(&ed448Key), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key), 0);
+    inLen = (word32)sizeof(output);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_Ed448KeyToDer(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed448KeyToDer(NULL, output, inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    /* Good Cases */
+    /* length only */
+    ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, 0), 0);
+    ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, output, inLen), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed448_free(&ed448Key);
+#endif
+    return EXPECT_RESULT();
+} /* End test_wc_Ed448KeyToDer */
+
+/*
+ * Testing wc_Ed448PrivateKeyToDer
+ */
+int test_wc_Ed448PrivateKeyToDer(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
+    (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
+    byte      output[ONEK_BUF];
+    ed448_key ed448PrivKey;
+    WC_RNG    rng;
+    word32    inLen;
+
+    XMEMSET(&ed448PrivKey, 0, sizeof(ed448_key));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_ed448_init(&ed448PrivKey), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448PrivKey),
+        0);
+    inLen = (word32)sizeof(output);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, output, inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    /* Good cases */
+    /* length only */
+    ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, 0), 0);
+    ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen), 0);
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    wc_ed448_free(&ed448PrivKey);
+#endif
+    return EXPECT_RESULT();
+} /* End test_wc_Ed448PrivateKeyToDer */
+
diff --git a/tests/api/test_ed448.h b/tests/api/test_ed448.h
new file mode 100644
index 000000000..d066d5f4b
--- /dev/null
+++ b/tests/api/test_ed448.h
@@ -0,0 +1,52 @@
+/* test_ed448.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_ED448_H
+#define WOLFCRYPT_TEST_ED448_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_ed448_make_key(void);
+int test_wc_ed448_init(void);
+int test_wc_ed448_sign_msg(void);
+int test_wc_ed448_import_public(void);
+int test_wc_ed448_import_private_key(void);
+int test_wc_ed448_export(void);
+int test_wc_ed448_size(void);
+int test_wc_ed448_exportKey(void);
+int test_wc_Ed448PublicKeyToDer(void);
+int test_wc_Ed448KeyToDer(void);
+int test_wc_Ed448PrivateKeyToDer(void);
+
+#define TEST_ED448_DECLS                                          \
+    TEST_DECL_GROUP("ed448", test_wc_ed448_make_key),             \
+    TEST_DECL_GROUP("ed448", test_wc_ed448_init),                 \
+    TEST_DECL_GROUP("ed448", test_wc_ed448_sign_msg),             \
+    TEST_DECL_GROUP("ed448", test_wc_ed448_import_public),        \
+    TEST_DECL_GROUP("ed448", test_wc_ed448_import_private_key),   \
+    TEST_DECL_GROUP("ed448", test_wc_ed448_export),               \
+    TEST_DECL_GROUP("ed448", test_wc_ed448_size),                 \
+    TEST_DECL_GROUP("ed448", test_wc_ed448_exportKey),            \
+    TEST_DECL_GROUP("ed448", test_wc_Ed448PublicKeyToDer),        \
+    TEST_DECL_GROUP("ed448", test_wc_Ed448KeyToDer),              \
+    TEST_DECL_GROUP("ed448", test_wc_Ed448PrivateKeyToDer)
+
+#endif /* WOLFCRYPT_TEST_ED448_H */
diff --git a/tests/api/test_evp.c b/tests/api/test_evp.c
new file mode 100644
index 000000000..5010f678a
--- /dev/null
+++ b/tests/api/test_evp.c
@@ -0,0 +1,100 @@
+/* test_evp.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include <wolfssl/openssl/evp.h>
+#include <tests/api/test_evp.h>
+
+/* Test for NULL_CIPHER_TYPE in wolfSSL_EVP_CipherUpdate() */
+int test_wolfSSL_EVP_CipherUpdate_Null(void)
+{
+    EXPECT_DECLS;
+#ifdef OPENSSL_EXTRA
+    WOLFSSL_EVP_CIPHER_CTX* ctx;
+    const char* testData = "Test NULL cipher data";
+    unsigned char output[100];
+    int outputLen = 0;
+    int testDataLen = (int)XSTRLEN(testData);
+
+    /* Create and initialize the cipher context */
+    ctx = wolfSSL_EVP_CIPHER_CTX_new();
+    ExpectNotNull(ctx);
+
+    /* Initialize with NULL cipher */
+    ExpectIntEQ(wolfSSL_EVP_CipherInit_ex(ctx, wolfSSL_EVP_enc_null(),
+                                         NULL, NULL, NULL, 1), WOLFSSL_SUCCESS);
+
+    /* Test encryption (which should just copy the data) */
+    ExpectIntEQ(wolfSSL_EVP_CipherUpdate(ctx, output, &outputLen,
+                                        (const unsigned char*)testData,
+                                        testDataLen), WOLFSSL_SUCCESS);
+
+    /* Verify output length matches input length */
+    ExpectIntEQ(outputLen, testDataLen);
+
+    /* Verify output data matches input data (no encryption occurred) */
+    ExpectIntEQ(XMEMCMP(output, testData, testDataLen), 0);
+
+    /* Clean up */
+    wolfSSL_EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_EXTRA */
+
+    return EXPECT_RESULT();
+}
+
+/* Test for wolfSSL_EVP_CIPHER_type_string() */
+int test_wolfSSL_EVP_CIPHER_type_string(void)
+{
+    EXPECT_DECLS;
+#ifdef OPENSSL_EXTRA
+    const char* cipherStr;
+
+    /* Test with valid cipher types */
+#ifdef HAVE_AES_CBC
+    #ifdef WOLFSSL_AES_128
+    cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_AES_128_CBC_TYPE);
+    ExpectNotNull(cipherStr);
+    ExpectStrEQ(cipherStr, "AES-128-CBC");
+    #endif
+#endif
+
+#ifndef NO_DES3
+    cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_DES_CBC_TYPE);
+    ExpectNotNull(cipherStr);
+    ExpectStrEQ(cipherStr, "DES-CBC");
+#endif
+
+    /* Test with NULL cipher type */
+    cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_NULL_CIPHER_TYPE);
+    ExpectNotNull(cipherStr);
+    ExpectStrEQ(cipherStr, "NULL");
+
+    /* Test with invalid cipher type */
+    cipherStr = wolfSSL_EVP_CIPHER_type_string(0xFFFF);
+    ExpectNull(cipherStr);
+#endif /* OPENSSL_EXTRA */
+
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_evp.h b/tests/api/test_evp.h
new file mode 100644
index 000000000..839ce84e5
--- /dev/null
+++ b/tests/api/test_evp.h
@@ -0,0 +1,28 @@
+/* test_evp.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_TEST_EVP_H
+#define WOLFSSL_TEST_EVP_H
+
+int test_wolfSSL_EVP_CipherUpdate_Null(void);
+int test_wolfSSL_EVP_CIPHER_type_string(void);
+
+#endif /* WOLFSSL_TEST_EVP_H */
diff --git a/tests/api/test_hash.c b/tests/api/test_hash.c
new file mode 100644
index 000000000..42003e37d
--- /dev/null
+++ b/tests/api/test_hash.c
@@ -0,0 +1,816 @@
+/* test_hash.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_hash.h>
+#include <tests/api/test_digest.h>
+
+#ifndef NO_HASH_WRAPPER
+/* enum for holding supported algorithms, #ifndef's restrict if disabled */
+static const enum wc_HashType supportedHash[] = {
+#ifndef NO_MD5
+    WC_HASH_TYPE_MD5,
+#endif
+#ifndef NO_SHA
+    WC_HASH_TYPE_SHA,
+#endif
+#ifdef WOLFSSL_SHA224
+    WC_HASH_TYPE_SHA224,
+#endif
+#ifndef NO_SHA256
+    WC_HASH_TYPE_SHA256,
+#endif
+#ifdef WOLFSSL_SHA384
+    WC_HASH_TYPE_SHA384,
+#endif
+#ifdef WOLFSSL_SHA512
+    WC_HASH_TYPE_SHA512,
+#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+#ifndef WOLFSSL_NOSHA512_224
+    WC_HASH_TYPE_SHA512_224,
+#endif
+#ifndef WOLFSSL_NOSHA512_256
+    WC_HASH_TYPE_SHA512_256,
+#endif
+#endif
+#endif
+#ifdef WOLFSSL_SHA3
+    WC_HASH_TYPE_SHA3_224,
+    WC_HASH_TYPE_SHA3_256,
+    WC_HASH_TYPE_SHA3_384,
+    WC_HASH_TYPE_SHA3_512,
+#endif
+#ifdef WOLFSSL_SM3
+    WC_HASH_TYPE_SM3,
+#endif
+    WC_HASH_TYPE_NONE   /* Dummy value to ensure list is non-zero. */
+};
+static const int supportedHashLen = (sizeof(supportedHash) /
+                                     sizeof(enum wc_HashType)) - 1;
+
+static const enum wc_HashType notCompiledHash[] = {
+#ifdef NO_MD5
+    WC_HASH_TYPE_MD5,
+#endif
+#ifdef NO_SHA
+    WC_HASH_TYPE_SHA,
+#endif
+#ifndef WOLFSSL_SHA224
+    WC_HASH_TYPE_SHA224,
+#endif
+#ifdef NO_SHA256
+    WC_HASH_TYPE_SHA256,
+#endif
+#ifndef WOLFSSL_SHA384
+    WC_HASH_TYPE_SHA384,
+#endif
+#ifndef WOLFSSL_SHA512
+    WC_HASH_TYPE_SHA512,
+#endif
+#ifndef WOLFSSL_SHA3
+    WC_HASH_TYPE_SHA3_224,
+    WC_HASH_TYPE_SHA3_256,
+    WC_HASH_TYPE_SHA3_384,
+    WC_HASH_TYPE_SHA3_512,
+#endif
+    WC_HASH_TYPE_NONE   /* Dummy value to ensure list is non-zero. */
+};
+static const int notCompiledHashLen = (sizeof(notCompiledHash) /
+                                       sizeof(enum wc_HashType)) - 1;
+
+static const enum wc_HashType notSupportedHash[] = {
+#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
+    WC_HASH_TYPE_SHAKE128,
+#endif
+#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
+    WC_HASH_TYPE_SHAKE256,
+#endif
+    WC_HASH_TYPE_MD5_SHA,
+    WC_HASH_TYPE_MD2,
+    WC_HASH_TYPE_MD4,
+    WC_HASH_TYPE_BLAKE2B,
+    WC_HASH_TYPE_BLAKE2S,
+    WC_HASH_TYPE_NONE
+};
+static const int notSupportedHashLen = (sizeof(notSupportedHash) /
+                                        sizeof(enum wc_HashType));
+
+static const enum wc_HashType sizeSupportedHash[] = {
+#if !defined(NO_MD5) && !defined(NO_SHA)
+    WC_HASH_TYPE_MD5_SHA,
+#endif
+#ifdef WOLFSSL_MD2
+    WC_HASH_TYPE_MD2,
+#endif
+#ifndef NO_MD4
+    WC_HASH_TYPE_MD4,
+#endif
+#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
+    WC_HASH_TYPE_BLAKE2B,
+    WC_HASH_TYPE_BLAKE2S,
+#endif
+    WC_HASH_TYPE_NONE   /* Dummy value to ensure list is non-zero. */
+};
+static const int sizeSupportedHashLen = (sizeof(sizeSupportedHash) /
+                                         sizeof(enum wc_HashType)) - 1;
+static const enum wc_HashType sizeNotCompiledHash[] = {
+#if defined(NO_MD5) || defined(NO_SHA)
+    WC_HASH_TYPE_MD5_SHA,
+#endif
+#ifndef WOLFSSL_MD2
+    WC_HASH_TYPE_MD2,
+#endif
+#ifdef NO_MD4
+    WC_HASH_TYPE_MD4,
+#endif
+#if !defined(HAVE_BLAKE2) && !defined(HAVE_BLAKE2S)
+    WC_HASH_TYPE_BLAKE2B,
+    WC_HASH_TYPE_BLAKE2S,
+#endif
+    WC_HASH_TYPE_NONE   /* Dummy value to ensure list is non-zero. */
+};
+static const int sizeNotCompiledHashLen = (sizeof(sizeNotCompiledHash) /
+                                           sizeof(enum wc_HashType)) - 1;
+static const enum wc_HashType sizeNotSupportedHash[] = {
+#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
+    WC_HASH_TYPE_SHAKE128,
+#endif
+#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
+    WC_HASH_TYPE_SHAKE256,
+#endif
+    WC_HASH_TYPE_NONE
+};
+static const int sizeNotSupportedHashLen = (sizeof(sizeNotSupportedHash) /
+                                            sizeof(enum wc_HashType));
+#endif /* NO_HASH_WRAPPER */
+
+int test_wc_HashInit(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_HASH_WRAPPER
+    wc_HashAlg hash;
+    int i;  /* 0 indicates tests passed, 1 indicates failure */
+
+    /* For loop to test various arguments... */
+    for (i = 0; i < supportedHashLen; i++) {
+        /* check for null ptr */
+        ExpectIntEQ(wc_HashInit(NULL, supportedHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashInit_ex(NULL, supportedHash[i], HEAP_HINT,
+            INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        ExpectIntEQ(wc_HashInit(&hash, supportedHash[i]), 0);
+        wc_HashFree(&hash, supportedHash[i]);
+        ExpectIntEQ(wc_HashInit_ex(&hash, supportedHash[i], HEAP_HINT,
+            INVALID_DEVID), 0);
+        wc_HashFree(&hash, supportedHash[i]);
+
+        wc_HashFree(NULL,  supportedHash[i]);
+    }  /* end of for loop */
+
+    for (i = 0; i < notCompiledHashLen; i++) {
+        /* check for null ptr */
+        ExpectIntEQ(wc_HashInit(NULL, notCompiledHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashInit_ex(NULL, notCompiledHash[i], HEAP_HINT,
+            INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        ExpectIntEQ(wc_HashInit(&hash, notCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+        ExpectIntEQ(wc_HashInit_ex(&hash, notCompiledHash[i], HEAP_HINT,
+            INVALID_DEVID), WC_NO_ERR_TRACE(HASH_TYPE_E));
+
+        wc_HashFree(NULL,  notCompiledHash[i]);
+    }
+
+    for (i = 0; i < notSupportedHashLen; i++) {
+        /* check for null ptr */
+        ExpectIntEQ(wc_HashInit(NULL, supportedHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashInit_ex(NULL, supportedHash[i], HEAP_HINT,
+            INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        wc_HashFree(&hash, notSupportedHash[i]);
+        ExpectIntEQ(wc_HashInit_ex(&hash, notSupportedHash[i], HEAP_HINT,
+            INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        wc_HashFree(&hash,  notSupportedHash[i]);
+
+        wc_HashFree(NULL,  notSupportedHash[i]);
+    }  /* end of for loop */
+
+#endif
+    return EXPECT_RESULT();
+}  /* end of test_wc_HashInit */
+
+int test_wc_HashUpdate(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_HASH_WRAPPER
+    wc_HashAlg hash;
+    int i;  /* 0 indicates tests passed, 1 indicates failure */
+
+    for (i = 0; i < supportedHashLen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, supportedHash[i]), 0);
+
+        /* Invalid parameters */
+        ExpectIntEQ(wc_HashUpdate(NULL, supportedHash[i], NULL, 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashUpdate(&hash, supportedHash[i], NULL, 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashUpdate(NULL, supportedHash[i], NULL, 0),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashUpdate(NULL, supportedHash[i], (byte*)"a", 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        ExpectIntEQ(wc_HashUpdate(&hash, supportedHash[i], NULL, 0), 0);
+        ExpectIntEQ(wc_HashUpdate(&hash, supportedHash[i], (byte*)"a", 1), 0);
+
+        wc_HashFree(&hash, supportedHash[i]);
+    }
+
+    for (i = 0; i < notCompiledHashLen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, notCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+
+        /* Invalid parameters */
+        ExpectIntEQ(wc_HashUpdate(NULL, notCompiledHash[i], NULL, 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashUpdate(&hash, notCompiledHash[i], NULL, 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashUpdate(NULL, notCompiledHash[i], NULL, 0),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashUpdate(NULL, notCompiledHash[i], (byte*)"a", 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        ExpectIntEQ(wc_HashUpdate(&hash, notCompiledHash[i], NULL, 0),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+        ExpectIntEQ(wc_HashUpdate(&hash, notCompiledHash[i], (byte*)"a", 1),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+
+        wc_HashFree(&hash, notCompiledHash[i]);
+    }
+
+    for (i = 0; i < notSupportedHashLen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        /* Invalid parameters */
+        ExpectIntEQ(wc_HashUpdate(NULL, notSupportedHash[i], NULL, 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashUpdate(&hash, notSupportedHash[i], NULL, 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashUpdate(NULL, notSupportedHash[i], NULL, 0),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashUpdate(NULL, notSupportedHash[i], (byte*)"a", 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        ExpectIntEQ(wc_HashUpdate(&hash, notSupportedHash[i], NULL, 0),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashUpdate(&hash, notSupportedHash[i], (byte*)"a", 1),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        wc_HashFree(&hash, notSupportedHash[i]);
+    }
+
+#if defined(DEBUG_WOLFSSL) && !defined(NO_SHA256) && defined(WOLFSSL_SHA512)
+    ExpectIntEQ(wc_HashInit(&hash, WC_HASH_TYPE_SHA256), 0);
+    ExpectIntEQ(wc_HashUpdate(&hash, WC_HASH_TYPE_SHA512, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HashUpdate(&hash, WC_HASH_TYPE_SHA512, (byte*)"a", 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_HashFinal(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_HASH_WRAPPER
+    wc_HashAlg hash;
+    byte digest[WC_MAX_DIGEST_SIZE];
+    int i;  /* 0 indicates tests passed, 1 indicates failure */
+
+    for (i = 0; i < supportedHashLen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, supportedHash[i]), 0);
+
+        /* Invalid parameters */
+        ExpectIntEQ(wc_HashFinal(NULL, supportedHash[i], NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashFinal(&hash, supportedHash[i], NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashFinal(NULL, supportedHash[i], digest),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        ExpectIntEQ(wc_HashFinal(&hash, supportedHash[i], digest), 0);
+
+        wc_HashFree(&hash, supportedHash[i]);
+    }
+
+    for (i = 0; i < notCompiledHashLen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, notCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+
+        /* Invalid parameters */
+        ExpectIntEQ(wc_HashFinal(NULL, notCompiledHash[i], NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashFinal(&hash, notCompiledHash[i], NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashFinal(NULL, notCompiledHash[i], digest),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        ExpectIntEQ(wc_HashFinal(&hash, notCompiledHash[i], digest),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+
+        wc_HashFree(&hash, notCompiledHash[i]);
+    }
+
+    for (i = 0; i < notSupportedHashLen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        /* Invalid parameters */
+        ExpectIntEQ(wc_HashFinal(NULL, notSupportedHash[i], NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashFinal(&hash, notSupportedHash[i], NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashFinal(NULL, notSupportedHash[i], digest),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        ExpectIntEQ(wc_HashFinal(&hash, notSupportedHash[i], digest),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        wc_HashFree(&hash, notSupportedHash[i]);
+    }
+#if defined(DEBUG_WOLFSSL) && !defined(NO_SHA256) && defined(WOLFSSL_SHA512)
+    ExpectIntEQ(wc_HashInit(&hash, WC_HASH_TYPE_SHA256), 0);
+    ExpectIntEQ(wc_HashFinal(&hash, WC_HASH_TYPE_SHA512, digest),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_HashNewDelete(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HASH_WRAPPER) && !defined(WC_NO_CONSTRUCTORS)
+    wc_HashAlg* hash;
+    byte digest[WC_MAX_DIGEST_SIZE];
+    int ret;
+    int i;
+
+    for (i = 0; i < supportedHashLen; i++) {
+         ExpectNotNull(hash = wc_HashNew(supportedHash[i], HEAP_HINT,
+             INVALID_DEVID, &ret));
+         ExpectIntEQ(ret, 0);
+
+         ExpectIntEQ(wc_HashUpdate(hash, supportedHash[i], (byte*)"a", 1), 0);
+         ExpectIntEQ(wc_HashFinal(hash, supportedHash[i], digest), 0);
+
+         ExpectIntEQ(wc_HashDelete(hash, &hash), 0);
+         ExpectNull(hash);
+
+         ExpectNotNull(hash = wc_HashNew(supportedHash[i], HEAP_HINT,
+             INVALID_DEVID, &ret));
+         ExpectIntEQ(ret, 0);
+         ExpectIntEQ(wc_HashDelete(hash, NULL), 0);
+
+         ExpectIntEQ(wc_HashDelete(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+
+    for (i = 0; i < notCompiledHashLen; i++) {
+         ExpectNull(wc_HashNew(notCompiledHash[i], HEAP_HINT, INVALID_DEVID,
+             &ret));
+         ExpectIntEQ(ret, WC_NO_ERR_TRACE(HASH_TYPE_E));
+    }
+
+    for (i = 0; i < notSupportedHashLen; i++) {
+         ExpectNull(wc_HashNew(notSupportedHash[i], HEAP_HINT, INVALID_DEVID,
+             &ret));
+         ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_HashGetDigestSize(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_HASH_WRAPPER
+    int i;
+
+    for (i = 0; i < supportedHashLen; i++) {
+        ExpectIntGT(wc_HashGetDigestSize(supportedHash[i]), 0);
+    }
+    for (i = 0; i < sizeSupportedHashLen; i++) {
+        ExpectIntGT(wc_HashGetDigestSize(sizeSupportedHash[i]), 0);
+    }
+
+    for (i = 0; i < notCompiledHashLen; i++) {
+        ExpectIntEQ(wc_HashGetDigestSize(notCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+    }
+    for (i = 0; i < sizeNotCompiledHashLen; i++) {
+        ExpectIntEQ(wc_HashGetDigestSize(sizeNotCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+    }
+
+    for (i = 0; i < sizeNotSupportedHashLen; i++) {
+        ExpectIntEQ(wc_HashGetDigestSize(sizeNotSupportedHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_HashGetBlockSize(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_HASH_WRAPPER
+    int i;
+
+    for (i = 0; i < supportedHashLen; i++) {
+        ExpectIntGT(wc_HashGetBlockSize(supportedHash[i]), 0);
+    }
+    for (i = 0; i < sizeSupportedHashLen; i++) {
+        ExpectIntGT(wc_HashGetBlockSize(sizeSupportedHash[i]), 0);
+    }
+
+    for (i = 0; i < notCompiledHashLen; i++) {
+        ExpectIntEQ(wc_HashGetBlockSize(notCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+    }
+    for (i = 0; i < sizeNotCompiledHashLen; i++) {
+        ExpectIntEQ(wc_HashGetBlockSize(sizeNotCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+    }
+
+    for (i = 0; i < sizeNotSupportedHashLen; i++) {
+        ExpectIntEQ(wc_HashGetBlockSize(sizeNotSupportedHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Hash(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HASH_WRAPPER) && !defined(WC_NO_CONSTRUCTORS)
+    byte digest[WC_MAX_DIGEST_SIZE];
+    int i;
+
+    for (i = 0; i < supportedHashLen; i++) {
+        ExpectIntEQ(wc_Hash(supportedHash[i], (byte*)"a", 1,
+            digest, sizeof(digest)), 0);
+        ExpectIntEQ(wc_Hash_ex(supportedHash[i], (byte*)"a", 1,
+            digest, sizeof(digest), HEAP_HINT, INVALID_DEVID), 0);
+    }
+#if !defined(NO_MD5) && !defined(NO_SHA)
+    ExpectIntEQ(wc_Hash(WC_HASH_TYPE_MD5_SHA, (byte*)"a", 1,
+        digest, sizeof(digest)), 0);
+    ExpectIntEQ(wc_Hash_ex(WC_HASH_TYPE_MD5_SHA, (byte*)"a", 1,
+        digest, sizeof(digest), HEAP_HINT, INVALID_DEVID), 0);
+#endif
+
+    for (i = 0; i < notCompiledHashLen; i++) {
+        ExpectIntEQ(wc_Hash(notCompiledHash[i], (byte*)"a", 1,
+            digest, sizeof(digest)), WC_NO_ERR_TRACE(HASH_TYPE_E));
+        ExpectIntEQ(wc_Hash_ex(notCompiledHash[i], (byte*)"a", 1,
+            digest, sizeof(digest), HEAP_HINT, INVALID_DEVID),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+    }
+    for (i = 0; i < sizeNotCompiledHashLen; i++) {
+        ExpectIntEQ(wc_Hash(sizeNotCompiledHash[i], (byte*)"a", 1,
+            digest, sizeof(digest)), WC_NO_ERR_TRACE(HASH_TYPE_E));
+        ExpectIntEQ(wc_Hash_ex(sizeNotCompiledHash[i], (byte*)"a", 1,
+            digest, sizeof(digest), HEAP_HINT, INVALID_DEVID),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+    }
+
+    for (i = 0; i < sizeNotSupportedHashLen; i++) {
+        if (notSupportedHash[i] == WC_HASH_TYPE_MD5_SHA) {
+            /* Algorithm only supported with wc_Hash() and wc_Hash_ex(). */
+            continue;
+        }
+        ExpectIntEQ(wc_Hash(sizeNotSupportedHash[i], (byte*)"a", 1,
+            digest, sizeof(digest)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_Hash_ex(sizeNotSupportedHash[i], (byte*)"a", 1,
+            digest, sizeof(digest), HEAP_HINT, INVALID_DEVID),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+
+/*
+ * Unit test function for wc_HashSetFlags()
+ */
+int test_wc_HashSetFlags(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HASH_WRAPPER) && defined(WOLFSSL_HASH_FLAGS)
+    wc_HashAlg hash;
+    word32 flags = 0;
+    int i;
+
+
+    /* For loop to test various arguments... */
+    for (i = 0; i < supportedHashLen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, supportedHash[i]), 0);
+        ExpectIntEQ(wc_HashSetFlags(&hash, supportedHash[i], flags), 0);
+        ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
+        ExpectIntEQ(wc_HashSetFlags(NULL, supportedHash[i], flags),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        wc_HashFree(&hash, supportedHash[i]);
+
+    }
+
+    for (i = 0; i < notCompiledHashLen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, notCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+        ExpectIntEQ(wc_HashSetFlags(&hash, notCompiledHash[i], flags),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+        ExpectIntEQ(wc_HashFree(&hash, notCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+    }
+
+    /* For loop to test not supported cases */
+    for (i = 0; i < notSupportedHashLen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashSetFlags(&hash, notSupportedHash[i], flags),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashFree(&hash, notSupportedHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+#endif
+    return EXPECT_RESULT();
+}  /* END test_wc_HashSetFlags */
+
+/*
+ * Unit test function for wc_HashGetFlags()
+ */
+int test_wc_HashGetFlags(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HASH_WRAPPER) && defined(WOLFSSL_HASH_FLAGS)
+    wc_HashAlg hash;
+    word32 flags = 0;
+    int i;
+
+    /* For loop to test various arguments... */
+    for (i = 0; i < supportedHashLen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, supportedHash[i]), 0);
+        ExpectIntEQ(wc_HashGetFlags(&hash, supportedHash[i], &flags), 0);
+        ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
+        ExpectIntEQ(wc_HashGetFlags(NULL, supportedHash[i], &flags),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        wc_HashFree(&hash, supportedHash[i]);
+    }
+
+    for (i = 0; i < notCompiledHashLen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, notCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+        ExpectIntEQ(wc_HashGetFlags(&hash, notCompiledHash[i], &flags),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+        ExpectIntEQ(wc_HashFree(&hash, notCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+    }
+
+    /* For loop to test not supported cases */
+    for (i = 0; i < notSupportedHashLen; i++) {
+        ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashGetFlags(&hash, notSupportedHash[i], &flags),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_HashFree(&hash, notSupportedHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+#endif
+    return EXPECT_RESULT();
+}  /* END test_wc_HashGetFlags */
+
+int test_wc_Hash_Algs(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_HASH_WRAPPER
+#ifndef NO_MD5
+    DIGEST_HASH_TEST(Md5, MD5);
+#endif
+#ifndef NO_SHA
+    DIGEST_HASH_TEST(Sha, SHA);
+#endif
+#ifdef WOLFSSL_SHA224
+    DIGEST_HASH_TEST(Sha224, SHA224);
+#endif
+#ifndef NO_SHA256
+    DIGEST_HASH_TEST(Sha256, SHA256);
+#endif
+#ifdef WOLFSSL_SHA384
+    DIGEST_HASH_TEST(Sha384, SHA384);
+#endif
+#ifdef WOLFSSL_SHA512
+    DIGEST_HASH_TEST(Sha512, SHA512);
+#ifndef WOLFSSL_NOSHA512_224
+    DIGEST_HASH_TEST(Sha512_224, SHA512_224);
+#endif
+#ifndef WOLFSSL_NOSHA512_256
+    DIGEST_HASH_TEST(Sha512_256, SHA512_256);
+#endif
+#endif /* WOLFSSL_SHA512 */
+#ifdef WOLFSSL_SHA3
+    DIGEST_COUNT_HASH_TEST(Sha3_224, SHA3_224);
+    DIGEST_COUNT_HASH_TEST(Sha3_256, SHA3_256);
+    DIGEST_COUNT_HASH_TEST(Sha3_384, SHA3_384);
+    DIGEST_COUNT_HASH_TEST(Sha3_512, SHA3_512);
+#endif
+#ifdef WOLFSSL_SM3
+    DIGEST_HASH_TEST(Sm3, SM3);
+#endif
+#endif /* !NO_HASH_WRAPPER */
+    return EXPECT_RESULT();
+}
+
+int test_wc_HashGetOID(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HASH_WRAPPER) && (!defined(NO_ASN) || !defined(NO_DH) || \
+                                  defined(HAVE_ECC))
+    static const enum wc_HashType oidOnlySupportedHash[] = {
+    #ifdef WOLFSSL_MD2
+        WC_HASH_TYPE_MD2,
+    #endif
+    #ifndef NO_MD5
+        WC_HASH_TYPE_MD5_SHA,
+    #endif
+        WC_HASH_TYPE_NONE   /* Dummy value to ensure list is non-zero. */
+    };
+    static const int oidOnlySupportedHashLen = (sizeof(oidOnlySupportedHash) /
+                                                sizeof(enum wc_HashType)) - 1;
+    static const enum wc_HashType oidOnlyNotCompiledHash[] = {
+    #ifndef WOLFSSL_MD2
+        WC_HASH_TYPE_MD2,
+    #endif
+    #ifdef NO_MD5
+        WC_HASH_TYPE_MD5_SHA,
+    #endif
+        WC_HASH_TYPE_NONE   /* Dummy value to ensure list is non-zero. */
+    };
+    static const int oidOnlyNotCompiledHashLen =
+        (sizeof(oidOnlyNotCompiledHash) / sizeof(enum wc_HashType)) - 1;
+    static const enum wc_HashType oidNotSupportedHash[] = {
+        WC_HASH_TYPE_MD4,
+        WC_HASH_TYPE_BLAKE2B,
+        WC_HASH_TYPE_BLAKE2S,
+        WC_HASH_TYPE_NONE
+    };
+    static const int oidNotSupportedHashLen = (sizeof(oidNotSupportedHash) /
+                                               sizeof(enum wc_HashType));
+    int i;
+
+    for (i = 0; i < supportedHashLen; i++) {
+        ExpectIntGT(wc_HashGetOID(supportedHash[i]), 0);
+    }
+    for (i = 0; i < oidOnlySupportedHashLen; i++) {
+        ExpectIntGT(wc_HashGetOID(oidOnlySupportedHash[i]), 0);
+    }
+
+    for (i = 0; i < notCompiledHashLen; i++) {
+        ExpectIntEQ(wc_HashGetOID(notCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+    }
+    for (i = 0; i < oidOnlyNotCompiledHashLen; i++) {
+        ExpectIntEQ(wc_HashGetOID(oidOnlyNotCompiledHash[i]),
+            WC_NO_ERR_TRACE(HASH_TYPE_E));
+    }
+
+    for (i = 0; i < oidNotSupportedHashLen; i++) {
+        ExpectIntEQ(wc_HashGetOID(oidNotSupportedHash[i]),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_OidGetHash(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HASH_WRAPPER) && !defined(NO_ASN)
+    static const int sumSupportedHash[] = {
+    #ifdef WOLFSSL_MD2
+        MD2h,
+    #endif
+    #ifndef NO_MD5
+        MD5h,
+    #endif
+    #ifndef NO_SHA
+        SHAh,
+    #endif
+    #ifdef WOLFSSL_SHA224
+        SHA224h,
+    #endif
+    #ifndef NO_SHA256
+        SHA256h,
+    #endif
+    #ifdef WOLFSSL_SHA384
+        SHA384h,
+    #endif
+    #ifdef WOLFSSL_SHA512
+        SHA512h,
+    #endif
+    #ifdef WOLFSSL_SHA3
+        SHA3_224h,
+        SHA3_256h,
+        SHA3_384h,
+        SHA3_512h,
+    #endif
+    #ifdef WOLFSSL_SM3
+        SM3h,
+    #endif
+        0   /* Dummy value to ensure list is non-zero. */
+    };
+    static const int sumSupportedHashLen = (sizeof(sumSupportedHash) /
+                                            sizeof(enum wc_HashType)) - 1;
+    static const int sumNotSupportedHash[] = {
+        MD4h,
+    #ifdef NO_MD5
+        MD5h,
+    #endif
+    #ifdef NO_SHA
+        SHAh,
+    #endif
+    #ifndef WOLFSSL_SHA224
+        SHA224h,
+    #endif
+    #ifdef NO_SHA256
+        SHA256h,
+    #endif
+    #ifndef WOLFSSL_SHA384
+        SHA384h,
+    #endif
+    #ifndef WOLFSSL_SHA512
+        SHA512h,
+    #endif
+    #ifndef WOLFSSL_SHA3
+        SHA3_224h,
+        SHA3_256h,
+        SHA3_384h,
+        SHA3_512h,
+    #endif
+    #ifndef WOLFSSL_SM3
+        SM3h,
+    #endif
+        0
+    };
+    static const int sumNotSupportedHashLen = (sizeof(sumNotSupportedHash) /
+                                               sizeof(enum wc_HashType));
+    int i;
+    enum wc_HashType hash;
+
+    for (i = 0; i < sumSupportedHashLen; i++) {
+        hash = wc_OidGetHash(sumSupportedHash[i]);
+        ExpectTrue(hash != WC_HASH_TYPE_NONE);
+    }
+
+    for (i = 0; i < sumNotSupportedHashLen; i++) {
+        hash = wc_OidGetHash(sumNotSupportedHash[i]);
+        ExpectTrue(hash == WC_HASH_TYPE_NONE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_hash.h b/tests/api/test_hash.h
new file mode 100644
index 000000000..6df61b3e8
--- /dev/null
+++ b/tests/api/test_hash.h
@@ -0,0 +1,54 @@
+/* test_hash.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_HASH_H
+#define WOLFCRYPT_TEST_HASH_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_HashInit(void);
+int test_wc_HashUpdate(void);
+int test_wc_HashFinal(void);
+int test_wc_HashNewDelete(void);
+int test_wc_HashGetDigestSize(void);
+int test_wc_HashGetBlockSize(void);
+int test_wc_Hash(void);
+int test_wc_HashSetFlags(void);
+int test_wc_HashGetFlags(void);
+int test_wc_Hash_Algs(void);
+int test_wc_HashGetOID(void);
+int test_wc_OidGetHash(void);
+
+#define TEST_HASH_DECLS                                 \
+    TEST_DECL_GROUP("hash", test_wc_HashInit),          \
+    TEST_DECL_GROUP("hash", test_wc_HashUpdate),        \
+    TEST_DECL_GROUP("hash", test_wc_HashFinal),         \
+    TEST_DECL_GROUP("hash", test_wc_HashNewDelete),     \
+    TEST_DECL_GROUP("hash", test_wc_HashGetDigestSize), \
+    TEST_DECL_GROUP("hash", test_wc_HashGetBlockSize),  \
+    TEST_DECL_GROUP("hash", test_wc_Hash),              \
+    TEST_DECL_GROUP("hash", test_wc_HashSetFlags),      \
+    TEST_DECL_GROUP("hash", test_wc_HashGetFlags),      \
+    TEST_DECL_GROUP("hash", test_wc_Hash_Algs),         \
+    TEST_DECL_GROUP("hash", test_wc_HashGetOID),        \
+    TEST_DECL_GROUP("hash", test_wc_OidGetHash)
+
+#endif /* WOLFCRYPT_TEST_HASH_H */
diff --git a/tests/api/test_hmac.c b/tests/api/test_hmac.c
new file mode 100644
index 000000000..5551c5293
--- /dev/null
+++ b/tests/api/test_hmac.c
@@ -0,0 +1,683 @@
+/* test_cmac.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/hmac.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_hmac.h>
+
+/*
+ * Test function for wc_HmacSetKey
+ */
+int test_wc_Md5HmacSetKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_MD5)
+    Hmac hmac;
+    int ret, times, itr;
+
+    const char* keys[]=
+    {
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+#ifndef HAVE_FIPS
+        "Jefe", /* smaller than minimum FIPS key size */
+#endif
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+    };
+    times = sizeof(keys) / sizeof(char*);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+
+    for (itr = 0; itr < times; itr++) {
+        ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr],
+            (word32)XSTRLEN(keys[itr]));
+#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
+        wc_HmacFree(&hmac);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
+        ExpectIntEQ(ret, 0);
+#endif
+    }
+
+    /* Bad args. */
+    ExpectIntEQ(wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0])),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0);
+#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#elif defined(HAVE_FIPS)
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
+#else
+    ExpectIntEQ(ret, 0);
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Md5HmacSetKey */
+
+/*
+ * testing wc_HmacSetKey() on wc_Sha hash.
+ */
+int test_wc_ShaHmacSetKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_SHA)
+    Hmac hmac;
+    int ret, times, itr;
+
+    const char* keys[]=
+    {
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b",
+#ifndef HAVE_FIPS
+        "Jefe", /* smaller than minimum FIPS key size */
+#endif
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+                                                                "\xAA\xAA\xAA"
+    };
+
+    times = sizeof(keys) / sizeof(char*);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+
+    for (itr = 0; itr < times; itr++) {
+        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr],
+            (word32)XSTRLEN(keys[itr])), 0);
+    }
+
+    /* Bad args. */
+    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0])),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0);
+#ifdef HAVE_FIPS
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
+#else
+    ExpectIntEQ(ret, 0);
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaHmacSetKey() */
+
+/*
+ * testing wc_HmacSetKey() on Sha224 hash.
+ */
+int test_wc_Sha224HmacSetKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
+    Hmac hmac;
+    int ret, times, itr;
+
+    const char* keys[]=
+    {
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b",
+#ifndef HAVE_FIPS
+        "Jefe", /* smaller than minimum FIPS key size */
+#endif
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+                                                                "\xAA\xAA\xAA"
+    };
+    times = sizeof(keys) / sizeof(char*);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+
+    for (itr = 0; itr < times; itr++) {
+        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr],
+            (word32)XSTRLEN(keys[itr])), 0);
+    }
+
+    /* Bad args. */
+    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0])),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0);
+#ifdef HAVE_FIPS
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
+#else
+    ExpectIntEQ(ret, 0);
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224HmacSetKey() */
+
+ /*
+  * testing wc_HmacSetKey() on Sha256 hash
+  */
+int test_wc_Sha256HmacSetKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_SHA256)
+    Hmac hmac;
+    int ret, times, itr;
+
+    const char* keys[]=
+    {
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b",
+#ifndef HAVE_FIPS
+        "Jefe", /* smaller than minimum FIPS key size */
+#endif
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+                                                                "\xAA\xAA\xAA"
+    };
+    times = sizeof(keys) / sizeof(char*);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+
+    for (itr = 0; itr < times; itr++) {
+        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr],
+            (word32)XSTRLEN(keys[itr])), 0);
+    }
+
+    /* Bad args. */
+    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0])),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0);
+#ifdef HAVE_FIPS
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
+#else
+    ExpectIntEQ(ret, 0);
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256HmacSetKey() */
+
+/*
+ * testing wc_HmacSetKey on Sha384 hash.
+ */
+int test_wc_Sha384HmacSetKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+    Hmac hmac;
+    int ret, times, itr;
+
+    const char* keys[]=
+    {
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b",
+#ifndef HAVE_FIPS
+        "Jefe", /* smaller than minimum FIPS key size */
+#endif
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+                                                                "\xAA\xAA\xAA"
+    };
+    times = sizeof(keys) / sizeof(char*);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+
+    for (itr = 0; itr < times; itr++) {
+        ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr],
+            (word32)XSTRLEN(keys[itr])), 0);
+    }
+
+    /* Bad args. */
+    ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0])),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
+        (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0);
+#ifdef HAVE_FIPS
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E));
+#else
+    ExpectIntEQ(ret, 0);
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384HmacSetKey() */
+
+/*
+ * testing wc_HmacUpdate on wc_Md5 hash.
+ */
+int test_wc_Md5HmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION >= 5))
+    Hmac hmac;
+    testVector a, b;
+#ifdef HAVE_FIPS
+    const char* keys =
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+#else
+    const char* keys = "Jefe";
+#endif
+
+    a.input = "what do ya want for nothing?";
+    a.inLen  = XSTRLEN(a.input);
+    b.input = "Hi There";
+    b.inLen = XSTRLEN(b.input);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys,
+        (word32)XSTRLEN(keys)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
+    /* Update Hmac. */
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Md5HmacUpdate */
+
+/*
+ * testing wc_HmacUpdate on SHA hash.
+ */
+int test_wc_ShaHmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_SHA)
+    Hmac hmac;
+    testVector a, b;
+#ifdef HAVE_FIPS
+    const char* keys =
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+#else
+    const char* keys = "Jefe";
+#endif
+
+    a.input = "what do ya want for nothing?";
+    a.inLen  = XSTRLEN(a.input);
+    b.input = "Hi There";
+    b.inLen = XSTRLEN(b.input);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys,
+        (word32)XSTRLEN(keys)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
+    /* Update Hmac. */
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaHmacUpdate */
+
+/*
+ * testing wc_HmacUpdate on SHA224 hash.
+ */
+int test_wc_Sha224HmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
+    Hmac hmac;
+    testVector a, b;
+#ifdef HAVE_FIPS
+    const char* keys =
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+#else
+    const char* keys = "Jefe";
+#endif
+
+    a.input = "what do ya want for nothing?";
+    a.inLen  = XSTRLEN(a.input);
+    b.input = "Hi There";
+    b.inLen = XSTRLEN(b.input);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys,
+        (word32)XSTRLEN(keys)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
+    /* Update Hmac. */
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224HmacUpdate */
+
+/*
+ * testing wc_HmacUpdate on SHA256 hash.
+ */
+int test_wc_Sha256HmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_SHA256)
+    Hmac hmac;
+    testVector a, b;
+#ifdef HAVE_FIPS
+    const char* keys =
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+#else
+    const char* keys = "Jefe";
+#endif
+
+    a.input = "what do ya want for nothing?";
+    a.inLen  = XSTRLEN(a.input);
+    b.input = "Hi There";
+    b.inLen = XSTRLEN(b.input);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys,
+        (word32)XSTRLEN(keys)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
+    /* Update Hmac. */
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256HmacUpdate */
+
+/*
+ * testing wc_HmacUpdate on SHA384  hash.
+ */
+int test_wc_Sha384HmacUpdate(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+    Hmac hmac;
+    testVector a, b;
+#ifdef HAVE_FIPS
+    const char* keys =
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+#else
+    const char* keys = "Jefe";
+#endif
+
+    a.input = "what do ya want for nothing?";
+    a.inLen  = XSTRLEN(a.input);
+    b.input = "Hi There";
+    b.inLen = XSTRLEN(b.input);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys,
+        (word32)XSTRLEN(keys)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
+    /* Update Hmac. */
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384HmacUpdate */
+
+/*
+ * Testing wc_HmacFinal() with MD5
+ */
+
+int test_wc_Md5HmacFinal(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION >= 5))
+    Hmac hmac;
+    byte hash[WC_MD5_DIGEST_SIZE];
+    testVector a;
+    const char* key;
+
+    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+    a.input = "Hi There";
+    a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
+               "\x9d";
+    a.inLen  = XSTRLEN(a.input);
+    a.outLen = XSTRLEN(a.output);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key)),
+        0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
+    ExpectIntEQ(XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE), 0);
+
+    /* Try bad parameters. */
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef HAVE_FIPS
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Md5HmacFinal */
+
+/*
+ * Testing wc_HmacFinal() with SHA
+ */
+int test_wc_ShaHmacFinal(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_SHA)
+    Hmac hmac;
+    byte hash[WC_SHA_DIGEST_SIZE];
+    testVector a;
+    const char* key;
+
+    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b";
+    a.input = "Hi There";
+    a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
+               "\x8e\xf1\x46\xbe\x00";
+    a.inLen  = XSTRLEN(a.input);
+    a.outLen = XSTRLEN(a.output);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key)),
+        0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
+    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE), 0);
+
+    /* Try bad parameters. */
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef HAVE_FIPS
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaHmacFinal */
+
+/*
+ * Testing wc_HmacFinal() with SHA224
+ */
+int test_wc_Sha224HmacFinal(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
+    Hmac hmac;
+    byte hash[WC_SHA224_DIGEST_SIZE];
+    testVector a;
+    const char* key;
+
+    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b";
+    a.input = "Hi There";
+    a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
+               "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
+    a.inLen  = XSTRLEN(a.input);
+    a.outLen = XSTRLEN(a.output);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key,
+        (word32)XSTRLEN(key)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
+    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE), 0);
+
+    /* Try bad parameters. */
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef HAVE_FIPS
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224HmacFinal */
+
+/*
+ * Testing wc_HmacFinal() with SHA256
+ */
+int test_wc_Sha256HmacFinal(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && !defined(NO_SHA256)
+    Hmac hmac;
+    byte hash[WC_SHA256_DIGEST_SIZE];
+    testVector a;
+    const char* key;
+
+    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b";
+    a.input = "Hi There";
+    a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
+               "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
+               "\xcf\xf7";
+    a.inLen  = XSTRLEN(a.input);
+    a.outLen = XSTRLEN(a.output);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key,
+        (word32)XSTRLEN(key)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
+    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0);
+
+    /* Try bad parameters. */
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef HAVE_FIPS
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256HmacFinal */
+
+/*
+ * Testing wc_HmacFinal() with SHA384
+ */
+int test_wc_Sha384HmacFinal(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+    Hmac hmac;
+    byte hash[WC_SHA384_DIGEST_SIZE];
+    testVector a;
+    const char* key;
+
+    key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b";
+    a.input = "Hi There";
+    a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
+               "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
+               "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
+               "\xfa\x9c\xb6";
+    a.inLen  = XSTRLEN(a.input);
+    a.outLen = XSTRLEN(a.output);
+
+    ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key,
+        (word32)XSTRLEN(key)), 0);
+    ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
+    ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
+    ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE), 0);
+
+    /* Try bad parameters. */
+    ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef HAVE_FIPS
+    ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    wc_HmacFree(&hmac);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384HmacFinal */
+
diff --git a/tests/api/test_hmac.h b/tests/api/test_hmac.h
new file mode 100644
index 000000000..444aaeeb8
--- /dev/null
+++ b/tests/api/test_hmac.h
@@ -0,0 +1,60 @@
+/* test_hmac.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_HMAC_H
+#define WOLFCRYPT_TEST_HMAC_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_Md5HmacSetKey(void);
+int test_wc_Md5HmacUpdate(void);
+int test_wc_Md5HmacFinal(void);
+int test_wc_ShaHmacSetKey(void);
+int test_wc_ShaHmacUpdate(void);
+int test_wc_ShaHmacFinal(void);
+int test_wc_Sha224HmacSetKey(void);
+int test_wc_Sha224HmacUpdate(void);
+int test_wc_Sha224HmacFinal(void);
+int test_wc_Sha256HmacSetKey(void);
+int test_wc_Sha256HmacUpdate(void);
+int test_wc_Sha256HmacFinal(void);
+int test_wc_Sha384HmacSetKey(void);
+int test_wc_Sha384HmacUpdate(void);
+int test_wc_Sha384HmacFinal(void);
+
+#define TEST_HMAC_DECLS                                 \
+    TEST_DECL_GROUP("hmac", test_wc_Md5HmacSetKey),     \
+    TEST_DECL_GROUP("hmac", test_wc_Md5HmacUpdate),     \
+    TEST_DECL_GROUP("hmac", test_wc_Md5HmacFinal),      \
+    TEST_DECL_GROUP("hmac", test_wc_ShaHmacSetKey),     \
+    TEST_DECL_GROUP("hmac", test_wc_ShaHmacUpdate),     \
+    TEST_DECL_GROUP("hmac", test_wc_ShaHmacFinal),      \
+    TEST_DECL_GROUP("hmac", test_wc_Sha224HmacSetKey),  \
+    TEST_DECL_GROUP("hmac", test_wc_Sha224HmacUpdate),  \
+    TEST_DECL_GROUP("hmac", test_wc_Sha224HmacFinal),   \
+    TEST_DECL_GROUP("hmac", test_wc_Sha256HmacSetKey),  \
+    TEST_DECL_GROUP("hmac", test_wc_Sha256HmacUpdate),  \
+    TEST_DECL_GROUP("hmac", test_wc_Sha256HmacFinal),   \
+    TEST_DECL_GROUP("hmac", test_wc_Sha384HmacSetKey),  \
+    TEST_DECL_GROUP("hmac", test_wc_Sha384HmacUpdate),  \
+    TEST_DECL_GROUP("hmac", test_wc_Sha384HmacFinal)
+
+#endif /* WOLFCRYPT_TEST_HMAC_H */
diff --git a/tests/api/test_md2.c b/tests/api/test_md2.c
new file mode 100644
index 000000000..309f68e6d
--- /dev/null
+++ b/tests/api/test_md2.c
@@ -0,0 +1,127 @@
+/* test_md2.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/md2.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_md2.h>
+#include <tests/api/test_digest.h>
+
+/* Unit test for wc_InitMd2() and wc_InitMd2_ex() */
+int test_wc_InitMd2(void)
+{
+    EXPECT_SUCCESS_DECLS;
+#ifdef WOLFSSL_MD2
+    DIGEST_INIT_ONLY_TEST(wc_Md2, Md2);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Unit test for wc_UpdateMd2() */
+int test_wc_Md2Update(void)
+{
+    EXPECT_SUCCESS_DECLS;
+#ifdef WOLFSSL_MD2
+    DIGEST_UPDATE_ONLY_TEST(wc_Md2, Md2);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Unit test for wc_Md2Final() */
+int test_wc_Md2Final(void)
+{
+    EXPECT_SUCCESS_DECLS;
+#ifdef WOLFSSL_MD2
+    DIGEST_FINAL_ONLY_TEST(wc_Md2, Md2, MD2);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define MD2_KAT_CNT     7
+
+int test_wc_Md2_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_MD2
+    DIGEST_KATS_TEST_VARS(wc_Md2, MD2);
+
+    /* From RFC 1321. */
+    DIGEST_KATS_ADD("", 0,
+        "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d"
+        "\xf2\x27\x5c\x9f\x80\x69\x27\x73" );
+    DIGEST_KATS_ADD("a", 1,
+        "\x32\xec\x01\xec\x4a\x6d\xac\x72"
+        "\xc0\xab\x96\xfb\x34\xc0\xb5\xd1");
+    DIGEST_KATS_ADD("abc", 3,
+        "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b"
+        "\x30\x28\x3a\x69\xe6\xde\xd6\xbb");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b"
+        "\x21\x9f\xf3\x30\x31\xfe\x06\xb0");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\x4e\x8d\xdf\xf3\x65\x02\x92\xab"
+        "\x5a\x41\x08\xc3\xaa\x47\x94\x0b");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xda\x33\xde\xf2\xa4\x2d\xf1\x39"
+        "\x75\x35\x28\x46\xc3\x03\x38\xcd");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d"
+        "\xc9\x80\x6c\x3c\x66\xf3\xef\xd8");
+
+    DIGEST_KATS_ONLY_TEST(Md2, MD2);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Md2_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_MD2
+    DIGEST_OTHER_ONLY_TEST(wc_Md2, Md2, MD2,
+        "\xa3\x0c\xa1\xdd\xfa\xd0\x7c\x97"
+        "\x58\xfd\xe2\x53\xf0\xa1\xb0\x6d");
+#endif
+    return EXPECT_RESULT();
+}
+
+/*
+ *  Testing wc_Md2Hash()
+ */
+int test_wc_Md2Hash(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_MD2)
+    DIGEST_HASH_ONLY_TEST(Md2, MD2);
+#endif
+    return EXPECT_RESULT();
+}  /* END test_wc_Sm3Hash */
+
diff --git a/tests/api/test_md2.h b/tests/api/test_md2.h
new file mode 100644
index 000000000..8e6408dda
--- /dev/null
+++ b/tests/api/test_md2.h
@@ -0,0 +1,42 @@
+/* test_md2.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_MD2_H
+#define WOLFCRYPT_TEST_MD2_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitMd2(void);
+int test_wc_Md2Update(void);
+int test_wc_Md2Final(void);
+int test_wc_Md2_KATs(void);
+int test_wc_Md2_other(void);
+int test_wc_Md2Hash(void);
+
+#define TEST_MD2_DECLS                          \
+    TEST_DECL_GROUP("md2", test_wc_InitMd2),    \
+    TEST_DECL_GROUP("md2", test_wc_Md2Update),  \
+    TEST_DECL_GROUP("md2", test_wc_Md2Final),   \
+    TEST_DECL_GROUP("md2", test_wc_Md2_KATs),   \
+    TEST_DECL_GROUP("md2", test_wc_Md2_other),  \
+    TEST_DECL_GROUP("md2", test_wc_Md2Hash)
+
+#endif /* WOLFCRYPT_TEST_MD2_H */
diff --git a/tests/api/test_md4.c b/tests/api/test_md4.c
new file mode 100644
index 000000000..6a868d2e5
--- /dev/null
+++ b/tests/api/test_md4.c
@@ -0,0 +1,115 @@
+/* test_md4.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/md4.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_md4.h>
+#include <tests/api/test_digest.h>
+
+/* Unit test for wc_InitMd4() and wc_InitMd4_ex() */
+int test_wc_InitMd4(void)
+{
+    EXPECT_SUCCESS_DECLS;
+#ifndef NO_MD4
+    DIGEST_INIT_ONLY_TEST(wc_Md4, Md4);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Unit test for wc_UpdateMd4() */
+int test_wc_Md4Update(void)
+{
+    EXPECT_SUCCESS_DECLS;
+#ifndef NO_MD4
+    DIGEST_UPDATE_ONLY_TEST(wc_Md4, Md4);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Unit test for wc_Md4Final() */
+int test_wc_Md4Final(void)
+{
+    EXPECT_SUCCESS_DECLS;
+#ifndef NO_MD4
+    DIGEST_FINAL_ONLY_TEST(wc_Md4, Md4, MD4);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define MD4_KAT_CNT     7
+
+int test_wc_Md4_KATs(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD4
+    DIGEST_KATS_TEST_VARS(wc_Md4, MD4);
+
+    /* From RFC 1321. */
+    DIGEST_KATS_ADD("", 0,
+        "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31"
+        "\xb7\x3c\x59\xd7\xe0\xc0\x89\xc0");
+    DIGEST_KATS_ADD("a", 1,
+        "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46"
+        "\x24\x5e\x05\xfb\xdb\xd6\xfb\x24");
+    DIGEST_KATS_ADD("abc", 3,
+        "\xa4\x48\x01\x7a\xaf\x21\xd8\x52"
+        "\x5f\xc1\x0a\xe8\x7a\xa6\x72\x9d");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\xd9\x13\x0a\x81\x64\x54\x9f\xe8"
+        "\x18\x87\x48\x06\xe1\xc7\x01\x4b");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd"
+        "\xee\xa8\xed\x63\xdf\x41\x2d\xa9");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\x04\x3f\x85\x82\xf2\x41\xdb\x35"
+        "\x1c\xe6\x27\xe1\x53\xe7\xf0\xe4");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19"
+        "\x9c\x3e\x7b\x16\x4f\xcc\x05\x36");
+
+    DIGEST_KATS_ONLY_TEST(Md4, MD4);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Md4_other(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD4
+    DIGEST_OTHER_ONLY_TEST(wc_Md4, Md4, MD4,
+        "\x1b\x60\x7d\x08\x57\x0c\xf1\x52"
+        "\xbb\x44\x55\x97\x73\x26\x95\x6d");
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_md4.h b/tests/api/test_md4.h
new file mode 100644
index 000000000..561726ead
--- /dev/null
+++ b/tests/api/test_md4.h
@@ -0,0 +1,40 @@
+/* test_md2.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_MD4_H
+#define WOLFCRYPT_TEST_MD4_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitMd4(void);
+int test_wc_Md4Update(void);
+int test_wc_Md4Final(void);
+int test_wc_Md4_KATs(void);
+int test_wc_Md4_other(void);
+
+#define TEST_MD4_DECLS                          \
+    TEST_DECL_GROUP("md4", test_wc_InitMd4),    \
+    TEST_DECL_GROUP("md4", test_wc_Md4Update),  \
+    TEST_DECL_GROUP("md4", test_wc_Md4Final),   \
+    TEST_DECL_GROUP("md4", test_wc_Md4_KATs),   \
+    TEST_DECL_GROUP("md4", test_wc_Md4_other)
+
+#endif /* WOLFCRYPT_TEST_MD4_H */
diff --git a/tests/api/test_md5.c b/tests/api/test_md5.c
new file mode 100644
index 000000000..957248d74
--- /dev/null
+++ b/tests/api/test_md5.c
@@ -0,0 +1,170 @@
+/* test_md5.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/md5.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_md5.h>
+#include <tests/api/test_digest.h>
+
+/* Unit test for wc_InitMd5() and wc_InitMd5_ex() */
+int test_wc_InitMd5(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Md5, Md5);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Unit test for wc_UpdateMd5() */
+int test_wc_Md5Update(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_UPDATE_TEST(wc_Md5, Md5);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Unit test for wc_Md5Final() */
+int test_wc_Md5Final(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_FINAL_TEST(wc_Md5, Md5, MD5);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define MD5_KAT_CNT     7
+
+int test_wc_Md5_KATs(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_KATS_TEST_VARS(wc_Md5, MD5);
+
+    /* From RFC 1321. */
+    DIGEST_KATS_ADD("", 0,
+        "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
+        "\xe9\x80\x09\x98\xec\xf8\x42\x7e");
+    DIGEST_KATS_ADD("a", 1,
+        "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8"
+        "\x31\xc3\x99\xe2\x69\x77\x26\x61");
+    DIGEST_KATS_ADD("abc", 3,
+        "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
+        "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d"
+        "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00"
+        "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xd1\x74\xab\x98\xd2\x77\xd9\xf5"
+        "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55"
+        "\xac\x49\xda\x2e\x21\x07\xb6\x7a");
+
+    DIGEST_KATS_TEST(Md5, MD5);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Md5_other(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_OTHER_TEST(wc_Md5, Md5, MD5,
+        "\xd9\xa6\xc2\x1f\xf4\x05\xab\x62"
+        "\xd6\xad\xa8\xcd\x0c\xb9\x49\x14");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Md5Copy(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_COPY_TEST(wc_Md5, Md5, MD5,
+        "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
+        "\xe9\x80\x09\x98\xec\xf8\x42\x7e",
+        "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
+        "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Md5GetHash(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_MD5
+    DIGEST_GET_HASH_TEST(wc_Md5, Md5, MD5,
+        "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
+        "\xe9\x80\x09\x98\xec\xf8\x42\x7e",
+        "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
+        "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Md5Transform(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_MD5) && (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(HAVE_MD5_CUST_API)
+    DIGEST_TRANSFORM_TEST(wc_Md5, Md5, MD5,
+        "\x61\x62\x63\x80\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x18\x00\x00\x00\x00\x00\x00\x00",
+        "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
+        "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Md5_Flags(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_MD5) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Md5, Md5);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_md5.h b/tests/api/test_md5.h
new file mode 100644
index 000000000..cb58b605b
--- /dev/null
+++ b/tests/api/test_md5.h
@@ -0,0 +1,48 @@
+/* test_md5.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_MD5_H
+#define WOLFCRYPT_TEST_MD5_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitMd5(void);
+int test_wc_Md5Update(void);
+int test_wc_Md5Final(void);
+int test_wc_Md5_KATs(void);
+int test_wc_Md5_other(void);
+int test_wc_Md5Copy(void);
+int test_wc_Md5GetHash(void);
+int test_wc_Md5Transform(void);
+int test_wc_Md5_Flags(void);
+
+#define TEST_MD5_DECLS                              \
+    TEST_DECL_GROUP("md5", test_wc_InitMd5),        \
+    TEST_DECL_GROUP("md5", test_wc_Md5Update),      \
+    TEST_DECL_GROUP("md5", test_wc_Md5Final),       \
+    TEST_DECL_GROUP("md5", test_wc_Md5_KATs),       \
+    TEST_DECL_GROUP("md5", test_wc_Md5_other),      \
+    TEST_DECL_GROUP("md5", test_wc_Md5Copy),        \
+    TEST_DECL_GROUP("md5", test_wc_Md5GetHash),     \
+    TEST_DECL_GROUP("md5", test_wc_Md5Transform),   \
+    TEST_DECL_GROUP("md5", test_wc_Md5_Flags)
+
+#endif /* WOLFCRYPT_TEST_MD5_H */
diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c
new file mode 100644
index 000000000..2229c5f77
--- /dev/null
+++ b/tests/api/test_mldsa.c
@@ -0,0 +1,16660 @@
+/* test_mldsa.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/asn_public.h>
+#ifdef HAVE_DILITHIUM
+    #include <wolfssl/wolfcrypt/dilithium.h>
+#endif
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_mldsa.h>
+
+
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_NO_ML_DSA_44)
+static const byte ml_dsa_44_pub_key[] = {
+    0x7c, 0x33, 0x31, 0x41, 0x15, 0xa7, 0x2d, 0x6b,
+    0x17, 0x7c, 0x10, 0xab, 0x75, 0xf7, 0x83, 0xb3,
+    0x30, 0x75, 0x6f, 0xa9, 0x42, 0xb0, 0x9b, 0x59,
+    0x59, 0x99, 0x2b, 0x5d, 0x7d, 0x6e, 0xeb, 0xdd,
+    0xd9, 0x99, 0x8f, 0x7b, 0xad, 0xe5, 0x90, 0x0f,
+    0xa4, 0x80, 0xd8, 0xa2, 0x0d, 0x95, 0xea, 0x63,
+    0x2b, 0xcf, 0xb4, 0x5b, 0x3c, 0xd1, 0x5a, 0xc4,
+    0xc4, 0xd1, 0x71, 0x28, 0x4b, 0x0b, 0x28, 0x32,
+    0x73, 0xb5, 0x0d, 0xd6, 0x8f, 0x6b, 0x01, 0x26,
+    0x04, 0x45, 0xa3, 0x80, 0xc0, 0x21, 0x12, 0xee,
+    0x52, 0x0f, 0x35, 0xe4, 0x8e, 0xca, 0xf8, 0x91,
+    0xf4, 0x99, 0x51, 0xe2, 0x80, 0x76, 0xa7, 0x2d,
+    0x09, 0xf5, 0x04, 0xcc, 0xa6, 0x6b, 0x20, 0xc4,
+    0xac, 0xcd, 0x6c, 0x9c, 0x09, 0xe7, 0x51, 0xa2,
+    0x29, 0x60, 0xfd, 0xf2, 0xbd, 0x7e, 0x4c, 0x9d,
+    0xc0, 0xba, 0x62, 0x2f, 0x53, 0xb2, 0x47, 0x03,
+    0xf2, 0x6f, 0x70, 0x51, 0xa8, 0xe1, 0xb7, 0x9f,
+    0x37, 0x15, 0xfa, 0xd1, 0x6c, 0x74, 0x1a, 0x2b,
+    0x4f, 0x39, 0x4f, 0x43, 0x49, 0x71, 0x6a, 0xf8,
+    0x7c, 0x65, 0x1a, 0xdd, 0x1a, 0x25, 0xf8, 0x79,
+    0xfa, 0x8c, 0x02, 0xf2, 0xf7, 0xf7, 0x7b, 0x9f,
+    0xe4, 0xaf, 0x9e, 0x1a, 0x0b, 0x5b, 0x2e, 0x41,
+    0xbb, 0xa9, 0x4f, 0xd0, 0xdb, 0xad, 0xe5, 0x25,
+    0xff, 0x36, 0x3b, 0x9a, 0xc3, 0xdf, 0xb6, 0x27,
+    0xd3, 0xba, 0xb0, 0xd4, 0xb2, 0x07, 0xc3, 0xd8,
+    0xab, 0x10, 0x3d, 0xcd, 0x23, 0x52, 0x46, 0xe6,
+    0x96, 0x57, 0x85, 0xc7, 0x60, 0xe2, 0x8c, 0x46,
+    0x65, 0x7d, 0x76, 0x1c, 0x45, 0x20, 0x5d, 0x51,
+    0xd6, 0x13, 0xde, 0xe5, 0x3d, 0xc2, 0x8c, 0x36,
+    0xdb, 0x7f, 0x83, 0x6f, 0x6a, 0xc2, 0xa3, 0xf2,
+    0xdc, 0x63, 0x69, 0x7f, 0xbd, 0xd0, 0xc1, 0x90,
+    0xfb, 0x62, 0x42, 0xa1, 0xf6, 0xf7, 0xdd, 0xc2,
+    0x4a, 0x38, 0x62, 0x9b, 0xef, 0x67, 0xf9, 0x5c,
+    0xd8, 0xff, 0xf4, 0xf2, 0x67, 0x90, 0x42, 0x85,
+    0xaf, 0xe2, 0x92, 0x6e, 0xc4, 0x9b, 0x63, 0xc3,
+    0x91, 0xa5, 0x11, 0x66, 0x13, 0x83, 0xbc, 0xbb,
+    0xc7, 0x34, 0x3b, 0x30, 0x40, 0x53, 0x91, 0xdf,
+    0x7c, 0x3d, 0x17, 0xdd, 0xa1, 0xa6, 0x80, 0xfd,
+    0x26, 0x9d, 0x60, 0x7b, 0xcd, 0xb4, 0x2b, 0xba,
+    0x61, 0x0f, 0x43, 0x7c, 0x51, 0x3c, 0xb9, 0xfa,
+    0xdb, 0x48, 0x35, 0x9f, 0x0d, 0x0c, 0x04, 0xe8,
+    0xf9, 0x6e, 0x07, 0x65, 0x7d, 0x46, 0x1b, 0xd2,
+    0x51, 0xdb, 0x55, 0x27, 0xd7, 0x3d, 0x1e, 0x36,
+    0x07, 0x59, 0x18, 0xec, 0x04, 0x4b, 0x87, 0xbb,
+    0xfb, 0x27, 0xac, 0xeb, 0x8f, 0x43, 0x46, 0xd0,
+    0x39, 0x00, 0x90, 0x54, 0x70, 0xb1, 0x71, 0xf2,
+    0xe7, 0x3d, 0x02, 0x1a, 0xcf, 0x87, 0x16, 0x67,
+    0xa2, 0x3c, 0x31, 0x48, 0xe8, 0xbd, 0x4f, 0xb3,
+    0xc2, 0xfd, 0x3d, 0xa1, 0x9c, 0x87, 0x54, 0x60,
+    0x30, 0x21, 0x52, 0x57, 0xcd, 0x03, 0x96, 0x9e,
+    0xa7, 0x8d, 0xe5, 0x02, 0x04, 0x78, 0x43, 0x72,
+    0xda, 0xb2, 0x22, 0xf1, 0xee, 0x8f, 0x27, 0x0b,
+    0x8f, 0x7b, 0xf8, 0xbc, 0x16, 0xa1, 0xef, 0x0b,
+    0x35, 0xda, 0xfc, 0x29, 0x1b, 0xf8, 0xa1, 0x35,
+    0x40, 0xe7, 0xed, 0x4c, 0x02, 0x4a, 0x83, 0xb7,
+    0x49, 0x75, 0x34, 0x3f, 0x2b, 0xb3, 0x61, 0xf5,
+    0xa3, 0x9b, 0x23, 0xca, 0xfb, 0x58, 0x16, 0x4f,
+    0x3c, 0x50, 0xbf, 0x81, 0xab, 0x54, 0x50, 0x1a,
+    0x39, 0x57, 0x5f, 0x9a, 0x72, 0x22, 0xba, 0xa4,
+    0xf6, 0xbf, 0xac, 0x31, 0x5c, 0xc5, 0x96, 0xd7,
+    0xa9, 0xe4, 0x3b, 0x0c, 0xd0, 0x7f, 0x79, 0x68,
+    0x4d, 0x41, 0x04, 0x81, 0x73, 0xcf, 0x47, 0x4a,
+    0x7b, 0x37, 0xac, 0x8e, 0x47, 0x0d, 0x72, 0x65,
+    0x0f, 0x9d, 0x44, 0xd7, 0x08, 0x21, 0x5b, 0x3f,
+    0xc8, 0x9d, 0xea, 0xa2, 0x64, 0x7b, 0x0d, 0x98,
+    0xc1, 0x61, 0xcd, 0xa4, 0xf7, 0x8c, 0x4a, 0xa3,
+    0x3b, 0xdd, 0x92, 0xce, 0x61, 0x97, 0x0e, 0x98,
+    0xa4, 0x10, 0xb5, 0x1f, 0xc5, 0xfb, 0xee, 0x49,
+    0x36, 0x8f, 0xe3, 0x2d, 0x46, 0x9c, 0xa9, 0xff,
+    0xdd, 0x1a, 0x48, 0x1b, 0x5a, 0x99, 0x84, 0x0a,
+    0x3d, 0x5c, 0xd7, 0x67, 0x32, 0x88, 0x87, 0x2a,
+    0x34, 0x50, 0x04, 0xad, 0xe6, 0xbb, 0x3c, 0xb5,
+    0xee, 0x80, 0x99, 0x70, 0xaa, 0x9d, 0x5a, 0x63,
+    0xec, 0xd5, 0x9a, 0x6a, 0x3a, 0xe8, 0xaa, 0x3d,
+    0x3f, 0xe8, 0x15, 0x2c, 0x16, 0x3e, 0x86, 0x46,
+    0x21, 0xf2, 0xd2, 0x6e, 0x74, 0x3d, 0x53, 0x94,
+    0x7c, 0x41, 0xec, 0x5b, 0xf5, 0xa4, 0xc8, 0x1f,
+    0x75, 0x22, 0x50, 0x58, 0x31, 0xf5, 0x29, 0x9a,
+    0xc2, 0x2c, 0x67, 0xd9, 0xf6, 0x2e, 0xa1, 0xa9,
+    0x0a, 0x69, 0x90, 0x7a, 0xd8, 0xed, 0x5c, 0x09,
+    0x3d, 0x14, 0xa3, 0x2b, 0xc0, 0x47, 0x88, 0xb7,
+    0xea, 0x14, 0x8a, 0xec, 0xaf, 0x0c, 0xb7, 0xc6,
+    0x7c, 0x32, 0x0f, 0x57, 0xea, 0x9f, 0xd4, 0x99,
+    0x8d, 0xab, 0xd6, 0xc9, 0x31, 0x07, 0x81, 0x37,
+    0x3d, 0xf5, 0x07, 0xb3, 0x93, 0xb7, 0x04, 0x20,
+    0xdf, 0x91, 0xef, 0xfb, 0xa6, 0x7d, 0x4b, 0x5d,
+    0xd4, 0x24, 0xd2, 0x0b, 0xc5, 0x34, 0xf6, 0x7a,
+    0xf9, 0x4a, 0x48, 0xc7, 0xab, 0xaf, 0xa8, 0xd2,
+    0xfc, 0x41, 0xc9, 0x8b, 0xa8, 0xc4, 0x2f, 0x94,
+    0x4e, 0xb0, 0xab, 0xd3, 0xd9, 0x09, 0x4b, 0x1f,
+    0x35, 0xb7, 0xb4, 0x4c, 0x2d, 0x6b, 0xe6, 0xb4,
+    0x2e, 0x8a, 0x09, 0xd3, 0x9d, 0x54, 0x3f, 0x53,
+    0xcc, 0x8e, 0x16, 0x18, 0x4e, 0x9a, 0xe8, 0x52,
+    0x84, 0x3a, 0x3e, 0xdb, 0xab, 0x65, 0xc4, 0xa1,
+    0x3c, 0xd0, 0xf6, 0x57, 0x3c, 0x0e, 0x10, 0xed,
+    0xb2, 0xa9, 0x7d, 0x70, 0x3f, 0x18, 0x1a, 0xba,
+    0x31, 0x33, 0xcb, 0x2a, 0xfd, 0x13, 0xf5, 0x23,
+    0xd7, 0x71, 0xfa, 0xb6, 0xe8, 0xda, 0x63, 0xca,
+    0x55, 0x3c, 0x5b, 0x87, 0x27, 0x96, 0x3d, 0xd0,
+    0x43, 0x9d, 0x76, 0x9f, 0x28, 0x5a, 0xb6, 0xc8,
+    0x81, 0xe4, 0x7c, 0x2a, 0x7a, 0x84, 0x0f, 0x2d,
+    0x1b, 0xd0, 0xe4, 0x0e, 0x1b, 0x47, 0x32, 0xc8,
+    0x02, 0x2d, 0x39, 0x0e, 0x7d, 0xb1, 0x12, 0x56,
+    0x50, 0x00, 0xae, 0xcc, 0x45, 0x0a, 0xd5, 0x30,
+    0x16, 0xe7, 0x3a, 0x53, 0x02, 0xbc, 0xd5, 0xef,
+    0xca, 0x00, 0xea, 0x5f, 0xbe, 0x15, 0x0d, 0x08,
+    0x76, 0xc1, 0x03, 0x93, 0x96, 0x4a, 0x88, 0xda,
+    0x9d, 0x0b, 0x51, 0x39, 0x9a, 0xef, 0xd2, 0xde,
+    0x8a, 0x2c, 0xe6, 0xf3, 0xa5, 0x70, 0x15, 0x3a,
+    0x17, 0x43, 0x31, 0xfc, 0x47, 0x9d, 0xec, 0x3b,
+    0x28, 0x6f, 0xdf, 0x45, 0x6f, 0x9e, 0x10, 0xbb,
+    0x8e, 0x43, 0xc5, 0x59, 0xe5, 0x61, 0x9b, 0xa7,
+    0xa1, 0xb8, 0x7a, 0x1c, 0xd4, 0x25, 0x26, 0xca,
+    0xe9, 0x2b, 0x0b, 0x3d, 0x06, 0xeb, 0x44, 0x44,
+    0xab, 0x4a, 0x5e, 0x68, 0x5c, 0x93, 0xf1, 0x3f,
+    0x39, 0x01, 0xb9, 0xf1, 0x01, 0xb7, 0xb6, 0x14,
+    0x44, 0x1d, 0x6d, 0x6b, 0x03, 0x45, 0x0d, 0xf3,
+    0xbf, 0x71, 0x4e, 0xf3, 0x84, 0x3d, 0xef, 0xea,
+    0x60, 0x2e, 0x2e, 0xf7, 0x33, 0xa6, 0xbe, 0x53,
+    0x49, 0x26, 0xed, 0xb4, 0xbf, 0x7f, 0xb0, 0x1d,
+    0x39, 0xb2, 0xc2, 0x88, 0xc2, 0xa2, 0xd4, 0x7f,
+    0x0e, 0x1c, 0x44, 0xa3, 0x38, 0x76, 0xa7, 0xa6,
+    0x19, 0x7e, 0x4c, 0x84, 0x25, 0x01, 0xb2, 0x78,
+    0xb4, 0x56, 0xc5, 0xc1, 0x50, 0x3f, 0xf2, 0xb6,
+    0x76, 0x09, 0x55, 0x57, 0x1c, 0xd1, 0x55, 0x23,
+    0x16, 0x2a, 0x51, 0x16, 0xaa, 0x13, 0x4f, 0x35,
+    0x69, 0xaf, 0xea, 0x01, 0x5f, 0x22, 0xc9, 0x2e,
+    0xe9, 0x8c, 0x6c, 0xa2, 0x17, 0x92, 0xdc, 0x3d,
+    0xd6, 0xf0, 0xfa, 0x5a, 0x53, 0xe0, 0xcd, 0x55,
+    0xa2, 0x91, 0x62, 0xba, 0xae, 0x67, 0x40, 0x1c,
+    0xda, 0xb4, 0xcc, 0xfc, 0x67, 0x1f, 0x44, 0xa0,
+    0x50, 0xa5, 0xde, 0xc5, 0xde, 0x5e, 0xa0, 0x3b,
+    0x05, 0x84, 0x1c, 0x2a, 0xc4, 0x96, 0x47, 0xd6,
+    0x97, 0x56, 0x40, 0x33, 0x99, 0x7c, 0x8b, 0x56,
+    0xb4, 0xfb, 0xf4, 0x23, 0xcb, 0x48, 0x81, 0x6c,
+    0xa4, 0x53, 0x41, 0x8c, 0x28, 0x61, 0xd7, 0x8c,
+    0xde, 0xde, 0xeb, 0xd4, 0xe7, 0x8a, 0x2a, 0x40,
+    0x83, 0x1c, 0xa4, 0x19, 0x0f, 0x6c, 0x73, 0xa5,
+    0x0e, 0xb6, 0x5c, 0x14, 0x36, 0xff, 0xc9, 0x99,
+    0x56, 0x53, 0x8c, 0x4e, 0x4f, 0x4a, 0x82, 0xc8,
+    0x76, 0x83, 0x81, 0xf1, 0x17, 0x82, 0x98, 0x3e,
+    0x9c, 0x99, 0x3a, 0x7c, 0x08, 0x77, 0x3e, 0xe2,
+    0x10, 0x98, 0xb0, 0xf6, 0x1d, 0xd3, 0x24, 0xe8,
+    0x98, 0xcf, 0xd8, 0x9a, 0xb8, 0xd7, 0xbe, 0x56,
+    0xa2, 0xb6, 0xf8, 0x2e, 0xfe, 0xeb, 0x96, 0xfa,
+    0xd0, 0xba, 0x79, 0x9e, 0xde, 0x72, 0x0d, 0x53,
+    0x5f, 0xdd, 0x0d, 0xb2, 0x0a, 0x8f, 0x14, 0x94,
+    0x87, 0x25, 0x5e, 0xcd, 0xd4, 0x4b, 0xaa, 0xc9,
+    0x7e, 0x41, 0x9f, 0x33, 0x77, 0xbe, 0x6d, 0x57,
+    0x68, 0xef, 0xee, 0x1a, 0xc4, 0x5c, 0x7b, 0xca,
+    0x7e, 0x33, 0x93, 0x3d, 0x88, 0x91, 0xd1, 0x34,
+    0x6a, 0x39, 0x98, 0x92, 0x50, 0x1a, 0x02, 0xcf,
+    0x89, 0x34, 0x33, 0x10, 0x65, 0x23, 0x4d, 0xb7,
+    0x00, 0xcc, 0xc1, 0x60, 0xdd, 0x7d, 0x8e, 0xd1,
+    0x16, 0xa7, 0x71, 0x7b, 0x20, 0xcb, 0xe4, 0xe8,
+    0xcc, 0xfc, 0xb8, 0x5f, 0xe4, 0xe2, 0xd6, 0x8c,
+    0x43, 0x9c, 0x06, 0xf4, 0x8d, 0xbc, 0x56, 0xd0,
+    0x0c, 0xd6, 0x0b, 0x6c, 0x33, 0x0e, 0x08, 0x77,
+    0x66, 0x52, 0x1f, 0x48, 0x0c, 0x50, 0x4a, 0xc2,
+    0x99, 0x0a, 0x15, 0x86, 0xc3, 0x9b, 0x7a, 0x5f,
+    0xfb, 0x58, 0xbd, 0x63, 0x0c, 0xbe, 0x83, 0x40,
+    0x8f, 0xba, 0x39, 0xfb, 0x45, 0xb9, 0xf7, 0x96,
+    0x62, 0xec, 0x7e, 0x77, 0xa4, 0xfb, 0xe1, 0x86,
+    0x5c, 0x0a, 0xae, 0x32, 0xbd, 0x79, 0x76, 0x8b
+};
+static const byte ml_dsa_44_good_sig[] = {
+    0x09, 0xf0, 0xae, 0xbb, 0x25, 0xc7, 0xfc, 0xdd,
+    0x93, 0x25, 0x9c, 0x50, 0xd9, 0x2e, 0x72, 0x5d,
+    0x53, 0xf5, 0x29, 0xd7, 0x4c, 0xc2, 0xd6, 0x81,
+    0x5c, 0xf3, 0x3f, 0x9a, 0x8a, 0xa9, 0x00, 0x21,
+    0x6c, 0xc6, 0xb9, 0x72, 0xb7, 0x0e, 0x00, 0x55,
+    0x9f, 0xd7, 0xae, 0x92, 0xc3, 0xbc, 0x8f, 0x2d,
+    0x4f, 0x54, 0x87, 0x56, 0x52, 0xd3, 0xdd, 0xaf,
+    0xe0, 0xff, 0xda, 0x80, 0x1b, 0xf3, 0x56, 0x90,
+    0xdd, 0x07, 0x86, 0xad, 0xf7, 0xf3, 0x8e, 0xcf,
+    0x3a, 0x57, 0x30, 0x52, 0xaa, 0xd2, 0xb1, 0xf0,
+    0x66, 0xea, 0x67, 0xab, 0x94, 0x1d, 0x96, 0x04,
+    0xaa, 0xcf, 0x0e, 0xb0, 0xbc, 0x7d, 0x8a, 0x4c,
+    0x62, 0x21, 0x82, 0x81, 0x98, 0x63, 0x22, 0x91,
+    0xb9, 0xfe, 0x53, 0x63, 0x8d, 0xdf, 0xe6, 0x19,
+    0xc1, 0x54, 0x3b, 0xf0, 0xf5, 0xe4, 0xc4, 0x36,
+    0x66, 0x2f, 0xcc, 0x4f, 0xed, 0xc6, 0x62, 0x7d,
+    0x8b, 0x7b, 0x89, 0xac, 0x23, 0x0b, 0x40, 0x4e,
+    0x2d, 0xdc, 0xe5, 0xa2, 0xbc, 0x8b, 0xac, 0xe7,
+    0x0b, 0xaa, 0x15, 0xa0, 0x79, 0x4a, 0x97, 0x8a,
+    0xc8, 0xb1, 0x31, 0xea, 0x29, 0x99, 0x14, 0x5d,
+    0x5b, 0x8c, 0xc2, 0xd0, 0xc2, 0x29, 0xd0, 0x85,
+    0xb9, 0x25, 0x16, 0x08, 0xe8, 0x41, 0xa7, 0x77,
+    0x1a, 0xbf, 0x5a, 0x48, 0x5a, 0x7f, 0x97, 0x44,
+    0x62, 0xb4, 0x68, 0x2e, 0x05, 0x48, 0xde, 0x0f,
+    0x69, 0xcc, 0x05, 0x3c, 0xa4, 0x85, 0x20, 0x60,
+    0xfd, 0x45, 0x6a, 0x14, 0xb9, 0x76, 0x8d, 0x48,
+    0xe7, 0x71, 0xd0, 0xd7, 0xbe, 0xe3, 0x36, 0xd6,
+    0x94, 0x5c, 0x22, 0x6e, 0x28, 0xc6, 0x34, 0x93,
+    0xf4, 0x6c, 0xf2, 0x62, 0xbf, 0x8f, 0x6d, 0x07,
+    0xff, 0x38, 0x92, 0x23, 0x19, 0x55, 0xd0, 0x66,
+    0x72, 0x76, 0xc1, 0x43, 0xbc, 0x60, 0x5d, 0xaa,
+    0x61, 0x10, 0xdb, 0x0c, 0x49, 0x7b, 0x99, 0xce,
+    0x14, 0xe3, 0x0b, 0x80, 0xdc, 0x8a, 0x3d, 0xa5,
+    0x3a, 0x0e, 0x29, 0x88, 0x09, 0x1f, 0x9c, 0x03,
+    0x32, 0x13, 0xc2, 0xe1, 0x49, 0x26, 0xc7, 0x11,
+    0xfa, 0x7f, 0x2d, 0x64, 0xfc, 0xf9, 0xaf, 0xd0,
+    0x4d, 0xcf, 0x3a, 0x23, 0x49, 0xde, 0xf2, 0x5d,
+    0xad, 0xf3, 0xde, 0xe0, 0x9a, 0xa2, 0x96, 0x0a,
+    0x9d, 0x97, 0x39, 0x88, 0x60, 0x75, 0xec, 0x29,
+    0x9b, 0x93, 0xfc, 0x80, 0xb3, 0xeb, 0xb0, 0xc6,
+    0xa8, 0xea, 0x75, 0x67, 0xed, 0xbd, 0x42, 0x2a,
+    0xed, 0x22, 0x27, 0xdb, 0x41, 0x3a, 0x94, 0x86,
+    0xd7, 0x4a, 0xf1, 0x8f, 0xa5, 0x47, 0x38, 0xa3,
+    0x3c, 0xe7, 0x17, 0x5d, 0xce, 0xdc, 0x32, 0x7c,
+    0xe4, 0x05, 0x58, 0x98, 0x67, 0xc8, 0xaf, 0x35,
+    0x5d, 0xf9, 0xc0, 0x10, 0x6d, 0x9d, 0xd3, 0x27,
+    0x79, 0x3c, 0x1d, 0xdd, 0xfb, 0x53, 0x3c, 0x03,
+    0x4c, 0xb3, 0x1b, 0x0b, 0x3a, 0x60, 0x80, 0xcd,
+    0x9b, 0x1e, 0x5f, 0x3f, 0x29, 0xfa, 0xb1, 0x09,
+    0x9a, 0x88, 0x58, 0x4a, 0xf5, 0xed, 0xe9, 0x7c,
+    0x9d, 0x70, 0xbe, 0x57, 0xfb, 0x92, 0x12, 0xc9,
+    0x8c, 0x6b, 0x77, 0xe2, 0x44, 0xc6, 0x82, 0x2a,
+    0x29, 0xb3, 0x9c, 0xb0, 0x60, 0xda, 0x3d, 0xcd,
+    0x4e, 0x49, 0x96, 0x8c, 0xd7, 0x2b, 0x29, 0x28,
+    0x7b, 0xec, 0xf1, 0x46, 0x40, 0xf0, 0xe1, 0xd7,
+    0x48, 0x9e, 0xdf, 0xfd, 0xa6, 0xd0, 0xaa, 0x35,
+    0x94, 0x7a, 0x94, 0x57, 0xf3, 0xd4, 0x15, 0x19,
+    0xd3, 0xc5, 0x35, 0x73, 0xc4, 0xf5, 0x86, 0x0d,
+    0x2a, 0x5b, 0x67, 0x0d, 0x8d, 0xaa, 0x18, 0x3e,
+    0xea, 0x9d, 0x80, 0xe7, 0xf8, 0xbb, 0x23, 0xea,
+    0x5d, 0x1c, 0x4d, 0xb2, 0x58, 0x7e, 0xe5, 0xef,
+    0x80, 0xc1, 0x63, 0x44, 0xaf, 0x1d, 0xed, 0xf6,
+    0x92, 0x05, 0x0c, 0xda, 0xcc, 0x58, 0x39, 0x27,
+    0xdd, 0x24, 0xac, 0x63, 0x23, 0x34, 0xaa, 0x2d,
+    0xd0, 0x5b, 0xd7, 0x7f, 0x6d, 0xcb, 0x64, 0xed,
+    0xb3, 0x9b, 0x05, 0x90, 0x79, 0xc2, 0x25, 0x68,
+    0xed, 0xf6, 0xa8, 0x7e, 0x30, 0x4a, 0x46, 0x44,
+    0xad, 0xc8, 0x12, 0x8d, 0x04, 0xc3, 0x11, 0x83,
+    0x7e, 0x77, 0xef, 0x9c, 0xa2, 0xf9, 0x3b, 0x06,
+    0x84, 0x7f, 0x72, 0xd9, 0x2f, 0x22, 0x95, 0xb7,
+    0x7b, 0x4e, 0x35, 0x6a, 0xfa, 0x73, 0x7d, 0x88,
+    0x5b, 0xac, 0x7b, 0xc5, 0x53, 0xc1, 0xfe, 0x6b,
+    0x7c, 0x05, 0xc3, 0xe4, 0xae, 0x48, 0x1a, 0xea,
+    0x6e, 0x51, 0x46, 0x1e, 0x82, 0x80, 0xde, 0x31,
+    0xe1, 0x41, 0x71, 0x88, 0x41, 0xa7, 0xb2, 0xcd,
+    0x3d, 0xf7, 0x5c, 0x4f, 0x4c, 0xfd, 0x3f, 0x6f,
+    0x6c, 0x82, 0xc1, 0xba, 0xe0, 0xf0, 0xb4, 0x8c,
+    0xd5, 0xb5, 0x32, 0xbf, 0x91, 0x49, 0x7e, 0x39,
+    0x5e, 0x0a, 0xdf, 0x4b, 0xd6, 0x07, 0x72, 0xff,
+    0x58, 0x65, 0x1b, 0x1f, 0xc6, 0x56, 0xd2, 0x00,
+    0xec, 0x60, 0xd1, 0x22, 0xc9, 0x1a, 0xa4, 0xcc,
+    0x26, 0xb4, 0xd1, 0x93, 0xbc, 0xfc, 0x52, 0xdf,
+    0xa1, 0x23, 0x37, 0x9b, 0xa2, 0xa8, 0x8f, 0xf3,
+    0x39, 0x03, 0xa5, 0x4c, 0xf0, 0x68, 0xe5, 0x95,
+    0x62, 0xfb, 0xd8, 0x88, 0x39, 0xf6, 0x02, 0x0a,
+    0x4e, 0x7c, 0xf0, 0xbf, 0x71, 0x99, 0x0f, 0x19,
+    0x61, 0xd9, 0x39, 0xe8, 0x3f, 0x59, 0x22, 0x4a,
+    0xaa, 0xdd, 0x03, 0xf8, 0x09, 0xb8, 0xaf, 0xd9,
+    0xb9, 0x9c, 0x3f, 0xf1, 0xfe, 0x49, 0xae, 0x99,
+    0x2f, 0xa2, 0x22, 0x5a, 0x3c, 0xe9, 0xe9, 0xf7,
+    0xba, 0x2d, 0xeb, 0x1f, 0x6c, 0xa7, 0xe1, 0x87,
+    0x2f, 0xa5, 0xff, 0xcf, 0x1c, 0x22, 0x8d, 0xf2,
+    0x5f, 0x63, 0xf5, 0xbb, 0x36, 0x66, 0xcc, 0x62,
+    0x89, 0x8e, 0xf7, 0x78, 0xc5, 0x97, 0x95, 0xde,
+    0xec, 0x43, 0x39, 0x6e, 0x0d, 0xe0, 0x8e, 0xbd,
+    0x2b, 0x3b, 0xe6, 0xff, 0xf5, 0x8f, 0x90, 0xd2,
+    0xd2, 0xce, 0x3b, 0x6f, 0x78, 0xf5, 0xd3, 0x42,
+    0xf3, 0x0f, 0x27, 0x4b, 0x2b, 0xe4, 0xd8, 0x0d,
+    0x31, 0xfa, 0xba, 0xdc, 0x54, 0x21, 0x9a, 0xbf,
+    0x1e, 0x1d, 0x06, 0x8e, 0xd9, 0x58, 0xce, 0x9a,
+    0x71, 0x79, 0x4d, 0xcb, 0xfb, 0x99, 0x4b, 0x66,
+    0xed, 0xef, 0x75, 0x20, 0x4d, 0x47, 0x9b, 0x40,
+    0xd5, 0xcf, 0xd9, 0x00, 0xfe, 0x32, 0x45, 0xae,
+    0x4b, 0x7e, 0x8e, 0x7b, 0xf9, 0xd4, 0xd4, 0x2e,
+    0x1a, 0x2a, 0xac, 0x73, 0xdb, 0x79, 0xb7, 0x02,
+    0x6a, 0x3d, 0xa2, 0xfe, 0x52, 0x27, 0x25, 0x43,
+    0xd1, 0xb5, 0x48, 0x0e, 0xef, 0xf1, 0x0f, 0xe7,
+    0x27, 0xc2, 0x59, 0x4e, 0x47, 0xe2, 0x12, 0xaa,
+    0x1e, 0xae, 0xbc, 0x86, 0x22, 0x70, 0x33, 0xa5,
+    0x50, 0x3f, 0xed, 0x3c, 0x98, 0xbb, 0xd5, 0xb3,
+    0x3e, 0x43, 0x21, 0x8e, 0x3e, 0x8c, 0xcc, 0x0c,
+    0xcf, 0x50, 0xcd, 0xeb, 0x1b, 0x9d, 0x0c, 0xc9,
+    0xe3, 0x2f, 0xbb, 0x4b, 0x43, 0xfc, 0x37, 0x27,
+    0xcb, 0xc9, 0x5a, 0xe9, 0x45, 0x92, 0x9d, 0xe9,
+    0x60, 0x8f, 0x93, 0x1b, 0xd8, 0x6a, 0x68, 0x86,
+    0xc2, 0x1d, 0x49, 0x92, 0x11, 0x29, 0x62, 0x14,
+    0x15, 0x4c, 0xe9, 0x33, 0xe3, 0x70, 0x2d, 0x6b,
+    0x8b, 0xb5, 0x22, 0x44, 0x82, 0xbe, 0x43, 0xe2,
+    0x80, 0xfb, 0xb5, 0xfa, 0x6a, 0x30, 0x04, 0x20,
+    0xb6, 0x58, 0xe1, 0xf4, 0x8c, 0xe6, 0x4c, 0x7c,
+    0x8d, 0x38, 0xf6, 0xdd, 0x59, 0xfc, 0x5a, 0xd7,
+    0x9f, 0x34, 0x92, 0xcc, 0xde, 0x65, 0x89, 0xa7,
+    0xd9, 0x57, 0xf7, 0xf2, 0x71, 0x39, 0xaf, 0xb6,
+    0x88, 0x02, 0x40, 0x24, 0x8b, 0x4f, 0xc5, 0xfc,
+    0xdc, 0x5c, 0xc0, 0x1d, 0xa6, 0x68, 0x87, 0xe0,
+    0x8f, 0xdc, 0xf0, 0xac, 0xd8, 0x5f, 0x1c, 0xb3,
+    0x07, 0xac, 0x58, 0x97, 0x3f, 0x3e, 0x72, 0x19,
+    0x18, 0x64, 0x55, 0x73, 0x11, 0x71, 0xd1, 0xa4,
+    0xa6, 0x57, 0xb0, 0x27, 0xaf, 0xad, 0x8a, 0xf7,
+    0xdf, 0xde, 0x1e, 0xdb, 0x31, 0xc9, 0x32, 0x85,
+    0x90, 0x40, 0x3d, 0xfe, 0x64, 0x5d, 0xe3, 0x94,
+    0x74, 0x98, 0xa7, 0xed, 0x84, 0x44, 0x13, 0x76,
+    0xba, 0xe9, 0x09, 0x9a, 0x17, 0xe0, 0x38, 0x03,
+    0x3b, 0x7a, 0xa7, 0x0e, 0x74, 0xbd, 0x93, 0xb1,
+    0x85, 0x64, 0xc9, 0xc4, 0x22, 0xb9, 0xdf, 0x80,
+    0xac, 0xa1, 0x17, 0xdb, 0x11, 0xdb, 0xfa, 0xeb,
+    0x90, 0x3c, 0x28, 0xfb, 0xa2, 0x36, 0x76, 0x61,
+    0x20, 0x00, 0x88, 0x15, 0xc0, 0x79, 0x9f, 0x7d,
+    0x9f, 0x90, 0xdb, 0x79, 0xbf, 0x1c, 0xdf, 0x86,
+    0xc9, 0x60, 0x8c, 0xea, 0xa6, 0x24, 0x81, 0xd6,
+    0x6d, 0xd8, 0x8d, 0x17, 0x5f, 0x5c, 0x6d, 0x93,
+    0xbc, 0xed, 0xe5, 0x41, 0x05, 0xbe, 0xc6, 0x0f,
+    0x66, 0x50, 0xc3, 0xce, 0x7e, 0x6c, 0x80, 0x88,
+    0xf5, 0x52, 0x61, 0xaf, 0xdb, 0xc0, 0x80, 0xbe,
+    0x78, 0x49, 0x64, 0x39, 0x54, 0x26, 0xeb, 0xab,
+    0x07, 0x4d, 0x38, 0x66, 0x06, 0x98, 0x58, 0xaa,
+    0x40, 0xc4, 0x89, 0xb2, 0x08, 0x85, 0xf3, 0x14,
+    0x58, 0x5d, 0x36, 0xf7, 0xf0, 0x6b, 0x72, 0x79,
+    0x6d, 0xbe, 0x5e, 0x24, 0x68, 0xf1, 0x3c, 0xa2,
+    0x82, 0x22, 0x6e, 0xc4, 0x46, 0x94, 0x8e, 0x00,
+    0xcb, 0xc0, 0x07, 0x69, 0xa5, 0x6d, 0x57, 0x04,
+    0x79, 0xeb, 0x06, 0x7a, 0x42, 0x20, 0x6e, 0xdc,
+    0xb5, 0xa4, 0xdd, 0x74, 0xb3, 0x92, 0x16, 0x71,
+    0x7d, 0x99, 0xfa, 0x26, 0x35, 0x57, 0xe2, 0x83,
+    0xc2, 0xb6, 0xfb, 0x0a, 0xae, 0x22, 0xed, 0xe3,
+    0x98, 0x65, 0x18, 0x32, 0xf8, 0xe5, 0xed, 0xa9,
+    0xf9, 0x7d, 0xb8, 0xea, 0x21, 0x51, 0x6c, 0x70,
+    0x4c, 0xfa, 0xec, 0x6d, 0x4c, 0xf4, 0xcb, 0x1c,
+    0x43, 0xfb, 0xfc, 0xbb, 0xa9, 0xcb, 0xc5, 0x21,
+    0xb3, 0x89, 0xd6, 0x4c, 0xc4, 0x42, 0xd1, 0x55,
+    0x3d, 0x43, 0x74, 0xbf, 0xb7, 0x47, 0xb3, 0x5b,
+    0x14, 0xc3, 0x8f, 0x42, 0x30, 0x57, 0xb0, 0x22,
+    0x56, 0xbe, 0x8d, 0x88, 0x7e, 0x7d, 0x63, 0xc8,
+    0xec, 0x01, 0x41, 0xd5, 0x9d, 0xb6, 0x7a, 0x3b,
+    0xfe, 0x8b, 0x95, 0x94, 0xdb, 0xca, 0xf1, 0xb4,
+    0x56, 0xd7, 0x83, 0xf4, 0x11, 0x05, 0x65, 0xde,
+    0x7a, 0xa3, 0x5a, 0x7a, 0x70, 0xe4, 0xd2, 0xad,
+    0xc0, 0xff, 0x3f, 0x66, 0x2e, 0x1a, 0x65, 0x38,
+    0xda, 0x1f, 0x3f, 0xac, 0x04, 0x2f, 0x0f, 0xde,
+    0x7e, 0x55, 0x05, 0x12, 0xe9, 0xe7, 0x69, 0xf9,
+    0x34, 0x2c, 0x84, 0x97, 0xa8, 0x86, 0x0c, 0x24,
+    0x32, 0x87, 0xfd, 0xbe, 0x67, 0xd1, 0x02, 0x21,
+    0x3b, 0x33, 0xfd, 0x11, 0xb1, 0xca, 0x4f, 0xeb,
+    0x40, 0x38, 0xf6, 0x19, 0x83, 0x9d, 0x73, 0x44,
+    0x37, 0xd6, 0x69, 0x6d, 0x85, 0xda, 0xf7, 0x69,
+    0xfb, 0x88, 0x2b, 0xe7, 0xe7, 0x3c, 0x18, 0xa8,
+    0x13, 0xb7, 0xee, 0x5c, 0x50, 0x5b, 0xa3, 0x09,
+    0x1c, 0xef, 0x8d, 0x37, 0x89, 0x75, 0x0f, 0x8b,
+    0xea, 0x17, 0x02, 0x47, 0x21, 0xcb, 0xa8, 0x73,
+    0x71, 0x23, 0x4c, 0xf7, 0x50, 0xdd, 0x21, 0xe5,
+    0xdb, 0x40, 0x3a, 0x87, 0x40, 0x8d, 0x60, 0x89,
+    0x9e, 0x20, 0x00, 0x58, 0xeb, 0xbb, 0x24, 0x9b,
+    0x0a, 0x17, 0x8f, 0xf6, 0x56, 0x07, 0x11, 0x5b,
+    0xa7, 0xcd, 0x93, 0x0a, 0x31, 0x3d, 0x1f, 0x45,
+    0xa0, 0x08, 0x8f, 0x88, 0x34, 0xa5, 0x01, 0x3b,
+    0xea, 0x07, 0xa3, 0x7b, 0x66, 0x3e, 0x96, 0xe8,
+    0xf7, 0x4d, 0x63, 0x04, 0x55, 0x89, 0xf1, 0x02,
+    0x1e, 0x4a, 0x21, 0xb1, 0x2b, 0x8c, 0x7f, 0x2e,
+    0x0c, 0x64, 0x26, 0x36, 0xd8, 0x63, 0xab, 0xf5,
+    0x22, 0xaf, 0xa9, 0xfa, 0xfa, 0x21, 0x4b, 0x7e,
+    0x6f, 0x8c, 0xce, 0x98, 0xf2, 0x85, 0x3f, 0x2c,
+    0x07, 0x90, 0xc3, 0x2c, 0x06, 0xc5, 0xde, 0xc8,
+    0xc2, 0x7c, 0xd7, 0x9b, 0x64, 0x25, 0x8a, 0x9b,
+    0x77, 0x07, 0xc7, 0x4c, 0xd7, 0x67, 0xff, 0xe6,
+    0xdb, 0x17, 0xf5, 0xc4, 0x2a, 0x14, 0x44, 0x1a,
+    0xff, 0xda, 0xe0, 0xa7, 0x09, 0x1c, 0xe9, 0x03,
+    0xde, 0x4a, 0x59, 0xe4, 0xdf, 0xa3, 0x0d, 0x3a,
+    0x43, 0xdf, 0x80, 0x82, 0x87, 0xfa, 0x75, 0xf5,
+    0xe8, 0xef, 0x6f, 0xd0, 0x89, 0xdd, 0xa1, 0x75,
+    0x17, 0x5b, 0x71, 0x47, 0xe8, 0x8d, 0xae, 0xf6,
+    0x18, 0x7f, 0xb9, 0x24, 0x68, 0x3f, 0x17, 0x6b,
+    0xa8, 0x30, 0x67, 0x7e, 0x02, 0x9b, 0xf6, 0x4d,
+    0x03, 0xa8, 0xfb, 0x33, 0x2f, 0xb4, 0x65, 0x72,
+    0x2a, 0x30, 0xa6, 0x93, 0x94, 0x7a, 0x41, 0x0f,
+    0xd3, 0x67, 0x0b, 0xba, 0xa4, 0x49, 0x7c, 0xcf,
+    0x1f, 0x59, 0x1e, 0x2e, 0x45, 0xd4, 0xa8, 0xb1,
+    0x98, 0x2b, 0xd7, 0x6f, 0x55, 0xb8, 0xf2, 0x65,
+    0x7b, 0x96, 0x18, 0xf7, 0x2e, 0xde, 0x9c, 0x39,
+    0x7a, 0x08, 0x2e, 0xe7, 0x3c, 0x9e, 0x4a, 0xfe,
+    0xba, 0x49, 0xce, 0xba, 0x65, 0x18, 0xae, 0xae,
+    0x9b, 0xd5, 0xf5, 0xeb, 0xd3, 0xdc, 0xd7, 0x2c,
+    0x92, 0x3c, 0xe2, 0x93, 0xb9, 0x69, 0xf2, 0x20,
+    0xea, 0xbd, 0xa9, 0x01, 0x2b, 0x72, 0x7c, 0x93,
+    0x6c, 0x1f, 0x80, 0x3a, 0xd2, 0x2d, 0xf6, 0xc1,
+    0x31, 0x63, 0xd2, 0x2f, 0x6c, 0x1a, 0x54, 0x1f,
+    0x74, 0xe6, 0xa0, 0xac, 0xb1, 0x04, 0x03, 0xb3,
+    0x22, 0x19, 0x48, 0x0a, 0xa7, 0x55, 0x25, 0xc1,
+    0x77, 0x28, 0xb9, 0xbe, 0xef, 0xa8, 0xc6, 0x2b,
+    0xd5, 0x6c, 0x5d, 0x7b, 0x85, 0xcd, 0x10, 0x2d,
+    0x9e, 0xfd, 0xb8, 0xa5, 0x10, 0x65, 0xf7, 0x29,
+    0xa7, 0x41, 0x18, 0xc8, 0xc2, 0x23, 0xe5, 0xcb,
+    0x96, 0x91, 0x8a, 0x7e, 0x45, 0x30, 0x6b, 0x91,
+    0xf1, 0x88, 0xb3, 0x2e, 0x92, 0x96, 0x0a, 0x42,
+    0x4a, 0x16, 0x9d, 0x0c, 0xa8, 0xa7, 0xe5, 0x64,
+    0x38, 0x8a, 0x53, 0x41, 0x28, 0xbf, 0xd7, 0xa4,
+    0x14, 0x05, 0x59, 0x11, 0x2e, 0x0f, 0xc8, 0x5c,
+    0x97, 0x8d, 0xd3, 0x92, 0xbf, 0xb9, 0x05, 0xfa,
+    0xff, 0x38, 0xbf, 0xd6, 0xc5, 0x22, 0xf8, 0xa4,
+    0x75, 0x30, 0x45, 0x93, 0x14, 0xda, 0xc0, 0x7f,
+    0xea, 0x24, 0xe0, 0x33, 0x68, 0xf2, 0x6d, 0xe1,
+    0xb1, 0x0c, 0x7d, 0x40, 0xaa, 0x16, 0x53, 0xa1,
+    0xf6, 0x26, 0xb1, 0x25, 0xe8, 0x83, 0xe9, 0xea,
+    0xea, 0xd2, 0x5a, 0x24, 0xda, 0xe2, 0x6e, 0xd1,
+    0x2a, 0x87, 0x64, 0x48, 0x13, 0x55, 0xb1, 0x2c,
+    0x1a, 0x58, 0x43, 0x5b, 0x63, 0x14, 0x3e, 0x02,
+    0xf0, 0xcf, 0x61, 0x7d, 0x83, 0x81, 0xb9, 0x65,
+    0x4b, 0x72, 0xee, 0xff, 0xfb, 0x6a, 0xbe, 0x71,
+    0x26, 0x56, 0x28, 0x13, 0x9f, 0x31, 0xda, 0x8c,
+    0x2f, 0xdb, 0x21, 0xbe, 0x4b, 0x66, 0xbb, 0xad,
+    0x7a, 0x13, 0x55, 0x92, 0x7c, 0xb5, 0x6e, 0x5f,
+    0x45, 0x1b, 0x64, 0x2d, 0xad, 0x6d, 0x32, 0x07,
+    0xe4, 0x91, 0xdc, 0x0c, 0x1b, 0x5f, 0xcd, 0x86,
+    0xe2, 0x99, 0x2b, 0xb9, 0x7e, 0x60, 0xbd, 0xad,
+    0xa1, 0x5c, 0xab, 0x7f, 0x76, 0xf3, 0x77, 0xba,
+    0x73, 0x7f, 0x6a, 0x88, 0x4e, 0xff, 0x40, 0x72,
+    0x7a, 0x4d, 0x9b, 0x20, 0x2d, 0xc9, 0x2a, 0x30,
+    0x0f, 0x8f, 0x0f, 0xc9, 0x79, 0xc8, 0xc3, 0x8a,
+    0x83, 0x52, 0xff, 0x66, 0x7a, 0x42, 0x04, 0x08,
+    0x6e, 0x5b, 0x13, 0xda, 0xb9, 0xb6, 0x2d, 0x45,
+    0x77, 0x9a, 0xa0, 0x2b, 0xc1, 0x87, 0xc2, 0xa6,
+    0x35, 0x7f, 0x39, 0x34, 0x2e, 0x95, 0x1e, 0x8c,
+    0xbf, 0x89, 0x6d, 0xcf, 0x82, 0xb8, 0x9f, 0x9b,
+    0xd1, 0xbc, 0xa2, 0x55, 0x83, 0xf4, 0xca, 0x21,
+    0x11, 0x8f, 0x28, 0xa9, 0x5e, 0x28, 0x23, 0xb4,
+    0x43, 0x60, 0xb6, 0x11, 0x1a, 0x6f, 0xb4, 0xd1,
+    0x96, 0xc8, 0x79, 0xf2, 0x39, 0x8b, 0x82, 0xae,
+    0xe0, 0xc2, 0xe4, 0xf9, 0xfb, 0xf8, 0x85, 0x64,
+    0x28, 0xad, 0xb5, 0xfd, 0x37, 0xc5, 0x21, 0x38,
+    0x31, 0x94, 0x0d, 0xbe, 0xd8, 0xaf, 0x9b, 0x8a,
+    0x7d, 0xfb, 0x56, 0xd8, 0x23, 0xf7, 0x55, 0x55,
+    0xe7, 0xd9, 0x63, 0x65, 0xfd, 0x64, 0x2e, 0x8a,
+    0x1d, 0x1b, 0xac, 0x4e, 0x2f, 0xef, 0x1b, 0x77,
+    0xca, 0x01, 0xd6, 0xfc, 0xb0, 0x11, 0xda, 0x6b,
+    0xef, 0x9f, 0x76, 0x81, 0x3e, 0x3f, 0x26, 0x4b,
+    0x3b, 0x97, 0xa0, 0x7d, 0xd6, 0xcf, 0x51, 0x0d,
+    0x06, 0xf7, 0xf5, 0x88, 0x64, 0x34, 0x7a, 0xe3,
+    0xb9, 0x16, 0xc3, 0x06, 0x04, 0xf3, 0xe9, 0x55,
+    0xd2, 0xff, 0x49, 0xec, 0x57, 0x84, 0x1f, 0x39,
+    0x28, 0x71, 0x57, 0x87, 0x40, 0xf2, 0x7a, 0x30,
+    0xa0, 0x88, 0xba, 0x6c, 0xb1, 0x09, 0x30, 0x3a,
+    0x11, 0x75, 0xcf, 0xbe, 0x4c, 0xf7, 0xf7, 0xca,
+    0x44, 0x52, 0x91, 0xd0, 0x4c, 0x12, 0x3e, 0x3a,
+    0x4b, 0x31, 0x20, 0xfe, 0x27, 0xd2, 0x08, 0x5b,
+    0x83, 0x7b, 0x82, 0xd3, 0xa3, 0x72, 0xba, 0x2f,
+    0x5f, 0xa3, 0x71, 0xcd, 0x8d, 0x3f, 0x94, 0xce,
+    0x86, 0xa8, 0x6b, 0x43, 0xb7, 0x06, 0x80, 0x70,
+    0x64, 0x06, 0xab, 0x54, 0xce, 0xb5, 0x29, 0xaf,
+    0x73, 0xf7, 0x0f, 0x65, 0x70, 0xa7, 0x84, 0x1a,
+    0x0b, 0xdb, 0x0c, 0xa9, 0x20, 0xea, 0x06, 0x7a,
+    0xba, 0x80, 0xc6, 0xae, 0x3e, 0x0a, 0x7b, 0xd6,
+    0x21, 0x99, 0xe0, 0xae, 0x6e, 0x8f, 0x80, 0xa9,
+    0x97, 0x27, 0x3d, 0x7e, 0xb2, 0xd8, 0x06, 0x10,
+    0x36, 0x07, 0x64, 0x12, 0xd0, 0xc7, 0x91, 0xd2,
+    0x81, 0x74, 0x22, 0x8b, 0x8f, 0xe0, 0x48, 0xc4,
+    0xe1, 0x9b, 0x05, 0xc8, 0xc5, 0xc3, 0x9a, 0x7b,
+    0x9d, 0xee, 0x23, 0xe0, 0x98, 0xc0, 0xd0, 0x05,
+    0x21, 0x89, 0x9a, 0xf4, 0x45, 0xd1, 0x1d, 0x80,
+    0x79, 0xb7, 0xfe, 0x3c, 0xff, 0x84, 0x86, 0xf0,
+    0x2a, 0x69, 0x8b, 0x2d, 0x3b, 0x82, 0xa0, 0xab,
+    0xee, 0xe6, 0xf4, 0x64, 0x84, 0x2b, 0x7a, 0x42,
+    0x12, 0x8d, 0x10, 0xa6, 0xae, 0x10, 0x6d, 0x03,
+    0xb5, 0x72, 0x09, 0xf8, 0x3f, 0xe4, 0x1c, 0x0a,
+    0x08, 0x0d, 0x1a, 0x45, 0x5b, 0x70, 0x7b, 0x95,
+    0xa1, 0xa7, 0xb4, 0xb6, 0xbf, 0xcc, 0xfc, 0x09,
+    0x1a, 0x30, 0x40, 0x44, 0x5e, 0x69, 0x73, 0x7a,
+    0x81, 0xa5, 0xb9, 0xd7, 0xdd, 0xe3, 0xee, 0xfb,
+    0x16, 0x1a, 0x1d, 0x40, 0x41, 0x4e, 0x8d, 0x90,
+    0x92, 0x9d, 0xaf, 0xb0, 0xbb, 0xc2, 0xe0, 0xfc,
+    0x06, 0x0b, 0x20, 0x37, 0x47, 0x50, 0x53, 0x65,
+    0x87, 0x89, 0x99, 0xa4, 0xb7, 0xdb, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0f, 0x20, 0x30, 0x3e
+};
+#endif
+
+int test_wc_dilithium(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM)
+    dilithium_key* key;
+    byte level;
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    WC_RNG rng;
+#endif
+    byte* privKey = NULL;
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+    word32 privKeyLen = DILITHIUM_MAX_KEY_SIZE;
+#endif
+    byte* pubKey = NULL;
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+    word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
+#endif
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    privKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(privKey);
+    pubKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(pubKey);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+#endif
+
+    ExpectIntEQ(wc_dilithium_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_init_ex(NULL, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    wc_dilithium_free(NULL);
+
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+    wc_dilithium_free(key);
+    ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0);
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+    ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+    ExpectIntEQ(wc_dilithium_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_priv_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#endif
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_pub_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    ExpectIntEQ(wc_dilithium_sig_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+    ExpectIntEQ(wc_dilithium_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_priv_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#endif
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_pub_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    ExpectIntEQ(wc_dilithium_sig_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    ExpectIntEQ(wc_dilithium_set_level(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_set_level(key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_set_level(NULL, WC_ML_DSA_44), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_set_level(key, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_set_level(key, 4), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_dilithium_get_level(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_get_level(key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_get_level(NULL, &level), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_get_level(key, &level), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#ifndef WOLFSSL_NO_ML_DSA_87
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+    ExpectIntEQ(wc_dilithium_get_level(key, &level), 0);
+    ExpectIntEQ(level, WC_ML_DSA_87);
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+    ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL5_KEY_SIZE);
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL5_PRV_KEY_SIZE);
+#endif
+#endif
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL5_PUB_KEY_SIZE);
+#endif
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL5_SIG_SIZE);
+#endif
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+    ExpectIntEQ(wc_dilithium_get_level(key, &level), 0);
+    ExpectIntEQ(level, WC_ML_DSA_65);
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+    ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL3_KEY_SIZE);
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL3_PRV_KEY_SIZE);
+#endif
+#endif
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL3_PUB_KEY_SIZE);
+#endif
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL3_SIG_SIZE);
+#endif
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+    ExpectIntEQ(wc_dilithium_get_level(key, &level), 0);
+    ExpectIntEQ(level, WC_ML_DSA_44);
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+    ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL2_KEY_SIZE);
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL2_PRV_KEY_SIZE);
+#endif
+#endif
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+    ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL2_PUB_KEY_SIZE);
+#endif
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL2_SIG_SIZE);
+#endif
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+#endif
+
+#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifndef WOLFSSL_DILITHIUM_NO_SIGN
+    ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    wc_dilithium_free(key);
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    wc_FreeRng(&rng);
+#endif
+    XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_dilithium_make_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
+    dilithium_key* key;
+    WC_RNG rng;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), WC_NO_ERR_TRACE(BAD_STATE_E));
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+#endif
+
+    ExpectIntEQ(wc_dilithium_make_key(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_make_key(key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_make_key(NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    wc_dilithium_free(key);
+    wc_FreeRng(&rng);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_dilithium_sign(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    dilithium_key* key;
+    dilithium_key* importKey = NULL;
+    WC_RNG rng;
+    byte* privKey = NULL;
+    word32 privKeyLen = DILITHIUM_MAX_KEY_SIZE;
+    word32 badKeyLen;
+    byte msg[32];
+    byte* sig = NULL;
+    word32 sigLen = DILITHIUM_MAX_SIG_SIZE;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    importKey = (dilithium_key*)XMALLOC(sizeof(*key), NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(importKey);
+    privKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(privKey);
+    sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(sig);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+    if (importKey != NULL) {
+        XMEMSET(importKey, 0, sizeof(*importKey));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(msg, 0x55, sizeof(msg));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+#endif
+
+#ifdef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level2_key,
+        sizeof_bench_dilithium_level2_key, key), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level3_key,
+        sizeof_bench_dilithium_level3_key, key), 0);
+#else
+    ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level5_key,
+        sizeof_bench_dilithium_level5_key, key), 0);
+#endif
+#else
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+#endif
+
+    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, NULL, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, sig, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, &sigLen, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, key, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, NULL, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, sig, &sigLen, key, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, NULL, &sigLen, key, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, NULL, key, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, NULL, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0);
+
+    ExpectIntEQ(wc_dilithium_export_private(NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_private(key, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_private(NULL, privKey, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_private(NULL, NULL, &privKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_private(NULL, privKey, &privKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_private(key, NULL, &privKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_private(key, privKey, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    badKeyLen = 0;
+    ExpectIntEQ(wc_dilithium_export_private(key, privKey, &badKeyLen),
+        WC_NO_ERR_TRACE(BUFFER_E));
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL2_KEY_SIZE);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL3_KEY_SIZE);
+#else
+    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL5_KEY_SIZE);
+#endif
+    ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen),
+        0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL2_KEY_SIZE);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL3_KEY_SIZE);
+#else
+    ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL5_KEY_SIZE);
+#endif
+
+    ExpectIntEQ(wc_dilithium_init(importKey), 0);
+    ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_87), 0);
+#endif
+    ExpectIntEQ(wc_dilithium_import_private(NULL, 0, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(privKey, 0, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(NULL, privKeyLen, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(NULL, 0, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(NULL, privKeyLen, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(privKey, 0, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, importKey),
+        0);
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0);
+#ifdef WOLFSSL_DILITHIUM_CHECK_KEY
+    ExpectIntEQ(wc_dilithium_check_key(importKey), WC_NO_ERR_TRACE(PUBLIC_KEY_E));
+#endif
+    wc_dilithium_free(importKey);
+
+    wc_dilithium_free(key);
+    wc_FreeRng(&rng);
+
+    XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(importKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_dilithium_verify(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+    (!defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_DILITHIUM_NO_SIGN))
+    dilithium_key* key;
+    dilithium_key* importKey = NULL;
+    WC_RNG rng;
+    byte* pubKey = NULL;
+    word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
+    word32 badKeyLen;
+    byte msg[32];
+    byte* sig = NULL;
+    word32 sigLen = DILITHIUM_MAX_SIG_SIZE;
+    int res;
+#ifndef WOLFSSL_NO_ML_DSA_44
+    byte b;
+#endif
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    importKey = (dilithium_key*)XMALLOC(sizeof(*key), NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(importKey);
+    pubKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(pubKey);
+    sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(sig);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+    if (importKey != NULL) {
+        XMEMSET(importKey, 0, sizeof(*importKey));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(msg, 0x55, sizeof(msg));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+#endif
+
+#if !defined(WOLFSSL_NO_ML_DSA_44)
+    ExpectIntEQ(wc_dilithium_import_public(ml_dsa_44_pub_key,
+        (word32)sizeof(ml_dsa_44_pub_key), key), 0);
+    if (sig != NULL) {
+        XMEMCPY(sig, ml_dsa_44_good_sig, sizeof(ml_dsa_44_good_sig));
+    }
+    sigLen = (word32)sizeof(ml_dsa_44_good_sig);
+#else
+#ifdef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_import_public(bench_dilithium_level3_pub_key,
+        sizeof_bench_dilithium_level3_pub_key, key), 0);
+#else
+    ExpectIntEQ(wc_dilithium_import_public(bench_dilithium_level5_pub_key,
+        sizeof_bench_dilithium_level5_pub_key, key), 0);
+#endif /* !WOLFSSL_NO_ML_DSA_65 */
+#else
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+#endif /* WOLFSSL_DILITHIUM_NO_MAKE_KEY */
+
+    ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0);
+#endif /* !WOLFSSL_NO_ML_DSA_44 */
+
+    ExpectIntEQ(wc_dilithium_export_public(NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_public(key, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_public(NULL, pubKey, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_public(NULL, NULL, &pubKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_public(NULL, pubKey, &pubKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_public(key, NULL, &pubKeyLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    badKeyLen = 0;
+    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &badKeyLen),
+        WC_NO_ERR_TRACE(BUFFER_E));
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL2_PUB_KEY_SIZE);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL3_PUB_KEY_SIZE);
+#else
+    ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL5_PUB_KEY_SIZE);
+#endif
+    ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen), 0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL2_PUB_KEY_SIZE);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL3_PUB_KEY_SIZE);
+#else
+    ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL5_PUB_KEY_SIZE);
+#endif
+
+    ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, NULL, NULL),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, 0, NULL, 32, NULL, NULL),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, msg, 32, NULL, NULL),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, &res, NULL),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, NULL, key),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(NULL, sigLen, msg, 32, &res, key),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, 0, msg, 32, &res, key),
+       WC_NO_ERR_TRACE(BUFFER_E));
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, NULL, 32, &res, key),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, NULL, key),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, NULL),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    res = 0;
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    ExpectIntEQ(wc_dilithium_init(importKey), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_87), 0);
+#endif
+    ExpectIntEQ(wc_dilithium_import_public(NULL, 0, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(pubKey, 0, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(NULL, pubKeyLen, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(NULL, 0, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(NULL, pubKeyLen, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(pubKey, 0, importKey),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, importKey), 0);
+    res = 0;
+    ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, importKey),
+        0);
+    ExpectIntEQ(res, 1);
+#ifdef WOLFSSL_DILITHIUM_CHECK_KEY
+    ExpectIntEQ(wc_dilithium_check_key(importKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    wc_dilithium_free(importKey);
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    if (sig != NULL) {
+        if (sig[sigLen - 5] == 0) {
+            /* Unused hints meant to be 0. */
+            sig[sigLen - 5] = 0xff;
+            res = 1;
+            ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res,
+                key), WC_NO_ERR_TRACE(SIG_VERIFY_E));
+            ExpectIntEQ(res, 0);
+            sig[sigLen - 5] = 0x00;
+        }
+
+        /* Last count of hints must be less than PARAMS_ML_DSA_44_OMEGA == 80 */
+        b = sig[sigLen - 1];
+        sig[sigLen - 1] = 0xff;
+        res = 1;
+        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
+            WC_NO_ERR_TRACE(SIG_VERIFY_E));
+        ExpectIntEQ(res, 0);
+        sig[sigLen - 1] = b;
+
+        if (sig[sigLen - 4] > 1) {
+            /* Index must be less than previous. */
+            b = sig[sigLen - 84];
+            sig[sigLen - 84] = 0xff;
+            res = 1;
+            ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res,
+                key), WC_NO_ERR_TRACE(SIG_VERIFY_E));
+            ExpectIntEQ(res, 0);
+            sig[sigLen - 84] = b;
+        }
+
+        /* Mess up commit hash. */
+        sig[0] ^= 0x80;
+        res = 1;
+        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
+            0);
+        ExpectIntEQ(res, 0);
+        sig[0] ^= 0x80;
+
+        /* Mess up z. */
+        sig[100] ^= 0x80;
+        res = 1;
+        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
+            0);
+        ExpectIntEQ(res, 0);
+        sig[100] ^= 0x80;
+
+        /* Set all indices to 0. */
+        XMEMSET(sig + sigLen - 4, 0, 4);
+        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
+            WC_NO_ERR_TRACE(SIG_VERIFY_E));
+        ExpectIntEQ(res, 0);
+    }
+#endif
+
+    wc_dilithium_free(key);
+    wc_FreeRng(&rng);
+
+    XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(importKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_dilithium_sign_vfy(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    dilithium_key* key;
+    WC_RNG rng;
+    byte msg[64];
+    byte* sig = NULL;
+    word32 sigLen;
+    byte ctx[10];
+    int res;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(sig);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    XMEMSET(msg, 0xAA, sizeof(msg));
+    XMEMSET(ctx, 0x01, sizeof(ctx));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_msg(ctx, sizeof(ctx), msg, sizeof(msg),
+        sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, sizeof(ctx), msg,
+        sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_hash(ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    wc_dilithium_free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_msg(ctx, sizeof(ctx), msg, sizeof(msg),
+        sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, sizeof(ctx), msg,
+        sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_hash(ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    wc_dilithium_free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_msg(ctx, sizeof(ctx), msg, sizeof(msg),
+        sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, sizeof(ctx), msg,
+        sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    sigLen = DILITHIUM_MAX_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_ctx_hash(ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), sig, &sigLen, key, &rng), 0);
+    ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, sizeof(ctx),
+        WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), &res, key), 0);
+    ExpectIntEQ(res, 1);
+
+    wc_dilithium_free(key);
+#endif
+
+    wc_FreeRng(&rng);
+    XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_dilithium_check_key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    defined(WOLFSSL_DILITHIUM_CHECK_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
+    dilithium_key* checkKey;
+    WC_RNG rng;
+    byte* privCheckKey = NULL;
+    word32 privCheckKeyLen = DILITHIUM_MAX_KEY_SIZE;
+    byte* pubCheckKey = NULL;
+    word32 pubCheckKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
+
+    checkKey = (dilithium_key*)XMALLOC(sizeof(*checkKey), NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(checkKey);
+    privCheckKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(privCheckKey);
+    pubCheckKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(pubCheckKey);
+
+    if (checkKey != NULL) {
+        XMEMSET(checkKey, 0, sizeof(*checkKey));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectIntEQ(wc_dilithium_check_key(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_dilithium_init(checkKey), 0);
+
+    ExpectIntEQ(wc_dilithium_export_key(NULL, privCheckKey,
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+        privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+        privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_87), 0);
+#endif
+    ExpectIntEQ(wc_dilithium_make_key(checkKey, &rng), 0);
+
+    ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, NULL, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(NULL, privCheckKey, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, &privCheckKeyLen, NULL,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, pubCheckKey, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, NULL,
+        &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(NULL     , privCheckKey,
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, NULL        ,
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
+        NULL            , pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
+        &privCheckKeyLen, NULL       , &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
+        &privCheckKeyLen, pubCheckKey, NULL           ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey,
+        &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), 0);
+
+    /* Modify hash. */
+    if ((pubCheckKey != NULL) && EXPECT_SUCCESS()) {
+        pubCheckKey[0] ^= 0x80;
+        ExpectIntEQ(wc_dilithium_import_key(NULL, 0, NULL, 0, NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey, 0, NULL, 0, NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(NULL, 0, pubCheckKey, 0, NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(NULL, 0, NULL, 0, checkKey),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(NULL        ,
+            privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+            0              , pubCheckKey, pubCheckKeyLen, checkKey),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+            privCheckKeyLen, NULL       , pubCheckKeyLen, checkKey),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+            privCheckKeyLen, pubCheckKey, 0             , checkKey),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+            privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL     ),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+            privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), 0);
+        ExpectIntEQ(wc_dilithium_check_key(checkKey), WC_NO_ERR_TRACE(PUBLIC_KEY_E));
+        pubCheckKey[0] ^= 0x80;
+
+        /* Modify encoded t1. */
+        pubCheckKey[48] ^= 0x80;
+        ExpectIntEQ(wc_dilithium_import_key(privCheckKey,
+            privCheckKeyLen,pubCheckKey, pubCheckKeyLen, checkKey), 0);
+        ExpectIntEQ(wc_dilithium_check_key(checkKey), WC_NO_ERR_TRACE(PUBLIC_KEY_E));
+        pubCheckKey[48] ^= 0x80;
+    }
+
+    wc_dilithium_free(checkKey);
+    wc_FreeRng(&rng);
+
+    XFREE(pubCheckKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(privCheckKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(checkKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
+static const unsigned char ml_dsa_public_der[] = {
+#ifndef WOLFSSL_NO_ML_DSA_44
+        0x30, 0x82, 0x05, 0x32, 0x30, 0x0d, 0x06, 0x09,
+        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03,
+        0x11, 0x03, 0x82, 0x05, 0x21, 0x00,
+        0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48,
+        0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16,
+        0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64,
+        0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7,
+        0x23, 0x0A, 0x19, 0xD7, 0x5A, 0xDB, 0xDE, 0xD5,
+        0x2D, 0xB8, 0x55, 0xE2, 0x52, 0xA7, 0x19, 0xFC,
+        0xBD, 0x14, 0x7B, 0xA6, 0x7B, 0x2F, 0xAD, 0x14,
+        0xED, 0x0E, 0x68, 0xFD, 0xFE, 0x8C, 0x65, 0xBA,
+        0xDE, 0xAC, 0xB0, 0x91, 0x11, 0x93, 0xAD, 0xFA,
+        0x87, 0x94, 0xD7, 0x8F, 0x8E, 0x3D, 0x66, 0x2A,
+        0x1C, 0x49, 0xDA, 0x81, 0x9F, 0xD9, 0x59, 0xE7,
+        0xF0, 0x78, 0xF2, 0x03, 0xC4, 0x56, 0xF8, 0xB6,
+        0xE7, 0xC9, 0x41, 0x58, 0x98, 0xE5, 0x41, 0xC7,
+        0x30, 0x32, 0xDB, 0xD6, 0x19, 0xEA, 0xF6, 0x0F,
+        0x8D, 0x64, 0xF8, 0x68, 0x3D, 0xA9, 0x9E, 0xCA,
+        0x51, 0x22, 0x0B, 0x0A, 0xCA, 0x28, 0x46, 0x40,
+        0x99, 0xF5, 0x47, 0xC0, 0x27, 0x77, 0xBD, 0x37,
+        0xD8, 0x4A, 0x59, 0xBD, 0x37, 0xED, 0x7A, 0x8A,
+        0x92, 0x63, 0x3C, 0x75, 0xD0, 0x7C, 0x79, 0x3F,
+        0xE7, 0x25, 0x2B, 0x58, 0x4A, 0xBF, 0x6A, 0x15,
+        0xEE, 0x14, 0x50, 0x7E, 0x5E, 0x19, 0x3F, 0x89,
+        0x86, 0x4D, 0x09, 0xAC, 0x87, 0x27, 0xA6, 0xD0,
+        0x42, 0x1F, 0x0C, 0x19, 0xF0, 0xE2, 0xFB, 0xFC,
+        0x21, 0x3D, 0x3F, 0xBD, 0x70, 0xF4, 0xF9, 0x76,
+        0x2C, 0xEC, 0xFF, 0x23, 0x1E, 0x9C, 0x8A, 0x76,
+        0x28, 0xD3, 0xF8, 0xB0, 0x85, 0x7B, 0x03, 0x2D,
+        0x32, 0xDE, 0x62, 0xFF, 0x8E, 0xCB, 0xF4, 0x00,
+        0x82, 0x89, 0xBF, 0x34, 0x40, 0x36, 0x65, 0xF8,
+        0x1A, 0x08, 0x1A, 0xD5, 0xA8, 0x5A, 0x28, 0x2F,
+        0x99, 0xBA, 0xB9, 0xE5, 0x38, 0x5A, 0xFB, 0xCC,
+        0xCF, 0x44, 0xB7, 0x4C, 0x01, 0x96, 0xC7, 0x54,
+        0x55, 0x27, 0xEC, 0x30, 0x26, 0xDA, 0x12, 0x80,
+        0xC4, 0xEB, 0x37, 0xD0, 0x9C, 0xFE, 0x3E, 0xC4,
+        0xB4, 0x91, 0x0B, 0x62, 0xEB, 0x98, 0x15, 0xA4,
+        0x25, 0xC6, 0x59, 0x0F, 0xC4, 0xAD, 0x3F, 0xBB,
+        0x22, 0x57, 0x52, 0xCC, 0x1F, 0xC5, 0x69, 0x3F,
+        0x18, 0x7E, 0x7D, 0xEC, 0x4E, 0xEF, 0xBE, 0xB6,
+        0xB9, 0x1B, 0xD9, 0x1C, 0x5E, 0x2E, 0xA6, 0xA9,
+        0x1D, 0x14, 0xD0, 0x97, 0xBE, 0x20, 0x3F, 0xBA,
+        0x0B, 0xF9, 0x37, 0xC9, 0x75, 0x07, 0xDC, 0x00,
+        0x7C, 0x4C, 0xAA, 0x9B, 0x07, 0x85, 0x89, 0x29,
+        0x66, 0xFF, 0x15, 0x90, 0x09, 0x24, 0xE5, 0x79,
+        0xD4, 0xFB, 0xA0, 0x2B, 0xDA, 0x87, 0x55, 0x5F,
+        0x07, 0x3D, 0xAE, 0x00, 0x51, 0x3E, 0x70, 0x80,
+        0x9A, 0xBB, 0xC7, 0x11, 0xFB, 0xA2, 0xE7, 0x64,
+        0x95, 0x77, 0xC4, 0x2A, 0xFD, 0xC2, 0x4B, 0xF7,
+        0x41, 0x3E, 0x51, 0x26, 0x8A, 0xD6, 0xDB, 0x61,
+        0x13, 0xB7, 0xD9, 0x19, 0x1A, 0xF9, 0xD0, 0x61,
+        0xDB, 0xDE, 0xD5, 0xD6, 0x30, 0x87, 0x76, 0x50,
+        0xC1, 0x24, 0xF1, 0x1B, 0xC4, 0xBD, 0xC3, 0xFD,
+        0xC6, 0xA9, 0x00, 0xF6, 0x31, 0x26, 0xF9, 0x21,
+        0xE8, 0x38, 0xAD, 0x0C, 0x22, 0x75, 0xA3, 0x38,
+        0x9A, 0x39, 0xBD, 0x99, 0xA1, 0x34, 0x50, 0x45,
+        0x50, 0x10, 0x1C, 0xD3, 0xE9, 0x5E, 0x6D, 0x14,
+        0x96, 0xBE, 0x7D, 0xE6, 0x62, 0x7D, 0xF4, 0xFD,
+        0x6C, 0x28, 0xBB, 0xF4, 0x0B, 0x30, 0xEF, 0xA9,
+        0xB5, 0xC3, 0xD5, 0xC8, 0x5A, 0xB1, 0x4A, 0x65,
+        0xC0, 0x2D, 0x6D, 0x47, 0x81, 0xFF, 0x13, 0xD3,
+        0x28, 0x60, 0x85, 0x54, 0xB6, 0xD1, 0x5E, 0xD9,
+        0x12, 0x89, 0xA6, 0xD5, 0x5A, 0xAC, 0x0C, 0x38,
+        0xE3, 0x77, 0x06, 0xF7, 0x35, 0x5E, 0x9A, 0x4F,
+        0xDA, 0x61, 0x5B, 0x87, 0x59, 0x26, 0xBF, 0xE5,
+        0xA5, 0x9D, 0x9E, 0xF2, 0x73, 0xBF, 0x94, 0xA0,
+        0x7C, 0xFA, 0x57, 0x31, 0x78, 0xF0, 0xE0, 0x04,
+        0xB6, 0xE1, 0xEF, 0x0A, 0x83, 0x49, 0xE9, 0xBC,
+        0xC0, 0x19, 0x81, 0xF2, 0x46, 0x0F, 0x0A, 0x27,
+        0x43, 0xC2, 0x8D, 0x1E, 0x13, 0x8F, 0xFB, 0x76,
+        0x5E, 0x7E, 0x33, 0x97, 0xB7, 0x91, 0x33, 0x35,
+        0xD4, 0x02, 0xFE, 0x91, 0x80, 0x6A, 0xA8, 0xFC,
+        0x81, 0x92, 0x53, 0xAF, 0x32, 0x69, 0x2F, 0xA6,
+        0x51, 0xE8, 0x67, 0xF5, 0x90, 0x7E, 0xF4, 0x6F,
+        0x00, 0x62, 0x5A, 0x03, 0x0E, 0xC9, 0x04, 0xED,
+        0xAB, 0x21, 0x42, 0x6D, 0x59, 0x11, 0x9D, 0x2C,
+        0xAA, 0x43, 0xBD, 0x93, 0x5D, 0xEC, 0x0A, 0x55,
+        0x0C, 0x61, 0xEE, 0x4B, 0x27, 0x9C, 0x1C, 0xA3,
+        0xA7, 0x9C, 0x79, 0xA6, 0x6E, 0x3F, 0x2D, 0x2F,
+        0xAD, 0xB0, 0x0F, 0x59, 0xA3, 0xA4, 0x38, 0xAA,
+        0x44, 0x57, 0x01, 0x06, 0x07, 0x30, 0x17, 0xFA,
+        0x1C, 0x87, 0x57, 0x50, 0x01, 0x09, 0x72, 0x0D,
+        0x12, 0x5B, 0xBA, 0x23, 0x1A, 0x0C, 0x36, 0x35,
+        0x0C, 0x78, 0x08, 0x6D, 0xFD, 0xC8, 0xD6, 0x13,
+        0xAE, 0xCA, 0x88, 0xC4, 0xCC, 0xAE, 0xB4, 0xA4,
+        0x4D, 0x13, 0xAD, 0xB3, 0xC7, 0x17, 0xD6, 0x5C,
+        0x82, 0xA3, 0x51, 0xB9, 0xB6, 0xEA, 0xBF, 0x6A,
+        0x10, 0xF4, 0xB4, 0xE9, 0x62, 0x3E, 0x3A, 0x95,
+        0xB4, 0xD4, 0x0A, 0x12, 0xA8, 0x18, 0xAC, 0x6B,
+        0x38, 0x22, 0xDB, 0x82, 0xFB, 0x05, 0xDC, 0x42,
+        0x02, 0x64, 0x8B, 0x44, 0x54, 0x68, 0x9A, 0xEB,
+        0x69, 0xEA, 0x32, 0x5F, 0x03, 0xE3, 0x5D, 0xEF,
+        0xA5, 0x47, 0x08, 0x48, 0x14, 0x20, 0xC6, 0xD6,
+        0x97, 0xBB, 0x91, 0x2F, 0xCA, 0x0D, 0x3F, 0x19,
+        0x2E, 0xF2, 0x97, 0xDF, 0xE7, 0x7F, 0xF3, 0x6B,
+        0x21, 0x03, 0xF1, 0xAD, 0x1A, 0xEE, 0xCE, 0xD1,
+        0xC8, 0x14, 0xC2, 0xCD, 0x7E, 0xF1, 0x6B, 0xCE,
+        0x47, 0x6A, 0xD0, 0x4F, 0x94, 0x1A, 0xFC, 0x79,
+        0xE3, 0x29, 0x54, 0x74, 0xA4, 0x10, 0x62, 0x51,
+        0x8C, 0x00, 0x37, 0x86, 0x09, 0x34, 0xF0, 0xE5,
+        0xE6, 0x52, 0xF7, 0x27, 0x49, 0xA6, 0x98, 0x63,
+        0x2A, 0x09, 0x91, 0xF6, 0x13, 0xF5, 0xCB, 0x96,
+        0xCA, 0x11, 0x78, 0xF9, 0x74, 0xF2, 0xC4, 0xAA,
+        0x0C, 0xE6, 0x3D, 0xC2, 0x4E, 0x36, 0x4C, 0x92,
+        0xA6, 0x43, 0xB9, 0x0A, 0x5F, 0x85, 0xA6, 0x2F,
+        0xD4, 0xD8, 0xD2, 0xB1, 0x93, 0xD2, 0x9B, 0x18,
+        0xBE, 0xDE, 0x26, 0x53, 0xFC, 0x5D, 0x3F, 0x24,
+        0xF5, 0xB2, 0xC0, 0x18, 0xDB, 0xBC, 0xB6, 0xEF,
+        0x00, 0xF3, 0x05, 0xBF, 0x93, 0x66, 0x6B, 0xD4,
+        0x7F, 0xEA, 0x91, 0x93, 0xBC, 0x23, 0x3D, 0xB3,
+        0x91, 0x21, 0x44, 0x2E, 0x93, 0x8D, 0xA5, 0xDD,
+        0x07, 0xEE, 0x6E, 0x87, 0x9C, 0x5B, 0x9D, 0xFF,
+        0x41, 0xEC, 0xEE, 0x5E, 0x05, 0x89, 0xAE, 0x61,
+        0x75, 0xFF, 0x5E, 0xC6, 0xF6, 0xD2, 0x62, 0x9F,
+        0x56, 0xB1, 0x8B, 0x4D, 0xE6, 0x6F, 0xCB, 0x13,
+        0xDF, 0x04, 0x00, 0xA7, 0x97, 0xC9, 0x22, 0x70,
+        0xF6, 0x9B, 0xDE, 0xBD, 0xDC, 0xB8, 0x8C, 0x42,
+        0x48, 0x91, 0x9B, 0x56, 0xCD, 0xA7, 0x0B, 0x8A,
+        0xC4, 0xF9, 0x42, 0x9C, 0x29, 0x2D, 0xA9, 0x4D,
+        0x64, 0x78, 0x28, 0x07, 0x64, 0xFE, 0x23, 0x86,
+        0xFC, 0x38, 0xCB, 0x09, 0x31, 0x45, 0x88, 0x39,
+        0xEF, 0x4E, 0x7D, 0xE8, 0xF0, 0x68, 0x9D, 0x99,
+        0x80, 0x59, 0x88, 0xC7, 0xF9, 0x61, 0x11, 0x85,
+        0x2C, 0x89, 0x29, 0xE5, 0xA5, 0x40, 0xD3, 0xB7,
+        0x8D, 0x71, 0x2D, 0xEC, 0xC3, 0x96, 0xFE, 0xF3,
+        0xEC, 0x34, 0x40, 0x21, 0x84, 0xE4, 0xFD, 0x29,
+        0xF3, 0x63, 0xEA, 0x80, 0xF6, 0xFC, 0x50, 0xBA,
+        0x9A, 0x11, 0x35, 0x1A, 0xCE, 0xEA, 0x8F, 0xE6,
+        0x8D, 0x54, 0x1E, 0x1A, 0xA5, 0x84, 0x8D, 0x9F,
+        0x6E, 0x61, 0xDF, 0xB6, 0x2B, 0x2F, 0x23, 0xBC,
+        0x50, 0x81, 0xE8, 0x2F, 0x76, 0x22, 0x6E, 0x03,
+        0x28, 0x49, 0x82, 0xEC, 0x48, 0x48, 0x12, 0x09,
+        0xB1, 0xA7, 0xD4, 0xC8, 0x79, 0x7E, 0x44, 0xBF,
+        0xA8, 0x70, 0xB2, 0x20, 0x04, 0xDB, 0x74, 0xBD,
+        0x7D, 0x47, 0x8D, 0x5B, 0x36, 0x14, 0xD2, 0xB1,
+        0xDA, 0x75, 0x02, 0xB3, 0x98, 0xEB, 0x9D, 0xA8,
+        0x0D, 0x06, 0x46, 0x1E, 0x90, 0xE0, 0x30, 0x60,
+        0x44, 0x6A, 0xB4, 0xA8, 0x23, 0x84, 0x32, 0xBF,
+        0xAF, 0x75, 0x2F, 0x39, 0x17, 0x91, 0x21, 0x4F,
+        0x1E, 0x6B, 0x63, 0x59, 0x0D, 0x53, 0x60, 0x60,
+        0xD1, 0xC2, 0x45, 0x30, 0x7B, 0xC5, 0xC1, 0xBA,
+        0xC4, 0xAA, 0xA0, 0x99, 0xD3, 0x6B, 0xB6, 0xDC,
+        0xBC, 0x97, 0x3C, 0xF2, 0xE6, 0x9F, 0x27, 0x34,
+        0xD0, 0xF2, 0x9A, 0xEE, 0xC4, 0x56, 0x7B, 0x99,
+        0xA1, 0x6B, 0xC1, 0x7C, 0x6C, 0xDD, 0xAC, 0xEF,
+        0xE4, 0x99, 0x27, 0xFB, 0x14, 0xE7, 0xD9, 0x8D,
+        0xD4, 0x26, 0x35, 0x19, 0x46, 0x9C, 0xCA, 0x3D,
+        0xB4, 0x67, 0x9A, 0x68, 0xCE, 0xED, 0xA9, 0x55,
+        0x59, 0x22, 0x10, 0xFC, 0x49, 0xAA, 0x5F, 0xBE,
+        0x93, 0x4C, 0xC7, 0x3D, 0x84, 0xE4, 0xBA, 0x54,
+        0x78, 0x00, 0x2D, 0x68, 0x90, 0x98, 0x90, 0x68,
+        0xEF, 0x8F, 0xC9, 0x8C, 0x25, 0x32, 0xB8, 0x3B,
+        0xF3, 0xCB, 0x9E, 0xF0, 0x28, 0x93, 0xC2, 0x15,
+        0x24, 0x26, 0xB9, 0xD1, 0xA9, 0x47, 0x34, 0xDF,
+        0xB4, 0xF9, 0x11, 0x35, 0x14, 0x3C, 0x9E, 0xED,
+        0x18, 0xFD, 0x51, 0xAE, 0x87, 0x5D, 0x07, 0xA2,
+        0x37, 0x75, 0x60, 0x6A, 0x73, 0x4F, 0xBA, 0x98,
+        0xC0, 0x63, 0xB4, 0xA1, 0x62, 0x2E, 0x7F, 0xF2,
+        0x1A, 0xA7, 0xE6, 0x52, 0xA3, 0xD6, 0xC1, 0x9F,
+        0xE0, 0xDC, 0x67, 0x61, 0xB7, 0xD3, 0x53, 0x02,
+        0xBF, 0x21, 0x4D, 0x30, 0x79, 0xF7, 0x60, 0x51,
+        0x08, 0x2A, 0x87, 0x59, 0x29, 0x92, 0x0D, 0xC3,
+        0xB3, 0xCB, 0x43, 0x21, 0x1A, 0x23, 0xA4, 0x3A,
+        0x50, 0x33, 0x2F, 0xAF, 0x1A, 0xC2, 0x19, 0x1E,
+        0x71, 0x71, 0x25, 0xF6, 0x3E, 0x25, 0x86, 0xC4,
+        0xD8, 0x6D, 0xCA, 0x6B, 0xCD, 0x3D, 0x03, 0x8F,
+        0x9D, 0x3A, 0x7B, 0x66, 0xCB, 0xC7, 0xDF, 0x34
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+        0x30, 0x82, 0x07, 0xb2, 0x30, 0x0d, 0x06, 0x09,
+        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03,
+        0x12, 0x03, 0x82, 0x07, 0xa1, 0x00,
+        0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35,
+        0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52,
+        0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC,
+        0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C,
+        0xBB, 0x11, 0x19, 0x23, 0xF1, 0x94, 0xA7, 0xCC,
+        0x8A, 0x7B, 0xB2, 0xEB, 0xC5, 0xC0, 0xE7, 0x1A,
+        0xA6, 0x37, 0xCC, 0x80, 0x0E, 0x61, 0x03, 0xB8,
+        0x50, 0xA5, 0x39, 0xB2, 0xA3, 0x9E, 0x1B, 0x6D,
+        0x71, 0x3E, 0x5D, 0xB8, 0x31, 0x4C, 0x9A, 0xE1,
+        0xF8, 0xBF, 0x8A, 0x38, 0xF0, 0x6A, 0xFB, 0x9D,
+        0x73, 0xB1, 0x61, 0xB0, 0xFF, 0xE3, 0xA4, 0x89,
+        0x17, 0x06, 0xAE, 0x26, 0xD5, 0x4F, 0xFB, 0x49,
+        0x6D, 0xF8, 0xDC, 0x0F, 0x19, 0x83, 0x50, 0x95,
+        0x00, 0xC9, 0xAB, 0xBD, 0x28, 0xE5, 0x9B, 0x3F,
+        0xCD, 0xAB, 0xBD, 0xAD, 0xAB, 0xD4, 0x5E, 0xC3,
+        0x14, 0x99, 0x37, 0x8B, 0xDE, 0x84, 0x9E, 0x7C,
+        0x1F, 0x19, 0xB7, 0x04, 0x4D, 0x67, 0xE0, 0x51,
+        0x06, 0xD7, 0x13, 0x6D, 0x95, 0x38, 0x0D, 0x56,
+        0x05, 0xD4, 0x46, 0x5D, 0x87, 0x75, 0x57, 0x06,
+        0x5D, 0xF0, 0xA7, 0x5D, 0x3C, 0x28, 0x54, 0x2F,
+        0x40, 0xFE, 0xED, 0x42, 0xEC, 0x7E, 0x28, 0x06,
+        0x37, 0xB0, 0x83, 0xD9, 0x88, 0xBC, 0xA5, 0xF6,
+        0x39, 0x4E, 0x02, 0x39, 0x6C, 0x46, 0x76, 0x18,
+        0x4F, 0xB6, 0x33, 0x18, 0xDA, 0xFA, 0xF5, 0xBB,
+        0xDD, 0xE0, 0x0E, 0x30, 0x8F, 0xE8, 0x40, 0x19,
+        0xC2, 0x34, 0x0A, 0x3F, 0x3E, 0x1C, 0x08, 0x65,
+        0x62, 0x49, 0x70, 0x71, 0x12, 0x83, 0x35, 0x6A,
+        0xE1, 0x4B, 0xD6, 0xB9, 0x4D, 0x1C, 0x9A, 0xE1,
+        0x88, 0xDE, 0x1A, 0x8A, 0x2C, 0xA8, 0x24, 0xA8,
+        0xEA, 0xE2, 0xFE, 0x6A, 0xFB, 0x38, 0xD8, 0x3A,
+        0x2D, 0x99, 0x99, 0x6A, 0xB2, 0x1F, 0xE3, 0xE8,
+        0x4C, 0x0B, 0xE6, 0xB6, 0xDA, 0x08, 0x87, 0x9B,
+        0x67, 0x73, 0x74, 0xFA, 0x7C, 0x69, 0x1B, 0x13,
+        0xD4, 0x0F, 0xA9, 0xD4, 0xCC, 0x26, 0xB2, 0x28,
+        0x8D, 0x5A, 0x8C, 0x9A, 0x43, 0x72, 0x43, 0x81,
+        0x00, 0x4D, 0x61, 0xB0, 0xD5, 0x7F, 0xF4, 0x00,
+        0x31, 0x4C, 0x8E, 0x30, 0xEE, 0x79, 0x6A, 0xF1,
+        0x0F, 0x7E, 0xE2, 0x1B, 0xF1, 0x3D, 0x08, 0x18,
+        0x04, 0x65, 0xAB, 0xC7, 0x2E, 0xDD, 0xB0, 0x80,
+        0xC6, 0xA0, 0x71, 0x84, 0xE3, 0xEE, 0xDC, 0x47,
+        0xC1, 0x9A, 0xA7, 0xF0, 0x9D, 0x1F, 0x33, 0x09,
+        0xE1, 0x83, 0xA2, 0xBD, 0x9B, 0x05, 0x73, 0xDD,
+        0xE4, 0x74, 0xA8, 0x1B, 0xA4, 0xF7, 0x8D, 0x0C,
+        0x52, 0x3D, 0x0C, 0x04, 0xF9, 0x00, 0x60, 0xFD,
+        0x57, 0x1A, 0x35, 0xC0, 0x37, 0xE0, 0x79, 0xC5,
+        0xE2, 0x10, 0xD7, 0x39, 0x0D, 0xF5, 0x68, 0xF2,
+        0xE2, 0xF0, 0x3C, 0xE4, 0x44, 0x20, 0xC8, 0x2F,
+        0x3F, 0xE6, 0x9E, 0xB9, 0xB4, 0x8E, 0xE9, 0x09,
+        0x62, 0xD6, 0xB0, 0xF2, 0x44, 0x40, 0x64, 0x8F,
+        0x71, 0xED, 0xB2, 0x41, 0xEE, 0x65, 0x66, 0xFC,
+        0x1A, 0x64, 0xCA, 0xBF, 0x66, 0xBE, 0x6F, 0xEC,
+        0xBC, 0xB1, 0x38, 0x7C, 0x82, 0xA7, 0xBC, 0x20,
+        0x2D, 0x9E, 0x36, 0x79, 0x98, 0xE2, 0xA2, 0x91,
+        0xAF, 0x0C, 0xD1, 0x57, 0x06, 0x77, 0xFE, 0x8D,
+        0x63, 0xA3, 0x28, 0x5A, 0x2E, 0xA6, 0xEB, 0x29,
+        0xAF, 0x9D, 0xC1, 0xAE, 0xC1, 0xC3, 0x6C, 0x47,
+        0x06, 0xB1, 0x2B, 0xAA, 0x20, 0x83, 0x96, 0x92,
+        0xF2, 0x86, 0xA6, 0xE0, 0x32, 0x14, 0x68, 0xF7,
+        0x47, 0x93, 0x45, 0xC4, 0xD5, 0x2F, 0xBD, 0xB2,
+        0xF0, 0x67, 0x25, 0xB5, 0x54, 0xB8, 0x9E, 0x24,
+        0x92, 0x61, 0x26, 0x81, 0xAC, 0xEB, 0xC6, 0xC7,
+        0xBA, 0xDA, 0x92, 0x25, 0x81, 0x8D, 0xBC, 0x35,
+        0xD6, 0x4C, 0x22, 0xC4, 0x8B, 0xFF, 0x80, 0xA7,
+        0x30, 0xD0, 0x71, 0x6D, 0xFA, 0xC9, 0x9D, 0xFD,
+        0x5B, 0x89, 0x92, 0x61, 0x1D, 0x0C, 0x93, 0xEE,
+        0x90, 0xBD, 0xB2, 0x60, 0x02, 0x2A, 0xFE, 0x25,
+        0xD9, 0x13, 0xE0, 0x6E, 0xFF, 0xB5, 0x9C, 0xB1,
+        0xF8, 0xA6, 0x0C, 0xBF, 0xA5, 0xAB, 0x2F, 0x45,
+        0x9A, 0x16, 0xF4, 0x67, 0xE9, 0x89, 0x52, 0x5E,
+        0x0A, 0x37, 0xEB, 0xE5, 0x6E, 0x83, 0x3F, 0xDE,
+        0x55, 0xDB, 0x9D, 0x15, 0x30, 0xAD, 0xCF, 0x45,
+        0x84, 0x6D, 0xF2, 0x81, 0xE4, 0x7C, 0xAA, 0x1E,
+        0x0A, 0x27, 0xEF, 0xDE, 0x21, 0x07, 0xD3, 0x54,
+        0xCE, 0xA0, 0xF6, 0xA4, 0x54, 0x69, 0x2F, 0x04,
+        0xCD, 0x83, 0x8E, 0xBD, 0xD4, 0x6E, 0x19, 0x1E,
+        0x5D, 0x9C, 0x11, 0x83, 0x9A, 0x2C, 0x3F, 0x48,
+        0x8A, 0x4F, 0xC7, 0xCD, 0x26, 0x5A, 0x7B, 0x5D,
+        0x32, 0xB0, 0x8C, 0xBD, 0xBF, 0xAB, 0x9D, 0x2C,
+        0xCD, 0x76, 0x22, 0x2C, 0x8E, 0xE3, 0x7D, 0xDC,
+        0xBD, 0x2A, 0xA0, 0x63, 0xED, 0x86, 0x14, 0x73,
+        0xA6, 0x45, 0x4C, 0xAE, 0xA3, 0x77, 0x85, 0x0B,
+        0x1A, 0x2B, 0x9D, 0xDB, 0xBC, 0xB3, 0x74, 0xFA,
+        0xB5, 0xB1, 0x2F, 0x35, 0x1C, 0x8E, 0x58, 0x88,
+        0x87, 0x2E, 0x5C, 0xD1, 0xF6, 0x0A, 0x4F, 0xAE,
+        0x1F, 0xF8, 0x37, 0xD1, 0x92, 0xC2, 0x2B, 0xEB,
+        0x41, 0xEE, 0x6F, 0xA3, 0x92, 0xFC, 0xDF, 0x45,
+        0x50, 0xFF, 0x46, 0xB5, 0xCE, 0x90, 0x6D, 0x01,
+        0x7E, 0xF3, 0x07, 0x7D, 0xF1, 0x32, 0x30, 0x0D,
+        0x8B, 0xBF, 0xA9, 0xBB, 0x03, 0xC7, 0x5E, 0x79,
+        0xE2, 0xF0, 0x4C, 0x28, 0x4A, 0xD0, 0x6A, 0x44,
+        0x39, 0x96, 0x49, 0xC3, 0xE2, 0xA2, 0xA8, 0xD1,
+        0xEF, 0xE9, 0xB7, 0xA4, 0xE0, 0xC2, 0x71, 0x04,
+        0x7A, 0xB7, 0x59, 0x08, 0xBF, 0xF7, 0xDF, 0x9E,
+        0x30, 0xEC, 0xA5, 0x47, 0x74, 0x5B, 0xAE, 0x23,
+        0xA8, 0x6F, 0xF9, 0xA8, 0xB5, 0x8C, 0x25, 0x38,
+        0xB8, 0x8B, 0x86, 0x64, 0x01, 0x07, 0x69, 0x02,
+        0xDC, 0x5F, 0x0B, 0xD7, 0x61, 0x68, 0x7B, 0x49,
+        0xEA, 0xFE, 0x36, 0xD3, 0x50, 0xCB, 0xED, 0xFD,
+        0xD3, 0x6C, 0x12, 0x1C, 0xF2, 0x37, 0x86, 0xBF,
+        0xCF, 0x7E, 0x47, 0x07, 0x64, 0x96, 0xEA, 0xB6,
+        0xBB, 0xDA, 0x77, 0x40, 0x49, 0xC2, 0xEB, 0xAB,
+        0xE2, 0xDE, 0x99, 0xC4, 0xC2, 0x4F, 0x2D, 0xB7,
+        0x36, 0x84, 0x01, 0x5B, 0x37, 0x39, 0x77, 0x49,
+        0x67, 0x60, 0xCF, 0x9A, 0xC2, 0x3D, 0x8B, 0x62,
+        0x31, 0x33, 0xDB, 0x2D, 0xE1, 0x0D, 0x73, 0xFA,
+        0x6A, 0xD1, 0xC6, 0xDA, 0xC8, 0x43, 0x4F, 0x28,
+        0xC6, 0xE2, 0x51, 0xCE, 0x72, 0x93, 0xCF, 0xF3,
+        0xF3, 0xB6, 0x1E, 0xFC, 0xB5, 0xA4, 0x35, 0x12,
+        0x36, 0x70, 0xF2, 0x98, 0x46, 0xA1, 0x3D, 0xF3,
+        0xEE, 0x71, 0x26, 0x04, 0x46, 0x1F, 0x1B, 0xAB,
+        0x8F, 0x4E, 0xBC, 0x83, 0x6D, 0xE0, 0x58, 0x97,
+        0x8A, 0xE7, 0x34, 0x39, 0x6A, 0x98, 0x08, 0x1B,
+        0x35, 0xCC, 0x98, 0x18, 0x8A, 0x86, 0x94, 0x9C,
+        0x99, 0x27, 0x0D, 0x47, 0x09, 0x85, 0x4C, 0x5B,
+        0x35, 0xB1, 0x7F, 0x48, 0xA3, 0x73, 0x13, 0x4C,
+        0x81, 0x4C, 0xC8, 0xA0, 0xF3, 0xE2, 0xFA, 0x80,
+        0x7F, 0x2A, 0x91, 0x85, 0x30, 0x90, 0x78, 0x64,
+        0x77, 0x82, 0x82, 0xD7, 0x5E, 0x03, 0xA4, 0x1B,
+        0x25, 0x04, 0xEE, 0xD8, 0x16, 0xA4, 0x17, 0xA3,
+        0xAC, 0x6B, 0xA1, 0x60, 0x80, 0xC3, 0x9B, 0x73,
+        0x10, 0x19, 0x20, 0x02, 0xA7, 0x28, 0xF7, 0xF2,
+        0x03, 0x95, 0x00, 0x9A, 0x9E, 0x16, 0x76, 0x7C,
+        0xE1, 0x97, 0x1F, 0x5D, 0xE7, 0xD2, 0x29, 0xA5,
+        0x06, 0x13, 0x36, 0x9E, 0x43, 0x82, 0x04, 0x5A,
+        0x8E, 0x81, 0x90, 0x1F, 0x4D, 0xBA, 0x81, 0x02,
+        0xF3, 0xD4, 0x13, 0xFE, 0x35, 0xB3, 0x26, 0xA8,
+        0x74, 0xF2, 0x33, 0xB7, 0x19, 0xA7, 0x13, 0x76,
+        0x00, 0xD3, 0x5D, 0x33, 0xAE, 0xB6, 0xB7, 0x25,
+        0x96, 0x24, 0x08, 0x3A, 0xA9, 0x68, 0x73, 0x0C,
+        0x8F, 0x78, 0x29, 0x2A, 0xD2, 0x8F, 0x14, 0xEE,
+        0xAB, 0xE6, 0x60, 0x83, 0x59, 0x84, 0xFE, 0x69,
+        0xEF, 0x23, 0xDE, 0xC8, 0xC3, 0x27, 0xC0, 0xEB,
+        0x0B, 0x88, 0x2D, 0x58, 0x7E, 0x1E, 0xC4, 0x33,
+        0xDA, 0x85, 0xC9, 0xFD, 0x1E, 0x0A, 0x34, 0x99,
+        0x4D, 0xEA, 0x24, 0x0C, 0x85, 0x44, 0x52, 0xD1,
+        0x8C, 0x30, 0xF4, 0x96, 0xE4, 0x9E, 0xC9, 0x04,
+        0xB6, 0x02, 0xE0, 0xF5, 0x06, 0x2E, 0xDC, 0xDA,
+        0x03, 0x28, 0x0A, 0x53, 0xB4, 0x31, 0x35, 0x74,
+        0xCC, 0x2C, 0x0D, 0x54, 0x71, 0xBC, 0x96, 0x13,
+        0xBD, 0xFD, 0x66, 0x41, 0xF5, 0xBD, 0x12, 0x7B,
+        0xAB, 0x5B, 0x5E, 0xB3, 0xD4, 0x99, 0xA3, 0x31,
+        0x14, 0x04, 0x82, 0x20, 0xE8, 0x19, 0xF8, 0xEE,
+        0x12, 0xCA, 0x92, 0x2C, 0x8F, 0x17, 0xD9, 0xC9,
+        0xF5, 0x1A, 0xD5, 0xBD, 0x68, 0x83, 0xB1, 0x0E,
+        0x6A, 0xA2, 0x48, 0x3B, 0xA4, 0x9D, 0xC5, 0x47,
+        0xDA, 0x76, 0x86, 0x15, 0x13, 0x44, 0xF4, 0xE9,
+        0x09, 0x9B, 0x38, 0xE4, 0x30, 0xB5, 0x22, 0x6B,
+        0x05, 0x98, 0x32, 0xCF, 0x03, 0xDB, 0x48, 0xFB,
+        0x02, 0xDB, 0xA4, 0xE6, 0x15, 0x93, 0xDC, 0x45,
+        0x76, 0x36, 0x04, 0x91, 0x89, 0x0E, 0x53, 0xEC,
+        0x0E, 0x6A, 0xC7, 0x3C, 0xF3, 0x2B, 0x25, 0xD8,
+        0x23, 0xB3, 0x84, 0x56, 0xE2, 0x86, 0x50, 0x5A,
+        0x54, 0x1E, 0x5A, 0xEE, 0xE9, 0x6B, 0x19, 0x14,
+        0xF5, 0xF7, 0x66, 0x87, 0xCE, 0x2B, 0x01, 0x60,
+        0x22, 0x7A, 0xBE, 0xD7, 0x79, 0x93, 0x59, 0x4B,
+        0xCD, 0x83, 0x13, 0x66, 0x20, 0x6D, 0x75, 0x71,
+        0x40, 0x82, 0xF1, 0xC4, 0x6F, 0x1F, 0x44, 0x39,
+        0xAC, 0x81, 0xA5, 0x7A, 0xF3, 0x1C, 0x81, 0xC5,
+        0x55, 0x30, 0x7A, 0x07, 0x0F, 0xFA, 0x94, 0xE0,
+        0x47, 0x9B, 0x78, 0x4B, 0xBD, 0x88, 0xA6, 0x0C,
+        0xD4, 0xC7, 0xCF, 0xD9, 0x4E, 0x6A, 0xFE, 0x02,
+        0xF6, 0xB2, 0x1F, 0x72, 0xAF, 0x0D, 0xCD, 0x66,
+        0x09, 0xD4, 0x0C, 0x96, 0x5C, 0x14, 0xE5, 0xF2,
+        0x38, 0x91, 0x83, 0xE5, 0x3D, 0xE9, 0x30, 0xF7,
+        0xDE, 0x1D, 0x44, 0x21, 0x5C, 0xF4, 0x91, 0x44,
+        0x84, 0x4E, 0x8B, 0x87, 0xF7, 0x8A, 0x7F, 0x13,
+        0x2A, 0xEF, 0xE2, 0x2B, 0xE8, 0x0B, 0x4E, 0x3A,
+        0x05, 0xEE, 0x3A, 0x68, 0xCC, 0xF6, 0x09, 0xEF,
+        0x44, 0x04, 0x74, 0x02, 0xE4, 0x49, 0x30, 0x46,
+        0xE6, 0xF9, 0xC7, 0x67, 0xFF, 0x8A, 0x75, 0xE2,
+        0x8B, 0x3C, 0xE0, 0x77, 0xFD, 0xE7, 0xE7, 0xEE,
+        0xD3, 0x13, 0xB5, 0xBF, 0x7E, 0x46, 0x01, 0x27,
+        0xCA, 0x81, 0x82, 0xE9, 0xBC, 0x79, 0x4C, 0x0D,
+        0xFA, 0x73, 0x0F, 0xB9, 0x20, 0x08, 0x05, 0x75,
+        0xA7, 0x51, 0xB5, 0xCA, 0xEC, 0x85, 0xA1, 0x09,
+        0xB4, 0x42, 0x2B, 0xA2, 0x66, 0x74, 0x3F, 0x0D,
+        0x03, 0x2B, 0xDA, 0x8F, 0x1C, 0xA6, 0x24, 0x8C,
+        0xDB, 0x91, 0x75, 0x30, 0xDF, 0x13, 0x02, 0xA5,
+        0xF8, 0xC1, 0x8D, 0xC6, 0x42, 0xD5, 0x24, 0x78,
+        0xC9, 0x8C, 0x12, 0xA3, 0xF1, 0x6E, 0xF2, 0xB6,
+        0x2B, 0x4F, 0x59, 0xEA, 0x1B, 0xB5, 0x8D, 0xE7,
+        0xB6, 0x5B, 0x3C, 0x71, 0x53, 0xCE, 0x6D, 0xA5,
+        0xE4, 0x95, 0x07, 0x46, 0xF8, 0x0E, 0x08, 0x7A,
+        0x0E, 0x35, 0x86, 0xD0, 0x97, 0x79, 0x1B, 0xF3,
+        0x6D, 0xEF, 0x86, 0x5D, 0x68, 0x59, 0x1D, 0x39,
+        0xD0, 0x90, 0x37, 0x73, 0xEE, 0xA9, 0x62, 0x14,
+        0x7F, 0x34, 0x70, 0x41, 0x38, 0xB5, 0x4D, 0xF7,
+        0x92, 0x4C, 0xDD, 0x8C, 0x33, 0x3D, 0xB5, 0xE1,
+        0xA4, 0x09, 0xCC, 0xB2, 0xB3, 0x4E, 0x2C, 0x3C,
+        0x8C, 0x7F, 0xDD, 0x3F, 0xD8, 0xD0, 0x12, 0xCB,
+        0xF3, 0x82, 0xAA, 0xA8, 0x5E, 0x83, 0xA1, 0x2F,
+        0x23, 0x5A, 0x2D, 0x14, 0x7D, 0x03, 0x5B, 0x7B,
+        0x28, 0xB3, 0x4B, 0x6F, 0x57, 0x94, 0x9F, 0x32,
+        0x24, 0x82, 0xA7, 0xD4, 0xD3, 0xB1, 0x50, 0x45,
+        0xC4, 0x20, 0xD5, 0xAD, 0xDC, 0x7F, 0x0E, 0x69,
+        0xB4, 0xDC, 0x1C, 0xBA, 0x58, 0xB0, 0x1D, 0x87,
+        0x24, 0x80, 0xB0, 0x6A, 0x26, 0x0D, 0x82, 0x7D,
+        0x89, 0x1B, 0x13, 0xC4, 0xC5, 0xCA, 0x50, 0xC7,
+        0x48, 0xDE, 0x3C, 0x77, 0x1B, 0xE6, 0x1E, 0x9A,
+        0xA1, 0x70, 0x16, 0x5C, 0xB0, 0x1F, 0x4B, 0xF5,
+        0xDA, 0x27, 0xA7, 0x79, 0x1D, 0x3A, 0xD3, 0xF6,
+        0x26, 0x7B, 0x4C, 0xB4, 0xE6, 0x1B, 0x28, 0xFA,
+        0x17, 0x08, 0x41, 0x8D, 0x93, 0x2D, 0xFC, 0x41,
+        0x61, 0x88, 0x0C, 0x5D, 0x3B, 0x17, 0xA9, 0x66,
+        0x3A, 0x90, 0x61, 0xFA, 0x8F, 0x18, 0x04, 0x31,
+        0x58, 0x50, 0xFE, 0x4E, 0x73, 0x06, 0xC8, 0x82,
+        0xB3, 0x82, 0x27, 0xE8, 0x67, 0xF8, 0x08, 0x72,
+        0xCD, 0xC1, 0x94, 0x4D, 0x47, 0x26, 0x15, 0xEA,
+        0x49, 0x00, 0xEF, 0x7D, 0x27, 0x0B, 0x88, 0x1D,
+        0x41, 0x30, 0xF5, 0x6C, 0x5C, 0xC9, 0x80, 0xD9,
+        0x2A, 0x47, 0xAD, 0xA6, 0x65, 0x7E, 0xB6, 0xF3,
+        0x7A, 0x38, 0x5D, 0x2D, 0x8C, 0xC9, 0x93, 0xE1,
+        0x44, 0x2E, 0xB0, 0x52, 0x81, 0x85, 0x36, 0x36,
+        0x99, 0x1E, 0x34, 0xAA, 0xDC, 0x68, 0x95, 0x4D,
+        0x04, 0xE7, 0xAD, 0xEF, 0x76, 0xBF, 0x88, 0x0F,
+        0x05, 0x9B, 0x0C, 0xBB, 0x55, 0xD9, 0x15, 0xA4,
+        0xB1, 0x23, 0xE2, 0xF1, 0x33, 0x9A, 0x07, 0x3C,
+        0xBF, 0xBC, 0x40, 0x9B, 0xEF, 0xF6, 0x40, 0x0A,
+        0xE0, 0x96, 0xD5, 0xAE, 0x18, 0xEC, 0x42, 0xCF,
+        0xFA, 0xD5, 0xB4, 0x98, 0x0F, 0xA3, 0x5B, 0xF0,
+        0x34, 0x13, 0xAD, 0xB5, 0xD7, 0xE6, 0x87, 0x6A,
+        0xC3, 0x55, 0xD1, 0xC9, 0xED, 0x70, 0xCA, 0x2B,
+        0x97, 0x39, 0x54, 0xD1, 0x2B, 0x3C, 0xDD, 0x76,
+        0xAC, 0x68, 0x35, 0xDB, 0x96, 0x00, 0x3E, 0xD8,
+        0xC4, 0xE2, 0x88, 0xB7, 0x1F, 0xD7, 0x7D, 0xBA,
+        0xA7, 0x63, 0x57, 0x20, 0xE1, 0x2A, 0xE0, 0xA3,
+        0x17, 0xDE, 0x80, 0x8C, 0x66, 0x4E, 0x31, 0x7F,
+        0x55, 0x27, 0x57, 0x91, 0xF3, 0x24, 0x5C, 0xA4,
+        0xFE, 0x5D, 0x4D, 0x41, 0x07, 0x7F, 0xC1, 0x50,
+        0xA6, 0xE4, 0x03, 0xD5, 0xA2, 0x08, 0xE4, 0x6E,
+        0xAD, 0xBE, 0x8F, 0x2C, 0xFB, 0x8A, 0xF4, 0x72,
+        0xF4, 0xA0, 0xCE, 0xAC, 0x01, 0x52, 0x19, 0x47,
+        0x8E, 0x6B, 0x86, 0xC9, 0x58, 0xCF, 0x86, 0x52,
+        0x5B, 0x74, 0x85, 0xC1, 0x73, 0x4C, 0x7E, 0xF0,
+        0x0E, 0x90, 0x68, 0x3F, 0xFF, 0x5D, 0xBD, 0x0A,
+        0x7D, 0x41, 0x3A, 0x85, 0x50, 0x21, 0x02, 0x6A,
+        0x1B, 0x32, 0x01, 0x3A, 0x46, 0x16, 0xCB, 0xCD,
+        0x37, 0x00, 0xAC, 0xBC, 0x70, 0x5B, 0xE3, 0xEF,
+        0xBA, 0x62, 0x5C, 0x69, 0xA0, 0x25, 0x26, 0x7B,
+        0xCE, 0x9D, 0x13, 0x5E, 0x3F, 0x5B, 0x5C, 0xC8,
+        0xC4, 0x39, 0x56, 0x40, 0x7E, 0x84, 0xB6, 0x66,
+        0x31, 0x03, 0xE2, 0x9C, 0x24, 0x20, 0x35, 0x55,
+        0x1A, 0xE7, 0x97, 0xF5, 0x6C, 0x63, 0x74, 0xBE,
+        0x0C, 0x79, 0x8C, 0x0C, 0xF3, 0x98, 0xF1, 0xED
+#else
+        0x30, 0x82, 0x0a, 0x32, 0x30, 0x0d, 0x06, 0x09,
+        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03,
+        0x13, 0x03, 0x82, 0x0a, 0x21, 0x00,
+        0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF,
+        0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4,
+        0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA,
+        0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00,
+        0x83, 0x01, 0xE6, 0x66, 0xF5, 0x9D, 0x3E, 0xC5,
+        0x04, 0x4D, 0xE4, 0x56, 0x78, 0x8F, 0xDE, 0x19,
+        0xEB, 0x39, 0x67, 0x7B, 0x5F, 0x9F, 0xE1, 0x41,
+        0x50, 0xDA, 0x46, 0x3A, 0x70, 0x6F, 0x3B, 0xAF,
+        0x71, 0x5B, 0x95, 0x33, 0x6B, 0x2D, 0x68, 0x5A,
+        0x7C, 0xD7, 0x88, 0x07, 0x13, 0xE4, 0x58, 0x7B,
+        0xF7, 0xD8, 0x57, 0xBF, 0x7E, 0x31, 0x56, 0x96,
+        0xB8, 0xD0, 0xD9, 0xD4, 0x9E, 0x14, 0x29, 0x18,
+        0xBF, 0x09, 0x74, 0xE7, 0xF4, 0x32, 0x37, 0xD4,
+        0xBE, 0x3A, 0xD3, 0x94, 0x59, 0x9E, 0x3D, 0x39,
+        0xBB, 0x76, 0x49, 0x93, 0x25, 0x53, 0x44, 0x7E,
+        0x5D, 0x5A, 0xCC, 0x34, 0x99, 0x93, 0x01, 0x76,
+        0xEC, 0xD3, 0xA8, 0x44, 0xA4, 0x25, 0xF5, 0x0D,
+        0x05, 0x11, 0xC9, 0x22, 0x6C, 0x4B, 0x9A, 0x24,
+        0xF2, 0xA0, 0x11, 0xCD, 0x88, 0xD3, 0x23, 0x08,
+        0xE0, 0x31, 0x2A, 0x0C, 0x87, 0xCC, 0x34, 0xA9,
+        0x95, 0x82, 0x3C, 0x65, 0xF4, 0xF0, 0xF9, 0x8E,
+        0x50, 0xC3, 0x77, 0x88, 0xCE, 0x38, 0xDC, 0x28,
+        0xFB, 0x8B, 0x9B, 0xFA, 0xAF, 0xA9, 0x04, 0xB5,
+        0x41, 0xEE, 0x71, 0x2F, 0x6A, 0x04, 0x1E, 0x06,
+        0x11, 0x37, 0x4F, 0x6B, 0xF1, 0x7E, 0xAC, 0x0B,
+        0xD5, 0x6F, 0x3B, 0x6B, 0xF3, 0x36, 0xDA, 0x92,
+        0x42, 0x07, 0x0C, 0x24, 0x69, 0xA2, 0x0C, 0x4D,
+        0x16, 0x16, 0x14, 0x9A, 0x61, 0x59, 0x25, 0x20,
+        0x11, 0xD2, 0x99, 0xF9, 0x3F, 0x98, 0x6D, 0x87,
+        0x5D, 0xD3, 0x0B, 0x38, 0xA2, 0x25, 0x49, 0x17,
+        0x45, 0x70, 0x13, 0x8C, 0x2B, 0xB3, 0xAA, 0x9C,
+        0xBE, 0xA9, 0x19, 0x74, 0xF3, 0xD8, 0x9B, 0xF5,
+        0xAE, 0x32, 0xBE, 0x9E, 0x58, 0xB8, 0x54, 0xA2,
+        0xF8, 0xE8, 0x6F, 0xF7, 0x67, 0x80, 0xC0, 0x34,
+        0x90, 0xF4, 0x67, 0xDB, 0x06, 0x51, 0xC2, 0x0B,
+        0x1D, 0xF6, 0x0E, 0xB9, 0x7A, 0x3C, 0x99, 0xD9,
+        0xBD, 0x66, 0x4B, 0xE6, 0xA5, 0xE4, 0xC8, 0xA8,
+        0xAD, 0x4C, 0xC3, 0x63, 0x90, 0xD7, 0x00, 0x4E,
+        0x4B, 0xB4, 0x21, 0xDA, 0xED, 0x65, 0x4C, 0x35,
+        0x7D, 0xA4, 0xD6, 0x84, 0x98, 0x93, 0x3E, 0xC7,
+        0x17, 0x77, 0xAD, 0x64, 0xC2, 0xAE, 0x01, 0x3C,
+        0x73, 0xEB, 0x45, 0x7C, 0x68, 0xEF, 0x9A, 0x74,
+        0x5A, 0xDE, 0xEB, 0x4F, 0xDF, 0xC8, 0x79, 0xE7,
+        0x74, 0xD0, 0x3F, 0xAF, 0x6B, 0x14, 0xAA, 0xB1,
+        0x07, 0x52, 0xE2, 0x4B, 0x52, 0xD0, 0xF2, 0xD9,
+        0x4D, 0x54, 0x0A, 0x1E, 0xBE, 0x10, 0xF5, 0x97,
+        0xE5, 0x14, 0x44, 0x2D, 0x6C, 0x13, 0xC2, 0xE2,
+        0x49, 0x8E, 0x8A, 0xF3, 0x01, 0x7C, 0x52, 0xDB,
+        0x23, 0x3A, 0x90, 0x71, 0x7D, 0xF2, 0x5B, 0x4D,
+        0x07, 0x2B, 0x7D, 0x88, 0xEE, 0x87, 0x31, 0xD1,
+        0x68, 0x24, 0xC9, 0x5D, 0x1F, 0xB9, 0x83, 0xC4,
+        0x49, 0xDE, 0xB4, 0x66, 0x27, 0x60, 0x60, 0xFE,
+        0xE4, 0xC7, 0xEE, 0x38, 0x14, 0x51, 0xF2, 0x32,
+        0xC2, 0x9C, 0x7C, 0x32, 0x20, 0x85, 0x0C, 0x61,
+        0xD1, 0xC3, 0xC0, 0x0D, 0xB1, 0xCD, 0x97, 0x26,
+        0xA0, 0x2A, 0x56, 0x60, 0x9F, 0x3A, 0x65, 0xD3,
+        0xD1, 0x64, 0x60, 0x45, 0x88, 0xCD, 0x9B, 0x43,
+        0x14, 0x12, 0xF1, 0xAD, 0xD9, 0x14, 0xC5, 0xC2,
+        0xDA, 0xBB, 0xC9, 0x04, 0x67, 0xC0, 0xC4, 0xEA,
+        0x5F, 0x76, 0xE2, 0x4A, 0xA6, 0x18, 0x76, 0x5F,
+        0x8B, 0x06, 0x36, 0xD7, 0xB0, 0x65, 0xE1, 0xF4,
+        0xE6, 0xF6, 0x22, 0xEA, 0xE1, 0x71, 0x52, 0x45,
+        0x8C, 0x76, 0x65, 0x86, 0x77, 0x2D, 0x36, 0x3F,
+        0xA9, 0x92, 0x14, 0xF4, 0x72, 0xB0, 0xDB, 0x8A,
+        0x1E, 0x49, 0xD8, 0x2D, 0x02, 0x78, 0xF2, 0x95,
+        0x8B, 0x0A, 0xAA, 0x15, 0x86, 0xDB, 0x13, 0x4B,
+        0xDF, 0xD2, 0x43, 0x87, 0x42, 0x49, 0x50, 0x07,
+        0xE2, 0xFE, 0x5B, 0x60, 0xE2, 0x46, 0x39, 0x92,
+        0x26, 0x94, 0x7A, 0x12, 0xEA, 0x17, 0x63, 0x1C,
+        0xAA, 0x53, 0x46, 0x87, 0xCB, 0x75, 0xC0, 0x60,
+        0xB4, 0x79, 0x7E, 0xAB, 0x82, 0x77, 0xCC, 0x4F,
+        0x8A, 0x7A, 0x20, 0x38, 0x76, 0x06, 0xEF, 0xE2,
+        0xDB, 0xD3, 0xE7, 0x36, 0x24, 0x92, 0x77, 0xD9,
+        0x0F, 0xCA, 0xB9, 0x92, 0xA8, 0xC9, 0x9E, 0x85,
+        0xAB, 0x03, 0xEB, 0x4C, 0xAC, 0x5D, 0x88, 0x55,
+        0x39, 0x58, 0x52, 0x8A, 0xF9, 0x29, 0x74, 0x71,
+        0x81, 0x35, 0xF1, 0xD0, 0xC7, 0x93, 0xEB, 0x00,
+        0x0E, 0xA0, 0xAE, 0xC3, 0xEC, 0x18, 0x58, 0xFD,
+        0xD1, 0x86, 0x88, 0xD1, 0xDA, 0x27, 0x27, 0x8D,
+        0xEB, 0xF2, 0xCA, 0x81, 0x10, 0xBA, 0x4A, 0x20,
+        0x4F, 0x79, 0x30, 0xE1, 0xC8, 0xCE, 0xEC, 0xAF,
+        0xB7, 0x3F, 0x75, 0xDD, 0xB3, 0x4C, 0x5C, 0x55,
+        0x96, 0x8A, 0x79, 0x33, 0x05, 0x84, 0x26, 0xB5,
+        0x5D, 0x03, 0x9F, 0x72, 0x92, 0xAC, 0x43, 0xF6,
+        0x45, 0x84, 0xF6, 0xDF, 0x18, 0x7A, 0x1D, 0x6B,
+        0x00, 0x3F, 0x51, 0x4C, 0xC1, 0x3B, 0x26, 0xC2,
+        0xF3, 0x48, 0x19, 0x5A, 0xA3, 0x21, 0xDE, 0x6A,
+        0x27, 0xEC, 0x11, 0x34, 0x8D, 0xE5, 0x0D, 0x82,
+        0x5A, 0x29, 0x64, 0xC6, 0x31, 0x99, 0x2E, 0x4B,
+        0x0B, 0x42, 0x5B, 0x1B, 0xEB, 0x4F, 0x96, 0x00,
+        0xE3, 0xAD, 0xC4, 0x43, 0x1C, 0xF2, 0xE8, 0x8B,
+        0x42, 0x23, 0xD2, 0xDB, 0x66, 0x3C, 0x3C, 0xE7,
+        0x0E, 0xF8, 0x5D, 0xDD, 0x56, 0xA9, 0xBA, 0xF1,
+        0x38, 0xA9, 0xD7, 0xED, 0xD8, 0x94, 0x13, 0x1C,
+        0x3A, 0x8F, 0x41, 0xA0, 0x4E, 0xF9, 0xF8, 0x67,
+        0x52, 0xB7, 0x21, 0x81, 0xFA, 0xBB, 0x37, 0xC8,
+        0x6B, 0x87, 0x7E, 0x61, 0xD6, 0x0E, 0xED, 0x95,
+        0xEE, 0xFF, 0xAB, 0xE6, 0x37, 0x6E, 0x14, 0xAC,
+        0xA8, 0x17, 0xC5, 0xF4, 0x19, 0x61, 0xAF, 0x8A,
+        0x78, 0x49, 0xBA, 0xC0, 0x94, 0x91, 0x7B, 0x2D,
+        0x13, 0x22, 0x76, 0xB6, 0xB3, 0x48, 0x6A, 0xFF,
+        0x95, 0x0D, 0x23, 0xD4, 0xAA, 0xDC, 0x24, 0xCE,
+        0x98, 0xA5, 0x26, 0x9E, 0x1C, 0x69, 0x91, 0x79,
+        0x60, 0xA3, 0x1E, 0xE0, 0x9A, 0x52, 0x7C, 0x35,
+        0x81, 0x75, 0xCA, 0xA0, 0xCB, 0x1B, 0x01, 0x8E,
+        0x95, 0x26, 0xD9, 0x35, 0x34, 0xEA, 0xDB, 0xAC,
+        0xB5, 0x2B, 0x27, 0x3D, 0x73, 0x5E, 0x22, 0xDD,
+        0x0D, 0x5C, 0x28, 0xFA, 0x3E, 0x47, 0xCF, 0xE9,
+        0x0B, 0x52, 0x15, 0xAE, 0x24, 0xF1, 0x46, 0xC3,
+        0x46, 0x4B, 0xFE, 0xAF, 0x01, 0xD2, 0x8D, 0xAA,
+        0x55, 0x3C, 0x1E, 0x94, 0x42, 0x8A, 0x10, 0x4A,
+        0x9D, 0x78, 0xAE, 0xC7, 0x62, 0x59, 0x1E, 0x88,
+        0x79, 0xF7, 0x68, 0x51, 0xCF, 0xB4, 0x64, 0x85,
+        0x66, 0x72, 0x1B, 0x0C, 0xAC, 0x1F, 0x14, 0xFE,
+        0x16, 0x14, 0x9A, 0x9D, 0x82, 0x10, 0xCC, 0x8F,
+        0x2F, 0x50, 0xDE, 0xF7, 0xB4, 0x6C, 0x84, 0x3B,
+        0xE9, 0x3B, 0xD8, 0xD5, 0x56, 0x02, 0x49, 0x33,
+        0x50, 0xAB, 0x56, 0x0E, 0xA5, 0xBA, 0x17, 0x71,
+        0x64, 0x23, 0xBE, 0x0E, 0xB8, 0x36, 0x0A, 0xB1,
+        0x09, 0xD8, 0xFB, 0x18, 0xBF, 0xEA, 0x04, 0x08,
+        0x47, 0xB7, 0x33, 0x51, 0x45, 0xD4, 0xF2, 0x00,
+        0xD1, 0x9C, 0xF6, 0xFE, 0x7B, 0xAC, 0x91, 0x7F,
+        0x42, 0x6C, 0x9B, 0x3D, 0x39, 0xA9, 0xCA, 0x43,
+        0x29, 0x81, 0x8F, 0x24, 0x0E, 0x7D, 0xA3, 0x82,
+        0x76, 0x10, 0x72, 0xF4, 0xA6, 0x50, 0x5E, 0xA8,
+        0xE7, 0x6C, 0x1E, 0x44, 0x6F, 0xEB, 0x66, 0x25,
+        0xE3, 0x8D, 0xDB, 0xCD, 0x3C, 0xDA, 0x81, 0xE8,
+        0x3B, 0xF7, 0x68, 0xF3, 0xE0, 0x1D, 0x9D, 0x26,
+        0x3B, 0x36, 0x73, 0x03, 0xAE, 0x15, 0x6C, 0x0B,
+        0x71, 0x83, 0x36, 0x4A, 0x1E, 0x79, 0x41, 0xA0,
+        0x92, 0x98, 0xA3, 0xAD, 0xF7, 0xBD, 0x23, 0x1E,
+        0x61, 0x14, 0xB9, 0xDC, 0xE7, 0x95, 0x2B, 0x11,
+        0x3F, 0x78, 0x16, 0x31, 0x38, 0xB9, 0x26, 0x6F,
+        0x84, 0x3F, 0x1E, 0xD9, 0x7D, 0x9C, 0x2B, 0x16,
+        0x3A, 0x6E, 0x8B, 0xD4, 0xC1, 0xAB, 0x4E, 0x17,
+        0x93, 0x67, 0xC5, 0xAC, 0x96, 0xCE, 0xCF, 0x50,
+        0x50, 0xFE, 0x82, 0x1F, 0xDF, 0xA4, 0x4E, 0x9E,
+        0x68, 0x0B, 0x61, 0xC6, 0x01, 0x89, 0x32, 0xDF,
+        0x71, 0x78, 0x11, 0x45, 0x9A, 0xF2, 0x54, 0x2E,
+        0x2C, 0xDE, 0x77, 0x17, 0x8C, 0x2E, 0x98, 0x80,
+        0xF0, 0x11, 0xE4, 0x05, 0xEA, 0xFA, 0x59, 0xC8,
+        0xCB, 0xBE, 0xD7, 0x6E, 0x5A, 0x19, 0x41, 0x10,
+        0x4B, 0x1B, 0x9D, 0x3A, 0x60, 0x49, 0x1C, 0x95,
+        0x47, 0x55, 0xE0, 0x2E, 0x89, 0x41, 0x03, 0xF1,
+        0xF4, 0x97, 0x74, 0x75, 0xE9, 0xEA, 0x36, 0x60,
+        0x9F, 0xD6, 0x7C, 0x9D, 0xE3, 0x18, 0xED, 0xA2,
+        0x37, 0x0D, 0xCC, 0xDB, 0xB9, 0xCE, 0xF7, 0xAE,
+        0x63, 0x60, 0x90, 0x5E, 0xC2, 0x20, 0x83, 0x8C,
+        0x97, 0x69, 0x82, 0x34, 0x41, 0xCD, 0xD0, 0xDA,
+        0x8E, 0xF0, 0xAB, 0xE5, 0xF2, 0xD1, 0xD7, 0x6E,
+        0x2F, 0xE0, 0x8F, 0xEF, 0x53, 0xDE, 0x1D, 0x61,
+        0x66, 0xAB, 0x1A, 0x92, 0xB1, 0xAC, 0x09, 0x3E,
+        0x5A, 0xBF, 0x76, 0x58, 0xC4, 0xB5, 0x72, 0x87,
+        0xF2, 0xD1, 0xFD, 0x7B, 0x82, 0xDE, 0xDA, 0xF8,
+        0xD5, 0xA4, 0xFB, 0xAC, 0x4B, 0x35, 0xD5, 0x82,
+        0x31, 0x69, 0x4E, 0x16, 0x24, 0x97, 0x57, 0x8A,
+        0xBD, 0x7A, 0xA7, 0xC8, 0xFE, 0x7B, 0x35, 0x41,
+        0xA7, 0xF1, 0x8E, 0x54, 0xE8, 0xB7, 0xF0, 0x87,
+        0x64, 0xC5, 0xE6, 0x84, 0x49, 0xDF, 0x65, 0x59,
+        0x01, 0x54, 0x98, 0x32, 0xD6, 0x28, 0xFA, 0x63,
+        0xD2, 0xB2, 0xC5, 0xA1, 0x50, 0x93, 0x39, 0x94,
+        0xA9, 0x86, 0x33, 0x17, 0xAD, 0x40, 0xD7, 0x78,
+        0xD9, 0xD2, 0xC0, 0x5C, 0x78, 0x98, 0x85, 0x0B,
+        0x90, 0x17, 0x32, 0x23, 0xC7, 0xA0, 0xAF, 0x89,
+        0x0F, 0xD7, 0xE6, 0x62, 0x21, 0xB6, 0xF0, 0x63,
+        0x18, 0xB2, 0xED, 0x5E, 0x19, 0x9C, 0xB4, 0x24,
+        0x88, 0x5A, 0xB8, 0x41, 0xE7, 0xA4, 0x72, 0x6F,
+        0xAB, 0xA2, 0xF9, 0xBB, 0x53, 0xBC, 0x32, 0x36,
+        0x43, 0x4C, 0x35, 0xFB, 0xBE, 0x4B, 0x1A, 0x0F,
+        0x93, 0xF5, 0x0C, 0x37, 0x89, 0x6C, 0x29, 0xF8,
+        0xE3, 0x02, 0xAD, 0x31, 0xED, 0x33, 0x31, 0xD6,
+        0x20, 0xE3, 0xB6, 0x29, 0x45, 0x51, 0x01, 0xA1,
+        0xF1, 0xCC, 0x7B, 0xA5, 0xE4, 0x6E, 0x68, 0xED,
+        0x4A, 0x8C, 0xCC, 0x87, 0xB4, 0xDC, 0x75, 0xBC,
+        0x01, 0x62, 0xB6, 0x33, 0x0F, 0x83, 0x3F, 0xBA,
+        0x25, 0x75, 0xDF, 0xAF, 0x5B, 0x5F, 0x28, 0xBC,
+        0x54, 0xFF, 0x2B, 0xA8, 0x1E, 0x7A, 0x47, 0x31,
+        0x3C, 0x15, 0x48, 0x2B, 0x60, 0x5E, 0x66, 0xBB,
+        0x38, 0xC6, 0x19, 0x8F, 0x13, 0x92, 0x10, 0x40,
+        0x80, 0xFB, 0xE7, 0x8B, 0x86, 0xB1, 0xBC, 0x9A,
+        0x6F, 0xB8, 0x81, 0xF5, 0xC7, 0x82, 0x01, 0x47,
+        0xE6, 0xBA, 0x14, 0xB8, 0x1A, 0xCC, 0xF2, 0x0C,
+        0xAE, 0x96, 0x64, 0x10, 0x94, 0xC2, 0x16, 0x90,
+        0x2E, 0xA5, 0xC1, 0x25, 0xF6, 0xC9, 0x35, 0xA1,
+        0x50, 0xD7, 0xC9, 0xAC, 0xC5, 0xD9, 0xE2, 0xE5,
+        0xD9, 0x0E, 0x38, 0xC0, 0x50, 0x3A, 0xA9, 0x42,
+        0x60, 0x17, 0xC7, 0x6A, 0xAF, 0xCD, 0x52, 0x61,
+        0xB5, 0x06, 0x27, 0x4E, 0xC1, 0x3A, 0x96, 0x79,
+        0xFB, 0x09, 0x79, 0x60, 0x27, 0xA4, 0xBB, 0x75,
+        0x9D, 0x92, 0x82, 0x79, 0xB9, 0x4D, 0x84, 0x1A,
+        0x09, 0x73, 0x93, 0xBF, 0x7E, 0x5B, 0xD6, 0x9A,
+        0x49, 0x6C, 0xC3, 0xDE, 0xCD, 0x2B, 0x0F, 0x07,
+        0xF8, 0x33, 0x92, 0xAA, 0xDE, 0x33, 0xDC, 0x51,
+        0xB2, 0xA8, 0x4F, 0x6A, 0x07, 0x63, 0x5D, 0xC0,
+        0xEF, 0x57, 0xA9, 0xAD, 0x59, 0x59, 0xB6, 0xA5,
+        0x0B, 0x7B, 0xA5, 0x09, 0xAD, 0x5B, 0x11, 0xFA,
+        0xD2, 0x6B, 0x41, 0x9F, 0x9F, 0x1E, 0x3F, 0x9C,
+        0x73, 0x29, 0xB5, 0xA9, 0x53, 0xD7, 0xCC, 0x87,
+        0xB2, 0xDE, 0x21, 0x06, 0x11, 0xCF, 0x52, 0xA6,
+        0x39, 0xEF, 0x2B, 0x39, 0x08, 0x01, 0x2C, 0xB8,
+        0x8E, 0x1D, 0x6F, 0x57, 0x62, 0x50, 0x79, 0xCB,
+        0x10, 0x3D, 0x6C, 0x98, 0x10, 0x1A, 0x11, 0xBD,
+        0x22, 0x33, 0xB6, 0x56, 0x02, 0xCA, 0x30, 0x49,
+        0xBD, 0x32, 0x05, 0x20, 0x41, 0x9F, 0x76, 0xB0,
+        0x61, 0xE3, 0x59, 0x8D, 0xE3, 0x81, 0x52, 0xC8,
+        0x87, 0x67, 0xD1, 0xA2, 0x4F, 0xBD, 0x02, 0xBB,
+        0x10, 0xC3, 0x8E, 0xAC, 0xAE, 0x31, 0x7D, 0xE6,
+        0xBB, 0x28, 0x7B, 0x4D, 0x2C, 0xAE, 0x5D, 0xA0,
+        0x21, 0x49, 0x65, 0xD8, 0x77, 0x37, 0x78, 0x62,
+        0x6E, 0x9B, 0x97, 0x28, 0x59, 0xD8, 0x48, 0x2B,
+        0x8D, 0x05, 0x47, 0xE4, 0xF5, 0x6D, 0xFF, 0x87,
+        0x68, 0x1D, 0x5B, 0xC5, 0x12, 0x0F, 0x61, 0x3F,
+        0xBB, 0xD9, 0x1E, 0x1F, 0x14, 0xE6, 0xDE, 0xFE,
+        0x67, 0x2E, 0x2A, 0x7E, 0xAB, 0xCB, 0xBB, 0x9B,
+        0x11, 0x08, 0x2C, 0x5E, 0x70, 0x0A, 0xA0, 0xB1,
+        0xF7, 0xC1, 0x78, 0x5F, 0xCE, 0xD1, 0x9A, 0x93,
+        0xAF, 0xE7, 0xC5, 0x9F, 0xA2, 0x51, 0x9B, 0xCD,
+        0xEB, 0x49, 0x4C, 0x3D, 0x13, 0xB2, 0x12, 0x5F,
+        0x38, 0x53, 0x23, 0xB8, 0x16, 0xC6, 0x8F, 0x8F,
+        0x56, 0x28, 0xC7, 0xC2, 0xAB, 0xFD, 0x02, 0x78,
+        0xA3, 0x37, 0x07, 0x3D, 0xA7, 0x4D, 0x16, 0x09,
+        0x96, 0x98, 0xC4, 0xB1, 0x14, 0xE8, 0xA8, 0xCE,
+        0x34, 0x4E, 0x0A, 0x15, 0xD0, 0xFC, 0x7E, 0xD4,
+        0x97, 0xB0, 0x01, 0xD5, 0x3D, 0x4C, 0x96, 0xDC,
+        0x39, 0x54, 0xD3, 0xB4, 0xB9, 0x56, 0xCB, 0x9D,
+        0x2A, 0x27, 0x2C, 0x51, 0xF1, 0x55, 0x9B, 0x22,
+        0x90, 0x4B, 0x40, 0xCC, 0x85, 0x31, 0xE4, 0x0C,
+        0xC4, 0x12, 0xC6, 0x8C, 0xB6, 0xEE, 0xA4, 0xA4,
+        0x09, 0x0B, 0x38, 0xE2, 0x79, 0x73, 0x29, 0x98,
+        0x54, 0x67, 0xE8, 0x18, 0xA5, 0x24, 0xD3, 0x22,
+        0x8E, 0xAC, 0xAE, 0x78, 0x25, 0xD3, 0xDA, 0xD2,
+        0xEA, 0xA4, 0x22, 0xFD, 0xC7, 0x7A, 0xED, 0x71,
+        0xA2, 0x05, 0xDA, 0x78, 0x38, 0xD9, 0x45, 0xE7,
+        0xFE, 0xC3, 0x7E, 0x4D, 0xCA, 0x67, 0xE5, 0x04,
+        0xCE, 0x35, 0xE5, 0xB0, 0x45, 0xF5, 0x6F, 0x1E,
+        0x8D, 0x75, 0x29, 0xEB, 0xD6, 0xF1, 0xAF, 0x7B,
+        0x6E, 0x93, 0x9E, 0x2B, 0x7A, 0xB4, 0x02, 0x7D,
+        0x37, 0xA5, 0x13, 0x5D, 0x17, 0x2D, 0xA1, 0xAF,
+        0x9C, 0xA2, 0xF7, 0x28, 0xA6, 0xF3, 0x7D, 0xE6,
+        0x0D, 0xD2, 0x3D, 0x97, 0xD1, 0x1E, 0x75, 0xAB,
+        0x1F, 0xD5, 0x1F, 0x8E, 0x9A, 0x13, 0x97, 0xE5,
+        0x82, 0x21, 0x59, 0xDB, 0x58, 0x38, 0x02, 0xB3,
+        0x2E, 0xEB, 0xB4, 0x56, 0x7E, 0xCE, 0x37, 0x46,
+        0xD1, 0xAE, 0x33, 0x31, 0x47, 0x85, 0x64, 0x3D,
+        0xD2, 0xA0, 0x74, 0x1E, 0x7F, 0x1B, 0xF2, 0xD2,
+        0x61, 0xF2, 0x21, 0x24, 0xE8, 0xDD, 0xD0, 0x8C,
+        0x64, 0x0A, 0x48, 0xB5, 0x47, 0x17, 0x51, 0x7C,
+        0x21, 0xCD, 0x32, 0x53, 0x28, 0xBC, 0x23, 0x9C,
+        0xA0, 0x28, 0xB2, 0x63, 0x0D, 0x06, 0x3C, 0x8C,
+        0xC2, 0x0B, 0xE9, 0xBD, 0xB4, 0x85, 0x02, 0xDA,
+        0xDD, 0xE7, 0x3F, 0xFE, 0xD5, 0x96, 0x38, 0x16,
+        0x53, 0x3E, 0x02, 0x0A, 0xED, 0x12, 0x08, 0x53,
+        0x62, 0x55, 0xB1, 0xCC, 0xE9, 0x85, 0x43, 0x31,
+        0x27, 0xFF, 0x4F, 0x04, 0xD5, 0xB1, 0xE2, 0xF2,
+        0x10, 0x87, 0x04, 0xB8, 0xB9, 0x66, 0x58, 0x8C,
+        0x01, 0x56, 0xAF, 0xC2, 0xAE, 0x19, 0x29, 0x86,
+        0xFB, 0xEC, 0x44, 0x3B, 0xAE, 0xF6, 0xCB, 0x85,
+        0xA6, 0xF2, 0x9C, 0x77, 0x92, 0x40, 0x5A, 0x24,
+        0x11, 0x47, 0x10, 0xAE, 0x1C, 0x74, 0x64, 0x44,
+        0xFD, 0xF5, 0xFB, 0x65, 0x9E, 0x5E, 0x34, 0x68,
+        0x26, 0x20, 0x7B, 0x8C, 0x54, 0x46, 0x3A, 0x06,
+        0x17, 0xCE, 0x17, 0xFF, 0x33, 0xE4, 0x0F, 0x93,
+        0x1F, 0xE5, 0x76, 0x71, 0x5C, 0x93, 0x2E, 0xF2,
+        0x9F, 0xD7, 0x6B, 0x04, 0xA6, 0x9B, 0x58, 0xE0,
+        0x30, 0x3D, 0x8E, 0xF2, 0x56, 0x78, 0xC8, 0xB7,
+        0x0A, 0xF1, 0x2E, 0x90, 0x45, 0x59, 0x1C, 0x04,
+        0xE8, 0xB7, 0x71, 0x06, 0x94, 0x04, 0x15, 0x17,
+        0x7E, 0x86, 0x85, 0x93, 0xA0, 0x9C, 0x7E, 0x14,
+        0x61, 0x9A, 0x4B, 0x33, 0x2F, 0x9A, 0xDC, 0x3A,
+        0x65, 0x8B, 0x86, 0x01, 0x7F, 0x32, 0x65, 0x6C,
+        0x54, 0x29, 0xC1, 0x15, 0xE1, 0x10, 0x03, 0x7A,
+        0x8C, 0xC7, 0xE5, 0x44, 0x67, 0x7D, 0x2D, 0xD2,
+        0x39, 0xA5, 0x9D, 0x54, 0xD0, 0xF3, 0xC7, 0x46,
+        0x0E, 0xC1, 0x52, 0x08, 0x34, 0x6B, 0xA5, 0x6D,
+        0xF5, 0x08, 0x6C, 0x5D, 0xBC, 0xC4, 0x1E, 0x0C,
+        0x95, 0xFC, 0xB6, 0x86, 0x1C, 0x2C, 0x0C, 0x32,
+        0xAA, 0xF3, 0x45, 0x4E, 0xFE, 0xE2, 0xFF, 0xBA,
+        0x21, 0x4B, 0x43, 0x0E, 0xF2, 0x48, 0xA5, 0x9B,
+        0x32, 0x44, 0x4D, 0x8D, 0x0D, 0x3D, 0xB8, 0x7C,
+        0x9D, 0x4B, 0x15, 0x36, 0xD1, 0x57, 0x72, 0x8E,
+        0xE7, 0x58, 0x5E, 0xF5, 0x32, 0x77, 0x6A, 0x00,
+        0x3A, 0x02, 0x3C, 0x0A, 0xB0, 0xE9, 0xFF, 0x55,
+        0x71, 0x08, 0xC3, 0x90, 0x68, 0x4D, 0x56, 0x5A,
+        0x66, 0x50, 0x63, 0x26, 0x6A, 0xE6, 0x67, 0x0E,
+        0xD5, 0x3B, 0x0F, 0xAF, 0x8F, 0xF6, 0x78, 0x29,
+        0xBB, 0x73, 0x78, 0x25, 0xB1, 0x53, 0xA9, 0x33,
+        0x8C, 0xBE, 0x3D, 0xF1, 0xA4, 0x62, 0x84, 0x9B,
+        0x93, 0xA8, 0x1F, 0x84, 0xED, 0x07, 0xBE, 0x6D,
+        0x62, 0x40, 0x00, 0x32, 0x74, 0x73, 0x7F, 0x61,
+        0x8D, 0xCB, 0x26, 0xE4, 0x82, 0x52, 0xCE, 0x42,
+        0x04, 0xDD, 0x31, 0x39, 0xFF, 0x68, 0x76, 0xF4,
+        0x3B, 0x30, 0x5D, 0x83, 0x56, 0x20, 0xFE, 0xDF,
+        0x79, 0xAA, 0x67, 0x43, 0x3D, 0xC2, 0x52, 0x87,
+        0x32, 0x0E, 0x99, 0x17, 0x96, 0x7B, 0x70, 0xB2,
+        0xD8, 0x66, 0xD1, 0x7B, 0x69, 0x8B, 0xFF, 0xF2,
+        0xB3, 0xAB, 0x95, 0x14, 0x94, 0x9E, 0x58, 0xB5,
+        0x7C, 0x68, 0xA4, 0x54, 0x12, 0xC1, 0xFC, 0x42,
+        0x1C, 0x76, 0x8B, 0xF5, 0xEE, 0x8A, 0x10, 0xC8,
+        0xAE, 0xF5, 0x69, 0x26, 0xF5, 0x1E, 0xC6, 0x2C,
+        0x11, 0x56, 0x9F, 0x31, 0xAA, 0x51, 0x78, 0x68,
+        0xE5, 0xCA, 0xD8, 0x9E, 0x95, 0x80, 0x66, 0xEB,
+        0x9E, 0xDD, 0x72, 0x71, 0xB3, 0x1C, 0xB4, 0xB1,
+        0xD6, 0xCE, 0x21, 0x12, 0x25, 0xAE, 0xB5, 0xB5,
+        0x7F, 0x74, 0x97, 0x19, 0xDA, 0x07, 0xEC, 0xBE,
+        0xFE, 0x03, 0x88, 0x1D, 0xDE, 0x3D, 0x81, 0xE4,
+        0x13, 0x5F, 0x2D, 0xC8, 0x1A, 0xF7, 0x79, 0x77,
+        0x6C, 0x1B, 0x80, 0x57, 0x16, 0x2A, 0x6C, 0x98,
+        0x2F, 0xBB, 0x4D, 0xA6, 0xA9, 0xAD, 0x28, 0x4A,
+        0xB1, 0x0C, 0x70, 0x02, 0x20, 0x44, 0xF4, 0x6D,
+        0x40, 0x0B, 0xF6, 0xAD, 0x71, 0x82, 0xD1, 0x97,
+        0x78, 0x99, 0x83, 0xBE, 0x99, 0x22, 0x79, 0x79,
+        0xA1, 0x33, 0x4B, 0xA1, 0x49, 0xD8, 0x69, 0xBA,
+        0x1C, 0x40, 0x88, 0x12, 0x34, 0x35, 0xBF, 0x97,
+        0x85, 0x41, 0x35, 0x6D, 0xAF, 0x17, 0x1F, 0x33,
+        0xAD, 0xB1, 0xC9, 0x79, 0x07, 0xA0, 0xFB, 0x58,
+        0x45, 0x07, 0x4A, 0x85, 0xD2, 0x6F, 0x54, 0x61,
+        0x35, 0xAE, 0xD0, 0xF9, 0x1B, 0xE4, 0x53, 0x9C,
+        0x12, 0xBF, 0x94, 0x11, 0xE4, 0xB5, 0x56, 0xF6,
+        0x87, 0xD0, 0x69, 0xDB, 0x6B, 0x21, 0xFE, 0x2B,
+        0x7F, 0x32, 0x18, 0x87, 0x44, 0x8C, 0xEA, 0x55,
+        0xDB, 0x19, 0xFB, 0xB8, 0xB0, 0x48, 0x2A, 0x55,
+        0xAE, 0xC1, 0x67, 0x38, 0xD7, 0x4C, 0xD2, 0x65,
+        0x09, 0x38, 0x36, 0xBE, 0x99, 0xD4, 0xFB, 0x53,
+        0xE9, 0xB0, 0x14, 0xB0, 0x37, 0xCD, 0xBF, 0xE9
+#endif
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+static const unsigned char dilithium_public_der[] = {
+#ifndef WOLFSSL_NO_ML_DSA_44
+    0x30, 0x82, 0x05, 0x34, 0x30, 0x0d, 0x06, 0x0b,
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x04, 0x04, 0x03, 0x82, 0x05, 0x21, 0x00,
+    0x0a, 0xf7, 0xc8, 0xa4, 0x96, 0x01, 0xa7, 0xb2,
+    0x2e, 0x4d, 0xc9, 0xd9, 0x1c, 0xa1, 0x86, 0x09,
+    0xce, 0x14, 0x6f, 0xe8, 0x33, 0x3c, 0x7b, 0xdb,
+    0x19, 0x9c, 0x56, 0x39, 0x6a, 0x6c, 0x5d, 0x1f,
+    0xe4, 0x26, 0xcb, 0x16, 0x91, 0x4d, 0xeb, 0x5a,
+    0x36, 0x22, 0xee, 0xda, 0xdf, 0x46, 0x3e, 0xa1,
+    0x4f, 0x9a, 0x30, 0xb5, 0x3f, 0x60, 0xf7, 0x75,
+    0x47, 0xdc, 0x55, 0xf1, 0xbe, 0xbc, 0x87, 0x6c,
+    0x50, 0x7c, 0x21, 0x55, 0x35, 0xad, 0xa7, 0xf9,
+    0x1c, 0xf8, 0xa1, 0x92, 0x79, 0x10, 0x52, 0x7a,
+    0xc3, 0xba, 0xd3, 0x9d, 0xc6, 0x9b, 0xf4, 0xcb,
+    0x1b, 0xa2, 0xde, 0x83, 0x86, 0xa6, 0x35, 0xea,
+    0xf2, 0x8c, 0xdc, 0xba, 0x3e, 0xef, 0x9c, 0xf5,
+    0x8e, 0xc3, 0xb0, 0xc0, 0x5b, 0xcc, 0x35, 0x6a,
+    0x81, 0xe5, 0x17, 0xb3, 0x9a, 0x57, 0xa6, 0x4a,
+    0x87, 0xb1, 0xa7, 0xf5, 0xa2, 0x96, 0x40, 0x8b,
+    0xc1, 0x62, 0xb2, 0xd9, 0x76, 0xe8, 0x51, 0x33,
+    0x44, 0x3d, 0xeb, 0x14, 0x86, 0x88, 0x2c, 0xc1,
+    0x47, 0xba, 0x2b, 0x85, 0x3b, 0x72, 0xcb, 0x9f,
+    0x40, 0xba, 0x19, 0x58, 0xa4, 0x34, 0x0a, 0xd2,
+    0x8c, 0x97, 0xbd, 0x3d, 0x09, 0xb0, 0x4a, 0xeb,
+    0xaa, 0xee, 0x58, 0x1e, 0xc1, 0x19, 0x26, 0x70,
+    0x15, 0xa5, 0x17, 0x7e, 0xd0, 0xa1, 0x08, 0xf9,
+    0x6d, 0xcf, 0x20, 0x62, 0x95, 0x8e, 0x61, 0xf4,
+    0x29, 0x96, 0x6f, 0x38, 0x1c, 0x67, 0xd5, 0xa6,
+    0x4c, 0xf5, 0x1f, 0xda, 0x12, 0x22, 0x24, 0x6b,
+    0x0d, 0xb7, 0x6a, 0xe5, 0xaf, 0x6c, 0x89, 0x52,
+    0xc2, 0x85, 0x85, 0x5f, 0x16, 0x33, 0x0c, 0xc6,
+    0x7a, 0xe0, 0xa8, 0xed, 0x13, 0x58, 0xf3, 0xa0,
+    0x80, 0x42, 0x3c, 0xe3, 0x57, 0xd1, 0xe2, 0x66,
+    0xc4, 0xe0, 0x3d, 0x49, 0x32, 0x21, 0xd9, 0xa1,
+    0x3c, 0x93, 0x0a, 0xf7, 0x5f, 0x34, 0x65, 0xa4,
+    0x30, 0xf9, 0xe7, 0x8a, 0x96, 0x04, 0xdb, 0xc5,
+    0x16, 0x15, 0x10, 0x74, 0x4f, 0xc9, 0x6b, 0x4b,
+    0x66, 0x29, 0xb0, 0xd1, 0x3b, 0xdd, 0x41, 0x0a,
+    0xfe, 0xdf, 0x5f, 0x72, 0x91, 0xbc, 0x99, 0x2f,
+    0x8d, 0x72, 0x3a, 0x4a, 0xde, 0x11, 0x3a, 0x20,
+    0xb2, 0x56, 0xb5, 0x73, 0x89, 0xb4, 0x63, 0x37,
+    0x86, 0xbd, 0x99, 0x8b, 0x03, 0x56, 0x50, 0x21,
+    0x11, 0x78, 0x8c, 0xd5, 0xc1, 0x92, 0x33, 0x72,
+    0x6e, 0x8d, 0x88, 0x2d, 0x10, 0x8f, 0x31, 0xd3,
+    0x23, 0xe5, 0xaa, 0x1f, 0xe1, 0x37, 0xec, 0x34,
+    0x42, 0x30, 0x75, 0xff, 0xb2, 0x1a, 0x8e, 0x29,
+    0x03, 0x4c, 0xfd, 0xdf, 0x53, 0xf2, 0x0b, 0x2d,
+    0xf9, 0x1c, 0x9e, 0xb6, 0x5a, 0x6c, 0x5e, 0x88,
+    0x48, 0x29, 0x89, 0x42, 0xfc, 0x97, 0xfb, 0x27,
+    0x1c, 0x99, 0x2a, 0xbf, 0x7f, 0x04, 0xb2, 0xcd,
+    0xc9, 0x3a, 0x39, 0xfe, 0x4f, 0x47, 0x92, 0x0b,
+    0x85, 0xfc, 0x92, 0x57, 0xc5, 0x0b, 0x23, 0x1f,
+    0x0b, 0x72, 0xb4, 0xde, 0xfe, 0xbe, 0xb7, 0x39,
+    0xb3, 0xd7, 0x48, 0x03, 0xed, 0x76, 0xac, 0x63,
+    0xf7, 0x2a, 0x58, 0xef, 0xdb, 0x63, 0x5a, 0x56,
+    0x68, 0xcc, 0xb2, 0x8b, 0x22, 0xac, 0xdf, 0xc4,
+    0xad, 0x6f, 0xad, 0x24, 0xfd, 0x30, 0xfb, 0xed,
+    0x6e, 0xde, 0x65, 0x2b, 0xb4, 0x57, 0x35, 0x49,
+    0xc1, 0xc9, 0x82, 0xf4, 0x72, 0x69, 0xef, 0x34,
+    0xc0, 0x37, 0x8b, 0x8b, 0xd3, 0xd3, 0x25, 0xcc,
+    0xe5, 0xf5, 0xf6, 0x9c, 0xa3, 0xe7, 0x88, 0xd7,
+    0x55, 0x73, 0x31, 0x4c, 0xb1, 0x7b, 0x64, 0xb3,
+    0x38, 0xde, 0x47, 0x9a, 0xfc, 0xf1, 0xfa, 0xf8,
+    0x6e, 0xc5, 0x95, 0xb9, 0xaf, 0x6a, 0x7a, 0x94,
+    0x80, 0x0d, 0x29, 0x62, 0x99, 0x0a, 0x34, 0xa2,
+    0x8f, 0xa1, 0x5e, 0x98, 0x7c, 0x4e, 0x18, 0xcd,
+    0x63, 0x68, 0x0e, 0xfa, 0x6f, 0x49, 0x01, 0x02,
+    0xcd, 0xf1, 0xc1, 0x09, 0x57, 0xa3, 0x03, 0xec,
+    0x94, 0x36, 0xab, 0xc6, 0x1c, 0xc0, 0x98, 0x22,
+    0x15, 0x5b, 0x5b, 0x61, 0x3c, 0xc2, 0x5b, 0x6f,
+    0x1c, 0x82, 0x41, 0x39, 0x87, 0xde, 0x92, 0xa9,
+    0xe4, 0x12, 0x74, 0x3b, 0x31, 0x36, 0xac, 0x92,
+    0xb0, 0x23, 0x26, 0xfa, 0xd8, 0xa3, 0xe8, 0x84,
+    0xfc, 0x52, 0xc5, 0x7b, 0xd1, 0x4b, 0xe2, 0x1a,
+    0x33, 0xdd, 0x3c, 0xdf, 0x27, 0x50, 0x6f, 0x12,
+    0xd3, 0x17, 0x66, 0xd7, 0x54, 0x33, 0x30, 0x2b,
+    0xe8, 0xd1, 0x1f, 0x2d, 0xf3, 0x37, 0x81, 0xa0,
+    0x3c, 0x21, 0x8c, 0xea, 0x95, 0xa5, 0x5b, 0x3a,
+    0x24, 0xed, 0xf7, 0x67, 0x7b, 0x72, 0x3a, 0xda,
+    0x31, 0xbd, 0xa7, 0x63, 0xa6, 0x6f, 0xf9, 0xdf,
+    0x06, 0x36, 0xb4, 0xe2, 0x35, 0x4b, 0xa5, 0x8e,
+    0x29, 0x8e, 0x6c, 0x02, 0xc5, 0x06, 0x9b, 0x98,
+    0x6e, 0x5e, 0x00, 0x6a, 0x42, 0x09, 0x4b, 0xc3,
+    0x09, 0x37, 0x67, 0x19, 0x58, 0x6d, 0x40, 0x50,
+    0xb0, 0x62, 0x5b, 0xd6, 0x63, 0x7f, 0xed, 0xb0,
+    0x97, 0x80, 0x9e, 0x91, 0x3f, 0x82, 0xfd, 0x83,
+    0x36, 0xce, 0x06, 0xc4, 0xdc, 0xa4, 0x1e, 0x70,
+    0xd4, 0x94, 0xfc, 0x6e, 0x46, 0xa3, 0xc8, 0xed,
+    0x34, 0x0a, 0xb1, 0x9a, 0x66, 0x5d, 0xc0, 0xce,
+    0x73, 0xd3, 0x65, 0xcb, 0xfb, 0x79, 0xdd, 0xf6,
+    0x19, 0xf6, 0xd8, 0xa9, 0xe6, 0x34, 0x15, 0x86,
+    0x7a, 0x30, 0x79, 0xde, 0x2b, 0x06, 0xa4, 0xc0,
+    0xc8, 0xa2, 0xc1, 0x41, 0xb3, 0x4c, 0xf6, 0xdb,
+    0x16, 0xcd, 0xd2, 0x8b, 0xf1, 0x18, 0x5a, 0xc8,
+    0x3e, 0xd9, 0x54, 0x40, 0xd4, 0xce, 0x88, 0xbb,
+    0x66, 0xf1, 0x74, 0x20, 0xa2, 0x3c, 0x31, 0x09,
+    0xba, 0xac, 0x61, 0x15, 0x9f, 0x73, 0x5f, 0xa7,
+    0xe5, 0x0d, 0xb3, 0xab, 0xa2, 0x72, 0x25, 0xc9,
+    0x87, 0x9b, 0x18, 0xdb, 0xff, 0xfb, 0x39, 0x84,
+    0x8d, 0xf8, 0x97, 0x47, 0xab, 0xc4, 0xfb, 0xc2,
+    0xd8, 0xe8, 0xce, 0x6e, 0x65, 0x76, 0x88, 0x4a,
+    0x22, 0x2f, 0xdd, 0x43, 0xa7, 0xc4, 0x8d, 0x32,
+    0x12, 0x75, 0x0b, 0x72, 0xd6, 0xb7, 0x43, 0x84,
+    0xc8, 0x59, 0xa8, 0xb7, 0x8b, 0x84, 0x33, 0x92,
+    0x8f, 0x94, 0xe8, 0xd0, 0xaf, 0x11, 0x35, 0xde,
+    0xb7, 0x63, 0xb8, 0x91, 0x4c, 0x96, 0x4e, 0x9c,
+    0x62, 0x28, 0xa2, 0xbc, 0x0b, 0x90, 0xae, 0x94,
+    0x90, 0xe9, 0x32, 0xeb, 0xe3, 0x77, 0x60, 0x5f,
+    0x87, 0x48, 0x4b, 0xb0, 0x78, 0x0e, 0xe2, 0x85,
+    0x47, 0x06, 0xa4, 0xc9, 0x26, 0xac, 0x8f, 0xe7,
+    0xc2, 0xc7, 0xce, 0xf5, 0xd1, 0x20, 0xa8, 0x56,
+    0xe1, 0x4f, 0x50, 0x90, 0xb3, 0xc1, 0x03, 0x57,
+    0xd3, 0x62, 0x0e, 0x2a, 0xe8, 0x86, 0xf4, 0x94,
+    0x0e, 0xa5, 0x8b, 0x4e, 0x73, 0xa2, 0x76, 0xac,
+    0x00, 0x29, 0xe5, 0x80, 0x26, 0x02, 0x13, 0xd1,
+    0xb2, 0x68, 0x72, 0x23, 0x38, 0x55, 0xfc, 0x4d,
+    0x05, 0x60, 0x49, 0x7b, 0xfb, 0xaa, 0x17, 0x8f,
+    0x26, 0x0a, 0x08, 0x33, 0x8d, 0x7f, 0x4e, 0xe5,
+    0x6e, 0xf8, 0x84, 0x9b, 0x9f, 0xcb, 0xa2, 0x2b,
+    0xfb, 0xaf, 0xad, 0x21, 0xe2, 0x4f, 0x6f, 0x55,
+    0xc1, 0x78, 0x46, 0xe3, 0xb5, 0x63, 0x06, 0x9b,
+    0x93, 0x7d, 0xac, 0xd4, 0xe0, 0x64, 0x01, 0x8d,
+    0xac, 0x30, 0x8b, 0x8b, 0x55, 0xb7, 0x8a, 0x16,
+    0x3f, 0xc9, 0x82, 0x7f, 0xb5, 0x3b, 0x0d, 0xc0,
+    0x46, 0x89, 0x5c, 0x6c, 0x45, 0x21, 0x78, 0xda,
+    0x84, 0x1f, 0xc8, 0xcf, 0xf1, 0x1e, 0x79, 0x71,
+    0x3b, 0xc8, 0xe2, 0x8b, 0x41, 0xfe, 0xaf, 0x2f,
+    0x3b, 0x23, 0x13, 0xc5, 0x46, 0x87, 0xc6, 0x24,
+    0x37, 0x21, 0x68, 0x8a, 0x3e, 0x45, 0x61, 0xf4,
+    0xad, 0xf5, 0x1c, 0x23, 0x45, 0xa3, 0x42, 0xf2,
+    0xa9, 0xac, 0x94, 0x50, 0xc9, 0x3d, 0x5e, 0x70,
+    0x33, 0x2b, 0x78, 0xd1, 0x5c, 0x13, 0x35, 0xe6,
+    0x13, 0x80, 0x5e, 0x55, 0xa7, 0xcc, 0x67, 0xb0,
+    0x6c, 0xfe, 0xa2, 0x24, 0x02, 0x6d, 0xb3, 0xcb,
+    0x9e, 0x94, 0xb3, 0xc6, 0x01, 0xf3, 0x01, 0x3a,
+    0xe4, 0xa7, 0xa3, 0xdf, 0x56, 0x4c, 0x30, 0xce,
+    0xb1, 0xd5, 0x1b, 0x68, 0x9b, 0x75, 0xae, 0xf4,
+    0xb9, 0x2a, 0xe5, 0x8b, 0x7b, 0xe5, 0x99, 0x46,
+    0x5f, 0x29, 0xf6, 0x82, 0xd0, 0x42, 0xb1, 0x45,
+    0x09, 0x16, 0x5b, 0x32, 0x11, 0xca, 0x48, 0xea,
+    0x51, 0x12, 0x0a, 0x9f, 0x6e, 0x3f, 0x74, 0xe6,
+    0xe0, 0xfe, 0xf8, 0xa5, 0xc0, 0xfd, 0x15, 0x6e,
+    0x2b, 0x4a, 0xd5, 0x76, 0xa8, 0x3d, 0xe3, 0x0d,
+    0xfe, 0x44, 0x11, 0x5e, 0x7a, 0xde, 0x12, 0x29,
+    0x5a, 0x5a, 0x25, 0xc0, 0x8e, 0x98, 0xd1, 0x11,
+    0xc8, 0x00, 0x65, 0xb2, 0xf4, 0xd7, 0x56, 0x32,
+    0x46, 0x2b, 0x4f, 0x7e, 0xc3, 0x4e, 0xf1, 0x17,
+    0xff, 0x03, 0x32, 0xae, 0xe3, 0xbe, 0x0b, 0xab,
+    0xfb, 0x43, 0x0f, 0x6d, 0xa5, 0xc6, 0x44, 0xba,
+    0xc9, 0xe3, 0x3d, 0x40, 0xe7, 0x6c, 0xe8, 0x21,
+    0xb2, 0x46, 0x7b, 0x3b, 0x3d, 0xde, 0x80, 0xc8,
+    0xea, 0xf4, 0x6b, 0xf3, 0x53, 0xca, 0x51, 0x84,
+    0xcf, 0xad, 0x7e, 0xce, 0xce, 0xc2, 0x65, 0xfc,
+    0x03, 0x8c, 0xcb, 0xfa, 0xcb, 0x37, 0x89, 0x82,
+    0x59, 0x5e, 0x36, 0x52, 0xe4, 0xbc, 0x8d, 0x47,
+    0x7c, 0xb8, 0x3f, 0x63, 0x59, 0xdc, 0xd3, 0x74,
+    0x11, 0x33, 0xb4, 0x69, 0x74, 0x40, 0x0d, 0x42,
+    0x63, 0x1d, 0xe6, 0x5c, 0x1b, 0xca, 0x41, 0xff,
+    0x23, 0x4e, 0xe8, 0x3d, 0x14, 0xa8, 0x17, 0x18,
+    0xd0, 0x78, 0x08, 0x87, 0x7d, 0x5e, 0xdc, 0x3a,
+    0x07, 0xba, 0x12, 0x8e, 0x8e, 0x56, 0x0a, 0xcb,
+    0x37, 0xf6, 0x54, 0xeb, 0x55, 0x16, 0x8f, 0x06,
+    0x15, 0x28, 0x6b, 0xfb, 0xed, 0x38, 0x9e, 0x9b,
+    0x98, 0x5b, 0xdc, 0x67, 0x33, 0x0e, 0x02, 0x36,
+    0x1b, 0x7a, 0x9a, 0x43, 0xcd, 0xf2, 0x65, 0xef,
+    0x37, 0x19, 0x24, 0x6f, 0x4b, 0xb9, 0x4d, 0x3e,
+    0x0b, 0x47, 0xd1, 0x67, 0x50, 0x6a, 0x7f, 0x07
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    0x30, 0x82, 0x07, 0xb4, 0x30, 0x0d, 0x06, 0x0b,
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x06, 0x05, 0x03, 0x82, 0x07, 0xa1, 0x00,
+    0xff, 0x89, 0xee, 0xad, 0x20, 0x8f, 0x61, 0xa4,
+    0x07, 0x1c, 0x54, 0x98, 0x8c, 0xf4, 0x2e, 0xd9,
+    0xe6, 0x0f, 0xcb, 0x0e, 0xab, 0xa1, 0x37, 0x4d,
+    0xc0, 0x48, 0x24, 0x78, 0xd6, 0x2d, 0x9b, 0x6f,
+    0x0f, 0x17, 0x08, 0x71, 0xc3, 0xd1, 0xc8, 0x7a,
+    0xe7, 0x32, 0xcb, 0xcd, 0xd6, 0xb5, 0x90, 0x08,
+    0xe1, 0xda, 0xaa, 0x89, 0x3e, 0x4a, 0x62, 0x98,
+    0x3d, 0xc6, 0x71, 0x30, 0xb4, 0x63, 0xa5, 0x3b,
+    0xb3, 0x69, 0x75, 0x10, 0xaf, 0x5e, 0x72, 0x78,
+    0xa2, 0xef, 0x63, 0x63, 0x21, 0xe7, 0xf4, 0xa7,
+    0x9c, 0x50, 0x74, 0x14, 0x3e, 0xdd, 0x73, 0x9e,
+    0x97, 0x65, 0xdd, 0xdf, 0x3c, 0x40, 0x4d, 0x03,
+    0x49, 0xe4, 0xbf, 0x65, 0xe7, 0x44, 0x8f, 0x59,
+    0x00, 0xe2, 0x98, 0xb5, 0x66, 0xa3, 0x3b, 0x11,
+    0x9f, 0xc7, 0xc2, 0x16, 0x61, 0xf0, 0x1e, 0x89,
+    0xc8, 0x96, 0x8d, 0x18, 0xac, 0x86, 0xa0, 0xe2,
+    0xd9, 0x8c, 0xef, 0x53, 0x6d, 0x4e, 0x74, 0xc9,
+    0x66, 0x28, 0x16, 0xf3, 0x62, 0xc4, 0x6f, 0x2b,
+    0x6e, 0x36, 0x03, 0xad, 0xc5, 0xe4, 0x8f, 0x0b,
+    0x90, 0x8c, 0x8f, 0xff, 0x5d, 0xdf, 0x7a, 0xe6,
+    0xaf, 0x9a, 0x43, 0xbc, 0xd4, 0x73, 0x22, 0xdc,
+    0x5f, 0x08, 0xa1, 0x17, 0x97, 0x89, 0x79, 0xf5,
+    0xdc, 0xed, 0x4f, 0x85, 0x8e, 0x0c, 0x23, 0x35,
+    0x3c, 0x34, 0x19, 0x65, 0xf5, 0xd6, 0xc9, 0x2d,
+    0x7a, 0x2e, 0x67, 0xd5, 0xf1, 0x82, 0x97, 0xaa,
+    0x05, 0x26, 0x84, 0x25, 0x47, 0x58, 0x2c, 0xe6,
+    0x59, 0xc7, 0x98, 0x7a, 0xdb, 0x40, 0x45, 0x1c,
+    0x71, 0x55, 0x2e, 0xea, 0x3f, 0x6e, 0x7c, 0x82,
+    0x52, 0x6a, 0x19, 0x3a, 0xd3, 0xa1, 0x3c, 0xce,
+    0x00, 0x06, 0xec, 0xed, 0x97, 0xce, 0xd8, 0xdf,
+    0xde, 0xa3, 0xed, 0xe7, 0x81, 0x62, 0x02, 0x9c,
+    0x1b, 0x51, 0xa1, 0xf4, 0x9d, 0x1b, 0x28, 0x76,
+    0x93, 0x96, 0x20, 0x55, 0x60, 0x1f, 0xaf, 0x52,
+    0xc3, 0xce, 0xb9, 0x12, 0x66, 0xf5, 0x64, 0x22,
+    0x87, 0x86, 0x29, 0x80, 0x8f, 0x18, 0x33, 0xba,
+    0x48, 0x71, 0x1d, 0x00, 0xfe, 0xa5, 0xfc, 0xc6,
+    0x87, 0xbe, 0x44, 0x3c, 0xc9, 0x49, 0xfb, 0x68,
+    0x3c, 0xdf, 0xca, 0xef, 0xa7, 0xdc, 0x67, 0xb8,
+    0x28, 0xd6, 0xad, 0x18, 0xaf, 0xad, 0x1f, 0x4c,
+    0x85, 0xa3, 0x64, 0xac, 0x3f, 0xa9, 0x39, 0x28,
+    0xef, 0x8a, 0x45, 0x7e, 0xb0, 0xf4, 0x89, 0x72,
+    0xf7, 0xb1, 0xef, 0x9d, 0x1c, 0x3c, 0x93, 0xcb,
+    0xa0, 0xfb, 0x2a, 0x90, 0xe2, 0x1d, 0x49, 0x8e,
+    0x36, 0xb8, 0x07, 0xf4, 0xb3, 0x09, 0xf0, 0x6f,
+    0x3c, 0xd9, 0x37, 0x19, 0x57, 0xd4, 0x1e, 0x2a,
+    0xa2, 0xa7, 0x2e, 0xc1, 0xcd, 0x8d, 0x48, 0x47,
+    0xb5, 0x8a, 0x12, 0x93, 0x34, 0xb8, 0xec, 0x32,
+    0x07, 0x49, 0xb6, 0x8d, 0x73, 0xd4, 0x2c, 0x6a,
+    0xa0, 0x33, 0x29, 0x21, 0x5d, 0x37, 0xa9, 0x39,
+    0x40, 0xbe, 0x71, 0x29, 0xbe, 0xd1, 0x4b, 0xbc,
+    0x9a, 0x17, 0x93, 0x52, 0xb8, 0x81, 0xee, 0xc5,
+    0xff, 0x25, 0x78, 0x2f, 0x52, 0x0a, 0x8f, 0xb2,
+    0xef, 0xf3, 0x1d, 0x68, 0x56, 0x31, 0x29, 0x84,
+    0x55, 0x47, 0x32, 0x34, 0x0f, 0x60, 0x07, 0xd6,
+    0x2b, 0xb9, 0x29, 0xaf, 0x0f, 0xcd, 0x1c, 0xc0,
+    0x77, 0x4c, 0xc6, 0x31, 0xdb, 0xf4, 0x17, 0xbe,
+    0x3d, 0xf8, 0x8c, 0xf1, 0x02, 0x7c, 0x6b, 0xd4,
+    0xaf, 0x03, 0xb2, 0xf4, 0x78, 0x8d, 0xd3, 0x4e,
+    0x5c, 0x04, 0xb9, 0x01, 0xe3, 0x73, 0xb4, 0x67,
+    0xe9, 0xa8, 0x77, 0x6f, 0x87, 0x2b, 0xe2, 0x00,
+    0x98, 0x5f, 0x02, 0x43, 0x85, 0x03, 0x4c, 0x71,
+    0xd2, 0xe7, 0x61, 0x03, 0x22, 0x9e, 0xe5, 0xc2,
+    0xa7, 0x66, 0x42, 0x7c, 0x9f, 0xf4, 0xb8, 0x6b,
+    0x2d, 0xe4, 0xaa, 0x51, 0xda, 0x08, 0x73, 0x75,
+    0x26, 0x45, 0xdc, 0xa6, 0x20, 0xd7, 0xcb, 0x00,
+    0xfc, 0xe4, 0xdb, 0x28, 0x92, 0xf8, 0xb0, 0xc7,
+    0xf0, 0x4b, 0x6d, 0xe8, 0xc1, 0x84, 0x38, 0xed,
+    0x1a, 0xd4, 0x66, 0x69, 0xc4, 0x96, 0x40, 0xc4,
+    0x7d, 0xfa, 0x58, 0x70, 0x7e, 0x70, 0x40, 0xba,
+    0xfc, 0x95, 0xb6, 0x4c, 0x7c, 0x58, 0xbc, 0xb3,
+    0x59, 0x08, 0x14, 0x03, 0x35, 0xf3, 0xf1, 0xaa,
+    0xd5, 0xa2, 0x57, 0x70, 0xb6, 0x20, 0x75, 0x0a,
+    0x58, 0x66, 0x74, 0xf7, 0x1c, 0xfd, 0x99, 0x7c,
+    0x20, 0xda, 0xe7, 0x76, 0xcb, 0xf4, 0xa3, 0x9b,
+    0xbc, 0x8f, 0x74, 0xef, 0xe2, 0x46, 0x5a, 0x72,
+    0x33, 0x06, 0x32, 0x1e, 0xbd, 0x4e, 0x4c, 0xf6,
+    0x16, 0x43, 0xa5, 0xa5, 0xa5, 0x6c, 0x76, 0x33,
+    0x35, 0x63, 0xdc, 0xe4, 0xec, 0x7f, 0x8a, 0xfa,
+    0xc3, 0x53, 0x69, 0x28, 0xf7, 0xd6, 0x97, 0xb9,
+    0x3a, 0xf4, 0x15, 0x90, 0x50, 0xd3, 0xdf, 0xf5,
+    0xd3, 0xcf, 0x15, 0x76, 0xe3, 0x3d, 0x24, 0x14,
+    0xfd, 0xd3, 0x01, 0x25, 0x82, 0xb4, 0xe3, 0xd8,
+    0x68, 0x89, 0x86, 0xa8, 0x26, 0x02, 0x5f, 0xc6,
+    0xf4, 0x99, 0x3b, 0x97, 0xa8, 0x65, 0xed, 0x18,
+    0xbb, 0x3c, 0x43, 0x4a, 0x6e, 0xaa, 0xbc, 0x83,
+    0x85, 0x19, 0x9f, 0x9b, 0xb8, 0xa4, 0xa3, 0xb2,
+    0xb7, 0x56, 0x07, 0x6c, 0xbf, 0x7d, 0xff, 0x5d,
+    0xb5, 0x1e, 0x83, 0xc8, 0x74, 0x70, 0x98, 0x17,
+    0x40, 0xe0, 0x2d, 0xad, 0x31, 0x00, 0x8e, 0x42,
+    0xd5, 0xb2, 0x25, 0xaa, 0x82, 0xaf, 0x33, 0xd8,
+    0x5b, 0xe2, 0x07, 0xed, 0xda, 0x84, 0xe9, 0xa2,
+    0xff, 0xbb, 0xa5, 0x47, 0x95, 0x6e, 0xa1, 0x8d,
+    0x59, 0x52, 0xeb, 0xf3, 0x3c, 0x18, 0x29, 0x92,
+    0x72, 0x27, 0x18, 0xfc, 0x95, 0xb9, 0xde, 0x46,
+    0xda, 0xcc, 0x4c, 0x31, 0x1d, 0x78, 0x86, 0xd2,
+    0x8c, 0x38, 0x9c, 0x32, 0xab, 0xf7, 0xca, 0x73,
+    0x85, 0xa5, 0xf1, 0xe0, 0x25, 0x06, 0xf9, 0x18,
+    0x14, 0xab, 0x3b, 0x73, 0x26, 0xee, 0xa0, 0xfd,
+    0x15, 0xac, 0xd6, 0x4e, 0x6b, 0xdb, 0x01, 0xa1,
+    0xdc, 0xd1, 0x2f, 0xd2, 0xb7, 0x5e, 0x12, 0x4f,
+    0x4b, 0x59, 0xd8, 0x03, 0x12, 0x60, 0xc9, 0x81,
+    0xb7, 0x06, 0x23, 0x09, 0xc4, 0xd9, 0xa8, 0x93,
+    0x6e, 0x96, 0xf4, 0x93, 0x53, 0xf0, 0x3d, 0xde,
+    0x10, 0x88, 0xb1, 0xd0, 0xcc, 0xad, 0x2c, 0xbf,
+    0x88, 0x98, 0x8f, 0x25, 0x76, 0xd7, 0x65, 0x77,
+    0xcc, 0x36, 0x1d, 0x1b, 0x6b, 0x60, 0x58, 0xc4,
+    0xfe, 0xe6, 0xca, 0xa8, 0x29, 0x33, 0x69, 0x36,
+    0xb8, 0x12, 0x95, 0x38, 0xd9, 0xd4, 0x16, 0xe9,
+    0x3e, 0x40, 0x8c, 0xc7, 0xae, 0x04, 0x11, 0xdf,
+    0x51, 0xd3, 0xdd, 0xbf, 0xa9, 0x41, 0x43, 0x4c,
+    0xff, 0x87, 0x2f, 0xea, 0x0f, 0x13, 0x66, 0x2a,
+    0x2b, 0x18, 0xe8, 0xc4, 0xff, 0xa0, 0x1c, 0x78,
+    0x79, 0x21, 0xf8, 0xaa, 0x8a, 0xf8, 0x92, 0xdf,
+    0x7b, 0x5f, 0x6a, 0x71, 0x60, 0x67, 0x5d, 0x94,
+    0xf6, 0xbb, 0x1d, 0x90, 0x7c, 0x51, 0x70, 0x1d,
+    0x87, 0xde, 0xf8, 0x91, 0xcb, 0x42, 0x9f, 0xc7,
+    0x4b, 0xa0, 0x16, 0xee, 0xb4, 0x73, 0xe8, 0xe0,
+    0x0b, 0xa5, 0xd3, 0x26, 0x9e, 0x52, 0xda, 0x4a,
+    0x1f, 0xae, 0x76, 0xbf, 0xbb, 0x4d, 0x74, 0x98,
+    0xa6, 0xae, 0xc0, 0x60, 0x96, 0xc5, 0xad, 0x9b,
+    0x91, 0x31, 0xb9, 0x50, 0x3d, 0x9a, 0x0f, 0xe1,
+    0x93, 0xef, 0x08, 0x72, 0xb2, 0x66, 0xe5, 0x5d,
+    0xe4, 0x15, 0x53, 0x8e, 0xb0, 0xb3, 0xf8, 0x78,
+    0xfc, 0x5d, 0x44, 0xc5, 0xbf, 0xf5, 0x01, 0x54,
+    0xc5, 0x45, 0xa9, 0x30, 0xa4, 0xf1, 0x49, 0x79,
+    0x4e, 0xab, 0xfc, 0xb2, 0x93, 0xe7, 0x3a, 0xe1,
+    0x7f, 0x1f, 0x2f, 0x45, 0x3a, 0x53, 0x2b, 0x68,
+    0xb3, 0xa4, 0xac, 0x23, 0x54, 0xb7, 0x5d, 0x25,
+    0xa3, 0xe3, 0x90, 0x8a, 0xb0, 0x02, 0xfb, 0x7f,
+    0x2d, 0xeb, 0x80, 0xc2, 0x5c, 0x62, 0xe1, 0x36,
+    0x5a, 0x82, 0x8f, 0x4e, 0x74, 0xeb, 0x7d, 0x70,
+    0xaf, 0x23, 0x92, 0x65, 0x3a, 0x11, 0xc0, 0x29,
+    0xdb, 0xf7, 0x9a, 0xdc, 0x81, 0x45, 0x25, 0x0c,
+    0x2e, 0x4f, 0x88, 0x41, 0x34, 0x53, 0xc6, 0x08,
+    0x21, 0x77, 0xc1, 0xbb, 0x61, 0x48, 0x20, 0x69,
+    0x1a, 0xbb, 0x71, 0x1b, 0x56, 0x18, 0x79, 0x75,
+    0x16, 0x9a, 0xb3, 0x79, 0x31, 0x11, 0xa2, 0x89,
+    0x8d, 0xea, 0x10, 0xb0, 0x04, 0x7f, 0xf8, 0x6e,
+    0xdc, 0x08, 0x9b, 0x51, 0xa7, 0x64, 0xbd, 0x8d,
+    0xd4, 0xd0, 0x1e, 0x38, 0x50, 0x1a, 0xa8, 0x7e,
+    0x20, 0xae, 0xee, 0x8c, 0xa7, 0x72, 0x94, 0xc9,
+    0xba, 0xf0, 0x67, 0xbd, 0x25, 0x1a, 0x3a, 0xdf,
+    0x75, 0x39, 0xb7, 0xd3, 0x83, 0x3b, 0x89, 0xdf,
+    0xb5, 0x2d, 0xd3, 0x12, 0x24, 0x21, 0x7c, 0x9e,
+    0x92, 0x1c, 0x19, 0xae, 0x28, 0xcb, 0x2e, 0x2e,
+    0x3c, 0xa9, 0x9b, 0xbd, 0xf9, 0x33, 0x30, 0xb2,
+    0xbd, 0x8b, 0xbf, 0xc1, 0x8b, 0x32, 0xf1, 0x20,
+    0xa1, 0x00, 0xfd, 0x11, 0x7d, 0x9a, 0xa8, 0x14,
+    0x2c, 0xce, 0x16, 0x16, 0x4b, 0xdd, 0x56, 0x91,
+    0x15, 0x36, 0x83, 0xcb, 0x01, 0x58, 0x35, 0xe1,
+    0xdc, 0x22, 0x3d, 0xf8, 0xc2, 0x06, 0x54, 0x68,
+    0x77, 0xd1, 0x47, 0x28, 0xdc, 0x09, 0x2a, 0x86,
+    0x13, 0x80, 0xa6, 0xe9, 0xd0, 0xb4, 0xa3, 0x41,
+    0x47, 0xf4, 0x71, 0x24, 0x10, 0x4c, 0x9f, 0xb7,
+    0x57, 0x34, 0x48, 0x1b, 0xb4, 0xed, 0x0e, 0x89,
+    0x4c, 0xf1, 0x73, 0x44, 0xff, 0x35, 0xb6, 0xe0,
+    0x8f, 0x02, 0xa3, 0xa3, 0x81, 0x55, 0x38, 0xb5,
+    0xc1, 0x99, 0xb3, 0x88, 0x84, 0x0d, 0xd9, 0x73,
+    0x77, 0x65, 0x0b, 0xd7, 0xf8, 0x03, 0x88, 0xcb,
+    0xdf, 0x25, 0xaf, 0xc6, 0xf1, 0xfa, 0x5c, 0x4d,
+    0xfa, 0xc3, 0x7b, 0x8f, 0xb8, 0x38, 0x5d, 0x29,
+    0xbb, 0x3d, 0x3e, 0x62, 0x1c, 0xdd, 0xe6, 0x97,
+    0xe6, 0xe9, 0xbe, 0x6e, 0xd2, 0xb7, 0x7a, 0x9a,
+    0x8e, 0xaf, 0xb3, 0xc8, 0x9e, 0x19, 0xee, 0x3d,
+    0x5b, 0x1f, 0xec, 0x34, 0x3a, 0x1c, 0x27, 0x90,
+    0xbd, 0x1e, 0x49, 0x72, 0x25, 0x2e, 0x38, 0x48,
+    0x7d, 0xe1, 0x85, 0x46, 0xa7, 0x1b, 0x4a, 0xd5,
+    0x23, 0x75, 0x6d, 0x8b, 0xc3, 0xf1, 0x87, 0xec,
+    0x8b, 0x45, 0xf0, 0x9b, 0xb2, 0x14, 0x7a, 0x7c,
+    0x8d, 0x78, 0x9c, 0x82, 0x64, 0x14, 0xfe, 0x01,
+    0xfa, 0x04, 0x33, 0x96, 0xdd, 0x5f, 0x56, 0xbc,
+    0xb2, 0x03, 0xe3, 0x0c, 0xa1, 0x09, 0x66, 0xa0,
+    0x5e, 0x44, 0xde, 0x21, 0xae, 0x7d, 0x7a, 0x0e,
+    0x81, 0x27, 0xd2, 0xfb, 0x85, 0xed, 0x27, 0x27,
+    0xac, 0x11, 0x1c, 0xa1, 0x6d, 0xe9, 0xc1, 0xca,
+    0xf6, 0x40, 0x7c, 0x95, 0x01, 0xb7, 0xa8, 0x29,
+    0x9a, 0xd2, 0xcc, 0x62, 0x70, 0x1c, 0x7d, 0x0e,
+    0xe5, 0x60, 0xcb, 0x79, 0xa3, 0xd7, 0x5d, 0x48,
+    0x4b, 0x3c, 0xf8, 0x12, 0xe8, 0x7a, 0x7e, 0x83,
+    0xab, 0x24, 0x33, 0x0f, 0x7b, 0x0a, 0x38, 0xae,
+    0xb1, 0xfc, 0xc3, 0x50, 0x5c, 0x83, 0x53, 0xfd,
+    0x15, 0xd6, 0x49, 0x54, 0xb6, 0x40, 0xe5, 0xe8,
+    0x55, 0xba, 0x08, 0x2f, 0x21, 0xd7, 0x0e, 0x71,
+    0x8a, 0xb2, 0xe1, 0x6b, 0xc6, 0x7e, 0x0f, 0x1c,
+    0x4d, 0x41, 0x9f, 0x38, 0xc2, 0xce, 0x41, 0x41,
+    0x48, 0xcd, 0xec, 0x16, 0x1d, 0x23, 0x8e, 0x41,
+    0xcd, 0x5e, 0xf9, 0x5f, 0x01, 0x5e, 0x73, 0xa2,
+    0xa1, 0xef, 0xe9, 0x57, 0xe0, 0xba, 0xe6, 0xbb,
+    0x2b, 0xff, 0x3e, 0xb8, 0xad, 0xd5, 0x12, 0xc1,
+    0x54, 0x49, 0xca, 0x93, 0xb0, 0x7d, 0x7b, 0xcf,
+    0xf0, 0xc5, 0x94, 0x43, 0x30, 0x94, 0x11, 0x8d,
+    0x15, 0x79, 0x2e, 0x57, 0xb8, 0x24, 0xcd, 0x2e,
+    0xc2, 0x49, 0x3d, 0x92, 0x44, 0x23, 0x0c, 0x3e,
+    0xa0, 0xf9, 0xa5, 0xad, 0x2a, 0x56, 0xec, 0xf4,
+    0x6d, 0x0f, 0x5b, 0xb5, 0xd4, 0x2a, 0x3f, 0x2b,
+    0x17, 0x9f, 0x5d, 0x33, 0x97, 0x42, 0xd4, 0x1e,
+    0x14, 0x49, 0x01, 0xfb, 0xb6, 0x72, 0xbc, 0x14,
+    0x5b, 0x79, 0xf4, 0x0a, 0xc5, 0x49, 0xe1, 0x76,
+    0x44, 0x78, 0x87, 0xd1, 0x8e, 0x5b, 0xd5, 0x95,
+    0xad, 0x19, 0x7c, 0x0d, 0x39, 0x7f, 0x41, 0x2e,
+    0xd7, 0x9e, 0xbc, 0xfd, 0x2c, 0xde, 0xfa, 0x01,
+    0x7d, 0x2b, 0x04, 0xef, 0x4d, 0xf9, 0xf4, 0x5b,
+    0xed, 0x05, 0x9a, 0x50, 0x35, 0xe7, 0xb0, 0xba,
+    0x24, 0xea, 0x16, 0x51, 0xe1, 0x6f, 0x32, 0x08,
+    0x94, 0xd6, 0x19, 0x9d, 0x0e, 0x4c, 0xc1, 0xbb,
+    0x01, 0x87, 0xa5, 0x90, 0x5f, 0x6f, 0xc4, 0xed,
+    0xa1, 0x4c, 0x06, 0x4d, 0x2c, 0x47, 0x24, 0xda,
+    0xae, 0xd2, 0x41, 0x92, 0x1f, 0x46, 0xce, 0xec,
+    0xb1, 0xcc, 0x80, 0x1e, 0xb2, 0xcb, 0x66, 0x48,
+    0x22, 0xec, 0x0e, 0x47, 0xfc, 0xad, 0x17, 0xfe,
+    0x7b, 0xc5, 0x4d, 0x34, 0x95, 0x40, 0xd0, 0x02,
+    0x7e, 0x90, 0xaa, 0x92, 0xaf, 0x48, 0x64, 0xc5,
+    0xc1, 0x56, 0xd8, 0x9b, 0x6c, 0x5f, 0x2e, 0xfa,
+    0xd7, 0x84, 0xdc, 0x71, 0x65, 0x1b, 0xfb, 0xbc,
+    0x21, 0xc7, 0x57, 0xf4, 0x71, 0x2e, 0x6f, 0x34,
+    0x85, 0x99, 0xa8, 0x5c, 0x6f, 0x34, 0x22, 0x44,
+    0x89, 0x01, 0xf9, 0x48, 0xd2, 0xe2, 0xe4, 0x71,
+    0x9d, 0x48, 0x07, 0x97, 0xd4, 0x66, 0xe4, 0x4d,
+    0x48, 0xa3, 0x08, 0x7f, 0x6e, 0xaa, 0x7b, 0xe9,
+    0x93, 0x81, 0x03, 0x0c, 0xd2, 0x48, 0xcf, 0x3f,
+    0x5f, 0xbe, 0x03, 0xfb, 0x0f, 0xad, 0xc3, 0x81,
+    0xd9, 0xce, 0x88, 0x0b, 0xfa, 0xed, 0x29, 0x7e,
+    0x0b, 0xa1, 0x6f, 0x4c, 0x7d, 0xe4, 0x36, 0xff,
+    0xdf, 0x94, 0x1a, 0x24, 0xb3, 0x7b, 0xca, 0x24,
+    0x7e, 0x3a, 0x19, 0x53, 0x13, 0x4a, 0x17, 0x58,
+    0xe7, 0x16, 0x9b, 0x50, 0xd8, 0xda, 0xcc, 0x6e,
+    0x05, 0x25, 0xfe, 0x16, 0xcb, 0x5b, 0xd5, 0x35,
+    0x76, 0x40, 0x44, 0x96, 0x23, 0x97, 0xe2, 0x4a,
+    0x72, 0x0c, 0x54, 0x43, 0xc0, 0x09, 0x85, 0x8e,
+    0x15, 0x85, 0xaf, 0x3c, 0x5e, 0x5f, 0x3c, 0x2d,
+    0x21, 0x42, 0x75, 0xb7, 0xe4, 0x50, 0xf9, 0x00,
+    0xa3, 0x4f, 0xb1, 0x7c, 0xfe, 0x62, 0xd0, 0xe9,
+    0x6d, 0x51, 0xcc, 0x83, 0xc1, 0xdc, 0x37, 0x10,
+    0x90, 0x0a, 0x15, 0xd8, 0xd5, 0x02, 0xf7, 0x74,
+    0xb8, 0x46, 0x84, 0xc3, 0x61, 0x17, 0x26, 0x0f,
+    0xe4, 0xde, 0x1a, 0xcf, 0x42, 0x53, 0x63, 0x2f,
+    0x8d, 0xf7, 0x06, 0x07, 0xc3, 0x33, 0x39, 0x59,
+    0xe9, 0x17, 0xc8, 0x05, 0xd2, 0xa2, 0xae, 0x53,
+    0x2c, 0x7e, 0xd0, 0x9d, 0x5c, 0xb5, 0x42, 0x9f,
+    0x84, 0xd7, 0xfe, 0x93, 0x74, 0xfb, 0xbb, 0xd2,
+    0x1e, 0x57, 0x4e, 0x7f, 0x79, 0xaf, 0xd2, 0xf9,
+    0x5e, 0x41, 0x9e, 0x63, 0x54, 0x61, 0x47, 0x0c,
+    0x92, 0x4c, 0xc9, 0xfe, 0x4f, 0xcb, 0xe5, 0x8e,
+    0x65, 0xb3, 0x97, 0x1b, 0xd8, 0xd1, 0x62, 0xfd
+#else
+    0x30, 0x82, 0x0a, 0x34, 0x30, 0x0d, 0x06, 0x0b,
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
+    0x0c, 0x08, 0x07, 0x03, 0x82, 0x0a, 0x21, 0x00,
+    0x7f, 0x5f, 0x63, 0x81, 0x6f, 0x04, 0x4c, 0xec,
+    0xa8, 0xaf, 0x7b, 0x99, 0x41, 0xc6, 0xff, 0xdf,
+    0x77, 0x66, 0x28, 0xc0, 0xe2, 0x58, 0xea, 0x9c,
+    0x60, 0xbb, 0x03, 0x3e, 0xca, 0xa8, 0x38, 0x64,
+    0xfb, 0xf7, 0x1b, 0x3f, 0xec, 0xfd, 0x0f, 0xf1,
+    0x9c, 0xe4, 0xfd, 0xad, 0x83, 0xf7, 0x03, 0x66,
+    0x6e, 0x7f, 0x4d, 0x42, 0xab, 0x6b, 0x73, 0x26,
+    0xde, 0x6f, 0x8c, 0xc4, 0xca, 0x21, 0x66, 0x31,
+    0x79, 0x57, 0x88, 0xcb, 0x1e, 0xab, 0xda, 0x1d,
+    0x56, 0x70, 0xd9, 0x83, 0xa1, 0xb4, 0x83, 0xce,
+    0xcc, 0x0f, 0xeb, 0xd6, 0x63, 0xbd, 0xf6, 0x02,
+    0x5d, 0x5b, 0x0c, 0x17, 0x3c, 0x3e, 0x15, 0x02,
+    0x22, 0xa1, 0x5d, 0xb5, 0xc5, 0x81, 0x28, 0x95,
+    0x0b, 0x34, 0x2b, 0x96, 0x0a, 0xae, 0x6a, 0xa8,
+    0xb5, 0x1d, 0x56, 0xbb, 0x7d, 0x83, 0x9a, 0x15,
+    0xad, 0x63, 0x9e, 0x86, 0x8c, 0x6e, 0x6a, 0xa8,
+    0xde, 0x55, 0xd0, 0xce, 0xc0, 0x2e, 0x05, 0xfe,
+    0x1f, 0x4d, 0xd7, 0x12, 0xa4, 0x5a, 0xe9, 0x04,
+    0x0d, 0x20, 0x84, 0x90, 0xb9, 0xca, 0x64, 0xe4,
+    0xad, 0x2e, 0x74, 0x4b, 0x1d, 0x2f, 0xcc, 0xac,
+    0xd8, 0x1a, 0x5e, 0xb2, 0x78, 0xbe, 0x61, 0xf7,
+    0x36, 0xa3, 0xd1, 0x93, 0x86, 0xb5, 0x15, 0xf1,
+    0x74, 0xf8, 0x9f, 0x6d, 0x6a, 0x8f, 0x6d, 0x86,
+    0x8b, 0x36, 0x61, 0x10, 0xc9, 0x1a, 0x31, 0x39,
+    0x09, 0xe6, 0x15, 0xa0, 0xb1, 0xfa, 0x69, 0xd4,
+    0xc2, 0xb2, 0x56, 0x4c, 0x06, 0x33, 0x13, 0xc4,
+    0x78, 0x53, 0x16, 0xfc, 0x52, 0x99, 0xe6, 0x27,
+    0xc9, 0x3b, 0x24, 0x5c, 0x3e, 0x85, 0x73, 0x76,
+    0x61, 0xa3, 0x61, 0xf0, 0x95, 0xd5, 0xb2, 0xf5,
+    0x21, 0xe7, 0x09, 0xc3, 0x0c, 0x5c, 0xb0, 0x36,
+    0xce, 0x45, 0x68, 0x41, 0x45, 0xcb, 0x1c, 0x36,
+    0x2f, 0x3a, 0x00, 0x07, 0x56, 0xbe, 0x61, 0xd2,
+    0x77, 0x37, 0x63, 0xa4, 0xdb, 0xfa, 0xa9, 0x6b,
+    0x37, 0x90, 0x35, 0xd1, 0x1e, 0x27, 0x5b, 0x3e,
+    0xc0, 0x0a, 0x02, 0x64, 0xe4, 0x58, 0x49, 0xab,
+    0x2d, 0xc1, 0x38, 0x29, 0x3d, 0x44, 0xf9, 0xac,
+    0xb7, 0x65, 0xd1, 0x5f, 0xf8, 0xce, 0x52, 0x76,
+    0x22, 0x15, 0x61, 0x02, 0x1f, 0xa7, 0xcd, 0xff,
+    0xeb, 0xa6, 0x7f, 0x6b, 0xba, 0x75, 0xe3, 0x09,
+    0x01, 0x06, 0x41, 0x20, 0x88, 0x75, 0x64, 0x6b,
+    0x97, 0x38, 0x13, 0xab, 0x4c, 0x0a, 0xd4, 0x7e,
+    0xd2, 0xfa, 0x78, 0xe8, 0x9f, 0x5d, 0xf9, 0x53,
+    0x30, 0x17, 0xf1, 0x10, 0x9e, 0x4a, 0x32, 0x17,
+    0x3a, 0x9b, 0xb9, 0x25, 0x8e, 0xeb, 0xd9, 0x41,
+    0x01, 0xa2, 0xc6, 0x58, 0x4a, 0x9f, 0xc3, 0x73,
+    0xfd, 0xe2, 0xe4, 0x2c, 0x92, 0xb4, 0xa2, 0x3d,
+    0x0f, 0x1f, 0x37, 0x64, 0xf1, 0x17, 0x2a, 0x8c,
+    0xc6, 0xb5, 0xb0, 0x69, 0x7d, 0xfe, 0x08, 0xe0,
+    0x8e, 0xaa, 0xe0, 0x08, 0xd5, 0x28, 0x92, 0x51,
+    0x73, 0x8a, 0x2f, 0x7a, 0x4a, 0xbf, 0x52, 0x8d,
+    0x3e, 0x9b, 0x36, 0x6a, 0xfb, 0x19, 0xf0, 0xea,
+    0xfe, 0x05, 0xbd, 0x2d, 0xa9, 0x58, 0x48, 0x02,
+    0xa8, 0x20, 0x9e, 0xdc, 0x04, 0x57, 0xc2, 0x0c,
+    0xae, 0xc1, 0x03, 0xe7, 0x17, 0x48, 0x80, 0x00,
+    0x8d, 0x1b, 0xd0, 0xc5, 0xdc, 0x2a, 0x02, 0x6e,
+    0x8e, 0x54, 0xf3, 0x79, 0x31, 0x02, 0x93, 0xc5,
+    0xf2, 0x55, 0xea, 0x61, 0xd0, 0xb2, 0x8e, 0xc9,
+    0x74, 0x17, 0x0d, 0x38, 0xf8, 0xab, 0xf4, 0x42,
+    0xd4, 0xc2, 0xdc, 0xf7, 0x1b, 0xdb, 0x65, 0x36,
+    0x9f, 0x56, 0xe2, 0xeb, 0xf7, 0xe5, 0x2d, 0x45,
+    0xae, 0xc0, 0x95, 0xbc, 0xe4, 0x1f, 0x22, 0xdc,
+    0x0f, 0x54, 0xed, 0x14, 0xb8, 0xf1, 0x2f, 0x5d,
+    0xd1, 0x79, 0xa0, 0x81, 0x17, 0x71, 0xa1, 0xd6,
+    0xf0, 0x88, 0x9c, 0x1c, 0xc7, 0x95, 0x07, 0xb0,
+    0xea, 0xf7, 0xd3, 0xa2, 0x55, 0xfe, 0x85, 0x65,
+    0x42, 0x06, 0xec, 0xd2, 0xbe, 0x03, 0x8f, 0x63,
+    0x84, 0x4b, 0xb1, 0x47, 0x48, 0x20, 0x71, 0xd2,
+    0xdf, 0xc9, 0x59, 0xb0, 0x24, 0x8a, 0x6e, 0xf9,
+    0x4a, 0xa1, 0x7b, 0xed, 0x11, 0xb6, 0xf9, 0x9b,
+    0xf7, 0x93, 0x0e, 0xcb, 0x7a, 0x32, 0x22, 0x23,
+    0x4e, 0x86, 0xce, 0xad, 0x9d, 0x1b, 0x84, 0x57,
+    0xaf, 0xa5, 0x04, 0x03, 0x0a, 0xc9, 0x04, 0x97,
+    0xd0, 0xce, 0x8e, 0x2a, 0x9a, 0x00, 0x15, 0xeb,
+    0xac, 0x96, 0x57, 0xde, 0xe6, 0xc1, 0x2d, 0xbd,
+    0xfc, 0xd6, 0x95, 0x0f, 0x5f, 0x19, 0xac, 0xaf,
+    0x6c, 0xd8, 0xa6, 0x1e, 0xd8, 0xdb, 0x14, 0xfd,
+    0xba, 0x0f, 0xd0, 0x3f, 0x61, 0xe3, 0x76, 0xfc,
+    0x47, 0x61, 0x07, 0x24, 0x49, 0x17, 0xca, 0x24,
+    0x31, 0x16, 0x26, 0x4f, 0xdc, 0x2b, 0x39, 0xae,
+    0x5f, 0xfa, 0x4f, 0x82, 0xef, 0xe1, 0x41, 0x8c,
+    0x3e, 0x8e, 0xa7, 0x6c, 0xf2, 0x51, 0xf7, 0x85,
+    0x35, 0x6c, 0xad, 0xea, 0x32, 0x35, 0xf3, 0xc0,
+    0x14, 0x17, 0xe2, 0x98, 0x27, 0x36, 0x7e, 0x60,
+    0x2f, 0x01, 0x60, 0x3e, 0x18, 0xf4, 0x4e, 0xe0,
+    0xf5, 0x14, 0x21, 0x81, 0x05, 0x78, 0x1c, 0x5f,
+    0x4e, 0x89, 0xbb, 0x23, 0x60, 0xb1, 0x8f, 0x07,
+    0x53, 0x16, 0x6e, 0xfb, 0x86, 0x07, 0x90, 0xff,
+    0xa6, 0x27, 0x60, 0xe6, 0x3e, 0x92, 0x2a, 0x3c,
+    0xa3, 0x57, 0xec, 0x97, 0x23, 0xaf, 0xd2, 0x44,
+    0xac, 0x09, 0x87, 0xb0, 0x54, 0xe9, 0x5b, 0x50,
+    0x37, 0xfa, 0x12, 0xa4, 0xcb, 0x6f, 0xed, 0x9f,
+    0x29, 0x73, 0xa7, 0x09, 0x29, 0x91, 0x93, 0x5c,
+    0x54, 0xf4, 0x44, 0xc2, 0x04, 0x64, 0xfc, 0xd2,
+    0xf2, 0x0a, 0x0b, 0x45, 0x1f, 0xc5, 0x18, 0xf0,
+    0xff, 0x10, 0x1f, 0x3a, 0x97, 0xf8, 0xb1, 0x83,
+    0x0e, 0x08, 0xe2, 0x55, 0x75, 0x6a, 0x45, 0x96,
+    0xf8, 0x1b, 0xdc, 0xb6, 0x57, 0x83, 0x8c, 0x28,
+    0xc0, 0x4a, 0x57, 0xc6, 0xfb, 0x27, 0x3d, 0xfa,
+    0x5a, 0x0d, 0x69, 0x56, 0x23, 0x66, 0x02, 0x78,
+    0xca, 0xf1, 0xfa, 0xcb, 0xc1, 0xf6, 0x92, 0x1c,
+    0xa0, 0xe3, 0x09, 0x7d, 0x48, 0x5e, 0x86, 0xa0,
+    0x82, 0xa8, 0xf1, 0x1e, 0xe1, 0xfe, 0xc6, 0x9d,
+    0x4f, 0x2e, 0xf4, 0xfc, 0xc6, 0x48, 0x1d, 0xc1,
+    0x2a, 0x6a, 0xb7, 0xea, 0x46, 0x89, 0x04, 0xe9,
+    0xbd, 0xf1, 0xed, 0x16, 0x76, 0xd8, 0x4b, 0x42,
+    0xd5, 0x43, 0xa4, 0xfb, 0x02, 0x01, 0x54, 0x00,
+    0xaf, 0x55, 0x52, 0x27, 0xff, 0x00, 0xe2, 0xbb,
+    0x4a, 0xf2, 0x69, 0xb4, 0x4e, 0x6c, 0x6b, 0xa3,
+    0x96, 0x4f, 0xf4, 0x65, 0x90, 0x2d, 0xc8, 0x57,
+    0x1f, 0xb2, 0xf0, 0x86, 0x7b, 0x93, 0x09, 0x49,
+    0x31, 0xc4, 0xf4, 0x8f, 0xc8, 0x2d, 0xac, 0x1d,
+    0xfc, 0xba, 0xa4, 0xa5, 0x41, 0x90, 0x76, 0x7d,
+    0x9e, 0x47, 0xdc, 0x10, 0xe6, 0x0c, 0xf7, 0x0f,
+    0xa4, 0xba, 0x4f, 0xe2, 0x46, 0x38, 0x4c, 0x28,
+    0xa0, 0x57, 0xb5, 0x3c, 0xb3, 0x4b, 0x8f, 0x03,
+    0x04, 0xff, 0xf6, 0xec, 0x60, 0x90, 0x62, 0xfe,
+    0x74, 0x76, 0x48, 0xb3, 0xf4, 0x0a, 0x6a, 0x5a,
+    0x5b, 0xad, 0xc8, 0x54, 0x62, 0x11, 0x52, 0xd9,
+    0x84, 0x1a, 0x09, 0x4b, 0xca, 0x66, 0xaa, 0x3c,
+    0x36, 0x08, 0x9d, 0x58, 0xd0, 0x4a, 0x3a, 0x8b,
+    0x24, 0xe0, 0x80, 0x9f, 0xe3, 0x76, 0xb6, 0x07,
+    0xb1, 0xbc, 0x00, 0x98, 0xb0, 0xc1, 0xe0, 0xf6,
+    0x1f, 0x4d, 0xa8, 0xd1, 0x69, 0x44, 0x9c, 0x33,
+    0xb0, 0x0f, 0x9c, 0xc9, 0x0c, 0x8c, 0xbc, 0x03,
+    0x58, 0x81, 0x76, 0xab, 0x0d, 0xef, 0x25, 0x5a,
+    0xf6, 0xab, 0x3b, 0xf1, 0x1f, 0x97, 0x12, 0x8e,
+    0x7f, 0x28, 0x77, 0x26, 0x18, 0xc4, 0xc4, 0xda,
+    0x2c, 0x43, 0x57, 0xd2, 0x1f, 0x67, 0x95, 0x40,
+    0x2c, 0x94, 0x41, 0x69, 0x22, 0x8a, 0x24, 0xd9,
+    0xc7, 0xfc, 0xea, 0x49, 0x83, 0x8f, 0x5d, 0x2e,
+    0x9d, 0xac, 0x17, 0xb6, 0xe0, 0xc4, 0xe7, 0xe6,
+    0xd5, 0xc2, 0x73, 0xa1, 0x8f, 0x33, 0x14, 0x02,
+    0xae, 0x01, 0x9f, 0x6f, 0x40, 0x92, 0x4e, 0x03,
+    0xc2, 0xa9, 0xf1, 0x36, 0x78, 0xe4, 0xde, 0x39,
+    0x4d, 0x29, 0x2e, 0xc2, 0x00, 0x93, 0x79, 0xe4,
+    0xb2, 0x29, 0x4b, 0x81, 0x5c, 0x06, 0x06, 0xbc,
+    0xc1, 0x01, 0x1c, 0xa7, 0x08, 0xf7, 0x47, 0x1f,
+    0x52, 0x4f, 0xdf, 0x94, 0x1e, 0xe6, 0x89, 0xe6,
+    0x26, 0x71, 0x2e, 0xa2, 0xd2, 0xfe, 0x04, 0xf2,
+    0x12, 0x4c, 0x06, 0x78, 0x34, 0xc0, 0xb9, 0x76,
+    0x62, 0x3b, 0x72, 0x25, 0x8c, 0x0d, 0x73, 0x24,
+    0xcf, 0x4b, 0x4c, 0x47, 0x20, 0x9d, 0x04, 0x7f,
+    0x86, 0x2c, 0x45, 0xb8, 0xfe, 0xb2, 0xaa, 0x36,
+    0xf8, 0xe0, 0x24, 0x25, 0x05, 0x23, 0x12, 0x16,
+    0xbf, 0x64, 0x10, 0xdd, 0xe4, 0xc0, 0xb0, 0x85,
+    0xa7, 0xd3, 0xd1, 0x18, 0x1b, 0x81, 0x6b, 0x94,
+    0xfd, 0x07, 0x43, 0xdd, 0x12, 0x37, 0x78, 0x69,
+    0xec, 0x8c, 0xd0, 0x41, 0x2c, 0x42, 0x94, 0x3e,
+    0x9f, 0xe3, 0x49, 0xb3, 0xb8, 0x45, 0x0b, 0x1d,
+    0xc1, 0x9b, 0x4d, 0x21, 0x85, 0x62, 0xea, 0xd1,
+    0xc9, 0x12, 0x30, 0x8c, 0x4b, 0x63, 0xeb, 0x7d,
+    0x02, 0x52, 0x15, 0xa1, 0x95, 0x48, 0x9f, 0xc2,
+    0xce, 0xf3, 0x4b, 0xff, 0x5a, 0xb6, 0x8f, 0xce,
+    0xcd, 0x42, 0x21, 0x40, 0x82, 0xad, 0x08, 0x99,
+    0x4d, 0x24, 0x58, 0x25, 0xf3, 0x7e, 0x42, 0x86,
+    0x06, 0x33, 0x1f, 0x53, 0xbb, 0x07, 0x33, 0xca,
+    0xc0, 0x02, 0x18, 0x30, 0x3c, 0xc5, 0x67, 0x1c,
+    0x32, 0x3f, 0x2d, 0x58, 0x4c, 0x24, 0x6e, 0x60,
+    0x96, 0x1a, 0xf4, 0xd0, 0x55, 0xb8, 0x84, 0xf0,
+    0xb9, 0x83, 0xbf, 0x3d, 0x37, 0xe4, 0xa6, 0x06,
+    0x1c, 0xd1, 0xd7, 0x91, 0x24, 0xdc, 0x3f, 0xcc,
+    0x71, 0xf3, 0x0c, 0x90, 0x2c, 0x1d, 0x2f, 0x90,
+    0xc8, 0x3c, 0x6f, 0x2c, 0x5d, 0xad, 0x8c, 0xdf,
+    0xbb, 0x0d, 0x2a, 0x7f, 0x4a, 0x34, 0x5a, 0xd9,
+    0x83, 0xfd, 0x61, 0x36, 0xe0, 0x0a, 0xb3, 0xf6,
+    0x69, 0xb1, 0xaf, 0x81, 0x22, 0xd6, 0x9e, 0x9a,
+    0xf8, 0xa6, 0x24, 0x8e, 0x0c, 0xcb, 0x25, 0xc2,
+    0xfc, 0xc5, 0x94, 0xbd, 0x23, 0x9c, 0xa9, 0xbd,
+    0x76, 0x28, 0xa4, 0x55, 0x92, 0x7c, 0xe6, 0x76,
+    0xf7, 0x30, 0xf8, 0x7d, 0xdc, 0x0a, 0x93, 0x9e,
+    0x7c, 0x39, 0x0a, 0x70, 0xa0, 0xb2, 0x77, 0xe0,
+    0x7a, 0x89, 0x50, 0xce, 0x75, 0xca, 0x2f, 0xa4,
+    0x12, 0x0e, 0xcb, 0x75, 0x1f, 0x0a, 0x83, 0xe8,
+    0x14, 0x80, 0xa7, 0xb0, 0xe8, 0x11, 0xca, 0x12,
+    0x5e, 0xf7, 0x31, 0x65, 0xbd, 0x20, 0x3d, 0x8c,
+    0xa6, 0x89, 0x83, 0x68, 0x66, 0x03, 0x28, 0x49,
+    0x17, 0xc4, 0x3f, 0x43, 0x02, 0x9b, 0xf8, 0xed,
+    0xae, 0x8e, 0x68, 0xbc, 0x8e, 0x39, 0xe7, 0x15,
+    0x32, 0x45, 0x66, 0x2c, 0x1f, 0xce, 0x56, 0xc7,
+    0xc0, 0x15, 0x52, 0x19, 0x40, 0xcf, 0x87, 0x20,
+    0xcd, 0x3d, 0xec, 0x90, 0x8d, 0x04, 0x01, 0x31,
+    0x0b, 0x74, 0x80, 0x6e, 0x61, 0xa7, 0xf3, 0x4c,
+    0xb2, 0x16, 0x00, 0xd5, 0xdb, 0xcc, 0xbb, 0x2c,
+    0x9f, 0xb6, 0x02, 0x4a, 0xcf, 0x71, 0x06, 0xfd,
+    0x60, 0xe0, 0x00, 0xbe, 0x22, 0xba, 0x39, 0x36,
+    0xa8, 0x7e, 0xe5, 0xcb, 0xea, 0x87, 0xb1, 0xee,
+    0xa2, 0x6c, 0x85, 0x94, 0x18, 0x6c, 0xab, 0x9a,
+    0x93, 0xa7, 0xab, 0x4e, 0x3b, 0x85, 0xf3, 0xef,
+    0x8f, 0x15, 0x74, 0x21, 0x9f, 0x5d, 0x9c, 0x22,
+    0x32, 0x71, 0xb5, 0x4d, 0x7f, 0xaa, 0x85, 0xe0,
+    0x05, 0x2a, 0x53, 0xbb, 0x3c, 0xab, 0xc3, 0xd2,
+    0x73, 0x6e, 0x97, 0xa3, 0xfd, 0x05, 0x58, 0xaa,
+    0x49, 0xc8, 0x69, 0xa9, 0x0b, 0x73, 0xd4, 0xe9,
+    0x1d, 0x84, 0x60, 0x34, 0x2a, 0x09, 0xb3, 0x0f,
+    0x08, 0x13, 0x67, 0x77, 0xb3, 0x24, 0xdf, 0xad,
+    0xbf, 0x51, 0x71, 0x2b, 0xbe, 0x4f, 0x5d, 0xf4,
+    0xe7, 0x25, 0x4c, 0x24, 0xa2, 0x4a, 0x22, 0xec,
+    0xcc, 0x7c, 0x6c, 0x62, 0xee, 0x47, 0x12, 0x43,
+    0x88, 0xe4, 0x71, 0xaa, 0x63, 0xaa, 0x2b, 0xed,
+    0x70, 0xbf, 0x26, 0x37, 0xcc, 0xa4, 0xff, 0xe9,
+    0xb6, 0x65, 0x31, 0x4d, 0x0d, 0x32, 0xd6, 0x84,
+    0xb8, 0xab, 0x98, 0xa7, 0x10, 0x44, 0x77, 0xc7,
+    0x2a, 0x60, 0xf0, 0xf5, 0xd5, 0xd4, 0x3a, 0x73,
+    0x11, 0xa5, 0x1b, 0x18, 0x3c, 0x13, 0xfb, 0xda,
+    0x76, 0x9d, 0xeb, 0x3e, 0xb9, 0x7a, 0xce, 0x02,
+    0xa7, 0x5e, 0x25, 0x96, 0xd2, 0xbc, 0x85, 0x1a,
+    0xd1, 0xa4, 0xe2, 0x02, 0x15, 0x08, 0x49, 0x16,
+    0x7c, 0xaf, 0xc6, 0x38, 0x7b, 0x95, 0xf9, 0x37,
+    0xc0, 0x87, 0x73, 0x6f, 0x01, 0xcd, 0x2b, 0xf1,
+    0xe7, 0x6e, 0x47, 0x18, 0x30, 0xb8, 0x16, 0x87,
+    0x1d, 0x23, 0x62, 0x22, 0x85, 0x92, 0x69, 0x46,
+    0x9c, 0x65, 0xd8, 0xf1, 0x27, 0x32, 0xe4, 0x16,
+    0x7f, 0x9a, 0xba, 0x46, 0x61, 0x60, 0x34, 0xe5,
+    0xc0, 0x14, 0xb5, 0xde, 0x4d, 0xd1, 0x71, 0x39,
+    0x26, 0xdc, 0x0c, 0x0a, 0x53, 0x9e, 0x31, 0x10,
+    0x45, 0x7a, 0xf9, 0xc8, 0xfa, 0x1d, 0x69, 0x5e,
+    0x25, 0xc1, 0xe2, 0x00, 0xbf, 0x94, 0xa3, 0xa2,
+    0x97, 0xca, 0xb4, 0x6a, 0x89, 0x68, 0xdd, 0xed,
+    0x6b, 0x99, 0x5a, 0x87, 0x9e, 0xe9, 0x68, 0xe4,
+    0xf2, 0xc2, 0x7e, 0x37, 0x02, 0xdf, 0x96, 0x1a,
+    0x5b, 0xed, 0xa1, 0xe8, 0xdf, 0x3c, 0xf7, 0xd2,
+    0x25, 0xac, 0xf7, 0x4a, 0x7f, 0x10, 0x27, 0x2b,
+    0x02, 0xc7, 0x95, 0x10, 0x5a, 0xb5, 0xb0, 0xcd,
+    0xa9, 0xe1, 0x36, 0xe2, 0x1c, 0x87, 0x99, 0x0e,
+    0x0a, 0x44, 0xec, 0x97, 0x75, 0xa7, 0x03, 0x27,
+    0x38, 0x3b, 0x16, 0x30, 0x00, 0x98, 0xbe, 0x77,
+    0xfe, 0x3a, 0xac, 0x6f, 0x8f, 0x4d, 0xe1, 0xa9,
+    0x9c, 0xba, 0x39, 0x52, 0xe8, 0xf7, 0xe4, 0xe6,
+    0xf9, 0xe9, 0xb3, 0x57, 0x82, 0xb2, 0x23, 0xd6,
+    0xa5, 0x14, 0xc0, 0x78, 0xb4, 0xa0, 0xf9, 0x96,
+    0xe4, 0x03, 0xe8, 0x6c, 0x27, 0xd8, 0x37, 0x7c,
+    0x8f, 0xf4, 0x80, 0x09, 0x09, 0xc9, 0x32, 0x15,
+    0xe0, 0x3f, 0x37, 0xa7, 0x1a, 0x5f, 0x8c, 0xfb,
+    0xdd, 0xfe, 0x6b, 0x34, 0x28, 0x53, 0x03, 0x4b,
+    0x39, 0x91, 0xf2, 0x48, 0x4c, 0x2a, 0x45, 0xfe,
+    0x66, 0xf7, 0x23, 0x74, 0xb8, 0x30, 0x70, 0xb4,
+    0x0c, 0x2c, 0x65, 0xb1, 0x4e, 0x32, 0x0f, 0x50,
+    0xbb, 0x46, 0x9b, 0x03, 0x34, 0x38, 0xfb, 0xe4,
+    0x25, 0x37, 0x8d, 0x0f, 0xa1, 0x41, 0x50, 0x85,
+    0x92, 0x07, 0x71, 0xff, 0x3c, 0xe6, 0xd9, 0x1d,
+    0x55, 0xb7, 0x10, 0x9c, 0xea, 0x70, 0x5f, 0xa3,
+    0xba, 0x84, 0x99, 0x91, 0x30, 0x3d, 0x4c, 0x98,
+    0x0b, 0x1f, 0x1f, 0xcc, 0x17, 0x94, 0xdd, 0x78,
+    0x7d, 0x50, 0xe5, 0xf5, 0x21, 0x88, 0x5a, 0x52,
+    0x76, 0x5a, 0x97, 0xbe, 0xba, 0xa9, 0xfe, 0x82,
+    0x8a, 0xb5, 0x46, 0xcf, 0x9c, 0xbe, 0xe8, 0x2f,
+    0x01, 0x2f, 0x6a, 0x03, 0x8a, 0xfa, 0x4b, 0x0b,
+    0xdc, 0x78, 0x79, 0x9c, 0x49, 0xc4, 0x01, 0x26,
+    0x16, 0x58, 0xc6, 0xb8, 0xee, 0x6c, 0xc9, 0xa9,
+    0x38, 0x7c, 0xcf, 0xf3, 0xf8, 0xd0, 0x6b, 0x99,
+    0x43, 0x13, 0xe0, 0x43, 0x8e, 0xfb, 0xb2, 0xdb,
+    0x61, 0x67, 0xf4, 0xfc, 0x01, 0x21, 0xd9, 0xb1,
+    0x1e, 0x6c, 0x6f, 0x2a, 0x9a, 0x4b, 0x86, 0x3c,
+    0x62, 0x03, 0x53, 0x83, 0x11, 0x18, 0x1a, 0x59,
+    0x9e, 0x25, 0xfe, 0xdb, 0x85, 0xd0, 0xee, 0x7c,
+    0x97, 0x72, 0xca, 0xf3, 0x0d, 0xd4, 0x19, 0x66,
+    0x14, 0xaf, 0x46, 0x68, 0x75, 0xdb, 0x8f, 0x5f,
+    0x77, 0x7f, 0xfe, 0xa9, 0xe6, 0xa1, 0x9e, 0x46,
+    0x5e, 0x92, 0xda, 0xea, 0xdd, 0x89, 0x01, 0xd9,
+    0xab, 0x25, 0x7d, 0xb4, 0x64, 0x50, 0x8f, 0xa3,
+    0xbe, 0xe2, 0x03, 0xd5, 0xc6, 0x9c, 0xc2, 0xf8,
+    0xac, 0xa4, 0x36, 0xa9, 0x37, 0x10, 0x59, 0x00,
+    0x45, 0xbb, 0x55, 0x33, 0xb9, 0x6f, 0xbc, 0xa2,
+    0x02, 0x9e, 0xa3, 0x1d, 0xf4, 0x17, 0x78, 0x9b,
+    0xbc, 0x42, 0x4e, 0x21, 0xc3, 0xde, 0xb5, 0x70,
+    0x4a, 0x23, 0x1e, 0xd4, 0x36, 0x5d, 0x7a, 0x08,
+    0x37, 0x55, 0x98, 0x07, 0xa0, 0x16, 0xa3, 0x4e,
+    0xa1, 0x2b, 0x96, 0x8b, 0x51, 0x63, 0x48, 0xab,
+    0xc9, 0x19, 0x6f, 0x5f, 0x25, 0x9d, 0xe7, 0x25,
+    0x63, 0xf0, 0x8e, 0xdb, 0x06, 0x2d, 0x42, 0x31,
+    0xfd, 0x14, 0x2b, 0x7a, 0x31, 0x43, 0x04, 0xd5,
+    0xe2, 0x89, 0x2e, 0xa8, 0xe4, 0x6e, 0xd5, 0xa5,
+    0x21, 0x67, 0x9b, 0x92, 0x61, 0x79, 0xdd, 0xe5,
+    0x44, 0x43, 0x45, 0x57, 0x13, 0xec, 0x04, 0xc1,
+    0x41, 0xa3, 0x14, 0x70, 0x86, 0xda, 0x76, 0x5d,
+    0xe8, 0x61, 0xd2, 0xfb, 0x7b, 0xe4, 0x71, 0x46,
+    0xa3, 0x52, 0xbf, 0xf2, 0xa0, 0x3c, 0xc1, 0x90,
+    0x0c, 0x2e, 0xeb, 0xb3, 0x38, 0xae, 0x13, 0x27,
+    0x84, 0xe9, 0x7a, 0xd6, 0x02, 0x40, 0x84, 0xff,
+    0x87, 0x1f, 0x37, 0x44, 0xd8, 0x2e, 0x93, 0xf7,
+    0x0a, 0xff, 0x5b, 0x4d, 0x07, 0x82, 0xfd, 0x6e,
+    0x44, 0xcc, 0x19, 0xc3, 0x7d, 0x7c, 0x31, 0xf9,
+    0x0e, 0xa8, 0x1c, 0x0d, 0xcb, 0x8e, 0xe8, 0x33,
+    0xb2, 0xff, 0x9e, 0x1d, 0x99, 0x7c, 0x46, 0x5b,
+    0xc7, 0x28, 0xec, 0x01, 0x62, 0x82, 0xfe, 0x2a,
+    0x22, 0xa3, 0x86, 0x4e, 0x47, 0xe2, 0x57, 0xf1,
+    0xb4, 0x58, 0x94, 0x89, 0xe5, 0xf1, 0xcd, 0x4d,
+    0x90, 0xd1, 0xa4, 0x4c, 0x34, 0x5d, 0xde, 0xdc,
+    0x39, 0x63, 0x8b, 0x85, 0xfd, 0x02, 0x21, 0xf1,
+    0x12, 0xa3, 0x6d, 0x65, 0x0f, 0x8d, 0xe5, 0xcd,
+    0x70, 0xd5, 0x1d, 0xf8, 0x65, 0x99, 0xfb, 0xe8,
+    0xb5, 0x5a, 0x09, 0x39, 0x9e, 0x09, 0x45, 0x62,
+    0x22, 0x1d, 0xa2, 0x46, 0xbf, 0x75, 0x20, 0xd1,
+    0xe7, 0xb0, 0x06, 0x68, 0xc3, 0x50, 0x48, 0xfc,
+    0xf8, 0x5c, 0x67, 0x69, 0x68, 0x66, 0xb6, 0x81,
+    0x95, 0x91, 0x81, 0x3d, 0xf6, 0x34, 0xd9, 0x4b,
+    0x06, 0x35, 0x17, 0x59, 0x89, 0x18, 0x74, 0x32,
+    0x50, 0xcf, 0x81, 0x16, 0x8e, 0x53, 0x9d, 0x1c,
+    0xad, 0x2d, 0x8e, 0x16, 0x41, 0xda, 0xca, 0xab,
+    0x78, 0x0d, 0xc9, 0x49, 0x61, 0xaa, 0x18, 0xf4,
+    0x56, 0x48, 0x29, 0x8c, 0xe3, 0x9a, 0x7d, 0x58,
+    0xf8, 0x99, 0x72, 0xf1, 0x78, 0xa8, 0x5a, 0x97,
+    0xe3, 0x2a, 0xc6, 0xa9, 0x59, 0xde, 0xcc, 0x62,
+    0xfb, 0xab, 0xc5, 0x9a, 0x0b, 0xc7, 0x16, 0x8f,
+    0x18, 0x20, 0x6e, 0x01, 0x7e, 0x04, 0xef, 0x72,
+    0x83, 0x61, 0xb8, 0x1a, 0x77, 0x0f, 0xd1, 0xa9,
+    0x75, 0xe0, 0x4a, 0x11, 0x69, 0x9d, 0xb6, 0xc9,
+    0x2e, 0xd3, 0xbf, 0xe2, 0x5b, 0x24, 0x77, 0x30,
+    0x85, 0x91, 0xef, 0xa8, 0x93, 0x4e, 0xad, 0x99,
+    0xad, 0xcb, 0x6d, 0x9d, 0x8f, 0xd8, 0x0f, 0xe5,
+    0x41, 0xd9, 0x9e, 0x0b, 0xce, 0x33, 0xd9, 0xbb,
+    0x87, 0x66, 0x2c, 0xa3, 0x0b, 0x68, 0x1b, 0xb0,
+    0x71, 0x30, 0xfa, 0x15, 0x2e, 0xe8, 0xc1, 0x99,
+    0x71, 0x01, 0xcc, 0xdb, 0x6f, 0x9f, 0x8a, 0xfd,
+    0xb4, 0x0f, 0x35, 0xa1, 0x36, 0xf4, 0x3a, 0xc4,
+    0x17, 0x77, 0x43, 0x60, 0x10, 0x18, 0xb4, 0xc2,
+    0xe5, 0xc0, 0x64, 0xd8, 0x38, 0x7c, 0x05, 0x9a,
+    0xfb, 0x2b, 0xb3, 0x9b, 0x9e, 0x34, 0x6b, 0x4b,
+    0xc8, 0x3b, 0x77, 0xe0, 0x6f, 0x08, 0xa1, 0x7b,
+    0x66, 0x69, 0x2f, 0xdb, 0x34, 0x9e, 0x98, 0x90,
+    0x5b, 0x4d, 0x7b, 0xa2, 0x32, 0x8e, 0x64, 0xe6,
+    0x0d, 0x75, 0xc9, 0x96, 0xe3, 0x57, 0xba, 0xad,
+    0x3e, 0x3b, 0x23, 0xfb, 0x9e, 0x7f, 0xc0, 0x3c,
+    0xd5, 0x41, 0x9c, 0xfb, 0xbc, 0xb3, 0x52, 0x49
+#endif
+};
+#endif
+#endif
+
+int test_wc_dilithium_public_der_decode(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
+    dilithium_key* key;
+    word32 idx = 0;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+#endif
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(ml_dsa_public_der, &idx, key,
+        (word32)sizeof(ml_dsa_public_der)), 0);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    idx = 0;
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0);
+#endif
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(dilithium_public_der, &idx, key,
+        (word32)sizeof(dilithium_public_der)), 0);
+#endif
+
+    wc_dilithium_free(key);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_dilithium_der(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_ASN1) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
+#define DILITHIUM_MAX_DER_SIZE    8192
+    dilithium_key* key;
+    WC_RNG rng;
+    byte* der = NULL;
+    int len;
+    int pubLen;
+    int pubDerLen;
+    int privDerLen;
+    int keyDerLen;
+    word32 idx = 0;
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    pubLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
+    pubDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + 22;
+    privDerLen = DILITHIUM_LEVEL2_KEY_SIZE + 28;
+    keyDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE + 32;
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    pubLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
+    pubDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + 22;
+    privDerLen = DILITHIUM_LEVEL3_KEY_SIZE + 28;
+    keyDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE + 32;
+#else
+    pubLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
+    pubDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + 22;
+    privDerLen = DILITHIUM_LEVEL5_KEY_SIZE + 28;
+    keyDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE + 32;
+#endif
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    der = (byte*)XMALLOC(DILITHIUM_MAX_DER_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(der);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+    if (der != NULL) {
+        XMEMSET(der, 0, sizeof(*der));
+    }
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_dilithium_init(key), 0);
+
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
+        1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* When security level is not set, we attempt to parse it from DER. Since
+     * the supplied DER is invalid, this should fail with ASN parsing error */
+    idx = 0;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen),
+                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen),
+                WC_NO_ERR_TRACE(ASN_PARSE_E));
+#endif
+    idx = 0;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
+                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
+                WC_NO_ERR_TRACE(ASN_PARSE_E));
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+#elif !defined(WOLFSSL_NO_ML_DSA_65)
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+#else
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+#endif
+
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE,
+        1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0);
+
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, NULL, 0                     ,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , 0                     ,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , der , 0                     ,
+        0), WC_NO_ERR_TRACE(BUFFER_E));
+    /* Get length only. */
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, 0                     ,
+        0), pubLen);
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE,
+        0), pubLen);
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, 0                     ,
+        1), pubDerLen);
+    ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE,
+        1), pubDerLen);
+
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL,
+        0                     ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntGT(wc_Dilithium_PrivateKeyToDer(key , NULL,
+        0                     ), 0);
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der ,
+        0                     ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL,
+        DILITHIUM_MAX_DER_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der ,
+        DILITHIUM_MAX_DER_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , der ,
+        0                     ), WC_NO_ERR_TRACE(BUFFER_E));
+    /* Get length only. */
+    ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL,
+        DILITHIUM_MAX_DER_SIZE), privDerLen);
+
+    ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, 0                     ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntGT(wc_Dilithium_KeyToDer(key , NULL, 0                     ),
+        0           );
+    ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , 0                     ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_KeyToDer(key , der , 0                     ),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    /* Get length only. */
+    ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE),
+        keyDerLen);
+
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, 0        ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , NULL, NULL, 0        ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, &idx, NULL, 0        ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, key , 0        ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, pubDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, &idx, key , pubDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , NULL, key , pubDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , &idx, NULL, pubDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , &idx, key , 0        ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, NULL, 0         ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , NULL, NULL, 0         ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, &idx, NULL, 0         ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, key , 0         ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, NULL, privDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, &idx, key , privDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , NULL, key , privDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , &idx, NULL, privDerLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , &idx, key , 0         ),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der,
+        DILITHIUM_MAX_DER_SIZE, 0), pubLen);
+    ExpectIntEQ(wc_dilithium_import_public(der, len, key), 0);
+
+    ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der,
+        DILITHIUM_MAX_DER_SIZE, 1), pubDerLen);
+    idx = 0;
+    ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0);
+
+    ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der,
+        DILITHIUM_MAX_DER_SIZE), privDerLen);
+    idx = 0;
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0);
+
+    ExpectIntEQ(len = wc_Dilithium_KeyToDer(key, der, DILITHIUM_MAX_DER_SIZE),
+        keyDerLen);
+    idx = 0;
+    ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0);
+
+
+    wc_dilithium_free(key);
+    wc_FreeRng(&rng);
+
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_dilithium_make_key_from_seed(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
+    dilithium_key* key;
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte seed_44[] = {
+        0x93, 0xEF, 0x2E, 0x6E, 0xF1, 0xFB, 0x08, 0x99,
+        0x9D, 0x14, 0x2A, 0xBE, 0x02, 0x95, 0x48, 0x23,
+        0x70, 0xD3, 0xF4, 0x3B, 0xDB, 0x25, 0x4A, 0x78,
+        0xE2, 0xB0, 0xD5, 0x16, 0x8E, 0xCA, 0x06, 0x5F
+    };
+    static const byte pk_44[] = {
+        0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48,
+        0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16,
+        0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64,
+        0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7,
+        0x23, 0x0A, 0x19, 0xD7, 0x5A, 0xDB, 0xDE, 0xD5,
+        0x2D, 0xB8, 0x55, 0xE2, 0x52, 0xA7, 0x19, 0xFC,
+        0xBD, 0x14, 0x7B, 0xA6, 0x7B, 0x2F, 0xAD, 0x14,
+        0xED, 0x0E, 0x68, 0xFD, 0xFE, 0x8C, 0x65, 0xBA,
+        0xDE, 0xAC, 0xB0, 0x91, 0x11, 0x93, 0xAD, 0xFA,
+        0x87, 0x94, 0xD7, 0x8F, 0x8E, 0x3D, 0x66, 0x2A,
+        0x1C, 0x49, 0xDA, 0x81, 0x9F, 0xD9, 0x59, 0xE7,
+        0xF0, 0x78, 0xF2, 0x03, 0xC4, 0x56, 0xF8, 0xB6,
+        0xE7, 0xC9, 0x41, 0x58, 0x98, 0xE5, 0x41, 0xC7,
+        0x30, 0x32, 0xDB, 0xD6, 0x19, 0xEA, 0xF6, 0x0F,
+        0x8D, 0x64, 0xF8, 0x68, 0x3D, 0xA9, 0x9E, 0xCA,
+        0x51, 0x22, 0x0B, 0x0A, 0xCA, 0x28, 0x46, 0x40,
+        0x99, 0xF5, 0x47, 0xC0, 0x27, 0x77, 0xBD, 0x37,
+        0xD8, 0x4A, 0x59, 0xBD, 0x37, 0xED, 0x7A, 0x8A,
+        0x92, 0x63, 0x3C, 0x75, 0xD0, 0x7C, 0x79, 0x3F,
+        0xE7, 0x25, 0x2B, 0x58, 0x4A, 0xBF, 0x6A, 0x15,
+        0xEE, 0x14, 0x50, 0x7E, 0x5E, 0x19, 0x3F, 0x89,
+        0x86, 0x4D, 0x09, 0xAC, 0x87, 0x27, 0xA6, 0xD0,
+        0x42, 0x1F, 0x0C, 0x19, 0xF0, 0xE2, 0xFB, 0xFC,
+        0x21, 0x3D, 0x3F, 0xBD, 0x70, 0xF4, 0xF9, 0x76,
+        0x2C, 0xEC, 0xFF, 0x23, 0x1E, 0x9C, 0x8A, 0x76,
+        0x28, 0xD3, 0xF8, 0xB0, 0x85, 0x7B, 0x03, 0x2D,
+        0x32, 0xDE, 0x62, 0xFF, 0x8E, 0xCB, 0xF4, 0x00,
+        0x82, 0x89, 0xBF, 0x34, 0x40, 0x36, 0x65, 0xF8,
+        0x1A, 0x08, 0x1A, 0xD5, 0xA8, 0x5A, 0x28, 0x2F,
+        0x99, 0xBA, 0xB9, 0xE5, 0x38, 0x5A, 0xFB, 0xCC,
+        0xCF, 0x44, 0xB7, 0x4C, 0x01, 0x96, 0xC7, 0x54,
+        0x55, 0x27, 0xEC, 0x30, 0x26, 0xDA, 0x12, 0x80,
+        0xC4, 0xEB, 0x37, 0xD0, 0x9C, 0xFE, 0x3E, 0xC4,
+        0xB4, 0x91, 0x0B, 0x62, 0xEB, 0x98, 0x15, 0xA4,
+        0x25, 0xC6, 0x59, 0x0F, 0xC4, 0xAD, 0x3F, 0xBB,
+        0x22, 0x57, 0x52, 0xCC, 0x1F, 0xC5, 0x69, 0x3F,
+        0x18, 0x7E, 0x7D, 0xEC, 0x4E, 0xEF, 0xBE, 0xB6,
+        0xB9, 0x1B, 0xD9, 0x1C, 0x5E, 0x2E, 0xA6, 0xA9,
+        0x1D, 0x14, 0xD0, 0x97, 0xBE, 0x20, 0x3F, 0xBA,
+        0x0B, 0xF9, 0x37, 0xC9, 0x75, 0x07, 0xDC, 0x00,
+        0x7C, 0x4C, 0xAA, 0x9B, 0x07, 0x85, 0x89, 0x29,
+        0x66, 0xFF, 0x15, 0x90, 0x09, 0x24, 0xE5, 0x79,
+        0xD4, 0xFB, 0xA0, 0x2B, 0xDA, 0x87, 0x55, 0x5F,
+        0x07, 0x3D, 0xAE, 0x00, 0x51, 0x3E, 0x70, 0x80,
+        0x9A, 0xBB, 0xC7, 0x11, 0xFB, 0xA2, 0xE7, 0x64,
+        0x95, 0x77, 0xC4, 0x2A, 0xFD, 0xC2, 0x4B, 0xF7,
+        0x41, 0x3E, 0x51, 0x26, 0x8A, 0xD6, 0xDB, 0x61,
+        0x13, 0xB7, 0xD9, 0x19, 0x1A, 0xF9, 0xD0, 0x61,
+        0xDB, 0xDE, 0xD5, 0xD6, 0x30, 0x87, 0x76, 0x50,
+        0xC1, 0x24, 0xF1, 0x1B, 0xC4, 0xBD, 0xC3, 0xFD,
+        0xC6, 0xA9, 0x00, 0xF6, 0x31, 0x26, 0xF9, 0x21,
+        0xE8, 0x38, 0xAD, 0x0C, 0x22, 0x75, 0xA3, 0x38,
+        0x9A, 0x39, 0xBD, 0x99, 0xA1, 0x34, 0x50, 0x45,
+        0x50, 0x10, 0x1C, 0xD3, 0xE9, 0x5E, 0x6D, 0x14,
+        0x96, 0xBE, 0x7D, 0xE6, 0x62, 0x7D, 0xF4, 0xFD,
+        0x6C, 0x28, 0xBB, 0xF4, 0x0B, 0x30, 0xEF, 0xA9,
+        0xB5, 0xC3, 0xD5, 0xC8, 0x5A, 0xB1, 0x4A, 0x65,
+        0xC0, 0x2D, 0x6D, 0x47, 0x81, 0xFF, 0x13, 0xD3,
+        0x28, 0x60, 0x85, 0x54, 0xB6, 0xD1, 0x5E, 0xD9,
+        0x12, 0x89, 0xA6, 0xD5, 0x5A, 0xAC, 0x0C, 0x38,
+        0xE3, 0x77, 0x06, 0xF7, 0x35, 0x5E, 0x9A, 0x4F,
+        0xDA, 0x61, 0x5B, 0x87, 0x59, 0x26, 0xBF, 0xE5,
+        0xA5, 0x9D, 0x9E, 0xF2, 0x73, 0xBF, 0x94, 0xA0,
+        0x7C, 0xFA, 0x57, 0x31, 0x78, 0xF0, 0xE0, 0x04,
+        0xB6, 0xE1, 0xEF, 0x0A, 0x83, 0x49, 0xE9, 0xBC,
+        0xC0, 0x19, 0x81, 0xF2, 0x46, 0x0F, 0x0A, 0x27,
+        0x43, 0xC2, 0x8D, 0x1E, 0x13, 0x8F, 0xFB, 0x76,
+        0x5E, 0x7E, 0x33, 0x97, 0xB7, 0x91, 0x33, 0x35,
+        0xD4, 0x02, 0xFE, 0x91, 0x80, 0x6A, 0xA8, 0xFC,
+        0x81, 0x92, 0x53, 0xAF, 0x32, 0x69, 0x2F, 0xA6,
+        0x51, 0xE8, 0x67, 0xF5, 0x90, 0x7E, 0xF4, 0x6F,
+        0x00, 0x62, 0x5A, 0x03, 0x0E, 0xC9, 0x04, 0xED,
+        0xAB, 0x21, 0x42, 0x6D, 0x59, 0x11, 0x9D, 0x2C,
+        0xAA, 0x43, 0xBD, 0x93, 0x5D, 0xEC, 0x0A, 0x55,
+        0x0C, 0x61, 0xEE, 0x4B, 0x27, 0x9C, 0x1C, 0xA3,
+        0xA7, 0x9C, 0x79, 0xA6, 0x6E, 0x3F, 0x2D, 0x2F,
+        0xAD, 0xB0, 0x0F, 0x59, 0xA3, 0xA4, 0x38, 0xAA,
+        0x44, 0x57, 0x01, 0x06, 0x07, 0x30, 0x17, 0xFA,
+        0x1C, 0x87, 0x57, 0x50, 0x01, 0x09, 0x72, 0x0D,
+        0x12, 0x5B, 0xBA, 0x23, 0x1A, 0x0C, 0x36, 0x35,
+        0x0C, 0x78, 0x08, 0x6D, 0xFD, 0xC8, 0xD6, 0x13,
+        0xAE, 0xCA, 0x88, 0xC4, 0xCC, 0xAE, 0xB4, 0xA4,
+        0x4D, 0x13, 0xAD, 0xB3, 0xC7, 0x17, 0xD6, 0x5C,
+        0x82, 0xA3, 0x51, 0xB9, 0xB6, 0xEA, 0xBF, 0x6A,
+        0x10, 0xF4, 0xB4, 0xE9, 0x62, 0x3E, 0x3A, 0x95,
+        0xB4, 0xD4, 0x0A, 0x12, 0xA8, 0x18, 0xAC, 0x6B,
+        0x38, 0x22, 0xDB, 0x82, 0xFB, 0x05, 0xDC, 0x42,
+        0x02, 0x64, 0x8B, 0x44, 0x54, 0x68, 0x9A, 0xEB,
+        0x69, 0xEA, 0x32, 0x5F, 0x03, 0xE3, 0x5D, 0xEF,
+        0xA5, 0x47, 0x08, 0x48, 0x14, 0x20, 0xC6, 0xD6,
+        0x97, 0xBB, 0x91, 0x2F, 0xCA, 0x0D, 0x3F, 0x19,
+        0x2E, 0xF2, 0x97, 0xDF, 0xE7, 0x7F, 0xF3, 0x6B,
+        0x21, 0x03, 0xF1, 0xAD, 0x1A, 0xEE, 0xCE, 0xD1,
+        0xC8, 0x14, 0xC2, 0xCD, 0x7E, 0xF1, 0x6B, 0xCE,
+        0x47, 0x6A, 0xD0, 0x4F, 0x94, 0x1A, 0xFC, 0x79,
+        0xE3, 0x29, 0x54, 0x74, 0xA4, 0x10, 0x62, 0x51,
+        0x8C, 0x00, 0x37, 0x86, 0x09, 0x34, 0xF0, 0xE5,
+        0xE6, 0x52, 0xF7, 0x27, 0x49, 0xA6, 0x98, 0x63,
+        0x2A, 0x09, 0x91, 0xF6, 0x13, 0xF5, 0xCB, 0x96,
+        0xCA, 0x11, 0x78, 0xF9, 0x74, 0xF2, 0xC4, 0xAA,
+        0x0C, 0xE6, 0x3D, 0xC2, 0x4E, 0x36, 0x4C, 0x92,
+        0xA6, 0x43, 0xB9, 0x0A, 0x5F, 0x85, 0xA6, 0x2F,
+        0xD4, 0xD8, 0xD2, 0xB1, 0x93, 0xD2, 0x9B, 0x18,
+        0xBE, 0xDE, 0x26, 0x53, 0xFC, 0x5D, 0x3F, 0x24,
+        0xF5, 0xB2, 0xC0, 0x18, 0xDB, 0xBC, 0xB6, 0xEF,
+        0x00, 0xF3, 0x05, 0xBF, 0x93, 0x66, 0x6B, 0xD4,
+        0x7F, 0xEA, 0x91, 0x93, 0xBC, 0x23, 0x3D, 0xB3,
+        0x91, 0x21, 0x44, 0x2E, 0x93, 0x8D, 0xA5, 0xDD,
+        0x07, 0xEE, 0x6E, 0x87, 0x9C, 0x5B, 0x9D, 0xFF,
+        0x41, 0xEC, 0xEE, 0x5E, 0x05, 0x89, 0xAE, 0x61,
+        0x75, 0xFF, 0x5E, 0xC6, 0xF6, 0xD2, 0x62, 0x9F,
+        0x56, 0xB1, 0x8B, 0x4D, 0xE6, 0x6F, 0xCB, 0x13,
+        0xDF, 0x04, 0x00, 0xA7, 0x97, 0xC9, 0x22, 0x70,
+        0xF6, 0x9B, 0xDE, 0xBD, 0xDC, 0xB8, 0x8C, 0x42,
+        0x48, 0x91, 0x9B, 0x56, 0xCD, 0xA7, 0x0B, 0x8A,
+        0xC4, 0xF9, 0x42, 0x9C, 0x29, 0x2D, 0xA9, 0x4D,
+        0x64, 0x78, 0x28, 0x07, 0x64, 0xFE, 0x23, 0x86,
+        0xFC, 0x38, 0xCB, 0x09, 0x31, 0x45, 0x88, 0x39,
+        0xEF, 0x4E, 0x7D, 0xE8, 0xF0, 0x68, 0x9D, 0x99,
+        0x80, 0x59, 0x88, 0xC7, 0xF9, 0x61, 0x11, 0x85,
+        0x2C, 0x89, 0x29, 0xE5, 0xA5, 0x40, 0xD3, 0xB7,
+        0x8D, 0x71, 0x2D, 0xEC, 0xC3, 0x96, 0xFE, 0xF3,
+        0xEC, 0x34, 0x40, 0x21, 0x84, 0xE4, 0xFD, 0x29,
+        0xF3, 0x63, 0xEA, 0x80, 0xF6, 0xFC, 0x50, 0xBA,
+        0x9A, 0x11, 0x35, 0x1A, 0xCE, 0xEA, 0x8F, 0xE6,
+        0x8D, 0x54, 0x1E, 0x1A, 0xA5, 0x84, 0x8D, 0x9F,
+        0x6E, 0x61, 0xDF, 0xB6, 0x2B, 0x2F, 0x23, 0xBC,
+        0x50, 0x81, 0xE8, 0x2F, 0x76, 0x22, 0x6E, 0x03,
+        0x28, 0x49, 0x82, 0xEC, 0x48, 0x48, 0x12, 0x09,
+        0xB1, 0xA7, 0xD4, 0xC8, 0x79, 0x7E, 0x44, 0xBF,
+        0xA8, 0x70, 0xB2, 0x20, 0x04, 0xDB, 0x74, 0xBD,
+        0x7D, 0x47, 0x8D, 0x5B, 0x36, 0x14, 0xD2, 0xB1,
+        0xDA, 0x75, 0x02, 0xB3, 0x98, 0xEB, 0x9D, 0xA8,
+        0x0D, 0x06, 0x46, 0x1E, 0x90, 0xE0, 0x30, 0x60,
+        0x44, 0x6A, 0xB4, 0xA8, 0x23, 0x84, 0x32, 0xBF,
+        0xAF, 0x75, 0x2F, 0x39, 0x17, 0x91, 0x21, 0x4F,
+        0x1E, 0x6B, 0x63, 0x59, 0x0D, 0x53, 0x60, 0x60,
+        0xD1, 0xC2, 0x45, 0x30, 0x7B, 0xC5, 0xC1, 0xBA,
+        0xC4, 0xAA, 0xA0, 0x99, 0xD3, 0x6B, 0xB6, 0xDC,
+        0xBC, 0x97, 0x3C, 0xF2, 0xE6, 0x9F, 0x27, 0x34,
+        0xD0, 0xF2, 0x9A, 0xEE, 0xC4, 0x56, 0x7B, 0x99,
+        0xA1, 0x6B, 0xC1, 0x7C, 0x6C, 0xDD, 0xAC, 0xEF,
+        0xE4, 0x99, 0x27, 0xFB, 0x14, 0xE7, 0xD9, 0x8D,
+        0xD4, 0x26, 0x35, 0x19, 0x46, 0x9C, 0xCA, 0x3D,
+        0xB4, 0x67, 0x9A, 0x68, 0xCE, 0xED, 0xA9, 0x55,
+        0x59, 0x22, 0x10, 0xFC, 0x49, 0xAA, 0x5F, 0xBE,
+        0x93, 0x4C, 0xC7, 0x3D, 0x84, 0xE4, 0xBA, 0x54,
+        0x78, 0x00, 0x2D, 0x68, 0x90, 0x98, 0x90, 0x68,
+        0xEF, 0x8F, 0xC9, 0x8C, 0x25, 0x32, 0xB8, 0x3B,
+        0xF3, 0xCB, 0x9E, 0xF0, 0x28, 0x93, 0xC2, 0x15,
+        0x24, 0x26, 0xB9, 0xD1, 0xA9, 0x47, 0x34, 0xDF,
+        0xB4, 0xF9, 0x11, 0x35, 0x14, 0x3C, 0x9E, 0xED,
+        0x18, 0xFD, 0x51, 0xAE, 0x87, 0x5D, 0x07, 0xA2,
+        0x37, 0x75, 0x60, 0x6A, 0x73, 0x4F, 0xBA, 0x98,
+        0xC0, 0x63, 0xB4, 0xA1, 0x62, 0x2E, 0x7F, 0xF2,
+        0x1A, 0xA7, 0xE6, 0x52, 0xA3, 0xD6, 0xC1, 0x9F,
+        0xE0, 0xDC, 0x67, 0x61, 0xB7, 0xD3, 0x53, 0x02,
+        0xBF, 0x21, 0x4D, 0x30, 0x79, 0xF7, 0x60, 0x51,
+        0x08, 0x2A, 0x87, 0x59, 0x29, 0x92, 0x0D, 0xC3,
+        0xB3, 0xCB, 0x43, 0x21, 0x1A, 0x23, 0xA4, 0x3A,
+        0x50, 0x33, 0x2F, 0xAF, 0x1A, 0xC2, 0x19, 0x1E,
+        0x71, 0x71, 0x25, 0xF6, 0x3E, 0x25, 0x86, 0xC4,
+        0xD8, 0x6D, 0xCA, 0x6B, 0xCD, 0x3D, 0x03, 0x8F,
+        0x9D, 0x3A, 0x7B, 0x66, 0xCB, 0xC7, 0xDF, 0x34
+    };
+    static const byte sk_44[] = {
+        0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48,
+        0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16,
+        0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64,
+        0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7,
+        0xBA, 0x2B, 0x57, 0xC4, 0x46, 0x55, 0x6E, 0xE2,
+        0xB7, 0x2C, 0x78, 0xB9, 0x6B, 0xB7, 0xA8, 0x50,
+        0x3D, 0xE4, 0x0A, 0xFB, 0x54, 0x18, 0x4E, 0x3B,
+        0x54, 0x63, 0xC2, 0x1A, 0xF7, 0x48, 0x53, 0x23,
+        0xDF, 0x98, 0xF0, 0x16, 0x0A, 0xE5, 0xD1, 0x37,
+        0x51, 0x27, 0x25, 0xF8, 0x9D, 0x56, 0x3B, 0xC9,
+        0xA1, 0x89, 0xD3, 0x1D, 0x20, 0xB3, 0xB3, 0xC8,
+        0xFF, 0xAA, 0xF5, 0xE4, 0x86, 0xE7, 0x90, 0x51,
+        0xF6, 0xF3, 0x60, 0x5C, 0xCA, 0x25, 0x69, 0xFD,
+        0xB4, 0x6B, 0x33, 0x18, 0xD2, 0x38, 0x42, 0xCE,
+        0x40, 0xD6, 0x43, 0x86, 0x13, 0xF6, 0x8B, 0x45,
+        0x5B, 0x0D, 0x3B, 0xCA, 0x0E, 0x05, 0x0D, 0x4D,
+        0x11, 0x99, 0x88, 0xA2, 0xC4, 0x80, 0x1B, 0x90,
+        0x84, 0xE0, 0xB0, 0x48, 0xC9, 0x28, 0x09, 0x22,
+        0x30, 0x90, 0x24, 0x06, 0x49, 0x98, 0x40, 0x65,
+        0x5A, 0x26, 0x8A, 0xDA, 0x32, 0x90, 0xDA, 0x48,
+        0x08, 0x22, 0x81, 0x90, 0xC8, 0x14, 0x61, 0xDC,
+        0x16, 0x6A, 0x21, 0x47, 0x8E, 0x08, 0xB2, 0x21,
+        0xE3, 0x08, 0x68, 0x1A, 0x02, 0x44, 0x14, 0xC6,
+        0x65, 0xE1, 0x98, 0x71, 0x90, 0xC6, 0x69, 0x0C,
+        0x15, 0x44, 0xC9, 0xA0, 0x11, 0xCC, 0x34, 0x71,
+        0x83, 0x40, 0x45, 0x00, 0x12, 0x4D, 0x91, 0x08,
+        0x00, 0x83, 0x36, 0x84, 0x12, 0x85, 0x4C, 0xCC,
+        0x00, 0x41, 0x09, 0x90, 0x70, 0x18, 0x95, 0x00,
+        0xA2, 0xB2, 0x85, 0x94, 0x26, 0x41, 0x0B, 0x00,
+        0x41, 0x0A, 0xB9, 0x80, 0xC0, 0xC6, 0x10, 0x0C,
+        0x33, 0x29, 0xA3, 0xA6, 0x28, 0x1C, 0x26, 0x10,
+        0x1A, 0x37, 0x49, 0x13, 0x35, 0x8A, 0x0B, 0x29,
+        0x2E, 0x82, 0xA2, 0x70, 0x8B, 0x38, 0x49, 0x94,
+        0x04, 0x80, 0x9B, 0x26, 0x10, 0xA4, 0x80, 0x30,
+        0x04, 0x37, 0x0C, 0x48, 0xB2, 0x60, 0x04, 0x17,
+        0x2E, 0x19, 0x49, 0x64, 0xC8, 0xC4, 0x64, 0x1A,
+        0x96, 0x60, 0x10, 0x83, 0x6D, 0x20, 0x38, 0x22,
+        0x49, 0x06, 0x08, 0x1B, 0xB7, 0x20, 0x01, 0x48,
+        0x4D, 0xE1, 0x10, 0x49, 0x08, 0x38, 0x44, 0x4C,
+        0x16, 0x8E, 0x04, 0xB2, 0x2C, 0x09, 0x91, 0x50,
+        0x83, 0x36, 0x06, 0x5C, 0x02, 0x8C, 0x8A, 0x38,
+        0x05, 0x1A, 0xB5, 0x81, 0x82, 0xC0, 0x09, 0x51,
+        0x12, 0x72, 0x22, 0x10, 0x0D, 0x04, 0x08, 0x2A,
+        0xA4, 0x84, 0x10, 0x58, 0x08, 0x52, 0x08, 0x26,
+        0x0A, 0x02, 0xB6, 0x2D, 0x8A, 0x12, 0x0E, 0x14,
+        0x22, 0x10, 0x48, 0x44, 0x0A, 0x14, 0x23, 0x91,
+        0x50, 0x40, 0x90, 0x0A, 0x27, 0x92, 0xA4, 0xB0,
+        0x60, 0x08, 0x84, 0x11, 0xC4, 0x40, 0x22, 0x63,
+        0x46, 0x2A, 0xDA, 0xA6, 0x90, 0xC1, 0xB2, 0x30,
+        0x50, 0x10, 0x00, 0xA0, 0xB4, 0x6C, 0x53, 0xB4,
+        0x50, 0x13, 0x05, 0x8D, 0x02, 0x31, 0x0E, 0x08,
+        0x20, 0x10, 0x91, 0xC8, 0x4C, 0x22, 0xA7, 0x50,
+        0xC2, 0xA6, 0x70, 0x92, 0x46, 0x41, 0x63, 0x16,
+        0x8C, 0x84, 0x00, 0x11, 0x0B, 0x81, 0x90, 0x13,
+        0x83, 0x71, 0x21, 0x85, 0x30, 0x1B, 0x18, 0x46,
+        0xA3, 0x10, 0x84, 0x14, 0x43, 0x40, 0x80, 0x98,
+        0x25, 0x0C, 0x27, 0x2C, 0x94, 0x42, 0x41, 0xA2,
+        0x88, 0x45, 0x02, 0x13, 0x05, 0x44, 0xB6, 0x44,
+        0x52, 0x22, 0x92, 0xD0, 0x80, 0x50, 0x4B, 0xA6,
+        0x04, 0x84, 0x36, 0x70, 0x09, 0xB2, 0x4D, 0x19,
+        0xA8, 0x84, 0x24, 0x93, 0x49, 0x94, 0xA2, 0x80,
+        0x49, 0xB4, 0x48, 0x91, 0x28, 0x64, 0xA1, 0xC8,
+        0x65, 0x4B, 0x82, 0x85, 0x93, 0x30, 0x06, 0x63,
+        0x12, 0x66, 0x10, 0x37, 0x01, 0x4A, 0x40, 0x80,
+        0x18, 0x18, 0x90, 0x44, 0xC4, 0x0D, 0x4B, 0x28,
+        0x81, 0xA2, 0x06, 0x40, 0xD4, 0x30, 0x2C, 0x1B,
+        0x96, 0x4C, 0xE1, 0xB2, 0x60, 0x44, 0x28, 0x41,
+        0xD8, 0x30, 0x65, 0x24, 0x09, 0x04, 0x64, 0x00,
+        0x89, 0x63, 0xC2, 0x24, 0xC0, 0x00, 0x49, 0x92,
+        0x16, 0x52, 0x23, 0xC1, 0x29, 0x42, 0x26, 0x91,
+        0xD0, 0x38, 0x31, 0x83, 0x28, 0x28, 0x4C, 0x28,
+        0x61, 0x1A, 0xB2, 0x88, 0x80, 0x26, 0x2D, 0x0C,
+        0x19, 0x52, 0x5B, 0x22, 0x60, 0x8A, 0x92, 0x28,
+        0xA2, 0x18, 0x90, 0xD9, 0x42, 0x52, 0xCB, 0x40,
+        0x8E, 0x9B, 0x16, 0x06, 0x4B, 0xC8, 0x05, 0xE0,
+        0x06, 0x6C, 0x49, 0xC2, 0x25, 0xD4, 0x22, 0x69,
+        0x14, 0x11, 0x69, 0x1C, 0x34, 0x90, 0x0C, 0x85,
+        0x8D, 0x1C, 0x84, 0x49, 0x63, 0x10, 0x85, 0x08,
+        0x34, 0x89, 0x58, 0x16, 0x66, 0xA0, 0x38, 0x68,
+        0x0B, 0xA2, 0x50, 0xE0, 0x84, 0x61, 0xC1, 0x26,
+        0x6E, 0xC9, 0x14, 0x6A, 0xC0, 0xC0, 0x31, 0x84,
+        0x18, 0x2E, 0xDC, 0x16, 0x52, 0x14, 0x18, 0x91,
+        0x0A, 0x39, 0x2C, 0x83, 0xA6, 0x8D, 0x12, 0x29,
+        0x62, 0x92, 0xA6, 0x60, 0x08, 0xA5, 0x10, 0xD9,
+        0xC8, 0x4D, 0x24, 0x48, 0x24, 0x83, 0x98, 0x24,
+        0x1A, 0x44, 0x42, 0x08, 0x08, 0x48, 0xC8, 0x96,
+        0x2D, 0xA1, 0x10, 0x20, 0x60, 0x24, 0x51, 0x9C,
+        0x30, 0x11, 0xDB, 0xC8, 0x04, 0x11, 0x22, 0x51,
+        0x18, 0x04, 0x68, 0xE2, 0x24, 0x4E, 0x10, 0xC4,
+        0x0D, 0x18, 0x37, 0x29, 0x11, 0xB7, 0x84, 0x43,
+        0x84, 0x8D, 0x54, 0x40, 0x70, 0x64, 0x80, 0x70,
+        0x21, 0xB0, 0x4D, 0x00, 0x26, 0x62, 0x00, 0x45,
+        0x25, 0x1B, 0x83, 0x84, 0x84, 0x80, 0x70, 0x19,
+        0xB0, 0x04, 0x0A, 0xC9, 0x28, 0xCA, 0x80, 0x05,
+        0x1B, 0x21, 0x4E, 0xD4, 0xB0, 0x49, 0x8C, 0x96,
+        0x6C, 0xD0, 0x96, 0x25, 0x48, 0x32, 0x72, 0x54,
+        0x12, 0x05, 0x09, 0x98, 0x8C, 0x8A, 0x32, 0x6D,
+        0xC0, 0x04, 0x31, 0x63, 0xC8, 0x61, 0xC8, 0xC2,
+        0x68, 0x9B, 0xB4, 0x8C, 0x5B, 0xC0, 0x2D, 0xC3,
+        0xA8, 0x8D, 0x1B, 0x16, 0x6C, 0xD8, 0x96, 0x41,
+        0x98, 0x34, 0x02, 0x44, 0x14, 0x2C, 0xD3, 0x86,
+        0x44, 0x0A, 0x18, 0x8A, 0x1A, 0x46, 0x92, 0x1A,
+        0xB7, 0x08, 0x4C, 0x34, 0x24, 0x21, 0x91, 0x0D,
+        0x9A, 0x96, 0x2D, 0xCB, 0x24, 0x22, 0x92, 0x86,
+        0x08, 0x98, 0xA0, 0x50, 0xDA, 0x44, 0x6A, 0x19,
+        0xB1, 0x05, 0x8B, 0x20, 0x6E, 0x24, 0xC4, 0x81,
+        0xC9, 0x98, 0x40, 0x22, 0x19, 0x32, 0x11, 0x05,
+        0x69, 0xD3, 0x94, 0x91, 0x08, 0xA7, 0x71, 0xDB,
+        0xC0, 0x70, 0x02, 0xB8, 0x28, 0x83, 0xB4, 0x49,
+        0xA0, 0x44, 0x8A, 0x0B, 0xB4, 0x10, 0x61, 0x02,
+        0x48, 0x1C, 0xA6, 0x11, 0xE3, 0x20, 0x66, 0x40,
+        0xB4, 0x70, 0x03, 0xB6, 0x04, 0x60, 0x48, 0x21,
+        0x5B, 0x21, 0x83, 0x39, 0x88, 0xDB, 0x67, 0x4A,
+        0x61, 0xE7, 0xC2, 0x08, 0xDE, 0xBE, 0x8D, 0xAE,
+        0x41, 0x19, 0xAF, 0xB0, 0x26, 0x61, 0xA6, 0x9A,
+        0xBC, 0x8B, 0xDD, 0x24, 0x5B, 0x5D, 0x0F, 0xB1,
+        0xA2, 0x67, 0x01, 0xC9, 0xB9, 0xC9, 0xA8, 0xF7,
+        0xD9, 0xFC, 0xD4, 0xC2, 0x87, 0xFF, 0x3D, 0x60,
+        0x8C, 0xF2, 0x58, 0x28, 0x2A, 0x1E, 0xB2, 0x9F,
+        0x93, 0x04, 0xE8, 0x9C, 0x14, 0xF3, 0xE1, 0xCE,
+        0x56, 0x12, 0x89, 0x1C, 0x60, 0x29, 0x34, 0x52,
+        0x60, 0x06, 0xC9, 0x9B, 0x4A, 0xA2, 0x39, 0x9B,
+        0xF4, 0x94, 0xBC, 0xF8, 0xDF, 0x61, 0xD6, 0xDF,
+        0x4C, 0x69, 0xBC, 0x93, 0xE0, 0x2D, 0x49, 0x95,
+        0xE2, 0xF7, 0x6E, 0x9F, 0xDA, 0x4E, 0xF6, 0x7E,
+        0xB7, 0x25, 0x6C, 0xA8, 0x9A, 0x3F, 0x38, 0xFE,
+        0xB2, 0xE9, 0xDF, 0x6A, 0x01, 0x0D, 0xC1, 0xC1,
+        0x50, 0x02, 0xFB, 0xD4, 0x56, 0xFA, 0xE8, 0x84,
+        0x82, 0x1A, 0x34, 0x16, 0x6B, 0x06, 0x58, 0xA2,
+        0x41, 0x25, 0x95, 0x71, 0x8E, 0x14, 0x9B, 0xBC,
+        0x6E, 0x22, 0x0A, 0xEE, 0x26, 0x8D, 0x4D, 0x82,
+        0x18, 0xC2, 0x5F, 0x6A, 0x95, 0x7D, 0xE5, 0xB2,
+        0x6C, 0xEA, 0x7B, 0x14, 0xCB, 0x32, 0x0D, 0x89,
+        0xE1, 0x69, 0x9A, 0xD9, 0xF2, 0xB3, 0x89, 0xC6,
+        0x7E, 0xF9, 0x33, 0x86, 0xA2, 0xC6, 0x5F, 0x2C,
+        0x32, 0x23, 0x33, 0x67, 0xD7, 0x6A, 0xE4, 0xAB,
+        0x2A, 0xBB, 0xD4, 0x22, 0xE9, 0x8E, 0x49, 0x3D,
+        0xCC, 0x3C, 0xC5, 0xDA, 0xF6, 0x89, 0xB6, 0x5C,
+        0xC4, 0xBC, 0x3F, 0xA5, 0x1C, 0x9C, 0x59, 0xEE,
+        0xAF, 0x07, 0x55, 0x17, 0x0C, 0x24, 0x95, 0x80,
+        0x4D, 0x02, 0xA6, 0x07, 0xC5, 0xBF, 0x88, 0x7C,
+        0xD8, 0x6A, 0x03, 0x89, 0xF2, 0x8F, 0xC9, 0x72,
+        0x5E, 0xF4, 0x60, 0x03, 0xF1, 0x3B, 0x01, 0x87,
+        0x68, 0x4B, 0xEA, 0xB1, 0xF2, 0x4A, 0x29, 0xF5,
+        0x31, 0x96, 0x01, 0xF3, 0x09, 0xC9, 0x1D, 0x2A,
+        0x33, 0x3D, 0x1B, 0x88, 0xDF, 0x20, 0x5A, 0x51,
+        0x20, 0xC4, 0xCF, 0xDC, 0x22, 0x38, 0x12, 0x4E,
+        0x4E, 0x2B, 0x47, 0xD0, 0xB5, 0xE6, 0x6A, 0x65,
+        0x4F, 0xE4, 0xCC, 0xCB, 0x07, 0x8F, 0x07, 0xCB,
+        0xD4, 0x55, 0xD1, 0x5D, 0x3E, 0xEC, 0x7D, 0xA2,
+        0x74, 0xD2, 0x4A, 0x2E, 0x57, 0x18, 0x84, 0xDE,
+        0x41, 0xC3, 0xA9, 0xA4, 0xFD, 0xB3, 0xF6, 0x09,
+        0x8A, 0x17, 0x2C, 0x30, 0x96, 0x80, 0x39, 0xBD,
+        0x0E, 0x4E, 0xB3, 0xE2, 0xFB, 0x6D, 0x6E, 0xEE,
+        0xD3, 0x9E, 0x0B, 0x63, 0x62, 0xD5, 0x4E, 0x7B,
+        0x88, 0x95, 0x98, 0x69, 0xDD, 0xD5, 0xD8, 0x73,
+        0xD9, 0x65, 0x24, 0x01, 0xA2, 0x9F, 0x27, 0xA2,
+        0x8E, 0xA6, 0x6D, 0x32, 0xCC, 0xB0, 0xEF, 0x3B,
+        0xF4, 0x60, 0x0F, 0x75, 0x57, 0xEE, 0x8D, 0x54,
+        0xBF, 0x1D, 0xAD, 0x18, 0xF4, 0x5D, 0xDC, 0xD4,
+        0xC9, 0xED, 0x57, 0xB1, 0x3E, 0x44, 0x5B, 0xF1,
+        0x22, 0xA4, 0x3F, 0x53, 0x94, 0x03, 0x89, 0xBF,
+        0x87, 0x14, 0xFF, 0xAC, 0x72, 0x1E, 0x59, 0x31,
+        0x7E, 0x4B, 0x70, 0x50, 0x0A, 0xD0, 0xD1, 0xB9,
+        0xA6, 0x27, 0x05, 0x4D, 0x31, 0x93, 0x20, 0x8C,
+        0x77, 0x4E, 0x0B, 0x20, 0xED, 0x04, 0x1A, 0x8C,
+        0x05, 0x5E, 0x75, 0xEE, 0xCD, 0x37, 0x38, 0xF0,
+        0x07, 0x15, 0x8F, 0xAD, 0xDF, 0xCA, 0x5F, 0x43,
+        0x56, 0x2D, 0x63, 0x6A, 0x5A, 0xCF, 0x3A, 0x39,
+        0x83, 0xD3, 0xCF, 0xEB, 0xCA, 0x10, 0xB8, 0x13,
+        0xF9, 0xF6, 0x52, 0x65, 0x19, 0x19, 0x9A, 0x03,
+        0x13, 0xCD, 0x1D, 0xE1, 0x3F, 0x06, 0xAD, 0x53,
+        0x86, 0xE1, 0xE1, 0x20, 0x79, 0x5F, 0xD2, 0x67,
+        0xB7, 0xF4, 0x20, 0x19, 0xD8, 0x4D, 0xF6, 0xCD,
+        0x1B, 0xF9, 0x19, 0x30, 0xFC, 0xA7, 0xAF, 0xD5,
+        0x2E, 0x80, 0x70, 0x0F, 0x4C, 0xF5, 0xCD, 0xC3,
+        0x8A, 0x5F, 0x7A, 0x57, 0x49, 0x79, 0x1C, 0x2F,
+        0xDF, 0xFC, 0x4A, 0x10, 0x75, 0x3C, 0x24, 0xDB,
+        0x19, 0xE8, 0xEB, 0x65, 0x1C, 0x5B, 0x36, 0x32,
+        0x00, 0xF0, 0xB5, 0xD1, 0x69, 0x94, 0x70, 0x26,
+        0xE9, 0xF7, 0x4F, 0x01, 0x2D, 0xC7, 0xC5, 0xB3,
+        0x39, 0xDD, 0x49, 0xD2, 0x61, 0xCA, 0x1D, 0x37,
+        0xF8, 0xF2, 0x83, 0x46, 0xE6, 0x19, 0x78, 0x05,
+        0x4F, 0x45, 0xAE, 0xE4, 0x36, 0xDC, 0xCB, 0xE7,
+        0xBF, 0xAF, 0xE0, 0x7C, 0xE9, 0xA8, 0xB8, 0x3C,
+        0x90, 0xA2, 0x68, 0x6F, 0xA9, 0x54, 0x02, 0x85,
+        0x09, 0x25, 0xC8, 0x58, 0x2B, 0xC9, 0xB7, 0x34,
+        0xE4, 0xEC, 0xA1, 0xF7, 0xB2, 0x0B, 0x08, 0x6F,
+        0x12, 0x9F, 0x27, 0x7A, 0x5C, 0xBD, 0xAA, 0x96,
+        0x3C, 0x92, 0x71, 0x7E, 0xF7, 0x0E, 0xC1, 0x9B,
+        0xF3, 0xDB, 0xC6, 0xDA, 0x20, 0x3A, 0xD9, 0x0F,
+        0x3B, 0x13, 0xBB, 0xC2, 0x2F, 0xBD, 0x98, 0x0B,
+        0xB1, 0xB9, 0xD3, 0xA3, 0x44, 0x52, 0xB3, 0x35,
+        0x70, 0x21, 0xCE, 0x36, 0x13, 0x58, 0x4E, 0x09,
+        0x36, 0xBF, 0x1D, 0x09, 0x42, 0x09, 0x37, 0x81,
+        0x5E, 0x11, 0xCC, 0x5D, 0x5D, 0xDB, 0x4B, 0xF1,
+        0xD8, 0x30, 0xC4, 0xF8, 0x3F, 0x30, 0xE5, 0x15,
+        0x92, 0x1C, 0x78, 0x4D, 0x87, 0xBB, 0x20, 0xC0,
+        0x9E, 0x3C, 0x64, 0xBD, 0xCE, 0x9A, 0xB1, 0xC6,
+        0x9F, 0xD3, 0x07, 0xEF, 0xE3, 0x59, 0xC7, 0xF9,
+        0x38, 0x56, 0x6C, 0x9F, 0x25, 0x17, 0xB0, 0x63,
+        0x38, 0x51, 0x67, 0xE2, 0x47, 0xF3, 0x10, 0x81,
+        0x11, 0x9B, 0xAC, 0x6B, 0x55, 0xA0, 0xBD, 0xD7,
+        0x14, 0x25, 0x51, 0x0F, 0xFA, 0x2A, 0xBD, 0xFA,
+        0x88, 0x83, 0x76, 0xA3, 0x7F, 0x20, 0xC2, 0x48,
+        0x01, 0x52, 0xBB, 0x36, 0x16, 0x34, 0x52, 0x00,
+        0x07, 0xC5, 0xB3, 0x4B, 0xF2, 0x28, 0x17, 0xCB,
+        0x2E, 0x67, 0xAC, 0x1A, 0x82, 0x67, 0x0B, 0x71,
+        0xF1, 0x96, 0xC8, 0x9F, 0x23, 0xBA, 0x31, 0x4B,
+        0x16, 0xA9, 0x48, 0x49, 0x93, 0x04, 0xEF, 0x5C,
+        0x03, 0xDC, 0xF5, 0x8E, 0x52, 0xBE, 0x31, 0x48,
+        0x63, 0xE7, 0x23, 0xC5, 0x6D, 0x3A, 0xEB, 0x34,
+        0x0B, 0xFF, 0x18, 0xAB, 0xFA, 0x20, 0xDC, 0x03,
+        0x44, 0x20, 0x30, 0x23, 0x05, 0x33, 0xD9, 0x12,
+        0x9B, 0x83, 0xED, 0x22, 0xC3, 0x51, 0xF2, 0x32,
+        0x81, 0x72, 0xE3, 0x63, 0x44, 0x74, 0x44, 0xAE,
+        0x5C, 0x69, 0x02, 0xB7, 0x92, 0x79, 0x9F, 0x54,
+        0x44, 0x50, 0x78, 0x71, 0x19, 0x61, 0x2E, 0x9B,
+        0xB4, 0x13, 0x0A, 0x33, 0xA2, 0xA5, 0x96, 0x2A,
+        0xC0, 0x9D, 0x57, 0x7D, 0x6D, 0xDC, 0x88, 0x1F,
+        0xE6, 0x61, 0x61, 0x26, 0xD8, 0xA0, 0xA7, 0xDF,
+        0x2B, 0x22, 0x53, 0xBC, 0x8E, 0xC4, 0xE3, 0x53,
+        0x86, 0xEA, 0x55, 0x11, 0xF0, 0xF1, 0x58, 0x87,
+        0x14, 0x5B, 0x6C, 0x23, 0xAB, 0x3D, 0x40, 0x33,
+        0x39, 0xE4, 0x04, 0x07, 0x3E, 0xD9, 0xC6, 0xA8,
+        0x96, 0xA2, 0xF9, 0xEC, 0x70, 0xC4, 0x4B, 0xD2,
+        0xAE, 0xC1, 0x0F, 0xC4, 0x36, 0x0E, 0x87, 0x63,
+        0x6B, 0xE1, 0x55, 0xB6, 0xA6, 0x7B, 0x7E, 0xDF,
+        0x38, 0xCF, 0x73, 0x00, 0x48, 0x13, 0xC9, 0xE7,
+        0xD2, 0xC6, 0x54, 0xC2, 0x53, 0x0A, 0x71, 0xE5,
+        0xF8, 0xC1, 0x09, 0x42, 0xFB, 0x6D, 0x88, 0x41,
+        0x53, 0x5A, 0xB1, 0xDA, 0x43, 0xE8, 0xCB, 0x0B,
+        0xB8, 0x9E, 0x78, 0xEC, 0x91, 0xF8, 0xDE, 0x15,
+        0x31, 0xA0, 0x36, 0x65, 0xCC, 0xD5, 0xA7, 0x5B,
+        0xDA, 0x0E, 0xD0, 0xE5, 0x98, 0x64, 0xEE, 0xEF,
+        0x51, 0xA8, 0x3F, 0xA5, 0x53, 0xAF, 0x66, 0x2A,
+        0xEE, 0x00, 0xD1, 0xF8, 0x36, 0x7B, 0x4D, 0x5D,
+        0xDD, 0xC3, 0x45, 0x54, 0x4C, 0x6B, 0xD5, 0x14,
+        0xF8, 0x88, 0xE6, 0x03, 0x3C, 0x25, 0x5D, 0xB6,
+        0x50, 0xDA, 0x73, 0x4A, 0xD3, 0x3A, 0x3C, 0xF8,
+        0x4B, 0xD3, 0xF0, 0x6F, 0xA1, 0xA7, 0xCA, 0x02,
+        0xE4, 0xB8, 0xE9, 0x93, 0xAE, 0x7A, 0xE6, 0x34,
+        0x20, 0xA4, 0x6B, 0xA8, 0xA3, 0x81, 0x3D, 0x1E,
+        0x9D, 0x29, 0x66, 0xBB, 0x85, 0x60, 0xD7, 0x1C,
+        0x62, 0xA0, 0x44, 0xEA, 0x94, 0x17, 0x9F, 0x4E,
+        0xB1, 0xB6, 0xED, 0x60, 0x71, 0x9D, 0x51, 0xE0,
+        0xEE, 0xF6, 0xCD, 0x07, 0x91, 0x52, 0xF6, 0xBE,
+        0x48, 0x8E, 0xC9, 0x19, 0x11, 0xC6, 0xD3, 0xF1,
+        0xD1, 0x17, 0x3C, 0x54, 0x1F, 0x9D, 0x25, 0xBF,
+        0x34, 0x2F, 0xCA, 0xA3, 0xFF, 0x46, 0xC1, 0x8F,
+        0x2A, 0x04, 0x41, 0xD8, 0x3B, 0xDE, 0x35, 0x46,
+        0xA9, 0x82, 0x6C, 0x34, 0x96, 0xE0, 0x6F, 0x2F,
+        0x2B, 0x0E, 0xEB, 0x9D, 0x5B, 0xE8, 0x73, 0x9F,
+        0x83, 0xA4, 0x2D, 0x3B, 0x30, 0x0E, 0x70, 0xEE,
+        0x84, 0xDF, 0xFF, 0xB2, 0x07, 0x64, 0xA0, 0x60,
+        0x21, 0x2F, 0x05, 0x8C, 0x8A, 0x5F, 0xFA, 0x9A,
+        0x34, 0xE9, 0x28, 0xD6, 0xA7, 0xE0, 0x77, 0x08,
+        0xFE, 0x53, 0x93, 0xE3, 0x01, 0x7C, 0xE4, 0x70,
+        0xEB, 0x96, 0x58, 0xA7, 0x4E, 0x49, 0x51, 0xE6,
+        0xFA, 0x48, 0x54, 0xC9, 0xE9, 0xC2, 0x89, 0x88,
+        0x81, 0x2E, 0x44, 0x18, 0xA2, 0xE8, 0x32, 0x58,
+        0x0B, 0x4A, 0x27, 0x03, 0x72, 0xBC, 0x69, 0x67,
+        0x68, 0x89, 0xD0, 0xCC, 0x43, 0x24, 0x0E, 0xDA,
+        0xBC, 0x1D, 0x31, 0x14, 0xD8, 0xF3, 0x5A, 0xB2,
+        0xE9, 0xEA, 0x95, 0x30, 0x82, 0xE9, 0x53, 0x62,
+        0x79, 0xAC, 0xB3, 0xBE, 0x16, 0xD3, 0xA2, 0x05,
+        0xF4, 0x6C, 0xB6, 0x7B, 0x22, 0x14, 0x96, 0x93,
+        0x5A, 0xC0, 0x42, 0x92, 0xBB, 0xFB, 0x9A, 0x61,
+        0xC0, 0xA0, 0x3E, 0xF4, 0xC9, 0xB6, 0x82, 0x04,
+        0x95, 0xF3, 0xD8, 0x0E, 0x4A, 0x6F, 0xB7, 0xE1,
+        0xC6, 0x99, 0x03, 0xFA, 0x22, 0x6E, 0x02, 0x3E,
+        0x95, 0xBA, 0x41, 0x6D, 0xF2, 0xE5, 0xE4, 0x54,
+        0x1E, 0x15, 0xDC, 0xC0, 0x00, 0xB5, 0xE6, 0x5C,
+        0x97, 0x20, 0xDA, 0xF6, 0x96, 0x01, 0x2F, 0xA2,
+        0xA6, 0xCF, 0x75, 0x8E, 0xD6, 0xD2, 0x25, 0xA3,
+        0xE4, 0xFE, 0xE4, 0x5A, 0xC5, 0xFB, 0x48, 0x70,
+        0x7F, 0xAE, 0x13, 0x3D, 0x59, 0x2C, 0xFD, 0x2E,
+        0x8C, 0x43, 0xC2, 0x12, 0x6F, 0x65, 0x2B, 0xEE,
+        0x9B, 0xAB, 0x43, 0xA1, 0xA1, 0x0B, 0xE2, 0x41,
+        0x1A, 0x67, 0x94, 0xB2, 0x6C, 0xB5, 0x5C, 0xC2,
+        0x17, 0xEB, 0x7B, 0x0B, 0x14, 0x6D, 0x23, 0xF7,
+        0x92, 0x2D, 0x32, 0x22, 0xAE, 0x5E, 0xE8, 0xC6,
+        0xD3, 0x8E, 0x83, 0x99, 0xBA, 0x51, 0xC6, 0x81,
+        0xB8, 0x38, 0x16, 0xFC, 0xF7, 0x44, 0x38, 0x82,
+        0x59, 0x20, 0xF9, 0xCE, 0x8A, 0x20, 0x2A, 0x8F,
+        0x6D, 0x94, 0x2D, 0xA8, 0x62, 0x38, 0xFB, 0x4C,
+        0x9F, 0x21, 0x98, 0xEA, 0x8D, 0xFF, 0x81, 0xC1,
+        0x72, 0x86, 0xE0, 0x18, 0xDF, 0x4B, 0x7F, 0xE3,
+        0x88, 0x4D, 0x17, 0x59, 0xE4, 0xC5, 0x9B, 0xB5,
+        0x26, 0x17, 0xAE, 0xD4, 0xE7, 0x8E, 0x4E, 0x7C,
+        0x4E, 0x9A, 0x36, 0xE4, 0xE9, 0x96, 0xD3, 0x23,
+        0x91, 0xA3, 0x4A, 0x0D, 0xAA, 0xAB, 0x6B, 0x54,
+        0x08, 0x15, 0xA3, 0x4D, 0x20, 0x40, 0x7A, 0xEF,
+        0x81, 0x94, 0x9B, 0xE6, 0x7B, 0x90, 0x69, 0x50,
+        0xD8, 0x9B, 0xE9, 0xF0, 0x85, 0xE9, 0x9E, 0xB5,
+        0x87, 0x26, 0x95, 0x17, 0x3B, 0x3E, 0xFA, 0xCA,
+        0xE9, 0x45, 0x5D, 0x2B, 0x2C, 0xD4, 0xF7, 0x10,
+        0xB8, 0x72, 0xCF, 0x66, 0x2B, 0x73, 0x62, 0x16,
+        0xB1, 0xBB, 0xFB, 0x1F, 0x5F, 0x3D, 0x48, 0x6C,
+        0x7B, 0x4B, 0x87, 0x56, 0x12, 0x33, 0x3F, 0x8E,
+        0x4B, 0xA9, 0x33, 0xDC, 0x79, 0xF0, 0xED, 0xFD,
+        0x7B, 0xAA, 0xDE, 0x2C, 0x16, 0xF2, 0x14, 0x6A,
+        0x49, 0x6F, 0x79, 0xC4, 0x2A, 0x4D, 0x6B, 0x52,
+        0x39, 0xA3, 0x0D, 0xD3, 0xC4, 0x8B, 0xEB, 0x09,
+        0x2C, 0xA0, 0x75, 0x00, 0x10, 0xF6, 0x9E, 0xD4,
+        0xB9, 0x23, 0x20, 0x14, 0x7D, 0xBB, 0xE2, 0x08,
+        0xF6, 0xE8, 0xEB, 0x1C, 0xF2, 0x47, 0xD2, 0x1A,
+        0x3A, 0x3B, 0x01, 0xDF, 0x58, 0xC0, 0xAA, 0x62,
+        0x94, 0x4D, 0xA0, 0xEF, 0x04, 0x50, 0xE8, 0xCE,
+        0x48, 0xAA, 0x13, 0x7E, 0x7E, 0x15, 0x16, 0xC1,
+        0xD5, 0xC8, 0x6E, 0xEA, 0x17, 0xFD, 0xFA, 0xC1,
+        0x69, 0x07, 0x46, 0xE7, 0x26, 0x70, 0x45, 0xA3,
+        0xE9, 0x05, 0x96, 0xBD, 0xB7, 0x5D, 0x50, 0xB6,
+        0xDD, 0x5C, 0x34, 0xE5, 0xC8, 0xD8, 0x9D, 0xC6,
+        0xF2, 0xF1, 0xD2, 0x44, 0x40, 0xE5, 0x7B, 0x47,
+        0x59, 0xB8, 0x62, 0x5F, 0x72, 0xBC, 0x4A, 0x7B,
+        0x10, 0xD5, 0x19, 0xD3, 0x31, 0xF9, 0xC4, 0x00,
+        0xAA, 0xE1, 0xE5, 0x0D, 0x48, 0x0C, 0xAA, 0xE5,
+        0xA1, 0xC0, 0xFA, 0x99, 0xD7, 0x79, 0x24, 0xCF,
+        0x8D, 0xFE, 0x56, 0xCD, 0x70, 0x92, 0xE7, 0xB9
+    };
+#endif /* !WOLFSSL_NO_ML_DSA_44 */
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte seed_65[] = {
+        0x70, 0xCE, 0xFB, 0x9A, 0xED, 0x5B, 0x68, 0xE0,
+        0x18, 0xB0, 0x79, 0xDA, 0x82, 0x84, 0xB9, 0xD5,
+        0xCA, 0xD5, 0x49, 0x9E, 0xD9, 0xC2, 0x65, 0xFF,
+        0x73, 0x58, 0x80, 0x05, 0xD8, 0x5C, 0x22, 0x5C
+    };
+    static const byte pk_65[] = {
+        0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35,
+        0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52,
+        0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC,
+        0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C,
+        0xBB, 0x11, 0x19, 0x23, 0xF1, 0x94, 0xA7, 0xCC,
+        0x8A, 0x7B, 0xB2, 0xEB, 0xC5, 0xC0, 0xE7, 0x1A,
+        0xA6, 0x37, 0xCC, 0x80, 0x0E, 0x61, 0x03, 0xB8,
+        0x50, 0xA5, 0x39, 0xB2, 0xA3, 0x9E, 0x1B, 0x6D,
+        0x71, 0x3E, 0x5D, 0xB8, 0x31, 0x4C, 0x9A, 0xE1,
+        0xF8, 0xBF, 0x8A, 0x38, 0xF0, 0x6A, 0xFB, 0x9D,
+        0x73, 0xB1, 0x61, 0xB0, 0xFF, 0xE3, 0xA4, 0x89,
+        0x17, 0x06, 0xAE, 0x26, 0xD5, 0x4F, 0xFB, 0x49,
+        0x6D, 0xF8, 0xDC, 0x0F, 0x19, 0x83, 0x50, 0x95,
+        0x00, 0xC9, 0xAB, 0xBD, 0x28, 0xE5, 0x9B, 0x3F,
+        0xCD, 0xAB, 0xBD, 0xAD, 0xAB, 0xD4, 0x5E, 0xC3,
+        0x14, 0x99, 0x37, 0x8B, 0xDE, 0x84, 0x9E, 0x7C,
+        0x1F, 0x19, 0xB7, 0x04, 0x4D, 0x67, 0xE0, 0x51,
+        0x06, 0xD7, 0x13, 0x6D, 0x95, 0x38, 0x0D, 0x56,
+        0x05, 0xD4, 0x46, 0x5D, 0x87, 0x75, 0x57, 0x06,
+        0x5D, 0xF0, 0xA7, 0x5D, 0x3C, 0x28, 0x54, 0x2F,
+        0x40, 0xFE, 0xED, 0x42, 0xEC, 0x7E, 0x28, 0x06,
+        0x37, 0xB0, 0x83, 0xD9, 0x88, 0xBC, 0xA5, 0xF6,
+        0x39, 0x4E, 0x02, 0x39, 0x6C, 0x46, 0x76, 0x18,
+        0x4F, 0xB6, 0x33, 0x18, 0xDA, 0xFA, 0xF5, 0xBB,
+        0xDD, 0xE0, 0x0E, 0x30, 0x8F, 0xE8, 0x40, 0x19,
+        0xC2, 0x34, 0x0A, 0x3F, 0x3E, 0x1C, 0x08, 0x65,
+        0x62, 0x49, 0x70, 0x71, 0x12, 0x83, 0x35, 0x6A,
+        0xE1, 0x4B, 0xD6, 0xB9, 0x4D, 0x1C, 0x9A, 0xE1,
+        0x88, 0xDE, 0x1A, 0x8A, 0x2C, 0xA8, 0x24, 0xA8,
+        0xEA, 0xE2, 0xFE, 0x6A, 0xFB, 0x38, 0xD8, 0x3A,
+        0x2D, 0x99, 0x99, 0x6A, 0xB2, 0x1F, 0xE3, 0xE8,
+        0x4C, 0x0B, 0xE6, 0xB6, 0xDA, 0x08, 0x87, 0x9B,
+        0x67, 0x73, 0x74, 0xFA, 0x7C, 0x69, 0x1B, 0x13,
+        0xD4, 0x0F, 0xA9, 0xD4, 0xCC, 0x26, 0xB2, 0x28,
+        0x8D, 0x5A, 0x8C, 0x9A, 0x43, 0x72, 0x43, 0x81,
+        0x00, 0x4D, 0x61, 0xB0, 0xD5, 0x7F, 0xF4, 0x00,
+        0x31, 0x4C, 0x8E, 0x30, 0xEE, 0x79, 0x6A, 0xF1,
+        0x0F, 0x7E, 0xE2, 0x1B, 0xF1, 0x3D, 0x08, 0x18,
+        0x04, 0x65, 0xAB, 0xC7, 0x2E, 0xDD, 0xB0, 0x80,
+        0xC6, 0xA0, 0x71, 0x84, 0xE3, 0xEE, 0xDC, 0x47,
+        0xC1, 0x9A, 0xA7, 0xF0, 0x9D, 0x1F, 0x33, 0x09,
+        0xE1, 0x83, 0xA2, 0xBD, 0x9B, 0x05, 0x73, 0xDD,
+        0xE4, 0x74, 0xA8, 0x1B, 0xA4, 0xF7, 0x8D, 0x0C,
+        0x52, 0x3D, 0x0C, 0x04, 0xF9, 0x00, 0x60, 0xFD,
+        0x57, 0x1A, 0x35, 0xC0, 0x37, 0xE0, 0x79, 0xC5,
+        0xE2, 0x10, 0xD7, 0x39, 0x0D, 0xF5, 0x68, 0xF2,
+        0xE2, 0xF0, 0x3C, 0xE4, 0x44, 0x20, 0xC8, 0x2F,
+        0x3F, 0xE6, 0x9E, 0xB9, 0xB4, 0x8E, 0xE9, 0x09,
+        0x62, 0xD6, 0xB0, 0xF2, 0x44, 0x40, 0x64, 0x8F,
+        0x71, 0xED, 0xB2, 0x41, 0xEE, 0x65, 0x66, 0xFC,
+        0x1A, 0x64, 0xCA, 0xBF, 0x66, 0xBE, 0x6F, 0xEC,
+        0xBC, 0xB1, 0x38, 0x7C, 0x82, 0xA7, 0xBC, 0x20,
+        0x2D, 0x9E, 0x36, 0x79, 0x98, 0xE2, 0xA2, 0x91,
+        0xAF, 0x0C, 0xD1, 0x57, 0x06, 0x77, 0xFE, 0x8D,
+        0x63, 0xA3, 0x28, 0x5A, 0x2E, 0xA6, 0xEB, 0x29,
+        0xAF, 0x9D, 0xC1, 0xAE, 0xC1, 0xC3, 0x6C, 0x47,
+        0x06, 0xB1, 0x2B, 0xAA, 0x20, 0x83, 0x96, 0x92,
+        0xF2, 0x86, 0xA6, 0xE0, 0x32, 0x14, 0x68, 0xF7,
+        0x47, 0x93, 0x45, 0xC4, 0xD5, 0x2F, 0xBD, 0xB2,
+        0xF0, 0x67, 0x25, 0xB5, 0x54, 0xB8, 0x9E, 0x24,
+        0x92, 0x61, 0x26, 0x81, 0xAC, 0xEB, 0xC6, 0xC7,
+        0xBA, 0xDA, 0x92, 0x25, 0x81, 0x8D, 0xBC, 0x35,
+        0xD6, 0x4C, 0x22, 0xC4, 0x8B, 0xFF, 0x80, 0xA7,
+        0x30, 0xD0, 0x71, 0x6D, 0xFA, 0xC9, 0x9D, 0xFD,
+        0x5B, 0x89, 0x92, 0x61, 0x1D, 0x0C, 0x93, 0xEE,
+        0x90, 0xBD, 0xB2, 0x60, 0x02, 0x2A, 0xFE, 0x25,
+        0xD9, 0x13, 0xE0, 0x6E, 0xFF, 0xB5, 0x9C, 0xB1,
+        0xF8, 0xA6, 0x0C, 0xBF, 0xA5, 0xAB, 0x2F, 0x45,
+        0x9A, 0x16, 0xF4, 0x67, 0xE9, 0x89, 0x52, 0x5E,
+        0x0A, 0x37, 0xEB, 0xE5, 0x6E, 0x83, 0x3F, 0xDE,
+        0x55, 0xDB, 0x9D, 0x15, 0x30, 0xAD, 0xCF, 0x45,
+        0x84, 0x6D, 0xF2, 0x81, 0xE4, 0x7C, 0xAA, 0x1E,
+        0x0A, 0x27, 0xEF, 0xDE, 0x21, 0x07, 0xD3, 0x54,
+        0xCE, 0xA0, 0xF6, 0xA4, 0x54, 0x69, 0x2F, 0x04,
+        0xCD, 0x83, 0x8E, 0xBD, 0xD4, 0x6E, 0x19, 0x1E,
+        0x5D, 0x9C, 0x11, 0x83, 0x9A, 0x2C, 0x3F, 0x48,
+        0x8A, 0x4F, 0xC7, 0xCD, 0x26, 0x5A, 0x7B, 0x5D,
+        0x32, 0xB0, 0x8C, 0xBD, 0xBF, 0xAB, 0x9D, 0x2C,
+        0xCD, 0x76, 0x22, 0x2C, 0x8E, 0xE3, 0x7D, 0xDC,
+        0xBD, 0x2A, 0xA0, 0x63, 0xED, 0x86, 0x14, 0x73,
+        0xA6, 0x45, 0x4C, 0xAE, 0xA3, 0x77, 0x85, 0x0B,
+        0x1A, 0x2B, 0x9D, 0xDB, 0xBC, 0xB3, 0x74, 0xFA,
+        0xB5, 0xB1, 0x2F, 0x35, 0x1C, 0x8E, 0x58, 0x88,
+        0x87, 0x2E, 0x5C, 0xD1, 0xF6, 0x0A, 0x4F, 0xAE,
+        0x1F, 0xF8, 0x37, 0xD1, 0x92, 0xC2, 0x2B, 0xEB,
+        0x41, 0xEE, 0x6F, 0xA3, 0x92, 0xFC, 0xDF, 0x45,
+        0x50, 0xFF, 0x46, 0xB5, 0xCE, 0x90, 0x6D, 0x01,
+        0x7E, 0xF3, 0x07, 0x7D, 0xF1, 0x32, 0x30, 0x0D,
+        0x8B, 0xBF, 0xA9, 0xBB, 0x03, 0xC7, 0x5E, 0x79,
+        0xE2, 0xF0, 0x4C, 0x28, 0x4A, 0xD0, 0x6A, 0x44,
+        0x39, 0x96, 0x49, 0xC3, 0xE2, 0xA2, 0xA8, 0xD1,
+        0xEF, 0xE9, 0xB7, 0xA4, 0xE0, 0xC2, 0x71, 0x04,
+        0x7A, 0xB7, 0x59, 0x08, 0xBF, 0xF7, 0xDF, 0x9E,
+        0x30, 0xEC, 0xA5, 0x47, 0x74, 0x5B, 0xAE, 0x23,
+        0xA8, 0x6F, 0xF9, 0xA8, 0xB5, 0x8C, 0x25, 0x38,
+        0xB8, 0x8B, 0x86, 0x64, 0x01, 0x07, 0x69, 0x02,
+        0xDC, 0x5F, 0x0B, 0xD7, 0x61, 0x68, 0x7B, 0x49,
+        0xEA, 0xFE, 0x36, 0xD3, 0x50, 0xCB, 0xED, 0xFD,
+        0xD3, 0x6C, 0x12, 0x1C, 0xF2, 0x37, 0x86, 0xBF,
+        0xCF, 0x7E, 0x47, 0x07, 0x64, 0x96, 0xEA, 0xB6,
+        0xBB, 0xDA, 0x77, 0x40, 0x49, 0xC2, 0xEB, 0xAB,
+        0xE2, 0xDE, 0x99, 0xC4, 0xC2, 0x4F, 0x2D, 0xB7,
+        0x36, 0x84, 0x01, 0x5B, 0x37, 0x39, 0x77, 0x49,
+        0x67, 0x60, 0xCF, 0x9A, 0xC2, 0x3D, 0x8B, 0x62,
+        0x31, 0x33, 0xDB, 0x2D, 0xE1, 0x0D, 0x73, 0xFA,
+        0x6A, 0xD1, 0xC6, 0xDA, 0xC8, 0x43, 0x4F, 0x28,
+        0xC6, 0xE2, 0x51, 0xCE, 0x72, 0x93, 0xCF, 0xF3,
+        0xF3, 0xB6, 0x1E, 0xFC, 0xB5, 0xA4, 0x35, 0x12,
+        0x36, 0x70, 0xF2, 0x98, 0x46, 0xA1, 0x3D, 0xF3,
+        0xEE, 0x71, 0x26, 0x04, 0x46, 0x1F, 0x1B, 0xAB,
+        0x8F, 0x4E, 0xBC, 0x83, 0x6D, 0xE0, 0x58, 0x97,
+        0x8A, 0xE7, 0x34, 0x39, 0x6A, 0x98, 0x08, 0x1B,
+        0x35, 0xCC, 0x98, 0x18, 0x8A, 0x86, 0x94, 0x9C,
+        0x99, 0x27, 0x0D, 0x47, 0x09, 0x85, 0x4C, 0x5B,
+        0x35, 0xB1, 0x7F, 0x48, 0xA3, 0x73, 0x13, 0x4C,
+        0x81, 0x4C, 0xC8, 0xA0, 0xF3, 0xE2, 0xFA, 0x80,
+        0x7F, 0x2A, 0x91, 0x85, 0x30, 0x90, 0x78, 0x64,
+        0x77, 0x82, 0x82, 0xD7, 0x5E, 0x03, 0xA4, 0x1B,
+        0x25, 0x04, 0xEE, 0xD8, 0x16, 0xA4, 0x17, 0xA3,
+        0xAC, 0x6B, 0xA1, 0x60, 0x80, 0xC3, 0x9B, 0x73,
+        0x10, 0x19, 0x20, 0x02, 0xA7, 0x28, 0xF7, 0xF2,
+        0x03, 0x95, 0x00, 0x9A, 0x9E, 0x16, 0x76, 0x7C,
+        0xE1, 0x97, 0x1F, 0x5D, 0xE7, 0xD2, 0x29, 0xA5,
+        0x06, 0x13, 0x36, 0x9E, 0x43, 0x82, 0x04, 0x5A,
+        0x8E, 0x81, 0x90, 0x1F, 0x4D, 0xBA, 0x81, 0x02,
+        0xF3, 0xD4, 0x13, 0xFE, 0x35, 0xB3, 0x26, 0xA8,
+        0x74, 0xF2, 0x33, 0xB7, 0x19, 0xA7, 0x13, 0x76,
+        0x00, 0xD3, 0x5D, 0x33, 0xAE, 0xB6, 0xB7, 0x25,
+        0x96, 0x24, 0x08, 0x3A, 0xA9, 0x68, 0x73, 0x0C,
+        0x8F, 0x78, 0x29, 0x2A, 0xD2, 0x8F, 0x14, 0xEE,
+        0xAB, 0xE6, 0x60, 0x83, 0x59, 0x84, 0xFE, 0x69,
+        0xEF, 0x23, 0xDE, 0xC8, 0xC3, 0x27, 0xC0, 0xEB,
+        0x0B, 0x88, 0x2D, 0x58, 0x7E, 0x1E, 0xC4, 0x33,
+        0xDA, 0x85, 0xC9, 0xFD, 0x1E, 0x0A, 0x34, 0x99,
+        0x4D, 0xEA, 0x24, 0x0C, 0x85, 0x44, 0x52, 0xD1,
+        0x8C, 0x30, 0xF4, 0x96, 0xE4, 0x9E, 0xC9, 0x04,
+        0xB6, 0x02, 0xE0, 0xF5, 0x06, 0x2E, 0xDC, 0xDA,
+        0x03, 0x28, 0x0A, 0x53, 0xB4, 0x31, 0x35, 0x74,
+        0xCC, 0x2C, 0x0D, 0x54, 0x71, 0xBC, 0x96, 0x13,
+        0xBD, 0xFD, 0x66, 0x41, 0xF5, 0xBD, 0x12, 0x7B,
+        0xAB, 0x5B, 0x5E, 0xB3, 0xD4, 0x99, 0xA3, 0x31,
+        0x14, 0x04, 0x82, 0x20, 0xE8, 0x19, 0xF8, 0xEE,
+        0x12, 0xCA, 0x92, 0x2C, 0x8F, 0x17, 0xD9, 0xC9,
+        0xF5, 0x1A, 0xD5, 0xBD, 0x68, 0x83, 0xB1, 0x0E,
+        0x6A, 0xA2, 0x48, 0x3B, 0xA4, 0x9D, 0xC5, 0x47,
+        0xDA, 0x76, 0x86, 0x15, 0x13, 0x44, 0xF4, 0xE9,
+        0x09, 0x9B, 0x38, 0xE4, 0x30, 0xB5, 0x22, 0x6B,
+        0x05, 0x98, 0x32, 0xCF, 0x03, 0xDB, 0x48, 0xFB,
+        0x02, 0xDB, 0xA4, 0xE6, 0x15, 0x93, 0xDC, 0x45,
+        0x76, 0x36, 0x04, 0x91, 0x89, 0x0E, 0x53, 0xEC,
+        0x0E, 0x6A, 0xC7, 0x3C, 0xF3, 0x2B, 0x25, 0xD8,
+        0x23, 0xB3, 0x84, 0x56, 0xE2, 0x86, 0x50, 0x5A,
+        0x54, 0x1E, 0x5A, 0xEE, 0xE9, 0x6B, 0x19, 0x14,
+        0xF5, 0xF7, 0x66, 0x87, 0xCE, 0x2B, 0x01, 0x60,
+        0x22, 0x7A, 0xBE, 0xD7, 0x79, 0x93, 0x59, 0x4B,
+        0xCD, 0x83, 0x13, 0x66, 0x20, 0x6D, 0x75, 0x71,
+        0x40, 0x82, 0xF1, 0xC4, 0x6F, 0x1F, 0x44, 0x39,
+        0xAC, 0x81, 0xA5, 0x7A, 0xF3, 0x1C, 0x81, 0xC5,
+        0x55, 0x30, 0x7A, 0x07, 0x0F, 0xFA, 0x94, 0xE0,
+        0x47, 0x9B, 0x78, 0x4B, 0xBD, 0x88, 0xA6, 0x0C,
+        0xD4, 0xC7, 0xCF, 0xD9, 0x4E, 0x6A, 0xFE, 0x02,
+        0xF6, 0xB2, 0x1F, 0x72, 0xAF, 0x0D, 0xCD, 0x66,
+        0x09, 0xD4, 0x0C, 0x96, 0x5C, 0x14, 0xE5, 0xF2,
+        0x38, 0x91, 0x83, 0xE5, 0x3D, 0xE9, 0x30, 0xF7,
+        0xDE, 0x1D, 0x44, 0x21, 0x5C, 0xF4, 0x91, 0x44,
+        0x84, 0x4E, 0x8B, 0x87, 0xF7, 0x8A, 0x7F, 0x13,
+        0x2A, 0xEF, 0xE2, 0x2B, 0xE8, 0x0B, 0x4E, 0x3A,
+        0x05, 0xEE, 0x3A, 0x68, 0xCC, 0xF6, 0x09, 0xEF,
+        0x44, 0x04, 0x74, 0x02, 0xE4, 0x49, 0x30, 0x46,
+        0xE6, 0xF9, 0xC7, 0x67, 0xFF, 0x8A, 0x75, 0xE2,
+        0x8B, 0x3C, 0xE0, 0x77, 0xFD, 0xE7, 0xE7, 0xEE,
+        0xD3, 0x13, 0xB5, 0xBF, 0x7E, 0x46, 0x01, 0x27,
+        0xCA, 0x81, 0x82, 0xE9, 0xBC, 0x79, 0x4C, 0x0D,
+        0xFA, 0x73, 0x0F, 0xB9, 0x20, 0x08, 0x05, 0x75,
+        0xA7, 0x51, 0xB5, 0xCA, 0xEC, 0x85, 0xA1, 0x09,
+        0xB4, 0x42, 0x2B, 0xA2, 0x66, 0x74, 0x3F, 0x0D,
+        0x03, 0x2B, 0xDA, 0x8F, 0x1C, 0xA6, 0x24, 0x8C,
+        0xDB, 0x91, 0x75, 0x30, 0xDF, 0x13, 0x02, 0xA5,
+        0xF8, 0xC1, 0x8D, 0xC6, 0x42, 0xD5, 0x24, 0x78,
+        0xC9, 0x8C, 0x12, 0xA3, 0xF1, 0x6E, 0xF2, 0xB6,
+        0x2B, 0x4F, 0x59, 0xEA, 0x1B, 0xB5, 0x8D, 0xE7,
+        0xB6, 0x5B, 0x3C, 0x71, 0x53, 0xCE, 0x6D, 0xA5,
+        0xE4, 0x95, 0x07, 0x46, 0xF8, 0x0E, 0x08, 0x7A,
+        0x0E, 0x35, 0x86, 0xD0, 0x97, 0x79, 0x1B, 0xF3,
+        0x6D, 0xEF, 0x86, 0x5D, 0x68, 0x59, 0x1D, 0x39,
+        0xD0, 0x90, 0x37, 0x73, 0xEE, 0xA9, 0x62, 0x14,
+        0x7F, 0x34, 0x70, 0x41, 0x38, 0xB5, 0x4D, 0xF7,
+        0x92, 0x4C, 0xDD, 0x8C, 0x33, 0x3D, 0xB5, 0xE1,
+        0xA4, 0x09, 0xCC, 0xB2, 0xB3, 0x4E, 0x2C, 0x3C,
+        0x8C, 0x7F, 0xDD, 0x3F, 0xD8, 0xD0, 0x12, 0xCB,
+        0xF3, 0x82, 0xAA, 0xA8, 0x5E, 0x83, 0xA1, 0x2F,
+        0x23, 0x5A, 0x2D, 0x14, 0x7D, 0x03, 0x5B, 0x7B,
+        0x28, 0xB3, 0x4B, 0x6F, 0x57, 0x94, 0x9F, 0x32,
+        0x24, 0x82, 0xA7, 0xD4, 0xD3, 0xB1, 0x50, 0x45,
+        0xC4, 0x20, 0xD5, 0xAD, 0xDC, 0x7F, 0x0E, 0x69,
+        0xB4, 0xDC, 0x1C, 0xBA, 0x58, 0xB0, 0x1D, 0x87,
+        0x24, 0x80, 0xB0, 0x6A, 0x26, 0x0D, 0x82, 0x7D,
+        0x89, 0x1B, 0x13, 0xC4, 0xC5, 0xCA, 0x50, 0xC7,
+        0x48, 0xDE, 0x3C, 0x77, 0x1B, 0xE6, 0x1E, 0x9A,
+        0xA1, 0x70, 0x16, 0x5C, 0xB0, 0x1F, 0x4B, 0xF5,
+        0xDA, 0x27, 0xA7, 0x79, 0x1D, 0x3A, 0xD3, 0xF6,
+        0x26, 0x7B, 0x4C, 0xB4, 0xE6, 0x1B, 0x28, 0xFA,
+        0x17, 0x08, 0x41, 0x8D, 0x93, 0x2D, 0xFC, 0x41,
+        0x61, 0x88, 0x0C, 0x5D, 0x3B, 0x17, 0xA9, 0x66,
+        0x3A, 0x90, 0x61, 0xFA, 0x8F, 0x18, 0x04, 0x31,
+        0x58, 0x50, 0xFE, 0x4E, 0x73, 0x06, 0xC8, 0x82,
+        0xB3, 0x82, 0x27, 0xE8, 0x67, 0xF8, 0x08, 0x72,
+        0xCD, 0xC1, 0x94, 0x4D, 0x47, 0x26, 0x15, 0xEA,
+        0x49, 0x00, 0xEF, 0x7D, 0x27, 0x0B, 0x88, 0x1D,
+        0x41, 0x30, 0xF5, 0x6C, 0x5C, 0xC9, 0x80, 0xD9,
+        0x2A, 0x47, 0xAD, 0xA6, 0x65, 0x7E, 0xB6, 0xF3,
+        0x7A, 0x38, 0x5D, 0x2D, 0x8C, 0xC9, 0x93, 0xE1,
+        0x44, 0x2E, 0xB0, 0x52, 0x81, 0x85, 0x36, 0x36,
+        0x99, 0x1E, 0x34, 0xAA, 0xDC, 0x68, 0x95, 0x4D,
+        0x04, 0xE7, 0xAD, 0xEF, 0x76, 0xBF, 0x88, 0x0F,
+        0x05, 0x9B, 0x0C, 0xBB, 0x55, 0xD9, 0x15, 0xA4,
+        0xB1, 0x23, 0xE2, 0xF1, 0x33, 0x9A, 0x07, 0x3C,
+        0xBF, 0xBC, 0x40, 0x9B, 0xEF, 0xF6, 0x40, 0x0A,
+        0xE0, 0x96, 0xD5, 0xAE, 0x18, 0xEC, 0x42, 0xCF,
+        0xFA, 0xD5, 0xB4, 0x98, 0x0F, 0xA3, 0x5B, 0xF0,
+        0x34, 0x13, 0xAD, 0xB5, 0xD7, 0xE6, 0x87, 0x6A,
+        0xC3, 0x55, 0xD1, 0xC9, 0xED, 0x70, 0xCA, 0x2B,
+        0x97, 0x39, 0x54, 0xD1, 0x2B, 0x3C, 0xDD, 0x76,
+        0xAC, 0x68, 0x35, 0xDB, 0x96, 0x00, 0x3E, 0xD8,
+        0xC4, 0xE2, 0x88, 0xB7, 0x1F, 0xD7, 0x7D, 0xBA,
+        0xA7, 0x63, 0x57, 0x20, 0xE1, 0x2A, 0xE0, 0xA3,
+        0x17, 0xDE, 0x80, 0x8C, 0x66, 0x4E, 0x31, 0x7F,
+        0x55, 0x27, 0x57, 0x91, 0xF3, 0x24, 0x5C, 0xA4,
+        0xFE, 0x5D, 0x4D, 0x41, 0x07, 0x7F, 0xC1, 0x50,
+        0xA6, 0xE4, 0x03, 0xD5, 0xA2, 0x08, 0xE4, 0x6E,
+        0xAD, 0xBE, 0x8F, 0x2C, 0xFB, 0x8A, 0xF4, 0x72,
+        0xF4, 0xA0, 0xCE, 0xAC, 0x01, 0x52, 0x19, 0x47,
+        0x8E, 0x6B, 0x86, 0xC9, 0x58, 0xCF, 0x86, 0x52,
+        0x5B, 0x74, 0x85, 0xC1, 0x73, 0x4C, 0x7E, 0xF0,
+        0x0E, 0x90, 0x68, 0x3F, 0xFF, 0x5D, 0xBD, 0x0A,
+        0x7D, 0x41, 0x3A, 0x85, 0x50, 0x21, 0x02, 0x6A,
+        0x1B, 0x32, 0x01, 0x3A, 0x46, 0x16, 0xCB, 0xCD,
+        0x37, 0x00, 0xAC, 0xBC, 0x70, 0x5B, 0xE3, 0xEF,
+        0xBA, 0x62, 0x5C, 0x69, 0xA0, 0x25, 0x26, 0x7B,
+        0xCE, 0x9D, 0x13, 0x5E, 0x3F, 0x5B, 0x5C, 0xC8,
+        0xC4, 0x39, 0x56, 0x40, 0x7E, 0x84, 0xB6, 0x66,
+        0x31, 0x03, 0xE2, 0x9C, 0x24, 0x20, 0x35, 0x55,
+        0x1A, 0xE7, 0x97, 0xF5, 0x6C, 0x63, 0x74, 0xBE,
+        0x0C, 0x79, 0x8C, 0x0C, 0xF3, 0x98, 0xF1, 0xED
+    };
+    static const byte sk_65[] = {
+        0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35,
+        0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52,
+        0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC,
+        0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C,
+        0xE3, 0x8D, 0x1C, 0x14, 0xF6, 0x46, 0x7C, 0x35,
+        0xA9, 0xF3, 0x80, 0xD2, 0x7D, 0xE6, 0x1F, 0x7C,
+        0x75, 0x03, 0x15, 0x69, 0xEA, 0x2E, 0xC8, 0x26,
+        0x0E, 0xEE, 0x91, 0x05, 0x26, 0x1B, 0x7F, 0xE1,
+        0x60, 0xC9, 0x13, 0x44, 0xB0, 0xC6, 0x76, 0x4C,
+        0x20, 0x4E, 0x5B, 0x8D, 0x42, 0x46, 0x50, 0xBE,
+        0xC0, 0x6B, 0x9E, 0x2E, 0x62, 0x5A, 0xF0, 0x7E,
+        0x23, 0xF4, 0x95, 0x0C, 0xA2, 0x4F, 0xB4, 0xD6,
+        0xEC, 0x2C, 0x8B, 0x3A, 0x71, 0x7C, 0x93, 0x11,
+        0xEB, 0x87, 0x27, 0x9F, 0xE2, 0x5E, 0x31, 0x1F,
+        0x48, 0xB8, 0x25, 0x65, 0x01, 0xF6, 0x46, 0x34,
+        0x12, 0xB5, 0x0D, 0xBC, 0x89, 0xA8, 0x69, 0xBA,
+        0x22, 0x41, 0x11, 0x26, 0x48, 0x40, 0x07, 0x38,
+        0x73, 0x02, 0x12, 0x44, 0x25, 0x44, 0x57, 0x54,
+        0x83, 0x72, 0x50, 0x33, 0x35, 0x62, 0x58, 0x42,
+        0x32, 0x01, 0x62, 0x11, 0x83, 0x61, 0x02, 0x45,
+        0x66, 0x56, 0x48, 0x35, 0x61, 0x20, 0x84, 0x52,
+        0x60, 0x68, 0x50, 0x45, 0x65, 0x55, 0x12, 0x72,
+        0x47, 0x47, 0x21, 0x21, 0x25, 0x40, 0x22, 0x21,
+        0x42, 0x81, 0x17, 0x65, 0x03, 0x06, 0x42, 0x61,
+        0x52, 0x13, 0x43, 0x25, 0x24, 0x33, 0x82, 0x12,
+        0x11, 0x35, 0x62, 0x33, 0x32, 0x07, 0x47, 0x86,
+        0x22, 0x31, 0x50, 0x83, 0x70, 0x84, 0x26, 0x43,
+        0x45, 0x64, 0x51, 0x48, 0x31, 0x14, 0x86, 0x24,
+        0x66, 0x86, 0x74, 0x33, 0x71, 0x36, 0x67, 0x26,
+        0x01, 0x47, 0x07, 0x72, 0x11, 0x61, 0x58, 0x85,
+        0x58, 0x38, 0x71, 0x83, 0x80, 0x67, 0x01, 0x65,
+        0x78, 0x70, 0x64, 0x77, 0x85, 0x60, 0x02, 0x88,
+        0x53, 0x48, 0x46, 0x62, 0x25, 0x83, 0x54, 0x88,
+        0x04, 0x74, 0x40, 0x12, 0x57, 0x43, 0x71, 0x07,
+        0x75, 0x44, 0x38, 0x71, 0x21, 0x14, 0x22, 0x08,
+        0x88, 0x72, 0x23, 0x58, 0x87, 0x46, 0x14, 0x85,
+        0x53, 0x71, 0x67, 0x73, 0x82, 0x28, 0x22, 0x74,
+        0x14, 0x03, 0x57, 0x73, 0x28, 0x71, 0x83, 0x80,
+        0x78, 0x14, 0x34, 0x87, 0x52, 0x07, 0x64, 0x74,
+        0x01, 0x60, 0x75, 0x61, 0x06, 0x08, 0x61, 0x32,
+        0x21, 0x46, 0x15, 0x65, 0x42, 0x67, 0x08, 0x20,
+        0x84, 0x10, 0x73, 0x13, 0x03, 0x61, 0x02, 0x86,
+        0x50, 0x45, 0x26, 0x12, 0x16, 0x68, 0x33, 0x55,
+        0x25, 0x84, 0x73, 0x53, 0x54, 0x52, 0x65, 0x17,
+        0x10, 0x60, 0x00, 0x38, 0x57, 0x77, 0x81, 0x24,
+        0x26, 0x80, 0x41, 0x46, 0x43, 0x26, 0x67, 0x41,
+        0x06, 0x03, 0x55, 0x41, 0x28, 0x33, 0x37, 0x25,
+        0x23, 0x06, 0x77, 0x82, 0x15, 0x16, 0x31, 0x73,
+        0x00, 0x08, 0x75, 0x26, 0x58, 0x46, 0x34, 0x63,
+        0x88, 0x08, 0x84, 0x64, 0x51, 0x11, 0x24, 0x05,
+        0x32, 0x10, 0x11, 0x18, 0x18, 0x64, 0x78, 0x22,
+        0x41, 0x00, 0x38, 0x55, 0x75, 0x42, 0x10, 0x46,
+        0x83, 0x43, 0x73, 0x38, 0x80, 0x07, 0x83, 0x43,
+        0x78, 0x74, 0x13, 0x57, 0x62, 0x32, 0x68, 0x80,
+        0x65, 0x86, 0x48, 0x53, 0x48, 0x35, 0x51, 0x58,
+        0x50, 0x74, 0x46, 0x05, 0x88, 0x70, 0x07, 0x72,
+        0x01, 0x31, 0x00, 0x87, 0x54, 0x88, 0x14, 0x20,
+        0x84, 0x16, 0x61, 0x15, 0x60, 0x56, 0x85, 0x11,
+        0x58, 0x08, 0x05, 0x88, 0x63, 0x01, 0x82, 0x86,
+        0x13, 0x14, 0x17, 0x22, 0x01, 0x68, 0x17, 0x17,
+        0x86, 0x58, 0x53, 0x10, 0x62, 0x28, 0x52, 0x82,
+        0x26, 0x15, 0x04, 0x31, 0x42, 0x88, 0x54, 0x31,
+        0x78, 0x05, 0x80, 0x11, 0x50, 0x45, 0x68, 0x82,
+        0x33, 0x66, 0x36, 0x36, 0x40, 0x65, 0x15, 0x24,
+        0x47, 0x67, 0x06, 0x45, 0x36, 0x42, 0x26, 0x86,
+        0x75, 0x06, 0x35, 0x41, 0x33, 0x47, 0x85, 0x12,
+        0x17, 0x80, 0x83, 0x87, 0x65, 0x51, 0x42, 0x31,
+        0x38, 0x87, 0x56, 0x62, 0x05, 0x17, 0x40, 0x85,
+        0x28, 0x14, 0x17, 0x21, 0x38, 0x12, 0x60, 0x81,
+        0x24, 0x41, 0x45, 0x75, 0x01, 0x82, 0x87, 0x10,
+        0x10, 0x02, 0x13, 0x25, 0x57, 0x04, 0x21, 0x72,
+        0x42, 0x78, 0x61, 0x11, 0x70, 0x05, 0x30, 0x47,
+        0x72, 0x13, 0x20, 0x30, 0x21, 0x67, 0x44, 0x31,
+        0x57, 0x71, 0x45, 0x57, 0x10, 0x54, 0x16, 0x65,
+        0x74, 0x15, 0x24, 0x02, 0x43, 0x71, 0x51, 0x20,
+        0x55, 0x11, 0x67, 0x83, 0x67, 0x82, 0x52, 0x53,
+        0x35, 0x66, 0x42, 0x46, 0x13, 0x70, 0x22, 0x32,
+        0x74, 0x00, 0x07, 0x06, 0x81, 0x87, 0x17, 0x57,
+        0x80, 0x28, 0x68, 0x01, 0x72, 0x10, 0x04, 0x27,
+        0x55, 0x22, 0x86, 0x42, 0x53, 0x15, 0x81, 0x76,
+        0x30, 0x86, 0x40, 0x83, 0x11, 0x43, 0x30, 0x53,
+        0x82, 0x73, 0x53, 0x03, 0x72, 0x35, 0x68, 0x70,
+        0x45, 0x41, 0x15, 0x73, 0x14, 0x12, 0x31, 0x64,
+        0x32, 0x66, 0x63, 0x56, 0x21, 0x51, 0x50, 0x82,
+        0x10, 0x30, 0x23, 0x38, 0x17, 0x21, 0x27, 0x10,
+        0x23, 0x14, 0x22, 0x75, 0x77, 0x28, 0x37, 0x71,
+        0x62, 0x75, 0x06, 0x88, 0x72, 0x14, 0x18, 0x73,
+        0x13, 0x03, 0x01, 0x50, 0x71, 0x58, 0x62, 0x86,
+        0x62, 0x88, 0x86, 0x86, 0x03, 0x27, 0x01, 0x46,
+        0x17, 0x22, 0x71, 0x38, 0x53, 0x81, 0x70, 0x33,
+        0x88, 0x68, 0x13, 0x78, 0x81, 0x04, 0x86, 0x57,
+        0x30, 0x16, 0x52, 0x31, 0x40, 0x83, 0x07, 0x56,
+        0x82, 0x10, 0x32, 0x31, 0x28, 0x50, 0x06, 0x50,
+        0x81, 0x63, 0x06, 0x75, 0x76, 0x65, 0x11, 0x60,
+        0x14, 0x17, 0x12, 0x12, 0x55, 0x56, 0x48, 0x11,
+        0x41, 0x13, 0x28, 0x82, 0x62, 0x07, 0x47, 0x64,
+        0x24, 0x48, 0x23, 0x24, 0x77, 0x53, 0x26, 0x08,
+        0x17, 0x58, 0x11, 0x56, 0x37, 0x48, 0x35, 0x51,
+        0x47, 0x86, 0x85, 0x66, 0x66, 0x81, 0x73, 0x20,
+        0x21, 0x36, 0x75, 0x22, 0x74, 0x66, 0x83, 0x44,
+        0x57, 0x00, 0x66, 0x64, 0x77, 0x20, 0x47, 0x22,
+        0x28, 0x56, 0x87, 0x12, 0x47, 0x02, 0x48, 0x07,
+        0x02, 0x54, 0x23, 0x01, 0x25, 0x71, 0x37, 0x36,
+        0x75, 0x36, 0x00, 0x52, 0x68, 0x15, 0x33, 0x35,
+        0x82, 0x06, 0x13, 0x73, 0x24, 0x08, 0x71, 0x76,
+        0x15, 0x22, 0x42, 0x60, 0x18, 0x53, 0x43, 0x11,
+        0x64, 0x57, 0x76, 0x17, 0x61, 0x56, 0x68, 0x76,
+        0x60, 0x65, 0x54, 0x78, 0x10, 0x33, 0x63, 0x14,
+        0x21, 0x83, 0x21, 0x60, 0x15, 0x55, 0x80, 0x42,
+        0x38, 0x42, 0x03, 0x13, 0x12, 0x34, 0x36, 0x25,
+        0x27, 0x30, 0x82, 0x81, 0x25, 0x47, 0x51, 0x35,
+        0x44, 0x12, 0x67, 0x35, 0x00, 0x10, 0x01, 0x83,
+        0x85, 0x74, 0x42, 0x40, 0x13, 0x03, 0x61, 0x27,
+        0x81, 0x26, 0x26, 0x81, 0x18, 0x87, 0x43, 0x51,
+        0x20, 0x62, 0x71, 0x27, 0x51, 0x56, 0x10, 0x22,
+        0x22, 0x81, 0x11, 0x81, 0x41, 0x66, 0x66, 0x38,
+        0x20, 0x86, 0x75, 0x56, 0x12, 0x40, 0x06, 0x54,
+        0x61, 0x12, 0x74, 0x40, 0x34, 0x58, 0x58, 0x78,
+        0x10, 0x07, 0x85, 0x25, 0x72, 0x88, 0x57, 0x22,
+        0x22, 0x25, 0x50, 0x84, 0x00, 0x41, 0x26, 0x08,
+        0x36, 0x46, 0x28, 0x78, 0x46, 0x78, 0x05, 0x02,
+        0x28, 0x20, 0x77, 0x13, 0x60, 0x75, 0x14, 0x43,
+        0x68, 0x78, 0x64, 0x31, 0x38, 0x77, 0x73, 0x73,
+        0x55, 0x41, 0x27, 0x00, 0x54, 0x07, 0x08, 0x28,
+        0x68, 0x80, 0x04, 0x53, 0x83, 0x43, 0x22, 0x81,
+        0x00, 0x64, 0x35, 0x48, 0x67, 0x66, 0x50, 0x17,
+        0x75, 0x76, 0x12, 0x75, 0x43, 0x81, 0x62, 0x40,
+        0x33, 0x43, 0x45, 0x38, 0x87, 0x21, 0x66, 0x14,
+        0x70, 0x48, 0x41, 0x43, 0x14, 0x66, 0x58, 0x78,
+        0x45, 0x82, 0x02, 0x25, 0x45, 0x73, 0x15, 0x21,
+        0x32, 0x03, 0x02, 0x48, 0x80, 0x80, 0x13, 0x71,
+        0x25, 0x54, 0x32, 0x72, 0x05, 0x68, 0x65, 0x24,
+        0x68, 0x04, 0x06, 0x16, 0x83, 0x50, 0x54, 0x53,
+        0x37, 0x37, 0x27, 0x22, 0x20, 0x68, 0x08, 0x25,
+        0x50, 0x84, 0x72, 0x86, 0x74, 0x22, 0x36, 0x16,
+        0x80, 0x07, 0x55, 0x18, 0x12, 0x17, 0x84, 0x44,
+        0x81, 0x15, 0x64, 0x50, 0x71, 0x10, 0x58, 0x15,
+        0x51, 0x10, 0x10, 0x47, 0x16, 0x21, 0x07, 0x58,
+        0x61, 0x18, 0x78, 0x00, 0x52, 0x72, 0x64, 0x52,
+        0x17, 0x43, 0x23, 0x40, 0x76, 0x48, 0x67, 0x30,
+        0x77, 0x63, 0x64, 0x87, 0x51, 0x31, 0x63, 0x84,
+        0x68, 0x74, 0x53, 0x63, 0x84, 0x23, 0x54, 0x66,
+        0x10, 0x48, 0x36, 0x33, 0x85, 0x21, 0x48, 0x42,
+        0x03, 0x82, 0x51, 0x10, 0x33, 0x57, 0x46, 0x80,
+        0x16, 0x43, 0x34, 0x02, 0x07, 0x03, 0x53, 0x22,
+        0x12, 0x75, 0x73, 0x34, 0x65, 0x83, 0x33, 0x87,
+        0x43, 0x85, 0x17, 0x50, 0x36, 0x60, 0x88, 0x02,
+        0x58, 0x75, 0x80, 0x88, 0x31, 0x63, 0x60, 0x18,
+        0x21, 0x32, 0x26, 0x15, 0x68, 0x74, 0x11, 0x10,
+        0x33, 0x14, 0x13, 0x05, 0x34, 0x16, 0x72, 0x65,
+        0x35, 0x50, 0x13, 0x34, 0x80, 0x87, 0x10, 0x26,
+        0x48, 0x68, 0x84, 0x52, 0x71, 0x44, 0x23, 0x58,
+        0x80, 0x35, 0x57, 0x70, 0x54, 0x84, 0x28, 0x70,
+        0x55, 0x88, 0x86, 0x83, 0x86, 0x25, 0x21, 0x82,
+        0x72, 0x61, 0x17, 0x78, 0x85, 0x17, 0x67, 0x73,
+        0x00, 0x57, 0x71, 0x11, 0x78, 0x51, 0x10, 0x65,
+        0x63, 0x57, 0x02, 0x87, 0x40, 0x13, 0x40, 0x01,
+        0x26, 0x53, 0x45, 0x12, 0x05, 0x46, 0x75, 0x18,
+        0x80, 0x70, 0x33, 0x35, 0x66, 0x22, 0x62, 0x00,
+        0x70, 0x23, 0x26, 0x87, 0x72, 0x63, 0x11, 0x13,
+        0x33, 0x33, 0x81, 0x41, 0x70, 0x62, 0x28, 0x61,
+        0x51, 0x47, 0x31, 0x30, 0x25, 0x46, 0x51, 0x17,
+        0x61, 0x58, 0x07, 0x41, 0x61, 0x37, 0x37, 0x06,
+        0x14, 0x00, 0x54, 0x88, 0x77, 0x75, 0x67, 0x77,
+        0x66, 0x53, 0x16, 0x72, 0x66, 0x66, 0x88, 0x76,
+        0x43, 0x58, 0x31, 0x04, 0x87, 0x57, 0x06, 0x76,
+        0x47, 0x00, 0x43, 0x63, 0x58, 0x60, 0x52, 0x03,
+        0x44, 0x27, 0x36, 0x48, 0x61, 0x23, 0x72, 0x16,
+        0x10, 0x62, 0x42, 0x08, 0x60, 0x83, 0x23, 0x54,
+        0x03, 0x55, 0x55, 0x73, 0x00, 0x61, 0x03, 0x65,
+        0x34, 0x27, 0x14, 0x15, 0x86, 0x62, 0x55, 0x80,
+        0x16, 0x53, 0x10, 0x18, 0x26, 0x11, 0x35, 0x46,
+        0x82, 0x46, 0x13, 0x25, 0x83, 0x47, 0x70, 0x50,
+        0x06, 0x01, 0x56, 0x02, 0x11, 0x68, 0x54, 0x53,
+        0x03, 0x68, 0x73, 0x36, 0x41, 0x88, 0x86, 0x33,
+        0x42, 0x52, 0x01, 0x58, 0x33, 0x42, 0x32, 0x88,
+        0x56, 0x81, 0x77, 0x55, 0x51, 0x48, 0x48, 0x12,
+        0x01, 0x58, 0x13, 0x85, 0x04, 0x14, 0x71, 0x83,
+        0x57, 0x07, 0x54, 0x55, 0x54, 0x55, 0x28, 0x27,
+        0x31, 0x36, 0x02, 0x12, 0x32, 0x68, 0x32, 0x13,
+        0x82, 0x58, 0x70, 0x28, 0x58, 0x53, 0x44, 0x86,
+        0x72, 0x73, 0x42, 0x84, 0x18, 0x22, 0x08, 0x83,
+        0x61, 0x02, 0x14, 0x16, 0x17, 0x12, 0x41, 0x57,
+        0x48, 0x85, 0x25, 0x10, 0x26, 0x07, 0x36, 0x76,
+        0x12, 0x66, 0x17, 0x21, 0x32, 0x36, 0x03, 0x25,
+        0x41, 0x10, 0x11, 0x22, 0x66, 0x60, 0x16, 0x16,
+        0x32, 0x64, 0x26, 0x05, 0x18, 0x63, 0x51, 0x58,
+        0x51, 0x31, 0x42, 0x53, 0x84, 0x56, 0x66, 0x27,
+        0x83, 0x33, 0x54, 0x50, 0x76, 0x46, 0x50, 0x80,
+        0x25, 0x43, 0x41, 0x57, 0x35, 0x78, 0x25, 0x43,
+        0x02, 0x82, 0x38, 0x47, 0x45, 0x70, 0x15, 0x67,
+        0x51, 0x77, 0x47, 0x80, 0x31, 0x52, 0x75, 0x00,
+        0x00, 0x94, 0x7B, 0xCA, 0x93, 0xC2, 0x7D, 0x58,
+        0x4E, 0x2C, 0x66, 0xEA, 0xC9, 0xC7, 0x64, 0x0C,
+        0x1C, 0xA2, 0x17, 0xEE, 0xF6, 0x6D, 0xAB, 0xBC,
+        0xB2, 0x60, 0xB4, 0xC3, 0x43, 0x00, 0xFA, 0x05,
+        0x13, 0x57, 0x82, 0x0F, 0x57, 0x39, 0x25, 0x44,
+        0x98, 0x2F, 0xD1, 0x10, 0x57, 0xDE, 0x23, 0x3E,
+        0x6D, 0x2D, 0xD8, 0x49, 0x72, 0xA7, 0xE4, 0x7D,
+        0x4D, 0xBA, 0x99, 0xBC, 0x30, 0xCF, 0x8F, 0x2A,
+        0xD5, 0xA2, 0xC0, 0x24, 0x31, 0x95, 0xED, 0x27,
+        0x30, 0xFF, 0xA9, 0x2D, 0x22, 0x7D, 0x15, 0x30,
+        0x95, 0x97, 0x2D, 0x4B, 0x34, 0x47, 0xFF, 0xAC,
+        0x45, 0xA2, 0x3E, 0xB4, 0x1C, 0xBC, 0x87, 0xCD,
+        0xD1, 0x25, 0x0A, 0x8A, 0x47, 0x8B, 0x0F, 0x7A,
+        0x1D, 0x5B, 0x39, 0xAA, 0x22, 0x06, 0xE4, 0x86,
+        0x45, 0x58, 0x4F, 0xE7, 0xBF, 0x7A, 0x13, 0x16,
+        0x8F, 0x48, 0x27, 0x65, 0xE5, 0x7B, 0xB9, 0x24,
+        0xAC, 0x6D, 0x9A, 0x11, 0x36, 0x9F, 0x4A, 0x6A,
+        0xFF, 0xCD, 0x16, 0x9B, 0x7D, 0x75, 0x12, 0x9B,
+        0x35, 0xD5, 0x13, 0x4A, 0x31, 0x76, 0x1B, 0xB8,
+        0x35, 0x5A, 0xEE, 0xED, 0x27, 0xE2, 0x01, 0xA0,
+        0x63, 0x13, 0x01, 0x3E, 0x30, 0x7A, 0x01, 0xA7,
+        0x3A, 0xEA, 0x79, 0x55, 0xC0, 0x57, 0x8C, 0x8C,
+        0x5E, 0x5A, 0x1A, 0x2D, 0x2F, 0xA4, 0x59, 0x3F,
+        0xAC, 0xD9, 0x04, 0xC6, 0x20, 0x40, 0xBD, 0xB9,
+        0xF3, 0x29, 0x93, 0x35, 0x36, 0xBF, 0x8D, 0x81,
+        0xC4, 0x25, 0x6B, 0xAA, 0xE8, 0x72, 0x3F, 0xD4,
+        0xDC, 0x66, 0xBB, 0x5E, 0x7F, 0x9C, 0xA4, 0x90,
+        0x31, 0xA1, 0x93, 0xEC, 0xEC, 0xBB, 0x5D, 0xC3,
+        0x90, 0xEC, 0x6D, 0x55, 0x13, 0xC7, 0x9A, 0x05,
+        0x2B, 0x3F, 0xD4, 0x36, 0x12, 0xFB, 0x73, 0x75,
+        0x31, 0x5D, 0x80, 0x91, 0xF7, 0x9B, 0xAB, 0x13,
+        0x18, 0xF1, 0x78, 0x54, 0x56, 0x1B, 0xC9, 0x3A,
+        0xE0, 0xE5, 0xCD, 0x6D, 0x13, 0x1E, 0x56, 0x2C,
+        0x81, 0x14, 0x81, 0x0C, 0x93, 0x9A, 0xE5, 0x63,
+        0xAA, 0x10, 0xB4, 0x7C, 0xE4, 0x48, 0x43, 0x17,
+        0xF3, 0x4A, 0xBD, 0x02, 0xD0, 0xCC, 0xAD, 0x58,
+        0xDD, 0x29, 0xBC, 0xF6, 0x57, 0xBB, 0xD9, 0x25,
+        0x4B, 0x01, 0xCA, 0x97, 0x26, 0x09, 0x19, 0x38,
+        0xED, 0x32, 0x05, 0x4B, 0x37, 0xDD, 0x61, 0x72,
+        0x40, 0xF4, 0x43, 0x4C, 0x1A, 0x4A, 0x87, 0x11,
+        0xAA, 0x3A, 0x39, 0x9A, 0x8A, 0x53, 0x88, 0x33,
+        0x0B, 0x70, 0x59, 0xEC, 0xCB, 0xB6, 0xB1, 0xB9,
+        0xCF, 0x71, 0x87, 0xAD, 0xF1, 0x0B, 0x0C, 0x91,
+        0x71, 0xD3, 0xC0, 0xF6, 0xE2, 0xD4, 0x60, 0xA4,
+        0x19, 0x24, 0x76, 0x72, 0xE3, 0xB9, 0xFE, 0xA2,
+        0xC9, 0x59, 0x10, 0xBF, 0x2F, 0xB6, 0xA5, 0xD6,
+        0x1F, 0x25, 0x74, 0x53, 0xB0, 0x7A, 0xFB, 0x64,
+        0xB0, 0xBA, 0x27, 0x58, 0xBC, 0xD7, 0x35, 0x75,
+        0x1F, 0x2D, 0x53, 0x51, 0x5E, 0x23, 0x6F, 0xE8,
+        0xA5, 0xB4, 0x39, 0x3B, 0x80, 0xBF, 0x06, 0xDF,
+        0x97, 0xBD, 0xC6, 0x38, 0x00, 0x87, 0xE6, 0xAA,
+        0x8D, 0xDE, 0x6E, 0x09, 0x81, 0x11, 0xA7, 0x34,
+        0x3F, 0xCD, 0xD1, 0xE9, 0x03, 0x70, 0x8E, 0x63,
+        0x7E, 0xBF, 0x28, 0x32, 0x3C, 0xDA, 0x6B, 0x94,
+        0x05, 0x81, 0x0E, 0xDC, 0xFB, 0x36, 0x91, 0x14,
+        0x9E, 0xCF, 0x22, 0x4C, 0x50, 0xF8, 0xDF, 0x92,
+        0xA9, 0x4A, 0xA4, 0x77, 0x0A, 0x0E, 0x91, 0x46,
+        0x61, 0x94, 0xBB, 0x0E, 0x27, 0xBF, 0x1C, 0xAB,
+        0xF1, 0x6A, 0xDF, 0xD3, 0x51, 0x22, 0x00, 0x33,
+        0xF7, 0x6F, 0x59, 0x25, 0x55, 0x7B, 0xCF, 0x96,
+        0x34, 0xE9, 0x46, 0x13, 0x59, 0x62, 0x1D, 0x80,
+        0xB4, 0xBB, 0xAD, 0x7E, 0x2A, 0x6E, 0x43, 0x2D,
+        0xC4, 0x3B, 0x12, 0x6C, 0xA4, 0x2A, 0xB8, 0x8A,
+        0xA8, 0x8F, 0x0A, 0x84, 0xAF, 0x58, 0x02, 0x9C,
+        0x99, 0xA0, 0x24, 0x8F, 0x0C, 0x45, 0x40, 0x71,
+        0xF3, 0x5B, 0x83, 0x1F, 0xED, 0x12, 0x54, 0xD6,
+        0xF4, 0xE2, 0x72, 0x04, 0x85, 0x78, 0x62, 0x15,
+        0xF7, 0xC7, 0xF0, 0xC4, 0xED, 0x15, 0xFA, 0x85,
+        0x3C, 0xD3, 0xAA, 0x07, 0x25, 0x9B, 0x39, 0x24,
+        0x0A, 0x82, 0x13, 0x5C, 0x29, 0x23, 0xA7, 0x2B,
+        0x87, 0x6F, 0xAB, 0xB3, 0xF0, 0xF2, 0xC0, 0x96,
+        0x13, 0xDE, 0x39, 0xD4, 0x59, 0xA0, 0x7C, 0x14,
+        0xE7, 0xBA, 0x43, 0x7D, 0x80, 0x41, 0x49, 0x1F,
+        0xCE, 0xC1, 0x43, 0x34, 0x04, 0xBA, 0xD1, 0xDA,
+        0x9E, 0xE9, 0x47, 0x1E, 0x17, 0xCB, 0x69, 0x1B,
+        0x2A, 0x35, 0x37, 0x10, 0xC9, 0xFF, 0xA4, 0xE5,
+        0x17, 0x81, 0x12, 0x02, 0x77, 0x64, 0xEB, 0x7D,
+        0xE8, 0x09, 0xC3, 0xE1, 0xF1, 0xFA, 0x41, 0x78,
+        0xA5, 0xD4, 0xDC, 0x9E, 0xE2, 0x78, 0x57, 0xEF,
+        0xF2, 0x6B, 0x91, 0x71, 0x1F, 0xC1, 0x44, 0xD5,
+        0xA7, 0x75, 0xB8, 0xB5, 0x0D, 0x5D, 0xB9, 0x39,
+        0xBA, 0x32, 0x07, 0x68, 0x0C, 0x24, 0x2F, 0xC8,
+        0x21, 0x94, 0x7F, 0x93, 0x4C, 0x8D, 0xAE, 0xE2,
+        0x03, 0x56, 0x3D, 0x28, 0x60, 0x6B, 0xE6, 0x24,
+        0xA3, 0x29, 0x01, 0x93, 0x2D, 0xAE, 0x85, 0x71,
+        0x2A, 0xF6, 0xC8, 0x01, 0x60, 0x26, 0x92, 0x7E,
+        0x9B, 0x81, 0x29, 0x57, 0x4B, 0xE3, 0xCB, 0x1E,
+        0x95, 0x33, 0x2B, 0x05, 0x27, 0x07, 0xAC, 0x8A,
+        0xA8, 0xF4, 0x35, 0xE8, 0x8B, 0x7E, 0x56, 0x8D,
+        0x49, 0x87, 0xC6, 0xAC, 0x0E, 0x90, 0x2B, 0x06,
+        0x09, 0xA0, 0x2D, 0x91, 0xB3, 0xF5, 0xFD, 0x3F,
+        0xD9, 0x01, 0xDD, 0xD0, 0xDB, 0x98, 0x73, 0xBD,
+        0x7C, 0x71, 0xED, 0x92, 0x1D, 0x45, 0x77, 0xA7,
+        0x8C, 0x4F, 0xCC, 0x9B, 0xF0, 0x75, 0x20, 0x3D,
+        0x38, 0xF5, 0xE7, 0x6E, 0x74, 0xF2, 0x77, 0x48,
+        0x4E, 0x05, 0x7B, 0x61, 0x89, 0x00, 0x41, 0x31,
+        0xB0, 0xC9, 0xB1, 0xA1, 0x55, 0x29, 0x4D, 0x1C,
+        0xD3, 0xD5, 0x20, 0x8E, 0x26, 0x69, 0x01, 0xD7,
+        0xD3, 0x14, 0xFA, 0xCC, 0xE7, 0xE2, 0xAA, 0x58,
+        0x45, 0x83, 0xA1, 0x1E, 0x4D, 0x7C, 0x21, 0xB9,
+        0x4A, 0x32, 0xE5, 0x08, 0xED, 0xDB, 0xBD, 0x7A,
+        0x65, 0xAA, 0x86, 0xB4, 0xFD, 0xFA, 0x6B, 0xC2,
+        0x85, 0xD4, 0xCF, 0xF5, 0x39, 0x26, 0xC7, 0x17,
+        0x3F, 0xBE, 0x1F, 0x89, 0xCC, 0x30, 0x32, 0x34,
+        0xB8, 0x78, 0xC6, 0xB8, 0x10, 0x1F, 0x58, 0xAC,
+        0x8D, 0x3E, 0x5E, 0x1B, 0xF5, 0xAB, 0x6B, 0x26,
+        0x29, 0x7C, 0xC9, 0x7B, 0x95, 0x95, 0x4A, 0xAB,
+        0xDB, 0x25, 0xBE, 0x00, 0x8A, 0x3F, 0x47, 0xE5,
+        0x64, 0x87, 0xB0, 0x0D, 0x3D, 0xED, 0xA8, 0x90,
+        0xD9, 0x2C, 0x83, 0x95, 0x7F, 0xEA, 0xC6, 0xB8,
+        0x29, 0x1A, 0xF6, 0x59, 0x59, 0xE1, 0xD1, 0xFC,
+        0xA3, 0xBD, 0x19, 0x6E, 0x9F, 0xC9, 0xE6, 0x7E,
+        0x06, 0x07, 0x09, 0x48, 0x22, 0xE5, 0xB4, 0x19,
+        0x1D, 0xB9, 0x68, 0x24, 0xB9, 0xF0, 0x3F, 0x2E,
+        0xF5, 0x7F, 0x52, 0x38, 0xBA, 0x7E, 0x1E, 0x84,
+        0xED, 0x55, 0xB7, 0xDF, 0xF3, 0xD6, 0xC2, 0xC1,
+        0x27, 0x36, 0x92, 0xA9, 0xA1, 0x92, 0x72, 0x16,
+        0x61, 0x30, 0xDB, 0x89, 0xFC, 0x67, 0xDC, 0x94,
+        0xDB, 0x61, 0x4E, 0x3E, 0x82, 0xBA, 0x3A, 0x35,
+        0x12, 0xB0, 0x12, 0xD5, 0x1F, 0xB4, 0x86, 0xB5,
+        0xA3, 0x15, 0x0B, 0x78, 0xE7, 0x24, 0xE2, 0xA1,
+        0x2D, 0xE0, 0x7D, 0x86, 0x71, 0xFB, 0xA2, 0xDA,
+        0x7F, 0xD5, 0xD1, 0x47, 0x20, 0x8F, 0xC3, 0xAF,
+        0x65, 0x3E, 0x65, 0x20, 0xFC, 0x40, 0x87, 0x1A,
+        0xF2, 0x17, 0x7E, 0x65, 0xCB, 0xD0, 0xEA, 0xF3,
+        0x04, 0x21, 0x7B, 0x36, 0x7A, 0x66, 0x5F, 0x22,
+        0x4C, 0xAE, 0xDF, 0xE9, 0x30, 0x06, 0xAC, 0x1E,
+        0x14, 0xBC, 0xD6, 0x7A, 0x88, 0xD1, 0x71, 0xF3,
+        0xD8, 0xF3, 0xE3, 0x58, 0xA7, 0x19, 0x26, 0xBA,
+        0x3E, 0x5C, 0x23, 0x9A, 0x53, 0x12, 0x63, 0xEC,
+        0x94, 0x37, 0xBF, 0x2A, 0x03, 0x3B, 0x8B, 0x55,
+        0xB2, 0xC0, 0xCB, 0x6E, 0x7E, 0x97, 0x31, 0x6E,
+        0x22, 0xDF, 0x77, 0xCA, 0xD9, 0x10, 0xD2, 0x0E,
+        0xEC, 0xE1, 0xC5, 0x09, 0x10, 0xA5, 0xCC, 0x32,
+        0xAD, 0xAB, 0x09, 0x37, 0x75, 0x50, 0xF9, 0x2D,
+        0x5B, 0xB1, 0xF4, 0xC0, 0x7F, 0x4A, 0x28, 0x22,
+        0x33, 0x8E, 0x2C, 0xFF, 0x53, 0x48, 0xDF, 0x77,
+        0xCF, 0x8E, 0xF8, 0xE6, 0x65, 0x7D, 0xED, 0x1E,
+        0x0C, 0xE0, 0x58, 0xE3, 0xCC, 0xFB, 0xF3, 0x9B,
+        0x3F, 0x16, 0x6E, 0x30, 0x3D, 0x33, 0xC3, 0x55,
+        0x6C, 0x9A, 0xC8, 0xEC, 0xB3, 0xDF, 0x7C, 0x74,
+        0xAB, 0x36, 0xD0, 0xF2, 0x79, 0x44, 0x41, 0xBA,
+        0x98, 0x08, 0x82, 0x7B, 0x57, 0x8F, 0xB5, 0xC2,
+        0x9E, 0x49, 0x4E, 0x21, 0x53, 0x9A, 0xD3, 0xAB,
+        0x2B, 0x41, 0xBF, 0x16, 0x1D, 0x7F, 0x69, 0x58,
+        0x9D, 0x45, 0x24, 0xC5, 0x4C, 0x89, 0xB4, 0x86,
+        0xF7, 0x5D, 0x25, 0x2F, 0x54, 0x1C, 0xC6, 0x3B,
+        0x9E, 0x70, 0x6D, 0x64, 0xA1, 0x28, 0x9A, 0x23,
+        0x06, 0xC5, 0x95, 0x36, 0x3C, 0xB6, 0xFB, 0xEF,
+        0x0A, 0x1B, 0x5B, 0x17, 0xAB, 0x5B, 0x17, 0x94,
+        0xBF, 0x27, 0x03, 0x6F, 0x64, 0xEA, 0xF0, 0xBD,
+        0x43, 0x0D, 0xD5, 0x8D, 0x80, 0x01, 0x0C, 0xCD,
+        0xAD, 0xA4, 0xA5, 0xA3, 0xA1, 0xE4, 0x1A, 0x6F,
+        0xBF, 0x12, 0x9D, 0x73, 0x77, 0x9A, 0x37, 0xAE,
+        0x5C, 0x8D, 0x68, 0x41, 0xA9, 0x99, 0x3C, 0x51,
+        0xE3, 0x64, 0xE0, 0x4F, 0xAC, 0x8E, 0x25, 0xA4,
+        0xE6, 0x87, 0x2F, 0x6C, 0x86, 0x0F, 0xA2, 0x65,
+        0xC1, 0xC4, 0x42, 0x6A, 0xD9, 0xC2, 0x1D, 0x26,
+        0xDA, 0x8C, 0x27, 0x85, 0x46, 0xAD, 0xCD, 0x83,
+        0x1F, 0x2B, 0x8B, 0x26, 0xD4, 0xE1, 0xF6, 0x70,
+        0x62, 0x3D, 0x95, 0xC8, 0x36, 0x2D, 0xA6, 0x62,
+        0xD1, 0xFF, 0x0A, 0xB6, 0x87, 0x50, 0x3F, 0x32,
+        0x8D, 0xE0, 0x95, 0x81, 0x0E, 0xDE, 0x12, 0xB4,
+        0x9E, 0xAD, 0x15, 0x33, 0x51, 0x95, 0x58, 0xC1,
+        0xE9, 0x40, 0xB4, 0x6E, 0x4E, 0xDB, 0x02, 0x7B,
+        0xE9, 0xDA, 0x20, 0x39, 0xB2, 0x5D, 0xCF, 0x73,
+        0x57, 0xE1, 0x9E, 0x54, 0x16, 0xAE, 0x26, 0x8C,
+        0x14, 0xFB, 0x3A, 0x8B, 0xAB, 0xCB, 0x3D, 0x23,
+        0xF7, 0x0C, 0xC9, 0xD5, 0x96, 0x81, 0xC5, 0xD8,
+        0x33, 0xAC, 0x22, 0xE6, 0x53, 0xD8, 0x6E, 0x22,
+        0xCE, 0x82, 0x25, 0x40, 0x75, 0x5D, 0x8D, 0x24,
+        0x3C, 0x15, 0x21, 0x3D, 0x07, 0x6C, 0x6B, 0x26,
+        0x43, 0x6D, 0xDC, 0x07, 0xC7, 0xE0, 0x01, 0x34,
+        0x7B, 0x0C, 0xB8, 0x78, 0x3D, 0xFE, 0xFE, 0xDF,
+        0x27, 0x5F, 0xEC, 0x47, 0x92, 0x68, 0x67, 0x34,
+        0x00, 0x7F, 0x0F, 0xF8, 0x54, 0x08, 0x11, 0xC2,
+        0xAF, 0xE6, 0xCA, 0x15, 0x14, 0x20, 0x53, 0x2F,
+        0xA5, 0x52, 0x6A, 0x10, 0x74, 0xC3, 0xD7, 0x89,
+        0xF2, 0x93, 0x2D, 0xE4, 0x2E, 0x3A, 0xCF, 0xBF,
+        0x94, 0x76, 0x0F, 0x42, 0x6D, 0x96, 0xCF, 0x03,
+        0x3F, 0xA4, 0x9E, 0x2F, 0x45, 0x8F, 0x9A, 0x9C,
+        0x2E, 0x71, 0xDA, 0xCF, 0xE0, 0x09, 0xDD, 0x9C,
+        0x3F, 0x3C, 0x8A, 0xB3, 0x28, 0x2D, 0x6F, 0x38,
+        0x3B, 0x98, 0x1C, 0x82, 0xD6, 0x36, 0x4F, 0x0E,
+        0x4B, 0xDB, 0x2A, 0xF6, 0xA9, 0x5B, 0xA6, 0x1F,
+        0x47, 0x41, 0x50, 0xCA, 0xD7, 0x23, 0x3F, 0x89,
+        0x03, 0xDF, 0x97, 0x2D, 0xBB, 0x03, 0x28, 0xC0,
+        0xCB, 0x9D, 0x0C, 0xCB, 0xEF, 0x88, 0x3D, 0x2E,
+        0x6A, 0xDD, 0x18, 0x0E, 0xCA, 0x1B, 0x66, 0x2F,
+        0xC1, 0xD2, 0xDB, 0xBD, 0xDB, 0x36, 0x34, 0x21,
+        0x9E, 0x1E, 0xFF, 0x38, 0xB1, 0xE5, 0x28, 0x75,
+        0x35, 0x6C, 0x03, 0xEA, 0xDE, 0x94, 0x20, 0x55,
+        0xF4, 0x83, 0x50, 0x4B, 0xBB, 0xCB, 0x43, 0x02,
+        0xA4, 0x17, 0xCF, 0x6D, 0x32, 0x8E, 0xD7, 0x93,
+        0xB1, 0xA3, 0xC0, 0x96, 0x9B, 0x7B, 0x34, 0x18,
+        0xF5, 0x0A, 0xB3, 0x9F, 0x83, 0xC5, 0x66, 0x6C,
+        0x90, 0xE3, 0x83, 0x56, 0xF7, 0xF9, 0xD4, 0x94,
+        0xA6, 0xDC, 0xB6, 0x3D, 0x67, 0xC3, 0x4E, 0x3D,
+        0x14, 0xA4, 0xE1, 0x55, 0x96, 0x49, 0x79, 0x26,
+        0xC8, 0x56, 0x8D, 0x8E, 0xC3, 0xDB, 0xD9, 0xC2,
+        0xE8, 0x2C, 0x38, 0x5B, 0xCF, 0xB8, 0xD9, 0x67,
+        0x48, 0x63, 0xBD, 0x4F, 0xBF, 0x17, 0x57, 0xDB,
+        0x44, 0x7B, 0xF8, 0x04, 0xAE, 0x95, 0x01, 0x47,
+        0xC9, 0x1F, 0xBF, 0x9A, 0xA1, 0x78, 0x91, 0x04,
+        0x4C, 0xCA, 0xA7, 0x3B, 0x45, 0x52, 0x85, 0x97,
+        0x46, 0x2C, 0xED, 0x75, 0x1D, 0x01, 0x5E, 0xBB,
+        0xA9, 0xE2, 0xB7, 0xCD, 0xCB, 0xE6, 0xDC, 0x05,
+        0xAA, 0x9E, 0xAE, 0x0C, 0x86, 0x84, 0x8A, 0x34,
+        0x75, 0xBB, 0x1C, 0x57, 0x44, 0xF5, 0x90, 0x3E,
+        0xE4, 0xA8, 0x42, 0xA4, 0x69, 0xCC, 0x18, 0x12,
+        0x71, 0xF2, 0x45, 0xAD, 0x70, 0xD0, 0x2A, 0x48,
+        0x37, 0x86, 0x3B, 0x29, 0x6B, 0x4A, 0xDB, 0x4E,
+        0x8D, 0x03, 0xD8, 0x2B, 0x64, 0xAA, 0x11, 0xDD,
+        0x31, 0xCD, 0xF2, 0x1E, 0xDF, 0x1D, 0xFE, 0x32,
+        0x76, 0xC4, 0xDB, 0xC8, 0x77, 0xE3, 0x5B, 0x15,
+        0xFB, 0x28, 0x35, 0xEC, 0x3A, 0x1C, 0x45, 0x31,
+        0x68, 0xA3, 0x8C, 0xA8, 0xE5, 0x63, 0xCF, 0x3E,
+        0x9A, 0x00, 0x73, 0x6C, 0xD5, 0xCF, 0xBD, 0x28,
+        0x41, 0xD1, 0x0F, 0x94, 0xAD, 0x55, 0x79, 0x9C,
+        0x29, 0x27, 0xE5, 0x46, 0x1B, 0x28, 0xBA, 0xC5,
+        0x17, 0x4D, 0x0C, 0xE3, 0xF8, 0xF7, 0xCD, 0x76,
+        0x09, 0xFB, 0xC8, 0xDA, 0x0C, 0x38, 0xCC, 0x21,
+        0x69, 0x5C, 0xED, 0xAD, 0x12, 0xF8, 0xD2, 0xE6,
+        0x49, 0x51, 0xA8, 0x99, 0x6E, 0x51, 0x0D, 0x6D,
+        0x52, 0x79, 0x7C, 0x5B, 0xA0, 0xEB, 0x4A, 0xFA,
+        0x6B, 0xF2, 0xCC, 0x43, 0xDA, 0x09, 0xDE, 0x31,
+        0x79, 0xE8, 0x99, 0xBD, 0x71, 0x88, 0xB3, 0x2A,
+        0x98, 0xA4, 0x99, 0xD3, 0x72, 0xF3, 0x70, 0x7C,
+        0xED, 0x47, 0x9B, 0x09, 0x81, 0xCB, 0x50, 0xC0,
+        0xC0, 0x53, 0x9C, 0xF7, 0xE3, 0x10, 0x0B, 0x72,
+        0x0E, 0x46, 0x66, 0x52, 0xA4, 0xF4, 0x99, 0xC2,
+        0xBA, 0x3A, 0x17, 0xF5, 0x23, 0x22, 0x68, 0x73,
+        0x0B, 0x96, 0x2B, 0xC5, 0x72, 0xC0, 0xDE, 0x96,
+        0xE8, 0xC9, 0xE2, 0x8F, 0x7E, 0x35, 0x32, 0xC2,
+        0x22, 0x41, 0x96, 0xAA, 0x9E, 0x27, 0x68, 0x8D,
+        0xD0, 0x50, 0xD7, 0xCB, 0x78, 0x54, 0xFB, 0x3C,
+        0x35, 0xF9, 0xC6, 0x2E, 0xFB, 0x10, 0xDA, 0x84,
+        0x83, 0x3F, 0x29, 0xBB, 0x1B, 0xE5, 0xEF, 0x3B,
+        0x53, 0x36, 0x38, 0xEE, 0xF7, 0x43, 0xD8, 0x11,
+        0x9D, 0xDC, 0x29, 0x0B, 0xDF, 0x08, 0xB6, 0xF0,
+        0xF9, 0xE4, 0xE1, 0xE1, 0x34, 0x46, 0xC5, 0x3E,
+        0xD6, 0x98, 0x05, 0xDA, 0x26, 0x90, 0x8A, 0x15,
+        0xDF, 0x1C, 0x48, 0xE0, 0x09, 0xEC, 0x12, 0x53,
+        0xBD, 0x5A, 0x58, 0x98, 0xEB, 0xB5, 0x12, 0x1C,
+        0xC2, 0x49, 0x04, 0xC8, 0xB1, 0x0E, 0x24, 0xE6,
+        0x80, 0xE5, 0x65, 0x98, 0x50, 0x76, 0xFD, 0xA1,
+        0x1D, 0x13, 0xFF, 0xDF, 0xA4, 0xDB, 0x28, 0xAC,
+        0x9F, 0x0A, 0xEA, 0x2F, 0x81, 0xFD, 0x7E, 0xD4,
+        0xDC, 0xA8, 0xD3, 0xB2, 0xE3, 0x84, 0x8B, 0x4D,
+        0x60, 0x46, 0xF6, 0xE0, 0xDE, 0x3A, 0x4F, 0x68,
+        0x3F, 0x25, 0xE0, 0x60, 0x5E, 0x84, 0xB3, 0x6F,
+        0x48, 0x3C, 0x40, 0x4E, 0xF8, 0x99, 0xCB, 0x3F,
+        0xCC, 0xBE, 0x8C, 0xB2, 0xA6, 0xF0, 0xA7, 0xE1,
+        0x0B, 0x19, 0x48, 0xCD, 0x4F, 0x93, 0xF1, 0x81,
+        0x55, 0x5F, 0x66, 0x1D, 0x31, 0xD4, 0x26, 0x80,
+        0x8B, 0xBF, 0x9F, 0x66, 0xFD, 0x60, 0xD6, 0x49,
+        0x26, 0x9C, 0xA3, 0xFE, 0x99, 0x1B, 0x22, 0x42,
+        0x8C, 0x37, 0xAD, 0x2A, 0x08, 0x68, 0x0F, 0x74,
+        0x7C, 0xC0, 0x36, 0x0C, 0xCD, 0x37, 0x3D, 0xC6,
+        0xA9, 0xF4, 0x3A, 0x66, 0x47, 0x0E, 0x01, 0x4E,
+        0x72, 0xB3, 0xD8, 0xC3, 0x8E, 0x02, 0x04, 0x42,
+        0xD8, 0xAA, 0xB9, 0x74, 0xE6, 0x04, 0x93, 0x74,
+        0x14, 0x5B, 0x04, 0xCB, 0x7F, 0x30, 0x44, 0xAA,
+        0xC1, 0xEF, 0xDA, 0xB2, 0xA1, 0x8B, 0xB4, 0x64,
+        0xD4, 0xF2, 0xF2, 0xD8, 0x14, 0x39, 0x74, 0xC9,
+        0x5E, 0xEE, 0x85, 0x6D, 0x59, 0xEC, 0x00, 0x28,
+        0x8E, 0xD4, 0x3F, 0xF5, 0xCC, 0x88, 0x03, 0x00,
+        0x6C, 0x99, 0x55, 0x14, 0xA2, 0xCC, 0x9C, 0xA6,
+        0x22, 0xB6, 0x1B, 0xCD, 0x75, 0xEC, 0x51, 0xC2,
+        0x02, 0xA9, 0x17, 0x10, 0x5B, 0x4A, 0x4B, 0xED,
+        0x1B, 0x80, 0x14, 0x68, 0x31, 0xDC, 0xED, 0x07,
+        0xEF, 0xD2, 0xED, 0x25, 0x73, 0x9F, 0x54, 0x09,
+        0x69, 0x11, 0xB1, 0x50, 0xD3, 0x07, 0x7C, 0xCD,
+        0x73, 0x1A, 0x03, 0x61, 0x68, 0x27, 0x25, 0xD5,
+        0x38, 0x03, 0xF8, 0xFC, 0xEA, 0xA8, 0x39, 0x19,
+        0x29, 0x1E, 0xDB, 0x44, 0x93, 0xEC, 0x84, 0xCC,
+        0xE1, 0xD0, 0xF8, 0x2A, 0x67, 0x92, 0x36, 0xEA,
+        0xD1, 0x00, 0x2A, 0xE8, 0x01, 0x8C, 0xAC, 0x9F,
+        0xDB, 0xD2, 0x46, 0xFF, 0x09, 0x3D, 0x80, 0x3C,
+        0x0D, 0xE3, 0x32, 0x6A, 0x57, 0x90, 0x7B, 0x0D,
+        0xD6, 0xB0, 0x1D, 0x08, 0x14, 0x58, 0xC7, 0x57,
+        0x28, 0xC6, 0x00, 0x82, 0x99, 0x28, 0x89, 0x0A,
+        0x56, 0xAA, 0xAF, 0xEF, 0xCF, 0x74, 0x23, 0xB7,
+        0x0A, 0x6D, 0x86, 0xB4, 0x15, 0xB8, 0x35, 0x8D,
+        0xD0, 0x44, 0xAB, 0xEE, 0x00, 0xB9, 0xC9, 0x79,
+        0x5F, 0xC8, 0xF6, 0x1A, 0x64, 0x68, 0x6D, 0xF5,
+        0xF8, 0x76, 0xA8, 0xF3, 0x30, 0x61, 0x59, 0x9A,
+        0xE8, 0x30, 0xF7, 0xEB, 0x4C, 0x4B, 0xFF, 0x87,
+        0x5F, 0x4A, 0x93, 0x6C, 0x40, 0x3C, 0x5D, 0x16,
+        0x0D, 0xE5, 0xD3, 0x3C, 0xAE, 0xE4, 0x0F, 0xB7,
+        0x18, 0xDD, 0xA4, 0x47, 0x8A, 0xC6, 0xF5, 0x1C,
+        0x59, 0xC2, 0x15, 0x52, 0x54, 0xBD, 0x77, 0x67,
+        0x11, 0x18, 0x41, 0x1E, 0x26, 0x09, 0xD0, 0x00,
+        0x30, 0x6F, 0xC9, 0x50, 0x70, 0x04, 0xA3, 0x1E,
+        0x89, 0x57, 0xEA, 0x40, 0xC2, 0x56, 0x4B, 0x83,
+        0xC3, 0xAB, 0xB7, 0x1A, 0x87, 0xC1, 0x1B, 0xD1,
+        0x8D, 0x78, 0x91, 0xC4, 0x49, 0xDB, 0xBE, 0x79,
+        0xB4, 0xA4, 0xFB, 0x04, 0x83, 0x07, 0xCE, 0x0E,
+        0x81, 0x2B, 0x2C, 0x68, 0xEC, 0xAB, 0x77, 0xFD,
+        0x11, 0x11, 0x52, 0x6A, 0xB0, 0x81, 0x73, 0x06,
+        0xCE, 0xBC, 0xB0, 0x49, 0x7C, 0x55, 0x24, 0x31,
+        0xCE, 0x15, 0xE4, 0xAB, 0x52, 0x28, 0x3F, 0x67,
+        0x94, 0x80, 0xD6, 0x9D, 0xDD, 0xE1, 0xF2, 0x57,
+        0x9C, 0xFD, 0xBE, 0x0B, 0xCA, 0x95, 0xFC, 0x5B,
+        0x2D, 0xB0, 0xC5, 0xCC, 0x76, 0xA3, 0x19, 0x50,
+        0xF5, 0x11, 0x6A, 0xAE, 0x5F, 0x02, 0xD4, 0x67,
+        0x10, 0xE4, 0x25, 0x7A, 0x75, 0xFD, 0xED, 0xF2,
+        0xF4, 0x7C, 0xE3, 0x7C, 0x20, 0x3E, 0x7F, 0x24,
+        0xD3, 0xC9, 0x17, 0x97, 0x13, 0xC5, 0xD8, 0x07,
+        0xC2, 0x96, 0x14, 0x9A, 0x75, 0xCC, 0xB4, 0x44,
+        0xF0, 0xC6, 0xF6, 0xAB, 0xDD, 0x2D, 0xBB, 0x29,
+        0x85, 0xFE, 0x26, 0x74, 0x82, 0x85, 0x8A, 0x1E
+    };
+#endif /* WOLFSSL_NO_ML_DSA_65 */
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte seed_87[] = {
+        0x38, 0x35, 0x9F, 0xBC, 0xD7, 0x95, 0x82, 0xCF,
+        0xFE, 0x60, 0x9E, 0x13, 0x7E, 0xE2, 0xEF, 0xE8,
+        0xA8, 0xDB, 0xCB, 0xAD, 0x18, 0xBA, 0x92, 0xBB,
+        0x43, 0x3A, 0xB4, 0xF0, 0x9B, 0x49, 0x29, 0x9D
+    };
+    static const byte pk_87[] = {
+        0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF,
+        0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4,
+        0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA,
+        0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00,
+        0x83, 0x01, 0xE6, 0x66, 0xF5, 0x9D, 0x3E, 0xC5,
+        0x04, 0x4D, 0xE4, 0x56, 0x78, 0x8F, 0xDE, 0x19,
+        0xEB, 0x39, 0x67, 0x7B, 0x5F, 0x9F, 0xE1, 0x41,
+        0x50, 0xDA, 0x46, 0x3A, 0x70, 0x6F, 0x3B, 0xAF,
+        0x71, 0x5B, 0x95, 0x33, 0x6B, 0x2D, 0x68, 0x5A,
+        0x7C, 0xD7, 0x88, 0x07, 0x13, 0xE4, 0x58, 0x7B,
+        0xF7, 0xD8, 0x57, 0xBF, 0x7E, 0x31, 0x56, 0x96,
+        0xB8, 0xD0, 0xD9, 0xD4, 0x9E, 0x14, 0x29, 0x18,
+        0xBF, 0x09, 0x74, 0xE7, 0xF4, 0x32, 0x37, 0xD4,
+        0xBE, 0x3A, 0xD3, 0x94, 0x59, 0x9E, 0x3D, 0x39,
+        0xBB, 0x76, 0x49, 0x93, 0x25, 0x53, 0x44, 0x7E,
+        0x5D, 0x5A, 0xCC, 0x34, 0x99, 0x93, 0x01, 0x76,
+        0xEC, 0xD3, 0xA8, 0x44, 0xA4, 0x25, 0xF5, 0x0D,
+        0x05, 0x11, 0xC9, 0x22, 0x6C, 0x4B, 0x9A, 0x24,
+        0xF2, 0xA0, 0x11, 0xCD, 0x88, 0xD3, 0x23, 0x08,
+        0xE0, 0x31, 0x2A, 0x0C, 0x87, 0xCC, 0x34, 0xA9,
+        0x95, 0x82, 0x3C, 0x65, 0xF4, 0xF0, 0xF9, 0x8E,
+        0x50, 0xC3, 0x77, 0x88, 0xCE, 0x38, 0xDC, 0x28,
+        0xFB, 0x8B, 0x9B, 0xFA, 0xAF, 0xA9, 0x04, 0xB5,
+        0x41, 0xEE, 0x71, 0x2F, 0x6A, 0x04, 0x1E, 0x06,
+        0x11, 0x37, 0x4F, 0x6B, 0xF1, 0x7E, 0xAC, 0x0B,
+        0xD5, 0x6F, 0x3B, 0x6B, 0xF3, 0x36, 0xDA, 0x92,
+        0x42, 0x07, 0x0C, 0x24, 0x69, 0xA2, 0x0C, 0x4D,
+        0x16, 0x16, 0x14, 0x9A, 0x61, 0x59, 0x25, 0x20,
+        0x11, 0xD2, 0x99, 0xF9, 0x3F, 0x98, 0x6D, 0x87,
+        0x5D, 0xD3, 0x0B, 0x38, 0xA2, 0x25, 0x49, 0x17,
+        0x45, 0x70, 0x13, 0x8C, 0x2B, 0xB3, 0xAA, 0x9C,
+        0xBE, 0xA9, 0x19, 0x74, 0xF3, 0xD8, 0x9B, 0xF5,
+        0xAE, 0x32, 0xBE, 0x9E, 0x58, 0xB8, 0x54, 0xA2,
+        0xF8, 0xE8, 0x6F, 0xF7, 0x67, 0x80, 0xC0, 0x34,
+        0x90, 0xF4, 0x67, 0xDB, 0x06, 0x51, 0xC2, 0x0B,
+        0x1D, 0xF6, 0x0E, 0xB9, 0x7A, 0x3C, 0x99, 0xD9,
+        0xBD, 0x66, 0x4B, 0xE6, 0xA5, 0xE4, 0xC8, 0xA8,
+        0xAD, 0x4C, 0xC3, 0x63, 0x90, 0xD7, 0x00, 0x4E,
+        0x4B, 0xB4, 0x21, 0xDA, 0xED, 0x65, 0x4C, 0x35,
+        0x7D, 0xA4, 0xD6, 0x84, 0x98, 0x93, 0x3E, 0xC7,
+        0x17, 0x77, 0xAD, 0x64, 0xC2, 0xAE, 0x01, 0x3C,
+        0x73, 0xEB, 0x45, 0x7C, 0x68, 0xEF, 0x9A, 0x74,
+        0x5A, 0xDE, 0xEB, 0x4F, 0xDF, 0xC8, 0x79, 0xE7,
+        0x74, 0xD0, 0x3F, 0xAF, 0x6B, 0x14, 0xAA, 0xB1,
+        0x07, 0x52, 0xE2, 0x4B, 0x52, 0xD0, 0xF2, 0xD9,
+        0x4D, 0x54, 0x0A, 0x1E, 0xBE, 0x10, 0xF5, 0x97,
+        0xE5, 0x14, 0x44, 0x2D, 0x6C, 0x13, 0xC2, 0xE2,
+        0x49, 0x8E, 0x8A, 0xF3, 0x01, 0x7C, 0x52, 0xDB,
+        0x23, 0x3A, 0x90, 0x71, 0x7D, 0xF2, 0x5B, 0x4D,
+        0x07, 0x2B, 0x7D, 0x88, 0xEE, 0x87, 0x31, 0xD1,
+        0x68, 0x24, 0xC9, 0x5D, 0x1F, 0xB9, 0x83, 0xC4,
+        0x49, 0xDE, 0xB4, 0x66, 0x27, 0x60, 0x60, 0xFE,
+        0xE4, 0xC7, 0xEE, 0x38, 0x14, 0x51, 0xF2, 0x32,
+        0xC2, 0x9C, 0x7C, 0x32, 0x20, 0x85, 0x0C, 0x61,
+        0xD1, 0xC3, 0xC0, 0x0D, 0xB1, 0xCD, 0x97, 0x26,
+        0xA0, 0x2A, 0x56, 0x60, 0x9F, 0x3A, 0x65, 0xD3,
+        0xD1, 0x64, 0x60, 0x45, 0x88, 0xCD, 0x9B, 0x43,
+        0x14, 0x12, 0xF1, 0xAD, 0xD9, 0x14, 0xC5, 0xC2,
+        0xDA, 0xBB, 0xC9, 0x04, 0x67, 0xC0, 0xC4, 0xEA,
+        0x5F, 0x76, 0xE2, 0x4A, 0xA6, 0x18, 0x76, 0x5F,
+        0x8B, 0x06, 0x36, 0xD7, 0xB0, 0x65, 0xE1, 0xF4,
+        0xE6, 0xF6, 0x22, 0xEA, 0xE1, 0x71, 0x52, 0x45,
+        0x8C, 0x76, 0x65, 0x86, 0x77, 0x2D, 0x36, 0x3F,
+        0xA9, 0x92, 0x14, 0xF4, 0x72, 0xB0, 0xDB, 0x8A,
+        0x1E, 0x49, 0xD8, 0x2D, 0x02, 0x78, 0xF2, 0x95,
+        0x8B, 0x0A, 0xAA, 0x15, 0x86, 0xDB, 0x13, 0x4B,
+        0xDF, 0xD2, 0x43, 0x87, 0x42, 0x49, 0x50, 0x07,
+        0xE2, 0xFE, 0x5B, 0x60, 0xE2, 0x46, 0x39, 0x92,
+        0x26, 0x94, 0x7A, 0x12, 0xEA, 0x17, 0x63, 0x1C,
+        0xAA, 0x53, 0x46, 0x87, 0xCB, 0x75, 0xC0, 0x60,
+        0xB4, 0x79, 0x7E, 0xAB, 0x82, 0x77, 0xCC, 0x4F,
+        0x8A, 0x7A, 0x20, 0x38, 0x76, 0x06, 0xEF, 0xE2,
+        0xDB, 0xD3, 0xE7, 0x36, 0x24, 0x92, 0x77, 0xD9,
+        0x0F, 0xCA, 0xB9, 0x92, 0xA8, 0xC9, 0x9E, 0x85,
+        0xAB, 0x03, 0xEB, 0x4C, 0xAC, 0x5D, 0x88, 0x55,
+        0x39, 0x58, 0x52, 0x8A, 0xF9, 0x29, 0x74, 0x71,
+        0x81, 0x35, 0xF1, 0xD0, 0xC7, 0x93, 0xEB, 0x00,
+        0x0E, 0xA0, 0xAE, 0xC3, 0xEC, 0x18, 0x58, 0xFD,
+        0xD1, 0x86, 0x88, 0xD1, 0xDA, 0x27, 0x27, 0x8D,
+        0xEB, 0xF2, 0xCA, 0x81, 0x10, 0xBA, 0x4A, 0x20,
+        0x4F, 0x79, 0x30, 0xE1, 0xC8, 0xCE, 0xEC, 0xAF,
+        0xB7, 0x3F, 0x75, 0xDD, 0xB3, 0x4C, 0x5C, 0x55,
+        0x96, 0x8A, 0x79, 0x33, 0x05, 0x84, 0x26, 0xB5,
+        0x5D, 0x03, 0x9F, 0x72, 0x92, 0xAC, 0x43, 0xF6,
+        0x45, 0x84, 0xF6, 0xDF, 0x18, 0x7A, 0x1D, 0x6B,
+        0x00, 0x3F, 0x51, 0x4C, 0xC1, 0x3B, 0x26, 0xC2,
+        0xF3, 0x48, 0x19, 0x5A, 0xA3, 0x21, 0xDE, 0x6A,
+        0x27, 0xEC, 0x11, 0x34, 0x8D, 0xE5, 0x0D, 0x82,
+        0x5A, 0x29, 0x64, 0xC6, 0x31, 0x99, 0x2E, 0x4B,
+        0x0B, 0x42, 0x5B, 0x1B, 0xEB, 0x4F, 0x96, 0x00,
+        0xE3, 0xAD, 0xC4, 0x43, 0x1C, 0xF2, 0xE8, 0x8B,
+        0x42, 0x23, 0xD2, 0xDB, 0x66, 0x3C, 0x3C, 0xE7,
+        0x0E, 0xF8, 0x5D, 0xDD, 0x56, 0xA9, 0xBA, 0xF1,
+        0x38, 0xA9, 0xD7, 0xED, 0xD8, 0x94, 0x13, 0x1C,
+        0x3A, 0x8F, 0x41, 0xA0, 0x4E, 0xF9, 0xF8, 0x67,
+        0x52, 0xB7, 0x21, 0x81, 0xFA, 0xBB, 0x37, 0xC8,
+        0x6B, 0x87, 0x7E, 0x61, 0xD6, 0x0E, 0xED, 0x95,
+        0xEE, 0xFF, 0xAB, 0xE6, 0x37, 0x6E, 0x14, 0xAC,
+        0xA8, 0x17, 0xC5, 0xF4, 0x19, 0x61, 0xAF, 0x8A,
+        0x78, 0x49, 0xBA, 0xC0, 0x94, 0x91, 0x7B, 0x2D,
+        0x13, 0x22, 0x76, 0xB6, 0xB3, 0x48, 0x6A, 0xFF,
+        0x95, 0x0D, 0x23, 0xD4, 0xAA, 0xDC, 0x24, 0xCE,
+        0x98, 0xA5, 0x26, 0x9E, 0x1C, 0x69, 0x91, 0x79,
+        0x60, 0xA3, 0x1E, 0xE0, 0x9A, 0x52, 0x7C, 0x35,
+        0x81, 0x75, 0xCA, 0xA0, 0xCB, 0x1B, 0x01, 0x8E,
+        0x95, 0x26, 0xD9, 0x35, 0x34, 0xEA, 0xDB, 0xAC,
+        0xB5, 0x2B, 0x27, 0x3D, 0x73, 0x5E, 0x22, 0xDD,
+        0x0D, 0x5C, 0x28, 0xFA, 0x3E, 0x47, 0xCF, 0xE9,
+        0x0B, 0x52, 0x15, 0xAE, 0x24, 0xF1, 0x46, 0xC3,
+        0x46, 0x4B, 0xFE, 0xAF, 0x01, 0xD2, 0x8D, 0xAA,
+        0x55, 0x3C, 0x1E, 0x94, 0x42, 0x8A, 0x10, 0x4A,
+        0x9D, 0x78, 0xAE, 0xC7, 0x62, 0x59, 0x1E, 0x88,
+        0x79, 0xF7, 0x68, 0x51, 0xCF, 0xB4, 0x64, 0x85,
+        0x66, 0x72, 0x1B, 0x0C, 0xAC, 0x1F, 0x14, 0xFE,
+        0x16, 0x14, 0x9A, 0x9D, 0x82, 0x10, 0xCC, 0x8F,
+        0x2F, 0x50, 0xDE, 0xF7, 0xB4, 0x6C, 0x84, 0x3B,
+        0xE9, 0x3B, 0xD8, 0xD5, 0x56, 0x02, 0x49, 0x33,
+        0x50, 0xAB, 0x56, 0x0E, 0xA5, 0xBA, 0x17, 0x71,
+        0x64, 0x23, 0xBE, 0x0E, 0xB8, 0x36, 0x0A, 0xB1,
+        0x09, 0xD8, 0xFB, 0x18, 0xBF, 0xEA, 0x04, 0x08,
+        0x47, 0xB7, 0x33, 0x51, 0x45, 0xD4, 0xF2, 0x00,
+        0xD1, 0x9C, 0xF6, 0xFE, 0x7B, 0xAC, 0x91, 0x7F,
+        0x42, 0x6C, 0x9B, 0x3D, 0x39, 0xA9, 0xCA, 0x43,
+        0x29, 0x81, 0x8F, 0x24, 0x0E, 0x7D, 0xA3, 0x82,
+        0x76, 0x10, 0x72, 0xF4, 0xA6, 0x50, 0x5E, 0xA8,
+        0xE7, 0x6C, 0x1E, 0x44, 0x6F, 0xEB, 0x66, 0x25,
+        0xE3, 0x8D, 0xDB, 0xCD, 0x3C, 0xDA, 0x81, 0xE8,
+        0x3B, 0xF7, 0x68, 0xF3, 0xE0, 0x1D, 0x9D, 0x26,
+        0x3B, 0x36, 0x73, 0x03, 0xAE, 0x15, 0x6C, 0x0B,
+        0x71, 0x83, 0x36, 0x4A, 0x1E, 0x79, 0x41, 0xA0,
+        0x92, 0x98, 0xA3, 0xAD, 0xF7, 0xBD, 0x23, 0x1E,
+        0x61, 0x14, 0xB9, 0xDC, 0xE7, 0x95, 0x2B, 0x11,
+        0x3F, 0x78, 0x16, 0x31, 0x38, 0xB9, 0x26, 0x6F,
+        0x84, 0x3F, 0x1E, 0xD9, 0x7D, 0x9C, 0x2B, 0x16,
+        0x3A, 0x6E, 0x8B, 0xD4, 0xC1, 0xAB, 0x4E, 0x17,
+        0x93, 0x67, 0xC5, 0xAC, 0x96, 0xCE, 0xCF, 0x50,
+        0x50, 0xFE, 0x82, 0x1F, 0xDF, 0xA4, 0x4E, 0x9E,
+        0x68, 0x0B, 0x61, 0xC6, 0x01, 0x89, 0x32, 0xDF,
+        0x71, 0x78, 0x11, 0x45, 0x9A, 0xF2, 0x54, 0x2E,
+        0x2C, 0xDE, 0x77, 0x17, 0x8C, 0x2E, 0x98, 0x80,
+        0xF0, 0x11, 0xE4, 0x05, 0xEA, 0xFA, 0x59, 0xC8,
+        0xCB, 0xBE, 0xD7, 0x6E, 0x5A, 0x19, 0x41, 0x10,
+        0x4B, 0x1B, 0x9D, 0x3A, 0x60, 0x49, 0x1C, 0x95,
+        0x47, 0x55, 0xE0, 0x2E, 0x89, 0x41, 0x03, 0xF1,
+        0xF4, 0x97, 0x74, 0x75, 0xE9, 0xEA, 0x36, 0x60,
+        0x9F, 0xD6, 0x7C, 0x9D, 0xE3, 0x18, 0xED, 0xA2,
+        0x37, 0x0D, 0xCC, 0xDB, 0xB9, 0xCE, 0xF7, 0xAE,
+        0x63, 0x60, 0x90, 0x5E, 0xC2, 0x20, 0x83, 0x8C,
+        0x97, 0x69, 0x82, 0x34, 0x41, 0xCD, 0xD0, 0xDA,
+        0x8E, 0xF0, 0xAB, 0xE5, 0xF2, 0xD1, 0xD7, 0x6E,
+        0x2F, 0xE0, 0x8F, 0xEF, 0x53, 0xDE, 0x1D, 0x61,
+        0x66, 0xAB, 0x1A, 0x92, 0xB1, 0xAC, 0x09, 0x3E,
+        0x5A, 0xBF, 0x76, 0x58, 0xC4, 0xB5, 0x72, 0x87,
+        0xF2, 0xD1, 0xFD, 0x7B, 0x82, 0xDE, 0xDA, 0xF8,
+        0xD5, 0xA4, 0xFB, 0xAC, 0x4B, 0x35, 0xD5, 0x82,
+        0x31, 0x69, 0x4E, 0x16, 0x24, 0x97, 0x57, 0x8A,
+        0xBD, 0x7A, 0xA7, 0xC8, 0xFE, 0x7B, 0x35, 0x41,
+        0xA7, 0xF1, 0x8E, 0x54, 0xE8, 0xB7, 0xF0, 0x87,
+        0x64, 0xC5, 0xE6, 0x84, 0x49, 0xDF, 0x65, 0x59,
+        0x01, 0x54, 0x98, 0x32, 0xD6, 0x28, 0xFA, 0x63,
+        0xD2, 0xB2, 0xC5, 0xA1, 0x50, 0x93, 0x39, 0x94,
+        0xA9, 0x86, 0x33, 0x17, 0xAD, 0x40, 0xD7, 0x78,
+        0xD9, 0xD2, 0xC0, 0x5C, 0x78, 0x98, 0x85, 0x0B,
+        0x90, 0x17, 0x32, 0x23, 0xC7, 0xA0, 0xAF, 0x89,
+        0x0F, 0xD7, 0xE6, 0x62, 0x21, 0xB6, 0xF0, 0x63,
+        0x18, 0xB2, 0xED, 0x5E, 0x19, 0x9C, 0xB4, 0x24,
+        0x88, 0x5A, 0xB8, 0x41, 0xE7, 0xA4, 0x72, 0x6F,
+        0xAB, 0xA2, 0xF9, 0xBB, 0x53, 0xBC, 0x32, 0x36,
+        0x43, 0x4C, 0x35, 0xFB, 0xBE, 0x4B, 0x1A, 0x0F,
+        0x93, 0xF5, 0x0C, 0x37, 0x89, 0x6C, 0x29, 0xF8,
+        0xE3, 0x02, 0xAD, 0x31, 0xED, 0x33, 0x31, 0xD6,
+        0x20, 0xE3, 0xB6, 0x29, 0x45, 0x51, 0x01, 0xA1,
+        0xF1, 0xCC, 0x7B, 0xA5, 0xE4, 0x6E, 0x68, 0xED,
+        0x4A, 0x8C, 0xCC, 0x87, 0xB4, 0xDC, 0x75, 0xBC,
+        0x01, 0x62, 0xB6, 0x33, 0x0F, 0x83, 0x3F, 0xBA,
+        0x25, 0x75, 0xDF, 0xAF, 0x5B, 0x5F, 0x28, 0xBC,
+        0x54, 0xFF, 0x2B, 0xA8, 0x1E, 0x7A, 0x47, 0x31,
+        0x3C, 0x15, 0x48, 0x2B, 0x60, 0x5E, 0x66, 0xBB,
+        0x38, 0xC6, 0x19, 0x8F, 0x13, 0x92, 0x10, 0x40,
+        0x80, 0xFB, 0xE7, 0x8B, 0x86, 0xB1, 0xBC, 0x9A,
+        0x6F, 0xB8, 0x81, 0xF5, 0xC7, 0x82, 0x01, 0x47,
+        0xE6, 0xBA, 0x14, 0xB8, 0x1A, 0xCC, 0xF2, 0x0C,
+        0xAE, 0x96, 0x64, 0x10, 0x94, 0xC2, 0x16, 0x90,
+        0x2E, 0xA5, 0xC1, 0x25, 0xF6, 0xC9, 0x35, 0xA1,
+        0x50, 0xD7, 0xC9, 0xAC, 0xC5, 0xD9, 0xE2, 0xE5,
+        0xD9, 0x0E, 0x38, 0xC0, 0x50, 0x3A, 0xA9, 0x42,
+        0x60, 0x17, 0xC7, 0x6A, 0xAF, 0xCD, 0x52, 0x61,
+        0xB5, 0x06, 0x27, 0x4E, 0xC1, 0x3A, 0x96, 0x79,
+        0xFB, 0x09, 0x79, 0x60, 0x27, 0xA4, 0xBB, 0x75,
+        0x9D, 0x92, 0x82, 0x79, 0xB9, 0x4D, 0x84, 0x1A,
+        0x09, 0x73, 0x93, 0xBF, 0x7E, 0x5B, 0xD6, 0x9A,
+        0x49, 0x6C, 0xC3, 0xDE, 0xCD, 0x2B, 0x0F, 0x07,
+        0xF8, 0x33, 0x92, 0xAA, 0xDE, 0x33, 0xDC, 0x51,
+        0xB2, 0xA8, 0x4F, 0x6A, 0x07, 0x63, 0x5D, 0xC0,
+        0xEF, 0x57, 0xA9, 0xAD, 0x59, 0x59, 0xB6, 0xA5,
+        0x0B, 0x7B, 0xA5, 0x09, 0xAD, 0x5B, 0x11, 0xFA,
+        0xD2, 0x6B, 0x41, 0x9F, 0x9F, 0x1E, 0x3F, 0x9C,
+        0x73, 0x29, 0xB5, 0xA9, 0x53, 0xD7, 0xCC, 0x87,
+        0xB2, 0xDE, 0x21, 0x06, 0x11, 0xCF, 0x52, 0xA6,
+        0x39, 0xEF, 0x2B, 0x39, 0x08, 0x01, 0x2C, 0xB8,
+        0x8E, 0x1D, 0x6F, 0x57, 0x62, 0x50, 0x79, 0xCB,
+        0x10, 0x3D, 0x6C, 0x98, 0x10, 0x1A, 0x11, 0xBD,
+        0x22, 0x33, 0xB6, 0x56, 0x02, 0xCA, 0x30, 0x49,
+        0xBD, 0x32, 0x05, 0x20, 0x41, 0x9F, 0x76, 0xB0,
+        0x61, 0xE3, 0x59, 0x8D, 0xE3, 0x81, 0x52, 0xC8,
+        0x87, 0x67, 0xD1, 0xA2, 0x4F, 0xBD, 0x02, 0xBB,
+        0x10, 0xC3, 0x8E, 0xAC, 0xAE, 0x31, 0x7D, 0xE6,
+        0xBB, 0x28, 0x7B, 0x4D, 0x2C, 0xAE, 0x5D, 0xA0,
+        0x21, 0x49, 0x65, 0xD8, 0x77, 0x37, 0x78, 0x62,
+        0x6E, 0x9B, 0x97, 0x28, 0x59, 0xD8, 0x48, 0x2B,
+        0x8D, 0x05, 0x47, 0xE4, 0xF5, 0x6D, 0xFF, 0x87,
+        0x68, 0x1D, 0x5B, 0xC5, 0x12, 0x0F, 0x61, 0x3F,
+        0xBB, 0xD9, 0x1E, 0x1F, 0x14, 0xE6, 0xDE, 0xFE,
+        0x67, 0x2E, 0x2A, 0x7E, 0xAB, 0xCB, 0xBB, 0x9B,
+        0x11, 0x08, 0x2C, 0x5E, 0x70, 0x0A, 0xA0, 0xB1,
+        0xF7, 0xC1, 0x78, 0x5F, 0xCE, 0xD1, 0x9A, 0x93,
+        0xAF, 0xE7, 0xC5, 0x9F, 0xA2, 0x51, 0x9B, 0xCD,
+        0xEB, 0x49, 0x4C, 0x3D, 0x13, 0xB2, 0x12, 0x5F,
+        0x38, 0x53, 0x23, 0xB8, 0x16, 0xC6, 0x8F, 0x8F,
+        0x56, 0x28, 0xC7, 0xC2, 0xAB, 0xFD, 0x02, 0x78,
+        0xA3, 0x37, 0x07, 0x3D, 0xA7, 0x4D, 0x16, 0x09,
+        0x96, 0x98, 0xC4, 0xB1, 0x14, 0xE8, 0xA8, 0xCE,
+        0x34, 0x4E, 0x0A, 0x15, 0xD0, 0xFC, 0x7E, 0xD4,
+        0x97, 0xB0, 0x01, 0xD5, 0x3D, 0x4C, 0x96, 0xDC,
+        0x39, 0x54, 0xD3, 0xB4, 0xB9, 0x56, 0xCB, 0x9D,
+        0x2A, 0x27, 0x2C, 0x51, 0xF1, 0x55, 0x9B, 0x22,
+        0x90, 0x4B, 0x40, 0xCC, 0x85, 0x31, 0xE4, 0x0C,
+        0xC4, 0x12, 0xC6, 0x8C, 0xB6, 0xEE, 0xA4, 0xA4,
+        0x09, 0x0B, 0x38, 0xE2, 0x79, 0x73, 0x29, 0x98,
+        0x54, 0x67, 0xE8, 0x18, 0xA5, 0x24, 0xD3, 0x22,
+        0x8E, 0xAC, 0xAE, 0x78, 0x25, 0xD3, 0xDA, 0xD2,
+        0xEA, 0xA4, 0x22, 0xFD, 0xC7, 0x7A, 0xED, 0x71,
+        0xA2, 0x05, 0xDA, 0x78, 0x38, 0xD9, 0x45, 0xE7,
+        0xFE, 0xC3, 0x7E, 0x4D, 0xCA, 0x67, 0xE5, 0x04,
+        0xCE, 0x35, 0xE5, 0xB0, 0x45, 0xF5, 0x6F, 0x1E,
+        0x8D, 0x75, 0x29, 0xEB, 0xD6, 0xF1, 0xAF, 0x7B,
+        0x6E, 0x93, 0x9E, 0x2B, 0x7A, 0xB4, 0x02, 0x7D,
+        0x37, 0xA5, 0x13, 0x5D, 0x17, 0x2D, 0xA1, 0xAF,
+        0x9C, 0xA2, 0xF7, 0x28, 0xA6, 0xF3, 0x7D, 0xE6,
+        0x0D, 0xD2, 0x3D, 0x97, 0xD1, 0x1E, 0x75, 0xAB,
+        0x1F, 0xD5, 0x1F, 0x8E, 0x9A, 0x13, 0x97, 0xE5,
+        0x82, 0x21, 0x59, 0xDB, 0x58, 0x38, 0x02, 0xB3,
+        0x2E, 0xEB, 0xB4, 0x56, 0x7E, 0xCE, 0x37, 0x46,
+        0xD1, 0xAE, 0x33, 0x31, 0x47, 0x85, 0x64, 0x3D,
+        0xD2, 0xA0, 0x74, 0x1E, 0x7F, 0x1B, 0xF2, 0xD2,
+        0x61, 0xF2, 0x21, 0x24, 0xE8, 0xDD, 0xD0, 0x8C,
+        0x64, 0x0A, 0x48, 0xB5, 0x47, 0x17, 0x51, 0x7C,
+        0x21, 0xCD, 0x32, 0x53, 0x28, 0xBC, 0x23, 0x9C,
+        0xA0, 0x28, 0xB2, 0x63, 0x0D, 0x06, 0x3C, 0x8C,
+        0xC2, 0x0B, 0xE9, 0xBD, 0xB4, 0x85, 0x02, 0xDA,
+        0xDD, 0xE7, 0x3F, 0xFE, 0xD5, 0x96, 0x38, 0x16,
+        0x53, 0x3E, 0x02, 0x0A, 0xED, 0x12, 0x08, 0x53,
+        0x62, 0x55, 0xB1, 0xCC, 0xE9, 0x85, 0x43, 0x31,
+        0x27, 0xFF, 0x4F, 0x04, 0xD5, 0xB1, 0xE2, 0xF2,
+        0x10, 0x87, 0x04, 0xB8, 0xB9, 0x66, 0x58, 0x8C,
+        0x01, 0x56, 0xAF, 0xC2, 0xAE, 0x19, 0x29, 0x86,
+        0xFB, 0xEC, 0x44, 0x3B, 0xAE, 0xF6, 0xCB, 0x85,
+        0xA6, 0xF2, 0x9C, 0x77, 0x92, 0x40, 0x5A, 0x24,
+        0x11, 0x47, 0x10, 0xAE, 0x1C, 0x74, 0x64, 0x44,
+        0xFD, 0xF5, 0xFB, 0x65, 0x9E, 0x5E, 0x34, 0x68,
+        0x26, 0x20, 0x7B, 0x8C, 0x54, 0x46, 0x3A, 0x06,
+        0x17, 0xCE, 0x17, 0xFF, 0x33, 0xE4, 0x0F, 0x93,
+        0x1F, 0xE5, 0x76, 0x71, 0x5C, 0x93, 0x2E, 0xF2,
+        0x9F, 0xD7, 0x6B, 0x04, 0xA6, 0x9B, 0x58, 0xE0,
+        0x30, 0x3D, 0x8E, 0xF2, 0x56, 0x78, 0xC8, 0xB7,
+        0x0A, 0xF1, 0x2E, 0x90, 0x45, 0x59, 0x1C, 0x04,
+        0xE8, 0xB7, 0x71, 0x06, 0x94, 0x04, 0x15, 0x17,
+        0x7E, 0x86, 0x85, 0x93, 0xA0, 0x9C, 0x7E, 0x14,
+        0x61, 0x9A, 0x4B, 0x33, 0x2F, 0x9A, 0xDC, 0x3A,
+        0x65, 0x8B, 0x86, 0x01, 0x7F, 0x32, 0x65, 0x6C,
+        0x54, 0x29, 0xC1, 0x15, 0xE1, 0x10, 0x03, 0x7A,
+        0x8C, 0xC7, 0xE5, 0x44, 0x67, 0x7D, 0x2D, 0xD2,
+        0x39, 0xA5, 0x9D, 0x54, 0xD0, 0xF3, 0xC7, 0x46,
+        0x0E, 0xC1, 0x52, 0x08, 0x34, 0x6B, 0xA5, 0x6D,
+        0xF5, 0x08, 0x6C, 0x5D, 0xBC, 0xC4, 0x1E, 0x0C,
+        0x95, 0xFC, 0xB6, 0x86, 0x1C, 0x2C, 0x0C, 0x32,
+        0xAA, 0xF3, 0x45, 0x4E, 0xFE, 0xE2, 0xFF, 0xBA,
+        0x21, 0x4B, 0x43, 0x0E, 0xF2, 0x48, 0xA5, 0x9B,
+        0x32, 0x44, 0x4D, 0x8D, 0x0D, 0x3D, 0xB8, 0x7C,
+        0x9D, 0x4B, 0x15, 0x36, 0xD1, 0x57, 0x72, 0x8E,
+        0xE7, 0x58, 0x5E, 0xF5, 0x32, 0x77, 0x6A, 0x00,
+        0x3A, 0x02, 0x3C, 0x0A, 0xB0, 0xE9, 0xFF, 0x55,
+        0x71, 0x08, 0xC3, 0x90, 0x68, 0x4D, 0x56, 0x5A,
+        0x66, 0x50, 0x63, 0x26, 0x6A, 0xE6, 0x67, 0x0E,
+        0xD5, 0x3B, 0x0F, 0xAF, 0x8F, 0xF6, 0x78, 0x29,
+        0xBB, 0x73, 0x78, 0x25, 0xB1, 0x53, 0xA9, 0x33,
+        0x8C, 0xBE, 0x3D, 0xF1, 0xA4, 0x62, 0x84, 0x9B,
+        0x93, 0xA8, 0x1F, 0x84, 0xED, 0x07, 0xBE, 0x6D,
+        0x62, 0x40, 0x00, 0x32, 0x74, 0x73, 0x7F, 0x61,
+        0x8D, 0xCB, 0x26, 0xE4, 0x82, 0x52, 0xCE, 0x42,
+        0x04, 0xDD, 0x31, 0x39, 0xFF, 0x68, 0x76, 0xF4,
+        0x3B, 0x30, 0x5D, 0x83, 0x56, 0x20, 0xFE, 0xDF,
+        0x79, 0xAA, 0x67, 0x43, 0x3D, 0xC2, 0x52, 0x87,
+        0x32, 0x0E, 0x99, 0x17, 0x96, 0x7B, 0x70, 0xB2,
+        0xD8, 0x66, 0xD1, 0x7B, 0x69, 0x8B, 0xFF, 0xF2,
+        0xB3, 0xAB, 0x95, 0x14, 0x94, 0x9E, 0x58, 0xB5,
+        0x7C, 0x68, 0xA4, 0x54, 0x12, 0xC1, 0xFC, 0x42,
+        0x1C, 0x76, 0x8B, 0xF5, 0xEE, 0x8A, 0x10, 0xC8,
+        0xAE, 0xF5, 0x69, 0x26, 0xF5, 0x1E, 0xC6, 0x2C,
+        0x11, 0x56, 0x9F, 0x31, 0xAA, 0x51, 0x78, 0x68,
+        0xE5, 0xCA, 0xD8, 0x9E, 0x95, 0x80, 0x66, 0xEB,
+        0x9E, 0xDD, 0x72, 0x71, 0xB3, 0x1C, 0xB4, 0xB1,
+        0xD6, 0xCE, 0x21, 0x12, 0x25, 0xAE, 0xB5, 0xB5,
+        0x7F, 0x74, 0x97, 0x19, 0xDA, 0x07, 0xEC, 0xBE,
+        0xFE, 0x03, 0x88, 0x1D, 0xDE, 0x3D, 0x81, 0xE4,
+        0x13, 0x5F, 0x2D, 0xC8, 0x1A, 0xF7, 0x79, 0x77,
+        0x6C, 0x1B, 0x80, 0x57, 0x16, 0x2A, 0x6C, 0x98,
+        0x2F, 0xBB, 0x4D, 0xA6, 0xA9, 0xAD, 0x28, 0x4A,
+        0xB1, 0x0C, 0x70, 0x02, 0x20, 0x44, 0xF4, 0x6D,
+        0x40, 0x0B, 0xF6, 0xAD, 0x71, 0x82, 0xD1, 0x97,
+        0x78, 0x99, 0x83, 0xBE, 0x99, 0x22, 0x79, 0x79,
+        0xA1, 0x33, 0x4B, 0xA1, 0x49, 0xD8, 0x69, 0xBA,
+        0x1C, 0x40, 0x88, 0x12, 0x34, 0x35, 0xBF, 0x97,
+        0x85, 0x41, 0x35, 0x6D, 0xAF, 0x17, 0x1F, 0x33,
+        0xAD, 0xB1, 0xC9, 0x79, 0x07, 0xA0, 0xFB, 0x58,
+        0x45, 0x07, 0x4A, 0x85, 0xD2, 0x6F, 0x54, 0x61,
+        0x35, 0xAE, 0xD0, 0xF9, 0x1B, 0xE4, 0x53, 0x9C,
+        0x12, 0xBF, 0x94, 0x11, 0xE4, 0xB5, 0x56, 0xF6,
+        0x87, 0xD0, 0x69, 0xDB, 0x6B, 0x21, 0xFE, 0x2B,
+        0x7F, 0x32, 0x18, 0x87, 0x44, 0x8C, 0xEA, 0x55,
+        0xDB, 0x19, 0xFB, 0xB8, 0xB0, 0x48, 0x2A, 0x55,
+        0xAE, 0xC1, 0x67, 0x38, 0xD7, 0x4C, 0xD2, 0x65,
+        0x09, 0x38, 0x36, 0xBE, 0x99, 0xD4, 0xFB, 0x53,
+        0xE9, 0xB0, 0x14, 0xB0, 0x37, 0xCD, 0xBF, 0xE9
+    };
+    static const byte sk_87[] = {
+        0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF,
+        0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4,
+        0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA,
+        0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00,
+        0x3B, 0x9A, 0xC2, 0xC1, 0x42, 0x2A, 0x1A, 0xE8,
+        0x02, 0xDD, 0xD7, 0x46, 0x4D, 0x3F, 0x32, 0x72,
+        0x9A, 0x3C, 0x7D, 0xE8, 0x94, 0xD5, 0x06, 0xAC,
+        0xAD, 0x25, 0xCE, 0xB3, 0x72, 0xEA, 0x31, 0x49,
+        0xC9, 0x87, 0x80, 0xDC, 0xD1, 0x31, 0x4B, 0xAA,
+        0x29, 0xB9, 0xB8, 0x07, 0x75, 0x4C, 0x47, 0xDE,
+        0x5D, 0xCA, 0x95, 0x40, 0x64, 0xF2, 0x85, 0x28,
+        0xB8, 0x15, 0xFE, 0x27, 0xB7, 0x9A, 0xC5, 0x06,
+        0xB3, 0xAD, 0x76, 0x29, 0xD2, 0xC9, 0x71, 0xAB,
+        0x8F, 0x28, 0x2E, 0x0C, 0x6E, 0x7E, 0x55, 0x48,
+        0xEE, 0x0E, 0x11, 0x32, 0x42, 0xB7, 0xA0, 0xE0,
+        0x64, 0xA6, 0xDB, 0xCE, 0x30, 0xC5, 0x61, 0x9B,
+        0x19, 0x80, 0x08, 0x89, 0xA0, 0x44, 0x04, 0xB5,
+        0x00, 0x13, 0xC0, 0x88, 0xC1, 0x30, 0x29, 0x62,
+        0x12, 0x4C, 0xD3, 0xB4, 0x91, 0x0A, 0x35, 0x2C,
+        0x43, 0x12, 0x31, 0x19, 0x99, 0x65, 0x22, 0x18,
+        0x52, 0x02, 0xC3, 0x85, 0x23, 0x44, 0x0D, 0x90,
+        0x24, 0x4A, 0x1A, 0x30, 0x22, 0x44, 0x28, 0x61,
+        0x81, 0x06, 0x29, 0x18, 0x97, 0x68, 0x0A, 0x20,
+        0x09, 0x08, 0x32, 0x6A, 0x44, 0xA4, 0x4C, 0x44,
+        0x90, 0x21, 0x8A, 0x16, 0x68, 0x9A, 0xA8, 0x51,
+        0x1A, 0xA5, 0x2C, 0x62, 0x46, 0x8D, 0x04, 0xC3,
+        0x40, 0xD3, 0x86, 0x28, 0x60, 0xA4, 0x60, 0x13,
+        0x18, 0x70, 0x84, 0x94, 0x8C, 0x63, 0xC0, 0x44,
+        0x04, 0xA9, 0x28, 0x20, 0x08, 0x20, 0x43, 0x16,
+        0x2A, 0x23, 0x29, 0x2D, 0x1A, 0xB1, 0x29, 0x48,
+        0xB6, 0x09, 0x21, 0x88, 0x31, 0x00, 0xC5, 0x30,
+        0x00, 0xC4, 0x8C, 0xD9, 0x82, 0x68, 0xE1, 0x30,
+        0x4C, 0x63, 0x32, 0x45, 0x0C, 0x32, 0x86, 0x18,
+        0x08, 0x31, 0x91, 0x98, 0x0D, 0x10, 0xB8, 0x70,
+        0x9B, 0x30, 0x22, 0x64, 0x04, 0x08, 0x93, 0xA4,
+        0x8C, 0x21, 0xC9, 0x70, 0x0C, 0x35, 0x71, 0x5B,
+        0x00, 0x0D, 0x14, 0x31, 0x22, 0xCC, 0x98, 0x10,
+        0x21, 0x04, 0x80, 0x9B, 0x28, 0x64, 0x1C, 0x30,
+        0x80, 0x21, 0x30, 0x71, 0x18, 0x33, 0x50, 0x24,
+        0x25, 0x44, 0x08, 0x17, 0x8C, 0xC0, 0x08, 0x48,
+        0x84, 0x44, 0x90, 0x48, 0x98, 0x30, 0xCA, 0x44,
+        0x00, 0x09, 0x19, 0x51, 0x19, 0x23, 0x0C, 0x52,
+        0x20, 0x0E, 0x49, 0x06, 0x32, 0x1C, 0x15, 0x4E,
+        0x19, 0x48, 0x85, 0x13, 0x25, 0x49, 0xA3, 0x00,
+        0x04, 0x08, 0x15, 0x6D, 0x20, 0x41, 0x0C, 0xDA,
+        0x42, 0x52, 0xC1, 0x34, 0x8C, 0x00, 0x31, 0x69,
+        0x43, 0x82, 0x24, 0x64, 0x94, 0x6D, 0x1C, 0x81,
+        0x11, 0x01, 0x96, 0x21, 0x4B, 0x02, 0x00, 0xCA,
+        0x28, 0x84, 0xCC, 0x46, 0x64, 0x51, 0x18, 0x6A,
+        0x18, 0x10, 0x00, 0xA4, 0x98, 0x21, 0x60, 0xB0,
+        0x68, 0x03, 0x94, 0x6C, 0x94, 0x48, 0x51, 0x80,
+        0x40, 0x46, 0x92, 0x22, 0x2C, 0x23, 0x44, 0x69,
+        0x98, 0x26, 0x4D, 0x1C, 0x01, 0x08, 0x52, 0x02,
+        0x20, 0x8A, 0xA6, 0x08, 0x0A, 0x31, 0x61, 0x93,
+        0x40, 0x0E, 0x9C, 0xC8, 0x11, 0x81, 0x32, 0x2E,
+        0x21, 0x15, 0x84, 0x84, 0xC2, 0x41, 0x00, 0x22,
+        0x72, 0x54, 0x22, 0x62, 0x58, 0x06, 0x92, 0x48,
+        0x48, 0x44, 0x11, 0x27, 0x04, 0x04, 0xC0, 0x11,
+        0x92, 0x82, 0x45, 0xA1, 0xC6, 0x8C, 0xE3, 0x32,
+        0x66, 0xC1, 0x38, 0x72, 0x5A, 0x86, 0x01, 0x0C,
+        0xC9, 0x90, 0x84, 0x34, 0x08, 0x58, 0xA8, 0x60,
+        0x80, 0xC0, 0x70, 0xD0, 0x26, 0x62, 0x9B, 0x30,
+        0x2A, 0x04, 0x29, 0x69, 0x04, 0x10, 0x8D, 0x0B,
+        0xB9, 0x04, 0x50, 0x46, 0x28, 0x50, 0x48, 0x24,
+        0xD0, 0x48, 0x05, 0xA2, 0x48, 0x02, 0xC3, 0x20,
+        0x8C, 0xA0, 0x14, 0x00, 0x41, 0x38, 0x21, 0x4B,
+        0x24, 0x01, 0x04, 0xB5, 0x49, 0x42, 0x00, 0x00,
+        0x0C, 0x24, 0x28, 0x12, 0x40, 0x84, 0xA2, 0x20,
+        0x44, 0x9B, 0x06, 0x90, 0x63, 0xC0, 0x88, 0x8C,
+        0x14, 0x21, 0x49, 0x12, 0x10, 0x54, 0x16, 0x24,
+        0x20, 0x87, 0x44, 0x50, 0x10, 0x85, 0x0C, 0xB5,
+        0x64, 0xDB, 0x24, 0x41, 0xD0, 0x42, 0x29, 0x9A,
+        0x16, 0x8A, 0x21, 0xB4, 0x4C, 0x13, 0xB7, 0x70,
+        0x10, 0xC0, 0x85, 0x19, 0x02, 0x69, 0xCC, 0x40,
+        0x61, 0x1C, 0x48, 0x46, 0x98, 0x06, 0x25, 0x60,
+        0x14, 0x46, 0xE4, 0x22, 0x62, 0x24, 0x27, 0x22,
+        0x62, 0x24, 0x29, 0x44, 0xC6, 0x2D, 0x08, 0x31,
+        0x84, 0x20, 0x32, 0x21, 0x04, 0xB4, 0x61, 0x0A,
+        0x38, 0x12, 0xD9, 0x28, 0x44, 0xA4, 0x08, 0x20,
+        0xCC, 0xA8, 0x29, 0x0B, 0x21, 0x31, 0x0A, 0x34,
+        0x29, 0x03, 0x21, 0x40, 0xC1, 0xA2, 0x6C, 0x8A,
+        0x16, 0x12, 0x52, 0xA6, 0x64, 0xA3, 0xB2, 0x51,
+        0x04, 0x29, 0x51, 0xC4, 0x04, 0x91, 0x63, 0xB0,
+        0x2D, 0x14, 0x44, 0x30, 0x8C, 0x40, 0x66, 0x0C,
+        0x40, 0x0C, 0x01, 0xA5, 0x2C, 0x09, 0x94, 0x2D,
+        0x62, 0xC6, 0x11, 0x03, 0x98, 0x50, 0x19, 0x10,
+        0x4D, 0x19, 0xA8, 0x28, 0xD3, 0x86, 0x40, 0xC0,
+        0x30, 0x65, 0x54, 0xA6, 0x71, 0xE0, 0xB4, 0x85,
+        0x9B, 0x86, 0x10, 0x04, 0x36, 0x69, 0xD0, 0x46,
+        0x29, 0x18, 0xA3, 0x71, 0x40, 0x22, 0x49, 0x00,
+        0x43, 0x85, 0xCB, 0x40, 0x28, 0x89, 0x36, 0x66,
+        0x41, 0x22, 0x69, 0xA4, 0x28, 0x51, 0xD9, 0x80,
+        0x29, 0x14, 0x07, 0x21, 0xDA, 0x80, 0x91, 0x1B,
+        0x26, 0x50, 0x5B, 0xA0, 0x60, 0x99, 0x42, 0x71,
+        0x50, 0x88, 0x49, 0x10, 0x23, 0x09, 0x5A, 0x90,
+        0x21, 0x22, 0x27, 0x8E, 0x43, 0xB2, 0x70, 0x0C,
+        0xC9, 0x4C, 0xA4, 0x02, 0x70, 0x92, 0x40, 0x10,
+        0x0A, 0x39, 0x70, 0x02, 0x36, 0x0E, 0x11, 0x30,
+        0x41, 0xD8, 0x40, 0x2D, 0x1B, 0x24, 0x6D, 0xC3,
+        0x92, 0x61, 0x4C, 0x86, 0x8D, 0x21, 0xB8, 0x00,
+        0xD3, 0x24, 0x22, 0x12, 0xC8, 0x21, 0x12, 0x99,
+        0x85, 0x09, 0x16, 0x0C, 0x5A, 0xA2, 0x24, 0x09,
+        0x34, 0x42, 0x10, 0xA2, 0x24, 0x03, 0x42, 0x8C,
+        0xC0, 0xB2, 0x8D, 0x12, 0xB6, 0x69, 0x63, 0x34,
+        0x0D, 0xCC, 0xB0, 0x65, 0xA1, 0x12, 0x11, 0x4A,
+        0x38, 0x69, 0xCC, 0x14, 0x81, 0x58, 0x44, 0x09,
+        0x54, 0xA6, 0x80, 0x0C, 0xA8, 0x05, 0xC4, 0x38,
+        0x8A, 0x84, 0x06, 0x01, 0x9B, 0x32, 0x2D, 0x83,
+        0x12, 0x90, 0x09, 0x02, 0x60, 0xA1, 0x28, 0x88,
+        0x58, 0x10, 0x41, 0x24, 0x40, 0x02, 0x19, 0x34,
+        0x48, 0x18, 0xA0, 0x4D, 0x00, 0x10, 0x62, 0x13,
+        0x22, 0x50, 0xE3, 0x38, 0x21, 0x9A, 0x96, 0x21,
+        0x53, 0x08, 0x80, 0x51, 0x26, 0x01, 0x99, 0xC4,
+        0x28, 0x1B, 0xB9, 0x71, 0x04, 0x97, 0x84, 0x04,
+        0x05, 0x2C, 0xA0, 0xC2, 0x10, 0xD3, 0x42, 0x81,
+        0x81, 0x42, 0x4D, 0x61, 0x84, 0x6C, 0x5A, 0x30,
+        0x49, 0x1B, 0xC2, 0x24, 0xC0, 0x20, 0x28, 0xCA,
+        0x92, 0x2D, 0x4A, 0x90, 0x10, 0x04, 0x27, 0x86,
+        0x4C, 0x96, 0x21, 0x09, 0x19, 0x45, 0x14, 0x82,
+        0x2C, 0x11, 0xA6, 0x91, 0x13, 0xB8, 0x04, 0x03,
+        0x18, 0x70, 0x01, 0xA2, 0x51, 0x52, 0x14, 0x49,
+        0x5A, 0x02, 0x30, 0xCB, 0x30, 0x2C, 0x94, 0x10,
+        0x2C, 0x00, 0x49, 0x86, 0x09, 0xA0, 0x25, 0xC2,
+        0x12, 0x4C, 0x1B, 0x02, 0x69, 0x40, 0xA4, 0x44,
+        0x41, 0x16, 0x62, 0x02, 0x25, 0x28, 0xDC, 0xA2,
+        0x2D, 0x00, 0x16, 0x42, 0x58, 0x30, 0x66, 0x5B,
+        0x86, 0x24, 0xD4, 0x24, 0x48, 0xDB, 0x26, 0x0C,
+        0x4C, 0x08, 0x85, 0x01, 0x90, 0x49, 0x21, 0x24,
+        0x41, 0x54, 0x06, 0x84, 0x02, 0x43, 0x4A, 0x24,
+        0x42, 0x05, 0x40, 0x14, 0x48, 0xCA, 0x44, 0x84,
+        0xC0, 0x42, 0x0C, 0x98, 0x26, 0x04, 0x9C, 0xA2,
+        0x05, 0xD1, 0xC2, 0x51, 0x13, 0x01, 0x86, 0x1C,
+        0xA1, 0x50, 0xD9, 0x02, 0x50, 0x0C, 0x39, 0x86,
+        0x8C, 0x00, 0x31, 0x22, 0x05, 0x48, 0xD3, 0x10,
+        0x81, 0x12, 0x48, 0x05, 0xD1, 0x08, 0x69, 0x62,
+        0x38, 0x2C, 0x0A, 0x23, 0x70, 0x9B, 0x44, 0x72,
+        0xE3, 0x48, 0x6E, 0x22, 0x96, 0x70, 0x14, 0x33,
+        0x6C, 0xD8, 0x90, 0x29, 0x03, 0x00, 0x49, 0x63,
+        0x20, 0x8A, 0x03, 0x91, 0x25, 0x08, 0x89, 0x21,
+        0xC0, 0x82, 0x0C, 0x99, 0x40, 0x32, 0xC2, 0x34,
+        0x4E, 0x4B, 0x98, 0x69, 0x09, 0x80, 0x44, 0xE4,
+        0x04, 0x69, 0x94, 0x20, 0x09, 0x99, 0x24, 0x6D,
+        0x09, 0xA9, 0x60, 0x01, 0x29, 0x2D, 0xC8, 0x42,
+        0x28, 0x8A, 0x34, 0x02, 0xE4, 0x08, 0x70, 0x0C,
+        0x23, 0x6E, 0x0A, 0x05, 0x49, 0x64, 0x44, 0x2A,
+        0x82, 0xC8, 0x00, 0x02, 0x48, 0x31, 0xCB, 0x90,
+        0x50, 0x1C, 0x05, 0x68, 0x12, 0x12, 0x2C, 0xD0,
+        0x80, 0x0C, 0x59, 0x48, 0x61, 0xCB, 0xA6, 0x09,
+        0x9C, 0xC0, 0x81, 0x42, 0xB8, 0x00, 0x24, 0x41,
+        0x8A, 0x94, 0x20, 0x40, 0x42, 0x14, 0x4D, 0x19,
+        0x46, 0x62, 0x18, 0x05, 0x09, 0x24, 0x33, 0x6A,
+        0xD4, 0x00, 0x61, 0x12, 0x48, 0x32, 0x8A, 0x04,
+        0x72, 0x93, 0xB4, 0x69, 0x62, 0xC2, 0x71, 0x41,
+        0xA6, 0x89, 0x44, 0x96, 0x31, 0x62, 0x30, 0x46,
+        0x83, 0x42, 0x6C, 0x00, 0x19, 0x22, 0x09, 0x46,
+        0x4D, 0x8B, 0x06, 0x49, 0xE1, 0xB0, 0x70, 0x42,
+        0x44, 0x31, 0xC1, 0x80, 0x65, 0x9C, 0x00, 0x24,
+        0x11, 0xA8, 0x31, 0x13, 0x21, 0x2C, 0x4B, 0x46,
+        0x28, 0x1B, 0x18, 0x0D, 0x88, 0x42, 0x70, 0xD1,
+        0xB0, 0x0D, 0x90, 0xC8, 0x45, 0xDA, 0xC2, 0x48,
+        0x59, 0x14, 0x26, 0x22, 0x44, 0x00, 0xC2, 0x94,
+        0x41, 0x50, 0xC8, 0x04, 0x18, 0x00, 0x00, 0xCB,
+        0xA6, 0x24, 0x19, 0x02, 0x10, 0x10, 0x89, 0x0C,
+        0x18, 0x22, 0x21, 0x62, 0xA8, 0x81, 0xC8, 0x92,
+        0x48, 0xD3, 0x94, 0x20, 0x82, 0x06, 0x72, 0x09,
+        0xA8, 0x90, 0x0C, 0x49, 0x8A, 0x41, 0x86, 0x28,
+        0x19, 0xC5, 0x80, 0x9A, 0x18, 0x4D, 0x14, 0x10,
+        0x2E, 0x22, 0x12, 0x52, 0x00, 0x08, 0x12, 0x0C,
+        0x33, 0x45, 0x63, 0xC6, 0x30, 0x10, 0x93, 0x4C,
+        0x60, 0xC6, 0x31, 0xDC, 0x40, 0x0E, 0x98, 0x82,
+        0x50, 0x60, 0x02, 0x2A, 0xD2, 0x22, 0x40, 0xE4,
+        0x06, 0x2D, 0xDB, 0x32, 0x0E, 0xCA, 0x32, 0x4E,
+        0xD4, 0x18, 0x24, 0x08, 0xC3, 0x28, 0x4A, 0xC2,
+        0x68, 0xE2, 0x80, 0x40, 0xA1, 0xC8, 0x64, 0x51,
+        0xC2, 0x65, 0xCB, 0x16, 0x60, 0x23, 0x09, 0x4C,
+        0x82, 0x04, 0x68, 0xD9, 0x22, 0x2E, 0x1C, 0x49,
+        0x92, 0x42, 0x24, 0x21, 0x00, 0x37, 0x0E, 0xC8,
+        0x12, 0x72, 0x64, 0x08, 0x25, 0x0A, 0x20, 0x2A,
+        0x58, 0x24, 0x04, 0x59, 0x16, 0x4C, 0x08, 0x17,
+        0x30, 0x00, 0x46, 0x05, 0x12, 0x90, 0x40, 0x03,
+        0x07, 0x21, 0x52, 0xC0, 0x64, 0x1C, 0x83, 0x6D,
+        0x9C, 0x32, 0x2E, 0x11, 0x15, 0x8A, 0x10, 0x35,
+        0x88, 0x5A, 0xA0, 0x8D, 0xD9, 0x80, 0x48, 0x03,
+        0xB6, 0x4C, 0x01, 0x10, 0x65, 0x10, 0x86, 0x40,
+        0x11, 0x01, 0x42, 0x0A, 0xC1, 0x64, 0xDB, 0x22,
+        0x4D, 0x64, 0xB2, 0x51, 0x02, 0x36, 0x0D, 0x93,
+        0x46, 0x31, 0x14, 0xB6, 0x68, 0x63, 0x84, 0x29,
+        0xC8, 0x10, 0x24, 0x94, 0x30, 0x08, 0x19, 0x37,
+        0x02, 0x14, 0x82, 0x45, 0x88, 0x28, 0x40, 0x54,
+        0xA8, 0x29, 0x90, 0x14, 0x12, 0x61, 0x36, 0x12,
+        0x0B, 0x09, 0x8C, 0xA4, 0x98, 0x28, 0xC2, 0x92,
+        0x45, 0x4C, 0x00, 0x60, 0x63, 0xC4, 0x81, 0xC0,
+        0x36, 0x25, 0xCA, 0x88, 0x2D, 0x24, 0x40, 0x30,
+        0xD3, 0xA8, 0x2D, 0xC9, 0xC8, 0x25, 0xD2, 0x84,
+        0x48, 0x00, 0x32, 0x92, 0x50, 0xA2, 0x71, 0xD3,
+        0x44, 0x0D, 0x22, 0x34, 0x60, 0x12, 0x13, 0x12,
+        0x86, 0x8C, 0x5F, 0x86, 0x20, 0x79, 0x4A, 0x05,
+        0x0E, 0x20, 0xD0, 0xE1, 0x01, 0x17, 0x86, 0x24,
+        0x0E, 0xA6, 0x64, 0xF2, 0xF6, 0x9B, 0xB1, 0xB7,
+        0xE3, 0x0E, 0xC6, 0x6B, 0x1A, 0x4A, 0x0B, 0xE5,
+        0x9B, 0x79, 0xF2, 0x19, 0x8A, 0xD9, 0x80, 0x44,
+        0x83, 0xE4, 0x75, 0xE5, 0x3B, 0x3C, 0x49, 0xCB,
+        0x0C, 0xE5, 0xEF, 0x92, 0x91, 0x2A, 0xF4, 0x40,
+        0xF2, 0x3B, 0x99, 0x58, 0x13, 0xD1, 0x1B, 0x59,
+        0xF7, 0x98, 0xE9, 0x3C, 0x9D, 0x13, 0x53, 0x98,
+        0x17, 0xC7, 0xAC, 0x68, 0xCA, 0xD1, 0xAA, 0x1A,
+        0xC2, 0x76, 0x56, 0xBD, 0x0C, 0x47, 0x97, 0xE9,
+        0xC8, 0xEC, 0x17, 0x78, 0x4C, 0x1A, 0x32, 0x7A,
+        0x9D, 0xFE, 0xAF, 0x4D, 0x61, 0x91, 0xEE, 0xCD,
+        0xAF, 0xE0, 0x49, 0xB7, 0x33, 0xFE, 0x39, 0xD5,
+        0xEB, 0x40, 0x00, 0x93, 0x6F, 0xEE, 0xFC, 0xF8,
+        0x29, 0x28, 0xE9, 0xF9, 0x4C, 0xFD, 0x5C, 0xF4,
+        0xC1, 0xE3, 0xDE, 0xB1, 0x43, 0x3A, 0x47, 0xF6,
+        0xD3, 0x28, 0xB5, 0xE8, 0x3D, 0xD1, 0x56, 0xD0,
+        0x18, 0x2D, 0xC6, 0x92, 0x34, 0x75, 0x91, 0xAA,
+        0x6F, 0x73, 0x2C, 0xFB, 0xE9, 0x82, 0x93, 0x5F,
+        0xD1, 0x84, 0x6C, 0xAC, 0xF4, 0xCB, 0x85, 0x15,
+        0xC5, 0x5A, 0xB8, 0x5E, 0xE5, 0xAD, 0x44, 0xCB,
+        0x09, 0xD3, 0x26, 0x9E, 0x2E, 0x6D, 0x11, 0x78,
+        0x09, 0x61, 0xFD, 0x13, 0x1D, 0x5E, 0x6F, 0xBF,
+        0x89, 0x84, 0x9F, 0x47, 0xF2, 0xB7, 0x1D, 0x82,
+        0x83, 0xFF, 0x25, 0x38, 0x5E, 0x52, 0xB0, 0x7D,
+        0xBB, 0x26, 0x6C, 0x67, 0x4C, 0xEE, 0x3D, 0x0B,
+        0x5D, 0xF5, 0xA5, 0x6D, 0x8B, 0xDC, 0xDC, 0xFA,
+        0xAE, 0xE6, 0xA2, 0x48, 0xE7, 0x1D, 0xB1, 0x34,
+        0x5A, 0xFC, 0x59, 0x7C, 0xA8, 0x30, 0xA1, 0xA3,
+        0x5B, 0x43, 0x96, 0xEF, 0x4C, 0x1A, 0xDF, 0x9E,
+        0xD0, 0x1B, 0xCE, 0x9B, 0x6E, 0xB6, 0x37, 0xFA,
+        0x24, 0xAA, 0x16, 0x0B, 0x90, 0x76, 0xBA, 0xE3,
+        0x05, 0x59, 0xF8, 0xB2, 0x9D, 0xED, 0xB3, 0xD2,
+        0x5B, 0x79, 0x06, 0x4A, 0xB0, 0xCF, 0x8B, 0x8D,
+        0x70, 0xAD, 0xDD, 0xEB, 0x8B, 0x17, 0x42, 0x48,
+        0xD5, 0xAE, 0xA4, 0xD1, 0x8D, 0xE4, 0x3B, 0x89,
+        0x38, 0xCD, 0xD2, 0xAC, 0xBA, 0x54, 0x77, 0xBD,
+        0x4A, 0xAC, 0xC3, 0xCE, 0x59, 0x5E, 0x5D, 0x26,
+        0x9F, 0xE6, 0x75, 0x21, 0x0D, 0x23, 0x15, 0x2B,
+        0x04, 0x71, 0x0F, 0x36, 0x84, 0x28, 0x79, 0x4A,
+        0x75, 0xF4, 0x9B, 0x68, 0x3E, 0xD2, 0x0D, 0xD6,
+        0x47, 0x51, 0x57, 0x77, 0x95, 0x5A, 0x8C, 0xB3,
+        0x8A, 0x36, 0xAF, 0xCD, 0x2C, 0xE0, 0xAC, 0xEC,
+        0x4F, 0x0D, 0xFE, 0x80, 0x77, 0x02, 0xD1, 0xEB,
+        0x3B, 0xDE, 0x72, 0xE9, 0xE0, 0x85, 0xAA, 0x4E,
+        0x09, 0xEB, 0x1B, 0x09, 0x47, 0x41, 0x38, 0x52,
+        0xEC, 0x3C, 0x0A, 0xC5, 0x2F, 0x06, 0xCB, 0x95,
+        0x9C, 0x85, 0x39, 0x4E, 0xB3, 0x74, 0x81, 0x19,
+        0xED, 0xBE, 0x6C, 0x80, 0xD2, 0xD8, 0xF7, 0x92,
+        0xCE, 0x0D, 0x91, 0x5E, 0x4F, 0x4B, 0x15, 0x1E,
+        0xFB, 0x13, 0x5E, 0x7F, 0x4D, 0xC9, 0x7D, 0x85,
+        0x81, 0x41, 0xC5, 0x7F, 0x70, 0x41, 0x7B, 0x43,
+        0xA6, 0xA1, 0x26, 0x95, 0x69, 0x78, 0xD7, 0x8E,
+        0xFB, 0x9F, 0x03, 0x72, 0x43, 0xB4, 0xCB, 0x41,
+        0xDF, 0x96, 0x8B, 0x7E, 0xE5, 0xB5, 0x20, 0x87,
+        0xF0, 0x5A, 0xA9, 0xFE, 0x48, 0x7B, 0xD1, 0x6C,
+        0x03, 0x47, 0xCF, 0x13, 0x35, 0x76, 0x0B, 0xD2,
+        0x39, 0x8A, 0xD5, 0x4D, 0xDA, 0x00, 0xA5, 0xAA,
+        0xC4, 0x46, 0xD8, 0x0B, 0x1C, 0x79, 0x98, 0xC6,
+        0x02, 0x19, 0x2A, 0xDA, 0xFC, 0xB8, 0x09, 0xD1,
+        0x4E, 0xE3, 0x28, 0x64, 0x1B, 0xA3, 0xAA, 0x00,
+        0xF8, 0xD2, 0x9C, 0x3A, 0x84, 0x8A, 0xCB, 0xDC,
+        0x19, 0x46, 0xBC, 0x0D, 0x35, 0xE0, 0xBE, 0x0F,
+        0x8F, 0x7E, 0x3D, 0xA3, 0xF6, 0x8D, 0x9F, 0xA9,
+        0x76, 0x8F, 0x5C, 0xF2, 0x75, 0x53, 0x4A, 0x0E,
+        0xCA, 0x9E, 0x60, 0xFC, 0xEA, 0x38, 0xF1, 0xE0,
+        0x42, 0xC3, 0x16, 0x14, 0x3A, 0x76, 0x7B, 0x33,
+        0xAC, 0xCA, 0xD8, 0xC8, 0xD6, 0x6C, 0x70, 0xC7,
+        0x5F, 0xD1, 0xF0, 0xB2, 0x58, 0x6B, 0x65, 0x3A,
+        0xD4, 0xAF, 0x54, 0xE5, 0x6E, 0xF0, 0x69, 0x33,
+        0xEA, 0xD3, 0x1D, 0xE3, 0x65, 0xD1, 0x10, 0xB9,
+        0xC4, 0xA2, 0xA9, 0x8B, 0xCB, 0xA1, 0x65, 0xCA,
+        0xFE, 0x38, 0x6F, 0x88, 0x7C, 0x72, 0x15, 0x6E,
+        0xB1, 0x4F, 0xF0, 0xDA, 0xD6, 0x65, 0x61, 0x6C,
+        0xE3, 0xCE, 0x65, 0xC1, 0x90, 0x4F, 0x2C, 0x17,
+        0x47, 0xB2, 0xEC, 0x2B, 0x5C, 0x9D, 0x67, 0x76,
+        0xBC, 0xD7, 0x9E, 0x5A, 0xC6, 0x4B, 0x79, 0x33,
+        0xBD, 0xDE, 0xDE, 0xDD, 0xBB, 0xC7, 0x25, 0xBF,
+        0xDB, 0xCC, 0xDE, 0x2F, 0xB3, 0x75, 0xAE, 0x2B,
+        0xE3, 0x53, 0x7B, 0xDF, 0x89, 0xBF, 0x4C, 0x25,
+        0xF8, 0x3A, 0x49, 0xD6, 0xA6, 0xA8, 0xD0, 0x76,
+        0x1C, 0xF3, 0x9D, 0x62, 0x0C, 0x53, 0xED, 0x83,
+        0x7D, 0x19, 0x82, 0x55, 0xCF, 0x5B, 0x91, 0x0A,
+        0x6D, 0xB5, 0x78, 0x77, 0xDF, 0x92, 0xD8, 0xBB,
+        0x6E, 0x9C, 0x52, 0x6B, 0x8C, 0x4E, 0xC9, 0x31,
+        0x00, 0xDE, 0xE0, 0x50, 0x0A, 0x21, 0x0C, 0x98,
+        0x45, 0x83, 0xE1, 0x53, 0x81, 0x60, 0xED, 0xAC,
+        0x2C, 0x6F, 0x86, 0x6E, 0x7F, 0x5D, 0x99, 0xD7,
+        0xB1, 0xB8, 0x15, 0x82, 0xF5, 0xD0, 0xEB, 0xBF,
+        0x27, 0x86, 0xE3, 0xF5, 0x56, 0x01, 0x3B, 0xA9,
+        0xB6, 0xF6, 0x56, 0xEB, 0x79, 0x88, 0x38, 0xEA,
+        0x05, 0x79, 0x20, 0x1A, 0x95, 0xD5, 0x6B, 0xBC,
+        0x3B, 0xCD, 0xB9, 0x51, 0x1A, 0xFB, 0xD4, 0xD8,
+        0x12, 0x88, 0x89, 0x6F, 0x87, 0x10, 0x8C, 0x07,
+        0x7F, 0x1A, 0x81, 0xA3, 0xBD, 0x29, 0x7B, 0xB1,
+        0x24, 0xA8, 0x00, 0x86, 0x89, 0x02, 0x42, 0x99,
+        0x5E, 0x03, 0xCF, 0x42, 0xA0, 0xC2, 0x1E, 0x27,
+        0x2A, 0x9A, 0xFA, 0x1D, 0xC1, 0x03, 0x46, 0x3D,
+        0x2A, 0xB4, 0x94, 0xF7, 0xD0, 0x17, 0x68, 0x6D,
+        0x31, 0x89, 0x4D, 0xD2, 0xF6, 0xEB, 0xB0, 0xC3,
+        0xCB, 0x62, 0x23, 0xEC, 0x79, 0xC6, 0x5D, 0x45,
+        0xC1, 0xB0, 0xD4, 0xEF, 0x19, 0x61, 0xF1, 0x6D,
+        0x65, 0x3F, 0xCF, 0x25, 0x97, 0x7B, 0x65, 0x1E,
+        0xC5, 0x1A, 0x13, 0xAE, 0x8D, 0x4A, 0x34, 0x72,
+        0xEE, 0x71, 0x96, 0x9A, 0x7A, 0x93, 0x6F, 0x5D,
+        0xBB, 0xB9, 0x39, 0x6A, 0x46, 0xD9, 0x76, 0x42,
+        0x35, 0x8C, 0xAF, 0x48, 0x94, 0xC9, 0xA6, 0xDF,
+        0x84, 0xA5, 0x9C, 0x59, 0x62, 0xA6, 0x99, 0x0A,
+        0x76, 0xF0, 0x61, 0x48, 0x90, 0x16, 0x9F, 0x00,
+        0x18, 0x70, 0xD4, 0x9C, 0xF2, 0xE7, 0x50, 0x08,
+        0xCC, 0x4A, 0x5D, 0x85, 0xE7, 0x2D, 0xE2, 0xD6,
+        0xCF, 0x3F, 0xA7, 0x18, 0x52, 0x25, 0x35, 0x22,
+        0xFE, 0x8B, 0x0E, 0x42, 0x3C, 0xB4, 0x17, 0xA3,
+        0x8E, 0xB7, 0x8C, 0x87, 0x63, 0xC3, 0x72, 0x0C,
+        0x04, 0xE6, 0x7F, 0xF8, 0x89, 0x79, 0xEB, 0xA0,
+        0x9E, 0x34, 0x53, 0x8B, 0xB5, 0x23, 0xB9, 0x9B,
+        0x8E, 0x34, 0x16, 0x74, 0x12, 0xF7, 0x7A, 0xEA,
+        0x89, 0x4D, 0x83, 0xAC, 0xF9, 0x46, 0xFC, 0x05,
+        0x4D, 0x0A, 0xF4, 0x72, 0x95, 0xE5, 0x1E, 0xD8,
+        0x3F, 0x74, 0x86, 0x94, 0x0A, 0x4D, 0x41, 0xC0,
+        0x4A, 0xD7, 0xEB, 0xEE, 0x61, 0x0B, 0xF1, 0xD0,
+        0x3F, 0xA5, 0x40, 0x71, 0xD5, 0x1A, 0x15, 0x09,
+        0xE4, 0xF4, 0x91, 0x63, 0xA2, 0x50, 0x81, 0xBE,
+        0x87, 0x90, 0xD0, 0x87, 0xF5, 0xF4, 0xF0, 0x5C,
+        0x88, 0x55, 0x0F, 0xCA, 0x9B, 0xF9, 0x9C, 0x9B,
+        0xE5, 0x95, 0x3D, 0x51, 0xDD, 0x08, 0x45, 0xC9,
+        0x3E, 0x41, 0xEE, 0xEF, 0x62, 0xE0, 0x79, 0x4B,
+        0x29, 0x27, 0xC4, 0xF5, 0xED, 0x9B, 0xD3, 0xE3,
+        0x4E, 0xA9, 0x20, 0x0A, 0x79, 0xDD, 0xEB, 0x4B,
+        0x2D, 0x8F, 0x30, 0x5F, 0xE0, 0x5F, 0x82, 0x7C,
+        0x7E, 0x2E, 0xD1, 0x86, 0x34, 0x1C, 0xB5, 0xD1,
+        0x15, 0x2F, 0xC8, 0x01, 0x04, 0xE0, 0xE1, 0x36,
+        0x83, 0xD9, 0x41, 0x29, 0x4C, 0x77, 0x84, 0x17,
+        0x16, 0x4B, 0x68, 0x4A, 0x97, 0x6E, 0x56, 0xE7,
+        0x8D, 0xA4, 0xD1, 0x7C, 0x3C, 0x73, 0x22, 0x93,
+        0x14, 0x87, 0x0B, 0x85, 0xC4, 0x55, 0xC2, 0x3B,
+        0x83, 0x0B, 0x9A, 0x28, 0xA3, 0xD8, 0xC0, 0xB5,
+        0x66, 0x42, 0x6D, 0xC1, 0x69, 0xF3, 0x26, 0xAB,
+        0xCE, 0x2E, 0xFF, 0xF3, 0x9E, 0x9B, 0x19, 0x9A,
+        0xE5, 0xC1, 0x29, 0x2B, 0x6F, 0x2E, 0xF3, 0x7A,
+        0xF1, 0xDE, 0xA9, 0x27, 0x2C, 0x8D, 0x54, 0x23,
+        0xDF, 0x8A, 0x56, 0x32, 0xF9, 0x91, 0xE1, 0x4D,
+        0xCA, 0x25, 0x14, 0x78, 0x8B, 0x62, 0xBE, 0x16,
+        0x48, 0x28, 0xE9, 0xAC, 0xB8, 0x93, 0xDD, 0xA6,
+        0x02, 0xA5, 0xE2, 0xFB, 0x9E, 0xFC, 0xBE, 0xFD,
+        0x95, 0xAB, 0xFB, 0x82, 0xD2, 0xB0, 0x2D, 0x49,
+        0xCC, 0x53, 0x08, 0x4A, 0x49, 0xAB, 0x1B, 0xEC,
+        0x23, 0xE5, 0xB4, 0xC8, 0xE7, 0x14, 0xCB, 0x03,
+        0x40, 0x5F, 0x1B, 0xCF, 0x7E, 0x11, 0xBB, 0x59,
+        0x72, 0x9D, 0xDC, 0x0B, 0x7B, 0xEF, 0xB2, 0x91,
+        0x27, 0x6D, 0xCE, 0xDA, 0xCA, 0xAD, 0x39, 0xA2,
+        0xF0, 0x1C, 0x7D, 0xC9, 0x8B, 0x9E, 0x06, 0x5E,
+        0xAF, 0xED, 0x1C, 0xC8, 0xCE, 0x3E, 0x84, 0x80,
+        0x80, 0xA2, 0xFC, 0x5B, 0x98, 0xC9, 0xF6, 0xBF,
+        0x50, 0x40, 0x27, 0x33, 0x42, 0xF0, 0x31, 0x2F,
+        0x8B, 0x98, 0x44, 0x59, 0x4A, 0x50, 0x3D, 0xD3,
+        0xE6, 0xAF, 0x1C, 0x9E, 0x35, 0xC1, 0x03, 0x2A,
+        0x4A, 0x8A, 0x5E, 0x7B, 0xF3, 0x3A, 0x82, 0xF3,
+        0x5E, 0x16, 0xED, 0xF8, 0xC6, 0x0C, 0x90, 0x02,
+        0x1D, 0x8C, 0x0B, 0xA4, 0xC3, 0x86, 0x24, 0x5D,
+        0xFE, 0xF0, 0x94, 0x48, 0x43, 0x1D, 0x8C, 0x00,
+        0xD1, 0xE2, 0x6E, 0xE4, 0xD8, 0xC7, 0x7D, 0xAA,
+        0x1A, 0x70, 0x5E, 0xD4, 0x79, 0x2A, 0xCB, 0x4E,
+        0xA2, 0x7C, 0x15, 0x66, 0xFB, 0x56, 0x68, 0x3C,
+        0x43, 0xBF, 0x67, 0x84, 0x2E, 0x67, 0x53, 0x4C,
+        0xB3, 0xF9, 0x67, 0x7C, 0x8A, 0xB9, 0xD0, 0xEE,
+        0xE7, 0x82, 0x7C, 0xDE, 0xFC, 0x22, 0x3A, 0xC9,
+        0x48, 0xB8, 0x80, 0xB5, 0xF1, 0xCE, 0x95, 0x37,
+        0x27, 0x29, 0x32, 0x00, 0x2C, 0x1A, 0x4D, 0xD2,
+        0x18, 0xF5, 0x27, 0x16, 0x6E, 0xBF, 0xB2, 0xB2,
+        0xFA, 0x2B, 0xF3, 0x72, 0x46, 0xEC, 0xDF, 0xDF,
+        0xA7, 0x2B, 0x6D, 0xA1, 0x1C, 0x30, 0xD1, 0xC7,
+        0xD2, 0x48, 0xAD, 0x64, 0x81, 0x8F, 0x69, 0x1D,
+        0x59, 0xB7, 0x55, 0xDA, 0xF7, 0x1B, 0xED, 0x9A,
+        0xB5, 0xFB, 0x52, 0xE0, 0x36, 0x22, 0xA9, 0x00,
+        0xD6, 0x6B, 0x4C, 0x63, 0x84, 0x16, 0x9B, 0xDF,
+        0x9E, 0xB6, 0x1C, 0x02, 0xDF, 0x45, 0xFB, 0x76,
+        0xB1, 0xA2, 0x6F, 0x34, 0xE9, 0x38, 0xB1, 0x90,
+        0x86, 0x17, 0x45, 0xC0, 0x21, 0xFA, 0x87, 0x62,
+        0x00, 0xC7, 0xFC, 0x8E, 0x22, 0x2D, 0xDB, 0xFA,
+        0xD8, 0xBE, 0x78, 0x1B, 0x18, 0x54, 0x24, 0xAA,
+        0xAF, 0xC6, 0x58, 0x62, 0xDB, 0x13, 0x2B, 0xEC,
+        0x6D, 0x18, 0x83, 0x7A, 0x1F, 0x58, 0xA8, 0x76,
+        0xC9, 0x9E, 0x63, 0xF5, 0x14, 0x20, 0xB8, 0x3F,
+        0x45, 0x96, 0x75, 0x61, 0x2F, 0x7A, 0xCF, 0x80,
+        0xB4, 0xEB, 0x1D, 0xD0, 0x72, 0x1C, 0xAA, 0x1B,
+        0x49, 0x70, 0xDA, 0x60, 0x86, 0x79, 0xC6, 0x38,
+        0x3E, 0x81, 0x7F, 0xE1, 0x6B, 0x66, 0xB1, 0x91,
+        0x81, 0xED, 0xFC, 0x39, 0x27, 0x0C, 0x7E, 0x91,
+        0x7B, 0x1F, 0x10, 0xEB, 0x7A, 0x01, 0x19, 0x97,
+        0xE9, 0x67, 0x85, 0x3B, 0x78, 0xE0, 0x0C, 0xFD,
+        0x58, 0xD2, 0x24, 0xD9, 0x33, 0xCC, 0x5A, 0x99,
+        0x55, 0x32, 0xDC, 0xD4, 0xE5, 0x32, 0xE4, 0x03,
+        0x05, 0x15, 0xF4, 0xA0, 0x5B, 0x33, 0x1D, 0x57,
+        0x5D, 0xDA, 0xC2, 0x9B, 0xAB, 0x06, 0x9F, 0x09,
+        0xAF, 0x0D, 0x17, 0x33, 0x73, 0xDB, 0x1E, 0xC2,
+        0xB6, 0x36, 0x6B, 0xB3, 0x71, 0x00, 0x8A, 0x23,
+        0x86, 0xFD, 0x88, 0xBE, 0x77, 0xF5, 0xED, 0x5E,
+        0x19, 0x8C, 0xBE, 0x88, 0xDF, 0x24, 0xBC, 0x6E,
+        0x39, 0x3F, 0xEB, 0xC1, 0x0C, 0x47, 0x0A, 0x72,
+        0xD4, 0x7C, 0x0F, 0x83, 0x46, 0x53, 0xC9, 0xAE,
+        0x80, 0x0E, 0x89, 0x3C, 0x6B, 0xA6, 0x8E, 0xA2,
+        0x8A, 0x83, 0x8F, 0xCB, 0xB6, 0x9C, 0x3E, 0x96,
+        0x4A, 0x5F, 0xAF, 0xC2, 0x06, 0x7D, 0xD4, 0x06,
+        0xB2, 0x57, 0xC9, 0x8D, 0xD3, 0x97, 0x9E, 0xC7,
+        0xC7, 0xEC, 0xBE, 0x96, 0xA3, 0x3D, 0x85, 0x51,
+        0x5D, 0xA2, 0xCB, 0x6A, 0xA5, 0xE1, 0xFF, 0xF2,
+        0x04, 0xAF, 0x62, 0xDD, 0x41, 0x19, 0xA0, 0xE4,
+        0x8C, 0x04, 0xA3, 0xF2, 0xB3, 0x86, 0x60, 0xF5,
+        0x29, 0x64, 0xD8, 0xD4, 0xAE, 0xE1, 0x46, 0xA9,
+        0xC5, 0x3C, 0x31, 0x90, 0x6D, 0xAD, 0x0F, 0xD9,
+        0x0B, 0x5D, 0x83, 0xB3, 0xE3, 0x1B, 0x69, 0x0A,
+        0x4C, 0x49, 0x35, 0x24, 0x99, 0x81, 0xBE, 0x1F,
+        0x1A, 0x85, 0xEC, 0x6E, 0x0F, 0xEE, 0x4C, 0x88,
+        0xF2, 0xD8, 0x9E, 0x29, 0x69, 0xAB, 0x8C, 0xBB,
+        0xEB, 0x50, 0x19, 0x16, 0x55, 0x8D, 0x29, 0xEA,
+        0x7C, 0x3E, 0xCF, 0x1C, 0x9E, 0xF1, 0xA0, 0x43,
+        0x50, 0x63, 0x3B, 0x4C, 0xDA, 0x73, 0x7D, 0xFB,
+        0x15, 0x1C, 0xB5, 0xE7, 0x36, 0x11, 0x73, 0xF3,
+        0xAE, 0xDD, 0xDF, 0x52, 0x7D, 0x73, 0xF2, 0xF9,
+        0xD5, 0xB6, 0x21, 0x3A, 0xA6, 0x8F, 0x88, 0x3E,
+        0x9A, 0x26, 0x33, 0x78, 0x5E, 0xC6, 0xBE, 0x64,
+        0x2A, 0x9F, 0xD0, 0xF2, 0x1A, 0x42, 0xF6, 0xB9,
+        0xDA, 0xAB, 0xDC, 0xD1, 0xE6, 0xAD, 0xBE, 0xF6,
+        0x48, 0x41, 0xB5, 0x96, 0x86, 0xEA, 0xE3, 0xEC,
+        0x88, 0xEE, 0xF0, 0xA9, 0xCB, 0xC1, 0x2B, 0xC0,
+        0x12, 0x62, 0x2D, 0xF2, 0xDD, 0x93, 0xA8, 0x62,
+        0x29, 0x04, 0x4A, 0xF2, 0xF2, 0x60, 0xD2, 0x18,
+        0x3F, 0x51, 0xE8, 0x33, 0xEE, 0x92, 0xD9, 0x8F,
+        0x02, 0x51, 0xE3, 0xF8, 0x5F, 0xAB, 0x74, 0xCE,
+        0x36, 0x7B, 0x8B, 0x7A, 0xA6, 0x3D, 0x3C, 0xF8,
+        0xC8, 0xBF, 0x4D, 0x78, 0x35, 0x8B, 0xAE, 0x0A,
+        0x02, 0x41, 0xE2, 0x10, 0xAC, 0x69, 0x35, 0x30,
+        0x87, 0xCC, 0x73, 0x31, 0x35, 0x7E, 0xB4, 0x45,
+        0x0F, 0x95, 0x09, 0xCF, 0xE5, 0x95, 0xF5, 0x40,
+        0x32, 0xEE, 0x05, 0x77, 0x54, 0xA8, 0xED, 0xD7,
+        0x46, 0xCB, 0x92, 0x82, 0xE7, 0x68, 0xDC, 0x6B,
+        0x83, 0x0C, 0x5B, 0x4A, 0x21, 0x93, 0x43, 0xAD,
+        0x12, 0x4E, 0xDB, 0x3B, 0xBC, 0x42, 0x50, 0x55,
+        0x66, 0xA7, 0x03, 0x8C, 0x95, 0x9B, 0xC3, 0x55,
+        0x85, 0xB6, 0x05, 0x5F, 0x19, 0x68, 0xDA, 0x24,
+        0x3F, 0x77, 0x8F, 0x4E, 0x46, 0xDB, 0x46, 0x2A,
+        0xBE, 0xB9, 0x3B, 0x81, 0x24, 0x3C, 0x31, 0xEB,
+        0x59, 0x62, 0x2E, 0xDF, 0x81, 0xF0, 0x6C, 0xCC,
+        0x61, 0xD2, 0xA6, 0xEA, 0x73, 0xE1, 0x09, 0xC3,
+        0x87, 0x91, 0x5F, 0x27, 0x7B, 0xCF, 0x1F, 0xC1,
+        0x11, 0x05, 0xBB, 0xA7, 0x02, 0x93, 0xC0, 0xFA,
+        0xB5, 0xC0, 0x65, 0xF2, 0x3B, 0xAA, 0x19, 0x29,
+        0x0A, 0x30, 0x2F, 0x08, 0x09, 0x11, 0x07, 0xA4,
+        0xB1, 0xD5, 0x68, 0x85, 0x26, 0x22, 0x09, 0x83,
+        0x83, 0x42, 0x77, 0x60, 0xEF, 0x8F, 0x29, 0x28,
+        0x62, 0x5B, 0xDD, 0xA5, 0xF5, 0x14, 0xC5, 0xAD,
+        0xE9, 0x59, 0x89, 0x1E, 0xF2, 0x95, 0x9F, 0x24,
+        0x8A, 0x35, 0x32, 0xBF, 0x9D, 0x30, 0xE7, 0x14,
+        0x05, 0x9E, 0xBD, 0xEC, 0x95, 0x87, 0x08, 0xF8,
+        0xA8, 0x3C, 0x26, 0x8B, 0xEF, 0x26, 0x82, 0xD6,
+        0x03, 0xCA, 0x88, 0x63, 0x47, 0xE1, 0x98, 0xFD,
+        0x68, 0x23, 0x39, 0x99, 0xC7, 0x7D, 0x30, 0xD7,
+        0x45, 0x5D, 0xE6, 0xBC, 0xFD, 0x01, 0x44, 0x27,
+        0x70, 0x62, 0xB3, 0x04, 0xBE, 0xF0, 0xE3, 0x4C,
+        0x5A, 0x9D, 0x8D, 0x78, 0x0D, 0x29, 0xEC, 0x23,
+        0x21, 0xE0, 0x73, 0x40, 0x77, 0x1C, 0x46, 0x36,
+        0x04, 0x83, 0xAD, 0xCA, 0xF1, 0x2D, 0x5B, 0x79,
+        0xFD, 0xBF, 0xE2, 0x85, 0x6A, 0xCE, 0x88, 0x59,
+        0xF6, 0xB1, 0x24, 0x14, 0xB3, 0xF7, 0xE8, 0xBB,
+        0x58, 0x13, 0x49, 0x89, 0x60, 0xF3, 0x4F, 0xDC,
+        0x64, 0xFC, 0x84, 0x85, 0x79, 0xCA, 0xF9, 0xDC,
+        0xCF, 0x19, 0xB4, 0xFB, 0x82, 0x5E, 0xD5, 0x71,
+        0x6D, 0xCC, 0xCD, 0x68, 0x72, 0xCB, 0xDE, 0x38,
+        0x31, 0xD6, 0x73, 0x84, 0x94, 0x2C, 0xD8, 0xA9,
+        0xEC, 0x4B, 0xBF, 0xEF, 0x57, 0x06, 0xB8, 0xF9,
+        0xF0, 0x5F, 0xE1, 0xE8, 0xFE, 0x69, 0xD3, 0xEA,
+        0x6A, 0x86, 0x21, 0xC2, 0x21, 0x44, 0x17, 0x7B,
+        0x1C, 0x12, 0x59, 0xE1, 0xA7, 0x9D, 0xFD, 0xF8,
+        0x97, 0x28, 0x88, 0x7B, 0xEF, 0x1A, 0x70, 0x48,
+        0x25, 0x56, 0x83, 0x1B, 0x67, 0x24, 0x40, 0xE1,
+        0x3F, 0xE3, 0xE3, 0xFC, 0x82, 0x04, 0xA0, 0x2E,
+        0xA1, 0xEF, 0xF1, 0x9D, 0x95, 0x25, 0x38, 0x87,
+        0x28, 0x5B, 0xFB, 0xEA, 0x16, 0xA0, 0xF2, 0x19,
+        0xEF, 0xBC, 0xEC, 0x30, 0xA8, 0xAE, 0x86, 0x58,
+        0x9A, 0x57, 0x03, 0x10, 0x3A, 0x8A, 0x39, 0x3F,
+        0xA6, 0xF6, 0xB6, 0x57, 0x70, 0x4A, 0xC6, 0x77,
+        0xC1, 0x4C, 0xD1, 0x0D, 0x3D, 0x62, 0xD1, 0x3F,
+        0xBD, 0x37, 0x8C, 0x2D, 0xDA, 0x32, 0x5B, 0x61,
+        0xB8, 0x59, 0x52, 0xD5, 0x12, 0x93, 0x87, 0x1E,
+        0x1F, 0xCD, 0xC9, 0x48, 0xC7, 0x7B, 0xEA, 0xE9,
+        0xA6, 0xF0, 0xE8, 0x7C, 0xE1, 0xA8, 0x05, 0x1C,
+        0x8F, 0x80, 0x87, 0x68, 0x5C, 0x12, 0x62, 0x4B,
+        0xDF, 0x58, 0x38, 0x0E, 0xD6, 0x6F, 0x55, 0xB4,
+        0x3D, 0xDD, 0x6D, 0x36, 0x21, 0x73, 0xA5, 0xBD,
+        0x38, 0x98, 0x59, 0xC1, 0x7D, 0x95, 0xEC, 0xE3,
+        0xAB, 0x73, 0x26, 0x39, 0xFF, 0xE4, 0x51, 0xCD,
+        0x10, 0x3E, 0xE4, 0x85, 0x4D, 0xB2, 0xF3, 0x96,
+        0x14, 0xF6, 0x58, 0xBA, 0xA3, 0x84, 0xBC, 0x99,
+        0x48, 0xD0, 0x71, 0x4E, 0xB4, 0x8A, 0x88, 0x71,
+        0x43, 0xE7, 0xA1, 0xFA, 0x4B, 0x69, 0x0C, 0x22,
+        0xB4, 0x92, 0xA7, 0x0C, 0x61, 0x2B, 0x59, 0xFF,
+        0xD2, 0xD6, 0xB3, 0xB5, 0xE9, 0x9C, 0x20, 0x03,
+        0xE2, 0xC3, 0x59, 0xB1, 0xE6, 0x2D, 0xCB, 0x62,
+        0x0C, 0x7A, 0x24, 0x6A, 0x7B, 0x9B, 0x32, 0x46,
+        0x13, 0x15, 0x56, 0xF2, 0xF3, 0xD5, 0x13, 0xA2,
+        0x3C, 0x6A, 0x9F, 0xD2, 0x28, 0x0E, 0xD6, 0x86,
+        0xD7, 0x67, 0xCC, 0xD0, 0x17, 0x54, 0xEB, 0x4C,
+        0x99, 0x69, 0x2F, 0x2B, 0x38, 0x0C, 0x36, 0x08,
+        0x13, 0x44, 0xC1, 0xD3, 0x5E, 0xE1, 0x94, 0x97,
+        0x36, 0xB6, 0x97, 0x6F, 0x48, 0x52, 0xCF, 0xBE,
+        0x64, 0xFA, 0xBC, 0xF1, 0x1B, 0x9A, 0xFB, 0x82,
+        0x85, 0x76, 0xB4, 0xF9, 0x78, 0x7A, 0xA7, 0xD0,
+        0x3E, 0x84, 0x59, 0x8A, 0x71, 0x43, 0xEF, 0x73,
+        0x11, 0xFA, 0xF2, 0x97, 0x0E, 0x23, 0xED, 0x4C,
+        0x17, 0x3F, 0x98, 0x5D, 0x64, 0x50, 0x16, 0x5A,
+        0xE3, 0xE2, 0x41, 0xA1, 0x82, 0x34, 0xE7, 0x4F,
+        0xF3, 0xDD, 0xB9, 0x21, 0xA5, 0x30, 0x0B, 0x1C,
+        0x4F, 0xB6, 0xE4, 0x32, 0xE6, 0x98, 0xF5, 0x3F,
+        0x66, 0xE3, 0x8C, 0x07, 0xBC, 0xD6, 0xE7, 0x76,
+        0x05, 0xDF, 0x46, 0x24, 0xD5, 0x79, 0x07, 0x62,
+        0x92, 0xDE, 0x1C, 0xE6, 0xFC, 0x6F, 0x00, 0x81,
+        0xA3, 0x8B, 0xD9, 0x2D, 0x39, 0xB2, 0x4B, 0x73,
+        0xBA, 0xC1, 0xC5, 0x2B, 0xD6, 0x8E, 0x91, 0x81,
+        0xD3, 0xDC, 0xD0, 0xAC, 0x75, 0x34, 0xDB, 0x48,
+        0x90, 0x1E, 0x59, 0x84, 0xF9, 0x90, 0x25, 0x57,
+        0xBF, 0xA2, 0x31, 0xB2, 0xEA, 0x28, 0xC3, 0x18,
+        0x32, 0x62, 0xA1, 0xB2, 0x22, 0x1F, 0x74, 0x26,
+        0xEA, 0x88, 0xA5, 0x81, 0x60, 0x93, 0xA5, 0xCA,
+        0xE2, 0xCD, 0x5D, 0x59, 0xA9, 0x39, 0x0F, 0xC9,
+        0x3A, 0x29, 0x56, 0x94, 0x4B, 0x06, 0x4C, 0xF0,
+        0x13, 0xBC, 0xDB, 0x67, 0xFB, 0x42, 0x3D, 0x13,
+        0x28, 0xD2, 0xC6, 0xD7, 0xBA, 0x32, 0x90, 0x13,
+        0xFA, 0x2D, 0x30, 0xEF, 0xD6, 0x9F, 0xDC, 0xA1,
+        0xA9, 0x5E, 0xA6, 0xD0, 0x6C, 0x73, 0x63, 0x53,
+        0x4B, 0x2F, 0x3F, 0x7D, 0xAA, 0xFA, 0x29, 0x6E,
+        0xAA, 0x09, 0xB3, 0x66, 0x8E, 0x9C, 0xF8, 0x2D,
+        0x9B, 0xA9, 0x59, 0xB3, 0x2F, 0x3C, 0xAD, 0x3C,
+        0x10, 0xC6, 0xEA, 0x48, 0x61, 0x15, 0x54, 0x53,
+        0x9C, 0x37, 0xDF, 0x6B, 0xCA, 0x33, 0x85, 0xEA,
+        0xD3, 0xFC, 0xFF, 0x96, 0xD3, 0x72, 0xB4, 0x23,
+        0x93, 0xB7, 0x3C, 0x8D, 0xAA, 0xAA, 0x31, 0x50,
+        0x6E, 0xE0, 0x52, 0x7B, 0x7F, 0xB3, 0xE5, 0x93,
+        0xDC, 0xCC, 0xA5, 0x7C, 0x8F, 0xBB, 0xD4, 0xA3,
+        0xC7, 0xF8, 0xA5, 0x38, 0x99, 0x86, 0x91, 0x32,
+        0xFB, 0xC3, 0xE4, 0x05, 0x06, 0x07, 0xBB, 0xFE,
+        0x29, 0xC6, 0x75, 0xE3, 0x94, 0x5E, 0x74, 0xA3,
+        0x1C, 0xD5, 0x31, 0xBA, 0x7A, 0xEB, 0x2E, 0x2F,
+        0x0C, 0xD9, 0x90, 0xB8, 0xF9, 0x83, 0xA9, 0x0D,
+        0xFE, 0xA0, 0x56, 0x8F, 0x06, 0x77, 0xEA, 0x95,
+        0x63, 0xF7, 0xC4, 0x79, 0xDE, 0x96, 0x89, 0x40,
+        0xCF, 0x24, 0x29, 0x92, 0x69, 0x28, 0x65, 0xCF,
+        0xDA, 0x89, 0xFA, 0x07, 0x8B, 0xBE, 0xF4, 0x9C,
+        0xE4, 0x57, 0x5B, 0xDF, 0xB3, 0x80, 0x36, 0x60,
+        0x11, 0xC8, 0x43, 0x5F, 0x12, 0xB4, 0x2D, 0x9A,
+        0xB9, 0x9A, 0xB6, 0xA3, 0x19, 0x12, 0xC4, 0x35,
+        0x41, 0x49, 0xD7, 0x23, 0x10, 0x1D, 0x13, 0x65,
+        0xA6, 0x5E, 0x7C, 0xC6, 0x8D, 0x82, 0xE3, 0x05,
+        0x17, 0x77, 0x39, 0x02, 0xFB, 0x38, 0xDD, 0xA2,
+        0xB3, 0x24, 0xE7, 0x20, 0x8E, 0x98, 0x7E, 0xD2,
+        0x87, 0xD0, 0x92, 0xE7, 0x66, 0x2A, 0x43, 0x02,
+        0x41, 0xBF, 0xCA, 0x55, 0x2D, 0x31, 0x41, 0x27,
+        0xE3, 0x8C, 0x85, 0x97, 0xA8, 0x95, 0x19, 0xD4,
+        0xF1, 0xE6, 0x2A, 0x79, 0x46, 0x5A, 0xD5, 0xF4,
+        0xEA, 0xA3, 0xFA, 0x77, 0xCD, 0x98, 0x32, 0x6D,
+        0x2F, 0x92, 0xCE, 0x98, 0x52, 0x05, 0x5C, 0xEC,
+        0xCF, 0x62, 0xD6, 0x3C, 0xB9, 0xD7, 0xF1, 0x98,
+        0xAE, 0x08, 0x5E, 0x4D, 0x45, 0xC8, 0xE4, 0x8F,
+        0xCF, 0xFE, 0x59, 0x3A, 0xD6, 0x52, 0xD9, 0x15,
+        0x41, 0x67, 0xBF, 0x3E, 0x61, 0x95, 0x81, 0x0A,
+        0x44, 0x5A, 0xE1, 0x58, 0xF1, 0xF9, 0xA6, 0x79,
+        0x33, 0x63, 0xAF, 0xC1, 0xF2, 0x2C, 0xA8, 0x82,
+        0xFE, 0xED, 0x3A, 0x5F, 0x57, 0x27, 0xCA, 0x76,
+        0x47, 0x7C, 0x5F, 0x23, 0xF0, 0xFC, 0x87, 0x00,
+        0xCD, 0xC6, 0xA5, 0xBC, 0xB2, 0xB2, 0x0B, 0x4F,
+        0x92, 0x66, 0x35, 0x1D, 0x30, 0x4A, 0x96, 0xA8,
+        0x2B, 0xF5, 0xF3, 0x14, 0xAF, 0x68, 0x5C, 0x1C,
+        0x70, 0x7C, 0x92, 0xE3, 0xE8, 0x47, 0xB7, 0x04,
+        0x7D, 0x68, 0x9C, 0x70, 0xB2, 0x5E, 0x55, 0x01,
+        0xCA, 0xEC, 0x99, 0x19, 0x62, 0x6F, 0x4A, 0x0F,
+        0xC8, 0x15, 0x86, 0xAF, 0x1E, 0xC8, 0x88, 0x89,
+        0xB4, 0x23, 0x38, 0x7D, 0x5D, 0x95, 0x48, 0x26,
+        0x18, 0xA6, 0x50, 0xE8, 0x0B, 0x53, 0xB0, 0x7C,
+        0xAC, 0xE3, 0x22, 0x89, 0x40, 0x60, 0x2E, 0x3D,
+        0xB4, 0x74, 0x66, 0xCE, 0x9B, 0xCC, 0xB6, 0xE4,
+        0xD8, 0xAA, 0x61, 0xC8, 0x91, 0x25, 0x83, 0xE8,
+        0x10, 0xB3, 0xB2, 0xE7, 0xE9, 0xCB, 0x48, 0xBD,
+        0x40, 0x3E, 0xCF, 0x08, 0xD2, 0x8C, 0x70, 0xAE,
+        0x0B, 0x62, 0x08, 0x59, 0xC1, 0xF0, 0x9B, 0x61,
+        0x13, 0x14, 0x04, 0xC3, 0xD5, 0xBF, 0xFC, 0xD8,
+        0x60, 0xE0, 0xF4, 0x2A, 0xB2, 0x99, 0x00, 0x62,
+        0x30, 0xB2, 0x87, 0x6D, 0x77, 0xDD, 0xA9, 0x1C,
+        0x8C, 0x62, 0xBD, 0x93, 0xA8, 0x44, 0xE4, 0xB3,
+        0x44, 0xE3, 0x25, 0x5E, 0xEA, 0x53, 0x1C, 0x6C,
+        0x45, 0x8D, 0x04, 0xAB, 0xDB, 0x0F, 0xAE, 0xF2,
+        0xD1, 0xC0, 0xB4, 0xC5, 0x5F, 0x57, 0x0A, 0x5A,
+        0x51, 0x02, 0x3F, 0x4D, 0x4E, 0xFF, 0xF5, 0x9F,
+        0x9A, 0xBE, 0x17, 0x92, 0x2F, 0xE7, 0x32, 0xCA,
+        0x71, 0xBC, 0xD4, 0x34, 0xAD, 0x77, 0x10, 0xB8,
+        0x4C, 0xD4, 0xAC, 0x9F, 0x25, 0x07, 0xA0, 0x68,
+        0x26, 0x56, 0x2A, 0xD7, 0xF6, 0x47, 0x82, 0x6F,
+        0x9D, 0xBB, 0xE4, 0xED, 0xD2, 0x3F, 0x12, 0x43,
+        0x69, 0xDB, 0x85, 0x26, 0xFC, 0x2B, 0x4D, 0x52,
+        0xF0, 0x74, 0x14, 0x15, 0xF9, 0x72, 0xBE, 0xF6,
+        0xA9, 0x35, 0xBD, 0x81, 0x2A, 0x56, 0xC8, 0x22,
+        0x1B, 0x7D, 0xEF, 0x0F, 0x51, 0x06, 0xBC, 0x01,
+        0xE9, 0x13, 0xE3, 0xD4, 0x3D, 0xB8, 0x6C, 0x2B,
+        0xB4, 0xC7, 0xE0, 0x76, 0x26, 0x63, 0xC6, 0xDE,
+        0x78, 0x87, 0x21, 0xC2, 0xAA, 0x07, 0xF8, 0x95,
+        0x48, 0x87, 0xE2, 0x14, 0x2F, 0x2E, 0x91, 0x4A,
+        0x09, 0x9E, 0xFC, 0x0A, 0xEE, 0x13, 0x39, 0x21,
+        0x0D, 0x3E, 0x53, 0xDA, 0x3E, 0xCF, 0x88, 0x62,
+        0x4B, 0x11, 0x19, 0xBE, 0x34, 0x01, 0x0B, 0x88,
+        0x6C, 0x80, 0xF5, 0x1D, 0x18, 0x50, 0x83, 0x8F,
+        0x21, 0x50, 0xE7, 0x2B, 0x04, 0x2A, 0xF3, 0x28,
+        0x99, 0xC0, 0xD3, 0xD7, 0xB0, 0x2A, 0x57, 0xF8,
+        0xCF, 0x26, 0x3A, 0x36, 0x95, 0x62, 0xE4, 0xE9,
+        0x45, 0xA3, 0x12, 0x82, 0xA5, 0x02, 0xA9, 0x5E,
+        0xE9, 0xBB, 0x03, 0x16, 0xC6, 0x86, 0x10, 0x06,
+        0xDA, 0xC1, 0x7F, 0x93, 0x6F, 0x54, 0xC4, 0xC7
+    };
+#endif /* WOLFSSL_NO_ML_DSA_87 */
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte seed_44_draft[] = {
+        0xBA, 0xC0, 0x59, 0x52, 0x75, 0x5B, 0x26, 0x47,
+        0x01, 0xCA, 0x7D, 0x80, 0x6D, 0xFA, 0x08, 0x35,
+        0x10, 0x28, 0xF6, 0x7B, 0x0E, 0x83, 0xC4, 0x24,
+        0x01, 0x6F, 0x66, 0xCC, 0x83, 0x87, 0xD4, 0x69
+    };
+    static const byte pk_44_draft[] = {
+        0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E,
+        0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF,
+        0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B,
+        0xD8, 0x03, 0x12, 0x5B, 0x4A, 0xB2, 0x83, 0x61,
+        0xED, 0x7E, 0xA9, 0xED, 0x2D, 0xED, 0x5A, 0x71,
+        0xDD, 0xAE, 0x4A, 0x06, 0xE0, 0x2A, 0x5A, 0xAF,
+        0x99, 0x69, 0x89, 0xC6, 0xAF, 0xE3, 0x2A, 0xFE,
+        0x3D, 0x6E, 0x0A, 0x46, 0x71, 0x48, 0xD7, 0x17,
+        0x99, 0x20, 0x01, 0x78, 0xD5, 0x8B, 0x40, 0xCB,
+        0x81, 0xA0, 0x33, 0x38, 0xAE, 0x2B, 0x83, 0x4A,
+        0xFD, 0x5F, 0xE0, 0xB7, 0xEE, 0xA0, 0xC4, 0x3D,
+        0xB6, 0xA4, 0xD5, 0x59, 0x4B, 0xDD, 0x87, 0x1A,
+        0xFC, 0x03, 0x30, 0xA0, 0xB3, 0xAD, 0x75, 0x3C,
+        0xD4, 0x47, 0x72, 0x59, 0xCE, 0xB7, 0x80, 0xFD,
+        0x34, 0x35, 0x5E, 0x96, 0xC8, 0x42, 0xD9, 0xDD,
+        0x6C, 0xF1, 0xAB, 0xEF, 0x48, 0xD1, 0xA8, 0x02,
+        0x02, 0x0F, 0x5B, 0x71, 0x4D, 0x36, 0x1E, 0x0D,
+        0xC2, 0x09, 0x46, 0x7B, 0xF9, 0xEA, 0x24, 0x8F,
+        0x7C, 0xCF, 0xB8, 0x9C, 0xF7, 0x49, 0x15, 0x8E,
+        0x16, 0x49, 0x7E, 0xC5, 0x54, 0xF5, 0x03, 0x1D,
+        0x16, 0x12, 0x02, 0x72, 0x1B, 0x38, 0x2D, 0x58,
+        0x53, 0x15, 0x5E, 0xB6, 0x72, 0xCC, 0xA1, 0x09,
+        0xB0, 0x2F, 0x10, 0xFA, 0x21, 0x45, 0x46, 0x37,
+        0xD4, 0xFA, 0x7F, 0xFB, 0xB0, 0xD9, 0x20, 0xE2,
+        0xCB, 0x56, 0xB3, 0x1E, 0xDF, 0x82, 0x67, 0x25,
+        0x09, 0xD1, 0x8F, 0xFF, 0xE0, 0x43, 0xBD, 0x37,
+        0x2B, 0x73, 0x0E, 0x13, 0x08, 0xC9, 0x49, 0x88,
+        0x69, 0x69, 0xD9, 0x8C, 0x86, 0xE4, 0x7E, 0x63,
+        0x35, 0xC5, 0xE1, 0xD0, 0x14, 0x9A, 0x89, 0x27,
+        0x28, 0x17, 0xB0, 0x5B, 0x7A, 0x8F, 0xDD, 0x72,
+        0x8B, 0x0A, 0x0D, 0x49, 0x58, 0x59, 0x2F, 0x0D,
+        0x8F, 0x3D, 0x16, 0xCE, 0x7B, 0x11, 0xC7, 0x06,
+        0x5D, 0xD5, 0x6D, 0x7B, 0x96, 0xED, 0x1E, 0x1A,
+        0xF4, 0x10, 0x85, 0xDA, 0xDE, 0x84, 0x2F, 0x2B,
+        0xBA, 0xFB, 0xA2, 0x5F, 0x33, 0x7D, 0x7C, 0x18,
+        0x6B, 0xDF, 0x43, 0x3C, 0xE9, 0xEB, 0xB4, 0xC5,
+        0x8E, 0x52, 0xF5, 0x7E, 0x4C, 0x3E, 0x6A, 0x33,
+        0x41, 0x4C, 0x14, 0x05, 0x8E, 0x2C, 0x19, 0x0E,
+        0x86, 0x91, 0x66, 0xDE, 0xF6, 0x4B, 0x35, 0xC2,
+        0xDF, 0x3D, 0x4C, 0x7B, 0xC5, 0x58, 0x5E, 0x86,
+        0x89, 0x6A, 0xFC, 0x86, 0x48, 0x75, 0xD1, 0x18,
+        0xD1, 0xCB, 0x41, 0xC0, 0xF6, 0xD8, 0x87, 0x79,
+        0xD9, 0xA2, 0x56, 0x2E, 0x83, 0x26, 0x11, 0xC1,
+        0x4B, 0x53, 0x37, 0x85, 0x62, 0xFF, 0x6A, 0x67,
+        0xFD, 0x18, 0x79, 0xD7, 0x55, 0x9B, 0xF7, 0x64,
+        0xA9, 0x21, 0xB6, 0x1B, 0xF6, 0x11, 0x85, 0xF8,
+        0xC0, 0x68, 0xDE, 0x61, 0x0C, 0x61, 0x7E, 0x8E,
+        0xED, 0x9E, 0x58, 0x84, 0x16, 0x1A, 0x28, 0xC5,
+        0x41, 0x63, 0xB3, 0xF0, 0x82, 0xAA, 0xE8, 0x36,
+        0x81, 0x5C, 0xD3, 0xB7, 0xFB, 0x92, 0xF4, 0x7A,
+        0x1E, 0x85, 0xA2, 0xB7, 0x21, 0xD5, 0xFA, 0xC8,
+        0xE8, 0x02, 0x43, 0x5B, 0x56, 0x42, 0x03, 0x17,
+        0x67, 0xEE, 0x3E, 0x31, 0x23, 0x63, 0xC7, 0x33,
+        0x95, 0xDE, 0x07, 0xF6, 0x11, 0x3A, 0x2C, 0x3F,
+        0x7B, 0xBB, 0x2D, 0x5C, 0x23, 0xF9, 0x2F, 0x9C,
+        0x51, 0x19, 0x9F, 0x35, 0xC3, 0x18, 0x9F, 0x83,
+        0x6E, 0xA8, 0x03, 0xF1, 0x79, 0x1F, 0xB0, 0xC8,
+        0x2F, 0xF4, 0x2E, 0x9A, 0x26, 0xF3, 0x44, 0x02,
+        0x8F, 0x45, 0x8B, 0xB0, 0x25, 0x1D, 0xF2, 0xD4,
+        0x55, 0xB7, 0x65, 0xEF, 0xDB, 0x3D, 0x8E, 0x92,
+        0xC8, 0xA0, 0x63, 0x4C, 0x38, 0xA3, 0x54, 0xD3,
+        0xC2, 0x5A, 0x2A, 0x6A, 0x15, 0x27, 0x2A, 0xE2,
+        0xFC, 0x25, 0xB6, 0xC8, 0x68, 0xEB, 0xED, 0x2D,
+        0x23, 0xE8, 0x6D, 0x5C, 0xDD, 0x3F, 0x18, 0xB4,
+        0x6E, 0x79, 0x36, 0xC9, 0x1C, 0xB4, 0x92, 0x41,
+        0xAD, 0x35, 0xD4, 0x15, 0xE4, 0x64, 0x1C, 0x51,
+        0xCB, 0x0C, 0x41, 0xB7, 0xFD, 0xC1, 0x09, 0x3E,
+        0xD2, 0x4D, 0x38, 0x88, 0x77, 0x1C, 0x71, 0x91,
+        0x74, 0xD3, 0x28, 0xE0, 0xCE, 0x9A, 0x11, 0x8D,
+        0xBF, 0x4D, 0x8D, 0xF0, 0x44, 0xF6, 0x79, 0xFC,
+        0x4C, 0xAD, 0x17, 0x88, 0xC0, 0x8C, 0x0B, 0x7A,
+        0x90, 0x01, 0x53, 0x6C, 0x6B, 0x44, 0xF6, 0xE5,
+        0x2E, 0xEC, 0x44, 0x4F, 0xB8, 0x9B, 0x10, 0xBE,
+        0xCF, 0x55, 0x55, 0x29, 0x83, 0xB8, 0xD0, 0x25,
+        0x5B, 0xCE, 0x8F, 0xA5, 0xB7, 0x6C, 0xA7, 0x47,
+        0x65, 0xA9, 0xE9, 0x9B, 0xA5, 0xBC, 0x28, 0x1D,
+        0x9F, 0x1F, 0x5E, 0x97, 0x42, 0x10, 0x84, 0x92,
+        0xFB, 0x38, 0x0B, 0x2E, 0xAC, 0x79, 0x0A, 0x7D,
+        0x00, 0x2C, 0x35, 0xD0, 0x54, 0x0D, 0x28, 0xE7,
+        0xAB, 0x06, 0x02, 0xDA, 0x89, 0xA3, 0x06, 0x8E,
+        0x13, 0x9A, 0xA7, 0xCA, 0x48, 0x09, 0xB0, 0x48,
+        0x37, 0x08, 0xA7, 0x7D, 0xDA, 0xEB, 0x58, 0x64,
+        0x39, 0xB3, 0xF3, 0xB2, 0x4C, 0x00, 0x4B, 0xCB,
+        0x94, 0x36, 0xD4, 0x7C, 0x73, 0x45, 0xC8, 0x93,
+        0xE5, 0x2A, 0x11, 0xF0, 0xEF, 0x0C, 0xED, 0x5F,
+        0x8B, 0x0C, 0x86, 0xAD, 0x3A, 0x01, 0x07, 0x1A,
+        0xC0, 0x34, 0xE8, 0x74, 0x21, 0x27, 0x73, 0x56,
+        0x93, 0x76, 0x5D, 0x80, 0x59, 0xB4, 0xA4, 0xDC,
+        0x80, 0xE7, 0xCE, 0x70, 0x0E, 0x0F, 0xEC, 0x56,
+        0x42, 0x6E, 0x9C, 0x76, 0x3D, 0xF6, 0xB4, 0x41,
+        0xE2, 0x3E, 0xAC, 0x25, 0xE7, 0x86, 0xA7, 0xA7,
+        0x0A, 0x0D, 0x5D, 0x04, 0x1F, 0x45, 0xD4, 0x5B,
+        0x42, 0x38, 0x4C, 0x60, 0xE7, 0xB7, 0x0D, 0xC7,
+        0x28, 0x4F, 0xA5, 0x4E, 0x0C, 0x1B, 0xC4, 0xDA,
+        0x50, 0x1A, 0xA0, 0x93, 0xAE, 0x10, 0x9A, 0x1A,
+        0xC8, 0xC6, 0x56, 0xFC, 0x0A, 0xEA, 0x89, 0x3A,
+        0x28, 0x21, 0xE9, 0x52, 0x9D, 0xEB, 0x07, 0x68,
+        0xC1, 0x57, 0x32, 0x25, 0x1F, 0x93, 0x5D, 0x35,
+        0xB2, 0x4B, 0x58, 0x30, 0xAF, 0x51, 0xC6, 0x7D,
+        0x47, 0xD1, 0xA2, 0xAD, 0xDE, 0x75, 0x48, 0x84,
+        0x74, 0x19, 0x74, 0x18, 0xA0, 0x2C, 0xD8, 0xB2,
+        0xFE, 0x44, 0x78, 0x95, 0x6A, 0xBF, 0x56, 0x4D,
+        0x20, 0x79, 0xE7, 0xE2, 0xE3, 0x56, 0x69, 0xB3,
+        0xFA, 0xE1, 0xEB, 0xE6, 0x11, 0xAC, 0x18, 0xB3,
+        0x98, 0xC1, 0x04, 0x20, 0x96, 0x4B, 0xAD, 0xDE,
+        0x5B, 0x18, 0xEB, 0x7B, 0xBC, 0x15, 0x11, 0x57,
+        0x29, 0x10, 0xE5, 0x80, 0x78, 0x4A, 0xF0, 0x87,
+        0xF6, 0xD1, 0x3C, 0x23, 0xC5, 0xF4, 0x2D, 0xD7,
+        0xAB, 0xA4, 0xD7, 0xB8, 0x45, 0x8E, 0x04, 0x1B,
+        0x78, 0x59, 0x9F, 0x81, 0xE6, 0x04, 0xDF, 0x70,
+        0x2B, 0x14, 0x74, 0x16, 0x49, 0xDA, 0xF0, 0xE1,
+        0xC8, 0x29, 0xCC, 0x87, 0x8C, 0x2F, 0xFB, 0x18,
+        0x3B, 0x47, 0xFC, 0x79, 0x04, 0x84, 0xCB, 0x0A,
+        0xD2, 0x64, 0xBF, 0x86, 0xEA, 0x01, 0xAC, 0xE0,
+        0xBD, 0xEC, 0x3B, 0xE1, 0xA7, 0x6C, 0xDE, 0x1D,
+        0x58, 0x76, 0xCC, 0x53, 0x9E, 0xF6, 0xC6, 0xD4,
+        0x2C, 0x87, 0x92, 0xA2, 0x89, 0x27, 0x31, 0x33,
+        0x01, 0xA5, 0xA2, 0xE8, 0x8F, 0x13, 0x19, 0x0F,
+        0xFD, 0x73, 0xB9, 0x91, 0xBD, 0xB8, 0x80, 0x9A,
+        0xA3, 0xB1, 0x21, 0x6C, 0x91, 0x13, 0x8A, 0xAE,
+        0xC7, 0xCB, 0x67, 0x14, 0xD1, 0xC0, 0x28, 0x89,
+        0x04, 0x8C, 0x9F, 0xDE, 0xA0, 0x9A, 0x99, 0xA8,
+        0x61, 0xE6, 0x8F, 0x8E, 0x39, 0xEF, 0x6B, 0x5E,
+        0x84, 0x5F, 0x5D, 0x24, 0x37, 0x73, 0x9D, 0x75,
+        0xC4, 0xEF, 0xE2, 0xA1, 0xF2, 0xBC, 0x0D, 0xE1,
+        0x0D, 0xEC, 0xFA, 0xEE, 0xC1, 0x63, 0xC8, 0x2E,
+        0x7D, 0x85, 0x65, 0xC3, 0xF2, 0x0D, 0x8B, 0x73,
+        0xF9, 0x3B, 0x0B, 0x3D, 0x49, 0x8B, 0xFB, 0x16,
+        0x5B, 0x75, 0x48, 0x9B, 0x56, 0x0A, 0x83, 0x4C,
+        0x0D, 0x13, 0xB2, 0xB4, 0x25, 0xC7, 0x2C, 0xCB,
+        0xA7, 0x9E, 0xCA, 0x41, 0x44, 0x14, 0x9A, 0x03,
+        0xD3, 0x01, 0x8C, 0xB0, 0xD5, 0xA9, 0x36, 0xA4,
+        0x16, 0x21, 0x49, 0x0A, 0x99, 0xA1, 0x89, 0xA5,
+        0x91, 0x10, 0xA2, 0x1B, 0x3F, 0x98, 0x1E, 0x1C,
+        0x43, 0xAA, 0x9C, 0x16, 0x5A, 0xF0, 0x18, 0x64,
+        0x0F, 0x6A, 0xE3, 0x97, 0x83, 0x31, 0x4E, 0x84,
+        0xC9, 0xEA, 0xD8, 0x9F, 0xEA, 0x9E, 0xD6, 0xF2,
+        0x0E, 0x15, 0xA5, 0x48, 0x15, 0x8B, 0x10, 0x1D,
+        0x77, 0x78, 0x1B, 0x54, 0x03, 0xC1, 0x2C, 0xB1,
+        0xC8, 0x22, 0x11, 0x9D, 0xB8, 0x82, 0x94, 0x26,
+        0xA0, 0xED, 0x6C, 0xAD, 0xA8, 0x03, 0xC2, 0xED,
+        0x02, 0x74, 0x3E, 0x54, 0xBD, 0x77, 0xA6, 0x0B,
+        0x37, 0xFE, 0x04, 0xCD, 0x25, 0x10, 0x2D, 0x52,
+        0xC2, 0xD4, 0x5B, 0x9B, 0xAE, 0xFE, 0x35, 0x73,
+        0x16, 0x61, 0x84, 0x25, 0x1D, 0xBE, 0x95, 0x34,
+        0xA4, 0xF6, 0xB9, 0xA4, 0xF9, 0xAA, 0x5D, 0x1E,
+        0x49, 0xBB, 0x19, 0xD9, 0x64, 0xD7, 0x48, 0x1A,
+        0x0A, 0x93, 0xC3, 0x69, 0x13, 0x12, 0x68, 0xBB,
+        0x97, 0x97, 0xBD, 0x99, 0x69, 0xCE, 0xE6, 0xF5,
+        0x84, 0x7B, 0xCC, 0xE4, 0x7D, 0xD3, 0xCD, 0x8A,
+        0x7A, 0x4B, 0x98, 0xF4, 0x09, 0x9D, 0xEA, 0x5D,
+        0x4E, 0x1F, 0xE1, 0x1E, 0x6C, 0x48, 0xD3, 0x5E,
+        0x67, 0xD9, 0xFF, 0x64, 0x4D, 0xA7, 0x64, 0x7A,
+        0x01, 0xB2, 0xE9, 0x63, 0x14, 0x10, 0xB7, 0x08,
+        0x0C, 0xF9, 0x4D, 0x66, 0x48, 0x46, 0xE3, 0xC2,
+        0x48, 0x6B, 0x47, 0xCE, 0x00, 0x98, 0x92, 0x83,
+        0xF7, 0xE0, 0x1F, 0x96, 0xFA, 0x53, 0xD5, 0x49,
+        0x1C, 0xC7, 0x89, 0xB4, 0xA5, 0x4B, 0x63, 0xBF,
+        0xD2, 0x00, 0x79, 0xDD, 0xC1, 0x60, 0xAA, 0xF2,
+        0x0F, 0x47, 0xB9, 0x4F, 0x8A, 0x66, 0x05, 0x3D,
+        0x96, 0x36, 0x64, 0x48, 0x5F, 0x7E, 0x56, 0x2B,
+        0xB3, 0x47, 0xE2, 0x76, 0x64, 0x21, 0x65, 0x34,
+        0xFC, 0xDD, 0x2D, 0x4C, 0xE2, 0x99, 0x33, 0x04,
+        0xE4, 0x26, 0x15, 0x37, 0x6C, 0x32, 0xB9, 0x17
+    };
+    static const byte sk_44_draft[] = {
+        0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E,
+        0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF,
+        0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B,
+        0xD8, 0x03, 0x12, 0x5B, 0x4A, 0xB2, 0x83, 0x61,
+        0x73, 0x61, 0x49, 0x01, 0x0F, 0x94, 0x08, 0x30,
+        0x26, 0x02, 0x12, 0x63, 0x64, 0x15, 0x7A, 0x4D,
+        0xBA, 0xF5, 0x25, 0xA7, 0xAA, 0x0B, 0x7C, 0x3D,
+        0xCE, 0x05, 0x91, 0x95, 0xEF, 0x17, 0x2F, 0xE2,
+        0x5A, 0x03, 0x5E, 0x2E, 0x4D, 0xFA, 0xE7, 0x5F,
+        0xCD, 0x61, 0x34, 0xFB, 0x3D, 0x3C, 0x5C, 0x60,
+        0x1A, 0x6F, 0x09, 0xB5, 0x9D, 0xDD, 0x90, 0x53,
+        0xF6, 0x89, 0x50, 0xC2, 0xE1, 0xED, 0x0A, 0x61,
+        0x8F, 0xFA, 0xDC, 0x2D, 0xB2, 0x8B, 0xA1, 0x56,
+        0xAC, 0x5E, 0x0E, 0xF1, 0x3B, 0x1E, 0x22, 0x9F,
+        0xAA, 0x05, 0x96, 0xA3, 0x5E, 0x44, 0x86, 0xA8,
+        0xBA, 0x15, 0xD1, 0x11, 0x7D, 0xAA, 0xD0, 0xAA,
+        0x01, 0x27, 0x25, 0x04, 0x82, 0x89, 0xA4, 0x22,
+        0x2E, 0xDB, 0x80, 0x45, 0xD2, 0x30, 0x45, 0x59,
+        0x16, 0x64, 0xE2, 0x08, 0x86, 0x50, 0x00, 0x8E,
+        0xCA, 0x08, 0x51, 0x5A, 0x06, 0x01, 0x54, 0x82,
+        0x20, 0xC4, 0x92, 0x30, 0x02, 0x21, 0x4E, 0x0A,
+        0x93, 0x89, 0x84, 0xB8, 0x70, 0x24, 0x40, 0x51,
+        0x24, 0xB3, 0x44, 0xDB, 0x08, 0x40, 0x1B, 0x37,
+        0x44, 0x21, 0x22, 0x8E, 0x8C, 0x16, 0x42, 0x10,
+        0x22, 0x0E, 0xA1, 0xB2, 0x8D, 0x18, 0x49, 0x30,
+        0xC1, 0x32, 0x69, 0x21, 0x03, 0x8E, 0x49, 0x44,
+        0x08, 0xD3, 0x16, 0x89, 0x10, 0xA4, 0x25, 0x5C,
+        0x22, 0x8A, 0xC0, 0xC8, 0x08, 0xC1, 0x04, 0x6A,
+        0xD2, 0xA0, 0x50, 0x8A, 0x02, 0x52, 0x92, 0x16,
+        0x44, 0x54, 0x30, 0x4A, 0x92, 0x32, 0x0C, 0x4C,
+        0x44, 0x2D, 0x04, 0x15, 0x2A, 0x99, 0x24, 0x42,
+        0x52, 0xA8, 0x30, 0x53, 0x24, 0x85, 0x9A, 0xB8,
+        0x01, 0xE2, 0x08, 0x09, 0x23, 0x28, 0x08, 0xC4,
+        0x98, 0x85, 0x0B, 0xB9, 0x40, 0x60, 0x26, 0x28,
+        0x0A, 0x45, 0x12, 0x0C, 0x43, 0x84, 0x82, 0x16,
+        0x89, 0xC4, 0x48, 0x28, 0x58, 0x18, 0x2A, 0x20,
+        0x07, 0x02, 0xD3, 0x82, 0x45, 0x50, 0xB0, 0x50,
+        0x64, 0x36, 0x91, 0x52, 0x02, 0x45, 0x5A, 0x42,
+        0x26, 0x01, 0x28, 0x71, 0xD4, 0x86, 0x10, 0x19,
+        0xC4, 0x68, 0xC4, 0x30, 0x66, 0xE0, 0x02, 0x49,
+        0x18, 0x34, 0x05, 0x04, 0x02, 0x04, 0x90, 0x94,
+        0x4C, 0x01, 0xA7, 0x80, 0x12, 0x97, 0x08, 0x19,
+        0xC5, 0x41, 0x24, 0xC1, 0x61, 0x08, 0xB0, 0x0C,
+        0x21, 0xC1, 0x49, 0x9B, 0x42, 0x51, 0x62, 0x18,
+        0x22, 0x54, 0x06, 0x06, 0x93, 0x26, 0x70, 0x49,
+        0x86, 0x91, 0x00, 0x28, 0x6C, 0x02, 0xC9, 0x60,
+        0x13, 0xC3, 0x09, 0xCB, 0x14, 0x66, 0x09, 0x17,
+        0x25, 0x1C, 0x16, 0x89, 0x01, 0xB6, 0x01, 0x60,
+        0x86, 0x71, 0x58, 0x96, 0x04, 0x82, 0x38, 0x61,
+        0x43, 0x40, 0x72, 0xCC, 0x46, 0x71, 0x81, 0x20,
+        0x2C, 0x18, 0x20, 0x6E, 0x03, 0x91, 0x11, 0x9A,
+        0x08, 0x89, 0x43, 0x06, 0x48, 0x64, 0x02, 0x6C,
+        0x21, 0x33, 0x8D, 0x48, 0x16, 0x66, 0x9B, 0xA4,
+        0x2D, 0x01, 0x10, 0x66, 0xDC, 0xB0, 0x25, 0x40,
+        0xA0, 0x24, 0xA2, 0xB4, 0x44, 0xC8, 0x26, 0x61,
+        0x0A, 0x10, 0x4E, 0xD0, 0x04, 0x11, 0x4A, 0x82,
+        0x51, 0x03, 0x04, 0x6C, 0x18, 0x88, 0x6C, 0xE0,
+        0x98, 0x41, 0x11, 0x29, 0x06, 0x62, 0x12, 0x8E,
+        0xDA, 0x42, 0x91, 0x09, 0x48, 0x60, 0xD1, 0xB4,
+        0x80, 0x10, 0x30, 0x30, 0x80, 0x38, 0x82, 0xD0,
+        0x84, 0x0D, 0x08, 0x14, 0x92, 0x24, 0x41, 0x40,
+        0x0C, 0x10, 0x89, 0xCC, 0x38, 0x8A, 0x13, 0xB6,
+        0x89, 0x1A, 0xA7, 0x24, 0x5C, 0x10, 0x12, 0x1B,
+        0x21, 0x50, 0x91, 0xB4, 0x29, 0x99, 0xB6, 0x51,
+        0x04, 0xB1, 0x91, 0x59, 0xA6, 0x05, 0x19, 0x08,
+        0x4A, 0x4A, 0x84, 0x6C, 0x1C, 0x49, 0x02, 0x44,
+        0x20, 0x85, 0x14, 0xB1, 0x89, 0x09, 0x44, 0x2C,
+        0x10, 0x02, 0x22, 0xE1, 0xB4, 0x25, 0x01, 0x21,
+        0x71, 0x53, 0xC2, 0x85, 0x82, 0x88, 0x28, 0xC0,
+        0x02, 0x52, 0x19, 0xC5, 0x51, 0x19, 0xA5, 0x09,
+        0xC0, 0x82, 0x91, 0x21, 0x47, 0x0D, 0x1C, 0x30,
+        0x69, 0xDC, 0xB8, 0x6C, 0x04, 0x41, 0x6A, 0x91,
+        0x16, 0x40, 0xA0, 0xC8, 0x24, 0x1A, 0x10, 0x01,
+        0x04, 0x39, 0x25, 0x80, 0x16, 0x02, 0x63, 0x36,
+        0x71, 0x90, 0xB0, 0x8D, 0x44, 0x16, 0x8E, 0xDA,
+        0x16, 0x2E, 0xCB, 0x44, 0x20, 0x54, 0x38, 0x06,
+        0x54, 0xC4, 0x01, 0x51, 0x40, 0x86, 0x52, 0x44,
+        0x0E, 0x82, 0x02, 0x32, 0x21, 0x38, 0x89, 0x19,
+        0x04, 0x40, 0xD8, 0x12, 0x68, 0x21, 0x98, 0x11,
+        0x03, 0x33, 0x8A, 0x18, 0x00, 0x45, 0xCB, 0x22,
+        0x32, 0xC3, 0x04, 0x46, 0x09, 0x18, 0x51, 0x22,
+        0x44, 0x89, 0x13, 0x16, 0x6E, 0xDA, 0x46, 0x45,
+        0x09, 0x19, 0x41, 0x81, 0x10, 0x01, 0xDC, 0x18,
+        0x8E, 0xC8, 0x44, 0x4C, 0x00, 0x17, 0x82, 0x9C,
+        0xA6, 0x4D, 0xC8, 0x08, 0x10, 0x24, 0x42, 0x6D,
+        0x91, 0x38, 0x89, 0x8C, 0x40, 0x6E, 0x00, 0x35,
+        0x11, 0xD3, 0x24, 0x09, 0x1A, 0x01, 0x65, 0x88,
+        0x48, 0x45, 0x09, 0x01, 0x71, 0x43, 0xB8, 0x80,
+        0x11, 0x82, 0x2C, 0x84, 0xB8, 0x49, 0x58, 0x14,
+        0x28, 0x92, 0x20, 0x32, 0x09, 0x12, 0x05, 0x20,
+        0x81, 0x2D, 0x5B, 0x86, 0x11, 0x04, 0x90, 0x45,
+        0x49, 0x80, 0x40, 0xD1, 0xC8, 0x24, 0x98, 0xC2,
+        0x2C, 0x99, 0xA2, 0x30, 0x04, 0x98, 0x8C, 0x53,
+        0x24, 0x02, 0x8A, 0x04, 0x01, 0x4C, 0x28, 0x71,
+        0xC3, 0x86, 0x6C, 0x24, 0x49, 0x81, 0x04, 0x02,
+        0x28, 0x62, 0x44, 0x32, 0x61, 0x20, 0x28, 0x01,
+        0x04, 0x11, 0x0C, 0x09, 0x08, 0x90, 0x98, 0x84,
+        0x63, 0xB2, 0x45, 0x63, 0x38, 0x2E, 0x04, 0xA4,
+        0x0C, 0x18, 0x05, 0x4E, 0xCC, 0x86, 0x90, 0x43,
+        0x40, 0x91, 0x54, 0x02, 0x21, 0x43, 0x28, 0x42,
+        0x23, 0x94, 0x29, 0xC8, 0xA6, 0x91, 0x02, 0x09,
+        0x80, 0xE3, 0x82, 0x00, 0xC1, 0x34, 0x08, 0xD1,
+        0x34, 0x84, 0x12, 0x45, 0x8C, 0x02, 0xC6, 0x81,
+        0x41, 0xC6, 0x6C, 0x1B, 0x12, 0x24, 0x04, 0x08,
+        0x0D, 0x02, 0x00, 0x0C, 0x9C, 0xA2, 0x05, 0x49,
+        0x34, 0x65, 0x00, 0x06, 0x89, 0x88, 0x34, 0x00,
+        0xD8, 0x82, 0x29, 0x92, 0x12, 0x91, 0xE3, 0x36,
+        0x86, 0xD1, 0x80, 0x71, 0x98, 0xB0, 0x50, 0x48,
+        0xC6, 0x11, 0x14, 0x80, 0x0D, 0xA0, 0x12, 0x4D,
+        0x9B, 0xB2, 0x40, 0x21, 0x41, 0x50, 0x4B, 0x36,
+        0x05, 0x52, 0x10, 0x26, 0x19, 0xB2, 0x60, 0x92,
+        0xA2, 0x24, 0xCB, 0x08, 0x00, 0x14, 0x22, 0x49,
+        0x5A, 0xD0, 0x55, 0xBD, 0x2B, 0x45, 0xE4, 0x31,
+        0x41, 0xA8, 0xC3, 0xA3, 0xAD, 0xBD, 0xB6, 0x37,
+        0x92, 0x06, 0x95, 0x6B, 0x3D, 0xD8, 0xE5, 0x33,
+        0x71, 0xB6, 0x62, 0xB7, 0x67, 0x6C, 0x77, 0x84,
+        0x63, 0x2F, 0x41, 0x1D, 0xBA, 0x51, 0x27, 0xE1,
+        0x24, 0x5D, 0xC2, 0x38, 0x71, 0x65, 0x9E, 0x8E,
+        0xE4, 0xEB, 0xBB, 0x1D, 0x89, 0xEB, 0x18, 0xCA,
+        0x0C, 0xA6, 0x86, 0xA3, 0x4D, 0x7C, 0x7A, 0x02,
+        0xAC, 0xDD, 0x34, 0xCE, 0x05, 0x3B, 0x1B, 0x49,
+        0xF4, 0x6D, 0x12, 0x33, 0xBC, 0x52, 0x70, 0x59,
+        0xDF, 0xBC, 0x5D, 0x49, 0x42, 0x6A, 0xED, 0xC7,
+        0xF1, 0x8C, 0xF5, 0x6D, 0x1F, 0xBC, 0xE4, 0xBD,
+        0x45, 0x5D, 0x59, 0xF8, 0xCE, 0x9A, 0x39, 0xB5,
+        0x96, 0x32, 0xFD, 0x93, 0x65, 0x8E, 0x92, 0xF1,
+        0x8F, 0xB0, 0x99, 0xF3, 0x80, 0x0F, 0x66, 0x14,
+        0xFE, 0xEB, 0x23, 0x17, 0x2D, 0x4C, 0x8F, 0x41,
+        0x9A, 0x9B, 0xD1, 0x5B, 0x5B, 0xC0, 0x3D, 0xA6,
+        0x0E, 0xF3, 0xE0, 0xA1, 0x04, 0xDC, 0x24, 0x18,
+        0x9D, 0x90, 0xC6, 0x89, 0x5A, 0x7F, 0x10, 0x1E,
+        0x4B, 0x21, 0xEC, 0x91, 0xD8, 0x5D, 0x65, 0xDB,
+        0xCF, 0x90, 0x62, 0x85, 0xE9, 0x58, 0xA3, 0x47,
+        0x92, 0x1C, 0xD0, 0x0C, 0xA3, 0xF3, 0x3E, 0x36,
+        0xDB, 0x24, 0xA6, 0x98, 0xAB, 0xA7, 0x89, 0x2B,
+        0x71, 0x6C, 0x4D, 0x00, 0xB0, 0xD5, 0xA0, 0xCA,
+        0x1A, 0x76, 0x8E, 0x80, 0xB7, 0xAE, 0x83, 0x89,
+        0x50, 0xF8, 0xA7, 0x52, 0x8B, 0x94, 0xD2, 0x2B,
+        0x9F, 0x49, 0x92, 0x3D, 0x54, 0x0D, 0xB8, 0xD1,
+        0x19, 0x49, 0xAC, 0x91, 0xAF, 0xDB, 0xE9, 0x24,
+        0x4D, 0xD8, 0xE1, 0xD5, 0x16, 0x0E, 0xB1, 0x39,
+        0x40, 0x7D, 0x5F, 0xF5, 0x92, 0xB4, 0xAF, 0xC3,
+        0x76, 0x2B, 0xDB, 0x7D, 0x52, 0x97, 0x62, 0x9F,
+        0xCF, 0x32, 0x19, 0x5F, 0xE6, 0x32, 0xFB, 0x8E,
+        0x39, 0x24, 0xB4, 0xEB, 0xE9, 0x17, 0x9E, 0x47,
+        0x69, 0x4D, 0x92, 0x82, 0x96, 0x88, 0x38, 0x11,
+        0xCE, 0xD6, 0xBF, 0x18, 0xE3, 0x51, 0x40, 0x81,
+        0x11, 0xA0, 0x74, 0xDA, 0x0D, 0x5E, 0xEC, 0xD8,
+        0x5D, 0x33, 0x22, 0x1E, 0xB9, 0x5D, 0xBF, 0x79,
+        0xB0, 0xA1, 0xEF, 0xD1, 0x2D, 0xA0, 0x5F, 0xA1,
+        0xC7, 0x6E, 0xD5, 0x08, 0xB8, 0xD0, 0xC1, 0x95,
+        0x51, 0x9B, 0x07, 0xC3, 0x4A, 0x0A, 0xB5, 0xA1,
+        0x28, 0xFE, 0x95, 0x95, 0x0A, 0xCF, 0x83, 0xA8,
+        0xEB, 0x8F, 0xFB, 0x18, 0xD5, 0xBD, 0x69, 0x50,
+        0xF1, 0xDF, 0x06, 0xFA, 0x9A, 0x65, 0x47, 0xBB,
+        0x56, 0xE9, 0xCB, 0x8F, 0x69, 0x5F, 0xE0, 0xAD,
+        0x19, 0x3A, 0x70, 0xE5, 0x66, 0x42, 0xD7, 0x1C,
+        0x0C, 0xB4, 0x03, 0x89, 0x7D, 0x47, 0x4D, 0x29,
+        0x67, 0x8C, 0x41, 0x73, 0xAB, 0x7D, 0xFD, 0x69,
+        0x15, 0xAD, 0xE3, 0xB7, 0xF8, 0x98, 0x3B, 0xCA,
+        0x8F, 0x27, 0x37, 0x7B, 0x72, 0x2C, 0x5F, 0x23,
+        0x73, 0x15, 0xE2, 0xB6, 0xBD, 0xDE, 0x84, 0xF8,
+        0x7E, 0x22, 0xB9, 0xFD, 0xD3, 0x4D, 0x62, 0x80,
+        0xBA, 0xC5, 0x57, 0x29, 0x30, 0x1B, 0x06, 0x4D,
+        0x20, 0xB1, 0x53, 0x86, 0xCB, 0x6A, 0x4A, 0xE3,
+        0xC1, 0xA9, 0x88, 0xCF, 0xEB, 0x15, 0x2F, 0xA8,
+        0xA8, 0x6F, 0xFC, 0x2A, 0xA8, 0x0E, 0xD9, 0xFA,
+        0xEA, 0xD7, 0x3B, 0xCE, 0xF8, 0x5B, 0xD8, 0x92,
+        0x22, 0x6A, 0x1A, 0x8E, 0x5E, 0x91, 0x37, 0x2C,
+        0x21, 0x05, 0xC4, 0xAC, 0xF7, 0x62, 0x83, 0xBA,
+        0x55, 0xD5, 0x2C, 0xCE, 0xA1, 0x19, 0x93, 0x0E,
+        0xDE, 0xB6, 0xB8, 0x78, 0x0F, 0xBF, 0x4C, 0xA4,
+        0x66, 0xAD, 0x97, 0x2F, 0xEE, 0x34, 0xE9, 0xA2,
+        0xB6, 0x1D, 0x3C, 0x60, 0xFB, 0xB8, 0x7F, 0xF8,
+        0xFD, 0x34, 0x8C, 0xC5, 0xC7, 0x38, 0x72, 0x74,
+        0x19, 0xA9, 0xCF, 0x54, 0x49, 0x5B, 0xBA, 0x70,
+        0x12, 0xC1, 0x61, 0xDC, 0x32, 0x61, 0x49, 0x66,
+        0xF3, 0x57, 0xAA, 0x0F, 0xE6, 0x44, 0x9E, 0x8A,
+        0x19, 0x9C, 0x6B, 0x63, 0x2C, 0x14, 0x1E, 0xDD,
+        0x00, 0x27, 0xE3, 0x95, 0xE3, 0xE7, 0xD9, 0xFF,
+        0x30, 0x2D, 0x14, 0x19, 0x4F, 0x49, 0x20, 0x0B,
+        0x58, 0x2A, 0x23, 0x1C, 0xE2, 0xAD, 0x6B, 0x9C,
+        0x7B, 0xB6, 0x20, 0x63, 0x08, 0x24, 0x55, 0x04,
+        0x58, 0x1F, 0x0E, 0xBE, 0x2A, 0x6F, 0x79, 0x90,
+        0x9E, 0x15, 0x8F, 0x4B, 0xDB, 0xE2, 0xBE, 0xBC,
+        0x28, 0xB1, 0xC8, 0xFE, 0x00, 0x6D, 0x71, 0xCC,
+        0x91, 0x6A, 0xCC, 0xF8, 0x12, 0x8B, 0xEC, 0xF3,
+        0x46, 0x53, 0xB1, 0x7F, 0xB3, 0x79, 0xF0, 0xC7,
+        0xD7, 0xA5, 0xCF, 0x2C, 0xC3, 0x09, 0x66, 0x82,
+        0x53, 0x43, 0xFD, 0xAC, 0xDE, 0xD5, 0x85, 0xB3,
+        0x79, 0x74, 0x55, 0xE8, 0xF6, 0xE5, 0xFB, 0xF0,
+        0x63, 0x0C, 0x36, 0x63, 0x65, 0x10, 0x43, 0xC9,
+        0x60, 0x99, 0xD6, 0x0C, 0xB9, 0x66, 0x1C, 0xA9,
+        0x97, 0x4D, 0xDB, 0xA8, 0x13, 0x9E, 0xAE, 0xCA,
+        0x7A, 0x5F, 0xE3, 0x24, 0xA0, 0xEE, 0x8A, 0x9D,
+        0x7F, 0x03, 0x53, 0x21, 0x6B, 0xAF, 0x3D, 0xF9,
+        0x38, 0xF3, 0x7A, 0x1D, 0xDA, 0xE2, 0xEF, 0xBA,
+        0x86, 0x21, 0x85, 0x1F, 0x36, 0x08, 0x0B, 0xDA,
+        0x37, 0x5A, 0x0A, 0xD7, 0x55, 0x41, 0xD5, 0x84,
+        0x1B, 0x36, 0xA2, 0x50, 0x65, 0xD7, 0xF3, 0xA3,
+        0xEB, 0xE1, 0xDE, 0x0F, 0x85, 0xAA, 0xF6, 0x2F,
+        0xAB, 0xBB, 0xC8, 0xF1, 0x2A, 0xD1, 0x0A, 0x9B,
+        0xE4, 0x7B, 0xBC, 0x4D, 0x42, 0xD8, 0xA3, 0x4C,
+        0x07, 0x6A, 0x60, 0x3E, 0xE2, 0xDA, 0xE7, 0x00,
+        0xDF, 0x27, 0x94, 0xEF, 0x90, 0x99, 0x88, 0x2C,
+        0xCF, 0xAA, 0xE1, 0x71, 0x2D, 0xFD, 0x00, 0x9C,
+        0x55, 0xBF, 0xC4, 0x7A, 0x55, 0xE9, 0xE0, 0xB4,
+        0x7F, 0x3D, 0xE9, 0xB0, 0x01, 0xA7, 0x27, 0x23,
+        0x27, 0x58, 0x31, 0x0E, 0x8E, 0x80, 0xD8, 0xEB,
+        0x64, 0xA0, 0xC3, 0xC9, 0xEA, 0x69, 0x9C, 0x74,
+        0x5E, 0xAF, 0xD5, 0xEF, 0x5C, 0x4E, 0x40, 0x71,
+        0xD6, 0x57, 0x77, 0xE2, 0xAF, 0x0E, 0x1D, 0xB8,
+        0x5A, 0x91, 0x20, 0x4C, 0x33, 0x4D, 0xD8, 0x4F,
+        0x98, 0xE0, 0x86, 0x1D, 0x02, 0xA0, 0xDA, 0x06,
+        0x17, 0xC4, 0x5D, 0x2E, 0x49, 0x31, 0xE6, 0xE4,
+        0xDC, 0x18, 0x23, 0x26, 0xF3, 0x61, 0xF5, 0x8D,
+        0x26, 0x2C, 0x18, 0x4C, 0xDF, 0x71, 0x90, 0x24,
+        0x96, 0xD3, 0xD4, 0x1A, 0x6F, 0x08, 0xAB, 0x29,
+        0x7D, 0xFF, 0x4E, 0x27, 0x6D, 0x39, 0x83, 0x17,
+        0x90, 0xA4, 0x07, 0x8A, 0xDE, 0x79, 0x53, 0xF6,
+        0x99, 0x2E, 0xA6, 0x39, 0x47, 0xC3, 0xBE, 0x12,
+        0xC7, 0xA5, 0x7E, 0xA2, 0x19, 0x57, 0x04, 0x45,
+        0xBE, 0x44, 0x62, 0x92, 0xCA, 0x56, 0xE1, 0xF0,
+        0x45, 0x3B, 0xA4, 0xF8, 0xF5, 0xCD, 0xC7, 0xD2,
+        0xB2, 0x46, 0x57, 0x51, 0x0B, 0x06, 0xDA, 0x54,
+        0x03, 0x9E, 0x52, 0xA2, 0x78, 0x69, 0x25, 0x2E,
+        0x75, 0x83, 0x25, 0x3F, 0xA3, 0x62, 0x27, 0xB9,
+        0xA6, 0x59, 0x7A, 0xB1, 0xB6, 0xE9, 0xC1, 0xDD,
+        0x2F, 0x22, 0x2D, 0x3B, 0xA3, 0x22, 0xD6, 0x11,
+        0x7B, 0x08, 0x27, 0x92, 0x83, 0x7A, 0x5D, 0x0D,
+        0x6B, 0x9D, 0x5B, 0xEB, 0xE9, 0xC0, 0x88, 0xDE,
+        0x44, 0x55, 0xBA, 0x69, 0xC1, 0x7A, 0x4D, 0xE6,
+        0x35, 0x67, 0x6F, 0x99, 0x9B, 0x07, 0xD8, 0x04,
+        0xAA, 0xEA, 0x7D, 0xFF, 0x8E, 0xB8, 0xAA, 0x4C,
+        0x79, 0xE2, 0x88, 0xA8, 0x1D, 0xE8, 0xA6, 0x77,
+        0xCA, 0x06, 0xC0, 0xDF, 0x0E, 0x2B, 0xCB, 0xFF,
+        0x9F, 0x64, 0x67, 0x11, 0xF1, 0xB9, 0x38, 0x83,
+        0x19, 0x05, 0x30, 0x9B, 0x01, 0x11, 0x55, 0x03,
+        0xAD, 0x44, 0x7D, 0x3C, 0x07, 0xEF, 0x88, 0x19,
+        0x92, 0xC0, 0xFE, 0xE1, 0xAB, 0xDB, 0x24, 0x18,
+        0x17, 0xD0, 0x03, 0x5C, 0x91, 0xD4, 0xA6, 0x2A,
+        0xF1, 0xE9, 0x72, 0x62, 0x58, 0x22, 0x7D, 0x55,
+        0x15, 0xE2, 0xA1, 0x70, 0x14, 0x5E, 0x34, 0xB9,
+        0x5A, 0xB7, 0x5D, 0x3F, 0xB8, 0xB5, 0x45, 0x44,
+        0xD2, 0x50, 0xD1, 0xC6, 0x7E, 0xE7, 0x3D, 0xF4,
+        0xD3, 0xEC, 0xFB, 0x97, 0x32, 0x11, 0x72, 0x51,
+        0xB7, 0x4A, 0xC8, 0x38, 0x96, 0xFC, 0x6F, 0x69,
+        0xC2, 0xD5, 0xD3, 0x28, 0xE9, 0x63, 0x14, 0x14,
+        0xFE, 0xB1, 0xA4, 0x02, 0x80, 0x65, 0x73, 0xD3,
+        0x57, 0x07, 0x95, 0x21, 0x40, 0x00, 0x77, 0xA7,
+        0x6D, 0x44, 0x2B, 0x0D, 0x77, 0x07, 0x92, 0x64,
+        0xD4, 0x3A, 0xE2, 0x7F, 0xF2, 0x1C, 0x14, 0x08,
+        0x60, 0x74, 0x8F, 0xFC, 0x0B, 0xE8, 0xEC, 0xA9,
+        0xB7, 0x97, 0xA7, 0x85, 0x8A, 0xEF, 0xD7, 0x7E,
+        0xD5, 0x15, 0xF7, 0x45, 0x8D, 0x9C, 0xBF, 0x23,
+        0xEB, 0x8C, 0x4D, 0xD2, 0x28, 0x7E, 0x0A, 0x61,
+        0x2E, 0xBA, 0xBE, 0x89, 0x1D, 0x64, 0x45, 0x22,
+        0x70, 0x9D, 0x48, 0xEB, 0x2F, 0x96, 0xF1, 0xA7,
+        0xDE, 0xD3, 0x28, 0x4C, 0xC9, 0xFB, 0xF2, 0x9C,
+        0x5B, 0xFC, 0xBE, 0xBE, 0xF4, 0x38, 0xC9, 0x43,
+        0xC3, 0x66, 0x53, 0xA9, 0x06, 0xE5, 0x71, 0x16,
+        0xA4, 0xBB, 0x3B, 0x50, 0x53, 0xCF, 0xF4, 0x1F,
+        0xD6, 0x00, 0x07, 0x46, 0xFB, 0x97, 0x0B, 0xF9,
+        0x3D, 0xF4, 0xC6, 0x60, 0xD0, 0x37, 0x70, 0xC0,
+        0x2D, 0xD1, 0x9F, 0xA5, 0x78, 0xF3, 0x1F, 0x03,
+        0x81, 0xB1, 0x93, 0xBA, 0xE5, 0x82, 0xE6, 0xD1,
+        0x66, 0x93, 0x83, 0x5B, 0xB9, 0xAD, 0xD9, 0x01,
+        0xA5, 0xB6, 0x5C, 0x69, 0x82, 0xD7, 0x2F, 0x35,
+        0x35, 0x98, 0xEE, 0xE9, 0xA0, 0x74, 0xC1, 0x91,
+        0x44, 0x0A, 0x04, 0xCD, 0x97, 0xBE, 0x6B, 0x60,
+        0x90, 0x9A, 0x48, 0x7B, 0x83, 0xA2, 0x28, 0x97,
+        0xB5, 0xBA, 0xB1, 0x4D, 0x35, 0x8B, 0x34, 0x0A,
+        0xA1, 0xCB, 0xA5, 0xC2, 0xA4, 0x6A, 0x36, 0xB3,
+        0x12, 0x46, 0x59, 0xDB, 0x63, 0xE5, 0xF9, 0xF1,
+        0x7F, 0xAD, 0x42, 0xF4, 0x24, 0xF0, 0x02, 0x3D,
+        0x1E, 0x6C, 0xD5, 0xB3, 0x06, 0x8F, 0x1F, 0x59,
+        0x79, 0xCC, 0xF9, 0x5B, 0x4F, 0x8B, 0xD6, 0x03,
+        0xC7, 0x53, 0xE6, 0xCE, 0xBB, 0xD8, 0x52, 0x89,
+        0x70, 0x5D, 0x98, 0x86, 0xA5, 0x9E, 0x44, 0xA9,
+        0xC8, 0x17, 0xA2, 0x6F, 0x43, 0x2D, 0x8D, 0xA7,
+        0xDE, 0x3E, 0xFA, 0xE7, 0x98, 0x7B, 0xB5, 0xBE,
+        0x7B, 0x10, 0xB8, 0xB8, 0xA5, 0x3D, 0x3E, 0xCD,
+        0x94, 0x19, 0x5E, 0x06, 0x51, 0xB8, 0x58, 0x1E,
+        0x0E, 0xCF, 0xFE, 0xE5, 0xED, 0x84, 0xB5, 0xF5,
+        0x0F, 0x34, 0x32, 0xAC, 0x0A, 0x7F, 0x03, 0xF0,
+        0xF8, 0xFC, 0x69, 0xA0, 0x26, 0x0D, 0x2E, 0xFA,
+        0x62, 0x49, 0x5C, 0xC4, 0xE5, 0xF6, 0x8B, 0xC5,
+        0x26, 0x21, 0x23, 0x3B, 0xBD, 0x9A, 0x23, 0x95,
+        0x69, 0xA7, 0x48, 0x94, 0x30, 0x1E, 0xC3, 0x82,
+        0xB6, 0x75, 0x30, 0xA6, 0xF3, 0x1E, 0xBB, 0xBC,
+        0xF7, 0x21, 0x27, 0x12, 0x2C, 0x51, 0x50, 0x55,
+        0x87, 0x0D, 0xF1, 0xCC, 0x6C, 0xFF, 0xEA, 0x7E,
+        0x2C, 0xDA, 0x8B, 0x9B, 0x20, 0xF4, 0x75, 0xFB,
+        0xC2, 0x3F, 0xBE, 0x09, 0xA6, 0xC9, 0x26, 0xE7,
+        0xB5, 0xC7, 0xE6, 0xB9, 0x35, 0x8C, 0xAF, 0xFA,
+        0xC0, 0x8D, 0x43, 0x33, 0x25, 0xBA, 0xAA, 0xDC,
+        0xCF, 0xBC, 0xE4, 0xC4, 0xC6, 0x26, 0x4A, 0x0D,
+        0x9D, 0xCC, 0x2A, 0xE0, 0x5B, 0x1E, 0xC9, 0x78,
+        0xF8, 0xA2, 0xB5, 0x46, 0xE5, 0x49, 0xB8, 0x4C,
+        0xC2, 0x22, 0x40, 0xCE, 0x97, 0x9A, 0x95, 0x40,
+        0xF7, 0xD6, 0x52, 0x54, 0x3B, 0xBB, 0x42, 0xC5,
+        0x6F, 0x00, 0x7F, 0x83, 0xDD, 0x88, 0x71, 0xF7,
+        0xD4, 0x1B, 0x3D, 0x81, 0xC4, 0xB1, 0x49, 0x9B,
+        0xF3, 0x68, 0x15, 0xC5, 0x15, 0x97, 0x0F, 0xC5,
+        0x43, 0xDD, 0x07, 0xBE, 0x98, 0x43, 0x2C, 0xB3,
+        0xEF, 0x08, 0xCA, 0xDC, 0x9C, 0x27, 0x58, 0xFE,
+        0x49, 0xE9, 0x77, 0xD9, 0x1C, 0x62, 0xA4, 0xA2,
+        0xF9, 0x78, 0xCC, 0xB3, 0x21, 0x06, 0x10, 0xDE,
+        0x5A, 0x52, 0xA3, 0x67, 0xBD, 0x5E, 0xBC, 0x9B,
+        0x4E, 0x40, 0x87, 0x93, 0xCF, 0x0E, 0x27, 0x0E,
+        0xE3, 0x11, 0x4B, 0xB3, 0xE0, 0xCE, 0x24, 0xB6,
+        0x0A, 0x53, 0x03, 0xF8, 0x01, 0x6A, 0x7E, 0xFE,
+        0xC8, 0x66, 0x9F, 0x29, 0xF3, 0x45, 0x94, 0xD6,
+        0x0E, 0x30, 0xB5, 0x61, 0xA9, 0xEC, 0x8F, 0x71,
+        0xF7, 0x36, 0xD6, 0x43, 0x4B, 0x0C, 0xCD, 0x45,
+        0xBB, 0xA4, 0xBD, 0xE9, 0xA9, 0xC3, 0xC1, 0x95,
+        0x1E, 0xF9, 0x42, 0x07, 0x18, 0xEA, 0xF5, 0x0B,
+        0x27, 0xB6, 0xDE, 0xEF, 0x67, 0x33, 0x83, 0x0D,
+        0xD9, 0x5E, 0x3A, 0x93, 0xD2, 0xD0, 0xDB, 0xB9,
+        0x98, 0xF0, 0x25, 0x21, 0xF3, 0xDF, 0x0B, 0x1E
+    };
+#endif /* !WOLFSSL_NO_ML_DSA_44 */
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte seed_65_draft[] = {
+        0x41, 0xAF, 0x98, 0x7B, 0x02, 0x6E, 0x47, 0x5F,
+        0x37, 0x91, 0x7F, 0x2A, 0x6A, 0x9A, 0x87, 0xE7,
+        0x51, 0xAD, 0xF9, 0x5B, 0x92, 0x7F, 0x2D, 0xCE,
+        0xF0, 0xD4, 0xF3, 0xDA, 0x8F, 0x8C, 0x86, 0x6B
+    };
+    static const byte pk_65_draft[] = {
+        0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4,
+        0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E,
+        0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F,
+        0xA5, 0x19, 0x41, 0xE4, 0x44, 0x58, 0x66, 0x41,
+        0x39, 0x5D, 0xF9, 0x20, 0x6C, 0x36, 0x0D, 0x4F,
+        0x83, 0x43, 0xBE, 0x86, 0xEF, 0x6C, 0x43, 0xD0,
+        0x3E, 0xD0, 0x63, 0x0A, 0x5B, 0x92, 0x8D, 0x31,
+        0x19, 0x1D, 0xA9, 0x51, 0x61, 0x48, 0xE6, 0x26,
+        0x50, 0x07, 0x54, 0x9B, 0xB0, 0xB7, 0x62, 0x54,
+        0xDB, 0x80, 0x4E, 0x48, 0x7F, 0x48, 0xC5, 0x11,
+        0x91, 0xFC, 0xA9, 0x26, 0x25, 0x08, 0xA5, 0x99,
+        0xA0, 0x3C, 0xB9, 0x0C, 0xCF, 0x6C, 0xCD, 0x83,
+        0x9A, 0x38, 0x6D, 0x22, 0xDE, 0x0A, 0xC3, 0x8F,
+        0xF7, 0xD0, 0x57, 0x40, 0x53, 0xE9, 0xE9, 0x4E,
+        0x73, 0xFA, 0x58, 0x40, 0x9F, 0x6D, 0x8A, 0xD3,
+        0x6F, 0x86, 0x84, 0x4D, 0x18, 0xD7, 0x4C, 0x76,
+        0x39, 0x57, 0x9E, 0xC0, 0xC7, 0xE4, 0xEE, 0x54,
+        0xF4, 0xAD, 0x10, 0xC5, 0x69, 0x59, 0xE0, 0xBC,
+        0x9B, 0xF4, 0x20, 0x8F, 0xBA, 0x0A, 0x94, 0x10,
+        0x55, 0x07, 0x7E, 0xD1, 0xF9, 0x20, 0xCC, 0x2F,
+        0xA9, 0xAE, 0x9D, 0xF5, 0xE4, 0x29, 0x40, 0x7E,
+        0x44, 0xA4, 0xDF, 0xB2, 0xE9, 0x25, 0xE0, 0xBA,
+        0x8D, 0x6C, 0x33, 0x88, 0x9C, 0xEE, 0x27, 0xDB,
+        0xC7, 0x0A, 0x6E, 0x5A, 0x08, 0x92, 0x9B, 0x53,
+        0xF8, 0xFD, 0xF9, 0x5B, 0xEB, 0x03, 0x8E, 0x45,
+        0xCB, 0x91, 0x19, 0x4E, 0x6B, 0x1E, 0xA0, 0xA4,
+        0xF0, 0x43, 0xC9, 0x8F, 0xDF, 0x93, 0x5E, 0x86,
+        0xB0, 0x09, 0xD3, 0x47, 0x38, 0x7C, 0x8E, 0x78,
+        0x85, 0x71, 0x3D, 0x07, 0x2E, 0x2E, 0x12, 0x6F,
+        0x06, 0x97, 0x0E, 0x54, 0xAD, 0x71, 0x09, 0xEF,
+        0xA5, 0x55, 0x0A, 0x39, 0x86, 0xE6, 0x17, 0x17,
+        0x70, 0x9A, 0xA7, 0xA7, 0x1B, 0xCE, 0x78, 0x06,
+        0x2C, 0x61, 0x1A, 0xB9, 0x48, 0x22, 0x41, 0x45,
+        0x15, 0xEB, 0x10, 0x3C, 0x6E, 0x24, 0x37, 0xA4,
+        0xB5, 0xE8, 0x82, 0x4D, 0x6D, 0xCC, 0x44, 0xC6,
+        0xB0, 0x5D, 0xBE, 0x46, 0xDA, 0x5F, 0x00, 0x36,
+        0x5B, 0xBD, 0x87, 0x65, 0x3A, 0x96, 0x21, 0x58,
+        0x45, 0x65, 0xDB, 0xD8, 0x77, 0x76, 0x7B, 0x25,
+        0xC3, 0x78, 0x6E, 0xD9, 0x14, 0xA7, 0x19, 0x69,
+        0x4F, 0xBB, 0x1B, 0xDB, 0x37, 0xCE, 0xAF, 0x8C,
+        0x88, 0x2E, 0x9E, 0x30, 0xF6, 0xAE, 0x43, 0xCC,
+        0x59, 0x0F, 0x67, 0x8A, 0xCB, 0x4F, 0x08, 0x20,
+        0x6D, 0x99, 0xD7, 0xA9, 0xDE, 0xE5, 0xE5, 0xB3,
+        0xFF, 0xAA, 0x45, 0x3C, 0xF1, 0xE3, 0x02, 0x7D,
+        0x2F, 0xEE, 0x69, 0x04, 0x81, 0x73, 0x01, 0x37,
+        0x51, 0x68, 0xC8, 0x0B, 0x51, 0xFD, 0x05, 0xB4,
+        0x05, 0xBB, 0xA1, 0xDB, 0x1D, 0xF6, 0x5F, 0x70,
+        0xD3, 0x0A, 0x37, 0x4B, 0x9C, 0xC4, 0x45, 0x30,
+        0x11, 0x36, 0xE2, 0x48, 0x9F, 0xC4, 0x2E, 0x4E,
+        0x0C, 0x0C, 0xA1, 0x04, 0x41, 0x75, 0x95, 0xAA,
+        0xED, 0xAC, 0xD4, 0xB2, 0xE7, 0x85, 0x7E, 0xE1,
+        0xA6, 0xFE, 0x2A, 0x09, 0x19, 0x09, 0x3D, 0x7C,
+        0x20, 0x1E, 0x98, 0x3D, 0x6E, 0x02, 0xC1, 0xCA,
+        0xBB, 0x24, 0x82, 0x9F, 0x45, 0x1D, 0x26, 0x99,
+        0xAE, 0x02, 0x82, 0xF9, 0x86, 0x3B, 0x67, 0x8C,
+        0xBD, 0xFE, 0xF1, 0xD0, 0xB6, 0xB8, 0xAB, 0x00,
+        0x0F, 0xEC, 0x30, 0xDC, 0x27, 0x58, 0xE2, 0x29,
+        0x18, 0x05, 0x5A, 0x66, 0xA5, 0x88, 0x39, 0x8E,
+        0x49, 0x5B, 0xB9, 0x52, 0x43, 0x84, 0xDC, 0xA9,
+        0x50, 0x2B, 0x83, 0x3C, 0x84, 0x81, 0x37, 0x52,
+        0x30, 0x79, 0xBD, 0x04, 0xB8, 0xDD, 0x47, 0xC1,
+        0x02, 0x2E, 0xEC, 0x24, 0xD0, 0x56, 0x23, 0xE1,
+        0x92, 0xD0, 0x65, 0x7F, 0xC7, 0xC2, 0xF7, 0x60,
+        0x73, 0xB8, 0xAF, 0x0A, 0xF4, 0xEF, 0xFC, 0x1B,
+        0xC2, 0xB9, 0x76, 0x87, 0x8A, 0xA6, 0xC2, 0x3F,
+        0xD3, 0x9F, 0x1F, 0x2D, 0x94, 0xBC, 0x89, 0x4E,
+        0x31, 0x8D, 0x28, 0xD0, 0x90, 0xB5, 0x5B, 0x60,
+        0x30, 0xC6, 0x0B, 0x37, 0x63, 0x5D, 0xDC, 0xC6,
+        0xE0, 0x1A, 0xBA, 0x6B, 0x23, 0xCD, 0x2E, 0x09,
+        0x2D, 0x6A, 0x7E, 0x0C, 0xD9, 0x4F, 0xB1, 0xE2,
+        0x89, 0x67, 0xE7, 0xB1, 0x54, 0x08, 0xB2, 0xFA,
+        0x83, 0x43, 0x7C, 0x77, 0x06, 0xED, 0xE2, 0x29,
+        0x53, 0xB7, 0x09, 0xC4, 0x1B, 0x81, 0x55, 0x12,
+        0x41, 0x8E, 0x8B, 0x03, 0x36, 0xEE, 0x45, 0x70,
+        0x57, 0xA8, 0x73, 0xEF, 0x70, 0x7B, 0x1F, 0x63,
+        0xB0, 0xE8, 0x00, 0xBD, 0x1E, 0xE6, 0xA9, 0x93,
+        0x9D, 0x03, 0x19, 0x22, 0xDF, 0xE1, 0x01, 0xF2,
+        0xA9, 0x6B, 0x90, 0x5C, 0xD2, 0xC1, 0xAC, 0x9F,
+        0xB2, 0x21, 0x1C, 0x2D, 0xC6, 0x80, 0x9A, 0xB5,
+        0x1E, 0x46, 0x95, 0x6C, 0xCE, 0x47, 0x3E, 0x67,
+        0xCD, 0xD6, 0xC9, 0xB9, 0x81, 0x74, 0x7F, 0x17,
+        0xA3, 0xF7, 0x48, 0x99, 0xF3, 0x36, 0x84, 0xF3,
+        0x16, 0x41, 0x55, 0x5F, 0xA7, 0xBF, 0x4B, 0x69,
+        0x8D, 0xA3, 0x3D, 0x1E, 0xEA, 0xF5, 0x1E, 0xC6,
+        0xB8, 0x1C, 0xD6, 0x89, 0x45, 0x68, 0xFA, 0xE7,
+        0xCA, 0x86, 0xE4, 0xB1, 0xC9, 0x9C, 0xB2, 0xAB,
+        0x89, 0x03, 0xE7, 0x19, 0x7B, 0xA9, 0xF2, 0x6B,
+        0x4A, 0x43, 0x1D, 0x90, 0xAF, 0xA4, 0xE3, 0xBC,
+        0xEF, 0xD4, 0x37, 0xC5, 0x55, 0x5C, 0x9E, 0x14,
+        0xC6, 0x18, 0xDD, 0x45, 0x3F, 0x80, 0x49, 0x1C,
+        0x93, 0xFF, 0xBD, 0xDD, 0x75, 0x54, 0x0B, 0xD1,
+        0xA9, 0xF6, 0xBC, 0x89, 0x98, 0x7D, 0x6F, 0x03,
+        0x7B, 0x06, 0xD5, 0x40, 0x7D, 0x85, 0x48, 0x2E,
+        0x11, 0x3E, 0xF0, 0x47, 0x77, 0xD0, 0xBA, 0x03,
+        0x33, 0x58, 0xC4, 0x8F, 0x76, 0xF8, 0x72, 0x47,
+        0x04, 0x21, 0x5E, 0x85, 0x5A, 0x0F, 0x35, 0x77,
+        0xFB, 0x96, 0x29, 0x81, 0x2D, 0x55, 0x6E, 0x53,
+        0xC6, 0x13, 0x1E, 0xFA, 0x4D, 0xCE, 0xA9, 0x36,
+        0x1D, 0x8F, 0xAB, 0xAC, 0x13, 0x19, 0x94, 0xFC,
+        0x4B, 0xCD, 0x36, 0x4C, 0x6E, 0x21, 0xAE, 0xF1,
+        0x13, 0xA4, 0xF7, 0x64, 0x8E, 0xE1, 0xAF, 0x50,
+        0x6A, 0x63, 0x0E, 0xCA, 0x2F, 0xE9, 0x0C, 0x8A,
+        0xE7, 0xF2, 0xE3, 0x68, 0x03, 0xE0, 0x40, 0x1C,
+        0x64, 0xAB, 0xC3, 0xEC, 0xC0, 0x92, 0xE9, 0x57,
+        0x3E, 0x66, 0x72, 0x36, 0x39, 0x22, 0x4E, 0xCD,
+        0x13, 0x08, 0xBA, 0xF8, 0x2B, 0xA1, 0xF2, 0x69,
+        0x44, 0x7E, 0x90, 0x5C, 0xC8, 0xEC, 0xB6, 0xBE,
+        0x8C, 0x30, 0xE0, 0x69, 0xB7, 0x97, 0xA1, 0x1C,
+        0x18, 0xE5, 0x54, 0x62, 0xC3, 0x29, 0x99, 0x21,
+        0x16, 0xD9, 0x78, 0x1C, 0x4C, 0x9C, 0x88, 0x4C,
+        0xA5, 0xE1, 0x11, 0x66, 0x5B, 0x6E, 0x71, 0xE7,
+        0xE2, 0xE7, 0xE4, 0x02, 0xDD, 0x1A, 0x8D, 0x0C,
+        0xF5, 0x32, 0xFD, 0x41, 0x28, 0x35, 0x75, 0xD0,
+        0x0C, 0x5F, 0x06, 0x6A, 0x5A, 0x61, 0x49, 0x59,
+        0xC1, 0x0C, 0xD4, 0x9E, 0xD6, 0x29, 0xE2, 0x37,
+        0xDF, 0x2B, 0x3D, 0xE8, 0x98, 0xB9, 0xDF, 0x8E,
+        0xA0, 0xC4, 0xE2, 0xFC, 0x45, 0x70, 0xE8, 0x1B,
+        0xF4, 0xFA, 0xC5, 0xE6, 0xA7, 0xCF, 0x4F, 0xA2,
+        0xDA, 0x3D, 0x90, 0x49, 0x24, 0x8F, 0x61, 0x54,
+        0xD5, 0x50, 0x8E, 0xE8, 0x0C, 0x14, 0xAD, 0x6F,
+        0x65, 0x88, 0x3A, 0xF6, 0x92, 0xDB, 0x35, 0x5D,
+        0xFF, 0x21, 0x20, 0xAC, 0x01, 0x16, 0x0B, 0xEC,
+        0x84, 0x15, 0x3B, 0xA9, 0x93, 0x92, 0x75, 0xB3,
+        0x73, 0xF1, 0x23, 0x69, 0x94, 0x10, 0xF5, 0xFE,
+        0x20, 0xA8, 0xAF, 0x05, 0x87, 0x49, 0x4E, 0x9C,
+        0xEB, 0x21, 0x0A, 0xCF, 0x0B, 0xA1, 0x65, 0x38,
+        0xA6, 0x18, 0x4D, 0xF7, 0xD8, 0xC1, 0x2C, 0x14,
+        0x4C, 0xD9, 0x40, 0xC2, 0xF7, 0xBF, 0xE3, 0x07,
+        0x79, 0x55, 0xAE, 0xB9, 0xB6, 0x50, 0x06, 0x92,
+        0x94, 0x8C, 0x6A, 0x0E, 0x22, 0x14, 0xE2, 0xCC,
+        0x65, 0xBA, 0x0C, 0x4D, 0xB6, 0x5C, 0x4A, 0xE9,
+        0x0A, 0x08, 0x0C, 0xF9, 0x26, 0xA2, 0x51, 0x85,
+        0x36, 0xE2, 0xC1, 0xF1, 0x0A, 0x66, 0x51, 0x66,
+        0x7A, 0x98, 0x9B, 0x2C, 0x30, 0x1A, 0x0D, 0x49,
+        0x3C, 0x1E, 0xEC, 0x63, 0x53, 0x5E, 0xD9, 0xDD,
+        0x84, 0x69, 0xCD, 0x7E, 0x79, 0x58, 0x3D, 0x6E,
+        0xD9, 0x98, 0x58, 0xD8, 0x0A, 0x48, 0xB5, 0x13,
+        0x3F, 0x72, 0x4C, 0x11, 0x90, 0x15, 0x12, 0x74,
+        0xFF, 0x5C, 0x0D, 0xC6, 0x20, 0x8C, 0xC1, 0x99,
+        0xCA, 0x8E, 0xFC, 0xA2, 0xE8, 0xB8, 0xEE, 0xAA,
+        0x27, 0xC2, 0x97, 0x8D, 0xFA, 0xBE, 0xE0, 0x43,
+        0x99, 0xB6, 0x90, 0x60, 0x00, 0x7C, 0x33, 0xD4,
+        0x87, 0x71, 0x7B, 0x56, 0x6C, 0xAA, 0xE0, 0xAC,
+        0x9D, 0x7E, 0x7E, 0xA3, 0xCF, 0xBB, 0xB3, 0xA0,
+        0x5F, 0xD4, 0xC4, 0x3A, 0xA7, 0xB9, 0x0C, 0xCE,
+        0xF3, 0x05, 0x09, 0x91, 0xA7, 0xE9, 0x11, 0x55,
+        0x32, 0x45, 0xA6, 0x08, 0x0E, 0x10, 0x37, 0x91,
+        0xF3, 0xBF, 0xED, 0x64, 0x26, 0xEB, 0x39, 0xC2,
+        0x57, 0xAE, 0x64, 0x79, 0x33, 0x7C, 0x51, 0xB2,
+        0xC8, 0x85, 0xE0, 0xF9, 0x6D, 0x10, 0x52, 0x9F,
+        0x72, 0xF4, 0xD1, 0x5B, 0x54, 0x5B, 0x93, 0x28,
+        0x36, 0xA8, 0xCD, 0xB3, 0x30, 0x5B, 0x7A, 0xB0,
+        0xB6, 0xF0, 0xD8, 0xA0, 0xBA, 0x24, 0x59, 0x5F,
+        0x43, 0x02, 0x01, 0x57, 0x91, 0x7B, 0x94, 0x07,
+        0x63, 0x23, 0x12, 0x94, 0xFB, 0x9F, 0xF2, 0xC1,
+        0xD6, 0x80, 0x8F, 0x4E, 0xA7, 0x9E, 0x11, 0xD8,
+        0xB3, 0x08, 0xB6, 0x3B, 0x3B, 0xF2, 0xEE, 0x14,
+        0xA5, 0xDB, 0xB0, 0xBB, 0x17, 0xA5, 0x96, 0x3C,
+        0x2F, 0xB9, 0xE7, 0x4A, 0xD7, 0x52, 0x34, 0x98,
+        0xCB, 0x0C, 0xEB, 0x42, 0x5B, 0x2D, 0x2D, 0x2B,
+        0x0D, 0x94, 0x66, 0xD3, 0xAD, 0x08, 0x0A, 0x28,
+        0xF6, 0x0E, 0xDA, 0xD4, 0x54, 0xFD, 0xC6, 0x48,
+        0x08, 0xA1, 0x8D, 0xB0, 0x30, 0xFD, 0x18, 0xB1,
+        0x50, 0xB1, 0xFD, 0xE0, 0x6E, 0x33, 0x25, 0x0D,
+        0x90, 0xB1, 0xC1, 0xE7, 0x88, 0x74, 0x87, 0x05,
+        0xE7, 0xBE, 0xBD, 0xAA, 0x8C, 0x6D, 0xC2, 0x3D,
+        0x6F, 0x95, 0x84, 0xFA, 0x03, 0x74, 0x85, 0xE1,
+        0xED, 0xE5, 0xF4, 0xE8, 0x26, 0x4A, 0x0B, 0x20,
+        0x87, 0xB6, 0xE1, 0x10, 0x75, 0x6D, 0x9F, 0x95,
+        0x39, 0x4C, 0x0F, 0x50, 0x1B, 0xA8, 0x69, 0x82,
+        0xBB, 0xE2, 0xD6, 0x11, 0xD7, 0xBE, 0xFB, 0x4F,
+        0x60, 0xD3, 0x16, 0xC6, 0x04, 0x3A, 0x5A, 0xF5,
+        0x78, 0x9B, 0x0B, 0x21, 0xA1, 0x00, 0x96, 0xCD,
+        0x63, 0x78, 0x1D, 0x2D, 0x4F, 0x6E, 0x50, 0xEE,
+        0x62, 0x2D, 0x88, 0x62, 0x01, 0xF6, 0xB4, 0x17,
+        0x4F, 0x8C, 0xAD, 0xCB, 0x4B, 0xF9, 0xF6, 0x9D,
+        0xC7, 0xD8, 0xCC, 0xBF, 0x96, 0x1B, 0x1B, 0x79,
+        0xF3, 0x25, 0x85, 0x23, 0x10, 0x63, 0x30, 0x8D,
+        0xA8, 0x3A, 0x4B, 0x92, 0x1B, 0x88, 0x53, 0x24,
+        0x2D, 0x29, 0xA5, 0x2E, 0x7A, 0xD5, 0x58, 0xEB,
+        0x1B, 0x1C, 0xE6, 0xB8, 0x94, 0x0C, 0x58, 0x96,
+        0x5B, 0xA0, 0x2C, 0xBF, 0xE2, 0x99, 0xA0, 0x1F,
+        0x0C, 0xCC, 0xBD, 0x83, 0x72, 0x56, 0xBB, 0x13,
+        0x61, 0x5A, 0xC2, 0x04, 0x27, 0x29, 0x1F, 0xD4,
+        0xE4, 0x3D, 0x8A, 0x87, 0xE3, 0x81, 0x91, 0x07,
+        0xD3, 0x9B, 0xBC, 0xA9, 0xB3, 0xBA, 0xF5, 0x8B,
+        0x6A, 0xAD, 0xDE, 0xB0, 0x54, 0x3E, 0xFE, 0xCC,
+        0xD3, 0xCB, 0x2C, 0x69, 0xF0, 0x58, 0xD7, 0xEF,
+        0xA9, 0xC0, 0x15, 0x9B, 0x5A, 0xDF, 0x71, 0x25,
+        0x38, 0x44, 0xEC, 0xA9, 0x18, 0x47, 0x41, 0xCE,
+        0x3D, 0x53, 0x10, 0x12, 0xC3, 0x1B, 0x59, 0x9A,
+        0x93, 0xA1, 0xEA, 0xBE, 0x3E, 0xBA, 0x74, 0xF6,
+        0x2D, 0x40, 0x9D, 0xCB, 0x9E, 0xA1, 0xA5, 0x85,
+        0xFF, 0xDC, 0xC5, 0x60, 0x6F, 0x61, 0xE8, 0x17,
+        0x6C, 0x36, 0x9F, 0x7A, 0x48, 0x47, 0xDD, 0xF1,
+        0xF4, 0x43, 0x21, 0xCB, 0xB3, 0x55, 0x86, 0xD0,
+        0xE9, 0x46, 0x7D, 0xB5, 0x3D, 0x90, 0x34, 0x1E,
+        0xBB, 0x40, 0xD3, 0x2A, 0xEB, 0xE6, 0x4C, 0x46,
+        0x42, 0xA2, 0x8A, 0xBF, 0x90, 0xE7, 0x4B, 0x6D,
+        0x5C, 0x94, 0x97, 0xD2, 0xF0, 0x97, 0x74, 0x4C,
+        0x76, 0x03, 0xAC, 0x3D, 0xDE, 0x15, 0x96, 0x0C,
+        0xEF, 0x18, 0x9D, 0xBD, 0x1A, 0x20, 0x35, 0x7E,
+        0x2A, 0x70, 0x9D, 0xEA, 0x2E, 0x11, 0xDF, 0xF3,
+        0x2F, 0xFE, 0x23, 0xA9, 0xB6, 0xCF, 0xB7, 0xB9,
+        0x3F, 0x4F, 0x30, 0x6B, 0x3B, 0x0D, 0x3B, 0xED,
+        0xCD, 0x77, 0xD4, 0xBF, 0xEE, 0xDD, 0xB6, 0x56,
+        0x24, 0xD4, 0x29, 0x83, 0xDE, 0xDB, 0xC1, 0xFB,
+        0x6A, 0xCE, 0x7F, 0x47, 0xD2, 0xC5, 0xF1, 0x78,
+        0x5C, 0x2C, 0x5A, 0x28, 0x3E, 0x05, 0x50, 0x2E,
+        0xD9, 0xAE, 0x9B, 0x95, 0x64, 0xC7, 0xD2, 0x7B,
+        0xCB, 0xC5, 0x91, 0x80, 0xEB, 0x79, 0xC7, 0xCC,
+        0xA8, 0x06, 0xC8, 0xF9, 0xDF, 0x2A, 0x49, 0x4A,
+        0xF8, 0xFE, 0xBA, 0xA5, 0x85, 0x67, 0x1B, 0xDA,
+        0x51, 0x3B, 0xC2, 0x04, 0xA6, 0xA3, 0xFF, 0x99,
+        0x21, 0xE8, 0x17, 0x91, 0x33, 0x9B, 0x83, 0x75,
+        0x20, 0x5E, 0x95, 0xBE, 0x49, 0xDF, 0x53, 0xFC,
+        0x05, 0xA2, 0x3C, 0xAA, 0x5A, 0x22, 0x15, 0xA5,
+        0x56, 0xE0, 0x51, 0x30, 0x4E, 0x32, 0x14, 0xF2,
+        0x9F, 0x03, 0x51, 0x8E, 0xDD, 0x8B, 0x39, 0x19,
+        0x1E, 0x39, 0xC5, 0xA7, 0x1C, 0xC6, 0xA4, 0xE1,
+        0x77, 0xCA, 0x8C, 0x9D, 0x27, 0xBC, 0xCC, 0x16,
+        0xD6, 0xFC, 0x59, 0x10, 0x23, 0xFF, 0x64, 0x90,
+        0x9C, 0x23, 0x5A, 0xFF, 0x7E, 0x27, 0x1B, 0xC7,
+        0x7F, 0x21, 0x3B, 0x41, 0xDB, 0xBC, 0x96, 0x60,
+        0x0B, 0x35, 0xA1, 0xF3, 0xF8, 0x51, 0x0A, 0x65,
+        0xCF, 0xDF, 0x7A, 0xB8, 0x04, 0x56, 0x49, 0xD7,
+        0xD3, 0xC5, 0x0B, 0x4A, 0x1F, 0x60, 0xE1, 0x86,
+        0x36, 0x53, 0x8E, 0x6C, 0x3E, 0xAF, 0x5B, 0xC1,
+        0xCA, 0xCB, 0x22, 0x1A, 0x07, 0xDA, 0x54, 0xEC,
+        0xAA, 0x06, 0x72, 0x17, 0xCF, 0x80, 0xC4, 0x89,
+        0x56, 0x24, 0x1B, 0xD4, 0xFF, 0x50, 0x6B, 0x51,
+        0x55, 0x4D, 0x6E, 0x79, 0x7E, 0xEC, 0x61, 0xC6,
+        0xE4, 0x21, 0xC8, 0x0E, 0x10, 0x3F, 0x8C, 0x85,
+        0x3A, 0x27, 0xEA, 0x91, 0x07, 0xCB, 0x37, 0x18,
+        0x14, 0xB5, 0x63, 0x6E, 0x00, 0xBC, 0x0F, 0x36,
+        0xF9, 0x54, 0x75, 0xE7, 0x0B, 0xDC, 0xE7, 0xA0,
+        0x59, 0xF0, 0x64, 0xFB, 0x73, 0x07, 0x0E, 0xFE,
+        0x57, 0x7F, 0x0D, 0x12, 0xBC, 0xB0, 0xBF, 0xA2,
+        0x3A, 0x18, 0x08, 0x7E, 0xD5, 0x6C, 0xF0, 0x6F,
+        0xF8, 0x98, 0xFB, 0xA5, 0x10, 0x7B, 0x10, 0x5F,
+        0x6B, 0xC8, 0x6D, 0xDE, 0x2F, 0x1F, 0xE0, 0xC8,
+        0x19, 0xEE, 0xC2, 0x03, 0x39, 0x49, 0x70, 0x3E,
+        0x36, 0xE3, 0x3C, 0x70, 0xE3, 0xEA, 0xAC, 0x34,
+        0x32, 0xB7, 0x0D, 0xBA, 0x7C, 0xAB, 0xE6, 0x18
+    };
+    static const byte sk_65_draft[] = {
+        0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4,
+        0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E,
+        0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F,
+        0xA5, 0x19, 0x41, 0xE4, 0x44, 0x58, 0x66, 0x41,
+        0x52, 0x8D, 0xA0, 0xC7, 0xD2, 0x80, 0xDD, 0x49,
+        0x0D, 0x5E, 0xB7, 0x65, 0xDB, 0x32, 0x33, 0x15,
+        0x0F, 0x9E, 0xC8, 0xEB, 0xC9, 0x6E, 0xE8, 0xE8,
+        0x5C, 0xBD, 0x18, 0x4F, 0xDC, 0xF8, 0xA8, 0xD9,
+        0xC5, 0x33, 0x84, 0x79, 0x5A, 0x5E, 0xB7, 0x3C,
+        0x6D, 0x82, 0xCA, 0xB9, 0xBA, 0x94, 0xB6, 0x46,
+        0xAE, 0x3A, 0xD9, 0x19, 0x6C, 0xB4, 0xDA, 0xE2,
+        0xF1, 0x4B, 0xB6, 0x43, 0xF0, 0x24, 0x08, 0xE5,
+        0xF7, 0x9A, 0x41, 0xF1, 0x15, 0x9C, 0xA8, 0x08,
+        0x79, 0x9F, 0xB8, 0x26, 0xD4, 0x08, 0x32, 0x47,
+        0xC8, 0xF0, 0xD5, 0x31, 0xA1, 0xC1, 0x19, 0x04,
+        0x02, 0x06, 0x2B, 0x4D, 0x46, 0xAE, 0x43, 0x6A,
+        0x25, 0x82, 0x75, 0x41, 0x70, 0x36, 0x42, 0x48,
+        0x78, 0x06, 0x36, 0x50, 0x23, 0x84, 0x68, 0x10,
+        0x87, 0x08, 0x62, 0x00, 0x08, 0x34, 0x20, 0x73,
+        0x32, 0x13, 0x36, 0x61, 0x87, 0x61, 0x43, 0x50,
+        0x30, 0x02, 0x26, 0x07, 0x65, 0x45, 0x32, 0x00,
+        0x25, 0x75, 0x01, 0x04, 0x88, 0x81, 0x58, 0x64,
+        0x52, 0x40, 0x84, 0x22, 0x88, 0x42, 0x82, 0x56,
+        0x47, 0x50, 0x05, 0x21, 0x88, 0x25, 0x32, 0x25,
+        0x12, 0x85, 0x14, 0x52, 0x87, 0x77, 0x67, 0x18,
+        0x46, 0x54, 0x63, 0x07, 0x88, 0x67, 0x37, 0x26,
+        0x72, 0x62, 0x41, 0x02, 0x00, 0x01, 0x17, 0x84,
+        0x33, 0x64, 0x32, 0x57, 0x06, 0x20, 0x05, 0x44,
+        0x88, 0x57, 0x33, 0x45, 0x70, 0x55, 0x14, 0x43,
+        0x12, 0x54, 0x04, 0x38, 0x37, 0x08, 0x42, 0x57,
+        0x36, 0x05, 0x30, 0x03, 0x86, 0x53, 0x02, 0x53,
+        0x75, 0x22, 0x62, 0x13, 0x38, 0x82, 0x48, 0x30,
+        0x83, 0x83, 0x64, 0x83, 0x13, 0x74, 0x57, 0x32,
+        0x46, 0x70, 0x06, 0x05, 0x82, 0x52, 0x73, 0x55,
+        0x25, 0x77, 0x21, 0x78, 0x57, 0x83, 0x66, 0x20,
+        0x38, 0x53, 0x21, 0x41, 0x77, 0x56, 0x77, 0x46,
+        0x34, 0x42, 0x58, 0x31, 0x08, 0x06, 0x03, 0x62,
+        0x20, 0x35, 0x11, 0x42, 0x35, 0x38, 0x63, 0x86,
+        0x64, 0x13, 0x13, 0x75, 0x40, 0x01, 0x53, 0x74,
+        0x41, 0x31, 0x56, 0x64, 0x38, 0x17, 0x14, 0x16,
+        0x62, 0x33, 0x22, 0x12, 0x64, 0x40, 0x67, 0x11,
+        0x62, 0x42, 0x25, 0x60, 0x38, 0x05, 0x83, 0x13,
+        0x51, 0x00, 0x28, 0x36, 0x62, 0x56, 0x41, 0x43,
+        0x58, 0x37, 0x51, 0x22, 0x70, 0x25, 0x82, 0x82,
+        0x35, 0x24, 0x06, 0x83, 0x48, 0x58, 0x81, 0x78,
+        0x07, 0x86, 0x23, 0x15, 0x75, 0x32, 0x46, 0x75,
+        0x35, 0x40, 0x08, 0x43, 0x10, 0x66, 0x74, 0x05,
+        0x13, 0x72, 0x74, 0x08, 0x83, 0x41, 0x81, 0x08,
+        0x75, 0x87, 0x83, 0x28, 0x56, 0x66, 0x20, 0x01,
+        0x18, 0x83, 0x57, 0x22, 0x14, 0x64, 0x18, 0x05,
+        0x27, 0x75, 0x22, 0x84, 0x12, 0x38, 0x87, 0x52,
+        0x32, 0x25, 0x28, 0x08, 0x14, 0x41, 0x81, 0x14,
+        0x03, 0x24, 0x54, 0x23, 0x04, 0x81, 0x40, 0x36,
+        0x38, 0x38, 0x64, 0x42, 0x46, 0x36, 0x68, 0x11,
+        0x55, 0x00, 0x11, 0x25, 0x76, 0x16, 0x43, 0x07,
+        0x23, 0x03, 0x34, 0x10, 0x46, 0x41, 0x14, 0x02,
+        0x26, 0x10, 0x74, 0x38, 0x38, 0x72, 0x07, 0x87,
+        0x54, 0x11, 0x12, 0x83, 0x75, 0x05, 0x82, 0x17,
+        0x45, 0x20, 0x38, 0x41, 0x37, 0x20, 0x00, 0x08,
+        0x32, 0x18, 0x16, 0x25, 0x58, 0x85, 0x16, 0x88,
+        0x71, 0x82, 0x45, 0x60, 0x33, 0x11, 0x13, 0x42,
+        0x43, 0x37, 0x68, 0x11, 0x16, 0x54, 0x04, 0x08,
+        0x52, 0x78, 0x13, 0x56, 0x83, 0x52, 0x15, 0x24,
+        0x03, 0x61, 0x78, 0x44, 0x13, 0x70, 0x67, 0x36,
+        0x74, 0x86, 0x52, 0x50, 0x15, 0x41, 0x88, 0x74,
+        0x53, 0x00, 0x05, 0x18, 0x65, 0x62, 0x14, 0x84,
+        0x12, 0x32, 0x01, 0x88, 0x40, 0x42, 0x34, 0x05,
+        0x32, 0x80, 0x72, 0x55, 0x20, 0x68, 0x16, 0x43,
+        0x14, 0x15, 0x15, 0x38, 0x43, 0x85, 0x27, 0x60,
+        0x70, 0x18, 0x27, 0x35, 0x53, 0x01, 0x28, 0x73,
+        0x27, 0x84, 0x10, 0x53, 0x67, 0x10, 0x45, 0x40,
+        0x81, 0x52, 0x86, 0x06, 0x11, 0x18, 0x04, 0x31,
+        0x57, 0x25, 0x22, 0x44, 0x47, 0x81, 0x45, 0x44,
+        0x55, 0x04, 0x72, 0x57, 0x06, 0x46, 0x76, 0x23,
+        0x38, 0x85, 0x65, 0x30, 0x08, 0x48, 0x20, 0x13,
+        0x22, 0x77, 0x44, 0x60, 0x43, 0x14, 0x15, 0x27,
+        0x86, 0x22, 0x37, 0x37, 0x27, 0x04, 0x27, 0x50,
+        0x74, 0x31, 0x10, 0x82, 0x00, 0x75, 0x80, 0x44,
+        0x38, 0x10, 0x58, 0x40, 0x86, 0x60, 0x63, 0x13,
+        0x65, 0x18, 0x33, 0x70, 0x57, 0x68, 0x05, 0x10,
+        0x81, 0x03, 0x42, 0x05, 0x25, 0x65, 0x33, 0x57,
+        0x38, 0x05, 0x65, 0x34, 0x46, 0x53, 0x68, 0x11,
+        0x75, 0x10, 0x04, 0x54, 0x18, 0x47, 0x52, 0x24,
+        0x63, 0x23, 0x74, 0x45, 0x11, 0x34, 0x68, 0x32,
+        0x35, 0x38, 0x52, 0x85, 0x28, 0x08, 0x71, 0x78,
+        0x37, 0x38, 0x27, 0x10, 0x80, 0x54, 0x26, 0x33,
+        0x31, 0x82, 0x44, 0x88, 0x33, 0x24, 0x62, 0x86,
+        0x32, 0x82, 0x73, 0x31, 0x28, 0x14, 0x73, 0x87,
+        0x06, 0x35, 0x80, 0x36, 0x67, 0x02, 0x33, 0x75,
+        0x27, 0x36, 0x38, 0x16, 0x35, 0x70, 0x52, 0x16,
+        0x87, 0x58, 0x85, 0x17, 0x22, 0x13, 0x54, 0x85,
+        0x07, 0x53, 0x31, 0x26, 0x78, 0x01, 0x85, 0x18,
+        0x08, 0x68, 0x38, 0x52, 0x11, 0x73, 0x32, 0x25,
+        0x58, 0x82, 0x70, 0x70, 0x36, 0x30, 0x50, 0x38,
+        0x65, 0x12, 0x78, 0x31, 0x77, 0x72, 0x18, 0x41,
+        0x05, 0x42, 0x32, 0x26, 0x26, 0x50, 0x52, 0x86,
+        0x15, 0x76, 0x28, 0x66, 0x88, 0x03, 0x78, 0x28,
+        0x70, 0x33, 0x36, 0x27, 0x16, 0x61, 0x43, 0x56,
+        0x62, 0x81, 0x85, 0x75, 0x47, 0x60, 0x63, 0x38,
+        0x66, 0x81, 0x51, 0x78, 0x03, 0x42, 0x60, 0x38,
+        0x01, 0x24, 0x73, 0x63, 0x81, 0x12, 0x01, 0x27,
+        0x63, 0x13, 0x11, 0x78, 0x36, 0x37, 0x15, 0x03,
+        0x84, 0x58, 0x17, 0x25, 0x67, 0x87, 0x57, 0x83,
+        0x71, 0x85, 0x37, 0x53, 0x86, 0x22, 0x33, 0x28,
+        0x77, 0x30, 0x18, 0x15, 0x01, 0x37, 0x85, 0x40,
+        0x15, 0x38, 0x51, 0x33, 0x17, 0x42, 0x64, 0x04,
+        0x56, 0x27, 0x50, 0x45, 0x11, 0x27, 0x20, 0x17,
+        0x76, 0x55, 0x33, 0x37, 0x58, 0x88, 0x88, 0x45,
+        0x16, 0x55, 0x08, 0x53, 0x52, 0x48, 0x72, 0x85,
+        0x30, 0x15, 0x23, 0x44, 0x22, 0x02, 0x43, 0x45,
+        0x41, 0x10, 0x00, 0x52, 0x32, 0x73, 0x05, 0x75,
+        0x72, 0x16, 0x08, 0x11, 0x51, 0x36, 0x20, 0x04,
+        0x76, 0x48, 0x78, 0x56, 0x60, 0x88, 0x07, 0x47,
+        0x70, 0x20, 0x46, 0x40, 0x43, 0x26, 0x04, 0x37,
+        0x17, 0x51, 0x58, 0x46, 0x72, 0x44, 0x50, 0x23,
+        0x67, 0x63, 0x60, 0x84, 0x30, 0x51, 0x52, 0x53,
+        0x21, 0x74, 0x85, 0x45, 0x74, 0x43, 0x11, 0x72,
+        0x52, 0x65, 0x76, 0x08, 0x78, 0x63, 0x14, 0x27,
+        0x41, 0x34, 0x67, 0x07, 0x45, 0x15, 0x10, 0x83,
+        0x24, 0x02, 0x80, 0x53, 0x07, 0x21, 0x58, 0x10,
+        0x34, 0x20, 0x54, 0x12, 0x58, 0x44, 0x25, 0x53,
+        0x33, 0x46, 0x02, 0x38, 0x60, 0x17, 0x70, 0x64,
+        0x18, 0x52, 0x62, 0x26, 0x65, 0x61, 0x42, 0x31,
+        0x22, 0x57, 0x34, 0x57, 0x02, 0x34, 0x62, 0x76,
+        0x74, 0x38, 0x73, 0x21, 0x68, 0x71, 0x07, 0x21,
+        0x61, 0x05, 0x20, 0x20, 0x86, 0x83, 0x30, 0x25,
+        0x50, 0x50, 0x83, 0x30, 0x31, 0x56, 0x30, 0x31,
+        0x76, 0x04, 0x54, 0x80, 0x75, 0x18, 0x82, 0x23,
+        0x61, 0x87, 0x58, 0x25, 0x13, 0x63, 0x21, 0x51,
+        0x48, 0x02, 0x67, 0x37, 0x12, 0x88, 0x70, 0x60,
+        0x07, 0x36, 0x18, 0x15, 0x87, 0x74, 0x55, 0x60,
+        0x00, 0x54, 0x37, 0x11, 0x01, 0x37, 0x14, 0x17,
+        0x11, 0x72, 0x14, 0x55, 0x31, 0x75, 0x77, 0x48,
+        0x10, 0x23, 0x83, 0x20, 0x00, 0x04, 0x32, 0x64,
+        0x66, 0x61, 0x71, 0x31, 0x03, 0x15, 0x44, 0x32,
+        0x57, 0x25, 0x64, 0x31, 0x28, 0x15, 0x33, 0x67,
+        0x86, 0x87, 0x37, 0x03, 0x12, 0x78, 0x86, 0x13,
+        0x47, 0x80, 0x61, 0x42, 0x50, 0x40, 0x23, 0x37,
+        0x01, 0x01, 0x66, 0x24, 0x06, 0x57, 0x82, 0x02,
+        0x22, 0x42, 0x41, 0x02, 0x26, 0x06, 0x41, 0x35,
+        0x64, 0x16, 0x44, 0x42, 0x38, 0x30, 0x86, 0x88,
+        0x47, 0x71, 0x62, 0x33, 0x24, 0x02, 0x12, 0x37,
+        0x42, 0x33, 0x20, 0x81, 0x80, 0x53, 0x07, 0x65,
+        0x71, 0x27, 0x13, 0x53, 0x15, 0x43, 0x76, 0x38,
+        0x71, 0x30, 0x07, 0x87, 0x25, 0x63, 0x03, 0x33,
+        0x70, 0x56, 0x18, 0x13, 0x83, 0x51, 0x44, 0x40,
+        0x04, 0x80, 0x62, 0x24, 0x20, 0x64, 0x54, 0x40,
+        0x20, 0x73, 0x61, 0x45, 0x01, 0x24, 0x47, 0x78,
+        0x23, 0x34, 0x56, 0x10, 0x25, 0x32, 0x02, 0x70,
+        0x08, 0x02, 0x23, 0x24, 0x80, 0x43, 0x04, 0x02,
+        0x81, 0x11, 0x23, 0x82, 0x03, 0x61, 0x30, 0x33,
+        0x15, 0x36, 0x25, 0x32, 0x14, 0x73, 0x22, 0x46,
+        0x81, 0x25, 0x16, 0x13, 0x52, 0x58, 0x71, 0x61,
+        0x67, 0x08, 0x38, 0x76, 0x71, 0x15, 0x88, 0x47,
+        0x31, 0x25, 0x27, 0x18, 0x31, 0x50, 0x40, 0x71,
+        0x06, 0x87, 0x37, 0x30, 0x85, 0x64, 0x62, 0x78,
+        0x32, 0x74, 0x18, 0x83, 0x67, 0x40, 0x37, 0x44,
+        0x56, 0x02, 0x72, 0x61, 0x27, 0x28, 0x38, 0x38,
+        0x67, 0x17, 0x58, 0x04, 0x61, 0x28, 0x67, 0x37,
+        0x46, 0x50, 0x38, 0x15, 0x45, 0x12, 0x71, 0x44,
+        0x22, 0x02, 0x34, 0x83, 0x40, 0x70, 0x55, 0x75,
+        0x54, 0x26, 0x88, 0x07, 0x25, 0x58, 0x73, 0x60,
+        0x58, 0x61, 0x45, 0x63, 0x35, 0x05, 0x48, 0x63,
+        0x48, 0x57, 0x03, 0x31, 0x28, 0x14, 0x05, 0x01,
+        0x57, 0x34, 0x64, 0x50, 0x23, 0x86, 0x75, 0x85,
+        0x18, 0x75, 0x56, 0x88, 0x08, 0x26, 0x01, 0x34,
+        0x01, 0x57, 0x05, 0x28, 0x35, 0x48, 0x17, 0x57,
+        0x71, 0x81, 0x41, 0x33, 0x77, 0x86, 0x07, 0x77,
+        0x02, 0x25, 0x71, 0x74, 0x37, 0x31, 0x20, 0x14,
+        0x32, 0x54, 0x20, 0x35, 0x54, 0x76, 0x83, 0x15,
+        0x80, 0x73, 0x27, 0x23, 0x00, 0x58, 0x22, 0x84,
+        0x64, 0x56, 0x14, 0x84, 0x38, 0x34, 0x16, 0x21,
+        0x77, 0x07, 0x34, 0x81, 0x66, 0x87, 0x40, 0x11,
+        0x62, 0x46, 0x45, 0x01, 0x20, 0x53, 0x21, 0x73,
+        0x07, 0x76, 0x44, 0x15, 0x61, 0x50, 0x83, 0x48,
+        0x58, 0x58, 0x45, 0x33, 0x25, 0x36, 0x07, 0x42,
+        0x70, 0x24, 0x07, 0x41, 0x08, 0x35, 0x00, 0x78,
+        0x41, 0x47, 0x02, 0x56, 0x07, 0x14, 0x68, 0x33,
+        0x55, 0x77, 0x32, 0x40, 0x55, 0x24, 0x50, 0x26,
+        0x47, 0x12, 0x65, 0x58, 0x43, 0x05, 0x52, 0x55,
+        0x75, 0x50, 0x18, 0x46, 0x65, 0x48, 0x03, 0x32,
+        0x85, 0x31, 0x16, 0x52, 0x71, 0x57, 0x87, 0x46,
+        0x76, 0x14, 0x42, 0x81, 0x28, 0x74, 0x60, 0x34,
+        0x35, 0x55, 0x52, 0x16, 0x58, 0x48, 0x61, 0x75,
+        0x80, 0x88, 0x15, 0x32, 0x72, 0x26, 0x31, 0x03,
+        0x05, 0x03, 0x16, 0x04, 0x07, 0x37, 0x37, 0x73,
+        0x43, 0x81, 0x57, 0x31, 0x88, 0x04, 0x72, 0x76,
+        0x01, 0x61, 0x81, 0x17, 0x37, 0x65, 0x44, 0x38,
+        0x61, 0x23, 0x16, 0x26, 0x52, 0x45, 0x00, 0x73,
+        0x83, 0x63, 0x64, 0x62, 0x26, 0x74, 0x60, 0x11,
+        0x81, 0x08, 0x06, 0x30, 0x36, 0x05, 0x10, 0x48,
+        0x47, 0x35, 0x10, 0x85, 0x30, 0x86, 0x71, 0x38,
+        0x16, 0x37, 0x6F, 0x3B, 0x1C, 0x18, 0xB1, 0xE3,
+        0xE8, 0xEE, 0x83, 0x3E, 0x8D, 0x38, 0x43, 0x9E,
+        0x78, 0x1C, 0xA3, 0xB8, 0x94, 0x06, 0x54, 0xEF,
+        0x44, 0x6C, 0x9A, 0xAC, 0xC3, 0xF1, 0xD3, 0x0E,
+        0xE0, 0x10, 0x5B, 0x8F, 0x63, 0xEB, 0x89, 0x74,
+        0x6E, 0xF4, 0xBE, 0xB5, 0x4C, 0xFC, 0xE8, 0x81,
+        0x2C, 0xF9, 0x47, 0xCF, 0x54, 0x54, 0xFB, 0x1C,
+        0xA5, 0x5F, 0x25, 0xA0, 0xFE, 0x57, 0xF5, 0xFC,
+        0xFD, 0x73, 0xB0, 0xDA, 0x04, 0xB0, 0xBF, 0x28,
+        0x92, 0x92, 0xAF, 0x39, 0x74, 0x72, 0x56, 0x69,
+        0xC3, 0x00, 0x03, 0xE0, 0x50, 0x9F, 0xED, 0xC8,
+        0x0F, 0x6C, 0x89, 0x4B, 0xB0, 0x47, 0xC2, 0xE2,
+        0xAF, 0x48, 0x5C, 0xAD, 0x68, 0xC2, 0x1D, 0x80,
+        0xEF, 0x33, 0xB0, 0xC4, 0xFD, 0xA6, 0x7B, 0x85,
+        0x31, 0xA1, 0x58, 0x87, 0x67, 0x54, 0x71, 0x3F,
+        0xF8, 0xA8, 0xA6, 0x8D, 0x9A, 0xBD, 0xC4, 0x81,
+        0x6B, 0x24, 0xB4, 0xA3, 0x6A, 0x8A, 0x2B, 0xB1,
+        0xFD, 0x1C, 0x2C, 0x25, 0xC3, 0x72, 0xC4, 0xB7,
+        0x75, 0xF8, 0xCC, 0x17, 0x39, 0xCF, 0x2C, 0xE9,
+        0xA4, 0x54, 0x58, 0xE4, 0x1A, 0xAE, 0xC6, 0x4A,
+        0xEE, 0xDE, 0x75, 0x7C, 0xE7, 0x38, 0xBC, 0xDF,
+        0x4D, 0xA0, 0xEE, 0x2B, 0xDD, 0x5F, 0x80, 0x5C,
+        0xCF, 0xF7, 0x2A, 0x5F, 0x73, 0x8B, 0xAC, 0x12,
+        0x34, 0x2E, 0xE3, 0xF1, 0x4C, 0xB7, 0x22, 0x68,
+        0xC2, 0xD6, 0x36, 0x7D, 0xF1, 0x7F, 0x20, 0x46,
+        0xA2, 0x4B, 0x47, 0x4B, 0x32, 0x58, 0xF7, 0xB0,
+        0x88, 0x54, 0x6C, 0x99, 0x3B, 0x0D, 0xA1, 0xE2,
+        0x92, 0x92, 0xEB, 0x72, 0x1E, 0xE7, 0xE5, 0xA1,
+        0xF8, 0x6E, 0x14, 0xA5, 0x39, 0xB0, 0x63, 0x6F,
+        0x78, 0x82, 0xA1, 0x9C, 0x8D, 0x79, 0x02, 0x85,
+        0xA6, 0xDF, 0x7D, 0xEE, 0xCE, 0x17, 0x4D, 0x63,
+        0xCF, 0xF3, 0xB2, 0xFF, 0x85, 0x68, 0x81, 0xCB,
+        0x38, 0x6B, 0x1B, 0x38, 0xA2, 0xE0, 0xF2, 0x4C,
+        0x31, 0xE0, 0x91, 0x93, 0xDD, 0xF3, 0x71, 0x47,
+        0xF2, 0x69, 0xD9, 0x4C, 0xDE, 0xF9, 0x90, 0x61,
+        0x34, 0x62, 0x07, 0x71, 0x79, 0xD0, 0xDD, 0x09,
+        0x32, 0x64, 0x39, 0x49, 0x93, 0x1A, 0x02, 0xBA,
+        0xFA, 0x80, 0x17, 0x6E, 0xDF, 0x97, 0xB6, 0xA2,
+        0x31, 0x34, 0x71, 0xF0, 0xB1, 0x9B, 0x3B, 0x59,
+        0xF4, 0x3B, 0xD2, 0x2A, 0x05, 0x49, 0x3E, 0xFB,
+        0x0C, 0xF8, 0xB5, 0xD7, 0xB6, 0x25, 0x2B, 0x09,
+        0x8B, 0x4B, 0xFA, 0x39, 0x5B, 0xF9, 0xA2, 0x09,
+        0xE9, 0xBB, 0x46, 0x01, 0x30, 0x00, 0x90, 0x32,
+        0x58, 0xA6, 0x9B, 0x67, 0xF5, 0x94, 0x11, 0xC8,
+        0x35, 0x95, 0xFA, 0x6E, 0x67, 0x42, 0x8D, 0x96,
+        0x6D, 0x20, 0xFC, 0xD3, 0x09, 0x61, 0x11, 0x86,
+        0x77, 0xC0, 0x86, 0xA3, 0x54, 0xAE, 0x6D, 0x41,
+        0xEE, 0x17, 0xDC, 0xA1, 0xB0, 0xB7, 0x50, 0x43,
+        0xD6, 0xCE, 0x23, 0xBD, 0xB0, 0x1E, 0x02, 0xE5,
+        0x9E, 0xCF, 0xC6, 0x2E, 0x8C, 0x39, 0x71, 0xB1,
+        0x45, 0x02, 0x75, 0xBA, 0x7F, 0x60, 0xB0, 0x8B,
+        0x1C, 0x33, 0xBA, 0x0C, 0xFF, 0x54, 0x63, 0xE3,
+        0x47, 0x5B, 0x07, 0x77, 0x77, 0xC5, 0x72, 0x24,
+        0x60, 0xFA, 0xDB, 0x0B, 0xF6, 0x41, 0x82, 0x69,
+        0x3C, 0x68, 0x37, 0xF5, 0xFD, 0x45, 0x4A, 0x66,
+        0x6C, 0xD7, 0x01, 0x10, 0x78, 0x4A, 0xED, 0x09,
+        0xAE, 0x49, 0x0A, 0x60, 0xC7, 0x78, 0x56, 0x51,
+        0x15, 0xE3, 0x4A, 0xB5, 0xAE, 0xAD, 0x09, 0xD1,
+        0x71, 0xA8, 0xCA, 0x3C, 0x8A, 0xE6, 0xCA, 0x39,
+        0x43, 0x60, 0x56, 0x83, 0x3C, 0x58, 0x04, 0xD4,
+        0xB4, 0x62, 0xDD, 0x53, 0x05, 0xC8, 0x51, 0xAF,
+        0x59, 0xF6, 0x4F, 0x04, 0xC3, 0x1E, 0x69, 0xFF,
+        0x82, 0xBF, 0xD7, 0x89, 0xD2, 0x30, 0x9F, 0xF2,
+        0xE6, 0x38, 0x05, 0x9C, 0xD5, 0x08, 0xB8, 0x25,
+        0xF3, 0x3B, 0x99, 0x85, 0x4E, 0x40, 0xF8, 0x40,
+        0xF2, 0x4B, 0x5C, 0x3A, 0xA8, 0x64, 0x41, 0x92,
+        0xEA, 0xCA, 0x9A, 0x7B, 0xCF, 0xBA, 0x1F, 0xDE,
+        0xE0, 0x9D, 0xCA, 0xAD, 0xB4, 0x0C, 0x90, 0xFF,
+        0xE1, 0x6C, 0xEC, 0xDD, 0x32, 0x38, 0x2A, 0xF7,
+        0x19, 0x20, 0x39, 0xCB, 0x29, 0x67, 0x2F, 0x70,
+        0x71, 0x12, 0x10, 0xB6, 0xB8, 0x3E, 0x8D, 0xFD,
+        0xB5, 0xFB, 0xBD, 0xBF, 0xA8, 0xCA, 0x19, 0xC4,
+        0xC6, 0xAC, 0x37, 0x31, 0xFC, 0x33, 0xC2, 0x7F,
+        0xA2, 0xA2, 0x6D, 0xEB, 0x15, 0x2E, 0xA1, 0x90,
+        0xF8, 0x29, 0xC6, 0x34, 0xD1, 0x39, 0x30, 0x24,
+        0x1C, 0xB9, 0x26, 0xAC, 0xDD, 0xE5, 0x24, 0x9C,
+        0xDD, 0x35, 0x60, 0x7E, 0x38, 0x0C, 0xC1, 0x2A,
+        0x7D, 0x1E, 0xA9, 0xBA, 0xA5, 0x58, 0x4C, 0xDD,
+        0x26, 0x86, 0x09, 0xDC, 0xC3, 0xB0, 0x1F, 0xCD,
+        0xC9, 0xAD, 0xCB, 0x4A, 0x7E, 0x51, 0x67, 0xE5,
+        0xED, 0x5A, 0xD2, 0x21, 0xDB, 0x2E, 0xAB, 0xD9,
+        0x0A, 0xEC, 0xAE, 0x71, 0xFA, 0x23, 0x7A, 0xEF,
+        0x98, 0xDF, 0x53, 0x89, 0x93, 0xE8, 0x71, 0xD7,
+        0x35, 0xDA, 0x6B, 0x88, 0x31, 0xAF, 0x67, 0xF2,
+        0x97, 0x29, 0x1C, 0x39, 0x67, 0xEB, 0xAF, 0x60,
+        0xD9, 0x53, 0xC4, 0x0F, 0x7A, 0x46, 0x4E, 0xF3,
+        0x2F, 0x8E, 0xAE, 0xFA, 0x64, 0x2E, 0x37, 0xDE,
+        0xA9, 0x74, 0x73, 0x5D, 0xDD, 0xBB, 0x83, 0x54,
+        0x27, 0xB9, 0x7A, 0x63, 0x2B, 0x19, 0x8B, 0x26,
+        0x22, 0x28, 0x84, 0xA0, 0x58, 0x00, 0x2D, 0x55,
+        0xEA, 0x2A, 0x80, 0x0D, 0x6C, 0x97, 0x0E, 0x8B,
+        0xF7, 0x67, 0xB2, 0x8B, 0x2D, 0xDE, 0x8F, 0x58,
+        0xFE, 0x97, 0x81, 0xE7, 0xE2, 0x58, 0x8D, 0x7E,
+        0x1B, 0xAB, 0xE5, 0x15, 0x9D, 0x54, 0xF4, 0x00,
+        0x34, 0x1D, 0x12, 0x1B, 0x03, 0x23, 0x2B, 0x06,
+        0x2E, 0x8C, 0xD0, 0x0A, 0xDC, 0x19, 0xA1, 0x69,
+        0x1D, 0x72, 0x91, 0xB4, 0xED, 0x0E, 0x81, 0xF7,
+        0x05, 0x99, 0x84, 0xFC, 0x74, 0x0F, 0x7D, 0xF8,
+        0x9B, 0x3E, 0x7F, 0x63, 0x7C, 0x73, 0xEB, 0xF5,
+        0x36, 0xB3, 0x24, 0x22, 0xAA, 0x33, 0x0C, 0x30,
+        0x42, 0xC3, 0xE2, 0x04, 0x6B, 0x3F, 0x2A, 0x0D,
+        0xAB, 0xE8, 0x5A, 0x9A, 0x09, 0xD7, 0xB6, 0xAA,
+        0x9C, 0x3E, 0xD0, 0x9E, 0xB5, 0x9B, 0x52, 0x7B,
+        0xAF, 0x2D, 0x6B, 0xE0, 0x40, 0x12, 0x34, 0xBE,
+        0x49, 0xAB, 0xD2, 0xC8, 0xB5, 0x89, 0x1B, 0x79,
+        0xEC, 0xAE, 0x88, 0x89, 0x3C, 0x05, 0xC7, 0x75,
+        0xC5, 0x84, 0xF7, 0x10, 0x49, 0x48, 0x92, 0x69,
+        0x9E, 0xD5, 0x56, 0xB2, 0x1E, 0x81, 0x18, 0x78,
+        0xCB, 0x93, 0x5D, 0x70, 0x3A, 0xB2, 0x67, 0xD1,
+        0xCC, 0x8F, 0x83, 0x03, 0xB9, 0x64, 0x46, 0x22,
+        0x78, 0x0D, 0x55, 0x67, 0x22, 0x58, 0x0E, 0x22,
+        0x6B, 0xBA, 0x01, 0xD4, 0x77, 0x05, 0xA7, 0xAC,
+        0xB7, 0xE5, 0xFC, 0xE6, 0x11, 0xCC, 0x92, 0x5A,
+        0x8C, 0xC0, 0x08, 0x24, 0xAF, 0xCC, 0x4D, 0xBD,
+        0x79, 0xD3, 0x5C, 0x52, 0x2C, 0xFF, 0x1A, 0x48,
+        0xBB, 0x91, 0x59, 0x6A, 0x80, 0x32, 0x8C, 0x75,
+        0x7C, 0xD2, 0xC1, 0x94, 0x94, 0xA8, 0x55, 0x4B,
+        0xF2, 0x96, 0xF7, 0x86, 0xF7, 0x53, 0x4F, 0x54,
+        0x74, 0x05, 0x5C, 0xEF, 0x02, 0xA0, 0x8A, 0xD1,
+        0x88, 0x72, 0xEB, 0x1B, 0x82, 0xF9, 0xFB, 0xDA,
+        0xBC, 0xB9, 0x90, 0x98, 0xF2, 0x4B, 0x9A, 0xA6,
+        0x89, 0xD5, 0xB3, 0xD8, 0x7B, 0x94, 0xE3, 0x1F,
+        0x17, 0x4F, 0xEB, 0x24, 0x06, 0x2B, 0xAB, 0x5F,
+        0x27, 0x9B, 0xCD, 0xCE, 0x50, 0x06, 0x40, 0xDD,
+        0x7A, 0x8C, 0x67, 0xF0, 0x8E, 0x07, 0xB4, 0x1C,
+        0x3C, 0x13, 0xB2, 0x07, 0x6A, 0x38, 0x59, 0x94,
+        0x2C, 0xB1, 0x72, 0xA8, 0x77, 0x5B, 0x15, 0x8F,
+        0x88, 0xC4, 0x5C, 0xDC, 0x92, 0xCA, 0xC0, 0xED,
+        0x02, 0xFF, 0x1D, 0x57, 0x25, 0xBE, 0x67, 0x3E,
+        0x4C, 0xE8, 0x95, 0x2A, 0x80, 0xB2, 0x5D, 0xBC,
+        0xFA, 0x17, 0xA9, 0x35, 0x0A, 0x6B, 0x07, 0xC8,
+        0x8F, 0x88, 0x8D, 0xBC, 0x97, 0x84, 0xE2, 0x07,
+        0x57, 0x92, 0x99, 0x4B, 0xE8, 0xDD, 0xD7, 0xA4,
+        0x58, 0xCB, 0x61, 0xCE, 0x16, 0xFC, 0x22, 0xCD,
+        0x4B, 0x1A, 0x08, 0xC9, 0xAD, 0x3D, 0xB1, 0xF2,
+        0xA9, 0x1B, 0x8E, 0xD0, 0xC7, 0xBC, 0xCE, 0xF9,
+        0x0A, 0x7A, 0x4D, 0xBE, 0x82, 0x0A, 0xBD, 0x6C,
+        0x42, 0x99, 0xBF, 0x86, 0x65, 0x53, 0xAA, 0x04,
+        0x79, 0xD6, 0x6D, 0x7E, 0x0F, 0x40, 0xFA, 0xEE,
+        0xCE, 0x38, 0x3B, 0x1C, 0x2F, 0xA4, 0x45, 0xA3,
+        0x78, 0x2B, 0xA0, 0x29, 0xC5, 0xAA, 0xA9, 0x09,
+        0x29, 0x51, 0xDC, 0x5B, 0xB5, 0x95, 0xE4, 0xCE,
+        0xC8, 0x50, 0x71, 0x2D, 0xE9, 0x32, 0x12, 0xA0,
+        0x7C, 0x88, 0x6B, 0xED, 0xE4, 0x38, 0xB7, 0x92,
+        0xCA, 0xE4, 0xDC, 0xD4, 0x05, 0x3B, 0x2B, 0x84,
+        0x95, 0x07, 0xFF, 0xF4, 0x79, 0xFF, 0x1E, 0x73,
+        0x1B, 0x8E, 0xDF, 0xA3, 0x15, 0xBD, 0x56, 0xAC,
+        0xDA, 0xAD, 0x73, 0x95, 0xC2, 0xD3, 0x72, 0xA8,
+        0xF0, 0x8E, 0x6C, 0xE3, 0x7D, 0xBE, 0x4C, 0x87,
+        0xFC, 0x0F, 0xA6, 0x3B, 0xED, 0xA4, 0x0F, 0x4F,
+        0xF1, 0x5D, 0xF2, 0x56, 0x54, 0xD1, 0xCE, 0x6C,
+        0xCA, 0x1C, 0xCB, 0xC2, 0x45, 0x7F, 0x90, 0x61,
+        0x0E, 0x3D, 0xCE, 0xBB, 0x5E, 0x41, 0x38, 0x2B,
+        0xD4, 0x41, 0x7C, 0x67, 0x7C, 0x71, 0x95, 0x34,
+        0xD7, 0xED, 0x4D, 0xAC, 0x6E, 0xF1, 0x46, 0xEA,
+        0x7D, 0xA4, 0x4C, 0x69, 0x0B, 0x9C, 0x2F, 0xAA,
+        0xF1, 0x17, 0x90, 0x1B, 0xF4, 0x4C, 0x03, 0xBE,
+        0x9D, 0x56, 0xCE, 0x0C, 0xCF, 0xE0, 0x87, 0x44,
+        0xBE, 0x2C, 0x52, 0xD3, 0xBC, 0xAE, 0x02, 0x30,
+        0xC7, 0x26, 0x06, 0x88, 0xA6, 0xAA, 0x9D, 0x50,
+        0xF1, 0x94, 0x58, 0xC7, 0x60, 0xF3, 0xA0, 0x6F,
+        0x53, 0x66, 0x53, 0xCD, 0x1D, 0xBE, 0xD1, 0xF2,
+        0x39, 0xBA, 0x1F, 0xE8, 0x40, 0x84, 0xCD, 0x1C,
+        0x8F, 0x3D, 0xB7, 0xD1, 0x51, 0x00, 0xDE, 0xB8,
+        0x11, 0xD9, 0x66, 0xAD, 0xD5, 0xE9, 0x33, 0x09,
+        0xE1, 0xA8, 0x00, 0x58, 0x65, 0xF1, 0xC1, 0x67,
+        0xB4, 0x3A, 0xA7, 0x98, 0x90, 0x6A, 0xDB, 0x91,
+        0xDB, 0x4A, 0x16, 0x35, 0xDC, 0x3D, 0x69, 0xEB,
+        0x7B, 0xDE, 0xCC, 0x91, 0x1B, 0x8D, 0xE6, 0x46,
+        0x61, 0x8E, 0x3F, 0x4C, 0x88, 0x81, 0x85, 0x4A,
+        0x73, 0x08, 0x56, 0x52, 0xAE, 0xE6, 0x4A, 0x60,
+        0x4A, 0x2E, 0x0C, 0x9A, 0x93, 0x76, 0x35, 0xC9,
+        0x36, 0x28, 0x0C, 0x72, 0x19, 0xAD, 0x33, 0xCF,
+        0x2B, 0xFB, 0xCE, 0x1A, 0x7D, 0xAC, 0xAA, 0x75,
+        0x15, 0x76, 0x81, 0x52, 0x55, 0xCC, 0xB9, 0x39,
+        0x07, 0xA3, 0x39, 0x12, 0x8D, 0x6F, 0x53, 0xAF,
+        0xC7, 0x14, 0x7F, 0xC7, 0x96, 0x5A, 0x49, 0x3C,
+        0x5C, 0xB0, 0x26, 0x47, 0xF4, 0x9D, 0xCA, 0x23,
+        0xA6, 0x7D, 0xA6, 0x61, 0xC4, 0xA3, 0x26, 0x40,
+        0x0F, 0xA7, 0x27, 0x09, 0xBC, 0x39, 0xFD, 0xA7,
+        0x75, 0x38, 0x74, 0xD0, 0x9D, 0x29, 0x15, 0x97,
+        0xDE, 0x25, 0x60, 0x4D, 0x19, 0x36, 0x04, 0xFB,
+        0xA5, 0x2C, 0xB0, 0xC8, 0xB5, 0xFE, 0xE5, 0x94,
+        0x7C, 0xE2, 0x1F, 0x84, 0xBB, 0xFB, 0x78, 0x9E,
+        0xA5, 0x7C, 0x5D, 0x4A, 0xB2, 0x48, 0x6F, 0x6E,
+        0x67, 0x95, 0x16, 0x5F, 0x01, 0x2A, 0xF8, 0x70,
+        0x95, 0xCB, 0x06, 0x93, 0x26, 0x6E, 0x7A, 0x75,
+        0xB5, 0xE5, 0x4E, 0x27, 0x1D, 0x8B, 0x30, 0xA6,
+        0x67, 0x67, 0xD6, 0xE2, 0xD6, 0xD1, 0x99, 0xA4,
+        0x55, 0x73, 0x19, 0x32, 0xF6, 0x0B, 0x6B, 0x4A,
+        0xEE, 0x23, 0x33, 0x38, 0x30, 0x68, 0x6F, 0x8E,
+        0x60, 0xA9, 0x60, 0x97, 0x3E, 0xEA, 0x5D, 0xE1,
+        0x40, 0x6F, 0x0C, 0x76, 0x84, 0xCF, 0xAF, 0x86,
+        0x8D, 0x36, 0xE5, 0x7D, 0xAE, 0x9A, 0x13, 0x70,
+        0x22, 0x2A, 0x31, 0xFE, 0xC2, 0xFB, 0xE1, 0x58,
+        0xA5, 0x4E, 0xEF, 0x10, 0x5B, 0x5E, 0xD4, 0x39,
+        0xFC, 0xF9, 0x15, 0x64, 0x78, 0x43, 0x7D, 0x03,
+        0x9F, 0x5B, 0xCB, 0x86, 0xD2, 0xEF, 0x28, 0xBD,
+        0x14, 0xCB, 0x8A, 0x04, 0x1D, 0x59, 0x23, 0x53,
+        0x4D, 0x13, 0xF9, 0x93, 0xFE, 0x19, 0x9C, 0xC3,
+        0x3F, 0xD9, 0xC1, 0x12, 0x94, 0x84, 0x13, 0x95,
+        0x8F, 0xD9, 0x10, 0xAB, 0x37, 0x69, 0x08, 0x04,
+        0x4A, 0x97, 0x82, 0x28, 0x75, 0xBB, 0xC9, 0xF4,
+        0x3F, 0x19, 0x6B, 0x00, 0x4C, 0x56, 0x16, 0x1F,
+        0x50, 0x82, 0xD1, 0x45, 0xFF, 0x0C, 0x37, 0x28,
+        0x04, 0xBB, 0x6C, 0x00, 0x97, 0x3A, 0x79, 0x2D,
+        0x9A, 0xB9, 0xA5, 0x16, 0x52, 0x02, 0xA3, 0x86,
+        0x81, 0xAA, 0x3A, 0x31, 0xE5, 0xB5, 0x44, 0x2D,
+        0x34, 0xE2, 0x7A, 0xD8, 0xFE, 0xA1, 0x36, 0xC0,
+        0x36, 0x65, 0x73, 0x12, 0x9F, 0x61, 0x3F, 0x59,
+        0xC9, 0x68, 0xB6, 0x34, 0x41, 0x40, 0x25, 0xD6,
+        0xE7, 0xAD, 0x25, 0x7D, 0xCB, 0xF1, 0x2A, 0xD8,
+        0x53, 0x48, 0x9D, 0xBF, 0xB5, 0xD5, 0x61, 0x18,
+        0x0E, 0x2A, 0x21, 0x3E, 0x61, 0x18, 0x07, 0x8E,
+        0x6F, 0x9A, 0x96, 0xA8, 0x61, 0xFE, 0x8D, 0x66,
+        0x1A, 0x21, 0x99, 0xD9, 0x60, 0x8B, 0xAC, 0x85,
+        0x84, 0x3D, 0x41, 0xF9, 0x93, 0x35, 0x24, 0x32,
+        0xFF, 0xC0, 0x8A, 0xFA, 0xBC, 0xA7, 0x85, 0x57,
+        0x3C, 0x16, 0x83, 0xAE, 0x90, 0xDE, 0x40, 0x12,
+        0xE4, 0x2B, 0xA2, 0x47, 0xA4, 0x92, 0x73, 0x54,
+        0x6C, 0xA5, 0xB7, 0xEE, 0x62, 0xEA, 0x62, 0x37,
+        0xD9, 0xD7, 0x73, 0x58, 0x43, 0xDB, 0x20, 0x60,
+        0x8C, 0x4F, 0x87, 0x58, 0xB2, 0x2B, 0xC3, 0x40,
+        0xB0, 0xC1, 0xB6, 0xB6, 0xA9, 0xCD, 0xCC, 0x05,
+        0x4F, 0x38, 0x5F, 0x08, 0xB3, 0x3B, 0x08, 0x4D,
+        0x78, 0x6B, 0x0D, 0x40, 0x46, 0xB9, 0x20, 0xDE,
+        0x29, 0x6F, 0x23, 0x96, 0xDA, 0x02, 0xF5, 0x1C,
+        0x1A, 0x1A, 0x36, 0xA3, 0x3A, 0xFA, 0x1D, 0x80,
+        0x36, 0x3C, 0xF6, 0xB4, 0xDC, 0x2C, 0x88, 0x54,
+        0xF7, 0x86, 0xC6, 0xF2, 0x15, 0xF8, 0x85, 0x33,
+        0xFB, 0x21, 0x20, 0x59, 0xCE, 0x60, 0x4B, 0xE8,
+        0xF1, 0xB7, 0x54, 0x17, 0x1E, 0x83, 0xCD, 0x82,
+        0x39, 0x40, 0x14, 0x31, 0xEC, 0x89, 0xC8, 0xE2,
+        0x6A, 0xAE, 0x3F, 0x49, 0x5B, 0x38, 0xE7, 0xCD,
+        0xE2, 0xF6, 0xEF, 0x90, 0x51, 0x10, 0x83, 0x79,
+        0x27, 0x80, 0x2F, 0x45, 0x78, 0x67, 0xAF, 0xF4,
+        0x65, 0x95, 0x2D, 0xFE, 0x00, 0xF3, 0x2A, 0x60,
+        0x00, 0xF7, 0x26, 0xFA, 0x3C, 0xAD, 0xA9, 0xAF,
+        0xCA, 0xF6, 0x69, 0x48, 0x03, 0xBE, 0x18, 0x73,
+        0x54, 0x06, 0x06, 0x3E, 0x4E, 0xAD, 0xFC, 0x8B,
+        0xC3, 0x43, 0x24, 0x5D, 0xE9, 0xDE, 0x78, 0xDC,
+        0xD0, 0xA7, 0x04, 0x77, 0xF0, 0x0D, 0xA3, 0x37,
+        0x8C, 0x5F, 0x8B, 0xDF, 0xBE, 0x90, 0x1F, 0xA6,
+        0xB3, 0x17, 0x9D, 0x68, 0x36, 0x45, 0x11, 0x60,
+        0xFF, 0xF9, 0xBA, 0xDA, 0x80, 0xAA, 0x37, 0x57,
+        0xDD, 0x34, 0x30, 0x42, 0x7A, 0x9C, 0x86, 0xB4,
+        0x91, 0x30, 0xB8, 0xC0, 0xC4, 0x29, 0x15, 0x31,
+        0xF3, 0x9A, 0xB0, 0xCD, 0xAC, 0x8C, 0x7C, 0x8C,
+        0x4A, 0xDC, 0x76, 0xB6, 0x31, 0x30, 0xDE, 0x2D,
+        0x81, 0x04, 0xC7, 0x48, 0x73, 0x69, 0x02, 0x40,
+        0x30, 0x19, 0x66, 0x94, 0x21, 0x65, 0x13, 0x18,
+        0xC2, 0x09, 0x14, 0x5F, 0xC4, 0x2F, 0xC4, 0xD6,
+        0xA6, 0x05, 0x37, 0xAF, 0x72, 0x0C, 0x47, 0x02,
+        0x29, 0x95, 0x08, 0x9D, 0xC9, 0x07, 0x31, 0x38,
+        0xA9, 0xB5, 0xDA, 0x21, 0x76, 0x1D, 0x84, 0xD0,
+        0x15, 0xAF, 0x2A, 0xA3, 0x69, 0x0A, 0xE9, 0x4F,
+        0x75, 0x8A, 0x50, 0xA5, 0x11, 0xD4, 0x5F, 0xAF,
+        0x70, 0x43, 0xCB, 0xD7, 0x03, 0x9E, 0xB0, 0xBD,
+        0x19, 0x47, 0x94, 0x58, 0x22, 0x86, 0xC6, 0xE3,
+        0x62, 0xD8, 0x63, 0x05, 0xD9, 0xE2, 0xE5, 0x4A,
+        0x04, 0x54, 0x5A, 0x55, 0x25, 0xAD, 0x15, 0x5C,
+        0x4B, 0x71, 0x25, 0xE1, 0x50, 0xE3, 0x62, 0x1B,
+        0xD2, 0x43, 0x28, 0xD2, 0x84, 0xE4, 0xE2, 0x05,
+        0xE3, 0x01, 0x4C, 0x8F, 0x38, 0x17, 0x49, 0xFD,
+        0x3B, 0x52, 0x1A, 0x55, 0xB3, 0x1D, 0x69, 0x83,
+        0xAB, 0x9E, 0xC4, 0x73, 0xEE, 0x64, 0x7A, 0x73,
+        0x19, 0xEF, 0xCD, 0x7D, 0xB7, 0xF4, 0x2E, 0xCB,
+        0x55, 0x2A, 0x8A, 0xCC, 0x8F, 0xF8, 0x4E, 0xFB,
+        0xD2, 0x63, 0x8F, 0xF1, 0x10, 0x89, 0x02, 0x93,
+        0x3E, 0xAC, 0xA4, 0xB4, 0x89, 0xC7, 0xF7, 0x8B,
+        0x3E, 0xE1, 0xE8, 0x93, 0xB9, 0x8E, 0x36, 0x25,
+        0xC1, 0xC0, 0xD9, 0x44, 0x81, 0xC0, 0x99, 0x3C,
+        0x2B, 0x89, 0xF7, 0xDF, 0xDB, 0xD8, 0xCC, 0x84,
+        0xE6, 0xFF, 0xFE, 0xAC, 0x21, 0x16, 0xF1, 0xE2,
+        0xEF, 0x0A, 0x32, 0xA7, 0xDE, 0x87, 0x51, 0xEC,
+        0xB1, 0x0C, 0x0B, 0xC7, 0x07, 0xD9, 0x9A, 0xF8,
+        0xE8, 0xB0, 0xFE, 0xA5, 0x67, 0xAF, 0x53, 0x9F,
+        0xEF, 0x23, 0xEF, 0x7D, 0xFF, 0xA8, 0x8E, 0xDE,
+        0x97, 0x93, 0x32, 0xA6, 0x7C, 0xCF, 0x49, 0xBC,
+        0x36, 0x0D, 0x88, 0x90, 0x89, 0x39, 0x76, 0xA8,
+        0x82, 0x19, 0x02, 0xB6, 0x02, 0x82, 0xFE, 0xED,
+        0x9C, 0x28, 0x8D, 0xB0, 0x1E, 0x2B, 0x2A, 0xCF,
+        0xF3, 0x94, 0xFF, 0x66, 0x33, 0x93, 0x31, 0xD6,
+        0xFC, 0xAF, 0xE7, 0xC5, 0x98, 0x01, 0x46, 0xCD,
+        0xCB, 0xC4, 0x41, 0x13, 0x6D, 0x42, 0xF5, 0x13,
+        0xDF, 0xF9, 0x97, 0x65, 0xD4, 0x7B, 0x6E, 0x10,
+        0x79, 0x5D, 0x5A, 0x82, 0xA2, 0x49, 0x53, 0xA7,
+        0x6D, 0x9C, 0xDD, 0x0A, 0x80, 0x98, 0x58, 0x07,
+        0x30, 0xBF, 0x0B, 0x30, 0xAC, 0x24, 0x9E, 0xA0,
+        0xE8, 0xE4, 0x7A, 0x0D, 0xD0, 0x50, 0x82, 0xAE,
+        0xBB, 0xEC, 0x15, 0x30, 0x2A, 0xF2, 0xA7, 0xA6,
+        0x6A, 0xC8, 0xAE, 0x1E, 0x14, 0x80, 0x7C, 0x18,
+        0xE7, 0x2B, 0x88, 0x65, 0xB7, 0x93, 0x12, 0xB3,
+        0xC1, 0x2A, 0x20, 0xAD, 0x3B, 0x2E, 0x84, 0xC4,
+        0x0D, 0xA7, 0x62, 0x5C, 0x79, 0x52, 0x5D, 0x59,
+        0xA4, 0x69, 0x5C, 0x26, 0xFD, 0x4F, 0x80, 0xCC,
+        0xFE, 0x8E, 0x70, 0x72, 0xB1, 0x41, 0xE1, 0x75,
+        0x53, 0x51, 0xCF, 0x4C, 0x0B, 0x57, 0xF2, 0xB8,
+        0x59, 0x76, 0xE6, 0xEF, 0x6D, 0x74, 0xA6, 0x73,
+        0x69, 0x7F, 0x7C, 0xB2, 0x35, 0xFE, 0x8A, 0x02,
+        0x2F, 0xBE, 0x7C, 0x4D, 0x02, 0xBE, 0x8F, 0xFB,
+        0x7A, 0x58, 0x45, 0xEC, 0xBA, 0x1B, 0xC6, 0xB9,
+        0x8D, 0xF5, 0xB0, 0x82, 0xD1, 0xB4, 0x97, 0x86,
+        0x9B, 0x33, 0x54, 0x49, 0x5B, 0x88, 0xD9, 0xB5,
+        0xD0, 0x93, 0x8A, 0x00, 0x5D, 0x0F, 0x37, 0x88,
+        0x57, 0xE3, 0xFA, 0x7E, 0x7B, 0xFA, 0x43, 0x74,
+        0x8D, 0x64, 0x07, 0xD7, 0x07, 0x85, 0x4D, 0x49,
+        0xBC, 0x83, 0xF5, 0xD4, 0x95, 0x3E, 0x3E, 0x09,
+        0x65, 0xF3, 0xFC, 0x88, 0xA7, 0xF0, 0x46, 0x61,
+        0x44, 0x7D, 0x76, 0xED, 0xC9, 0x8D, 0x0F, 0x8D,
+        0xDA, 0x0D, 0x01, 0xC8, 0xB1, 0xA8, 0x9B, 0x4A,
+        0xF0, 0xA3, 0x88, 0x54, 0xC1, 0xD6, 0x52, 0x97
+    };
+#endif /* WOLFSSL_NO_ML_DSA_65 */
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte seed_87_draft[] = {
+        0x22, 0x5F, 0x77, 0x07, 0x5E, 0x66, 0xCE, 0x1C,
+        0x99, 0xBA, 0x95, 0xB4, 0xFC, 0xDF, 0x25, 0x8B,
+        0xBB, 0x6F, 0xA5, 0xFE, 0x9C, 0x34, 0x9F, 0x0F,
+        0xDE, 0x3F, 0x71, 0xD5, 0x33, 0x9F, 0x6F, 0xD8
+    };
+    static const byte pk_87_draft[] = {
+        0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6,
+        0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60,
+        0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81,
+        0xFD, 0x76, 0xC2, 0x51, 0x74, 0x75, 0xA8, 0xFB,
+        0x24, 0xBF, 0x9E, 0x97, 0x9C, 0xD2, 0x3E, 0xDA,
+        0x8A, 0x1B, 0xB6, 0x76, 0xDA, 0x7D, 0x7F, 0x44,
+        0xAD, 0x6B, 0xB9, 0xB0, 0x70, 0xD3, 0xD6, 0x44,
+        0x7F, 0xBE, 0x6C, 0x0C, 0x71, 0x37, 0xC6, 0xFB,
+        0x7B, 0x39, 0x83, 0x63, 0x9C, 0x41, 0x5C, 0xF2,
+        0xC9, 0x15, 0xFF, 0xD4, 0x18, 0xEA, 0xA1, 0x4D,
+        0xA9, 0xD1, 0xAD, 0x3C, 0x09, 0x8E, 0xA9, 0x05,
+        0x34, 0x6C, 0xAA, 0x75, 0x78, 0xF8, 0x6B, 0x6E,
+        0x52, 0xE6, 0x57, 0x55, 0x16, 0xF4, 0x92, 0x3E,
+        0x74, 0x3F, 0x96, 0xA3, 0x2A, 0xD0, 0x0E, 0xEE,
+        0xA1, 0xCE, 0x8A, 0x33, 0xF4, 0x87, 0xB9, 0xF3,
+        0x22, 0x5D, 0x2D, 0x84, 0xCD, 0x27, 0x57, 0xCC,
+        0xCF, 0xE6, 0xA3, 0x66, 0x24, 0x53, 0x0E, 0x52,
+        0x8A, 0x2F, 0x64, 0xFC, 0xE7, 0x04, 0xE7, 0xA7,
+        0x6C, 0x2E, 0x6A, 0xDC, 0x00, 0xEF, 0x9B, 0xEC,
+        0x91, 0x07, 0xB9, 0x69, 0x8F, 0x11, 0x59, 0xFC,
+        0x52, 0xEF, 0x4C, 0x36, 0x5A, 0xFD, 0xB1, 0x50,
+        0xED, 0xC3, 0x43, 0x5E, 0x03, 0xBB, 0x70, 0x26,
+        0x00, 0x6E, 0x5A, 0x55, 0x13, 0x51, 0xA4, 0xB1,
+        0x5F, 0xB8, 0x9F, 0xD2, 0xE9, 0x98, 0x38, 0xE8,
+        0xCF, 0x41, 0x73, 0xFD, 0x0D, 0xF1, 0xF6, 0x80,
+        0x89, 0xE1, 0x51, 0x8D, 0xD4, 0xB5, 0x79, 0x27,
+        0x76, 0xBD, 0xD9, 0x2F, 0xC7, 0xC7, 0x9B, 0xC7,
+        0x99, 0x7F, 0x78, 0x84, 0xD2, 0xB8, 0x80, 0xC5,
+        0xD2, 0xB7, 0xEE, 0xC8, 0x0A, 0xFE, 0x35, 0x59,
+        0x84, 0x5D, 0x39, 0x08, 0x39, 0xBE, 0x5E, 0xBF,
+        0x95, 0x93, 0xA7, 0x3E, 0xD0, 0x1E, 0xF6, 0x7D,
+        0x50, 0x3F, 0xFB, 0x74, 0x47, 0x04, 0xA2, 0xDC,
+        0x49, 0x48, 0x76, 0x2B, 0xC8, 0x43, 0x45, 0x75,
+        0x72, 0x84, 0x4D, 0x15, 0x74, 0xE3, 0xEB, 0x37,
+        0x83, 0x0A, 0x3B, 0x7C, 0xD4, 0x02, 0xC7, 0x6E,
+        0xD5, 0xB4, 0xFC, 0x15, 0xF0, 0x5E, 0x76, 0x03,
+        0x4C, 0xBB, 0x6A, 0x29, 0xDE, 0xBC, 0x7E, 0x2B,
+        0x34, 0xB2, 0x14, 0x2A, 0x57, 0xCF, 0x1B, 0x39,
+        0x73, 0xE5, 0x8B, 0xFF, 0x47, 0x50, 0x42, 0xDC,
+        0x22, 0x6C, 0x7E, 0x13, 0x71, 0xF3, 0x37, 0x51,
+        0x40, 0xF2, 0x90, 0x57, 0xAC, 0xB4, 0x64, 0x7C,
+        0x5F, 0x92, 0x6D, 0x3F, 0xDC, 0xCC, 0xC8, 0xD2,
+        0xE1, 0x6B, 0x81, 0xA9, 0xED, 0xCD, 0x0C, 0x8B,
+        0x5B, 0x2E, 0x11, 0x89, 0x87, 0x42, 0x4B, 0xEC,
+        0xAD, 0x40, 0xA5, 0xE5, 0xB4, 0x6D, 0x1C, 0xB4,
+        0x01, 0x0A, 0x8E, 0x9F, 0x6F, 0x25, 0x92, 0x5D,
+        0xFE, 0x6B, 0x6F, 0x24, 0x64, 0x5F, 0x9C, 0x88,
+        0x86, 0x96, 0xE8, 0x79, 0x64, 0x5B, 0x6A, 0x3A,
+        0x76, 0x21, 0x90, 0xCC, 0xB7, 0xD6, 0x26, 0x9D,
+        0x35, 0x54, 0x79, 0xDF, 0x71, 0x90, 0x55, 0x2A,
+        0x38, 0x52, 0xD1, 0xE9, 0x56, 0x73, 0xE7, 0x19,
+        0x44, 0x6A, 0xD3, 0x10, 0x24, 0xB9, 0x4B, 0xF8,
+        0xBB, 0xC9, 0x7B, 0x04, 0x66, 0x39, 0xCE, 0x12,
+        0x3F, 0xDE, 0xC3, 0x75, 0xAF, 0x9F, 0x8D, 0x4C,
+        0xF7, 0x16, 0x9B, 0xEB, 0x5F, 0xE5, 0x1B, 0xBF,
+        0x82, 0x2C, 0x53, 0xBA, 0x2D, 0x98, 0xA4, 0xA0,
+        0x14, 0xA2, 0xDE, 0x69, 0x7F, 0x03, 0x3C, 0x9E,
+        0x4A, 0x57, 0xC6, 0xED, 0xF6, 0x10, 0x6A, 0x76,
+        0x2A, 0x81, 0x92, 0x9F, 0x3E, 0xF0, 0xFD, 0xE9,
+        0xB7, 0xB3, 0x8A, 0xF6, 0x1A, 0x19, 0x9A, 0x16,
+        0x0F, 0x09, 0x45, 0xBD, 0xBB, 0x96, 0x7C, 0x72,
+        0x40, 0xFE, 0x94, 0xBD, 0xE1, 0x60, 0x50, 0x53,
+        0x13, 0xC9, 0x2B, 0xFA, 0x52, 0x40, 0xA2, 0xA7,
+        0xF0, 0x8C, 0x85, 0x78, 0xDB, 0xD6, 0x7F, 0x21,
+        0x39, 0xB5, 0x06, 0x72, 0xEE, 0x99, 0xA1, 0xBD,
+        0x78, 0x1F, 0xA4, 0xE9, 0x54, 0xF4, 0xFA, 0xDF,
+        0xA7, 0x9E, 0xDD, 0x8E, 0xB1, 0xCF, 0xA8, 0x48,
+        0x84, 0x5D, 0x70, 0xCB, 0x2D, 0xA9, 0x66, 0x09,
+        0x0B, 0x75, 0x75, 0xA2, 0x32, 0xFE, 0xDF, 0x96,
+        0x33, 0x84, 0xA7, 0x84, 0x48, 0x1A, 0xFA, 0x82,
+        0x79, 0x0A, 0x87, 0xE1, 0x1F, 0x11, 0x74, 0xD4,
+        0x3C, 0xC0, 0x8D, 0x4F, 0xD2, 0x5D, 0xBB, 0x40,
+        0x10, 0xB2, 0x6F, 0x23, 0xD2, 0xD6, 0xF4, 0xA5,
+        0x87, 0xEF, 0x7D, 0xE8, 0xC6, 0xF7, 0xC6, 0x0F,
+        0xF9, 0x6F, 0xF8, 0x4C, 0x39, 0xE4, 0x82, 0x1E,
+        0x1E, 0x6A, 0x80, 0x2F, 0xEC, 0x22, 0xD6, 0xA0,
+        0xAA, 0xB6, 0x2C, 0xCB, 0x16, 0x43, 0x68, 0xC2,
+        0x27, 0xF6, 0xA2, 0x31, 0x62, 0x66, 0xEC, 0x2F,
+        0xFF, 0x8D, 0xB4, 0x19, 0x51, 0x19, 0xA0, 0x8C,
+        0x67, 0xE2, 0x04, 0x04, 0xB9, 0x1F, 0x08, 0x70,
+        0x9E, 0xAA, 0xC2, 0xDE, 0xCB, 0x96, 0x19, 0x8F,
+        0x02, 0x74, 0x10, 0xCC, 0x1B, 0x82, 0x5D, 0x9C,
+        0x07, 0x00, 0xE5, 0xD7, 0x04, 0x51, 0xBA, 0x7F,
+        0x67, 0xF9, 0x64, 0x0C, 0xA3, 0x6B, 0xF3, 0x12,
+        0x21, 0x80, 0x68, 0xD6, 0xA2, 0xCA, 0xFF, 0x59,
+        0x33, 0x43, 0x7D, 0x67, 0xBF, 0xD4, 0x88, 0x4A,
+        0x6E, 0x92, 0xBA, 0x41, 0xE1, 0x28, 0xDA, 0xEB,
+        0xE1, 0xEA, 0x25, 0x60, 0xE1, 0x2F, 0xED, 0x2C,
+        0xD4, 0x4B, 0xC9, 0x4E, 0x9E, 0x9D, 0xFA, 0xBB,
+        0xF9, 0x61, 0x41, 0x4C, 0x24, 0x24, 0xFC, 0x9B,
+        0x62, 0xFE, 0x73, 0x74, 0xF6, 0xB8, 0x9B, 0xA9,
+        0x02, 0x96, 0xF4, 0x90, 0x18, 0xA7, 0xF5, 0x49,
+        0xC1, 0xA3, 0x94, 0xB8, 0xED, 0xBD, 0x0B, 0xF3,
+        0xDB, 0xF3, 0xBC, 0x10, 0x6A, 0x6B, 0x3F, 0x79,
+        0x07, 0xF2, 0x11, 0x09, 0xD5, 0x42, 0x8F, 0xA9,
+        0x09, 0x94, 0xBE, 0xF2, 0x0D, 0x3A, 0x91, 0x33,
+        0x01, 0x31, 0x34, 0xBF, 0x0A, 0xCA, 0xF1, 0x3E,
+        0x66, 0x18, 0xA6, 0x69, 0xEC, 0xEA, 0xC5, 0xE9,
+        0x8B, 0x80, 0xFE, 0x4D, 0x93, 0x7B, 0xD4, 0xE5,
+        0x74, 0x90, 0xFA, 0xFD, 0xCE, 0x45, 0xE8, 0xD7,
+        0xD8, 0x8F, 0x08, 0x8B, 0x3A, 0xA8, 0x01, 0xA2,
+        0xB4, 0xE5, 0xF2, 0x29, 0x41, 0x02, 0xBD, 0xCB,
+        0xF9, 0x4A, 0x62, 0x54, 0x99, 0x94, 0x61, 0xB7,
+        0x8F, 0xA5, 0x8A, 0x7F, 0xDC, 0xAD, 0xD2, 0xF2,
+        0x28, 0x1E, 0xF3, 0x18, 0xAE, 0x21, 0x81, 0xF7,
+        0xE9, 0xE5, 0xBF, 0x2B, 0xC2, 0x98, 0x24, 0xB1,
+        0x45, 0x56, 0x57, 0x31, 0xA1, 0x48, 0xAB, 0x39,
+        0xC2, 0x04, 0x29, 0x1B, 0x5B, 0xD3, 0x23, 0x35,
+        0xCC, 0x5A, 0x58, 0x10, 0x11, 0x5B, 0xD5, 0x88,
+        0xC2, 0x60, 0x37, 0x3D, 0x1C, 0x1C, 0x7B, 0x09,
+        0x95, 0xB5, 0x05, 0x12, 0xD8, 0x52, 0x8D, 0xF5,
+        0xBD, 0x4A, 0xA5, 0x45, 0x6F, 0x3D, 0x55, 0x9D,
+        0x90, 0xAD, 0xD7, 0xA9, 0xD0, 0x25, 0x0B, 0xD7,
+        0x55, 0x11, 0x5C, 0x60, 0xBF, 0xBD, 0xFB, 0x9D,
+        0x2A, 0xCE, 0x4F, 0xE6, 0xB8, 0x36, 0x3A, 0x4D,
+        0xE7, 0xB6, 0xFF, 0x6B, 0xD8, 0xBA, 0xD4, 0xEE,
+        0x95, 0x9A, 0x0A, 0x47, 0xD4, 0x76, 0xE0, 0xF7,
+        0xAC, 0x02, 0xB6, 0xA8, 0x10, 0x1E, 0xA5, 0x98,
+        0xC0, 0xF4, 0x68, 0x5E, 0x55, 0xC1, 0x67, 0xCD,
+        0x16, 0x31, 0xBD, 0xA2, 0x86, 0xF3, 0xF8, 0xC0,
+        0xED, 0x4A, 0xFF, 0xE8, 0xF5, 0x2C, 0xFA, 0xD2,
+        0x06, 0x78, 0x6D, 0x34, 0xBE, 0xF9, 0x15, 0x84,
+        0x6D, 0xE5, 0x5F, 0xA4, 0xAC, 0x84, 0x3B, 0x3A,
+        0xA6, 0x2D, 0xC2, 0x01, 0xE0, 0x63, 0x92, 0xC7,
+        0x77, 0xB5, 0x4E, 0x2C, 0x40, 0x90, 0x48, 0xAF,
+        0x8B, 0xE9, 0x6C, 0x1E, 0xEE, 0x16, 0x8F, 0x4E,
+        0x4F, 0xFF, 0x35, 0x15, 0xE5, 0x51, 0xF4, 0xB2,
+        0x23, 0x1C, 0x6A, 0xCE, 0x05, 0xDC, 0xDC, 0xAD,
+        0x7F, 0x9D, 0xDA, 0xB3, 0x0C, 0xAD, 0x9C, 0x62,
+        0x68, 0xD6, 0x84, 0x00, 0x76, 0xFF, 0xD3, 0x01,
+        0x18, 0xB0, 0xC4, 0xE5, 0xE5, 0x0D, 0x87, 0x8E,
+        0xAF, 0x77, 0xEE, 0xCB, 0x56, 0x88, 0x7F, 0xED,
+        0xC5, 0x7C, 0x54, 0xD6, 0x28, 0x46, 0xE0, 0x8C,
+        0xE6, 0x87, 0xF2, 0x4D, 0x0D, 0x2F, 0x12, 0x62,
+        0x06, 0xDF, 0xB2, 0x4E, 0x03, 0x04, 0x78, 0x0B,
+        0x03, 0x4C, 0xCE, 0x86, 0xD1, 0xCD, 0x53, 0x00,
+        0xED, 0xC6, 0xF8, 0x9A, 0xCB, 0x59, 0x14, 0xA6,
+        0x0C, 0x87, 0x35, 0x92, 0x66, 0x0D, 0x02, 0xA9,
+        0xEF, 0x0D, 0x7D, 0xC6, 0x45, 0xF3, 0x11, 0xEF,
+        0x1F, 0x55, 0x72, 0x1F, 0x1B, 0x45, 0xD2, 0xE4,
+        0x8F, 0x3F, 0x9F, 0xEB, 0x27, 0x02, 0xD8, 0x2C,
+        0xEF, 0xAD, 0x7E, 0x7E, 0x10, 0xDD, 0x91, 0x5E,
+        0x39, 0x06, 0x7C, 0x39, 0xEA, 0x61, 0xB9, 0xCC,
+        0xF1, 0x45, 0x56, 0x81, 0x53, 0x55, 0x42, 0xD4,
+        0x37, 0x0F, 0x53, 0xF0, 0x7F, 0xA0, 0xC6, 0x50,
+        0x9B, 0x1D, 0xC6, 0x7E, 0x9F, 0x1D, 0x89, 0x3B,
+        0xEB, 0x85, 0x59, 0x6D, 0x9C, 0x12, 0xEE, 0xAC,
+        0xFC, 0xAE, 0xC0, 0xAE, 0x5F, 0xD4, 0x9C, 0x62,
+        0xE7, 0x09, 0x8C, 0xFA, 0x80, 0x1A, 0x19, 0x09,
+        0x0F, 0x8D, 0x68, 0x9E, 0x45, 0x33, 0xE2, 0x58,
+        0x7B, 0xEF, 0xC7, 0x6A, 0xDC, 0x38, 0x33, 0x3E,
+        0x5C, 0x53, 0xB5, 0x99, 0xDB, 0x04, 0xA7, 0xEA,
+        0xFB, 0x07, 0x9B, 0x25, 0x47, 0xED, 0xAC, 0x5A,
+        0xAA, 0x1E, 0xE5, 0x23, 0xDE, 0x64, 0xE5, 0x87,
+        0x46, 0x8C, 0x41, 0x52, 0xC9, 0x4F, 0x90, 0x48,
+        0x1C, 0xAA, 0xA6, 0xB0, 0x3A, 0x1E, 0xC9, 0x08,
+        0xF7, 0x82, 0x71, 0x13, 0x76, 0x6B, 0x9E, 0x52,
+        0x22, 0x32, 0xE0, 0xC6, 0xF7, 0xD7, 0x4C, 0xBD,
+        0xC3, 0x1C, 0x18, 0xAF, 0xA0, 0x12, 0xD3, 0x22,
+        0x6A, 0xFC, 0x71, 0x8A, 0x64, 0x24, 0xAC, 0x19,
+        0x4E, 0x85, 0x3C, 0x51, 0xE6, 0xA3, 0xAD, 0xA9,
+        0x59, 0x94, 0xD2, 0x7F, 0xC4, 0x9D, 0x93, 0x5B,
+        0x51, 0xD7, 0xF3, 0x03, 0xE7, 0x7D, 0x5B, 0x13,
+        0x0E, 0xCD, 0x7D, 0x0F, 0x77, 0x3E, 0x84, 0xD7,
+        0x4E, 0x69, 0x57, 0x1B, 0x73, 0x99, 0xC9, 0x4D,
+        0xC0, 0x19, 0x6B, 0x9D, 0x5F, 0xBA, 0x69, 0xEE,
+        0x11, 0xBD, 0x7C, 0x45, 0xD9, 0xA9, 0x65, 0x88,
+        0xA7, 0x0E, 0x16, 0xBF, 0xB3, 0x82, 0x5E, 0x5E,
+        0x56, 0x13, 0x02, 0x7D, 0xB1, 0xDC, 0xF5, 0x4A,
+        0x82, 0x73, 0x72, 0x35, 0x9B, 0x91, 0xAC, 0x04,
+        0x69, 0xE9, 0xEA, 0x19, 0xC9, 0xD8, 0x59, 0xEB,
+        0x8F, 0x22, 0x5F, 0x43, 0x11, 0x0C, 0xCF, 0xB4,
+        0x16, 0x6C, 0x7D, 0x60, 0xCE, 0x14, 0x24, 0xAD,
+        0xD7, 0x07, 0xC2, 0x4E, 0x98, 0xA0, 0xDE, 0x9E,
+        0xE6, 0x31, 0xED, 0xF8, 0x5B, 0x9C, 0xAF, 0xF7,
+        0x57, 0x59, 0x10, 0xA9, 0x92, 0xDC, 0x4F, 0x0C,
+        0x2B, 0x88, 0x75, 0x19, 0x1D, 0xB3, 0xBF, 0x70,
+        0x23, 0x17, 0xD5, 0x1A, 0x50, 0x30, 0x18, 0x14,
+        0x1A, 0x14, 0xE6, 0x1D, 0x4F, 0x8A, 0x96, 0x3E,
+        0xD8, 0x6E, 0xD9, 0xBF, 0x94, 0x4E, 0xDE, 0xB8,
+        0xFF, 0xE1, 0x6F, 0xFD, 0x31, 0xE8, 0xFE, 0x43,
+        0xC2, 0x40, 0x82, 0x45, 0x50, 0xFE, 0x1B, 0xBC,
+        0x77, 0x4B, 0xB4, 0x30, 0xA7, 0xD4, 0x46, 0x32,
+        0x6A, 0xF7, 0xC5, 0x92, 0xDA, 0x70, 0xB1, 0xB7,
+        0xA1, 0x5A, 0x5D, 0x17, 0x3B, 0xDB, 0x2F, 0x28,
+        0x8A, 0x6E, 0xEC, 0xDA, 0xC4, 0xF7, 0x2E, 0xCB,
+        0xEB, 0x96, 0x60, 0x92, 0x1B, 0xDD, 0xD6, 0x13,
+        0x7C, 0x85, 0x9F, 0x8A, 0x9A, 0xE9, 0x5F, 0xC4,
+        0x24, 0xFD, 0x33, 0xDF, 0xB3, 0x98, 0x66, 0xF7,
+        0xA1, 0x5A, 0xDC, 0x01, 0xC9, 0xFA, 0x37, 0xF1,
+        0x7B, 0xD0, 0xF6, 0x66, 0x8A, 0x26, 0x7C, 0xC2,
+        0x1B, 0xFF, 0x62, 0xBC, 0xFD, 0xCD, 0x47, 0xDA,
+        0xEE, 0x75, 0xF2, 0xAC, 0x60, 0x69, 0x87, 0x26,
+        0xCC, 0x92, 0x10, 0x1C, 0x92, 0xC1, 0x43, 0x09,
+        0xE9, 0xCE, 0x7D, 0x05, 0x5C, 0x64, 0x55, 0xCB,
+        0xBB, 0x7A, 0xAE, 0x05, 0xDB, 0x38, 0xD3, 0xD5,
+        0xBB, 0xD9, 0x9F, 0xCB, 0xCF, 0xB7, 0x9C, 0xEF,
+        0x7E, 0x7B, 0x2A, 0x6F, 0x84, 0x4E, 0x6A, 0x7F,
+        0xD3, 0x5F, 0xF3, 0xB3, 0xC1, 0xF0, 0x02, 0x9C,
+        0xA2, 0x4C, 0x86, 0x0E, 0x6B, 0xE2, 0x2B, 0x1D,
+        0x1D, 0xB4, 0x55, 0x7F, 0x85, 0x54, 0x2D, 0x85,
+        0x64, 0x89, 0x92, 0x19, 0x65, 0x44, 0xD7, 0x95,
+        0x48, 0x2C, 0x46, 0x8D, 0x0E, 0xBA, 0xFB, 0x13,
+        0x63, 0x52, 0x2E, 0x22, 0x19, 0x3F, 0x7F, 0xFB,
+        0x54, 0x4D, 0x73, 0xA1, 0x3C, 0x22, 0xD6, 0x5D,
+        0x2B, 0x4A, 0xBD, 0xD7, 0xBB, 0x72, 0x55, 0x80,
+        0xD4, 0x57, 0x4E, 0xDC, 0xF2, 0x8B, 0xB3, 0x09,
+        0x6A, 0xF9, 0x1A, 0xD3, 0x41, 0x0E, 0x72, 0x95,
+        0x49, 0xE7, 0xD1, 0xDC, 0x05, 0x22, 0xC3, 0x3E,
+        0x26, 0x95, 0x00, 0x01, 0x8C, 0xE1, 0x54, 0x47,
+        0x84, 0x10, 0xA7, 0x67, 0x45, 0xBB, 0xB9, 0x7B,
+        0x0B, 0xB4, 0x74, 0x82, 0xED, 0x6C, 0x26, 0x6E,
+        0xF2, 0x56, 0xCA, 0x1A, 0xD1, 0x10, 0x68, 0x40,
+        0x28, 0x23, 0xD5, 0x98, 0xB3, 0x6B, 0x75, 0x16,
+        0x13, 0x87, 0xE1, 0xF2, 0x3F, 0xAB, 0xC0, 0x2A,
+        0xF0, 0x16, 0x59, 0x85, 0x1A, 0x5B, 0x41, 0xB7,
+        0x52, 0xB1, 0x79, 0x46, 0x20, 0xDF, 0x59, 0xFB,
+        0x33, 0xB3, 0x05, 0xF1, 0x12, 0x8B, 0xDB, 0x7C,
+        0x51, 0x90, 0xC9, 0x8A, 0xC9, 0x48, 0x10, 0x54,
+        0xF4, 0x0F, 0x88, 0x1D, 0xDB, 0x40, 0x1B, 0x3A,
+        0xD7, 0x62, 0xD1, 0x75, 0x73, 0xD6, 0xCA, 0x23,
+        0x26, 0xB2, 0xBF, 0x4C, 0xCA, 0x22, 0xDD, 0xF6,
+        0xAF, 0x22, 0xB8, 0x4F, 0xC2, 0xC3, 0xB3, 0xD3,
+        0xED, 0xFA, 0xBA, 0x2E, 0x38, 0x28, 0x6A, 0xAE,
+        0x60, 0xE9, 0x2D, 0x11, 0x33, 0xED, 0x7E, 0xE9,
+        0x29, 0x8E, 0x01, 0xB0, 0x0F, 0x13, 0x83, 0x44,
+        0x17, 0xFA, 0xB6, 0x54, 0x7C, 0xAC, 0x1F, 0xED,
+        0xC9, 0x22, 0xF2, 0x4F, 0x69, 0x24, 0x04, 0xFE,
+        0xC2, 0x6A, 0xEB, 0xB0, 0xE4, 0xF5, 0x03, 0xCB,
+        0xB3, 0x99, 0x50, 0x66, 0x1F, 0x6B, 0xF3, 0xFE,
+        0xB7, 0xBF, 0x8D, 0xBA, 0x59, 0x75, 0x75, 0x51,
+        0xB0, 0xA5, 0xB9, 0x66, 0xC8, 0xDD, 0x35, 0xAE,
+        0x20, 0x66, 0x21, 0x9B, 0x04, 0x3F, 0xC6, 0x90,
+        0x6F, 0x2B, 0x5C, 0x78, 0x49, 0x3C, 0x40, 0xE6,
+        0xF9, 0x6B, 0x1A, 0xEF, 0xCE, 0x5A, 0xC1, 0x68,
+        0xD3, 0x34, 0x05, 0xD0, 0x21, 0x6C, 0xF8, 0xA8,
+        0x55, 0xE4, 0x6E, 0x80, 0x9B, 0xAD, 0xA5, 0xC3,
+        0x55, 0x0B, 0x28, 0xBB, 0x54, 0x02, 0xD4, 0xF6,
+        0x82, 0x73, 0xAB, 0x56, 0x0B, 0xB1, 0x5F, 0x94,
+        0xC3, 0xDA, 0x24, 0x1E, 0x7F, 0x62, 0x6B, 0x98,
+        0x6B, 0x2A, 0xF3, 0x92, 0x37, 0x3A, 0xB9, 0xE6,
+        0x27, 0xC4, 0xBB, 0xAB, 0xE4, 0x9A, 0x60, 0xD2,
+        0xAE, 0xCE, 0xFD, 0x44, 0xEB, 0x1C, 0xCF, 0x74,
+        0x54, 0xFC, 0xEC, 0x4F, 0xC2, 0xBA, 0xF4, 0x3B,
+        0xAC, 0x03, 0xC7, 0x2E, 0xE6, 0x62, 0x44, 0x61,
+        0x42, 0xC8, 0xAE, 0xF1, 0xB2, 0xA9, 0xAC, 0xE0,
+        0xCE, 0x23, 0xAF, 0xCC, 0x86, 0x61, 0xFE, 0xC5,
+        0xCB, 0xAC, 0x4A, 0x1B, 0x5C, 0xC7, 0x2B, 0xFF,
+        0x8A, 0x20, 0x62, 0x0E, 0xB9, 0x1D, 0xDD, 0x93,
+        0x19, 0x29, 0xE4, 0xD9, 0x13, 0x1D, 0x28, 0x32,
+        0x03, 0x5A, 0xA6, 0x8E, 0x20, 0xC7, 0xD6, 0xC6,
+        0x4D, 0x19, 0x17, 0xCC, 0x65, 0xB8, 0x84, 0x0C,
+        0x38, 0xB4, 0xA9, 0x45, 0x2B, 0x91, 0x61, 0x79,
+        0x87, 0x08, 0xA6, 0xBD, 0x28, 0x9A, 0x58, 0x48,
+        0xD5, 0x58, 0xC6, 0xCE, 0xC2, 0xC5, 0x72, 0x16,
+        0xD9, 0xF4, 0xED, 0x66, 0xAC, 0xFA, 0x93, 0xE8,
+        0x26, 0x10, 0x3B, 0x3D, 0x8F, 0xEA, 0x51, 0xCC,
+        0x82, 0xC0, 0xDB, 0xDF, 0xA7, 0x13, 0xFB, 0x1B,
+        0x77, 0x7E, 0x6F, 0x9E, 0x3C, 0xC5, 0x86, 0x35,
+        0x92, 0x5B, 0x6F, 0x76, 0xA1, 0x71, 0x0D, 0x8C,
+        0xDC, 0x95, 0x9F, 0xAC, 0x2C, 0x8E, 0x21, 0x01,
+        0x37, 0x06, 0x28, 0x64, 0x4C, 0x23, 0xE2, 0x75,
+        0x0B, 0xA7, 0xA4, 0xF5, 0x90, 0x87, 0xD2, 0x43,
+        0x71, 0x59, 0x7C, 0x8C, 0xCA, 0x77, 0x3B, 0xC5,
+        0x36, 0x46, 0xF7, 0x2F, 0xD3, 0x47, 0x18, 0xD7,
+        0xC9, 0x4E, 0x56, 0x2D, 0x49, 0x82, 0xAC, 0x7D,
+        0xD7, 0x3D, 0xF1, 0xDD, 0x73, 0x8B, 0xE4, 0xA1,
+        0x10, 0x85, 0xB6, 0x94, 0xBE, 0x6A, 0x5E, 0xEE,
+        0xBD, 0x60, 0xEB, 0x95, 0x76, 0xA8, 0x52, 0xE1,
+        0x47, 0x57, 0xA1, 0x9C, 0xEC, 0x44, 0xE5, 0x6F,
+        0x68, 0x34, 0x7E, 0x19, 0xBE, 0xCE, 0x56, 0xC9,
+        0xBE, 0xCE, 0xFC, 0xB8, 0x32, 0x6D, 0xCB, 0x84,
+        0x59, 0xBF, 0x4D, 0xF6, 0xE1, 0x53, 0x41, 0x61,
+        0x5C, 0xFB, 0xD2, 0x48, 0xA6, 0x7F, 0x05, 0xB2,
+        0xFC, 0xE8, 0xB2, 0x8A, 0x55, 0x7D, 0x19, 0xC0,
+        0x69, 0x3B, 0x91, 0x5D, 0x71, 0xE7, 0xBB, 0x72,
+        0x7D, 0xB9, 0x64, 0x6E, 0x8B, 0x5B, 0x70, 0x51,
+        0xB5, 0x69, 0x8C, 0xC0, 0xFC, 0x95, 0xB2, 0x43,
+        0x08, 0xF8, 0x70, 0xE4, 0x6F, 0x87, 0xA7, 0xDF,
+        0x23, 0x84, 0xEE, 0xCF, 0x73, 0x38, 0xDE, 0x99,
+        0x4C, 0xF8, 0xF1, 0x2D, 0xA2, 0x68, 0x99, 0xE3,
+        0x9B, 0xB8, 0xF6, 0xC1, 0x5C, 0x83, 0x07, 0xE9,
+        0xB9, 0xE2, 0x51, 0x62, 0xC8, 0x53, 0xF1, 0xC2,
+        0xF7, 0x57, 0x8A, 0xA0, 0x42, 0x3C, 0x18, 0x36,
+        0xF3, 0x99, 0xFD, 0x34, 0xB2, 0xF0, 0x1D, 0xBA,
+        0x43, 0xEA, 0x72, 0x1C, 0x0B, 0x37, 0x47, 0xBC,
+        0xAF, 0xDA, 0x22, 0x1F, 0x1C, 0x08, 0x16, 0x13,
+        0xBD, 0xAA, 0x07, 0xFD, 0x7E, 0xCA, 0x70, 0x57,
+        0x74, 0xDF, 0x68, 0x6B, 0x9F, 0x2D, 0x56, 0xBD,
+        0x21, 0x89, 0xFA, 0x09, 0x04, 0xCA, 0x09, 0xBD,
+        0x4F, 0xE6, 0x15, 0xF5, 0x89, 0xAB, 0xAC, 0xB2,
+        0xC9, 0xBF, 0xC8, 0xBB, 0x87, 0x83, 0xB4, 0xD3,
+        0xDC, 0xB1, 0x25, 0x9B, 0xAE, 0xC5, 0x75, 0x0C,
+        0x9E, 0x6A, 0x83, 0x41, 0x85, 0x9D, 0x4B, 0xBF,
+        0x62, 0x0C, 0x7D, 0x77, 0xC9, 0x89, 0xA6, 0xE1,
+        0x28, 0xBD, 0x13, 0x5D, 0x41, 0x26, 0x80, 0x75,
+        0x23, 0x57, 0xE7, 0x4F, 0x4D, 0x02, 0x8E, 0x0F,
+        0x43, 0x67, 0xF6, 0xA6, 0xE6, 0xB6, 0x84, 0x8D,
+        0xF5, 0x7B, 0x6A, 0x95, 0x73, 0x27, 0x86, 0x02,
+        0x72, 0xCB, 0xDF, 0x77, 0x1C, 0x6C, 0x5E, 0xD3,
+        0xF0, 0x1C, 0x82, 0x7A, 0x0D, 0xBB, 0x70, 0xA3,
+        0x98, 0x8B, 0x7B, 0x4A, 0xFE, 0x2D, 0xB1, 0x5C,
+        0x61, 0x89, 0x34, 0x4C, 0x81, 0x4B, 0x52, 0x17,
+        0x03, 0x81, 0x54, 0x4F, 0x9E, 0x9E, 0x07, 0x16,
+        0xF3, 0xD9, 0x18, 0x01, 0x11, 0xFD, 0x67, 0x18,
+        0xA2, 0x64, 0x35, 0x42, 0x81, 0x80, 0x4A, 0xBA,
+        0xCB, 0xD5, 0xF5, 0x4A, 0x10, 0x7F, 0xE2, 0xCF,
+        0xA5, 0x1E, 0xCB, 0x0C, 0xAB, 0x3E, 0x03, 0x98,
+        0x73, 0x89, 0xA4, 0x10, 0x75, 0xD5, 0xAC, 0x3D,
+        0xCF, 0x56, 0x75, 0xD8, 0x86, 0xC2, 0x21, 0x42,
+        0x99, 0x8D, 0x1B, 0x49, 0x09, 0xFE, 0x86, 0x41,
+        0xC9, 0xDC, 0x87, 0x8D, 0x5A, 0xF0, 0xF5, 0xBE,
+        0xF5, 0x49, 0x64, 0x5A, 0x7A, 0xC3, 0x5D, 0xE4,
+        0xD6, 0xB7, 0x30, 0x92, 0x2A, 0x15, 0x86, 0x02,
+        0xBE, 0xBA, 0x6E, 0xF6, 0x3D, 0x2D, 0x70, 0x89,
+        0xFB, 0xB5, 0x1E, 0xBA, 0xDA, 0x20, 0x12, 0x49,
+        0x22, 0xA0, 0xD8, 0x33, 0x9E, 0x4C, 0xC0, 0x27,
+        0x0F, 0x9C, 0x1F, 0xD2, 0xA9, 0xF4, 0xD2, 0xA9,
+        0x6D, 0xC5, 0x32, 0x16, 0x35, 0x9F, 0x19, 0x88,
+        0xC1, 0xAA, 0xA4, 0x66, 0x33, 0xE6, 0x2C, 0x6A,
+        0x6E, 0xA2, 0x1B, 0x33, 0xCB, 0xC3, 0x7E, 0xC5,
+        0x31, 0x4D, 0x5C, 0x17, 0x4C, 0x33, 0x7F, 0x09,
+        0x01, 0x33, 0x82, 0x84, 0x37, 0x03, 0xEB, 0x0E,
+        0xB1, 0x5F, 0x1B, 0x60, 0x8A, 0x2C, 0x9F, 0x39
+    };
+    static const byte sk_87_draft[] = {
+        0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6,
+        0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60,
+        0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81,
+        0xFD, 0x76, 0xC2, 0x51, 0x74, 0x75, 0xA8, 0xFB,
+        0x9A, 0xFE, 0xF5, 0x92, 0x58, 0xBB, 0x3C, 0xEB,
+        0x4C, 0x5E, 0x83, 0xF9, 0xFF, 0xBC, 0x3B, 0x49,
+        0xAE, 0xE1, 0xFC, 0x4B, 0x94, 0x4B, 0x8C, 0x75,
+        0xD4, 0x67, 0x75, 0x66, 0x7D, 0x6B, 0xA4, 0xF2,
+        0xDA, 0xC2, 0xB7, 0xC4, 0xD8, 0x50, 0x25, 0xCB,
+        0x5A, 0xDB, 0xA4, 0xAD, 0xBB, 0x44, 0x20, 0x24,
+        0x90, 0xEA, 0xA5, 0x2C, 0xAE, 0x80, 0x22, 0xC9,
+        0x59, 0x02, 0xB7, 0x10, 0xB0, 0x5E, 0x1E, 0x5F,
+        0x52, 0x7D, 0x88, 0xDA, 0xE2, 0x04, 0xBF, 0x45,
+        0xA7, 0xA8, 0x49, 0x97, 0x7D, 0xAD, 0x7C, 0x7C,
+        0x9E, 0x9C, 0x4A, 0xCC, 0x36, 0x33, 0x0F, 0x30,
+        0xFA, 0xDE, 0x52, 0xE9, 0xAE, 0x23, 0x29, 0x13,
+        0x10, 0x17, 0x8A, 0xD0, 0x08, 0x8E, 0xE1, 0x10,
+        0x30, 0xD0, 0x84, 0x65, 0x92, 0x12, 0x2A, 0x81,
+        0x26, 0x2E, 0x11, 0x14, 0x30, 0x61, 0x38, 0x61,
+        0x64, 0x42, 0x05, 0x08, 0x91, 0x90, 0x4C, 0x06,
+        0x82, 0xCC, 0x90, 0x45, 0x10, 0x39, 0x90, 0x22,
+        0x40, 0x2A, 0x9B, 0x16, 0x26, 0x9A, 0xA8, 0x50,
+        0x91, 0x12, 0x70, 0x91, 0x20, 0x4D, 0xC0, 0x34,
+        0x90, 0x18, 0x28, 0x31, 0x10, 0x02, 0x11, 0x22,
+        0xB3, 0x6C, 0x8B, 0xB8, 0x2C, 0x22, 0xB0, 0x69,
+        0x53, 0x36, 0x31, 0x61, 0x42, 0x6C, 0xD9, 0x06,
+        0x6A, 0xD9, 0x04, 0x45, 0xDB, 0x18, 0x05, 0x12,
+        0x37, 0x4A, 0xD4, 0x06, 0x64, 0xD3, 0xA2, 0x85,
+        0xA0, 0x38, 0x8A, 0x14, 0xA5, 0x85, 0x50, 0x20,
+        0x85, 0xE4, 0xA8, 0x24, 0xC3, 0xC6, 0x31, 0xC9,
+        0x34, 0x4E, 0xD2, 0x14, 0x68, 0x82, 0x90, 0x85,
+        0xC4, 0x02, 0x61, 0x24, 0x38, 0x05, 0x01, 0xA3,
+        0x50, 0x48, 0x08, 0x62, 0x20, 0xB0, 0x25, 0x5B,
+        0xA6, 0x4D, 0x98, 0x92, 0x11, 0xC2, 0x06, 0x00,
+        0xD1, 0xB0, 0x4D, 0x21, 0xA4, 0x8C, 0x01, 0x16,
+        0x72, 0x11, 0xA6, 0x20, 0xD0, 0x16, 0x45, 0x10,
+        0x31, 0x8E, 0xCB, 0xC2, 0x69, 0x02, 0x08, 0x91,
+        0xD4, 0x30, 0x89, 0x03, 0x41, 0x05, 0x93, 0x16,
+        0x8E, 0x5A, 0x18, 0x04, 0x41, 0x10, 0x6D, 0x18,
+        0x42, 0x70, 0x53, 0x16, 0x31, 0x52, 0x30, 0x8E,
+        0x0C, 0x49, 0x66, 0x0C, 0x90, 0x0C, 0xA4, 0x08,
+        0x2E, 0x41, 0x92, 0x05, 0x24, 0x07, 0x30, 0x12,
+        0x46, 0x72, 0x13, 0x99, 0x20, 0xE0, 0xA2, 0x4C,
+        0x1B, 0x14, 0x52, 0x5A, 0x90, 0x05, 0x08, 0x82,
+        0x31, 0x53, 0xC2, 0x90, 0xCC, 0x42, 0x68, 0x18,
+        0xB0, 0x2C, 0x00, 0x80, 0x65, 0x58, 0x12, 0x84,
+        0x19, 0x90, 0x08, 0x44, 0x26, 0x4A, 0x10, 0xA9,
+        0x0C, 0x12, 0x25, 0x0C, 0x9C, 0x10, 0x25, 0x0C,
+        0x28, 0x25, 0xD8, 0x46, 0x84, 0x1A, 0x22, 0x71,
+        0x5B, 0x28, 0x6E, 0x98, 0x02, 0x51, 0x61, 0xB4,
+        0x51, 0x01, 0xA1, 0x21, 0x24, 0x39, 0x12, 0xC8,
+        0x08, 0x85, 0xD1, 0x34, 0x64, 0xA4, 0xA8, 0x04,
+        0xA2, 0xC0, 0x09, 0x44, 0x48, 0x48, 0x03, 0x37,
+        0x00, 0x20, 0x05, 0x4D, 0x20, 0xA4, 0x05, 0x11,
+        0x18, 0x82, 0x42, 0x94, 0x4D, 0x24, 0x16, 0x01,
+        0x02, 0x93, 0x4C, 0x00, 0x16, 0x06, 0xC1, 0xC0,
+        0x0C, 0x8B, 0xC0, 0x41, 0x41, 0x06, 0x42, 0xA3,
+        0xC6, 0x64, 0x1A, 0x85, 0x91, 0x41, 0x06, 0x49,
+        0x04, 0xA7, 0x44, 0x82, 0x22, 0x6A, 0x50, 0x08,
+        0x0E, 0x14, 0x18, 0x20, 0x4B, 0x88, 0x91, 0x01,
+        0xA0, 0x49, 0x1A, 0x85, 0x4D, 0x94, 0x18, 0x10,
+        0x0A, 0x05, 0x44, 0x94, 0x38, 0x05, 0x93, 0x40,
+        0x68, 0x23, 0x07, 0x85, 0xE2, 0x12, 0x22, 0x9B,
+        0xB8, 0x08, 0xD2, 0x10, 0x2A, 0x08, 0xA8, 0x10,
+        0x92, 0x40, 0x2D, 0xD8, 0x44, 0x4C, 0xCC, 0x94,
+        0x05, 0x24, 0x43, 0x4C, 0xD3, 0xC2, 0x48, 0x10,
+        0x21, 0x2D, 0xC9, 0xB6, 0x08, 0xC9, 0x06, 0x4D,
+        0xE1, 0x90, 0x20, 0x14, 0x24, 0x70, 0x5C, 0x84,
+        0x28, 0xC0, 0xC2, 0x81, 0x22, 0x13, 0x50, 0x44,
+        0x84, 0x91, 0xCA, 0xA2, 0x48, 0x12, 0x91, 0x05,
+        0x5B, 0x92, 0x8D, 0x92, 0x92, 0x24, 0x82, 0x42,
+        0x48, 0x03, 0x37, 0x46, 0xD8, 0x44, 0x86, 0x44,
+        0x20, 0x89, 0xE4, 0xC2, 0x84, 0xC2, 0x04, 0x65,
+        0x49, 0xA8, 0x4D, 0xA4, 0x38, 0x28, 0xDB, 0xA4,
+        0x64, 0x24, 0x00, 0x51, 0xC8, 0x12, 0x6D, 0x19,
+        0x82, 0x24, 0xCB, 0x00, 0x44, 0x4B, 0x20, 0x20,
+        0x9B, 0x82, 0x4C, 0x5C, 0xA8, 0x08, 0xD2, 0xB6,
+        0x8C, 0x08, 0x35, 0x20, 0xC0, 0x92, 0x45, 0xE3,
+        0xB4, 0x2C, 0x50, 0x32, 0x0E, 0xD1, 0x82, 0x11,
+        0x4A, 0x96, 0x08, 0x1C, 0x86, 0x29, 0x02, 0x19,
+        0x71, 0x12, 0x03, 0x6E, 0x94, 0x08, 0x50, 0x12,
+        0x27, 0x20, 0x0B, 0x10, 0x12, 0xA1, 0x18, 0x06,
+        0x5A, 0x36, 0x4C, 0x93, 0xB4, 0x68, 0x21, 0xA7,
+        0x28, 0x09, 0x34, 0x91, 0x18, 0x93, 0x49, 0x4A,
+        0x32, 0x60, 0x00, 0x29, 0x2D, 0x94, 0x48, 0x44,
+        0x09, 0x94, 0x2C, 0x21, 0x07, 0x6C, 0x41, 0x38,
+        0x60, 0x8C, 0x10, 0x46, 0x11, 0x19, 0x65, 0x01,
+        0x46, 0x60, 0x1A, 0x29, 0x42, 0x23, 0x30, 0x29,
+        0x40, 0x96, 0x85, 0x81, 0xC6, 0x6C, 0x09, 0xA2,
+        0x31, 0x23, 0xC9, 0x84, 0x18, 0x27, 0x61, 0x02,
+        0xA6, 0x05, 0x1B, 0x11, 0x32, 0xD1, 0x80, 0x24,
+        0x59, 0x22, 0x52, 0x21, 0x34, 0x64, 0x0A, 0x21,
+        0x52, 0x10, 0xC2, 0x80, 0x5C, 0x98, 0x0D, 0x81,
+        0xA0, 0x84, 0x14, 0x97, 0x04, 0xCC, 0xC2, 0x04,
+        0x1A, 0x81, 0x45, 0x23, 0x44, 0x6C, 0x13, 0xC0,
+        0x44, 0x59, 0xC2, 0x68, 0x64, 0x08, 0x52, 0x51,
+        0x30, 0x71, 0x12, 0x49, 0x70, 0x12, 0x94, 0x84,
+        0x80, 0x12, 0x12, 0x1B, 0x00, 0x50, 0x84, 0x10,
+        0x45, 0x4A, 0x30, 0x10, 0x22, 0x95, 0x49, 0xC9,
+        0x82, 0x24, 0x03, 0x35, 0x21, 0x18, 0x16, 0x72,
+        0x09, 0x89, 0x65, 0x88, 0xB2, 0x89, 0x41, 0xB4,
+        0x90, 0x92, 0x38, 0x8C, 0x08, 0x23, 0x26, 0x0B,
+        0x80, 0x61, 0x84, 0x28, 0x6A, 0x4C, 0x98, 0x44,
+        0x10, 0xB9, 0x30, 0x93, 0x02, 0x49, 0x22, 0x13,
+        0x80, 0x1C, 0xC3, 0x48, 0x50, 0xA8, 0x20, 0x1C,
+        0x05, 0x00, 0x5B, 0x02, 0x41, 0xD2, 0x84, 0x61,
+        0x4B, 0x40, 0x46, 0x20, 0x21, 0x44, 0xD9, 0xC4,
+        0x21, 0xD3, 0xA4, 0x4D, 0xC0, 0xC0, 0x09, 0x5B,
+        0x28, 0x91, 0x18, 0x15, 0x41, 0x18, 0xC5, 0x4C,
+        0x14, 0xB7, 0x61, 0xDB, 0x34, 0x25, 0x02, 0x06,
+        0x41, 0x14, 0xA9, 0x65, 0x0B, 0x10, 0x04, 0x23,
+        0xC7, 0x49, 0x13, 0x47, 0x0A, 0xD0, 0x30, 0x80,
+        0x99, 0x32, 0x68, 0x50, 0x18, 0x06, 0xA2, 0x28,
+        0x65, 0x13, 0x35, 0x82, 0xD3, 0x06, 0x81, 0x22,
+        0x49, 0x4D, 0x48, 0x44, 0x30, 0xCA, 0x96, 0x2C,
+        0x12, 0xC8, 0x08, 0xA1, 0x24, 0x2C, 0x52, 0xA8,
+        0x28, 0x23, 0x14, 0x0A, 0xD4, 0x20, 0x4D, 0x18,
+        0x12, 0x72, 0xD4, 0x80, 0x44, 0xDC, 0x26, 0x2C,
+        0x88, 0x10, 0x0A, 0x04, 0x14, 0x51, 0xC1, 0x96,
+        0x00, 0xA3, 0x40, 0x30, 0x99, 0x48, 0x92, 0x9B,
+        0x08, 0x86, 0x81, 0x04, 0x20, 0x4C, 0xB2, 0x29,
+        0x18, 0x31, 0x08, 0x09, 0x23, 0x8C, 0x4C, 0x02,
+        0x6A, 0xCA, 0x00, 0x62, 0x09, 0x22, 0x2D, 0x21,
+        0x00, 0x02, 0x0A, 0x39, 0x41, 0x04, 0xA3, 0x50,
+        0x90, 0x80, 0x2D, 0x59, 0xB4, 0x71, 0x13, 0x16,
+        0x31, 0x11, 0x90, 0x4C, 0xC3, 0x14, 0x20, 0x60,
+        0xB2, 0x30, 0x0A, 0xB6, 0x24, 0x21, 0xA9, 0x10,
+        0x89, 0x80, 0x88, 0x44, 0x06, 0x8A, 0x91, 0x22,
+        0x8E, 0xD9, 0x36, 0x86, 0x10, 0x46, 0x0A, 0xE1,
+        0x16, 0x85, 0x42, 0x40, 0x6C, 0x09, 0x49, 0x11,
+        0xE0, 0x88, 0x68, 0x12, 0x08, 0x68, 0x5C, 0x26,
+        0x24, 0x04, 0xA8, 0x70, 0xC8, 0x08, 0x05, 0x13,
+        0x87, 0x41, 0x23, 0x29, 0x72, 0xC9, 0xB8, 0x88,
+        0x1B, 0x22, 0x66, 0x11, 0xA5, 0x2D, 0x11, 0x29,
+        0x12, 0x50, 0x12, 0x70, 0x03, 0x09, 0x6A, 0x4B,
+        0x88, 0x4C, 0xD2, 0xC8, 0x31, 0x40, 0x26, 0x40,
+        0x4C, 0x04, 0x50, 0x58, 0x16, 0x71, 0x90, 0xC2,
+        0x00, 0x0A, 0x30, 0x8A, 0xDC, 0x24, 0x85, 0x19,
+        0xB0, 0x65, 0x1A, 0xA3, 0x64, 0x13, 0xA3, 0x45,
+        0xC8, 0x48, 0x91, 0x91, 0x12, 0x20, 0xDC, 0x42,
+        0x40, 0x24, 0xC0, 0x4D, 0xA3, 0x98, 0x10, 0x40,
+        0x26, 0x25, 0xDC, 0xB4, 0x68, 0x4B, 0xC2, 0x45,
+        0x13, 0x06, 0x91, 0xC8, 0x92, 0x24, 0x82, 0xA8,
+        0x20, 0x4C, 0x30, 0x48, 0x52, 0x06, 0x01, 0x0B,
+        0x24, 0x51, 0x41, 0x36, 0x40, 0x93, 0xC4, 0x70,
+        0x44, 0x40, 0x2C, 0x24, 0x28, 0x22, 0x81, 0xA4,
+        0x4C, 0x43, 0x84, 0x60, 0x20, 0x23, 0x90, 0x01,
+        0x94, 0x6C, 0xDB, 0x28, 0x21, 0x93, 0x30, 0x80,
+        0x93, 0xC0, 0x25, 0xC8, 0xA6, 0x50, 0xCA, 0x24,
+        0x26, 0xD1, 0x40, 0x31, 0x04, 0xC4, 0x8D, 0xE2,
+        0xC0, 0x04, 0x08, 0x33, 0x8C, 0x18, 0x87, 0x91,
+        0xC8, 0xC8, 0x71, 0x40, 0x46, 0x06, 0x00, 0x44,
+        0x20, 0x22, 0x49, 0x70, 0x11, 0x45, 0x90, 0x02,
+        0xC3, 0x61, 0x60, 0xB4, 0x25, 0x80, 0x16, 0x21,
+        0x11, 0x09, 0x04, 0x88, 0x04, 0x05, 0xCC, 0x36,
+        0x20, 0x01, 0xB1, 0x2C, 0x64, 0xB6, 0x50, 0x54,
+        0x32, 0x42, 0x0B, 0x08, 0x8D, 0x12, 0x39, 0x0D,
+        0x10, 0x29, 0x52, 0x88, 0xB0, 0x04, 0x11, 0x38,
+        0x44, 0xD2, 0xA6, 0x71, 0x0B, 0x45, 0x48, 0x9C,
+        0x34, 0x72, 0xA0, 0x28, 0x49, 0x82, 0x16, 0x86,
+        0x12, 0x18, 0x61, 0x04, 0x41, 0x0D, 0x8A, 0xA6,
+        0x41, 0x80, 0xA8, 0x61, 0xDA, 0x30, 0x65, 0x82,
+        0x84, 0x30, 0x08, 0xA3, 0x29, 0x04, 0x33, 0x8E,
+        0x02, 0x24, 0x0D, 0x9C, 0x44, 0x10, 0xC9, 0x02,
+        0x81, 0x53, 0x06, 0x66, 0x8B, 0x06, 0x90, 0x03,
+        0x87, 0x69, 0x21, 0xC9, 0x69, 0x83, 0x46, 0x4E,
+        0x14, 0x24, 0x89, 0x8C, 0xA0, 0x6C, 0x99, 0xA2,
+        0x2C, 0x11, 0x37, 0x66, 0x0C, 0xA6, 0x4D, 0xD3,
+        0xC8, 0x70, 0x03, 0x02, 0x61, 0xC3, 0xB6, 0x65,
+        0x23, 0xC1, 0x6C, 0x10, 0x34, 0x8D, 0x1A, 0xC1,
+        0x31, 0x43, 0x40, 0x44, 0xD4, 0x08, 0x02, 0x0A,
+        0x36, 0x20, 0xE3, 0x26, 0x42, 0x0A, 0x48, 0x26,
+        0x1A, 0x13, 0x44, 0x0C, 0x18, 0x61, 0x91, 0x96,
+        0x84, 0x02, 0x17, 0x46, 0x9C, 0x20, 0x40, 0x41,
+        0xC6, 0x2D, 0x1B, 0x16, 0x0C, 0x98, 0xB2, 0x90,
+        0x1A, 0x20, 0x84, 0xE2, 0x34, 0x2D, 0xCB, 0x14,
+        0x44, 0x93, 0xC6, 0x8D, 0x58, 0xB2, 0x69, 0x22,
+        0xB2, 0x88, 0xC0, 0xB8, 0x2D, 0xA2, 0xC2, 0x31,
+        0x20, 0xA3, 0x24, 0x11, 0x46, 0x48, 0x4A, 0xA6,
+        0x50, 0x24, 0x09, 0x21, 0x1A, 0x01, 0x0D, 0x20,
+        0x36, 0x01, 0xC4, 0x34, 0x70, 0xDA, 0x16, 0x68,
+        0x84, 0x22, 0x4C, 0x11, 0x14, 0x09, 0x13, 0xC4,
+        0x68, 0x11, 0x41, 0x2D, 0x1C, 0x10, 0x31, 0xDC,
+        0xB2, 0x64, 0x42, 0x36, 0x08, 0x5C, 0x10, 0x88,
+        0x04, 0x91, 0x25, 0xE1, 0xA0, 0x20, 0x14, 0x18,
+        0x12, 0x14, 0x94, 0x91, 0x4C, 0xC2, 0x24, 0xD4,
+        0x06, 0x71, 0x21, 0x02, 0x8D, 0xD4, 0x88, 0x30,
+        0xC9, 0x36, 0x0E, 0xE4, 0x82, 0x81, 0xC0, 0x04,
+        0x6D, 0x24, 0x23, 0x09, 0x21, 0x45, 0x45, 0x20,
+        0x06, 0x65, 0xC2, 0x30, 0x2A, 0x18, 0x30, 0x8E,
+        0x24, 0x83, 0x89, 0x93, 0x32, 0x66, 0xC1, 0x48,
+        0x45, 0x62, 0x48, 0x0A, 0x52, 0xB8, 0x80, 0x11,
+        0x86, 0x21, 0x04, 0x34, 0x11, 0x24, 0xB5, 0x6C,
+        0x50, 0x36, 0x0A, 0x19, 0xA7, 0x8C, 0x14, 0x90,
+        0x0D, 0x1A, 0xA5, 0x68, 0x0B, 0xB1, 0x11, 0x50,
+        0x40, 0x08, 0x48, 0xB6, 0x31, 0x14, 0x28, 0x8D,
+        0xE3, 0x47, 0xB4, 0xA1, 0x44, 0x94, 0xCC, 0x9F,
+        0x0B, 0x94, 0x9F, 0x25, 0x49, 0xD9, 0xB3, 0x8F,
+        0x71, 0xF4, 0x17, 0xA4, 0xA6, 0xAC, 0x24, 0x58,
+        0x14, 0x25, 0x03, 0xC8, 0x63, 0x3E, 0x10, 0xA8,
+        0xD4, 0x10, 0xD7, 0x90, 0x4A, 0x28, 0x37, 0x90,
+        0x70, 0x27, 0xE3, 0x56, 0x5F, 0x04, 0x67, 0x76,
+        0xC3, 0x67, 0x3F, 0xF5, 0xA5, 0x11, 0xA2, 0x2C,
+        0x11, 0x01, 0x5D, 0x63, 0x71, 0x1A, 0xE6, 0x70,
+        0x86, 0x46, 0xAB, 0xCE, 0x03, 0xB6, 0x82, 0xAF,
+        0x51, 0xBA, 0x81, 0x94, 0x9C, 0x82, 0x36, 0xA9,
+        0x49, 0xA5, 0xA3, 0x11, 0x08, 0x8C, 0x4B, 0x13,
+        0x41, 0xF0, 0x08, 0xFD, 0xB2, 0x99, 0xED, 0xA8,
+        0x07, 0x61, 0x3C, 0x2E, 0xBC, 0x49, 0x7B, 0x1C,
+        0xBC, 0x87, 0xBC, 0xAE, 0x5F, 0x5E, 0x8F, 0x5D,
+        0xE7, 0xB9, 0x0C, 0x70, 0x36, 0x25, 0x61, 0xFD,
+        0x95, 0x9F, 0xAE, 0x0F, 0x8D, 0xF3, 0xA2, 0x45,
+        0x24, 0xA7, 0xDE, 0x60, 0xD1, 0x4E, 0x6D, 0xAC,
+        0xC7, 0x6A, 0x32, 0x42, 0xC0, 0x73, 0xEB, 0x78,
+        0x50, 0xF4, 0x49, 0x52, 0x5E, 0x6F, 0x81, 0x42,
+        0x54, 0xF8, 0x82, 0x05, 0xC9, 0x64, 0x74, 0x6A,
+        0x60, 0x5E, 0x36, 0x59, 0x40, 0x50, 0xA3, 0xFE,
+        0xDA, 0xE2, 0x6D, 0x8D, 0x6E, 0xE4, 0x5A, 0x27,
+        0x73, 0x89, 0xDB, 0x0C, 0x5B, 0x14, 0xD9, 0xED,
+        0xB2, 0xC7, 0x1D, 0x71, 0x93, 0x91, 0x0A, 0x72,
+        0x32, 0xBE, 0xA3, 0xD8, 0x95, 0x8C, 0x94, 0x7E,
+        0x63, 0xEB, 0xCE, 0x8B, 0xFC, 0xB0, 0x3F, 0x77,
+        0x5C, 0x43, 0x48, 0x18, 0x83, 0xFE, 0xC8, 0xDA,
+        0x89, 0xF2, 0x3B, 0x54, 0x82, 0x44, 0xC6, 0x9C,
+        0xCC, 0x77, 0x0A, 0xC1, 0x6F, 0xB9, 0x98, 0x10,
+        0xD5, 0xF2, 0x60, 0xFF, 0x38, 0xD2, 0x0D, 0xD6,
+        0x8C, 0x38, 0x54, 0x5B, 0xD8, 0x38, 0x84, 0x50,
+        0x36, 0xF4, 0x02, 0xC1, 0x06, 0x0F, 0x15, 0x1B,
+        0xC8, 0x90, 0x9B, 0x6E, 0x36, 0xC8, 0x3F, 0xE9,
+        0x8B, 0x62, 0x15, 0x6F, 0xF0, 0xC2, 0x86, 0x7F,
+        0xD1, 0xB5, 0x97, 0x53, 0xAE, 0x41, 0xAE, 0x21,
+        0x84, 0xAC, 0x57, 0xA5, 0x1F, 0xA7, 0xC7, 0x24,
+        0xDF, 0xDE, 0x2F, 0x3C, 0xCD, 0xA2, 0x7E, 0x1D,
+        0x97, 0xE1, 0x96, 0xC5, 0xB4, 0x7D, 0xF9, 0x5F,
+        0x7E, 0xEF, 0x09, 0xC4, 0xF3, 0x57, 0xF0, 0x51,
+        0x73, 0xAB, 0x0E, 0x6A, 0xCA, 0x64, 0xE4, 0x99,
+        0x0F, 0xD2, 0x20, 0xAC, 0x72, 0xF1, 0xA8, 0x23,
+        0x8F, 0x94, 0x63, 0xDC, 0xB3, 0xBB, 0x62, 0x2C,
+        0xEA, 0xA6, 0x27, 0x5A, 0x93, 0xC6, 0xCD, 0xCE,
+        0x1E, 0x09, 0xAF, 0x89, 0xEC, 0x22, 0xE4, 0x30,
+        0x2D, 0xB9, 0xCD, 0x08, 0x2E, 0x12, 0x76, 0x79,
+        0x99, 0xBC, 0xA0, 0x34, 0x0B, 0xDA, 0x89, 0x08,
+        0x14, 0x60, 0x7B, 0x98, 0xE6, 0xAF, 0xD2, 0xE1,
+        0x87, 0xC8, 0xDA, 0x50, 0xF7, 0x10, 0x2C, 0x72,
+        0x74, 0x50, 0xD0, 0x3C, 0x98, 0x06, 0xFE, 0xEB,
+        0xC6, 0xC5, 0x69, 0x31, 0x06, 0xE2, 0x2E, 0x7E,
+        0x7D, 0x3D, 0x2B, 0x1F, 0x48, 0x43, 0xC5, 0x95,
+        0xDA, 0x84, 0x08, 0x1E, 0x2B, 0x50, 0x6D, 0x91,
+        0xA6, 0x2B, 0xCD, 0x08, 0x43, 0x7B, 0xA2, 0xD8,
+        0x60, 0x6E, 0xF7, 0x80, 0x08, 0xC3, 0x3F, 0x35,
+        0xF3, 0x70, 0xA5, 0xC7, 0x56, 0xFC, 0xBD, 0x34,
+        0x46, 0x7B, 0xBF, 0x63, 0x19, 0xAC, 0xB6, 0xC3,
+        0x1B, 0x81, 0x84, 0x9F, 0xBB, 0x54, 0x05, 0x99,
+        0xAE, 0x43, 0xE2, 0xA5, 0x20, 0xFD, 0x5C, 0xC7,
+        0x25, 0x47, 0xB1, 0xFD, 0x80, 0xB5, 0x78, 0xC2,
+        0x00, 0x98, 0x02, 0xB9, 0x61, 0x2A, 0xBA, 0x39,
+        0xC7, 0x20, 0xB8, 0x7D, 0x7A, 0x03, 0x68, 0xE5,
+        0x37, 0x71, 0x1F, 0x72, 0xAA, 0x41, 0x61, 0xB4,
+        0xC0, 0xC2, 0xD3, 0x7A, 0xCD, 0xD2, 0xED, 0xC2,
+        0xC5, 0x99, 0x8C, 0x62, 0xA3, 0x7D, 0xC8, 0x9C,
+        0xD2, 0x50, 0x02, 0x0D, 0xCB, 0x68, 0x15, 0xB0,
+        0xD6, 0x19, 0x03, 0xC8, 0x01, 0x12, 0x72, 0xA1,
+        0x3A, 0xC2, 0xA6, 0x63, 0x51, 0x26, 0x03, 0x5D,
+        0x3F, 0x1D, 0x3B, 0x0E, 0x30, 0x6B, 0xB7, 0xEC,
+        0xB6, 0x8E, 0x2D, 0x76, 0xC8, 0xD7, 0xAE, 0x59,
+        0x81, 0xFC, 0x5F, 0x57, 0x5E, 0xAD, 0xA0, 0x20,
+        0xC8, 0xB4, 0x91, 0x2D, 0xEC, 0x03, 0xC4, 0xC6,
+        0x55, 0x05, 0x87, 0xA4, 0xA2, 0x21, 0x09, 0x25,
+        0x97, 0x21, 0xA4, 0x46, 0x45, 0x46, 0x40, 0x3B,
+        0xDC, 0x6F, 0xCD, 0xFB, 0xFB, 0xD9, 0xF4, 0x2C,
+        0xEC, 0xF1, 0xC4, 0x73, 0x41, 0x30, 0x60, 0x63,
+        0x9A, 0xF2, 0xA5, 0x26, 0x78, 0x9A, 0x5E, 0x70,
+        0x98, 0xDE, 0x35, 0x10, 0xA0, 0x5D, 0x45, 0xD5,
+        0x95, 0xF7, 0x11, 0xBC, 0x99, 0xD3, 0x00, 0x67,
+        0x9A, 0x30, 0x85, 0x36, 0x50, 0xDB, 0x18, 0xEA,
+        0x6D, 0xB2, 0xF3, 0x14, 0xDA, 0x23, 0xE2, 0x8A,
+        0x44, 0x21, 0x25, 0xD4, 0xA3, 0x28, 0x43, 0xA0,
+        0xC6, 0x5C, 0x99, 0xB0, 0x72, 0x6B, 0xC2, 0x1A,
+        0x30, 0xBE, 0x6B, 0x7B, 0xE0, 0x31, 0x54, 0x8C,
+        0x29, 0xE5, 0xC6, 0x69, 0x53, 0xDE, 0x05, 0x1E,
+        0x43, 0xCC, 0x7E, 0x9A, 0x82, 0x4A, 0xC4, 0x0A,
+        0x50, 0x65, 0xDC, 0xD8, 0xF9, 0x01, 0x32, 0x65,
+        0x1E, 0xF9, 0xA4, 0xCC, 0x07, 0xB9, 0x55, 0x97,
+        0x45, 0xA9, 0x61, 0xF8, 0xBE, 0x99, 0x00, 0x12,
+        0xD8, 0x17, 0x62, 0xFB, 0x89, 0xE7, 0x05, 0x5E,
+        0x1B, 0xCD, 0x2B, 0x09, 0x6C, 0x5A, 0x5C, 0xA3,
+        0x66, 0x4D, 0x02, 0x78, 0x0C, 0xC3, 0x63, 0x30,
+        0xD0, 0xFA, 0x7B, 0x11, 0x00, 0x40, 0xDD, 0xF0,
+        0x8C, 0x7C, 0xBA, 0x4C, 0x63, 0x78, 0xDA, 0xBB,
+        0xDF, 0xF9, 0xC9, 0xA4, 0x40, 0x25, 0x86, 0xD1,
+        0xBA, 0x22, 0xD7, 0x69, 0x98, 0x4E, 0x9D, 0x15,
+        0x21, 0xA8, 0x56, 0xC0, 0xFF, 0x52, 0xE4, 0xB4,
+        0x0F, 0xB2, 0x53, 0xE7, 0xA1, 0x34, 0x18, 0xEA,
+        0x5B, 0x25, 0x42, 0x13, 0xE3, 0x13, 0xE7, 0xDF,
+        0x54, 0x2B, 0x8D, 0x70, 0x51, 0xC7, 0x60, 0xB1,
+        0x1E, 0x4D, 0x3A, 0x46, 0x04, 0xA1, 0x11, 0x43,
+        0xAD, 0x24, 0x29, 0x90, 0xC9, 0x04, 0x15, 0xC5,
+        0x07, 0xE5, 0x46, 0xB8, 0x50, 0x16, 0x6B, 0x66,
+        0xFE, 0x1C, 0x8B, 0xFC, 0x20, 0x9C, 0xC4, 0x88,
+        0x10, 0x36, 0x5E, 0x56, 0xE8, 0x45, 0x75, 0x89,
+        0xFB, 0xD6, 0xD0, 0x8D, 0x9D, 0x53, 0xAE, 0x89,
+        0x19, 0x54, 0xCF, 0xE1, 0xFF, 0x12, 0x13, 0xF2,
+        0xC7, 0xBE, 0x4C, 0x1E, 0xB0, 0x70, 0x6E, 0xDC,
+        0x0A, 0x64, 0x3B, 0x60, 0x3A, 0xEA, 0x0D, 0x41,
+        0xDD, 0x8E, 0x09, 0xB9, 0x96, 0x8F, 0x6A, 0x49,
+        0x50, 0xEF, 0xDF, 0xD7, 0x73, 0x8D, 0x16, 0x32,
+        0xA8, 0x5C, 0x0A, 0x90, 0x18, 0xA1, 0xEB, 0x19,
+        0xCC, 0x50, 0xD5, 0x59, 0xD7, 0x35, 0x3F, 0xBA,
+        0x38, 0x1B, 0x5F, 0x71, 0x56, 0x70, 0xB3, 0x20,
+        0x4D, 0x9E, 0x16, 0xA8, 0xF7, 0x35, 0x19, 0xD2,
+        0x09, 0x0A, 0x22, 0x28, 0x81, 0x61, 0x26, 0x5B,
+        0x9C, 0xEC, 0x9D, 0x4A, 0x61, 0xCF, 0x0D, 0x3C,
+        0x88, 0xEA, 0x0B, 0x7A, 0xA7, 0xC6, 0xAE, 0x31,
+        0xBE, 0xC2, 0xBA, 0x48, 0xBB, 0x9D, 0x06, 0xE1,
+        0x32, 0x6D, 0x80, 0xCE, 0x27, 0x5C, 0x6F, 0x13,
+        0x79, 0x35, 0x9F, 0x9C, 0x11, 0xEA, 0xDB, 0xF5,
+        0x49, 0x15, 0xB6, 0x51, 0x86, 0xFC, 0x62, 0x34,
+        0x3D, 0x58, 0x6B, 0x0E, 0xF8, 0x3B, 0xBB, 0x42,
+        0xF6, 0x2D, 0x5C, 0xE2, 0xF3, 0xAA, 0x9F, 0x03,
+        0x43, 0xE9, 0x9E, 0x90, 0xB9, 0xFF, 0x55, 0x93,
+        0x60, 0xF8, 0x10, 0x2F, 0xFC, 0xBD, 0x40, 0x23,
+        0xB8, 0x4F, 0x4C, 0x7A, 0x74, 0x9F, 0xDC, 0x55,
+        0xDF, 0x5E, 0xCD, 0x23, 0xEB, 0xAC, 0x47, 0x4E,
+        0x0D, 0x0F, 0xBE, 0xDE, 0x02, 0x64, 0x61, 0x7E,
+        0x73, 0x78, 0x8E, 0x25, 0xE9, 0x7D, 0x66, 0xE5,
+        0x82, 0xBF, 0x98, 0x5B, 0x36, 0xCE, 0x17, 0x72,
+        0x56, 0x9C, 0xDA, 0x63, 0x77, 0x55, 0x8B, 0xA9,
+        0x75, 0xF5, 0x28, 0xC3, 0x78, 0x6D, 0x8F, 0xC2,
+        0x75, 0x5F, 0x28, 0x9E, 0x3F, 0xFB, 0xF1, 0xFD,
+        0xB7, 0xDE, 0x05, 0x3C, 0xD3, 0xE8, 0xD7, 0x7A,
+        0x7D, 0xC9, 0xF7, 0x9D, 0x58, 0xB4, 0xA6, 0x21,
+        0x25, 0xFC, 0x52, 0x84, 0x21, 0xF6, 0x0B, 0x6D,
+        0xA6, 0x62, 0x51, 0x97, 0xCD, 0xA9, 0xA1, 0x0C,
+        0x88, 0x21, 0x67, 0xA5, 0xFB, 0x8C, 0x8A, 0x50,
+        0xC5, 0x21, 0x91, 0x3A, 0xAB, 0x95, 0x96, 0xF3,
+        0x30, 0x6D, 0x08, 0x42, 0x07, 0x4B, 0x78, 0x1F,
+        0xC1, 0xD3, 0x41, 0x15, 0x68, 0xED, 0x93, 0x09,
+        0xC7, 0x8B, 0xF9, 0x77, 0x25, 0xD3, 0xCE, 0x2B,
+        0xA2, 0x0D, 0xB4, 0xC6, 0x84, 0x7F, 0x8E, 0xE5,
+        0x24, 0x46, 0x59, 0x8D, 0x6F, 0x0F, 0x0C, 0xA8,
+        0xFC, 0x04, 0x9B, 0x4D, 0x2B, 0xA7, 0x70, 0x1F,
+        0x46, 0x7E, 0x76, 0x03, 0xC6, 0x7E, 0xA5, 0x3D,
+        0x79, 0xE2, 0xF1, 0xAC, 0xBC, 0xDD, 0xF6, 0x91,
+        0x69, 0x4C, 0x44, 0x1F, 0xC3, 0xBF, 0x9F, 0xFC,
+        0x4E, 0xB0, 0x79, 0x30, 0x68, 0x89, 0xAC, 0xF2,
+        0xD7, 0xC6, 0xE1, 0x6C, 0x37, 0xFB, 0xB3, 0x38,
+        0x44, 0x2C, 0x97, 0xAB, 0xDA, 0x2C, 0x88, 0xC7,
+        0xF2, 0x80, 0x08, 0x00, 0x4E, 0x44, 0xED, 0xBE,
+        0xA4, 0x28, 0x3D, 0xC1, 0xCF, 0x9E, 0x83, 0xE7,
+        0x2E, 0x7F, 0xF5, 0x08, 0x47, 0x26, 0xE0, 0xBD,
+        0x1A, 0x17, 0xDB, 0x2F, 0xED, 0x19, 0x2E, 0x65,
+        0x1B, 0x62, 0x5F, 0x08, 0x82, 0x10, 0x61, 0xCB,
+        0xAA, 0xA7, 0xF8, 0x59, 0x4B, 0x46, 0xCB, 0xA2,
+        0xCB, 0x41, 0x34, 0x30, 0x51, 0x58, 0x2A, 0xEE,
+        0xE1, 0x5E, 0xAC, 0xCA, 0xBF, 0x37, 0x45, 0x98,
+        0xBD, 0x93, 0x1B, 0x5A, 0x5E, 0x92, 0x14, 0x05,
+        0x75, 0x2D, 0xFB, 0x8F, 0xBD, 0x24, 0x9B, 0x81,
+        0xCD, 0xDD, 0xF5, 0xBE, 0x05, 0x0D, 0xBD, 0x4B,
+        0x2B, 0x8C, 0x0A, 0xF0, 0x3A, 0x85, 0xD6, 0x74,
+        0x65, 0x7F, 0x98, 0xF8, 0x57, 0xA2, 0x36, 0xA2,
+        0xFE, 0xE4, 0xB4, 0xA4, 0x0D, 0xEA, 0x9A, 0xBE,
+        0x41, 0x79, 0x68, 0x63, 0x70, 0x3F, 0x3E, 0x38,
+        0x60, 0xC3, 0x40, 0x81, 0x72, 0xDD, 0x25, 0x34,
+        0xB4, 0xFE, 0xAC, 0x41, 0x6E, 0x4A, 0xE7, 0xBF,
+        0xE3, 0x87, 0xFA, 0x20, 0x8B, 0xBD, 0x68, 0x9E,
+        0x06, 0xA9, 0x15, 0x23, 0x07, 0x04, 0x4B, 0xFA,
+        0x45, 0x45, 0xB7, 0x75, 0xD3, 0x3E, 0x16, 0x70,
+        0xF6, 0x26, 0xF2, 0x3A, 0x9D, 0xFB, 0xEA, 0xEB,
+        0x47, 0xCE, 0x99, 0x6B, 0x0E, 0xB2, 0xE8, 0x2B,
+        0x18, 0x15, 0x14, 0x2E, 0xF2, 0x14, 0x0D, 0x44,
+        0x47, 0x1E, 0x63, 0x84, 0x5B, 0x3F, 0xA8, 0xEF,
+        0x5F, 0xEB, 0xA0, 0x41, 0x77, 0xC1, 0xF4, 0x4F,
+        0x8E, 0x2E, 0x29, 0xCD, 0xDB, 0xF2, 0x75, 0x24,
+        0x24, 0x46, 0x73, 0xC3, 0x46, 0xB5, 0xCA, 0x13,
+        0x35, 0x12, 0x0A, 0x8D, 0x88, 0x89, 0x17, 0x99,
+        0x13, 0xCA, 0x66, 0x07, 0x67, 0x6B, 0x7B, 0x3B,
+        0x20, 0xD3, 0x5F, 0x78, 0x1C, 0xC0, 0x99, 0x59,
+        0x0A, 0xBA, 0x8F, 0xA0, 0xDB, 0xDF, 0xCC, 0x03,
+        0xC4, 0xA6, 0xC7, 0x08, 0xB9, 0xFD, 0x95, 0xC2,
+        0x45, 0xF9, 0xF3, 0x11, 0x62, 0xF7, 0x14, 0xB9,
+        0xEB, 0x09, 0xB3, 0x7C, 0xF8, 0xF6, 0x67, 0xCC,
+        0x03, 0xB3, 0x06, 0x6F, 0x60, 0xAC, 0x72, 0xF2,
+        0xD3, 0x71, 0x6C, 0x4D, 0xAD, 0x3A, 0x99, 0x75,
+        0x5C, 0x52, 0x2D, 0x87, 0x69, 0x3E, 0xD6, 0x7E,
+        0x12, 0x96, 0xD3, 0x88, 0x8D, 0x11, 0x85, 0xAA,
+        0x0A, 0xA5, 0x32, 0x90, 0x51, 0xC5, 0x65, 0x64,
+        0xE0, 0xA9, 0x73, 0xA4, 0xF3, 0x8A, 0x32, 0x83,
+        0xE5, 0x08, 0x09, 0x39, 0x6A, 0x90, 0x2C, 0xC3,
+        0xFC, 0x92, 0x29, 0x7A, 0x45, 0xBE, 0x02, 0x79,
+        0x15, 0x1B, 0xBB, 0x60, 0xBB, 0xD9, 0x42, 0xF1,
+        0xE5, 0x14, 0xB4, 0xA5, 0xFF, 0x12, 0x42, 0x30,
+        0xB0, 0xCB, 0xD0, 0x1D, 0xB4, 0x62, 0x49, 0xC5,
+        0xB7, 0xDA, 0x37, 0x47, 0x2C, 0x8B, 0x16, 0xCA,
+        0xD2, 0x2C, 0xA1, 0x24, 0xE6, 0x57, 0xFA, 0xEB,
+        0x2C, 0x62, 0x2E, 0x12, 0x74, 0x37, 0x2B, 0x3F,
+        0x56, 0x23, 0x9C, 0xED, 0x90, 0xDE, 0x0D, 0x6E,
+        0x9E, 0x11, 0x78, 0xA4, 0x9C, 0xB3, 0xA1, 0x37,
+        0xF7, 0x4B, 0x09, 0x61, 0xD8, 0x33, 0x1D, 0x80,
+        0x68, 0x5C, 0xDD, 0xBD, 0x3E, 0xAE, 0x9D, 0xB8,
+        0xBA, 0x42, 0x41, 0xDC, 0xC9, 0x93, 0xF1, 0x92,
+        0x2F, 0x7A, 0xF9, 0xFE, 0x67, 0x13, 0x87, 0xBD,
+        0x7D, 0x04, 0x17, 0x91, 0xB6, 0x03, 0x5E, 0xA0,
+        0x5B, 0x23, 0xEA, 0x0C, 0xFA, 0x45, 0xCB, 0x1A,
+        0xC5, 0x7F, 0x63, 0xD6, 0x3D, 0x3C, 0x66, 0x4A,
+        0x83, 0x4E, 0x4E, 0x90, 0xA6, 0x63, 0xB0, 0x8A,
+        0xD7, 0x0D, 0xB4, 0xB7, 0xA9, 0x0F, 0xC6, 0xC7,
+        0x3B, 0xAD, 0x07, 0xA6, 0x94, 0x47, 0xDB, 0x63,
+        0x26, 0x00, 0x18, 0x5E, 0x27, 0xB5, 0xE2, 0xE3,
+        0xED, 0x8D, 0x97, 0x95, 0x38, 0x20, 0x24, 0x9F,
+        0x40, 0x84, 0x44, 0x7E, 0x8C, 0x05, 0xAB, 0xB1,
+        0x89, 0x26, 0x7D, 0x46, 0x2C, 0x9F, 0xE5, 0xC1,
+        0x27, 0xCE, 0x1D, 0x5A, 0x9F, 0xF1, 0xF8, 0x57,
+        0x8F, 0xCF, 0xB7, 0x4E, 0x07, 0xF3, 0xBA, 0x56,
+        0xCF, 0xE9, 0x87, 0x21, 0x61, 0xD6, 0x97, 0x7B,
+        0x26, 0x97, 0x07, 0xB4, 0x87, 0xFE, 0x25, 0x9C,
+        0xA9, 0x8E, 0x06, 0x90, 0x17, 0x2C, 0x98, 0x26,
+        0x23, 0xEE, 0xBB, 0x91, 0x8A, 0x15, 0x38, 0xA1,
+        0x38, 0xCB, 0x8B, 0xA0, 0xF3, 0x4A, 0xF2, 0x12,
+        0xA7, 0xB7, 0x05, 0xB6, 0x09, 0xD0, 0xEC, 0xDD,
+        0x21, 0xB6, 0xFA, 0x29, 0x95, 0xB4, 0x08, 0xD5,
+        0x95, 0xB7, 0xB8, 0x2E, 0x23, 0xAA, 0x89, 0x81,
+        0xE2, 0xD0, 0xFD, 0x9C, 0x8D, 0xF0, 0xCA, 0x61,
+        0xE3, 0x1E, 0x73, 0x9E, 0xD1, 0x72, 0x5C, 0x63,
+        0xB8, 0x74, 0x0E, 0x2C, 0x27, 0x3A, 0x71, 0xF9,
+        0xFE, 0x66, 0x33, 0xE9, 0x41, 0x27, 0x61, 0xA3,
+        0xFA, 0xD8, 0x66, 0x2A, 0x52, 0x6D, 0xAB, 0xBF,
+        0x32, 0xC2, 0x8E, 0x8F, 0xB0, 0x60, 0x52, 0xE1,
+        0x96, 0xC8, 0x1E, 0x9A, 0x3E, 0x07, 0xFA, 0x34,
+        0xFA, 0x9C, 0x4C, 0x0D, 0x29, 0x0F, 0x68, 0xA6,
+        0x59, 0x28, 0x22, 0xB1, 0x99, 0x56, 0x2C, 0x01,
+        0x04, 0x2F, 0x34, 0x65, 0xFD, 0xD4, 0xD0, 0xD5,
+        0x17, 0x7C, 0x14, 0x92, 0x73, 0x6C, 0x31, 0xCE,
+        0xD4, 0xB3, 0x59, 0x83, 0x6B, 0x34, 0x7C, 0x76,
+        0x8C, 0xED, 0xD5, 0xE2, 0x4F, 0x39, 0x44, 0xBF,
+        0x90, 0x53, 0x9A, 0xC7, 0xD4, 0x6A, 0x86, 0xA3,
+        0xE2, 0x15, 0x59, 0xD0, 0x0F, 0x32, 0x92, 0xC2,
+        0x9B, 0x9E, 0xE3, 0xF6, 0x94, 0x96, 0xFD, 0x0B,
+        0xB6, 0x06, 0x8F, 0x0D, 0x1F, 0x38, 0xFC, 0x6F,
+        0xA2, 0x78, 0xAC, 0xC5, 0xB5, 0x6A, 0x6B, 0xEC,
+        0x78, 0x8A, 0x6F, 0xD8, 0x21, 0xB7, 0xCF, 0x66,
+        0x73, 0x03, 0xCA, 0x2E, 0x3C, 0x7F, 0x2F, 0x29,
+        0x41, 0xC9, 0x88, 0xFD, 0x0E, 0xA0, 0x43, 0xD6,
+        0x9E, 0xB1, 0xE7, 0x13, 0x9C, 0xF0, 0x9C, 0xCF,
+        0x33, 0x22, 0x57, 0xEF, 0xE5, 0xCE, 0xD9, 0xAC,
+        0x7D, 0x34, 0x75, 0xBD, 0xAE, 0x84, 0xEE, 0xE8,
+        0x5D, 0x8C, 0x55, 0x86, 0xBA, 0x19, 0xE5, 0x9D,
+        0x35, 0x6D, 0xD8, 0x70, 0xC5, 0xE0, 0xEA, 0x77,
+        0x3A, 0xE5, 0xB5, 0x2C, 0xD2, 0x28, 0xB5, 0xE8,
+        0xAF, 0xB1, 0xD2, 0xC4, 0xE5, 0x59, 0x06, 0xB8,
+        0x2E, 0xA6, 0x8F, 0xC4, 0x9B, 0x30, 0xF9, 0x37,
+        0xDB, 0x29, 0xA1, 0x44, 0x0B, 0xB7, 0xB5, 0xB4,
+        0x12, 0xD3, 0x4E, 0xB3, 0xB7, 0xD8, 0x2F, 0x19,
+        0xDE, 0x3B, 0xC3, 0x53, 0xCE, 0x1C, 0x34, 0x4C,
+        0xA4, 0x6A, 0xE2, 0xD0, 0x04, 0xDF, 0x3C, 0x53,
+        0x8B, 0x06, 0x8F, 0x36, 0xE5, 0x77, 0xB2, 0x7A,
+        0x1A, 0xC0, 0x0C, 0xBD, 0xA3, 0xA0, 0xEE, 0xB6,
+        0x40, 0xAD, 0x5C, 0x04, 0xAE, 0xCF, 0x64, 0x2B,
+        0x8A, 0x18, 0x58, 0x86, 0xDE, 0xC9, 0x3D, 0x7D,
+        0x15, 0xBC, 0xEE, 0x4C, 0x22, 0xF4, 0x98, 0xD9,
+        0x37, 0xEE, 0xE2, 0x40, 0x43, 0xFF, 0xB2, 0x6F,
+        0x05, 0xC0, 0x0E, 0x30, 0xDE, 0xD8, 0x0C, 0x0B,
+        0xAD, 0xED, 0xCC, 0xBC, 0x29, 0x95, 0x07, 0x40,
+        0x10, 0x99, 0xA0, 0xD1, 0x08, 0xF7, 0xD5, 0xF1,
+        0xAD, 0xC9, 0xDD, 0xC8, 0x6A, 0x1E, 0x9E, 0x06,
+        0xDF, 0x12, 0xFF, 0x66, 0x33, 0x5E, 0x21, 0x47,
+        0xC3, 0xDE, 0x36, 0x98, 0x5B, 0xBF, 0x42, 0x9E,
+        0x30, 0xA0, 0x81, 0x5C, 0x28, 0x34, 0x1B, 0x3A,
+        0x32, 0xBC, 0xDE, 0x52, 0x53, 0x25, 0x1E, 0xF6,
+        0xE2, 0x99, 0x12, 0x92, 0x07, 0x1D, 0xEB, 0x08,
+        0x36, 0xA7, 0xD5, 0x18, 0x1F, 0xDB, 0x44, 0xA7,
+        0xE1, 0x13, 0x06, 0xB0, 0xDF, 0x63, 0x82, 0x68,
+        0xEF, 0xF5, 0x2B, 0x04, 0x0B, 0x93, 0xE8, 0xB0,
+        0x92, 0x7B, 0xDE, 0x1F, 0xC9, 0x39, 0x8F, 0x42,
+        0x9D, 0x06, 0x22, 0x13, 0xC9, 0x97, 0x2F, 0x43,
+        0x8A, 0xBA, 0xAF, 0xF9, 0x71, 0xE3, 0x55, 0x5D,
+        0x06, 0x77, 0x38, 0x39, 0xA3, 0xED, 0x41, 0x63,
+        0xFE, 0x2A, 0xB3, 0x23, 0x43, 0x0C, 0xF3, 0x17,
+        0x3B, 0x69, 0xED, 0x32, 0x0A, 0x54, 0xF3, 0x8D,
+        0x76, 0xC6, 0x09, 0xDD, 0x88, 0x5B, 0x23, 0x57,
+        0x72, 0xC4, 0x87, 0xB8, 0x9D, 0xF7, 0xCA, 0xFB,
+        0x7C, 0x61, 0x67, 0x5C, 0x65, 0xF8, 0xD6, 0xD7,
+        0x1E, 0x95, 0xB9, 0x73, 0x4D, 0x2E, 0x1F, 0x43,
+        0x3E, 0x2B, 0x58, 0x92, 0x15, 0x2E, 0xAA, 0x51,
+        0xF0, 0xD4, 0xF2, 0xA6, 0xCD, 0x12, 0x21, 0xD6,
+        0xCA, 0x46, 0x2A, 0xFF, 0xCB, 0x1B, 0x6B, 0xB4,
+        0x09, 0x17, 0x3B, 0xA2, 0x94, 0xDF, 0x1D, 0x68,
+        0x8B, 0x75, 0xEA, 0x11, 0xD6, 0x99, 0x04, 0xD1,
+        0x00, 0xDB, 0x61, 0xBC, 0xF2, 0x3B, 0x88, 0x4B,
+        0x33, 0xDF, 0x0F, 0xD4, 0xFB, 0x14, 0x0C, 0x6A,
+        0x53, 0x61, 0x1F, 0xBD, 0x28, 0xB2, 0x11, 0x19,
+        0x38, 0x71, 0x17, 0x76, 0x4D, 0xEE, 0x01, 0xC4,
+        0x77, 0x53, 0x2A, 0xAF, 0xD3, 0x78, 0xFF, 0x45,
+        0x7F, 0x97, 0x9D, 0x26, 0x92, 0x0E, 0xD9, 0x4E,
+        0x34, 0x1D, 0xE8, 0xDD, 0xBF, 0x5F, 0x87, 0xE6,
+        0x35, 0x9A, 0x39, 0x71, 0x59, 0x20, 0x01, 0xFB,
+        0x53, 0x2C, 0x61, 0x38, 0x0C, 0x8C, 0x02, 0xD3,
+        0xA0, 0x53, 0x95, 0x02, 0xED, 0x5C, 0xFE, 0x9B,
+        0xD3, 0x6A, 0xF3, 0x3F, 0x92, 0x6F, 0x33, 0x37,
+        0x19, 0x97, 0x81, 0x3A, 0x50, 0xE1, 0xD9, 0x27,
+        0x7E, 0x64, 0xF8, 0x01, 0x52, 0x26, 0x51, 0xD1,
+        0x06, 0xAF, 0x20, 0xA0, 0x28, 0x0F, 0x3F, 0xCB,
+        0x21, 0xB7, 0x55, 0x1A, 0x76, 0xB8, 0x9B, 0x4D,
+        0xED, 0x2A, 0x05, 0x0E, 0x6E, 0xAF, 0xCC, 0xA1,
+        0x08, 0x9C, 0xBE, 0x3F, 0x98, 0xE6, 0xB4, 0xB9,
+        0x83, 0xC9, 0x08, 0x41, 0x96, 0xDD, 0xD9, 0x0D,
+        0x52, 0x66, 0x94, 0xA4, 0xEA, 0xFC, 0xE5, 0x48,
+        0x04, 0x73, 0x64, 0x79, 0x68, 0xC9, 0x4A, 0x81,
+        0xA8, 0x07, 0xF8, 0xD9, 0x4E, 0x07, 0x1E, 0xC1,
+        0x8F, 0x62, 0xAB, 0xA6, 0xD7, 0x68, 0xFC, 0x57,
+        0x5E, 0x75, 0x1B, 0xBF, 0x3D, 0xA6, 0x91, 0xC5,
+        0x08, 0x14, 0x5E, 0xF2, 0x4C, 0x22, 0x8B, 0x4E,
+        0x29, 0x2D, 0xC0, 0x46, 0x3A, 0x9C, 0x9D, 0x86,
+        0xCF, 0x51, 0x85, 0x9D, 0x93, 0x23, 0xA1, 0xA1,
+        0xF3, 0x76, 0xB1, 0x56, 0xB0, 0xF4, 0x1F, 0x39,
+        0xDA, 0xDB, 0x13, 0x70, 0x29, 0x89, 0x95, 0xD2,
+        0xC5, 0xF3, 0x76, 0xFE, 0xEE, 0x99, 0xCF, 0xA0,
+        0x84, 0xEC, 0x70, 0xF0, 0xD3, 0xFA, 0x42, 0xDB,
+        0xFD, 0x99, 0x65, 0x2F, 0x84, 0x11, 0x99, 0xCD,
+        0x38, 0xB3, 0x1B, 0xAB, 0x8C, 0x2D, 0x33, 0x04,
+        0xCA, 0xE1, 0xB3, 0x05, 0x9A, 0x20, 0x80, 0xDB,
+        0xED, 0x59, 0x42, 0x30, 0x48, 0x37, 0xB3, 0x85,
+        0x5C, 0xEE, 0x54, 0x06, 0x92, 0x97, 0x4E, 0xFC,
+        0xFA, 0xF7, 0x25, 0xE0, 0x4E, 0x57, 0xC4, 0x72,
+        0x38, 0x59, 0xCA, 0x3C, 0x4A, 0x3F, 0x09, 0xD6,
+        0x09, 0x15, 0x83, 0xEF, 0x24, 0x21, 0xDD, 0xFD,
+        0x66, 0x9E, 0xBF, 0xEE, 0xCC, 0xBF, 0x86, 0x20,
+        0x29, 0x40, 0x5E, 0x42, 0xD2, 0xC0, 0x24, 0x2D,
+        0x76, 0xE6, 0x64, 0xF9, 0x5D, 0xC2, 0x85, 0xB6,
+        0x09, 0x41, 0x04, 0x62, 0x17, 0xDC, 0xF8, 0xFA,
+        0x2A, 0x4C, 0xD1, 0x82, 0x31, 0x57, 0xB7, 0x2B,
+        0x49, 0xE8, 0x40, 0x13, 0x2A, 0xA1, 0x86, 0xD2,
+        0x9A, 0xB8, 0xA9, 0xBE, 0x39, 0xBE, 0xE9, 0xA5,
+        0x35, 0x12, 0x08, 0xF1, 0xA9, 0x9E, 0x57, 0x46,
+        0x3A, 0x55, 0x16, 0xA7, 0x41, 0xD9, 0x25, 0xB8,
+        0x2F, 0xAF, 0xA8, 0x81, 0x5F, 0x5F, 0x46, 0xA4,
+        0x3B, 0xB3, 0xE9, 0x1B, 0x74, 0xEF, 0x5D, 0x57,
+        0x48, 0x4A, 0x72, 0x08, 0xDA, 0xFE, 0x1D, 0x55,
+        0x6B, 0xAB, 0x8B, 0x13, 0x18, 0xBF, 0xDD, 0xF4,
+        0x4E, 0x01, 0x5F, 0x4B, 0xF6, 0x80, 0xD4, 0x16,
+        0x4B, 0x2F, 0x03, 0x4B, 0xF8, 0x93, 0x20, 0x21,
+        0x55, 0x52, 0x49, 0x4A, 0x6C, 0x1F, 0x7D, 0xAD,
+        0x04, 0xEF, 0xB3, 0x74, 0xEE, 0xC5, 0xB6, 0xBC,
+        0x33, 0x7A, 0xCF, 0x64, 0xB9, 0xF9, 0x41, 0x70,
+        0xAF, 0xE9, 0xC7, 0xD6, 0x25, 0x18, 0x17, 0xAB,
+        0xBA, 0xC9, 0x05, 0xEF, 0x40, 0x89, 0xD5, 0x69,
+        0x76, 0xAA, 0xA0, 0x3E, 0x4D, 0x1C, 0xE7, 0x9D,
+        0x9E, 0x74, 0xF4, 0xF2, 0x7B, 0x40, 0xF6, 0x57,
+        0x78, 0x66, 0xFC, 0xDA, 0xE3, 0x6B, 0xD2, 0x6E,
+        0xC7, 0x9D, 0x65, 0x84, 0xAF, 0x7A, 0x1F, 0xE4,
+        0x34, 0xD4, 0x1A, 0x17, 0xA2, 0x72, 0xB0, 0xEE,
+        0x5A, 0x0C, 0xF4, 0x02, 0xAC, 0x1D, 0x6F, 0x4A,
+        0xD0, 0xB2, 0x02, 0x3A, 0x7D, 0x2C, 0xF1, 0x43,
+        0x0E, 0x1E, 0x96, 0xEB, 0x42, 0xF8, 0x3A, 0xF5,
+        0x0B, 0x5D, 0xA9, 0x23, 0x02, 0x28, 0xE5, 0x26,
+        0x5E, 0x69, 0x38, 0x2F, 0x85, 0x34, 0x32, 0x5E,
+        0x5E, 0x29, 0x33, 0x94, 0x05, 0xBD, 0x58, 0xF8,
+        0xE8, 0x9C, 0xBF, 0xB1, 0x5A, 0x05, 0xC6, 0x23,
+        0x9B, 0xBB, 0x57, 0x69, 0x8C, 0xE6, 0x41, 0x97,
+        0x48, 0x01, 0x95, 0xAF, 0xE9, 0x62, 0x8C, 0x6F,
+        0x09, 0x43, 0xF3, 0x64, 0x50, 0x90, 0x2F, 0x14,
+        0xF7, 0x30, 0x07, 0xE0, 0x4B, 0xA8, 0x39, 0xAC,
+        0x21, 0xC4, 0x07, 0x45, 0x5F, 0xD9, 0x87, 0xB1,
+        0x57, 0x47, 0x07, 0x66, 0xFF, 0xC7, 0xAB, 0xEE,
+        0x1F, 0x55, 0x71, 0x50, 0x63, 0xCF, 0x58, 0x3B,
+        0xC8, 0x1B, 0xEA, 0xA5, 0xE2, 0xF1, 0x57, 0xB3,
+        0x77, 0x65, 0xA9, 0xBD, 0x23, 0xC8, 0x30, 0x86,
+        0xC3, 0x5F, 0xBF, 0x16, 0x3F, 0x42, 0x28, 0x0A,
+        0xC6, 0x5A, 0x57, 0x15, 0x2F, 0xA1, 0x96, 0xA9,
+        0x25, 0xC5, 0x8E, 0x32, 0x11, 0x62, 0xB3, 0x54,
+        0x18, 0x00, 0xA4, 0xA6, 0xD4, 0x0F, 0x68, 0x27,
+        0x8F, 0x21, 0x78, 0x02, 0x37, 0x98, 0xBD, 0xCE,
+        0x3F, 0xBC, 0xF2, 0x9C, 0x66, 0x8E, 0x79, 0xA1,
+        0x54, 0x12, 0x55, 0x2E, 0xC0, 0x59, 0xC7, 0x18,
+        0x18, 0x22, 0x4D, 0x27, 0x8B, 0x8D, 0xF3, 0x08,
+        0x99, 0xE6, 0x35, 0x14, 0xB1, 0xE3, 0xB8, 0x7A,
+        0x40, 0x7B, 0x68, 0x7B, 0xFF, 0xDC, 0x54, 0x41,
+        0x06, 0xCA, 0x91, 0xFE, 0xDB, 0x2B, 0xDA, 0x9E,
+        0xC5, 0x20, 0xD8, 0xBF, 0x42, 0xBC, 0xE6, 0x39,
+        0xC4, 0x26, 0x9E, 0xF3, 0x82, 0xD9, 0xF1, 0xA0,
+        0x04, 0xAF, 0xFB, 0x77, 0x13, 0x36, 0xAF, 0xD7,
+        0x91, 0x9B, 0x3A, 0x57, 0x98, 0xFE, 0xAD, 0xCD,
+        0x46, 0xF8, 0xF8, 0xF1, 0x87, 0x53, 0xBD, 0x57,
+        0x3F, 0x99, 0xBC, 0xA6, 0xBD, 0x9B, 0x6E, 0xF4,
+        0x17, 0x7A, 0x78, 0x30, 0x70, 0xA3, 0x43, 0xFF,
+        0x92, 0xCD, 0x99, 0x73, 0xAE, 0x65, 0x6A, 0x10,
+        0xFF, 0x70, 0x47, 0x0F, 0x16, 0x4C, 0x4A, 0x90,
+        0xF4, 0x52, 0x05, 0x79, 0x33, 0x63, 0xDE, 0x14,
+        0x65, 0xAF, 0x8A, 0x5E, 0x67, 0x20, 0x03, 0x9F,
+        0xE6, 0x70, 0x13, 0x6B, 0xE0, 0xF3, 0x6A, 0x4C,
+        0x6B, 0x5B, 0xCB, 0xE1, 0x7C, 0x5D, 0x7D, 0xE3,
+        0x23, 0xFD, 0xB8, 0x6A, 0xDA, 0x56, 0x1E, 0xA8,
+        0x36, 0xC4, 0x29, 0x2D, 0x70, 0x41, 0x03, 0x18,
+        0x31, 0x40, 0x79, 0x2E, 0xC8, 0x22, 0x98, 0x5E,
+        0x11, 0xED, 0xA6, 0xDD, 0xB9, 0xAF, 0x8C, 0x27,
+        0x5C, 0x1B, 0x2E, 0xEA, 0xB8, 0xC6, 0x2F, 0xA0,
+        0x40, 0xB2, 0x64, 0x61, 0xFC, 0x0A, 0x3A, 0x10,
+        0x88, 0xC2, 0x58, 0xEC, 0xA5, 0x8D, 0x14, 0xE9,
+        0x9D, 0x21, 0xAF, 0x64, 0xD6, 0xC2, 0x5D, 0xAA,
+        0x0B, 0x8A, 0x57, 0x0F, 0x84, 0x3E, 0x60, 0x8D,
+        0xED, 0x05, 0x1D, 0x98, 0xED, 0xAE, 0x11, 0xD9,
+        0x27, 0x03, 0x55, 0xED, 0xF5, 0x34, 0x92, 0x52,
+        0xF2, 0x6F, 0x30, 0x3E, 0x69, 0xA5, 0x54, 0xA7,
+        0x2E, 0x1B, 0x85, 0xAB, 0xA2, 0x3B, 0xEC, 0xC8,
+        0x9D, 0xA9, 0xA3, 0xE4, 0xEF, 0x58, 0xB5, 0x33,
+        0x88, 0x55, 0x16, 0x5E, 0x7D, 0x7E, 0x69, 0xFC,
+        0xCA, 0xBD, 0x9C, 0x65, 0xFA, 0x0B, 0xBD, 0x7B,
+        0x16, 0xC4, 0xE2, 0x9C, 0xB4, 0xF1, 0x6A, 0x25,
+        0x70, 0x30, 0x32, 0xED, 0xEA, 0xD3, 0x1D, 0xDB,
+        0x6F, 0x29, 0x2E, 0x42, 0x14, 0xBE, 0x03, 0x29,
+        0x0A, 0x8A, 0x98, 0x9A, 0xD7, 0xB7, 0x0C, 0xF8,
+        0xB9, 0xCF, 0x37, 0xC6, 0xAC, 0xAC, 0x6D, 0xCC,
+        0x03, 0x23, 0x9F, 0x66, 0x85, 0x4B, 0x70, 0x45
+    };
+#endif /* WOLFSSL_NO_ML_DSA_87 */
+#endif
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+
+    ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_44, sizeof(pk_44)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_44, sizeof(sk_44)), 0);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44_draft), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_44_draft, sizeof(pk_44_draft)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_44_draft, sizeof(sk_44_draft)), 0);
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_65, sizeof(pk_65)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_65, sizeof(sk_65)), 0);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65_draft), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_65_draft, sizeof(pk_65_draft)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_65_draft, sizeof(sk_65_draft)), 0);
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_87, sizeof(pk_87)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_87, sizeof(sk_87)), 0);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87_draft), 0);
+    ExpectIntEQ(XMEMCMP(key->p, pk_87_draft, sizeof(pk_87_draft)), 0);
+    ExpectIntEQ(XMEMCMP(key->k, sk_87_draft, sizeof(sk_87_draft)), 0);
+#endif
+#endif
+
+    wc_dilithium_free(key);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_dilithium_sig_kats(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    dilithium_key* key;
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte sk_44[] = {
+        0x5D, 0xFB, 0x07, 0xA2, 0x04, 0x4B, 0x93, 0x16,
+        0x75, 0xC7, 0x89, 0x43, 0xEA, 0xC3, 0xC4, 0xC5,
+        0x7B, 0x07, 0x77, 0x8A, 0xD9, 0xAF, 0x2E, 0x87,
+        0xC4, 0x70, 0xB9, 0xCC, 0x2C, 0x8D, 0xA1, 0xE3,
+        0x75, 0xBC, 0xB3, 0xBC, 0xD1, 0x9E, 0x7B, 0xB9,
+        0x83, 0xC9, 0x63, 0x66, 0xCC, 0xEA, 0x14, 0x1E,
+        0xAE, 0x22, 0x07, 0x75, 0x52, 0x24, 0xC8, 0xC6,
+        0xC6, 0x1F, 0x90, 0x89, 0x89, 0xCF, 0xF2, 0xF6,
+        0x27, 0x98, 0xA6, 0x86, 0x45, 0x77, 0x95, 0x15,
+        0xD4, 0x74, 0xDD, 0xA6, 0x1F, 0x33, 0x41, 0x42,
+        0x4E, 0xDA, 0x24, 0x79, 0x60, 0x27, 0x34, 0x4E,
+        0x36, 0x94, 0x14, 0x74, 0x81, 0x9A, 0x58, 0x44,
+        0x2B, 0x74, 0xBF, 0x50, 0x60, 0xB8, 0x40, 0x94,
+        0x4A, 0xEF, 0xDE, 0xA7, 0xA4, 0xCF, 0xFC, 0xB3,
+        0x9D, 0xE2, 0x07, 0xFD, 0x9E, 0x6A, 0xC6, 0x2E,
+        0x6D, 0x0D, 0xB2, 0xB4, 0x51, 0x2E, 0x20, 0x26,
+        0x00, 0xB5, 0x30, 0x01, 0xA9, 0x2D, 0xE2, 0x42,
+        0x02, 0x42, 0x12, 0x71, 0x24, 0xB7, 0x28, 0x94,
+        0x30, 0x86, 0xDA, 0x22, 0x30, 0x00, 0x87, 0x65,
+        0xCC, 0x22, 0x91, 0x1B, 0x05, 0x82, 0x03, 0x46,
+        0x8A, 0xA0, 0x32, 0x26, 0x40, 0xB4, 0x84, 0xC3,
+        0x14, 0x2D, 0x88, 0x14, 0x8C, 0x94, 0x92, 0x49,
+        0x23, 0x15, 0x0E, 0xCA, 0x88, 0x09, 0x18, 0x94,
+        0x68, 0x82, 0x38, 0x00, 0x21, 0x41, 0x28, 0x8C,
+        0xB8, 0x80, 0x02, 0x09, 0x49, 0x5A, 0xB4, 0x11,
+        0x9B, 0x28, 0x05, 0xE4, 0x42, 0x30, 0xCA, 0x24,
+        0x80, 0xA4, 0x06, 0x2A, 0xD3, 0x92, 0x05, 0x1C,
+        0x03, 0x6A, 0x22, 0x36, 0x4A, 0x92, 0x44, 0x52,
+        0xE2, 0x48, 0x28, 0x19, 0x83, 0x68, 0x88, 0xC6,
+        0x31, 0x41, 0x90, 0x50, 0x00, 0x43, 0x8E, 0x23,
+        0x87, 0x60, 0x19, 0x43, 0x81, 0x50, 0x32, 0x69,
+        0x81, 0xC0, 0x51, 0x12, 0x06, 0x08, 0x02, 0x08,
+        0x82, 0xC4, 0xA6, 0x81, 0x03, 0xA5, 0x90, 0x8C,
+        0xB6, 0x00, 0x90, 0x14, 0x66, 0x01, 0xB1, 0x08,
+        0x12, 0x25, 0x48, 0x1A, 0x88, 0x11, 0x43, 0x38,
+        0x60, 0x23, 0x26, 0x2E, 0x14, 0x45, 0x0D, 0x9C,
+        0x92, 0x8C, 0xA2, 0x46, 0x12, 0x94, 0xA6, 0x05,
+        0x88, 0xB0, 0x11, 0x0A, 0xB0, 0x28, 0xA4, 0x42,
+        0x09, 0x9C, 0x82, 0x80, 0x1A, 0x80, 0x61, 0x59,
+        0xB0, 0x8D, 0x40, 0xA6, 0x6D, 0x12, 0xC9, 0x0C,
+        0xD9, 0x18, 0x68, 0xA3, 0x84, 0x2C, 0x02, 0xB6,
+        0x25, 0x01, 0x40, 0x2C, 0xD8, 0x20, 0x4D, 0x1B,
+        0x35, 0x30, 0x11, 0x10, 0x49, 0x63, 0x44, 0x31,
+        0x8A, 0xB2, 0x70, 0x4B, 0x24, 0x28, 0xA0, 0x46,
+        0x08, 0xC9, 0x06, 0x81, 0x08, 0xC5, 0x04, 0x4A,
+        0xB2, 0x30, 0x08, 0x15, 0x04, 0x24, 0xA2, 0x65,
+        0x9B, 0x88, 0x41, 0x19, 0x36, 0x2E, 0xE2, 0xB8,
+        0x29, 0xD9, 0x12, 0x64, 0x41, 0xA6, 0x30, 0x22,
+        0xB7, 0x8C, 0x93, 0x38, 0x69, 0x93, 0x30, 0x0A,
+        0xC8, 0xB6, 0x85, 0x23, 0xB1, 0x8D, 0x01, 0x38,
+        0x0A, 0x59, 0xA0, 0x09, 0x64, 0x12, 0x6E, 0x88,
+        0x08, 0x22, 0xDB, 0x00, 0x08, 0x0C, 0x08, 0x12,
+        0x99, 0x42, 0x44, 0x1B, 0x00, 0x68, 0x08, 0x13,
+        0x26, 0x53, 0xA2, 0x40, 0x5A, 0x34, 0x25, 0x98,
+        0x90, 0x8C, 0x00, 0x34, 0x2D, 0x93, 0x94, 0x48,
+        0xC8, 0x22, 0x4C, 0xE2, 0x44, 0x29, 0xE2, 0x00,
+        0x28, 0x14, 0x22, 0x40, 0x48, 0x28, 0x24, 0x22,
+        0x49, 0x06, 0xCA, 0xC8, 0x0C, 0x4C, 0x12, 0x80,
+        0x1B, 0xA5, 0x41, 0x11, 0x06, 0x48, 0x1B, 0x27,
+        0x72, 0x20, 0x07, 0x31, 0x24, 0x10, 0x8E, 0x9C,
+        0x94, 0x91, 0x1B, 0x37, 0x82, 0x51, 0x28, 0x2E,
+        0x11, 0x06, 0x42, 0x01, 0x34, 0x6E, 0x8C, 0x22,
+        0x25, 0x24, 0x34, 0x6A, 0x19, 0x47, 0x21, 0x23,
+        0xB6, 0x09, 0x51, 0xB2, 0x31, 0x18, 0x34, 0x45,
+        0x8C, 0xB8, 0x20, 0x1C, 0x19, 0x0A, 0x19, 0xB7,
+        0x6D, 0x18, 0x97, 0x48, 0x09, 0x82, 0x04, 0x9C,
+        0x12, 0x8A, 0x41, 0x08, 0x46, 0x24, 0x13, 0x31,
+        0xD0, 0x42, 0x46, 0xC3, 0x16, 0x80, 0x51, 0x10,
+        0x2E, 0x51, 0x48, 0x04, 0x5C, 0xC2, 0x64, 0x1A,
+        0x10, 0x8E, 0xD9, 0x86, 0x64, 0x90, 0x24, 0x68,
+        0x93, 0xB4, 0x45, 0x94, 0x30, 0x4A, 0xE3, 0x12,
+        0x0C, 0x54, 0x04, 0x90, 0x03, 0x31, 0x40, 0x62,
+        0x92, 0x4D, 0x5C, 0xC8, 0x10, 0x8A, 0xB8, 0x61,
+        0x5C, 0x04, 0x6A, 0xC8, 0xB0, 0x85, 0x93, 0x00,
+        0x05, 0xC3, 0x06, 0x69, 0x1B, 0x34, 0x8E, 0x03,
+        0x84, 0x0C, 0x50, 0x00, 0x2C, 0x8C, 0x96, 0x90,
+        0x08, 0x32, 0x68, 0x0B, 0x90, 0x8C, 0x02, 0x86,
+        0x2D, 0x18, 0x38, 0x09, 0x1C, 0xB2, 0x21, 0x1B,
+        0x48, 0x04, 0x5C, 0x10, 0x86, 0xD8, 0x34, 0x51,
+        0x43, 0x84, 0x88, 0x43, 0xB2, 0x65, 0x12, 0xB6,
+        0x8D, 0x03, 0x01, 0x45, 0x19, 0xB8, 0x8D, 0x92,
+        0x26, 0x4E, 0x12, 0x12, 0x88, 0x52, 0xB2, 0x64,
+        0x21, 0x09, 0x26, 0x49, 0x38, 0x05, 0x24, 0x11,
+        0x0A, 0x22, 0x38, 0x32, 0x23, 0x31, 0x20, 0x4A,
+        0x24, 0x42, 0xC4, 0xA2, 0x44, 0x20, 0x10, 0x0D,
+        0xA1, 0xA8, 0x51, 0x23, 0x86, 0x84, 0x81, 0x38,
+        0x8E, 0x02, 0x00, 0x4A, 0x1C, 0xB7, 0x24, 0x4C,
+        0x06, 0x0A, 0x1C, 0x26, 0x4E, 0xCC, 0x22, 0x48,
+        0x4C, 0x92, 0x2D, 0xC0, 0x20, 0x2D, 0xA1, 0x16,
+        0x89, 0xC3, 0x44, 0x82, 0x19, 0xA7, 0x6D, 0xC4,
+        0x90, 0x10, 0x01, 0x82, 0x89, 0xD8, 0x44, 0x22,
+        0xD9, 0x98, 0x20, 0xC0, 0x88, 0x45, 0x88, 0x22,
+        0x0C, 0x90, 0x36, 0x90, 0x90, 0xA4, 0x05, 0xD3,
+        0x82, 0x21, 0xD0, 0xA6, 0x28, 0x00, 0x33, 0x25,
+        0xA2, 0xC2, 0x6C, 0xD8, 0x10, 0x71, 0xD1, 0x96,
+        0x50, 0xC3, 0x34, 0x08, 0x8B, 0x94, 0x2D, 0x61,
+        0x88, 0x04, 0x1B, 0xC8, 0x2D, 0xE2, 0x30, 0x64,
+        0x20, 0x28, 0x24, 0x1A, 0x34, 0x50, 0x10, 0x25,
+        0x6A, 0x64, 0x36, 0x81, 0x09, 0xC1, 0x45, 0xE3,
+        0x30, 0x80, 0xC3, 0xA6, 0x8C, 0xE0, 0xB6, 0x10,
+        0xC3, 0x34, 0x8D, 0xD1, 0x06, 0x11, 0x88, 0x20,
+        0x0A, 0x0A, 0xC8, 0x21, 0x20, 0x81, 0x30, 0x9C,
+        0x14, 0x61, 0x9B, 0xC2, 0x50, 0x22, 0x15, 0x8D,
+        0x80, 0xA0, 0x41, 0x89, 0x24, 0x41, 0x20, 0x93,
+        0x40, 0x01, 0xA6, 0x09, 0x08, 0x25, 0x2E, 0xC1,
+        0xC6, 0x85, 0x00, 0x17, 0x62, 0x41, 0x30, 0x32,
+        0xDC, 0x06, 0x6D, 0x48, 0x88, 0x08, 0x84, 0xC8,
+        0x30, 0x5B, 0x96, 0x8D, 0x42, 0xB4, 0x4C, 0xD0,
+        0x34, 0x88, 0xD0, 0x04, 0x02, 0x18, 0x15, 0x52,
+        0x52, 0x26, 0x30, 0x8C, 0x46, 0x28, 0x20, 0x94,
+        0x4C, 0x21, 0x18, 0x00, 0xD0, 0xB2, 0x48, 0x1B,
+        0x17, 0x0A, 0x09, 0x30, 0x4C, 0x44, 0xC2, 0x04,
+        0x47, 0x5E, 0xF2, 0x33, 0x31, 0xFF, 0x66, 0x73,
+        0xE2, 0x6E, 0x6A, 0x32, 0xF2, 0x94, 0xBE, 0xFB,
+        0xD5, 0x96, 0x4F, 0xED, 0x98, 0x7A, 0x42, 0xA2,
+        0x35, 0xFC, 0x5B, 0x16, 0x08, 0x61, 0x45, 0xC0,
+        0xB8, 0xA8, 0x23, 0xFB, 0xC1, 0x4F, 0x1C, 0x8C,
+        0xD0, 0x3F, 0xD6, 0xEE, 0xC4, 0x95, 0x28, 0x3E,
+        0x03, 0x5C, 0x0D, 0xCA, 0xE5, 0x2E, 0x68, 0xF3,
+        0x29, 0xDE, 0x7A, 0xDF, 0xD6, 0x4F, 0xEE, 0x0B,
+        0x11, 0x6D, 0x4A, 0x14, 0xE1, 0x53, 0x94, 0xB3,
+        0x1D, 0xF8, 0x8B, 0xCA, 0x10, 0xD1, 0xC9, 0x06,
+        0xAA, 0x82, 0x28, 0x7C, 0x11, 0x74, 0x99, 0xE9,
+        0xD8, 0xC7, 0x7D, 0x17, 0xA9, 0x5C, 0xCC, 0x14,
+        0xAF, 0xF9, 0xC2, 0x05, 0xD2, 0x64, 0x80, 0xA5,
+        0x70, 0xB5, 0x77, 0x0B, 0x04, 0x81, 0x99, 0xCF,
+        0x3F, 0x0E, 0x1B, 0x91, 0xAB, 0x39, 0x4B, 0x1F,
+        0x65, 0xD4, 0x7F, 0x92, 0x98, 0xD0, 0x96, 0xCA,
+        0x25, 0xC0, 0x99, 0xBC, 0x67, 0xF4, 0x33, 0x42,
+        0x63, 0xE3, 0x6B, 0xD9, 0xE6, 0x6B, 0x99, 0x8A,
+        0x07, 0xDC, 0x1E, 0x18, 0x1E, 0x05, 0x38, 0x6E,
+        0x96, 0x8F, 0x1C, 0xB0, 0xAB, 0x1E, 0x9A, 0x67,
+        0xD5, 0xD3, 0x30, 0x11, 0x20, 0x37, 0x82, 0x24,
+        0x88, 0x1F, 0x65, 0x17, 0x59, 0xEC, 0x7D, 0xBF,
+        0x45, 0x78, 0x1E, 0xF8, 0xA8, 0x4D, 0xAD, 0xAF,
+        0xE6, 0x13, 0xD6, 0x01, 0x69, 0x66, 0xBD, 0x88,
+        0x44, 0xB6, 0xA6, 0x17, 0xAC, 0xA1, 0xEE, 0xF6,
+        0x73, 0xB7, 0x74, 0xCC, 0x80, 0x7B, 0x36, 0xDD,
+        0x02, 0xDD, 0x45, 0x21, 0x66, 0x86, 0x03, 0x7F,
+        0x9A, 0xC0, 0xB1, 0x2F, 0x57, 0x26, 0xF2, 0x51,
+        0xC5, 0x72, 0x43, 0xE2, 0xC1, 0x88, 0xF5, 0xEC,
+        0xC0, 0x97, 0xE0, 0xB9, 0x89, 0xB5, 0x8A, 0x5D,
+        0x80, 0x4A, 0xBF, 0xD7, 0x20, 0x25, 0x55, 0x77,
+        0x66, 0x8E, 0xE3, 0x04, 0xD0, 0x1C, 0x50, 0xFE,
+        0x8B, 0x6D, 0x90, 0x68, 0x53, 0xCF, 0x7A, 0x49,
+        0x4F, 0xB4, 0x79, 0x91, 0xF1, 0x81, 0xB7, 0x42,
+        0x0E, 0x74, 0x19, 0x9C, 0x82, 0xE7, 0x1A, 0x82,
+        0x4B, 0xF8, 0xC6, 0x13, 0x1D, 0xF4, 0xD1, 0x85,
+        0x6F, 0x11, 0xE7, 0x04, 0x07, 0x70, 0x72, 0x4D,
+        0xE7, 0x2C, 0x81, 0x5A, 0xC0, 0x44, 0x3F, 0x2E,
+        0x77, 0xEC, 0x22, 0xA1, 0x28, 0xDB, 0x18, 0xE1,
+        0x18, 0x3E, 0xE7, 0x96, 0x82, 0xC4, 0x30, 0x24,
+        0xC9, 0x07, 0x46, 0x6C, 0x35, 0x4B, 0x1C, 0x7B,
+        0x0E, 0x0E, 0xF0, 0x9F, 0x16, 0x48, 0x7B, 0xD8,
+        0xA9, 0x9C, 0x3A, 0x0A, 0x9E, 0xDB, 0xF0, 0x0F,
+        0x15, 0xA5, 0xEB, 0x1C, 0x50, 0xD4, 0x27, 0x36,
+        0xDB, 0x07, 0x63, 0xBD, 0x56, 0xBD, 0xFA, 0x81,
+        0x09, 0x9A, 0xDE, 0xCE, 0xE8, 0x4A, 0xEA, 0x06,
+        0x9C, 0x06, 0x5B, 0x67, 0x03, 0x14, 0xB9, 0xE4,
+        0x8C, 0x66, 0x75, 0xA3, 0xCC, 0x69, 0x39, 0x57,
+        0xDA, 0x1D, 0x21, 0xBA, 0xCE, 0xD8, 0x70, 0x02,
+        0xFF, 0xF5, 0x6F, 0x25, 0x3A, 0x3D, 0xFC, 0x79,
+        0xA3, 0xF0, 0x3A, 0x3F, 0x2B, 0x10, 0x51, 0x9A,
+        0xCB, 0xC9, 0x1A, 0xF5, 0xF1, 0x98, 0x5B, 0x5C,
+        0x87, 0x96, 0x4E, 0xC8, 0x00, 0x8A, 0x3A, 0x6E,
+        0x85, 0x02, 0xA5, 0xF1, 0x69, 0x32, 0x6E, 0xC1,
+        0x95, 0x68, 0xCF, 0xA8, 0xE8, 0x85, 0x55, 0x4D,
+        0x6A, 0x68, 0x1F, 0x00, 0xDD, 0x26, 0xB3, 0x24,
+        0xF4, 0x9D, 0xD2, 0x4D, 0x81, 0x06, 0xDA, 0xE6,
+        0x4D, 0x11, 0x73, 0xDF, 0xFE, 0x4F, 0xA6, 0x22,
+        0x5E, 0x6C, 0x6D, 0x5E, 0xE3, 0x59, 0xCF, 0xF4,
+        0x35, 0xA0, 0x80, 0x86, 0x89, 0x49, 0xB2, 0xED,
+        0x0C, 0xC7, 0x3B, 0x42, 0x06, 0x68, 0x8D, 0x90,
+        0x04, 0x1A, 0xBD, 0x51, 0xF6, 0xB9, 0x29, 0x2E,
+        0xB6, 0xF0, 0x79, 0x40, 0x1E, 0x6E, 0x59, 0x94,
+        0xFB, 0xF5, 0x6B, 0x72, 0x82, 0x4C, 0xB6, 0xC7,
+        0x2B, 0x12, 0x71, 0x77, 0xDD, 0x89, 0xCC, 0x2F,
+        0x98, 0xB0, 0x93, 0x1C, 0x98, 0xCE, 0x5E, 0x89,
+        0x0D, 0x95, 0x7B, 0x98, 0xE1, 0xEA, 0xDC, 0xB7,
+        0xFF, 0x22, 0xC5, 0x31, 0x40, 0x9E, 0x1C, 0x80,
+        0x59, 0x47, 0x01, 0x49, 0xEC, 0x81, 0xEF, 0x16,
+        0x32, 0x6B, 0xB0, 0x4E, 0xE2, 0x3B, 0xA3, 0xC1,
+        0x03, 0x12, 0x0D, 0xA6, 0x65, 0xDE, 0x8D, 0xB0,
+        0xA0, 0xBB, 0x75, 0xEF, 0x5C, 0xDA, 0xF4, 0xEE,
+        0x47, 0x6E, 0x55, 0x02, 0x38, 0xCD, 0xC1, 0xAC,
+        0xDD, 0x71, 0xA6, 0x34, 0xAB, 0xCE, 0xA5, 0x5C,
+        0x90, 0xFF, 0xF8, 0xE0, 0xA7, 0x87, 0xBD, 0x21,
+        0x36, 0x91, 0x4F, 0x23, 0xD8, 0x75, 0x58, 0xC5,
+        0xF6, 0xBA, 0xAC, 0x54, 0x6C, 0x24, 0xB1, 0x41,
+        0x02, 0x02, 0xB9, 0x44, 0x31, 0x0E, 0xC4, 0xC9,
+        0xC6, 0x87, 0x85, 0x36, 0x05, 0xC8, 0xAE, 0xC9,
+        0xF1, 0xEF, 0x6B, 0x67, 0x52, 0xD3, 0x9A, 0x15,
+        0xBF, 0xA2, 0x47, 0xEF, 0x89, 0xFC, 0x06, 0x99,
+        0xA1, 0x1A, 0xE4, 0x5A, 0x75, 0xE5, 0x09, 0xD4,
+        0x54, 0xE9, 0x89, 0xF2, 0x60, 0x6E, 0xAB, 0x10,
+        0xF8, 0x42, 0xE4, 0xAD, 0x57, 0xC6, 0xE3, 0x65,
+        0x48, 0x94, 0x14, 0x05, 0x4F, 0x62, 0x20, 0x0F,
+        0x3A, 0x1E, 0xC7, 0x62, 0xDC, 0x5C, 0x8E, 0xFA,
+        0x19, 0x88, 0x47, 0x5D, 0xE8, 0xC3, 0xD5, 0x8C,
+        0x2B, 0x71, 0xBA, 0x11, 0x98, 0x7C, 0x0A, 0xC6,
+        0x42, 0x08, 0x3B, 0xAC, 0x76, 0xFB, 0x50, 0x78,
+        0x8C, 0x26, 0x8F, 0xEE, 0x7B, 0xE2, 0x59, 0x9B,
+        0x34, 0x58, 0x09, 0x2A, 0x8B, 0xCB, 0x1F, 0x31,
+        0x94, 0x8F, 0xE4, 0x82, 0xDF, 0x9A, 0x54, 0x5B,
+        0x63, 0x85, 0x94, 0xD6, 0x7A, 0x44, 0x06, 0x91,
+        0x5C, 0xCD, 0xC7, 0x55, 0x57, 0x47, 0xC0, 0x4E,
+        0x72, 0xA5, 0x48, 0xAB, 0x8F, 0xEE, 0x87, 0x6B,
+        0x25, 0x82, 0x61, 0x3C, 0xCA, 0xBD, 0xA9, 0x6C,
+        0xF1, 0x4A, 0xAA, 0xF6, 0x71, 0x6B, 0x79, 0x0B,
+        0xFE, 0x4D, 0x92, 0x32, 0xD9, 0x03, 0x70, 0xD6,
+        0x0B, 0xBC, 0x18, 0x4B, 0xA3, 0x3B, 0xCF, 0x77,
+        0x83, 0x16, 0xE3, 0x4B, 0x11, 0x83, 0x8D, 0x8F,
+        0x71, 0xFE, 0xEA, 0xC0, 0x42, 0xF0, 0x35, 0xB0,
+        0x76, 0xEA, 0xC1, 0xC2, 0x62, 0xFA, 0x9C, 0x32,
+        0xBC, 0x8D, 0x69, 0xB1, 0x38, 0xB3, 0x51, 0x31,
+        0x8E, 0xD1, 0xF3, 0x44, 0x95, 0x95, 0x11, 0x52,
+        0x36, 0xF4, 0xCA, 0x7C, 0xBA, 0x2B, 0xA9, 0xE1,
+        0x03, 0xF0, 0xF5, 0x09, 0xAB, 0x91, 0x6E, 0x48,
+        0xB8, 0xAF, 0x03, 0x9B, 0xDC, 0xD5, 0x1C, 0xAB,
+        0xFA, 0xCA, 0xDC, 0xEE, 0x8E, 0x49, 0x84, 0xF5,
+        0x61, 0xF9, 0x7D, 0x17, 0xCB, 0xF1, 0xDE, 0x9A,
+        0x7A, 0x7B, 0xDA, 0xF3, 0x26, 0xE6, 0xD8, 0xAD,
+        0x90, 0xE9, 0x5B, 0xAF, 0x15, 0x45, 0xD3, 0xE2,
+        0x46, 0x69, 0xD1, 0xC5, 0xF4, 0x28, 0xE0, 0x7E,
+        0x2C, 0x71, 0x10, 0xFF, 0x43, 0x59, 0x80, 0x93,
+        0xE6, 0xF9, 0x28, 0xA0, 0x34, 0xC6, 0x86, 0xBA,
+        0xE7, 0x5A, 0x56, 0x7A, 0xE4, 0xF5, 0x20, 0xB4,
+        0x4D, 0xAC, 0xB4, 0x95, 0xE5, 0xB2, 0xC6, 0x43,
+        0x9E, 0x2E, 0x67, 0x8E, 0x7C, 0x05, 0x4F, 0xF7,
+        0x60, 0x14, 0x88, 0xC6, 0xAE, 0x4A, 0x05, 0x36,
+        0x99, 0x73, 0x55, 0x10, 0xF9, 0xDB, 0xC3, 0x4C,
+        0xD7, 0x6A, 0x19, 0x94, 0xC0, 0xFE, 0x74, 0x12,
+        0xC0, 0xCE, 0x95, 0x15, 0xBF, 0x60, 0x3A, 0x8E,
+        0xB5, 0xFC, 0x8A, 0xBC, 0xAC, 0x9F, 0x15, 0x10,
+        0x44, 0x73, 0x58, 0x60, 0x5D, 0xA1, 0x33, 0xFD,
+        0xDE, 0xBD, 0xF2, 0x22, 0x69, 0xEE, 0x1D, 0x46,
+        0x8E, 0x2E, 0xE8, 0x21, 0x62, 0x1D, 0x27, 0x84,
+        0xC4, 0x6D, 0xA8, 0x30, 0x02, 0xA6, 0x26, 0x94,
+        0xFA, 0xB1, 0xEF, 0xEC, 0x3B, 0x8D, 0x6F, 0x1B,
+        0x2C, 0xCE, 0x2A, 0x4E, 0xC4, 0x28, 0x35, 0x4E,
+        0x39, 0xA4, 0xF4, 0x5C, 0x96, 0x65, 0xC1, 0xB8,
+        0x55, 0xA5, 0x09, 0x15, 0xBC, 0x4D, 0x3B, 0xD0,
+        0x1F, 0x7F, 0xBA, 0x90, 0x20, 0xCD, 0xBD, 0xC2,
+        0xC8, 0xE5, 0xC6, 0xB0, 0x6F, 0x14, 0x4E, 0x6B,
+        0xEA, 0x8A, 0x24, 0x44, 0xE1, 0x0A, 0xCD, 0xB2,
+        0x05, 0xF3, 0x15, 0x71, 0x7C, 0x86, 0xFC, 0xF1,
+        0xFD, 0x6B, 0xA6, 0xE3, 0xFC, 0x86, 0xE3, 0xBA,
+        0x56, 0x6B, 0x8F, 0xBE, 0x02, 0x9A, 0x03, 0x0C,
+        0x8C, 0x69, 0xE5, 0x7C, 0x15, 0xAE, 0x13, 0x12,
+        0x25, 0x2B, 0x36, 0xFB, 0x51, 0xA1, 0x61, 0x5E,
+        0x37, 0x46, 0x92, 0x0C, 0x0B, 0x71, 0x5C, 0x1D,
+        0xA4, 0xDB, 0x04, 0xC1, 0x08, 0xED, 0x5C, 0x44,
+        0x80, 0x70, 0xC1, 0x0E, 0x63, 0x6D, 0x92, 0xC2,
+        0x1E, 0x18, 0x8E, 0x71, 0x0E, 0x7C, 0x10, 0x21,
+        0x1E, 0xC2, 0xCF, 0xD6, 0x38, 0x7A, 0x9B, 0x5C,
+        0x9E, 0xE8, 0x82, 0x3D, 0xDD, 0x40, 0x0C, 0x96,
+        0x17, 0xEF, 0xB1, 0x25, 0xBA, 0x84, 0x45, 0x4F,
+        0x64, 0xA6, 0x8E, 0x2B, 0xBA, 0xF1, 0xED, 0xB3,
+        0x4F, 0x92, 0x5F, 0x1A, 0x73, 0x2A, 0x2A, 0x22,
+        0x68, 0x19, 0x4C, 0x8A, 0x87, 0x51, 0x75, 0x78,
+        0xCF, 0x3C, 0xC5, 0x97, 0xFD, 0x77, 0x43, 0xCB,
+        0xAE, 0x3D, 0x9C, 0xB6, 0x45, 0x54, 0x45, 0xF4,
+        0x1B, 0x92, 0xEE, 0xF4, 0x9D, 0xC4, 0x32, 0x10,
+        0x6A, 0x48, 0xAB, 0xE9, 0x47, 0xBF, 0x2B, 0x92,
+        0x49, 0x84, 0x23, 0x52, 0x05, 0xA1, 0x92, 0x3B,
+        0xD7, 0x78, 0x2D, 0x9A, 0x15, 0xB4, 0xD9, 0xD3,
+        0x45, 0xD0, 0x69, 0xF1, 0x38, 0x4D, 0x39, 0xEA,
+        0x49, 0x7E, 0xC0, 0xE7, 0x7A, 0x07, 0x88, 0x1D,
+        0x1F, 0xA3, 0xAC, 0xE9, 0xC3, 0xFD, 0x6B, 0x5D,
+        0xF6, 0xB2, 0xB9, 0xAA, 0x9A, 0xBE, 0xF4, 0x06,
+        0xD9, 0x5E, 0x81, 0xE5, 0x68, 0xDF, 0xEA, 0x20,
+        0x4C, 0xEE, 0xED, 0x42, 0xA4, 0xD3, 0x7B, 0xA8,
+        0x82, 0x98, 0x0D, 0xB4, 0xC8, 0xC3, 0x43, 0x28,
+        0x13, 0xE9, 0x6B, 0x11, 0x0E, 0x54, 0xE6, 0xCD,
+        0x11, 0x0A, 0x01, 0x36, 0x41, 0x78, 0xC5, 0x7D,
+        0x00, 0xC6, 0x8D, 0xE7, 0x7B, 0x4C, 0xE6, 0x35,
+        0x57, 0x8F, 0x56, 0xA9, 0x73, 0x5A, 0xEF, 0x93,
+        0xF0, 0xD8, 0x16, 0xE3, 0x44, 0x8A, 0xA0, 0xA9,
+        0xF1, 0x9C, 0x2E, 0x02, 0xD1, 0x3C, 0x66, 0xDD,
+        0xE5, 0x35, 0xFE, 0x81, 0x77, 0x8D, 0xC2, 0x46,
+        0x64, 0x03, 0x23, 0xCC, 0x37, 0x22, 0x60, 0x68,
+        0xCC, 0x7F, 0x79, 0xE8, 0x6B, 0xD0, 0xEE, 0x1C,
+        0x6A, 0xC3, 0x3C, 0xEB, 0x51, 0x95, 0xFA, 0xE4,
+        0x28, 0x17, 0x94, 0x49, 0x22, 0x69, 0x64, 0x98,
+        0x82, 0x8B, 0x68, 0x9F, 0x69, 0x35, 0xF9, 0xBF,
+        0x33, 0x22, 0xA4, 0x32, 0x0F, 0x4C, 0x26, 0xE4,
+        0x8D, 0xDF, 0xAE, 0xBD, 0xF4, 0x4D, 0x01, 0xAF,
+        0xA1, 0xFA, 0x3E, 0xCE, 0xD3, 0xB0, 0x5D, 0x02,
+        0xDB, 0x3B, 0xB4, 0x23, 0xB8, 0x55, 0x97, 0xB5,
+        0x1F, 0x25, 0x64, 0xA7, 0x5D, 0x4A, 0x8C, 0x90,
+        0xD4, 0xB6, 0x85, 0x20, 0x32, 0x09, 0x37, 0x26,
+        0x00, 0xD5, 0x4D, 0x98, 0x5A, 0xCF, 0x29, 0x3B,
+        0x0E, 0xAF, 0x69, 0x88, 0x78, 0x18, 0xAD, 0xD1,
+        0xE1, 0xB7, 0xC5, 0xD7, 0xB7, 0x5F, 0xFE, 0xB5,
+        0x64, 0xE0, 0x68, 0x0B, 0x4F, 0x46, 0x7B, 0xDE,
+        0x0B, 0x11, 0x7A, 0x42, 0x10, 0x86, 0x09, 0x60,
+        0xB5, 0xE0, 0x22, 0x17, 0x28, 0x68, 0x7A, 0xE9,
+        0xEB, 0xBC, 0x6B, 0xD5, 0x95, 0x4C, 0xE0, 0xAE,
+        0x57, 0xB1, 0x45, 0xFF, 0xC2, 0x7E, 0xB6, 0xA0,
+        0xD3, 0x8E, 0x46, 0x16, 0xCE, 0xBE, 0x76, 0xCE,
+        0x59, 0x5B, 0xA4, 0x96, 0x1E, 0x9F, 0x80, 0xF0,
+        0x06, 0x7E, 0xCD, 0x6E, 0x27, 0xB8, 0x7D, 0x26,
+        0xB6, 0x60, 0xA3, 0xAB, 0x52, 0xC1, 0x37, 0x9A,
+        0xDD, 0x46, 0xF5, 0xB9, 0x39, 0x75, 0xAA, 0x19,
+        0xF3, 0xE4, 0xA8, 0x95, 0x4B, 0x25, 0x3F, 0x0B,
+        0x44, 0x13, 0xF5, 0x82, 0x10, 0x68, 0x03, 0xD5,
+        0x0F, 0x99, 0xB5, 0xB2, 0x8B, 0x85, 0x77, 0x2E,
+        0x78, 0x3E, 0xEE, 0x21, 0x6E, 0xAD, 0x2D, 0xCF,
+        0x95, 0x62, 0x94, 0x1C, 0x50, 0xAB, 0xC5, 0xFA,
+        0x8E, 0x24, 0xB6, 0x14, 0x86, 0x46, 0x8A, 0xAA,
+        0x20, 0xDF, 0x15, 0xD1, 0x72, 0xF6, 0xAC, 0x03,
+        0xAF, 0xDF, 0xCD, 0x53, 0x81, 0xBA, 0xDB, 0x07,
+        0x8B, 0x8E, 0xBB, 0x70, 0x91, 0x57, 0x04, 0xB9,
+        0x88, 0xE5, 0x8F, 0x45, 0xD3, 0xD6, 0x31, 0x12,
+        0xA5, 0xC1, 0x28, 0xC6, 0x49, 0x90, 0x0F, 0x1D,
+        0x69, 0x66, 0xE3, 0x98, 0x56, 0x7D, 0xE3, 0x48,
+        0xAC, 0xC0, 0xDE, 0xE4, 0x2B, 0x88, 0x01, 0x19,
+        0x4E, 0x99, 0xBB, 0x1A, 0xAF, 0x02, 0x5A, 0x91,
+        0xE3, 0x2C, 0xE6, 0x56, 0x4D, 0x05, 0x10, 0xB9,
+        0x10, 0xF2, 0x2A, 0x27, 0xDE, 0xCF, 0x9D, 0x2E
+    };
+    static const byte msg_44[] = {
+        0xB1, 0x34, 0x49, 0x15, 0xCC, 0xD6, 0x93, 0x41,
+        0x6B, 0x37, 0xFE, 0xBD, 0x8D, 0xC7, 0xC7, 0xDB,
+        0x9F, 0x25, 0x3E, 0x9D, 0xF5, 0x3C, 0xEC, 0x51,
+        0x49, 0x23, 0xAA, 0xA2, 0x67, 0x6F, 0xBF, 0xA4,
+        0xCC, 0x04, 0xFC, 0x68, 0xF9, 0xE3, 0x2F, 0x9E,
+        0x86, 0x4C, 0x68, 0x95, 0xDB, 0x37, 0xE9, 0xFF,
+        0xEB, 0x80, 0xF0, 0xF6, 0xB8, 0x6C, 0xB6, 0xAD,
+        0x9C, 0x42, 0xF8, 0xFC, 0x75, 0x19, 0x8D, 0xD3,
+        0xCC, 0xDA, 0xF5, 0x77, 0xC7, 0xB3, 0x5B, 0x8F,
+        0x1B, 0xF6, 0x0A, 0xAB, 0xEA, 0x89, 0x94, 0x42,
+        0x20, 0x1F, 0xBB, 0xF4, 0x42, 0x8C, 0x7E, 0xC1,
+        0x7B, 0xC3, 0x1B, 0x54, 0x72, 0x4B, 0x95, 0x90,
+        0xF7, 0x53, 0x1E, 0x6F, 0x79, 0x0A, 0x1F, 0xA7,
+        0x74, 0x32, 0x83, 0x37, 0x2D, 0x31, 0x71, 0xB8,
+        0x96, 0x6B, 0x47, 0x0A, 0xAA, 0x85, 0x26, 0xEB,
+        0x4A, 0x6E, 0x81, 0xE6, 0x5A, 0xD0, 0xC2, 0x9F,
+        0x2D, 0x37, 0xDD, 0x5B, 0x41, 0x2B, 0xAE, 0x68,
+        0x2A, 0x66, 0x79, 0x68, 0x77, 0xC8, 0x2F, 0xFD,
+        0xA9, 0x76, 0x24, 0x34, 0xEA, 0xC2, 0xC7, 0xD4,
+        0xAF, 0x60, 0x9B, 0x27, 0x72, 0x49, 0x0D, 0xEE,
+        0x9B, 0xFB, 0x00, 0x5D, 0x2F, 0x1A, 0x2E, 0xBB,
+        0xA0, 0x32, 0xCD, 0x71, 0x59, 0xD5, 0x4B, 0xE5,
+        0x96, 0xF3, 0x30, 0x68, 0xBE, 0x5D, 0x9A, 0x2D,
+        0x94, 0x0C, 0x76, 0x70, 0xE6, 0x4E, 0x9A, 0xF7,
+        0xD7, 0xD3, 0x3E, 0xC3, 0xAE, 0xC6, 0xF1, 0xD9,
+        0xDE, 0xE3, 0x92, 0x84, 0xF0, 0x5C, 0xE0, 0x25,
+        0xD1, 0x81, 0x76, 0x0D, 0x40, 0xE5, 0xC2, 0xD9,
+        0xBE, 0xAE, 0x24, 0x20, 0xF4, 0x0D, 0x9F, 0x32,
+        0xB7, 0xBD, 0xCD, 0x3A, 0xFB, 0x1C, 0x66, 0x0D,
+        0x01, 0x71, 0x4D, 0x81, 0x37, 0x58, 0xDB, 0xB8,
+        0x2C, 0x6B, 0x7E, 0x85, 0x80, 0x52, 0xB5, 0xA5,
+        0x0E, 0x39, 0xE0, 0x15, 0xD3, 0xF2, 0x4A, 0x2C,
+        0x64, 0xC9, 0xDD, 0xCC, 0x15, 0x0D, 0x90, 0x4F,
+        0x07, 0xF6, 0x5F, 0xF6, 0x8A, 0xD0, 0x12, 0x9E,
+        0xC3, 0xF8, 0x12, 0x3F, 0x3A, 0x03, 0xFC, 0x95,
+        0x8A, 0xE2, 0x47, 0x8C, 0x6C, 0x6E, 0x03, 0x61,
+        0x67, 0xD8, 0x51, 0x49, 0xF7, 0x9F, 0xB0, 0x3F,
+        0xAA, 0xB9, 0x89, 0x7C, 0xE7, 0x3F, 0x88, 0x55,
+        0xC5, 0x4C, 0x83, 0xD7, 0x53, 0xB1, 0x04, 0xB5,
+        0x13, 0xD5, 0x6B, 0xC6, 0x4C, 0x3B, 0x08, 0x91,
+        0x73, 0x47, 0x35, 0x13, 0x26, 0xD8, 0xEB, 0x47,
+        0xCF, 0x66, 0xF1, 0x3F, 0xB9, 0x0F, 0x6A, 0xF5,
+        0xA8, 0x94, 0xC7, 0x75, 0x00, 0x77, 0xA8, 0x9C,
+        0xEB, 0x77, 0x22, 0xE2, 0xE6, 0x80, 0xA5, 0x9B,
+        0xF8, 0x43, 0x8C, 0x52, 0x35, 0x31, 0xEA, 0x8C,
+        0xC2, 0x83, 0x4F, 0xFC, 0x4E, 0xF0, 0x2D, 0x35,
+        0xB8, 0x51, 0x46, 0xF2, 0xD6, 0x01, 0xD5, 0x00,
+        0x99, 0x6A, 0x44, 0x10, 0x64, 0xAD, 0xCA, 0x1F,
+        0x62, 0x3F, 0x2F, 0xE7, 0x45, 0x22, 0x47, 0xEF,
+        0x86, 0x9D, 0x76, 0xD5, 0x78, 0x42, 0x07, 0x30,
+        0x88, 0x86, 0x90, 0xB1, 0xA0, 0x08, 0xDA, 0x28,
+        0x2A, 0xD1, 0x75, 0x7D, 0x21, 0x71, 0x29, 0x38,
+        0x59, 0xC7, 0x3F, 0x55, 0x20, 0xB5, 0xBB, 0x48,
+        0x03, 0xE7, 0xFA, 0xB0, 0x29, 0x00, 0xD2, 0x0F,
+        0xE7, 0x65, 0x81, 0x8E, 0xE6, 0x24, 0xE7, 0xA1,
+        0x94, 0x50, 0x9D, 0x01, 0x6B, 0x4B, 0xD7, 0x81,
+        0x4E, 0xA0, 0xD5, 0x4A, 0x51, 0xEE, 0x95, 0x0A,
+        0x14, 0x76, 0xD5, 0x87, 0xAA, 0x6F, 0x78, 0xC8,
+        0xD2, 0xE0, 0xC8, 0xF8, 0xF2, 0x78, 0xD8, 0x2E,
+        0x11, 0x90, 0x44, 0xB6, 0xBF, 0xD0, 0xBE, 0xD8,
+        0x6F, 0xA4, 0x20, 0xA2, 0xC8, 0xA4, 0xEF, 0xB0,
+        0x5D, 0x73, 0x06, 0xBE, 0x52, 0xF9, 0x32, 0xD8,
+        0x06, 0x5D, 0xD1, 0x29, 0x23, 0x46, 0x25, 0x6E,
+        0x42, 0x9D, 0xEE, 0x41, 0x9E, 0xF3, 0x7D, 0x1B,
+        0x35, 0x28, 0x81, 0xDC, 0x47, 0x7F, 0x25, 0xA4,
+        0x0A, 0xEB, 0x3E, 0x17, 0xE6, 0x1B, 0xCC, 0x00,
+        0xD2, 0xE2, 0xA9, 0x3D, 0xEC, 0xF3, 0x00, 0xF0,
+        0x81, 0x68, 0x21, 0xED, 0x49, 0xF9, 0x9B, 0x9B,
+        0x8B, 0xED, 0xD9, 0x1E, 0xFA, 0x04, 0xBB, 0xB0,
+        0x9A, 0xBD, 0x1D, 0x24, 0x36, 0xA7, 0xD6, 0x64,
+        0x8A, 0x38, 0x3A, 0x3A, 0x8F, 0x09, 0x08, 0x0E,
+        0x46, 0x7B, 0xE1, 0x03, 0x30, 0xBF, 0x62, 0x27,
+        0x10, 0x74, 0xBE, 0xBD, 0x7F, 0x56, 0x39, 0x0D,
+        0x1D, 0x39, 0x47, 0xF4, 0x02, 0x47, 0x6B, 0x62,
+        0x6B, 0x52, 0xAC, 0xAB, 0x21, 0xAC, 0x10, 0x4A,
+        0xAB, 0x59, 0x75, 0x33, 0x11, 0xD9, 0xE9, 0xE2,
+        0xB2, 0x20, 0x6B, 0xA1, 0x09, 0x42, 0xB6, 0x37,
+        0xE4, 0x5C, 0xE6, 0x9F, 0x54, 0xB4, 0x67, 0xBC,
+        0xAE, 0xF3, 0xDC, 0x1A, 0xA2, 0x15, 0x47, 0x7B,
+        0x15, 0xC8, 0x00, 0x35, 0x8E, 0x1D, 0x69, 0x04,
+        0xD8, 0x9C, 0xA9, 0x6A, 0x03, 0x1A, 0x55, 0x48,
+        0x6C, 0x4F, 0xC1, 0x68, 0x27, 0x26, 0x13, 0xAB,
+        0x8E, 0x03, 0x50, 0x7B, 0xDD, 0xC2, 0x7E, 0x5C,
+        0x8A, 0x6F, 0xBB, 0x5F, 0x8B, 0x22, 0x86, 0xA5,
+        0xC5, 0x0E, 0xC5, 0x68, 0x60, 0xF6, 0xBF, 0xFF,
+        0x6E, 0xBA, 0xDC, 0x21, 0x71, 0xD2, 0xEB, 0xD1,
+        0x27, 0x8C, 0x58, 0x14, 0xC3, 0x2E, 0x13, 0x9E,
+        0x04, 0x09, 0x61, 0xC3, 0x19, 0xC3, 0x03, 0x48,
+        0x70, 0x33, 0x3B, 0x12, 0xF7, 0x3B, 0x38, 0xE7,
+        0x18, 0x14, 0xA9, 0xF1, 0x60, 0x83, 0x65, 0xEB,
+        0x32, 0xD5, 0x23, 0x8F, 0x6B, 0xF7, 0xD8, 0x00,
+        0x21, 0xBD, 0xA3, 0x98, 0xDE, 0xD7, 0x13, 0x17,
+        0xAB, 0x3C, 0xA4, 0xD7, 0xBE, 0x1D, 0xA7, 0x4A,
+        0x1B, 0xC4, 0x0C, 0x9B, 0x2E, 0x34, 0x5B, 0xA7,
+        0xA2, 0x3F, 0x9B, 0x2D, 0xDB, 0xAF, 0x85, 0x14,
+        0x0A, 0xF9, 0x30, 0x9E, 0x86, 0x53, 0xAC, 0x24,
+        0xAF, 0xD8, 0x25, 0xBC, 0x2A, 0x07, 0x2B, 0xCD,
+        0x02, 0xFE, 0x3E, 0xF0, 0x0B, 0xE3, 0xF9, 0x51,
+        0x5C, 0x29, 0xEB, 0x8A, 0xFB, 0xC3, 0xEF, 0xD1,
+        0xF9, 0xCF, 0xDF, 0xE9, 0xEB, 0xA9, 0x49, 0x59,
+        0xB5, 0x17, 0x7E, 0x28, 0x86, 0xB8, 0xD1, 0x8D,
+        0xCA, 0x97, 0xF0, 0xCB, 0x80, 0x7E, 0xE3, 0xEA,
+        0xE3, 0x1B, 0x48, 0xCF, 0xAC, 0x61, 0x3C, 0x2E,
+        0x00, 0xAB, 0x74, 0xFB, 0x95, 0xF6, 0x64, 0xF3,
+        0xCA, 0xBF, 0x6E, 0xEF, 0xCD, 0xDD, 0x6D, 0xA5,
+        0xF8, 0x98, 0xEC, 0x38, 0xF2, 0xF0, 0x7D, 0x6D,
+        0xCB, 0x75, 0xE0, 0x50, 0x9D, 0x13, 0x19, 0x24,
+        0x07, 0x4C, 0x05, 0xF4, 0x5D, 0xCA, 0x25, 0xB7,
+        0xCF, 0xE2, 0xBC, 0xFE, 0xEC, 0xAF, 0x5F, 0xC3,
+        0x6C, 0xE6, 0xE3, 0xC5, 0x85, 0x43, 0x7B, 0x06,
+        0x9F, 0xD2, 0xC6, 0xBB, 0xAD, 0x33, 0xD6, 0x86,
+        0xBD, 0x5B, 0x9E, 0x2C, 0xA0, 0xD9, 0x8B, 0xDC,
+        0x5E, 0x71, 0x7B, 0x6D, 0xF7, 0x1D, 0x40, 0x91,
+        0x30, 0x8E, 0x84, 0x73, 0x9A, 0xD6, 0x7F, 0xA6,
+        0x79, 0xA6, 0xCE, 0xE9, 0xA6, 0x83, 0x28, 0x4B,
+        0x4F, 0xB3, 0x1B, 0x2C, 0x40, 0x8F, 0x52, 0xF0,
+        0x59, 0x7D, 0x9C, 0x04, 0xEA, 0xF4, 0xAC, 0x6D,
+        0xBB, 0x6C, 0x3F, 0xD6, 0x7F, 0x25, 0x39, 0xD8,
+        0x87, 0xDF, 0xBC, 0xF3, 0xCA, 0xE4, 0x59, 0xFA,
+        0x76, 0x66, 0x61, 0xA4, 0x8B, 0xFC, 0xFD, 0x6F,
+        0x64, 0x03, 0x99, 0xD3, 0xAF, 0x07, 0x86, 0x35,
+        0x99, 0x98, 0xCE, 0xFF, 0x7E, 0x9E, 0xB1, 0xB0,
+        0x57, 0xA6, 0x29, 0x3D, 0xFF, 0xB7, 0xF3, 0xF2,
+        0x51, 0x4B, 0x0B, 0x70, 0x29, 0x46, 0x06, 0x8A,
+        0x6B, 0xBD, 0x75, 0x30, 0xD6, 0x91, 0x7F, 0xB1,
+        0x1D, 0xBB, 0xAA, 0xBE, 0xD7, 0xAA, 0x46, 0x81,
+        0xD7, 0x8A, 0xEA, 0x91, 0x86, 0x69, 0x2D, 0xDA,
+        0x34, 0x70, 0x65, 0x2E, 0xB8, 0xA3, 0xF1, 0x44,
+        0x56, 0xA5, 0xAA, 0xC4, 0x20, 0x88, 0x3B, 0x42,
+        0x37, 0xB0, 0xA7, 0x2D, 0x91, 0x27, 0x63, 0xB6,
+        0x7A, 0xC4, 0x13, 0x1A, 0x8A, 0x5D, 0x2F, 0x16,
+        0x82, 0x96, 0xB9, 0x12, 0xD3, 0xB6, 0x61, 0xC4,
+        0xE8, 0x3C, 0xE6, 0x3A, 0x61, 0xC0, 0x45, 0xEB,
+        0xA5, 0x75, 0xEE, 0xB6, 0x7F, 0xB0, 0x70, 0xED,
+        0x82, 0x39, 0xE5, 0x1A, 0x67, 0xD9, 0x80, 0x3C,
+        0xE0, 0x0B, 0x85, 0x66, 0x74, 0xE0, 0xB7, 0x26,
+        0x66, 0x26, 0xDD, 0x02, 0x15, 0xE5, 0xEF, 0x5F,
+        0xDE, 0x7B, 0xF4, 0x0B, 0x99, 0x10, 0x21, 0x08,
+        0xFC, 0x2D, 0xF2, 0x8B, 0xDC, 0xC8, 0xEA, 0xC6,
+        0x3E, 0xFB, 0x20, 0x50, 0x1F, 0x24, 0x66, 0x99,
+        0x80, 0x88, 0xC7, 0xA0, 0xB9, 0x6D, 0x1B, 0x75,
+        0xC4, 0xC2, 0xE2, 0x52, 0xA0, 0xBF, 0x38, 0x01,
+        0x5C, 0xA5, 0x8A, 0xDA, 0x79, 0x38, 0xAE, 0x2E,
+        0xC7, 0x96, 0x6F, 0x30, 0x5B, 0xB4, 0x21, 0xC0,
+        0xCD, 0x95, 0xCA, 0xD2, 0x12, 0x7D, 0xAD, 0x87,
+        0x08, 0x6C, 0xC3, 0x8B, 0xF6, 0xB1, 0x5D, 0xAD,
+        0x2C, 0x7C, 0x04, 0x41, 0xE5, 0x34, 0x2E, 0x4B,
+        0x5A, 0xD9, 0x1E, 0x66, 0xF4, 0x23, 0xE2, 0x88,
+        0x4D, 0xD9, 0x03, 0xFE, 0x6C, 0x64, 0x7D, 0x61,
+        0xE6, 0x70, 0x0E, 0xA8, 0x83, 0x08, 0x07, 0xE6,
+        0xFD, 0x64, 0x54, 0x3E, 0x3C, 0x6E, 0x9A, 0xD1,
+        0x93, 0x37, 0x36, 0x90, 0xDE, 0x94, 0xF7, 0x16,
+        0x15, 0x47, 0x94, 0xFE, 0x97, 0x5B, 0x11, 0x80,
+        0xBA, 0x40, 0xAF, 0x7F, 0x05, 0xC1, 0x82, 0x91,
+        0x69, 0xFD, 0xFB, 0xEC, 0x3A, 0xF7, 0xCF, 0xE1,
+        0xD7, 0x9B, 0x59, 0x7E, 0xE4, 0x38, 0xA2, 0x96,
+        0xEF, 0x14, 0x6A, 0x05, 0x99, 0x71, 0xE3, 0xF9,
+        0x50, 0x8E, 0x35, 0x0B, 0x50, 0x71, 0x6D, 0xEC,
+        0xB5, 0x1B, 0xC8, 0x80, 0x2A, 0xE6, 0x2A, 0x7F,
+        0x4C, 0x2E, 0x6F, 0x7B, 0x54, 0x62, 0x0E, 0xF0,
+        0x4C, 0x00, 0xF0, 0x72, 0xAE, 0x37, 0xAC, 0x32,
+        0x7E, 0x26, 0xD3, 0x65, 0x76, 0x1C, 0x10, 0x46,
+        0x17, 0xAE, 0xE0, 0xF3, 0x28, 0xEE, 0x97, 0xE0,
+        0x86, 0x18, 0x3D, 0x46, 0xA3, 0x62, 0x1F, 0x23,
+        0xF3, 0xAC, 0x27, 0x60, 0xB8, 0x85, 0x9A, 0x96,
+        0x0E, 0xF1, 0x6F, 0xC1, 0xC6, 0xB1, 0x97, 0x8A,
+        0x74, 0x12, 0xDD, 0x73, 0x85, 0x02, 0x9C, 0x73,
+        0x61, 0xA8, 0xF7, 0x49, 0xCE, 0xBA, 0x23, 0xED,
+        0xE7, 0x9A, 0x17, 0x0E, 0xA6, 0x84, 0x59, 0xF5,
+        0x21, 0x66, 0xF5, 0xC5, 0x61, 0xF8, 0x88, 0x7E,
+        0x62, 0x0C, 0x00, 0xC6, 0x4F, 0x06, 0xBD, 0x0A,
+        0xBB, 0xCD, 0xE5, 0x11, 0x7A, 0xBC, 0xFD, 0x03,
+        0xB6, 0xD1, 0xBA, 0x4F, 0x30, 0xFA, 0x96, 0x75,
+        0xD8, 0x2D, 0x7A, 0x43, 0x0D, 0x58, 0x41, 0x46,
+        0xBA, 0x72, 0x06, 0xCB, 0xBD, 0xD9, 0xBE, 0xA1,
+        0xEA, 0x47, 0x08, 0x3D, 0xF9, 0x32, 0x23, 0x9C,
+        0xAA, 0x02, 0x1D, 0xA3, 0x3E, 0x43, 0xF1, 0x68,
+        0xD8, 0xBE, 0x9F, 0x0E, 0xA8, 0xA8, 0x52, 0xC4,
+        0x0A, 0xDE, 0x43, 0x9D, 0x58, 0xA8, 0x05, 0xD4,
+        0x74, 0xF8, 0x93, 0x21, 0x62, 0x6E, 0x33, 0x78,
+        0x3C, 0x23, 0xEB, 0x60, 0x1C, 0x4C, 0x25, 0xFE,
+        0x0F, 0x5E, 0x73, 0xC3, 0xAD, 0x33, 0x9A, 0x7D,
+        0x69, 0x6B, 0xAB, 0x2C, 0xAA, 0x5F, 0xBF, 0x96,
+        0x62, 0x3A, 0xF0, 0x63, 0x41, 0x00, 0xC7, 0x4C,
+        0x81, 0x4D, 0x42, 0x43, 0x25, 0xBC, 0x30, 0xB6,
+        0x0B, 0xEE, 0xFC, 0x18, 0x3E, 0x68, 0x0E, 0x64,
+        0x5C, 0xD4, 0x22, 0x2A, 0xBA, 0xB5, 0xC6, 0x7E,
+        0x67, 0x11, 0x1C, 0x4C, 0x03, 0x30, 0xEC, 0x0C,
+        0x77, 0xB2, 0x2B, 0xBC, 0x98, 0xF7, 0x52, 0x8C,
+        0x95, 0x66, 0xE1, 0x71, 0xDD, 0x26, 0xA7, 0x7F,
+        0x87, 0xF3, 0x94, 0x2E, 0x0D, 0x3E, 0xFE, 0xAD,
+        0x0A, 0xDA, 0x3B, 0x77, 0x49, 0xC5, 0x1D, 0xED,
+        0x5F, 0xDA, 0x3F, 0xE6, 0xE7, 0x96, 0x58, 0xF1,
+        0x02, 0x30, 0x68, 0xB9, 0x62, 0xD0, 0x58, 0xA2,
+        0x89, 0x65, 0x12, 0x20, 0x1E, 0x4C, 0xE7, 0xB6,
+        0x98, 0x12, 0x52, 0xF0, 0xE8, 0x55, 0xBC, 0xFE,
+        0x1F, 0x44, 0x42, 0x36, 0xC9, 0x30, 0xE4, 0x9A,
+        0x13, 0xB3, 0x7A, 0xF4, 0xF5, 0x97, 0xC0, 0x5D,
+        0xCA, 0x23, 0xCC, 0x05, 0xC4, 0x3C, 0x32, 0xA2,
+        0x11, 0x08, 0x17, 0xCB, 0x30, 0x6B, 0xA4, 0x7D,
+        0x24, 0x5E, 0x50, 0x22, 0x2E, 0x23, 0xC6, 0x55,
+        0x6B, 0xD7, 0x5D, 0x50, 0xEE, 0xF8, 0xBE, 0xB0,
+        0xDE, 0x83, 0x5C, 0x8D, 0xD2, 0xE1, 0x5C, 0x70,
+        0x66, 0x70, 0x59, 0x8F, 0x86, 0x50, 0x71, 0x71,
+        0x04, 0x69, 0xEC, 0xB3, 0x47, 0x9E, 0xE0, 0x26,
+        0xB1, 0x9F, 0xE6, 0x21, 0xAC, 0x99, 0x12, 0x6B,
+        0x97, 0x9E, 0x1B, 0xA1, 0xDD, 0xA8, 0xE6, 0x11,
+        0x12, 0x97, 0xC1, 0x0E, 0x4A, 0x77, 0xF5, 0x52,
+        0xF8, 0x09, 0xE9, 0x01, 0x63, 0x56, 0x4E, 0xFA,
+        0x24, 0x39, 0x36, 0xB9, 0xF2, 0x6E, 0x07, 0x28,
+        0x7F, 0xA4, 0x07, 0x7C, 0xA2, 0x69, 0x7B, 0xED,
+        0x6A, 0x4F, 0x0A, 0x95, 0x99, 0x05, 0x60, 0xE7,
+        0x58, 0xD9, 0x90, 0xB4, 0xC1, 0x92, 0x0F, 0x9E,
+        0x1A, 0xBE, 0x0B, 0x58, 0x96, 0x50, 0x61, 0x1C,
+        0x2D, 0x5A, 0x13, 0xAA, 0x5F, 0x4E, 0x2B, 0x88,
+        0xBE, 0xAB, 0x93, 0x72, 0xF4, 0x68, 0xB8, 0x30,
+        0x91, 0xCD, 0x0A, 0x53, 0x8A, 0x35, 0x82, 0x93,
+        0x4F, 0x66, 0xCA, 0xCD, 0xF2, 0x39, 0x98, 0xFE,
+        0xC2, 0xFE, 0xFE, 0x51, 0x35, 0xF1, 0xB5, 0x62,
+        0x2D, 0x1A, 0xE9, 0x43, 0x25, 0x5E, 0x05, 0xE4,
+        0x8B, 0xFE, 0x91, 0x2F, 0x4F, 0x24, 0x1B, 0x2B,
+        0xAC, 0x49, 0x9C, 0x14, 0xB0, 0x58, 0xA3, 0xA8,
+        0xEE, 0xB9, 0xD1, 0xFA, 0x4D, 0x44, 0x2E, 0x23,
+        0xFC, 0x59, 0x77, 0xA5, 0x60, 0x2E, 0xDC, 0xEB,
+        0x7B, 0x7B, 0x26, 0x95, 0xE1, 0x87, 0xB7, 0x94,
+        0xF8, 0x4B, 0x96, 0x63, 0x15, 0xB1, 0xBB, 0xA5,
+        0xC0, 0x4A, 0x72, 0x02, 0x4A, 0x80, 0x5F, 0xB1,
+        0x94, 0x73, 0xB7, 0x06, 0xB8, 0x13, 0x76, 0x42,
+        0xAD, 0xB1, 0xC6, 0x6C, 0xFD, 0x64, 0xF2, 0x60,
+        0xBB, 0x1B, 0x7A, 0xAD, 0xF6, 0xC2, 0x96, 0xB3,
+        0x5F, 0x30, 0xB9, 0xD7, 0x70, 0x8A, 0x9D, 0x41,
+        0xE7, 0x23, 0xFA, 0xD4, 0xE8, 0x72, 0xAF, 0x73,
+        0xF8, 0x8C, 0x26, 0xAB, 0x65, 0x1B, 0xD5, 0x7A,
+        0x21, 0xE2, 0x8C, 0xE8, 0xC2, 0x47, 0xD5, 0x8E,
+        0x47, 0x9F, 0x79, 0x68, 0x87, 0x6F, 0xCE, 0xD3,
+        0x5D, 0x2B, 0x87, 0xD2, 0xDF, 0x14, 0x43, 0x47,
+        0x03, 0x3D, 0xF4, 0xCB, 0x50, 0xDE, 0x52, 0xD8,
+        0x98, 0x41, 0x46, 0x3F, 0x5D, 0xFB, 0x6D, 0x6F,
+        0xF6, 0xD9, 0xE8, 0x2B, 0xBA, 0xB3, 0xB1, 0xEC,
+        0x58, 0x77, 0x8A, 0xB8, 0xF3, 0x6D, 0xBC, 0x68,
+        0x22, 0xEA, 0xE3, 0x2F, 0xB6, 0xCB, 0x67, 0x30,
+        0xCB, 0x33, 0x1C, 0x39, 0x5C, 0x27, 0x4A, 0xE7,
+        0xE3, 0x7B, 0x40, 0x9B, 0x7C, 0x66, 0x32, 0xE7,
+        0x6D, 0xAA, 0x97, 0xB8, 0x0F, 0x1E, 0x0C, 0xB4,
+        0x7A, 0xA3, 0x66, 0xA8, 0xE3, 0x50, 0xEA, 0x36,
+        0x74, 0x65, 0x92, 0xEC, 0x9B, 0x1E, 0x97, 0xF0,
+        0x2F, 0x99, 0xD6, 0x00, 0x21, 0x37, 0x0B, 0x89,
+        0x93, 0xC6, 0x80, 0xA1, 0x02, 0xDC, 0x96, 0x5D,
+        0x20, 0xB7, 0x57, 0xF4, 0x17, 0x7A, 0x81, 0xBA,
+        0x7B, 0x61, 0xD2, 0x88, 0xEF, 0xC5, 0xAD, 0xED,
+        0x4C, 0x9A, 0x94, 0xA5, 0x7B, 0x2C, 0x6B, 0xD2,
+        0x97, 0x7E, 0x23, 0x64, 0x0A, 0x66, 0x98, 0x47,
+        0xEE, 0x81, 0xB1, 0x49, 0x0B, 0xE3, 0x8A, 0xC4,
+        0x3E, 0x52, 0x2C, 0x8D, 0x09, 0xA2, 0x07, 0xB6,
+        0x2A, 0x8B, 0x07, 0x9A, 0x24, 0x84, 0xDE, 0xD1,
+        0x00, 0x63, 0xD7, 0xA1, 0x3F, 0xBF, 0x0C, 0xA8,
+        0xEE, 0xDC, 0x2B, 0xF6, 0x7B, 0xD8, 0x78, 0x53,
+        0x35, 0xB8, 0x29, 0x5A, 0xFE, 0x6B, 0x35, 0x6E,
+        0x20, 0x62, 0x24, 0x17, 0x0E, 0x87, 0x23, 0x1A,
+        0x77, 0x2D, 0x21, 0x84, 0x37, 0xBF, 0x7D, 0x68,
+        0xAC, 0x2A, 0xF9, 0x3F, 0x11, 0x27, 0x18, 0x4F,
+        0xA2, 0x15, 0x21, 0x47, 0x9E, 0x56, 0xFF, 0x22,
+        0xE8, 0x0F, 0x61, 0xBC, 0x28, 0xB8, 0xD2, 0xE7,
+        0x1B, 0x3D, 0x1D, 0x94, 0x28, 0x1B, 0x69, 0x56,
+        0x00, 0xC8, 0xB0, 0xFD, 0x8E, 0x1D, 0x7E, 0x81,
+        0x1F, 0x4C, 0xCF, 0xE1, 0x6E, 0x3F, 0x57, 0x95,
+        0xC2, 0x4A, 0xA0, 0xA0, 0x16, 0x7E, 0x30, 0x5C,
+        0x28, 0x87, 0x5C, 0x8F, 0xA9, 0x38, 0x9B, 0x72,
+        0xF7, 0x90, 0x86, 0xF6, 0xEC, 0xC1, 0x6C, 0x88,
+        0xB0, 0x78, 0x3A, 0x58, 0x15, 0xFB, 0x6F, 0x77,
+        0xCD, 0xC7, 0xCC, 0xC3, 0x8D, 0x60, 0xE7, 0x87,
+        0xBE, 0x9C, 0xBF, 0xFA, 0xA6, 0x2E, 0xF9, 0x59,
+        0xA5, 0xE5, 0xDC, 0xDE, 0xB6, 0x25, 0x5C, 0x8E,
+        0x0D, 0x2E, 0x01, 0xFE, 0x05, 0xEF, 0xF9, 0xE7,
+        0x81, 0x02, 0xBE, 0xA2, 0x91, 0x40, 0x57, 0xD3,
+        0x6E, 0x3D, 0x1B, 0x48, 0x50, 0x7A, 0xB6, 0xB1,
+        0x76, 0x40, 0x47, 0x0F, 0xE3, 0xF1, 0x7A, 0x8B,
+        0x6A, 0x5E, 0x04, 0xE5, 0x34, 0x56, 0xC5, 0xD9,
+        0xE5, 0x0F, 0x74, 0x5D, 0xE0, 0x6F, 0x9A, 0xED,
+        0xF4, 0xBF, 0xCF, 0x31, 0xB0, 0xC6, 0xED, 0x12,
+        0x13, 0x36, 0x54, 0xCB, 0xC8, 0xDE, 0xF7, 0xF6,
+        0x60, 0x9E, 0x12, 0x2C, 0x2E, 0x4C, 0x93, 0x3E,
+        0x6F, 0xCB, 0x0F, 0x3D, 0x8C, 0xCA, 0xE8, 0xCA,
+        0x0B, 0x10, 0xED, 0xDA, 0xE8, 0xDB, 0x29, 0x7C,
+        0x8B, 0x32, 0x31, 0xC8, 0x94, 0x34, 0xA5, 0xF5,
+        0x4D, 0x01, 0x28, 0xC8, 0x3A, 0xA6, 0xFD, 0xE2,
+        0x9A, 0xB7, 0x0C, 0xDA, 0x43, 0x78, 0x45, 0x45,
+        0xFE, 0xE9, 0xFF, 0x6E, 0xD4, 0x44, 0xF8, 0x88,
+        0x66, 0x4D, 0xD2, 0x2B, 0x2E, 0x2D, 0xF5, 0x7C,
+        0xA6, 0x53, 0xB6, 0xD2, 0x10, 0xE6, 0xB4, 0x0B,
+        0x7F, 0xC2, 0x1F, 0xE0, 0x63, 0x90, 0xCA, 0x5D,
+        0x5E, 0x60, 0xF5, 0x8A, 0xB1, 0x4C, 0x49, 0x03,
+        0xD4, 0x38, 0xAE, 0xEF, 0xB1, 0x7C, 0xA4, 0xB9,
+        0x98, 0x70, 0x6A, 0x0E, 0xD6, 0xA4, 0xA6, 0xF4,
+        0x74, 0xB1, 0xBA, 0x1D, 0x48, 0xCC, 0xC1, 0x14,
+        0x3C, 0x84, 0xA8, 0xD2, 0xE7, 0x8D, 0xEC, 0x11,
+        0x61, 0x8C, 0x76, 0xB6, 0xDA, 0x28, 0xBC, 0x39,
+        0xDF, 0x68, 0xAD, 0x24, 0xA4, 0x07, 0xE1, 0x07,
+        0x33, 0xDD, 0x18, 0x9D, 0x5D, 0xAA, 0x90, 0x4B,
+        0xEF, 0x88, 0x18, 0x6E, 0xB6, 0x83, 0x21, 0x45,
+        0x94, 0x0F, 0x15, 0xB8, 0xAC, 0xD9, 0xD1, 0x8D,
+        0x4F, 0x17, 0xC8, 0xD9, 0x17, 0xB0, 0x9D, 0x54,
+        0xF2, 0x5F, 0x56, 0x09, 0xD3, 0x80, 0x20, 0x77,
+        0x44, 0x23, 0x90, 0xAB, 0xB6, 0x0B, 0x51, 0xA7,
+        0x41, 0xC5, 0xD4, 0x42, 0x5B, 0xD4, 0x67, 0x89,
+        0xE6, 0xEC, 0x1E, 0x7D, 0x22, 0xD5, 0x6E, 0x7F,
+        0x34, 0xCE, 0x7A, 0x07, 0x2B, 0x63, 0x0A, 0x69,
+        0x51, 0x71, 0x8C, 0x13, 0x63, 0xB8, 0x79, 0x6D,
+        0x94, 0xEA, 0xAF, 0x86, 0x30, 0xD2, 0x22, 0x6C,
+        0x67, 0x82, 0x6C, 0xDE, 0xEA, 0x71, 0xE8, 0xD1,
+        0x36, 0xF3, 0x64, 0x2F, 0x79, 0xE6, 0x92, 0xF0,
+        0x4B, 0x05, 0x14, 0x7E, 0x40, 0xCE, 0x0C, 0x53,
+        0xCA, 0x08, 0xEF, 0x0A, 0xA6, 0xA5, 0x73, 0x99,
+        0xFD, 0xF3, 0xED, 0xBD, 0x54, 0x56, 0x6E, 0x66,
+        0xEF, 0xCC, 0xE1, 0x6F, 0x0C, 0x44, 0x76, 0x84,
+        0xF5, 0x55, 0x2B, 0xA3, 0x6B, 0x20, 0x60, 0x54,
+        0x3F, 0xC1, 0x35, 0x58, 0xD8, 0xD8, 0x9E, 0x18,
+        0x63, 0x70, 0x73, 0xEF, 0x6A, 0x87, 0x46, 0x77,
+        0xA9, 0x7F, 0x9F, 0xA0, 0x23, 0x4B, 0x14, 0x00,
+        0x61, 0xC7, 0xE3, 0x44, 0xBE, 0xD6, 0x09, 0x71,
+        0xE3, 0x58, 0x44, 0x9A, 0xCD, 0x17, 0xE5, 0x8E,
+        0x6D, 0x05, 0xBB, 0x21, 0x44, 0xD7, 0x4B, 0xD8,
+        0x9A, 0xE9, 0x7A, 0x75, 0x91, 0x43, 0xAD, 0x84,
+        0x5B, 0x02, 0x70, 0xBE, 0x67, 0x0B, 0x1E, 0x1E,
+        0x92, 0xB8, 0xC7, 0xB6, 0x5F, 0xE1, 0x60, 0x23,
+        0xF5, 0x30, 0xE4, 0xD0, 0xCF, 0x70, 0x03, 0xD1,
+        0x85, 0x4A, 0x50, 0xDC, 0xF4, 0x9C, 0x29, 0xAB,
+        0x0E, 0xA4, 0x7B, 0x2E, 0x3B, 0xDB, 0xBF, 0x52,
+        0xD5, 0x8A, 0x91, 0x47, 0xA9, 0xD1, 0x23, 0xEB,
+        0xC5, 0x6F, 0x11, 0xBB, 0xEE, 0xBB, 0x29, 0xD7,
+        0x31, 0xAB, 0x99, 0x27, 0x5E, 0xF3, 0xA9, 0x23,
+        0xFF, 0x70, 0x87, 0x83, 0xCC, 0x26, 0x92, 0x06,
+        0xEC, 0xD3, 0x8C, 0xF9, 0x47, 0x34, 0x7D, 0x1E,
+        0x71, 0xAF, 0xCF, 0x9D, 0xBF, 0x29, 0x1B, 0x95,
+        0x27, 0x48, 0x55, 0xCE, 0xE2, 0xAC, 0x25, 0x61,
+        0x83, 0xD9, 0x7B, 0x26, 0xEF, 0x94, 0x9A, 0x95,
+        0x0C, 0xD1, 0xE4, 0x0A, 0x51, 0x50, 0x1F, 0x86,
+        0x7A, 0x7B, 0xD3, 0x83, 0x55, 0x2D, 0xFC, 0x7B,
+        0x97, 0x77, 0x17, 0x67, 0xBB, 0x9F, 0xD7, 0xD1,
+        0xDD, 0xDD, 0x49, 0x67, 0xBB, 0xF7, 0x9A, 0x45,
+        0x33, 0x24, 0xCA, 0xBC, 0xA5, 0xB2, 0x0D, 0x3F,
+        0xB0, 0x10, 0x6D, 0xB9, 0x7D, 0x03, 0x3F, 0xCD,
+        0x40, 0x37, 0x1E, 0x8A, 0xDA, 0xCD, 0xBA, 0xD7,
+        0x8D, 0x89, 0xBD, 0x5E, 0x90, 0xCF, 0x97, 0xE8,
+        0x35, 0x51, 0x87, 0x94, 0xFA, 0x3D, 0xB2, 0xB5,
+        0x01, 0xF2, 0x35, 0x75, 0x77, 0x65, 0x5B, 0x9A,
+        0x3C, 0xDA, 0x36, 0x52, 0xDF, 0xCF, 0x96, 0xBA,
+        0xB9, 0xC5, 0xF9, 0x57, 0x67, 0x0E, 0x32, 0xE5,
+        0x86, 0xE5, 0x1F, 0xD8, 0x9D, 0x7B, 0xA8, 0x76,
+        0x89, 0xFD, 0x59, 0x70, 0x88, 0x73, 0x9D, 0x87,
+        0xE1, 0x24, 0x6D, 0xC2, 0xB5, 0x1E, 0xCD, 0x54,
+        0x29, 0x25, 0x10, 0xA3, 0xB4, 0x3C, 0xB2, 0x5A,
+        0x62, 0xBD, 0xE9, 0x14, 0xEC, 0x3C, 0xBF, 0xA9,
+        0x9D, 0xEC, 0x70, 0xAC, 0x23, 0xC0, 0xDF, 0xC9,
+        0x69, 0xAD, 0x94, 0x1A, 0x69, 0x94, 0xA3, 0x70,
+        0xF9, 0x0B, 0x15, 0x5D, 0x25, 0x45, 0x63, 0xFA,
+        0xAA, 0x7D, 0x30, 0x67, 0x3C, 0x06, 0x34, 0x75,
+        0x3F, 0xD6, 0x57, 0x58, 0x8E, 0xC6, 0x60, 0x3F,
+        0x82, 0x35, 0xE9, 0x17, 0x36, 0x5D, 0xD8, 0x93,
+        0x25, 0x25, 0x1B, 0x21, 0xB2, 0xFF, 0x80, 0xF5,
+        0x44, 0xFE, 0x73, 0x84, 0xFF, 0x62, 0xFE, 0x52,
+        0xC4, 0xCA, 0x77, 0x41, 0x28, 0xC8, 0x95, 0x15,
+        0x2C, 0xC7, 0x5C, 0xA6, 0x3B, 0xA8, 0xF8, 0x1E,
+        0x01, 0x30, 0xC9, 0x3B, 0x59, 0xF9, 0x40, 0xB7,
+        0x18, 0x80, 0x21, 0x24, 0xDB, 0x8D, 0x07, 0xDF,
+        0xDC, 0x24, 0xBF, 0x2F, 0x7B, 0xD9, 0xC4, 0xEF,
+        0x61, 0x74, 0x1A, 0xF2, 0xB6, 0x98, 0x75, 0x66,
+        0x22, 0x4F, 0x11, 0x06, 0x41, 0xDB, 0x77, 0x83,
+        0xFA, 0xF3, 0x1B, 0xEC, 0xB8, 0xF7, 0x89, 0x47,
+        0xBA, 0x12, 0x3F, 0xB0, 0x0E, 0x1B, 0x6D, 0x13,
+        0x36, 0x0B, 0x16, 0xD0, 0x7C, 0x3A, 0xAA, 0x33,
+        0x6D, 0xDA, 0x1B, 0x65, 0xD4, 0xC2, 0xF2, 0x1B,
+        0xD5, 0xCD, 0x4B, 0xE9, 0xED, 0xFA, 0xFA, 0x78,
+        0x45, 0x97, 0x2D, 0x60, 0xCC, 0xE3, 0x40, 0x3E,
+        0xB5, 0xE5, 0xC8, 0x33, 0xF6, 0x4C, 0x51, 0x45,
+        0xDC, 0x08, 0xE7, 0xB3, 0x6F, 0xCF, 0xDE, 0xE8,
+        0x73, 0x0B, 0x94, 0x4F, 0x5A, 0x23, 0xF9, 0xFF,
+        0x3F, 0x0D, 0x1D, 0xCE, 0x80, 0x86, 0x3B, 0x55,
+        0x8D, 0x8A, 0x35, 0xB2, 0xAA, 0x65, 0x27, 0x69,
+        0x1D, 0xA5, 0x0C, 0xE6, 0xFA, 0x39, 0x85, 0x62,
+        0x65, 0xAD, 0xE6, 0x08, 0x38, 0xCE, 0xC9, 0xEA,
+        0x98, 0x73, 0x99, 0x1D, 0xB5, 0x6F, 0xEA, 0xE8,
+        0xEE, 0xE2, 0xEC, 0xF4, 0x32, 0x44, 0x96, 0x5A,
+        0x13, 0xCC, 0x1D, 0x23, 0x0E, 0x91, 0x72, 0xD8,
+        0x2A, 0xD2, 0x3D, 0x6A, 0x6E, 0x2A, 0x37, 0x7A,
+        0x7F, 0x67, 0xF6, 0x40, 0xBF, 0x3A, 0x36, 0x3B,
+        0xC8, 0x1A, 0x78, 0x6D, 0x12, 0xB0, 0x35, 0xA3,
+        0x18, 0x55, 0x33, 0x70, 0x48, 0x48, 0x52, 0x8F,
+        0xB4, 0x59, 0x58, 0xEB, 0xAA, 0xB3, 0x03, 0x67,
+        0x4F, 0xFF, 0xA5, 0x68, 0xE7, 0xAE, 0xAF, 0x46,
+        0x3D, 0x66, 0x6B, 0x60, 0x21, 0x26, 0x31, 0x83,
+        0xBE, 0xE8, 0x1E, 0x72, 0x92, 0x87, 0x79, 0x24,
+        0xCF, 0xDE, 0xEF, 0x6F, 0x81, 0x73, 0xA1, 0x34,
+        0x7B, 0x99, 0x94, 0x43, 0x33, 0xF4, 0x8B, 0x36,
+        0xC8, 0xC5, 0xF8, 0xC1, 0x6D, 0x22, 0x6D, 0xA3,
+        0xC9, 0xDA, 0x5F, 0x4C, 0xE7, 0x7F, 0x00, 0xE4,
+        0x42, 0xD8, 0x5C, 0x73, 0xE5, 0x78, 0x0C, 0x36,
+        0x28, 0xD9, 0x83, 0x8F, 0xCA, 0xFA, 0x5D, 0x1D,
+        0x34, 0x05, 0xF1, 0x93, 0x6C, 0xBC, 0xFD, 0x2C,
+        0x52, 0xD4, 0xE8, 0x8D, 0xA9, 0xC9, 0x0D, 0xFF,
+        0x28, 0x5E, 0x3E, 0x91, 0x12, 0xC0, 0x3C, 0xBA,
+        0x58, 0x64, 0x7E, 0x6B, 0x4E, 0xC0, 0x77, 0xB1,
+        0x67, 0x08, 0x16, 0xF5, 0x7E, 0x29, 0x42, 0x81,
+        0x6A, 0x6F, 0x34, 0x21, 0x32, 0x64, 0x9A, 0xA6,
+        0x44, 0xD1, 0x4F, 0x41, 0xAB, 0xC5, 0x26, 0x4A,
+        0xFA, 0x70, 0xBC, 0xAE, 0x3D, 0x67, 0x9B, 0x86,
+        0xF5, 0x1A, 0xF2, 0x44, 0x70, 0x52, 0xD0, 0x78,
+        0xA0, 0xEA, 0x56, 0x39, 0x0B, 0x37, 0x2A, 0x15,
+        0x13, 0xBC, 0xD2, 0xEA, 0x46, 0x6D, 0xCB, 0x5A,
+        0x4D, 0x86, 0x47, 0x4F, 0xA1, 0xE2, 0x6B, 0xC0,
+        0xA8, 0x3F, 0x58, 0x5C, 0x79, 0xAD, 0x62, 0x17,
+        0xBC, 0x96, 0xAF, 0x77, 0x1F, 0x74, 0xD1, 0x42,
+        0xBF, 0x5E, 0x91, 0xA9, 0x28, 0x44, 0xC5, 0x4E,
+        0x76, 0x6B, 0xF2, 0xD3, 0x69, 0x8C, 0x0E, 0x4F,
+        0x61, 0x76, 0xAD, 0xDC, 0x79, 0xE9, 0x74, 0xA4,
+        0x66, 0xFB, 0x2E, 0x0C, 0xBB, 0x42, 0xC5, 0x3F,
+        0x59, 0xB0, 0xDC, 0xB0, 0x32, 0xCD, 0x37, 0x56,
+        0x1B, 0xD2, 0x46, 0xED, 0x52, 0xC8, 0x12, 0xEA,
+        0xA3, 0x6B, 0xB9, 0xE5, 0xB3, 0x2A, 0xF3, 0x9B,
+        0x0F, 0xC3, 0x77, 0x5F, 0x9A, 0xE1, 0x20, 0xBC,
+        0x59, 0x44, 0x9B, 0x7B, 0x77, 0xB1, 0xBA, 0x1A,
+        0x5B, 0x60, 0x06, 0x6C, 0x85, 0x83, 0x68, 0xDD,
+        0x5A, 0xC8, 0xEE, 0xDC, 0xFE, 0x1F, 0x83, 0xF5,
+        0x2C, 0x53, 0x62, 0xED, 0xE8, 0x93, 0xB7, 0x22,
+        0x3E, 0xCB, 0x70, 0xBA, 0xA6, 0x6D, 0xB2, 0x91,
+        0x47, 0xB8, 0x04, 0x37, 0x20, 0x1F, 0xEF, 0x71,
+        0xB0, 0x5F, 0xF2, 0x51, 0x03, 0x5F, 0x88, 0xCA,
+        0xFF, 0x42, 0xE8, 0x2A, 0x43, 0x02, 0xD3, 0x60,
+        0x98, 0x26, 0x8B, 0x74, 0xF4, 0x18, 0x3D, 0x4D,
+        0x19, 0xF1, 0x3B, 0x87, 0xE9, 0x83, 0x37, 0x15,
+        0x7D, 0xA5, 0xEF, 0xBB, 0xF3, 0x4F, 0x48, 0xCA,
+        0x40, 0x65, 0xD3, 0xE3, 0xBA, 0xCC, 0x83, 0x83,
+        0x3F, 0xEE, 0xBA, 0x57, 0x34, 0x6D, 0x16, 0x9F,
+        0x1B, 0xE6, 0xA0, 0x4C, 0x29, 0xC8, 0x2F, 0xD2,
+        0x25, 0xA3, 0xF7, 0xC6, 0x85, 0x12, 0x4F, 0x53,
+        0x7E, 0xC0, 0xE1, 0x0A, 0xB8, 0x58, 0x34, 0xBA,
+        0x3E, 0x65, 0x4F, 0x19, 0x55, 0x5C, 0xB9, 0x74,
+        0x6B, 0x74, 0xCE, 0x43, 0xA2, 0xC7, 0x8B, 0x21,
+        0x70, 0x8C, 0x3B, 0xEF, 0x87, 0xC1, 0xE8, 0x8F,
+        0x08, 0x10, 0xB4, 0xED, 0xE1, 0x81, 0x14, 0xE9,
+        0x2A, 0x43, 0x13, 0xB4, 0xEA, 0xA0, 0x5F, 0x60,
+        0x93, 0x7E, 0x87, 0x6D, 0xA2, 0x57, 0x63, 0x32,
+        0xAE, 0xC3, 0x8C, 0xCD, 0x42, 0x5E, 0xFD, 0x51,
+        0x1A, 0x39, 0xB9, 0xB4, 0xBD, 0x4C, 0xF3, 0xF2,
+        0xE2, 0x70, 0x9A, 0x05, 0xF9, 0x39, 0xE5, 0xFC,
+        0x59, 0x7D, 0x4E, 0x85, 0x12, 0x02, 0xC9, 0xC2,
+        0xC5, 0x71, 0x3A, 0xD5, 0x73, 0xF7, 0x5A, 0xC5,
+        0x49, 0x0D, 0xEE, 0xCF, 0x9D, 0xB8, 0xDE, 0xE2,
+        0x03, 0x99, 0x70, 0x6B, 0x19, 0x29, 0xA4, 0xE8,
+        0x99, 0x00, 0xC4, 0x9C, 0x24, 0x46, 0x5E, 0x08,
+        0x09, 0x56, 0x6D, 0x9C, 0x2E, 0xF7, 0x8C, 0x52,
+        0xDB, 0xB4, 0x2F, 0x9E, 0x22, 0x7E, 0xFD, 0x1E,
+        0x1A, 0x72, 0xCB, 0x71, 0x0B, 0xD2, 0x19, 0x33,
+        0x0E, 0x69, 0xCC, 0x00, 0x49, 0x36, 0x79, 0x78,
+        0xAB, 0x11, 0x4D, 0x9A, 0xD7, 0xF9, 0x55, 0xCF,
+        0x0B, 0x7B, 0x3D, 0x32, 0x5C, 0xB3, 0x51, 0x65,
+        0x00, 0x0E, 0xD2, 0x9D, 0xBE, 0x0A, 0x19, 0x56,
+        0xF1, 0x45, 0x95, 0x83, 0xC6, 0x97, 0xCD, 0x19,
+        0xE7, 0x8B, 0x51, 0x74, 0xE4, 0xFD, 0x2C, 0xEC,
+        0x10, 0x8A, 0x7C, 0x24, 0x28, 0x0A, 0x78, 0xA3,
+        0xEC, 0x93, 0x97, 0x16, 0x4F, 0x60, 0x03, 0xFD,
+        0x85, 0x31, 0x98, 0x04, 0xE5, 0x65, 0x5A, 0x87,
+        0x9F, 0x66, 0x3D, 0xD4, 0x56, 0x3E, 0xF9, 0x98,
+        0x25, 0x21, 0xFE, 0xC2, 0x07, 0x9E, 0x88, 0x89,
+        0x49, 0x7B, 0xE9, 0x20, 0x1F, 0x6D, 0x7F, 0x24,
+        0x60, 0xA8, 0xB2, 0xDD, 0x96, 0x51, 0x0E, 0x0E,
+        0x4C, 0x83, 0xC3, 0xB1, 0x93, 0xC1, 0x1F, 0xD6,
+        0xB4, 0xB6, 0x84, 0xCE, 0x85, 0x63, 0xA5, 0x38,
+        0x0F, 0x2E, 0x55, 0xF4, 0x74, 0xA6, 0x0B, 0x63,
+        0x17, 0xD0, 0x96, 0x76, 0x15, 0xAD, 0x4F, 0xA9,
+        0xF0, 0x83, 0x25, 0xAD, 0xD7, 0x97, 0xB7, 0x9E,
+        0x6F, 0x5D, 0xC7, 0x2A, 0xD1, 0x97, 0xF5, 0xF6,
+        0x1E, 0xC8, 0x8B, 0xE5, 0xFB, 0xFF, 0x92, 0x72,
+        0x31, 0x9A, 0x49, 0x4B, 0x60, 0x8F, 0x34, 0x7C,
+        0xE1, 0x55, 0x66, 0x7A, 0x59, 0xC3, 0x00, 0x9A,
+        0x14, 0x50, 0xF3, 0x06, 0x19, 0x3C, 0xFE, 0x61,
+        0x1C, 0xF7, 0x05, 0x49, 0x2A, 0x30, 0xFF, 0x56,
+        0xFE, 0x7F, 0x71, 0xD7, 0x32, 0xCC, 0xEF, 0x63,
+        0x64, 0xE1, 0x66, 0xCF, 0xF8, 0x12, 0xED, 0x23,
+        0x11, 0xB5, 0x16, 0xFA, 0x56, 0x90, 0xF2, 0xA2,
+        0x72, 0x7B, 0x18, 0x50, 0xF2, 0x98, 0x5D, 0x48,
+        0x25, 0x5E, 0x8C, 0x47, 0xE7, 0x11, 0x50, 0x2A,
+        0x4B, 0x4A, 0x97, 0x0B, 0xDF, 0x70, 0xDC, 0x34,
+        0x47, 0xF8, 0xE2, 0x88, 0x78, 0x24, 0xB5, 0x8A,
+        0xC7, 0x58, 0xE8, 0x83, 0xF7, 0x3B, 0xAD, 0xFC,
+        0xED, 0x46, 0x40, 0xD5, 0x46, 0x35, 0x1B, 0xF3,
+        0x3E, 0x8F, 0x1E, 0x0B, 0x1B, 0xB9, 0xFB, 0x5A,
+        0xFF, 0x0F, 0x8B, 0xA0, 0x95, 0x4A, 0x8E, 0x65,
+        0x33, 0xD3, 0x7C, 0x03, 0x04, 0x8E, 0xBA, 0x6A,
+        0x55, 0xB3, 0xC5, 0xDA, 0xCB, 0xDC, 0x44, 0xD3,
+        0x98, 0x77, 0xD3, 0x07, 0x8A, 0xE9, 0x5E, 0x44,
+        0x5B, 0xED, 0x12, 0xB1, 0xA5, 0x03, 0xAF, 0xB2,
+        0x20, 0x0C, 0xB1, 0x8B, 0x08, 0xB4, 0x6A, 0x11,
+        0x96, 0xA9, 0xF5, 0x7A, 0xFD, 0x56, 0x48, 0x11,
+        0xC0, 0x30, 0xA4, 0x45, 0xFC, 0xAE, 0x72, 0xE5,
+        0x5E, 0x85, 0xB7, 0x6F, 0xA0, 0x50, 0x13, 0x4B,
+        0x2E, 0xC2, 0x31, 0x13, 0xED, 0x04, 0x04, 0x3D,
+        0xBC, 0xD0, 0xB6, 0xFC, 0xCE, 0xBD, 0xC9, 0x13,
+        0x5C, 0xB2, 0x02, 0xB8, 0x4F, 0xDD, 0x74, 0x51,
+        0x1F, 0x9E, 0x8F, 0x0C, 0xF2, 0x26, 0xE1, 0x4C,
+        0xA5, 0xC4, 0x38, 0xC7, 0x6A, 0xA5, 0xC3, 0xC2,
+        0xE9, 0xF3, 0x22, 0x71, 0x00, 0x91, 0x83, 0xEE,
+        0x92, 0xA9, 0x95, 0x81, 0x9D, 0xB9, 0x0F, 0x66,
+        0x89, 0x9B, 0xB9, 0xB0, 0xC7, 0xED, 0x31, 0xDF,
+        0x41, 0xB6, 0x8E, 0x52, 0xAC, 0x5B, 0xBD, 0xF2,
+        0x33, 0x9F, 0x71, 0x5E, 0x43, 0xFE, 0xED, 0xD9,
+        0x4F, 0x57, 0xF9, 0x23, 0x05, 0x23, 0x03, 0x34,
+        0x17, 0xE4, 0x22, 0x27, 0x97, 0xF7, 0x62, 0x5B,
+        0x52, 0x66, 0x70, 0xEE, 0x6B, 0xD3, 0x46, 0x8C,
+        0xCD, 0x9B, 0xA4, 0xA1, 0xED, 0x26, 0x4A, 0xAC,
+        0xC2, 0x50, 0xA8, 0x2A, 0x48, 0x83, 0x46, 0xB2,
+        0xA5, 0xF9, 0x26, 0xF2, 0xE7, 0x8A, 0x8E, 0xD8,
+        0x40, 0x5F, 0x85, 0x8E, 0xAB, 0xB0, 0x29, 0xF7,
+        0x81, 0x42, 0xA7, 0x4B, 0xD5, 0xA8, 0x2D, 0x3D,
+        0xD7, 0x0A, 0xB1, 0x26, 0xCF, 0xA3, 0xBA, 0xD7,
+        0xF5, 0x1B, 0x9E, 0x95, 0xCB, 0xC8, 0xCE, 0x75,
+        0xE7, 0x7A, 0x4A, 0x1B, 0x63, 0x21, 0xB7, 0x74,
+        0x77, 0x78, 0xCD, 0x03, 0x5B, 0x3B, 0xCD, 0x44,
+        0x8E, 0xF1, 0xBB, 0xB6, 0xFF, 0x75, 0x52, 0x8A,
+        0x7A, 0xE9, 0xAF, 0x62, 0x24, 0xA1, 0x6F, 0x4F,
+        0x45, 0x03, 0x87, 0xA3, 0xED, 0xBC, 0x2E, 0x92,
+        0xC0, 0xB1, 0x9C, 0x22, 0x2E, 0x35, 0xC1, 0xA5,
+        0x7E, 0xC3, 0x36, 0x3B, 0x18, 0x14, 0x78, 0x6E,
+        0x1D, 0x37, 0xD7, 0x92, 0xB3, 0x78, 0x26, 0x13,
+        0x9A, 0xFB, 0x38, 0x1D, 0xE0, 0x4C, 0x07, 0xC4,
+        0x2C, 0xD3, 0xCA, 0x78, 0xE4, 0x70, 0xC2, 0x52,
+        0x7C, 0x63, 0xDB, 0x4B, 0xB4, 0x0A, 0x4B, 0x7D,
+        0x20, 0x67, 0xF0, 0xF4, 0x80, 0x5B, 0x65, 0x8B,
+        0x29, 0x80, 0x92, 0xF0, 0x87, 0x3D, 0x09, 0x5A,
+        0x0E, 0xEA, 0x45, 0x63, 0x92, 0x99, 0xD6, 0x0D,
+        0x2B, 0x58, 0xEE, 0x19, 0x03, 0x4F, 0x94, 0x2D,
+        0xEC, 0xBF, 0x5A, 0xE9, 0xA6, 0x16, 0xAF, 0x72,
+        0x37, 0x5C, 0x12, 0xBB, 0x7D, 0xED, 0xAA, 0x6A,
+        0x7D, 0xDF, 0x9A, 0x48, 0x37, 0x37, 0x3D, 0x7B,
+        0x51, 0x96, 0x0B, 0x30, 0xCE, 0x9C, 0xE7, 0x3B,
+        0x3C, 0x10, 0xDE, 0x32, 0xA7, 0x86, 0x39, 0xA9,
+        0x33, 0x7D, 0x9B, 0xCF, 0x15, 0x27, 0xA4, 0x36,
+        0x88, 0xBD, 0xB6, 0xEB, 0x8B, 0xD0, 0x3D, 0xCA,
+        0xF1, 0x02, 0x70, 0xDF, 0xC0, 0xE2, 0xF0, 0xD2,
+        0x2C, 0x27, 0xE3, 0x22, 0x24, 0x33, 0x27, 0x34,
+        0xCA, 0x26, 0x19, 0x74, 0x02, 0x2F, 0x7E, 0xC1,
+        0x76, 0xCB, 0x12, 0xBE, 0x6F, 0x13, 0x62, 0x1F,
+        0x32, 0x03, 0x65, 0xCF, 0xBB, 0x03, 0xD0, 0x4C,
+        0xF2, 0x9E, 0xFE, 0x93, 0xE9, 0x1B, 0x02, 0x9B,
+        0x7B, 0x26, 0xFF, 0xEE, 0xF0, 0x6F, 0xCE, 0x57,
+        0xD1, 0x2B, 0xE3, 0x90, 0x2E, 0xE2, 0x71, 0x2A,
+        0xBA, 0xCC, 0x3D, 0x27, 0xCE, 0xA3, 0x5A, 0xCA,
+        0x15, 0x09, 0xE4, 0xD0, 0x86, 0x4F, 0xEC, 0x5A,
+        0x5B, 0x41, 0xA0, 0xE0, 0x3E, 0x1D, 0xEC, 0x6F,
+        0x2A, 0x33, 0x72, 0x15, 0xCD, 0xE5, 0x55, 0xD6,
+        0x6F, 0x84, 0xE3, 0xD6, 0x75, 0x5D, 0xDC, 0x1C,
+        0x07, 0x3D, 0x0C, 0xDC, 0xDE, 0xF8, 0x8A, 0x44,
+        0x40, 0xB1, 0x76, 0x84, 0xB8, 0xE0, 0xAF, 0x9D,
+        0xA2, 0xB2, 0x84, 0xAA, 0xBF, 0x61, 0x08, 0x21,
+        0xE5, 0xC2, 0xC9, 0x11, 0x94, 0x2D, 0x0B, 0xD1,
+        0xC6, 0x59, 0xC1, 0xEE, 0xBA, 0x8E, 0x21, 0xAF,
+        0xDE, 0x32, 0x77, 0xD5, 0x07, 0x3B, 0x98, 0x39,
+        0x95, 0x77, 0x03, 0x80, 0x2F, 0xA2, 0x76, 0xC8,
+        0x2C, 0xC6, 0x6A, 0x00, 0xA8, 0x69, 0x77, 0xB8,
+        0x87, 0x7D, 0xC0, 0x51, 0x19, 0x45, 0x14, 0xA6,
+        0x33, 0xB3, 0x4D, 0x36, 0x29, 0x34, 0xE8, 0x50,
+        0xC2, 0x71, 0x7A, 0x0B, 0xE5, 0x92, 0x4E, 0x86,
+        0xAA, 0xDA, 0x33, 0xCF, 0x34, 0x54, 0x63, 0x2C,
+        0x68, 0xA1, 0x0A, 0xEF, 0x8B, 0x5B, 0xAA, 0x10,
+        0x83, 0xE9, 0x13, 0x7D, 0x29, 0x20, 0xA2, 0x5F,
+        0x96, 0x9F, 0x54, 0x0B, 0x95, 0xDF, 0x59, 0x91,
+        0x6C, 0x4C, 0xAC, 0xC4, 0x55, 0x98, 0x8F, 0x46,
+        0x31, 0x77, 0x56, 0xCC, 0x93, 0x7E, 0xF0, 0x17,
+        0x7C, 0x0F, 0xEB, 0x3F, 0x23, 0xBB, 0xD3, 0x56,
+        0x9E, 0x89, 0x67, 0xC4, 0x9B, 0x95, 0xA3, 0xBF,
+        0x6D, 0x9D, 0x6D, 0x7C, 0x72, 0x27, 0x20, 0x6E,
+        0x28, 0x37, 0x39, 0xFC, 0x77, 0x41, 0xE9, 0xFE,
+        0x64, 0xEF, 0xA0, 0x38, 0x9F, 0xC7, 0x2F, 0xDA,
+        0xC8, 0x1F, 0xEB, 0x75, 0x07, 0xB8, 0x7E, 0x6B,
+        0x73, 0xCE, 0x0E, 0x7C, 0x7C, 0x54, 0x06, 0x1D,
+        0x48, 0x8A, 0x06, 0x53, 0x95, 0x9B, 0x75, 0x8A,
+        0xFF, 0x6F, 0x7D, 0x19, 0x00, 0x17, 0x8D, 0x7C,
+        0x1A, 0xEA, 0xD0, 0x79, 0x45, 0x68, 0xF9, 0x2F,
+        0x8A, 0xCE, 0x98, 0xED, 0xCC, 0xE8, 0x6D, 0xE1,
+        0x08, 0xA0, 0x50, 0x2C, 0x43, 0x49, 0xC4, 0x99,
+        0x98, 0x31, 0xDE, 0x00, 0xE8, 0x08, 0x39, 0x0B,
+        0xBB, 0xDB, 0x65, 0xEA, 0x36, 0x0F, 0xBE, 0x98,
+        0xB7, 0x4A, 0x9C, 0x59, 0x34, 0x0E, 0xBB, 0xDD,
+        0x6F, 0x65, 0x21, 0x39, 0x23, 0x48, 0x57, 0x7F,
+        0xD4, 0x07, 0x89, 0x03, 0x01, 0xB0, 0x79, 0x27,
+        0x28, 0xCC, 0xFB, 0x88, 0xC5, 0xDD, 0x47, 0x2A,
+        0xDA, 0x73, 0x75, 0x9B, 0xC9, 0x99, 0xA0, 0x21,
+        0x34, 0xDF, 0xB1, 0x62, 0x2F, 0x61, 0xD8, 0xB7,
+        0x63, 0x2A, 0xC7, 0x7E, 0x3A, 0x98, 0x0B, 0x2C,
+        0xE5, 0x66, 0xF3, 0xD5, 0x30, 0xF0, 0xBC, 0x21,
+        0xC7, 0x51, 0x9B, 0xFB, 0x00, 0xBB, 0xAA, 0x9C,
+        0x85, 0xC3, 0x9B, 0x0C, 0xDC, 0x5F, 0x8D, 0x1B,
+        0xA1, 0x2B, 0x78, 0x82, 0xFE, 0x0F, 0x7C, 0x75,
+        0x6E, 0x75, 0x56, 0x74, 0x35, 0x25, 0xE5, 0xD0,
+        0xEC, 0x8E, 0xC1, 0xBD, 0x7D, 0x7A, 0xE3, 0xDC,
+        0xAD, 0xC6, 0x8D, 0xB6, 0x0D, 0x7A, 0xA1, 0x3C,
+        0xDB, 0x29, 0xFA, 0x15, 0xC0, 0xA9, 0xAF, 0x89,
+        0x0F, 0x18, 0x75, 0xE3, 0x97, 0x58, 0x62, 0x12,
+        0x79, 0xA9, 0x87, 0x7D, 0x9C, 0x69, 0x44, 0x9C,
+        0x41, 0x39, 0x2C, 0xAD, 0x98, 0x8B, 0x8D, 0xE4,
+        0x58, 0xEE, 0xCD, 0x98, 0x38, 0x5F, 0x79, 0x73,
+        0x0B, 0x5E, 0x26, 0xC1, 0x16, 0x24, 0x15, 0xD9,
+        0x73, 0x26, 0x41, 0x9B, 0x5F, 0xF9, 0x2A, 0xA8,
+        0xC1, 0x33, 0x74, 0x39, 0x1D, 0xBB, 0xE7, 0x36,
+        0xD9, 0x8C, 0x07, 0xAD, 0x32, 0xD6, 0x38, 0xBB,
+        0x44, 0xE6, 0x77, 0xC7, 0x11, 0x05, 0xCF, 0xB5,
+        0x72, 0x49, 0x68, 0x80, 0xC1, 0x67, 0x71, 0x5F,
+        0x9B, 0xFF, 0x6E, 0x71, 0x1A, 0xBE, 0x5A, 0x83,
+        0x25, 0x38, 0xC7, 0xE6, 0xDA, 0x88, 0x22, 0xDC,
+        0xA6, 0x03, 0x02, 0xD1, 0x59, 0xC6, 0xA8, 0x2F,
+        0xA4, 0x8F, 0xF8, 0x77, 0x3E, 0x0C, 0x6F, 0xA1,
+        0x73, 0xE1, 0x35, 0x55, 0xB2, 0xDF, 0xBF, 0x47,
+        0xB7, 0xD0, 0x8D, 0xBA, 0x35, 0x74, 0x44, 0x6B,
+        0xC0, 0xA7, 0x8D, 0x30, 0x08, 0xE4, 0x41, 0xD1,
+        0x55, 0x21, 0x50, 0xD9, 0x06, 0x12, 0x54, 0xB2,
+        0xF3, 0xFC, 0x5A, 0x1E, 0xF3, 0xE3, 0x84, 0x33,
+        0x34, 0x0B, 0xB5, 0x9A, 0x97, 0xFD, 0x51, 0xF4,
+        0x68, 0xFE, 0x8A, 0x92, 0xBF, 0x62, 0x9D, 0xCD,
+        0x00, 0x29, 0x39, 0x37, 0x12, 0xF3, 0x53, 0x6D,
+        0x6B, 0x24, 0xB8, 0x86, 0x68, 0xAD, 0x6A, 0x4B,
+        0x3A, 0x4C, 0x93, 0xA6, 0xB1, 0x41, 0xFA, 0x8E,
+        0x58, 0x63, 0xCD, 0x59, 0x80, 0xBF, 0xD7, 0xAB,
+        0x83, 0xC3, 0xCC, 0x5D, 0x2F, 0xBE, 0x80, 0xC7,
+        0xB1, 0x67, 0xDC, 0x92, 0x8C, 0xA9, 0x57, 0x36,
+        0x58, 0x0A, 0x52, 0x96, 0x0E, 0x20, 0x90, 0xCD,
+        0x87, 0x68, 0xF5, 0x93, 0xBB, 0x04, 0xD4, 0x48,
+        0xB6, 0x45, 0x30, 0xC0, 0xE3, 0xC2, 0x56, 0x8C,
+        0xE3, 0xA2, 0xC6, 0x42, 0x0F, 0x81, 0xF7, 0x4D,
+        0xF6, 0x88, 0x5D, 0x55, 0x07, 0x8E, 0xF1, 0xB3,
+        0x83, 0xB0, 0x20, 0x85, 0x4A, 0x63, 0x6A, 0x78,
+        0xA9, 0xEC, 0x13, 0x84, 0xF7, 0x4E, 0xBE, 0xB6,
+        0x5F, 0x5A, 0x25, 0xFF, 0xD4, 0x14, 0x7D, 0xA7,
+        0xEE, 0x40, 0xF6, 0x25, 0x7C, 0x7E, 0x34, 0xCA,
+        0xC9, 0x27, 0x0E, 0xA2, 0x78, 0xB6, 0xE6, 0x08,
+        0xA1, 0x9B, 0x56, 0x8D, 0x29, 0xE5, 0x8D, 0xEC,
+        0xAD, 0xDA, 0xD3, 0x3C, 0x59, 0xBA, 0xDB, 0x92,
+        0x52, 0x99, 0x3B, 0x31, 0x6B, 0x0B, 0x13, 0x00,
+        0x79, 0x3D, 0x69, 0x85, 0x3A, 0x6B, 0x90, 0x33,
+        0x96
+    };
+    static const byte rnd_44[] = {
+        0x08, 0x34, 0x57, 0xD4, 0x0E, 0x25, 0x04, 0x88,
+        0xA6, 0x0E, 0x76, 0x34, 0xA0, 0x1D, 0x43, 0x0A,
+        0x60, 0xE8, 0x57, 0x2B, 0xA8, 0x8A, 0xED, 0xC5,
+        0x54, 0x49, 0x18, 0x81, 0x37, 0x13, 0xA0, 0xB1
+    };
+    static const byte sig_44[] = {
+        0x63, 0xA8, 0x23, 0x20, 0xD4, 0xCE, 0x09, 0xC4,
+        0x7A, 0xD1, 0x27, 0xC5, 0xBB, 0x7F, 0x6C, 0x2D,
+        0xFF, 0x15, 0x29, 0xCD, 0xAF, 0x9F, 0x74, 0x56,
+        0xFF, 0xC2, 0xC6, 0xED, 0x90, 0x51, 0x17, 0xDC,
+        0xAD, 0x8C, 0x08, 0x7A, 0xC0, 0xD8, 0x9E, 0x0C,
+        0xE9, 0x61, 0xC0, 0x94, 0xFA, 0x9C, 0x2E, 0xDE,
+        0x27, 0x9C, 0x65, 0xE6, 0x99, 0xD1, 0xD1, 0x7E,
+        0xA6, 0x95, 0x98, 0x8F, 0xA1, 0xC4, 0x98, 0x3F,
+        0x7E, 0x1F, 0x18, 0x86, 0x2A, 0xFE, 0xB2, 0xEC,
+        0x9D, 0x0F, 0x5B, 0x0C, 0x11, 0xB2, 0xAA, 0x0B,
+        0xDE, 0x95, 0x7C, 0x40, 0xA1, 0x5B, 0xFF, 0x97,
+        0xD7, 0xCB, 0xCF, 0x4E, 0x59, 0xDA, 0xE9, 0xD5,
+        0xA3, 0xC9, 0xF8, 0x7D, 0xDD, 0xA5, 0xB9, 0x06,
+        0x9D, 0x82, 0xCC, 0x18, 0x10, 0x20, 0x80, 0x92,
+        0xBC, 0xBA, 0x1C, 0x43, 0x73, 0xF2, 0xA8, 0x3E,
+        0x19, 0x15, 0x80, 0x9E, 0x81, 0xD8, 0xD2, 0x06,
+        0xEA, 0x78, 0x10, 0x3F, 0x68, 0x66, 0x3D, 0xBE,
+        0xB1, 0x79, 0xB0, 0x28, 0x83, 0xCD, 0xD3, 0x33,
+        0xEE, 0xFE, 0x6D, 0x02, 0x39, 0x17, 0xC6, 0xF2,
+        0xA4, 0x6E, 0x5A, 0x5C, 0x45, 0x14, 0xF5, 0x7D,
+        0xCA, 0x7B, 0x62, 0x4A, 0xF4, 0xE7, 0x71, 0x7B,
+        0xD7, 0x1B, 0x51, 0x26, 0xE6, 0xDE, 0x2D, 0xC9,
+        0x65, 0x24, 0x30, 0x2C, 0x08, 0x04, 0xD7, 0xBE,
+        0x3A, 0xDA, 0x64, 0xAF, 0x11, 0x6F, 0xC6, 0xE7,
+        0x38, 0xEF, 0xA6, 0xE6, 0x5E, 0x87, 0x90, 0xB4,
+        0x0E, 0xB1, 0xB4, 0x83, 0x64, 0xD2, 0x15, 0xEF,
+        0xD6, 0x1F, 0x7A, 0x44, 0x75, 0x3A, 0x95, 0x50,
+        0x6E, 0x52, 0xC9, 0x9C, 0xE9, 0xB4, 0x56, 0xDC,
+        0x93, 0x85, 0x92, 0xF1, 0x35, 0xEC, 0x50, 0x1B,
+        0x3B, 0xCF, 0x82, 0xDA, 0x69, 0xA1, 0xDD, 0x44,
+        0xE8, 0xB3, 0xC1, 0xCB, 0x8D, 0xD5, 0x13, 0xD0,
+        0xF3, 0x14, 0x2C, 0x80, 0x82, 0x2C, 0x31, 0xBF,
+        0x75, 0x20, 0x14, 0x39, 0x9F, 0x81, 0x79, 0x76,
+        0x0F, 0xB6, 0x7D, 0xB6, 0x58, 0x1C, 0xF3, 0xE6,
+        0x93, 0x5A, 0x9B, 0xE1, 0x8B, 0x92, 0xC2, 0xDB,
+        0xF1, 0x89, 0xAA, 0x46, 0x67, 0xFA, 0x80, 0x45,
+        0x72, 0xAA, 0xB4, 0xE2, 0x5E, 0xE9, 0xD1, 0xA7,
+        0xA0, 0xD7, 0x05, 0x5C, 0xC6, 0xC7, 0x6D, 0x1D,
+        0x66, 0x3D, 0x35, 0x0C, 0xB7, 0x1A, 0xFA, 0xB1,
+        0xDB, 0xD0, 0xCB, 0x3A, 0x8B, 0xB7, 0x1B, 0x03,
+        0x60, 0xA0, 0xA4, 0xDA, 0xD0, 0xE2, 0x3A, 0x1E,
+        0xB5, 0xE4, 0x59, 0x68, 0x6A, 0x02, 0x94, 0x66,
+        0x05, 0x60, 0x08, 0x64, 0xB4, 0xEE, 0x0F, 0x3A,
+        0xCE, 0xFD, 0x40, 0x7B, 0x6F, 0xF5, 0x8D, 0x1E,
+        0xFF, 0x0C, 0x75, 0xAF, 0xC1, 0x41, 0xC6, 0x24,
+        0x1D, 0xF3, 0x76, 0x02, 0x48, 0x6B, 0xBA, 0x58,
+        0xBC, 0xBB, 0xFE, 0xD3, 0x51, 0xC2, 0x68, 0x21,
+        0x4B, 0x20, 0x4E, 0xAF, 0x8A, 0x0C, 0x74, 0x7F,
+        0x5F, 0xB7, 0xAA, 0x43, 0xFC, 0x5A, 0x77, 0xA1,
+        0x81, 0xCD, 0xBA, 0xE1, 0x31, 0x87, 0x1F, 0xA8,
+        0x1F, 0x76, 0x30, 0x6C, 0xE0, 0x84, 0xCD, 0x14,
+        0x4A, 0xDB, 0x67, 0xFD, 0x65, 0x8C, 0x35, 0xC0,
+        0x91, 0x6C, 0x2B, 0xCF, 0x5B, 0x89, 0x29, 0x58,
+        0x42, 0x9B, 0x65, 0xDB, 0x34, 0x7D, 0xD8, 0x31,
+        0xC9, 0xB8, 0x0D, 0x07, 0xD1, 0x94, 0x60, 0x63,
+        0x65, 0xDC, 0xB3, 0x70, 0x48, 0x46, 0x37, 0x18,
+        0x4D, 0x5D, 0xE0, 0xAC, 0x77, 0xD0, 0x9E, 0xE1,
+        0xD9, 0xB2, 0x2D, 0x09, 0xD6, 0xF8, 0x94, 0x96,
+        0x7B, 0x43, 0xD9, 0x76, 0x36, 0xE6, 0x24, 0xA4,
+        0x4A, 0xFF, 0x12, 0xFE, 0x30, 0x95, 0xD7, 0xCB,
+        0xA9, 0xA0, 0x3A, 0xCA, 0xFC, 0x52, 0x57, 0xB8,
+        0x20, 0x80, 0xF2, 0xD8, 0xAE, 0x3E, 0x18, 0xFC,
+        0x0D, 0xE0, 0x9D, 0x01, 0x7B, 0x03, 0xAD, 0x6B,
+        0xEE, 0xA4, 0xEC, 0x38, 0x40, 0xAC, 0x85, 0x42,
+        0xF8, 0xCF, 0x93, 0x10, 0x8F, 0x8C, 0xFE, 0xF8,
+        0x22, 0x64, 0xFC, 0xDD, 0x2C, 0xDD, 0x86, 0x97,
+        0x5B, 0x3F, 0x8F, 0xDF, 0x1F, 0x58, 0x22, 0x08,
+        0x26, 0x8A, 0x76, 0xE6, 0xC9, 0xFE, 0xDF, 0x42,
+        0x90, 0x8D, 0x52, 0x78, 0xA2, 0xBF, 0xBD, 0x3F,
+        0xD5, 0xD5, 0xDB, 0xAF, 0xDD, 0x5E, 0x2C, 0x2B,
+        0x9F, 0x2E, 0xDC, 0xC1, 0xC4, 0x52, 0x96, 0x38,
+        0x49, 0xCB, 0x34, 0xEC, 0x51, 0x00, 0x8D, 0x1B,
+        0xF6, 0xDA, 0x50, 0xA0, 0xD1, 0x9D, 0x82, 0x34,
+        0x5B, 0x78, 0x8C, 0x05, 0x40, 0xE1, 0x7B, 0x25,
+        0xFF, 0xDC, 0xE8, 0xD4, 0x45, 0x3B, 0xBE, 0x75,
+        0x1E, 0xDA, 0x96, 0xA4, 0x4C, 0x75, 0xFD, 0xD9,
+        0x00, 0x81, 0x85, 0x7D, 0xC0, 0xF8, 0x26, 0x2A,
+        0x30, 0x7B, 0x34, 0xCB, 0xEC, 0xD1, 0x56, 0x58,
+        0x69, 0xA3, 0x14, 0xD6, 0x4C, 0x09, 0xDC, 0x9D,
+        0x4A, 0x80, 0x26, 0x52, 0x2F, 0xDF, 0xE4, 0xCB,
+        0x5B, 0x8B, 0x11, 0x05, 0xDA, 0xE0, 0xDB, 0x66,
+        0xC8, 0x5B, 0xB4, 0x32, 0x1D, 0xBE, 0x76, 0x84,
+        0xEB, 0x6B, 0x6F, 0x85, 0x87, 0xD8, 0x32, 0x0C,
+        0x6D, 0xB3, 0x8D, 0xED, 0xD6, 0x18, 0x96, 0xED,
+        0x51, 0xAB, 0x0C, 0x7F, 0x42, 0x8F, 0x19, 0xD2,
+        0x55, 0xC6, 0xB0, 0xFD, 0xF5, 0x89, 0x51, 0xE5,
+        0xCD, 0xB1, 0x96, 0x9C, 0xD9, 0xA7, 0x93, 0x4E,
+        0xFD, 0xB9, 0xC8, 0x2E, 0x1E, 0x8D, 0x2A, 0x59,
+        0xC9, 0xF7, 0x9D, 0xF1, 0xAA, 0x93, 0xE5, 0x07,
+        0x1E, 0x3F, 0xAC, 0x73, 0x19, 0xFF, 0x68, 0x87,
+        0x8C, 0xF2, 0x49, 0xDC, 0xBD, 0xCD, 0x10, 0x46,
+        0x16, 0xCC, 0xC1, 0xC1, 0xFB, 0xD7, 0x85, 0x56,
+        0x9F, 0x55, 0x87, 0x10, 0x44, 0x1B, 0x31, 0xCA,
+        0xE3, 0x16, 0x7A, 0x4C, 0xD7, 0xDD, 0xD1, 0x86,
+        0x26, 0xC5, 0x43, 0x62, 0x96, 0x20, 0x32, 0xE6,
+        0xB7, 0xA2, 0x76, 0x05, 0x61, 0x96, 0xFC, 0x22,
+        0x96, 0x7E, 0x90, 0x7C, 0x32, 0x0A, 0x7A, 0xF5,
+        0x8C, 0xE3, 0xF5, 0x01, 0xC4, 0xCD, 0x31, 0x8A,
+        0x70, 0x75, 0x04, 0xF1, 0xC2, 0x59, 0xE5, 0x07,
+        0xA0, 0xD4, 0x7D, 0x25, 0x8E, 0x2F, 0x38, 0xE2,
+        0x6A, 0x53, 0x41, 0x34, 0x7A, 0x06, 0xB5, 0x8B,
+        0xB0, 0xBF, 0x21, 0xDE, 0xE6, 0x5F, 0x55, 0x6A,
+        0xD4, 0x88, 0xA7, 0x36, 0xD4, 0xC6, 0x5C, 0x82,
+        0xC6, 0x73, 0xC0, 0x60, 0xD7, 0xA6, 0xA0, 0x77,
+        0x5C, 0xF8, 0xC3, 0x9A, 0xA1, 0x31, 0xFD, 0x64,
+        0xDB, 0xB1, 0x7B, 0x72, 0x70, 0x4B, 0x7D, 0x1D,
+        0x24, 0xBC, 0x5F, 0x84, 0x08, 0x3B, 0xF8, 0xA6,
+        0x47, 0xEB, 0xED, 0xCF, 0xDD, 0xA0, 0x91, 0x14,
+        0x26, 0x7D, 0x77, 0xCF, 0xBF, 0x39, 0x9B, 0xD9,
+        0x2F, 0x3B, 0x2A, 0xA7, 0x2B, 0xBC, 0xF7, 0xDE,
+        0x9D, 0x69, 0xBF, 0x90, 0xA4, 0xDE, 0x2C, 0xF8,
+        0x24, 0x92, 0x7D, 0xE2, 0xB8, 0xBD, 0xF4, 0x6B,
+        0x10, 0x9E, 0xD6, 0x08, 0x51, 0xC5, 0x9C, 0x44,
+        0x8E, 0xCB, 0x44, 0x3F, 0x00, 0x26, 0x3C, 0x9C,
+        0x25, 0xF4, 0x62, 0x74, 0xD1, 0x7C, 0x29, 0x4C,
+        0xEB, 0xF2, 0x53, 0x7D, 0x8F, 0xEA, 0xBD, 0x78,
+        0xEE, 0xBC, 0xBA, 0x72, 0x64, 0xA5, 0xB9, 0x45,
+        0x08, 0xE0, 0xBF, 0x62, 0xEF, 0xC2, 0x1E, 0x06,
+        0xE1, 0xE2, 0xFB, 0x14, 0x44, 0xC5, 0xAB, 0x6F,
+        0x84, 0x7F, 0x52, 0x2F, 0x8A, 0xBE, 0xED, 0x04,
+        0x6D, 0x6D, 0xDC, 0xFF, 0xBC, 0xB8, 0xC8, 0x1F,
+        0xD0, 0x5D, 0x4D, 0x7F, 0x2E, 0x1B, 0xC9, 0x9B,
+        0xEA, 0xF8, 0xC1, 0xAF, 0xE3, 0xE0, 0x5B, 0x36,
+        0x90, 0xFE, 0xE4, 0xAA, 0x37, 0x5A, 0x3D, 0xCB,
+        0x77, 0x57, 0x7C, 0xCC, 0x6E, 0x3E, 0xBE, 0x8A,
+        0x98, 0x7C, 0x6D, 0x7E, 0x89, 0x60, 0x73, 0xC0,
+        0xCC, 0x0C, 0x48, 0x25, 0x46, 0xB5, 0x39, 0xB4,
+        0xFD, 0xF0, 0x4E, 0xED, 0x8E, 0x87, 0xF8, 0x5B,
+        0x00, 0xBE, 0x43, 0xA6, 0x0B, 0x21, 0x7E, 0x96,
+        0x88, 0x3B, 0x91, 0xD7, 0x88, 0x1A, 0xA0, 0xDD,
+        0x3E, 0xBF, 0x5B, 0x0D, 0x08, 0xD0, 0x85, 0x4E,
+        0xD4, 0x27, 0x8F, 0xC9, 0x02, 0xE0, 0x60, 0xEA,
+        0x16, 0xFB, 0xC2, 0x54, 0xA5, 0x08, 0xC8, 0x6F,
+        0x7A, 0xE7, 0x54, 0x93, 0xB8, 0xDD, 0xA0, 0x86,
+        0xE9, 0xC1, 0xB2, 0x17, 0xF5, 0xC9, 0x11, 0x97,
+        0x83, 0x66, 0x88, 0xCD, 0x2D, 0x0B, 0xB8, 0xE5,
+        0x52, 0xD1, 0x13, 0x7A, 0xA7, 0xEB, 0xD5, 0xD5,
+        0x60, 0x53, 0x8E, 0x9B, 0xB6, 0xB4, 0x1D, 0x06,
+        0x90, 0xB0, 0x6C, 0x66, 0xD1, 0x57, 0x5B, 0x86,
+        0x1C, 0x8A, 0x7D, 0x3A, 0x88, 0x4C, 0xC9, 0x88,
+        0x1A, 0xC3, 0x00, 0x1F, 0x30, 0x0D, 0xF3, 0x47,
+        0x62, 0x79, 0x85, 0x89, 0xF9, 0xEE, 0x5C, 0x92,
+        0x43, 0x61, 0x53, 0xD8, 0xC7, 0x32, 0x55, 0x9B,
+        0x33, 0x3D, 0x69, 0x8F, 0x3E, 0xC5, 0x82, 0x0E,
+        0x8A, 0xA5, 0xF2, 0xE5, 0xA7, 0x69, 0xC2, 0xB4,
+        0x7A, 0xFA, 0x27, 0x5F, 0xE4, 0x74, 0xAF, 0x81,
+        0x37, 0xC7, 0x01, 0x9A, 0xF2, 0xE6, 0x0C, 0xA7,
+        0x5E, 0xDB, 0xE4, 0x8F, 0x81, 0xA6, 0x51, 0xCE,
+        0x6B, 0xAB, 0xD3, 0x37, 0x4C, 0x07, 0x72, 0xA8,
+        0xAC, 0x36, 0x77, 0xB1, 0x0F, 0x54, 0x77, 0x17,
+        0xC9, 0x67, 0x50, 0xDA, 0x44, 0x8B, 0xD9, 0xC7,
+        0x93, 0x8C, 0x66, 0xCD, 0x6F, 0xB7, 0x5D, 0x73,
+        0x2D, 0xAC, 0x83, 0x1A, 0xDC, 0xE9, 0x17, 0x6D,
+        0x94, 0x85, 0x6E, 0x1B, 0xF6, 0x08, 0x38, 0xD0,
+        0x9E, 0x63, 0x23, 0xA2, 0x7B, 0x16, 0x09, 0xF9,
+        0xC1, 0x21, 0xF4, 0x98, 0xD2, 0xBB, 0x68, 0x58,
+        0x18, 0xA0, 0x0D, 0xE7, 0xBA, 0x6B, 0x28, 0x47,
+        0xC5, 0x16, 0x14, 0x9F, 0x35, 0x6E, 0xCE, 0xF0,
+        0x4F, 0x34, 0xEA, 0x48, 0x35, 0x46, 0xFE, 0xEB,
+        0x12, 0xEA, 0x40, 0x77, 0x62, 0x04, 0x30, 0xC3,
+        0x9D, 0xBF, 0x47, 0xC0, 0x5E, 0xED, 0x5E, 0xD5,
+        0x87, 0xFF, 0xF5, 0x92, 0x21, 0x7C, 0xA9, 0x5A,
+        0x2C, 0x3D, 0x1E, 0x6F, 0x6F, 0xF9, 0xFF, 0x20,
+        0x9F, 0x8B, 0x30, 0xA9, 0x9D, 0x56, 0xA3, 0x97,
+        0x7A, 0x33, 0x17, 0x49, 0x0B, 0x2B, 0x00, 0x1F,
+        0x43, 0xCD, 0x8D, 0xDD, 0x1D, 0x8F, 0xC1, 0x6A,
+        0x3F, 0xA9, 0xB4, 0x31, 0x54, 0x62, 0x84, 0x5B,
+        0x99, 0x5D, 0x2A, 0xB7, 0x6E, 0xA5, 0x39, 0xC7,
+        0xF0, 0x4C, 0x31, 0x6C, 0x71, 0xD6, 0x00, 0xE1,
+        0xAC, 0x4F, 0xD5, 0xC8, 0xC6, 0x34, 0x3B, 0xC8,
+        0x05, 0x5F, 0x17, 0x00, 0xB4, 0x0E, 0xA2, 0xF1,
+        0xAB, 0xE9, 0x4B, 0xE0, 0x06, 0x01, 0x3A, 0xA2,
+        0x61, 0xF0, 0x72, 0x0A, 0xB7, 0x99, 0xD0, 0xFC,
+        0x6D, 0xB5, 0xE9, 0xA4, 0xC3, 0xC5, 0xA7, 0xF8,
+        0x2D, 0x70, 0xD2, 0x8E, 0x41, 0x0D, 0xD1, 0x64,
+        0xE3, 0xE4, 0x61, 0xA4, 0x6E, 0x81, 0xFB, 0xDC,
+        0xB8, 0x10, 0x84, 0x8B, 0xCE, 0xE0, 0x6F, 0x88,
+        0x33, 0x25, 0x64, 0x6E, 0x1E, 0x2A, 0x69, 0x3F,
+        0xA5, 0xDA, 0x7C, 0x25, 0xEB, 0x21, 0xC4, 0xEA,
+        0xB8, 0x7D, 0xC7, 0x87, 0xA2, 0x67, 0x7C, 0xEB,
+        0x6A, 0x26, 0xE1, 0x06, 0xFE, 0x78, 0xE1, 0x18,
+        0xFF, 0x54, 0x71, 0x3E, 0x00, 0x59, 0x7B, 0xFA,
+        0x52, 0x8C, 0x2A, 0xED, 0x06, 0x9A, 0x12, 0x6D,
+        0xE3, 0x74, 0x6F, 0x06, 0x65, 0xE1, 0x75, 0x80,
+        0x63, 0x0F, 0x70, 0x2F, 0xAB, 0xC0, 0xF1, 0xCD,
+        0x7F, 0x57, 0xAA, 0x71, 0xF6, 0x38, 0xD8, 0xAF,
+        0x37, 0xD3, 0xD9, 0xE0, 0xA7, 0xE9, 0x05, 0x5D,
+        0xA3, 0xDF, 0x86, 0x48, 0x3F, 0x25, 0xDE, 0xBA,
+        0x18, 0xCE, 0xF6, 0x99, 0xEB, 0x87, 0x70, 0xC7,
+        0x85, 0x84, 0x79, 0x8A, 0xD8, 0x02, 0x8B, 0xAD,
+        0xC5, 0x9D, 0x2A, 0xF9, 0xAE, 0xAE, 0x37, 0xEC,
+        0x93, 0x91, 0x16, 0x10, 0x5F, 0x9F, 0x64, 0xEF,
+        0x82, 0x78, 0xC6, 0x4D, 0xED, 0x3F, 0xD4, 0x33,
+        0xA7, 0xB8, 0x82, 0x09, 0x16, 0xBE, 0xDC, 0x6B,
+        0x7A, 0x75, 0x69, 0x8A, 0xDE, 0xD3, 0xFD, 0xE8,
+        0x86, 0x75, 0x42, 0x83, 0x03, 0x57, 0x30, 0x70,
+        0xA5, 0xA3, 0x85, 0x1F, 0x9F, 0x21, 0xEA, 0xC7,
+        0x80, 0xFA, 0x8A, 0xA4, 0x02, 0x3E, 0x39, 0x11,
+        0x48, 0x7D, 0x85, 0x2A, 0x53, 0x77, 0x43, 0x5A,
+        0x5F, 0xFF, 0x9C, 0x60, 0x4B, 0x5D, 0x95, 0xB0,
+        0x96, 0x8A, 0xE0, 0xEC, 0xF4, 0x43, 0x1B, 0x10,
+        0x3F, 0xA6, 0xBA, 0x71, 0xC4, 0xDC, 0x81, 0x73,
+        0xA2, 0xDE, 0x1F, 0x79, 0xDD, 0xB6, 0x0D, 0x2D,
+        0x0C, 0x8E, 0x56, 0x55, 0xD0, 0x94, 0x44, 0x29,
+        0x16, 0x92, 0x99, 0x2D, 0x99, 0xFC, 0x48, 0xF2,
+        0x16, 0x0E, 0xC0, 0xAC, 0xE4, 0xC4, 0x92, 0x07,
+        0xBB, 0xB7, 0x6D, 0x7F, 0x2A, 0x85, 0xE1, 0x81,
+        0x02, 0xB9, 0x5A, 0x51, 0x45, 0x88, 0xF5, 0x9F,
+        0x16, 0x2D, 0x33, 0xCE, 0xD6, 0x18, 0x07, 0x03,
+        0xED, 0xC3, 0x6C, 0x8B, 0x33, 0x94, 0x88, 0x81,
+        0x0D, 0x2E, 0xAE, 0x96, 0x25, 0xCE, 0xE3, 0x83,
+        0x27, 0x1C, 0x71, 0x72, 0xEE, 0xD6, 0xB5, 0x48,
+        0x69, 0x60, 0xE8, 0x99, 0x18, 0x74, 0xB0, 0x13,
+        0x53, 0x59, 0x3D, 0x70, 0x70, 0xBD, 0xEB, 0x7A,
+        0x9F, 0x92, 0x29, 0xAB, 0x77, 0x0E, 0xEB, 0x46,
+        0x37, 0x8D, 0x57, 0xD9, 0x56, 0xDF, 0x7A, 0x86,
+        0x40, 0x04, 0x02, 0x98, 0xF7, 0x00, 0xF4, 0x41,
+        0x5B, 0xDD, 0x3A, 0x96, 0x15, 0xA4, 0x65, 0xDB,
+        0x01, 0x28, 0x22, 0x12, 0xCF, 0x1A, 0xEC, 0x4B,
+        0x0B, 0x8C, 0xB3, 0xB1, 0x7E, 0x5E, 0xFA, 0x28,
+        0x6C, 0x6C, 0x04, 0x5B, 0x43, 0x9C, 0x74, 0x9F,
+        0xE1, 0xD4, 0x50, 0x75, 0xD8, 0xE7, 0xA0, 0x0F,
+        0xBE, 0x84, 0x48, 0xFC, 0xAC, 0xAA, 0x15, 0x3D,
+        0x69, 0x70, 0x9D, 0x9F, 0xF2, 0xB9, 0x7C, 0xDB,
+        0x26, 0xC0, 0xC3, 0x79, 0x28, 0x7C, 0xE6, 0x48,
+        0x61, 0xAD, 0xD7, 0x89, 0xD0, 0xC8, 0x93, 0x9A,
+        0x14, 0x21, 0xB0, 0x85, 0xD6, 0x23, 0x4C, 0xE1,
+        0xA7, 0x49, 0xDE, 0x3D, 0xCB, 0xE8, 0xE0, 0x61,
+        0x5C, 0xB3, 0xBC, 0xDC, 0x6A, 0x81, 0xA5, 0xC4,
+        0x9D, 0x92, 0x85, 0x74, 0x5F, 0x1C, 0xA8, 0xA0,
+        0x64, 0x1E, 0x32, 0x68, 0x83, 0x41, 0x93, 0x34,
+        0x82, 0x18, 0x3E, 0x24, 0x5C, 0x1F, 0x9C, 0xD2,
+        0x80, 0x28, 0xC3, 0x8A, 0x23, 0x18, 0x1A, 0x44,
+        0x5A, 0xA6, 0xEA, 0xCC, 0xE2, 0x06, 0x06, 0xE6,
+        0xF7, 0xF1, 0xDF, 0x70, 0x68, 0x83, 0xCD, 0xA5,
+        0x2F, 0x3F, 0x2B, 0x68, 0xDE, 0x26, 0xDD, 0x37,
+        0x71, 0xE9, 0x50, 0x03, 0x2C, 0xC7, 0x20, 0x0C,
+        0x20, 0x23, 0xC8, 0x24, 0x96, 0x50, 0x82, 0x82,
+        0xCD, 0x3B, 0xC4, 0x7F, 0xEC, 0xE5, 0xD9, 0x7C,
+        0xA1, 0xCE, 0x35, 0x74, 0x4D, 0x03, 0xD7, 0xA4,
+        0x28, 0xB7, 0xAF, 0x12, 0xB0, 0xCB, 0x8E, 0x65,
+        0x7C, 0x01, 0x30, 0xF8, 0xA3, 0xA2, 0x54, 0x97,
+        0x6E, 0xC8, 0xF7, 0xDC, 0xCF, 0x3A, 0xBF, 0x31,
+        0xF4, 0xB0, 0xB3, 0xF7, 0x12, 0x6F, 0xFC, 0x48,
+        0x77, 0xF3, 0xD1, 0xA0, 0x66, 0xD2, 0x6A, 0x23,
+        0x2F, 0xA9, 0x99, 0x21, 0x61, 0x22, 0x54, 0x11,
+        0xED, 0x7D, 0xDB, 0x93, 0xC3, 0x5C, 0x6A, 0x37,
+        0x7F, 0x30, 0xCF, 0x22, 0xAA, 0x39, 0x2D, 0x5C,
+        0x4F, 0xEE, 0x4F, 0x73, 0xC9, 0xEF, 0x6E, 0xD3,
+        0xA0, 0x27, 0x97, 0x14, 0x52, 0x3B, 0x19, 0x18,
+        0x65, 0x1E, 0x9B, 0x0F, 0xFA, 0x55, 0x0F, 0x16,
+        0x10, 0x53, 0xEE, 0x78, 0x01, 0x39, 0x7B, 0x4C,
+        0x18, 0x49, 0x98, 0x7C, 0x17, 0x9E, 0x76, 0x3E,
+        0xCC, 0x60, 0xA4, 0xE4, 0xC5, 0x36, 0xB7, 0xE2,
+        0x66, 0x3E, 0x4C, 0x72, 0x67, 0x14, 0xB0, 0x2E,
+        0xC3, 0x16, 0x9E, 0x84, 0x07, 0xBA, 0x59, 0x2B,
+        0x0E, 0xB8, 0x46, 0xF3, 0x69, 0x2D, 0xD4, 0x46,
+        0x51, 0xEE, 0x08, 0x47, 0x21, 0xCA, 0xC0, 0xFE,
+        0x1C, 0xCC, 0x30, 0x27, 0x07, 0xEF, 0xE2, 0x46,
+        0x64, 0xE0, 0x5B, 0xDC, 0x69, 0xC8, 0x39, 0x04,
+        0xAC, 0xB8, 0xCF, 0x97, 0x12, 0x1C, 0x7E, 0x5C,
+        0x6D, 0xB2, 0x7E, 0xA2, 0x8E, 0x77, 0xBC, 0xDA,
+        0x55, 0xD2, 0xBC, 0xC1, 0xC5, 0xFC, 0xC5, 0x52,
+        0xAB, 0x83, 0xBC, 0xE4, 0x23, 0x8C, 0xA1, 0x80,
+        0x62, 0xC2, 0xD2, 0x3A, 0x8B, 0x80, 0x0C, 0x82,
+        0x09, 0xC3, 0xA4, 0xCD, 0xDA, 0xF1, 0x16, 0x16,
+        0x57, 0x8A, 0x84, 0x55, 0x66, 0xFC, 0x28, 0x9A,
+        0x8E, 0x3C, 0x88, 0xF5, 0x54, 0xC4, 0x92, 0x60,
+        0x71, 0xDA, 0x89, 0x32, 0x6B, 0xEB, 0x25, 0x9A,
+        0x0E, 0x1F, 0x6D, 0x84, 0x4E, 0xBF, 0x7B, 0x28,
+        0x1F, 0x9F, 0xC3, 0x74, 0x3A, 0x65, 0x49, 0x9E,
+        0x73, 0x94, 0x63, 0x48, 0x18, 0xE1, 0x33, 0xFA,
+        0xC6, 0x64, 0xFA, 0x0C, 0x88, 0xF1, 0x01, 0xCE,
+        0xC3, 0xFE, 0xD8, 0x79, 0x29, 0x50, 0xBF, 0x6E,
+        0x49, 0x74, 0x84, 0x9E, 0x1E, 0xBD, 0x27, 0x69,
+        0x1B, 0xF5, 0x51, 0x9B, 0x70, 0x2E, 0x1A, 0xA4,
+        0xB3, 0xDB, 0xAD, 0xAB, 0x5D, 0xFA, 0x34, 0xFB,
+        0x0E, 0xD9, 0xD4, 0xA9, 0xDF, 0x4B, 0x6B, 0x63,
+        0xCA, 0x71, 0x65, 0xE2, 0xA9, 0x08, 0x27, 0x40,
+        0x8C, 0x48, 0x2D, 0x9D, 0xBC, 0x97, 0x24, 0x68,
+        0x58, 0x4F, 0x42, 0x37, 0x60, 0x04, 0xE7, 0x8B,
+        0xE0, 0x67, 0x00, 0x9E, 0x43, 0x30, 0x4B, 0xED,
+        0xC1, 0x07, 0xA4, 0xE2, 0xA8, 0x9C, 0xAF, 0x18,
+        0x5C, 0x9B, 0xB7, 0xE9, 0xFD, 0x2C, 0xB9, 0x2A,
+        0xEF, 0x36, 0x3B, 0xD7, 0x96, 0xF3, 0x60, 0x4E,
+        0xDC, 0x08, 0xA7, 0xC5, 0x45, 0xB8, 0x37, 0x02,
+        0xD3, 0xCF, 0x80, 0x88, 0x52, 0x10, 0x3E, 0x01,
+        0x3B, 0xFE, 0xA1, 0x61, 0xAF, 0x25, 0x0B, 0xCC,
+        0x72, 0x77, 0x1D, 0x0C, 0x48, 0x4D, 0xD5, 0x55,
+        0x41, 0x72, 0x3A, 0x21, 0x0D, 0x68, 0x3B, 0x99,
+        0x8C, 0xDB, 0xAF, 0x3D, 0x9A, 0x5E, 0x71, 0x78,
+        0x6F, 0x1C, 0xF4, 0x7B, 0x86, 0x22, 0x51, 0xB5,
+        0x16, 0x33, 0x60, 0x87, 0x9A, 0xC0, 0x20, 0x2D,
+        0x33, 0x49, 0x51, 0x54, 0x5C, 0x5F, 0x71, 0x76,
+        0x7C, 0x8F, 0x96, 0xA9, 0xD6, 0xE4, 0xF2, 0x1F,
+        0x28, 0x43, 0x4D, 0x7E, 0x96, 0xBB, 0xC5, 0xE3,
+        0xEF, 0xF3, 0xFD, 0x02, 0x0C, 0x17, 0x23, 0x3E,
+        0x7F, 0x99, 0xB0, 0xE3, 0xE8, 0xF5, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x06, 0x17, 0x23, 0x2E
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte sk_65[] = {
+        0xF2, 0x6B, 0xFE, 0x12, 0x68, 0x86, 0xF4, 0x82,
+        0x22, 0x94, 0x4D, 0x02, 0x18, 0xFA, 0xC1, 0x7C,
+        0xD8, 0xA9, 0xCC, 0x6D, 0x67, 0xA0, 0x23, 0xFD,
+        0xC0, 0x7A, 0xFF, 0xC2, 0xD0, 0x25, 0xF7, 0x70,
+        0x63, 0x85, 0x0D, 0x88, 0x0E, 0x98, 0xFE, 0xE5,
+        0x02, 0xE0, 0x17, 0x32, 0x70, 0x00, 0xCC, 0xAF,
+        0x61, 0x45, 0x73, 0xB3, 0x5A, 0xDE, 0xFE, 0xBC,
+        0xAC, 0xEE, 0xA4, 0xB2, 0xC4, 0xD0, 0x45, 0xE5,
+        0xBB, 0xFD, 0x3E, 0x5A, 0x72, 0xE3, 0x71, 0xAD,
+        0x83, 0xB9, 0x94, 0x98, 0x77, 0xD8, 0xE6, 0x56,
+        0xD4, 0x6B, 0x47, 0x75, 0x0F, 0x73, 0x0F, 0x96,
+        0xDB, 0x43, 0x0B, 0x18, 0x60, 0x88, 0x67, 0x5D,
+        0x9A, 0x9B, 0xD7, 0x8E, 0x47, 0xB8, 0x9D, 0x04,
+        0xA8, 0x51, 0x7E, 0xD2, 0x22, 0x06, 0x95, 0x33,
+        0x9F, 0x99, 0xA9, 0x7F, 0x35, 0x3C, 0xE4, 0x20,
+        0x47, 0x77, 0x20, 0x9F, 0x5F, 0x3C, 0x9E, 0x9A,
+        0x36, 0x14, 0x54, 0x01, 0x57, 0x48, 0x60, 0x50,
+        0x75, 0x28, 0x64, 0x61, 0x72, 0x60, 0x54, 0x20,
+        0x75, 0x48, 0x60, 0x32, 0x73, 0x85, 0x34, 0x24,
+        0x68, 0x63, 0x71, 0x73, 0x81, 0x26, 0x71, 0x68,
+        0x32, 0x61, 0x24, 0x71, 0x14, 0x18, 0x26, 0x15,
+        0x05, 0x77, 0x36, 0x27, 0x50, 0x35, 0x21, 0x82,
+        0x50, 0x15, 0x31, 0x47, 0x48, 0x24, 0x43, 0x76,
+        0x18, 0x85, 0x66, 0x18, 0x05, 0x64, 0x27, 0x01,
+        0x06, 0x06, 0x01, 0x45, 0x42, 0x60, 0x80, 0x68,
+        0x25, 0x08, 0x08, 0x36, 0x13, 0x05, 0x04, 0x32,
+        0x34, 0x87, 0x00, 0x70, 0x71, 0x70, 0x02, 0x51,
+        0x37, 0x15, 0x08, 0x28, 0x25, 0x72, 0x61, 0x67,
+        0x08, 0x52, 0x63, 0x44, 0x07, 0x88, 0x60, 0x42,
+        0x03, 0x17, 0x24, 0x64, 0x80, 0x08, 0x70, 0x23,
+        0x56, 0x41, 0x46, 0x17, 0x46, 0x01, 0x57, 0x74,
+        0x02, 0x76, 0x31, 0x64, 0x73, 0x83, 0x50, 0x62,
+        0x72, 0x61, 0x62, 0x75, 0x45, 0x73, 0x46, 0x33,
+        0x65, 0x14, 0x36, 0x46, 0x12, 0x26, 0x04, 0x34,
+        0x02, 0x81, 0x20, 0x34, 0x41, 0x88, 0x26, 0x77,
+        0x33, 0x40, 0x18, 0x58, 0x03, 0x41, 0x16, 0x58,
+        0x88, 0x04, 0x88, 0x32, 0x71, 0x05, 0x85, 0x83,
+        0x42, 0x55, 0x34, 0x20, 0x18, 0x46, 0x12, 0x54,
+        0x28, 0x03, 0x67, 0x10, 0x84, 0x31, 0x76, 0x00,
+        0x40, 0x85, 0x46, 0x71, 0x71, 0x56, 0x00, 0x50,
+        0x15, 0x33, 0x43, 0x13, 0x37, 0x57, 0x13, 0x86,
+        0x43, 0x77, 0x85, 0x57, 0x54, 0x81, 0x75, 0x60,
+        0x37, 0x31, 0x28, 0x52, 0x20, 0x78, 0x65, 0x53,
+        0x76, 0x10, 0x84, 0x87, 0x57, 0x13, 0x66, 0x03,
+        0x56, 0x81, 0x36, 0x66, 0x68, 0x41, 0x55, 0x64,
+        0x63, 0x70, 0x26, 0x21, 0x02, 0x30, 0x28, 0x35,
+        0x02, 0x45, 0x88, 0x80, 0x02, 0x06, 0x44, 0x58,
+        0x24, 0x13, 0x88, 0x83, 0x22, 0x34, 0x22, 0x50,
+        0x47, 0x11, 0x01, 0x86, 0x45, 0x60, 0x67, 0x36,
+        0x82, 0x22, 0x18, 0x74, 0x11, 0x60, 0x58, 0x60,
+        0x87, 0x26, 0x31, 0x85, 0x12, 0x70, 0x84, 0x83,
+        0x88, 0x68, 0x88, 0x51, 0x00, 0x55, 0x02, 0x57,
+        0x77, 0x42, 0x13, 0x23, 0x14, 0x04, 0x76, 0x80,
+        0x72, 0x25, 0x51, 0x56, 0x10, 0x63, 0x12, 0x21,
+        0x03, 0x86, 0x27, 0x30, 0x28, 0x12, 0x01, 0x37,
+        0x48, 0x32, 0x53, 0x86, 0x15, 0x46, 0x50, 0x05,
+        0x34, 0x87, 0x61, 0x04, 0x88, 0x18, 0x35, 0x85,
+        0x44, 0x46, 0x24, 0x67, 0x43, 0x83, 0x02, 0x26,
+        0x56, 0x41, 0x41, 0x77, 0x86, 0x56, 0x41, 0x75,
+        0x25, 0x61, 0x36, 0x05, 0x47, 0x65, 0x00, 0x14,
+        0x32, 0x38, 0x16, 0x81, 0x06, 0x30, 0x61, 0x25,
+        0x16, 0x30, 0x50, 0x44, 0x13, 0x08, 0x75, 0x00,
+        0x50, 0x20, 0x68, 0x21, 0x55, 0x74, 0x61, 0x18,
+        0x62, 0x05, 0x15, 0x51, 0x08, 0x24, 0x01, 0x13,
+        0x81, 0x33, 0x64, 0x83, 0x23, 0x00, 0x55, 0x73,
+        0x62, 0x40, 0x61, 0x75, 0x15, 0x78, 0x21, 0x14,
+        0x13, 0x64, 0x21, 0x47, 0x07, 0x76, 0x80, 0x76,
+        0x76, 0x17, 0x75, 0x50, 0x61, 0x14, 0x40, 0x82,
+        0x87, 0x83, 0x50, 0x87, 0x30, 0x86, 0x35, 0x30,
+        0x28, 0x20, 0x10, 0x01, 0x48, 0x18, 0x34, 0x65,
+        0x23, 0x10, 0x25, 0x42, 0x40, 0x22, 0x54, 0x34,
+        0x35, 0x33, 0x71, 0x70, 0x20, 0x61, 0x55, 0x74,
+        0x33, 0x01, 0x02, 0x60, 0x58, 0x24, 0x80, 0x12,
+        0x46, 0x41, 0x38, 0x10, 0x76, 0x67, 0x34, 0x63,
+        0x48, 0x85, 0x06, 0x48, 0x04, 0x23, 0x22, 0x66,
+        0x57, 0x71, 0x68, 0x18, 0x04, 0x32, 0x01, 0x31,
+        0x01, 0x55, 0x22, 0x27, 0x55, 0x72, 0x10, 0x00,
+        0x43, 0x88, 0x76, 0x62, 0x84, 0x77, 0x07, 0x77,
+        0x14, 0x07, 0x20, 0x53, 0x74, 0x17, 0x51, 0x17,
+        0x66, 0x84, 0x47, 0x83, 0x61, 0x03, 0x52, 0x10,
+        0x05, 0x40, 0x46, 0x55, 0x61, 0x47, 0x26, 0x70,
+        0x40, 0x22, 0x10, 0x34, 0x41, 0x01, 0x03, 0x48,
+        0x33, 0x05, 0x72, 0x32, 0x75, 0x82, 0x45, 0x85,
+        0x20, 0x70, 0x80, 0x82, 0x20, 0x23, 0x62, 0x81,
+        0x15, 0x47, 0x80, 0x23, 0x67, 0x23, 0x73, 0x34,
+        0x44, 0x33, 0x85, 0x10, 0x05, 0x50, 0x30, 0x03,
+        0x48, 0x13, 0x01, 0x36, 0x45, 0x11, 0x06, 0x33,
+        0x82, 0x22, 0x78, 0x75, 0x42, 0x02, 0x40, 0x45,
+        0x04, 0x47, 0x43, 0x05, 0x30, 0x44, 0x42, 0x02,
+        0x28, 0x26, 0x64, 0x24, 0x74, 0x75, 0x86, 0x11,
+        0x85, 0x43, 0x25, 0x46, 0x10, 0x62, 0x82, 0x71,
+        0x08, 0x27, 0x45, 0x13, 0x73, 0x18, 0x84, 0x73,
+        0x51, 0x51, 0x67, 0x14, 0x70, 0x11, 0x07, 0x08,
+        0x62, 0x16, 0x25, 0x27, 0x36, 0x68, 0x44, 0x01,
+        0x18, 0x63, 0x74, 0x50, 0x31, 0x13, 0x43, 0x65,
+        0x80, 0x11, 0x16, 0x52, 0x86, 0x42, 0x51, 0x81,
+        0x51, 0x17, 0x05, 0x68, 0x05, 0x73, 0x60, 0x37,
+        0x63, 0x85, 0x86, 0x11, 0x23, 0x23, 0x38, 0x13,
+        0x87, 0x48, 0x82, 0x74, 0x71, 0x81, 0x87, 0x65,
+        0x58, 0x26, 0x60, 0x34, 0x76, 0x16, 0x15, 0x24,
+        0x06, 0x78, 0x16, 0x40, 0x03, 0x45, 0x72, 0x31,
+        0x63, 0x73, 0x31, 0x85, 0x02, 0x66, 0x44, 0x36,
+        0x24, 0x82, 0x56, 0x38, 0x86, 0x10, 0x40, 0x54,
+        0x72, 0x70, 0x24, 0x22, 0x72, 0x78, 0x47, 0x07,
+        0x86, 0x30, 0x48, 0x72, 0x84, 0x57, 0x06, 0x34,
+        0x78, 0x37, 0x63, 0x25, 0x56, 0x64, 0x81, 0x30,
+        0x62, 0x77, 0x22, 0x84, 0x20, 0x10, 0x74, 0x25,
+        0x04, 0x21, 0x76, 0x47, 0x72, 0x35, 0x05, 0x06,
+        0x22, 0x50, 0x34, 0x11, 0x26, 0x67, 0x03, 0x05,
+        0x42, 0x04, 0x16, 0x01, 0x27, 0x17, 0x86, 0x67,
+        0x70, 0x51, 0x53, 0x13, 0x12, 0x62, 0x03, 0x25,
+        0x05, 0x38, 0x37, 0x44, 0x02, 0x66, 0x84, 0x74,
+        0x14, 0x40, 0x35, 0x20, 0x40, 0x30, 0x44, 0x64,
+        0x27, 0x50, 0x77, 0x47, 0x06, 0x15, 0x84, 0x48,
+        0x13, 0x14, 0x32, 0x48, 0x11, 0x74, 0x80, 0x68,
+        0x85, 0x81, 0x17, 0x67, 0x38, 0x22, 0x76, 0x16,
+        0x18, 0x44, 0x55, 0x47, 0x85, 0x36, 0x44, 0x11,
+        0x52, 0x01, 0x81, 0x50, 0x41, 0x00, 0x00, 0x25,
+        0x83, 0x41, 0x62, 0x22, 0x12, 0x54, 0x88, 0x77,
+        0x70, 0x48, 0x84, 0x25, 0x77, 0x75, 0x40, 0x16,
+        0x46, 0x24, 0x88, 0x81, 0x65, 0x70, 0x02, 0x66,
+        0x28, 0x64, 0x12, 0x40, 0x30, 0x60, 0x53, 0x06,
+        0x44, 0x02, 0x48, 0x78, 0x75, 0x68, 0x21, 0x23,
+        0x30, 0x05, 0x81, 0x17, 0x72, 0x66, 0x88, 0x71,
+        0x50, 0x25, 0x03, 0x51, 0x42, 0x27, 0x20, 0x81,
+        0x03, 0x52, 0x73, 0x53, 0x63, 0x57, 0x13, 0x60,
+        0x41, 0x20, 0x47, 0x12, 0x55, 0x57, 0x58, 0x16,
+        0x38, 0x63, 0x21, 0x34, 0x51, 0x76, 0x33, 0x26,
+        0x70, 0x41, 0x18, 0x11, 0x07, 0x37, 0x16, 0x12,
+        0x01, 0x14, 0x28, 0x56, 0x78, 0x10, 0x86, 0x24,
+        0x24, 0x32, 0x01, 0x13, 0x57, 0x53, 0x46, 0x46,
+        0x24, 0x05, 0x20, 0x16, 0x56, 0x83, 0x30, 0x30,
+        0x61, 0x20, 0x75, 0x07, 0x05, 0x74, 0x14, 0x17,
+        0x43, 0x72, 0x23, 0x04, 0x18, 0x61, 0x50, 0x13,
+        0x67, 0x31, 0x75, 0x36, 0x71, 0x02, 0x38, 0x74,
+        0x21, 0x80, 0x20, 0x48, 0x66, 0x23, 0x52, 0x54,
+        0x77, 0x27, 0x45, 0x73, 0x23, 0x88, 0x60, 0x50,
+        0x88, 0x82, 0x70, 0x23, 0x72, 0x08, 0x44, 0x66,
+        0x44, 0x36, 0x12, 0x57, 0x66, 0x14, 0x25, 0x12,
+        0x17, 0x34, 0x64, 0x82, 0x01, 0x54, 0x61, 0x57,
+        0x50, 0x31, 0x65, 0x64, 0x75, 0x44, 0x76, 0x48,
+        0x16, 0x44, 0x46, 0x55, 0x80, 0x64, 0x26, 0x53,
+        0x27, 0x22, 0x10, 0x87, 0x84, 0x03, 0x15, 0x35,
+        0x15, 0x20, 0x86, 0x14, 0x04, 0x03, 0x26, 0x43,
+        0x31, 0x43, 0x31, 0x45, 0x46, 0x34, 0x36, 0x87,
+        0x44, 0x41, 0x21, 0x77, 0x61, 0x20, 0x85, 0x06,
+        0x28, 0x51, 0x15, 0x62, 0x77, 0x20, 0x38, 0x58,
+        0x78, 0x27, 0x12, 0x22, 0x46, 0x71, 0x51, 0x38,
+        0x11, 0x15, 0x40, 0x03, 0x78, 0x36, 0x15, 0x57,
+        0x34, 0x28, 0x53, 0x21, 0x37, 0x35, 0x04, 0x76,
+        0x00, 0x56, 0x72, 0x48, 0x46, 0x01, 0x56, 0x67,
+        0x62, 0x36, 0x14, 0x51, 0x23, 0x54, 0x32, 0x35,
+        0x82, 0x83, 0x21, 0x60, 0x38, 0x62, 0x21, 0x03,
+        0x62, 0x76, 0x40, 0x34, 0x66, 0x88, 0x50, 0x73,
+        0x00, 0x53, 0x87, 0x31, 0x37, 0x50, 0x11, 0x32,
+        0x86, 0x52, 0x18, 0x64, 0x16, 0x63, 0x48, 0x71,
+        0x70, 0x47, 0x24, 0x85, 0x31, 0x86, 0x60, 0x86,
+        0x33, 0x52, 0x85, 0x82, 0x68, 0x17, 0x70, 0x88,
+        0x84, 0x56, 0x52, 0x77, 0x04, 0x48, 0x22, 0x22,
+        0x54, 0x57, 0x20, 0x31, 0x76, 0x47, 0x26, 0x25,
+        0x04, 0x35, 0x38, 0x44, 0x55, 0x21, 0x14, 0x02,
+        0x13, 0x64, 0x74, 0x87, 0x68, 0x68, 0x73, 0x05,
+        0x22, 0x45, 0x54, 0x45, 0x83, 0x46, 0x64, 0x54,
+        0x80, 0x07, 0x32, 0x87, 0x52, 0x43, 0x54, 0x54,
+        0x14, 0x73, 0x24, 0x87, 0x36, 0x41, 0x74, 0x84,
+        0x06, 0x35, 0x13, 0x40, 0x61, 0x54, 0x21, 0x31,
+        0x48, 0x63, 0x05, 0x74, 0x24, 0x84, 0x74, 0x76,
+        0x11, 0x10, 0x16, 0x63, 0x77, 0x12, 0x26, 0x61,
+        0x31, 0x28, 0x70, 0x34, 0x25, 0x01, 0x30, 0x76,
+        0x76, 0x06, 0x21, 0x58, 0x42, 0x87, 0x31, 0x72,
+        0x76, 0x03, 0x76, 0x26, 0x78, 0x05, 0x88, 0x25,
+        0x25, 0x86, 0x17, 0x02, 0x85, 0x88, 0x76, 0x20,
+        0x36, 0x57, 0x30, 0x81, 0x83, 0x61, 0x05, 0x80,
+        0x21, 0x45, 0x74, 0x01, 0x12, 0x74, 0x51, 0x28,
+        0x77, 0x26, 0x30, 0x14, 0x54, 0x84, 0x13, 0x78,
+        0x06, 0x00, 0x12, 0x64, 0x00, 0x37, 0x44, 0x68,
+        0x40, 0x57, 0x05, 0x27, 0x07, 0x41, 0x56, 0x22,
+        0x31, 0x40, 0x23, 0x26, 0x55, 0x42, 0x55, 0x16,
+        0x02, 0x65, 0x32, 0x16, 0x33, 0x44, 0x46, 0x48,
+        0x04, 0x52, 0x06, 0x53, 0x44, 0x40, 0x11, 0x28,
+        0x46, 0x67, 0x56, 0x81, 0x72, 0x75, 0x51, 0x38,
+        0x21, 0x86, 0x46, 0x03, 0x22, 0x87, 0x21, 0x70,
+        0x68, 0x50, 0x75, 0x13, 0x11, 0x44, 0x35, 0x12,
+        0x60, 0x02, 0x13, 0x47, 0x18, 0x38, 0x78, 0x86,
+        0x38, 0x58, 0x45, 0x57, 0x23, 0x03, 0x88, 0x66,
+        0x56, 0x82, 0x18, 0x31, 0x20, 0x08, 0x61, 0x47,
+        0x78, 0x08, 0x68, 0x37, 0x21, 0x04, 0x65, 0x47,
+        0x58, 0x70, 0x34, 0x58, 0x73, 0x24, 0x22, 0x30,
+        0x66, 0x05, 0x01, 0x28, 0x87, 0x85, 0x77, 0x74,
+        0x23, 0x86, 0x65, 0x84, 0x85, 0x57, 0x85, 0x63,
+        0x06, 0x55, 0x61, 0x75, 0x46, 0x22, 0x87, 0x00,
+        0x18, 0x53, 0x08, 0x03, 0x07, 0x50, 0x42, 0x70,
+        0xFC, 0xB8, 0x7B, 0x22, 0x3D, 0x24, 0xAE, 0x5D,
+        0xB1, 0x89, 0x04, 0x21, 0xC3, 0xFF, 0x1D, 0x59,
+        0xB8, 0x4B, 0x19, 0xE2, 0x4D, 0x14, 0x36, 0x99,
+        0x19, 0x1C, 0x7E, 0x9A, 0x46, 0x48, 0x42, 0x20,
+        0x6B, 0xBA, 0x24, 0x7E, 0x8C, 0x6B, 0x27, 0xBA,
+        0x26, 0xE6, 0x8A, 0xD5, 0xA7, 0x1D, 0x03, 0x61,
+        0xCD, 0x5C, 0x74, 0xCE, 0x50, 0xC2, 0xCE, 0xF1,
+        0x91, 0x31, 0xEF, 0x54, 0x66, 0x23, 0x7F, 0xFE,
+        0xF7, 0xFE, 0x6B, 0x5F, 0xD1, 0x98, 0x23, 0x8E,
+        0x1C, 0xA0, 0xB1, 0x01, 0x30, 0xC6, 0x29, 0xCC,
+        0x91, 0x91, 0xF5, 0x78, 0x6F, 0x5C, 0xD6, 0x28,
+        0xA4, 0x22, 0x56, 0xCB, 0x6F, 0xC7, 0xD7, 0x09,
+        0x56, 0x88, 0xAF, 0x1B, 0xC8, 0x43, 0x51, 0xA4,
+        0x7B, 0x4B, 0x38, 0x2E, 0xF6, 0x1F, 0xD6, 0x5C,
+        0x9E, 0xC2, 0x26, 0xF4, 0x2B, 0x0A, 0x19, 0x7C,
+        0x6A, 0xD8, 0xF0, 0xB0, 0x15, 0xD0, 0xB1, 0xC7,
+        0xE0, 0x14, 0x28, 0x95, 0x6A, 0x9B, 0xB2, 0xDE,
+        0x9A, 0x97, 0xE5, 0x75, 0x66, 0xF8, 0xF5, 0x66,
+        0x86, 0xA1, 0xF4, 0x68, 0x0C, 0xEC, 0xEA, 0x87,
+        0x3B, 0x69, 0x1C, 0xF8, 0xBD, 0x63, 0xAB, 0x73,
+        0x73, 0xBA, 0xE8, 0x09, 0x5B, 0xA7, 0x76, 0x3E,
+        0x50, 0xD6, 0x83, 0x9D, 0x00, 0x35, 0xBB, 0xFB,
+        0x91, 0xBA, 0x60, 0x72, 0x17, 0x98, 0xFB, 0x2C,
+        0x80, 0x2C, 0x60, 0x3A, 0x08, 0xA1, 0x24, 0x05,
+        0xE0, 0xB5, 0x20, 0xEA, 0x41, 0x43, 0x8F, 0xEA,
+        0xEF, 0xA5, 0x62, 0xDC, 0x78, 0x92, 0xF4, 0x58,
+        0x9F, 0x8D, 0x2B, 0x96, 0x5E, 0xE5, 0x49, 0x73,
+        0xA7, 0x2C, 0x8D, 0x33, 0x5C, 0x62, 0x61, 0x98,
+        0x80, 0x64, 0x13, 0x31, 0x03, 0x10, 0xE3, 0x2E,
+        0xFE, 0x6B, 0x39, 0xB5, 0xCF, 0xB1, 0xD1, 0x33,
+        0xAD, 0xE0, 0x1B, 0xCE, 0x94, 0x21, 0x6C, 0xF4,
+        0xCD, 0x8F, 0x86, 0x43, 0x03, 0x1D, 0xB8, 0xC2,
+        0x47, 0xB5, 0x73, 0x21, 0xCA, 0x1E, 0xFB, 0xB8,
+        0x53, 0x63, 0x7D, 0x0C, 0x57, 0x52, 0x14, 0xFC,
+        0x77, 0xA5, 0xA6, 0x84, 0xD5, 0x0A, 0xBF, 0xE4,
+        0xE9, 0x71, 0x99, 0x8E, 0x06, 0x6E, 0x50, 0x24,
+        0xDA, 0x02, 0x76, 0x8A, 0xED, 0xE1, 0x3E, 0x83,
+        0xF0, 0x51, 0x54, 0xA9, 0x99, 0x29, 0x48, 0x42,
+        0x7A, 0xA9, 0x8C, 0x87, 0x42, 0x51, 0xAF, 0x56,
+        0x94, 0x23, 0x53, 0x89, 0x44, 0xFA, 0xD8, 0x93,
+        0xFC, 0x65, 0x6E, 0x9C, 0xED, 0x80, 0x6A, 0x85,
+        0xD9, 0xC3, 0x36, 0x71, 0x02, 0x25, 0x29, 0x36,
+        0x8E, 0x7E, 0xC7, 0x0C, 0x9E, 0xE9, 0x74, 0x30,
+        0x1C, 0x08, 0xCB, 0xE6, 0xAC, 0x5E, 0x88, 0xE6,
+        0x37, 0x79, 0x5C, 0xB2, 0xA2, 0x15, 0xFF, 0xAA,
+        0x08, 0xED, 0xDE, 0x40, 0xAC, 0xFA, 0xEE, 0x2A,
+        0x40, 0xD5, 0x05, 0xCF, 0x58, 0xA6, 0x69, 0x66,
+        0x31, 0x5A, 0x68, 0x98, 0x24, 0x03, 0xD8, 0x1B,
+        0xFA, 0x89, 0xE3, 0x7C, 0x9E, 0x42, 0x1D, 0xA5,
+        0x88, 0xBA, 0x7E, 0x42, 0x2A, 0xC7, 0x44, 0x6A,
+        0x1E, 0x61, 0xC8, 0x22, 0x29, 0x9D, 0xFC, 0x34,
+        0xEC, 0xFA, 0xBE, 0x5C, 0xB6, 0x26, 0xB9, 0x6C,
+        0x8E, 0xA6, 0xC9, 0x3B, 0xDB, 0xD2, 0xD5, 0xBD,
+        0x70, 0xC5, 0xF8, 0x26, 0x7A, 0x84, 0xE0, 0x07,
+        0xA7, 0x11, 0x5E, 0x5B, 0xE5, 0xF1, 0x20, 0x32,
+        0xA3, 0x7C, 0xAB, 0x05, 0xD5, 0x41, 0xE3, 0xDE,
+        0xA5, 0x1A, 0x83, 0x2E, 0xDE, 0x8D, 0x34, 0x9A,
+        0xFD, 0xD5, 0xE6, 0xFC, 0xFC, 0x83, 0x46, 0xE3,
+        0xD4, 0x7C, 0xF1, 0x7F, 0xEA, 0x87, 0x5E, 0x38,
+        0x5D, 0xB9, 0x8A, 0xC2, 0xDB, 0xE8, 0xB4, 0xF8,
+        0x05, 0x37, 0x31, 0x0D, 0xD9, 0x4C, 0xD0, 0xB6,
+        0x25, 0xE9, 0x97, 0x85, 0xDB, 0x04, 0x9A, 0x01,
+        0xF5, 0x4B, 0xA1, 0xF4, 0x2A, 0xDF, 0xEC, 0xAE,
+        0x24, 0x11, 0xD3, 0x2B, 0x2F, 0x84, 0x6C, 0x88,
+        0xA3, 0x0C, 0x76, 0xEA, 0x0A, 0x38, 0xB2, 0x71,
+        0xB6, 0xAC, 0xA8, 0x23, 0x6E, 0x61, 0xEB, 0xB8,
+        0x4A, 0x9D, 0xC4, 0x9E, 0x5C, 0x5B, 0xEE, 0x7E,
+        0x7D, 0x8D, 0xA2, 0xC1, 0xA1, 0xA0, 0xA3, 0x14,
+        0x50, 0xE0, 0x8F, 0xAB, 0xBB, 0x1B, 0x1F, 0x05,
+        0xAA, 0xE3, 0x00, 0xD8, 0xCD, 0xE7, 0x35, 0xB4,
+        0x7B, 0xBD, 0xB0, 0x5C, 0xCC, 0x0C, 0x05, 0x33,
+        0x6B, 0xE4, 0x51, 0x73, 0x1B, 0x6B, 0x77, 0x7B,
+        0xE5, 0xCB, 0xAF, 0x98, 0x53, 0x5F, 0x7E, 0x08,
+        0xFF, 0xCD, 0x8A, 0x44, 0x9E, 0x1D, 0x43, 0x6A,
+        0x4F, 0x05, 0x99, 0x01, 0xF5, 0x6F, 0x01, 0x30,
+        0xBD, 0x15, 0xD7, 0x51, 0x16, 0x45, 0x40, 0x6B,
+        0xF3, 0x13, 0xCA, 0x1F, 0x22, 0x02, 0xA4, 0xA8,
+        0x6A, 0x1D, 0x04, 0x7F, 0xD5, 0x8A, 0x3E, 0x87,
+        0x7F, 0x1D, 0x5A, 0x79, 0x75, 0xD1, 0x6D, 0x67,
+        0xB3, 0x23, 0xC6, 0x28, 0x7B, 0x9C, 0xCE, 0xEE,
+        0x98, 0x9E, 0xE8, 0x44, 0xA9, 0x3E, 0x7E, 0xFD,
+        0x3B, 0xD9, 0xD8, 0x31, 0x6D, 0xA3, 0x77, 0xDF,
+        0x0B, 0xB9, 0xE2, 0x61, 0xA2, 0x71, 0xD5, 0x0C,
+        0xB7, 0x01, 0x67, 0xC3, 0x0D, 0x19, 0x2D, 0xAA,
+        0xDE, 0x96, 0x0E, 0xEA, 0x33, 0x5E, 0xEC, 0x52,
+        0xE5, 0x2D, 0x95, 0x39, 0xE1, 0xF9, 0x5D, 0x9E,
+        0xB6, 0x5E, 0x54, 0x8F, 0x16, 0x60, 0x99, 0xED,
+        0x88, 0x2C, 0x30, 0x72, 0x53, 0x6A, 0x6C, 0xAA,
+        0x05, 0x21, 0xA5, 0xAA, 0x7C, 0x64, 0x72, 0xA0,
+        0xC0, 0x4F, 0x80, 0xDA, 0x20, 0x5D, 0x52, 0x18,
+        0x77, 0x07, 0xDF, 0x5C, 0x2F, 0x2E, 0xA2, 0x5F,
+        0xEF, 0x00, 0xCA, 0x7B, 0xF0, 0xD3, 0xB7, 0xF8,
+        0x1E, 0x31, 0x9E, 0x61, 0xCA, 0x2C, 0xC5, 0xA5,
+        0x25, 0xA2, 0x7B, 0x56, 0xAA, 0xBA, 0xE4, 0xD5,
+        0x35, 0xE5, 0xEC, 0x24, 0x2D, 0x81, 0x1A, 0x24,
+        0xD7, 0x45, 0x76, 0xBF, 0x4B, 0x8A, 0x72, 0xFA,
+        0x5F, 0xAE, 0xC1, 0xA2, 0x83, 0xB6, 0x1D, 0x60,
+        0x28, 0x7E, 0x1E, 0x2E, 0xC8, 0xC6, 0xAB, 0x04,
+        0x56, 0x5F, 0xD5, 0xCD, 0x64, 0x26, 0x34, 0x94,
+        0xE8, 0x03, 0x41, 0x63, 0x35, 0x5B, 0x45, 0x84,
+        0xCE, 0xFA, 0x0B, 0x66, 0x40, 0x85, 0x1A, 0xE1,
+        0x23, 0xE9, 0x8F, 0xBD, 0xA9, 0x23, 0xFC, 0xA3,
+        0x8E, 0x38, 0xB3, 0x84, 0xE2, 0xB9, 0x54, 0x41,
+        0x4B, 0x36, 0x4F, 0xB8, 0xB0, 0x87, 0x56, 0x04,
+        0x8B, 0x75, 0xC7, 0x85, 0x31, 0xD4, 0xA5, 0x12,
+        0x99, 0xC4, 0x9D, 0xEA, 0x4B, 0x36, 0x8C, 0x19,
+        0x82, 0xFE, 0xAD, 0x4A, 0xB1, 0xAA, 0x52, 0x35,
+        0xA4, 0xA1, 0x7F, 0xB0, 0x64, 0x6F, 0x04, 0x04,
+        0x7B, 0xF0, 0x80, 0x48, 0xA1, 0x1C, 0xF8, 0x95,
+        0x8B, 0x68, 0x34, 0xB7, 0xFD, 0x00, 0x31, 0x30,
+        0x6A, 0x39, 0xC8, 0xAE, 0x68, 0xC3, 0x53, 0x65,
+        0x19, 0x7C, 0x1E, 0x57, 0x97, 0xFC, 0x47, 0x3E,
+        0xB1, 0x94, 0x54, 0x48, 0x6F, 0xEB, 0xAA, 0xEC,
+        0x5C, 0x2E, 0xE9, 0x2C, 0xCC, 0x3A, 0xF3, 0xC7,
+        0x43, 0x08, 0x7D, 0x2D, 0x56, 0x4B, 0x7D, 0xE9,
+        0xE5, 0x96, 0xF3, 0x12, 0x4B, 0xE9, 0x08, 0xF3,
+        0x04, 0x5A, 0x75, 0x1A, 0x7D, 0x7E, 0x37, 0xE6,
+        0xC8, 0xC1, 0xFE, 0xF3, 0x32, 0x63, 0x2D, 0x0B,
+        0xBE, 0x05, 0x13, 0x6A, 0x44, 0x58, 0x7F, 0x54,
+        0x5F, 0x5F, 0xF5, 0x2F, 0xB8, 0x0B, 0xF2, 0xBF,
+        0x0B, 0xF4, 0x30, 0x2F, 0xCF, 0xEC, 0xFE, 0x08,
+        0xEC, 0x51, 0xF2, 0x29, 0xD7, 0xAC, 0x28, 0xE1,
+        0x75, 0x42, 0x61, 0xBC, 0xE7, 0xB1, 0x53, 0x4F,
+        0x7D, 0x3B, 0xB0, 0x8D, 0x01, 0x15, 0x1E, 0xBE,
+        0xEC, 0xD9, 0x54, 0xC2, 0x4E, 0x70, 0x3E, 0xEA,
+        0x39, 0x14, 0x26, 0xB7, 0x01, 0x79, 0x5D, 0x06,
+        0x93, 0x85, 0x99, 0xAA, 0x7D, 0xDC, 0xF9, 0x2E,
+        0x44, 0x56, 0x9B, 0xFA, 0x9D, 0x91, 0x2A, 0x8E,
+        0x89, 0x48, 0x51, 0xE3, 0xD0, 0x53, 0xB3, 0xAD,
+        0x43, 0x29, 0xB7, 0x6A, 0x50, 0xC0, 0x78, 0x4D,
+        0x42, 0xF3, 0x7C, 0x5F, 0x90, 0x06, 0xAC, 0x2A,
+        0x9D, 0x5D, 0xE5, 0x18, 0x3F, 0xA3, 0xC6, 0x5E,
+        0xCD, 0xB6, 0xCF, 0x31, 0x67, 0xA4, 0x7A, 0x8F,
+        0x5C, 0x59, 0xBD, 0xD7, 0x9B, 0x7C, 0x24, 0x06,
+        0x97, 0xE1, 0x59, 0x72, 0x85, 0x02, 0x74, 0xFE,
+        0x41, 0xAD, 0x84, 0xD9, 0x0D, 0xCB, 0x34, 0x16,
+        0x11, 0xE7, 0x66, 0xD2, 0x12, 0xDC, 0x76, 0x3C,
+        0xF9, 0x4C, 0x8C, 0x41, 0x94, 0xCC, 0xA9, 0x1B,
+        0x21, 0x03, 0x28, 0xE4, 0xA3, 0x37, 0x4E, 0x29,
+        0xD2, 0x48, 0x11, 0x2B, 0xB6, 0x68, 0xA3, 0x92,
+        0xC2, 0x0D, 0x87, 0x91, 0x03, 0x76, 0xB5, 0x00,
+        0x1F, 0x3F, 0xFB, 0xBE, 0xC3, 0xE0, 0x08, 0xBF,
+        0x2F, 0x46, 0xF7, 0x40, 0x73, 0x83, 0xA8, 0x0D,
+        0xDA, 0x08, 0x2B, 0xDB, 0x8F, 0xE9, 0x25, 0xE4,
+        0xF1, 0x2B, 0x37, 0x92, 0x27, 0x0E, 0x5A, 0x46,
+        0xB8, 0xC5, 0x7B, 0x6E, 0x5A, 0x4B, 0x95, 0x58,
+        0x4E, 0xF3, 0x80, 0xED, 0x49, 0x93, 0xEC, 0x52,
+        0x9F, 0xF2, 0xAA, 0x39, 0xDD, 0x6D, 0xFE, 0x88,
+        0xFD, 0xEB, 0x6E, 0xDA, 0x0E, 0x8D, 0xA7, 0x95,
+        0x66, 0xB0, 0x7D, 0x37, 0xAE, 0xCC, 0x64, 0x37,
+        0x25, 0x95, 0x18, 0xF9, 0x7E, 0x6C, 0x86, 0x12,
+        0xB3, 0xC3, 0x57, 0x03, 0xBF, 0xF9, 0x92, 0x15,
+        0x3E, 0x66, 0x0E, 0x2E, 0x20, 0x77, 0xA0, 0x5F,
+        0x26, 0x5F, 0xB5, 0x12, 0x1D, 0xD7, 0x9F, 0x0A,
+        0x33, 0xBC, 0x38, 0xEC, 0x83, 0x08, 0xE2, 0xA9,
+        0x84, 0xCD, 0x3D, 0x8A, 0xC6, 0x09, 0x30, 0x6F,
+        0x77, 0x93, 0xD7, 0xDE, 0x08, 0xD8, 0x45, 0xA4,
+        0x21, 0x28, 0x26, 0x4E, 0x5C, 0x17, 0x77, 0x74,
+        0xE3, 0x5D, 0x58, 0x7C, 0x96, 0xB2, 0x47, 0x05,
+        0x42, 0x21, 0x78, 0x5D, 0xB3, 0x8D, 0xDC, 0x6F,
+        0xDB, 0xF7, 0xBF, 0x6F, 0x66, 0x4B, 0xD6, 0x30,
+        0x14, 0xC0, 0xBF, 0x94, 0x2A, 0x83, 0x91, 0x6C,
+        0xBF, 0x2C, 0x42, 0x85, 0x41, 0xED, 0xA2, 0xBB,
+        0xCB, 0xFC, 0xF9, 0x35, 0xDE, 0xFC, 0xB3, 0x63,
+        0xE1, 0x64, 0xAA, 0x51, 0x2D, 0xD5, 0xFA, 0x79,
+        0x53, 0x31, 0x40, 0x0B, 0x9B, 0xD0, 0x3C, 0xE3,
+        0xD7, 0x2D, 0x91, 0x05, 0x62, 0xC3, 0x81, 0xFE,
+        0x93, 0x1E, 0x8C, 0x37, 0x9E, 0x30, 0x23, 0x73,
+        0x3A, 0xB9, 0x18, 0x6E, 0x5D, 0xEF, 0x31, 0xE9,
+        0xF6, 0x25, 0x7F, 0xB8, 0x47, 0x74, 0xCE, 0x28,
+        0x23, 0xD4, 0x4F, 0xC1, 0x42, 0xCB, 0xEB, 0x59,
+        0x8A, 0x68, 0xFD, 0x39, 0x48, 0x37, 0x1A, 0x5D,
+        0x0C, 0x09, 0x64, 0xC6, 0xE1, 0x21, 0x5D, 0x89,
+        0xF6, 0x58, 0xE5, 0x50, 0x4A, 0xD0, 0x93, 0xBC,
+        0x86, 0x02, 0xBA, 0xD2, 0x36, 0x24, 0x9D, 0x7E,
+        0xAF, 0xB6, 0xA1, 0xA0, 0x7C, 0xA7, 0xC7, 0x4D,
+        0xAC, 0x30, 0x7A, 0x70, 0x0F, 0x2F, 0x81, 0x40,
+        0xC1, 0x08, 0x6B, 0x21, 0xF2, 0xE1, 0x51, 0x9C,
+        0x1D, 0x46, 0x94, 0x93, 0x2A, 0x1C, 0x18, 0xCB,
+        0xED, 0x0D, 0x0E, 0x29, 0xDE, 0xFC, 0x52, 0x52,
+        0x97, 0x93, 0x70, 0x85, 0xE2, 0x63, 0x0D, 0xC6,
+        0x2C, 0x0C, 0x05, 0x0C, 0x4F, 0xF2, 0x70, 0x87,
+        0x2B, 0xE7, 0xBB, 0x52, 0x2D, 0xD6, 0x99, 0x1B,
+        0x59, 0x6F, 0xC2, 0x92, 0x11, 0x72, 0x5D, 0x99,
+        0x60, 0xB1, 0x6A, 0x52, 0xEA, 0x91, 0x78, 0x19,
+        0x23, 0xC0, 0x3B, 0x71, 0x9D, 0x09, 0xD6, 0xE7,
+        0x10, 0x6D, 0xC5, 0x70, 0x55, 0xC1, 0x9E, 0xF8,
+        0x76, 0xE5, 0xEC, 0x23, 0x17, 0xE7, 0xE4, 0x23,
+        0xC9, 0x71, 0x45, 0x40, 0x72, 0x01, 0x9E, 0x28,
+        0xE6, 0x5C, 0x81, 0xED, 0x52, 0x7A, 0xF1, 0x89,
+        0xBD, 0xFC, 0xF5, 0x21, 0xC9, 0x23, 0x40, 0x75,
+        0x54, 0xAC, 0xBF, 0x69, 0x45, 0xD1, 0x85, 0x44,
+        0x3D, 0xAC, 0x1A, 0x1A, 0x08, 0x8A, 0x68, 0xB5,
+        0x17, 0xD5, 0xD9, 0x90, 0xE1, 0x10, 0x30, 0xDE,
+        0x4F, 0x75, 0x09, 0xE8, 0x7A, 0x77, 0xB3, 0x7C,
+        0xF2, 0x0A, 0x78, 0xE2, 0xCD, 0x48, 0x94, 0x17,
+        0x3C, 0x32, 0xA3, 0x27, 0x35, 0x51, 0x16, 0xB7,
+        0x18, 0x51, 0x44, 0x42, 0x65, 0x60, 0x6A, 0x0A,
+        0x9A, 0x6D, 0x94, 0x61, 0xCC, 0x5D, 0xD8, 0x3B,
+        0x52, 0x7E, 0x4D, 0xBD, 0x6A, 0xEE, 0x03, 0x3D,
+        0x66, 0x1C, 0x3D, 0xE8, 0xC1, 0x82, 0x97, 0xE5,
+        0xD1, 0x31, 0xDB, 0xC8, 0xF6, 0x96, 0xE9, 0x47,
+        0xC9, 0x5C, 0x71, 0x77, 0x2B, 0x62, 0x44, 0x74,
+        0x4D, 0x06, 0x1E, 0x14, 0x45, 0x3B, 0x9F, 0xB1,
+        0x17, 0x34, 0x80, 0x2D, 0xBA, 0x6F, 0x81, 0x79,
+        0xB8, 0x0D, 0xAC, 0xFE, 0xB6, 0xBA, 0xDF, 0xD1,
+        0x4E, 0x05, 0x76, 0x73, 0x6F, 0x80, 0x10, 0xC5,
+        0x32, 0x87, 0xA3, 0xD3, 0x93, 0x18, 0x79, 0xEF,
+        0x27, 0x3B, 0xBF, 0xCD, 0xB5, 0xDE, 0x5B, 0x88,
+        0xAF, 0x51, 0xFD, 0x8A, 0x8C, 0x8F, 0x0A, 0x58,
+        0x94, 0xE2, 0x25, 0xDF, 0xE8, 0x73, 0xFC, 0xC0,
+        0x3C, 0xB1, 0xC9, 0xB5, 0x78, 0x25, 0xF1, 0x11,
+        0x75, 0xC8, 0x7D, 0x08, 0x78, 0xB9, 0xE6, 0x15,
+        0x6B, 0x40, 0x1B, 0x2F, 0xBE, 0x30, 0x03, 0x6B,
+        0xFC, 0x7D, 0xB1, 0x00, 0x02, 0x71, 0xB7, 0xFF,
+        0x5D, 0x63, 0xA8, 0x09, 0x50, 0x75, 0xEF, 0xBD,
+        0x34, 0xEE, 0x73, 0xDE, 0x60, 0x14, 0x95, 0x2D,
+        0x15, 0xBC, 0x30, 0x23, 0x07, 0x02, 0xD8, 0x7C,
+        0x9A, 0x96, 0xD5, 0xE9, 0xF1, 0xF0, 0xF9, 0x26,
+        0x25, 0x96, 0xAA, 0x58, 0xB7, 0xE4, 0x1A, 0xD9,
+        0xA0, 0x9E, 0xAD, 0xB9, 0x44, 0xB6, 0x3F, 0xD9,
+        0x8B, 0x34, 0x7D, 0x11, 0xBD, 0x52, 0x97, 0xC3,
+        0xBE, 0x28, 0x23, 0x85, 0x9F, 0x2F, 0x35, 0xA4,
+        0xE5, 0x4E, 0x13, 0x68, 0x89, 0x09, 0xC3, 0x1A,
+        0x83, 0xE7, 0xDE, 0xCE, 0x4B, 0xDF, 0x31, 0x03,
+        0x9C, 0x72, 0xBA, 0x54, 0xA1, 0x20, 0x2D, 0x17,
+        0x2A, 0x6B, 0x8A, 0x2C, 0xE9, 0x6D, 0xED, 0xCA,
+        0x5B, 0x24, 0xF7, 0xB9, 0x42, 0xC1, 0x4E, 0x13,
+        0x3D, 0xAA, 0x8A, 0xB8, 0xCB, 0xD2, 0x4C, 0x1F,
+        0x0B, 0xBE, 0xB1, 0x27, 0x97, 0x67, 0x26, 0x72,
+        0xE2, 0x2C, 0xE6, 0xC2, 0x12, 0x37, 0xB2, 0x79,
+        0x7D, 0x8E, 0x54, 0xCC, 0x8F, 0xC7, 0x6C, 0x43,
+        0xB4, 0x75, 0x29, 0x66, 0xA3, 0xA4, 0x09, 0x44,
+        0xE7, 0x2D, 0x37, 0x3F, 0x0D, 0x3E, 0x84, 0xF9,
+        0xA3, 0x30, 0x1E, 0xAE, 0x9E, 0xDA, 0x35, 0x44,
+        0x4B, 0x1E, 0x49, 0xE6, 0x61, 0x18, 0x20, 0x6A,
+        0x56, 0xEB, 0x46, 0xD4, 0x8D, 0x20, 0x95, 0x4A,
+        0x77, 0x9A, 0x1E, 0x74, 0xE3, 0xE3, 0xB2, 0xBD,
+        0x40, 0x3D, 0x46, 0xB3, 0x35, 0x10, 0x11, 0xCB,
+        0x6F, 0x8A, 0x86, 0x72, 0xB2, 0xF3, 0xD9, 0x90,
+        0x31, 0x47, 0x55, 0x77, 0x6C, 0xE3, 0x23, 0x7F,
+        0x0A, 0x50, 0xE7, 0x71, 0x20, 0x53, 0x09, 0xC0,
+        0x5D, 0x9A, 0x78, 0xD3, 0x68, 0x88, 0xA8, 0x3B,
+        0xAD, 0x78, 0xE8, 0x6E, 0xDF, 0x36, 0xA8, 0x8D,
+        0xC7, 0x1C, 0x5F, 0x11, 0x56, 0x83, 0x90, 0xD0,
+        0xB5, 0x92, 0x02, 0xE2, 0x9E, 0xE1, 0x1E, 0xCB,
+        0x9F, 0x56, 0x89, 0x63, 0xE8, 0x17, 0x70, 0x83,
+        0x9F, 0xF2, 0x39, 0xAD, 0x03, 0x15, 0x6C, 0xC0,
+        0x71, 0xE8, 0xB7, 0x40, 0x15, 0x95, 0xEC, 0xEE,
+        0x62, 0x34, 0xAC, 0x34, 0xB7, 0x11, 0x70, 0x3D,
+        0x68, 0xC6, 0x7A, 0x28, 0x83, 0xBE, 0x9C, 0x18,
+        0xAB, 0x7F, 0x1A, 0x1B, 0x2E, 0x5C, 0x90, 0xA2,
+        0x32, 0x3C, 0xDF, 0x1E, 0xD4, 0x98, 0x50, 0xB8,
+        0x39, 0x38, 0x19, 0x2F, 0x62, 0x8C, 0x9E, 0xF6,
+        0x5B, 0x77, 0x93, 0x95, 0xEE, 0x37, 0x34, 0xC7,
+        0xA9, 0x01, 0xF7, 0x47, 0x38, 0x86, 0xD7, 0x12,
+        0xD2, 0x15, 0x41, 0x68, 0x16, 0xC3, 0x01, 0x6C,
+        0xC2, 0x83, 0x83, 0xD4, 0x78, 0x7B, 0x46, 0xF6,
+        0x89, 0xDC, 0xE1, 0x11, 0xDA, 0x4D, 0xB8, 0xAC,
+        0x10, 0xE8, 0x4F, 0x66, 0xA5, 0xC2, 0xBD, 0xA1,
+        0xB3, 0xFC, 0x97, 0x7F, 0x6A, 0x0F, 0x73, 0x2E,
+        0xDA, 0x4F, 0x69, 0xB9, 0x75, 0x51, 0xA4, 0xB8,
+        0xB2, 0x61, 0xD6, 0x88, 0x71, 0x94, 0xD3, 0xAF,
+        0xE7, 0xF4, 0xB8, 0x7F, 0xB3, 0xD4, 0x1A, 0xC6,
+        0xDC, 0xDB, 0x8F, 0xD3, 0x9B, 0xE5, 0x0F, 0x2F,
+        0x38, 0x2B, 0xAA, 0x4D, 0x19, 0xC7, 0x45, 0x0A,
+        0xB3, 0xA1, 0xAC, 0x4C, 0x63, 0xCF, 0x93, 0x0A,
+        0xAA, 0x51, 0x7A, 0x15, 0xD5, 0xC0, 0xD5, 0x49,
+        0xFE, 0x03, 0x22, 0x00, 0x71, 0xD3, 0x69, 0x22,
+        0x3E, 0x51, 0x29, 0x6E, 0xCB, 0xF8, 0x0D, 0xCD,
+        0x79, 0xFB, 0xDF, 0xB8, 0xDF, 0x62, 0x90, 0x4D,
+        0x5A, 0x36, 0x20, 0x0F, 0x29, 0xCC, 0x47, 0xE8,
+        0x0C, 0x86, 0x15, 0xEF, 0x1B, 0x78, 0xDB, 0xB2,
+        0x6A, 0x1A, 0xA7, 0xA6, 0x6E, 0x4D, 0x9A, 0x51,
+        0xC9, 0x72, 0xAC, 0x9C, 0x94, 0xEA, 0xB9, 0x95,
+        0x14, 0xB5, 0xAD, 0xAE, 0x62, 0x51, 0xE8, 0xAA,
+        0x30, 0xA5, 0xE5, 0x87, 0x42, 0x4E, 0x3B, 0x7B,
+        0xCC, 0x42, 0xEB, 0xE7, 0x33, 0x3D, 0x92, 0x10,
+        0x97, 0x26, 0x53, 0xF8, 0x11, 0x8B, 0x83, 0xAB,
+        0xE1, 0xBF, 0x7E, 0x9E, 0xE9, 0xCD, 0xAC, 0x28,
+        0x99, 0x7D, 0x14, 0x4C, 0x34, 0xDE, 0xA6, 0x5B,
+        0x59, 0x51, 0x2C, 0x73, 0x29, 0x27, 0xDB, 0xA8,
+        0x20, 0x7D, 0x56, 0x91, 0x98, 0x47, 0x21, 0xB7,
+        0x27, 0x9A, 0xFC, 0xDD, 0xE0, 0x6A, 0x6B, 0xD2,
+        0x68, 0x0E, 0xBB, 0x9B, 0x2E, 0x3C, 0xFE, 0xE9,
+        0xA6, 0x6D, 0x73, 0xD0, 0xC0, 0xDE, 0xD6, 0x53,
+        0x70, 0x8B, 0x09, 0x0B, 0x82, 0x30, 0x65, 0xF9,
+        0x70, 0x78, 0x49, 0xE3, 0xB3, 0x7D, 0x41, 0x25,
+        0xCA, 0x69, 0x3E, 0x74, 0x2E, 0x02, 0x3F, 0x05,
+        0x8A, 0xDC, 0x95, 0x07, 0x9B, 0xB0, 0x0C, 0x56,
+        0xBE, 0x0D, 0x2F, 0x07, 0x81, 0x82, 0xEF, 0xAB,
+        0x30, 0x72, 0xB0, 0xFD, 0x09, 0x76, 0x7B, 0x8A,
+        0x13, 0xC2, 0x80, 0x5A, 0x75, 0x91, 0xB5, 0xB2,
+        0xE1, 0x24, 0x75, 0xB5, 0xC8, 0x24, 0xDB, 0xEB,
+        0x15, 0x79, 0x30, 0xAB, 0x38, 0x9F, 0x91, 0x5F,
+        0xCC, 0xEC, 0x8F, 0x48, 0x64, 0x7E, 0xE4, 0xB6,
+        0x6A, 0xB6, 0xB5, 0x36, 0xC2, 0x2D, 0xE3, 0xE5,
+        0xEE, 0x4A, 0xBB, 0x42, 0xF8, 0xE0, 0x00, 0x9A,
+        0xF0, 0x45, 0x54, 0xF1, 0x28, 0xAC, 0xA3, 0xCC,
+        0xE4, 0x03, 0xBB, 0x01, 0xFD, 0xB7, 0xB5, 0xE2,
+        0xA7, 0x2B, 0x82, 0x91, 0x1C, 0x1F, 0xD0, 0x65,
+        0x23, 0xFF, 0x90, 0x19, 0x21, 0x41, 0xC6, 0x89,
+        0xEC, 0xCB, 0x0B, 0xE6, 0x1B, 0x4C, 0x6D, 0x77,
+        0x06, 0x29, 0x59, 0x02, 0x18, 0xA4, 0x01, 0x1A,
+        0x68, 0xB8, 0x6F, 0xF5, 0x0D, 0x23, 0x03, 0x9C,
+        0x9B, 0xCD, 0x43, 0x61, 0xF6, 0x98, 0x0A, 0x60,
+        0xEF, 0x88, 0xD1, 0x44, 0x0D, 0x30, 0x4C, 0x5B,
+        0x4B, 0x52, 0xD6, 0xED, 0xC2, 0x91, 0x12, 0xDC,
+        0x3A, 0x8A, 0xF2, 0x85, 0x89, 0xE8, 0xF6, 0x29,
+        0x48, 0xED, 0xB6, 0xBE, 0x76, 0x64, 0x6D, 0x59,
+        0x66, 0x06, 0xB9, 0xE7, 0x05, 0xFE, 0xE3, 0xF1,
+        0x44, 0xA0, 0x7B, 0xC9, 0xED, 0x1D, 0x40, 0x0C
+    };
+    static const byte msg_65[] = {
+        0x88, 0x5A, 0x0B, 0xDD, 0x8D, 0xE7, 0x4B, 0xC7,
+        0x11, 0x69, 0x0A, 0xA6, 0x14, 0xDD, 0xA5, 0x32,
+        0xF4, 0xD8, 0xC7, 0xEA, 0x2C, 0x27, 0x85, 0x5A,
+        0x57, 0x8E, 0x63, 0x61, 0xCA, 0xAE, 0x2C, 0x0B,
+        0xF7, 0xE7, 0x73, 0xB4, 0x90, 0x0A, 0x32, 0x93,
+        0x12, 0x1A, 0x6E, 0x0D, 0xD6, 0x10, 0x10, 0x7A,
+        0x7A, 0x65, 0xBD, 0x6E, 0x11, 0xF6, 0x19, 0xFC,
+        0x0E, 0x9C, 0xE7, 0xBF, 0x7B, 0x5D, 0xE1, 0x80,
+        0x76, 0xE1, 0xB7, 0x25, 0x57, 0x20, 0x97, 0xB2,
+        0x47, 0xD8, 0xE0, 0x46, 0x24, 0x94, 0xF6, 0x3F,
+        0x4E, 0xDF, 0xBE, 0xAC, 0x2F, 0xA2, 0xEC, 0xAE,
+        0x0C, 0xCA, 0xD4, 0x28, 0xBD, 0x79, 0x6C, 0xF2,
+        0x60, 0x92, 0xA1, 0xCD, 0x50, 0x5F, 0x59, 0x39,
+        0x11, 0xED, 0x10, 0xFD, 0xA4, 0x26, 0xC7, 0xE3,
+        0xC5, 0xA4, 0x39, 0xE8, 0x50, 0x42, 0x13, 0x18,
+        0xAE, 0x07, 0x85, 0xB0, 0x5A, 0xA9, 0x9F, 0x58,
+        0xD6, 0x85, 0x6D, 0xEB, 0x78, 0xBB, 0xE4, 0x88,
+        0xC7, 0x0E, 0xEE, 0x42, 0xBB, 0x9A, 0xB5, 0x92,
+        0x7B, 0x2E, 0xD2, 0x5C, 0xD1, 0x43, 0x77, 0xCD,
+        0x7E, 0x1A, 0x88, 0x34, 0xE8, 0x21, 0x48, 0x00,
+        0x2F, 0xCB, 0x98, 0x5A, 0xB9, 0x43, 0x12, 0x97,
+        0x01, 0x0B, 0x2B, 0xC7, 0x0F, 0x91, 0x32, 0x37,
+        0x3C, 0x6D, 0xD2, 0xA2, 0xA9, 0xCF, 0x24, 0x6F,
+        0xE0, 0x26, 0x2E, 0x8B, 0x53, 0xE6, 0x93, 0xF3,
+        0xD6, 0xFE, 0xD3, 0xED, 0xD1, 0xF2, 0x00, 0x4E,
+        0xD1, 0x7C, 0x2C, 0xF5, 0xB2, 0x57, 0xF4, 0xAD,
+        0xA5, 0xDC, 0x1A, 0x7C, 0x15, 0x1F, 0xFE, 0x03,
+        0xB9, 0x6A, 0x4D, 0xB9, 0x91, 0xE4, 0x13, 0x2D,
+        0x01, 0xDE, 0x1F, 0x03, 0x3E, 0xD8, 0x13, 0x57,
+        0xEA, 0xE7, 0xC1, 0xA8, 0xD2, 0xDD, 0xD9, 0x2D,
+        0xDF, 0xC0, 0x6F, 0x67, 0x13, 0x94, 0xD2, 0xF6,
+        0x02, 0x12, 0xC6, 0xE4, 0x49, 0xEA, 0x35, 0x93,
+        0x24, 0xFE, 0xD3, 0x8C, 0x84, 0xD3, 0x6D, 0x15,
+        0x43, 0x2E, 0x11, 0xE7, 0x15, 0x00, 0x15, 0x80,
+        0x4F, 0x97, 0xA3, 0xC6, 0x77, 0x38, 0x2C, 0xD4,
+        0x6A, 0xA4, 0xD7, 0xAC, 0xEE, 0x56, 0x86, 0xFB,
+        0xCE, 0xD7, 0xA9, 0xE8, 0x5D, 0x29, 0xC4, 0x83,
+        0x86, 0xE6, 0x9F, 0x40, 0x69, 0x3D, 0x9A, 0xDA,
+        0xBE, 0xB4, 0x3B, 0xD0, 0xE5, 0x03, 0x6A, 0xCD,
+        0xE6, 0x31, 0xB5, 0x49, 0x57, 0xF4, 0xFC, 0xE2,
+        0x6F, 0x7A, 0x24, 0xB0, 0xDA, 0xD4, 0x34, 0x8A,
+        0x67, 0x89, 0xCA, 0xE1, 0x06, 0x13, 0x06, 0x20,
+        0xED, 0x2F, 0xA0, 0xEA, 0x38, 0xF5, 0x75, 0xF2,
+        0x87, 0x83, 0xBC, 0x92, 0xB3, 0x2B, 0x0C, 0x51,
+        0xC8, 0xA6, 0x54, 0x6F, 0x5D, 0x88, 0x09, 0x5F,
+        0x9F, 0x73, 0xC6, 0x5B, 0xF6, 0xF2, 0x51, 0xA2,
+        0xC4, 0x69, 0x74, 0x64, 0x45, 0xC5, 0x88, 0xC3,
+        0xEA, 0x81, 0x39, 0xE4, 0x33, 0xD4, 0xFE, 0x2D,
+        0xE4, 0xC0, 0xD3, 0x58, 0xB6, 0xCA, 0x8A, 0x62,
+        0x94, 0xE6, 0xAF, 0xC1, 0xB9, 0x60, 0x74, 0xC0,
+        0x68, 0xEF, 0x67, 0xB1, 0x58, 0xF1, 0x12, 0x9C,
+        0xFE, 0x0A, 0x3A, 0xE7, 0xEB, 0x9D, 0x45, 0x4F,
+        0x35, 0x7F, 0xBB, 0x6A, 0xB3, 0xB9, 0x92, 0x2B,
+        0x1B, 0xCD, 0x55, 0x58, 0x61, 0x87, 0xCD, 0x24,
+        0x69, 0x24, 0x82, 0x78, 0x23, 0x34, 0xAC, 0x9F,
+        0x2B, 0x86, 0x12, 0x48, 0xF6, 0xA5, 0x30, 0xE9,
+        0x3E, 0x11, 0x48, 0x87, 0x84, 0xDD, 0xE5, 0xEA,
+        0x67, 0x8A, 0xE5, 0x05, 0x90, 0x3E, 0x23, 0x10,
+        0x53, 0x30, 0x8C, 0x1B, 0x87, 0x84, 0x60, 0x7E,
+        0x06, 0x3F, 0x48, 0x98, 0xA4, 0xFA, 0xB6, 0x01,
+        0xD3, 0xE6, 0x96, 0x85, 0x97, 0x21, 0x55, 0xF6,
+        0x3F, 0x09, 0xFD, 0x84, 0xB2, 0xB3, 0xDF, 0x74,
+        0x1F, 0xB6, 0x42, 0xAC, 0xA6, 0x03, 0xD0, 0xD5,
+        0x96, 0xE0, 0xA8, 0xDA, 0xD4, 0x24, 0xF4, 0x64,
+        0x0F, 0x98, 0xB9, 0x6F, 0xB2, 0x42, 0xC6, 0x95,
+        0xDC, 0x33, 0x1F, 0x57, 0x59, 0xF7, 0x5E, 0xAF,
+        0x19, 0x1C, 0xBD, 0x98, 0x5E, 0xC5, 0x99, 0x8D,
+        0x56, 0x48, 0xC8, 0x5E, 0xB6, 0x31, 0x29, 0x5F,
+        0x61, 0x56, 0x7C, 0x11, 0x63, 0xF9, 0x90, 0xDC,
+        0x4F, 0xA1, 0x71, 0x40, 0x91, 0x26, 0x1E, 0x5F,
+        0x3E, 0x5F, 0x0B, 0xFE, 0x84, 0x55, 0xBB, 0x8B,
+        0xAA, 0x1D, 0x69, 0x42, 0x1F, 0x15, 0x37, 0x4E,
+        0x73, 0xB0, 0x7E, 0x78, 0x57, 0x9D, 0x0E, 0x25,
+        0x1A, 0x41, 0xEE, 0x1A, 0x50, 0x43, 0xAA, 0xBF,
+        0x8B, 0xE7, 0x73, 0xEE, 0x7F, 0x9D, 0x0F, 0xDF,
+        0xCF, 0xD3, 0xAE, 0x71, 0x1F, 0xAB, 0x1D, 0x3D,
+        0xBC, 0xC2, 0x84, 0x3B, 0xE5, 0xA9, 0x46, 0xB2,
+        0x4D, 0x8B, 0x9B, 0x94, 0x35, 0x8B, 0x5F, 0x59,
+        0x8E, 0x88, 0xED, 0x3D, 0x53, 0xF3, 0x10, 0xF8,
+        0xEC, 0x63, 0x22, 0x9D, 0x4F, 0x5B, 0xB1, 0xB6,
+        0xD5, 0x24, 0xA5, 0xAF, 0x9C, 0x39, 0x47, 0x79,
+        0x25, 0xC7, 0xE2, 0x90, 0x95, 0xFC, 0x43, 0xF1,
+        0x71, 0xFE, 0xCD, 0xD0, 0x61, 0xF3, 0x62, 0x62,
+        0x71, 0x21, 0x75, 0x2C, 0x23, 0x6B, 0x79, 0x2F,
+        0x1B, 0x31, 0x90, 0x79, 0x7C, 0xD0, 0x57, 0x5C,
+        0x58, 0x4F, 0x30, 0xB5, 0x56, 0x81, 0x19, 0x61,
+        0x90, 0x45, 0x09, 0xC9, 0x8B, 0xCD, 0xE8, 0x65,
+        0x9D, 0x22, 0x80, 0xF4, 0x95, 0xA0, 0xC9, 0x55,
+        0x7D, 0x38, 0x11, 0xAF, 0x5E, 0xD4, 0x37, 0x7B,
+        0xC7, 0x59, 0x9E, 0x49, 0x59, 0xFF, 0x85, 0xF2,
+        0x15, 0x0A, 0xCD, 0xEC, 0xC1, 0xF7, 0x67, 0x2D,
+        0xE1, 0xEE, 0x4D, 0xB4, 0x4C, 0x1F, 0xB5, 0xF7,
+        0x99, 0x8A, 0xB5, 0xDB, 0x74, 0x2F, 0x6C, 0x5D,
+        0x32, 0xCB, 0xC0, 0xF2, 0xFB, 0xC9, 0x54, 0xEA,
+        0xD6, 0xCC, 0x13, 0x4B, 0x97, 0x62, 0xDF, 0x33,
+        0x13, 0x86, 0xDE, 0xCA, 0x31, 0x69, 0x47, 0x88,
+        0x4B, 0x9A, 0x13, 0xAD, 0xEA, 0x5C, 0xBE, 0x29,
+        0x56, 0x64, 0x4F, 0xA1, 0x2A, 0x7B, 0xB3, 0xBF,
+        0xB9, 0x7E, 0x1D, 0x93, 0xA7, 0x01, 0x91, 0xAC,
+        0x38, 0xA0, 0x37, 0x32, 0x58, 0xC2, 0xC2, 0x81,
+        0x6D, 0xEA, 0x6E, 0xAF, 0x88, 0x0D, 0x69, 0xF4,
+        0x5F, 0xBA, 0x4C, 0x29, 0x0F, 0x18, 0xD3, 0x4B,
+        0xB8, 0x36, 0x8C, 0xF4, 0xEB, 0xB4, 0x72, 0xBA,
+        0x49, 0x9C, 0xBB, 0x54, 0x50, 0x1E, 0xE3, 0xA2,
+        0x8E, 0x5F, 0xB9, 0xFD, 0xC6, 0x6C, 0xF6, 0x45,
+        0x72, 0x09, 0x47, 0x19, 0xBB, 0xDB, 0x48, 0xF3,
+        0xF4, 0x88, 0x51, 0x3B, 0x65, 0x50, 0xE1, 0x27,
+        0xE8, 0x34, 0x1C, 0x7E, 0x53, 0xDC, 0xFD, 0xA7,
+        0xD4, 0x08, 0x05, 0x58, 0x0B, 0xC7, 0xD3, 0x0A,
+        0x72, 0xF2, 0x44, 0xCC, 0xDB, 0x5A, 0xEF, 0x66,
+        0x1B, 0x0F, 0x30, 0x4E, 0xC5, 0xB7, 0xAB, 0x93,
+        0xB8, 0xC5, 0xC4, 0x9A, 0x77, 0x68, 0x38, 0xB7,
+        0xD5, 0x23, 0x74, 0xAA, 0x41, 0x63, 0x02, 0x24,
+        0xD6, 0x16, 0xF3, 0x10, 0xE4, 0x99, 0xEC, 0xAD,
+        0xCE, 0x93, 0xE7, 0x8B, 0x94, 0xD3, 0xCA, 0x48,
+        0xB3, 0x47, 0xBC, 0x0E, 0xEC, 0xAA, 0x20, 0x66,
+        0x02, 0x29, 0x65, 0xC8, 0x07, 0xBE, 0xF9, 0x02,
+        0x9B, 0xC5, 0x22, 0x8F, 0x00, 0x5E, 0xDB, 0x74,
+        0xD4, 0xB1, 0x44, 0x98, 0xCE, 0x3A, 0xE1, 0x3B,
+        0xEB, 0x7C, 0x69, 0x3B, 0x66, 0x9E, 0xE9, 0xF9,
+        0xA6, 0xF4, 0x6F, 0xC0, 0x0E, 0xC0, 0x5E, 0x13,
+        0x2B, 0xB6, 0xC6, 0x76, 0x0F, 0xB5, 0xC5, 0x1C,
+        0x83, 0x23, 0xAC, 0xD6, 0xA3, 0xC7, 0x5A, 0x72,
+        0xE9, 0x73, 0x89, 0x66, 0xD1, 0x25, 0xB9, 0x61,
+        0x3B, 0x31, 0x45, 0xC6, 0x7B, 0x5E, 0x98, 0x81,
+        0x87, 0xE8, 0x5F, 0x29, 0xAD, 0xCB, 0xAF, 0x74,
+        0xE3, 0x3A, 0x61, 0x1F, 0xFF, 0x25, 0x2A, 0xEB,
+        0xBA, 0xEB, 0x1E, 0xA6, 0x41, 0xE6, 0xFC, 0x8B,
+        0xDF, 0x73, 0x41, 0xBE, 0x2A, 0xA8, 0x57, 0xE4,
+        0x43, 0xAC, 0xFB, 0xCE, 0xB2, 0x15, 0x5D, 0x08,
+        0x1A, 0xCB, 0x4C, 0xCD, 0xB0, 0x98, 0xD5, 0x7C,
+        0xEF, 0x6F, 0x6F, 0xD3, 0x42, 0xDB, 0x2D, 0x83,
+        0xB6, 0x12, 0x3E, 0x0A, 0xD3, 0xC9, 0x3F, 0x30,
+        0x08, 0x11, 0xB8, 0xD5, 0xA1, 0x1A, 0x5A, 0x29,
+        0xBE, 0x60, 0x81, 0x6F, 0x69, 0xB2, 0x9D, 0x1D,
+        0x7E, 0x15, 0x88, 0x69, 0xD8, 0x60, 0xF6, 0xFB,
+        0x82, 0x9D, 0xE8, 0x0D, 0x3E, 0x1B, 0x69, 0x9C,
+        0x3A, 0xB6, 0x80, 0x4E, 0xB6, 0x54, 0x91, 0x78,
+        0xD9, 0x47, 0x33, 0x38, 0xD6, 0xAF, 0x20, 0x9E,
+        0x1F, 0x7D, 0x26, 0x3C, 0x66, 0x7A, 0xE6, 0x89,
+        0x5F, 0x6E, 0x29, 0x33, 0x92, 0x34, 0x71, 0xF1,
+        0x99, 0x58, 0x1F, 0x8A, 0x51, 0xBD, 0x9A, 0xA4,
+        0x52, 0xEE, 0xE4, 0xBF, 0xE9, 0x56, 0x69, 0xAC,
+        0xD0, 0x7B, 0x41, 0xB0, 0x0C, 0x03, 0xF5, 0x5A,
+        0x40, 0xD1, 0x0B, 0x50, 0xF8, 0xE4, 0x67, 0xBD,
+        0x07, 0x1C, 0x8F, 0x40, 0x5C, 0xF1, 0x19, 0x61,
+        0x2D, 0x32, 0x40, 0x5B, 0xD5, 0x27, 0x5A, 0x6B,
+        0xBF, 0x22, 0x17, 0xF9, 0xF1, 0x79, 0x0D, 0x29,
+        0x99, 0x7B, 0x7B, 0x6B, 0x1E, 0xC8, 0xD7, 0x92,
+        0x4A, 0xB9, 0xE6, 0x44, 0xC1, 0x29, 0xCE, 0xE8,
+        0x74, 0x33, 0x29, 0x1A, 0x2C, 0x8E, 0xD6, 0xBC,
+        0x3C, 0x2A, 0x19, 0xD0, 0x76, 0xB1, 0x77, 0xEE,
+        0x60, 0x50, 0x69, 0x2A, 0xDA, 0x8E, 0x95, 0x57,
+        0x4D, 0x6C, 0xE9, 0xAB, 0xE4, 0x97, 0x95, 0xD8,
+        0xF2, 0x8E, 0xAB, 0x69, 0x67, 0x6E, 0x79, 0x03,
+        0xA6, 0x56, 0xFA, 0xB3, 0x20, 0x25, 0xFE, 0x34,
+        0x65, 0xCB, 0xDB, 0x57, 0x01, 0xC1, 0x77, 0x20,
+        0x9D, 0x91, 0x89, 0xA5, 0x91, 0x7C, 0x13, 0x37,
+        0xDE, 0x39, 0xF5, 0x75, 0xE5, 0xDD, 0xB9, 0x3C,
+        0xA7, 0x6B, 0xEB, 0x52, 0xAF, 0x32, 0xE8, 0xD7,
+        0x12, 0x7B, 0x28, 0xF7, 0xCE, 0x73, 0x12, 0xE8,
+        0x03, 0x90, 0x47, 0x21, 0xAB, 0x21, 0x6E, 0x92,
+        0xA8, 0xA9, 0xE6, 0x09, 0xFC, 0x10, 0xAF, 0x8D,
+        0xC2, 0xAA, 0xCA, 0x14, 0xA9, 0x7B, 0xB0, 0xE4,
+        0xB2, 0x34, 0xC7, 0x00, 0x0E, 0xBB, 0xE0, 0xC4,
+        0x42, 0xF1, 0x85, 0x94, 0x6B, 0x7C, 0xE7, 0x72,
+        0x80, 0x95, 0xCD, 0x60, 0x16, 0x9B, 0x0B, 0xD9,
+        0x7B, 0x36, 0xB3, 0xAE, 0x38, 0x55, 0xD9, 0x89,
+        0x25, 0xB2, 0x9D, 0x92, 0x94, 0xEF, 0x27, 0x75,
+        0x09, 0xFC, 0xA4, 0x07, 0xEA, 0x2B, 0xC4, 0x76,
+        0x59, 0x02, 0x6A, 0x82, 0x04, 0xD6, 0x96, 0x4F,
+        0xC6, 0x5B, 0xEF, 0x35, 0x31, 0xE9, 0xC1, 0xE6,
+        0xF9, 0x70, 0xBF, 0x2F, 0xF2, 0x40, 0x75, 0xEA,
+        0x17, 0xD1, 0x36, 0xAD, 0xEA, 0xD2, 0x35, 0x6B,
+        0x6C, 0xE4, 0x98, 0xF9, 0x3C, 0xD2, 0xF9, 0xE5,
+        0xE1, 0x90, 0xD2, 0x09, 0xD9, 0x3E, 0x47, 0x3F,
+        0xAA, 0x8E, 0xD9, 0x20, 0x96, 0x31, 0x5B, 0xF1,
+        0xFC, 0xA6, 0x55, 0xFE, 0xBC, 0x78, 0xE0, 0x99,
+        0x65, 0xC9, 0x74, 0x78, 0x29, 0x6B, 0x75, 0xD3,
+        0x90, 0x56, 0x60, 0x4D, 0x32, 0x71, 0x91, 0x6D,
+        0xCF, 0xF2, 0x25, 0xCB, 0x6B, 0x9A, 0x34, 0xE1,
+        0x5D, 0xC1, 0x64, 0xB2, 0xA6, 0x8A, 0x3B, 0x42,
+        0xDE, 0x05, 0x7A, 0x6B, 0xAC, 0x17, 0x32, 0xCF,
+        0x59, 0x45, 0xBB, 0xCA, 0x12, 0xB8, 0xB3, 0x61,
+        0x59, 0xFB, 0x89, 0xF7, 0xBB, 0xBE, 0x9F, 0xE0,
+        0x34, 0x21, 0x8F, 0x5B, 0x3B, 0xCF, 0x18, 0x4C,
+        0x20, 0x73, 0x06, 0xE6, 0xD2, 0xEA, 0x69, 0x59,
+        0xEA, 0xE0, 0x89, 0x0A, 0x7B, 0x68, 0x02, 0xEC,
+        0x1D, 0xA0, 0x82, 0xBE, 0xD6, 0x5B, 0xB6, 0xE4,
+        0xEB, 0x4D, 0x56, 0x15, 0x70, 0x1C, 0xB0, 0xE3,
+        0x50, 0x36, 0x33, 0x14, 0xA4, 0xD1, 0x01, 0xDB,
+        0xBA, 0x60, 0x53, 0x71, 0xA3, 0x8B, 0x2D, 0x8A,
+        0x37, 0xFF, 0x78, 0xEB, 0xB3, 0x69, 0x82, 0x53,
+        0x88, 0xAA, 0xB7, 0xD3, 0xC6, 0x23, 0xB9, 0x3E,
+        0x51, 0x2D, 0x96, 0xA9, 0xF3, 0x39, 0xEC, 0x96,
+        0x8B, 0x35, 0x27, 0x59, 0xAF, 0x3E, 0x8F, 0xA3,
+        0x21, 0x1C, 0x39, 0x29, 0x5B, 0x01, 0x10, 0xE6,
+        0xDF, 0x26, 0x4E, 0x90, 0x67, 0x8C, 0x11, 0xE2,
+        0xB9, 0x03, 0xAF, 0x32, 0x2E, 0x4F, 0xA7, 0x70,
+        0x28, 0xD3, 0xEC, 0xC4, 0x4F, 0x62, 0x79, 0xD6,
+        0x3B, 0x1E, 0x60, 0xD8, 0x06, 0x72, 0x41, 0x01,
+        0x5F, 0xC4, 0xF8, 0x9B, 0xAA, 0x15, 0x6A, 0x78,
+        0xFA, 0x77, 0xBB, 0x29, 0x14, 0xCA, 0xC2, 0x81,
+        0xF4, 0x40, 0x9C, 0x9C, 0x03, 0x70, 0xAB, 0xD7,
+        0xC1, 0xF8, 0xA5, 0xD1, 0x04, 0x0B, 0x59, 0x75,
+        0x2C, 0xC4, 0xFD, 0xF0, 0xD1, 0x9C, 0xB0, 0xC5,
+        0x6F, 0xEF, 0x34, 0xFA, 0x3A, 0x3B, 0xCE, 0xE1,
+        0xF0, 0x64, 0xE3, 0x60, 0xE8, 0x6D, 0xC5, 0x5D,
+        0xB5, 0xC9, 0x37, 0x5B, 0xDA, 0xDA, 0x67, 0x2E,
+        0x72, 0xF6, 0x64, 0xE3, 0xAC, 0xB2, 0xE6, 0xD8,
+        0xA0, 0x84, 0x09, 0xC8, 0xCD, 0x60, 0xA1, 0xF9,
+        0x53, 0x80, 0xAB, 0x6C, 0x3A, 0xCB, 0x6B, 0x91,
+        0xA8, 0xA9, 0xA3, 0xB7, 0x75, 0x50, 0x49, 0x79,
+        0xB8, 0x02, 0x5A, 0xDB, 0x34, 0x22, 0x61, 0x9B,
+        0xD1, 0x1E, 0x2B, 0x54, 0xFE, 0x6D, 0x07, 0x58,
+        0x81, 0xAC, 0xAC, 0x24, 0x53, 0x20, 0x31, 0xCC,
+        0xD2, 0x99, 0x06, 0x0E, 0x4E, 0xB7, 0xF7, 0xCB,
+        0xD8, 0x08, 0x36, 0xD4, 0xB8, 0x23, 0xA5, 0xFF,
+        0xA4, 0xFE, 0x8C, 0x6B, 0x98, 0x3D, 0x2A, 0xAE,
+        0xB8, 0xF1, 0x6F, 0x6C, 0x1C, 0x22, 0x81, 0xEF,
+        0xD7, 0x13, 0xFF, 0xDA, 0x22, 0x06, 0x9A, 0x5D,
+        0x8A, 0xC4, 0x91, 0x29, 0x1C, 0xBF, 0x49, 0xF1,
+        0x18, 0xC9, 0x46, 0xD5, 0x0F, 0x08, 0xE0, 0xD1,
+        0x73, 0x28, 0x14, 0xE8, 0x15, 0x81, 0x90, 0x6A,
+        0x31, 0x53, 0x94, 0x01, 0x14, 0xBE, 0xC8, 0xEB,
+        0xD4, 0x9C, 0x73, 0x79, 0x0F, 0x9E, 0xD7, 0xCC,
+        0xD9, 0x85, 0xED, 0xAD, 0x8D, 0xB3, 0x42, 0x6B,
+        0x15, 0x13, 0x98, 0xEB, 0xF1, 0x6E, 0xFA, 0xFE,
+        0x3D, 0xA0, 0xC7, 0xF3, 0x8B, 0x22, 0x76, 0x05,
+        0x76, 0xD4, 0x88, 0x52, 0x73, 0xF5, 0xE4, 0x0B,
+        0x14, 0x05, 0x57, 0x10, 0x7F, 0xCE, 0x0B, 0xF8,
+        0x46, 0x1F, 0x24, 0x8B, 0xC4, 0x3F, 0xBF, 0x5C,
+        0xEE, 0xE7, 0x6E, 0xF3, 0xA9, 0xEB, 0xD2, 0x30,
+        0x95, 0x6C, 0x7B, 0x98, 0xAC, 0x89, 0x8A, 0x39,
+        0x9E, 0x5C, 0x2A, 0xB0, 0xCB, 0xE9, 0xE5, 0xAB,
+        0x94, 0x71, 0xDF, 0x5E, 0x53, 0x0C, 0x72, 0xF2,
+        0x6C, 0x34, 0xDB, 0xFE, 0x2F, 0x83, 0x68, 0x3E,
+        0xB6, 0x22, 0xF9, 0x64, 0x7A, 0xA0, 0x6A, 0x26,
+        0x7D, 0x78, 0x97, 0x36, 0x31, 0x2C, 0x90, 0xC9,
+        0xE5, 0x9D, 0x77, 0x12, 0x2A, 0x88, 0x53, 0x8F,
+        0xD0, 0xF5, 0x39, 0x16, 0xAF, 0x08, 0xB2, 0x36,
+        0x93, 0x5C, 0xDC, 0x5B, 0xB3, 0xCB, 0x49, 0x0C,
+        0x83, 0x09, 0xE6, 0xA7, 0x9B, 0x43, 0xE7, 0xA5,
+        0x4A, 0x8A, 0x07, 0xE1, 0xBA, 0xFB, 0x9B, 0x93,
+        0x7E, 0xAC, 0x2F, 0xC3, 0xAC, 0xED, 0x30, 0x64,
+        0x1F, 0x33, 0x79, 0x19, 0xD2, 0xDB, 0x54, 0xEC,
+        0x7F, 0x32, 0x0E, 0xC5, 0x1C, 0xD1, 0x3C, 0x00,
+        0xB9, 0xE6, 0x03, 0xDF, 0x6D, 0xD2, 0x69, 0x0C,
+        0x75, 0xAF, 0x37, 0x07, 0xB7, 0xC9, 0x3E, 0x91,
+        0xCF, 0x02, 0x78, 0xD7, 0x43, 0xA1, 0x8B, 0x4E,
+        0x69, 0x74, 0xB4, 0x24, 0x08, 0x10, 0x42, 0xB5,
+        0xB4, 0xE7, 0x8C, 0xEB, 0x7F, 0xFF, 0x67, 0x98,
+        0x0B, 0xBC, 0xBA, 0x5E, 0x29, 0xBE, 0x61, 0x33,
+        0x56, 0x16, 0xD6, 0x5E, 0x86, 0xF0, 0xE7, 0x46,
+        0xD1, 0x83, 0xDF, 0xD4, 0x6B, 0x75, 0xC9, 0x30,
+        0x0D, 0x60, 0xC5, 0x19, 0xFD, 0x95, 0xA8, 0xA6,
+        0x61, 0xFF, 0xC8, 0x2A, 0xE7, 0x5D, 0xD1, 0x49,
+        0x49, 0x1F, 0x99, 0xD1, 0x41, 0x4F, 0x15, 0x79,
+        0x00, 0x8A, 0x80, 0x27, 0xA6, 0xC9, 0x98, 0xD3,
+        0xE7, 0xA2, 0xBB, 0xFA, 0x07, 0xAB, 0x53, 0xEF,
+        0xE8, 0x17, 0xAE, 0x9C, 0x6A, 0xE8, 0xD0, 0x52,
+        0xAA, 0x85, 0x9D, 0x03, 0x48, 0xB0, 0xD2, 0xC8,
+        0x5B, 0xCC, 0xC4, 0x50, 0x84, 0x90, 0xBE, 0x0F,
+        0x9B, 0x32, 0x13, 0xB8, 0xAF, 0x7C, 0xCE, 0xE7,
+        0x22, 0xE2, 0x82, 0x13, 0x18, 0x71, 0x46, 0xC5,
+        0xDA, 0x05, 0xB7, 0x65, 0xD8, 0x33, 0x06, 0xFA,
+        0x5A, 0x6B, 0x76, 0xD6, 0x92, 0x76, 0xD1, 0x6A,
+        0x2B, 0xC6, 0x0D, 0xB1, 0xAD, 0xAB, 0x57, 0x62,
+        0xEA, 0x76, 0x37, 0x4E, 0xAB, 0x2D, 0x34, 0xD2,
+        0xA3, 0x57, 0xC7, 0x56, 0xFB, 0xEA, 0xD6, 0xA9,
+        0xE3, 0xC1, 0x63, 0x07, 0xDE, 0xB9, 0x5E, 0x5A,
+        0x30, 0x2E, 0x41, 0x4D, 0x43, 0xE9, 0x1C, 0xA1,
+        0x5B, 0xB2, 0x4F, 0xAF, 0xDC, 0xE9, 0xBB, 0xBE,
+        0x73, 0x55, 0x90, 0xF0, 0xD0, 0x02, 0x98, 0x6D,
+        0x13, 0x50, 0x9A, 0xCA, 0x4C, 0xB3, 0x15, 0x3A,
+        0x26, 0x14, 0x38, 0x67, 0xEB, 0xA7, 0x27, 0x33,
+        0x48, 0x97, 0x58, 0x94, 0x57, 0xEA, 0xF9, 0x7E,
+        0x8B, 0xB0, 0xBB, 0xF3, 0xF4, 0x84, 0x6E, 0x69,
+        0x95, 0x2C, 0xF4, 0x6B, 0x1C, 0x65, 0x39, 0xB4,
+        0x46, 0xA7, 0x99, 0xD6, 0x68, 0x47, 0x6E, 0x2E,
+        0x49, 0x84, 0x75, 0x3E, 0x6C, 0x2E, 0x9A, 0x08,
+        0xBC, 0xB7, 0x2F, 0x86, 0x68, 0x5C, 0xE1, 0xBF,
+        0xEA, 0xA1, 0xAF, 0x59, 0xD6, 0x71, 0xB7, 0xBD,
+        0xD6, 0xC5, 0xC2, 0xF2, 0xF3, 0xB5, 0x36, 0xBB,
+        0x36, 0x23, 0x4F, 0xD6, 0x44, 0x59, 0x0A, 0x44,
+        0x86, 0xCA, 0xDC, 0xD4, 0x22, 0x0F, 0x79, 0x09,
+        0x99, 0x8C, 0x8C, 0x9E, 0x03, 0xA4, 0x51, 0x99,
+        0x5A, 0xB9, 0x97, 0x76, 0x73, 0x20, 0xD3, 0x98,
+        0x8C, 0x52, 0x96, 0xE1, 0x65, 0x7B, 0x4C, 0x77,
+        0x40, 0xB2, 0xFE, 0x27, 0x0A, 0x11, 0x76, 0x6E,
+        0x3B, 0x35, 0x12, 0xC6, 0x4E, 0xC2, 0x0E, 0xCC,
+        0x04, 0xB5, 0x51, 0x91, 0xD0, 0x4A, 0xF7, 0x84,
+        0xF2, 0xE7, 0xE5, 0x99, 0x7E, 0xB5, 0x3E, 0xAC,
+        0x53, 0xDB, 0x61, 0x11, 0x71, 0x56, 0x4E, 0xAB,
+        0x4A, 0x68, 0xC1, 0x6A, 0xA5, 0xC5, 0x7F, 0x72,
+        0xEB, 0x14, 0x97, 0xA4, 0x27, 0xA0, 0x53, 0xA1,
+        0xC4, 0x70, 0x7D, 0x58, 0xBD, 0xC1, 0xD7, 0xFD,
+        0x9F, 0xB8, 0x8C, 0xCE, 0x34, 0xF9, 0xE1, 0x9C,
+        0x59, 0x79, 0x31, 0x24, 0xEC, 0xBB, 0xF5, 0x6F,
+        0x3F, 0xA3, 0x5A, 0x55, 0xB3, 0xDE, 0x64, 0xDF,
+        0xA9, 0x95, 0x0B, 0x53, 0xF2, 0xA7, 0x25, 0x7B,
+        0x8C, 0xAD, 0x25, 0x9A, 0x35, 0xBF, 0x15, 0x46,
+        0x69, 0x4A, 0x83, 0x8C, 0x80, 0xFC, 0x37, 0xD0,
+        0xC3, 0x6F, 0x00, 0xE2, 0x3C, 0x63, 0xAB, 0xC5,
+        0x53, 0xC1, 0x8D, 0x4A, 0x40, 0x4B, 0xE6, 0xDC,
+        0x05, 0xB1, 0x20, 0x23, 0x8B, 0xB8, 0xDF, 0x40,
+        0x86, 0x97, 0xB9, 0x5E, 0xA4, 0xB7, 0xA1, 0x37,
+        0xE0, 0x4B, 0x9E, 0xD9, 0x84, 0x2B, 0x2D, 0xAD,
+        0xD1, 0xB1, 0x52, 0x15, 0x00, 0x9B, 0xDD, 0x23,
+        0xA9, 0x27, 0x44, 0x21, 0x33, 0x17, 0x1C, 0x61,
+        0x49, 0x84, 0x0D, 0x6A, 0x11, 0x7C, 0x77, 0xA5,
+        0xD6, 0x8E, 0xE6, 0x1D, 0x6E, 0x90, 0x04, 0x4A,
+        0xD3, 0x54, 0x3A, 0xA7, 0x1A, 0x28, 0xC5, 0x94,
+        0x01, 0xCA, 0xDB, 0x1B, 0x5D, 0x78, 0xC5, 0xC6,
+        0x69, 0x0D, 0x69, 0x88, 0x75, 0x00, 0x02, 0x0B,
+        0x59, 0x6C, 0x3E, 0xC5, 0x30, 0xDF, 0xEE, 0x85,
+        0x43, 0xA2, 0x9A, 0xF9, 0xDD, 0x85, 0x6E, 0xB3,
+        0x0D, 0x83, 0x6A, 0x13, 0x88, 0xD0, 0x12, 0x15,
+        0x53, 0x16, 0xFC, 0x5C, 0x15, 0x47, 0xEC, 0x6D,
+        0x4D, 0x18, 0x2D, 0x88, 0xDB, 0xD2, 0x17, 0x6C,
+        0xDE, 0x64, 0xEC, 0x70, 0x8D, 0x19, 0xDC, 0x66,
+        0x69, 0x7F, 0xCF, 0x61, 0x6E, 0x4F, 0x23, 0x86,
+        0xF5, 0x1A, 0x98, 0x47, 0x4B, 0xCC, 0xE9, 0x2F,
+        0x12, 0x28, 0x12, 0xB9, 0xEB, 0xD8, 0x32, 0xDC,
+        0xE4, 0xD8, 0x63, 0xAC, 0x56, 0x08, 0x2F, 0xEC,
+        0x5E, 0x47, 0x29, 0xFF, 0x76, 0xFE, 0x95, 0x60,
+        0xD2, 0x19, 0x61, 0x0E, 0xAF, 0xFC, 0x44, 0x42,
+        0x11, 0x42, 0x79, 0xBC, 0x06, 0x3A, 0xAD, 0x93,
+        0x7E, 0x46, 0x60, 0x03, 0xB0, 0xF5, 0x9F, 0x57,
+        0x28, 0x48, 0x44, 0x8F, 0x0E, 0xFA, 0x72, 0x8C,
+        0xE4, 0x18, 0xF4, 0x99, 0x6B, 0xB1, 0x23, 0x45,
+        0xDC, 0x13, 0xA2, 0xF6, 0x5F, 0x57, 0x35, 0xA2,
+        0xD7, 0x38, 0xF9, 0xE9, 0x8A, 0x7A, 0x79, 0xC6,
+        0xB2, 0xCD, 0xBF, 0xD3, 0x41, 0x21, 0x56, 0xB3,
+        0x39, 0xD9, 0x14, 0x3B, 0xDD, 0x85, 0xCB, 0x78,
+        0x2F, 0xEB, 0x7E, 0x29, 0xBC, 0x52, 0x24, 0xE7,
+        0x1B, 0x85, 0xB1, 0x65, 0xAE, 0xAB, 0x65, 0xF9,
+        0x54, 0xD2, 0x1F, 0x37, 0x29, 0x52, 0x30, 0x5B,
+        0x3D, 0x5F, 0x48, 0x84, 0x3F, 0x51, 0x27, 0x88,
+        0x9D, 0xA7, 0x94, 0xF0, 0x73, 0xCD, 0x98, 0xD2,
+        0x05, 0xE8, 0x25, 0x71, 0x7C, 0x93, 0x13, 0x82,
+        0x5D, 0x53, 0x8D, 0x05, 0x0E, 0x69, 0x20, 0xC4,
+        0xDB, 0xF2, 0xF6, 0x55, 0x24, 0x29, 0xD0, 0x41,
+        0xF6, 0x2D, 0xF8, 0xC1, 0x2E, 0xC2, 0x4D, 0xE1,
+        0xD7, 0x2D, 0xA0, 0x49, 0x16, 0x0B, 0x4D, 0x34,
+        0xB5, 0x6D, 0xAE, 0x10, 0x93, 0x1E, 0xB6, 0x95,
+        0x69, 0xC2, 0xB3, 0xC0, 0xAF, 0x6F, 0xFF, 0xA5,
+        0x32, 0x3C, 0x7D, 0xC9, 0xC7, 0xC8, 0xEF, 0x0C,
+        0x64, 0x20, 0x23, 0xC4, 0xFE, 0x89, 0x87, 0x8E,
+        0xB3, 0xA6, 0xC5, 0x24, 0xCF, 0x03, 0x7E, 0x74,
+        0xF7, 0xBF, 0x89, 0x1E, 0xCF, 0xB1, 0x02, 0xFA,
+        0xF2, 0x9F, 0xD3, 0x9D, 0x99, 0x00, 0xDA, 0x7A,
+        0x92, 0x7D, 0x13, 0x11, 0x92, 0xAD, 0x55, 0xF2,
+        0xE1, 0x82, 0x72, 0xB1, 0x6A, 0xF1, 0x45, 0x05,
+        0xDA, 0x17, 0xC9, 0xA1, 0x42, 0x82, 0x89, 0x77,
+        0x31, 0xB6, 0x72, 0x54, 0x7C, 0x68, 0x10, 0x25,
+        0x57, 0x30, 0x16, 0x15, 0x08, 0x58, 0x8B, 0xC1,
+        0x61, 0xCB, 0xA0, 0x58, 0x29, 0x33, 0xB1, 0x64,
+        0xF4, 0x4F, 0x06, 0xAA, 0x25, 0x31, 0xAA, 0xA8,
+        0x92, 0x1C, 0x69, 0x1E, 0x6E, 0xB6, 0xBE, 0x81,
+        0xDA, 0x9B, 0xE5, 0x1C, 0x56, 0x39, 0x55, 0xE0,
+        0xC1, 0xEF, 0xD3, 0xED, 0x2A, 0x1C, 0x94, 0x9B,
+        0xD4, 0xE0, 0x0B, 0x3A, 0xE9, 0xEB, 0xC1, 0x3C,
+        0x4C, 0x6C, 0x4E, 0x5E, 0x39, 0x4C, 0xB0, 0x34,
+        0xB9, 0xCB, 0x75, 0xBE, 0xCE, 0x86, 0x44, 0xFF,
+        0x89, 0xEF, 0x95, 0xE7, 0x6E, 0xF7, 0x15, 0xE1,
+        0x7A, 0xA2, 0x6B, 0x1F, 0xEB, 0x77, 0x4C, 0x50,
+        0x59, 0xB3, 0xA3, 0x9A, 0x38, 0xDF, 0xD0, 0x57,
+        0xD6, 0x41, 0xE4, 0x3F, 0xFE, 0x0F, 0x3E, 0x40,
+        0xFF, 0xF6, 0xB2, 0x36, 0x3C, 0x1B, 0xF0, 0xEF,
+        0x07, 0x87, 0x3D, 0x09, 0xA4, 0x87, 0x76, 0x9D,
+        0x0A, 0x73, 0xCD, 0x0C, 0xC6, 0x44, 0xF5, 0x3C,
+        0x25, 0xD2, 0x02, 0x5E, 0xE7, 0x1C, 0x69, 0xB7,
+        0xAC, 0x0F, 0xA6, 0x61, 0x15, 0x57, 0xC4, 0x27,
+        0xC0, 0x69, 0xDF, 0x2E, 0x1B, 0xF6, 0x29, 0xD9,
+        0xA0, 0xCB, 0x5C, 0x67, 0xC7, 0xEA, 0x4F, 0xA6,
+        0x58, 0xC7, 0x8D, 0x00, 0x42, 0xB0, 0x59, 0xE6,
+        0xB6, 0x58, 0xFF, 0xCE, 0x60, 0x16, 0x69, 0x67,
+        0xDB, 0x94, 0xF7, 0x16, 0xEB, 0x4D, 0x04, 0xB3,
+        0xD2, 0x45, 0x0F, 0x40, 0x03, 0x1F, 0x10, 0xAC,
+        0xDD, 0x07, 0x77, 0x7F, 0xBE, 0x9F, 0xBB, 0xB7,
+        0x7F, 0xCB, 0x7C, 0x1F, 0xA9, 0xFC, 0x1E, 0xAF,
+        0x0C, 0x5F, 0x86, 0xD7, 0x96, 0x2D, 0xAE, 0xD0,
+        0x47, 0x4B, 0xA0, 0xFE, 0x68, 0xD9, 0xB2, 0x32,
+        0x77, 0xA9, 0xCA, 0x7F, 0xC6, 0x76, 0xC6, 0x61,
+        0x6B, 0x8E, 0x43, 0x9A, 0x1D, 0x4B, 0xFF, 0x72,
+        0x43, 0x78, 0x19, 0xB5, 0x51, 0x87, 0x56, 0xA7,
+        0x87, 0x3E, 0xF5, 0x84, 0x01, 0x26, 0x46, 0xC3,
+        0x65, 0x9A, 0x6B, 0xA8, 0x6E, 0x62, 0x27, 0x26,
+        0x14, 0xD8, 0x5E, 0xEC, 0xD5, 0x35, 0x0E, 0x3C,
+        0xD0, 0xA1, 0x25, 0xAE, 0x9C, 0x17, 0xCC, 0xE2,
+        0x52, 0x39, 0xE1, 0xEE, 0x9C, 0xDB, 0x39, 0xCA,
+        0x7B, 0x18, 0xCF, 0x2C, 0x88, 0xCF, 0x14, 0x68,
+        0x26, 0xB6, 0xCC, 0x1E, 0x6A, 0xA8, 0xE1, 0x69,
+        0x2C, 0x91, 0x5F, 0x3B, 0xF1, 0xC1, 0xDB, 0x34,
+        0xC6, 0xF3, 0x78, 0x83, 0xCB, 0x4E, 0xDC, 0xE0,
+        0xF7, 0xC9, 0x95, 0xB6, 0x9E, 0x3A, 0xCE, 0x30,
+        0xDC, 0x16, 0x6F, 0x78, 0x4C, 0x93, 0xD6, 0xCB,
+        0xBC, 0xAC, 0x3C, 0x79, 0xBC, 0x31, 0x93, 0x10,
+        0xCE, 0x6E, 0x66, 0x57, 0x00, 0xF1, 0x7F, 0x96,
+        0x2F, 0x18, 0xB2, 0x40, 0x73, 0x9D, 0x15, 0x69,
+        0x0B, 0x1B, 0x6C, 0x85, 0xD1, 0xAA, 0xA3, 0x2D,
+        0x4A, 0x79, 0x74, 0x4A, 0xE5, 0x0C, 0xF9, 0xA9,
+        0x0A, 0x09, 0x54, 0xB4, 0xA4, 0xD9, 0x4C, 0x49,
+        0x9B, 0x41, 0x23, 0xEF, 0xC0, 0x20, 0x44, 0x31,
+        0xF7, 0x22, 0x85, 0xB5, 0xDA, 0x9E, 0x19, 0x22,
+        0x23, 0x0A, 0x30, 0x4D, 0x3A, 0x1B, 0xD8, 0x52,
+        0x08, 0x72, 0x61, 0xB7, 0xCF, 0x0D, 0x8B, 0x90,
+        0xD1, 0x46, 0x23, 0xEB, 0xCD, 0xC6, 0x38, 0x7B,
+        0xC6, 0xAF, 0x65, 0xBE, 0x5F, 0x01, 0x1B, 0x6B,
+        0xC1, 0x23, 0xC1, 0x30, 0x6A, 0x1E, 0x8F, 0xBF,
+        0x2D, 0xF0, 0xB6, 0xF8, 0x9B, 0x0A, 0xE0, 0x5D,
+        0xE0, 0xE4, 0xB7, 0xF5, 0x0A, 0xDA, 0x46, 0xE5,
+        0x3A, 0x9B, 0x6B, 0xCA, 0xDA, 0x06, 0x43, 0xBE,
+        0x6B, 0xFD, 0xC2, 0xB0, 0x6A, 0x6C, 0x75, 0x88,
+        0x3C, 0x2D, 0xC6, 0x13, 0xAC, 0x72, 0x16, 0x31,
+        0x7A, 0x40, 0xC4, 0xA2, 0xC0, 0x86, 0x69, 0x83,
+        0xD3, 0x2C, 0x9C, 0xE0, 0xA6, 0xCC, 0xED, 0xF4,
+        0x03, 0x62, 0x6B, 0xB2, 0x3B, 0x5B, 0x9D, 0xA5,
+        0x86, 0x77, 0x7C, 0x73, 0x5E, 0x19, 0x11, 0xD7,
+        0x7B, 0x11, 0x96, 0xC8, 0xFA, 0x47, 0x21, 0xD6,
+        0xB0, 0xFE, 0x0B, 0x08, 0x11, 0xFC, 0x00, 0xB9,
+        0xA1, 0x24, 0x2C, 0xBD, 0x4A, 0x92, 0x43, 0x10,
+        0x08, 0xBE, 0xE9, 0xE1, 0x5D, 0x19, 0x82, 0xDE,
+        0x34, 0xAE, 0xDC, 0xA6, 0x85, 0x8F, 0x19, 0x30,
+        0x20, 0xB6, 0x44, 0x7F, 0x6B, 0xA6, 0x63, 0x70,
+        0x59, 0xDA, 0x8D, 0xE0, 0xF8, 0x46, 0x86, 0x57,
+        0xB8, 0x1C, 0x57, 0x13, 0x78, 0x41, 0x8C, 0xF5,
+        0x7D, 0x77, 0xAE, 0x75, 0x6C, 0x59, 0x93, 0x2E,
+        0x05, 0x25, 0x03, 0xD1, 0xEA, 0xFB, 0x2D, 0x60,
+        0xD2, 0x61, 0x23, 0xEA, 0x0E, 0xFF, 0x55, 0xE3,
+        0x24, 0x49, 0x00, 0x19, 0xBD, 0x1E, 0x56, 0x24,
+        0x87, 0x2F, 0x7B, 0x98, 0x07, 0x36, 0xD2, 0x7C,
+        0xC5, 0x9B, 0xE0, 0x4E, 0x29, 0xAB, 0xA1, 0xB8,
+        0x35, 0x15, 0x31, 0xCE, 0x65, 0x14, 0x24, 0xF8,
+        0x10, 0xB5, 0xAB, 0x3E, 0xD5, 0x58, 0xCA, 0xE5,
+        0x73, 0x2D, 0x7C, 0x8B, 0xB4, 0x62, 0x75, 0x03,
+        0x30, 0x89, 0xFE, 0x32, 0xF8, 0x65, 0x99, 0xD0,
+        0x88, 0xD5, 0x72, 0x88, 0x03, 0xC9, 0x51, 0x03,
+        0xBA, 0x2F, 0xFB, 0x7C, 0x39, 0x02, 0x05, 0xC4,
+        0xCE, 0xD8, 0xB3, 0xC2, 0x7B, 0x29, 0x8E, 0xA7,
+        0x9D, 0x35, 0x97, 0xB7, 0x17, 0xDE, 0x28, 0x0B,
+        0x32, 0xE5, 0x41, 0xDA, 0x1D, 0x98, 0xBD, 0x27,
+        0xEF, 0xF7, 0xB4, 0x43, 0x09, 0x13, 0x39, 0xC7,
+        0x40, 0x16, 0x11, 0x20, 0x71, 0xCB, 0xB6, 0xC9,
+        0xB0, 0x8F, 0x20, 0xC1, 0xF0, 0x40, 0xFB, 0x6E,
+        0x73, 0x04, 0x8F, 0x73, 0xCA, 0x45, 0xDB, 0xE0,
+        0xF9, 0x25, 0x8D, 0x32, 0xF2, 0x3E, 0x36, 0xBE,
+        0xF7, 0x88, 0xF8, 0x13, 0x4D, 0x9B, 0x10, 0xC2,
+        0x58, 0x0B, 0x20, 0xF8, 0x78, 0xB6, 0x4C, 0x7D,
+        0x2A, 0xA6, 0x81, 0x40, 0xD1, 0x30, 0x50, 0x38,
+        0x2A, 0x5F, 0xBC, 0x81, 0x8E, 0x0F, 0xD4, 0xD0,
+        0x87, 0x99, 0x78, 0x3D, 0xBE, 0x25, 0x15, 0xF4,
+        0x45, 0x61, 0xA3, 0x1A, 0x7D, 0x05, 0x3F, 0xB5,
+        0xA6, 0x1C, 0x41, 0xC6, 0x0E, 0xBE, 0x57, 0x6F,
+        0xC5, 0xB6, 0x38, 0x63, 0x90, 0x55, 0x23, 0xFC,
+        0x26, 0x9E, 0xFD, 0xB8, 0x6C, 0xF2, 0x99, 0x6B,
+        0x6D, 0x90, 0xFE, 0x28, 0xA0, 0x16, 0xEE, 0x63,
+        0xC2, 0x4C, 0xD6, 0xB2, 0x0C, 0xFA, 0x6E, 0x85,
+        0x51, 0xE4, 0x2F, 0x57, 0x91, 0x82, 0x84, 0x43,
+        0x8A, 0x44, 0x31, 0x6C, 0x68, 0x02, 0x01, 0x7C,
+        0xCE, 0x4D, 0xC0, 0x7C, 0x43, 0xA9, 0x54, 0xF5,
+        0x0E, 0xCA, 0xE6, 0x15, 0x98, 0xAE, 0x41, 0x57,
+        0x0A, 0x66, 0xBA, 0x6D, 0x6E, 0x68, 0xB9, 0x2E,
+        0x0D, 0x42, 0xD2, 0xF5, 0x0B, 0xFC, 0x2D, 0xA8,
+        0x61, 0x6E, 0x60, 0x4E, 0x51, 0x78, 0xEB, 0x0C,
+        0x52, 0x9E, 0xC0, 0x4A, 0xB0, 0x92, 0x85, 0x5C,
+        0x3A, 0x3D, 0x69, 0x95, 0xAB, 0x62, 0xEB, 0x2F,
+        0x9B, 0x12, 0xF5, 0x2E, 0xB5, 0xA6, 0x93, 0xCE,
+        0x14, 0x97, 0xA7, 0x1E, 0x0A, 0x7B, 0x94, 0x74,
+        0xFB, 0x65, 0xD0, 0x5A, 0x97, 0x55, 0x40, 0x02,
+        0x71, 0x87, 0x9C, 0x9F, 0xCB, 0x41, 0x3F, 0x08,
+        0x8D, 0x6A, 0xCA, 0xE6, 0xEC, 0xE6, 0x71, 0x22,
+        0xF8, 0x58, 0x9F, 0xF1, 0x94, 0xF6, 0xE4, 0xD6,
+        0xDC, 0x35, 0xD7, 0xEB, 0x6B, 0x78, 0x99, 0x66,
+        0xF9, 0xE2, 0x15, 0x27, 0xC9, 0x8C, 0x27, 0xB4,
+        0x89, 0x3C, 0x15, 0xEE, 0x52, 0x71, 0xA9, 0xD2,
+        0x50, 0x3C, 0xD2, 0x31, 0xBB, 0x3A, 0xE5, 0x87,
+        0xAF, 0x65, 0x2B, 0xF2, 0xF5, 0xC9, 0x44, 0xA2,
+        0x59, 0x1C, 0x57, 0x96, 0xB9, 0xC2, 0x5E, 0xCB,
+        0x8A, 0x5B, 0x2B, 0x7A, 0x7E, 0x93, 0x3C, 0x08,
+        0x27, 0xCD, 0xB4, 0xB0, 0x1B, 0xF3, 0x82, 0x50,
+        0x78, 0xCF, 0xEA, 0x28, 0x57, 0xB1, 0x0F, 0xB4,
+        0xB6, 0x93, 0x82, 0x8E, 0x7A, 0xD1, 0x9F, 0x04,
+        0xEC, 0xEE, 0x24, 0x3D, 0x8A, 0x5E, 0x56, 0x99,
+        0x8D, 0x83, 0xA4, 0x05, 0x7D, 0xFB, 0x36, 0xDB,
+        0xAB, 0xD1, 0x67, 0x59, 0xC7, 0x4A, 0xB9, 0xAF,
+        0x99, 0xB6, 0xD8, 0xD4, 0x2C, 0xCA, 0x8C, 0xCC,
+        0xD2, 0x32, 0xAB, 0x51, 0xCE, 0x2D, 0x22, 0xE0,
+        0x29, 0xB1, 0x73, 0x10, 0x60, 0xA8, 0x6B, 0x8F,
+        0x68, 0xAF, 0x58, 0x06, 0x9D, 0x72, 0x36, 0x98,
+        0x3F, 0xF3, 0x6B, 0xAD, 0x3E, 0x7F, 0x4A, 0x00,
+        0x94, 0x04, 0xAE, 0xE9, 0x8A, 0x9E, 0x8A, 0x03,
+        0xD8, 0x04, 0xCC, 0xFE, 0xE3, 0xF8, 0xA2, 0x04,
+        0x64, 0x17, 0x54, 0x77, 0xCA, 0x20, 0xD0, 0x80,
+        0x1B, 0x36, 0xEF, 0x59, 0x31, 0xFA, 0xE4, 0xF5,
+        0xAF, 0x56, 0x09, 0x02, 0xAD, 0xCF, 0xA6, 0xBC,
+        0x26, 0x23, 0x27, 0x6D, 0xF3, 0x52, 0xCE, 0x2F,
+        0x4C, 0x9C, 0xA8, 0x23, 0x75, 0xFA, 0x56, 0x9E,
+        0x07, 0x5B, 0xB9, 0x30, 0x5A, 0xB1, 0x27, 0xFF,
+        0x72, 0xBF, 0x50, 0xB1, 0x27, 0xEF, 0xA1, 0x0C,
+        0x3A, 0xC9, 0x72, 0x21, 0xBE, 0xD8, 0xDC, 0xD5,
+        0x66, 0x4A, 0x0A, 0x58, 0xFA, 0x57, 0xB4, 0x00,
+        0x07, 0x31, 0xF2, 0x4E, 0xDC, 0xE0, 0x86, 0x99,
+        0x45, 0xE5, 0x45, 0xCF, 0x27, 0x35, 0x79, 0x57,
+        0xF5, 0xA2, 0x7A, 0x29, 0xFA, 0x5E, 0xCF, 0xF9,
+        0xA9, 0x96, 0x11, 0xE1, 0x4A, 0x6C, 0xE5, 0xB8,
+        0x8E, 0x78, 0xE6, 0xA1, 0x46, 0x97, 0xAE, 0xB4,
+        0xF3, 0x6D, 0x7F, 0x8E, 0xD1, 0x86, 0x6B, 0x78,
+        0x2B, 0x55, 0xC5, 0xDF, 0x0F, 0x43, 0x78, 0xED,
+        0xD2, 0x38, 0xE5, 0x8B, 0x94, 0x7A, 0x06, 0xC5,
+        0x73, 0x17, 0x55, 0x93, 0xAD, 0xA5, 0xAC, 0xBA,
+        0x81, 0x8A, 0x6D, 0x73, 0x4B, 0xA1, 0x32, 0x8F,
+        0x21, 0xA6, 0x5B, 0x51, 0x31, 0x58, 0xD0, 0xE4,
+        0x0B, 0x93, 0x46, 0xF2, 0x51, 0x30, 0x3E, 0x60,
+        0xE1, 0xCB, 0x30, 0x04, 0x15, 0x8D, 0x1E, 0x87,
+        0xA6, 0xF6, 0x38, 0xE0, 0x27, 0x84, 0x81, 0x18,
+        0x2B, 0x37, 0xBB, 0xD3, 0xDB, 0xE7, 0x91, 0xA3,
+        0x1B, 0x6B, 0x20, 0xCB, 0x2C, 0x52, 0xB1, 0xB9,
+        0x6A, 0x94, 0xF8, 0xCD, 0xBA, 0x5D, 0xC7, 0xDD,
+        0x79, 0x36, 0x38, 0xC2, 0xFC, 0xEC, 0x4F, 0x2B,
+        0x5F, 0x73, 0x44, 0x03, 0xE9, 0xA9, 0xF5, 0xD9,
+        0x99, 0xEA, 0x61, 0xDC, 0x6A, 0x98, 0xBE, 0xDE,
+        0xB9, 0x34, 0xCC, 0x76, 0xB0, 0xE1, 0x8C, 0x70,
+        0x3A, 0xA5, 0x7C, 0xD1, 0xC0, 0x2A, 0x8E, 0x7D,
+        0x47, 0x8A, 0x63, 0xEA, 0x30, 0x6B, 0xEE, 0x36,
+        0x0B, 0xA8, 0xAE, 0x46, 0xCD, 0x01, 0x83, 0xF6,
+        0x07, 0xF9, 0xED, 0x8B, 0x69, 0x97, 0xB6, 0xC3,
+        0x5D, 0x75, 0x6E, 0xD8, 0xDF, 0x01, 0x82, 0x48,
+        0x31, 0x2F, 0xDE, 0xED, 0x8E, 0xC5, 0xD8, 0xA6,
+        0xC0, 0x36, 0x0E, 0x66, 0xA4, 0xE9, 0xE5, 0xA9,
+        0x7D, 0x5C, 0xD2, 0x43, 0x72, 0xC0, 0xAD, 0x26,
+        0x78, 0xF2, 0xB0, 0x08, 0x12, 0xAE, 0x6C, 0x1A,
+        0x0F, 0x53, 0x30, 0xB3, 0xAB, 0x01, 0x53, 0xDA,
+        0x3C, 0x5F, 0x4C, 0x17, 0xBD, 0x2F, 0xB6, 0x0E,
+        0x7E, 0x80, 0x87, 0x4C, 0x1B, 0x92, 0x9B, 0x62,
+        0xE3, 0x89, 0xEE, 0xE2, 0xA0, 0x14, 0x06, 0x0D,
+        0x4D, 0xCC, 0x96, 0x5A, 0xF8, 0x64, 0x2A, 0x05,
+        0xA9, 0xEE, 0xD5, 0x0D, 0x23, 0x90, 0xB0, 0x67,
+        0xD5, 0x51, 0x1D, 0x18, 0xBC, 0xBA, 0xE6, 0xA5,
+        0xAD, 0x29, 0x18, 0xD5, 0x06, 0xFC, 0xC9, 0x12,
+        0x6D, 0x70, 0xA8, 0x6E, 0x96, 0x8B, 0x5F, 0x9C,
+        0x99, 0x43, 0x07, 0x02, 0x37, 0x48, 0x8C, 0xFB,
+        0x5F, 0xF5, 0xDE, 0x69, 0x26, 0x73, 0x7D, 0xF6,
+        0x3A, 0x2C, 0xE5, 0x58, 0x01, 0xC3, 0x48, 0xB0,
+        0xF0, 0x0D, 0x56, 0xAF, 0x8C, 0x0F, 0x5C, 0xB3,
+        0xBA, 0x44, 0x8C, 0x39, 0xB0, 0x20, 0xD2, 0x93,
+        0x81, 0x19, 0x99, 0x4E, 0xAC, 0xB9, 0x1F, 0xC3,
+        0x1F, 0x34, 0x7D, 0xF3, 0x3E, 0x1A, 0xE1, 0x26,
+        0x7C, 0xB7, 0x22, 0x0A, 0xDC, 0x0D, 0x14, 0xF8,
+        0x43, 0x8A, 0x23, 0x46, 0x37, 0x9C, 0x2A, 0xB8,
+        0x1F, 0x24, 0x72, 0xE2, 0xEA, 0xC4, 0x67, 0x13,
+        0x17, 0x33, 0xBD, 0xA0, 0x07, 0xA0, 0x3E, 0xDE,
+        0x8B, 0xC4, 0xD6, 0xDB, 0xD9, 0xF1, 0xB8, 0xF4,
+        0xFB, 0x83, 0x13, 0x14, 0xCD, 0x36, 0xF6, 0xDC,
+        0xD5, 0x85, 0x93, 0x7C, 0xF9, 0x6C, 0xEA, 0x52,
+        0x92, 0xFB, 0xFC, 0x95, 0x02, 0x10, 0x7B, 0x57,
+        0x9F, 0xF0, 0x7C, 0x2E, 0x79, 0x00, 0x3D, 0xB2,
+        0xA1, 0x6C, 0x4E, 0xD4, 0x17, 0xFA, 0x0F, 0x13,
+        0xC8, 0xBF, 0xB1, 0x82, 0xF7, 0xDD, 0xCF, 0x08,
+        0xF2, 0x50, 0xDB, 0x16, 0xA4, 0x5A, 0x60, 0x4A,
+        0x57, 0x2B, 0x0E, 0xDC, 0x4A, 0xBF, 0x9C, 0x86,
+        0x08, 0x8A, 0x5A, 0xC8, 0x74, 0xDD, 0xA2, 0x6E,
+        0x12, 0xA0, 0xEF, 0x63, 0x5A, 0xD2, 0x82, 0xAD,
+        0xCD, 0xC7, 0xED, 0x16, 0x86, 0x45, 0x3D, 0xFB,
+        0x35, 0xC3, 0xB1, 0xBA, 0x68, 0x21, 0xB4, 0xB7,
+        0x22, 0x0B, 0x55, 0x79, 0x8B, 0x9C, 0xCF, 0xE0,
+        0x66, 0x61, 0x5C, 0xE2, 0x55, 0x96, 0x0D, 0x09,
+        0xE6, 0x77, 0xFE, 0xFE, 0x76, 0xBE, 0x91, 0x5E,
+        0x04, 0xE5, 0x65, 0x44, 0xBD, 0x09, 0xD0, 0x6F,
+        0x83, 0x44, 0xF9, 0x68, 0xDC, 0x68, 0x25, 0xCB,
+        0xC6, 0x64, 0xD5, 0x18, 0xA4, 0x41, 0xE1, 0x9B,
+        0x07, 0x6F, 0xC3, 0x38, 0x91, 0x37, 0xFC, 0x1B,
+        0x73, 0x32, 0xE2, 0xB0, 0x68, 0x95, 0x44, 0x3B,
+        0x7A, 0x00, 0x23, 0x36, 0x31, 0x15, 0x79, 0xA9,
+        0xB0, 0x8F, 0x36, 0x73, 0xDA, 0x05, 0x90, 0xE6,
+        0x96, 0xCE, 0xD9, 0x01, 0x44, 0x4A, 0x70, 0xA6,
+        0x7B, 0x2A, 0x7D, 0x55, 0x12, 0xD6, 0x5B, 0xFC,
+        0xD7, 0xAF, 0x1E, 0x34, 0x27, 0x77, 0x69, 0xE1,
+        0x71, 0x08, 0x83, 0x01, 0xDE, 0x78, 0x46, 0xF0,
+        0x88, 0xF4, 0x87, 0xC4, 0x92, 0x1B, 0xEB, 0x98,
+        0x35, 0x4B, 0xAE, 0x9A, 0xF6, 0xEA, 0xB2, 0x34,
+        0x91, 0x14, 0xEB, 0x21, 0xF6, 0x18, 0xDB, 0x1D,
+        0x92, 0x6C, 0x1D, 0x2F, 0xE3, 0xA5, 0xF2, 0x29,
+        0xC5, 0x73, 0x40, 0xC4, 0x0A, 0xEC, 0x11, 0xC2,
+        0xD0, 0x14, 0x4D, 0x03, 0x94, 0xFC, 0x4D, 0x8E,
+        0x38, 0x66, 0xA7, 0xD0, 0xA1, 0x0B, 0x64, 0xC8,
+        0xB9, 0x92, 0xB0, 0xA4, 0xDD, 0xBC, 0xAD, 0x82,
+        0x4E, 0x43, 0x97, 0x43, 0x78, 0xEA, 0x9A, 0x38,
+        0xE5, 0x8C, 0x2C, 0x5A, 0xE1, 0x94, 0xAF, 0x43,
+        0x10, 0xFB, 0xEC, 0x90, 0x28, 0x41, 0x6C, 0x5C,
+        0xB7, 0xB8, 0xAF, 0xA5, 0x24, 0xF7, 0x4F, 0xFD,
+        0x6F, 0x2E, 0x98, 0x44, 0x3F, 0x5E, 0x89, 0x24,
+        0xF6, 0xCF, 0x11, 0x0E, 0x67, 0x1B, 0x81, 0x68,
+        0x37, 0xD5, 0x9B, 0x2D, 0xB9, 0x1C, 0xB1, 0xE6,
+        0x87, 0xD6, 0xA2, 0x02, 0x0F, 0x91, 0x08, 0xF6,
+        0x9B, 0x94, 0x76, 0x62, 0xFD, 0xE7, 0x18, 0xAC,
+        0x28, 0xA6, 0xAC, 0xDA, 0x27, 0xF4, 0x33, 0x59,
+        0xBB, 0xBE, 0x36, 0x2C, 0xEE, 0xEA, 0x91, 0xE6,
+        0x91, 0x95, 0x2C, 0x58, 0x0A, 0xB2, 0xCA, 0xA3,
+        0xAA, 0x39, 0x03, 0x9A, 0x75, 0x3C, 0x27, 0x6E,
+        0x02, 0x89, 0x17, 0x4B, 0x02, 0x42, 0x7C, 0xB4,
+        0x2E, 0xAD, 0xB4, 0xD9, 0x35, 0xB2, 0x30, 0x9E,
+        0x2F, 0xEC, 0x9F, 0x25, 0x56, 0x1A, 0x35, 0x40,
+        0xF1, 0xAF, 0x1D, 0xA4, 0xA8, 0x62, 0x07, 0x70,
+        0x98, 0x6C, 0xDE, 0x1E, 0x89, 0xC1, 0xD3, 0x30,
+        0xBB, 0x82, 0x72, 0x40, 0xF2, 0xBC, 0x53, 0xC7,
+        0xDE, 0xAB, 0xFC, 0x7D, 0xAD, 0xBF, 0xDA, 0xE0,
+        0xA7, 0xA1, 0x0C, 0xD6, 0x73, 0x37, 0x36, 0xA1,
+        0xEE, 0xA6, 0x96, 0x88, 0x79, 0x0E, 0x4A, 0x2C,
+        0x69, 0x4C, 0xE5, 0x30, 0xFB, 0xDD, 0xE1, 0xFE,
+        0x86, 0x90, 0xDC, 0xDF, 0x03, 0xF5, 0x17, 0x2F,
+        0xF4, 0x58, 0x2D, 0xD3, 0xED, 0x3D, 0x7D, 0xA0,
+        0xB3, 0x6E, 0x1E, 0xD3, 0xBB, 0xD9, 0x57, 0xBA,
+        0x8B, 0x00, 0x72, 0xC4, 0xEE, 0xCF, 0x39, 0xD5,
+        0x74, 0xFA, 0x13, 0xF0, 0xD7, 0xE9, 0x10, 0x0C,
+        0x7A, 0x52, 0x62, 0xD0, 0xC9, 0xD5, 0x2D, 0xDC,
+        0x11, 0xD4, 0xFF, 0x34, 0xB2, 0x55, 0xF9, 0x99,
+        0x81, 0xB4, 0xC9, 0x14, 0x02, 0x91, 0x81, 0x56,
+        0x29, 0xF6, 0xA9, 0x1A, 0x19, 0x8E, 0x74, 0xB3,
+        0xA3, 0xD1, 0x28, 0xB5, 0x72, 0xD8, 0x6F, 0x54,
+        0x15, 0x74, 0x55, 0x70, 0x26, 0x62, 0xCB, 0x1D,
+        0x15, 0x2C, 0x7F, 0x4C, 0x9C, 0xB4, 0xDE, 0xA2,
+        0x07, 0xD5, 0xA9, 0x38, 0x29, 0x42, 0x51, 0x67,
+        0x44, 0x26, 0x97, 0x7E, 0x73, 0x0E, 0xC6, 0x01,
+        0x00, 0x65, 0xC8, 0xE0, 0x34, 0x88, 0x2B, 0xD3,
+        0x2F, 0xD3, 0x5C, 0x6A, 0xF6, 0xB8, 0xD9, 0x3A,
+        0x50, 0x9C, 0xC3, 0x39, 0xD9, 0x6F, 0xB9, 0xDD,
+        0x55, 0x8A, 0xF9, 0x52, 0x35, 0xFB, 0xF1, 0x71,
+        0x97, 0x76, 0x04, 0x75, 0xEE, 0x2E, 0x3F, 0xCA,
+        0x0E, 0x83, 0xA8, 0xE3, 0x1F, 0xA7, 0xF1, 0x3D,
+        0x78, 0xCC, 0x79, 0x64, 0x80, 0x5E, 0x77, 0x05,
+        0xDB, 0xB7, 0x0F, 0x73, 0x53, 0x3A, 0x56, 0xD8,
+        0xB7, 0x7C, 0x12, 0xE8, 0xF6, 0x51, 0x07, 0xC9,
+        0x01, 0x43, 0x97, 0x51, 0x75, 0x95, 0x94, 0x65,
+        0xFD, 0x4D, 0x8C, 0x8C, 0xD3, 0xA8, 0xEE, 0xA9,
+        0x5E, 0xFB, 0xC7, 0xF6, 0xF8, 0x40, 0x0E, 0xA5,
+        0xD5, 0x1E, 0x79, 0xB4, 0x0C, 0xEF, 0x8B, 0x04,
+        0x59, 0x4D, 0x0C, 0x6F, 0x08, 0xD5, 0x00, 0xA2,
+        0xAD, 0x08, 0xB4, 0x62, 0xE0, 0x2C, 0xF6, 0x30,
+        0x31, 0x1E, 0xD7, 0x81, 0x56, 0x61, 0x17, 0x0D,
+        0xB3, 0x9F, 0x27, 0x75, 0x38, 0x42, 0x6E, 0xB2,
+        0xB0, 0x6C, 0xB8, 0xC9, 0xD8, 0x20, 0xC8, 0x36,
+        0x7D, 0x1D, 0x57, 0x10, 0x4E, 0xC1, 0x45, 0xFC,
+        0x93, 0xB1, 0xF7, 0x7B, 0xA1, 0x3B, 0x71, 0x12,
+        0x16, 0xE5, 0x8F, 0xD0, 0x0C, 0x7D, 0xC0, 0x05,
+        0x18, 0x02, 0x24, 0x25, 0x28, 0x8A, 0xE1, 0x29,
+        0x9A, 0x79, 0xBD, 0xC7, 0x73, 0x2D, 0xF3, 0x42,
+        0x70, 0x33, 0xF3, 0xF8, 0x48, 0x87, 0xB4, 0xD4,
+        0x91, 0xE1, 0x53, 0xBA, 0x4A, 0x63, 0xAF, 0x3A,
+        0xE5, 0xCB, 0x3D, 0x41, 0x04, 0xB5, 0x30, 0x87,
+        0xAA, 0x40, 0x03, 0x56, 0x10, 0x02, 0xF3, 0x6A,
+        0x9F, 0xDA, 0x33, 0xBC, 0xB8, 0xA5, 0xD0, 0x56,
+        0x43, 0x29, 0xDA, 0x58, 0x12, 0x8B, 0x6A, 0x9D,
+        0xCF, 0xCD, 0xCA, 0x66, 0x98, 0x92, 0x1D, 0xA4,
+        0xEF, 0xAC, 0x9E, 0x19, 0xDE, 0xF7, 0xFE, 0x6C,
+        0x3A, 0x66, 0x46, 0xB4, 0x00, 0x7F, 0x08, 0xAF,
+        0x31, 0xD6, 0xD3, 0x22, 0x59, 0x1F, 0x34, 0x48,
+        0x5A, 0xE1, 0x4E, 0x0F, 0x6F, 0x2D, 0xD0, 0xE5,
+        0x8E, 0x34, 0x3B, 0xC0, 0x55, 0x02, 0x2D, 0x17,
+        0x4B, 0x34, 0x78, 0x46, 0xD4, 0xC4, 0x7F, 0x1D,
+        0xDC, 0x39, 0x94, 0x69, 0x78, 0xAB, 0xD8, 0x2B,
+        0x6D, 0xF3, 0x1C, 0x0B, 0x0F, 0x4A, 0xA0, 0xB2,
+        0xAC, 0x1A, 0x79, 0x7F, 0x9D, 0xE5, 0xE8, 0xC6,
+        0x40, 0x4B, 0xCE, 0x32, 0x4B, 0xA1, 0x3C, 0x77,
+        0xED, 0x5D, 0x59, 0x0F, 0xE0, 0x7D, 0x00, 0x07,
+        0xB4, 0xD8, 0xA6, 0x3E, 0xC9, 0x6D, 0x62, 0x19,
+        0x66, 0xC3, 0xE7, 0x10, 0x3B, 0x6C, 0x7A, 0x36,
+        0x49, 0x75, 0xE6, 0x78, 0xB3, 0x8D, 0x04, 0x13,
+        0x31, 0xE6, 0x79, 0x72, 0x64, 0x07, 0x76, 0x94,
+        0x2B, 0xB4, 0xEC, 0x18, 0x1C, 0x32, 0x3C, 0x26,
+        0xC4, 0x81, 0xBF, 0x4F, 0xB5, 0x6E, 0x5D, 0x67,
+        0xCF, 0xBE, 0x17, 0x57, 0x11, 0x2B, 0xBC, 0xA0,
+        0xF0, 0xC2, 0x70, 0x06, 0x94, 0x26, 0x9B, 0x26,
+        0x12, 0x9C, 0x7F, 0x99, 0xD4, 0x4A, 0xF5, 0x60,
+        0xCD, 0xF7, 0xA4, 0x70, 0x2E, 0xF5, 0xD6, 0xA2,
+        0xEC, 0x0E, 0x99, 0x00, 0x2E, 0x89, 0x30, 0xAA,
+        0x4E, 0xC0, 0x62, 0x11, 0x93, 0x0A, 0x1E, 0x68,
+        0xF2, 0xED, 0x44, 0x8B, 0x10, 0x4A, 0x75, 0x68,
+        0xBF, 0x46, 0xE1, 0x41, 0xD6, 0x0B, 0x61, 0x53,
+        0xD4, 0x03, 0x10, 0xB3, 0x8F, 0x8E, 0x14, 0x57,
+        0x27, 0x8F, 0xE3, 0x49, 0xB2, 0xB4, 0xA7, 0xAE,
+        0x39, 0x7A, 0x7B, 0x8F, 0x48, 0xAA, 0xA5, 0xFD,
+        0xC1, 0x28, 0x8E, 0x43, 0xE0, 0x58, 0x39, 0x32,
+        0x0A, 0x14, 0xC6, 0x3A, 0xB8, 0x58, 0xE2, 0x6E,
+        0x7D, 0x8C, 0x35, 0xB6, 0x47, 0x37, 0x90, 0x4D,
+        0x89, 0xC1, 0x9A, 0x10, 0x3D, 0x6B, 0x68, 0x9A,
+        0x3D, 0xC9, 0x0C, 0x72, 0xFC, 0x92, 0xE3, 0x5D,
+        0x45, 0x2B, 0x81, 0x43, 0x02, 0x30, 0x70, 0xD4,
+        0x8B, 0xB9, 0xFB, 0xB0, 0x45, 0xE3, 0xC6, 0xCE,
+        0x9A, 0x8B, 0xD5, 0xC4, 0xB6, 0x7F, 0x5D, 0x8B,
+        0x58, 0xC9, 0x6A, 0x28, 0x2D, 0x6E, 0x27, 0x78,
+        0x3D, 0x7B, 0x99, 0x0E, 0x05, 0x2B, 0xD9, 0x5E,
+        0x86, 0x50, 0x8F, 0x9B, 0xF7, 0xC0, 0x64, 0xA8,
+        0xF2, 0x39, 0xE0, 0x24, 0x0A, 0x20, 0xD8, 0xDF,
+        0x3A, 0x87, 0x6E, 0xDC, 0x8F, 0xF6, 0x24, 0x1B,
+        0x54, 0xF2, 0x70, 0xA9, 0x8C, 0xB8, 0x07, 0x7A,
+        0xAF, 0xE0, 0xE5, 0x8E, 0x5E, 0x98, 0x13, 0xC6,
+        0xA5, 0xF9, 0x1F, 0x52, 0x89, 0x7B, 0x6A, 0xAD,
+        0x24, 0x26, 0xC6, 0x0D, 0xA5, 0x88, 0x3E, 0x6B,
+        0xDF, 0xEE, 0x33, 0x0A, 0x86, 0x09, 0xA2, 0x11,
+        0x8B, 0x69, 0x9F, 0x75, 0xCE, 0xFD, 0x05, 0x01,
+        0x95, 0x14, 0x64, 0xCD, 0x62, 0x04, 0x09, 0x87,
+        0xFC, 0xF6, 0xB2, 0x2E, 0xCA, 0x92, 0xE4, 0x4F,
+        0x55, 0xB3, 0x8C, 0x64, 0x99, 0xA8, 0xDA, 0x0A,
+        0xC7, 0x82, 0x56, 0x93, 0x03, 0x67, 0xA4, 0xD7,
+        0x54, 0x91, 0xA0, 0x89, 0xD8, 0x94, 0x1F, 0x6C,
+        0x53, 0xCC, 0xB2, 0x60, 0x13, 0x6A, 0x93, 0xE1,
+        0xFC, 0xA3, 0xDD, 0x72, 0xD5, 0x5A, 0x92, 0x35,
+        0x9E, 0x3D, 0x62, 0x82, 0x70, 0x5D, 0x54, 0xAF,
+        0x57, 0xC6, 0x98, 0x5E, 0x74, 0xE0, 0xF2, 0x33,
+        0x26, 0x61, 0xBF, 0x2B, 0xDD, 0x78, 0x47, 0x29,
+        0x04, 0xC7, 0xF0, 0x58, 0x17, 0xFC, 0x9D, 0xED,
+        0xEF, 0x15, 0x6A, 0xCA, 0xC7, 0x46, 0xCE, 0x12,
+        0xF8, 0x90, 0xD8, 0x5A, 0x93, 0x98, 0xA9, 0xED,
+        0xFB, 0xF4, 0x6E, 0x73, 0x48, 0x81, 0x4A, 0x08,
+        0x07, 0x29, 0xC8, 0x3E, 0x70, 0x4C, 0x40, 0x30,
+        0x20, 0x2C, 0xF6, 0x1E, 0xCD, 0xEE, 0x27, 0x95,
+        0xD5, 0x07, 0xAC, 0x28, 0x81, 0x4F, 0x53, 0xCD,
+        0x06, 0x60, 0xA5, 0x57, 0x2C, 0xBE, 0x1A, 0xE5,
+        0x33, 0x38, 0xB8, 0xEF, 0xDC, 0xA3, 0x1A, 0xA5,
+        0xB9, 0x5A, 0xA9, 0xE7, 0x65, 0xAF, 0x4D, 0xA0,
+        0x4C, 0x9B, 0x31, 0x62, 0x67, 0x7E, 0x41, 0xC0,
+        0x18, 0xA5, 0xE1, 0x8A, 0xF2, 0xF9, 0x8A, 0xCA,
+        0x14, 0x5C, 0xCD, 0x1B, 0x8F, 0x74, 0x31, 0x07,
+        0x6A, 0x14, 0xA7, 0xC2, 0x0F, 0x6C, 0x72, 0xE8,
+        0xEB, 0x97, 0x51, 0xB7, 0x89, 0x2E, 0x41, 0x01,
+        0x54, 0x47, 0x63, 0x0E, 0xAA, 0x84, 0xB9, 0x60,
+        0x1C, 0xB9, 0x54, 0xD8, 0x97, 0x39, 0x38, 0x9D,
+        0x52, 0xBB, 0x91, 0xA9, 0x7F, 0x96, 0x08, 0x7C,
+        0xB3, 0x8B, 0x0E, 0xAB, 0x59, 0xA7, 0x84, 0x68,
+        0x34, 0x65, 0x55, 0xC7, 0x12, 0x84, 0xC2, 0xFB,
+        0xBD, 0x27, 0x58, 0x18, 0xE9, 0x26, 0x73, 0xFA,
+        0x42, 0xAB, 0x5E, 0x0D, 0x97, 0x76, 0x67, 0xA9,
+        0x0F, 0x75, 0x92, 0x6C, 0x80, 0x76, 0x87, 0x75,
+        0xD2, 0x3D, 0xFE, 0x0B, 0x33, 0x7B, 0x48, 0xB0,
+        0xC8, 0x28, 0x1F, 0xE6, 0x3F, 0x18, 0xF2, 0x45,
+        0xF8, 0x8F, 0x21, 0xE1, 0x1C, 0x56, 0xA5, 0x33,
+        0x71, 0x88, 0x42, 0x5A, 0x34, 0x8B, 0x24, 0xDD,
+        0x0E, 0x98, 0x30, 0xDB, 0x6B, 0x6C, 0x89, 0x64,
+        0x8C, 0x7A, 0x63, 0x3C, 0xA9, 0xD8, 0x32, 0x51,
+        0xD0, 0xC6, 0xF7, 0xA4, 0x53, 0x95, 0x0D, 0x02,
+        0x19, 0x6A, 0x77, 0xBC, 0xDF, 0xD5, 0x2B, 0x2C,
+        0x65, 0xC9, 0xBF, 0x72, 0x69, 0xC3, 0x0C, 0xEF,
+        0x34, 0x75, 0x76, 0x29, 0x59, 0xBE, 0x9D, 0xE9,
+        0x44, 0x21, 0x2F, 0x5F, 0xB7, 0x89, 0xA6, 0xCD,
+        0x0A, 0x9A, 0x9E, 0x77, 0x5B, 0xBD, 0xDA, 0x03,
+        0xA4, 0xBC, 0xFB, 0x47, 0xC1, 0x77, 0x73, 0x00,
+        0x26, 0xAE, 0x2E, 0xFA, 0x62, 0x18, 0x9D, 0xB8,
+        0xE2, 0xD3, 0x7A, 0xB9, 0xD8, 0xCF, 0xE9, 0x61,
+        0x11, 0x80, 0xE9, 0xDC, 0xC3, 0x32, 0x9E, 0x63,
+        0x6F, 0xD9, 0x42, 0xF6, 0x76, 0x7F, 0xBC, 0xBF,
+        0xDB, 0x08, 0x2F, 0xA0, 0xEB, 0xB8, 0x4D, 0xF3,
+        0x76, 0x62, 0xAA, 0xFA, 0x20, 0x4A, 0xDD, 0xE6,
+        0xB3, 0x72, 0xC7, 0x7D, 0x36, 0x4F, 0x08, 0x56,
+        0x4F, 0x19, 0xB2, 0xB0, 0x0C, 0x13, 0x1A, 0x8C,
+        0xCE, 0x9A, 0x04, 0xB5, 0xB6, 0x9C, 0xD3, 0xD8,
+        0xFE, 0x1F, 0x2C, 0xCC, 0x89, 0xEE, 0x7D, 0x22,
+        0x8A, 0x4E, 0x0A, 0x91, 0x0C, 0x8B, 0x5A, 0xE0,
+        0xBD, 0xE5, 0x3D, 0xBE, 0x90, 0x4B, 0x13, 0xA3,
+        0x2F, 0x33, 0xE9, 0x9D, 0x6C, 0x67, 0x35, 0xBD,
+        0x03, 0xD4, 0x09, 0x90, 0x2F, 0xC6, 0x3C, 0x8D,
+        0xD8, 0x43, 0xFC, 0x1F, 0xB7, 0x49, 0xC0, 0xB7,
+        0x38, 0x70, 0x1D, 0xEB, 0x5A, 0xD7, 0xAC, 0x07,
+        0xAF, 0x5B, 0x93, 0xC5, 0x7B, 0x55, 0x65, 0x86,
+        0x6E, 0xC1, 0xDB, 0xCD, 0x42, 0x92, 0x50, 0xDB,
+        0xD1, 0x97, 0x95, 0x3D, 0x53, 0xC3, 0xFE, 0xC2,
+        0xF9, 0x65, 0xF3, 0xD2, 0xEE, 0xA4, 0x7E, 0xDE,
+        0xA1, 0x4B, 0x23, 0x7F, 0xA1, 0x0D, 0x25, 0x6E,
+        0x80, 0x4F, 0xE3, 0xB5, 0x0C, 0xBA, 0x1C, 0x2B,
+        0x42, 0x0B, 0x8F, 0xD9, 0xB6, 0x4E, 0x52, 0xD2,
+        0xDB, 0x35, 0xD2, 0xA1, 0xC4, 0xE6, 0xD6, 0x51,
+        0x76, 0xE7, 0x87, 0x5E, 0xBE, 0x93, 0xE6, 0x61,
+        0x71, 0x4C, 0x8B, 0xA6, 0x96, 0xDA, 0xF7, 0xCB,
+        0x06, 0xB7, 0xB8, 0xC4, 0xF6, 0xF5, 0xC6, 0x29,
+        0xAA, 0xE1, 0x13, 0x87, 0x6F, 0x96, 0xBA, 0x0C,
+        0xF6, 0x79, 0x8F, 0x03, 0x86, 0x22, 0xE3, 0xFB,
+        0xCF, 0x86, 0xCF, 0x7C, 0x77, 0xFD, 0xB4, 0xEE,
+        0xBD, 0x42, 0x38, 0x7F, 0xF2, 0xCC, 0xCB, 0x06,
+        0xEA, 0x0D, 0x81, 0xA1, 0x8E, 0xB5, 0xE7, 0x40,
+        0xC8, 0x03, 0xA3, 0x4B, 0xC8, 0xB4, 0x0E, 0x3E,
+        0x36, 0xAB, 0x90, 0xC1, 0xFC, 0xB0, 0x37, 0x2B,
+        0x83, 0xA1, 0x3D, 0x56, 0xD6, 0x83, 0x0F, 0x99,
+        0xC4, 0x58, 0xB8, 0x94, 0x61, 0x19, 0xA6, 0x60,
+        0x47, 0xCB, 0x2D, 0xAF, 0x29, 0x38, 0x90, 0xFA,
+        0x99, 0x0F, 0x02, 0x02, 0x65, 0x90, 0x5F, 0xA2,
+        0xA2, 0xE3, 0xBB, 0x34, 0x15, 0x2F, 0x0B, 0xF5,
+        0xB2, 0xCC, 0x83, 0x59, 0xAF, 0xA7, 0x4D, 0x38,
+        0xAD, 0xF6, 0x52, 0x5C, 0x53, 0xD9, 0x0E, 0x3F,
+        0xD6, 0x53, 0x86, 0xE2, 0x79, 0xC2, 0x65, 0x48,
+        0xB2, 0x67, 0x3B, 0xAF, 0x52, 0x53, 0x57, 0x9A,
+        0x27, 0x80, 0x88, 0x37, 0x77, 0x67, 0x4E, 0x1F,
+        0xF1, 0x7B, 0xC5, 0xCB, 0xD8, 0x11, 0x0A, 0xDD,
+        0x92, 0x0E, 0x88, 0x6C, 0xCA, 0x33, 0x76, 0x3B,
+        0x04, 0xFA, 0xC0, 0xFD, 0xC6, 0x3F, 0xB4, 0x72,
+        0xC2, 0x2B, 0x6D, 0x5E, 0xB6, 0xA1, 0x4E, 0x5F,
+        0xC0, 0x50, 0x16, 0xEF, 0xFE, 0x6A, 0x42, 0x72,
+        0x65, 0x02, 0xEE, 0x07, 0xC6, 0x19, 0xC6, 0x95,
+        0xDE, 0x3F, 0xD9, 0xC5, 0xC6, 0x0E, 0x70, 0x07,
+        0x6A, 0xC3, 0x36, 0x1B, 0x84, 0x6F, 0xDF, 0x80,
+        0x16, 0x4E, 0x86, 0x90, 0xC8, 0x55, 0x7B, 0xDD,
+        0xC0, 0x86, 0x0C, 0x37, 0x47, 0x1F, 0x35, 0xF8,
+        0x47, 0xF2, 0xCD, 0x96, 0x21, 0x64, 0xAD, 0x46,
+        0xE1, 0xDF, 0x44, 0x79, 0x48, 0x02, 0xF9, 0x71,
+        0x39, 0x35, 0x26, 0xFC, 0x12, 0x0D, 0x88, 0xAC,
+        0xD6, 0xFA, 0x29, 0x74, 0x55, 0x51, 0xE7, 0xAF,
+        0x3D, 0x7E, 0x1E, 0x7E, 0xE0, 0x18, 0xB6, 0x3C,
+        0x4B, 0x99, 0x9D, 0x51, 0x02, 0x51, 0xD8, 0xE9,
+        0xFA, 0x61, 0x88, 0x2E, 0xCF, 0x73, 0x77, 0x65,
+        0x71, 0xAE, 0xAE, 0xD7, 0xA1, 0xF9, 0xE0, 0x7F,
+        0x30, 0x46, 0xCB, 0x20, 0xEC, 0xF4, 0xD2, 0xC1,
+        0x63, 0xF5, 0x6F, 0x8A, 0x72, 0xF9, 0x5B, 0x85,
+        0xD2, 0xCA, 0x6D, 0x35, 0xD1, 0x17, 0xF6, 0x08,
+        0x9E, 0x0A, 0x73, 0xB3, 0xDA, 0x1A, 0x32, 0xBA,
+        0x23, 0x10, 0x4A, 0x5D, 0xD7, 0xAA, 0xB4, 0x68,
+        0x97, 0x59, 0x45, 0xC5, 0x7C, 0x16, 0x6F, 0xE4,
+        0x62, 0x89, 0xF1, 0xD3, 0xB4, 0x03, 0x90, 0x7B,
+        0xA4, 0xA2, 0xCA, 0xA0, 0x5D, 0x69, 0x1B, 0xA9,
+        0xBB, 0xEB, 0xA0, 0xE2, 0xDE, 0xBE, 0x0E, 0xC4,
+        0x9E, 0x21, 0x38, 0x61, 0x92, 0x9B, 0xAB, 0x69,
+        0xAA, 0xD0, 0x1D, 0xF6, 0xC3, 0xEE, 0xA6, 0xC3,
+        0xF3, 0x29, 0x1B, 0xE5, 0x6E, 0x52, 0x89, 0xD0,
+        0xBA, 0xD8, 0x60, 0x27, 0x80, 0x1A, 0xB5, 0x7F,
+        0x7F, 0xB5, 0xC2, 0x5A, 0xC6, 0x83, 0xA4, 0xC0,
+        0x88, 0x39, 0xF3, 0xE7, 0x39, 0xD6, 0x81, 0x1C,
+        0x13, 0x20, 0xFD, 0x93, 0x3D, 0x8E, 0x79, 0x60,
+        0x7C, 0xFF, 0xE4, 0x37, 0x5B, 0x33, 0xA3, 0x9D,
+        0xB7, 0x57, 0xCD, 0x45, 0x0A, 0xB9, 0xE4, 0xF1,
+        0xBC, 0x59, 0x74, 0xE8, 0xB3, 0x06, 0xD0, 0x9F,
+        0x0F, 0xBC, 0x5B, 0x23, 0xB8, 0x6C, 0xD6, 0x4D,
+        0xFA, 0xCC, 0x14, 0xAB, 0x74, 0x61, 0x1A, 0xFC,
+        0x22, 0xA6, 0xED, 0x09, 0x76, 0x91, 0xD8, 0x6E,
+        0x44, 0xB6, 0x00, 0x14, 0xDC, 0x74, 0x2D, 0x90,
+        0xAA, 0x59, 0x98, 0x76, 0x30, 0xC5, 0x44, 0xA4,
+        0x61, 0x43, 0xD6, 0xE2, 0x28, 0x28, 0xA7, 0xBD,
+        0x6E, 0x50, 0x5C, 0xE1, 0x96, 0x7A, 0xF8, 0xA8,
+        0x32, 0x8C, 0xE9, 0xFD, 0x11, 0x37, 0x91, 0xD1,
+        0xAF, 0x3C, 0xD3, 0x1C, 0x1E, 0x88, 0x4D, 0x7E,
+        0x87, 0x84, 0x84, 0x6F, 0x39, 0x0B, 0xFB, 0x2D,
+        0xB3, 0x12, 0x4C, 0x6D, 0x45, 0xDD, 0xCD, 0x7D,
+        0x75, 0xB7, 0xFE, 0x7E, 0x44, 0xCC, 0x29, 0xE5,
+        0xB3, 0x10, 0xEE, 0x23, 0x55, 0x5B, 0xCF, 0xBA,
+        0xBD, 0xA1, 0xBE, 0x64, 0xF8, 0x6E, 0x60, 0x31,
+        0x0A, 0x2D, 0xC9, 0x3B, 0x1D, 0x44, 0xE1, 0x9D,
+        0x60, 0x28, 0x77, 0xEE
+    };
+    static const byte rnd_65[] = {
+        0x4E, 0x7A, 0x01, 0x7C, 0x15, 0x03, 0x9D, 0xC2,
+        0x00, 0x51, 0xD2, 0x96, 0x0E, 0x5E, 0x15, 0x59,
+        0xCC, 0x27, 0xED, 0x46, 0x87, 0x7C, 0xB9, 0x81,
+        0x16, 0x19, 0x9A, 0x0F, 0x41, 0x05, 0xFE, 0x32
+    };
+    static const byte sig_65[] = {
+        0xB8, 0x65, 0xB0, 0x0B, 0x21, 0x18, 0xDB, 0xB0,
+        0x0B, 0x70, 0x1C, 0x66, 0x45, 0x65, 0x5E, 0x8A,
+        0xCF, 0xA8, 0x4E, 0xA7, 0x92, 0xB4, 0x48, 0x64,
+        0x2E, 0x18, 0x32, 0xC3, 0x70, 0x7C, 0x87, 0xCF,
+        0x09, 0xFB, 0xE7, 0x72, 0xF1, 0xD4, 0x38, 0x5B,
+        0xFB, 0xE5, 0xE6, 0xCF, 0xBB, 0xE2, 0x6C, 0x10,
+        0xED, 0x6E, 0xB8, 0x65, 0xC8, 0x87, 0xF8, 0x69,
+        0x39, 0x43, 0x9A, 0x9B, 0xF7, 0x68, 0xBF, 0x03,
+        0x9D, 0x73, 0xE3, 0xEA, 0x83, 0xBD, 0xF1, 0x85,
+        0x03, 0xB5, 0xD1, 0xB3, 0x91, 0x79, 0xA8, 0x27,
+        0xB0, 0xD7, 0x80, 0x5F, 0x98, 0x42, 0x8B, 0xD8,
+        0x7C, 0xEA, 0x6B, 0x06, 0x96, 0x0C, 0x78, 0xB4,
+        0xB5, 0x86, 0xFB, 0x0D, 0x5E, 0xDA, 0x9F, 0xAA,
+        0xC0, 0x25, 0x6E, 0x38, 0x82, 0x35, 0x62, 0xA3,
+        0x07, 0x96, 0x61, 0x17, 0x00, 0x5A, 0xA4, 0x2F,
+        0x1B, 0x65, 0x54, 0xA0, 0x48, 0x75, 0xF8, 0x5C,
+        0x2E, 0x3F, 0xAF, 0xA6, 0x52, 0x47, 0x1D, 0x4E,
+        0x98, 0x06, 0x54, 0x82, 0xFC, 0x7D, 0xF4, 0x9B,
+        0x2C, 0x40, 0xD0, 0xE7, 0xB9, 0x82, 0x38, 0xDF,
+        0xBE, 0x85, 0x3D, 0x16, 0xBF, 0x99, 0x92, 0xBB,
+        0x08, 0xC1, 0x92, 0x59, 0xF9, 0xB5, 0x75, 0xEA,
+        0x7A, 0x4A, 0x80, 0x09, 0x3A, 0x64, 0xA9, 0x26,
+        0x71, 0x85, 0x7A, 0x50, 0x89, 0x20, 0xD6, 0x0F,
+        0xF6, 0xFB, 0xF3, 0x83, 0x41, 0xC5, 0x59, 0x01,
+        0x05, 0x63, 0x3A, 0x42, 0x6D, 0x60, 0x2D, 0xAC,
+        0x06, 0x4D, 0xD7, 0xA7, 0xF1, 0x1A, 0x60, 0x21,
+        0x5C, 0x35, 0xB7, 0xB9, 0xC0, 0x0E, 0x9D, 0x84,
+        0x63, 0x98, 0x8C, 0xF4, 0x72, 0xCD, 0x6A, 0xCF,
+        0xB7, 0xF7, 0x22, 0xB8, 0xC4, 0xC6, 0x27, 0x02,
+        0x60, 0x7A, 0x67, 0x48, 0x80, 0xAC, 0xB3, 0xD6,
+        0xC6, 0x25, 0x3E, 0x71, 0x17, 0x5A, 0x05, 0xB3,
+        0x92, 0xCA, 0xB4, 0xBB, 0x14, 0xCE, 0x86, 0xA5,
+        0x98, 0xAB, 0xC7, 0x88, 0xD0, 0xFF, 0x4D, 0x82,
+        0x77, 0x5E, 0x4E, 0xA0, 0xFC, 0x36, 0x36, 0x3C,
+        0xD0, 0xE9, 0x7B, 0x78, 0xA6, 0xAE, 0x4D, 0xA8,
+        0xE9, 0x8C, 0xA6, 0x12, 0x77, 0x2D, 0x56, 0xB5,
+        0x82, 0xF8, 0x2C, 0x07, 0x09, 0xBE, 0xAE, 0x46,
+        0x67, 0x3B, 0xDD, 0x80, 0x42, 0x86, 0x5C, 0xFA,
+        0x95, 0xBF, 0x53, 0x38, 0xCF, 0xEA, 0x60, 0x6A,
+        0x6E, 0xF3, 0x16, 0x38, 0x46, 0xAE, 0x83, 0xB2,
+        0x5E, 0x5F, 0x5B, 0xD3, 0x1C, 0x83, 0xF1, 0x36,
+        0x72, 0x9A, 0x8E, 0xA6, 0x27, 0x4F, 0x99, 0x4F,
+        0xA9, 0x04, 0x5F, 0xA8, 0xA9, 0x0F, 0xF8, 0x54,
+        0xB8, 0x71, 0xCF, 0x82, 0xE2, 0xB7, 0x01, 0xE8,
+        0xF4, 0xAC, 0x04, 0xFE, 0x9E, 0x28, 0x49, 0x1B,
+        0x9A, 0x25, 0xFF, 0x26, 0x3E, 0x2C, 0xF7, 0x54,
+        0x99, 0xE0, 0x09, 0xFD, 0x02, 0x29, 0xFB, 0xF7,
+        0xE5, 0xE4, 0x60, 0x44, 0x34, 0x4B, 0x07, 0xD7,
+        0x22, 0x14, 0xA9, 0xAC, 0xB4, 0xFF, 0x61, 0x02,
+        0xAB, 0xC1, 0x26, 0x2B, 0xC2, 0xE1, 0xCD, 0x24,
+        0x91, 0x60, 0x7A, 0xE7, 0xAA, 0xEC, 0xF4, 0xC3,
+        0x51, 0x75, 0xCF, 0xA4, 0x38, 0x3A, 0xA8, 0x6A,
+        0xF1, 0xE6, 0x2E, 0xD0, 0x63, 0x87, 0xCC, 0x59,
+        0x48, 0x36, 0x46, 0x7F, 0x41, 0xDF, 0xCA, 0x8F,
+        0xA0, 0xCA, 0x71, 0x28, 0x0B, 0xFB, 0x1C, 0x25,
+        0x60, 0xC8, 0x99, 0x55, 0x36, 0xF8, 0x42, 0x74,
+        0x70, 0x45, 0x59, 0x14, 0x53, 0x74, 0x5F, 0x26,
+        0x03, 0x82, 0xE3, 0xDA, 0x50, 0x79, 0x3F, 0xD7,
+        0xCA, 0x76, 0x27, 0x18, 0x5D, 0xBD, 0xCE, 0xDD,
+        0xF6, 0x9B, 0x2D, 0x3E, 0x15, 0x1C, 0x7F, 0x97,
+        0x28, 0x8A, 0x38, 0x2A, 0x92, 0xB0, 0x50, 0xF7,
+        0x91, 0xF9, 0x58, 0x7D, 0x77, 0xC6, 0x4D, 0x8B,
+        0x5D, 0x40, 0xAA, 0x19, 0x9D, 0x49, 0x66, 0xBE,
+        0x2D, 0x52, 0x4F, 0x96, 0x10, 0xF2, 0xFA, 0x02,
+        0xED, 0x23, 0x17, 0x63, 0x69, 0xDB, 0x93, 0x93,
+        0x50, 0xDA, 0x60, 0x1E, 0xA6, 0x67, 0x70, 0x95,
+        0x2E, 0x0F, 0x23, 0xED, 0xA6, 0x8A, 0x73, 0x75,
+        0x6E, 0xFF, 0x61, 0x0E, 0x8D, 0x6A, 0x9F, 0x49,
+        0x34, 0x56, 0x58, 0x54, 0x42, 0x82, 0x45, 0x3B,
+        0x5E, 0x73, 0xA3, 0x22, 0xA0, 0x32, 0x67, 0xC9,
+        0x69, 0xB5, 0x07, 0x34, 0xF2, 0xEC, 0xD4, 0xEC,
+        0x90, 0x55, 0x76, 0x0D, 0x92, 0x86, 0x10, 0xE9,
+        0x4E, 0x0B, 0x16, 0x28, 0xD6, 0xAF, 0x1B, 0x27,
+        0xAB, 0x13, 0x82, 0x9F, 0x7F, 0x8E, 0xF5, 0x0D,
+        0x9E, 0x29, 0x96, 0xFC, 0x64, 0xB0, 0x6A, 0xC8,
+        0x94, 0x61, 0x14, 0x76, 0x6D, 0xAD, 0x8D, 0xFF,
+        0xE6, 0x34, 0xF4, 0x7E, 0x9D, 0x85, 0x69, 0x96,
+        0x6C, 0x6F, 0x69, 0x68, 0x21, 0x8C, 0x5B, 0x86,
+        0x33, 0x61, 0x1B, 0xF4, 0x2B, 0x4F, 0xC0, 0xE7,
+        0x8D, 0x0C, 0x02, 0x9E, 0xAB, 0x85, 0xF2, 0x2F,
+        0x16, 0x17, 0x19, 0x80, 0xCC, 0x65, 0xF2, 0x84,
+        0x45, 0xA1, 0x1A, 0x08, 0x3A, 0xA0, 0x29, 0x77,
+        0xC2, 0xE8, 0x88, 0x6E, 0xD2, 0x70, 0x67, 0x2E,
+        0x51, 0x2A, 0xE8, 0x9C, 0x6A, 0x26, 0xFC, 0xAD,
+        0x1E, 0xC7, 0x2B, 0x9E, 0xCF, 0xA5, 0xA5, 0xEF,
+        0xC7, 0x0F, 0xF0, 0xBA, 0xB2, 0x8F, 0x11, 0x4F,
+        0x4D, 0xA8, 0x17, 0x0F, 0xE8, 0xB6, 0x3C, 0x2E,
+        0x11, 0xBE, 0x7A, 0x35, 0x46, 0x6E, 0x97, 0x9A,
+        0x12, 0x7E, 0xC0, 0xD2, 0x03, 0x23, 0xD5, 0x02,
+        0x73, 0x0A, 0xBC, 0xE6, 0x40, 0xA2, 0x44, 0x1C,
+        0xDD, 0xAB, 0xA3, 0x26, 0xD6, 0x78, 0x3D, 0x01,
+        0x92, 0xDB, 0xA9, 0xE9, 0x3F, 0xE5, 0x07, 0xC6,
+        0xA7, 0x37, 0x67, 0xBE, 0x56, 0xE2, 0x77, 0x65,
+        0x76, 0xEF, 0xEF, 0xF1, 0xCA, 0x17, 0x9D, 0x83,
+        0x34, 0x3E, 0x38, 0xC6, 0xA9, 0xC2, 0xFE, 0x72,
+        0x5D, 0xDE, 0x80, 0x7D, 0x21, 0x72, 0x5E, 0x73,
+        0x08, 0x72, 0xE2, 0xAB, 0x3D, 0x90, 0x11, 0x61,
+        0xF4, 0x55, 0xBC, 0xAD, 0x23, 0xA8, 0x43, 0x3A,
+        0x41, 0x31, 0x51, 0xFD, 0x22, 0x17, 0x14, 0x31,
+        0x0E, 0x4D, 0x0B, 0x6A, 0x1E, 0x1B, 0x2C, 0xAC,
+        0xA4, 0x99, 0xEE, 0xE8, 0x05, 0xA1, 0x64, 0xF2,
+        0x91, 0xD5, 0x07, 0x5E, 0x6B, 0x65, 0xA7, 0x9C,
+        0x2B, 0xCA, 0xD9, 0x17, 0xB1, 0x22, 0xFE, 0x1A,
+        0xC4, 0xFB, 0xB4, 0x10, 0x21, 0x1B, 0xA0, 0xA1,
+        0x99, 0x7A, 0x31, 0x30, 0x7C, 0x01, 0xF0, 0xFE,
+        0xD3, 0xB3, 0x14, 0x3D, 0x28, 0x34, 0x0F, 0xAC,
+        0xF0, 0x93, 0x37, 0xC4, 0xEF, 0x04, 0x74, 0x80,
+        0xA2, 0x90, 0xAE, 0x02, 0xB2, 0xF7, 0xD8, 0x7B,
+        0x8C, 0x29, 0xA0, 0xAE, 0xAE, 0x2E, 0x92, 0xC9,
+        0xC5, 0x44, 0x7D, 0x66, 0xC5, 0x5C, 0x1D, 0x1E,
+        0x25, 0x88, 0x5D, 0x10, 0x37, 0xFB, 0x5F, 0xCC,
+        0x80, 0x15, 0x4F, 0x1D, 0x23, 0xB4, 0xF2, 0x7B,
+        0x5B, 0xAC, 0x89, 0xBE, 0x1C, 0x36, 0x3C, 0xFF,
+        0x8E, 0xA7, 0x58, 0x73, 0xAC, 0x3F, 0x63, 0x33,
+        0xE8, 0x6C, 0x53, 0xEC, 0xA5, 0x5D, 0xBE, 0xD5,
+        0xE1, 0xF1, 0x12, 0x6B, 0x12, 0x78, 0xC7, 0x29,
+        0xC9, 0xA8, 0x4C, 0x4A, 0x1B, 0x7F, 0x15, 0x11,
+        0x93, 0x01, 0xC8, 0x0B, 0xE2, 0x2F, 0xE9, 0xBE,
+        0xBA, 0x17, 0x59, 0x45, 0xB2, 0x61, 0x2B, 0x66,
+        0xDD, 0xCE, 0xDF, 0x9A, 0x2A, 0x4D, 0x5F, 0x24,
+        0xF9, 0x02, 0xBB, 0xA6, 0x8D, 0xA7, 0x5D, 0x95,
+        0x97, 0x2E, 0x28, 0xD6, 0xCB, 0x70, 0x17, 0xCA,
+        0x51, 0xED, 0x58, 0x73, 0xAB, 0x03, 0xDD, 0x2E,
+        0x92, 0x6C, 0x15, 0x64, 0x2C, 0x9D, 0x6E, 0x64,
+        0x27, 0xFC, 0xE8, 0x0F, 0xC3, 0x8B, 0x34, 0xFE,
+        0xB3, 0xC1, 0x55, 0x13, 0xA6, 0x87, 0xC3, 0x5B,
+        0x94, 0xEB, 0x83, 0xE4, 0xAB, 0x3E, 0x18, 0x76,
+        0x67, 0x92, 0x70, 0xF5, 0xA9, 0x8F, 0x18, 0xA6,
+        0x5F, 0x57, 0x41, 0x76, 0x55, 0xFD, 0xA9, 0x99,
+        0x4E, 0x8F, 0xCC, 0x61, 0x6C, 0x6C, 0x60, 0x06,
+        0x10, 0x40, 0x26, 0xD6, 0xCD, 0x7A, 0xA0, 0x56,
+        0x3D, 0x51, 0x07, 0x25, 0x76, 0x00, 0x05, 0xF5,
+        0xFD, 0x39, 0xE7, 0x59, 0x24, 0x90, 0x29, 0xF0,
+        0x3D, 0x9F, 0x00, 0x67, 0x10, 0x3F, 0xA0, 0x45,
+        0x21, 0x14, 0xDF, 0x24, 0x40, 0xE8, 0xC6, 0xDB,
+        0x65, 0xE2, 0x39, 0x56, 0xEB, 0x1B, 0xEE, 0xB2,
+        0xC3, 0x4E, 0x5B, 0x20, 0xAC, 0x31, 0x6A, 0x03,
+        0xA9, 0x54, 0x36, 0x66, 0x62, 0x68, 0xC3, 0xD8,
+        0x22, 0x8F, 0x62, 0xEB, 0x56, 0x67, 0xB3, 0xB6,
+        0xBB, 0x85, 0x7D, 0xD0, 0x73, 0x7B, 0x69, 0x05,
+        0x1E, 0x9F, 0x26, 0xEE, 0x02, 0x36, 0x71, 0xCE,
+        0xAD, 0xFA, 0xCA, 0xF9, 0x49, 0x7F, 0x1A, 0xDE,
+        0x58, 0x7A, 0x69, 0x3E, 0xEF, 0xFB, 0xFC, 0xD5,
+        0x50, 0xEC, 0x20, 0x8C, 0x23, 0x56, 0x91, 0xE8,
+        0xE3, 0x66, 0xD9, 0x65, 0xB6, 0x2B, 0xEC, 0x16,
+        0xA6, 0x61, 0xCD, 0x5D, 0xE2, 0x87, 0x93, 0x22,
+        0x0D, 0x66, 0xF2, 0x64, 0x55, 0x05, 0xB8, 0x52,
+        0x41, 0x2F, 0xAE, 0x7B, 0x9D, 0x98, 0x29, 0xBF,
+        0x61, 0x5F, 0x7C, 0xBD, 0x59, 0xA7, 0xBC, 0x1D,
+        0x03, 0x4E, 0x6A, 0x25, 0x52, 0x9C, 0xFB, 0x48,
+        0x6A, 0xF2, 0x01, 0xDE, 0xB7, 0xEA, 0x95, 0xBA,
+        0x70, 0x8A, 0x31, 0x59, 0x17, 0x16, 0x74, 0x34,
+        0x53, 0x09, 0xDB, 0x81, 0x50, 0xE6, 0x7E, 0xBB,
+        0x30, 0xA7, 0xFF, 0x80, 0xCA, 0xC9, 0xAB, 0x13,
+        0x92, 0x50, 0x0A, 0x83, 0xE6, 0x3B, 0xBF, 0x7C,
+        0x42, 0xEB, 0x94, 0x53, 0xC2, 0xC9, 0xAC, 0xDA,
+        0x02, 0xBE, 0x53, 0x82, 0x34, 0xAA, 0xA7, 0xDB,
+        0x5A, 0x7F, 0x58, 0x8F, 0xC9, 0x1B, 0x90, 0xEE,
+        0x24, 0x77, 0xF2, 0xB6, 0x1C, 0xD1, 0x06, 0x2A,
+        0x7E, 0xF1, 0xE6, 0xE4, 0xDC, 0x54, 0xB3, 0x6D,
+        0x0E, 0x19, 0x93, 0x3E, 0x98, 0x1C, 0xB7, 0x63,
+        0xA9, 0xE1, 0x07, 0xE0, 0x1D, 0xA9, 0x42, 0x0F,
+        0x82, 0xCA, 0x79, 0x35, 0x92, 0xA4, 0x7C, 0x4B,
+        0x97, 0x7F, 0xF2, 0xC8, 0x84, 0x98, 0xDA, 0x95,
+        0xC4, 0x3D, 0x23, 0x2F, 0x42, 0xAF, 0x99, 0x48,
+        0x0B, 0xF0, 0xA4, 0xF8, 0xB7, 0xC4, 0x94, 0x9D,
+        0x1A, 0xE1, 0xD4, 0xFA, 0x8E, 0x1D, 0x1A, 0x8C,
+        0xD0, 0xF9, 0xED, 0x00, 0xDA, 0x59, 0x5E, 0xFD,
+        0x2B, 0x76, 0x6F, 0x0B, 0x79, 0xD4, 0x49, 0x0D,
+        0xB9, 0x28, 0xEC, 0x44, 0xB5, 0x03, 0x0A, 0x74,
+        0xCA, 0x42, 0x81, 0x1A, 0x5B, 0x5A, 0xE5, 0x22,
+        0xC7, 0x76, 0x4D, 0xDF, 0xD9, 0xFD, 0x92, 0xF0,
+        0x06, 0xE9, 0x4B, 0x35, 0xA7, 0xEF, 0x01, 0x42,
+        0xDA, 0x71, 0x78, 0xC2, 0xF5, 0x30, 0x74, 0xD0,
+        0x74, 0x51, 0xB1, 0x55, 0x65, 0xA9, 0xE0, 0xC5,
+        0x7E, 0xA1, 0xB9, 0x4C, 0x88, 0xEA, 0xE7, 0x41,
+        0xB1, 0xF5, 0x01, 0xC4, 0xD3, 0x70, 0x72, 0x7D,
+        0xAD, 0x27, 0x65, 0xF7, 0x95, 0xAD, 0x41, 0x46,
+        0x35, 0x80, 0x0E, 0xC1, 0x94, 0x9D, 0x03, 0x71,
+        0x39, 0xDE, 0x26, 0xAF, 0xCF, 0x93, 0x3D, 0x9A,
+        0x09, 0xC1, 0x27, 0xFC, 0x6B, 0x36, 0xE5, 0x18,
+        0xC6, 0xDE, 0x94, 0x92, 0xBA, 0x70, 0x82, 0x7B,
+        0x68, 0x1C, 0x2D, 0x18, 0xA4, 0x01, 0x23, 0xB6,
+        0xC5, 0xF6, 0x17, 0x37, 0xCB, 0x9D, 0xC6, 0xAA,
+        0x9C, 0xE1, 0x7D, 0x16, 0x8E, 0xBB, 0xDD, 0xD6,
+        0x3C, 0x07, 0x60, 0x19, 0x3C, 0x97, 0x49, 0x33,
+        0xDB, 0x47, 0x4A, 0xA8, 0x9A, 0xF3, 0x0E, 0x16,
+        0x29, 0x38, 0xF6, 0xDB, 0x78, 0x65, 0xDE, 0x23,
+        0x1F, 0x86, 0x16, 0x9C, 0x9E, 0x2A, 0x30, 0x2F,
+        0xC4, 0x1F, 0x1B, 0xE5, 0xF3, 0x6C, 0x55, 0x83,
+        0xFC, 0xD9, 0x1E, 0x21, 0xCB, 0x8A, 0x67, 0x57,
+        0xD3, 0x0A, 0x4B, 0xAC, 0xDB, 0x67, 0xE7, 0xA6,
+        0x1B, 0x0C, 0x8E, 0x21, 0x7E, 0x0C, 0xCB, 0xF5,
+        0x0E, 0xA6, 0x42, 0xCD, 0xE3, 0xFC, 0x74, 0xC7,
+        0xF9, 0xFF, 0xBD, 0xA9, 0xA1, 0xE6, 0x84, 0xBB,
+        0xC9, 0xA8, 0xF7, 0xCD, 0x3F, 0x1B, 0xD0, 0xDB,
+        0x63, 0xDD, 0xDF, 0x4E, 0xA4, 0x79, 0xC2, 0x35,
+        0x65, 0x2C, 0x5D, 0xCB, 0xCA, 0x7B, 0xDD, 0x4E,
+        0x2F, 0x33, 0xE8, 0x71, 0x72, 0xC1, 0x8B, 0x5F,
+        0xF3, 0x90, 0x99, 0x40, 0x8D, 0x27, 0x2F, 0xD0,
+        0xFB, 0x0D, 0x6A, 0x23, 0xB1, 0x43, 0x00, 0xDF,
+        0xC6, 0x4C, 0x02, 0x74, 0x3E, 0x52, 0x36, 0x08,
+        0xE9, 0x73, 0x61, 0x3D, 0xCA, 0xAC, 0x9D, 0x1D,
+        0x14, 0xB3, 0xA6, 0x24, 0x0E, 0xC2, 0xF2, 0x29,
+        0x39, 0x91, 0xF6, 0x90, 0x6A, 0xE3, 0x6C, 0x04,
+        0x69, 0xF3, 0x09, 0x11, 0x34, 0x8E, 0xC1, 0x2D,
+        0xDB, 0xA6, 0xC3, 0xCA, 0x19, 0xBC, 0x69, 0x5F,
+        0xCD, 0x16, 0xE5, 0xAE, 0xF2, 0xAD, 0x7C, 0x73,
+        0x25, 0x15, 0x70, 0xB5, 0xD0, 0x49, 0xA6, 0xC3,
+        0xA5, 0x2F, 0xA3, 0xFC, 0x9E, 0xD5, 0x4E, 0x54,
+        0x97, 0x3A, 0xE7, 0x89, 0xB0, 0xBF, 0xD6, 0xF8,
+        0xCC, 0x26, 0x44, 0xA9, 0xF8, 0x5A, 0xCE, 0x06,
+        0x78, 0xD8, 0x9E, 0xFC, 0x12, 0xB6, 0x11, 0xC3,
+        0xDF, 0xAE, 0x3F, 0x94, 0x50, 0x34, 0xB8, 0x99,
+        0xBE, 0x99, 0xA7, 0x32, 0x88, 0x9F, 0x17, 0xD2,
+        0x08, 0xDC, 0xD7, 0xEE, 0x95, 0x9D, 0x1A, 0xC7,
+        0x61, 0xDB, 0xA4, 0x86, 0x4C, 0x14, 0xB0, 0xA3,
+        0x5E, 0x4C, 0x7B, 0xBD, 0xA0, 0x96, 0xFB, 0x8A,
+        0xB3, 0x22, 0x69, 0x26, 0xC8, 0x9E, 0x7C, 0xDA,
+        0x92, 0x9E, 0xF1, 0x30, 0xC6, 0x92, 0xC9, 0x26,
+        0x59, 0xE6, 0xF4, 0x65, 0x2B, 0xF2, 0x15, 0x63,
+        0x61, 0xC7, 0x7D, 0xBE, 0xEF, 0x5A, 0x06, 0x23,
+        0xA0, 0x67, 0x04, 0x99, 0x0E, 0x19, 0x8A, 0x13,
+        0x67, 0x30, 0x54, 0x32, 0x4B, 0xBB, 0xAA, 0x64,
+        0x36, 0x92, 0xF2, 0x43, 0xD6, 0x7C, 0x1B, 0x4F,
+        0x95, 0xB9, 0x28, 0xAC, 0xF1, 0x68, 0x6F, 0x60,
+        0xC1, 0x44, 0x87, 0xD6, 0xDD, 0x7F, 0x88, 0x01,
+        0xEF, 0x20, 0x93, 0x9E, 0x03, 0xA1, 0xCA, 0x7D,
+        0x74, 0x32, 0xDC, 0xF5, 0x95, 0xF1, 0xE9, 0xED,
+        0xF2, 0xB2, 0x93, 0x57, 0xA1, 0xD4, 0xC7, 0xDA,
+        0x33, 0x51, 0x2C, 0x45, 0x1A, 0x7C, 0x66, 0x04,
+        0x38, 0x2D, 0x90, 0xC3, 0x30, 0x79, 0xD9, 0x57,
+        0x38, 0xE4, 0x71, 0x89, 0xD8, 0x54, 0x9E, 0x43,
+        0xD2, 0x94, 0xE7, 0x3D, 0x1C, 0xA7, 0x48, 0x7B,
+        0x50, 0xD0, 0xED, 0x7C, 0xC6, 0xF9, 0x6B, 0xEE,
+        0xA7, 0x6C, 0xCE, 0xB9, 0x6D, 0x37, 0x92, 0x00,
+        0x4E, 0xB3, 0xE5, 0x49, 0x16, 0x35, 0xA6, 0x7F,
+        0x6F, 0xFA, 0x1F, 0x1D, 0xF6, 0xA1, 0xF2, 0xFD,
+        0xEE, 0x77, 0x84, 0x17, 0x80, 0xAE, 0x08, 0x09,
+        0xD2, 0x92, 0xED, 0x7B, 0x00, 0xF4, 0x2D, 0x80,
+        0x91, 0x19, 0x09, 0xB5, 0x1C, 0x9A, 0x3A, 0xE5,
+        0x4B, 0x7A, 0x6D, 0x7D, 0x29, 0xD2, 0x00, 0x05,
+        0x22, 0xD4, 0xF8, 0x76, 0xE2, 0x5C, 0x0D, 0x6A,
+        0x15, 0x77, 0x22, 0x18, 0x85, 0xFD, 0x30, 0x74,
+        0xF3, 0x3B, 0xDC, 0xD9, 0x6C, 0xDE, 0x80, 0x40,
+        0x4A, 0x37, 0xE1, 0x60, 0x9F, 0x26, 0xCF, 0xBE,
+        0x24, 0xA1, 0xFB, 0xF9, 0x76, 0x2A, 0x1A, 0x23,
+        0x32, 0xE7, 0xA2, 0xD8, 0x2D, 0xF9, 0xD2, 0x0F,
+        0x08, 0x3A, 0xDB, 0x35, 0x35, 0x33, 0x59, 0x0B,
+        0xB1, 0xF9, 0x54, 0x33, 0x49, 0x36, 0x9E, 0x21,
+        0xEC, 0xF5, 0x94, 0xE2, 0x78, 0x07, 0xA5, 0x63,
+        0x50, 0xD6, 0x23, 0x84, 0xDE, 0xAD, 0xA7, 0x89,
+        0xBE, 0x92, 0xF0, 0x12, 0xC1, 0xF8, 0xA7, 0x2D,
+        0x8B, 0xE0, 0x79, 0xF8, 0xD7, 0xBD, 0x04, 0x0B,
+        0xC5, 0xF2, 0x23, 0x36, 0x11, 0x6D, 0x6F, 0x37,
+        0xDB, 0xFB, 0xD2, 0xC7, 0x44, 0xC3, 0xAE, 0x78,
+        0xEC, 0xB4, 0xE0, 0x5A, 0x55, 0xB3, 0xFC, 0xC3,
+        0x1B, 0x8C, 0xA6, 0xDB, 0xE8, 0x95, 0x72, 0x44,
+        0x90, 0x8F, 0x4E, 0xD1, 0xD3, 0x46, 0x6C, 0x9E,
+        0x00, 0xC6, 0xCC, 0xAE, 0xFC, 0x95, 0x4D, 0x85,
+        0x7C, 0x65, 0x5F, 0x74, 0x71, 0xE3, 0x80, 0x88,
+        0xCF, 0x1E, 0xB8, 0xBE, 0xED, 0x8D, 0xC4, 0xFB,
+        0x3E, 0x36, 0xF3, 0xB8, 0x42, 0x1F, 0x37, 0x31,
+        0x8D, 0xA2, 0x35, 0x36, 0x9E, 0x92, 0x3D, 0xD8,
+        0xEA, 0xA7, 0xA2, 0x29, 0x0E, 0x14, 0xBF, 0x59,
+        0x1E, 0x1D, 0x98, 0x27, 0x30, 0x3B, 0xF3, 0x57,
+        0x69, 0x75, 0xCC, 0x3A, 0xB3, 0x49, 0x99, 0x70,
+        0x19, 0x50, 0xAB, 0xF6, 0x7F, 0xF6, 0x55, 0x1A,
+        0xCA, 0x2D, 0xA0, 0x73, 0x50, 0xE0, 0x9C, 0xEE,
+        0x07, 0xEC, 0x37, 0x26, 0x6B, 0xAA, 0xA5, 0x34,
+        0xFD, 0x7B, 0x1A, 0x92, 0x4E, 0xE7, 0x36, 0x1A,
+        0xEB, 0x35, 0xCC, 0x5A, 0x5C, 0x06, 0x7F, 0x77,
+        0xCE, 0x52, 0x33, 0x57, 0x73, 0x9D, 0xEC, 0x2D,
+        0x28, 0x0C, 0xC9, 0xBF, 0x06, 0x9E, 0xA7, 0x7C,
+        0x36, 0xF9, 0x0B, 0xC6, 0x7F, 0x0F, 0x66, 0x24,
+        0x65, 0x2D, 0x30, 0x2B, 0xD7, 0x7F, 0x07, 0xD3,
+        0x57, 0xC8, 0x4B, 0xC3, 0x0C, 0xA3, 0x5B, 0xAA,
+        0xAF, 0xEA, 0xF3, 0xA3, 0x9E, 0x9E, 0xD4, 0x63,
+        0xCD, 0x82, 0x8B, 0xBC, 0x5D, 0xEF, 0xE6, 0x2A,
+        0x4D, 0x5B, 0x95, 0x13, 0x17, 0x98, 0xD3, 0x67,
+        0x66, 0x04, 0x9E, 0x71, 0x71, 0xE6, 0xBD, 0x44,
+        0x15, 0x6B, 0x29, 0x76, 0xE4, 0x62, 0x01, 0x99,
+        0xEB, 0xF4, 0x2E, 0x14, 0x29, 0x0D, 0xBF, 0x8A,
+        0x02, 0x30, 0x4A, 0xE7, 0x0D, 0x25, 0x42, 0x9E,
+        0xD7, 0x0C, 0xAD, 0x30, 0xC6, 0xA3, 0x49, 0xF9,
+        0x90, 0x0C, 0x46, 0x5B, 0x77, 0x67, 0x5F, 0x0B,
+        0xE9, 0xA9, 0xFE, 0xFA, 0xC8, 0x5F, 0x19, 0xF7,
+        0x35, 0x09, 0xF7, 0xB5, 0x6D, 0x51, 0x32, 0x17,
+        0xBE, 0xE6, 0xC3, 0xBE, 0x4A, 0x9A, 0x33, 0xDA,
+        0xC6, 0x90, 0xB7, 0xA7, 0x6F, 0x97, 0x9E, 0xD5,
+        0x80, 0xE5, 0x02, 0x9E, 0x58, 0xD6, 0x45, 0x34,
+        0x4D, 0x61, 0x71, 0x19, 0x07, 0x69, 0x1F, 0xAF,
+        0xFF, 0x9F, 0xDE, 0x97, 0x13, 0xA1, 0xDF, 0x47,
+        0x0E, 0x8B, 0xD6, 0xD0, 0x75, 0x40, 0x08, 0x59,
+        0x7D, 0xFB, 0x74, 0x74, 0xF2, 0x48, 0xF4, 0x23,
+        0x1B, 0x5E, 0x18, 0x4E, 0x2D, 0x2D, 0xC5, 0x40,
+        0xD0, 0x90, 0x4F, 0x95, 0x69, 0xC4, 0xDA, 0xFB,
+        0x39, 0x4B, 0x12, 0x7D, 0x22, 0x1E, 0x9A, 0x68,
+        0x5B, 0x68, 0x2E, 0x47, 0x23, 0xB9, 0x6A, 0xBF,
+        0xF7, 0xE2, 0x56, 0x79, 0xDD, 0x7A, 0x72, 0xF9,
+        0x5F, 0x20, 0x6B, 0x29, 0x56, 0xEE, 0x04, 0x11,
+        0x4C, 0x16, 0x34, 0x04, 0x14, 0x54, 0xB5, 0x21,
+        0xAA, 0x6A, 0x46, 0x40, 0xE4, 0xF1, 0x78, 0x7C,
+        0x50, 0xF3, 0x4D, 0xBC, 0x57, 0x34, 0x7C, 0x6A,
+        0xBD, 0x9B, 0xEF, 0x03, 0x80, 0x7D, 0xAB, 0x20,
+        0x0F, 0x77, 0x87, 0x6F, 0x93, 0xFB, 0x24, 0x20,
+        0x82, 0xC7, 0x7E, 0xFB, 0x43, 0x2D, 0xC6, 0xD4,
+        0xE9, 0x27, 0x8C, 0x66, 0xA8, 0x5A, 0x58, 0xC8,
+        0xD8, 0x9A, 0xA8, 0x50, 0x5F, 0x3A, 0x3D, 0x0B,
+        0xC3, 0x4F, 0xCE, 0x94, 0xE0, 0x0D, 0x16, 0xCB,
+        0x20, 0xE0, 0xF5, 0x1A, 0x13, 0x6E, 0x28, 0xA6,
+        0x42, 0xB2, 0xB1, 0x30, 0x1D, 0x56, 0x28, 0xCD,
+        0xF3, 0x4E, 0xA7, 0x3E, 0x74, 0x04, 0x7D, 0xA5,
+        0x86, 0xD9, 0x1A, 0xDF, 0x07, 0xBC, 0x2C, 0x59,
+        0xB1, 0x91, 0x6D, 0x9B, 0xA2, 0xD0, 0x72, 0xE7,
+        0xA5, 0x56, 0x4A, 0x27, 0x56, 0x1F, 0x65, 0xCD,
+        0x90, 0x7B, 0xB7, 0x5A, 0x51, 0x25, 0x75, 0x1B,
+        0xD9, 0xD4, 0xC7, 0x19, 0x8A, 0xB0, 0x3D, 0x38,
+        0x22, 0x61, 0xCF, 0xD9, 0x66, 0xED, 0xF5, 0xB8,
+        0xF5, 0x86, 0xFF, 0x98, 0x1A, 0xB7, 0xFB, 0x67,
+        0xED, 0x25, 0x52, 0xD9, 0x2F, 0x84, 0xDC, 0x96,
+        0x89, 0x2C, 0x52, 0xCF, 0x5F, 0xA0, 0xEA, 0xD0,
+        0xB3, 0x38, 0x98, 0xFC, 0xD7, 0x50, 0x84, 0xCF,
+        0xA5, 0xE9, 0x53, 0x8B, 0x44, 0x38, 0xB5, 0x7D,
+        0xD8, 0xAD, 0x0A, 0xE5, 0x35, 0x78, 0x29, 0xBF,
+        0x9F, 0x6B, 0x2C, 0xBB, 0x97, 0x9D, 0xD3, 0x64,
+        0x23, 0x2B, 0xA8, 0xA4, 0x71, 0xE3, 0xF1, 0x2F,
+        0x61, 0xC9, 0x68, 0xD2, 0x06, 0xD0, 0x4E, 0x87,
+        0x03, 0x99, 0xCC, 0xB1, 0x83, 0xB6, 0x94, 0x61,
+        0x3C, 0xE9, 0xE0, 0x7D, 0x13, 0xAF, 0xCF, 0xE4,
+        0xA6, 0x42, 0x7F, 0x62, 0x8F, 0xFC, 0x10, 0xF1,
+        0x08, 0x4D, 0x1D, 0xFC, 0x0F, 0x37, 0x11, 0xBE,
+        0xD7, 0xF1, 0x80, 0x46, 0xAF, 0xFA, 0x13, 0x65,
+        0x99, 0xAE, 0xF9, 0xD0, 0x13, 0xA7, 0xC7, 0x3A,
+        0xD2, 0xC1, 0x9B, 0x5A, 0xB8, 0xC3, 0x08, 0x13,
+        0x49, 0x40, 0x33, 0x0D, 0x1F, 0x93, 0x5D, 0x10,
+        0x49, 0x3E, 0x4F, 0x90, 0x34, 0xC5, 0xEA, 0xF7,
+        0x24, 0xFF, 0xF3, 0xC5, 0x95, 0xF7, 0x1F, 0x13,
+        0x9A, 0xE0, 0x0C, 0xCD, 0x61, 0x93, 0x39, 0xE6,
+        0xAF, 0xD5, 0x3E, 0xA9, 0xD8, 0xC4, 0x8F, 0x64,
+        0x05, 0x09, 0x45, 0x2A, 0xEB, 0x12, 0xC5, 0x51,
+        0x58, 0x1C, 0x55, 0x20, 0xE9, 0x29, 0x74, 0xC7,
+        0x10, 0x01, 0xF3, 0xA4, 0x56, 0xB4, 0x14, 0xFE,
+        0x9C, 0x10, 0x2F, 0xF8, 0xBF, 0xB5, 0x9C, 0x6E,
+        0xBB, 0xE6, 0x52, 0xE7, 0xAC, 0xA7, 0xCE, 0x41,
+        0x6E, 0x00, 0x66, 0x0A, 0x2F, 0x46, 0x71, 0xB8,
+        0x8F, 0x45, 0x89, 0x26, 0x68, 0xCD, 0x49, 0xDF,
+        0xCB, 0xCD, 0xD6, 0x66, 0xC6, 0xA7, 0x8E, 0xB3,
+        0xE4, 0x72, 0xEF, 0xBA, 0xA6, 0x6D, 0x7A, 0xB7,
+        0xE9, 0xD9, 0xB2, 0x60, 0xB5, 0x82, 0x77, 0x20,
+        0x2A, 0xFA, 0xE3, 0xCB, 0xF5, 0x30, 0x50, 0x30,
+        0xC6, 0x19, 0x67, 0xA8, 0xB8, 0xFA, 0xFE, 0xB6,
+        0xDA, 0xB6, 0xB6, 0xBF, 0x07, 0x90, 0x40, 0xD8,
+        0x5B, 0x15, 0x48, 0x39, 0xCD, 0x99, 0x0F, 0x3A,
+        0x28, 0xD2, 0x2E, 0xBA, 0xAC, 0x6D, 0xA3, 0xF8,
+        0x53, 0x88, 0xF0, 0x86, 0x87, 0x70, 0xF5, 0x07,
+        0xD2, 0x99, 0xC4, 0xCA, 0xDD, 0xD8, 0x8C, 0xEB,
+        0x00, 0x96, 0xB4, 0x62, 0xA3, 0x7B, 0x79, 0x31,
+        0xB2, 0x85, 0xB0, 0x61, 0x39, 0xF2, 0xBC, 0x1D,
+        0x31, 0xC3, 0x0C, 0x7F, 0x70, 0x9A, 0x63, 0x74,
+        0xC6, 0xCB, 0xD3, 0x93, 0x0D, 0x43, 0x7F, 0x80,
+        0x85, 0x87, 0x72, 0x98, 0xE1, 0x6E, 0x9A, 0x59,
+        0x2E, 0x6C, 0xA8, 0x9E, 0xC2, 0xC0, 0x72, 0xFE,
+        0x26, 0xE8, 0xAF, 0x89, 0x61, 0xCA, 0x0D, 0x15,
+        0xCC, 0xB0, 0xBA, 0x10, 0xB8, 0x9D, 0x77, 0x2C,
+        0x6C, 0x28, 0xCC, 0x70, 0x5B, 0x1F, 0x5D, 0x68,
+        0xD4, 0xC8, 0x1F, 0x0F, 0x67, 0xF5, 0x3E, 0x5C,
+        0x70, 0x50, 0x4B, 0x32, 0x12, 0xE6, 0x1A, 0xCE,
+        0xB8, 0x32, 0x5F, 0x1D, 0xC5, 0xFB, 0x07, 0x77,
+        0xAD, 0x85, 0x45, 0x95, 0x04, 0x0D, 0x94, 0x7A,
+        0x1F, 0xDD, 0x05, 0x74, 0x14, 0xA5, 0x9A, 0x66,
+        0xF4, 0x93, 0xBE, 0xF2, 0xA9, 0x5B, 0xCD, 0xAB,
+        0xC7, 0x82, 0xF7, 0xE7, 0x4A, 0x1C, 0x90, 0x6B,
+        0x9A, 0xBD, 0x93, 0xDD, 0x41, 0x56, 0xDA, 0xA5,
+        0x0F, 0x5D, 0x57, 0x2C, 0xBA, 0x07, 0x07, 0x4B,
+        0x91, 0x33, 0xE6, 0x1B, 0x0E, 0x25, 0x9E, 0x36,
+        0xBF, 0xCA, 0x21, 0xCE, 0xC6, 0x82, 0x33, 0x4D,
+        0x42, 0x4F, 0x2E, 0x71, 0xC2, 0xE7, 0x6F, 0x16,
+        0xF6, 0xB7, 0x30, 0x1C, 0xA1, 0xA8, 0xE3, 0xE7,
+        0xB1, 0x71, 0xDD, 0x9F, 0x90, 0x1F, 0x01, 0x1D,
+        0x0A, 0xBD, 0x2C, 0x4A, 0x22, 0x84, 0x5C, 0xBF,
+        0x61, 0x07, 0x24, 0xC4, 0x0D, 0x23, 0xDB, 0xC6,
+        0x28, 0xB1, 0x27, 0xCB, 0x7E, 0x06, 0xF8, 0x3C,
+        0x42, 0xF9, 0x51, 0x2F, 0x21, 0xC5, 0x80, 0x98,
+        0x08, 0x2F, 0x56, 0x58, 0xD7, 0xE0, 0xDA, 0xC4,
+        0x24, 0x0C, 0xE8, 0xFA, 0x94, 0x23, 0x57, 0xA6,
+        0xD8, 0xE2, 0xC5, 0xCC, 0x16, 0x70, 0x55, 0x57,
+        0xC4, 0x52, 0x2D, 0x94, 0xCE, 0x5B, 0x22, 0x8E,
+        0x6C, 0x3D, 0x8E, 0x74, 0x9D, 0xFD, 0x47, 0xC7,
+        0x42, 0x11, 0x41, 0x9F, 0x6A, 0x0A, 0xF6, 0x16,
+        0x97, 0xB1, 0x24, 0xC4, 0x6C, 0x98, 0xF8, 0x62,
+        0x51, 0xE9, 0x67, 0x6D, 0x39, 0x2B, 0x76, 0x19,
+        0x5F, 0x41, 0xF4, 0x82, 0x51, 0x87, 0xFF, 0xAA,
+        0x87, 0xE3, 0x46, 0x87, 0xC0, 0xC9, 0xBB, 0xB5,
+        0xAC, 0xA0, 0xD1, 0x56, 0x54, 0xC2, 0x2C, 0x59,
+        0x9E, 0x78, 0xF9, 0xA6, 0xBA, 0xCB, 0xE2, 0x45,
+        0x8A, 0xC1, 0xE5, 0xDF, 0xC3, 0x81, 0x91, 0xDB,
+        0xDB, 0x9E, 0xE2, 0x9C, 0xB9, 0x44, 0x5F, 0x5D,
+        0x6D, 0x83, 0x8D, 0x2D, 0x3E, 0x72, 0x2F, 0x98,
+        0xFC, 0xFA, 0x5F, 0xC0, 0xF0, 0x03, 0x4A, 0x42,
+        0x19, 0x67, 0x48, 0x24, 0x70, 0x35, 0xAE, 0x37,
+        0x34, 0x27, 0xAB, 0xD6, 0x92, 0xB8, 0xB4, 0x52,
+        0xC9, 0xD1, 0xF0, 0x5C, 0xAC, 0xFA, 0xB9, 0x2D,
+        0xCE, 0xF2, 0x24, 0xE3, 0x53, 0xF4, 0x2D, 0x65,
+        0x8D, 0xBF, 0x27, 0x3F, 0xAF, 0x62, 0xE0, 0x27,
+        0xBE, 0x12, 0xCB, 0x40, 0xA4, 0x99, 0xAF, 0x47,
+        0x19, 0x5F, 0x68, 0x69, 0x7F, 0x8C, 0xD2, 0x1E,
+        0x4A, 0xA1, 0xA4, 0x3D, 0x5A, 0x62, 0x6F, 0x78,
+        0x87, 0x8E, 0xA0, 0xC0, 0xF3, 0x2C, 0x60, 0xC3,
+        0xCE, 0xDD, 0xED, 0x7C, 0xAF, 0xE0, 0x0B, 0x72,
+        0x9D, 0xBA, 0xC6, 0xEE, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+        0x0B, 0x15, 0x1B, 0x1E, 0x24
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte sk_87[] = {
+        0xF1, 0x79, 0x16, 0xD9, 0x5C, 0x51, 0x2F, 0xEC,
+        0x0C, 0xEF, 0xA6, 0xA1, 0x5C, 0x9F, 0xB3, 0xBF,
+        0x84, 0xFF, 0x8D, 0x7F, 0xA3, 0x55, 0x22, 0xEB,
+        0x1C, 0x91, 0x5C, 0x4D, 0x25, 0x4E, 0x89, 0x35,
+        0x24, 0x8E, 0x3C, 0x08, 0x58, 0x2B, 0x74, 0x5E,
+        0xB2, 0xFD, 0x13, 0x15, 0x2B, 0x5D, 0xAE, 0xEA,
+        0xB0, 0x72, 0x80, 0x42, 0xB0, 0x08, 0x85, 0xBB,
+        0x92, 0xF8, 0x44, 0xA8, 0x6B, 0x42, 0x62, 0x03,
+        0x5C, 0x9F, 0x44, 0x8A, 0x2B, 0x78, 0xEF, 0x5D,
+        0xB3, 0x47, 0xE0, 0x25, 0x04, 0x15, 0xE1, 0x01,
+        0x5F, 0xBB, 0x34, 0x31, 0x91, 0x24, 0x07, 0xC8,
+        0x5A, 0x2F, 0x36, 0x2A, 0x85, 0xA9, 0xAE, 0x42,
+        0x77, 0x23, 0xBF, 0x62, 0x69, 0x7B, 0x77, 0x99,
+        0x1B, 0x3E, 0x93, 0xA3, 0x81, 0x13, 0x3F, 0x95,
+        0x0D, 0x40, 0xE7, 0xC1, 0xAC, 0xBC, 0x17, 0xE4,
+        0xF1, 0xD1, 0x0C, 0xD1, 0x27, 0x4C, 0x8D, 0x3C,
+        0x84, 0x02, 0x02, 0x0A, 0xC5, 0x10, 0x1C, 0xC3,
+        0x4D, 0xD0, 0x94, 0x70, 0x24, 0xC0, 0x89, 0x94,
+        0x08, 0x4D, 0xC2, 0x30, 0x20, 0x63, 0xC0, 0x24,
+        0xE1, 0x80, 0x40, 0xD0, 0x26, 0x68, 0x10, 0x97,
+        0x01, 0x83, 0xC2, 0x91, 0x5A, 0x90, 0x2D, 0x44,
+        0x94, 0x6D, 0x10, 0x09, 0x50, 0x11, 0xA7, 0x0D,
+        0xE4, 0x04, 0x89, 0x9B, 0x80, 0x8D, 0x40, 0xB8,
+        0x45, 0x4B, 0x86, 0x0D, 0xC8, 0xB6, 0x05, 0xC0,
+        0xC0, 0x71, 0x02, 0x09, 0x06, 0xA2, 0x00, 0x2D,
+        0x0B, 0x24, 0x86, 0xA0, 0x90, 0x11, 0x20, 0x16,
+        0x82, 0x1B, 0x24, 0x42, 0xCB, 0xB6, 0x70, 0x43,
+        0x36, 0x05, 0xDA, 0x16, 0x25, 0x9A, 0x34, 0x6C,
+        0xCB, 0xB4, 0x08, 0xC4, 0x16, 0x90, 0x24, 0x29,
+        0x6C, 0x42, 0x90, 0x04, 0x24, 0x06, 0x46, 0x84,
+        0x12, 0x6D, 0xC2, 0x26, 0x00, 0x88, 0x40, 0x02,
+        0x51, 0xC8, 0x40, 0x9C, 0x16, 0x24, 0x82, 0x18,
+        0x26, 0x21, 0x06, 0x0C, 0x12, 0xC2, 0x71, 0x50,
+        0x98, 0x91, 0x4A, 0x40, 0x28, 0x48, 0x48, 0x21,
+        0x5A, 0x18, 0x49, 0x1B, 0xB7, 0x01, 0x5A, 0xC6,
+        0x48, 0xA1, 0x90, 0x2C, 0x14, 0x18, 0x2D, 0xD2,
+        0x20, 0x62, 0xDC, 0xB6, 0x49, 0x00, 0x09, 0x6D,
+        0x40, 0xA8, 0x4D, 0x24, 0xC8, 0x24, 0x4C, 0x06,
+        0x08, 0x80, 0x40, 0x4E, 0xD3, 0x18, 0x88, 0x12,
+        0x09, 0x91, 0x8B, 0x12, 0x31, 0xC9, 0x16, 0x04,
+        0x64, 0x10, 0x72, 0xDA, 0x84, 0x91, 0x92, 0xC6,
+        0x65, 0x22, 0x10, 0x48, 0x18, 0xC9, 0x00, 0x14,
+        0x44, 0x62, 0x24, 0xC1, 0x60, 0x40, 0xC6, 0x10,
+        0x4A, 0x48, 0x28, 0x9B, 0x44, 0x66, 0x91, 0x10,
+        0x52, 0xD3, 0x26, 0x52, 0xD8, 0xA6, 0x0C, 0x0A,
+        0xA8, 0x44, 0xD8, 0x26, 0x0C, 0x64, 0x86, 0x45,
+        0x44, 0x20, 0x00, 0xD2, 0x48, 0x85, 0xDC, 0x46,
+        0x32, 0xC8, 0x22, 0x45, 0x5B, 0x00, 0x8D, 0x20,
+        0xA5, 0x45, 0x01, 0xC1, 0x91, 0xA2, 0x12, 0x84,
+        0x20, 0x47, 0x0E, 0x98, 0xA8, 0x25, 0xD9, 0xA0,
+        0x4D, 0xA4, 0x06, 0x2D, 0x5B, 0xB0, 0x08, 0x21,
+        0xB0, 0x80, 0x4C, 0x10, 0x2C, 0xC4, 0x98, 0x71,
+        0x99, 0x24, 0x24, 0xA4, 0x36, 0x71, 0x4B, 0xB6,
+        0x49, 0xE1, 0x92, 0x00, 0x09, 0x92, 0x4C, 0x89,
+        0x12, 0x49, 0x1A, 0x39, 0x2A, 0xE0, 0x22, 0x69,
+        0x61, 0xB2, 0x50, 0x40, 0x26, 0x8E, 0xC9, 0xA2,
+        0x08, 0x0A, 0x90, 0x24, 0x13, 0x35, 0x06, 0x21,
+        0x24, 0x62, 0x60, 0xB0, 0x01, 0xE3, 0xC6, 0x29,
+        0x5B, 0x28, 0x89, 0x20, 0x90, 0x70, 0xC4, 0xA4,
+        0x31, 0x08, 0x42, 0x11, 0x10, 0xC0, 0x71, 0x98,
+        0x98, 0x20, 0xC4, 0xA8, 0x29, 0x1A, 0x15, 0x32,
+        0xC4, 0x86, 0x6C, 0x18, 0x14, 0x6A, 0x02, 0x46,
+        0x46, 0xDC, 0xC2, 0x4C, 0x81, 0x02, 0x6D, 0x49,
+        0x16, 0x48, 0x10, 0x94, 0x6C, 0x0A, 0x85, 0x90,
+        0x9C, 0x34, 0x84, 0x54, 0x24, 0x25, 0x49, 0xA8,
+        0x21, 0x04, 0xA6, 0x2C, 0x61, 0x00, 0x01, 0x61,
+        0x46, 0x92, 0xE0, 0xA6, 0x44, 0xE2, 0x00, 0x90,
+        0xC8, 0x06, 0x06, 0x90, 0xB8, 0x2D, 0x0B, 0x85,
+        0x85, 0x20, 0x23, 0x0D, 0x83, 0x94, 0x04, 0x54,
+        0x26, 0x50, 0x41, 0x92, 0x29, 0x09, 0x16, 0x20,
+        0x54, 0xC6, 0x2D, 0x81, 0xC8, 0x8C, 0x09, 0x44,
+        0x44, 0xE2, 0x06, 0x30, 0x13, 0x92, 0x49, 0x0B,
+        0x17, 0x48, 0x93, 0x28, 0x86, 0xD8, 0xA4, 0x50,
+        0xD1, 0x32, 0x91, 0x08, 0xB8, 0x05, 0xA4, 0x02,
+        0x62, 0x01, 0x15, 0x82, 0xE3, 0x18, 0x42, 0x83,
+        0xC6, 0x44, 0x43, 0x02, 0x81, 0x53, 0x88, 0x04,
+        0x04, 0x98, 0x31, 0x19, 0x18, 0x46, 0xDB, 0x02,
+        0x89, 0x10, 0x23, 0x81, 0x03, 0x90, 0x71, 0x83,
+        0x26, 0x89, 0x1A, 0x01, 0x05, 0xCA, 0xB0, 0x01,
+        0x4C, 0x84, 0x09, 0x10, 0x11, 0x84, 0x13, 0xB1,
+        0x20, 0x61, 0xB8, 0x41, 0x1B, 0x02, 0x8C, 0x09,
+        0x98, 0x61, 0x83, 0x18, 0x61, 0x08, 0xC1, 0x6D,
+        0x44, 0x86, 0x09, 0xCB, 0x88, 0x8D, 0x93, 0xB4,
+        0x41, 0x58, 0x90, 0x81, 0x04, 0x31, 0x08, 0xD1,
+        0xC4, 0x04, 0x19, 0xB4, 0x4C, 0x1C, 0x88, 0x20,
+        0xCA, 0x30, 0x72, 0x1C, 0xB5, 0x85, 0x13, 0x27,
+        0x32, 0x84, 0xB4, 0x44, 0x04, 0x42, 0x20, 0x61,
+        0x18, 0x52, 0x50, 0x96, 0x44, 0x03, 0x38, 0x86,
+        0xE3, 0x48, 0x31, 0x02, 0x82, 0x68, 0x98, 0x06,
+        0x90, 0x23, 0x28, 0x04, 0x10, 0x18, 0x0D, 0x10,
+        0x28, 0x45, 0x4C, 0x84, 0x6C, 0x09, 0x36, 0x71,
+        0x82, 0x26, 0x64, 0x18, 0xC6, 0x21, 0x90, 0x18,
+        0x22, 0x0A, 0x37, 0x08, 0xC4, 0x94, 0x28, 0xE2,
+        0x30, 0x2C, 0x92, 0xB4, 0x24, 0x63, 0x46, 0x70,
+        0x52, 0x96, 0x0C, 0x8B, 0xA4, 0x05, 0xD3, 0x02,
+        0x85, 0x09, 0x32, 0x92, 0x49, 0x12, 0x21, 0x18,
+        0x43, 0x28, 0x01, 0x32, 0x45, 0x0B, 0xA5, 0x50,
+        0x14, 0x16, 0x65, 0x91, 0x80, 0x65, 0x0A, 0x44,
+        0x66, 0x13, 0xB6, 0x4C, 0x01, 0x38, 0x71, 0x11,
+        0x49, 0x28, 0x22, 0x43, 0x02, 0x0B, 0x34, 0x04,
+        0x01, 0x16, 0x91, 0x80, 0x14, 0x0E, 0x12, 0x93,
+        0x01, 0x00, 0x11, 0x80, 0xDC, 0x28, 0x51, 0x11,
+        0x87, 0x85, 0xC1, 0x34, 0x28, 0x02, 0xA2, 0x11,
+        0x02, 0x38, 0x44, 0x52, 0x14, 0x64, 0xC2, 0xA0,
+        0x01, 0x1B, 0x42, 0x8C, 0xC2, 0xB2, 0x71, 0xCB,
+        0x16, 0x00, 0xCC, 0x10, 0x21, 0x04, 0x12, 0x52,
+        0x84, 0x24, 0x2A, 0xD3, 0x48, 0x12, 0x08, 0x44,
+        0x08, 0x81, 0x88, 0x44, 0x01, 0x23, 0x50, 0xC0,
+        0xA2, 0x09, 0x81, 0x94, 0x50, 0x02, 0x89, 0x61,
+        0x01, 0x31, 0x88, 0x1B, 0xA2, 0x61, 0x90, 0x94,
+        0x84, 0x91, 0x24, 0x09, 0x03, 0x18, 0x22, 0xA3,
+        0x46, 0x60, 0x10, 0x16, 0x4D, 0x48, 0x84, 0x89,
+        0x11, 0x00, 0x2E, 0xCC, 0xC0, 0x40, 0x8C, 0xC0,
+        0x51, 0xE4, 0x42, 0x62, 0xDA, 0x24, 0x11, 0x13,
+        0x19, 0x46, 0x93, 0x34, 0x4C, 0x42, 0x42, 0x24,
+        0xC4, 0x48, 0x90, 0x00, 0x35, 0x80, 0x1B, 0x98,
+        0x51, 0x0B, 0x41, 0x60, 0x0C, 0x25, 0x46, 0x9A,
+        0xA8, 0x89, 0x12, 0x86, 0x4C, 0xE3, 0x16, 0x09,
+        0x14, 0x27, 0x24, 0x51, 0x26, 0x4D, 0x1B, 0x02,
+        0x10, 0x00, 0x17, 0x28, 0xD4, 0xA8, 0x45, 0x48,
+        0x88, 0x48, 0x01, 0xC7, 0x0D, 0x93, 0xC8, 0x40,
+        0x5B, 0x02, 0x49, 0x51, 0x02, 0x4A, 0x01, 0x42,
+        0x10, 0xE1, 0x08, 0x90, 0x03, 0x85, 0x48, 0x11,
+        0xA8, 0x68, 0x8B, 0x90, 0x08, 0x5A, 0x02, 0x0C,
+        0x5A, 0x18, 0x50, 0x11, 0x87, 0x51, 0x9C, 0x38,
+        0x92, 0xD0, 0x44, 0x82, 0x10, 0x33, 0x21, 0x88,
+        0x44, 0x2D, 0x24, 0x28, 0x0D, 0x22, 0xA3, 0x30,
+        0x49, 0x88, 0x25, 0xA1, 0xB2, 0x01, 0x5C, 0x40,
+        0x20, 0x1C, 0x03, 0x72, 0xCC, 0x96, 0x8C, 0x51,
+        0xA6, 0x88, 0xE3, 0x92, 0x08, 0x13, 0xB0, 0x08,
+        0x5C, 0x38, 0x44, 0x03, 0x47, 0x8E, 0x93, 0x12,
+        0x4A, 0x88, 0x20, 0x48, 0xE0, 0x42, 0x20, 0x81,
+        0x90, 0x09, 0x4B, 0x06, 0x6D, 0xD2, 0x90, 0x10,
+        0x01, 0x82, 0x49, 0x19, 0x28, 0x91, 0xDA, 0x20,
+        0x2A, 0x20, 0x85, 0x40, 0x0A, 0x16, 0x8A, 0x1C,
+        0x83, 0x60, 0xCA, 0x48, 0x4A, 0xA2, 0xC8, 0x50,
+        0xE4, 0x02, 0x31, 0x88, 0x86, 0x88, 0x53, 0x00,
+        0x89, 0x60, 0x08, 0x8A, 0xA2, 0x02, 0x0A, 0x0A,
+        0x34, 0x45, 0x03, 0x04, 0x42, 0x1B, 0x40, 0x09,
+        0x89, 0xA0, 0x69, 0x42, 0x18, 0x49, 0x4A, 0xA8,
+        0x8C, 0x99, 0x90, 0x30, 0xCA, 0x38, 0x91, 0x09,
+        0x31, 0x72, 0x8B, 0x44, 0x29, 0x52, 0xA2, 0x8D,
+        0x08, 0x14, 0x6E, 0xA1, 0x84, 0x50, 0x1C, 0x31,
+        0x46, 0x19, 0xB7, 0x01, 0xCC, 0x06, 0x29, 0x11,
+        0x09, 0x20, 0x4B, 0x40, 0x66, 0x40, 0xC4, 0x49,
+        0x00, 0x13, 0x24, 0xD0, 0xA2, 0x84, 0xCA, 0x16,
+        0x29, 0xD0, 0xC0, 0x84, 0xC8, 0x88, 0x44, 0xE1,
+        0x20, 0x29, 0x1A, 0x97, 0x05, 0x90, 0x42, 0x90,
+        0x04, 0x40, 0x71, 0x9C, 0x32, 0x4E, 0x64, 0x26,
+        0x22, 0x93, 0x36, 0x66, 0xD3, 0x06, 0x49, 0xA3,
+        0x26, 0x51, 0x4C, 0xA6, 0x89, 0x84, 0x36, 0x84,
+        0x93, 0x46, 0x6D, 0x14, 0x07, 0x8D, 0x18, 0x29,
+        0x42, 0x52, 0x34, 0x72, 0x44, 0x10, 0x90, 0x12,
+        0x37, 0x81, 0xD4, 0x10, 0x64, 0x04, 0xA5, 0x08,
+        0x84, 0x24, 0x09, 0x1C, 0x08, 0x8D, 0x02, 0x99,
+        0x6C, 0x1B, 0x30, 0x50, 0x09, 0x89, 0x81, 0x19,
+        0x30, 0x48, 0x5B, 0x14, 0x4D, 0xD9, 0x20, 0x20,
+        0x0C, 0x01, 0x2A, 0x00, 0x90, 0x4D, 0xA1, 0x02,
+        0x64, 0x1C, 0x03, 0x01, 0xC2, 0x26, 0x8C, 0x14,
+        0x08, 0x45, 0xE3, 0x12, 0x48, 0x09, 0x20, 0x09,
+        0x41, 0x40, 0x61, 0x90, 0x44, 0x21, 0x49, 0x06,
+        0x91, 0x4B, 0xC0, 0x84, 0x22, 0x95, 0x51, 0x23,
+        0x38, 0x0E, 0x5C, 0x28, 0x70, 0xC2, 0x40, 0x2C,
+        0x94, 0x18, 0x62, 0x9A, 0x30, 0x4A, 0xE2, 0x86,
+        0x4C, 0x5C, 0x10, 0x8D, 0xC2, 0x12, 0x21, 0x9C,
+        0xC4, 0x4D, 0xD9, 0x96, 0x88, 0x0C, 0x29, 0x45,
+        0x1B, 0x45, 0x6A, 0x1A, 0x00, 0x60, 0x91, 0x30,
+        0x0C, 0x12, 0x00, 0x69, 0xA2, 0xA0, 0x04, 0x81,
+        0x00, 0x65, 0x5C, 0x38, 0x8A, 0x18, 0x05, 0x89,
+        0x48, 0x32, 0x24, 0x81, 0xC6, 0x4D, 0x60, 0x90,
+        0x31, 0x83, 0x22, 0x12, 0xE1, 0xC2, 0x6C, 0x89,
+        0x00, 0x90, 0x14, 0xB4, 0x40, 0xD3, 0xB8, 0x45,
+        0x89, 0x24, 0x70, 0x09, 0x26, 0x6C, 0xD9, 0x32,
+        0x8A, 0x83, 0x44, 0x0E, 0x21, 0x44, 0x61, 0x99,
+        0xA4, 0x20, 0x44, 0x16, 0x2E, 0x1A, 0xC2, 0x08,
+        0x09, 0x98, 0x6C, 0x8C, 0x18, 0x8C, 0x0C, 0x30,
+        0x62, 0x8B, 0x46, 0x45, 0x80, 0x10, 0x21, 0x20,
+        0x33, 0x32, 0x5A, 0x38, 0x4C, 0x98, 0x06, 0x45,
+        0x1A, 0x33, 0x09, 0x82, 0x34, 0x44, 0x02, 0x20,
+        0x09, 0x59, 0x00, 0x41, 0x08, 0x13, 0x08, 0xDC,
+        0x18, 0x68, 0x12, 0x47, 0x86, 0x43, 0xB8, 0x21,
+        0x62, 0x02, 0x8D, 0x5C, 0x10, 0x0D, 0x60, 0x96,
+        0x65, 0xA2, 0x22, 0x4C, 0x83, 0x18, 0x09, 0x41,
+        0x08, 0x41, 0x63, 0xC2, 0x80, 0x13, 0x81, 0x65,
+        0x22, 0x03, 0x92, 0x04, 0xA9, 0x4D, 0x1C, 0xB0,
+        0x44, 0x80, 0xC6, 0x24, 0x00, 0x01, 0x44, 0x22,
+        0x11, 0x80, 0x21, 0x95, 0x64, 0x09, 0x99, 0x8C,
+        0xD3, 0x14, 0x4A, 0xD1, 0x98, 0x2D, 0x19, 0x31,
+        0x4C, 0x0A, 0x92, 0x40, 0x13, 0x98, 0x48, 0x14,
+        0x89, 0x20, 0x23, 0xB3, 0x0D, 0x14, 0x98, 0x6D,
+        0x12, 0x98, 0x05, 0x9B, 0x14, 0x06, 0x5B, 0x26,
+        0x91, 0x0A, 0x38, 0x09, 0x08, 0x98, 0x2C, 0x19,
+        0xA0, 0x45, 0x44, 0x26, 0x00, 0x0A, 0x05, 0x21,
+        0xDB, 0xA0, 0x69, 0x51, 0x42, 0x92, 0x0B, 0x43,
+        0x00, 0xD1, 0x42, 0x0D, 0x81, 0x30, 0x28, 0x13,
+        0xC2, 0x20, 0x03, 0x27, 0x60, 0x10, 0x83, 0x91,
+        0x0A, 0x53, 0x7E, 0xA1, 0x4F, 0x11, 0x54, 0x5E,
+        0x25, 0x4F, 0xCF, 0x28, 0x03, 0x95, 0x2A, 0x58,
+        0x0A, 0x4B, 0x6C, 0x9B, 0x29, 0x10, 0x3D, 0x97,
+        0x43, 0x6C, 0x00, 0x3E, 0x2E, 0xCE, 0xAE, 0x20,
+        0x28, 0x01, 0x7F, 0xF1, 0xD5, 0x18, 0xB0, 0xB5,
+        0xD5, 0xE6, 0x24, 0x26, 0x64, 0xED, 0x33, 0x7C,
+        0xCA, 0x45, 0x26, 0xED, 0x5D, 0xB5, 0xEA, 0xD8,
+        0xBB, 0x31, 0x16, 0x94, 0x1C, 0xD0, 0xC8, 0xF0,
+        0xA7, 0xED, 0x5A, 0x1A, 0x5A, 0x00, 0xB9, 0x8C,
+        0x33, 0x6A, 0x9B, 0xC8, 0xEB, 0x6B, 0x3A, 0x30,
+        0x83, 0x16, 0xF1, 0x17, 0xEA, 0xA8, 0x0D, 0x4B,
+        0x77, 0x56, 0xDD, 0x4A, 0x91, 0xDA, 0xA5, 0x8E,
+        0x80, 0xD7, 0xB5, 0x77, 0x55, 0x83, 0x97, 0xAF,
+        0x90, 0x5B, 0x67, 0xC5, 0x9F, 0x14, 0xE1, 0x2C,
+        0x15, 0x8D, 0x29, 0x2C, 0xA6, 0xB6, 0x41, 0xED,
+        0x0C, 0x75, 0xE3, 0x9A, 0x91, 0x4F, 0xFA, 0x1A,
+        0x9F, 0x24, 0xCA, 0x28, 0xF2, 0x00, 0xC7, 0x48,
+        0xDE, 0x70, 0x9D, 0x15, 0xD7, 0x22, 0xE7, 0xED,
+        0x2C, 0x91, 0x8D, 0xEF, 0x08, 0xCF, 0xAF, 0x9B,
+        0x7E, 0x24, 0xDE, 0xF2, 0xD5, 0x1A, 0x4D, 0x42,
+        0x0E, 0x7E, 0x89, 0x06, 0xFA, 0xCD, 0x9A, 0x5A,
+        0x98, 0xB0, 0xD1, 0xD5, 0x34, 0x5C, 0x8B, 0x9A,
+        0xC0, 0xBB, 0xF4, 0xB1, 0x5E, 0xF0, 0xB4, 0x6A,
+        0x8E, 0x3B, 0x6B, 0xAE, 0x0C, 0x6E, 0x9F, 0x09,
+        0x2E, 0xB3, 0xEF, 0x1D, 0x49, 0x62, 0x0B, 0x65,
+        0xE7, 0xDE, 0xDB, 0xEF, 0x68, 0x7E, 0xBD, 0x0E,
+        0xA0, 0x95, 0x97, 0x2A, 0x56, 0xA0, 0xEA, 0xFB,
+        0x2D, 0x75, 0xF4, 0x32, 0x1B, 0x80, 0xAC, 0xBC,
+        0xA3, 0x2B, 0x1B, 0x11, 0xAA, 0x57, 0x6F, 0xE4,
+        0xE0, 0xCC, 0xCC, 0x20, 0x52, 0x12, 0x65, 0x42,
+        0x96, 0xF0, 0x60, 0x8F, 0xF3, 0x83, 0x69, 0xAF,
+        0x19, 0x80, 0x75, 0x68, 0xDB, 0xE1, 0x71, 0xDB,
+        0x79, 0xEB, 0x8C, 0x1C, 0xB7, 0x6A, 0x8E, 0xB9,
+        0x5B, 0x28, 0x8C, 0x9D, 0xCC, 0x62, 0x0B, 0xEF,
+        0xCE, 0x96, 0x06, 0x0F, 0x45, 0xA6, 0xA2, 0xDA,
+        0xC2, 0x2F, 0x55, 0xE4, 0x7D, 0xC7, 0xBA, 0xB4,
+        0xA7, 0x93, 0xD9, 0x65, 0x8F, 0xE2, 0x7C, 0x66,
+        0x2C, 0xA6, 0x37, 0x00, 0x81, 0x30, 0xF1, 0x00,
+        0xD9, 0x65, 0xB4, 0x78, 0x17, 0x7A, 0xC6, 0xDC,
+        0x35, 0x93, 0x1A, 0x5E, 0xCC, 0x5F, 0x93, 0x31,
+        0x22, 0x40, 0x2C, 0x17, 0x0E, 0xB8, 0xE0, 0xA4,
+        0x1C, 0xB6, 0x3F, 0xE5, 0x60, 0x2F, 0x7B, 0x18,
+        0xE1, 0xDB, 0xB6, 0xDB, 0x30, 0xA7, 0x61, 0x55,
+        0xC6, 0xCF, 0x03, 0x0F, 0x73, 0x8D, 0xC0, 0x91,
+        0x6D, 0xB1, 0x80, 0xF8, 0x3F, 0x02, 0x90, 0x93,
+        0x11, 0xCB, 0x6B, 0x3B, 0x9E, 0x55, 0x3F, 0xAC,
+        0xA0, 0x52, 0x23, 0xB3, 0x3C, 0x69, 0x60, 0x2D,
+        0x0F, 0x05, 0xA0, 0x8B, 0xEB, 0x84, 0x80, 0x96,
+        0x51, 0x99, 0x9A, 0x55, 0x26, 0xE7, 0x76, 0xF3,
+        0xDE, 0x39, 0x30, 0x4A, 0x5F, 0xEF, 0x00, 0x95,
+        0x0A, 0x9A, 0x81, 0x0D, 0x12, 0xE0, 0x1D, 0x15,
+        0xD8, 0x86, 0xDB, 0x26, 0x75, 0xF6, 0x54, 0xCA,
+        0x17, 0xFA, 0xAE, 0xEB, 0xD1, 0xF5, 0x61, 0xF9,
+        0xD1, 0xA9, 0x5E, 0x0B, 0xAD, 0xF7, 0xC3, 0x31,
+        0x5A, 0xFA, 0xBA, 0x8D, 0x4B, 0xEC, 0x1F, 0x05,
+        0x42, 0xA8, 0xF1, 0x0A, 0xC6, 0x66, 0xFD, 0x8D,
+        0x0C, 0x5A, 0xF1, 0xD6, 0x86, 0x7A, 0x9D, 0x82,
+        0x6B, 0xFB, 0x6B, 0x03, 0x0B, 0x58, 0xEC, 0xEF,
+        0x67, 0x78, 0xD2, 0xC5, 0x2B, 0xF6, 0x2C, 0xB3,
+        0x4B, 0x81, 0xFF, 0x93, 0x6D, 0xA3, 0x3E, 0xDA,
+        0xB3, 0x1D, 0xB3, 0x9A, 0xB7, 0x63, 0x66, 0xD0,
+        0x94, 0x36, 0x2F, 0x04, 0x6D, 0x50, 0x78, 0xB4,
+        0x22, 0x35, 0x04, 0xA1, 0x2B, 0xA0, 0xC7, 0xB8,
+        0xE8, 0x83, 0x72, 0x77, 0x18, 0x50, 0x9B, 0xD4,
+        0x7A, 0x69, 0x6E, 0xE9, 0x88, 0x0C, 0xAF, 0xF6,
+        0x63, 0x61, 0x2B, 0x95, 0x86, 0x30, 0x3D, 0x6D,
+        0xE0, 0xD2, 0x1F, 0x9A, 0x21, 0x96, 0x22, 0x78,
+        0xEB, 0xCE, 0x60, 0xA6, 0xD4, 0x68, 0x44, 0x09,
+        0x5C, 0x5F, 0x89, 0x2D, 0xAC, 0xA4, 0x8D, 0x78,
+        0x28, 0x22, 0x45, 0x38, 0x34, 0xB4, 0xE4, 0x2C,
+        0xD3, 0xA1, 0xFE, 0x39, 0x87, 0x35, 0x6E, 0xAB,
+        0x11, 0xEF, 0xB8, 0xEE, 0xCD, 0x8E, 0x9C, 0xC8,
+        0xF3, 0x9A, 0x0F, 0xF1, 0xFF, 0xB8, 0x06, 0x9A,
+        0x44, 0x1F, 0x85, 0x1E, 0xB4, 0x38, 0xE9, 0xC0,
+        0xB5, 0x7E, 0x88, 0x18, 0xA3, 0x22, 0x65, 0x1E,
+        0x60, 0xF4, 0xB6, 0x78, 0x90, 0xE5, 0xED, 0x7A,
+        0x0F, 0xBF, 0x75, 0x36, 0xC3, 0xFD, 0x50, 0xD0,
+        0xB0, 0x65, 0x8D, 0x7C, 0xCF, 0x27, 0x5E, 0x8A,
+        0x9E, 0x9F, 0xBB, 0x99, 0xBE, 0x2E, 0x5F, 0x5E,
+        0x16, 0x7B, 0xE2, 0x90, 0xB7, 0xE9, 0x67, 0x32,
+        0xF8, 0x9E, 0x40, 0xD7, 0x85, 0xAF, 0x25, 0xC1,
+        0xBA, 0x61, 0xA7, 0x78, 0x6D, 0x3E, 0xF2, 0xD0,
+        0xC1, 0x14, 0xD1, 0x04, 0x8E, 0x76, 0x46, 0xDF,
+        0xA3, 0x03, 0x2B, 0xFB, 0x7A, 0x51, 0xA6, 0x36,
+        0x05, 0xDC, 0xE3, 0xE1, 0xD8, 0x98, 0x95, 0x00,
+        0xD6, 0xE5, 0x8E, 0x96, 0x05, 0x19, 0x93, 0x1D,
+        0xAC, 0x9F, 0x14, 0xDD, 0xA4, 0x28, 0xF5, 0xA2,
+        0xC9, 0xC7, 0x4D, 0x91, 0x6D, 0x90, 0x77, 0x07,
+        0xB5, 0x3E, 0xB5, 0x2C, 0x44, 0xAD, 0x71, 0xD7,
+        0x27, 0x82, 0x6E, 0xB2, 0xCA, 0x68, 0x07, 0x0A,
+        0x6F, 0x0E, 0x47, 0xFA, 0x16, 0xE5, 0x2E, 0x96,
+        0x29, 0xB7, 0xAA, 0x82, 0x41, 0xDA, 0xAB, 0xB1,
+        0x94, 0x97, 0xA5, 0x82, 0x4E, 0x58, 0xD7, 0x26,
+        0x75, 0xC3, 0xA6, 0x7E, 0x10, 0xA1, 0x19, 0xB2,
+        0x74, 0xB8, 0x4D, 0x9B, 0xEE, 0x28, 0x71, 0x72,
+        0x8E, 0xD2, 0xF9, 0x4F, 0x85, 0x59, 0xB9, 0x7F,
+        0x97, 0x9A, 0xE8, 0x82, 0xEA, 0x54, 0x99, 0x28,
+        0xD6, 0xB1, 0xA9, 0xA4, 0xE4, 0xA2, 0x29, 0xF6,
+        0xEB, 0x3F, 0xB1, 0xA4, 0x34, 0xA0, 0xFA, 0xED,
+        0xAD, 0x62, 0xB7, 0x03, 0x30, 0xCF, 0xCB, 0x24,
+        0xCB, 0x34, 0x98, 0x80, 0x2A, 0x67, 0x9F, 0x8F,
+        0x54, 0xBF, 0x83, 0xEF, 0x34, 0x47, 0x22, 0x96,
+        0x91, 0x98, 0x31, 0xCA, 0xAD, 0x59, 0xEB, 0xE8,
+        0x30, 0x82, 0xEA, 0xB6, 0x7D, 0x4A, 0xBD, 0x90,
+        0x22, 0x9A, 0x5E, 0x93, 0xA0, 0xB5, 0x80, 0x97,
+        0x7F, 0x08, 0x13, 0xCC, 0xB1, 0x5E, 0xCD, 0x74,
+        0xFF, 0x71, 0x5F, 0xE8, 0xDB, 0x5B, 0x05, 0xCE,
+        0xF3, 0x7D, 0x34, 0x93, 0xBE, 0xDA, 0x27, 0x05,
+        0x84, 0x94, 0x4C, 0x02, 0x09, 0x86, 0x34, 0x51,
+        0x4D, 0xAA, 0xCE, 0x70, 0x47, 0xE4, 0x74, 0x32,
+        0xF9, 0x2A, 0xDC, 0xA4, 0x91, 0xA3, 0xE0, 0x96,
+        0x1A, 0x5D, 0x9F, 0x01, 0x44, 0x85, 0x2E, 0x46,
+        0x32, 0x63, 0x35, 0xE2, 0x15, 0x24, 0x3D, 0xAA,
+        0xE8, 0x37, 0x92, 0x7F, 0xBF, 0xDC, 0xE6, 0x91,
+        0xF4, 0x98, 0x59, 0x26, 0x6E, 0x90, 0x08, 0x16,
+        0x8C, 0x6A, 0x5E, 0x2F, 0x60, 0x9C, 0x80, 0xC6,
+        0x8E, 0x08, 0x20, 0xE7, 0x27, 0x19, 0xE9, 0xB5,
+        0x87, 0x3F, 0xA1, 0x99, 0xE1, 0x97, 0xF9, 0xC4,
+        0x94, 0xAA, 0x8A, 0x3A, 0x65, 0x26, 0x9E, 0x95,
+        0xB7, 0x61, 0xB6, 0x7B, 0xEC, 0x61, 0x13, 0xC1,
+        0x44, 0xA5, 0x69, 0x89, 0xC5, 0x75, 0x0D, 0x45,
+        0x05, 0x42, 0xCC, 0xF8, 0x1B, 0x24, 0x62, 0x09,
+        0x2F, 0x70, 0x71, 0x5D, 0x49, 0x14, 0xEB, 0x2C,
+        0xAA, 0x31, 0x74, 0xBC, 0x9E, 0xEB, 0x20, 0xAA,
+        0xB6, 0xC6, 0x40, 0xF8, 0xB5, 0xD9, 0xC6, 0xA0,
+        0xDC, 0xC6, 0xF0, 0xAE, 0xC9, 0x7B, 0x3A, 0xF6,
+        0x47, 0xEB, 0xF8, 0x00, 0x34, 0xA4, 0x3B, 0xF3,
+        0x19, 0xBF, 0x40, 0xAD, 0xF7, 0x9A, 0xFE, 0xAB,
+        0x58, 0x90, 0xD2, 0x02, 0x3B, 0xAE, 0x02, 0xC9,
+        0xFD, 0x02, 0xC5, 0xBB, 0x65, 0x87, 0x9C, 0x1B,
+        0x5E, 0xA4, 0x06, 0x02, 0x9A, 0xE7, 0x78, 0x45,
+        0xCB, 0x99, 0x4D, 0xB8, 0xC3, 0x52, 0x11, 0xCA,
+        0x1D, 0xC8, 0x81, 0xF7, 0xF2, 0x0A, 0x47, 0x06,
+        0x50, 0x5F, 0x29, 0xD9, 0xCD, 0x19, 0x89, 0xAD,
+        0x42, 0xB0, 0x7E, 0xF5, 0x2D, 0x96, 0x54, 0xE2,
+        0x8E, 0x3D, 0xCB, 0x83, 0x00, 0x08, 0xA1, 0xBE,
+        0x31, 0x99, 0x38, 0x7E, 0x06, 0x6B, 0x28, 0xB3,
+        0x15, 0xCA, 0x19, 0x02, 0xF4, 0xBB, 0x0E, 0xE6,
+        0x3F, 0xDC, 0x4C, 0x93, 0xE1, 0xAB, 0x88, 0x6F,
+        0xD7, 0x42, 0x52, 0x61, 0xC3, 0x7A, 0xC5, 0x87,
+        0x62, 0xD0, 0x3D, 0xB6, 0x07, 0x06, 0x88, 0x7E,
+        0x72, 0xCF, 0x74, 0x5A, 0x44, 0x6D, 0xF6, 0xC6,
+        0x66, 0x2F, 0x53, 0xDD, 0x61, 0x24, 0x71, 0xA4,
+        0x34, 0xAC, 0x56, 0xC4, 0xBE, 0xDB, 0x3C, 0x9F,
+        0x36, 0x47, 0xE6, 0x03, 0x2B, 0x3C, 0xC0, 0x99,
+        0x0A, 0x3A, 0x2E, 0x87, 0x05, 0x2B, 0x36, 0xD4,
+        0xA1, 0x62, 0x42, 0x4E, 0x2D, 0x39, 0x9E, 0x1B,
+        0xC2, 0x37, 0x92, 0x8D, 0x0B, 0xD7, 0x71, 0x58,
+        0x07, 0x9C, 0xCB, 0x20, 0x8B, 0x71, 0x95, 0x07,
+        0x96, 0x55, 0xBD, 0xB7, 0x6C, 0xBA, 0xFF, 0x44,
+        0x7C, 0x34, 0xC5, 0x82, 0x9F, 0xAC, 0x19, 0x9B,
+        0xB0, 0x27, 0xA0, 0x80, 0x06, 0x50, 0x8D, 0x56,
+        0xC8, 0x1D, 0x18, 0x70, 0x90, 0xE7, 0x10, 0x24,
+        0xDB, 0x7F, 0xBF, 0x3A, 0x7D, 0x64, 0xD8, 0xFA,
+        0x48, 0x74, 0xA8, 0xF4, 0x70, 0x37, 0x7B, 0x15,
+        0x38, 0x00, 0x96, 0x82, 0x2F, 0xFE, 0x46, 0x55,
+        0x71, 0xB5, 0x0C, 0x54, 0x05, 0x58, 0xBA, 0x50,
+        0xE9, 0x0E, 0xB8, 0x14, 0x52, 0xF4, 0x12, 0x75,
+        0xC2, 0x51, 0x5B, 0xAE, 0x05, 0x92, 0xD5, 0x3F,
+        0x6A, 0x6A, 0x34, 0xD2, 0xA3, 0x4D, 0x8E, 0xAC,
+        0x6E, 0x7A, 0x03, 0xFB, 0xDB, 0x52, 0x49, 0x4F,
+        0x4B, 0x98, 0x1B, 0x56, 0xC0, 0x96, 0x26, 0x08,
+        0x48, 0x50, 0xC7, 0xCF, 0x96, 0x2F, 0x93, 0x10,
+        0x72, 0x25, 0x15, 0xA6, 0x2A, 0xC0, 0x85, 0xA6,
+        0x18, 0x9A, 0xDD, 0xEA, 0x38, 0x12, 0x91, 0x13,
+        0x57, 0x31, 0xB2, 0xEE, 0x83, 0xA4, 0xF1, 0xEB,
+        0xFA, 0x09, 0xAF, 0x80, 0xA9, 0x12, 0x68, 0xA8,
+        0x76, 0x23, 0xCB, 0x55, 0x7C, 0x9F, 0x66, 0xDE,
+        0xB4, 0x54, 0xFB, 0x2F, 0x4F, 0xC2, 0x64, 0x8F,
+        0x44, 0x41, 0x5A, 0x7B, 0xEF, 0x29, 0x96, 0x2D,
+        0x5F, 0x7C, 0x16, 0xE7, 0x85, 0x79, 0xF5, 0x26,
+        0xDD, 0x20, 0xE9, 0x20, 0x9B, 0x6C, 0xA6, 0xDF,
+        0xD1, 0x30, 0xF9, 0x2E, 0xF7, 0x24, 0x64, 0x5B,
+        0x5B, 0x84, 0xD8, 0x72, 0x4F, 0x3C, 0xF6, 0xF3,
+        0xA3, 0xB2, 0xA9, 0xCF, 0x61, 0x24, 0x7A, 0x54,
+        0xBA, 0x92, 0x8F, 0x53, 0xEA, 0xCB, 0xA7, 0xE6,
+        0xD6, 0xB8, 0x12, 0xC4, 0xCE, 0x21, 0xA1, 0x8B,
+        0xA8, 0xD1, 0x14, 0x50, 0xE7, 0x04, 0x89, 0xBA,
+        0x57, 0x2E, 0x5E, 0xB9, 0xA7, 0x72, 0x2D, 0x9D,
+        0xC6, 0xAA, 0xE4, 0xF9, 0x57, 0x93, 0x60, 0x09,
+        0xE2, 0x6E, 0xB3, 0xE7, 0x4D, 0x9F, 0x99, 0x33,
+        0xF3, 0xDB, 0x4D, 0xA0, 0xA1, 0xF5, 0x44, 0x93,
+        0x99, 0xB5, 0xE1, 0x01, 0x03, 0x11, 0xF8, 0x7D,
+        0x92, 0xC1, 0x87, 0xAD, 0x2E, 0xFA, 0xBB, 0x0A,
+        0x2C, 0x86, 0xB7, 0xD7, 0xF9, 0xA0, 0x72, 0xAB,
+        0xC0, 0xC6, 0x60, 0x6D, 0xBC, 0xD9, 0x20, 0x17,
+        0x7A, 0x22, 0x57, 0x20, 0xA7, 0x05, 0x76, 0xB8,
+        0xE8, 0x2D, 0x7D, 0x53, 0xC1, 0xDF, 0xA4, 0x8E,
+        0xA7, 0x31, 0x81, 0xAF, 0x0A, 0xF0, 0x86, 0xB6,
+        0xAA, 0xF8, 0x0A, 0xB2, 0x49, 0x81, 0xF2, 0x75,
+        0xD6, 0x6D, 0x4F, 0xBD, 0xE2, 0xC5, 0x1A, 0xE8,
+        0xE8, 0xD4, 0x58, 0x33, 0x72, 0x9F, 0x45, 0x03,
+        0x01, 0x30, 0xBC, 0x85, 0xB2, 0xBD, 0x9A, 0x14,
+        0xC8, 0x13, 0xA3, 0x7F, 0x1F, 0xA1, 0x47, 0xF8,
+        0x15, 0x48, 0x8D, 0x7A, 0x17, 0xC0, 0xC0, 0x39,
+        0xEA, 0xF8, 0x66, 0xCE, 0xA7, 0x5F, 0x5B, 0x2E,
+        0xBE, 0x05, 0xEF, 0x31, 0x09, 0x47, 0x2B, 0xA5,
+        0xF7, 0xCF, 0xCE, 0x4C, 0x35, 0x8B, 0x60, 0x80,
+        0x40, 0x0C, 0x5C, 0xC0, 0x85, 0x15, 0x14, 0x92,
+        0xD1, 0x3A, 0x5B, 0x00, 0x96, 0xA0, 0x63, 0x1F,
+        0xAA, 0x30, 0xCB, 0x48, 0xF2, 0xDA, 0x87, 0x3B,
+        0x85, 0x7D, 0xFD, 0xB3, 0x86, 0xD9, 0x33, 0x98,
+        0x18, 0x07, 0x34, 0x92, 0x55, 0x9A, 0x0E, 0xC2,
+        0xDA, 0xF3, 0x73, 0x8E, 0x15, 0x88, 0xB0, 0x98,
+        0x75, 0x1F, 0xF0, 0xFA, 0x1C, 0x87, 0x1B, 0x22,
+        0x23, 0x7E, 0x5C, 0xD1, 0x5B, 0x0E, 0x17, 0x28,
+        0xEA, 0x26, 0x71, 0x66, 0xC3, 0x8A, 0x71, 0x97,
+        0xB6, 0xCC, 0x7D, 0xAD, 0x39, 0x11, 0x6B, 0xE6,
+        0x1D, 0xF4, 0x33, 0x3C, 0xD7, 0xC2, 0xA4, 0x13,
+        0xDB, 0x30, 0x63, 0xD7, 0xF0, 0x22, 0x8C, 0x61,
+        0xFA, 0xDA, 0xC3, 0xF8, 0xC3, 0x31, 0xF4, 0x45,
+        0x09, 0xB4, 0xD6, 0x08, 0x53, 0x1F, 0x99, 0x5D,
+        0x15, 0xFA, 0xB1, 0x19, 0xD8, 0x47, 0xE6, 0xD8,
+        0x54, 0x95, 0x75, 0xB7, 0xD8, 0x50, 0xB2, 0x60,
+        0x0E, 0x4D, 0x13, 0x64, 0x6C, 0xF9, 0x6B, 0x6B,
+        0x9D, 0xA6, 0xC6, 0x2F, 0x2A, 0x80, 0xAE, 0x02,
+        0x58, 0xA8, 0xCD, 0x6E, 0xF4, 0xC5, 0x5E, 0xEA,
+        0x7E, 0x78, 0xD2, 0x0A, 0x46, 0x4A, 0x19, 0x4C,
+        0xEC, 0xBB, 0x01, 0xE7, 0x3F, 0x32, 0x76, 0xD6,
+        0x6E, 0x12, 0xAD, 0x37, 0x74, 0x51, 0xBB, 0xB9,
+        0x4E, 0x5C, 0x94, 0x88, 0x32, 0x59, 0x5F, 0x6B,
+        0x6E, 0x38, 0x2A, 0xD1, 0x42, 0xD9, 0xF1, 0xB8,
+        0x68, 0x97, 0x95, 0xE9, 0xEB, 0xC3, 0x2A, 0x5A,
+        0x10, 0x1E, 0x69, 0x6C, 0xA3, 0x4A, 0xBA, 0x00,
+        0x5B, 0x4C, 0xED, 0xA2, 0x7D, 0x12, 0x00, 0xFE,
+        0x48, 0xFD, 0x82, 0xC1, 0x72, 0x17, 0xE5, 0x08,
+        0xA8, 0x48, 0x4F, 0x03, 0x88, 0x34, 0x5C, 0x9D,
+        0xED, 0xE2, 0xA1, 0x39, 0x28, 0xFA, 0xC3, 0x29,
+        0x21, 0x84, 0x2F, 0x6E, 0x6A, 0xA5, 0xCF, 0xBF,
+        0x57, 0xFA, 0xA2, 0x8F, 0x43, 0xE0, 0x5E, 0x9A,
+        0x45, 0x23, 0x12, 0x50, 0x29, 0x11, 0xEF, 0x9C,
+        0x33, 0xC8, 0x11, 0xEB, 0xE7, 0xCA, 0xD7, 0x30,
+        0x62, 0x3D, 0xB7, 0x04, 0x8E, 0xC2, 0x18, 0xC7,
+        0xEA, 0x9D, 0xFC, 0x6E, 0x19, 0x65, 0xA9, 0x85,
+        0x7E, 0x92, 0x94, 0xC4, 0xE4, 0x7F, 0x4D, 0x96,
+        0x23, 0xCB, 0x74, 0xB6, 0x5F, 0x7B, 0xB5, 0x86,
+        0x22, 0x83, 0x8D, 0xC4, 0x4E, 0x16, 0xD9, 0x15,
+        0xD9, 0x59, 0x65, 0x55, 0xCA, 0x3D, 0x26, 0x1C,
+        0x9C, 0x2A, 0xFC, 0xCB, 0xAF, 0x5A, 0xC0, 0x3D,
+        0xE0, 0x91, 0xF0, 0xDB, 0xEA, 0xE1, 0xB4, 0xA7,
+        0xE3, 0xDE, 0xC4, 0x39, 0x09, 0x89, 0x67, 0x65,
+        0x77, 0xA0, 0x53, 0x68, 0x4F, 0x57, 0x86, 0x8D,
+        0x91, 0xFE, 0x6A, 0x5B, 0x7D, 0x3D, 0x7C, 0x79,
+        0x50, 0x78, 0x9E, 0x89, 0xD8, 0x38, 0x83, 0xBC,
+        0x3D, 0xAE, 0x55, 0xCA, 0x30, 0x78, 0xB0, 0x8D,
+        0x99, 0x18, 0x31, 0xBA, 0x91, 0x50, 0x2A, 0x5A,
+        0x33, 0x54, 0xB8, 0x8E, 0x15, 0x9B, 0x0A, 0xFF,
+        0xD2, 0x5B, 0x0D, 0xBB, 0x72, 0xBC, 0xD6, 0xF4,
+        0x04, 0x65, 0xDD, 0xFC, 0x00, 0xFF, 0x8B, 0x63,
+        0x39, 0xC0, 0x67, 0x09, 0x5D, 0x6C, 0x7C, 0xB0,
+        0x6F, 0x3B, 0xE7, 0x59, 0xC5, 0x27, 0x40, 0x39,
+        0x5D, 0xD1, 0x08, 0x29, 0x6F, 0x2B, 0xBC, 0x2E,
+        0x7A, 0x5D, 0xDD, 0xE3, 0xD1, 0xC3, 0x5D, 0x18,
+        0xBF, 0xBE, 0x39, 0x68, 0xEC, 0x59, 0xAB, 0xF8,
+        0x5C, 0x1B, 0xD2, 0x92, 0x8A, 0xB2, 0xAA, 0x67,
+        0x8A, 0x78, 0x91, 0x74, 0x6E, 0x88, 0xF4, 0x39,
+        0xF8, 0xB4, 0x38, 0x40, 0x31, 0xC3, 0xED, 0xB7,
+        0x31, 0x97, 0xE5, 0x2A, 0x4E, 0x77, 0x3D, 0x2D,
+        0x8B, 0x7B, 0xAD, 0xDC, 0x5D, 0xD0, 0xA7, 0xE4,
+        0x4C, 0x80, 0x8D, 0x73, 0xB8, 0x18, 0x1D, 0x19,
+        0x1C, 0x3C, 0x89, 0xFE, 0x15, 0xEA, 0x90, 0xD7,
+        0x56, 0x7E, 0x89, 0x16, 0xA3, 0x37, 0x83, 0x03,
+        0x05, 0x04, 0x1B, 0x1E, 0x94, 0xB3, 0xB4, 0x06,
+        0xDA, 0x4C, 0x36, 0xBE, 0xF0, 0x5D, 0x91, 0x00,
+        0xAB, 0x99, 0x2A, 0x4D, 0x56, 0x25, 0x33, 0x73,
+        0x0E, 0x0D, 0x8C, 0x05, 0x2B, 0x3A, 0x62, 0xD3,
+        0xF6, 0x9A, 0x83, 0xA0, 0xC9, 0xB2, 0x12, 0x4F,
+        0x12, 0xAE, 0x7D, 0xAC, 0xC9, 0x78, 0xC4, 0xA0,
+        0xAD, 0xCC, 0x2E, 0xBA, 0x2D, 0x80, 0xF4, 0x94,
+        0xAA, 0x16, 0xEC, 0x1E, 0x8E, 0x71, 0xC7, 0x9B,
+        0x02, 0xF3, 0x26, 0x1B, 0x6F, 0x98, 0x68, 0xB8,
+        0xD5, 0x7E, 0x9D, 0x16, 0xF4, 0x2B, 0x7C, 0xC6,
+        0x64, 0x06, 0x54, 0x9A, 0x27, 0x6D, 0x37, 0x14,
+        0x37, 0xDE, 0x88, 0xB7, 0xF3, 0x9E, 0x74, 0x08,
+        0x7C, 0xBB, 0xC5, 0x61, 0x16, 0x80, 0x31, 0x2D,
+        0xE8, 0xF0, 0xC3, 0x68, 0x14, 0xE1, 0x74, 0xF9,
+        0x1E, 0xB6, 0x00, 0xCC, 0x96, 0xE3, 0xCF, 0x51,
+        0xBB, 0x20, 0x25, 0x88, 0x77, 0xA2, 0xAA, 0xEB,
+        0x82, 0x7F, 0x7F, 0x5A, 0xDA, 0x80, 0x78, 0x6B,
+        0x50, 0x84, 0xC8, 0x02, 0xE6, 0x06, 0xDE, 0xF3,
+        0x88, 0xA3, 0x9C, 0xE4, 0xF0, 0xD5, 0xBC, 0x19,
+        0x39, 0x4C, 0xE8, 0x41, 0xE2, 0xD2, 0xAA, 0x74,
+        0x25, 0x23, 0x05, 0x80, 0xFA, 0x66, 0x75, 0xC5,
+        0x17, 0x41, 0xD1, 0x75, 0x87, 0x9B, 0x4D, 0x03,
+        0xC3, 0x90, 0xF6, 0x52, 0xA5, 0x03, 0xA7, 0x51,
+        0x6A, 0x1F, 0x07, 0x5E, 0x30, 0x82, 0xD5, 0x2C,
+        0x60, 0xB8, 0x64, 0x2A, 0x82, 0x40, 0xEE, 0x94,
+        0x4D, 0x5F, 0xB4, 0x27, 0x37, 0x6B, 0x40, 0xB0,
+        0xB2, 0x82, 0xE1, 0x9A, 0xB9, 0x08, 0xCC, 0xF2,
+        0x0C, 0xA9, 0x26, 0x11, 0x64, 0x90, 0xAF, 0xED,
+        0x57, 0xEA, 0xD0, 0xDC, 0x0C, 0x8E, 0x29, 0x6C,
+        0x79, 0xA4, 0x8D, 0x08, 0x8E, 0x83, 0x7A, 0xF0,
+        0x67, 0xDC, 0x02, 0x9E, 0xC6, 0x31, 0xF9, 0x93,
+        0x3E, 0xE4, 0xD2, 0x07, 0x46, 0xE6, 0x4E, 0x5F,
+        0x21, 0x67, 0x55, 0xA1, 0x38, 0x97, 0x4D, 0x30,
+        0x82, 0x93, 0x73, 0x6D, 0xC1, 0x86, 0x04, 0x27,
+        0x6C, 0xC4, 0x18, 0xBA, 0x69, 0xF8, 0x72, 0xB5,
+        0x8E, 0x7F, 0x6E, 0x3A, 0x8B, 0x84, 0x6E, 0xBA,
+        0xAE, 0xB3, 0x83, 0xE7, 0xF8, 0x90, 0xF5, 0x4E,
+        0x77, 0xF5, 0xD7, 0xF5, 0xD4, 0xA5, 0x8D, 0xB7,
+        0x83, 0xEC, 0xA0, 0x49, 0xF1, 0x86, 0x17, 0x12,
+        0x82, 0xBA, 0xC2, 0x60, 0x7D, 0x51, 0xB2, 0x98,
+        0xB1, 0x49, 0x38, 0xEF, 0xB1, 0x92, 0x8F, 0xC8,
+        0xD0, 0x78, 0x06, 0xE8, 0xC3, 0xE7, 0x3B, 0x46,
+        0x46, 0xBC, 0xF1, 0x68, 0x90, 0xCC, 0x13, 0x80,
+        0xE7, 0xB6, 0x33, 0x50, 0x2B, 0x3E, 0xAD, 0xA4,
+        0x47, 0x75, 0x02, 0xE2, 0x46, 0x7C, 0xFD, 0xB9,
+        0xAC, 0xBD, 0x1C, 0x72, 0xBC, 0x6A, 0xEB, 0x4F,
+        0x41, 0xE1, 0xC2, 0x3C, 0x63, 0x68, 0x39, 0xE3,
+        0x57, 0x13, 0x5F, 0x76, 0xBC, 0x39, 0xC4, 0xF9,
+        0xAC, 0x1C, 0xE8, 0xF1, 0xBE, 0xEF, 0xEB, 0xFF,
+        0x87, 0x59, 0xE8, 0xF7, 0x19, 0x65, 0xD4, 0x85,
+        0x4B, 0xEA, 0xAD, 0x0A, 0xFE, 0xDC, 0xA9, 0xD4,
+        0xD6, 0xBD, 0x1E, 0x63, 0xD3, 0x48, 0xA4, 0x2C,
+        0xEE, 0xFF, 0xC1, 0x70, 0xD0, 0xEE, 0x9F, 0x13,
+        0x6F, 0x5B, 0xE9, 0x90, 0x14, 0x66, 0x92, 0x61,
+        0x22, 0xF9, 0x48, 0xBD, 0xDE, 0x2A, 0x91, 0x07,
+        0xD2, 0xA9, 0x8B, 0xA2, 0xDE, 0xA6, 0xD6, 0xF2,
+        0xDA, 0x17, 0x72, 0x47, 0x02, 0xEC, 0x51, 0x8C,
+        0x03, 0x75, 0x3D, 0x51, 0xEA, 0x83, 0x1E, 0x95,
+        0xCB, 0x87, 0x08, 0xD5, 0xDE, 0xC8, 0x22, 0xDB,
+        0x73, 0x7E, 0x44, 0x14, 0x3C, 0x86, 0xF4, 0x71,
+        0x77, 0xD8, 0x5C, 0xD0, 0x98, 0xC2, 0x1B, 0x9B,
+        0xC8, 0x00, 0xDF, 0xA9, 0xDC, 0x26, 0xFD, 0xC2,
+        0x61, 0xE9, 0x21, 0xDE, 0x00, 0x2D, 0x81, 0xC1,
+        0x59, 0xF8, 0xEB, 0x1F, 0xEE, 0x67, 0x67, 0x9D,
+        0x62, 0x1E, 0xCE, 0x6B, 0x36, 0xD0, 0x1C, 0x77,
+        0x5A, 0x16, 0x45, 0xD5, 0x22, 0x92, 0xB4, 0xB2,
+        0xB8, 0x22, 0x73, 0x18, 0x77, 0x2A, 0x80, 0x91,
+        0xE9, 0xEC, 0x01, 0x70, 0x13, 0xB1, 0x95, 0xEB,
+        0xF4, 0xEF, 0x20, 0x1F, 0x4E, 0x88, 0x1C, 0x49,
+        0x36, 0x33, 0xC0, 0x7F, 0x27, 0xC9, 0x79, 0x0D,
+        0xD8, 0xAE, 0xCC, 0x94, 0x49, 0xCF, 0x63, 0xBC,
+        0xB1, 0x19, 0x46, 0x16, 0x9A, 0xCF, 0xF3, 0x95,
+        0x42, 0x26, 0x6B, 0x0C, 0x66, 0x85, 0xBB, 0xB0,
+        0x80, 0xB5, 0x9F, 0x11, 0x7E, 0xEB, 0x2A, 0x73,
+        0x38, 0x2B, 0x3D, 0x18, 0x7C, 0x06, 0x80, 0xC5,
+        0xAE, 0x70, 0x90, 0x70, 0xDF, 0x03, 0xA0, 0x08,
+        0xA7, 0xAD, 0x13, 0x22, 0x6F, 0x3C, 0x37, 0x15,
+        0x39, 0x20, 0x52, 0xF2, 0x44, 0x1B, 0x4A, 0x17,
+        0x8D, 0x7C, 0xF7, 0x05, 0x18, 0x33, 0x9C, 0xFF,
+        0xBB, 0x54, 0xA6, 0xD9, 0xB9, 0xCD, 0xE3, 0xB0,
+        0xB5, 0x7D, 0xBC, 0x79, 0xF4, 0xE4, 0x7A, 0xD6,
+        0x27, 0x4C, 0xE2, 0x18, 0x0C, 0x92, 0xAC, 0x64,
+        0x10, 0xE5, 0x0D, 0x05, 0xF6, 0x66, 0x5A, 0x57,
+        0xD4, 0xD4, 0x47, 0x6C, 0x2C, 0x0E, 0x6E, 0xE0,
+        0x75, 0x7A, 0x3A, 0xFE, 0xA2, 0xB1, 0xBF, 0x86,
+        0xA5, 0x51, 0xEF, 0x98, 0xAA, 0x1D, 0xFC, 0xBA,
+        0x96, 0x31, 0x59, 0x59, 0x45, 0x2B, 0x2B, 0x3A,
+        0x2F, 0xCB, 0xBB, 0x95, 0x5C, 0xB3, 0xFA, 0x1E,
+        0xEB, 0xBB, 0x83, 0xBD, 0x17, 0x87, 0x67, 0xC0,
+        0x2E, 0xFB, 0xBE, 0xFF, 0x6C, 0x7E, 0xEF, 0x94,
+        0xB5, 0x5D, 0xF8, 0x83, 0x1D, 0xDF, 0xB7, 0xB2,
+        0x02, 0xCE, 0x7D, 0xE0, 0x55, 0xEA, 0xF9, 0x92,
+        0x8A, 0xDA, 0xF6, 0xED, 0x0E, 0x31, 0x59, 0xCA,
+        0x56, 0xC4, 0x83, 0xFA, 0x3B, 0xA3, 0xD2, 0x47,
+        0x8C, 0xA3, 0x94, 0x82, 0x4C, 0xEE, 0x6A, 0xBD,
+        0x59, 0x67, 0x09, 0x53, 0xEE, 0x80, 0xD3, 0x83,
+        0xAA, 0xA6, 0x08, 0xE1, 0x58, 0x51, 0x13, 0x5C,
+        0x1C, 0xDE, 0xEE, 0xB5, 0xF6, 0xA8, 0x89, 0x7C,
+        0x3C, 0x9E, 0x06, 0x6A, 0xB4, 0x73, 0x4F, 0xDD,
+        0xFA, 0xBC, 0x3B, 0xC3, 0xBA, 0x12, 0x06, 0xBA,
+        0x54, 0x34, 0xDC, 0xDE, 0xDB, 0x9D, 0x8B, 0x3A,
+        0x81, 0xA2, 0xE6, 0x38, 0x14, 0x6D, 0x83, 0xF1,
+        0x4F, 0x06, 0xE5, 0x60, 0x99, 0xC0, 0xC8, 0xA0,
+        0xFC, 0xCD, 0xB9, 0xEC, 0xF0, 0xF3, 0xD8, 0x8D,
+        0xE3, 0x79, 0x2F, 0x2D, 0x0B, 0x65, 0x1B, 0x61,
+        0x9C, 0x57, 0x1B, 0x69, 0xF4, 0xBF, 0x8E, 0x7C,
+        0xD1, 0x91, 0x0F, 0x26, 0x6A, 0x4D, 0xAD, 0xF8,
+        0xC2, 0xAB, 0xB4, 0xAC, 0x05, 0xBD, 0x1F, 0xBA,
+        0x05, 0x8C, 0x03, 0x94, 0xC0, 0x16, 0xDE, 0xE6,
+        0x0C, 0x66, 0x40, 0x1A, 0x17, 0xD1, 0x34, 0x59,
+        0x54, 0x79, 0x33, 0x38, 0x9A, 0x35, 0x65, 0x69,
+        0xAD, 0xA5, 0x32, 0xC9, 0xF4, 0x87, 0x69, 0x88,
+        0x55, 0xA4, 0xD7, 0xBC, 0xCD, 0x0E, 0xF6, 0x95,
+        0x31, 0x09, 0x4D, 0xA4, 0x08, 0x6F, 0x52, 0xBF,
+        0x98, 0xCD, 0xC9, 0xA4, 0xB0, 0xBC, 0x88, 0x8D,
+        0xC3, 0x89, 0x1A, 0x76, 0x09, 0x6C, 0x7C, 0x48,
+        0x34, 0x90, 0xE9, 0x52, 0x32, 0x6A, 0xE4, 0x02,
+        0xD8, 0xDF, 0xD2, 0xF3, 0xDC, 0xCF, 0x1A, 0xA5,
+        0xD7, 0xBD, 0x69, 0x8E, 0x2A, 0xA8, 0x8D, 0x29,
+        0x48, 0x13, 0xA8, 0x8F, 0xD3, 0x18, 0x66, 0xBC,
+        0xA1, 0x1B, 0x3B, 0x91, 0xC0, 0x09, 0xEE, 0xB6,
+        0x67, 0x60, 0x1C, 0xEE, 0xAF, 0xAF, 0xE9, 0x7C,
+        0x56, 0xFA, 0x33, 0xF9, 0x38, 0x1F, 0x3E, 0x43,
+        0x29, 0x90, 0x1A, 0xC3, 0xB7, 0xEA, 0x70, 0x32,
+        0xC0, 0x19, 0xE5, 0xC8, 0xA8, 0xEF, 0xD7, 0x04,
+        0x4C, 0x97, 0x36, 0x44, 0xAF, 0x2B, 0xE4, 0x20,
+        0xA0, 0x33, 0xC6, 0xC2, 0xC7, 0xCE, 0x0C, 0xEA,
+        0x39, 0x34, 0xDC, 0x18, 0xB4, 0x2A, 0xDF, 0xD7,
+        0xA8, 0x46, 0xF4, 0x2D, 0xD4, 0x06, 0x86, 0x6A,
+        0x39, 0x09, 0x29, 0x02, 0x6A, 0xDE, 0x5C, 0x79,
+        0x1B, 0x5F, 0x61, 0xF9, 0x42, 0xB1, 0x55, 0x07,
+        0x7D, 0x82, 0xF2, 0xAF, 0xCC, 0xFF, 0xF8, 0x5B,
+        0x04, 0x06, 0x64, 0x7A, 0x96, 0x27, 0xE3, 0x69,
+        0x5D, 0x4B, 0xEA, 0x3D, 0x58, 0xA6, 0x3E, 0x17,
+        0x18, 0xD1, 0x84, 0xE4, 0x6B, 0x5F, 0x4B, 0xC8,
+        0x41, 0x03, 0x34, 0xA4, 0x09, 0x5D, 0x0F, 0xAF,
+        0x30, 0x6F, 0xB9, 0xDC, 0x10, 0x94, 0x25, 0xC3,
+        0x16, 0x52, 0xD0, 0x6F, 0xF0, 0x51, 0xA1, 0x62,
+        0xEE, 0x2B, 0x7B, 0x1C, 0x54, 0xD6, 0xC7, 0xDE,
+        0xD6, 0xE3, 0x95, 0xAA, 0xD1, 0xA8, 0x6D, 0x03,
+        0xB1, 0xB6, 0xC8, 0x00, 0x76, 0x7E, 0xC1, 0x44,
+        0x12, 0xEE, 0xCE, 0x13, 0x46, 0x20, 0xA6, 0x1D,
+        0x36, 0x9A, 0xF4, 0x9E, 0x21, 0xB0, 0xD1, 0x4B,
+        0xC4, 0x23, 0x06, 0x49, 0xCD, 0xD3, 0xE9, 0xFD,
+        0x84, 0x7A, 0xE5, 0x0B, 0xE9, 0x62, 0xEF, 0xC8,
+        0xCB, 0x0F, 0x33, 0x9F, 0x9E, 0x6D, 0x32, 0x47,
+        0x53, 0x3B, 0xDE, 0xD8, 0x71, 0x1D, 0x46, 0x1D,
+        0x4A, 0xF2, 0xAE, 0x3F, 0xDD, 0x1D, 0x7D, 0x2A,
+        0x28, 0x9C, 0x78, 0xCB, 0x19, 0xF3, 0xCD, 0xC2,
+        0x14, 0x2B, 0xF5, 0x2B, 0x23, 0xE6, 0xA2, 0x7B,
+        0x39, 0xD6, 0x99, 0x54, 0x3C, 0x3D, 0x63, 0x9B,
+        0x9C, 0x72, 0xCA, 0x80, 0xB3, 0x7E, 0xA2, 0x77,
+        0x5B, 0x5E, 0x26, 0x81, 0xF0, 0xDD, 0x01, 0xDF,
+        0xF0, 0xC0, 0x55, 0x13, 0x36, 0x90, 0x62, 0xFE
+    };
+    static const byte msg_87[] = {
+        0x9E, 0xFF, 0x34, 0x15, 0x06, 0xD1, 0x8B, 0xCB,
+        0x27, 0xA7, 0xFC, 0x4E, 0xAA, 0xBF, 0x5A, 0x7C,
+        0x4A, 0x59, 0x37, 0x77, 0x19, 0x6F, 0x66, 0x4B,
+        0xCE, 0x31, 0x6C, 0x95, 0x5B, 0x83, 0x5A, 0xD4,
+        0xC9, 0xF5, 0xDE, 0x9A, 0x2B, 0xF8, 0x96, 0x15,
+        0xDA, 0xCB, 0x9C, 0x1E, 0x61, 0x8C, 0x78, 0xE7,
+        0x11, 0x44, 0xCD, 0x4B, 0x70, 0x46, 0xF4, 0x7D,
+        0x9A, 0x60, 0x0E, 0x9C, 0xE6, 0x65, 0x96, 0xC4,
+        0xC5, 0x5E, 0xDA, 0x23, 0xA6, 0x6C, 0xC1, 0x18,
+        0xA4, 0xA7, 0xBD, 0x0D, 0xED, 0x00, 0xAB, 0xDD,
+        0xCE, 0x53, 0xFB, 0xF2, 0x48, 0x20, 0x33, 0xA4,
+        0x18, 0x85, 0x06, 0xEC, 0x11, 0x3B, 0xBD, 0x98,
+        0xD9, 0x89, 0x1F, 0x0D, 0x69, 0x46, 0x3A, 0x0D,
+        0x36, 0x15, 0x6B, 0xA3, 0xEA, 0x0D, 0x02, 0xA1,
+        0x4C, 0x1F, 0xD7, 0xA3, 0xFE, 0x70, 0x4E, 0xE5,
+        0x6B, 0x44, 0x6A, 0xE1, 0x79, 0xF7, 0x2E, 0x10,
+        0x4A, 0xA8, 0x1A, 0xF0, 0xA2, 0xF8, 0xFC, 0xA6,
+        0xF6, 0xF9, 0x62, 0x96, 0x05, 0x9E, 0xE8, 0x82,
+        0x66, 0x80, 0xE4, 0x3F, 0x4B, 0x07, 0x40, 0xF4,
+        0x7A, 0xC1, 0x05, 0x66, 0xED, 0x31, 0x07, 0x99,
+        0xAC, 0x71, 0x41, 0xD3, 0x8F, 0x69, 0x21, 0x31,
+        0x5F, 0x23, 0xAB, 0x3E, 0x64, 0xC8, 0xA7, 0x70,
+        0xAA, 0x57, 0x12, 0x80, 0x90, 0xDB, 0x82, 0x8C,
+        0x7B, 0xAA, 0x59, 0xC3, 0x29, 0x5C, 0xCA, 0xA2,
+        0x38, 0xC7, 0x5F, 0xAC, 0x0F, 0x93, 0xDA, 0x79,
+        0x00, 0x74, 0x1B, 0xCD, 0x94, 0xBB, 0x9F, 0xD3,
+        0x85, 0x2E, 0xC2, 0xB7, 0xD3, 0x3F, 0x60, 0x0B,
+        0x1D, 0x51, 0x66, 0x6A, 0xE2, 0x22, 0xA5, 0x7A,
+        0xF1, 0x40, 0xFA, 0x04, 0x9C, 0x2C, 0x9F, 0x6D,
+        0x0F, 0xE6, 0xC0, 0xF1, 0xE7, 0xA0, 0xDD, 0xE1,
+        0x14, 0x3B, 0xE5, 0xCE, 0xD7, 0xBB, 0xE2, 0x32,
+        0xCB, 0xFB, 0xD8, 0xAE, 0x00, 0xEA, 0x5F, 0xC1,
+        0x65, 0x02, 0x6D, 0x72, 0x9D, 0xB3, 0x0F, 0x6A,
+        0xFD, 0x99, 0x73, 0xB6, 0x72, 0x2C, 0x07, 0xF6,
+        0x00, 0x66, 0x54, 0x41, 0xE3, 0x0B, 0x7C, 0x5F,
+        0xB2, 0x97, 0xB8, 0xAB, 0x96, 0x9C, 0x06, 0x83,
+        0x9D, 0x33, 0x1D, 0xEE, 0x96, 0xDE, 0x48, 0x68,
+        0x7D, 0xC9, 0xDA, 0x53, 0x1A, 0x95, 0xCA, 0x83,
+        0xA7, 0x6F, 0x4B, 0x07, 0x6D, 0xFC, 0xF4, 0x83,
+        0xF0, 0x04, 0x50, 0xE5, 0x1C, 0x8D, 0x34, 0xD8,
+        0xED, 0x8E, 0x4B, 0x3D, 0xAF, 0xAE, 0x66, 0x4B,
+        0x6D, 0xC1, 0x3E, 0xD8, 0x8E, 0x6D, 0x63, 0x02,
+        0x7D, 0xD4, 0x38, 0xCB, 0x74, 0xF4, 0x12, 0xE8,
+        0x70, 0xCC, 0x9D, 0xFD, 0x29, 0xB5, 0x2A, 0xBC,
+        0xA1, 0x69, 0xC1, 0x7E, 0x97, 0x47, 0x58, 0xE0,
+        0x3A, 0xC0, 0xFB, 0x7F, 0xE5, 0x64, 0x50, 0x8E,
+        0x01, 0x7A, 0x9B, 0x47, 0x49, 0xD6, 0x41, 0xAF,
+        0x0D, 0xE3, 0x84, 0x08, 0x8F, 0xA0, 0x0C, 0x69,
+        0x40, 0x23, 0x3D, 0xDE, 0xFB, 0x65, 0x7C, 0x18,
+        0x1C, 0x82, 0xA1, 0xB6, 0xA3, 0x1F, 0xCC, 0xF4,
+        0xD5, 0x2C, 0x9D, 0x35, 0x1E, 0x6B, 0xDF, 0xDF,
+        0x48, 0xBC, 0xE4, 0x14, 0x60, 0x74, 0x62, 0xDB,
+        0x76, 0x9F, 0x9E, 0xB1, 0x59, 0x25, 0xBA, 0x9F,
+        0xAF, 0xBA, 0xB2, 0x29, 0xB5, 0x89, 0x6B, 0xF1,
+        0xF8, 0xE4, 0x7D, 0xF1, 0x7C, 0x82, 0x08, 0xDF,
+        0xD5, 0x96, 0x04, 0xB6, 0x05, 0x2C, 0xD2, 0xCE,
+        0xAB, 0x56, 0x40, 0x0F, 0x11, 0xC4, 0xD9, 0x52,
+        0x1E, 0x1A, 0xB8, 0x27, 0x4A, 0xB5, 0x76, 0x4C,
+        0x73, 0xE9, 0x41, 0x32, 0x42, 0x0E, 0x32, 0xB6,
+        0xAE, 0xB0, 0x76, 0x33, 0x78, 0xD9, 0xBA, 0x68,
+        0xE1, 0xFC, 0xDE, 0x2B, 0xD6, 0xDE, 0xDA, 0x39,
+        0x17, 0xC0, 0x00, 0xAF, 0x39, 0xB7, 0x8F, 0x4C,
+        0xCA, 0x7C, 0x8F, 0xBF, 0x94, 0xB4, 0xCB, 0x8A,
+        0x81, 0x16, 0xEE, 0xEC, 0xFE, 0xF0, 0x13, 0x1E,
+        0xC9, 0xF2, 0xDE, 0xDA, 0x01, 0x40, 0xC9, 0x02,
+        0xA8, 0xD6, 0xE6, 0x0E, 0x98, 0xB3, 0xCD, 0x9D,
+        0x9C, 0x75, 0x24, 0x8B, 0xF8, 0x84, 0x5A, 0xC0,
+        0xD7, 0xE0, 0x6B, 0xA0, 0xE1, 0x83, 0x10, 0xFE,
+        0xCE, 0x98, 0x62, 0x07, 0x54, 0x2C, 0xC1, 0xEE,
+        0x08, 0x88, 0x43, 0xEF, 0x74, 0xA2, 0x6A, 0xEC,
+        0xB6, 0xD0, 0x6F, 0x0F, 0xEF, 0xE1, 0xB7, 0x2C,
+        0xF9, 0x33, 0x06, 0xC3, 0x2E, 0xD2, 0x8A, 0xEC,
+        0xC5, 0x5B, 0xB1, 0x03, 0xA0, 0x84, 0x6D, 0x0C,
+        0x84, 0x13, 0x6D, 0xB0, 0xB0, 0x54, 0xF3, 0xDE,
+        0xA3, 0x9A, 0x72, 0x6C, 0x6F, 0xD6, 0x59, 0x7F,
+        0x9B, 0x03, 0x8C, 0xC2, 0x38, 0x46, 0x01, 0x76,
+        0x38, 0xF4, 0x43, 0x68, 0x81, 0x0D, 0x86, 0x29,
+        0x3D, 0xDF, 0xE5, 0x48, 0x61, 0x53, 0x2F, 0x85,
+        0xF5, 0x3F, 0x09, 0x30, 0x48, 0xC3, 0xE0, 0x09,
+        0xC4, 0x32, 0x11, 0x27, 0xAD, 0xAA, 0xEC, 0x6A,
+        0x5C, 0xCE, 0x03, 0xE0, 0xD9, 0xE9, 0x1D, 0xAC,
+        0xCA, 0xBB, 0x2F, 0x50, 0xE0, 0x1E, 0xB2, 0xAC,
+        0x2B, 0x39, 0x6D, 0x24, 0xB0, 0x5D, 0x45, 0x3B,
+        0xD5, 0x1D, 0x52, 0x9F, 0xBA, 0x51, 0xE4, 0x6D,
+        0x30, 0xC5, 0x66, 0x13, 0x00, 0x5A, 0xBF, 0x62,
+        0x63, 0xB9, 0x8D, 0x8D, 0xFE, 0xB5, 0x26, 0x16,
+        0xD1, 0xCB, 0x78, 0x92, 0x18, 0x1C, 0x2F, 0xC2,
+        0xE2, 0x04, 0x3B, 0x99, 0x4C, 0x81, 0x66, 0x58,
+        0x48, 0x2E, 0x06, 0x06, 0x34, 0x83, 0x78, 0xA3,
+        0xCC, 0x85, 0x40, 0xE0, 0x20, 0x27, 0x3F, 0x10,
+        0xB6, 0x9E, 0x20, 0x21, 0xA9, 0x2D, 0x9C, 0x36,
+        0xCC, 0x9B, 0x97, 0x79, 0xFE, 0x8C, 0xE7, 0xA4,
+        0x99, 0xAE, 0xB5, 0x3E, 0xC6, 0xDD, 0xB4, 0xF2,
+        0xEC, 0x22, 0xBF, 0xB4, 0x52, 0xFC, 0x5E, 0x79,
+        0x7D, 0x3A, 0x25, 0x33, 0x26, 0x00, 0x06, 0xFE,
+        0x6D, 0xCC, 0xE4, 0xE9, 0x76, 0x65, 0xC6, 0x8C,
+        0x39, 0x93, 0xDC, 0x7E, 0xA0, 0xBD, 0x4B, 0xDC,
+        0xD2, 0x47, 0x21, 0xB0, 0x2B, 0x09, 0x02, 0xB1,
+        0x84, 0x0D, 0xDE, 0xC5, 0x18, 0x20, 0x38, 0x76,
+        0x2D, 0x55, 0xFC, 0x11, 0xB9, 0x87, 0x3A, 0x0D,
+        0xD2, 0xEB, 0xBD, 0x55, 0xAD, 0xE3, 0x86, 0x5C,
+        0xFF, 0x3D, 0x54, 0x5F, 0x76, 0x33, 0x53, 0x69,
+        0xDD, 0x9E, 0x70, 0xB0, 0x73, 0x99, 0x77, 0xF6,
+        0xE9, 0x8A, 0x61, 0x27, 0x19, 0x4A, 0x19, 0x26,
+        0xA6, 0x97, 0xE4, 0x7F, 0x73, 0xE0, 0x4F, 0xF5,
+        0xBD, 0x52, 0x5E, 0x8F, 0x17, 0x22, 0x00, 0x8F,
+        0x7C, 0x15, 0x5C, 0xD3, 0xAD, 0xE0, 0xA5, 0xB6,
+        0x6A, 0x31, 0x36, 0xFD, 0xD8, 0x44, 0xAE, 0x5E,
+        0xCD, 0x6C, 0x82, 0x77, 0xC3, 0xD0, 0x7F, 0x39,
+        0x72, 0x1E, 0x91, 0x19, 0x50, 0xE1, 0x28, 0x20,
+        0x88, 0x3A, 0x6B, 0xC8, 0xA9, 0xE7, 0x93, 0x28,
+        0x0F, 0xA7, 0x4F, 0xF2, 0x1A, 0xC2, 0x13, 0x4E,
+        0x6B, 0xAE, 0x71, 0x3F, 0x43, 0x89, 0xC9, 0xE7,
+        0xDD, 0x05, 0xBB, 0x41, 0x09, 0xB5, 0x5E, 0xB9,
+        0x23, 0x51, 0xC0, 0xEB, 0x92, 0x1A, 0x0C, 0x3F,
+        0xAC, 0xC5, 0x00, 0x8C, 0xB8, 0x5C, 0x3F, 0x2D,
+        0x5F, 0x9A, 0xCE, 0xAE, 0x9B, 0x4B, 0x71, 0x48,
+        0x25, 0xFD, 0xE2, 0xB6, 0x26, 0x3F, 0xEE, 0x10,
+        0x33, 0x07, 0x4F, 0x59, 0xF0, 0x73, 0xE9, 0x39,
+        0x5C, 0x0D, 0x8B, 0xB5, 0xD1, 0xEF, 0xE5, 0xBF,
+        0xBB, 0xE1, 0x80, 0xF7, 0xC5, 0x91, 0xC1, 0x72,
+        0xAA, 0xB0, 0x5E, 0x7C, 0x53, 0x69, 0x4C, 0x37,
+        0x7A, 0xD2, 0x7B, 0x9D, 0x1C, 0xFA, 0x0F, 0xE0,
+        0x92, 0x93, 0x40, 0x5D, 0xBE, 0x1C, 0xF8, 0x84,
+        0x7A, 0x35, 0x1F, 0x72, 0x77, 0x68, 0xE2, 0xAF,
+        0xA5, 0x6B, 0x54, 0xFF, 0x53, 0x7C, 0xCD, 0x9D,
+        0x6A, 0x49, 0xD1, 0xCA, 0x74, 0x5F, 0xF5, 0xDB,
+        0x54, 0xF8, 0x60, 0xA7, 0x41, 0x66, 0xDE, 0xFF,
+        0xB0, 0xB2, 0xF9, 0x21, 0x06, 0xB7, 0x81, 0x4C,
+        0x9C, 0xEF, 0xFD, 0x11, 0xD5, 0x63, 0xD8, 0xF3,
+        0x3A, 0x81, 0xC4, 0x9D, 0x1B, 0xA8, 0x37, 0x73,
+        0x57, 0x26, 0x29, 0xF8, 0xB4, 0x7F, 0x9F, 0xA2,
+        0x7D, 0x2A, 0x63, 0x2C, 0x70, 0x08, 0x1E, 0x2E,
+        0xE7, 0xED, 0x73, 0xAB, 0xD2, 0x4C, 0x02, 0x7E,
+        0xF1, 0x15, 0x26, 0xE1, 0x09, 0x5C, 0x29, 0x13,
+        0xDF, 0x69, 0x29, 0x25, 0xE5, 0x68, 0x39, 0x10,
+        0x9B, 0xD0, 0x5E, 0xD8, 0xE2, 0xC9, 0x08, 0x61,
+        0x63, 0xCD, 0xF9, 0x45, 0xBC, 0x16, 0xDC, 0x80,
+        0x4C, 0x0F, 0x61, 0xEE, 0x8F, 0x3B, 0x72, 0xDB,
+        0x02, 0x45, 0xF6, 0x78, 0x69, 0x81, 0xFC, 0xE0,
+        0x32, 0x2F, 0xC2, 0xAF, 0xCD, 0x4E, 0x8E, 0x52,
+        0x03, 0xB5, 0x1C, 0x7C, 0x37, 0x2C, 0x58, 0xD5,
+        0xE2, 0x92, 0xA7, 0xE2, 0x49, 0x6C, 0x3F, 0x5D,
+        0x7F, 0x2B, 0x26, 0x70, 0x1C, 0x0C, 0x16, 0x7F,
+        0x49, 0x30, 0x71, 0x14, 0xEB, 0xBE, 0x13, 0xF4,
+        0xF1, 0xAA, 0x5A, 0xCF, 0x98, 0xF2, 0x07, 0x29,
+        0xB5, 0x12, 0x84, 0x80, 0x01, 0x46, 0x11, 0xA4,
+        0x44, 0xAE, 0x6D, 0xE0, 0x43, 0x7F, 0xFD, 0x5D,
+        0x84, 0xB5, 0x6E, 0x3E, 0x55, 0x0D, 0xE8, 0x66,
+        0x13, 0xA9, 0x28, 0x5A, 0x10, 0x84, 0x0B, 0xED,
+        0x0B, 0x69, 0xF0, 0x19, 0x69, 0x9B, 0x34, 0xB8,
+        0x6F, 0xC6, 0x22, 0xD3, 0x25, 0x26, 0x9D, 0x1A,
+        0x04, 0x6B, 0x53, 0xA4, 0xDF, 0x12, 0x93, 0xA5,
+        0x2C, 0xEE, 0x1C, 0x35, 0xFE, 0x81, 0x6B, 0x67,
+        0x81, 0x92, 0x07, 0xE0, 0x9A, 0x02, 0xC9, 0xD8,
+        0x59, 0x4D, 0x51, 0xE8, 0xB3, 0x14, 0x55, 0x2F,
+        0xDE, 0x26, 0xDB, 0x7C, 0xEB, 0x8D, 0x80, 0x12,
+        0x4A, 0x8A, 0x1C, 0x33, 0x74, 0x8E, 0x05, 0xC1,
+        0xAF, 0xD6, 0xE8, 0x7B, 0x56, 0x7C, 0x41, 0xE0,
+        0xE7, 0x3F, 0x32, 0x5F, 0x25, 0xDD, 0x2F, 0x48,
+        0x21, 0x90, 0xC4, 0x04, 0x42, 0x1A, 0x3D, 0x6A,
+        0x0E, 0x5D, 0x5C, 0xDB, 0xE2, 0xB0, 0x18, 0x8B,
+        0xAC, 0x77, 0xC6, 0xE3, 0x5D, 0x77, 0xC0, 0xA3,
+        0x2B, 0x1D, 0x96, 0x29, 0xF8, 0x8E, 0x70, 0xA7,
+        0x65, 0xFE, 0xE3, 0x8C, 0x1A, 0xB2, 0x39, 0x75,
+        0xB9, 0x45, 0xF2, 0x16, 0x1F, 0x6C, 0xFE, 0x7E,
+        0x68, 0x2A, 0xED, 0x96, 0x84, 0x95, 0x47, 0x05,
+        0x1D, 0xDE, 0xB7, 0x7B, 0x90, 0xF6, 0xAF, 0x00,
+        0x74, 0x7C, 0x47, 0xE0, 0x2E, 0x80, 0xB6, 0x9A,
+        0x0D, 0x4B, 0x78, 0xA4, 0x7D, 0xDD, 0x81, 0xE2,
+        0x99, 0x27, 0x1F, 0xA7, 0x8F, 0xE4, 0x23, 0xAD,
+        0xDF, 0x12, 0x0D, 0xD0, 0x4D, 0x46, 0xC1, 0x32,
+        0xE9, 0x70, 0xF4, 0xA0, 0x4E, 0x97, 0xA5, 0x88,
+        0xD2, 0x7C, 0x7B, 0xA8, 0x43, 0x26, 0x18, 0x2A,
+        0xAE, 0x04, 0xC2, 0x51, 0x28, 0x99, 0x71, 0x69,
+        0x1D, 0x96, 0x78, 0xD4, 0x09, 0x88, 0x16, 0x88,
+        0xF3, 0xBC, 0xCB, 0x95, 0x08, 0x30, 0xE6, 0x5B,
+        0x78, 0x48, 0x41, 0x00, 0x4E, 0x40, 0x44, 0x58,
+        0xE6, 0x16, 0x59, 0x63, 0xCF, 0xB4, 0xEE, 0xB5,
+        0x05, 0xFD, 0xD1, 0x35, 0xF3, 0x1E, 0xD0, 0x14,
+        0x7C, 0xC9, 0xE9, 0x87, 0x7F, 0xFF, 0x41, 0x07,
+        0x68, 0x91, 0x06, 0x17, 0x4E, 0x76, 0x66, 0xEE,
+        0xCB, 0x6C, 0xF2, 0xDA, 0x9C, 0x93, 0x51, 0xDC,
+        0x43, 0x4A, 0x94, 0x49, 0x38, 0x4E, 0xED, 0x7F,
+        0x5F, 0x90, 0x77, 0xB4, 0x2F, 0x0F, 0xC5, 0xD9,
+        0xF0, 0xF5, 0xF7, 0x21, 0x91, 0x32, 0xFF, 0x9A,
+        0x47, 0x09, 0x83, 0xE1, 0x9D, 0x30, 0xA4, 0xF3,
+        0x7D, 0x18, 0x97, 0x44, 0xD8, 0x32, 0xFD, 0x5F,
+        0xB3, 0x97, 0x49, 0x4E, 0x11, 0xAD, 0xF7, 0x4F,
+        0x4E, 0x90, 0x0A, 0x41, 0x87, 0xCF, 0xF5, 0xDA,
+        0x8F, 0x6D, 0x7B, 0x35, 0xAE, 0xA0, 0x16, 0xA8,
+        0xDE, 0x88, 0x62, 0x26, 0x5F, 0x13, 0x69, 0xFB,
+        0x36, 0x7E, 0xF1, 0x86, 0x0C, 0x8E, 0x07, 0xC3,
+        0x3F, 0x32, 0x82, 0xB4, 0xD9, 0x83, 0x7C, 0xDF,
+        0x3E, 0xF6, 0x58, 0x42, 0x2D, 0x34, 0xDE, 0xA4,
+        0x1E, 0x56, 0xDD, 0x18, 0x70, 0x36, 0x81, 0xD0,
+        0x44, 0xE3, 0xC4, 0x03, 0xAF, 0x33, 0xD1, 0xE7,
+        0xAF, 0xA9, 0x6A, 0x8C, 0x44, 0x35, 0xFE, 0xBB,
+        0xA0, 0xD2, 0x5D, 0xE0, 0xE4, 0xAE, 0xDF, 0xFB,
+        0x82, 0xA0, 0xBA, 0xDE, 0x76, 0xB6, 0x6C, 0xA9,
+        0xBE, 0xC7, 0xE9, 0xD7, 0x3F, 0x1C, 0xB2, 0x9C,
+        0xD7, 0x3C, 0xF0, 0x0C, 0x2F, 0x60, 0x44, 0xD8,
+        0x34, 0x53, 0xCE, 0xDD, 0xE0, 0x3F, 0x97, 0x2E,
+        0xBB, 0x03, 0x20, 0x62, 0xD0, 0xA8, 0x23, 0x9F,
+        0xB6, 0x99, 0xEC, 0x89, 0x0D, 0x32, 0x0F, 0x6F,
+        0xAF, 0x3D, 0x20, 0x7B, 0xDC, 0x9A, 0xFE, 0xA2,
+        0x02, 0x8B, 0x86, 0x99, 0x56, 0x23, 0x43, 0xAA,
+        0x50, 0xF7, 0x0A, 0x4E, 0x8C, 0x62, 0xDA, 0xF8,
+        0xB8, 0xCC, 0xA7, 0x2D, 0x02, 0x47, 0x63, 0xBA,
+        0xEC, 0x25, 0x00, 0x23, 0xEA, 0xE8, 0x25, 0xC6,
+        0x51, 0xAC, 0xC4, 0xAA, 0xA0, 0xDB, 0x6C, 0x5E,
+        0xC7, 0xEF, 0xD0, 0x71, 0xED, 0xFB, 0x95, 0xAF,
+        0x61, 0x0B, 0x64, 0x01, 0x61, 0x4F, 0x4F, 0xC6,
+        0x36, 0x27, 0x75, 0xC3, 0x81, 0x0A, 0x9A, 0x21,
+        0x69, 0xF8, 0x4A, 0x21, 0x12, 0x3B, 0x03, 0x1C,
+        0xCE, 0x08, 0x7D, 0x52, 0x0E, 0x99, 0xE2, 0x62,
+        0xE8, 0x81, 0x2E, 0x84, 0x09, 0x8E, 0xBE, 0x9B,
+        0xCE, 0xD6, 0xE6, 0xA4, 0xF7, 0x3B, 0x67, 0x45,
+        0x41, 0xDE, 0x0B, 0xCF, 0x5E, 0x7E, 0x31, 0x8F,
+        0x90, 0x6D, 0x90, 0x1F, 0xEB, 0x1D, 0x9D, 0x1C,
+        0xCB, 0x6C, 0xFF, 0xE8, 0x50, 0xDB, 0xFF, 0x75,
+        0xC8, 0xA8, 0x9F, 0x43, 0xCB, 0x94, 0x89, 0x5F,
+        0x28, 0x69, 0x6F, 0xAB, 0xB6, 0xAD, 0xCE, 0xE7,
+        0x69, 0x7E, 0x60, 0x09, 0x03, 0x87, 0x43, 0x6E,
+        0x19, 0xB1, 0x38, 0x81, 0x9B, 0x90, 0xAE, 0xB1,
+        0x8A, 0xC2, 0x7D, 0x2C, 0x65, 0x9B, 0x0D, 0xF1,
+        0x77, 0x94, 0xA7, 0x2F, 0x8B, 0xB7, 0xCE, 0x03,
+        0xEE, 0x9A, 0x78, 0xFE, 0x8C, 0x8A, 0x37, 0x45,
+        0xD5, 0x05, 0xDE, 0xD8, 0x85, 0x00, 0xF4, 0xCF,
+        0x98, 0xFB, 0x62, 0x85, 0xB0, 0xBD, 0x82, 0xE2,
+        0x7D, 0xED, 0x93, 0x3B, 0xCC, 0x18, 0x73, 0xF8,
+        0x8A, 0xBD, 0x82, 0x8F, 0x60, 0x47, 0xAC, 0xEC,
+        0x47, 0x2D, 0xEA, 0xE8, 0x7D, 0x8A, 0xDE, 0x0A,
+        0xD0, 0x73, 0x48, 0xFF, 0xAF, 0x59, 0xC1, 0x70,
+        0x29, 0xD8, 0x45, 0x38, 0x77, 0x7F, 0x73, 0xBF,
+        0xED, 0x5C, 0x63, 0x63, 0x0B, 0xC4, 0x43, 0xE0,
+        0xFA, 0x12, 0xDE, 0x72, 0x2D, 0xAB, 0xBB, 0xC2,
+        0x25, 0x0A, 0xBA, 0x3F, 0xD8, 0x61, 0x54, 0xEE,
+        0x20, 0x8D, 0x53, 0xA3, 0x27, 0xA7, 0xFF, 0x26,
+        0xA0, 0x17, 0x93, 0x39, 0x4D, 0x04, 0x15, 0x8B,
+        0xB3, 0x20, 0x60, 0x04, 0x47, 0xE2, 0xFD, 0x7D,
+        0x7C, 0x6D, 0xE0, 0x76, 0xA5, 0x13, 0xD6, 0x81,
+        0x95, 0xB0, 0x67, 0x20, 0x4F, 0xF6, 0x00, 0x5B,
+        0x16, 0x25, 0x54, 0x2B, 0x28, 0x37, 0x2F, 0x06,
+        0x80, 0x60, 0x53, 0xAE, 0xE2, 0xEA, 0x9F, 0x88,
+        0xAE, 0xA2, 0x9A, 0x27, 0x02, 0x15, 0x4B, 0xF4,
+        0x43, 0xBC, 0x70, 0x7D, 0x0A, 0x96, 0xEB, 0x06,
+        0xCE, 0x43, 0xEF, 0xE6, 0x6A, 0xAC, 0x1F, 0x16,
+        0x95, 0xE2, 0x8C, 0xF1, 0x07, 0x19, 0x3D, 0x06,
+        0x2E, 0x71, 0xB6, 0x3A, 0xFD, 0xCF, 0x9E, 0x05,
+        0x0B, 0xBE, 0xD7, 0x48, 0x4E, 0xC5, 0xE8, 0x0C,
+        0x51, 0x5A, 0xC8, 0x20, 0xF0, 0xCD, 0xF9, 0x65,
+        0xDD, 0x97, 0xF7, 0xA1, 0x1B, 0x57, 0xB2, 0x1A,
+        0x04, 0xBF, 0x42, 0xF2, 0xA3, 0x3D, 0x61, 0x97,
+        0x64, 0xDF, 0xB3, 0x63, 0x11, 0xFD, 0xAD, 0x8C,
+        0x83, 0xA7, 0x48, 0xBA, 0x34, 0x42, 0xC5, 0x70,
+        0x64, 0x5A, 0x78, 0x5E, 0x67, 0x03, 0xE5, 0xBF,
+        0x22, 0xE8, 0x46, 0xFC, 0x51, 0x6C, 0xB4, 0x99,
+        0x15, 0xFD, 0x63, 0xB6, 0x3E, 0x5D, 0xBF, 0x56,
+        0xF5, 0x5E, 0xA4, 0x01, 0x16, 0xD5, 0x03, 0x4B,
+        0xBB, 0x94, 0x5F, 0x58, 0xD6, 0x76, 0x95, 0xC7,
+        0x96, 0xF1, 0xC1, 0xD0, 0x53, 0xA3, 0xEB, 0x28,
+        0xA9, 0x5E, 0x8F, 0x38, 0x8E, 0x80, 0x04, 0xC3,
+        0xB2, 0x4F, 0xD5, 0xFC, 0xCA, 0x7B, 0xB1, 0xE3,
+        0xB9, 0x9A, 0x9F, 0x3C, 0x94, 0x5E, 0xF8, 0xA5,
+        0x35, 0xF1, 0x37, 0x43, 0x20, 0x71, 0xA5, 0xCA,
+        0x5B, 0x6F, 0x7D, 0xC7, 0xB8, 0xBC, 0xE5, 0x5A,
+        0xD0, 0xF3, 0xB6, 0xCF, 0x1B, 0xCB, 0xB9, 0xCD,
+        0x35, 0xE2, 0x41, 0xF8, 0x6E, 0x46, 0x97, 0x27,
+        0x26, 0x48, 0xF4, 0x73, 0xDB, 0xD5, 0xB7, 0x68,
+        0x1E, 0xF0, 0xC7, 0x84, 0x49, 0xE6, 0xC5, 0xFA,
+        0x93, 0x0D, 0x83, 0x2C, 0x85, 0x1E, 0xED, 0x2A,
+        0x65, 0x12, 0x19, 0xD7, 0xD9, 0xC3, 0xBB, 0x23,
+        0xF3, 0xC6, 0xAD, 0x7E, 0xB7, 0x78, 0x68, 0x54,
+        0x1F, 0x3C, 0xEE, 0x09, 0xF5, 0x1E, 0xE0, 0x4E,
+        0xBA, 0x1B, 0xBC, 0x29, 0x69, 0x8A, 0xED, 0xD3,
+        0xC7, 0xAC, 0xEC, 0x44, 0x29, 0xD7, 0xA4, 0x0C,
+        0xFA, 0xBD, 0xA2, 0x29, 0x34, 0x80, 0x16, 0x4F,
+        0x37, 0xEC, 0xB6, 0x73, 0xF2, 0xB5, 0xD7, 0x51,
+        0x57, 0x43, 0xAF, 0x7E, 0xD0, 0xB6, 0xE0, 0x96,
+        0xF0, 0xE2, 0xFE, 0xCE, 0xC8, 0x9F, 0x40, 0xD6,
+        0xAF, 0xE0, 0xBF, 0xCD, 0x70, 0x37, 0x91, 0x69,
+        0x99, 0x8C, 0xDF, 0x4A, 0x20, 0xDE, 0xB6, 0xC6,
+        0x7A, 0xB4, 0xE3, 0x6A, 0xAD, 0x53, 0xED, 0xB9,
+        0x8A, 0x13, 0x61, 0xC5, 0xE9, 0xB0, 0xDC, 0x16,
+        0x36, 0xD7, 0x51, 0xA8, 0x7B, 0x52, 0x05, 0x3B,
+        0xAD, 0x5C, 0xD2, 0xBD, 0x6F, 0x6B, 0xA9, 0x51,
+        0xA7, 0xE8, 0x7E, 0xA4, 0xB6, 0x77, 0xAE, 0x00,
+        0x89, 0x3A, 0x1F, 0x76, 0x72, 0x3F, 0xC5, 0x6C,
+        0x49, 0x4F, 0xB5, 0xCA, 0x2F, 0x5D, 0xAE, 0xF8,
+        0x58, 0x9A, 0xE2, 0x5B, 0x54, 0x76, 0xF4, 0xAA,
+        0x89, 0xD4, 0x04, 0xAF, 0x1C, 0x26, 0x65, 0xEC,
+        0xA1, 0x81, 0x06, 0x2A, 0x4B, 0x5E, 0xD5, 0x90,
+        0xB8, 0x26, 0x33, 0x64, 0x15, 0x33, 0x25, 0xAC,
+        0x97, 0x9A, 0xCA, 0x1B, 0x64, 0x50, 0x82, 0x8F,
+        0x65, 0x6A, 0xD4, 0x47, 0xCF, 0x7E, 0x93, 0x7D,
+        0xB3, 0xCB, 0xFE, 0x55, 0x0A, 0x46, 0x93, 0x22,
+        0xB5, 0x46, 0xAB, 0xD6, 0x05, 0x59, 0x14, 0x5E,
+        0x1B, 0xD4, 0x2D, 0xAF, 0xA3, 0x18, 0xB7, 0xA0,
+        0xD7, 0x11, 0x70, 0xDE, 0x81, 0x8B, 0xD6, 0x64,
+        0xFD, 0x38, 0xBD, 0x29, 0x92, 0x41, 0x80, 0xC4,
+        0x4A, 0x6D, 0x34, 0x1B, 0xF0, 0x59, 0xA0, 0xD6,
+        0x48, 0x55, 0xD2, 0xA5, 0xE2, 0x91, 0xB6, 0x71,
+        0xF4, 0x90, 0x97, 0x8B, 0x0A, 0xDD, 0x90, 0xEA,
+        0x61, 0x9B, 0x30, 0xA6, 0x2F, 0x5D, 0xB4, 0xEE,
+        0x7A, 0x10, 0x40, 0x59, 0x89, 0xAC, 0x30, 0x6E,
+        0x9C, 0x7B, 0xBC, 0x11, 0x75, 0x38, 0x00, 0x2E,
+        0xDF, 0xED, 0x87, 0x47, 0x30, 0xFB, 0xD4, 0x8A,
+        0xC6, 0xBE, 0xC7, 0x20, 0xC8, 0x3D, 0x51, 0x05,
+        0x67, 0x48, 0xDE, 0xE2, 0xBF, 0x95, 0x5E, 0x7B,
+        0xD7, 0xC7, 0x86, 0xDF, 0x68, 0x57, 0xA9, 0x29,
+        0xBC, 0xF8, 0xE3, 0x81, 0x62, 0x1B, 0x37, 0x58,
+        0xF2, 0xFF, 0xEE, 0xE8, 0x28, 0x08, 0x36, 0x23,
+        0x5B, 0x24, 0x68, 0x1E, 0x62, 0xBD, 0x27, 0xC2,
+        0x6F, 0xE9, 0x63, 0x67, 0x53, 0xC7, 0x8A, 0xB5,
+        0xA7, 0xEF, 0x29, 0xFE, 0x60, 0xAC, 0x29, 0xCF,
+        0x67, 0x40, 0x9F, 0xE6, 0x57, 0xCE, 0x65, 0x3A,
+        0x2F, 0xDA, 0xA7, 0xF2, 0x0C, 0x50, 0x19, 0xE6,
+        0xF7, 0x43, 0x2E, 0x8C, 0xEB, 0x9E, 0x99, 0x92,
+        0xE6, 0x46, 0xB7, 0x8D, 0x43, 0x65, 0xFD, 0x02,
+        0x17, 0x74, 0x6F, 0x7B, 0xA3, 0x1E, 0x06, 0x9D,
+        0x75, 0x4E, 0x05, 0xED, 0x5A, 0x71, 0xFC, 0x5E,
+        0x7D, 0x6D, 0x64, 0x5E, 0xAF, 0x41, 0x44, 0xD6,
+        0xBC, 0x43, 0x05, 0x5E, 0x6C, 0xDB, 0x89, 0x34,
+        0xC7, 0x02, 0x64, 0x08, 0xAE, 0x96, 0x53, 0x5B,
+        0xA2, 0xDE, 0xCD, 0x2F, 0x74, 0x56, 0xD6, 0xEC,
+        0xA4, 0x23, 0x68, 0xCD, 0x9A, 0xC5, 0x05, 0x7B,
+        0x7D, 0x1E, 0x12, 0xF7, 0x7A, 0xA8, 0x7C, 0x43,
+        0x7E, 0x7A, 0x43, 0x31, 0x5D, 0xA0, 0x81, 0xE5,
+        0x3A, 0xFE, 0x23, 0xB5, 0xBC, 0xC2, 0xF4, 0xCE,
+        0x3A, 0x80, 0x06, 0xE8, 0x1E, 0x08, 0xAF, 0x0A,
+        0x33, 0xC1, 0xA9, 0x30, 0x7C, 0x8D, 0x5A, 0xC5,
+        0x93, 0x89, 0xF2, 0x69, 0x24, 0x11, 0x6C, 0xAB,
+        0x0B, 0x87, 0xD5, 0x49, 0xD0, 0x38, 0x3C, 0x27,
+        0x4E, 0x8E, 0x85, 0xD4, 0x6E, 0x0F, 0xCD, 0x70,
+        0xE3, 0x68, 0x42, 0xCA, 0x4C, 0x8D, 0x6D, 0x0F,
+        0x48, 0xF3, 0xED, 0xF9, 0xE9, 0x43, 0x5D, 0xBF,
+        0x55, 0x75, 0xF8, 0xEB, 0x78, 0x93, 0x72, 0x75,
+        0x8B, 0xF5, 0xBD, 0xE9, 0x9D, 0xA2, 0xB9, 0x81,
+        0x83, 0xDB, 0xAC, 0x82, 0xD1, 0xC1, 0x20, 0x03,
+        0x72, 0x4D, 0xDC, 0x42, 0xAE, 0xC8, 0x1C, 0x0C,
+        0x78, 0x22, 0x77, 0x27, 0x91, 0x50, 0x4C, 0x90,
+        0xEA, 0x13, 0x8B, 0x6C, 0x91, 0xDF, 0x5D, 0x25,
+        0x36, 0x9C, 0xC2, 0x06, 0x4F, 0xD5, 0xE2, 0xCC,
+        0x9D, 0x89, 0x3B, 0xC4, 0x23, 0x5D, 0x88, 0x17,
+        0x62, 0x4E, 0xC9, 0xFA, 0xC8, 0xEF, 0x1D, 0x45,
+        0xE1, 0xFB, 0x58, 0xB3, 0x8E, 0xBD, 0x8D, 0xAE,
+        0x12, 0xFF, 0xA0, 0x37, 0xE0, 0x7F, 0x5B, 0x41,
+        0x1D, 0x40, 0x17, 0xAF, 0x95, 0x2D, 0x8C, 0x42,
+        0xC6, 0x1A, 0x2A, 0x1E, 0x8E, 0x70, 0x25, 0xD6,
+        0xD3, 0xA2, 0x85, 0xAA, 0x17, 0xFF, 0x0D, 0xB4,
+        0x39, 0xD0, 0xF2, 0xAF, 0xA0, 0x4F, 0x31, 0x8D,
+        0x6D, 0x57, 0x6A, 0xED, 0xC6, 0xF1, 0xE7, 0x67,
+        0xA6, 0x6F, 0xB3, 0x9B, 0x72, 0xC6, 0x7F, 0x05,
+        0xAF, 0x40, 0x87, 0x12, 0x0D, 0xC8, 0x98, 0x88,
+        0x2D, 0xDE, 0xA1, 0x7C, 0x95, 0x32, 0xB2, 0x7A,
+        0xB5, 0x9D, 0xE4, 0x0D, 0x75, 0xD4, 0x17, 0x5B,
+        0xB4, 0x92, 0x73, 0xAF, 0x87, 0x3A, 0x92, 0xDA,
+        0x4D, 0x87, 0xE2, 0x53, 0xCA, 0xE7, 0x2A, 0x52,
+        0x64, 0xE0, 0xC1, 0xDE, 0x4C, 0x9C, 0xF9, 0x1A,
+        0x1F, 0x3A, 0xD6, 0x05, 0xA0, 0xCC, 0x8D, 0x91,
+        0x93, 0x51, 0xF9, 0x37, 0x1A, 0xFC, 0x68, 0xEF,
+        0xBC, 0xED, 0x19, 0x8E, 0x4C, 0xD1, 0xB5, 0x8C,
+        0xA2, 0x85, 0xDA, 0x02, 0x65, 0xAB, 0xAC, 0xAE,
+        0xCA, 0x8E, 0xAC, 0xF0, 0x2A, 0x4F, 0xC7, 0x67,
+        0x16, 0x2E, 0x24, 0x7F, 0x73, 0xCD, 0xD7, 0x3E,
+        0xE3, 0x27, 0x8A, 0xF9, 0x4A, 0xC4, 0xA8, 0xCB,
+        0x2B, 0x01, 0x55, 0x68, 0x34, 0xA3, 0xC0, 0xB8,
+        0xD0, 0x6D, 0x05, 0xF2, 0x3B, 0x4C, 0x17, 0x47,
+        0xE7, 0x64, 0x53, 0xF4, 0x9D, 0xE0, 0x8D, 0xF8,
+        0xEE, 0x0E, 0xA6, 0x25, 0x64, 0x7D, 0x1B, 0xD0,
+        0x80, 0xE7, 0x3C, 0x41, 0x97, 0xAE, 0xCB, 0x6A,
+        0x23, 0xC2, 0x5F, 0x00, 0xC6, 0xC5, 0x4C, 0x8A,
+        0x4C, 0xEF, 0x76, 0x65, 0x95, 0x28, 0xB3, 0x67,
+        0x42, 0xEC, 0x17, 0xFF, 0x0E, 0xE3, 0x7B, 0x30,
+        0x6D, 0xCC, 0xB8, 0x87, 0xD6, 0x63, 0x36, 0x5D,
+        0xC9, 0xE8, 0x1D, 0x51, 0x47, 0xCF, 0xE5, 0x05,
+        0x0D, 0xB4, 0x09, 0xDF, 0xAD, 0x88, 0x9C, 0x38,
+        0x6F, 0x12, 0xA5, 0xCD, 0x0C, 0x95, 0x53, 0x41,
+        0x13, 0xA6, 0xD0, 0xAB, 0xCB, 0x5A, 0x3F, 0x56,
+        0xCE, 0x23, 0xEE, 0x32, 0x61, 0x22, 0x79, 0xE8,
+        0xBA, 0x23, 0x94, 0x61, 0x25, 0x8E, 0xD6, 0x3E,
+        0x78, 0x83, 0xE1, 0x15, 0xBA, 0x05, 0x81, 0xB8,
+        0x1A, 0x7F, 0x73, 0xC1, 0xB7, 0x9F, 0x29, 0xA1,
+        0x16, 0x2E, 0x6E, 0x84, 0xC7, 0x15, 0xBC, 0x50,
+        0x28, 0x5F, 0xD3, 0x8D, 0x4D, 0x6D, 0xC0, 0x87,
+        0x68, 0x88, 0x4B, 0xF4, 0xFB, 0x55, 0x85, 0x3D,
+        0xA7, 0xB5, 0x47, 0x1E, 0x73, 0xA1, 0x47, 0x8D,
+        0xB1, 0xE1, 0xCF, 0xE6, 0x15, 0x3E, 0xC6, 0xC3,
+        0x78, 0xDD, 0x6A, 0x3F, 0x42, 0x29, 0x6E, 0x61,
+        0x9D, 0xE7, 0x63, 0xFF, 0x2D, 0xDB, 0x83, 0xE5,
+        0x15, 0x84, 0xC2, 0x8D, 0xD8, 0x34, 0x2E, 0x92,
+        0x9E, 0x15, 0xB7, 0xBB, 0xCF, 0x5D, 0x6E, 0xCB,
+        0x87, 0x79, 0xCF, 0x7F, 0x3A, 0x9A, 0xC1, 0x6A,
+        0x43, 0x1F, 0x52, 0xA2, 0x34, 0xE6, 0xA3, 0x69,
+        0x9D, 0x9E, 0x44, 0x84, 0x0A, 0x4D, 0x3D, 0x48,
+        0x5D, 0xA5, 0xD9, 0x03, 0x94, 0xB1, 0x81, 0xEF,
+        0x89, 0x98, 0xE6, 0xD1, 0x44, 0x21, 0x83, 0x59,
+        0x09, 0xCD, 0xDB, 0x16, 0x7C, 0x8C, 0x38, 0x78,
+        0x19, 0x4B, 0x6D, 0x51, 0x4D, 0xF8, 0x63, 0x6D,
+        0x4A, 0x14, 0xA1, 0xBE, 0xF3, 0xCA, 0x38, 0x1E,
+        0x36, 0xCF, 0x2E, 0x6D, 0x5F, 0xBC, 0xB4, 0x0A,
+        0xF0, 0x91, 0x7D, 0x6D, 0xBB, 0x87, 0x5C, 0xFF,
+        0x64, 0xCD, 0xCE, 0xCC, 0xCF, 0xB8, 0xBF, 0xB8,
+        0x05, 0x45, 0x8D, 0xF8, 0x2C, 0x74, 0xEB, 0x86,
+        0x3A, 0x96, 0x9E, 0xD9, 0x8B, 0x9C, 0x46, 0xE7,
+        0x17, 0x3C, 0x09, 0x0D, 0xB0, 0x68, 0xB2, 0xD8,
+        0x0C, 0xCE, 0x32, 0xDE, 0x51, 0x72, 0xB5, 0xD4,
+        0xA8, 0xB9, 0x09, 0xA5, 0xA4, 0xCC, 0x47, 0xFA,
+        0x9F, 0x2E, 0xD6, 0x6E, 0x60, 0x69, 0xCD, 0x96,
+        0xAB, 0x1F, 0x3E, 0x84, 0x8C, 0x68, 0x72, 0x0F,
+        0xEA, 0x32, 0xC5, 0x73, 0x6E, 0x8A, 0xB5, 0x10,
+        0x05, 0xFE, 0x42, 0x58, 0x33, 0xF2, 0x07, 0x56,
+        0xC1, 0x96, 0x76, 0x23, 0x77, 0x9D, 0x0A, 0xD2,
+        0x42, 0xA1, 0x69, 0x06, 0x83, 0xBA, 0xD2, 0xEB,
+        0x12, 0x3D, 0x97, 0xAB, 0x23, 0x08, 0x90, 0x15,
+        0x51, 0x4D, 0x0C, 0x6A, 0x3B, 0x0F, 0x37, 0x15,
+        0x25, 0xC2, 0x3E, 0x5F, 0x53, 0x84, 0x4C, 0x81,
+        0xDD, 0xE8, 0x7C, 0xFE, 0x9F, 0x06, 0x5E, 0x11,
+        0x68, 0x7D, 0x68, 0x6B, 0x07, 0x2C, 0x19, 0x00,
+        0xF5, 0xC9, 0xA7, 0xC3, 0x1F, 0xE8, 0xBA, 0xBE,
+        0x9F, 0x09, 0x0C, 0xE2, 0xCB, 0x3B, 0x68, 0x7B,
+        0xA8, 0x9E, 0xD8, 0x3C, 0x08, 0x85, 0xDF, 0xF9,
+        0x11, 0x2B, 0x52, 0xF6, 0xCE, 0xD7, 0x1E, 0x32,
+        0xA4, 0x0A, 0x9A, 0xBC, 0xFF, 0xF4, 0x20, 0xB6,
+        0x24, 0x85, 0x84, 0x7F, 0xFF, 0x70, 0x3C, 0xBB,
+        0x74, 0x36, 0x42, 0x25, 0x5F, 0xBD, 0x0A, 0x90,
+        0x86, 0xA7, 0xB8, 0x3F, 0x9E, 0xDF, 0x43, 0x24,
+        0x88, 0x0C, 0x52, 0x08, 0xF7, 0xDC, 0xB1, 0xEA,
+        0xC3, 0x38, 0xF9, 0x13, 0x16, 0x65, 0xA0, 0xCA,
+        0x6B, 0xF0, 0xD6, 0x12, 0xFB, 0xA6, 0x3F, 0xF7,
+        0x13, 0x91, 0x99, 0xB1, 0xDE, 0xE4, 0xEE, 0x1E,
+        0x98, 0x9B, 0xE4, 0xA0, 0x3A, 0xA8, 0xAC, 0x4A,
+        0x48, 0x3E, 0xCB, 0x9E, 0xB4, 0x1D, 0x22, 0x1F,
+        0x59, 0x97, 0x24, 0x8C, 0xFE, 0xDC, 0xBF, 0x6C,
+        0xAD, 0x8D, 0xB0, 0xA3, 0x27, 0xFA, 0x28, 0x8F,
+        0xD6, 0xAE, 0x31, 0x39, 0x84, 0xFA, 0x61, 0x8F,
+        0x7D, 0xD4, 0xEE, 0xBB, 0x13, 0xED, 0x85, 0xC4,
+        0x35, 0xC0, 0xAB, 0x07, 0x73, 0xC5, 0xCD, 0xCA,
+        0xD4, 0x69, 0x9B, 0x9C, 0x38, 0x2A, 0x1F, 0x37,
+        0xF9, 0xDF, 0x8C, 0x3A, 0xE1, 0x57, 0xDF, 0x05,
+        0x9F, 0x97, 0x51, 0xCC, 0xA6, 0x93, 0xD5, 0x49,
+        0x2A, 0xE9, 0xCD, 0x46, 0x31, 0x22, 0x6E, 0x62,
+        0xE8, 0x13, 0x90, 0x64, 0xFF, 0x00, 0x27, 0xCF,
+        0xA1, 0x95, 0x4E, 0xE9, 0x36, 0xAF, 0xAD, 0x02,
+        0x06, 0xDD, 0x2A, 0xE2, 0x28, 0xB6, 0xDD, 0x65,
+        0xCD, 0x9A, 0x9D, 0x5F, 0xF9, 0xC0, 0xCC, 0x48,
+        0xC8, 0xC2, 0xE9, 0x8F, 0x5A, 0xE6, 0xE2, 0xC9,
+        0x79, 0x7A, 0x83, 0x84, 0xF8, 0xA3, 0xE3, 0xC7,
+        0x48, 0xC7, 0x06, 0xFE, 0x6A, 0x36, 0x25, 0xD2,
+        0xA2, 0xEB, 0x4A, 0xE2, 0xCA, 0xA0, 0x49, 0x24,
+        0x1A, 0x47, 0x8C, 0x1A, 0x77, 0xF5, 0xC9, 0x0D,
+        0xDC, 0x94, 0x18, 0x4D, 0x89, 0x80, 0x50, 0x18,
+        0x7D, 0x67, 0x00, 0x43, 0xE4, 0xE7, 0x8F, 0x54,
+        0xDC, 0x60, 0x84, 0x24, 0xF3, 0xBF, 0x5E, 0x92,
+        0xC7, 0x0C, 0x05, 0x49, 0xBB, 0x61, 0x2F, 0x48,
+        0x0A, 0xEB, 0xE5, 0xFA, 0x8B, 0x01, 0x33, 0x27,
+        0x10, 0x3E, 0xA1, 0x28, 0x33, 0x11, 0x30, 0x1F,
+        0x91, 0x47, 0x7B, 0xA6, 0x3E, 0xD4, 0xF9, 0xC2,
+        0x8F, 0xA3, 0x4E, 0xBC, 0xA7, 0x61, 0x56, 0x1F,
+        0x90, 0x33, 0x54, 0x15, 0x06, 0x21, 0x9C, 0x57,
+        0x07, 0xC2, 0xF8, 0xED, 0x81, 0xED, 0x36, 0x15,
+        0xC8, 0xAC, 0xAB, 0x12, 0x80, 0xBF, 0x7C, 0x5E,
+        0x00, 0xEC, 0x1B, 0x27, 0x58, 0x3A, 0xE9, 0x09,
+        0x2B, 0x23, 0x16, 0x69, 0x26, 0xF9, 0xCC, 0x3C,
+        0x5A, 0xFB, 0x66, 0xBA, 0x32, 0xF9, 0xAF, 0xAB,
+        0xCB, 0xA7, 0xF7, 0x91, 0x6A, 0x82, 0x42, 0xA7,
+        0x9D, 0x7B, 0x0E, 0xD3, 0x5D, 0xF6, 0x52, 0x6D,
+        0x7D, 0x2B, 0xE6, 0x30, 0x99, 0x01, 0xBD, 0xC0,
+        0x3D, 0x15, 0x95, 0xC2, 0x67, 0x19, 0xD9, 0x0F,
+        0xC0, 0x79, 0x1E, 0xAB, 0xA7, 0x67, 0x35, 0x12,
+        0x53, 0xB0, 0x6A, 0xE4, 0xB9, 0x0A, 0x52, 0xEF,
+        0xBD, 0xCD, 0xD4, 0x0C, 0x09, 0x6F, 0x24, 0xE9,
+        0x52, 0x9F, 0xF8, 0x9F, 0x95, 0x95, 0x57, 0x07,
+        0x5F, 0xC8, 0xDD, 0xAF, 0xE6, 0x10, 0x3A, 0x51,
+        0x38, 0xF0, 0x9F, 0xBD, 0xEB, 0x0F, 0x5F, 0x36,
+        0xB5, 0x2A, 0x57, 0xBE, 0x21, 0x39, 0xD8, 0x9D,
+        0x29, 0x04, 0xBC, 0xE2, 0xB8, 0x6D, 0x03, 0xF2,
+        0x6D, 0x56, 0xF4, 0x18, 0x40, 0x07, 0x1A, 0x15,
+        0x8B, 0xF5, 0x46, 0xE1, 0x0C, 0x4D, 0xED, 0x0E,
+        0x81, 0xB0, 0x0D, 0x98, 0x88, 0xC5, 0x5D, 0x53,
+        0xE1, 0x1D, 0xB7, 0x00, 0x26, 0xC6, 0x46, 0x7E,
+        0xD2, 0xAB, 0x0B, 0xD9, 0x1E, 0xE0, 0xE7, 0xC3,
+        0xC3, 0xE0, 0x83, 0x7F, 0x8C, 0xB9, 0xBA, 0xE0,
+        0x04, 0xE2, 0xA8, 0xFF, 0xEC, 0xD5, 0x9E, 0x79,
+        0x2F, 0x13, 0xF9, 0x27, 0xCA, 0xDD, 0xF5, 0x0F,
+        0x74, 0xD2, 0x9B, 0xC6, 0x2E, 0xF2, 0xF0, 0x2A,
+        0xB0, 0xF9, 0x6E, 0x27, 0x3E, 0x8D, 0x66, 0xDB,
+        0x44, 0x82, 0xDD, 0x1B, 0xD5, 0xBB, 0x51, 0x6E,
+        0x72, 0x3A, 0xCB, 0x0F, 0x0B, 0x97, 0xBC, 0x32,
+        0x07, 0xC1, 0x0C, 0xF3, 0x94, 0xFF, 0x62, 0xE2,
+        0xFD, 0x7D, 0xBB, 0x3D, 0x43, 0x11, 0xB3, 0xFA,
+        0x22, 0x05, 0xBF, 0x87, 0x0F, 0xFD, 0xD1, 0x81,
+        0xC6, 0x30, 0xC6, 0x91, 0xD4, 0xEE, 0xA8, 0x6B,
+        0x37, 0xB2, 0x38, 0xF1, 0x87, 0x89, 0xE0, 0x04,
+        0x09, 0xED, 0x18, 0xA6, 0x3C, 0x18, 0x9E, 0x38,
+        0xCB, 0x9F, 0xFE, 0xB3, 0x03, 0xF4, 0xE4, 0x3F,
+        0xB3, 0x94, 0x7C, 0x74, 0x03, 0x6C, 0xCF, 0x16,
+        0x24, 0xF8, 0x56, 0xE2, 0x4A, 0x7E, 0x9A, 0x21,
+        0xB8, 0xC2, 0x7C, 0xF4, 0x3D, 0x85, 0x15, 0x43,
+        0xA5, 0xCA, 0xFD, 0xA3, 0x05, 0xCC, 0x63, 0x8D,
+        0x94, 0x82, 0x70
+    };
+    static const byte rnd_87[] = {
+        0x16, 0xB8, 0x2B, 0x9B, 0x0A, 0x90, 0x5B, 0xB3,
+        0xD8, 0x7B, 0x4A, 0x1E, 0x40, 0xAE, 0xAD, 0x3C,
+        0xDE, 0x63, 0xB2, 0x2C, 0xB7, 0x16, 0xBD, 0x46,
+        0x7A, 0x7B, 0xE8, 0x4A, 0xF1, 0x9B, 0x7C, 0xFE
+    };
+    static const byte sig_87[] = {
+        0xE5, 0x5D, 0x62, 0x56, 0x92, 0x73, 0x72, 0x13,
+        0xDD, 0x3D, 0x7F, 0x51, 0x42, 0xF3, 0xAA, 0x33,
+        0x87, 0x12, 0x2F, 0x20, 0xC9, 0x50, 0x93, 0x0A,
+        0x7E, 0x7C, 0xCC, 0x0C, 0x6D, 0x21, 0xB9, 0x5D,
+        0x62, 0x47, 0xD5, 0xFB, 0x3A, 0xCC, 0xBC, 0xB8,
+        0xA1, 0x5A, 0xDF, 0x97, 0x58, 0xBA, 0x7E, 0x40,
+        0x9A, 0x76, 0xD0, 0x1C, 0xBF, 0x0F, 0x14, 0xC3,
+        0x23, 0x3B, 0x21, 0xB0, 0x5D, 0x11, 0x3B, 0x1F,
+        0x70, 0xCB, 0x21, 0x78, 0x51, 0x68, 0xE2, 0x3A,
+        0x29, 0x4A, 0x0D, 0xD0, 0x32, 0x50, 0xDC, 0xBB,
+        0xD1, 0xCF, 0x80, 0x19, 0x7A, 0xC7, 0xFC, 0x37,
+        0x2D, 0x5A, 0x5A, 0xDF, 0x3E, 0x7E, 0x89, 0x2D,
+        0xC6, 0x0E, 0x75, 0x9A, 0xBB, 0xDF, 0x69, 0x82,
+        0x28, 0xB6, 0xD0, 0xF3, 0xF4, 0xCB, 0x4F, 0xD5,
+        0xDC, 0x5D, 0xFE, 0x8D, 0x01, 0xB4, 0x93, 0x9F,
+        0x89, 0x53, 0x18, 0x74, 0x29, 0x20, 0x36, 0xBF,
+        0x34, 0xCA, 0x71, 0x2B, 0x01, 0x14, 0xFB, 0x66,
+        0x94, 0x28, 0x81, 0xF1, 0xF1, 0x7E, 0x80, 0xB6,
+        0x4E, 0x0E, 0x9E, 0x9E, 0x60, 0xD7, 0x6A, 0xFB,
+        0x59, 0xC7, 0x96, 0x9F, 0xB4, 0x9C, 0x98, 0x72,
+        0x06, 0xC1, 0x6C, 0xAA, 0x8E, 0xC7, 0x48, 0xE6,
+        0xC3, 0xAD, 0x8B, 0x4E, 0xF7, 0x81, 0x92, 0x74,
+        0xC0, 0x5A, 0x2B, 0x54, 0x8D, 0x47, 0x15, 0xAC,
+        0xED, 0x45, 0x69, 0xD0, 0x7C, 0x28, 0x80, 0x18,
+        0xA3, 0x9F, 0xB7, 0x14, 0xC6, 0x51, 0xF9, 0x02,
+        0x70, 0x98, 0xD9, 0xC1, 0x09, 0xC0, 0xD7, 0xCE,
+        0x8B, 0x81, 0x7B, 0x30, 0x99, 0x4C, 0x85, 0x1C,
+        0xFA, 0xAE, 0xBF, 0x05, 0x95, 0xBB, 0x6E, 0x01,
+        0xE4, 0xFC, 0xE7, 0x11, 0x16, 0x90, 0x28, 0xC3,
+        0xC4, 0x36, 0x9F, 0x11, 0xCD, 0xEB, 0xEB, 0x71,
+        0x15, 0x08, 0x1D, 0x43, 0x2B, 0x12, 0xA6, 0x4E,
+        0xB6, 0xF9, 0x35, 0xE4, 0x37, 0x0D, 0xF7, 0x49,
+        0xDF, 0x73, 0x4D, 0xE3, 0x57, 0x33, 0x96, 0x7B,
+        0x72, 0x45, 0x2F, 0x92, 0x70, 0xBB, 0x6F, 0xCD,
+        0x90, 0x82, 0x67, 0xBB, 0x31, 0x9D, 0x9E, 0x38,
+        0x75, 0xCD, 0x5B, 0x55, 0x10, 0x6B, 0xFC, 0x00,
+        0x15, 0xC8, 0xCB, 0xFC, 0xE1, 0x18, 0x41, 0xE8,
+        0x6E, 0x92, 0xEC, 0x1A, 0x26, 0x88, 0x6C, 0xF6,
+        0x2A, 0x5C, 0x05, 0x94, 0xD7, 0xB8, 0xD0, 0x78,
+        0x52, 0x68, 0x8D, 0xC5, 0xBD, 0xD6, 0x29, 0xF8,
+        0x21, 0xDF, 0xB3, 0x28, 0x43, 0x74, 0xC7, 0x0E,
+        0x99, 0xD3, 0x0C, 0xDE, 0xE9, 0x06, 0x44, 0xCD,
+        0x77, 0x13, 0x34, 0x82, 0xBA, 0x36, 0x20, 0x71,
+        0x02, 0xB1, 0x6E, 0xBA, 0xCF, 0x9F, 0x15, 0x36,
+        0xC8, 0xF1, 0x4E, 0x36, 0x30, 0x34, 0x2D, 0x23,
+        0x6C, 0x77, 0xEC, 0xCA, 0xBA, 0x7C, 0x17, 0x4F,
+        0x3F, 0x22, 0x4A, 0x34, 0xA1, 0x5C, 0xB3, 0x8F,
+        0xD8, 0x48, 0xD5, 0x8A, 0x2C, 0x8B, 0x1B, 0xFB,
+        0x87, 0xDA, 0xBC, 0xB6, 0xD9, 0x59, 0xD6, 0x9B,
+        0xF0, 0x6E, 0x8D, 0xB1, 0x52, 0xE1, 0x8A, 0x36,
+        0x31, 0xA7, 0x83, 0xCE, 0xDF, 0x36, 0xEB, 0xBE,
+        0xEA, 0xC3, 0xC6, 0xA6, 0x52, 0x2D, 0x89, 0x0B,
+        0xF9, 0x5B, 0x1D, 0x14, 0xA9, 0xBF, 0x37, 0x31,
+        0xE0, 0x1C, 0xF5, 0x29, 0x95, 0xF0, 0xC0, 0x08,
+        0xE8, 0x97, 0xEE, 0x53, 0x27, 0x85, 0x81, 0x7D,
+        0x47, 0xE5, 0xAC, 0xC5, 0x1B, 0x48, 0xA5, 0x36,
+        0x1E, 0x8A, 0xD7, 0xF5, 0xC9, 0x93, 0x74, 0xCE,
+        0x06, 0xEA, 0xC3, 0x26, 0x45, 0xFF, 0xED, 0x39,
+        0xC1, 0x0B, 0x7A, 0x59, 0x3C, 0x0F, 0xEE, 0x89,
+        0xEF, 0xA4, 0xEC, 0xD0, 0x72, 0x34, 0x95, 0xC9,
+        0xC4, 0x78, 0x47, 0xB6, 0xB7, 0xCE, 0xA4, 0xD9,
+        0xA1, 0xB6, 0x37, 0xC1, 0xF1, 0xFB, 0x4E, 0x4C,
+        0x38, 0xB0, 0x4A, 0xE5, 0x13, 0x63, 0xDC, 0x44,
+        0xC4, 0x7E, 0x86, 0x9C, 0xAD, 0x69, 0x29, 0xFD,
+        0xA1, 0xFE, 0xAD, 0x3B, 0x59, 0x24, 0x2F, 0x70,
+        0xAE, 0x5F, 0x2C, 0x00, 0xFE, 0x01, 0x09, 0xA3,
+        0x10, 0x87, 0xF0, 0xAD, 0xFA, 0x9B, 0x83, 0x8F,
+        0x48, 0x96, 0x8B, 0x9A, 0x35, 0xE7, 0x4D, 0xAA,
+        0xEC, 0xA4, 0xCD, 0x26, 0x7C, 0x3E, 0xAC, 0x93,
+        0x26, 0x9D, 0x6B, 0x83, 0x34, 0xC4, 0x71, 0xE1,
+        0xC8, 0x93, 0x88, 0x09, 0xAF, 0x00, 0xB5, 0x7F,
+        0xD9, 0x5A, 0x8E, 0x36, 0xC1, 0x2E, 0x7E, 0xF1,
+        0x0C, 0xC5, 0x2A, 0xB3, 0xE4, 0x48, 0xDF, 0xFB,
+        0xFF, 0x99, 0xC9, 0x66, 0xD2, 0x28, 0x46, 0x7C,
+        0x43, 0x39, 0x96, 0x69, 0x95, 0x42, 0xAC, 0xE0,
+        0xC2, 0x0C, 0x65, 0x99, 0xC8, 0xB0, 0xAE, 0x76,
+        0xE8, 0x18, 0x3E, 0xA9, 0x1D, 0x44, 0x81, 0x14,
+        0x65, 0xF7, 0xDF, 0xD1, 0xD1, 0x7B, 0x7C, 0x28,
+        0xE0, 0x77, 0x9D, 0x79, 0x9C, 0xE4, 0x1A, 0xF1,
+        0xD0, 0xFF, 0x8E, 0xEA, 0x58, 0x84, 0xB3, 0x47,
+        0xBC, 0xA1, 0x47, 0x48, 0xB7, 0xC3, 0xD5, 0xD1,
+        0xF3, 0xDD, 0xA6, 0x3B, 0x15, 0x4C, 0xB3, 0xB5,
+        0xFD, 0x52, 0x9D, 0x7E, 0xF0, 0xC7, 0x40, 0x2C,
+        0x34, 0xBC, 0xCF, 0x1C, 0x67, 0x30, 0xC0, 0x4D,
+        0xA1, 0xC7, 0x5E, 0xAD, 0xAF, 0xCD, 0xFA, 0x21,
+        0xE4, 0xB5, 0x33, 0x8B, 0x37, 0x2D, 0xCF, 0x4D,
+        0x07, 0x48, 0x61, 0xB0, 0xB6, 0x8B, 0x27, 0x05,
+        0xA0, 0x8C, 0x71, 0x95, 0x84, 0x02, 0xB2, 0x1E,
+        0x59, 0xBC, 0xB6, 0xE2, 0x2C, 0x3C, 0x20, 0x4C,
+        0xDE, 0x1E, 0x35, 0x24, 0xC1, 0x5B, 0x3C, 0xB4,
+        0x2A, 0x8C, 0xA7, 0x2D, 0xE3, 0xDC, 0x45, 0x26,
+        0x6E, 0x29, 0x52, 0x5D, 0x24, 0x8A, 0xC2, 0x16,
+        0x73, 0xDB, 0x80, 0xF2, 0x91, 0xEC, 0x05, 0x3E,
+        0x2E, 0x9E, 0x39, 0x12, 0x5E, 0x11, 0x80, 0x24,
+        0xF5, 0xFC, 0x86, 0x4C, 0xD9, 0xF9, 0x70, 0x59,
+        0xC8, 0xC8, 0x57, 0x5D, 0x0F, 0x68, 0x75, 0x3C,
+        0x7A, 0x3D, 0x1B, 0xF7, 0xD0, 0xDF, 0xE2, 0xF9,
+        0xBD, 0x44, 0xFD, 0x21, 0x75, 0x86, 0x77, 0x25,
+        0xAF, 0xD3, 0x28, 0x55, 0x2A, 0x60, 0x7D, 0x79,
+        0x9C, 0x72, 0x2F, 0x6E, 0xAB, 0x2F, 0x26, 0x44,
+        0x0C, 0xFF, 0x52, 0xBD, 0xA1, 0xA9, 0x07, 0xBD,
+        0x9D, 0x2A, 0x64, 0x2E, 0x0B, 0xA1, 0xB8, 0x78,
+        0xD3, 0xC4, 0x84, 0x9A, 0xE1, 0xDB, 0xB4, 0x4A,
+        0x4C, 0x45, 0x7A, 0x8E, 0xD5, 0xA3, 0x6B, 0x09,
+        0x8D, 0x72, 0x8E, 0x6D, 0x17, 0x34, 0xFF, 0xD6,
+        0xED, 0x24, 0x19, 0x7D, 0xC6, 0x2D, 0x5B, 0x82,
+        0x68, 0xAE, 0x25, 0x33, 0xBB, 0xCB, 0x7D, 0xFD,
+        0x00, 0x15, 0x83, 0xEA, 0xBB, 0xE7, 0x40, 0x3D,
+        0x80, 0xD5, 0x9E, 0x6C, 0xE0, 0x3C, 0x7E, 0x3E,
+        0x12, 0xC7, 0x36, 0x7E, 0x41, 0x84, 0xE8, 0xB4,
+        0x16, 0xCA, 0x4A, 0xB7, 0xEB, 0x16, 0xEC, 0xAB,
+        0x5A, 0x69, 0x24, 0x7F, 0x5E, 0x81, 0x86, 0x7D,
+        0x30, 0x61, 0x4E, 0x0F, 0x75, 0x39, 0xEE, 0xF2,
+        0xF4, 0xDC, 0x5E, 0x23, 0x40, 0xE8, 0x3C, 0xC0,
+        0x10, 0xAD, 0x5E, 0xE6, 0x06, 0x8E, 0x5F, 0x55,
+        0xC5, 0x69, 0x65, 0x5F, 0xA3, 0x6E, 0x73, 0x86,
+        0x82, 0x32, 0x5F, 0x36, 0xA7, 0x6B, 0x2C, 0x26,
+        0xCD, 0x64, 0xC8, 0x57, 0x1F, 0x06, 0x7A, 0xAB,
+        0x8B, 0xA7, 0xDB, 0x53, 0x48, 0x1A, 0x06, 0x8D,
+        0x36, 0xF1, 0x77, 0x74, 0xE6, 0xF5, 0x18, 0x62,
+        0x8E, 0x8A, 0xBF, 0xB7, 0x7F, 0x72, 0x44, 0xAC,
+        0xC8, 0x9A, 0x0E, 0x60, 0x4B, 0xAB, 0xB2, 0x9E,
+        0x95, 0xDF, 0x95, 0x28, 0x98, 0x78, 0xBB, 0xA9,
+        0x5D, 0x8E, 0xEE, 0xB4, 0x84, 0xF5, 0x81, 0x7E,
+        0xA1, 0x53, 0x3E, 0xBB, 0x43, 0xF6, 0xD4, 0xB7,
+        0x60, 0xFD, 0xF4, 0xF8, 0x68, 0xB6, 0x1D, 0x9A,
+        0xF7, 0xDA, 0x77, 0xFA, 0xBB, 0x74, 0x44, 0xDE,
+        0x7C, 0x32, 0x2D, 0x5C, 0x24, 0xD8, 0x4D, 0xBF,
+        0xE0, 0x5C, 0x70, 0x12, 0x3C, 0x43, 0xCC, 0x5F,
+        0x00, 0xD5, 0x1F, 0xEA, 0x5D, 0xC9, 0x3A, 0x5C,
+        0x32, 0xED, 0xE0, 0xF1, 0x59, 0xA0, 0xB7, 0x71,
+        0xDC, 0x65, 0xD2, 0x88, 0x20, 0x20, 0xD8, 0x59,
+        0x53, 0x2D, 0x30, 0x2D, 0xFC, 0xA9, 0xEA, 0x45,
+        0xB0, 0xF3, 0x1E, 0x66, 0x9F, 0xF6, 0xF1, 0x5E,
+        0x9B, 0x67, 0x1D, 0xBF, 0x5E, 0x19, 0xB3, 0x2A,
+        0xE8, 0xCE, 0xE5, 0x90, 0xFE, 0x82, 0x5C, 0x19,
+        0x7B, 0x84, 0x3E, 0x45, 0xFF, 0x5D, 0xC2, 0x2E,
+        0x49, 0x6A, 0xB1, 0x2D, 0x50, 0x2D, 0x21, 0xF7,
+        0x2A, 0xA2, 0x39, 0x47, 0x8D, 0xB5, 0x17, 0x64,
+        0x3E, 0x96, 0x13, 0x90, 0x53, 0xEA, 0x57, 0x4C,
+        0xDB, 0x3D, 0x43, 0xC3, 0xE7, 0xD6, 0x5C, 0x54,
+        0x89, 0xDF, 0x6E, 0xF9, 0xE4, 0xC6, 0x64, 0xF0,
+        0x88, 0x1C, 0xD0, 0xF6, 0x9D, 0x9E, 0xD7, 0xCD,
+        0x2C, 0xFB, 0xCC, 0x54, 0x0E, 0x96, 0xD7, 0x4E,
+        0x05, 0xD2, 0xB3, 0x88, 0x85, 0xD8, 0x60, 0xA4,
+        0xF2, 0xE4, 0xD7, 0xFF, 0xAF, 0x12, 0x2E, 0xBA,
+        0xC4, 0x5A, 0x3A, 0x3E, 0xC5, 0xD7, 0xF3, 0x60,
+        0x4F, 0x27, 0xEF, 0xE0, 0x35, 0xAC, 0x4A, 0x8B,
+        0x14, 0x7D, 0xC4, 0xEF, 0x61, 0x9A, 0x69, 0x2E,
+        0x49, 0x80, 0x04, 0x0C, 0x18, 0xB9, 0x42, 0xC6,
+        0x8C, 0x8A, 0x99, 0x43, 0xA6, 0x5A, 0xCD, 0x72,
+        0x20, 0xAD, 0xFD, 0x9C, 0xC4, 0xAA, 0xDF, 0x6C,
+        0x6C, 0x03, 0xEF, 0x48, 0x3E, 0xFB, 0x4A, 0xBC,
+        0xAA, 0x44, 0xEE, 0xC4, 0x25, 0x8F, 0xF9, 0x8A,
+        0xC2, 0x24, 0x73, 0x15, 0xFA, 0x0E, 0xCB, 0x00,
+        0xEE, 0x9B, 0x39, 0x3F, 0x60, 0x1F, 0x00, 0x95,
+        0xCA, 0xFE, 0xC2, 0x2C, 0x35, 0x5F, 0xD9, 0xD1,
+        0x29, 0xB5, 0x4D, 0xC1, 0x66, 0x51, 0x8F, 0x17,
+        0x3B, 0xF4, 0xF1, 0x49, 0x42, 0x36, 0x0C, 0x5B,
+        0x58, 0xF2, 0x9B, 0x59, 0x01, 0xFB, 0x15, 0x7F,
+        0x21, 0x90, 0x1F, 0x56, 0x69, 0x8B, 0xE2, 0xA5,
+        0x44, 0xCB, 0x84, 0x98, 0x4B, 0x75, 0xA8, 0xCB,
+        0x83, 0x0D, 0xE8, 0x1C, 0x91, 0x7F, 0xE4, 0x57,
+        0x81, 0x16, 0x34, 0x2F, 0xCE, 0x01, 0xAA, 0x62,
+        0x54, 0x44, 0xB7, 0xD6, 0xC7, 0xF1, 0x68, 0x9A,
+        0x00, 0x3B, 0x71, 0x16, 0xF9, 0x96, 0x6A, 0x90,
+        0x6C, 0x2C, 0x4E, 0x58, 0xBC, 0xDD, 0xE9, 0x3B,
+        0x60, 0xB7, 0xA0, 0x97, 0xEE, 0xD6, 0x34, 0xDD,
+        0x49, 0x4A, 0xD9, 0x85, 0xD1, 0xB7, 0x95, 0x14,
+        0xEC, 0x6A, 0x40, 0xE8, 0x31, 0x80, 0xF1, 0xD8,
+        0x5F, 0x75, 0xF6, 0x92, 0x3A, 0x4F, 0xCD, 0x0A,
+        0x6E, 0xBF, 0xA1, 0x27, 0x48, 0x79, 0x27, 0x04,
+        0x76, 0x2C, 0xAB, 0x25, 0x06, 0xEB, 0x43, 0xDD,
+        0x1B, 0x4B, 0x24, 0xFC, 0x93, 0x51, 0x1C, 0x45,
+        0xF6, 0xAE, 0x77, 0xCF, 0xC9, 0xE6, 0x20, 0xE4,
+        0xA5, 0x2B, 0x3D, 0x7D, 0xF0, 0xEB, 0x51, 0x7C,
+        0xCA, 0xFE, 0x58, 0xBA, 0xC4, 0x07, 0x95, 0x75,
+        0x62, 0x0C, 0x50, 0x68, 0x88, 0x1A, 0x8A, 0x0D,
+        0x1B, 0x5C, 0x53, 0x1A, 0x9C, 0xA8, 0x4E, 0xFE,
+        0x63, 0x9B, 0xDB, 0x05, 0x70, 0x01, 0x75, 0xA1,
+        0x3A, 0x08, 0xFA, 0x51, 0xD5, 0xF6, 0x81, 0xDE,
+        0x69, 0xE5, 0x40, 0xB3, 0xF8, 0x7C, 0x46, 0x97,
+        0xA6, 0x4E, 0xA8, 0x51, 0x47, 0x9C, 0xB9, 0x25,
+        0xCD, 0x4E, 0xED, 0xFC, 0xEE, 0x03, 0x6A, 0xCD,
+        0x93, 0x65, 0xB3, 0x68, 0x09, 0x6F, 0xE8, 0x00,
+        0x6A, 0x3F, 0xBF, 0xE8, 0x6F, 0x09, 0xE9, 0xF2,
+        0x6F, 0x44, 0x2E, 0xB1, 0x81, 0x76, 0x04, 0xDD,
+        0x6E, 0xF4, 0x93, 0x61, 0xE5, 0x78, 0xD4, 0xDA,
+        0xBF, 0x05, 0xA1, 0xF4, 0x9D, 0xFD, 0x57, 0x06,
+        0x9C, 0x13, 0x45, 0x97, 0xF2, 0x48, 0xE6, 0x1A,
+        0xB5, 0xAD, 0x09, 0x11, 0x04, 0xBB, 0xA0, 0xA8,
+        0xA3, 0xA3, 0x33, 0xCD, 0x42, 0x2C, 0x66, 0xC2,
+        0x94, 0x80, 0x15, 0x9D, 0x56, 0x74, 0x02, 0xEE,
+        0xA7, 0xE4, 0x90, 0xDD, 0xFB, 0x0B, 0x3B, 0xF0,
+        0x7A, 0x02, 0x44, 0xE8, 0x11, 0xC4, 0x3A, 0xFE,
+        0x73, 0x2A, 0x4C, 0x92, 0x3C, 0x23, 0x37, 0x8B,
+        0x4F, 0x28, 0x8E, 0x1C, 0x4E, 0x7D, 0x0D, 0x6B,
+        0xFD, 0x20, 0xB5, 0x93, 0xB3, 0x75, 0x30, 0x28,
+        0xC7, 0x7E, 0x67, 0xC4, 0xDE, 0xDA, 0x27, 0xA9,
+        0xE3, 0xF2, 0xF5, 0x25, 0x98, 0x5F, 0x6B, 0xBE,
+        0x11, 0x80, 0x23, 0x49, 0x30, 0xC8, 0x8A, 0x63,
+        0xF9, 0xC4, 0x14, 0x77, 0x2A, 0xE2, 0x21, 0x42,
+        0x28, 0x1C, 0xEB, 0x9F, 0x7B, 0x70, 0xA8, 0x2B,
+        0xFB, 0x25, 0x36, 0xA6, 0xAC, 0xFE, 0x8E, 0xFF,
+        0xB6, 0x86, 0x09, 0x15, 0x7E, 0xD9, 0x26, 0x8F,
+        0xDB, 0xF2, 0x2D, 0xC2, 0xFA, 0xAE, 0xDA, 0x50,
+        0xF6, 0x24, 0x53, 0xDB, 0xBF, 0x92, 0x9D, 0x7E,
+        0x48, 0xCC, 0x75, 0xAC, 0xD0, 0xD3, 0x45, 0x09,
+        0x2F, 0x01, 0x60, 0xBB, 0xAE, 0xCB, 0xE6, 0xB3,
+        0x30, 0xDA, 0xD9, 0xB6, 0x12, 0xCD, 0xF5, 0x11,
+        0xCF, 0x2B, 0x2A, 0xC6, 0x61, 0x9A, 0x05, 0x59,
+        0x08, 0x58, 0x64, 0xEC, 0xDB, 0x77, 0xCF, 0x64,
+        0xE2, 0x4B, 0x6E, 0xF4, 0x07, 0x68, 0x5E, 0xE9,
+        0x31, 0xB1, 0x38, 0x67, 0xF9, 0x29, 0x2E, 0x7A,
+        0xD2, 0x03, 0xA6, 0x29, 0x3F, 0x22, 0x58, 0x66,
+        0x6A, 0x07, 0xD8, 0xFD, 0xC5, 0x03, 0xEE, 0x66,
+        0xD4, 0x66, 0x70, 0x6D, 0xA4, 0xC4, 0xA1, 0xEE,
+        0xCD, 0x4D, 0xFA, 0x3C, 0x34, 0x36, 0xC2, 0xC5,
+        0x1E, 0x86, 0xB8, 0x7B, 0x7C, 0xBC, 0x67, 0x16,
+        0xF3, 0x6E, 0xF2, 0xB7, 0xEA, 0x96, 0x1B, 0x0D,
+        0xA2, 0xC8, 0x42, 0xBF, 0x30, 0x09, 0x2A, 0x6D,
+        0x9D, 0x35, 0xB3, 0x92, 0xBA, 0x3E, 0xE2, 0xE9,
+        0xE2, 0xAA, 0x90, 0x70, 0xCE, 0x0F, 0x07, 0xFA,
+        0x7C, 0x3B, 0xF7, 0x66, 0x7F, 0x5C, 0xFE, 0xD9,
+        0x72, 0x1C, 0x4E, 0xFE, 0x7E, 0x86, 0x8E, 0x7F,
+        0x62, 0x8D, 0x41, 0x46, 0x7B, 0x43, 0x17, 0xB9,
+        0x44, 0xED, 0x39, 0x1B, 0x3E, 0xF9, 0x2D, 0xC7,
+        0x5C, 0x9D, 0xAC, 0x05, 0x00, 0xC6, 0x85, 0x4E,
+        0xB8, 0xBC, 0x29, 0xDF, 0x6D, 0x6A, 0xCC, 0xEB,
+        0xD6, 0x44, 0x86, 0xAA, 0xC9, 0x55, 0x49, 0xA1,
+        0x3F, 0x59, 0x5E, 0xAF, 0xD5, 0xC9, 0x96, 0x19,
+        0x84, 0xC0, 0x4D, 0x1B, 0xE5, 0x2C, 0x42, 0x8D,
+        0x2C, 0xC8, 0x83, 0x00, 0x26, 0xBF, 0x46, 0x9F,
+        0x20, 0x97, 0xEC, 0x2C, 0xA9, 0x2C, 0xF0, 0xA7,
+        0x11, 0xED, 0xE2, 0xA2, 0x57, 0x83, 0x40, 0x92,
+        0xF3, 0x58, 0xB7, 0x4E, 0xD6, 0x3A, 0x9D, 0xF0,
+        0xDD, 0xD4, 0x5F, 0x82, 0x58, 0xD3, 0x72, 0x05,
+        0x69, 0xFF, 0x1E, 0xBC, 0x74, 0x90, 0x87, 0xB5,
+        0x7A, 0xEE, 0xF8, 0xCE, 0x3F, 0x59, 0xE1, 0xC0,
+        0x46, 0x24, 0xF8, 0x9D, 0x93, 0x51, 0x4A, 0x44,
+        0xFB, 0xEA, 0x58, 0xA6, 0xAC, 0x9A, 0x7C, 0xA3,
+        0x11, 0xA3, 0x47, 0x44, 0x24, 0x11, 0xF5, 0x56,
+        0x1A, 0x3B, 0xCF, 0xEC, 0xD9, 0x2B, 0x6C, 0xBA,
+        0xA6, 0xA2, 0x67, 0xB9, 0xE0, 0xCB, 0x3F, 0x8D,
+        0xA8, 0xC4, 0x8A, 0x45, 0xAB, 0xE2, 0x10, 0x19,
+        0x10, 0xC9, 0xDB, 0x01, 0x64, 0xC0, 0x0B, 0x6F,
+        0x3B, 0xA1, 0xE9, 0xEB, 0x74, 0x9A, 0x63, 0x93,
+        0xE5, 0x74, 0x3F, 0xD3, 0x7B, 0xEA, 0x8C, 0xD6,
+        0x7D, 0x66, 0xDD, 0x90, 0x6C, 0x69, 0x67, 0x05,
+        0xAD, 0x70, 0xF1, 0xFA, 0x52, 0xBB, 0xD5, 0x3D,
+        0x0E, 0x7E, 0x87, 0xE0, 0x98, 0xAF, 0xA6, 0xE6,
+        0x0E, 0x25, 0x91, 0x70, 0xCA, 0x36, 0xE4, 0xF8,
+        0xF7, 0x95, 0x1C, 0x48, 0xF6, 0x62, 0x9A, 0x4D,
+        0xE4, 0xE7, 0x3A, 0x92, 0xC6, 0x2E, 0xAB, 0x8A,
+        0x75, 0x7C, 0x45, 0xDA, 0x54, 0xB1, 0x6D, 0x2E,
+        0xCC, 0x13, 0x46, 0x67, 0x8F, 0xFF, 0xDA, 0x18,
+        0xE1, 0x4C, 0xE4, 0x6A, 0xB6, 0xAC, 0x65, 0x32,
+        0x0C, 0x63, 0xD5, 0x43, 0xB5, 0x8B, 0xB1, 0x52,
+        0xEE, 0x0C, 0xBB, 0x62, 0x34, 0x30, 0xDB, 0xF7,
+        0x08, 0xC6, 0xE8, 0x5B, 0x07, 0x66, 0x6D, 0x4B,
+        0x39, 0xC6, 0x94, 0x2B, 0x22, 0x9E, 0x3E, 0x45,
+        0x62, 0x3D, 0x05, 0x03, 0x2B, 0x16, 0x71, 0xBB,
+        0x85, 0x1B, 0x6E, 0x84, 0xD3, 0x48, 0x4D, 0x63,
+        0x26, 0x60, 0x97, 0x45, 0xB8, 0xEA, 0x43, 0x96,
+        0x00, 0xFE, 0x0B, 0x85, 0xBD, 0x22, 0x40, 0xA4,
+        0xA7, 0x2F, 0xC1, 0xEB, 0xFD, 0xB5, 0x22, 0xD5,
+        0x1F, 0xB3, 0xEA, 0x7C, 0x6D, 0x20, 0xFB, 0x98,
+        0xA5, 0xF2, 0x84, 0x70, 0xF7, 0xB9, 0x2A, 0x12,
+        0x63, 0x0C, 0x2D, 0x97, 0x6C, 0xC2, 0x76, 0xAC,
+        0x32, 0xE2, 0xB1, 0x3A, 0xB3, 0xAB, 0x9E, 0xBB,
+        0x61, 0xB4, 0x6A, 0x5F, 0x2D, 0x4D, 0xCE, 0x0D,
+        0xFB, 0x97, 0x80, 0x89, 0x4A, 0x81, 0xFB, 0xB2,
+        0x72, 0x37, 0x66, 0xB9, 0x08, 0xBF, 0xCD, 0x9F,
+        0x63, 0xB2, 0xBA, 0x54, 0xF1, 0x9E, 0xEC, 0x11,
+        0x67, 0x26, 0xC7, 0x98, 0xDD, 0xA3, 0xC5, 0x50,
+        0x86, 0x17, 0xD5, 0xCF, 0x51, 0x97, 0x22, 0x65,
+        0x2B, 0x71, 0xF7, 0x34, 0x84, 0x55, 0xC9, 0xD1,
+        0xFE, 0x75, 0x42, 0x0A, 0x5A, 0x31, 0x59, 0xE8,
+        0x8A, 0x0D, 0xE5, 0x77, 0x1C, 0xF5, 0xFD, 0x27,
+        0x05, 0x05, 0xF7, 0x28, 0xDA, 0x54, 0xAB, 0xBD,
+        0xDC, 0x50, 0xB8, 0xDB, 0x2E, 0xB4, 0x28, 0x41,
+        0x30, 0x04, 0x40, 0xD5, 0xF0, 0x12, 0xD7, 0x16,
+        0x3D, 0x8F, 0x41, 0xE7, 0x70, 0x76, 0x82, 0xB9,
+        0xC4, 0xB2, 0x1F, 0x57, 0x10, 0xB6, 0xC4, 0x84,
+        0x0D, 0xB1, 0xB8, 0x21, 0xB2, 0x77, 0x09, 0xF6,
+        0xD5, 0x9C, 0xE4, 0xA2, 0xFA, 0x83, 0x13, 0x56,
+        0x94, 0x3F, 0x37, 0x6D, 0x0D, 0x7C, 0x7E, 0xA0,
+        0xE5, 0xC8, 0xD9, 0x42, 0x0F, 0x35, 0xB1, 0xDC,
+        0xB9, 0x49, 0xD5, 0xED, 0xA8, 0x90, 0x09, 0x14,
+        0xAE, 0x63, 0xB5, 0xEA, 0x62, 0x0D, 0x9E, 0x6D,
+        0x93, 0xBD, 0x3A, 0xEA, 0x24, 0xB5, 0xAC, 0xC9,
+        0xD1, 0x7B, 0xBC, 0xC6, 0xC4, 0xBA, 0x68, 0xB1,
+        0x65, 0xFE, 0xAB, 0x30, 0xD4, 0x92, 0xD9, 0xC1,
+        0x94, 0x84, 0xE1, 0x20, 0x4E, 0x28, 0x7C, 0x3A,
+        0x3E, 0x8B, 0x44, 0x79, 0xC7, 0xB5, 0xA5, 0x95,
+        0xC2, 0xC9, 0xA8, 0x3F, 0x92, 0x67, 0x06, 0x9A,
+        0x12, 0xD3, 0xAE, 0x78, 0x87, 0x0E, 0x31, 0x54,
+        0x26, 0xDF, 0x97, 0xEB, 0x6C, 0xF3, 0xC9, 0x53,
+        0x39, 0xED, 0x50, 0x5A, 0xF9, 0x6A, 0x03, 0x27,
+        0x8E, 0xC6, 0x79, 0x5B, 0xD4, 0xD3, 0x57, 0x97,
+        0xFD, 0xF5, 0xCB, 0x14, 0xDB, 0xBE, 0x39, 0xB9,
+        0x64, 0x8A, 0x75, 0xAA, 0xE3, 0x4A, 0x19, 0x59,
+        0x69, 0x7D, 0xF8, 0x7D, 0x8C, 0xB8, 0x2F, 0x32,
+        0x57, 0xBF, 0x84, 0x9E, 0x45, 0x4E, 0xC4, 0xA0,
+        0x65, 0xA4, 0x0B, 0x73, 0x36, 0xC5, 0xD1, 0x07,
+        0xF8, 0x1C, 0x91, 0x07, 0xB8, 0x0B, 0x4B, 0xE5,
+        0x4F, 0xE6, 0xA1, 0xDF, 0x29, 0x03, 0xE7, 0x68,
+        0xA4, 0x32, 0x8E, 0x21, 0x8F, 0x15, 0x51, 0x57,
+        0x65, 0x16, 0xF0, 0x55, 0x71, 0x8C, 0x28, 0xD8,
+        0x82, 0xDC, 0x8A, 0xC1, 0xE7, 0x5C, 0xF2, 0xD5,
+        0xB8, 0x18, 0x16, 0x9F, 0x63, 0x89, 0x21, 0xF1,
+        0xA6, 0xED, 0x21, 0xDA, 0xC8, 0x0A, 0x10, 0x21,
+        0x18, 0x98, 0xD0, 0xF2, 0x9E, 0xDE, 0x5A, 0xA1,
+        0x51, 0xC9, 0x18, 0x3B, 0x68, 0x79, 0x75, 0xE7,
+        0xF4, 0xF9, 0xBF, 0x5F, 0xBE, 0x61, 0x35, 0xA9,
+        0x02, 0x56, 0x2D, 0x99, 0xD8, 0x95, 0xFA, 0x78,
+        0x8A, 0x67, 0x24, 0x1D, 0xDF, 0x13, 0x14, 0xD0,
+        0xB4, 0xB6, 0x21, 0x11, 0xB7, 0xA4, 0x06, 0x8D,
+        0x1D, 0xF6, 0xD5, 0x50, 0x2A, 0x0A, 0x42, 0x3C,
+        0x7C, 0xF1, 0x1F, 0x15, 0x1C, 0x81, 0x69, 0xDA,
+        0xCC, 0xAC, 0x8F, 0xB9, 0x08, 0x4E, 0xF8, 0x4E,
+        0x3E, 0x77, 0x26, 0x4A, 0x1F, 0x72, 0x89, 0xCA,
+        0x91, 0x77, 0x99, 0xBF, 0x28, 0xD2, 0x31, 0x65,
+        0x30, 0x37, 0x84, 0x66, 0x8A, 0x1C, 0xC6, 0x59,
+        0x7D, 0x48, 0x9B, 0x4D, 0xDC, 0x87, 0x4F, 0xD2,
+        0x04, 0xA0, 0x8B, 0x8B, 0x37, 0x3B, 0x1A, 0xDB,
+        0xCF, 0x63, 0x39, 0x07, 0xF3, 0x37, 0xCF, 0x0E,
+        0x2F, 0xEB, 0xE6, 0x2A, 0xA1, 0x4C, 0xE0, 0x75,
+        0x3F, 0xAB, 0xF7, 0xDE, 0x48, 0x83, 0x79, 0x89,
+        0x30, 0xA7, 0x1B, 0xE8, 0x73, 0x8E, 0x9D, 0x1D,
+        0xF6, 0x5C, 0x91, 0x4F, 0x44, 0x7C, 0x04, 0xA7,
+        0x07, 0xC8, 0xCC, 0x4A, 0x5C, 0x81, 0xAD, 0x48,
+        0x7C, 0xE5, 0x19, 0x5A, 0xC4, 0x29, 0x80, 0x14,
+        0xFA, 0xC2, 0x26, 0x1C, 0x50, 0x28, 0xB9, 0xF6,
+        0x7F, 0x8D, 0x51, 0x9A, 0xDA, 0xBB, 0x8E, 0x90,
+        0xBA, 0x3B, 0xD9, 0x4D, 0x61, 0xBE, 0xFD, 0x33,
+        0xC0, 0xCA, 0x7B, 0x09, 0xFF, 0x36, 0x84, 0x70,
+        0x11, 0xB4, 0xBE, 0x81, 0xFE, 0x71, 0xEE, 0x81,
+        0xD7, 0x61, 0xBB, 0x83, 0xA6, 0xA0, 0xDC, 0x20,
+        0x04, 0x02, 0x4C, 0x1B, 0x4D, 0xED, 0x8A, 0xC1,
+        0x38, 0x70, 0xC3, 0x69, 0xC9, 0x50, 0xC2, 0x17,
+        0x64, 0xAD, 0x9D, 0x44, 0x63, 0x44, 0xE5, 0x32,
+        0x7B, 0x90, 0xE3, 0xEF, 0x45, 0x28, 0xA6, 0x23,
+        0x92, 0xCB, 0xA1, 0xFC, 0xA8, 0xB4, 0x39, 0xF1,
+        0xB1, 0x00, 0x1F, 0x06, 0xD4, 0x91, 0x5D, 0xDB,
+        0xAC, 0x7D, 0x87, 0xD4, 0xEE, 0xCD, 0x4A, 0x06,
+        0x3E, 0xB4, 0x84, 0x65, 0xAA, 0x47, 0x05, 0x41,
+        0x7C, 0x95, 0x47, 0x3A, 0x49, 0x80, 0xC5, 0xAC,
+        0x32, 0x41, 0x6A, 0x3A, 0x2B, 0xB9, 0xD9, 0x21,
+        0x80, 0xC7, 0xC1, 0xD0, 0xC9, 0x95, 0x4B, 0xC3,
+        0xEA, 0x0D, 0x3F, 0x0E, 0xE4, 0x5A, 0xD8, 0xBD,
+        0x11, 0xD0, 0x76, 0x6D, 0x3C, 0xA7, 0x64, 0xD8,
+        0xCA, 0x4C, 0x8F, 0x58, 0x2C, 0xDD, 0x95, 0x1F,
+        0xBB, 0x76, 0x8D, 0x10, 0xFD, 0xAD, 0x45, 0xCE,
+        0x71, 0x6E, 0x27, 0x92, 0xC4, 0xA6, 0x17, 0x46,
+        0x95, 0xDB, 0xD8, 0xEA, 0x9A, 0x5F, 0x0E, 0xE0,
+        0x0A, 0xA2, 0xF5, 0x79, 0xC3, 0x74, 0xA7, 0x70,
+        0x99, 0x3B, 0x23, 0xD7, 0x3E, 0xA4, 0x96, 0xB5,
+        0x54, 0x77, 0x71, 0x8D, 0x78, 0x2E, 0xCC, 0x0A,
+        0x4E, 0xF8, 0xA9, 0x96, 0xEE, 0xB4, 0x4B, 0x5B,
+        0xDC, 0x52, 0x6D, 0xE1, 0x61, 0x36, 0xE1, 0x32,
+        0xD6, 0xA2, 0x7B, 0x2E, 0xCC, 0x78, 0x92, 0xA1,
+        0x81, 0x59, 0xB8, 0xC7, 0x04, 0x11, 0x3D, 0xF0,
+        0xF9, 0xF9, 0x3E, 0x47, 0x3C, 0xEA, 0xD5, 0x30,
+        0x2D, 0xAE, 0xC0, 0x47, 0xC8, 0x61, 0xCC, 0x9C,
+        0x2E, 0xC0, 0x40, 0x16, 0x11, 0x73, 0x13, 0xF3,
+        0x19, 0xAE, 0x72, 0x44, 0x72, 0xC5, 0x59, 0x51,
+        0x2E, 0x9F, 0xE3, 0x07, 0xB0, 0xCA, 0x6B, 0xB0,
+        0x15, 0x20, 0xB4, 0x25, 0x00, 0xED, 0xFD, 0xAC,
+        0xD6, 0x34, 0x8B, 0xCA, 0xE8, 0xC6, 0x3B, 0xFD,
+        0x02, 0x22, 0xE6, 0x91, 0x2B, 0x4B, 0x61, 0xDF,
+        0x63, 0x5C, 0x2B, 0x5F, 0x82, 0x07, 0x23, 0x59,
+        0x82, 0x5E, 0x0E, 0x21, 0xF7, 0x9C, 0x37, 0x1C,
+        0x7E, 0x6F, 0xD4, 0xFA, 0x91, 0x40, 0x8B, 0x98,
+        0x68, 0xBD, 0x60, 0x2F, 0x0A, 0xC8, 0xC8, 0x99,
+        0xA1, 0xC6, 0x10, 0xF1, 0x27, 0x53, 0xD3, 0xFB,
+        0x23, 0x02, 0xE7, 0x8E, 0x95, 0xB1, 0xF0, 0x21,
+        0xCB, 0x90, 0xEE, 0x8D, 0xE0, 0x27, 0x57, 0xDE,
+        0x40, 0xA3, 0xE7, 0x8F, 0x61, 0xC1, 0x8F, 0xC5,
+        0x0C, 0x0F, 0xBA, 0x05, 0xA0, 0x58, 0x8E, 0x86,
+        0x8A, 0xF5, 0x72, 0xE1, 0x34, 0xB4, 0xF6, 0x8E,
+        0x6E, 0xA4, 0x21, 0x75, 0x43, 0x73, 0xE7, 0x32,
+        0x72, 0x80, 0x9B, 0xE7, 0x1D, 0x78, 0x8F, 0x0D,
+        0x06, 0x47, 0x9E, 0x4D, 0xB4, 0xAC, 0x3E, 0x0D,
+        0xB8, 0x11, 0x23, 0xFF, 0xAD, 0xB9, 0x23, 0xE0,
+        0xA4, 0x37, 0xA6, 0x3D, 0xC2, 0x15, 0xF4, 0x64,
+        0x03, 0x1F, 0x0A, 0x68, 0xED, 0x37, 0x37, 0xE8,
+        0x3E, 0x5B, 0x49, 0x78, 0xFC, 0xFC, 0x12, 0x06,
+        0xE8, 0xC7, 0xCD, 0x3A, 0xAF, 0xD4, 0x54, 0xA7,
+        0x04, 0x7B, 0xFC, 0x66, 0xA6, 0xA8, 0x1C, 0x38,
+        0x0C, 0x26, 0x08, 0xE6, 0xEE, 0x47, 0x25, 0x80,
+        0x59, 0xA5, 0x39, 0x81, 0x20, 0xEE, 0x5F, 0x49,
+        0x9A, 0x01, 0x37, 0xE9, 0x96, 0x18, 0xD0, 0x05,
+        0x2D, 0xE3, 0x73, 0xD5, 0x08, 0x3B, 0x18, 0x46,
+        0xFE, 0x9E, 0x67, 0x5B, 0x9E, 0xF8, 0x53, 0x05,
+        0x2F, 0x96, 0x18, 0x9C, 0x09, 0x0D, 0xA6, 0x05,
+        0xB3, 0x9E, 0x2F, 0x0B, 0x5A, 0xF3, 0x93, 0xFF,
+        0x29, 0xF3, 0x4F, 0x62, 0xD5, 0x9A, 0xCE, 0x74,
+        0x64, 0xD0, 0xBC, 0xB3, 0x08, 0xF1, 0xD3, 0x22,
+        0xA5, 0xBE, 0x64, 0x0A, 0xEB, 0xA5, 0xF5, 0x1B,
+        0x7E, 0x0A, 0x44, 0x3B, 0x1D, 0xA9, 0x48, 0x9A,
+        0x2F, 0xED, 0x05, 0x0F, 0x44, 0xB3, 0x6D, 0xAD,
+        0x39, 0x2C, 0xBA, 0x8E, 0x2B, 0xDE, 0x17, 0x38,
+        0xD1, 0x69, 0xEA, 0xAE, 0x4E, 0x97, 0xCD, 0x61,
+        0xBA, 0x75, 0x39, 0xF2, 0x81, 0xBB, 0xA9, 0x0F,
+        0x6F, 0x82, 0xD4, 0xCB, 0xE4, 0x93, 0x82, 0x11,
+        0x72, 0x9A, 0xE9, 0x87, 0xEC, 0xCC, 0x6D, 0xA1,
+        0x7D, 0x47, 0x60, 0x20, 0xB6, 0xEE, 0xC6, 0xAA,
+        0xC0, 0x3C, 0x95, 0x08, 0xA0, 0x8B, 0xFA, 0x04,
+        0xF6, 0x6F, 0x65, 0x48, 0xCA, 0xA7, 0xA3, 0xA8,
+        0xBB, 0x3B, 0x80, 0x91, 0xB6, 0x6D, 0x2F, 0x9D,
+        0x97, 0xBB, 0x52, 0xE6, 0xC4, 0x24, 0x99, 0x97,
+        0x63, 0xAD, 0xD2, 0xFD, 0xB3, 0x94, 0x6D, 0xC1,
+        0xFB, 0xFA, 0x89, 0x45, 0x78, 0x80, 0x3C, 0xAA,
+        0x3F, 0xC0, 0x7E, 0x8D, 0x37, 0x00, 0xA7, 0x70,
+        0xD6, 0x57, 0x2A, 0xD3, 0x17, 0xB1, 0x9E, 0xDF,
+        0x96, 0x98, 0x40, 0xB8, 0x1C, 0xCC, 0xC6, 0xCD,
+        0xCD, 0xB0, 0xF3, 0x23, 0x53, 0xB6, 0x45, 0x78,
+        0xA6, 0xA0, 0x88, 0x61, 0x06, 0x04, 0x8E, 0x1B,
+        0xCD, 0x12, 0x29, 0x50, 0x0F, 0xD2, 0x8C, 0x89,
+        0x51, 0xD1, 0x74, 0x0B, 0xE3, 0xA7, 0x75, 0x8A,
+        0x60, 0x95, 0xEF, 0x6A, 0x98, 0xC7, 0x35, 0xA5,
+        0xC0, 0xFB, 0x4C, 0x88, 0xA1, 0xDA, 0xCE, 0x79,
+        0x3D, 0x4E, 0x4F, 0x91, 0x75, 0x88, 0xE0, 0x5F,
+        0x17, 0xF5, 0xEF, 0xF8, 0x49, 0xFE, 0xB1, 0xDB,
+        0x0D, 0xE8, 0xB2, 0xF7, 0xD4, 0x90, 0xBD, 0xB0,
+        0x6B, 0x3A, 0x1B, 0xB5, 0xC6, 0xFB, 0x93, 0xEF,
+        0xF3, 0xDD, 0x60, 0xEA, 0x67, 0x11, 0xFE, 0x6A,
+        0xCC, 0x2C, 0x64, 0x2A, 0x85, 0x2E, 0x24, 0x39,
+        0x34, 0x6B, 0xBC, 0xF8, 0x89, 0xB3, 0x49, 0x82,
+        0x9C, 0xC0, 0x04, 0x29, 0x6D, 0x25, 0xCB, 0x19,
+        0xE1, 0x53, 0xC6, 0x10, 0x7D, 0x62, 0x07, 0xD2,
+        0x83, 0x8B, 0x89, 0x04, 0x70, 0x06, 0x60, 0x4F,
+        0xB6, 0x10, 0x2B, 0xA0, 0x92, 0xF4, 0x1A, 0x7A,
+        0xD6, 0x4F, 0xDC, 0x6C, 0x6C, 0x27, 0xE5, 0xEC,
+        0x68, 0x1B, 0x95, 0x7C, 0x1C, 0x95, 0x2C, 0xB7,
+        0x0A, 0x8D, 0xC7, 0x57, 0x92, 0x00, 0x4D, 0xC0,
+        0x5F, 0xD4, 0xF4, 0x88, 0x3F, 0x8D, 0x43, 0x12,
+        0x05, 0xE2, 0x14, 0x0E, 0xDD, 0x2C, 0xEC, 0xD5,
+        0x2F, 0x1A, 0xE6, 0x97, 0xDC, 0xFE, 0x96, 0x80,
+        0x67, 0x3B, 0xD4, 0x63, 0x73, 0xFA, 0xC8, 0x4F,
+        0x4C, 0x4F, 0x2D, 0x68, 0x76, 0x44, 0x8E, 0xC2,
+        0x19, 0x99, 0x44, 0xEA, 0xF2, 0x33, 0x23, 0x83,
+        0xC8, 0xB1, 0x7C, 0x27, 0x43, 0x9B, 0x67, 0xF9,
+        0xDE, 0xE1, 0xAE, 0x03, 0xA5, 0xA5, 0x2B, 0x96,
+        0xB2, 0xEC, 0x4A, 0x43, 0xA7, 0x6D, 0xF4, 0xDB,
+        0x32, 0x5B, 0x54, 0xD6, 0x63, 0xEA, 0x65, 0xC2,
+        0xA8, 0x4B, 0x80, 0xCC, 0x65, 0x2D, 0xCE, 0x6F,
+        0x61, 0x2F, 0x58, 0xD1, 0xE5, 0x64, 0x8A, 0x42,
+        0x8D, 0xBA, 0xFA, 0x35, 0x5C, 0x9E, 0xD5, 0x80,
+        0x2D, 0x5C, 0xC3, 0x47, 0xFB, 0x0D, 0x43, 0x20,
+        0x7A, 0xA4, 0x37, 0xB2, 0x2F, 0x0B, 0x43, 0xB9,
+        0x94, 0xD3, 0xD9, 0xC2, 0xD7, 0x02, 0x5D, 0x6A,
+        0x12, 0x99, 0xE7, 0x32, 0x6C, 0xF0, 0x0C, 0x73,
+        0x51, 0x33, 0x84, 0xA9, 0x0C, 0x66, 0xC9, 0x19,
+        0x88, 0x9A, 0xF1, 0xB6, 0xF8, 0x41, 0xB1, 0xDC,
+        0x60, 0xA4, 0x80, 0x73, 0x0B, 0x21, 0xF9, 0xB8,
+        0x01, 0x7E, 0x66, 0x0D, 0xB4, 0x2B, 0x53, 0x8D,
+        0x7D, 0x0B, 0xE1, 0xA3, 0x0C, 0x27, 0xF6, 0x2F,
+        0x27, 0x34, 0x53, 0x75, 0x54, 0xF7, 0x5E, 0x05,
+        0x1C, 0x5A, 0x94, 0x08, 0x14, 0xDE, 0xAA, 0x98,
+        0xD9, 0xA5, 0xA0, 0xBE, 0x80, 0xC1, 0xEB, 0x3C,
+        0xCF, 0x78, 0x88, 0xA4, 0xA2, 0x03, 0xF8, 0x79,
+        0x1F, 0x84, 0x84, 0xA7, 0x0E, 0x95, 0x1A, 0x85,
+        0xEF, 0x4C, 0xBE, 0xA2, 0x99, 0xAB, 0x10, 0xDD,
+        0x85, 0x3F, 0x10, 0x6A, 0x9C, 0xD5, 0xDD, 0x7A,
+        0xFB, 0xF5, 0xD9, 0xD9, 0xAA, 0xDF, 0x03, 0x78,
+        0xAF, 0x1D, 0xEC, 0x18, 0xEB, 0x00, 0xB6, 0x64,
+        0xB5, 0x75, 0xA5, 0x00, 0xDC, 0x36, 0x45, 0xBD,
+        0x0C, 0x66, 0xCE, 0xA9, 0xBB, 0xD1, 0xF7, 0xE4,
+        0x6A, 0xDA, 0x0E, 0x81, 0x0F, 0x6A, 0x71, 0x60,
+        0x5C, 0x41, 0xD2, 0x12, 0x45, 0x14, 0xEF, 0x6F,
+        0xEC, 0x22, 0x73, 0x4C, 0xA7, 0x94, 0xDD, 0x1A,
+        0x42, 0x22, 0x58, 0x14, 0x0C, 0x4E, 0x6D, 0x77,
+        0x7F, 0xF5, 0xC9, 0x69, 0x81, 0xA3, 0xB8, 0x6D,
+        0x1C, 0x39, 0x47, 0xA5, 0xC4, 0x61, 0x1C, 0x91,
+        0x2F, 0x67, 0xC3, 0x5E, 0x87, 0x1A, 0x85, 0x81,
+        0x7D, 0x76, 0xF2, 0xE0, 0xB9, 0xD0, 0x43, 0x33,
+        0xF1, 0xC1, 0xBA, 0x48, 0x6F, 0x48, 0xD5, 0xAE,
+        0xB6, 0xDC, 0xAA, 0xCA, 0xEB, 0x0B, 0x6B, 0xFE,
+        0xF4, 0xF1, 0x6E, 0x5D, 0xE4, 0x90, 0x53, 0xCF,
+        0x9E, 0x13, 0x80, 0xCE, 0xE5, 0xDD, 0xA4, 0x01,
+        0xBC, 0x16, 0x50, 0xD0, 0x78, 0x96, 0x3F, 0x2B,
+        0x7A, 0x71, 0x8E, 0x86, 0xFD, 0x14, 0x21, 0xDF,
+        0x4D, 0xD7, 0xDD, 0x42, 0x59, 0xB3, 0xED, 0x81,
+        0xE3, 0xAF, 0x71, 0x57, 0xE7, 0x04, 0xD2, 0x26,
+        0xA8, 0x83, 0xFC, 0x03, 0x90, 0x8C, 0x88, 0xC4,
+        0xBF, 0x74, 0x54, 0x59, 0xD8, 0x66, 0x9F, 0xE2,
+        0x7A, 0xCE, 0x5B, 0x9C, 0xC4, 0x37, 0xFA, 0xDB,
+        0x40, 0x9A, 0xDD, 0x73, 0x9C, 0x06, 0x5A, 0x21,
+        0x43, 0xFB, 0xFA, 0x1B, 0x41, 0x31, 0x9F, 0xF4,
+        0x24, 0x09, 0x05, 0xFE, 0x56, 0x17, 0x52, 0x9C,
+        0xC7, 0xE2, 0xCA, 0xC9, 0x1F, 0xBE, 0xE2, 0xEB,
+        0x92, 0xEE, 0xD4, 0x76, 0x44, 0x9A, 0xFA, 0xFB,
+        0x07, 0x62, 0x98, 0xEC, 0xA0, 0xCF, 0xBF, 0xFA,
+        0x5E, 0x1B, 0x8B, 0xCD, 0x33, 0xFB, 0x1A, 0x97,
+        0xFE, 0x50, 0x65, 0x22, 0x08, 0x9E, 0xC3, 0x87,
+        0x88, 0xCA, 0xDD, 0x11, 0x5E, 0xA7, 0xCF, 0xF3,
+        0x07, 0x0A, 0x34, 0x0E, 0x30, 0x1B, 0xC5, 0xCE,
+        0xF7, 0xA6, 0xA4, 0x31, 0xB5, 0x40, 0xB8, 0x81,
+        0xAC, 0xAA, 0x07, 0xE0, 0x7D, 0x5E, 0x6A, 0x25,
+        0x85, 0x8D, 0x1D, 0x82, 0x45, 0x82, 0x76, 0xB2,
+        0x65, 0x69, 0x3E, 0x88, 0xFE, 0x21, 0xFE, 0x6A,
+        0x6B, 0x97, 0xD6, 0x70, 0x70, 0x00, 0x83, 0x18,
+        0x39, 0xA6, 0x91, 0x3F, 0xB1, 0xB7, 0xED, 0x11,
+        0xD3, 0xF9, 0x74, 0x31, 0xEC, 0x21, 0xA2, 0xEE,
+        0x69, 0x04, 0xC0, 0xEA, 0x4A, 0x17, 0x1A, 0xF8,
+        0xDA, 0xF1, 0x52, 0xB2, 0x78, 0x69, 0x4F, 0xDF,
+        0xE6, 0xB9, 0xF3, 0xE7, 0x48, 0x8B, 0x09, 0x5F,
+        0x4A, 0x7A, 0x05, 0x8E, 0xA8, 0xF6, 0x69, 0x3D,
+        0x91, 0x7A, 0x6F, 0x6C, 0xAD, 0x03, 0x16, 0xEA,
+        0xE0, 0x04, 0xFE, 0x54, 0x71, 0x50, 0x6D, 0x31,
+        0xE4, 0x37, 0x76, 0xD6, 0x1B, 0xA9, 0xEE, 0x56,
+        0x7A, 0x39, 0x34, 0x24, 0x00, 0x58, 0xE3, 0x2F,
+        0xD4, 0x97, 0x57, 0x6F, 0xD8, 0x0E, 0x8B, 0xD3,
+        0x88, 0x7F, 0xE8, 0x74, 0x72, 0xF7, 0xBA, 0x26,
+        0x25, 0xE4, 0xD5, 0x86, 0xCD, 0xA8, 0x1E, 0x8D,
+        0x49, 0xCF, 0x04, 0x92, 0x5B, 0x50, 0xD0, 0x73,
+        0x3C, 0xC9, 0x17, 0xC3, 0x0E, 0x67, 0x02, 0xC5,
+        0xDE, 0x48, 0x88, 0x0D, 0x2C, 0x0D, 0x68, 0x04,
+        0xD5, 0x51, 0xDF, 0x4F, 0x23, 0x89, 0x7A, 0x29,
+        0x41, 0xB2, 0x7A, 0xCA, 0x86, 0xA5, 0xCC, 0xC4,
+        0xF5, 0xD3, 0xE1, 0xEF, 0xB8, 0xCD, 0x84, 0xB5,
+        0x6D, 0xB6, 0x51, 0x1B, 0x81, 0x26, 0x97, 0xAC,
+        0x00, 0xFC, 0x76, 0x8D, 0x99, 0xD9, 0x35, 0x8E,
+        0x4D, 0x3E, 0xC0, 0xC1, 0x0E, 0x8D, 0x9B, 0xE5,
+        0x79, 0xF3, 0xC7, 0xA0, 0xA4, 0xA6, 0xA2, 0xE9,
+        0x8B, 0xCD, 0x36, 0x79, 0x76, 0xF1, 0x6A, 0xEE,
+        0xCF, 0x91, 0x8D, 0x91, 0xB1, 0xAF, 0xF2, 0xF5,
+        0x43, 0xF6, 0xB2, 0x3A, 0x39, 0x9F, 0xBF, 0xDE,
+        0x16, 0x03, 0x52, 0x18, 0x62, 0x93, 0xB5, 0x09,
+        0xC4, 0xEE, 0x27, 0x9C, 0x56, 0x6F, 0x0C, 0x1C,
+        0x12, 0x42, 0xF0, 0x34, 0xBD, 0x44, 0x52, 0x4C,
+        0x32, 0x7E, 0x64, 0xDF, 0x78, 0x16, 0xD9, 0x9E,
+        0xD7, 0x8A, 0x11, 0x33, 0x65, 0x42, 0xEC, 0x36,
+        0x07, 0xEE, 0x3F, 0x19, 0x97, 0x9B, 0x92, 0x9D,
+        0x3A, 0xE4, 0x98, 0x83, 0xDB, 0x0C, 0x85, 0x39,
+        0xFA, 0x8D, 0x73, 0xF5, 0xBF, 0xE0, 0x75, 0x40,
+        0x50, 0x9B, 0xF2, 0xE6, 0xB6, 0xA5, 0x33, 0xD0,
+        0xC4, 0xD6, 0xAB, 0xFF, 0x16, 0xDE, 0x30, 0x9C,
+        0x68, 0x90, 0xE0, 0x5E, 0xD3, 0xD5, 0xA9, 0xB0,
+        0xD9, 0x6B, 0x0A, 0x43, 0x45, 0x9A, 0x3D, 0xE8,
+        0xB6, 0x66, 0xE4, 0x57, 0x05, 0x8E, 0x5B, 0x72,
+        0xFE, 0x50, 0x44, 0x8C, 0xE4, 0x68, 0x43, 0x51,
+        0x0D, 0x9A, 0xD3, 0x36, 0xA9, 0xC7, 0xF6, 0xCF,
+        0x6D, 0x2C, 0x95, 0x46, 0x98, 0x6D, 0x9E, 0x78,
+        0x90, 0x87, 0x19, 0x64, 0xD5, 0xDE, 0x1D, 0x9B,
+        0x37, 0x4E, 0x52, 0xF5, 0x14, 0xAA, 0xEE, 0x31,
+        0x83, 0x55, 0x7C, 0x38, 0x0F, 0xB3, 0xF6, 0xF2,
+        0x1C, 0x60, 0x71, 0x68, 0x1F, 0x06, 0xBD, 0x99,
+        0xFD, 0x42, 0x12, 0x54, 0x3E, 0xBA, 0x4B, 0x60,
+        0xFB, 0xFB, 0x51, 0x4D, 0x02, 0xCE, 0xE5, 0x9E,
+        0x59, 0xB2, 0xE6, 0x98, 0x67, 0xBB, 0xAB, 0xC8,
+        0x08, 0xE4, 0x08, 0x0D, 0xF5, 0x3B, 0x47, 0x78,
+        0x39, 0x24, 0x56, 0x80, 0xF0, 0x6A, 0x1D, 0x33,
+        0x05, 0x5F, 0xF2, 0xA2, 0x38, 0xAD, 0xDF, 0x5C,
+        0xC5, 0xEA, 0x9C, 0xC7, 0x0A, 0x1B, 0x5B, 0x43,
+        0xE9, 0x59, 0x3D, 0x68, 0x00, 0x23, 0x32, 0x5D,
+        0x25, 0xFD, 0xA7, 0xCA, 0xDA, 0xA1, 0xFD, 0x22,
+        0x4E, 0x34, 0x96, 0xE7, 0x0D, 0xFF, 0x89, 0x3B,
+        0xA6, 0x56, 0x0D, 0x11, 0x13, 0xA6, 0x9D, 0x3B,
+        0xBC, 0x12, 0x97, 0x9A, 0x2B, 0xAA, 0xE9, 0xE2,
+        0xCF, 0xD2, 0xD3, 0xEF, 0x95, 0xFC, 0x40, 0x80,
+        0x94, 0x48, 0x80, 0x5A, 0x3F, 0x4A, 0xD2, 0xB5,
+        0x7D, 0x61, 0xA2, 0x26, 0x7B, 0xDC, 0x32, 0xCB,
+        0x84, 0x2E, 0x9B, 0x29, 0x63, 0x45, 0x74, 0x0D,
+        0x85, 0x54, 0xB2, 0x16, 0x77, 0x9B, 0x47, 0x51,
+        0x63, 0x33, 0xE9, 0x1A, 0x52, 0x9D, 0xEB, 0x26,
+        0x06, 0x7F, 0x97, 0xA0, 0xA1, 0xAA, 0x07, 0x0F,
+        0x1E, 0x23, 0xAB, 0xCC, 0xD5, 0x0F, 0x3E, 0x88,
+        0xAA, 0xC3, 0xED, 0x06, 0x25, 0x3A, 0x4A, 0x62,
+        0x85, 0x9F, 0xA7, 0xD3, 0xF5, 0x1C, 0x9A, 0xCC,
+        0x52, 0x87, 0x9F, 0xB8, 0xC7, 0xDD, 0xF1, 0x50,
+        0x66, 0x70, 0xAC, 0xC6, 0x2C, 0x2E, 0x8C, 0xC9,
+        0xD9, 0xF6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x06, 0x0D, 0x13, 0x1D, 0x20,
+        0x27, 0x2C, 0x32
+    };
+#endif
+    byte sig[DILITHIUM_MAX_SIG_SIZE];
+    word32 sigLen;
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+
+    ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+    ExpectIntEQ(wc_dilithium_import_private(sk_44, (word32)sizeof(sk_44), key),
+        0);
+    sigLen = PARAMS_ML_DSA_44_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_msg_with_seed(msg_44, (word32)sizeof(msg_44),
+        sig, &sigLen, key, rnd_44), 0);
+    ExpectIntEQ(sigLen, PARAMS_ML_DSA_44_SIG_SIZE);
+    ExpectIntEQ(XMEMCMP(sig, sig_44, sizeof(sig_44)), 0);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+    ExpectIntEQ(wc_dilithium_import_private(sk_65, (word32)sizeof(sk_65), key),
+        0);
+    sigLen = PARAMS_ML_DSA_65_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_msg_with_seed(msg_65, (word32)sizeof(msg_65),
+        sig, &sigLen, key, rnd_65), 0);
+    ExpectIntEQ(sigLen, PARAMS_ML_DSA_65_SIG_SIZE);
+    ExpectIntEQ(XMEMCMP(sig, sig_65, sizeof(sig_65)), 0);
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+    ExpectIntEQ(wc_dilithium_import_private(sk_87, (word32)sizeof(sk_87), key),
+        0);
+    sigLen = PARAMS_ML_DSA_87_SIG_SIZE;
+    ExpectIntEQ(wc_dilithium_sign_msg_with_seed(msg_87, (word32)sizeof(msg_87),
+        sig, &sigLen, key, rnd_87), 0);
+    ExpectIntEQ(sigLen, PARAMS_ML_DSA_87_SIG_SIZE);
+    ExpectIntEQ(XMEMCMP(sig, sig_87, sizeof(sig_87)), 0);
+#endif
+
+    wc_dilithium_free(key);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_dilithium_verify_kats(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    dilithium_key* key;
+    int res;
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte pk_44[] = {
+        0x09, 0xB4, 0x88, 0x7D, 0x97, 0xBC, 0xF6, 0x37,
+        0x9C, 0xC5, 0x9B, 0x61, 0x62, 0xC1, 0xE8, 0xBF,
+        0x05, 0x60, 0xBF, 0x44, 0xD6, 0x18, 0x09, 0x17,
+        0x0E, 0x6E, 0x28, 0xF7, 0x06, 0x69, 0xA3, 0xE9,
+        0x49, 0x64, 0x38, 0xE8, 0x91, 0x57, 0x35, 0xAD,
+        0xAE, 0xB4, 0x45, 0xCF, 0xDB, 0x7D, 0x89, 0xB3,
+        0x8C, 0x04, 0x8F, 0x4C, 0x3E, 0x00, 0x58, 0x15,
+        0x14, 0xC5, 0xFD, 0x19, 0x8B, 0x2D, 0x17, 0x39,
+        0xE8, 0x83, 0xB8, 0x78, 0xD5, 0x6B, 0xB4, 0x12,
+        0x64, 0xBE, 0x41, 0xD3, 0xD5, 0x15, 0x65, 0xE2,
+        0xE9, 0xCA, 0xE3, 0x31, 0x84, 0xA8, 0x99, 0xF6,
+        0x2D, 0xD5, 0x7D, 0x07, 0x40, 0x0E, 0x98, 0xE5,
+        0x86, 0x87, 0xA9, 0xB2, 0x2F, 0xA3, 0x17, 0xEE,
+        0xD1, 0x34, 0xCA, 0x72, 0x14, 0xBF, 0xF0, 0x21,
+        0xDD, 0x21, 0x62, 0xB1, 0x83, 0x09, 0x1D, 0x15,
+        0xF2, 0x63, 0xB7, 0x29, 0x82, 0x14, 0x42, 0x3C,
+        0x6B, 0xB6, 0x96, 0xD7, 0x5C, 0x20, 0xD9, 0xEA,
+        0xCD, 0x0A, 0x03, 0xE4, 0x26, 0x2C, 0x4B, 0x08,
+        0xBE, 0x39, 0xFA, 0x21, 0x54, 0xBD, 0x6E, 0x50,
+        0x25, 0xFF, 0x79, 0x1E, 0x88, 0x5F, 0x22, 0x26,
+        0xE3, 0xCF, 0x48, 0xF7, 0xB5, 0xEB, 0x04, 0xFB,
+        0xE9, 0xEC, 0xF7, 0x5B, 0x19, 0xE1, 0xD1, 0x5C,
+        0x30, 0x5E, 0x92, 0x26, 0x0A, 0xB0, 0xD6, 0xAE,
+        0x7D, 0xBA, 0x7B, 0xBE, 0x73, 0xB6, 0xBC, 0x18,
+        0x1C, 0xF9, 0x33, 0x84, 0x0C, 0xC1, 0x0A, 0x00,
+        0x05, 0x02, 0x28, 0xFA, 0x46, 0xA2, 0x63, 0x6D,
+        0xD9, 0xA9, 0x09, 0x47, 0xE9, 0xF1, 0x3A, 0x93,
+        0xEF, 0x4C, 0x62, 0xBE, 0x37, 0x4D, 0x76, 0xD1,
+        0xFD, 0xBB, 0xC5, 0xD8, 0xB5, 0x5E, 0x72, 0x9F,
+        0xA5, 0x86, 0x65, 0xAA, 0x07, 0xB9, 0x0C, 0x8C,
+        0xDD, 0xD6, 0x1C, 0x56, 0x6B, 0x0D, 0x7E, 0xD6,
+        0x57, 0x70, 0x49, 0x2E, 0xA0, 0x71, 0x3E, 0x1E,
+        0xD4, 0x6A, 0xC7, 0xAD, 0x15, 0x03, 0xC5, 0x6D,
+        0x90, 0x52, 0xD2, 0xC9, 0x4D, 0x49, 0xE4, 0x41,
+        0x6A, 0xC9, 0x2B, 0x70, 0x39, 0x6F, 0x76, 0xF6,
+        0xFB, 0x48, 0x10, 0x45, 0x68, 0x17, 0x25, 0xA6,
+        0x8C, 0xB3, 0x56, 0x37, 0x7F, 0xB2, 0x31, 0xAB,
+        0x8F, 0x3E, 0xB9, 0xA4, 0x98, 0x2F, 0xFF, 0x18,
+        0x36, 0x47, 0x3B, 0xCB, 0xDA, 0xB6, 0x87, 0x2D,
+        0x22, 0x94, 0x67, 0xEF, 0xB9, 0x36, 0x62, 0x61,
+        0xFE, 0xB1, 0x48, 0xBA, 0x9B, 0x7D, 0xB9, 0xC4,
+        0xFE, 0x0B, 0xB8, 0x86, 0x12, 0xAB, 0xB8, 0xFD,
+        0x61, 0x09, 0x6F, 0x18, 0x19, 0x60, 0x4D, 0x55,
+        0xDF, 0x60, 0x20, 0x46, 0x4D, 0x3F, 0x09, 0x2C,
+        0xFC, 0xA5, 0x98, 0x12, 0x08, 0x22, 0x18, 0x56,
+        0x68, 0x99, 0xA5, 0x6A, 0x3C, 0x63, 0x3C, 0xC8,
+        0x1F, 0x88, 0xAD, 0xB2, 0xE1, 0x41, 0x4E, 0xF3,
+        0x85, 0x0D, 0x10, 0xBF, 0x5A, 0x77, 0xAC, 0xE7,
+        0x24, 0xD6, 0xC1, 0xF3, 0x88, 0x92, 0x87, 0x44,
+        0xB3, 0xE5, 0x42, 0xAE, 0x49, 0x1C, 0xD5, 0x6A,
+        0x64, 0x21, 0x3F, 0x1D, 0x3C, 0xC9, 0x0B, 0x29,
+        0x10, 0x5F, 0x43, 0xD2, 0x37, 0xC8, 0x3D, 0x5F,
+        0xB8, 0x29, 0x32, 0x5C, 0x83, 0xE6, 0x54, 0x57,
+        0x77, 0x76, 0x39, 0x2F, 0x85, 0x36, 0xAA, 0x9D,
+        0xAE, 0x87, 0x24, 0x07, 0xAB, 0xAA, 0xA9, 0xAC,
+        0xC2, 0x2A, 0x68, 0x12, 0xCE, 0xA7, 0x4C, 0x0B,
+        0xA6, 0x7E, 0xAF, 0x4A, 0x41, 0x01, 0x52, 0x97,
+        0x5E, 0x9A, 0x83, 0xEE, 0x44, 0x69, 0x29, 0x53,
+        0x17, 0xBE, 0xD1, 0x05, 0x51, 0xBA, 0x32, 0xE6,
+        0x5A, 0xFC, 0x8C, 0x8E, 0x68, 0xDD, 0x55, 0x42,
+        0x0C, 0x50, 0x2D, 0x93, 0x7D, 0xAD, 0xD2, 0xEF,
+        0xA2, 0xCB, 0xFD, 0x1F, 0x73, 0x9F, 0xC0, 0xAB,
+        0x2B, 0x26, 0x54, 0xFA, 0xE0, 0x8C, 0x0C, 0x7F,
+        0x8E, 0xDD, 0x43, 0xCF, 0x9F, 0xF0, 0xB0, 0x1D,
+        0x98, 0x4D, 0x49, 0x18, 0x52, 0xA3, 0x72, 0xE9,
+        0xFE, 0xFD, 0xCC, 0x1B, 0xC1, 0x6C, 0xDB, 0x52,
+        0x39, 0xAE, 0x10, 0x01, 0x15, 0x5F, 0x89, 0x56,
+        0x30, 0x51, 0xCE, 0x47, 0x99, 0x6C, 0x5A, 0xEE,
+        0xB2, 0x19, 0x0E, 0xA1, 0x8F, 0x7F, 0x73, 0x40,
+        0x42, 0xDE, 0x68, 0xE9, 0x88, 0x36, 0x7D, 0x89,
+        0x35, 0x5D, 0x9D, 0x83, 0x77, 0xBA, 0xF9, 0x64,
+        0x79, 0x78, 0xEB, 0x2E, 0x49, 0x2A, 0xD0, 0x21,
+        0xC5, 0x69, 0xAE, 0x8B, 0xA6, 0x9B, 0x15, 0xF1,
+        0xFC, 0xF7, 0x03, 0x9A, 0x7E, 0x64, 0xAF, 0x10,
+        0xAB, 0xF3, 0xEA, 0x45, 0xB7, 0x22, 0x2F, 0x96,
+        0x59, 0xE3, 0x33, 0x73, 0x37, 0x2E, 0x1D, 0xB1,
+        0x86, 0xD2, 0xC2, 0xA0, 0xD7, 0x54, 0x51, 0xC4,
+        0x78, 0xAE, 0xF3, 0x3E, 0x59, 0x49, 0xF2, 0x40,
+        0x04, 0x0C, 0x2A, 0xFC, 0x44, 0xB1, 0xD3, 0xA0,
+        0x2A, 0x6D, 0x2F, 0x87, 0x90, 0x2A, 0x28, 0x0E,
+        0x27, 0xA2, 0x0D, 0x4E, 0x57, 0xF8, 0x89, 0x66,
+        0x27, 0x00, 0xDB, 0x8A, 0x9D, 0x24, 0x99, 0x57,
+        0xA7, 0xDB, 0x43, 0x7C, 0xD4, 0x80, 0xDD, 0xC0,
+        0x58, 0x84, 0xFB, 0x23, 0xF8, 0x68, 0x26, 0x8E,
+        0xAC, 0xE3, 0x4E, 0xED, 0x27, 0x4A, 0x92, 0x7D,
+        0x9D, 0x84, 0xF1, 0xEA, 0x57, 0xEA, 0xB1, 0xA8,
+        0x13, 0xB5, 0xE6, 0xAA, 0xBE, 0x9E, 0xD2, 0x61,
+        0x0B, 0xC6, 0xF7, 0x2E, 0x32, 0x0C, 0xDE, 0xC4,
+        0xF9, 0x95, 0x23, 0xF9, 0x3F, 0xA4, 0x48, 0xDC,
+        0x1F, 0xBB, 0xDD, 0x25, 0x9B, 0x10, 0x2F, 0x5D,
+        0xC9, 0x95, 0x5A, 0xFA, 0x0C, 0x41, 0x60, 0x4D,
+        0x83, 0xDD, 0x1C, 0x2D, 0x22, 0x95, 0xEF, 0x44,
+        0x61, 0x45, 0x6B, 0xAE, 0x86, 0x90, 0x5C, 0x4C,
+        0x30, 0xD8, 0xA9, 0xFA, 0x48, 0xC9, 0x0F, 0x37,
+        0xA1, 0x9C, 0x41, 0xA2, 0xD5, 0x98, 0x8F, 0x13,
+        0xD5, 0x13, 0x44, 0xEC, 0x30, 0xA4, 0xA4, 0x62,
+        0x19, 0xFE, 0x84, 0x11, 0x37, 0xD5, 0xAA, 0x1F,
+        0x51, 0xE6, 0xC4, 0x44, 0x16, 0x8A, 0xF3, 0x98,
+        0x90, 0xB6, 0xFA, 0x40, 0x0D, 0x67, 0xF4, 0x80,
+        0x6F, 0x5B, 0xBD, 0x44, 0x47, 0x03, 0x07, 0x4A,
+        0x7A, 0x11, 0x39, 0xC7, 0x17, 0x46, 0xD7, 0xC4,
+        0xCE, 0xB3, 0xC9, 0x11, 0xF5, 0x25, 0x7E, 0x3E,
+        0x53, 0xEB, 0xFA, 0x5A, 0xA8, 0xF2, 0x27, 0x80,
+        0x9D, 0x44, 0xEE, 0x7D, 0xE1, 0x3C, 0x02, 0x79,
+        0x24, 0xDD, 0x60, 0x15, 0x3B, 0x30, 0xAA, 0x76,
+        0xDD, 0x96, 0xA7, 0xC5, 0xAC, 0xC5, 0x9B, 0x62,
+        0x79, 0x19, 0x50, 0x7B, 0xF1, 0x42, 0x57, 0xAE,
+        0x7A, 0x26, 0x24, 0x3C, 0x16, 0x83, 0xB2, 0x8D,
+        0x1B, 0x14, 0xB5, 0x01, 0xAD, 0x05, 0x9B, 0x4D,
+        0x52, 0x2A, 0x57, 0x99, 0x1E, 0x55, 0x39, 0xCE,
+        0xF1, 0x8C, 0xEB, 0x5C, 0x26, 0xD6, 0x60, 0xB8,
+        0x82, 0x24, 0x54, 0xC9, 0xC4, 0x2A, 0x95, 0xE6,
+        0xF7, 0x2B, 0x84, 0xF7, 0x8A, 0xB9, 0x9F, 0x51,
+        0xEC, 0x49, 0x78, 0x9F, 0x9D, 0xB4, 0xC1, 0x28,
+        0xB0, 0x31, 0x8F, 0xFF, 0xC8, 0x2D, 0x95, 0xCA,
+        0xD2, 0x77, 0xF1, 0x1E, 0x14, 0xF1, 0xEF, 0x87,
+        0x14, 0x14, 0x88, 0x11, 0x22, 0xA9, 0xB1, 0x1B,
+        0xDF, 0xAE, 0x4A, 0x7A, 0xBC, 0x8E, 0x75, 0x75,
+        0x5A, 0xB1, 0x37, 0x41, 0xDF, 0xAC, 0xD6, 0x64,
+        0x29, 0x3D, 0x1A, 0x32, 0x6B, 0xF5, 0xED, 0x5A,
+        0xBB, 0xB1, 0x53, 0xEB, 0xE6, 0x99, 0x6D, 0xD6,
+        0x22, 0xF0, 0xA8, 0xCB, 0x47, 0x39, 0x69, 0xA5,
+        0x03, 0x66, 0xBD, 0x0B, 0x01, 0xC5, 0xC7, 0x3A,
+        0x89, 0x2B, 0x8E, 0x26, 0xCE, 0x08, 0xF7, 0x5F,
+        0xF8, 0x01, 0xB6, 0xDE, 0xF0, 0x41, 0xE1, 0x71,
+        0x3B, 0xE6, 0xDF, 0x0E, 0xFB, 0x51, 0x58, 0x7B,
+        0xE5, 0xFB, 0xEA, 0x72, 0x7E, 0x00, 0xD7, 0x17,
+        0x64, 0x7D, 0xD5, 0x39, 0x07, 0x9D, 0xE1, 0x8A,
+        0xE7, 0xBE, 0xD1, 0x2B, 0x91, 0xAF, 0x8D, 0xBB,
+        0x1B, 0x8B, 0x32, 0xD2, 0x86, 0x0B, 0xAF, 0x40,
+        0xAF, 0x8A, 0x0B, 0xBF, 0xE0, 0x28, 0x87, 0xEB,
+        0x5D, 0xBE, 0x7A, 0xB1, 0xAF, 0xC4, 0x1D, 0xA7,
+        0x9B, 0x01, 0x6A, 0xA1, 0x6E, 0xDA, 0x28, 0x13,
+        0x21, 0xCA, 0xA5, 0xDA, 0x64, 0x4F, 0xD8, 0x65,
+        0x8A, 0x7B, 0x70, 0x21, 0x81, 0x00, 0x14, 0x31,
+        0x56, 0x0D, 0xD6, 0x3C, 0xB2, 0x1E, 0x5F, 0xF7,
+        0x5C, 0x3F, 0x72, 0x50, 0x45, 0x6B, 0xE0, 0x8C,
+        0x0D, 0x5E, 0x34, 0xC3, 0xBD, 0xE2, 0xF6, 0x06,
+        0xA2, 0xBF, 0x34, 0x17, 0x76, 0x8D, 0x24, 0xB2,
+        0x37, 0x39, 0xEA, 0x86, 0xCB, 0xEF, 0xDD, 0xA3,
+        0x43, 0x88, 0xBC, 0x1F, 0x91, 0x8F, 0x95, 0x1E,
+        0x15, 0xE4, 0x3B, 0x13, 0x85, 0xA7, 0xBC, 0xC5,
+        0x59, 0xF9, 0x49, 0x2C, 0x72, 0x13, 0xA1, 0x42,
+        0x27, 0xE0, 0x93, 0xE9, 0x29, 0xF3, 0x2D, 0x1E,
+        0xFB, 0xE7, 0xF1, 0xEE, 0x57, 0xC4, 0x9C, 0x90,
+        0x55, 0x62, 0x3E, 0xA4, 0x2E, 0xC6, 0xC7, 0x9D,
+        0x7F, 0xCE, 0x71, 0xFA, 0x74, 0x76, 0x07, 0x56,
+        0x6D, 0xDA, 0x69, 0xF6, 0x9D, 0xAF, 0x68, 0x11,
+        0x59, 0x19, 0xC6, 0x32, 0x2E, 0xBB, 0x42, 0xC8,
+        0xC0, 0x89, 0x33, 0x8C, 0x9E, 0x0C, 0x53, 0x56,
+        0x5B, 0xCB, 0xE7, 0x2F, 0xBE, 0x47, 0x26, 0x68,
+        0x7B, 0x07, 0x87, 0x07, 0x18, 0x06, 0xC5, 0xA6,
+        0xC1, 0x49, 0xC8, 0x2B, 0x66, 0x8A, 0xA6, 0x4A,
+        0x7B, 0xA0, 0xCC, 0xC1, 0xCC, 0x49, 0xA1, 0xEE,
+        0xE9, 0x45, 0x3D, 0x04, 0x33, 0x6E, 0x5D, 0xC8,
+        0x11, 0xE0, 0x38, 0x92, 0xF7, 0xF4, 0x66, 0x88,
+        0xEC, 0xEF, 0xD0, 0x4F, 0x18, 0x76, 0xF7, 0x11,
+        0x17, 0x12, 0xB5, 0x95, 0xED, 0x62, 0xDA, 0x00,
+        0x67, 0x8F, 0x9E, 0x37, 0x86, 0xB5, 0xC1, 0xA5,
+        0x09, 0x5B, 0xE8, 0x71, 0x0D, 0xCF, 0xA4, 0x16,
+        0x52, 0x56, 0x50, 0x9E, 0x00, 0x14, 0x3A, 0x6F,
+        0x11, 0x72, 0xFA, 0xBE, 0x8B, 0xF2, 0x1E, 0x5F,
+        0xCE, 0x7C, 0x79, 0xC1, 0xA4, 0x4B, 0x4B, 0x15,
+        0x25, 0xA0, 0x76, 0xFF, 0xB8, 0xDD, 0x90, 0x66
+    };
+    static const byte msg_44[] = {
+        0x3A, 0xFD, 0x7F, 0xF8, 0xCA, 0xD3, 0xAC, 0xBD,
+        0xF9, 0x77, 0x31, 0x26, 0x1C, 0x7A, 0x1C, 0x96,
+        0x9D, 0x50, 0x16, 0xF1, 0x7D, 0x3E, 0x7F, 0x83,
+        0xD2, 0x44, 0x1A, 0xF9, 0x01, 0x4B, 0x63, 0x47,
+        0x7B, 0x14, 0xA6, 0x41, 0x31, 0x50, 0xFA, 0xD7,
+        0xC8, 0x44, 0x39, 0xBC, 0x88, 0x66, 0x2C, 0x5E,
+        0x93, 0x1F, 0x06, 0xB9, 0x51, 0x41, 0x90, 0xE1,
+        0x3F, 0xB0, 0x49, 0xC4, 0xAB, 0x74, 0x01, 0x32,
+        0x33, 0xB9, 0x8D, 0x48, 0xD9, 0xAF, 0xB6, 0xA3,
+        0x0A, 0x67, 0x33, 0x0E, 0x1F, 0xBE, 0x33, 0x1B,
+        0x09, 0xC5, 0x6D, 0x03, 0x7E, 0x97, 0x01, 0x08,
+        0x5D, 0x80, 0xF1, 0xE7, 0xF4, 0x04, 0x3E, 0xFB,
+        0x53, 0x58, 0x7A, 0xBB, 0x82, 0x36, 0x24, 0x01,
+        0x23, 0x84, 0x51, 0x52, 0x49, 0xEE, 0x61, 0x30,
+        0x97, 0x3D, 0xC9, 0xEA, 0x6F, 0x55, 0x8B, 0xAE,
+        0x75, 0x10, 0x7E, 0xFD, 0xB1, 0xD9, 0x28, 0x5B
+    };
+    static const byte sig_44[] = {
+        0x4A, 0x2B, 0x16, 0xCD, 0xB5, 0x52, 0xF9, 0x29,
+        0x7F, 0x8E, 0x39, 0x1A, 0xD8, 0xF5, 0xAD, 0xC8,
+        0xCC, 0x5D, 0x2C, 0x56, 0xC4, 0x6B, 0x80, 0x0F,
+        0x9B, 0x3E, 0xE4, 0xBB, 0xD2, 0xF2, 0xE8, 0xA8,
+        0x9D, 0x59, 0x9D, 0x7B, 0x5C, 0xC2, 0xD8, 0x8C,
+        0x80, 0xF2, 0x71, 0x85, 0x9B, 0xBC, 0x83, 0x04,
+        0x3E, 0xC4, 0xE5, 0x48, 0x12, 0xF5, 0x93, 0x6B,
+        0x44, 0x6C, 0x95, 0x13, 0xC8, 0x55, 0x28, 0x9C,
+        0x94, 0xB1, 0x15, 0x51, 0xA0, 0xC7, 0x65, 0x3E,
+        0x7B, 0xA7, 0x4F, 0xFB, 0x6F, 0x72, 0xD4, 0x65,
+        0x2C, 0x91, 0xD3, 0x8D, 0xD1, 0xF9, 0x0D, 0xFE,
+        0x44, 0x39, 0xBC, 0x21, 0xCA, 0x53, 0xE0, 0xCC,
+        0x7A, 0x7A, 0xA5, 0xB8, 0x75, 0xA5, 0xB9, 0xBA,
+        0x42, 0x36, 0x6E, 0xB8, 0xEC, 0xBA, 0x24, 0x36,
+        0xDA, 0xF0, 0x8A, 0x91, 0x97, 0x8D, 0xD0, 0x93,
+        0xF2, 0x0F, 0x1E, 0xFB, 0x6B, 0x0B, 0xCB, 0x90,
+        0xDA, 0x99, 0xCC, 0xA0, 0x5E, 0x8F, 0x6F, 0x82,
+        0xB8, 0x6D, 0x3C, 0x6E, 0xE2, 0x4B, 0xA5, 0xD5,
+        0x0A, 0xEA, 0x10, 0xB2, 0x30, 0x7F, 0x57, 0xF8,
+        0x9E, 0xD7, 0x8D, 0xB4, 0xA7, 0x4F, 0xBB, 0xF6,
+        0xEB, 0x33, 0x2A, 0xFB, 0x08, 0xD0, 0x74, 0xAC,
+        0xF0, 0xDE, 0x5C, 0xD7, 0xFE, 0xC1, 0x2F, 0x76,
+        0xF3, 0xAB, 0x61, 0x9C, 0x81, 0x5B, 0x9E, 0xDD,
+        0x28, 0x7E, 0xAD, 0x67, 0xF0, 0x4F, 0x14, 0x79,
+        0x7F, 0x8D, 0xCF, 0x2C, 0xDE, 0x9A, 0x87, 0x53,
+        0xB5, 0xAD, 0x0A, 0xFA, 0x12, 0x87, 0x41, 0x97,
+        0xD1, 0x74, 0x40, 0x92, 0x87, 0x25, 0x21, 0xE8,
+        0x68, 0xAF, 0x9E, 0x64, 0x45, 0x23, 0x73, 0xFE,
+        0xB6, 0xFE, 0x25, 0xD5, 0x27, 0x3D, 0x63, 0xC0,
+        0xEB, 0xD6, 0xD3, 0xB1, 0x02, 0x8C, 0x1C, 0xD0,
+        0x6A, 0xF3, 0x2C, 0xEC, 0xA2, 0x62, 0x13, 0x10,
+        0x83, 0x7C, 0x72, 0x78, 0x8C, 0x8A, 0xDA, 0xB5,
+        0xA0, 0xF0, 0x38, 0x17, 0x12, 0x8E, 0xB7, 0xB7,
+        0x66, 0xFA, 0x81, 0x2C, 0x69, 0x6C, 0xF8, 0x86,
+        0xF0, 0x0A, 0x10, 0x44, 0xCD, 0xD0, 0x6B, 0xB2,
+        0x8C, 0xB2, 0xE5, 0x78, 0x0C, 0x8D, 0x8C, 0xC7,
+        0xE6, 0x0A, 0xB6, 0x99, 0xDD, 0x78, 0x66, 0x8B,
+        0xE4, 0xFF, 0x9F, 0x46, 0x90, 0xC6, 0xFC, 0x98,
+        0xAA, 0xC9, 0xC0, 0x2B, 0x66, 0xB9, 0xB9, 0x82,
+        0x6A, 0x30, 0x61, 0xFD, 0x32, 0x22, 0xDA, 0x84,
+        0x82, 0x66, 0x79, 0x60, 0xA3, 0x16, 0x52, 0xEE,
+        0x88, 0xEB, 0x32, 0xB0, 0x46, 0x9A, 0xB7, 0x1C,
+        0xAA, 0x25, 0x19, 0xF2, 0x3D, 0x1A, 0x24, 0x42,
+        0xD5, 0xB1, 0x31, 0x62, 0x62, 0x13, 0x1D, 0xCE,
+        0xC5, 0xF2, 0x87, 0xE3, 0x2F, 0xD3, 0x43, 0xFE,
+        0xB4, 0x42, 0x9E, 0x54, 0x25, 0x8D, 0x69, 0x0D,
+        0x9D, 0x20, 0xA1, 0x0A, 0xBD, 0x75, 0xA5, 0x36,
+        0xDF, 0xF8, 0xCF, 0x1D, 0x6D, 0xDF, 0x19, 0x29,
+        0x1E, 0x27, 0x49, 0xA7, 0xD1, 0x6E, 0xB9, 0x0A,
+        0xB5, 0x09, 0x3B, 0xAD, 0x38, 0xE1, 0x16, 0xA8,
+        0x6B, 0x73, 0x0E, 0x65, 0x57, 0x4C, 0x06, 0x8C,
+        0x38, 0xBA, 0x94, 0x57, 0xC9, 0xD6, 0xD9, 0x13,
+        0xEA, 0xFF, 0x57, 0xFE, 0x23, 0xBF, 0x3D, 0xD2,
+        0x4D, 0x8C, 0xA5, 0x11, 0xEF, 0xA3, 0x76, 0xA5,
+        0xDF, 0x08, 0x46, 0x70, 0x25, 0xFF, 0x51, 0xBE,
+        0xAD, 0x3E, 0xDE, 0x0A, 0x84, 0xED, 0xC5, 0x32,
+        0x16, 0x20, 0x99, 0x80, 0x61, 0xE8, 0xA1, 0xA7,
+        0x3D, 0x67, 0xB7, 0x02, 0x1B, 0x81, 0x0C, 0x78,
+        0x67, 0xFF, 0x39, 0x18, 0x7B, 0x59, 0xD4, 0x03,
+        0xBF, 0x7C, 0x75, 0x06, 0x30, 0x0C, 0x73, 0x45,
+        0xB1, 0xFE, 0x07, 0xC1, 0x12, 0x78, 0xB0, 0xAB,
+        0xA6, 0x1D, 0xBB, 0x4F, 0x2B, 0x8C, 0x43, 0xE7,
+        0x4F, 0xEF, 0xA5, 0x5E, 0xD5, 0x2C, 0x10, 0xA8,
+        0xC4, 0x90, 0x88, 0x2B, 0xBF, 0xE3, 0xE3, 0xB3,
+        0xCE, 0x57, 0x9E, 0x81, 0x16, 0xA9, 0xB6, 0x68,
+        0x6C, 0x1A, 0x10, 0x0A, 0xA1, 0xF6, 0x59, 0x1F,
+        0x19, 0x1F, 0x77, 0x2B, 0x5A, 0x5A, 0x50, 0xDD,
+        0x6C, 0xC1, 0x55, 0xCB, 0x5A, 0x1B, 0xE5, 0xBA,
+        0x12, 0x2E, 0x91, 0xF0, 0x44, 0x42, 0x01, 0x56,
+        0xCD, 0x63, 0x08, 0x0F, 0x0A, 0x45, 0xD6, 0x62,
+        0xE7, 0x6D, 0xD5, 0x7B, 0xD0, 0xF6, 0x89, 0xD0,
+        0xB2, 0x99, 0x04, 0x2B, 0xFF, 0x48, 0x5E, 0x8A,
+        0x38, 0x2D, 0x86, 0x5C, 0x26, 0xCD, 0x46, 0xB4,
+        0xA5, 0x47, 0x28, 0xBD, 0x48, 0x45, 0x83, 0x62,
+        0xD7, 0x9A, 0xC3, 0xEB, 0x75, 0x6F, 0xC6, 0xC5,
+        0x18, 0xC9, 0xE2, 0xF0, 0xE7, 0xD5, 0xA3, 0x03,
+        0xAF, 0x11, 0x59, 0xEE, 0x6D, 0xBE, 0x7D, 0xD5,
+        0x6B, 0xA0, 0x71, 0x28, 0x57, 0xA6, 0x88, 0x36,
+        0xC3, 0xC7, 0x8C, 0x6C, 0x9F, 0x74, 0x88, 0x57,
+        0x28, 0x13, 0xC0, 0xF6, 0xA8, 0x14, 0x70, 0x9D,
+        0x2B, 0xC1, 0x42, 0xFE, 0xF0, 0x25, 0x27, 0xCA,
+        0xE7, 0x71, 0x23, 0x58, 0x37, 0x1C, 0x54, 0x26,
+        0x52, 0x2C, 0xCC, 0x64, 0x30, 0x0C, 0x2C, 0xD9,
+        0xFB, 0xE2, 0x0C, 0x65, 0x62, 0xE3, 0x48, 0x35,
+        0x20, 0x5F, 0xCD, 0xD5, 0xA8, 0x98, 0x2C, 0x92,
+        0x0B, 0xB4, 0x77, 0xFB, 0x88, 0x17, 0x02, 0x82,
+        0x7B, 0x49, 0x11, 0x87, 0x13, 0x94, 0xC0, 0x6B,
+        0x5F, 0xEC, 0xD0, 0xC7, 0x40, 0xAF, 0x7B, 0x27,
+        0x63, 0x7B, 0xAC, 0x1A, 0x0C, 0xBC, 0xA5, 0x37,
+        0xE4, 0x43, 0x3E, 0xA8, 0x47, 0x45, 0x4C, 0x69,
+        0x38, 0x97, 0xA3, 0x2E, 0x4D, 0x18, 0x44, 0x19,
+        0x54, 0x26, 0xA0, 0xC6, 0xAE, 0xD6, 0x74, 0x72,
+        0xBD, 0x2C, 0x4E, 0xEE, 0x17, 0x9F, 0x3F, 0x60,
+        0x84, 0xA3, 0x6A, 0x76, 0x89, 0xF4, 0xCB, 0x1F,
+        0x8E, 0x5D, 0xB2, 0xDD, 0xE5, 0x4A, 0xCC, 0x06,
+        0x66, 0xBA, 0x98, 0x41, 0x54, 0x31, 0xA4, 0xB2,
+        0x02, 0xF4, 0x02, 0xFB, 0x1F, 0x1B, 0xCC, 0xDC,
+        0x23, 0xBF, 0xF1, 0x31, 0x48, 0xC7, 0xB8, 0xF6,
+        0x1F, 0xBF, 0x62, 0x43, 0xB2, 0x96, 0xA7, 0x8E,
+        0xB6, 0x98, 0x18, 0x9D, 0xA9, 0x5B, 0xDA, 0x85,
+        0xDB, 0xC1, 0x1D, 0x15, 0xFF, 0xDC, 0x6B, 0xF4,
+        0x6C, 0x53, 0xF6, 0xE4, 0x72, 0xA8, 0x71, 0x40,
+        0x1E, 0x9A, 0x9A, 0xB7, 0xF9, 0xFB, 0x46, 0x7E,
+        0xB4, 0xEC, 0xB1, 0xF0, 0xDA, 0x7E, 0x63, 0xEE,
+        0x86, 0x19, 0xCB, 0xC4, 0x86, 0xEB, 0xB0, 0xF2,
+        0x12, 0x0A, 0x78, 0x11, 0xBF, 0xB0, 0x55, 0x7D,
+        0x13, 0x93, 0x05, 0x74, 0x29, 0x7C, 0x94, 0x64,
+        0xFC, 0x59, 0x5B, 0x27, 0x56, 0x9A, 0xDF, 0x5F,
+        0x4A, 0x8D, 0xF6, 0x69, 0xC9, 0xEE, 0xA0, 0xA2,
+        0x50, 0xF4, 0xD2, 0x2C, 0x2E, 0x8C, 0x64, 0x1B,
+        0xA3, 0x90, 0x2B, 0xA8, 0x08, 0x00, 0x48, 0x99,
+        0x65, 0xF1, 0x1A, 0xF1, 0xE1, 0xA8, 0x57, 0x17,
+        0xC6, 0x24, 0xE7, 0x42, 0xF1, 0x61, 0x55, 0x08,
+        0x19, 0xD1, 0xF0, 0x37, 0x2C, 0x5C, 0xAE, 0x8B,
+        0xC6, 0x2B, 0x54, 0x9E, 0xFE, 0x87, 0x44, 0x61,
+        0x08, 0x0D, 0x06, 0x34, 0x6E, 0x1F, 0xA6, 0xF0,
+        0x15, 0x14, 0xFB, 0xEC, 0xCB, 0x06, 0xE3, 0x4E,
+        0xE2, 0x71, 0xA0, 0xF0, 0x03, 0x17, 0x90, 0xBD,
+        0xAB, 0xE0, 0xF0, 0x2B, 0xBA, 0x4A, 0xEA, 0x4B,
+        0x73, 0x97, 0xFE, 0x33, 0x33, 0xEB, 0x81, 0x21,
+        0x82, 0x07, 0x57, 0x28, 0x1F, 0x96, 0xA5, 0x83,
+        0x1F, 0x9E, 0x49, 0x03, 0x66, 0x54, 0x9D, 0x16,
+        0x76, 0x3F, 0xF1, 0x9F, 0xF7, 0x73, 0x58, 0x0E,
+        0xD5, 0xE3, 0xE1, 0xE2, 0xAA, 0x3E, 0x38, 0xF8,
+        0x84, 0x74, 0xDE, 0x6D, 0x9B, 0xA6, 0x99, 0x4F,
+        0x8E, 0x62, 0x91, 0x60, 0x48, 0x8C, 0xB4, 0xCD,
+        0x5B, 0x87, 0x8C, 0xDA, 0x37, 0xAA, 0xEC, 0x9B,
+        0x56, 0x36, 0x9A, 0x7E, 0x73, 0xF7, 0x3B, 0x42,
+        0x86, 0x39, 0xA0, 0x5C, 0x13, 0x78, 0x44, 0x8A,
+        0xDB, 0x7F, 0x07, 0x4D, 0xC8, 0x15, 0x4D, 0x92,
+        0xE1, 0x3C, 0x63, 0x56, 0xB5, 0xF4, 0x66, 0xD6,
+        0x64, 0x77, 0x15, 0x9B, 0x2A, 0x94, 0x37, 0x99,
+        0xAD, 0x61, 0x9A, 0x02, 0x9F, 0x30, 0x10, 0xD0,
+        0x37, 0x67, 0x2D, 0xBB, 0x68, 0x20, 0xE5, 0x13,
+        0x23, 0xAD, 0xA9, 0x88, 0x81, 0xC6, 0xDE, 0x85,
+        0x9D, 0xF8, 0x75, 0xAB, 0xAF, 0x11, 0xDA, 0x5D,
+        0xDC, 0xA5, 0xA7, 0x77, 0x62, 0x2B, 0xDA, 0xE8,
+        0xFA, 0xCE, 0x2E, 0x0C, 0xED, 0x3B, 0x6A, 0x77,
+        0xB8, 0x8A, 0x87, 0x29, 0xFB, 0x7C, 0x50, 0x93,
+        0x3D, 0xA6, 0xC5, 0x2E, 0x3F, 0x4D, 0x94, 0x8F,
+        0x9D, 0xC1, 0x53, 0xB5, 0xB1, 0x29, 0x9C, 0xD8,
+        0x62, 0x1D, 0xDF, 0xBA, 0x48, 0xAF, 0x44, 0xE4,
+        0xB6, 0xF6, 0x10, 0x6E, 0xE7, 0x77, 0x95, 0x01,
+        0xDD, 0x5F, 0xB3, 0xC5, 0x78, 0xEA, 0x4D, 0x32,
+        0xC5, 0xC2, 0xF0, 0x36, 0xA7, 0x35, 0x27, 0x03,
+        0xAD, 0xD1, 0x35, 0xAB, 0x84, 0x46, 0x01, 0x62,
+        0x41, 0x7E, 0x50, 0xBF, 0x91, 0xE6, 0x07, 0x97,
+        0xD5, 0x9B, 0x9E, 0x18, 0xD3, 0x24, 0xDA, 0x97,
+        0x1F, 0x4F, 0xF4, 0x28, 0xAE, 0xAF, 0x23, 0xAC,
+        0x0B, 0xA4, 0xE2, 0xE2, 0xFC, 0x7A, 0xBA, 0xA6,
+        0xC8, 0x98, 0x4F, 0xE9, 0xE2, 0xD8, 0x5B, 0x8A,
+        0xDA, 0x40, 0x86, 0xB3, 0xC1, 0x3A, 0xBD, 0x43,
+        0xCF, 0xD1, 0xC7, 0x11, 0xD8, 0x32, 0x6B, 0x18,
+        0xAD, 0xC3, 0x4C, 0xC1, 0x4C, 0xF8, 0x95, 0x7E,
+        0xC3, 0x95, 0x94, 0x98, 0xFC, 0x2A, 0x7B, 0xE0,
+        0x6B, 0xD1, 0x84, 0x0D, 0xE1, 0x70, 0x36, 0x65,
+        0x66, 0xE5, 0x07, 0x41, 0x95, 0x77, 0x63, 0xC2,
+        0xDD, 0x27, 0xAC, 0xF8, 0xC3, 0xF1, 0x02, 0x6F,
+        0xAE, 0xE1, 0xD2, 0x56, 0x2F, 0xA1, 0x05, 0x2E,
+        0x69, 0xAF, 0xDD, 0x42, 0xF4, 0x46, 0xF0, 0x59,
+        0x88, 0x66, 0xD5, 0xD3, 0x06, 0xBF, 0x1B, 0x77,
+        0x50, 0x42, 0xB0, 0x35, 0x92, 0x73, 0x72, 0x82,
+        0x7F, 0x43, 0x86, 0x31, 0x65, 0x34, 0xFA, 0x1B,
+        0x7E, 0xE6, 0x33, 0xBA, 0x95, 0x8C, 0xED, 0x8F,
+        0x0D, 0x24, 0x1D, 0x46, 0x88, 0xE3, 0xC7, 0x91,
+        0x8E, 0x2A, 0x75, 0x62, 0x63, 0x77, 0xC3, 0x42,
+        0xA5, 0x90, 0x69, 0x2B, 0xBF, 0xB8, 0x27, 0xBF,
+        0x90, 0x51, 0x41, 0x82, 0xD4, 0x09, 0x0D, 0xF8,
+        0xD7, 0x32, 0x35, 0x19, 0xA1, 0xAB, 0x6C, 0xD0,
+        0x22, 0x73, 0x67, 0x41, 0x0D, 0xD1, 0x4D, 0x37,
+        0x86, 0xA2, 0x6D, 0xDF, 0x91, 0x72, 0x4F, 0xC8,
+        0x2D, 0x06, 0xA2, 0x5D, 0x5F, 0x56, 0x68, 0x39,
+        0x53, 0xE8, 0xE0, 0xF2, 0x0E, 0x3C, 0x17, 0x71,
+        0xDA, 0xF4, 0x2E, 0x52, 0x02, 0x4C, 0x11, 0x6E,
+        0xD8, 0xA4, 0xC0, 0xA6, 0x11, 0x68, 0x0F, 0x5F,
+        0xE0, 0x0E, 0xD9, 0xB1, 0x48, 0xD1, 0x5F, 0x12,
+        0xAA, 0x95, 0xB9, 0xBD, 0x5A, 0x9F, 0xD8, 0x10,
+        0x16, 0x42, 0xB3, 0x69, 0x11, 0xF3, 0x10, 0xB0,
+        0xDE, 0x18, 0x17, 0x1D, 0x62, 0x37, 0xD9, 0xBE,
+        0x17, 0x25, 0xDC, 0x29, 0x9A, 0x1A, 0x3A, 0xAA,
+        0xE9, 0x85, 0x40, 0xCE, 0xED, 0x26, 0x95, 0x3D,
+        0x10, 0xCE, 0x85, 0x47, 0xF1, 0xC3, 0xE4, 0x6A,
+        0x86, 0x2B, 0xED, 0x42, 0x8D, 0x1E, 0x10, 0x60,
+        0x1B, 0xF3, 0x28, 0xC7, 0x27, 0xFD, 0x95, 0x34,
+        0x3E, 0x2D, 0xB4, 0xD9, 0xAC, 0xD5, 0xD1, 0xCB,
+        0x47, 0x15, 0xF6, 0x00, 0x40, 0x96, 0xED, 0xA0,
+        0x93, 0xD1, 0xB0, 0xA3, 0x3B, 0x1E, 0x56, 0xF1,
+        0x6D, 0x73, 0xAD, 0xB8, 0x73, 0x2C, 0xB4, 0xA3,
+        0x11, 0x60, 0xA4, 0x49, 0x1F, 0xAA, 0x0C, 0x86,
+        0xE6, 0x80, 0xE3, 0xD7, 0xC0, 0x2C, 0xCE, 0xA8,
+        0xFE, 0x92, 0xF1, 0xE0, 0x01, 0x01, 0x6D, 0x22,
+        0x02, 0x21, 0xDD, 0x10, 0xED, 0x62, 0x60, 0x17,
+        0x96, 0x6C, 0x34, 0x50, 0xAD, 0x12, 0x13, 0x65,
+        0x91, 0x8C, 0x93, 0x09, 0x1F, 0x14, 0x71, 0x2B,
+        0xA4, 0x77, 0xCF, 0x2E, 0x26, 0x32, 0x96, 0xC7,
+        0x78, 0xA2, 0xBA, 0xEE, 0xF5, 0x84, 0x94, 0x55,
+        0xFA, 0x35, 0xCB, 0x61, 0x72, 0x51, 0xE0, 0x2A,
+        0x22, 0xDA, 0xF5, 0xC3, 0x3E, 0x5A, 0xAA, 0x9F,
+        0x00, 0xE8, 0xAC, 0xDC, 0x50, 0xEC, 0xF4, 0x7C,
+        0x52, 0x15, 0x03, 0xC5, 0x2F, 0x27, 0xD6, 0xB5,
+        0x7C, 0x8F, 0x2B, 0x3D, 0x8F, 0x12, 0x22, 0x41,
+        0x3E, 0x7F, 0xA4, 0xEC, 0x59, 0x29, 0x63, 0x38,
+        0x09, 0x8C, 0x9A, 0xB5, 0xA1, 0xD8, 0xA5, 0x78,
+        0x84, 0xBD, 0x86, 0x00, 0x41, 0x40, 0x6D, 0x96,
+        0x55, 0xD1, 0x73, 0x82, 0x94, 0x9A, 0x03, 0xD5,
+        0x0F, 0x11, 0x08, 0xD0, 0x5B, 0xDB, 0x31, 0xCA,
+        0x08, 0xE6, 0x6F, 0x2D, 0x8D, 0xE4, 0x80, 0xC6,
+        0x79, 0x35, 0x18, 0xD4, 0x9A, 0x60, 0xD4, 0x76,
+        0x2A, 0x9E, 0xDD, 0xC0, 0x24, 0x9B, 0x42, 0x2E,
+        0x84, 0x02, 0x0E, 0xD5, 0x39, 0xA1, 0x4E, 0x24,
+        0x78, 0xF6, 0x8B, 0xAB, 0x1F, 0x2B, 0x00, 0xE2,
+        0x2A, 0x5C, 0xBB, 0x62, 0x97, 0x9A, 0xC7, 0x44,
+        0xE0, 0x8B, 0x57, 0xD5, 0xB5, 0x78, 0xC4, 0x01,
+        0xA8, 0xD2, 0x6D, 0x9A, 0xDD, 0x15, 0x05, 0x23,
+        0x60, 0x82, 0x86, 0x36, 0x72, 0xD9, 0x11, 0xCF,
+        0x3A, 0x09, 0x66, 0xD3, 0x03, 0xF8, 0x91, 0x70,
+        0x93, 0xBF, 0x97, 0xAF, 0x90, 0xA7, 0xE1, 0xF9,
+        0xD5, 0x9B, 0x09, 0x20, 0x6B, 0x9C, 0xAC, 0x35,
+        0x11, 0x0F, 0xA3, 0x8D, 0x58, 0x90, 0xED, 0x21,
+        0x16, 0x83, 0x5C, 0xE3, 0x73, 0x84, 0xF5, 0x63,
+        0x0F, 0x1C, 0x42, 0x8E, 0x21, 0x36, 0x05, 0x87,
+        0x2E, 0xCF, 0x91, 0x1B, 0x01, 0x4B, 0x91, 0xC2,
+        0xC6, 0x00, 0xE8, 0xA4, 0x07, 0x29, 0xD0, 0x7B,
+        0xF9, 0x18, 0x79, 0x07, 0x42, 0xC9, 0x27, 0x9F,
+        0x31, 0x14, 0xF6, 0x8C, 0xDF, 0x65, 0x94, 0xCD,
+        0xA3, 0xCA, 0x66, 0x94, 0x22, 0x3A, 0x82, 0xF6,
+        0x6C, 0x2B, 0x4B, 0xDF, 0x3E, 0x51, 0xC6, 0xFF,
+        0xDC, 0x55, 0xE0, 0xFF, 0x51, 0xEF, 0xD6, 0xC9,
+        0x34, 0x36, 0x2B, 0xE7, 0xD6, 0xFA, 0xBC, 0x11,
+        0xB8, 0xB0, 0xDA, 0xDD, 0xD5, 0x21, 0x08, 0xFA,
+        0x5F, 0xB5, 0xCA, 0x75, 0x8A, 0x64, 0x37, 0x7D,
+        0x38, 0x6D, 0x45, 0xCE, 0x70, 0x60, 0x5B, 0x46,
+        0x0E, 0x81, 0x57, 0x03, 0x7B, 0x5B, 0x1B, 0x2E,
+        0x0A, 0xED, 0xD1, 0x2A, 0x63, 0x31, 0x15, 0xD6,
+        0xC4, 0x3B, 0xC6, 0xC7, 0xC8, 0x36, 0xFF, 0xF3,
+        0x3E, 0x7D, 0x03, 0x3F, 0x2E, 0x58, 0x00, 0x52,
+        0x71, 0x64, 0xC0, 0xC4, 0x78, 0x1C, 0x37, 0xDF,
+        0x50, 0xB6, 0x6B, 0xBA, 0x5C, 0x81, 0x94, 0x73,
+        0xA1, 0xC5, 0x30, 0x20, 0x83, 0xA1, 0x6F, 0x01,
+        0x43, 0x72, 0x79, 0xD2, 0xF2, 0xDF, 0x14, 0xC8,
+        0x78, 0x26, 0x9A, 0x2F, 0x3F, 0xA4, 0x0C, 0x1C,
+        0x76, 0x1E, 0xD6, 0x15, 0x01, 0xAC, 0x9E, 0xF1,
+        0x41, 0x02, 0x90, 0x38, 0xC8, 0x19, 0x95, 0x40,
+        0x89, 0xB7, 0x38, 0x09, 0x87, 0x08, 0x17, 0x43,
+        0x93, 0xFE, 0xAE, 0xA7, 0xB0, 0x2A, 0xE5, 0xCE,
+        0xF6, 0x7B, 0x3C, 0x8C, 0xE6, 0xA9, 0x70, 0x67,
+        0x5C, 0xA1, 0xB8, 0xC8, 0x56, 0xDC, 0xF5, 0x97,
+        0x25, 0x08, 0xC7, 0xC6, 0xB2, 0x5E, 0xE4, 0xD1,
+        0x2D, 0x82, 0x12, 0xB9, 0x89, 0x40, 0xB4, 0x88,
+        0xEC, 0x40, 0x2A, 0xC7, 0xAE, 0x3C, 0x70, 0xDF,
+        0x93, 0x8D, 0x12, 0x88, 0xCD, 0xA7, 0xA3, 0x19,
+        0xE0, 0x85, 0xBC, 0x73, 0xA4, 0x69, 0xB2, 0xD2,
+        0xA3, 0x30, 0x3B, 0x11, 0xA6, 0x83, 0x10, 0x0A,
+        0xF6, 0xDB, 0x86, 0x93, 0x7B, 0xA1, 0x18, 0x29,
+        0x03, 0x61, 0x6E, 0x3F, 0x03, 0x47, 0xBD, 0x68,
+        0x59, 0x1B, 0x47, 0xBA, 0x65, 0x15, 0x6B, 0x93,
+        0xF2, 0x60, 0xDE, 0x59, 0xB3, 0xAE, 0xB2, 0x89,
+        0xE2, 0xA7, 0x3A, 0x3B, 0xFF, 0x38, 0xC2, 0xF3,
+        0xAD, 0xED, 0xA2, 0x9C, 0x7E, 0x90, 0x28, 0x3A,
+        0xC7, 0xB8, 0x6D, 0x03, 0x6B, 0x47, 0xD5, 0xBA,
+        0x1A, 0x03, 0xEC, 0x78, 0x3D, 0x25, 0x0B, 0xAC,
+        0xAE, 0x58, 0x47, 0xE4, 0x1F, 0x82, 0x9C, 0xB3,
+        0x3D, 0xE0, 0x8D, 0xF8, 0xF7, 0xD6, 0x9C, 0x9A,
+        0xA4, 0xED, 0xE8, 0xD7, 0xAB, 0x96, 0x84, 0x07,
+        0xEE, 0xD3, 0x1A, 0x05, 0x6B, 0xA0, 0xEF, 0x88,
+        0x16, 0xE1, 0x27, 0xAA, 0x90, 0x06, 0x5A, 0x67,
+        0x9E, 0x1C, 0xA9, 0x55, 0x0D, 0xEE, 0xF2, 0x5A,
+        0xC5, 0xB7, 0xA3, 0x4F, 0x70, 0xDC, 0xF2, 0xB1,
+        0x16, 0xCF, 0x35, 0x1F, 0x3B, 0xAD, 0xA9, 0x9F,
+        0x83, 0x6C, 0x73, 0x0D, 0xCC, 0x1A, 0xE0, 0x3F,
+        0x49, 0x6C, 0xF3, 0xF0, 0x38, 0x7A, 0x0C, 0x2C,
+        0x70, 0x2E, 0x2C, 0x13, 0xBD, 0xD9, 0xCF, 0x45,
+        0xA1, 0xCD, 0x53, 0xAB, 0x58, 0x73, 0x11, 0x88,
+        0xB1, 0x8E, 0xA8, 0xBE, 0x48, 0xD5, 0x10, 0xC5,
+        0x81, 0x2E, 0x90, 0xBC, 0xEC, 0xBC, 0x6E, 0x19,
+        0x8E, 0x70, 0x8B, 0x1C, 0x08, 0xC8, 0xF8, 0x64,
+        0xB1, 0x24, 0xBB, 0x4C, 0xC0, 0xBD, 0xBB, 0xDF,
+        0x2C, 0x2F, 0x4E, 0x38, 0x8F, 0xC1, 0x96, 0x60,
+        0xD6, 0x9C, 0xC2, 0xC0, 0xEB, 0xF9, 0x10, 0x08,
+        0xC8, 0x24, 0x3D, 0xB4, 0x2D, 0xDA, 0xF5, 0x7C,
+        0x02, 0x42, 0x51, 0xC4, 0x23, 0x1D, 0xF5, 0x37,
+        0x90, 0xCE, 0x57, 0x56, 0x13, 0xEE, 0x8E, 0x1C,
+        0x7A, 0x33, 0xC1, 0x56, 0x1F, 0x35, 0x04, 0xDE,
+        0xAA, 0xED, 0x1E, 0x84, 0x08, 0x50, 0x06, 0x23,
+        0xEC, 0xA5, 0xAE, 0x5A, 0x28, 0x45, 0x41, 0x17,
+        0x49, 0x93, 0x0D, 0x8E, 0x42, 0x07, 0x8C, 0x03,
+        0x23, 0x49, 0x95, 0x7F, 0xC3, 0x9A, 0x1D, 0xA0,
+        0xEA, 0xF9, 0xE8, 0x7C, 0x31, 0xFF, 0xBF, 0x6A,
+        0xC0, 0xC1, 0x81, 0x1E, 0xB2, 0x8A, 0x41, 0xB1,
+        0xD8, 0x6B, 0xD7, 0xD4, 0x9A, 0xD1, 0xC4, 0x68,
+        0xA4, 0x95, 0x94, 0x95, 0x65, 0x25, 0xA2, 0x0A,
+        0x31, 0x70, 0x0F, 0x12, 0x2F, 0x4C, 0x4B, 0xB2,
+        0x25, 0x2A, 0x2F, 0x3D, 0x5C, 0x5D, 0x68, 0x73,
+        0x83, 0x8C, 0x90, 0x95, 0x97, 0xBB, 0xCA, 0xD8,
+        0xE1, 0x33, 0x3D, 0x5D, 0x61, 0x7C, 0x87, 0xC8,
+        0xEE, 0x0F, 0x1B, 0x22, 0x38, 0x3B, 0x42, 0x4B,
+        0x4C, 0x5C, 0x62, 0x72, 0x98, 0xA3, 0xBE, 0xCC,
+        0x1B, 0x32, 0x47, 0x5C, 0x9D, 0xB6, 0xB9, 0xBD,
+        0xC6, 0xD6, 0xDC, 0xF5, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x11, 0x19, 0x28, 0x34
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte pk_65[] = {
+        0x6C, 0x9E, 0x7A, 0x1E, 0xE3, 0x66, 0x25, 0x76,
+        0x0E, 0x5D, 0x2F, 0x33, 0xDF, 0x29, 0x29, 0xDA,
+        0x56, 0x20, 0x32, 0x34, 0x06, 0x91, 0x60, 0xE5,
+        0xF2, 0xBF, 0x03, 0x9C, 0x11, 0x06, 0x22, 0x73,
+        0x07, 0x3C, 0x23, 0x75, 0x66, 0xCE, 0x05, 0x5D,
+        0x87, 0x1F, 0x38, 0xAC, 0xD1, 0xA9, 0x85, 0x9A,
+        0x82, 0x44, 0x67, 0xF1, 0x9B, 0xE6, 0x8E, 0x4F,
+        0x00, 0x64, 0x5D, 0x22, 0x5C, 0x42, 0xC8, 0x5A,
+        0x55, 0x7D, 0x2C, 0x5E, 0xCB, 0x44, 0x2B, 0x0F,
+        0x02, 0x8A, 0x65, 0x28, 0x89, 0x8E, 0xE2, 0xB6,
+        0x73, 0xD8, 0x63, 0xF3, 0x2E, 0xB9, 0xEC, 0x81,
+        0x64, 0x12, 0x75, 0x41, 0xF3, 0x25, 0x19, 0xBB,
+        0x88, 0xE0, 0x34, 0xA0, 0x3F, 0x46, 0xF7, 0xD1,
+        0x93, 0xCD, 0x3D, 0xFB, 0xAD, 0xF6, 0x35, 0x57,
+        0x92, 0x6C, 0x5C, 0x8F, 0x5B, 0x76, 0x6A, 0x7F,
+        0xC5, 0xEC, 0x8B, 0x3F, 0x94, 0x8B, 0xF7, 0xA8,
+        0x21, 0xB5, 0x4C, 0x94, 0x41, 0xAB, 0x0B, 0xD8,
+        0x33, 0xFD, 0x63, 0x54, 0xCE, 0xC7, 0x06, 0xFA,
+        0xA5, 0x00, 0xAB, 0xB5, 0x28, 0x9B, 0x90, 0xB1,
+        0xBF, 0x91, 0x76, 0x77, 0xA2, 0x9D, 0x11, 0x5F,
+        0x00, 0x94, 0xBD, 0xB4, 0x8D, 0xC7, 0x2E, 0x26,
+        0x1D, 0xBA, 0x12, 0x0B, 0xA6, 0xFF, 0x5E, 0x52,
+        0xA0, 0x1B, 0x17, 0x89, 0x81, 0xDD, 0x82, 0x96,
+        0x44, 0x46, 0x56, 0xD9, 0x44, 0x2D, 0xF9, 0xCB,
+        0xB6, 0xBF, 0xDA, 0xE5, 0x6A, 0x23, 0x0F, 0x6F,
+        0x29, 0xF9, 0x4C, 0xDC, 0xC2, 0x65, 0x57, 0x6A,
+        0xA8, 0x75, 0x2A, 0xCE, 0xD0, 0x7E, 0x99, 0x89,
+        0x5C, 0xAE, 0xF0, 0x16, 0x8B, 0xF8, 0x3D, 0x23,
+        0xFD, 0xAD, 0xFB, 0xB9, 0x28, 0xCB, 0xCD, 0xAB,
+        0xA2, 0x5F, 0xE2, 0xCD, 0x26, 0xAD, 0xDF, 0xB0,
+        0xDA, 0xCD, 0x74, 0x94, 0x0F, 0x35, 0x14, 0x26,
+        0x94, 0x2F, 0x17, 0x6F, 0xFB, 0xC5, 0xF3, 0x45,
+        0x6D, 0xB7, 0xC9, 0x12, 0xAA, 0x16, 0xB8, 0x6D,
+        0x07, 0x45, 0xF8, 0x7C, 0x9F, 0x45, 0x37, 0x0A,
+        0x84, 0x56, 0xA1, 0xAD, 0xB5, 0x1D, 0xB4, 0x05,
+        0x2B, 0x5C, 0x9E, 0xAF, 0x60, 0xAD, 0x7B, 0x80,
+        0xA4, 0x2E, 0xA4, 0xBF, 0x92, 0xC8, 0x41, 0x27,
+        0x3A, 0xD7, 0x61, 0xDE, 0xDB, 0x0D, 0x34, 0xBF,
+        0x57, 0x96, 0x00, 0xB1, 0x49, 0xFC, 0xCD, 0x42,
+        0xAB, 0x15, 0x49, 0xBA, 0x0A, 0xBE, 0xDA, 0x57,
+        0xEF, 0x71, 0xD1, 0xFC, 0xA5, 0x70, 0x2A, 0xAD,
+        0x08, 0x32, 0x99, 0xBB, 0x98, 0x30, 0x01, 0x89,
+        0xC2, 0x5F, 0x3B, 0x27, 0x0A, 0x87, 0x65, 0x8D,
+        0x0B, 0x2E, 0xA5, 0x65, 0x24, 0x14, 0x7F, 0x73,
+        0x9E, 0xB6, 0xC6, 0x76, 0xD7, 0xBE, 0x73, 0xDD,
+        0x3B, 0x95, 0xB1, 0x0C, 0x55, 0xAB, 0x46, 0xFD,
+        0x01, 0x54, 0x9C, 0x51, 0x68, 0xBF, 0x7D, 0xA1,
+        0x3A, 0x49, 0x97, 0x85, 0xF3, 0x5A, 0x1E, 0x3B,
+        0x56, 0xF4, 0xC5, 0x67, 0xF5, 0x4E, 0xA9, 0xAA,
+        0x28, 0x17, 0xA3, 0x36, 0x38, 0x36, 0x43, 0xFA,
+        0x2E, 0xA3, 0x1F, 0xB1, 0xB7, 0x3E, 0x10, 0x24,
+        0x8D, 0xFC, 0xA0, 0x5C, 0x04, 0x13, 0x12, 0x66,
+        0x49, 0x8E, 0x1C, 0x94, 0x91, 0x13, 0x5A, 0x50,
+        0xE6, 0x3D, 0x02, 0xFA, 0xDF, 0x41, 0x65, 0xFC,
+        0x9E, 0x15, 0xE3, 0xE1, 0xB3, 0x2F, 0xAB, 0x83,
+        0x37, 0x68, 0x4C, 0x49, 0x19, 0x3E, 0x1B, 0xC4,
+        0xED, 0xEA, 0xE3, 0x73, 0xA2, 0x67, 0xA7, 0x14,
+        0xAC, 0x1F, 0x90, 0x9C, 0xC6, 0x57, 0xCD, 0x80,
+        0x66, 0x64, 0x63, 0x27, 0xE0, 0xEE, 0xA0, 0x41,
+        0xAC, 0x9F, 0x2A, 0xEF, 0xFC, 0x80, 0x69, 0x1B,
+        0xF6, 0x0D, 0x3C, 0x94, 0xC6, 0x42, 0x55, 0x7E,
+        0x42, 0x99, 0xD3, 0x95, 0x92, 0x22, 0x16, 0xC6,
+        0x5E, 0x75, 0xB7, 0xE1, 0xA5, 0x02, 0x89, 0x60,
+        0x38, 0x4B, 0xF8, 0x16, 0xC9, 0xF7, 0x05, 0x48,
+        0x29, 0xE7, 0x98, 0x5B, 0x58, 0x41, 0xA7, 0x33,
+        0xF3, 0x3F, 0xCE, 0x24, 0x55, 0xEF, 0xC8, 0x9B,
+        0xAE, 0x84, 0xB4, 0x79, 0x90, 0xE8, 0xD0, 0xAF,
+        0xC6, 0x19, 0x3E, 0x4A, 0xF9, 0xBC, 0x68, 0x0A,
+        0xE2, 0x4F, 0xE5, 0x91, 0xE8, 0x8B, 0xA6, 0xA2,
+        0xAE, 0x12, 0xDA, 0x38, 0x58, 0xD2, 0x1F, 0x49,
+        0x2D, 0x24, 0xAB, 0xC4, 0xFE, 0x4F, 0xD5, 0x2D,
+        0x5A, 0xBF, 0x24, 0xBD, 0x25, 0x46, 0x87, 0xB9,
+        0x18, 0x79, 0x2F, 0x0A, 0x00, 0x3A, 0x52, 0x22,
+        0xDF, 0x45, 0x03, 0x86, 0x85, 0xC7, 0x25, 0xCE,
+        0x75, 0x79, 0xE0, 0x2C, 0xB1, 0x68, 0xBB, 0xC6,
+        0x66, 0xAB, 0xF6, 0x69, 0x85, 0x6E, 0x10, 0x53,
+        0x7C, 0x92, 0x91, 0x69, 0x2C, 0x0C, 0xB0, 0xCF,
+        0xA9, 0x06, 0x27, 0x0A, 0xC2, 0xC7, 0xB7, 0xDC,
+        0x31, 0xD4, 0xF9, 0x28, 0x3C, 0xB2, 0xDB, 0x8A,
+        0x46, 0x2A, 0xEC, 0x0B, 0x98, 0x07, 0xBB, 0xF4,
+        0xAB, 0x45, 0x76, 0xFE, 0xC6, 0x22, 0x6B, 0x41,
+        0x79, 0x32, 0x2B, 0x67, 0xAE, 0xA5, 0x3B, 0xDD,
+        0xF9, 0xC9, 0xBE, 0x5E, 0x0D, 0xBC, 0x43, 0xF7,
+        0x87, 0x43, 0x06, 0x8A, 0xB5, 0xBE, 0x49, 0xF0,
+        0xE6, 0x2F, 0x8E, 0x2E, 0xB1, 0xB6, 0xC6, 0x73,
+        0x6C, 0x05, 0xC9, 0x41, 0x3D, 0x06, 0x5C, 0xE0,
+        0xCC, 0xB7, 0x90, 0x54, 0x80, 0x41, 0xD7, 0xE8,
+        0x32, 0x88, 0x1A, 0x83, 0x9B, 0x57, 0x29, 0xAF,
+        0x94, 0xAB, 0x79, 0xFD, 0x8A, 0x16, 0xDF, 0xFF,
+        0x78, 0xCA, 0xAA, 0x14, 0x1D, 0x97, 0xCC, 0x06,
+        0x50, 0xF8, 0x62, 0x62, 0xF2, 0x61, 0x59, 0xBE,
+        0x8B, 0x36, 0x1A, 0x4A, 0x04, 0x1E, 0x9A, 0x0B,
+        0x65, 0x11, 0xBB, 0xE3, 0x35, 0x5A, 0x4B, 0xF5,
+        0x7A, 0xC0, 0x98, 0x48, 0x84, 0x7E, 0xE0, 0x24,
+        0x3C, 0x3B, 0xA7, 0x74, 0x77, 0x6F, 0x7E, 0x9A,
+        0x22, 0x72, 0x75, 0xD7, 0x4E, 0x6E, 0x31, 0x01,
+        0xD3, 0x82, 0x81, 0x87, 0x63, 0xED, 0x1E, 0x13,
+        0x53, 0xAB, 0x9E, 0xEC, 0xCD, 0x92, 0x0C, 0xD2,
+        0x89, 0x22, 0xD5, 0x59, 0xA4, 0x04, 0x8F, 0x40,
+        0xF0, 0x62, 0x16, 0x4C, 0xB6, 0x61, 0xC4, 0xF4,
+        0xAF, 0xA8, 0x1A, 0x3D, 0x55, 0x93, 0x3C, 0x47,
+        0x91, 0xED, 0xDA, 0xA3, 0x93, 0x9E, 0x5A, 0xC3,
+        0x42, 0xB0, 0xAD, 0x1F, 0x43, 0x8A, 0x53, 0x2C,
+        0x6C, 0xE7, 0x86, 0x68, 0x1A, 0x87, 0x0D, 0x94,
+        0xEC, 0x88, 0xA3, 0x34, 0xCC, 0xEF, 0xC6, 0xAC,
+        0xE7, 0xD9, 0x88, 0xA1, 0xA8, 0x2B, 0xC0, 0xAC,
+        0xCE, 0x78, 0x5F, 0x12, 0x3B, 0xE2, 0x3A, 0x7C,
+        0x92, 0xAF, 0x10, 0x8E, 0x5E, 0xD4, 0xF0, 0x86,
+        0x9E, 0x22, 0xDA, 0xE2, 0x73, 0x55, 0x6D, 0x1D,
+        0xE3, 0x86, 0x62, 0x3A, 0x6C, 0x3F, 0x11, 0x5B,
+        0xBD, 0x11, 0x92, 0x71, 0xD3, 0xFB, 0xA7, 0x96,
+        0xF6, 0x18, 0xB5, 0x39, 0x59, 0xFB, 0x98, 0x01,
+        0x2E, 0x7D, 0x5B, 0x9A, 0xC6, 0x88, 0x94, 0x0B,
+        0x87, 0xE2, 0xC9, 0xC0, 0x65, 0x52, 0x4A, 0x00,
+        0xD3, 0xA4, 0xF4, 0xDB, 0xF5, 0x2F, 0x4B, 0x1A,
+        0x63, 0xEF, 0x5C, 0x46, 0x19, 0x3B, 0xAD, 0xF7,
+        0xAD, 0x7F, 0x98, 0x8D, 0x44, 0x64, 0x34, 0x5B,
+        0x2C, 0x3E, 0x54, 0x96, 0x84, 0xF2, 0xF9, 0x05,
+        0xF6, 0xF8, 0x9D, 0xD6, 0x41, 0x47, 0x3E, 0xC0,
+        0x51, 0x08, 0xA5, 0x2D, 0x8D, 0xBB, 0x91, 0x76,
+        0x8C, 0x54, 0x1D, 0xE5, 0x20, 0xB1, 0x76, 0x66,
+        0x97, 0x0A, 0xAE, 0xB5, 0x06, 0xE7, 0x5D, 0x8E,
+        0xE9, 0xF4, 0xB4, 0x45, 0x5B, 0x71, 0xE0, 0x08,
+        0x8A, 0xB2, 0x56, 0x55, 0x21, 0x3B, 0x75, 0x85,
+        0x9D, 0x25, 0xF5, 0x59, 0xD3, 0xC3, 0x24, 0xD2,
+        0x83, 0xD3, 0x97, 0xAB, 0xE6, 0xF0, 0xAA, 0xA3,
+        0x86, 0x81, 0x57, 0x68, 0xD0, 0x33, 0x57, 0xD7,
+        0x75, 0x96, 0x49, 0x02, 0x41, 0x31, 0x53, 0xE3,
+        0x56, 0x0C, 0xCE, 0xF1, 0xFD, 0x44, 0xB6, 0x5F,
+        0xF1, 0xB2, 0x87, 0xA9, 0x2A, 0x96, 0x93, 0xF0,
+        0x34, 0xB7, 0xEE, 0x66, 0x89, 0x34, 0x70, 0x2D,
+        0x75, 0x01, 0xCA, 0xF6, 0xDA, 0x4E, 0xE9, 0x8A,
+        0xF4, 0xE8, 0xE6, 0x4B, 0x03, 0x40, 0xE0, 0xBB,
+        0x8B, 0xDC, 0x53, 0x3B, 0x0E, 0xFE, 0xE1, 0x91,
+        0x5A, 0x4B, 0x68, 0xB9, 0x3C, 0x5E, 0x95, 0x32,
+        0x1E, 0xED, 0xC2, 0x34, 0xAE, 0xFE, 0x71, 0xAE,
+        0x2E, 0x5D, 0xAC, 0xEC, 0x2F, 0x52, 0xF8, 0x37,
+        0x23, 0xA2, 0x39, 0x2A, 0x7F, 0x8E, 0x13, 0xBC,
+        0x03, 0x01, 0xCD, 0x10, 0x4D, 0x85, 0x2E, 0x62,
+        0xA7, 0xF8, 0x28, 0xAD, 0x32, 0x9B, 0x3D, 0x95,
+        0x96, 0xC5, 0x8E, 0x13, 0xFC, 0xC0, 0xED, 0x96,
+        0xC1, 0xC4, 0x8D, 0x82, 0xA2, 0xC0, 0xF4, 0xD9,
+        0xD2, 0x4D, 0xD8, 0x42, 0x1F, 0xDC, 0xCE, 0xFD,
+        0x49, 0x7A, 0x9B, 0x05, 0xFF, 0xC5, 0x09, 0x04,
+        0x77, 0x04, 0x01, 0x37, 0x3F, 0xEE, 0x7D, 0xC7,
+        0x37, 0x73, 0x41, 0x8A, 0xEB, 0x4A, 0x1F, 0x59,
+        0x9A, 0x4B, 0xB3, 0x8E, 0xDE, 0x8D, 0x10, 0xA3,
+        0xCC, 0x83, 0xA1, 0xC7, 0x2D, 0xE9, 0x21, 0x96,
+        0x9E, 0x3C, 0xE3, 0xE8, 0xEF, 0x2F, 0x7D, 0xA8,
+        0x9D, 0x34, 0x4C, 0x80, 0xD6, 0x1C, 0xF9, 0xC5,
+        0xA4, 0x23, 0xB1, 0xA4, 0xF3, 0x56, 0x7D, 0x96,
+        0xDB, 0x2D, 0xA3, 0xDB, 0x9B, 0x5B, 0x5F, 0xA6,
+        0x81, 0x56, 0xBE, 0x74, 0x52, 0xC8, 0xA0, 0x18,
+        0x1B, 0xB9, 0xF0, 0xDC, 0x75, 0xCD, 0x97, 0x50,
+        0x88, 0x3D, 0x0D, 0xDA, 0xE5, 0x3F, 0xC1, 0x56,
+        0xD6, 0x7A, 0x74, 0x20, 0x08, 0x69, 0x04, 0x6B,
+        0x41, 0xDF, 0x4B, 0xC4, 0x39, 0x69, 0x93, 0xC0,
+        0x8A, 0xA4, 0x89, 0x7A, 0x0B, 0xDD, 0xEF, 0xB5,
+        0x5F, 0x69, 0xCC, 0x1C, 0x4D, 0x7B, 0x5F, 0xB1,
+        0x50, 0x40, 0x84, 0x27, 0xB4, 0x16, 0xF7, 0x31,
+        0x83, 0xF2, 0xB3, 0xCC, 0x16, 0xE3, 0xB7, 0xDA,
+        0x63, 0xCE, 0xE1, 0x14, 0x3A, 0xDA, 0x1A, 0x05,
+        0x66, 0x26, 0xA0, 0x77, 0xB6, 0xD2, 0x1C, 0x3D,
+        0xD9, 0x74, 0xED, 0x90, 0x7C, 0x5A, 0x09, 0x40,
+        0x19, 0x22, 0x57, 0x37, 0xEF, 0xB9, 0x33, 0x19,
+        0xAD, 0x3B, 0x40, 0xA4, 0xF4, 0x34, 0xAE, 0x49,
+        0xD2, 0x83, 0x91, 0xC1, 0x7A, 0x99, 0x9C, 0x74,
+        0x4A, 0x68, 0xC5, 0x5A, 0x91, 0xB8, 0x62, 0x72,
+        0x95, 0x83, 0xD3, 0xDA, 0x46, 0xEE, 0x70, 0xC5,
+        0xCC, 0x46, 0x16, 0x94, 0x16, 0x7D, 0x32, 0xD2,
+        0x1D, 0xE7, 0x53, 0x27, 0x73, 0x2C, 0x63, 0xBB,
+        0xFB, 0xD7, 0xB3, 0x0D, 0xBF, 0x20, 0x57, 0xA0,
+        0xD6, 0x81, 0x51, 0x9F, 0x6E, 0x4A, 0xF6, 0x08,
+        0xD4, 0xBC, 0xD0, 0xB4, 0x75, 0x07, 0x26, 0x77,
+        0x0E, 0x15, 0x6A, 0xED, 0xE8, 0x54, 0x17, 0xBD,
+        0x75, 0x9D, 0x5F, 0xFE, 0x40, 0x1C, 0xB2, 0x99,
+        0x6F, 0x34, 0x43, 0x4D, 0xB4, 0x28, 0xD9, 0xA4,
+        0x17, 0x03, 0x72, 0x01, 0xFC, 0xD2, 0x60, 0xFA,
+        0xA9, 0x80, 0x84, 0x50, 0x2E, 0xED, 0x5C, 0x27,
+        0xA8, 0x91, 0x6E, 0x44, 0xF5, 0x92, 0x98, 0x19,
+        0xD2, 0x1A, 0x69, 0xCE, 0x16, 0xBC, 0xDC, 0x3C,
+        0xC8, 0x14, 0x1E, 0x28, 0x5E, 0xF8, 0x97, 0xB1,
+        0x40, 0x2C, 0x15, 0xC9, 0x52, 0x59, 0x01, 0x19,
+        0x05, 0x1E, 0x36, 0x9A, 0x1B, 0x7B, 0xE4, 0x43,
+        0xFE, 0xAE, 0x6E, 0x32, 0xBC, 0x8F, 0x3D, 0x64,
+        0x7F, 0xC5, 0x31, 0x5A, 0x52, 0x00, 0xCD, 0x52,
+        0x38, 0xDC, 0x66, 0x77, 0x46, 0x6E, 0xA8, 0x6E,
+        0xF8, 0xD1, 0x8E, 0x5A, 0x79, 0xF2, 0x62, 0x48,
+        0x3E, 0x89, 0x6B, 0x82, 0x77, 0xC7, 0x41, 0xF5,
+        0x16, 0xFC, 0x04, 0x0C, 0x10, 0x90, 0xF2, 0x49,
+        0x5B, 0xF1, 0x65, 0x0B, 0x02, 0xAF, 0x30, 0x45,
+        0x67, 0x33, 0xA0, 0x71, 0xAF, 0x47, 0xD7, 0xA1,
+        0x5B, 0xD8, 0xE3, 0x2A, 0x49, 0x80, 0x64, 0x55,
+        0xD3, 0xBE, 0xA7, 0x4A, 0xEF, 0x5D, 0x00, 0x90,
+        0x6A, 0xD2, 0xF0, 0xC0, 0x45, 0x35, 0x4E, 0xFD,
+        0xE7, 0xC9, 0xA2, 0x76, 0xE7, 0x3D, 0x9E, 0xDD,
+        0x11, 0xD1, 0xCA, 0x5C, 0x29, 0x7B, 0x9A, 0x68,
+        0x51, 0xE7, 0xF6, 0x7E, 0x21, 0xEB, 0x06, 0x1B,
+        0xB5, 0x5D, 0x9E, 0x67, 0x3C, 0x4A, 0x75, 0xFE,
+        0xB8, 0x4D, 0x52, 0x62, 0x9E, 0xEC, 0xC5, 0x3C,
+        0x24, 0xBE, 0xA9, 0x51, 0x53, 0x05, 0x1A, 0xC2,
+        0x06, 0xC8, 0x7D, 0xF5, 0x54, 0x10, 0xCA, 0x1F,
+        0xE6, 0xCF, 0xC3, 0xF4, 0x03, 0xA6, 0xD9, 0xD4,
+        0x3E, 0xA8, 0x4C, 0x60, 0xC9, 0x45, 0xE6, 0x42,
+        0xB2, 0x83, 0x63, 0x38, 0xB5, 0xAF, 0x9F, 0x69,
+        0xE5, 0x27, 0x08, 0xB2, 0xE2, 0x25, 0x93, 0x3D,
+        0xB3, 0x20, 0xBB, 0x3F, 0x79, 0x0D, 0x39, 0x7F,
+        0x22, 0xD7, 0xB6, 0xF8, 0xA4, 0x33, 0xCD, 0xAC,
+        0xE9, 0x81, 0x0A, 0xA0, 0xE2, 0x7C, 0x69, 0x95,
+        0x55, 0x53, 0x0C, 0x56, 0x2D, 0xBF, 0x75, 0x17,
+        0xA4, 0x16, 0x26, 0x28, 0xBF, 0x10, 0xD1, 0xB6,
+        0xDB, 0xAC, 0xEF, 0x5C, 0x9E, 0xD5, 0x1E, 0x55,
+        0xD9, 0xA8, 0x9D, 0x60, 0xE0, 0xFC, 0x37, 0x8C,
+        0x47, 0xA2, 0x1D, 0x5E, 0x0F, 0x2D, 0xC3, 0xBC,
+        0xEF, 0x5E, 0x05, 0xC6, 0xE0, 0x26, 0x15, 0x30,
+        0xFB, 0x02, 0x7E, 0x50, 0x32, 0x55, 0x8C, 0xA2,
+        0xB4, 0x70, 0x05, 0xBD, 0xDE, 0x99, 0x90, 0x99,
+        0x30, 0x39, 0x1E, 0xAD, 0x7F, 0x3F, 0x0A, 0x96,
+        0xB3, 0xDE, 0xDA, 0x54, 0xA1, 0x11, 0x45, 0xF5,
+        0x30, 0xE5, 0x1D, 0xEF, 0x89, 0x2E, 0x5A, 0xB0,
+        0x20, 0x4D, 0x61, 0x4E, 0x6E, 0x38, 0xAF, 0xE7,
+        0x9C, 0xA9, 0x2C, 0x28, 0x15, 0x8D, 0x57, 0x01,
+        0x20, 0x35, 0x3B, 0x7A, 0x4D, 0xE0, 0x88, 0x98,
+        0x46, 0xD8, 0x35, 0x29, 0x49, 0x39, 0x55, 0x7E,
+        0xD0, 0xAE, 0xDA, 0x27, 0x0D, 0x4D, 0x73, 0xED,
+        0x84, 0xD3, 0xD4, 0x9F, 0x9F, 0x03, 0x2D, 0x43,
+        0x45, 0x7B, 0xF5, 0x9B, 0xB7, 0xD6, 0x63, 0x59,
+        0xDC, 0x53, 0xF9, 0xB4, 0x69, 0x63, 0xB2, 0x17,
+        0x84, 0xB0, 0x6C, 0xBC, 0xF0, 0x4B, 0xEC, 0x1E,
+        0x33, 0xA3, 0x33, 0x71, 0x53, 0x27, 0x16, 0xC9,
+        0xED, 0xB3, 0xFB, 0xED, 0xB8, 0x19, 0x99, 0xB4,
+        0x37, 0x2D, 0x09, 0x45, 0xC1, 0x0A, 0xE8, 0x26,
+        0xC6, 0x0F, 0xFE, 0x93, 0x17, 0x0B, 0x6D, 0x29,
+        0x4B, 0x38, 0x91, 0xB0, 0xD2, 0xA7, 0xB3, 0x5B,
+        0x28, 0xA8, 0x97, 0x18, 0x45, 0xDC, 0x2F, 0xEC,
+        0xE2, 0x37, 0xB8, 0x0F, 0x20, 0xB3, 0x79, 0xCC,
+        0x4D, 0x13, 0x6D, 0xAB, 0x3F, 0xBB, 0x37, 0x92,
+        0xC6, 0x3E, 0xC6, 0x1F, 0x5C, 0x75, 0x5B, 0xC9,
+        0xDB, 0x35, 0x08, 0x6F, 0xBF, 0x46, 0xD2, 0xB7,
+        0x97, 0x0D, 0xCA, 0x2A, 0x85, 0x23, 0xFD, 0xB4,
+        0xC7, 0xA0, 0xB8, 0xE4, 0x2F, 0x8A, 0xF9, 0xAC,
+        0xAD, 0x2A, 0x0E, 0xFC, 0x11, 0x36, 0x02, 0xA4,
+        0xEA, 0x62, 0xE4, 0xEB, 0xB7, 0xD2, 0x69, 0xC3,
+        0xA4, 0x0B, 0xA2, 0xC4, 0x4E, 0xDD, 0x29, 0x56
+    };
+    static const byte msg_65[] = {
+       0xC4, 0xF5, 0x9F, 0xA2, 0xDE, 0x30, 0xC8, 0x42,
+        0x0A, 0x7E, 0x7F, 0x09, 0x6B, 0xAF, 0x6A, 0xD6,
+        0x9B, 0x1C, 0x15, 0xA5, 0xC6, 0xE6, 0x1C, 0x9D,
+        0x82, 0xAF, 0xCF, 0xDB, 0x6E, 0xB8, 0xF2, 0x75,
+        0xBF, 0x57, 0x87, 0x18, 0x6A, 0xAE, 0x78, 0x1F,
+        0x48, 0x7F, 0x9F, 0x88, 0x75, 0x8C, 0x9C, 0x61,
+        0xF3, 0x5D, 0x50, 0x83, 0xEE, 0x70, 0x42, 0x4B,
+        0x0D, 0x0A, 0x51, 0x57, 0x50, 0x10, 0xC2, 0xA9,
+        0x07, 0xF4, 0x96, 0x08, 0x11, 0x5D, 0x33, 0xEB,
+        0xA0, 0x03, 0x15, 0x09, 0x32, 0x2A, 0xA7, 0xD3,
+        0x06, 0x1F, 0xEC, 0x31, 0x62, 0xF9, 0x6A, 0x56,
+        0x5F, 0x98, 0x76, 0x9E, 0x9A, 0x19, 0x23, 0x5D,
+        0x89, 0xD1, 0xB2, 0x1D, 0x60, 0xA3, 0x81, 0xDF,
+        0x8E, 0xB3, 0x7D, 0x58, 0xC6, 0xA2, 0xE4, 0x83,
+        0xA8, 0xEB, 0x70, 0x73, 0x6E, 0x4B, 0x7B, 0xB9,
+        0x11, 0xF7, 0xAB, 0x92, 0x3D, 0xC2, 0x9F, 0x1E
+    };
+    static const byte sig_65[] = {
+        0xE8, 0x95, 0xDB, 0x64, 0xC5, 0x7B, 0xC3, 0xC2,
+        0xA9, 0x7F, 0x0E, 0xC9, 0x33, 0x41, 0x0E, 0x98,
+        0xF6, 0x21, 0x61, 0x03, 0xE3, 0x42, 0x3C, 0xAF,
+        0x06, 0xA6, 0x71, 0x96, 0x4C, 0x51, 0x4A, 0x69,
+        0x4E, 0xB6, 0xF6, 0x5C, 0xBD, 0x11, 0x37, 0xCC,
+        0xCF, 0x88, 0x81, 0xFA, 0x40, 0x3C, 0x5F, 0xA0,
+        0xE0, 0xB2, 0xF3, 0x6B, 0x9F, 0x40, 0x09, 0xC3,
+        0x78, 0x21, 0x0D, 0x29, 0xE5, 0x4A, 0x7A, 0x5A,
+        0x9B, 0x79, 0x31, 0x97, 0xCD, 0x6D, 0x2F, 0x38,
+        0xD7, 0xE1, 0xF3, 0xAC, 0xA6, 0x9D, 0x48, 0x88,
+        0x13, 0x89, 0x38, 0x1C, 0x89, 0xFA, 0x67, 0x6D,
+        0xE4, 0x26, 0xD6, 0x34, 0xF9, 0xA1, 0x57, 0x05,
+        0x5F, 0x17, 0x28, 0x3E, 0xCE, 0x82, 0x48, 0xCA,
+        0xF1, 0x4D, 0xCF, 0x11, 0xE2, 0xD5, 0x63, 0x55,
+        0xB0, 0x47, 0xDF, 0x63, 0x2A, 0x18, 0x48, 0x2E,
+        0x79, 0xCB, 0x2D, 0x5A, 0x74, 0x39, 0x66, 0xBA,
+        0xA8, 0xA7, 0x61, 0x21, 0xBB, 0x69, 0xC2, 0xE6,
+        0x81, 0x55, 0xAC, 0xCB, 0x0A, 0x31, 0xDA, 0x6E,
+        0xDC, 0x73, 0xCB, 0x09, 0xA9, 0xE6, 0x60, 0xFE,
+        0xB2, 0x0F, 0x66, 0xC7, 0xBD, 0x96, 0x7A, 0xDE,
+        0x32, 0x14, 0x9C, 0x55, 0x52, 0xEA, 0xEB, 0x2E,
+        0xA1, 0x75, 0xB5, 0x62, 0x33, 0xF3, 0xB3, 0x70,
+        0xED, 0xD8, 0x67, 0x92, 0x69, 0xCE, 0x0D, 0x2B,
+        0x43, 0xF6, 0xB2, 0xF6, 0x5F, 0xE9, 0x57, 0xE7,
+        0xAB, 0x37, 0xB9, 0x82, 0x04, 0x37, 0x54, 0xEA,
+        0xC8, 0xA3, 0x0B, 0x36, 0xC1, 0x00, 0x04, 0xEF,
+        0x13, 0xC6, 0x92, 0xE2, 0x19, 0xAA, 0x7A, 0xF0,
+        0xA4, 0xC5, 0x28, 0x69, 0x10, 0xC7, 0x10, 0x0D,
+        0xA4, 0x1E, 0x17, 0xBB, 0xEF, 0x2D, 0xA2, 0xAB,
+        0x03, 0xAD, 0xF3, 0x07, 0x4B, 0xA1, 0xDA, 0x15,
+        0xBC, 0xC8, 0x48, 0x05, 0xB8, 0x9B, 0x9D, 0xA8,
+        0x8E, 0x9B, 0x40, 0x0A, 0xFB, 0x7E, 0x3B, 0xC8,
+        0x33, 0x8D, 0x35, 0x4D, 0xA9, 0x53, 0xAC, 0x0B,
+        0xAD, 0x82, 0x27, 0x56, 0xCA, 0x92, 0xE5, 0xDD,
+        0x95, 0x07, 0xF4, 0x2B, 0xFE, 0xFC, 0xCB, 0x32,
+        0xB4, 0xB9, 0x1A, 0x2B, 0xE5, 0xEF, 0x34, 0xC2,
+        0xCF, 0x11, 0x77, 0xEA, 0xAF, 0xB2, 0x50, 0xAC,
+        0x9A, 0xDE, 0xC4, 0xBE, 0x71, 0x80, 0x75, 0x89,
+        0xF1, 0x00, 0x32, 0x27, 0xF9, 0xB7, 0x6B, 0x74,
+        0xE0, 0x7B, 0xA6, 0x7A, 0xC6, 0x08, 0x19, 0xB2,
+        0xAF, 0x76, 0x6A, 0x47, 0xFF, 0xFC, 0x7B, 0x76,
+        0xD3, 0xA7, 0xC0, 0x77, 0xF5, 0xEC, 0x69, 0xAE,
+        0xEA, 0x3E, 0x96, 0x38, 0x59, 0xB8, 0x2C, 0x2A,
+        0xDE, 0x58, 0xBE, 0xC2, 0x15, 0x2E, 0xC8, 0x20,
+        0x51, 0x10, 0x97, 0x5D, 0x37, 0xC6, 0x50, 0x5E,
+        0x0D, 0xC7, 0x76, 0xFD, 0xE0, 0x71, 0x09, 0x7E,
+        0x93, 0x01, 0x3D, 0x10, 0x04, 0xF4, 0xE1, 0xA2,
+        0xFD, 0x79, 0xB8, 0x77, 0xED, 0x50, 0x25, 0xF5,
+        0x27, 0xF3, 0xBF, 0xF1, 0x37, 0xF0, 0x41, 0xBB,
+        0x9B, 0xD0, 0x01, 0xE9, 0x49, 0xF0, 0x8B, 0x4C,
+        0xF8, 0x8D, 0xFD, 0x32, 0xFC, 0x7C, 0xDB, 0xCE,
+        0xCC, 0xFD, 0xB0, 0xFA, 0x2D, 0xE7, 0x82, 0x3E,
+        0x11, 0x0B, 0xCF, 0xF5, 0x8A, 0x41, 0x2C, 0xEA,
+        0x27, 0x95, 0x75, 0x3E, 0x9C, 0x89, 0x67, 0x8C,
+        0x3A, 0xE2, 0x42, 0x68, 0xF7, 0x48, 0x9F, 0x72,
+        0x97, 0x4B, 0x69, 0x55, 0xED, 0xD0, 0x4E, 0x19,
+        0x0D, 0x99, 0xBB, 0x0D, 0x7A, 0x25, 0x2F, 0xAD,
+        0x5B, 0xBA, 0x60, 0x6C, 0x1A, 0x1F, 0x3A, 0xCA,
+        0x73, 0x3B, 0xFA, 0xE3, 0x30, 0x9E, 0xA0, 0xA6,
+        0xEB, 0x7D, 0x07, 0xE3, 0x6D, 0x8C, 0xA3, 0x36,
+        0xD2, 0x64, 0x4F, 0xCE, 0x1A, 0x41, 0x89, 0x5D,
+        0x01, 0x4D, 0x1A, 0x60, 0xCB, 0x10, 0x6F, 0x3F,
+        0x80, 0x75, 0xF9, 0x37, 0x84, 0x61, 0x73, 0x8D,
+        0x63, 0xD1, 0x15, 0xD0, 0x0B, 0x02, 0x4C, 0x67,
+        0x78, 0x01, 0x05, 0x0A, 0x1B, 0x0B, 0x50, 0xDE,
+        0x05, 0x7F, 0x85, 0xDB, 0x6A, 0xEB, 0x2C, 0x9D,
+        0x6B, 0xB7, 0x40, 0x2A, 0x66, 0xE3, 0xAB, 0x4D,
+        0xB0, 0x5C, 0x58, 0xBB, 0xDA, 0x12, 0xF6, 0x95,
+        0x95, 0x8B, 0x8A, 0xC7, 0xB4, 0xE4, 0x5E, 0xC6,
+        0xC9, 0x52, 0xF6, 0x79, 0xC1, 0xEE, 0xBD, 0xF8,
+        0x60, 0xE3, 0x48, 0x98, 0x27, 0x79, 0xAA, 0x69,
+        0x88, 0xEF, 0xC2, 0xAD, 0x1D, 0xC1, 0xEA, 0xE2,
+        0x2A, 0x27, 0xA5, 0xB2, 0xC6, 0x1C, 0x97, 0xB3,
+        0xB2, 0x49, 0x3C, 0xB6, 0xC1, 0x3C, 0x5F, 0x6E,
+        0x20, 0xA6, 0x7B, 0x88, 0xD3, 0xC3, 0xAC, 0xCF,
+        0xAF, 0x0A, 0x42, 0x57, 0x42, 0xDF, 0x24, 0x06,
+        0x34, 0xD1, 0xEE, 0x59, 0x38, 0x28, 0xFE, 0x62,
+        0x97, 0x44, 0x6C, 0x07, 0x6F, 0x97, 0x90, 0x55,
+        0x98, 0x8A, 0xB8, 0x34, 0xB2, 0xBD, 0x82, 0xE1,
+        0x4D, 0xC0, 0x86, 0x40, 0x0E, 0x1C, 0x95, 0x6C,
+        0xC0, 0xC3, 0x0C, 0xE7, 0xBF, 0xD9, 0x62, 0x22,
+        0x3D, 0x23, 0xFE, 0x94, 0x94, 0x96, 0x4A, 0x81,
+        0x1B, 0x93, 0xE8, 0xD7, 0xB8, 0xF3, 0x4C, 0x89,
+        0xAA, 0xD4, 0x5D, 0xD4, 0x11, 0x3F, 0x2A, 0xE7,
+        0xBD, 0x94, 0xB5, 0x3F, 0xC8, 0x6E, 0x8B, 0x2A,
+        0xE8, 0x2E, 0x51, 0xEC, 0x6F, 0x3E, 0xA4, 0xC3,
+        0x0D, 0x60, 0xB8, 0x60, 0x72, 0x74, 0x86, 0x12,
+        0xD1, 0x60, 0x70, 0x56, 0xB5, 0xFF, 0x6A, 0x45,
+        0x00, 0xEE, 0xE7, 0x8A, 0x5A, 0x63, 0x9C, 0x7B,
+        0x74, 0x16, 0x97, 0x77, 0x62, 0x68, 0x64, 0xDD,
+        0x9E, 0xAE, 0xF0, 0xE3, 0xAD, 0x84, 0x93, 0xD8,
+        0x31, 0xF7, 0x1D, 0xEA, 0x95, 0xBB, 0xFC, 0xF8,
+        0x14, 0x23, 0xA2, 0x66, 0xDE, 0x56, 0xF3, 0xA8,
+        0xFE, 0x8E, 0x6C, 0x3C, 0x0D, 0x61, 0x2F, 0xB6,
+        0x2B, 0xD6, 0x42, 0x18, 0x8C, 0xA7, 0x1C, 0xB8,
+        0x98, 0x34, 0xF3, 0x0B, 0xCC, 0x28, 0xBD, 0x17,
+        0x88, 0x45, 0xF1, 0xF6, 0xF4, 0x6C, 0x03, 0xD3,
+        0x06, 0xF7, 0xED, 0x4E, 0x68, 0x75, 0x94, 0x27,
+        0xAE, 0xC2, 0x70, 0x11, 0x98, 0xC3, 0xC0, 0x5D,
+        0x38, 0x5D, 0xFA, 0xFD, 0x52, 0x8C, 0xCE, 0x84,
+        0x25, 0xBC, 0x55, 0x14, 0x69, 0xA0, 0xED, 0x68,
+        0x1B, 0xEE, 0x4D, 0x12, 0xA8, 0x43, 0xE3, 0x33,
+        0xB5, 0xA8, 0xE0, 0x51, 0x7F, 0xC6, 0x19, 0x06,
+        0xF9, 0xC4, 0xE7, 0x80, 0x9B, 0xAE, 0xD4, 0xD3,
+        0xD1, 0x6E, 0xB2, 0x2F, 0x1F, 0xA9, 0xAB, 0x40,
+        0x2D, 0x98, 0x8E, 0xD5, 0x9F, 0x9F, 0xED, 0x04,
+        0x55, 0xE9, 0x26, 0x0F, 0xD6, 0x27, 0xA2, 0x4A,
+        0x17, 0xFE, 0x7C, 0xB6, 0x3E, 0x53, 0x0B, 0x48,
+        0xF5, 0xFB, 0x66, 0x87, 0xA2, 0xE8, 0xC4, 0x9D,
+        0xA7, 0x9F, 0xBD, 0x69, 0xA3, 0x40, 0x00, 0x56,
+        0x66, 0x5D, 0xD1, 0x1D, 0x19, 0xA2, 0xBC, 0x4D,
+        0xB1, 0xD3, 0x74, 0xAB, 0x6A, 0x6E, 0x42, 0x47,
+        0x2A, 0x27, 0xAC, 0x6B, 0x98, 0xF6, 0x76, 0xE8,
+        0xED, 0xAA, 0xDD, 0x51, 0x4F, 0x6D, 0x44, 0xDE,
+        0xEC, 0xDA, 0xB5, 0xA6, 0xDF, 0xA0, 0xF8, 0x4F,
+        0x13, 0x9A, 0x80, 0x3A, 0x25, 0x24, 0xBF, 0x33,
+        0x5D, 0xC5, 0x2E, 0xA5, 0x8F, 0xA5, 0x0D, 0x98,
+        0xFB, 0x5C, 0xD5, 0x5D, 0x5D, 0x50, 0xA6, 0x63,
+        0xCF, 0x64, 0x7E, 0xEE, 0x56, 0xFE, 0x8E, 0x66,
+        0x4B, 0x3B, 0xCA, 0xF9, 0xE3, 0x33, 0x97, 0x8A,
+        0x79, 0x46, 0x97, 0x3F, 0xD1, 0x13, 0xE4, 0xFD,
+        0x39, 0x24, 0xE6, 0xC0, 0x9E, 0x60, 0x38, 0x64,
+        0x44, 0x21, 0x4D, 0xFA, 0x7A, 0x4D, 0x67, 0x1F,
+        0xC2, 0x38, 0x90, 0x63, 0x7E, 0xB8, 0x59, 0x13,
+        0x4D, 0x79, 0xE2, 0x65, 0xC5, 0x9C, 0xA3, 0xEC,
+        0xCD, 0xDF, 0xA0, 0x18, 0x22, 0x3C, 0x9B, 0xAE,
+        0x1C, 0xCA, 0x10, 0x39, 0x62, 0x07, 0x8B, 0xC5,
+        0xF0, 0xDD, 0x02, 0x24, 0x6F, 0xA2, 0x83, 0x24,
+        0xF7, 0xCB, 0x2F, 0xCF, 0xAD, 0x07, 0xC2, 0x5B,
+        0x4B, 0xC2, 0xD8, 0x88, 0x06, 0x9B, 0x0C, 0xF5,
+        0xF2, 0x3C, 0x76, 0x1C, 0x0E, 0x47, 0x10, 0x98,
+        0x81, 0xCD, 0x31, 0x45, 0x6A, 0x64, 0xB9, 0x40,
+        0xB4, 0xBB, 0x9B, 0x4C, 0x2C, 0x3B, 0x8E, 0x6B,
+        0xA8, 0x34, 0xAA, 0xAE, 0x69, 0xFD, 0xFC, 0x47,
+        0xD4, 0x4B, 0x3C, 0x96, 0x88, 0x7A, 0xBE, 0xD3,
+        0x60, 0x15, 0xE7, 0xB6, 0x4E, 0x85, 0x42, 0x92,
+        0x8F, 0x27, 0x7C, 0xBD, 0x2D, 0x3C, 0x51, 0x2C,
+        0x24, 0xDE, 0xEF, 0xE5, 0x90, 0xE8, 0x1C, 0x68,
+        0x4E, 0x06, 0x3E, 0x7A, 0xAD, 0xCF, 0x11, 0x7B,
+        0x48, 0x94, 0x3D, 0xB7, 0x71, 0xFC, 0x22, 0x07,
+        0xF5, 0x7A, 0x74, 0x53, 0x57, 0x55, 0x5D, 0x41,
+        0x9C, 0x9C, 0xDC, 0xA3, 0x5C, 0xC1, 0xA7, 0x10,
+        0x0A, 0x69, 0x13, 0xA3, 0xB6, 0xAA, 0xCF, 0x79,
+        0x6F, 0xE3, 0xF9, 0x4D, 0xD2, 0xF8, 0x18, 0x98,
+        0x27, 0x16, 0xCE, 0x03, 0x16, 0x54, 0x2A, 0x1B,
+        0x95, 0x7E, 0x12, 0xDA, 0x43, 0xE2, 0x31, 0x54,
+        0x2C, 0xC1, 0x4F, 0xCC, 0x66, 0xD7, 0x28, 0xA6,
+        0x83, 0x26, 0xB2, 0xBC, 0x31, 0x12, 0x48, 0x33,
+        0x0F, 0x3E, 0x98, 0xF8, 0x1E, 0xA3, 0x8C, 0xA9,
+        0x24, 0xA8, 0xE4, 0xDA, 0x97, 0xCF, 0x67, 0x38,
+        0x42, 0xC7, 0x59, 0xF9, 0x35, 0xBE, 0x88, 0x16,
+        0x3C, 0xE9, 0x7F, 0xE4, 0xD9, 0x45, 0x71, 0x76,
+        0xF5, 0xB8, 0x90, 0x8A, 0xF9, 0x48, 0xF7, 0x4D,
+        0x5D, 0x1D, 0xDB, 0xC5, 0x21, 0x82, 0x5D, 0x93,
+        0x1C, 0x63, 0xCA, 0x8A, 0x8E, 0x12, 0x24, 0x26,
+        0x26, 0x30, 0x5A, 0xB6, 0xA2, 0xE0, 0x62, 0x45,
+        0x64, 0xEE, 0x04, 0x19, 0x83, 0xC1, 0x8C, 0x29,
+        0x52, 0xEC, 0x3D, 0x9D, 0x15, 0x9B, 0xDE, 0x39,
+        0x85, 0xCF, 0x77, 0x89, 0x7E, 0xE2, 0xDC, 0x88,
+        0x81, 0x12, 0x72, 0x1D, 0x48, 0x54, 0xE9, 0x14,
+        0xA5, 0x39, 0x7E, 0x08, 0xB5, 0x4F, 0x4A, 0x54,
+        0x32, 0x3F, 0xF8, 0x20, 0x82, 0x1B, 0xE0, 0x26,
+        0xEA, 0x09, 0x1E, 0xCA, 0x6B, 0x7D, 0x80, 0xD9,
+        0x1E, 0x3D, 0xCA, 0x2E, 0xF7, 0x84, 0x8B, 0x86,
+        0xFC, 0xA6, 0xBB, 0x40, 0xCE, 0x48, 0x27, 0x1E,
+        0x10, 0x08, 0x36, 0x8E, 0x3E, 0xBB, 0x5E, 0x39,
+        0x5E, 0x1C, 0xCD, 0x0D, 0x17, 0x8F, 0x1A, 0x62,
+        0x57, 0xD2, 0x6B, 0x6B, 0xA4, 0xB7, 0xCE, 0x53,
+        0x2C, 0xAA, 0x1E, 0x76, 0xCE, 0x28, 0xFA, 0x4C,
+        0xF9, 0xE0, 0x29, 0xE2, 0x48, 0x2B, 0x94, 0xD3,
+        0xAC, 0xF9, 0x7A, 0x32, 0x6D, 0x23, 0x5D, 0x1B,
+        0xDC, 0x89, 0xF7, 0x00, 0x02, 0x19, 0x84, 0x51,
+        0xD9, 0xF1, 0xF1, 0x2C, 0xCD, 0x5B, 0xCA, 0xEC,
+        0xDD, 0xE9, 0xE1, 0x4A, 0xC8, 0x07, 0x42, 0xEB,
+        0x31, 0xE6, 0x46, 0x4C, 0x83, 0x21, 0x0A, 0x39,
+        0xF3, 0x50, 0x98, 0xBE, 0x03, 0x78, 0xD0, 0x74,
+        0xCE, 0x1C, 0xCD, 0x1E, 0xBC, 0x1C, 0x77, 0x70,
+        0xF7, 0x78, 0xD6, 0x05, 0xF2, 0xBE, 0x59, 0xDB,
+        0x7E, 0xA0, 0x7D, 0x80, 0xCC, 0xDF, 0x55, 0xF1,
+        0x6E, 0x98, 0x5B, 0x14, 0x2F, 0xB7, 0xBD, 0xA0,
+        0x7A, 0xA7, 0xDC, 0xA5, 0xB2, 0x01, 0xE1, 0x95,
+        0x0C, 0xF9, 0xA7, 0x28, 0xF2, 0x1E, 0x9A, 0x9D,
+        0x8A, 0xC4, 0xD1, 0x32, 0x7E, 0x3B, 0xC0, 0xFF,
+        0x33, 0x9A, 0x25, 0x05, 0x22, 0xF6, 0x31, 0xDF,
+        0x2E, 0x75, 0x95, 0x51, 0x54, 0x89, 0x3E, 0x4A,
+        0x1A, 0xAF, 0x98, 0x66, 0xFE, 0xE1, 0x63, 0x7E,
+        0xE1, 0xAA, 0x51, 0x06, 0xD2, 0x44, 0xE9, 0x9E,
+        0x6F, 0x31, 0xFC, 0x56, 0x01, 0xBB, 0x7B, 0x79,
+        0xBA, 0xD8, 0x28, 0x60, 0xB1, 0xD6, 0x05, 0x9D,
+        0x9B, 0x13, 0x2E, 0x02, 0x64, 0x18, 0x02, 0x0D,
+        0xB0, 0x6E, 0xB8, 0x39, 0x1F, 0xA1, 0x5B, 0x7A,
+        0x0F, 0x29, 0xE3, 0x6D, 0x96, 0x6A, 0xBD, 0x3D,
+        0x2A, 0x2F, 0xF3, 0xF2, 0xAA, 0xC3, 0x4C, 0x8B,
+        0x45, 0xC7, 0xD2, 0x35, 0x5E, 0xDB, 0xB8, 0x0B,
+        0x22, 0x4B, 0xC1, 0x06, 0xEB, 0xC6, 0x75, 0x0E,
+        0x55, 0x07, 0x0F, 0x85, 0xA7, 0xCB, 0x60, 0x03,
+        0x39, 0x4E, 0x51, 0x61, 0xAE, 0x26, 0xF5, 0xAB,
+        0xF8, 0x3F, 0x0D, 0xCC, 0xCF, 0x69, 0xB8, 0x61,
+        0x39, 0xAF, 0x86, 0x94, 0xFE, 0x1D, 0xC0, 0x07,
+        0x81, 0xEA, 0xE0, 0x9C, 0xDB, 0x42, 0x18, 0x14,
+        0x87, 0x80, 0x43, 0xDC, 0x9B, 0x05, 0x30, 0xE5,
+        0x54, 0x5A, 0x16, 0x5E, 0x39, 0xA9, 0xB7, 0xDE,
+        0x88, 0xB4, 0xAD, 0x2A, 0xEB, 0x90, 0xD3, 0xC3,
+        0x29, 0x41, 0x2E, 0xD2, 0xFE, 0x1D, 0x97, 0xB7,
+        0x32, 0xC8, 0x43, 0x9D, 0xF4, 0xF8, 0x3D, 0x22,
+        0x88, 0x35, 0xB5, 0x38, 0xDC, 0x27, 0x8F, 0xF0,
+        0xA2, 0xDC, 0x42, 0xF4, 0x1B, 0x00, 0xCE, 0x3A,
+        0xCA, 0x06, 0xB0, 0x5C, 0x48, 0x39, 0xB8, 0x96,
+        0x93, 0x15, 0x15, 0xD7, 0x8E, 0xA3, 0x67, 0x3A,
+        0x37, 0x82, 0x79, 0xF4, 0xE8, 0x9C, 0xE0, 0x8E,
+        0x34, 0x53, 0xFF, 0x2F, 0xB4, 0x53, 0xBE, 0x03,
+        0x1C, 0x63, 0x18, 0x62, 0x8A, 0x73, 0x1D, 0x02,
+        0x9F, 0xC7, 0xBE, 0xA2, 0xBA, 0x5E, 0xAC, 0x49,
+        0x16, 0x27, 0x8B, 0x93, 0x8A, 0x6A, 0x6A, 0xCE,
+        0xF5, 0xBF, 0xE2, 0x15, 0x8F, 0x2A, 0xF4, 0x3D,
+        0x8E, 0x56, 0xA0, 0x64, 0x9D, 0xF2, 0x8A, 0x25,
+        0x0D, 0x2F, 0x25, 0x36, 0xAB, 0xDE, 0x1E, 0x00,
+        0x8E, 0xB6, 0x31, 0xF4, 0xBD, 0x0E, 0xB5, 0x55,
+        0x73, 0xA4, 0x05, 0x39, 0xA6, 0x00, 0x41, 0x81,
+        0xA9, 0xD2, 0xBF, 0x7A, 0x1E, 0x53, 0x50, 0x4F,
+        0x11, 0xE0, 0x14, 0x84, 0x07, 0x33, 0x84, 0x41,
+        0x31, 0xAC, 0x66, 0x89, 0x46, 0xE5, 0xB8, 0x27,
+        0x28, 0x9A, 0xB6, 0xB2, 0x13, 0x66, 0xC5, 0xD0,
+        0xE2, 0x64, 0x92, 0x19, 0xB9, 0x2C, 0x47, 0x60,
+        0xDF, 0xB7, 0x05, 0xF7, 0xF6, 0x1A, 0x96, 0x56,
+        0x4C, 0x9E, 0x84, 0x0D, 0x14, 0xB0, 0xBB, 0x0D,
+        0xA8, 0x2D, 0xA5, 0x0F, 0x8B, 0x8E, 0x75, 0x2B,
+        0xBF, 0xEA, 0x3B, 0x0A, 0x33, 0x7B, 0xE1, 0x24,
+        0xF7, 0x2D, 0x8F, 0x82, 0x49, 0x19, 0x5B, 0xC1,
+        0x9C, 0x3E, 0x0B, 0x62, 0xEA, 0xE4, 0x96, 0xD3,
+        0x8C, 0xF7, 0x50, 0x0B, 0x4F, 0x10, 0x66, 0x5F,
+        0xC2, 0xD2, 0x8B, 0x9E, 0xA9, 0x35, 0xF7, 0xE3,
+        0x16, 0x47, 0x2F, 0x4F, 0xF4, 0x01, 0x26, 0x75,
+        0x41, 0xBD, 0xB6, 0x23, 0x01, 0x55, 0x4B, 0x20,
+        0x09, 0x92, 0x8C, 0x64, 0x45, 0xBB, 0xD0, 0xEF,
+        0x21, 0xD0, 0x99, 0x72, 0xF3, 0x50, 0x81, 0xAB,
+        0xA9, 0x09, 0x1A, 0x6C, 0x23, 0xFE, 0xD2, 0x9F,
+        0x5C, 0xF9, 0xE0, 0x77, 0x9F, 0x7E, 0xFB, 0xAD,
+        0x88, 0xE6, 0x2A, 0x45, 0x44, 0x42, 0xB3, 0x00,
+        0x79, 0xBE, 0x0A, 0xC9, 0xC6, 0x48, 0x26, 0xB9,
+        0x8C, 0x1E, 0x10, 0x01, 0xCB, 0x0F, 0xB0, 0xF0,
+        0xA9, 0x5F, 0x79, 0x65, 0xFE, 0x93, 0x12, 0xBF,
+        0xDA, 0xEC, 0x33, 0xF9, 0x50, 0x65, 0xC8, 0xE5,
+        0x9D, 0x39, 0x50, 0xF8, 0x0A, 0xDC, 0x7F, 0xB3,
+        0x34, 0xF2, 0x02, 0xD3, 0xE5, 0xF8, 0xDA, 0x48,
+        0x1C, 0x9B, 0x54, 0xA7, 0x59, 0x83, 0x93, 0x0F,
+        0xD1, 0xE5, 0xAC, 0xD1, 0x62, 0x84, 0xF0, 0x71,
+        0x93, 0xFB, 0xCB, 0x50, 0xD0, 0xDC, 0x00, 0xEF,
+        0xF8, 0x20, 0x31, 0x44, 0xC1, 0x1E, 0xC6, 0x14,
+        0x20, 0xFC, 0x32, 0xD7, 0x98, 0x2C, 0xE8, 0x96,
+        0x40, 0x6B, 0xE7, 0x69, 0xA7, 0x5D, 0xD8, 0xD3,
+        0xCA, 0xC7, 0x53, 0xAB, 0xE5, 0xA2, 0x78, 0x65,
+        0x5B, 0xF5, 0x4B, 0xE3, 0x3A, 0x1B, 0x83, 0x74,
+        0xEB, 0xEE, 0xFF, 0x21, 0x2C, 0x39, 0xCE, 0x51,
+        0x46, 0x68, 0xF1, 0xC4, 0x56, 0xEA, 0xA2, 0x53,
+        0x28, 0x28, 0xC8, 0x42, 0x93, 0xF1, 0xA5, 0xBC,
+        0x9E, 0xB5, 0xDE, 0xDF, 0x55, 0x8A, 0x9B, 0x4C,
+        0x12, 0x39, 0xF7, 0x72, 0x72, 0xC6, 0x7E, 0x1A,
+        0xB2, 0x8E, 0x1E, 0xFE, 0xC5, 0x89, 0x3E, 0x09,
+        0xC1, 0x06, 0x62, 0xB5, 0x3C, 0x8B, 0x82, 0x55,
+        0xB1, 0xC8, 0xDC, 0x8F, 0x8E, 0x51, 0x20, 0xA2,
+        0x5C, 0x75, 0xEE, 0xFE, 0x79, 0xC4, 0x3F, 0x7A,
+        0x8B, 0x37, 0xDF, 0x9D, 0x1E, 0x4F, 0x32, 0x48,
+        0x69, 0x33, 0xDA, 0x1C, 0xB0, 0x66, 0x4C, 0x5D,
+        0xB3, 0x9E, 0x21, 0xBC, 0x22, 0x7B, 0x0C, 0xDF,
+        0xE7, 0xA5, 0x50, 0x7F, 0x07, 0xF2, 0x18, 0xA7,
+        0xA4, 0x7D, 0xEB, 0xCD, 0x9D, 0xAD, 0x72, 0x47,
+        0xB4, 0xD0, 0x45, 0xA1, 0x3A, 0xD4, 0xF7, 0x5E,
+        0xAD, 0x2D, 0x45, 0xC3, 0x39, 0xD0, 0xDF, 0x04,
+        0x57, 0x7F, 0x2E, 0x0F, 0xDC, 0x78, 0x03, 0x92,
+        0x55, 0x30, 0x33, 0xC7, 0x38, 0x85, 0x2B, 0x1B,
+        0xE4, 0xE6, 0x3E, 0xA3, 0x89, 0x7D, 0x6C, 0x9C,
+        0x4B, 0x11, 0xAD, 0x6B, 0x58, 0xD3, 0xE2, 0xD3,
+        0x42, 0xD3, 0x28, 0x40, 0xF6, 0x49, 0xDD, 0x83,
+        0xE7, 0x59, 0x86, 0x6B, 0x73, 0x81, 0xA8, 0x4C,
+        0x8A, 0xDD, 0xDF, 0x41, 0x3F, 0xAE, 0x18, 0xE6,
+        0x43, 0x1B, 0x1E, 0xEA, 0x73, 0xA5, 0x6C, 0xD8,
+        0x89, 0xB7, 0x6B, 0xC9, 0x78, 0x6B, 0xED, 0xED,
+        0xCA, 0x25, 0x41, 0xE4, 0xC9, 0xB2, 0x4E, 0x28,
+        0xF5, 0x8A, 0xD3, 0x74, 0xC1, 0xD9, 0x3D, 0xF2,
+        0xD3, 0xF2, 0xC3, 0x7E, 0xC5, 0x94, 0xA0, 0x49,
+        0x8C, 0x57, 0x45, 0x79, 0xA7, 0x33, 0x2F, 0x72,
+        0xC0, 0xF9, 0x75, 0x08, 0x77, 0xFA, 0xD5, 0xB9,
+        0x0B, 0x96, 0x8D, 0x88, 0xF1, 0x16, 0x82, 0xC4,
+        0x07, 0x1E, 0x4E, 0xA3, 0x8B, 0x81, 0x6A, 0xEA,
+        0xD6, 0xBE, 0x54, 0xD2, 0xF3, 0x71, 0x32, 0x4F,
+        0x24, 0x75, 0xB8, 0x62, 0xC7, 0x54, 0x24, 0xEC,
+        0xF9, 0x85, 0x8A, 0xA4, 0xE2, 0x00, 0xCF, 0xBA,
+        0x41, 0x2D, 0x7E, 0x3E, 0x6C, 0x30, 0x8D, 0x8D,
+        0xE1, 0x1D, 0xD1, 0x85, 0x33, 0x1A, 0xF9, 0xD4,
+        0x1A, 0xFE, 0x88, 0x79, 0x96, 0x5D, 0x67, 0x46,
+        0xEF, 0x21, 0xFD, 0x98, 0xD3, 0xED, 0x38, 0x06,
+        0xFB, 0x5C, 0x46, 0x19, 0xC9, 0x8E, 0x34, 0x7D,
+        0x76, 0xB8, 0xB8, 0x98, 0x49, 0x39, 0x55, 0x61,
+        0xEE, 0x28, 0x6D, 0xFD, 0xFC, 0x6A, 0x04, 0xE1,
+        0xD4, 0x7E, 0x9F, 0x5B, 0x5B, 0x49, 0x25, 0x77,
+        0x84, 0xC3, 0x93, 0x64, 0xDF, 0xA8, 0x8A, 0xD6,
+        0x30, 0xDF, 0xA5, 0x9C, 0xCA, 0x32, 0x37, 0xF4,
+        0xA2, 0xB1, 0x41, 0xA8, 0x13, 0xD2, 0x2C, 0x6F,
+        0xFE, 0x73, 0xC2, 0xD9, 0x9A, 0xDC, 0x82, 0x4D,
+        0x93, 0xE0, 0x6A, 0x54, 0xB6, 0xDE, 0x62, 0xC3,
+        0x12, 0x5D, 0x94, 0xB4, 0x9E, 0x95, 0x0D, 0xEC,
+        0x36, 0x1F, 0x96, 0x1F, 0x56, 0xD3, 0x67, 0x1C,
+        0x99, 0x25, 0x37, 0x7F, 0x6E, 0x67, 0x06, 0x65,
+        0x32, 0x2B, 0x84, 0x89, 0xE8, 0x33, 0xD3, 0x83,
+        0x0E, 0xCC, 0xDD, 0x0F, 0x53, 0xF4, 0xA4, 0xF9,
+        0xD6, 0x8F, 0x14, 0x45, 0xF3, 0xAE, 0xD5, 0xC9,
+        0xD7, 0x66, 0x40, 0x9B, 0x59, 0xBA, 0xE7, 0xA7,
+        0x29, 0x12, 0xE9, 0x8B, 0x3B, 0xB5, 0x73, 0x42,
+        0xD2, 0x9B, 0x6A, 0xCF, 0xD1, 0x43, 0x36, 0xB7,
+        0xB8, 0xB6, 0xB7, 0x54, 0x9A, 0xF8, 0xCC, 0x88,
+        0x45, 0xE1, 0x0C, 0x28, 0x11, 0x28, 0x72, 0x81,
+        0x98, 0x5D, 0x5D, 0x47, 0x68, 0x5F, 0xC5, 0x89,
+        0xF2, 0x67, 0x8E, 0xD8, 0x93, 0xF5, 0x7B, 0x85,
+        0xAC, 0xED, 0x75, 0x63, 0x2E, 0x50, 0xDE, 0x5E,
+        0x07, 0x4E, 0x6C, 0xED, 0xCF, 0x1A, 0xD4, 0x99,
+        0xBC, 0xE6, 0x7A, 0x7F, 0x49, 0x85, 0x64, 0xDE,
+        0xEC, 0x67, 0x7C, 0x70, 0x83, 0x88, 0xDE, 0x8F,
+        0xD7, 0xB0, 0x99, 0xCF, 0xC1, 0x16, 0x09, 0x6C,
+        0x45, 0xFE, 0x28, 0x89, 0x0B, 0x5E, 0xAF, 0x06,
+        0x16, 0x99, 0x39, 0xFD, 0xA3, 0x5E, 0x12, 0x15,
+        0xF2, 0x38, 0xE8, 0xCD, 0xED, 0xFE, 0x67, 0x00,
+        0x65, 0xF5, 0xDE, 0x32, 0x72, 0xA2, 0x32, 0xFD,
+        0x53, 0xC2, 0x50, 0xF5, 0xD7, 0x79, 0xB3, 0x16,
+        0x94, 0xFB, 0xA9, 0x1B, 0x55, 0x48, 0x03, 0x67,
+        0x6E, 0x4D, 0xEA, 0x28, 0x84, 0x63, 0xFE, 0x10,
+        0x63, 0x00, 0x9E, 0x9C, 0xB7, 0x6C, 0x31, 0x7D,
+        0xB4, 0x00, 0xAC, 0xF4, 0xD2, 0xD2, 0xB6, 0xD1,
+        0x6E, 0xDE, 0xBA, 0x41, 0x08, 0x91, 0x3F, 0x60,
+        0xAE, 0xB2, 0x52, 0xCD, 0xE4, 0x13, 0x69, 0x0C,
+        0xEE, 0xFD, 0xCF, 0xA6, 0x38, 0x96, 0x3D, 0xBD,
+        0x04, 0xF4, 0xCF, 0x21, 0xAD, 0x74, 0xDD, 0xE6,
+        0x5F, 0x0F, 0x1E, 0x7C, 0xE7, 0x0A, 0xF1, 0x01,
+        0xA6, 0xDE, 0x9A, 0x59, 0xDB, 0x21, 0xD3, 0x80,
+        0x27, 0xDB, 0xBF, 0x76, 0x16, 0x78, 0x27, 0x95,
+        0x0B, 0x69, 0x41, 0x82, 0x66, 0xAF, 0xA4, 0x44,
+        0xC7, 0x28, 0xDE, 0x36, 0x24, 0xA1, 0xC8, 0x1E,
+        0x5B, 0x16, 0x41, 0xDB, 0xE8, 0x79, 0xCD, 0x82,
+        0x2F, 0xB2, 0x30, 0x3C, 0xC3, 0xA9, 0xFC, 0xEE,
+        0xFE, 0x3D, 0xDF, 0x7D, 0xBD, 0x0B, 0x70, 0x57,
+        0x24, 0x8A, 0x28, 0xD6, 0x06, 0x2D, 0x76, 0xEB,
+        0x13, 0xB9, 0x2C, 0x9C, 0x9D, 0x00, 0x3B, 0x69,
+        0xE1, 0x84, 0x2A, 0x54, 0xC0, 0x9C, 0xF6, 0xB4,
+        0x84, 0x52, 0x08, 0x15, 0xE2, 0xBB, 0x23, 0x72,
+        0x88, 0xC6, 0x4F, 0xC6, 0x96, 0xFD, 0x3B, 0xC4,
+        0x5D, 0xB3, 0x0C, 0xB8, 0x64, 0x65, 0xDF, 0x11,
+        0x88, 0xBF, 0x47, 0x95, 0x6E, 0x5B, 0x91, 0x6A,
+        0x80, 0x09, 0x71, 0x5C, 0xC9, 0xA9, 0xA6, 0xDC,
+        0xE4, 0x4C, 0x54, 0xF9, 0x28, 0x81, 0x6B, 0x41,
+        0xD0, 0x18, 0xC5, 0xFE, 0x65, 0x2F, 0xFE, 0x4E,
+        0x33, 0xF3, 0x52, 0xD3, 0x83, 0xA9, 0xC1, 0x36,
+        0x5F, 0x02, 0xAB, 0xFD, 0x64, 0x7B, 0xD6, 0xB4,
+        0x2A, 0xD1, 0x63, 0x73, 0x0F, 0x8B, 0xFD, 0xA1,
+        0xE2, 0xBE, 0x5F, 0x61, 0x4D, 0x79, 0x59, 0x78,
+        0x25, 0xBA, 0x09, 0xF4, 0x57, 0xD3, 0xCB, 0xE7,
+        0x56, 0x1E, 0x7E, 0x89, 0xEA, 0xF0, 0x59, 0xE9,
+        0x77, 0xD1, 0xEE, 0x88, 0x84, 0x8B, 0x78, 0x1F,
+        0x21, 0xF7, 0x23, 0x89, 0x0F, 0xF1, 0xF9, 0x87,
+        0x39, 0x28, 0x41, 0x2C, 0x8F, 0x11, 0xEE, 0xDD,
+        0x2C, 0x0C, 0x39, 0xC9, 0x51, 0x27, 0x90, 0x98,
+        0x6A, 0x19, 0xE1, 0x7B, 0x2B, 0x70, 0xA4, 0xD7,
+        0xCF, 0x49, 0xD9, 0xD1, 0x8C, 0xAA, 0x0C, 0x20,
+        0x23, 0x13, 0x4C, 0xAC, 0xD1, 0x69, 0x20, 0x0D,
+        0x88, 0x17, 0xFA, 0x32, 0x1F, 0x04, 0xAC, 0xC9,
+        0x10, 0x61, 0x3D, 0xFF, 0x25, 0x0E, 0xB3, 0x25,
+        0xDB, 0xEF, 0x29, 0xEB, 0x56, 0x11, 0xB2, 0xAD,
+        0x2A, 0x23, 0xED, 0xD5, 0x38, 0x04, 0x9B, 0x3F,
+        0x43, 0xEF, 0xEB, 0x4D, 0x60, 0x98, 0x37, 0x92,
+        0xB4, 0xBF, 0x05, 0x56, 0x79, 0x44, 0xAA, 0xDB,
+        0x7A, 0xC4, 0xD3, 0xA5, 0xD8, 0x0A, 0x1B, 0x9D,
+        0x84, 0x48, 0xB4, 0xC0, 0xC1, 0x15, 0xC3, 0xB5,
+        0xAD, 0x38, 0x85, 0x35, 0x3F, 0x47, 0xD5, 0xFC,
+        0xB9, 0xB7, 0xD6, 0x44, 0x6F, 0x1A, 0x72, 0x10,
+        0xBB, 0xC6, 0x67, 0xFC, 0x41, 0x14, 0x15, 0xF2,
+        0x3C, 0xD4, 0x0A, 0x2A, 0x3D, 0x64, 0x06, 0x1D,
+        0x71, 0xC6, 0x71, 0x91, 0x57, 0x1A, 0x97, 0xD0,
+        0x10, 0x88, 0xA2, 0x4B, 0x67, 0x11, 0x56, 0x7F,
+        0xC8, 0x91, 0x06, 0x73, 0x2D, 0x88, 0x92, 0xFF,
+        0x98, 0x5B, 0x8E, 0x6C, 0xF7, 0x01, 0x63, 0x82,
+        0x9C, 0xC0, 0x85, 0xBE, 0x4E, 0x40, 0x83, 0x15,
+        0x36, 0x1B, 0xB1, 0xB2, 0x00, 0x3D, 0x64, 0x13,
+        0x22, 0x0B, 0x13, 0x45, 0x06, 0xD3, 0xC3, 0x04,
+        0xC0, 0xBB, 0xBA, 0x9C, 0x9C, 0x45, 0xD3, 0x65,
+        0x1E, 0x05, 0x71, 0xB6, 0xB1, 0x15, 0x17, 0x72,
+        0x13, 0xD8, 0x59, 0x5E, 0x14, 0x3D, 0xB9, 0x0B,
+        0xD7, 0x2F, 0x7E, 0xB9, 0x74, 0xD8, 0xD0, 0xA0,
+        0x31, 0x74, 0x09, 0xD6, 0x4D, 0x58, 0x37, 0xEA,
+        0xEC, 0x9B, 0x8D, 0x44, 0xDD, 0x7E, 0xCF, 0xF6,
+        0xCD, 0xA9, 0xF7, 0x29, 0x38, 0x2A, 0x43, 0xB3,
+        0x79, 0xCB, 0xDD, 0x43, 0xFF, 0xB1, 0x8A, 0xEA,
+        0x35, 0xC1, 0xA9, 0x96, 0xCE, 0xF1, 0x48, 0x8D,
+        0x3B, 0x7A, 0x81, 0xEE, 0x7C, 0xFC, 0x0B, 0x96,
+        0x23, 0x41, 0x8A, 0xB3, 0x91, 0x9A, 0x6E, 0xDD,
+        0xB9, 0x9F, 0x22, 0x2F, 0x0D, 0xDD, 0xB2, 0xF3,
+        0x2A, 0x20, 0xC8, 0xF8, 0x4F, 0xBF, 0x4C, 0x49,
+        0xB4, 0xCB, 0x3E, 0xB5, 0x0D, 0x9C, 0x4C, 0xD2,
+        0x5A, 0x6F, 0x71, 0x75, 0x46, 0x70, 0x66, 0xD2,
+        0x5E, 0x64, 0x37, 0xB6, 0x7F, 0x2D, 0xBC, 0x70,
+        0xC2, 0xE6, 0xEB, 0x0B, 0xDE, 0x23, 0x86, 0xD0,
+        0x30, 0x14, 0xA7, 0x89, 0xFB, 0x6D, 0xC0, 0x8E,
+        0xE3, 0x3C, 0x0C, 0x67, 0x95, 0x1D, 0xA9, 0xD7,
+        0x4B, 0x9C, 0x94, 0x84, 0x5D, 0x2A, 0x99, 0x03,
+        0x7E, 0x09, 0x5F, 0xEF, 0x79, 0x19, 0x92, 0x0F,
+        0xE5, 0x26, 0xEB, 0x5D, 0xD0, 0xBA, 0x1F, 0x97,
+        0xDF, 0xBD, 0x2D, 0xDC, 0x31, 0x60, 0x9C, 0x1B,
+        0x7B, 0x45, 0xEC, 0x3A, 0xDB, 0x58, 0x6F, 0xE3,
+        0x03, 0x0A, 0x0C, 0x7A, 0x9D, 0xD0, 0x34, 0xA3,
+        0xC2, 0xE6, 0xF9, 0x84, 0x90, 0x93, 0xCE, 0xE1,
+        0x0A, 0x18, 0x19, 0x53, 0x54, 0x7F, 0x8B, 0xE3,
+        0x28, 0x72, 0x0A, 0x4A, 0x5A, 0x82, 0x90, 0xB5,
+        0xEE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06,
+        0x0B, 0x10, 0x18, 0x1A, 0x21
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte pk_87[] = {
+        0x59, 0xB2, 0x37, 0x1F, 0xE7, 0xBA, 0xCC, 0x20,
+        0x7F, 0xE1, 0xFE, 0xE8, 0x8A, 0x8B, 0x38, 0x05,
+        0xA7, 0x05, 0x28, 0x65, 0x69, 0x17, 0x89, 0xBB,
+        0x90, 0x54, 0x2F, 0xA4, 0x7F, 0x7E, 0xF2, 0xB7,
+        0x5F, 0xCA, 0x13, 0xDB, 0xA5, 0x88, 0x8B, 0xEC,
+        0x32, 0x05, 0x14, 0xDC, 0xB0, 0x5F, 0xD2, 0x6E,
+        0xB5, 0x54, 0x1F, 0x6E, 0x57, 0x2E, 0xCE, 0xA6,
+        0xC4, 0xF1, 0xD3, 0x8A, 0xA7, 0x02, 0x59, 0x09,
+        0x4A, 0xA9, 0x45, 0xF1, 0x9F, 0xED, 0x0D, 0x98,
+        0x0E, 0x65, 0xDB, 0xF6, 0x5D, 0xB8, 0x0F, 0x56,
+        0x4F, 0xE2, 0x9D, 0x83, 0x6C, 0x54, 0x79, 0x28,
+        0x8B, 0x55, 0xCF, 0x07, 0xF4, 0xE0, 0x01, 0x59,
+        0xB6, 0x95, 0x5D, 0xAB, 0xDE, 0xCC, 0x8C, 0x4D,
+        0x66, 0xAE, 0x68, 0x87, 0x28, 0xBA, 0x6D, 0x5C,
+        0x04, 0x42, 0xF3, 0xC1, 0x23, 0x2C, 0x78, 0x2C,
+        0x46, 0x5B, 0x9B, 0x7C, 0x50, 0x14, 0xB1, 0x46,
+        0x40, 0x65, 0xCC, 0xD8, 0xA5, 0x6D, 0x6B, 0x1C,
+        0x16, 0x51, 0x08, 0x69, 0xE0, 0x14, 0xE6, 0x93,
+        0x39, 0x98, 0xEF, 0x72, 0x55, 0x20, 0xB4, 0x00,
+        0x91, 0x3D, 0x93, 0xB0, 0xEC, 0x75, 0xE2, 0xFB,
+        0x72, 0x5D, 0xC1, 0xAE, 0xC0, 0xC0, 0xCC, 0x73,
+        0x43, 0xB9, 0xE5, 0x44, 0xBA, 0xA4, 0xD6, 0x79,
+        0x86, 0x0E, 0x34, 0x7B, 0x2E, 0x94, 0x7D, 0x8D,
+        0x24, 0x36, 0xF0, 0x92, 0x98, 0xA7, 0xBB, 0x83,
+        0x36, 0xB9, 0xDE, 0x9C, 0xFD, 0x5C, 0xDB, 0xCD,
+        0x91, 0xC7, 0x24, 0x92, 0x68, 0xCA, 0x03, 0xEF,
+        0xAC, 0x27, 0x3A, 0xF5, 0x29, 0x68, 0xD5, 0x01,
+        0x40, 0x6C, 0xD9, 0xC9, 0x61, 0x59, 0xD7, 0xC1,
+        0x5A, 0xA2, 0x90, 0x03, 0x30, 0xC1, 0x18, 0x9C,
+        0xFC, 0x2C, 0xD8, 0xB9, 0x12, 0xC4, 0x80, 0xE4,
+        0x58, 0x29, 0x7E, 0xF1, 0x4D, 0xB6, 0x94, 0xA3,
+        0xF1, 0xE7, 0x2C, 0x1D, 0xFA, 0x3A, 0x3D, 0x2A,
+        0x8A, 0x69, 0xE0, 0x11, 0x60, 0x2B, 0x93, 0x02,
+        0x0B, 0xAC, 0xD1, 0xC2, 0xF3, 0xAD, 0x06, 0xC9,
+        0x5A, 0x7F, 0x36, 0xEB, 0xF5, 0x26, 0x1F, 0x6E,
+        0xC1, 0x06, 0x81, 0x6B, 0xB3, 0x30, 0x3C, 0xC0,
+        0x0B, 0xF4, 0xE8, 0x68, 0x8D, 0x2E, 0x85, 0x48,
+        0xF1, 0x04, 0x90, 0xD9, 0xEB, 0x23, 0xC5, 0x67,
+        0x93, 0xB3, 0x4B, 0x84, 0x06, 0xCB, 0xE4, 0x43,
+        0xD8, 0x35, 0x6B, 0xCD, 0x0F, 0x4F, 0x61, 0xD0,
+        0xD0, 0x17, 0xD5, 0x48, 0x31, 0xB9, 0xBA, 0x32,
+        0x9F, 0x89, 0x48, 0xF2, 0x5C, 0x31, 0x22, 0xF9,
+        0xDE, 0xDE, 0x8C, 0xEC, 0xBA, 0x51, 0x56, 0x9E,
+        0xDF, 0xFF, 0x89, 0x5F, 0xA0, 0x20, 0x86, 0x2C,
+        0x5D, 0xF7, 0x9F, 0x86, 0x40, 0x78, 0x48, 0x6B,
+        0x5F, 0xB2, 0x28, 0xFD, 0x78, 0x9C, 0x35, 0xFD,
+        0xE1, 0xC5, 0x4B, 0xFF, 0xBF, 0x4A, 0x02, 0x5A,
+        0x7F, 0xE7, 0xD8, 0xC3, 0x49, 0x0A, 0x5D, 0x4E,
+        0x62, 0xD0, 0x4F, 0x79, 0xF4, 0x18, 0x3C, 0xA6,
+        0x83, 0x79, 0xF4, 0x64, 0x8B, 0xD5, 0xB2, 0x41,
+        0x6D, 0xBE, 0x5B, 0x84, 0x5C, 0x9F, 0x4B, 0x7A,
+        0x7E, 0x23, 0x39, 0xC0, 0x50, 0x6D, 0x58, 0x53,
+        0x9E, 0xAE, 0xA9, 0x45, 0x1C, 0x9B, 0x2F, 0xE2,
+        0xA1, 0x8C, 0x84, 0x9D, 0xCA, 0x7E, 0xED, 0x9D,
+        0xAC, 0xC0, 0x58, 0xD0, 0x05, 0xFB, 0x73, 0x75,
+        0xC4, 0xEF, 0x45, 0xB0, 0x01, 0x54, 0x3F, 0xC6,
+        0x8E, 0x47, 0xDD, 0xB6, 0xD1, 0x4F, 0xF9, 0x37,
+        0xD1, 0xAA, 0x0D, 0x4D, 0x74, 0x89, 0xDF, 0xFA,
+        0x62, 0x10, 0x67, 0x9C, 0xCC, 0xEC, 0xF9, 0xB8,
+        0x55, 0x1D, 0xCF, 0x68, 0x2D, 0x2A, 0xF1, 0xE5,
+        0xBD, 0x86, 0x9F, 0x3E, 0x8D, 0x40, 0x0D, 0x5C,
+        0x86, 0x1A, 0xE5, 0x1F, 0xE7, 0xEB, 0xBB, 0x54,
+        0x57, 0xF2, 0xEA, 0xAF, 0xD0, 0x93, 0xA9, 0x59,
+        0x8E, 0xC7, 0x21, 0xC6, 0x93, 0x27, 0xC5, 0x19,
+        0x30, 0xF4, 0xB9, 0xFF, 0xB2, 0xAA, 0x7F, 0x1A,
+        0x28, 0x43, 0x6B, 0x6D, 0x80, 0x8D, 0x75, 0x39,
+        0x2B, 0xC4, 0x3C, 0x1B, 0x5B, 0x85, 0x9C, 0x66,
+        0xC5, 0x4F, 0xA5, 0x15, 0xC7, 0xA6, 0x15, 0xA6,
+        0x9E, 0x60, 0x92, 0x14, 0x34, 0xAA, 0x9C, 0xF9,
+        0xF9, 0xE0, 0x3C, 0x3C, 0xA3, 0x5B, 0x5E, 0xBC,
+        0x6A, 0x40, 0x9E, 0x82, 0x2F, 0xE7, 0x6E, 0x09,
+        0x24, 0xC6, 0xC0, 0x62, 0xF1, 0x72, 0x4C, 0x38,
+        0x2F, 0xF3, 0xC8, 0xAC, 0xB5, 0xC1, 0x66, 0x6C,
+        0x2E, 0xC2, 0x6B, 0x76, 0x28, 0xE3, 0xD7, 0xC1,
+        0x3D, 0xA8, 0xD7, 0x58, 0x89, 0x0E, 0x6C, 0xC0,
+        0x17, 0xB7, 0x89, 0x25, 0x82, 0xE9, 0x5E, 0xDD,
+        0x04, 0xBA, 0x93, 0x45, 0xDF, 0x70, 0xFA, 0xD5,
+        0x6E, 0xA6, 0x8B, 0xF8, 0x87, 0x5B, 0x93, 0x2C,
+        0x28, 0xB3, 0x28, 0x07, 0xC8, 0x63, 0x71, 0xE1,
+        0x7D, 0xCC, 0x04, 0x72, 0x5C, 0xB5, 0x97, 0xB5,
+        0x24, 0x46, 0x79, 0x63, 0xE1, 0xD4, 0xA6, 0x1B,
+        0x5F, 0xBF, 0x9E, 0xC5, 0x04, 0xD5, 0xDD, 0xB6,
+        0x17, 0x93, 0xDD, 0x4E, 0x34, 0xAE, 0x08, 0x2A,
+        0x59, 0x90, 0xEF, 0xCE, 0x80, 0x1E, 0x93, 0x8C,
+        0xCA, 0xE7, 0x38, 0xE0, 0x2E, 0x90, 0x59, 0x9D,
+        0x97, 0x1C, 0x2D, 0x7C, 0x64, 0xE5, 0xB6, 0xF8,
+        0x63, 0x9F, 0x75, 0x8E, 0xD6, 0x21, 0xC1, 0xF2,
+        0x10, 0x73, 0xC0, 0x3E, 0xDB, 0x78, 0x2C, 0x7A,
+        0x0F, 0x5D, 0x7C, 0x66, 0xF5, 0xCE, 0x16, 0x1D,
+        0xED, 0x55, 0xB3, 0xE9, 0x2D, 0xC2, 0x71, 0x83,
+        0xAB, 0x08, 0x3D, 0xBC, 0x1F, 0x39, 0x30, 0xAE,
+        0x56, 0xED, 0xB8, 0xC5, 0x3E, 0x9A, 0x7E, 0x02,
+        0x0F, 0xFF, 0x0C, 0x40, 0x42, 0xF5, 0x18, 0xB2,
+        0x6F, 0x39, 0x0C, 0x96, 0xC8, 0x18, 0x3B, 0x79,
+        0xB5, 0x3C, 0x7C, 0x7B, 0xC5, 0x15, 0x18, 0x7B,
+        0x3D, 0xE8, 0xCA, 0xB0, 0x87, 0x69, 0xC5, 0xDD,
+        0x6F, 0xF5, 0x49, 0x21, 0x12, 0xE8, 0xB0, 0xF2,
+        0x8D, 0x09, 0xF4, 0x06, 0x7A, 0xDB, 0x04, 0x19,
+        0x4F, 0x60, 0x25, 0x0E, 0x75, 0xAD, 0xE3, 0x31,
+        0xA5, 0xC2, 0x55, 0x93, 0xBC, 0xD9, 0x2A, 0x6D,
+        0x13, 0x50, 0x43, 0x95, 0x85, 0x86, 0x0B, 0xB6,
+        0xFE, 0xED, 0xBD, 0x2F, 0x83, 0x9F, 0x31, 0x7A,
+        0x01, 0x35, 0x88, 0x76, 0xC8, 0x8E, 0x89, 0x8A,
+        0xC0, 0xC8, 0x53, 0x78, 0xF5, 0x72, 0xF2, 0x3C,
+        0xDE, 0x93, 0x1D, 0x47, 0xDE, 0x71, 0xD3, 0x35,
+        0x3D, 0xAB, 0x1F, 0x81, 0x0A, 0x61, 0xB1, 0x8D,
+        0x24, 0xCD, 0x83, 0xDD, 0xAB, 0x8D, 0x53, 0xBA,
+        0x9C, 0x7B, 0x82, 0x74, 0xB0, 0xFE, 0x82, 0xAF,
+        0xF3, 0x0C, 0x57, 0x07, 0x2F, 0x64, 0x37, 0x87,
+        0xCA, 0x1D, 0xF0, 0x3B, 0x99, 0xEB, 0x57, 0xDB,
+        0xDA, 0x8C, 0x8E, 0xE8, 0xEB, 0x20, 0x1F, 0x28,
+        0x47, 0xCB, 0xC9, 0xD3, 0x4F, 0xD8, 0x0C, 0xE6,
+        0xBC, 0x5E, 0x1E, 0x32, 0x8E, 0xB6, 0xEF, 0xC8,
+        0x3C, 0x4B, 0xD9, 0xD5, 0x2F, 0x32, 0x4E, 0x30,
+        0xEE, 0x4B, 0x5E, 0x86, 0x35, 0x1E, 0x5C, 0x8C,
+        0x4C, 0x54, 0x56, 0x83, 0x6D, 0x5A, 0x45, 0x22,
+        0x03, 0xB3, 0xC3, 0x72, 0xC7, 0x87, 0xAE, 0x33,
+        0x32, 0xC8, 0xA5, 0xE9, 0xDC, 0x21, 0x97, 0xD9,
+        0xC3, 0x41, 0xB9, 0x75, 0x6B, 0xB1, 0xE6, 0x3C,
+        0x75, 0xBB, 0xD5, 0xCF, 0x3E, 0x5C, 0xD4, 0xBF,
+        0x47, 0xBD, 0x1F, 0xEB, 0xC3, 0xE3, 0x71, 0x09,
+        0x12, 0xD6, 0x30, 0x32, 0xF6, 0xB9, 0x7D, 0xC1,
+        0x9C, 0x4D, 0xE1, 0x96, 0xAC, 0xD9, 0x15, 0x77,
+        0x15, 0xE2, 0xC1, 0x4E, 0x05, 0x4A, 0x93, 0x17,
+        0xBF, 0x96, 0xA6, 0x84, 0xBB, 0x96, 0xCE, 0xFB,
+        0x7D, 0x8F, 0xDC, 0xA8, 0xAA, 0x47, 0x7A, 0x2A,
+        0xF6, 0xF7, 0x26, 0xD2, 0xCA, 0xC1, 0xA6, 0x03,
+        0xCF, 0x13, 0x60, 0xEC, 0x11, 0xCA, 0x89, 0x7E,
+        0x5B, 0xC7, 0x35, 0xAB, 0x69, 0xB8, 0x64, 0x7F,
+        0x30, 0xCE, 0xD4, 0x94, 0x7B, 0xA9, 0xF6, 0x35,
+        0xD9, 0xCB, 0x2D, 0x82, 0xA6, 0x62, 0xFF, 0x17,
+        0xA0, 0xE1, 0x2D, 0x4D, 0x06, 0xD6, 0x41, 0xEE,
+        0x76, 0xEB, 0x8B, 0x45, 0xC7, 0x1E, 0xDE, 0x38,
+        0xC9, 0x05, 0xC5, 0x2B, 0xE7, 0x6C, 0x61, 0x09,
+        0xF2, 0x61, 0x2F, 0xEE, 0x6C, 0x31, 0x94, 0x46,
+        0x5C, 0x19, 0xBA, 0x5D, 0x3E, 0xBC, 0xF1, 0xF0,
+        0xB5, 0xE5, 0x34, 0xE0, 0xF0, 0xF1, 0xD3, 0x1C,
+        0xB1, 0xE7, 0xA3, 0x6C, 0x43, 0x03, 0xF2, 0x83,
+        0xDB, 0xA8, 0x59, 0x1C, 0xC6, 0x09, 0x31, 0x1A,
+        0x80, 0x9E, 0x44, 0x4E, 0x33, 0xA8, 0x93, 0x88,
+        0x0C, 0xDB, 0xAE, 0x29, 0x11, 0x91, 0x46, 0xA3,
+        0x68, 0xE4, 0xD2, 0xED, 0xD9, 0x1F, 0xE4, 0x71,
+        0x64, 0x7F, 0xFE, 0x82, 0x1A, 0xA6, 0xD3, 0x1C,
+        0x9F, 0xA4, 0x96, 0x95, 0xEB, 0x99, 0x41, 0xB0,
+        0x8F, 0x7B, 0xE3, 0xF0, 0x6C, 0xDD, 0xF2, 0x73,
+        0x9B, 0x8C, 0xAD, 0x2A, 0xB0, 0xDA, 0x4F, 0x5A,
+        0x3C, 0x0A, 0x26, 0xDF, 0x6A, 0x17, 0xB1, 0x37,
+        0xCA, 0xAB, 0x3B, 0x91, 0x9A, 0xB6, 0x36, 0xD6,
+        0xC8, 0x9B, 0xED, 0xA3, 0x05, 0x88, 0x98, 0x62,
+        0x87, 0x21, 0xF2, 0x77, 0x03, 0x15, 0xFE, 0xEE,
+        0x88, 0x15, 0x95, 0xE2, 0x4C, 0xF4, 0x8B, 0x44,
+        0x16, 0x60, 0xD0, 0xB2, 0xE9, 0xD5, 0xB9, 0x09,
+        0x28, 0xC3, 0x81, 0xF2, 0xB0, 0xFA, 0x26, 0x34,
+        0x2E, 0x4C, 0x9B, 0x88, 0xC0, 0x88, 0x7A, 0x46,
+        0x87, 0x12, 0x4C, 0x01, 0x2D, 0x96, 0x9E, 0x1A,
+        0xFD, 0x85, 0x32, 0x75, 0x4B, 0xA1, 0x21, 0x25,
+        0xE9, 0x43, 0x3D, 0xCF, 0x6D, 0x7B, 0xC1, 0xA3,
+        0x6A, 0x83, 0xE6, 0xA1, 0x0B, 0xA1, 0xCB, 0x76,
+        0x52, 0xA8, 0x13, 0x50, 0x89, 0x9C, 0x2D, 0xFC,
+        0x6E, 0x4F, 0xED, 0x38, 0xD0, 0x09, 0xE6, 0xD0,
+        0xF1, 0xD4, 0x4C, 0xCC, 0xB9, 0x5E, 0x55, 0x1B,
+        0x3A, 0xD5, 0x4B, 0x3A, 0xC8, 0x1E, 0x8B, 0xA4,
+        0x66, 0x5E, 0xA4, 0x28, 0xB3, 0xC8, 0x61, 0xE8,
+        0x67, 0x78, 0x90, 0xCF, 0x5F, 0x62, 0x5C, 0x19,
+        0xA7, 0xC5, 0x94, 0x3A, 0x94, 0x01, 0xCB, 0x78,
+        0xE7, 0x02, 0x6B, 0xAE, 0x92, 0xB6, 0x0A, 0x8B,
+        0x68, 0x07, 0xC1, 0x77, 0x45, 0x41, 0x5C, 0xD8,
+        0xE0, 0x30, 0xC6, 0x4C, 0x56, 0xE8, 0x22, 0x13,
+        0x9A, 0x35, 0xDA, 0x42, 0x3F, 0x26, 0x43, 0x36,
+        0xE0, 0xAF, 0xDF, 0x16, 0x74, 0x30, 0xDD, 0x36,
+        0xE0, 0x06, 0x4B, 0x2F, 0x6E, 0x8D, 0x8B, 0xB6,
+        0xBE, 0x99, 0xC5, 0xA9, 0xFB, 0x55, 0x1C, 0xC6,
+        0x3E, 0x50, 0x8D, 0xB6, 0x36, 0x66, 0x7D, 0xDA,
+        0x53, 0xF6, 0x11, 0xF0, 0x2F, 0xCD, 0x1F, 0x99,
+        0x41, 0x0F, 0x1A, 0x7A, 0x82, 0x88, 0x2F, 0x96,
+        0x23, 0xAD, 0xDC, 0x50, 0xEB, 0x01, 0xE1, 0xF3,
+        0x99, 0x78, 0xBF, 0x68, 0x50, 0x6C, 0x71, 0xDB,
+        0xBE, 0xE4, 0x2E, 0x4A, 0x80, 0x06, 0x9B, 0x0E,
+        0x4C, 0x7F, 0xC4, 0xCC, 0x14, 0x71, 0xF4, 0xF1,
+        0x02, 0x8D, 0xB2, 0x5C, 0x46, 0x87, 0xB6, 0x0D,
+        0xF4, 0x25, 0x5D, 0xEC, 0x91, 0x48, 0x19, 0x7A,
+        0x74, 0x79, 0x6E, 0xC7, 0x60, 0xA6, 0x6A, 0xFC,
+        0x78, 0x84, 0x03, 0x86, 0x51, 0x92, 0x09, 0x73,
+        0xA6, 0x9C, 0x20, 0x35, 0x16, 0x22, 0x26, 0x32,
+        0xEC, 0x58, 0x75, 0xEA, 0x6D, 0x83, 0x80, 0x96,
+        0xE7, 0xFE, 0x9B, 0x5B, 0x4F, 0xB6, 0x9C, 0x5E,
+        0x94, 0x07, 0xE7, 0x0D, 0x27, 0xFA, 0x34, 0xB0,
+        0xCD, 0xBD, 0x6E, 0x11, 0x9D, 0x87, 0xCE, 0x38,
+        0x58, 0x1D, 0xF1, 0xD3, 0xE0, 0xDF, 0x3A, 0xE0,
+        0x29, 0x04, 0x2A, 0x3B, 0x20, 0xE9, 0x23, 0xEB,
+        0xCE, 0x19, 0xA4, 0x95, 0x87, 0x55, 0xEE, 0x2F,
+        0x98, 0xFD, 0x23, 0x4C, 0x44, 0x13, 0xE2, 0xDB,
+        0xC9, 0x35, 0x59, 0xA4, 0x28, 0xDC, 0x37, 0xF2,
+        0xD1, 0x23, 0x5B, 0xD4, 0x41, 0x9B, 0x09, 0x9E,
+        0x0F, 0x0D, 0xE5, 0x42, 0xC4, 0x69, 0x35, 0x99,
+        0x1B, 0xE0, 0x69, 0x2A, 0x6D, 0x80, 0xB8, 0xFD,
+        0x98, 0x86, 0xE0, 0xFA, 0x17, 0x69, 0xB4, 0x9E,
+        0x8A, 0xE6, 0x30, 0x7C, 0xB0, 0xBC, 0x1B, 0x49,
+        0x73, 0x2D, 0x26, 0xE2, 0x5C, 0xA1, 0xCD, 0x9D,
+        0x40, 0x7E, 0x0D, 0x88, 0x64, 0x04, 0x09, 0x41,
+        0x61, 0x1F, 0x93, 0x33, 0xB6, 0x36, 0x7E, 0x83,
+        0x00, 0xFD, 0x64, 0x6A, 0xC5, 0xA7, 0x1A, 0xD9,
+        0x13, 0xEE, 0xFD, 0x80, 0x8D, 0x5C, 0xAF, 0xBF,
+        0x15, 0x21, 0xA3, 0x06, 0x2E, 0xC1, 0x84, 0xE5,
+        0x21, 0x65, 0x50, 0x1E, 0x00, 0x55, 0x56, 0xDE,
+        0x4D, 0xEE, 0x46, 0xF9, 0xE5, 0x3D, 0x7D, 0xEF,
+        0x99, 0x09, 0xF3, 0xD5, 0xD9, 0x8C, 0xA8, 0x0D,
+        0x87, 0x70, 0x7F, 0x7B, 0xC0, 0xFF, 0x8D, 0x87,
+        0x9D, 0x65, 0xD4, 0xD7, 0x83, 0xD1, 0x96, 0xF2,
+        0x46, 0x06, 0x93, 0x81, 0x1C, 0xDF, 0x33, 0x35,
+        0x8E, 0x08, 0x2D, 0x81, 0xF4, 0xDB, 0x8F, 0x6C,
+        0x20, 0x48, 0x61, 0x83, 0xA3, 0x6D, 0x4F, 0xBC,
+        0xC8, 0xA1, 0xC6, 0xDA, 0x21, 0xAA, 0x4D, 0xD1,
+        0x36, 0xE1, 0x9F, 0xEF, 0x2E, 0xA9, 0x93, 0x97,
+        0x2B, 0xB9, 0x98, 0x9A, 0xC1, 0xC3, 0x8A, 0x79,
+        0xF3, 0x18, 0x52, 0x17, 0x80, 0x04, 0x12, 0x3C,
+        0x46, 0x27, 0x7D, 0x38, 0xA8, 0x8F, 0xC1, 0x58,
+        0x9F, 0x25, 0x73, 0x32, 0x28, 0x4C, 0xD8, 0xA8,
+        0x73, 0xC2, 0x5A, 0x1A, 0x6D, 0x40, 0x26, 0x5B,
+        0x28, 0x5D, 0xF0, 0x93, 0x70, 0xE8, 0x8F, 0x72,
+        0xFF, 0x70, 0xE4, 0x34, 0xE8, 0xF6, 0x60, 0x84,
+        0xCC, 0xFE, 0xBD, 0xBB, 0xC4, 0xB9, 0x9E, 0xDF,
+        0xBC, 0x75, 0x0C, 0xC5, 0xDE, 0xA6, 0x36, 0x17,
+        0xF6, 0x47, 0xF5, 0xF0, 0x21, 0xD5, 0x7D, 0x64,
+        0xD5, 0xEF, 0xF0, 0x48, 0x63, 0x4D, 0xB2, 0x20,
+        0x9D, 0x7C, 0x8B, 0x82, 0xFB, 0x63, 0xB8, 0x82,
+        0x3E, 0x4C, 0xA0, 0x57, 0x16, 0x8B, 0xAE, 0x88,
+        0xD9, 0x71, 0x52, 0x91, 0x24, 0x0B, 0x37, 0x58,
+        0xD7, 0x68, 0x45, 0x01, 0xF8, 0x61, 0x86, 0x7B,
+        0x7A, 0x24, 0x1C, 0x06, 0x3B, 0x05, 0xD5, 0xE8,
+        0xCA, 0x6B, 0x4C, 0x79, 0xCB, 0x24, 0x35, 0xD7,
+        0xF9, 0x94, 0xCB, 0x76, 0x91, 0x5B, 0x4A, 0x54,
+        0x87, 0x08, 0xB1, 0x1B, 0x29, 0x44, 0x96, 0x85,
+        0x94, 0x1D, 0x43, 0xE6, 0x0A, 0x89, 0x76, 0xF9,
+        0xA9, 0x60, 0x72, 0xF9, 0x10, 0x41, 0xF4, 0xC3,
+        0xDF, 0x7C, 0x73, 0x96, 0x90, 0x12, 0xAE, 0x1B,
+        0x30, 0xE4, 0xB9, 0xC4, 0xE1, 0x33, 0x55, 0x8D,
+        0xAB, 0xC4, 0x6C, 0x10, 0x3C, 0x0C, 0xB1, 0xDF,
+        0xB9, 0x9B, 0x58, 0x53, 0x74, 0xA5, 0x4F, 0x9B,
+        0xA5, 0x6B, 0x72, 0x48, 0xB8, 0xC3, 0xF6, 0x6F,
+        0x1D, 0x55, 0x76, 0x0D, 0x6A, 0xBB, 0x43, 0x03,
+        0x75, 0x77, 0x4D, 0xFB, 0xA2, 0x05, 0x9C, 0x5D,
+        0xDD, 0xB6, 0x59, 0xFD, 0x2E, 0x1D, 0xA9, 0xC3,
+        0xF0, 0xB8, 0x08, 0x68, 0xC9, 0x2B, 0xCA, 0xC1,
+        0x04, 0x03, 0xDC, 0xD1, 0x40, 0xD6, 0xA3, 0xD3,
+        0xF3, 0x5F, 0x8E, 0xF1, 0xA2, 0xDD, 0x98, 0xDE,
+        0x1A, 0x43, 0x34, 0x23, 0x85, 0x99, 0xED, 0xAD,
+        0x92, 0x0D, 0xC0, 0xAA, 0x69, 0x8E, 0x9F, 0xE6,
+        0x10, 0x6A, 0x07, 0x80, 0xC9, 0xC2, 0x45, 0xF2,
+        0xC6, 0x5A, 0x0C, 0x3E, 0x5C, 0xD5, 0x36, 0x61,
+        0x10, 0xB1, 0x76, 0x0F, 0xCD, 0x41, 0x4D, 0x45,
+        0x0D, 0xB9, 0xD7, 0x6A, 0x22, 0xA9, 0xEA, 0xEA,
+        0x0C, 0x9F, 0xB7, 0x2E, 0xD5, 0x43, 0xCE, 0x9F,
+        0xA3, 0x31, 0x4B, 0xAB, 0x17, 0x68, 0x7E, 0x9D,
+        0xE5, 0xAD, 0xAD, 0x75, 0x61, 0xF1, 0xA5, 0xBE,
+        0xC1, 0x63, 0x39, 0x26, 0x9A, 0x87, 0xE0, 0x9A,
+        0xCB, 0x29, 0xE4, 0xC4, 0x39, 0x60, 0x5E, 0x95,
+        0x72, 0xAA, 0x9B, 0x7D, 0x0E, 0x83, 0x71, 0xA3,
+        0x0E, 0x41, 0xA0, 0xA7, 0xBD, 0xC0, 0x2D, 0xA3,
+        0xA6, 0x12, 0x1B, 0xF2, 0x61, 0xEA, 0xA0, 0x16,
+        0xA2, 0x07, 0x4E, 0x44, 0x32, 0xCF, 0x63, 0xAF,
+        0x96, 0xBE, 0x81, 0xCE, 0xB6, 0xE0, 0xC2, 0x67,
+        0x6A, 0x85, 0x45, 0xC6, 0x6D, 0x2F, 0x30, 0xC9,
+        0x8B, 0x54, 0x24, 0xF0, 0xFE, 0xF0, 0x4B, 0x3C,
+        0x6C, 0x70, 0x64, 0xE2, 0xD2, 0xE1, 0x1C, 0xBE,
+        0x60, 0xF8, 0x57, 0x23, 0xFF, 0xC0, 0xB7, 0x70,
+        0xD6, 0x86, 0x6F, 0xFA, 0x58, 0x9E, 0x3F, 0x9B,
+        0x2A, 0xBF, 0x75, 0x10, 0x40, 0x19, 0xAA, 0x69,
+        0xCB, 0x58, 0x89, 0x5B, 0x47, 0x4A, 0x0A, 0xDE,
+        0x2B, 0x60, 0xA4, 0xAB, 0x07, 0x7C, 0x3A, 0x6D,
+        0xF6, 0x15, 0x33, 0x4E, 0xBB, 0xE7, 0x32, 0xE9,
+        0x52, 0x20, 0x21, 0x39, 0x94, 0xD3, 0xBD, 0xC4,
+        0x43, 0xC8, 0xEF, 0x94, 0xAD, 0x51, 0x5F, 0x45,
+        0x41, 0x83, 0x55, 0x18, 0x33, 0x14, 0x48, 0x58,
+        0x57, 0xAC, 0x12, 0xBA, 0x1D, 0x62, 0xCF, 0x4F,
+        0xD4, 0xF4, 0xDE, 0x2A, 0x7F, 0xFF, 0x1E, 0xCF,
+        0x0D, 0x29, 0x0C, 0x4C, 0xDF, 0xFA, 0x88, 0xD8,
+        0xF4, 0x8C, 0x5B, 0x83, 0x7D, 0x3A, 0x94, 0xCD,
+        0x17, 0xB3, 0xD1, 0x69, 0x96, 0x6E, 0xB0, 0x38,
+        0xFE, 0x5A, 0x6E, 0x85, 0xDF, 0xC6, 0x0A, 0x00,
+        0x23, 0x3F, 0x10, 0x73, 0x19, 0x73, 0xDC, 0x47,
+        0x5D, 0x53, 0xBC, 0x7B, 0x9E, 0x60, 0x32, 0x0B,
+        0xA7, 0x90, 0x5D, 0x88, 0x51, 0x9F, 0xA3, 0x25,
+        0xDF, 0x5A, 0xB0, 0x2B, 0x40, 0xF2, 0xAB, 0xBD,
+        0xB3, 0x7D, 0x22, 0x61, 0xCB, 0x81, 0x48, 0x27,
+        0x7B, 0x87, 0xAE, 0x32, 0x97, 0x97, 0x6C, 0x80,
+        0xC3, 0x51, 0x34, 0xE5, 0xF7, 0x86, 0x90, 0x45,
+        0x64, 0xC1, 0x46, 0x99, 0x47, 0xF6, 0x20, 0xFE,
+        0x09, 0xFD, 0xF3, 0x86, 0x2C, 0x40, 0x57, 0xA3,
+        0xBC, 0xEF, 0x70, 0x75, 0x0C, 0xB7, 0x27, 0xF0,
+        0x31, 0x28, 0x3A, 0x18, 0x26, 0xF1, 0x38, 0x1B,
+        0x33, 0x48, 0xE3, 0xEA, 0x46, 0x88, 0x60, 0x9E,
+        0xCB, 0x19, 0x3A, 0xFA, 0xAE, 0xE1, 0xCD, 0x97,
+        0xE4, 0xDD, 0xAA, 0x02, 0xC0, 0xC3, 0x0E, 0x49,
+        0xF1, 0x37, 0xD0, 0x82, 0x85, 0x94, 0x15, 0x28,
+        0x10, 0x17, 0x59, 0xA7, 0x42, 0x2A, 0xA4, 0x99,
+        0xC9, 0x00, 0xA3, 0x79, 0xDD, 0x73, 0xB3, 0x07,
+        0x28, 0x4C, 0xCD, 0xDA, 0xF1, 0xFA, 0x1B, 0x0C,
+        0x4B, 0x28, 0x0E, 0x3F, 0x9F, 0x1D, 0xB6, 0xD3,
+        0x8E, 0xCF, 0x8A, 0x84, 0x1F, 0x9D, 0x4E, 0x40,
+        0xEC, 0xA8, 0x62, 0x47, 0xD6, 0xCD, 0x9B, 0x31,
+        0xEA, 0xCD, 0x6A, 0x46, 0xF0, 0xE3, 0x33, 0xB9,
+        0xE8, 0x3D, 0x69, 0x0D, 0x7E, 0x13, 0x46, 0x76,
+        0x19, 0xB4, 0x6A, 0xF9, 0xAF, 0xCF, 0xDC, 0x4A,
+        0xA9, 0xA0, 0x49, 0xB1, 0x80, 0x26, 0x0D, 0x70,
+        0xD9, 0xEE, 0xDB, 0x8A, 0x53, 0x30, 0x51, 0xAB,
+        0x83, 0x51, 0x7A, 0xAD, 0xC2, 0xCD, 0x90, 0x0B,
+        0x3E, 0xA5, 0x12, 0x60, 0xF4, 0x64, 0xAF, 0xC5,
+        0xD2, 0xDC, 0x41, 0x10, 0x29, 0x77, 0x9B, 0x21,
+        0xCE, 0x2C, 0xBD, 0x16, 0x02, 0x18, 0xDF, 0x41,
+        0xF6, 0x61, 0xDA, 0x1A, 0xD9, 0x5A, 0xD4, 0x0B,
+        0x8C, 0x35, 0x3C, 0x7F, 0x10, 0xFC, 0x23, 0xF8,
+        0x30, 0xD1, 0x17, 0xBC, 0xAE, 0xF8, 0xCE, 0xCE,
+        0xBC, 0xBF, 0xA4, 0x9D, 0x79, 0xD8, 0xD9, 0x39,
+        0x1E, 0x8D, 0x08, 0x28, 0x1F, 0x00, 0x0A, 0x55,
+        0xE9, 0x2D, 0xB3, 0x31, 0xBD, 0xEC, 0xD7, 0x31,
+        0x83, 0xE0, 0x58, 0xFF, 0x3F, 0xE5, 0x83, 0x9A,
+        0xF5, 0x0D, 0x8C, 0x55, 0xF2, 0x2F, 0x6A, 0xFF,
+        0x5A, 0x33, 0xDA, 0x77, 0x4B, 0xA1, 0xB3, 0xE6,
+        0x43, 0xF5, 0x87, 0x7C, 0xF5, 0x49, 0xC4, 0xF9,
+        0x08, 0xEA, 0x64, 0xA3, 0x7D, 0xF3, 0xBF, 0xA4,
+        0xCD, 0x5F, 0x70, 0xF8, 0xCD, 0x15, 0x44, 0x76,
+        0xD3, 0x4B, 0xC8, 0x53, 0xC9, 0xE8, 0xF7, 0x97,
+        0x9E, 0x5F, 0x4E, 0xBB, 0x88, 0x8A, 0xF7, 0x61
+    };
+    static const byte msg_87[] = {
+        0x4A, 0xC4, 0x67, 0x5C, 0x96, 0xD9, 0x11, 0x7D,
+        0x1E, 0xDE, 0xB8, 0x0D, 0x7C, 0xD2, 0x84, 0xA3,
+        0xE1, 0xE1, 0xFE, 0x03, 0x8E, 0x30, 0x12, 0x05,
+        0xB4, 0xC4, 0x08, 0xEB, 0x96, 0x52, 0x35, 0xAD,
+        0x1C, 0x85, 0xF8, 0xBE, 0x3F, 0x77, 0xCA, 0x48,
+        0x6F, 0xD2, 0x07, 0xF7, 0xC7, 0x5F, 0x41, 0x21,
+        0xCD, 0x3C, 0xA2, 0xB2, 0x3D, 0x6B, 0xCE, 0x43,
+        0x82, 0xA6, 0xD3, 0x61, 0x21, 0x81, 0x50, 0x25,
+        0xD5, 0x80, 0x6C, 0xBE, 0xF4, 0x52, 0xE0, 0x83,
+        0x93, 0x3C, 0x6E, 0x5C, 0x73, 0x94, 0xAC, 0x88,
+        0x26, 0x2A, 0x6D, 0xE7, 0x77, 0x0B, 0x2D, 0x88,
+        0x43, 0xEC, 0x10, 0x1F, 0xFB, 0x5E, 0x84, 0xDE,
+        0x2F, 0x7A, 0x8B, 0x74, 0xE7, 0x67, 0x4B, 0x3B,
+        0x23, 0x19, 0xBD, 0x6B, 0xF4, 0x11, 0x2F, 0x92,
+        0xC5, 0xCF, 0xC0, 0xA5, 0x5F, 0x7F, 0xA0, 0x61,
+        0xF4, 0x53, 0x25, 0x40, 0x8D, 0x03, 0x9D, 0x51
+    };
+    static const byte sig_87[] = {
+        0x4B, 0x3F, 0x52, 0xF0, 0x81, 0xB3, 0xD9, 0x14,
+        0xBC, 0x7C, 0x6C, 0x07, 0x3B, 0x18, 0x2B, 0x26,
+        0x8A, 0xDF, 0x51, 0x89, 0xE2, 0x98, 0xA8, 0x69,
+        0xBF, 0xB9, 0x91, 0xB1, 0x99, 0x99, 0x3C, 0x10,
+        0x42, 0xDE, 0xF5, 0xB5, 0x92, 0x70, 0xB6, 0xCD,
+        0x3F, 0xF8, 0xF9, 0x07, 0xA1, 0xCB, 0x0D, 0x3B,
+        0x6F, 0xED, 0xCA, 0x14, 0x38, 0x38, 0xF8, 0xF8,
+        0x1E, 0x0C, 0x37, 0x0F, 0xFE, 0xEE, 0x6B, 0x25,
+        0xCD, 0x07, 0x03, 0x56, 0x41, 0xA0, 0x51, 0x94,
+        0x4E, 0xAB, 0x51, 0x6C, 0xFB, 0xB8, 0x01, 0x53,
+        0x6B, 0x4F, 0x26, 0x2B, 0x16, 0x19, 0x8E, 0x7D,
+        0xDB, 0x1D, 0x61, 0xC3, 0x5A, 0x64, 0xD9, 0x0D,
+        0x39, 0x48, 0xCE, 0xAA, 0xC8, 0xEE, 0x58, 0x0D,
+        0xCE, 0xF5, 0x40, 0xED, 0x99, 0xD9, 0x12, 0xBB,
+        0xA2, 0xBC, 0x4F, 0x51, 0x45, 0xBB, 0x94, 0x9C,
+        0x73, 0xCC, 0xBD, 0x58, 0x26, 0x13, 0xB1, 0x0E,
+        0xAA, 0xE8, 0x63, 0xAC, 0xA3, 0x46, 0x83, 0xEB,
+        0x92, 0x2B, 0x3D, 0xAD, 0xFC, 0x74, 0xF7, 0x6F,
+        0x47, 0xE4, 0x97, 0x86, 0x02, 0x59, 0x24, 0x02,
+        0xD9, 0x15, 0x43, 0x94, 0xEB, 0x09, 0xFB, 0xC2,
+        0xEB, 0xCC, 0xC5, 0x94, 0x73, 0x2F, 0x2D, 0x8B,
+        0xC3, 0x83, 0x50, 0xE5, 0x53, 0x5A, 0x44, 0x12,
+        0xA7, 0x7A, 0xDD, 0x79, 0x16, 0x60, 0x45, 0x76,
+        0xFD, 0x6A, 0x36, 0x31, 0xE5, 0x15, 0xBA, 0xF2,
+        0x6A, 0x6F, 0x9C, 0xA4, 0x06, 0x1E, 0xBB, 0xDD,
+        0x3B, 0xEC, 0x71, 0x79, 0xAD, 0x58, 0x55, 0x2A,
+        0x5B, 0x50, 0x8F, 0x31, 0x34, 0x8A, 0x56, 0xAD,
+        0x1A, 0xDA, 0x7A, 0x05, 0x35, 0x2C, 0x72, 0xC0,
+        0x04, 0xB9, 0x4C, 0x47, 0xE7, 0x04, 0x9A, 0x10,
+        0xB3, 0xA5, 0x9B, 0xF2, 0x38, 0xA8, 0xDF, 0xC6,
+        0xC7, 0x01, 0x9A, 0x17, 0xF0, 0x5D, 0x5B, 0xFC,
+        0xB9, 0xD9, 0x3D, 0x9D, 0x1C, 0xCB, 0xCB, 0x47,
+        0xF8, 0xC4, 0x38, 0x09, 0x8F, 0xDB, 0xDF, 0xE2,
+        0x3F, 0x9F, 0x78, 0xBC, 0x28, 0x06, 0x99, 0x08,
+        0xC6, 0xB9, 0x89, 0x8B, 0x43, 0x4C, 0xBF, 0x37,
+        0x78, 0x7E, 0x1A, 0xF6, 0xA6, 0xB8, 0x27, 0xE8,
+        0x30, 0xE9, 0xF7, 0x62, 0x9C, 0xD8, 0xF5, 0x10,
+        0x70, 0xC4, 0xC8, 0xA8, 0xDE, 0xB2, 0x60, 0xD0,
+        0x7C, 0x3E, 0x41, 0xD8, 0x49, 0x04, 0x84, 0x87,
+        0x74, 0x91, 0xB3, 0x9A, 0xA6, 0xD9, 0xE1, 0x0D,
+        0x91, 0x74, 0x8B, 0x64, 0xE3, 0x31, 0x60, 0x62,
+        0x9D, 0x8A, 0xE4, 0x3E, 0xFD, 0x5F, 0x85, 0x78,
+        0x1E, 0x69, 0xF7, 0x6B, 0x68, 0x95, 0xC1, 0x41,
+        0xEB, 0xCD, 0xDF, 0xEE, 0xB4, 0x85, 0xA0, 0x0B,
+        0xDB, 0xA4, 0xF7, 0xC9, 0x91, 0xF5, 0x3F, 0x2F,
+        0x84, 0x93, 0x39, 0x26, 0xAF, 0x39, 0xE6, 0x96,
+        0x4A, 0xBF, 0x2D, 0xFE, 0xBB, 0xC1, 0x9A, 0x7E,
+        0x31, 0xC5, 0x07, 0x97, 0xB8, 0xDA, 0x29, 0x31,
+        0xE1, 0x0F, 0x3D, 0xAC, 0x49, 0x3F, 0x19, 0x8D,
+        0xFD, 0x78, 0x5D, 0x21, 0xAD, 0xB2, 0xC0, 0x62,
+        0xB0, 0x97, 0xE8, 0x89, 0xA2, 0x07, 0x37, 0xF1,
+        0x86, 0x00, 0x8F, 0x29, 0x28, 0xF6, 0xB8, 0x4D,
+        0x6E, 0x09, 0xE9, 0x75, 0xA8, 0xF2, 0xAA, 0xAD,
+        0xC7, 0x85, 0x23, 0x42, 0x34, 0xFD, 0xA0, 0x37,
+        0x03, 0xA7, 0xC2, 0x1F, 0x81, 0x2D, 0x65, 0x0B,
+        0xD2, 0x51, 0x0B, 0x30, 0xF0, 0x55, 0x00, 0x81,
+        0x04, 0x7A, 0x15, 0x5C, 0x84, 0x85, 0x86, 0xA9,
+        0x6F, 0x10, 0x0D, 0x77, 0x4F, 0x3E, 0x39, 0xE0,
+        0x29, 0xB0, 0x77, 0x7C, 0xD3, 0x3E, 0x68, 0x31,
+        0x8A, 0x11, 0xC1, 0x98, 0x02, 0x93, 0xFA, 0xD3,
+        0xE7, 0x87, 0xD2, 0x0D, 0xFE, 0x7E, 0xEE, 0x70,
+        0x53, 0xC0, 0x5E, 0xEB, 0x6A, 0x15, 0x9B, 0xAA,
+        0xD4, 0x02, 0x0B, 0x9E, 0xC3, 0xF5, 0x37, 0xDA,
+        0x4D, 0xAD, 0xAF, 0xB3, 0xB1, 0xBB, 0x1D, 0xBE,
+        0xB2, 0xD5, 0xB8, 0xF9, 0xD0, 0x5A, 0x01, 0x97,
+        0x98, 0xEA, 0xE0, 0xED, 0x09, 0x9D, 0xB0, 0x66,
+        0xD7, 0x3E, 0xE8, 0xE9, 0xA5, 0x6D, 0xE3, 0x68,
+        0xE8, 0x78, 0xA7, 0xFF, 0x39, 0x14, 0x0D, 0x80,
+        0x21, 0xD5, 0x00, 0x85, 0xE6, 0x25, 0x29, 0x41,
+        0xAB, 0x31, 0x53, 0x09, 0xCB, 0x53, 0xAA, 0xA4,
+        0x9E, 0x86, 0x34, 0x7F, 0xBA, 0xD5, 0x4A, 0x1F,
+        0x87, 0x3E, 0x0C, 0xB4, 0xB8, 0x6A, 0x8D, 0x5B,
+        0x1B, 0x2A, 0x95, 0xD4, 0x85, 0xF3, 0x7A, 0x9F,
+        0xB6, 0x10, 0x5D, 0xF8, 0x44, 0x0F, 0xDB, 0x85,
+        0x78, 0xF2, 0x62, 0x4C, 0x07, 0x93, 0x29, 0x56,
+        0x9A, 0x75, 0xF3, 0x6F, 0x2C, 0x55, 0xD8, 0xD0,
+        0x30, 0xFB, 0xFE, 0xAA, 0x88, 0x89, 0xAD, 0x74,
+        0x6C, 0x32, 0x3B, 0x1A, 0xC4, 0xEC, 0x8C, 0x40,
+        0x3E, 0x77, 0x5A, 0x6F, 0xBE, 0x59, 0x6E, 0x7E,
+        0x6A, 0x5A, 0x28, 0x63, 0x57, 0x66, 0x25, 0x14,
+        0x99, 0x40, 0x97, 0x6F, 0x7C, 0xC9, 0x36, 0x17,
+        0xB4, 0x3F, 0xB1, 0x34, 0x89, 0x07, 0x4E, 0xCA,
+        0xC5, 0xBE, 0xB1, 0xA4, 0xDF, 0xE5, 0x8B, 0x9A,
+        0xD2, 0xE0, 0xC6, 0xA1, 0x5B, 0x76, 0xA7, 0xC2,
+        0xD2, 0x08, 0x72, 0x5A, 0x31, 0x23, 0xCA, 0x4E,
+        0x6F, 0x2C, 0x58, 0x47, 0xEE, 0x5F, 0xA8, 0x38,
+        0x49, 0x19, 0xEF, 0x89, 0x01, 0x1D, 0x21, 0x9B,
+        0x25, 0x7B, 0x3E, 0x4D, 0xC4, 0xF2, 0x09, 0x51,
+        0x60, 0x84, 0x4C, 0xAE, 0xEA, 0xFC, 0xF8, 0x57,
+        0x26, 0x0F, 0x1C, 0x63, 0xD3, 0xB0, 0x5A, 0x67,
+        0xD3, 0xD0, 0xF2, 0xB0, 0xEC, 0x9D, 0xCC, 0x27,
+        0x23, 0xF1, 0x37, 0x55, 0x75, 0x0B, 0xAE, 0x62,
+        0xFC, 0xC3, 0x61, 0xCF, 0xB5, 0x84, 0xF7, 0x74,
+        0xC0, 0x9A, 0xDF, 0x9A, 0x04, 0x31, 0xB2, 0x3E,
+        0x48, 0x8C, 0x35, 0x9C, 0x0A, 0xEF, 0x5B, 0x1C,
+        0x97, 0x87, 0xBD, 0x8F, 0x52, 0xB0, 0x83, 0xBC,
+        0x9D, 0xBC, 0xC9, 0xB3, 0x03, 0x9F, 0x77, 0x7C,
+        0x7E, 0x8E, 0xAB, 0xC8, 0x00, 0x78, 0x05, 0x0C,
+        0xE6, 0xD4, 0x9C, 0x3B, 0xB7, 0x01, 0x68, 0xFA,
+        0x21, 0x77, 0x29, 0x8F, 0xB0, 0xA8, 0xF7, 0x2C,
+        0x1C, 0xD2, 0x8D, 0x66, 0x2A, 0x07, 0xDA, 0xE6,
+        0xC7, 0xAC, 0xB7, 0xFB, 0x8E, 0x7F, 0xDD, 0x01,
+        0xDF, 0xB2, 0x7C, 0x62, 0xEE, 0x68, 0x3F, 0x4E,
+        0x5F, 0x88, 0xC7, 0xC1, 0xDD, 0xDD, 0x5E, 0xEC,
+        0xC1, 0xC3, 0xAF, 0x85, 0x3F, 0x1F, 0xF6, 0xB1,
+        0xD9, 0xDE, 0x67, 0x2F, 0x1B, 0xF6, 0x47, 0x3A,
+        0xF0, 0x02, 0x1D, 0x8A, 0x3D, 0x4D, 0xD0, 0x4A,
+        0x2F, 0xCA, 0x23, 0x25, 0xC7, 0x21, 0xCF, 0x1C,
+        0x82, 0x16, 0x76, 0xD0, 0xA0, 0xD5, 0x74, 0x18,
+        0x66, 0x25, 0xDE, 0x83, 0x1C, 0x84, 0x11, 0xF6,
+        0x41, 0x79, 0xF9, 0x16, 0x7F, 0x78, 0xBC, 0xB2,
+        0x2F, 0xB4, 0x1C, 0x2C, 0xDB, 0x63, 0xC4, 0xDB,
+        0x5E, 0x13, 0x87, 0x66, 0xD3, 0x80, 0x35, 0x89,
+        0x59, 0x8F, 0x11, 0x4F, 0x41, 0xBA, 0x42, 0xCD,
+        0xB1, 0x34, 0x10, 0x20, 0x44, 0x9B, 0xA9, 0x96,
+        0x56, 0x11, 0x39, 0x90, 0xB4, 0xE0, 0x22, 0xD8,
+        0xDA, 0x20, 0xD7, 0x44, 0x49, 0x1C, 0x6E, 0xEA,
+        0xB6, 0x7B, 0x91, 0x8E, 0x80, 0xFF, 0xF3, 0x43,
+        0xCC, 0x5B, 0x4C, 0x8E, 0x58, 0xC3, 0x48, 0x4B,
+        0x01, 0x25, 0xA6, 0x0C, 0x36, 0xAE, 0xF7, 0x63,
+        0x89, 0x4D, 0x35, 0x14, 0x8B, 0x57, 0x8F, 0x41,
+        0x7C, 0x3A, 0x98, 0xA1, 0x43, 0xED, 0xFE, 0x9F,
+        0x8C, 0x95, 0xBC, 0xC3, 0x46, 0xC6, 0xF5, 0xEA,
+        0xF9, 0x7A, 0xAD, 0x11, 0xDA, 0xE0, 0x1C, 0x47,
+        0x7C, 0x22, 0x7A, 0x88, 0xD1, 0x0E, 0xCF, 0xDC,
+        0xF4, 0x50, 0xB3, 0x7F, 0x88, 0x19, 0x68, 0x02,
+        0x78, 0x49, 0xD9, 0xB4, 0x3E, 0x2B, 0xFF, 0x90,
+        0xC6, 0xA3, 0x4A, 0xE4, 0x1B, 0x8B, 0xBD, 0x74,
+        0x30, 0x83, 0xD3, 0xC5, 0x87, 0x86, 0xB0, 0x36,
+        0x67, 0x1C, 0xD6, 0xEE, 0xD9, 0x4D, 0xAE, 0x51,
+        0xF7, 0x61, 0x32, 0x47, 0xEF, 0x86, 0x07, 0xAC,
+        0xF7, 0x4A, 0x3C, 0xCE, 0x93, 0x2F, 0x1C, 0x38,
+        0x69, 0xBD, 0xB3, 0x5C, 0xA1, 0x7F, 0xC6, 0xBA,
+        0x9F, 0x9C, 0x95, 0x6F, 0xF1, 0xD4, 0xD8, 0x80,
+        0x94, 0x32, 0x5C, 0xAB, 0xCE, 0x41, 0x23, 0x3F,
+        0xB1, 0xD8, 0x08, 0xEF, 0x41, 0x01, 0x03, 0x96,
+        0xDE, 0xB0, 0xEC, 0xF5, 0x07, 0x34, 0xD8, 0x18,
+        0xDD, 0xAB, 0x70, 0x01, 0x5A, 0x0A, 0xBD, 0xD1,
+        0x92, 0x6D, 0xFA, 0x49, 0x1F, 0x71, 0x1A, 0xA8,
+        0x5D, 0xA2, 0xA8, 0xEC, 0x60, 0xE3, 0x25, 0x5C,
+        0xCF, 0x97, 0x5C, 0x23, 0xCC, 0x4E, 0x8D, 0xAF,
+        0xDD, 0xED, 0x9F, 0xEC, 0x60, 0xA6, 0x46, 0x7C,
+        0x45, 0xB0, 0x3C, 0xA4, 0x76, 0x49, 0x9A, 0xA3,
+        0x31, 0xB0, 0xE3, 0x99, 0x95, 0x76, 0xCE, 0xC3,
+        0x19, 0x1A, 0x9A, 0x62, 0xBC, 0x1B, 0xEA, 0xC1,
+        0xEA, 0xF2, 0x0E, 0x18, 0xCF, 0xC3, 0x21, 0x61,
+        0x27, 0xDE, 0x4A, 0xAE, 0x2E, 0x75, 0x20, 0x1F,
+        0x9E, 0x42, 0x7E, 0x39, 0xBF, 0x92, 0x11, 0x50,
+        0xEA, 0xB9, 0x49, 0x55, 0x9C, 0x02, 0x2D, 0x87,
+        0x6F, 0xA2, 0x42, 0xC2, 0xA8, 0x45, 0xBC, 0xA7,
+        0x23, 0x5F, 0x72, 0x1B, 0x00, 0x56, 0x78, 0x8A,
+        0x44, 0xEC, 0xC3, 0xEB, 0x98, 0xF0, 0xF5, 0x02,
+        0xB8, 0x9F, 0x8E, 0x74, 0x10, 0xEA, 0x56, 0x79,
+        0xAE, 0x7C, 0x04, 0x34, 0xF1, 0x3A, 0xD8, 0x16,
+        0x42, 0x1D, 0x2F, 0xEE, 0x30, 0xCB, 0xCB, 0x2D,
+        0xAA, 0x6B, 0x85, 0x1C, 0xD1, 0xB6, 0xE9, 0x96,
+        0xDA, 0x7A, 0x75, 0x7E, 0x4C, 0x4D, 0x85, 0x72,
+        0xC8, 0xB6, 0x00, 0xDE, 0x85, 0xDD, 0xB6, 0x53,
+        0x20, 0xD1, 0xCB, 0x71, 0xD9, 0x37, 0x83, 0x49,
+        0xC0, 0xC4, 0x01, 0xAD, 0x4F, 0x9E, 0x91, 0x27,
+        0x21, 0x39, 0x22, 0x8A, 0x8D, 0xA2, 0xF4, 0xFD,
+        0x2F, 0x48, 0x89, 0x1A, 0x4D, 0xCB, 0x06, 0x6D,
+        0x50, 0x1D, 0x44, 0x74, 0x83, 0xB6, 0x11, 0xBB,
+        0x3C, 0x80, 0x55, 0x0A, 0x90, 0xEA, 0x0B, 0x73,
+        0x2D, 0x63, 0x9D, 0x8B, 0x39, 0x26, 0xB6, 0xE7,
+        0xC3, 0x54, 0x53, 0xED, 0x3C, 0xC1, 0x10, 0xBA,
+        0xF5, 0x56, 0xCF, 0x46, 0xD8, 0xFC, 0x21, 0x77,
+        0xE7, 0x6F, 0xB2, 0x66, 0x3B, 0x8B, 0xDD, 0x17,
+        0x1E, 0x94, 0xC0, 0xAC, 0xAF, 0x25, 0xB9, 0x15,
+        0x3B, 0x22, 0xBC, 0xA7, 0x49, 0x91, 0x67, 0x56,
+        0xFB, 0x3E, 0xD3, 0x01, 0x8E, 0x09, 0x44, 0xB6,
+        0xC3, 0xB9, 0xB6, 0xBF, 0xA1, 0x5B, 0x9B, 0xE8,
+        0x03, 0xAC, 0x79, 0x33, 0x3C, 0xD2, 0xC3, 0xA2,
+        0x7A, 0x26, 0xBC, 0x17, 0xCD, 0xA2, 0x57, 0x79,
+        0x8A, 0xE1, 0x6B, 0x28, 0xB4, 0x63, 0xB6, 0xDF,
+        0x3F, 0xA8, 0x7C, 0x2D, 0x74, 0x2D, 0x0F, 0x68,
+        0x85, 0xBE, 0xE0, 0xBE, 0xC6, 0xE2, 0x0D, 0x01,
+        0xE5, 0xDA, 0xDC, 0x86, 0x82, 0x3E, 0x92, 0xD6,
+        0x0F, 0xEC, 0x79, 0xB0, 0xD2, 0x40, 0x24, 0x87,
+        0x53, 0xE4, 0x20, 0x48, 0x38, 0x4C, 0x80, 0x42,
+        0x89, 0x60, 0x48, 0x21, 0xA5, 0x7F, 0x4F, 0x9F,
+        0x50, 0xAE, 0x0C, 0x38, 0x52, 0x7F, 0xE5, 0xA3,
+        0x49, 0x38, 0xDD, 0xBC, 0xDC, 0xD9, 0xA1, 0xD0,
+        0x20, 0x83, 0x9B, 0xEB, 0xB6, 0x2F, 0x9F, 0x41,
+        0xFB, 0xA0, 0x80, 0x52, 0xAB, 0xB8, 0x2F, 0xAD,
+        0xA8, 0x84, 0xCB, 0xE5, 0x63, 0x79, 0x11, 0x03,
+        0xAA, 0x58, 0x55, 0x46, 0xEB, 0xFE, 0xB1, 0x12,
+        0x72, 0xCC, 0x2E, 0x87, 0xA3, 0xB7, 0x5B, 0x3C,
+        0x6B, 0xB1, 0x85, 0x3A, 0xE7, 0xF9, 0xCF, 0x55,
+        0x85, 0xB2, 0x65, 0x3C, 0xF5, 0xEE, 0xA2, 0x44,
+        0xD2, 0x04, 0xEB, 0x26, 0x9C, 0x56, 0xA2, 0x09,
+        0x85, 0x16, 0x06, 0x59, 0xCB, 0x07, 0x25, 0xEE,
+        0x13, 0xCE, 0x35, 0xD5, 0x5E, 0xB0, 0x95, 0xA5,
+        0x34, 0x14, 0xF2, 0x32, 0xDF, 0x81, 0x08, 0xB1,
+        0x80, 0x24, 0xEB, 0x0D, 0xBF, 0x34, 0x5E, 0xB5,
+        0xCD, 0xAD, 0x0B, 0xCE, 0x72, 0x63, 0x50, 0x9A,
+        0x34, 0x1D, 0x54, 0xA7, 0xD5, 0x34, 0xE5, 0x53,
+        0xEA, 0xEF, 0xFE, 0x4E, 0x24, 0x2E, 0xA2, 0x3B,
+        0xCF, 0xE5, 0x9A, 0x58, 0xA6, 0x04, 0x25, 0x88,
+        0x2C, 0xB7, 0xE3, 0xB0, 0xC9, 0xE4, 0xAF, 0xE8,
+        0x69, 0x8E, 0x3D, 0xF5, 0x6A, 0xFD, 0x6D, 0x61,
+        0x1E, 0x91, 0x68, 0x74, 0x7D, 0x87, 0x35, 0xCF,
+        0x92, 0x46, 0xD9, 0x4F, 0x21, 0x26, 0xBE, 0x72,
+        0x7F, 0xB4, 0x2B, 0x22, 0x41, 0xA8, 0x3B, 0x34,
+        0xF0, 0xB9, 0xEB, 0x47, 0x93, 0x8D, 0x72, 0x65,
+        0x02, 0xC5, 0x4E, 0x45, 0x72, 0x76, 0x63, 0x31,
+        0x62, 0x8F, 0xA5, 0xCD, 0xA8, 0x93, 0xC3, 0x53,
+        0x76, 0xAB, 0x45, 0x38, 0xFF, 0x87, 0x17, 0xC2,
+        0x79, 0x5B, 0x0F, 0x51, 0xF0, 0x8E, 0x11, 0x37,
+        0x61, 0x2B, 0x89, 0xB0, 0xC1, 0xE2, 0xCD, 0x1F,
+        0x09, 0x9E, 0x88, 0x55, 0x69, 0x23, 0xAE, 0x57,
+        0xA1, 0xDA, 0xD2, 0xAF, 0xB1, 0x23, 0x0B, 0x50,
+        0x94, 0xA1, 0xB2, 0x1B, 0xAD, 0x7D, 0xBB, 0xC3,
+        0x33, 0xA9, 0x7F, 0x17, 0x93, 0x04, 0x71, 0x8F,
+        0x32, 0x89, 0xB6, 0xDE, 0x31, 0x31, 0x5B, 0x74,
+        0xC1, 0xA7, 0x3A, 0xC7, 0x75, 0x6F, 0xAA, 0x4D,
+        0x7E, 0xB5, 0x68, 0xBB, 0xC6, 0xF7, 0xE7, 0x88,
+        0xCD, 0x08, 0x9B, 0x39, 0x55, 0x64, 0xD2, 0x17,
+        0x6B, 0x00, 0x56, 0xDF, 0xFE, 0x95, 0x2C, 0x77,
+        0x48, 0xB0, 0x48, 0x30, 0x67, 0x20, 0xF6, 0x02,
+        0xB6, 0x7E, 0x8F, 0x6A, 0xDC, 0xC9, 0x1F, 0x8E,
+        0x3A, 0xA4, 0xB8, 0xC4, 0xD7, 0xFA, 0xC2, 0x33,
+        0xAA, 0xF9, 0x36, 0x53, 0xAD, 0x22, 0x09, 0xE2,
+        0xFF, 0x92, 0xDA, 0x30, 0xC2, 0xD5, 0x3F, 0xDE,
+        0xF6, 0xF4, 0xC9, 0x0E, 0xAA, 0x0D, 0xE6, 0x0D,
+        0x59, 0x4A, 0xDA, 0x39, 0x15, 0xDB, 0x24, 0x27,
+        0x9D, 0x86, 0x74, 0x76, 0xEA, 0xD7, 0x57, 0xB4,
+        0xC0, 0x26, 0x4A, 0x1D, 0xB8, 0xA1, 0xF5, 0x7A,
+        0x1B, 0x5D, 0x71, 0x73, 0xBB, 0x1A, 0x96, 0x0C,
+        0xE0, 0x2F, 0xDE, 0xFE, 0xF1, 0x60, 0xD5, 0x12,
+        0x66, 0x7D, 0x65, 0x52, 0x68, 0xFC, 0xC3, 0xA1,
+        0x53, 0xA4, 0x31, 0x47, 0x82, 0xA0, 0xEB, 0xFF,
+        0x84, 0xF6, 0x5F, 0x14, 0xA0, 0xE3, 0xE1, 0x2A,
+        0x13, 0x25, 0x0C, 0x07, 0xD0, 0x8C, 0x22, 0x5B,
+        0x11, 0xA6, 0x83, 0x1B, 0xC2, 0x5C, 0x40, 0x46,
+        0x7B, 0x76, 0x80, 0x04, 0xDD, 0xE0, 0xE8, 0x74,
+        0xA5, 0x11, 0x44, 0xC1, 0x89, 0x20, 0xBD, 0xF2,
+        0x86, 0x09, 0x0B, 0x59, 0xF5, 0x15, 0x64, 0xEA,
+        0x40, 0x70, 0xFB, 0xBF, 0x61, 0xE3, 0x69, 0x64,
+        0x35, 0xF2, 0x8F, 0x63, 0x33, 0x2B, 0x64, 0x49,
+        0x6D, 0xF3, 0xEC, 0x8B, 0x65, 0xD5, 0x4E, 0x1C,
+        0xF4, 0x78, 0x9D, 0xDA, 0xB1, 0x22, 0xDA, 0x6B,
+        0x26, 0x4D, 0x31, 0x2A, 0x71, 0x1C, 0x12, 0x9E,
+        0x3B, 0x07, 0xF4, 0xC6, 0xDA, 0x25, 0xA5, 0x61,
+        0x73, 0xAF, 0x58, 0xB9, 0x0A, 0x71, 0xB7, 0xAC,
+        0xFA, 0x31, 0x61, 0xA8, 0x1F, 0x59, 0xD1, 0x79,
+        0x14, 0xC9, 0x9B, 0xBA, 0xC4, 0xF9, 0xA3, 0x14,
+        0x97, 0x7A, 0x89, 0xCE, 0xF7, 0x69, 0x69, 0x43,
+        0x60, 0x9B, 0xB4, 0x82, 0x79, 0x64, 0xFB, 0x29,
+        0x76, 0x40, 0x3B, 0xD4, 0x99, 0x6F, 0x1E, 0x84,
+        0x2B, 0xF5, 0xAA, 0xAE, 0x1E, 0xCC, 0xA1, 0x12,
+        0x55, 0xB9, 0xE6, 0x00, 0x1C, 0x20, 0xF7, 0x2F,
+        0x1F, 0xD5, 0xE3, 0x2C, 0xDA, 0x32, 0xD8, 0xA7,
+        0xAC, 0x5F, 0x62, 0xB0, 0x9A, 0x0E, 0x61, 0x58,
+        0x47, 0xCA, 0x74, 0x6F, 0x48, 0x95, 0x15, 0xCF,
+        0x8F, 0x18, 0x31, 0x62, 0x85, 0x9F, 0x53, 0xB9,
+        0x7E, 0x9E, 0x5C, 0xA8, 0x00, 0xEE, 0x62, 0x4F,
+        0x72, 0x98, 0x43, 0xA0, 0x00, 0x91, 0x64, 0xA4,
+        0xA9, 0xFF, 0x76, 0xEB, 0x34, 0xE4, 0x70, 0x41,
+        0x84, 0x84, 0x8A, 0x13, 0x9A, 0xD9, 0x7D, 0x90,
+        0x9F, 0x7A, 0x7E, 0xD1, 0x14, 0xF0, 0x87, 0xA4,
+        0xB2, 0xE1, 0xB4, 0xA3, 0x03, 0x23, 0x91, 0x16,
+        0x0B, 0x6F, 0x3A, 0x36, 0x49, 0xFF, 0x15, 0xAE,
+        0xA2, 0xB7, 0x10, 0x7A, 0xF8, 0xA3, 0xB5, 0xFC,
+        0xAD, 0x61, 0xD4, 0x3D, 0x60, 0x2E, 0x62, 0x86,
+        0xA9, 0x00, 0x87, 0x0C, 0xC8, 0xCE, 0x24, 0xE3,
+        0x9E, 0x78, 0xF0, 0x39, 0x7A, 0x0D, 0x7E, 0x27,
+        0xE8, 0xE2, 0xD4, 0x77, 0x6A, 0x44, 0xCB, 0xA2,
+        0x18, 0xEB, 0xCD, 0x88, 0xB3, 0xC2, 0x8C, 0x18,
+        0x2A, 0x7C, 0x9F, 0x4D, 0xBB, 0x2D, 0xBB, 0x5E,
+        0x98, 0x15, 0x63, 0xD6, 0x6C, 0xEE, 0xB7, 0x7E,
+        0x7F, 0x90, 0x34, 0xBD, 0x42, 0x9D, 0x27, 0x63,
+        0x7C, 0xF7, 0x97, 0xDE, 0x82, 0xE0, 0x1F, 0xEB,
+        0xBC, 0xE2, 0x17, 0x1E, 0xFD, 0x01, 0x6E, 0x40,
+        0x2A, 0x42, 0xD7, 0x8E, 0xA1, 0xAC, 0xE2, 0xCB,
+        0x37, 0x0E, 0x75, 0xC9, 0x0A, 0xDF, 0xA1, 0xA7,
+        0x93, 0xB2, 0x16, 0x9C, 0xC2, 0x65, 0x22, 0xDB,
+        0x2F, 0x54, 0x6A, 0xC1, 0xDE, 0x34, 0xC9, 0x08,
+        0x71, 0x20, 0xC4, 0x2A, 0x9F, 0x10, 0xC0, 0x0D,
+        0x49, 0x3C, 0x25, 0x73, 0x01, 0x66, 0xF9, 0xD2,
+        0x19, 0xFB, 0xDA, 0xD2, 0x22, 0xC8, 0xB2, 0x81,
+        0x15, 0x54, 0x33, 0x13, 0x21, 0x08, 0x48, 0xFB,
+        0x2F, 0x04, 0xBF, 0xDC, 0xE1, 0x5D, 0x32, 0x0C,
+        0x36, 0x34, 0xA8, 0xE4, 0xD6, 0x37, 0x55, 0x51,
+        0x59, 0x00, 0xC7, 0x5B, 0xFD, 0x09, 0x0A, 0xD7,
+        0x8D, 0xD5, 0x88, 0x65, 0x9F, 0xBF, 0x97, 0xC9,
+        0x6E, 0x0D, 0x0A, 0xCC, 0x8E, 0x81, 0x5E, 0x60,
+        0x8F, 0x9E, 0x86, 0x1D, 0x79, 0xAF, 0x30, 0x51,
+        0xB9, 0x42, 0xB5, 0x25, 0x70, 0xB6, 0x29, 0x2B,
+        0xF4, 0x8C, 0x2B, 0xFA, 0xA9, 0x07, 0x7D, 0xC7,
+        0x6F, 0xE9, 0x02, 0x68, 0x32, 0x17, 0xB8, 0xBF,
+        0x80, 0x9E, 0xD7, 0xA0, 0x05, 0x0A, 0xDD, 0xBB,
+        0x65, 0xFD, 0xDF, 0xBD, 0x24, 0x01, 0x9C, 0x91,
+        0x81, 0xB5, 0xAC, 0x81, 0x56, 0x61, 0x13, 0xD6,
+        0x69, 0x4E, 0xA6, 0x29, 0x1D, 0x7F, 0x4A, 0x7F,
+        0x56, 0xA4, 0x1E, 0xB9, 0x1F, 0x76, 0x36, 0x8D,
+        0xF8, 0x2B, 0x16, 0x4B, 0x48, 0x59, 0x25, 0x9D,
+        0x71, 0x89, 0x24, 0x0F, 0x1D, 0x88, 0x03, 0xF8,
+        0x10, 0x72, 0x96, 0xD3, 0x78, 0xBA, 0xB4, 0xD2,
+        0x4F, 0xE6, 0xD1, 0x0E, 0xF7, 0x88, 0x36, 0x7B,
+        0xCE, 0x16, 0xC5, 0xAB, 0x77, 0xFB, 0xC1, 0x68,
+        0xB8, 0x57, 0xF7, 0xBA, 0x5C, 0xDC, 0xBE, 0x50,
+        0x67, 0xC8, 0x64, 0xF8, 0x79, 0x80, 0x9F, 0xE5,
+        0x21, 0x7D, 0xEF, 0x02, 0x94, 0xBF, 0xAF, 0xDF,
+        0x80, 0x9A, 0xBC, 0xE9, 0x53, 0x2D, 0xD9, 0xDA,
+        0xB3, 0x44, 0x8F, 0x4D, 0xA6, 0x8E, 0xCA, 0x51,
+        0x60, 0x94, 0x76, 0x27, 0x8E, 0xB8, 0xC4, 0xF6,
+        0x9E, 0xA2, 0x96, 0x73, 0xF6, 0x94, 0x18, 0x04,
+        0x1D, 0x26, 0x85, 0x7E, 0xBC, 0x24, 0xA4, 0x87,
+        0xBB, 0x4B, 0x0B, 0xA6, 0x3A, 0xF8, 0x48, 0x54,
+        0x5E, 0xE9, 0xBE, 0x89, 0xF1, 0x39, 0xD5, 0x02,
+        0x09, 0x9B, 0x9D, 0x35, 0xDB, 0x38, 0x07, 0xB9,
+        0x25, 0xCB, 0xA5, 0x76, 0xE2, 0x71, 0x70, 0xEA,
+        0xEC, 0x48, 0xCC, 0x2C, 0xC1, 0x5B, 0x04, 0x36,
+        0x77, 0x82, 0x5D, 0x0E, 0xE8, 0x1E, 0xB2, 0xCE,
+        0xE3, 0xA8, 0xED, 0x14, 0xA7, 0x98, 0xB8, 0x79,
+        0x53, 0x02, 0x20, 0xE5, 0x0C, 0xE8, 0xC0, 0x03,
+        0xA3, 0x05, 0x38, 0x2A, 0x24, 0xD2, 0x3C, 0x27,
+        0x7B, 0x99, 0xD1, 0xF4, 0xC5, 0x4F, 0x9A, 0x8D,
+        0x33, 0xFA, 0x3D, 0x1E, 0x33, 0x7E, 0x18, 0xD7,
+        0xCB, 0xBA, 0x5E, 0x5A, 0x47, 0xF2, 0xD5, 0xE0,
+        0x96, 0xCF, 0x45, 0x51, 0xB2, 0x3B, 0x1B, 0x86,
+        0x43, 0x6E, 0x81, 0xB4, 0xA0, 0x9D, 0x1E, 0x3D,
+        0x38, 0x49, 0x2E, 0xC8, 0xB2, 0xA0, 0x09, 0x67,
+        0x01, 0x6A, 0xB7, 0x6B, 0x9A, 0x9B, 0x18, 0x64,
+        0x67, 0x14, 0x21, 0xDA, 0x56, 0xF5, 0x7D, 0x00,
+        0x8D, 0x5C, 0xE1, 0xB8, 0x92, 0xA7, 0xE9, 0xC1,
+        0xF6, 0x9F, 0x6C, 0x72, 0x2C, 0xF1, 0x09, 0xDB,
+        0x50, 0x0E, 0x53, 0xF6, 0xBC, 0x07, 0x83, 0x7A,
+        0xD1, 0xCD, 0x4C, 0xF4, 0xA6, 0x4D, 0xA7, 0x63,
+        0xB4, 0xA9, 0xC4, 0x92, 0x9B, 0x0D, 0xCD, 0xDF,
+        0x7C, 0x7E, 0x11, 0x86, 0xBE, 0x3F, 0xF0, 0xC3,
+        0x21, 0x15, 0x84, 0x37, 0x82, 0x0C, 0x81, 0xE7,
+        0x4F, 0xF3, 0x16, 0xAE, 0x32, 0x54, 0xE9, 0x72,
+        0xFC, 0x19, 0x7A, 0x7F, 0x0E, 0x62, 0x02, 0x42,
+        0xAC, 0x05, 0xA4, 0xE4, 0x3E, 0x98, 0x7C, 0x2A,
+        0x83, 0x55, 0xB0, 0x35, 0x77, 0x45, 0xCA, 0x79,
+        0xE6, 0xAE, 0x48, 0xAB, 0x29, 0xED, 0x4F, 0xA6,
+        0x3D, 0x3A, 0x1F, 0x19, 0xB9, 0x99, 0xDE, 0x25,
+        0x1F, 0xDE, 0x06, 0x40, 0xDD, 0x87, 0x87, 0x6D,
+        0x55, 0x76, 0x28, 0x78, 0xAD, 0x1D, 0xB1, 0x2D,
+        0x65, 0xBA, 0xFD, 0x14, 0xB6, 0xA9, 0xA7, 0x08,
+        0x1B, 0xF2, 0x3F, 0x9F, 0x06, 0xD9, 0x0C, 0xE2,
+        0x73, 0xC5, 0xA2, 0x6E, 0x01, 0x2C, 0xA9, 0x4D,
+        0xD4, 0x81, 0xD3, 0x2E, 0x10, 0x93, 0x8C, 0x16,
+        0x51, 0x63, 0xE8, 0x9B, 0xE8, 0xA9, 0x3A, 0x63,
+        0x03, 0x4D, 0x34, 0x5B, 0x74, 0xE2, 0xA9, 0x4E,
+        0xF6, 0x43, 0xD0, 0x6A, 0xF9, 0xE1, 0xF5, 0xC9,
+        0xF1, 0x04, 0x93, 0x0D, 0xA0, 0x0E, 0x61, 0xE0,
+        0x61, 0xEE, 0x8C, 0x3B, 0xB1, 0x7C, 0x11, 0xE0,
+        0x5D, 0x45, 0xC1, 0x68, 0x2E, 0x4D, 0x59, 0x3C,
+        0x91, 0x98, 0x23, 0x8D, 0x2B, 0xA2, 0x89, 0x77,
+        0x9E, 0x7D, 0x0F, 0x22, 0x7B, 0xCB, 0x0B, 0x09,
+        0x97, 0x2B, 0x19, 0x77, 0x0F, 0xF0, 0x11, 0xBF,
+        0x6C, 0x60, 0xD9, 0xD1, 0x93, 0xCF, 0xAB, 0x32,
+        0x74, 0x7A, 0x00, 0x95, 0xE1, 0xA4, 0xAD, 0x32,
+        0x51, 0x4C, 0x78, 0x2E, 0xF3, 0xDE, 0x7A, 0x26,
+        0xEA, 0x77, 0x1F, 0x55, 0x30, 0xD9, 0xDE, 0x97,
+        0x36, 0xD0, 0xF6, 0xAE, 0x1A, 0xFB, 0x78, 0xEC,
+        0x7C, 0xE4, 0x88, 0x4A, 0x1B, 0xB4, 0x36, 0xCF,
+        0xCE, 0x45, 0x9C, 0xD9, 0x93, 0x58, 0x26, 0x09,
+        0x06, 0xAA, 0xC9, 0x97, 0x16, 0xA5, 0x36, 0xCC,
+        0x76, 0x87, 0xA0, 0x37, 0x5F, 0xDA, 0x11, 0x00,
+        0x76, 0x18, 0xE5, 0x53, 0x53, 0x4E, 0x54, 0xD5,
+        0xB2, 0x14, 0xF7, 0xAA, 0x6F, 0xC7, 0xDB, 0xE3,
+        0x7C, 0x2B, 0xD2, 0xB6, 0x48, 0x50, 0xAE, 0x46,
+        0x9A, 0x98, 0x58, 0x98, 0x7F, 0x3F, 0xA4, 0xB1,
+        0xFD, 0x26, 0xD9, 0x54, 0xBF, 0xEC, 0x36, 0x5D,
+        0xBE, 0x06, 0xDD, 0xCD, 0x61, 0x5E, 0x1F, 0xED,
+        0x58, 0xA8, 0x86, 0x76, 0x40, 0x2D, 0x1D, 0x6B,
+        0x58, 0x14, 0x85, 0x49, 0x8B, 0x5A, 0xDF, 0xFF,
+        0xC4, 0x2D, 0x47, 0xD6, 0x1D, 0xF9, 0x93, 0x84,
+        0xE2, 0x2C, 0x51, 0x57, 0xF0, 0x17, 0x8A, 0x6F,
+        0xDA, 0xF8, 0xF4, 0xA9, 0x49, 0x1D, 0xAF, 0x29,
+        0x8B, 0x2C, 0x3E, 0xC8, 0x80, 0x85, 0x02, 0x2C,
+        0x0A, 0x7C, 0xF2, 0x45, 0xED, 0x0F, 0xB5, 0xA3,
+        0x8C, 0xD1, 0x6F, 0x30, 0xD3, 0x7D, 0xA5, 0xC4,
+        0x95, 0x9A, 0x55, 0x50, 0x1D, 0xAD, 0x50, 0xF1,
+        0xB4, 0x8B, 0xBB, 0xDD, 0x86, 0xAB, 0x8B, 0xB5,
+        0x22, 0xA9, 0x36, 0xDD, 0xF0, 0x00, 0x3B, 0x81,
+        0xBE, 0x16, 0x23, 0x1A, 0x04, 0xE7, 0xA5, 0x89,
+        0xC5, 0x6F, 0xFF, 0xB5, 0x1B, 0x07, 0x92, 0x7B,
+        0x4A, 0xFA, 0x1D, 0xB7, 0xD4, 0x8B, 0xC6, 0xFB,
+        0xC3, 0xF3, 0x67, 0x56, 0x37, 0x18, 0x4B, 0x7A,
+        0xDB, 0x9B, 0xAD, 0xF4, 0xDE, 0x7C, 0x08, 0x5B,
+        0xCA, 0x1D, 0x42, 0x8D, 0xC9, 0xFC, 0x82, 0x77,
+        0xCB, 0xD8, 0x58, 0x84, 0xA5, 0x92, 0x1B, 0x52,
+        0xBB, 0x05, 0xB7, 0x10, 0x61, 0x55, 0x08, 0x26,
+        0x1B, 0xB4, 0x54, 0x6B, 0xD6, 0xE1, 0xFC, 0x73,
+        0x0D, 0x16, 0xB0, 0x49, 0xEA, 0x12, 0x79, 0x8C,
+        0xE2, 0xE6, 0xDF, 0x43, 0xF5, 0xB8, 0xF3, 0xEF,
+        0x9A, 0xC8, 0xFB, 0xAE, 0x31, 0xB0, 0x11, 0xE1,
+        0x0C, 0x4F, 0xC6, 0x2F, 0xFD, 0x7F, 0x39, 0xD1,
+        0x6E, 0xC3, 0x2C, 0xA8, 0x21, 0x0E, 0xD1, 0x6E,
+        0x04, 0x1D, 0xA4, 0x3D, 0x92, 0x74, 0x22, 0x95,
+        0x14, 0x05, 0x4A, 0x0F, 0x82, 0xD4, 0x62, 0xFE,
+        0x08, 0x0C, 0x6F, 0xFD, 0x7B, 0xBD, 0xBF, 0xBF,
+        0x0B, 0xFF, 0xC6, 0xD5, 0xEC, 0xC4, 0x32, 0xA3,
+        0x25, 0x6C, 0x0B, 0xE0, 0xDD, 0xFD, 0x5D, 0x90,
+        0x80, 0xC6, 0x76, 0xC7, 0x95, 0x5D, 0x66, 0xE4,
+        0x4D, 0x1C, 0xE5, 0x1F, 0xCC, 0x23, 0x82, 0xF8,
+        0x68, 0xD7, 0x32, 0xE8, 0x58, 0x51, 0x72, 0x1B,
+        0x48, 0xA0, 0x1D, 0x08, 0xC6, 0x39, 0x62, 0x6E,
+        0xE0, 0x50, 0x9C, 0xB5, 0x81, 0xEF, 0xF5, 0x62,
+        0x8F, 0xA6, 0xCC, 0xD1, 0x08, 0x9A, 0xC0, 0xE1,
+        0x2D, 0xEB, 0xE0, 0x85, 0x17, 0x82, 0xE6, 0x4C,
+        0x50, 0x49, 0xCB, 0xD6, 0x50, 0x10, 0x13, 0x96,
+        0x5C, 0xC0, 0xCA, 0x25, 0xAC, 0xAB, 0x17, 0x6E,
+        0xF7, 0xCA, 0xB9, 0x29, 0x40, 0x98, 0x5D, 0xDB,
+        0x49, 0x02, 0x1D, 0xF6, 0xC6, 0x0D, 0x6C, 0x4A,
+        0x48, 0x91, 0x16, 0x31, 0x1E, 0x86, 0xBA, 0x19,
+        0xED, 0xF0, 0x0D, 0x74, 0x79, 0x73, 0x58, 0x20,
+        0x7C, 0xDE, 0x50, 0x50, 0x6D, 0x00, 0x7F, 0xE0,
+        0x3C, 0x88, 0x04, 0xC6, 0x64, 0x51, 0xF0, 0x2A,
+        0x01, 0x82, 0xD3, 0x87, 0xB7, 0x59, 0x89, 0x40,
+        0x96, 0xF6, 0x52, 0x32, 0x95, 0x2D, 0x18, 0x3D,
+        0xBA, 0xAA, 0xBB, 0x6B, 0xC0, 0xE1, 0x91, 0xDC,
+        0x2C, 0x3F, 0x75, 0xFC, 0x72, 0xBD, 0x61, 0xBA,
+        0xB2, 0xEF, 0x19, 0xB6, 0x53, 0x2B, 0x23, 0x1C,
+        0x4A, 0xFB, 0x1A, 0x9C, 0x2C, 0xB2, 0xF3, 0xD6,
+        0xC4, 0x51, 0xE8, 0x44, 0x0D, 0x6A, 0x92, 0x3C,
+        0xF7, 0x2A, 0x63, 0xE2, 0xED, 0x85, 0x54, 0x77,
+        0x38, 0x87, 0x91, 0x0C, 0xA5, 0xC6, 0x71, 0xAD,
+        0x4F, 0xD5, 0x92, 0x3C, 0xB9, 0x5E, 0xC7, 0x3F,
+        0xFD, 0xFB, 0xDA, 0x4B, 0x66, 0x55, 0xF5, 0x5D,
+        0xBF, 0xD1, 0x31, 0x7D, 0x02, 0x44, 0x22, 0x30,
+        0x1E, 0xD6, 0x6A, 0x6E, 0x4C, 0x67, 0x20, 0x85,
+        0xCE, 0xD1, 0xF4, 0xC7, 0xB0, 0x50, 0x30, 0xA1,
+        0x00, 0xC4, 0x78, 0x8F, 0xEF, 0x4C, 0xD3, 0xE4,
+        0x94, 0xA8, 0x53, 0xBD, 0xE6, 0x3E, 0x9D, 0x44,
+        0x9A, 0xE3, 0xBB, 0x6B, 0xA1, 0x08, 0x32, 0x38,
+        0xDA, 0x3F, 0x40, 0x90, 0x51, 0x5D, 0x14, 0x3C,
+        0x67, 0xDB, 0xE5, 0x3D, 0x8D, 0x50, 0x7A, 0x52,
+        0x29, 0xFF, 0xEB, 0x20, 0x72, 0xD0, 0xBD, 0x09,
+        0x2F, 0xC9, 0xAE, 0x52, 0xDE, 0xAA, 0xAC, 0xD1,
+        0xF0, 0xF1, 0x4B, 0x5A, 0xC8, 0x47, 0x52, 0xBF,
+        0xD0, 0x02, 0x5E, 0x5F, 0x55, 0xB8, 0x69, 0x35,
+        0x0F, 0x4B, 0x27, 0x19, 0xC5, 0xC0, 0x5A, 0xC1,
+        0x66, 0x9B, 0xB0, 0xFD, 0x3C, 0x61, 0x4A, 0xCE,
+        0x02, 0xA2, 0x70, 0x61, 0x3F, 0xD3, 0x30, 0x97,
+        0x06, 0xDD, 0xCD, 0x5B, 0x1A, 0x6A, 0xD2, 0x6F,
+        0x35, 0x9A, 0xDA, 0x80, 0xB3, 0x0E, 0x50, 0xA7,
+        0xE5, 0x0B, 0xBD, 0x3A, 0xA4, 0x5D, 0x06, 0x54,
+        0xDD, 0x7D, 0x05, 0x8B, 0x0B, 0xBF, 0x4D, 0x0D,
+        0x92, 0x13, 0x51, 0x42, 0x21, 0x4E, 0xE7, 0x05,
+        0x11, 0xF3, 0x67, 0x6A, 0xE6, 0x43, 0xB5, 0xF2,
+        0x45, 0x06, 0x3B, 0x94, 0x19, 0xCF, 0x6B, 0x49,
+        0xFD, 0x64, 0x7F, 0x27, 0xD7, 0xC4, 0x1C, 0x86,
+        0x6E, 0x6C, 0xAD, 0x9D, 0x5E, 0x2E, 0x3E, 0x33,
+        0x1B, 0xF6, 0xB9, 0xF7, 0x2A, 0xCA, 0x32, 0x9B,
+        0xB6, 0x42, 0x59, 0xC3, 0xE7, 0x97, 0x83, 0xA2,
+        0x66, 0x74, 0xB7, 0xD3, 0x8E, 0xBD, 0xE8, 0x31,
+        0x84, 0x11, 0xF4, 0x76, 0x4E, 0xBD, 0xC4, 0xC7,
+        0xE4, 0x1A, 0xCF, 0xF8, 0x5B, 0xBB, 0x30, 0x31,
+        0x8D, 0x59, 0xC4, 0x2C, 0x92, 0x03, 0xAB, 0xD6,
+        0x63, 0x6B, 0xA3, 0xF7, 0x72, 0xB6, 0x72, 0x51,
+        0x21, 0xC0, 0x52, 0xDE, 0x99, 0x91, 0x0D, 0x55,
+        0x15, 0x8C, 0x6F, 0x3E, 0xF8, 0xBB, 0x7F, 0xED,
+        0xE2, 0xF8, 0x1E, 0x58, 0xA7, 0xAE, 0xB2, 0x5E,
+        0x2E, 0x46, 0xFD, 0x72, 0x32, 0x30, 0x2F, 0xAF,
+        0xA8, 0xFC, 0x37, 0xFC, 0x8B, 0x55, 0xD5, 0x94,
+        0xB7, 0x6E, 0xC4, 0xA5, 0x3E, 0xB1, 0x1E, 0xB3,
+        0xFD, 0x63, 0x44, 0x28, 0xAA, 0xA5, 0xD8, 0x6F,
+        0x83, 0x9D, 0x08, 0x9A, 0xBE, 0x2F, 0xEF, 0xE2,
+        0xAE, 0x52, 0x62, 0xFE, 0xFC, 0x73, 0x48, 0xD8,
+        0x36, 0x69, 0x2E, 0xDB, 0x21, 0x5D, 0x6F, 0x8F,
+        0x54, 0x8B, 0x88, 0x52, 0x90, 0xC2, 0x40, 0x3C,
+        0x51, 0xC3, 0xE2, 0x69, 0xD4, 0x93, 0xFB, 0xD3,
+        0x39, 0xB5, 0xDF, 0xB0, 0xA3, 0x8E, 0xED, 0xA7,
+        0x75, 0x4D, 0xAF, 0xFA, 0x16, 0xE5, 0xBC, 0xA5,
+        0xA9, 0xBB, 0xDE, 0x04, 0xB0, 0x14, 0xB7, 0xAE,
+        0xA8, 0x98, 0x8F, 0x37, 0x49, 0xD5, 0x2D, 0x2F,
+        0xC1, 0xC9, 0xF7, 0xC7, 0xB2, 0xC2, 0xD6, 0x92,
+        0xE7, 0x89, 0x6E, 0x4C, 0x34, 0xF5, 0x7C, 0x55,
+        0x8C, 0xFE, 0x83, 0x17, 0xA8, 0x37, 0x44, 0x09,
+        0xD5, 0x66, 0x87, 0x9A, 0x08, 0x62, 0x8F, 0x64,
+        0x4F, 0xB4, 0x5B, 0x81, 0x84, 0x55, 0xBC, 0xA6,
+        0x04, 0x2B, 0x4E, 0x61, 0x87, 0xC1, 0xDD, 0x17,
+        0x7E, 0x9E, 0x51, 0x46, 0x31, 0x99, 0x04, 0xB1,
+        0x50, 0x5F, 0x3E, 0xE0, 0x0C, 0xD7, 0xFE, 0xAF,
+        0x0E, 0x83, 0xC3, 0x02, 0x49, 0x56, 0xF7, 0x76,
+        0x59, 0xAC, 0xC5, 0x6D, 0x8D, 0x91, 0x7A, 0x37,
+        0xE8, 0xFF, 0x7E, 0xB8, 0x87, 0x13, 0xCC, 0xA3,
+        0x34, 0xEA, 0x04, 0xB8, 0xE2, 0x58, 0xC9, 0x34,
+        0x5D, 0xA9, 0xDE, 0x26, 0xA0, 0xA3, 0x66, 0x51,
+        0x94, 0x51, 0xE1, 0x01, 0x2D, 0xE6, 0xAA, 0xBF,
+        0x46, 0x97, 0xC9, 0xDE, 0x82, 0x1D, 0x70, 0x02,
+        0x1C, 0x32, 0x50, 0xA1, 0x06, 0xCF, 0x4C, 0x23,
+        0xA1, 0xB1, 0x78, 0x5F, 0x54, 0x9D, 0x3C, 0x8C,
+        0xD7, 0x1B, 0x05, 0xFE, 0xA7, 0x53, 0xE0, 0x04,
+        0x6A, 0x3A, 0xE0, 0xA9, 0xB1, 0xF4, 0x02, 0x77,
+        0xCF, 0x45, 0x3A, 0x2B, 0xA1, 0x4C, 0xBA, 0x92,
+        0x3C, 0xC6, 0x26, 0x97, 0x06, 0xDF, 0xFF, 0xD5,
+        0x17, 0xC1, 0xE5, 0x93, 0x00, 0x79, 0x91, 0x2E,
+        0x05, 0xA5, 0x57, 0x18, 0x97, 0xA0, 0x68, 0x65,
+        0x51, 0x6C, 0x86, 0x69, 0x9F, 0x70, 0x7E, 0x00,
+        0xCB, 0x38, 0xCE, 0x19, 0x34, 0x90, 0xAE, 0xE3,
+        0x0B, 0xA4, 0x7D, 0xDD, 0xF3, 0xA5, 0xB4, 0xFB,
+        0xCE, 0xBA, 0x73, 0xDC, 0x13, 0xD0, 0xA1, 0x60,
+        0xEA, 0x64, 0x2D, 0x30, 0xD6, 0x3A, 0x02, 0x96,
+        0x4E, 0xDF, 0xDB, 0x2F, 0x29, 0xDC, 0xD3, 0x2C,
+        0xA9, 0x97, 0x4F, 0x89, 0xC3, 0x2D, 0x1F, 0xA9,
+        0xA8, 0x3C, 0x94, 0xA2, 0x77, 0x0F, 0xCF, 0xCF,
+        0x86, 0xE6, 0x46, 0x46, 0x88, 0x2B, 0xD5, 0x50,
+        0xDD, 0xD6, 0x5B, 0x4E, 0x2D, 0x28, 0x7A, 0xF6,
+        0xC1, 0x96, 0xF4, 0x2D, 0xBD, 0x39, 0xB0, 0x20,
+        0xD7, 0xCD, 0xFB, 0xB6, 0xE6, 0xE7, 0x5F, 0xFA,
+        0xAB, 0x26, 0x09, 0x9E, 0xC1, 0xD2, 0x5E, 0x32,
+        0x34, 0xF7, 0x0D, 0xD9, 0x72, 0x28, 0x6A, 0xEA,
+        0x0C, 0x34, 0x36, 0x59, 0x5F, 0xE4, 0x9F, 0xCA,
+        0x89, 0x8B, 0xFA, 0x42, 0x16, 0x04, 0xC8, 0x2D,
+        0x3E, 0x94, 0x85, 0x6D, 0x18, 0x69, 0x05, 0x07,
+        0x6D, 0x18, 0x6C, 0x68, 0x41, 0x74, 0xBF, 0x42,
+        0x90, 0xDF, 0x31, 0x76, 0x9E, 0xDC, 0x97, 0xA1,
+        0xDF, 0x2D, 0xFE, 0xD0, 0x3C, 0xF4, 0x5C, 0xE6,
+        0x78, 0xC8, 0xA1, 0x42, 0x9E, 0xB9, 0x78, 0xD0,
+        0x2A, 0x79, 0xD4, 0xF8, 0xCF, 0x01, 0x68, 0xDA,
+        0xAB, 0x48, 0x2C, 0x6C, 0x61, 0x2F, 0x04, 0xB1,
+        0xC9, 0x36, 0x37, 0xFE, 0x77, 0xB3, 0x02, 0xCE,
+        0xFA, 0x78, 0x8C, 0x11, 0x35, 0x6C, 0x52, 0xC5,
+        0x4F, 0x37, 0xA9, 0xDC, 0xFD, 0xA5, 0x59, 0x27,
+        0xA8, 0xEF, 0x0A, 0x0C, 0xEA, 0x7C, 0xC4, 0xAD,
+        0xCE, 0xE4, 0x59, 0xEB, 0x64, 0xDF, 0x08, 0xED,
+        0x0F, 0xC2, 0x9F, 0xDC, 0x3C, 0x7B, 0x76, 0x2B,
+        0x39, 0x93, 0x32, 0x06, 0x33, 0x40, 0xD4, 0x73,
+        0x96, 0x62, 0x19, 0xBF, 0xC8, 0x7B, 0x4A, 0x3C,
+        0x91, 0xC8, 0x0F, 0x0E, 0x4B, 0xA8, 0x6A, 0xA1,
+        0x87, 0x9C, 0x76, 0x62, 0x5C, 0x86, 0x80, 0xA2,
+        0x27, 0xAB, 0x22, 0x78, 0x06, 0x59, 0xD4, 0xB5,
+        0xD3, 0x0E, 0x0E, 0x9A, 0x0D, 0xCE, 0x09, 0x4D,
+        0xAF, 0x53, 0x76, 0x79, 0x27, 0x3A, 0x9B, 0x27,
+        0x7E, 0xD2, 0xA2, 0xE2, 0x50, 0xEE, 0xA0, 0x93,
+        0x82, 0x04, 0xC9, 0xE9, 0x63, 0xD3, 0x38, 0x52,
+        0x2A, 0x3D, 0x1A, 0x44, 0x40, 0xE2, 0xA1, 0x23,
+        0x97, 0xA5, 0xB9, 0x7D, 0x35, 0x65, 0x73, 0x07,
+        0xBE, 0xC9, 0x4C, 0xC0, 0xC7, 0x2C, 0x5C, 0x6B,
+        0x09, 0xDA, 0xF2, 0xBA, 0xF0, 0x02, 0x0B, 0x7D,
+        0x8C, 0xA5, 0x60, 0xBF, 0x65, 0x96, 0x92, 0x9A,
+        0xC8, 0xD4, 0xE5, 0x46, 0x0F, 0x78, 0x37, 0xB4,
+        0x1B, 0x4A, 0xE6, 0xFF, 0x12, 0x33, 0x9D, 0xB8,
+        0xEB, 0xD7, 0x02, 0x8A, 0xAC, 0xFE, 0x0B, 0x42,
+        0xE0, 0x2C, 0xDE, 0x90, 0x67, 0x83, 0xAB, 0xFF,
+        0x69, 0x4E, 0x7C, 0xBE, 0x08, 0x97, 0xED, 0x6E,
+        0xD4, 0x38, 0xAC, 0xDB, 0x00, 0xA4, 0x70, 0x9C,
+        0xFE, 0xF7, 0x15, 0x0E, 0xBE, 0xB0, 0x8C, 0x8F,
+        0xF6, 0xC1, 0x54, 0x38, 0x15, 0xF4, 0xB8, 0x95,
+        0x1C, 0x3C, 0xAC, 0xE4, 0x99, 0x58, 0x64, 0x58,
+        0xA7, 0x3C, 0x85, 0x72, 0x38, 0x9A, 0xFC, 0x97,
+        0x03, 0xA7, 0xFE, 0xAF, 0x67, 0x34, 0x45, 0xFB,
+        0x4B, 0x0C, 0xCA, 0xA5, 0x11, 0xD4, 0xA2, 0xCF,
+        0x46, 0x3F, 0x57, 0xE3, 0xA6, 0xD7, 0x2D, 0xA0,
+        0x4B, 0x25, 0x66, 0x99, 0xA3, 0x02, 0x12, 0xE7,
+        0xC5, 0x76, 0x8E, 0xFC, 0x15, 0x1B, 0x71, 0x74,
+        0x41, 0x56, 0x57, 0x5A, 0x2E, 0x94, 0x43, 0x31,
+        0x92, 0x32, 0xD1, 0x59, 0xC6, 0xCC, 0x00, 0x6F,
+        0xDB, 0x57, 0xC5, 0x81, 0x73, 0xAD, 0x8D, 0x2C,
+        0x86, 0x6C, 0x88, 0x87, 0x43, 0x7C, 0x22, 0x38,
+        0x88, 0xE2, 0x1E, 0xF6, 0x7E, 0x1A, 0x33, 0x2C,
+        0x1F, 0xDF, 0xCC, 0x15, 0xEF, 0x17, 0x47, 0x6F,
+        0xE0, 0xFB, 0x57, 0xD4, 0x22, 0x98, 0x94, 0x72,
+        0x5E, 0x14, 0x74, 0xC1, 0xBA, 0x12, 0x16, 0x56,
+        0x28, 0x17, 0xF1, 0x6C, 0x53, 0xEC, 0xE0, 0x1C,
+        0x7F, 0x9E, 0x36, 0x64, 0xEE, 0xDB, 0xBA, 0x94,
+        0x95, 0x29, 0x87, 0x43, 0x1A, 0xA2, 0xA5, 0x7D,
+        0x33, 0x0E, 0xB1, 0x1B, 0x28, 0xE6, 0xBF, 0x77,
+        0x0E, 0x34, 0x9E, 0xCE, 0x35, 0x0C, 0x83, 0xE9,
+        0x0D, 0xA6, 0xFE, 0x0D, 0x0A, 0x4A, 0xB9, 0x71,
+        0x5D, 0xB2, 0x8B, 0xDD, 0x39, 0x7F, 0xAF, 0xA1,
+        0x42, 0x83, 0x02, 0x15, 0x1E, 0x1F, 0x22, 0x2B,
+        0x44, 0x69, 0x87, 0x9E, 0xB5, 0xD0, 0xF0, 0x18,
+        0x60, 0x6A, 0x75, 0x94, 0xBF, 0xC8, 0x2C, 0x39,
+        0x4E, 0x91, 0xB9, 0x26, 0x44, 0x95, 0xC9, 0x06,
+        0x3D, 0x50, 0x52, 0x62, 0x79, 0x9B, 0x9F, 0xCB,
+        0xE6, 0x31, 0x6B, 0xBC, 0xC8, 0xD8, 0x09, 0x30,
+        0x53, 0x63, 0x6A, 0x74, 0xD4, 0xFA, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x02, 0x0F, 0x16, 0x1B, 0x1F,
+        0x29, 0x2E, 0x36
+    };
+#endif
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+#ifndef WOLFSSL_NO_ML_DSA_44
+    static const byte pk_44_draft[] = {
+        0x35, 0x07, 0x31, 0x3A, 0xE3, 0x7A, 0xF6, 0x96,
+        0x6C, 0x11, 0xA9, 0xE4, 0x0B, 0xEB, 0xEC, 0xE9,
+        0x2B, 0x67, 0x3F, 0xD2, 0x67, 0x3C, 0x1C, 0x4C,
+        0x08, 0xF0, 0x45, 0xA9, 0xDD, 0x5A, 0xB8, 0x8C,
+        0x0A, 0x51, 0xA9, 0xBA, 0x89, 0x0F, 0x4C, 0xCB,
+        0x9D, 0x0A, 0x41, 0x3F, 0x9C, 0xF4, 0x13, 0x36,
+        0x79, 0x49, 0x00, 0x90, 0xBB, 0x57, 0x3B, 0xBD,
+        0x2E, 0x18, 0xB3, 0xD0, 0xA5, 0x0E, 0x6B, 0x67,
+        0xFF, 0x98, 0x8C, 0xDD, 0x07, 0xE8, 0xA7, 0xA1,
+        0x3F, 0xAE, 0xFB, 0xD6, 0xC0, 0xF8, 0xF3, 0x34,
+        0xA5, 0x17, 0xC2, 0x34, 0x88, 0x92, 0x65, 0xA6,
+        0xE8, 0x66, 0x57, 0xFE, 0x86, 0x08, 0xF7, 0xDF,
+        0xA0, 0x5B, 0x70, 0x3E, 0x91, 0x6C, 0x63, 0xA0,
+        0xA3, 0x75, 0x55, 0xF8, 0xB6, 0xAA, 0xD4, 0x1B,
+        0x78, 0x5E, 0x42, 0x9F, 0x96, 0xE4, 0xA0, 0x50,
+        0xB6, 0x94, 0x2D, 0xC3, 0xE3, 0x36, 0x2B, 0x9D,
+        0x6B, 0x7A, 0xEF, 0xF5, 0x68, 0xF2, 0x11, 0xDF,
+        0x87, 0xA0, 0x9A, 0xC4, 0x61, 0xFB, 0xA4, 0x1C,
+        0x98, 0x3F, 0xC9, 0x52, 0x59, 0x3B, 0x47, 0x4D,
+        0xF5, 0x24, 0xA3, 0xD8, 0x63, 0xE1, 0xED, 0xDC,
+        0xFD, 0xEB, 0x96, 0xFB, 0xF3, 0xE7, 0x50, 0x9C,
+        0x72, 0x61, 0xC7, 0x3C, 0xCE, 0xF2, 0xEB, 0x22,
+        0x55, 0x6B, 0x9F, 0x25, 0xE4, 0x45, 0xE1, 0xFB,
+        0x3E, 0x2E, 0x4E, 0x92, 0x4F, 0x8A, 0x85, 0xEB,
+        0x63, 0x2C, 0x05, 0x0F, 0x9A, 0xEC, 0x0E, 0x9D,
+        0x05, 0x81, 0x46, 0x82, 0xEA, 0x74, 0x91, 0xD5,
+        0x2A, 0xBC, 0xCC, 0xBB, 0xD6, 0x7F, 0x5F, 0x9A,
+        0xD3, 0xBD, 0xEB, 0x14, 0xBA, 0x84, 0x27, 0x13,
+        0x32, 0xB5, 0xF3, 0x71, 0xAC, 0x47, 0x19, 0x6B,
+        0x5E, 0x43, 0x50, 0xC2, 0xA8, 0x82, 0xF5, 0x97,
+        0x9B, 0x27, 0x62, 0xFB, 0xB7, 0xFF, 0x6B, 0xC8,
+        0x52, 0x1E, 0xFB, 0x97, 0x39, 0x1E, 0x7F, 0x01,
+        0xF8, 0x34, 0x47, 0xAA, 0xB2, 0x64, 0xB5, 0x9E,
+        0x28, 0x18, 0xCB, 0x4A, 0x94, 0xBE, 0x6A, 0x43,
+        0x5B, 0xAE, 0x21, 0xA4, 0x63, 0x64, 0x46, 0x0C,
+        0x6B, 0x36, 0x1C, 0x2A, 0x3B, 0x64, 0xFA, 0xA0,
+        0xAB, 0xE3, 0x3B, 0x7D, 0xB0, 0x23, 0x99, 0x21,
+        0x55, 0x59, 0xBF, 0xD6, 0xDB, 0xB8, 0xDB, 0x09,
+        0x5E, 0xBC, 0x32, 0x3C, 0xAC, 0xAB, 0x1A, 0x63,
+        0x32, 0x21, 0x10, 0xD5, 0x8D, 0x7A, 0x5F, 0xCE,
+        0x72, 0x8D, 0x2A, 0xED, 0x1D, 0x30, 0x38, 0x5D,
+        0x3E, 0x62, 0xC2, 0x8E, 0xC9, 0x9F, 0x8C, 0x50,
+        0x3F, 0xC6, 0xCE, 0x86, 0x4D, 0x67, 0x3D, 0x09,
+        0xB6, 0x27, 0x14, 0x57, 0x14, 0xED, 0xC9, 0x8F,
+        0xAC, 0x9E, 0xAC, 0x6F, 0xB5, 0xB2, 0xE6, 0x8D,
+        0x9D, 0x5E, 0xE6, 0x78, 0x77, 0x09, 0x94, 0x35,
+        0x5E, 0x3B, 0x64, 0x04, 0x38, 0xD4, 0x5B, 0x04,
+        0xB8, 0x6C, 0x33, 0x97, 0xE1, 0x58, 0x54, 0x32,
+        0xB3, 0x0F, 0x37, 0x69, 0x39, 0xCE, 0x57, 0x31,
+        0x5C, 0x75, 0xA8, 0x94, 0xD0, 0x39, 0x2D, 0xB4,
+        0x73, 0xA7, 0xA4, 0x7C, 0xBE, 0x34, 0x03, 0x2D,
+        0x99, 0x1D, 0xDF, 0x32, 0x26, 0xB7, 0x45, 0x1B,
+        0x03, 0xCD, 0xEE, 0x9D, 0x58, 0xA8, 0xA7, 0x76,
+        0x1B, 0x17, 0x42, 0xD9, 0x69, 0x0F, 0x26, 0x3A,
+        0x9D, 0x70, 0x9B, 0x4E, 0x81, 0xEB, 0x96, 0x02,
+        0xB5, 0xB3, 0x92, 0x31, 0xFE, 0xBC, 0x38, 0x11,
+        0x5A, 0x47, 0xED, 0x0A, 0x2A, 0xE2, 0xB8, 0x47,
+        0x13, 0x5E, 0x43, 0x97, 0xD5, 0xFA, 0x31, 0x02,
+        0x58, 0xE9, 0x9E, 0xB5, 0x3F, 0x85, 0x92, 0x0E,
+        0xB9, 0xDB, 0xE0, 0xEE, 0x56, 0x76, 0x64, 0x8F,
+        0xF2, 0xE2, 0x47, 0x81, 0xD4, 0xA4, 0x82, 0x43,
+        0x69, 0xAE, 0x8E, 0x48, 0x50, 0x84, 0x93, 0x3B,
+        0x9C, 0x65, 0xD3, 0x6F, 0xCD, 0x90, 0xA0, 0xD8,
+        0xA0, 0xE1, 0x79, 0xCC, 0xD5, 0x1F, 0x71, 0x73,
+        0x93, 0xE7, 0xB2, 0xB0, 0x78, 0x17, 0xD7, 0x79,
+        0xDE, 0xCC, 0x83, 0x7D, 0x5A, 0xF2, 0x0E, 0xA6,
+        0xB1, 0x76, 0x61, 0x15, 0x88, 0x8E, 0xD7, 0xA6,
+        0x51, 0xBF, 0x9C, 0xD1, 0x0A, 0xFC, 0xDA, 0x65,
+        0xA5, 0x65, 0xFE, 0xB2, 0xED, 0x07, 0x74, 0x42,
+        0x4C, 0xF5, 0x42, 0x3D, 0xAF, 0x5F, 0x4D, 0x72,
+        0x51, 0xE6, 0x3F, 0x68, 0xCC, 0xC5, 0x2D, 0x89,
+        0x01, 0xD8, 0x80, 0xB4, 0xFC, 0xEB, 0x3B, 0xBE,
+        0x7C, 0xFA, 0x24, 0x27, 0xE1, 0x05, 0x94, 0x67,
+        0xAD, 0xB3, 0x47, 0x7D, 0x28, 0x18, 0xC1, 0xC9,
+        0xB8, 0xA1, 0x2A, 0x95, 0xBB, 0x5D, 0xC9, 0x42,
+        0x4F, 0x64, 0x94, 0x07, 0x5F, 0x65, 0xD3, 0xA5,
+        0x65, 0xEE, 0x67, 0x2C, 0x10, 0x65, 0x81, 0x4D,
+        0x7F, 0xAF, 0x2E, 0x97, 0x9E, 0x11, 0xA3, 0xF5,
+        0x3E, 0xDE, 0xB1, 0x1D, 0x44, 0x72, 0x90, 0x74,
+        0xFD, 0x47, 0x82, 0xA6, 0x04, 0x3E, 0x28, 0x3C,
+        0x15, 0xDF, 0xC4, 0x7A, 0x7C, 0xF5, 0x5A, 0xC6,
+        0xFB, 0xE4, 0xC2, 0xE0, 0x6E, 0x4C, 0x09, 0x2E,
+        0xE3, 0xE6, 0x3A, 0xEF, 0xF6, 0x54, 0xDC, 0x92,
+        0xBE, 0x8F, 0x24, 0x8E, 0x70, 0x53, 0x90, 0x3D,
+        0x06, 0xA5, 0x0A, 0x72, 0xA0, 0x7B, 0x22, 0x14,
+        0x80, 0x43, 0xAD, 0xDC, 0x11, 0xFC, 0xFF, 0xCF,
+        0x5E, 0xA4, 0x69, 0x1C, 0x09, 0x09, 0xC3, 0x3D,
+        0xF5, 0xE7, 0x05, 0x6F, 0x16, 0x33, 0x75, 0xB4,
+        0x9B, 0x7B, 0x26, 0xDB, 0xE7, 0x27, 0x56, 0xD3,
+        0x91, 0x82, 0x9D, 0xEB, 0x96, 0x3E, 0xE8, 0x40,
+        0xAB, 0x5D, 0x6C, 0xB7, 0xA6, 0x36, 0x07, 0xD4,
+        0xE7, 0x7C, 0xD4, 0x5C, 0x36, 0xE4, 0xFC, 0x7C,
+        0x8A, 0x36, 0x8D, 0x53, 0x43, 0xD4, 0xAC, 0x0B,
+        0x1B, 0xBA, 0x32, 0x88, 0xFA, 0xCE, 0xC1, 0xB9,
+        0x34, 0x3C, 0xAC, 0xA0, 0xF4, 0xF2, 0x83, 0xA8,
+        0xBB, 0x6F, 0x12, 0xC6, 0xB5, 0x3C, 0xDE, 0xA8,
+        0x49, 0x66, 0x97, 0xD7, 0x7E, 0x37, 0xF7, 0xCE,
+        0x7C, 0xF8, 0xC8, 0xBB, 0x8C, 0xB5, 0x3B, 0x3F,
+        0xB9, 0x51, 0x68, 0x00, 0xD7, 0x2E, 0x1C, 0x10,
+        0xAF, 0x9F, 0x3C, 0xD2, 0xAC, 0xE5, 0xBE, 0x94,
+        0xB9, 0x60, 0xF5, 0xB2, 0x70, 0x24, 0xE8, 0x8A,
+        0x2C, 0xD8, 0x95, 0xAF, 0xAA, 0xA9, 0xA5, 0x2B,
+        0xCA, 0xE0, 0x58, 0x44, 0x02, 0x3F, 0xF8, 0x21,
+        0x0C, 0x29, 0xB7, 0xD5, 0x08, 0x9E, 0x69, 0x81,
+        0xD4, 0x6C, 0xC5, 0x0B, 0xF6, 0xEF, 0xAB, 0x01,
+        0xEA, 0xDF, 0x36, 0x2C, 0x5C, 0xFB, 0xEB, 0xC8,
+        0x4F, 0x71, 0x80, 0xD7, 0x00, 0xC9, 0x32, 0x5D,
+        0x02, 0x4F, 0x96, 0x94, 0x71, 0xCD, 0x98, 0xC4,
+        0x25, 0x7A, 0x92, 0xF1, 0x9B, 0xA0, 0x34, 0x30,
+        0x6C, 0x41, 0x59, 0xD5, 0x01, 0x5D, 0xD6, 0x56,
+        0xEA, 0x05, 0xF2, 0xFC, 0xF8, 0x58, 0xFA, 0x12,
+        0x9C, 0x5A, 0x5C, 0xD5, 0x3D, 0xC7, 0x5D, 0x1B,
+        0x99, 0x2A, 0x6A, 0x4C, 0xF9, 0xEA, 0x9D, 0x70,
+        0x53, 0xBC, 0xBE, 0xAD, 0x61, 0xC7, 0x2D, 0x77,
+        0xEF, 0x61, 0xC7, 0xBE, 0x9C, 0x73, 0xC1, 0xD5,
+        0xD4, 0x5C, 0x5F, 0x21, 0x6A, 0x5C, 0xEE, 0x78,
+        0xAA, 0xC6, 0x6C, 0x56, 0xDB, 0x38, 0x5A, 0x94,
+        0x12, 0xB8, 0x73, 0x7C, 0xDF, 0x9A, 0x27, 0xCD,
+        0xC5, 0xD1, 0xD3, 0xCA, 0x0E, 0x37, 0x0A, 0xC1,
+        0x6F, 0xAD, 0xE3, 0x32, 0x94, 0x6C, 0x20, 0xB5,
+        0xED, 0xE6, 0x2D, 0x34, 0x39, 0x58, 0xD2, 0x1E,
+        0x63, 0x8D, 0xFA, 0xFF, 0xB5, 0xE8, 0x40, 0xC8,
+        0x42, 0x38, 0x7A, 0x01, 0x80, 0xFF, 0x52, 0x3F,
+        0xE9, 0x89, 0x63, 0xAD, 0x91, 0x5F, 0xCE, 0x0A,
+        0x47, 0x87, 0xF9, 0x6D, 0xD7, 0x79, 0xEF, 0xCE,
+        0x10, 0x7B, 0x73, 0x43, 0xBE, 0x51, 0xA0, 0xDF,
+        0xE5, 0xEC, 0xA9, 0x63, 0xF6, 0x5E, 0x72, 0x36,
+        0x22, 0x86, 0xEE, 0x4E, 0x4A, 0x76, 0xFD, 0x86,
+        0xBA, 0xE6, 0xD6, 0xC4, 0xD2, 0xE6, 0xFF, 0xB2,
+        0x5B, 0x39, 0xF9, 0xC3, 0x29, 0xA8, 0x61, 0x3A,
+        0x33, 0x34, 0x89, 0xC9, 0x83, 0xF9, 0xB2, 0x70,
+        0x21, 0x54, 0x44, 0x94, 0x70, 0xAD, 0x70, 0x18,
+        0x84, 0x38, 0x91, 0xFB, 0xDE, 0x5E, 0x3D, 0xE3,
+        0xB2, 0xA7, 0x3C, 0x1D, 0x49, 0xA6, 0x66, 0x7C,
+        0x4B, 0xEB, 0xB0, 0xA7, 0x7C, 0xC5, 0xAE, 0x45,
+        0x1F, 0xBE, 0x0E, 0x2F, 0x11, 0xDC, 0x92, 0x08,
+        0xAA, 0x18, 0x38, 0xFE, 0x61, 0xBE, 0x9D, 0xC3,
+        0x3A, 0x1F, 0x2F, 0xB6, 0x6E, 0xB6, 0x54, 0x97,
+        0x74, 0x06, 0xBC, 0x12, 0x2D, 0x64, 0x18, 0x14,
+        0x25, 0x5A, 0xCB, 0x7B, 0xD7, 0x9D, 0xC3, 0x2C,
+        0xC2, 0x0B, 0x19, 0x10, 0xD2, 0x57, 0xF0, 0xDF,
+        0xA4, 0x95, 0xA4, 0x5A, 0xA0, 0x2D, 0x0F, 0xA0,
+        0xBC, 0xF7, 0x60, 0x7F, 0x38, 0xE1, 0x17, 0x0D,
+        0x36, 0x08, 0xF5, 0xF9, 0x75, 0x28, 0x75, 0xAC,
+        0xA9, 0x2B, 0x75, 0xC4, 0x41, 0xE0, 0x0D, 0x5C,
+        0xBC, 0x5F, 0x49, 0x16, 0x25, 0x38, 0x16, 0xE1,
+        0x0C, 0x2C, 0x9C, 0x63, 0xA8, 0x5F, 0x70, 0xF4,
+        0x64, 0xC7, 0x10, 0x19, 0x52, 0x19, 0x6E, 0x9B,
+        0x5C, 0x09, 0x4F, 0xEE, 0xB6, 0x7C, 0x85, 0xC9,
+        0x6E, 0xCB, 0x33, 0x32, 0x42, 0x9D, 0x57, 0x18,
+        0xE6, 0x55, 0x94, 0x74, 0x02, 0xEE, 0xEB, 0xAA,
+        0xF7, 0xD3, 0x45, 0x7A, 0x49, 0x6F, 0x83, 0x89,
+        0x00, 0xE4, 0xAA, 0x20, 0x87, 0x10, 0xAD, 0xC0,
+        0x0E, 0xF5, 0x93, 0x57, 0xE5, 0x45, 0x7A, 0xBD,
+        0x82, 0x87, 0x50, 0x0F, 0xE1, 0x2C, 0x0C, 0x6D,
+        0xEE, 0xC8, 0x94, 0xB8, 0x39, 0xF3, 0x3C, 0xFE,
+        0x7E, 0xC1, 0x0F, 0xB4, 0x67, 0xA2, 0xDF, 0xC6,
+        0x9D, 0xB5, 0x9D, 0xB8, 0x72, 0x50, 0xBD, 0xB3,
+        0xDB, 0xF6, 0x87, 0x5E, 0x26, 0x93, 0xF0, 0xD4,
+        0x0D, 0x68, 0xA4, 0x8B, 0xBD, 0x2C, 0x6E, 0xD8,
+        0x4F, 0x81, 0x5D, 0x0D, 0xAC, 0x72, 0x65, 0xEC,
+        0x4E, 0xF2, 0x4E, 0x5F, 0x67, 0x04, 0xF3, 0x08,
+        0x29, 0x4D, 0xB2, 0xE2, 0xD5, 0x9F, 0xD4, 0xB9,
+        0x13, 0xB4, 0x33, 0x80, 0x27, 0x84, 0x7E, 0xF4
+    };
+    static const byte msg_44_draft[] = {
+        0x5C, 0x70, 0x7F, 0xBF, 0xF4, 0xFF, 0xE5, 0x9B,
+        0x09, 0xAA, 0xF8, 0xDB, 0x21, 0xAD, 0xBE, 0xBA,
+        0xC6, 0xB2, 0x65, 0x37, 0x9A, 0x9A, 0x43, 0x3A,
+        0xA8, 0x23, 0x2B, 0x13, 0x9B, 0xBD, 0x46, 0x37,
+        0x30, 0x60, 0xA7, 0x5B, 0xC4, 0x48, 0x63, 0x5F,
+        0x41, 0x35, 0x38, 0x69, 0xF9, 0x6F, 0xB5, 0x65,
+        0x26, 0xDB, 0xAE, 0xB7, 0x5C, 0xFE, 0x2C, 0x03,
+        0xCB, 0x43, 0x08, 0x58, 0x5E, 0x27, 0xD1, 0x42,
+        0x14, 0xF2, 0x4B, 0xD7, 0x13, 0xE4, 0x96, 0x74,
+        0x6A, 0xC1, 0x36, 0xC7, 0x9D, 0x0F, 0x7D, 0xB0,
+        0x7B, 0x8A, 0x3A, 0x6D, 0x00, 0x5B, 0x29, 0x7B,
+        0x37, 0xBA, 0x3F, 0x5B, 0xBD, 0xCE, 0x21, 0x77,
+        0xFD, 0xD6, 0x78, 0x77, 0x20, 0x31, 0xF0, 0x60,
+        0x49, 0xAE, 0x12, 0x86, 0x7A, 0x64, 0xBD, 0x0B,
+        0x9E, 0xC6, 0x26, 0x80, 0x9E, 0xCE, 0x19, 0x8D,
+        0x6A, 0x6B, 0x09, 0x03, 0x45, 0xDF, 0x22, 0x7D
+    };
+    static const byte sig_44_draft[] = {
+        0x08, 0xF0, 0x10, 0xFA, 0x63, 0x3F, 0x2B, 0xA1,
+        0x46, 0x81, 0x34, 0xC4, 0xBC, 0xAB, 0x62, 0x17,
+        0x0B, 0x64, 0xEA, 0x00, 0x2D, 0xD6, 0x8A, 0xE5,
+        0xC2, 0x45, 0x29, 0xB9, 0xEC, 0x6F, 0x3B, 0xF2,
+        0xDC, 0x2F, 0xC7, 0x34, 0x5A, 0x1E, 0xFE, 0x0C,
+        0xCA, 0xB9, 0x6A, 0xD8, 0xDA, 0xBA, 0xAA, 0x80,
+        0x90, 0xDC, 0x8C, 0x6C, 0x22, 0xFF, 0xC4, 0x90,
+        0x9E, 0xE9, 0xA5, 0x45, 0xFC, 0xE8, 0x64, 0x53,
+        0x9E, 0xC4, 0x17, 0xE1, 0xB2, 0x1A, 0x31, 0x40,
+        0x26, 0x9D, 0x5E, 0x03, 0x6A, 0xC6, 0x09, 0x19,
+        0xDD, 0xB3, 0x63, 0xE0, 0x35, 0xCD, 0xB4, 0x2E,
+        0x25, 0x38, 0x6E, 0x6C, 0x76, 0xA9, 0x19, 0x75,
+        0x68, 0x6E, 0xB7, 0xAB, 0xAD, 0x8F, 0x63, 0x64,
+        0x97, 0x4E, 0x56, 0x82, 0x30, 0x45, 0x86, 0x22,
+        0x64, 0xDA, 0xD2, 0xAE, 0x54, 0x70, 0x5C, 0xF1,
+        0xEB, 0xD1, 0x84, 0x8D, 0xFF, 0x86, 0x15, 0xE6,
+        0x20, 0xCE, 0x14, 0x89, 0xEF, 0xFA, 0x2E, 0xF8,
+        0x60, 0xCA, 0x53, 0x52, 0xE4, 0xD5, 0xC8, 0x2E,
+        0x50, 0xD5, 0x9D, 0x90, 0xA6, 0x12, 0xC7, 0xF1,
+        0x70, 0x0D, 0xE2, 0x89, 0x5B, 0x31, 0x6A, 0x21,
+        0x79, 0x9C, 0xBE, 0x77, 0x6E, 0xA6, 0xBF, 0x51,
+        0x05, 0x2A, 0x83, 0x50, 0x7E, 0x86, 0x14, 0xD1,
+        0x50, 0x53, 0x1F, 0x1C, 0x5E, 0x50, 0x24, 0x69,
+        0x6C, 0x91, 0x55, 0x35, 0x19, 0x6F, 0xE0, 0xDC,
+        0xB5, 0xD6, 0x48, 0x7E, 0x78, 0x61, 0x59, 0x2C,
+        0xD0, 0x1B, 0x42, 0x58, 0xAF, 0x7A, 0x39, 0xCA,
+        0x02, 0x1C, 0x50, 0xEF, 0xE9, 0xE1, 0xDE, 0x31,
+        0x8D, 0x09, 0x51, 0xC9, 0xDB, 0x16, 0xF9, 0xB9,
+        0x45, 0x54, 0x81, 0x16, 0xD7, 0x14, 0xD8, 0xBE,
+        0x9C, 0xCA, 0x53, 0xFE, 0x8F, 0x24, 0x99, 0x0D,
+        0xBA, 0x7F, 0x99, 0x42, 0x11, 0x9B, 0x32, 0xDD,
+        0x93, 0x5C, 0xBA, 0x2D, 0xD3, 0xB3, 0xF2, 0x48,
+        0x13, 0x9C, 0x80, 0xBB, 0x8D, 0xF4, 0xC7, 0xAA,
+        0xEB, 0xC6, 0xFD, 0xB8, 0x35, 0x95, 0x87, 0x2B,
+        0x9E, 0xCF, 0x48, 0xF3, 0x2D, 0xFF, 0x70, 0xF4,
+        0xCE, 0x35, 0x68, 0x7E, 0x9D, 0xDF, 0xD5, 0x0C,
+        0xCD, 0xE3, 0x51, 0xB0, 0x90, 0x86, 0xE5, 0xD1,
+        0xF1, 0x3B, 0x72, 0x42, 0x73, 0x07, 0x03, 0xE2,
+        0xFB, 0x40, 0x3F, 0xD4, 0xC8, 0x30, 0xB6, 0x86,
+        0x49, 0x8A, 0x17, 0xDB, 0x8F, 0x46, 0x6C, 0x3A,
+        0xC3, 0x49, 0xCD, 0x59, 0x68, 0x81, 0x66, 0x03,
+        0xD7, 0x24, 0xAF, 0x1F, 0x77, 0xC7, 0xFB, 0xF7,
+        0x83, 0xCD, 0xA2, 0x6D, 0x35, 0x0C, 0x8B, 0xBC,
+        0x29, 0x3A, 0x7F, 0xAC, 0xB9, 0xF9, 0x78, 0x50,
+        0x6A, 0x67, 0xFC, 0xDC, 0x6F, 0x01, 0x65, 0x06,
+        0x82, 0x81, 0xB0, 0x7D, 0x25, 0x5D, 0x74, 0x0B,
+        0x68, 0x5F, 0x51, 0x2C, 0x82, 0xF3, 0x1D, 0x92,
+        0xF6, 0xA9, 0xA9, 0x6A, 0x77, 0x57, 0x58, 0xAA,
+        0x7C, 0xBE, 0x35, 0xF4, 0x56, 0xDE, 0x42, 0x01,
+        0x2D, 0xB8, 0x28, 0x83, 0x7B, 0xA0, 0xA9, 0x7D,
+        0xC3, 0x30, 0x13, 0x52, 0xD0, 0xA1, 0xC8, 0xA1,
+        0x2C, 0x51, 0x49, 0xAE, 0xA8, 0x04, 0xCB, 0xA8,
+        0x66, 0x01, 0x26, 0xDF, 0x2D, 0x1C, 0x21, 0xA2,
+        0x4E, 0xBD, 0xA5, 0x48, 0x2A, 0x2D, 0x56, 0x60,
+        0x20, 0x98, 0x4D, 0x15, 0x7D, 0x02, 0xB6, 0x3A,
+        0xE4, 0x11, 0xAE, 0xF7, 0x3E, 0x5D, 0x56, 0x4F,
+        0x6A, 0xA3, 0x0A, 0xEA, 0xCC, 0x35, 0x8A, 0xB7,
+        0xC4, 0x8F, 0x25, 0x3E, 0x42, 0x41, 0x2B, 0xA5,
+        0x1F, 0xA7, 0x3B, 0x87, 0x22, 0x86, 0x79, 0xD5,
+        0xE5, 0x2A, 0xA2, 0xCD, 0x68, 0xCE, 0xB8, 0x18,
+        0x6D, 0xEF, 0x1C, 0x36, 0x7F, 0x75, 0x50, 0x36,
+        0x1B, 0x58, 0xEB, 0x32, 0xA1, 0xC8, 0xAF, 0x47,
+        0xE1, 0x26, 0x73, 0x1F, 0x5D, 0x73, 0x30, 0x13,
+        0x2F, 0xC7, 0x8B, 0xA3, 0x03, 0xB4, 0xA8, 0x86,
+        0x25, 0x29, 0xD1, 0x75, 0x10, 0xEE, 0x7F, 0x56,
+        0xBC, 0x0D, 0x59, 0xB4, 0xAE, 0xC9, 0x44, 0x0A,
+        0xF7, 0x0D, 0xBF, 0x17, 0x6A, 0x22, 0x9C, 0x75,
+        0x2B, 0x3E, 0x22, 0xB8, 0x2F, 0x4B, 0x68, 0xF1,
+        0x07, 0xE3, 0x47, 0x47, 0x21, 0x9C, 0xA3, 0x5B,
+        0x31, 0x0A, 0x14, 0xD9, 0x7C, 0xA8, 0xC0, 0xC6,
+        0x5C, 0xAD, 0x05, 0xD6, 0x15, 0xD3, 0xEC, 0xEC,
+        0x32, 0xC2, 0xFF, 0xF4, 0x96, 0x9C, 0xC8, 0x65,
+        0xA0, 0xB2, 0xD6, 0xF4, 0x98, 0xBB, 0xB1, 0x4E,
+        0xA5, 0x11, 0x3B, 0x4E, 0xA8, 0xEB, 0x90, 0xAB,
+        0xD8, 0x25, 0x10, 0xE3, 0x66, 0xB5, 0xA5, 0x11,
+        0x60, 0xA0, 0xCB, 0xDF, 0x77, 0x8A, 0x80, 0x4C,
+        0x07, 0x9B, 0x1B, 0x45, 0x95, 0x29, 0x1D, 0x88,
+        0x85, 0xAC, 0x32, 0x94, 0x26, 0x87, 0x12, 0x0A,
+        0x2F, 0x9E, 0xAE, 0x69, 0x79, 0x25, 0x5A, 0x50,
+        0xF4, 0xDB, 0x15, 0x20, 0x9F, 0x7A, 0x7A, 0xF2,
+        0xE5, 0x8A, 0x63, 0x6A, 0xDD, 0xBD, 0x06, 0xCB,
+        0x42, 0xF0, 0x20, 0xA9, 0x3B, 0x52, 0xD8, 0x68,
+        0x37, 0x71, 0x07, 0xB8, 0x5B, 0xFE, 0xA0, 0xEC,
+        0xBD, 0x75, 0xFF, 0x9C, 0x89, 0xDF, 0x01, 0xE7,
+        0x17, 0x7D, 0xA7, 0xE8, 0x27, 0x9E, 0xA2, 0x41,
+        0x66, 0xE6, 0xDB, 0x8B, 0x5A, 0x3F, 0x6C, 0xC9,
+        0xE3, 0x4F, 0x0D, 0xD0, 0x92, 0x1E, 0x27, 0x41,
+        0xF2, 0xB3, 0x08, 0x32, 0x03, 0x6D, 0x2C, 0x4F,
+        0x78, 0xEC, 0x99, 0xB3, 0x94, 0x6C, 0xC1, 0x89,
+        0xD9, 0x34, 0x0F, 0xEF, 0x10, 0xF0, 0xDA, 0xCE,
+        0x09, 0x69, 0x7A, 0x93, 0xC6, 0xFF, 0x19, 0x4F,
+        0xBD, 0xDE, 0xA6, 0x54, 0x8A, 0xE5, 0x81, 0x3F,
+        0x96, 0xD3, 0xA0, 0x77, 0x7C, 0xF2, 0x4B, 0xF1,
+        0x68, 0xA2, 0x23, 0x3D, 0xD4, 0x16, 0xC1, 0x66,
+        0xDA, 0x13, 0x53, 0xE1, 0x9F, 0x9A, 0x36, 0x09,
+        0x4D, 0x72, 0x08, 0x09, 0xEB, 0x87, 0x74, 0x9A,
+        0xB2, 0x8C, 0x60, 0x7F, 0xFB, 0x70, 0x17, 0x51,
+        0xB1, 0xAC, 0x18, 0xDF, 0xCB, 0x43, 0x2A, 0xD3,
+        0x89, 0xDA, 0x78, 0xAE, 0xDC, 0xEA, 0xB2, 0x22,
+        0xCA, 0x2F, 0xF1, 0xE4, 0xA7, 0xCC, 0xAF, 0xB1,
+        0x63, 0x1B, 0x5D, 0xDD, 0xD1, 0x49, 0xB8, 0x90,
+        0x2E, 0xC9, 0xC0, 0x83, 0x0D, 0xAB, 0x88, 0x88,
+        0x4C, 0x74, 0x72, 0x00, 0x7D, 0xFE, 0xF2, 0x46,
+        0x73, 0xFD, 0x99, 0xEC, 0x89, 0x8B, 0x3B, 0x0F,
+        0xCE, 0x35, 0x5A, 0xEA, 0x13, 0x4F, 0x67, 0x67,
+        0xFD, 0x0D, 0x87, 0xFC, 0xB1, 0x36, 0x48, 0x07,
+        0x33, 0x0B, 0xCA, 0xD4, 0xD7, 0xD0, 0xCC, 0xA1,
+        0x8F, 0xF0, 0x3F, 0x01, 0x8B, 0x6B, 0x74, 0x44,
+        0x2F, 0x1B, 0xE0, 0x65, 0x31, 0x1B, 0x4E, 0xDB,
+        0x67, 0x65, 0xA9, 0x34, 0xE8, 0x4D, 0x0C, 0xF3,
+        0x29, 0xED, 0x53, 0xAB, 0x8A, 0x98, 0x07, 0x2B,
+        0xE0, 0xCD, 0xC0, 0x08, 0x82, 0x4A, 0x72, 0x28,
+        0x72, 0xA2, 0xAC, 0xFE, 0xF7, 0xBF, 0x6E, 0x8E,
+        0xF8, 0x3E, 0x04, 0x58, 0xA4, 0x36, 0x46, 0x33,
+        0xAB, 0xDD, 0x0E, 0xBF, 0x01, 0xD2, 0xEF, 0x19,
+        0x5B, 0x78, 0x2B, 0x30, 0x51, 0x25, 0x50, 0xD0,
+        0xB5, 0x82, 0xC7, 0x20, 0x0D, 0xA1, 0x2C, 0x38,
+        0xAF, 0x44, 0xFC, 0xBD, 0x49, 0xB8, 0x7F, 0x89,
+        0xEF, 0xBE, 0x37, 0x5C, 0xCB, 0xA2, 0x11, 0x75,
+        0x7D, 0xDA, 0xA8, 0x7B, 0x3A, 0x3C, 0x10, 0x11,
+        0x4D, 0x9F, 0x99, 0xAB, 0x4B, 0xA2, 0x20, 0x7A,
+        0x5F, 0x96, 0xEF, 0x1C, 0x00, 0xD7, 0x27, 0x17,
+        0x77, 0x7C, 0x51, 0x58, 0x4B, 0x13, 0x97, 0x53,
+        0x2A, 0xC6, 0x86, 0x4D, 0x3B, 0x8E, 0xBB, 0x4F,
+        0xB8, 0xA0, 0x84, 0x87, 0xF6, 0xEF, 0x55, 0x12,
+        0x2B, 0xCF, 0x9E, 0x5C, 0xD0, 0x0E, 0xBC, 0x1E,
+        0x79, 0x53, 0xE7, 0x8C, 0x4D, 0x8B, 0xCB, 0x20,
+        0xF6, 0xEA, 0x72, 0x0A, 0x63, 0x2F, 0x0C, 0xCF,
+        0x57, 0x27, 0x26, 0xF4, 0x3A, 0x95, 0xCA, 0xBE,
+        0xB5, 0x7C, 0x47, 0x60, 0x10, 0xCD, 0x28, 0x9E,
+        0x02, 0x64, 0xC9, 0x8D, 0x82, 0x49, 0xD0, 0xD6,
+        0x60, 0xF8, 0xDC, 0xC8, 0x4B, 0x7D, 0xB5, 0xEF,
+        0x11, 0x17, 0xC7, 0x94, 0x5F, 0x0D, 0x99, 0xBE,
+        0x75, 0x48, 0x49, 0xC6, 0x58, 0x43, 0x64, 0x99,
+        0x1A, 0x5A, 0x41, 0xBA, 0xC2, 0x31, 0xB3, 0xE0,
+        0x45, 0x1B, 0x81, 0xD2, 0x12, 0xBE, 0x90, 0xDB,
+        0xFF, 0xBC, 0xCB, 0x99, 0xA3, 0xF0, 0x74, 0xE8,
+        0x2C, 0x48, 0x58, 0xB3, 0x17, 0xA4, 0x9A, 0xD2,
+        0x22, 0x46, 0xFB, 0xF5, 0x85, 0x8D, 0x07, 0xDF,
+        0xDB, 0x78, 0x07, 0xF4, 0x99, 0xA8, 0x6C, 0xEE,
+        0x6E, 0x96, 0x20, 0xB8, 0xC2, 0xA9, 0xFA, 0x8B,
+        0x6E, 0xA6, 0x79, 0x6D, 0xF9, 0xC3, 0x0C, 0x77,
+        0x74, 0xAE, 0xB0, 0x40, 0xA9, 0xE5, 0xA7, 0x0B,
+        0x30, 0x40, 0x4B, 0x4F, 0xB1, 0x0A, 0x0B, 0x7B,
+        0xEE, 0x1F, 0x69, 0xFA, 0xD0, 0xF0, 0x2D, 0x5D,
+        0x00, 0xB5, 0x4D, 0xEB, 0x32, 0x84, 0xB2, 0xB7,
+        0x60, 0xAA, 0x6C, 0xF9, 0x98, 0x18, 0xB3, 0xD9,
+        0xC1, 0x54, 0x8D, 0xAC, 0x12, 0xB0, 0x3A, 0x26,
+        0xB2, 0x23, 0x2D, 0x9B, 0xF8, 0x20, 0xEE, 0x90,
+        0xE0, 0x6D, 0x31, 0xDE, 0xF5, 0xCA, 0xBA, 0x6A,
+        0x53, 0x40, 0x29, 0x6C, 0x18, 0x62, 0xA5, 0x8A,
+        0xB8, 0x17, 0xA0, 0xAB, 0xCB, 0xDC, 0xE1, 0x3B,
+        0xD6, 0xC6, 0x29, 0xA3, 0x1C, 0x5F, 0x8D, 0x6E,
+        0x73, 0xF6, 0x98, 0x10, 0x0F, 0x9F, 0x7E, 0xCA,
+        0x4C, 0xD8, 0xEB, 0xE4, 0xB8, 0xDF, 0x72, 0x78,
+        0x65, 0xAF, 0x4A, 0x20, 0xFE, 0x7C, 0xB4, 0xCA,
+        0x07, 0x81, 0xFD, 0xC5, 0xC5, 0xFD, 0x33, 0x4D,
+        0xB8, 0x37, 0x37, 0xC4, 0x21, 0x81, 0x66, 0x45,
+        0xAE, 0x81, 0x34, 0x13, 0xA6, 0x40, 0x81, 0x39,
+        0x55, 0x90, 0xE6, 0xF1, 0x42, 0x56, 0x74, 0xFF,
+        0x06, 0x9B, 0x50, 0x1F, 0x0F, 0xDA, 0x6B, 0x31,
+        0xC6, 0x4B, 0xC5, 0xC2, 0x14, 0xE7, 0x01, 0x5E,
+        0xA9, 0xDA, 0x12, 0x2D, 0x6C, 0xE0, 0x8C, 0xEB,
+        0x2D, 0xF6, 0x2C, 0x45, 0xBC, 0x01, 0x73, 0x34,
+        0x6D, 0xAB, 0xBC, 0x15, 0x4C, 0x16, 0x03, 0x35,
+        0x9D, 0xD4, 0xF0, 0xAC, 0x49, 0x84, 0x4A, 0xEE,
+        0x46, 0x47, 0x64, 0x93, 0xF2, 0x49, 0x59, 0x86,
+        0x26, 0xFB, 0x24, 0x6B, 0x99, 0xB3, 0x9A, 0xCB,
+        0xB4, 0x2B, 0x28, 0x4E, 0x0C, 0x2D, 0x3F, 0x9E,
+        0xCE, 0x32, 0x71, 0xC4, 0xD5, 0xE0, 0x6C, 0x48,
+        0x25, 0xEA, 0x1A, 0x8F, 0x08, 0x57, 0x23, 0x85,
+        0x89, 0xCD, 0xC5, 0x48, 0x37, 0x19, 0x8E, 0xD4,
+        0x23, 0x4D, 0xD0, 0x31, 0x73, 0xA8, 0x8E, 0x43,
+        0xEE, 0x95, 0x67, 0xF5, 0x7A, 0x93, 0x27, 0xD3,
+        0x90, 0x36, 0x30, 0x4C, 0xA1, 0xCD, 0xB5, 0xF8,
+        0x65, 0xC5, 0x89, 0x54, 0x57, 0x2C, 0xAE, 0xF8,
+        0x75, 0xF1, 0x2E, 0x14, 0x14, 0x14, 0x0D, 0x97,
+        0x5B, 0x24, 0x52, 0x46, 0x7A, 0x57, 0x6D, 0x9C,
+        0x4C, 0x79, 0xDB, 0x0A, 0xE0, 0x23, 0x69, 0x52,
+        0x9B, 0xF8, 0x1B, 0x54, 0x40, 0x18, 0xDF, 0xE0,
+        0x1E, 0xF0, 0x61, 0xE4, 0x79, 0x81, 0xF9, 0x98,
+        0x9A, 0x8C, 0x48, 0xFF, 0x86, 0x93, 0x0B, 0x68,
+        0x96, 0x78, 0x2F, 0xF1, 0x2D, 0xDC, 0x60, 0x1F,
+        0x8B, 0x1C, 0x04, 0x43, 0x4E, 0x60, 0x96, 0x5B,
+        0x8A, 0xF6, 0x89, 0xCC, 0xC8, 0xB2, 0x9B, 0xBF,
+        0x87, 0x16, 0x2E, 0xA8, 0x6F, 0x9B, 0x4B, 0xFD,
+        0x74, 0x4E, 0x8F, 0x36, 0x33, 0x23, 0xDE, 0x94,
+        0xD2, 0xA1, 0x72, 0x4F, 0xB2, 0xE6, 0x75, 0x3D,
+        0x6E, 0x47, 0x9B, 0xDB, 0x58, 0xE5, 0x4A, 0x0C,
+        0x09, 0x8F, 0x9C, 0x83, 0x63, 0x98, 0x8B, 0xA4,
+        0xF7, 0x3D, 0x01, 0xA6, 0x8B, 0x93, 0x97, 0x48,
+        0x84, 0x75, 0x32, 0xC7, 0xD7, 0x03, 0xDF, 0x7E,
+        0x94, 0x8C, 0x8A, 0xA6, 0x78, 0x1A, 0xAE, 0xDE,
+        0x36, 0x8A, 0xAD, 0x13, 0x7E, 0xF0, 0x16, 0xC2,
+        0x3B, 0xAF, 0xF9, 0xD8, 0x66, 0x12, 0x30, 0x72,
+        0x76, 0x6D, 0x21, 0x4C, 0xF3, 0xEF, 0x0D, 0x8C,
+        0x11, 0xA4, 0x12, 0xBE, 0xF5, 0x7E, 0x8E, 0x6A,
+        0x11, 0x13, 0x48, 0x8D, 0xC2, 0x62, 0xCF, 0x45,
+        0x7C, 0xE3, 0x91, 0x88, 0x59, 0xFF, 0xB0, 0xF1,
+        0xC3, 0xBC, 0x1D, 0x2A, 0x3E, 0x9B, 0x78, 0xF3,
+        0xB1, 0x2E, 0xB0, 0x27, 0xD8, 0x16, 0xF8, 0x9B,
+        0x2A, 0xAF, 0xF1, 0xAB, 0xB0, 0xF1, 0x8C, 0x7F,
+        0x94, 0x31, 0x97, 0x85, 0xDA, 0xF0, 0xF4, 0x27,
+        0x51, 0x3E, 0x5A, 0xE1, 0xDD, 0x6D, 0x9E, 0x98,
+        0x39, 0xBB, 0xDF, 0xA2, 0xBA, 0x2C, 0x08, 0xAD,
+        0x1D, 0x3F, 0x86, 0xF6, 0xC2, 0x1A, 0x8C, 0xAD,
+        0xE0, 0xDC, 0xDD, 0x02, 0x47, 0x4C, 0x7E, 0x2D,
+        0xDA, 0x1D, 0x70, 0x92, 0x39, 0xAA, 0x4E, 0xBA,
+        0x14, 0xC7, 0xEC, 0x26, 0xBD, 0x9D, 0x1F, 0x6D,
+        0x91, 0x58, 0x3C, 0xB5, 0xEF, 0x37, 0xB9, 0x66,
+        0x4E, 0x04, 0x7C, 0x29, 0xCF, 0xD7, 0x8E, 0x47,
+        0x84, 0xF3, 0xD2, 0x21, 0x84, 0xC5, 0xF8, 0xDC,
+        0xC9, 0xF2, 0x52, 0xD5, 0x6A, 0xBF, 0xF1, 0xF1,
+        0xDE, 0x9E, 0x7A, 0xF1, 0xD5, 0x5A, 0xF6, 0xEF,
+        0x94, 0x66, 0xF9, 0x25, 0x44, 0x7F, 0x8D, 0x92,
+        0xA2, 0x25, 0x1C, 0x72, 0x92, 0x30, 0x2A, 0xB7,
+        0xEF, 0x18, 0xF3, 0x8C, 0xEF, 0x69, 0xA5, 0x5C,
+        0x19, 0x3E, 0xC5, 0xBD, 0xEE, 0x2C, 0x2D, 0x71,
+        0xDB, 0x89, 0xD4, 0x11, 0xA6, 0x27, 0x80, 0x8F,
+        0x5A, 0x39, 0x9A, 0x04, 0x28, 0x4F, 0x9F, 0x00,
+        0xBE, 0xF9, 0xF7, 0x9B, 0x46, 0x69, 0xD6, 0xAC,
+        0x12, 0xE9, 0xA7, 0xC2, 0xD1, 0xC8, 0xAD, 0x5D,
+        0xF7, 0xCB, 0x0C, 0x98, 0x78, 0x2D, 0x04, 0x4D,
+        0x2D, 0x41, 0xAB, 0xC6, 0x3F, 0x81, 0x1D, 0xB9,
+        0x2C, 0x1F, 0x3F, 0x59, 0x11, 0xF4, 0x80, 0x4F,
+        0x0B, 0xCA, 0x9F, 0x81, 0x6E, 0x9C, 0xD1, 0xB4,
+        0x74, 0x06, 0x48, 0x0A, 0x87, 0x2C, 0xFD, 0x4D,
+        0x85, 0xD4, 0x21, 0x65, 0x7C, 0x96, 0x69, 0x53,
+        0x51, 0xC0, 0xC4, 0xB0, 0xEB, 0x20, 0xDB, 0xE0,
+        0x41, 0x09, 0xA7, 0x62, 0xB2, 0xF3, 0xC7, 0x6A,
+        0x1D, 0x53, 0xA0, 0x39, 0xBA, 0xCF, 0x78, 0x9E,
+        0xBF, 0x1D, 0xA5, 0x98, 0x09, 0x8E, 0xA7, 0x1A,
+        0xE7, 0x95, 0xFF, 0x10, 0x38, 0xCC, 0x8F, 0x44,
+        0xCB, 0xE7, 0xF6, 0xD6, 0x2C, 0xFF, 0xA8, 0x1C,
+        0xFF, 0xA3, 0x65, 0xE8, 0x4E, 0xAE, 0xC7, 0xEF,
+        0x61, 0xE1, 0x16, 0x4B, 0x8C, 0xA8, 0xC8, 0xFB,
+        0xA5, 0x2C, 0xD1, 0x0A, 0x39, 0xAB, 0x4A, 0xF9,
+        0xEE, 0x0B, 0x9B, 0xB4, 0x33, 0x5E, 0x25, 0x15,
+        0xD0, 0xAA, 0x93, 0xC4, 0x53, 0x42, 0x91, 0xC5,
+        0x98, 0x15, 0x34, 0x9A, 0x22, 0x1D, 0x9A, 0xE7,
+        0x0E, 0x81, 0xF6, 0x99, 0x55, 0xB3, 0xD6, 0x49,
+        0x1B, 0xB8, 0xA8, 0xBE, 0xDF, 0x54, 0xF0, 0x78,
+        0xF7, 0x02, 0x97, 0x74, 0x84, 0x67, 0x6B, 0xAE,
+        0x2F, 0xEC, 0x6E, 0x59, 0x20, 0x68, 0xD8, 0xE3,
+        0x5A, 0x07, 0x48, 0xE1, 0x99, 0x90, 0xEE, 0xCD,
+        0x17, 0x2B, 0xB6, 0xD6, 0xAA, 0x1A, 0xF8, 0x97,
+        0x4E, 0xE0, 0x67, 0x9E, 0x4C, 0x35, 0xFE, 0x68,
+        0x71, 0x54, 0x43, 0x5D, 0x43, 0x59, 0x19, 0xEB,
+        0x58, 0x8E, 0x9A, 0xF6, 0xBD, 0x88, 0x71, 0xEE,
+        0x89, 0xC6, 0xF2, 0x10, 0x04, 0x33, 0x13, 0x88,
+        0xCD, 0x08, 0xB5, 0xE3, 0x5D, 0xA8, 0xBC, 0x43,
+        0xB3, 0x84, 0x5F, 0x70, 0x94, 0xD9, 0xAC, 0xAE,
+        0x74, 0x70, 0x13, 0x1E, 0x21, 0xFB, 0xD5, 0x7F,
+        0xEC, 0x66, 0x2F, 0xA0, 0xB1, 0x1D, 0xE3, 0xF8,
+        0xB9, 0x36, 0x48, 0x25, 0x3D, 0xBA, 0x7D, 0x44,
+        0x08, 0xC5, 0x71, 0x74, 0xDA, 0xD3, 0x4F, 0x97,
+        0x86, 0xF1, 0x16, 0x38, 0xD8, 0xC9, 0xE3, 0x3A,
+        0xA7, 0x2E, 0x06, 0x4D, 0x9D, 0xE8, 0xFC, 0x38,
+        0x58, 0x2A, 0x8D, 0x2D, 0x07, 0x99, 0xEA, 0xDF,
+        0xF3, 0x00, 0x3B, 0xBC, 0x5F, 0x67, 0x1E, 0x4B,
+        0x6C, 0xF1, 0x4A, 0x47, 0xB0, 0x71, 0x90, 0x5A,
+        0x3B, 0x75, 0x93, 0x75, 0x56, 0x50, 0x4C, 0x70,
+        0xF3, 0xC7, 0x95, 0xD5, 0xEA, 0xCB, 0x4C, 0x92,
+        0x4F, 0x22, 0x4F, 0xD9, 0x34, 0x46, 0x76, 0xFB,
+        0x79, 0xD6, 0xBD, 0x4E, 0x84, 0xEE, 0xE7, 0x78,
+        0x7C, 0xB8, 0x92, 0x9F, 0xAD, 0xF2, 0x17, 0x5D,
+        0x38, 0xB1, 0x88, 0x2E, 0xE9, 0x65, 0xAC, 0x4C,
+        0x24, 0x27, 0x1D, 0x7B, 0xA3, 0x69, 0x96, 0x55,
+        0x5C, 0x26, 0x40, 0xAF, 0x04, 0xB1, 0xCE, 0xA8,
+        0x5D, 0x1E, 0x1F, 0xE5, 0x5A, 0xC3, 0xAE, 0xF9,
+        0x14, 0x03, 0x58, 0x10, 0x1C, 0x8B, 0x1F, 0xDB,
+        0x6C, 0x71, 0x68, 0x60, 0x13, 0x32, 0xF1, 0xA9,
+        0x69, 0x45, 0x28, 0x69, 0x7C, 0xE3, 0xC9, 0x56,
+        0xAF, 0xF3, 0xBD, 0x4B, 0x9E, 0x0A, 0x06, 0x6A,
+        0x62, 0x20, 0x40, 0x65, 0xBD, 0xBC, 0xBF, 0xC7,
+        0x0A, 0x2A, 0xCF, 0x56, 0x7C, 0x0E, 0x64, 0xBB,
+        0x64, 0x71, 0x2D, 0x90, 0xBB, 0x32, 0x00, 0x0A,
+        0x4A, 0x45, 0x44, 0x08, 0x75, 0x2C, 0x86, 0x13,
+        0x86, 0x52, 0x8D, 0x3D, 0xFC, 0xF3, 0x5E, 0x5B,
+        0x3F, 0x7A, 0xAA, 0x98, 0x84, 0xCF, 0x92, 0xF9,
+        0x0B, 0x40, 0x8F, 0xC0, 0xA3, 0x71, 0x84, 0xAD,
+        0xEE, 0xDF, 0xC4, 0x91, 0x7E, 0x87, 0x7D, 0x06,
+        0xCA, 0x65, 0x8C, 0xE4, 0x8E, 0x03, 0xF0, 0x59,
+        0x3E, 0xB4, 0x90, 0x4C, 0xEE, 0x88, 0x29, 0xE4,
+        0x26, 0x7D, 0xA6, 0x54, 0x82, 0x49, 0xC1, 0x9D,
+        0x80, 0xAB, 0x6B, 0xD7, 0xBE, 0x7D, 0x09, 0x80,
+        0x5E, 0xB6, 0xD1, 0x1E, 0xD1, 0x1B, 0xE9, 0x8D,
+        0xFC, 0x6E, 0x9C, 0x14, 0x0C, 0x15, 0x02, 0x87,
+        0xF3, 0x9D, 0x21, 0xF8, 0xCB, 0xC8, 0xB9, 0xBD,
+        0xE1, 0x70, 0xEA, 0xE4, 0x86, 0x4C, 0x97, 0xC1,
+        0xEE, 0x4C, 0x18, 0x95, 0xEC, 0xD2, 0x4D, 0x35,
+        0x9F, 0xC6, 0x56, 0x10, 0x3E, 0xC0, 0xB9, 0x7B,
+        0x13, 0x1A, 0x37, 0x3D, 0x40, 0x4C, 0x88, 0x8B,
+        0x9A, 0xA5, 0xB2, 0xB8, 0xB9, 0xC3, 0xEC, 0xF1,
+        0x14, 0x33, 0x63, 0x67, 0x84, 0x98, 0xC8, 0xF4,
+        0x06, 0x0C, 0x0E, 0x0F, 0x10, 0x12, 0x15, 0x16,
+        0x45, 0x4E, 0x55, 0x5A, 0x5F, 0x8A, 0x94, 0x97,
+        0xA8, 0xAF, 0xB2, 0xCC, 0xD4, 0xDC, 0xE7, 0xF1,
+        0xFE, 0xFF, 0x11, 0x24, 0x53, 0x62, 0x94, 0xB7,
+        0xB9, 0xD3, 0xD9, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x10, 0x18, 0x32, 0x3B
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    static const byte pk_65_draft[] = {
+        0x6C, 0x84, 0x14, 0x38, 0x08, 0x56, 0xCB, 0x52,
+        0xD7, 0x9C, 0x4B, 0x29, 0x13, 0x9F, 0xB1, 0x83,
+        0x9B, 0x86, 0x06, 0xF5, 0x94, 0x8B, 0x9D, 0x72,
+        0xA9, 0x56, 0xDC, 0xF1, 0x01, 0x16, 0xDA, 0x9E,
+        0x2D, 0x79, 0x77, 0x01, 0x86, 0xFC, 0x74, 0xD9,
+        0x42, 0xC0, 0xF4, 0xA3, 0xB5, 0x95, 0xFF, 0x6C,
+        0x19, 0x80, 0x4B, 0x49, 0x90, 0x1C, 0x6A, 0xD5,
+        0xFA, 0xF7, 0x16, 0x01, 0xC2, 0xB6, 0x00, 0x31,
+        0x5E, 0x1F, 0x40, 0xC2, 0x05, 0x47, 0x67, 0xB0,
+        0x09, 0x25, 0xDF, 0x3A, 0xA4, 0x90, 0xE8, 0xC7,
+        0x6F, 0x05, 0xFB, 0xFB, 0x74, 0x91, 0x10, 0x75,
+        0xE6, 0x51, 0x8C, 0x5F, 0x1D, 0x91, 0xB8, 0xA0,
+        0xE5, 0xB5, 0x98, 0x30, 0xD3, 0xDF, 0x39, 0x94,
+        0x76, 0x04, 0x11, 0xEB, 0xB9, 0x11, 0xED, 0x4C,
+        0xC2, 0xC1, 0x60, 0xE3, 0x84, 0x9A, 0x93, 0x76,
+        0x2D, 0xFC, 0xA7, 0xB9, 0x81, 0x2B, 0xC7, 0xAE,
+        0xB2, 0xDD, 0xB2, 0x76, 0x7B, 0xEF, 0x36, 0x50,
+        0x56, 0x05, 0xAE, 0x06, 0x92, 0x60, 0xBC, 0xC8,
+        0xDC, 0x47, 0x87, 0xC4, 0x28, 0xCB, 0x3C, 0x07,
+        0x6E, 0xF2, 0xA6, 0xB9, 0x35, 0x61, 0xD8, 0x94,
+        0x3F, 0x45, 0xCA, 0xBE, 0x8F, 0x05, 0x53, 0xFF,
+        0x2E, 0xA1, 0xAC, 0x95, 0xC1, 0xCE, 0x21, 0x59,
+        0x3A, 0x17, 0x54, 0x59, 0xD7, 0xDF, 0x12, 0xC4,
+        0x07, 0x0A, 0xDB, 0x0E, 0xEE, 0x55, 0xB4, 0xAB,
+        0xAE, 0x59, 0xBE, 0x69, 0xC3, 0xFF, 0x0D, 0xE5,
+        0xA9, 0xB0, 0x27, 0xFC, 0x7D, 0x8E, 0x6E, 0x05,
+        0x7B, 0x71, 0x52, 0xEE, 0x6A, 0xB4, 0x80, 0xD1,
+        0x05, 0xD3, 0x0B, 0x0F, 0x50, 0x51, 0xB6, 0x0C,
+        0x79, 0x01, 0xC5, 0x25, 0xC4, 0x63, 0x5F, 0xE6,
+        0x68, 0xCC, 0x00, 0xE9, 0xD3, 0x09, 0x7D, 0xB9,
+        0x9D, 0x66, 0x32, 0x37, 0x15, 0xCE, 0x4F, 0x0B,
+        0x79, 0xB4, 0x26, 0xB4, 0x54, 0x5E, 0x09, 0xF4,
+        0xDE, 0x39, 0x32, 0x3D, 0xD1, 0x4C, 0xCB, 0x0D,
+        0x17, 0x10, 0x8C, 0xD4, 0x6D, 0xEC, 0x61, 0x38,
+        0xCD, 0xFA, 0x28, 0x72, 0xC1, 0xC4, 0xC8, 0xAE,
+        0xAD, 0x5C, 0x8C, 0xE0, 0x41, 0x57, 0xE5, 0x53,
+        0xA3, 0x75, 0x58, 0xC2, 0x34, 0x6A, 0x06, 0x19,
+        0x4C, 0xB5, 0x0B, 0x49, 0x81, 0xBF, 0x4D, 0x09,
+        0x0C, 0xE4, 0xE8, 0x60, 0x12, 0x6A, 0x82, 0x54,
+        0xA4, 0xD4, 0xC0, 0x84, 0xC3, 0xE2, 0x02, 0x0B,
+        0xC0, 0x75, 0x35, 0x21, 0x04, 0x9B, 0x0F, 0xD8,
+        0x89, 0x97, 0xE0, 0x27, 0xAC, 0x51, 0xE7, 0x5C,
+        0xF1, 0x35, 0x0C, 0x3F, 0x30, 0x3A, 0x0E, 0xCE,
+        0x42, 0x64, 0x87, 0x15, 0x3D, 0xAF, 0x1F, 0xAA,
+        0xD6, 0x80, 0x8B, 0x9D, 0x99, 0x07, 0xDA, 0x9F,
+        0x35, 0x18, 0x5B, 0xD3, 0xBE, 0x8D, 0x9C, 0xEB,
+        0xE9, 0x16, 0xCE, 0xD1, 0xFA, 0x29, 0x28, 0xD8,
+        0x85, 0xA9, 0xCB, 0xA8, 0x81, 0x49, 0x70, 0x3F,
+        0x5E, 0x47, 0x72, 0xE4, 0x85, 0x23, 0x12, 0x5D,
+        0xDD, 0x02, 0x6E, 0x71, 0x4C, 0x49, 0xF4, 0xFB,
+        0x4E, 0x54, 0x4B, 0xBF, 0x61, 0x7A, 0x40, 0xB0,
+        0x0B, 0x68, 0xDF, 0x8F, 0x15, 0x5F, 0x58, 0x80,
+        0xD4, 0x11, 0x87, 0x7E, 0x25, 0xB4, 0x2B, 0x24,
+        0x48, 0xB3, 0x6B, 0xEC, 0x2F, 0x1F, 0x8F, 0x9A,
+        0x77, 0x0C, 0x54, 0x51, 0x50, 0xA0, 0x27, 0x8E,
+        0x9B, 0x72, 0x45, 0x00, 0xAE, 0xAA, 0xEA, 0x47,
+        0x1C, 0x11, 0xCF, 0xF0, 0x4E, 0x30, 0xEA, 0xB2,
+        0xF4, 0x73, 0xBC, 0x04, 0x8E, 0x32, 0xCD, 0x31,
+        0xAE, 0xF2, 0x15, 0x79, 0xB6, 0x99, 0x22, 0x5B,
+        0xF9, 0xE1, 0xB6, 0x70, 0x0C, 0x57, 0xE5, 0x09,
+        0xFC, 0xA1, 0xF2, 0x36, 0x29, 0x4A, 0x59, 0x74,
+        0xDA, 0xA1, 0x5F, 0xBC, 0xAD, 0x62, 0xD4, 0xBD,
+        0xDC, 0x45, 0x32, 0xB2, 0x61, 0x41, 0x44, 0xDB,
+        0xE2, 0x88, 0x07, 0x36, 0x8C, 0x28, 0x1A, 0x77,
+        0x0E, 0xA2, 0x2B, 0x1E, 0x5A, 0x3F, 0xA5, 0xBA,
+        0x14, 0x92, 0x6D, 0xC5, 0x5A, 0x54, 0xF8, 0x4A,
+        0x2A, 0x77, 0xC5, 0xA7, 0x08, 0x41, 0xF0, 0x7B,
+        0xC1, 0xDE, 0xEF, 0x74, 0x03, 0xB2, 0x47, 0xAB,
+        0x42, 0xB8, 0x4A, 0xDF, 0x14, 0x1E, 0x03, 0x0C,
+        0x98, 0x46, 0x84, 0x24, 0xDA, 0xAE, 0xB9, 0x9D,
+        0x25, 0x77, 0xF9, 0x50, 0xC2, 0x37, 0x3C, 0xCA,
+        0x1E, 0x2D, 0xC2, 0x76, 0x1B, 0x8E, 0xDD, 0x6D,
+        0x08, 0xFF, 0x79, 0xE5, 0x28, 0x88, 0x0F, 0xFB,
+        0x51, 0xC3, 0x6E, 0xD4, 0x20, 0xAC, 0x5D, 0x50,
+        0xF2, 0x58, 0x2A, 0xA6, 0x64, 0xE5, 0x4E, 0xA5,
+        0xF4, 0x18, 0x9E, 0xA0, 0x17, 0x6D, 0xAA, 0x61,
+        0x22, 0xF6, 0x23, 0x5A, 0x70, 0xB1, 0x5C, 0xEB,
+        0x4D, 0xDD, 0x65, 0xD3, 0xBE, 0x6E, 0xBF, 0x3D,
+        0xC4, 0x31, 0x89, 0xEE, 0x0A, 0x2E, 0x31, 0x05,
+        0x63, 0x8F, 0x23, 0x87, 0x36, 0x95, 0x28, 0x0F,
+        0x1B, 0x74, 0x27, 0x43, 0x52, 0xD6, 0x0A, 0x48,
+        0xE5, 0xD3, 0xDD, 0x02, 0xFB, 0x7A, 0x5E, 0xD8,
+        0x3F, 0xE2, 0x7A, 0x69, 0x82, 0x51, 0x42, 0x1C,
+        0x8E, 0x9C, 0x98, 0x80, 0x61, 0x02, 0x39, 0x6E,
+        0x53, 0x73, 0x90, 0xAC, 0xFD, 0x8C, 0x1D, 0x0B,
+        0x4F, 0x99, 0xB7, 0x02, 0xA9, 0xEA, 0x65, 0x98,
+        0x78, 0x58, 0x3D, 0x92, 0x75, 0x89, 0x41, 0xB3,
+        0x0E, 0xCE, 0x50, 0x7C, 0x10, 0x4B, 0x2C, 0xE4,
+        0x87, 0x67, 0x9E, 0xCF, 0x68, 0xB4, 0xD8, 0xB9,
+        0x80, 0x69, 0x8A, 0xCF, 0x6A, 0xA6, 0xA5, 0x7E,
+        0x8E, 0xD6, 0xAF, 0x3F, 0xF1, 0x8D, 0x26, 0x68,
+        0x95, 0x04, 0x28, 0xB5, 0x7D, 0x18, 0x2F, 0x73,
+        0xBB, 0x49, 0xB9, 0xB0, 0x38, 0xCC, 0xC8, 0x2D,
+        0x56, 0x12, 0x78, 0xA3, 0x86, 0xD5, 0x66, 0x45,
+        0xEC, 0x3F, 0xAF, 0xFB, 0x41, 0x25, 0xE0, 0xE7,
+        0xF3, 0x6B, 0x48, 0xB1, 0x4B, 0x45, 0x25, 0x47,
+        0xA0, 0xB4, 0x81, 0xAA, 0x6B, 0x33, 0x42, 0x29,
+        0x24, 0x91, 0x53, 0xE4, 0x2E, 0xDF, 0x7E, 0x49,
+        0xDD, 0x6E, 0x76, 0x36, 0xBF, 0xC6, 0x15, 0xA2,
+        0x3A, 0x40, 0x1E, 0xFD, 0x40, 0x34, 0xC8, 0x1B,
+        0x4D, 0xCE, 0xF0, 0x27, 0xD3, 0x44, 0xDD, 0xCC,
+        0xE0, 0xA7, 0x16, 0x18, 0xEB, 0x59, 0x10, 0xCE,
+        0xC6, 0x22, 0x28, 0x81, 0x93, 0x85, 0x03, 0x3E,
+        0x8D, 0x0A, 0xBD, 0x49, 0x3D, 0x98, 0x3E, 0x4F,
+        0xC0, 0x87, 0xD7, 0x2B, 0x45, 0x5E, 0x4D, 0xB6,
+        0x3A, 0x2F, 0x82, 0xCE, 0xFF, 0x65, 0xC1, 0xE6,
+        0x28, 0xEA, 0xE6, 0x30, 0x59, 0x6D, 0xEC, 0x27,
+        0xFB, 0x98, 0xB8, 0x4D, 0xBF, 0xDC, 0xDF, 0xAB,
+        0x40, 0xE4, 0x72, 0x24, 0x49, 0x14, 0xAF, 0xF1,
+        0x79, 0x32, 0x6D, 0x54, 0x2D, 0x40, 0x1A, 0x3C,
+        0xBB, 0x86, 0xE5, 0xFF, 0x83, 0x51, 0xEF, 0xE5,
+        0x3A, 0x73, 0xC5, 0x1A, 0xBB, 0x63, 0xFF, 0x55,
+        0x3E, 0x7D, 0x79, 0x57, 0xEF, 0x89, 0x13, 0x5E,
+        0x0F, 0x5B, 0xB1, 0xBD, 0x0C, 0x24, 0xF9, 0xE4,
+        0x5E, 0x32, 0x36, 0x41, 0x3C, 0x60, 0xE1, 0x39,
+        0x6A, 0x47, 0x56, 0x7C, 0x94, 0x39, 0x51, 0x0F,
+        0x00, 0xD4, 0xA4, 0x3C, 0x14, 0x9A, 0x5C, 0xCC,
+        0x04, 0xF3, 0xD4, 0x7E, 0x67, 0xA8, 0xE2, 0x94,
+        0xA4, 0x61, 0xA5, 0xF6, 0x93, 0xDB, 0x0C, 0xAE,
+        0x22, 0xCF, 0xAC, 0x61, 0xE8, 0x53, 0x47, 0x7D,
+        0x33, 0x9A, 0x4E, 0x45, 0xF7, 0xB1, 0x7C, 0x3C,
+        0x11, 0x6D, 0x56, 0xF3, 0xA0, 0x68, 0xFC, 0x5A,
+        0xDF, 0xEF, 0x38, 0xFF, 0x85, 0x33, 0x2B, 0xD5,
+        0x15, 0x3C, 0x4D, 0x8F, 0xB8, 0xF1, 0x48, 0xF1,
+        0x17, 0x65, 0x9C, 0x2E, 0xA9, 0x4D, 0xB4, 0x2A,
+        0xA0, 0xB0, 0xBE, 0xBB, 0x47, 0x5A, 0x11, 0x04,
+        0x12, 0xF3, 0xCD, 0x33, 0x49, 0xFC, 0x1A, 0xD0,
+        0x41, 0xB7, 0xD5, 0x30, 0x4A, 0x85, 0x93, 0x14,
+        0x4E, 0xFA, 0x3A, 0x36, 0x1D, 0x1B, 0x0C, 0x76,
+        0x13, 0xB8, 0x2C, 0x08, 0x6E, 0xA7, 0x12, 0x6E,
+        0x43, 0xC6, 0x16, 0xCE, 0xE8, 0xF1, 0x44, 0x4E,
+        0x99, 0x56, 0xE8, 0x7F, 0x5C, 0xAB, 0x95, 0xC7,
+        0xC7, 0xFB, 0x17, 0x58, 0xEC, 0x7D, 0x97, 0x01,
+        0x9E, 0x5B, 0xA9, 0x35, 0x43, 0xEF, 0x3B, 0xAC,
+        0x1A, 0x17, 0x42, 0x99, 0xCA, 0x48, 0xBF, 0x78,
+        0x59, 0xDB, 0xFB, 0xDF, 0xF2, 0x43, 0xB1, 0x14,
+        0xF6, 0xBF, 0x42, 0x3C, 0xE9, 0x8B, 0x4D, 0x4D,
+        0x09, 0x1D, 0xA4, 0x4F, 0x32, 0x74, 0xD5, 0x73,
+        0xFD, 0xC9, 0x04, 0xBD, 0x88, 0x5E, 0x35, 0xC9,
+        0x15, 0x2A, 0x65, 0x35, 0x48, 0x88, 0xF1, 0x1E,
+        0xD4, 0xF3, 0xD6, 0x3F, 0x26, 0xA7, 0xBE, 0x2F,
+        0x57, 0x26, 0xEA, 0xDA, 0xF4, 0x85, 0x86, 0x59,
+        0x2B, 0xBD, 0xF6, 0xCE, 0xE2, 0x46, 0x76, 0x9E,
+        0x0E, 0xDA, 0x2A, 0x80, 0x77, 0x1F, 0xED, 0x34,
+        0x7D, 0x67, 0xAF, 0xEE, 0xC6, 0x8B, 0x89, 0x46,
+        0x3F, 0xA0, 0x49, 0x6D, 0xBC, 0x15, 0xC8, 0x9E,
+        0x8D, 0x56, 0x99, 0x83, 0xD1, 0xD6, 0x74, 0x73,
+        0x3F, 0x2B, 0xF9, 0xDF, 0x4A, 0x98, 0x0E, 0xA8,
+        0xC5, 0xE3, 0xAF, 0x15, 0x56, 0x0A, 0x0E, 0x28,
+        0xD6, 0x72, 0xB5, 0x80, 0xAB, 0x65, 0x52, 0xED,
+        0x76, 0xAA, 0xCB, 0x5F, 0x80, 0x26, 0x0B, 0x97,
+        0x03, 0x76, 0x9D, 0x33, 0xF4, 0x13, 0x8A, 0xBC,
+        0x10, 0xBF, 0x5B, 0x05, 0x82, 0xDC, 0xC6, 0x2D,
+        0xBE, 0x58, 0xC8, 0x90, 0xF5, 0x1B, 0x41, 0x00,
+        0x12, 0x77, 0x34, 0xFB, 0x7D, 0xB7, 0x44, 0x7A,
+        0x72, 0x0A, 0xAE, 0x00, 0x9D, 0x00, 0xBE, 0x8C,
+        0x61, 0x07, 0x92, 0xC6, 0x4F, 0x13, 0x1F, 0x2D,
+        0x72, 0x11, 0x5C, 0x7E, 0x05, 0x8E, 0x48, 0xB9,
+        0xDE, 0x64, 0xF5, 0x5B, 0x4D, 0x61, 0x0C, 0x36,
+        0xD1, 0x12, 0x71, 0x6A, 0x31, 0xA3, 0xDF, 0xE2,
+        0x66, 0x99, 0xE9, 0xC2, 0xAB, 0xA0, 0x56, 0x58,
+        0xCE, 0xF1, 0xB2, 0xB0, 0x86, 0x7C, 0xF8, 0xD5,
+        0x23, 0x3D, 0xB7, 0x4F, 0xA8, 0xDC, 0x3A, 0xD1,
+        0x45, 0xF5, 0xD2, 0x85, 0x74, 0x36, 0x0A, 0x85,
+        0xE3, 0xB0, 0xB1, 0x0A, 0xC0, 0xA6, 0x46, 0x7A,
+        0x7B, 0x05, 0x98, 0x46, 0x28, 0xEC, 0xA1, 0x04,
+        0x63, 0xF3, 0x48, 0xA3, 0x11, 0x1E, 0x00, 0x57,
+        0x8D, 0x3C, 0xE5, 0x48, 0x0F, 0x53, 0x75, 0xA1,
+        0xEE, 0x23, 0xEE, 0x82, 0x08, 0x7B, 0xAC, 0x41,
+        0x23, 0x3A, 0x14, 0xAA, 0xA7, 0x24, 0x73, 0x4B,
+        0x18, 0x74, 0xA4, 0xAC, 0xE1, 0x13, 0x37, 0x06,
+        0x25, 0x8F, 0x5F, 0xEA, 0x3A, 0x0C, 0x16, 0x09,
+        0xE3, 0x0C, 0x7F, 0xD2, 0x10, 0xDA, 0x0C, 0x4F,
+        0xDE, 0x91, 0x62, 0xDF, 0x66, 0xFB, 0xAF, 0x79,
+        0x2F, 0xA2, 0xAE, 0xAA, 0x51, 0x2F, 0x0F, 0xF7,
+        0x83, 0x7B, 0x9C, 0xC0, 0x2E, 0xE9, 0xBD, 0x95,
+        0x53, 0x9F, 0x00, 0x1B, 0xBD, 0x60, 0xDD, 0x8B,
+        0x42, 0xD6, 0x16, 0xB2, 0xCA, 0x95, 0xF3, 0x83,
+        0x5F, 0x5E, 0x47, 0xD4, 0x3B, 0x14, 0x34, 0xC4,
+        0x56, 0x3F, 0xD8, 0x1C, 0x15, 0xBE, 0xFA, 0x20,
+        0x2C, 0xF3, 0xD9, 0x54, 0x08, 0x73, 0xF6, 0x84,
+        0xAF, 0xE1, 0x9A, 0xB5, 0xC0, 0x1F, 0xA9, 0x2E,
+        0x95, 0xA8, 0xCD, 0x6F, 0x36, 0x07, 0x30, 0x85,
+        0x6E, 0x59, 0xC9, 0xC6, 0xAB, 0x77, 0x0D, 0x65,
+        0x75, 0x96, 0x2A, 0xF7, 0x58, 0x78, 0x57, 0x2A,
+        0x2A, 0x26, 0x41, 0x3D, 0x01, 0xAB, 0x31, 0x8C,
+        0x10, 0x0D, 0xFC, 0x34, 0xDC, 0x1D, 0xEF, 0xA5,
+        0x92, 0x7C, 0x4B, 0x45, 0x99, 0x25, 0xD7, 0x3E,
+        0x1E, 0xB9, 0x14, 0x70, 0xE3, 0x7A, 0x58, 0x45,
+        0x5C, 0x22, 0xA9, 0x61, 0xFD, 0x53, 0xF7, 0xD9,
+        0x90, 0x26, 0xFF, 0x88, 0x4B, 0xF4, 0xA2, 0x57,
+        0x9F, 0x70, 0x63, 0x35, 0xEF, 0xB6, 0xFB, 0x22,
+        0x50, 0xD5, 0x2A, 0xE5, 0x61, 0x89, 0x8B, 0xA1,
+        0x60, 0x6E, 0x51, 0xE9, 0x6D, 0x37, 0xC9, 0xED,
+        0x3E, 0xC6, 0xCF, 0xCB, 0x33, 0xBF, 0xBE, 0x9C,
+        0x31, 0x43, 0xFD, 0x3B, 0x6B, 0x33, 0x4D, 0x5F,
+        0x61, 0x92, 0x2B, 0x36, 0x9A, 0xFB, 0xB3, 0x1C,
+        0x3E, 0x6E, 0x9B, 0x5F, 0x3A, 0xEB, 0xF9, 0x5C,
+        0xB7, 0x08, 0x34, 0x6F, 0xEC, 0xF7, 0x15, 0x9C,
+        0xAD, 0x94, 0xA9, 0x3D, 0x8C, 0xD4, 0xB8, 0xC4,
+        0x89, 0x41, 0x92, 0xDF, 0xE5, 0x3E, 0xA4, 0x36,
+        0xFB, 0xF3, 0xAF, 0x4E, 0x86, 0x4E, 0x8C, 0x39,
+        0x91, 0xEA, 0x02, 0x0A, 0x81, 0x1F, 0x0A, 0xF5,
+        0x0B, 0x42, 0x57, 0x43, 0x6A, 0x3F, 0xF5, 0x22,
+        0xBE, 0x73, 0x67, 0x39, 0x1D, 0x0F, 0x95, 0x0B,
+        0xA6, 0x45, 0x2F, 0xBF, 0xD8, 0xFD, 0x87, 0x28,
+        0xF4, 0x0B, 0xD2, 0xFC, 0xB8, 0x94, 0x52, 0x99,
+        0x85, 0xB4, 0x32, 0xDF, 0xEF, 0x62, 0x30, 0xEB,
+        0x4D, 0xEE, 0x73, 0x7A, 0x8D, 0x10, 0xA3, 0xBC,
+        0xDF, 0xB7, 0x63, 0xE0, 0x86, 0x9B, 0x22, 0x5C,
+        0x1A, 0x8D, 0x0E, 0x1F, 0xBF, 0x2D, 0x16, 0x1C,
+        0x2C, 0x65, 0xD6, 0xDF, 0xB9, 0x58, 0xE9, 0x82,
+        0xD1, 0x17, 0x77, 0xAC, 0xBE, 0xAD, 0x8D, 0xFB,
+        0x6B, 0x1F, 0x5E, 0xB2, 0x1E, 0xA9, 0x42, 0xF7,
+        0xC4, 0x0D, 0xC2, 0x0D, 0x2E, 0x4E, 0xB3, 0xE7,
+        0x29, 0xB4, 0xE2, 0x9F, 0x75, 0x01, 0xDA, 0x34,
+        0x23, 0x45, 0x61, 0xF6, 0x28, 0x88, 0x12, 0xD6,
+        0x12, 0xD4, 0x1D, 0xFA, 0x83, 0xC5, 0xB8, 0xD9,
+        0x0F, 0xF3, 0x8B, 0xA5, 0x48, 0x20, 0x1B, 0x57,
+        0x5B, 0x52, 0x93, 0xAD, 0x78, 0x12, 0x0D, 0x91,
+        0xCE, 0xC0, 0x59, 0xCA, 0xE2, 0xE7, 0x6A, 0x9A,
+        0xB4, 0x3E, 0xF1, 0x28, 0x1E, 0x2B, 0xEF, 0x3E,
+        0x34, 0x8D, 0x28, 0xF2, 0x19, 0x47, 0xC8, 0x88,
+        0x48, 0x96, 0x04, 0x59, 0x48, 0x97, 0x75, 0x17,
+        0x6F, 0x8E, 0x40, 0xEE, 0x06, 0x42, 0x79, 0x53,
+        0x68, 0x7F, 0xB6, 0x3E, 0x47, 0x0F, 0x7D, 0x59,
+        0xFB, 0x60, 0xDF, 0x56, 0x9F, 0x8A, 0x11, 0xE2,
+        0x8E, 0x09, 0x37, 0x16, 0x2C, 0x46, 0xAF, 0xC7,
+        0xD2, 0x21, 0x0A, 0x88, 0x5F, 0xFA, 0x21, 0xB3,
+        0xDB, 0xF5, 0x35, 0x4B, 0x29, 0x41, 0xF4, 0xED,
+        0x5D, 0x50, 0x79, 0x08, 0x90, 0x84, 0x0C, 0xC3,
+        0xB9, 0x73, 0xD2, 0xC3, 0xD0, 0x26, 0x02, 0xB2,
+        0x9B, 0xAC, 0xCB, 0x6C, 0xE1, 0x7C, 0xED, 0xB9,
+        0x7B, 0x08, 0x5A, 0x2A, 0xB3, 0x10, 0x57, 0x2B,
+        0xA7, 0x37, 0x1D, 0x1F, 0x81, 0x20, 0xFF, 0xE3,
+        0x7D, 0x0B, 0x0F, 0xCA, 0x35, 0xAF, 0xC5, 0xB5,
+        0x62, 0xAA, 0x84, 0x99, 0x71, 0x5A, 0x29, 0x9C,
+        0xE0, 0x59, 0xCC, 0xE3, 0xB0, 0xD1, 0x1C, 0xEF,
+        0x0D, 0x92, 0x38, 0x96, 0x1A, 0xD4, 0xBE, 0x11,
+        0xE9, 0xA6, 0xD1, 0xA4, 0x69, 0x21, 0x77, 0xC8,
+        0xB0, 0xC5, 0x3F, 0x11, 0xA8, 0xED, 0x26, 0x50,
+        0x21, 0x2E, 0x7A, 0x2F, 0x80, 0xEB, 0xFF, 0x6D,
+        0xCF, 0xE4, 0x67, 0x21, 0x03, 0x65, 0x84, 0x34,
+        0xD0, 0x32, 0x7A, 0xDD, 0xCD, 0x66, 0xBC, 0xB6
+    };
+    static const byte msg_65_draft[] = {
+        0xDB, 0x84, 0x94, 0xBA, 0x19, 0xC4, 0x11, 0x8F,
+        0xB1, 0x5D, 0x0A, 0xCF, 0x42, 0x54, 0xFD, 0x37,
+        0x48, 0x3F, 0xCF, 0x47, 0x48, 0xFD, 0x18, 0x44,
+        0xF7, 0x17, 0xCE, 0x6F, 0x69, 0x58, 0x9E, 0x61,
+        0x77, 0x2C, 0xFE, 0xFA, 0x7F, 0x97, 0x58, 0x65,
+        0x34, 0x09, 0xD4, 0xEE, 0x5A, 0x26, 0x4B, 0x83,
+        0x4E, 0x60, 0xD6, 0xBB, 0x96, 0x49, 0x9E, 0xBE,
+        0xB2, 0xB0, 0x6B, 0x0B, 0xA8, 0x74, 0xBF, 0x31,
+        0xE6, 0x41, 0x39, 0x4C, 0xFA, 0xA6, 0xA2, 0xD3,
+        0x0D, 0xDB, 0x8F, 0x04, 0x58, 0x76, 0x20, 0x8D,
+        0x2F, 0x51, 0xDE, 0x15, 0xE2, 0x05, 0xE8, 0xC9,
+        0x1B, 0x87, 0xEC, 0xEB, 0x05, 0xFF, 0x31, 0x83,
+        0x27, 0x1B, 0x26, 0x49, 0x66, 0x5D, 0xD3, 0xCC,
+        0x49, 0xBF, 0xDB, 0x99, 0x8D, 0x53, 0x9D, 0xA8,
+        0x09, 0x30, 0x55, 0x16, 0xBB, 0xBE, 0x9C, 0x90,
+        0x60, 0x21, 0x19, 0x1C, 0x52, 0x23, 0xE5, 0x25,
+        0xA8, 0xFC, 0x36, 0x16, 0xA1, 0x76, 0x5E, 0xC3,
+        0xF9, 0xC5, 0xDB, 0x53, 0xCC, 0x33, 0x7E, 0x03,
+        0x9F, 0x18, 0x6A, 0xCF, 0xEA, 0x91, 0x14, 0x8E,
+        0xE2, 0xA7, 0x9C, 0xCA, 0x36, 0x89, 0xED, 0xB6,
+        0x2A, 0xAF, 0x28, 0xB5, 0xD7, 0x52, 0xFD, 0xE2,
+        0x65, 0xEE, 0x52, 0x80, 0xB5, 0x19, 0x72, 0x6C,
+        0x1C, 0xA9, 0x80, 0x32, 0x95, 0xC6, 0x74, 0xB7,
+        0xEF, 0xAF, 0xA4, 0xD6, 0x1B, 0x30, 0x6A, 0x79,
+        0xE3, 0xF6, 0xE7, 0xA8, 0x87, 0xC2, 0xFB, 0x53,
+        0x5B, 0x3B, 0x0F, 0xB3, 0xD9, 0xEB, 0xC8, 0x76,
+        0x03, 0xEA, 0xFE, 0xF1, 0x70, 0xC1, 0xF1, 0xD2,
+        0x8E, 0x99, 0xBB
+    };
+    static const byte sig_65_draft[] = {
+        0xF7, 0x78, 0x9A, 0x45, 0xA3, 0x58, 0x73, 0x30,
+        0xE7, 0xFC, 0xF7, 0x06, 0x95, 0xF7, 0xF6, 0x96,
+        0x88, 0xA2, 0xB8, 0xD0, 0xCE, 0x54, 0xF0, 0x90,
+        0x21, 0x4F, 0x10, 0x9F, 0x56, 0x48, 0x4F, 0x98,
+        0xC3, 0xAD, 0x1A, 0x53, 0xA5, 0x44, 0x1C, 0x2C,
+        0xA7, 0x2A, 0x3B, 0x31, 0x91, 0xBC, 0x04, 0x6F,
+        0x46, 0x37, 0x30, 0x45, 0xB9, 0xE5, 0x40, 0xC7,
+        0x3D, 0xFE, 0x91, 0xB6, 0x1F, 0x05, 0x88, 0xD6,
+        0x13, 0x59, 0x3F, 0xCE, 0x1B, 0x00, 0xEE, 0xF1,
+        0xB2, 0x27, 0x03, 0x4C, 0x6F, 0xD3, 0xB1, 0x8B,
+        0x3F, 0x22, 0x11, 0x10, 0xFB, 0x34, 0x5A, 0xA7,
+        0x86, 0x31, 0xB8, 0xB5, 0x9F, 0xBD, 0xFD, 0xCC,
+        0xDA, 0xE6, 0xA2, 0x4D, 0x25, 0x9D, 0x34, 0xAA,
+        0xBA, 0xD2, 0x18, 0xB3, 0xAE, 0x4E, 0x77, 0x18,
+        0x66, 0x53, 0xB8, 0x56, 0x3A, 0xA6, 0x12, 0x0A,
+        0x0A, 0x53, 0x1A, 0x4E, 0x91, 0x37, 0x30, 0xDC,
+        0x91, 0x4F, 0xE5, 0xE0, 0x08, 0xBE, 0xCE, 0x68,
+        0x69, 0xB0, 0x2B, 0x07, 0xFD, 0xC1, 0x62, 0x14,
+        0x54, 0x0D, 0x31, 0x6C, 0x43, 0xFA, 0x0C, 0x21,
+        0x1B, 0x41, 0xAC, 0x7E, 0x52, 0x65, 0x67, 0x29,
+        0xC7, 0x73, 0xE4, 0xC4, 0xB8, 0x8E, 0xD3, 0x11,
+        0x88, 0x6D, 0xD4, 0xD2, 0x75, 0x41, 0x7D, 0x70,
+        0x19, 0x66, 0x44, 0xEE, 0xD1, 0x5F, 0xA3, 0x15,
+        0x06, 0x60, 0x03, 0xE3, 0x09, 0xF8, 0x32, 0xAF,
+        0x91, 0x26, 0x2C, 0x94, 0x90, 0x11, 0xFC, 0xB0,
+        0xAD, 0x2C, 0xCE, 0x65, 0xDD, 0x9E, 0xFF, 0x56,
+        0x7E, 0xE2, 0x9C, 0xC4, 0x0A, 0x6F, 0xE0, 0x66,
+        0x4E, 0x7D, 0x9F, 0x23, 0x65, 0x68, 0xFC, 0x94,
+        0x29, 0x5D, 0xBB, 0x34, 0x28, 0x82, 0x33, 0xE8,
+        0xC5, 0x11, 0xD2, 0x88, 0x15, 0xEC, 0x72, 0x10,
+        0x32, 0x29, 0x6E, 0x1E, 0xDE, 0xCA, 0x7F, 0x72,
+        0x6A, 0x6E, 0xB0, 0xF7, 0x6C, 0xC5, 0x82, 0x80,
+        0x11, 0xC0, 0xE4, 0x01, 0x3C, 0xC7, 0xEE, 0x43,
+        0x29, 0xB8, 0x1E, 0xCC, 0x0D, 0x52, 0xED, 0x1E,
+        0x49, 0x1D, 0xD6, 0xD5, 0x5C, 0x52, 0x65, 0x66,
+        0x5E, 0xD8, 0xAD, 0x21, 0x9B, 0x89, 0x4F, 0x31,
+        0xC6, 0x8C, 0x61, 0x9A, 0xFC, 0xDB, 0x73, 0x58,
+        0xE5, 0x55, 0x4C, 0x49, 0x5B, 0x8B, 0x6E, 0x33,
+        0x25, 0x68, 0x8F, 0xB8, 0xC1, 0xA2, 0x53, 0x31,
+        0xD5, 0x7B, 0xD3, 0x48, 0xA2, 0x7D, 0x39, 0x09,
+        0x29, 0xBC, 0x46, 0xA1, 0x49, 0x6A, 0xB3, 0x5B,
+        0x46, 0xBA, 0x61, 0xB6, 0xB9, 0xD2, 0x3C, 0xD0,
+        0x63, 0x15, 0xFB, 0x72, 0xC2, 0x47, 0x76, 0x01,
+        0x61, 0x30, 0xAD, 0xB1, 0xCF, 0x2D, 0xC7, 0x29,
+        0x59, 0xEA, 0x9C, 0xAD, 0x96, 0xAF, 0x5D, 0xA9,
+        0x96, 0x12, 0x6C, 0xDD, 0x85, 0xB1, 0x34, 0xCC,
+        0x92, 0x7A, 0x51, 0xFD, 0x23, 0xF8, 0x47, 0x91,
+        0xA3, 0xFC, 0xDA, 0x07, 0x7E, 0x15, 0x99, 0x17,
+        0x48, 0xA0, 0x39, 0x4F, 0x33, 0x4E, 0xB8, 0xBC,
+        0x48, 0xA9, 0x9A, 0xB9, 0xDF, 0xBB, 0x0F, 0x2A,
+        0xAD, 0x6F, 0xBE, 0x48, 0x49, 0x61, 0xD3, 0xA4,
+        0xE8, 0xF8, 0xB2, 0x1A, 0x6A, 0xC0, 0x92, 0xB2,
+        0x26, 0xD6, 0xE1, 0x19, 0xFA, 0xD4, 0x4D, 0x8E,
+        0x57, 0x6F, 0xE9, 0x6C, 0x6C, 0xDB, 0x68, 0x40,
+        0xEA, 0x61, 0x4B, 0xAF, 0xC7, 0x07, 0x86, 0xC5,
+        0x19, 0xE1, 0xD5, 0xDC, 0x0F, 0x98, 0x44, 0x43,
+        0xC8, 0xB1, 0xE5, 0x4F, 0x8E, 0xE1, 0x76, 0xD9,
+        0x8B, 0x2C, 0x70, 0x27, 0xF5, 0x7D, 0x7E, 0x3D,
+        0xE9, 0xB2, 0xA0, 0xA3, 0x69, 0x11, 0xB8, 0xE4,
+        0x71, 0x21, 0xDE, 0x0C, 0x07, 0xEB, 0xBA, 0x5D,
+        0x7B, 0x59, 0x4E, 0xF2, 0x44, 0xC6, 0x83, 0x27,
+        0xEC, 0x6C, 0x6D, 0x1D, 0xD5, 0x01, 0xF4, 0x83,
+        0xFE, 0x9B, 0x95, 0x70, 0x59, 0x7E, 0x70, 0xDF,
+        0x41, 0x3E, 0x7A, 0xF0, 0x38, 0x47, 0xF4, 0x09,
+        0xED, 0x61, 0xE2, 0x84, 0x6E, 0x6C, 0x64, 0x1E,
+        0x6A, 0x7F, 0xFA, 0x79, 0xDE, 0x6B, 0xFA, 0x37,
+        0x3A, 0x06, 0x44, 0xB0, 0x0B, 0xF4, 0x1A, 0x03,
+        0x49, 0x92, 0xA7, 0x94, 0xDA, 0x17, 0xC8, 0x88,
+        0x85, 0x23, 0x90, 0x32, 0xC8, 0x51, 0x76, 0x4E,
+        0x3E, 0x4D, 0xBD, 0xE7, 0xF1, 0x2A, 0x16, 0xC5,
+        0xA2, 0x63, 0xE9, 0x64, 0xC1, 0xE7, 0xFD, 0xD3,
+        0xCC, 0xE5, 0x76, 0xDD, 0x6D, 0x56, 0xB1, 0x81,
+        0x82, 0x84, 0x8B, 0x75, 0x63, 0x64, 0x5D, 0x4E,
+        0x42, 0xFF, 0x22, 0x74, 0x2A, 0x99, 0x67, 0x85,
+        0x16, 0x9D, 0x7F, 0x50, 0x3B, 0x48, 0xA7, 0x15,
+        0x8B, 0x3C, 0xBD, 0x29, 0x93, 0x5E, 0xD3, 0x20,
+        0x49, 0xBE, 0xA1, 0xAD, 0x95, 0x3E, 0xF7, 0x07,
+        0x32, 0x7B, 0x77, 0x8B, 0xFD, 0xDD, 0xFC, 0x60,
+        0x51, 0x1D, 0xA1, 0x13, 0xA3, 0x4F, 0x65, 0x57,
+        0x12, 0xE4, 0xE5, 0x9D, 0x6C, 0xCE, 0x40, 0x4E,
+        0x94, 0xAB, 0xA6, 0x1E, 0x81, 0x35, 0x38, 0x8F,
+        0xC2, 0x1C, 0x8E, 0x41, 0x34, 0x4F, 0x32, 0x4B,
+        0x01, 0xAC, 0x8C, 0x06, 0x9F, 0x92, 0x57, 0x5D,
+        0x34, 0xF8, 0x8B, 0xCA, 0x22, 0xCB, 0x30, 0x7E,
+        0x37, 0x07, 0x00, 0x63, 0x32, 0x02, 0x56, 0xB8,
+        0xBA, 0xD6, 0xEB, 0x7A, 0x81, 0xAF, 0xE9, 0xA2,
+        0x54, 0x01, 0x6E, 0x1C, 0x8A, 0x12, 0x50, 0x89,
+        0xAA, 0xA3, 0xED, 0xE8, 0x4E, 0x5B, 0x6C, 0x2E,
+        0xCF, 0xAE, 0xFA, 0xA5, 0x2B, 0x9F, 0x57, 0x09,
+        0x60, 0x2C, 0x06, 0xAE, 0xA4, 0xA0, 0x38, 0x4E,
+        0x9B, 0x09, 0xE5, 0xB8, 0x81, 0x64, 0xB2, 0x74,
+        0xEA, 0x32, 0x65, 0xFB, 0x51, 0x52, 0x39, 0x7D,
+        0xFF, 0x5A, 0x3A, 0x08, 0x61, 0xE2, 0xBC, 0x12,
+        0xD2, 0x10, 0x92, 0x89, 0x72, 0x97, 0x47, 0xE8,
+        0x3F, 0xDF, 0x24, 0x3A, 0x1D, 0x17, 0xB9, 0x83,
+        0x48, 0x37, 0x98, 0x45, 0xA9, 0xE9, 0x55, 0xE2,
+        0xD6, 0xF9, 0x38, 0xDA, 0xA5, 0x91, 0x8E, 0x2A,
+        0x14, 0xF9, 0x7B, 0xA2, 0xBE, 0x50, 0x1C, 0xCC,
+        0xAF, 0xD6, 0x81, 0x91, 0x0F, 0x4A, 0x4F, 0x06,
+        0x71, 0x5C, 0xE8, 0x40, 0x96, 0xF3, 0x7A, 0x91,
+        0xDC, 0xCA, 0x2A, 0x8A, 0x4B, 0xE8, 0xDA, 0x79,
+        0x21, 0xDB, 0xF8, 0xD3, 0xF4, 0xEF, 0xB9, 0x8C,
+        0x6B, 0x4F, 0x94, 0x0E, 0xCE, 0xF8, 0x32, 0xB5,
+        0x49, 0xD0, 0x68, 0x94, 0x7C, 0x3D, 0xFB, 0x58,
+        0x09, 0xCB, 0x7B, 0x06, 0x0A, 0x3A, 0x0E, 0xF3,
+        0xB2, 0x1C, 0x01, 0x64, 0x50, 0x1D, 0xDE, 0xA7,
+        0xC9, 0xE5, 0xE7, 0x89, 0x7C, 0x6B, 0x1C, 0x46,
+        0x34, 0x8B, 0x2C, 0x3E, 0x80, 0x5F, 0x6F, 0x22,
+        0x87, 0xBA, 0x15, 0x8C, 0xF9, 0x25, 0xA7, 0xBA,
+        0x7F, 0x08, 0x25, 0x49, 0x89, 0xC8, 0x7D, 0x24,
+        0x97, 0x9A, 0xD9, 0x86, 0xAA, 0x97, 0xC5, 0x1B,
+        0x01, 0xF4, 0x5D, 0x4A, 0x1F, 0x24, 0x75, 0x29,
+        0x91, 0xF0, 0x42, 0x05, 0xEB, 0x55, 0x1F, 0xD0,
+        0x2D, 0x41, 0x5F, 0x2D, 0xD1, 0xEF, 0xF1, 0x42,
+        0xB0, 0xD7, 0x04, 0x16, 0xC6, 0xD8, 0x15, 0xEB,
+        0x91, 0x73, 0x2B, 0x26, 0x8F, 0xB2, 0x0D, 0x08,
+        0x67, 0x44, 0x2D, 0x71, 0xDE, 0xC0, 0x57, 0xB2,
+        0x86, 0xCD, 0x93, 0x81, 0x1F, 0xF3, 0xF6, 0x46,
+        0xEB, 0xD5, 0x65, 0xD5, 0x1D, 0x09, 0xA4, 0x2D,
+        0x3A, 0xBA, 0xAC, 0x0F, 0x34, 0xCC, 0x81, 0x7B,
+        0x18, 0x93, 0x8E, 0xCC, 0xBB, 0x1F, 0xEF, 0x05,
+        0xBD, 0x3C, 0x2B, 0x49, 0x4F, 0xA5, 0x29, 0xED,
+        0x4C, 0x63, 0x4C, 0x93, 0x25, 0xA4, 0x81, 0x73,
+        0xF2, 0x0F, 0xFA, 0xC3, 0x2D, 0xC1, 0x01, 0xE6,
+        0xEE, 0x03, 0xB2, 0xFC, 0xBE, 0xC2, 0x46, 0x8D,
+        0xBC, 0x8F, 0x76, 0x75, 0x8C, 0x32, 0x15, 0x47,
+        0x4F, 0x7E, 0xF2, 0x40, 0x65, 0xF7, 0x90, 0x60,
+        0xAC, 0xA3, 0xC8, 0xD5, 0xD7, 0x4A, 0xF7, 0x0F,
+        0x48, 0x30, 0x1D, 0xDB, 0x30, 0xC0, 0x5D, 0xB3,
+        0xEF, 0xA7, 0x26, 0xCF, 0x88, 0x55, 0x59, 0x01,
+        0x84, 0x12, 0x82, 0xAA, 0x08, 0xF6, 0x66, 0xA6,
+        0x53, 0x51, 0xA6, 0xA2, 0x4E, 0xED, 0x6B, 0xE2,
+        0x11, 0x77, 0x31, 0x07, 0xE1, 0x85, 0xE1, 0xB4,
+        0x88, 0xA2, 0xE4, 0x91, 0xB6, 0xC1, 0x41, 0x52,
+        0x84, 0x62, 0xA8, 0x64, 0x94, 0xB5, 0x4F, 0xDC,
+        0xCE, 0xCC, 0xB6, 0xAA, 0x21, 0x25, 0x36, 0x86,
+        0x69, 0x3A, 0xE7, 0x98, 0xC9, 0xCE, 0x9E, 0x0B,
+        0xDD, 0xC6, 0xAE, 0x53, 0xD9, 0xB7, 0x06, 0xDC,
+        0x4F, 0x4D, 0x81, 0xB9, 0xC7, 0x3C, 0x46, 0x1E,
+        0xCD, 0x70, 0x35, 0xC5, 0x17, 0x2E, 0xFA, 0xE5,
+        0x60, 0x2C, 0xAF, 0x88, 0xC6, 0x4E, 0x79, 0xE5,
+        0x32, 0x40, 0x30, 0x55, 0x5D, 0xE2, 0x11, 0xF8,
+        0x9F, 0xD4, 0x24, 0xC3, 0x38, 0xC3, 0x88, 0x3C,
+        0x83, 0xCA, 0x94, 0x05, 0xC2, 0xB5, 0xD1, 0x44,
+        0x5F, 0x7C, 0x98, 0xC4, 0x3E, 0xD3, 0xD2, 0xBE,
+        0xCB, 0xE2, 0x5F, 0x5F, 0x3F, 0x54, 0x4C, 0xCC,
+        0x5B, 0x5A, 0xEA, 0xE4, 0x7D, 0xDF, 0x3F, 0xB5,
+        0x64, 0x9F, 0xF5, 0xD6, 0x1E, 0xAA, 0x02, 0xED,
+        0xEB, 0xC7, 0x5C, 0xE4, 0x78, 0xBA, 0x00, 0x42,
+        0x6C, 0xAF, 0x47, 0x4F, 0xA7, 0x9E, 0x5B, 0x08,
+        0x9E, 0xB1, 0xA8, 0x82, 0xF1, 0x53, 0x54, 0x59,
+        0x26, 0x95, 0x95, 0x2B, 0xA0, 0xA8, 0xEE, 0x91,
+        0xE6, 0x49, 0xE3, 0xF2, 0xC3, 0x82, 0x26, 0x4D,
+        0xAA, 0x30, 0xF6, 0xA6, 0xD2, 0x17, 0xF6, 0x12,
+        0x9C, 0x19, 0x39, 0xB6, 0xDC, 0xAC, 0xCD, 0xA5,
+        0xB6, 0x37, 0x32, 0x6E, 0x8A, 0x83, 0x61, 0xC3,
+        0xB5, 0x6F, 0xCF, 0xFC, 0x48, 0x50, 0x36, 0x86,
+        0x58, 0x22, 0xB9, 0xBB, 0x87, 0xB4, 0x35, 0x10,
+        0xBC, 0xDD, 0x55, 0xBC, 0x35, 0x0D, 0xE7, 0xB2,
+        0xAE, 0x90, 0xA2, 0x1E, 0x9E, 0x19, 0x97, 0x8E,
+        0xDA, 0x10, 0xDF, 0x66, 0x76, 0x14, 0xA4, 0x4F,
+        0xE2, 0xA8, 0x4D, 0x16, 0xBE, 0x04, 0x3E, 0xA8,
+        0x77, 0x36, 0x33, 0xEA, 0x6B, 0xAD, 0xF6, 0x57,
+        0x10, 0x05, 0x2F, 0x34, 0x1F, 0x65, 0xCB, 0xE9,
+        0x28, 0xD3, 0x96, 0x2A, 0x5A, 0x2F, 0xE6, 0x4E,
+        0x46, 0xD6, 0xBF, 0xB8, 0xFD, 0x0D, 0x99, 0x78,
+        0xF0, 0x42, 0x3C, 0xBD, 0x19, 0x5F, 0x72, 0xF3,
+        0xCB, 0x19, 0xD7, 0xEF, 0xD9, 0xEB, 0xE3, 0x3C,
+        0xD2, 0xF5, 0x70, 0x9A, 0x57, 0x80, 0x7D, 0xF9,
+        0x44, 0xEC, 0xE5, 0x68, 0xAA, 0xCA, 0x43, 0x36,
+        0x42, 0x20, 0x83, 0xB0, 0x69, 0x7B, 0x6A, 0xA0,
+        0x05, 0x86, 0xE4, 0xBF, 0x7D, 0xD6, 0x73, 0xA3,
+        0xD5, 0x96, 0xB8, 0x61, 0x8A, 0xC3, 0xB4, 0x06,
+        0x17, 0x50, 0xC6, 0xBE, 0x97, 0xCB, 0x53, 0x75,
+        0x3D, 0x02, 0x39, 0x55, 0x56, 0x07, 0x5A, 0x26,
+        0xF1, 0x40, 0xB9, 0x3F, 0x57, 0x7D, 0xAD, 0x50,
+        0x5E, 0x1C, 0xF2, 0xB5, 0x51, 0xA0, 0x4C, 0x98,
+        0xC7, 0xF0, 0x90, 0x18, 0x31, 0xB3, 0xCA, 0x61,
+        0xD7, 0x5D, 0xA7, 0x93, 0xAC, 0x72, 0xA4, 0x4C,
+        0x7A, 0x07, 0xF7, 0xDB, 0xBA, 0xD6, 0x0A, 0x55,
+        0xF4, 0x9C, 0xBD, 0x79, 0xDE, 0xE4, 0x73, 0x9F,
+        0xFD, 0x36, 0x77, 0x8E, 0xBD, 0x08, 0xEB, 0xDB,
+        0x79, 0xEC, 0x07, 0xA1, 0x62, 0x39, 0xC5, 0xB9,
+        0x21, 0x59, 0x9F, 0xEB, 0xFE, 0xA4, 0x6D, 0xDF,
+        0x96, 0x6A, 0xA4, 0xA0, 0x15, 0x12, 0xE6, 0x10,
+        0x94, 0x3F, 0x5D, 0xC5, 0x4B, 0x4C, 0x76, 0xB7,
+        0x64, 0xB3, 0x80, 0xBF, 0x2F, 0x84, 0xED, 0xE3,
+        0x21, 0x24, 0x91, 0x2F, 0x54, 0xF7, 0xB6, 0xE2,
+        0x07, 0xB7, 0x38, 0x1F, 0x67, 0x0F, 0x7A, 0xA0,
+        0xF3, 0xC3, 0xED, 0x10, 0x15, 0x74, 0x03, 0x84,
+        0xDD, 0x61, 0xA9, 0x76, 0x5E, 0xE4, 0x69, 0x6E,
+        0xAC, 0xF8, 0x2E, 0xA4, 0x10, 0x69, 0x18, 0x05,
+        0xCB, 0x68, 0x89, 0x03, 0x53, 0x5D, 0x70, 0x46,
+        0x10, 0x0D, 0xCC, 0x2B, 0xA7, 0xD8, 0x30, 0x2A,
+        0xCB, 0x04, 0x30, 0xD5, 0x06, 0xCC, 0xC1, 0xC0,
+        0xDD, 0xEA, 0x71, 0x11, 0xA7, 0x6F, 0x45, 0xB4,
+        0x54, 0xE2, 0x5C, 0xDD, 0xFB, 0x63, 0x9B, 0x3D,
+        0x66, 0x4C, 0x36, 0xD8, 0x84, 0x35, 0x13, 0xA3,
+        0xFC, 0xAF, 0x9E, 0x60, 0x57, 0xE9, 0xBC, 0x06,
+        0x82, 0x37, 0xFE, 0x24, 0x19, 0xA2, 0xD2, 0xD9,
+        0x0B, 0x4A, 0x1F, 0xC2, 0xA7, 0x1A, 0x14, 0x6D,
+        0x2B, 0xD0, 0x43, 0x64, 0xC7, 0x9B, 0x8E, 0xBA,
+        0x8E, 0x3E, 0x88, 0xCE, 0x11, 0xE9, 0x16, 0xE4,
+        0xA7, 0x52, 0x84, 0x21, 0x32, 0x8C, 0xF5, 0x4F,
+        0xAA, 0xB2, 0xB1, 0x9F, 0x44, 0x46, 0x87, 0x81,
+        0xF8, 0xAB, 0x84, 0xB7, 0xDD, 0x97, 0x2F, 0xF5,
+        0x61, 0x50, 0x71, 0x43, 0x0A, 0x43, 0x74, 0xDA,
+        0xFC, 0xAE, 0x1E, 0x60, 0x44, 0xAA, 0x98, 0xE9,
+        0x85, 0x94, 0x1B, 0xA6, 0xB9, 0xDB, 0x8C, 0x02,
+        0xF5, 0x89, 0x60, 0x3E, 0xEB, 0x8B, 0xE9, 0x0A,
+        0x70, 0xEF, 0xC0, 0x88, 0xD7, 0x95, 0xE6, 0xDA,
+        0x1F, 0x1F, 0x2E, 0x6E, 0xCE, 0xDD, 0x03, 0x1D,
+        0x81, 0x99, 0xE6, 0x59, 0x12, 0xD4, 0x34, 0xD0,
+        0x9B, 0xFB, 0xE5, 0x94, 0x40, 0x6D, 0xC1, 0x15,
+        0x0E, 0x99, 0x35, 0x8C, 0xEA, 0x7F, 0xAD, 0x2E,
+        0x7C, 0x44, 0xC3, 0x8B, 0x6E, 0x0C, 0xEE, 0xAB,
+        0x9B, 0xDE, 0x0D, 0xB9, 0x7B, 0xCF, 0x5A, 0xC9,
+        0x94, 0x10, 0xC9, 0x47, 0x0E, 0x26, 0x6B, 0x8B,
+        0xE4, 0x5F, 0x66, 0x90, 0x83, 0x1F, 0x41, 0x45,
+        0xE2, 0x63, 0x79, 0xDB, 0x80, 0x7C, 0x26, 0xDD,
+        0xF9, 0x1E, 0x30, 0x9D, 0x4F, 0x4A, 0x3E, 0x7E,
+        0xCA, 0xB7, 0x36, 0x2F, 0x15, 0xD2, 0x0E, 0xA4,
+        0x33, 0xB7, 0xE7, 0x0A, 0x7D, 0xDE, 0x74, 0x16,
+        0xCE, 0xA8, 0x71, 0x49, 0x8B, 0x2C, 0xE3, 0xF5,
+        0x8D, 0x29, 0xD8, 0x62, 0x8C, 0x53, 0x18, 0x40,
+        0xF0, 0x22, 0xDD, 0x3B, 0xD2, 0xF3, 0x80, 0x9B,
+        0x11, 0x68, 0xD3, 0x8E, 0x63, 0xC7, 0xF6, 0x93,
+        0x08, 0xA3, 0x1A, 0x2D, 0x4D, 0x5E, 0xEB, 0x97,
+        0x42, 0x39, 0xB3, 0x4A, 0x62, 0xBC, 0x85, 0xE4,
+        0xEC, 0xF9, 0x0C, 0x33, 0x6A, 0x0C, 0x37, 0xBD,
+        0x9E, 0x0E, 0xF4, 0x26, 0x6B, 0x83, 0x5A, 0xC8,
+        0x90, 0x6A, 0x83, 0xCF, 0x0B, 0x35, 0x13, 0x8A,
+        0x65, 0xE5, 0xD9, 0xA6, 0x1F, 0xCC, 0x9B, 0x2D,
+        0x5A, 0x33, 0x7B, 0x8A, 0xBE, 0xF8, 0x8A, 0x7F,
+        0xB3, 0xC0, 0x94, 0x5D, 0x7C, 0xAF, 0x35, 0x61,
+        0x1A, 0xE0, 0xE4, 0x46, 0x93, 0xA5, 0xBC, 0xE0,
+        0xA6, 0xE2, 0xFE, 0xCA, 0xE9, 0xBD, 0xF4, 0xE3,
+        0x56, 0xD6, 0x53, 0x6B, 0x58, 0x1A, 0x18, 0xF0,
+        0x3A, 0x59, 0x16, 0x4E, 0xD5, 0x44, 0x7C, 0x7E,
+        0xC8, 0xBD, 0x99, 0x7B, 0xE9, 0x53, 0xDE, 0xD9,
+        0x32, 0x53, 0x5B, 0x5F, 0x43, 0x8A, 0x04, 0x31,
+        0x9F, 0x5E, 0x0D, 0x8B, 0x0F, 0xEB, 0xC8, 0xDE,
+        0x81, 0x46, 0x65, 0x8E, 0x52, 0xB9, 0x75, 0x9C,
+        0x73, 0x93, 0x5B, 0x12, 0x0D, 0xC9, 0xB8, 0x54,
+        0xF3, 0xC8, 0xF9, 0x4E, 0xC9, 0x33, 0x90, 0x57,
+        0xD7, 0xD7, 0xCD, 0x91, 0xF7, 0xE0, 0xB9, 0x8D,
+        0x84, 0xEC, 0x7B, 0x2F, 0x92, 0x32, 0x8D, 0x73,
+        0x60, 0x18, 0xB0, 0x31, 0x65, 0xA8, 0x74, 0x5F,
+        0x8E, 0x77, 0xEB, 0x80, 0x29, 0xF9, 0x78, 0x26,
+        0x70, 0xCB, 0xD8, 0x6B, 0x43, 0x16, 0xC7, 0xBE,
+        0x4A, 0x88, 0x03, 0x38, 0xBA, 0xCF, 0xB0, 0x15,
+        0x69, 0x9B, 0xF3, 0x0D, 0x3A, 0x4B, 0x05, 0x32,
+        0x54, 0x35, 0xBA, 0x5F, 0xA3, 0xB9, 0xD2, 0xB2,
+        0xFE, 0x0B, 0x51, 0x9C, 0x2C, 0xB2, 0x46, 0xE5,
+        0x3D, 0x1A, 0x34, 0x3D, 0x66, 0x1A, 0x66, 0x14,
+        0x3C, 0x6F, 0x46, 0x8C, 0x55, 0x38, 0x64, 0x5C,
+        0xC2, 0x6D, 0x4E, 0x2A, 0x87, 0x03, 0xEC, 0x9B,
+        0x10, 0xFC, 0x89, 0xBE, 0x6F, 0x85, 0x99, 0x97,
+        0x70, 0x8F, 0x31, 0x19, 0x4F, 0x0D, 0xFE, 0xE9,
+        0x29, 0x98, 0xB2, 0x5E, 0x93, 0xB9, 0x70, 0x70,
+        0xDE, 0x14, 0x40, 0x9D, 0x5B, 0xA4, 0x3D, 0xF8,
+        0x8D, 0x15, 0xC2, 0xFB, 0xA9, 0x7B, 0xDD, 0xE6,
+        0x18, 0xCC, 0x3F, 0xC0, 0x42, 0xF7, 0x74, 0x81,
+        0x84, 0xBA, 0x9E, 0xC9, 0xCB, 0xA1, 0xB2, 0x00,
+        0x68, 0x81, 0xD0, 0x51, 0x42, 0x64, 0x19, 0x8F,
+        0xB6, 0x91, 0xC5, 0xC0, 0x38, 0xE0, 0x49, 0x50,
+        0xCF, 0x69, 0x09, 0x93, 0x77, 0xFE, 0x66, 0xBA,
+        0x64, 0xE2, 0x19, 0x52, 0xA4, 0x45, 0x81, 0x71,
+        0x96, 0x64, 0xF5, 0xD9, 0x23, 0x97, 0xD2, 0x2A,
+        0xA7, 0x03, 0x2B, 0xF5, 0x89, 0xAF, 0x8A, 0xCA,
+        0x48, 0xDF, 0x6D, 0x14, 0xEB, 0x43, 0xCE, 0xF0,
+        0xA9, 0xC8, 0xA8, 0xF9, 0xAD, 0x32, 0x95, 0x25,
+        0xEF, 0x0A, 0xAA, 0x4F, 0x9E, 0x09, 0xC3, 0x51,
+        0x3C, 0xF0, 0x29, 0xF3, 0xDE, 0xFC, 0xBB, 0x41,
+        0x14, 0xFA, 0x0F, 0x66, 0x8D, 0xB4, 0x72, 0x2F,
+        0xCC, 0xD9, 0xC2, 0x07, 0xB6, 0x6F, 0x10, 0x9E,
+        0xD9, 0x5B, 0x45, 0x4B, 0xB6, 0x19, 0x5D, 0x59,
+        0xC4, 0xA6, 0x78, 0xBA, 0x6F, 0x5A, 0x9B, 0x23,
+        0x41, 0x21, 0xAD, 0x05, 0x16, 0xA1, 0xD4, 0x12,
+        0x3D, 0x38, 0x26, 0xD9, 0x2A, 0x61, 0xB3, 0x5D,
+        0xEB, 0x29, 0x5B, 0xAA, 0x2F, 0xE1, 0xB5, 0xEE,
+        0x25, 0x02, 0x1D, 0xAE, 0xF8, 0x57, 0xB5, 0xDF,
+        0x19, 0x2E, 0x17, 0x5E, 0x3A, 0x2A, 0x0D, 0x3F,
+        0x08, 0x2F, 0x21, 0x1C, 0xB5, 0xBD, 0xC2, 0x36,
+        0x27, 0x4F, 0x86, 0xC5, 0xDC, 0x74, 0xC3, 0x9B,
+        0xE9, 0x7C, 0xCF, 0x5F, 0x57, 0x94, 0xEB, 0x64,
+        0xEC, 0x64, 0x55, 0x45, 0x21, 0x0F, 0xC6, 0x67,
+        0xD1, 0xE0, 0x74, 0x0E, 0x66, 0xCB, 0xED, 0xC2,
+        0x06, 0x48, 0xCA, 0x1F, 0xA7, 0x34, 0x14, 0x59,
+        0x6B, 0xA0, 0x89, 0x17, 0xA1, 0x9A, 0x46, 0x3A,
+        0xD3, 0x02, 0x7C, 0x81, 0x83, 0x6B, 0x8F, 0x4F,
+        0x02, 0xB9, 0x9F, 0xC5, 0x08, 0x3F, 0x06, 0xF3,
+        0x4B, 0xD2, 0x30, 0x9C, 0x23, 0x42, 0xAD, 0x88,
+        0xA8, 0x4F, 0xA9, 0x6E, 0x20, 0x7C, 0x01, 0x08,
+        0xF6, 0x82, 0x54, 0x14, 0x94, 0x4F, 0x26, 0x4E,
+        0xD6, 0xC4, 0x66, 0x7C, 0x78, 0x8D, 0x61, 0xA6,
+        0xBC, 0x2C, 0x45, 0x6A, 0xF6, 0x6C, 0x2F, 0x76,
+        0x9E, 0x16, 0x90, 0x17, 0x06, 0x91, 0x2C, 0xC9,
+        0x0D, 0x4B, 0x6C, 0x90, 0xDC, 0xA1, 0x6C, 0xAC,
+        0x8F, 0xFE, 0xD8, 0x39, 0x70, 0x20, 0xE2, 0x97,
+        0x5E, 0x24, 0xFF, 0x4C, 0x80, 0x7C, 0x8A, 0xB7,
+        0x31, 0xC8, 0x1D, 0x36, 0xCA, 0x84, 0xC9, 0x12,
+        0x1A, 0x85, 0x13, 0xE0, 0xC9, 0xD0, 0xF4, 0x1B,
+        0xC6, 0x8F, 0x88, 0xEA, 0xCA, 0xA3, 0x55, 0x99,
+        0xFA, 0xE3, 0xBB, 0xA6, 0xFC, 0xC6, 0x52, 0x8D,
+        0x47, 0xE4, 0x0C, 0x07, 0x64, 0xCF, 0x9C, 0x83,
+        0x83, 0xB3, 0xA4, 0x45, 0x15, 0xE6, 0x1D, 0x92,
+        0xCD, 0xAE, 0xC9, 0xCB, 0x90, 0x82, 0xB5, 0xA0,
+        0xC0, 0x37, 0x94, 0x60, 0xD9, 0x17, 0x9A, 0x7D,
+        0x9D, 0xF2, 0x9E, 0x0B, 0x4B, 0x6A, 0x41, 0x18,
+        0x28, 0x52, 0x15, 0xE8, 0x7B, 0x6F, 0x11, 0x8E,
+        0x97, 0x31, 0xE4, 0x66, 0xFB, 0x3F, 0xEB, 0xD1,
+        0x95, 0xE1, 0x44, 0xFD, 0x20, 0x37, 0xD1, 0x16,
+        0x62, 0x75, 0x79, 0xAC, 0x55, 0xFE, 0xD5, 0xE3,
+        0x25, 0x85, 0xEC, 0x66, 0x38, 0xA0, 0xDF, 0xBE,
+        0x6E, 0xD6, 0xC5, 0x87, 0x6C, 0xF8, 0x11, 0x4C,
+        0x90, 0x2A, 0xEF, 0xA3, 0x63, 0xF4, 0xC9, 0xB7,
+        0x2E, 0x7D, 0x5C, 0x85, 0x2D, 0xCC, 0x1A, 0xF2,
+        0xB8, 0x85, 0x2A, 0x9D, 0x0F, 0x99, 0x59, 0x38,
+        0x86, 0x50, 0x84, 0xCE, 0x52, 0x13, 0xB3, 0x08,
+        0xA9, 0xCB, 0x37, 0xF6, 0x81, 0x96, 0x0D, 0x84,
+        0xEF, 0xE1, 0xDF, 0x51, 0x34, 0xA5, 0x91, 0x5A,
+        0xE5, 0x87, 0x8B, 0x10, 0xDA, 0x0F, 0xD4, 0xD9,
+        0xAC, 0x2A, 0xEF, 0x0C, 0x7E, 0x01, 0xC2, 0xE9,
+        0xE7, 0xC0, 0x17, 0xE7, 0xBA, 0x74, 0x0C, 0xEE,
+        0x1A, 0x89, 0x94, 0x59, 0xBB, 0x75, 0x03, 0x3E,
+        0xEA, 0xF3, 0x19, 0x0D, 0x67, 0x79, 0xED, 0x9E,
+        0xDD, 0x84, 0x6A, 0x74, 0xE3, 0x21, 0x52, 0x8C,
+        0x03, 0x08, 0x4A, 0x5D, 0x30, 0x87, 0x48, 0x39,
+        0x71, 0x8A, 0x53, 0x54, 0x9B, 0x2E, 0xC6, 0xB2,
+        0xB7, 0x30, 0xAA, 0x93, 0x5C, 0xA6, 0xE1, 0xC4,
+        0xFD, 0x8B, 0xE0, 0x35, 0x7D, 0x93, 0xF6, 0x21,
+        0x74, 0xEE, 0xED, 0xF8, 0xDA, 0xB7, 0x75, 0x5B,
+        0x46, 0x65, 0x7E, 0x59, 0xD7, 0xAA, 0x00, 0xB9,
+        0xF2, 0xF8, 0x5E, 0x4C, 0x0F, 0x77, 0xFA, 0x11,
+        0xA5, 0xD6, 0x9A, 0x23, 0xB1, 0xEF, 0x3A, 0x09,
+        0xF2, 0x19, 0xD8, 0x3B, 0x1F, 0x39, 0x1F, 0x84,
+        0x13, 0x18, 0xEE, 0xF3, 0x5A, 0x32, 0x63, 0x67,
+        0xBF, 0xA2, 0xB1, 0x5F, 0xD7, 0x14, 0x03, 0x20,
+        0x92, 0xB9, 0xD0, 0x2B, 0xF6, 0x13, 0xAF, 0xF7,
+        0x69, 0x6F, 0xAD, 0xF1, 0xDE, 0x2C, 0x81, 0x70,
+        0x77, 0xCB, 0x7C, 0x99, 0x67, 0x76, 0xD6, 0x9E,
+        0xC2, 0x41, 0xA2, 0x42, 0x54, 0xDA, 0x2D, 0x13,
+        0x98, 0x76, 0x91, 0xEA, 0xC7, 0xEB, 0xA8, 0xCD,
+        0x8D, 0xCF, 0xB3, 0x94, 0x7B, 0x1D, 0x99, 0xED,
+        0xF9, 0x62, 0xD2, 0x15, 0xB3, 0x18, 0xBB, 0x5F,
+        0x9A, 0xA0, 0x4D, 0x1C, 0x82, 0x62, 0x6A, 0x41,
+        0x73, 0xD0, 0x2D, 0x41, 0x0C, 0x58, 0x6B, 0xCA,
+        0x4E, 0x51, 0xCA, 0x4F, 0x3E, 0x15, 0x1B, 0x54,
+        0xF1, 0x7A, 0x6B, 0xC9, 0x67, 0x76, 0x09, 0xBB,
+        0xAF, 0x6C, 0x30, 0x38, 0xA6, 0x7C, 0xAD, 0xA6,
+        0x6B, 0x4F, 0xDF, 0xB5, 0x10, 0x29, 0xE0, 0x78,
+        0x07, 0xD7, 0x05, 0x96, 0x9D, 0x96, 0xC9, 0xAB,
+        0xFB, 0x71, 0x62, 0xE4, 0x58, 0x10, 0xA1, 0xDC,
+        0x4B, 0x56, 0xDA, 0x14, 0x77, 0xED, 0x90, 0x0A,
+        0x89, 0xCC, 0xAC, 0x29, 0x8E, 0x17, 0x88, 0x42,
+        0x69, 0xC3, 0x9E, 0x8D, 0x7A, 0xB9, 0x66, 0xF3,
+        0x3D, 0xDA, 0xDB, 0xE5, 0x6A, 0x38, 0x4C, 0xA2,
+        0x0A, 0x7B, 0x18, 0x99, 0xEC, 0x18, 0xE2, 0xAE,
+        0x54, 0x70, 0x00, 0xB9, 0x04, 0xE3, 0x4E, 0x46,
+        0x80, 0x1D, 0x85, 0x74, 0xDB, 0x00, 0x84, 0x17,
+        0xBC, 0xFD, 0xD1, 0xA7, 0x4D, 0xC0, 0x18, 0xE5,
+        0x07, 0xB7, 0x6B, 0x0F, 0xA0, 0x86, 0x26, 0x23,
+        0x5B, 0x1C, 0xE2, 0x4B, 0xCF, 0xC3, 0x20, 0xFA,
+        0xE3, 0x55, 0x1C, 0x1C, 0x92, 0x9B, 0x94, 0xC7,
+        0xC4, 0x96, 0x53, 0x41, 0x82, 0x9D, 0x8A, 0x13,
+        0x47, 0xD6, 0xA7, 0x38, 0x58, 0x03, 0xB0, 0x8B,
+        0xCD, 0xA8, 0x4A, 0x27, 0xEA, 0x5E, 0x49, 0xCA,
+        0x1E, 0x60, 0x06, 0xEA, 0x23, 0x2A, 0x53, 0xEE,
+        0x41, 0x7E, 0xC8, 0x81, 0xD3, 0x32, 0x8A, 0x15,
+        0x63, 0x82, 0xA6, 0xB2, 0x93, 0x89, 0x4D, 0xDF,
+        0x9B, 0x36, 0x9C, 0xDE, 0x6B, 0x2F, 0xF5, 0x9C,
+        0xB6, 0xA5, 0x64, 0xE2, 0x1C, 0x92, 0x79, 0xEC,
+        0xA0, 0x31, 0x1F, 0x5D, 0x80, 0xCE, 0x39, 0xB9,
+        0x8B, 0xF9, 0x0D, 0xB3, 0x27, 0xF7, 0x4D, 0x3F,
+        0x76, 0x2D, 0x11, 0x7D, 0xF5, 0xF9, 0x13, 0x20,
+        0x84, 0xFF, 0xB5, 0x55, 0xA5, 0xD1, 0x47, 0x22,
+        0x1A, 0xF8, 0x63, 0xAB, 0xF7, 0x87, 0x15, 0xB7,
+        0x21, 0x94, 0x52, 0x9A, 0x0E, 0x33, 0x4D, 0x4A,
+        0x19, 0x1D, 0x42, 0xA9, 0x9B, 0xEA, 0x52, 0xAD,
+        0xA2, 0xC7, 0xCC, 0x4A, 0x97, 0x74, 0xD5, 0xCB,
+        0x28, 0xD4, 0xED, 0x82, 0xB6, 0x1F, 0x94, 0xE8,
+        0x9F, 0x60, 0xF0, 0xC8, 0xEA, 0x52, 0xDC, 0x07,
+        0x9D, 0x46, 0x58, 0xBF, 0x8C, 0x85, 0x6D, 0x61,
+        0x52, 0xD9, 0x22, 0x51, 0x94, 0x8B, 0x3B, 0xA0,
+        0x14, 0xD8, 0xBA, 0xF3, 0xDC, 0xD3, 0x6B, 0xC7,
+        0x1F, 0x8E, 0x5B, 0x2C, 0xE6, 0xF5, 0x35, 0xB7,
+        0xB9, 0xAE, 0x13, 0xDA, 0x4A, 0x1E, 0xAF, 0xFC,
+        0x25, 0x3B, 0xE4, 0x3A, 0x9F, 0x60, 0x8E, 0xAC,
+        0xE7, 0x33, 0xCF, 0xCE, 0x52, 0xEA, 0x5C, 0xDA,
+        0x83, 0x59, 0xDB, 0x53, 0xFF, 0x3A, 0xF2, 0xCE,
+        0xFE, 0x87, 0x79, 0xBC, 0xC5, 0x3C, 0x24, 0xA4,
+        0xB1, 0x8D, 0x5E, 0x0D, 0x78, 0x1B, 0xEC, 0xF7,
+        0x5B, 0x54, 0x77, 0x47, 0x3A, 0x20, 0x24, 0xAD,
+        0x56, 0xC5, 0x4A, 0x7F, 0x99, 0x0E, 0xF6, 0xB1,
+        0xDF, 0xAC, 0x50, 0x10, 0x88, 0x50, 0x9D, 0x3A,
+        0x37, 0xF1, 0xC8, 0xD5, 0xC2, 0x64, 0x87, 0xE4,
+        0x20, 0xB7, 0xF4, 0x35, 0x8E, 0x92, 0x69, 0x76,
+        0x1F, 0xF1, 0xFA, 0x3A, 0xFC, 0xBE, 0xCA, 0xEB,
+        0x68, 0xF5, 0xDD, 0xDE, 0x3A, 0xA8, 0xFD, 0x07,
+        0x8C, 0xC4, 0x22, 0x4C, 0xEA, 0x67, 0x13, 0x2D,
+        0x7E, 0xBF, 0x5D, 0x23, 0x2E, 0x43, 0xBA, 0xDD,
+        0x21, 0x8C, 0x0B, 0x4D, 0xBE, 0x1E, 0x16, 0x52,
+        0x98, 0x66, 0xB9, 0xAB, 0x93, 0x58, 0x85, 0xAC,
+        0xB4, 0x15, 0xFB, 0xB1, 0xEE, 0xE6, 0x94, 0x08,
+        0xA5, 0x21, 0xB4, 0x62, 0xEC, 0x59, 0xCD, 0x0D,
+        0x3C, 0x54, 0x96, 0xD9, 0x85, 0xAE, 0xB0, 0xCE,
+        0x37, 0x4F, 0x67, 0x72, 0xA4, 0xE6, 0x39, 0x3A,
+        0x4E, 0xF0, 0x07, 0x43, 0x80, 0x90, 0xA8, 0xA9,
+        0xE5, 0x2D, 0x2F, 0x55, 0x66, 0x6D, 0x70, 0xF0,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
+        0x08, 0x0E, 0x12, 0x19, 0x20
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    static const byte pk_87_draft[] = {
+        0x2D, 0x1E, 0x6B, 0xED, 0x84, 0x52, 0xEB, 0xF1,
+        0x26, 0xED, 0xE7, 0x0C, 0xA0, 0xA2, 0xB5, 0x0D,
+        0x03, 0x34, 0x2D, 0x5B, 0x13, 0xB2, 0xAE, 0x21,
+        0x0F, 0x45, 0x62, 0xA3, 0xBF, 0x67, 0x0C, 0xB1,
+        0x5C, 0xE9, 0x25, 0xFD, 0x22, 0xF2, 0x62, 0x42,
+        0xBA, 0xE3, 0x10, 0xB3, 0xAA, 0x41, 0x3B, 0x6E,
+        0x78, 0xD4, 0x42, 0xD9, 0x35, 0xD1, 0x72, 0x8A,
+        0x32, 0x48, 0xCC, 0x20, 0x5C, 0xCD, 0x8D, 0x3F,
+        0xD8, 0x34, 0x95, 0x55, 0x20, 0xCD, 0xFB, 0x2C,
+        0x73, 0xE9, 0x0E, 0x60, 0x8B, 0x2C, 0x3F, 0xA8,
+        0xB7, 0xD1, 0x79, 0xFD, 0xDC, 0xC8, 0x81, 0x11,
+        0xC9, 0xE8, 0x41, 0x71, 0xE9, 0x70, 0x9B, 0x53,
+        0x59, 0x33, 0xE4, 0x92, 0xB6, 0x81, 0x9C, 0x6A,
+        0x92, 0xED, 0xA2, 0x5A, 0xC4, 0x07, 0x77, 0x1A,
+        0x8F, 0xED, 0xB4, 0xE7, 0x11, 0xFB, 0x89, 0xEB,
+        0x7B, 0xDF, 0xCC, 0xEA, 0xC5, 0x3B, 0x4E, 0xF4,
+        0x6B, 0x6F, 0xBE, 0xE1, 0x32, 0xA9, 0xD7, 0xAD,
+        0xB4, 0x36, 0xE7, 0x4A, 0x6D, 0x67, 0x11, 0x83,
+        0xAF, 0x31, 0x1A, 0x7A, 0x31, 0x42, 0x9B, 0x01,
+        0x21, 0x17, 0x52, 0x75, 0x85, 0xF7, 0x92, 0x0F,
+        0x34, 0x8A, 0x69, 0x11, 0x88, 0x5A, 0x02, 0x08,
+        0xB6, 0x6D, 0xE3, 0x07, 0x93, 0xB1, 0x3F, 0xE1,
+        0xD5, 0x7B, 0xD9, 0x51, 0xF7, 0xAA, 0xC0, 0x34,
+        0x9A, 0x78, 0x5D, 0x26, 0xDB, 0xF1, 0xF0, 0xA9,
+        0x1E, 0x5C, 0x9F, 0x4F, 0xA7, 0x43, 0x5C, 0x44,
+        0xA9, 0x43, 0xF1, 0x38, 0x11, 0x45, 0xED, 0xEB,
+        0x1C, 0x8A, 0x05, 0xEE, 0xFF, 0xAB, 0x20, 0x2C,
+        0xF6, 0x2C, 0xEE, 0x77, 0x42, 0x36, 0x3E, 0xE6,
+        0x9D, 0x8E, 0x45, 0x0F, 0xF6, 0x7C, 0x39, 0x62,
+        0xD6, 0xFF, 0x97, 0xBC, 0x3D, 0x02, 0xD6, 0xDF,
+        0x4A, 0x35, 0xDA, 0x3F, 0x89, 0xA4, 0x88, 0x33,
+        0xCD, 0xF2, 0x90, 0xF0, 0xE9, 0x37, 0x2F, 0x65,
+        0xA5, 0x88, 0x65, 0xFD, 0x40, 0x44, 0xAD, 0x09,
+        0x09, 0x92, 0xAA, 0x15, 0x9E, 0xEE, 0xF7, 0x2B,
+        0x0D, 0xA7, 0xCB, 0x3A, 0x5E, 0x0A, 0xED, 0xD6,
+        0x7D, 0x82, 0x8B, 0xBA, 0xCF, 0xE5, 0x9E, 0xE4,
+        0x62, 0xAB, 0x69, 0x6B, 0xBA, 0xD0, 0xE5, 0xA9,
+        0xBB, 0x1F, 0x5A, 0x51, 0xE0, 0xFA, 0x5D, 0xD4,
+        0x4D, 0x8E, 0xC0, 0xDC, 0x43, 0x06, 0xDF, 0x23,
+        0x67, 0xB2, 0x4A, 0xA2, 0xFB, 0x75, 0x2F, 0x82,
+        0xD8, 0x44, 0xE4, 0xC0, 0xCE, 0x15, 0x9E, 0x3F,
+        0xD6, 0xB4, 0x70, 0x5F, 0x3B, 0xD0, 0x56, 0x3E,
+        0x0A, 0x7A, 0x4B, 0x94, 0xBF, 0xBA, 0x01, 0x2B,
+        0x9C, 0x8B, 0x91, 0x35, 0xF2, 0xDB, 0x4C, 0x8C,
+        0x8D, 0xD6, 0xEE, 0xC8, 0x65, 0x8D, 0xF3, 0x05,
+        0x59, 0xBE, 0x3A, 0x17, 0xA7, 0x72, 0x10, 0x56,
+        0x14, 0xEF, 0xB8, 0xC1, 0xBE, 0x18, 0x11, 0x0B,
+        0xE6, 0x70, 0xF8, 0x39, 0xA5, 0x72, 0x7D, 0xF9,
+        0x47, 0xFB, 0xAC, 0xFD, 0x1F, 0xC3, 0x71, 0x33,
+        0x58, 0x44, 0x15, 0xD3, 0x7C, 0x93, 0x2E, 0x70,
+        0x92, 0xFA, 0xBB, 0xF2, 0xD0, 0x9D, 0x25, 0xC4,
+        0xCF, 0x4A, 0xB8, 0xEC, 0xBE, 0x5D, 0x8B, 0x7F,
+        0xA4, 0x7C, 0xAB, 0xAD, 0xE7, 0x1E, 0x93, 0x83,
+        0x92, 0x86, 0x1E, 0x8D, 0x15, 0xA4, 0x1C, 0x5B,
+        0x42, 0x25, 0xDA, 0x3D, 0x16, 0xD3, 0x93, 0xF2,
+        0x85, 0x50, 0x86, 0x0A, 0x86, 0x35, 0x6B, 0x14,
+        0xAB, 0x5F, 0x22, 0xD0, 0xCF, 0x03, 0x7C, 0xEB,
+        0xB4, 0x0E, 0xAC, 0x87, 0xA2, 0x41, 0x42, 0xA0,
+        0x21, 0x93, 0x00, 0xB6, 0x47, 0x6F, 0x96, 0xD0,
+        0x41, 0xD1, 0xC3, 0x0E, 0x3C, 0x52, 0xD2, 0x45,
+        0xAB, 0x6A, 0xE7, 0xA1, 0xE5, 0xFD, 0x73, 0xC5,
+        0x82, 0x9D, 0x60, 0x62, 0x8B, 0x6D, 0x87, 0xFC,
+        0x88, 0x9C, 0x3E, 0xEF, 0xAE, 0xAA, 0xB6, 0x1C,
+        0x18, 0xEE, 0xD7, 0x51, 0x1A, 0x96, 0xC4, 0x93,
+        0x25, 0x05, 0xD3, 0x83, 0x3D, 0xD8, 0x33, 0x16,
+        0x14, 0x44, 0x88, 0xE2, 0xAF, 0xC4, 0xEC, 0x59,
+        0x18, 0x12, 0xB9, 0x99, 0xC1, 0xC9, 0x5F, 0x31,
+        0x79, 0x00, 0x03, 0xF6, 0xC9, 0x55, 0x14, 0xAA,
+        0x29, 0x08, 0x78, 0x24, 0xAF, 0x1D, 0x99, 0x12,
+        0x36, 0xD9, 0x4A, 0xD9, 0x50, 0xEF, 0x66, 0xFC,
+        0x7F, 0xF4, 0xBC, 0x3B, 0xA0, 0xF6, 0xFD, 0xF2,
+        0x62, 0xCA, 0xA5, 0x9D, 0x2B, 0x55, 0xB8, 0x33,
+        0xBC, 0xA6, 0x7A, 0xA5, 0x1E, 0xE1, 0x14, 0x5F,
+        0x94, 0xE2, 0xDC, 0xF0, 0x5B, 0xBD, 0x43, 0x07,
+        0xD8, 0xB1, 0xE0, 0x81, 0x3F, 0x84, 0x54, 0x90,
+        0xBF, 0x23, 0x59, 0x92, 0x3C, 0xA5, 0x98, 0xAB,
+        0x7D, 0x99, 0xD2, 0xF0, 0xED, 0x8E, 0x0B, 0xC9,
+        0x9F, 0xAF, 0xB0, 0x13, 0xED, 0xC7, 0xDD, 0xB8,
+        0x61, 0x72, 0x07, 0x3D, 0xCC, 0x35, 0x73, 0xA0,
+        0xCF, 0x0C, 0xD9, 0x7E, 0x93, 0xDC, 0x63, 0xB8,
+        0x82, 0xEC, 0xF4, 0x30, 0xCE, 0x43, 0x92, 0xEA,
+        0x5E, 0xD8, 0xC8, 0xA1, 0xEC, 0x79, 0xDC, 0xAE,
+        0x64, 0xD4, 0x33, 0xEB, 0x53, 0x8C, 0xFC, 0x49,
+        0x79, 0xBF, 0x7A, 0x28, 0x65, 0x1E, 0x8C, 0xD5,
+        0x21, 0xB0, 0x8E, 0xCA, 0xAD, 0xF8, 0x96, 0x9A,
+        0x98, 0x10, 0x00, 0x35, 0x6D, 0x58, 0x9A, 0xEF,
+        0x84, 0x84, 0x86, 0x72, 0xBA, 0xCD, 0x38, 0x66,
+        0x96, 0x9B, 0xC2, 0x83, 0xB0, 0x65, 0xC1, 0xAB,
+        0xCF, 0x63, 0x8C, 0x2D, 0xC3, 0x42, 0xB2, 0x7D,
+        0xF6, 0xB8, 0xF0, 0x3D, 0x26, 0x21, 0x8F, 0xAE,
+        0x4E, 0x96, 0xF2, 0x55, 0x66, 0xBC, 0x6F, 0xED,
+        0xE7, 0x19, 0xD3, 0x8D, 0xC0, 0xCD, 0x55, 0x20,
+        0x5F, 0x10, 0xCA, 0xDA, 0x09, 0xED, 0x91, 0x4A,
+        0x43, 0x33, 0xD3, 0x82, 0x11, 0x5C, 0x2F, 0x5D,
+        0xEC, 0xCD, 0x54, 0xF9, 0x6C, 0xE4, 0xE5, 0xF2,
+        0x68, 0xBC, 0xE9, 0x27, 0xB2, 0x1D, 0xCA, 0xB5,
+        0xCD, 0x04, 0x01, 0x1E, 0x92, 0xF5, 0xF6, 0x01,
+        0x86, 0x2B, 0x20, 0x20, 0x9B, 0xB0, 0xF9, 0x56,
+        0xD9, 0x33, 0xD5, 0x0A, 0xEC, 0x1B, 0xF4, 0xCE,
+        0xD2, 0xB2, 0xC2, 0xD4, 0x3F, 0x9A, 0x25, 0x76,
+        0x8E, 0x29, 0x87, 0x52, 0x64, 0x86, 0x4A, 0xA5,
+        0x7B, 0x5A, 0x91, 0x72, 0x6E, 0xBE, 0x6D, 0x73,
+        0x0A, 0x8D, 0x89, 0x53, 0x82, 0x33, 0x70, 0x44,
+        0x20, 0xBE, 0xE0, 0xB0, 0x1B, 0x76, 0x30, 0x43,
+        0xA5, 0x5B, 0x8F, 0xAB, 0x7E, 0xB8, 0x61, 0x5F,
+        0x43, 0x70, 0x1B, 0x1A, 0x71, 0x61, 0x56, 0xF9,
+        0x13, 0x31, 0x2A, 0x64, 0x33, 0x14, 0x00, 0x98,
+        0x72, 0xEC, 0x32, 0x88, 0x09, 0xFB, 0x64, 0x46,
+        0x3D, 0x56, 0x02, 0xD9, 0x76, 0xD3, 0xAA, 0x90,
+        0x0F, 0xBD, 0xF0, 0xF9, 0x96, 0x43, 0x7B, 0x62,
+        0x19, 0x26, 0x22, 0x6A, 0x93, 0x91, 0xEC, 0x07,
+        0x34, 0xF5, 0x22, 0x32, 0xB3, 0x65, 0x66, 0xE0,
+        0x6B, 0x11, 0x7F, 0x97, 0x9F, 0x1A, 0x89, 0x46,
+        0xCE, 0x8F, 0xBD, 0xFD, 0x2F, 0xCC, 0x3D, 0xBF,
+        0xF2, 0x83, 0xA4, 0x30, 0xE1, 0x02, 0x72, 0xF8,
+        0x74, 0xE6, 0x21, 0x96, 0x77, 0xE1, 0x57, 0x8A,
+        0xF7, 0x9E, 0xB3, 0x31, 0xAF, 0xD8, 0xC5, 0xD7,
+        0x20, 0xDC, 0xFD, 0xCF, 0x79, 0x06, 0x0F, 0x1F,
+        0xE5, 0x84, 0x3D, 0x0B, 0x9C, 0xB3, 0xC7, 0xAB,
+        0xB8, 0xF1, 0xC0, 0xD0, 0xB5, 0xC7, 0x01, 0xE2,
+        0x0E, 0x3B, 0xAF, 0x7E, 0xAC, 0x44, 0x5A, 0x75,
+        0x50, 0x0A, 0x76, 0x1C, 0x13, 0xDB, 0x25, 0xD4,
+        0x0D, 0x19, 0x75, 0x4C, 0x02, 0xD9, 0xF3, 0xDF,
+        0x6D, 0xBB, 0xCF, 0x47, 0xA6, 0xAE, 0xF6, 0xD1,
+        0xFB, 0xF4, 0xB4, 0x55, 0xD3, 0xA5, 0x87, 0xA1,
+        0x55, 0xFB, 0xBF, 0xCD, 0xF6, 0xA1, 0x64, 0x57,
+        0x12, 0x75, 0x9A, 0x11, 0xA3, 0xCE, 0x42, 0x70,
+        0x84, 0x54, 0x93, 0x12, 0xE1, 0x3A, 0x0F, 0xFA,
+        0xCA, 0xF2, 0x25, 0x91, 0xF1, 0x4D, 0x8F, 0x84,
+        0xB1, 0xB5, 0x35, 0xAC, 0xE9, 0x81, 0x77, 0x34,
+        0x4D, 0x6F, 0x5D, 0x14, 0x9D, 0xB9, 0xE1, 0xF0,
+        0x3F, 0x3C, 0xE7, 0xAD, 0x48, 0xE6, 0x8C, 0x51,
+        0x86, 0xF4, 0x4A, 0xB4, 0xD0, 0x98, 0xEC, 0x3A,
+        0x4E, 0xAB, 0x58, 0x2F, 0x08, 0x9E, 0x5A, 0x9D,
+        0x45, 0x30, 0xB0, 0x85, 0xDF, 0x4A, 0xE7, 0x92,
+        0xC6, 0xC8, 0x18, 0x93, 0x08, 0xCE, 0x9A, 0x8C,
+        0xE2, 0x91, 0x8D, 0x91, 0x57, 0x7B, 0x37, 0xC8,
+        0x80, 0xA2, 0x31, 0x10, 0x0D, 0x4E, 0xEF, 0x51,
+        0x07, 0x94, 0x8E, 0xF8, 0x3C, 0x3C, 0x2E, 0xD5,
+        0x03, 0x26, 0xB8, 0x72, 0x7F, 0xB9, 0xBC, 0xD7,
+        0x95, 0xC4, 0x31, 0x08, 0xEC, 0x6F, 0xEE, 0x11,
+        0xAF, 0xC0, 0xA2, 0xEC, 0xD7, 0xC8, 0x0B, 0xBE,
+        0x15, 0xAE, 0xC9, 0x17, 0xBE, 0x37, 0xE2, 0x40,
+        0x83, 0x65, 0xDE, 0xB3, 0x4E, 0xB4, 0x15, 0xB3,
+        0x5C, 0x14, 0xF6, 0x5F, 0xA9, 0x1F, 0x70, 0xB5,
+        0x23, 0x93, 0x78, 0xB9, 0x47, 0xF9, 0x1D, 0x2B,
+        0x1E, 0x8D, 0xB1, 0x25, 0x7E, 0xE5, 0x85, 0x3C,
+        0x16, 0x9F, 0xD0, 0xC2, 0x67, 0x8B, 0x0D, 0xD2,
+        0x72, 0x4E, 0x74, 0x30, 0xE1, 0xAF, 0xB8, 0x66,
+        0xCB, 0x53, 0xDF, 0xC4, 0xFB, 0xA5, 0x6D, 0x03,
+        0xF2, 0xAE, 0xEE, 0x90, 0xFE, 0xD7, 0x30, 0xAF,
+        0x33, 0x98, 0x09, 0xEB, 0x75, 0xC7, 0x3E, 0xC8,
+        0x2F, 0xE7, 0x22, 0x5F, 0x2F, 0x0A, 0xBD, 0xA4,
+        0x22, 0x88, 0x28, 0x19, 0x35, 0x83, 0x12, 0x86,
+        0xEE, 0x72, 0xB4, 0x26, 0x89, 0x2F, 0xC7, 0x11,
+        0x6E, 0xDD, 0x14, 0x98, 0x22, 0xE7, 0x73, 0x3E,
+        0xFA, 0x46, 0x75, 0xF9, 0x40, 0xC1, 0x84, 0x22,
+        0xBC, 0x75, 0x36, 0xC7, 0x82, 0xD3, 0xAE, 0x6E,
+        0x0D, 0xBF, 0x6F, 0xC3, 0x4B, 0x67, 0x49, 0x19,
+        0xF3, 0x4B, 0x12, 0xF2, 0x83, 0xFD, 0x39, 0x56,
+        0x44, 0x05, 0x3A, 0x24, 0x6A, 0x35, 0x69, 0x12,
+        0xCF, 0xE4, 0x93, 0xFE, 0x26, 0xCC, 0xD6, 0x01,
+        0xA0, 0x4A, 0x84, 0xA8, 0x1D, 0x85, 0xE6, 0x83,
+        0x0F, 0x3C, 0xE6, 0x6D, 0xD2, 0xCB, 0xB1, 0x14,
+        0x8C, 0xEC, 0x10, 0xB3, 0x63, 0x4B, 0x9C, 0xF5,
+        0x11, 0xE0, 0xF9, 0x86, 0x6F, 0xA7, 0xC0, 0x3B,
+        0x9D, 0x25, 0xD7, 0x54, 0xCA, 0x40, 0x4D, 0x26,
+        0xBA, 0x71, 0x8E, 0x25, 0xF5, 0xA7, 0xE3, 0x9B,
+        0x25, 0x20, 0x7F, 0x29, 0x05, 0xB6, 0x27, 0x14,
+        0x17, 0x67, 0x26, 0x10, 0xAD, 0xA3, 0x06, 0x03,
+        0xFE, 0x82, 0x85, 0x5D, 0x01, 0x04, 0x4D, 0xE0,
+        0x64, 0x38, 0x38, 0x5E, 0x83, 0x1E, 0x21, 0x9A,
+        0x39, 0x02, 0xF8, 0xF9, 0x69, 0x85, 0x52, 0xE5,
+        0xEC, 0x6A, 0xAC, 0x96, 0x86, 0xA7, 0x88, 0x69,
+        0xB5, 0xB5, 0x7E, 0x03, 0x1D, 0xA9, 0x68, 0xCA,
+        0x45, 0x0F, 0xF9, 0x14, 0xD6, 0x7B, 0xCF, 0x9C,
+        0x03, 0x6F, 0xD1, 0xD9, 0x6F, 0x01, 0x3D, 0xF8,
+        0xF3, 0x11, 0xF3, 0x29, 0x17, 0x90, 0xE8, 0x9B,
+        0xED, 0x58, 0x9B, 0xF0, 0xBC, 0xC7, 0xBA, 0xF4,
+        0x60, 0xC8, 0xAA, 0x30, 0xB4, 0x2F, 0x22, 0x8F,
+        0xD3, 0xAC, 0x18, 0xC2, 0xB7, 0xC4, 0x7B, 0x31,
+        0x9E, 0x0F, 0x7E, 0x9D, 0xBF, 0xD4, 0x63, 0xC2,
+        0x8B, 0x1B, 0x58, 0x50, 0x33, 0x53, 0x6D, 0x79,
+        0xBB, 0xF8, 0x0D, 0x91, 0x33, 0xD9, 0x07, 0xE7,
+        0xB0, 0x81, 0xD4, 0xB4, 0x47, 0x61, 0x93, 0xF0,
+        0xFB, 0x68, 0xBC, 0x1B, 0x41, 0xC2, 0xF5, 0x43,
+        0x30, 0x7E, 0x76, 0xF9, 0xB1, 0xA3, 0xD6, 0xD4,
+        0x26, 0xEA, 0x77, 0x75, 0x12, 0x7A, 0xC8, 0x30,
+        0x9B, 0xCF, 0x45, 0xBE, 0x74, 0x7D, 0x8A, 0x8B,
+        0xEC, 0xED, 0x11, 0xE6, 0xA1, 0xD1, 0xB8, 0xF1,
+        0x90, 0xAD, 0x6D, 0x6A, 0xC6, 0x54, 0xE9, 0xDB,
+        0xAD, 0x4C, 0x97, 0x39, 0xC8, 0xD8, 0x44, 0xA9,
+        0x1A, 0x37, 0x16, 0x7E, 0x68, 0x45, 0x0C, 0xBB,
+        0x10, 0xF4, 0xAE, 0x8E, 0x2B, 0x69, 0xFA, 0x95,
+        0x3E, 0xA5, 0xC9, 0x91, 0xD3, 0xF1, 0xA3, 0x89,
+        0x3F, 0x90, 0x86, 0x93, 0x1B, 0xF1, 0xA0, 0x89,
+        0xC7, 0xF2, 0x23, 0x57, 0xD4, 0x8E, 0x2F, 0xD5,
+        0x71, 0xCD, 0x36, 0xF1, 0x90, 0xB3, 0x98, 0x3E,
+        0x19, 0xEA, 0xC8, 0x0F, 0x12, 0x9D, 0xBF, 0x58,
+        0xED, 0xDC, 0x6B, 0x9A, 0x79, 0x84, 0xFC, 0xF0,
+        0x4C, 0xC3, 0xB4, 0x0D, 0xB8, 0x7A, 0x8D, 0xAD,
+        0x75, 0x40, 0xD5, 0xD5, 0xDE, 0xC8, 0xCA, 0x39,
+        0x3E, 0x45, 0xE4, 0xBC, 0xF4, 0x33, 0xEA, 0x64,
+        0xE1, 0x5E, 0x94, 0x42, 0x91, 0xAB, 0xBC, 0x42,
+        0x2A, 0xB3, 0xD0, 0x60, 0x23, 0xCE, 0x57, 0x8E,
+        0xFF, 0xAD, 0xA2, 0x2B, 0x64, 0xD9, 0x94, 0xA0,
+        0x80, 0x0F, 0x8E, 0x50, 0x17, 0x08, 0x1D, 0x16,
+        0xCF, 0x51, 0xD0, 0xB9, 0x28, 0xB6, 0x59, 0xEF,
+        0x78, 0xCC, 0xC9, 0x96, 0xF9, 0xCA, 0x87, 0x7A,
+        0xEE, 0xD9, 0x15, 0x5E, 0xDF, 0x5D, 0xBC, 0xC2,
+        0x58, 0xE6, 0x04, 0xEE, 0x17, 0xDC, 0xB3, 0xF9,
+        0x90, 0xF9, 0x88, 0x32, 0x9E, 0xA1, 0xDB, 0x1C,
+        0x38, 0x56, 0x53, 0x90, 0x30, 0x69, 0x2E, 0x52,
+        0x00, 0x2C, 0xF3, 0x0F, 0xD5, 0x80, 0x2E, 0x02,
+        0x5B, 0x99, 0xBF, 0xCD, 0x11, 0x12, 0x64, 0x5B,
+        0x56, 0xC6, 0x0A, 0xE6, 0x38, 0xE7, 0x4D, 0x21,
+        0xE5, 0x98, 0x78, 0x9D, 0xE6, 0xCB, 0x60, 0xB4,
+        0x2E, 0xE4, 0x98, 0x56, 0xCB, 0xAD, 0xE6, 0xDD,
+        0x53, 0xF4, 0xC5, 0x67, 0xA2, 0x9F, 0xA0, 0x5C,
+        0x7C, 0xFB, 0x24, 0x5A, 0xA7, 0x72, 0xD0, 0xE7,
+        0x63, 0xF2, 0x5D, 0xBF, 0xD8, 0xE9, 0xF1, 0x6B,
+        0xB4, 0x29, 0xA6, 0x28, 0xE6, 0x93, 0xD3, 0x87,
+        0xB6, 0xD9, 0x3C, 0x39, 0x8D, 0xEA, 0x28, 0xC0,
+        0x96, 0x3D, 0xF5, 0xC2, 0x3C, 0x29, 0xF2, 0x80,
+        0x21, 0x8A, 0x03, 0x9D, 0x64, 0xF8, 0xBA, 0x81,
+        0xC1, 0xDD, 0xA2, 0x88, 0x2A, 0x84, 0x2E, 0x3C,
+        0xB5, 0x03, 0x95, 0xED, 0xAA, 0x6E, 0xE2, 0x6F,
+        0x5E, 0x99, 0x3C, 0x63, 0xEE, 0xB8, 0x4F, 0x66,
+        0x32, 0x77, 0x42, 0x23, 0x36, 0x29, 0x89, 0xB0,
+        0xED, 0x5F, 0xF2, 0x5A, 0x65, 0x66, 0x3F, 0xD2,
+        0x8B, 0x48, 0x68, 0x65, 0xDC, 0xE0, 0xB0, 0xC2,
+        0x72, 0x73, 0xF1, 0xA4, 0xC6, 0x56, 0x2C, 0x5D,
+        0xD8, 0xC6, 0x5C, 0x41, 0xCE, 0x30, 0x89, 0x59,
+        0xA9, 0xD6, 0x45, 0x96, 0xD0, 0x8E, 0x7B, 0x25,
+        0xE0, 0x13, 0xFB, 0xFE, 0x7C, 0xEA, 0xF3, 0x67,
+        0x0D, 0xB2, 0x9A, 0x21, 0x3C, 0xCE, 0x99, 0x75,
+        0xA9, 0x13, 0xCE, 0xF4, 0x23, 0x6E, 0x64, 0x00,
+        0x30, 0x87, 0x70, 0x9C, 0xAD, 0x61, 0x81, 0x71,
+        0x0E, 0x95, 0x19, 0x26, 0xCA, 0x55, 0x29, 0x71,
+        0x99, 0xA6, 0x08, 0xAE, 0x54, 0x58, 0x75, 0xCD,
+        0xC3, 0x8F, 0xE3, 0x83, 0xC1, 0x45, 0x62, 0xB4,
+        0x8D, 0xCA, 0x66, 0x02, 0xEA, 0x34, 0x05, 0x5D,
+        0x98, 0x3F, 0x38, 0xE6, 0x1C, 0xCE, 0x53, 0x1A,
+        0xD9, 0x3F, 0x58, 0xEC, 0x16, 0x28, 0x45, 0xF5,
+        0x38, 0xCE, 0x48, 0x43, 0x87, 0x1D, 0x3C, 0x4A,
+        0xDF, 0x05, 0xF3, 0x5E, 0x29, 0x7E, 0xA6, 0x2E,
+        0xFC, 0xDD, 0x5E, 0xF9, 0x40, 0x1B, 0xA0, 0x42,
+        0xA2, 0x35, 0x15, 0x0A, 0x09, 0xD9, 0x47, 0x4A,
+        0x3F, 0xB0, 0x3A, 0xAA, 0x19, 0xE7, 0xE3, 0x7A,
+        0x22, 0x8D, 0x5F, 0x5B, 0x07, 0x41, 0x4C, 0x3D,
+        0xA2, 0xAD, 0x2E, 0x5C, 0x75, 0xEC, 0xF0, 0x4C,
+        0x11, 0x2B, 0x90, 0x76, 0x9E, 0x19, 0x96, 0x0E,
+        0x97, 0x5E, 0x8D, 0x19, 0x17, 0xB3, 0xBF, 0xDA,
+        0x84, 0xFD, 0xC6, 0xD2, 0x32, 0x6F, 0xB8, 0xA3,
+        0xB0, 0x0F, 0x95, 0xD9, 0xC5, 0x26, 0x50, 0x11,
+        0x15, 0x72, 0xBE, 0xC2, 0x1B, 0x12, 0x12, 0x7C,
+        0xA5, 0x70, 0xD8, 0xA9, 0x8A, 0xB9, 0x77, 0xEB,
+        0xD8, 0xD7, 0x9A, 0x59, 0x37, 0x5E, 0xE1, 0x4F,
+        0x64, 0xB5, 0xB0, 0x4F, 0xD9, 0x69, 0xFE, 0xB0,
+        0x3D, 0x0A, 0xF7, 0x34, 0x89, 0xE3, 0xBA, 0xEF,
+        0xE7, 0xC7, 0xBC, 0x8D, 0xC7, 0xE8, 0x54, 0x83,
+        0xEE, 0x62, 0xF0, 0x23, 0x98, 0x58, 0x0F, 0x83,
+        0xB9, 0x6D, 0xD8, 0x44, 0x77, 0xB9, 0xC4, 0x8F,
+        0x0B, 0xB3, 0x9F, 0x54, 0x06, 0xA3, 0x70, 0x36,
+        0xD6, 0xF3, 0x6E, 0x2B, 0x1B, 0x6B, 0x53, 0xFE,
+        0x6F, 0xF6, 0x1C, 0x32, 0x7B, 0x29, 0xD4, 0xE0,
+        0x5D, 0xD2, 0xB8, 0x11, 0x74, 0xC6, 0x0B, 0x59,
+        0xC7, 0x9C, 0xB1, 0x97, 0x6B, 0xC0, 0x6E, 0x7A,
+        0xC3, 0x4D, 0xF3, 0xE3, 0x8F, 0x7D, 0x2C, 0x1C,
+        0x0E, 0x31, 0x51, 0xB7, 0x14, 0x7A, 0xB8, 0x31,
+        0x77, 0x47, 0x70, 0x14, 0x3B, 0x92, 0x7B, 0x5F,
+        0xEC, 0x5D, 0xF7, 0x76, 0xC1, 0xD7, 0x2D, 0xB6,
+        0xBC, 0x99, 0x81, 0xD6, 0x58, 0x67, 0x71, 0x3C,
+        0xF2, 0x97, 0xC8, 0xB0, 0xF1, 0xE9, 0x8D, 0x0E,
+        0x16, 0xF0, 0xCC, 0x22, 0x7A, 0x39, 0xE4, 0x7E,
+        0x50, 0xBA, 0x01, 0x16, 0x15, 0x6D, 0x5B, 0x54,
+        0x67, 0x53, 0x66, 0x04, 0xBE, 0x05, 0xCC, 0x2E,
+        0xF4, 0x0A, 0xBC, 0xE8, 0x52, 0xF1, 0x5D, 0xFA,
+        0x2C, 0xAC, 0xF8, 0x6A, 0x78, 0x9E, 0x5B, 0x7B,
+        0x0E, 0x5B, 0xB4, 0xB7, 0x77, 0xCD, 0x7C, 0xC9,
+        0xF6, 0x54, 0x77, 0x9B, 0x10, 0x2F, 0x78, 0xB5,
+        0xAA, 0x4B, 0x94, 0xC3, 0xB4, 0xFD, 0xE5, 0x5F,
+        0xA7, 0xF7, 0xBF, 0x54, 0xAC, 0x22, 0x5E, 0x1F,
+        0x26, 0x16, 0x5B, 0x65, 0xF1, 0x6D, 0x03, 0x21,
+        0x66, 0x9F, 0xD9, 0xF6, 0xE4, 0x7F, 0xCA, 0x1D,
+        0xD3, 0x47, 0x09, 0x6D, 0xF5, 0xDD, 0xA8, 0x64,
+        0x66, 0xA5, 0x7C, 0x5B, 0x06, 0x8D, 0x9C, 0x67,
+        0xB7, 0x32, 0x03, 0x66, 0xEA, 0x19, 0xC8, 0x99,
+        0x3F, 0xF9, 0x0B, 0xD8, 0xFB, 0x06, 0x93, 0xFB,
+        0xA3, 0x70, 0xE6, 0x6D, 0x2B, 0x20, 0x3B, 0x99,
+        0x70, 0x11, 0xB0, 0xD1, 0x5B, 0x94, 0xE2, 0x8B,
+        0xAA, 0x2E, 0xBF, 0x01, 0x77, 0x4F, 0x7A, 0xE7,
+        0x8F, 0x84, 0xED, 0xBD, 0xAD, 0x9F, 0x65, 0xA4,
+        0x50, 0x42, 0x7A, 0x47, 0x74, 0xC6, 0x0C, 0xC8,
+        0x9A, 0x02, 0x0B, 0x37, 0xDA, 0x21, 0xC7, 0x91,
+        0xDA, 0xC8, 0xF7, 0xA7, 0x45, 0x7E, 0x30, 0xD0,
+        0x8B, 0x01, 0x37, 0x51, 0x60, 0x03, 0x9C, 0x30,
+        0x1B, 0x60, 0x51, 0xA9, 0x65, 0xE8, 0xA7, 0xCC,
+        0xA2, 0xAE, 0xF9, 0x3B, 0xD5, 0x2F, 0x82, 0xC0,
+        0x20, 0xBE, 0xCE, 0x90, 0xA1, 0x29, 0x02, 0x4E,
+        0xFE, 0xA4, 0xB2, 0xFA, 0x21, 0x27, 0x0F, 0x8E,
+        0xB5, 0xED, 0x6A, 0xAA, 0xE5, 0x59, 0x29, 0xAA,
+        0xC5, 0x99, 0xA5, 0x77, 0x97, 0x29, 0x57, 0x66,
+        0x0C, 0xC4, 0x7A, 0xC4, 0xE3, 0xCE, 0x77, 0x2B,
+        0xBF, 0x10, 0x05, 0x2D, 0xE7, 0xED, 0xB1, 0xB8,
+        0xA4, 0x49, 0x41, 0xF8, 0x84, 0xC9, 0xF8, 0xBE,
+        0x13, 0x17, 0x46, 0x69, 0x94, 0x56, 0x29, 0xF4,
+        0x6D, 0xE2, 0x46, 0x74, 0x44, 0xF3, 0x10, 0x6A,
+        0x73, 0xFA, 0x27, 0x9C, 0xF0, 0x2A, 0x80, 0x0A,
+        0x04, 0x7E, 0x20, 0xBD, 0x4D, 0x82, 0x0B, 0x38,
+        0x9C, 0x3B, 0xB6, 0xA8, 0x68, 0xA5, 0x38, 0x4C,
+        0xF5, 0x72, 0x4C, 0x20, 0x4C, 0xEF, 0xB1, 0xA6,
+        0xA1, 0xBE, 0xB9, 0x72, 0x3E, 0x36, 0xDD, 0xDD,
+        0xD9, 0xC7, 0x07, 0xC8, 0xF6, 0x3E, 0x8B, 0xC2,
+        0x66, 0x83, 0xCC, 0x8B, 0x43, 0xC7, 0xDF, 0xDA,
+        0xA4, 0x08, 0xAC, 0x4D, 0xD2, 0xBA, 0x9A, 0xEC,
+        0xBC, 0x3B, 0x6D, 0xDA, 0xED, 0xCE, 0x09, 0x4A,
+        0xAB, 0x58, 0xFF, 0x73, 0x2B, 0x19, 0x66, 0x38,
+        0xD8, 0xB8, 0xEF, 0xC4, 0x28, 0xBB, 0xA9, 0x61,
+        0x57, 0x93, 0xC4, 0xDD, 0x9F, 0x00, 0xF9, 0x0D,
+        0x62, 0xC6, 0x76, 0xD1, 0x27, 0xA0, 0xE1, 0x8C,
+        0x14, 0xC6, 0xEE, 0x9C, 0x99, 0x05, 0x10, 0xB0,
+        0x54, 0xAD, 0xB4, 0xB4, 0x17, 0x0A, 0xC7, 0x12,
+        0x7F, 0x93, 0x17, 0x5C, 0x1E, 0xB2, 0x25, 0x12
+    };
+    static const byte msg_87_draft[] = {
+        0x14, 0x42, 0x63, 0x34, 0x94, 0x09, 0x60, 0x77,
+        0x3B, 0xFF, 0x65, 0xF0, 0x8D, 0x1D, 0xE4, 0x89,
+        0xC4, 0xC3, 0xED, 0x36
+    };
+    static const byte sig_87_draft[] = {
+        0x13, 0xE8, 0x99, 0xEE, 0xDC, 0xCC, 0x0F, 0xBA,
+        0x62, 0x91, 0x44, 0xE4, 0xAC, 0x06, 0x79, 0x06,
+        0xB5, 0x32, 0x6B, 0x8F, 0x9A, 0x6C, 0xCB, 0xAB,
+        0xE1, 0x44, 0x4A, 0xDD, 0x46, 0x45, 0x16, 0x0D,
+        0x22, 0x57, 0x82, 0x87, 0x10, 0xD1, 0xEE, 0x10,
+        0x60, 0x21, 0xB5, 0x64, 0x1E, 0x78, 0x81, 0x55,
+        0x75, 0xD4, 0xF0, 0x95, 0xD0, 0x15, 0xD8, 0x46,
+        0x5C, 0x92, 0xD2, 0xDD, 0xF4, 0xAB, 0xDF, 0xBE,
+        0xB1, 0x1E, 0xE5, 0xE0, 0x70, 0xE6, 0xDA, 0x52,
+        0xE5, 0x48, 0xDC, 0x04, 0xFD, 0xEF, 0x54, 0x72,
+        0xE7, 0xE5, 0xF1, 0x82, 0x10, 0xAA, 0xCB, 0xA0,
+        0x4F, 0x4F, 0x18, 0xAE, 0x66, 0x86, 0xB9, 0xAF,
+        0x96, 0x57, 0xE3, 0x8E, 0x3B, 0x9B, 0xDD, 0xB4,
+        0xAA, 0x84, 0xE6, 0x7B, 0x4D, 0x81, 0x92, 0xD0,
+        0x03, 0x87, 0x3D, 0xD3, 0xEE, 0xE7, 0x47, 0x00,
+        0xFB, 0xD8, 0x1E, 0x38, 0x1C, 0x21, 0x98, 0xB7,
+        0xCC, 0xC1, 0x37, 0xC1, 0x71, 0xB2, 0x2F, 0x93,
+        0x53, 0x41, 0x9C, 0x48, 0xC1, 0x4B, 0x8D, 0x63,
+        0x0F, 0x99, 0x63, 0x40, 0x27, 0x5F, 0x6E, 0x60,
+        0x4B, 0x95, 0xC4, 0x35, 0x20, 0x8A, 0xED, 0x2B,
+        0xCA, 0x1B, 0x41, 0x9F, 0x83, 0x63, 0xF0, 0x95,
+        0x0E, 0x24, 0x0D, 0x6F, 0x9E, 0xAB, 0x11, 0x8E,
+        0x4B, 0xD3, 0xDA, 0x0E, 0xC3, 0xA2, 0xBE, 0x26,
+        0xA8, 0xA0, 0x98, 0x57, 0x71, 0x3C, 0x36, 0xDD,
+        0x69, 0xC3, 0x4E, 0xDD, 0x2C, 0x61, 0x9E, 0x88,
+        0x26, 0x70, 0x71, 0xCF, 0x9E, 0xE5, 0xA6, 0x0C,
+        0xA3, 0x14, 0x2D, 0xF1, 0x63, 0xF0, 0x1D, 0x8D,
+        0x79, 0x6A, 0xC8, 0x50, 0xCF, 0xF3, 0x66, 0x60,
+        0x78, 0xB3, 0x18, 0xFB, 0x5B, 0xD1, 0x73, 0x60,
+        0xC8, 0x76, 0xC9, 0xC9, 0x0D, 0x8A, 0x7F, 0x41,
+        0x2C, 0x8A, 0x31, 0x61, 0x6B, 0xE7, 0xA3, 0x74,
+        0x58, 0x71, 0x54, 0x84, 0x86, 0x71, 0x5C, 0x94,
+        0x26, 0x3A, 0x17, 0xB3, 0x6C, 0xA4, 0x99, 0x25,
+        0x45, 0x0C, 0x57, 0x8A, 0xD9, 0xD4, 0xB1, 0xC2,
+        0x00, 0x43, 0xF4, 0x5E, 0x84, 0x31, 0x99, 0x4F,
+        0xA6, 0xD2, 0x6A, 0x14, 0x1B, 0xAD, 0x9E, 0x49,
+        0x6E, 0x00, 0x9E, 0x91, 0x46, 0x16, 0xCA, 0x57,
+        0x0C, 0x09, 0xF6, 0x38, 0xD0, 0x62, 0xBE, 0xC6,
+        0x87, 0x33, 0x3A, 0xC7, 0x28, 0x38, 0x34, 0x53,
+        0x7E, 0xFB, 0x60, 0x42, 0xF3, 0x7D, 0x83, 0xF7,
+        0x29, 0x5D, 0xEA, 0x30, 0xD5, 0x00, 0x90, 0xB6,
+        0x38, 0x4C, 0x17, 0x29, 0xEF, 0x17, 0xA0, 0xD5,
+        0x87, 0x50, 0xC0, 0x03, 0x75, 0x14, 0xE5, 0xE1,
+        0x22, 0x78, 0x53, 0xBC, 0x5A, 0xA3, 0x1E, 0x95,
+        0xBE, 0xEC, 0x37, 0xB1, 0x51, 0x82, 0x69, 0x26,
+        0x2E, 0xA3, 0x5A, 0xDA, 0x4F, 0xDA, 0x77, 0x62,
+        0x7E, 0xED, 0xDA, 0xAF, 0x57, 0x97, 0x1B, 0xA3,
+        0x6D, 0x46, 0x7B, 0x19, 0xA9, 0x0B, 0x99, 0x1C,
+        0xD2, 0x55, 0xDB, 0x79, 0xB0, 0x15, 0x48, 0x86,
+        0x52, 0x30, 0x31, 0xD6, 0xC5, 0xB1, 0xAE, 0x8F,
+        0xCF, 0x9A, 0x43, 0x10, 0xBB, 0xC8, 0x19, 0x74,
+        0x84, 0xB2, 0x92, 0x3B, 0xFE, 0x0B, 0x12, 0x15,
+        0xA1, 0xC4, 0xD8, 0xC6, 0x83, 0x90, 0x89, 0x8A,
+        0xD5, 0x3E, 0x33, 0x69, 0xB7, 0x05, 0x3F, 0xB1,
+        0x8B, 0x0D, 0x87, 0x40, 0x70, 0x90, 0x2A, 0x5D,
+        0x3B, 0x3D, 0x91, 0xD8, 0x1D, 0x4D, 0xF1, 0x08,
+        0x7E, 0xF7, 0xDC, 0x05, 0x84, 0xEB, 0xDC, 0x63,
+        0xD7, 0xBA, 0x3C, 0x0D, 0x31, 0xF8, 0x6D, 0xA6,
+        0xC0, 0xFD, 0x08, 0x11, 0x5C, 0x53, 0xF6, 0xAE,
+        0xFE, 0xC0, 0x82, 0x9A, 0x68, 0xD2, 0xA3, 0x44,
+        0x2E, 0xEE, 0x47, 0x36, 0x70, 0x2D, 0x66, 0x81,
+        0x0D, 0x62, 0x30, 0x8A, 0x8C, 0xC8, 0x2A, 0xA6,
+        0x21, 0x82, 0xF5, 0x98, 0xF4, 0x4E, 0x25, 0x37,
+        0x11, 0xB5, 0xD6, 0x07, 0x88, 0xBD, 0x0D, 0x69,
+        0x0E, 0xF9, 0x8F, 0x9A, 0xD5, 0x93, 0xE0, 0x3C,
+        0xEF, 0x38, 0xB9, 0xC9, 0x77, 0x98, 0x3F, 0x69,
+        0x11, 0xBA, 0x1A, 0xB9, 0xF7, 0x35, 0xE9, 0x28,
+        0xCD, 0xA3, 0x8C, 0x03, 0xE6, 0xAD, 0x83, 0x62,
+        0xF4, 0x60, 0xAE, 0x4C, 0xD0, 0xF4, 0x6E, 0x00,
+        0xEE, 0xEC, 0x74, 0xB6, 0x12, 0x34, 0x98, 0xAB,
+        0x31, 0xE7, 0xA7, 0x9D, 0x33, 0x4D, 0x72, 0xA7,
+        0xA7, 0xEE, 0xF3, 0xB5, 0x51, 0xE7, 0x8D, 0x31,
+        0xBC, 0x2C, 0xAF, 0xFB, 0x13, 0x9C, 0xAC, 0xA4,
+        0xD7, 0x9C, 0x8B, 0xBD, 0x52, 0xBD, 0x78, 0xF4,
+        0x90, 0x65, 0x09, 0xBE, 0x42, 0xE7, 0x76, 0x3A,
+        0xE6, 0xAC, 0xB8, 0x98, 0x28, 0x5E, 0xC9, 0x32,
+        0x3E, 0x68, 0x67, 0x6A, 0x8C, 0xC7, 0x4A, 0x58,
+        0xC8, 0xDA, 0x8B, 0xE9, 0x11, 0xED, 0x6F, 0x51,
+        0x3B, 0x66, 0x08, 0x70, 0x73, 0x10, 0xFB, 0x45,
+        0xCB, 0xD9, 0x7D, 0x5F, 0xF0, 0xD2, 0xAB, 0xA3,
+        0x6F, 0xCE, 0xF7, 0x3D, 0x46, 0xCB, 0x7F, 0x01,
+        0xC2, 0xCF, 0xE3, 0x8E, 0x68, 0xE8, 0x4F, 0x4A,
+        0x30, 0x19, 0x16, 0xD2, 0xF5, 0x10, 0xD8, 0x2B,
+        0x49, 0x69, 0xBE, 0x7A, 0x0E, 0x9C, 0xC6, 0x0E,
+        0xFF, 0x5C, 0x0A, 0x87, 0x17, 0xB8, 0x22, 0x83,
+        0x8C, 0x77, 0xAF, 0x42, 0x06, 0xB1, 0x25, 0x45,
+        0x08, 0x9B, 0xB2, 0xDD, 0x6A, 0x3F, 0xF0, 0x12,
+        0xC8, 0x64, 0x15, 0xBB, 0xA0, 0x4F, 0xD7, 0xD4,
+        0xEC, 0x70, 0x7A, 0xF3, 0xB1, 0x7F, 0x25, 0x57,
+        0x47, 0x66, 0xF1, 0xE9, 0x27, 0x38, 0xE0, 0x62,
+        0x10, 0xF4, 0x8A, 0x5E, 0xF2, 0x55, 0x0E, 0xBD,
+        0xF8, 0x5A, 0x5C, 0xA3, 0x44, 0x97, 0xCF, 0x1D,
+        0x4D, 0x3A, 0x75, 0x86, 0x48, 0xEC, 0x41, 0x17,
+        0x24, 0x43, 0x83, 0x5E, 0x50, 0x91, 0xBE, 0x8F,
+        0x04, 0x78, 0x23, 0xD9, 0x62, 0x0C, 0x2A, 0xD5,
+        0x1C, 0x96, 0x11, 0xAA, 0xEE, 0x39, 0xB2, 0x1E,
+        0x6D, 0x6A, 0xEC, 0x87, 0x0C, 0x89, 0x15, 0xE2,
+        0x66, 0x47, 0x6A, 0x50, 0xEE, 0xCA, 0x59, 0x96,
+        0x22, 0xF7, 0x09, 0x1A, 0x34, 0xC2, 0x3F, 0x14,
+        0xB4, 0x04, 0x29, 0xD9, 0x5E, 0x3E, 0xF9, 0x8F,
+        0xED, 0x3E, 0x74, 0x94, 0x37, 0xF0, 0x4B, 0xB4,
+        0xA3, 0x37, 0x52, 0x2E, 0x68, 0x09, 0xFC, 0x10,
+        0x45, 0x03, 0xE2, 0x53, 0xB4, 0x1C, 0x4F, 0x03,
+        0x01, 0xAF, 0x46, 0x7F, 0x74, 0xD3, 0x31, 0x25,
+        0xFA, 0x83, 0xEF, 0x71, 0x24, 0x45, 0xA1, 0x71,
+        0xFA, 0x40, 0xEB, 0xF4, 0xE6, 0x55, 0x3E, 0x45,
+        0x4A, 0xFE, 0x25, 0x68, 0x02, 0x1D, 0x2B, 0x2A,
+        0x19, 0x8D, 0xEC, 0x9B, 0xF7, 0x20, 0xF9, 0xD7,
+        0x2F, 0x81, 0x52, 0x0B, 0xE8, 0x74, 0x66, 0xAF,
+        0x70, 0xD0, 0x0E, 0x0E, 0x86, 0x0F, 0xF9, 0xAB,
+        0xD0, 0x39, 0x78, 0xC3, 0xE4, 0x29, 0xB5, 0xAA,
+        0x17, 0xB9, 0x7F, 0x9A, 0xE9, 0x34, 0x48, 0x85,
+        0x3D, 0x6E, 0xFD, 0x16, 0x8A, 0x30, 0xC6, 0xCB,
+        0xE8, 0xDE, 0x2D, 0x28, 0x8D, 0x9A, 0x24, 0xEA,
+        0x5D, 0x2A, 0x58, 0x23, 0x33, 0x2B, 0x84, 0xFD,
+        0x2C, 0xE7, 0x93, 0xA2, 0x2B, 0xEC, 0x43, 0x98,
+        0x48, 0xD4, 0xE6, 0x0F, 0x3B, 0xB9, 0xC7, 0x5D,
+        0x7E, 0xB0, 0x87, 0x1E, 0x80, 0x3D, 0x61, 0xB0,
+        0x7E, 0x74, 0x9E, 0xD7, 0x60, 0x72, 0xB2, 0x7C,
+        0x87, 0xB6, 0x9D, 0x6C, 0x01, 0x42, 0x61, 0xF6,
+        0x47, 0xAF, 0xA8, 0x8C, 0x4F, 0x1E, 0xC5, 0x5A,
+        0x75, 0xA5, 0x0F, 0xB4, 0xC7, 0x9D, 0x2C, 0x94,
+        0xC0, 0x50, 0x3D, 0xB2, 0x0D, 0xFD, 0xF7, 0x1F,
+        0x62, 0x88, 0x74, 0x18, 0x8C, 0xDD, 0x73, 0x85,
+        0xC0, 0x33, 0x81, 0xDA, 0xBB, 0x85, 0x4D, 0x4A,
+        0xA9, 0xF4, 0x7B, 0x66, 0x43, 0x8C, 0x43, 0xFF,
+        0x53, 0xEF, 0x5E, 0x78, 0xAB, 0x45, 0x0B, 0x45,
+        0x01, 0x91, 0x27, 0x8A, 0xF6, 0xE2, 0x6A, 0x7B,
+        0x5E, 0x64, 0x61, 0xF5, 0x77, 0xF9, 0x85, 0x2F,
+        0x81, 0xC9, 0x02, 0x03, 0xC7, 0x13, 0xF5, 0xB1,
+        0xF6, 0xC3, 0xEF, 0x55, 0x8C, 0x90, 0x32, 0x51,
+        0x6D, 0x8D, 0x62, 0xFD, 0x5E, 0x24, 0xE4, 0xF0,
+        0xF5, 0x07, 0x18, 0xF5, 0x6B, 0x5A, 0x59, 0xA0,
+        0x09, 0xD5, 0x93, 0x8D, 0xAD, 0x55, 0x91, 0xF6,
+        0x1F, 0x4C, 0x65, 0x9A, 0x76, 0x05, 0x26, 0xEF,
+        0x41, 0x20, 0x2F, 0xA7, 0xE5, 0xF6, 0xC7, 0xD5,
+        0xE0, 0xB0, 0xC0, 0xC4, 0x3B, 0x52, 0x4B, 0x66,
+        0x71, 0x2C, 0x5A, 0x7C, 0x53, 0xC8, 0x4C, 0x50,
+        0xB8, 0x3E, 0xB9, 0xC9, 0x8D, 0x2F, 0xD0, 0x84,
+        0xC9, 0xC5, 0xF2, 0x1F, 0xEE, 0x77, 0x42, 0xE6,
+        0xEF, 0xC8, 0xCB, 0xBE, 0x57, 0x18, 0xB7, 0x0C,
+        0x06, 0x2D, 0x82, 0xE2, 0xF9, 0x86, 0xF3, 0x8D,
+        0xF1, 0xE7, 0x15, 0x89, 0xDC, 0x79, 0x87, 0x24,
+        0x35, 0x62, 0xA2, 0x31, 0x9D, 0x7C, 0x00, 0xB2,
+        0x6E, 0x53, 0x1E, 0x93, 0xC3, 0x84, 0x44, 0x61,
+        0x8C, 0xE7, 0x58, 0x73, 0x4F, 0xDE, 0xCF, 0xD0,
+        0xC6, 0x85, 0x37, 0x28, 0xC6, 0x10, 0x00, 0x78,
+        0x4E, 0xDF, 0xFE, 0xD7, 0xB3, 0x30, 0x86, 0xE1,
+        0x68, 0xD6, 0xCB, 0x63, 0xE3, 0xDA, 0xCA, 0xF3,
+        0x55, 0x2F, 0x88, 0x5B, 0x47, 0x82, 0x62, 0xDE,
+        0x5E, 0x1E, 0x63, 0xCE, 0x7A, 0x4C, 0x66, 0x95,
+        0xD1, 0x19, 0x38, 0x35, 0xE4, 0x5A, 0x67, 0x91,
+        0x8C, 0x42, 0xD3, 0x9B, 0xF8, 0x80, 0x38, 0x53,
+        0x30, 0x31, 0x0F, 0x2C, 0x7B, 0xF9, 0x1E, 0x6C,
+        0x3E, 0x29, 0xB7, 0x81, 0xD0, 0x98, 0x70, 0xC2,
+        0x6D, 0x76, 0xBD, 0x8A, 0xE2, 0x09, 0xC4, 0x2B,
+        0xC7, 0x43, 0x2D, 0xBB, 0x4C, 0x16, 0x52, 0x63,
+        0x57, 0xA5, 0x63, 0x4E, 0xEC, 0xDE, 0x93, 0xC5,
+        0x1D, 0xD4, 0xD6, 0xF0, 0x06, 0x5B, 0x2E, 0xC5,
+        0x7A, 0xD3, 0xB5, 0x82, 0x66, 0x53, 0x95, 0x97,
+        0xC8, 0xF4, 0x2B, 0x55, 0x27, 0x1D, 0x6F, 0x90,
+        0xE9, 0x86, 0xF6, 0x82, 0x8D, 0x95, 0x9E, 0xE8,
+        0x00, 0xDB, 0xEB, 0xCF, 0x48, 0x23, 0x6B, 0xA3,
+        0xDE, 0x25, 0x27, 0xE0, 0xEC, 0xA4, 0xA3, 0xC2,
+        0xA3, 0x4B, 0xBC, 0xDD, 0x6C, 0xBB, 0x3A, 0x9C,
+        0x96, 0xDC, 0x3B, 0xE1, 0x10, 0xD3, 0x49, 0x94,
+        0x66, 0xE2, 0x85, 0x7F, 0xBA, 0x98, 0x12, 0x3A,
+        0x6D, 0xBA, 0x90, 0x14, 0x87, 0x7E, 0x24, 0xEA,
+        0xDC, 0xCA, 0x40, 0xF8, 0xAE, 0x94, 0xB2, 0xFE,
+        0xD2, 0x36, 0xCB, 0xE5, 0xBC, 0xA9, 0xDF, 0xE0,
+        0xCB, 0xA9, 0xA0, 0xF8, 0x62, 0x41, 0x33, 0x18,
+        0x59, 0xF9, 0xD6, 0xC0, 0x87, 0xB2, 0x76, 0xDE,
+        0xC9, 0x35, 0x6F, 0x1F, 0xEF, 0x69, 0xB3, 0x59,
+        0xF9, 0xFB, 0x38, 0x4A, 0x84, 0x02, 0x2D, 0xEC,
+        0xB7, 0x01, 0x08, 0xDA, 0xC8, 0xE9, 0x3B, 0xB6,
+        0xC3, 0x00, 0xC0, 0x34, 0x5F, 0xC6, 0x40, 0xC0,
+        0x06, 0xEA, 0xEB, 0xC1, 0x51, 0x13, 0x81, 0x2F,
+        0xB3, 0x7D, 0xD9, 0x6E, 0x2A, 0x06, 0xA4, 0x63,
+        0xAF, 0xCE, 0x66, 0xC5, 0x9F, 0x8D, 0x71, 0x4A,
+        0xA1, 0xFF, 0x49, 0x4F, 0x08, 0x6F, 0xB9, 0xEA,
+        0xDA, 0x18, 0x45, 0x63, 0xCA, 0x9D, 0x88, 0x08,
+        0xB1, 0x6C, 0x19, 0xA8, 0x24, 0xAD, 0x85, 0x7D,
+        0xDE, 0x51, 0xE5, 0x08, 0xB7, 0x04, 0x12, 0x35,
+        0xF3, 0x00, 0xED, 0x2C, 0x79, 0x9C, 0x18, 0x23,
+        0x05, 0x38, 0x95, 0x76, 0xCF, 0x39, 0x3C, 0xAE,
+        0xB0, 0xD3, 0xBA, 0x3E, 0x4E, 0xE4, 0xB5, 0x77,
+        0xA3, 0xE3, 0x7B, 0x27, 0x5F, 0xD8, 0x05, 0x19,
+        0x42, 0xAE, 0x91, 0x54, 0xE5, 0xBD, 0x7C, 0x35,
+        0xE0, 0xF8, 0x95, 0x52, 0x3A, 0x29, 0xB0, 0xE6,
+        0xB7, 0xAE, 0x20, 0xBE, 0x21, 0xDF, 0xF5, 0x67,
+        0xEC, 0x82, 0x52, 0xFF, 0x5B, 0xD0, 0xAA, 0x14,
+        0x50, 0x15, 0xE1, 0x1C, 0x6A, 0x1B, 0x94, 0x1B,
+        0xCC, 0x76, 0x01, 0xBF, 0x03, 0x94, 0x42, 0xF2,
+        0x00, 0x61, 0x96, 0x58, 0xD9, 0xD0, 0x40, 0x21,
+        0xFA, 0xCE, 0x6B, 0xAB, 0x5D, 0x49, 0xD8, 0xD7,
+        0xBC, 0x9A, 0x66, 0xC2, 0xBA, 0x3F, 0xDC, 0x49,
+        0x0D, 0xA5, 0x5C, 0xB4, 0x67, 0x08, 0x38, 0xEB,
+        0x2D, 0x07, 0x24, 0x5B, 0xB1, 0x22, 0x7B, 0x02,
+        0x4A, 0x8A, 0x53, 0x38, 0xE9, 0x42, 0x8E, 0xA5,
+        0x57, 0x41, 0xD6, 0x71, 0xA7, 0x9D, 0x6A, 0x14,
+        0xD2, 0x7D, 0x13, 0xFB, 0x59, 0xD0, 0xDA, 0xE5,
+        0x23, 0x9E, 0x1B, 0xC4, 0x21, 0x87, 0xBB, 0x78,
+        0xE0, 0x38, 0x01, 0x1D, 0xA0, 0xD1, 0x36, 0x3F,
+        0xD0, 0xA7, 0x8F, 0x86, 0x26, 0x1E, 0xB0, 0x26,
+        0xDE, 0x7E, 0x17, 0x3A, 0x90, 0xFC, 0xC0, 0x17,
+        0xDD, 0x78, 0xF5, 0xA3, 0x2D, 0x3E, 0x29, 0xCE,
+        0x38, 0x45, 0x76, 0xA9, 0x55, 0x11, 0xB6, 0xB4,
+        0xE5, 0x6E, 0xDD, 0x01, 0x4B, 0x16, 0x07, 0x99,
+        0xBD, 0x19, 0x77, 0xF5, 0xD7, 0x9E, 0x39, 0x9E,
+        0xAA, 0x8E, 0x2B, 0x75, 0xC5, 0xEB, 0x33, 0x56,
+        0x6C, 0xD8, 0xB6, 0x3F, 0x3F, 0x4E, 0x81, 0x7E,
+        0x29, 0x0A, 0x68, 0xED, 0x1E, 0x9F, 0xDC, 0x6B,
+        0xFA, 0x18, 0xE3, 0xE5, 0x7D, 0x05, 0x7F, 0x22,
+        0xFA, 0xA2, 0xF6, 0x0F, 0xB6, 0x34, 0x56, 0x72,
+        0x55, 0x16, 0x5E, 0xF4, 0x18, 0xD1, 0x82, 0xFA,
+        0xDD, 0xF7, 0xB8, 0x9F, 0x7D, 0x30, 0x10, 0x69,
+        0xC4, 0x85, 0xD8, 0xE8, 0x34, 0x89, 0xD4, 0x93,
+        0xBE, 0x56, 0xEE, 0xDC, 0x43, 0xD4, 0x82, 0x00,
+        0xFD, 0x1E, 0x2B, 0x06, 0x69, 0x07, 0x1B, 0xBF,
+        0x33, 0x61, 0x39, 0x28, 0xCA, 0x31, 0x91, 0x0B,
+        0xF2, 0xEA, 0x32, 0x8E, 0xA8, 0x64, 0x13, 0x9A,
+        0xEF, 0x79, 0x1A, 0x9A, 0xBE, 0x52, 0x13, 0x32,
+        0x49, 0x93, 0x7D, 0xA8, 0x8C, 0x48, 0xD4, 0xC0,
+        0x1D, 0x10, 0x8A, 0x46, 0x85, 0xAD, 0x29, 0xDF,
+        0x2E, 0xCD, 0x41, 0x83, 0x82, 0x01, 0x28, 0x44,
+        0x0E, 0xE5, 0x37, 0x8D, 0x6B, 0xCA, 0x61, 0x98,
+        0xDE, 0x89, 0xA9, 0x7B, 0xBB, 0x44, 0x48, 0xA2,
+        0x8D, 0x82, 0x3A, 0x57, 0x40, 0x60, 0x7C, 0x6E,
+        0x69, 0x98, 0x98, 0x93, 0xFA, 0x7E, 0x29, 0x9A,
+        0x74, 0x53, 0xD8, 0xDC, 0xB3, 0x4B, 0xDB, 0x7E,
+        0xFE, 0x95, 0xB0, 0xC7, 0x23, 0x14, 0xEF, 0xCB,
+        0x49, 0x3C, 0x09, 0xD7, 0x7B, 0xD0, 0x11, 0x9B,
+        0xAC, 0xF2, 0xC2, 0x2E, 0x7C, 0xCB, 0xCD, 0x59,
+        0x7F, 0x6A, 0x09, 0xFE, 0xFE, 0xDF, 0xA0, 0xA7,
+        0xAC, 0x3C, 0x90, 0xBA, 0x75, 0x19, 0xF4, 0x01,
+        0x60, 0x56, 0xD5, 0xFB, 0x41, 0x2B, 0xA0, 0x2D,
+        0x0D, 0x45, 0xCF, 0xF3, 0xA6, 0x3D, 0x36, 0xEE,
+        0xE1, 0xE4, 0x68, 0xE6, 0xEA, 0x2F, 0x67, 0x3A,
+        0x7A, 0x02, 0x92, 0x6B, 0xB3, 0x18, 0xBA, 0x73,
+        0xEE, 0x1B, 0x2C, 0x13, 0x7D, 0xEF, 0x4A, 0x39,
+        0xE8, 0x03, 0xFF, 0x57, 0x35, 0x53, 0xE9, 0xA5,
+        0xC6, 0xAA, 0x1A, 0x17, 0x21, 0xCA, 0x54, 0x38,
+        0x7C, 0xB1, 0xDF, 0xB8, 0xFA, 0x7D, 0xA7, 0x26,
+        0xB2, 0xAE, 0x7A, 0x05, 0x45, 0x3B, 0x40, 0x0A,
+        0x19, 0xE5, 0x32, 0x52, 0x78, 0x9D, 0xC3, 0x20,
+        0x63, 0x24, 0xB2, 0x58, 0x4B, 0x86, 0x1F, 0x00,
+        0xA2, 0x50, 0xF9, 0x9F, 0xD9, 0xDC, 0x7D, 0x51,
+        0x3D, 0xD7, 0xA6, 0x5A, 0x04, 0x03, 0x4E, 0xB3,
+        0x3D, 0x2D, 0x56, 0xA4, 0x96, 0xB3, 0x6A, 0xBA,
+        0x0A, 0x30, 0x08, 0xE3, 0x0F, 0xC1, 0x38, 0x24,
+        0x88, 0x5D, 0x9E, 0x6F, 0x68, 0x1A, 0x7D, 0xB6,
+        0x2D, 0xDD, 0xE3, 0x50, 0x1B, 0xD4, 0x07, 0x75,
+        0xE2, 0xE2, 0xCC, 0x09, 0xCC, 0x8E, 0x4E, 0x67,
+        0x02, 0x72, 0x02, 0xA8, 0x11, 0x70, 0xA5, 0x7F,
+        0x4A, 0xC1, 0x98, 0xC1, 0x7F, 0xBF, 0x95, 0xBB,
+        0xCE, 0xD3, 0x6D, 0x49, 0x30, 0xB9, 0x50, 0x8C,
+        0xFA, 0x3E, 0x8B, 0xF6, 0xE5, 0x54, 0xE9, 0x1B,
+        0xD7, 0xD6, 0xE5, 0x32, 0x33, 0xBB, 0x91, 0xAD,
+        0xC8, 0x15, 0x76, 0x1A, 0x04, 0x35, 0xDE, 0xCC,
+        0xE1, 0x67, 0x26, 0x4C, 0x2F, 0x4E, 0x34, 0x34,
+        0x3D, 0x1E, 0x5A, 0xF7, 0xBC, 0xE6, 0x0C, 0x9B,
+        0x7B, 0x7E, 0xE5, 0xDF, 0x72, 0x9A, 0x0D, 0xDD,
+        0x4B, 0xE6, 0x6F, 0x82, 0xFB, 0x5E, 0x2C, 0xC0,
+        0x7B, 0x03, 0x85, 0x76, 0x11, 0x0E, 0xFD, 0xC7,
+        0xD5, 0x50, 0x26, 0xBE, 0x75, 0x5E, 0xC1, 0xF0,
+        0x2E, 0x47, 0x62, 0xD6, 0xF1, 0xDA, 0xDF, 0xF4,
+        0x1C, 0xEE, 0x63, 0x52, 0xC4, 0x45, 0x37, 0xE6,
+        0x85, 0xA5, 0x0A, 0x07, 0x54, 0x63, 0x21, 0x7B,
+        0x92, 0xF7, 0x33, 0x0C, 0xD9, 0x29, 0xCF, 0xE3,
+        0xAB, 0xB5, 0xFC, 0xAA, 0x26, 0x20, 0x93, 0x55,
+        0x8A, 0x07, 0x33, 0xB2, 0x7D, 0x95, 0x02, 0x7A,
+        0x76, 0x9E, 0x7D, 0xBB, 0xC1, 0xF3, 0x6E, 0x84,
+        0x10, 0x30, 0x4B, 0x5D, 0x59, 0x73, 0x68, 0xEC,
+        0x2A, 0x63, 0x2D, 0x46, 0xE8, 0xC2, 0xF8, 0xEA,
+        0x2B, 0xC4, 0x4F, 0xA7, 0x6E, 0xF4, 0x74, 0xEB,
+        0x96, 0xA3, 0x64, 0x40, 0x9B, 0x23, 0x63, 0x42,
+        0x4B, 0x8F, 0x85, 0x00, 0x43, 0x04, 0xAD, 0x61,
+        0x76, 0x93, 0xBD, 0xC3, 0x88, 0xC3, 0xFC, 0x29,
+        0x61, 0xBD, 0xB1, 0x5A, 0x1F, 0x5B, 0x20, 0xEF,
+        0x95, 0xED, 0x99, 0x84, 0x96, 0xB2, 0x93, 0x81,
+        0x82, 0xFF, 0xE3, 0xB9, 0x27, 0xEA, 0x9A, 0x23,
+        0xF6, 0x42, 0x8D, 0xD3, 0x5C, 0x86, 0x11, 0xC8,
+        0x39, 0xE3, 0x16, 0xE9, 0xA5, 0x32, 0x7C, 0xC9,
+        0xEA, 0x82, 0x50, 0x9B, 0x21, 0x5C, 0xC9, 0x66,
+        0xBE, 0x1C, 0x78, 0x48, 0xEF, 0x39, 0x2D, 0xA1,
+        0xC6, 0xF3, 0x69, 0xA3, 0x36, 0x25, 0x3A, 0xA1,
+        0x15, 0x2B, 0x6D, 0xCF, 0xDA, 0xA7, 0xCA, 0xDD,
+        0x4D, 0x9A, 0x1D, 0x58, 0x9F, 0x73, 0xD3, 0xEF,
+        0x0F, 0xBF, 0x03, 0x88, 0x2F, 0xDE, 0xB9, 0x44,
+        0xB5, 0xB6, 0xCF, 0xE2, 0x6F, 0x6A, 0xB5, 0x12,
+        0x38, 0x29, 0x55, 0x8C, 0x4C, 0x73, 0x6F, 0x0B,
+        0x68, 0x7A, 0xC7, 0x06, 0x83, 0x80, 0xFE, 0x7F,
+        0x61, 0xBE, 0x6B, 0x40, 0xE3, 0xF0, 0x4D, 0x7B,
+        0x36, 0x82, 0x0F, 0xD8, 0x63, 0x29, 0xB3, 0x10,
+        0x9D, 0x02, 0xEC, 0x63, 0x90, 0xEA, 0xFC, 0x8C,
+        0xA7, 0x30, 0x56, 0x2B, 0x68, 0x08, 0x24, 0x24,
+        0xFD, 0xA9, 0x8D, 0x0B, 0x64, 0xBC, 0x97, 0x34,
+        0xB4, 0x0B, 0x63, 0xF7, 0xE3, 0x7A, 0xF6, 0x89,
+        0x0A, 0xF7, 0xC2, 0xD9, 0x2F, 0x79, 0xEE, 0xA3,
+        0xCC, 0xEA, 0xC6, 0x0A, 0x6F, 0x38, 0x06, 0x92,
+        0xF8, 0x02, 0xB1, 0x55, 0x6A, 0x78, 0xFE, 0x55,
+        0x83, 0xFF, 0x20, 0xA9, 0xC6, 0xA7, 0xBF, 0xCC,
+        0x86, 0x3A, 0x9E, 0x7B, 0x62, 0x01, 0x4D, 0x16,
+        0x05, 0xDE, 0x89, 0x4F, 0xB5, 0x85, 0xE2, 0xD4,
+        0xF9, 0x41, 0x15, 0xE0, 0x29, 0xE5, 0x85, 0x7E,
+        0x6A, 0x0A, 0x73, 0x89, 0x27, 0x5F, 0x53, 0x0D,
+        0x3D, 0x80, 0xCF, 0xAB, 0x1F, 0x22, 0x5D, 0x38,
+        0x33, 0x5D, 0x24, 0x67, 0x91, 0x97, 0xD4, 0x8A,
+        0x01, 0x8A, 0x34, 0x18, 0x7D, 0xE3, 0xBC, 0xCE,
+        0xDE, 0x94, 0xFF, 0x8E, 0xC5, 0x34, 0xC0, 0x2D,
+        0xA7, 0x24, 0xD4, 0x59, 0x8D, 0x66, 0x9E, 0x85,
+        0xA9, 0xC6, 0x0E, 0x45, 0x21, 0x4F, 0xAA, 0x65,
+        0x44, 0xD6, 0xA4, 0x7D, 0x1C, 0x4E, 0xD7, 0x40,
+        0x9D, 0x55, 0xB1, 0xA7, 0xF1, 0x15, 0xAE, 0x15,
+        0x44, 0x3A, 0x1C, 0x31, 0x06, 0x40, 0xD1, 0x16,
+        0x23, 0x84, 0x93, 0xEF, 0x3E, 0xE2, 0x87, 0x9B,
+        0xB8, 0x46, 0x1F, 0x7D, 0x68, 0x73, 0x64, 0x70,
+        0xD4, 0xB5, 0x73, 0xAE, 0x45, 0x49, 0x93, 0xF5,
+        0x32, 0x30, 0x1E, 0x35, 0xCB, 0x9E, 0xEE, 0xDF,
+        0xFE, 0xA8, 0x2F, 0xAC, 0x49, 0x77, 0x53, 0xF7,
+        0x50, 0x19, 0xF2, 0xB3, 0xB0, 0x2C, 0x70, 0xB6,
+        0x4A, 0x57, 0x95, 0x31, 0xC3, 0x26, 0x07, 0x2A,
+        0xCF, 0x1B, 0xD0, 0xAA, 0xA0, 0x9F, 0x0A, 0x97,
+        0x8B, 0x78, 0xAB, 0x22, 0xBD, 0x61, 0x19, 0xF8,
+        0x8D, 0xD2, 0xD5, 0x72, 0xF8, 0x91, 0x9D, 0x47,
+        0x4F, 0x59, 0x1D, 0xAE, 0x9F, 0xCE, 0x47, 0x53,
+        0xC9, 0x85, 0xFB, 0x25, 0x04, 0x25, 0xF2, 0x65,
+        0x61, 0xFF, 0xA9, 0x44, 0x3F, 0x23, 0x76, 0x68,
+        0x9F, 0xEB, 0x48, 0xC4, 0xCE, 0x51, 0x46, 0x04,
+        0x52, 0x6A, 0x10, 0x0A, 0xF3, 0x3F, 0x0D, 0x43,
+        0x37, 0xD1, 0x60, 0x42, 0x22, 0xC4, 0xD9, 0xF9,
+        0x3A, 0x8E, 0x69, 0xE4, 0xCC, 0xD3, 0x66, 0x69,
+        0x09, 0x0C, 0x5D, 0xFB, 0x0E, 0x95, 0x49, 0x42,
+        0x29, 0xFF, 0x9B, 0x20, 0xCC, 0xB1, 0xAC, 0x81,
+        0xB8, 0x1A, 0x36, 0xD6, 0x3A, 0x85, 0x0D, 0xDB,
+        0x33, 0x33, 0x4D, 0xAA, 0x51, 0x46, 0xBF, 0x36,
+        0xFE, 0x18, 0x80, 0x1E, 0x3B, 0xEB, 0xD0, 0xE9,
+        0x1B, 0x5E, 0x1C, 0xFE, 0x7A, 0x98, 0x26, 0x85,
+        0x0A, 0xF4, 0x39, 0x7D, 0x1B, 0x07, 0xD3, 0xB7,
+        0x19, 0xE5, 0x7B, 0xB8, 0x32, 0xAF, 0x42, 0x34,
+        0xC0, 0xCD, 0x9F, 0xD4, 0x0B, 0x88, 0x2F, 0xCE,
+        0xDA, 0x93, 0x7E, 0xF9, 0xA2, 0xDA, 0x24, 0x59,
+        0x2B, 0xCB, 0x5D, 0x1B, 0xE8, 0x3E, 0xC5, 0xF0,
+        0x3D, 0xBD, 0xFB, 0xCB, 0x33, 0x5D, 0x90, 0xD5,
+        0xC8, 0xA0, 0x2E, 0xE5, 0x3D, 0x50, 0x8E, 0xB5,
+        0xDE, 0x4A, 0x96, 0x1B, 0x95, 0x8F, 0x75, 0x1E,
+        0x5F, 0x89, 0xA1, 0xD2, 0x88, 0x95, 0xA3, 0xDB,
+        0x7B, 0x62, 0xEF, 0x4A, 0xE1, 0x6D, 0x28, 0xFB,
+        0x78, 0x9B, 0x32, 0x03, 0xAD, 0x24, 0x63, 0xD6,
+        0xEA, 0xB8, 0x3A, 0x6D, 0x20, 0xCE, 0xA1, 0x31,
+        0x4A, 0xE0, 0x2A, 0x3F, 0xF6, 0xF6, 0x53, 0x15,
+        0x4A, 0xE1, 0x44, 0x23, 0x81, 0x86, 0x21, 0x47,
+        0x41, 0xC2, 0x36, 0x14, 0x81, 0x83, 0xBC, 0x39,
+        0xAE, 0xDF, 0x44, 0xDA, 0x97, 0xF7, 0x31, 0xCE,
+        0x3D, 0xCB, 0x61, 0xA4, 0xCF, 0xE1, 0x4F, 0x9E,
+        0x84, 0xAA, 0x05, 0xAB, 0x1C, 0x1B, 0x95, 0x1D,
+        0x20, 0x15, 0x52, 0x33, 0xFA, 0xFA, 0xF1, 0x6C,
+        0xF1, 0xBD, 0x0B, 0xAF, 0xE1, 0x99, 0xE6, 0x5D,
+        0x56, 0x34, 0x53, 0xBF, 0xE5, 0x5D, 0x5F, 0x47,
+        0x4A, 0xB1, 0x05, 0x94, 0xD7, 0x38, 0xA8, 0xC1,
+        0x06, 0x28, 0x8D, 0x69, 0xD0, 0x7A, 0x16, 0x88,
+        0x60, 0x14, 0x63, 0xF3, 0xBD, 0x21, 0x46, 0x81,
+        0x9C, 0x83, 0x72, 0x6D, 0x14, 0xC6, 0xA8, 0x08,
+        0x39, 0xB8, 0x79, 0x0B, 0x57, 0x16, 0xE7, 0x72,
+        0xF6, 0xC2, 0x4C, 0x2B, 0xEB, 0x7E, 0x2C, 0xF3,
+        0x7B, 0x3F, 0x42, 0xAC, 0xDD, 0x47, 0x3E, 0x8C,
+        0xCD, 0xBE, 0x48, 0x4D, 0x6E, 0x07, 0xB0, 0x73,
+        0xDE, 0xCB, 0x17, 0x4A, 0xC3, 0xB8, 0xBB, 0x2E,
+        0xF5, 0x4E, 0x6D, 0xF9, 0xE0, 0x20, 0x71, 0xFA,
+        0x60, 0x0A, 0xE5, 0x59, 0x67, 0xEB, 0x6F, 0x70,
+        0x2F, 0x71, 0x91, 0x59, 0xF0, 0xEB, 0x06, 0x5C,
+        0xC4, 0x60, 0x48, 0xE8, 0x75, 0xE7, 0xCF, 0x42,
+        0x71, 0xAD, 0x2E, 0xDA, 0xF9, 0x10, 0x82, 0x9A,
+        0xF6, 0x13, 0xBA, 0x89, 0xFC, 0x61, 0x2A, 0x00,
+        0xFD, 0xAE, 0x53, 0x7B, 0x09, 0x3A, 0xE8, 0xCB,
+        0xE6, 0xB7, 0x0D, 0x03, 0x01, 0xFA, 0x2E, 0x13,
+        0xA9, 0x16, 0x38, 0x1C, 0x92, 0xEC, 0xB4, 0x51,
+        0xA3, 0x6E, 0x3F, 0xA8, 0xB7, 0x37, 0x36, 0x20,
+        0xC0, 0x71, 0xA3, 0x05, 0x34, 0xED, 0xCB, 0x4A,
+        0x3F, 0x11, 0x31, 0x17, 0xA5, 0x02, 0xD6, 0xA7,
+        0x2D, 0xE6, 0xC7, 0x7B, 0xBB, 0xF6, 0xAE, 0x99,
+        0x85, 0x9A, 0xAC, 0xE6, 0x4A, 0x92, 0x8C, 0x37,
+        0x4B, 0xD2, 0xC4, 0x65, 0x2A, 0xC9, 0x7E, 0xB7,
+        0x44, 0xD2, 0x9A, 0x70, 0xCE, 0xA9, 0xA1, 0x9D,
+        0x70, 0x13, 0x49, 0x7B, 0xCA, 0xB6, 0x96, 0x31,
+        0x43, 0x3F, 0x9E, 0xD1, 0xFE, 0x20, 0xF8, 0x0B,
+        0x59, 0x83, 0xE1, 0x28, 0x8B, 0xB6, 0xA2, 0xBE,
+        0x91, 0x54, 0x3E, 0xD4, 0x79, 0x28, 0xBB, 0x5E,
+        0x46, 0x2D, 0x01, 0xE9, 0xC0, 0xB7, 0xFF, 0xFA,
+        0xC0, 0x6C, 0x10, 0xF1, 0x52, 0xF4, 0x3C, 0x32,
+        0x9E, 0x89, 0xDF, 0x8A, 0x79, 0x99, 0x6A, 0x09,
+        0x79, 0x8A, 0x36, 0x76, 0x40, 0xBE, 0x9F, 0xB5,
+        0x3D, 0xCE, 0x27, 0xBD, 0x0B, 0xAA, 0x9B, 0xF0,
+        0x21, 0xBF, 0x10, 0xD2, 0xFC, 0xFE, 0x5B, 0x13,
+        0xFD, 0x7D, 0x84, 0xD1, 0xC1, 0xEB, 0xC0, 0xBC,
+        0xEC, 0x26, 0xD0, 0x87, 0x80, 0xD1, 0x3B, 0x99,
+        0x47, 0x67, 0x26, 0x61, 0xE0, 0xFA, 0x5F, 0xAE,
+        0x6F, 0x31, 0x5B, 0x6D, 0xE4, 0x01, 0x68, 0xC2,
+        0x35, 0x1D, 0xE3, 0x1F, 0x41, 0xFF, 0x6C, 0x53,
+        0x32, 0x26, 0xE1, 0xBC, 0xE3, 0xF8, 0xE2, 0x16,
+        0xAF, 0x3B, 0xE6, 0x4C, 0x69, 0x33, 0x72, 0xA0,
+        0x66, 0xB1, 0x75, 0xF7, 0x26, 0xCF, 0xCD, 0x64,
+        0x2B, 0xAE, 0x98, 0x02, 0x92, 0xC1, 0xCB, 0x65,
+        0xE0, 0x1F, 0x07, 0x29, 0x64, 0x0A, 0xB0, 0x09,
+        0xCB, 0x98, 0x89, 0x2D, 0x6C, 0xFE, 0x40, 0x03,
+        0x34, 0x55, 0xDE, 0xE7, 0x30, 0x33, 0xB6, 0xD5,
+        0xE1, 0x9C, 0x59, 0x9F, 0x8A, 0x40, 0x0E, 0xB1,
+        0x41, 0x52, 0x7D, 0xF2, 0xBB, 0xDD, 0xEF, 0x50,
+        0xBB, 0xD5, 0xFB, 0x55, 0xAA, 0x5E, 0xFD, 0xB3,
+        0x5D, 0x08, 0x56, 0x9B, 0x02, 0x97, 0xE2, 0x48,
+        0x14, 0x69, 0xF1, 0x7B, 0x87, 0xB5, 0x08, 0x93,
+        0x6A, 0x9C, 0x5C, 0x11, 0x08, 0x9A, 0xE9, 0xE4,
+        0xB0, 0xCA, 0xC5, 0x74, 0x93, 0x93, 0xC8, 0x03,
+        0xE4, 0x70, 0x39, 0xF5, 0x1B, 0x5C, 0xBD, 0x42,
+        0xA6, 0xC9, 0xE1, 0x9E, 0xC3, 0xF6, 0x3C, 0x23,
+        0x32, 0xE8, 0x77, 0x68, 0xA9, 0x60, 0xFA, 0x02,
+        0x18, 0x6B, 0x7A, 0x2B, 0x02, 0x92, 0x65, 0x09,
+        0x11, 0x46, 0x73, 0x04, 0x63, 0xDF, 0x8B, 0x37,
+        0x5F, 0x24, 0xAA, 0x83, 0xBD, 0xD4, 0x1D, 0x13,
+        0x04, 0xFC, 0x2F, 0xB5, 0x2D, 0xA1, 0x0F, 0x1F,
+        0xED, 0x65, 0x29, 0x08, 0xCF, 0x8C, 0x52, 0x8F,
+        0xB2, 0x62, 0x5F, 0x39, 0x3F, 0xC8, 0xC7, 0xB3,
+        0x3F, 0xAD, 0x45, 0xBA, 0xD4, 0x7D, 0x38, 0x3D,
+        0x2C, 0x04, 0xCF, 0x32, 0xE8, 0x07, 0x42, 0x5F,
+        0x93, 0xD2, 0x35, 0x07, 0x21, 0xB7, 0xB2, 0xF5,
+        0x96, 0x64, 0x8E, 0xB5, 0xE1, 0x38, 0x6B, 0x43,
+        0xD1, 0x2E, 0xFD, 0xDB, 0x8F, 0xE2, 0x43, 0x6A,
+        0xEC, 0x27, 0x8E, 0xE7, 0x68, 0x75, 0xB5, 0x23,
+        0xC5, 0x43, 0x1D, 0x99, 0x48, 0x57, 0x73, 0xD9,
+        0xAD, 0xBC, 0xD0, 0x14, 0xDD, 0x87, 0xBC, 0x68,
+        0xFB, 0x82, 0xEE, 0x47, 0x4B, 0x22, 0xA5, 0x43,
+        0x3A, 0xF9, 0xF9, 0x91, 0xFC, 0x34, 0xB2, 0x58,
+        0x34, 0xDF, 0x13, 0x09, 0x9A, 0x46, 0xF5, 0x68,
+        0xAF, 0xD1, 0x15, 0x5F, 0x32, 0x1B, 0x9D, 0xA9,
+        0xE9, 0xC0, 0x63, 0x47, 0xAB, 0x3C, 0x1F, 0x59,
+        0xF7, 0xEA, 0x0E, 0xD6, 0xCF, 0x47, 0xB3, 0xE9,
+        0xAF, 0x65, 0x7A, 0xA7, 0xAE, 0x9B, 0xF8, 0x26,
+        0x0B, 0x96, 0x9D, 0xE4, 0xAD, 0x24, 0xD3, 0xA8,
+        0xCE, 0x95, 0xE5, 0x77, 0xD0, 0x44, 0x13, 0x05,
+        0x06, 0x4E, 0x07, 0xB9, 0xA2, 0xC7, 0x5C, 0x3C,
+        0x43, 0x80, 0x1F, 0xCE, 0xB7, 0x36, 0xFE, 0x3D,
+        0x27, 0x1B, 0xE1, 0xF3, 0x6B, 0xFF, 0xC8, 0xE4,
+        0x3D, 0xB1, 0x4A, 0x16, 0x24, 0x76, 0xBA, 0xEA,
+        0x9D, 0x34, 0x6B, 0x52, 0x11, 0xAB, 0xD0, 0x06,
+        0x08, 0xB1, 0x5A, 0xF3, 0xB5, 0xE6, 0x3A, 0x00,
+        0xFF, 0x92, 0x8D, 0x1E, 0xA1, 0xA1, 0x8D, 0x75,
+        0xFA, 0x7C, 0x6C, 0x1B, 0x0F, 0xB6, 0x27, 0x2E,
+        0x55, 0xC3, 0xFE, 0x7E, 0x4D, 0x42, 0x05, 0xE5,
+        0xCF, 0x0A, 0x1F, 0x87, 0x18, 0x30, 0x4E, 0x14,
+        0xF2, 0xB4, 0xCC, 0x54, 0x3D, 0x04, 0x37, 0x34,
+        0x1A, 0x4A, 0x31, 0x16, 0x01, 0xA9, 0x2E, 0x92,
+        0x56, 0x6B, 0x7D, 0xFB, 0x42, 0x64, 0xE8, 0x70,
+        0xE1, 0xB3, 0xA8, 0x75, 0xED, 0xBC, 0x00, 0x3A,
+        0x56, 0x19, 0x70, 0xCF, 0x8A, 0x66, 0x9F, 0x3D,
+        0x1B, 0x69, 0x28, 0x8C, 0xC6, 0xE3, 0x59, 0xCE,
+        0x28, 0xCA, 0x65, 0xF9, 0xDA, 0xE8, 0xCE, 0xCA,
+        0x74, 0x3C, 0x1C, 0x8D, 0x9F, 0xFB, 0x55, 0x08,
+        0x82, 0x4A, 0x83, 0x61, 0xE3, 0x3B, 0x43, 0x1A,
+        0x2E, 0x9E, 0x9A, 0x99, 0x78, 0x47, 0xD2, 0xE6,
+        0xE4, 0x3C, 0x83, 0xF0, 0x22, 0x62, 0xE2, 0x94,
+        0x6D, 0xF7, 0x72, 0x6D, 0x54, 0xE3, 0xE6, 0xC9,
+        0xCC, 0xDB, 0x6D, 0x3F, 0x13, 0x63, 0x46, 0xC1,
+        0x1E, 0x59, 0x42, 0xE7, 0xA1, 0xBF, 0x85, 0x0C,
+        0x2E, 0x99, 0xB4, 0xFA, 0xCE, 0x75, 0xFD, 0x40,
+        0x88, 0x69, 0x33, 0x90, 0x7C, 0xCD, 0xFC, 0x0D,
+        0xE1, 0x17, 0x70, 0x20, 0x31, 0x94, 0x1D, 0x00,
+        0x1E, 0x2A, 0x68, 0x3C, 0x55, 0x78, 0xFD, 0x33,
+        0x54, 0x21, 0x2C, 0xEA, 0xD9, 0x69, 0xBF, 0x1C,
+        0x81, 0x23, 0x9E, 0xEC, 0xC7, 0x74, 0xFD, 0x0B,
+        0x88, 0x3D, 0x0E, 0xEE, 0x82, 0x4B, 0x10, 0xB8,
+        0x79, 0xCF, 0x70, 0x7C, 0xB2, 0x68, 0x47, 0x45,
+        0x22, 0x06, 0x1E, 0x92, 0x7B, 0x12, 0x43, 0x24,
+        0x41, 0x15, 0xC6, 0x69, 0xE9, 0xEB, 0x27, 0x2B,
+        0x60, 0xA6, 0x44, 0xF5, 0x19, 0xEF, 0xEC, 0x06,
+        0x34, 0x08, 0xB6, 0x58, 0x47, 0x2E, 0x91, 0x61,
+        0xA1, 0xF7, 0x44, 0xFD, 0x66, 0x16, 0x9F, 0x0C,
+        0xAE, 0x36, 0xB4, 0x2E, 0x23, 0x79, 0xCB, 0xE8,
+        0x1E, 0x6E, 0x51, 0xA0, 0xF5, 0x34, 0x15, 0x18,
+        0x4E, 0xA0, 0x06, 0xB2, 0x27, 0x0B, 0x33, 0xE2,
+        0xCA, 0x36, 0x4C, 0xDB, 0x33, 0xAA, 0xAE, 0x77,
+        0xFF, 0xD9, 0x53, 0xDB, 0x39, 0x70, 0x4D, 0x49,
+        0x0C, 0xE9, 0xAC, 0x6F, 0x2D, 0xD1, 0xC7, 0xA1,
+        0x8E, 0x61, 0x74, 0x19, 0xA9, 0xAA, 0xFB, 0x37,
+        0xE7, 0x23, 0x9B, 0x23, 0x6A, 0x4B, 0x74, 0xCE,
+        0x63, 0xE4, 0xA0, 0xAD, 0xFF, 0x85, 0x5D, 0xCD,
+        0x78, 0xF6, 0x45, 0x8E, 0x76, 0x0B, 0xFD, 0x1D,
+        0x2A, 0xB9, 0x5E, 0x83, 0xC0, 0x3B, 0x6F, 0xAE,
+        0x0C, 0xD3, 0xC5, 0xCE, 0xEE, 0xEE, 0x1C, 0x69,
+        0x51, 0x59, 0x65, 0xA3, 0x35, 0xFC, 0xF7, 0x8E,
+        0x80, 0xAA, 0x73, 0x93, 0x39, 0x54, 0x21, 0x27,
+        0x17, 0x0B, 0x2C, 0x3E, 0xE1, 0x0B, 0x0E, 0xAA,
+        0x09, 0x9A, 0xC7, 0xAD, 0x4C, 0xD7, 0x6E, 0x7F,
+        0xE4, 0xC1, 0x16, 0x4E, 0x62, 0xF4, 0xE5, 0x80,
+        0x7D, 0xC0, 0x06, 0x1F, 0x77, 0xE4, 0xA8, 0xA5,
+        0x28, 0xD7, 0x10, 0x37, 0x59, 0x30, 0xCB, 0x75,
+        0x5B, 0x28, 0xBF, 0xFD, 0x92, 0x8C, 0xB0, 0x7B,
+        0xB4, 0xA1, 0x07, 0xCD, 0xCA, 0xBB, 0x30, 0x8A,
+        0x48, 0x65, 0x0D, 0xA4, 0xE5, 0x74, 0xD9, 0xBF,
+        0x56, 0x07, 0xF5, 0x83, 0xDA, 0xC3, 0x40, 0xD7,
+        0x20, 0x93, 0xEF, 0xB1, 0x2B, 0xBF, 0x93, 0x41,
+        0x0F, 0x1E, 0xF5, 0xC9, 0x51, 0x6C, 0x74, 0x4D,
+        0x23, 0x15, 0xEC, 0x9E, 0x00, 0x0A, 0x8D, 0xC5,
+        0xD1, 0x7A, 0x7B, 0x6F, 0x0D, 0x07, 0x9D, 0x78,
+        0x4B, 0x6D, 0x90, 0x19, 0x3F, 0x6E, 0x3E, 0xE7,
+        0xEA, 0x0E, 0xAB, 0xFC, 0x6F, 0x68, 0xC5, 0x2B,
+        0x37, 0xCB, 0xCE, 0x82, 0x18, 0xAF, 0xA3, 0x67,
+        0x0A, 0x80, 0xBC, 0x17, 0xB9, 0x5D, 0x7B, 0x40,
+        0x53, 0x62, 0x26, 0x35, 0x8F, 0x04, 0xAC, 0xD9,
+        0x2A, 0x1B, 0xE1, 0x5B, 0x26, 0xA4, 0xE5, 0x81,
+        0x7E, 0x62, 0x8B, 0xA6, 0x79, 0xB3, 0x52, 0x72,
+        0x03, 0xCD, 0x36, 0x32, 0x62, 0x8E, 0xC8, 0x3A,
+        0xA4, 0xF2, 0x18, 0x6D, 0x2F, 0x00, 0x5D, 0x5D,
+        0xFE, 0x6F, 0x7F, 0xDB, 0x4F, 0xED, 0xAC, 0x9E,
+        0x89, 0xD6, 0x66, 0xE3, 0x03, 0xBB, 0x56, 0x83,
+        0x06, 0x15, 0x6C, 0x56, 0xF0, 0x95, 0x34, 0xE2,
+        0x5C, 0x61, 0x9A, 0xB3, 0xB9, 0x50, 0x18, 0xF4,
+        0x89, 0x6B, 0xAC, 0xAA, 0x48, 0x34, 0xF6, 0xD2,
+        0xD8, 0xFE, 0x14, 0xA9, 0x38, 0xAA, 0x10, 0xE5,
+        0x30, 0x54, 0xF0, 0x00, 0x84, 0x44, 0xAC, 0x2E,
+        0xEA, 0x25, 0x38, 0xC1, 0x23, 0x0E, 0x6A, 0x18,
+        0xC9, 0x2B, 0x01, 0xD9, 0x14, 0x7F, 0xDC, 0xEF,
+        0xC9, 0xC8, 0xDA, 0xC1, 0xD4, 0xEC, 0xC8, 0xCF,
+        0x1F, 0x96, 0x2E, 0xFA, 0x1B, 0x8C, 0xD3, 0xC9,
+        0x69, 0x00, 0x0B, 0x7E, 0xBA, 0xC5, 0x98, 0xDC,
+        0xA4, 0x5E, 0xB4, 0x0B, 0xCF, 0xB1, 0x98, 0x51,
+        0x48, 0x38, 0x51, 0xCF, 0x34, 0x0F, 0x3E, 0x8C,
+        0x23, 0x7A, 0x9E, 0xFF, 0x1C, 0x9F, 0x21, 0xE4,
+        0x97, 0x55, 0x41, 0xC6, 0x1A, 0x8F, 0xEF, 0x2A,
+        0xC6, 0x05, 0x7F, 0x59, 0xDC, 0xB2, 0x3A, 0x80,
+        0xE8, 0x06, 0x10, 0xCD, 0x85, 0xDB, 0x20, 0x3C,
+        0x35, 0xD2, 0x4B, 0xC8, 0x2B, 0x9C, 0xD7, 0x82,
+        0x46, 0xF5, 0x9F, 0xEB, 0xB2, 0x48, 0x32, 0xD7,
+        0xCD, 0x66, 0x4C, 0x99, 0x51, 0x88, 0xE0, 0x28,
+        0x1C, 0xD7, 0x86, 0x79, 0x00, 0xDC, 0x0D, 0xF4,
+        0x4D, 0x40, 0x90, 0x80, 0x26, 0x8B, 0x79, 0xE9,
+        0x56, 0x82, 0x88, 0x5F, 0x22, 0x87, 0x70, 0x73,
+        0x4F, 0xA5, 0x35, 0x18, 0xEC, 0x80, 0xCE, 0x23,
+        0x06, 0xCE, 0x14, 0x48, 0x52, 0x4E, 0xF0, 0x18,
+        0x43, 0x03, 0xD4, 0x50, 0xC7, 0x6E, 0xA6, 0x3B,
+        0x73, 0x3E, 0xB0, 0xC8, 0xDC, 0x48, 0xBF, 0x12,
+        0x42, 0x3A, 0xD2, 0x38, 0x89, 0xCF, 0xCD, 0xD8,
+        0x91, 0xE5, 0x95, 0x00, 0x47, 0x24, 0x0D, 0xC0,
+        0xC3, 0x8A, 0xB2, 0xDB, 0xC1, 0x65, 0xB8, 0x1E,
+        0x63, 0x10, 0x02, 0xEA, 0x6F, 0x74, 0x11, 0x9E,
+        0x27, 0xF9, 0xF8, 0x60, 0x73, 0xBF, 0x2D, 0xF7,
+        0x10, 0x81, 0x86, 0x76, 0x98, 0x0C, 0x4C, 0xB6,
+        0xBD, 0x53, 0xF9, 0xA5, 0x72, 0x17, 0x78, 0xB8,
+        0x9F, 0x59, 0xC6, 0x8C, 0x89, 0x35, 0xF5, 0x03,
+        0x1C, 0x8A, 0x93, 0x36, 0x7D, 0x71, 0x70, 0x57,
+        0xFD, 0x4D, 0x5E, 0xFA, 0xBE, 0xDE, 0x70, 0x2C,
+        0xC6, 0x45, 0xEF, 0xB6, 0xD7, 0xF4, 0x4C, 0x86,
+        0x0F, 0xFF, 0x76, 0x37, 0xAA, 0xD9, 0x72, 0x24,
+        0x8C, 0x84, 0x4D, 0x15, 0x13, 0x39, 0x20, 0x07,
+        0x38, 0x91, 0xC3, 0x13, 0x5D, 0x29, 0x78, 0x68,
+        0xB7, 0xDA, 0x86, 0xF0, 0x97, 0xD8, 0xFB, 0x39,
+        0xC1, 0x3B, 0xA1, 0x4C, 0x4F, 0x24, 0x75, 0x16,
+        0xAB, 0xA4, 0xC5, 0xF8, 0xCE, 0x38, 0x18, 0x48,
+        0x2C, 0x8F, 0xF6, 0x0C, 0xCA, 0x51, 0xFD, 0xB2,
+        0xCE, 0xE9, 0x6B, 0xC1, 0x13, 0x8D, 0xC0, 0x4A,
+        0x86, 0xF8, 0x57, 0x72, 0x75, 0x91, 0xAA, 0xE6,
+        0xF8, 0x7C, 0x30, 0x05, 0x9B, 0x3E, 0x81, 0xB6,
+        0x80, 0x55, 0xB2, 0x4E, 0xA2, 0xFA, 0x98, 0x36,
+        0x86, 0x49, 0x8B, 0xFC, 0x9D, 0x9E, 0x7D, 0x59,
+        0x50, 0x79, 0xEB, 0x64, 0x6E, 0x85, 0xB2, 0x12,
+        0xCE, 0xDD, 0x21, 0xD0, 0x08, 0x7E, 0x0F, 0x2A,
+        0xF6, 0x63, 0xEB, 0x77, 0x2A, 0x98, 0x47, 0xB1,
+        0xDF, 0x21, 0x97, 0xAF, 0x13, 0x62, 0x6B, 0x89,
+        0x7C, 0x24, 0x63, 0x7A, 0xF5, 0xBF, 0xE8, 0x18,
+        0x16, 0xA8, 0xC9, 0x0D, 0x30, 0x48, 0x37, 0x5B,
+        0x69, 0x94, 0x97, 0x14, 0x3E, 0x57, 0x71, 0x85,
+        0xA7, 0x0E, 0x11, 0x50, 0x58, 0xA3, 0xA9, 0x11,
+        0x2B, 0x2C, 0x43, 0x51, 0xB6, 0xCA, 0xD0, 0x09,
+        0x28, 0x2B, 0x4F, 0x7C, 0xB8, 0xBD, 0xFC, 0x28,
+        0x57, 0x77, 0xD7, 0xDF, 0xE8, 0xF5, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x03, 0x06, 0x0B, 0x11, 0x17,
+        0x1F, 0x27, 0x2E
+    };
+#endif
+#endif
+
+    key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(*key));
+    }
+
+    ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0);
+#ifndef WOLFSSL_NO_ML_DSA_44
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_44, (word32)sizeof(pk_44), key),
+        0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_44, (word32)sizeof(sig_44), msg_44,
+        (word32)sizeof(msg_44), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_44_draft,
+        (word32)sizeof(pk_44_draft), key), 0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_44_draft,
+        (word32)sizeof(sig_44_draft), msg_44_draft,
+        (word32)sizeof(msg_44_draft), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_65, (word32)sizeof(pk_65), key),
+        0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_65, (word32)sizeof(sig_65), msg_65,
+        (word32)sizeof(msg_65), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_65_draft,
+        (word32)sizeof(pk_65_draft), key), 0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_65_draft,
+        (word32)sizeof(sig_65_draft), msg_65_draft,
+        (word32)sizeof(msg_65_draft), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_87, (word32)sizeof(pk_87), key),
+        0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_87, (word32)sizeof(sig_87), msg_87,
+        (word32)sizeof(msg_87), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0);
+    ExpectIntEQ(wc_dilithium_import_public(pk_87_draft,
+        (word32)sizeof(pk_87_draft), key), 0);
+    ExpectIntEQ(wc_dilithium_verify_msg(sig_87_draft,
+        (word32)sizeof(sig_87_draft), msg_87_draft,
+        (word32)sizeof(msg_87_draft), &res, key), 0);
+    ExpectIntEQ(res, 1);
+#endif
+#endif
+
+    wc_dilithium_free(key);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_mldsa.h b/tests/api/test_mldsa.h
new file mode 100644
index 000000000..9b77d4620
--- /dev/null
+++ b/tests/api/test_mldsa.h
@@ -0,0 +1,52 @@
+/* test_mldsa.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_MLDSA_H
+#define WOLFCRYPT_TEST_MLDSA_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_dilithium(void);
+int test_wc_dilithium_make_key(void);
+int test_wc_dilithium_sign(void);
+int test_wc_dilithium_verify(void);
+int test_wc_dilithium_sign_vfy(void);
+int test_wc_dilithium_check_key(void);
+int test_wc_dilithium_public_der_decode(void);
+int test_wc_dilithium_der(void);
+int test_wc_dilithium_make_key_from_seed(void);
+int test_wc_dilithium_sig_kats(void);
+int test_wc_dilithium_verify_kats(void);
+
+#define TEST_MLDSA_DECLS                                            \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium),                    \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key),           \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign),               \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify),             \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_vfy),           \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_check_key),          \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_public_der_decode),  \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_der),                \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats),           \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats)
+
+#endif /* WOLFCRYPT_TEST_MLDSA_H */
diff --git a/tests/api/test_mlkem.c b/tests/api/test_mlkem.c
new file mode 100644
index 000000000..4ff92d66b
--- /dev/null
+++ b/tests/api/test_mlkem.c
@@ -0,0 +1,3874 @@
+/* test_mlkem.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef WOLFSSL_HAVE_MLKEM
+    #include <wolfssl/wolfcrypt/mlkem.h>
+#ifdef WOLFSSL_WC_MLKEM
+    #include <wolfssl/wolfcrypt/wc_mlkem.h>
+#endif
+#endif
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_mlkem.h>
+
+int test_wc_mlkem_make_key_kats(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_HAVE_MLKEM) && defined(WOLFSSL_WC_MLKEM) && \
+    !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_MLKEM_NO_MAKE_KEY)
+    MlKemKey* key;
+#ifndef WOLFSSL_NO_ML_KEM_512
+    static const byte seed_512[WC_ML_KEM_MAKEKEY_RAND_SZ] = {
+        /* d */
+        0x2C, 0xB8, 0x43, 0xA0, 0x2E, 0xF0, 0x2E, 0xE1,
+        0x09, 0x30, 0x5F, 0x39, 0x11, 0x9F, 0xAB, 0xF4,
+        0x9A, 0xB9, 0x0A, 0x57, 0xFF, 0xEC, 0xB3, 0xA0,
+        0xE7, 0x5E, 0x17, 0x94, 0x50, 0xF5, 0x27, 0x61,
+        /* z */
+        0x84, 0xCC, 0x91, 0x21, 0xAE, 0x56, 0xFB, 0xF3,
+        0x9E, 0x67, 0xAD, 0xBD, 0x83, 0xAD, 0x2D, 0x3E,
+        0x3B, 0xB8, 0x08, 0x43, 0x64, 0x52, 0x06, 0xBD,
+        0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7
+    };
+    static const byte ek_512[WC_ML_KEM_512_PUBLIC_KEY_SIZE] = {
+        0xA3, 0x24, 0x39, 0xF8, 0x5A, 0x3C, 0x21, 0xD2,
+        0x1A, 0x71, 0xB9, 0xB9, 0x2A, 0x9B, 0x64, 0xEA,
+        0x0A, 0xB8, 0x43, 0x12, 0xC7, 0x70, 0x23, 0x69,
+        0x4F, 0xD6, 0x4E, 0xAA, 0xB9, 0x07, 0xA4, 0x35,
+        0x39, 0xDD, 0xB2, 0x7B, 0xA0, 0xA8, 0x53, 0xCC,
+        0x90, 0x69, 0xEA, 0xC8, 0x50, 0x8C, 0x65, 0x3E,
+        0x60, 0x0B, 0x2A, 0xC0, 0x18, 0x38, 0x1B, 0x4B,
+        0xB4, 0xA8, 0x79, 0xAC, 0xDA, 0xD3, 0x42, 0xF9,
+        0x11, 0x79, 0xCA, 0x82, 0x49, 0x52, 0x5C, 0xB1,
+        0x96, 0x8B, 0xBE, 0x52, 0xF7, 0x55, 0xB7, 0xF5,
+        0xB4, 0x3D, 0x66, 0x63, 0xD7, 0xA3, 0xBF, 0x0F,
+        0x33, 0x57, 0xD8, 0xA2, 0x1D, 0x15, 0xB5, 0x2D,
+        0xB3, 0x81, 0x8E, 0xCE, 0x5B, 0x40, 0x2A, 0x60,
+        0xC9, 0x93, 0xE7, 0xCF, 0x43, 0x64, 0x87, 0xB8,
+        0xD2, 0xAE, 0x91, 0xE6, 0xC5, 0xB8, 0x82, 0x75,
+        0xE7, 0x58, 0x24, 0xB0, 0x00, 0x7E, 0xF3, 0x12,
+        0x3C, 0x0A, 0xB5, 0x1B, 0x5C, 0xC6, 0x1B, 0x9B,
+        0x22, 0x38, 0x0D, 0xE6, 0x6C, 0x5B, 0x20, 0xB0,
+        0x60, 0xCB, 0xB9, 0x86, 0xF8, 0x12, 0x3D, 0x94,
+        0x06, 0x00, 0x49, 0xCD, 0xF8, 0x03, 0x68, 0x73,
+        0xA7, 0xBE, 0x10, 0x94, 0x44, 0xA0, 0xA1, 0xCD,
+        0x87, 0xA4, 0x8C, 0xAE, 0x54, 0x19, 0x24, 0x84,
+        0xAF, 0x84, 0x44, 0x29, 0xC1, 0xC5, 0x8C, 0x29,
+        0xAC, 0x62, 0x4C, 0xD5, 0x04, 0xF1, 0xC4, 0x4F,
+        0x1E, 0x13, 0x47, 0x82, 0x2B, 0x6F, 0x22, 0x13,
+        0x23, 0x85, 0x9A, 0x7F, 0x6F, 0x75, 0x4B, 0xFE,
+        0x71, 0x0B, 0xDA, 0x60, 0x27, 0x62, 0x40, 0xA4,
+        0xFF, 0x2A, 0x53, 0x50, 0x70, 0x37, 0x86, 0xF5,
+        0x67, 0x1F, 0x44, 0x9F, 0x20, 0xC2, 0xA9, 0x5A,
+        0xE7, 0xC2, 0x90, 0x3A, 0x42, 0xCB, 0x3B, 0x30,
+        0x3F, 0xF4, 0xC4, 0x27, 0xC0, 0x8B, 0x11, 0xB4,
+        0xCD, 0x31, 0xC4, 0x18, 0xC6, 0xD1, 0x8D, 0x08,
+        0x61, 0x87, 0x3B, 0xFA, 0x03, 0x32, 0xF1, 0x12,
+        0x71, 0x55, 0x2E, 0xD7, 0xC0, 0x35, 0xF0, 0xE4,
+        0xBC, 0x42, 0x8C, 0x43, 0x72, 0x0B, 0x39, 0xA6,
+        0x51, 0x66, 0xBA, 0x9C, 0x2D, 0x3D, 0x77, 0x0E,
+        0x13, 0x03, 0x60, 0xCC, 0x23, 0x84, 0xE8, 0x30,
+        0x95, 0xB1, 0xA1, 0x59, 0x49, 0x55, 0x33, 0xF1,
+        0x16, 0xC7, 0xB5, 0x58, 0xB6, 0x50, 0xDB, 0x04,
+        0xD5, 0xA2, 0x6E, 0xAA, 0xA0, 0x8C, 0x3E, 0xE5,
+        0x7D, 0xE4, 0x5A, 0x7F, 0x88, 0xC6, 0xA3, 0xCE,
+        0xB2, 0x4D, 0xC5, 0x39, 0x7B, 0x88, 0xC3, 0xCE,
+        0xF0, 0x03, 0x31, 0x9B, 0xB0, 0x23, 0x3F, 0xD6,
+        0x92, 0xFD, 0xA1, 0x52, 0x44, 0x75, 0xB3, 0x51,
+        0xF3, 0xC7, 0x82, 0x18, 0x2D, 0xEC, 0xF5, 0x90,
+        0xB7, 0x72, 0x3B, 0xE4, 0x00, 0xBE, 0x14, 0x80,
+        0x9C, 0x44, 0x32, 0x99, 0x63, 0xFC, 0x46, 0x95,
+        0x92, 0x11, 0xD6, 0xA6, 0x23, 0x33, 0x95, 0x37,
+        0x84, 0x8C, 0x25, 0x16, 0x69, 0x94, 0x1D, 0x90,
+        0xB1, 0x30, 0x25, 0x8A, 0xDF, 0x55, 0xA7, 0x20,
+        0xA7, 0x24, 0xE8, 0xB6, 0xA6, 0xCA, 0xE3, 0xC2,
+        0x26, 0x4B, 0x16, 0x24, 0xCC, 0xBE, 0x7B, 0x45,
+        0x6B, 0x30, 0xC8, 0xC7, 0x39, 0x32, 0x94, 0xCA,
+        0x51, 0x80, 0xBC, 0x83, 0x7D, 0xD2, 0xE4, 0x5D,
+        0xBD, 0x59, 0xB6, 0xE1, 0x7B, 0x24, 0xFE, 0x93,
+        0x05, 0x2E, 0xB7, 0xC4, 0x3B, 0x27, 0xAC, 0x3D,
+        0xC2, 0x49, 0xCA, 0x0C, 0xBC, 0xA4, 0xFB, 0x58,
+        0x97, 0xC0, 0xB7, 0x44, 0x08, 0x8A, 0x8A, 0x07,
+        0x79, 0xD3, 0x22, 0x33, 0x82, 0x6A, 0x01, 0xDD,
+        0x64, 0x89, 0x95, 0x2A, 0x48, 0x25, 0xE5, 0x35,
+        0x8A, 0x70, 0x0B, 0xE0, 0xE1, 0x79, 0xAC, 0x19,
+        0x77, 0x10, 0xD8, 0x3E, 0xCC, 0x85, 0x3E, 0x52,
+        0x69, 0x5E, 0x9B, 0xF8, 0x7B, 0xB1, 0xF6, 0xCB,
+        0xD0, 0x5B, 0x02, 0xD4, 0xE6, 0x79, 0xE3, 0xB8,
+        0x8D, 0xD4, 0x83, 0xB0, 0x74, 0x9B, 0x11, 0xBD,
+        0x37, 0xB3, 0x83, 0xDC, 0xCA, 0x71, 0xF9, 0x09,
+        0x18, 0x34, 0xA1, 0x69, 0x55, 0x02, 0xC4, 0xB9,
+        0x5F, 0xC9, 0x11, 0x8C, 0x1C, 0xFC, 0x34, 0xC8,
+        0x4C, 0x22, 0x65, 0xBB, 0xBC, 0x56, 0x3C, 0x28,
+        0x26, 0x66, 0xB6, 0x0A, 0xE5, 0xC7, 0xF3, 0x85,
+        0x1D, 0x25, 0xEC, 0xBB, 0x50, 0x21, 0xCC, 0x38,
+        0xCB, 0x73, 0xEB, 0x6A, 0x34, 0x11, 0xB1, 0xC2,
+        0x90, 0x46, 0xCA, 0x66, 0x54, 0x06, 0x67, 0xD1,
+        0x36, 0x95, 0x44, 0x60, 0xC6, 0xFC, 0xBC, 0x4B,
+        0xC7, 0xC0, 0x49, 0xBB, 0x04, 0x7F, 0xA6, 0x7A,
+        0x63, 0xB3, 0xCC, 0x11, 0x11, 0xC1, 0xD8, 0xAC,
+        0x27, 0xE8, 0x05, 0x8B, 0xCC, 0xA4, 0xA1, 0x54,
+        0x55, 0x85, 0x8A, 0x58, 0x35, 0x8F, 0x7A, 0x61,
+        0x02, 0x0B, 0xC9, 0xC4, 0xC1, 0x7F, 0x8B, 0x95,
+        0xC2, 0x68, 0xCC, 0xB4, 0x04, 0xB9, 0xAA, 0xB4,
+        0xA2, 0x72, 0xA2, 0x1A, 0x70, 0xDA, 0xF6, 0xB6,
+        0xF1, 0x51, 0x21, 0xEE, 0x01, 0xC1, 0x56, 0xA3,
+        0x54, 0xAA, 0x17, 0x08, 0x7E, 0x07, 0x70, 0x2E,
+        0xAB, 0x38, 0xB3, 0x24, 0x1F, 0xDB, 0x55, 0x3F,
+        0x65, 0x73, 0x39, 0xD5, 0xE2, 0x9D, 0xC5, 0xD9,
+        0x1B, 0x7A, 0x5A, 0x82, 0x8E, 0xE9, 0x59, 0xFE,
+        0xBB, 0x90, 0xB0, 0x72, 0x29, 0xF6, 0xE4, 0x9D,
+        0x23, 0xC3, 0xA1, 0x90, 0x29, 0x70, 0x42, 0xFB,
+        0x43, 0x98, 0x69, 0x55, 0xB6, 0x9C, 0x28, 0xE1,
+        0x01, 0x6F, 0x77, 0xA5, 0x8B, 0x43, 0x15, 0x14,
+        0xD2, 0x1B, 0x88, 0x88, 0x99, 0xC3, 0x60, 0x82,
+        0x76, 0x08, 0x1B, 0x75, 0xF5, 0x68, 0x09, 0x7C,
+        0xDC, 0x17, 0x48, 0xF3, 0x23, 0x07, 0x88, 0x58,
+        0x15, 0xF3, 0xAE, 0xC9, 0x65, 0x18, 0x19, 0xAA,
+        0x68, 0x73, 0xD1, 0xA4, 0xEB, 0x83, 0xB1, 0x95,
+        0x38, 0x43, 0xB9, 0x34, 0x22, 0x51, 0x94, 0x83,
+        0xFE, 0xF0, 0x05, 0x9D, 0x36, 0xBB, 0x2D, 0xB1,
+        0xF3, 0xD4, 0x68, 0xFB, 0x06, 0x8C, 0x86, 0xE8,
+        0x97, 0x37, 0x33, 0xC3, 0x98, 0xEA, 0xF0, 0x0E,
+        0x17, 0x02, 0xC6, 0x73, 0x4A, 0xD8, 0xEB, 0x3B
+    };
+    static const byte dk_512[WC_ML_KEM_512_PRIVATE_KEY_SIZE] = {
+        0x7F, 0xE4, 0x20, 0x6F, 0x26, 0xBE, 0xDB, 0x64,
+        0xC1, 0xED, 0x00, 0x09, 0x61, 0x52, 0x45, 0xDC,
+        0x98, 0x48, 0x3F, 0x66, 0x3A, 0xCC, 0x61, 0x7E,
+        0x65, 0x89, 0x8D, 0x59, 0x6A, 0x88, 0x36, 0xC4,
+        0x9F, 0xBD, 0x3B, 0x4A, 0x84, 0x97, 0x59, 0xAA,
+        0x15, 0x46, 0xBD, 0xA8, 0x35, 0xCA, 0xF1, 0x75,
+        0x64, 0x2C, 0x28, 0x28, 0x08, 0x92, 0xA7, 0x87,
+        0x8C, 0xC3, 0x18, 0xBC, 0xC7, 0x5B, 0x83, 0x4C,
+        0xB2, 0x9F, 0xDF, 0x53, 0x60, 0xD7, 0xF9, 0x82,
+        0xA5, 0x2C, 0x88, 0xAE, 0x91, 0x4D, 0xBF, 0x02,
+        0xB5, 0x8B, 0xEB, 0x8B, 0xA8, 0x87, 0xAE, 0x8F,
+        0xAB, 0x5E, 0xB7, 0x87, 0x31, 0xC6, 0x75, 0x78,
+        0x05, 0x47, 0x1E, 0xBC, 0xEC, 0x2E, 0x38, 0xDB,
+        0x1F, 0x4B, 0x83, 0x10, 0xD2, 0x88, 0x92, 0x0D,
+        0x8A, 0x49, 0x27, 0x95, 0xA3, 0x90, 0xA7, 0x4B,
+        0xCD, 0x55, 0xCD, 0x85, 0x57, 0xB4, 0xDA, 0xAB,
+        0xA8, 0x2C, 0x28, 0xCB, 0x3F, 0x15, 0x2C, 0x52,
+        0x31, 0x19, 0x61, 0x93, 0xA6, 0x6A, 0x8C, 0xCF,
+        0x34, 0xB8, 0x0E, 0x1F, 0x69, 0x42, 0xC3, 0x2B,
+        0xCF, 0xF9, 0x6A, 0x6E, 0x3C, 0xF3, 0x93, 0x9B,
+        0x7B, 0x94, 0x24, 0x98, 0xCC, 0x5E, 0x4C, 0xB8,
+        0xE8, 0x46, 0x8E, 0x70, 0x27, 0x59, 0x85, 0x2A,
+        0xA2, 0x29, 0xC0, 0x25, 0x7F, 0x02, 0x98, 0x20,
+        0x97, 0x33, 0x86, 0x07, 0xC0, 0xF0, 0xF4, 0x54,
+        0x46, 0xFA, 0xB4, 0x26, 0x79, 0x93, 0xB8, 0xA5,
+        0x90, 0x8C, 0xAB, 0x9C, 0x46, 0x78, 0x01, 0x34,
+        0x80, 0x4A, 0xE1, 0x88, 0x15, 0xB1, 0x02, 0x05,
+        0x27, 0xA2, 0x22, 0xEC, 0x4B, 0x39, 0xA3, 0x19,
+        0x4E, 0x66, 0x17, 0x37, 0x79, 0x17, 0x14, 0x12,
+        0x26, 0x62, 0xD8, 0xB9, 0x76, 0x9F, 0x6C, 0x67,
+        0xDE, 0x62, 0x5C, 0x0D, 0x48, 0x3C, 0x3D, 0x42,
+        0x0F, 0xF1, 0xBB, 0x88, 0x9A, 0x72, 0x7E, 0x75,
+        0x62, 0x81, 0x51, 0x3A, 0x70, 0x04, 0x76, 0x48,
+        0xD2, 0x9C, 0x0C, 0x30, 0xF9, 0xBE, 0x52, 0xEC,
+        0x0D, 0xEB, 0x97, 0x7C, 0xF0, 0xF3, 0x4F, 0xC2,
+        0x07, 0x84, 0x83, 0x45, 0x69, 0x64, 0x74, 0x34,
+        0x10, 0x63, 0x8C, 0x57, 0xB5, 0x53, 0x95, 0x77,
+        0xBF, 0x85, 0x66, 0x90, 0x78, 0xC3, 0x56, 0xB3,
+        0x46, 0x2E, 0x9F, 0xA5, 0x80, 0x7D, 0x49, 0x59,
+        0x1A, 0xFA, 0x41, 0xC1, 0x96, 0x9F, 0x65, 0xE3,
+        0x40, 0x5C, 0xB6, 0x4D, 0xDF, 0x16, 0x3F, 0x26,
+        0x73, 0x4C, 0xE3, 0x48, 0xB9, 0xCF, 0x45, 0x67,
+        0xA3, 0x3A, 0x59, 0x69, 0xEB, 0x32, 0x6C, 0xFB,
+        0x5A, 0xDC, 0x69, 0x5D, 0xCA, 0x0C, 0x8B, 0x2A,
+        0x7B, 0x1F, 0x4F, 0x40, 0x4C, 0xC7, 0xA0, 0x98,
+        0x1E, 0x2C, 0xC2, 0x4C, 0x1C, 0x23, 0xD1, 0x6A,
+        0xA9, 0xB4, 0x39, 0x24, 0x15, 0xE2, 0x6C, 0x22,
+        0xF4, 0xA9, 0x34, 0xD7, 0x94, 0xC1, 0xFB, 0x4E,
+        0x5A, 0x67, 0x05, 0x11, 0x23, 0xCC, 0xD1, 0x53,
+        0x76, 0x4D, 0xEC, 0x99, 0xD5, 0x53, 0x52, 0x90,
+        0x53, 0xC3, 0xDA, 0x55, 0x0B, 0xCE, 0xA3, 0xAC,
+        0x54, 0x13, 0x6A, 0x26, 0xA6, 0x76, 0xD2, 0xBA,
+        0x84, 0x21, 0x06, 0x70, 0x68, 0xC6, 0x38, 0x1C,
+        0x2A, 0x62, 0xA7, 0x27, 0xC9, 0x33, 0x70, 0x2E,
+        0xE5, 0x80, 0x4A, 0x31, 0xCA, 0x86, 0x5A, 0x45,
+        0x58, 0x8F, 0xB7, 0x4D, 0xE7, 0xE2, 0x22, 0x3D,
+        0x88, 0xC0, 0x60, 0x8A, 0x16, 0xBF, 0xEC, 0x4F,
+        0xAD, 0x67, 0x52, 0xDB, 0x56, 0xB4, 0x8B, 0x88,
+        0x72, 0xBF, 0x26, 0xBA, 0x2F, 0xFA, 0x0C, 0xED,
+        0xE5, 0x34, 0x3B, 0xE8, 0x14, 0x36, 0x89, 0x26,
+        0x5E, 0x06, 0x5F, 0x41, 0xA6, 0x92, 0x5B, 0x86,
+        0xC8, 0x92, 0xE6, 0x2E, 0xB0, 0x77, 0x27, 0x34,
+        0xF5, 0xA3, 0x57, 0xC7, 0x5C, 0xA1, 0xAC, 0x6D,
+        0xF7, 0x8A, 0xB1, 0xB8, 0x88, 0x5A, 0xD0, 0x81,
+        0x96, 0x15, 0x37, 0x6D, 0x33, 0xEB, 0xB9, 0x8F,
+        0x87, 0x33, 0xA6, 0x75, 0x58, 0x03, 0xD9, 0x77,
+        0xBF, 0x51, 0xC1, 0x27, 0x40, 0x42, 0x4B, 0x2B,
+        0x49, 0xC2, 0x83, 0x82, 0xA6, 0x91, 0x7C, 0xBF,
+        0xA0, 0x34, 0xC3, 0xF1, 0x26, 0xA3, 0x8C, 0x21,
+        0x6C, 0x03, 0xC3, 0x57, 0x70, 0xAD, 0x48, 0x1B,
+        0x90, 0x84, 0xB5, 0x58, 0x8D, 0xA6, 0x5F, 0xF1,
+        0x18, 0xA7, 0x4F, 0x93, 0x2C, 0x7E, 0x53, 0x7A,
+        0xBE, 0x58, 0x63, 0xFB, 0x29, 0xA1, 0x0C, 0x09,
+        0x70, 0x1B, 0x44, 0x1F, 0x83, 0x99, 0xC1, 0xF8,
+        0xA6, 0x37, 0x82, 0x5A, 0xCE, 0xA3, 0xE9, 0x31,
+        0x80, 0x57, 0x4F, 0xDE, 0xB8, 0x80, 0x76, 0x66,
+        0x1A, 0xB4, 0x69, 0x51, 0x71, 0x6A, 0x50, 0x01,
+        0x84, 0xA0, 0x40, 0x55, 0x72, 0x66, 0x59, 0x8C,
+        0xAF, 0x76, 0x10, 0x5E, 0x1C, 0x18, 0x70, 0xB4,
+        0x39, 0x69, 0xC3, 0xBC, 0xC1, 0xA0, 0x49, 0x27,
+        0x63, 0x80, 0x17, 0x49, 0x8B, 0xB6, 0x2C, 0xAF,
+        0xD3, 0xA6, 0xB0, 0x82, 0xB7, 0xBF, 0x7A, 0x23,
+        0x45, 0x0E, 0x19, 0x17, 0x99, 0x61, 0x9B, 0x92,
+        0x51, 0x12, 0xD0, 0x72, 0x02, 0x5C, 0xA8, 0x88,
+        0x54, 0x8C, 0x79, 0x1A, 0xA4, 0x22, 0x51, 0x50,
+        0x4D, 0x5D, 0x1C, 0x1C, 0xDD, 0xB2, 0x13, 0x30,
+        0x3B, 0x04, 0x9E, 0x73, 0x46, 0xE8, 0xD8, 0x3A,
+        0xD5, 0x87, 0x83, 0x6F, 0x35, 0x28, 0x4E, 0x10,
+        0x97, 0x27, 0xE6, 0x6B, 0xBC, 0xC9, 0x52, 0x1F,
+        0xE0, 0xB1, 0x91, 0x63, 0x00, 0x47, 0xD1, 0x58,
+        0xF7, 0x56, 0x40, 0xFF, 0xEB, 0x54, 0x56, 0x07,
+        0x27, 0x40, 0x02, 0x1A, 0xFD, 0x15, 0xA4, 0x54,
+        0x69, 0xC5, 0x83, 0x82, 0x9D, 0xAA, 0xC8, 0xA7,
+        0xDE, 0xB0, 0x5B, 0x24, 0xF0, 0x56, 0x7E, 0x43,
+        0x17, 0xB3, 0xE3, 0xB3, 0x33, 0x89, 0xB5, 0xC5,
+        0xF8, 0xB0, 0x4B, 0x09, 0x9F, 0xB4, 0xD1, 0x03,
+        0xA3, 0x24, 0x39, 0xF8, 0x5A, 0x3C, 0x21, 0xD2,
+        0x1A, 0x71, 0xB9, 0xB9, 0x2A, 0x9B, 0x64, 0xEA,
+        0x0A, 0xB8, 0x43, 0x12, 0xC7, 0x70, 0x23, 0x69,
+        0x4F, 0xD6, 0x4E, 0xAA, 0xB9, 0x07, 0xA4, 0x35,
+        0x39, 0xDD, 0xB2, 0x7B, 0xA0, 0xA8, 0x53, 0xCC,
+        0x90, 0x69, 0xEA, 0xC8, 0x50, 0x8C, 0x65, 0x3E,
+        0x60, 0x0B, 0x2A, 0xC0, 0x18, 0x38, 0x1B, 0x4B,
+        0xB4, 0xA8, 0x79, 0xAC, 0xDA, 0xD3, 0x42, 0xF9,
+        0x11, 0x79, 0xCA, 0x82, 0x49, 0x52, 0x5C, 0xB1,
+        0x96, 0x8B, 0xBE, 0x52, 0xF7, 0x55, 0xB7, 0xF5,
+        0xB4, 0x3D, 0x66, 0x63, 0xD7, 0xA3, 0xBF, 0x0F,
+        0x33, 0x57, 0xD8, 0xA2, 0x1D, 0x15, 0xB5, 0x2D,
+        0xB3, 0x81, 0x8E, 0xCE, 0x5B, 0x40, 0x2A, 0x60,
+        0xC9, 0x93, 0xE7, 0xCF, 0x43, 0x64, 0x87, 0xB8,
+        0xD2, 0xAE, 0x91, 0xE6, 0xC5, 0xB8, 0x82, 0x75,
+        0xE7, 0x58, 0x24, 0xB0, 0x00, 0x7E, 0xF3, 0x12,
+        0x3C, 0x0A, 0xB5, 0x1B, 0x5C, 0xC6, 0x1B, 0x9B,
+        0x22, 0x38, 0x0D, 0xE6, 0x6C, 0x5B, 0x20, 0xB0,
+        0x60, 0xCB, 0xB9, 0x86, 0xF8, 0x12, 0x3D, 0x94,
+        0x06, 0x00, 0x49, 0xCD, 0xF8, 0x03, 0x68, 0x73,
+        0xA7, 0xBE, 0x10, 0x94, 0x44, 0xA0, 0xA1, 0xCD,
+        0x87, 0xA4, 0x8C, 0xAE, 0x54, 0x19, 0x24, 0x84,
+        0xAF, 0x84, 0x44, 0x29, 0xC1, 0xC5, 0x8C, 0x29,
+        0xAC, 0x62, 0x4C, 0xD5, 0x04, 0xF1, 0xC4, 0x4F,
+        0x1E, 0x13, 0x47, 0x82, 0x2B, 0x6F, 0x22, 0x13,
+        0x23, 0x85, 0x9A, 0x7F, 0x6F, 0x75, 0x4B, 0xFE,
+        0x71, 0x0B, 0xDA, 0x60, 0x27, 0x62, 0x40, 0xA4,
+        0xFF, 0x2A, 0x53, 0x50, 0x70, 0x37, 0x86, 0xF5,
+        0x67, 0x1F, 0x44, 0x9F, 0x20, 0xC2, 0xA9, 0x5A,
+        0xE7, 0xC2, 0x90, 0x3A, 0x42, 0xCB, 0x3B, 0x30,
+        0x3F, 0xF4, 0xC4, 0x27, 0xC0, 0x8B, 0x11, 0xB4,
+        0xCD, 0x31, 0xC4, 0x18, 0xC6, 0xD1, 0x8D, 0x08,
+        0x61, 0x87, 0x3B, 0xFA, 0x03, 0x32, 0xF1, 0x12,
+        0x71, 0x55, 0x2E, 0xD7, 0xC0, 0x35, 0xF0, 0xE4,
+        0xBC, 0x42, 0x8C, 0x43, 0x72, 0x0B, 0x39, 0xA6,
+        0x51, 0x66, 0xBA, 0x9C, 0x2D, 0x3D, 0x77, 0x0E,
+        0x13, 0x03, 0x60, 0xCC, 0x23, 0x84, 0xE8, 0x30,
+        0x95, 0xB1, 0xA1, 0x59, 0x49, 0x55, 0x33, 0xF1,
+        0x16, 0xC7, 0xB5, 0x58, 0xB6, 0x50, 0xDB, 0x04,
+        0xD5, 0xA2, 0x6E, 0xAA, 0xA0, 0x8C, 0x3E, 0xE5,
+        0x7D, 0xE4, 0x5A, 0x7F, 0x88, 0xC6, 0xA3, 0xCE,
+        0xB2, 0x4D, 0xC5, 0x39, 0x7B, 0x88, 0xC3, 0xCE,
+        0xF0, 0x03, 0x31, 0x9B, 0xB0, 0x23, 0x3F, 0xD6,
+        0x92, 0xFD, 0xA1, 0x52, 0x44, 0x75, 0xB3, 0x51,
+        0xF3, 0xC7, 0x82, 0x18, 0x2D, 0xEC, 0xF5, 0x90,
+        0xB7, 0x72, 0x3B, 0xE4, 0x00, 0xBE, 0x14, 0x80,
+        0x9C, 0x44, 0x32, 0x99, 0x63, 0xFC, 0x46, 0x95,
+        0x92, 0x11, 0xD6, 0xA6, 0x23, 0x33, 0x95, 0x37,
+        0x84, 0x8C, 0x25, 0x16, 0x69, 0x94, 0x1D, 0x90,
+        0xB1, 0x30, 0x25, 0x8A, 0xDF, 0x55, 0xA7, 0x20,
+        0xA7, 0x24, 0xE8, 0xB6, 0xA6, 0xCA, 0xE3, 0xC2,
+        0x26, 0x4B, 0x16, 0x24, 0xCC, 0xBE, 0x7B, 0x45,
+        0x6B, 0x30, 0xC8, 0xC7, 0x39, 0x32, 0x94, 0xCA,
+        0x51, 0x80, 0xBC, 0x83, 0x7D, 0xD2, 0xE4, 0x5D,
+        0xBD, 0x59, 0xB6, 0xE1, 0x7B, 0x24, 0xFE, 0x93,
+        0x05, 0x2E, 0xB7, 0xC4, 0x3B, 0x27, 0xAC, 0x3D,
+        0xC2, 0x49, 0xCA, 0x0C, 0xBC, 0xA4, 0xFB, 0x58,
+        0x97, 0xC0, 0xB7, 0x44, 0x08, 0x8A, 0x8A, 0x07,
+        0x79, 0xD3, 0x22, 0x33, 0x82, 0x6A, 0x01, 0xDD,
+        0x64, 0x89, 0x95, 0x2A, 0x48, 0x25, 0xE5, 0x35,
+        0x8A, 0x70, 0x0B, 0xE0, 0xE1, 0x79, 0xAC, 0x19,
+        0x77, 0x10, 0xD8, 0x3E, 0xCC, 0x85, 0x3E, 0x52,
+        0x69, 0x5E, 0x9B, 0xF8, 0x7B, 0xB1, 0xF6, 0xCB,
+        0xD0, 0x5B, 0x02, 0xD4, 0xE6, 0x79, 0xE3, 0xB8,
+        0x8D, 0xD4, 0x83, 0xB0, 0x74, 0x9B, 0x11, 0xBD,
+        0x37, 0xB3, 0x83, 0xDC, 0xCA, 0x71, 0xF9, 0x09,
+        0x18, 0x34, 0xA1, 0x69, 0x55, 0x02, 0xC4, 0xB9,
+        0x5F, 0xC9, 0x11, 0x8C, 0x1C, 0xFC, 0x34, 0xC8,
+        0x4C, 0x22, 0x65, 0xBB, 0xBC, 0x56, 0x3C, 0x28,
+        0x26, 0x66, 0xB6, 0x0A, 0xE5, 0xC7, 0xF3, 0x85,
+        0x1D, 0x25, 0xEC, 0xBB, 0x50, 0x21, 0xCC, 0x38,
+        0xCB, 0x73, 0xEB, 0x6A, 0x34, 0x11, 0xB1, 0xC2,
+        0x90, 0x46, 0xCA, 0x66, 0x54, 0x06, 0x67, 0xD1,
+        0x36, 0x95, 0x44, 0x60, 0xC6, 0xFC, 0xBC, 0x4B,
+        0xC7, 0xC0, 0x49, 0xBB, 0x04, 0x7F, 0xA6, 0x7A,
+        0x63, 0xB3, 0xCC, 0x11, 0x11, 0xC1, 0xD8, 0xAC,
+        0x27, 0xE8, 0x05, 0x8B, 0xCC, 0xA4, 0xA1, 0x54,
+        0x55, 0x85, 0x8A, 0x58, 0x35, 0x8F, 0x7A, 0x61,
+        0x02, 0x0B, 0xC9, 0xC4, 0xC1, 0x7F, 0x8B, 0x95,
+        0xC2, 0x68, 0xCC, 0xB4, 0x04, 0xB9, 0xAA, 0xB4,
+        0xA2, 0x72, 0xA2, 0x1A, 0x70, 0xDA, 0xF6, 0xB6,
+        0xF1, 0x51, 0x21, 0xEE, 0x01, 0xC1, 0x56, 0xA3,
+        0x54, 0xAA, 0x17, 0x08, 0x7E, 0x07, 0x70, 0x2E,
+        0xAB, 0x38, 0xB3, 0x24, 0x1F, 0xDB, 0x55, 0x3F,
+        0x65, 0x73, 0x39, 0xD5, 0xE2, 0x9D, 0xC5, 0xD9,
+        0x1B, 0x7A, 0x5A, 0x82, 0x8E, 0xE9, 0x59, 0xFE,
+        0xBB, 0x90, 0xB0, 0x72, 0x29, 0xF6, 0xE4, 0x9D,
+        0x23, 0xC3, 0xA1, 0x90, 0x29, 0x70, 0x42, 0xFB,
+        0x43, 0x98, 0x69, 0x55, 0xB6, 0x9C, 0x28, 0xE1,
+        0x01, 0x6F, 0x77, 0xA5, 0x8B, 0x43, 0x15, 0x14,
+        0xD2, 0x1B, 0x88, 0x88, 0x99, 0xC3, 0x60, 0x82,
+        0x76, 0x08, 0x1B, 0x75, 0xF5, 0x68, 0x09, 0x7C,
+        0xDC, 0x17, 0x48, 0xF3, 0x23, 0x07, 0x88, 0x58,
+        0x15, 0xF3, 0xAE, 0xC9, 0x65, 0x18, 0x19, 0xAA,
+        0x68, 0x73, 0xD1, 0xA4, 0xEB, 0x83, 0xB1, 0x95,
+        0x38, 0x43, 0xB9, 0x34, 0x22, 0x51, 0x94, 0x83,
+        0xFE, 0xF0, 0x05, 0x9D, 0x36, 0xBB, 0x2D, 0xB1,
+        0xF3, 0xD4, 0x68, 0xFB, 0x06, 0x8C, 0x86, 0xE8,
+        0x97, 0x37, 0x33, 0xC3, 0x98, 0xEA, 0xF0, 0x0E,
+        0x17, 0x02, 0xC6, 0x73, 0x4A, 0xD8, 0xEB, 0x3B,
+        0x62, 0x01, 0x30, 0xD6, 0xC2, 0xB8, 0xC9, 0x04,
+        0xA3, 0xBB, 0x93, 0x07, 0xBE, 0x51, 0x03, 0xF8,
+        0xD8, 0x14, 0x50, 0x5F, 0xB6, 0xA6, 0x0A, 0xF7,
+        0x93, 0x7E, 0xA6, 0xCA, 0xA1, 0x17, 0x31, 0x5E,
+        0x84, 0xCC, 0x91, 0x21, 0xAE, 0x56, 0xFB, 0xF3,
+        0x9E, 0x67, 0xAD, 0xBD, 0x83, 0xAD, 0x2D, 0x3E,
+        0x3B, 0xB8, 0x08, 0x43, 0x64, 0x52, 0x06, 0xBD,
+        0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    static const byte seed_768[WC_ML_KEM_MAKEKEY_RAND_SZ] = {
+        /* d */
+        0xE3, 0x4A, 0x70, 0x1C, 0x4C, 0x87, 0x58, 0x2F,
+        0x42, 0x26, 0x4E, 0xE4, 0x22, 0xD3, 0xC6, 0x84,
+        0xD9, 0x76, 0x11, 0xF2, 0x52, 0x3E, 0xFE, 0x0C,
+        0x99, 0x8A, 0xF0, 0x50, 0x56, 0xD6, 0x93, 0xDC,
+        /* z */
+        0xA8, 0x57, 0x68, 0xF3, 0x48, 0x6B, 0xD3, 0x2A,
+        0x01, 0xBF, 0x9A, 0x8F, 0x21, 0xEA, 0x93, 0x8E,
+        0x64, 0x8E, 0xAE, 0x4E, 0x54, 0x48, 0xC3, 0x4C,
+        0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD
+    };
+    static const byte ek_768[WC_ML_KEM_768_PUBLIC_KEY_SIZE] = {
+        0x6D, 0x14, 0xA0, 0x71, 0xF7, 0xCC, 0x45, 0x25,
+        0x58, 0xD5, 0xE7, 0x1A, 0x7B, 0x08, 0x70, 0x62,
+        0xEC, 0xB1, 0x38, 0x68, 0x44, 0x58, 0x82, 0x46,
+        0x12, 0x64, 0x02, 0xB1, 0xFA, 0x16, 0x37, 0x73,
+        0x3C, 0xD5, 0xF6, 0x0C, 0xC8, 0x4B, 0xCB, 0x64,
+        0x6A, 0x78, 0x92, 0x61, 0x4D, 0x7C, 0x51, 0xB1,
+        0xC7, 0xF1, 0xA2, 0x79, 0x91, 0x32, 0xF1, 0x34,
+        0x27, 0xDC, 0x48, 0x21, 0x58, 0xDA, 0x25, 0x44,
+        0x70, 0xA5, 0x9E, 0x00, 0xA4, 0xE4, 0x96, 0x86,
+        0xFD, 0xC0, 0x77, 0x55, 0x93, 0x67, 0x27, 0x0C,
+        0x21, 0x53, 0xF1, 0x10, 0x07, 0x59, 0x2C, 0x9C,
+        0x43, 0x10, 0xCF, 0x8A, 0x12, 0xC6, 0xA8, 0x71,
+        0x3B, 0xD6, 0xBB, 0x51, 0xF3, 0x12, 0x4F, 0x98,
+        0x9B, 0xA0, 0xD5, 0x40, 0x73, 0xCC, 0x24, 0x2E,
+        0x09, 0x68, 0x78, 0x0B, 0x87, 0x5A, 0x86, 0x9E,
+        0xFB, 0x85, 0x15, 0x86, 0xB9, 0xA8, 0x68, 0xA3,
+        0x84, 0xB9, 0xE6, 0x82, 0x1B, 0x20, 0x1B, 0x93,
+        0x2C, 0x45, 0x53, 0x69, 0xA7, 0x39, 0xEC, 0x22,
+        0x56, 0x9C, 0x97, 0x7C, 0x21, 0x2B, 0x38, 0x18,
+        0x71, 0x81, 0x36, 0x56, 0xAF, 0x5B, 0x56, 0x7E,
+        0xF8, 0x93, 0xB5, 0x84, 0x62, 0x4C, 0x86, 0x3A,
+        0x25, 0x90, 0x00, 0xF1, 0x7B, 0x25, 0x4B, 0x98,
+        0xB1, 0x85, 0x09, 0x7C, 0x50, 0xEB, 0xB6, 0x8B,
+        0x24, 0x43, 0x42, 0xE0, 0x5D, 0x4D, 0xE5, 0x20,
+        0x12, 0x5B, 0x8E, 0x10, 0x33, 0xB1, 0x43, 0x60,
+        0x93, 0xAC, 0xE7, 0xCE, 0x8E, 0x71, 0xB4, 0x58,
+        0xD5, 0x25, 0x67, 0x33, 0x63, 0x04, 0x5A, 0x3B,
+        0x3E, 0xEA, 0x94, 0x55, 0x42, 0x8A, 0x39, 0x87,
+        0x05, 0xA4, 0x23, 0x27, 0xAD, 0xB3, 0x77, 0x4B,
+        0x70, 0x57, 0xF4, 0x2B, 0x01, 0x7E, 0xC0, 0x73,
+        0x9A, 0x98, 0x3F, 0x19, 0xE8, 0x21, 0x4D, 0x09,
+        0x19, 0x5F, 0xA2, 0x4D, 0x2D, 0x57, 0x1D, 0xB7,
+        0x3C, 0x19, 0xA6, 0xF8, 0x46, 0x0E, 0x50, 0x83,
+        0x0D, 0x41, 0x5F, 0x62, 0x7B, 0x88, 0xE9, 0x4A,
+        0x7B, 0x15, 0x37, 0x91, 0xA0, 0xC0, 0xC7, 0xE9,
+        0x48, 0x4C, 0x74, 0xD5, 0x3C, 0x71, 0x48, 0x89,
+        0xF0, 0xE3, 0x21, 0xB6, 0x66, 0x0A, 0x53, 0x2A,
+        0x5B, 0xC0, 0xE5, 0x57, 0xFB, 0xCA, 0x35, 0xE2,
+        0x9B, 0xC6, 0x11, 0x20, 0x0E, 0xD3, 0xC6, 0x33,
+        0x07, 0x7A, 0x4D, 0x87, 0x3C, 0x5C, 0xC6, 0x70,
+        0x06, 0xB7, 0x53, 0xBF, 0x6D, 0x6B, 0x7A, 0xF6,
+        0xCA, 0x40, 0x2A, 0xB6, 0x18, 0x23, 0x6C, 0x0A,
+        0xFF, 0xBC, 0x80, 0x1F, 0x82, 0x22, 0xFB, 0xC3,
+        0x6C, 0xE0, 0x98, 0x4E, 0x2B, 0x18, 0xC9, 0x44,
+        0xBB, 0xCB, 0xEF, 0x03, 0xB1, 0xE1, 0x36, 0x1C,
+        0x1F, 0x44, 0xB0, 0xD7, 0x34, 0xAF, 0xB1, 0x56,
+        0x6C, 0xFF, 0x87, 0x44, 0xDA, 0x8B, 0x99, 0x43,
+        0xD6, 0xB4, 0x5A, 0x3C, 0x09, 0x03, 0x07, 0x02,
+        0xCA, 0x20, 0x1F, 0xFE, 0x20, 0xCB, 0x7E, 0xC5,
+        0xB0, 0xD4, 0x14, 0x9E, 0xE2, 0xC2, 0x8E, 0x8B,
+        0x23, 0x37, 0x4F, 0x47, 0x1B, 0x57, 0x15, 0x0D,
+        0x0E, 0xC9, 0x33, 0x62, 0x61, 0xA2, 0xD5, 0xCB,
+        0x84, 0xA3, 0xAC, 0xAC, 0xC4, 0x28, 0x94, 0x73,
+        0xA4, 0xC0, 0xAB, 0xC6, 0x17, 0xC9, 0xAB, 0xC1,
+        0x78, 0x73, 0x44, 0x34, 0xC8, 0x2E, 0x16, 0x85,
+        0x58, 0x8A, 0x5C, 0x2E, 0xA2, 0x67, 0x8F, 0x6B,
+        0x3C, 0x22, 0x28, 0x73, 0x31, 0x30, 0xC4, 0x66,
+        0xE5, 0xB8, 0x6E, 0xF4, 0x91, 0x15, 0x3E, 0x48,
+        0x66, 0x22, 0x47, 0xB8, 0x75, 0xD2, 0x01, 0x02,
+        0x0B, 0x56, 0x6B, 0x81, 0xB6, 0x4D, 0x83, 0x9A,
+        0xB4, 0x63, 0x3B, 0xAA, 0x8A, 0xCE, 0x20, 0x2B,
+        0xAA, 0xB4, 0x49, 0x62, 0x97, 0xF9, 0x80, 0x7A,
+        0xDB, 0xBB, 0x1E, 0x33, 0x2C, 0x6F, 0x80, 0x22,
+        0xB2, 0xA1, 0x8C, 0xFD, 0xD4, 0xA8, 0x25, 0x30,
+        0xB6, 0xD3, 0xF0, 0x07, 0xC3, 0x35, 0x38, 0x98,
+        0xD9, 0x66, 0xCC, 0x2C, 0x21, 0xCB, 0x42, 0x44,
+        0xBD, 0x00, 0x44, 0x3F, 0x20, 0x98, 0x70, 0xAC,
+        0xC4, 0x2B, 0xC3, 0x30, 0x68, 0xC7, 0x24, 0xEC,
+        0x17, 0x22, 0x36, 0x19, 0xC1, 0x09, 0x3C, 0xCA,
+        0x6A, 0xEB, 0x29, 0x50, 0x06, 0x64, 0xD1, 0x22,
+        0x50, 0x36, 0xB4, 0xB8, 0x10, 0x91, 0x90, 0x69,
+        0x69, 0x48, 0x1F, 0x1C, 0x72, 0x3C, 0x14, 0x0B,
+        0x9D, 0x6C, 0x16, 0x8F, 0x5B, 0x64, 0xBE, 0xA6,
+        0x9C, 0x5F, 0xD6, 0x38, 0x5D, 0xF7, 0x36, 0x4B,
+        0x87, 0x23, 0xBC, 0xC8, 0x5E, 0x03, 0x8C, 0x7E,
+        0x46, 0x4A, 0x90, 0x0D, 0x68, 0xA2, 0x12, 0x78,
+        0x18, 0x99, 0x42, 0x17, 0xAE, 0xC8, 0xBD, 0xB3,
+        0x9A, 0x97, 0x0A, 0x99, 0x63, 0xDE, 0x93, 0x68,
+        0x8E, 0x2A, 0xC8, 0x2A, 0xBC, 0xC2, 0x2F, 0xB9,
+        0x27, 0x7B, 0xA2, 0x20, 0x09, 0xE8, 0x78, 0x38,
+        0x1A, 0x38, 0x16, 0x39, 0x01, 0xC7, 0xD4, 0xC8,
+        0x50, 0x19, 0x53, 0x8D, 0x35, 0xCA, 0xAE, 0x9C,
+        0x41, 0xAF, 0x8C, 0x92, 0x9E, 0xE2, 0x0B, 0xB0,
+        0x8C, 0xA6, 0x19, 0xE7, 0x2C, 0x2F, 0x22, 0x62,
+        0xC1, 0xC9, 0x93, 0x85, 0x72, 0x55, 0x1A, 0xC0,
+        0x2D, 0xC9, 0x26, 0x8F, 0xBC, 0xC3, 0x5D, 0x79,
+        0x01, 0x1C, 0x3C, 0x09, 0x0A, 0xD4, 0x0A, 0x4F,
+        0x11, 0x1C, 0x9B, 0xE5, 0x5C, 0x42, 0x7E, 0xB7,
+        0x96, 0xC1, 0x93, 0x2D, 0x86, 0x73, 0x57, 0x9A,
+        0xF1, 0xB4, 0xC6, 0x38, 0xB0, 0x94, 0x44, 0x89,
+        0x01, 0x2A, 0x25, 0x59, 0xA3, 0xB0, 0x24, 0x81,
+        0xB0, 0x1A, 0xC3, 0x0B, 0xA8, 0x96, 0x0F, 0x80,
+        0xC0, 0xC2, 0xB3, 0x94, 0x7D, 0x36, 0xA1, 0x2C,
+        0x08, 0x04, 0x98, 0xBE, 0xE4, 0x48, 0x71, 0x6C,
+        0x97, 0x34, 0x16, 0xC8, 0x24, 0x28, 0x04, 0xA3,
+        0xDA, 0x09, 0x9E, 0xE1, 0x37, 0xB0, 0xBA, 0x90,
+        0xFE, 0x4A, 0x5C, 0x6A, 0x89, 0x20, 0x02, 0x76,
+        0xA0, 0xCF, 0xB6, 0x43, 0xEC, 0x2C, 0x56, 0xA2,
+        0xD7, 0x08, 0xD7, 0xB4, 0x37, 0x3E, 0x44, 0xC1,
+        0x50, 0x2A, 0x76, 0x3A, 0x60, 0x05, 0x86, 0xE6,
+        0xCD, 0xA6, 0x27, 0x38, 0x97, 0xD4, 0x44, 0x48,
+        0x28, 0x7D, 0xC2, 0xE6, 0x02, 0xDC, 0x39, 0x20,
+        0x0B, 0xF6, 0x16, 0x62, 0x36, 0x55, 0x9F, 0xD1,
+        0x2A, 0x60, 0x89, 0x2A, 0xEB, 0x15, 0x3D, 0xD6,
+        0x51, 0xBB, 0x46, 0x99, 0x10, 0xB4, 0xB3, 0x46,
+        0x69, 0xF9, 0x1D, 0xA8, 0x65, 0x4D, 0x1E, 0xB7,
+        0x2E, 0xB6, 0xE0, 0x28, 0x00, 0xB3, 0xB0, 0xA7,
+        0xD0, 0xA4, 0x8C, 0x83, 0x68, 0x54, 0xD3, 0xA8,
+        0x3E, 0x65, 0x56, 0x9C, 0xB7, 0x23, 0x0B, 0xB4,
+        0x4F, 0x3F, 0x14, 0x3A, 0x6D, 0xEC, 0x5F, 0x2C,
+        0x39, 0xAB, 0x90, 0xF2, 0x74, 0xF2, 0x08, 0x8B,
+        0xD3, 0xD6, 0xA6, 0xFC, 0xA0, 0x07, 0x02, 0x73,
+        0xBE, 0xDC, 0x84, 0x77, 0x7F, 0xB5, 0x2E, 0x3C,
+        0x55, 0x8B, 0x0A, 0xE0, 0x61, 0x83, 0xD5, 0xA4,
+        0x8D, 0x45, 0x2F, 0x68, 0xE1, 0x52, 0x07, 0xF8,
+        0x61, 0x62, 0x7A, 0xCA, 0x14, 0x27, 0x96, 0x30,
+        0xF8, 0x2E, 0xC3, 0xA0, 0xCA, 0x07, 0x86, 0x33,
+        0xB6, 0x00, 0xAF, 0xA7, 0x97, 0x43, 0xA6, 0x00,
+        0x21, 0x5B, 0xE5, 0x63, 0x74, 0x58, 0xCE, 0x2C,
+        0xE8, 0xAF, 0xF5, 0xA0, 0x8E, 0xB5, 0x01, 0x7B,
+        0x2C, 0x76, 0x65, 0x77, 0x47, 0x9F, 0x8D, 0xC6,
+        0xBF, 0x9F, 0x5C, 0xC7, 0x50, 0x89, 0x93, 0x21,
+        0x61, 0xB9, 0x6C, 0xEA, 0x40, 0x66, 0x20, 0xAE,
+        0xDB, 0x63, 0x04, 0x07, 0xF7, 0x68, 0x7E, 0xBB,
+        0xB4, 0x81, 0x4C, 0x79, 0x81, 0x63, 0x7A, 0x48,
+        0xA9, 0x0D, 0xE6, 0x80, 0x31, 0xE0, 0x62, 0xA7,
+        0xAF, 0x76, 0x12, 0xB4, 0xF5, 0xC7, 0xA6, 0xDA,
+        0x86, 0xBD, 0x13, 0x65, 0x29, 0xE6, 0x42, 0x95,
+        0xA5, 0x61, 0x3E, 0xA7, 0x3B, 0xD3, 0xD4, 0x44,
+        0x8C, 0xB8, 0x1F, 0x24, 0x31, 0x35, 0xC0, 0xA6,
+        0x60, 0xBE, 0xB9, 0xC1, 0x7E, 0x65, 0x1D, 0xEF,
+        0x46, 0x9A, 0x7D, 0x90, 0xA1, 0x5D, 0x34, 0x81,
+        0x09, 0x0B, 0xCB, 0xF2, 0x27, 0x01, 0x23, 0x28,
+        0x94, 0x1F, 0xA4, 0x6F, 0x39, 0xC5, 0x00, 0x6A,
+        0xD9, 0x3D, 0x45, 0x8A, 0xA6, 0xAD, 0xD6, 0x55,
+        0x86, 0x2B, 0x41, 0x8C, 0x30, 0x94, 0xF5, 0x51,
+        0x46, 0x0D, 0xF2, 0x15, 0x3A, 0x58, 0x10, 0xA7,
+        0xDA, 0x74, 0xF0, 0x61, 0x4C, 0x25, 0x88, 0xBE,
+        0x49, 0xDC, 0x6F, 0x5E, 0x88, 0x15, 0x46, 0x42,
+        0xBD, 0x1D, 0x37, 0x62, 0x56, 0x33, 0x26, 0x43,
+        0x35, 0x07, 0x15, 0x6A, 0x57, 0xC5, 0x76, 0x94,
+        0xBD, 0xD2, 0x6E, 0x7A, 0x24, 0x6F, 0xEB, 0x72,
+        0x3A, 0xED, 0x67, 0xB0, 0x48, 0x87, 0xC8, 0xE4,
+        0x76, 0xB4, 0x8C, 0xAB, 0x59, 0xE5, 0x36, 0x2F,
+        0x26, 0xA9, 0xEF, 0x50, 0xC2, 0xBC, 0x80, 0xBA,
+        0x14, 0x62, 0x26, 0x21, 0x6F, 0xE6, 0x29, 0x68,
+        0xA6, 0x0D, 0x04, 0xE8, 0xC1, 0x70, 0xD7, 0x41,
+        0xC7, 0xA2, 0xB0, 0xE1, 0xAB, 0xDA, 0xC9, 0x68
+    };
+    static const byte dk_768[WC_ML_KEM_768_PRIVATE_KEY_SIZE] = {
+        0x98, 0xA1, 0xB2, 0xDA, 0x4A, 0x65, 0xCF, 0xB5,
+        0x84, 0x5E, 0xA7, 0x31, 0x1E, 0x6A, 0x06, 0xDB,
+        0x73, 0x1F, 0x15, 0x90, 0xC4, 0x1E, 0xE7, 0x4B,
+        0xA1, 0x07, 0x82, 0x71, 0x5B, 0x35, 0xA3, 0x10,
+        0x2D, 0xF6, 0x37, 0x87, 0x2B, 0xE6, 0x5B, 0xAB,
+        0x37, 0xA1, 0xDE, 0x25, 0x11, 0xD7, 0x03, 0xC7,
+        0x02, 0x47, 0xB3, 0x5E, 0xF2, 0x74, 0x35, 0x48,
+        0x50, 0x24, 0xD9, 0x3F, 0xD9, 0xE7, 0x7C, 0x43,
+        0x80, 0x4F, 0x37, 0x17, 0x49, 0xBA, 0x00, 0xB2,
+        0x0A, 0x8C, 0x5C, 0x58, 0x8B, 0xC9, 0xAB, 0xE0,
+        0x68, 0xAE, 0xAA, 0xA9, 0x38, 0x51, 0x7E, 0xBF,
+        0xE5, 0x3B, 0x6B, 0x66, 0x32, 0x82, 0x90, 0x3D,
+        0xCD, 0x18, 0x97, 0x36, 0xD7, 0x29, 0x68, 0x16,
+        0xC7, 0x33, 0xA1, 0xC7, 0x7C, 0x63, 0x75, 0xE5,
+        0x39, 0x7C, 0x0F, 0x18, 0x9B, 0xBF, 0xE4, 0x76,
+        0x43, 0xA6, 0x1F, 0x58, 0xF8, 0xA3, 0xC6, 0x91,
+        0x1B, 0xE4, 0x61, 0x1A, 0x8C, 0x7B, 0xC0, 0x50,
+        0x02, 0x11, 0x63, 0xD0, 0xA4, 0x04, 0xDC, 0x14,
+        0x06, 0x57, 0x48, 0xFF, 0x29, 0xBE, 0x60, 0xD2,
+        0xB9, 0xFD, 0xCC, 0x8F, 0xFD, 0x98, 0xC5, 0x87,
+        0xF3, 0x8C, 0x67, 0x11, 0x57, 0x86, 0x46, 0x4B,
+        0xDB, 0x34, 0x2B, 0x17, 0xE8, 0x97, 0xD6, 0x46,
+        0x17, 0xCB, 0xFB, 0x11, 0x79, 0x73, 0xA5, 0x45,
+        0x89, 0x77, 0xA7, 0xD7, 0x61, 0x7A, 0x1B, 0x4D,
+        0x83, 0xBA, 0x03, 0xC6, 0x11, 0x13, 0x8A, 0x46,
+        0x73, 0xB1, 0xEB, 0x34, 0xB0, 0x78, 0x03, 0x3F,
+        0x97, 0xCF, 0xFE, 0x80, 0xC1, 0x46, 0xA2, 0x69,
+        0x43, 0xF8, 0x42, 0xB9, 0x76, 0x32, 0x7B, 0xF1,
+        0xCB, 0xC6, 0x01, 0x19, 0x52, 0x5B, 0xB9, 0xA3,
+        0xC0, 0x34, 0x93, 0x34, 0x90, 0x00, 0xDD, 0x8F,
+        0x51, 0xBA, 0x21, 0xA2, 0xE9, 0x23, 0x61, 0x76,
+        0x23, 0x24, 0x60, 0x0E, 0x0C, 0x13, 0xAA, 0xA6,
+        0xCB, 0x69, 0xBF, 0xB2, 0x42, 0x76, 0x48, 0x3F,
+        0x6B, 0x02, 0x42, 0x12, 0x59, 0xB7, 0x58, 0x52,
+        0x63, 0xC1, 0xA0, 0x28, 0xD6, 0x82, 0xC5, 0x08,
+        0xBB, 0xC2, 0x80, 0x1A, 0x56, 0xE9, 0x8B, 0x8F,
+        0x62, 0x0B, 0x04, 0x83, 0xD7, 0x9B, 0x5A, 0xD8,
+        0x58, 0x5A, 0xC0, 0xA4, 0x75, 0xBA, 0xC7, 0x78,
+        0x65, 0x19, 0x41, 0x96, 0x33, 0x87, 0x91, 0xB7,
+        0x98, 0x5A, 0x05, 0xD1, 0x09, 0x39, 0x5C, 0xCA,
+        0x89, 0x32, 0x72, 0x2A, 0x91, 0x95, 0x0D, 0x37,
+        0xE1, 0x2B, 0x89, 0x14, 0x20, 0xA5, 0x2B, 0x62,
+        0xCB, 0xFA, 0x81, 0x5D, 0xF6, 0x17, 0x4C, 0xE0,
+        0x0E, 0x68, 0xBC, 0xA7, 0x5D, 0x48, 0x38, 0xCA,
+        0x28, 0x0F, 0x71, 0x3C, 0x7E, 0x69, 0x24, 0xAF,
+        0xD9, 0x5B, 0xAA, 0x0D, 0x01, 0xAD, 0xA6, 0x37,
+        0xB1, 0x58, 0x34, 0x70, 0x34, 0xC0, 0xAB, 0x1A,
+        0x71, 0x83, 0x33, 0x1A, 0x82, 0x0A, 0xCB, 0xCB,
+        0x83, 0x19, 0x3A, 0x1A, 0x94, 0xC8, 0xF7, 0xE3,
+        0x84, 0xAE, 0xD0, 0xC3, 0x5E, 0xD3, 0xCB, 0x33,
+        0x97, 0xBB, 0x63, 0x80, 0x86, 0xE7, 0xA3, 0x5A,
+        0x64, 0x08, 0xA3, 0xA4, 0xB9, 0x0C, 0xE9, 0x53,
+        0x70, 0x7C, 0x19, 0xBC, 0x46, 0xC3, 0xB2, 0xDA,
+        0x3B, 0x2E, 0xE3, 0x23, 0x19, 0xC5, 0x6B, 0x92,
+        0x80, 0x32, 0xB5, 0xED, 0x12, 0x56, 0xD0, 0x75,
+        0x3D, 0x34, 0x14, 0x23, 0xE9, 0xDB, 0x13, 0x9D,
+        0xE7, 0x71, 0x4F, 0xF0, 0x75, 0xCA, 0xF5, 0x8F,
+        0xD9, 0xF5, 0x7D, 0x1A, 0x54, 0x01, 0x9B, 0x59,
+        0x26, 0x40, 0x68, 0x30, 0xDA, 0xE2, 0x9A, 0x87,
+        0x53, 0x02, 0xA8, 0x12, 0x56, 0xF4, 0xD6, 0xCF,
+        0x5E, 0x74, 0x03, 0x4E, 0xA6, 0x14, 0xBF, 0x70,
+        0xC2, 0x76, 0x4B, 0x20, 0xC9, 0x58, 0x9C, 0xDB,
+        0x5C, 0x25, 0x76, 0x1A, 0x04, 0xE5, 0x82, 0x92,
+        0x90, 0x7C, 0x57, 0x8A, 0x94, 0xA3, 0x58, 0x36,
+        0xBE, 0xE3, 0x11, 0x2D, 0xC2, 0xC3, 0xAE, 0x21,
+        0x92, 0xC9, 0xDE, 0xAA, 0x30, 0x4B, 0x29, 0xC7,
+        0xFE, 0xA1, 0xBD, 0xF4, 0x7B, 0x3B, 0x6B, 0xCB,
+        0xA2, 0xC0, 0xE5, 0x5C, 0x9C, 0xDB, 0x6D, 0xE7,
+        0x14, 0x9E, 0x9C, 0xB1, 0x79, 0x17, 0x71, 0x8F,
+        0x12, 0xC8, 0x03, 0x2D, 0xE1, 0xAD, 0xE0, 0x64,
+        0x8D, 0x40, 0x55, 0x19, 0xC7, 0x07, 0x19, 0xBE,
+        0xCC, 0x70, 0x18, 0x45, 0xCF, 0x9F, 0x4B, 0x91,
+        0x2F, 0xE7, 0x19, 0x83, 0xCA, 0x34, 0xF9, 0x01,
+        0x8C, 0x7C, 0xA7, 0xBB, 0x2F, 0x6C, 0x5D, 0x7F,
+        0x8C, 0x5B, 0x29, 0x73, 0x59, 0xEC, 0x75, 0x20,
+        0x9C, 0x25, 0x43, 0xFF, 0x11, 0xC4, 0x24, 0x49,
+        0x77, 0xC5, 0x96, 0x95, 0x24, 0xEC, 0x45, 0x4D,
+        0x44, 0xC3, 0x23, 0xFC, 0xCA, 0x94, 0xAC, 0xAC,
+        0x27, 0x3A, 0x0E, 0xC4, 0x9B, 0x4A, 0x8A, 0x58,
+        0x5B, 0xCE, 0x7A, 0x5B, 0x30, 0x5C, 0x04, 0xC3,
+        0x50, 0x64, 0x22, 0x58, 0x03, 0x57, 0x01, 0x6A,
+        0x85, 0x0C, 0x3F, 0x7E, 0xE1, 0x72, 0x05, 0xA7,
+        0x7B, 0x29, 0x1C, 0x77, 0x31, 0xC9, 0x83, 0x6C,
+        0x02, 0xAE, 0xE5, 0x40, 0x6F, 0x63, 0xC6, 0xA0,
+        0x7A, 0x21, 0x43, 0x82, 0xAA, 0x15, 0x33, 0x6C,
+        0x05, 0xD1, 0x04, 0x55, 0x88, 0x10, 0x76, 0x45,
+        0xEA, 0x7D, 0xE6, 0x87, 0x0F, 0xC0, 0xE5, 0x5E,
+        0x15, 0x40, 0x97, 0x43, 0x01, 0xC4, 0x2E, 0xC1,
+        0x41, 0x05, 0x51, 0x86, 0x80, 0xF6, 0x88, 0xAB,
+        0xE4, 0xCE, 0x45, 0x37, 0x38, 0xFE, 0x47, 0x1B,
+        0x87, 0xFC, 0x31, 0xF5, 0xC6, 0x8A, 0x39, 0xE6,
+        0x8A, 0xF5, 0x1B, 0x02, 0x40, 0xB9, 0x0E, 0x03,
+        0x64, 0xB0, 0x4B, 0xAC, 0x43, 0xD6, 0xFB, 0x68,
+        0xAB, 0x65, 0xAE, 0x02, 0x8B, 0x62, 0xBD, 0x68,
+        0x3B, 0x7D, 0x28, 0xAD, 0x38, 0x80, 0x6B, 0xEE,
+        0x72, 0x5B, 0x5B, 0x24, 0x16, 0xA8, 0xD7, 0x9C,
+        0x16, 0xEC, 0x2A, 0x99, 0xEA, 0x4A, 0x8D, 0x92,
+        0xA2, 0xF5, 0x05, 0x2E, 0x67, 0xF9, 0x73, 0x52,
+        0x28, 0x97, 0x61, 0xC5, 0xC3, 0x9F, 0xC5, 0xC7,
+        0x42, 0xE9, 0xC0, 0xA7, 0x40, 0xCA, 0x59, 0xFC,
+        0x01, 0x82, 0xF7, 0x09, 0xD0, 0x1B, 0x51, 0x87,
+        0xF0, 0x00, 0x63, 0xDA, 0xAB, 0x39, 0x75, 0x96,
+        0xEE, 0xA4, 0xA3, 0x1B, 0xDB, 0xCB, 0xD4, 0xC1,
+        0xBB, 0x0C, 0x55, 0xBE, 0x7C, 0x68, 0x50, 0xFD,
+        0xA9, 0x32, 0x6B, 0x35, 0x3E, 0x28, 0x8C, 0x50,
+        0x13, 0x22, 0x6C, 0x3C, 0x39, 0x23, 0xA7, 0x91,
+        0x60, 0x9E, 0x80, 0x02, 0xE7, 0x3A, 0x5F, 0x7B,
+        0x6B, 0xB4, 0xA8, 0x77, 0xB1, 0xFD, 0xF5, 0x3B,
+        0xB2, 0xBA, 0xB3, 0xDD, 0x42, 0x4D, 0x31, 0xBB,
+        0xB4, 0x48, 0xE6, 0x09, 0xA6, 0x6B, 0x0E, 0x34,
+        0x3C, 0x28, 0x6E, 0x87, 0x60, 0x31, 0x2B, 0x6D,
+        0x37, 0xAA, 0x52, 0x01, 0xD2, 0x1F, 0x53, 0x50,
+        0x3D, 0x88, 0x38, 0x9A, 0xDC, 0xA2, 0x1C, 0x70,
+        0xFB, 0x6C, 0x0F, 0xC9, 0xC6, 0x9D, 0x66, 0x16,
+        0xC9, 0xEA, 0x37, 0x80, 0xE3, 0x55, 0x65, 0xC0,
+        0xC9, 0x7C, 0x15, 0x17, 0x9C, 0x95, 0x34, 0x3E,
+        0xCC, 0x5E, 0x1C, 0x2A, 0x24, 0xDE, 0x46, 0x99,
+        0xF6, 0x87, 0x5E, 0xA2, 0xFA, 0x2D, 0xD3, 0xE3,
+        0x57, 0xBC, 0x43, 0x91, 0x47, 0x95, 0x20, 0x7E,
+        0x02, 0x6B, 0x85, 0x0A, 0x22, 0x37, 0x95, 0x0C,
+        0x10, 0x8A, 0x51, 0x2F, 0xC8, 0x8C, 0x22, 0x48,
+        0x81, 0x12, 0x60, 0x70, 0x88, 0x18, 0x5F, 0xB0,
+        0xE0, 0x9C, 0x2C, 0x41, 0x97, 0xA8, 0x36, 0x87,
+        0x26, 0x6B, 0xAB, 0x2E, 0x58, 0x3E, 0x21, 0xC4,
+        0x0F, 0x4C, 0xC0, 0x08, 0xFE, 0x65, 0x28, 0x04,
+        0xD8, 0x22, 0x3F, 0x15, 0x20, 0xA9, 0x0B, 0x0D,
+        0x53, 0x85, 0xC7, 0x55, 0x3C, 0xC7, 0x67, 0xC5,
+        0x8D, 0x12, 0x0C, 0xCD, 0x3E, 0xF5, 0xB5, 0xD1,
+        0xA6, 0xCD, 0x7B, 0xC0, 0x0D, 0xFF, 0x13, 0x21,
+        0xB2, 0xF2, 0xC4, 0x32, 0xB6, 0x4E, 0xFB, 0x8A,
+        0x3F, 0x5D, 0x00, 0x64, 0xB3, 0xF3, 0x42, 0x93,
+        0x02, 0x6C, 0x85, 0x1C, 0x2D, 0xED, 0x68, 0xB9,
+        0xDF, 0xF4, 0xA2, 0x8F, 0x6A, 0x8D, 0x22, 0x55,
+        0x35, 0xE0, 0x47, 0x70, 0x84, 0x43, 0x0C, 0xFF,
+        0xDA, 0x0A, 0xC0, 0x55, 0x2F, 0x9A, 0x21, 0x27,
+        0x85, 0xB7, 0x49, 0x91, 0x3A, 0x06, 0xFA, 0x22,
+        0x74, 0xC0, 0xD1, 0x5B, 0xAD, 0x32, 0x54, 0x58,
+        0xD3, 0x23, 0xEF, 0x6B, 0xAE, 0x13, 0xC0, 0x01,
+        0x0D, 0x52, 0x5C, 0x1D, 0x52, 0x69, 0x97, 0x3A,
+        0xC2, 0x9B, 0xDA, 0x7C, 0x98, 0x37, 0x46, 0x91,
+        0x8B, 0xA0, 0xE0, 0x02, 0x58, 0x8E, 0x30, 0x37,
+        0x5D, 0x78, 0x32, 0x9E, 0x6B, 0x8B, 0xA8, 0xC4,
+        0x46, 0x2A, 0x69, 0x2F, 0xB6, 0x08, 0x38, 0x42,
+        0xB8, 0xC8, 0xC9, 0x2C, 0x60, 0xF2, 0x52, 0x72,
+        0x6D, 0x14, 0xA0, 0x71, 0xF7, 0xCC, 0x45, 0x25,
+        0x58, 0xD5, 0xE7, 0x1A, 0x7B, 0x08, 0x70, 0x62,
+        0xEC, 0xB1, 0x38, 0x68, 0x44, 0x58, 0x82, 0x46,
+        0x12, 0x64, 0x02, 0xB1, 0xFA, 0x16, 0x37, 0x73,
+        0x3C, 0xD5, 0xF6, 0x0C, 0xC8, 0x4B, 0xCB, 0x64,
+        0x6A, 0x78, 0x92, 0x61, 0x4D, 0x7C, 0x51, 0xB1,
+        0xC7, 0xF1, 0xA2, 0x79, 0x91, 0x32, 0xF1, 0x34,
+        0x27, 0xDC, 0x48, 0x21, 0x58, 0xDA, 0x25, 0x44,
+        0x70, 0xA5, 0x9E, 0x00, 0xA4, 0xE4, 0x96, 0x86,
+        0xFD, 0xC0, 0x77, 0x55, 0x93, 0x67, 0x27, 0x0C,
+        0x21, 0x53, 0xF1, 0x10, 0x07, 0x59, 0x2C, 0x9C,
+        0x43, 0x10, 0xCF, 0x8A, 0x12, 0xC6, 0xA8, 0x71,
+        0x3B, 0xD6, 0xBB, 0x51, 0xF3, 0x12, 0x4F, 0x98,
+        0x9B, 0xA0, 0xD5, 0x40, 0x73, 0xCC, 0x24, 0x2E,
+        0x09, 0x68, 0x78, 0x0B, 0x87, 0x5A, 0x86, 0x9E,
+        0xFB, 0x85, 0x15, 0x86, 0xB9, 0xA8, 0x68, 0xA3,
+        0x84, 0xB9, 0xE6, 0x82, 0x1B, 0x20, 0x1B, 0x93,
+        0x2C, 0x45, 0x53, 0x69, 0xA7, 0x39, 0xEC, 0x22,
+        0x56, 0x9C, 0x97, 0x7C, 0x21, 0x2B, 0x38, 0x18,
+        0x71, 0x81, 0x36, 0x56, 0xAF, 0x5B, 0x56, 0x7E,
+        0xF8, 0x93, 0xB5, 0x84, 0x62, 0x4C, 0x86, 0x3A,
+        0x25, 0x90, 0x00, 0xF1, 0x7B, 0x25, 0x4B, 0x98,
+        0xB1, 0x85, 0x09, 0x7C, 0x50, 0xEB, 0xB6, 0x8B,
+        0x24, 0x43, 0x42, 0xE0, 0x5D, 0x4D, 0xE5, 0x20,
+        0x12, 0x5B, 0x8E, 0x10, 0x33, 0xB1, 0x43, 0x60,
+        0x93, 0xAC, 0xE7, 0xCE, 0x8E, 0x71, 0xB4, 0x58,
+        0xD5, 0x25, 0x67, 0x33, 0x63, 0x04, 0x5A, 0x3B,
+        0x3E, 0xEA, 0x94, 0x55, 0x42, 0x8A, 0x39, 0x87,
+        0x05, 0xA4, 0x23, 0x27, 0xAD, 0xB3, 0x77, 0x4B,
+        0x70, 0x57, 0xF4, 0x2B, 0x01, 0x7E, 0xC0, 0x73,
+        0x9A, 0x98, 0x3F, 0x19, 0xE8, 0x21, 0x4D, 0x09,
+        0x19, 0x5F, 0xA2, 0x4D, 0x2D, 0x57, 0x1D, 0xB7,
+        0x3C, 0x19, 0xA6, 0xF8, 0x46, 0x0E, 0x50, 0x83,
+        0x0D, 0x41, 0x5F, 0x62, 0x7B, 0x88, 0xE9, 0x4A,
+        0x7B, 0x15, 0x37, 0x91, 0xA0, 0xC0, 0xC7, 0xE9,
+        0x48, 0x4C, 0x74, 0xD5, 0x3C, 0x71, 0x48, 0x89,
+        0xF0, 0xE3, 0x21, 0xB6, 0x66, 0x0A, 0x53, 0x2A,
+        0x5B, 0xC0, 0xE5, 0x57, 0xFB, 0xCA, 0x35, 0xE2,
+        0x9B, 0xC6, 0x11, 0x20, 0x0E, 0xD3, 0xC6, 0x33,
+        0x07, 0x7A, 0x4D, 0x87, 0x3C, 0x5C, 0xC6, 0x70,
+        0x06, 0xB7, 0x53, 0xBF, 0x6D, 0x6B, 0x7A, 0xF6,
+        0xCA, 0x40, 0x2A, 0xB6, 0x18, 0x23, 0x6C, 0x0A,
+        0xFF, 0xBC, 0x80, 0x1F, 0x82, 0x22, 0xFB, 0xC3,
+        0x6C, 0xE0, 0x98, 0x4E, 0x2B, 0x18, 0xC9, 0x44,
+        0xBB, 0xCB, 0xEF, 0x03, 0xB1, 0xE1, 0x36, 0x1C,
+        0x1F, 0x44, 0xB0, 0xD7, 0x34, 0xAF, 0xB1, 0x56,
+        0x6C, 0xFF, 0x87, 0x44, 0xDA, 0x8B, 0x99, 0x43,
+        0xD6, 0xB4, 0x5A, 0x3C, 0x09, 0x03, 0x07, 0x02,
+        0xCA, 0x20, 0x1F, 0xFE, 0x20, 0xCB, 0x7E, 0xC5,
+        0xB0, 0xD4, 0x14, 0x9E, 0xE2, 0xC2, 0x8E, 0x8B,
+        0x23, 0x37, 0x4F, 0x47, 0x1B, 0x57, 0x15, 0x0D,
+        0x0E, 0xC9, 0x33, 0x62, 0x61, 0xA2, 0xD5, 0xCB,
+        0x84, 0xA3, 0xAC, 0xAC, 0xC4, 0x28, 0x94, 0x73,
+        0xA4, 0xC0, 0xAB, 0xC6, 0x17, 0xC9, 0xAB, 0xC1,
+        0x78, 0x73, 0x44, 0x34, 0xC8, 0x2E, 0x16, 0x85,
+        0x58, 0x8A, 0x5C, 0x2E, 0xA2, 0x67, 0x8F, 0x6B,
+        0x3C, 0x22, 0x28, 0x73, 0x31, 0x30, 0xC4, 0x66,
+        0xE5, 0xB8, 0x6E, 0xF4, 0x91, 0x15, 0x3E, 0x48,
+        0x66, 0x22, 0x47, 0xB8, 0x75, 0xD2, 0x01, 0x02,
+        0x0B, 0x56, 0x6B, 0x81, 0xB6, 0x4D, 0x83, 0x9A,
+        0xB4, 0x63, 0x3B, 0xAA, 0x8A, 0xCE, 0x20, 0x2B,
+        0xAA, 0xB4, 0x49, 0x62, 0x97, 0xF9, 0x80, 0x7A,
+        0xDB, 0xBB, 0x1E, 0x33, 0x2C, 0x6F, 0x80, 0x22,
+        0xB2, 0xA1, 0x8C, 0xFD, 0xD4, 0xA8, 0x25, 0x30,
+        0xB6, 0xD3, 0xF0, 0x07, 0xC3, 0x35, 0x38, 0x98,
+        0xD9, 0x66, 0xCC, 0x2C, 0x21, 0xCB, 0x42, 0x44,
+        0xBD, 0x00, 0x44, 0x3F, 0x20, 0x98, 0x70, 0xAC,
+        0xC4, 0x2B, 0xC3, 0x30, 0x68, 0xC7, 0x24, 0xEC,
+        0x17, 0x22, 0x36, 0x19, 0xC1, 0x09, 0x3C, 0xCA,
+        0x6A, 0xEB, 0x29, 0x50, 0x06, 0x64, 0xD1, 0x22,
+        0x50, 0x36, 0xB4, 0xB8, 0x10, 0x91, 0x90, 0x69,
+        0x69, 0x48, 0x1F, 0x1C, 0x72, 0x3C, 0x14, 0x0B,
+        0x9D, 0x6C, 0x16, 0x8F, 0x5B, 0x64, 0xBE, 0xA6,
+        0x9C, 0x5F, 0xD6, 0x38, 0x5D, 0xF7, 0x36, 0x4B,
+        0x87, 0x23, 0xBC, 0xC8, 0x5E, 0x03, 0x8C, 0x7E,
+        0x46, 0x4A, 0x90, 0x0D, 0x68, 0xA2, 0x12, 0x78,
+        0x18, 0x99, 0x42, 0x17, 0xAE, 0xC8, 0xBD, 0xB3,
+        0x9A, 0x97, 0x0A, 0x99, 0x63, 0xDE, 0x93, 0x68,
+        0x8E, 0x2A, 0xC8, 0x2A, 0xBC, 0xC2, 0x2F, 0xB9,
+        0x27, 0x7B, 0xA2, 0x20, 0x09, 0xE8, 0x78, 0x38,
+        0x1A, 0x38, 0x16, 0x39, 0x01, 0xC7, 0xD4, 0xC8,
+        0x50, 0x19, 0x53, 0x8D, 0x35, 0xCA, 0xAE, 0x9C,
+        0x41, 0xAF, 0x8C, 0x92, 0x9E, 0xE2, 0x0B, 0xB0,
+        0x8C, 0xA6, 0x19, 0xE7, 0x2C, 0x2F, 0x22, 0x62,
+        0xC1, 0xC9, 0x93, 0x85, 0x72, 0x55, 0x1A, 0xC0,
+        0x2D, 0xC9, 0x26, 0x8F, 0xBC, 0xC3, 0x5D, 0x79,
+        0x01, 0x1C, 0x3C, 0x09, 0x0A, 0xD4, 0x0A, 0x4F,
+        0x11, 0x1C, 0x9B, 0xE5, 0x5C, 0x42, 0x7E, 0xB7,
+        0x96, 0xC1, 0x93, 0x2D, 0x86, 0x73, 0x57, 0x9A,
+        0xF1, 0xB4, 0xC6, 0x38, 0xB0, 0x94, 0x44, 0x89,
+        0x01, 0x2A, 0x25, 0x59, 0xA3, 0xB0, 0x24, 0x81,
+        0xB0, 0x1A, 0xC3, 0x0B, 0xA8, 0x96, 0x0F, 0x80,
+        0xC0, 0xC2, 0xB3, 0x94, 0x7D, 0x36, 0xA1, 0x2C,
+        0x08, 0x04, 0x98, 0xBE, 0xE4, 0x48, 0x71, 0x6C,
+        0x97, 0x34, 0x16, 0xC8, 0x24, 0x28, 0x04, 0xA3,
+        0xDA, 0x09, 0x9E, 0xE1, 0x37, 0xB0, 0xBA, 0x90,
+        0xFE, 0x4A, 0x5C, 0x6A, 0x89, 0x20, 0x02, 0x76,
+        0xA0, 0xCF, 0xB6, 0x43, 0xEC, 0x2C, 0x56, 0xA2,
+        0xD7, 0x08, 0xD7, 0xB4, 0x37, 0x3E, 0x44, 0xC1,
+        0x50, 0x2A, 0x76, 0x3A, 0x60, 0x05, 0x86, 0xE6,
+        0xCD, 0xA6, 0x27, 0x38, 0x97, 0xD4, 0x44, 0x48,
+        0x28, 0x7D, 0xC2, 0xE6, 0x02, 0xDC, 0x39, 0x20,
+        0x0B, 0xF6, 0x16, 0x62, 0x36, 0x55, 0x9F, 0xD1,
+        0x2A, 0x60, 0x89, 0x2A, 0xEB, 0x15, 0x3D, 0xD6,
+        0x51, 0xBB, 0x46, 0x99, 0x10, 0xB4, 0xB3, 0x46,
+        0x69, 0xF9, 0x1D, 0xA8, 0x65, 0x4D, 0x1E, 0xB7,
+        0x2E, 0xB6, 0xE0, 0x28, 0x00, 0xB3, 0xB0, 0xA7,
+        0xD0, 0xA4, 0x8C, 0x83, 0x68, 0x54, 0xD3, 0xA8,
+        0x3E, 0x65, 0x56, 0x9C, 0xB7, 0x23, 0x0B, 0xB4,
+        0x4F, 0x3F, 0x14, 0x3A, 0x6D, 0xEC, 0x5F, 0x2C,
+        0x39, 0xAB, 0x90, 0xF2, 0x74, 0xF2, 0x08, 0x8B,
+        0xD3, 0xD6, 0xA6, 0xFC, 0xA0, 0x07, 0x02, 0x73,
+        0xBE, 0xDC, 0x84, 0x77, 0x7F, 0xB5, 0x2E, 0x3C,
+        0x55, 0x8B, 0x0A, 0xE0, 0x61, 0x83, 0xD5, 0xA4,
+        0x8D, 0x45, 0x2F, 0x68, 0xE1, 0x52, 0x07, 0xF8,
+        0x61, 0x62, 0x7A, 0xCA, 0x14, 0x27, 0x96, 0x30,
+        0xF8, 0x2E, 0xC3, 0xA0, 0xCA, 0x07, 0x86, 0x33,
+        0xB6, 0x00, 0xAF, 0xA7, 0x97, 0x43, 0xA6, 0x00,
+        0x21, 0x5B, 0xE5, 0x63, 0x74, 0x58, 0xCE, 0x2C,
+        0xE8, 0xAF, 0xF5, 0xA0, 0x8E, 0xB5, 0x01, 0x7B,
+        0x2C, 0x76, 0x65, 0x77, 0x47, 0x9F, 0x8D, 0xC6,
+        0xBF, 0x9F, 0x5C, 0xC7, 0x50, 0x89, 0x93, 0x21,
+        0x61, 0xB9, 0x6C, 0xEA, 0x40, 0x66, 0x20, 0xAE,
+        0xDB, 0x63, 0x04, 0x07, 0xF7, 0x68, 0x7E, 0xBB,
+        0xB4, 0x81, 0x4C, 0x79, 0x81, 0x63, 0x7A, 0x48,
+        0xA9, 0x0D, 0xE6, 0x80, 0x31, 0xE0, 0x62, 0xA7,
+        0xAF, 0x76, 0x12, 0xB4, 0xF5, 0xC7, 0xA6, 0xDA,
+        0x86, 0xBD, 0x13, 0x65, 0x29, 0xE6, 0x42, 0x95,
+        0xA5, 0x61, 0x3E, 0xA7, 0x3B, 0xD3, 0xD4, 0x44,
+        0x8C, 0xB8, 0x1F, 0x24, 0x31, 0x35, 0xC0, 0xA6,
+        0x60, 0xBE, 0xB9, 0xC1, 0x7E, 0x65, 0x1D, 0xEF,
+        0x46, 0x9A, 0x7D, 0x90, 0xA1, 0x5D, 0x34, 0x81,
+        0x09, 0x0B, 0xCB, 0xF2, 0x27, 0x01, 0x23, 0x28,
+        0x94, 0x1F, 0xA4, 0x6F, 0x39, 0xC5, 0x00, 0x6A,
+        0xD9, 0x3D, 0x45, 0x8A, 0xA6, 0xAD, 0xD6, 0x55,
+        0x86, 0x2B, 0x41, 0x8C, 0x30, 0x94, 0xF5, 0x51,
+        0x46, 0x0D, 0xF2, 0x15, 0x3A, 0x58, 0x10, 0xA7,
+        0xDA, 0x74, 0xF0, 0x61, 0x4C, 0x25, 0x88, 0xBE,
+        0x49, 0xDC, 0x6F, 0x5E, 0x88, 0x15, 0x46, 0x42,
+        0xBD, 0x1D, 0x37, 0x62, 0x56, 0x33, 0x26, 0x43,
+        0x35, 0x07, 0x15, 0x6A, 0x57, 0xC5, 0x76, 0x94,
+        0xBD, 0xD2, 0x6E, 0x7A, 0x24, 0x6F, 0xEB, 0x72,
+        0x3A, 0xED, 0x67, 0xB0, 0x48, 0x87, 0xC8, 0xE4,
+        0x76, 0xB4, 0x8C, 0xAB, 0x59, 0xE5, 0x36, 0x2F,
+        0x26, 0xA9, 0xEF, 0x50, 0xC2, 0xBC, 0x80, 0xBA,
+        0x14, 0x62, 0x26, 0x21, 0x6F, 0xE6, 0x29, 0x68,
+        0xA6, 0x0D, 0x04, 0xE8, 0xC1, 0x70, 0xD7, 0x41,
+        0xC7, 0xA2, 0xB0, 0xE1, 0xAB, 0xDA, 0xC9, 0x68,
+        0xE2, 0x90, 0x20, 0x83, 0x9D, 0x05, 0x2F, 0xA3,
+        0x72, 0x58, 0x56, 0x27, 0xF8, 0xB5, 0x9E, 0xE3,
+        0x12, 0xAE, 0x41, 0x4C, 0x97, 0x9D, 0x82, 0x5F,
+        0x06, 0xA6, 0x92, 0x9A, 0x79, 0x62, 0x57, 0x18,
+        0xA8, 0x57, 0x68, 0xF3, 0x48, 0x6B, 0xD3, 0x2A,
+        0x01, 0xBF, 0x9A, 0x8F, 0x21, 0xEA, 0x93, 0x8E,
+        0x64, 0x8E, 0xAE, 0x4E, 0x54, 0x48, 0xC3, 0x4C,
+        0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    static const byte seed_1024[WC_ML_KEM_MAKEKEY_RAND_SZ] = {
+        /* d */
+        0x49, 0xAC, 0x8B, 0x99, 0xBB, 0x1E, 0x6A, 0x8E,
+        0xA8, 0x18, 0x26, 0x1F, 0x8B, 0xE6, 0x8B, 0xDE,
+        0xAA, 0x52, 0x89, 0x7E, 0x7E, 0xC6, 0xC4, 0x0B,
+        0x53, 0x0B, 0xC7, 0x60, 0xAB, 0x77, 0xDC, 0xE3,
+        /* z */
+        0x99, 0xE3, 0x24, 0x68, 0x84, 0x18, 0x1F, 0x8E,
+        0x1D, 0xD4, 0x4E, 0x0C, 0x76, 0x29, 0x09, 0x33,
+        0x30, 0x22, 0x1F, 0xD6, 0x7D, 0x9B, 0x7D, 0x6E,
+        0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7
+    };
+    static const byte ek_1024[WC_ML_KEM_1024_PUBLIC_KEY_SIZE] = {
+        0xA0, 0x41, 0x84, 0xD4, 0xBC, 0x7B, 0x53, 0x2A,
+        0x0F, 0x70, 0xA5, 0x4D, 0x77, 0x57, 0xCD, 0xE6,
+        0x17, 0x5A, 0x68, 0x43, 0xB8, 0x61, 0xCB, 0x2B,
+        0xC4, 0x83, 0x0C, 0x00, 0x12, 0x55, 0x4C, 0xFC,
+        0x5D, 0x2C, 0x8A, 0x20, 0x27, 0xAA, 0x3C, 0xD9,
+        0x67, 0x13, 0x0E, 0x9B, 0x96, 0x24, 0x1B, 0x11,
+        0xC4, 0x32, 0x0C, 0x76, 0x49, 0xCC, 0x23, 0xA7,
+        0x1B, 0xAF, 0xE6, 0x91, 0xAF, 0xC0, 0x8E, 0x68,
+        0x0B, 0xCE, 0xF4, 0x29, 0x07, 0x00, 0x07, 0x18,
+        0xE4, 0xEA, 0xCE, 0x8D, 0xA2, 0x82, 0x14, 0x19,
+        0x7B, 0xE1, 0xC2, 0x69, 0xDA, 0x9C, 0xB5, 0x41,
+        0xE1, 0xA3, 0xCE, 0x97, 0xCF, 0xAD, 0xF9, 0xC6,
+        0x05, 0x87, 0x80, 0xFE, 0x67, 0x93, 0xDB, 0xFA,
+        0x82, 0x18, 0xA2, 0x76, 0x0B, 0x80, 0x2B, 0x8D,
+        0xA2, 0xAA, 0x27, 0x1A, 0x38, 0x77, 0x25, 0x23,
+        0xA7, 0x67, 0x36, 0xA7, 0xA3, 0x1B, 0x9D, 0x30,
+        0x37, 0xAD, 0x21, 0xCE, 0xBB, 0x11, 0xA4, 0x72,
+        0xB8, 0x79, 0x2E, 0xB1, 0x75, 0x58, 0xB9, 0x40,
+        0xE7, 0x08, 0x83, 0xF2, 0x64, 0x59, 0x2C, 0x68,
+        0x9B, 0x24, 0x0B, 0xB4, 0x3D, 0x54, 0x08, 0xBF,
+        0x44, 0x64, 0x32, 0xF4, 0x12, 0xF4, 0xB9, 0xA5,
+        0xF6, 0x86, 0x5C, 0xC2, 0x52, 0xA4, 0x3C, 0xF4,
+        0x0A, 0x32, 0x03, 0x91, 0x55, 0x55, 0x91, 0xD6,
+        0x75, 0x61, 0xFD, 0xD0, 0x53, 0x53, 0xAB, 0x6B,
+        0x01, 0x9B, 0x3A, 0x08, 0xA7, 0x33, 0x53, 0xD5,
+        0x1B, 0x61, 0x13, 0xAB, 0x2F, 0xA5, 0x1D, 0x97,
+        0x56, 0x48, 0xEE, 0x25, 0x4A, 0xF8, 0x9A, 0x23,
+        0x05, 0x04, 0xA2, 0x36, 0xA4, 0x65, 0x82, 0x57,
+        0x74, 0x0B, 0xDC, 0xBB, 0xE1, 0x70, 0x8A, 0xB0,
+        0x22, 0xC3, 0xC5, 0x88, 0xA4, 0x10, 0xDB, 0x3B,
+        0x9C, 0x30, 0x8A, 0x06, 0x27, 0x5B, 0xDF, 0x5B,
+        0x48, 0x59, 0xD3, 0xA2, 0x61, 0x7A, 0x29, 0x5E,
+        0x1A, 0x22, 0xF9, 0x01, 0x98, 0xBA, 0xD0, 0x16,
+        0x6F, 0x4A, 0x94, 0x34, 0x17, 0xC5, 0xB8, 0x31,
+        0x73, 0x6C, 0xB2, 0xC8, 0x58, 0x0A, 0xBF, 0xDE,
+        0x57, 0x14, 0xB5, 0x86, 0xAB, 0xEE, 0xC0, 0xA1,
+        0x75, 0xA0, 0x8B, 0xC7, 0x10, 0xC7, 0xA2, 0x89,
+        0x5D, 0xE9, 0x3A, 0xC4, 0x38, 0x06, 0x1B, 0xF7,
+        0x76, 0x5D, 0x0D, 0x21, 0xCD, 0x41, 0x81, 0x67,
+        0xCA, 0xF8, 0x9D, 0x1E, 0xFC, 0x34, 0x48, 0xBC,
+        0xBB, 0x96, 0xD6, 0x9B, 0x3E, 0x01, 0x0C, 0x82,
+        0xD1, 0x5C, 0xAB, 0x6C, 0xAC, 0xC6, 0x79, 0x9D,
+        0x36, 0x39, 0x66, 0x9A, 0x5B, 0x21, 0xA6, 0x33,
+        0xC8, 0x65, 0xF8, 0x59, 0x3B, 0x5B, 0x7B, 0xC8,
+        0x00, 0x26, 0x2B, 0xB8, 0x37, 0xA9, 0x24, 0xA6,
+        0xC5, 0x44, 0x0E, 0x4F, 0xC7, 0x3B, 0x41, 0xB2,
+        0x30, 0x92, 0xC3, 0x91, 0x2F, 0x4C, 0x6B, 0xEB,
+        0xB4, 0xC7, 0xB4, 0xC6, 0x29, 0x08, 0xB0, 0x37,
+        0x75, 0x66, 0x6C, 0x22, 0x22, 0x0D, 0xF9, 0xC8,
+        0x88, 0x23, 0xE3, 0x44, 0xC7, 0x30, 0x83, 0x32,
+        0x34, 0x5C, 0x8B, 0x79, 0x5D, 0x34, 0xE8, 0xC0,
+        0x51, 0xF2, 0x1F, 0x5A, 0x21, 0xC2, 0x14, 0xB6,
+        0x98, 0x41, 0x35, 0x87, 0x09, 0xB1, 0xC3, 0x05,
+        0xB3, 0x2C, 0xC2, 0xC3, 0x80, 0x6A, 0xE9, 0xCC,
+        0xD3, 0x81, 0x9F, 0xFF, 0x45, 0x07, 0xFE, 0x52,
+        0x0F, 0xBF, 0xC2, 0x71, 0x99, 0xBC, 0x23, 0xBE,
+        0x6B, 0x9B, 0x2D, 0x2A, 0xC1, 0x71, 0x75, 0x79,
+        0xAC, 0x76, 0x92, 0x79, 0xE2, 0xA7, 0xAA, 0xC6,
+        0x8A, 0x37, 0x1A, 0x47, 0xBA, 0x3A, 0x7D, 0xBE,
+        0x01, 0x6F, 0x14, 0xE1, 0xA7, 0x27, 0x33, 0x36,
+        0x63, 0xC4, 0xA5, 0xCD, 0x1A, 0x0F, 0x88, 0x36,
+        0xCF, 0x7B, 0x5C, 0x49, 0xAC, 0x51, 0x48, 0x5C,
+        0xA6, 0x03, 0x45, 0xC9, 0x90, 0xE0, 0x68, 0x88,
+        0x72, 0x00, 0x03, 0x73, 0x13, 0x22, 0xC5, 0xB8,
+        0xCD, 0x5E, 0x69, 0x07, 0xFD, 0xA1, 0x15, 0x7F,
+        0x46, 0x8F, 0xD3, 0xFC, 0x20, 0xFA, 0x81, 0x75,
+        0xEE, 0xC9, 0x5C, 0x29, 0x1A, 0x26, 0x2B, 0xA8,
+        0xC5, 0xBE, 0x99, 0x08, 0x72, 0x41, 0x89, 0x30,
+        0x85, 0x23, 0x39, 0xD8, 0x8A, 0x19, 0xB3, 0x7F,
+        0xEF, 0xA3, 0xCF, 0xE8, 0x21, 0x75, 0xC2, 0x24,
+        0x40, 0x7C, 0xA4, 0x14, 0xBA, 0xEB, 0x37, 0x92,
+        0x3B, 0x4D, 0x2D, 0x83, 0x13, 0x4A, 0xE1, 0x54,
+        0xE4, 0x90, 0xA9, 0xB4, 0x5A, 0x05, 0x63, 0xB0,
+        0x6C, 0x95, 0x3C, 0x33, 0x01, 0x45, 0x0A, 0x21,
+        0x76, 0xA0, 0x7C, 0x61, 0x4A, 0x74, 0xE3, 0x47,
+        0x8E, 0x48, 0x50, 0x9F, 0x9A, 0x60, 0xAE, 0x94,
+        0x5A, 0x8E, 0xBC, 0x78, 0x15, 0x12, 0x1D, 0x90,
+        0xA3, 0xB0, 0xE0, 0x70, 0x91, 0xA0, 0x96, 0xCF,
+        0x02, 0xC5, 0x7B, 0x25, 0xBC, 0xA5, 0x81, 0x26,
+        0xAD, 0x0C, 0x62, 0x9C, 0xE1, 0x66, 0xA7, 0xED,
+        0xB4, 0xB3, 0x32, 0x21, 0xA0, 0xD3, 0xF7, 0x2B,
+        0x85, 0xD5, 0x62, 0xEC, 0x69, 0x8B, 0x7D, 0x0A,
+        0x91, 0x3D, 0x73, 0x80, 0x6F, 0x1C, 0x5C, 0x87,
+        0xB3, 0x8E, 0xC0, 0x03, 0xCB, 0x30, 0x3A, 0x3D,
+        0xC5, 0x1B, 0x4B, 0x35, 0x35, 0x6A, 0x67, 0x82,
+        0x6D, 0x6E, 0xDA, 0xA8, 0xFE, 0xB9, 0x3B, 0x98,
+        0x49, 0x3B, 0x2D, 0x1C, 0x11, 0xB6, 0x76, 0xA6,
+        0xAD, 0x95, 0x06, 0xA1, 0xAA, 0xAE, 0x13, 0xA8,
+        0x24, 0xC7, 0xC0, 0x8D, 0x1C, 0x6C, 0x2C, 0x4D,
+        0xBA, 0x96, 0x42, 0xC7, 0x6E, 0xA7, 0xF6, 0xC8,
+        0x26, 0x4B, 0x64, 0xA2, 0x3C, 0xCC, 0xA9, 0xA7,
+        0x46, 0x35, 0xFC, 0xBF, 0x03, 0xE0, 0x0F, 0x1B,
+        0x57, 0x22, 0xB2, 0x14, 0x37, 0x67, 0x90, 0x79,
+        0x3B, 0x2C, 0x4F, 0x0A, 0x13, 0xB5, 0xC4, 0x07,
+        0x60, 0xB4, 0x21, 0x8E, 0x1D, 0x25, 0x94, 0xDC,
+        0xB3, 0x0A, 0x70, 0xD9, 0xC1, 0x78, 0x2A, 0x5D,
+        0xD3, 0x05, 0x76, 0xFA, 0x41, 0x44, 0xBF, 0xC8,
+        0x41, 0x6E, 0xDA, 0x81, 0x18, 0xFC, 0x64, 0x72,
+        0xF5, 0x6A, 0x97, 0x95, 0x86, 0xF3, 0x3B, 0xB0,
+        0x70, 0xFB, 0x0F, 0x1B, 0x0B, 0x10, 0xBC, 0x48,
+        0x97, 0xEB, 0xE0, 0x1B, 0xCA, 0x38, 0x93, 0xD4,
+        0xE1, 0x6A, 0xDB, 0x25, 0x09, 0x3A, 0x74, 0x17,
+        0xD0, 0x70, 0x8C, 0x83, 0xA2, 0x63, 0x22, 0xE2,
+        0x2E, 0x63, 0x30, 0x09, 0x1E, 0x30, 0x15, 0x2B,
+        0xF8, 0x23, 0x59, 0x7C, 0x04, 0xCC, 0xF4, 0xCF,
+        0xC7, 0x33, 0x15, 0x78, 0xF4, 0x3A, 0x27, 0x26,
+        0xCC, 0xB4, 0x28, 0x28, 0x9A, 0x90, 0xC8, 0x63,
+        0x25, 0x9D, 0xD1, 0x80, 0xC5, 0xFF, 0x14, 0x2B,
+        0xEF, 0x41, 0xC7, 0x71, 0x70, 0x94, 0xBE, 0x07,
+        0x85, 0x6D, 0xA2, 0xB1, 0x40, 0xFA, 0x67, 0x71,
+        0x09, 0x67, 0x35, 0x6A, 0xA4, 0x7D, 0xFB, 0xC8,
+        0xD2, 0x55, 0xB4, 0x72, 0x2A, 0xB8, 0x6D, 0x43,
+        0x9B, 0x7E, 0x0A, 0x60, 0x90, 0x25, 0x1D, 0x2D,
+        0x4C, 0x1E, 0xD5, 0xF2, 0x0B, 0xBE, 0x68, 0x07,
+        0xBF, 0x65, 0xA9, 0x0B, 0x7C, 0xB2, 0xEC, 0x01,
+        0x02, 0xAF, 0x02, 0x80, 0x9D, 0xC9, 0xAC, 0x7D,
+        0x0A, 0x3A, 0xBC, 0x69, 0xC1, 0x83, 0x65, 0xBC,
+        0xFF, 0x59, 0x18, 0x5F, 0x33, 0x99, 0x68, 0x87,
+        0x74, 0x61, 0x85, 0x90, 0x6C, 0x01, 0x91, 0xAE,
+        0xD4, 0x40, 0x7E, 0x13, 0x94, 0x46, 0x45, 0x9B,
+        0xE2, 0x9C, 0x68, 0x22, 0x71, 0x76, 0x44, 0x35,
+        0x3D, 0x24, 0xAB, 0x63, 0x39, 0x15, 0x6A, 0x9C,
+        0x42, 0x49, 0x09, 0xF0, 0xA9, 0x02, 0x5B, 0xB7,
+        0x47, 0x20, 0x77, 0x9B, 0xE4, 0x3F, 0x16, 0xD8,
+        0x1C, 0x8C, 0xC6, 0x66, 0xE9, 0x97, 0x10, 0xD8,
+        0xC6, 0x8B, 0xB5, 0xCC, 0x4E, 0x12, 0xF3, 0x14,
+        0xE9, 0x25, 0xA5, 0x51, 0xF0, 0x9C, 0xC5, 0x90,
+        0x03, 0xA1, 0xF8, 0x81, 0x03, 0xC2, 0x54, 0xBB,
+        0x97, 0x8D, 0x75, 0xF3, 0x94, 0xD3, 0x54, 0x0E,
+        0x31, 0xE7, 0x71, 0xCD, 0xA3, 0x6E, 0x39, 0xEC,
+        0x54, 0xA6, 0x2B, 0x58, 0x32, 0x66, 0x4D, 0x82,
+        0x1A, 0x72, 0xF1, 0xE6, 0xAF, 0xBB, 0xA2, 0x7F,
+        0x84, 0x29, 0x5B, 0x26, 0x94, 0xC4, 0x98, 0x49,
+        0x8E, 0x81, 0x2B, 0xC8, 0xE9, 0x37, 0x8F, 0xE5,
+        0x41, 0xCE, 0xC5, 0x89, 0x1B, 0x25, 0x06, 0x29,
+        0x01, 0xCB, 0x72, 0x12, 0xE3, 0xCD, 0xC4, 0x61,
+        0x79, 0xEC, 0x5B, 0xCE, 0xC1, 0x0B, 0xC0, 0xB9,
+        0x31, 0x1D, 0xE0, 0x50, 0x74, 0x29, 0x06, 0x87,
+        0xFD, 0x6A, 0x53, 0x92, 0x67, 0x16, 0x54, 0x28,
+        0x4C, 0xD9, 0xC8, 0xCC, 0x3E, 0xBA, 0x80, 0xEB,
+        0x3B, 0x66, 0x2E, 0xB5, 0x3E, 0xB7, 0x51, 0x16,
+        0x70, 0x4A, 0x1F, 0xEB, 0x5C, 0x2D, 0x05, 0x63,
+        0x38, 0x53, 0x28, 0x68, 0xDD, 0xF2, 0x4E, 0xB8,
+        0x99, 0x2A, 0xB8, 0x56, 0x5D, 0x9E, 0x49, 0x0C,
+        0xAD, 0xF1, 0x48, 0x04, 0x36, 0x0D, 0xAA, 0x90,
+        0x71, 0x8E, 0xAB, 0x61, 0x6B, 0xAB, 0x07, 0x65,
+        0xD3, 0x39, 0x87, 0xB4, 0x7E, 0xFB, 0x65, 0x99,
+        0xC5, 0x56, 0x32, 0x35, 0xE6, 0x1E, 0x4B, 0xE6,
+        0x70, 0xE9, 0x79, 0x55, 0xAB, 0x29, 0x2D, 0x97,
+        0x32, 0xCB, 0x89, 0x30, 0x94, 0x8A, 0xC8, 0x2D,
+        0xF2, 0x30, 0xAC, 0x72, 0x29, 0x7A, 0x23, 0x67,
+        0x9D, 0x6B, 0x94, 0xC1, 0x7F, 0x13, 0x59, 0x48,
+        0x32, 0x54, 0xFE, 0xDC, 0x2F, 0x05, 0x81, 0x9F,
+        0x0D, 0x06, 0x9A, 0x44, 0x3B, 0x78, 0xE3, 0xFC,
+        0x6C, 0x3E, 0xF4, 0x71, 0x4B, 0x05, 0xA3, 0xFC,
+        0xA8, 0x1C, 0xBB, 0xA6, 0x02, 0x42, 0xA7, 0x06,
+        0x0C, 0xD8, 0x85, 0xD8, 0xF3, 0x99, 0x81, 0xBB,
+        0x18, 0x09, 0x2B, 0x23, 0xDA, 0xA5, 0x9F, 0xD9,
+        0x57, 0x83, 0x88, 0x68, 0x8A, 0x09, 0xBB, 0xA0,
+        0x79, 0xBC, 0x80, 0x9A, 0x54, 0x84, 0x3A, 0x60,
+        0x38, 0x5E, 0x23, 0x10, 0xBB, 0xCB, 0xCC, 0x02,
+        0x13, 0xCE, 0x3D, 0xFA, 0xAB, 0x33, 0xB4, 0x7F,
+        0x9D, 0x63, 0x05, 0xBC, 0x95, 0xC6, 0x10, 0x78,
+        0x13, 0xC5, 0x85, 0xC4, 0xB6, 0x57, 0xBF, 0x30,
+        0x54, 0x28, 0x33, 0xB1, 0x49, 0x49, 0xF5, 0x73,
+        0xC0, 0x61, 0x2A, 0xD5, 0x24, 0xBA, 0xAE, 0x69,
+        0x59, 0x0C, 0x12, 0x77, 0xB8, 0x6C, 0x28, 0x65,
+        0x71, 0xBF, 0x66, 0xB3, 0xCF, 0xF4, 0x6A, 0x38,
+        0x58, 0xC0, 0x99, 0x06, 0xA7, 0x94, 0xDF, 0x4A,
+        0x06, 0xE9, 0xD4, 0xB0, 0xA2, 0xE4, 0x3F, 0x10,
+        0xF7, 0x2A, 0x6C, 0x6C, 0x47, 0xE5, 0x64, 0x6E,
+        0x2C, 0x79, 0x9B, 0x71, 0xC3, 0x3E, 0xD2, 0xF0,
+        0x1E, 0xEB, 0x45, 0x93, 0x8E, 0xB7, 0xA4, 0xE2,
+        0xE2, 0x90, 0x8C, 0x53, 0x55, 0x8A, 0x54, 0x0D,
+        0x35, 0x03, 0x69, 0xFA, 0x18, 0x9C, 0x61, 0x69,
+        0x43, 0xF7, 0x98, 0x1D, 0x76, 0x18, 0xCF, 0x02,
+        0xA5, 0xB0, 0xA2, 0xBC, 0xC4, 0x22, 0xE8, 0x57,
+        0xD1, 0xA4, 0x78, 0x71, 0x25, 0x3D, 0x08, 0x29,
+        0x3C, 0x1C, 0x17, 0x9B, 0xCD, 0xC0, 0x43, 0x70,
+        0x69, 0x10, 0x74, 0x18, 0x20, 0x5F, 0xDB, 0x98,
+        0x56, 0x62, 0x3B, 0x8C, 0xA6, 0xB6, 0x94, 0xC9,
+        0x6C, 0x08, 0x4B, 0x17, 0xF1, 0x3B, 0xB6, 0xDF,
+        0x12, 0xB2, 0xCF, 0xBB, 0xC2, 0xB0, 0xE0, 0xC3,
+        0x4B, 0x00, 0xD0, 0xFC, 0xD0, 0xAE, 0xCF, 0xB2,
+        0x79, 0x24, 0xF6, 0x98, 0x4E, 0x74, 0x7B, 0xE2,
+        0xA0, 0x9D, 0x83, 0xA8, 0x66, 0x45, 0x90, 0xA8,
+        0x07, 0x73, 0x31, 0x49, 0x1A, 0x4F, 0x7D, 0x72,
+        0x08, 0x43, 0xF2, 0x3E, 0x65, 0x2C, 0x6F, 0xA8,
+        0x40, 0x30, 0x8D, 0xB4, 0x02, 0x03, 0x37, 0xAA,
+        0xD3, 0x79, 0x67, 0x03, 0x4A, 0x9F, 0xB5, 0x23,
+        0xB6, 0x7C, 0xA7, 0x03, 0x30, 0xF0, 0x2D, 0x9E,
+        0xA2, 0x0C, 0x1E, 0x84, 0xCB, 0x8E, 0x57, 0x57,
+        0xC9, 0xE1, 0x89, 0x6B, 0x60, 0x58, 0x14, 0x41,
+        0xED, 0x61, 0x8A, 0xA5, 0xB2, 0x6D, 0xA5, 0x6C,
+        0x0A, 0x5A, 0x73, 0xC4, 0xDC, 0xFD, 0x75, 0x5E,
+        0x61, 0x0B, 0x4F, 0xC8, 0x1F, 0xF8, 0x4E, 0x21
+    };
+    static const byte dk_1024[WC_ML_KEM_1024_PRIVATE_KEY_SIZE] = {
+        0x8C, 0x8B, 0x37, 0x22, 0xA8, 0x2E, 0x55, 0x05,
+        0x65, 0x52, 0x16, 0x11, 0xEB, 0xBC, 0x63, 0x07,
+        0x99, 0x44, 0xC9, 0xB1, 0xAB, 0xB3, 0xB0, 0x02,
+        0x0F, 0xF1, 0x2F, 0x63, 0x18, 0x91, 0xA9, 0xC4,
+        0x68, 0xD3, 0xA6, 0x7B, 0xF6, 0x27, 0x12, 0x80,
+        0xDA, 0x58, 0xD0, 0x3C, 0xB0, 0x42, 0xB3, 0xA4,
+        0x61, 0x44, 0x16, 0x37, 0xF9, 0x29, 0xC2, 0x73,
+        0x46, 0x9A, 0xD1, 0x53, 0x11, 0xE9, 0x10, 0xDE,
+        0x18, 0xCB, 0x95, 0x37, 0xBA, 0x1B, 0xE4, 0x2E,
+        0x98, 0xBB, 0x59, 0xE4, 0x98, 0xA1, 0x3F, 0xD4,
+        0x40, 0xD0, 0xE6, 0x9E, 0xE8, 0x32, 0xB4, 0x5C,
+        0xD9, 0x5C, 0x38, 0x21, 0x77, 0xD6, 0x70, 0x96,
+        0xA1, 0x8C, 0x07, 0xF1, 0x78, 0x16, 0x63, 0x65,
+        0x1B, 0xDC, 0xAC, 0x90, 0xDE, 0xDA, 0x3D, 0xDD,
+        0x14, 0x34, 0x85, 0x86, 0x41, 0x81, 0xC9, 0x1F,
+        0xA2, 0x08, 0x0F, 0x6D, 0xAB, 0x3F, 0x86, 0x20,
+        0x4C, 0xEB, 0x64, 0xA7, 0xB4, 0x44, 0x68, 0x95,
+        0xC0, 0x39, 0x87, 0xA0, 0x31, 0xCB, 0x4B, 0x6D,
+        0x9E, 0x04, 0x62, 0xFD, 0xA8, 0x29, 0x17, 0x2B,
+        0x6C, 0x01, 0x2C, 0x63, 0x8B, 0x29, 0xB5, 0xCD,
+        0x75, 0xA2, 0xC9, 0x30, 0xA5, 0x59, 0x6A, 0x31,
+        0x81, 0xC3, 0x3A, 0x22, 0xD5, 0x74, 0xD3, 0x02,
+        0x61, 0x19, 0x6B, 0xC3, 0x50, 0x73, 0x8D, 0x4F,
+        0xD9, 0x18, 0x3A, 0x76, 0x33, 0x36, 0x24, 0x3A,
+        0xCE, 0xD9, 0x9B, 0x32, 0x21, 0xC7, 0x1D, 0x88,
+        0x66, 0x89, 0x5C, 0x4E, 0x52, 0xC1, 0x19, 0xBF,
+        0x32, 0x80, 0xDA, 0xF8, 0x0A, 0x95, 0xE1, 0x52,
+        0x09, 0xA7, 0x95, 0xC4, 0x43, 0x5F, 0xBB, 0x35,
+        0x70, 0xFD, 0xB8, 0xAA, 0x9B, 0xF9, 0xAE, 0xFD,
+        0x43, 0xB0, 0x94, 0xB7, 0x81, 0xD5, 0xA8, 0x11,
+        0x36, 0xDA, 0xB8, 0x8B, 0x87, 0x99, 0x69, 0x65,
+        0x56, 0xFE, 0xC6, 0xAE, 0x14, 0xB0, 0xBB, 0x8B,
+        0xE4, 0x69, 0x5E, 0x9A, 0x12, 0x4C, 0x2A, 0xB8,
+        0xFF, 0x4A, 0xB1, 0x22, 0x9B, 0x8A, 0xAA, 0x8C,
+        0x6F, 0x41, 0xA6, 0x0C, 0x34, 0xC7, 0xB5, 0x61,
+        0x82, 0xC5, 0x5C, 0x2C, 0x68, 0x5E, 0x73, 0x7C,
+        0x6C, 0xA0, 0x0A, 0x23, 0xFB, 0x8A, 0x68, 0xC1,
+        0xCD, 0x61, 0xF3, 0x0D, 0x39, 0x93, 0xA1, 0x65,
+        0x3C, 0x16, 0x75, 0xAC, 0x5F, 0x09, 0x01, 0xA7,
+        0x16, 0x0A, 0x73, 0x96, 0x64, 0x08, 0xB8, 0x87,
+        0x6B, 0x71, 0x53, 0x96, 0xCF, 0xA4, 0x90, 0x3F,
+        0xC6, 0x9D, 0x60, 0x49, 0x1F, 0x81, 0x46, 0x80,
+        0x8C, 0x97, 0xCD, 0x5C, 0x53, 0x3E, 0x71, 0x01,
+        0x79, 0x09, 0xE9, 0x7B, 0x83, 0x5B, 0x86, 0xFF,
+        0x84, 0x7B, 0x42, 0xA6, 0x96, 0x37, 0x54, 0x35,
+        0xE0, 0x06, 0x06, 0x1C, 0xF7, 0xA4, 0x79, 0x46,
+        0x32, 0x72, 0x11, 0x4A, 0x89, 0xEB, 0x3E, 0xAF,
+        0x22, 0x46, 0xF0, 0xF8, 0xC1, 0x04, 0xA1, 0x49,
+        0x86, 0x82, 0x8E, 0x0A, 0xD2, 0x04, 0x20, 0xC9,
+        0xB3, 0x7E, 0xA2, 0x3F, 0x5C, 0x51, 0x49, 0x49,
+        0xE7, 0x7A, 0xD9, 0xE9, 0xAD, 0x12, 0x29, 0x0D,
+        0xD1, 0x21, 0x5E, 0x11, 0xDA, 0x27, 0x44, 0x57,
+        0xAC, 0x86, 0xB1, 0xCE, 0x68, 0x64, 0xB1, 0x22,
+        0x67, 0x7F, 0x37, 0x18, 0xAA, 0x31, 0xB0, 0x25,
+        0x80, 0xE6, 0x43, 0x17, 0x17, 0x8D, 0x38, 0xF2,
+        0x5F, 0x60, 0x9B, 0xC6, 0xC5, 0x5B, 0xC3, 0x74,
+        0xA1, 0xBF, 0x78, 0xEA, 0x8E, 0xCC, 0x21, 0x9B,
+        0x30, 0xB7, 0x4C, 0xBB, 0x32, 0x72, 0xA5, 0x99,
+        0x23, 0x8C, 0x93, 0x98, 0x51, 0x70, 0x04, 0x8F,
+        0x17, 0x67, 0x75, 0xFB, 0x19, 0x96, 0x2A, 0xC3,
+        0xB1, 0x35, 0xAA, 0x59, 0xDB, 0x10, 0x4F, 0x71,
+        0x14, 0xDB, 0xC2, 0xC2, 0xD4, 0x29, 0x49, 0xAD,
+        0xEC, 0xA6, 0xA8, 0x5B, 0x32, 0x3E, 0xE2, 0xB2,
+        0xB2, 0x3A, 0x77, 0xD9, 0xDB, 0x23, 0x59, 0x79,
+        0xA8, 0xE2, 0xD6, 0x7C, 0xF7, 0xD2, 0x13, 0x6B,
+        0xBB, 0xA7, 0x1F, 0x26, 0x95, 0x74, 0xB3, 0x88,
+        0x88, 0xE1, 0x54, 0x13, 0x40, 0xC1, 0x92, 0x84,
+        0x07, 0x4F, 0x9B, 0x7C, 0x8C, 0xF3, 0x7E, 0xB0,
+        0x13, 0x84, 0xE6, 0xE3, 0x82, 0x2E, 0xC4, 0x88,
+        0x2D, 0xFB, 0xBE, 0xC4, 0xE6, 0x09, 0x8E, 0xF2,
+        0xB2, 0xFC, 0x17, 0x7A, 0x1F, 0x0B, 0xCB, 0x65,
+        0xA5, 0x7F, 0xDA, 0xA8, 0x93, 0x15, 0x46, 0x1B,
+        0xEB, 0x78, 0x85, 0xFB, 0x68, 0xB3, 0xCD, 0x09,
+        0x6E, 0xDA, 0x59, 0x6A, 0xC0, 0xE6, 0x1D, 0xD7,
+        0xA9, 0xC5, 0x07, 0xBC, 0x63, 0x45, 0xE0, 0x82,
+        0x7D, 0xFC, 0xC8, 0xA3, 0xAC, 0x2D, 0xCE, 0x51,
+        0xAD, 0x73, 0x1A, 0xA0, 0xEB, 0x93, 0x2A, 0x6D,
+        0x09, 0x83, 0x99, 0x23, 0x47, 0xCB, 0xEB, 0x3C,
+        0xD0, 0xD9, 0xC9, 0x71, 0x97, 0x97, 0xCC, 0x21,
+        0xCF, 0x00, 0x62, 0xB0, 0xAD, 0x94, 0xCA, 0xD7,
+        0x34, 0xC6, 0x3E, 0x6B, 0x5D, 0x85, 0x9C, 0xBE,
+        0x19, 0xF0, 0x36, 0x82, 0x45, 0x35, 0x1B, 0xF4,
+        0x64, 0xD7, 0x50, 0x55, 0x69, 0x79, 0x0D, 0x2B,
+        0xB7, 0x24, 0xD8, 0x65, 0x9A, 0x9F, 0xEB, 0x1C,
+        0x7C, 0x47, 0x3D, 0xC4, 0xD0, 0x61, 0xE2, 0x98,
+        0x63, 0xA2, 0x71, 0x4B, 0xAC, 0x42, 0xAD, 0xCD,
+        0x1A, 0x83, 0x72, 0x77, 0x65, 0x56, 0xF7, 0x92,
+        0x8A, 0x7A, 0x44, 0xE9, 0x4B, 0x6A, 0x25, 0x32,
+        0x2D, 0x03, 0xC0, 0xA1, 0x62, 0x2A, 0x7F, 0xD2,
+        0x61, 0x52, 0x2B, 0x73, 0x58, 0xF0, 0x85, 0xBD,
+        0xFB, 0x60, 0x75, 0x87, 0x62, 0xCB, 0x90, 0x10,
+        0x31, 0x90, 0x1B, 0x5E, 0xEC, 0xF4, 0x92, 0x0C,
+        0x81, 0x02, 0x0A, 0x9B, 0x17, 0x81, 0xBC, 0xB9,
+        0xDD, 0x19, 0xA9, 0xDF, 0xB6, 0x64, 0x58, 0xE7,
+        0x75, 0x7C, 0x52, 0xCE, 0xC7, 0x5B, 0x4B, 0xA7,
+        0x40, 0xA2, 0x40, 0x99, 0xCB, 0x56, 0xBB, 0x60,
+        0xA7, 0x6B, 0x69, 0x01, 0xAA, 0x3E, 0x01, 0x69,
+        0xC9, 0xE8, 0x34, 0x96, 0xD7, 0x3C, 0x4C, 0x99,
+        0x43, 0x5A, 0x28, 0xD6, 0x13, 0xE9, 0x7A, 0x11,
+        0x77, 0xF5, 0x8B, 0x6C, 0xC5, 0x95, 0xD3, 0xB2,
+        0x33, 0x1E, 0x9C, 0xA7, 0xB5, 0x7B, 0x74, 0xDC,
+        0x2C, 0x52, 0x77, 0xD2, 0x6F, 0x2F, 0xE1, 0x92,
+        0x40, 0xA5, 0x5C, 0x35, 0xD6, 0xCF, 0xCA, 0x26,
+        0xC7, 0x3E, 0x9A, 0x2D, 0x7C, 0x98, 0x0D, 0x97,
+        0x96, 0x0A, 0xE1, 0xA0, 0x46, 0x98, 0xC1, 0x6B,
+        0x39, 0x8A, 0x5F, 0x20, 0xC3, 0x5A, 0x09, 0x14,
+        0x14, 0x5C, 0xE1, 0x67, 0x4B, 0x71, 0xAB, 0xC6,
+        0x06, 0x6A, 0x90, 0x9A, 0x3E, 0x4B, 0x91, 0x1E,
+        0x69, 0xD5, 0xA8, 0x49, 0x43, 0x03, 0x61, 0xF7,
+        0x31, 0xB0, 0x72, 0x46, 0xA6, 0x32, 0x9B, 0x52,
+        0x36, 0x19, 0x04, 0x22, 0x50, 0x82, 0xD0, 0xAA,
+        0xC5, 0xB2, 0x1D, 0x6B, 0x34, 0x86, 0x24, 0x81,
+        0xA8, 0x90, 0xC3, 0xC3, 0x60, 0x76, 0x6F, 0x04,
+        0x26, 0x36, 0x03, 0xA6, 0xB7, 0x3E, 0x80, 0x2B,
+        0x1F, 0x70, 0xB2, 0xEB, 0x00, 0x04, 0x68, 0x36,
+        0xB8, 0xF4, 0x93, 0xBF, 0x10, 0xB9, 0x0B, 0x87,
+        0x37, 0xC6, 0xC5, 0x48, 0x44, 0x9B, 0x29, 0x4C,
+        0x47, 0x25, 0x3B, 0xE2, 0x6C, 0xA7, 0x23, 0x36,
+        0xA6, 0x32, 0x06, 0x3A, 0xD3, 0xD0, 0xB4, 0x8C,
+        0x8B, 0x0F, 0x4A, 0x34, 0x44, 0x7E, 0xF1, 0x3B,
+        0x76, 0x40, 0x20, 0xDE, 0x73, 0x9E, 0xB7, 0x9A,
+        0xBA, 0x20, 0xE2, 0xBE, 0x19, 0x51, 0x82, 0x5F,
+        0x29, 0x3B, 0xED, 0xD1, 0x08, 0x9F, 0xCB, 0x0A,
+        0x91, 0xF5, 0x60, 0xC8, 0xE1, 0x7C, 0xDF, 0x52,
+        0x54, 0x1D, 0xC2, 0xB8, 0x1F, 0x97, 0x2A, 0x73,
+        0x75, 0xB2, 0x01, 0xF1, 0x0C, 0x08, 0xD9, 0xB5,
+        0xBC, 0x8B, 0x95, 0x10, 0x00, 0x54, 0xA3, 0xD0,
+        0xAA, 0xFF, 0x89, 0xBD, 0x08, 0xD6, 0xA0, 0xE7,
+        0xF2, 0x11, 0x5A, 0x43, 0x52, 0x31, 0x29, 0x04,
+        0x60, 0xC9, 0xAD, 0x43, 0x5A, 0x3B, 0x3C, 0xF3,
+        0x5E, 0x52, 0x09, 0x1E, 0xDD, 0x18, 0x90, 0x04,
+        0x7B, 0xCC, 0x0A, 0xAB, 0xB1, 0xAC, 0xEB, 0xC7,
+        0x5F, 0x4A, 0x32, 0xBC, 0x14, 0x51, 0xAC, 0xC4,
+        0x96, 0x99, 0x40, 0x78, 0x8E, 0x89, 0x41, 0x21,
+        0x88, 0x94, 0x6C, 0x91, 0x43, 0xC5, 0x04, 0x6B,
+        0xD1, 0xB4, 0x58, 0xDF, 0x61, 0x7C, 0x5D, 0xF5,
+        0x33, 0xB0, 0x52, 0xCD, 0x60, 0x38, 0xB7, 0x75,
+        0x40, 0x34, 0xA2, 0x3C, 0x2F, 0x77, 0x20, 0x13,
+        0x4C, 0x7B, 0x4E, 0xAC, 0xE0, 0x1F, 0xAC, 0x0A,
+        0x28, 0x53, 0xA9, 0x28, 0x58, 0x47, 0xAB, 0xBD,
+        0x06, 0xA3, 0x34, 0x3A, 0x77, 0x8A, 0xC6, 0x06,
+        0x2E, 0x45, 0x8B, 0xC5, 0xE6, 0x1E, 0xCE, 0x1C,
+        0x0D, 0xE0, 0x20, 0x6E, 0x6F, 0xE8, 0xA8, 0x40,
+        0x34, 0xA7, 0xC5, 0xF1, 0xB0, 0x05, 0xFB, 0x0A,
+        0x58, 0x40, 0x51, 0xD3, 0x22, 0x9B, 0x86, 0xC9,
+        0x09, 0xAC, 0x56, 0x47, 0xB3, 0xD7, 0x55, 0x69,
+        0xE0, 0x5A, 0x88, 0x27, 0x9D, 0x80, 0xE5, 0xC3,
+        0x0F, 0x57, 0x4D, 0xC3, 0x27, 0x51, 0x2C, 0x6B,
+        0xBE, 0x81, 0x01, 0x23, 0x9E, 0xC6, 0x28, 0x61,
+        0xF4, 0xBE, 0x67, 0xB0, 0x5B, 0x9C, 0xDA, 0x9C,
+        0x54, 0x5C, 0x13, 0xE7, 0xEB, 0x53, 0xCF, 0xF2,
+        0x60, 0xAD, 0x98, 0x70, 0x19, 0x9C, 0x21, 0xF8,
+        0xC6, 0x3D, 0x64, 0xF0, 0x45, 0x8A, 0x71, 0x41,
+        0x28, 0x50, 0x23, 0xFE, 0xB8, 0x29, 0x29, 0x08,
+        0x72, 0x38, 0x96, 0x44, 0xB0, 0xC3, 0xB7, 0x3A,
+        0xC2, 0xC8, 0xE1, 0x21, 0xA2, 0x9B, 0xB1, 0xC4,
+        0x3C, 0x19, 0xA2, 0x33, 0xD5, 0x6B, 0xED, 0x82,
+        0x74, 0x0E, 0xB0, 0x21, 0xC9, 0x7B, 0x8E, 0xBB,
+        0xA4, 0x0F, 0xF3, 0x28, 0xB5, 0x41, 0x76, 0x0F,
+        0xCC, 0x37, 0x2B, 0x52, 0xD3, 0xBC, 0x4F, 0xCB,
+        0xC0, 0x6F, 0x42, 0x4E, 0xAF, 0x25, 0x38, 0x04,
+        0xD4, 0xCB, 0x46, 0xF4, 0x1F, 0xF2, 0x54, 0xC0,
+        0xC5, 0xBA, 0x48, 0x3B, 0x44, 0xA8, 0x7C, 0x21,
+        0x96, 0x54, 0x55, 0x5E, 0xC7, 0xC1, 0x63, 0xC7,
+        0x9B, 0x9C, 0xB7, 0x60, 0xA2, 0xAD, 0x9B, 0xB7,
+        0x22, 0xB9, 0x3E, 0x0C, 0x28, 0xBD, 0x4B, 0x16,
+        0x85, 0x94, 0x9C, 0x49, 0x6E, 0xAB, 0x1A, 0xFF,
+        0x90, 0x91, 0x9E, 0x37, 0x61, 0xB3, 0x46, 0x83,
+        0x8A, 0xBB, 0x2F, 0x01, 0xA9, 0x1E, 0x55, 0x43,
+        0x75, 0xAF, 0xDA, 0xAA, 0xF3, 0x82, 0x6E, 0x6D,
+        0xB7, 0x9F, 0xE7, 0x35, 0x3A, 0x7A, 0x57, 0x8A,
+        0x7C, 0x05, 0x98, 0xCE, 0x28, 0xB6, 0xD9, 0x91,
+        0x52, 0x14, 0x23, 0x6B, 0xBF, 0xFA, 0x6D, 0x45,
+        0xB6, 0x37, 0x6A, 0x07, 0x92, 0x4A, 0x39, 0xA7,
+        0xBE, 0x81, 0x82, 0x86, 0x71, 0x5C, 0x8A, 0x3C,
+        0x11, 0x0C, 0xD7, 0x6C, 0x02, 0xE0, 0x41, 0x7A,
+        0xF1, 0x38, 0xBD, 0xB9, 0x5C, 0x3C, 0xCA, 0x79,
+        0x8A, 0xC8, 0x09, 0xED, 0x69, 0xCF, 0xB6, 0x72,
+        0xB6, 0xFD, 0xDC, 0x24, 0xD8, 0x9C, 0x06, 0xA6,
+        0x55, 0x88, 0x14, 0xAB, 0x0C, 0x21, 0xC6, 0x2B,
+        0x2F, 0x84, 0xC0, 0xE3, 0xE0, 0x80, 0x3D, 0xB3,
+        0x37, 0xA4, 0xE0, 0xC7, 0x12, 0x7A, 0x6B, 0x4C,
+        0x8C, 0x08, 0xB1, 0xD1, 0xA7, 0x6B, 0xF0, 0x7E,
+        0xB6, 0xE5, 0xB5, 0xBB, 0x47, 0xA1, 0x6C, 0x74,
+        0xBC, 0x54, 0x83, 0x75, 0xFB, 0x29, 0xCD, 0x78,
+        0x9A, 0x5C, 0xFF, 0x91, 0xBD, 0xBD, 0x07, 0x18,
+        0x59, 0xF4, 0x84, 0x6E, 0x35, 0x5B, 0xB0, 0xD2,
+        0x94, 0x84, 0xE2, 0x64, 0xDF, 0xF3, 0x6C, 0x91,
+        0x77, 0xA7, 0xAC, 0xA7, 0x89, 0x08, 0x87, 0x96,
+        0x95, 0xCA, 0x87, 0xF2, 0x54, 0x36, 0xBC, 0x12,
+        0x63, 0x07, 0x24, 0xBB, 0x22, 0xF0, 0xCB, 0x64,
+        0x89, 0x7F, 0xE5, 0xC4, 0x11, 0x95, 0x28, 0x0D,
+        0xA0, 0x41, 0x84, 0xD4, 0xBC, 0x7B, 0x53, 0x2A,
+        0x0F, 0x70, 0xA5, 0x4D, 0x77, 0x57, 0xCD, 0xE6,
+        0x17, 0x5A, 0x68, 0x43, 0xB8, 0x61, 0xCB, 0x2B,
+        0xC4, 0x83, 0x0C, 0x00, 0x12, 0x55, 0x4C, 0xFC,
+        0x5D, 0x2C, 0x8A, 0x20, 0x27, 0xAA, 0x3C, 0xD9,
+        0x67, 0x13, 0x0E, 0x9B, 0x96, 0x24, 0x1B, 0x11,
+        0xC4, 0x32, 0x0C, 0x76, 0x49, 0xCC, 0x23, 0xA7,
+        0x1B, 0xAF, 0xE6, 0x91, 0xAF, 0xC0, 0x8E, 0x68,
+        0x0B, 0xCE, 0xF4, 0x29, 0x07, 0x00, 0x07, 0x18,
+        0xE4, 0xEA, 0xCE, 0x8D, 0xA2, 0x82, 0x14, 0x19,
+        0x7B, 0xE1, 0xC2, 0x69, 0xDA, 0x9C, 0xB5, 0x41,
+        0xE1, 0xA3, 0xCE, 0x97, 0xCF, 0xAD, 0xF9, 0xC6,
+        0x05, 0x87, 0x80, 0xFE, 0x67, 0x93, 0xDB, 0xFA,
+        0x82, 0x18, 0xA2, 0x76, 0x0B, 0x80, 0x2B, 0x8D,
+        0xA2, 0xAA, 0x27, 0x1A, 0x38, 0x77, 0x25, 0x23,
+        0xA7, 0x67, 0x36, 0xA7, 0xA3, 0x1B, 0x9D, 0x30,
+        0x37, 0xAD, 0x21, 0xCE, 0xBB, 0x11, 0xA4, 0x72,
+        0xB8, 0x79, 0x2E, 0xB1, 0x75, 0x58, 0xB9, 0x40,
+        0xE7, 0x08, 0x83, 0xF2, 0x64, 0x59, 0x2C, 0x68,
+        0x9B, 0x24, 0x0B, 0xB4, 0x3D, 0x54, 0x08, 0xBF,
+        0x44, 0x64, 0x32, 0xF4, 0x12, 0xF4, 0xB9, 0xA5,
+        0xF6, 0x86, 0x5C, 0xC2, 0x52, 0xA4, 0x3C, 0xF4,
+        0x0A, 0x32, 0x03, 0x91, 0x55, 0x55, 0x91, 0xD6,
+        0x75, 0x61, 0xFD, 0xD0, 0x53, 0x53, 0xAB, 0x6B,
+        0x01, 0x9B, 0x3A, 0x08, 0xA7, 0x33, 0x53, 0xD5,
+        0x1B, 0x61, 0x13, 0xAB, 0x2F, 0xA5, 0x1D, 0x97,
+        0x56, 0x48, 0xEE, 0x25, 0x4A, 0xF8, 0x9A, 0x23,
+        0x05, 0x04, 0xA2, 0x36, 0xA4, 0x65, 0x82, 0x57,
+        0x74, 0x0B, 0xDC, 0xBB, 0xE1, 0x70, 0x8A, 0xB0,
+        0x22, 0xC3, 0xC5, 0x88, 0xA4, 0x10, 0xDB, 0x3B,
+        0x9C, 0x30, 0x8A, 0x06, 0x27, 0x5B, 0xDF, 0x5B,
+        0x48, 0x59, 0xD3, 0xA2, 0x61, 0x7A, 0x29, 0x5E,
+        0x1A, 0x22, 0xF9, 0x01, 0x98, 0xBA, 0xD0, 0x16,
+        0x6F, 0x4A, 0x94, 0x34, 0x17, 0xC5, 0xB8, 0x31,
+        0x73, 0x6C, 0xB2, 0xC8, 0x58, 0x0A, 0xBF, 0xDE,
+        0x57, 0x14, 0xB5, 0x86, 0xAB, 0xEE, 0xC0, 0xA1,
+        0x75, 0xA0, 0x8B, 0xC7, 0x10, 0xC7, 0xA2, 0x89,
+        0x5D, 0xE9, 0x3A, 0xC4, 0x38, 0x06, 0x1B, 0xF7,
+        0x76, 0x5D, 0x0D, 0x21, 0xCD, 0x41, 0x81, 0x67,
+        0xCA, 0xF8, 0x9D, 0x1E, 0xFC, 0x34, 0x48, 0xBC,
+        0xBB, 0x96, 0xD6, 0x9B, 0x3E, 0x01, 0x0C, 0x82,
+        0xD1, 0x5C, 0xAB, 0x6C, 0xAC, 0xC6, 0x79, 0x9D,
+        0x36, 0x39, 0x66, 0x9A, 0x5B, 0x21, 0xA6, 0x33,
+        0xC8, 0x65, 0xF8, 0x59, 0x3B, 0x5B, 0x7B, 0xC8,
+        0x00, 0x26, 0x2B, 0xB8, 0x37, 0xA9, 0x24, 0xA6,
+        0xC5, 0x44, 0x0E, 0x4F, 0xC7, 0x3B, 0x41, 0xB2,
+        0x30, 0x92, 0xC3, 0x91, 0x2F, 0x4C, 0x6B, 0xEB,
+        0xB4, 0xC7, 0xB4, 0xC6, 0x29, 0x08, 0xB0, 0x37,
+        0x75, 0x66, 0x6C, 0x22, 0x22, 0x0D, 0xF9, 0xC8,
+        0x88, 0x23, 0xE3, 0x44, 0xC7, 0x30, 0x83, 0x32,
+        0x34, 0x5C, 0x8B, 0x79, 0x5D, 0x34, 0xE8, 0xC0,
+        0x51, 0xF2, 0x1F, 0x5A, 0x21, 0xC2, 0x14, 0xB6,
+        0x98, 0x41, 0x35, 0x87, 0x09, 0xB1, 0xC3, 0x05,
+        0xB3, 0x2C, 0xC2, 0xC3, 0x80, 0x6A, 0xE9, 0xCC,
+        0xD3, 0x81, 0x9F, 0xFF, 0x45, 0x07, 0xFE, 0x52,
+        0x0F, 0xBF, 0xC2, 0x71, 0x99, 0xBC, 0x23, 0xBE,
+        0x6B, 0x9B, 0x2D, 0x2A, 0xC1, 0x71, 0x75, 0x79,
+        0xAC, 0x76, 0x92, 0x79, 0xE2, 0xA7, 0xAA, 0xC6,
+        0x8A, 0x37, 0x1A, 0x47, 0xBA, 0x3A, 0x7D, 0xBE,
+        0x01, 0x6F, 0x14, 0xE1, 0xA7, 0x27, 0x33, 0x36,
+        0x63, 0xC4, 0xA5, 0xCD, 0x1A, 0x0F, 0x88, 0x36,
+        0xCF, 0x7B, 0x5C, 0x49, 0xAC, 0x51, 0x48, 0x5C,
+        0xA6, 0x03, 0x45, 0xC9, 0x90, 0xE0, 0x68, 0x88,
+        0x72, 0x00, 0x03, 0x73, 0x13, 0x22, 0xC5, 0xB8,
+        0xCD, 0x5E, 0x69, 0x07, 0xFD, 0xA1, 0x15, 0x7F,
+        0x46, 0x8F, 0xD3, 0xFC, 0x20, 0xFA, 0x81, 0x75,
+        0xEE, 0xC9, 0x5C, 0x29, 0x1A, 0x26, 0x2B, 0xA8,
+        0xC5, 0xBE, 0x99, 0x08, 0x72, 0x41, 0x89, 0x30,
+        0x85, 0x23, 0x39, 0xD8, 0x8A, 0x19, 0xB3, 0x7F,
+        0xEF, 0xA3, 0xCF, 0xE8, 0x21, 0x75, 0xC2, 0x24,
+        0x40, 0x7C, 0xA4, 0x14, 0xBA, 0xEB, 0x37, 0x92,
+        0x3B, 0x4D, 0x2D, 0x83, 0x13, 0x4A, 0xE1, 0x54,
+        0xE4, 0x90, 0xA9, 0xB4, 0x5A, 0x05, 0x63, 0xB0,
+        0x6C, 0x95, 0x3C, 0x33, 0x01, 0x45, 0x0A, 0x21,
+        0x76, 0xA0, 0x7C, 0x61, 0x4A, 0x74, 0xE3, 0x47,
+        0x8E, 0x48, 0x50, 0x9F, 0x9A, 0x60, 0xAE, 0x94,
+        0x5A, 0x8E, 0xBC, 0x78, 0x15, 0x12, 0x1D, 0x90,
+        0xA3, 0xB0, 0xE0, 0x70, 0x91, 0xA0, 0x96, 0xCF,
+        0x02, 0xC5, 0x7B, 0x25, 0xBC, 0xA5, 0x81, 0x26,
+        0xAD, 0x0C, 0x62, 0x9C, 0xE1, 0x66, 0xA7, 0xED,
+        0xB4, 0xB3, 0x32, 0x21, 0xA0, 0xD3, 0xF7, 0x2B,
+        0x85, 0xD5, 0x62, 0xEC, 0x69, 0x8B, 0x7D, 0x0A,
+        0x91, 0x3D, 0x73, 0x80, 0x6F, 0x1C, 0x5C, 0x87,
+        0xB3, 0x8E, 0xC0, 0x03, 0xCB, 0x30, 0x3A, 0x3D,
+        0xC5, 0x1B, 0x4B, 0x35, 0x35, 0x6A, 0x67, 0x82,
+        0x6D, 0x6E, 0xDA, 0xA8, 0xFE, 0xB9, 0x3B, 0x98,
+        0x49, 0x3B, 0x2D, 0x1C, 0x11, 0xB6, 0x76, 0xA6,
+        0xAD, 0x95, 0x06, 0xA1, 0xAA, 0xAE, 0x13, 0xA8,
+        0x24, 0xC7, 0xC0, 0x8D, 0x1C, 0x6C, 0x2C, 0x4D,
+        0xBA, 0x96, 0x42, 0xC7, 0x6E, 0xA7, 0xF6, 0xC8,
+        0x26, 0x4B, 0x64, 0xA2, 0x3C, 0xCC, 0xA9, 0xA7,
+        0x46, 0x35, 0xFC, 0xBF, 0x03, 0xE0, 0x0F, 0x1B,
+        0x57, 0x22, 0xB2, 0x14, 0x37, 0x67, 0x90, 0x79,
+        0x3B, 0x2C, 0x4F, 0x0A, 0x13, 0xB5, 0xC4, 0x07,
+        0x60, 0xB4, 0x21, 0x8E, 0x1D, 0x25, 0x94, 0xDC,
+        0xB3, 0x0A, 0x70, 0xD9, 0xC1, 0x78, 0x2A, 0x5D,
+        0xD3, 0x05, 0x76, 0xFA, 0x41, 0x44, 0xBF, 0xC8,
+        0x41, 0x6E, 0xDA, 0x81, 0x18, 0xFC, 0x64, 0x72,
+        0xF5, 0x6A, 0x97, 0x95, 0x86, 0xF3, 0x3B, 0xB0,
+        0x70, 0xFB, 0x0F, 0x1B, 0x0B, 0x10, 0xBC, 0x48,
+        0x97, 0xEB, 0xE0, 0x1B, 0xCA, 0x38, 0x93, 0xD4,
+        0xE1, 0x6A, 0xDB, 0x25, 0x09, 0x3A, 0x74, 0x17,
+        0xD0, 0x70, 0x8C, 0x83, 0xA2, 0x63, 0x22, 0xE2,
+        0x2E, 0x63, 0x30, 0x09, 0x1E, 0x30, 0x15, 0x2B,
+        0xF8, 0x23, 0x59, 0x7C, 0x04, 0xCC, 0xF4, 0xCF,
+        0xC7, 0x33, 0x15, 0x78, 0xF4, 0x3A, 0x27, 0x26,
+        0xCC, 0xB4, 0x28, 0x28, 0x9A, 0x90, 0xC8, 0x63,
+        0x25, 0x9D, 0xD1, 0x80, 0xC5, 0xFF, 0x14, 0x2B,
+        0xEF, 0x41, 0xC7, 0x71, 0x70, 0x94, 0xBE, 0x07,
+        0x85, 0x6D, 0xA2, 0xB1, 0x40, 0xFA, 0x67, 0x71,
+        0x09, 0x67, 0x35, 0x6A, 0xA4, 0x7D, 0xFB, 0xC8,
+        0xD2, 0x55, 0xB4, 0x72, 0x2A, 0xB8, 0x6D, 0x43,
+        0x9B, 0x7E, 0x0A, 0x60, 0x90, 0x25, 0x1D, 0x2D,
+        0x4C, 0x1E, 0xD5, 0xF2, 0x0B, 0xBE, 0x68, 0x07,
+        0xBF, 0x65, 0xA9, 0x0B, 0x7C, 0xB2, 0xEC, 0x01,
+        0x02, 0xAF, 0x02, 0x80, 0x9D, 0xC9, 0xAC, 0x7D,
+        0x0A, 0x3A, 0xBC, 0x69, 0xC1, 0x83, 0x65, 0xBC,
+        0xFF, 0x59, 0x18, 0x5F, 0x33, 0x99, 0x68, 0x87,
+        0x74, 0x61, 0x85, 0x90, 0x6C, 0x01, 0x91, 0xAE,
+        0xD4, 0x40, 0x7E, 0x13, 0x94, 0x46, 0x45, 0x9B,
+        0xE2, 0x9C, 0x68, 0x22, 0x71, 0x76, 0x44, 0x35,
+        0x3D, 0x24, 0xAB, 0x63, 0x39, 0x15, 0x6A, 0x9C,
+        0x42, 0x49, 0x09, 0xF0, 0xA9, 0x02, 0x5B, 0xB7,
+        0x47, 0x20, 0x77, 0x9B, 0xE4, 0x3F, 0x16, 0xD8,
+        0x1C, 0x8C, 0xC6, 0x66, 0xE9, 0x97, 0x10, 0xD8,
+        0xC6, 0x8B, 0xB5, 0xCC, 0x4E, 0x12, 0xF3, 0x14,
+        0xE9, 0x25, 0xA5, 0x51, 0xF0, 0x9C, 0xC5, 0x90,
+        0x03, 0xA1, 0xF8, 0x81, 0x03, 0xC2, 0x54, 0xBB,
+        0x97, 0x8D, 0x75, 0xF3, 0x94, 0xD3, 0x54, 0x0E,
+        0x31, 0xE7, 0x71, 0xCD, 0xA3, 0x6E, 0x39, 0xEC,
+        0x54, 0xA6, 0x2B, 0x58, 0x32, 0x66, 0x4D, 0x82,
+        0x1A, 0x72, 0xF1, 0xE6, 0xAF, 0xBB, 0xA2, 0x7F,
+        0x84, 0x29, 0x5B, 0x26, 0x94, 0xC4, 0x98, 0x49,
+        0x8E, 0x81, 0x2B, 0xC8, 0xE9, 0x37, 0x8F, 0xE5,
+        0x41, 0xCE, 0xC5, 0x89, 0x1B, 0x25, 0x06, 0x29,
+        0x01, 0xCB, 0x72, 0x12, 0xE3, 0xCD, 0xC4, 0x61,
+        0x79, 0xEC, 0x5B, 0xCE, 0xC1, 0x0B, 0xC0, 0xB9,
+        0x31, 0x1D, 0xE0, 0x50, 0x74, 0x29, 0x06, 0x87,
+        0xFD, 0x6A, 0x53, 0x92, 0x67, 0x16, 0x54, 0x28,
+        0x4C, 0xD9, 0xC8, 0xCC, 0x3E, 0xBA, 0x80, 0xEB,
+        0x3B, 0x66, 0x2E, 0xB5, 0x3E, 0xB7, 0x51, 0x16,
+        0x70, 0x4A, 0x1F, 0xEB, 0x5C, 0x2D, 0x05, 0x63,
+        0x38, 0x53, 0x28, 0x68, 0xDD, 0xF2, 0x4E, 0xB8,
+        0x99, 0x2A, 0xB8, 0x56, 0x5D, 0x9E, 0x49, 0x0C,
+        0xAD, 0xF1, 0x48, 0x04, 0x36, 0x0D, 0xAA, 0x90,
+        0x71, 0x8E, 0xAB, 0x61, 0x6B, 0xAB, 0x07, 0x65,
+        0xD3, 0x39, 0x87, 0xB4, 0x7E, 0xFB, 0x65, 0x99,
+        0xC5, 0x56, 0x32, 0x35, 0xE6, 0x1E, 0x4B, 0xE6,
+        0x70, 0xE9, 0x79, 0x55, 0xAB, 0x29, 0x2D, 0x97,
+        0x32, 0xCB, 0x89, 0x30, 0x94, 0x8A, 0xC8, 0x2D,
+        0xF2, 0x30, 0xAC, 0x72, 0x29, 0x7A, 0x23, 0x67,
+        0x9D, 0x6B, 0x94, 0xC1, 0x7F, 0x13, 0x59, 0x48,
+        0x32, 0x54, 0xFE, 0xDC, 0x2F, 0x05, 0x81, 0x9F,
+        0x0D, 0x06, 0x9A, 0x44, 0x3B, 0x78, 0xE3, 0xFC,
+        0x6C, 0x3E, 0xF4, 0x71, 0x4B, 0x05, 0xA3, 0xFC,
+        0xA8, 0x1C, 0xBB, 0xA6, 0x02, 0x42, 0xA7, 0x06,
+        0x0C, 0xD8, 0x85, 0xD8, 0xF3, 0x99, 0x81, 0xBB,
+        0x18, 0x09, 0x2B, 0x23, 0xDA, 0xA5, 0x9F, 0xD9,
+        0x57, 0x83, 0x88, 0x68, 0x8A, 0x09, 0xBB, 0xA0,
+        0x79, 0xBC, 0x80, 0x9A, 0x54, 0x84, 0x3A, 0x60,
+        0x38, 0x5E, 0x23, 0x10, 0xBB, 0xCB, 0xCC, 0x02,
+        0x13, 0xCE, 0x3D, 0xFA, 0xAB, 0x33, 0xB4, 0x7F,
+        0x9D, 0x63, 0x05, 0xBC, 0x95, 0xC6, 0x10, 0x78,
+        0x13, 0xC5, 0x85, 0xC4, 0xB6, 0x57, 0xBF, 0x30,
+        0x54, 0x28, 0x33, 0xB1, 0x49, 0x49, 0xF5, 0x73,
+        0xC0, 0x61, 0x2A, 0xD5, 0x24, 0xBA, 0xAE, 0x69,
+        0x59, 0x0C, 0x12, 0x77, 0xB8, 0x6C, 0x28, 0x65,
+        0x71, 0xBF, 0x66, 0xB3, 0xCF, 0xF4, 0x6A, 0x38,
+        0x58, 0xC0, 0x99, 0x06, 0xA7, 0x94, 0xDF, 0x4A,
+        0x06, 0xE9, 0xD4, 0xB0, 0xA2, 0xE4, 0x3F, 0x10,
+        0xF7, 0x2A, 0x6C, 0x6C, 0x47, 0xE5, 0x64, 0x6E,
+        0x2C, 0x79, 0x9B, 0x71, 0xC3, 0x3E, 0xD2, 0xF0,
+        0x1E, 0xEB, 0x45, 0x93, 0x8E, 0xB7, 0xA4, 0xE2,
+        0xE2, 0x90, 0x8C, 0x53, 0x55, 0x8A, 0x54, 0x0D,
+        0x35, 0x03, 0x69, 0xFA, 0x18, 0x9C, 0x61, 0x69,
+        0x43, 0xF7, 0x98, 0x1D, 0x76, 0x18, 0xCF, 0x02,
+        0xA5, 0xB0, 0xA2, 0xBC, 0xC4, 0x22, 0xE8, 0x57,
+        0xD1, 0xA4, 0x78, 0x71, 0x25, 0x3D, 0x08, 0x29,
+        0x3C, 0x1C, 0x17, 0x9B, 0xCD, 0xC0, 0x43, 0x70,
+        0x69, 0x10, 0x74, 0x18, 0x20, 0x5F, 0xDB, 0x98,
+        0x56, 0x62, 0x3B, 0x8C, 0xA6, 0xB6, 0x94, 0xC9,
+        0x6C, 0x08, 0x4B, 0x17, 0xF1, 0x3B, 0xB6, 0xDF,
+        0x12, 0xB2, 0xCF, 0xBB, 0xC2, 0xB0, 0xE0, 0xC3,
+        0x4B, 0x00, 0xD0, 0xFC, 0xD0, 0xAE, 0xCF, 0xB2,
+        0x79, 0x24, 0xF6, 0x98, 0x4E, 0x74, 0x7B, 0xE2,
+        0xA0, 0x9D, 0x83, 0xA8, 0x66, 0x45, 0x90, 0xA8,
+        0x07, 0x73, 0x31, 0x49, 0x1A, 0x4F, 0x7D, 0x72,
+        0x08, 0x43, 0xF2, 0x3E, 0x65, 0x2C, 0x6F, 0xA8,
+        0x40, 0x30, 0x8D, 0xB4, 0x02, 0x03, 0x37, 0xAA,
+        0xD3, 0x79, 0x67, 0x03, 0x4A, 0x9F, 0xB5, 0x23,
+        0xB6, 0x7C, 0xA7, 0x03, 0x30, 0xF0, 0x2D, 0x9E,
+        0xA2, 0x0C, 0x1E, 0x84, 0xCB, 0x8E, 0x57, 0x57,
+        0xC9, 0xE1, 0x89, 0x6B, 0x60, 0x58, 0x14, 0x41,
+        0xED, 0x61, 0x8A, 0xA5, 0xB2, 0x6D, 0xA5, 0x6C,
+        0x0A, 0x5A, 0x73, 0xC4, 0xDC, 0xFD, 0x75, 0x5E,
+        0x61, 0x0B, 0x4F, 0xC8, 0x1F, 0xF8, 0x4E, 0x21,
+        0xD2, 0xE5, 0x74, 0xDF, 0xD8, 0xCD, 0x0A, 0xE8,
+        0x93, 0xAA, 0x7E, 0x12, 0x5B, 0x44, 0xB9, 0x24,
+        0xF4, 0x52, 0x23, 0xEC, 0x09, 0xF2, 0xAD, 0x11,
+        0x41, 0xEA, 0x93, 0xA6, 0x80, 0x50, 0xDB, 0xF6,
+        0x99, 0xE3, 0x24, 0x68, 0x84, 0x18, 0x1F, 0x8E,
+        0x1D, 0xD4, 0x4E, 0x0C, 0x76, 0x29, 0x09, 0x33,
+        0x30, 0x22, 0x1F, 0xD6, 0x7D, 0x9B, 0x7D, 0x6E,
+        0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7
+    };
+#endif
+    static byte pubKey[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE];
+    static byte privKey[WC_ML_KEM_MAX_PRIVATE_KEY_SIZE];
+
+    key = (MlKemKey*)XMALLOC(sizeof(MlKemKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(MlKemKey));
+    }
+
+#ifndef WOLFSSL_NO_ML_KEM_512
+    ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_512, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_MlKemKey_MakeKeyWithRandom(key, seed_512, sizeof(seed_512)),
+        0);
+    ExpectIntEQ(wc_MlKemKey_EncodePublicKey(key, pubKey,
+        WC_ML_KEM_512_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(wc_MlKemKey_EncodePrivateKey(key, privKey,
+        WC_ML_KEM_512_PRIVATE_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, ek_512, WC_ML_KEM_512_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(privKey, dk_512, WC_ML_KEM_512_PRIVATE_KEY_SIZE), 0);
+    wc_MlKemKey_Free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_768, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_MlKemKey_MakeKeyWithRandom(key, seed_768, sizeof(seed_768)),
+        0);
+    ExpectIntEQ(wc_MlKemKey_EncodePublicKey(key, pubKey,
+        WC_ML_KEM_768_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(wc_MlKemKey_EncodePrivateKey(key, privKey,
+        WC_ML_KEM_768_PRIVATE_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, ek_768, WC_ML_KEM_768_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(privKey, dk_768, WC_ML_KEM_768_PRIVATE_KEY_SIZE), 0);
+    wc_MlKemKey_Free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_1024, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_MlKemKey_MakeKeyWithRandom(key, seed_1024,
+        sizeof(seed_1024)), 0);
+    ExpectIntEQ(wc_MlKemKey_EncodePublicKey(key, pubKey,
+        WC_ML_KEM_1024_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(wc_MlKemKey_EncodePrivateKey(key, privKey,
+        WC_ML_KEM_1024_PRIVATE_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(pubKey, ek_1024, WC_ML_KEM_1024_PUBLIC_KEY_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(privKey, dk_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE), 0);
+    wc_MlKemKey_Free(key);
+#endif
+
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_mlkem_encapsulate_kats(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_HAVE_MLKEM) && defined(WOLFSSL_WC_MLKEM) && \
+    !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE)
+    MlKemKey* key;
+#ifndef WOLFSSL_NO_ML_KEM_512
+    static const byte ek_512[WC_ML_KEM_512_PUBLIC_KEY_SIZE] = {
+        0xDD, 0x19, 0x24, 0x93, 0x5A, 0xA8, 0xE6, 0x17,
+        0xAF, 0x18, 0xB5, 0xA0, 0x65, 0xAC, 0x45, 0x72,
+        0x77, 0x67, 0xEE, 0x89, 0x7C, 0xF4, 0xF9, 0x44,
+        0x2B, 0x2A, 0xCE, 0x30, 0xC0, 0x23, 0x7B, 0x30,
+        0x7D, 0x3E, 0x76, 0xBF, 0x8E, 0xEB, 0x78, 0xAD,
+        0xDC, 0x4A, 0xAC, 0xD1, 0x64, 0x63, 0xD8, 0x60,
+        0x2F, 0xD5, 0x48, 0x7B, 0x63, 0xC8, 0x8B, 0xB6,
+        0x60, 0x27, 0xF3, 0x7D, 0x0D, 0x61, 0x4D, 0x6F,
+        0x9C, 0x24, 0x60, 0x3C, 0x42, 0x94, 0x76, 0x64,
+        0xAC, 0x43, 0x98, 0xC6, 0xC5, 0x23, 0x83, 0x46,
+        0x9B, 0x4F, 0x97, 0x77, 0xE5, 0xEC, 0x72, 0x06,
+        0x21, 0x0F, 0x3E, 0x5A, 0x79, 0x6B, 0xF4, 0x5C,
+        0x53, 0x26, 0x8E, 0x25, 0xF3, 0x9A, 0xC2, 0x61,
+        0xAF, 0x3B, 0xFA, 0x2E, 0xE7, 0x55, 0xBE, 0xB8,
+        0xB6, 0x7A, 0xB3, 0xAC, 0x8D, 0xF6, 0xC6, 0x29,
+        0xC1, 0x17, 0x6E, 0x9E, 0x3B, 0x96, 0x5E, 0x93,
+        0x69, 0xF9, 0xB3, 0xB9, 0x2A, 0xD7, 0xC2, 0x09,
+        0x55, 0x64, 0x1D, 0x99, 0x52, 0x6F, 0xE7, 0xB9,
+        0xFE, 0x8C, 0x85, 0x08, 0x20, 0x27, 0x5C, 0xD9,
+        0x64, 0x84, 0x92, 0x50, 0x09, 0x07, 0x33, 0xCE,
+        0x12, 0x4E, 0xCF, 0x31, 0x66, 0x24, 0x37, 0x4B,
+        0xD1, 0x8B, 0x7C, 0x35, 0x8C, 0x06, 0xE9, 0xC1,
+        0x36, 0xEE, 0x12, 0x59, 0xA9, 0x24, 0x5A, 0xBC,
+        0x55, 0xB9, 0x64, 0xD6, 0x89, 0xF5, 0xA0, 0x82,
+        0x92, 0xD2, 0x82, 0x65, 0x65, 0x8E, 0xBB, 0x40,
+        0xCB, 0xFE, 0x48, 0x8A, 0x22, 0x28, 0x27, 0x55,
+        0x90, 0xAB, 0x9F, 0x32, 0xA3, 0x41, 0x09, 0x70,
+        0x9C, 0x1C, 0x29, 0x1D, 0x4A, 0x23, 0x33, 0x72,
+        0x74, 0xC7, 0xA5, 0xA5, 0x99, 0x1C, 0x7A, 0x87,
+        0xB8, 0x1C, 0x97, 0x4A, 0xB1, 0x8C, 0xE7, 0x78,
+        0x59, 0xE4, 0x99, 0x5E, 0x7C, 0x14, 0xF0, 0x37,
+        0x17, 0x48, 0xB7, 0x71, 0x2F, 0xB5, 0x2C, 0x59,
+        0x66, 0xCD, 0x63, 0x06, 0x3C, 0x4F, 0x3B, 0x81,
+        0xB4, 0x7C, 0x45, 0xDD, 0xE8, 0x3F, 0xB3, 0xA2,
+        0x72, 0x40, 0x29, 0xB1, 0x0B, 0x32, 0x30, 0x21,
+        0x4C, 0x04, 0xFA, 0x05, 0x77, 0xFC, 0x29, 0xAC,
+        0x90, 0x86, 0xAE, 0x18, 0xC5, 0x3B, 0x3E, 0xD4,
+        0x4E, 0x50, 0x74, 0x12, 0xFC, 0xA0, 0x4B, 0x4F,
+        0x53, 0x8A, 0x51, 0x58, 0x8E, 0xC1, 0xF1, 0x02,
+        0x9D, 0x15, 0x2D, 0x9A, 0xE7, 0x73, 0x5F, 0x76,
+        0xA0, 0x77, 0xAA, 0x94, 0x84, 0x38, 0x0A, 0xED,
+        0x91, 0x89, 0xE5, 0x91, 0x24, 0x87, 0xFC, 0xC5,
+        0xB7, 0xC7, 0x01, 0x2D, 0x92, 0x23, 0xDD, 0x96,
+        0x7E, 0xEC, 0xDA, 0xC3, 0x00, 0x8A, 0x89, 0x31,
+        0xB6, 0x48, 0x24, 0x35, 0x37, 0xF5, 0x48, 0xC1,
+        0x71, 0x69, 0x8C, 0x5B, 0x38, 0x1D, 0x84, 0x6A,
+        0x72, 0xE5, 0xC9, 0x2D, 0x42, 0x26, 0xC5, 0xA8,
+        0x90, 0x98, 0x84, 0xF1, 0xC4, 0xA3, 0x40, 0x4C,
+        0x17, 0x20, 0xA5, 0x27, 0x94, 0x14, 0xD7, 0xF2,
+        0x7B, 0x2B, 0x98, 0x26, 0x52, 0xB6, 0x74, 0x02,
+        0x19, 0xC5, 0x6D, 0x21, 0x77, 0x80, 0xD7, 0xA5,
+        0xE5, 0xBA, 0x59, 0x83, 0x63, 0x49, 0xF7, 0x26,
+        0x88, 0x1D, 0xEA, 0x18, 0xEF, 0x75, 0xC0, 0x77,
+        0x2A, 0x8B, 0x92, 0x27, 0x66, 0x95, 0x37, 0x18,
+        0xCA, 0xCC, 0x14, 0xCC, 0xBA, 0xCB, 0x5F, 0xC4,
+        0x12, 0xA2, 0xD0, 0xBE, 0x52, 0x18, 0x17, 0x64,
+        0x5A, 0xB2, 0xBF, 0x6A, 0x47, 0x85, 0xE9, 0x2B,
+        0xC9, 0x4C, 0xAF, 0x47, 0x7A, 0x96, 0x78, 0x76,
+        0x79, 0x6C, 0x0A, 0x51, 0x90, 0x31, 0x5A, 0xC0,
+        0x88, 0x56, 0x71, 0xA4, 0xC7, 0x49, 0x56, 0x4C,
+        0x3B, 0x2C, 0x7A, 0xED, 0x90, 0x64, 0xEB, 0xA2,
+        0x99, 0xEF, 0x21, 0x4B, 0xA2, 0xF4, 0x04, 0x93,
+        0x66, 0x7C, 0x8B, 0xD0, 0x32, 0xAE, 0xC5, 0x62,
+        0x17, 0x11, 0xB4, 0x1A, 0x38, 0x52, 0xC5, 0xC2,
+        0xBA, 0xB4, 0xA3, 0x49, 0xCE, 0x4B, 0x7F, 0x08,
+        0x5A, 0x81, 0x2B, 0xBB, 0xC8, 0x20, 0xB8, 0x1B,
+        0xEF, 0xE6, 0x3A, 0x05, 0xB8, 0xBC, 0xDF, 0xE9,
+        0xC2, 0xA7, 0x0A, 0x8B, 0x1A, 0xCA, 0x9B, 0xF9,
+        0x81, 0x64, 0x81, 0x90, 0x7F, 0xF4, 0x43, 0x24,
+        0x61, 0x11, 0x12, 0x87, 0x30, 0x3F, 0x0B, 0xD8,
+        0x17, 0xC0, 0x57, 0x26, 0xBF, 0xA1, 0x8A, 0x2E,
+        0x24, 0xC7, 0x72, 0x49, 0x21, 0x02, 0x80, 0x32,
+        0xF6, 0x22, 0xBD, 0x96, 0x0A, 0x31, 0x7D, 0x83,
+        0xB3, 0x56, 0xB5, 0x7F, 0x4A, 0x80, 0x04, 0x49,
+        0x9C, 0xBC, 0x73, 0xC9, 0x7D, 0x1E, 0xB7, 0x74,
+        0x59, 0x72, 0x63, 0x1C, 0x05, 0x61, 0xC1, 0xA3,
+        0xAB, 0x6E, 0xF9, 0x1B, 0xD3, 0x63, 0x28, 0x0A,
+        0x10, 0x54, 0x5D, 0xA6, 0x93, 0xE6, 0xD5, 0x8A,
+        0xED, 0x68, 0x45, 0xE7, 0xCC, 0x5F, 0x0D, 0x08,
+        0xCA, 0x79, 0x05, 0x05, 0x2C, 0x77, 0x36, 0x6D,
+        0x19, 0x72, 0xCC, 0xFC, 0xC1, 0xA2, 0x76, 0x10,
+        0xCB, 0x54, 0x36, 0x65, 0xAA, 0x79, 0x8E, 0x20,
+        0x94, 0x01, 0x28, 0xB9, 0x56, 0x7A, 0x7E, 0xDB,
+        0x7A, 0x90, 0x04, 0x07, 0xC7, 0x0D, 0x35, 0x94,
+        0x38, 0x43, 0x5E, 0x13, 0x96, 0x16, 0x08, 0xD5,
+        0x52, 0xA9, 0x4C, 0x5C, 0xDA, 0x78, 0x59, 0x22,
+        0x05, 0x09, 0xB4, 0x83, 0xC5, 0xC5, 0x2A, 0x21,
+        0x0E, 0x9C, 0x81, 0x2B, 0xC0, 0xC2, 0x32, 0x8C,
+        0xA0, 0x0E, 0x78, 0x9A, 0x56, 0xB2, 0x60, 0x6B,
+        0x90, 0x29, 0x2E, 0x35, 0x43, 0xDA, 0xCA, 0xA2,
+        0x43, 0x18, 0x41, 0xD6, 0x1A, 0x22, 0xCA, 0x90,
+        0xC1, 0xCC, 0xF0, 0xB5, 0xB4, 0xE0, 0xA6, 0xF6,
+        0x40, 0x53, 0x6D, 0x1A, 0x26, 0xAB, 0x5B, 0x8D,
+        0x21, 0x51, 0x32, 0x79, 0x28, 0xCE, 0x02, 0x90,
+        0x4C, 0xF1, 0xD1, 0x5E, 0x32, 0x78, 0x8A, 0x95,
+        0xF6, 0x2D, 0x3C, 0x27, 0x0B, 0x6F, 0xA1, 0x50,
+        0x8F, 0x97, 0xB9, 0x15, 0x5A, 0x27, 0x26, 0xD8,
+        0x0A, 0x1A, 0xFA, 0x3C, 0x53, 0x87, 0xA2, 0x76,
+        0xA4, 0xD0, 0x31, 0xA0, 0x8A, 0xBF, 0x4F, 0x2E,
+        0x74, 0xF1, 0xA0, 0xBB, 0x8A, 0x0F, 0xD3, 0xCB
+    };
+    static const byte seed_512[WC_ML_KEM_ENC_RAND_SZ] = {
+        0x6F, 0xF0, 0x2E, 0x1D, 0xC7, 0xFD, 0x91, 0x1B,
+        0xEE, 0xE0, 0xC6, 0x92, 0xC8, 0xBD, 0x10, 0x0C,
+        0x3E, 0x5C, 0x48, 0x96, 0x4D, 0x31, 0xDF, 0x92,
+        0x99, 0x42, 0x18, 0xE8, 0x06, 0x64, 0xA6, 0xCA
+    };
+    static const byte c_512[WC_ML_KEM_512_CIPHER_TEXT_SIZE] = {
+        0x19, 0xC5, 0x92, 0x50, 0x59, 0x07, 0xC2, 0x4C,
+        0x5F, 0xA2, 0xEB, 0xFA, 0x93, 0x2D, 0x2C, 0xBB,
+        0x48, 0xF3, 0xE4, 0x34, 0x0A, 0x28, 0xF7, 0xEB,
+        0xA5, 0xD0, 0x68, 0xFC, 0xAC, 0xAB, 0xED, 0xF7,
+        0x77, 0x84, 0xE2, 0xB2, 0x4D, 0x79, 0x61, 0x77,
+        0x5F, 0x0B, 0xF1, 0xA9, 0x97, 0xAE, 0x8B, 0xA9,
+        0xFC, 0x43, 0x11, 0xBE, 0x63, 0x71, 0x67, 0x79,
+        0xC2, 0xB7, 0x88, 0xF8, 0x12, 0xCB, 0xB7, 0x8C,
+        0x74, 0xE7, 0x51, 0x7E, 0x22, 0xE9, 0x10, 0xEF,
+        0xF5, 0xF3, 0x8D, 0x44, 0x46, 0x9C, 0x50, 0xDE,
+        0x16, 0x75, 0xAE, 0x19, 0x8F, 0xD6, 0xA2, 0x89,
+        0xAE, 0x7E, 0x6C, 0x30, 0xA9, 0xD4, 0x35, 0x1B,
+        0x3D, 0x1F, 0x4C, 0x36, 0xEF, 0xF9, 0xC6, 0x8D,
+        0xA9, 0x1C, 0x40, 0xB8, 0x2D, 0xC9, 0xB2, 0x79,
+        0x9A, 0x33, 0xA2, 0x6B, 0x60, 0xA4, 0xE7, 0x0D,
+        0x71, 0x01, 0x86, 0x27, 0x79, 0x46, 0x9F, 0x3A,
+        0x9D, 0xAE, 0xC8, 0xE3, 0xE8, 0xF8, 0xC6, 0xA1,
+        0x6B, 0xF0, 0x92, 0xFB, 0xA5, 0x86, 0x61, 0x86,
+        0xB8, 0xD2, 0x08, 0xFD, 0xEB, 0x27, 0x4A, 0xC1,
+        0xF8, 0x29, 0x65, 0x9D, 0xC2, 0xBE, 0x4A, 0xC4,
+        0xF3, 0x06, 0xCB, 0x55, 0x84, 0xBA, 0xD1, 0x93,
+        0x6A, 0x92, 0xC9, 0xB7, 0x68, 0x19, 0x23, 0x42,
+        0x81, 0xBB, 0x39, 0x58, 0x41, 0xC2, 0x57, 0x56,
+        0x08, 0x6E, 0xA5, 0x64, 0xCA, 0x3E, 0x22, 0x7E,
+        0x3D, 0x9F, 0x10, 0x52, 0xC0, 0x76, 0x6D, 0x2E,
+        0xB7, 0x9A, 0x47, 0xC1, 0x50, 0x72, 0x1E, 0x0D,
+        0xEA, 0x7C, 0x00, 0x69, 0xD5, 0x51, 0xB2, 0x64,
+        0x80, 0x1B, 0x77, 0x27, 0xEC, 0xAF, 0x82, 0xEE,
+        0xCB, 0x99, 0xA8, 0x76, 0xFD, 0xA0, 0x90, 0xBF,
+        0x6C, 0x3F, 0xC6, 0xB1, 0x09, 0xF1, 0x70, 0x14,
+        0x85, 0xF0, 0x3C, 0xE6, 0x62, 0x74, 0xB8, 0x43,
+        0x5B, 0x0A, 0x01, 0x4C, 0xFB, 0x3E, 0x79, 0xCC,
+        0xED, 0x67, 0x05, 0x7B, 0x5A, 0xE2, 0xAD, 0x7F,
+        0x52, 0x79, 0xEB, 0x71, 0x49, 0x42, 0xE4, 0xC1,
+        0xCC, 0xFF, 0x7E, 0x85, 0xC0, 0xDB, 0x43, 0xE5,
+        0xD4, 0x12, 0x89, 0x20, 0x73, 0x63, 0xB4, 0x44,
+        0xBB, 0x51, 0xBB, 0x8A, 0xB0, 0x37, 0x1E, 0x70,
+        0xCB, 0xD5, 0x5F, 0x0F, 0x3D, 0xAD, 0x40, 0x3E,
+        0x10, 0x51, 0x76, 0xE3, 0xE8, 0xA2, 0x25, 0xD8,
+        0x4A, 0xC8, 0xBE, 0xE3, 0x8C, 0x82, 0x1E, 0xE0,
+        0xF5, 0x47, 0x43, 0x11, 0x45, 0xDC, 0xB3, 0x13,
+        0x92, 0x86, 0xAB, 0xB1, 0x17, 0x94, 0xA4, 0x3A,
+        0x3C, 0x1B, 0x52, 0x29, 0xE4, 0xBC, 0xFE, 0x95,
+        0x9C, 0x78, 0xAD, 0xAE, 0xE2, 0xD5, 0xF2, 0x49,
+        0x7B, 0x5D, 0x24, 0xBC, 0x21, 0xFA, 0x03, 0xA9,
+        0xA5, 0x8C, 0x24, 0x55, 0x37, 0x3E, 0xC8, 0x95,
+        0x83, 0xE7, 0xE5, 0x88, 0xD7, 0xFE, 0x67, 0x99,
+        0x1E, 0xE9, 0x37, 0x83, 0xED, 0x4A, 0x6F, 0x9E,
+        0xEA, 0xE0, 0x4E, 0x64, 0xE2, 0xE1, 0xE0, 0xE6,
+        0x99, 0xF6, 0xDC, 0x9C, 0x5D, 0x39, 0xEF, 0x92,
+        0x78, 0xC9, 0x85, 0xE7, 0xFD, 0xF2, 0xA7, 0x64,
+        0xFF, 0xD1, 0xA0, 0xB9, 0x57, 0x92, 0xAD, 0x68,
+        0x1E, 0x93, 0x0D, 0x76, 0xDF, 0x4E, 0xFE, 0x5D,
+        0x65, 0xDB, 0xBD, 0x0F, 0x14, 0x38, 0x48, 0x1E,
+        0xD8, 0x33, 0xAD, 0x49, 0x46, 0xAD, 0x1C, 0x69,
+        0xAD, 0x21, 0xDD, 0x7C, 0x86, 0x18, 0x57, 0x74,
+        0x42, 0x6F, 0x3F, 0xCF, 0x53, 0xB5, 0x2A, 0xD4,
+        0xB4, 0x0D, 0x22, 0x8C, 0xE1, 0x24, 0x07, 0x2F,
+        0x59, 0x2C, 0x7D, 0xAA, 0x05, 0x7F, 0x17, 0xD7,
+        0x90, 0xA5, 0xBD, 0x5B, 0x93, 0x83, 0x4D, 0x58,
+        0xC0, 0x8C, 0x88, 0xDC, 0x8F, 0x0E, 0xF4, 0x88,
+        0x15, 0x64, 0x25, 0xB7, 0x44, 0x65, 0x4E, 0xAC,
+        0xA9, 0xD6, 0x48, 0x58, 0xA4, 0xD6, 0xCE, 0xB4,
+        0x78, 0x79, 0x51, 0x94, 0xBF, 0xAD, 0xB1, 0x8D,
+        0xC0, 0xEA, 0x05, 0x4F, 0x97, 0x71, 0x21, 0x5A,
+        0xD3, 0xCB, 0x1F, 0xD0, 0x31, 0xD7, 0xBE, 0x45,
+        0x98, 0x62, 0x19, 0x26, 0x47, 0x8D, 0x37, 0x5A,
+        0x18, 0x45, 0xAA, 0x91, 0xD7, 0xC7, 0x33, 0xF8,
+        0xF0, 0xE1, 0x88, 0xC8, 0x38, 0x96, 0xED, 0xF8,
+        0x3B, 0x86, 0x46, 0xC9, 0x9E, 0x29, 0xC0, 0xDA,
+        0x22, 0x90, 0xE7, 0x1C, 0x3D, 0x2E, 0x97, 0x07,
+        0x20, 0xC9, 0x7B, 0x5B, 0x7F, 0x95, 0x04, 0x86,
+        0x03, 0x3C, 0x6A, 0x25, 0x71, 0xDD, 0xF2, 0xBC,
+        0xCD, 0xAB, 0xB2, 0xDF, 0xA5, 0xFC, 0xE4, 0xC3,
+        0xA1, 0x88, 0x46, 0x06, 0x04, 0x1D, 0x18, 0x1C,
+        0x72, 0x87, 0x94, 0xAE, 0x0E, 0x80, 0x6E, 0xCB,
+        0x49, 0xAF, 0x16, 0x75, 0x6A, 0x4C, 0xE7, 0x3C,
+        0x87, 0xBD, 0x42, 0x34, 0xE6, 0x0F, 0x05, 0x53,
+        0x5F, 0xA5, 0x92, 0x9F, 0xD5, 0xA3, 0x44, 0x73,
+        0x26, 0x64, 0x01, 0xF6, 0x3B, 0xBD, 0x6B, 0x90,
+        0xE0, 0x03, 0x47, 0x2A, 0xC0, 0xCE, 0x88, 0xF1,
+        0xB6, 0x66, 0x59, 0x72, 0x79, 0xD0, 0x56, 0xA6,
+        0x32, 0xC8, 0xD6, 0xB7, 0x90, 0xFD, 0x41, 0x17,
+        0x67, 0x84, 0x8A, 0x69, 0xE3, 0x7A, 0x8A, 0x83,
+        0x9B, 0xC7, 0x66, 0xA0, 0x2C, 0xA2, 0xF6, 0x95,
+        0xEC, 0x63, 0xF0, 0x56, 0xA4, 0xE2, 0xA1, 0x14,
+        0xCA, 0xCF, 0x9F, 0xD9, 0x0D, 0x73, 0x0C, 0x97,
+        0x0D, 0xB3, 0x87, 0xF6, 0xDE, 0x73, 0x39, 0x5F,
+        0x70, 0x1A, 0x1D, 0x95, 0x3B, 0x2A, 0x89, 0xDD,
+        0x7E, 0xDA, 0xD4, 0x39, 0xFC, 0x20, 0x5A, 0x54,
+        0xA4, 0x81, 0xE8, 0x89, 0xB0, 0x98, 0xD5, 0x25,
+        0x56, 0x70, 0xF0, 0x26, 0xB4, 0xA2, 0xBF, 0x02,
+        0xD2, 0xBD, 0xDE, 0x87, 0xC7, 0x66, 0xB2, 0x5F,
+        0xC5, 0xE0, 0xFD, 0x45, 0x37, 0x57, 0xE7, 0x56,
+        0xD1, 0x8C, 0x8C, 0xD9, 0x12, 0xF9, 0xA7, 0x7F,
+        0x8E, 0x6B, 0xF0, 0x20, 0x53, 0x74, 0xB4, 0x62
+    };
+    static const byte k_512[WC_ML_KEM_SS_SZ] = {
+        0x0B, 0xF3, 0x23, 0x33, 0x8D, 0x6F, 0x0A, 0x21,
+        0xD5, 0x51, 0x4B, 0x67, 0x3C, 0xD1, 0x0B, 0x71,
+        0x4C, 0xE6, 0xE3, 0x6F, 0x35, 0xBC, 0xD1, 0xBF,
+        0x54, 0x41, 0x96, 0x36, 0x8E, 0xE5, 0x1A, 0x13
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    static const byte ek_768[WC_ML_KEM_768_PUBLIC_KEY_SIZE] = {
+        0x89, 0xD2, 0xCB, 0x65, 0xF9, 0x4D, 0xCB, 0xFC,
+        0x89, 0x0E, 0xFC, 0x7D, 0x0E, 0x5A, 0x7A, 0x38,
+        0x34, 0x4D, 0x16, 0x41, 0xA3, 0xD0, 0xB0, 0x24,
+        0xD5, 0x07, 0x97, 0xA5, 0xF2, 0x3C, 0x3A, 0x18,
+        0xB3, 0x10, 0x1A, 0x12, 0x69, 0x06, 0x9F, 0x43,
+        0xA8, 0x42, 0xBA, 0xCC, 0x09, 0x8A, 0x88, 0x21,
+        0x27, 0x1C, 0x67, 0x3D, 0xB1, 0xBE, 0xB3, 0x30,
+        0x34, 0xE4, 0xD7, 0x77, 0x4D, 0x16, 0x63, 0x5C,
+        0x7C, 0x2C, 0x3C, 0x27, 0x63, 0x45, 0x35, 0x38,
+        0xBC, 0x16, 0x32, 0xE1, 0x85, 0x15, 0x91, 0xA5,
+        0x16, 0x42, 0x97, 0x4E, 0x59, 0x28, 0xAB, 0xB8,
+        0xE5, 0x5F, 0xE5, 0x56, 0x12, 0xF9, 0xB1, 0x41,
+        0xAF, 0xF0, 0x15, 0x54, 0x53, 0x94, 0xB2, 0x09,
+        0x2E, 0x59, 0x09, 0x70, 0xEC, 0x29, 0xA7, 0xB7,
+        0xE7, 0xAA, 0x1F, 0xB4, 0x49, 0x3B, 0xF7, 0xCB,
+        0x73, 0x19, 0x06, 0xC2, 0xA5, 0xCB, 0x49, 0xE6,
+        0x61, 0x48, 0x59, 0x06, 0x4E, 0x19, 0xB8, 0xFA,
+        0x26, 0xAF, 0x51, 0xC4, 0x4B, 0x5E, 0x75, 0x35,
+        0xBF, 0xDA, 0xC0, 0x72, 0xB6, 0x46, 0xD3, 0xEA,
+        0x49, 0x0D, 0x27, 0x7F, 0x0D, 0x97, 0xCE, 0xD4,
+        0x73, 0x95, 0xFE, 0xD9, 0x1E, 0x8F, 0x2B, 0xCE,
+        0x0E, 0x3C, 0xA1, 0x22, 0xC2, 0x02, 0x5F, 0x74,
+        0x06, 0x7A, 0xB9, 0x28, 0xA8, 0x22, 0xB3, 0x56,
+        0x53, 0xA7, 0x4F, 0x06, 0x75, 0x76, 0x29, 0xAF,
+        0xB1, 0xA1, 0xCA, 0xF2, 0x37, 0x10, 0x0E, 0xA9,
+        0x35, 0xE7, 0x93, 0xC8, 0xF5, 0x8A, 0x71, 0xB3,
+        0xD6, 0xAE, 0x2C, 0x86, 0x58, 0xB1, 0x01, 0x50,
+        0xD4, 0xA3, 0x8F, 0x57, 0x2A, 0x0D, 0x49, 0xD2,
+        0x8A, 0xE8, 0x94, 0x51, 0xD3, 0x38, 0x32, 0x6F,
+        0xDB, 0x3B, 0x43, 0x50, 0x03, 0x6C, 0x10, 0x81,
+        0x11, 0x77, 0x40, 0xED, 0xB8, 0x6B, 0x12, 0x08,
+        0x1C, 0x5C, 0x12, 0x23, 0xDB, 0xB5, 0x66, 0x0D,
+        0x5B, 0x3C, 0xB3, 0x78, 0x7D, 0x48, 0x18, 0x49,
+        0x30, 0x4C, 0x68, 0xBE, 0x87, 0x54, 0x66, 0xF1,
+        0x4E, 0xE5, 0x49, 0x5C, 0x2B, 0xD7, 0x95, 0xAE,
+        0x41, 0x2D, 0x09, 0x00, 0x2D, 0x65, 0xB8, 0x71,
+        0x9B, 0x90, 0xCB, 0xA3, 0x60, 0x3A, 0xC4, 0x95,
+        0x8E, 0xA0, 0x3C, 0xC1, 0x38, 0xC8, 0x6F, 0x78,
+        0x51, 0x59, 0x31, 0x25, 0x33, 0x47, 0x01, 0xB6,
+        0x77, 0xF8, 0x2F, 0x49, 0x52, 0xA4, 0xC9, 0x3B,
+        0x5B, 0x4C, 0x13, 0x4B, 0xB4, 0x2A, 0x85, 0x7F,
+        0xD1, 0x5C, 0x65, 0x08, 0x64, 0xA6, 0xAA, 0x94,
+        0xEB, 0x69, 0x1C, 0x0B, 0x69, 0x1B, 0xE4, 0x68,
+        0x4C, 0x1F, 0x5B, 0x74, 0x90, 0x46, 0x7F, 0xC0,
+        0x1B, 0x1D, 0x1F, 0xDA, 0x4D, 0xDA, 0x35, 0xC4,
+        0xEC, 0xC2, 0x31, 0xBC, 0x73, 0xA6, 0xFE, 0xF4,
+        0x2C, 0x99, 0xD3, 0x4E, 0xB8, 0x2A, 0x4D, 0x01,
+        0x49, 0x87, 0xB3, 0xE3, 0x86, 0x91, 0x0C, 0x62,
+        0x67, 0x9A, 0x11, 0x8F, 0x3C, 0x5B, 0xD9, 0xF4,
+        0x67, 0xE4, 0x16, 0x20, 0x42, 0x42, 0x43, 0x57,
+        0xDB, 0x92, 0xEF, 0x48, 0x4A, 0x4A, 0x17, 0x98,
+        0xC1, 0x25, 0x7E, 0x87, 0x0A, 0x30, 0xCB, 0x20,
+        0xAA, 0xA0, 0x33, 0x5D, 0x83, 0x31, 0x4F, 0xE0,
+        0xAA, 0x7E, 0x63, 0xA8, 0x62, 0x64, 0x80, 0x41,
+        0xA7, 0x2A, 0x63, 0x21, 0x52, 0x32, 0x20, 0xB1,
+        0xAC, 0xE9, 0xBB, 0x70, 0x1B, 0x21, 0xAC, 0x12,
+        0x53, 0xCB, 0x81, 0x2C, 0x15, 0x57, 0x5A, 0x90,
+        0x85, 0xEA, 0xBE, 0xAD, 0xE7, 0x3A, 0x4A, 0xE7,
+        0x6E, 0x6A, 0x7B, 0x15, 0x8A, 0x20, 0x58, 0x6D,
+        0x78, 0xA5, 0xAC, 0x62, 0x0A, 0x5C, 0x9A, 0xBC,
+        0xC9, 0xC0, 0x43, 0x35, 0x0A, 0x73, 0x65, 0x6B,
+        0x0A, 0xBE, 0x82, 0x2D, 0xA5, 0xE0, 0xBA, 0x76,
+        0x04, 0x5F, 0xAD, 0x75, 0x40, 0x1D, 0x7A, 0x3B,
+        0x70, 0x37, 0x91, 0xB7, 0xE9, 0x92, 0x61, 0x71,
+        0x0F, 0x86, 0xB7, 0x24, 0x21, 0xD2, 0x40, 0xA3,
+        0x47, 0x63, 0x83, 0x77, 0x20, 0x5A, 0x15, 0x2C,
+        0x79, 0x41, 0x30, 0xA4, 0xE0, 0x47, 0x74, 0x2B,
+        0x88, 0x83, 0x03, 0xBD, 0xDC, 0x30, 0x91, 0x16,
+        0x76, 0x4D, 0xE7, 0x42, 0x4C, 0xEB, 0xEA, 0x6D,
+        0xB6, 0x53, 0x48, 0xAC, 0x53, 0x7E, 0x01, 0xA9,
+        0xCC, 0x56, 0xEA, 0x66, 0x7D, 0x5A, 0xA8, 0x7A,
+        0xC9, 0xAA, 0xA4, 0x31, 0x7D, 0x26, 0x2C, 0x10,
+        0x14, 0x30, 0x50, 0xB8, 0xD0, 0x7A, 0x72, 0x8C,
+        0xA6, 0x33, 0xC1, 0x3E, 0x46, 0x8A, 0xBC, 0xEA,
+        0xD3, 0x72, 0xC7, 0x7B, 0x8E, 0xCF, 0x3B, 0x98,
+        0x6B, 0x98, 0xC1, 0xE5, 0x58, 0x60, 0xB2, 0xB4,
+        0x21, 0x67, 0x66, 0xAD, 0x87, 0x4C, 0x35, 0xED,
+        0x72, 0x05, 0x06, 0x87, 0x39, 0x23, 0x02, 0x20,
+        0xB5, 0xA2, 0x31, 0x7D, 0x10, 0x2C, 0x59, 0x83,
+        0x56, 0xF1, 0x68, 0xAC, 0xBE, 0x80, 0x60, 0x8D,
+        0xE4, 0xC9, 0xA7, 0x10, 0xB8, 0xDD, 0x07, 0x07,
+        0x8C, 0xD7, 0xC6, 0x71, 0x05, 0x8A, 0xF1, 0xB0,
+        0xB8, 0x30, 0x4A, 0x31, 0x4F, 0x7B, 0x29, 0xBE,
+        0x78, 0xA9, 0x33, 0xC7, 0xB9, 0x29, 0x44, 0x24,
+        0x95, 0x4A, 0x1B, 0xF8, 0xBC, 0x74, 0x5D, 0xE8,
+        0x61, 0x98, 0x65, 0x9E, 0x0E, 0x12, 0x25, 0xA9,
+        0x10, 0x72, 0x60, 0x74, 0x96, 0x9C, 0x39, 0xA9,
+        0x7C, 0x19, 0x24, 0x06, 0x01, 0xA4, 0x6E, 0x01,
+        0x3D, 0xCD, 0xCB, 0x67, 0x7A, 0x8C, 0xBD, 0x2C,
+        0x95, 0xA4, 0x06, 0x29, 0xC2, 0x56, 0xF2, 0x4A,
+        0x32, 0x89, 0x51, 0xDF, 0x57, 0x50, 0x2A, 0xB3,
+        0x07, 0x72, 0xCC, 0x7E, 0x5B, 0x85, 0x00, 0x27,
+        0xC8, 0x55, 0x17, 0x81, 0xCE, 0x49, 0x85, 0xBD,
+        0xAC, 0xF6, 0xB8, 0x65, 0xC1, 0x04, 0xE8, 0xA4,
+        0xBC, 0x65, 0xC4, 0x16, 0x94, 0xD4, 0x56, 0xB7,
+        0x16, 0x9E, 0x45, 0xAB, 0x3D, 0x7A, 0xCA, 0xBE,
+        0xAF, 0xE2, 0x3A, 0xD6, 0xA7, 0xB9, 0x4D, 0x19,
+        0x79, 0xA2, 0xF4, 0xC1, 0xCA, 0xE7, 0xCD, 0x77,
+        0xD6, 0x81, 0xD2, 0x90, 0xB5, 0xD8, 0xE4, 0x51,
+        0xBF, 0xDC, 0xCC, 0xF5, 0x31, 0x0B, 0x9D, 0x12,
+        0xA8, 0x8E, 0xC2, 0x9B, 0x10, 0x25, 0x5D, 0x5E,
+        0x17, 0xA1, 0x92, 0x67, 0x0A, 0xA9, 0x73, 0x1C,
+        0x5C, 0xA6, 0x7E, 0xC7, 0x84, 0xC5, 0x02, 0x78,
+        0x1B, 0xE8, 0x52, 0x7D, 0x6F, 0xC0, 0x03, 0xC6,
+        0x70, 0x1B, 0x36, 0x32, 0x28, 0x4B, 0x40, 0x30,
+        0x7A, 0x52, 0x7C, 0x76, 0x20, 0x37, 0x7F, 0xEB,
+        0x0B, 0x73, 0xF7, 0x22, 0xC9, 0xE3, 0xCD, 0x4D,
+        0xEC, 0x64, 0x87, 0x6B, 0x93, 0xAB, 0x5B, 0x7C,
+        0xFC, 0x4A, 0x65, 0x7F, 0x85, 0x2B, 0x65, 0x92,
+        0x82, 0x86, 0x43, 0x84, 0xF4, 0x42, 0xB2, 0x2E,
+        0x8A, 0x21, 0x10, 0x93, 0x87, 0xB8, 0xB4, 0x75,
+        0x85, 0xFC, 0x68, 0x0D, 0x0B, 0xA4, 0x5C, 0x7A,
+        0x8B, 0x1D, 0x72, 0x74, 0xBD, 0xA5, 0x78, 0x45,
+        0xD1, 0x00, 0xD0, 0xF4, 0x2A, 0x3B, 0x74, 0x62,
+        0x87, 0x73, 0x35, 0x1F, 0xD7, 0xAC, 0x30, 0x5B,
+        0x24, 0x97, 0x63, 0x9B, 0xE9, 0x0B, 0x3F, 0x4F,
+        0x71, 0xA6, 0xAA, 0x35, 0x61, 0xEE, 0xCC, 0x6A,
+        0x69, 0x1B, 0xB5, 0xCB, 0x39, 0x14, 0xD8, 0x63,
+        0x4C, 0xA1, 0xE1, 0xAF, 0x54, 0x3C, 0x04, 0x9A,
+        0x8C, 0x6E, 0x86, 0x8C, 0x51, 0xF0, 0x42, 0x3B,
+        0xD2, 0xD5, 0xAE, 0x09, 0xB7, 0x9E, 0x57, 0xC2,
+        0x7F, 0x3F, 0xE3, 0xAE, 0x2B, 0x26, 0xA4, 0x41,
+        0xBA, 0xBF, 0xC6, 0x71, 0x8C, 0xE8, 0xC0, 0x5B,
+        0x4F, 0xE7, 0x93, 0xB9, 0x10, 0xB8, 0xFB, 0xCB,
+        0xBE, 0x7F, 0x10, 0x13, 0x24, 0x2B, 0x40, 0xE0,
+        0x51, 0x4D, 0x0B, 0xDC, 0x5C, 0x88, 0xBA, 0xC5,
+        0x94, 0xC7, 0x94, 0xCE, 0x51, 0x22, 0xFB, 0xF3,
+        0x48, 0x96, 0x81, 0x91, 0x47, 0xB9, 0x28, 0x38,
+        0x15, 0x87, 0x96, 0x3B, 0x0B, 0x90, 0x03, 0x4A,
+        0xA0, 0x7A, 0x10, 0xBE, 0x17, 0x6E, 0x01, 0xC8,
+        0x0A, 0xD6, 0xA4, 0xB7, 0x1B, 0x10, 0xAF, 0x42,
+        0x41, 0x40, 0x0A, 0x2A, 0x4C, 0xBB, 0xC0, 0x59,
+        0x61, 0xA1, 0x5E, 0xC1, 0x47, 0x4E, 0xD5, 0x1A,
+        0x3C, 0xC6, 0xD3, 0x58, 0x00, 0x67, 0x9A, 0x46,
+        0x28, 0x09, 0xCA, 0xA3, 0xAB, 0x4F, 0x70, 0x94,
+        0xCD, 0x66, 0x10, 0xB4, 0xA7, 0x00, 0xCB, 0xA9,
+        0x39, 0xE7, 0xEA, 0xC9, 0x3E, 0x38, 0xC9, 0x97,
+        0x55, 0x90, 0x87, 0x27, 0x61, 0x9E, 0xD7, 0x6A,
+        0x34, 0xE5, 0x3C, 0x4F, 0xA2, 0x5B, 0xFC, 0x97,
+        0x00, 0x82, 0x06, 0x69, 0x7D, 0xD1, 0x45, 0xE5,
+        0xB9, 0x18, 0x8E, 0x5B, 0x01, 0x4E, 0x94, 0x16,
+        0x81, 0xE1, 0x5F, 0xE3, 0xE1, 0x32, 0xB8, 0xA3,
+        0x90, 0x34, 0x74, 0x14, 0x8B, 0xA2, 0x8B, 0x98,
+        0x71, 0x11, 0xC9, 0xBC, 0xB3, 0x98, 0x9B, 0xBB,
+        0xC6, 0x71, 0xC5, 0x81, 0xB4, 0x4A, 0x49, 0x28,
+        0x45, 0xF2, 0x88, 0xE6, 0x21, 0x96, 0xE4, 0x71,
+        0xFE, 0xD3, 0xC3, 0x9C, 0x1B, 0xBD, 0xDB, 0x08,
+        0x37, 0xD0, 0xD4, 0x70, 0x6B, 0x09, 0x22, 0xC4
+    };
+    static const byte seed_768[WC_ML_KEM_ENC_RAND_SZ] = {
+        0x2C, 0xE7, 0x4A, 0xD2, 0x91, 0x13, 0x35, 0x18,
+        0xFE, 0x60, 0xC7, 0xDF, 0x5D, 0x25, 0x1B, 0x9D,
+        0x82, 0xAD, 0xD4, 0x84, 0x62, 0xFF, 0x50, 0x5C,
+        0x6E, 0x54, 0x7E, 0x94, 0x9E, 0x6B, 0x6B, 0xF7
+    };
+    static const byte c_768[WC_ML_KEM_768_CIPHER_TEXT_SIZE] = {
+        0x56, 0xB4, 0x2D, 0x59, 0x3A, 0xAB, 0x8E, 0x87,
+        0x73, 0xBD, 0x92, 0xD7, 0x6E, 0xAB, 0xDD, 0xF3,
+        0xB1, 0x54, 0x6F, 0x83, 0x26, 0xF5, 0x7A, 0x7B,
+        0x77, 0x37, 0x64, 0xB6, 0xC0, 0xDD, 0x30, 0x47,
+        0x0F, 0x68, 0xDF, 0xF8, 0x2E, 0x0D, 0xCA, 0x92,
+        0x50, 0x92, 0x74, 0xEC, 0xFE, 0x83, 0xA9, 0x54,
+        0x73, 0x5F, 0xDE, 0x6E, 0x14, 0x67, 0x6D, 0xAA,
+        0xA3, 0x68, 0x0C, 0x30, 0xD5, 0x24, 0xF4, 0xEF,
+        0xA7, 0x9E, 0xD6, 0xA1, 0xF9, 0xED, 0x7E, 0x1C,
+        0x00, 0x56, 0x0E, 0x86, 0x83, 0x53, 0x8C, 0x31,
+        0x05, 0xAB, 0x93, 0x1B, 0xE0, 0xD2, 0xB2, 0x49,
+        0xB3, 0x8C, 0xB9, 0xB1, 0x3A, 0xF5, 0xCE, 0xAF,
+        0x78, 0x87, 0xA5, 0x9D, 0xBA, 0x16, 0x68, 0x8A,
+        0x7F, 0x28, 0xDE, 0x0B, 0x14, 0xD1, 0x9F, 0x39,
+        0x1E, 0xB4, 0x18, 0x32, 0xA5, 0x64, 0x79, 0x41,
+        0x6C, 0xCF, 0x94, 0xE9, 0x97, 0x39, 0x0E, 0xD7,
+        0x87, 0x8E, 0xEA, 0xFF, 0x49, 0x32, 0x8A, 0x70,
+        0xE0, 0xAB, 0x5F, 0xCE, 0x6C, 0x63, 0xC0, 0x9B,
+        0x35, 0xF4, 0xE4, 0x59, 0x94, 0xDE, 0x61, 0x5B,
+        0x88, 0xBB, 0x72, 0x2F, 0x70, 0xE8, 0x7D, 0x2B,
+        0xBD, 0x72, 0xAE, 0x71, 0xE1, 0xEE, 0x90, 0x08,
+        0xE4, 0x59, 0xD8, 0xE7, 0x43, 0x03, 0x9A, 0x8D,
+        0xDE, 0xB8, 0x74, 0xFC, 0xE5, 0x30, 0x1A, 0x2F,
+        0x8C, 0x0E, 0xE8, 0xC2, 0xFE, 0xE7, 0xA4, 0xEE,
+        0x68, 0xB5, 0xED, 0x6A, 0x6D, 0x9A, 0xB7, 0x4F,
+        0x98, 0xBB, 0x3B, 0xA0, 0xFE, 0x89, 0xE8, 0x2B,
+        0xD5, 0xA5, 0x25, 0xC5, 0xE8, 0x79, 0x0F, 0x81,
+        0x8C, 0xCC, 0x60, 0x58, 0x77, 0xD4, 0x6C, 0x8B,
+        0xDB, 0x5C, 0x33, 0x7B, 0x02, 0x5B, 0xB8, 0x40,
+        0xFF, 0x47, 0x18, 0x96, 0xE4, 0x3B, 0xFA, 0x99,
+        0xD7, 0x3D, 0xBE, 0x31, 0x80, 0x5C, 0x27, 0xA4,
+        0x3E, 0x57, 0xF0, 0x61, 0x8B, 0x3A, 0xE5, 0x22,
+        0xA4, 0x64, 0x4E, 0x0D, 0x4E, 0x4C, 0x1C, 0x54,
+        0x84, 0x89, 0x43, 0x1B, 0xE5, 0x58, 0xF3, 0xBF,
+        0xC5, 0x0E, 0x16, 0x61, 0x7E, 0x11, 0x0D, 0xD7,
+        0xAF, 0x9A, 0x6F, 0xD8, 0x3E, 0x3F, 0xBB, 0x68,
+        0xC3, 0x04, 0xD1, 0x5F, 0x6C, 0xB7, 0x00, 0xD6,
+        0x1D, 0x7A, 0xA9, 0x15, 0xA6, 0x75, 0x1E, 0xA3,
+        0xBA, 0x80, 0x22, 0x3E, 0x65, 0x41, 0x32, 0xA2,
+        0x09, 0x99, 0xA4, 0x3B, 0xF4, 0x08, 0x59, 0x27,
+        0x30, 0xB9, 0xA9, 0x49, 0x96, 0x36, 0xC0, 0x9F,
+        0xA7, 0x29, 0xF9, 0xCB, 0x1F, 0x9D, 0x34, 0x42,
+        0xF4, 0x73, 0x57, 0xA2, 0xB9, 0xCF, 0x15, 0xD3,
+        0x10, 0x3B, 0x9B, 0xF3, 0x96, 0xC2, 0x30, 0x88,
+        0xF1, 0x18, 0xED, 0xE3, 0x46, 0xB5, 0xC0, 0x38,
+        0x91, 0xCF, 0xA5, 0xD5, 0x17, 0xCE, 0xF8, 0x47,
+        0x13, 0x22, 0xE7, 0xE3, 0x10, 0x87, 0xC4, 0xB0,
+        0x36, 0xAB, 0xAD, 0x78, 0x4B, 0xFF, 0x72, 0xA9,
+        0xB1, 0x1F, 0xA1, 0x98, 0xFA, 0xCB, 0xCB, 0x91,
+        0xF0, 0x67, 0xFE, 0xAF, 0x76, 0xFC, 0xFE, 0x53,
+        0x27, 0xC1, 0x07, 0x0B, 0x3D, 0xA6, 0x98, 0x84,
+        0x00, 0x75, 0x67, 0x60, 0xD2, 0xD1, 0xF0, 0x60,
+        0x29, 0x8F, 0x16, 0x83, 0xD5, 0x1E, 0x36, 0x16,
+        0xE9, 0x8C, 0x51, 0xC9, 0xC0, 0x3A, 0xA4, 0x2F,
+        0x2E, 0x63, 0x36, 0x51, 0xA4, 0x7A, 0xD3, 0xCC,
+        0x2A, 0xB4, 0xA8, 0x52, 0xAE, 0x0C, 0x4B, 0x04,
+        0xB4, 0xE1, 0xC3, 0xDD, 0x94, 0x44, 0x45, 0xA2,
+        0xB1, 0x2B, 0x4F, 0x42, 0xA6, 0x43, 0x51, 0x05,
+        0xC0, 0x41, 0x22, 0xFC, 0x35, 0x87, 0xAF, 0xE4,
+        0x09, 0xA0, 0x0B, 0x30, 0x8D, 0x63, 0xC5, 0xDD,
+        0x81, 0x63, 0x65, 0x45, 0x04, 0xEE, 0xDB, 0xB7,
+        0xB5, 0x32, 0x95, 0x77, 0xC3, 0x5F, 0xBE, 0xB3,
+        0xF4, 0x63, 0x87, 0x2C, 0xAC, 0x28, 0x14, 0x2B,
+        0x3C, 0x12, 0xA7, 0x40, 0xEC, 0x6E, 0xA7, 0xCE,
+        0x9A, 0xD7, 0x8C, 0x6F, 0xC8, 0xFE, 0x1B, 0x4D,
+        0xF5, 0xFC, 0x55, 0xC1, 0x66, 0x7F, 0x31, 0xF2,
+        0x31, 0x2D, 0xA0, 0x77, 0x99, 0xDC, 0x87, 0x0A,
+        0x47, 0x86, 0x08, 0x54, 0x9F, 0xED, 0xAF, 0xE0,
+        0x21, 0xF1, 0xCF, 0x29, 0x84, 0x18, 0x03, 0x64,
+        0xE9, 0x0A, 0xD9, 0x8D, 0x84, 0x56, 0x52, 0xAA,
+        0x3C, 0xDD, 0x7A, 0x8E, 0xB0, 0x9F, 0x5E, 0x51,
+        0x42, 0x3F, 0xAB, 0x42, 0xA7, 0xB7, 0xBB, 0x4D,
+        0x51, 0x48, 0x64, 0xBE, 0x8D, 0x71, 0x29, 0x7E,
+        0x9C, 0x3B, 0x17, 0xA9, 0x93, 0xF0, 0xAE, 0x62,
+        0xE8, 0xEF, 0x52, 0x63, 0x7B, 0xD1, 0xB8, 0x85,
+        0xBD, 0x9B, 0x6A, 0xB7, 0x27, 0x85, 0x4D, 0x70,
+        0x3D, 0x8D, 0xC4, 0x78, 0xF9, 0x6C, 0xB8, 0x1F,
+        0xCE, 0x4C, 0x60, 0x38, 0x3A, 0xC0, 0x1F, 0xCF,
+        0x0F, 0x97, 0x1D, 0x4C, 0x8F, 0x35, 0x2B, 0x7A,
+        0x82, 0xE2, 0x18, 0x65, 0x2F, 0x2C, 0x10, 0x6C,
+        0xA9, 0x2A, 0xE6, 0x86, 0xBA, 0xCF, 0xCE, 0xF5,
+        0xD3, 0x27, 0x34, 0x7A, 0x97, 0xA9, 0xB3, 0x75,
+        0xD6, 0x73, 0x41, 0x55, 0x2B, 0xC2, 0xC5, 0x38,
+        0x77, 0x8E, 0x0F, 0x98, 0x01, 0x82, 0x3C, 0xCD,
+        0xFC, 0xD1, 0xEA, 0xAD, 0xED, 0x55, 0xB1, 0x8C,
+        0x97, 0x57, 0xE3, 0xF2, 0x12, 0xB2, 0x88, 0x9D,
+        0x38, 0x57, 0xDB, 0x51, 0xF9, 0x81, 0xD1, 0x61,
+        0x85, 0xFD, 0x0F, 0x90, 0x08, 0x53, 0xA7, 0x50,
+        0x05, 0xE3, 0x02, 0x0A, 0x8B, 0x95, 0xB7, 0xD8,
+        0xF2, 0xF2, 0x63, 0x1C, 0x70, 0xD7, 0x8A, 0x95,
+        0x7C, 0x7A, 0x62, 0xE1, 0xB3, 0x71, 0x90, 0x70,
+        0xAC, 0xD1, 0xFD, 0x48, 0x0C, 0x25, 0xB8, 0x38,
+        0x47, 0xDA, 0x02, 0x7B, 0x6E, 0xBB, 0xC2, 0xEE,
+        0xC2, 0xDF, 0x22, 0xC8, 0x7F, 0x9B, 0x46, 0xD5,
+        0xD7, 0xBA, 0xF1, 0x56, 0xB5, 0x3C, 0xEE, 0x92,
+        0x95, 0x72, 0xB9, 0x2C, 0x47, 0x84, 0xC4, 0xE8,
+        0x29, 0xF3, 0x44, 0x6A, 0x1F, 0xFE, 0x47, 0xF9,
+        0x9D, 0xEC, 0xD0, 0x43, 0x60, 0x29, 0xDD, 0xEB,
+        0xD3, 0xED, 0x8E, 0x87, 0xE5, 0xE7, 0x3D, 0x12,
+        0x3D, 0xBE, 0x8A, 0x4D, 0xDA, 0xCF, 0x2A, 0xBD,
+        0xE8, 0x7F, 0x33, 0xAE, 0x2B, 0x62, 0x1C, 0x0E,
+        0xC5, 0xD5, 0xCA, 0xD1, 0x25, 0x9D, 0xEE, 0xC2,
+        0xAE, 0xFF, 0x60, 0x88, 0xF0, 0x4F, 0x27, 0xA2,
+        0x03, 0x38, 0xB5, 0x76, 0x25, 0x43, 0xE5, 0x10,
+        0x08, 0x99, 0xA4, 0xCB, 0xFB, 0x7B, 0x3C, 0xA4,
+        0x56, 0xB3, 0xA1, 0x9B, 0x83, 0xA4, 0xC4, 0x32,
+        0x23, 0x0C, 0x23, 0xE1, 0xC7, 0xF1, 0x07, 0xC4,
+        0xCB, 0x11, 0x21, 0x52, 0xF1, 0xC0, 0xF3, 0x0D,
+        0xA0, 0xBB, 0x33, 0xF4, 0xF1, 0x1F, 0x47, 0xEE,
+        0xA4, 0x38, 0x72, 0xBA, 0xFA, 0x84, 0xAE, 0x22,
+        0x25, 0x6D, 0x70, 0x8E, 0x06, 0x04, 0xDA, 0xDE,
+        0x4B, 0x2A, 0x4D, 0xDE, 0x8C, 0xCC, 0xF1, 0x19,
+        0x30, 0xE1, 0x35, 0x53, 0x93, 0x4A, 0xE3, 0xEC,
+        0xE5, 0x2F, 0x3D, 0x7C, 0xCC, 0x00, 0x28, 0x73,
+        0x77, 0x87, 0x9F, 0xE6, 0xB8, 0xEC, 0xE7, 0xEF,
+        0x79, 0x42, 0x35, 0x07, 0xC9, 0xDA, 0x33, 0x95,
+        0x59, 0xC2, 0x0D, 0xE1, 0xC5, 0x19, 0x55, 0x99,
+        0x9B, 0xAE, 0x47, 0x40, 0x1D, 0xC3, 0xCD, 0xFA,
+        0xA1, 0xB2, 0x56, 0xD0, 0x9C, 0x7D, 0xB9, 0xFC,
+        0x86, 0x98, 0xBF, 0xCE, 0xFA, 0x73, 0x02, 0xD5,
+        0x6F, 0xBC, 0xDE, 0x1F, 0xBA, 0xAA, 0x1C, 0x65,
+        0x34, 0x54, 0xE6, 0xFD, 0x3D, 0x84, 0xE4, 0xF7,
+        0x9A, 0x93, 0x1C, 0x68, 0x1C, 0xBB, 0x6C, 0xB4,
+        0x62, 0xB1, 0x0D, 0xAE, 0x11, 0x2B, 0xDF, 0xB7,
+        0xF6, 0x5C, 0x7F, 0xDF, 0x6E, 0x5F, 0xC5, 0x94,
+        0xEC, 0x3A, 0x47, 0x4A, 0x94, 0xBD, 0x97, 0xE6,
+        0xEC, 0x81, 0xF7, 0x1C, 0x23, 0x0B, 0xF7, 0x0C,
+        0xA0, 0xF1, 0x3C, 0xE3, 0xDF, 0xFB, 0xD9, 0xFF,
+        0x98, 0x04, 0xEF, 0xD8, 0xF3, 0x7A, 0x4D, 0x36,
+        0x29, 0xB4, 0x3A, 0x8F, 0x55, 0x54, 0x4E, 0xBC,
+        0x5A, 0xC0, 0xAB, 0xD9, 0xA3, 0x3D, 0x79, 0x69,
+        0x90, 0x68, 0x34, 0x6A, 0x0F, 0x1A, 0x3A, 0x96,
+        0xE1, 0x15, 0xA5, 0xD8, 0x0B, 0xE1, 0x65, 0xB5,
+        0x62, 0xD0, 0x82, 0x98, 0x4D, 0x5A, 0xAC, 0xC3,
+        0xA2, 0x30, 0x19, 0x81, 0xA6, 0x41, 0x8F, 0x8B,
+        0xA7, 0xD7, 0xB0, 0xD7, 0xCA, 0x58, 0x75, 0xC6
+    };
+    static const byte k_768[WC_ML_KEM_SS_SZ] = {
+        0x26, 0x96, 0xD2, 0x8E, 0x9C, 0x61, 0xC2, 0xA0,
+        0x1C, 0xE9, 0xB1, 0x60, 0x8D, 0xCB, 0x9D, 0x29,
+        0x27, 0x85, 0xA0, 0xCD, 0x58, 0xEF, 0xB7, 0xFE,
+        0x13, 0xB1, 0xDE, 0x95, 0xF0, 0xDB, 0x55, 0xB3
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    static const byte ek_1024[WC_ML_KEM_1024_PUBLIC_KEY_SIZE] = {
+        0x30, 0x7A, 0x4C, 0xEA, 0x41, 0x48, 0x21, 0x9B,
+        0x95, 0x8E, 0xA0, 0xB7, 0x88, 0x66, 0x59, 0x23,
+        0x5A, 0x4D, 0x19, 0x80, 0xB1, 0x92, 0x61, 0x08,
+        0x47, 0xD8, 0x6E, 0xF3, 0x27, 0x39, 0xF9, 0x4C,
+        0x3B, 0x44, 0x6C, 0x4D, 0x81, 0xD8, 0x9B, 0x8B,
+        0x42, 0x2A, 0x9D, 0x07, 0x9C, 0x88, 0xB1, 0x1A,
+        0xCA, 0xF3, 0x21, 0xB0, 0x14, 0x29, 0x4E, 0x18,
+        0xB2, 0x96, 0xE5, 0x2F, 0x3F, 0x74, 0x4C, 0xF9,
+        0x63, 0x4A, 0x4F, 0xB0, 0x1D, 0xB0, 0xD9, 0x9E,
+        0xF2, 0x0A, 0x63, 0x3A, 0x55, 0x2E, 0x76, 0xA0,
+        0x58, 0x5C, 0x61, 0x09, 0xF0, 0x18, 0x76, 0x8B,
+        0x76, 0x3A, 0xF3, 0x67, 0x8B, 0x47, 0x80, 0x08,
+        0x9C, 0x13, 0x42, 0xB9, 0x69, 0x07, 0xA2, 0x9A,
+        0x1C, 0x11, 0x52, 0x1C, 0x74, 0x4C, 0x27, 0x97,
+        0xD0, 0xBF, 0x2B, 0x9C, 0xCD, 0xCA, 0x61, 0x46,
+        0x72, 0xB4, 0x50, 0x76, 0x77, 0x3F, 0x45, 0x8A,
+        0x31, 0xEF, 0x86, 0x9B, 0xE1, 0xEB, 0x2E, 0xFE,
+        0xB5, 0x0D, 0x0E, 0x37, 0x49, 0x5D, 0xC5, 0xCA,
+        0x55, 0xE0, 0x75, 0x28, 0x93, 0x4F, 0x62, 0x93,
+        0xC4, 0x16, 0x80, 0x27, 0xD0, 0xE5, 0x3D, 0x07,
+        0xFA, 0xCC, 0x66, 0x30, 0xCB, 0x08, 0x19, 0x7E,
+        0x53, 0xFB, 0x19, 0x3A, 0x17, 0x11, 0x35, 0xDC,
+        0x8A, 0xD9, 0x97, 0x94, 0x02, 0xA7, 0x1B, 0x69,
+        0x26, 0xBC, 0xDC, 0xDC, 0x47, 0xB9, 0x34, 0x01,
+        0x91, 0x0A, 0x5F, 0xCC, 0x1A, 0x81, 0x3B, 0x68,
+        0x2B, 0x09, 0xBA, 0x7A, 0x72, 0xD2, 0x48, 0x6D,
+        0x6C, 0x79, 0x95, 0x16, 0x46, 0x5C, 0x14, 0x72,
+        0x9B, 0x26, 0x94, 0x9B, 0x0B, 0x7C, 0xBC, 0x7C,
+        0x64, 0x0F, 0x26, 0x7F, 0xED, 0x80, 0xB1, 0x62,
+        0xC5, 0x1F, 0xD8, 0xE0, 0x92, 0x27, 0xC1, 0x01,
+        0xD5, 0x05, 0xA8, 0xFA, 0xE8, 0xA2, 0xD7, 0x05,
+        0x4E, 0x28, 0xA7, 0x8B, 0xA8, 0x75, 0x0D, 0xEC,
+        0xF9, 0x05, 0x7C, 0x83, 0x97, 0x9F, 0x7A, 0xBB,
+        0x08, 0x49, 0x45, 0x64, 0x80, 0x06, 0xC5, 0xB2,
+        0x88, 0x04, 0xF3, 0x4E, 0x73, 0xB2, 0x38, 0x11,
+        0x1A, 0x65, 0xA1, 0xF5, 0x00, 0xB1, 0xCC, 0x60,
+        0x6A, 0x84, 0x8F, 0x28, 0x59, 0x07, 0x0B, 0xEB,
+        0xA7, 0x57, 0x31, 0x79, 0xF3, 0x61, 0x49, 0xCF,
+        0x58, 0x01, 0xBF, 0x89, 0xA1, 0xC3, 0x8C, 0xC2,
+        0x78, 0x41, 0x55, 0x28, 0xD0, 0x3B, 0xDB, 0x94,
+        0x3F, 0x96, 0x28, 0x0C, 0x8C, 0xC5, 0x20, 0x42,
+        0xD9, 0xB9, 0x1F, 0xAA, 0x9D, 0x6E, 0xA7, 0xBC,
+        0xBB, 0x7A, 0xB1, 0x89, 0x7A, 0x32, 0x66, 0x96,
+        0x6F, 0x78, 0x39, 0x34, 0x26, 0xC7, 0x6D, 0x8A,
+        0x49, 0x57, 0x8B, 0x98, 0xB1, 0x59, 0xEB, 0xB4,
+        0x6E, 0xE0, 0xA8, 0x83, 0xA2, 0x70, 0xD8, 0x05,
+        0x7C, 0xD0, 0x23, 0x1C, 0x86, 0x90, 0x6A, 0x91,
+        0xDB, 0xBA, 0xDE, 0x6B, 0x24, 0x69, 0x58, 0x1E,
+        0x2B, 0xCA, 0x2F, 0xEA, 0x83, 0x89, 0xF7, 0xC7,
+        0x4B, 0xCD, 0x70, 0x96, 0x1E, 0xA5, 0xB9, 0x34,
+        0xFB, 0xCF, 0x9A, 0x65, 0x90, 0xBF, 0x86, 0xB8,
+        0xDB, 0x54, 0x88, 0x54, 0xD9, 0xA3, 0xFB, 0x30,
+        0x11, 0x04, 0x33, 0xBD, 0x7A, 0x1B, 0x65, 0x9C,
+        0xA8, 0x56, 0x80, 0x85, 0x63, 0x92, 0x37, 0xB3,
+        0xBD, 0xC3, 0x7B, 0x7F, 0xA7, 0x16, 0xD4, 0x82,
+        0xA2, 0x5B, 0x54, 0x10, 0x6B, 0x3A, 0x8F, 0x54,
+        0xD3, 0xAA, 0x99, 0xB5, 0x12, 0x3D, 0xA9, 0x60,
+        0x66, 0x90, 0x45, 0x92, 0xF3, 0xA5, 0x4E, 0xE2,
+        0x3A, 0x79, 0x81, 0xAB, 0x60, 0x8A, 0x2F, 0x44,
+        0x13, 0xCC, 0x65, 0x89, 0x46, 0xC6, 0xD7, 0x78,
+        0x0E, 0xA7, 0x65, 0x64, 0x4B, 0x3C, 0xC0, 0x6C,
+        0x70, 0x03, 0x4A, 0xB4, 0xEB, 0x35, 0x19, 0x12,
+        0xE7, 0x71, 0x5B, 0x56, 0x75, 0x5D, 0x09, 0x02,
+        0x15, 0x71, 0xBF, 0x34, 0x0A, 0xB9, 0x25, 0x98,
+        0xA2, 0x4E, 0x81, 0x18, 0x93, 0x19, 0x5B, 0x96,
+        0xA1, 0x62, 0x9F, 0x80, 0x41, 0xF5, 0x86, 0x58,
+        0x43, 0x15, 0x61, 0xFC, 0x0A, 0xB1, 0x52, 0x92,
+        0xB9, 0x13, 0xEC, 0x47, 0x3F, 0x04, 0x47, 0x9B,
+        0xC1, 0x45, 0xCD, 0x4C, 0x56, 0x3A, 0x28, 0x62,
+        0x35, 0x64, 0x6C, 0xD3, 0x05, 0xA9, 0xBE, 0x10,
+        0x14, 0xE2, 0xC7, 0xB1, 0x30, 0xC3, 0x3E, 0xB7,
+        0x7C, 0xC4, 0xA0, 0xD9, 0x78, 0x6B, 0xD6, 0xBC,
+        0x2A, 0x95, 0x4B, 0xF3, 0x00, 0x57, 0x78, 0xF8,
+        0x91, 0x7C, 0xE1, 0x37, 0x89, 0xBB, 0xB9, 0x62,
+        0x80, 0x78, 0x58, 0xB6, 0x77, 0x31, 0x57, 0x2B,
+        0x6D, 0x3C, 0x9B, 0x4B, 0x52, 0x06, 0xFA, 0xC9,
+        0xA7, 0xC8, 0x96, 0x16, 0x98, 0xD8, 0x83, 0x24,
+        0xA9, 0x15, 0x18, 0x68, 0x99, 0xB2, 0x99, 0x23,
+        0xF0, 0x84, 0x42, 0xA3, 0xD3, 0x86, 0xBD, 0x41,
+        0x6B, 0xCC, 0x9A, 0x10, 0x01, 0x64, 0xC9, 0x30,
+        0xEC, 0x35, 0xEA, 0xFB, 0x6A, 0xB3, 0x58, 0x51,
+        0xB6, 0xC8, 0xCE, 0x63, 0x77, 0x36, 0x6A, 0x17,
+        0x5F, 0x3D, 0x75, 0x29, 0x8C, 0x51, 0x8D, 0x44,
+        0x89, 0x89, 0x33, 0xF5, 0x3D, 0xEE, 0x61, 0x71,
+        0x45, 0x09, 0x33, 0x79, 0xC4, 0x65, 0x9F, 0x68,
+        0x58, 0x3B, 0x2B, 0x28, 0x12, 0x26, 0x66, 0xBE,
+        0xC5, 0x78, 0x38, 0x99, 0x1F, 0xF1, 0x6C, 0x36,
+        0x8D, 0xD2, 0x2C, 0x36, 0xE7, 0x80, 0xC9, 0x1A,
+        0x35, 0x82, 0xE2, 0x5E, 0x19, 0x79, 0x4C, 0x6B,
+        0xF2, 0xAB, 0x42, 0x45, 0x8A, 0x8D, 0xD7, 0x70,
+        0x5D, 0xE2, 0xC2, 0xAA, 0x20, 0xC0, 0x54, 0xE8,
+        0x4B, 0x3E, 0xF3, 0x50, 0x32, 0x79, 0x86, 0x26,
+        0xC2, 0x48, 0x26, 0x32, 0x53, 0xA7, 0x1A, 0x11,
+        0x94, 0x35, 0x71, 0x34, 0x0A, 0x97, 0x8C, 0xD0,
+        0xA6, 0x02, 0xE4, 0x7D, 0xEE, 0x54, 0x0A, 0x88,
+        0x14, 0xBA, 0x06, 0xF3, 0x14, 0x14, 0x79, 0x7C,
+        0xDF, 0x60, 0x49, 0x58, 0x23, 0x61, 0xBB, 0xAB,
+        0xA3, 0x87, 0xA8, 0x3D, 0x89, 0x91, 0x3F, 0xE4,
+        0xC0, 0xC1, 0x12, 0xB9, 0x56, 0x21, 0xA4, 0xBD,
+        0xA8, 0x12, 0x3A, 0x14, 0xD1, 0xA8, 0x42, 0xFB,
+        0x57, 0xB8, 0x3A, 0x4F, 0xBA, 0xF3, 0x3A, 0x8E,
+        0x55, 0x22, 0x38, 0xA5, 0x96, 0xAA, 0xE7, 0xA1,
+        0x50, 0xD7, 0x5D, 0xA6, 0x48, 0xBC, 0x44, 0x64,
+        0x49, 0x77, 0xBA, 0x1F, 0x87, 0xA4, 0xC6, 0x8A,
+        0x8C, 0x4B, 0xD2, 0x45, 0xB7, 0xD0, 0x07, 0x21,
+        0xF7, 0xD6, 0x4E, 0x82, 0x2B, 0x08, 0x5B, 0x90,
+        0x13, 0x12, 0xEC, 0x37, 0xA8, 0x16, 0x98, 0x02,
+        0x16, 0x0C, 0xCE, 0x11, 0x60, 0xF0, 0x10, 0xBE,
+        0x8C, 0xBC, 0xAC, 0xE8, 0xE7, 0xB0, 0x05, 0xD7,
+        0x83, 0x92, 0x34, 0xA7, 0x07, 0x86, 0x83, 0x09,
+        0xD0, 0x37, 0x84, 0xB4, 0x27, 0x3B, 0x1C, 0x8A,
+        0x16, 0x01, 0x33, 0xED, 0x29, 0x81, 0x84, 0x70,
+        0x46, 0x25, 0xF2, 0x9C, 0xFA, 0x08, 0x6D, 0x13,
+        0x26, 0x3E, 0xE5, 0x89, 0x91, 0x23, 0xC5, 0x96,
+        0xBA, 0x78, 0x8E, 0x5C, 0x54, 0xA8, 0xE9, 0xBA,
+        0x82, 0x9B, 0x8A, 0x9D, 0x90, 0x4B, 0xC4, 0xBC,
+        0x0B, 0xBE, 0xA7, 0x6B, 0xC5, 0x3F, 0xF8, 0x11,
+        0x21, 0x45, 0x98, 0x47, 0x2C, 0x9C, 0x20, 0x2B,
+        0x73, 0xEF, 0xF0, 0x35, 0xDC, 0x09, 0x70, 0x3A,
+        0xF7, 0xBF, 0x1B, 0xAB, 0xAA, 0xC7, 0x31, 0x93,
+        0xCB, 0x46, 0x11, 0x7A, 0x7C, 0x94, 0x92, 0xA4,
+        0x3F, 0xC9, 0x57, 0x89, 0xA9, 0x24, 0xC5, 0x91,
+        0x27, 0x87, 0xB2, 0xE2, 0x09, 0x0E, 0xBB, 0xCF,
+        0xD3, 0x79, 0x62, 0x21, 0xF0, 0x6D, 0xEB, 0xF9,
+        0xCF, 0x70, 0xE0, 0x56, 0xB8, 0xB9, 0x16, 0x1D,
+        0x63, 0x47, 0xF4, 0x73, 0x35, 0xF3, 0xE1, 0x77,
+        0x6D, 0xA4, 0xBB, 0x87, 0xC1, 0x5C, 0xC8, 0x26,
+        0x14, 0x6F, 0xF0, 0x24, 0x9A, 0x41, 0x3B, 0x45,
+        0xAA, 0x93, 0xA8, 0x05, 0x19, 0x6E, 0xA4, 0x53,
+        0x11, 0x4B, 0x52, 0x4E, 0x31, 0x0A, 0xED, 0xAA,
+        0x46, 0xE3, 0xB9, 0x96, 0x42, 0x36, 0x87, 0x82,
+        0x56, 0x6D, 0x04, 0x9A, 0x72, 0x6D, 0x6C, 0xCA,
+        0x91, 0x09, 0x93, 0xAE, 0xD6, 0x21, 0xD0, 0x14,
+        0x9E, 0xA5, 0x88, 0xA9, 0xAB, 0xD9, 0x09, 0xDB,
+        0xB6, 0x9A, 0xA2, 0x28, 0x29, 0xD9, 0xB8, 0x3A,
+        0xDA, 0x22, 0x09, 0xA6, 0xC2, 0x65, 0x9F, 0x21,
+        0x69, 0xD6, 0x68, 0xB9, 0x31, 0x48, 0x42, 0xC6,
+        0xE2, 0x2A, 0x74, 0x95, 0x8B, 0x4C, 0x25, 0xBB,
+        0xDC, 0xD2, 0x93, 0xD9, 0x9C, 0xB6, 0x09, 0xD8,
+        0x66, 0x74, 0x9A, 0x48, 0x5D, 0xFB, 0x56, 0x02,
+        0x48, 0x83, 0xCF, 0x54, 0x65, 0xDB, 0xA0, 0x36,
+        0x32, 0x06, 0x58, 0x7F, 0x45, 0x59, 0x7F, 0x89,
+        0x00, 0x2F, 0xB8, 0x60, 0x72, 0x32, 0x13, 0x8E,
+        0x03, 0xB2, 0xA8, 0x94, 0x52, 0x5F, 0x26, 0x53,
+        0x70, 0x05, 0x4B, 0x48, 0x86, 0x36, 0x14, 0x47,
+        0x2B, 0x95, 0xD0, 0xA2, 0x30, 0x34, 0x42, 0xE3,
+        0x78, 0xB0, 0xDD, 0x1C, 0x75, 0xAC, 0xBA, 0xB9,
+        0x71, 0xA9, 0xA8, 0xD1, 0x28, 0x1C, 0x79, 0x61,
+        0x3A, 0xCE, 0xC6, 0x93, 0x3C, 0x37, 0x7B, 0x3C,
+        0x57, 0x8C, 0x2A, 0x61, 0xA1, 0xEC, 0x18, 0x1B,
+        0x10, 0x12, 0x97, 0xA3, 0x7C, 0xC5, 0x19, 0x7B,
+        0x29, 0x42, 0xF6, 0xA0, 0xE4, 0x70, 0x4C, 0x0E,
+        0xC6, 0x35, 0x40, 0x48, 0x1B, 0x9F, 0x15, 0x9D,
+        0xC2, 0x55, 0xB5, 0x9B, 0xB5, 0x5D, 0xF4, 0x96,
+        0xAE, 0x54, 0x21, 0x7B, 0x76, 0x89, 0xBD, 0x51,
+        0xDB, 0xA0, 0x38, 0x3A, 0x3D, 0x72, 0xD8, 0x52,
+        0xFF, 0xCA, 0x76, 0xDF, 0x05, 0xB6, 0x6E, 0xEC,
+        0xCB, 0xD4, 0x7B, 0xC5, 0x30, 0x40, 0x81, 0x76,
+        0x28, 0xC7, 0x1E, 0x36, 0x1D, 0x6A, 0xF8, 0x89,
+        0x08, 0x49, 0x16, 0xB4, 0x08, 0xA4, 0x66, 0xC9,
+        0x6E, 0x70, 0x86, 0xC4, 0xA6, 0x0A, 0x10, 0xFC,
+        0xF7, 0x53, 0x7B, 0xB9, 0x4A, 0xFB, 0xCC, 0x7D,
+        0x43, 0x75, 0x90, 0x91, 0x9C, 0x28, 0x65, 0x0C,
+        0x4F, 0x23, 0x68, 0x25, 0x92, 0x26, 0xA9, 0xBF,
+        0xDA, 0x3A, 0x3A, 0x0B, 0xA1, 0xB5, 0x08, 0x7D,
+        0x9D, 0x76, 0x44, 0x2F, 0xD7, 0x86, 0xC6, 0xF8,
+        0x1C, 0x68, 0xC0, 0x36, 0x0D, 0x71, 0x94, 0xD7,
+        0x07, 0x2C, 0x45, 0x33, 0xAE, 0xA8, 0x6C, 0x2D,
+        0x1F, 0x8C, 0x0A, 0x27, 0x69, 0x60, 0x66, 0xF6,
+        0xCF, 0xD1, 0x10, 0x03, 0xF7, 0x97, 0x27, 0x0B,
+        0x32, 0x38, 0x97, 0x13, 0xCF, 0xFA, 0x09, 0x3D,
+        0x99, 0x1B, 0x63, 0x84, 0x4C, 0x38, 0x5E, 0x72,
+        0x27, 0x7F, 0x16, 0x6F, 0x5A, 0x39, 0x34, 0xD6,
+        0xBB, 0x89, 0xA4, 0x78, 0x8D, 0xE2, 0x83, 0x21,
+        0xDE, 0xFC, 0x74, 0x57, 0xAB, 0x48, 0x4B, 0xD3,
+        0x09, 0x86, 0xDC, 0x1D, 0xAB, 0x30, 0x08, 0xCD,
+        0x7B, 0x22, 0xF6, 0x97, 0x02, 0xFA, 0xBB, 0x9A,
+        0x10, 0x45, 0x40, 0x7D, 0xA4, 0x79, 0x1C, 0x35,
+        0x90, 0xFF, 0x59, 0x9D, 0x81, 0xD6, 0x88, 0xCF,
+        0xA7, 0xCC, 0x12, 0xA6, 0x8C, 0x50, 0xF5, 0x1A,
+        0x10, 0x09, 0x41, 0x1B, 0x44, 0x85, 0x0F, 0x90,
+        0x15, 0xDC, 0x84, 0xA9, 0x3B, 0x17, 0xC7, 0xA2,
+        0x07, 0x55, 0x2C, 0x66, 0x1E, 0xA9, 0x83, 0x8E,
+        0x31, 0xB9, 0x5E, 0xAD, 0x54, 0x62, 0x48, 0xE5,
+        0x6B, 0xE7, 0xA5, 0x13, 0x05, 0x05, 0x26, 0x87,
+        0x71, 0x19, 0x98, 0x80, 0xA1, 0x41, 0x77, 0x1A,
+        0x9E, 0x47, 0xAC, 0xFE, 0xD5, 0x90, 0xCB, 0x3A,
+        0xA7, 0xCB, 0x7C, 0x5F, 0x74, 0x91, 0x1D, 0x89,
+        0x12, 0xC2, 0x9D, 0x62, 0x33, 0xF4, 0xD5, 0x3B,
+        0xC6, 0x41, 0x39, 0xE2, 0xF5, 0x5B, 0xE7, 0x55,
+        0x07, 0xDD, 0x77, 0x86, 0x8E, 0x38, 0x4A, 0xEC,
+        0x58, 0x1F, 0x3F, 0x41, 0x1D, 0xB1, 0xA7, 0x42,
+        0x97, 0x2D, 0x3E, 0xBF, 0xD3, 0x31, 0x5C, 0x84,
+        0xA5, 0xAD, 0x63, 0xA0, 0xE7, 0x5C, 0x8B, 0xCA,
+        0x3E, 0x30, 0x41, 0xE0, 0x5D, 0x90, 0x67, 0xAF,
+        0xF3, 0xB1, 0x24, 0x4F, 0x76, 0x3E, 0x79, 0x83
+    };
+    static const byte seed_1024[WC_ML_KEM_ENC_RAND_SZ] = {
+        0x59, 0xC5, 0x15, 0x4C, 0x04, 0xAE, 0x43, 0xAA,
+        0xFF, 0x32, 0x70, 0x0F, 0x08, 0x17, 0x00, 0x38,
+        0x9D, 0x54, 0xBE, 0xC4, 0xC3, 0x7C, 0x08, 0x8B,
+        0x1C, 0x53, 0xF6, 0x62, 0x12, 0xB1, 0x2C, 0x72
+    };
+    static const byte c_1024[WC_ML_KEM_1024_CIPHER_TEXT_SIZE] = {
+        0xE2, 0xD5, 0xFD, 0x4C, 0x13, 0xCE, 0xA0, 0xB5,
+        0x2D, 0x87, 0x4F, 0xEA, 0x90, 0x12, 0xF3, 0xA5,
+        0x17, 0x43, 0xA1, 0x09, 0x37, 0x10, 0xBB, 0xF2,
+        0x39, 0x50, 0xF9, 0x14, 0x7A, 0x47, 0x2E, 0xE5,
+        0x53, 0x39, 0x28, 0xA2, 0xF4, 0x6D, 0x59, 0x2F,
+        0x35, 0xDA, 0x8B, 0x4F, 0x75, 0x8C, 0x89, 0x3B,
+        0x0D, 0x7B, 0x98, 0x94, 0x8B, 0xE4, 0x47, 0xB1,
+        0x7C, 0xB2, 0xAE, 0x58, 0xAF, 0x8A, 0x48, 0x9D,
+        0xDD, 0x92, 0x32, 0xB9, 0x9B, 0x1C, 0x0D, 0x2D,
+        0xE7, 0x7C, 0xAA, 0x47, 0x2B, 0xC3, 0xBB, 0xD4,
+        0xA7, 0xC6, 0x0D, 0xBF, 0xDC, 0xA9, 0x2E, 0xBF,
+        0x3A, 0x1C, 0xE1, 0xC2, 0x2D, 0xAD, 0x13, 0xE8,
+        0x87, 0x00, 0x4E, 0x29, 0x24, 0xFD, 0x22, 0x65,
+        0x6F, 0x5E, 0x50, 0x87, 0x91, 0xDE, 0x06, 0xD8,
+        0x5E, 0x1A, 0x14, 0x26, 0x80, 0x8E, 0xD9, 0xA8,
+        0x9F, 0x6E, 0x2F, 0xD3, 0xC2, 0x45, 0xD4, 0x75,
+        0x8B, 0x22, 0xB0, 0x2C, 0xAD, 0xE3, 0x3B, 0x60,
+        0xFC, 0x88, 0x9A, 0x33, 0xFC, 0x44, 0x47, 0xED,
+        0xEB, 0xBF, 0xD4, 0x53, 0x0D, 0xE8, 0x65, 0x96,
+        0xA3, 0x37, 0x89, 0xD5, 0xDB, 0xA6, 0xE6, 0xEC,
+        0x9F, 0x89, 0x87, 0x9A, 0xF4, 0xBE, 0x49, 0x09,
+        0xA6, 0x90, 0x17, 0xC9, 0xBB, 0x7A, 0x5E, 0x31,
+        0x81, 0x5E, 0xA5, 0xF1, 0x32, 0xEE, 0xC4, 0x98,
+        0x4F, 0xAA, 0x7C, 0xCF, 0x59, 0x4D, 0xD0, 0x0D,
+        0x4D, 0x84, 0x87, 0xE4, 0x56, 0x21, 0xAF, 0x8F,
+        0x6E, 0x33, 0x05, 0x51, 0x43, 0x9C, 0x93, 0xEC,
+        0x07, 0x8A, 0x7A, 0x3C, 0xC1, 0x59, 0x4A, 0xF9,
+        0x1F, 0x84, 0x17, 0x37, 0x5F, 0xD6, 0x08, 0x8C,
+        0xEB, 0x5E, 0x85, 0xC6, 0x70, 0x99, 0x09, 0x1B,
+        0xAC, 0x11, 0x49, 0x8A, 0x0D, 0x71, 0x14, 0x55,
+        0xF5, 0xE0, 0xD9, 0x5C, 0xD7, 0xBB, 0xE5, 0xCD,
+        0xD8, 0xFE, 0xCB, 0x31, 0x9E, 0x68, 0x53, 0xC2,
+        0x3C, 0x9B, 0xE2, 0xC7, 0x63, 0xDF, 0x57, 0x86,
+        0x66, 0xC4, 0x0A, 0x40, 0xA8, 0x74, 0x86, 0xE4,
+        0x6B, 0xA8, 0x71, 0x61, 0x46, 0x19, 0x29, 0x04,
+        0x51, 0x0A, 0x6D, 0xC5, 0x9D, 0xA8, 0x02, 0x58,
+        0x25, 0x28, 0x3D, 0x68, 0x4D, 0xB9, 0x14, 0x10,
+        0xB4, 0xF1, 0x2C, 0x6D, 0x8F, 0xBD, 0x0A, 0xDD,
+        0x75, 0xD3, 0x09, 0x89, 0x18, 0xCB, 0x04, 0xAC,
+        0x7B, 0xC4, 0xDB, 0x0D, 0x6B, 0xCD, 0xF1, 0x19,
+        0x4D, 0xD8, 0x62, 0x92, 0xE0, 0x5B, 0x7B, 0x86,
+        0x30, 0x62, 0x5B, 0x58, 0x9C, 0xC5, 0x09, 0xD2,
+        0x15, 0xBB, 0xD0, 0x6A, 0x2E, 0x7C, 0x66, 0xF4,
+        0x24, 0xCD, 0xF8, 0xC4, 0x0A, 0xC6, 0xC1, 0xE5,
+        0xAE, 0x6C, 0x96, 0x4B, 0x7D, 0x9E, 0x92, 0xF9,
+        0x5F, 0xC5, 0xC8, 0x85, 0x22, 0x81, 0x62, 0x8B,
+        0x81, 0xB9, 0xAF, 0xAB, 0xC7, 0xF0, 0x3B, 0xE3,
+        0xF6, 0x2E, 0x80, 0x47, 0xBB, 0x88, 0xD0, 0x1C,
+        0x68, 0x68, 0x7B, 0x8D, 0xD4, 0xFE, 0x63, 0x82,
+        0x00, 0x62, 0xB6, 0x78, 0x8A, 0x53, 0x72, 0x90,
+        0x53, 0x82, 0x6E, 0xD3, 0xB7, 0xC7, 0xEF, 0x82,
+        0x41, 0xE1, 0x9C, 0x85, 0x11, 0x7B, 0x3C, 0x53,
+        0x41, 0x88, 0x1D, 0x4F, 0x29, 0x9E, 0x50, 0x37,
+        0x4C, 0x8E, 0xEF, 0xD5, 0x56, 0x0B, 0xD1, 0x83,
+        0x19, 0xA7, 0x96, 0x3A, 0x3D, 0x02, 0xF0, 0xFB,
+        0xE8, 0x4B, 0xC4, 0x84, 0xB5, 0xA4, 0x01, 0x8B,
+        0x97, 0xD2, 0x74, 0x19, 0x1C, 0x95, 0xF7, 0x02,
+        0xBA, 0xB9, 0xB0, 0xD1, 0x05, 0xFA, 0xF9, 0xFD,
+        0xCF, 0xF9, 0x7E, 0x43, 0x72, 0x36, 0x56, 0x75,
+        0x99, 0xFA, 0xF7, 0x3B, 0x07, 0x5D, 0x40, 0x61,
+        0x04, 0xD4, 0x03, 0xCD, 0xF8, 0x12, 0x24, 0xDA,
+        0x59, 0x0B, 0xEC, 0x28, 0x97, 0xE3, 0x01, 0x09,
+        0xE1, 0xF2, 0xE5, 0xAE, 0x46, 0x10, 0xC8, 0x09,
+        0xA7, 0x3F, 0x63, 0x8C, 0x84, 0x21, 0x0B, 0x34,
+        0x47, 0xA7, 0xC8, 0xB6, 0xDD, 0xDB, 0x5A, 0xE2,
+        0x00, 0xBF, 0x20, 0xE2, 0xFE, 0x4D, 0x4B, 0xA6,
+        0xC6, 0xB1, 0x27, 0x67, 0xFB, 0x87, 0x60, 0xF6,
+        0x6C, 0x51, 0x18, 0xE7, 0xA9, 0x93, 0x5B, 0x41,
+        0xC9, 0xA4, 0x71, 0xA1, 0xD3, 0x23, 0x76, 0x88,
+        0xC1, 0xE6, 0x18, 0xCC, 0x3B, 0xE9, 0x36, 0xAA,
+        0x3F, 0x5E, 0x44, 0xE0, 0x86, 0x82, 0x0B, 0x81,
+        0x0E, 0x06, 0x32, 0x11, 0xFC, 0x21, 0xC4, 0x04,
+        0x4B, 0x3A, 0xC4, 0xD0, 0x0D, 0xF1, 0xBC, 0xC7,
+        0xB2, 0x4D, 0xC0, 0x7B, 0xA4, 0x8B, 0x23, 0xB0,
+        0xFC, 0x12, 0xA3, 0xED, 0x3D, 0x0A, 0x5C, 0xF7,
+        0x67, 0x14, 0x15, 0xAB, 0x9C, 0xF2, 0x12, 0x86,
+        0xFE, 0x63, 0xFB, 0x41, 0x41, 0x85, 0x70, 0x55,
+        0x5D, 0x47, 0x39, 0xB8, 0x81, 0x04, 0xA8, 0x59,
+        0x3F, 0x29, 0x30, 0x25, 0xA4, 0xE3, 0xEE, 0x7C,
+        0x67, 0xE4, 0xB4, 0x8E, 0x40, 0xF6, 0xBA, 0x8C,
+        0x09, 0x86, 0x0C, 0x3F, 0xBB, 0xE5, 0x5D, 0x45,
+        0xB4, 0x5F, 0xC9, 0xAB, 0x62, 0x9B, 0x17, 0xC2,
+        0x76, 0xC9, 0xC9, 0xE2, 0xAF, 0x3A, 0x04, 0x3B,
+        0xEA, 0xFC, 0x18, 0xFD, 0x4F, 0x25, 0xEE, 0x7F,
+        0x83, 0xBD, 0xDC, 0xD2, 0xD9, 0x39, 0x14, 0xB7,
+        0xED, 0x4F, 0x7C, 0x9A, 0xF1, 0x27, 0xF3, 0xF1,
+        0x5C, 0x27, 0x7B, 0xE1, 0x65, 0x51, 0xFE, 0xF3,
+        0xAE, 0x03, 0xD7, 0xB9, 0x14, 0x3F, 0x0C, 0x9C,
+        0x01, 0x9A, 0xB9, 0x7E, 0xEA, 0x07, 0x63, 0x66,
+        0x13, 0x1F, 0x51, 0x83, 0x63, 0x71, 0x1B, 0x34,
+        0xE9, 0x6D, 0x3F, 0x8A, 0x51, 0x3F, 0x3E, 0x20,
+        0xB1, 0xD4, 0x52, 0xC4, 0xB7, 0xAE, 0x3B, 0x97,
+        0x5E, 0xA9, 0x4D, 0x88, 0x0D, 0xAC, 0x66, 0x93,
+        0x39, 0x97, 0x50, 0xD0, 0x22, 0x20, 0x40, 0x3F,
+        0x0D, 0x3E, 0x3F, 0xC1, 0x17, 0x2A, 0x4D, 0xE9,
+        0xDC, 0x28, 0x0E, 0xAF, 0x0F, 0xEE, 0x28, 0x83,
+        0xA6, 0x66, 0x0B, 0xF5, 0xA3, 0xD2, 0x46, 0xFF,
+        0x41, 0xD2, 0x1B, 0x36, 0xEA, 0x52, 0x1C, 0xF7,
+        0xAA, 0x68, 0x9F, 0x80, 0x0D, 0x0F, 0x86, 0xF4,
+        0xFA, 0x10, 0x57, 0xD8, 0xA1, 0x3F, 0x9D, 0xA8,
+        0xFF, 0xFD, 0x0D, 0xC1, 0xFA, 0xD3, 0xC0, 0x4B,
+        0xB1, 0xCC, 0xCB, 0x7C, 0x83, 0x4D, 0xB0, 0x51,
+        0xA7, 0xAC, 0x2E, 0x4C, 0x60, 0x30, 0x19, 0x96,
+        0xC9, 0x30, 0x71, 0xEA, 0x41, 0x6B, 0x42, 0x17,
+        0x59, 0x93, 0x56, 0x59, 0xCF, 0x62, 0xCA, 0x5F,
+        0x13, 0xAE, 0x07, 0xC3, 0xB1, 0x95, 0xC1, 0x48,
+        0x15, 0x9D, 0x8B, 0xEB, 0x03, 0xD4, 0x40, 0xB0,
+        0x0F, 0x53, 0x05, 0x76, 0x5F, 0x20, 0xC0, 0xC4,
+        0x6E, 0xEE, 0x59, 0xC6, 0xD1, 0x62, 0x06, 0x40,
+        0x2D, 0xB1, 0xC7, 0x15, 0xE8, 0x88, 0xBD, 0xE5,
+        0x9C, 0x78, 0x1F, 0x35, 0xA7, 0xCC, 0x7C, 0x1C,
+        0x5E, 0xCB, 0x21, 0x55, 0xAE, 0x3E, 0x95, 0x9C,
+        0x09, 0x64, 0xCC, 0x1E, 0xF8, 0xD7, 0xC6, 0x9D,
+        0x14, 0x58, 0xA9, 0xA4, 0x2F, 0x95, 0xF4, 0xC6,
+        0xB5, 0xB9, 0x96, 0x34, 0x57, 0x12, 0xAA, 0x29,
+        0x0F, 0xBB, 0xF7, 0xDF, 0xD4, 0xA6, 0xE8, 0x64,
+        0x63, 0x02, 0x2A, 0x3F, 0x47, 0x25, 0xF6, 0x51,
+        0x1B, 0xF7, 0xEA, 0x5E, 0x95, 0xC7, 0x07, 0xCD,
+        0x35, 0x73, 0x60, 0x9A, 0xAD, 0xEA, 0xF5, 0x40,
+        0x15, 0x2C, 0x49, 0x5F, 0x37, 0xFE, 0x6E, 0xC8,
+        0xBB, 0x9F, 0xA2, 0xAA, 0x61, 0xD1, 0x57, 0x35,
+        0x93, 0x4F, 0x47, 0x37, 0x92, 0x8F, 0xDE, 0x90,
+        0xBA, 0x99, 0x57, 0x22, 0x46, 0x5D, 0x4A, 0x64,
+        0x50, 0x5A, 0x52, 0x01, 0xF0, 0x7A, 0xA5, 0x8C,
+        0xFD, 0x8A, 0xE2, 0x26, 0xE0, 0x20, 0x70, 0xB2,
+        0xDB, 0xF5, 0x12, 0xB9, 0x75, 0x31, 0x9A, 0x7E,
+        0x87, 0x53, 0xB4, 0xFD, 0xAE, 0x0E, 0xB4, 0x92,
+        0x28, 0x69, 0xCC, 0x8E, 0x25, 0xC4, 0xA5, 0x56,
+        0x0C, 0x2A, 0x06, 0x85, 0xDE, 0x3A, 0xC3, 0x92,
+        0xA8, 0x92, 0x5B, 0xA8, 0x82, 0x00, 0x48, 0x94,
+        0x74, 0x2E, 0x43, 0xCC, 0xFC, 0x27, 0x74, 0x39,
+        0xEC, 0x80, 0x50, 0xA9, 0xAE, 0xB4, 0x29, 0x32,
+        0xE0, 0x1C, 0x84, 0x0D, 0xFC, 0xED, 0xCC, 0x34,
+        0xD3, 0x99, 0x12, 0x89, 0xA6, 0x2C, 0x17, 0xD1,
+        0x28, 0x4C, 0x83, 0x95, 0x14, 0xB9, 0x33, 0x51,
+        0xDB, 0xB2, 0xDD, 0xA8, 0x1F, 0x92, 0x45, 0x65,
+        0xD7, 0x0E, 0x70, 0x79, 0xD5, 0xB8, 0x12, 0x6C,
+        0xAA, 0xB7, 0xA4, 0xA1, 0xC7, 0x31, 0x65, 0x5A,
+        0x53, 0xBC, 0xC0, 0x9F, 0x5D, 0x63, 0xEC, 0x90,
+        0x86, 0xDE, 0xA6, 0x50, 0x05, 0x59, 0x85, 0xED,
+        0xFA, 0x82, 0x97, 0xD9, 0xC9, 0x54, 0x10, 0xC5,
+        0xD1, 0x89, 0x4D, 0x17, 0xD5, 0x93, 0x05, 0x49,
+        0xAD, 0xBC, 0x2B, 0x87, 0x33, 0xC9, 0x9F, 0xE6,
+        0x2E, 0x17, 0xC4, 0xDE, 0x34, 0xA5, 0xD8, 0x9B,
+        0x12, 0xD1, 0x8E, 0x42, 0xA4, 0x22, 0xD2, 0xCE,
+        0x77, 0x9C, 0x2C, 0x28, 0xEB, 0x2D, 0x98, 0x00,
+        0x3D, 0x5C, 0xD3, 0x23, 0xFC, 0xBE, 0xCF, 0x02,
+        0xB5, 0x06, 0x6E, 0x0E, 0x73, 0x48, 0x10, 0xF0,
+        0x9E, 0xD8, 0x90, 0x13, 0xC0, 0x0F, 0x01, 0x1B,
+        0xD2, 0x20, 0xF2, 0xE5, 0xD6, 0xA3, 0x62, 0xDF,
+        0x90, 0x59, 0x91, 0x98, 0xA0, 0x93, 0xB0, 0x3C,
+        0x8D, 0x8E, 0xFB, 0xFE, 0x0B, 0x61, 0x75, 0x92,
+        0xFA, 0xF1, 0xE6, 0x42, 0x20, 0xC4, 0x44, 0x0B,
+        0x53, 0xFF, 0xB4, 0x71, 0x64, 0xF3, 0x69, 0xC9,
+        0x52, 0x90, 0xBA, 0x9F, 0x31, 0x08, 0xD6, 0x86,
+        0xC5, 0x7D, 0xB6, 0x45, 0xC5, 0x3C, 0x01, 0x2E,
+        0x57, 0xAF, 0x25, 0xBD, 0x66, 0x93, 0xE2, 0xCC,
+        0x6B, 0x57, 0x65, 0x1A, 0xF1, 0x59, 0x1F, 0xE5,
+        0xD8, 0x91, 0x66, 0x40, 0xEC, 0x01, 0x7C, 0x25,
+        0x3D, 0xF0, 0x60, 0x6B, 0xB6, 0xB3, 0x03, 0x5F,
+        0xAE, 0x74, 0x8F, 0x3D, 0x40, 0x34, 0x22, 0x3B,
+        0x1B, 0x5E, 0xFB, 0xF5, 0x28, 0x3E, 0x77, 0x8C,
+        0x10, 0x94, 0x29, 0x1C, 0xF7, 0xB1, 0x9B, 0xE0,
+        0xF3, 0x17, 0x35, 0x0E, 0x6F, 0x85, 0x18, 0xFD,
+        0xE0, 0xEF, 0xB1, 0x38, 0x1F, 0xB6, 0xE1, 0x6C,
+        0x24, 0x1F, 0x7F, 0x17, 0xA5, 0x21, 0x06, 0x93,
+        0xA2, 0x74, 0x15, 0x9E, 0x7F, 0xAC, 0x86, 0x8C,
+        0xD0, 0xDC, 0x43, 0x59, 0xC3, 0xD9, 0xEE, 0xFE,
+        0xA0, 0xD9, 0xE3, 0x1E, 0x43, 0xFA, 0x65, 0x13,
+        0x92, 0xC6, 0x5A, 0x54, 0x3A, 0x59, 0xB3, 0xEE,
+        0xE3, 0xA6, 0x39, 0xDC, 0x94, 0x17, 0xD0, 0x56,
+        0xA5, 0xFF, 0x0F, 0x16, 0x0B, 0xEE, 0xE2, 0xEA,
+        0xC2, 0x9A, 0x7D, 0x88, 0xC0, 0x98, 0x2C, 0xF7,
+        0x0B, 0x5A, 0x46, 0x37, 0x9F, 0x21, 0xE5, 0x06,
+        0xAA, 0xC6, 0x1A, 0x9B, 0xB1, 0xB8, 0xC2, 0xB9,
+        0xDA, 0xB0, 0xE4, 0x4A, 0x82, 0x3B, 0x61, 0xD0,
+        0xAA, 0x11, 0xD9, 0x4F, 0x76, 0xA4, 0xA8, 0xE2,
+        0x1F, 0x9D, 0x42, 0x80, 0x68, 0x32, 0x08, 0xF4,
+        0xEA, 0x91, 0x11, 0x16, 0xF6, 0xFD, 0x6A, 0x97,
+        0x42, 0x69, 0x34, 0xEC, 0x34, 0x26, 0xB8, 0xC8,
+        0xF7, 0x03, 0xDA, 0x85, 0xE9, 0xDC, 0xF9, 0x93,
+        0x36, 0x13, 0x60, 0x03, 0x72, 0x8B, 0x8E, 0xCD,
+        0xD0, 0x4A, 0x38, 0x9F, 0x6A, 0x81, 0x7A, 0x78,
+        0xBF, 0xA6, 0x1B, 0xA4, 0x60, 0x20, 0xBF, 0x3C,
+        0x34, 0x82, 0x95, 0x08, 0xF9, 0xD0, 0x6D, 0x15,
+        0x53, 0xCD, 0x98, 0x7A, 0xAC, 0x38, 0x0D, 0x86,
+        0xF1, 0x68, 0x84, 0x3B, 0xA3, 0x90, 0x4D, 0xE5,
+        0xF7, 0x05, 0x8A, 0x41, 0xB4, 0xCD, 0x38, 0x8B,
+        0xC9, 0xCE, 0x3A, 0xBA, 0x7E, 0xE7, 0x13, 0x9B,
+        0x7F, 0xC9, 0xE5, 0xB8, 0xCF, 0xAA, 0xA3, 0x89,
+        0x90, 0xBD, 0x4A, 0x5D, 0xB3, 0x2E, 0x26, 0x13,
+        0xE7, 0xEC, 0x4F, 0x5F, 0x8B, 0x12, 0x92, 0xA3,
+        0x8C, 0x6F, 0x4F, 0xF5, 0xA4, 0x04, 0x90, 0xD7,
+        0x6B, 0x12, 0x66, 0x52, 0xFC, 0xF8, 0x6E, 0x24,
+        0x52, 0x35, 0xD6, 0x36, 0xC6, 0x5C, 0xD1, 0x02,
+        0xB0, 0x1E, 0x22, 0x78, 0x1A, 0x72, 0x91, 0x8C
+    };
+    static const byte k_1024[WC_ML_KEM_SS_SZ] = {
+        0x72, 0x64, 0xBD, 0xE5, 0xC6, 0xCE, 0xC1, 0x48,
+        0x49, 0x69, 0x3E, 0x2C, 0x3C, 0x86, 0xE4, 0x8F,
+        0x80, 0x95, 0x8A, 0x4F, 0x61, 0x86, 0xFC, 0x69,
+        0x33, 0x3A, 0x41, 0x48, 0xE6, 0xE4, 0x97, 0xF3
+    };
+#endif
+    static byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE];
+    static byte ss[WC_ML_KEM_SS_SZ];
+
+    key = (MlKemKey*)XMALLOC(sizeof(MlKemKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(MlKemKey));
+    }
+
+#ifndef WOLFSSL_NO_ML_KEM_512
+    ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_512, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_MlKemKey_DecodePublicKey(key, ek_512, sizeof(ek_512)), 0);
+    ExpectIntEQ(wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, seed_512,
+        sizeof(seed_512)), 0);
+    ExpectIntEQ(XMEMCMP(ct, c_512, WC_ML_KEM_512_CIPHER_TEXT_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(ss, k_512, WC_ML_KEM_SS_SZ), 0);
+    wc_MlKemKey_Free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_768, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_MlKemKey_DecodePublicKey(key, ek_768, sizeof(ek_768)), 0);
+    ExpectIntEQ(wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, seed_768,
+        sizeof(seed_768)), 0);
+    ExpectIntEQ(XMEMCMP(ct, c_768, WC_ML_KEM_768_CIPHER_TEXT_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(ss, k_768, WC_ML_KEM_SS_SZ), 0);
+    wc_MlKemKey_Free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_1024, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_MlKemKey_DecodePublicKey(key, ek_1024, sizeof(ek_1024)), 0);
+    ExpectIntEQ(wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, seed_1024,
+        sizeof(seed_1024)), 0);
+    ExpectIntEQ(XMEMCMP(ct, c_1024, WC_ML_KEM_1024_CIPHER_TEXT_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(ss, k_1024, WC_ML_KEM_SS_SZ), 0);
+    wc_MlKemKey_Free(key);
+#endif
+
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_mlkem_decapsulate_kats(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_HAVE_MLKEM) && defined(WOLFSSL_WC_MLKEM) && \
+    !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+    MlKemKey* key;
+#ifndef WOLFSSL_NO_ML_KEM_512
+    static const byte dk_512[WC_ML_KEM_512_PRIVATE_KEY_SIZE] = {
+        0x69, 0xF9, 0xCB, 0xFD, 0x12, 0x37, 0xBA, 0x16,
+        0x1C, 0xF6, 0xE6, 0xC1, 0x8F, 0x48, 0x8F, 0xC6,
+        0xE3, 0x9A, 0xB4, 0xA5, 0xC9, 0xE6, 0xC2, 0x2E,
+        0xA4, 0xE3, 0xAD, 0x8F, 0x26, 0x7A, 0x9C, 0x44,
+        0x20, 0x10, 0xD3, 0x2E, 0x61, 0xF8, 0x3E, 0x6B,
+        0xFA, 0x5C, 0x58, 0x70, 0x61, 0x45, 0x37, 0x6D,
+        0xBB, 0x84, 0x95, 0x28, 0xF6, 0x80, 0x07, 0xC8,
+        0x22, 0xB3, 0x3A, 0x95, 0xB8, 0x49, 0x04, 0xDC,
+        0xD2, 0x70, 0x8D, 0x03, 0x40, 0xC8, 0xB8, 0x08,
+        0xBC, 0xD3, 0xAA, 0xD0, 0xE4, 0x8B, 0x85, 0x84,
+        0x95, 0x83, 0xA1, 0xB4, 0xE5, 0x94, 0x5D, 0xD9,
+        0x51, 0x4A, 0x7F, 0x64, 0x61, 0xE0, 0x57, 0xB7,
+        0xEC, 0xF6, 0x19, 0x57, 0xE9, 0x7C, 0xF6, 0x28,
+        0x15, 0xF9, 0xC3, 0x22, 0x94, 0xB3, 0x26, 0xE1,
+        0xA1, 0xC4, 0xE3, 0x60, 0xB9, 0x49, 0x8B, 0xA8,
+        0x0F, 0x8C, 0xA9, 0x15, 0x32, 0xB1, 0x71, 0xD0,
+        0xAE, 0xFC, 0x48, 0x49, 0xFA, 0x53, 0xBC, 0x61,
+        0x79, 0x32, 0xE2, 0x08, 0xA6, 0x77, 0xC6, 0x04,
+        0x4A, 0x66, 0x00, 0xB8, 0xD8, 0xB8, 0x3F, 0x26,
+        0xA7, 0x47, 0xB1, 0x8C, 0xFB, 0x78, 0xBE, 0xAF,
+        0xC5, 0x51, 0xAD, 0x52, 0xB7, 0xCA, 0x6C, 0xB8,
+        0x8F, 0x3B, 0x5D, 0x9C, 0xE2, 0xAF, 0x6C, 0x67,
+        0x95, 0x6C, 0x47, 0x8C, 0xEF, 0x49, 0x1F, 0x59,
+        0xE0, 0x19, 0x1B, 0x3B, 0xBE, 0x92, 0x9B, 0x94,
+        0xB6, 0x66, 0xC1, 0x76, 0x13, 0x8B, 0x00, 0xF4,
+        0x97, 0x24, 0x34, 0x1E, 0xE2, 0xE1, 0x64, 0xB9,
+        0x4C, 0x05, 0x3C, 0x18, 0x5A, 0x51, 0xF9, 0x3E,
+        0x00, 0xF3, 0x68, 0x61, 0x61, 0x3A, 0x7F, 0xD7,
+        0x2F, 0xEB, 0xD2, 0x3A, 0x8B, 0x96, 0xA2, 0x60,
+        0x23, 0x42, 0x39, 0xC9, 0x62, 0x8F, 0x99, 0x5D,
+        0xC1, 0x38, 0x07, 0xB4, 0x3A, 0x69, 0x46, 0x81,
+        0x67, 0xCB, 0x1A, 0x8F, 0x9D, 0xD0, 0x7E, 0xE3,
+        0xB3, 0x32, 0x38, 0xF6, 0x30, 0x96, 0xEB, 0xC4,
+        0x9D, 0x50, 0x51, 0xC4, 0xB6, 0x59, 0x63, 0xD7,
+        0x4A, 0x47, 0x66, 0xC2, 0x26, 0xF0, 0xB9, 0x4F,
+        0x18, 0x62, 0xC2, 0x12, 0x4C, 0x8C, 0x74, 0x97,
+        0x48, 0xC0, 0xBC, 0x4D, 0xC1, 0x4C, 0xB3, 0x49,
+        0x06, 0xB8, 0x1C, 0x55, 0x24, 0xFB, 0x81, 0x00,
+        0x79, 0x85, 0x42, 0xDC, 0x6C, 0xC2, 0xAA, 0x0A,
+        0x70, 0x85, 0x75, 0xEA, 0xBC, 0xC1, 0x1F, 0x96,
+        0xA9, 0xE6, 0x1C, 0x01, 0x7A, 0x96, 0xA7, 0xCE,
+        0x93, 0xC4, 0x20, 0x91, 0x73, 0x71, 0x13, 0xAE,
+        0x78, 0x3C, 0x0A, 0xE8, 0x75, 0x5E, 0x59, 0x41,
+        0x11, 0xED, 0xFA, 0xBF, 0xD8, 0x6C, 0x32, 0x12,
+        0xC6, 0x12, 0xA7, 0xB6, 0x2A, 0xFD, 0x3C, 0x7A,
+        0x5C, 0x78, 0xB2, 0xF0, 0x73, 0x44, 0xB7, 0x89,
+        0xC2, 0xB2, 0xDB, 0xB5, 0xF4, 0x44, 0x8B, 0xE9,
+        0x7B, 0xBA, 0x42, 0x33, 0xC0, 0x03, 0x9C, 0x0F,
+        0xE8, 0x43, 0x00, 0xF9, 0xB0, 0x3A, 0xC9, 0x94,
+        0x97, 0xE6, 0xD4, 0x6B, 0x6E, 0x95, 0x30, 0x8F,
+        0xF8, 0x47, 0x90, 0xF6, 0x12, 0xCF, 0x18, 0x6E,
+        0xC1, 0x68, 0x11, 0xE8, 0x0C, 0x17, 0x93, 0x16,
+        0xA6, 0x3B, 0x25, 0x70, 0x3F, 0x60, 0xB8, 0x42,
+        0xB6, 0x19, 0x07, 0xE6, 0x28, 0x94, 0xE7, 0x36,
+        0x64, 0x7B, 0x3C, 0x09, 0xDA, 0x6F, 0xEC, 0x59,
+        0x32, 0x78, 0x2B, 0x36, 0xE0, 0x63, 0x50, 0x85,
+        0xA3, 0x94, 0x9E, 0x69, 0x4D, 0x7E, 0x17, 0xCB,
+        0xA3, 0xD9, 0x06, 0x43, 0x30, 0x43, 0x8C, 0x07,
+        0x1B, 0x58, 0x36, 0xA7, 0x70, 0xC5, 0x5F, 0x62,
+        0x13, 0xCC, 0x14, 0x25, 0x84, 0x5D, 0xE5, 0xA3,
+        0x34, 0xD7, 0x5D, 0x3E, 0x50, 0x58, 0xC7, 0x80,
+        0x9F, 0xDA, 0x4B, 0xCD, 0x78, 0x19, 0x1D, 0xA9,
+        0x79, 0x73, 0x25, 0xE6, 0x23, 0x6C, 0x26, 0x50,
+        0xFC, 0x60, 0x4E, 0xE4, 0x3A, 0x83, 0xCE, 0xB3,
+        0x49, 0x80, 0x08, 0x44, 0x03, 0xA3, 0x32, 0x59,
+        0x85, 0x79, 0x07, 0x79, 0x9A, 0x9D, 0x2A, 0x71,
+        0x3A, 0x63, 0x3B, 0x5C, 0x90, 0x47, 0x27, 0xF6,
+        0x1E, 0x42, 0x52, 0x09, 0x91, 0xD6, 0x55, 0x70,
+        0x5C, 0xB6, 0xBC, 0x1B, 0x74, 0xAF, 0x60, 0x71,
+        0x3E, 0xF8, 0x71, 0x2F, 0x14, 0x08, 0x68, 0x69,
+        0xBE, 0x8E, 0xB2, 0x97, 0xD2, 0x28, 0xB3, 0x25,
+        0xA0, 0x60, 0x9F, 0xD6, 0x15, 0xEA, 0xB7, 0x08,
+        0x15, 0x40, 0xA6, 0x1A, 0x82, 0xAB, 0xF4, 0x3B,
+        0x7D, 0xF9, 0x8A, 0x59, 0x5B, 0xE1, 0x1F, 0x41,
+        0x6B, 0x41, 0xE1, 0xEB, 0x75, 0xBB, 0x57, 0x97,
+        0x7C, 0x25, 0xC6, 0x4E, 0x97, 0x43, 0x7D, 0x88,
+        0xCA, 0x5F, 0xDA, 0x61, 0x59, 0xD6, 0x68, 0xF6,
+        0xBA, 0xB8, 0x15, 0x75, 0x55, 0xB5, 0xD5, 0x4C,
+        0x0F, 0x47, 0xCB, 0xCD, 0x16, 0x84, 0x3B, 0x1A,
+        0x0A, 0x0F, 0x02, 0x10, 0xEE, 0x31, 0x03, 0x13,
+        0x96, 0x7F, 0x3D, 0x51, 0x64, 0x99, 0x01, 0x8F,
+        0xDF, 0x31, 0x14, 0x77, 0x24, 0x70, 0xA1, 0x88,
+        0x9C, 0xC0, 0x6C, 0xB6, 0xB6, 0x69, 0x0A, 0xC3,
+        0x1A, 0xBC, 0xFA, 0xF4, 0xBC, 0x70, 0x76, 0x84,
+        0x54, 0x5B, 0x00, 0x0B, 0x58, 0x0C, 0xCB, 0xFC,
+        0xBC, 0xE9, 0xFA, 0x70, 0xAA, 0xEA, 0x0B, 0xBD,
+        0x91, 0x10, 0x99, 0x2A, 0x7C, 0x6C, 0x06, 0xCB,
+        0x36, 0x85, 0x27, 0xFD, 0x22, 0x90, 0x90, 0x75,
+        0x7E, 0x6F, 0xE7, 0x57, 0x05, 0xFA, 0x59, 0x2A,
+        0x76, 0x08, 0xF0, 0x50, 0xC6, 0xF8, 0x87, 0x03,
+        0xCC, 0x28, 0xCB, 0x00, 0x0C, 0x1D, 0x7E, 0x77,
+        0xB8, 0x97, 0xB7, 0x2C, 0x62, 0xBC, 0xC7, 0xAE,
+        0xA2, 0x1A, 0x57, 0x72, 0x94, 0x83, 0xD2, 0x21,
+        0x18, 0x32, 0xBE, 0xD6, 0x12, 0x43, 0x0C, 0x98,
+        0x31, 0x03, 0xC6, 0x9E, 0x8C, 0x07, 0x2C, 0x0E,
+        0xA7, 0x89, 0x8F, 0x22, 0x83, 0xBE, 0xC4, 0x8C,
+        0x5A, 0xC8, 0x19, 0x84, 0xD4, 0xA5, 0xA8, 0x36,
+        0x19, 0x73, 0x5A, 0x84, 0x2B, 0xD1, 0x72, 0xC0,
+        0xD1, 0xB3, 0x9F, 0x43, 0x58, 0x8A, 0xF1, 0x70,
+        0x45, 0x8B, 0xA9, 0xEE, 0x74, 0x92, 0xEA, 0xAA,
+        0x94, 0xEA, 0x53, 0xA4, 0xD3, 0x84, 0x98, 0xEC,
+        0xBB, 0x98, 0xA5, 0xF4, 0x07, 0xE7, 0xC9, 0x7B,
+        0x4E, 0x16, 0x6E, 0x39, 0x71, 0x92, 0xC2, 0x16,
+        0x03, 0x30, 0x14, 0xB8, 0x78, 0xE9, 0x38, 0x07,
+        0x5C, 0x6C, 0x1F, 0x10, 0xA0, 0x06, 0x5A, 0xBC,
+        0x31, 0x63, 0x72, 0x2F, 0x1A, 0x2E, 0xFF, 0xEC,
+        0x8D, 0x6E, 0x3A, 0x0C, 0x4F, 0x71, 0x74, 0xFC,
+        0x16, 0xB7, 0x9F, 0xB5, 0x18, 0x6A, 0x75, 0x16,
+        0x8F, 0x81, 0xA5, 0x6A, 0xA4, 0x8A, 0x20, 0xA0,
+        0x4B, 0xDD, 0xF1, 0x82, 0xC6, 0xE1, 0x79, 0xC3,
+        0xF6, 0x90, 0x61, 0x55, 0x5E, 0xF7, 0x39, 0x6D,
+        0xD0, 0xB7, 0x49, 0x96, 0x01, 0xA6, 0xEB, 0x3A,
+        0x96, 0xA9, 0xA2, 0x2D, 0x04, 0xF1, 0x16, 0x8D,
+        0xB5, 0x63, 0x55, 0xB0, 0x76, 0x00, 0xA2, 0x03,
+        0x70, 0x63, 0x7B, 0x64, 0x59, 0x76, 0xBB, 0xD9,
+        0x7B, 0x6D, 0x62, 0x88, 0xA0, 0xD3, 0x03, 0x63,
+        0x60, 0x47, 0x2E, 0x3A, 0xC7, 0x1D, 0x56, 0x6D,
+        0xB8, 0xFB, 0xB1, 0xB1, 0xD7, 0x6C, 0xB7, 0x55,
+        0xCD, 0x0D, 0x68, 0xBD, 0xBF, 0xC0, 0x48, 0xEB,
+        0xA2, 0x52, 0x5E, 0xEA, 0x9D, 0xD5, 0xB1, 0x44,
+        0xFB, 0x3B, 0x60, 0xFB, 0xC3, 0x42, 0x39, 0x32,
+        0x0C, 0xBC, 0x06, 0x9B, 0x35, 0xAB, 0x16, 0xB8,
+        0x75, 0x65, 0x36, 0xFB, 0x33, 0xE8, 0xA6, 0xAF,
+        0x1D, 0xD4, 0x2C, 0x79, 0xF4, 0x8A, 0xD1, 0x20,
+        0xAE, 0x4B, 0x15, 0x9D, 0x3D, 0x8C, 0x31, 0x90,
+        0x60, 0xCC, 0xE5, 0x69, 0xC3, 0xF6, 0x03, 0x53,
+        0x65, 0x58, 0x5D, 0x34, 0x41, 0x37, 0x95, 0xA6,
+        0xA1, 0x8E, 0xC5, 0x13, 0x6A, 0xB1, 0x3C, 0x90,
+        0xE3, 0xAF, 0x14, 0xC0, 0xB8, 0xA4, 0x64, 0xC8,
+        0x6B, 0x90, 0x73, 0x22, 0x2B, 0x56, 0xB3, 0xF7,
+        0x32, 0x8A, 0xEA, 0x79, 0x81, 0x55, 0x32, 0x59,
+        0x11, 0x25, 0x0E, 0xF0, 0x16, 0xD7, 0x28, 0x02,
+        0xE3, 0x87, 0x8A, 0xA5, 0x05, 0x40, 0xCC, 0x98,
+        0x39, 0x56, 0x97, 0x1D, 0x6E, 0xFA, 0x35, 0x2C,
+        0x02, 0x55, 0x4D, 0xC7, 0x60, 0xA5, 0xA9, 0x13,
+        0x58, 0xEA, 0x56, 0x37, 0x08, 0x84, 0xFD, 0x5B,
+        0x3F, 0x85, 0xB7, 0x0E, 0x83, 0xE4, 0x69, 0x7D,
+        0xEB, 0x17, 0x05, 0x16, 0x9E, 0x9C, 0x60, 0xA7,
+        0x45, 0x28, 0xCF, 0x15, 0x28, 0x1C, 0xB1, 0xB1,
+        0xC4, 0x57, 0xD4, 0x67, 0xB5, 0xF9, 0x3A, 0x60,
+        0x37, 0x3D, 0x10, 0xE0, 0xCF, 0x6A, 0x83, 0x7A,
+        0xA3, 0xC9, 0x59, 0x6A, 0x72, 0xBE, 0xC2, 0x9B,
+        0x2D, 0x7E, 0x58, 0x65, 0x3D, 0x53, 0x30, 0x61,
+        0xD3, 0x81, 0xD5, 0x17, 0x59, 0x75, 0x22, 0x17,
+        0xEB, 0x46, 0xCA, 0xC7, 0x80, 0x7C, 0x4A, 0xD3,
+        0x8B, 0x61, 0x16, 0x44, 0xAC, 0xF0, 0xA3, 0xF2,
+        0x6B, 0x6B, 0x08, 0x4A, 0xB4, 0x7A, 0x83, 0xBF,
+        0x0D, 0x69, 0x6F, 0x8A, 0x47, 0x68, 0xFC, 0x35,
+        0xBC, 0xA6, 0xBC, 0x79, 0x03, 0xB2, 0xA2, 0x37,
+        0xC2, 0x77, 0x49, 0xF5, 0x51, 0x0C, 0x86, 0x38,
+        0x69, 0xE6, 0xAE, 0x56, 0xBB, 0x2A, 0xFE, 0x47,
+        0x71, 0xC9, 0x22, 0x18, 0x74, 0xF5, 0x0F, 0x5B,
+        0x14, 0xBA, 0xAD, 0x59, 0x93, 0xB4, 0x92, 0x38,
+        0xFD, 0x0A, 0x0C, 0x9F, 0x79, 0xB7, 0xB4, 0x58,
+        0x4E, 0x41, 0x30, 0x1F, 0x7A, 0x88, 0x5C, 0x9F,
+        0x91, 0x81, 0x9B, 0xEA, 0x00, 0xD5, 0x12, 0x58,
+        0x17, 0x30, 0x53, 0x9F, 0xB3, 0x7E, 0x59, 0xE8,
+        0x6A, 0x6D, 0x19, 0xCA, 0x25, 0xF0, 0xA8, 0x11,
+        0xC9, 0xB4, 0x28, 0xBA, 0x86, 0x14, 0xAA, 0x4F,
+        0x94, 0x80, 0x7B, 0xC0, 0x31, 0xCB, 0xCC, 0x18,
+        0x3F, 0x3B, 0xF0, 0x7F, 0xE2, 0xC1, 0xA6, 0xEB,
+        0xA8, 0x0D, 0x5A, 0x70, 0x6E, 0xE0, 0xDA, 0xB2,
+        0x7E, 0x23, 0x14, 0x58, 0x02, 0x5D, 0x84, 0xA7,
+        0xA9, 0xB0, 0x23, 0x05, 0x01, 0x11, 0x6C, 0x29,
+        0x0A, 0x6B, 0xB5, 0x06, 0x26, 0xD9, 0x7B, 0x93,
+        0x98, 0x50, 0x94, 0x28, 0x28, 0x39, 0x0B, 0x0A,
+        0x20, 0x01, 0xB7, 0x85, 0x3A, 0xD1, 0xAE, 0x9B,
+        0x01, 0x1B, 0x2D, 0xB3, 0x6C, 0xAE, 0xEA, 0x73,
+        0xA2, 0x32, 0x8E, 0x3C, 0x56, 0x48, 0x5B, 0x49,
+        0x1C, 0x29, 0x91, 0x15, 0xA0, 0x17, 0xC9, 0x07,
+        0xAB, 0x54, 0x31, 0x72, 0x60, 0xA5, 0x93, 0xA0,
+        0xD7, 0xBA, 0x6D, 0x06, 0x61, 0x5D, 0x6E, 0x2C,
+        0xA8, 0x4B, 0x86, 0x0E, 0xFF, 0x3C, 0xCB, 0x59,
+        0x72, 0x11, 0xBF, 0xE3, 0x6B, 0xDE, 0xF8, 0x06,
+        0x9A, 0xFA, 0x36, 0xC5, 0xA7, 0x33, 0x92, 0x72,
+        0x26, 0x50, 0xE4, 0x95, 0x7D, 0xCA, 0x59, 0x7A,
+        0xCB, 0xA5, 0x60, 0x5B, 0x63, 0xC1, 0x63, 0xCF,
+        0xA9, 0x4B, 0x64, 0xDD, 0xD6, 0x23, 0x01, 0xA4,
+        0x33, 0x20, 0x83, 0x36, 0x19, 0x72, 0x58, 0x9D,
+        0xB0, 0x59, 0x9A, 0x69, 0x4D, 0xD4, 0x54, 0x7A,
+        0x5E, 0xE9, 0x19, 0x65, 0x77, 0xC2, 0x2E, 0xD4,
+        0x27, 0xAC, 0x89, 0xBB, 0x8B, 0xA3, 0x75, 0x3E,
+        0xB7, 0x6C, 0x41, 0xF2, 0xC1, 0x12, 0x9C, 0x8A,
+        0x77, 0xD6, 0x80, 0x5F, 0xA7, 0x19, 0xB1, 0xB6,
+        0xCA, 0x11, 0xB7, 0x40, 0xA7, 0x8A, 0x3D, 0x41,
+        0xB5, 0x33, 0x05, 0x26, 0xAB, 0x87, 0xD5, 0x8D,
+        0x59, 0x25, 0x31, 0x5A, 0x14, 0x85, 0xED, 0xC6,
+        0x47, 0xC1, 0x60, 0x4E, 0xB3, 0x81, 0x38, 0xDE,
+        0x63, 0x7A, 0xD2, 0xC6, 0xCA, 0x5B, 0xE4, 0x4E,
+        0x10, 0x08, 0xB2, 0xC0, 0x86, 0x7B, 0x22, 0x9C,
+        0xCC, 0x36, 0x61, 0x9E, 0x27, 0x58, 0xC4, 0xC2,
+        0x02, 0x9E, 0xAE, 0xB2, 0x6E, 0x7A, 0x80, 0x3F,
+        0xCA, 0x30, 0x5A, 0x59, 0xCD, 0x58, 0x5E, 0x11,
+        0x7D, 0x69, 0x8E, 0xCE, 0x01, 0x1C, 0xC3, 0xFC,
+        0xE5, 0x4D, 0x2E, 0x11, 0x45, 0x45, 0xA2, 0x1A,
+        0xC5, 0xBE, 0x67, 0x71, 0xAB, 0x8F, 0x13, 0x12,
+        0x2F, 0xAD, 0x29, 0x5E, 0x74, 0x5A, 0x50, 0x3B,
+        0x14, 0x2F, 0x91, 0xAE, 0xF7, 0xBD, 0xE9, 0x99,
+        0x98, 0x84, 0x5F, 0xDA, 0x04, 0x35, 0x55, 0xC9,
+        0xC1, 0xEE, 0x53, 0x5B, 0xE1, 0x25, 0xE5, 0xDC,
+        0xE5, 0xD2, 0x66, 0x66, 0x7E, 0x72, 0x3E, 0x67,
+        0xB6, 0xBA, 0x89, 0x1C, 0x16, 0xCB, 0xA1, 0x74,
+        0x09, 0x8A, 0x3F, 0x35, 0x17, 0x78, 0xB0, 0x88,
+        0x8C, 0x95, 0x90, 0xA9, 0x09, 0x0C, 0xD4, 0x04
+    };
+    static const byte c_512[WC_ML_KEM_512_CIPHER_TEXT_SIZE] = {
+        0x16, 0x1C, 0xD2, 0x59, 0xFE, 0xAA, 0x7E, 0xC6,
+        0xB2, 0x86, 0x49, 0x8A, 0x9A, 0x6F, 0x69, 0xF8,
+        0xB2, 0x62, 0xA2, 0xE2, 0x09, 0x3D, 0x0F, 0xBD,
+        0x76, 0xD5, 0xDC, 0x1C, 0x9F, 0xDE, 0x0D, 0xED,
+        0xB3, 0x65, 0x81, 0x00, 0x4C, 0xB4, 0x81, 0x12,
+        0xF8, 0x52, 0xE7, 0xF8, 0x7F, 0x64, 0x9E, 0x8A,
+        0x42, 0xCD, 0x9E, 0x03, 0x49, 0xE7, 0xDA, 0xBD,
+        0xF0, 0xA9, 0xAC, 0x1B, 0x52, 0x1C, 0x37, 0xEA,
+        0x52, 0x41, 0x37, 0x0A, 0x8A, 0xB2, 0x91, 0x1C,
+        0xC7, 0x99, 0x02, 0xC9, 0x5D, 0x28, 0x22, 0x4F,
+        0xA8, 0x89, 0x6A, 0xD7, 0x15, 0x20, 0x9E, 0xCD,
+        0xD5, 0xD7, 0x84, 0xE9, 0x1D, 0xD9, 0xD0, 0xBE,
+        0x91, 0x6B, 0x45, 0x65, 0xF4, 0xD5, 0x66, 0x9A,
+        0xEE, 0x0D, 0xEF, 0x93, 0x1E, 0x97, 0x68, 0x29,
+        0x4E, 0xEC, 0x52, 0x58, 0xDE, 0x83, 0x91, 0xEC,
+        0xE2, 0x71, 0xE7, 0xE4, 0xCF, 0xD9, 0xD2, 0x3A,
+        0x79, 0xFA, 0xC3, 0xA8, 0xE0, 0xDB, 0x5D, 0xDD,
+        0x6E, 0x01, 0x07, 0x23, 0x56, 0x88, 0xBB, 0xDF,
+        0x7B, 0xC5, 0xD5, 0x63, 0x2F, 0x20, 0x6C, 0x63,
+        0xA0, 0xC9, 0x56, 0x4F, 0x30, 0x96, 0x5C, 0xA5,
+        0x8C, 0x69, 0xFF, 0x92, 0xD2, 0x5A, 0x4F, 0x93,
+        0xA0, 0x9E, 0xAB, 0x9B, 0x90, 0x85, 0x94, 0x7E,
+        0x07, 0x8A, 0x23, 0xE4, 0xD9, 0xC1, 0x3B, 0x8A,
+        0x56, 0xE7, 0x3E, 0x18, 0xDF, 0x42, 0xD6, 0x94,
+        0x9F, 0xAF, 0x59, 0x21, 0xF2, 0xE3, 0x73, 0xD4,
+        0x50, 0xC8, 0xC0, 0x9D, 0x07, 0xB1, 0x52, 0xA9,
+        0x7C, 0x24, 0x54, 0x47, 0x42, 0x94, 0x81, 0xD4,
+        0x98, 0xBE, 0xB7, 0x25, 0x6B, 0xC4, 0x7F, 0x68,
+        0xF9, 0x92, 0x2B, 0x0B, 0x1C, 0x62, 0xD9, 0xC2,
+        0x3F, 0x9F, 0x73, 0x3D, 0xD7, 0x37, 0x92, 0xCF,
+        0xC7, 0xB4, 0x3C, 0xBC, 0xEA, 0x27, 0x7D, 0x51,
+        0xB2, 0xB8, 0xAD, 0x4A, 0x4F, 0x52, 0x2F, 0x64,
+        0x2C, 0xAD, 0x5C, 0x5D, 0xEB, 0x21, 0xF3, 0x62,
+        0x7F, 0x8A, 0xF4, 0xD3, 0xE5, 0xBC, 0x9E, 0x91,
+        0xD4, 0xCB, 0x2F, 0x12, 0x4B, 0x5B, 0xD7, 0xC2,
+        0xF4, 0xA0, 0x50, 0xCA, 0x75, 0x5B, 0xDB, 0x80,
+        0x56, 0x60, 0x96, 0x63, 0xFB, 0x95, 0x11, 0xC9,
+        0xAD, 0x83, 0xB5, 0x03, 0x90, 0x88, 0xCC, 0x01,
+        0xF0, 0xDD, 0x54, 0x35, 0x3B, 0x0D, 0xD7, 0x43,
+        0x3F, 0x0C, 0x6C, 0xEE, 0x0D, 0x07, 0x59, 0x59,
+        0x81, 0x0D, 0xEC, 0x54, 0x16, 0x52, 0x2B, 0xB1,
+        0xF1, 0xF6, 0x55, 0x47, 0xA0, 0xC2, 0xE9, 0xCC,
+        0x9B, 0xC1, 0x7F, 0x8D, 0x39, 0xD2, 0x93, 0x09,
+        0xEB, 0xE7, 0x9F, 0x21, 0x33, 0x1B, 0x75, 0xE1,
+        0x2A, 0xF2, 0xE9, 0x3F, 0x03, 0xF7, 0x4F, 0x7F,
+        0x87, 0xD3, 0x60, 0xF1, 0xDA, 0xF8, 0x6C, 0xED,
+        0x73, 0x60, 0x92, 0xA2, 0x11, 0xA8, 0x15, 0x88,
+        0x59, 0xC4, 0x2E, 0x22, 0x3C, 0xFE, 0x2E, 0x6E,
+        0x55, 0x34, 0x37, 0xD8, 0x05, 0x76, 0xCF, 0xD1,
+        0x94, 0x4E, 0x97, 0xEE, 0xFF, 0x9B, 0x49, 0xE5,
+        0xEC, 0xCF, 0xC6, 0x78, 0xEE, 0x16, 0x52, 0x68,
+        0xDF, 0xE3, 0xD3, 0x59, 0x6B, 0x4B, 0x86, 0x20,
+        0x4A, 0x81, 0xC6, 0x06, 0x3B, 0x0C, 0xDC, 0xE6,
+        0x19, 0xFD, 0xBB, 0x96, 0xDF, 0x7D, 0xE6, 0xE0,
+        0xBD, 0x52, 0x70, 0xB4, 0xD5, 0x9C, 0x4D, 0xC5,
+        0x08, 0x47, 0x6E, 0x7F, 0x07, 0x08, 0xF9, 0x8C,
+        0x7A, 0x4F, 0x66, 0x45, 0xC4, 0x9D, 0x06, 0x10,
+        0x0C, 0x76, 0x0C, 0x59, 0x95, 0x28, 0xD1, 0xB8,
+        0xBB, 0xFE, 0x62, 0x81, 0x91, 0xCC, 0x08, 0x3C,
+        0x8D, 0x22, 0x5A, 0x09, 0x3F, 0x9F, 0x17, 0xE3,
+        0x55, 0x74, 0x98, 0x6F, 0x86, 0xBA, 0xA4, 0x68,
+        0x98, 0xB5, 0x89, 0xF3, 0xCB, 0x7D, 0xB4, 0x6A,
+        0x45, 0xF3, 0xED, 0xD4, 0xFA, 0xC2, 0x08, 0x08,
+        0xF4, 0xCD, 0x02, 0x49, 0xDA, 0x69, 0x3F, 0x8F,
+        0xAB, 0xFB, 0xD4, 0xE1, 0x0C, 0x02, 0xC6, 0x5B,
+        0xA8, 0xC8, 0x61, 0x0F, 0xA8, 0xC6, 0xDF, 0x3D,
+        0xBA, 0xEB, 0x67, 0x63, 0xDD, 0x48, 0x2A, 0xF4,
+        0x15, 0x58, 0xB1, 0xE1, 0x5C, 0xC9, 0xC7, 0xA7,
+        0x2E, 0x07, 0x16, 0x85, 0xAC, 0x19, 0xA0, 0x51,
+        0xF1, 0x92, 0x45, 0xB9, 0xF7, 0x7C, 0x30, 0x38,
+        0xA5, 0x4E, 0x29, 0x58, 0x62, 0x3E, 0xB8, 0x10,
+        0x59, 0x55, 0x60, 0x9E, 0x27, 0xD6, 0x7C, 0xF7,
+        0x2E, 0xC5, 0xC4, 0xA8, 0xE9, 0xB9, 0xC2, 0x92,
+        0x4A, 0x9E, 0x22, 0x98, 0x50, 0x8B, 0xAB, 0xA1,
+        0x3C, 0xF1, 0x11, 0xFD, 0xFB, 0x06, 0x2C, 0x96,
+        0x07, 0xAC, 0x1A, 0xAA, 0x6C, 0x63, 0x73, 0x10,
+        0xA8, 0x89, 0x4B, 0xF0, 0xB9, 0x6F, 0x0C, 0x19,
+        0x13, 0x61, 0x86, 0xB6, 0x18, 0xDF, 0xFB, 0x27,
+        0x55, 0x28, 0xBE, 0xD1, 0xCC, 0x27, 0x15, 0xDE,
+        0xF4, 0x12, 0xF7, 0x7A, 0x3C, 0xF9, 0x66, 0x45,
+        0x73, 0x3B, 0x04, 0x8A, 0x78, 0x47, 0x43, 0x20,
+        0xD1, 0xA3, 0x80, 0xF5, 0xEE, 0xDB, 0xDA, 0x21,
+        0xFA, 0x01, 0x25, 0xC9, 0x1D, 0x3C, 0x37, 0xC5,
+        0x4B, 0xF3, 0x75, 0x2A, 0x1F, 0x84, 0x71, 0xC8,
+        0x1F, 0xCA, 0xE2, 0xD3, 0xED, 0xA9, 0x66, 0xE1,
+        0x4E, 0x66, 0xF2, 0x23, 0xB0, 0x54, 0xD7, 0x98,
+        0x48, 0xFF, 0x94, 0x11, 0xD6, 0x34, 0x02, 0x4A,
+        0x09, 0x89, 0x70, 0xAD, 0xE6, 0xA8, 0x8B, 0x5F,
+        0x90, 0x69, 0xF7, 0x60, 0x58, 0x4D, 0xC4, 0xCF,
+        0xFF, 0xCE, 0xA8, 0xEC, 0xE1, 0x1B, 0xB5, 0x56,
+        0x6B, 0xD2, 0x36, 0x0A, 0xB7, 0x07, 0xDF, 0x2D,
+        0x21, 0xB6, 0x74, 0x88, 0xD9, 0x31, 0xF0, 0x20,
+        0x06, 0x91, 0x76, 0x42, 0x3E, 0x69, 0x44, 0x49,
+        0x0C, 0xB3, 0x85, 0xE7, 0x0B, 0x35, 0x8A, 0x25,
+        0x34, 0x6B, 0xAF, 0xCD, 0xD0, 0x6D, 0x40, 0x2F,
+        0xF2, 0x4D, 0x6C, 0x1E, 0x5F, 0x61, 0xA8, 0x5D
+    };
+    static const byte kprime_512[WC_ML_KEM_SS_SZ] = {
+        0xDF, 0x46, 0x2A, 0xD6, 0x8F, 0x1E, 0xC8, 0x97,
+        0x2E, 0xD9, 0xB0, 0x2D, 0x6D, 0xE0, 0x60, 0x4B,
+        0xDE, 0xC7, 0x57, 0x20, 0xE0, 0x50, 0x49, 0x73,
+        0x51, 0xE6, 0xEC, 0x93, 0x3E, 0x71, 0xF8, 0x82
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    static const byte dk_768[WC_ML_KEM_768_PRIVATE_KEY_SIZE] = {
+        0x1E, 0x4A, 0xC8, 0x7B, 0x1A, 0x69, 0x2A, 0x52,
+        0x9F, 0xDB, 0xBA, 0xB9, 0x33, 0x74, 0xC5, 0x7D,
+        0x11, 0x0B, 0x10, 0xF2, 0xB1, 0xDD, 0xEB, 0xAC,
+        0x0D, 0x19, 0x6B, 0x7B, 0xA6, 0x31, 0xB8, 0xE9,
+        0x29, 0x30, 0x28, 0xA8, 0xF3, 0x79, 0x88, 0x8C,
+        0x42, 0x2D, 0xC8, 0xD3, 0x2B, 0xBF, 0x22, 0x60,
+        0x10, 0xC2, 0xC1, 0xEC, 0x73, 0x18, 0x90, 0x80,
+        0x45, 0x6B, 0x05, 0x64, 0xB2, 0x58, 0xB0, 0xF2,
+        0x31, 0x31, 0xBC, 0x79, 0xC8, 0xE8, 0xC1, 0x1C,
+        0xEF, 0x39, 0x38, 0xB2, 0x43, 0xC5, 0xCE, 0x9C,
+        0x0E, 0xDD, 0x37, 0xC8, 0xF9, 0xD2, 0x98, 0x77,
+        0xDB, 0xBB, 0x61, 0x5B, 0x9B, 0x5A, 0xC3, 0xC9,
+        0x48, 0x48, 0x7E, 0x46, 0x71, 0x96, 0xA9, 0x14,
+        0x3E, 0xFB, 0xC7, 0xCE, 0xDB, 0x64, 0xB4, 0x5D,
+        0x4A, 0xCD, 0xA2, 0x66, 0x6C, 0xBC, 0x28, 0x04,
+        0xF2, 0xC8, 0x66, 0x2E, 0x12, 0x8F, 0x6A, 0x99,
+        0x69, 0xEC, 0x15, 0xBC, 0x0B, 0x93, 0x51, 0xF6,
+        0xF9, 0x63, 0x46, 0xAA, 0x7A, 0xBC, 0x74, 0x3A,
+        0x14, 0xFA, 0x03, 0x0E, 0x37, 0xA2, 0xE7, 0x59,
+        0x7B, 0xDD, 0xFC, 0x5A, 0x22, 0xF9, 0xCE, 0xDA,
+        0xF8, 0x61, 0x48, 0x32, 0x52, 0x72, 0x10, 0xB2,
+        0x6F, 0x02, 0x4C, 0x7F, 0x6C, 0x0D, 0xCF, 0x55,
+        0x1E, 0x97, 0xA4, 0x85, 0x87, 0x64, 0xC3, 0x21,
+        0xD1, 0x83, 0x4A, 0xD5, 0x1D, 0x75, 0xBB, 0x24,
+        0x6D, 0x27, 0x72, 0x37, 0xB7, 0xBD, 0x41, 0xDC,
+        0x43, 0x62, 0xD0, 0x63, 0xF4, 0x29, 0x82, 0x92,
+        0x27, 0x2D, 0x01, 0x01, 0x17, 0x80, 0xB7, 0x98,
+        0x56, 0xB2, 0x96, 0xC4, 0xE9, 0x46, 0x65, 0x8B,
+        0x79, 0x60, 0x31, 0x97, 0xC9, 0xB2, 0xA9, 0x9E,
+        0xC6, 0x6A, 0xCB, 0x06, 0xCE, 0x2F, 0x69, 0xB5,
+        0xA5, 0xA6, 0x1E, 0x9B, 0xD0, 0x6A, 0xD4, 0x43,
+        0xCE, 0xB0, 0xC7, 0x4E, 0xD6, 0x53, 0x45, 0xA9,
+        0x03, 0xB6, 0x14, 0xE8, 0x13, 0x68, 0xAA, 0xC2,
+        0xB3, 0xD2, 0xA7, 0x9C, 0xA8, 0xCC, 0xAA, 0x1C,
+        0x3B, 0x88, 0xFB, 0x82, 0xA3, 0x66, 0x32, 0x86,
+        0x0B, 0x3F, 0x79, 0x50, 0x83, 0x3F, 0xD0, 0x21,
+        0x2E, 0xC9, 0x6E, 0xDE, 0x4A, 0xB6, 0xF5, 0xA0,
+        0xBD, 0xA3, 0xEC, 0x60, 0x60, 0xA6, 0x58, 0xF9,
+        0x45, 0x7F, 0x6C, 0xC8, 0x7C, 0x6B, 0x62, 0x0C,
+        0x1A, 0x14, 0x51, 0x98, 0x74, 0x86, 0xE4, 0x96,
+        0x61, 0x2A, 0x10, 0x1D, 0x0E, 0x9C, 0x20, 0x57,
+        0x7C, 0x57, 0x1E, 0xDB, 0x52, 0x82, 0x60, 0x8B,
+        0xF4, 0xE1, 0xAC, 0x92, 0x6C, 0x0D, 0xB1, 0xC8,
+        0x2A, 0x50, 0x4A, 0x79, 0x9D, 0x89, 0x88, 0x5C,
+        0xA6, 0x25, 0x2B, 0xD5, 0xB1, 0xC1, 0x83, 0xAF,
+        0x70, 0x13, 0x92, 0xA4, 0x07, 0xC0, 0x5B, 0x84,
+        0x8C, 0x2A, 0x30, 0x16, 0xC4, 0x06, 0x13, 0xF0,
+        0x2A, 0x44, 0x9B, 0x3C, 0x79, 0x26, 0xDA, 0x06,
+        0x7A, 0x53, 0x31, 0x16, 0x50, 0x68, 0x40, 0x09,
+        0x75, 0x10, 0x46, 0x0B, 0xBF, 0xD3, 0x60, 0x73,
+        0xDC, 0xB0, 0xBF, 0xA0, 0x09, 0xB3, 0x6A, 0x91,
+        0x23, 0xEA, 0xA6, 0x8F, 0x83, 0x5F, 0x74, 0xA0,
+        0x1B, 0x00, 0xD2, 0x09, 0x78, 0x35, 0x96, 0x4D,
+        0xF5, 0x21, 0xCE, 0x92, 0x10, 0x78, 0x9C, 0x30,
+        0xB7, 0xF0, 0x6E, 0x58, 0x44, 0xB4, 0x44, 0xC5,
+        0x33, 0x22, 0x39, 0x6E, 0x47, 0x99, 0xBA, 0xF6,
+        0xA8, 0x8A, 0xF7, 0x31, 0x58, 0x60, 0xD0, 0x19,
+        0x2D, 0x48, 0xC2, 0xC0, 0xDA, 0x6B, 0x5B, 0xA6,
+        0x43, 0x25, 0x54, 0x3A, 0xCD, 0xF5, 0x90, 0x0E,
+        0x8B, 0xC4, 0x77, 0xAB, 0x05, 0x82, 0x00, 0x72,
+        0xD4, 0x63, 0xAF, 0xFE, 0xD0, 0x97, 0xE0, 0x62,
+        0xBD, 0x78, 0xC9, 0x9D, 0x12, 0xB3, 0x85, 0x13,
+        0x1A, 0x24, 0x1B, 0x70, 0x88, 0x65, 0xB4, 0x19,
+        0x0A, 0xF6, 0x9E, 0xA0, 0xA6, 0x4D, 0xB7, 0x14,
+        0x48, 0xA6, 0x08, 0x29, 0x36, 0x9C, 0x75, 0x55,
+        0x19, 0x8E, 0x43, 0x8C, 0x9A, 0xBC, 0x31, 0x0B,
+        0xC7, 0x01, 0x01, 0x91, 0x3B, 0xB1, 0x2F, 0xAA,
+        0x5B, 0xEE, 0xF9, 0x75, 0x84, 0x16, 0x17, 0xC8,
+        0x47, 0xCD, 0x6B, 0x33, 0x6F, 0x87, 0x79, 0x87,
+        0x75, 0x38, 0x22, 0x02, 0x0B, 0x92, 0xC4, 0xCC,
+        0x97, 0x05, 0x5C, 0x9B, 0x1E, 0x0B, 0x12, 0x8B,
+        0xF1, 0x1F, 0x50, 0x50, 0x05, 0xB6, 0xAB, 0x0E,
+        0x62, 0x77, 0x95, 0xA2, 0x06, 0x09, 0xEF, 0xA9,
+        0x91, 0xE5, 0x98, 0xB8, 0x0F, 0x37, 0xB1, 0xC6,
+        0xA1, 0xC3, 0xA1, 0xE9, 0xAE, 0xE7, 0x02, 0x8F,
+        0x77, 0x57, 0x0A, 0xB2, 0x13, 0x91, 0x28, 0xA0,
+        0x01, 0x08, 0xC5, 0x0E, 0xB3, 0x05, 0xCD, 0xB8,
+        0xF9, 0xA6, 0x03, 0xA6, 0xB0, 0x78, 0x41, 0x3F,
+        0x6F, 0x9B, 0x14, 0xC6, 0xD8, 0x2B, 0x51, 0x99,
+        0xCE, 0x59, 0xD8, 0x87, 0x90, 0x2A, 0x28, 0x1A,
+        0x02, 0x7B, 0x71, 0x74, 0x95, 0xFE, 0x12, 0x67,
+        0x2A, 0x12, 0x7B, 0xBF, 0x9B, 0x25, 0x6C, 0x43,
+        0x72, 0x0D, 0x7C, 0x16, 0x0B, 0x28, 0x1C, 0x12,
+        0x75, 0x7D, 0xA1, 0x35, 0xB1, 0x93, 0x33, 0x52,
+        0xBE, 0x4A, 0xB6, 0x7E, 0x40, 0x24, 0x8A, 0xFC,
+        0x31, 0x8E, 0x23, 0x70, 0xC3, 0xB8, 0x20, 0x8E,
+        0x69, 0x5B, 0xDF, 0x33, 0x74, 0x59, 0xB9, 0xAC,
+        0xBF, 0xE5, 0xB4, 0x87, 0xF7, 0x6E, 0x9B, 0x4B,
+        0x40, 0x01, 0xD6, 0xCF, 0x90, 0xCA, 0x8C, 0x69,
+        0x9A, 0x17, 0x4D, 0x42, 0x97, 0x2D, 0xC7, 0x33,
+        0xF3, 0x33, 0x89, 0xFD, 0xF5, 0x9A, 0x1D, 0xAB,
+        0xA8, 0x1D, 0x83, 0x49, 0x55, 0x02, 0x73, 0x34,
+        0x18, 0x5A, 0xD0, 0x2C, 0x76, 0xCF, 0x29, 0x48,
+        0x46, 0xCA, 0x92, 0x94, 0xBA, 0x0E, 0xD6, 0x67,
+        0x41, 0xDD, 0xEC, 0x79, 0x1C, 0xAB, 0x34, 0x19,
+        0x6A, 0xC5, 0x65, 0x7C, 0x5A, 0x78, 0x32, 0x1B,
+        0x56, 0xC3, 0x33, 0x06, 0xB5, 0x10, 0x23, 0x97,
+        0xA5, 0xC0, 0x9C, 0x35, 0x08, 0xF7, 0x6B, 0x48,
+        0x28, 0x24, 0x59, 0xF8, 0x1D, 0x0C, 0x72, 0xA4,
+        0x3F, 0x73, 0x7B, 0xC2, 0xF1, 0x2F, 0x45, 0x42,
+        0x26, 0x28, 0xB6, 0x7D, 0xB5, 0x1A, 0xC1, 0x42,
+        0x42, 0x76, 0xA6, 0xC0, 0x8C, 0x3F, 0x76, 0x15,
+        0x66, 0x5B, 0xBB, 0x8E, 0x92, 0x81, 0x48, 0xA2,
+        0x70, 0xF9, 0x91, 0xBC, 0xF3, 0x65, 0xA9, 0x0F,
+        0x87, 0xC3, 0x06, 0x87, 0xB6, 0x88, 0x09, 0xC9,
+        0x1F, 0x23, 0x18, 0x13, 0xB8, 0x66, 0xBE, 0xA8,
+        0x2E, 0x30, 0x37, 0x4D, 0x80, 0xAA, 0x0C, 0x02,
+        0x97, 0x34, 0x37, 0x49, 0x8A, 0x53, 0xB1, 0x4B,
+        0xF6, 0xB6, 0xCA, 0x1E, 0xD7, 0x6A, 0xB8, 0xA2,
+        0x0D, 0x54, 0xA0, 0x83, 0xF4, 0xA2, 0x6B, 0x7C,
+        0x03, 0x8D, 0x81, 0x96, 0x76, 0x40, 0xC2, 0x0B,
+        0xF4, 0x43, 0x1E, 0x71, 0xDA, 0xCC, 0xE8, 0x57,
+        0x7B, 0x21, 0x24, 0x0E, 0x49, 0x4C, 0x31, 0xF2,
+        0xD8, 0x77, 0xDA, 0xF4, 0x92, 0x4F, 0xD3, 0x9D,
+        0x82, 0xD6, 0x16, 0x7F, 0xBC, 0xC1, 0xF9, 0xC5,
+        0xA2, 0x59, 0xF8, 0x43, 0xE3, 0x09, 0x87, 0xCC,
+        0xC4, 0xBC, 0xE7, 0x49, 0x3A, 0x24, 0x04, 0xB5,
+        0xE4, 0x43, 0x87, 0xF7, 0x07, 0x42, 0x57, 0x81,
+        0xB7, 0x43, 0xFB, 0x55, 0x56, 0x85, 0x58, 0x4E,
+        0x25, 0x57, 0xCC, 0x03, 0x8B, 0x1A, 0x9B, 0x3F,
+        0x40, 0x43, 0x12, 0x1F, 0x54, 0x72, 0xEB, 0x2B,
+        0x96, 0xE5, 0x94, 0x1F, 0xEC, 0x01, 0x1C, 0xEE,
+        0xA5, 0x07, 0x91, 0x63, 0x6C, 0x6A, 0xBC, 0x26,
+        0xC1, 0x37, 0x7E, 0xE3, 0xB5, 0x14, 0x6F, 0xC7,
+        0xC8, 0x5C, 0xB3, 0x35, 0xB1, 0xE7, 0x95, 0xEE,
+        0xC2, 0x03, 0x3E, 0xE4, 0x4B, 0x9A, 0xA9, 0x06,
+        0x85, 0x24, 0x5E, 0xF7, 0xB4, 0x43, 0x6C, 0x00,
+        0x0E, 0x66, 0xBC, 0x8B, 0xCB, 0xF1, 0xCD, 0xB8,
+        0x03, 0xAC, 0x14, 0x21, 0xB1, 0xFD, 0xB2, 0x66,
+        0xD5, 0x29, 0x1C, 0x83, 0x10, 0x37, 0x3A, 0x8A,
+        0x3C, 0xE9, 0x56, 0x2A, 0xB1, 0x97, 0x95, 0x38,
+        0x71, 0xAB, 0x99, 0xF3, 0x82, 0xCC, 0x5A, 0xA9,
+        0xC0, 0xF2, 0x73, 0xD1, 0xDC, 0xA5, 0x5D, 0x27,
+        0x12, 0x85, 0x38, 0x71, 0xE1, 0xA8, 0x3C, 0xB3,
+        0xB8, 0x54, 0x50, 0xF7, 0x6D, 0x3F, 0x3C, 0x42,
+        0xBA, 0xB5, 0x50, 0x5F, 0x72, 0x12, 0xFD, 0xB6,
+        0xB8, 0xB7, 0xF6, 0x02, 0x99, 0x72, 0xA8, 0xF3,
+        0x75, 0x1E, 0x4C, 0x94, 0xC1, 0x10, 0x8B, 0x02,
+        0xD6, 0xAC, 0x79, 0xF8, 0xD9, 0x38, 0xF0, 0x5A,
+        0x1B, 0x2C, 0x22, 0x9B, 0x14, 0xB4, 0x2B, 0x31,
+        0xB0, 0x1A, 0x36, 0x40, 0x17, 0xE5, 0x95, 0x78,
+        0xC6, 0xB0, 0x33, 0x83, 0x37, 0x74, 0xCB, 0x9B,
+        0x57, 0x0F, 0x90, 0x86, 0xB7, 0x22, 0x90, 0x3B,
+        0x37, 0x54, 0x46, 0xB4, 0x95, 0xD8, 0xA2, 0x9B,
+        0xF8, 0x07, 0x51, 0x87, 0x7A, 0x80, 0xFB, 0x72,
+        0x4A, 0x02, 0x10, 0xC3, 0xE1, 0x69, 0x2F, 0x39,
+        0x7C, 0x2F, 0x1D, 0xDC, 0x2E, 0x6B, 0xA1, 0x7A,
+        0xF8, 0x1B, 0x92, 0xAC, 0xFA, 0xBE, 0xF5, 0xF7,
+        0x57, 0x3C, 0xB4, 0x93, 0xD1, 0x84, 0x02, 0x7B,
+        0x71, 0x82, 0x38, 0xC8, 0x9A, 0x35, 0x49, 0xB8,
+        0x90, 0x5B, 0x28, 0xA8, 0x33, 0x62, 0x86, 0x7C,
+        0x08, 0x2D, 0x30, 0x19, 0xD3, 0xCA, 0x70, 0x70,
+        0x07, 0x31, 0xCE, 0xB7, 0x3E, 0x84, 0x72, 0xC1,
+        0xA3, 0xA0, 0x93, 0x36, 0x1C, 0x5F, 0xEA, 0x6A,
+        0x7D, 0x40, 0x95, 0x5D, 0x07, 0xA4, 0x1B, 0x64,
+        0xE5, 0x00, 0x81, 0xA3, 0x61, 0xB6, 0x04, 0xCC,
+        0x51, 0x84, 0x47, 0xC8, 0xE2, 0x57, 0x65, 0xAB,
+        0x7D, 0x68, 0xB2, 0x43, 0x27, 0x52, 0x07, 0xAF,
+        0x8C, 0xA6, 0x56, 0x4A, 0x4C, 0xB1, 0xE9, 0x41,
+        0x99, 0xDB, 0xA1, 0x87, 0x8C, 0x59, 0xBE, 0xC8,
+        0x09, 0xAB, 0x48, 0xB2, 0xF2, 0x11, 0xBA, 0xDC,
+        0x6A, 0x19, 0x98, 0xD9, 0xC7, 0x22, 0x7C, 0x13,
+        0x03, 0xF4, 0x69, 0xD4, 0x6A, 0x9C, 0x7E, 0x53,
+        0x03, 0xF9, 0x8A, 0xBA, 0x67, 0x56, 0x9A, 0xE8,
+        0x22, 0x7C, 0x16, 0xBA, 0x1F, 0xB3, 0x24, 0x44,
+        0x66, 0xA2, 0x5E, 0x7F, 0x82, 0x36, 0x71, 0x81,
+        0x0C, 0xC2, 0x62, 0x06, 0xFE, 0xB2, 0x9C, 0x7E,
+        0x2A, 0x1A, 0x91, 0x95, 0x9E, 0xEB, 0x03, 0xA9,
+        0x82, 0x52, 0xA4, 0xF7, 0x41, 0x26, 0x74, 0xEB,
+        0x9A, 0x4B, 0x27, 0x7E, 0x1F, 0x25, 0x95, 0xFC,
+        0xA6, 0x40, 0x33, 0xB4, 0x1B, 0x40, 0x33, 0x08,
+        0x12, 0xE9, 0x73, 0x5B, 0x7C, 0x60, 0x75, 0x01,
+        0xCD, 0x81, 0x83, 0xA2, 0x2A, 0xFC, 0x33, 0x92,
+        0x55, 0x37, 0x44, 0xF3, 0x3C, 0x4D, 0x20, 0x25,
+        0x26, 0x94, 0x5C, 0x6D, 0x78, 0xA6, 0x0E, 0x20,
+        0x1A, 0x16, 0x98, 0x7A, 0x6F, 0xA5, 0x9D, 0x94,
+        0x46, 0x4B, 0x56, 0x50, 0x65, 0x56, 0x78, 0x48,
+        0x24, 0xA0, 0x70, 0x58, 0xF5, 0x73, 0x20, 0xE7,
+        0x6C, 0x82, 0x5B, 0x93, 0x47, 0xF2, 0x93, 0x6F,
+        0x4A, 0x0E, 0x5C, 0xDA, 0xA1, 0x8C, 0xF8, 0x83,
+        0x39, 0x45, 0xAE, 0x31, 0x2A, 0x36, 0xB5, 0xF5,
+        0xA3, 0x81, 0x0A, 0xAC, 0x82, 0x38, 0x1F, 0xDA,
+        0xE4, 0xCB, 0x9C, 0x68, 0x31, 0xD8, 0xEB, 0x8A,
+        0xBA, 0xB8, 0x50, 0x41, 0x64, 0x43, 0xD7, 0x39,
+        0x08, 0x6B, 0x1C, 0x32, 0x6F, 0xC2, 0xA3, 0x97,
+        0x57, 0x04, 0xE3, 0x96, 0xA5, 0x96, 0x80, 0xC3,
+        0xB5, 0xF3, 0x60, 0xF5, 0x48, 0x0D, 0x2B, 0x62,
+        0x16, 0x9C, 0xD9, 0x4C, 0xA7, 0x1B, 0x37, 0xBC,
+        0x58, 0x78, 0xBA, 0x29, 0x85, 0xE0, 0x68, 0xBA,
+        0x05, 0x0B, 0x2C, 0xE5, 0x07, 0x26, 0xD4, 0xB4,
+        0x45, 0x1B, 0x77, 0xAA, 0xA8, 0x67, 0x6E, 0xAE,
+        0x09, 0x49, 0x82, 0x21, 0x01, 0x92, 0x19, 0x7B,
+        0x1E, 0x92, 0xA2, 0x7F, 0x59, 0x86, 0x8B, 0x78,
+        0x86, 0x78, 0x87, 0xB9, 0xA7, 0x0C, 0x32, 0xAF,
+        0x84, 0x63, 0x0A, 0xA9, 0x08, 0x81, 0x43, 0x79,
+        0xE6, 0x51, 0x91, 0x50, 0xBA, 0x16, 0x43, 0x9B,
+        0x5E, 0x2B, 0x06, 0x03, 0xD0, 0x6A, 0xA6, 0x67,
+        0x45, 0x57, 0xF5, 0xB0, 0x98, 0x3E, 0x5C, 0xB6,
+        0xA9, 0x75, 0x96, 0x06, 0x9B, 0x01, 0xBB, 0x31,
+        0x28, 0xC4, 0x16, 0x68, 0x06, 0x57, 0x20, 0x4F,
+        0xD0, 0x76, 0x40, 0x39, 0x2E, 0x16, 0xB1, 0x9F,
+        0x33, 0x7A, 0x99, 0xA3, 0x04, 0x84, 0x4E, 0x1A,
+        0xA4, 0x74, 0xE9, 0xC7, 0x99, 0x06, 0x29, 0x71,
+        0xF6, 0x72, 0x26, 0x89, 0x60, 0xF5, 0xA8, 0x2F,
+        0x95, 0x00, 0x70, 0xBB, 0xE9, 0xC2, 0xA7, 0x19,
+        0x50, 0xA3, 0x78, 0x5B, 0xDF, 0x0B, 0x84, 0x40,
+        0x25, 0x5E, 0xD6, 0x39, 0x28, 0xD2, 0x57, 0x84,
+        0x51, 0x68, 0xB1, 0xEC, 0xCC, 0x41, 0x91, 0x32,
+        0x5A, 0xA7, 0x66, 0x45, 0x71, 0x9B, 0x28, 0xEB,
+        0xD8, 0x93, 0x02, 0xDC, 0x67, 0x23, 0xC7, 0x86,
+        0xDF, 0x52, 0x17, 0xB2, 0x43, 0x09, 0x9C, 0xA7,
+        0x82, 0x38, 0xE5, 0x7E, 0x64, 0x69, 0x2F, 0x20,
+        0x6B, 0x17, 0x7A, 0xBC, 0x25, 0x96, 0x60, 0x39,
+        0x5C, 0xD7, 0x86, 0x0F, 0xB3, 0x5A, 0x16, 0xF6,
+        0xB2, 0xFE, 0x65, 0x48, 0xC8, 0x5A, 0xB6, 0x63,
+        0x30, 0xC5, 0x17, 0xFA, 0x74, 0xCD, 0xF3, 0xCB,
+        0x49, 0xD2, 0x6B, 0x11, 0x81, 0x90, 0x1A, 0xF7,
+        0x75, 0xA1, 0xE1, 0x80, 0x81, 0x3B, 0x6A, 0x24,
+        0xC4, 0x56, 0x82, 0x9B, 0x5C, 0x38, 0x10, 0x4E,
+        0xCE, 0x43, 0xC7, 0x6A, 0x43, 0x7A, 0x6A, 0x33,
+        0xB6, 0xFC, 0x6C, 0x5E, 0x65, 0xC8, 0xA8, 0x94,
+        0x66, 0xC1, 0x42, 0x54, 0x85, 0xB2, 0x9B, 0x9E,
+        0x18, 0x54, 0x36, 0x8A, 0xFC, 0xA3, 0x53, 0xE1,
+        0x43, 0xD0, 0xA9, 0x0A, 0x6C, 0x6C, 0x9E, 0x7F,
+        0xDB, 0x62, 0xA6, 0x06, 0x85, 0x6B, 0x56, 0x14,
+        0xF1, 0x2B, 0x64, 0xB7, 0x96, 0x02, 0x0C, 0x35,
+        0x34, 0xC3, 0x60, 0x5C, 0xFD, 0xC7, 0x3B, 0x86,
+        0x71, 0x4F, 0x41, 0x18, 0x50, 0x22, 0x8A, 0x28,
+        0xB8, 0xF4, 0xB4, 0x9E, 0x66, 0x34, 0x16, 0xC8,
+        0x4F, 0x7E, 0x38, 0x1F, 0x6A, 0xF1, 0x07, 0x13,
+        0x43, 0xBF, 0x9D, 0x39, 0xB4, 0x54, 0x39, 0x24,
+        0x0C, 0xC0, 0x38, 0x97, 0x29, 0x5F, 0xEA, 0x08,
+        0x0B, 0x14, 0xBB, 0x2D, 0x81, 0x19, 0xA8, 0x80,
+        0xE1, 0x64, 0x49, 0x5C, 0x61, 0xBE, 0xBC, 0x71,
+        0x39, 0xC1, 0x18, 0x57, 0xC8, 0x5E, 0x17, 0x50,
+        0x33, 0x8D, 0x63, 0x43, 0x91, 0x37, 0x06, 0xA5,
+        0x07, 0xC9, 0x56, 0x64, 0x64, 0xCD, 0x28, 0x37,
+        0xCF, 0x91, 0x4D, 0x1A, 0x3C, 0x35, 0xE8, 0x9B,
+        0x23, 0x5C, 0x6A, 0xB7, 0xED, 0x07, 0x8B, 0xED,
+        0x23, 0x47, 0x57, 0xC0, 0x2E, 0xF6, 0x99, 0x3D,
+        0x4A, 0x27, 0x3C, 0xB8, 0x15, 0x05, 0x28, 0xDA,
+        0x4D, 0x76, 0x70, 0x81, 0x77, 0xE9, 0x42, 0x55,
+        0x46, 0xC8, 0x3E, 0x14, 0x70, 0x39, 0x76, 0x66,
+        0x03, 0xB3, 0x0D, 0xA6, 0x26, 0x8F, 0x45, 0x98,
+        0xA5, 0x31, 0x94, 0x24, 0x0A, 0x28, 0x32, 0xA3,
+        0xD6, 0x75, 0x33, 0xB5, 0x05, 0x6F, 0x9A, 0xAA,
+        0xC6, 0x1B, 0x4B, 0x17, 0xB9, 0xA2, 0x69, 0x3A,
+        0xA0, 0xD5, 0x88, 0x91, 0xE6, 0xCC, 0x56, 0xCD,
+        0xD7, 0x72, 0x41, 0x09, 0x00, 0xC4, 0x05, 0xAF,
+        0x20, 0xB9, 0x03, 0x79, 0x7C, 0x64, 0x87, 0x69,
+        0x15, 0xC3, 0x7B, 0x84, 0x87, 0xA1, 0x44, 0x9C,
+        0xE9, 0x24, 0xCD, 0x34, 0x5C, 0x29, 0xA3, 0x6E,
+        0x08, 0x23, 0x8F, 0x7A, 0x15, 0x7C, 0xC7, 0xE5,
+        0x16, 0xAB, 0x5B, 0xA7, 0x3C, 0x80, 0x63, 0xF7,
+        0x26, 0xBB, 0x5A, 0x0A, 0x03, 0x19, 0xE5, 0x71,
+        0x27, 0x43, 0x8C, 0x7F, 0xC6, 0x01, 0xC9, 0x9C,
+        0xCA, 0xAE, 0x4C, 0x1A, 0x83, 0x72, 0x6F, 0xDC,
+        0xB5, 0x04, 0x5E, 0xD1, 0xA8, 0x2A, 0x98, 0x5E,
+        0xA9, 0x95, 0x39, 0x6D, 0x77, 0x27, 0x2C, 0x66,
+        0xCE, 0x49, 0x32, 0x89, 0xF6, 0x11, 0x09, 0x10,
+        0xF3, 0x7C, 0x27, 0x41, 0xCE, 0x47, 0x02, 0x6A,
+        0x6F, 0x82, 0x61, 0x99, 0x9C, 0x64, 0x82, 0x57,
+        0x2B, 0x16, 0x93, 0x91, 0x2E, 0xF1, 0x2E, 0xEB,
+        0xEA, 0x7A, 0xCF, 0x92, 0x34, 0xFB, 0x40, 0x9F,
+        0x2A, 0x60, 0x90, 0xE6, 0xB0, 0xBF, 0xD8, 0x95,
+        0x46, 0x9D, 0x0B, 0x2A, 0x92, 0x1B, 0xB7, 0x23,
+        0xF8, 0x7A, 0x33, 0xEA, 0x54, 0x65, 0xAB, 0x90,
+        0xF5, 0x14, 0xB6, 0x76, 0x98, 0xC0, 0x76, 0x8B,
+        0x6C, 0xA4, 0x98, 0xB0, 0x22, 0xC5, 0x12, 0xFA,
+        0x08, 0x75, 0xF0, 0x54, 0xAA, 0x22, 0x65, 0x86,
+        0x7E, 0x31, 0xC0, 0xE5, 0x22, 0x65, 0x1E, 0x02,
+        0x4A, 0x07, 0xD6, 0x0D, 0xD9, 0xF6, 0x33, 0x16,
+        0x69, 0x21, 0xF4, 0x12, 0x6B, 0xC2, 0xB6, 0xAA,
+        0x01, 0xCC, 0x15, 0xA0, 0x9B, 0x85, 0xBF, 0xF8,
+        0x21, 0x8C, 0x5A, 0xAE, 0x95, 0xBC, 0x1F, 0xFB,
+        0x26, 0xAE, 0x5A, 0x13, 0x76, 0x70, 0xF0, 0x49,
+        0x10, 0xCA, 0x9D, 0x72, 0x41, 0xB6, 0x66, 0x0C,
+        0x39, 0x4C, 0x54, 0x55, 0x91, 0x77, 0x46, 0xA2,
+        0x66, 0x82, 0xFB, 0x71, 0xA4, 0x32, 0xEA, 0x95,
+        0x30, 0xE8, 0x39, 0xBD, 0xEB, 0x07, 0x43, 0x30,
+        0x04, 0xF4, 0x5A, 0x0D, 0xDA, 0xA0, 0xB2, 0x4E,
+        0x3A, 0x56, 0x6A, 0x54, 0x08, 0x15, 0xF2, 0x81,
+        0xE3, 0xFC, 0x25, 0x9A, 0xC6, 0xCB, 0xC0, 0xAC,
+        0xB8, 0xD6, 0x22, 0x68, 0xB6, 0x03, 0xBC, 0x67,
+        0x6A, 0xB4, 0x15, 0xC4, 0x74, 0xBB, 0x94, 0x87,
+        0x3E, 0x44, 0x87, 0xAE, 0x31, 0xA4, 0xE3, 0x84,
+        0x5C, 0x79, 0x90, 0x15, 0x50, 0x89, 0x0E, 0xE8,
+        0x78, 0x4E, 0xEF, 0x90, 0x4F, 0xEE, 0x62, 0xBA,
+        0x8C, 0x5F, 0x95, 0x2C, 0x68, 0x41, 0x30, 0x52,
+        0xE0, 0xA7, 0xE3, 0x38, 0x8B, 0xB8, 0xFF, 0x0A,
+        0xD6, 0x02, 0xAE, 0x3E, 0xA1, 0x4D, 0x9D, 0xF6,
+        0xDD, 0x5E, 0x4C, 0xC6, 0xA3, 0x81, 0xA4, 0x1D,
+        0xA5, 0xC1, 0x37, 0xEC, 0xC4, 0x9D, 0xF5, 0x87,
+        0xE1, 0x78, 0xEA, 0xF4, 0x77, 0x02, 0xEC, 0x62,
+        0x37, 0x80, 0x69, 0x1A, 0x32, 0x33, 0xF6, 0x9F,
+        0x12, 0xBD, 0x9C, 0x9B, 0x96, 0x37, 0xC5, 0x13,
+        0x78, 0xAD, 0x71, 0xA8, 0x31, 0x05, 0x52, 0x77,
+        0x25, 0x4C, 0xC6, 0x3C, 0x5A, 0xD4, 0xCB, 0x76,
+        0xB4, 0xAB, 0x82, 0xE5, 0xFC, 0xA1, 0x35, 0xE8,
+        0xD2, 0x6A, 0x6B, 0x3A, 0x89, 0xFA, 0x5B, 0x6F
+    };
+    static const byte c_768[WC_ML_KEM_768_CIPHER_TEXT_SIZE] = {
+        0xA5, 0xC8, 0x1C, 0x76, 0xC2, 0x43, 0x05, 0xE1,
+        0xCE, 0x5D, 0x81, 0x35, 0xD4, 0x15, 0x23, 0x68,
+        0x2E, 0x9E, 0xE6, 0xD7, 0xB4, 0x0A, 0xD4, 0x1D,
+        0xF1, 0xF3, 0x7C, 0x9B, 0x17, 0xDC, 0xE7, 0x80,
+        0x76, 0x01, 0x9A, 0x6B, 0x0B, 0x7C, 0x95, 0xC9,
+        0xBE, 0x7A, 0xF2, 0x95, 0x07, 0xB2, 0xD5, 0xA6,
+        0x98, 0x7C, 0x8E, 0xE3, 0x25, 0x91, 0x90, 0x85,
+        0x52, 0x43, 0xE6, 0xE5, 0x6F, 0x56, 0x20, 0x60,
+        0x8C, 0x52, 0xD9, 0x6F, 0xAB, 0x10, 0x3A, 0x87,
+        0x00, 0xFB, 0xA1, 0xA8, 0x7D, 0xCA, 0x60, 0x78,
+        0x11, 0x8A, 0x08, 0x71, 0x76, 0x2C, 0x95, 0x34,
+        0xC0, 0xC0, 0xC3, 0x97, 0x8C, 0x91, 0xC3, 0xA0,
+        0x1F, 0x0F, 0x60, 0x8D, 0xCF, 0x75, 0x78, 0x15,
+        0x43, 0x8F, 0xE8, 0x95, 0x7C, 0x8A, 0x85, 0x91,
+        0x83, 0xB1, 0xB6, 0x72, 0x1A, 0x08, 0x65, 0xBE,
+        0xBC, 0x79, 0x9D, 0x4E, 0x5C, 0x0E, 0x7B, 0xD3,
+        0xEA, 0xE4, 0x85, 0x8E, 0x6A, 0xB6, 0xA2, 0xE7,
+        0x65, 0x8E, 0xD8, 0x0D, 0x4E, 0xD1, 0x58, 0xB0,
+        0x36, 0xB9, 0x3F, 0xA0, 0x3A, 0xFA, 0x6A, 0xE3,
+        0x13, 0x6C, 0xF3, 0xD6, 0x93, 0xC9, 0x11, 0xBC,
+        0xC7, 0x59, 0x05, 0xE5, 0xB0, 0xCB, 0x28, 0x65,
+        0xB9, 0xE9, 0x88, 0x45, 0x22, 0xA7, 0x77, 0x77,
+        0x61, 0x3E, 0x53, 0x11, 0x1D, 0x5A, 0x1C, 0x7D,
+        0x3D, 0xAB, 0x73, 0x4C, 0xEB, 0x03, 0x65, 0x7A,
+        0xE0, 0xC8, 0x97, 0x63, 0xE9, 0x94, 0x71, 0x05,
+        0x47, 0x76, 0xBA, 0xE7, 0xD5, 0x1B, 0x0E, 0x73,
+        0xA5, 0xBB, 0x35, 0xAE, 0xC3, 0x0F, 0xF6, 0xBC,
+        0x93, 0x68, 0x49, 0x16, 0xFE, 0xF1, 0x16, 0x25,
+        0x86, 0x45, 0x2F, 0x42, 0x66, 0x53, 0xE2, 0xCA,
+        0x84, 0x4D, 0x57, 0x44, 0x30, 0x7F, 0xF9, 0xAE,
+        0xB2, 0x87, 0xA6, 0x44, 0x77, 0x83, 0xB2, 0x1A,
+        0x0E, 0x93, 0x9C, 0x81, 0x42, 0x1D, 0x63, 0x1F,
+        0x5D, 0xCB, 0x45, 0x2E, 0x51, 0xED, 0x34, 0xE3,
+        0xDA, 0xD1, 0xCF, 0x50, 0x4E, 0x0A, 0x3B, 0x0F,
+        0x47, 0x11, 0xA8, 0xDC, 0x64, 0x99, 0xD1, 0x69,
+        0x1D, 0x10, 0x95, 0x69, 0x33, 0x6C, 0xE1, 0x55,
+        0x8A, 0x4C, 0x0A, 0x46, 0x4E, 0x20, 0x87, 0xEA,
+        0x8F, 0x9E, 0x3B, 0x18, 0xF7, 0x47, 0xEF, 0x61,
+        0xF4, 0x57, 0x6A, 0xEB, 0x42, 0xB1, 0x7C, 0xAD,
+        0xB7, 0xF0, 0xFD, 0x84, 0xDA, 0x8E, 0x3A, 0x6F,
+        0x47, 0x1D, 0x95, 0xED, 0xFA, 0x65, 0xBE, 0x9E,
+        0x6C, 0x9F, 0x6A, 0xE7, 0x56, 0xA2, 0x2A, 0x4F,
+        0x1A, 0x5C, 0x54, 0x3C, 0x26, 0xBA, 0x7B, 0xAD,
+        0x88, 0xE1, 0x6D, 0x5F, 0x5B, 0x7E, 0x12, 0xE2,
+        0xD4, 0xCA, 0x34, 0xB3, 0xA6, 0x4D, 0x17, 0xF8,
+        0x7C, 0xCF, 0xC4, 0xFF, 0x8C, 0x5E, 0x4F, 0x53,
+        0x75, 0x2A, 0x07, 0x7C, 0x68, 0x72, 0x1E, 0x8C,
+        0xC8, 0x17, 0xF9, 0xFF, 0x24, 0x87, 0x61, 0x70,
+        0xFF, 0x2A, 0xF8, 0x9F, 0xA9, 0x58, 0x55, 0xA5,
+        0xB1, 0xDE, 0x34, 0x7C, 0x07, 0xFD, 0xDB, 0xCF,
+        0xE7, 0x26, 0x4A, 0xA5, 0xED, 0x64, 0x01, 0x49,
+        0x15, 0x61, 0xD8, 0x31, 0x53, 0x8F, 0x85, 0x2B,
+        0x0E, 0xD7, 0xB9, 0xE8, 0xEB, 0xAF, 0xFC, 0x06,
+        0x02, 0x84, 0xF2, 0x2D, 0x2B, 0xAE, 0xE5, 0x6F,
+        0xA9, 0xF6, 0xD0, 0x14, 0x32, 0xA1, 0x15, 0xA2,
+        0xD6, 0xA6, 0x4C, 0x38, 0xAE, 0x0A, 0x50, 0xBA,
+        0x36, 0x2F, 0xB5, 0x7B, 0x53, 0xE3, 0xE8, 0x55,
+        0xB8, 0x3C, 0xE8, 0xC4, 0x22, 0x74, 0x04, 0x55,
+        0x99, 0xF6, 0x5F, 0xA6, 0xA8, 0x92, 0x1D, 0x85,
+        0xF9, 0x4E, 0xD2, 0x30, 0xB5, 0x16, 0x71, 0x2D,
+        0xB6, 0xFD, 0x2F, 0xF2, 0x8B, 0x3A, 0x33, 0x71,
+        0xD9, 0xBE, 0x05, 0x8A, 0xE7, 0x5C, 0x2F, 0xA5,
+        0x91, 0xB7, 0xEC, 0x3C, 0x3D, 0xAA, 0x1F, 0x76,
+        0x42, 0xBC, 0x26, 0xC3, 0x24, 0xC0, 0x80, 0x90,
+        0x60, 0x7E, 0x66, 0x62, 0x15, 0x4D, 0xB3, 0x7C,
+        0xF7, 0x47, 0x96, 0x7A, 0x1F, 0x9F, 0xC2, 0x90,
+        0x89, 0xF5, 0x70, 0xEB, 0xE6, 0x0E, 0xEE, 0xF8,
+        0x9F, 0xD2, 0x44, 0x81, 0x02, 0x8C, 0x85, 0xAE,
+        0xF1, 0xDC, 0x3B, 0x09, 0xF2, 0x2C, 0xD3, 0x69,
+        0x1B, 0xBB, 0xB8, 0x21, 0xC7, 0xA8, 0xA0, 0xF3,
+        0x5A, 0xD1, 0x2B, 0xE1, 0xDD, 0x19, 0x9B, 0x97,
+        0x70, 0x48, 0xF3, 0xD4, 0x8C, 0x16, 0xBB, 0x2C,
+        0xA9, 0x4C, 0xEC, 0xB8, 0x92, 0x87, 0x70, 0xD5,
+        0xBB, 0x32, 0x9A, 0x03, 0x27, 0xE0, 0xB2, 0x86,
+        0xFA, 0xA1, 0xC6, 0x52, 0x81, 0x03, 0x1A, 0x31,
+        0xC8, 0x4F, 0x2E, 0xDC, 0x9C, 0x04, 0xD4, 0x75,
+        0xED, 0x4E, 0x12, 0x8E, 0x51, 0xEF, 0xA9, 0x7D,
+        0x01, 0x48, 0xCB, 0xA6, 0xC9, 0x5F, 0x67, 0x4C,
+        0x58, 0x9F, 0x30, 0x1C, 0x26, 0x5B, 0xED, 0x70,
+        0x8E, 0x9A, 0xD8, 0xDA, 0x3C, 0x5C, 0xEC, 0xBD,
+        0xEE, 0xED, 0x35, 0xEF, 0x1E, 0x25, 0x31, 0x32,
+        0xBA, 0x89, 0x92, 0x0D, 0x78, 0x6B, 0x88, 0x23,
+        0x0B, 0x01, 0x3B, 0xCF, 0x2D, 0xC9, 0x2D, 0x6B,
+        0x15, 0x7A, 0xFA, 0x8D, 0xA8, 0x59, 0x2C, 0xD0,
+        0x74, 0x3D, 0x49, 0x82, 0xBE, 0x60, 0xD7, 0xC2,
+        0xD5, 0xC4, 0x72, 0xAB, 0x9F, 0xA7, 0xF4, 0xCC,
+        0x3D, 0x12, 0xB0, 0xEB, 0xAF, 0x0A, 0xBE, 0x55,
+        0x5C, 0x75, 0x80, 0x54, 0x26, 0x84, 0x4D, 0xD9,
+        0x42, 0x86, 0x43, 0xF8, 0x44, 0x06, 0xA1, 0xB8,
+        0xD6, 0xFA, 0xED, 0xFD, 0x8A, 0xE6, 0xE7, 0x3A,
+        0x72, 0x77, 0x2A, 0x21, 0x59, 0xAC, 0xAB, 0xD9,
+        0x72, 0xAE, 0xB6, 0xF7, 0xDE, 0x09, 0x1A, 0xC5,
+        0xFD, 0xD7, 0xF4, 0x9A, 0x3D, 0xC6, 0x64, 0x1C,
+        0xDF, 0x62, 0x44, 0x6B, 0x4B, 0x04, 0xA3, 0x1F,
+        0x73, 0xB8, 0x0A, 0x62, 0xF8, 0x0A, 0x40, 0x4A,
+        0x8C, 0xB1, 0x8C, 0xE3, 0xE6, 0x54, 0x80, 0xEF,
+        0x7B, 0x52, 0xBF, 0x00, 0x91, 0x11, 0x7E, 0x5D,
+        0x08, 0xEA, 0xE1, 0xB0, 0xAA, 0xBB, 0x72, 0xE6,
+        0xDF, 0xFF, 0xF7, 0x6F, 0x6E, 0x44, 0xBB, 0xD7,
+        0xEA, 0x57, 0x0D, 0x66, 0x04, 0xBC, 0x2E, 0x74,
+        0x31, 0x8B, 0xAF, 0xA3, 0x15, 0xA3, 0x88, 0x61,
+        0xAA, 0x1B, 0x21, 0xAF, 0xB2, 0xA5, 0x3F, 0x26,
+        0x14, 0xF1, 0xD6, 0x40, 0x07, 0x59, 0x84, 0xAE,
+        0x62, 0xE2, 0xFC, 0xA1, 0xD1, 0xB4, 0xDB, 0x36,
+        0x9F, 0x15, 0x70, 0x5C, 0xE7, 0xD4, 0xDF, 0x8A,
+        0xE9, 0x82, 0x64, 0x50, 0x10, 0x51, 0xC0, 0xDE,
+        0xF2, 0x1D, 0x64, 0x5D, 0x49, 0x62, 0x5A, 0xF0,
+        0x2C, 0xA4, 0x28, 0xD9, 0xF0, 0xC2, 0xCD, 0x9F,
+        0xBA, 0xEE, 0xAB, 0x97, 0xE8, 0xE9, 0x15, 0x16,
+        0x62, 0xB6, 0x99, 0x2B, 0x4C, 0x99, 0xAB, 0x1B,
+        0x92, 0x5D, 0x08, 0x92, 0x03, 0x63, 0x37, 0x3F,
+        0x76, 0xD3, 0xFD, 0xF0, 0x82, 0x8C, 0xAA, 0x69,
+        0xC8, 0xB1, 0xBD, 0xC6, 0xF5, 0x21, 0xDF, 0x64,
+        0x1C, 0xF1, 0xC8, 0xA4, 0xE7, 0xEF, 0x0C, 0x23,
+        0x28, 0x9A, 0x4E, 0x2C, 0xF1, 0x8A, 0xCE, 0xBB,
+        0xE4, 0xC1, 0xE6, 0x83, 0x69, 0xBD, 0x52, 0x35,
+        0x12, 0x01, 0x42, 0xEC, 0xDD, 0x1A, 0x73, 0x81,
+        0x1E, 0x2E, 0x53, 0x3A, 0x64, 0x7D, 0x7A, 0xEE,
+        0x16, 0xDA, 0xA0, 0x3B, 0x68, 0x36, 0x39, 0xDC,
+        0xF1, 0xE1, 0xF1, 0xE7, 0x1C, 0xFA, 0xED, 0x48,
+        0xF6, 0x9A, 0xEC, 0x3E, 0x83, 0x17, 0x33, 0xDA,
+        0x19, 0xCE, 0xBE, 0xC1, 0xDD, 0xBF, 0x71, 0xCB,
+        0xAE, 0x08, 0x00, 0xF2, 0xF6, 0xD6, 0x4A, 0x09,
+        0x6E, 0xC4, 0x95, 0xD6, 0x2F, 0x43, 0x44, 0xF7,
+        0xAA, 0x56, 0x21, 0xB3, 0x22, 0x35, 0x3A, 0x79,
+        0x5A, 0xA0, 0x99, 0xEA, 0x3A, 0x07, 0x02, 0x72,
+        0xD0, 0x53, 0xD4, 0x65, 0x3A, 0x20, 0xCF, 0x21,
+        0x0E, 0xAA, 0xF1, 0x2C, 0xAE, 0x60, 0x23, 0xD8,
+        0xE5, 0x11, 0x8D, 0xF0, 0x4B, 0x38, 0x4A, 0x44,
+        0xD1, 0xED, 0xB9, 0x1C, 0x44, 0x98, 0x9E, 0xF7,
+        0xEE, 0x57, 0xF2, 0xBF, 0x81, 0xA2, 0x4B, 0xDC,
+        0x76, 0x80, 0x7D, 0xA9, 0x67, 0xEE, 0x65, 0x25,
+        0x41, 0x0C, 0x5C, 0x48, 0x50, 0x67, 0xEF, 0xC3,
+        0xD3, 0x9A, 0x9A, 0xD4, 0x2C, 0xC7, 0x53, 0xBA,
+        0xA5, 0x9A, 0x1F, 0xD2, 0x8A, 0xF3, 0x5C, 0x00,
+        0xD1, 0x8A, 0x40, 0x6A, 0x28, 0xFC, 0x79, 0xBA
+    };
+    static const byte kprime_768[WC_ML_KEM_SS_SZ] = {
+        0xDC, 0x5B, 0x88, 0x88, 0xBC, 0x1E, 0xBA, 0x5C,
+        0x19, 0x69, 0xC2, 0x11, 0x64, 0xEA, 0x43, 0xE2,
+        0x2E, 0x7A, 0xC0, 0xCD, 0x01, 0x2A, 0x2F, 0x26,
+        0xCB, 0x8C, 0x48, 0x7E, 0x69, 0xEF, 0x7C, 0xE4
+    };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    static const byte dk_1024[WC_ML_KEM_1024_PRIVATE_KEY_SIZE] = {
+        0x84, 0x45, 0xC3, 0x36, 0xF3, 0x51, 0x8B, 0x29,
+        0x81, 0x63, 0xDC, 0xBB, 0x63, 0x57, 0x59, 0x79,
+        0x83, 0xCA, 0x2E, 0x87, 0x3D, 0xCB, 0x49, 0x61,
+        0x0C, 0xF5, 0x2F, 0x14, 0xDB, 0xCB, 0x94, 0x7C,
+        0x1F, 0x3E, 0xE9, 0x26, 0x69, 0x67, 0x27, 0x6B,
+        0x0C, 0x57, 0x6C, 0xF7, 0xC3, 0x0E, 0xE6, 0xB9,
+        0x3D, 0xEA, 0x51, 0x18, 0x67, 0x6C, 0xBE, 0xE1,
+        0xB1, 0xD4, 0x79, 0x42, 0x06, 0xFB, 0x36, 0x9A,
+        0xBA, 0x41, 0x16, 0x7B, 0x43, 0x93, 0x85, 0x5C,
+        0x84, 0xEB, 0xA8, 0xF3, 0x23, 0x73, 0xC0, 0x5B,
+        0xAE, 0x76, 0x31, 0xC8, 0x02, 0x74, 0x4A, 0xAD,
+        0xB6, 0xC2, 0xDE, 0x41, 0x25, 0x0C, 0x49, 0x43,
+        0x15, 0x23, 0x0B, 0x52, 0x82, 0x6C, 0x34, 0x58,
+        0x7C, 0xB2, 0x1B, 0x18, 0x3B, 0x49, 0xB2, 0xA5,
+        0xAC, 0x04, 0x92, 0x1A, 0xC6, 0xBF, 0xAC, 0x1B,
+        0x24, 0xA4, 0xB3, 0x7A, 0x93, 0xA4, 0xB1, 0x68,
+        0xCC, 0xE7, 0x59, 0x1B, 0xE6, 0x11, 0x1F, 0x47,
+        0x62, 0x60, 0xF2, 0x76, 0x29, 0x59, 0xF5, 0xC1,
+        0x64, 0x01, 0x18, 0xC2, 0x42, 0x37, 0x72, 0xE2,
+        0xAD, 0x03, 0xDC, 0x71, 0x68, 0xA3, 0x8C, 0x6D,
+        0xD3, 0x9F, 0x5F, 0x72, 0x54, 0x26, 0x42, 0x80,
+        0xC8, 0xBC, 0x10, 0xB9, 0x14, 0x16, 0x80, 0x70,
+        0x47, 0x2F, 0xA8, 0x80, 0xAC, 0xB8, 0x60, 0x1A,
+        0x8A, 0x08, 0x37, 0xF2, 0x5F, 0xE1, 0x94, 0x68,
+        0x7C, 0xD6, 0x8B, 0x7D, 0xE2, 0x34, 0x0F, 0x03,
+        0x6D, 0xAD, 0x89, 0x1D, 0x38, 0xD1, 0xB0, 0xCE,
+        0x9C, 0x26, 0x33, 0x35, 0x5C, 0xF5, 0x7B, 0x50,
+        0xB8, 0x96, 0x03, 0x6F, 0xCA, 0x26, 0x0D, 0x26,
+        0x69, 0xF8, 0x5B, 0xAC, 0x79, 0x71, 0x4F, 0xDA,
+        0xFB, 0x41, 0xEF, 0x80, 0xB8, 0xC3, 0x02, 0x64,
+        0xC3, 0x13, 0x86, 0xAE, 0x60, 0xB0, 0x5F, 0xAA,
+        0x54, 0x2A, 0x26, 0xB4, 0x1E, 0xB8, 0x5F, 0x67,
+        0x06, 0x8F, 0x08, 0x80, 0x34, 0xFF, 0x67, 0xAA,
+        0x2E, 0x81, 0x5A, 0xAB, 0x8B, 0xCA, 0x6B, 0xF7,
+        0x1F, 0x70, 0xEC, 0xC3, 0xCB, 0xCB, 0xC4, 0x5E,
+        0xF7, 0x01, 0xFC, 0xD5, 0x42, 0xBD, 0x21, 0xC7,
+        0xB0, 0x95, 0x68, 0xF3, 0x69, 0xC6, 0x69, 0xF3,
+        0x96, 0x47, 0x38, 0x44, 0xFB, 0xA1, 0x49, 0x57,
+        0xF5, 0x19, 0x74, 0xD8, 0x52, 0xB9, 0x78, 0x01,
+        0x46, 0x03, 0xA2, 0x10, 0xC0, 0x19, 0x03, 0x62,
+        0x87, 0x00, 0x89, 0x94, 0xF2, 0x12, 0x55, 0xB2,
+        0x50, 0x99, 0xAD, 0x82, 0xAA, 0x13, 0x24, 0x38,
+        0x96, 0x3B, 0x2C, 0x0A, 0x47, 0xCD, 0xF5, 0xF3,
+        0x2B, 0xA4, 0x6B, 0x76, 0xC7, 0xA6, 0x55, 0x9F,
+        0x18, 0xBF, 0xD5, 0x55, 0xB7, 0x62, 0xE4, 0x87,
+        0xB6, 0xAC, 0x99, 0x2F, 0xE2, 0x0E, 0x28, 0x3C,
+        0xA0, 0xB3, 0xF6, 0x16, 0x44, 0x96, 0x95, 0x59,
+        0x95, 0xC3, 0xB2, 0x8A, 0x57, 0xBB, 0xC2, 0x98,
+        0x26, 0xF0, 0x6F, 0xB3, 0x8B, 0x25, 0x34, 0x70,
+        0xAF, 0x63, 0x1B, 0xC4, 0x6C, 0x3A, 0x8F, 0x9C,
+        0xE8, 0x24, 0x32, 0x19, 0x85, 0xDD, 0x01, 0xC0,
+        0x5F, 0x69, 0xB8, 0x24, 0xF9, 0x16, 0x63, 0x3B,
+        0x40, 0x65, 0x4C, 0x75, 0xAA, 0xEB, 0x93, 0x85,
+        0x57, 0x6F, 0xFD, 0xE2, 0x99, 0x0A, 0x6B, 0x0A,
+        0x3B, 0xE8, 0x29, 0xD6, 0xD8, 0x4E, 0x34, 0xF1,
+        0x78, 0x05, 0x89, 0xC7, 0x92, 0x04, 0xC6, 0x3C,
+        0x79, 0x8F, 0x55, 0xD2, 0x31, 0x87, 0xE4, 0x61,
+        0xD4, 0x8C, 0x21, 0xE5, 0xC0, 0x47, 0xE5, 0x35,
+        0xB1, 0x9F, 0x45, 0x8B, 0xBA, 0x13, 0x45, 0xB9,
+        0xE4, 0x1E, 0x0C, 0xB4, 0xA9, 0xC2, 0xD8, 0xC4,
+        0x0B, 0x49, 0x0A, 0x3B, 0xAB, 0xC5, 0x53, 0xB3,
+        0x02, 0x6B, 0x16, 0x72, 0xD2, 0x8C, 0xBC, 0x8B,
+        0x49, 0x8A, 0x3A, 0x99, 0x57, 0x9A, 0x83, 0x2F,
+        0xEA, 0xE7, 0x46, 0x10, 0xF0, 0xB6, 0x25, 0x0C,
+        0xC3, 0x33, 0xE9, 0x49, 0x3E, 0xB1, 0x62, 0x1E,
+        0xD3, 0x4A, 0xA4, 0xAB, 0x17, 0x5F, 0x2C, 0xA2,
+        0x31, 0x15, 0x25, 0x09, 0xAC, 0xB6, 0xAC, 0x86,
+        0xB2, 0x0F, 0x6B, 0x39, 0x10, 0x84, 0x39, 0xE5,
+        0xEC, 0x12, 0xD4, 0x65, 0xA0, 0xFE, 0xF3, 0x50,
+        0x03, 0xE1, 0x42, 0x77, 0xA2, 0x18, 0x12, 0x14,
+        0x6B, 0x25, 0x44, 0x71, 0x6D, 0x6A, 0xB8, 0x2D,
+        0x1B, 0x07, 0x26, 0xC2, 0x7A, 0x98, 0xD5, 0x89,
+        0xEB, 0xDA, 0xCC, 0x4C, 0x54, 0xBA, 0x77, 0xB2,
+        0x49, 0x8F, 0x21, 0x7E, 0x14, 0xE3, 0x4E, 0x66,
+        0x02, 0x5A, 0x2A, 0x14, 0x3A, 0x99, 0x25, 0x20,
+        0xA6, 0x1C, 0x06, 0x72, 0xCC, 0x9C, 0xCE, 0xD7,
+        0xC9, 0x45, 0x0C, 0x68, 0x3E, 0x90, 0xA3, 0xE4,
+        0x65, 0x1D, 0xB6, 0x23, 0xA6, 0xDB, 0x39, 0xAC,
+        0x26, 0x12, 0x5B, 0x7F, 0xC1, 0x98, 0x6D, 0x7B,
+        0x04, 0x93, 0xB8, 0xB7, 0x2D, 0xE7, 0x70, 0x7D,
+        0xC2, 0x0B, 0xBD, 0xD4, 0x37, 0x13, 0x15, 0x6A,
+        0xF7, 0xD9, 0x43, 0x0E, 0xF4, 0x53, 0x99, 0x66,
+        0x3C, 0x22, 0x02, 0x73, 0x91, 0x68, 0x69, 0x2D,
+        0xD6, 0x57, 0x54, 0x5B, 0x05, 0x6D, 0x9C, 0x92,
+        0x38, 0x5A, 0x7F, 0x41, 0x4B, 0x34, 0xB9, 0x0C,
+        0x79, 0x60, 0xD5, 0x7B, 0x35, 0xBA, 0x7D, 0xDE,
+        0x7B, 0x81, 0xFC, 0xA0, 0x11, 0x9D, 0x74, 0x1B,
+        0x12, 0x78, 0x09, 0x26, 0x01, 0x8F, 0xE4, 0xC8,
+        0x03, 0x0B, 0xF0, 0x38, 0xE1, 0x8B, 0x4F, 0xA3,
+        0x37, 0x43, 0xD0, 0xD3, 0xC8, 0x46, 0x41, 0x7E,
+        0x9D, 0x59, 0x15, 0xC2, 0x46, 0x31, 0x59, 0x38,
+        0xB1, 0xE2, 0x33, 0x61, 0x45, 0x01, 0xD0, 0x26,
+        0x95, 0x95, 0x51, 0x25, 0x8B, 0x23, 0x32, 0x30,
+        0xD4, 0x28, 0xB1, 0x81, 0xB1, 0x32, 0xF1, 0xD0,
+        0xB0, 0x26, 0x06, 0x7B, 0xA8, 0x16, 0x99, 0x9B,
+        0xC0, 0xCD, 0x6B, 0x54, 0x7E, 0x54, 0x8B, 0x63,
+        0xC9, 0xEA, 0xA0, 0x91, 0xBA, 0xC4, 0x93, 0xDC,
+        0x59, 0x8D, 0xBC, 0x2B, 0x0E, 0x14, 0x6A, 0x25,
+        0x91, 0xC2, 0xA8, 0xC0, 0x09, 0xDD, 0x51, 0x70,
+        0xAA, 0xE0, 0x27, 0xC5, 0x41, 0xA1, 0xB5, 0xE6,
+        0x6E, 0x45, 0xC6, 0x56, 0x12, 0x98, 0x4C, 0x46,
+        0x77, 0x04, 0x93, 0xEC, 0x89, 0x6E, 0xF2, 0x5A,
+        0xA9, 0x30, 0x5E, 0x9F, 0x06, 0x69, 0x2C, 0xD0,
+        0xB2, 0xF0, 0x69, 0x62, 0xE2, 0x05, 0xBE, 0xBE,
+        0x11, 0x3A, 0x34, 0xEB, 0xB1, 0xA4, 0x83, 0x0A,
+        0x9B, 0x37, 0x49, 0x64, 0x1B, 0xB9, 0x35, 0x00,
+        0x7B, 0x23, 0xB2, 0x4B, 0xFE, 0x57, 0x69, 0x56,
+        0x25, 0x4D, 0x7A, 0x35, 0xAA, 0x49, 0x6A, 0xC4,
+        0x46, 0xC6, 0x7A, 0x7F, 0xEC, 0x85, 0xA6, 0x00,
+        0x57, 0xE8, 0x58, 0x06, 0x17, 0xBC, 0xB3, 0xFA,
+        0xD1, 0x5C, 0x76, 0x44, 0x0F, 0xED, 0x54, 0xCC,
+        0x78, 0x93, 0x94, 0xFE, 0xA2, 0x44, 0x52, 0xCC,
+        0x6B, 0x05, 0x85, 0xB7, 0xEB, 0x0A, 0x88, 0xBB,
+        0xA9, 0x50, 0x0D, 0x98, 0x00, 0xE6, 0x24, 0x1A,
+        0xFE, 0xB5, 0x23, 0xB5, 0x5A, 0x96, 0xA5, 0x35,
+        0x15, 0x1D, 0x10, 0x49, 0x57, 0x32, 0x06, 0xE5,
+        0x9C, 0x7F, 0xEB, 0x07, 0x09, 0x66, 0x82, 0x36,
+        0x34, 0xF7, 0x7D, 0x5F, 0x12, 0x91, 0x75, 0x5A,
+        0x24, 0x31, 0x19, 0x62, 0x1A, 0xF8, 0x08, 0x4A,
+        0xB7, 0xAC, 0x1E, 0x22, 0xA0, 0x56, 0x8C, 0x62,
+        0x01, 0x41, 0x7C, 0xBE, 0x36, 0x55, 0xD8, 0xA0,
+        0x8D, 0xD5, 0xB5, 0x13, 0x88, 0x4C, 0x98, 0xD5,
+        0xA4, 0x93, 0xFD, 0x49, 0x38, 0x2E, 0xA4, 0x18,
+        0x60, 0xF1, 0x33, 0xCC, 0xD6, 0x01, 0xE8, 0x85,
+        0x96, 0x64, 0x26, 0xA2, 0xB1, 0xF2, 0x3D, 0x42,
+        0xD8, 0x2E, 0x24, 0x58, 0x2D, 0x99, 0x72, 0x51,
+        0x92, 0xC2, 0x17, 0x77, 0x46, 0x7B, 0x14, 0x57,
+        0xB1, 0xDD, 0x42, 0x9A, 0x0C, 0x41, 0xA5, 0xC3,
+        0xD7, 0x04, 0xCE, 0xA0, 0x62, 0x78, 0xC5, 0x99,
+        0x41, 0xB4, 0x38, 0xC6, 0x27, 0x27, 0x09, 0x78,
+        0x09, 0xB4, 0x53, 0x0D, 0xBE, 0x83, 0x7E, 0xA3,
+        0x96, 0xB6, 0xD3, 0x10, 0x77, 0xFA, 0xD3, 0x73,
+        0x30, 0x53, 0x98, 0x9A, 0x84, 0x42, 0xAA, 0xC4,
+        0x25, 0x5C, 0xB1, 0x63, 0xB8, 0xCA, 0x2F, 0x27,
+        0x50, 0x1E, 0xA9, 0x67, 0x30, 0x56, 0x95, 0xAB,
+        0xD6, 0x59, 0xAA, 0x02, 0xC8, 0x3E, 0xE6, 0x0B,
+        0xB5, 0x74, 0x20, 0x3E, 0x99, 0x37, 0xAE, 0x1C,
+        0x62, 0x1C, 0x8E, 0xCB, 0x5C, 0xC1, 0xD2, 0x1D,
+        0x55, 0x69, 0x60, 0xB5, 0xB9, 0x16, 0x1E, 0xA9,
+        0x6F, 0xFF, 0xEB, 0xAC, 0x72, 0xE1, 0xB8, 0xA6,
+        0x15, 0x4F, 0xC4, 0xD8, 0x8B, 0x56, 0xC0, 0x47,
+        0x41, 0xF0, 0x90, 0xCB, 0xB1, 0x56, 0xA7, 0x37,
+        0xC9, 0xE6, 0xA2, 0x2B, 0xA8, 0xAC, 0x70, 0x4B,
+        0xC3, 0x04, 0xF8, 0xE1, 0x7E, 0x5E, 0xA8, 0x45,
+        0xFD, 0xE5, 0x9F, 0xBF, 0x78, 0x8C, 0xCE, 0x0B,
+        0x97, 0xC8, 0x76, 0x1F, 0x89, 0xA2, 0x42, 0xF3,
+        0x05, 0x25, 0x83, 0xC6, 0x84, 0x4A, 0x63, 0x20,
+        0x31, 0xC9, 0x64, 0xA6, 0xC4, 0xA8, 0x5A, 0x12,
+        0x8A, 0x28, 0x61, 0x9B, 0xA1, 0xBB, 0x3D, 0x1B,
+        0xEA, 0x4B, 0x49, 0x84, 0x1F, 0xC8, 0x47, 0x61,
+        0x4A, 0x06, 0x68, 0x41, 0xF5, 0x2E, 0xD0, 0xEB,
+        0x8A, 0xE0, 0xB8, 0xB0, 0x96, 0xE9, 0x2B, 0x81,
+        0x95, 0x40, 0x58, 0x15, 0xB2, 0x31, 0x26, 0x6F,
+        0x36, 0xB1, 0x8C, 0x1A, 0x53, 0x33, 0x3D, 0xAB,
+        0x95, 0xD2, 0xA9, 0xA3, 0x74, 0xB5, 0x47, 0x8A,
+        0x4A, 0x41, 0xFB, 0x87, 0x59, 0x95, 0x7C, 0x9A,
+        0xB2, 0x2C, 0xAE, 0x54, 0x5A, 0xB5, 0x44, 0xBA,
+        0x8D, 0xD0, 0x5B, 0x83, 0xF3, 0xA6, 0x13, 0xA2,
+        0x43, 0x7A, 0xDB, 0x07, 0x3A, 0x96, 0x35, 0xCB,
+        0x4B, 0xBC, 0x96, 0x5F, 0xB4, 0x54, 0xCF, 0x27,
+        0xB2, 0x98, 0xA4, 0x0C, 0xD0, 0xDA, 0x3B, 0x8F,
+        0x9C, 0xA9, 0x9D, 0x8C, 0xB4, 0x28, 0x6C, 0x5E,
+        0xB4, 0x76, 0x41, 0x67, 0x96, 0x07, 0x0B, 0xA5,
+        0x35, 0xAA, 0xA5, 0x8C, 0xDB, 0x45, 0x1C, 0xD6,
+        0xDB, 0x5C, 0xBB, 0x0C, 0xA2, 0x0F, 0x0C, 0x71,
+        0xDE, 0x97, 0xC3, 0x0D, 0xA9, 0x7E, 0xC7, 0x90,
+        0x6D, 0x06, 0xB4, 0xB9, 0x39, 0x39, 0x60, 0x28,
+        0xC4, 0x6B, 0xA0, 0xE7, 0xA8, 0x65, 0xBC, 0x83,
+        0x08, 0xA3, 0x81, 0x0F, 0x12, 0x12, 0x00, 0x63,
+        0x39, 0xF7, 0xBC, 0x16, 0x9B, 0x16, 0x66, 0xFD,
+        0xF4, 0x75, 0x91, 0x1B, 0xBC, 0x8A, 0xAA, 0xB4,
+        0x17, 0x55, 0xC9, 0xA8, 0xAA, 0xBF, 0xA2, 0x3C,
+        0x0E, 0x37, 0xF8, 0x4F, 0xE4, 0x69, 0x99, 0xE0,
+        0x30, 0x49, 0x4B, 0x92, 0x98, 0xEF, 0x99, 0x34,
+        0xE8, 0xA6, 0x49, 0xC0, 0xA5, 0xCC, 0xE2, 0xB2,
+        0x2F, 0x31, 0x80, 0x9A, 0xFE, 0xD2, 0x39, 0x55,
+        0xD8, 0x78, 0x81, 0xD9, 0x9F, 0xC1, 0xD3, 0x52,
+        0x89, 0x6C, 0xAC, 0x90, 0x55, 0xBE, 0xA0, 0xD0,
+        0x16, 0xCC, 0xBA, 0x78, 0x05, 0xA3, 0xA5, 0x0E,
+        0x22, 0x16, 0x30, 0x37, 0x9B, 0xD0, 0x11, 0x35,
+        0x22, 0x1C, 0xAD, 0x5D, 0x95, 0x17, 0xC8, 0xCC,
+        0x42, 0x63, 0x7B, 0x9F, 0xC0, 0x71, 0x8E, 0x9A,
+        0x9B, 0xB4, 0x94, 0x5C, 0x72, 0xD8, 0xD1, 0x1D,
+        0x3D, 0x65, 0x9D, 0x83, 0xA3, 0xC4, 0x19, 0x50,
+        0x9A, 0xF5, 0xB4, 0x70, 0xDD, 0x89, 0xB7, 0xF3,
+        0xAC, 0xCF, 0x5F, 0x35, 0xCF, 0xC3, 0x22, 0x11,
+        0x5F, 0xD6, 0x6A, 0x5C, 0xD2, 0x87, 0x56, 0x51,
+        0x32, 0x6F, 0x9B, 0x31, 0x68, 0x91, 0x3B, 0xE5,
+        0xB9, 0xC8, 0x7A, 0xE0, 0xB0, 0x25, 0xEC, 0x7A,
+        0x2F, 0x4A, 0x07, 0x27, 0x50, 0x94, 0x6A, 0xC6,
+        0x11, 0x70, 0xA7, 0x82, 0x6D, 0x97, 0x04, 0xC5,
+        0xA2, 0x3A, 0x1C, 0x0A, 0x23, 0x25, 0x14, 0x6C,
+        0x3B, 0xC1, 0x85, 0x88, 0x26, 0xC6, 0xB3, 0x92,
+        0x79, 0xC2, 0xDA, 0x74, 0x38, 0xA3, 0x70, 0xED,
+        0x8A, 0x0A, 0xA5, 0x16, 0x9E, 0x3B, 0xEC, 0x29,
+        0xED, 0x88, 0x47, 0x87, 0x32, 0x75, 0x8D, 0x45,
+        0x41, 0x43, 0xE2, 0x27, 0xF8, 0x59, 0x58, 0x83,
+        0x29, 0x78, 0x42, 0xE6, 0xAF, 0x13, 0x3B, 0x17,
+        0xE4, 0x81, 0x1B, 0x0F, 0x57, 0x13, 0xAC, 0x73,
+        0xB7, 0xE3, 0x47, 0x42, 0x3E, 0xB9, 0x28, 0x22,
+        0xD2, 0x30, 0x6F, 0xA1, 0x45, 0x00, 0xA7, 0x20,
+        0x7A, 0x06, 0x72, 0x67, 0x20, 0x46, 0x54, 0x4A,
+        0xCC, 0x4E, 0xA9, 0xC1, 0x6E, 0xD7, 0x42, 0x1A,
+        0x06, 0x9E, 0x0D, 0x73, 0x7A, 0x98, 0x62, 0x85,
+        0x19, 0xC6, 0xA2, 0x9A, 0x42, 0x4A, 0x86, 0x8B,
+        0x46, 0xD9, 0xA0, 0xCC, 0x7C, 0x6C, 0x9D, 0xDD,
+        0x8B, 0x8B, 0xCB, 0xF4, 0x22, 0xC8, 0xF4, 0x8A,
+        0x73, 0x14, 0x3D, 0x5A, 0xBB, 0x66, 0xBC, 0x55,
+        0x49, 0x94, 0x18, 0x43, 0x08, 0x02, 0xBA, 0xC5,
+        0x44, 0x46, 0x3C, 0xC7, 0x31, 0x9D, 0x17, 0x99,
+        0x8F, 0x29, 0x41, 0x13, 0x65, 0x76, 0x6D, 0x04,
+        0xC8, 0x47, 0xF3, 0x12, 0x9D, 0x90, 0x77, 0xB7,
+        0xD8, 0x33, 0x9B, 0xFB, 0x96, 0xA6, 0x73, 0x9C,
+        0x3F, 0x6B, 0x74, 0xA8, 0xF0, 0x5F, 0x91, 0x38,
+        0xAB, 0x2F, 0xE3, 0x7A, 0xCB, 0x57, 0x63, 0x4D,
+        0x18, 0x20, 0xB5, 0x01, 0x76, 0xF5, 0xA0, 0xB6,
+        0xBC, 0x29, 0x40, 0xF1, 0xD5, 0x93, 0x8F, 0x19,
+        0x36, 0xB5, 0xF9, 0x58, 0x28, 0xB9, 0x2E, 0xB7,
+        0x29, 0x73, 0xC1, 0x59, 0x0A, 0xEB, 0x7A, 0x55,
+        0x2C, 0xEC, 0xA1, 0x0B, 0x00, 0xC3, 0x03, 0xB7,
+        0xC7, 0x5D, 0x40, 0x20, 0x71, 0xA7, 0x9E, 0x2C,
+        0x81, 0x0A, 0xF7, 0xC7, 0x45, 0xE3, 0x33, 0x67,
+        0x12, 0x49, 0x2A, 0x42, 0x04, 0x3F, 0x29, 0x03,
+        0xA3, 0x7C, 0x64, 0x34, 0xCE, 0xE2, 0x0B, 0x1D,
+        0x15, 0x9B, 0x05, 0x76, 0x99, 0xFF, 0x9C, 0x1D,
+        0x3B, 0xD6, 0x80, 0x29, 0x83, 0x9A, 0x08, 0xF4,
+        0x3E, 0x6C, 0x1C, 0x81, 0x99, 0x13, 0x53, 0x2F,
+        0x91, 0x1D, 0xD3, 0x70, 0xC7, 0x02, 0x14, 0x88,
+        0xE1, 0x1C, 0xB5, 0x04, 0xCB, 0x9C, 0x70, 0x57,
+        0x0F, 0xFF, 0x35, 0xB4, 0xB4, 0x60, 0x11, 0x91,
+        0xDC, 0x1A, 0xD9, 0xE6, 0xAD, 0xC5, 0xFA, 0x96,
+        0x18, 0x79, 0x8D, 0x7C, 0xC8, 0x60, 0xC8, 0x7A,
+        0x93, 0x9E, 0x4C, 0xCF, 0x85, 0x33, 0x63, 0x22,
+        0x68, 0xCF, 0x1A, 0x51, 0xAF, 0xF0, 0xCB, 0x81,
+        0x1C, 0x55, 0x45, 0xCB, 0x16, 0x56, 0xE6, 0x52,
+        0x69, 0x47, 0x74, 0x30, 0x69, 0x9C, 0xCD, 0xEA,
+        0x38, 0x00, 0x63, 0x0B, 0x78, 0xCD, 0x58, 0x10,
+        0x33, 0x4C, 0xCF, 0x02, 0xE0, 0x13, 0xF3, 0xB8,
+        0x02, 0x44, 0xE7, 0x0A, 0xCD, 0xB0, 0x60, 0xBB,
+        0xE7, 0xA5, 0x53, 0xB0, 0x63, 0x45, 0x6B, 0x2E,
+        0xA8, 0x07, 0x47, 0x34, 0x13, 0x16, 0x5C, 0xE5,
+        0x7D, 0xD5, 0x63, 0x47, 0x3C, 0xFB, 0xC9, 0x06,
+        0x18, 0xAD, 0xE1, 0xF0, 0xB8, 0x88, 0xAA, 0x48,
+        0xE7, 0x22, 0xBB, 0x27, 0x51, 0x85, 0x8F, 0xE1,
+        0x96, 0x87, 0x44, 0x2A, 0x48, 0xE7, 0xCA, 0x0D,
+        0x2A, 0x29, 0xCD, 0x51, 0xBF, 0xD8, 0xF7, 0x8C,
+        0x17, 0xB9, 0x66, 0x0B, 0xFB, 0x54, 0xA4, 0x70,
+        0xB2, 0xAE, 0x9A, 0x95, 0x5C, 0x6A, 0xB8, 0xD6,
+        0xE5, 0xCC, 0x92, 0xAC, 0x8E, 0xD3, 0xC1, 0x85,
+        0xDA, 0xA8, 0xBC, 0x29, 0xF0, 0x57, 0x8E, 0xBB,
+        0x81, 0x2B, 0x97, 0xC9, 0xE5, 0xA8, 0x48, 0xA6,
+        0x38, 0x4D, 0xE4, 0xE7, 0x5A, 0x31, 0x47, 0x0B,
+        0x53, 0x06, 0x6A, 0x8D, 0x02, 0x7B, 0xA4, 0x4B,
+        0x21, 0x74, 0x9C, 0x04, 0x92, 0x46, 0x5F, 0x90,
+        0x72, 0xB2, 0x83, 0x76, 0xC4, 0xE2, 0x90, 0xB3,
+        0x0C, 0x18, 0x63, 0xF9, 0xE5, 0xB7, 0x99, 0x96,
+        0x08, 0x34, 0x22, 0xBD, 0x8C, 0x27, 0x2C, 0x10,
+        0xEC, 0xC6, 0xEB, 0x9A, 0x0A, 0x82, 0x25, 0xB3,
+        0x1A, 0xA0, 0xA6, 0x6E, 0x35, 0xB9, 0xC0, 0xB9,
+        0xA7, 0x95, 0x82, 0xBA, 0x20, 0xA3, 0xC0, 0x4C,
+        0xD2, 0x99, 0x14, 0xF0, 0x83, 0xA0, 0x15, 0x82,
+        0x88, 0xBA, 0x4D, 0x6E, 0xB6, 0x2D, 0x87, 0x26,
+        0x4B, 0x91, 0x2B, 0xCA, 0x39, 0x73, 0x2F, 0xBD,
+        0xE5, 0x36, 0xA3, 0x77, 0xAD, 0x02, 0xB8, 0xC8,
+        0x35, 0xD4, 0xA2, 0xF4, 0xE7, 0xB1, 0xCE, 0x11,
+        0x5D, 0x0C, 0x86, 0x0B, 0xEA, 0xA7, 0x95, 0x5A,
+        0x49, 0xAD, 0x68, 0x95, 0x86, 0xA8, 0x9A, 0x2B,
+        0x9F, 0x9B, 0x10, 0xD1, 0x59, 0x5D, 0x2F, 0xC0,
+        0x65, 0xAD, 0x01, 0x8A, 0x7D, 0x56, 0xC6, 0x14,
+        0x47, 0x1F, 0x8E, 0x94, 0x6F, 0xE8, 0xAB, 0x49,
+        0xE8, 0x22, 0x65, 0x91, 0x11, 0x9F, 0xCA, 0xDB,
+        0x4F, 0x9A, 0x86, 0x16, 0x31, 0x37, 0x87, 0x36,
+        0xB6, 0x68, 0x8B, 0x78, 0x2D, 0x58, 0xE9, 0x7E,
+        0x45, 0x72, 0x75, 0x3A, 0x96, 0x64, 0xB6, 0xB8,
+        0x53, 0x68, 0x12, 0xB2, 0x59, 0x11, 0xAA, 0x76,
+        0xA2, 0x42, 0x37, 0x54, 0x33, 0x19, 0x27, 0x38,
+        0xEE, 0xE7, 0x62, 0xF6, 0xB8, 0x43, 0x15, 0xBB,
+        0x34, 0x36, 0x23, 0x1E, 0x0A, 0x9B, 0x27, 0x7E,
+        0xD2, 0x8A, 0xE0, 0x05, 0x07, 0x28, 0x34, 0x64,
+        0x57, 0xE1, 0x34, 0x05, 0x06, 0x2D, 0xB2, 0x80,
+        0x4B, 0x8D, 0xA6, 0x0B, 0xB5, 0xC7, 0x93, 0xD4,
+        0xCC, 0x0E, 0x10, 0x1C, 0xBA, 0x2D, 0x91, 0x82,
+        0xFD, 0x71, 0x24, 0xFF, 0x52, 0xBF, 0x4C, 0xA2,
+        0x82, 0x92, 0xAC, 0x26, 0xD6, 0x78, 0x08, 0x89,
+        0x53, 0x97, 0x1D, 0xBA, 0x0B, 0x6F, 0xEC, 0x2C,
+        0x96, 0x59, 0x35, 0x32, 0x91, 0xC7, 0x0C, 0x5B,
+        0x92, 0x45, 0xA0, 0xCA, 0x25, 0x33, 0x04, 0xAF,
+        0xD3, 0xC9, 0x51, 0x02, 0xBE, 0xA6, 0x68, 0x75,
+        0xC6, 0x20, 0x16, 0x80, 0xB4, 0xBD, 0xA3, 0x86,
+        0x87, 0xB6, 0x48, 0xC2, 0x8E, 0xB3, 0x74, 0x78,
+        0xE3, 0xBC, 0x00, 0xCA, 0x8A, 0x3C, 0xC2, 0x72,
+        0x04, 0x64, 0x2B, 0x42, 0xB6, 0x8F, 0xCB, 0xE7,
+        0xB2, 0x1A, 0x36, 0x6D, 0x06, 0x68, 0xA5, 0x02,
+        0x9A, 0x7D, 0xEE, 0xF9, 0x4C, 0xDD, 0x6A, 0x95,
+        0xD7, 0xEA, 0x89, 0x31, 0x67, 0x3B, 0xF7, 0x11,
+        0x2D, 0x40, 0x42, 0x10, 0x7B, 0x1B, 0x8B, 0x97,
+        0x00, 0xC9, 0x74, 0xF9, 0xC4, 0xE8, 0x3A, 0x8F,
+        0xAC, 0xD8, 0x9B, 0xFE, 0x0C, 0xA3, 0xCC, 0x4C,
+        0x2F, 0xCE, 0x80, 0xA0, 0x3D, 0x35, 0x76, 0xC2,
+        0x22, 0xA7, 0x92, 0xB7, 0x2B, 0x1F, 0x07, 0x0A,
+        0xB7, 0xF6, 0xB6, 0xF2, 0xB5, 0xCA, 0x2A, 0xF5,
+        0x05, 0x4A, 0xFA, 0x70, 0xA8, 0x96, 0x99, 0x01,
+        0x59, 0xB4, 0x5D, 0x10, 0x03, 0xE2, 0xA0, 0x56,
+        0x48, 0x67, 0x5E, 0x59, 0x60, 0x16, 0xF1, 0xB7,
+        0x1D, 0xD0, 0xF7, 0xBD, 0xA7, 0xE2, 0x09, 0x7F,
+        0xC7, 0x3B, 0x3A, 0x14, 0x3D, 0x12, 0xC7, 0x26,
+        0x02, 0x0A, 0xC3, 0x49, 0x58, 0xAD, 0x70, 0x62,
+        0xB9, 0x2B, 0x9A, 0xBF, 0x3C, 0xA6, 0xBE, 0x5A,
+        0xE2, 0x9F, 0x57, 0x13, 0x5E, 0x62, 0x5A, 0x36,
+        0x79, 0x71, 0x83, 0x7E, 0x63, 0x63, 0xD1, 0x53,
+        0x20, 0x94, 0xE0, 0x22, 0xA2, 0x34, 0x67, 0xCF,
+        0x93, 0x2E, 0x1F, 0x89, 0xB5, 0xB0, 0x80, 0x3C,
+        0x1E, 0xC9, 0x9B, 0x58, 0x5A, 0x78, 0xB5, 0x86,
+        0x50, 0x96, 0x74, 0x6F, 0x32, 0x25, 0x82, 0x14,
+        0xEC, 0xB3, 0x80, 0x65, 0xC9, 0x7F, 0x45, 0x5E,
+        0x15, 0x5A, 0xCC, 0x2D, 0xD0, 0x05, 0xA9, 0xC7,
+        0x6B, 0xED, 0x59, 0xCD, 0xA7, 0x38, 0x37, 0xD3,
+        0x03, 0x50, 0x4E, 0x6C, 0x97, 0x6A, 0x60, 0x6A,
+        0x2B, 0xE7, 0xBB, 0xEC, 0x59, 0x48, 0xB9, 0x1A,
+        0x34, 0x9E, 0x89, 0x36, 0x68, 0x8C, 0xC0, 0x27,
+        0x97, 0x54, 0xB7, 0x43, 0xAB, 0xC5, 0x86, 0x66,
+        0xB1, 0x9B, 0x6C, 0x32, 0x60, 0x05, 0x1F, 0x19,
+        0x20, 0x6B, 0xB9, 0x62, 0xBB, 0x66, 0x33, 0xEB,
+        0x00, 0x48, 0xE3, 0x2B, 0xAA, 0xCC, 0x5B, 0x02,
+        0x0D, 0x02, 0xC8, 0x6C, 0xA9, 0x77, 0x0A, 0xD4,
+        0x69, 0xDB, 0x54, 0xA1, 0x06, 0xAC, 0x73, 0xA3,
+        0x5B, 0x80, 0x57, 0x42, 0x2B, 0x3D, 0xB2, 0x02,
+        0xC5, 0xA5, 0xB4, 0xE3, 0xD5, 0x35, 0xF0, 0xFC,
+        0x99, 0x32, 0x6C, 0x4B, 0x8B, 0x7B, 0x16, 0xF1,
+        0xCB, 0x5A, 0xF9, 0x68, 0x03, 0xFA, 0x8C, 0x19,
+        0x5F, 0xC0, 0xBC, 0xED, 0xDA, 0xAF, 0x01, 0x2A,
+        0x51, 0x72, 0x8B, 0x76, 0x48, 0x90, 0x82, 0x37,
+        0x3C, 0x91, 0xE9, 0x2C, 0x87, 0xAC, 0xCA, 0x79,
+        0x51, 0x60, 0x78, 0x2E, 0x3B, 0x0D, 0xD6, 0x43,
+        0x54, 0x4B, 0xB9, 0x6A, 0xBC, 0x27, 0x08, 0xD4,
+        0x9B, 0x75, 0x9C, 0xF0, 0x57, 0xAA, 0x22, 0x3B,
+        0xAF, 0xD9, 0x6A, 0x33, 0x0B, 0xAF, 0x39, 0x81,
+        0x0F, 0xE8, 0x67, 0x1B, 0x43, 0x43, 0xC2, 0x97,
+        0xDA, 0x1E, 0x19, 0x69, 0xC9, 0x96, 0x21, 0x6A,
+        0xB5, 0x10, 0x6D, 0xA6, 0x68, 0x94, 0x1B, 0x16,
+        0x0D, 0x44, 0x77, 0x01, 0x71, 0x36, 0xCB, 0xCA,
+        0x5B, 0x5A, 0x8D, 0x44, 0xC4, 0xA8, 0xB1, 0xCF,
+        0x3E, 0xF7, 0x97, 0x85, 0xE5, 0xAA, 0x25, 0xC3,
+        0xA1, 0xAD, 0x6C, 0x24, 0xFD, 0x14, 0x0F, 0x79,
+        0x20, 0x7D, 0xE5, 0xA4, 0x99, 0xF8, 0xA1, 0x53,
+        0x4F, 0xFA, 0x80, 0x4A, 0xA7, 0xB3, 0x88, 0x9C,
+        0xBE, 0x25, 0xC0, 0x41, 0x47, 0x04, 0xAA, 0x57,
+        0x89, 0x7F, 0x17, 0x86, 0x23, 0x64, 0xEC, 0xA5,
+        0x62, 0x58, 0x00, 0x72, 0x48, 0x81, 0x39, 0x12,
+        0xB8, 0x36, 0x49, 0x7F, 0x03, 0x59, 0xC2, 0xF7,
+        0x23, 0x8A, 0x05, 0xD3, 0x05, 0xA0, 0xEA, 0x15,
+        0x2E, 0x72, 0xB4, 0x44, 0x17, 0xA8, 0x68, 0x13,
+        0x4E, 0x91, 0xB3, 0xCA, 0x79, 0x31, 0x23, 0x2F,
+        0xD4, 0xC2, 0x5F, 0x8C, 0x2A, 0x49, 0x2A, 0x33,
+        0x9C, 0xDC, 0x0A, 0x13, 0x89, 0x67, 0x21, 0x14,
+        0x51, 0xF2, 0x56, 0x26, 0x78, 0xFA, 0x14, 0x08,
+        0x0A, 0x34, 0x43, 0x6C, 0x42, 0xB0, 0x78, 0x65,
+        0xAC, 0x03, 0x6A, 0x81, 0xE9, 0x7A, 0x77, 0x87,
+        0xA9, 0x38, 0x02, 0x5C, 0xAF, 0x81, 0x34, 0x50,
+        0x36, 0x8B, 0xED, 0x0C, 0x94, 0xB1, 0x85, 0x76,
+        0x04, 0x52, 0x64, 0x05, 0xD2, 0x7A, 0x1C, 0x1A,
+        0xBC, 0x81, 0xB5, 0xB6, 0xEC, 0x13, 0xC7, 0x19,
+        0x30, 0xA9, 0x7D, 0x92, 0x32, 0xCF, 0x70, 0x21,
+        0xEF, 0x87, 0xA4, 0xD1, 0x55, 0x32, 0x8E, 0x62,
+        0xB5, 0x83, 0xA8, 0x3B, 0x4A, 0xF2, 0x1F, 0x9F,
+        0x57, 0x50, 0xF8, 0x57, 0x51, 0x50, 0x42, 0x4F,
+        0x63, 0xB8, 0x99, 0xD7, 0x1C, 0xAD, 0x26, 0x7C,
+        0x09, 0xE4, 0x46, 0x71, 0x46, 0xE1, 0x6E, 0x9B,
+        0x6C, 0x65, 0x3F, 0x00, 0x8C, 0x31, 0x13, 0x75,
+        0xE2, 0xE0, 0x06, 0xD4, 0x07, 0x6A, 0x54, 0x6B,
+        0x82, 0xF5, 0x31, 0x42, 0x22, 0xF7, 0xC6, 0x54,
+        0x31, 0x7E, 0x79, 0xEC, 0x60, 0x35, 0xB7, 0x3F,
+        0xAF, 0x49, 0x17, 0x57, 0xE6, 0x1C, 0x82, 0x83,
+        0x26, 0xD5, 0x30, 0x44, 0x54, 0x1C, 0x4D, 0x45,
+        0x37, 0xAB, 0xD3, 0xEA, 0x1E, 0x67, 0x99, 0x8C,
+        0x33, 0x82, 0x97, 0x4C, 0xA7, 0x8A, 0xE1, 0xB1,
+        0x96, 0x0E, 0x4A, 0x92, 0x26, 0xB0, 0x21, 0x9A,
+        0xB0, 0x70, 0xF0, 0xD7, 0xAA, 0x66, 0xD7, 0x6F,
+        0x93, 0x16, 0xAD, 0xB8, 0x0C, 0x54, 0xD6, 0x49,
+        0x97, 0x71, 0xB4, 0x71, 0xE8, 0x16, 0x8D, 0x47,
+        0xBC, 0xAA, 0x08, 0x32, 0x4A, 0xB6, 0xBA, 0x92,
+        0xC3, 0xA7, 0x02, 0x75, 0xF2, 0x4F, 0xA4, 0xDC,
+        0x10, 0xE2, 0x51, 0x63, 0x3F, 0xB9, 0x8D, 0x16,
+        0x2B, 0xB5, 0x53, 0x72, 0x02, 0xC6, 0xA5, 0x53,
+        0xCE, 0x78, 0x41, 0xC4, 0xD4, 0x0B, 0x87, 0x3B,
+        0x85, 0xCA, 0x03, 0xA0, 0xA1, 0xE1, 0xCF, 0xAD,
+        0xE6, 0xBA, 0x51, 0x80, 0xAB, 0x13, 0x23, 0xCC,
+        0xBA, 0x9A, 0x3E, 0x9C, 0x53, 0xD3, 0x75, 0x75,
+        0xAB, 0x1F, 0xD9, 0xE7, 0x31, 0x6C, 0x6F, 0xEE,
+        0xCB, 0x0A, 0x14, 0xDF, 0x6F, 0x2D, 0xA5, 0x6C,
+        0x2F, 0x56, 0xF5, 0x5A, 0x89, 0x63, 0x5C, 0xFC,
+        0xFD, 0xA4, 0x79, 0x27, 0xAF, 0x1F, 0x0A, 0x47,
+        0xB2, 0xD4, 0xE4, 0xE6, 0x16, 0x34, 0xB1, 0xB5,
+        0x1D, 0x37, 0xA3, 0xA3, 0x07, 0xA9, 0x72, 0x42,
+        0x0D, 0xE1, 0xB7, 0xA4, 0x81, 0xB8, 0x3E, 0x58,
+        0x3B, 0x6A, 0xF1, 0x6F, 0x63, 0xCB, 0x00, 0xC6
+    };
+    static const byte c_1024[WC_ML_KEM_1024_CIPHER_TEXT_SIZE] = {
+        0x0C, 0x68, 0x1B, 0x4A, 0xA8, 0x1F, 0x26, 0xAD,
+        0xFB, 0x64, 0x5E, 0xC2, 0x4B, 0x37, 0x52, 0xF6,
+        0xB3, 0x2C, 0x68, 0x64, 0x5A, 0xA5, 0xE7, 0xA9,
+        0x99, 0xB6, 0x20, 0x36, 0xA5, 0x3D, 0xC5, 0xCB,
+        0x06, 0x0A, 0x47, 0x3C, 0x08, 0xE5, 0xDA, 0x5C,
+        0x0F, 0x5A, 0xF0, 0xE5, 0x17, 0x0C, 0x65, 0x97,
+        0xE5, 0x0E, 0xC0, 0x80, 0x60, 0xF9, 0x9B, 0x0C,
+        0x00, 0xEE, 0x9B, 0xDD, 0xAD, 0x7E, 0x7D, 0x25,
+        0xA2, 0x2B, 0x22, 0x6F, 0x90, 0x14, 0x9B, 0x4C,
+        0xE8, 0x87, 0xC7, 0x2F, 0xB6, 0x0A, 0xFF, 0x21,
+        0x44, 0xEA, 0x2A, 0x72, 0x38, 0x3B, 0x31, 0x18,
+        0xF9, 0x22, 0xD0, 0x32, 0xA1, 0x6F, 0x55, 0x42,
+        0x89, 0x90, 0x2A, 0x14, 0xCF, 0x77, 0x55, 0x51,
+        0x2B, 0xB1, 0x18, 0x6B, 0xAF, 0xAF, 0xFE, 0x79,
+        0x4D, 0x2B, 0x6C, 0xDE, 0x90, 0x10, 0x9E, 0x65,
+        0x82, 0xD3, 0x9C, 0xE0, 0xC9, 0x61, 0x97, 0x48,
+        0x4B, 0x3F, 0xA0, 0x7F, 0xC9, 0x1D, 0x39, 0x4F,
+        0xC8, 0xD8, 0x8E, 0x7F, 0xC4, 0xBE, 0x00, 0x2E,
+        0x2D, 0xB5, 0x6F, 0x0C, 0x4D, 0x9D, 0x3F, 0xBD,
+        0xA2, 0x74, 0x53, 0x6A, 0x0B, 0x86, 0xAB, 0xC6,
+        0xE3, 0x9B, 0xDA, 0x52, 0x93, 0x1A, 0xEB, 0xB8,
+        0xF1, 0x08, 0x4C, 0x5C, 0x1F, 0x7C, 0xB3, 0x17,
+        0x77, 0x88, 0xB7, 0xF3, 0x31, 0xB7, 0x07, 0x43,
+        0x61, 0x16, 0x34, 0x91, 0xD4, 0x28, 0xE7, 0x8B,
+        0xCB, 0xB5, 0x7B, 0x63, 0x08, 0x41, 0xAA, 0x98,
+        0x73, 0x33, 0x37, 0x7C, 0xF0, 0x95, 0x69, 0xCF,
+        0xD1, 0x4C, 0xC2, 0xA1, 0x1C, 0x50, 0x1B, 0xDF,
+        0x82, 0xC9, 0x3D, 0xE0, 0x5B, 0xEA, 0x20, 0x06,
+        0x0D, 0xE8, 0x9C, 0x68, 0x6B, 0x82, 0x45, 0x71,
+        0xCE, 0xF9, 0x4A, 0xB3, 0xFD, 0xAF, 0xA8, 0x51,
+        0x26, 0x19, 0x81, 0x36, 0x69, 0xD4, 0xF5, 0x36,
+        0x37, 0xFE, 0xFA, 0x4D, 0x02, 0x8C, 0xB2, 0x33,
+        0xE5, 0x69, 0x30, 0xE2, 0x23, 0x5F, 0x7E, 0x60,
+        0x34, 0xCA, 0x94, 0xB1, 0x43, 0xB7, 0x7A, 0xD4,
+        0xA6, 0x87, 0x56, 0xE8, 0xA9, 0x18, 0x4D, 0xBA,
+        0x61, 0xA8, 0x9F, 0x91, 0xED, 0xFB, 0x51, 0xA3,
+        0x92, 0x11, 0x40, 0x24, 0x73, 0xA5, 0xF8, 0x91,
+        0x45, 0x73, 0x6B, 0x2B, 0xF8, 0x56, 0x9C, 0x70,
+        0x5B, 0x0C, 0xDB, 0x89, 0x80, 0xA4, 0x47, 0xE4,
+        0xE1, 0xEA, 0xAD, 0x3E, 0x7E, 0x05, 0x78, 0xF5,
+        0xF8, 0x6B, 0x8D, 0x03, 0xC9, 0xDA, 0xFE, 0x87,
+        0x5E, 0x33, 0x9B, 0x44, 0x23, 0x84, 0x56, 0x16,
+        0x79, 0x9E, 0xDC, 0xE0, 0x5F, 0x31, 0xB9, 0x26,
+        0x64, 0xC5, 0xA5, 0x92, 0x53, 0xA6, 0x0E, 0x9D,
+        0x89, 0x54, 0x8A, 0x30, 0x0C, 0x1A, 0xDB, 0x6D,
+        0x19, 0x0A, 0x77, 0x5C, 0x5E, 0xE6, 0xE8, 0xA8,
+        0x9B, 0x6E, 0x77, 0x9B, 0x03, 0x4C, 0x34, 0x00,
+        0xA6, 0x25, 0xF4, 0xBB, 0xED, 0xBF, 0x91, 0x9C,
+        0x45, 0xB2, 0xBC, 0xD1, 0x4C, 0x66, 0x92, 0x48,
+        0xFC, 0x43, 0xC3, 0xEF, 0x47, 0xE1, 0x00, 0x75,
+        0x89, 0x42, 0xE7, 0x5E, 0x8E, 0xD6, 0x07, 0x5A,
+        0x96, 0xD7, 0x0D, 0x4E, 0xBD, 0x2B, 0x61, 0x35,
+        0x82, 0x24, 0xDD, 0xA1, 0xEC, 0x4C, 0x19, 0xC2,
+        0xA9, 0x28, 0x98, 0x17, 0x6F, 0xEB, 0x3C, 0x02,
+        0xED, 0xCB, 0x99, 0x08, 0xBA, 0xE4, 0x9B, 0xD9,
+        0x4A, 0xF0, 0x28, 0xED, 0xF8, 0xCF, 0xC2, 0xE5,
+        0xF2, 0xE0, 0xBD, 0x37, 0x50, 0x06, 0x98, 0x6A,
+        0xD4, 0x9E, 0x71, 0x75, 0x48, 0xE7, 0x46, 0xFE,
+        0xF4, 0x9C, 0x86, 0x8B, 0xCE, 0xA2, 0x79, 0x0A,
+        0xA9, 0x7E, 0x04, 0x06, 0x1B, 0x75, 0x60, 0x5C,
+        0xB3, 0x9E, 0xFD, 0x46, 0x3D, 0x7B, 0x3D, 0x68,
+        0xBA, 0x57, 0x44, 0x34, 0xFF, 0x7B, 0xE8, 0xE2,
+        0xB8, 0x4B, 0xFC, 0x47, 0xE6, 0x7E, 0x9C, 0xD1,
+        0x5F, 0x3E, 0xD4, 0x50, 0xC6, 0x1A, 0xFB, 0xA7,
+        0x9A, 0x20, 0xB0, 0xB6, 0xF2, 0x87, 0x77, 0x7C,
+        0x72, 0xF4, 0xAD, 0x24, 0x81, 0x74, 0xF1, 0x95,
+        0x94, 0x77, 0xAA, 0x7A, 0x7C, 0x97, 0xF1, 0x22,
+        0xC5, 0x04, 0x47, 0xC7, 0x48, 0x4F, 0x38, 0x2B,
+        0xC4, 0x7D, 0x81, 0xFC, 0xC9, 0xC7, 0xE8, 0x92,
+        0xC8, 0x83, 0x9D, 0x37, 0xB3, 0x53, 0x94, 0xB5,
+        0x3E, 0x6B, 0x2B, 0x18, 0x95, 0xAB, 0xB0, 0xDE,
+        0x8C, 0x98, 0xF2, 0x63, 0x3D, 0xC4, 0x41, 0x3A,
+        0x8D, 0x57, 0x35, 0xDF, 0xC9, 0xA6, 0x40, 0x26,
+        0xB6, 0xF3, 0x47, 0x79, 0xD6, 0xAC, 0x8A, 0xD9,
+        0x9C, 0xC3, 0x1A, 0xA8, 0x98, 0xC2, 0xE7, 0x05,
+        0x7F, 0x3D, 0xB8, 0xA1, 0xA8, 0xA9, 0x85, 0x27,
+        0xA7, 0x9E, 0x43, 0x55, 0x2F, 0x28, 0xD1, 0x02,
+        0x3E, 0x1F, 0x6A, 0x6B, 0x84, 0x85, 0x5C, 0xF5,
+        0xE6, 0xDF, 0x88, 0x9B, 0xA2, 0x69, 0xF0, 0x48,
+        0x94, 0x6E, 0x84, 0x02, 0x1C, 0x65, 0xC5, 0xA9,
+        0x3B, 0x00, 0x7B, 0x07, 0x74, 0x1C, 0x1E, 0xE1,
+        0x76, 0xC7, 0x39, 0x49, 0x11, 0x0F, 0x54, 0x8E,
+        0xF4, 0x33, 0x2D, 0xCD, 0xD4, 0x91, 0xD2, 0xCE,
+        0xFD, 0x02, 0x48, 0x88, 0x3F, 0x5E, 0x95, 0x25,
+        0xBC, 0x91, 0xF3, 0x0A, 0xF1, 0x7C, 0xF5, 0xA9,
+        0x8D, 0xD4, 0x4E, 0xF9, 0xA7, 0x1F, 0x99, 0xBB,
+        0x73, 0x29, 0x85, 0xBA, 0x10, 0xA7, 0x23, 0xEF,
+        0x47, 0x6F, 0xCF, 0x96, 0x6D, 0xA9, 0x45, 0x6B,
+        0x24, 0x97, 0x8E, 0x33, 0x05, 0x0D, 0x0E, 0xC9,
+        0x0D, 0x3C, 0xE4, 0x63, 0x78, 0x85, 0x1C, 0x9E,
+        0xCF, 0xCF, 0xD3, 0x6C, 0x89, 0x5D, 0x44, 0xE9,
+        0xE5, 0x06, 0x99, 0x30, 0x82, 0x52, 0x3D, 0x26,
+        0x18, 0x57, 0x66, 0xB2, 0x35, 0x68, 0xCB, 0x95,
+        0xE6, 0x41, 0x08, 0xF8, 0x9D, 0x10, 0x14, 0x74,
+        0x7C, 0x67, 0xB6, 0xF3, 0xC8, 0x76, 0x7B, 0xE5,
+        0xFC, 0x34, 0x12, 0x27, 0xDE, 0x94, 0x88, 0x86,
+        0x1C, 0x5F, 0xE8, 0x11, 0x40, 0x9F, 0x80, 0x95,
+        0x7D, 0x07, 0x52, 0x2A, 0x72, 0xCF, 0x6A, 0xB0,
+        0x37, 0x8D, 0x0F, 0x2F, 0x28, 0xAF, 0x54, 0x81,
+        0x85, 0xC3, 0x93, 0x67, 0x77, 0x99, 0x44, 0x66,
+        0xA0, 0x19, 0xD3, 0x3B, 0x18, 0xA5, 0x4F, 0x38,
+        0x0A, 0x33, 0x89, 0x2A, 0xB4, 0xD4, 0xBD, 0x50,
+        0x7B, 0x5A, 0x61, 0xD0, 0xD3, 0x58, 0x34, 0x1A,
+        0xC9, 0x2F, 0x07, 0xB4, 0x3B, 0x8F, 0x6A, 0xFC,
+        0x69, 0x91, 0xBB, 0x6A, 0x1E, 0xAC, 0x23, 0xCA,
+        0x6F, 0x73, 0xE9, 0x1F, 0x24, 0x64, 0xBD, 0x11,
+        0x90, 0x98, 0xD7, 0xE7, 0x68, 0xE7, 0x7E, 0xCE,
+        0x53, 0xFB, 0x89, 0x9B, 0xEB, 0x42, 0x26, 0x5E,
+        0xCF, 0x7B, 0x27, 0x1F, 0x66, 0x54, 0x62, 0x82,
+        0xD4, 0x72, 0xC3, 0x62, 0x39, 0x00, 0x6B, 0xB0,
+        0xAB, 0xAB, 0xCC, 0xA2, 0x45, 0x50, 0xBA, 0xA0,
+        0xA6, 0x01, 0x34, 0x8C, 0x81, 0x0F, 0xF5, 0xF9,
+        0xEE, 0x50, 0x4B, 0xF7, 0x15, 0x5D, 0xEE, 0x41,
+        0x41, 0xA1, 0x16, 0x05, 0xA4, 0xF3, 0x50, 0x9A,
+        0xC9, 0xCA, 0xEF, 0x66, 0x24, 0xD2, 0x1D, 0xE3,
+        0x32, 0xD5, 0xD5, 0x08, 0x28, 0xB5, 0x2E, 0x92,
+        0x88, 0x5D, 0x3B, 0x90, 0x55, 0x3B, 0x14, 0x46,
+        0x3A, 0xFB, 0x1E, 0xDC, 0xCD, 0x3B, 0x56, 0x9B,
+        0x5A, 0x7F, 0x00, 0xBB, 0x66, 0x76, 0x9D, 0xAD,
+        0xAC, 0x23, 0xAD, 0x8B, 0xB5, 0xD7, 0x3A, 0x6F,
+        0x39, 0x0E, 0x6F, 0xC2, 0xF6, 0xF8, 0xEE, 0x3C,
+        0xF4, 0x00, 0x9A, 0x5C, 0x3E, 0x1E, 0xF6, 0x0E,
+        0x8F, 0x04, 0x06, 0x72, 0xD2, 0x62, 0xE6, 0x49,
+        0x03, 0x79, 0xBB, 0xC7, 0x04, 0x95, 0xDF, 0xF2,
+        0x37, 0xBE, 0xCD, 0x99, 0x52, 0xCD, 0x7E, 0xDE,
+        0xB6, 0xD1, 0xDF, 0xC3, 0x60, 0xB3, 0xFC, 0x8B,
+        0x0A, 0xF4, 0x80, 0xFF, 0xE0, 0x24, 0xAE, 0xEF,
+        0xCD, 0x4E, 0x9C, 0xE9, 0x5D, 0x9B, 0x46, 0x9C,
+        0x9A, 0x70, 0xE5, 0x11, 0x0D, 0xA0, 0xBA, 0xC1,
+        0x24, 0xFC, 0x37, 0x41, 0xDC, 0xF4, 0x91, 0x16,
+        0x26, 0x17, 0x96, 0x50, 0x4D, 0x5F, 0x49, 0x0B,
+        0x43, 0x3C, 0x33, 0xC4, 0x0E, 0xDC, 0xE2, 0xB7,
+        0x51, 0x51, 0xDA, 0x25, 0x6A, 0x86, 0x8A, 0x5E,
+        0x35, 0xF8, 0x62, 0x26, 0xB8, 0x15, 0x1C, 0x91,
+        0x93, 0x4C, 0xCC, 0x3D, 0xAC, 0xA3, 0x91, 0xDE,
+        0xCC, 0xA7, 0x45, 0x37, 0x56, 0x60, 0xB6, 0xEC,
+        0x41, 0xAE, 0x5D, 0x81, 0x08, 0x38, 0xCB, 0xEE,
+        0xFF, 0xA1, 0x25, 0x57, 0x88, 0x44, 0x12, 0x35,
+        0x7B, 0x10, 0x08, 0x36, 0x3D, 0x32, 0xB2, 0x37,
+        0xAA, 0x1D, 0xD8, 0xE2, 0xD9, 0xC6, 0x36, 0x7A,
+        0xDA, 0x09, 0xB2, 0xC9, 0x50, 0x60, 0x20, 0x6C,
+        0xEC, 0x3E, 0xED, 0x39, 0x1F, 0xDC, 0x5D, 0xBE,
+        0xF6, 0xF0, 0x8B, 0xDF, 0x04, 0x08, 0xE5, 0x85,
+        0xAE, 0x5E, 0xBC, 0x8E, 0x97, 0x45, 0xD4, 0x4F,
+        0xEC, 0xA9, 0x75, 0xAB, 0xBC, 0x14, 0x0B, 0xB3,
+        0x7B, 0x8A, 0xDD, 0x16, 0xFC, 0xC2, 0x95, 0x69,
+        0x10, 0xDC, 0x72, 0xBB, 0x3F, 0x02, 0xE9, 0xA1,
+        0x30, 0xC9, 0xA8, 0x4F, 0x9C, 0xCB, 0x74, 0xD1,
+        0x34, 0xCD, 0xF4, 0x0A, 0xFC, 0xBA, 0x20, 0x09,
+        0xC8, 0xF0, 0x04, 0x02, 0x39, 0xBC, 0x99, 0x22,
+        0x0E, 0xF6, 0x4C, 0x4D, 0xCC, 0xDE, 0x2E, 0x2E,
+        0x5C, 0x9B, 0x68, 0x60, 0x2F, 0xBE, 0x8E, 0xF4,
+        0xC9, 0x8B, 0x34, 0x68, 0xC7, 0x9D, 0xF4, 0xE0,
+        0x78, 0x51, 0x1B, 0xFB, 0x8A, 0xA3, 0xDA, 0x09,
+        0x59, 0x7A, 0x02, 0x51, 0x1E, 0x7C, 0x21, 0xA7,
+        0xCF, 0x66, 0xA9, 0x38, 0x43, 0xA9, 0x48, 0x68,
+        0xF1, 0x9E, 0x85, 0x52, 0x55, 0x2E, 0x3A, 0xCD,
+        0xF6, 0xCB, 0x81, 0x06, 0x34, 0xDB, 0x97, 0xCB,
+        0xC4, 0xBB, 0x56, 0x97, 0x09, 0xDA, 0xD4, 0x84,
+        0x56, 0x45, 0x44, 0x6F, 0xA8, 0xD2, 0x89, 0xFC,
+        0x59, 0x30, 0x7B, 0x80, 0x1E, 0x60, 0xCE, 0x2A,
+        0x91, 0xE0, 0x6E, 0x9C, 0x22, 0xC1, 0x6E, 0x2E,
+        0x59, 0xBD, 0xE3, 0x8A, 0x41, 0x6B, 0xB1, 0xB4,
+        0xAC, 0x54, 0x57, 0x43, 0x8F, 0xDC, 0x5D, 0x64,
+        0x45, 0x0A, 0x89, 0xEC, 0xB8, 0x32, 0xC1, 0xBB,
+        0x27, 0x9D, 0xBF, 0x59, 0x33, 0x46, 0x81, 0x77,
+        0x6A, 0xC0, 0x04, 0x09, 0x84, 0x6D, 0x09, 0xD6,
+        0xF6, 0x87, 0x77, 0x2E, 0x34, 0x08, 0x50, 0xAB,
+        0x86, 0x73, 0x38, 0x42, 0x15, 0xE1, 0x2C, 0x8D,
+        0x0F, 0x53, 0x1C, 0x45, 0x1E, 0x58, 0x49, 0x3E,
+        0x0E, 0xE4, 0x15, 0xAD, 0x59, 0x4D, 0xF3, 0x8C,
+        0x34, 0x40, 0x8C, 0x7E, 0xD9, 0xF0, 0xC3, 0x92,
+        0xF1, 0x53, 0x46, 0x04, 0xEA, 0xC3, 0xD9, 0xC1,
+        0x54, 0x65, 0xA9, 0xA4, 0x66, 0x32, 0x21, 0x4B,
+        0x53, 0x69, 0x90, 0xD7, 0x80, 0x78, 0xE5, 0xBD,
+        0x7E, 0xAE, 0x20, 0x13, 0xFF, 0xF8, 0xFD, 0xD8,
+        0xB2, 0x75, 0xC8, 0x9D, 0x97, 0xC9, 0x35, 0x3D,
+        0xF3, 0xC4, 0x2A, 0x28, 0xE8, 0x14, 0xD8, 0x46,
+        0x8E, 0x2B, 0x48, 0xDB, 0x09, 0x76, 0xD8, 0x8F,
+        0x5E, 0xEC, 0xEF, 0xEA, 0xFB, 0x8F, 0x7F, 0x4A,
+        0xF2, 0x91, 0xA7, 0x28, 0xF6, 0x24, 0x9E, 0xCF,
+        0x56, 0x22, 0x33, 0x92, 0x69, 0xAA, 0x94, 0x53,
+        0x29, 0xE9, 0x19, 0xF8, 0xB4, 0x41, 0xC8, 0x3D,
+        0x55, 0x07, 0xF3, 0x0D, 0xF0, 0xFD, 0x2B, 0x13,
+        0xFF, 0x80, 0x6F, 0x52, 0x2D, 0xAA, 0x11, 0xAF,
+        0x67, 0x6A, 0x51, 0x3C, 0x14, 0x9C, 0x70, 0xF0,
+        0xD6, 0xE9, 0x9A, 0x88, 0x04, 0x50, 0xA5, 0x4E,
+        0x04, 0x17, 0xFE, 0x3C, 0x1E, 0x51, 0x3E, 0x9D,
+        0x92, 0x0E, 0x30, 0xA8, 0xB4, 0x28, 0x91, 0x26,
+        0x7A, 0x2D, 0xC5, 0x0A, 0xD8, 0x1F, 0x98, 0x04,
+        0x49, 0x20, 0xC0, 0x99, 0xDF, 0x22, 0xC7, 0x39,
+        0x98, 0xA2, 0x5C, 0x58, 0x1A, 0x51, 0x78, 0xC7,
+        0x2B, 0x17, 0xAC, 0x87, 0x5B, 0xC6, 0x85, 0x48,
+        0xA0, 0xFB, 0x0C, 0xBE, 0xE3, 0x8F, 0x05, 0x01,
+        0x7B, 0x12, 0x43, 0x33, 0x43, 0xA6, 0x58, 0xF1,
+        0x98, 0x0C, 0x81, 0x24, 0xEA, 0x6D, 0xD8, 0x1F
+    };
+    static const byte kprime_1024[WC_ML_KEM_SS_SZ] = {
+        0x8F, 0x33, 0x6E, 0x9C, 0x28, 0xDF, 0x34, 0x9E,
+        0x03, 0x22, 0x0A, 0xF0, 0x1C, 0x42, 0x83, 0x2F,
+        0xEF, 0xAB, 0x1F, 0x2A, 0x74, 0xC1, 0x6F, 0xAF,
+        0x6F, 0x64, 0xAD, 0x07, 0x1C, 0x1A, 0x33, 0x94
+    };
+#endif
+    static byte ss[WC_ML_KEM_SS_SZ];
+
+    key = (MlKemKey*)XMALLOC(sizeof(MlKemKey), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(key);
+    if (key != NULL) {
+        XMEMSET(key, 0, sizeof(MlKemKey));
+    }
+
+#ifndef WOLFSSL_NO_ML_KEM_512
+    ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_512, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_MlKemKey_DecodePrivateKey(key, dk_512, sizeof(dk_512)), 0);
+    ExpectIntEQ(wc_MlKemKey_Decapsulate(key, ss, c_512, sizeof(c_512)), 0);
+    ExpectIntEQ(XMEMCMP(ss, kprime_512, WC_ML_KEM_SS_SZ), 0);
+    wc_MlKemKey_Free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_768
+    ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_768, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_MlKemKey_DecodePrivateKey(key, dk_768, sizeof(dk_768)), 0);
+    ExpectIntEQ(wc_MlKemKey_Decapsulate(key, ss, c_768, sizeof(c_768)), 0);
+    ExpectIntEQ(XMEMCMP(ss, kprime_768, WC_ML_KEM_SS_SZ), 0);
+    wc_MlKemKey_Free(key);
+#endif
+#ifndef WOLFSSL_NO_ML_KEM_1024
+    ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_1024, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_MlKemKey_DecodePrivateKey(key, dk_1024, sizeof(dk_1024)), 0);
+    ExpectIntEQ(wc_MlKemKey_Decapsulate(key, ss, c_1024, sizeof(c_1024)), 0);
+    ExpectIntEQ(XMEMCMP(ss, kprime_1024, WC_ML_KEM_SS_SZ), 0);
+    wc_MlKemKey_Free(key);
+#endif
+
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_mlkem.h b/tests/api/test_mlkem.h
new file mode 100644
index 000000000..0dc6651d9
--- /dev/null
+++ b/tests/api/test_mlkem.h
@@ -0,0 +1,36 @@
+/* test_mlkem.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_MLKEM_H
+#define WOLFCRYPT_TEST_MLKEM_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_mlkem_make_key_kats(void);
+int test_wc_mlkem_encapsulate_kats(void);
+int test_wc_mlkem_decapsulate_kats(void);
+
+#define TEST_MLKEM_DECLS                                      \
+    TEST_DECL_GROUP("mlkem", test_wc_mlkem_make_key_kats),    \
+    TEST_DECL_GROUP("mlkem", test_wc_mlkem_encapsulate_kats), \
+    TEST_DECL_GROUP("mlkem", test_wc_mlkem_decapsulate_kats)
+
+#endif /* WOLFCRYPT_TEST_MLKEM_H */
diff --git a/tests/api/test_ocsp.c b/tests/api/test_ocsp.c
new file mode 100644
index 000000000..76cdc977a
--- /dev/null
+++ b/tests/api/test_ocsp.c
@@ -0,0 +1,653 @@
+/* test_ocsp.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#include <tests/api/test_ocsp.h>
+#include <tests/api/test_ocsp_test_blobs.h>
+#include <wolfssl/internal.h>
+#include <wolfssl/ocsp.h>
+#include <wolfssl/ssl.h>
+
+#if defined(HAVE_OCSP) && !defined(NO_SHA) && !defined(NO_RSA)
+struct ocsp_cb_ctx {
+    byte* response;
+    int responseSz;
+};
+
+struct test_conf {
+    unsigned char* resp;
+    int respSz;
+    unsigned char* ca0;
+    int ca0Sz;
+    unsigned char* ca1;
+    int ca1Sz;
+    unsigned char* targetCert;
+    int targetCertSz;
+};
+
+static int ocsp_cb(void* ctx, const char* url, int urlSz, unsigned char* req,
+    int reqSz, unsigned char** respBuf)
+{
+    struct ocsp_cb_ctx* cb_ctx = (struct ocsp_cb_ctx*)ctx;
+    (void)url;
+    (void)urlSz;
+    (void)req;
+    (void)reqSz;
+
+    *respBuf = cb_ctx->response;
+    return cb_ctx->responseSz;
+}
+
+static int test_ocsp_response_with_cm(struct test_conf* c, int expectedRet)
+{
+    EXPECT_DECLS;
+    WOLFSSL_CERT_MANAGER* cm = NULL;
+    struct ocsp_cb_ctx cb_ctx;
+
+    ExpectNotNull(cm = wolfSSL_CertManagerNew());
+    ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm,
+                    WOLFSSL_OCSP_URL_OVERRIDE | WOLFSSL_OCSP_NO_NONCE),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, "http://foo.com"),
+        WOLFSSL_SUCCESS);
+    cb_ctx.response = (byte*)c->resp;
+    cb_ctx.responseSz = c->respSz;
+    ExpectIntEQ(
+        wolfSSL_CertManagerSetOCSP_Cb(cm, ocsp_cb, NULL, (void*)&cb_ctx),
+        WOLFSSL_SUCCESS);
+    /* add ca in cm */
+    if (c->ca0 != NULL) {
+        ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, c->ca0, c->ca0Sz,
+                        WOLFSSL_FILETYPE_ASN1),
+            WOLFSSL_SUCCESS);
+    }
+    if (c->ca1 != NULL) {
+        ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, c->ca1, c->ca1Sz,
+                        WOLFSSL_FILETYPE_ASN1),
+            WOLFSSL_SUCCESS);
+    }
+    /* check cert */
+    ExpectIntEQ(
+        wolfSSL_CertManagerCheckOCSP(cm, c->targetCert, c->targetCertSz),
+        expectedRet);
+    if (cm != NULL)
+        wolfSSL_CertManagerFree(cm);
+    return EXPECT_RESULT();
+}
+
+int test_ocsp_response_parsing(void)
+{
+    EXPECT_DECLS;
+    struct test_conf conf;
+    int  expectedRet;
+
+    conf.resp = (unsigned char*)resp;
+    conf.respSz = sizeof(resp);
+    conf.ca0 = root_ca_cert_pem;
+    conf.ca0Sz = sizeof(root_ca_cert_pem);
+    conf.ca1 = NULL;
+    conf.ca1Sz = 0;
+    conf.targetCert = intermediate1_ca_cert_pem;
+    conf.targetCertSz = sizeof(intermediate1_ca_cert_pem);
+    ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS),
+        TEST_SUCCESS);
+
+    conf.resp = (unsigned char*)resp_multi;
+    conf.respSz = sizeof(resp_multi);
+    conf.ca0 = root_ca_cert_pem;
+    conf.ca0Sz = sizeof(root_ca_cert_pem);
+    conf.ca1 = NULL;
+    conf.ca1Sz = 0;
+    conf.targetCert = intermediate1_ca_cert_pem;
+    conf.targetCertSz = sizeof(intermediate1_ca_cert_pem);
+    ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS),
+        TEST_SUCCESS);
+
+    conf.resp = (unsigned char*)resp_bad_noauth;
+    conf.respSz = sizeof(resp_bad_noauth);
+    conf.ca0 = root_ca_cert_pem;
+    conf.ca0Sz = sizeof(root_ca_cert_pem);
+    conf.ca1 = ca_cert_pem;
+    conf.ca1Sz = sizeof(ca_cert_pem);
+    conf.targetCert = server_cert_pem;
+    conf.targetCertSz = sizeof(server_cert_pem);
+    expectedRet = OCSP_LOOKUP_FAIL;
+#ifdef WOLFSSL_NO_OCSP_ISSUER_CHECK
+    expectedRet = WOLFSSL_SUCCESS;
+#endif
+    ExpectIntEQ(test_ocsp_response_with_cm(&conf, expectedRet), TEST_SUCCESS);
+
+    /* Test response with unusable internal cert but that can be verified in CM
+     */
+    conf.resp = (unsigned char*)resp_bad_embedded_cert;
+    conf.respSz = sizeof(resp_bad_embedded_cert);
+    conf.ca0 = root_ca_cert_pem;
+    conf.ca0Sz = sizeof(root_ca_cert_pem);
+    conf.ca1 = NULL;
+    conf.ca1Sz = 0;
+    conf.targetCert = intermediate1_ca_cert_pem;
+    conf.targetCertSz = sizeof(intermediate1_ca_cert_pem);
+    ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS),
+        TEST_SUCCESS);
+    return EXPECT_SUCCESS();
+}
+#else  /* HAVE_OCSP && !NO_SHA */
+int test_ocsp_response_parsing(void)
+{
+    return TEST_SKIPPED;
+}
+#endif /* HAVE_OCSP && !NO_SHA */
+
+#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \
+    !defined(NO_RSA)
+static int test_ocsp_create_x509store(WOLFSSL_X509_STORE** store,
+    unsigned char* ca, int caSz)
+{
+    EXPECT_DECLS;
+    WOLFSSL_X509* cert = NULL;
+
+    ExpectNotNull(*store = wolfSSL_X509_STORE_new());
+    ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, ca, caSz));
+    ExpectIntEQ(wolfSSL_X509_STORE_add_cert(*store, cert), WOLFSSL_SUCCESS);
+    wolfSSL_X509_free(cert);
+    return EXPECT_RESULT();
+}
+
+static int test_create_stack_of_x509(WOLF_STACK_OF(WOLFSSL_X509) * *certs,
+    unsigned char* der, int derSz)
+{
+    EXPECT_DECLS;
+    WOLFSSL_X509* cert = NULL;
+
+    ExpectNotNull(*certs = wolfSSL_sk_X509_new_null());
+    ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, der, derSz));
+    ExpectIntEQ(wolfSSL_sk_X509_push(*certs, cert), 1);
+    return EXPECT_RESULT();
+}
+
+int test_ocsp_basic_verify(void)
+{
+    EXPECT_DECLS;
+    WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL;
+    WOLFSSL_X509_STORE* store = NULL;
+    const unsigned char* ptr = NULL;
+    OcspResponse* response = NULL;
+    DecodedCert cert;
+    int expectedRet;
+
+    wc_InitDecodedCert(&cert, ocsp_responder_cert_pem,
+        sizeof(ocsp_responder_cert_pem), NULL);
+    ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
+
+    /* just decoding */
+    ptr = (const unsigned char*)resp;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));
+    ExpectIntEQ(response->responseStatus, 0);
+    ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_NAME);
+    ExpectBufEQ(response->responderId.nameHash, cert.subjectHash,
+        OCSP_DIGEST_SIZE);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* responder Id by key hash */
+    ptr = (const unsigned char*)resp_rid_bykey;
+    ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr,
+                      sizeof(resp_rid_bykey)));
+    ExpectIntEQ(response->responseStatus, 0);
+    ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_KEY);
+    ExpectBufEQ(response->responderId.keyHash, cert.subjectKeyHash,
+        OCSP_RESPONDER_ID_KEY_SZ);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* decoding with no embedded certificates */
+    ptr = (const unsigned char*)resp_nocert;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert)));
+    ExpectIntEQ(response->responseStatus, 0);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* decoding an invalid response */
+    ptr = (const unsigned char*)resp_bad;
+    ExpectNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_bad)));
+
+    ptr = (const unsigned char*)resp;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));
+    /* no verify signer certificate */
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY),
+        WOLFSSL_SUCCESS);
+    /* verify that the signature is checked */
+    if (EXPECT_SUCCESS()) {
+        response->sig[0] ^= 0xff;
+    }
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY),
+        WOLFSSL_FAILURE);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* populate a store with root-ca-cert */
+    ExpectIntEQ(test_ocsp_create_x509store(&store, root_ca_cert_pem,
+                    sizeof(root_ca_cert_pem)),
+        TEST_SUCCESS);
+
+    /* populate a WOLF_STACK_OF(WOLFSSL_X509) with responder certificate */
+    ExpectIntEQ(test_create_stack_of_x509(&certs, ocsp_responder_cert_pem,
+                    sizeof(ocsp_responder_cert_pem)),
+        TEST_SUCCESS);
+
+    /* cert not embedded, cert in certs, validated using store */
+    ptr = (const unsigned char*)resp_nocert;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert)));
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0),
+        WOLFSSL_SUCCESS);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* cert embedded, verified using store */
+    ptr = (const unsigned char*)resp;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, store, 0),
+        WOLFSSL_SUCCESS);
+    /* make invalid signature */
+    if (EXPECT_SUCCESS()) {
+        response->sig[0] ^= 0xff;
+    }
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, store, 0),
+        WOLFSSL_FAILURE);
+    if (EXPECT_SUCCESS()) {
+        response->sig[0] ^= 0xff;
+    }
+
+    /* cert embedded and in certs, no store needed bc OCSP_TRUSTOTHER */
+    ExpectIntEQ(
+        wolfSSL_OCSP_basic_verify(response, certs, NULL, OCSP_TRUSTOTHER),
+        WOLFSSL_SUCCESS);
+    /* this should also pass */
+    ExpectIntEQ(
+        wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_NOINTERN),
+        WOLFSSL_SUCCESS);
+    /* this should not */
+    ExpectIntNE(wolfSSL_OCSP_basic_verify(response, NULL, store, OCSP_NOINTERN),
+        WOLFSSL_SUCCESS);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* cert not embedded, not certs */
+    ptr = (const unsigned char*)resp_nocert;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert)));
+    ExpectIntNE(wolfSSL_OCSP_basic_verify(response, NULL, store, 0),
+        WOLFSSL_SUCCESS);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    wolfSSL_sk_X509_pop_free(certs, wolfSSL_X509_free);
+    wolfSSL_X509_STORE_free(store);
+
+    ExpectIntEQ(test_ocsp_create_x509store(&store, root_ca_cert_pem,
+                    sizeof(root_ca_cert_pem)),
+        TEST_SUCCESS);
+    ExpectIntEQ(test_create_stack_of_x509(&certs, root_ca_cert_pem,
+                    sizeof(root_ca_cert_pem)),
+        TEST_SUCCESS);
+
+    /* multiple responses in a ocsp response */
+    ptr = (const unsigned char*)resp_multi;
+    ExpectNotNull(
+        response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_multi)));
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0),
+        WOLFSSL_SUCCESS);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    /* cert in certs, cert verified on store, not authorized to verify all
+     * responses */
+    ptr = (const unsigned char*)resp_bad_noauth;
+    ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr,
+                      sizeof(resp_bad_noauth)));
+
+    expectedRet = WOLFSSL_FAILURE;
+#ifdef WOLFSSL_NO_OCSP_ISSUER_CHECK
+    expectedRet = WOLFSSL_SUCCESS;
+#endif
+    ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0),
+        expectedRet);
+    /* should pass with OCSP_NOCHECKS ...*/
+    ExpectIntEQ(
+        wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_NOCHECKS),
+        WOLFSSL_SUCCESS);
+    /* or with OSCP_TRUSTOTHER */
+    ExpectIntEQ(
+        wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_TRUSTOTHER),
+        WOLFSSL_SUCCESS);
+    wolfSSL_OCSP_RESPONSE_free(response);
+
+    wc_FreeDecodedCert(&cert);
+    wolfSSL_sk_X509_pop_free(certs, wolfSSL_X509_free);
+    wolfSSL_X509_STORE_free(store);
+    return EXPECT_RESULT();
+}
+#else
+int test_ocsp_basic_verify(void)
+{
+    return TEST_SKIPPED;
+}
+#endif /* HAVE_OCSP  && (OPENSSL_ALL || OPENSSL_EXTRA) */
+
+#if defined(HAVE_OCSP) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) &&     \
+    defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(WOLFSSL_NO_TLS12) &&  \
+    defined(OPENSSL_ALL)
+
+struct _test_ocsp_status_callback_ctx {
+    byte* ocsp_resp;
+    int ocsp_resp_sz;
+    int invoked;
+};
+
+static int test_ocsp_status_callback_cb(WOLFSSL* ssl, void* ctx)
+{
+    struct _test_ocsp_status_callback_ctx* _ctx =
+        (struct _test_ocsp_status_callback_ctx*)ctx;
+    byte* allocated;
+
+    _ctx->invoked++;
+    allocated = (byte*)XMALLOC(_ctx->ocsp_resp_sz, NULL, 0);
+    if (allocated == NULL)
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
+    XMEMCPY(allocated, _ctx->ocsp_resp, _ctx->ocsp_resp_sz);
+    SSL_set_tlsext_status_ocsp_resp(ssl, allocated, _ctx->ocsp_resp_sz);
+    return SSL_TLSEXT_ERR_OK;
+}
+
+static int test_ocsp_status_callback_cb_noack(WOLFSSL* ssl, void* ctx)
+{
+    struct _test_ocsp_status_callback_ctx* _ctx =
+        (struct _test_ocsp_status_callback_ctx*)ctx;
+    (void)ssl;
+
+    _ctx->invoked++;
+    return SSL_TLSEXT_ERR_NOACK;
+}
+
+static int test_ocsp_status_callback_cb_err(WOLFSSL* ssl, void* ctx)
+{
+    struct _test_ocsp_status_callback_ctx* _ctx =
+        (struct _test_ocsp_status_callback_ctx*)ctx;
+    (void)ssl;
+
+    _ctx->invoked++;
+    return SSL_TLSEXT_ERR_ALERT_FATAL;
+}
+
+static int test_ocsp_status_callback_test_setup(
+    struct _test_ocsp_status_callback_ctx* cb_ctx,
+    struct test_ssl_memio_ctx* test_ctx, method_provider cm, method_provider sm)
+{
+    int ret;
+
+    cb_ctx->invoked = 0;
+    XMEMSET(test_ctx, 0, sizeof(*test_ctx));
+    test_ctx->c_cb.caPemFile = "./certs/ocsp/root-ca-cert.pem";
+    test_ctx->s_cb.certPemFile = "./certs/ocsp/server1-cert.pem";
+    test_ctx->s_cb.keyPemFile = "./certs/ocsp/server1-key.pem";
+    test_ctx->c_cb.method = cm;
+    test_ctx->s_cb.method = sm;
+    ret = test_ssl_memio_setup(test_ctx);
+    wolfSSL_set_verify(test_ctx->c_ssl, WOLFSSL_VERIFY_DEFAULT, NULL);
+    return ret;
+}
+
+int test_ocsp_status_callback(void)
+{
+    struct test_params {
+        method_provider c_method;
+        method_provider s_method;
+    };
+
+    const char* responseFile = "./certs/ocsp/test-leaf-response.der";
+    struct _test_ocsp_status_callback_ctx cb_ctx;
+    struct test_ssl_memio_ctx test_ctx;
+    int enable_client_ocsp;
+    int enable_must_staple;
+    XFILE f = XBADFILE;
+    byte data[4096];
+    unsigned int i;
+    EXPECT_DECLS;
+
+    struct test_params params[] = {
+        {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method},
+#if defined(WOLFSSL_TLS13)
+        {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method},
+#endif
+#if defined(WOLFSSL_DTLS)
+        {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method},
+#endif
+#if defined(WOLFSSL_DTLS13)
+        {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method},
+#endif
+    };
+
+    XMEMSET(&cb_ctx, 0, sizeof(cb_ctx));
+    f = XFOPEN(responseFile, "rb");
+    if (f == XBADFILE)
+        return -1;
+    cb_ctx.ocsp_resp_sz = (word32)XFREAD(data, 1, 4096, f);
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+    cb_ctx.ocsp_resp = data;
+
+    for (i = 0; i < sizeof(params) / sizeof(params[0]); i++) {
+        for (enable_client_ocsp = 0; enable_client_ocsp <= 1;
+            enable_client_ocsp++) {
+            ExpectIntEQ(test_ocsp_status_callback_test_setup(&cb_ctx, &test_ctx,
+                            params[i].c_method, params[i].s_method),
+                TEST_SUCCESS);
+            ExpectIntEQ(SSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx,
+                            test_ocsp_status_callback_cb),
+                SSL_SUCCESS);
+            ExpectIntEQ(
+                SSL_CTX_set_tlsext_status_arg(test_ctx.s_ctx, (void*)&cb_ctx),
+                SSL_SUCCESS);
+            if (enable_client_ocsp) {
+                ExpectIntEQ(wolfSSL_UseOCSPStapling(test_ctx.c_ssl,
+                                WOLFSSL_CSR_OCSP, 0),
+                    WOLFSSL_SUCCESS);
+                ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx),
+                    WOLFSSL_SUCCESS);
+                ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(test_ctx.c_ctx),
+                    WOLFSSL_SUCCESS);
+            }
+            ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL),
+                TEST_SUCCESS);
+            ExpectIntEQ(cb_ctx.invoked, enable_client_ocsp ? 1 : 0);
+            test_ssl_memio_cleanup(&test_ctx);
+            if (!EXPECT_SUCCESS())
+                return EXPECT_RESULT();
+        }
+    }
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+    /* test client sending both OCSPv1 and OCSPv2/MultiOCSP */
+    /* StatusCb only supports OCSPv1 */
+    ExpectIntEQ(test_ocsp_status_callback_test_setup(&cb_ctx, &test_ctx,
+                    wolfTLSv1_2_client_method, wolfTLSv1_2_server_method),
+        TEST_SUCCESS);
+    ExpectIntEQ(SSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx,
+                    test_ocsp_status_callback_cb),
+        SSL_SUCCESS);
+    ExpectIntEQ(SSL_CTX_set_tlsext_status_arg(test_ctx.s_ctx, (void*)&cb_ctx),
+        SSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(test_ctx.c_ctx),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_UseOCSPStapling(test_ctx.c_ssl, WOLFSSL_CSR_OCSP, 0),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(
+        wolfSSL_UseOCSPStaplingV2(test_ctx.c_ssl, WOLFSSL_CSR2_OCSP_MULTI, 0),
+        WOLFSSL_SUCCESS);
+    wolfSSL_set_verify(test_ctx.c_ssl, WOLFSSL_VERIFY_DEFAULT, NULL);
+    ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS);
+    ExpectIntEQ(cb_ctx.invoked, 1);
+    test_ssl_memio_cleanup(&test_ctx);
+
+    if (!EXPECT_SUCCESS())
+        return EXPECT_RESULT();
+#endif /* defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) */
+    /* test cb returning NO_ACK, not acking the OCSP */
+    for (i = 0; i < sizeof(params) / sizeof(params[0]); i++) {
+        for (enable_must_staple = 0; enable_must_staple <= 1;
+            enable_must_staple++) {
+            ExpectIntEQ(test_ocsp_status_callback_test_setup(&cb_ctx, &test_ctx,
+                            params[i].c_method, params[i].s_method),
+                TEST_SUCCESS);
+            ExpectIntEQ(SSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx,
+                            test_ocsp_status_callback_cb_noack),
+                SSL_SUCCESS);
+            ExpectIntEQ(
+                SSL_CTX_set_tlsext_status_arg(test_ctx.s_ctx, (void*)&cb_ctx),
+                SSL_SUCCESS);
+            ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx),
+                WOLFSSL_SUCCESS);
+            ExpectIntEQ(
+                wolfSSL_UseOCSPStapling(test_ctx.c_ssl, WOLFSSL_CSR_OCSP, 0),
+                WOLFSSL_SUCCESS);
+            if (enable_must_staple)
+                ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(test_ctx.c_ctx),
+                    WOLFSSL_SUCCESS);
+            wolfSSL_set_verify(test_ctx.c_ssl, WOLFSSL_VERIFY_DEFAULT, NULL);
+            ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL),
+                enable_must_staple ? TEST_FAIL : TEST_SUCCESS);
+            ExpectIntEQ(cb_ctx.invoked, 1);
+            test_ssl_memio_cleanup(&test_ctx);
+            if (!EXPECT_SUCCESS())
+                return EXPECT_RESULT();
+        }
+    }
+
+    /* test cb returning err aborting handshake */
+    for (i = 0; i < sizeof(params) / sizeof(params[0]); i++) {
+        for (enable_client_ocsp = 0; enable_client_ocsp <= 1;
+            enable_client_ocsp++) {
+            ExpectIntEQ(test_ocsp_status_callback_test_setup(&cb_ctx, &test_ctx,
+                            params[i].c_method, params[i].s_method),
+                TEST_SUCCESS);
+            ExpectIntEQ(SSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx,
+                            test_ocsp_status_callback_cb_err),
+                SSL_SUCCESS);
+            ExpectIntEQ(
+                SSL_CTX_set_tlsext_status_arg(test_ctx.s_ctx, (void*)&cb_ctx),
+                SSL_SUCCESS);
+            if (enable_client_ocsp)
+                ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx),
+                    WOLFSSL_SUCCESS);
+            ExpectIntEQ(
+                wolfSSL_UseOCSPStapling(test_ctx.c_ssl, WOLFSSL_CSR_OCSP, 0),
+                WOLFSSL_SUCCESS);
+            wolfSSL_set_verify(test_ctx.c_ssl, WOLFSSL_VERIFY_DEFAULT, NULL);
+            ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL),
+                enable_client_ocsp ? TEST_FAIL : TEST_SUCCESS);
+            ExpectIntEQ(cb_ctx.invoked, enable_client_ocsp ? 1 : 0);
+            test_ssl_memio_cleanup(&test_ctx);
+            if (!EXPECT_SUCCESS())
+                return EXPECT_RESULT();
+        }
+    }
+
+    return EXPECT_RESULT();
+}
+
+#else
+int test_ocsp_status_callback(void)
+{
+    return TEST_SKIPPED;
+}
+#endif /* defined(HAVE_OCSP) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)  \
+        && defined(HAVE_CERTIFICATE_STATUS_REQUEST) &&                         \
+        !defined(WOLFSSL_NO_TLS12)                                             \
+        && defined(OPENSSL_ALL) */
+
+#if !defined(NO_SHA) && defined(OPENSSL_ALL) && defined(HAVE_OCSP) &&          \
+    !defined(WOLFSSL_SM3) && !defined(WOLFSSL_SM2) && !defined(NO_RSA)
+int test_ocsp_certid_enc_dec(void)
+{
+    EXPECT_DECLS;
+    WOLFSSL_OCSP_CERTID* certIdDec = NULL;
+    WOLFSSL_OCSP_CERTID* certId = NULL;
+    WOLFSSL_X509* subject = NULL;
+    WOLFSSL_X509* issuer = NULL;
+    unsigned char* temp = NULL;
+    unsigned char* der2 = NULL;
+    unsigned char* der = NULL;
+    int derSz = 0, derSz1 = 0;
+
+    /* Load test certificates */
+    ExpectNotNull(
+        subject = wolfSSL_X509_load_certificate_file(
+            "./certs/ocsp/intermediate1-ca-cert.pem", WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(
+                      "./certs/ocsp/root-ca-cert.pem", WOLFSSL_FILETYPE_PEM));
+
+    /* Create CERTID from certificates */
+    ExpectNotNull(certId = wolfSSL_OCSP_cert_to_id(NULL, subject, issuer));
+
+    /* get len */
+    ExpectIntGT(derSz = wolfSSL_i2d_OCSP_CERTID(certId, NULL), 0);
+
+    /* encode it */
+    ExpectIntGT(derSz1 = wolfSSL_i2d_OCSP_CERTID(certId, &der), 0);
+    ExpectIntEQ(derSz, derSz1);
+
+    if (EXPECT_SUCCESS())
+        temp = der2 = (unsigned char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL);
+    ExpectNotNull(der2);
+    /* encode without allocation */
+    ExpectIntGT(derSz1 = wolfSSL_i2d_OCSP_CERTID(certId, &der2), 0);
+    ExpectIntEQ(derSz, derSz1);
+    ExpectPtrEq(der2, temp + derSz);
+    ExpectBufEQ(der, temp, derSz);
+    XFREE(temp, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    /* save original */
+    temp = der;
+    /* decode it */
+    ExpectNotNull(certIdDec = wolfSSL_d2i_OCSP_CERTID(NULL,
+                      (const unsigned char**)&der, derSz));
+    /* check ptr is advanced */
+    ExpectPtrEq(der, temp + derSz);
+    der = der2;
+    XFREE(temp, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    /* compare */
+    ExpectIntEQ(wolfSSL_OCSP_id_cmp(certId, certIdDec), 0);
+
+    wolfSSL_OCSP_CERTID_free(certId);
+    wolfSSL_OCSP_CERTID_free(certIdDec);
+    wolfSSL_X509_free(subject);
+    wolfSSL_X509_free(issuer);
+    return EXPECT_SUCCESS();
+}
+#else /* !NO_SHA && OPENSSL_ALL && HAVE_OCSP && !WOLFSSL_SM3 && !WOLFSSL_SM2 */
+int test_ocsp_certid_enc_dec(void)
+{
+    return TEST_SKIPPED;
+}
+#endif
diff --git a/tests/api/test_ocsp.h b/tests/api/test_ocsp.h
new file mode 100644
index 000000000..55065b9d6
--- /dev/null
+++ b/tests/api/test_ocsp.h
@@ -0,0 +1,30 @@
+/* test_ocsp.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_TEST_OCSP_H
+#define WOLFSSL_TEST_OCSP_H
+
+int test_ocsp_certid_enc_dec(void);
+int test_ocsp_status_callback(void);
+int test_ocsp_basic_verify(void);
+int test_ocsp_response_parsing(void);
+#endif /* WOLFSSL_TEST_OCSP_H */
+
diff --git a/tests/api/test_ocsp_test_blobs.h b/tests/api/test_ocsp_test_blobs.h
new file mode 100644
index 000000000..04a667ec1
--- /dev/null
+++ b/tests/api/test_ocsp_test_blobs.h
@@ -0,0 +1,1224 @@
+/*
+* This file is generated automatically by running ./tests/api/create_ocsp_test_blobs.py.
+*
+* ocsp_test_blobs.h
+*
+* Copyright (C) 2006-2025 wolfSSL Inc.
+*
+* This file is part of wolfSSL.
+*
+* wolfSSL is free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 2 of the License, or
+* (at your option) any later version.
+*
+* wolfSSL is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+*
+*/
+#ifndef OCSP_TEST_BLOBS_H
+#define OCSP_TEST_BLOBS_H
+
+unsigned char resp[] = {
+    0x30, 0x82, 0x07, 0x04, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x06, 0xfd, 0x30,
+    0x82, 0x06, 0xf9, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+    0x01, 0x01, 0x04, 0x82, 0x06, 0xea, 0x30, 0x82, 0x06, 0xe6, 0x30, 0x82,
+    0x01, 0x06, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09,
+    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
+    0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
+    0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65,
+    0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f,
+    0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65,
+    0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
+    0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f,
+    0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34,
+    0x30, 0x39, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06,
+    0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1,
+    0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52,
+    0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82,
+    0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72,
+    0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32,
+    0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39, 0x5a,
+    0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+    0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x31, 0xb2, 0x07, 0x71, 0xa6, 0x8e,
+    0xd7, 0x32, 0xf5, 0x8d, 0x38, 0xd5, 0xbd, 0xe8, 0x6a, 0xba, 0x50, 0x79,
+    0x0d, 0x60, 0x14, 0xc4, 0xdc, 0x3a, 0xb2, 0xd3, 0x47, 0x21, 0x83, 0x2f,
+    0xb8, 0xa8, 0x91, 0x12, 0x58, 0x43, 0xd4, 0x27, 0x03, 0x10, 0x7c, 0x67,
+    0x65, 0xfc, 0x7c, 0xb9, 0xe9, 0x07, 0x76, 0xa3, 0x68, 0x1a, 0x2b, 0x56,
+    0xe0, 0x72, 0x5f, 0xb6, 0x6a, 0x2d, 0x52, 0x52, 0xf4, 0xf3, 0x4b, 0x91,
+    0x6b, 0x65, 0xe2, 0xd3, 0x03, 0x9b, 0xaf, 0x11, 0x43, 0x97, 0x94, 0x63,
+    0xff, 0x0d, 0x71, 0xf5, 0x4f, 0xef, 0x61, 0x4f, 0x55, 0xd3, 0x5b, 0x5f,
+    0x61, 0x1f, 0x2c, 0x03, 0xbd, 0x3f, 0xde, 0x62, 0xb5, 0x36, 0xb0, 0x3a,
+    0x52, 0xf3, 0x35, 0x26, 0x41, 0x2d, 0xa3, 0x1b, 0x1b, 0x07, 0x2c, 0x0a,
+    0x6b, 0x2b, 0x36, 0x87, 0x0c, 0xec, 0x5a, 0x9b, 0x72, 0xc2, 0x04, 0x79,
+    0x4a, 0x68, 0xba, 0xde, 0x6d, 0x65, 0x37, 0x37, 0x4f, 0x0a, 0xa8, 0x5b,
+    0x06, 0x45, 0xc0, 0x59, 0x39, 0x11, 0xd4, 0xcc, 0x28, 0x0c, 0x5d, 0x76,
+    0x11, 0xeb, 0x71, 0x0a, 0xf7, 0x72, 0x06, 0x2f, 0x50, 0x98, 0xe1, 0xfc,
+    0x86, 0x00, 0xaa, 0x9f, 0x45, 0xc5, 0x81, 0x8b, 0x73, 0xe9, 0x8c, 0xef,
+    0x31, 0xd9, 0x9b, 0xde, 0xe7, 0x57, 0xd0, 0x14, 0x8f, 0xfe, 0xec, 0xed,
+    0xc2, 0xfc, 0x18, 0x35, 0x4e, 0x24, 0xd0, 0x46, 0x36, 0x86, 0xdb, 0x6f,
+    0xa7, 0x06, 0x85, 0xef, 0x70, 0x2c, 0xce, 0xbb, 0xcc, 0x44, 0x3e, 0x82,
+    0x2f, 0xfa, 0xc2, 0x12, 0x6d, 0x40, 0x71, 0xc4, 0xac, 0xd9, 0x48, 0x72,
+    0xff, 0xec, 0x65, 0x89, 0x29, 0x81, 0x5f, 0x92, 0x98, 0x9f, 0xfb, 0xd0,
+    0x73, 0xcf, 0xb1, 0x80, 0x37, 0x33, 0x37, 0xb1, 0x95, 0x7e, 0xba, 0xb2,
+    0x6f, 0xee, 0x7b, 0x16, 0x09, 0x04, 0x9b, 0x01, 0x4b, 0x1e, 0xa0, 0x82,
+    0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82,
+    0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
+    0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+    0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+    0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74,
+    0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
+    0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+    0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+    0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67,
+    0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20,
+    0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
+    0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
+    0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32,
+    0x35, 0x33, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34,
+    0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b,
+    0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+    0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61,
+    0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74,
+    0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+    0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12,
+    0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e,
+    0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03,
+    0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c,
+    0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+    0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+    0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
+    0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+    0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
+    0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23,
+    0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5,
+    0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a,
+    0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a,
+    0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41,
+    0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb,
+    0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75,
+    0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95,
+    0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce,
+    0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3,
+    0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39,
+    0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72,
+    0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a,
+    0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03,
+    0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7,
+    0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff,
+    0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11,
+    0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda,
+    0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef,
+    0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f,
+    0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3,
+    0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5,
+    0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82,
+    0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30,
+    0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
+    0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70,
+    0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06,
+    0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14,
+    0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7,
+    0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4,
+    0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+    0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+    0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
+    0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
+    0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30,
+    0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66,
+    0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
+    0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
+    0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
+    0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74,
+    0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+    0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
+    0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+    0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c,
+    0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09,
+    0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+    0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4d, 0xa2, 0xd8, 0x55,
+    0xe0, 0x2b, 0xf4, 0xad, 0x65, 0xe2, 0x92, 0x35, 0xcb, 0x60, 0xa0, 0xa2,
+    0x6b, 0xa6, 0x88, 0xc1, 0x86, 0x58, 0x57, 0x37, 0xbd, 0x2e, 0x28, 0x6e,
+    0x1c, 0x56, 0x2a, 0x35, 0xde, 0xff, 0x3e, 0x8e, 0x3d, 0x47, 0x21, 0x1a,
+    0xe9, 0xd3, 0xc6, 0xb4, 0xe2, 0xcb, 0x3e, 0xc6, 0xaf, 0x9b, 0xef, 0x23,
+    0x88, 0x56, 0x95, 0x73, 0x2e, 0xb3, 0xed, 0xc5, 0x11, 0x4b, 0x69, 0xf7,
+    0x13, 0x3a, 0x05, 0xe1, 0xaf, 0xba, 0xc9, 0x59, 0xfd, 0xe2, 0xa0, 0x81,
+    0xa0, 0x4c, 0x0c, 0x2c, 0xcb, 0x57, 0xad, 0x96, 0x3a, 0x8c, 0x32, 0xa6,
+    0x4a, 0xf8, 0x72, 0xb8, 0xec, 0xb3, 0x26, 0x69, 0xd6, 0x6a, 0x4c, 0x4c,
+    0x78, 0x18, 0x3c, 0xca, 0x19, 0xf1, 0xb5, 0x8e, 0x23, 0x81, 0x5b, 0x27,
+    0x90, 0xe0, 0x5c, 0x2b, 0x17, 0x4d, 0x78, 0x99, 0x6b, 0x25, 0xbd, 0x2f,
+    0xae, 0x1b, 0xaa, 0xce, 0x84, 0xb9, 0x44, 0x21, 0x46, 0xc0, 0x34, 0x6b,
+    0x5b, 0xb9, 0x1b, 0xca, 0x5c, 0x60, 0xf1, 0xef, 0xe6, 0x66, 0xbc, 0x84,
+    0x63, 0x56, 0x50, 0x7d, 0xbb, 0x2c, 0x2f, 0x7b, 0x47, 0xb4, 0xfd, 0x58,
+    0x77, 0x87, 0xee, 0x27, 0x20, 0x96, 0x72, 0x8e, 0x4c, 0x7e, 0x4f, 0x93,
+    0xeb, 0x5f, 0x8f, 0x9c, 0x1e, 0x59, 0x7a, 0x96, 0xaa, 0x53, 0x77, 0x22,
+    0x41, 0xd8, 0xd3, 0xf9, 0x89, 0x8f, 0xe8, 0x9d, 0x65, 0xbd, 0x0c, 0x71,
+    0x3c, 0xbb, 0xa3, 0x07, 0xbf, 0xfb, 0xa8, 0xd1, 0x18, 0x0a, 0xb4, 0xc4,
+    0xf7, 0x83, 0xb3, 0x86, 0x2b, 0xf0, 0x5b, 0x05, 0x28, 0xc1, 0x01, 0x31,
+    0x73, 0x5c, 0x2b, 0xbd, 0x60, 0x97, 0xa3, 0x36, 0x82, 0x96, 0xd7, 0x83,
+    0xdf, 0x75, 0xee, 0x29, 0x42, 0x97, 0x86, 0x41, 0x55, 0xb9, 0x70, 0x87,
+    0xd5, 0x02, 0x85, 0x13, 0x41, 0xf8, 0x25, 0x05, 0xab, 0x6a, 0xaa, 0x57,
+};
+
+unsigned char resp_rid_bykey[] = {
+    0x30, 0x82, 0x06, 0x76, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x06, 0x6f, 0x30,
+    0x82, 0x06, 0x6b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+    0x01, 0x01, 0x04, 0x82, 0x06, 0x5c, 0x30, 0x82, 0x06, 0x58, 0x30, 0x7a,
+    0xa2, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc,
+    0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36,
+    0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36,
+    0x34, 0x34, 0x30, 0x39, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30,
+    0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8,
+    0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8,
+    0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4,
+    0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a,
+    0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32,
+    0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30,
+    0x39, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+    0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x18, 0x8b, 0xc4, 0x9c,
+    0x4e, 0x93, 0x4c, 0x91, 0x99, 0x32, 0x43, 0x3d, 0x03, 0xa0, 0x18, 0x7c,
+    0x20, 0x03, 0x2d, 0x29, 0x4a, 0xf8, 0x48, 0x43, 0xe5, 0x86, 0x27, 0x3f,
+    0x35, 0x99, 0x0e, 0x7f, 0xed, 0x7c, 0x1a, 0xd6, 0xfe, 0x2d, 0xed, 0xf8,
+    0x42, 0xda, 0xf3, 0xc0, 0x28, 0x8c, 0x7a, 0xf7, 0x4a, 0xbc, 0x9d, 0x54,
+    0xf0, 0x27, 0x89, 0xf3, 0xb9, 0x08, 0x9a, 0x8c, 0xf9, 0x4b, 0x75, 0x47,
+    0x39, 0x68, 0x64, 0xea, 0x2b, 0x16, 0x8d, 0xe6, 0x30, 0x4e, 0xb8, 0x97,
+    0xcd, 0x2d, 0x87, 0xc2, 0x5a, 0xb7, 0x10, 0xfa, 0xb9, 0x94, 0xad, 0xfe,
+    0xe4, 0x4e, 0xeb, 0x40, 0xe6, 0x56, 0xa0, 0x79, 0x88, 0x84, 0x51, 0x38,
+    0x79, 0xc6, 0x00, 0xc8, 0x94, 0xc8, 0x06, 0x45, 0x0d, 0x16, 0x51, 0xa1,
+    0xa0, 0xb5, 0xee, 0xa0, 0x91, 0xee, 0x35, 0x4a, 0xec, 0x60, 0xfb, 0x5a,
+    0x38, 0x40, 0x72, 0xf9, 0xc8, 0x54, 0x26, 0x58, 0xed, 0x6a, 0x7e, 0x4e,
+    0xca, 0xd8, 0xae, 0xb5, 0xf0, 0xe8, 0xed, 0x3a, 0xff, 0x51, 0xf9, 0x6e,
+    0x3d, 0x09, 0x4a, 0xb2, 0x68, 0x48, 0x33, 0xc0, 0xe8, 0x48, 0x77, 0xc9,
+    0xe3, 0x06, 0x0c, 0xc8, 0x92, 0x70, 0x54, 0x70, 0x33, 0x1b, 0x7c, 0xb8,
+    0x50, 0x67, 0xa7, 0xb4, 0x2d, 0x98, 0x77, 0x0e, 0x90, 0x0a, 0x55, 0xb7,
+    0xde, 0x06, 0x2a, 0x14, 0x51, 0x9d, 0xb1, 0x79, 0x2e, 0x8e, 0x3d, 0xef,
+    0x4c, 0x9b, 0x86, 0x22, 0x95, 0x2b, 0x1e, 0xa4, 0xf4, 0x09, 0x4c, 0xca,
+    0xe9, 0x5e, 0x0c, 0x87, 0x2c, 0x74, 0x1d, 0x78, 0x50, 0xa6, 0x9e, 0x36,
+    0x3b, 0xeb, 0x4e, 0x24, 0x00, 0xa2, 0x25, 0x2a, 0x63, 0xd8, 0x2e, 0xfe,
+    0xd2, 0xf1, 0x3b, 0x9d, 0x36, 0x80, 0x00, 0x67, 0xe4, 0x1d, 0xf9, 0x83,
+    0xd1, 0x65, 0x73, 0x3e, 0xe1, 0xbc, 0x16, 0x54, 0xa8, 0x0d, 0x21, 0xc0,
+    0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe,
+    0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04,
+    0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+    0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
+    0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
+    0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e,
+    0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
+    0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10,
+    0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c,
+    0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
+    0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69,
+    0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+    0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f,
+    0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86,
+    0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66,
+    0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
+    0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32,
+    0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x39,
+    0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x30, 0x81, 0x9e,
+    0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
+    0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a,
+    0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
+    0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61,
+    0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
+    0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14,
+    0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67,
+    0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+    0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70,
+    0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
+    0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
+    0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+    0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01,
+    0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8,
+    0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61,
+    0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c,
+    0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1,
+    0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4,
+    0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51,
+    0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74,
+    0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb,
+    0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80,
+    0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e,
+    0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16,
+    0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7,
+    0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8,
+    0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8,
+    0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e,
+    0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71,
+    0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27,
+    0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c,
+    0xae, 0xda, 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76,
+    0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14, 0x87, 0x95,
+    0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b,
+    0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54,
+    0x65, 0xe5, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a,
+    0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
+    0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
+    0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23,
+    0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81,
+    0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9,
+    0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5,
+    0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81,
+    0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06,
+    0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
+    0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69,
+    0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+    0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31,
+    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f,
+    0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
+    0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72,
+    0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f,
+    0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
+    0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
+    0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25,
+    0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
+    0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+    0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4d, 0xa2,
+    0xd8, 0x55, 0xe0, 0x2b, 0xf4, 0xad, 0x65, 0xe2, 0x92, 0x35, 0xcb, 0x60,
+    0xa0, 0xa2, 0x6b, 0xa6, 0x88, 0xc1, 0x86, 0x58, 0x57, 0x37, 0xbd, 0x2e,
+    0x28, 0x6e, 0x1c, 0x56, 0x2a, 0x35, 0xde, 0xff, 0x3e, 0x8e, 0x3d, 0x47,
+    0x21, 0x1a, 0xe9, 0xd3, 0xc6, 0xb4, 0xe2, 0xcb, 0x3e, 0xc6, 0xaf, 0x9b,
+    0xef, 0x23, 0x88, 0x56, 0x95, 0x73, 0x2e, 0xb3, 0xed, 0xc5, 0x11, 0x4b,
+    0x69, 0xf7, 0x13, 0x3a, 0x05, 0xe1, 0xaf, 0xba, 0xc9, 0x59, 0xfd, 0xe2,
+    0xa0, 0x81, 0xa0, 0x4c, 0x0c, 0x2c, 0xcb, 0x57, 0xad, 0x96, 0x3a, 0x8c,
+    0x32, 0xa6, 0x4a, 0xf8, 0x72, 0xb8, 0xec, 0xb3, 0x26, 0x69, 0xd6, 0x6a,
+    0x4c, 0x4c, 0x78, 0x18, 0x3c, 0xca, 0x19, 0xf1, 0xb5, 0x8e, 0x23, 0x81,
+    0x5b, 0x27, 0x90, 0xe0, 0x5c, 0x2b, 0x17, 0x4d, 0x78, 0x99, 0x6b, 0x25,
+    0xbd, 0x2f, 0xae, 0x1b, 0xaa, 0xce, 0x84, 0xb9, 0x44, 0x21, 0x46, 0xc0,
+    0x34, 0x6b, 0x5b, 0xb9, 0x1b, 0xca, 0x5c, 0x60, 0xf1, 0xef, 0xe6, 0x66,
+    0xbc, 0x84, 0x63, 0x56, 0x50, 0x7d, 0xbb, 0x2c, 0x2f, 0x7b, 0x47, 0xb4,
+    0xfd, 0x58, 0x77, 0x87, 0xee, 0x27, 0x20, 0x96, 0x72, 0x8e, 0x4c, 0x7e,
+    0x4f, 0x93, 0xeb, 0x5f, 0x8f, 0x9c, 0x1e, 0x59, 0x7a, 0x96, 0xaa, 0x53,
+    0x77, 0x22, 0x41, 0xd8, 0xd3, 0xf9, 0x89, 0x8f, 0xe8, 0x9d, 0x65, 0xbd,
+    0x0c, 0x71, 0x3c, 0xbb, 0xa3, 0x07, 0xbf, 0xfb, 0xa8, 0xd1, 0x18, 0x0a,
+    0xb4, 0xc4, 0xf7, 0x83, 0xb3, 0x86, 0x2b, 0xf0, 0x5b, 0x05, 0x28, 0xc1,
+    0x01, 0x31, 0x73, 0x5c, 0x2b, 0xbd, 0x60, 0x97, 0xa3, 0x36, 0x82, 0x96,
+    0xd7, 0x83, 0xdf, 0x75, 0xee, 0x29, 0x42, 0x97, 0x86, 0x41, 0x55, 0xb9,
+    0x70, 0x87, 0xd5, 0x02, 0x85, 0x13, 0x41, 0xf8, 0x25, 0x05, 0xab, 0x6a,
+    0xaa, 0x57,
+};
+
+unsigned char resp_nocert[] = {
+    0x30, 0x82, 0x02, 0x3a, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x02, 0x33, 0x30,
+    0x82, 0x02, 0x2f, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+    0x01, 0x01, 0x04, 0x82, 0x02, 0x20, 0x30, 0x82, 0x02, 0x1c, 0x30, 0x82,
+    0x01, 0x06, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09,
+    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
+    0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
+    0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65,
+    0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f,
+    0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65,
+    0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
+    0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f,
+    0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34,
+    0x30, 0x39, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06,
+    0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1,
+    0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52,
+    0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82,
+    0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72,
+    0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32,
+    0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39, 0x5a,
+    0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+    0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x31, 0xb2, 0x07, 0x71, 0xa6, 0x8e,
+    0xd7, 0x32, 0xf5, 0x8d, 0x38, 0xd5, 0xbd, 0xe8, 0x6a, 0xba, 0x50, 0x79,
+    0x0d, 0x60, 0x14, 0xc4, 0xdc, 0x3a, 0xb2, 0xd3, 0x47, 0x21, 0x83, 0x2f,
+    0xb8, 0xa8, 0x91, 0x12, 0x58, 0x43, 0xd4, 0x27, 0x03, 0x10, 0x7c, 0x67,
+    0x65, 0xfc, 0x7c, 0xb9, 0xe9, 0x07, 0x76, 0xa3, 0x68, 0x1a, 0x2b, 0x56,
+    0xe0, 0x72, 0x5f, 0xb6, 0x6a, 0x2d, 0x52, 0x52, 0xf4, 0xf3, 0x4b, 0x91,
+    0x6b, 0x65, 0xe2, 0xd3, 0x03, 0x9b, 0xaf, 0x11, 0x43, 0x97, 0x94, 0x63,
+    0xff, 0x0d, 0x71, 0xf5, 0x4f, 0xef, 0x61, 0x4f, 0x55, 0xd3, 0x5b, 0x5f,
+    0x61, 0x1f, 0x2c, 0x03, 0xbd, 0x3f, 0xde, 0x62, 0xb5, 0x36, 0xb0, 0x3a,
+    0x52, 0xf3, 0x35, 0x26, 0x41, 0x2d, 0xa3, 0x1b, 0x1b, 0x07, 0x2c, 0x0a,
+    0x6b, 0x2b, 0x36, 0x87, 0x0c, 0xec, 0x5a, 0x9b, 0x72, 0xc2, 0x04, 0x79,
+    0x4a, 0x68, 0xba, 0xde, 0x6d, 0x65, 0x37, 0x37, 0x4f, 0x0a, 0xa8, 0x5b,
+    0x06, 0x45, 0xc0, 0x59, 0x39, 0x11, 0xd4, 0xcc, 0x28, 0x0c, 0x5d, 0x76,
+    0x11, 0xeb, 0x71, 0x0a, 0xf7, 0x72, 0x06, 0x2f, 0x50, 0x98, 0xe1, 0xfc,
+    0x86, 0x00, 0xaa, 0x9f, 0x45, 0xc5, 0x81, 0x8b, 0x73, 0xe9, 0x8c, 0xef,
+    0x31, 0xd9, 0x9b, 0xde, 0xe7, 0x57, 0xd0, 0x14, 0x8f, 0xfe, 0xec, 0xed,
+    0xc2, 0xfc, 0x18, 0x35, 0x4e, 0x24, 0xd0, 0x46, 0x36, 0x86, 0xdb, 0x6f,
+    0xa7, 0x06, 0x85, 0xef, 0x70, 0x2c, 0xce, 0xbb, 0xcc, 0x44, 0x3e, 0x82,
+    0x2f, 0xfa, 0xc2, 0x12, 0x6d, 0x40, 0x71, 0xc4, 0xac, 0xd9, 0x48, 0x72,
+    0xff, 0xec, 0x65, 0x89, 0x29, 0x81, 0x5f, 0x92, 0x98, 0x9f, 0xfb, 0xd0,
+    0x73, 0xcf, 0xb1, 0x80, 0x37, 0x33, 0x37, 0xb1, 0x95, 0x7e, 0xba, 0xb2,
+    0x6f, 0xee, 0x7b, 0x16, 0x09, 0x04, 0x9b, 0x01, 0x4b, 0x1e,
+};
+
+unsigned char resp_multi[] = {
+    0x30, 0x82, 0x02, 0x83, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x02, 0x7c, 0x30,
+    0x82, 0x02, 0x78, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+    0x01, 0x01, 0x04, 0x82, 0x02, 0x69, 0x30, 0x82, 0x02, 0x65, 0x30, 0x82,
+    0x01, 0x4f, 0xa1, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09,
+    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
+    0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
+    0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65,
+    0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72,
+    0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
+    0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
+    0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30,
+    0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39, 0x5a, 0x30, 0x81, 0x9e, 0x30,
+    0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
+    0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b,
+    0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14,
+    0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7,
+    0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80,
+    0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31,
+    0x36, 0x34, 0x34, 0x30, 0x39, 0x5a, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07,
+    0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb,
+    0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2,
+    0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f,
+    0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e,
+    0x72, 0x15, 0x21, 0x02, 0x01, 0x02, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30,
+    0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39,
+    0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+    0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x0a, 0xc7, 0xfd, 0xa9, 0x1f,
+    0x76, 0x19, 0xc8, 0xbd, 0xa2, 0x67, 0x24, 0xd1, 0x68, 0xe3, 0x8b, 0x27,
+    0xf2, 0x67, 0x24, 0x87, 0xe3, 0x10, 0xba, 0x8d, 0x8d, 0x6f, 0xe2, 0xfa,
+    0xc1, 0xa6, 0x5a, 0x4c, 0xb1, 0x79, 0x56, 0x50, 0x2b, 0xb7, 0xdf, 0x20,
+    0x89, 0xda, 0x02, 0x3d, 0xef, 0xd3, 0xf9, 0x86, 0x6b, 0x0d, 0xd4, 0x92,
+    0x7e, 0x90, 0x04, 0x6c, 0xfd, 0x7b, 0x6d, 0xde, 0x02, 0x37, 0xec, 0x09,
+    0x2f, 0x6e, 0xf2, 0x69, 0xf8, 0x44, 0x82, 0xa9, 0x98, 0xca, 0xf4, 0x69,
+    0xa1, 0xe5, 0x68, 0xa3, 0xa9, 0x5c, 0xea, 0x07, 0xdd, 0x62, 0x2f, 0xb1,
+    0xd1, 0x55, 0x44, 0x82, 0x1a, 0xc3, 0x9f, 0x39, 0xec, 0xb9, 0x24, 0xfe,
+    0xea, 0x50, 0x28, 0x6c, 0x79, 0x3a, 0x6b, 0xfd, 0xbc, 0x3f, 0x81, 0xd3,
+    0x7c, 0xab, 0x13, 0x54, 0x1b, 0x0d, 0xd7, 0xa9, 0x31, 0x97, 0x0f, 0x53,
+    0x7a, 0xca, 0x49, 0x51, 0x03, 0xa9, 0xdc, 0x89, 0x00, 0x80, 0x69, 0xb6,
+    0x52, 0x0a, 0x10, 0xfe, 0xe1, 0x7e, 0x5f, 0x73, 0x8a, 0xd9, 0xbf, 0x3f,
+    0x02, 0x00, 0xf0, 0xb3, 0xb5, 0x04, 0xb8, 0x59, 0x07, 0xc9, 0x9b, 0x41,
+    0x12, 0x8d, 0x12, 0xed, 0x58, 0x3d, 0xcf, 0xa0, 0x1c, 0x7d, 0x45, 0x5d,
+    0x7c, 0x06, 0x0d, 0x8c, 0x98, 0xc9, 0x4e, 0xe9, 0x26, 0xa3, 0xc8, 0x70,
+    0x18, 0xe8, 0xff, 0x9b, 0x88, 0x0d, 0x3f, 0x47, 0xb3, 0x24, 0x43, 0x8c,
+    0x23, 0xa1, 0x3b, 0x64, 0x3d, 0x85, 0x34, 0x87, 0xae, 0x24, 0x76, 0x0f,
+    0x1e, 0x20, 0x6b, 0xf8, 0x5e, 0x4b, 0xea, 0x8c, 0x2a, 0xb1, 0xfb, 0xf2,
+    0xbc, 0xf7, 0x1d, 0x8f, 0x77, 0x69, 0x46, 0x4c, 0xff, 0x49, 0xd7, 0x47,
+    0x07, 0xa2, 0x04, 0x18, 0x14, 0xa9, 0x59, 0x53, 0x18, 0x5c, 0x0d, 0xbf,
+    0x04, 0xd9, 0xc8, 0xeb, 0xd2, 0xe7, 0x7b, 0xf1, 0x51, 0x8f, 0xca,
+};
+
+unsigned char resp_bad_noauth[] = {
+    0x30, 0x82, 0x02, 0x83, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x02, 0x7c, 0x30,
+    0x82, 0x02, 0x78, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+    0x01, 0x01, 0x04, 0x82, 0x02, 0x69, 0x30, 0x82, 0x02, 0x65, 0x30, 0x82,
+    0x01, 0x4f, 0xa1, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09,
+    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
+    0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
+    0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65,
+    0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72,
+    0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
+    0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
+    0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30,
+    0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39, 0x5a, 0x30, 0x81, 0x9e, 0x30,
+    0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
+    0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b,
+    0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14,
+    0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7,
+    0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80,
+    0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31,
+    0x36, 0x34, 0x34, 0x30, 0x39, 0x5a, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07,
+    0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0xff, 0x66, 0x21,
+    0x8a, 0x6e, 0xc5, 0x86, 0x61, 0x84, 0x25, 0x9a, 0xba, 0xd6, 0x55, 0x39,
+    0xfb, 0x25, 0x51, 0x2c, 0xdd, 0x04, 0x14, 0x27, 0x8e, 0x67, 0x11, 0x74,
+    0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30,
+    0xe5, 0xe8, 0xd5, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30,
+    0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39,
+    0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+    0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x16, 0xe7, 0xf6, 0x64, 0x59,
+    0x3a, 0x69, 0x64, 0x73, 0x5f, 0x9d, 0xdf, 0x91, 0xd8, 0xca, 0xc4, 0x99,
+    0xa5, 0x21, 0xdf, 0x49, 0x49, 0x84, 0xb9, 0xbe, 0x34, 0xaf, 0xf1, 0xf8,
+    0x6f, 0x8d, 0xea, 0x0d, 0x43, 0x1f, 0xcf, 0xe1, 0xd0, 0xda, 0x3e, 0x41,
+    0x3d, 0xab, 0x27, 0x19, 0x62, 0x03, 0x95, 0x1d, 0xc4, 0x09, 0xa2, 0xfb,
+    0x86, 0xfb, 0x19, 0x58, 0x32, 0x23, 0xc7, 0xb8, 0x96, 0xc1, 0xa4, 0x13,
+    0xc5, 0xe5, 0x61, 0x33, 0xb6, 0xbf, 0x34, 0x6f, 0x06, 0xaf, 0xcf, 0x9f,
+    0xaf, 0x84, 0x82, 0xa0, 0x9d, 0x00, 0x2a, 0x40, 0x9a, 0x77, 0x7f, 0xdd,
+    0x20, 0xc0, 0x3f, 0xa4, 0x84, 0x16, 0xef, 0x42, 0x32, 0x56, 0x66, 0xba,
+    0x9a, 0xb4, 0xf3, 0x79, 0x33, 0x3c, 0x5b, 0xa2, 0x40, 0xe9, 0x8b, 0xdc,
+    0x0d, 0x1d, 0x7a, 0x26, 0x25, 0x9f, 0xe8, 0x09, 0x74, 0x8a, 0x77, 0x6a,
+    0x82, 0x9b, 0xa1, 0x57, 0xd2, 0xa3, 0xb7, 0x40, 0x06, 0x62, 0x35, 0x15,
+    0x31, 0x54, 0xd4, 0x68, 0x75, 0x76, 0x56, 0xe3, 0xd6, 0x0b, 0x38, 0x99,
+    0x06, 0xf9, 0x75, 0xb0, 0x81, 0x3f, 0xa4, 0x97, 0xec, 0xee, 0x28, 0x0b,
+    0xcd, 0xe8, 0x23, 0xb1, 0x21, 0xe3, 0xd0, 0x88, 0xe0, 0x57, 0x97, 0x40,
+    0x54, 0x62, 0x7c, 0x9a, 0xbd, 0x07, 0xe1, 0x5c, 0x71, 0xe0, 0xfb, 0xcd,
+    0xc5, 0x03, 0xf5, 0x90, 0xc1, 0x2b, 0xc4, 0x5a, 0x09, 0x55, 0x17, 0x80,
+    0x41, 0xa6, 0xdc, 0xaf, 0x42, 0x41, 0x3c, 0xbf, 0xe8, 0xef, 0xa7, 0xf4,
+    0x7b, 0x9d, 0xa1, 0xfe, 0x80, 0xa1, 0xab, 0x0f, 0x8b, 0x4e, 0x4f, 0x0a,
+    0x10, 0x8b, 0xf2, 0x10, 0xeb, 0xf7, 0x73, 0xe3, 0xa7, 0x03, 0x9f, 0x0e,
+    0x33, 0x03, 0x42, 0x4e, 0xbe, 0xdd, 0x11, 0x2f, 0x9a, 0x06, 0xf7, 0x22,
+    0x7d, 0xfd, 0xb5, 0xa4, 0x89, 0xf8, 0x06, 0x2c, 0x41, 0xcf, 0x8a,
+};
+
+unsigned char resp_bad_embedded_cert[] = {
+    0x30, 0x82, 0x07, 0x2e, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x27, 0x30,
+    0x82, 0x07, 0x23, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+    0x01, 0x01, 0x04, 0x82, 0x07, 0x14, 0x30, 0x82, 0x07, 0x10, 0x30, 0x81,
+    0xff, 0xa1, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06,
+    0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
+    0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69,
+    0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+    0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31,
+    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f,
+    0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
+    0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72,
+    0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f,
+    0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
+    0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
+    0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35,
+    0x31, 0x36, 0x34, 0x34, 0x30, 0x39, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30,
+    0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14,
+    0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a,
+    0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0,
+    0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04,
+    0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18,
+    0x0f, 0x32, 0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34,
+    0x34, 0x30, 0x39, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, 0x34,
+    0x62, 0xfc, 0xd3, 0xf8, 0x95, 0x00, 0xc1, 0x3e, 0x4a, 0x18, 0x68, 0xf2,
+    0x6a, 0x71, 0xe8, 0xdf, 0x99, 0x42, 0xef, 0x2a, 0x2a, 0xcf, 0xa7, 0x43,
+    0xca, 0xd0, 0x93, 0x6b, 0x51, 0x05, 0xbf, 0xf9, 0xbb, 0xdb, 0x10, 0xc0,
+    0xb4, 0x02, 0xc7, 0x78, 0x07, 0x96, 0xf7, 0x02, 0x12, 0xa0, 0x9f, 0x68,
+    0x6f, 0xfc, 0x35, 0x6d, 0x9f, 0x90, 0x84, 0x1c, 0x6e, 0x57, 0x7b, 0x45,
+    0x37, 0xb8, 0xe3, 0x9d, 0x65, 0x22, 0x56, 0x24, 0xf6, 0xce, 0xb0, 0x79,
+    0xd6, 0xfa, 0xec, 0xc1, 0xe6, 0xbe, 0x97, 0xf7, 0xd5, 0x6e, 0xcd, 0xbb,
+    0xf9, 0x0c, 0xf8, 0x26, 0x0b, 0xf1, 0x20, 0x93, 0x11, 0x40, 0x61, 0x18,
+    0x5b, 0x24, 0xdf, 0x62, 0x39, 0xe1, 0x3d, 0xf2, 0x35, 0x3f, 0xbe, 0xa8,
+    0xc5, 0x99, 0xe7, 0x67, 0xbe, 0xaa, 0xc0, 0x0b, 0x53, 0xe9, 0xb6, 0x16,
+    0x55, 0x7f, 0xc6, 0x0d, 0xe4, 0x43, 0x96, 0xa6, 0xf7, 0x48, 0x21, 0xab,
+    0xf3, 0x0a, 0x17, 0x77, 0x87, 0x54, 0x7a, 0x35, 0x87, 0xfb, 0x7b, 0x7a,
+    0xcb, 0x87, 0x9f, 0x80, 0x8c, 0xe9, 0xcf, 0x04, 0x8d, 0xc0, 0xa5, 0x8c,
+    0xd7, 0xc6, 0x37, 0xcd, 0x28, 0x83, 0x6c, 0x68, 0x32, 0x97, 0xa7, 0x2e,
+    0x9d, 0x1c, 0x5b, 0x20, 0x77, 0x63, 0x55, 0x1b, 0x8b, 0x0b, 0xed, 0x1d,
+    0x25, 0x65, 0xaf, 0xf8, 0x3e, 0xcf, 0x5f, 0x43, 0x7f, 0xf8, 0xe3, 0x03,
+    0x13, 0x4f, 0x7a, 0x8a, 0x0d, 0x6b, 0xdd, 0xd6, 0xee, 0xd9, 0x97, 0xfe,
+    0xc1, 0x6a, 0x5b, 0x20, 0x39, 0x4f, 0x8f, 0x0c, 0x8c, 0x62, 0x33, 0x17,
+    0x9a, 0xa8, 0x25, 0x20, 0xa4, 0x7b, 0x20, 0x98, 0x7d, 0x64, 0xc8, 0x7d,
+    0xf4, 0xae, 0x77, 0xcb, 0x4a, 0xb7, 0xa0, 0xdf, 0x5e, 0x08, 0x83, 0xc5,
+    0x85, 0xdf, 0x71, 0xb1, 0x4f, 0x68, 0x1a, 0x34, 0x6f, 0xf5, 0xc1, 0xd0,
+    0x0d, 0x97, 0xa0, 0x82, 0x04, 0xf8, 0x30, 0x82, 0x04, 0xf4, 0x30, 0x82,
+    0x04, 0xf0, 0x30, 0x82, 0x03, 0xd8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
+    0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+    0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09,
+    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
+    0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
+    0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65,
+    0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72,
+    0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
+    0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
+    0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31,
+    0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x37,
+    0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x30,
+    0x81, 0xa1, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+    0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
+    0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53,
+    0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45,
+    0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x22,
+    0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x77, 0x6f, 0x6c,
+    0x66, 0x53, 0x53, 0x4c, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65,
+    0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x20, 0x32, 0x31, 0x1f,
+    0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
+    0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66,
+    0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30,
+    0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
+    0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02,
+    0x82, 0x01, 0x01, 0x00, 0xd0, 0x20, 0x3c, 0x35, 0x19, 0x6f, 0x2c, 0x44,
+    0xb4, 0x7e, 0x42, 0xc7, 0x75, 0xb4, 0x6a, 0x2b, 0xa9, 0x23, 0x85, 0xbf,
+    0x87, 0xb4, 0xee, 0xca, 0xd7, 0x4b, 0x1f, 0x31, 0xd7, 0x11, 0x02, 0xa1,
+    0xab, 0x58, 0x3d, 0xfb, 0xdc, 0x51, 0xca, 0x3a, 0x1d, 0x1f, 0x95, 0xa6,
+    0x56, 0x82, 0xf7, 0x8f, 0xff, 0x6b, 0x50, 0xbb, 0xea, 0x10, 0xe1, 0x47,
+    0x1d, 0x35, 0x77, 0x2e, 0x4b, 0x28, 0xc5, 0x53, 0x46, 0x23, 0x2b, 0x82,
+    0xfd, 0x5a, 0xd3, 0xf4, 0x21, 0xdb, 0x0e, 0xe0, 0xf2, 0x76, 0x33, 0x47,
+    0xb3, 0x00, 0xbe, 0x3a, 0xb1, 0x23, 0x98, 0x53, 0xeb, 0xea, 0xa0, 0xde,
+    0x1b, 0xcc, 0x05, 0x4e, 0xee, 0x63, 0xa8, 0x2c, 0x93, 0x24, 0xd6, 0x98,
+    0x78, 0x74, 0x03, 0xe4, 0xc8, 0x89, 0x43, 0x61, 0xf1, 0x25, 0xb8, 0xcd,
+    0x3b, 0x87, 0xc1, 0x31, 0x25, 0xfd, 0xba, 0x4c, 0xfc, 0x29, 0x94, 0x45,
+    0x9e, 0x69, 0xd7, 0x67, 0x0a, 0x8a, 0x8e, 0xd5, 0x52, 0x93, 0x30, 0xa2,
+    0x0e, 0xdd, 0x6a, 0x1c, 0xb0, 0x94, 0x77, 0xdb, 0x52, 0x52, 0xb7, 0x89,
+    0x21, 0xbe, 0x96, 0x75, 0x24, 0xcb, 0xe9, 0x49, 0xdf, 0x81, 0x9d, 0x9d,
+    0xf8, 0x55, 0x7d, 0x01, 0x2a, 0xeb, 0x78, 0x03, 0x12, 0xe2, 0x20, 0x6e,
+    0xdb, 0x63, 0x35, 0xcd, 0xa1, 0x96, 0xf0, 0xf8, 0x8c, 0x20, 0x35, 0x69,
+    0x87, 0x01, 0xca, 0xb4, 0x54, 0x36, 0xa0, 0x15, 0xe0, 0x23, 0x7d, 0xb9,
+    0xfb, 0xbe, 0x99, 0x05, 0x50, 0xf0, 0xbf, 0xec, 0x7f, 0x12, 0xe1, 0x3d,
+    0x75, 0x15, 0x4e, 0xc8, 0xc2, 0x30, 0xe6, 0x8b, 0xfe, 0xe5, 0x8b, 0x55,
+    0xf8, 0x44, 0x5e, 0xe5, 0xe3, 0x56, 0xe0, 0x66, 0x2d, 0x6f, 0x42, 0x5a,
+    0x45, 0x6b, 0x96, 0xaa, 0xc7, 0x5d, 0x41, 0x08, 0x5f, 0xce, 0xd7, 0xdc,
+    0x9f, 0x20, 0xe4, 0x46, 0x78, 0xff, 0xd9, 0x99, 0x02, 0x03, 0x01, 0x00,
+    0x01, 0xa3, 0x82, 0x01, 0x39, 0x30, 0x82, 0x01, 0x35, 0x30, 0x0c, 0x06,
+    0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
+    0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x05, 0xd1,
+    0xba, 0x86, 0x00, 0xa2, 0xee, 0x2a, 0x05, 0x24, 0xb7, 0x11, 0xad, 0x2d,
+    0x60, 0xf1, 0x90, 0x14, 0x8f, 0x17, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55,
+    0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0,
+    0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04,
+    0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a,
+    0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+    0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
+    0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f,
+    0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
+    0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06,
+    0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53,
+    0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b,
+    0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31,
+    0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f,
+    0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43,
+    0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
+    0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01,
+    0x63, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02,
+    0x01, 0x06, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
+    0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06,
+    0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70,
+    0x3a, 0x2f, 0x2f, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31,
+    0x3a, 0x32, 0x32, 0x32, 0x32, 0x30, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+    0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01,
+    0x01, 0x00, 0x1f, 0x0a, 0xd4, 0x04, 0xb7, 0x38, 0x42, 0xe7, 0xfa, 0x85,
+    0xee, 0x3a, 0xf7, 0x11, 0x98, 0x5a, 0x79, 0xd2, 0x43, 0x8b, 0xf0, 0x2b,
+    0xd2, 0xfc, 0xad, 0x7b, 0x33, 0xa0, 0x25, 0xa5, 0xb5, 0x3f, 0x29, 0x13,
+    0x94, 0x9c, 0xda, 0xb6, 0xe6, 0x41, 0x8c, 0x9a, 0x92, 0x3b, 0xcc, 0x44,
+    0x6e, 0x0e, 0x8e, 0x8b, 0x79, 0x09, 0x96, 0xed, 0x39, 0x57, 0xc4, 0xd6,
+    0xb1, 0x7f, 0xdd, 0xbf, 0xf1, 0x26, 0x75, 0x89, 0x7d, 0x28, 0x54, 0xc5,
+    0xe8, 0xda, 0x12, 0x28, 0x02, 0x5d, 0xbe, 0x91, 0x98, 0x95, 0xbf, 0xca,
+    0xe8, 0x20, 0xd6, 0xc6, 0x6c, 0xb2, 0xaf, 0x09, 0xab, 0x3a, 0xc2, 0xc2,
+    0xe5, 0xb1, 0xcf, 0xab, 0x79, 0x54, 0xf1, 0x44, 0xde, 0x77, 0xe4, 0xcb,
+    0x18, 0xf5, 0x7a, 0xd9, 0x5f, 0xe9, 0x88, 0xcd, 0x50, 0x54, 0x59, 0x01,
+    0xa0, 0x83, 0x1c, 0xb2, 0xad, 0x92, 0xea, 0xdf, 0xb1, 0x24, 0x84, 0xc7,
+    0xb5, 0x17, 0xe5, 0xc3, 0xb4, 0x26, 0x5f, 0x24, 0x90, 0xda, 0xe1, 0xd4,
+    0xac, 0xb8, 0xc7, 0xe0, 0x89, 0x1c, 0x56, 0x20, 0xaa, 0x53, 0x2d, 0x51,
+    0x55, 0x0a, 0x01, 0xe2, 0x4c, 0xbc, 0x8c, 0x74, 0x59, 0x9d, 0xf5, 0xf1,
+    0x74, 0xe7, 0x8b, 0xd8, 0x71, 0x12, 0x01, 0x2e, 0x6e, 0x4a, 0x01, 0xd7,
+    0xfb, 0x8d, 0xa8, 0x2e, 0x42, 0x63, 0xab, 0x11, 0x57, 0x1f, 0x4a, 0x1e,
+    0xc0, 0x43, 0x3b, 0x77, 0x32, 0x0d, 0xfe, 0x1f, 0xec, 0x62, 0x47, 0x27,
+    0xa7, 0x74, 0x84, 0x0a, 0x82, 0x3c, 0x0f, 0x5f, 0x83, 0x91, 0xe1, 0x78,
+    0x35, 0x88, 0x9d, 0xe1, 0xda, 0xb1, 0x00, 0xcb, 0x77, 0xc7, 0xfc, 0xf2,
+    0xa1, 0x3d, 0xc3, 0x7a, 0xde, 0xab, 0x81, 0xe4, 0x1b, 0xee, 0x75, 0xc9,
+    0xb9, 0xea, 0xf8, 0xc1, 0x5f, 0xe6, 0x15, 0x6a, 0x1f, 0x96, 0xba, 0x30,
+    0x05, 0x0f, 0x43, 0x7c, 0x21, 0xb6,
+};
+
+unsigned char ocsp_responder_cert_pem[] = {
+    0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b,
+    0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+    0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61,
+    0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74,
+    0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+    0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12,
+    0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e,
+    0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+    0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c,
+    0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16,
+    0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
+    0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31,
+    0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x17, 0x0d,
+    0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31,
+    0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+    0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+    0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74,
+    0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
+    0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+    0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+    0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67,
+    0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20,
+    0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30,
+    0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
+    0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73,
+    0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
+    0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
+    0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3,
+    0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34,
+    0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d,
+    0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb,
+    0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b,
+    0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5,
+    0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee,
+    0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4,
+    0x18, 0xde, 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac,
+    0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31,
+    0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1,
+    0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd,
+    0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c,
+    0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0,
+    0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12,
+    0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71,
+    0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0,
+    0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04,
+    0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68,
+    0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa,
+    0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65,
+    0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01,
+    0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, 0x03,
+    0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55,
+    0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2,
+    0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8,
+    0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81,
+    0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82,
+    0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72,
+    0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31,
+    0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+    0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57,
+    0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
+    0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74,
+    0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a,
+    0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30,
+    0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69,
+    0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53,
+    0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30,
+    0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01,
+    0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73,
+    0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, 0x06,
+    0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06,
+    0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+    0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01,
+    0x01, 0x00, 0x4d, 0xa2, 0xd8, 0x55, 0xe0, 0x2b, 0xf4, 0xad, 0x65, 0xe2,
+    0x92, 0x35, 0xcb, 0x60, 0xa0, 0xa2, 0x6b, 0xa6, 0x88, 0xc1, 0x86, 0x58,
+    0x57, 0x37, 0xbd, 0x2e, 0x28, 0x6e, 0x1c, 0x56, 0x2a, 0x35, 0xde, 0xff,
+    0x3e, 0x8e, 0x3d, 0x47, 0x21, 0x1a, 0xe9, 0xd3, 0xc6, 0xb4, 0xe2, 0xcb,
+    0x3e, 0xc6, 0xaf, 0x9b, 0xef, 0x23, 0x88, 0x56, 0x95, 0x73, 0x2e, 0xb3,
+    0xed, 0xc5, 0x11, 0x4b, 0x69, 0xf7, 0x13, 0x3a, 0x05, 0xe1, 0xaf, 0xba,
+    0xc9, 0x59, 0xfd, 0xe2, 0xa0, 0x81, 0xa0, 0x4c, 0x0c, 0x2c, 0xcb, 0x57,
+    0xad, 0x96, 0x3a, 0x8c, 0x32, 0xa6, 0x4a, 0xf8, 0x72, 0xb8, 0xec, 0xb3,
+    0x26, 0x69, 0xd6, 0x6a, 0x4c, 0x4c, 0x78, 0x18, 0x3c, 0xca, 0x19, 0xf1,
+    0xb5, 0x8e, 0x23, 0x81, 0x5b, 0x27, 0x90, 0xe0, 0x5c, 0x2b, 0x17, 0x4d,
+    0x78, 0x99, 0x6b, 0x25, 0xbd, 0x2f, 0xae, 0x1b, 0xaa, 0xce, 0x84, 0xb9,
+    0x44, 0x21, 0x46, 0xc0, 0x34, 0x6b, 0x5b, 0xb9, 0x1b, 0xca, 0x5c, 0x60,
+    0xf1, 0xef, 0xe6, 0x66, 0xbc, 0x84, 0x63, 0x56, 0x50, 0x7d, 0xbb, 0x2c,
+    0x2f, 0x7b, 0x47, 0xb4, 0xfd, 0x58, 0x77, 0x87, 0xee, 0x27, 0x20, 0x96,
+    0x72, 0x8e, 0x4c, 0x7e, 0x4f, 0x93, 0xeb, 0x5f, 0x8f, 0x9c, 0x1e, 0x59,
+    0x7a, 0x96, 0xaa, 0x53, 0x77, 0x22, 0x41, 0xd8, 0xd3, 0xf9, 0x89, 0x8f,
+    0xe8, 0x9d, 0x65, 0xbd, 0x0c, 0x71, 0x3c, 0xbb, 0xa3, 0x07, 0xbf, 0xfb,
+    0xa8, 0xd1, 0x18, 0x0a, 0xb4, 0xc4, 0xf7, 0x83, 0xb3, 0x86, 0x2b, 0xf0,
+    0x5b, 0x05, 0x28, 0xc1, 0x01, 0x31, 0x73, 0x5c, 0x2b, 0xbd, 0x60, 0x97,
+    0xa3, 0x36, 0x82, 0x96, 0xd7, 0x83, 0xdf, 0x75, 0xee, 0x29, 0x42, 0x97,
+    0x86, 0x41, 0x55, 0xb9, 0x70, 0x87, 0xd5, 0x02, 0x85, 0x13, 0x41, 0xf8,
+    0x25, 0x05, 0xab, 0x6a, 0xaa, 0x57,
+};
+
+unsigned char root_ca_cert_pem[] = {
+    0x30, 0x82, 0x04, 0xe6, 0x30, 0x82, 0x03, 0xce, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x01, 0x63, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b,
+    0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+    0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61,
+    0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74,
+    0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+    0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12,
+    0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e,
+    0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+    0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c,
+    0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16,
+    0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
+    0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31,
+    0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x17, 0x0d,
+    0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31,
+    0x5a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+    0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+    0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74,
+    0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
+    0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+    0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+    0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67,
+    0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20,
+    0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
+    0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
+    0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
+    0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xab, 0x2c, 0xb4, 0x2f,
+    0x1d, 0x06, 0x09, 0xef, 0x4e, 0x29, 0x86, 0x84, 0x7e, 0xcc, 0xbf, 0xa6,
+    0x79, 0x7c, 0xf0, 0xc0, 0xc1, 0x64, 0x25, 0x8c, 0x75, 0xb7, 0x10, 0x05,
+    0xca, 0x48, 0x27, 0x0c, 0x0e, 0x32, 0x1c, 0xb0, 0xfe, 0x99, 0x85, 0x39,
+    0xb6, 0xb9, 0xa2, 0xf7, 0x27, 0xff, 0x6d, 0x3c, 0x8c, 0x16, 0x73, 0x29,
+    0x21, 0x7f, 0x8b, 0xa6, 0x54, 0x71, 0x90, 0xad, 0xcc, 0x05, 0xb9, 0x9f,
+    0x15, 0xc7, 0x0a, 0x3f, 0x5f, 0x69, 0xf4, 0x0a, 0x5f, 0x8c, 0x71, 0xb5,
+    0x2c, 0xbf, 0x66, 0xe2, 0x03, 0x9a, 0x32, 0xf4, 0xd2, 0xec, 0x2a, 0x89,
+    0x4b, 0xf9, 0x35, 0x88, 0x14, 0x33, 0x47, 0x4e, 0x2e, 0x05, 0x79, 0x01,
+    0xed, 0x64, 0x36, 0x76, 0xb9, 0xf8, 0x85, 0xcd, 0x01, 0x88, 0xac, 0xc5,
+    0xb2, 0xb1, 0x59, 0xb8, 0xcd, 0x5a, 0xf4, 0x09, 0x09, 0x38, 0x9b, 0xda,
+    0x5a, 0xcf, 0xce, 0x78, 0x99, 0x1f, 0x49, 0x3d, 0x41, 0xd6, 0x06, 0x7c,
+    0x52, 0x99, 0xc8, 0x97, 0xd1, 0xb3, 0x80, 0x3a, 0xa2, 0x4f, 0x36, 0xc4,
+    0xc5, 0x96, 0x30, 0x77, 0x31, 0x38, 0xc8, 0x70, 0xcc, 0xe1, 0x67, 0x06,
+    0xb3, 0x2b, 0x2f, 0x93, 0xb5, 0x69, 0xcf, 0x83, 0x7e, 0x88, 0x53, 0x9b,
+    0x0f, 0x46, 0x21, 0x4c, 0xd6, 0x05, 0x36, 0x44, 0x99, 0x60, 0x68, 0x47,
+    0xe5, 0x32, 0x01, 0x12, 0xd4, 0x10, 0x73, 0xae, 0x9a, 0x34, 0x94, 0xfa,
+    0x6e, 0xb8, 0x58, 0x4f, 0x7b, 0x5b, 0x8a, 0x92, 0x97, 0xad, 0xfd, 0x97,
+    0xb9, 0x75, 0xca, 0xc2, 0xd4, 0x45, 0x7d, 0x17, 0x6b, 0xcd, 0x2f, 0xf3,
+    0x63, 0x7a, 0x0e, 0x30, 0xb5, 0x0b, 0xa9, 0xd9, 0xa6, 0x7c, 0x74, 0x60,
+    0x9d, 0xcc, 0x09, 0x03, 0x43, 0xf1, 0x0f, 0x90, 0xd3, 0xb7, 0xfe, 0x6c,
+    0x9f, 0xd9, 0xcd, 0x78, 0x4b, 0x15, 0xae, 0x8c, 0x5b, 0xf9, 0x99, 0x81,
+    0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x39, 0x30, 0x82, 0x01,
+    0x35, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
+    0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
+    0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5,
+    0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x30, 0x81,
+    0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9,
+    0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5,
+    0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81,
+    0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06,
+    0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
+    0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69,
+    0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+    0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31,
+    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f,
+    0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
+    0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72,
+    0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f,
+    0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
+    0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
+    0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f,
+    0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06,
+    0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22,
+    0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16,
+    0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x31, 0x32, 0x37, 0x2e, 0x30,
+    0x2e, 0x30, 0x2e, 0x31, 0x3a, 0x32, 0x32, 0x32, 0x32, 0x30, 0x30, 0x0d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
+    0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x76, 0xe8, 0xfa, 0xf6, 0x1e, 0x5b,
+    0x0e, 0xff, 0x24, 0x43, 0xe0, 0xcb, 0x19, 0x26, 0x38, 0xd9, 0xdf, 0x18,
+    0x5d, 0x66, 0xe1, 0x4b, 0xac, 0xe4, 0x8e, 0xb0, 0x49, 0x2c, 0xd6, 0x04,
+    0x20, 0xeb, 0x4a, 0xa8, 0x06, 0xd7, 0x55, 0xec, 0x6b, 0x38, 0xf8, 0x0f,
+    0x8c, 0xe6, 0xc9, 0xec, 0x42, 0xf0, 0xca, 0x07, 0x9f, 0x88, 0x7a, 0xee,
+    0xbf, 0xaf, 0x3f, 0x7d, 0xd3, 0x45, 0x67, 0x20, 0x84, 0xbb, 0xc7, 0xc5,
+    0x32, 0x69, 0xab, 0x59, 0xe1, 0xe3, 0x38, 0x4b, 0xed, 0x18, 0x2e, 0xde,
+    0xda, 0x88, 0xec, 0xa0, 0xb7, 0xff, 0xc1, 0x50, 0x96, 0x73, 0xe3, 0x03,
+    0xdf, 0xa1, 0xe7, 0x47, 0x93, 0x13, 0x1d, 0xfb, 0xe6, 0x6b, 0x37, 0x3e,
+    0x50, 0xa3, 0xeb, 0x5b, 0x24, 0x26, 0xd2, 0x43, 0x2e, 0x6e, 0x9c, 0x83,
+    0x9c, 0xfb, 0x79, 0xba, 0xcd, 0xfd, 0x3b, 0xe5, 0x87, 0x87, 0xa7, 0x0f,
+    0x5f, 0xf9, 0x64, 0x34, 0x56, 0x5e, 0x8b, 0x13, 0xe2, 0xc4, 0x41, 0xe3,
+    0x9d, 0x3e, 0x36, 0x2d, 0xcb, 0xd3, 0x5f, 0xd3, 0x12, 0x90, 0xbf, 0x78,
+    0xc1, 0x4c, 0xdf, 0xeb, 0x7b, 0x99, 0xe6, 0x1e, 0xee, 0x52, 0x78, 0x6f,
+    0x0c, 0x82, 0xe1, 0x59, 0xd4, 0x25, 0x40, 0xe5, 0x24, 0x95, 0x3e, 0x0f,
+    0xcc, 0x08, 0x60, 0xfe, 0xb4, 0x8c, 0x48, 0x42, 0xbf, 0x29, 0x74, 0x92,
+    0x71, 0x1a, 0x85, 0x00, 0xa7, 0x4c, 0xf0, 0xc0, 0x32, 0x47, 0xf3, 0xbe,
+    0xf4, 0x08, 0x5c, 0xf2, 0x43, 0xe0, 0xb9, 0x76, 0x86, 0x60, 0x9a, 0x3b,
+    0xaf, 0xd6, 0x32, 0x41, 0x5f, 0xb0, 0x04, 0x12, 0x44, 0x2a, 0x44, 0x19,
+    0xd4, 0x27, 0xd3, 0xce, 0x71, 0x7e, 0x5b, 0x16, 0x1a, 0xf5, 0x0c, 0xdb,
+    0x43, 0xb0, 0xa6, 0xbb, 0x76, 0x02, 0xf6, 0xe0, 0x30, 0x4e, 0x04, 0xf4,
+    0xf3, 0x9b, 0xcd, 0xd4, 0xae, 0x45, 0x94, 0xc5, 0x8c, 0xbb,
+};
+
+unsigned char ca_cert_pem[] = {
+    0x30, 0x82, 0x04, 0xff, 0x30, 0x82, 0x03, 0xe7, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x14, 0x6b, 0x9b, 0x70, 0xc6, 0xf1, 0xa3, 0x94, 0x65, 0x19,
+    0xa1, 0x08, 0x58, 0xef, 0xa7, 0x8d, 0x2b, 0x7a, 0x83, 0xc1, 0xda, 0x30,
+    0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+    0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+    0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
+    0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61,
+    0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42,
+    0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03,
+    0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74,
+    0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0a,
+    0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18,
+    0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77,
+    0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+    0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+    0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f,
+    0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17,
+    0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x32,
+    0x39, 0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31,
+    0x32, 0x35, 0x32, 0x39, 0x5a, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09,
+    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
+    0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74,
+    0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
+    0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30,
+    0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74,
+    0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
+    0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e,
+    0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
+    0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
+    0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+    0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
+    0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+    0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
+    0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0x0c, 0xca,
+    0x2d, 0x14, 0xb2, 0x1e, 0x84, 0x42, 0x5b, 0xcd, 0x38, 0x1f, 0x4a, 0xf2,
+    0x4d, 0x75, 0x10, 0xf1, 0xb6, 0x35, 0x9f, 0xdf, 0xca, 0x7d, 0x03, 0x98,
+    0xd3, 0xac, 0xde, 0x03, 0x66, 0xee, 0x2a, 0xf1, 0xd8, 0xb0, 0x7d, 0x6e,
+    0x07, 0x54, 0x0b, 0x10, 0x98, 0x21, 0x4d, 0x80, 0xcb, 0x12, 0x20, 0xe7,
+    0xcc, 0x4f, 0xde, 0x45, 0x7d, 0xc9, 0x72, 0x77, 0x32, 0xea, 0xca, 0x90,
+    0xbb, 0x69, 0x52, 0x10, 0x03, 0x2f, 0xa8, 0xf3, 0x95, 0xc5, 0xf1, 0x8b,
+    0x62, 0x56, 0x1b, 0xef, 0x67, 0x6f, 0xa4, 0x10, 0x41, 0x95, 0xad, 0x0a,
+    0x9b, 0xe3, 0xa5, 0xc0, 0xb0, 0xd2, 0x70, 0x76, 0x50, 0x30, 0x5b, 0xa8,
+    0xe8, 0x08, 0x2c, 0x7c, 0xed, 0xa7, 0xa2, 0x7a, 0x8d, 0x38, 0x29, 0x1c,
+    0xac, 0xc7, 0xed, 0xf2, 0x7c, 0x95, 0xb0, 0x95, 0x82, 0x7d, 0x49, 0x5c,
+    0x38, 0xcd, 0x77, 0x25, 0xef, 0xbd, 0x80, 0x75, 0x53, 0x94, 0x3c, 0x3d,
+    0xca, 0x63, 0x5b, 0x9f, 0x15, 0xb5, 0xd3, 0x1d, 0x13, 0x2f, 0x19, 0xd1,
+    0x3c, 0xdb, 0x76, 0x3a, 0xcc, 0xb8, 0x7d, 0xc9, 0xe5, 0xc2, 0xd7, 0xda,
+    0x40, 0x6f, 0xd8, 0x21, 0xdc, 0x73, 0x1b, 0x42, 0x2d, 0x53, 0x9c, 0xfe,
+    0x1a, 0xfc, 0x7d, 0xab, 0x7a, 0x36, 0x3f, 0x98, 0xde, 0x84, 0x7c, 0x05,
+    0x67, 0xce, 0x6a, 0x14, 0x38, 0x87, 0xa9, 0xf1, 0x8c, 0xb5, 0x68, 0xcb,
+    0x68, 0x7f, 0x71, 0x20, 0x2b, 0xf5, 0xa0, 0x63, 0xf5, 0x56, 0x2f, 0xa3,
+    0x26, 0xd2, 0xb7, 0x6f, 0xb1, 0x5a, 0x17, 0xd7, 0x38, 0x99, 0x08, 0xfe,
+    0x93, 0x58, 0x6f, 0xfe, 0xc3, 0x13, 0x49, 0x08, 0x16, 0x0b, 0xa7, 0x4d,
+    0x67, 0x00, 0x52, 0x31, 0x67, 0x23, 0x4e, 0x98, 0xed, 0x51, 0x45, 0x1d,
+    0xb9, 0x04, 0xd9, 0x0b, 0xec, 0xd8, 0x28, 0xb3, 0x4b, 0xbd, 0xed, 0x36,
+    0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x45, 0x30, 0x82,
+    0x01, 0x41, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
+    0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33,
+    0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, 0xe5, 0xe8, 0xd5, 0x30, 0x81, 0xd4,
+    0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, 0x80,
+    0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33,
+    0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, 0x9a,
+    0xa4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
+    0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06,
+    0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e,
+    0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
+    0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06,
+    0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f,
+    0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+    0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31,
+    0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
+    0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
+    0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
+    0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x14,
+    0x6b, 0x9b, 0x70, 0xc6, 0xf1, 0xa3, 0x94, 0x65, 0x19, 0xa1, 0x08, 0x58,
+    0xef, 0xa7, 0x8d, 0x2b, 0x7a, 0x83, 0xc1, 0xda, 0x30, 0x0c, 0x06, 0x03,
+    0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1c,
+    0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65,
+    0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04,
+    0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04,
+    0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
+    0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30,
+    0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+    0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x77, 0x3b, 0x3d, 0x66, 0x74,
+    0xbc, 0x97, 0xfe, 0x40, 0x16, 0xe6, 0xba, 0xa5, 0xd5, 0xd1, 0x84, 0x08,
+    0x89, 0x69, 0x4f, 0x88, 0x0d, 0x57, 0xa9, 0xef, 0x8c, 0xc3, 0x97, 0x52,
+    0xc8, 0xbd, 0x8b, 0xa2, 0x49, 0x3b, 0xb7, 0xf7, 0x5d, 0x1e, 0xd6, 0x14,
+    0x7f, 0xb2, 0x80, 0x33, 0xda, 0xa0, 0x8a, 0xd3, 0xe1, 0x2f, 0xd5, 0xbc,
+    0x33, 0x9f, 0xea, 0x5a, 0x72, 0x24, 0xe5, 0xf8, 0xb8, 0x4b, 0xb3, 0xdf,
+    0x62, 0x90, 0x3b, 0xa8, 0x21, 0xef, 0x27, 0x42, 0x75, 0xbc, 0x60, 0x02,
+    0x8e, 0x37, 0x35, 0x99, 0xeb, 0xa3, 0x28, 0xf2, 0x65, 0x4c, 0xff, 0x7a,
+    0xf8, 0x8e, 0xcc, 0x23, 0x6d, 0xe5, 0x6a, 0xfe, 0x22, 0x5a, 0xd9, 0xb2,
+    0x4f, 0x47, 0xc7, 0xe0, 0xae, 0x98, 0xef, 0x94, 0xac, 0xb6, 0x4f, 0x61,
+    0x81, 0x29, 0x8e, 0xe1, 0x79, 0x2c, 0x46, 0xfc, 0xe9, 0x1a, 0xc3, 0x96,
+    0x1f, 0x19, 0x93, 0x64, 0x2e, 0x9f, 0x37, 0x72, 0xc5, 0xe4, 0x93, 0x4e,
+    0x61, 0x5f, 0x38, 0x8e, 0xae, 0xe8, 0x39, 0x19, 0xe6, 0x97, 0xa8, 0x91,
+    0xd4, 0x23, 0x7e, 0x1e, 0xd2, 0xd0, 0x53, 0xec, 0xcc, 0xac, 0xa0, 0x1d,
+    0xd0, 0xb7, 0xdd, 0xb1, 0xb7, 0x01, 0x2e, 0x96, 0xcd, 0x85, 0x27, 0xe0,
+    0xe7, 0x47, 0xe2, 0xc1, 0xc1, 0x00, 0xf6, 0x94, 0xdf, 0x77, 0xe7, 0xfa,
+    0xc6, 0xef, 0x8a, 0xc0, 0x7c, 0x67, 0xbc, 0xff, 0xa0, 0x7c, 0x94, 0x3b,
+    0x7d, 0x86, 0x42, 0xaf, 0x3d, 0x83, 0x31, 0xee, 0x2a, 0x3b, 0x7b, 0xf0,
+    0x2c, 0x9e, 0x6f, 0xe9, 0xc4, 0x07, 0x81, 0x24, 0xda, 0x05, 0x70, 0x4d,
+    0xdd, 0x09, 0xae, 0x9e, 0x72, 0xb8, 0x21, 0x0e, 0x8c, 0xb2, 0xab, 0xaa,
+    0x4c, 0x49, 0x10, 0xf7, 0x76, 0xf9, 0xb5, 0x0d, 0x6c, 0x20, 0xd3, 0xdf,
+    0x7a, 0x06, 0x32, 0x8d, 0x29, 0x1f, 0x28, 0x1d, 0x8d, 0x26, 0x33,
+};
+
+unsigned char server_cert_pem[] = {
+    0x30, 0x82, 0x04, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b,
+    0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f,
+    0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
+    0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31,
+    0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61,
+    0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+    0x55, 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74,
+    0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
+    0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
+    0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
+    0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38,
+    0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30,
+    0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5a, 0x30, 0x81,
+    0x90, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+    0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
+    0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d,
+    0x61, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+    0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x53, 0x75, 0x70, 0x70, 0x6f,
+    0x72, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+    0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c,
+    0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86,
+    0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66,
+    0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
+    0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+    0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
+    0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc0, 0x95,
+    0x08, 0xe1, 0x57, 0x41, 0xf2, 0x71, 0x6d, 0xb7, 0xd2, 0x45, 0x41, 0x27,
+    0x01, 0x65, 0xc6, 0x45, 0xae, 0xf2, 0xbc, 0x24, 0x30, 0xb8, 0x95, 0xce,
+    0x2f, 0x4e, 0xd6, 0xf6, 0x1c, 0x88, 0xbc, 0x7c, 0x9f, 0xfb, 0xa8, 0x67,
+    0x7f, 0xfe, 0x5c, 0x9c, 0x51, 0x75, 0xf7, 0x8a, 0xca, 0x07, 0xe7, 0x35,
+    0x2f, 0x8f, 0xe1, 0xbd, 0x7b, 0xc0, 0x2f, 0x7c, 0xab, 0x64, 0xa8, 0x17,
+    0xfc, 0xca, 0x5d, 0x7b, 0xba, 0xe0, 0x21, 0xe5, 0x72, 0x2e, 0x6f, 0x2e,
+    0x86, 0xd8, 0x95, 0x73, 0xda, 0xac, 0x1b, 0x53, 0xb9, 0x5f, 0x3f, 0xd7,
+    0x19, 0x0d, 0x25, 0x4f, 0xe1, 0x63, 0x63, 0x51, 0x8b, 0x0b, 0x64, 0x3f,
+    0xad, 0x43, 0xb8, 0xa5, 0x1c, 0x5c, 0x34, 0xb3, 0xae, 0x00, 0xa0, 0x63,
+    0xc5, 0xf6, 0x7f, 0x0b, 0x59, 0x68, 0x78, 0x73, 0xa6, 0x8c, 0x18, 0xa9,
+    0x02, 0x6d, 0xaf, 0xc3, 0x19, 0x01, 0x2e, 0xb8, 0x10, 0xe3, 0xc6, 0xcc,
+    0x40, 0xb4, 0x69, 0xa3, 0x46, 0x33, 0x69, 0x87, 0x6e, 0xc4, 0xbb, 0x17,
+    0xa6, 0xf3, 0xe8, 0xdd, 0xad, 0x73, 0xbc, 0x7b, 0x2f, 0x21, 0xb5, 0xfd,
+    0x66, 0x51, 0x0c, 0xbd, 0x54, 0xb3, 0xe1, 0x6d, 0x5f, 0x1c, 0xbc, 0x23,
+    0x73, 0xd1, 0x09, 0x03, 0x89, 0x14, 0xd2, 0x10, 0xb9, 0x64, 0xc3, 0x2a,
+    0xd0, 0xa1, 0x96, 0x4a, 0xbc, 0xe1, 0xd4, 0x1a, 0x5b, 0xc7, 0xa0, 0xc0,
+    0xc1, 0x63, 0x78, 0x0f, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23,
+    0x95, 0xa1, 0x77, 0xba, 0x13, 0xd2, 0x97, 0x73, 0xe2, 0x5d, 0x25, 0xc9,
+    0x6a, 0x0d, 0xc3, 0x39, 0x60, 0xa4, 0xb4, 0xb0, 0x69, 0x42, 0x42, 0x09,
+    0xe9, 0xd8, 0x08, 0xbc, 0x33, 0x20, 0xb3, 0x58, 0x22, 0xa7, 0xaa, 0xeb,
+    0xc4, 0xe1, 0xe6, 0x61, 0x83, 0xc5, 0xd2, 0x96, 0xdf, 0xd9, 0xd0, 0x4f,
+    0xad, 0xd7, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x45, 0x30,
+    0x82, 0x01, 0x41, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
+    0x04, 0x14, 0xb3, 0x11, 0x32, 0xc9, 0x92, 0x98, 0x84, 0xe2, 0xc9, 0xf8,
+    0xd0, 0x3b, 0x6e, 0x03, 0x42, 0xca, 0x1f, 0x0e, 0x8e, 0x3c, 0x30, 0x81,
+    0xd4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9,
+    0x80, 0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, 0x3f, 0xed,
+    0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81,
+    0x9a, 0xa4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06,
+    0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61,
+    0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
+    0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f,
+    0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f,
+    0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b,
+    0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67,
+    0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
+    0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
+    0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
+    0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82,
+    0x14, 0x6b, 0x9b, 0x70, 0xc6, 0xf1, 0xa3, 0x94, 0x65, 0x19, 0xa1, 0x08,
+    0x58, 0xef, 0xa7, 0x8d, 0x2b, 0x7a, 0x83, 0xc1, 0xda, 0x30, 0x0c, 0x06,
+    0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
+    0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b,
+    0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87,
+    0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25,
+    0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
+    0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
+    0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+    0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8a, 0xf1, 0x4e, 0xe8,
+    0x9f, 0x59, 0xb2, 0xd9, 0x13, 0xac, 0xfc, 0x42, 0xc4, 0x81, 0x34, 0x9f,
+    0x6b, 0x39, 0x57, 0x9c, 0xe9, 0x92, 0x5d, 0x41, 0xac, 0x05, 0x35, 0xb1,
+    0x26, 0x93, 0x4d, 0x4a, 0xda, 0xf8, 0x51, 0x82, 0xd2, 0x8d, 0x7f, 0xd3,
+    0x5c, 0x6e, 0x29, 0x80, 0x8d, 0x9b, 0x02, 0x10, 0x2b, 0x64, 0xf5, 0xd1,
+    0x31, 0x06, 0xfa, 0x85, 0x2b, 0x8f, 0x63, 0x32, 0x14, 0x76, 0x7a, 0x39,
+    0x15, 0xf3, 0x4e, 0xdd, 0xfd, 0xe2, 0x2c, 0x90, 0x15, 0xd1, 0x6f, 0x73,
+    0x87, 0xee, 0xe6, 0xc8, 0xeb, 0xad, 0x40, 0xd5, 0xe8, 0x94, 0x1f, 0xa6,
+    0x7e, 0x26, 0x5b, 0x87, 0xba, 0x0f, 0x06, 0x5a, 0x4d, 0x55, 0x7a, 0xaa,
+    0xc4, 0x09, 0x34, 0x8b, 0xf7, 0xe5, 0xcc, 0xd6, 0xb7, 0x6c, 0x46, 0x6d,
+    0xa1, 0xe6, 0x66, 0x66, 0x4c, 0x4b, 0xe5, 0x12, 0x31, 0x37, 0x54, 0x49,
+    0x64, 0xa5, 0x66, 0xeb, 0xe0, 0xc6, 0xa1, 0x49, 0xf8, 0x4d, 0xc3, 0xd3,
+    0x55, 0xa4, 0x05, 0xd2, 0xac, 0xfb, 0xe1, 0xc8, 0x69, 0x30, 0x4b, 0x98,
+    0xfd, 0x72, 0x1a, 0xab, 0x9f, 0x86, 0xeb, 0x0d, 0xbd, 0x7c, 0xa6, 0x3d,
+    0x81, 0xd9, 0x01, 0xa7, 0x8a, 0x79, 0xab, 0x3c, 0xce, 0xe5, 0xb6, 0xc3,
+    0x1b, 0xef, 0x7d, 0x5e, 0x37, 0x7b, 0x37, 0x7c, 0x91, 0x89, 0x59, 0x11,
+    0x21, 0x11, 0x7c, 0x05, 0x80, 0xe1, 0xa8, 0xd6, 0xf9, 0x35, 0xda, 0x1b,
+    0x86, 0x06, 0x5a, 0x32, 0x67, 0x6c, 0xa9, 0x2b, 0xe0, 0x31, 0x7b, 0x89,
+    0x53, 0x37, 0x42, 0xaf, 0x34, 0xa4, 0x53, 0xd2, 0x7c, 0x91, 0x50, 0x63,
+    0x3a, 0x8e, 0x4a, 0x1f, 0xa3, 0x90, 0x4e, 0x7c, 0x41, 0x59, 0x1d, 0xeb,
+    0x7b, 0xa2, 0x14, 0x87, 0xba, 0x76, 0x36, 0xa4, 0x77, 0x46, 0x34, 0xf2,
+    0x55, 0x50, 0xf0, 0x24, 0x9f, 0x83, 0x83, 0xda, 0xa6, 0xaa, 0x3c, 0xc8,
+};
+
+unsigned char intermediate1_ca_cert_pem[] = {
+    0x30, 0x82, 0x04, 0xf0, 0x30, 0x82, 0x03, 0xd8, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b,
+    0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+    0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61,
+    0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74,
+    0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+    0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12,
+    0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e,
+    0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+    0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c,
+    0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16,
+    0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
+    0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31,
+    0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x17, 0x0d,
+    0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31,
+    0x5a, 0x30, 0x81, 0xa1, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+    0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+    0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74,
+    0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
+    0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53,
+    0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+    0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67,
+    0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x77,
+    0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72,
+    0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x20, 0x31,
+    0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+    0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f,
+    0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01,
+    0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+    0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01,
+    0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xde, 0xb4, 0xc8, 0x5c, 0x77, 0xe0,
+    0x2d, 0xb1, 0xf5, 0xb9, 0xad, 0x16, 0x47, 0x35, 0xa0, 0x35, 0x65, 0x65,
+    0xc6, 0xe1, 0x40, 0xab, 0x1e, 0xb4, 0xb9, 0x13, 0xb7, 0xcb, 0x8c, 0xbb,
+    0x77, 0xa5, 0x76, 0xda, 0x6d, 0x87, 0x87, 0xf6, 0x4a, 0x4d, 0x13, 0xe4,
+    0x26, 0x3e, 0x27, 0x87, 0xee, 0x5b, 0xc7, 0x6a, 0x3f, 0x45, 0x30, 0x61,
+    0x55, 0x5c, 0xf6, 0x35, 0xd1, 0x65, 0xfa, 0x98, 0x11, 0xa3, 0xa7, 0x55,
+    0xd5, 0xbe, 0x91, 0x82, 0x4b, 0xfc, 0xbe, 0x90, 0xd6, 0x50, 0x53, 0x63,
+    0x9a, 0x2c, 0x22, 0xe1, 0x35, 0x11, 0xdc, 0x78, 0x02, 0x97, 0x8a, 0xe4,
+    0x46, 0x92, 0x9c, 0x53, 0x08, 0x76, 0xde, 0x1f, 0x53, 0xb6, 0xb8, 0xca,
+    0x77, 0x3e, 0x79, 0x6e, 0xbc, 0xd0, 0xe3, 0x0d, 0x30, 0x5b, 0x4c, 0xf6,
+    0x94, 0x0d, 0x30, 0x29, 0x64, 0x9f, 0x04, 0xe5, 0xdb, 0xfb, 0x89, 0x60,
+    0x67, 0xbb, 0xaf, 0x26, 0x83, 0x51, 0x77, 0x24, 0x2f, 0x2b, 0x0b, 0xa1,
+    0x94, 0x81, 0x10, 0x98, 0xe8, 0xeb, 0x26, 0xa8, 0x1e, 0x7c, 0xe4, 0xc4,
+    0x6c, 0x67, 0x06, 0x95, 0x55, 0x4a, 0xdd, 0x52, 0xf4, 0xf2, 0x60, 0x6d,
+    0x01, 0x2b, 0x19, 0x91, 0x35, 0x6d, 0xa4, 0x08, 0x47, 0x06, 0x71, 0x24,
+    0x00, 0xd9, 0xde, 0xc6, 0x56, 0xf3, 0x8b, 0x53, 0x2c, 0xe2, 0x9a, 0x96,
+    0xa5, 0xf3, 0x62, 0xe5, 0xc4, 0xe3, 0x23, 0xf2, 0xd2, 0xfc, 0x21, 0xea,
+    0x0f, 0x62, 0x76, 0x8d, 0xd5, 0x99, 0x48, 0xce, 0xdc, 0x58, 0xc4, 0xbb,
+    0x7f, 0xda, 0x94, 0x2c, 0x80, 0x74, 0x83, 0xc5, 0xe0, 0xb0, 0x15, 0x7e,
+    0x41, 0xfd, 0x0e, 0xf2, 0xf4, 0xf0, 0x78, 0x76, 0x7b, 0xad, 0x26, 0x0d,
+    0xaa, 0x48, 0x96, 0x17, 0x2f, 0x21, 0xe3, 0x95, 0x2b, 0x26, 0x37, 0xf9,
+    0xaa, 0x80, 0x2f, 0xfe, 0xde, 0xf6, 0x5e, 0xbc, 0x97, 0x7f, 0x02, 0x03,
+    0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x39, 0x30, 0x82, 0x01, 0x35, 0x30,
+    0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
+    0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
+    0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2,
+    0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e, 0x30, 0x81, 0xc4, 0x06,
+    0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14,
+    0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7,
+    0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4,
+    0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+    0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+    0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
+    0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
+    0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30,
+    0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66,
+    0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
+    0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
+    0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
+    0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74,
+    0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+    0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
+    0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
+    0x82, 0x01, 0x63, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04,
+    0x03, 0x02, 0x01, 0x06, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
+    0x05, 0x07, 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x08,
+    0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74,
+    0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30,
+    0x2e, 0x31, 0x3a, 0x32, 0x32, 0x32, 0x32, 0x30, 0x30, 0x0d, 0x06, 0x09,
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
+    0x82, 0x01, 0x01, 0x00, 0x75, 0x57, 0xf1, 0x0c, 0x87, 0x8f, 0xa2, 0x70,
+    0x3c, 0xce, 0xe4, 0x70, 0x0e, 0x99, 0x6a, 0xda, 0xc4, 0x80, 0x94, 0x2c,
+    0x25, 0x0c, 0xde, 0x0d, 0x7b, 0xf3, 0x94, 0xf1, 0xe8, 0xad, 0x6f, 0xd0,
+    0xde, 0x9a, 0x9d, 0xf5, 0x64, 0x31, 0x65, 0x3f, 0x18, 0xe6, 0xc3, 0xf5,
+    0xb5, 0x1d, 0xa2, 0xbe, 0x5b, 0x97, 0x79, 0x41, 0x78, 0x15, 0x1c, 0xb3,
+    0x83, 0xde, 0xd0, 0x00, 0xea, 0xd2, 0x70, 0x43, 0xc5, 0x60, 0x60, 0x07,
+    0x72, 0xe5, 0x76, 0x59, 0xb8, 0x0e, 0x2f, 0x47, 0xc9, 0x8d, 0xa4, 0x4c,
+    0xf1, 0x20, 0xb0, 0x40, 0x3b, 0xed, 0xe9, 0xde, 0xb2, 0x46, 0x10, 0x90,
+    0x1b, 0x0f, 0x96, 0x16, 0xe6, 0x97, 0xbc, 0xd5, 0x9a, 0x93, 0xaa, 0x3c,
+    0xe3, 0xb3, 0x6b, 0x5f, 0xdb, 0x2c, 0xaf, 0x2b, 0xda, 0x7c, 0x36, 0x36,
+    0xaa, 0x86, 0xa1, 0x65, 0x70, 0xc8, 0xf1, 0x34, 0xd1, 0x1f, 0x10, 0x96,
+    0x71, 0xe6, 0xcf, 0x69, 0x5c, 0xbf, 0x0e, 0x15, 0x33, 0x97, 0xfe, 0x40,
+    0x42, 0xbe, 0x30, 0x48, 0xad, 0xfb, 0xd7, 0x0e, 0x7b, 0x73, 0xdd, 0x64,
+    0x30, 0x7e, 0x10, 0x81, 0xac, 0x3b, 0x0b, 0x3c, 0xe4, 0x12, 0x9f, 0x31,
+    0x8b, 0x3d, 0xf0, 0x9b, 0x84, 0xdc, 0x5b, 0x32, 0x33, 0x39, 0xde, 0xeb,
+    0x1a, 0x17, 0x89, 0xd8, 0x1b, 0x00, 0x33, 0x2d, 0x50, 0xa4, 0x1a, 0x2c,
+    0x11, 0xa2, 0x60, 0xac, 0xc1, 0x9a, 0x0f, 0x44, 0x90, 0x00, 0xcf, 0x8d,
+    0x6c, 0xaf, 0x5b, 0x71, 0x23, 0x7a, 0xa7, 0x4f, 0xdf, 0xf5, 0x3f, 0x5c,
+    0xae, 0x93, 0xca, 0x4e, 0xec, 0xf0, 0x1b, 0xf4, 0xfa, 0x53, 0x7d, 0xd9,
+    0x36, 0xaf, 0x5e, 0x4c, 0x54, 0xc7, 0x3a, 0xd5, 0xe3, 0x68, 0xca, 0x78,
+    0xe5, 0x1f, 0x55, 0x44, 0x65, 0xeb, 0x00, 0x2d, 0xc3, 0xc8, 0xba, 0x0e,
+    0x1f, 0x47, 0x1c, 0x67, 0x2e, 0xa9, 0xc1, 0x6e,
+};
+
+unsigned char resp_bad[] = {
+    0x30, 0x82, 0x01, 0xa9, 0xa0, 0x82, 0x01, 0xa5, 0x30, 0x82, 0x01, 0xa1,
+    0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04,
+    0x82, 0x01, 0x92, 0x30, 0x82, 0x01, 0x8e, 0x30, 0x7a, 0xa2, 0x16, 0x04,
+    0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c,
+    0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x18, 0x0f, 0x32,
+    0x30, 0x32, 0x35, 0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30,
+    0x39, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05,
+    0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc,
+    0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37,
+    0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb,
+    0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15,
+    0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35,
+    0x30, 0x32, 0x30, 0x35, 0x31, 0x36, 0x34, 0x34, 0x30, 0x39, 0x5a, 0x30,
+    0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+    0x03, 0x82, 0x01, 0x01, 0x00, 0x18, 0x8b, 0xc4, 0x9c, 0x4e, 0x93, 0x4c,
+    0x91, 0x99, 0x32, 0x43, 0x3d, 0x03, 0xa0, 0x18, 0x7c, 0x20, 0x03, 0x2d,
+    0x29, 0x4a, 0xf8, 0x48, 0x43, 0xe5, 0x86, 0x27, 0x3f, 0x35, 0x99, 0x0e,
+    0x7f, 0xed, 0x7c, 0x1a, 0xd6, 0xfe, 0x2d, 0xed, 0xf8, 0x42, 0xda, 0xf3,
+    0xc0, 0x28, 0x8c, 0x7a, 0xf7, 0x4a, 0xbc, 0x9d, 0x54, 0xf0, 0x27, 0x89,
+    0xf3, 0xb9, 0x08, 0x9a, 0x8c, 0xf9, 0x4b, 0x75, 0x47, 0x39, 0x68, 0x64,
+    0xea, 0x2b, 0x16, 0x8d, 0xe6, 0x30, 0x4e, 0xb8, 0x97, 0xcd, 0x2d, 0x87,
+    0xc2, 0x5a, 0xb7, 0x10, 0xfa, 0xb9, 0x94, 0xad, 0xfe, 0xe4, 0x4e, 0xeb,
+    0x40, 0xe6, 0x56, 0xa0, 0x79, 0x88, 0x84, 0x51, 0x38, 0x79, 0xc6, 0x00,
+    0xc8, 0x94, 0xc8, 0x06, 0x45, 0x0d, 0x16, 0x51, 0xa1, 0xa0, 0xb5, 0xee,
+    0xa0, 0x91, 0xee, 0x35, 0x4a, 0xec, 0x60, 0xfb, 0x5a, 0x38, 0x40, 0x72,
+    0xf9, 0xc8, 0x54, 0x26, 0x58, 0xed, 0x6a, 0x7e, 0x4e, 0xca, 0xd8, 0xae,
+    0xb5, 0xf0, 0xe8, 0xed, 0x3a, 0xff, 0x51, 0xf9, 0x6e, 0x3d, 0x09, 0x4a,
+    0xb2, 0x68, 0x48, 0x33, 0xc0, 0xe8, 0x48, 0x77, 0xc9, 0xe3, 0x06, 0x0c,
+    0xc8, 0x92, 0x70, 0x54, 0x70, 0x33, 0x1b, 0x7c, 0xb8, 0x50, 0x67, 0xa7,
+    0xb4, 0x2d, 0x98, 0x77, 0x0e, 0x90, 0x0a, 0x55, 0xb7, 0xde, 0x06, 0x2a,
+    0x14, 0x51, 0x9d, 0xb1, 0x79, 0x2e, 0x8e, 0x3d, 0xef, 0x4c, 0x9b, 0x86,
+    0x22, 0x95, 0x2b, 0x1e, 0xa4, 0xf4, 0x09, 0x4c, 0xca, 0xe9, 0x5e, 0x0c,
+    0x87, 0x2c, 0x74, 0x1d, 0x78, 0x50, 0xa6, 0x9e, 0x36, 0x3b, 0xeb, 0x4e,
+    0x24, 0x00, 0xa2, 0x25, 0x2a, 0x63, 0xd8, 0x2e, 0xfe, 0xd2, 0xf1, 0x3b,
+    0x9d, 0x36, 0x80, 0x00, 0x67, 0xe4, 0x1d, 0xf9, 0x83, 0xd1, 0x65, 0x73,
+    0x3e, 0xe1, 0xbc, 0x16, 0x54, 0xa8, 0x0d, 0x21, 0xc0,
+};
+
+#endif /* OCSP_TEST_BLOBS_H */
diff --git a/tests/api/test_poly1305.c b/tests/api/test_poly1305.c
new file mode 100644
index 000000000..60e7542ec
--- /dev/null
+++ b/tests/api/test_poly1305.c
@@ -0,0 +1,65 @@
+/* test_poly1305.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/poly1305.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_poly1305.h>
+
+/*
+ * unit test for wc_Poly1305SetKey()
+ */
+int test_wc_Poly1305SetKey(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_POLY1305
+    Poly1305    ctx;
+    const byte  key[] =
+    {
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
+    };
+    word32 keySz = (word32)(sizeof(key)/sizeof(byte));
+
+    ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, keySz), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Poly1305SetKey(NULL, key,keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Poly1305SetKey(&ctx, NULL, keySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, 18),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Poly1305_SetKey() */
+
diff --git a/tests/api/test_poly1305.h b/tests/api/test_poly1305.h
new file mode 100644
index 000000000..15225ee87
--- /dev/null
+++ b/tests/api/test_poly1305.h
@@ -0,0 +1,32 @@
+/* test_poly1305.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_POLY1305_H
+#define WOLFCRYPT_TEST_POLY1305_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_Poly1305SetKey(void);
+
+#define TEST_POLY1305_DECLS                             \
+    TEST_DECL_GROUP("poly1305", test_wc_Poly1305SetKey)
+
+#endif /* WOLFCRYPT_TEST_POLY1305_H */
diff --git a/tests/api/test_random.c b/tests/api/test_random.c
new file mode 100644
index 000000000..272ddba33
--- /dev/null
+++ b/tests/api/test_random.c
@@ -0,0 +1,527 @@
+/* test_random.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_random.h>
+
+
+int test_wc_InitRng(void)
+{
+    EXPECT_DECLS;
+#ifndef WC_NO_RNG
+    WC_RNG rng[1];
+
+    (void)rng;
+
+    /* Bad parameter. */
+    ExpectIntEQ(wc_InitRng(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitRng_ex(NULL, HEAP_HINT, INVALID_DEVID),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_FreeRng(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#ifdef HAVE_HASHDRBG
+    /* Good parameter. */
+    ExpectIntEQ(wc_InitRng(rng), 0);
+    ExpectIntEQ(wc_FreeRng(rng), 0);
+    ExpectIntEQ(wc_InitRng_ex(rng, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_FreeRng(rng), 0);
+#endif
+#elif !defined(HAVE_FIPS) || \
+      (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+    WC_RNG rng[1];
+
+    (void)rng;
+
+    ExpectIntEQ(wc_InitRng(NULL), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+    ExpectIntEQ(wc_InitRng_ex(NULL, HEAP_HINT, INVALID_DEVID),
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+    ExpectIntEQ(wc_FreeRng(NULL), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+
+    ExpectIntEQ(wc_InitRng(rng), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+    ExpectIntEQ(wc_InitRng_ex(rng, HEAP_HINT, INVALID_DEVID),
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+    ExpectIntEQ(wc_FreeRng(rng), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+#endif
+    return EXPECT_RESULT();
+}
+
+
+int test_wc_RNG_GenerateBlock_Reseed(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_HASHDRBG) && defined(TEST_RESEED_INTERVAL)
+    int i;
+    WC_RNG rng;
+    byte key[32];
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    for (i = 0; i < WC_RESEED_INTERVAL + 10; i++) {
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, key, sizeof(key)), 0);
+    }
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_RNG_GenerateBlock(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_HASHDRBG
+    int i;
+    WC_RNG rng;
+    byte key[32];
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    /* Bad parameters. */
+    ExpectIntEQ(wc_RNG_GenerateBlock(NULL, NULL, sizeof(key)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RNG_GenerateBlock(&rng, NULL, sizeof(key)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RNG_GenerateBlock(NULL, key , sizeof(key)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    for (i = 0; i <= (int)sizeof(key); i++) {
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, key + i, sizeof(key) - i), 0);
+    }
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_RNG_GenerateByte(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_HASHDRBG
+    int i;
+    WC_RNG rng;
+    byte output[10];
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    /* Bad parameters. */
+    ExpectIntEQ(wc_RNG_GenerateByte(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RNG_GenerateByte(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RNG_GenerateByte(NULL, output),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    for (i = 0; i < (int)sizeof(output); i++) {
+        ExpectIntEQ(wc_RNG_GenerateByte(&rng, output + i), 0);
+    }
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_InitRngNonce(void)
+{
+    EXPECT_DECLS;
+#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
+    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+     HAVE_FIPS_VERSION >= 2))
+    WC_RNG rng;
+    byte   nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
+                     "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
+    word32 nonceSz = sizeof(nonce);
+
+    /* Bad parameters. */
+    ExpectIntEQ(wc_InitRngNonce(NULL, NULL , nonceSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitRngNonce(&rng, NULL , nonceSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitRngNonce(NULL, nonce, nonceSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Good parameters. */
+    ExpectIntEQ(wc_InitRngNonce(&rng, nonce, nonceSz), 0);
+    ExpectIntEQ(wc_FreeRng(&rng), 0);
+    ExpectIntEQ(wc_InitRngNonce(&rng, NULL, 0), 0);
+    ExpectIntEQ(wc_FreeRng(&rng), 0);
+    ExpectIntEQ(wc_InitRngNonce(&rng, nonce, 0), 0);
+    ExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_InitRngNonce_ex(void)
+{
+    EXPECT_DECLS;
+#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
+    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+     HAVE_FIPS_VERSION >= 2))
+    WC_RNG rng;
+    byte   nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
+                     "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
+    word32 nonceSz = sizeof(nonce);
+
+    /* Bad parameters. */
+    ExpectIntEQ(wc_InitRngNonce_ex(NULL, NULL , nonceSz, HEAP_HINT, testDevId),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitRngNonce_ex(&rng, NULL , nonceSz, HEAP_HINT, testDevId),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_InitRngNonce_ex(NULL, nonce, nonceSz, HEAP_HINT, testDevId),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_InitRngNonce_ex(&rng, nonce, nonceSz, HEAP_HINT, testDevId),
+        0);
+    ExpectIntEQ(wc_FreeRng(&rng), 0);
+    ExpectIntEQ(wc_InitRngNonce_ex(&rng, NULL, 0, HEAP_HINT, testDevId), 0);
+    ExpectIntEQ(wc_FreeRng(&rng), 0);
+    ExpectIntEQ(wc_InitRngNonce_ex(&rng, nonce, 0, HEAP_HINT, testDevId), 0);
+    ExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_GenerateSeed(void)
+{
+    EXPECT_DECLS;
+#if !defined(WC_NO_RNG) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+    OS_Seed seed[1];
+    byte output[16];
+
+    XMEMSET(seed, 0, sizeof(OS_Seed));
+
+    /* Different configurations have different paths and different errors or
+     * no error at all. */
+#ifdef TEST_WC_GENERATE_SEED_PARAMS
+    /* Bad parameters. */
+    ExpectIntEQ(wc_GenerateSeed(NULL, NULL  , 16),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntLT(wc_GenerateSeed(seed, NULL  , 16), 0);
+    ExpectIntEQ(wc_GenerateSeed(NULL, output, 16),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    /* Good parameters. */
+    ExpectIntEQ(wc_GenerateSeed(seed, output, 16), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_rng_new(void)
+{
+    EXPECT_DECLS;
+#if !defined(WC_NO_RNG) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
+    !defined(WOLFSSL_NO_MALLOC)
+    WC_RNG* rng = NULL;
+    unsigned char nonce[16];
+    word32 nonceSz = (word32)sizeof(nonce);
+
+    XMEMSET(nonce, 0xa5, nonceSz);
+
+    /* Bad parameters. */
+    ExpectNull(wc_rng_new(NULL, nonceSz, HEAP_HINT));
+    ExpectIntEQ(wc_rng_new_ex(&rng, NULL, nonceSz, HEAP_HINT, INVALID_DEVID),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectNull(rng);
+
+    /* Good parameters. */
+    ExpectNotNull(rng = wc_rng_new(nonce, nonceSz, HEAP_HINT));
+#ifdef HAVE_HASHDRBG
+    /* Ensure random object is usable. */
+    ExpectIntEQ(wc_RNG_GenerateBlock(rng, nonce, nonceSz), 0);
+#endif
+    wc_rng_free(rng);
+    rng = NULL;
+    ExpectNotNull(rng = wc_rng_new(nonce, 0, HEAP_HINT));
+#ifdef HAVE_HASHDRBG
+    /* Ensure random object is usable. */
+    ExpectIntEQ(wc_RNG_GenerateBlock(rng, nonce, nonceSz), 0);
+#endif
+    wc_rng_free(rng);
+    rng = NULL;
+
+    ExpectIntEQ(wc_rng_new_ex(&rng, nonce, nonceSz, HEAP_HINT, INVALID_DEVID),
+        0);
+    ExpectNotNull(rng);
+#ifdef HAVE_HASHDRBG
+    /* Ensure random object is usable. */
+    ExpectIntEQ(wc_RNG_GenerateBlock(rng, nonce, nonceSz), 0);
+#endif
+    wc_rng_free(rng);
+    rng = NULL;
+    ExpectIntEQ(wc_rng_new_ex(&rng, nonce, 0, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectNotNull(rng);
+#ifdef HAVE_HASHDRBG
+    /* Ensure random object is usable. */
+    ExpectIntEQ(wc_RNG_GenerateBlock(rng, nonce, nonceSz), 0);
+#endif
+    wc_rng_free(rng);
+
+    wc_rng_free(NULL);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_RNG_DRBG_Reseed(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_HASHDRBG) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+    WC_RNG rng[1];
+    byte entropy[16];
+    word32 entropySz = sizeof(entropy);
+
+    XMEMSET(entropy, 0xa5, entropySz);
+
+    ExpectIntEQ(wc_InitRng(rng), 0);
+
+    /* Bad Parameters. */
+    ExpectIntEQ(wc_RNG_DRBG_Reseed(NULL, NULL, entropySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RNG_DRBG_Reseed(rng, NULL, entropySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RNG_DRBG_Reseed(NULL, entropy, entropySz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Good Parameters. */
+    ExpectIntEQ(wc_RNG_DRBG_Reseed(rng, entropy, entropySz), 0);
+    ExpectIntEQ(wc_RNG_GenerateBlock(rng, entropy, entropySz), 0);
+    ExpectIntEQ(wc_RNG_DRBG_Reseed(rng, entropy, 0), 0);
+    ExpectIntEQ(wc_RNG_GenerateBlock(rng, entropy, entropySz), 0);
+
+    ExpectIntEQ(wc_FreeRng(rng), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_RNG_TestSeed(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_HASHDRBG) && \
+    !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+    byte seed[16];
+    byte i;
+
+#ifdef TEST_WC_RNG_TESTSEED_BAD_PARAMS
+    /* Doesn't handle NULL. */
+    ExpectIntEQ(wc_RNG_TestSeed(NULL, sizeof(seed)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Doesn't handle seed being less than SEED_BLOCK_SZ which is not public
+     * and is different for different configurations. */
+    for (i = 0; i < 4; i++) {
+        ExpectIntEQ(wc_RNG_TestSeed(seed, i),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+#endif
+
+    /* Bad seed as it repeats. */
+    XMEMSET(seed, 0xa5, sizeof(seed));
+    /* Return value is DRBG_CONT_FAILURE which is not public. */
+    ExpectIntGT(wc_RNG_TestSeed(seed, sizeof(seed)), 0);
+
+    /* Good seed. */
+    for (i = 0; i < (byte)sizeof(seed); i++)
+        seed[i] = i;
+    ExpectIntEQ(wc_RNG_TestSeed(seed, sizeof(seed)), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_RNG_HealthTest(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_HASHDRBG)
+    static const byte test1Seed[] = {
+        0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e,
+        0xff, 0xe8, 0x75, 0xc3, 0xa2, 0xe7, 0x1f, 0x42,
+        0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
+        0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb,
+        0x85, 0x81, 0xf9, 0x31, 0x75, 0x17, 0x27, 0x6e,
+        0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
+    };
+    static const byte test1Output[] = {
+        0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40,
+        0xb2, 0x62, 0x82, 0x64, 0xd1, 0x75, 0x10, 0x60,
+        0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
+        0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d,
+        0xaa, 0xf6, 0xa6, 0xc3, 0x5a, 0x91, 0xbb, 0x45,
+        0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
+        0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed,
+        0x52, 0x8f, 0x01, 0x81, 0x21, 0xb3, 0xfe, 0xbd,
+        0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
+        0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1,
+        0x77, 0xcf, 0xa6, 0xb7, 0x1f, 0xe8, 0xab, 0x1d,
+        0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
+        0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99,
+        0x0e, 0xea, 0xeb, 0x91, 0x12, 0x04, 0x15, 0x52,
+        0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
+        0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
+    };
+    static const byte test2SeedA[] = {
+        0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46,
+        0x8d, 0xeb, 0x0a, 0xb4, 0xa8, 0xed, 0x68, 0x3f,
+        0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
+        0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69,
+        0x80, 0x8a, 0xa3, 0x8f, 0x2a, 0x72, 0xa6, 0x23,
+        0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
+    };
+    static const byte test2SeedB[] = {
+        0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6,
+        0x98, 0x05, 0x66, 0xe3, 0xbf, 0xe3, 0xc0, 0x49,
+        0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
+        0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
+    };
+    static const byte test2Output[] = {
+        0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c,
+        0x63, 0x0a, 0x1a, 0xfb, 0xe7, 0x24, 0x94, 0x9d,
+        0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
+        0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62,
+        0x1c, 0x18, 0xbd, 0xdc, 0xdd, 0x8d, 0x99, 0xfc,
+        0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
+        0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1,
+        0xdd, 0xd6, 0xc0, 0x71, 0x31, 0x8a, 0x60, 0x18,
+        0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
+        0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10,
+        0x5d, 0x92, 0x99, 0xb8, 0xaf, 0x99, 0xaa, 0x07,
+        0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
+        0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09,
+        0x88, 0x96, 0xff, 0x22, 0x82, 0xc9, 0x55, 0xa8,
+        0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
+        0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
+    };
+#if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+    static const byte testEx1Nonce[] = {
+        0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
+        0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
+    };
+    static const byte testEx1Output[] = {
+        0x2d, 0xa7, 0x72, 0x76, 0xe2, 0xab, 0xf5, 0x79,
+        0x08, 0x4f, 0x1a, 0xf3, 0x53, 0xb4, 0xec, 0x58,
+        0x07, 0x09, 0x1f, 0x61, 0xa4, 0x3c, 0x65, 0x38,
+        0xd3, 0x43, 0x66, 0x29, 0x10, 0x81, 0x33, 0xa6,
+        0xb8, 0x71, 0x8d, 0xc0, 0x27, 0x80, 0xfe, 0x11,
+        0x85, 0xc6, 0xe6, 0x40, 0x69, 0x23, 0x39, 0x74,
+        0x4a, 0xc9, 0xdc, 0x68, 0x6f, 0x47, 0x5c, 0x5c,
+        0x56, 0xc8, 0x00, 0x78, 0xcf, 0x12, 0x7a, 0x67,
+        0x27, 0x1b, 0xe7, 0x14, 0xdf, 0x9d, 0x22, 0xb5,
+        0x5a, 0x8a, 0x2f, 0xdd, 0x7b, 0x6f, 0xb7, 0xf4,
+        0xe3, 0x58, 0x8e, 0x6c, 0x79, 0x09, 0xf1, 0xe3,
+        0x15, 0x1d, 0x9f, 0x1f, 0x69, 0x23, 0x70, 0x2f,
+        0xd0, 0xee, 0x4e, 0xdd, 0x02, 0x56, 0xeb, 0x3f,
+        0x25, 0xcc, 0x63, 0x06, 0x70, 0x97, 0x07, 0x76,
+        0xb3, 0xe1, 0x39, 0xbd, 0xd3, 0xc2, 0x12, 0xeb,
+        0x42, 0x77, 0xe8, 0xc5, 0xd0, 0xde, 0xf1, 0x4f
+    };
+    static const byte testEx2Nonce[] = {
+        0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff,
+        0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57
+    };
+    static const byte testEx2Output[] = {
+        0x40, 0xb2, 0xeb, 0x2b, 0x10, 0x53, 0x30, 0x8f,
+        0xe4, 0xa0, 0x47, 0xe0, 0x24, 0x22, 0xe7, 0x03,
+        0x03, 0x90, 0x91, 0x7b, 0xa5, 0xa8, 0xa2, 0xfd,
+        0xba, 0x3b, 0xc9, 0x8e, 0xfb, 0x39, 0xef, 0xd9,
+        0xae, 0x62, 0xb7, 0x0b, 0x21, 0xe6, 0x93, 0x22,
+        0xeb, 0x3d, 0x3b, 0x00, 0x59, 0xaa, 0xc0, 0x27,
+        0x0c, 0xde, 0xb4, 0xbd, 0x5c, 0x73, 0xa6, 0x51,
+        0xf5, 0x55, 0x2c, 0xf4, 0xb8, 0xc8, 0x46, 0x04,
+        0x03, 0x63, 0xa7, 0x9f, 0x81, 0xd1, 0x34, 0x1c,
+        0x93, 0x86, 0x43, 0x09, 0x4c, 0x0e, 0x0a, 0x7d,
+        0x54, 0x63, 0xc4, 0x72, 0xbe, 0xe3, 0x30, 0x39,
+        0x3b, 0x1b, 0x8d, 0xbe, 0x55, 0x9a, 0x46, 0x11,
+        0x75, 0x22, 0x00, 0xcc, 0x5a, 0xa6, 0xbb, 0x8c,
+        0xd1, 0x70, 0xba, 0xbc, 0x3c, 0xf5, 0xcf, 0x81,
+        0xa5, 0x17, 0x5a, 0x34, 0x0c, 0x29, 0xca, 0xcf,
+        0x2b, 0x27, 0x38, 0x42, 0x21, 0x32, 0x9b, 0xc0
+    };
+#endif
+    byte output[WC_SHA256_DIGEST_SIZE * 4];
+
+    /* Bad parameters. */
+    ExpectIntEQ(wc_RNG_HealthTest(0, NULL     , 0                , NULL, 0,
+        NULL  , 0             ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RNG_HealthTest(0, test1Seed, sizeof(test1Seed), NULL, 0,
+        NULL  , 0             ), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RNG_HealthTest(0, NULL     , 0                , NULL, 0,
+        output, sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RNG_HealthTest(0, test1Seed, sizeof(test1Seed), NULL, 0,
+        output, 0             ), WC_NO_ERR_TRACE(-1));
+
+    /* Good parameters. */
+    ExpectIntEQ(wc_RNG_HealthTest(0, test1Seed, sizeof(test1Seed), NULL, 0,
+        output, sizeof(output)), 0);
+    ExpectBufEQ(test1Output, output, sizeof(output));
+
+    ExpectIntEQ(wc_RNG_HealthTest(1, test2SeedA, sizeof(test2SeedA), test2SeedB,
+        sizeof(test2SeedB), output, sizeof(output)), 0);
+    ExpectBufEQ(test2Output, output, sizeof(output));
+
+#if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
+    /* Bad parameters. */
+    ExpectIntEQ(wc_RNG_HealthTest_ex(0, NULL, 0, NULL     , 0                ,
+        NULL, 0, NULL  , 0             , HEAP_HINT, INVALID_DEVID),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RNG_HealthTest_ex(0, NULL, 0, test1Seed, sizeof(test1Seed),
+        NULL, 0, NULL  , 0             , HEAP_HINT,
+        INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RNG_HealthTest_ex(0, NULL, 0, NULL     , 0                ,
+        NULL, 0, output, sizeof(output), HEAP_HINT, INVALID_DEVID),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RNG_HealthTest_ex(0, NULL, 0, test1Seed, sizeof(test1Seed),
+        NULL, 0, output, 0             , HEAP_HINT, INVALID_DEVID),
+        WC_NO_ERR_TRACE(-1));
+
+    /* Good parameters. */
+    ExpectIntEQ(wc_RNG_HealthTest_ex(0, NULL, 0, test1Seed, sizeof(test1Seed),
+        NULL, 0, output, sizeof(output), HEAP_HINT, INVALID_DEVID), 0);
+    ExpectBufEQ(test1Output, output, sizeof(output));
+    /*  with nonce */
+    ExpectIntEQ(wc_RNG_HealthTest_ex(0, testEx1Nonce, sizeof(testEx1Nonce),
+        test1Seed, sizeof(test1Seed), NULL, 0, output, sizeof(output),
+        HEAP_HINT, INVALID_DEVID), 0);
+    ExpectBufEQ(testEx1Output, output, sizeof(output));
+
+    ExpectIntEQ(wc_RNG_HealthTest_ex(1, NULL, 0, test2SeedA, sizeof(test2SeedA),
+        test2SeedB, sizeof(test2SeedB), output, sizeof(output), HEAP_HINT,
+        INVALID_DEVID), 0);
+    ExpectBufEQ(test2Output, output, sizeof(output));
+    /*  with nonce */
+    ExpectIntEQ(wc_RNG_HealthTest_ex(1, testEx2Nonce, sizeof(testEx2Nonce),
+        test2SeedA, sizeof(test2SeedA), test2SeedB, sizeof(test2SeedB), output,
+        sizeof(output), HEAP_HINT, INVALID_DEVID), 0);
+    ExpectBufEQ(testEx2Output, output, sizeof(output));
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_random.h b/tests/api/test_random.h
new file mode 100644
index 000000000..ad34fcf87
--- /dev/null
+++ b/tests/api/test_random.h
@@ -0,0 +1,52 @@
+/* test_random.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_RANDOM_H
+#define WOLFCRYPT_TEST_RANDOM_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitRng(void);
+int test_wc_RNG_GenerateBlock_Reseed(void);
+int test_wc_RNG_GenerateBlock(void);
+int test_wc_RNG_GenerateByte(void);
+int test_wc_InitRngNonce(void);
+int test_wc_InitRngNonce_ex(void);
+int test_wc_GenerateSeed(void);
+int test_wc_rng_new(void);
+int test_wc_RNG_DRBG_Reseed(void);
+int test_wc_RNG_TestSeed(void);
+int test_wc_RNG_HealthTest(void);
+
+#define TEST_RANDOM_DECLS                                           \
+    TEST_DECL_GROUP("random", test_wc_InitRng),                     \
+    TEST_DECL_GROUP("random", test_wc_RNG_GenerateBlock_Reseed),    \
+    TEST_DECL_GROUP("random", test_wc_RNG_GenerateBlock),           \
+    TEST_DECL_GROUP("random", test_wc_RNG_GenerateByte),            \
+    TEST_DECL_GROUP("random", test_wc_InitRngNonce),                \
+    TEST_DECL_GROUP("random", test_wc_InitRngNonce_ex),             \
+    TEST_DECL_GROUP("random", test_wc_GenerateSeed),                \
+    TEST_DECL_GROUP("random", test_wc_rng_new),                     \
+    TEST_DECL_GROUP("random", test_wc_RNG_DRBG_Reseed),             \
+    TEST_DECL_GROUP("random", test_wc_RNG_TestSeed),                \
+    TEST_DECL_GROUP("random", test_wc_RNG_HealthTest)
+
+#endif /* WOLFCRYPT_TEST_RANDOM_H */
diff --git a/tests/api/test_rc2.c b/tests/api/test_rc2.c
new file mode 100644
index 000000000..847e7508c
--- /dev/null
+++ b/tests/api/test_rc2.c
@@ -0,0 +1,222 @@
+/* test_rc2.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/rc2.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_rc2.h>
+
+/*
+ * Testing function for wc_Rc2SetKey().
+ */
+int test_wc_Rc2SetKey(void)
+{
+    EXPECT_DECLS;
+#ifdef WC_RC2
+    Rc2  rc2;
+    byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
+    byte iv[]    = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
+
+    /* valid key and IV */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
+        iv, 40), 0);
+    /* valid key, no IV */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
+        NULL, 40), 0);
+
+    /* bad arguments  */
+    /* null Rc2 struct */
+    ExpectIntEQ(wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte),
+        iv, 40), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null key */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte),
+        iv, 40), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* key size == 0 */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 0, iv, 40),
+        WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
+    /* key size > 128 */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 129, iv, 40),
+        WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
+    /* effective bits == 0 */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
+        iv, 0), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
+    /* effective bits > 1024 */
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
+        iv, 1025), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Rc2SetKey */
+
+/*
+ * Testing function for wc_Rc2SetIV().
+ */
+int test_wc_Rc2SetIV(void)
+{
+    EXPECT_DECLS;
+#ifdef WC_RC2
+    Rc2  rc2;
+    byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
+
+    /* valid IV */
+    ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0);
+    /* valid NULL IV */
+    ExpectIntEQ(wc_Rc2SetIV(&rc2, NULL), 0);
+
+    /* bad arguments */
+    ExpectIntEQ(wc_Rc2SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Rc2SetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Rc2SetIV */
+
+/*
+ * Testing function for wc_Rc2EcbEncrypt() and wc_Rc2EcbDecrypt().
+ */
+int test_wc_Rc2EcbEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#ifdef WC_RC2
+    Rc2 rc2;
+    int effectiveKeyBits = 63;
+    byte cipher[RC2_BLOCK_SIZE];
+    byte plain[RC2_BLOCK_SIZE];
+    byte key[]    = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+    byte input[]  = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+    byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff };
+
+    XMEMSET(cipher, 0, sizeof(cipher));
+    XMEMSET(plain, 0, sizeof(plain));
+
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
+        NULL, effectiveKeyBits), 0);
+    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(cipher, output, RC2_BLOCK_SIZE), 0);
+
+    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(plain, input, RC2_BLOCK_SIZE), 0);
+
+    /* Rc2EcbEncrypt bad arguments */
+    /* null Rc2 struct */
+    ExpectIntEQ(wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null out buffer */
+    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null input buffer */
+    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* output buffer sz != RC2_BLOCK_SIZE (8) */
+    ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, 7),
+        WC_NO_ERR_TRACE(BUFFER_E));
+
+    /* Rc2EcbDecrypt bad arguments */
+    /* null Rc2 struct */
+    ExpectIntEQ(wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null out buffer */
+    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null input buffer */
+    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* output buffer sz != RC2_BLOCK_SIZE (8) */
+    ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, output, 7),
+        WC_NO_ERR_TRACE(BUFFER_E));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Rc2EcbEncryptDecrypt */
+
+/*
+ * Testing function for wc_Rc2CbcEncrypt() and wc_Rc2CbcDecrypt().
+ */
+int test_wc_Rc2CbcEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#ifdef WC_RC2
+    Rc2 rc2;
+    int effectiveKeyBits = 63;
+    byte cipher[RC2_BLOCK_SIZE*2];
+    byte plain[RC2_BLOCK_SIZE*2];
+    /* vector taken from test.c */
+    byte key[] = {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+    byte iv[] = {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+    byte input[] = {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+    byte output[] = {
+        0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff,
+        0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57
+    };
+
+    XMEMSET(cipher, 0, sizeof(cipher));
+    XMEMSET(plain, 0, sizeof(plain));
+
+    ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
+        iv, effectiveKeyBits), 0);
+    ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input)), 0);
+    ExpectIntEQ(XMEMCMP(cipher, output, sizeof(output)), 0);
+
+    /* reset IV for decrypt */
+    ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0);
+    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher)), 0);
+    ExpectIntEQ(XMEMCMP(plain, input, sizeof(input)), 0);
+
+    /* Rc2CbcEncrypt bad arguments */
+    /* null Rc2 struct */
+    ExpectIntEQ(wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null out buffer */
+    ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null input buffer */
+    ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Rc2CbcDecrypt bad arguments */
+    /* in size is 0 */
+    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, output, 0), 0);
+    /* null Rc2 struct */
+    ExpectIntEQ(wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null out buffer */
+    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* null input buffer */
+    ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Rc2CbcEncryptDecrypt */
+
diff --git a/tests/api/test_rc2.h b/tests/api/test_rc2.h
new file mode 100644
index 000000000..bfa540d60
--- /dev/null
+++ b/tests/api/test_rc2.h
@@ -0,0 +1,38 @@
+/* test_rc2.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_RC2_H
+#define WOLFCRYPT_TEST_RC2_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_Rc2SetKey(void);
+int test_wc_Rc2SetIV(void);
+int test_wc_Rc2EcbEncryptDecrypt(void);
+int test_wc_Rc2CbcEncryptDecrypt(void);
+
+#define TEST_RC2_DECLS                                      \
+    TEST_DECL_GROUP("rc2", test_wc_Rc2SetKey),              \
+    TEST_DECL_GROUP("rc2", test_wc_Rc2SetIV),               \
+    TEST_DECL_GROUP("rc2", test_wc_Rc2EcbEncryptDecrypt),   \
+    TEST_DECL_GROUP("rc2", test_wc_Rc2CbcEncryptDecrypt)
+
+#endif /* WOLFCRYPT_TEST_RC2_H */
diff --git a/tests/api/test_ripemd.c b/tests/api/test_ripemd.c
new file mode 100644
index 000000000..2125d33e8
--- /dev/null
+++ b/tests/api/test_ripemd.c
@@ -0,0 +1,235 @@
+/* test_ripemd.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/ripemd.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ripemd.h>
+#include <tests/api/test_digest.h>
+
+/*
+ * Testing wc_InitRipeMd()
+ */
+int test_wc_InitRipeMd(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_RIPEMD
+    RipeMd ripemd;
+
+    /* Test bad arg. */
+    ExpectIntEQ(wc_InitRipeMd(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_InitRipeMd */
+
+/*
+ * Testing wc_RipeMdUpdate()
+ */
+int test_wc_RipeMdUpdate(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_RIPEMD
+    RipeMd ripemd;
+
+    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+
+    /* Test bad arg. */
+    ExpectIntEQ(wc_RipeMdUpdate(NULL   , NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RipeMdUpdate(NULL   , NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, NULL, 0), 0);
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)"a", 1), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_RipeMdUdpate */
+
+/*
+ * Unit test function for wc_RipeMdFinal()
+ */
+int test_wc_RipeMdFinal(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_RIPEMD
+    RipeMd ripemd;
+    byte hash[RIPEMD_DIGEST_SIZE];
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_RipeMdFinal(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RipeMdFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RipeMdFinal(&ripemd, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_RipeMdFinal */
+
+#define RIPEMD_KAT_CNT  7
+int test_wc_RipeMd_KATs( void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_RIPEMD
+    RipeMd ripemd;
+    testVector ripemd_kat[RIPEMD_KAT_CNT];
+    byte hash[RIPEMD_DIGEST_SIZE];
+    int i = 0;
+
+    ripemd_kat[i].input = "";
+    ripemd_kat[i].inLen = 0;
+    ripemd_kat[i].output =
+        "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54"
+        "\x61\x28\x08\x97\x7e\xe8\xf5\x48"
+        "\xb2\x25\x8d\x31";
+    ripemd_kat[i].outLen = 0;
+    i++;
+    ripemd_kat[i].input = "a";
+    ripemd_kat[i].inLen = 1;
+    ripemd_kat[i].output =
+        "\x0b\xdc\x9d\x2d\x25\x6b\x3e\xe9"
+        "\xda\xae\x34\x7b\xe6\xf4\xdc\x83"
+        "\x5a\x46\x7f\xfe";
+    ripemd_kat[i].outLen = 0;
+    i++;
+    ripemd_kat[i].input = "abc";
+    ripemd_kat[i].inLen = 3;
+    ripemd_kat[i].output =
+        "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a"
+        "\x9b\x04\x4a\x8e\x98\xc6\xb0\x87"
+        "\xf1\x5a\x0b\xfc";
+    ripemd_kat[i].outLen = 0;
+    i++;
+    ripemd_kat[i].input = "message digest";
+    ripemd_kat[i].inLen = 14;
+    ripemd_kat[i].output =
+        "\x5d\x06\x89\xef\x49\xd2\xfa\xe5"
+        "\x72\xb8\x81\xb1\x23\xa8\x5f\xfa"
+        "\x21\x59\x5f\x36";
+    ripemd_kat[i].outLen = 0;
+    i++;
+    ripemd_kat[i].input = "abcdefghijklmnopqrstuvwxyz";
+    ripemd_kat[i].inLen = 26;
+    ripemd_kat[i].output =
+        "\xf7\x1c\x27\x10\x9c\x69\x2c\x1b"
+        "\x56\xbb\xdc\xeb\x5b\x9d\x28\x65"
+        "\xb3\x70\x8d\xbc";
+    ripemd_kat[i].outLen = 0;
+    i++;
+    ripemd_kat[i].input =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+        "0123456789";
+    ripemd_kat[i].inLen = 62;
+    ripemd_kat[i].output =
+        "\xb0\xe2\x0b\x6e\x31\x16\x64\x02"
+        "\x86\xed\x3a\x87\xa5\x71\x30\x79"
+        "\xb2\x1f\x51\x89";
+    ripemd_kat[i].outLen = 0;
+    i++;
+    ripemd_kat[i].input = "1234567890123456789012345678901234567890"
+                           "1234567890123456789012345678901234567890";
+    ripemd_kat[i].inLen = 80;
+    ripemd_kat[i].output =
+        "\x9b\x75\x2e\x45\x57\x3d\x4b\x39"
+        "\xf4\xdb\xd3\x32\x3c\xab\x82\xbf"
+        "\x63\x32\x6b\xfb";
+    ripemd_kat[i].outLen = 0;
+
+    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+    for (i = 0; i < RIPEMD_KAT_CNT; i++) {
+        /* Do KAT. */
+        ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)ripemd_kat[i].input,
+            (word32)ripemd_kat[i].inLen), 0);
+        ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
+        ExpectBufEQ(hash, (byte*)ripemd_kat[i].output, RIPEMD_DIGEST_SIZE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_RipeMd_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_RIPEMD
+    RipeMd ripemd;
+    byte hash[RIPEMD_DIGEST_SIZE + 1];
+    byte data[RIPEMD_DIGEST_SIZE * 8 + 1];
+    int dataLen = RIPEMD_DIGEST_SIZE * 8;
+    const char* expHash =
+        "\x11\x8f\x4f\x23\xa9\xc2\xcb\x04"
+        "\x10\x10\xbb\x44\x5a\x1d\xfb\x17"
+        "\x6b\x68\x09\xb4";
+    int i;
+    int j;
+
+    XMEMSET(data, 0xa5, sizeof(data));
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+
+    /* Unaligned input and output buffer. */
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, data + 1, dataLen), 0);
+    ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash + 1), 0);
+    ExpectBufEQ(hash + 1, (byte*)expHash, RIPEMD_DIGEST_SIZE);
+
+    /* Test that empty updates work. */
+    ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, NULL, 0), 0);
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)"", 0), 0);
+    ExpectIntEQ(wc_RipeMdUpdate(&ripemd, data, dataLen), 0);
+    ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
+    ExpectBufEQ(hash, (byte*)expHash, RIPEMD_DIGEST_SIZE);
+
+    /* Ensure chunking works. */
+    for (i = 1; i < dataLen; i++) {
+        ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
+        for (j = 0; j < dataLen; j += i) {
+             int len = dataLen - j;
+             if (i < len)
+                 len = i;
+             ExpectIntEQ(wc_RipeMdUpdate(&ripemd, data + j, len), 0);
+        }
+        ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
+        ExpectBufEQ(hash, (byte*)expHash, RIPEMD_DIGEST_SIZE);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_ripemd.h b/tests/api/test_ripemd.h
new file mode 100644
index 000000000..90d288328
--- /dev/null
+++ b/tests/api/test_ripemd.h
@@ -0,0 +1,41 @@
+/* test_ripemd.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_RIPEMD_H
+#define WOLFCRYPT_TEST_RIPEMD_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitRipeMd(void);
+int test_wc_RipeMdUpdate(void);
+int test_wc_RipeMdFinal(void);
+int test_wc_RipeMd_KATs(void);
+int test_wc_RipeMd_other(void);
+
+#define TEST_RIPEMD_DECLS                               \
+    TEST_DECL_GROUP("ripemd", test_wc_InitRipeMd),      \
+    TEST_DECL_GROUP("ripemd", test_wc_RipeMdUpdate),    \
+    TEST_DECL_GROUP("ripemd", test_wc_RipeMdFinal),     \
+    TEST_DECL_GROUP("ripemd", test_wc_RipeMd_KATs),     \
+    TEST_DECL_GROUP("ripemd", test_wc_RipeMd_other)
+
+#endif /* WOLFCRYPT_TEST_RIPEMD_H */
diff --git a/tests/api/test_rsa.c b/tests/api/test_rsa.c
new file mode 100644
index 000000000..068b980b5
--- /dev/null
+++ b/tests/api/test_rsa.c
@@ -0,0 +1,1089 @@
+/* test_rsa.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/rsa.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_rsa.h>
+
+/*
+ * Testing wc_Init RsaKey()
+ */
+int test_wc_InitRsaKey(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_RSA
+    RsaKey key;
+
+    XMEMSET(&key, 0, sizeof(RsaKey));
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitRsaKey */
+
+
+/*
+ * Testing wc_RsaPrivateKeyDecode()
+ */
+int test_wc_RsaPrivateKeyDecode(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024) || \
+        defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
+    RsaKey key;
+    byte*  tmp = NULL;
+    word32 idx = 0;
+    int    bytes = 0;
+
+    XMEMSET(&key, 0, sizeof(RsaKey));
+
+    ExpectNotNull(tmp = (byte*)XMALLOC(FOURK_BUF, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    if (tmp != NULL) {
+    #ifdef USE_CERT_BUFFERS_1024
+        XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
+        bytes = sizeof_client_key_der_1024;
+    #else
+        XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
+        bytes = sizeof_client_key_der_2048;
+    #endif /* Use cert buffers. */
+    }
+
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_RsaPrivateKeyDecode */
+
+/*
+ * Testing wc_RsaPublicKeyDecode()
+ */
+int test_wc_RsaPublicKeyDecode(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024) || \
+        defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
+    RsaKey keyPub;
+    byte*  tmp = NULL;
+    word32 idx = 0;
+    int    bytes = 0;
+    word32 keySz = 0;
+    word32 tstKeySz = 0;
+#if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM)
+    XFILE f = XBADFILE;
+    const char* rsaPssPubKey = "./certs/rsapss/ca-rsapss-key.der";
+    const char* rsaPssPubKeyNoParams = "./certs/rsapss/ca-3072-rsapss-key.der";
+    byte buf[4096];
+#endif
+
+    XMEMSET(&keyPub, 0, sizeof(RsaKey));
+
+    ExpectNotNull(tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(wc_InitRsaKey(&keyPub, HEAP_HINT), 0);
+    if (tmp != NULL) {
+    #ifdef USE_CERT_BUFFERS_1024
+        XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
+        bytes = sizeof_client_keypub_der_1024;
+        keySz = 1024;
+    #else
+        XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
+        bytes = sizeof_client_keypub_der_2048;
+        keySz = 2048;
+    #endif
+    }
+
+    ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRsaKey(&keyPub), 0);
+
+    /* Test for getting modulus key size */
+    idx = 0;
+    ExpectIntEQ(wc_RsaPublicKeyDecode_ex(tmp, &idx, (word32)bytes, NULL,
+        &tstKeySz, NULL, NULL), 0);
+    ExpectIntEQ(tstKeySz, keySz/8);
+
+#if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM)
+    ExpectTrue((f = XFOPEN(rsaPssPubKey, "rb")) != XBADFILE);
+    ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+    idx = 0;
+    ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, (word32)bytes, NULL, NULL,
+        NULL, NULL), 0);
+    ExpectTrue((f = XFOPEN(rsaPssPubKeyNoParams, "rb")) != XBADFILE);
+    ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
+    if (f != XBADFILE)
+        XFCLOSE(f);
+    idx = 0;
+    ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, (word32)bytes, NULL, NULL,
+        NULL, NULL), 0);
+#endif
+
+    XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}  /* END test_wc_RsaPublicKeyDecode */
+
+/*
+ * Testing wc_RsaPublicKeyDecodeRaw()
+ */
+int test_wc_RsaPublicKeyDecodeRaw(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA)
+    RsaKey     key;
+    const byte n = 0x23;
+    const byte e = 0x03;
+    word32     nSz = sizeof(n);
+    word32     eSz = sizeof(e);
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL),
+       WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_RsaPublicKeyDecodeRaw */
+
+/*
+ * Testing wc_RsaPrivateKeyDecodeRaw()
+ */
+int test_wc_RsaPrivateKeyDecodeRaw(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
+    !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+    RsaKey key;
+    const byte n = 33;
+    const byte e = 3;
+    const byte d = 7;
+    const byte u = 2;
+    const byte p = 3;
+    const byte q = 11;
+    const byte dp = 1;
+    const byte dq = 7;
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), NULL, 0,
+                NULL, 0, &key), 0);
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                NULL, 0, &key), 0);
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), NULL, 0,
+                &dq, sizeof(dq), &key), 0);
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(NULL, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, 0,
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                NULL, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, 0, &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), NULL, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, 0, &u, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                NULL, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, 0, &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), NULL, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, sizeof(u),
+                &p, sizeof(p), &q, 0, &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, 0,
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), NULL, sizeof(u),
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n),
+                &e, sizeof(e), &d, sizeof(d), &u, 0,
+                &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp),
+                &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END  test_wc_RsaPrivateKeyDecodeRaw */
+
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+    /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
+     * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
+     * trying until it gets a probable prime. */
+    #ifdef HAVE_FIPS
+        int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng)
+        {
+            int ret;
+
+            for (;;) {
+                ret = wc_MakeRsaKey(key, size, e, rng);
+                if (ret != WC_NO_ERR_TRACE(PRIME_GEN_E)) break;
+                fprintf(stderr, "MakeRsaKey couldn't find prime; "
+                                "trying again.\n");
+            }
+
+            return ret;
+        }
+    #endif
+#endif
+
+/*
+ * Testing wc_MakeRsaKey()
+ */
+int test_wc_MakeRsaKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+
+    RsaKey genKey;
+    WC_RNG rng;
+#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
+    int bits = 1024;
+#else
+    int bits = 2048;
+#endif
+
+    XMEMSET(&genKey, 0, sizeof(RsaKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRsaKey(&genKey, HEAP_HINT), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
+    DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* e < 3 */
+    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* e & 1 == 0 */
+    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_MakeRsaKey */
+
+/*
+ * Testing wc_CheckProbablePrime()
+ */
+int test_wc_CheckProbablePrime(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
+ !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
+#define CHECK_PROBABLE_PRIME_KEY_BITS 2048
+    RsaKey key;
+    WC_RNG rng;
+    byte   e[3];
+    word32 eSz = (word32)sizeof(e);
+    byte   n[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
+    word32 nSz = (word32)sizeof(n);
+    byte   d[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
+    word32 dSz = (word32)sizeof(d);
+    byte   p[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
+    word32 pSz = (word32)sizeof(p);
+    byte   q[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
+    word32 qSz = (word32)sizeof(q);
+    int    nlen = CHECK_PROBABLE_PRIME_KEY_BITS;
+    int*   isPrime;
+    int    test[5];
+    isPrime = test;
+
+    XMEMSET(&key, 0, sizeof(RsaKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
+    ExpectIntEQ(wc_MakeRsaKey(&key, CHECK_PROBABLE_PRIME_KEY_BITS,
+        WC_RSA_EXPONENT, &rng), 0);
+    PRIVATE_KEY_UNLOCK();
+    ExpectIntEQ(wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q,
+        &qSz), 0);
+    PRIVATE_KEY_LOCK();
+
+    /* Bad cases */
+    ExpectIntEQ(wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz, nlen, isPrime),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CheckProbablePrime(p, 0, q, qSz, e, eSz, nlen, isPrime),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz, nlen, isPrime),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, 0, e, eSz, nlen, isPrime),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz, nlen, isPrime),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, e, 0, nlen, isPrime),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0, nlen, isPrime),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Good case */
+    ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz, nlen, isPrime),
+        0);
+
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+    wc_FreeRng(&rng);
+#undef CHECK_PROBABLE_PRIME_KEY_BITS
+#endif
+    return EXPECT_RESULT();
+} /* END  test_wc_CheckProbablePrime */
+
+/*
+ * Testing wc_RsaPSS_Verify()
+ */
+int test_wc_RsaPSS_Verify(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
+ !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
+    RsaKey        key;
+    WC_RNG        rng;
+    int           sz = 256;
+    const char*   szMessage = "This is the string to be signed";
+    unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
+    unsigned char pDecrypted[2048/8];
+    byte*         pt = pDecrypted;
+    word32        outLen = sizeof(pDecrypted);
+
+    XMEMSET(&key, 0, sizeof(RsaKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
+    ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
+
+    ExpectIntGT(sz = wc_RsaPSS_Sign((byte*)szMessage,
+        (word32)XSTRLEN(szMessage)+1, pSignature, sizeof(pSignature),
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
+
+    /* Bad cases */
+    ExpectIntEQ(wc_RsaPSS_Verify(NULL, (word32)sz, pt, outLen,
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPSS_Verify(pSignature, 0, pt, outLen,
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPSS_Verify(pSignature, (word32)sz, NULL, outLen,
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPSS_Verify(NULL, 0, NULL, outLen,
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Good case */
+    ExpectIntGT(wc_RsaPSS_Verify(pSignature, (word32)sz, pt, outLen,
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0);
+
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+    wc_FreeRng(&rng);
+#endif
+    return EXPECT_RESULT();
+} /* END  test_wc_RsaPSS_Verify */
+
+/*
+ * Testing wc_RsaPSS_VerifyCheck()
+ */
+int test_wc_RsaPSS_VerifyCheck(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
+ !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
+    RsaKey        key;
+    WC_RNG        rng;
+    int           sz = 256; /* 2048/8 */
+    byte          digest[32];
+    word32        digestSz = sizeof(digest);
+    unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
+    word32        pSignatureSz = sizeof(pSignature);
+    unsigned char pDecrypted[2048/8];
+    byte*         pt = pDecrypted;
+    word32        outLen = sizeof(pDecrypted);
+
+    XMEMSET(&key, 0, sizeof(RsaKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    XMEMSET(digest, 0, sizeof(digest));
+    XMEMSET(pSignature, 0, sizeof(pSignature));
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
+    ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
+    ExpectTrue((digestSz = (word32)wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) >
+        0);
+    ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, (word32)sz, digest,
+        digestSz), 0);
+
+    ExpectIntGT(sz = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
+        WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
+
+    /* Bad cases */
+    ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, (word32)sz, pt, outLen, digest,
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen, digest,
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, (word32)sz, NULL, outLen,
+        digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen, digest,
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Good case */
+    ExpectIntGT(wc_RsaPSS_VerifyCheck(pSignature, (word32)sz, pt, outLen,
+        digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0);
+
+    ExpectIntEQ(wc_FreeRsaKey(&key), 0);
+    wc_FreeRng(&rng);
+#endif
+    return EXPECT_RESULT();
+} /* END  test_wc_RsaPSS_VerifyCheck */
+
+/*
+ * Testing wc_RsaPSS_VerifyCheckInline()
+ */
+int test_wc_RsaPSS_VerifyCheckInline(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
+ !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
+    RsaKey        key;
+    WC_RNG        rng;
+    int           sz = 256;
+    byte          digest[32];
+    word32        digestSz = sizeof(digest);
+    unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
+    unsigned char pDecrypted[2048/8];
+    byte*         pt = pDecrypted;
+
+    XMEMSET(&key, 0, sizeof(RsaKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    XMEMSET(digest, 0, sizeof(digest));
+    XMEMSET(pSignature, 0, sizeof(pSignature));
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
+    ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
+    ExpectTrue((digestSz = (word32)wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) >
+        0);
+    ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, (word32)sz, digest,
+        digestSz), 0);
+
+    ExpectIntGT(sz = wc_RsaPSS_Sign(digest, digestSz, pSignature,
+        sizeof(pSignature), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
+
+    /* Bad Cases */
+    ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, (word32)sz, &pt, digest,
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL, digest,
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt, digest,
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, (word32)sz, &pt, digest,
+        digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Good case */
+    ExpectIntGT(wc_RsaPSS_VerifyCheckInline(pSignature, (word32)sz, &pt, digest,
+        digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0);
+
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+    wc_FreeRng(&rng);
+#endif
+    return EXPECT_RESULT();
+} /* END  test_wc_RsaPSS_VerifyCheckInline */
+
+/*
+ * Testing wc_RsaKeyToDer()
+ */
+int test_wc_RsaKeyToDer(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+    RsaKey genKey;
+    WC_RNG rng;
+    byte*  der = NULL;
+#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
+    int     bits = 1024;
+    word32  derSz = 611;
+    /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
+       + 3 (e) + 8 (ASN tag) + 10 (ASN length) + 4 seqSz + 3 version */
+#else
+    int     bits = 2048;
+    word32  derSz = 1196;
+    /* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00)
+       + 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */
+#endif
+
+    XMEMSET(&rng, 0, sizeof(rng));
+    XMEMSET(&genKey, 0, sizeof(genKey));
+
+    ExpectNotNull(der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
+    /* Init structures. */
+    ExpectIntEQ(wc_InitRsaKey(&genKey, HEAP_HINT), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    /* Make key. */
+    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
+
+    ExpectIntGT(wc_RsaKeyToDer(&genKey, der, derSz), 0);
+
+    /* Pass good/bad args. */
+    ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Get just the output length */
+    ExpectIntGT(wc_RsaKeyToDer(&genKey, NULL, 0), 0);
+    /* Try Public Key. */
+    genKey.type = 0;
+    ExpectIntEQ(wc_RsaKeyToDer(&genKey, der, FOURK_BUF),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    #ifdef WOLFSSL_CHECK_MEM_ZERO
+        /* Put back to Private Key */
+        genKey.type = 1;
+    #endif
+
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_RsaKeyToDer */
+
+/*
+ *  Testing wc_RsaKeyToPublicDer()
+ */
+int test_wc_RsaKeyToPublicDer(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+    RsaKey key;
+    WC_RNG rng;
+    byte*  der = NULL;
+#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
+    int    bits = 1024;
+    word32 derLen = 162;
+#else
+    int    bits = 2048;
+    word32 derLen = 294;
+#endif
+    int    ret = 0;
+
+    XMEMSET(&rng, 0, sizeof(rng));
+    XMEMSET(&key, 0, sizeof(key));
+
+    ExpectNotNull(der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
+
+    /* test getting size only */
+    ExpectIntGT(wc_RsaKeyToPublicDer(&key, NULL, derLen), 0);
+    ExpectIntGT(wc_RsaKeyToPublicDer(&key, der, derLen), 0);
+
+    /* test getting size only */
+    ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0), 0);
+    ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0), 0);
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntLT(ret = wc_RsaKeyToPublicDer(&key, der, -1), 0);
+    ExpectTrue((ret == WC_NO_ERR_TRACE(BUFFER_E)) ||
+               (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)));
+
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_RsaKeyToPublicDer */
+
+/*
+ *  Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt()
+ */
+int test_wc_RsaPublicEncryptDecrypt(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+    RsaKey key;
+    WC_RNG rng;
+    const char inStr[] = TEST_STRING;
+    const word32 plainLen = (word32)TEST_STRING_SZ;
+    const word32 inLen = (word32)TEST_STRING_SZ;
+    int          bits = TEST_RSA_BITS;
+    const word32 cipherLen = TEST_RSA_BYTES;
+    word32 cipherLenResult = cipherLen;
+    WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
+    WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
+    WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
+
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
+
+#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
+    ExpectNotNull(in);
+    ExpectNotNull(plain);
+    ExpectNotNull(cipher);
+#endif
+    ExpectNotNull(XMEMCPY(in, inStr, inLen));
+
+    /* Initialize stack structures. */
+    XMEMSET(&key, 0, sizeof(RsaKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
+
+    /* Encrypt. */
+    ExpectIntGT(cipherLenResult = (word32)wc_RsaPublicEncrypt(in, inLen, cipher,
+        cipherLen, &key, &rng), 0);
+    /* Pass bad args - tested in another testing function.*/
+
+    /* Decrypt */
+#if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
+    /* Bind rng */
+    ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
+#endif
+    ExpectIntGE(wc_RsaPrivateDecrypt(cipher, cipherLenResult, plain, plainLen,
+        &key), 0);
+    ExpectIntEQ(XMEMCMP(plain, inStr, plainLen), 0);
+    /* Pass bad args - tested in another testing function.*/
+
+    WC_FREE_VAR(in, NULL);
+    WC_FREE_VAR(plain, NULL);
+    WC_FREE_VAR(cipher, NULL);
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_RsaPublicEncryptDecrypt */
+
+/*
+ * Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex()
+ */
+int test_wc_RsaPublicEncryptDecrypt_ex(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && \
+        !defined(WC_NO_RSA_OAEP) && !defined(NO_SHA256)
+    RsaKey  key;
+    WC_RNG  rng;
+    const char inStr[] = TEST_STRING;
+    const word32 inLen = (word32)TEST_STRING_SZ;
+    const word32 plainSz = (word32)TEST_STRING_SZ;
+    byte*   res = NULL;
+    int     idx = 0;
+    int          bits = TEST_RSA_BITS;
+    const word32 cipherSz = TEST_RSA_BYTES;
+
+    WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
+    WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
+    WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
+
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
+
+#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
+    ExpectNotNull(in);
+    ExpectNotNull(plain);
+    ExpectNotNull(cipher);
+#endif
+    ExpectNotNull(XMEMCPY(in, inStr, inLen));
+
+    /* Initialize stack structures. */
+    XMEMSET(&key, 0, sizeof(RsaKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
+
+    /* Encrypt */
+    ExpectIntGE(idx = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key,
+        &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0), 0);
+    /* Pass bad args - tested in another testing function.*/
+
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
+    /* Decrypt */
+    #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
+        ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
+    #endif
+    ExpectIntGE(wc_RsaPrivateDecrypt_ex(cipher, (word32)idx, plain, plainSz,
+        &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0), 0);
+    ExpectIntEQ(XMEMCMP(plain, inStr, plainSz), 0);
+    /* Pass bad args - tested in another testing function.*/
+
+    ExpectIntGE(wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx, &res, &key,
+        WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0), 0);
+    ExpectIntEQ(XMEMCMP(inStr, res, plainSz), 0);
+#endif
+
+    WC_FREE_VAR(in, NULL);
+    WC_FREE_VAR(plain, NULL);
+    WC_FREE_VAR(cipher, NULL);
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_RsaPublicEncryptDecrypt_ex */
+
+/*
+ * Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify()
+ */
+int test_wc_RsaSSL_SignVerify(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+    RsaKey key;
+    WC_RNG rng;
+    const char inStr[] = TEST_STRING;
+    const word32 plainSz = (word32)TEST_STRING_SZ;
+    const word32 inLen = (word32)TEST_STRING_SZ;
+    word32 idx = 0;
+    int    bits = TEST_RSA_BITS;
+    const word32 outSz = TEST_RSA_BYTES;
+
+    WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
+    WC_DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL);
+    WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
+
+    WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
+    WC_ALLOC_VAR(out, byte, TEST_RSA_BYTES, NULL);
+    WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
+
+#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
+    ExpectNotNull(in);
+    ExpectNotNull(out);
+    ExpectNotNull(plain);
+#endif
+    ExpectNotNull(XMEMCPY(in, inStr, inLen));
+
+    XMEMSET(&key, 0, sizeof(RsaKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
+
+    /* Sign. */
+    ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng), (int)outSz);
+    idx = (int)outSz;
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Verify. */
+    ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, &key), (int)inLen);
+
+    /* Pass bad args. */
+    ExpectIntEQ(wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaSSL_Verify(out, 0, plain, plainSz, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    WC_FREE_VAR(in, NULL);
+    WC_FREE_VAR(out, NULL);
+    WC_FREE_VAR(plain, NULL);
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_RsaSSL_SignVerify */
+
+/*
+ * Testing wc_RsaEncryptSize()
+ */
+int test_wc_RsaEncryptSize(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+    RsaKey key;
+    WC_RNG rng;
+
+    XMEMSET(&key, 0, sizeof(RsaKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
+    ExpectIntEQ(MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng), 0);
+
+    ExpectIntEQ(wc_RsaEncryptSize(&key), 128);
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+#endif
+
+    ExpectIntEQ(MAKE_RSA_KEY(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
+    ExpectIntEQ(wc_RsaEncryptSize(&key), 256);
+
+    /* Pass in bad arg. */
+    ExpectIntEQ(wc_RsaEncryptSize(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_RsaEncryptSize*/
+
+/*
+ * Testing wc_RsaFlattenPublicKey()
+ */
+int test_wc_RsaFlattenPublicKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+    RsaKey key;
+    WC_RNG rng;
+    byte   e[256];
+    byte   n[256];
+    word32 eSz = sizeof(e);
+    word32 nSz = sizeof(n);
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
+        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
+        (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
+    int    bits = 1024;
+    #else
+    int    bits = 2048;
+    #endif
+
+    XMEMSET(&key, 0, sizeof(RsaKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
+
+    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz), 0);
+
+    /* Pass bad args. */
+    ExpectIntEQ(wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+
+} /* END test_wc_RsaFlattenPublicKey */
+
+/*
+ * Test the bounds checking on the cipher text versus the key modulus.
+ * 1. Make a new RSA key.
+ * 2. Set c to 1.
+ * 3. Decrypt c into k. (error)
+ * 4. Copy the key modulus to c and sub 1 from the copy.
+ * 5. Decrypt c into k. (error)
+ * Valid bounds test cases are covered by all the other RSA tests.
+ */
+int test_wc_RsaDecrypt_BoundsCheck(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WC_RSA_NO_PADDING) && \
+    (defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \
+    defined(WOLFSSL_PUBLIC_MP) && !defined(NO_RSA_BOUNDS_CHECK)
+    WC_RNG rng;
+    RsaKey key;
+    byte flatC[256];
+    word32 flatCSz = 0;
+    byte out[256];
+    word32 outSz = sizeof(out);
+
+    XMEMSET(&key, 0, sizeof(RsaKey));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    if (EXPECT_SUCCESS()) {
+        const byte* derKey;
+        word32 derKeySz;
+        word32 idx = 0;
+
+        #ifdef USE_CERT_BUFFERS_1024
+            derKey = server_key_der_1024;
+            derKeySz = (word32)sizeof_server_key_der_1024;
+            flatCSz = 128;
+        #else
+            derKey = server_key_der_2048;
+            derKeySz = (word32)sizeof_server_key_der_2048;
+            flatCSz = 256;
+        #endif
+
+        ExpectIntEQ(wc_RsaPrivateKeyDecode(derKey, &idx, &key, derKeySz), 0);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        XMEMSET(flatC, 0, flatCSz);
+        flatC[flatCSz-1] = 1;
+
+        ExpectIntEQ(wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
+            RSA_PRIVATE_DECRYPT, &rng), WC_NO_ERR_TRACE(RSA_OUT_OF_RANGE_E));
+        if (EXPECT_SUCCESS()) {
+            mp_int c;
+        #ifndef WOLFSSL_SP_MATH
+            ExpectIntEQ(mp_init_copy(&c, &key.n), 0);
+        #else
+            ExpectIntEQ(mp_init(&c), 0);
+            ExpectIntEQ(mp_copy(&key.n, &c), 0);
+        #endif
+            ExpectIntEQ(mp_sub_d(&c, 1, &c), 0);
+            ExpectIntEQ(mp_to_unsigned_bin(&c, flatC), 0);
+            ExpectIntEQ(wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
+                RSA_PRIVATE_DECRYPT, NULL),
+                WC_NO_ERR_TRACE(RSA_OUT_OF_RANGE_E));
+            mp_clear(&c);
+        }
+    }
+
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_RsaDecryptBoundsCheck */
+
diff --git a/tests/api/test_rsa.h b/tests/api/test_rsa.h
new file mode 100644
index 000000000..52e9ae3f4
--- /dev/null
+++ b/tests/api/test_rsa.h
@@ -0,0 +1,66 @@
+/* test_rsa.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_RSA_H
+#define WOLFCRYPT_TEST_RSA_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitRsaKey(void);
+int test_wc_RsaPrivateKeyDecode(void);
+int test_wc_RsaPublicKeyDecode(void);
+int test_wc_RsaPublicKeyDecodeRaw(void);
+int test_wc_RsaPrivateKeyDecodeRaw(void);
+int test_wc_MakeRsaKey(void);
+int test_wc_CheckProbablePrime(void);
+int test_wc_RsaPSS_Verify(void);
+int test_wc_RsaPSS_VerifyCheck(void);
+int test_wc_RsaPSS_VerifyCheckInline(void);
+int test_wc_RsaKeyToDer(void);
+int test_wc_RsaKeyToPublicDer(void);
+int test_wc_RsaPublicEncryptDecrypt(void);
+int test_wc_RsaPublicEncryptDecrypt_ex(void);
+int test_wc_RsaEncryptSize(void);
+int test_wc_RsaSSL_SignVerify(void);
+int test_wc_RsaFlattenPublicKey(void);
+int test_wc_RsaDecrypt_BoundsCheck(void);
+
+#define TEST_RSA_DECLS                                          \
+    TEST_DECL_GROUP("rsa", test_wc_InitRsaKey),                 \
+    TEST_DECL_GROUP("rsa", test_wc_RsaPrivateKeyDecode),        \
+    TEST_DECL_GROUP("rsa", test_wc_RsaPublicKeyDecode),         \
+    TEST_DECL_GROUP("rsa", test_wc_RsaPublicKeyDecodeRaw),      \
+    TEST_DECL_GROUP("rsa", test_wc_RsaPrivateKeyDecodeRaw),     \
+    TEST_DECL_GROUP("rsa", test_wc_MakeRsaKey),                 \
+    TEST_DECL_GROUP("rsa", test_wc_CheckProbablePrime),         \
+    TEST_DECL_GROUP("rsa", test_wc_RsaPSS_Verify),              \
+    TEST_DECL_GROUP("rsa", test_wc_RsaPSS_VerifyCheck),         \
+    TEST_DECL_GROUP("rsa", test_wc_RsaPSS_VerifyCheckInline),   \
+    TEST_DECL_GROUP("rsa", test_wc_RsaKeyToDer),                \
+    TEST_DECL_GROUP("rsa", test_wc_RsaKeyToPublicDer),          \
+    TEST_DECL_GROUP("rsa", test_wc_RsaPublicEncryptDecrypt),    \
+    TEST_DECL_GROUP("rsa", test_wc_RsaPublicEncryptDecrypt_ex), \
+    TEST_DECL_GROUP("rsa", test_wc_RsaEncryptSize),             \
+    TEST_DECL_GROUP("rsa", test_wc_RsaSSL_SignVerify),          \
+    TEST_DECL_GROUP("rsa", test_wc_RsaFlattenPublicKey),        \
+    TEST_DECL_GROUP("rsa", test_wc_RsaDecrypt_BoundsCheck)
+
+#endif /* WOLFCRYPT_TEST_RSA_H */
diff --git a/tests/api/test_sha.c b/tests/api/test_sha.c
new file mode 100644
index 000000000..5c18dab3c
--- /dev/null
+++ b/tests/api/test_sha.c
@@ -0,0 +1,206 @@
+/* test_sha.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sha.h>
+#include <tests/api/test_digest.h>
+
+/*
+ * Unit test for the wc_InitSha()
+ */
+int test_wc_InitSha(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha, Sha);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha */
+
+/*
+ *  Tesing wc_ShaUpdate()
+ */
+int test_wc_ShaUpdate(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_UPDATE_TEST(wc_Sha, Sha);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaUpdate() */
+
+/*
+ * Unit test on wc_ShaFinal
+ */
+int test_wc_ShaFinal(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_FINAL_TEST(wc_Sha, Sha, SHA);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaFinal */
+
+/*
+ * Unit test on wc_ShaFinalRaw
+ */
+int test_wc_ShaFinalRaw(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SHA) && !defined(HAVE_SELFTEST) && \
+    !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
+    !defined(WOLFSSL_NO_HASH_RAW)
+    DIGEST_FINAL_RAW_TEST(wc_Sha, Sha, SHA,
+        "\x67\x45\x23\x01\xef\xcd\xab\x89"
+        "\x98\xba\xdc\xfe\x10\x32\x54\x76"
+        "\xc3\xd2\xe1\xf0");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaFinal */
+
+#define SHA_KAT_CNT     7
+int test_wc_Sha_KATs(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_KATS_TEST_VARS(wc_Sha, SHA);
+
+    DIGEST_KATS_ADD("", 0,
+        "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d"
+        "\x32\x55\xbf\xef\x95\x60\x18\x90"
+        "\xaf\xd8\x07\x09");
+    DIGEST_KATS_ADD("a", 1,
+        "\x86\xf7\xe4\x37\xfa\xa5\xa7\xfc"
+        "\xe1\x5d\x1d\xdc\xb9\xea\xea\xea"
+        "\x37\x76\x67\xb8");
+    DIGEST_KATS_ADD("abc", 3,
+        "\xa9\x99\x3e\x36\x47\x06\x81\x6a"
+        "\xba\x3e\x25\x71\x78\x50\xc2\x6c"
+        "\x9c\xd0\xd8\x9d");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\xc1\x22\x52\xce\xda\x8b\xe8\x99"
+        "\x4d\x5f\xa0\x29\x0a\x47\x23\x1c"
+        "\x1d\x16\xaa\xe3");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\x32\xd1\x0c\x7b\x8c\xf9\x65\x70"
+        "\xca\x04\xce\x37\xf2\xa1\x9d\x84"
+        "\x24\x0d\x3a\x89");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\x76\x1c\x45\x7b\xf7\x3b\x14\xd2"
+        "\x7e\x9e\x92\x65\xc4\x6f\x4b\x4d"
+        "\xda\x11\xf9\x40");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x50\xab\xf5\x70\x6a\x15\x09\x90"
+        "\xa0\x8b\x2c\x5e\xa4\x0f\xa0\xe5"
+        "\x85\x55\x47\x32");
+
+    DIGEST_KATS_TEST(Sha, SHA);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaFinal */
+
+int test_wc_Sha_other(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_OTHER_TEST(wc_Sha, Sha, SHA,
+        "\xf0\xc2\x3f\xeb\xe0\xb0\xd9\x8c"
+        "\x01\x23\x6c\x4c\x3b\x72\x7b\x01"
+        "\xc7\x0d\x2b\x60");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_ShaFinal */
+
+int test_wc_ShaCopy(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_COPY_TEST(wc_Sha, Sha, SHA,
+        "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d"
+        "\x32\x55\xbf\xef\x95\x60\x18\x90"
+        "\xaf\xd8\x07\x09",
+        "\xa9\x99\x3e\x36\x47\x06\x81\x6a"
+        "\xba\x3e\x25\x71\x78\x50\xc2\x6c"
+        "\x9c\xd0\xd8\x9d");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_ShaGetHash(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA
+    DIGEST_GET_HASH_TEST(wc_Sha, Sha, SHA,
+        "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d"
+        "\x32\x55\xbf\xef\x95\x60\x18\x90"
+        "\xaf\xd8\x07\x09",
+        "\xa9\x99\x3e\x36\x47\x06\x81\x6a"
+        "\xba\x3e\x25\x71\x78\x50\xc2\x6c"
+        "\x9c\xd0\xd8\x9d");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_ShaTransform(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SHA) && (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))
+    DIGEST_TRANSFORM_FINAL_RAW_TEST(wc_Sha, Sha, SHA,
+        "\x80\x63\x62\x61\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x18\x00\x00\x00",
+        "\xa9\x99\x3e\x36\x47\x06\x81\x6a"
+        "\xba\x3e\x25\x71\x78\x50\xc2\x6c"
+        "\x9c\xd0\xd8\x9d");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha_Flags(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SHA) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha, Sha);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_sha.h b/tests/api/test_sha.h
new file mode 100644
index 000000000..e86be032a
--- /dev/null
+++ b/tests/api/test_sha.h
@@ -0,0 +1,50 @@
+/* test_sha.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SHA_H
+#define WOLFCRYPT_TEST_SHA_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitSha(void);
+int test_wc_ShaUpdate(void);
+int test_wc_ShaFinal(void);
+int test_wc_ShaFinalRaw(void);
+int test_wc_Sha_KATs(void);
+int test_wc_Sha_other(void);
+int test_wc_ShaCopy(void);
+int test_wc_ShaGetHash(void);
+int test_wc_ShaTransform(void);
+int test_wc_Sha_Flags(void);
+
+#define TEST_SHA_DECLS                              \
+    TEST_DECL_GROUP("sha", test_wc_InitSha),        \
+    TEST_DECL_GROUP("sha", test_wc_ShaUpdate),      \
+    TEST_DECL_GROUP("sha", test_wc_ShaFinal),       \
+    TEST_DECL_GROUP("sha", test_wc_ShaFinalRaw),    \
+    TEST_DECL_GROUP("sha", test_wc_Sha_KATs),       \
+    TEST_DECL_GROUP("sha", test_wc_Sha_other),      \
+    TEST_DECL_GROUP("sha", test_wc_ShaCopy),        \
+    TEST_DECL_GROUP("sha", test_wc_ShaGetHash),     \
+    TEST_DECL_GROUP("sha", test_wc_ShaTransform),   \
+    TEST_DECL_GROUP("sha", test_wc_Sha_Flags)
+
+#endif /* WOLFCRYPT_TEST_SHA_H */
diff --git a/tests/api/test_sha256.c b/tests/api/test_sha256.c
new file mode 100644
index 000000000..83182acb6
--- /dev/null
+++ b/tests/api/test_sha256.c
@@ -0,0 +1,371 @@
+/* test_sha256.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sha256.h>
+#include <tests/api/test_digest.h>
+
+/*******************************************************************************
+ * SHA-256
+ ******************************************************************************/
+
+/*
+ * Unit test for the wc_InitSha256()
+ */
+int test_wc_InitSha256(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha256, Sha256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha256 */
+
+/*
+ *  Tesing wc_Sha256Update()
+ */
+int test_wc_Sha256Update(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_UPDATE_TEST(wc_Sha256, Sha256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256Update() */
+
+/*
+ * Unit test on wc_Sha256Final
+ */
+int test_wc_Sha256Final(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_FINAL_TEST(wc_Sha256, Sha256, SHA256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256Final */
+
+/*
+ * Unit test on wc_Sha256FinalRaw
+ */
+int test_wc_Sha256FinalRaw(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && \
+    !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
+    !defined(WOLFSSL_NO_HASH_RAW)
+    DIGEST_FINAL_RAW_TEST(wc_Sha256, Sha256, SHA256,
+        "\x6a\x09\xe6\x67\xbb\x67\xae\x85"
+        "\x3c\x6e\xf3\x72\xa5\x4f\xf5\x3a"
+        "\x51\x0e\x52\x7f\x9b\x05\x68\x8c"
+        "\x1f\x83\xd9\xab\x5b\xe0\xcd\x19");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256Final */
+
+#define SHA256_KAT_CNT     7
+int test_wc_Sha256_KATs(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_KATS_TEST_VARS(wc_Sha256, SHA256);
+
+    DIGEST_KATS_ADD("", 0,
+        "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
+        "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
+        "\x27\xae\x41\xe4\x64\x9b\x93\x4c"
+        "\xa4\x95\x99\x1b\x78\x52\xb8\x55");
+    DIGEST_KATS_ADD("a", 1,
+        "\xca\x97\x81\x12\xca\x1b\xbd\xca"
+        "\xfa\xc2\x31\xb3\x9a\x23\xdc\x4d"
+        "\xa7\x86\xef\xf8\x14\x7c\x4e\x72"
+        "\xb9\x80\x77\x85\xaf\xee\x48\xbb");
+    DIGEST_KATS_ADD("abc", 3,
+        "\xba\x78\x16\xbf\x8f\x01\xcf\xea"
+        "\x41\x41\x40\xde\x5d\xae\x22\x23"
+        "\xb0\x03\x61\xa3\x96\x17\x7a\x9c"
+        "\xb4\x10\xff\x61\xf2\x00\x15\xad");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\xf7\x84\x6f\x55\xcf\x23\xe1\x4e"
+        "\xeb\xea\xb5\xb4\xe1\x55\x0c\xad"
+        "\x5b\x50\x9e\x33\x48\xfb\xc4\xef"
+        "\xa3\xa1\x41\x3d\x39\x3c\xb6\x50");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\x71\xc4\x80\xdf\x93\xd6\xae\x2f"
+        "\x1e\xfa\xd1\x44\x7c\x66\xc9\x52"
+        "\x5e\x31\x62\x18\xcf\x51\xfc\x8d"
+        "\x9e\xd8\x32\xf2\xda\xf1\x8b\x73");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xdb\x4b\xfc\xbd\x4d\xa0\xcd\x85"
+        "\xa6\x0c\x3c\x37\xd3\xfb\xd8\x80"
+        "\x5c\x77\xf1\x5f\xc6\xb1\xfd\xfe"
+        "\x61\x4e\xe0\xa7\xc8\xfd\xb4\xc0");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\xf3\x71\xbc\x4a\x31\x1f\x2b\x00"
+        "\x9e\xef\x95\x2d\xd8\x3c\xa8\x0e"
+        "\x2b\x60\x02\x6c\x8e\x93\x55\x92"
+        "\xd0\xf9\xc3\x08\x45\x3c\x81\x3e");
+
+    DIGEST_KATS_TEST(Sha256, SHA256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256Final */
+
+int test_wc_Sha256_other(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_OTHER_TEST(wc_Sha256, Sha256, SHA256,
+        "\x2c\x41\xa1\xdd\x58\x4e\x37\x73"
+        "\xb9\x56\x74\x84\x1b\x68\x5f\x36"
+        "\xc7\x6b\x48\xec\x4d\xb7\x58\x63"
+        "\x37\x2c\x2f\xd6\xe1\x9a\x61\xce");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha256Final */
+
+int test_wc_Sha256Copy(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_COPY_TEST(wc_Sha256, Sha256, SHA256,
+        "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
+        "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
+        "\x27\xae\x41\xe4\x64\x9b\x93\x4c"
+        "\xa4\x95\x99\x1b\x78\x52\xb8\x55",
+        "\xba\x78\x16\xbf\x8f\x01\xcf\xea"
+        "\x41\x41\x40\xde\x5d\xae\x22\x23"
+        "\xb0\x03\x61\xa3\x96\x17\x7a\x9c"
+        "\xb4\x10\xff\x61\xf2\x00\x15\xad");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha256GetHash(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_SHA256
+    DIGEST_GET_HASH_TEST(wc_Sha256, Sha256, SHA256,
+        "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
+        "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
+        "\x27\xae\x41\xe4\x64\x9b\x93\x4c"
+        "\xa4\x95\x99\x1b\x78\x52\xb8\x55",
+        "\xba\x78\x16\xbf\x8f\x01\xcf\xea"
+        "\x41\x41\x40\xde\x5d\xae\x22\x23"
+        "\xb0\x03\x61\xa3\x96\x17\x7a\x9c"
+        "\xb4\x10\xff\x61\xf2\x00\x15\xad");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha256Transform(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SHA256) && (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH) && \
+    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))
+    DIGEST_TRANSFORM_FINAL_RAW_TEST(wc_Sha256, Sha256, SHA256,
+        "\x80\x63\x62\x61\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x18\x00\x00\x00",
+        "\xba\x78\x16\xbf\x8f\x01\xcf\xea"
+        "\x41\x41\x40\xde\x5d\xae\x22\x23"
+        "\xb0\x03\x61\xa3\x96\x17\x7a\x9c"
+        "\xb4\x10\xff\x61\xf2\x00\x15\xad");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha256_Flags(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha256, Sha256);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * SHA-224
+ ******************************************************************************/
+
+/*
+ * Unit test for the wc_InitSha224()
+ */
+int test_wc_InitSha224(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha224, Sha224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha224 */
+
+/*
+ *  Tesing wc_Sha224Update()
+ */
+int test_wc_Sha224Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_UPDATE_TEST(wc_Sha224, Sha224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224Update() */
+
+/*
+ * Unit test on wc_Sha224Final
+ */
+int test_wc_Sha224Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_FINAL_TEST(wc_Sha224, Sha224, SHA224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224Final */
+
+#define SHA224_KAT_CNT     7
+int test_wc_Sha224_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_KATS_TEST_VARS(wc_Sha224, SHA224);
+
+    DIGEST_KATS_ADD("", 0,
+        "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
+        "\x47\x61\x02\xbb\x28\x82\x34\xc4"
+        "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
+        "\xc5\xb3\xe4\x2f");
+    DIGEST_KATS_ADD("a", 1,
+        "\xab\xd3\x75\x34\xc7\xd9\xa2\xef"
+        "\xb9\x46\x5d\xe9\x31\xcd\x70\x55"
+        "\xff\xdb\x88\x79\x56\x3a\xe9\x80"
+        "\x78\xd6\xd6\xd5");
+    DIGEST_KATS_ADD("abc", 3,
+        "\x23\x09\x7d\x22\x34\x05\xd8\x22"
+        "\x86\x42\xa4\x77\xbd\xa2\x55\xb3"
+        "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7"
+        "\xe3\x6c\x9d\xa7");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\x2c\xb2\x1c\x83\xae\x2f\x00\x4d"
+        "\xe7\xe8\x1c\x3c\x70\x19\xcb\xcb"
+        "\x65\xb7\x1a\xb6\x56\xb2\x2d\x6d"
+        "\x0c\x39\xb8\xeb");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\x45\xa5\xf7\x2c\x39\xc5\xcf\xf2"
+        "\x52\x2e\xb3\x42\x97\x99\xe4\x9e"
+        "\x5f\x44\xb3\x56\xef\x92\x6b\xcf"
+        "\x39\x0d\xcc\xc2");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xbf\xf7\x2b\x4f\xcb\x7d\x75\xe5"
+        "\x63\x29\x00\xac\x5f\x90\xd2\x19"
+        "\xe0\x5e\x97\xa7\xbd\xe7\x2e\x74"
+        "\x0d\xb3\x93\xd9");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\xb5\x0a\xec\xbe\x4e\x9b\xb0\xb5"
+        "\x7b\xc5\xf3\xae\x76\x0a\x8e\x01"
+        "\xdb\x24\xf2\x03\xfb\x3c\xdc\xd1"
+        "\x31\x48\x04\x6e");
+
+    DIGEST_KATS_TEST(Sha224, SHA224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224Final */
+
+int test_wc_Sha224_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_OTHER_TEST(wc_Sha224, Sha224, SHA224,
+        "\x60\x81\xdf\x2f\xae\xe2\x25\xe9"
+        "\x87\x61\x2a\x8e\x25\x19\x16\x39"
+        "\x80\xfb\x77\xfa\x28\x74\x17\x4d"
+        "\xf3\x15\x52\x2b");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha224Final */
+
+int test_wc_Sha224Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_COPY_TEST(wc_Sha224, Sha224, SHA224,
+        "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
+        "\x47\x61\x02\xbb\x28\x82\x34\xc4"
+        "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
+        "\xc5\xb3\xe4\x2f",
+        "\x23\x09\x7d\x22\x34\x05\xd8\x22"
+        "\x86\x42\xa4\x77\xbd\xa2\x55\xb3"
+        "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7"
+        "\xe3\x6c\x9d\xa7");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha224GetHash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA224
+    DIGEST_GET_HASH_TEST(wc_Sha224, Sha224, SHA224,
+        "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
+        "\x47\x61\x02\xbb\x28\x82\x34\xc4"
+        "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
+        "\xc5\xb3\xe4\x2f",
+        "\x23\x09\x7d\x22\x34\x05\xd8\x22"
+        "\x86\x42\xa4\x77\xbd\xa2\x55\xb3"
+        "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7"
+        "\xe3\x6c\x9d\xa7");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha224_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha224, Sha224);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_sha256.h b/tests/api/test_sha256.h
new file mode 100644
index 000000000..b7a379da8
--- /dev/null
+++ b/tests/api/test_sha256.h
@@ -0,0 +1,69 @@
+/* test_sha256.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SHA256_H
+#define WOLFCRYPT_TEST_SHA256_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitSha256(void);
+int test_wc_Sha256Update(void);
+int test_wc_Sha256Final(void);
+int test_wc_Sha256FinalRaw(void);
+int test_wc_Sha256_KATs(void);
+int test_wc_Sha256_other(void);
+int test_wc_Sha256Copy(void);
+int test_wc_Sha256GetHash(void);
+int test_wc_Sha256Transform(void);
+int test_wc_Sha256_Flags(void);
+
+int test_wc_InitSha224(void);
+int test_wc_Sha224Update(void);
+int test_wc_Sha224Final(void);
+int test_wc_Sha224_KATs(void);
+int test_wc_Sha224_other(void);
+int test_wc_Sha224Copy(void);
+int test_wc_Sha224GetHash(void);
+int test_wc_Sha224_Flags(void);
+
+#define TEST_SHA256_DECLS                               \
+    TEST_DECL_GROUP("sha256", test_wc_InitSha256),      \
+    TEST_DECL_GROUP("sha256", test_wc_Sha256Update),    \
+    TEST_DECL_GROUP("sha256", test_wc_Sha256Final),     \
+    TEST_DECL_GROUP("sha256", test_wc_Sha256FinalRaw),  \
+    TEST_DECL_GROUP("sha256", test_wc_Sha256_KATs),     \
+    TEST_DECL_GROUP("sha256", test_wc_Sha256_other),    \
+    TEST_DECL_GROUP("sha256", test_wc_Sha256Copy),      \
+    TEST_DECL_GROUP("sha256", test_wc_Sha256GetHash),   \
+    TEST_DECL_GROUP("sha256", test_wc_Sha256Transform), \
+    TEST_DECL_GROUP("sha256", test_wc_Sha256_Flags)
+
+#define TEST_SHA224_DECLS                               \
+    TEST_DECL_GROUP("sha224", test_wc_InitSha224),      \
+    TEST_DECL_GROUP("sha224", test_wc_Sha224Update),    \
+    TEST_DECL_GROUP("sha224", test_wc_Sha224Final),     \
+    TEST_DECL_GROUP("sha224", test_wc_Sha224_KATs),     \
+    TEST_DECL_GROUP("sha224", test_wc_Sha224_other),    \
+    TEST_DECL_GROUP("sha224", test_wc_Sha224Copy),      \
+    TEST_DECL_GROUP("sha224", test_wc_Sha224GetHash),   \
+    TEST_DECL_GROUP("sha224", test_wc_Sha224_Flags)
+
+#endif /* WOLFCRYPT_TEST_SHA256_H */
diff --git a/tests/api/test_sha3.c b/tests/api/test_sha3.c
new file mode 100644
index 000000000..0e1224004
--- /dev/null
+++ b/tests/api/test_sha3.c
@@ -0,0 +1,1407 @@
+/* test_sha3.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sha3.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sha3.h>
+#include <tests/api/test_digest.h>
+
+#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 3)))
+    #define WC_SHA3_128_BLOCK_SIZE  168
+    #define WC_SHA3_224_BLOCK_SIZE  144
+    #define WC_SHA3_256_BLOCK_SIZE  136
+    #define WC_SHA3_384_BLOCK_SIZE  104
+    #define WC_SHA3_512_BLOCK_SIZE  72
+#endif
+
+/*******************************************************************************
+ * SHA-3
+ ******************************************************************************/
+
+#define SHA3_KATS_TEST(name, upper)                                            \
+    (void)i;                                                                   \
+                                                                               \
+    /* Initialize */                                                           \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    for (i = 0; i < upper##_KAT_CNT; i++) {                                    \
+        /* Do KAT. */                                                          \
+        ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)dgst_kat[i].input,        \
+            (word32)dgst_kat[i].inLen), 0);                                    \
+        ExpectIntEQ(wc_##name##_Final(&dgst, hash), 0);                        \
+        ExpectBufEQ(hash, (byte*)dgst_kat[i].output,                           \
+            WC_##upper##_DIGEST_SIZE);                                         \
+    }                                                                          \
+                                                                               \
+    wc_##name##_Free(&dgst)
+
+#define SHA3_GET_HASH_TEST(name, upper, emptyHashStr, abcHashStr)              \
+do {                                                                           \
+    wc_Sha3 dgst;                                                              \
+    byte hash[WC_##upper##_DIGEST_SIZE];                                       \
+    const char* emptyHash = emptyHashStr;                                      \
+    const char* abcHash = abcHashStr;                                          \
+                                                                               \
+    ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0);            \
+                                                                               \
+    ExpectIntEQ(wc_##name##_GetHash(NULL, NULL),                               \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_GetHash(&dgst, NULL),                              \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+    ExpectIntEQ(wc_##name##_GetHash(NULL, hash),                               \
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));                                        \
+                                                                               \
+    ExpectIntEQ(wc_##name##_GetHash(&dgst, hash), 0);                          \
+    ExpectBufEQ(hash, emptyHash, WC_##upper##_DIGEST_SIZE);                    \
+    /* Test that the hash state hasn't been modified. */                       \
+    ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)"abc", 3), 0);                \
+    ExpectIntEQ(wc_##name##_GetHash(&dgst, hash), 0);                          \
+    ExpectBufEQ(hash, abcHash, WC_##upper##_DIGEST_SIZE);                      \
+                                                                               \
+    wc_##name##_Free(&dgst);                                                   \
+} while (0)
+
+
+int test_wc_InitSha3(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_INIT_TEST(wc_Sha3, Sha3_224);
+    DIGEST_INIT_TEST(wc_Sha3, Sha3_256);
+    DIGEST_INIT_TEST(wc_Sha3, Sha3_384);
+    DIGEST_INIT_TEST(wc_Sha3, Sha3_512);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha3_Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_ALT_UPDATE_TEST(wc_Sha3, Sha3_224);
+    DIGEST_ALT_UPDATE_TEST(wc_Sha3, Sha3_256);
+    DIGEST_ALT_UPDATE_TEST(wc_Sha3, Sha3_384);
+    DIGEST_ALT_UPDATE_TEST(wc_Sha3, Sha3_512);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha3_Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_ALT_FINAL_TEST(wc_Sha3, Sha3_224, SHA3_224);
+    DIGEST_ALT_FINAL_TEST(wc_Sha3, Sha3_256, SHA3_256);
+    DIGEST_ALT_FINAL_TEST(wc_Sha3, Sha3_384, SHA3_384);
+    DIGEST_ALT_FINAL_TEST(wc_Sha3, Sha3_512, SHA3_512);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SHA3_224_KAT_CNT    7
+int test_wc_Sha3_224_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_KATS_TEST_VARS(wc_Sha3, SHA3_224);
+
+    DIGEST_KATS_ADD("", 0,
+        "\x6b\x4e\x03\x42\x36\x67\xdb\xb7"
+        "\x3b\x6e\x15\x45\x4f\x0e\xb1\xab"
+        "\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f"
+        "\x5b\x5a\x6b\xc7");
+    DIGEST_KATS_ADD("a", 1,
+        "\x9e\x86\xff\x69\x55\x7c\xa9\x5f"
+        "\x40\x5f\x08\x12\x69\x68\x5b\x38"
+        "\xe3\xa8\x19\xb3\x09\xee\x94\x2f"
+        "\x48\x2b\x6a\x8b");
+    DIGEST_KATS_ADD("abc", 3,
+        "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a"
+        "\xd0\x92\x34\xee\x7d\x3c\x76\x6f"
+        "\xc9\xa3\xa5\x16\x8d\x0c\x94\xad"
+        "\x73\xb4\x6f\xdf");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\x18\x76\x8b\xb4\xc4\x8e\xb7\xfc"
+        "\x88\xe5\xdd\xb1\x7e\xfc\xf2\x96"
+        "\x4a\xbd\x77\x98\xa3\x9d\x86\xa4"
+        "\xb4\xa1\xe4\xc8");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\x5c\xde\xca\x81\xe1\x23\xf8\x7c"
+        "\xad\x96\xb9\xcb\xa9\x99\xf1\x6f"
+        "\x6d\x41\x54\x96\x08\xd4\xe0\xf4"
+        "\x68\x1b\x82\x39");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xa6\x7c\x28\x9b\x82\x50\xa6\xf4"
+        "\x37\xa2\x01\x37\x98\x5d\x60\x55"
+        "\x89\xa8\xc1\x63\xd4\x52\x61\xb1"
+        "\x54\x19\x55\x6e");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x05\x26\x89\x8e\x18\x58\x69\xf9"
+        "\x1b\x3e\x2a\x76\xdd\x72\xa1\x5d"
+        "\xc6\x94\x0a\x67\xc8\x16\x4a\x04"
+        "\x4c\xd2\x5c\xc8");
+
+    SHA3_KATS_TEST(Sha3_224, SHA3_224);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SHA3_256_KAT_CNT    7
+int test_wc_Sha3_256_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_KATS_TEST_VARS(wc_Sha3, SHA3_256);
+
+    DIGEST_KATS_ADD("", 0,
+        "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66"
+        "\x51\xc1\x47\x56\xa0\x61\xd6\x62"
+        "\xf5\x80\xff\x4d\xe4\x3b\x49\xfa"
+        "\x82\xd8\x0a\x4b\x80\xf8\x43\x4a");
+    DIGEST_KATS_ADD("a", 1,
+        "\x80\x08\x4b\xf2\xfb\xa0\x24\x75"
+        "\x72\x6f\xeb\x2c\xab\x2d\x82\x15"
+        "\xea\xb1\x4b\xc6\xbd\xd8\xbf\xb2"
+        "\xc8\x15\x12\x57\x03\x2e\xcd\x8b");
+    DIGEST_KATS_ADD("abc", 3,
+        "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2"
+        "\x04\x5c\x17\x2d\x6b\xd3\x90\xbd"
+        "\x85\x5f\x08\x6e\x3e\x9d\x52\x5b"
+        "\x46\xbf\xe2\x45\x11\x43\x15\x32");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\xed\xcd\xb2\x06\x93\x66\xe7\x52"
+        "\x43\x86\x0c\x18\xc3\xa1\x14\x65"
+        "\xec\xa3\x4b\xce\x61\x43\xd3\x0c"
+        "\x86\x65\xce\xfc\xfd\x32\xbf\xfd");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\x7c\xab\x2d\xc7\x65\xe2\x1b\x24"
+        "\x1d\xbc\x1c\x25\x5c\xe6\x20\xb2"
+        "\x9f\x52\x7c\x6d\x5e\x7f\x5f\x84"
+        "\x3e\x56\x28\x8f\x0d\x70\x75\x21");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xa7\x9d\x6a\x9d\xa4\x7f\x04\xa3"
+        "\xb9\xa9\x32\x3e\xc9\x99\x1f\x21"
+        "\x05\xd4\xc7\x8a\x7b\xc7\xbe\xeb"
+        "\x10\x38\x55\xa7\xa1\x1d\xfb\x9f");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x29\x3e\x5c\xe4\xce\x54\xee\x71"
+        "\x99\x0a\xb0\x6e\x51\x1b\x7c\xcd"
+        "\x62\x72\x2b\x1b\xeb\x41\x4f\x5f"
+        "\xf6\x5c\x82\x74\xe0\xf5\xbe\x1d");
+
+    SHA3_KATS_TEST(Sha3_256, SHA3_256);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SHA3_384_KAT_CNT    7
+int test_wc_Sha3_384_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_KATS_TEST_VARS(wc_Sha3, SHA3_384);
+
+    DIGEST_KATS_ADD("", 0,
+        "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d"
+        "\x01\x10\x7d\x85\x2e\x4c\x24\x85"
+        "\xc5\x1a\x50\xaa\xaa\x94\xfc\x61"
+        "\x99\x5e\x71\xbb\xee\x98\x3a\x2a"
+        "\xc3\x71\x38\x31\x26\x4a\xdb\x47"
+        "\xfb\x6b\xd1\xe0\x58\xd5\xf0\x04");
+    DIGEST_KATS_ADD("a", 1,
+        "\x18\x15\xf7\x74\xf3\x20\x49\x1b"
+        "\x48\x56\x9e\xfe\xc7\x94\xd2\x49"
+        "\xee\xb5\x9a\xae\x46\xd2\x2b\xf7"
+        "\x7d\xaf\xe2\x5c\x5e\xdc\x28\xd7"
+        "\xea\x44\xf9\x3e\xe1\x23\x4a\xa8"
+        "\x8f\x61\xc9\x19\x12\xa4\xcc\xd9");
+    DIGEST_KATS_ADD("abc", 3,
+        "\xec\x01\x49\x82\x88\x51\x6f\xc9"
+        "\x26\x45\x9f\x58\xe2\xc6\xad\x8d"
+        "\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25"
+        "\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2"
+        "\x98\xd8\x8c\xea\x92\x7a\xc7\xf5"
+        "\x39\xf1\xed\xf2\x28\x37\x6d\x25");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\xd9\x51\x97\x09\xf4\x4a\xf7\x3e"
+        "\x2c\x8e\x29\x11\x09\xa9\x79\xde"
+        "\x3d\x61\xdc\x02\xbf\x69\xde\xf7"
+        "\xfb\xff\xdf\xff\xe6\x62\x75\x15"
+        "\x13\xf1\x9a\xd5\x7e\x17\xd4\xb9"
+        "\x3b\xa1\xe4\x84\xfc\x19\x80\xd5");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\xfe\xd3\x99\xd2\x21\x7a\xaf\x4c"
+        "\x71\x7a\xd0\xc5\x10\x2c\x15\x58"
+        "\x9e\x1c\x99\x0c\xc2\xb9\xa5\x02"
+        "\x90\x56\xa7\xf7\x48\x58\x88\xd6"
+        "\xab\x65\xdb\x23\x70\x07\x7a\x5c"
+        "\xad\xb5\x3f\xc9\x28\x0d\x27\x8f");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xd5\xb9\x72\x30\x2f\x50\x80\xd0"
+        "\x83\x0e\x0d\xe7\xb6\xb2\xcf\x38"
+        "\x36\x65\xa0\x08\xf4\xc4\xf3\x86"
+        "\xa6\x11\x12\x65\x2c\x74\x2d\x20"
+        "\xcb\x45\xaa\x51\xbd\x4f\x54\x2f"
+        "\xc7\x33\xe2\x71\x9e\x99\x92\x91");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x3c\x21\x3a\x17\xf5\x14\x63\x8a"
+        "\xcb\x3b\xf1\x7f\x10\x9f\x3e\x24"
+        "\xc1\x6f\x9f\x14\xf0\x85\xb5\x2a"
+        "\x2f\x2b\x81\xad\xc0\xdb\x83\xdf"
+        "\x1a\x58\xdb\x2c\xe0\x13\x19\x1b"
+        "\x8b\xa7\x2d\x8f\xae\x7e\x2a\x5e");
+
+    SHA3_KATS_TEST(Sha3_384, SHA3_384);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SHA3_512_KAT_CNT    7
+int test_wc_Sha3_512_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_KATS_TEST_VARS(wc_Sha3, SHA3_512);
+
+    DIGEST_KATS_ADD("", 0,
+        "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5"
+        "\xc8\xb5\x67\xdc\x18\x5a\x75\x6e"
+        "\x97\xc9\x82\x16\x4f\xe2\x58\x59"
+        "\xe0\xd1\xdc\xc1\x47\x5c\x80\xa6"
+        "\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c"
+        "\x11\xe3\xe9\x40\x2c\x3a\xc5\x58"
+        "\xf5\x00\x19\x9d\x95\xb6\xd3\xe3"
+        "\x01\x75\x85\x86\x28\x1d\xcd\x26");
+    DIGEST_KATS_ADD("a", 1,
+        "\x69\x7f\x2d\x85\x61\x72\xcb\x83"
+        "\x09\xd6\xb8\xb9\x7d\xac\x4d\xe3"
+        "\x44\xb5\x49\xd4\xde\xe6\x1e\xdf"
+        "\xb4\x96\x2d\x86\x98\xb7\xfa\x80"
+        "\x3f\x4f\x93\xff\x24\x39\x35\x86"
+        "\xe2\x8b\x5b\x95\x7a\xc3\xd1\xd3"
+        "\x69\x42\x0c\xe5\x33\x32\x71\x2f"
+        "\x99\x7b\xd3\x36\xd0\x9a\xb0\x2a");
+    DIGEST_KATS_ADD("abc", 3,
+        "\xb7\x51\x85\x0b\x1a\x57\x16\x8a"
+        "\x56\x93\xcd\x92\x4b\x6b\x09\x6e"
+        "\x08\xf6\x21\x82\x74\x44\xf7\x0d"
+        "\x88\x4f\x5d\x02\x40\xd2\x71\x2e"
+        "\x10\xe1\x16\xe9\x19\x2a\xf3\xc9"
+        "\x1a\x7e\xc5\x76\x47\xe3\x93\x40"
+        "\x57\x34\x0b\x4c\xf4\x08\xd5\xa5"
+        "\x65\x92\xf8\x27\x4e\xec\x53\xf0");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\x34\x44\xe1\x55\x88\x1f\xa1\x55"
+        "\x11\xf5\x77\x26\xc7\xd7\xcf\xe8"
+        "\x03\x02\xa7\x43\x30\x67\xb2\x9d"
+        "\x59\xa7\x14\x15\xca\x9d\xd1\x41"
+        "\xac\x89\x2d\x31\x0b\xc4\xd7\x81"
+        "\x28\xc9\x8f\xda\x83\x9d\x18\xd7"
+        "\xf0\x55\x6f\x2f\xe7\xac\xb3\xc0"
+        "\xcd\xa4\xbf\xf3\xa2\x5f\x5f\x59");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\xaf\x32\x8d\x17\xfa\x28\x75\x3a"
+        "\x3c\x9f\x5c\xb7\x2e\x37\x6b\x90"
+        "\x44\x0b\x96\xf0\x28\x9e\x57\x03"
+        "\xb7\x29\x32\x4a\x97\x5a\xb3\x84"
+        "\xed\xa5\x65\xfc\x92\xaa\xde\xd1"
+        "\x43\x66\x99\x00\xd7\x61\x86\x16"
+        "\x87\xac\xdc\x0a\x5f\xfa\x35\x8b"
+        "\xd0\x57\x1a\xaa\xd8\x0a\xca\x68");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xd1\xdb\x17\xb4\x74\x5b\x25\x5e"
+        "\x5e\xb1\x59\xf6\x65\x93\xcc\x9c"
+        "\x14\x38\x50\x97\x9f\xc7\xa3\x95"
+        "\x17\x96\xab\xa8\x01\x65\xaa\xb5"
+        "\x36\xb4\x61\x74\xce\x19\xe3\xf7"
+        "\x07\xf0\xe5\xc6\x48\x7f\x5f\x03"
+        "\x08\x4b\xc0\xec\x94\x61\x69\x1e"
+        "\xf2\x01\x13\xe4\x2a\xd2\x81\x63");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x95\x24\xb9\xa5\x53\x6b\x91\x06"
+        "\x95\x26\xb4\xf6\x19\x6b\x7e\x94"
+        "\x75\xb4\xda\x69\xe0\x1f\x0c\x85"
+        "\x57\x97\xf2\x24\xcd\x73\x35\xdd"
+        "\xb2\x86\xfd\x99\xb9\xb3\x2f\xfe"
+        "\x33\xb5\x9a\xd4\x24\xcc\x17\x44"
+        "\xf6\xeb\x59\x13\x7f\x5f\xb8\x60"
+        "\x19\x32\xe8\xa8\xaf\x0a\xe9\x30");
+
+    SHA3_KATS_TEST(Sha3_512, SHA3_512);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha3_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_ALT_OTHER_TEST(wc_Sha3, Sha3_224, SHA3_224,
+        "\xbb\x4e\xb3\xf7\xfb\x7b\x50\xff"
+        "\x3b\xf8\xb0\x53\x8c\x13\x40\xce"
+        "\x0c\x43\x5f\xff\x6a\x08\x43\x87"
+        "\x34\x9f\x7a\x4c");
+    DIGEST_ALT_OTHER_TEST(wc_Sha3, Sha3_256, SHA3_256,
+        "\x78\xc4\x14\xa4\x5d\x85\x07\xf4"
+        "\x48\x64\xe0\x5f\x73\x2c\x3b\x78"
+        "\xce\x5a\x78\x45\x97\x0b\x29\xa8"
+        "\xb4\x53\xed\x38\x19\xd2\x4e\xa9");
+    DIGEST_ALT_OTHER_TEST(wc_Sha3, Sha3_384, SHA3_384,
+        "\x22\x29\x8c\x46\xa7\xf0\xf9\xc7"
+        "\xa7\xaf\x66\x5d\x58\x88\xb3\x6c"
+        "\xc2\x02\x43\x83\x71\x5f\xce\x12"
+        "\x65\x1b\x11\xba\x1c\xde\x52\xdc"
+        "\x6f\xde\x26\x43\xf1\x9f\xbe\xea"
+        "\x5f\xd6\x25\x06\x7c\xad\x16\xed");
+    DIGEST_ALT_OTHER_TEST(wc_Sha3, Sha3_512, SHA3_512,
+        "\xc3\xaf\x62\x06\x69\x92\xa1\x2f"
+        "\xa5\x66\xcc\xcd\xec\x80\xdd\x27"
+        "\x93\xbd\x11\xb0\xb7\xba\x6a\x5e"
+        "\x36\xcf\x23\x4c\x1a\xf4\x8d\x37"
+        "\xb9\xb6\x7f\xb1\xb4\x9a\x04\x23"
+        "\x23\x42\x51\x5d\x8f\x07\x0d\x42"
+        "\x04\x68\x84\xc4\x56\x24\x14\x65"
+        "\x84\x28\xa9\x2f\x10\x35\x7b\x6d");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha3_Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    DIGEST_ALT_COPY_TEST(wc_Sha3, Sha3_224, SHA3_224,
+        "\x6b\x4e\x03\x42\x36\x67\xdb\xb7"
+        "\x3b\x6e\x15\x45\x4f\x0e\xb1\xab"
+        "\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f"
+        "\x5b\x5a\x6b\xc7",
+        "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a"
+        "\xd0\x92\x34\xee\x7d\x3c\x76\x6f"
+        "\xc9\xa3\xa5\x16\x8d\x0c\x94\xad"
+        "\x73\xb4\x6f\xdf");
+    DIGEST_ALT_COPY_TEST(wc_Sha3, Sha3_256, SHA3_256,
+        "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66"
+        "\x51\xc1\x47\x56\xa0\x61\xd6\x62"
+        "\xf5\x80\xff\x4d\xe4\x3b\x49\xfa"
+        "\x82\xd8\x0a\x4b\x80\xf8\x43\x4a",
+        "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2"
+        "\x04\x5c\x17\x2d\x6b\xd3\x90\xbd"
+        "\x85\x5f\x08\x6e\x3e\x9d\x52\x5b"
+        "\x46\xbf\xe2\x45\x11\x43\x15\x32");
+    DIGEST_ALT_COPY_TEST(wc_Sha3, Sha3_384, SHA3_384,
+        "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d"
+        "\x01\x10\x7d\x85\x2e\x4c\x24\x85"
+        "\xc5\x1a\x50\xaa\xaa\x94\xfc\x61"
+        "\x99\x5e\x71\xbb\xee\x98\x3a\x2a"
+        "\xc3\x71\x38\x31\x26\x4a\xdb\x47"
+        "\xfb\x6b\xd1\xe0\x58\xd5\xf0\x04",
+        "\xec\x01\x49\x82\x88\x51\x6f\xc9"
+        "\x26\x45\x9f\x58\xe2\xc6\xad\x8d"
+        "\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25"
+        "\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2"
+        "\x98\xd8\x8c\xea\x92\x7a\xc7\xf5"
+        "\x39\xf1\xed\xf2\x28\x37\x6d\x25");
+    DIGEST_ALT_COPY_TEST(wc_Sha3, Sha3_512, SHA3_512,
+        "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5"
+        "\xc8\xb5\x67\xdc\x18\x5a\x75\x6e"
+        "\x97\xc9\x82\x16\x4f\xe2\x58\x59"
+        "\xe0\xd1\xdc\xc1\x47\x5c\x80\xa6"
+        "\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c"
+        "\x11\xe3\xe9\x40\x2c\x3a\xc5\x58"
+        "\xf5\x00\x19\x9d\x95\xb6\xd3\xe3"
+        "\x01\x75\x85\x86\x28\x1d\xcd\x26",
+        "\xb7\x51\x85\x0b\x1a\x57\x16\x8a"
+        "\x56\x93\xcd\x92\x4b\x6b\x09\x6e"
+        "\x08\xf6\x21\x82\x74\x44\xf7\x0d"
+        "\x88\x4f\x5d\x02\x40\xd2\x71\x2e"
+        "\x10\xe1\x16\xe9\x19\x2a\xf3\xc9"
+        "\x1a\x7e\xc5\x76\x47\xe3\x93\x40"
+        "\x57\x34\x0b\x4c\xf4\x08\xd5\xa5"
+        "\x65\x92\xf8\x27\x4e\xec\x53\xf0");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha3_GetHash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA3
+    SHA3_GET_HASH_TEST(Sha3_224, SHA3_224,
+        "\x6b\x4e\x03\x42\x36\x67\xdb\xb7"
+        "\x3b\x6e\x15\x45\x4f\x0e\xb1\xab"
+        "\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f"
+        "\x5b\x5a\x6b\xc7",
+        "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a"
+        "\xd0\x92\x34\xee\x7d\x3c\x76\x6f"
+        "\xc9\xa3\xa5\x16\x8d\x0c\x94\xad"
+        "\x73\xb4\x6f\xdf");
+    SHA3_GET_HASH_TEST(Sha3_256, SHA3_256,
+        "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66"
+        "\x51\xc1\x47\x56\xa0\x61\xd6\x62"
+        "\xf5\x80\xff\x4d\xe4\x3b\x49\xfa"
+        "\x82\xd8\x0a\x4b\x80\xf8\x43\x4a",
+        "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2"
+        "\x04\x5c\x17\x2d\x6b\xd3\x90\xbd"
+        "\x85\x5f\x08\x6e\x3e\x9d\x52\x5b"
+        "\x46\xbf\xe2\x45\x11\x43\x15\x32");
+    SHA3_GET_HASH_TEST(Sha3_384, SHA3_384,
+        "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d"
+        "\x01\x10\x7d\x85\x2e\x4c\x24\x85"
+        "\xc5\x1a\x50\xaa\xaa\x94\xfc\x61"
+        "\x99\x5e\x71\xbb\xee\x98\x3a\x2a"
+        "\xc3\x71\x38\x31\x26\x4a\xdb\x47"
+        "\xfb\x6b\xd1\xe0\x58\xd5\xf0\x04",
+        "\xec\x01\x49\x82\x88\x51\x6f\xc9"
+        "\x26\x45\x9f\x58\xe2\xc6\xad\x8d"
+        "\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25"
+        "\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2"
+        "\x98\xd8\x8c\xea\x92\x7a\xc7\xf5"
+        "\x39\xf1\xed\xf2\x28\x37\x6d\x25");
+    SHA3_GET_HASH_TEST(Sha3_512, SHA3_512,
+        "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5"
+        "\xc8\xb5\x67\xdc\x18\x5a\x75\x6e"
+        "\x97\xc9\x82\x16\x4f\xe2\x58\x59"
+        "\xe0\xd1\xdc\xc1\x47\x5c\x80\xa6"
+        "\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c"
+        "\x11\xe3\xe9\x40\x2c\x3a\xc5\x58"
+        "\xf5\x00\x19\x9d\x95\xb6\xd3\xe3"
+        "\x01\x75\x85\x86\x28\x1d\xcd\x26",
+        "\xb7\x51\x85\x0b\x1a\x57\x16\x8a"
+        "\x56\x93\xcd\x92\x4b\x6b\x09\x6e"
+        "\x08\xf6\x21\x82\x74\x44\xf7\x0d"
+        "\x88\x4f\x5d\x02\x40\xd2\x71\x2e"
+        "\x10\xe1\x16\xe9\x19\x2a\xf3\xc9"
+        "\x1a\x7e\xc5\x76\x47\xe3\x93\x40"
+        "\x57\x34\x0b\x4c\xf4\x08\xd5\xa5"
+        "\x65\x92\xf8\x27\x4e\xec\x53\xf0");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha3_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_ALT_FLAGS_TEST(wc_Sha3, Sha3, Sha3_256);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * SHAKE-128
+ ******************************************************************************/
+
+int test_wc_InitShake128(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    DIGEST_INIT_TEST(wc_Shake, Shake128);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128_Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    DIGEST_ALT_UPDATE_TEST(wc_Shake, Shake128);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128_Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    DIGEST_COUNT_FINAL_TEST(wc_Shake, Shake128, SHA3_128);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SHAKE128_KAT_CNT    7
+int test_wc_Shake128_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    DIGEST_COUNT_KATS_TEST_VARS(wc_Shake, SHAKE128, SHA3_128);
+
+    DIGEST_KATS_ADD("", 0,
+        "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d"
+        "\x61\x60\x45\x50\x76\x05\x85\x3e"
+        "\xd7\x3b\x80\x93\xf6\xef\xbc\x88"
+        "\xeb\x1a\x6e\xac\xfa\x66\xef\x26"
+        "\x3c\xb1\xee\xa9\x88\x00\x4b\x93"
+        "\x10\x3c\xfb\x0a\xee\xfd\x2a\x68"
+        "\x6e\x01\xfa\x4a\x58\xe8\xa3\x63"
+        "\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2"
+        "\x35\xb8\xcc\x87\x3c\x23\xdc\x62"
+        "\xb8\xd2\x60\x16\x9a\xfa\x2f\x75"
+        "\xab\x91\x6a\x58\xd9\x74\x91\x88"
+        "\x35\xd2\x5e\x6a\x43\x50\x85\xb2"
+        "\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5"
+        "\xef\xbb\x7b\xcc\x4b\x59\xd5\x38"
+        "\xdf\x9a\x04\x30\x2e\x10\xc8\xbc"
+        "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea"
+        "\x17\xcd\xa7\xcf\xad\x76\x5f\x56"
+        "\x23\x47\x4d\x36\x8c\xcc\xa8\xaf"
+        "\x00\x07\xcd\x9f\x5e\x4c\x84\x9f"
+        "\x16\x7a\x58\x0b\x14\xaa\xbd\xef"
+        "\xae\xe7\xee\xf4\x7c\xb0\xfc\xa9");
+    DIGEST_KATS_ADD("a", 1,
+        "\x85\xc8\xde\x88\xd2\x88\x66\xbf"
+        "\x08\x68\x09\x0b\x39\x61\x16\x2b"
+        "\xf8\x23\x92\xf6\x90\xd9\xe4\x73"
+        "\x09\x10\xf4\xaf\x7c\x6a\xb3\xee"
+        "\x43\x54\xb4\x9c\xa7\x29\xeb\x35"
+        "\x6e\xe3\xf5\xb0\xfb\xd2\x9b\x66"
+        "\x76\x93\x83\xe5\xe4\x01\xb1\xf8"
+        "\x5e\x04\x4c\x92\xbb\x52\x31\xaa"
+        "\x4d\xee\x17\x99\xaf\x7a\x7c\xee"
+        "\x21\x3a\x23\xad\xcd\x03\xc4\x80"
+        "\x6c\x9a\x8b\x0d\x8a\x2e\xea\xd8"
+        "\xea\x7a\x61\x34\xc1\x3e\x52\x3c"
+        "\xcf\x93\xad\x39\xd2\x27\xd3\xe7"
+        "\xd0\x22\xd9\x65\x4f\x3b\x49\x41"
+        "\x37\x88\x75\x8a\x64\x17\xe4\x2d"
+        "\x41\x95\x7c\xb3\x0c\xf0\x4d\xa3"
+        "\x7f\x26\x89\x7c\x2c\xf2\xf8\x00"
+        "\x55\x84\x62\x93\xfd\xe0\x23\x31"
+        "\xcf\x4a\x26\x9a\xaf\x2d\x47\xeb"
+        "\x27\xab\xa0\xfa\xba\x4a\x67\x8e"
+        "\xc0\x02\xbc\x0d\x30\x64\xea\xd0");
+    DIGEST_KATS_ADD("abc", 3,
+        "\x58\x81\x09\x2d\xd8\x18\xbf\x5c"
+        "\xf8\xa3\xdd\xb7\x93\xfb\xcb\xa7"
+        "\x40\x97\xd5\xc5\x26\xa6\xd3\x5f"
+        "\x97\xb8\x33\x51\x94\x0f\x2c\xc8"
+        "\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c"
+        "\xdd\x06\x65\x68\x70\x6f\x50\x9b"
+        "\xc1\xbd\xde\x58\x29\x5d\xae\x3f"
+        "\x89\x1a\x9a\x0f\xca\x57\x83\x78"
+        "\x9a\x41\xf8\x61\x12\x14\xce\x61"
+        "\x23\x94\xdf\x28\x6a\x62\xd1\xa2"
+        "\x25\x2a\xa9\x4d\xb9\xc5\x38\x95"
+        "\x6c\x71\x7d\xc2\xbe\xd4\xf2\x32"
+        "\xa0\x29\x4c\x85\x7c\x73\x0a\xa1"
+        "\x60\x67\xac\x10\x62\xf1\x20\x1f"
+        "\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6"
+        "\x35\x99\xb2\x7f\x34\x62\xbb\xa4"
+        "\xa0\xed\x29\x6c\x80\x1f\x9f\xf7"
+        "\xf5\x73\x02\xbb\x30\x76\xee\x14"
+        "\x5f\x97\xa3\x2a\xe6\x8e\x76\xab"
+        "\x66\xc4\x8d\x51\x67\x5b\xd4\x9a"
+        "\xcc\x29\x08\x2f\x56\x47\x58\x4e");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\xcb\xef\x73\x29\x61\xb5\x5b\x4c"
+        "\x31\x39\x67\x96\x57\x7d\xf4\x91"
+        "\xb6\xee\xd6\x1d\x89\x49\xce\x96"
+        "\x72\x26\x80\x1e\x41\x1e\x53\xf0"
+        "\x95\x44\xc1\x3f\xe4\xdf\x40\xfc"
+        "\x8d\xf5\xf9\x85\x3e\x85\x41\xd0"
+        "\x45\x41\xf1\x00\x77\xd9\xd4\x4e"
+        "\x74\x93\xe8\x7f\x16\x0a\x0a\x0d"
+        "\x37\xb3\xd6\xda\xc9\x64\x59\x88"
+        "\xed\x5d\x06\xdd\x53\x21\x99\x3d"
+        "\x87\x35\x74\xd1\x47\xe3\x36\xd7"
+        "\x23\x3a\x68\x27\x31\x87\x21\x48"
+        "\xe9\x3e\x72\x28\x16\xb3\xb1\xcc"
+        "\x31\x3b\xc4\x33\x94\x5f\x74\xf2"
+        "\x14\x39\xdf\xd8\xc8\x9b\xc5\x9b"
+        "\xf3\xd1\x6d\x48\x9a\x5d\x5c\xaf"
+        "\xdf\x77\xac\x07\xbe\x5d\x96\xa7"
+        "\x6e\x95\x27\x53\x07\xd8\x83\xca"
+        "\xd6\x25\x71\x43\xb5\x61\x00\x73"
+        "\xcb\xbf\x7b\x8e\x89\x70\x31\x74"
+        "\x66\xa8\xb6\x85\xd4\x81\x78\xb8");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\x96\x1c\x91\x9c\x08\x54\x57\x6e"
+        "\x56\x13\x20\xe8\x15\x14\xbf\x37"
+        "\x24\x19\x7d\x07\x15\xe1\x6a\x36"
+        "\x45\x20\x38\x4e\xe9\x97\xf6\xef"
+        "\x3b\xe7\xad\x1a\xb6\x87\xd3\x1e"
+        "\xbd\x7e\x66\x04\xef\x2c\x76\x52"
+        "\x93\x2e\x42\x06\x11\x3d\x26\x35"
+        "\x14\xe7\x2f\x31\xf5\xe1\xdf\x87"
+        "\xc5\xf5\x4f\xc4\x3e\x8f\x85\x7f"
+        "\xc4\xa5\x2b\xbb\x56\x5b\xd6\xd4"
+        "\x58\x69\xdf\x92\x59\xc0\x97\x74"
+        "\x72\x83\x94\xe3\xe0\xc3\xb3\x26"
+        "\x41\x00\x85\xc3\x56\xe5\xb1\x73"
+        "\xd5\x70\x08\x79\x45\xb0\xf0\x68"
+        "\xe4\xc6\x3a\x5b\x19\x1f\xef\x22"
+        "\xd9\x3b\x9f\xd4\x21\x13\x28\xd7"
+        "\x0e\x51\x4f\xec\x92\xb1\xb4\x86"
+        "\x43\x49\x59\x18\xb6\x41\xea\xb0"
+        "\x54\x60\xd0\x79\x8c\xbe\x42\xfd"
+        "\xa4\x7a\x23\x75\xf1\x06\x5d\x03"
+        "\x7e\xbc\x76\xbd\xce\xff\x29\xef");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\x54\xdd\x20\x1e\x53\x24\x99\x10"
+        "\xdb\x3c\x7d\x36\x65\x74\xfb\xb6"
+        "\x4e\x71\xfa\xe4\x42\xa4\xba\xc1"
+        "\x34\x39\xf2\x6d\xd4\x89\x68\x83"
+        "\x70\xd0\x12\xa1\x55\x86\xd8\x7e"
+        "\x73\x00\xbe\xed\xd9\x23\x3e\xea"
+        "\x98\xf9\x16\xda\xb2\x66\x51\x38"
+        "\x02\x50\x24\x40\x31\x5b\xba\x9e"
+        "\x40\xcd\xb8\x60\x09\x7b\x12\xdf"
+        "\xd8\x8d\x4f\x24\x2f\x77\xc2\x2e"
+        "\x93\xad\xfd\x3e\xb7\x89\x94\x82"
+        "\xd3\x9f\x7c\x0f\x16\x0e\xcc\x07"
+        "\x04\x73\x47\x82\x94\x73\x31\x46"
+        "\x74\xa5\x6a\x13\xe7\x01\xd5\xd8"
+        "\xaa\x37\x54\x6b\x43\xc5\x73\x36"
+        "\x56\xc1\xac\x3c\xa4\x69\x7a\x30"
+        "\x32\x0b\x98\xad\xf9\xbc\xa3\xc6"
+        "\x8b\xec\x9f\x14\xe3\x3b\x8f\xae"
+        "\x30\xd5\x5e\xc6\x0e\x80\x15\xa5"
+        "\x16\x80\xbb\x37\xeb\x5a\x7e\xbc"
+        "\x90\x88\xcd\xcf\x09\xff\x2d\x6b");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x7b\xf4\x51\xc9\x2f\xdc\x77\xb9"
+        "\x77\x1e\x6c\x90\x56\x44\x58\x94"
+        "\xee\x86\x7f\x00\xc2\xb7\x0d\x3a"
+        "\xf0\xd1\x96\xa0\xcf\x6b\x28\xe1"
+        "\x2c\xed\x96\x05\x37\xf2\x2a\x0e"
+        "\x90\x33\x41\x03\x67\x58\x44\x99"
+        "\x3c\x4f\xd7\x13\x64\x68\x00\xbd"
+        "\x89\x99\x51\xe5\x6f\x06\x45\xfc"
+        "\xf0\x39\x78\xa6\x27\xc0\x7c\x62"
+        "\xa7\x5a\x54\x3b\x8a\xf7\xed\xb0"
+        "\xaf\xe7\x64\x3d\x94\x95\x36\x3b"
+        "\x30\xbc\xc5\x50\x1c\x74\xdf\x19"
+        "\x5b\x2a\xd4\x28\x83\x1b\x77\x9b"
+        "\xf1\xab\x2a\x0d\xfc\x92\xa5\x92"
+        "\x5a\xc8\xd5\x97\x90\xee\xbc\xf2"
+        "\xec\x29\xb3\x33\x8f\x66\x0c\x5a"
+        "\x6f\x66\x73\xce\x32\x2c\xc1\x03"
+        "\x9a\xe5\xf1\x46\x3b\x86\xca\x7e"
+        "\x96\xaa\xa9\x9a\x27\x09\x93\x02"
+        "\x6a\xc8\x13\xda\xc4\xb9\xeb\x82"
+        "\x14\xe3\x1c\xe8\x68\x27\xcb\x21");
+
+    DIGEST_COUNT_KATS_TEST(Shake128, SHAKE128, SHA3_128);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    DIGEST_COUNT_OTHER_TEST(wc_Shake, Shake128, SHA3_128,
+        "\x1b\xbe\x22\xa0\x40\xc7\x15\x88"
+        "\xcc\x2b\xaa\x3e\x5a\x7c\x89\x03"
+        "\x33\xd4\xac\x54\x27\x14\xf9\x96"
+        "\x0e\x60\x3d\x8f\x13\x9a\xf8\x1e"
+        "\x8f\x45\xc8\x37\xa8\x63\x16\x7b"
+        "\x96\x69\xd4\xe4\x2e\x45\x9f\x1d"
+        "\x50\xaa\x92\x2e\x0d\x32\x37\x97"
+        "\xf7\xd7\xcc\x7c\x5c\xfa\x71\x42"
+        "\xf3\x23\x68\x6a\x36\x03\xd4\x0a"
+        "\x77\x7d\xd3\x84\x40\x75\xc5\xad"
+        "\x1f\xb7\xa4\x90\x80\x66\x91\x49"
+        "\x7d\x3e\x8a\x69\xb9\x94\xbf\x0f"
+        "\x0a\x09\xde\xc8\xfe\x10\xb5\x4f"
+        "\xe5\x78\xda\x4c\x3a\xcd\xcd\xc2"
+        "\x30\xb0\x14\x75\x45\x2b\x2e\x40"
+        "\x74\xf4\x5c\xad\x2e\xcf\x1c\xa0"
+        "\x0b\x8d\x58\x30\xcd\x0f\xaa\x11"
+        "\x68\x84\x2b\x55\xa7\x62\x1b\x9a"
+        "\xec\x6e\xd6\xcc\xa1\xc9\x9f\xc8"
+        "\x11\x74\xb4\x22\x18\xc0\xe6\x37"
+        "\xc4\xef\xc2\xe4\xc3\x26\x27\x0b");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128_Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    DIGEST_COUNT_COPY_TEST(wc_Shake, Shake128, SHA3_128,
+        "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d"
+        "\x61\x60\x45\x50\x76\x05\x85\x3e"
+        "\xd7\x3b\x80\x93\xf6\xef\xbc\x88"
+        "\xeb\x1a\x6e\xac\xfa\x66\xef\x26"
+        "\x3c\xb1\xee\xa9\x88\x00\x4b\x93"
+        "\x10\x3c\xfb\x0a\xee\xfd\x2a\x68"
+        "\x6e\x01\xfa\x4a\x58\xe8\xa3\x63"
+        "\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2"
+        "\x35\xb8\xcc\x87\x3c\x23\xdc\x62"
+        "\xb8\xd2\x60\x16\x9a\xfa\x2f\x75"
+        "\xab\x91\x6a\x58\xd9\x74\x91\x88"
+        "\x35\xd2\x5e\x6a\x43\x50\x85\xb2"
+        "\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5"
+        "\xef\xbb\x7b\xcc\x4b\x59\xd5\x38"
+        "\xdf\x9a\x04\x30\x2e\x10\xc8\xbc"
+        "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea"
+        "\x17\xcd\xa7\xcf\xad\x76\x5f\x56"
+        "\x23\x47\x4d\x36\x8c\xcc\xa8\xaf"
+        "\x00\x07\xcd\x9f\x5e\x4c\x84\x9f"
+        "\x16\x7a\x58\x0b\x14\xaa\xbd\xef"
+        "\xae\xe7\xee\xf4\x7c\xb0\xfc\xa9",
+        "\x58\x81\x09\x2d\xd8\x18\xbf\x5c"
+        "\xf8\xa3\xdd\xb7\x93\xfb\xcb\xa7"
+        "\x40\x97\xd5\xc5\x26\xa6\xd3\x5f"
+        "\x97\xb8\x33\x51\x94\x0f\x2c\xc8"
+        "\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c"
+        "\xdd\x06\x65\x68\x70\x6f\x50\x9b"
+        "\xc1\xbd\xde\x58\x29\x5d\xae\x3f"
+        "\x89\x1a\x9a\x0f\xca\x57\x83\x78"
+        "\x9a\x41\xf8\x61\x12\x14\xce\x61"
+        "\x23\x94\xdf\x28\x6a\x62\xd1\xa2"
+        "\x25\x2a\xa9\x4d\xb9\xc5\x38\x95"
+        "\x6c\x71\x7d\xc2\xbe\xd4\xf2\x32"
+        "\xa0\x29\x4c\x85\x7c\x73\x0a\xa1"
+        "\x60\x67\xac\x10\x62\xf1\x20\x1f"
+        "\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6"
+        "\x35\x99\xb2\x7f\x34\x62\xbb\xa4"
+        "\xa0\xed\x29\x6c\x80\x1f\x9f\xf7"
+        "\xf5\x73\x02\xbb\x30\x76\xee\x14"
+        "\x5f\x97\xa3\x2a\xe6\x8e\x76\xab"
+        "\x66\xc4\x8d\x51\x67\x5b\xd4\x9a"
+        "\xcc\x29\x08\x2f\x56\x47\x58\x4e");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128Hash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    const byte  data[] = { /* Hello World */
+        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
+        0x72,0x6c,0x64
+    };
+    word32      len = sizeof(data);
+    byte        hash[WC_SHA3_128_COUNT * 8];
+    word32      hashLen = sizeof(hash);
+    const char* expHash =
+        "\x12\x27\xc5\xf8\x82\xf9\xc5\x7b"
+        "\xf2\xe3\xe4\x8d\x2c\x87\xeb\x20"
+        "\xf3\x82\xa4\xb6\x39\xb5\x4d\x26"
+        "\xf6\xd5\x95\xff\x3d\xb9\x06\x4d"
+        "\x07\x4e\xe7\x88\xf0\x74\x7c\xa3"
+        "\xfc\x46\xce\x86\x93\x6c\xfc\x6b"
+        "\xd3\x63\x8d\xae\x5a\x2b\x7d\x65"
+        "\x92\x52\x29\x98\xd6\xda\x6f\xaa"
+        "\x5f\x5d\x41\x5d\x99\xd5\x56\x51"
+        "\x46\xee\x3c\xd2\xb8\xec\x15\x38"
+        "\xbc\x62\xdd\xe9\x46\x94\x9b\x23"
+        "\xb8\xcf\x3c\xa3\xe4\x7f\x35\x2d"
+        "\x3c\x46\x2f\x16\x87\x10\x84\x34"
+        "\xf7\x84\x95\x2c\xcf\xe3\x26\xaf"
+        "\xdf\x78\x53\xb3\x98\x20\x22\xca"
+        "\x14\x82\xbc\x9c\xd1\x8f\x9a\x6c"
+        "\xe0\x92\x0b\x8f\x34\x5a\xa0\x4e"
+        "\x7f\xd5\x83\xa4\xe2\x01\x25\x33"
+        "\x45\x0b\x00\xc1\x6a\x5a\x14\xe8"
+        "\x6a\xd1\x45\x0c\x4e\x8a\x4a\x6f"
+        "\x37\xb4\x15\x5d\xd6\x0d\xd1\xab";
+
+    ExpectIntEQ(wc_Shake128Hash(data, len, hash, hashLen), 0);
+    ExpectBufEQ(hash, expHash, hashLen);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128_Absorb(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    wc_Shake shake128;
+
+    ExpectIntEQ(wc_InitShake128(&shake128, HEAP_HINT, INVALID_DEVID), 0);
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)
+    ExpectIntEQ(wc_Shake128_Absorb(NULL     , NULL    , 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake128_Absorb(&shake128, NULL    , 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake128_Absorb(NULL     , NULL    , 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Shake128_Absorb(&shake128, NULL, 0), 0);
+#endif
+
+    ExpectIntEQ(wc_Shake128_Absorb(&shake128, (byte*)"a", 1), 0);
+
+    wc_Shake128_Free(&shake128);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake128_SqueezeBlocks(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    wc_Shake shake128;
+    byte hash[WC_SHA3_128_COUNT * 8];
+
+    ExpectIntEQ(wc_InitShake128(&shake128, HEAP_HINT, INVALID_DEVID), 0);
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)
+    ExpectIntEQ(wc_Shake128_SqueezeBlocks(NULL     , NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake128_SqueezeBlocks(&shake128, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake128_SqueezeBlocks(NULL     , NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Shake128_SqueezeBlocks(&shake128, NULL, 0), 0);
+#endif
+    ExpectIntEQ(wc_Shake128_SqueezeBlocks(&shake128, hash, 1), 0);
+
+    wc_Shake128_Free(&shake128);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define TEST_SHAKE128_MAX_BLOCKS     3
+int test_wc_Shake128_XOF(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE128
+    wc_Shake shake128;
+    byte hash[WC_SHA3_128_COUNT * 8 * TEST_SHAKE128_MAX_BLOCKS];
+    const char* expOut =
+        "\xf4\x2f\xac\xcf\x13\x0e\x25\x5f"
+        "\xfd\x4a\x29\xbb\x9d\x47\x25\xea"
+        "\x19\xfe\x86\xd3\xeb\x58\xd7\x74"
+        "\xc1\x3c\xf9\xc7\x0e\xdc\xc6\x3b"
+        "\x4b\x97\x0d\x2b\xbc\xa6\x89\x4c"
+        "\xda\x48\x8c\x02\x62\x15\x1f\x2e"
+        "\x36\xb1\x95\x78\xfe\x02\x81\x35"
+        "\x30\x55\x5f\x3c\x06\x47\x2b\x93"
+        "\x1e\xf5\x8e\xf2\xfc\x81\x5b\xec"
+        "\x9f\xde\xf3\xee\xc0\xac\xb0\x90"
+        "\x5c\x19\xc8\x3e\x8a\xa4\xf6\xa7"
+        "\xdf\xa3\x39\xdf\x22\x03\x6c\x07"
+        "\xaa\xbb\xea\x3d\xec\x00\xc2\xb2"
+        "\x6e\x4c\x6b\xdc\xb8\x39\x8b\xb5"
+        "\x67\x3f\xdc\x2a\xf5\x91\x32\xb9"
+        "\x07\xbc\x1d\xb3\x92\x79\x13\xdb"
+        "\x56\xe5\xae\x43\x91\x58\x18\x41"
+        "\xa8\xe1\x75\x8e\x5b\xeb\xac\x4f"
+        "\xeb\x41\xac\x5d\x8b\x4a\x3d\xf6"
+        "\xb6\x5f\xe6\x9c\x19\x1e\x33\x97"
+        "\xbc\x7c\xa7\x7e\xed\x5c\xe5\x4b"
+        "\xdb\xa2\x34\xcd\x90\x94\x46\x19"
+        "\x2e\x60\xbb\xf4\xb1\xe6\x78\xc8"
+        "\xb2\x89\x0b\x2b\x0a\xb9\x69\x81"
+        "\x90\x36\xc7\x5e\xcc\x36\x46\xde"
+        "\x5e\x1d\xb2\x1d\x62\x46\x58\xdf"
+        "\x9a\x07\xea\xe5\x6e\xac\x06\x53"
+        "\x4f\xb4\xb5\x1e\xe3\x78\x60\x84"
+        "\xe0\x96\xfd\xe8\xc0\xf4\x3b\x80"
+        "\x7a\x2d\xb5\x22\x3e\xb5\x0f\x21"
+        "\xcb\x47\x13\x2d\x97\xb5\x28\x25"
+        "\xe7\x84\xa1\x64\x46\xa8\xeb\x8d"
+        "\xa7\xf9\xbe\x89\x3f\x96\x8a\x08"
+        "\x97\x8d\x5c\x72\x7c\x9d\x52\x27"
+        "\xea\xb2\xf0\x9d\x9c\x00\x0d\x3e"
+        "\xd1\xa4\x0f\xdd\xba\x43\x41\xfb"
+        "\xf8\x26\x13\x98\x27\x88\xae\x8b"
+        "\xfb\x8f\xcd\x37\x72\xb3\x37\x09"
+        "\xf4\xde\xde\x33\x8e\x1f\xbd\x49"
+        "\x90\x3c\x8a\x8b\xd2\x89\xb0\x26"
+        "\x39\xc8\x2f\xc7\xfc\x2d\xf9\xa7"
+        "\xd3\x5d\x69\x3d\x90\x17\x9c\xc1"
+        "\x83\xc7\x1d\xd6\xd3\xa2\x01\x57"
+        "\x33\x4f\x0d\xfc\x52\x9e\x2a\xd1"
+        "\x9e\xfb\x36\xdf\x3e\xb3\x49\x9f"
+        "\x83\x22\xa8\x24\x0e\xa1\xfb\xca"
+        "\xd5\x17\x58\x1a\x40\x3f\x4f\x54"
+        "\x3f\xd4\xed\x99\xd2\x39\xad\x37"
+        "\x03\x39\xf7\x3b\xcf\x52\x55\xc4"
+        "\x76\x74\x1d\x33\x04\x76\x44\x0d"
+        "\xf6\x93\x89\x9d\x74\x19\x9c\x09"
+        "\xd9\xf4\x5f\x0b\xbc\xf4\x13\xec"
+        "\x2c\xce\x5f\x2b\x00\xeb\x8b\xa0"
+        "\xa2\xf1\xdd\x93\xc0\x9c\x7c\xb5"
+        "\xca\xe2\xfb\x07\xa9\x1b\xa8\xc9"
+        "\xc9\x84\x2b\x7e\x1e\x05\x8c\x98"
+        "\xfd\x8d\x2a\xd0\xf2\x3a\x7b\x88"
+        "\x26\x4d\xed\x2b\xdb\x99\xb8\x9f"
+        "\x88\x01\x47\x29\xeb\x23\x80\x81"
+        "\x2b\xdd\xac\xbf\xcb\x1e\x80\x0d"
+        "\x4f\xba\xc3\x13\xfa\xb1\xa6\xa9"
+        "\x69\x09\x48\xe6\xb8\xd5\x55\x12"
+        "\xb5\x25\xba\xf6\xd4\x2a\x5e\xf0";
+    int i;
+    int j;
+
+    for (i = 1; i <= TEST_SHAKE128_MAX_BLOCKS; i++) {
+        ExpectIntEQ(wc_InitShake128(&shake128, HEAP_HINT, INVALID_DEVID), 0);
+
+        ExpectIntEQ(wc_Shake128_Absorb(&shake128, (byte*)"Starting point", 15),
+            0);
+
+        for (j = 0; j < TEST_SHAKE128_MAX_BLOCKS; j += i) {
+            int cnt = TEST_SHAKE128_MAX_BLOCKS - j;
+            if (i < cnt)
+                cnt = i;
+            ExpectIntEQ(wc_Shake128_SqueezeBlocks(&shake128,
+                hash + WC_SHA3_128_COUNT * 8 * j, cnt), 0);
+        }
+        ExpectBufEQ(hash, expOut,
+            WC_SHA3_128_COUNT * 8 * TEST_SHAKE128_MAX_BLOCKS);
+    }
+
+    wc_Shake128_Free(&shake128);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * SHAKE-256
+ ******************************************************************************/
+
+int test_wc_InitShake256(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    DIGEST_INIT_TEST(wc_Shake, Shake256);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake256_Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    DIGEST_ALT_UPDATE_TEST(wc_Shake, Shake256);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake256_Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    DIGEST_COUNT_FINAL_TEST(wc_Shake, Shake256, SHA3_256);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SHAKE256_KAT_CNT    7
+int test_wc_Shake256_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    DIGEST_COUNT_KATS_TEST_VARS(wc_Shake, SHAKE256, SHA3_256);
+
+    DIGEST_KATS_ADD("", 0,
+        "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13"
+        "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24"
+        "\x3f\xcd\x52\xea\x62\xb8\x1b\x82"
+        "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f"
+        "\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00"
+        "\xcb\x05\x01\x9d\x67\xb5\x92\xf6"
+        "\xfc\x82\x1c\x49\x47\x9a\xb4\x86"
+        "\x40\x29\x2e\xac\xb3\xb7\xc4\xbe"
+        "\x14\x1e\x96\x61\x6f\xb1\x39\x57"
+        "\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3"
+        "\xdc\x07\x22\x3c\x8e\x92\x93\x7b"
+        "\xef\x84\xbc\x0e\xab\x86\x28\x53"
+        "\x34\x9e\xc7\x55\x46\xf5\x8f\xb7"
+        "\xc2\x77\x5c\x38\x46\x2c\x50\x10"
+        "\xd8\x46\xc1\x85\xc1\x51\x11\xe5"
+        "\x95\x52\x2a\x6b\xcd\x16\xcf\x86"
+        "\xf3\xd1\x22\x10\x9e\x3b\x1f\xdd");
+    DIGEST_KATS_ADD("a", 1,
+        "\x86\x7e\x2c\xb0\x4f\x5a\x04\xdc"
+        "\xbd\x59\x25\x01\xa5\xe8\xfe\x9c"
+        "\xea\xaf\xca\x50\x25\x56\x26\xca"
+        "\x73\x6c\x13\x80\x42\x53\x0b\xa4"
+        "\x36\xb7\xb1\xec\x0e\x06\xa2\x79"
+        "\xbc\x79\x07\x33\xbb\x0a\xee\x6f"
+        "\xa8\x02\x68\x3c\x7b\x35\x50\x63"
+        "\xc4\x34\xe9\x11\x89\xb0\xc6\x51"
+        "\xd0\x92\xb0\x1e\x55\xce\x4d\x61"
+        "\x0b\x54\xa5\x46\x6d\x02\xf8\x8f"
+        "\xc3\x78\x09\x6f\xb0\xda\xd0\x25"
+        "\x48\x57\xfe\x1e\x63\x81\xab\xc0"
+        "\x4e\x07\xe3\x3d\x91\x69\x35\x93"
+        "\x56\x36\x00\x48\x96\xc5\xb1\x25"
+        "\x34\x64\xf1\xcb\x5e\xa7\x3b\x00"
+        "\x7b\xc5\x02\x8b\xbb\xea\x13\xeb"
+        "\xc2\x86\x68\xdb\xfc\x26\xb1\x24");
+    DIGEST_KATS_ADD("abc", 3,
+        "\x48\x33\x66\x60\x13\x60\xa8\x77"
+        "\x1c\x68\x63\x08\x0c\xc4\x11\x4d"
+        "\x8d\xb4\x45\x30\xf8\xf1\xe1\xee"
+        "\x4f\x94\xea\x37\xe7\x8b\x57\x39"
+        "\xd5\xa1\x5b\xef\x18\x6a\x53\x86"
+        "\xc7\x57\x44\xc0\x52\x7e\x1f\xaa"
+        "\x9f\x87\x26\xe4\x62\xa1\x2a\x4f"
+        "\xeb\x06\xbd\x88\x01\xe7\x51\xe4"
+        "\x13\x85\x14\x12\x04\xf3\x29\x97"
+        "\x9f\xd3\x04\x7a\x13\xc5\x65\x77"
+        "\x24\xad\xa6\x4d\x24\x70\x15\x7b"
+        "\x3c\xdc\x28\x86\x20\x94\x4d\x78"
+        "\xdb\xcd\xdb\xd9\x12\x99\x3f\x09"
+        "\x13\xf1\x64\xfb\x2c\xe9\x51\x31"
+        "\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc"
+        "\x62\x27\x20\xd7\xa7\x5c\x63\x34"
+        "\xe8\xa2\xd7\xec\x71\xa7\xcc\x29");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\x71\x8e\x22\x40\x88\x85\x68\x40"
+        "\xad\xe4\xdc\x73\x48\x7e\x15\x82"
+        "\x6a\x07\xec\xb8\xed\x5e\x2b\xda"
+        "\x52\x6c\xc1\xac\xdd\xb9\x9d\x00"
+        "\x60\x49\x81\x58\x44\xbe\x0c\x6c"
+        "\x29\xb7\x59\xdb\x80\xb7\xda\xa6"
+        "\x84\xcb\x46\xd9\x0f\x7e\xef\x10"
+        "\x7d\x24\xaa\xfc\xfa\xf0\xda\xca"
+        "\xca\x28\x88\xdf\xaa\x73\x76\x94"
+        "\xbc\x46\xd5\xc9\x5f\x17\xc5\xcf"
+        "\xe7\xb0\xc9\x5c\xfd\x6a\x12\x6d"
+        "\xd9\x64\x0c\x8e\x62\xe5\xad\x1c"
+        "\x06\xe5\x75\x61\x6a\x2d\xec\x06"
+        "\x46\x06\x6e\x80\x37\xe5\x1a\x00"
+        "\x54\x78\x3d\x82\x0b\x92\xc1\x14"
+        "\x17\x96\xf7\xc3\xe9\x35\x03\x8e"
+        "\x67\x13\xbb\xba\x46\x08\x0b\x2e");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\xb7\xb7\x8b\x04\xa3\xdd\x30\xa2"
+        "\x65\xc8\x88\x6c\x33\xfd\xa9\x47"
+        "\x99\x85\x3d\xe5\xd3\xd1\x05\x41"
+        "\xfd\x4e\x9f\x46\x13\x70\x1c\x61"
+        "\x07\x52\x49\xbe\xd1\x6b\x07\x81"
+        "\x10\x8f\xcf\xe0\x86\xdb\xf3\x8a"
+        "\x7f\xb8\x30\x08\x07\xce\xa8\x5c"
+        "\xc6\x49\x32\x8d\x07\xd4\xff\x2b"
+        "\x5e\x89\x08\x56\x3f\xf0\xfd\xcc"
+        "\x06\xa8\x09\x2f\xbf\xe7\x72\xf8"
+        "\x0e\x49\xf8\x7a\x10\x3b\x2a\xee"
+        "\x12\x99\x0c\xcb\x47\x98\xe9\xec"
+        "\x03\xaa\x48\x18\xa4\xbf\x5a\xbd"
+        "\xa0\x84\xe1\xa5\xfe\x68\x7c\x2c"
+        "\xfe\xf4\x40\x68\x46\xfe\x47\xa0"
+        "\xd0\x7b\xf4\x50\x55\xa2\x69\x9c"
+        "\x37\xd6\xb6\xd9\xcd\x6c\x4f\xf0");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\x31\xf1\x9a\x09\x7c\x72\x3e\x91"
+        "\xfa\x59\xb0\x99\x8d\xd8\x52\x3c"
+        "\x2a\x9e\x7e\x13\xb4\x02\x5d\x6b"
+        "\x48\xfc\xbc\x32\x89\x73\xa1\x08"
+        "\x78\xcf\xbe\xb3\x81\x0d\x88\x2f"
+        "\xdb\x6a\x06\xe8\x7f\x3e\xa5\x2c"
+        "\xf8\x26\xca\x55\x22\x31\x6f\xb6"
+        "\x45\xb7\x08\xac\xbe\x43\xb2\xcb"
+        "\x32\x52\x09\x24\x32\x42\x70\x60"
+        "\xc9\x63\x9e\x21\xa8\x98\xd3\x88"
+        "\xa7\xe1\x53\xe4\x2a\x8b\x89\x33"
+        "\xf2\xad\x0c\x27\x52\x97\x69\x8e"
+        "\x25\x7e\x05\xd2\x62\x75\x39\xb4"
+        "\x2c\x10\x1b\x97\x67\xbc\x6d\x90"
+        "\x06\x39\x31\x1f\x8e\x4a\x2e\x88"
+        "\x26\x7b\xbb\x85\xb3\xfa\x4e\xad"
+        "\xf4\x01\xe0\x74\x18\x9f\x6b\xbf");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x24\xc5\x08\xad\xef\xdf\x5e\x3f"
+        "\x25\x96\xe8\xb5\xa8\x88\xfe\x10"
+        "\xeb\x7b\x5b\x22\xe1\xf3\x5d\x85"
+        "\x8e\x6e\xff\x30\x25\xc4\xcc\x18"
+        "\xa3\xc9\xac\xe5\x1d\xdd\x24\x3d"
+        "\x08\xc8\xc7\x0c\xf6\x8e\x91\xd1"
+        "\x70\x60\x3d\xc3\xe2\xa3\x1c\x6c"
+        "\xa8\x9f\x20\xc4\xa5\x95\xa2\x65"
+        "\x4f\xb7\xd5\x35\x29\x42\x7e\x81"
+        "\x2d\xea\x48\xe8\xe8\x9a\xbe\x06"
+        "\x2b\x88\x90\x2f\x9b\xff\xb5\xee"
+        "\xf2\x8a\x65\x80\xfb\x24\x1a\x15"
+        "\x20\x1f\x18\xf5\x29\x9d\x03\xc3"
+        "\xe7\x17\x3d\x41\x43\x88\x68\x80"
+        "\xe4\xfb\x0b\xe1\xf5\x03\xeb\x4a"
+        "\x10\x9a\xf6\xf9\xe9\x7f\xa8\xdc"
+        "\x2e\xe6\x42\xe3\xc9\x18\x1b\x85");
+
+    DIGEST_COUNT_KATS_TEST(Shake256, SHAKE256, SHA3_256);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake256_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    DIGEST_COUNT_OTHER_TEST(wc_Shake, Shake256, SHA3_256,
+        "\x97\x52\xa7\xbe\xe4\x06\x06\x10"
+        "\xb2\x43\xb5\xca\x1e\x3a\x76\x06"
+        "\x68\xac\x62\xfe\xad\xa4\xad\xc9"
+        "\x23\xa2\x72\xeb\x90\x54\xeb\xd9"
+        "\x06\x7f\x1e\xea\x2d\x80\x92\xb2"
+        "\xd1\xe7\xae\x6b\xc0\x1d\x46\x6a"
+        "\x3f\x62\x67\x35\x7b\x50\x4b\xe2"
+        "\x05\x63\xf7\x97\x10\x4e\x9c\x14"
+        "\xff\x21\x64\x40\xf6\xd4\x55\x79"
+        "\x2e\x7b\x9b\x5b\xfb\xa2\x15\xf9"
+        "\x6d\x6a\x54\xae\x5e\x7d\x6c\x72"
+        "\x4a\x4e\x91\xcc\xc2\x37\x1c\x9d"
+        "\x14\x95\x27\x38\x64\x6c\x62\x10"
+        "\x19\x04\x6f\x19\xde\x61\x5e\xc8"
+        "\x6d\xd2\xcc\x5b\xf4\xe0\xf2\x54"
+        "\x0f\xe9\x2a\xe7\x0a\x7d\xb0\x55"
+        "\x8a\x74\x83\x49\xf0\x2a\x6e\xa9");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake256_Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    DIGEST_COUNT_COPY_TEST(wc_Shake, Shake256, SHA3_256,
+        "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13"
+        "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24"
+        "\x3f\xcd\x52\xea\x62\xb8\x1b\x82"
+        "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f"
+        "\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00"
+        "\xcb\x05\x01\x9d\x67\xb5\x92\xf6"
+        "\xfc\x82\x1c\x49\x47\x9a\xb4\x86"
+        "\x40\x29\x2e\xac\xb3\xb7\xc4\xbe"
+        "\x14\x1e\x96\x61\x6f\xb1\x39\x57"
+        "\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3"
+        "\xdc\x07\x22\x3c\x8e\x92\x93\x7b"
+        "\xef\x84\xbc\x0e\xab\x86\x28\x53"
+        "\x34\x9e\xc7\x55\x46\xf5\x8f\xb7"
+        "\xc2\x77\x5c\x38\x46\x2c\x50\x10"
+        "\xd8\x46\xc1\x85\xc1\x51\x11\xe5"
+        "\x95\x52\x2a\x6b\xcd\x16\xcf\x86"
+        "\xf3\xd1\x22\x10\x9e\x3b\x1f\xdd",
+        "\x48\x33\x66\x60\x13\x60\xa8\x77"
+        "\x1c\x68\x63\x08\x0c\xc4\x11\x4d"
+        "\x8d\xb4\x45\x30\xf8\xf1\xe1\xee"
+        "\x4f\x94\xea\x37\xe7\x8b\x57\x39"
+        "\xd5\xa1\x5b\xef\x18\x6a\x53\x86"
+        "\xc7\x57\x44\xc0\x52\x7e\x1f\xaa"
+        "\x9f\x87\x26\xe4\x62\xa1\x2a\x4f"
+        "\xeb\x06\xbd\x88\x01\xe7\x51\xe4"
+        "\x13\x85\x14\x12\x04\xf3\x29\x97"
+        "\x9f\xd3\x04\x7a\x13\xc5\x65\x77"
+        "\x24\xad\xa6\x4d\x24\x70\x15\x7b"
+        "\x3c\xdc\x28\x86\x20\x94\x4d\x78"
+        "\xdb\xcd\xdb\xd9\x12\x99\x3f\x09"
+        "\x13\xf1\x64\xfb\x2c\xe9\x51\x31"
+        "\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc"
+        "\x62\x27\x20\xd7\xa7\x5c\x63\x34"
+        "\xe8\xa2\xd7\xec\x71\xa7\xcc\x29");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake256Hash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    const byte  data[] = { /* Hello World */
+        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
+        0x72,0x6c,0x64
+    };
+    word32      len = sizeof(data);
+    byte        hash[WC_SHA3_256_COUNT * 8];
+    word32      hashLen = sizeof(hash);
+    const char* expHash =
+        "\x84\x0d\x1c\xe8\x1a\x43\x27\x84"
+        "\x0b\x54\xcb\x1d\x41\x99\x07\xfd"
+        "\x1f\x62\x35\x9b\xad\x33\x65\x6e"
+        "\x05\x86\x53\xd2\xe4\x17\x2a\x43"
+        "\xac\xc9\x58\xdb\xec\x0c\xf0\xd4"
+        "\x73\xdb\x45\x8c\xe1\xc0\x07\xaa"
+        "\x6e\xb4\x0e\xac\x92\xaa\x0e\x65"
+        "\x20\x2e\xdb\x4d\x7f\xee\xd3\x78"
+        "\x8a\x77\xed\x6a\x6d\xdc\x5a\xbf"
+        "\xbf\xbf\xf7\x2f\x22\xf4\x9e\x66"
+        "\x7e\x45\x03\x2c\x1e\xe8\xcf\xb0"
+        "\x79\xf8\x08\x9b\x43\xd1\x6a\xe6"
+        "\xe5\x8f\x06\x3a\x4d\x93\xef\x36"
+        "\x99\xb3\x2b\x9d\x00\xb3\x3c\x37"
+        "\x2c\x10\xa4\x8d\x72\xf6\x4d\xa0"
+        "\x25\x97\xf4\xfa\x23\xd5\x89\x0a"
+        "\x4d\x65\x0a\xcb\x7b\xf8\xd2\x36";
+
+    ExpectIntEQ(wc_Shake256Hash(data, len, hash, hashLen), 0);
+    ExpectBufEQ(hash, expHash, hashLen);
+#endif
+    return EXPECT_RESULT();
+}  /* END test_wc_Shake256Hash */
+
+int test_wc_Shake256_Absorb(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    wc_Shake shake256;
+
+    ExpectIntEQ(wc_InitShake256(&shake256, HEAP_HINT, INVALID_DEVID), 0);
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)
+    ExpectIntEQ(wc_Shake256_Absorb(NULL     , NULL    , 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake256_Absorb(&shake256, NULL    , 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake256_Absorb(NULL     , NULL    , 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Shake256_Absorb(&shake256, NULL, 0), 0);
+#endif
+    ExpectIntEQ(wc_Shake256_Absorb(&shake256, (byte*)"a", 1), 0);
+
+    wc_Shake256_Free(&shake256);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Shake256_SqueezeBlocks(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    wc_Shake shake256;
+    byte hash[WC_SHA3_256_COUNT * 8];
+
+    ExpectIntEQ(wc_InitShake256(&shake256, HEAP_HINT, INVALID_DEVID), 0);
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)
+    ExpectIntEQ(wc_Shake256_SqueezeBlocks(NULL     , NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake256_SqueezeBlocks(&shake256, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Shake256_SqueezeBlocks(NULL     , NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Shake256_SqueezeBlocks(&shake256, NULL, 0), 0);
+#endif
+    ExpectIntEQ(wc_Shake256_SqueezeBlocks(&shake256, hash, 1), 0);
+
+    wc_Shake256_Free(&shake256);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define TEST_SHAKE256_MAX_BLOCKS    3
+int test_wc_Shake256_XOF(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHAKE256
+    wc_Shake shake256;
+    byte hash[WC_SHA3_256_COUNT * 8 * TEST_SHAKE256_MAX_BLOCKS];
+    const char* expOut =
+        "\x26\x16\x27\x51\x34\xae\xba\x85"
+        "\x2e\x81\x43\x9a\x50\x72\x03\xd8"
+        "\x1c\x58\x2b\x87\xb5\x89\x3a\x45"
+        "\x66\xfe\x0e\x5a\xde\x60\x8e\xca"
+        "\x2e\x27\x87\x25\x08\x0f\x13\x0e"
+        "\x4e\x82\xb0\x6a\x4b\xe0\xca\x79"
+        "\xcc\x55\xd8\x3f\xb4\x36\x74\x18"
+        "\x5d\x2d\xb9\xa7\x95\x25\x6b\x44"
+        "\x70\xc5\xa0\xa5\x21\x7e\x88\xed"
+        "\x70\x67\x71\x57\x61\xb2\x3c\xb8"
+        "\x89\x0f\x43\x28\x8a\xa9\xf1\x29"
+        "\x4c\x71\x33\xe7\x96\x4e\x8b\x58"
+        "\x7c\x16\x12\xed\xac\x10\xfb\xc8"
+        "\xf8\xd2\x1f\xa3\x12\x29\x34\xb2"
+        "\xf1\xaa\xcd\x4a\x10\x7a\xd1\x68"
+        "\x00\xc1\xb2\xb8\x4b\xb2\xe5\x8a"
+        "\xa3\xa0\xda\x73\x15\x3e\xb4\x50"
+        "\x70\x3a\x3c\x7f\x8d\xd7\xa8\xfc"
+        "\x03\x63\x0f\x80\x15\xd7\x05\x4f"
+        "\x48\x42\x52\x12\x4f\xa1\x87\x85"
+        "\xb9\xa4\x9b\x04\x17\xdb\x9f\x62"
+        "\x9a\xbb\x07\x40\x56\x6c\xb0\xb9"
+        "\x20\xf1\x85\x18\x36\x4f\x2e\x71"
+        "\x16\x7d\xc0\xed\xb3\x89\x22\x3c"
+        "\x93\xbd\xee\x71\x36\x59\x25\x7b"
+        "\xae\x3c\x8b\x4b\xa8\xac\x63\xef"
+        "\xd5\xfe\x6c\x07\x6b\xb9\x3b\x41"
+        "\x8f\x30\x6d\xee\x7b\x1d\xfc\x6c"
+        "\xda\x21\x1f\xaa\x63\x72\xc6\xf1"
+        "\x51\x27\xce\xdc\x6b\xb2\x84\x7c"
+        "\x79\x3b\xa3\xaf\xf0\xb7\x2d\xd8"
+        "\x6e\xd9\xc5\x2e\x5e\x48\x42\xbc"
+        "\xc3\xe5\x3a\xee\x82\x6c\x90\x21"
+        "\xc9\x17\x9e\x17\x2c\x30\x11\x34"
+        "\x0a\x53\x33\x93\x47\xca\x7d\x9e"
+        "\x4e\xb4\xea\x70\xb7\x58\x39\xc2"
+        "\x3c\x29\x6c\x9d\x75\x45\x88\x3d"
+        "\x68\x5c\x1c\x6a\x52\x56\x6c\xe5"
+        "\x28\x51\xf1\x64\xce\x0b\x45\x66"
+        "\x7a\xc4\xb7\x42\x08\x39\x00\x17"
+        "\xbe\x55\xd2\xda\x05\x5e\x70\xc3"
+        "\xdc\x65\x36\x0b\xa9\x49\x95\xce"
+        "\x8a\x04\x04\x4e\xb2\xff\xfa\x31"
+        "\x07\x09\x5d\xe4\xa8\x04\x10\xf2"
+        "\x84\x3c\x5d\xf4\x99\x5d\x75\x23"
+        "\x03\x66\xed\xac\x07\xbb\x89\x61"
+        "\xd6\xd0\x5f\x19\xd2\x2f\x1c\xd7"
+        "\x73\x4d\x92\x12\x85\x07\x9c\x38"
+        "\xd2\x50\x6e\xe5\xe8\x15\x6c\xf6"
+        "\xde\x66\x9a\x10\x6f\xa1\xaf\x20"
+        "\x99\x1d\xc0\xe6\xdc\xeb\xbc\x74";
+    int i;
+    int j;
+
+    for (i = 1; i <= TEST_SHAKE256_MAX_BLOCKS; i++) {
+        ExpectIntEQ(wc_InitShake256(&shake256, HEAP_HINT, INVALID_DEVID), 0);
+
+        ExpectIntEQ(wc_Shake256_Absorb(&shake256, (byte*)"Starting point", 15),
+            0);
+
+        for (j = 0; j < TEST_SHAKE256_MAX_BLOCKS; j += i) {
+            int cnt = TEST_SHAKE256_MAX_BLOCKS - j;
+            if (i < cnt)
+                cnt = i;
+            ExpectIntEQ(wc_Shake256_SqueezeBlocks(&shake256,
+                hash + WC_SHA3_256_COUNT * 8 * j, cnt), 0);
+        }
+        ExpectBufEQ(hash, expOut,
+            WC_SHA3_256_COUNT * 8 * TEST_SHAKE256_MAX_BLOCKS);
+    }
+
+    wc_Shake256_Free(&shake256);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_sha3.h b/tests/api/test_sha3.h
new file mode 100644
index 000000000..5658c3024
--- /dev/null
+++ b/tests/api/test_sha3.h
@@ -0,0 +1,98 @@
+/* test_sha3.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SHA3_H
+#define WOLFCRYPT_TEST_SHA3_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitSha3(void);
+int test_wc_Sha3_Update(void);
+int test_wc_Sha3_Final(void);
+int test_wc_Sha3_224_KATs(void);
+int test_wc_Sha3_256_KATs(void);
+int test_wc_Sha3_384_KATs(void);
+int test_wc_Sha3_512_KATs(void);
+int test_wc_Sha3_other(void);
+int test_wc_Sha3_Copy(void);
+int test_wc_Sha3_GetHash(void);
+int test_wc_Sha3_Flags(void);
+
+int test_wc_InitShake128(void);
+int test_wc_Shake128_Update(void);
+int test_wc_Shake128_Final(void);
+int test_wc_Shake128_KATs(void);
+int test_wc_Shake128_other(void);
+int test_wc_Shake128_Copy(void);
+int test_wc_Shake128Hash(void);
+int test_wc_Shake128_Absorb(void);
+int test_wc_Shake128_SqueezeBlocks(void);
+int test_wc_Shake128_XOF(void);
+
+int test_wc_InitShake256(void);
+int test_wc_Shake256_Update(void);
+int test_wc_Shake256_Final(void);
+int test_wc_Shake256_KATs(void);
+int test_wc_Shake256_other(void);
+int test_wc_Shake256_Copy(void);
+int test_wc_Shake256Hash(void);
+int test_wc_Shake256_Absorb(void);
+int test_wc_Shake256_SqueezeBlocks(void);
+int test_wc_Shake256_XOF(void);
+
+#define TEST_SHA3_DECLS                             \
+    TEST_DECL_GROUP("sha3", test_wc_InitSha3),      \
+    TEST_DECL_GROUP("sha3", test_wc_Sha3_Update),   \
+    TEST_DECL_GROUP("sha3", test_wc_Sha3_Final),    \
+    TEST_DECL_GROUP("sha3", test_wc_Sha3_224_KATs), \
+    TEST_DECL_GROUP("sha3", test_wc_Sha3_256_KATs), \
+    TEST_DECL_GROUP("sha3", test_wc_Sha3_384_KATs), \
+    TEST_DECL_GROUP("sha3", test_wc_Sha3_512_KATs), \
+    TEST_DECL_GROUP("sha3", test_wc_Sha3_other),    \
+    TEST_DECL_GROUP("sha3", test_wc_Sha3_Copy),     \
+    TEST_DECL_GROUP("sha3", test_wc_Sha3_GetHash),  \
+    TEST_DECL_GROUP("sha3", test_wc_Sha3_Flags)
+
+#define TEST_SHAKE128_DECLS                                         \
+    TEST_DECL_GROUP("shake128", test_wc_InitShake128),              \
+    TEST_DECL_GROUP("shake128", test_wc_Shake128_Update),           \
+    TEST_DECL_GROUP("shake128", test_wc_Shake128_Final),            \
+    TEST_DECL_GROUP("shake128", test_wc_Shake128_KATs),             \
+    TEST_DECL_GROUP("shake128", test_wc_Shake128_other),            \
+    TEST_DECL_GROUP("shake128", test_wc_Shake128_Copy),             \
+    TEST_DECL_GROUP("shake128", test_wc_Shake128Hash),              \
+    TEST_DECL_GROUP("shake128", test_wc_Shake128_Absorb),           \
+    TEST_DECL_GROUP("shake128", test_wc_Shake128_SqueezeBlocks),    \
+    TEST_DECL_GROUP("shake128", test_wc_Shake128_XOF)
+
+#define TEST_SHAKE256_DECLS                                         \
+    TEST_DECL_GROUP("shake256", test_wc_InitShake256),              \
+    TEST_DECL_GROUP("shake256", test_wc_Shake256_Update),           \
+    TEST_DECL_GROUP("shake256", test_wc_Shake256_Final),            \
+    TEST_DECL_GROUP("shake256", test_wc_Shake256_KATs),             \
+    TEST_DECL_GROUP("shake256", test_wc_Shake256_other),            \
+    TEST_DECL_GROUP("shake256", test_wc_Shake256_Copy),             \
+    TEST_DECL_GROUP("shake256", test_wc_Shake256Hash),              \
+    TEST_DECL_GROUP("shake256", test_wc_Shake256_Absorb),           \
+    TEST_DECL_GROUP("shake256", test_wc_Shake256_SqueezeBlocks),    \
+    TEST_DECL_GROUP("shake256", test_wc_Shake256_XOF)
+
+#endif /* WOLFCRYPT_TEST_SHA3_H */
diff --git a/tests/api/test_sha512.c b/tests/api/test_sha512.c
new file mode 100644
index 000000000..8ef92cbf0
--- /dev/null
+++ b/tests/api/test_sha512.c
@@ -0,0 +1,876 @@
+/* test_sha512.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sha512.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sha512.h>
+#include <tests/api/test_digest.h>
+
+/*******************************************************************************
+ * SHA-512
+ ******************************************************************************/
+
+/*
+ * Unit test for the wc_InitSha512()
+ */
+int test_wc_InitSha512(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha512, Sha512);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha512 */
+
+/*
+ *  Tesing wc_Sha512Update()
+ */
+int test_wc_Sha512Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_UPDATE_TEST(wc_Sha512, Sha512);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512Update() */
+
+/*
+ * Unit test on wc_Sha512Final
+ */
+int test_wc_Sha512Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_FINAL_TEST(wc_Sha512, Sha512, SHA512);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512Final */
+
+/*
+ * Unit test on wc_Sha512FinalRaw
+ */
+int test_wc_Sha512FinalRaw(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && \
+    !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
+    !defined(WOLFSSL_NO_HASH_RAW)
+    DIGEST_FINAL_RAW_TEST(wc_Sha512, Sha512, SHA512,
+        "\x6a\x09\xe6\x67\xf3\xbc\xc9\x08"
+        "\xbb\x67\xae\x85\x84\xca\xa7\x3b"
+        "\x3c\x6e\xf3\x72\xfe\x94\xf8\x2b"
+        "\xa5\x4f\xf5\x3a\x5f\x1d\x36\xf1"
+        "\x51\x0e\x52\x7f\xad\xe6\x82\xd1"
+        "\x9b\x05\x68\x8c\x2b\x3e\x6c\x1f"
+        "\x1f\x83\xd9\xab\xfb\x41\xbd\x6b"
+        "\x5b\xe0\xcd\x19\x13\x7e\x21\x79");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512Final */
+
+#define SHA512_KAT_CNT     7
+int test_wc_Sha512_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_KATS_TEST_VARS(wc_Sha512, SHA512);
+
+    DIGEST_KATS_ADD("", 0,
+        "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd"
+        "\xf1\x54\x28\x50\xd6\x6d\x80\x07"
+        "\xd6\x20\xe4\x05\x0b\x57\x15\xdc"
+        "\x83\xf4\xa9\x21\xd3\x6c\xe9\xce"
+        "\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0"
+        "\xff\x83\x18\xd2\x87\x7e\xec\x2f"
+        "\x63\xb9\x31\xbd\x47\x41\x7a\x81"
+        "\xa5\x38\x32\x7a\xf9\x27\xda\x3e");
+    DIGEST_KATS_ADD("a", 1,
+        "\x1f\x40\xfc\x92\xda\x24\x16\x94"
+        "\x75\x09\x79\xee\x6c\xf5\x82\xf2"
+        "\xd5\xd7\xd2\x8e\x18\x33\x5d\xe0"
+        "\x5a\xbc\x54\xd0\x56\x0e\x0f\x53"
+        "\x02\x86\x0c\x65\x2b\xf0\x8d\x56"
+        "\x02\x52\xaa\x5e\x74\x21\x05\x46"
+        "\xf3\x69\xfb\xbb\xce\x8c\x12\xcf"
+        "\xc7\x95\x7b\x26\x52\xfe\x9a\x75");
+    DIGEST_KATS_ADD("abc", 3,
+        "\xdd\xaf\x35\xa1\x93\x61\x7a\xba"
+        "\xcc\x41\x73\x49\xae\x20\x41\x31"
+        "\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2"
+        "\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a"
+        "\x21\x92\x99\x2a\x27\x4f\xc1\xa8"
+        "\x36\xba\x3c\x23\xa3\xfe\xeb\xbd"
+        "\x45\x4d\x44\x23\x64\x3c\xe8\x0e"
+        "\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\x10\x7d\xbf\x38\x9d\x9e\x9f\x71"
+        "\xa3\xa9\x5f\x6c\x05\x5b\x92\x51"
+        "\xbc\x52\x68\xc2\xbe\x16\xd6\xc1"
+        "\x34\x92\xea\x45\xb0\x19\x9f\x33"
+        "\x09\xe1\x64\x55\xab\x1e\x96\x11"
+        "\x8e\x8a\x90\x5d\x55\x97\xb7\x20"
+        "\x38\xdd\xb3\x72\xa8\x98\x26\x04"
+        "\x6d\xe6\x66\x87\xbb\x42\x0e\x7c");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\x4d\xbf\xf8\x6c\xc2\xca\x1b\xae"
+        "\x1e\x16\x46\x8a\x05\xcb\x98\x81"
+        "\xc9\x7f\x17\x53\xbc\xe3\x61\x90"
+        "\x34\x89\x8f\xaa\x1a\xab\xe4\x29"
+        "\x95\x5a\x1b\xf8\xec\x48\x3d\x74"
+        "\x21\xfe\x3c\x16\x46\x61\x3a\x59"
+        "\xed\x54\x41\xfb\x0f\x32\x13\x89"
+        "\xf7\x7f\x48\xa8\x79\xc7\xb1\xf1");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\x1e\x07\xbe\x23\xc2\x6a\x86\xea"
+        "\x37\xea\x81\x0c\x8e\xc7\x80\x93"
+        "\x52\x51\x5a\x97\x0e\x92\x53\xc2"
+        "\x6f\x53\x6c\xfc\x7a\x99\x96\xc4"
+        "\x5c\x83\x70\x58\x3e\x0a\x78\xfa"
+        "\x4a\x90\x04\x1d\x71\xa4\xce\xab"
+        "\x74\x23\xf1\x9c\x71\xb9\xd5\xa3"
+        "\xe0\x12\x49\xf0\xbe\xbd\x58\x94");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x72\xec\x1e\xf1\x12\x4a\x45\xb0"
+        "\x47\xe8\xb7\xc7\x5a\x93\x21\x95"
+        "\x13\x5b\xb6\x1d\xe2\x4e\xc0\xd1"
+        "\x91\x40\x42\x24\x6e\x0a\xec\x3a"
+        "\x23\x54\xe0\x93\xd7\x6f\x30\x48"
+        "\xb4\x56\x76\x43\x46\x90\x0c\xb1"
+        "\x30\xd2\xa4\xfd\x5d\xd1\x6a\xbb"
+        "\x5e\x30\xbc\xb8\x50\xde\xe8\x43");
+
+    DIGEST_KATS_TEST(Sha512, SHA512);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512Final */
+
+int test_wc_Sha512_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_OTHER_TEST(wc_Sha512, Sha512, SHA512,
+        "\xf2\x7d\xa3\xe0\x25\x71\x51\x3f"
+        "\x75\xf4\xdc\xea\xdc\xf7\x7f\xf1"
+        "\xad\x5a\x51\x32\x07\x73\x1d\xf8"
+        "\xdd\xaa\xf1\x15\x3e\xa3\x3c\xc5"
+        "\x00\x76\x6e\x1d\xa5\xa2\x4a\x44"
+        "\x99\x3e\x2d\xaa\xa8\x05\xc8\x49"
+        "\xf0\x83\x34\x02\x07\x43\x8b\xac"
+        "\xfb\xe6\x02\x40\x6b\x48\x54\x8e");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512Final */
+
+int test_wc_Sha512Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_COPY_TEST(wc_Sha512, Sha512, SHA512,
+        "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd"
+        "\xf1\x54\x28\x50\xd6\x6d\x80\x07"
+        "\xd6\x20\xe4\x05\x0b\x57\x15\xdc"
+        "\x83\xf4\xa9\x21\xd3\x6c\xe9\xce"
+        "\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0"
+        "\xff\x83\x18\xd2\x87\x7e\xec\x2f"
+        "\x63\xb9\x31\xbd\x47\x41\x7a\x81"
+        "\xa5\x38\x32\x7a\xf9\x27\xda\x3e",
+        "\xdd\xaf\x35\xa1\x93\x61\x7a\xba"
+        "\xcc\x41\x73\x49\xae\x20\x41\x31"
+        "\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2"
+        "\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a"
+        "\x21\x92\x99\x2a\x27\x4f\xc1\xa8"
+        "\x36\xba\x3c\x23\xa3\xfe\xeb\xbd"
+        "\x45\x4d\x44\x23\x64\x3c\xe8\x0e"
+        "\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512GetHash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA512
+    DIGEST_GET_HASH_TEST(wc_Sha512, Sha512, SHA512,
+        "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd"
+        "\xf1\x54\x28\x50\xd6\x6d\x80\x07"
+        "\xd6\x20\xe4\x05\x0b\x57\x15\xdc"
+        "\x83\xf4\xa9\x21\xd3\x6c\xe9\xce"
+        "\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0"
+        "\xff\x83\x18\xd2\x87\x7e\xec\x2f"
+        "\x63\xb9\x31\xbd\x47\x41\x7a\x81"
+        "\xa5\x38\x32\x7a\xf9\x27\xda\x3e",
+        "\xdd\xaf\x35\xa1\x93\x61\x7a\xba"
+        "\xcc\x41\x73\x49\xae\x20\x41\x31"
+        "\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2"
+        "\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a"
+        "\x21\x92\x99\x2a\x27\x4f\xc1\xa8"
+        "\x36\xba\x3c\x23\xa3\xfe\xeb\xbd"
+        "\x45\x4d\x44\x23\x64\x3c\xe8\x0e"
+        "\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512Transform(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && \
+    (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))
+    DIGEST_TRANSFORM_FINAL_RAW_ALL_TEST(wc_Sha512, Sha512, SHA512,
+        "\x80\x63\x62\x61\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x18\x00\x00\x00",
+        "\x54\x52\xb6\x73\x58\x3e\x6f\x12"
+        "\xcb\x0b\xf3\x61\x38\xb9\x76\xe8"
+        "\x2e\x46\x13\xd9\x4a\x67\xe3\x7c"
+        "\x5c\xd7\xa5\xe6\x43\x55\x16\xa2"
+        "\x83\x06\x9a\x32\x69\x55\x63\x95"
+        "\x68\x75\xde\x70\x09\x4d\xcd\xfe"
+        "\xbe\x11\x20\xd6\xe7\x7c\x49\xd3"
+        "\x5b\xd7\x07\x75\x19\xc9\x8a\xfa");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha512, Sha512);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * SHA-512-224
+ ******************************************************************************/
+
+/*
+ * Unit test for the wc_InitSha512_224()
+ */
+int test_wc_InitSha512_224(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha512, Sha512_224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha512_224 */
+
+/*
+ *  Tesing wc_Sha512_224Update()
+ */
+int test_wc_Sha512_224Update(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_UPDATE_TEST(wc_Sha512, Sha512_224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_224Update() */
+
+/*
+ * Unit test on wc_Sha512_224Final
+ */
+int test_wc_Sha512_224Final(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_FINAL_TEST(wc_Sha512, Sha512_224, SHA512_224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_224Final */
+
+/*
+ * Unit test on wc_Sha512_224FinalRaw
+ */
+int test_wc_Sha512_224FinalRaw(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \
+    !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && \
+    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION >= 3))) && !defined(WOLFSSL_NO_HASH_RAW)
+    DIGEST_FINAL_RAW_TEST(wc_Sha512, Sha512_224, SHA512_224,
+        "\x8c\x3d\x37\xc8\x19\x54\x4d\xa2"
+        "\x73\xe1\x99\x66\x89\xdc\xd4\xd6"
+        "\x1d\xfa\xb7\xae\x32\xff\x9c\x82"
+        "\x67\x9d\xd5\x14");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_224Final */
+
+#define SHA512_224_KAT_CNT     7
+int test_wc_Sha512_224_KATs(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_KATS_TEST_VARS(wc_Sha512, SHA512_224);
+
+    DIGEST_KATS_ADD("", 0,
+        "\x6e\xd0\xdd\x02\x80\x6f\xa8\x9e"
+        "\x25\xde\x06\x0c\x19\xd3\xac\x86"
+        "\xca\xbb\x87\xd6\xa0\xdd\xd0\x5c"
+        "\x33\x3b\x84\xf4");
+    DIGEST_KATS_ADD("a", 1,
+        "\xd5\xcd\xb9\xcc\xc7\x69\xa5\x12"
+        "\x1d\x41\x75\xf2\xbf\xdd\x13\xd6"
+        "\x31\x0e\x0d\x3d\x36\x1e\xa7\x5d"
+        "\x82\x10\x83\x27");
+    DIGEST_KATS_ADD("abc", 3,
+        "\x46\x34\x27\x0f\x70\x7b\x6a\x54"
+        "\xda\xae\x75\x30\x46\x08\x42\xe2"
+        "\x0e\x37\xed\x26\x5c\xee\xe9\xa4"
+        "\x3e\x89\x24\xaa");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\xad\x1a\x4d\xb1\x88\xfe\x57\x06"
+        "\x4f\x4f\x24\x60\x9d\x2a\x83\xcd"
+        "\x0a\xfb\x9b\x39\x8e\xb2\xfc\xae"
+        "\xaa\xe2\xc5\x64");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\xff\x83\x14\x8a\xa0\x7e\xc3\x06"
+        "\x55\xc1\xb4\x0a\xff\x86\x14\x1c"
+        "\x02\x15\xfe\x2a\x54\xf7\x67\xd3"
+        "\xf3\x87\x43\xd8");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xa8\xb4\xb9\x17\x4b\x99\xff\xc6"
+        "\x7d\x6f\x49\xbe\x99\x81\x58\x7b"
+        "\x96\x44\x10\x51\xe1\x6e\x6d\xd0"
+        "\x36\xb1\x40\xd3");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\xae\x98\x8f\xaa\xa4\x7e\x40\x1a"
+        "\x45\xf7\x04\xd1\x27\x2d\x99\x70"
+        "\x24\x58\xfe\xa2\xdd\xc6\x58\x28"
+        "\x27\x55\x6d\xd2");
+
+    DIGEST_KATS_TEST(Sha512_224, SHA512_224);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_224Final */
+
+int test_wc_Sha512_224_other(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_OTHER_TEST(wc_Sha512, Sha512_224, SHA512_224,
+        "\xbe\xbb\x85\xa0\x14\x9f\xd7\xae"
+        "\xc4\xbe\xa4\x8f\xa3\xeb\xac\xc0"
+        "\x88\x02\x6b\xa0\xe8\x22\x5c\xb3"
+        "\x12\x11\xa0\x48");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_224Final */
+
+int test_wc_Sha512_224Copy(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_COPY_TEST(wc_Sha512, Sha512_224, SHA512_224,
+        "\x6e\xd0\xdd\x02\x80\x6f\xa8\x9e"
+        "\x25\xde\x06\x0c\x19\xd3\xac\x86"
+        "\xca\xbb\x87\xd6\xa0\xdd\xd0\x5c"
+        "\x33\x3b\x84\xf4",
+        "\x46\x34\x27\x0f\x70\x7b\x6a\x54"
+        "\xda\xae\x75\x30\x46\x08\x42\xe2"
+        "\x0e\x37\xed\x26\x5c\xee\xe9\xa4"
+        "\x3e\x89\x24\xaa");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_224GetHash(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
+    DIGEST_GET_HASH_TEST(wc_Sha512, Sha512_224, SHA512_224,
+        "\x6e\xd0\xdd\x02\x80\x6f\xa8\x9e"
+        "\x25\xde\x06\x0c\x19\xd3\xac\x86"
+        "\xca\xbb\x87\xd6\xa0\xdd\xd0\x5c"
+        "\x33\x3b\x84\xf4",
+        "\x46\x34\x27\x0f\x70\x7b\x6a\x54"
+        "\xda\xae\x75\x30\x46\x08\x42\xe2"
+        "\x0e\x37\xed\x26\x5c\xee\xe9\xa4"
+        "\x3e\x89\x24\xaa");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_224Transform(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \
+    (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))
+    DIGEST_TRANSFORM_FINAL_RAW_ALL_TEST(wc_Sha512, Sha512_224, SHA512_224,
+        "\x61\x62\x63\x80\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x18",
+        "\x46\x34\x27\x0f\x70\x7b\x6a\x54"
+        "\xda\xae\x75\x30\x46\x08\x42\xe2"
+        "\x0e\x37\xed\x26\x5c\xee\xe9\xa4"
+        "\x3e\x89\x24\xaa");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_224_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \
+    defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha512, Sha512_224);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * SHA-512-256
+ ******************************************************************************/
+
+/*
+ * Unit test for the wc_InitSha512_256()
+ */
+int test_wc_InitSha512_256(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha512, Sha512_256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha512_256 */
+
+/*
+ *  Tesing wc_Sha512_256Update()
+ */
+int test_wc_Sha512_256Update(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_UPDATE_TEST(wc_Sha512, Sha512_256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_256Update() */
+
+/*
+ * Unit test on wc_Sha512_256Final
+ */
+int test_wc_Sha512_256Final(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_FINAL_TEST(wc_Sha512, Sha512_256, SHA512_256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_256Final */
+
+/*
+ * Unit test on wc_Sha512_256FinalRaw
+ */
+int test_wc_Sha512_256FinalRaw(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \
+    !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && \
+    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION >= 3))) && !defined(WOLFSSL_NO_HASH_RAW)
+    DIGEST_FINAL_RAW_TEST(wc_Sha512, Sha512_256, SHA512_256,
+        "\x22\x31\x21\x94\xfc\x2b\xf7\x2c"
+        "\x9f\x55\x5f\xa3\xc8\x4c\x64\xc2"
+        "\x23\x93\xb8\x6b\x6f\x53\xb1\x51"
+        "\x96\x38\x77\x19\x59\x40\xea\xbd");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_256Final */
+
+#define SHA512_256_KAT_CNT     7
+int test_wc_Sha512_256_KATs(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_KATS_TEST_VARS(wc_Sha512, SHA512_256);
+
+    DIGEST_KATS_ADD("", 0,
+        "\xc6\x72\xb8\xd1\xef\x56\xed\x28"
+        "\xab\x87\xc3\x62\x2c\x51\x14\x06"
+        "\x9b\xdd\x3a\xd7\xb8\xf9\x73\x74"
+        "\x98\xd0\xc0\x1e\xce\xf0\x96\x7a");
+    DIGEST_KATS_ADD("a", 1,
+        "\x45\x5e\x51\x88\x24\xbc\x06\x01"
+        "\xf9\xfb\x85\x8f\xf5\xc3\x7d\x41"
+        "\x7d\x67\xc2\xf8\xe0\xdf\x2b\xab"
+        "\xe4\x80\x88\x58\xae\xa8\x30\xf8");
+    DIGEST_KATS_ADD("abc", 3,
+        "\x53\x04\x8e\x26\x81\x94\x1e\xf9"
+        "\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab"
+        "\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46"
+        "\xe0\xe2\xf1\x31\x07\xe7\xaf\x23");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\x0c\xf4\x71\xfd\x17\xed\x69\xd9"
+        "\x90\xda\xf3\x43\x3c\x89\xb1\x6d"
+        "\x63\xde\xc1\xbb\x9c\xb4\x2a\x60"
+        "\x94\x60\x4e\xe5\xd7\xb4\xe9\xfb");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\xfc\x31\x89\x44\x3f\x9c\x26\x8f"
+        "\x62\x6a\xea\x08\xa7\x56\xab\xe7"
+        "\xb7\x26\xb0\x5f\x70\x1c\xb0\x82"
+        "\x22\x31\x2c\xcf\xd6\x71\x0a\x26");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\xcd\xf1\xcc\x0e\xff\xe2\x6e\xcc"
+        "\x0c\x13\x75\x8f\x7b\x4a\x48\xe0"
+        "\x00\x61\x5d\xf2\x41\x28\x41\x85"
+        "\xc3\x9e\xb0\x5d\x35\x5b\xb9\xc8");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\x2c\x9f\xdb\xc0\xc9\x0b\xdd\x87"
+        "\x61\x2e\xe8\x45\x54\x74\xf9\x04"
+        "\x48\x50\x24\x1d\xc1\x05\xb1\xe8"
+        "\xb9\x4b\x8d\xdf\x5f\xac\x91\x48");
+
+    DIGEST_KATS_TEST(Sha512_256, SHA512_256);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_256Final */
+
+int test_wc_Sha512_256_other(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_OTHER_TEST(wc_Sha512, Sha512_256, SHA512_256,
+        "\x0c\x80\x73\xf5\xf4\xc8\xc7\x13"
+        "\x4a\xc4\x8a\xda\x04\xfc\x77\x74"
+        "\xea\xa0\x85\xa9\x29\xb3\x54\xa4"
+        "\x08\xef\x2a\x87\x61\x1f\x8c\xb8");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha512_256Final */
+
+int test_wc_Sha512_256Copy(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_COPY_TEST(wc_Sha512, Sha512_256, SHA512_256,
+        "\xc6\x72\xb8\xd1\xef\x56\xed\x28"
+        "\xab\x87\xc3\x62\x2c\x51\x14\x06"
+        "\x9b\xdd\x3a\xd7\xb8\xf9\x73\x74"
+        "\x98\xd0\xc0\x1e\xce\xf0\x96\x7a",
+        "\x53\x04\x8e\x26\x81\x94\x1e\xf9"
+        "\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab"
+        "\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46"
+        "\xe0\xe2\xf1\x31\x07\xe7\xaf\x23");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_256GetHash(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
+    DIGEST_GET_HASH_TEST(wc_Sha512, Sha512_256, SHA512_256,
+        "\xc6\x72\xb8\xd1\xef\x56\xed\x28"
+        "\xab\x87\xc3\x62\x2c\x51\x14\x06"
+        "\x9b\xdd\x3a\xd7\xb8\xf9\x73\x74"
+        "\x98\xd0\xc0\x1e\xce\xf0\x96\x7a",
+        "\x53\x04\x8e\x26\x81\x94\x1e\xf9"
+        "\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab"
+        "\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46"
+        "\xe0\xe2\xf1\x31\x07\xe7\xaf\x23");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_256Transform(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \
+    (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))
+    DIGEST_TRANSFORM_FINAL_RAW_ALL_TEST(wc_Sha512, Sha512_256, SHA512_256,
+        "\x61\x62\x63\x80\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x18",
+        "\x53\x04\x8e\x26\x81\x94\x1e\xf9"
+        "\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab"
+        "\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46"
+        "\xe0\xe2\xf1\x31\x07\xe7\xaf\x23");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha512_256_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \
+    defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha512, Sha512_256);
+#endif
+    return EXPECT_RESULT();
+}
+
+/*******************************************************************************
+ * SHA-384
+ ******************************************************************************/
+
+/*
+ * Unit test for the wc_InitSha384()
+ */
+int test_wc_InitSha384(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha384, Sha384);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_InitSha384 */
+
+/*
+ *  Tesing wc_Sha384Update()
+ */
+int test_wc_Sha384Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_UPDATE_TEST(wc_Sha384, Sha384);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384Update() */
+
+/*
+ * Unit test on wc_Sha384Final
+ */
+int test_wc_Sha384Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_FINAL_TEST(wc_Sha384, Sha384, SHA384);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384Final */
+
+/*
+ * Unit test on wc_Sha384FinalRaw
+ */
+int test_wc_Sha384FinalRaw(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && \
+    !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
+    !defined(WOLFSSL_NO_HASH_RAW)
+    DIGEST_FINAL_RAW_TEST(wc_Sha384, Sha384, SHA384,
+        "\xcb\xbb\x9d\x5d\xc1\x05\x9e\xd8"
+        "\x62\x9a\x29\x2a\x36\x7c\xd5\x07"
+        "\x91\x59\x01\x5a\x30\x70\xdd\x17"
+        "\x15\x2f\xec\xd8\xf7\x0e\x59\x39"
+        "\x67\x33\x26\x67\xff\xc0\x0b\x31"
+        "\x8e\xb4\x4a\x87\x68\x58\x15\x11");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384 */
+
+#define SHA384_KAT_CNT     7
+int test_wc_Sha384_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_KATS_TEST_VARS(wc_Sha384, SHA384);
+
+    DIGEST_KATS_ADD("", 0,
+        "\x38\xb0\x60\xa7\x51\xac\x96\x38"
+        "\x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a"
+        "\x21\xfd\xb7\x11\x14\xbe\x07\x43"
+        "\x4c\x0c\xc7\xbf\x63\xf6\xe1\xda"
+        "\x27\x4e\xde\xbf\xe7\x6f\x65\xfb"
+        "\xd5\x1a\xd2\xf1\x48\x98\xb9\x5b");
+    DIGEST_KATS_ADD("a", 1,
+        "\x54\xa5\x9b\x9f\x22\xb0\xb8\x08"
+        "\x80\xd8\x42\x7e\x54\x8b\x7c\x23"
+        "\xab\xd8\x73\x48\x6e\x1f\x03\x5d"
+        "\xce\x9c\xd6\x97\xe8\x51\x75\x03"
+        "\x3c\xaa\x88\xe6\xd5\x7b\xc3\x5e"
+        "\xfa\xe0\xb5\xaf\xd3\x14\x5f\x31");
+    DIGEST_KATS_ADD("abc", 3,
+        "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b"
+        "\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
+        "\x27\x2c\x32\xab\x0e\xde\xd1\x63"
+        "\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
+        "\x80\x86\x07\x2b\xa1\xe7\xcc\x23"
+        "\x58\xba\xec\xa1\x34\xc8\x25\xa7");
+    DIGEST_KATS_ADD("message digest", 14,
+        "\x47\x3e\xd3\x51\x67\xec\x1f\x5d"
+        "\x8e\x55\x03\x68\xa3\xdb\x39\xbe"
+        "\x54\x63\x9f\x82\x88\x68\xe9\x45"
+        "\x4c\x23\x9f\xc8\xb5\x2e\x3c\x61"
+        "\xdb\xd0\xd8\xb4\xde\x13\x90\xc2"
+        "\x56\xdc\xbb\x5d\x5f\xd9\x9c\xd5");
+    DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26,
+        "\xfe\xb6\x73\x49\xdf\x3d\xb6\xf5"
+        "\x92\x48\x15\xd6\xc3\xdc\x13\x3f"
+        "\x09\x18\x09\x21\x37\x31\xfe\x5c"
+        "\x7b\x5f\x49\x99\xe4\x63\x47\x9f"
+        "\xf2\x87\x7f\x5f\x29\x36\xfa\x63"
+        "\xbb\x43\x78\x4b\x12\xf3\xeb\xb4");
+    DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+                    "0123456789", 62,
+        "\x17\x61\x33\x6e\x3f\x7c\xbf\xe5"
+        "\x1d\xeb\x13\x7f\x02\x6f\x89\xe0"
+        "\x1a\x44\x8e\x3b\x1f\xaf\xa6\x40"
+        "\x39\xc1\x46\x4e\xe8\x73\x2f\x11"
+        "\xa5\x34\x1a\x6f\x41\xe0\xc2\x02"
+        "\x29\x47\x36\xed\x64\xdb\x1a\x84");
+    DIGEST_KATS_ADD("1234567890123456789012345678901234567890"
+                    "1234567890123456789012345678901234567890", 80,
+        "\xb1\x29\x32\xb0\x62\x7d\x1c\x06"
+        "\x09\x42\xf5\x44\x77\x64\x15\x56"
+        "\x55\xbd\x4d\xa0\xc9\xaf\xa6\xdd"
+        "\x9b\x9e\xf5\x31\x29\xaf\x1b\x8f"
+        "\xb0\x19\x59\x96\xd2\xde\x9c\xa0"
+        "\xdf\x9d\x82\x1f\xfe\xe6\x70\x26");
+
+    DIGEST_KATS_TEST(Sha384, SHA384);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384Final */
+
+int test_wc_Sha384_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_OTHER_TEST(wc_Sha384, Sha384, SHA384,
+        "\xbe\x28\x56\x36\xd3\xae\x1c\x63"
+        "\x94\x7a\xc0\x7f\xb1\x71\x5c\x19"
+        "\x45\xfd\x81\x7b\x46\xfb\x03\xc2"
+        "\x46\x2c\x80\x8d\xd2\xc0\x16\x91"
+        "\x23\x51\x6b\xa5\x0d\x71\x6f\x8b"
+        "\x2f\x52\x74\x86\x0d\x05\xa5\x95");
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Sha384Final */
+
+int test_wc_Sha384Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_COPY_TEST(wc_Sha384, Sha384, SHA384,
+        "\x38\xb0\x60\xa7\x51\xac\x96\x38"
+        "\x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a"
+        "\x21\xfd\xb7\x11\x14\xbe\x07\x43"
+        "\x4c\x0c\xc7\xbf\x63\xf6\xe1\xda"
+        "\x27\x4e\xde\xbf\xe7\x6f\x65\xfb"
+        "\xd5\x1a\xd2\xf1\x48\x98\xb9\x5b",
+        "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b"
+        "\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
+        "\x27\x2c\x32\xab\x0e\xde\xd1\x63"
+        "\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
+        "\x80\x86\x07\x2b\xa1\xe7\xcc\x23"
+        "\x58\xba\xec\xa1\x34\xc8\x25\xa7");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha384GetHash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SHA384
+    DIGEST_GET_HASH_TEST(wc_Sha384, Sha384, SHA384,
+        "\x38\xb0\x60\xa7\x51\xac\x96\x38"
+        "\x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a"
+        "\x21\xfd\xb7\x11\x14\xbe\x07\x43"
+        "\x4c\x0c\xc7\xbf\x63\xf6\xe1\xda"
+        "\x27\x4e\xde\xbf\xe7\x6f\x65\xfb"
+        "\xd5\x1a\xd2\xf1\x48\x98\xb9\x5b",
+        "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b"
+        "\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
+        "\x27\x2c\x32\xab\x0e\xde\xd1\x63"
+        "\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
+        "\x80\x86\x07\x2b\xa1\xe7\xcc\x23"
+        "\x58\xba\xec\xa1\x34\xc8\x25\xa7");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sha384_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS)
+    DIGEST_FLAGS_TEST(wc_Sha384, Sha384);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_sha512.h b/tests/api/test_sha512.h
new file mode 100644
index 000000000..95f997019
--- /dev/null
+++ b/tests/api/test_sha512.h
@@ -0,0 +1,117 @@
+/* test_sha512.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SHA512_H
+#define WOLFCRYPT_TEST_SHA512_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitSha512(void);
+int test_wc_Sha512Update(void);
+int test_wc_Sha512Final(void);
+int test_wc_Sha512FinalRaw(void);
+int test_wc_Sha512_KATs(void);
+int test_wc_Sha512_other(void);
+int test_wc_Sha512Copy(void);
+int test_wc_Sha512GetHash(void);
+int test_wc_Sha512Transform(void);
+int test_wc_Sha512_Flags(void);
+
+int test_wc_InitSha512_224(void);
+int test_wc_Sha512_224Update(void);
+int test_wc_Sha512_224Final(void);
+int test_wc_Sha512_224FinalRaw(void);
+int test_wc_Sha512_224_KATs(void);
+int test_wc_Sha512_224_other(void);
+int test_wc_Sha512_224Copy(void);
+int test_wc_Sha512_224GetHash(void);
+int test_wc_Sha512_224Transform(void);
+int test_wc_Sha512_224_Flags(void);
+
+int test_wc_InitSha512_256(void);
+int test_wc_Sha512_256Update(void);
+int test_wc_Sha512_256Final(void);
+int test_wc_Sha512_256FinalRaw(void);
+int test_wc_Sha512_256_KATs(void);
+int test_wc_Sha512_256_other(void);
+int test_wc_Sha512_256Copy(void);
+int test_wc_Sha512_256GetHash(void);
+int test_wc_Sha512_256Transform(void);
+int test_wc_Sha512_256_Flags(void);
+
+int test_wc_InitSha384(void);
+int test_wc_Sha384Update(void);
+int test_wc_Sha384Final(void);
+int test_wc_Sha384FinalRaw(void);
+int test_wc_Sha384_KATs(void);
+int test_wc_Sha384_other(void);
+int test_wc_Sha384Copy(void);
+int test_wc_Sha384GetHash(void);
+int test_wc_Sha384_Flags(void);
+
+#define TEST_SHA512_DECLS                               \
+    TEST_DECL_GROUP("sha512", test_wc_InitSha512),      \
+    TEST_DECL_GROUP("sha512", test_wc_Sha512Update),    \
+    TEST_DECL_GROUP("sha512", test_wc_Sha512Final),     \
+    TEST_DECL_GROUP("sha512", test_wc_Sha512FinalRaw),  \
+    TEST_DECL_GROUP("sha512", test_wc_Sha512_KATs),     \
+    TEST_DECL_GROUP("sha512", test_wc_Sha512_other),    \
+    TEST_DECL_GROUP("sha512", test_wc_Sha512Copy),      \
+    TEST_DECL_GROUP("sha512", test_wc_Sha512GetHash),   \
+    TEST_DECL_GROUP("sha512", test_wc_Sha512Transform), \
+    TEST_DECL_GROUP("sha512", test_wc_Sha512_Flags)
+
+#define TEST_SHA512_224_DECLS                                   \
+    TEST_DECL_GROUP("sha512_224", test_wc_InitSha512_224),      \
+    TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224Update),    \
+    TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224Final),     \
+    TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224FinalRaw),  \
+    TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224_KATs),     \
+    TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224_other),    \
+    TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224Copy),      \
+    TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224GetHash),   \
+    TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224Transform), \
+    TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224_Flags)
+
+#define TEST_SHA512_256_DECLS                                   \
+    TEST_DECL_GROUP("sha512_256", test_wc_InitSha512_256),      \
+    TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256Update),    \
+    TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256Final),     \
+    TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256FinalRaw),  \
+    TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256_KATs),     \
+    TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256_other),    \
+    TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256Copy),      \
+    TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256GetHash),   \
+    TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256Transform), \
+    TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256_Flags)
+
+#define TEST_SHA384_DECLS                               \
+    TEST_DECL_GROUP("sha384", test_wc_InitSha384),      \
+    TEST_DECL_GROUP("sha384", test_wc_Sha384Update),    \
+    TEST_DECL_GROUP("sha384", test_wc_Sha384Final),     \
+    TEST_DECL_GROUP("sha384", test_wc_Sha384FinalRaw),  \
+    TEST_DECL_GROUP("sha384", test_wc_Sha384_KATs),     \
+    TEST_DECL_GROUP("sha384", test_wc_Sha384_other),    \
+    TEST_DECL_GROUP("sha384", test_wc_Sha384Copy),      \
+    TEST_DECL_GROUP("sha384", test_wc_Sha384GetHash),   \
+    TEST_DECL_GROUP("sha384", test_wc_Sha384_Flags)
+
+#endif /* WOLFCRYPT_TEST_SHA512_H */
diff --git a/tests/api/test_signature.c b/tests/api/test_signature.c
new file mode 100644
index 000000000..f0436b02e
--- /dev/null
+++ b/tests/api/test_signature.c
@@ -0,0 +1,149 @@
+/* test_signature.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/signature.h>
+#include <wolfssl/wolfcrypt/rsa.h>
+#include <wolfssl/wolfcrypt/ecc.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_signature.h>
+
+/* Testing wc_SignatureGetSize() for signature type ECC */
+int test_wc_SignatureGetSize_ecc(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SIG_WRAPPER) && defined(HAVE_ECC) && !defined(NO_ECC256)
+    enum wc_SignatureType sig_type;
+    word32 key_len;
+    ecc_key ecc;
+    const char* qx =
+        "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
+    const char* qy =
+        "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
+    const char* d =
+        "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
+
+    XMEMSET(&ecc, 0, sizeof(ecc_key));
+
+    ExpectIntEQ(wc_ecc_init(&ecc), 0);
+    ExpectIntEQ(wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"), 0);
+    /* Input for signature type ECC */
+    sig_type = WC_SIGNATURE_TYPE_ECC;
+    key_len = sizeof(ecc_key);
+    ExpectIntGT(wc_SignatureGetSize(sig_type, &ecc, key_len), 0);
+
+    /* Test bad args */
+    /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
+    sig_type = (enum wc_SignatureType) 100;
+    /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    sig_type = WC_SIGNATURE_TYPE_ECC;
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), 0);
+    key_len = (word32)0;
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_ecc_free(&ecc), 0);
+#endif /* !NO_SIG_WRAPPER && HAVE_ECC && !NO_ECC256 */
+    return EXPECT_RESULT();
+} /* END test_wc_SignatureGetSize_ecc() */
+
+/* Testing wc_SignatureGetSize() for signature type rsa */
+int test_wc_SignatureGetSize_rsa(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_SIG_WRAPPER) && !defined(NO_RSA)
+    enum wc_SignatureType sig_type;
+    word32 key_len;
+    word32 idx = 0;
+    RsaKey rsa_key;
+    byte* tmp = NULL;
+    size_t bytes;
+
+    XMEMSET(&rsa_key, 0, sizeof(RsaKey));
+
+    #ifdef USE_CERT_BUFFERS_1024
+        bytes = (size_t)sizeof_client_key_der_1024;
+        if (bytes < (size_t)sizeof_client_key_der_1024)
+            bytes = (size_t)sizeof_client_cert_der_1024;
+    #elif defined(USE_CERT_BUFFERS_2048)
+        bytes = (size_t)sizeof_client_key_der_2048;
+        if (bytes < (size_t)sizeof_client_cert_der_2048)
+            bytes = (size_t)sizeof_client_cert_der_2048;
+    #else
+        bytes = FOURK_BUF;
+    #endif
+
+    ExpectNotNull(tmp = (byte*)XMALLOC(bytes, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    if (tmp != NULL) {
+    #ifdef USE_CERT_BUFFERS_1024
+        XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
+    #elif defined(USE_CERT_BUFFERS_2048)
+        XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
+    #elif !defined(NO_FILESYSTEM)
+        XFILE file = XBADFILE;
+        ExpectTrue((file = XFOPEN(clientKey, "rb")) != XBADFILE);
+        ExpectIntGT(bytes = (size_t)XFREAD(tmp, 1, FOURK_BUF, file), 0);
+        if (file != XBADFILE) {
+            XFCLOSE(file);
+        }
+    #else
+        ExpectFail();
+    #endif
+    }
+
+    ExpectIntEQ(wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, testDevId), 0);
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes), 0);
+    /* Input for signature type RSA */
+    sig_type = WC_SIGNATURE_TYPE_RSA;
+    key_len = sizeof(RsaKey);
+    ExpectIntGT(wc_SignatureGetSize(sig_type, &rsa_key, key_len), 0);
+
+    /* Test bad args */
+    /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
+    sig_type = (enum wc_SignatureType)100;
+    /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    sig_type = WC_SIGNATURE_TYPE_RSA;
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    key_len = (word32)0;
+    ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRsaKey(&rsa_key), 0);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif /* !NO_SIG_WRAPPER && !NO_RSA */
+    return EXPECT_RESULT();
+} /* END test_wc_SignatureGetSize_rsa(void) */
+
diff --git a/tests/api/test_signature.h b/tests/api/test_signature.h
new file mode 100644
index 000000000..52d48f186
--- /dev/null
+++ b/tests/api/test_signature.h
@@ -0,0 +1,34 @@
+/* test_signature.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SIGNATURE_H
+#define WOLFCRYPT_TEST_SIGNATURE_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_SignatureGetSize_ecc(void);
+int test_wc_SignatureGetSize_rsa(void);
+
+#define TEST_SIGNATURE_DECLS                                    \
+    TEST_DECL_GROUP("signature", test_wc_SignatureGetSize_ecc), \
+    TEST_DECL_GROUP("signature", test_wc_SignatureGetSize_ecc)
+
+#endif /* WOLFCRYPT_TEST_SIGNATURE_H */
diff --git a/tests/api/test_sm2.c b/tests/api/test_sm2.c
new file mode 100644
index 000000000..d306b5aea
--- /dev/null
+++ b/tests/api/test_sm2.c
@@ -0,0 +1,649 @@
+/* test_sm2.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sm2.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sm2.h>
+
+/*
+ * Testing wc_ecc_sm2_make_key()
+ */
+int test_wc_ecc_sm2_make_key(void)
+{
+    int res = TEST_SKIPPED;
+#if defined(HAVE_ECC) && defined(WOLFSSL_SM2)
+    EXPECT_DECLS;
+    WC_RNG  rng[1];
+    ecc_key key[1];
+
+    XMEMSET(rng, 0, sizeof(*rng));
+    XMEMSET(key, 0, sizeof(*key));
+
+    ExpectIntEQ(wc_InitRng(rng), 0);
+    ExpectIntEQ(wc_ecc_init(key), 0);
+
+    /* Test invalid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_make_key(NULL, NULL, WC_ECC_FLAG_NONE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_make_key(rng, NULL, WC_ECC_FLAG_NONE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_make_key(NULL, key, WC_ECC_FLAG_NONE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test valid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
+    ExpectIntEQ(key->dp->id, ECC_SM2P256V1);
+
+    wc_ecc_free(key);
+    wc_FreeRng(rng);
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+}
+
+/*
+ * Testing wc_ecc_sm2_shared_secret()
+ */
+int test_wc_ecc_sm2_shared_secret(void)
+{
+    int res = TEST_SKIPPED;
+#if defined(HAVE_ECC) && defined(WOLFSSL_SM2)
+    EXPECT_DECLS;
+    WC_RNG  rng[1];
+    ecc_key keyA[1];
+    ecc_key keyB[1];
+    byte outA[32];
+    byte outB[32];
+    word32 outALen = 32;
+    word32 outBLen = 32;
+
+    XMEMSET(rng, 0, sizeof(*rng));
+    XMEMSET(keyA, 0, sizeof(*keyA));
+    XMEMSET(keyB, 0, sizeof(*keyB));
+
+    ExpectIntEQ(wc_InitRng(rng), 0);
+    ExpectIntEQ(wc_ecc_init(keyA), 0);
+    ExpectIntEQ(wc_ecc_init(keyB), 0);
+    ExpectIntEQ(wc_ecc_sm2_make_key(rng, keyA, WC_ECC_FLAG_NONE), 0);
+    ExpectIntEQ(wc_ecc_sm2_make_key(rng, keyB, WC_ECC_FLAG_NONE), 0);
+
+#ifdef ECC_TIMING_RESISTANT
+    ExpectIntEQ(wc_ecc_set_rng(keyA, rng), 0);
+    ExpectIntEQ(wc_ecc_set_rng(keyB, rng), 0);
+#endif
+
+    /* Test invalid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, outA, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, &outALen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, outA, &outALen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, outA, &outALen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, NULL, &outALen),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test valid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, &outALen), 0);
+    ExpectIntLE(outALen, 32);
+    ExpectIntEQ(wc_ecc_sm2_shared_secret(keyB, keyA, outB, &outBLen), 0);
+    ExpectIntLE(outBLen, 32);
+    ExpectIntEQ(outALen, outBLen);
+    ExpectBufEQ(outA, outB, outALen);
+
+    wc_ecc_free(keyB);
+    wc_ecc_free(keyA);
+    wc_FreeRng(rng);
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+}
+
+/*
+ * Testing wc_ecc_sm2_create_digest()
+ */
+int test_wc_ecc_sm2_create_digest(void)
+{
+    int res = TEST_SKIPPED;
+#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && !defined(NO_HASH_WRAPPER) && \
+    (defined(WOLFSSL_SM3) || !defined(NO_SHA256))
+    EXPECT_DECLS;
+    ecc_key key[1];
+    enum wc_HashType hashType;
+    unsigned char pub[] = {
+        0x04,
+        0x63, 0x7F, 0x1B, 0x13, 0x50, 0x36, 0xC9, 0x33,
+        0xDC, 0x3F, 0x7A, 0x8E, 0xBB, 0x1B, 0x7B, 0x2F,
+        0xD1, 0xDF, 0xBD, 0x26, 0x8D, 0x4F, 0x89, 0x4B,
+        0x5A, 0xD4, 0x7D, 0xBD, 0xBE, 0xCD, 0x55, 0x8F,
+        0xE8, 0x81, 0x01, 0xD0, 0x80, 0x48, 0xE3, 0x6C,
+        0xCB, 0xF6, 0x1C, 0xA3, 0x8D, 0xDF, 0x7A, 0xBA,
+        0x54, 0x2B, 0x44, 0x86, 0xE9, 0x9E, 0x49, 0xF3,
+        0xA7, 0x47, 0x0A, 0x85, 0x7A, 0x09, 0x64, 0x33
+    };
+    unsigned char id[] = {
+        0x01, 0x02, 0x03,
+    };
+    unsigned char msg[] = {
+        0x01, 0x02, 0x03,
+    };
+    unsigned char hash[32];
+#ifdef WOLFSSL_SM3
+    unsigned char expHash[32] = {
+        0xc1, 0xdd, 0x92, 0xc5, 0x60, 0xd3, 0x94, 0x28,
+        0xeb, 0x0f, 0x57, 0x79, 0x3f, 0xc9, 0x96, 0xc5,
+        0xfa, 0xf5, 0x90, 0xb2, 0x64, 0x2f, 0xaf, 0x9c,
+        0xc8, 0x57, 0x21, 0x6a, 0x52, 0x7e, 0xf1, 0x95
+    };
+#else
+    unsigned char expHash[32] = {
+        0xea, 0x41, 0x55, 0x21, 0x61, 0x00, 0x5c, 0x9a,
+        0x57, 0x35, 0x6b, 0x49, 0xca, 0x8f, 0x65, 0xc2,
+        0x0e, 0x29, 0x0c, 0xa0, 0x1d, 0xa7, 0xc4, 0xed,
+        0xdd, 0x51, 0x12, 0xf6, 0xe7, 0x55, 0xc5, 0xf4
+    };
+#endif
+
+#ifdef WOLFSSL_SM3
+    hashType = WC_HASH_TYPE_SM3;
+#else
+    hashType = WC_HASH_TYPE_SHA256;
+#endif
+
+    XMEMSET(key, 0, sizeof(*key));
+
+    ExpectIntEQ(wc_ecc_init(key), 0);
+
+    /* Test with no curve set. */
+    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
+        hashType, hash, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
+
+    /* Test invalid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
+        hashType, NULL, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), NULL, sizeof(msg),
+        hashType, NULL, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), msg, sizeof(msg),
+        hashType, NULL, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
+        hashType, hash, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
+        hashType, NULL, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), msg, sizeof(msg),
+        hashType, hash, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), NULL, sizeof(msg),
+        hashType, hash, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
+        hashType, NULL, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
+        hashType, hash, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Bad hash type. */
+    /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
+    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
+        -1, hash, 0, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
+    /* Bad hash size. */
+    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
+        hashType, hash, 0, key), WC_NO_ERR_TRACE(BUFFER_E));
+
+    /* Test valid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
+        hashType, hash, sizeof(hash), key), 0);
+    ExpectBufEQ(hash, expHash, sizeof(expHash));
+
+    wc_ecc_free(key);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+}
+
+/*
+ * Testing wc_ecc_sm2_verify_hash_ex()
+ */
+int test_wc_ecc_sm2_verify_hash_ex(void)
+{
+    int res = TEST_SKIPPED;
+#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_VERIFY) && \
+    defined(WOLFSSL_PUBLIC_MP)
+    EXPECT_DECLS;
+    ecc_key key[1];
+    mp_int r[1];
+    mp_int s[1];
+    int verified;
+    unsigned char pub[] = {
+        0x04,
+        0x63, 0x7F, 0x1B, 0x13, 0x50, 0x36, 0xC9, 0x33,
+        0xDC, 0x3F, 0x7A, 0x8E, 0xBB, 0x1B, 0x7B, 0x2F,
+        0xD1, 0xDF, 0xBD, 0x26, 0x8D, 0x4F, 0x89, 0x4B,
+        0x5A, 0xD4, 0x7D, 0xBD, 0xBE, 0xCD, 0x55, 0x8F,
+        0xE8, 0x81, 0x01, 0xD0, 0x80, 0x48, 0xE3, 0x6C,
+        0xCB, 0xF6, 0x1C, 0xA3, 0x8D, 0xDF, 0x7A, 0xBA,
+        0x54, 0x2B, 0x44, 0x86, 0xE9, 0x9E, 0x49, 0xF3,
+        0xA7, 0x47, 0x0A, 0x85, 0x7A, 0x09, 0x64, 0x33
+    };
+    unsigned char hash[] = {
+        0x3B, 0xFA, 0x5F, 0xFB, 0xC4, 0x27, 0x8C, 0x9D,
+        0x02, 0x3A, 0x19, 0xCB, 0x1E, 0xAA, 0xD2, 0xF1,
+        0x50, 0x69, 0x5B, 0x20
+    };
+    unsigned char rData[] = {
+        0xD2, 0xFC, 0xA3, 0x88, 0xE3, 0xDF, 0xA3, 0x00,
+        0x73, 0x9B, 0x3C, 0x2A, 0x0D, 0xAD, 0x44, 0xA2,
+        0xFC, 0x62, 0xD5, 0x6B, 0x84, 0x54, 0xD8, 0x40,
+        0x22, 0x62, 0x3D, 0x5C, 0xA6, 0x61, 0x9B, 0xE7,
+    };
+    unsigned char sData[] = {
+        0x1D,
+        0xB5, 0xB5, 0xD9, 0xD8, 0xF1, 0x20, 0xDD, 0x97,
+        0x92, 0xBF, 0x7E, 0x9B, 0x3F, 0xE6, 0x3C, 0x4B,
+        0x03, 0xD8, 0x80, 0xBD, 0xB7, 0x27, 0x7E, 0x6A,
+        0x84, 0x23, 0xDE, 0x61, 0x7C, 0x8D, 0xDC
+    };
+    unsigned char rBadData[] = {
+        0xD2, 0xFC, 0xA3, 0x88, 0xE3, 0xDF, 0xA3, 0x00,
+        0x73, 0x9B, 0x3C, 0x2A, 0x0D, 0xAD, 0x44, 0xA2,
+        0xFC, 0x62, 0xD5, 0x6B, 0x84, 0x54, 0xD8, 0x40,
+        0x22, 0x62, 0x3D, 0x5C, 0xA6, 0x61, 0x9B, 0xE8,
+    };
+
+    XMEMSET(key, 0, sizeof(*key));
+    XMEMSET(r, 0, sizeof(*r));
+    XMEMSET(s, 0, sizeof(*s));
+
+    ExpectIntEQ(mp_init(r), 0);
+    ExpectIntEQ(mp_init(s), 0);
+    ExpectIntEQ(mp_read_unsigned_bin(r, rData, sizeof(rData)), 0);
+    ExpectIntEQ(mp_read_unsigned_bin(s, sData, sizeof(sData)), 0);
+
+    ExpectIntEQ(wc_ecc_init(key), 0);
+
+    /* Test with no curve set. */
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
+
+    /* Test invalid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, NULL, NULL, sizeof(hash),
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, s, NULL, sizeof(hash),
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, hash, sizeof(hash),
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
+        &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
+        NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, s, hash, sizeof(hash),
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, NULL, hash, sizeof(hash),
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, NULL, sizeof(hash),
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
+        NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
+        &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Make key not on the SM2 curve. */
+    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
+
+    /* Test valid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
+        &verified, key), 0);
+    ExpectIntEQ(verified, 1);
+
+    ExpectIntEQ(mp_read_unsigned_bin(r, rBadData, sizeof(rBadData)), 0);
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
+        &verified, key), 0);
+    ExpectIntEQ(verified, 0);
+
+    mp_free(s);
+    mp_free(r);
+    wc_ecc_free(key);
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+}
+
+/*
+ * Testing wc_ecc_sm2_verify_hash()
+ */
+int test_wc_ecc_sm2_verify_hash(void)
+{
+    int res = TEST_SKIPPED;
+#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_VERIFY)
+    EXPECT_DECLS;
+    ecc_key key[1];
+    int verified;
+    unsigned char pub[] = {
+        0x04,
+        0x63, 0x7F, 0x1B, 0x13, 0x50, 0x36, 0xC9, 0x33,
+        0xDC, 0x3F, 0x7A, 0x8E, 0xBB, 0x1B, 0x7B, 0x2F,
+        0xD1, 0xDF, 0xBD, 0x26, 0x8D, 0x4F, 0x89, 0x4B,
+        0x5A, 0xD4, 0x7D, 0xBD, 0xBE, 0xCD, 0x55, 0x8F,
+        0xE8, 0x81, 0x01, 0xD0, 0x80, 0x48, 0xE3, 0x6C,
+        0xCB, 0xF6, 0x1C, 0xA3, 0x8D, 0xDF, 0x7A, 0xBA,
+        0x54, 0x2B, 0x44, 0x86, 0xE9, 0x9E, 0x49, 0xF3,
+        0xA7, 0x47, 0x0A, 0x85, 0x7A, 0x09, 0x64, 0x33
+    };
+    unsigned char hash[] = {
+        0x3B, 0xFA, 0x5F, 0xFB, 0xC4, 0x27, 0x8C, 0x9D,
+        0x02, 0x3A, 0x19, 0xCB, 0x1E, 0xAA, 0xD2, 0xF1,
+        0x50, 0x69, 0x5B, 0x20
+    };
+    unsigned char sig[] = {
+        0x30, 0x45, 0x02, 0x21, 0x00, 0xD2, 0xFC, 0xA3,
+        0x88, 0xE3, 0xDF, 0xA3, 0x00, 0x73, 0x9B, 0x3C,
+        0x2A, 0x0D, 0xAD, 0x44, 0xA2, 0xFC, 0x62, 0xD5,
+        0x6B, 0x84, 0x54, 0xD8, 0x40, 0x22, 0x62, 0x3D,
+        0x5C, 0xA6, 0x61, 0x9B, 0xE7, 0x02, 0x20, 0x1D,
+        0xB5, 0xB5, 0xD9, 0xD8, 0xF1, 0x20, 0xDD, 0x97,
+        0x92, 0xBF, 0x7E, 0x9B, 0x3F, 0xE6, 0x3C, 0x4B,
+        0x03, 0xD8, 0x80, 0xBD, 0xB7, 0x27, 0x7E, 0x6A,
+        0x84, 0x23, 0xDE, 0x61, 0x7C, 0x8D, 0xDC
+    };
+    unsigned char sigBad[] = {
+        0x30, 0x45, 0x02, 0x21, 0x00, 0xD2, 0xFC, 0xA3,
+        0x88, 0xE3, 0xDF, 0xA3, 0x00, 0x73, 0x9B, 0x3C,
+        0x2A, 0x0D, 0xAD, 0x44, 0xA2, 0xFC, 0x62, 0xD5,
+        0x6B, 0x84, 0x54, 0xD8, 0x40, 0x22, 0x62, 0x3D,
+        0x5C, 0xA6, 0x61, 0x9B, 0xE7, 0x02, 0x20, 0x1D,
+        0xB5, 0xB5, 0xD9, 0xD8, 0xF1, 0x20, 0xDD, 0x97,
+        0x92, 0xBF, 0x7E, 0x9B, 0x3F, 0xE6, 0x3C, 0x4B,
+        0x03, 0xD8, 0x80, 0xBD, 0xB7, 0x27, 0x7E, 0x6A,
+        0x84, 0x23, 0xDE, 0x61, 0x7C, 0x8D, 0xDD
+    };
+
+
+    XMEMSET(key, 0, sizeof(*key));
+    ExpectIntEQ(wc_ecc_init(key), 0);
+
+    /* Test with no curve set. */
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
+
+    /* Test invalid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), NULL, sizeof(hash),
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), hash, sizeof(hash),
+        NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
+        &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
+        NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), hash, sizeof(hash),
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), NULL, sizeof(hash),
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
+        NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
+        &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Make key not on the SM2 curve. */
+    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
+        &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
+
+    /* Test valid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
+        &verified, key), 0);
+    ExpectIntEQ(verified, 1);
+
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(sigBad, sizeof(sigBad), hash,
+        sizeof(hash), &verified, key), 0);
+    ExpectIntEQ(verified, 0);
+
+    wc_ecc_free(key);
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+}
+
+/*
+ * Testing wc_ecc_sm2_sign_hash_ex()
+ */
+int test_wc_ecc_sm2_sign_hash_ex(void)
+{
+    int res = TEST_SKIPPED;
+#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_SIGN) && \
+    defined(WOLFSSL_PUBLIC_MP)
+    EXPECT_DECLS;
+    WC_RNG  rng[1];
+    ecc_key key[1];
+    mp_int r[1];
+    mp_int s[1];
+    unsigned char hash[32];
+#ifdef HAVE_ECC_VERIFY
+    int verified;
+#endif
+
+    XMEMSET(rng, 0, sizeof(*rng));
+    XMEMSET(key, 0, sizeof(*key));
+    XMEMSET(r, 0, sizeof(*r));
+    XMEMSET(s, 0, sizeof(*s));
+
+    ExpectIntEQ(wc_InitRng(rng), 0);
+    ExpectIntEQ(mp_init(r), 0);
+    ExpectIntEQ(mp_init(s), 0);
+    ExpectIntEQ(wc_RNG_GenerateBlock(rng, hash, sizeof(hash)), 0);
+
+    ExpectIntEQ(wc_ecc_init(key), 0);
+
+    /* Test with no curve set. */
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
+
+    /* Test invalid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, NULL,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), NULL, NULL, NULL,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), rng, NULL, NULL,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, key, NULL,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, r,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, NULL,
+        s), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), rng, key, r, s),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), NULL, key, r, s),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, NULL, r, s),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, NULL, s),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Make key not on the SM2 curve. */
+    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
+
+#ifdef WOLFSSL_SP_MATH_ALL
+    {
+        mp_int smallR[1];
+        sp_init_size(smallR, 1);
+        /* Force failure in _ecc_sm2_calc_r_s by r being too small. */
+        ExpectIntLT(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key,
+            smallR, s), 0);
+    }
+#endif
+
+    /* Test valid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
+        0);
+#ifdef HAVE_ECC_VERIFY
+    ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash), &verified,
+        key), 0);
+    ExpectIntEQ(verified, 1);
+#endif
+
+    mp_free(s);
+    mp_free(r);
+    wc_ecc_free(key);
+    wc_FreeRng(rng);
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+}
+
+/*
+ * Testing wc_ecc_sm2_sign_hash()
+ */
+int test_wc_ecc_sm2_sign_hash(void)
+{
+    int res = TEST_SKIPPED;
+#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_SIGN)
+    EXPECT_DECLS;
+    WC_RNG  rng[1];
+    ecc_key key[1];
+    unsigned char hash[32];
+    unsigned char sig[72];
+    word32 sigSz = sizeof(sig);
+#ifdef HAVE_ECC_VERIFY
+    int verified;
+#endif
+
+    XMEMSET(rng, 0, sizeof(*rng));
+    XMEMSET(key, 0, sizeof(*key));
+
+    ExpectIntEQ(wc_InitRng(rng), 0);
+    ExpectIntEQ(wc_RNG_GenerateBlock(rng, hash, sizeof(hash)), 0);
+
+    ExpectIntEQ(wc_ecc_init(key), 0);
+
+    /* Test with no curve set. */
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
+
+    /* Test invalid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, NULL,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), NULL, NULL, NULL,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), sig, NULL, NULL,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, &sigSz, NULL,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, rng,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, NULL,
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), sig, &sigSz, rng,
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), NULL, &sigSz, rng,
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, NULL, rng,
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, NULL,
+        key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng,
+        NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Make key not on the SM2 curve. */
+    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
+
+    /* Test valid parameters. */
+    ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
+        0);
+#ifdef HAVE_ECC_VERIFY
+    ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sigSz, hash, sizeof(hash),
+        &verified, key), 0);
+    ExpectIntEQ(verified, 1);
+#endif
+
+    wc_ecc_free(key);
+    wc_FreeRng(rng);
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+}
+
diff --git a/tests/api/test_sm2.h b/tests/api/test_sm2.h
new file mode 100644
index 000000000..ca2eb9b67
--- /dev/null
+++ b/tests/api/test_sm2.h
@@ -0,0 +1,44 @@
+/* test_sm2.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SM2_H
+#define WOLFCRYPT_TEST_SM2_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_ecc_sm2_make_key(void);
+int test_wc_ecc_sm2_shared_secret(void);
+int test_wc_ecc_sm2_create_digest(void);
+int test_wc_ecc_sm2_verify_hash_ex(void);
+int test_wc_ecc_sm2_verify_hash(void);
+int test_wc_ecc_sm2_sign_hash_ex(void);
+int test_wc_ecc_sm2_sign_hash(void);
+
+#define TEST_SM2_DECLS                                          \
+    TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_make_key),           \
+    TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_shared_secret),      \
+    TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_create_digest),      \
+    TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_verify_hash_ex),     \
+    TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_verify_hash),        \
+    TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_sign_hash_ex),       \
+    TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_sign_hash)
+
+#endif /* WOLFCRYPT_TEST_SM2_H */
diff --git a/tests/api/test_sm3.c b/tests/api/test_sm3.c
new file mode 100644
index 000000000..e4ba656cb
--- /dev/null
+++ b/tests/api/test_sm3.c
@@ -0,0 +1,417 @@
+/* test_sm3.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sm3.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sm3.h>
+#include <tests/api/test_digest.h>
+
+
+int test_wc_InitSm3(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+
+    /* Test bad arg. */
+    ExpectIntEQ(wc_InitSm3(NULL, HEAP_HINT, INVALID_DEVID),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good arg. */
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+    wc_Sm3Free(&sm3);
+
+    wc_Sm3Free(NULL);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sm3Update(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    /* Pass in bad values. */
+    ExpectIntEQ(wc_Sm3Update(NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Update(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm3Update(&sm3, (byte*)"a", 1), 0);
+
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sm3Final(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+    byte hash[WC_SM3_DIGEST_SIZE];
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Sm3Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Final(&sm3, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
+
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sm3FinalRaw(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SM3) && !defined(HAVE_SELFTEST) && \
+    !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
+    !defined(WOLFSSL_NO_HASH_RAW)
+    wc_Sm3 sm3;
+    byte hash[WC_SM3_DIGEST_SIZE];
+    const char* expHash =
+        "\x73\x80\x16\x6f\x49\x14\xb2\xb9"
+        "\x17\x24\x42\xd7\xda\x8a\x06\x00"
+        "\xa9\x6f\x30\xbc\x16\x31\x38\xaa"
+        "\xe3\x8d\xee\x4d\xb0\xfb\x0e\x4e";
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_Sm3FinalRaw(NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3FinalRaw(&sm3, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3FinalRaw(NULL, hash),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test good args. */
+    ExpectIntEQ(wc_Sm3FinalRaw(&sm3, hash), 0);
+    ExpectBufEQ(hash, expHash, WC_SM3_DIGEST_SIZE);
+
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+#define SM3_KAT_CNT     7
+int test_wc_Sm3_KATs(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+
+    testVector sm3_kat[SM3_KAT_CNT];
+    byte hash[WC_SM3_DIGEST_SIZE];
+    int i = 0;
+
+    sm3_kat[i].input = "";
+    sm3_kat[i].inLen = 0;
+    sm3_kat[i].output =
+        "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f"
+        "\x8e\x61\x19\x48\x31\xe8\x1a\x8f"
+        "\x22\xbe\xc8\xc7\x28\xfe\xfb\x74"
+        "\x7e\xd0\x35\xeb\x50\x82\xaa\x2b";
+    sm3_kat[i].outLen = 0;
+    i++;
+    sm3_kat[i].input = "a";
+    sm3_kat[i].inLen = 1;
+    sm3_kat[i].output =
+        "\x62\x34\x76\xac\x18\xf6\x5a\x29"
+        "\x09\xe4\x3c\x7f\xec\x61\xb4\x9c"
+        "\x7e\x76\x4a\x91\xa1\x8c\xcb\x82"
+        "\xf1\x91\x7a\x29\xc8\x6c\x5e\x88";
+    sm3_kat[i].outLen = 0;
+    i++;
+    sm3_kat[i].input = "abc";
+    sm3_kat[i].inLen = 3;
+    sm3_kat[i].output =
+        "\x66\xc7\xf0\xf4\x62\xee\xed\xd9"
+        "\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2"
+        "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2"
+        "\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0";
+    sm3_kat[i].outLen = 0;
+    i++;
+    sm3_kat[i].input = "message digest";
+    sm3_kat[i].inLen = 14;
+    sm3_kat[i].output =
+        "\xc5\x22\xa9\x42\xe8\x9b\xd8\x0d"
+        "\x97\xdd\x66\x6e\x7a\x55\x31\xb3"
+        "\x61\x88\xc9\x81\x71\x49\xe9\xb2"
+        "\x58\xdf\xe5\x1e\xce\x98\xed\x77";
+    sm3_kat[i].outLen = 0;
+    i++;
+    sm3_kat[i].input = "abcdefghijklmnopqrstuvwxyz";
+    sm3_kat[i].inLen = 26;
+    sm3_kat[i].output =
+        "\xb8\x0f\xe9\x7a\x4d\xa2\x4a\xfc"
+        "\x27\x75\x64\xf6\x6a\x35\x9e\xf4"
+        "\x40\x46\x2a\xd2\x8d\xcc\x6d\x63"
+        "\xad\xb2\x4d\x5c\x20\xa6\x15\x95";
+    sm3_kat[i].outLen = 0;
+    i++;
+    sm3_kat[i].input =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+        "0123456789";
+    sm3_kat[i].inLen = 62;
+    sm3_kat[i].output =
+        "\x29\x71\xd1\x0c\x88\x42\xb7\x0c"
+        "\x97\x9e\x55\x06\x34\x80\xc5\x0b"
+        "\xac\xff\xd9\x0e\x98\xe2\xe6\x0d"
+        "\x25\x12\xab\x8a\xbf\xdf\xce\xc5";
+    sm3_kat[i].outLen = 0;
+    i++;
+    sm3_kat[i].input = "1234567890123456789012345678901234567890"
+                           "1234567890123456789012345678901234567890";
+    sm3_kat[i].inLen = 80;
+    sm3_kat[i].output =
+        "\xad\x81\x80\x53\x21\xf3\xe6\x9d"
+        "\x25\x12\x35\xbf\x88\x6a\x56\x48"
+        "\x44\x87\x3b\x56\xdd\x7d\xde\x40"
+        "\x0f\x05\x5b\x7d\xde\x39\x30\x7a";
+    sm3_kat[i].outLen = 0;
+
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    for (i = 0; i < SM3_KAT_CNT; i++) {
+        /* Do KAT. */
+        ExpectIntEQ(wc_Sm3Update(&sm3, (byte*)sm3_kat[i].input,
+            (word32)sm3_kat[i].inLen), 0);
+        ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
+        ExpectBufEQ(hash, (byte*)sm3_kat[i].output, WC_SM3_DIGEST_SIZE);
+    }
+
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sm3_other(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+    byte hash[WC_SM3_DIGEST_SIZE + 1];
+    byte data[WC_SM3_DIGEST_SIZE * 8 + 1];
+    int dataLen = WC_SM3_DIGEST_SIZE * 8;
+    const char* expHash =
+        "\x76\x6e\x30\x64\x3f\x02\x26\x7f"
+        "\xb1\x94\x26\xd4\x41\xd1\xed\x87"
+        "\x40\x5a\x58\xa5\xaa\x65\xd6\x61"
+        "\xe9\x95\xcc\x5d\xdd\xe8\x49\x34";
+    int i;
+    int j;
+
+    XMEMSET(data, 0xa5, sizeof(data));
+
+    /* Initialize */
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    /* Unaligned input and output buffer. */
+    ExpectIntEQ(wc_Sm3Update(&sm3, data + 1, dataLen), 0);
+    ExpectIntEQ(wc_Sm3Final(&sm3, hash + 1), 0);
+    ExpectBufEQ(hash + 1, (byte*)expHash, WC_SM3_DIGEST_SIZE);
+
+    /* Test that empty updates work. */
+    ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm3Update(&sm3, (byte*)"", 0), 0);
+    ExpectIntEQ(wc_Sm3Update(&sm3, data, dataLen), 0);
+    ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
+    ExpectBufEQ(hash, (byte*)expHash, WC_SM3_DIGEST_SIZE);
+
+    /* Ensure chunking works. */
+    for (i = 1; i < dataLen; i++) {
+        for (j = 0; j < dataLen; j += i) {
+             int len = dataLen - j;
+             if (i < len)
+                 len = i;
+             ExpectIntEQ(wc_Sm3Update(&sm3, data + j, len), 0);
+        }
+        ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
+        ExpectBufEQ(hash, (byte*)expHash, WC_SM3_DIGEST_SIZE);
+    }
+
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sm3Copy(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 src;
+    wc_Sm3 dst;
+    byte hashSrc[WC_SM3_DIGEST_SIZE];
+    byte hashDst[WC_SM3_DIGEST_SIZE];
+    const char* emptyHash =
+        "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f"
+        "\x8e\x61\x19\x48\x31\xe8\x1a\x8f"
+        "\x22\xbe\xc8\xc7\x28\xfe\xfb\x74"
+        "\x7e\xd0\x35\xeb\x50\x82\xaa\x2b";
+    const char* abcHash =
+        "\x66\xc7\xf0\xf4\x62\xee\xed\xd9"
+        "\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2"
+        "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2"
+        "\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0";
+    byte data[WC_SM3_BLOCK_SIZE];
+
+    XMEMSET(data, 0xa5, sizeof(data));
+
+    ExpectIntEQ(wc_InitSm3(&src, HEAP_HINT, INVALID_DEVID), 0);
+    XMEMSET(&dst, 0, sizeof(dst));
+
+    ExpectIntEQ(wc_Sm3Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Copy(&src, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3Copy(NULL, &dst), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Test copy works. */
+    ExpectIntEQ(wc_Sm3Copy(&src, &dst), 0);
+    ExpectIntEQ(wc_Sm3Final(&src, hashSrc), 0);
+    ExpectIntEQ(wc_Sm3Final(&dst, hashDst), 0);
+    ExpectBufEQ(hashSrc, emptyHash, WC_SM3_DIGEST_SIZE);
+    ExpectBufEQ(hashDst, emptyHash, WC_SM3_DIGEST_SIZE);
+    wc_Sm3Free(&dst);
+
+    /* Test buffered data is copied. */
+    ExpectIntEQ(wc_Sm3Update(&src, (byte*)"abc", 3), 0);
+    ExpectIntEQ(wc_Sm3Copy(&src, &dst), 0);
+    ExpectIntEQ(wc_Sm3Final(&src, hashSrc), 0);
+    ExpectIntEQ(wc_Sm3Final(&dst, hashDst), 0);
+    ExpectBufEQ(hashSrc, abcHash, WC_SM3_DIGEST_SIZE);
+    ExpectBufEQ(hashDst, abcHash, WC_SM3_DIGEST_SIZE);
+    wc_Sm3Free(&dst);
+
+    /* Test count of length is copied. */
+    ExpectIntEQ(wc_Sm3Update(&src, data, sizeof(data)), 0);
+    ExpectIntEQ(wc_Sm3Copy(&src, &dst), 0);
+    ExpectIntEQ(wc_Sm3Final(&src, hashSrc), 0);
+    ExpectIntEQ(wc_Sm3Final(&dst, hashDst), 0);
+    ExpectBufEQ(hashSrc, hashDst, WC_SM3_DIGEST_SIZE);
+    wc_Sm3Free(&dst);
+
+    wc_Sm3Free(&src);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_Sm3GetHash(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+    byte hash[WC_SM3_DIGEST_SIZE];
+    const char* emptyHash =
+        "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f"
+        "\x8e\x61\x19\x48\x31\xe8\x1a\x8f"
+        "\x22\xbe\xc8\xc7\x28\xfe\xfb\x74"
+        "\x7e\xd0\x35\xeb\x50\x82\xaa\x2b";
+    const char* abcHash =
+        "\x66\xc7\xf0\xf4\x62\xee\xed\xd9"
+        "\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2"
+        "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2"
+        "\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0";
+
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    ExpectIntEQ(wc_Sm3GetHash(NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3GetHash(&sm3, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm3GetHash(NULL, hash),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0);
+    ExpectBufEQ(hash, emptyHash, WC_SM3_DIGEST_SIZE);
+    /* Test that the hash state hasn't been modified. */
+    ExpectIntEQ(wc_Sm3Update(&sm3, (byte*)"abc", 3), 0);
+    ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0);
+    ExpectBufEQ(hash, abcHash, WC_SM3_DIGEST_SIZE);
+
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
+
+int test_wc_Sm3_Flags(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS)
+    wc_Sm3 sm3;
+    wc_Sm3 sm3_copy;
+    word32 flags;
+
+    XMEMSET(&sm3_copy, 0, sizeof(sm3_copy));
+    ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0);
+
+    /* Do nothing. */
+    ExpectIntEQ(wc_Sm3GetFlags(NULL, NULL), 0);
+    ExpectIntEQ(wc_Sm3GetFlags(&sm3, NULL), 0);
+    ExpectIntEQ(wc_Sm3GetFlags(NULL, &flags), 0);
+    ExpectIntEQ(wc_Sm3SetFlags(NULL, 1), 0);
+
+    ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0);
+    ExpectIntEQ(flags, 0);
+
+    ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3_copy), 0);
+    ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0);
+    ExpectIntEQ(flags, 0);
+    ExpectIntEQ(wc_Sm3GetFlags(&sm3_copy, &flags), 0);
+    ExpectIntEQ(flags, WC_HASH_FLAG_ISCOPY);
+
+    ExpectIntEQ(wc_Sm3SetFlags(&sm3, WC_HASH_FLAG_WILLCOPY), 0);
+    ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0);
+    ExpectIntEQ(flags, WC_HASH_FLAG_WILLCOPY);
+    ExpectIntEQ(wc_Sm3SetFlags(&sm3, 0), 0);
+
+    wc_Sm3Free(&sm3_copy);
+    wc_Sm3Free(&sm3);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_sm3.h b/tests/api/test_sm3.h
new file mode 100644
index 000000000..bdfd9eae1
--- /dev/null
+++ b/tests/api/test_sm3.h
@@ -0,0 +1,48 @@
+/* test_sm3.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SM3_H
+#define WOLFCRYPT_TEST_SM3_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_InitSm3(void);
+int test_wc_Sm3Update(void);
+int test_wc_Sm3Final(void);
+int test_wc_Sm3FinalRaw(void);
+int test_wc_Sm3_KATs(void);
+int test_wc_Sm3_other(void);
+int test_wc_Sm3Copy(void);
+int test_wc_Sm3GetHash(void);
+int test_wc_Sm3_Flags(void);
+
+#define TEST_SM3_DECLS                              \
+    TEST_DECL_GROUP("sm3", test_wc_InitSm3),        \
+    TEST_DECL_GROUP("sm3", test_wc_Sm3Update),      \
+    TEST_DECL_GROUP("sm3", test_wc_Sm3Final),       \
+    TEST_DECL_GROUP("sm3", test_wc_Sm3FinalRaw),    \
+    TEST_DECL_GROUP("sm3", test_wc_Sm3_KATs),       \
+    TEST_DECL_GROUP("sm3", test_wc_Sm3_other),      \
+    TEST_DECL_GROUP("sm3", test_wc_Sm3Copy),        \
+    TEST_DECL_GROUP("sm3", test_wc_Sm3GetHash),     \
+    TEST_DECL_GROUP("sm3", test_wc_Sm3_Flags)
+
+#endif /* WOLFCRYPT_TEST_SM3_H */
diff --git a/tests/api/test_sm4.c b/tests/api/test_sm4.c
new file mode 100644
index 000000000..aee60b8fd
--- /dev/null
+++ b/tests/api/test_sm4.c
@@ -0,0 +1,787 @@
+/* test_sm4.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/sm4.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_sm4.h>
+
+/*
+ * Testing streaming SM4 API.
+ */
+int test_wc_Sm4(void)
+{
+    int res = TEST_SKIPPED;
+#ifdef WOLFSSL_SM4
+    EXPECT_DECLS;
+    wc_Sm4 sm4;
+#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \
+    defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM)
+    unsigned char key[SM4_KEY_SIZE];
+#endif
+#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR)
+    unsigned char iv[SM4_IV_SIZE];
+#endif
+
+    /* Invalid parameters - wc_Sm4Init */
+    ExpectIntEQ(wc_Sm4Init(NULL, NULL, INVALID_DEVID),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4Init */
+    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
+
+#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \
+    defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM)
+    XMEMSET(key, 0, sizeof(key));
+
+    /* Invalid parameters - wc_Sm4SetKey. */
+    ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(NULL, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, SM4_KEY_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, SM4_KEY_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(NULL, key, SM4_KEY_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE-1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE+1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4SetKey. */
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
+#endif
+
+#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR)
+    XMEMSET(iv, 0, sizeof(iv));
+
+    /* Invalid parameters - wc_Sm4SetIV. */
+    ExpectIntEQ(wc_Sm4SetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4SetIV. */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+#endif
+
+    /* Valid cases - wc_Sm4Free */
+    wc_Sm4Free(NULL);
+    wc_Sm4Free(&sm4);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+} /* END test_wc_Sm4 */
+
+/*
+ * Testing block based SM4-ECB API.
+ */
+int test_wc_Sm4Ecb(void)
+{
+    int res = TEST_SKIPPED;
+#ifdef WOLFSSL_SM4_ECB
+    EXPECT_DECLS;
+    wc_Sm4 sm4;
+    unsigned char key[SM4_KEY_SIZE];
+    unsigned char in[SM4_BLOCK_SIZE * 2];
+    unsigned char out[SM4_BLOCK_SIZE * 2];
+    unsigned char out2[SM4_BLOCK_SIZE];
+
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(in, 0, sizeof(in));
+
+    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+
+    /* Tested in test_wc_Sm4. */
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
+
+    /* Invalid parameters - wc_Sm4EcbEncrypt. */
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4EcbEncrypt. */
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), 0);
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
+    /*   In and out are same pointer. */
+    ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
+
+    /* Invalid parameters - wc_Sm4EcbDecrypt. */
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4EcbDecrypt. */
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), 0);
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
+    /*   In and out are same pointer. */
+    ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
+
+    wc_Sm4Free(&sm4);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+} /* END test_wc_Sm4Ecb */
+
+/*
+ * Testing block based SM4-CBC API.
+ */
+int test_wc_Sm4Cbc(void)
+{
+    int res = TEST_SKIPPED;
+#ifdef WOLFSSL_SM4_CBC
+    EXPECT_DECLS;
+    wc_Sm4 sm4;
+    unsigned char key[SM4_KEY_SIZE];
+    unsigned char iv[SM4_IV_SIZE];
+    unsigned char in[SM4_BLOCK_SIZE * 2];
+    unsigned char out[SM4_BLOCK_SIZE * 2];
+    unsigned char out2[SM4_BLOCK_SIZE];
+
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(iv, 0, sizeof(iv));
+    XMEMSET(in, 0, sizeof(in));
+
+    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    /* Tested in test_wc_Sm4. */
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_IV));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_IV));
+    /* Tested in test_wc_Sm4. */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+
+    /* Invalid parameters - wc_Sm4CbcEncrypt. */
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4CbcEncrypt. */
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), 0);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
+    /*   In and out are same pointer. */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
+
+    /* Invalid parameters - wc_Sm4CbcDecrypt. */
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, NULL, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    /* Valid cases - wc_Sm4CbcDecrypt. */
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), 0);
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
+    /*   In and out are same pointer. */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
+
+    wc_Sm4Free(&sm4);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+} /* END test_wc_Sm4Cbc */
+
+/*
+ * Testing streaming SM4-CTR API.
+ */
+int test_wc_Sm4Ctr(void)
+{
+    int res = TEST_SKIPPED;
+#ifdef WOLFSSL_SM4_CTR
+    EXPECT_DECLS;
+    wc_Sm4 sm4;
+    unsigned char key[SM4_KEY_SIZE];
+    unsigned char iv[SM4_IV_SIZE];
+    unsigned char in[SM4_BLOCK_SIZE * 4];
+    unsigned char out[SM4_BLOCK_SIZE * 4];
+    unsigned char out2[SM4_BLOCK_SIZE * 4];
+    word32 chunk;
+    word32 i;
+
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(iv, 0, sizeof(iv));
+    XMEMSET(in, 0, sizeof(in));
+
+    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_KEY));
+    /* Tested in test_wc_Sm4. */
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0),
+        WC_NO_ERR_TRACE(MISSING_IV));
+    /* Tested in test_wc_Sm4. */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+
+    /* Invalid parameters - wc_Sm4CtrEncrypt. */
+    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, in, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4CtrEncrypt. */
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, 1), 0);
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 2), 0);
+    ExpectIntEQ(XMEMCMP(out, out2, 1), 0);
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(out2, out, 2), 0);
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
+    /*   In and out are same pointer. Also check encrypt of cipher text produces
+     *   plaintext.
+     */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, out, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
+
+    /* Chunking tests. */
+    ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+    ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, (word32)sizeof(in)), 0);
+    for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) {
+        ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+        for (i = 0; i + chunk <= (word32)sizeof(in); i += chunk) {
+             ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i, chunk), 0);
+        }
+        if (i < (word32)sizeof(in)) {
+             ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i,
+                 (word32)sizeof(in) - i), 0);
+        }
+        ExpectIntEQ(XMEMCMP(out, out2, (word32)sizeof(out)), 0);
+    }
+
+    for (i = 0; i < (word32)sizeof(iv); i++) {
+        iv[i] = 0xff;
+        ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+        ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
+        ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
+        ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, out, SM4_BLOCK_SIZE * 2), 0);
+        ExpectIntEQ(XMEMCMP(out2, in, SM4_BLOCK_SIZE * 2), 0);
+    }
+
+    wc_Sm4Free(&sm4);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+} /* END test_wc_Sm4Ctr */
+
+/*
+ * Testing stream SM4-GCM API.
+ */
+int test_wc_Sm4Gcm(void)
+{
+    int res = TEST_SKIPPED;
+#ifdef WOLFSSL_SM4_GCM
+    EXPECT_DECLS;
+    wc_Sm4 sm4;
+    unsigned char key[SM4_KEY_SIZE];
+    unsigned char nonce[GCM_NONCE_MAX_SZ];
+    unsigned char in[SM4_BLOCK_SIZE * 2];
+    unsigned char in2[SM4_BLOCK_SIZE * 2];
+    unsigned char out[SM4_BLOCK_SIZE * 2];
+    unsigned char out2[SM4_BLOCK_SIZE * 2];
+    unsigned char dec[SM4_BLOCK_SIZE * 2];
+    unsigned char tag[SM4_BLOCK_SIZE];
+    unsigned char aad[SM4_BLOCK_SIZE * 2];
+    word32 i;
+
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(nonce, 0, sizeof(nonce));
+    XMEMSET(in, 0, sizeof(in));
+    XMEMSET(in2, 0, sizeof(in2));
+    XMEMSET(aad, 0, sizeof(aad));
+
+    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY));
+
+    /* Invalid parameters - wc_Sm4GcmSetKey. */
+    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, SM4_KEY_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, SM4_KEY_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, SM4_KEY_SIZE),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid parameters - wc_Sm4GcmSetKey. */
+    ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, SM4_KEY_SIZE), 0);
+
+    /* Invalid parameters - wc_Sm4GcmEncrypt. */
+    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ,
+        NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
+        SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, 0, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ,
+        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
+        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Invalid parameters - wc_Sm4GcmDecrypt. */
+    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ,
+        NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
+        SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, 0, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ,
+        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
+        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
+        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0);
+
+    /* Check vald values of nonce - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+        GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+        GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
+        GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)),
+        WC_NO_ERR_TRACE(SM4_GCM_AUTH_E));
+
+    /* Check valid values of tag size - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
+    for (i = WOLFSSL_MIN_AUTH_TAG_SZ; i < SM4_BLOCK_SIZE; i++) {
+        ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+            GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0);
+        ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+            GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0);
+    }
+
+    /* Check different in/out sizes. */
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce,
+        GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) {
+        XMEMCPY(out2, out, i - 1);
+        ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, i, nonce, GCM_NONCE_MID_SZ,
+            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0);
+        ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, dec, out, i, nonce, GCM_NONCE_MID_SZ,
+            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(XMEMCMP(in, dec, i), 0);
+    }
+
+    /* Force the counter to roll over in first byte. */
+    {
+        static unsigned char largeIn[256 * SM4_BLOCK_SIZE];
+        static unsigned char largeOut[256 * SM4_BLOCK_SIZE];
+
+        ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn),
+            nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn),
+            nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0);
+    }
+
+    wc_Sm4Free(&sm4);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+} /* END test_wc_Sm4Gcm */
+
+/*
+ * Testing stream SM4-CCM API.
+ */
+int test_wc_Sm4Ccm(void)
+{
+    int res = TEST_SKIPPED;
+#ifdef WOLFSSL_SM4_CCM
+    EXPECT_DECLS;
+    wc_Sm4 sm4;
+    unsigned char key[SM4_KEY_SIZE];
+    unsigned char nonce[CCM_NONCE_MAX_SZ];
+    unsigned char in[SM4_BLOCK_SIZE * 2];
+    unsigned char in2[SM4_BLOCK_SIZE * 2];
+    unsigned char out[SM4_BLOCK_SIZE * 2];
+    unsigned char out2[SM4_BLOCK_SIZE * 2];
+    unsigned char dec[SM4_BLOCK_SIZE * 2];
+    unsigned char tag[SM4_BLOCK_SIZE];
+    unsigned char aad[SM4_BLOCK_SIZE * 2];
+    word32 i;
+
+    XMEMSET(key, 0, sizeof(key));
+    XMEMSET(nonce, 0, sizeof(nonce));
+    XMEMSET(in, 0, sizeof(in));
+    XMEMSET(in2, 0, sizeof(in2));
+    XMEMSET(aad, 0, sizeof(aad));
+
+    ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY));
+    ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
+
+    /* Invalid parameters - wc_Sm4CcmEncrypt. */
+    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
+        NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
+        SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, 0, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ,
+        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
+        WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Invalid parameters - wc_Sm4CcmDecrypt. */
+    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
+        NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
+        SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, 0, tag,
+        SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ,
+        NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
+        WOLFSSL_MIN_AUTH_TAG_SZ - 1, aad, sizeof(aad)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
+        SM4_BLOCK_SIZE + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Valid cases - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
+        tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0);
+
+    /* Check vald values of nonce - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
+    for (i = CCM_NONCE_MIN_SZ; i <= CCM_NONCE_MAX_SZ; i++) {
+        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+            i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+            i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+    }
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+        CCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)),
+        WC_NO_ERR_TRACE(SM4_CCM_AUTH_E));
+
+    /* Check invalid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
+    for (i = 0; i < 4; i++) {
+        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+    /*   Odd values in range 4..SM4_BLOCK_SIZE. */
+    for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) {
+        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+            CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    }
+    /* Check valid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt.
+     * Even values in range 4..SM4_BLOCK_SIZE.
+     */
+    for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) {
+        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
+            CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0);
+        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
+            CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0);
+    }
+
+    /* Check different in/out sizes. */
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce,
+        CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
+    for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) {
+        XMEMCPY(out2, out, i - 1);
+        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, i, nonce, CCM_NONCE_MAX_SZ,
+            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0);
+        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, dec, out, i, nonce, CCM_NONCE_MAX_SZ,
+            tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(XMEMCMP(in, dec, i), 0);
+    }
+
+    /* Force the counter to roll over in first byte. */
+    {
+        static unsigned char largeIn[256 * SM4_BLOCK_SIZE];
+        static unsigned char largeOut[256 * SM4_BLOCK_SIZE];
+
+        ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn),
+            nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn),
+            nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
+        ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0);
+    }
+
+    wc_Sm4Free(&sm4);
+
+    res = EXPECT_RESULT();
+#endif
+    return res;
+} /* END test_wc_Sm4Ccm */
+
diff --git a/tests/api/test_sm4.h b/tests/api/test_sm4.h
new file mode 100644
index 000000000..92558bcae
--- /dev/null
+++ b/tests/api/test_sm4.h
@@ -0,0 +1,42 @@
+/* test_sm4.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_SM4_H
+#define WOLFCRYPT_TEST_SM4_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_Sm4(void);
+int test_wc_Sm4Ecb(void);
+int test_wc_Sm4Cbc(void);
+int test_wc_Sm4Ctr(void);
+int test_wc_Sm4Gcm(void);
+int test_wc_Sm4Ccm(void);
+
+#define TEST_SM4_DECLS                      \
+    TEST_DECL_GROUP("sm4", test_wc_Sm4),    \
+    TEST_DECL_GROUP("sm4", test_wc_Sm4Ecb), \
+    TEST_DECL_GROUP("sm4", test_wc_Sm4Cbc), \
+    TEST_DECL_GROUP("sm4", test_wc_Sm4Ctr), \
+    TEST_DECL_GROUP("sm4", test_wc_Sm4Gcm), \
+    TEST_DECL_GROUP("sm4", test_wc_Sm4Ccm)
+
+#endif /* WOLFCRYPT_TEST_SM4_H */
diff --git a/tests/api/test_tls_ext.c b/tests/api/test_tls_ext.c
new file mode 100644
index 000000000..f9338410d
--- /dev/null
+++ b/tests/api/test_tls_ext.c
@@ -0,0 +1,129 @@
+/* test_tls_ext.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/internal.h>
+#include <tests/utils.h>
+#include <tests/api/test_tls_ext.h>
+
+int test_tls_ems_downgrade(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \
+        defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
+        defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
+    struct test_memio_ctx test_ctx;
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    WOLFSSL_SESSION* session = NULL;
+    /* TLS EMS extension in binary form */
+    const char ems_ext[] = { 0x00, 0x17, 0x00, 0x00 };
+    char data = 0;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLS_client_method, wolfTLS_server_method), 0);
+
+    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+
+    /* Verify that the EMS extension is present in Client's message */
+    ExpectNotNull(mymemmem(test_ctx.s_buff, test_ctx.s_len,
+            ems_ext, sizeof(ems_ext)));
+
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+    ExpectIntEQ(wolfSSL_version(ssl_c), TLS1_3_VERSION);
+
+    /* Do a round of reads to exchange the ticket message */
+    ExpectIntEQ(wolfSSL_read(ssl_s, &data, sizeof(data)), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+    ExpectIntEQ(wolfSSL_read(ssl_c, &data, sizeof(data)), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+
+    ExpectNotNull(session = wolfSSL_get1_session(ssl_c));
+    ExpectTrue(session->haveEMS);
+
+    wolfSSL_free(ssl_c);
+    ssl_c = NULL;
+    wolfSSL_free(ssl_s);
+    ssl_s = NULL;
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLS_client_method, wolfTLS_server_method), 0);
+
+    /* Resuming the connection */
+    ExpectIntEQ(wolfSSL_set_session(ssl_c, session), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+
+    /* Verify that the EMS extension is still present in the resumption CH
+     * even though we used TLS 1.3 */
+    ExpectNotNull(mymemmem(test_ctx.s_buff, test_ctx.s_len,
+            ems_ext, sizeof(ems_ext)));
+
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+    ExpectIntEQ(wolfSSL_version(ssl_c), TLS1_3_VERSION);
+
+    wolfSSL_SESSION_free(session);
+    wolfSSL_free(ssl_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
+
+int test_wolfSSL_DisableExtendedMasterSecret(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(NO_TLS)
+    WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
+    WOLFSSL     *ssl = wolfSSL_new(ctx);
+
+    ExpectNotNull(ctx);
+    ExpectNotNull(ssl);
+
+    /* error cases */
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL));
+    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL));
+
+    /* success cases */
+    ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx));
+    ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl));
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
diff --git a/tests/api/test_tls_ext.h b/tests/api/test_tls_ext.h
new file mode 100644
index 000000000..5fcc10471
--- /dev/null
+++ b/tests/api/test_tls_ext.h
@@ -0,0 +1,28 @@
+/* test_tls_ext.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef TESTS_API_TEST_TLS_EMS_H
+#define TESTS_API_TEST_TLS_EMS_H
+
+int test_tls_ems_downgrade(void);
+int test_wolfSSL_DisableExtendedMasterSecret(void);
+
+#endif /* TESTS_API_TEST_TLS_EMS_H */
diff --git a/tests/api/test_wc_encrypt.c b/tests/api/test_wc_encrypt.c
new file mode 100644
index 000000000..4568ba3ac
--- /dev/null
+++ b/tests/api/test_wc_encrypt.c
@@ -0,0 +1,91 @@
+/* test_wc_encrypt.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/wc_encrypt.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_wc_encrypt.h>
+
+/*
+ *  Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey
+ */
+int test_wc_Des3_CbcEncryptDecryptWithKey(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_DES3
+    word32 vectorSz, cipherSz;
+    byte cipher[24];
+    byte plain[24];
+    byte vector[] = { /* Now is the time for all w/o trailing 0 */
+        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+    };
+    byte key[] = {
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
+        0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
+    };
+    byte iv[] = {
+        0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
+        0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+        0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
+    };
+
+    vectorSz = sizeof(byte) * 24;
+    cipherSz = sizeof(byte) * 24;
+
+    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv),
+        0);
+    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv), 0);
+    ExpectIntEQ(XMEMCMP(plain, vector, 24), 0);
+
+    /* pass in bad args. */
+    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, NULL),
+        0);
+
+    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL),
+        0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_Des3_CbcEncryptDecryptWithKey */
+
diff --git a/tests/api/test_wc_encrypt.h b/tests/api/test_wc_encrypt.h
new file mode 100644
index 000000000..dadf960dc
--- /dev/null
+++ b/tests/api/test_wc_encrypt.h
@@ -0,0 +1,32 @@
+/* test_wc_encrypt.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_WC_ENCRYPT_H
+#define WOLFCRYPT_TEST_WC_ENCRYPT_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_Des3_CbcEncryptDecryptWithKey(void);
+
+#define TEST_WC_ENCRYPT_DECLS                                               \
+    TEST_DECL_GROUP("wc_encrypt", test_wc_Des3_CbcEncryptDecryptWithKey)
+
+#endif /* WOLFCRYPT_TEST_WC_ENCRYPT_H */
diff --git a/tests/api/test_wolfmath.c b/tests/api/test_wolfmath.c
new file mode 100644
index 000000000..1b6c6ec85
--- /dev/null
+++ b/tests/api/test_wolfmath.c
@@ -0,0 +1,196 @@
+/* test_wolfmath.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/wolfmath.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_wolfmath.h>
+
+/*
+ * Testing get_digit_count
+ */
+int test_get_digit_count(void)
+{
+    EXPECT_DECLS;
+#if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_PUBLIC_MP)
+    mp_int a;
+
+    XMEMSET(&a, 0, sizeof(mp_int));
+
+    ExpectIntEQ(mp_init(&a), 0);
+
+    ExpectIntEQ(get_digit_count(NULL), 0);
+    ExpectIntEQ(get_digit_count(&a), 0);
+
+    mp_clear(&a);
+#endif
+    return EXPECT_RESULT();
+} /* End test_get_digit_count */
+
+/*
+ * Testing get_digit
+ */
+int test_get_digit(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_PUBLIC_MP)
+    mp_int a;
+    int    n = 0;
+
+    XMEMSET(&a, 0, sizeof(mp_int));
+
+    ExpectIntEQ(mp_init(&a), MP_OKAY);
+    ExpectIntEQ(get_digit(NULL, n), 0);
+    ExpectIntEQ(get_digit(&a, n), 0);
+
+    mp_clear(&a);
+#endif
+    return EXPECT_RESULT();
+} /* End test_get_digit */
+
+/*
+ * Testing get_rand_digit
+ */
+int test_get_rand_digit(void)
+{
+    EXPECT_DECLS;
+#if !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP)
+    WC_RNG   rng;
+    mp_digit d;
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectIntEQ(get_rand_digit(&rng, &d), 0);
+    ExpectIntEQ(get_rand_digit(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(get_rand_digit(NULL, &d), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(get_rand_digit(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* End test_get_rand_digit */
+
+/*
+ * Testing mp_cond_copy
+ */
+int test_mp_cond_copy(void)
+{
+    EXPECT_DECLS;
+#if (defined(HAVE_ECC) || defined(WOLFSSL_MP_COND_COPY)) && \
+    defined(WOLFSSL_PUBLIC_MP)
+    mp_int a;
+    mp_int b;
+    int    copy = 0;
+
+    XMEMSET(&a, 0, sizeof(mp_int));
+    XMEMSET(&b, 0, sizeof(mp_int));
+
+    ExpectIntEQ(mp_init(&a), MP_OKAY);
+    ExpectIntEQ(mp_init(&b), MP_OKAY);
+
+    ExpectIntEQ(mp_cond_copy(NULL, copy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(mp_cond_copy(NULL, copy, &b), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(mp_cond_copy(&a, copy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(mp_cond_copy(&a, copy, &b), 0);
+
+    mp_clear(&a);
+    mp_clear(&b);
+#endif
+    return EXPECT_RESULT();
+} /* End test_mp_cond_copy */
+
+/*
+ * Testing mp_rand
+ */
+int test_mp_rand(void)
+{
+    EXPECT_DECLS;
+#if defined(WC_RSA_BLINDING) && defined(WOLFSSL_PUBLIC_MP)
+    mp_int a;
+    WC_RNG rng;
+    int    digits = 1;
+
+    XMEMSET(&a, 0, sizeof(mp_int));
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    ExpectIntEQ(mp_init(&a), MP_OKAY);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectIntEQ(mp_rand(&a, digits, NULL), WC_NO_ERR_TRACE(MISSING_RNG_E));
+    ExpectIntEQ(mp_rand(NULL, digits, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(mp_rand(&a, 0, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(mp_rand(&a, digits, &rng), 0);
+
+    mp_clear(&a);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* End test_mp_rand */
+
+/*
+ * Testing wc_export_int
+ */
+int test_wc_export_int(void)
+{
+    EXPECT_DECLS;
+#if (defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT)) && \
+    defined(WOLFSSL_PUBLIC_MP)
+    mp_int mp;
+    byte   buf[32];
+    word32 keySz = (word32)sizeof(buf);
+    word32 len = (word32)sizeof(buf);
+
+    XMEMSET(&mp, 0, sizeof(mp_int));
+
+    ExpectIntEQ(mp_init(&mp), MP_OKAY);
+    ExpectIntEQ(mp_set(&mp, 1234), 0);
+
+    ExpectIntEQ(wc_export_int(NULL, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    len = sizeof(buf)-1;
+    ExpectIntEQ(wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    len = sizeof(buf);
+    ExpectIntEQ(wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN), 0);
+    len = 4; /* test input too small */
+    ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    len = sizeof(buf);
+    ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), 0);
+    /* hex version of 1234 is 04D2 and should be 4 digits + 1 null */
+    ExpectIntEQ(len, 5);
+
+    mp_clear(&mp);
+#endif
+    return EXPECT_RESULT();
+} /* End test_wc_export_int */
+
diff --git a/tests/api/test_wolfmath.h b/tests/api/test_wolfmath.h
new file mode 100644
index 000000000..e02020c75
--- /dev/null
+++ b/tests/api/test_wolfmath.h
@@ -0,0 +1,42 @@
+/* test_wolfmath.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_WOLFMATH_H
+#define WOLFCRYPT_TEST_WOLFMATH_H
+
+#include <tests/api/api_decl.h>
+
+int test_get_digit_count(void);
+int test_get_digit(void);
+int test_get_rand_digit(void);
+int test_mp_cond_copy(void);
+int test_mp_rand(void);
+int test_wc_export_int(void);
+
+#define TEST_WOLFMATH_DECLS                             \
+    TEST_DECL_GROUP("wolfmath", test_get_digit_count),  \
+    TEST_DECL_GROUP("wolfmath", test_get_digit),        \
+    TEST_DECL_GROUP("wolfmath", test_get_rand_digit),   \
+    TEST_DECL_GROUP("wolfmath", test_mp_cond_copy),     \
+    TEST_DECL_GROUP("wolfmath", test_mp_rand),          \
+    TEST_DECL_GROUP("wolfmath", test_wc_export_int)
+
+#endif /* WOLFCRYPT_TEST_WOLFMATH_H */
diff --git a/tests/hash.c b/tests/hash.c
deleted file mode 100644
index 1ebbc6199..000000000
--- a/tests/hash.c
+++ /dev/null
@@ -1,1056 +0,0 @@
-/* hash.c has unit tests
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#include <stdio.h>
-
-#include <wolfssl/wolfcrypt/md4.h>
-#include <wolfssl/wolfcrypt/md5.h>
-#include <wolfssl/wolfcrypt/sha.h>
-#include <wolfssl/wolfcrypt/sha256.h>
-#include <wolfssl/wolfcrypt/sha512.h>
-#include <wolfssl/wolfcrypt/ripemd.h>
-#include <wolfssl/wolfcrypt/hmac.h>
-
-#include <tests/unit.h>
-
-typedef struct testVector {
-    const char*  input;
-    const char*  output;
-    size_t inLen;
-    size_t outLen;
-} testVector;
-
-int  md4_test(void);
-int  md5_test(void);
-int  sha_test(void);
-int  sha224_test(void);
-int  sha256_test(void);
-int  sha512_test(void);
-int  sha384_test(void);
-int  ripemd_test(void);
-int  hmac_md5_test(void);
-int  hmac_sha_test(void);
-int  hmac_sha224_test(void);
-int  hmac_sha256_test(void);
-int  hmac_sha384_test(void);
-
-int HashTest(void)
-{
-    int ret = 0;
-
-    printf(" Begin HASH Tests\n");
-
-#ifndef NO_MD4
-    if ( (ret = md4_test()) ) {
-        printf( "   MD4      test failed!\n");
-        return ret;
-    } else
-        printf( "   MD4      test passed!\n");
-#endif
-
-#ifndef NO_MD5
-    if ( (ret = md5_test()) ) {
-        printf( "   MD5      test failed!\n");
-        return ret;
-    } else
-        printf( "   MD5      test passed!\n");
-#endif
-
-#ifndef NO_SHA
-    if ( (ret = sha_test()) ) {
-        printf( "   SHA      test failed!\n");
-        return ret;
-    } else
-        printf( "   SHA      test passed!\n");
-#endif
-
-#ifdef WOLFSSL_SHA224
-    if ( (ret = sha224_test()) ) {
-        printf( "   SHA-224  test failed!\n");
-        return ret;
-    } else
-        printf( "   SHA-224  test passed!\n");
-#endif
-
-#ifndef NO_SHA256
-    if ( (ret = sha256_test()) ) {
-        printf( "   SHA-256  test failed!\n");
-        return ret;
-    } else
-        printf( "   SHA-256  test passed!\n");
-#endif
-
-#ifdef WOLFSSL_SHA512
-    if ( (ret = sha512_test()) ) {
-        printf( "   SHA-512  test failed!\n");
-        return ret;
-    } else
-        printf( "   SHA-512  test passed!\n");
-#endif
-
-#ifdef WOLFSSL_SHA384
-    if ( (ret = sha384_test()) ) {
-        printf( "   SHA-384  test failed!\n");
-        return ret;
-    } else
-        printf( "   SHA-384  test passed!\n");
-#endif
-
-#ifdef WOLFSSL_RIPEMD
-    if ( (ret = ripemd_test()) ) {
-        printf( "   RIPEMD   test failed!\n");
-        return ret;
-    } else
-        printf( "   RIPEMD   test passed!\n");
-#endif
-
-#ifndef NO_HMAC
-    #if !defined(NO_MD5) && !(defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) \
-                              && (HAVE_FIPS_VERSION >= 5))
-        if ( (ret = hmac_md5_test()) ) {
-            printf( "   HMAC-MD5 test failed!\n");
-            return ret;
-        } else
-            printf( "   HMAC-MD5 test passed!\n");
-    #endif
-
-    #ifndef NO_SHA
-    if ( (ret = hmac_sha_test()) ) {
-        printf( "   HMAC-SHA test failed!\n");
-        return ret;
-    } else
-        printf( "   HMAC-SHA test passed!\n");
-    #endif
-
-    #ifdef WOLFSSL_SHA224
-        if ( (ret = hmac_sha224_test()) ) {
-            printf( "   HMAC-SHA224 test failed!\n");
-            return ret;
-        } else
-            printf( "   HMAC-SHA224 test passed!\n");
-    #endif
-
-    #ifndef NO_SHA256
-        if ( (ret = hmac_sha256_test()) ) {
-            printf( "   HMAC-SHA256 test failed!\n");
-            return ret;
-        } else
-            printf( "   HMAC-SHA256 test passed!\n");
-    #endif
-
-    #ifdef WOLFSSL_SHA384
-        if ( (ret = hmac_sha384_test()) ) {
-            printf( "   HMAC-SHA384 test failed!\n");
-            return ret;
-        } else
-            printf( "   HMAC-SHA384 test passed!\n");
-    #endif
-#endif
-
-    printf(" End HASH Tests\n");
-
-    return 0;
-}
-
-#ifndef NO_MD4
-
-int md4_test(void)
-{
-    Md4  md4;
-    byte hash[MD4_DIGEST_SIZE];
-
-    testVector a, b, c, d, e, f, g;
-    testVector test_md4[7];
-    int times = sizeof(test_md4) / sizeof(testVector), i;
-
-    a.input  = "";
-    a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
-               "\xc0";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    b.input  = "a";
-    b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
-               "\x24";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = XSTRLEN(b.output);
-
-    c.input  = "abc";
-    c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
-               "\x9d";
-    c.inLen  = XSTRLEN(c.input);
-    c.outLen = XSTRLEN(c.output);
-
-    d.input  = "message digest";
-    d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
-               "\x4b";
-    d.inLen  = XSTRLEN(d.input);
-    d.outLen = XSTRLEN(d.output);
-
-    e.input  = "abcdefghijklmnopqrstuvwxyz";
-    e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
-               "\xa9";
-    e.inLen  = XSTRLEN(e.input);
-    e.outLen = XSTRLEN(e.output);
-
-    f.input  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
-               "6789";
-    f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
-               "\xe4";
-    f.inLen  = XSTRLEN(f.input);
-    f.outLen = XSTRLEN(f.output);
-
-    g.input  = "1234567890123456789012345678901234567890123456789012345678"
-               "9012345678901234567890";
-    g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
-               "\x36";
-    g.inLen  = XSTRLEN(g.input);
-    g.outLen = XSTRLEN(g.output);
-
-    test_md4[0] = a;
-    test_md4[1] = b;
-    test_md4[2] = c;
-    test_md4[3] = d;
-    test_md4[4] = e;
-    test_md4[5] = f;
-    test_md4[6] = g;
-
-    wc_InitMd4(&md4);
-
-    for (i = 0; i < times; ++i) {
-        wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
-        wc_Md4Final(&md4, hash);
-
-        if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
-            return -205 - i;
-    }
-
-    return 0;
-}
-
-#endif /* NO_MD4 */
-
-#ifndef NO_MD5
-
-int md5_test(void)
-{
-    int ret;
-    wc_Md5  md5;
-    byte    hash[WC_MD5_DIGEST_SIZE];
-
-    testVector a, b, c, d, e;
-    testVector test_md5[5];
-    int times = sizeof(test_md5) / sizeof(testVector), i;
-
-    a.input  = "abc";
-    a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
-               "\x72";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    b.input  = "message digest";
-    b.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
-               "\xd0";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = XSTRLEN(b.output);
-
-    c.input  = "abcdefghijklmnopqrstuvwxyz";
-    c.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
-               "\x3b";
-    c.inLen  = XSTRLEN(c.input);
-    c.outLen = XSTRLEN(c.output);
-
-    d.input  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
-               "6789";
-    d.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
-               "\x9f";
-    d.inLen  = XSTRLEN(d.input);
-    d.outLen = XSTRLEN(d.output);
-
-    e.input  = "1234567890123456789012345678901234567890123456789012345678"
-               "9012345678901234567890";
-    e.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
-               "\x7a";
-    e.inLen  = XSTRLEN(e.input);
-    e.outLen = XSTRLEN(e.output);
-
-    test_md5[0] = a;
-    test_md5[1] = b;
-    test_md5[2] = c;
-    test_md5[3] = d;
-    test_md5[4] = e;
-
-    ret = wc_InitMd5(&md5);
-    if (ret) {
-        return ret;
-    }
-
-    for (i = 0; i < times; ++i) {
-        ret = wc_Md5Update(&md5, (byte*)test_md5[i].input,
-                                                (word32)test_md5[i].inLen);
-        if (ret) {
-            return ret;
-        }
-
-        ret = wc_Md5Final(&md5, hash);
-        if (ret) {
-            return ret;
-        }
-
-        if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0)
-            return -5 - i;
-    }
-    wc_Md5Free(&md5);
-
-    return 0;
-}
-
-#endif /* NO_MD5 */
-
-#ifndef NO_SHA
-int sha_test(void)
-{
-    wc_Sha sha;
-    byte   hash[WC_SHA_DIGEST_SIZE];
-
-    testVector a, b, c, d;
-    testVector test_sha[4];
-    int ret   = 0;
-    int times = sizeof(test_sha) / sizeof(struct testVector), i;
-
-    a.input  = "abc";
-    a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
-               "\x6C\x9C\xD0\xD8\x9D";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    b.input  = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-    b.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
-               "\xE5\xE5\x46\x70\xF1";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = XSTRLEN(b.output);
-
-    c.input  = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
-               "aaaaaa";
-    c.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
-               "\x2A\x25\xEC\x64\x4D";
-    c.inLen  = XSTRLEN(c.input);
-    c.outLen = XSTRLEN(c.output);
-
-    d.input  = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
-               "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
-               "aaaaaaaaaa";
-    d.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
-               "\x53\x99\x5E\x26\xA0";
-    d.inLen  = XSTRLEN(d.input);
-    d.outLen = XSTRLEN(d.output);
-
-    test_sha[0] = a;
-    test_sha[1] = b;
-    test_sha[2] = c;
-    test_sha[3] = d;
-
-    ret = wc_InitSha(&sha);
-    if (ret != 0)
-        return ret;
-
-    for (i = 0; i < times; ++i) {
-        wc_ShaUpdate(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen);
-        wc_ShaFinal(&sha, hash);
-
-        if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0)
-            return -10 - i;
-    }
-    wc_ShaFree(&sha);
-
-    return 0;
-}
-#endif /* NO_SHA */
-
-#ifdef WOLFSSL_SHA224
-int sha224_test(void)
-{
-    wc_Sha224 sha;
-    byte      hash[WC_SHA224_DIGEST_SIZE];
-
-    testVector a, b;
-    testVector test_sha[2];
-    int ret;
-    int times = sizeof(test_sha) / sizeof(struct testVector), i;
-
-    a.input  = "abc";
-    a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
-               "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = WC_SHA224_DIGEST_SIZE;
-
-    b.input  = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-    b.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
-               "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = WC_SHA224_DIGEST_SIZE;
-
-    test_sha[0] = a;
-    test_sha[1] = b;
-
-    ret = wc_InitSha224(&sha);
-    if (ret != 0)
-        return -4005;
-
-    for (i = 0; i < times; ++i) {
-        ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
-        if (ret != 0)
-            return ret;
-        ret = wc_Sha224Final(&sha, hash);
-        if (ret != 0)
-            return ret;
-
-        if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0)
-            return -10 - i;
-    }
-    wc_Sha224Free(&sha);
-
-    return 0;
-}
-#endif
-
-#ifndef NO_SHA256
-int sha256_test(void)
-{
-    wc_Sha256 sha;
-    byte      hash[WC_SHA256_DIGEST_SIZE];
-
-    testVector a, b;
-    testVector test_sha[2];
-    int ret;
-    int times = sizeof(test_sha) / sizeof(struct testVector), i;
-
-    a.input  = "abc";
-    a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
-               "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
-               "\x15\xAD";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    b.input  = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-    b.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
-               "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
-               "\x06\xC1";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = XSTRLEN(b.output);
-
-    test_sha[0] = a;
-    test_sha[1] = b;
-
-    ret = wc_InitSha256(&sha);
-    if (ret != 0)
-        return ret;
-
-    for (i = 0; i < times; ++i) {
-        ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
-        if (ret != 0)
-            return ret;
-
-        ret = wc_Sha256Final(&sha, hash);
-        if (ret != 0)
-            return ret;
-
-        if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0)
-            return -10 - i;
-    }
-    wc_Sha256Free(&sha);
-
-    return 0;
-}
-#endif
-
-#ifdef WOLFSSL_SHA512
-int sha512_test(void)
-{
-    wc_Sha512 sha;
-    byte      hash[WC_SHA512_DIGEST_SIZE];
-
-    testVector a, b;
-    testVector test_sha[2];
-    int times = sizeof(test_sha) / sizeof(struct testVector), i;
-    int ret;
-
-    a.input  = "abc";
-    a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
-               "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
-               "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
-               "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
-               "\xa5\x4c\xa4\x9f";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    b.input  = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
-               "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
-    b.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
-               "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
-               "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
-               "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
-               "\x87\x4b\xe9\x09";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = XSTRLEN(b.output);
-
-    test_sha[0] = a;
-    test_sha[1] = b;
-
-    ret = wc_InitSha512(&sha);
-    if (ret != 0)
-        return ret;
-
-    for (i = 0; i < times; ++i) {
-        ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
-        if (ret != 0)
-            return ret;
-
-        ret = wc_Sha512Final(&sha, hash);
-        if (ret != 0)
-            return ret;
-
-        if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
-            return -10 - i;
-    }
-    wc_Sha512Free(&sha);
-
-    return 0;
-}
-#endif
-
-#ifdef WOLFSSL_SHA384
-int sha384_test(void)
-{
-    wc_Sha384 sha;
-    byte      hash[WC_SHA384_DIGEST_SIZE];
-
-    testVector a, b;
-    testVector test_sha[2];
-    int times = sizeof(test_sha) / sizeof(struct testVector), i;
-    int ret;
-
-    a.input  = "abc";
-    a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
-               "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
-               "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
-               "\xc8\x25\xa7";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    b.input  = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
-               "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
-    b.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
-               "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
-               "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
-               "\x74\x60\x39";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = XSTRLEN(b.output);
-
-    test_sha[0] = a;
-    test_sha[1] = b;
-
-    ret = wc_InitSha384(&sha);
-    if (ret != 0)
-        return ret;
-
-    for (i = 0; i < times; ++i) {
-        ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
-        if (ret != 0)
-            return ret;
-
-        ret = wc_Sha384Final(&sha, hash);
-        if (ret != 0)
-            return ret;
-
-        if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0)
-            return -10 - i;
-    }
-    wc_Sha384Free(&sha);
-
-    return 0;
-}
-#endif
-
-#ifdef WOLFSSL_RIPEMD
-int ripemd_test(void)
-{
-    RipeMd  ripemd;
-    int ret;
-    byte hash[RIPEMD_DIGEST_SIZE];
-
-    testVector a, b, c, d;
-    testVector test_ripemd[4];
-    int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
-
-    a.input  = "abc";
-    a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
-               "\xb0\x87\xf1\x5a\x0b\xfc";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    b.input  = "message digest";
-    b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
-               "\x5f\xfa\x21\x59\x5f\x36";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = XSTRLEN(b.output);
-
-    c.input  = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-    c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
-               "\xf4\x9a\xda\x62\xeb\x2b";
-    c.inLen  = XSTRLEN(c.input);
-    c.outLen = XSTRLEN(c.output);
-
-    d.input  = "12345678901234567890123456789012345678901234567890123456"
-               "789012345678901234567890";
-    d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
-               "\x82\xbf\x63\x32\x6b\xfb";
-    d.inLen  = XSTRLEN(d.input);
-    d.outLen = XSTRLEN(d.output);
-
-    test_ripemd[0] = a;
-    test_ripemd[1] = b;
-    test_ripemd[2] = c;
-    test_ripemd[3] = d;
-
-    ret = wc_InitRipeMd(&ripemd);
-    if (ret) {
-        return ret;
-    }
-
-    for (i = 0; i < times; ++i) {
-        ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
-                             (word32)test_ripemd[i].inLen);
-        if (ret) {
-            return ret;
-        }
-
-        ret = wc_RipeMdFinal(&ripemd, hash);
-        if (ret) {
-            return ret;
-        }
-
-        if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
-            return -10 - i;
-    }
-
-    return 0;
-}
-#endif /* WOLFSSL_RIPEMD */
-
-#if !defined(NO_HMAC) && !defined(NO_MD5)
-int hmac_md5_test(void)
-{
-    Hmac hmac;
-    byte hash[WC_MD5_DIGEST_SIZE];
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
-        "Jefe",
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-    };
-
-    testVector a, b, c;
-    testVector test_hmac[3];
-
-    int ret;
-    int times = sizeof(test_hmac) / sizeof(testVector), i;
-
-    a.input  = "Hi There";
-    a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
-               "\x9d";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    b.input  = "what do ya want for nothing?";
-    b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
-               "\x38";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = XSTRLEN(b.output);
-
-    c.input  = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD";
-    c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
-               "\xf6";
-    c.inLen  = XSTRLEN(c.input);
-    c.outLen = XSTRLEN(c.output);
-
-    test_hmac[0] = a;
-    test_hmac[1] = b;
-    test_hmac[2] = c;
-
-    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
-    if (ret != 0)
-        return -20009;
-
-    for (i = 0; i < times; ++i) {
-#if defined(HAVE_FIPS)
-        if (i == 1)
-            continue; /* fips not allowed */
-#endif
-        ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i], (word32)XSTRLEN(keys[i]));
-        if (ret != 0)
-            return -4014;
-        ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
-                   (word32)test_hmac[i].inLen);
-        if (ret != 0)
-            return -4015;
-        ret = wc_HmacFinal(&hmac, hash);
-        if (ret != 0)
-            return -4016;
-
-        if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
-            return -20 - i;
-    }
-
-    wc_HmacFree(&hmac);
-
-    return 0;
-}
-#endif
-
-#if !defined(NO_HMAC) && !defined(NO_SHA)
-int hmac_sha_test(void)
-{
-    Hmac hmac;
-    byte hash[WC_SHA_DIGEST_SIZE];
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b",
-        "Jefe",
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
-    };
-
-    testVector a, b, c;
-    testVector test_hmac[3];
-
-    int ret;
-    int times = sizeof(test_hmac) / sizeof(testVector), i;
-
-    a.input  = "Hi There";
-    a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
-               "\x8e\xf1\x46\xbe\x00";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    b.input  = "what do ya want for nothing?";
-    b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
-               "\x9c\x25\x9a\x7c\x79";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = XSTRLEN(b.output);
-
-    c.input  = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD";
-    c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
-               "\x4f\x63\xf1\x75\xd3";
-    c.inLen  = XSTRLEN(c.input);
-    c.outLen = XSTRLEN(c.output);
-
-    test_hmac[0] = a;
-    test_hmac[1] = b;
-    test_hmac[2] = c;
-
-    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
-    if (ret != 0)
-        return -20009;
-
-    for (i = 0; i < times; ++i) {
-#if defined(HAVE_FIPS)
-        if (i == 1)
-            continue; /* fips not allowed */
-#endif
-        ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i], (word32)XSTRLEN(keys[i]));
-        if (ret != 0)
-            return -4017;
-        ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
-                   (word32)test_hmac[i].inLen);
-        if (ret != 0)
-            return -4018;
-        ret = wc_HmacFinal(&hmac, hash);
-        if (ret != 0)
-            return -4019;
-
-        if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
-            return -20 - i;
-    }
-
-    wc_HmacFree(&hmac);
-
-    return 0;
-}
-#endif
-
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
-int hmac_sha224_test(void)
-{
-    Hmac hmac;
-    byte hash[WC_SHA224_DIGEST_SIZE];
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b",
-        "Jefe",
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
-    };
-
-    testVector a, b, c;
-    testVector test_hmac[3];
-
-    int ret;
-    int times = sizeof(test_hmac) / sizeof(testVector), i;
-
-    a.input  = "Hi There";
-    a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
-               "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = WC_SHA224_DIGEST_SIZE;
-
-    b.input  = "what do ya want for nothing?";
-    b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d"
-               "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = WC_SHA224_DIGEST_SIZE;
-
-    c.input  = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD";
-    c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2"
-               "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea";
-    c.inLen  = XSTRLEN(c.input);
-    c.outLen = WC_SHA224_DIGEST_SIZE;
-
-    test_hmac[0] = a;
-    test_hmac[1] = b;
-    test_hmac[2] = c;
-
-    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
-    if (ret != 0)
-        return -20009;
-
-    for (i = 0; i < times; ++i) {
-#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
-        if (i == 1)
-            continue; /* cavium can't handle short keys, fips not allowed */
-#endif
-        ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i],(word32)XSTRLEN(keys[i]));
-        if (ret != 0)
-            return -4021;
-        ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
-                   (word32)test_hmac[i].inLen);
-        if (ret != 0)
-            return -4022;
-        ret = wc_HmacFinal(&hmac, hash);
-        if (ret != 0)
-            return -4023;
-
-        if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
-            return -20 - i;
-    }
-
-    wc_HmacFree(&hmac);
-
-    return 0;
-}
-#endif
-
-
-#if !defined(NO_HMAC) && !defined(NO_SHA256)
-int hmac_sha256_test(void)
-{
-    Hmac hmac;
-    byte hash[WC_SHA256_DIGEST_SIZE];
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b",
-        "Jefe",
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
-    };
-
-    testVector a, b, c;
-    testVector test_hmac[3];
-
-    int ret;
-    int times = sizeof(test_hmac) / sizeof(testVector), i;
-
-    a.input  = "Hi There";
-    a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
-               "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
-               "\xcf\xf7";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    b.input  = "what do ya want for nothing?";
-    b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
-               "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
-               "\x38\x43";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = XSTRLEN(b.output);
-
-    c.input  = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD";
-    c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
-               "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
-               "\x65\xfe";
-    c.inLen  = XSTRLEN(c.input);
-    c.outLen = XSTRLEN(c.output);
-
-    test_hmac[0] = a;
-    test_hmac[1] = b;
-    test_hmac[2] = c;
-
-    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
-    if (ret != 0)
-        return -20009;
-
-    for (i = 0; i < times; ++i) {
-#if defined(HAVE_FIPS)
-        if (i == 1)
-            continue; /* fips not allowed */
-#endif
-        ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i],
-            (word32)XSTRLEN(keys[i]));
-        if (ret != 0)
-            return -4020;
-        ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
-                   (word32)test_hmac[i].inLen);
-        if (ret != 0)
-            return -4021;
-        ret = wc_HmacFinal(&hmac, hash);
-        if (ret != 0)
-            return -4022;
-
-        if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
-            return -20 - i;
-    }
-
-    wc_HmacFree(&hmac);
-
-    return 0;
-}
-#endif
-
-
-#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
-int hmac_sha384_test(void)
-{
-    Hmac hmac;
-    byte hash[WC_SHA384_DIGEST_SIZE];
-
-    const char* keys[]=
-    {
-        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                                                                "\x0b\x0b\x0b",
-        "Jefe",
-        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
-                                                                "\xAA\xAA\xAA"
-    };
-
-    testVector a, b, c;
-    testVector test_hmac[3];
-
-    int ret;
-    int times = sizeof(test_hmac) / sizeof(testVector), i;
-
-    a.input  = "Hi There";
-    a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
-               "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
-               "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
-               "\xfa\x9c\xb6";
-    a.inLen  = XSTRLEN(a.input);
-    a.outLen = XSTRLEN(a.output);
-
-    b.input  = "what do ya want for nothing?";
-    b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
-               "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
-               "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
-               "\xb2\x16\x49";
-    b.inLen  = XSTRLEN(b.input);
-    b.outLen = XSTRLEN(b.output);
-
-    c.input  = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
-               "\xDD\xDD\xDD\xDD\xDD\xDD";
-    c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
-               "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
-               "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
-               "\xa3\x4f\x27";
-    c.inLen  = XSTRLEN(c.input);
-    c.outLen = XSTRLEN(c.output);
-
-    test_hmac[0] = a;
-    test_hmac[1] = b;
-    test_hmac[2] = c;
-
-    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
-    if (ret != 0)
-        return -20009;
-
-    for (i = 0; i < times; ++i) {
-#if defined(HAVE_FIPS)
-        if (i == 1)
-            continue; /* fips not allowed */
-#endif
-        ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i],
-            (word32)XSTRLEN(keys[i]));
-        if (ret != 0)
-            return -4023;
-        ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
-                   (word32)test_hmac[i].inLen);
-        if (ret != 0)
-            return -4024;
-        ret = wc_HmacFinal(&hmac, hash);
-        if (ret != 0)
-            return -4025;
-
-        if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
-            return -20 - i;
-    }
-
-    wc_HmacFree(&hmac);
-
-    return 0;
-}
-#endif
-
diff --git a/tests/include.am b/tests/include.am
index 5ed4fe40d..7b4e6f17e 100644
--- a/tests/include.am
+++ b/tests/include.am
@@ -8,16 +8,23 @@ noinst_PROGRAMS += tests/unit.test
 tests_unit_test_SOURCES = \
                   tests/unit.c \
                   tests/api.c \
+                  tests/utils.c \
+                  testsuite/utils.c \
                   tests/suites.c \
-                  tests/hash.c \
                   tests/w64wrapper.c \
                   tests/srp.c \
                   tests/quic.c \
                   examples/client/client.c \
                   examples/server/server.c
+
+if BUILD_WOLFCRYPT_TESTS
+tests_unit_test_SOURCES += wolfcrypt/test/test.c
+endif
+
 tests_unit_test_CFLAGS       = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(WOLFSENTRY_INCLUDE)
 tests_unit_test_LDADD        = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) $(WOLFSENTRY_LIB)
 tests_unit_test_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la
+include tests/api/include.am
 endif
 EXTRA_DIST += tests/unit.h \
               tests/test.conf \
@@ -27,11 +34,11 @@ EXTRA_DIST += tests/unit.h \
               tests/test-tls13-ecc.conf \
               tests/test-tls13-psk.conf \
               tests/test-tls13-pq.conf \
-              tests/test-tls13-pq-2.conf \
+              tests/test-tls13-pq-hybrid.conf \
               tests/test-dtls13-pq.conf \
               tests/test-dtls13-pq-frag.conf \
-              tests/test-dtls13-pq-2.conf \
-              tests/test-dtls13-pq-2-frag.conf \
+              tests/test-dtls13-pq-hybrid.conf \
+              tests/test-dtls13-pq-hybrid-frag.conf \
               tests/test-psk.conf \
               tests/test-psk-no-id.conf \
               tests/test-psk-no-id-sha2.conf \
diff --git a/tests/quic.c b/tests/quic.c
index bc93c4a7d..355b07f69 100644
--- a/tests/quic.c
+++ b/tests/quic.c
@@ -1,6 +1,6 @@
 /* quic.c QUIC unit tests
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,6 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
 #include <tests/unit.h>
 
 #ifdef WOLFSSL_QUIC
@@ -41,29 +34,51 @@
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/internal.h>
 
+#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+    #define DEFAULT_TLS_DIGEST_SZ WC_SHA384_DIGEST_SIZE
+#else
+    #define DEFAULT_TLS_DIGEST_SZ WC_SHA256_DIGEST_SIZE
+#endif
 
 #define testingFmt "   %s:"
 #define resultFmt  " %s\n"
-static const char* passed = "passed";
-static const char* failed = "failed";
+static const char* pass = "pass";
+static const char* fail = "fail";
 
 typedef struct {
     const char *name;
-    WOLFSSL_METHOD *method;
+    WOLFSSL_METHOD * (*method)(void);
     int is_server;
 } ctx_setups;
 
-static int dummy_set_encryption_secrets(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
-                                         const uint8_t *read_secret,
-                                         const uint8_t *write_secret, size_t secret_len)
+static int dummy_set_encryption_secrets(WOLFSSL *ssl,
+                                        WOLFSSL_ENCRYPTION_LEVEL level,
+                                        const uint8_t *read_secret,
+                                        const uint8_t *write_secret,
+                                        size_t secret_len)
 {
     (void)ssl;
     printf("QUIC_set_encryption_secrets(level=%d, length=%d, rx=%s, tx=%s)\n",
-           level, (int)secret_len, read_secret? "yes" : "no", write_secret? "yes" : "no");
+           level, (int)secret_len, read_secret? "yes" : "no",
+           write_secret? "yes" : "no");
     return 1;
 }
 
-static int dummy_add_handshake_data(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
+static int dummy_set_encryption_secrets_fail(WOLFSSL *ssl,
+                                             WOLFSSL_ENCRYPTION_LEVEL level,
+                                             const uint8_t *read_secret,
+                                             const uint8_t *write_secret,
+                                             size_t secret_len)
+{
+    (void)ssl;
+    printf("QUIC_set_encryption_secrets(level=%d, length=%d, rx=%s, tx=%s)\n",
+           level, (int)secret_len, read_secret? "yes" : "no",
+           write_secret? "yes" : "no");
+    return 0;
+}
+
+static int dummy_add_handshake_data(WOLFSSL *ssl,
+                                    WOLFSSL_ENCRYPTION_LEVEL level,
                                     const uint8_t *data, size_t len)
 {
     (void)ssl;
@@ -79,7 +94,8 @@ static int dummy_flush_flight(WOLFSSL *ssl)
     return 1;
 }
 
-static int dummy_send_alert(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t err)
+static int dummy_send_alert(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
+                            uint8_t err)
 {
     (void)ssl;
     printf("QUIC_send_alert(level=%d, err=%d)\n", level, err);
@@ -97,78 +113,82 @@ static WOLFSSL_QUIC_METHOD null_method = {
     NULL, NULL, NULL, NULL
 };
 
-static int test_set_quic_method(void) {
-    WOLFSSL_CTX *ctx;
-    WOLFSSL *ssl;
-    int ret = 0, i;
-    const uint8_t *data;
-    size_t data_len;
-    ctx_setups valids[] = {
+static ctx_setups valids[] = {
 #ifdef WOLFSSL_TLS13
-        { "TLSv1.3 server", wolfTLSv1_3_server_method(), 1},
-        { "TLSv1.3 client", wolfTLSv1_3_client_method(), 0},
+    { "TLSv1.3 server", wolfTLSv1_3_server_method, 1},
+    { "TLSv1.3 client", wolfTLSv1_3_client_method, 0},
 #endif
-        { NULL, NULL, 0}
-    };
-    ctx_setups invalids[] = {
+    { NULL, NULL, 0}
+};
+
+static ctx_setups invalids[] = {
 #ifndef WOLFSSL_NO_TLS12
-        { "TLSv1.2 server", wolfTLSv1_2_server_method(), 1},
-        { "TLSv1.2 client", wolfTLSv1_2_client_method(), 0},
+    { "TLSv1.2 server", wolfTLSv1_2_server_method, 1},
+    { "TLSv1.2 client", wolfTLSv1_2_client_method, 0},
 #endif
 #ifndef NO_OLD_TLS
-        { "TLSv1.1 server", wolfTLSv1_1_server_method(), 1},
-        { "TLSv1.1 client", wolfTLSv1_1_client_method(), 0},
+    { "TLSv1.1 server", wolfTLSv1_1_server_method, 1},
+    { "TLSv1.1 client", wolfTLSv1_1_client_method, 0},
 #endif
-        { NULL, NULL, 0}
-    };
+    { NULL, NULL, 0}
+};
+
+
+static int test_set_quic_method(void) {
+    EXPECT_DECLS;
+    WOLFSSL_CTX *   ctx = NULL;
+    WOLFSSL *       ssl = NULL;
+    int             i = 0;
+    const uint8_t * data = NULL;
+    size_t          data_len = 0;;
 
     for (i = 0; valids[i].name != NULL; ++i) {
-        AssertNotNull(ctx = wolfSSL_CTX_new(valids[i].method));
+        ExpectNotNull(ctx = wolfSSL_CTX_new(valids[i].method()));
         if (valids[i].is_server) {
-            AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
+            ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
                                                         WOLFSSL_FILETYPE_PEM));
-            AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
+            ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
                                                        WOLFSSL_FILETYPE_PEM));
         }
         /* ctx does not have quic enabled, so will SSL* derived from it */
-        AssertNotNull(ssl = wolfSSL_new(ctx));
-        AssertFalse(wolfSSL_is_quic(ssl));
+        ExpectNotNull(ssl = wolfSSL_new(ctx));
+        ExpectFalse(wolfSSL_is_quic(ssl));
         /* Enable quic on the SSL* */
-        AssertFalse(wolfSSL_set_quic_method(ssl, &null_method) == WOLFSSL_SUCCESS);
-        AssertTrue(wolfSSL_set_quic_method(ssl, &dummy_method) == WOLFSSL_SUCCESS);
-        AssertTrue(wolfSSL_is_quic(ssl));
+        ExpectFalse(wolfSSL_set_quic_method(ssl, &null_method) == WOLFSSL_SUCCESS);
+        ExpectTrue(wolfSSL_set_quic_method(ssl, &dummy_method) == WOLFSSL_SUCCESS);
+        ExpectTrue(wolfSSL_is_quic(ssl));
         /* Check some default, initial behaviour */
-        AssertTrue(wolfSSL_set_quic_transport_params(ssl, NULL, 0) == WOLFSSL_SUCCESS);
+        ExpectTrue(wolfSSL_set_quic_transport_params(ssl, NULL, 0) == WOLFSSL_SUCCESS);
         wolfSSL_get_peer_quic_transport_params(ssl, &data, &data_len);
-        AssertNull(data);
-        AssertTrue(data_len == 0);
-        AssertTrue(wolfSSL_quic_read_level(ssl) == wolfssl_encryption_initial);
-        AssertTrue(wolfSSL_quic_write_level(ssl) == wolfssl_encryption_initial);
-        AssertTrue(wolfSSL_get_quic_transport_version(ssl) == 0);
+        ExpectNull(data);
+        ExpectTrue(data_len == 0);
+        ExpectTrue(wolfSSL_quic_read_level(ssl) == wolfssl_encryption_initial);
+        ExpectTrue(wolfSSL_quic_write_level(ssl) == wolfssl_encryption_initial);
+        ExpectTrue(wolfSSL_get_quic_transport_version(ssl) == 0);
         wolfSSL_set_quic_transport_version(ssl, TLSX_KEY_QUIC_TP_PARAMS);
-        AssertTrue(wolfSSL_get_quic_transport_version(ssl) == TLSX_KEY_QUIC_TP_PARAMS);
+        ExpectTrue(wolfSSL_get_quic_transport_version(ssl) == TLSX_KEY_QUIC_TP_PARAMS);
         wolfSSL_set_quic_use_legacy_codepoint(ssl, 1);
-        AssertTrue(wolfSSL_get_quic_transport_version(ssl) == TLSX_KEY_QUIC_TP_PARAMS_DRAFT);
+        ExpectTrue(wolfSSL_get_quic_transport_version(ssl) == TLSX_KEY_QUIC_TP_PARAMS_DRAFT);
         wolfSSL_set_quic_use_legacy_codepoint(ssl, 0);
-        AssertTrue(wolfSSL_get_quic_transport_version(ssl) == TLSX_KEY_QUIC_TP_PARAMS);
+        ExpectTrue(wolfSSL_get_quic_transport_version(ssl) == TLSX_KEY_QUIC_TP_PARAMS);
         /* max flight len during stages of handhshake, we us 16k initial and on
          * app data, and during handshake allow larger for cert exchange. This is
          * more advisory for the network code. ngtcp2 has its own ideas, for example.
          */
         data_len = wolfSSL_quic_max_handshake_flight_len(ssl, wolfssl_encryption_initial);
-        AssertTrue(data_len == 16*1024);
+        ExpectTrue(data_len == 16*1024);
         data_len = wolfSSL_quic_max_handshake_flight_len(ssl, wolfssl_encryption_early_data);
-        AssertTrue(data_len == 0);
+        ExpectTrue(data_len == 0);
         data_len = wolfSSL_quic_max_handshake_flight_len(ssl, wolfssl_encryption_handshake);
-        AssertTrue(data_len >= 16*1024);
+        ExpectTrue(data_len >= 16*1024);
         data_len = wolfSSL_quic_max_handshake_flight_len(ssl, wolfssl_encryption_application);
-        AssertTrue(data_len == 16*1024);
+        ExpectTrue(data_len == 16*1024);
         wolfSSL_free(ssl);
         /* Enabled quic on the ctx */
-        AssertTrue(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS);
+        ExpectTrue(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS);
         /* It will be enabled on the SSL* */
-        AssertNotNull(ssl = wolfSSL_new(ctx));
-        AssertTrue(wolfSSL_is_quic(ssl));
+        ExpectNotNull(ssl = wolfSSL_new(ctx));
+        ExpectTrue(wolfSSL_is_quic(ssl));
         wolfSSL_free(ssl);
 
         wolfSSL_CTX_free(ctx);
@@ -176,24 +196,24 @@ static int test_set_quic_method(void) {
 
     for (i = 0; invalids[i].name != NULL; ++i) {
 
-        AssertNotNull(ctx = wolfSSL_CTX_new(invalids[i].method));
-        AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
+        ExpectNotNull(ctx = wolfSSL_CTX_new(invalids[i].method()));
+        ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
                                                     WOLFSSL_FILETYPE_PEM));
-        AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
+        ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
                                                    WOLFSSL_FILETYPE_PEM));
-        AssertFalse(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS);
-        AssertNotNull(ssl = wolfSSL_new(ctx));
-        AssertFalse(wolfSSL_set_quic_method(ssl, &dummy_method) == WOLFSSL_SUCCESS);
-        AssertFalse(wolfSSL_is_quic(ssl));
+        ExpectFalse(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS);
+        ExpectNotNull(ssl = wolfSSL_new(ctx));
+        ExpectFalse(wolfSSL_set_quic_method(ssl, &dummy_method) == WOLFSSL_SUCCESS);
+        ExpectFalse(wolfSSL_is_quic(ssl));
         /* even though not quic, this is the only level we can return */
-        AssertTrue(wolfSSL_quic_read_level(ssl) == wolfssl_encryption_initial);
-        AssertTrue(wolfSSL_quic_write_level(ssl) == wolfssl_encryption_initial);
+        ExpectTrue(wolfSSL_quic_read_level(ssl) == wolfssl_encryption_initial);
+        ExpectTrue(wolfSSL_quic_write_level(ssl) == wolfssl_encryption_initial);
         wolfSSL_free(ssl);
         wolfSSL_CTX_free(ctx);
     }
 
-    printf("    test_set_quic_method: %s\n", (ret == 0)? passed : failed);
-    return ret;
+    printf("    test_set_quic_method: %s\n", (EXPECT_SUCCESS()) ? pass : fail);
+    return EXPECT_RESULT();
 }
 
 static size_t fake_record(byte rtype, word32 rlen, uint8_t *rec)
@@ -262,14 +282,16 @@ static int provide_data(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
 }
 
 static int test_provide_quic_data(void) {
-    WOLFSSL_CTX *ctx;
-    WOLFSSL *ssl;
-    uint8_t lbuffer[16*1024];
-    size_t len;
-    int ret = 0;
+    EXPECT_DECLS;
+    WOLFSSL_CTX * ctx = NULL;
+    WOLFSSL *     ssl = NULL;
+    uint8_t       lbuffer[16*1024];
+    size_t        len = 0;
 
-    AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
-    AssertTrue(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS);
+    XMEMSET(lbuffer, 0, sizeof(lbuffer));
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectTrue(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS);
     /* provide_quic_data() feeds CRYPTO packets inside a QUIC Frame into
     * the TLSv1.3 state machine.
      * The data fed is not the QUIC frame, but the TLS record inside it.
@@ -279,114 +301,130 @@ static int test_provide_quic_data(void) {
      * - encryption level only ever increases for subsequent TLS records
      * - a TLS record is received complete before the encryption level increases
      */
-    AssertNotNull(ssl = wolfSSL_new(ctx));
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
     len = fake_record(1, 100, lbuffer);
-    AssertTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, len, 0));
+    ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, 1, 0));
+    ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer+1, 3, 0));
+    ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer+4, len, 0)
+            );
     len = fake_record(2, 1523, lbuffer);
-    AssertTrue(provide_data(ssl, wolfssl_encryption_handshake, lbuffer, len, 0));
+    ExpectTrue(provide_data(ssl, wolfssl_encryption_handshake, lbuffer, len, 0));
     len = fake_record(2, 1, lbuffer);
     len += fake_record(3, 190, lbuffer+len);
-    AssertTrue(provide_data(ssl, wolfssl_encryption_handshake, lbuffer, len, 0));
+    ExpectTrue(provide_data(ssl, wolfssl_encryption_handshake, lbuffer, len, 0));
     len = fake_record(5, 2049, lbuffer);
-    AssertTrue(provide_data(ssl, wolfssl_encryption_application, lbuffer, len, 0));
+    ExpectTrue(provide_data(ssl, wolfssl_encryption_application, lbuffer, len, 0));
     /* adding another record with decreased level must fail */
     len = fake_record(1, 100, lbuffer);
-    AssertTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, len, 1));
+    ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, len, 1));
     wolfSSL_free(ssl);
 
-    AssertNotNull(ssl = wolfSSL_new(ctx));
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
     len = fake_record(1, 100, lbuffer);
-    AssertTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, 24, 0));
+    ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, 24, 0));
     len = shift_record(lbuffer, len, 24);
     len += fake_record(2, 4000, lbuffer+len);
-    AssertTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, len - 99, 0));
+    ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, len - 99, 0));
     len = shift_record(lbuffer, len, len - 99);
     len += fake_record(5, 2049, lbuffer+len);
-    AssertTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, len, 0));
+    ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, len, 0));
     /* should be recognized as complete and level increase needs to be accepted */
     len = fake_record(2, 1, lbuffer);
     len += fake_record(3, 190, lbuffer+len);
-    AssertTrue(provide_data(ssl, wolfssl_encryption_handshake, lbuffer, len - 10, 0));
+    ExpectTrue(provide_data(ssl, wolfssl_encryption_handshake, lbuffer, len - 10, 0));
     len = shift_record(lbuffer, len, len - 10);
     /* Change level with incomplete record in lbuffer, needs to fail */
     len += fake_record(5, 8102, lbuffer+len);
-    AssertTrue(provide_data(ssl, wolfssl_encryption_application, lbuffer, len - 10, 1));
+    ExpectTrue(provide_data(ssl, wolfssl_encryption_application, lbuffer, len - 10, 1));
     wolfSSL_free(ssl);
 
     wolfSSL_CTX_free(ctx);
 
-    printf("    test_provide_quic_data: %s\n", (ret == 0)? passed : failed);
-    return 0;
+    printf("    test_provide_quic_data: %s\n", (EXPECT_SUCCESS()) ? pass : fail);
+    return EXPECT_RESULT();
 }
 
 
 static int test_quic_crypt(void) {
-    WOLFSSL_CTX *ctx;
-    WOLFSSL *ssl;
-    const WOLFSSL_EVP_CIPHER *aead_cipher;
-    int ret = 0;
+    EXPECT_DECLS;
+    WOLFSSL_CTX * ctx = NULL;
+    WOLFSSL *     ssl = NULL;
+    const WOLFSSL_EVP_CIPHER * aead_cipher = NULL;
+    /* check that our enc-/decrypt support in quic rount-trips */
+    static const uint8_t key[16] =
+    {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+     0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff};
+    static const uint8_t aad[] =
+    {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19};
+    static const uint8_t iv[] =
+    {20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
+    static const uint8_t plaintext[] =
+    "hello world\nhello world\nhello world\nhello world\nhello world\n"
+    "hello world\nhello world\n";
+    static const uint8_t expected[] =
+    {0xd3, 0xa8, 0x1d, 0x96, 0x4c, 0x9b, 0x02, 0xd7,
+     0x9a, 0xb0, 0x41, 0x07, 0x4c, 0x8c, 0xe2, 0xe0,
+     0x2e, 0x83, 0x54, 0x52, 0x45, 0xcb, 0xd4, 0x68,
+     0xc8, 0x43, 0x45, 0xca, 0x91, 0xfb, 0xa3, 0x7a,
+     0x67, 0xed, 0xe8, 0xd7, 0x5e, 0xe2, 0x33, 0xd1,
+     0x3e, 0xbf, 0x50, 0xc2, 0x4b, 0x86, 0x83, 0x55,
+     0x11, 0xbb, 0x17, 0x4f, 0xf5, 0x78, 0xb8, 0x65,
+     0xeb, 0x9a, 0x2b, 0x8f, 0x77, 0x08, 0xa9, 0x60,
+     0x17, 0x73, 0xc5, 0x07, 0xf3, 0x04, 0xc9, 0x3f,
+     0x67, 0x4d, 0x12, 0xa1, 0x02, 0x93, 0xc2, 0x3c,
+     0xd3, 0xf8, 0x59, 0x33, 0xd5, 0x01, 0xc3, 0xbb,
+     0xaa, 0xe6, 0x3f, 0xbb, 0x23, 0x66, 0x94, 0x26,
+     0x28, 0x43, 0xa5, 0xfd, 0x2f};
+    WOLFSSL_EVP_CIPHER_CTX * enc_ctx = NULL;
+    WOLFSSL_EVP_CIPHER_CTX * dec_ctx = NULL;
+    uint8_t * encrypted = NULL;
+    uint8_t * decrypted = NULL;
+    size_t tag_len = 0;
+    size_t enc_len = 0;
+    size_t dec_len = 0;
 
-    AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
-    AssertTrue(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS);
-    AssertNotNull(ssl = wolfSSL_new(ctx));
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectTrue(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS);
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
 
     /* don't have an AEAD cipher selected before start */
-    AssertTrue(wolfSSL_CIPHER_get_id(wolfSSL_get_current_cipher(ssl)) == 0);
-    AssertNotNull(aead_cipher = wolfSSL_EVP_aes_128_gcm());
-    AssertTrue(wolfSSL_quic_aead_is_gcm(aead_cipher) != 0);
-    AssertTrue(wolfSSL_quic_aead_is_ccm(aead_cipher) == 0);
-    AssertTrue(wolfSSL_quic_aead_is_chacha20(aead_cipher) == 0);
+    ExpectTrue(wolfSSL_CIPHER_get_id(wolfSSL_get_current_cipher(ssl)) == 0);
+    ExpectNotNull(aead_cipher = wolfSSL_EVP_aes_128_gcm());
+    ExpectTrue(wolfSSL_quic_aead_is_gcm(aead_cipher) != 0);
+    ExpectTrue(wolfSSL_quic_aead_is_ccm(aead_cipher) == 0);
+    ExpectTrue(wolfSSL_quic_aead_is_chacha20(aead_cipher) == 0);
 
-    if (1) {
-        /* check that our enc-/decrypt support in quic rount-trips */
-        static const uint8_t key[16] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-                                        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff};
-        static const uint8_t aad[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19};
-        static const uint8_t iv[] = {20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
-        static const uint8_t plaintext[] = "hello world\nhello world\nhello world\nhello world\nhello world\nhello world\nhello world\n";
-        static const uint8_t expected[] = {0xd3, 0xa8, 0x1d, 0x96, 0x4c, 0x9b, 0x02, 0xd7, 0x9a, 0xb0, 0x41, 0x07, 0x4c, 0x8c, 0xe2,
-                                           0xe0, 0x2e, 0x83, 0x54, 0x52, 0x45, 0xcb, 0xd4, 0x68, 0xc8, 0x43, 0x45, 0xca, 0x91, 0xfb,
-                                           0xa3, 0x7a, 0x67, 0xed, 0xe8, 0xd7, 0x5e, 0xe2, 0x33, 0xd1, 0x3e, 0xbf, 0x50, 0xc2, 0x4b,
-                                           0x86, 0x83, 0x55, 0x11, 0xbb, 0x17, 0x4f, 0xf5, 0x78, 0xb8, 0x65, 0xeb, 0x9a, 0x2b, 0x8f,
-                                           0x77, 0x08, 0xa9, 0x60, 0x17, 0x73, 0xc5, 0x07, 0xf3, 0x04, 0xc9, 0x3f, 0x67, 0x4d, 0x12,
-                                           0xa1, 0x02, 0x93, 0xc2, 0x3c, 0xd3, 0xf8, 0x59, 0x33, 0xd5, 0x01, 0xc3, 0xbb, 0xaa, 0xe6,
-                                           0x3f, 0xbb, 0x23, 0x66, 0x94, 0x26, 0x28, 0x43, 0xa5, 0xfd, 0x2f};
-        WOLFSSL_EVP_CIPHER_CTX *enc_ctx, *dec_ctx;
-        uint8_t *encrypted, *decrypted;
-        size_t tag_len, enc_len, dec_len;
+    tag_len = wolfSSL_quic_get_aead_tag_len(aead_cipher);
+    ExpectTrue(tag_len == 16);
+    dec_len = sizeof(plaintext);
+    enc_len = dec_len + tag_len;
+    encrypted = (uint8_t*)XMALLOC(enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(encrypted);
+    decrypted = (uint8_t*)XMALLOC(dec_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ExpectNotNull(decrypted);
 
-        AssertTrue((tag_len = wolfSSL_quic_get_aead_tag_len(aead_cipher)) == 16);
-        dec_len = sizeof(plaintext);
-        enc_len = dec_len + tag_len;
-        encrypted = (uint8_t*)XMALLOC(enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        AssertNotNull(encrypted);
-        decrypted = (uint8_t*)XMALLOC(dec_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        AssertNotNull(decrypted);
+    ExpectNotNull(enc_ctx = wolfSSL_quic_crypt_new(aead_cipher, key, iv, 1));
+    ExpectTrue(wolfSSL_quic_aead_encrypt(encrypted, enc_ctx,
+                                         plaintext, sizeof(plaintext),
+                                         NULL, aad, sizeof(aad)) == WOLFSSL_SUCCESS);
+    ExpectTrue(memcmp(expected, encrypted, dec_len) == 0);
+    ExpectTrue(memcmp(expected+dec_len, encrypted+dec_len, tag_len) == 0);
 
-        AssertNotNull(enc_ctx = wolfSSL_quic_crypt_new(aead_cipher, key, iv, 1));
-        AssertTrue(wolfSSL_quic_aead_encrypt(encrypted, enc_ctx,
-                                             plaintext, sizeof(plaintext),
-                                             NULL, aad, sizeof(aad)) == WOLFSSL_SUCCESS);
-        AssertTrue(memcmp(expected, encrypted, dec_len) == 0);
-        AssertTrue(memcmp(expected+dec_len, encrypted+dec_len, tag_len) == 0);
+    ExpectNotNull(dec_ctx = wolfSSL_quic_crypt_new(aead_cipher, key, iv, 0));
+    ExpectTrue(wolfSSL_quic_aead_decrypt(decrypted, dec_ctx,
+                                         encrypted, enc_len,
+                                         NULL, aad, sizeof(aad)) == WOLFSSL_SUCCESS);
+    ExpectTrue(memcmp(plaintext, decrypted, dec_len) == 0);
 
-        AssertNotNull(dec_ctx = wolfSSL_quic_crypt_new(aead_cipher, key, iv, 0));
-        AssertTrue(wolfSSL_quic_aead_decrypt(decrypted, dec_ctx,
-                                             encrypted, enc_len,
-                                             NULL, aad, sizeof(aad)) == WOLFSSL_SUCCESS);
-        AssertTrue(memcmp(plaintext, decrypted, dec_len) == 0);
-
-        XFREE(encrypted, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        XFREE(decrypted, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        wolfSSL_EVP_CIPHER_CTX_free(enc_ctx);
-        wolfSSL_EVP_CIPHER_CTX_free(dec_ctx);
-    }
+    XFREE(encrypted, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(decrypted, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    wolfSSL_EVP_CIPHER_CTX_free(enc_ctx);
+    wolfSSL_EVP_CIPHER_CTX_free(dec_ctx);
 
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
-
-    printf("    test_quic_crypt: %s\n", (ret == 0)? passed : failed);
-    return ret;
+    printf("    test_quic_crypt: %s\n", (EXPECT_SUCCESS()) ? pass : fail);
+    return EXPECT_RESULT();
 }
 
 typedef struct OutputBuffer {
@@ -415,13 +453,16 @@ typedef struct {
     word32 session_len;
 } QuicTestContext;
 
-static int ctx_set_encryption_secrets(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
+static int ctx_set_encryption_secrets(WOLFSSL *ssl,
+                                      WOLFSSL_ENCRYPTION_LEVEL level,
                                       const uint8_t *read_secret,
-                                      const uint8_t *write_secret, size_t secret_len);
+                                      const uint8_t *write_secret,
+                                      size_t secret_len);
 static int ctx_add_handshake_data(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
                                   const uint8_t *data, size_t len);
 static int ctx_flush_flight(WOLFSSL *ssl);
-static int ctx_send_alert(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t err);
+static int ctx_send_alert(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
+                          uint8_t err);
 #ifdef HAVE_SESSION_TICKET
 static int ctx_session_ticket_cb(WOLFSSL* ssl,
                                  const unsigned char* ticket, int ticketSz,
@@ -435,6 +476,13 @@ static WOLFSSL_QUIC_METHOD ctx_method = {
     ctx_send_alert,
 };
 
+static WOLFSSL_QUIC_METHOD ctx_method_fail = {
+    dummy_set_encryption_secrets_fail,
+    ctx_add_handshake_data,
+    ctx_flush_flight,
+    ctx_send_alert,
+};
+
 static void QuicTestContext_init(QuicTestContext *tctx, WOLFSSL_CTX *ctx,
                                  const char *name, int verbose)
 {
@@ -461,6 +509,36 @@ static void QuicTestContext_init(QuicTestContext *tctx, WOLFSSL_CTX *ctx,
         wolfSSL_set_quic_transport_version(tctx->ssl, 0);
         wolfSSL_set_quic_transport_params(tctx->ssl, tp_params_c, sizeof(tp_params_c));
     }
+    (void)ctx_method;
+}
+
+static void QuicTestContext_init_fail_cb(QuicTestContext *tctx, WOLFSSL_CTX *ctx,
+                                 const char *name, int verbose)
+{
+    static const byte tp_params_c[] = {0, 1, 2, 3, 4, 5, 6, 7};
+    static const byte tp_params_s[] = {7, 6, 5, 4, 3, 2, 1, 0, 1};
+
+    AssertNotNull(tctx);
+    memset(tctx, 0, sizeof(*tctx));
+    tctx->name = name;
+    AssertNotNull((tctx->ssl = wolfSSL_new(ctx)));
+    tctx->verbose = verbose;
+    wolfSSL_set_app_data(tctx->ssl, tctx);
+    AssertTrue(wolfSSL_set_quic_method(tctx->ssl, &ctx_method_fail) == WOLFSSL_SUCCESS);
+    wolfSSL_set_verify(tctx->ssl, SSL_VERIFY_NONE, 0);
+#ifdef HAVE_SESSION_TICKET
+    wolfSSL_UseSessionTicket(tctx->ssl);
+    wolfSSL_set_SessionTicket_cb(tctx->ssl, ctx_session_ticket_cb, NULL);
+#endif
+    if (wolfSSL_is_server(tctx->ssl)) {
+        wolfSSL_set_quic_transport_version(tctx->ssl, 0);
+        wolfSSL_set_quic_transport_params(tctx->ssl, tp_params_s, sizeof(tp_params_s));
+    }
+    else {
+        wolfSSL_set_quic_transport_version(tctx->ssl, 0);
+        wolfSSL_set_quic_transport_params(tctx->ssl, tp_params_c, sizeof(tp_params_c));
+    }
+    (void)ctx_method;
 }
 
 static void QuicTestContext_free(QuicTestContext *tctx)
@@ -548,7 +626,7 @@ static int ctx_send_alert(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t
     if (ctx->verbose) {
         printf("[%s] send_alert: level=%d, err=%d\n", ctx->name, level, err);
     }
-    ctx->alert_level = level;
+    ctx->alert_level = (int)level;
     ctx->alert = alert;
     return 1;
 }
@@ -564,7 +642,8 @@ static int ctx_session_ticket_cb(WOLFSSL* ssl,
 
     (void)cb_ctx;
     if (ticketSz < 0 || (size_t)ticketSz > sizeof(ctx->ticket)) {
-        printf("SESSION TICKET callback: ticket given is too large: %d bytes\n", ticketSz);
+        printf("SESSION TICKET callback: ticket given is too large: %d bytes\n",
+               ticketSz);
         return 1;
     }
     memset(ctx->ticket, 0, sizeof(ctx->ticket));
@@ -583,7 +662,8 @@ static void ctx_dump_output(QuicTestContext *ctx)
     dump_buffer("Output", ctx->output.data, ctx->output.len, 0);
 }
 
-static void check_handshake_record(const byte *data, size_t data_len, int *ptype, size_t *prlen)
+static void check_handshake_record(const byte *data, size_t data_len,
+                                   int *ptype, size_t *prlen)
 {
     word32 rlen;
     AssertTrue(data_len >= HANDSHAKE_HEADER_SZ);
@@ -643,7 +723,8 @@ static void ext_equals(const byte *data, size_t data_len, int ext_type,
     AssertTrue(memcmp(ext + 4, exp_data, exp_len) == 0);
 }
 
-static void check_quic_client_hello(const byte *data, size_t data_len, int verbose, int indent)
+static void check_quic_client_hello(const byte *data, size_t data_len,
+                                    int verbose, int indent)
 {
     size_t idx;
     word16 len16;
@@ -686,7 +767,8 @@ static void check_quic_client_hello(const byte *data, size_t data_len, int verbo
     }
 }
 
-static void check_quic_client_hello_tp(OutputBuffer *out, int tp_v1, int tp_draft)
+static void check_quic_client_hello_tp(OutputBuffer *out, int tp_v1,
+                                       int tp_draft)
 {
     size_t idx;
     word16 len16;
@@ -713,7 +795,8 @@ static void check_quic_client_hello_tp(OutputBuffer *out, int tp_v1, int tp_draf
     AssertTrue(!ext_has(exts, exts_len, TLSX_KEY_QUIC_TP_PARAMS_DRAFT) == !tp_draft);
 }
 
-static void check_secrets(QuicTestContext *ctx, WOLFSSL_ENCRYPTION_LEVEL level, size_t rx_len, size_t tx_len)
+static void check_secrets(QuicTestContext *ctx, WOLFSSL_ENCRYPTION_LEVEL level,
+                          size_t rx_len, size_t tx_len)
 {
     int idx = (int)level;
     AssertTrue(idx < 4);
@@ -728,11 +811,14 @@ static void assert_secrets_EQ(QuicTestContext *ctx1, QuicTestContext *ctx2,
     /* rx secrets are the other ones tx secrets */
     AssertIntEQ(ctx1->rx_secret_len[idx], ctx2->tx_secret_len[idx]);
     AssertIntEQ(ctx1->tx_secret_len[idx], ctx2->rx_secret_len[idx]);
-    AssertIntEQ(memcmp(ctx1->rx_secret[idx], ctx2->tx_secret[idx], ctx1->rx_secret_len[idx]), 0);
-    AssertIntEQ(memcmp(ctx1->tx_secret[idx], ctx2->rx_secret[idx], ctx1->tx_secret_len[idx]), 0);
+    AssertIntEQ(memcmp(ctx1->rx_secret[idx], ctx2->tx_secret[idx],
+                ctx1->rx_secret_len[idx]), 0);
+    AssertIntEQ(memcmp(ctx1->tx_secret[idx], ctx2->rx_secret[idx],
+                ctx1->tx_secret_len[idx]), 0);
 }
 
-static void check_ee(const byte *data, size_t data_len, int verbose, int indent)
+static void check_ee(const byte *data, size_t data_len, int verbose,
+                     int indent)
 {
     size_t rec_len, exts_len, idx;
     word16 len16;
@@ -753,7 +839,8 @@ static void check_ee(const byte *data, size_t data_len, int verbose, int indent)
     }
 }
 
-static void check_quic_server_hello(const byte *data, size_t data_len, int verbose, int indent)
+static void check_quic_server_hello(const byte *data, size_t data_len,
+                                    int verbose, int indent)
 {
     size_t idx;
     word16 len16, cipher;
@@ -793,7 +880,8 @@ static void check_quic_server_hello(const byte *data, size_t data_len, int verbo
                ext_sup_version, sizeof(ext_sup_version));
 }
 
-static void check_crypto_rec(const byte *data, size_t data_len, int verbose, int indent)
+static void check_crypto_rec(const byte *data, size_t data_len, int verbose,
+                             int indent)
 {
     size_t rec_len;
     int rec_type;
@@ -804,7 +892,9 @@ static void check_crypto_rec(const byte *data, size_t data_len, int verbose, int
     }
 }
 
-static void check_crypto_records(QuicTestContext *from, OutputBuffer *out, int indent, char *rec_log, size_t rec_log_size)
+static void check_crypto_records(QuicTestContext *from, OutputBuffer *out,
+                                 int indent, char *rec_log,
+                                 size_t rec_log_size)
 {
     const byte *data = out->data;
     size_t data_len = out->len;
@@ -865,7 +955,8 @@ static void check_crypto_records(QuicTestContext *from, OutputBuffer *out, int i
     }
 }
 
-static void QuicTestContext_forward(QuicTestContext *from, QuicTestContext *to, char *rec_log, size_t rec_log_size)
+static void QuicTestContext_forward(QuicTestContext *from, QuicTestContext *to,
+                                    char *rec_log, size_t rec_log_size)
 {
     int ret;
     OutputBuffer *out, *old;
@@ -877,12 +968,15 @@ static void QuicTestContext_forward(QuicTestContext *from, QuicTestContext *to,
                    from->name, to->name, (int)out->len, out->level);
         }
         if (out->level == wolfssl_encryption_early_data) {
-            if (from->verbose) dump_buffer("EarlyData", out->data, out->len, 4);
+            if (from->verbose) {
+                dump_buffer("EarlyData", out->data, out->len, 4);
+            }
         }
         else {
             check_crypto_records(from, out, 4, rec_log, rec_log_size);
         }
-        ret = wolfSSL_provide_quic_data(to->ssl, out->level, out->data, out->len);
+        ret = wolfSSL_provide_quic_data(to->ssl, out->level, out->data,
+                                        out->len);
         out->len = 0;
         AssertIntEQ(ret, WOLFSSL_SUCCESS);
         if (out->next) {
@@ -906,7 +1000,8 @@ typedef struct {
 } QuicConversation;
 
 static void QuicConversation_init(QuicConversation *conv,
-                                  QuicTestContext *tclient, QuicTestContext *tserver)
+                                  QuicTestContext *tclient,
+                                  QuicTestContext *tserver)
 {
     memset(conv, 0, sizeof(*conv));
     conv->client = tclient;
@@ -922,16 +1017,19 @@ static int QuicConversation_start(QuicConversation *conv, const byte *data,
     AssertFalse(conv->started);
 
     if (conv->verbose) {
-        printf("[%s <-> %s] starting\n", conv->client->name, conv->server->name);
+        printf("[%s <-> %s] starting\n", conv->client->name,
+               conv->server->name);
     }
     if (data && data_len > 0) {
 #ifdef WOLFSSL_EARLY_DATA
         int written;
-        ret = wolfSSL_write_early_data(conv->client->ssl, data, (int)data_len, &written);
+        ret = wolfSSL_write_early_data(conv->client->ssl, data, (int)data_len,
+                                       &written);
         if (ret < 0) {
             int err = wolfSSL_get_error(conv->client->ssl, ret);
             char lbuffer[1024];
-            printf("EARLY DATA ret = %d, error = %d, %s\n", ret, err, wolfSSL_ERR_error_string((unsigned long)err, lbuffer));
+            printf("EARLY DATA ret = %d, error = %d, %s\n", ret, err,
+                   wolfSSL_ERR_error_string((unsigned long)err, lbuffer));
             AssertTrue(0);
         }
         *pwritten = (size_t)written;
@@ -944,7 +1042,8 @@ static int QuicConversation_start(QuicConversation *conv, const byte *data,
     else {
         ret = wolfSSL_connect(conv->client->ssl);
         if (ret != WOLFSSL_SUCCESS) {
-            AssertIntEQ(wolfSSL_get_error(conv->client->ssl, 0), SSL_ERROR_WANT_READ);
+            AssertIntEQ(wolfSSL_get_error(conv->client->ssl, 0),
+                        WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
         }
         if (pwritten) *pwritten = 0;
     }
@@ -958,25 +1057,31 @@ static int QuicConversation_step(QuicConversation *conv, int may_fail)
 
     if (!conv->started) {
         n = wolfSSL_connect(conv->client->ssl);
-        if (n != WOLFSSL_SUCCESS
-            && wolfSSL_get_error(conv->client->ssl, 0) != SSL_ERROR_WANT_READ) {
+        if ((n != WOLFSSL_SUCCESS) &&
+            (wolfSSL_get_error(conv->client->ssl, 0) !=
+            WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ))) {
             if (may_fail) return 0;
-            AssertIntEQ(SSL_ERROR_WANT_READ, wolfSSL_get_error(conv->client->ssl, 0));
+            AssertIntEQ(WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ),
+                        wolfSSL_get_error(conv->client->ssl, 0));
         }
         conv->started = 1;
     }
     if (conv->server->output.len > 0) {
-        QuicTestContext_forward(conv->server, conv->client, conv->rec_log, sizeof(conv->rec_log));
+        QuicTestContext_forward(conv->server, conv->client, conv->rec_log,
+                                sizeof(conv->rec_log));
         n = wolfSSL_quic_read_write(conv->client->ssl);
-        if (n != WOLFSSL_SUCCESS
-            && wolfSSL_get_error(conv->client->ssl, 0) != SSL_ERROR_WANT_READ) {
+        if ((n != WOLFSSL_SUCCESS) &&
+            (wolfSSL_get_error(conv->client->ssl, 0) !=
+             WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ))) {
             if (may_fail) return 0;
-            AssertIntEQ(SSL_ERROR_WANT_READ, wolfSSL_get_error(conv->client->ssl, 0));
+            AssertIntEQ(WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ),
+                        wolfSSL_get_error(conv->client->ssl, 0));
         }
         return 1;
     }
     else if (conv->client->output.len > 0) {
-        QuicTestContext_forward(conv->client, conv->server, conv->rec_log, sizeof(conv->rec_log));
+        QuicTestContext_forward(conv->client, conv->server, conv->rec_log,
+                                sizeof(conv->rec_log));
 #ifdef WOLFSSL_EARLY_DATA
         if (conv->accept_early_data) {
             int written;
@@ -985,15 +1090,17 @@ static int QuicConversation_step(QuicConversation *conv, int may_fail)
                                         (int)(sizeof(conv->early_data) - conv->early_data_len),
                                         &written);
             if (n < 0) {
-                if (wolfSSL_get_error(conv->server->ssl, 0) != SSL_ERROR_WANT_READ) {
+                if (wolfSSL_get_error(conv->server->ssl, 0) != WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)) {
                     if (may_fail) return 0;
-                    AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0), SSL_ERROR_WANT_READ);
+                    AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0),
+                                WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
                 }
             }
             else if (n > 0) {
                 conv->early_data_len += (size_t)n;
                 if (conv->verbose)
-                    printf("RECVed early data, len now=%d\n", (int)conv->early_data_len);
+                    printf("RECVed early data, len now=%d\n",
+                           (int)conv->early_data_len);
             }
         }
         else
@@ -1001,9 +1108,10 @@ static int QuicConversation_step(QuicConversation *conv, int may_fail)
         {
             n = wolfSSL_quic_read_write(conv->server->ssl);
             if (n != WOLFSSL_SUCCESS
-                && wolfSSL_get_error(conv->server->ssl, 0) != SSL_ERROR_WANT_READ) {
+                && wolfSSL_get_error(conv->server->ssl, 0) != WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)) {
                 if (may_fail) return 0;
-                AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0), SSL_ERROR_WANT_READ);
+                AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0),
+                            WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
             }
         }
         return 1;
@@ -1053,19 +1161,20 @@ static void QuicConversation_fail(QuicConversation *conv)
 #endif /* HAVE_SESSION_TICKET */
 
 static int test_quic_client_hello(int verbose) {
-    WOLFSSL_CTX *ctx;
-    int ret = 0;
+    EXPECT_DECLS;
+    WOLFSSL_CTX * ctx = NULL;
     QuicTestContext tctx;
 
     (void)ctx_dump_output;
 
-    AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
 
     QuicTestContext_init(&tctx, ctx, "client", verbose);
     /* Without any QUIC transport params, this needs to fail */
-    AssertTrue(wolfSSL_set_quic_transport_params(tctx.ssl, NULL, 0) == WOLFSSL_SUCCESS);
-    AssertTrue(wolfSSL_quic_read_write(tctx.ssl) != 0);
-    AssertIntEQ(wolfSSL_get_error(tctx.ssl, 0), QUIC_TP_MISSING_E);
+    ExpectTrue(wolfSSL_set_quic_transport_params(tctx.ssl, NULL, 0) == WOLFSSL_SUCCESS);
+    ExpectTrue(wolfSSL_quic_read_write(tctx.ssl) != 0);
+    ExpectIntEQ(wolfSSL_get_error(tctx.ssl, 0),
+                WC_NO_ERR_TRACE(QUIC_TP_MISSING_E));
     QuicTestContext_free(&tctx);
 
     /* Set transport params, expect both extensions */
@@ -1074,48 +1183,53 @@ static int test_quic_client_hello(int verbose) {
     wolfSSL_UseSNI(tctx.ssl, WOLFSSL_SNI_HOST_NAME,
                    "wolfssl.com", sizeof("wolfssl.com")-1);
 #endif
-    AssertTrue(wolfSSL_connect(tctx.ssl) != 0);
-    AssertIntEQ(wolfSSL_get_error(tctx.ssl, 0), SSL_ERROR_WANT_READ);
+    ExpectTrue(wolfSSL_connect(tctx.ssl) != 0);
+    ExpectIntEQ(wolfSSL_get_error(tctx.ssl, 0),
+                WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
     check_quic_client_hello_tp(&tctx.output, 1, 1);
     QuicTestContext_free(&tctx);
 
     /* Set transport params v1, expect v1 extension */
     QuicTestContext_init(&tctx, ctx, "client", verbose);
     wolfSSL_set_quic_transport_version(tctx.ssl, TLSX_KEY_QUIC_TP_PARAMS);
-    AssertTrue(wolfSSL_connect(tctx.ssl) != 0);
+    ExpectTrue(wolfSSL_connect(tctx.ssl) != 0);
     check_quic_client_hello_tp(&tctx.output, 1, 0);
     QuicTestContext_free(&tctx);
 
     /* Set transport params draft, expect draft extension */
     QuicTestContext_init(&tctx, ctx, "client", verbose);
-    wolfSSL_set_quic_transport_version(tctx.ssl, TLSX_KEY_QUIC_TP_PARAMS_DRAFT);
-    AssertTrue(wolfSSL_connect(tctx.ssl) != 0);
+    wolfSSL_set_quic_transport_version(tctx.ssl,
+                                       TLSX_KEY_QUIC_TP_PARAMS_DRAFT);
+    ExpectTrue(wolfSSL_connect(tctx.ssl) != 0);
     check_quic_client_hello_tp(&tctx.output, 0, 1);
     QuicTestContext_free(&tctx);
 
     /* Set transport params 0, expect both extension */
     QuicTestContext_init(&tctx, ctx, "client", verbose);
     wolfSSL_set_quic_transport_version(tctx.ssl, 0);
-    AssertTrue(wolfSSL_connect(tctx.ssl) != 0);
+    ExpectTrue(wolfSSL_connect(tctx.ssl) != 0);
     check_quic_client_hello_tp(&tctx.output, 1, 1);
     QuicTestContext_free(&tctx);
 
     wolfSSL_CTX_free(ctx);
-    printf("    test_quic_client_hello: %s\n", (ret == 0)? passed : failed);
+    printf("    test_quic_client_hello: %s\n", EXPECT_SUCCESS() ? pass : fail);
 
-    return ret;
+    return EXPECT_RESULT();
 }
 
 static int test_quic_server_hello(int verbose) {
-    WOLFSSL_CTX *ctx_c, *ctx_s;
-    int ret = 0;
+    EXPECT_DECLS;
+    WOLFSSL_CTX * ctx_c = NULL;
+    WOLFSSL_CTX * ctx_s = NULL;
     QuicTestContext tclient, tserver;
     QuicConversation conv;
 
-    AssertNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
-    AssertNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
-    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, WOLFSSL_FILETYPE_PEM));
-    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
+    ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile,
+                                                WOLFSSL_FILETYPE_PEM));
+    ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile,
+                                               WOLFSSL_FILETYPE_PEM));
 
     /* setup ssls */
     QuicTestContext_init(&tclient, ctx_c, "client", verbose);
@@ -1126,45 +1240,50 @@ static int test_quic_server_hello(int verbose) {
     QuicConversation_step(&conv, 0);
     /* check established/missing secrets */
     check_secrets(&tserver, wolfssl_encryption_initial, 0, 0);
-    check_secrets(&tserver, wolfssl_encryption_handshake, 32, 32);
-    check_secrets(&tserver, wolfssl_encryption_application, 32, 32);
+    check_secrets(&tserver, wolfssl_encryption_handshake,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
+    check_secrets(&tserver, wolfssl_encryption_application,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
     check_secrets(&tclient, wolfssl_encryption_handshake, 0, 0);
     /* feed the server data to the client */
     QuicConversation_step(&conv, 0);
     /* client has generated handshake secret */
-    check_secrets(&tclient, wolfssl_encryption_handshake, 32, 32);
+    check_secrets(&tclient, wolfssl_encryption_handshake,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
     /* continue the handshake till done */
     conv.started = 1;
     /* run till end */
     QuicConversation_do(&conv);
-    AssertIntEQ(tclient.output.len, 0);
-    AssertIntEQ(tserver.output.len, 0);
+    ExpectIntEQ(tclient.output.len, 0);
+    ExpectIntEQ(tserver.output.len, 0);
     /* what have we seen? */
 #ifdef HAVE_SESSION_TICKET
-    AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
+    ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
         "Certificate:CertificateVerify:Finished:Finished:SessionTicket");
 #else
-    AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
+    ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
         "Certificate:CertificateVerify:Finished:Finished");
 #endif
     /* we are at application encryption level */
-    AssertTrue(wolfSSL_quic_read_level(tclient.ssl) == wolfssl_encryption_application);
-    AssertTrue(wolfSSL_quic_write_level(tclient.ssl) == wolfssl_encryption_application);
-    AssertTrue(wolfSSL_quic_read_level(tserver.ssl) == wolfssl_encryption_application);
-    AssertTrue(wolfSSL_quic_write_level(tserver.ssl) == wolfssl_encryption_application);
+    ExpectTrue(wolfSSL_quic_read_level(tclient.ssl) == wolfssl_encryption_application);
+    ExpectTrue(wolfSSL_quic_write_level(tclient.ssl) == wolfssl_encryption_application);
+    ExpectTrue(wolfSSL_quic_read_level(tserver.ssl) == wolfssl_encryption_application);
+    ExpectTrue(wolfSSL_quic_write_level(tserver.ssl) == wolfssl_encryption_application);
     /* the last client write (FINISHED) was at handshake level */
-    AssertTrue(tclient.output.level == wolfssl_encryption_handshake);
+    ExpectTrue(tclient.output.level == wolfssl_encryption_handshake);
     /* we have the app secrets */
-    check_secrets(&tclient, wolfssl_encryption_application, 32, 32);
-    check_secrets(&tserver, wolfssl_encryption_application, 32, 32);
+    check_secrets(&tclient, wolfssl_encryption_application,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
+    check_secrets(&tserver, wolfssl_encryption_application,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
     /* verify client and server have the same secrets established */
     assert_secrets_EQ(&tclient, &tserver, wolfssl_encryption_handshake);
     assert_secrets_EQ(&tclient, &tserver, wolfssl_encryption_application);
     /* AEAD cipher should be known */
-    AssertNotNull(wolfSSL_quic_get_aead(tclient.ssl));
-    AssertNotNull(wolfSSL_quic_get_aead(tserver.ssl));
+    ExpectNotNull(wolfSSL_quic_get_aead(tclient.ssl));
+    ExpectNotNull(wolfSSL_quic_get_aead(tserver.ssl));
     /* What was negiotiated and is it the same? */
-    AssertIntEQ(wolfSSL_get_peer_quic_transport_version(tclient.ssl),
+    ExpectIntEQ(wolfSSL_get_peer_quic_transport_version(tclient.ssl),
                 wolfSSL_get_peer_quic_transport_version(tserver.ssl));
 
     QuicTestContext_free(&tclient);
@@ -1172,9 +1291,55 @@ static int test_quic_server_hello(int verbose) {
 
     wolfSSL_CTX_free(ctx_c);
     wolfSSL_CTX_free(ctx_s);
-    printf("    test_quic_server_hello: %s\n", (ret == 0)? passed : failed);
+    printf("    test_quic_server_hello: %s\n", EXPECT_RESULT() ? pass : fail);
+    return EXPECT_RESULT();
+}
 
-    return ret;
+static int test_quic_server_hello_fail(int verbose) {
+    EXPECT_DECLS;
+    WOLFSSL_CTX * ctx_c = NULL;
+    WOLFSSL_CTX * ctx_s = NULL;
+    QuicTestContext tclient, tserver;
+    QuicConversation conv;
+
+    ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
+    ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile,
+                                                WOLFSSL_FILETYPE_PEM));
+    ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile,
+                                               WOLFSSL_FILETYPE_PEM));
+
+    /* setup ssls */
+    QuicTestContext_init_fail_cb(&tclient, ctx_c, "client", verbose);
+    QuicTestContext_init(&tserver, ctx_s, "server", verbose);
+
+    /* connect */
+    QuicConversation_init(&conv, &tclient, &tserver);
+    QuicConversation_step(&conv, 0);
+    /* check established/missing secrets */
+    check_secrets(&tserver, wolfssl_encryption_initial, 0, 0);
+    check_secrets(&tserver, wolfssl_encryption_handshake,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
+    check_secrets(&tserver, wolfssl_encryption_application,
+        DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
+    check_secrets(&tclient, wolfssl_encryption_handshake, 0, 0);
+    /* feed the server data to the client. This is when the cb will fail */
+    QuicConversation_step(&conv, 1);
+    /* confirm failure to generate secrets */
+    {
+        int idx = (int)wolfssl_encryption_handshake;
+        ExpectTrue(idx < 4);
+        ExpectIntEQ(tclient.rx_secret_len[idx], 0);
+        ExpectIntEQ(tclient.tx_secret_len[idx], 0);
+    }
+    QuicTestContext_free(&tclient);
+    QuicTestContext_free(&tserver);
+
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_CTX_free(ctx_s);
+    printf("    test_quic_server_hello_fail: %s\n",
+           EXPECT_RESULT() ? pass : fail);
+    return EXPECT_RESULT();
 }
 
 /* This has gotten a bit out of hand. */
@@ -1222,17 +1387,23 @@ static int select_ALPN(WOLFSSL *ssl,
 }
 
 static int test_quic_alpn(int verbose) {
-    WOLFSSL_CTX *ctx_c, *ctx_s;
-    int ret = 0;
-    QuicTestContext tclient, tserver;
-    QuicConversation conv;
+    EXPECT_DECLS;
+    WOLFSSL_CTX *        ctx_c = NULL;
+    WOLFSSL_CTX *        ctx_s = NULL;
+    QuicTestContext      tclient, tserver;
+    QuicConversation     conv;
     struct stripe_buffer stripe;
-    unsigned char alpn_protos[256];
+    unsigned char        alpn_protos[256];
 
-    AssertNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
-    AssertNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
-    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, WOLFSSL_FILETYPE_PEM));
-    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, WOLFSSL_FILETYPE_PEM));
+    XMEMSET(&stripe, 0, sizeof(stripe));
+    XMEMSET(alpn_protos, 0, sizeof(alpn_protos));
+
+    ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
+    ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile,
+               WOLFSSL_FILETYPE_PEM));
+    ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile,
+               WOLFSSL_FILETYPE_PEM));
 
     stripe.stripe[0] = '\0';
     wolfSSL_CTX_set_servername_callback(ctx_s, inspect_SNI);
@@ -1255,20 +1426,19 @@ static int test_quic_alpn(int verbose) {
     wolfSSL_set_alpn_protos(tclient.ssl, alpn_protos, 1 + strlen("test"));
 
     QuicConversation_do(&conv);
-    AssertIntEQ(tclient.output.len, 0);
-    AssertIntEQ(tserver.output.len, 0);
+    ExpectIntEQ(tclient.output.len, 0);
+    ExpectIntEQ(tserver.output.len, 0);
 
     /* SNI callback needs to be called before ALPN callback */
-    AssertStrEQ(stripe.stripe, "SA");
+    ExpectStrEQ(stripe.stripe, "SA");
 
     QuicTestContext_free(&tclient);
     QuicTestContext_free(&tserver);
 
     wolfSSL_CTX_free(ctx_c);
     wolfSSL_CTX_free(ctx_s);
-    printf("    test_quic_alpn: %s\n", (ret == 0)? passed : failed);
-
-    return ret;
+    printf("    test_quic_alpn: %s\n", (EXPECT_SUCCESS())? pass : fail);
+    return EXPECT_RESULT();
 }
 #endif /* REALLY_HAVE_ALPN_AND_SNI */
 
@@ -1276,22 +1446,25 @@ static int test_quic_alpn(int verbose) {
 #ifdef HAVE_SESSION_TICKET
 
 static int test_quic_key_share(int verbose) {
-    WOLFSSL_CTX *ctx_c, *ctx_s;
-    int ret = 0;
-    QuicTestContext tclient, tserver;
+    EXPECT_DECLS;
+    WOLFSSL_CTX *    ctx_c = NULL;
+    WOLFSSL_CTX *    ctx_s = NULL;
+    QuicTestContext  tclient, tserver;
     QuicConversation conv;
 
-    AssertNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
-    AssertNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
-    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, WOLFSSL_FILETYPE_PEM));
-    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
+    ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile,
+               WOLFSSL_FILETYPE_PEM));
+    ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile,
+               WOLFSSL_FILETYPE_PEM));
 
     /* setup & handshake defaults */
     QuicTestContext_init(&tclient, ctx_c, "client", verbose);
     QuicTestContext_init(&tserver, ctx_s, "server", verbose);
     QuicConversation_init(&conv, &tclient, &tserver);
     QuicConversation_do(&conv);
-    AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
+    ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
         "Certificate:CertificateVerify:Finished:Finished:SessionTicket");
     QuicTestContext_free(&tclient);
     QuicTestContext_free(&tserver);
@@ -1301,13 +1474,13 @@ static int test_quic_key_share(int verbose) {
     /*If that is supported by the server, expect a smooth handshake.*/
     QuicTestContext_init(&tclient, ctx_c, "client", verbose);
     QuicTestContext_init(&tserver, ctx_s, "server", verbose);
-    AssertTrue(wolfSSL_set1_curves_list(tclient.ssl, "X25519:P-256")
+    ExpectTrue(wolfSSL_set1_curves_list(tclient.ssl, "X25519:P-256")
                == WOLFSSL_SUCCESS);
-    AssertTrue(wolfSSL_set1_curves_list(tserver.ssl, "X25519")
+    ExpectTrue(wolfSSL_set1_curves_list(tserver.ssl, "X25519")
                == WOLFSSL_SUCCESS);
     QuicConversation_init(&conv, &tclient, &tserver);
     QuicConversation_do(&conv);
-    AssertStrEQ(conv.rec_log,
+    ExpectStrEQ(conv.rec_log,
         "ClientHello:ServerHello:EncryptedExtension:"
             "Certificate:CertificateVerify:Finished:Finished:SessionTicket");
     QuicTestContext_free(&tclient);
@@ -1317,13 +1490,13 @@ static int test_quic_key_share(int verbose) {
     /* If group is not supported by server, expect HelloRetry */
     QuicTestContext_init(&tclient, ctx_c, "client", verbose);
     QuicTestContext_init(&tserver, ctx_s, "server", verbose);
-    AssertTrue(wolfSSL_set1_curves_list(tclient.ssl, "X25519:P-256")
+    ExpectTrue(wolfSSL_set1_curves_list(tclient.ssl, "X25519:P-256")
                == WOLFSSL_SUCCESS);
-    AssertTrue(wolfSSL_set1_curves_list(tserver.ssl, "P-256")
+    ExpectTrue(wolfSSL_set1_curves_list(tserver.ssl, "P-256")
                == WOLFSSL_SUCCESS);
     QuicConversation_init(&conv, &tclient, &tserver);
     QuicConversation_do(&conv);
-    AssertStrEQ(conv.rec_log,
+    ExpectStrEQ(conv.rec_log,
         "ClientHello:ServerHello:ClientHello:ServerHello:EncryptedExtension:"
             "Certificate:CertificateVerify:Finished:Finished:SessionTicket");
     QuicTestContext_free(&tclient);
@@ -1333,38 +1506,45 @@ static int test_quic_key_share(int verbose) {
     /* If no group overlap, expect failure */
     QuicTestContext_init(&tclient, ctx_c, "client", verbose);
     QuicTestContext_init(&tserver, ctx_s, "server", verbose);
-    AssertTrue(wolfSSL_set1_curves_list(tclient.ssl, "P-256")
+    ExpectTrue(wolfSSL_set1_curves_list(tclient.ssl, "P-256")
                == WOLFSSL_SUCCESS);
-    AssertTrue(wolfSSL_set1_curves_list(tserver.ssl, "X25519")
+    ExpectTrue(wolfSSL_set1_curves_list(tserver.ssl, "X25519")
                == WOLFSSL_SUCCESS);
     QuicConversation_init(&conv, &tclient, &tserver);
     QuicConversation_fail(&conv);
-    AssertIntEQ(wolfSSL_get_error(tserver.ssl, 0), SSL_ERROR_WANT_READ);
-    AssertIntEQ(wolfSSL_get_error(tclient.ssl, 0), BAD_KEY_SHARE_DATA);
+    ExpectIntEQ(wolfSSL_get_error(tserver.ssl, 0),
+                WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ));
+    ExpectIntEQ(wolfSSL_get_error(tclient.ssl, 0),
+                WC_NO_ERR_TRACE(BAD_KEY_SHARE_DATA));
     QuicTestContext_free(&tclient);
     QuicTestContext_free(&tserver);
     printf("    test_quic_key_share: no match ok\n");
 
     wolfSSL_CTX_free(ctx_c);
     wolfSSL_CTX_free(ctx_s);
-    printf("    test_quic_key_share: %s\n", (ret == 0)? passed : failed);
-    return ret;
+    printf("    test_quic_key_share: %s\n", EXPECT_SUCCESS() ? pass : fail);
+    return EXPECT_RESULT();
 }
 
 static int test_quic_resumption(int verbose) {
-    WOLFSSL_CTX *ctx_c, *ctx_s;
-    WOLFSSL_SESSION *session, *session_restored;
-    int ret = 0;
-    QuicTestContext tclient, tserver;
-    QuicConversation conv;
-    unsigned char session_buffer[16 * 1024], *session_data;
-    const unsigned char *session_data2;
-    unsigned int session_size;
+    EXPECT_DECLS;
+    WOLFSSL_CTX *         ctx_c = NULL;
+    WOLFSSL_CTX *         ctx_s = NULL;
+    WOLFSSL_SESSION *     session = NULL;
+    WOLFSSL_SESSION *     session_restored = NULL;
+    QuicTestContext       tclient, tserver;
+    QuicConversation      conv;
+    unsigned char         session_buffer[16 * 1024];
+    unsigned char *       session_data = NULL;
+    const unsigned char * session_data2 = NULL;
+    unsigned int          session_size = 0;
 
-    AssertNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
-    AssertNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
-    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, WOLFSSL_FILETYPE_PEM));
-    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
+    ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile,
+               WOLFSSL_FILETYPE_PEM));
+    ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile,
+               WOLFSSL_FILETYPE_PEM));
 
     /* setup ssls */
     QuicTestContext_init(&tclient, ctx_c, "client", verbose);
@@ -1374,20 +1554,23 @@ static int test_quic_resumption(int verbose) {
     /* run till end */
     QuicConversation_do(&conv);
     /* what have we seen? */
-    AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
+    ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
         "Certificate:CertificateVerify:Finished:Finished:SessionTicket");
 
     /* Should have received a session ticket, save the session
      * and also make a serialized/deserialized copy to check that persisting
      * a session works. */
-    AssertTrue(tclient.ticket_len > 0);
-    AssertNotNull(session = wolfSSL_get1_session(tclient.ssl));
-    AssertTrue((session_size = (unsigned int)wolfSSL_i2d_SSL_SESSION(session, NULL)) > 0);
-    AssertTrue((size_t)session_size < sizeof(session_buffer));
+    ExpectTrue(tclient.ticket_len > 0);
+    ExpectNotNull(session = wolfSSL_get1_session(tclient.ssl));
+    session_size = (unsigned int)wolfSSL_i2d_SSL_SESSION(session, NULL);
+    ExpectTrue(session_size > 0);
+    ExpectTrue((size_t)session_size < sizeof(session_buffer));
     session_data2 = session_data = session_buffer;
-    session_size = (unsigned int)wolfSSL_i2d_SSL_SESSION(session, &session_data);
-    session_restored = wolfSSL_d2i_SSL_SESSION(NULL, &session_data2, session_size);
-    AssertNotNull(session_restored);
+    session_size = (unsigned int)wolfSSL_i2d_SSL_SESSION(session,
+                                                         &session_data);
+    session_restored = wolfSSL_d2i_SSL_SESSION(NULL, &session_data2,
+                                               session_size);
+    ExpectNotNull(session_restored);
 
     QuicTestContext_free(&tserver);
     QuicTestContext_free(&tclient);
@@ -1395,12 +1578,12 @@ static int test_quic_resumption(int verbose) {
     /* Do a Session resumption with the session object */
     QuicTestContext_init(&tserver, ctx_s, "server", verbose);
     QuicTestContext_init(&tclient, ctx_c, "client_resume", verbose);
-    AssertIntEQ(wolfSSL_set_session(tclient.ssl, session), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_set_session(tclient.ssl, session), WOLFSSL_SUCCESS);
     /* let them talk */
     QuicConversation_init(&conv, &tclient, &tserver);
     QuicConversation_do(&conv);
     /* this is what should happen. Look Ma, no certificate! */
-    AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
+    ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
         "Finished:Finished:SessionTicket");
     QuicTestContext_free(&tclient);
     QuicTestContext_free(&tserver);
@@ -1408,30 +1591,34 @@ static int test_quic_resumption(int verbose) {
     /* Do a Session resumption with the restored session object */
     QuicTestContext_init(&tserver, ctx_s, "server", verbose);
     QuicTestContext_init(&tclient, ctx_c, "client_resume_restored", verbose);
-    AssertIntEQ(wolfSSL_set_session(tclient.ssl, session_restored), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_set_session(tclient.ssl, session_restored),
+                WOLFSSL_SUCCESS);
     /* let them talk */
     QuicConversation_init(&conv, &tclient, &tserver);
     QuicConversation_do(&conv);
     /* this is what should happen. Look Ma, no certificate! */
-    AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
+    ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
         "Finished:Finished:SessionTicket");
     QuicTestContext_free(&tclient);
     QuicTestContext_free(&tserver);
 
     {
         /* Do a Session resumption with a new server ctx */
-        WOLFSSL_CTX *ctx_s2;
-        AssertNotNull(ctx_s2 = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
-        AssertTrue(wolfSSL_CTX_use_certificate_file(ctx_s2, eccCertFile, WOLFSSL_FILETYPE_PEM));
-        AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s2, eccKeyFile, WOLFSSL_FILETYPE_PEM));
+        WOLFSSL_CTX * ctx_s2 = NULL;
+        ExpectNotNull(ctx_s2 = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
+        ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s2, eccCertFile,
+                                                    WOLFSSL_FILETYPE_PEM));
+        ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s2, eccKeyFile,
+                                                   WOLFSSL_FILETYPE_PEM));
 
         QuicTestContext_init(&tserver, ctx_s2, "server2", verbose);
         QuicTestContext_init(&tclient, ctx_c, "client_resume2", verbose);
-        AssertIntEQ(wolfSSL_set_session(tclient.ssl, session_restored), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_set_session(tclient.ssl, session_restored),
+                                        WOLFSSL_SUCCESS);
         /* let them talk */
         QuicConversation_init(&conv, &tclient, &tserver);
         QuicConversation_do(&conv);
-        AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
+        ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
             "Certificate:CertificateVerify:Finished:Finished:SessionTicket");
         QuicTestContext_free(&tclient);
         QuicTestContext_free(&tserver);
@@ -1443,45 +1630,48 @@ static int test_quic_resumption(int verbose) {
     wolfSSL_CTX_free(ctx_c);
     wolfSSL_CTX_free(ctx_s);
 
-    printf("    test_quic_resumption: %s\n", (ret == 0)? passed : failed);
-    return ret;
+    printf("    test_quic_resumption: %s\n", EXPECT_SUCCESS() ? pass : fail);
+    return EXPECT_RESULT();
 }
 
 #ifdef WOLFSSL_EARLY_DATA
 static int test_quic_early_data(int verbose) {
-    WOLFSSL_CTX *ctx_c, *ctx_s;
-    int ret = 0;
-    QuicTestContext tclient, tserver;
-    QuicConversation conv;
-    const byte early_data[] = "Nulla dies sine linea!";
-    size_t ed_written;
-    WOLFSSL_SESSION *session;
-    unsigned int max_early_sz;
+    EXPECT_DECLS;
+    WOLFSSL_CTX *     ctx_c = NULL;
+    WOLFSSL_CTX *     ctx_s = NULL;
+    QuicTestContext   tclient, tserver;
+    QuicConversation  conv;
+    const byte        early_data[] = "Nulla dies sine linea!";
+    size_t            ed_written = 0;
+    WOLFSSL_SESSION * session = NULL;
+    unsigned int      max_early_sz = 0;
 
-    AssertNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
     wolfSSL_CTX_UseSessionTicket(ctx_c);
 
-    AssertNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
-    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, WOLFSSL_FILETYPE_PEM));
-    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
+    ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile,
+               WOLFSSL_FILETYPE_PEM));
+    ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile,
+               WOLFSSL_FILETYPE_PEM));
 
     /* setup ssls */
     QuicTestContext_init(&tclient, ctx_c, "client", verbose);
     QuicTestContext_init(&tserver, ctx_s, "server", verbose);
     wolfSSL_set_quic_early_data_enabled(tserver.ssl, 1);
     /* QUIC only allows 0xffffffff or 0x0 as values */
-    AssertIntEQ(wolfSSL_get_max_early_data(tserver.ssl), UINT32_MAX);
+    ExpectIntEQ(wolfSSL_get_max_early_data(tserver.ssl), UINT32_MAX);
 
     QuicConversation_init(&conv, &tclient, &tserver);
     /* run till end */
     QuicConversation_do(&conv);
     /* what have we seen? */
-    AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
+    ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
         "Certificate:CertificateVerify:Finished:Finished:SessionTicket");
 
     /* Should have received a session ticket, save the session */
-    AssertTrue(tclient.ticket_len > 0);
-    AssertNotNull(session = wolfSSL_get1_session(tclient.ssl));
+    ExpectTrue(tclient.ticket_len > 0);
+    ExpectNotNull(session = wolfSSL_get1_session(tclient.ssl));
     QuicTestContext_free(&tclient);
     QuicTestContext_free(&tserver);
 
@@ -1489,35 +1679,37 @@ static int test_quic_early_data(int verbose) {
      * Since we enabled early data in the server that created the session,
      * we need to see it here. */
     max_early_sz = wolfSSL_SESSION_get_max_early_data(session);
-    AssertIntEQ(max_early_sz, UINT32_MAX);
+    ExpectIntEQ(max_early_sz, UINT32_MAX);
 
     /* Do a Session resumption with the ticket */
     QuicTestContext_init(&tserver, ctx_s, "server", verbose);
     QuicTestContext_init(&tclient, ctx_c, "client", verbose);
-    AssertIntEQ(wolfSSL_set_session(tclient.ssl, session), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_set_session(tclient.ssl, session), WOLFSSL_SUCCESS);
     /* enable early data -*/
     wolfSSL_set_quic_early_data_enabled(tserver.ssl, 1);
     /* client will send, and server will receive implicitly */
     QuicConversation_init(&conv, &tclient, &tserver);
     QuicConversation_start(&conv, early_data, sizeof(early_data), &ed_written);
     QuicConversation_do(&conv);
-    AssertIntEQ(wolfSSL_get_early_data_status(tclient.ssl), WOLFSSL_EARLY_DATA_ACCEPTED);
+    ExpectIntEQ(wolfSSL_get_early_data_status(tclient.ssl),
+                WOLFSSL_EARLY_DATA_ACCEPTED);
 
     QuicTestContext_free(&tclient);
     QuicTestContext_free(&tserver);
 
     QuicTestContext_init(&tserver, ctx_s, "server", verbose);
     QuicTestContext_init(&tclient, ctx_c, "client", verbose);
-    AssertIntEQ(wolfSSL_set_session(tclient.ssl, session), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_set_session(tclient.ssl, session), WOLFSSL_SUCCESS);
     /* client will send, and server will receive */
     QuicConversation_init(&conv, &tclient, &tserver);
     /* make QuicConversation_do() use wolfSSL_read_early_data() */
     conv.accept_early_data = 1;
     QuicConversation_start(&conv, early_data, sizeof(early_data), &ed_written);
     QuicConversation_do(&conv);
-    AssertIntEQ(wolfSSL_get_early_data_status(tclient.ssl), WOLFSSL_EARLY_DATA_ACCEPTED);
-    AssertIntEQ(conv.early_data_len, sizeof(early_data));
-    AssertStrEQ(conv.early_data, (const char*)early_data);
+    ExpectIntEQ(wolfSSL_get_early_data_status(tclient.ssl),
+                WOLFSSL_EARLY_DATA_ACCEPTED);
+    ExpectIntEQ(conv.early_data_len, sizeof(early_data));
+    ExpectStrEQ(conv.early_data, (const char*)early_data);
 
     QuicTestContext_free(&tclient);
     QuicTestContext_free(&tserver);
@@ -1525,18 +1717,17 @@ static int test_quic_early_data(int verbose) {
     wolfSSL_SESSION_free(session);
     wolfSSL_CTX_free(ctx_c);
     wolfSSL_CTX_free(ctx_s);
-    printf("    test_quic_early_data: %s\n", (ret == 0)? passed : failed);
-
-    return ret;
+    printf("    test_quic_early_data: %s\n", EXPECT_SUCCESS() ? pass : fail);
+    return EXPECT_RESULT();
 }
 #endif /* WOLFSSL_EARLY_DATA */
 
 static int new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session)
 {
-    QuicTestContext *ctx = (QuicTestContext*)wolfSSL_get_app_data(ssl);
-    byte *data;
-    int ret = 0;
-    int sz;
+    QuicTestContext * ctx = (QuicTestContext*)wolfSSL_get_app_data(ssl);
+    byte * data = NULL;
+    int    ret = 0;
+    int    sz = 0;
 
     AssertNotNull(ctx);
 
@@ -1560,19 +1751,22 @@ static int new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session)
 
 static int test_quic_session_export(int verbose)
 {
-    WOLFSSL_CTX *ctx_c, *ctx_s;
-    WOLFSSL_SESSION *session = NULL;
-    int ret = 0;
-    QuicTestContext tclient, tserver;
-    QuicConversation conv;
-    byte session_data[16*1024];
-    const byte *bp;
-    word32 session_len;
+    EXPECT_DECLS;
+    WOLFSSL_CTX *     ctx_c = NULL;
+    WOLFSSL_CTX *     ctx_s = NULL;
+    WOLFSSL_SESSION * session = NULL;
+    QuicTestContext   tclient, tserver;
+    QuicConversation  conv;
+    byte              session_data[16*1024];
+    const byte *      bp = NULL;
+    word32            session_len = 0;
 
-    AssertNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
-    AssertNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
-    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, WOLFSSL_FILETYPE_PEM));
-    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
+    ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
+    ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile,
+               WOLFSSL_FILETYPE_PEM));
+    ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile,
+               WOLFSSL_FILETYPE_PEM));
 
     /* Uses CTX session callback for new sessions */
     wolfSSL_CTX_sess_set_new_cb(ctx_c, new_session_cb);
@@ -1585,10 +1779,12 @@ static int test_quic_session_export(int verbose)
     /* run till end */
     QuicConversation_do(&conv);
     /* what have we seen? */
-    AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:Certificate:CertificateVerify:Finished:Finished:SessionTicket");
+    ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
+                "Certificate:CertificateVerify:Finished:Finished:"
+                "SessionTicket");
 
     /* Should have received a session, save it */
-    AssertTrue(tclient.session_len > 0);
+    ExpectTrue(tclient.session_len > 0);
     memcpy(session_data, tclient.session, tclient.session_len);
     session_len = tclient.session_len;
     if (verbose)
@@ -1601,24 +1797,24 @@ static int test_quic_session_export(int verbose)
     QuicTestContext_init(&tserver, ctx_s, "server", verbose);
     QuicTestContext_init(&tclient, ctx_c, "client_resume", verbose);
     bp = session_data;
-    AssertNotNull(session = wolfSSL_d2i_SSL_SESSION(NULL, &bp, session_len));
-    AssertIntEQ(wolfSSL_set_session(tclient.ssl, session), WOLFSSL_SUCCESS);
+    ExpectNotNull(session = wolfSSL_d2i_SSL_SESSION(NULL, &bp, session_len));
+    ExpectIntEQ(wolfSSL_set_session(tclient.ssl, session), WOLFSSL_SUCCESS);
     wolfSSL_SESSION_free(session);
 
     /* let them talk */
     QuicConversation_init(&conv, &tclient, &tserver);
     QuicConversation_do(&conv);
     /* this is what should happen. Look Ma, no certificate! */
-    AssertStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:Finished:Finished:SessionTicket");
+    ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:"
+                "Finished:Finished:SessionTicket");
 
     QuicTestContext_free(&tclient);
     QuicTestContext_free(&tserver);
 
     wolfSSL_CTX_free(ctx_c);
     wolfSSL_CTX_free(ctx_s);
-
-    printf("    test_quic_session_export: %s\n", (ret == 0)? passed : failed);
-    return ret;
+    printf("    test_quic_session_export: %s\n", EXPECT_RESULT() ? pass : fail);
+    return EXPECT_RESULT();
 }
 #endif /* WOLFSSL_SESSION_EXPORT */
 
@@ -1632,27 +1828,29 @@ int QuicTest(void)
     int verbose = 0;
     printf(" Begin QUIC Tests\n");
 
-    if ((ret = test_set_quic_method()) != 0) goto leave;
-    if ((ret = test_provide_quic_data()) != 0) goto leave;
-    if ((ret = test_quic_crypt()) != 0) goto leave;
-    if ((ret = test_quic_client_hello(verbose)) != 0) goto leave;
-    if ((ret = test_quic_server_hello(verbose)) != 0) goto leave;
+    if ((ret = test_set_quic_method()) != TEST_SUCCESS) goto leave;
+    if ((ret = test_provide_quic_data()) != TEST_SUCCESS) goto leave;
+    if ((ret = test_quic_crypt()) != TEST_SUCCESS) goto leave;
+    if ((ret = test_quic_client_hello(verbose)) != TEST_SUCCESS) goto leave;
+    if ((ret = test_quic_server_hello(verbose)) != TEST_SUCCESS) goto leave;
+    if ((ret = test_quic_server_hello_fail(verbose)) != TEST_SUCCESS) goto leave;
 #ifdef REALLY_HAVE_ALPN_AND_SNI
-    if ((ret = test_quic_alpn(verbose)) != 0) goto leave;
+    if ((ret = test_quic_alpn(verbose)) != TEST_SUCCESS) goto leave;
 #endif /* REALLY_HAVE_ALPN_AND_SNI */
 #ifdef HAVE_SESSION_TICKET
-    if ((ret = test_quic_key_share(verbose)) != 0) goto leave;
-    if ((ret = test_quic_resumption(verbose)) != 0) goto leave;
+    if ((ret = test_quic_key_share(verbose)) != TEST_SUCCESS) goto leave;
+    if ((ret = test_quic_resumption(verbose)) != TEST_SUCCESS) goto leave;
 #ifdef WOLFSSL_EARLY_DATA
-    if ((ret = test_quic_early_data(verbose)) != 0) goto leave;
+    if ((ret = test_quic_early_data(verbose)) != TEST_SUCCESS) goto leave;
 #endif /* WOLFSSL_EARLY_DATA */
-    if ((ret = test_quic_session_export(verbose)) != 0) goto leave;
+    if ((ret = test_quic_session_export(verbose)) != TEST_SUCCESS) goto leave;
 #endif /* HAVE_SESSION_TICKET */
 
 leave:
-    if (ret != 0)
+    if (ret != TEST_SUCCESS) {
         printf("  FAILED: some tests did not pass.\n");
+    }
     printf(" End QUIC Tests\n");
 #endif
-    return ret;
+    return ret == TEST_SUCCESS ? 0 : -1;
 }
diff --git a/tests/srp.c b/tests/srp.c
index 0a41361ce..87541be34 100644
--- a/tests/srp.c
+++ b/tests/srp.c
@@ -1,6 +1,6 @@
 /* srp.c SRP unit tests
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,14 +19,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
 #include <tests/unit.h>
+
 #include <wolfssl/wolfcrypt/sha512.h>
 #include <wolfssl/wolfcrypt/srp.h>
 
@@ -126,11 +120,11 @@ static void test_SrpInit(void)
     Srp srp;
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_TEST_DEFAULT,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpInit(NULL, SRP_TYPE_TEST_DEFAULT,
                                          SRP_CLIENT_SIDE));
     /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT,
                                          (SrpSide)255));
     /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
 
@@ -147,8 +141,8 @@ static void test_SrpSetUsername(void)
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL, usernameSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetUsername(NULL, username, usernameSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetUsername(&srp, NULL, usernameSz));
 
     /* success */
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
@@ -165,7 +159,7 @@ static void test_SrpSetParams(void)
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp,
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpSetParams(&srp,
                                                   srp_N,    sizeof(srp_N),
                                                   srp_g,    sizeof(srp_g),
                                                   srp_salt, sizeof(srp_salt)));
@@ -174,19 +168,19 @@ static void test_SrpSetParams(void)
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(NULL,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(NULL,
                                               srp_N,    sizeof(srp_N),
                                               srp_g,    sizeof(srp_g),
                                               srp_salt, sizeof(srp_salt)));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(&srp,
                                               NULL,     sizeof(srp_N),
                                               srp_g,    sizeof(srp_g),
                                               srp_salt, sizeof(srp_salt)));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(&srp,
                                               srp_N,    sizeof(srp_N),
                                               NULL,      sizeof(srp_g),
                                               srp_salt, sizeof(srp_salt)));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(&srp,
                                               srp_N,    sizeof(srp_N),
                                               srp_g,    sizeof(srp_g),
                                               NULL,     sizeof(srp_salt)));
@@ -215,9 +209,9 @@ static void test_SrpSetPassword(void)
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E,
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E),
                 wc_SrpSetPassword(&srp, password, passwordSz));
-    AssertIntEQ(SRP_CALL_ORDER_E,
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E),
                 wc_SrpGetVerifier(&srp, v, &vSz));
 
     /* fix call order */
@@ -226,16 +220,16 @@ static void test_SrpSetPassword(void)
                                          srp_salt, sizeof(srp_salt)));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(NULL, password, passwordSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(&srp, NULL,     passwordSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetPassword(NULL, password, passwordSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetPassword(&srp, NULL,     passwordSz));
 
     /* success */
     AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(NULL, v,    &vSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(&srp, NULL, &vSz));
-    AssertIntEQ(BUFFER_E,     wc_SrpGetVerifier(&srp, v,    &vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetVerifier(NULL, v,    &vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetVerifier(&srp, NULL, &vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E),     wc_SrpGetVerifier(&srp, v,    &vSz));
 
     /* success */
     vSz = sizeof(v);
@@ -244,14 +238,14 @@ static void test_SrpSetPassword(void)
     AssertIntEQ(0, XMEMCMP(srp_verifier, v, vSz));
 
     /* invalid params - client side srp */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, v, vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetVerifier(&srp, v, vSz));
 
     wc_SrpTerm(&srp);
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(NULL, v,    vSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, NULL, vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetVerifier(NULL, v,    vSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetVerifier(&srp, NULL, vSz));
 
     /* success */
     AssertIntEQ(0, wc_SrpSetVerifier(&srp, v, vSz));
@@ -273,16 +267,16 @@ static void test_SrpGetPublic(void)
                                          srp_salt, sizeof(srp_salt)));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, pub, &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpGetPublic(&srp, pub, &pubSz));
 
     /* fix call order */
     AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(NULL, pub, &pubSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, NULL,   &pubSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, pub, NULL));
-    AssertIntEQ(BUFFER_E,     wc_SrpGetPublic(&srp, pub, &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetPublic(NULL, pub, &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetPublic(&srp, NULL,   &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetPublic(&srp, pub, NULL));
+    AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E),     wc_SrpGetPublic(&srp, pub, &pubSz));
 
     /* success */
     pubSz = sizeof(pub);
@@ -300,7 +294,7 @@ static void test_SrpGetPublic(void)
                                          srp_salt, sizeof(srp_salt)));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, pub, &pubSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpGetPublic(&srp, pub, &pubSz));
 
     /* fix call order */
     AssertIntEQ(0, wc_SrpSetVerifier(&srp, srp_verifier, sizeof(srp_verifier)));
@@ -328,7 +322,7 @@ static void test_SrpComputeKey(void)
     AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpComputeKey(&cli,
                                                    clientPubKey, clientPubKeySz,
                                                    serverPubKey, serverPubKeySz));
 
@@ -354,19 +348,19 @@ static void test_SrpComputeKey(void)
     AssertIntEQ(0, XMEMCMP(serverPubKey, srp_B, serverPubKeySz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(NULL,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(NULL,
                                                clientPubKey, clientPubKeySz,
                                                serverPubKey, serverPubKeySz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli,
                                                NULL,         clientPubKeySz,
                                                serverPubKey, serverPubKeySz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli,
                                                clientPubKey, 0,
                                                serverPubKey, serverPubKeySz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli,
                                                clientPubKey, clientPubKeySz,
                                                NULL,         serverPubKeySz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli,
                                                clientPubKey, clientPubKeySz,
                                                serverPubKey, 0));
 
@@ -432,16 +426,16 @@ static void test_SrpGetProofAndVerify(void)
 
     /* invalid params */
     serverProofSz = 0;
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(NULL, clientProof,&clientProofSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, NULL,       &clientProofSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, clientProof,NULL));
-    AssertIntEQ(BUFFER_E,     wc_SrpGetProof(&srv, serverProof,&serverProofSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetProof(NULL, clientProof,&clientProofSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetProof(&cli, NULL,       &clientProofSz));
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetProof(&cli, clientProof,NULL));
+    AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E),     wc_SrpGetProof(&srv, serverProof,&serverProofSz));
 
-    AssertIntEQ(BAD_FUNC_ARG,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG),
                 wc_SrpVerifyPeersProof(NULL, clientProof, clientProofSz));
-    AssertIntEQ(BAD_FUNC_ARG,
+    AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG),
                 wc_SrpVerifyPeersProof(&cli, NULL,        clientProofSz));
-    AssertIntEQ(BUFFER_E,
+    AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E),
                 wc_SrpVerifyPeersProof(&srv, serverProof, serverProofSz));
     serverProofSz = SRP_MAX_DIGEST_SIZE;
 
diff --git a/tests/suites.c b/tests/suites.c
index 5c367fe9c..60b89e335 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -1,6 +1,6 @@
 /* suites.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,11 +20,7 @@
  */
 
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <tests/unit.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -37,7 +33,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <wolfssl/ssl.h>
-#include <tests/unit.h>
+
 #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
                       && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
 #include <wolfssl/wolfcrypt/ecc.h>
@@ -62,7 +58,7 @@
 #include "examples/server/server.h"
 
 #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
-    !defined(SINGLE_THREADED)
+    !defined(NO_TLS) && !defined(SINGLE_THREADED)
 static WOLFSSL_CTX* cipherSuiteCtx = NULL;
 static char nonblockFlag[] = "-N";
 static char noVerifyFlag[] = "-d";
@@ -172,6 +168,71 @@ static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc)
     return valid;
 }
 
+#if defined(WOLFSSL_HAVE_MLKEM)
+static int IsKyberLevelAvailable(const char* line)
+{
+    int available = 0;
+    const char* find = "--pqc ";
+    const char* begin = strstr(line, find);
+    const char* end;
+
+    if (begin != NULL) {
+        begin += 6;
+        end = XSTRSTR(begin, " ");
+
+    #ifndef WOLFSSL_NO_ML_KEM
+        if ((size_t)end - (size_t)begin == 10) {
+        #ifndef WOLFSSL_NO_ML_KEM_512
+            if (XSTRNCMP(begin, "ML_KEM_512", 10) == 0) {
+                available = 1;
+            }
+        #endif
+        #ifndef WOLFSSL_NO_ML_KEM_768
+            if (XSTRNCMP(begin, "ML_KEM_768", 10) == 0) {
+                available = 1;
+            }
+        #endif
+        }
+        #ifndef WOLFSSL_NO_ML_KEM_1024
+        if ((size_t)end - (size_t)begin == 11) {
+            if (XSTRNCMP(begin, "ML_KEM_1024", 11) == 0) {
+                available = 1;
+            }
+        }
+        #endif
+    #endif
+    #ifdef WOLFSSL_MLKEM_KYBER
+        if ((size_t)end - (size_t)begin == 12) {
+        #ifndef WOLFSSL_NO_KYBER512
+            if (XSTRNCMP(begin, "KYBER_LEVEL1", 12) == 0) {
+                available = 1;
+            }
+        #endif
+        #ifndef WOLFSSL_NO_KYBER768
+            if (XSTRNCMP(begin, "KYBER_LEVEL3", 12) == 0) {
+                available = 1;
+            }
+        #endif
+        #ifndef WOLFSSL_NO_KYBER1024
+            if (XSTRNCMP(begin, "KYBER_LEVEL5", 12) == 0) {
+                available = 1;
+            }
+        #endif
+        }
+    #endif
+    }
+
+#if defined(WOLFSSL_MLKEM_NO_MAKE_KEY) || \
+    defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+    (void)available;
+    return begin == NULL;
+#else
+    return (begin == NULL) || available;
+#endif
+}
+#endif
+
 static int IsValidCert(const char* line)
 {
     int ret = 1;
@@ -307,8 +368,8 @@ static int execute_test_case(int svr_argc, char** svr_argv,
     func_args cliArgs = {0, NULL, 0, NULL, NULL, NULL};
     func_args svrArgs = {0, NULL, 0, NULL, NULL, NULL};
 #else
-    func_args cliArgs = {cli_argc, cli_argv, 0, NULL, NULL};
-    func_args svrArgs = {svr_argc, svr_argv, 0, NULL, NULL};
+    func_args cliArgs = {0, NULL, 0, NULL, NULL};
+    func_args svrArgs = {0, NULL, 0, NULL, NULL};
 #endif
 
     tcp_ready   ready;
@@ -325,17 +386,14 @@ static int execute_test_case(int svr_argc, char** svr_argv,
 #ifdef WOLFSSL_NO_CLIENT_AUTH
     int         reqClientCert;
 #endif
-
 #if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND)
     srtp_test_helper srtp_helper;
 #endif
 
-#if defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_SRTP)
     cliArgs.argc = cli_argc;
     cliArgs.argv = cli_argv;
     svrArgs.argc = svr_argc;
     svrArgs.argv = svr_argv;
-#endif
 
     /* Is Valid Cipher and Version Checks */
     /* build command list for the Is checks below */
@@ -356,6 +414,14 @@ static int execute_test_case(int svr_argc, char** svr_argv,
         #endif
         return NOT_BUILT_IN;
     }
+#ifdef WOLFSSL_HAVE_MLKEM
+    if (!IsKyberLevelAvailable(commandLine)) {
+        #ifdef DEBUG_SUITE_TESTS
+            printf("Kyber level not supported in build: %s\n", commandLine);
+        #endif
+        return NOT_BUILT_IN;
+    }
+#endif
     if (!IsValidCert(commandLine)) {
         #ifdef DEBUG_SUITE_TESTS
             printf("certificate %s not supported in build\n", commandLine);
@@ -796,8 +862,8 @@ static void test_harness(void* vargs)
 int SuiteTest(int argc, char** argv)
 {
 #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
-    !defined(SINGLE_THREADED)
+    !defined(NO_TLS) && !defined(SINGLE_THREADED) && \
+    !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
     func_args args;
     char argv0[3][80];
     char* myArgv[3];
@@ -926,9 +992,8 @@ int SuiteTest(int argc, char** argv)
         args.return_code = EXIT_FAILURE;
         goto exit;
     }
-    #ifdef HAVE_LIBOQS
-    /* add TLSv13 pq tests */
-    XSTRLCPY(argv0[1], "tests/test-tls13-pq-2.conf", sizeof(argv0[1]));
+    /* add TLSv13 pq hybrid tests */
+    XSTRLCPY(argv0[1], "tests/test-tls13-pq-hybrid.conf", sizeof(argv0[1]));
     printf("starting TLSv13 post-quantum groups tests\n");
     test_harness(&args);
     if (args.return_code != 0) {
@@ -937,29 +1002,6 @@ int SuiteTest(int argc, char** argv)
         goto exit;
     }
     #endif
-    #endif
-    #ifdef HAVE_PQC
-    /* add TLSv13 pq tests */
-    XSTRLCPY(argv0[1], "tests/test-tls13-pq.conf", sizeof(argv0[1]));
-    printf("starting TLSv13 post-quantum groups tests\n");
-    test_harness(&args);
-    if (args.return_code != 0) {
-        printf("error from script %d\n", args.return_code);
-        args.return_code = EXIT_FAILURE;
-        goto exit;
-    }
-    #ifdef HAVE_LIBOQS
-    /* add TLSv13 pq tests */
-    XSTRLCPY(argv0[1], "tests/test-tls13-pq-2.conf", sizeof(argv0[1]));
-    printf("starting TLSv13 post-quantum groups tests\n");
-    test_harness(&args);
-    if (args.return_code != 0) {
-        printf("error from script %d\n", args.return_code);
-        args.return_code = EXIT_FAILURE;
-        goto exit;
-    }
-    #endif
-    #endif
     #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13)
     /* add DTLSv13 pq tests */
     XSTRLCPY(argv0[1], "tests/test-dtls13-pq.conf", sizeof(argv0[1]));
@@ -970,6 +1012,15 @@ int SuiteTest(int argc, char** argv)
         args.return_code = EXIT_FAILURE;
         goto exit;
     }
+    /* add DTLSv13 pq hybrid tests */
+    XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid.conf", sizeof(argv0[1]));
+    printf("starting DTLSv13 post-quantum 2 groups tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
     #ifdef WOLFSSL_DTLS_CH_FRAG
     /* add DTLSv13 pq frag tests */
     XSTRLCPY(argv0[1], "tests/test-dtls13-pq-frag.conf", sizeof(argv0[1]));
@@ -980,20 +1031,8 @@ int SuiteTest(int argc, char** argv)
         args.return_code = EXIT_FAILURE;
         goto exit;
     }
-    #endif
-    #ifdef HAVE_LIBOQS
-    /* add DTLSv13 pq 2 tests */
-    XSTRLCPY(argv0[1], "tests/test-dtls13-pq-2.conf", sizeof(argv0[1]));
-    printf("starting DTLSv13 post-quantum 2 groups tests\n");
-    test_harness(&args);
-    if (args.return_code != 0) {
-        printf("error from script %d\n", args.return_code);
-        args.return_code = EXIT_FAILURE;
-        goto exit;
-    }
-    #ifdef WOLFSSL_DTLS_CH_FRAG
-    /* add DTLSv13 pq 2 frag tests */
-    XSTRLCPY(argv0[1], "tests/test-dtls13-pq-2-frag.conf", sizeof(argv0[1]));
+    /* add DTLSv13 pq hybrid frag tests */
+    XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid-frag.conf", sizeof(argv0[1]));
     printf("starting DTLSv13 post-quantum 2 groups tests with fragmentation\n");
     test_harness(&args);
     if (args.return_code != 0) {
@@ -1003,7 +1042,6 @@ int SuiteTest(int argc, char** argv)
     }
     #endif
     #endif
-    #endif
 #endif
 #if defined(WC_RSA_PSS) && (!defined(HAVE_FIPS) || \
      (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
@@ -1303,7 +1341,7 @@ int SuiteTest(int argc, char** argv)
         args.return_code = EXIT_FAILURE;
         goto exit;
     }
-#endif /* HAVE_RSA and HAVE_ECC */
+#endif /* !NO__RSA and HAVE_ECC */
 #endif /* !WC_STRICT_SIG */
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) && \
     (defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM))
@@ -1460,5 +1498,5 @@ exit:
     (void)argc;
     (void)argv;
     return NOT_COMPILED_IN;
-#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
+#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT && !NO_TLS */
 }
diff --git a/tests/test-dtls13-pq-2-frag.conf b/tests/test-dtls13-pq-2-frag.conf
deleted file mode 100644
index 6ea8317db..000000000
--- a/tests/test-dtls13-pq-2-frag.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# server DTLSv1.3 with post-quantum group
--u
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_KYBER_LEVEL3
-
-# client DTLSv1.3 with post-quantum group
--u
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_KYBER_LEVEL3
-
-# server DTLSv1.3 with post-quantum group
--u
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_KYBER_LEVEL5
-
-# client DTLSv1.3 with post-quantum group
--u
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_KYBER_LEVEL5
diff --git a/tests/test-dtls13-pq-2.conf b/tests/test-dtls13-pq-2.conf
deleted file mode 100644
index 6a4bfac08..000000000
--- a/tests/test-dtls13-pq-2.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# server DTLSv1.3 with post-quantum group
--u
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_KYBER_LEVEL1
-
-# client DTLSv1.3 with post-quantum group
--u
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_KYBER_LEVEL1
-
-# P384_KYBER_LEVEL3 and P521_KYBER_LEVEL5 would fragment the ClientHello.
diff --git a/tests/test-dtls13-pq-frag.conf b/tests/test-dtls13-pq-frag.conf
index 01aaf477f..5592ecb79 100644
--- a/tests/test-dtls13-pq-frag.conf
+++ b/tests/test-dtls13-pq-frag.conf
@@ -1,3 +1,27 @@
+# server DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_768
+
+# client DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_768
+
+# server DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_1024
+
+# client DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_1024
+
 # server DTLSv1.3 with post-quantum group
 -u
 -v 4
@@ -21,4 +45,3 @@
 -v 4
 -l TLS13-AES256-GCM-SHA384
 --pqc KYBER_LEVEL5
-
diff --git a/tests/test-dtls13-pq-hybrid-frag.conf b/tests/test-dtls13-pq-hybrid-frag.conf
new file mode 100644
index 000000000..c9edc6907
--- /dev/null
+++ b/tests/test-dtls13-pq-hybrid-frag.conf
@@ -0,0 +1,131 @@
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_768
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_768
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_768
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_768
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_ML_KEM_1024
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_ML_KEM_1024
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_1024
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_1024
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_768
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_768
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_ML_KEM_768
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_ML_KEM_768
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_KYBER_LEVEL3
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_KYBER_LEVEL3
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL3
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL3
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_KYBER_LEVEL5
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_KYBER_LEVEL5
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL3
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL3
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_KYBER_LEVEL3
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_KYBER_LEVEL3
diff --git a/tests/test-dtls13-pq-hybrid.conf b/tests/test-dtls13-pq-hybrid.conf
new file mode 100644
index 000000000..3bb14cac5
--- /dev/null
+++ b/tests/test-dtls13-pq-hybrid.conf
@@ -0,0 +1,51 @@
+# server DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_512
+
+# client DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_512
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_512
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_512
+
+# Hybrids with ML_KEM_768 and ML_KEM_1024 would fragment the ClientHello.
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL1
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL1
+
+# server DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL1
+
+# client DTLSv1.3 with post-quantum hybrid group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL1
+
+# Hybrids with KYBER_LEVEL3 and KYBER_LEVEL5 would fragment the ClientHello.
diff --git a/tests/test-dtls13-pq.conf b/tests/test-dtls13-pq.conf
index c84ab819d..559741f32 100644
--- a/tests/test-dtls13-pq.conf
+++ b/tests/test-dtls13-pq.conf
@@ -1,3 +1,17 @@
+# server DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_512
+
+# client DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_512
+
+# ML_KEM_768 and ML_KEM_1024 would fragment the ClientHello.
+
 # server DTLSv1.3 with post-quantum group
 -u
 -v 4
diff --git a/tests/test-tls13-pq-2.conf b/tests/test-tls13-pq-2.conf
deleted file mode 100644
index ff09d72a7..000000000
--- a/tests/test-tls13-pq-2.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_KYBER_LEVEL1
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_KYBER_LEVEL1
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_KYBER_LEVEL3
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_KYBER_LEVEL3
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_KYBER_LEVEL5
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_KYBER_LEVEL5
diff --git a/tests/test-tls13-pq-hybrid.conf b/tests/test-tls13-pq-hybrid.conf
new file mode 100644
index 000000000..242cd3089
--- /dev/null
+++ b/tests/test-tls13-pq-hybrid.conf
@@ -0,0 +1,149 @@
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_512
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_512
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_768
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_768
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_768
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_ML_KEM_768
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_ML_KEM_1024
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_ML_KEM_1024
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_1024
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_ML_KEM_1024
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_512
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_512
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_768
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_ML_KEM_768
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_ML_KEM_768
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_ML_KEM_768
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL1
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL1
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_KYBER_LEVEL3
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P384_KYBER_LEVEL3
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL3
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL3
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_KYBER_LEVEL5
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P521_KYBER_LEVEL5
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL1
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL1
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL3
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X25519_KYBER_LEVEL3
+
+# server TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_KYBER_LEVEL3
+
+# client TLSv1.3 with post-quantum hybrid group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc X448_KYBER_LEVEL3
diff --git a/tests/test-tls13-pq.conf b/tests/test-tls13-pq.conf
index 9d2b218de..ac8164e99 100644
--- a/tests/test-tls13-pq.conf
+++ b/tests/test-tls13-pq.conf
@@ -1,3 +1,33 @@
+# server TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_512
+
+# client TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_512
+
+# server TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_768
+
+# client TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_768
+
+# server TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_1024
+
+# client TLSv1.3 with post-quantum group
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc ML_KEM_1024
+
 # server TLSv1.3 with post-quantum group
 -v 4
 -l TLS13-AES256-GCM-SHA384
diff --git a/tests/unit.c b/tests/unit.c
index 870be9875..6bc6bda13 100644
--- a/tests/unit.c
+++ b/tests/unit.c
@@ -1,6 +1,6 @@
 /* unit.c API unit tests driver
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,17 +22,17 @@
 
 /* Name change compatibility layer no longer need to be included here */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <tests/unit.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/types.h>
 
 #include <stdio.h>
-#include <tests/unit.h>
 #include <wolfssl/wolfcrypt/fips_test.h>
 
+#ifndef NO_CRYPT_TEST
+#include <wolfssl/test.h>
+#include "wolfcrypt/test/test.h"
+#endif
 
 int allTesting = 1;
 int apiTesting = 1;
@@ -52,14 +52,19 @@ int main(int argc, char** argv)
 static void UnitTest_Usage(void)
 {
     printf("Usage: ./tests/unit.test <options>\n");
-    printf(" -?, --help     Display this usage information.\n");
-    printf(" --list         List the API tests.\n");
-    printf(" --api          Only perform API tests.\n");
-    printf(" -<number>      Run the API test identified by number.\n");
-    printf("                Can be specified multiple times.\n");
-    printf(" -<string>      Run the API test identified by name.\n");
-    printf("                Can be specified multiple times.\n");
-    printf(" <filename>     Name of cipher suite testing file.\n");
+    printf(" -?, --help        Display this usage information.\n");
+    printf(" --list            List the API tests.\n");
+    printf(" --api             Only perform API tests.\n");
+    printf(" --no-api          Do not perform API tests.\n");
+    printf(" --stopOnFail      Stops API testing on first failure.\n");
+    printf(" --groups          List known group names.\n");
+    printf(" --group <string>  Functions in this group are tested.\n");
+    printf(" -<number>         Run the API test identified by number.\n");
+    printf("                   Can be specified multiple times.\n");
+    printf(" -<string>         Run the API test identified by name.\n");
+    printf("                   Can be specified multiple times.\n");
+    printf(" -~<string>        Functions with this substring are tested.\n");
+    printf(" <filename>        Name of cipher suite testing file.\n");
 }
 
 int unit_test(int argc, char** argv)
@@ -196,13 +201,41 @@ int unit_test(int argc, char** argv)
         else if (XSTRCMP(argv[1], "--no-api") == 0) {
             apiTesting = 0;
         }
-        else if (argv[1][1] >= '0' && argv[1][1] <= '9') {
+        else if (XSTRCMP(argv[1], "--stopOnFail") == 0) {
+            ApiTest_StopOnFail();
+        }
+        else if (XSTRCMP(argv[1], "--groups") == 0) {
+            ApiTest_PrintGroups();
+            goto exit;
+        }
+        else if (XSTRCMP(argv[1], "--group") == 0) {
+            if (argc == 1) {
+                fprintf(stderr, "No group name supplied\n");
+                ret = -1;
+                goto exit;
+            }
+            ret = ApiTest_RunGroup(argv[2]);
+            if (ret != 0) {
+                goto exit;
+            }
+            allTesting = 0;
+            argc--;
+            argv++;
+        }
+        else if (argv[1][0] == '-' && argv[1][1] >= '0' && argv[1][1] <= '9') {
             ret = ApiTest_RunIdx(atoi(argv[1] + 1));
             if (ret != 0) {
                 goto exit;
             }
             allTesting = 0;
         }
+        else if (argv[1][0] == '-' && argv[1][1] == '~') {
+            ret = ApiTest_RunPartName(argv[1] + 2);
+            if (ret != 0) {
+                goto exit;
+            }
+            allTesting = 0;
+        }
         else {
             ret = ApiTest_RunName(argv[1] + 1);
             if (ret != 0) {
@@ -215,6 +248,34 @@ int unit_test(int argc, char** argv)
         argv++;
     }
 
+#ifndef NO_CRYPT_TEST
+    /* wc_ test */
+    if (allTesting) {
+        func_args wc_args;
+
+        printf("\nwolfCrypt unit test:\n");
+
+        if ((ret = wolfCrypt_Init()) != 0) {
+            fprintf(stderr, "wolfCrypt_Init failed: %d\n", (int)ret);
+            goto exit;
+        }
+
+        XMEMSET(&wc_args, 0, sizeof(wc_args));
+        wolfcrypt_test(&wc_args);
+        if (wc_args.return_code != 0) {
+            ret = 1;
+            goto exit;
+        }
+
+        if ((ret = wolfCrypt_Cleanup()) != 0) {
+            fprintf(stderr, "wolfCrypt_Cleanup failed: %d\n", (int)ret);
+            goto exit;
+        }
+
+        printf("wolfCrypt unit test completed successfully.\n\n");
+    }
+#endif
+
 #ifdef WOLFSSL_ALLOW_SKIP_UNIT_TESTS
     if (argc == 1)
 #endif
@@ -229,11 +290,6 @@ int unit_test(int argc, char** argv)
             goto exit;
         }
 
-        if ((ret = HashTest()) != 0) {
-            fprintf(stderr, "hash test failed with %d\n", ret);
-            goto exit;
-        }
-
     #ifdef WOLFSSL_W64_WRAPPER
         if ((ret = w64wrapper_test()) != 0) {
             fprintf(stderr, "w64wrapper test failed with %d\n", ret);
@@ -243,7 +299,7 @@ int unit_test(int argc, char** argv)
 
     #ifdef WOLFSSL_QUIC
         if ((ret = QuicTest()) != 0) {
-            printf("quic test failed with %d\n", ret);
+            fprintf(stderr, "quic test failed with %d\n", ret);
             goto exit;
         }
     #endif
@@ -253,6 +309,7 @@ int unit_test(int argc, char** argv)
 
 #if !defined(NO_WOLFSSL_CIPHER_SUITE_TEST) && \
     !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(NO_TLS) && \
     !defined(SINGLE_THREADED)
     if ((ret = SuiteTest(argc, argv)) != 0) {
         fprintf(stderr, "suite test failed with %d\n", ret);
diff --git a/tests/unit.h b/tests/unit.h
index f63c4bd63..4edd20a22 100644
--- a/tests/unit.h
+++ b/tests/unit.h
@@ -1,6 +1,6 @@
 /* unit.c API unit tests driver
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,8 +20,22 @@
  */
 
 
-#ifndef CyaSSL_UNIT_H
-#define CyaSSL_UNIT_H
+#ifndef TESTS_UNIT_H
+#define TESTS_UNIT_H
+
+#define WOLFSSL_VIS_FOR_TESTS
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with unit tests */
+#undef OPENSSL_COEXIST /* can't use this option with unit tests */
 
 #include <wolfssl/ssl.h>
 #include <wolfssl/test.h>    /* thread and tcp stuff */
@@ -121,27 +135,63 @@
 #define AssertPtrGE(x, y) AssertPtr(x, y, >=,  <)
 #define AssertPtrLE(x, y) AssertPtr(x, y, <=,  >)
 
+#define TEST_FAIL               0
+#define TEST_SUCCESS            1
+#define TEST_SUCCESS_NO_MSGS    2
+#define TEST_SKIPPED            3  /* Test skipped - not run. */
+#define TEST_SKIPPED_NO_MSGS    4  /* Test skipped - not run. */
 
 #define EXPECT_DECLS \
-    int _ret = TEST_SKIPPED
+    int _ret = TEST_SKIPPED, _fail_codepoint_id = TEST_FAIL
+#define EXPECT_SUCCESS_DECLS \
+    int _ret = TEST_SUCCESS, _fail_codepoint_id = TEST_SUCCESS
+#define EXPECT_DECLS_NO_MSGS(fail_codepoint_offset)     \
+    int _ret = TEST_SKIPPED_NO_MSGS,                    \
+        _fail_codepoint_id = (fail_codepoint_offset)
+#define EXPECT_FAILURE_CODEPOINT_ID _fail_codepoint_id
 #define EXPECT_RESULT() \
-    _ret
+    ((void)_fail_codepoint_id,                                          \
+     _ret == TEST_SUCCESS_NO_MSGS ? TEST_SUCCESS :                      \
+     _ret == TEST_SKIPPED_NO_MSGS ? TEST_SKIPPED :                      \
+     _ret)
 #define EXPECT_SUCCESS() \
-    ((_ret == TEST_SUCCESS) || (_ret == TEST_SKIPPED))
+    ((_ret == TEST_SUCCESS) ||                                          \
+     (_ret == TEST_SKIPPED) ||                                          \
+     (_ret == TEST_SUCCESS_NO_MSGS) ||                                  \
+     (_ret == TEST_SKIPPED_NO_MSGS))
 #define EXPECT_FAIL() \
-    (_ret == TEST_FAIL)
+    (! EXPECT_SUCCESS())
 
-#define ExpFail(description, result) do {                                      \
-    printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__);           \
-    fputs("\n    expected: ", stdout); printf description;                     \
-    fputs("\n    result:   ", stdout); printf result; fputs("\n\n", stdout);   \
-    fflush(stdout);                                                            \
-    _ret = TEST_FAIL;                                                          \
+#define EXPECT_TEST(ret) do {                                                  \
+    if (EXPECT_SUCCESS()) {                                                    \
+        _ret = (ret);                                                          \
+    }                                                                          \
 } while (0)
 
-#define Expect(test, description, result) do {                                 \
-    if (_ret != TEST_FAIL) { if (!(test)) ExpFail(description, result);        \
-                             else _ret = TEST_SUCCESS; }                       \
+#define ExpFail(description, result) do {                                    \
+    if ((_ret == TEST_SUCCESS_NO_MSGS) || (_ret == TEST_SKIPPED_NO_MSGS))    \
+        _ret = _fail_codepoint_id;                                           \
+    else {                                                                   \
+        printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__);     \
+        fputs("\n    expected: ", stdout); printf description;               \
+        fputs("\n    result:   ", stdout); printf result;                    \
+        fputs("\n\n", stdout);                                               \
+        fflush(stdout);                                                      \
+        _ret = TEST_FAIL;                                                    \
+    }                                                                        \
+} while (0)
+
+#define Expect(test, description, result) do {                               \
+    if (EXPECT_SUCCESS()) {                                                  \
+        if (!(test))                                                         \
+            ExpFail(description, result);                                    \
+        else if (_ret == TEST_SKIPPED_NO_MSGS)                               \
+            _ret = TEST_SUCCESS_NO_MSGS;                                     \
+        else                                                                 \
+            _ret = TEST_SUCCESS;                                             \
+    }                                                                        \
+    if (_ret == TEST_SUCCESS_NO_MSGS)                                        \
+        --_fail_codepoint_id;                                                \
 } while (0)
 
 #define ExpectTrue(x)    Expect( (x), ("%s is true",     #x), (#x " => FALSE"))
@@ -149,14 +199,14 @@
 #define ExpectNotNull(x) Expect( (x), ("%s is not null", #x), (#x " => NULL"))
 
 #define ExpectNull(x) do {                                                     \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         PEDANTIC_EXTENSION void* _x = (void*)(x);                              \
         Expect(!_x, ("%s is null", #x), (#x " => %p", _x));                    \
     }                                                                          \
 } while(0)
 
 #define ExpectInt(x, y, op, er) do {                                           \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         int _x = (int)(x);                                                     \
         int _y = (int)(y);                                                     \
         Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%d " #er " %d", _x, _y));\
@@ -171,7 +221,7 @@
 #define ExpectIntLE(x, y) ExpectInt(x, y, <=,  >)
 
 #define ExpectStr(x, y, op, er) do {                                           \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         const char* _x = (const char*)(x);                                     \
         const char* _y = (const char*)(y);                                     \
         int         _z = (_x && _y) ? XSTRCMP(_x, _y) : -1;                    \
@@ -188,7 +238,7 @@
 #define ExpectStrLE(x, y) ExpectStr(x, y, <=,  >)
 
 #define ExpectPtr(x, y, op, er) do {                                           \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         PRAGMA_DIAG_PUSH                                                       \
           /* remarkably, without this inhibition, */                           \
           /* the _Pragma()s make the declarations warn. */                     \
@@ -211,11 +261,11 @@
 #define ExpectPtrLE(x, y) ExpectPtr(x, y, <=,  >)
 
 #define ExpectBuf(x, y, z, op, er) do {                                        \
-    if (_ret != TEST_FAIL) {                                                   \
+    if (EXPECT_SUCCESS()) {                                                    \
         const byte* _x = (const byte*)(x);                                     \
         const byte* _y = (const byte*)(y);                                     \
         int         _z = (int)(z);                                             \
-        int         _w = ((_x) && (_y)) ? XMEMCMP(_x, _y, _z) : -1;            \
+        int _w = ((_x) && (_y)) ? XMEMCMP(_x, _y, (unsigned long)_z) : -1;     \
         Expect(_w op 0, ("%s " #op " %s for %s", #x, #y, #z),                  \
                              ("\"%p\" " #er " \"%p\" for \"%d\"",              \
                                 (const void *)_x, (const void *)_y, _z));      \
@@ -294,16 +344,91 @@
 #define DoExpectBufEQ(x, y, z) DoExpectBuf(x, y, z, ==, !=)
 #define DoExpectBufNE(x, y, z) DoExpectBuf(x, y, z, !=, ==)
 
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && \
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(WOLFSSL_TIRTOS)
+    #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES
+#endif
+#ifdef HAVE_SSL_MEMIO_TESTS_DEPENDENCIES
+
+typedef int (*ctx_cb)(WOLFSSL_CTX* ctx);
+typedef int (*ssl_cb)(WOLFSSL* ssl);
+typedef int (*test_cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
+typedef int (*hs_cb)(WOLFSSL_CTX **ctx, WOLFSSL **ssl);
+
+typedef struct test_ssl_cbf {
+    method_provider method;
+    ctx_cb ctx_ready;
+    ssl_cb ssl_ready;
+    ssl_cb on_result;
+    ctx_cb on_ctx_cleanup;
+    ssl_cb on_cleanup;
+    hs_cb  on_handshake;
+    WOLFSSL_CTX* ctx;
+    const char* caPemFile;
+    const char* certPemFile;
+    const char* keyPemFile;
+    const char* crlPemFile;
+#ifdef WOLFSSL_STATIC_MEMORY
+    byte*               mem;
+    word32              memSz;
+    wolfSSL_method_func method_ex;
+#endif
+    int devId;
+    int return_code;
+    int last_err;
+    unsigned char isSharedCtx:1;
+    unsigned char loadToSSL:1;
+    unsigned char ticNoInit:1;
+    unsigned char doUdp:1;
+} test_ssl_cbf;
+
+#define TEST_SSL_MEMIO_BUF_SZ   (64 * 1024)
+typedef struct test_ssl_memio_ctx {
+    WOLFSSL_CTX* s_ctx;
+    WOLFSSL_CTX* c_ctx;
+    WOLFSSL* s_ssl;
+    WOLFSSL* c_ssl;
+
+    const char* c_ciphers;
+    const char* s_ciphers;
+
+    char* c_msg;
+    int c_msglen;
+    char* s_msg;
+    int s_msglen;
+
+    test_ssl_cbf s_cb;
+    test_ssl_cbf c_cb;
+
+    byte c_buff[TEST_SSL_MEMIO_BUF_SZ];
+    int c_len;
+    byte s_buff[TEST_SSL_MEMIO_BUF_SZ];
+    int s_len;
+} test_ssl_memio_ctx;
+
+int test_ssl_memio_setup(test_ssl_memio_ctx *ctx);
+int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
+    int* rounds);
+void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx);
+int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
+    test_ssl_cbf* server_cb, test_cbType client_on_handshake);
+#endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
+
+void ApiTest_StopOnFail(void);
 void ApiTest_PrintTestCases(void);
+void ApiTest_PrintGroups(void);
+int ApiTest_RunGroup(char* name);
 int ApiTest_RunIdx(int idx);
+int ApiTest_RunPartName(char* name);
 int ApiTest_RunName(char* name);
 int ApiTest(void);
 
 int  SuiteTest(int argc, char** argv);
-int  HashTest(void);
 void SrpTest(void);
 int w64wrapper_test(void);
 int QuicTest(void);
 
 
-#endif /* CyaSSL_UNIT_H */
+#endif /* TESTS_UNIT_H */
diff --git a/tests/utils.c b/tests/utils.c
new file mode 100644
index 000000000..2b78b3a67
--- /dev/null
+++ b/tests/utils.c
@@ -0,0 +1,263 @@
+/* utils.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+#include <tests/utils.h>
+
+#ifdef HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES
+
+/* This set of memio functions allows for more fine tuned control of the TLS
+ * connection operations. For new tests, try to use ssl_memio first. */
+
+/* To dump the memory in gdb use
+ *   dump memory client.bin test_ctx.c_buff test_ctx.c_buff+test_ctx.c_len
+ *   dump memory server.bin test_ctx.s_buff test_ctx.s_buff+test_ctx.s_len
+ * This can be imported into Wireshark by transforming the file with
+ *   od -Ax -tx1 -v client.bin > client.bin.hex
+ *   od -Ax -tx1 -v server.bin > server.bin.hex
+ * And then loading test_output.dump.hex into Wireshark using the
+ * "Import from Hex Dump..." option ion and selecting the TCP
+ * encapsulation option.
+ */
+
+int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz, void *ctx)
+{
+    struct test_memio_ctx *test_ctx;
+    byte *buf;
+    int *len;
+
+    test_ctx = (struct test_memio_ctx*)ctx;
+
+    if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
+        buf = test_ctx->c_buff;
+        len = &test_ctx->c_len;
+    }
+    else {
+        buf = test_ctx->s_buff;
+        len = &test_ctx->s_len;
+    }
+
+    if ((unsigned)(*len + sz) > TEST_MEMIO_BUF_SZ)
+        return WOLFSSL_CBIO_ERR_WANT_WRITE;
+
+#ifdef WOLFSSL_DUMP_MEMIO_STREAM
+    {
+        char dump_file_name[64];
+        WOLFSSL_BIO *dump_file;
+        sprintf(dump_file_name, "%s/%s.dump", tmpDirName, currentTestName);
+        dump_file = wolfSSL_BIO_new_file(dump_file_name, "a");
+        if (dump_file != NULL) {
+            (void)wolfSSL_BIO_write(dump_file, data, sz);
+            wolfSSL_BIO_free(dump_file);
+        }
+    }
+#endif
+    XMEMCPY(buf + *len, data, (size_t)sz);
+    *len += sz;
+
+    return sz;
+}
+
+int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz, void *ctx)
+{
+    struct test_memio_ctx *test_ctx;
+    int read_sz;
+    byte *buf;
+    int *len;
+
+    test_ctx = (struct test_memio_ctx*)ctx;
+
+    if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
+        buf = test_ctx->s_buff;
+        len = &test_ctx->s_len;
+    }
+    else {
+        buf = test_ctx->c_buff;
+        len = &test_ctx->c_len;
+    }
+
+    if (*len == 0)
+        return WOLFSSL_CBIO_ERR_WANT_READ;
+
+    read_sz = sz < *len ? sz : *len;
+
+    XMEMCPY(data, buf, (size_t)read_sz);
+    XMEMMOVE(buf, buf + read_sz,(size_t) (*len - read_sz));
+
+    *len -= read_sz;
+
+    return read_sz;
+}
+
+int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s,
+    int max_rounds, int *rounds)
+{
+    byte handshake_complete = 0, hs_c = 0, hs_s = 0;
+    int ret, err;
+
+    if (rounds != NULL)
+        *rounds = 0;
+    while (!handshake_complete && max_rounds > 0) {
+        if (!hs_c) {
+            wolfSSL_SetLoggingPrefix("client");
+            ret = wolfSSL_connect(ssl_c);
+            wolfSSL_SetLoggingPrefix(NULL);
+            if (ret == WOLFSSL_SUCCESS) {
+                hs_c = 1;
+            }
+            else {
+                err = wolfSSL_get_error(ssl_c, ret);
+                if (err != WOLFSSL_ERROR_WANT_READ &&
+                    err != WOLFSSL_ERROR_WANT_WRITE)
+                    return -1;
+            }
+        }
+        if (!hs_s) {
+            wolfSSL_SetLoggingPrefix("server");
+            ret = wolfSSL_accept(ssl_s);
+            wolfSSL_SetLoggingPrefix(NULL);
+            if (ret == WOLFSSL_SUCCESS) {
+                hs_s = 1;
+            }
+            else {
+                err = wolfSSL_get_error(ssl_s, ret);
+                if (err != WOLFSSL_ERROR_WANT_READ &&
+                    err != WOLFSSL_ERROR_WANT_WRITE)
+                    return -1;
+            }
+        }
+        handshake_complete = hs_c && hs_s;
+        max_rounds--;
+        if (rounds != NULL)
+            *rounds = *rounds + 1;
+    }
+
+    if (!handshake_complete)
+        return -1;
+
+    return 0;
+}
+
+int test_memio_setup_ex(struct test_memio_ctx *ctx,
+    WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
+    method_provider method_c, method_provider method_s,
+    byte *caCert, int caCertSz, byte *serverCert, int serverCertSz,
+    byte *serverKey, int serverKeySz)
+{
+    int ret;
+    (void)caCert;
+    (void)caCertSz;
+    (void)serverCert;
+    (void)serverCertSz;
+    (void)serverKey;
+    (void)serverKeySz;
+
+    if (ctx_c != NULL && *ctx_c == NULL) {
+        *ctx_c = wolfSSL_CTX_new(method_c());
+        if (*ctx_c == NULL)
+            return -1;
+#ifndef NO_CERTS
+        if (caCert == NULL) {
+            ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
+        }
+        else {
+            ret = wolfSSL_CTX_load_verify_buffer(*ctx_c, caCert, (long)caCertSz,
+                                                 WOLFSSL_FILETYPE_ASN1);
+        }
+        if (ret != WOLFSSL_SUCCESS)
+            return -1;
+#endif /* NO_CERTS */
+        wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
+        wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
+        if (ctx->c_ciphers != NULL) {
+            ret = wolfSSL_CTX_set_cipher_list(*ctx_c, ctx->c_ciphers);
+            if (ret != WOLFSSL_SUCCESS)
+                return -1;
+        }
+    }
+
+    if (ctx_s != NULL && *ctx_s == NULL) {
+        *ctx_s = wolfSSL_CTX_new(method_s());
+        if (*ctx_s == NULL)
+            return -1;
+#ifndef NO_CERTS
+        if (serverKey == NULL) {
+            ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
+                WOLFSSL_FILETYPE_PEM);
+        }
+        else {
+            ret = wolfSSL_CTX_use_PrivateKey_buffer(*ctx_s, serverKey,
+                (long)serverKeySz, WOLFSSL_FILETYPE_ASN1);
+        }
+        if (ret != WOLFSSL_SUCCESS)
+            return- -1;
+
+        if (serverCert == NULL) {
+            ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile,
+                                                   WOLFSSL_FILETYPE_PEM);
+        }
+        else {
+            ret = wolfSSL_CTX_use_certificate_chain_buffer_format(*ctx_s,
+                serverCert, (long)serverCertSz, WOLFSSL_FILETYPE_ASN1);
+        }
+        if (ret != WOLFSSL_SUCCESS)
+            return -1;
+#endif /* NO_CERTS */
+        wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
+        wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
+        if (ctx->s_ciphers != NULL) {
+            ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers);
+            if (ret != WOLFSSL_SUCCESS)
+                return -1;
+        }
+    }
+
+    if (ctx_c != NULL && ssl_c != NULL) {
+        *ssl_c = wolfSSL_new(*ctx_c);
+        if (*ssl_c == NULL)
+            return -1;
+        wolfSSL_SetIOWriteCtx(*ssl_c, ctx);
+        wolfSSL_SetIOReadCtx(*ssl_c, ctx);
+    }
+    if (ctx_s != NULL && ssl_s != NULL) {
+        *ssl_s = wolfSSL_new(*ctx_s);
+        if (*ssl_s == NULL)
+            return -1;
+        wolfSSL_SetIOWriteCtx(*ssl_s, ctx);
+        wolfSSL_SetIOReadCtx(*ssl_s, ctx);
+#if !defined(NO_DH)
+        SetDH(*ssl_s);
+#endif
+    }
+
+    return 0;
+}
+
+int test_memio_setup(struct test_memio_ctx *ctx,
+    WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
+    method_provider method_c, method_provider method_s)
+{
+    return test_memio_setup_ex(ctx, ctx_c, ctx_s, ssl_c, ssl_s, method_c,
+                               method_s, NULL, 0, NULL, 0, NULL, 0);
+}
+
+#endif /* HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES */
+
diff --git a/tests/utils.h b/tests/utils.h
index ecc634e6c..75bae2cb0 100644
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -1,6 +1,6 @@
 /* utils.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,131 +18,19 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
 
 #include <wolfssl/wolfcrypt/settings.h>
-#include <tests/unit.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/test.h>
 
-#ifndef NO_FILESYSTEM
-
-#ifdef _MSC_VER
-#include <direct.h>
-#endif
-
-#define TMP_DIR_PREFIX "tmpDir-"
-/* len is length of tmpDir name, assuming
- * len does not include null terminating character */
-char* create_tmp_dir(char *tmpDir, int len)
-{
-    if (len < (int)XSTR_SIZEOF(TMP_DIR_PREFIX))
-        return NULL;
-
-    XMEMCPY(tmpDir, TMP_DIR_PREFIX, XSTR_SIZEOF(TMP_DIR_PREFIX));
-
-    if (mymktemp(tmpDir, len, len - (int)XSTR_SIZEOF(TMP_DIR_PREFIX)) == NULL)
-        return NULL;
-
-#ifdef _MSC_VER
-    if (_mkdir(tmpDir) != 0)
-        return NULL;
-#elif defined(__MINGW32__)
-    if (mkdir(tmpDir) != 0)
-        return NULL;
-#else
-    if (mkdir(tmpDir, 0700) != 0)
-        return NULL;
-#endif
-
-    return tmpDir;
-}
-
-int rem_dir(const char* dirName)
-{
-#ifdef _MSC_VER
-    if (_rmdir(dirName) != 0)
-        return -1;
-#else
-    if (rmdir(dirName) != 0)
-        return -1;
-#endif
-    return 0;
-}
-
-int rem_file(const char* fileName)
-{
-#ifdef _MSC_VER
-    if (_unlink(fileName) != 0)
-        return -1;
-#else
-    if (unlink(fileName) != 0)
-        return -1;
-#endif
-    return 0;
-}
-
-int copy_file(const char* in, const char* out)
-{
-    byte buf[100];
-    XFILE inFile = XBADFILE;
-    XFILE outFile = XBADFILE;
-    size_t sz;
-    int ret = -1;
-
-    inFile = XFOPEN(in, "rb");
-    if (inFile == XBADFILE)
-        goto cleanup;
-
-    outFile = XFOPEN(out, "wb");
-    if (outFile == XBADFILE)
-        goto cleanup;
-
-    while ((sz = XFREAD(buf, 1, sizeof(buf), inFile)) != 0) {
-        if (XFERROR(inFile))
-            goto cleanup;
-        if (XFWRITE(buf, 1, sz, outFile) != sz)
-            goto cleanup;
-        if (XFEOF(inFile))
-            break;
-    }
-
-    ret = 0;
-cleanup:
-    if (inFile != XBADFILE)
-        XFCLOSE(inFile);
-    if (outFile != XBADFILE)
-        XFCLOSE(outFile);
-    return ret;
-}
-
-#if defined(__MACH__) || defined(__FreeBSD__)
-int link_file(const char* in, const char* out)
-{
-    return link(in, out);
-}
-#endif
-#endif /* !NO_FILESYSTEM */
+#ifndef TESTS_UTILS_H
+#define TESTS_UTILS_H
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
-
-/* This set of memio functions allows for more fine tuned control of the TLS
- * connection operations. For new tests, try to use ssl_memio first. */
-
-/* To dump the memory in gdb use
- *   dump memory client.bin test_ctx.c_buff test_ctx.c_buff+test_ctx.c_len
- *   dump memory server.bin test_ctx.s_buff test_ctx.s_buff+test_ctx.s_len
- * This can be imported into Wireshark by transforming the file with
- *   od -Ax -tx1 -v client.bin > client.bin.hex
- *   od -Ax -tx1 -v server.bin > server.bin.hex
- * And then loading test_output.dump.hex into Wireshark using the
- * "Import from Hex Dump..." option ion and selecting the TCP
- * encapsulation option.
- */
-
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
+    (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13))
 #define HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES
-
 #define TEST_MEMIO_BUF_SZ (64 * 1024)
 struct test_memio_ctx
 {
@@ -153,7 +41,8 @@ struct test_memio_ctx
     int s_len;
     const char* s_ciphers;
 };
-
+int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz, void *ctx);
+int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz, void *ctx);
 int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s,
     int max_rounds, int *rounds);
 int test_memio_setup(struct test_memio_ctx *ctx,
@@ -164,280 +53,6 @@ int test_memio_setup_ex(struct test_memio_ctx *ctx,
     method_provider method_c, method_provider method_s,
     byte *caCert, int caCertSz, byte *serverCert, int serverCertSz,
     byte *serverKey, int serverKeySz);
-
-
-static WC_INLINE int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz,
-    void *ctx)
-{
-    struct test_memio_ctx *test_ctx;
-    byte *buf;
-    int *len;
-
-    test_ctx = (struct test_memio_ctx*)ctx;
-
-    if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
-        buf = test_ctx->c_buff;
-        len = &test_ctx->c_len;
-    }
-    else {
-        buf = test_ctx->s_buff;
-        len = &test_ctx->s_len;
-    }
-
-    if ((unsigned)(*len + sz) > TEST_MEMIO_BUF_SZ)
-        return WOLFSSL_CBIO_ERR_WANT_WRITE;
-
-#ifdef WOLFSSL_DUMP_MEMIO_STREAM
-    {
-        WOLFSSL_BIO *dump_file = wolfSSL_BIO_new_file("test_memio.dump", "a");
-        if (dump_file != NULL) {
-            (void)wolfSSL_BIO_write(dump_file, data, sz);
-            wolfSSL_BIO_free(dump_file);
-        }
-    }
-#endif
-    XMEMCPY(buf + *len, data, (size_t)sz);
-    *len += sz;
-
-    return sz;
-}
-
-static WC_INLINE int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz,
-    void *ctx)
-{
-    struct test_memio_ctx *test_ctx;
-    int read_sz;
-    byte *buf;
-    int *len;
-
-    test_ctx = (struct test_memio_ctx*)ctx;
-
-    if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
-        buf = test_ctx->s_buff;
-        len = &test_ctx->s_len;
-    }
-    else {
-        buf = test_ctx->c_buff;
-        len = &test_ctx->c_len;
-    }
-
-    if (*len == 0)
-        return WOLFSSL_CBIO_ERR_WANT_READ;
-
-    read_sz = sz < *len ? sz : *len;
-
-    XMEMCPY(data, buf, (size_t)read_sz);
-    XMEMMOVE(buf, buf + read_sz,(size_t) (*len - read_sz));
-
-    *len -= read_sz;
-
-    return read_sz;
-}
-
-int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s,
-    int max_rounds, int *rounds)
-{
-    byte handshake_complete = 0, hs_c = 0, hs_s = 0;
-    int ret, err;
-
-    if (rounds != NULL)
-        *rounds = 0;
-    while (!handshake_complete && max_rounds > 0) {
-        if (!hs_c) {
-            wolfSSL_SetLoggingPrefix("client");
-            ret = wolfSSL_connect(ssl_c);
-            wolfSSL_SetLoggingPrefix(NULL);
-            if (ret == WOLFSSL_SUCCESS) {
-                hs_c = 1;
-            }
-            else {
-                err = wolfSSL_get_error(ssl_c, ret);
-                if (err != WOLFSSL_ERROR_WANT_READ &&
-                    err != WOLFSSL_ERROR_WANT_WRITE)
-                    return -1;
-            }
-        }
-        if (!hs_s) {
-            wolfSSL_SetLoggingPrefix("server");
-            ret = wolfSSL_accept(ssl_s);
-            wolfSSL_SetLoggingPrefix(NULL);
-            if (ret == WOLFSSL_SUCCESS) {
-                hs_s = 1;
-            }
-            else {
-                err = wolfSSL_get_error(ssl_s, ret);
-                if (err != WOLFSSL_ERROR_WANT_READ &&
-                    err != WOLFSSL_ERROR_WANT_WRITE)
-                    return -1;
-            }
-        }
-        handshake_complete = hs_c && hs_s;
-        max_rounds--;
-        if (rounds != NULL)
-            *rounds = *rounds + 1;
-    }
-
-    if (!handshake_complete)
-        return -1;
-
-    return 0;
-}
-
-int test_memio_setup_ex(struct test_memio_ctx *ctx,
-    WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
-    method_provider method_c, method_provider method_s,
-    byte *caCert, int caCertSz, byte *serverCert, int serverCertSz,
-    byte *serverKey, int serverKeySz)
-{
-    int ret;
-    (void)caCert;
-    (void)caCertSz;
-    (void)serverCert;
-    (void)serverCertSz;
-    (void)serverKey;
-    (void)serverKeySz;
-
-    if (ctx_c != NULL && *ctx_c == NULL) {
-        *ctx_c = wolfSSL_CTX_new(method_c());
-        if (*ctx_c == NULL)
-            return -1;
-#ifndef NO_CERTS
-        if (caCert == NULL) {
-            ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
-        }
-        else {
-            ret = wolfSSL_CTX_load_verify_buffer(*ctx_c, caCert, (long)caCertSz,
-                                                 WOLFSSL_FILETYPE_ASN1);
-        }
-        if (ret != WOLFSSL_SUCCESS)
-            return -1;
-#endif /* NO_CERTS */
-        wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
-        wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
-        if (ctx->c_ciphers != NULL) {
-            ret = wolfSSL_CTX_set_cipher_list(*ctx_c, ctx->c_ciphers);
-            if (ret != WOLFSSL_SUCCESS)
-                return -1;
-        }
-    }
-
-    if (ctx_s != NULL && *ctx_s == NULL) {
-        *ctx_s = wolfSSL_CTX_new(method_s());
-        if (*ctx_s == NULL)
-            return -1;
-#ifndef NO_CERTS
-        if (serverKey == NULL) {
-            ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
-                WOLFSSL_FILETYPE_PEM);
-        }
-        else {
-            ret = wolfSSL_CTX_use_PrivateKey_buffer(*ctx_s, serverKey,
-                (long)serverKeySz, WOLFSSL_FILETYPE_ASN1);
-        }
-        if (ret != WOLFSSL_SUCCESS)
-            return- -1;
-
-        if (serverCert == NULL) {
-            ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile,
-                                                   WOLFSSL_FILETYPE_PEM);
-        }
-        else {
-            ret = wolfSSL_CTX_use_certificate_chain_buffer_format(*ctx_s,
-                serverCert, (long)serverCertSz, WOLFSSL_FILETYPE_ASN1);
-        }
-        if (ret != WOLFSSL_SUCCESS)
-            return -1;
-#endif /* NO_CERTS */
-        wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
-        wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
-        if (ctx->s_ciphers != NULL) {
-            ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers);
-            if (ret != WOLFSSL_SUCCESS)
-                return -1;
-        }
-    }
-
-    if (ctx_c != NULL && ssl_c != NULL) {
-        *ssl_c = wolfSSL_new(*ctx_c);
-        if (*ssl_c == NULL)
-            return -1;
-        wolfSSL_SetIOWriteCtx(*ssl_c, ctx);
-        wolfSSL_SetIOReadCtx(*ssl_c, ctx);
-    }
-    if (ctx_s != NULL && ssl_s != NULL) {
-        *ssl_s = wolfSSL_new(*ctx_s);
-        if (*ssl_s == NULL)
-            return -1;
-        wolfSSL_SetIOWriteCtx(*ssl_s, ctx);
-        wolfSSL_SetIOReadCtx(*ssl_s, ctx);
-#if !defined(NO_DH)
-        SetDH(*ssl_s);
-#endif
-    }
-
-    return 0;
-}
-
-int test_memio_setup(struct test_memio_ctx *ctx,
-    WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s,
-    method_provider method_c, method_provider method_s)
-{
-    return test_memio_setup_ex(ctx, ctx_c, ctx_s, ssl_c, ssl_s, method_c,
-                               method_s, NULL, 0, NULL, 0, NULL, 0);
-}
 #endif
 
-#if !defined(SINGLE_THREADED) && defined(WOLFSSL_COND)
-void signal_ready(tcp_ready* ready)
-{
-    THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond));
-    ready->ready = 1;
-    THREAD_CHECK_RET(wolfSSL_CondSignal(&ready->cond));
-    THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond));
-}
-#endif
-
-void wait_tcp_ready(func_args* args)
-{
-#if !defined(SINGLE_THREADED) && defined(WOLFSSL_COND)
-    tcp_ready* ready = args->signal;
-    THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond));
-    if (!ready->ready) {
-        THREAD_CHECK_RET(wolfSSL_CondWait(&ready->cond));
-    }
-    ready->ready = 0; /* reset */
-    THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond));
-#else
-    /* no threading wait or single threaded */
-    (void)args;
-#endif
-}
-
-#ifndef SINGLE_THREADED
-/* Start a thread.
- *
- * @param [in]  fun     Function to execute in thread.
- * @param [in]  args    Object to send to function in thread.
- * @param [out] thread  Handle to thread.
- */
-void start_thread(THREAD_CB fun, func_args* args, THREAD_TYPE* thread)
-{
-    THREAD_CHECK_RET(wolfSSL_NewThread(thread, fun, args));
-}
-
-
-/* Join thread to wait for completion.
- *
- * @param [in] thread  Handle to thread.
- */
-void join_thread(THREAD_TYPE thread)
-{
-    THREAD_CHECK_RET(wolfSSL_JoinThread(thread));
-}
-#endif /* SINGLE_THREADED */
-
-/* These correspond to WOLFSSL_SSLV3...WOLFSSL_DTLSV1_3 */
-const char* tls_desc[] = {
-    "SSLv3", "TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3",
-    "DTLSv1.0", "DTLSv1.2", "DTLSv1.3"
-};
+#endif /* TESTS_UTILS_H */
diff --git a/tests/w64wrapper.c b/tests/w64wrapper.c
index ffaa57cad..1010d23dc 100644
--- a/tests/w64wrapper.c
+++ b/tests/w64wrapper.c
@@ -1,6 +1,6 @@
 /* w64wrapper.c w64wrapper unit tests
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,11 +18,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
 
-#include <wolfssl/wolfcrypt/settings.h>
 #include <tests/unit.h>
 
 #ifdef WOLFSSL_W64_WRAPPER
diff --git a/testsuite/include.am b/testsuite/include.am
index 7b7cddd03..c96c79cbf 100644
--- a/testsuite/include.am
+++ b/testsuite/include.am
@@ -20,6 +20,7 @@ endif
 EXTRA_DIST += testsuite/testsuite.sln
 EXTRA_DIST += testsuite/testsuite.vcproj
 EXTRA_DIST += testsuite/testsuite.vcxproj
+EXTRA_DIST += testsuite/utils.h
 EXTRA_DIST += input
 EXTRA_DIST += quit
 DISTCLEANFILES+= testsuite/.libs/testsuite.test
diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c
index 3e0986e15..162338c6f 100644
--- a/testsuite/testsuite.c
+++ b/testsuite/testsuite.c
@@ -1,6 +1,6 @@
 /* testsuite.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,7 +24,14 @@
     #include <config.h>
 #endif
 
+#ifndef WOLFSSL_USER_SETTINGS
+    #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#undef OPENSSL_COEXIST /* can't use this option with this example */
+
 #include <wolfssl/wolfcrypt/types.h>
 
 #include <wolfssl/ssl.h>
@@ -45,13 +52,16 @@
 #include <examples/server/server.h>
 #include <examples/client/client.h>
 
-#include "tests/utils.h"
+#include <testsuite/utils.h>
+/* include source file to not change all the testsuite build systems */
+#include <testsuite/utils.c>
 
 #ifndef NO_SHA256
 void file_test(const char* file, byte* check);
 #endif
 
-#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(NO_TLS)
 
 #ifdef HAVE_STACK_SIZE
 static THREAD_RETURN simple_test(func_args *args);
@@ -104,6 +114,7 @@ static void *echoclient_test_wrapper(void* args) {
 int testsuite_test(int argc, char** argv)
 {
 #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(NO_TLS) && \
     (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC))
     func_args server_args;
 
@@ -406,6 +417,7 @@ cleanup:
 #endif
 
 #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
+    !defined(NO_TLS) && \
    (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC))
 /* Perform a basic TLS handshake.
  *
diff --git a/testsuite/testsuite.vcxproj b/testsuite/testsuite.vcxproj
index 958f937fa..609731732 100644
--- a/testsuite/testsuite.vcxproj
+++ b/testsuite/testsuite.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{611E8971-46E0-4D0A-B5A1-632C3B00CB80}</ProjectGuid>
@@ -64,6 +80,18 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
@@ -84,6 +112,16 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -99,6 +137,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
@@ -111,6 +155,12 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -135,6 +185,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -155,6 +215,16 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -232,6 +302,42 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -318,6 +424,48 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\examples\client\client.c" />
     <ClCompile Include="..\examples\echoclient\echoclient.c" />
diff --git a/testsuite/utils.c b/testsuite/utils.c
new file mode 100644
index 000000000..931eb2dd2
--- /dev/null
+++ b/testsuite/utils.c
@@ -0,0 +1,191 @@
+/* utils.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <testsuite/utils.h>
+#include <tests/unit.h>
+
+#ifndef NO_FILESYSTEM
+
+#if defined(_MSC_VER)
+#include <direct.h>
+#elif defined(__WATCOMC__)
+#ifdef __LINUX__
+#include <unistd.h>
+#else
+#include <direct.h>
+#endif
+#endif
+
+#define TMP_DIR_PREFIX "tmpDir-"
+/* len is length of tmpDir name, assuming
+ * len does not include null terminating character */
+char* create_tmp_dir(char *tmpDir, int len)
+{
+    if (len < (int)XSTR_SIZEOF(TMP_DIR_PREFIX))
+        return NULL;
+
+    XMEMCPY(tmpDir, TMP_DIR_PREFIX, XSTR_SIZEOF(TMP_DIR_PREFIX));
+
+    if (mymktemp(tmpDir, len, len - (int)XSTR_SIZEOF(TMP_DIR_PREFIX)) == NULL)
+        return NULL;
+
+#ifdef _MSC_VER
+    if (_mkdir(tmpDir) != 0)
+        return NULL;
+#elif defined(__MINGW32__)
+    if (mkdir(tmpDir) != 0)
+        return NULL;
+#elif defined(__WATCOMC__) && !defined(__LINUX__)
+    if (mkdir(tmpDir) != 0)
+        return NULL;
+#else
+    if (mkdir(tmpDir, 0700) != 0)
+        return NULL;
+#endif
+
+    return tmpDir;
+}
+
+int rem_dir(const char* dirName)
+{
+#ifdef _MSC_VER
+    if (_rmdir(dirName) != 0)
+        return -1;
+#else
+    if (rmdir(dirName) != 0)
+        return -1;
+#endif
+    return 0;
+}
+
+int rem_file(const char* fileName)
+{
+#ifdef _MSC_VER
+    if (_unlink(fileName) != 0)
+        return -1;
+#else
+    if (unlink(fileName) != 0)
+        return -1;
+#endif
+    return 0;
+}
+
+int copy_file(const char* in, const char* out)
+{
+    byte buf[100];
+    XFILE inFile = XBADFILE;
+    XFILE outFile = XBADFILE;
+    size_t sz;
+    int ret = -1;
+
+    inFile = XFOPEN(in, "rb");
+    if (inFile == XBADFILE)
+        goto cleanup;
+
+    outFile = XFOPEN(out, "wb");
+    if (outFile == XBADFILE)
+        goto cleanup;
+
+    while ((sz = XFREAD(buf, 1, sizeof(buf), inFile)) != 0) {
+        if (XFERROR(inFile))
+            goto cleanup;
+        if (XFWRITE(buf, 1, sz, outFile) != sz)
+            goto cleanup;
+        if (XFEOF(inFile))
+            break;
+    }
+
+    ret = 0;
+cleanup:
+    if (inFile != XBADFILE)
+        XFCLOSE(inFile);
+    if (outFile != XBADFILE)
+        XFCLOSE(outFile);
+    return ret;
+}
+
+#if defined(__MACH__) || defined(__FreeBSD__)
+int link_file(const char* in, const char* out)
+{
+    return link(in, out);
+}
+#endif
+#endif /* !NO_FILESYSTEM */
+
+#if !defined(SINGLE_THREADED) && defined(WOLFSSL_COND)
+void signal_ready(tcp_ready* ready)
+{
+    THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond));
+    ready->ready = 1;
+    THREAD_CHECK_RET(wolfSSL_CondSignal(&ready->cond));
+    THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond));
+}
+#endif
+
+void wait_tcp_ready(func_args* args)
+{
+#if !defined(SINGLE_THREADED) && defined(WOLFSSL_COND)
+    tcp_ready* ready = args->signal;
+    THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond));
+    if (!ready->ready) {
+        THREAD_CHECK_RET(wolfSSL_CondWait(&ready->cond));
+    }
+    ready->ready = 0; /* reset */
+    THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond));
+#else
+    /* no threading wait or single threaded */
+    (void)args;
+#endif
+}
+
+#ifndef SINGLE_THREADED
+/* Start a thread.
+ *
+ * @param [in]  fun     Function to execute in thread.
+ * @param [in]  args    Object to send to function in thread.
+ * @param [out] thread  Handle to thread.
+ */
+void start_thread(THREAD_CB fun, func_args* args, THREAD_TYPE* thread)
+{
+    THREAD_CHECK_RET(wolfSSL_NewThread(thread, fun, args));
+}
+
+
+/* Join thread to wait for completion.
+ *
+ * @param [in] thread  Handle to thread.
+ */
+void join_thread(THREAD_TYPE thread)
+{
+    THREAD_CHECK_RET(wolfSSL_JoinThread(thread));
+}
+#endif /* SINGLE_THREADED */
+
diff --git a/testsuite/utils.h b/testsuite/utils.h
new file mode 100644
index 000000000..696ef4d06
--- /dev/null
+++ b/testsuite/utils.h
@@ -0,0 +1,40 @@
+/* utils.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* This is a set of utility functions that are used by testsuite.c. They are
+ * also used in api.c but we want to keep the utils for testsuite.c as small
+ * as possible. */
+
+#ifndef TESTSUITE_UTILS_H
+#define TESTSUITE_UTILS_H
+
+/* Return
+ *   tmpDir on success
+ *   NULL on failure */
+char* create_tmp_dir(char* tmpDir, int len);
+/* Remaining functions return
+ * 0 on success
+ * -1 on failure */
+int rem_dir(const char* dirName);
+int rem_file(const char* fileName);
+int copy_file(const char* in, const char* out);
+
+#endif /* TESTSUITE_UTILS_H */
diff --git a/wolfcrypt/benchmark/README.md b/wolfcrypt/benchmark/README.md
index 6e2bed942..269b9af9d 100644
--- a/wolfcrypt/benchmark/README.md
+++ b/wolfcrypt/benchmark/README.md
@@ -11,9 +11,9 @@ Tool for performing cryptographic algorithm benchmarking.
 
 Compile with the following options for fixed units. Otherwise the units will auto-scale. See `-base10` parameter option, below.
 
-`-DWOLFSSL_BENCHMARK_FIXED_UNITS_GB` for GB/GiB  
-`-DWOLFSSL_BENCHMARK_FIXED_UNITS_MB` for MB/MiB  
-`-DWOLFSSL_BENCHMARK_FIXED_UNITS_KB` for KB/KiB  
+`-DWOLFSSL_BENCHMARK_FIXED_UNITS_GB` for GB/GiB
+`-DWOLFSSL_BENCHMARK_FIXED_UNITS_MB` for MB/MiB
+`-DWOLFSSL_BENCHMARK_FIXED_UNITS_KB` for KB/KiB
 `-DWOLFSSL_BENCHMARK_FIXED_UNITS_B` for Bytes
 
 To set the output to always be CSV:
diff --git a/wolfcrypt/benchmark/benchmark-VS2022.sln b/wolfcrypt/benchmark/benchmark-VS2022.sln
new file mode 100644
index 000000000..2831db510
--- /dev/null
+++ b/wolfcrypt/benchmark/benchmark-VS2022.sln
@@ -0,0 +1,87 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.11.35327.3
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{60CBE13D-37D2-4754-A1DE-788003549EDA}") = "benchmark-VS2022", "benchmark-VS2022.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "settings", "settings", "{0D4D8E54-F32D-4056-A415-2362A55972FD}"
+	ProjectSection(SolutionItems) = preProject
+		..\..\wolfssl\wolfcrypt\settings.h = ..\..\wolfssl\wolfcrypt\settings.h
+		..\..\IDE\WIN\user_settings.h = ..\..\IDE\WIN\user_settings.h
+	EndProjectSection
+EndProject
+Project("{60CBE13D-37D2-4754-A1DE-788003549EDA}") = "wolfssl-VS2022", "..\..\wolfssl-VS2022.vcxproj", "{12226DBE-7278-4DFA-A119-5A0294CF0B33}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|ARM64 = Debug|ARM64
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		DLL Debug|ARM64 = DLL Debug|ARM64
+		DLL Debug|x64 = DLL Debug|x64
+		DLL Debug|x86 = DLL Debug|x86
+		DLL Release|ARM64 = DLL Release|ARM64
+		DLL Release|x64 = DLL Release|x64
+		DLL Release|x86 = DLL Release|x86
+		Release|ARM64 = Release|ARM64
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.Build.0 = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.Build.0 = Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.Build.0 = Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.ActiveCfg = Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.Build.0 = Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.ActiveCfg = Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.Build.0 = Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.ActiveCfg = DLL Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.Build.0 = DLL Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.Build.0 = DLL Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.ActiveCfg = DLL Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.Build.0 = DLL Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.ActiveCfg = Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.Build.0 = Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.ActiveCfg = Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.Build.0 = Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.ActiveCfg = Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {667F2496-F8F1-4DBD-8AAA-78BAD16ED1BA}
+	EndGlobalSection
+EndGlobal
diff --git a/wolfcrypt/benchmark/benchmark-VS2022.vcxproj b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj
new file mode 100644
index 000000000..ce5937e29
--- /dev/null
+++ b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>17.0</VCProjectVersion>
+    <ProjectGuid>{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>17.0.35327.3</_ProjectFileVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>Debug\</OutDir>
+    <IntDir>Debug\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>Release\</OutDir>
+    <IntDir>Release\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="benchmark.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\wolfssl-VS2022.vcxproj">
+      <Project>{12226dbe-7278-4dfa-a119-5a0294cf0b33}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user
new file mode 100644
index 000000000..2219efc16
--- /dev/null
+++ b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LocalDebuggerWorkingDirectory>$(ProjectDir)../../</LocalDebuggerWorkingDirectory>
+    <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
+  </PropertyGroup>
+</Project>
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 16dc9a9c3..7c7f4702a 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -1,6 +1,6 @@
 /* benchmark.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -61,7 +61,7 @@
     #include <config.h>
 #endif
 
-#ifndef WOLFSSL_USER_SETTINGS
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
     #include <wolfssl/options.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h> /* also picks up user_settings.h */
@@ -167,13 +167,13 @@
 #ifdef HAVE_ED448
     #include <wolfssl/wolfcrypt/ed448.h>
 #endif
-#ifdef WOLFSSL_HAVE_KYBER
-    #include <wolfssl/wolfcrypt/kyber.h>
-    #ifdef WOLFSSL_WC_KYBER
-        #include <wolfssl/wolfcrypt/wc_kyber.h>
+#ifdef WOLFSSL_HAVE_MLKEM
+    #include <wolfssl/wolfcrypt/mlkem.h>
+    #ifdef WOLFSSL_WC_MLKEM
+        #include <wolfssl/wolfcrypt/wc_mlkem.h>
     #endif
-    #if defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
-        #include <wolfssl/wolfcrypt/ext_kyber.h>
+    #if defined(HAVE_LIBOQS)
+        #include <wolfssl/wolfcrypt/ext_mlkem.h>
     #endif
 #endif
 #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
@@ -220,12 +220,17 @@
     #ifdef HAVE_RENESAS_SYNC
         #include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
     #endif
+    #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+        #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+    #endif
 #endif
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     #include <wolfssl/wolfcrypt/async.h>
 #endif
 
+#include <wolfssl/wolfcrypt/cpuid.h>
+
 #ifdef USE_FLAT_BENCHMARK_H
     #include "benchmark.h"
 #else
@@ -319,6 +324,11 @@
             #error "Nano newlib formatting must not be enabled for benchmark"
         #endif
     #endif
+    #if ESP_IDF_VERSION_MAJOR >= 5
+        #define TFMT "%lu"
+    #else
+        #define TFMT "%d"
+    #endif
 
     #ifdef configTICK_RATE_HZ
         /* Define CPU clock cycles per tick of FreeRTOS clock
@@ -334,6 +344,27 @@
                 #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ configCPU_CLOCK_HZ
             #endif
         #endif
+        #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ
+            /* This section is for pre-v5 ESP-IDF */
+            #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
+            #elif defined(CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ
+            #elif defined(CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
+            #elif defined(CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
+            #elif defined(CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ)
+                #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \
+                        CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ
+            #else
+                /* TODO unsupported */
+            #endif /* older CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ */
+        #endif
         #define CPU_TICK_CYCLES (                               \
               (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) \
               / configTICK_RATE_HZ                              \
@@ -351,9 +382,12 @@
     #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
           defined(CONFIG_IDF_TARGET_ESP32C6)
         #include <esp_cpu.h>
-        #include "driver/gptimer.h"
+        #if ESP_IDF_VERSION_MAJOR >= 5
+            #include <driver/gptimer.h>
+        #endif
         #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG
             #define RESOLUTION_SCALE 100
+            /* CONFIG_XTAL_FREQ = 40, CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160  */
             static gptimer_handle_t esp_gptimer = NULL;
             static gptimer_config_t esp_timer_config = {
                 .clk_src = GPTIMER_CLK_SRC_DEFAULT,
@@ -372,6 +406,9 @@
     #elif defined(CONFIG_IDF_TARGET_ESP8266)
         /* no CPU HAL for ESP8266, we'll use RTOS tick calc estimates */
         #include <FreeRTOS.h>
+        #include <esp_system.h>
+        #include <esp_timer.h>
+        #include <xtensa/hal.h>
     #elif defined(CONFIG_IDF_TARGET_ESP32H2)
         /* TODO add ESP32-H2 benchmark support */
     #else
@@ -441,6 +478,7 @@
     #endif
 #elif defined(WOLFSSL_ZEPHYR)
     #include <stdio.h>
+    #include <stdarg.h>
     #define BENCH_EMBEDDED
     #define printf printfk
     static int printfk(const char *fmt, ...)
@@ -516,6 +554,10 @@
     #endif
 #endif
 
+#ifdef HAVE_ASCON
+    #include <wolfssl/wolfcrypt/ascon.h>
+#endif
+
 #ifdef HAVE_FIPS
     #include <wolfssl/wolfcrypt/fips_test.h>
 
@@ -527,7 +569,7 @@
                wc_GetErrorString(err));
         printf("%shash = %s\n", ok ? info_prefix : err_prefix, hash);
 
-        if (err == IN_CORE_FIPS_E) {
+        if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
             printf("%sIn core integrity hash check failure, copy above hash\n",
                    err_prefix);
             printf("%sinto verifyCore[] in fips_test.c and rebuild\n",
@@ -549,7 +591,7 @@
 #undef LIBCALL_CHECK_RET
 #if defined(NO_STDIO_FILESYSTEM) || defined(NO_ERROR_STRINGS) || \
     defined(NO_MAIN_DRIVER) || defined(BENCH_EMBEDDED)
-#define LIBCALL_CHECK_RET(...) __VA_ARGS__
+#define LIBCALL_CHECK_RET(...) (void)(__VA_ARGS__)
 #else
 #define LIBCALL_CHECK_RET(...) do {                           \
         int _libcall_ret = (__VA_ARGS__);                     \
@@ -632,6 +674,8 @@
 #define BENCH_BLAKE2B            0x00008000
 #define BENCH_BLAKE2S            0x00010000
 #define BENCH_SM3                0x00020000
+#define BENCH_ASCON_HASH256      0x00040000
+#define BENCH_ASCON_AEAD128      0x00080000
 
 /* MAC algorithms. */
 #define BENCH_CMAC               0x00000001
@@ -686,6 +730,11 @@
 #define BENCH_KYBER1024                 0x00000080
 #define BENCH_KYBER                     (BENCH_KYBER512 | BENCH_KYBER768 | \
                                          BENCH_KYBER1024)
+#define BENCH_ML_KEM_512                0x00000020
+#define BENCH_ML_KEM_768                0x00000040
+#define BENCH_ML_KEM_1024               0x00000080
+#define BENCH_ML_KEM                    (BENCH_ML_KEM_512 | BENCH_ML_KEM_768 | \
+                                         BENCH_ML_KEM_1024)
 #define BENCH_FALCON_LEVEL1_SIGN        0x00000001
 #define BENCH_FALCON_LEVEL5_SIGN        0x00000002
 #define BENCH_DILITHIUM_LEVEL2_SIGN     0x04000000
@@ -728,12 +777,13 @@
 #define BENCH_RNG                0x00000001
 #define BENCH_SCRYPT             0x00000002
 
-#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
+    (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
 /* Define AES_AUTH_ADD_SZ already here, since it's used in the
  * static declaration of `bench_Usage_msg1`. */
 #if !defined(AES_AUTH_ADD_SZ) && \
-        defined(STM32_CRYPTO) && !defined(STM32_AESGCM_PARTIAL) || \
-        defined(WOLFSSL_XILINX_CRYPT_VERSAL)
+        (defined(STM32_CRYPTO) || \
+         defined(WOLFSSL_XILINX_CRYPT_VERSAL))
     /* For STM32 use multiple of 4 to leverage crypto hardware
      * Xilinx Versal requires to use multiples of 16 bytes */
     #define AES_AUTH_ADD_SZ 16
@@ -839,6 +889,9 @@ static const bench_alg bench_cipher_opt[] = {
 #endif
 #ifndef NO_DES3
     { "-des",                BENCH_DES               },
+#endif
+#ifdef HAVE_ASCON
+    { "-ascon-aead",         BENCH_ASCON_AEAD128     },
 #endif
     { NULL, 0 }
 };
@@ -906,6 +959,9 @@ static const bench_alg bench_digest_opt[] = {
 #endif
 #ifdef HAVE_BLAKE2S
     { "-blake2s",            BENCH_BLAKE2S           },
+#endif
+#ifdef HAVE_ASCON
+    { "-ascon-hash",         BENCH_ASCON_HASH256     },
 #endif
     { NULL, 0 }
 };
@@ -1068,7 +1124,7 @@ static const bench_pq_hash_sig_alg bench_pq_hash_sig_opt[] = {
 };
 #endif /* BENCH_PQ_STATEFUL_HBS */
 
-#if defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_FALCON) || \
+#if defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_FALCON) || \
     defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)
 /* The post-quantum-specific mapping of command line option to bit values and
  * OQS name. */
@@ -1083,11 +1139,15 @@ typedef struct bench_pq_alg {
  * options. */
 static const bench_pq_alg bench_pq_asym_opt[] = {
     { "-pq",                0xffffffff },
-#ifdef WOLFSSL_HAVE_KYBER
+#ifdef WOLFSSL_HAVE_MLKEM
     { "-kyber",             BENCH_KYBER             },
     { "-kyber512",          BENCH_KYBER512          },
     { "-kyber768",          BENCH_KYBER768          },
     { "-kyber1024",         BENCH_KYBER1024         },
+    { "-ml-kem",            BENCH_ML_KEM            },
+    { "-ml-kem-512",        BENCH_ML_KEM_512        },
+    { "-ml-kem-768",        BENCH_ML_KEM_768        },
+    { "-ml-kem-1024",       BENCH_ML_KEM_1024       },
 #endif
 #if defined(HAVE_FALCON)
     { "-falcon_level1",     BENCH_FALCON_LEVEL1_SIGN },
@@ -1134,7 +1194,7 @@ static int lng_index = 0;
 
 #ifndef NO_MAIN_DRIVER
 #ifndef MAIN_NO_ARGS
-static const char* bench_Usage_msg1[][25] = {
+static const char* bench_Usage_msg1[][27] = {
     /* 0 English  */
     {   "-? <num>    Help, print this usage\n",
         "            0: English, 1: Japanese\n",
@@ -1148,6 +1208,8 @@ static const char* bench_Usage_msg1[][25] = {
         "            (if set via -aad_size) <aad_size> bytes.\n"
        ),
         "-dgst_full  Full digest operation performed.\n",
+        "-mac_final  MAC update and final operation timed.\n",
+        "-aead_set_key   Set the key as part of the timing of AEAD ciphers.\n",
         "-rsa_sign   Measure RSA sign/verify instead of encrypt/decrypt.\n",
         "<keySz> -rsa-sz\n            Measure RSA <key size> performance.\n",
         "-ffhdhe2048 Measure DH using FFDHE 2048-bit parameters.\n",
@@ -1181,6 +1243,8 @@ static const char* bench_Usage_msg1[][25] = {
         "-aad_size <num>  TBD.\n",
         "-all_aad    TBD.\n",
         "-dgst_full  フルの digest 暗号操作を実施します。\n",
+        "-mac_final  MAC update and final operation timed.\n",
+        "-aead_set_key   Set the key as part of the timing of AEAD ciphers.\n",
         "-rsa_sign   暗号/復号化の代わりに RSA の署名/検証を測定します。\n",
         "<keySz> -rsa-sz\n            RSA <key size> の性能を測定します。\n",
         "-ffhdhe2048 Measure DH using FFDHE 2048-bit parameters.\n",
@@ -1227,7 +1291,7 @@ static const char* bench_result_words1[][4] = {
     defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET)  || \
     defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \
     defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) || \
-    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM)
+    defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM)
 
 static const char* bench_desc_words[][15] = {
     /* 0           1          2         3        4        5         6            7            8          9        10        11       12          13       14 */
@@ -1435,10 +1499,16 @@ static const char* bench_result_words3[][5] = {
             thisTimerVal = thisTimerVal * RESOLUTION_SCALE;
         #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */
 
-        thisVal = esp_cpu_get_cycle_count();
+        #if ESP_IDF_VERSION_MAJOR >= 5
+            thisVal = esp_cpu_get_cycle_count();
+        #else
+            thisVal = cpu_hal_get_cycle_count();
+        #endif
 
     #elif defined(CONFIG_IDF_TARGET_ESP32H2)
         thisVal = esp_cpu_get_cycle_count();
+    #elif defined(CONFIG_IDF_TARGET_ESP8266)
+        thisVal = esp_timer_get_time();
     #else
         /* TODO: Why doesn't esp_cpu_get_cycle_count work for Xtensa?
          * Calling current_time(1) to reset time causes thisVal overflow,
@@ -1467,7 +1537,7 @@ static const char* bench_result_words3[][5] = {
             expected_diff = CPU_TICK_CYCLES * tickDiff; /* CPU expected count */
             ESP_LOGV(TAG, "CPU_TICK_CYCLES = %d", (int)CPU_TICK_CYCLES);
             ESP_LOGV(TAG, "tickCount           = %llu", tickCount);
-            ESP_LOGV(TAG, "last_tickCount      = %u",   last_tickCount);
+            ESP_LOGV(TAG, "last_tickCount      = " TFMT, last_tickCount);
             ESP_LOGV(TAG, "tickDiff            = %llu", tickDiff);
             ESP_LOGV(TAG, "expected_diff1      = %llu", expected_diff);
         }
@@ -1503,9 +1573,16 @@ static const char* bench_result_words3[][5] = {
 
             /* double check expected diff calc */
             #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-              expected_diff = (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE)
-                              * tickDiff / configTICK_RATE_HZ;
-              ESP_LOGI(TAG, "expected_diff2      = %llu", expected_diff);
+                #if  defined(CONFIG_IDF_TARGET_ESP8266)
+                    expected_diff = (CONFIG_ESP8266_DEFAULT_CPU_FREQ_MHZ
+                                     * MILLION_VALUE)
+                                     * tickDiff / configTICK_RATE_HZ;
+                #else
+                    expected_diff = (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE)
+                                    * tickDiff / configTICK_RATE_HZ;
+
+                #endif
+                ESP_LOGI(TAG, "expected_diff2      = %llu", expected_diff);
             #endif
             if (expected_diff > UINT_MAX) {
                 /* The number of cycles expected from FreeRTOS ticks is
@@ -1529,7 +1606,7 @@ static const char* bench_result_words3[][5] = {
                 ESP_LOGI(TAG, "expected_diff       = %llu", expected_diff);
                 ESP_LOGI(TAG, "tickBeginDiff       = %llu", tickBeginDiff);
 
-                ESP_LOGW(TAG,  WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
+                ESP_LOGW(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
             }
             #endif
         }
@@ -1582,7 +1659,13 @@ static const char* bench_result_words3[][5] = {
                 ESP_LOGI(TAG, "diffDiff                 = %llu", diffDiff);
                 ESP_LOGI(TAG, "_xthal_get_ccount_exDiff = %llu", _xthal_get_ccount_exDiff);
             #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */
-            _esp_cpu_count_last = esp_cpu_get_cycle_count();
+
+            #if ESP_IDF_VERSION_MAJOR >= 5
+                _esp_cpu_count_last = esp_cpu_get_cycle_count();
+            #else
+                _esp_cpu_count_last = cpu_hal_get_cycle_count();
+            #endif
+
             ESP_LOGV(TAG, "_xthal_get_ccount_last   = %llu", _esp_cpu_count_last);
         }
         #elif defined(CONFIG_IDF_TARGET_ESP32H2)
@@ -1660,7 +1743,9 @@ static const char* bench_result_words3[][5] = {
 #endif
 
 #ifdef LINUX_RUSAGE_UTIME
-    static void check_for_excessive_stime(const char *desc,
+    static void check_for_excessive_stime(const char *algo,
+                                          int strength,
+                                          const char *desc,
                                           const char *desc_extra);
 #endif
 
@@ -1669,7 +1754,7 @@ static const char* bench_result_words3[][5] = {
         || !defined(NO_DH) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_ECC) \
         || defined(HAVE_CURVE25519) || defined(HAVE_ED25519) \
         || defined(HAVE_CURVE448) || defined(HAVE_ED448) \
-        || defined(WOLFSSL_HAVE_KYBER))
+        || defined(WOLFSSL_HAVE_MLKEM))
     #define HAVE_LOCAL_RNG
     static THREAD_LS_T WC_RNG gRng;
     #define GLOBAL_RNG &gRng
@@ -1681,7 +1766,8 @@ static const char* bench_result_words3[][5] = {
     defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
     defined(HAVE_ECC) || !defined(NO_DH) || \
     !defined(NO_RSA) || defined(HAVE_SCRYPT) || \
-    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM)
+    defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \
+    defined(WOLFSSL_HAVE_LMS)
     #define BENCH_ASYM
 #endif
 
@@ -1689,7 +1775,8 @@ static const char* bench_result_words3[][5] = {
 #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
     defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
     defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
-    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM)
+    defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \
+    defined(WOLFSSL_HAVE_LMS)
 static const char* bench_result_words2[][5] = {
 #ifdef BENCH_MICROSECOND
     { "ops took", "μsec"     , "avg" , "ops/μsec", NULL },   /* 0 English
@@ -1790,7 +1877,7 @@ static const char* bench_result_words2[][5] = {
     {
         WOLF_EVENT_STATE state = asyncDev->event.state;
 
-        if (*ret == WC_PENDING_E) {
+        if (*ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
             if (state == WOLF_EVENT_STATE_DONE) {
                 *ret = asyncDev->event.ret;
                 asyncDev->event.state = WOLF_EVENT_STATE_READY;
@@ -1878,10 +1965,13 @@ static const char* bench_result_words2[][5] = {
     #define BENCH_MIN_RUNTIME_SEC   1.0F
 #endif
 
+#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
+    (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
+    static word32 aesAuthAddSz = AES_AUTH_ADD_SZ;
+#endif
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
     #define AES_AUTH_TAG_SZ 16
     #define BENCH_CIPHER_ADD AES_AUTH_TAG_SZ
-    static word32 aesAuthAddSz = AES_AUTH_ADD_SZ;
     #if !defined(AES_AAD_OPTIONS_DEFAULT)
         #if !defined(NO_MAIN_DRIVER)
             #define AES_AAD_OPTIONS_DEFAULT 0x1U
@@ -1927,6 +2017,11 @@ static const char* bench_result_words2[][5] = {
 #endif
 
 
+
+#if defined(WOLFSSL_DEVCRYPTO) && defined(WOLFSSL_AUTHSZ_BENCH)
+    #warning Large/Unalligned AuthSz could result in errors with /dev/crypto
+#endif
+
 /* use kB instead of mB for embedded benchmarking */
 #ifdef BENCH_EMBEDDED
     #ifndef BENCH_NTIMES
@@ -1966,6 +2061,8 @@ static int    numBlocks  = NUM_BLOCKS;
 static word32 bench_size = BENCH_SIZE;
 static int base2 = 1;
 static int digest_stream = 1;
+static int mac_stream = 1;
+static int aead_set_key = 0;
 #ifdef HAVE_CHACHA
 static int encrypt_only = 0;
 #endif
@@ -2232,8 +2329,9 @@ static WC_INLINE void bench_stats_start(int* count, double* start)
 
 #ifdef WOLFSSL_ESPIDF
     #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-        ESP_LOGI(TAG, "bench_stats_start total_cycles = %llu, start=" FLT_FMT,
-                       total_cycles, FLT_FMT_ARGS(*start) );
+        ESP_LOGI(TAG, "bench_stats_start total_cycles = %llu"
+                      ", start=" FLT_FMT,
+                      total_cycles, FLT_FMT_ARGS(*start) );
     #endif
     BEGIN_ESP_CYCLES
 #else
@@ -2253,12 +2351,14 @@ static WC_INLINE void bench_stats_start(int* count, double* start)
 static WC_INLINE int bench_stats_check(double start)
 {
     int ret = 0;
-    double this_current_time;
+    double this_current_time = 0.0;
     this_current_time = current_time(0); /* get the timestamp, no reset */
 
 #if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) && defined(WOLFSSL_ESPIDF)
-    ESP_LOGV(TAG, "bench_stats_check: Current time %f, start %f",
-                    this_current_time, start );
+    #if defined(WOLFSSL_ESPIDF)
+        ESP_LOGI(TAG, "bench_stats_check Current time = %f, start = %f",
+                       this_current_time, start );
+    #endif
 #endif
 
     ret = ((this_current_time - start) < BENCH_MIN_RUNTIME_SEC
@@ -2417,7 +2517,7 @@ static void bench_multi_value_stats(double max, double min, double sum,
 #endif
 
 /* countSz is number of bytes that 1 count represents. Normally bench_size,
- * except for AES direct that operates on AES_BLOCK_SIZE blocks */
+ * except for AES direct that operates on WC_AES_BLOCK_SIZE blocks */
 static void bench_stats_sym_finish(const char* desc, int useDeviceID,
                                    int count, word32 countSz,
                                    double start, int ret)
@@ -2443,7 +2543,7 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
 #endif
 
 #ifdef LINUX_RUSAGE_UTIME
-    check_for_excessive_stime(desc, "");
+    check_for_excessive_stime(desc, 0, "", "");
 #endif
 
     /* calculate actual bytes */
@@ -2645,7 +2745,8 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
 #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
     defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
     defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
-    defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM)
+    defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \
+    defined(WOLFSSL_HAVE_LMS)
 static void bench_stats_asym_finish_ex(const char* algo, int strength,
     const char* desc, const char* desc_extra, int useDeviceID, int count,
     double start, int ret)
@@ -2668,7 +2769,7 @@ static void bench_stats_asym_finish_ex(const char* algo, int strength,
     total = current_time(0) - start;
 
 #ifdef LINUX_RUSAGE_UTIME
-    check_for_excessive_stime(desc, desc_extra);
+    check_for_excessive_stime(algo, strength, desc, desc_extra);
 #endif
 
 #ifdef GENERATE_MACHINE_PARSEABLE_REPORT
@@ -2999,8 +3100,8 @@ static void* benchmarks_do(void* args)
         bench_buf_size += 16 - (bench_buf_size % 16);
 
 #ifdef WOLFSSL_AFALG_XILINX_AES
-    bench_plain = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16);
-    bench_cipher = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16);
+    bench_plain = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16); /* native heap */
+    bench_cipher = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16); /* native heap */
 #else
     bench_plain = (byte*)XMALLOC((size_t)bench_buf_size + 16,
                                  HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT);
@@ -3159,8 +3260,9 @@ static void* benchmarks_do(void* args)
     #endif
     #if ((defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) || \
          defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
-         defined(HAVE_RENESAS_SYNC)  || defined(WOLFSSL_CAAM)) && \
-        !defined(NO_HW_BENCH)
+         defined(HAVE_RENESAS_SYNC)  || defined(WOLFSSL_CAAM)) || \
+         ((defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \
+         defined(WOLF_CRYPTO_CB)) && !defined(NO_HW_BENCH)
         bench_aes_aad_options_wrap(bench_aesgcm, 1);
     #endif
     #ifndef NO_SW_BENCH
@@ -3259,6 +3361,10 @@ static void* benchmarks_do(void* args)
     #endif
     }
 #endif
+#ifdef HAVE_ASCON
+    if (bench_all || (bench_cipher_algs & BENCH_ASCON_AEAD128))
+        bench_ascon_aead();
+#endif
 #ifndef NO_MD5
     if (bench_all || (bench_digest_algs & BENCH_MD5)) {
     #ifndef NO_SW_BENCH
@@ -3432,6 +3538,10 @@ static void* benchmarks_do(void* args)
     if (bench_all || (bench_digest_algs & BENCH_BLAKE2S))
         bench_blake2s();
 #endif
+#ifdef HAVE_ASCON
+    if (bench_all || (bench_digest_algs & BENCH_ASCON_HASH256))
+        bench_ascon_hash();
+#endif
 #ifdef WOLFSSL_CMAC
     if (bench_all || (bench_mac_algs & BENCH_CMAC)) {
         bench_cmac(0);
@@ -3525,9 +3635,9 @@ static void* benchmarks_do(void* args)
         bench_scrypt();
 #endif
 
-#ifndef NO_RSA
+#if !defined(NO_RSA) && !defined(WC_NO_RNG)
 #ifndef HAVE_RENESAS_SYNC
-    #ifdef WOLFSSL_KEY_GEN
+    #if defined(WOLFSSL_KEY_GEN)
         if (bench_all || (bench_asym_algs & BENCH_RSA_KEYGEN)) {
         #ifndef NO_SW_BENCH
             if (((word32)bench_asym_algs == 0xFFFFFFFFU) ||
@@ -3547,7 +3657,7 @@ static void* benchmarks_do(void* args)
             }
         #endif
         }
-    #endif
+    #endif /* WOLFSSL_KEY_GEN */
     if (bench_all || (bench_asym_algs & BENCH_RSA)) {
     #ifndef NO_SW_BENCH
         bench_rsa(0);
@@ -3568,9 +3678,9 @@ static void* benchmarks_do(void* args)
     }
     #endif
 #endif
-#endif
+#endif /* !NO_RSA && !WC_NO_RNG */
 
-#ifndef NO_DH
+#if !defined(NO_DH) && !defined(WC_NO_RNG)
     if (bench_all || (bench_asym_algs & BENCH_DH)) {
     #ifndef NO_SW_BENCH
         bench_dh(0);
@@ -3581,23 +3691,42 @@ static void* benchmarks_do(void* args)
     }
 #endif
 
-#ifdef WOLFSSL_HAVE_KYBER
+#ifdef WOLFSSL_HAVE_MLKEM
     if (bench_all || (bench_pq_asym_algs & BENCH_KYBER)) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) {
+            bench_mlkem(WC_ML_KEM_512);
+        }
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER768)) {
+            bench_mlkem(WC_ML_KEM_768);
+        }
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        if (bench_all || (bench_pq_asym_algs & BENCH_KYBER1024)) {
+            bench_mlkem(WC_ML_KEM_1024);
+        }
+    #endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     #ifdef WOLFSSL_KYBER512
         if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) {
-            bench_kyber(KYBER512);
+            bench_mlkem(KYBER512);
         }
     #endif
     #ifdef WOLFSSL_KYBER768
         if (bench_all || (bench_pq_asym_algs & BENCH_KYBER768)) {
-            bench_kyber(KYBER768);
+            bench_mlkem(KYBER768);
         }
     #endif
     #ifdef WOLFSSL_KYBER1024
         if (bench_all || (bench_pq_asym_algs & BENCH_KYBER1024)) {
-            bench_kyber(KYBER1024);
+            bench_mlkem(KYBER1024);
         }
     #endif
+#endif
     }
 #endif
 
@@ -3633,7 +3762,7 @@ static void* benchmarks_do(void* args)
 #endif
 #endif /* if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) */
 
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
     if (bench_all || (bench_asym_algs & BENCH_ECC_MAKEKEY) ||
             (bench_asym_algs & BENCH_ECC) ||
             (bench_asym_algs & BENCH_ECC_ALL) ||
@@ -3663,7 +3792,7 @@ static void* benchmarks_do(void* args)
             #endif
 
                 if (wc_ecc_get_curve_size_from_id(curveId) !=
-                        ECC_BAD_ARG_E) {
+                        WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
                     bench_ecc_curve(curveId);
                     if (csv_format != 1) {
                         printf("\n");
@@ -3845,6 +3974,46 @@ exit:
     return NULL;
 }
 
+#if defined(HAVE_CPUID) && defined(WOLFSSL_TEST_STATIC_BUILD)
+static void print_cpu_features(void)
+{
+    word32 cpuid_flags = cpuid_get_flags();
+
+    printf("CPU: ");
+#ifdef HAVE_CPUID_INTEL
+    printf("Intel");
+#ifdef WOLFSSL_X86_64_BUILD
+    printf(" x86_64");
+#else
+    printf(" x86");
+#endif
+    printf(" -");
+    if (IS_INTEL_AVX1(cpuid_flags))   printf(" avx1");
+    if (IS_INTEL_AVX2(cpuid_flags))   printf(" avx2");
+    if (IS_INTEL_RDRAND(cpuid_flags)) printf(" rdrand");
+    if (IS_INTEL_RDSEED(cpuid_flags)) printf(" rdseed");
+    if (IS_INTEL_BMI2(cpuid_flags))   printf(" bmi2");
+    if (IS_INTEL_AESNI(cpuid_flags))  printf(" aesni");
+    if (IS_INTEL_ADX(cpuid_flags))    printf(" adx");
+    if (IS_INTEL_MOVBE(cpuid_flags))  printf(" movbe");
+    if (IS_INTEL_BMI1(cpuid_flags))   printf(" bmi1");
+    if (IS_INTEL_SHA(cpuid_flags))    printf(" sha");
+#endif
+#ifdef __aarch64__
+    printf("Aarch64 -");
+    if (IS_AARCH64_AES(cpuid_flags))    printf(" aes");
+    if (IS_AARCH64_PMULL(cpuid_flags))  printf(" pmull");
+    if (IS_AARCH64_SHA256(cpuid_flags)) printf(" sha256");
+    if (IS_AARCH64_SHA512(cpuid_flags)) printf(" sha512");
+    if (IS_AARCH64_RDM(cpuid_flags))    printf(" rdm");
+    if (IS_AARCH64_SHA3(cpuid_flags))   printf(" sha3");
+    if (IS_AARCH64_SM3(cpuid_flags))    printf(" sm3");
+    if (IS_AARCH64_SM4(cpuid_flags))    printf(" sm4");
+#endif
+    printf("\n");
+}
+#endif
+
 int benchmark_init(void)
 {
     int ret = 0;
@@ -3865,6 +4034,10 @@ int benchmark_init(void)
         return EXIT_FAILURE;
     }
 
+#if defined(HAVE_CPUID) && defined(WOLFSSL_TEST_STATIC_BUILD)
+    print_cpu_features();
+#endif
+
 #ifdef HAVE_WC_INTROSPECTION
     printf("Math: %s\n", wc_GetMathInfo());
 #endif
@@ -4339,10 +4512,12 @@ static void bench_aesgcm_internal(int useDeviceID,
             goto exit;
         }
 
-        ret = wc_AesGcmSetKey(enc[i], key, keySz);
-        if (ret != 0) {
-            printf("AesGcmSetKey failed, ret = %d\n", ret);
-            goto exit;
+        if (!aead_set_key) {
+            ret = wc_AesGcmSetKey(enc[i], key, keySz);
+            if (ret != 0) {
+                printf("AesGcmSetKey failed, ret = %d\n", ret);
+                goto exit;
+            }
         }
     }
 
@@ -4356,6 +4531,14 @@ static void bench_aesgcm_internal(int useDeviceID,
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
                 if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, numBlocks, &pending)) {
+                    if (aead_set_key) {
+                        ret = wc_AesGcmSetKey(enc[i], key, keySz);
+                        if (!bench_async_handle(&ret,
+                                                BENCH_ASYNC_GET_DEV(enc[i]), 0,
+                                                &times, &pending)) {
+                            goto exit_aes_gcm;
+                        }
+                    }
                     ret = wc_AesGcmEncrypt(enc[i], bench_cipher,
                         bench_plain, bench_size,
                         iv, ivSz, bench_tag, AES_AUTH_TAG_SZ,
@@ -4394,10 +4577,12 @@ exit_aes_gcm:
             goto exit;
         }
 
-        ret = wc_AesGcmSetKey(dec[i], key, keySz);
-        if (ret != 0) {
-            printf("AesGcmSetKey failed, ret = %d\n", ret);
-            goto exit;
+        if (!aead_set_key) {
+            ret = wc_AesGcmSetKey(dec[i], key, keySz);
+            if (ret != 0) {
+                printf("AesGcmSetKey failed, ret = %d\n", ret);
+                goto exit;
+            }
         }
     }
 
@@ -4410,6 +4595,14 @@ exit_aes_gcm:
             for (i = 0; i < BENCH_MAX_PENDING; i++) {
                 if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dec[i]), 0,
                                       &times, numBlocks, &pending)) {
+                    if (aead_set_key) {
+                        ret = wc_AesGcmSetKey(dec[i], key, keySz);
+                        if (!bench_async_handle(&ret,
+                                                BENCH_ASYNC_GET_DEV(dec[i]), 0,
+                                                &times, &pending)) {
+                            goto exit_aes_gcm_dec;
+                        }
+                    }
                     ret = wc_AesGcmDecrypt(dec[i], bench_plain,
                         bench_cipher, bench_size,
                         iv, ivSz, bench_tag, AES_AUTH_TAG_SZ,
@@ -4710,6 +4903,14 @@ void bench_gmac(int useDeviceID)
     const char* gmacStr = "GMAC Default";
 #endif
 
+/* Implementations of /Dev/Crypto will error out if the size of Auth in is */
+/* greater than the system's page size */
+#if defined(WOLFSSL_DEVCRYPTO) && defined(WOLFSSL_AUTHSZ_BENCH)
+    bench_size = WOLFSSL_AUTHSZ_BENCH;
+#elif defined(WOLFSSL_DEVCRYPTO)
+    bench_size = sysconf(_SC_PAGESIZE);
+#endif
+
     /* init keys */
     XMEMSET(bench_plain, 0, bench_size);
     XMEMSET(tag, 0, sizeof(tag));
@@ -4740,7 +4941,13 @@ void bench_gmac(int useDeviceID)
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
-
+#if defined(WOLFSSL_DEVCRYPTO)
+    if (ret != 0 && (bench_size > sysconf(_SC_PAGESIZE))) {
+        printf("authIn Buffer Size[%d] greater than System Page Size[%ld]\n",
+                        bench_size, sysconf(_SC_PAGESIZE));
+    }
+    bench_size = BENCH_SIZE;
+#endif
 }
 
 #endif /* HAVE_AESGCM */
@@ -4757,7 +4964,7 @@ static void bench_aesecb_internal(int useDeviceID,
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
 #ifdef HAVE_FIPS
-    const word32 benchSz = AES_BLOCK_SIZE;
+    const word32 benchSz = WC_AES_BLOCK_SIZE;
 #else
     const word32 benchSz = bench_size;
 #endif
@@ -5284,9 +5491,9 @@ static void bench_aessiv_internal(const byte* key, word32 keySz, const char*
 {
     int i;
     int ret = 0;
-    byte assoc[AES_BLOCK_SIZE];
-    byte nonce[AES_BLOCK_SIZE];
-    byte siv[AES_BLOCK_SIZE];
+    byte assoc[WC_AES_BLOCK_SIZE];
+    byte nonce[WC_AES_BLOCK_SIZE];
+    byte siv[WC_AES_BLOCK_SIZE];
     int count = 0;
     double start;
     DECLARE_MULTI_VALUE_STATS_VARS()
@@ -5294,8 +5501,8 @@ static void bench_aessiv_internal(const byte* key, word32 keySz, const char*
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < numBlocks; i++) {
-            ret = wc_AesSivEncrypt(key, keySz, assoc, AES_BLOCK_SIZE, nonce,
-                                   AES_BLOCK_SIZE, bench_plain, bench_size,
+            ret = wc_AesSivEncrypt(key, keySz, assoc, WC_AES_BLOCK_SIZE, nonce,
+                                   WC_AES_BLOCK_SIZE, bench_plain, bench_size,
                                    siv, bench_cipher);
             if (ret != 0) {
                 printf("wc_AesSivEncrypt failed (%d)\n", ret);
@@ -5320,8 +5527,8 @@ static void bench_aessiv_internal(const byte* key, word32 keySz, const char*
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < numBlocks; i++) {
-            ret = wc_AesSivDecrypt(key, keySz, assoc, AES_BLOCK_SIZE, nonce,
-                                   AES_BLOCK_SIZE, bench_cipher, bench_size,
+            ret = wc_AesSivDecrypt(key, keySz, assoc, WC_AES_BLOCK_SIZE, nonce,
+                                   WC_AES_BLOCK_SIZE, bench_cipher, bench_size,
                                    siv, bench_plain);
             if (ret != 0) {
                 printf("wc_AesSivDecrypt failed (%d)\n", ret);
@@ -5421,7 +5628,7 @@ void bench_poly1305(void)
 #ifdef HAVE_CAMELLIA
 void bench_camellia(void)
 {
-    Camellia cam;
+    wc_Camellia cam;
     double   start;
     int      ret, i, count;
     DECLARE_MULTI_VALUE_STATS_VARS()
@@ -5905,15 +6112,19 @@ void bench_chacha20_poly1305_aead(void)
     int    ret = 0, i, count;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
+    WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
     WC_DECLARE_VAR(authTag, byte, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, HEAP_HINT);
+    WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT);
     WC_ALLOC_VAR(authTag, byte, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, HEAP_HINT);
+    XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ);
     XMEMSET(authTag, 0, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE);
 
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < numBlocks; i++) {
-            ret = wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv, NULL, 0,
-                bench_plain, bench_size, bench_cipher, authTag);
+            ret = wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv,
+                bench_additional, aesAuthAddSz, bench_plain, bench_size,
+                bench_cipher, authTag);
             if (ret < 0) {
                 printf("wc_ChaCha20Poly1305_Encrypt error: %d\n", ret);
                 goto exit;
@@ -5935,9 +6146,71 @@ void bench_chacha20_poly1305_aead(void)
 exit:
 
     WC_FREE_VAR(authTag, HEAP_HINT);
+    WC_FREE_VAR(bench_additional, HEAP_HINT);
 }
 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
 
+#ifdef HAVE_ASCON
+
+void bench_ascon_aead(void)
+{
+#define ASCON_AD (byte*)"ADADADADAD"
+#define ASCON_AD_SZ XSTR_SIZEOF(ASCON_AD)
+    double start;
+    int    ret = 0, i, count;
+    WC_DECLARE_VAR(authTag, byte, ASCON_AEAD128_TAG_SZ, HEAP_HINT);
+    WC_DECLARE_VAR(enc, wc_AsconAEAD128, 1, HEAP_HINT);
+    DECLARE_MULTI_VALUE_STATS_VARS()
+
+    WC_ALLOC_VAR(authTag, byte, ASCON_AEAD128_TAG_SZ, HEAP_HINT);
+    XMEMSET(authTag, 0, ASCON_AEAD128_TAG_SZ);
+
+    WC_ALLOC_VAR(enc, wc_AsconAEAD128, 1, HEAP_HINT);
+    XMEMSET(enc, 0, sizeof(wc_AsconAEAD128));
+
+    bench_stats_start(&count, &start);
+    do {
+        for (i = 0; i < numBlocks; i++) {
+            ret = wc_AsconAEAD128_Init(enc);
+            if (ret == 0)
+                ret = wc_AsconAEAD128_SetKey(enc, bench_key);
+            if (ret == 0)
+                ret = wc_AsconAEAD128_SetNonce(enc, bench_iv);
+            if (ret == 0)
+                ret = wc_AsconAEAD128_SetAD(enc, ASCON_AD, ASCON_AD_SZ);
+            if (ret == 0) {
+                ret = wc_AsconAEAD128_EncryptUpdate(enc, bench_cipher,
+                        bench_plain, bench_size);
+            }
+            if (ret == 0)
+                ret = wc_AsconAEAD128_EncryptFinal(enc, authTag);
+            wc_AsconAEAD128_Clear(enc);
+
+            if (ret != 0) {
+                printf("ASCON-AEAD error: %d\n", ret);
+                goto exit;
+            }
+            RECORD_MULTI_VALUE_STATS();
+        }
+        count += i;
+    } while (bench_stats_check(start)
+#ifdef MULTI_VALUE_STATISTICS
+        || runs < minimum_runs
+#endif
+        );
+
+    bench_stats_sym_finish("ASCON-AEAD", 0, count, bench_size, start, ret);
+#ifdef MULTI_VALUE_STATISTICS
+    bench_multi_value_stats(max, min, sum, squareSum, runs);
+#endif
+
+exit:
+
+    WC_FREE_VAR(authTag, HEAP_HINT);
+    WC_FREE_VAR(enc, HEAP_HINT);
+}
+
+#endif /* HAVE_ASCON */
 
 #ifndef NO_MD5
 void bench_md5(int useDeviceID)
@@ -7831,13 +8104,71 @@ void bench_blake2s(void)
 }
 #endif
 
+#ifdef HAVE_ASCON
+void bench_ascon_hash(void)
+{
+    wc_AsconHash256 ascon;
+    byte    digest[ASCON_HASH256_SZ];
+    double  start;
+    int     ret = 0, i, count;
+
+    if (digest_stream) {
+        ret = wc_AsconHash256_Init(&ascon);
+        if (ret != 0) {
+            printf("wc_AsconHash256_Init failed, ret = %d\n", ret);
+            return;
+        }
+
+        bench_stats_start(&count, &start);
+        do {
+            for (i = 0; i < numBlocks; i++) {
+                ret = wc_AsconHash256_Update(&ascon, bench_plain, bench_size);
+                if (ret != 0) {
+                    printf("wc_AsconHash256_Update failed, ret = %d\n", ret);
+                    return;
+                }
+            }
+            ret = wc_AsconHash256_Final(&ascon, digest);
+            if (ret != 0) {
+                printf("wc_AsconHash256_Final failed, ret = %d\n", ret);
+                return;
+            }
+            count += i;
+        } while (bench_stats_check(start));
+    }
+    else {
+        bench_stats_start(&count, &start);
+        do {
+            for (i = 0; i < numBlocks; i++) {
+                ret = wc_AsconHash256_Init(&ascon);
+                if (ret != 0) {
+                    printf("wc_AsconHash256_Init failed, ret = %d\n", ret);
+                    return;
+                }
+                ret = wc_AsconHash256_Update(&ascon, bench_plain, bench_size);
+                if (ret != 0) {
+                    printf("wc_AsconHash256_Update failed, ret = %d\n", ret);
+                    return;
+                }
+                ret = wc_AsconHash256_Final(&ascon, digest);
+                if (ret != 0) {
+                    printf("wc_AsconHash256_Final failed, ret = %d\n", ret);
+                    return;
+                }
+            }
+            count += i;
+        } while (bench_stats_check(start));
+    }
+    bench_stats_sym_finish("ASCON hash", 0, count, bench_size, start, ret);
+}
+#endif
 
 #ifdef WOLFSSL_CMAC
 
 static void bench_cmac_helper(word32 keySz, const char* outMsg, int useDeviceID)
 {
     Cmac    cmac;
-    byte    digest[AES_BLOCK_SIZE];
+    byte    digest[WC_AES_BLOCK_SIZE];
     word32  digestSz = sizeof(digest);
     double  start;
     int     ret, i, count;
@@ -7996,50 +8327,89 @@ static void bench_hmac(int useDeviceID, int type, int digestSz,
         }
     }
 
-    bench_stats_start(&count, &start);
-    do {
-        for (times = 0; times < numBlocks || pending > 0; ) {
-            bench_async_poll(&pending);
-
-            /* while free pending slots in queue, submit ops */
-            for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret,
-                                      BENCH_ASYNC_GET_DEV(hmac[i]), 0,
-                                      &times, numBlocks, &pending)) {
-                    ret = wc_HmacUpdate(hmac[i], bench_plain, bench_size);
-                    if (!bench_async_handle(&ret,
-                                            BENCH_ASYNC_GET_DEV(hmac[i]),
-                                            0, &times, &pending)) {
-                        goto exit_hmac;
-                    }
-                }
-            } /* for i */
-        } /* for times */
-        count += times;
-
-        times = 0;
+    if (mac_stream) {
+        bench_stats_start(&count, &start);
         do {
-            bench_async_poll(&pending);
+            for (times = 0; times < numBlocks || pending > 0; ) {
+                bench_async_poll(&pending);
 
-            for (i = 0; i < BENCH_MAX_PENDING; i++) {
-                if (bench_async_check(&ret,
-                                      BENCH_ASYNC_GET_DEV(hmac[i]), 0,
-                                      &times, numBlocks, &pending)) {
-                    ret = wc_HmacFinal(hmac[i], digest[i]);
-                    if (!bench_async_handle(&ret,
-                                            BENCH_ASYNC_GET_DEV(hmac[i]),
-                                            0, &times, &pending)) {
-                        goto exit_hmac;
+                /* while free pending slots in queue, submit ops */
+                for (i = 0; i < BENCH_MAX_PENDING; i++) {
+                    if (bench_async_check(&ret,
+                                          BENCH_ASYNC_GET_DEV(hmac[i]), 0,
+                                          &times, numBlocks, &pending)) {
+                        ret = wc_HmacUpdate(hmac[i], bench_plain, bench_size);
+                        if (!bench_async_handle(&ret,
+                                                BENCH_ASYNC_GET_DEV(hmac[i]),
+                                                0, &times, &pending)) {
+                            goto exit_hmac;
+                        }
                     }
-                }
-                RECORD_MULTI_VALUE_STATS();
-            } /* for i */
-        } while (pending > 0);
-    } while (bench_stats_check(start)
-#ifdef MULTI_VALUE_STATISTICS
-       || runs < minimum_runs
-#endif
-       );
+                } /* for i */
+            } /* for times */
+            count += times;
+
+            times = 0;
+            do {
+                bench_async_poll(&pending);
+
+                for (i = 0; i < BENCH_MAX_PENDING; i++) {
+                    if (bench_async_check(&ret,
+                                          BENCH_ASYNC_GET_DEV(hmac[i]), 0,
+                                          &times, numBlocks, &pending)) {
+                        ret = wc_HmacFinal(hmac[i], digest[i]);
+                        if (!bench_async_handle(&ret,
+                                                BENCH_ASYNC_GET_DEV(hmac[i]),
+                                                0, &times, &pending)) {
+                            goto exit_hmac;
+                        }
+                    }
+                    RECORD_MULTI_VALUE_STATS();
+                } /* for i */
+            } while (pending > 0);
+        } while (bench_stats_check(start)
+    #ifdef MULTI_VALUE_STATISTICS
+           || runs < minimum_runs
+    #endif
+           );
+    }
+    else {
+        bench_stats_start(&count, &start);
+        do {
+            for (times = 0; times < numBlocks || pending > 0; ) {
+                bench_async_poll(&pending);
+
+                /* while free pending slots in queue, submit ops */
+                for (i = 0; i < BENCH_MAX_PENDING; i++) {
+                    if (bench_async_check(&ret,
+                                          BENCH_ASYNC_GET_DEV(hmac[i]), 0,
+                                          &times, numBlocks, &pending)) {
+                        ret = wc_HmacUpdate(hmac[i], bench_plain, bench_size);
+                        if (!bench_async_handle(&ret,
+                                                BENCH_ASYNC_GET_DEV(hmac[i]),
+                                                0, &times, &pending)) {
+                            goto exit_hmac;
+                        }
+                    }
+                    if (bench_async_check(&ret,
+                                          BENCH_ASYNC_GET_DEV(hmac[i]), 0,
+                                          &times, numBlocks, &pending)) {
+                        ret = wc_HmacFinal(hmac[i], digest[i]);
+                        if (!bench_async_handle(&ret,
+                                                BENCH_ASYNC_GET_DEV(hmac[i]),
+                                                0, &times, &pending)) {
+                            goto exit_hmac;
+                        }
+                    }
+                } /* for i */
+            } /* for times */
+            count += times;
+        } while (bench_stats_check(start)
+    #ifdef MULTI_VALUE_STATISTICS
+           || runs < minimum_runs
+    #endif
+           );
+    }
 
 exit_hmac:
     bench_stats_sym_finish(label, useDeviceID, count, bench_size, start, ret);
@@ -8268,7 +8638,7 @@ void bench_srtpkdf(void)
     bench_stats_start(&count, &start);
     PRIVATE_KEY_UNLOCK();
     do {
-        for (i = 0; i < numBlocks; i++) {
+        for (i = 0; i < numBlocks * 1000; i++) {
             ret = wc_SRTP_KDF(key, AES_128_KEY_SIZE, salt, sizeof(salt),
                 kdrIdx, index, keyE, AES_128_KEY_SIZE, keyA, sizeof(keyA),
                 keyS, sizeof(keyS));
@@ -8291,7 +8661,7 @@ void bench_srtpkdf(void)
     bench_stats_start(&count, &start);
     PRIVATE_KEY_UNLOCK();
     do {
-        for (i = 0; i < numBlocks; i++) {
+        for (i = 0; i < numBlocks * 1000; i++) {
             ret = wc_SRTP_KDF(key, AES_256_KEY_SIZE, salt, sizeof(salt),
                 kdrIdx, index, keyE, AES_256_KEY_SIZE, keyA, sizeof(keyA),
                 keyS, sizeof(keyS));
@@ -8314,7 +8684,7 @@ void bench_srtpkdf(void)
     bench_stats_start(&count, &start);
     PRIVATE_KEY_UNLOCK();
     do {
-        for (i = 0; i < numBlocks; i++) {
+        for (i = 0; i < numBlocks * 1000; i++) {
             ret = wc_SRTCP_KDF(key, AES_128_KEY_SIZE, salt, sizeof(salt),
                 kdrIdx, index, keyE, AES_128_KEY_SIZE, keyA, sizeof(keyA),
                 keyS, sizeof(keyS));
@@ -8337,7 +8707,7 @@ void bench_srtpkdf(void)
     bench_stats_start(&count, &start);
     PRIVATE_KEY_UNLOCK();
     do {
-        for (i = 0; i < numBlocks; i++) {
+        for (i = 0; i < numBlocks * 1000; i++) {
             ret = wc_SRTCP_KDF(key, AES_256_KEY_SIZE, salt, sizeof(salt),
                 kdrIdx, index, keyE, AES_256_KEY_SIZE, keyA, sizeof(keyA),
                 keyS, sizeof(keyS));
@@ -8425,10 +8795,37 @@ exit:
 void bench_rsaKeyGen(int useDeviceID)
 {
     int    k;
-#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
-    static const word32  keySizes[2] = {1024, 2048};
+
+#if !defined(RSA_MAX_SIZE) || !defined(RSA_MIN_SIZE)
+    static const word32  keySizes[2] = {1024, 2048 };
+#elif RSA_MAX_SIZE >= 4096
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) &&      \
+        (RSA_MIN_SIZE <= 1024)
+        static const word32  keySizes[4] = {1024, 2048, 3072, 4096 };
+    #else
+        static const word32  keySizes[3] = {2048, 3072, 4096};
+    #endif
+#elif RSA_MAX_SIZE >= 3072
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) &&      \
+        (RSA_MIN_SIZE <= 1024)
+        static const word32  keySizes[3] = {1024, 2048, 3072 };
+    #else
+        static const word32  keySizes[2] = {2048, 3072 };
+    #endif
+#elif RSA_MAX_SIZE >= 2048
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) &&      \
+        (RSA_MIN_SIZE <= 1024)
+        static const word32  keySizes[2] = {1024, 2048 };
+    #else
+        static const word32  keySizes[1] = {2048};
+    #endif
 #else
-    static const word32  keySizes[1] = {2048};
+    #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) &&      \
+        (RSA_MIN_SIZE <= 1024)
+        static const word32  keySizes[1] = {1024 };
+    #else
+        #error No candidate RSA key sizes to benchmark.
+    #endif
 #endif
 
     for (k = 0; k < (int)(sizeof(keySizes)/sizeof(int)); k++) {
@@ -8948,7 +9345,7 @@ void bench_rsa_key(int useDeviceID, word32 rsaKeySz)
 
             /* create the RSA key */
             ret = wc_MakeRsaKey(rsaKey[i], (int)rsaKeySz, exp, &gRng);
-            if (ret == WC_PENDING_E) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
                 isPending[i] = 1;
                 pending      = 1;
             }
@@ -8974,7 +9371,7 @@ exit:
 #endif /* !NO_RSA */
 
 
-#ifndef NO_DH
+#if !defined(NO_DH) && !defined(WC_NO_RNG)
 
 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
     !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
@@ -9129,7 +9526,8 @@ void bench_dh(int useDeviceID)
             ret = wc_DhKeyDecode(tmp, &idx, dhKey[i], (word32)bytes);
     #endif
         }
-    #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072)
+    #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072) || \
+        defined(HAVE_FFDHE_4096)
     #ifdef HAVE_PUBLIC_FFDHE
         else if (params != NULL) {
             ret = wc_DhSetKey(dhKey[i], params->p, params->p_len,
@@ -9253,18 +9651,19 @@ exit:
     WC_FREE_VAR(priv2, HEAP_HINT);
     WC_FREE_ARRAY(agree, BENCH_MAX_PENDING, HEAP_HINT);
 }
-#endif /* !NO_DH */
+#endif /* !NO_DH && !WC_NO_RNG */
 
-#ifdef WOLFSSL_HAVE_KYBER
-static void bench_kyber_keygen(int type, const char* name, int keySize,
+#ifdef WOLFSSL_HAVE_MLKEM
+static void bench_mlkem_keygen(int type, const char* name, int keySize,
     KyberKey* key)
 {
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     int ret = 0, times, count, pending = 0;
     double start;
     const char**desc = bench_desc_words[lng_index];
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    /* KYBER Make Key */
+    /* MLKEM Make Key */
     bench_stats_start(&count, &start);
     do {
         /* while free pending slots in queue, submit ops */
@@ -9274,11 +9673,13 @@ static void bench_kyber_keygen(int type, const char* name, int keySize,
             if (ret != 0)
                 goto exit;
 
-#ifdef KYBER_NONDETERMINISTIC
+#ifdef MLKEM_NONDETERMINISTIC
             ret = wc_KyberKey_MakeKey(key, &gRng);
 #else
-            unsigned char rand[KYBER_MAKEKEY_RAND_SZ] = {0,};
-            ret = wc_KyberKey_MakeKeyWithRandom(key, rand, sizeof(rand));
+            {
+                unsigned char rand[WC_ML_KEM_MAKEKEY_RAND_SZ] = {0,};
+                ret = wc_KyberKey_MakeKeyWithRandom(key, rand, sizeof(rand));
+            }
 #endif
             if (ret != 0)
                 goto exit;
@@ -9296,33 +9697,62 @@ exit:
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+#else
+   (void)type;
+   (void)name;
+   (void)keySize;
+   (void)key;
+#endif /* !WOLFSSL_MLKEM_NO_MAKE_KEY */
 }
 
-static void bench_kyber_encap(const char* name, int keySize, KyberKey* key)
+#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+static void bench_mlkem_encap(int type, const char* name, int keySize,
+    KyberKey* key1, KyberKey* key2)
 {
     int ret = 0, times, count, pending = 0;
     double start;
     const char**desc = bench_desc_words[lng_index];
-    byte ct[KYBER_MAX_CIPHER_TEXT_SIZE];
-    byte ss[KYBER_SS_SZ];
+    byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE];
+    byte ss[WC_ML_KEM_SS_SZ];
+    byte pub[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE];
+    word32 pubLen;
     word32 ctSz;
     DECLARE_MULTI_VALUE_STATS_VARS()
 
-    ret = wc_KyberKey_CipherTextSize(key, &ctSz);
+    ret = wc_KyberKey_PublicKeySize(key1, &pubLen);
+    if (ret != 0) {
+        return;
+    }
+    ret = wc_KyberKey_EncodePublicKey(key1, pub, pubLen);
+    if (ret != 0) {
+        return;
+    }
+    ret = wc_KyberKey_Init(type, key2, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0) {
+        return;
+    }
+    ret = wc_KyberKey_DecodePublicKey(key2, pub, pubLen);
     if (ret != 0) {
         return;
     }
 
-    /* KYBER Encapsulate */
+    ret = wc_KyberKey_CipherTextSize(key2, &ctSz);
+    if (ret != 0) {
+        return;
+    }
+
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
+    /* MLKEM Encapsulate */
     bench_stats_start(&count, &start);
     do {
         /* while free pending slots in queue, submit ops */
         for (times = 0; times < agreeTimes || pending > 0; times++) {
-#ifdef KYBER_NONDETERMINISTIC
-            ret = wc_KyberKey_Encapsulate(key, ct, ss, &gRng);
+#ifdef MLKEM_NONDETERMINISTIC
+            ret = wc_KyberKey_Encapsulate(key2, ct, ss, &gRng);
 #else
-            unsigned char rand[KYBER_ENC_RAND_SZ] = {0,};
-            ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, rand,
+            unsigned char rand[WC_ML_KEM_ENC_RAND_SZ] = {0,};
+            ret = wc_KyberKey_EncapsulateWithRandom(key2, ct, ss, rand,
                 sizeof(rand));
 #endif
             if (ret != 0)
@@ -9341,15 +9771,17 @@ exit_encap:
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+#endif
 
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
     RESET_MULTI_VALUE_STATS_VARS();
 
-    /* KYBER Decapsulate */
+    /* MLKEM Decapsulate */
     bench_stats_start(&count, &start);
     do {
         /* while free pending slots in queue, submit ops */
         for (times = 0; times < agreeTimes || pending > 0; times++) {
-            ret = wc_KyberKey_Decapsulate(key, ss, ct, ctSz);
+            ret = wc_KyberKey_Decapsulate(key1, ss, ct, ctSz);
             if (ret != 0)
                 goto exit_decap;
             RECORD_MULTI_VALUE_STATS();
@@ -9366,15 +9798,39 @@ exit_decap:
 #ifdef MULTI_VALUE_STATISTICS
     bench_multi_value_stats(max, min, sum, squareSum, runs);
 #endif
+#endif
 }
+#endif
 
-void bench_kyber(int type)
+void bench_mlkem(int type)
 {
-    KyberKey key;
+    KyberKey key1;
+    KyberKey key2;
     const char* name = NULL;
     int keySize = 0;
 
     switch (type) {
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_ML_KEM_512
+    case WC_ML_KEM_512:
+        name = "ML-KEM 512 ";
+        keySize = 128;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_768
+    case WC_ML_KEM_768:
+        name = "ML-KEM 768 ";
+        keySize = 192;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_1024
+    case WC_ML_KEM_1024:
+        name = "ML-KEM 1024";
+        keySize = 256;
+        break;
+#endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
 #ifdef WOLFSSL_KYBER512
     case KYBER512:
         name = "KYBER512 ";
@@ -9393,16 +9849,24 @@ void bench_kyber(int type)
         keySize = 256;
         break;
 #endif
+#endif
+    default:
+        return;
     }
 
-    bench_kyber_keygen(type, name, keySize, &key);
-    bench_kyber_encap(name, keySize, &key);
+    bench_mlkem_keygen(type, name, keySize, &key1);
+#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+    bench_mlkem_encap(type, name, keySize, &key1, &key2);
+#endif
 
-    wc_KyberKey_Free(&key);
+    wc_KyberKey_Free(&key2);
+    wc_KyberKey_Free(&key1);
 }
 #endif
 
 #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 /* WC_LMS_PARM_L2_H10_W2
  * signature length: 9300 */
 static const byte lms_priv_L2_H10_W2[64] =
@@ -9558,6 +10022,7 @@ static const byte lms_pub_L4_H5_W8[60] =
     0x85,0x1A,0x7A,0xD8,0xD5,0x46,0x74,0x3B,
     0x74,0x24,0x12,0xC8
 };
+#endif
 
 static int lms_write_key_mem(const byte* priv, word32 privSz, void* context)
 {
@@ -9718,6 +10183,7 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
     }
 
     switch (parm) {
+#ifndef WOLFSSL_NO_LMS_SHA256_256
     case WC_LMS_PARM_L2_H10_W2:
         XMEMCPY(lms_priv, lms_priv_L2_H10_W2, sizeof(lms_priv_L2_H10_W2));
         XMEMCPY(key.pub, lms_pub_L2_H10_W2, HSS_MAX_PUBLIC_KEY_LEN);
@@ -9778,6 +10244,31 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
     case WC_LMS_PARM_L4_H5_W4:
     case WC_LMS_PARM_L4_H10_W4:
     case WC_LMS_PARM_L4_H10_W8:
+#endif
+
+#ifdef WOLFSSL_LMS_SHA256_192
+    case WC_LMS_PARM_SHA256_192_L1_H5_W1:
+    case WC_LMS_PARM_SHA256_192_L1_H5_W2:
+    case WC_LMS_PARM_SHA256_192_L1_H5_W4:
+    case WC_LMS_PARM_SHA256_192_L1_H5_W8:
+    case WC_LMS_PARM_SHA256_192_L1_H10_W2:
+    case WC_LMS_PARM_SHA256_192_L1_H10_W4:
+    case WC_LMS_PARM_SHA256_192_L1_H10_W8:
+    case WC_LMS_PARM_SHA256_192_L1_H15_W2:
+    case WC_LMS_PARM_SHA256_192_L1_H15_W4:
+    case WC_LMS_PARM_SHA256_192_L1_H20_W2:
+    case WC_LMS_PARM_SHA256_192_L1_H20_W4:
+    case WC_LMS_PARM_SHA256_192_L1_H20_W8:
+    case WC_LMS_PARM_SHA256_192_L2_H10_W2:
+    case WC_LMS_PARM_SHA256_192_L2_H10_W4:
+    case WC_LMS_PARM_SHA256_192_L2_H10_W8:
+    case WC_LMS_PARM_SHA256_192_L3_H5_W2:
+    case WC_LMS_PARM_SHA256_192_L3_H5_W4:
+    case WC_LMS_PARM_SHA256_192_L3_H5_W8:
+    case WC_LMS_PARM_SHA256_192_L3_H10_W4:
+    case WC_LMS_PARM_SHA256_192_L4_H5_W8:
+#endif
+
     default:
         XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN);
         break;
@@ -9952,6 +10443,7 @@ void bench_lms(void)
 {
     byte pub[HSS_MAX_PUBLIC_KEY_LEN];
 
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 #ifdef BENCH_LMS_SLOW_KEYGEN
 #if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15)
     bench_lms_keygen(WC_LMS_PARM_L1_H15_W2, pub);
@@ -9997,6 +10489,55 @@ void bench_lms(void)
     bench_lms_keygen(WC_LMS_PARM_L1_H5_W1, pub);
     bench_lms_sign_verify(WC_LMS_PARM_L1_H5_W1, pub);
 #endif
+#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
+
+#ifdef WOLFSSL_LMS_SHA256_192
+#ifdef BENCH_LMS_SLOW_KEYGEN
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15)
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub);
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#endif
+#endif
+#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \
+        (LMS_MAX_HEIGHT >= 10))
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub);
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#ifdef BENCH_LMS_SLOW_KEYGEN
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub);
+#endif
+#endif
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3)
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub);
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub);
+    #undef LMS_PARAMS_BENCHED
+    #define LMS_PARAMS_BENCHED
+#endif
+#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \
+        (LMS_MAX_HEIGHT >= 10))
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub);
+#endif
+#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4)
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub);
+#endif
+
+#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED)
+    bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub);
+    bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub);
+#endif
+#endif /* WOLFSSL_LMS_SHA256_192 */
 
     return;
 }
@@ -10509,7 +11050,7 @@ void bench_xmss(int hash)
 }
 #endif /* if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) */
 
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
 
 /* Maximum ECC name plus null terminator:
  * "ECC   [%15s]" and "ECDHE [%15s]" and "ECDSA [%15s]" */
@@ -11402,7 +11943,7 @@ exit:
     (void)name;
 }
 #endif /* WOLFSSL_SM2 */
-#endif /* HAVE_ECC */
+#endif /* HAVE_ECC && && !defined(WC_NO_RNG) */
 
 #ifdef HAVE_CURVE25519
 void bench_curve25519KeyGen(int useDeviceID)
@@ -11474,6 +12015,21 @@ void bench_curve25519KeyAgree(int useDeviceID)
         return;
     }
 
+#ifdef WOLFSSL_CURVE25519_BLINDING
+   ret = wc_curve25519_set_rng(&genKey, &gRng);
+   if (ret != 0) {
+        wc_curve25519_free(&genKey);
+        wc_curve25519_free(&genKey2);
+        return;
+   }
+   ret = wc_curve25519_set_rng(&genKey2, &gRng);
+   if (ret != 0) {
+        wc_curve25519_free(&genKey);
+        wc_curve25519_free(&genKey2);
+        return;
+   }
+#endif
+
     /* Shared secret */
     bench_stats_start(&count, &start);
     do {
@@ -14031,7 +14587,9 @@ void bench_sphincsKeySign(byte level, byte optim)
 #if defined(_WIN32) && !defined(INTIME_RTOS)
 
     #define WIN32_LEAN_AND_MEAN
+    #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
     #include <windows.h>
+    #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
 
     double current_time(int reset)
     {
@@ -14140,8 +14698,13 @@ void bench_sphincsKeySign(byte level, byte optim)
             #ifdef __XTENSA__
                 _esp_cpu_count_last = xthal_get_ccount();
             #else
-                esp_cpu_set_cycle_count((esp_cpu_cycle_count_t)0);
-                _esp_cpu_count_last = esp_cpu_get_cycle_count();
+                #if ESP_IDF_VERSION_MAJOR >= 5
+                    esp_cpu_set_cycle_count((esp_cpu_cycle_count_t)0);
+                    _esp_cpu_count_last = esp_cpu_get_cycle_count();
+                #else
+                    cpu_hal_set_cycle_count((uint32_t)0);
+                    _esp_cpu_count_last = cpu_hal_get_cycle_count();
+                #endif
             #endif
        }
     #endif
@@ -14152,9 +14715,9 @@ void bench_sphincsKeySign(byte level, byte optim)
       typiclly in app_startup.c */
 
     #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-        ESP_LOGV(TAG, "tickCount = %d", tickCount);
+        ESP_LOGV(TAG, "tickCount = " TFMT, tickCount);
         if (tickCount == last_tickCount) {
-            ESP_LOGW(TAG, "last_tickCount unchanged? %d", tickCount);
+            ESP_LOGW(TAG, "last_tickCount unchanged?" TFMT, tickCount);
 
         }
         if (tickCount < last_tickCount) {
@@ -14164,13 +14727,13 @@ void bench_sphincsKeySign(byte level, byte optim)
 
     if (reset) {
         #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-            ESP_LOGW(TAG, "Assign last_tickCount = %d", tickCount);
+            ESP_LOGW(TAG, "Assign last_tickCount = " TFMT, tickCount);
         #endif
         last_tickCount = tickCount;
     }
     else {
         #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING
-            ESP_LOGV(TAG, "No Reset last_tickCount = %d", tickCount);
+            ESP_LOGV(TAG, "No Reset last_tickCount = " TFMT, tickCount);
         #endif
     }
 
@@ -14219,6 +14782,15 @@ void bench_sphincsKeySign(byte level, byte optim)
         return (double)tv.SECONDS + (double)tv.MILLISECONDS / 1000;
     }
 
+#elif (defined(WOLFSSL_MAX3266X_OLD) || defined(WOLFSSL_MAX3266X)) \
+            && defined(MAX3266X_RTC)
+
+    double current_time(int reset)
+    {
+        (void)reset;
+        return wc_MXC_RTC_Time();
+    }
+
 #elif defined(FREESCALE_KSDK_BM)
 
     double current_time(int reset)
@@ -14313,7 +14885,15 @@ void bench_sphincsKeySign(byte level, byte optim)
 
         return (double) ticks/TICKS_PER_SECOND;
     }
+#elif defined(WOLFSSL_RPIPICO)
+    #include "pico/stdlib.h"
 
+    double current_time(int reset)
+    {
+        (void)reset;
+
+        return (double) time_us_64() / 1000000;
+    }
 #elif defined(THREADX)
     #include "tx_api.h"
     double current_time(int reset)
@@ -14372,7 +14952,9 @@ void bench_sphincsKeySign(byte level, byte optim)
             (double)rusage.ru_utime.tv_usec / MILLION_VALUE;
     }
 
-    static void check_for_excessive_stime(const char *desc,
+    static void check_for_excessive_stime(const char *algo,
+                                          int strength,
+                                          const char *desc,
                                           const char *desc_extra)
     {
         double start_utime = (double)base_rusage.ru_utime.tv_sec +
@@ -14385,11 +14967,20 @@ void bench_sphincsKeySign(byte level, byte optim)
             (double)cur_rusage.ru_stime.tv_usec / MILLION_VALUE;
         double stime_utime_ratio =
             (cur_stime - start_stime) / (cur_utime - start_utime);
-        if (stime_utime_ratio > .1)
-            printf("%swarning, "
-                   "excessive system time ratio for %s%s (" FLT_FMT_PREC "%%).\n",
-                   err_prefix, desc, desc_extra,
-                   FLT_FMT_PREC_ARGS(3, stime_utime_ratio * 100.0));
+        if (stime_utime_ratio > .1) {
+            if (strength > 0) {
+                printf("%swarning, "
+                       "excessive system time ratio for %s-%d-%s%s (" FLT_FMT_PREC "%%).\n",
+                       err_prefix, algo, strength, desc, desc_extra,
+                       FLT_FMT_PREC_ARGS(3, stime_utime_ratio * 100.0));
+            }
+            else {
+                printf("%swarning, "
+                       "excessive system time ratio for %s%s%s (" FLT_FMT_PREC "%%).\n",
+                       err_prefix, algo, desc, desc_extra,
+                       FLT_FMT_PREC_ARGS(3, stime_utime_ratio * 100.0));
+            }
+        }
     }
 
 #elif defined(WOLFSSL_LINUXKM)
@@ -14401,8 +14992,27 @@ void bench_sphincsKeySign(byte level, byte optim)
         return (double)ns / 1000000000.0;
     }
 
+#elif defined(WOLFSSL_GAISLER_BCC)
+
+    #include <bcc/bcc.h>
+    double current_time(int reset)
+    {
+        (void)reset;
+        uint32_t us = bcc_timer_get_us();
+        return (double)us / 1000000.0;
+    }
+
+#elif defined(__WATCOMC__)
+
+    #include <time.h>
+    WC_INLINE double current_time(int reset)
+    {
+        (void)reset;
+        return ((double)clock())/CLOCKS_PER_SEC;
+    }
 #else
 
+    #include <time.h>
     #include <sys/time.h>
 
     double current_time(int reset)
@@ -14511,6 +15121,7 @@ static void Usage(void)
     e += 3;
 #endif
     printf("%s", bench_Usage_msg1[lng_index][e++]);    /* option -dgst_full */
+    printf("%s", bench_Usage_msg1[lng_index][e++]);    /* option -mca_final */
 #ifndef NO_RSA
     printf("%s", bench_Usage_msg1[lng_index][e++]);    /* option -ras_sign */
     #ifdef WOLFSSL_KEY_GEN
@@ -14559,7 +15170,7 @@ static void Usage(void)
         print_alg(bench_asym_opt[i].str, &line);
     for (i=0; bench_other_opt[i].str != NULL; i++)
         print_alg(bench_other_opt[i].str, &line);
-#if defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_FALCON) || \
+#if defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_FALCON) || \
     defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)
     for (i=0; bench_pq_asym_opt[i].str != NULL; i++)
         print_alg(bench_pq_asym_opt[i].str, &line);
@@ -14708,6 +15319,10 @@ int wolfcrypt_benchmark_main(int argc, char** argv)
 #endif
         else if (string_matches(argv[1], "-dgst_full"))
             digest_stream = 0;
+        else if (string_matches(argv[1], "-mac_final"))
+            mac_stream = 0;
+        else if (string_matches(argv[1], "-aead_set_key"))
+            aead_set_key = 1;
 #ifdef HAVE_CHACHA
         else if (string_matches(argv[1], "-enc_only"))
             encrypt_only = 1;
@@ -14838,7 +15453,7 @@ int wolfcrypt_benchmark_main(int argc, char** argv)
                     optMatched = 1;
                 }
             }
-        #if defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_FALCON) || \
+        #if defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_FALCON) || \
             defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)
             /* Known asymmetric post-quantum algorithms */
             for (i=0; !optMatched && bench_pq_asym_opt[i].str != NULL; i++) {
diff --git a/wolfcrypt/benchmark/benchmark.h b/wolfcrypt/benchmark/benchmark.h
index 5116dbe3d..8103fd506 100644
--- a/wolfcrypt/benchmark/benchmark.h
+++ b/wolfcrypt/benchmark/benchmark.h
@@ -1,6 +1,6 @@
 /* wolfcrypt/benchmark/benchmark.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -64,6 +64,7 @@ void bench_camellia(void);
 void bench_sm4_cbc(void);
 void bench_sm4_gcm(void);
 void bench_sm4_ccm(void);
+void bench_ascon_aead(void);
 void bench_md5(int useDeviceID);
 void bench_sha(int useDeviceID);
 void bench_sha224(int useDeviceID);
@@ -101,7 +102,7 @@ void bench_rsaKeyGen_size(int useDeviceID, word32 keySz);
 void bench_rsa(int useDeviceID);
 void bench_rsa_key(int useDeviceID, word32 keySz);
 void bench_dh(int useDeviceID);
-void bench_kyber(int type);
+void bench_mlkem(int type);
 void bench_lms(void);
 void bench_xmss(int hash);
 void bench_ecc_curve(int curveId);
@@ -128,6 +129,7 @@ void bench_sakke(void);
 void bench_rng(void);
 void bench_blake2b(void);
 void bench_blake2s(void);
+void bench_ascon_hash(void);
 void bench_pbkdf2(void);
 void bench_falconKeySign(byte level);
 void bench_dilithiumKeySign(byte level);
diff --git a/wolfcrypt/benchmark/include.am b/wolfcrypt/benchmark/include.am
index dc2b71c41..22cecbdae 100644
--- a/wolfcrypt/benchmark/include.am
+++ b/wolfcrypt/benchmark/include.am
@@ -23,5 +23,8 @@ endif
 
 EXTRA_DIST += wolfcrypt/benchmark/benchmark.sln
 EXTRA_DIST += wolfcrypt/benchmark/benchmark.vcproj
+EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.sln
+EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.vcxproj
+EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user
 EXTRA_DIST += wolfcrypt/benchmark/README.md
 DISTCLEANFILES+= wolfcrypt/benchmark/.libs/benchmark
diff --git a/wolfcrypt/src/ASN_TEMPLATE.md b/wolfcrypt/src/ASN_TEMPLATE.md
new file mode 100644
index 000000000..5fa3fce32
--- /dev/null
+++ b/wolfcrypt/src/ASN_TEMPLATE.md
@@ -0,0 +1,162 @@
+# Writing an ASN Template
+
+## Template
+
+A template that describes the ASN.1 items that are expected is required.
+
+Each ASN.1 item should have a named index to make it easier to choose the item
+when assigning variables or getting data.
+
+The number of items in the template is needed too. Use a define using sizeof to
+allow for modification.
+
+```c
+/* ASN template for <name of ASN.1 definition>.
+ * <RFC or standard that it comes from>
+ */
+static const ASNItem <template>[] = {
+/*  <ITEM_0> */ { <depth>, <ASN Type>, <constructed>, <header>, <optional> },
+...
+};
+/* Named indices for <template>. */
+enum {
+    <TEMPLATE>_<ITEM_0> = 0,
+    <TEMPLATE>_<ITEM_1>,
+    ...
+};
+/* Number of items in <template>. */
+#define <template>_Length (sizeof(<template>) / sizeof(ASNItem))
+```
+
+## Examples of ASN.1 items
+
+### Sequence
+
+This is a sequence at depth 0 and want to parse the contents.
+
+ASN.1 description would be something like:
+```
+  RSASSA-PSS-params ::= SEQUENCE {
+```
+
+```c
+    { 0, ASN_SEQUENCE, 1, 1, 0 },
+```
+
+To skip over the contents of the sequence, set the header to 0 indicating that
+the next item to parse will be this level or higher.
+
+```c
+    { 0, ASN_SEQUENCE, 1, 0, 0 },
+```
+
+### Simple types
+
+An INTEGER at depth 1.
+
+ASN.1 description would be something like:
+```
+  prime    INTEGER,
+```
+
+```c
+        { 1, ASN_INTEGER, 0, 0, 1 },
+```
+
+An OCTET_STRING at depth 1 but stop after header in order to parse contents:
+
+ASN.1 description would be something like:
+```
+  digest   OCTET STRING
+```
+
+```c
+        { 1, ASN_COTET_STRING, 0, 1, 0 },
+```
+
+### Context Specific
+
+Content specific ASN.1 items need the value associated with them.
+
+This is a constructed ASN.1 Content Specific item of 1 that is optional.
+
+ASN.1 description would be something like:
+```
+  maskGenAlgorithm  [1] MaskGeneration Default mgf1SHA1
+```
+
+
+```c
+        { 1, ASN_CONTENT_SPECIFIC | 1, 1, 1, 1 },
+```
+
+### Optional items
+
+An optional boolean (like criticality of a certificate extension):
+
+ASN.1 description would be something like:
+```
+  critical    BOOLEAN DEFAULT FALSE,
+```
+
+```c
+        { 1, ASN_BOOLEAN, 0, 0, 1 },
+```
+
+### Choice
+
+Next ASN.1 item, at depth 2, is one of multiple types:
+
+```c
+            { 2, ASN_TAG_NULL, 0, 0, 2 },
+            { 2, ASN_OBJECT_ID, 0, 0, 2 },
+            { 2, ASN_SEQUENCE, 1, 0, 2 },
+```
+
+Note, use the optional value to uniquely identify the choices.
+
+
+
+# Decoding function outline
+
+An outline of a decoding function:
+
+```c
+#include <wolfssl/wolfcrypt/asn.h>
+
+...
+
+static int Decode<Something>(const byte* input, int sz, <Object Type* <obj>)
+{
+    DECL_ASNGETDATA(dataASN, <template>_Length);
+    int ret = 0;
+    /* Declare variables to parse data into. For example:
+     *   word32 idx = 0;
+     *   byte isCA = 0;
+     */
+
+    CALLOC_ASNGETDATA(dataASN, <template>_Length, ret, <obj>->heap);
+
+    if (ret == 0) {
+        /* Set any variables to be filled in by the parser. For example:
+         *  GetASN_Boolean(&dataASN[BASICCONSASN_IDX_CA], &isCA);
+         *  GetASN_Int8Bit(&dataASN[BASICCONSASN_IDX_PLEN], &<obj>->pathLength);
+         */
+
+        /* Decode the ASN.1 DER. */
+        ret = GetASN_Items(<template>, dataASN, <template>_Length, 1, input,
+                           &idx, (word32)sz);
+    }
+
+    if (ret == 0) {
+        /* Check data in variables is valid. */
+    }
+    if (ret == 0) {
+        /* Put data in variables into object. */
+    }
+
+    FREE_ASNGETDATA(dataASN, <obj>->heap);
+    return ret;
+}
+```
+
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index e3afa4a92..007d77ba7 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -1,6 +1,6 @@
 /* aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,12 +28,8 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 192-bits, and 256-bits of key sizes.
 
 */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
 
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if !defined(NO_AES)
 
@@ -82,12 +78,21 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #include <wolfssl/wolfcrypt/port/psa/psa.h>
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#ifdef MAX3266X_CB
+    /* Revert back to SW so HW CB works */
+    /* HW only works for AES: ECB, CBC, and partial via ECB for other modes */
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+    /* Turn off MAX3266X_AES in the context of this file when using CB */
+    #undef MAX3266X_AES
+#endif
+#endif
+
 #if defined(WOLFSSL_TI_CRYPT)
     #include <wolfcrypt/src/port/ti/ti-aes.c>
 #else
 
-#include <wolfssl/wolfcrypt/logging.h>
-
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -95,7 +100,8 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #include <wolfcrypt/src/misc.c>
 #endif
 
-#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM)
+#if (!defined(WOLFSSL_ARMASM) || defined(__aarch64__)) && \
+    !defined(WOLFSSL_RISCV_ASM)
 
 #ifdef WOLFSSL_IMX6_CAAM_BLOB
     /* case of possibly not using hardware acceleration for AES but using key
@@ -112,7 +118,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #pragma warning(disable: 4127)
 #endif
 
-#if FIPS_VERSION3_GE(6,0,0)
+#if !defined(WOLFSSL_ARMASM) && FIPS_VERSION3_GE(6,0,0)
     const unsigned int wolfCrypt_FIPS_aes_ro_sanity[2] =
                                                      { 0x1a2b3c4d, 0x00000002 };
     int wolfCrypt_FIPS_AES_sanity(void)
@@ -163,13 +169,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         HAL_CRYP_Init(&hcryp);
 
     #if defined(STM32_HAL_V2)
-        ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE,
+        ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, WC_AES_BLOCK_SIZE,
             (uint32_t*)outBlock, STM32_HAL_TIMEOUT);
     #elif defined(STM32_CRYPTO_AES_ONLY)
-        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
+        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE,
             outBlock, STM32_HAL_TIMEOUT);
     #else
-        ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
+        ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE,
             outBlock, STM32_HAL_TIMEOUT);
     #endif
         if (ret != HAL_OK) {
@@ -264,13 +270,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         HAL_CRYP_Init(&hcryp);
 
     #if defined(STM32_HAL_V2)
-        ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE,
+        ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, WC_AES_BLOCK_SIZE,
             (uint32_t*)outBlock, STM32_HAL_TIMEOUT);
     #elif defined(STM32_CRYPTO_AES_ONLY)
-        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
+        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE,
             outBlock, STM32_HAL_TIMEOUT);
     #else
-        ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE,
+        ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE,
             outBlock, STM32_HAL_TIMEOUT);
     #endif
         if (ret != HAL_OK) {
@@ -340,7 +346,6 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #elif defined(HAVE_COLDFIRE_SEC)
     /* Freescale Coldfire SEC support for CBC mode.
      * NOTE: no support for AES-CTR/GCM/CCM/Direct */
-    #include <wolfssl/wolfcrypt/types.h>
     #include "sec.h"
     #include "mcf5475_sec.h"
     #include "mcf5475_siu.h"
@@ -368,7 +373,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #endif
 
             if (wolfSSL_CryptHwMutexLock() == 0) {
-                LTC_AES_EncryptEcb(LTC_BASE, inBlock, outBlock, AES_BLOCK_SIZE,
+                LTC_AES_EncryptEcb(LTC_BASE, inBlock, outBlock, WC_AES_BLOCK_SIZE,
                     key, keySize);
                 wolfSSL_CryptHwMutexUnLock();
             }
@@ -391,7 +396,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #endif
 
             if (wolfSSL_CryptHwMutexLock() == 0) {
-                LTC_AES_DecryptEcb(LTC_BASE, inBlock, outBlock, AES_BLOCK_SIZE,
+                LTC_AES_DecryptEcb(LTC_BASE, inBlock, outBlock, WC_AES_BLOCK_SIZE,
                     key, keySize, kLTC_EncryptKey);
                 wolfSSL_CryptHwMutexUnLock();
             }
@@ -482,7 +487,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #endif
         /* Thread mutex protection handled in Pic32Crypto */
         return wc_Pic32AesCrypt(aes->key, aes->keylen, NULL, 0,
-            outBlock, inBlock, AES_BLOCK_SIZE,
+            outBlock, inBlock, WC_AES_BLOCK_SIZE,
             PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RECB);
     }
     #endif
@@ -500,7 +505,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 #endif
         /* Thread mutex protection handled in Pic32Crypto */
         return wc_Pic32AesCrypt(aes->key, aes->keylen, NULL, 0,
-            outBlock, inBlock, AES_BLOCK_SIZE,
+            outBlock, inBlock, WC_AES_BLOCK_SIZE,
             PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RECB);
     }
     #endif
@@ -776,6 +781,27 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         }
     #endif /* HAVE_AES_DECRYPT */
 
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+
+    #define NEED_AES_TABLES
+
+    static int checkedCpuIdFlags = 0;
+    static word32 cpuid_flags = 0;
+
+    static void Check_CPU_support_HwCrypto(Aes* aes)
+    {
+        if (checkedCpuIdFlags == 0) {
+            cpuid_flags = cpuid_get_flags();
+            checkedCpuIdFlags = 1;
+        }
+        aes->use_aes_hw_crypto = IS_AARCH64_AES(cpuid_flags);
+    #ifdef HAVE_AESGCM
+        aes->use_pmull_hw_crypto = IS_AARCH64_PMULL(cpuid_flags);
+        aes->use_sha3_hw_crypto = IS_AARCH64_SHA3(cpuid_flags);
+    #endif
+    }
+
 #elif (defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES) \
         && !defined(WOLFSSL_QNX_CAAM)) || \
       ((defined(WOLFSSL_AFALG) || defined(WOLFSSL_DEVCRYPTO_AES)) && \
@@ -940,7 +966,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
                 return ret;
         }
 #endif
-        return AES_ECB_encrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
+        return AES_ECB_encrypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE);
     }
     #endif
 
@@ -955,7 +981,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
                 return ret;
         }
 #endif
-        return AES_ECB_decrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
+        return AES_ECB_decrypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE);
     }
     #endif
 
@@ -1934,8 +1960,8 @@ static word32 GetTable8_4(const byte* t, byte o0, byte o1, byte o2, byte o3)
 static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
         word32 r)
 {
-    word32 s0, s1, s2, s3;
-    word32 t0, t1, t2, t3;
+    word32 s0 = 0, s1 = 0, s2 = 0, s3 = 0;
+    word32 t0 = 0, t1 = 0, t2 = 0, t3 = 0;
     const word32* rk;
 
 #ifdef WC_C_DYNAMIC_FALLBACK
@@ -2205,7 +2231,8 @@ static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 }
 
 #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \
-    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM))
+    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) && \
+    !defined(MAX3266X_AES)
 /* Encrypt a number of blocks using AES.
  *
  * @param [in]  aes  AES object.
@@ -2217,10 +2244,10 @@ static void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 {
     word32 i;
 
-    for (i = 0; i < sz; i += AES_BLOCK_SIZE) {
+    for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
         AesEncrypt_C(aes, in, out, aes->rounds >> 1);
-        in += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 }
 #endif
@@ -2680,18 +2707,18 @@ static void bs_set_key(bs_word* rk, const byte* key, word32 keyLen,
     word32 rounds)
 {
     int i;
-    byte bs_key[15 * AES_BLOCK_SIZE];
-    int ksSz = (rounds + 1) * AES_BLOCK_SIZE;
+    byte bs_key[15 * WC_AES_BLOCK_SIZE];
+    int ksSz = (rounds + 1) * WC_AES_BLOCK_SIZE;
     bs_word block[AES_BLOCK_BITS];
 
     /* Fist round. */
     XMEMCPY(bs_key, key, keyLen);
     bs_expand_key(bs_key, ksSz);
 
-    for (i = 0; i < ksSz; i += AES_BLOCK_SIZE) {
+    for (i = 0; i < ksSz; i += WC_AES_BLOCK_SIZE) {
         int k;
 
-        XMEMCPY(block, bs_key + i, AES_BLOCK_SIZE);
+        XMEMCPY(block, bs_key + i, WC_AES_BLOCK_SIZE);
         for (k = BS_BLOCK_WORDS; k < AES_BLOCK_BITS; k += BS_BLOCK_WORDS) {
             int l;
             for (l = 0; l < BS_BLOCK_WORDS; l++) {
@@ -2739,12 +2766,12 @@ static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 
     (void)r;
 
-    XMEMCPY(state, inBlock, AES_BLOCK_SIZE);
-    XMEMSET(((byte*)state) + AES_BLOCK_SIZE, 0, sizeof(state) - AES_BLOCK_SIZE);
+    XMEMCPY(state, inBlock, WC_AES_BLOCK_SIZE);
+    XMEMSET(((byte*)state) + WC_AES_BLOCK_SIZE, 0, sizeof(state) - WC_AES_BLOCK_SIZE);
 
     bs_encrypt(state, aes->bs_key, aes->rounds);
 
-    XMEMCPY(outBlock, state, AES_BLOCK_SIZE);
+    XMEMCPY(outBlock, state, WC_AES_BLOCK_SIZE);
 }
 
 #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \
@@ -2789,6 +2816,12 @@ extern void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz);
 static WARN_UNUSED_RESULT int wc_AesEncrypt(
     Aes* aes, const byte* inBlock, byte* outBlock)
 {
+#if defined(MAX3266X_AES)
+    word32 keySize;
+#endif
+#if defined(MAX3266X_CB)
+    int ret_cb;
+#endif
     word32 r;
 
     if (aes == NULL) {
@@ -2820,13 +2853,13 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
             printf("out = %p\n", outBlock);
             printf("aes->key = %p\n", aes->key);
             printf("aes->rounds = %d\n", aes->rounds);
-            printf("sz = %d\n", AES_BLOCK_SIZE);
+            printf("sz = %d\n", WC_AES_BLOCK_SIZE);
         #endif
 
         /* check alignment, decrypt doesn't need alignment */
         if ((wc_ptr_t)inBlock % AESNI_ALIGN) {
         #ifndef NO_WOLFSSL_ALLOC_ALIGN
-            byte* tmp = (byte*)XMALLOC(AES_BLOCK_SIZE + AESNI_ALIGN, aes->heap,
+            byte* tmp = (byte*)XMALLOC(WC_AES_BLOCK_SIZE + AESNI_ALIGN, aes->heap,
                                                       DYNAMIC_TYPE_TMP_BUFFER);
             byte* tmp_align;
             if (tmp == NULL)
@@ -2834,10 +2867,10 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
 
             tmp_align = tmp + (AESNI_ALIGN - ((wc_ptr_t)tmp % AESNI_ALIGN));
 
-            XMEMCPY(tmp_align, inBlock, AES_BLOCK_SIZE);
-            AES_ECB_encrypt_AESNI(tmp_align, tmp_align, AES_BLOCK_SIZE,
+            XMEMCPY(tmp_align, inBlock, WC_AES_BLOCK_SIZE);
+            AES_ECB_encrypt_AESNI(tmp_align, tmp_align, WC_AES_BLOCK_SIZE,
                     (byte*)aes->key, (int)aes->rounds);
-            XMEMCPY(outBlock, tmp_align, AES_BLOCK_SIZE);
+            XMEMCPY(outBlock, tmp_align, WC_AES_BLOCK_SIZE);
             XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
             return 0;
         #else
@@ -2847,7 +2880,7 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
         #endif
         }
 
-        AES_ECB_encrypt_AESNI(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key,
+        AES_ECB_encrypt_AESNI(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key,
                         (int)aes->rounds);
 
         return 0;
@@ -2857,22 +2890,29 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
             printf("Skipping AES-NI\n");
         #endif
     }
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+      !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto) {
+        AES_encrypt_AARCH64(inBlock, outBlock, (byte*)aes->key,
+            (int)aes->rounds);
+        return 0;
+    }
 #endif /* WOLFSSL_AESNI */
 #if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
-    AES_ECB_encrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
+    AES_ECB_encrypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE);
     return 0;
 #endif
 
 #if defined(WOLFSSL_IMXRT_DCP)
     if (aes->keylen == 16) {
-        DCPAesEcbEncrypt(aes, outBlock, inBlock, AES_BLOCK_SIZE);
+        DCPAesEcbEncrypt(aes, outBlock, inBlock, WC_AES_BLOCK_SIZE);
         return 0;
     }
 #endif
 
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
     if (aes->useSWCrypt == 0) {
-        return se050_aes_crypt(aes, inBlock, outBlock, AES_BLOCK_SIZE,
+        return se050_aes_crypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE,
                                AES_ENCRYPTION, kAlgorithm_SSS_AES_ECB);
     }
 #endif
@@ -2892,6 +2932,26 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
     }
 #endif
 
+#if defined(MAX3266X_AES)
+    if (wc_AesGetKeySize(aes, &keySize) == 0) {
+        return wc_MXC_TPU_AesEncrypt(inBlock, (byte*)aes->reg, (byte*)aes->key,
+                                    MXC_TPU_MODE_ECB, WC_AES_BLOCK_SIZE,
+                                    outBlock, (unsigned int)keySize);
+    }
+#endif
+#if defined(MAX3266X_CB) && defined(HAVE_AES_ECB) /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        ret_cb = wc_CryptoCb_AesEcbEncrypt(aes, outBlock, inBlock,
+                                            WC_AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret_cb;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AesEncrypt_C(aes, inBlock, outBlock, r);
 
     return 0;
@@ -2949,8 +3009,8 @@ static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTd4(void)
 static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
     word32 r)
 {
-    word32 s0, s1, s2, s3;
-    word32 t0, t1, t2, t3;
+    word32 s0 = 0, s1 = 0, s2 = 0, s3 = 0;
+    word32 t0 = 0, t1 = 0, t2 = 0, t3 = 0;
     const word32* rk;
 
 #ifdef WC_C_DYNAMIC_FALLBACK
@@ -3172,7 +3232,8 @@ static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 }
 
 #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \
-    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM))
+    !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) && \
+    !defined(MAX3266X_AES)
 /* Decrypt a number of blocks using AES.
  *
  * @param [in]  aes  AES object.
@@ -3184,10 +3245,10 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 {
     word32 i;
 
-    for (i = 0; i < sz; i += AES_BLOCK_SIZE) {
+    for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
         AesDecrypt_C(aes, in, out, aes->rounds >> 1);
-        in += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 }
 #endif
@@ -3493,12 +3554,12 @@ static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 
     (void)r;
 
-    XMEMCPY(state, inBlock, AES_BLOCK_SIZE);
-    XMEMSET(((byte*)state) + AES_BLOCK_SIZE, 0, sizeof(state) - AES_BLOCK_SIZE);
+    XMEMCPY(state, inBlock, WC_AES_BLOCK_SIZE);
+    XMEMSET(((byte*)state) + WC_AES_BLOCK_SIZE, 0, sizeof(state) - WC_AES_BLOCK_SIZE);
 
     bs_decrypt(state, aes->bs_key, aes->rounds);
 
-    XMEMCPY(outBlock, state, AES_BLOCK_SIZE);
+    XMEMCPY(outBlock, state, WC_AES_BLOCK_SIZE);
 }
 #endif
 
@@ -3539,6 +3600,12 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 static WARN_UNUSED_RESULT int wc_AesDecrypt(
     Aes* aes, const byte* inBlock, byte* outBlock)
 {
+#if defined(MAX3266X_AES)
+    word32 keySize;
+#endif
+#if defined(MAX3266X_CB)
+    int ret_cb;
+#endif
     word32 r;
 
     if (aes == NULL) {
@@ -3570,13 +3637,13 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
             printf("out = %p\n", outBlock);
             printf("aes->key = %p\n", aes->key);
             printf("aes->rounds = %d\n", aes->rounds);
-            printf("sz = %d\n", AES_BLOCK_SIZE);
+            printf("sz = %d\n", WC_AES_BLOCK_SIZE);
         #endif
 
         /* if input and output same will overwrite input iv */
         if ((const byte*)aes->tmp != inBlock)
-            XMEMCPY(aes->tmp, inBlock, AES_BLOCK_SIZE);
-        AES_ECB_decrypt_AESNI(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key,
+            XMEMCPY(aes->tmp, inBlock, WC_AES_BLOCK_SIZE);
+        AES_ECB_decrypt_AESNI(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key,
                         (int)aes->rounds);
         return 0;
     }
@@ -3585,19 +3652,26 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
             printf("Skipping AES-NI\n");
         #endif
     }
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+      !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto) {
+        AES_decrypt_AARCH64(inBlock, outBlock, (byte*)aes->key,
+            (int)aes->rounds);
+        return 0;
+    }
 #endif /* WOLFSSL_AESNI */
 #if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
-    return AES_ECB_decrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
+    return AES_ECB_decrypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE);
 #endif
 #if defined(WOLFSSL_IMXRT_DCP)
     if (aes->keylen == 16) {
-        DCPAesEcbDecrypt(aes, outBlock, inBlock, AES_BLOCK_SIZE);
+        DCPAesEcbDecrypt(aes, outBlock, inBlock, WC_AES_BLOCK_SIZE);
         return 0;
     }
 #endif
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
     if (aes->useSWCrypt == 0) {
-        return se050_aes_crypt(aes, inBlock, outBlock, AES_BLOCK_SIZE,
+        return se050_aes_crypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE,
                                AES_DECRYPTION, kAlgorithm_SSS_AES_ECB);
     }
 #endif
@@ -3615,6 +3689,27 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
     } /* else !wc_esp32AesSupportedKeyLen for ESP32 */
 #endif
 
+#if defined(MAX3266X_AES)
+    if (wc_AesGetKeySize(aes, &keySize) == 0) {
+        return wc_MXC_TPU_AesDecrypt(inBlock, (byte*)aes->reg, (byte*)aes->key,
+                                    MXC_TPU_MODE_ECB, WC_AES_BLOCK_SIZE,
+                                    outBlock, (unsigned int)keySize);
+    }
+#endif
+
+#if defined(MAX3266X_CB) && defined(HAVE_AES_ECB) /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        ret_cb = wc_CryptoCb_AesEcbDecrypt(aes, outBlock, inBlock,
+                                            WC_AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret_cb;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AesDecrypt_C(aes, inBlock, outBlock, r);
 
     return 0;
@@ -3660,8 +3755,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
     #if !defined(WOLFSSL_STM32_CUBEMX) || defined(STM32_HAL_V2)
         ByteReverseWords(rk, rk, keylen);
     #endif
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
         return wc_AesSetIV(aes, iv);
@@ -3680,7 +3775,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         extern TX_BYTE_POOL mp_ncached;  /* Non Cached memory pool */
     #endif
 
-    #define AES_BUFFER_SIZE (AES_BLOCK_SIZE * 64)
+    #define AES_BUFFER_SIZE (WC_AES_BLOCK_SIZE * 64)
     static unsigned char *AESBuffIn = NULL;
     static unsigned char *AESBuffOut = NULL;
     static byte *secReg;
@@ -3707,9 +3802,9 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
             s2 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffOut,
                                   AES_BUFFER_SIZE, TX_NO_WAIT);
             s3 = tx_byte_allocate(&mp_ncached, (void *)&secKey,
-                                  AES_BLOCK_SIZE*2, TX_NO_WAIT);
+                                  WC_AES_BLOCK_SIZE*2, TX_NO_WAIT);
             s4 = tx_byte_allocate(&mp_ncached, (void *)&secReg,
-                                  AES_BLOCK_SIZE, TX_NO_WAIT);
+                                  WC_AES_BLOCK_SIZE, TX_NO_WAIT);
 
             if (s1 || s2 || s3 || s4 || s5)
                 return BAD_FUNC_ARG;
@@ -3739,10 +3834,10 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         XMEMCPY(aes->key, userKey, keylen);
 
         if (iv)
-            XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -3772,8 +3867,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         aes->rounds = keylen/4 + 6;
         XMEMCPY(aes->key, userKey, keylen);
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -3824,8 +3919,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         if (rk == NULL)
             return BAD_FUNC_ARG;
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -3905,8 +4000,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         XMEMCPY(aes->key, userKey, keylen);
         ret = nrf51_aes_set_key(userKey);
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -3962,7 +4057,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         aes->rounds = keylen/4 + 6;
 
         XMEMCPY(aes->key, userKey, keylen);
-        #if defined(WOLFSSL_AES_COUNTER)
+        #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+            defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
             aes->left = 0;
         #endif
         return wc_AesSetIV(aes, iv);
@@ -4036,9 +4132,9 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
         ret = wc_AesSetIV(aes, iv);
 
         if (iv)
-            XMEMCPY(iv_aes, iv, AES_BLOCK_SIZE);
+            XMEMCPY(iv_aes, iv, WC_AES_BLOCK_SIZE);
         else
-            XMEMSET(iv_aes,  0, AES_BLOCK_SIZE);
+            XMEMSET(iv_aes,  0, WC_AES_BLOCK_SIZE);
 
 
         ret = SaSi_AesSetIv(&aes->ctx.user_ctx, iv_aes);
@@ -4103,7 +4199,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 
     XMEMCPY(rk, key, keySz);
 #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
-    (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES))
+    (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) && \
+    !defined(MAX3266X_AES)
     /* Always reverse words when using only SW */
     {
         ByteReverseWords(rk, rk, keySz);
@@ -4250,7 +4347,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
     } /* switch */
     ForceZero(&temp, sizeof(temp));
 
-#if defined(HAVE_AES_DECRYPT)
+#if defined(HAVE_AES_DECRYPT) && !defined(MAX3266X_AES)
     if (dir == AES_DECRYPTION) {
         unsigned int j;
 
@@ -4406,9 +4503,9 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
             wc_FreeRng(&rng);
 
             if (iv)
-                XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+                XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
             else
-                XMEMSET(aes->reg, 0, AES_BLOCK_SIZE);
+                XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE);
 
             switch (keylen) {
                 case AES_128_KEY_SIZE: keyType = CAAM_KEYTYPE_AES128; break;
@@ -4453,8 +4550,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         #endif
         }
 
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
 
@@ -4471,12 +4568,53 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 #endif /* WC_C_DYNAMIC_FALLBACK */
 
     #ifdef WOLFSSL_AESNI
-        aes->use_aesni = 0;
+
+       /* The dynamics for determining whether AES-NI will be used are tricky.
+        *
+        * First, we check for CPU support and cache the result -- if AES-NI is
+        * missing, we always shortcut to the AesSetKey_C() path.
+        *
+        * Second, if the CPU supports AES-NI, we confirm on a per-call basis
+        * that it's safe to use in the caller context, using
+        * SAVE_VECTOR_REGISTERS2().  This is an always-true no-op in user-space
+        * builds, but has substantive logic behind it in kernel module builds.
+        *
+        * The outcome when SAVE_VECTOR_REGISTERS2() fails depends on
+        * WC_C_DYNAMIC_FALLBACK -- if that's defined, we return immediately with
+        * success but with AES-NI disabled (the earlier AesSetKey_C() allows
+        * future encrypt/decrypt calls to succeed), otherwise we fail.
+        *
+        * Upon successful return, aes->use_aesni will have a zero value if
+        * AES-NI is disabled, and a nonzero value if it's enabled.
+        *
+        * An additional, optional semantic is available via
+        * WC_FLAG_DONT_USE_AESNI, and is used in some kernel module builds to
+        * let the caller inhibit AES-NI.  When this macro is defined,
+        * wc_AesInit() before wc_AesSetKey() is imperative, to avoid a read of
+        * uninitialized data in aes->use_aesni.  That's why support for
+        * WC_FLAG_DONT_USE_AESNI must remain optional -- wc_AesInit() was only
+        * added in release 3.11.0, so legacy applications inevitably call
+        * wc_AesSetKey() on uninitialized Aes contexts.  This must continue to
+        * function correctly with default build settings.
+        */
+
         if (checkedAESNI == 0) {
             haveAESNI  = Check_CPU_support_AES();
             checkedAESNI = 1;
         }
-        if (haveAESNI) {
+        if (haveAESNI
+#if defined(WC_FLAG_DONT_USE_AESNI) && !defined(WC_C_DYNAMIC_FALLBACK)
+            && (aes->use_aesni != WC_FLAG_DONT_USE_AESNI)
+#endif
+            )
+        {
+#if defined(WC_FLAG_DONT_USE_AESNI)
+            if (aes->use_aesni == WC_FLAG_DONT_USE_AESNI) {
+                aes->use_aesni = 0;
+                return 0;
+            }
+#endif
+            aes->use_aesni = 0;
             #ifdef WOLFSSL_LINUXKM
             /* runtime alignment check */
             if ((wc_ptr_t)&aes->key & (wc_ptr_t)0xf) {
@@ -4510,8 +4648,25 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 #endif
             }
         }
+        else {
+            aes->use_aesni = 0;
+#ifdef WC_C_DYNAMIC_FALLBACK
+            /* If WC_C_DYNAMIC_FALLBACK, we already called AesSetKey_C()
+             * above.
+             */
+            return 0;
+#endif
+        }
     #endif /* WOLFSSL_AESNI */
 
+    #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+        !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        Check_CPU_support_HwCrypto(aes);
+        if (aes->use_aes_hw_crypto) {
+            return AES_set_key_AARCH64(userKey, keylen, aes, dir);
+        }
+    #endif
+
     #ifdef WOLFSSL_KCAPI_AES
         XMEMCPY(aes->devKey, userKey, keylen);
         if (aes->init != 0) {
@@ -4546,8 +4701,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 
 #ifndef WC_AES_BITSLICED
     #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
-        (!defined(WOLFSSL_ESP32_CRYPT) || \
-          defined(NO_WOLFSSL_ESP32_CRYPT_AES))
+        (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) \
+        && !defined(MAX3266X_AES)
 
         /* software */
         ByteReverseWords(aes->key, aes->key, keylen);
@@ -4594,8 +4749,6 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         }
 #endif
 
-        ret = wc_AesSetIV(aes, iv);
-
     #if defined(WOLFSSL_DEVCRYPTO) && \
         (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))
         aes->ctx.cfd = -1;
@@ -4675,9 +4828,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 #endif
 
     if (iv)
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
     else
-        XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
+        XMEMSET(aes->reg,  0, WC_AES_BLOCK_SIZE);
 
 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
     defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
@@ -4692,7 +4845,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 
 #ifdef WC_C_DYNAMIC_FALLBACK
 
-#define VECTOR_REGISTERS_PUSH { \
+#define VECTOR_REGISTERS_PUSH {                                      \
         int orig_use_aesni = aes->use_aesni;                         \
         if (aes->use_aesni && (SAVE_VECTOR_REGISTERS2() != 0)) {     \
             aes->use_aesni = 0;                                      \
@@ -4707,6 +4860,15 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     }                                                                \
     WC_DO_NOTHING
 
+#elif defined(SAVE_VECTOR_REGISTERS2_DOES_NOTHING)
+
+#define VECTOR_REGISTERS_PUSH { \
+        WC_DO_NOTHING
+
+#define VECTOR_REGISTERS_POP                                         \
+    }                                                                \
+    WC_DO_NOTHING
+
 #else
 
 #define VECTOR_REGISTERS_PUSH { \
@@ -4798,10 +4960,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     {
         int ret = 0;
         CRYP_HandleTypeDef hcryp;
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -4819,7 +4981,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 
     #if defined(STM32_HAL_V2)
         hcryp.Init.Algorithm  = CRYP_AES_CBC;
-        ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE);
+        ByteReverseWords(aes->reg, aes->reg, WC_AES_BLOCK_SIZE);
     #elif defined(STM32_CRYPTO_AES_ONLY)
         hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT;
         hcryp.Init.ChainingMode  = CRYP_CHAINMODE_AES_CBC;
@@ -4829,14 +4991,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         HAL_CRYP_Init(&hcryp);
 
     #if defined(STM32_HAL_V2)
-        ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE,
+        ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * WC_AES_BLOCK_SIZE,
             (uint32_t*)out, STM32_HAL_TIMEOUT);
     #elif defined(STM32_CRYPTO_AES_ONLY)
-        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE,
+        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * WC_AES_BLOCK_SIZE,
             out, STM32_HAL_TIMEOUT);
     #else
         ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in,
-                                      blocks * AES_BLOCK_SIZE,
+                                      blocks * WC_AES_BLOCK_SIZE,
                                       out, STM32_HAL_TIMEOUT);
     #endif
         if (ret != HAL_OK) {
@@ -4844,7 +5006,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         }
 
         /* store iv for next call */
-        XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
         HAL_CRYP_DeInit(&hcryp);
 
@@ -4858,10 +5020,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     {
         int ret = 0;
         CRYP_HandleTypeDef hcryp;
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -4878,11 +5040,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         }
 
         /* if input and output same will overwrite input iv */
-        XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
     #if defined(STM32_HAL_V2)
         hcryp.Init.Algorithm  = CRYP_AES_CBC;
-        ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE);
+        ByteReverseWords(aes->reg, aes->reg, WC_AES_BLOCK_SIZE);
     #elif defined(STM32_CRYPTO_AES_ONLY)
         hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT;
         hcryp.Init.ChainingMode  = CRYP_CHAINMODE_AES_CBC;
@@ -4893,14 +5055,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         HAL_CRYP_Init(&hcryp);
 
     #if defined(STM32_HAL_V2)
-        ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE,
+        ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * WC_AES_BLOCK_SIZE,
             (uint32_t*)out, STM32_HAL_TIMEOUT);
     #elif defined(STM32_CRYPTO_AES_ONLY)
-        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE,
+        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * WC_AES_BLOCK_SIZE,
             out, STM32_HAL_TIMEOUT);
     #else
         ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in,
-                                      blocks * AES_BLOCK_SIZE,
+                                      blocks * WC_AES_BLOCK_SIZE,
             out, STM32_HAL_TIMEOUT);
     #endif
         if (ret != HAL_OK) {
@@ -4908,7 +5070,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         }
 
         /* store iv for next call */
-        XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
 
         HAL_CRYP_DeInit(&hcryp);
         wolfSSL_CryptHwMutexUnLock();
@@ -4926,10 +5088,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         CRYP_InitTypeDef cryptInit;
         CRYP_KeyInitTypeDef keyInit;
         CRYP_IVInitTypeDef ivInit;
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -4954,7 +5116,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         /* set iv */
         iv = aes->reg;
         CRYP_IVStructInit(&ivInit);
-        ByteReverseWords(iv, iv, AES_BLOCK_SIZE);
+        ByteReverseWords(iv, iv, WC_AES_BLOCK_SIZE);
         ivInit.CRYP_IV0Left  = iv[0];
         ivInit.CRYP_IV0Right = iv[1];
         ivInit.CRYP_IV1Left  = iv[2];
@@ -4987,11 +5149,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             *(uint32_t*)&out[12] = CRYP_DataOut();
 
             /* store iv for next call */
-            XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
-            sz  -= AES_BLOCK_SIZE;
-            in  += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            sz  -= WC_AES_BLOCK_SIZE;
+            in  += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
 
         /* disable crypto processor */
@@ -5010,10 +5172,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         CRYP_InitTypeDef cryptInit;
         CRYP_KeyInitTypeDef keyInit;
         CRYP_IVInitTypeDef ivInit;
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -5030,7 +5192,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         }
 
         /* if input and output same will overwrite input iv */
-        XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
         /* reset registers to their default values */
         CRYP_DeInit();
@@ -5055,7 +5217,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         /* set iv */
         iv = aes->reg;
         CRYP_IVStructInit(&ivInit);
-        ByteReverseWords(iv, iv, AES_BLOCK_SIZE);
+        ByteReverseWords(iv, iv, WC_AES_BLOCK_SIZE);
         ivInit.CRYP_IV0Left  = iv[0];
         ivInit.CRYP_IV0Right = iv[1];
         ivInit.CRYP_IV1Left  = iv[2];
@@ -5083,10 +5245,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             *(uint32_t*)&out[12] = CRYP_DataOut();
 
             /* store iv for next call */
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
 
-            in  += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            in  += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
 
         /* disable crypto processor */
@@ -5114,7 +5276,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return BAD_FUNC_ARG;    /*wrong pointer*/
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -5125,7 +5287,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         secDesc->length1 = 0x0;
         secDesc->pointer1 = NULL;
 
-        secDesc->length2 = AES_BLOCK_SIZE;
+        secDesc->length2 = WC_AES_BLOCK_SIZE;
         secDesc->pointer2 = (byte *)secReg; /* Initial Vector */
 
         switch(aes->rounds) {
@@ -5149,7 +5311,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 #endif
         while (sz) {
             secDesc->header = descHeader;
-            XMEMCPY(secReg, aes->reg, AES_BLOCK_SIZE);
+            XMEMCPY(secReg, aes->reg, WC_AES_BLOCK_SIZE);
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             sz -= AES_BUFFER_SIZE;
 #else
@@ -5167,8 +5329,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 
             XMEMCPY(AESBuffIn, pi, size);
             if(descHeader == SEC_DESC_AES_CBC_DECRYPT) {
-                XMEMCPY((void*)aes->tmp, (void*)&(pi[size-AES_BLOCK_SIZE]),
-                        AES_BLOCK_SIZE);
+                XMEMCPY((void*)aes->tmp, (void*)&(pi[size-WC_AES_BLOCK_SIZE]),
+                        WC_AES_BLOCK_SIZE);
             }
 
             /* Point SEC to the location of the descriptor */
@@ -5193,10 +5355,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             XMEMCPY(po, AESBuffOut, size);
 
             if (descHeader == SEC_DESC_AES_CBC_ENCRYPT) {
-                XMEMCPY((void*)aes->reg, (void*)&(po[size-AES_BLOCK_SIZE]),
-                        AES_BLOCK_SIZE);
+                XMEMCPY((void*)aes->reg, (void*)&(po[size-WC_AES_BLOCK_SIZE]),
+                        WC_AES_BLOCK_SIZE);
             } else {
-                XMEMCPY((void*)aes->reg, (void*)aes->tmp, AES_BLOCK_SIZE);
+                XMEMCPY((void*)aes->reg, (void*)aes->tmp, WC_AES_BLOCK_SIZE);
             }
 
             pi += size;
@@ -5225,10 +5387,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         word32 keySize;
         status_t status;
         byte *iv, *enc_key;
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -5246,13 +5408,13 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         status = wolfSSL_CryptHwMutexLock();
         if (status != 0)
             return status;
-        status = LTC_AES_EncryptCbc(LTC_BASE, in, out, blocks * AES_BLOCK_SIZE,
+        status = LTC_AES_EncryptCbc(LTC_BASE, in, out, blocks * WC_AES_BLOCK_SIZE,
             iv, enc_key, keySize);
         wolfSSL_CryptHwMutexUnLock();
 
         /* store iv for next call */
         if (status == kStatus_Success) {
-            XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(iv, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         }
 
         return (status == kStatus_Success) ? 0 : -1;
@@ -5264,11 +5426,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         word32 keySize;
         status_t status;
         byte* iv, *dec_key;
-        byte temp_block[AES_BLOCK_SIZE];
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        byte temp_block[WC_AES_BLOCK_SIZE];
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -5284,18 +5446,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         }
 
         /* get IV for next call */
-        XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        XMEMCPY(temp_block, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
         status = wolfSSL_CryptHwMutexLock();
         if (status != 0)
             return status;
-        status = LTC_AES_DecryptCbc(LTC_BASE, in, out, blocks * AES_BLOCK_SIZE,
+        status = LTC_AES_DecryptCbc(LTC_BASE, in, out, blocks * WC_AES_BLOCK_SIZE,
             iv, dec_key, keySize, kLTC_EncryptKey);
         wolfSSL_CryptHwMutexUnLock();
 
         /* store IV for next call */
         if (status == kStatus_Success) {
-            XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
+            XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE);
         }
 
         return (status == kStatus_Success) ? 0 : -1;
@@ -5307,12 +5469,12 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     {
         int offset = 0;
         byte *iv;
-        byte temp_block[AES_BLOCK_SIZE];
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        byte temp_block[WC_AES_BLOCK_SIZE];
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
         int ret;
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -5322,19 +5484,19 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         iv = (byte*)aes->reg;
 
         while (blocks--) {
-            XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
+            XMEMCPY(temp_block, in + offset, WC_AES_BLOCK_SIZE);
 
             /* XOR block with IV for CBC */
-            xorbuf(temp_block, iv, AES_BLOCK_SIZE);
+            xorbuf(temp_block, iv, WC_AES_BLOCK_SIZE);
 
             ret = wc_AesEncrypt(aes, temp_block, out + offset);
             if (ret != 0)
                 return ret;
 
-            offset += AES_BLOCK_SIZE;
+            offset += WC_AES_BLOCK_SIZE;
 
             /* store IV for next block */
-            XMEMCPY(iv, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(iv, out + offset - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         }
 
         return 0;
@@ -5345,11 +5507,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         int ret;
         int offset = 0;
         byte* iv;
-        byte temp_block[AES_BLOCK_SIZE];
-        word32 blocks = (sz / AES_BLOCK_SIZE);
+        byte temp_block[WC_AES_BLOCK_SIZE];
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -5359,25 +5521,110 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         iv = (byte*)aes->reg;
 
         while (blocks--) {
-            XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
+            XMEMCPY(temp_block, in + offset, WC_AES_BLOCK_SIZE);
 
             ret = wc_AesDecrypt(aes, in + offset, out + offset);
             if (ret != 0)
                 return ret;
 
             /* XOR block with IV for CBC */
-            xorbuf(out + offset, iv, AES_BLOCK_SIZE);
+            xorbuf(out + offset, iv, WC_AES_BLOCK_SIZE);
 
             /* store IV for next block */
-            XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
+            XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE);
 
-            offset += AES_BLOCK_SIZE;
+            offset += WC_AES_BLOCK_SIZE;
         }
 
         return 0;
     }
     #endif /* HAVE_AES_DECRYPT */
 
+#elif defined(MAX3266X_AES)
+    int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        word32 keySize;
+        int status;
+        byte *iv;
+
+        if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+            return BAD_FUNC_ARG;
+        }
+
+        /* Always enforce a length check */
+        if (sz % WC_AES_BLOCK_SIZE) {
+        #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+            return BAD_LENGTH_E;
+        #else
+            return BAD_FUNC_ARG;
+        #endif
+        }
+        if (sz == 0) {
+            return 0;
+        }
+
+        iv = (byte*)aes->reg;
+        status = wc_AesGetKeySize(aes, &keySize);
+        if (status != 0) {
+            return status;
+        }
+
+        status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->key,
+                                        MXC_TPU_MODE_CBC, sz, out,
+                                        (unsigned int)keySize);
+        /* store iv for next call */
+        if (status == 0) {
+            XMEMCPY(iv, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+        }
+        return (status == 0) ? 0 : -1;
+    }
+
+    #ifdef HAVE_AES_DECRYPT
+    int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        word32 keySize;
+        int status;
+        byte *iv;
+        byte temp_block[WC_AES_BLOCK_SIZE];
+
+        if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+            return BAD_FUNC_ARG;
+        }
+
+        /* Always enforce a length check */
+        if (sz % WC_AES_BLOCK_SIZE) {
+        #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+            return BAD_LENGTH_E;
+        #else
+            return BAD_FUNC_ARG;
+        #endif
+        }
+        if (sz == 0) {
+            return 0;
+        }
+
+        iv = (byte*)aes->reg;
+        status = wc_AesGetKeySize(aes, &keySize);
+        if (status != 0) {
+            return status;
+        }
+
+        /* get IV for next call */
+        XMEMCPY(temp_block, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+        status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->key,
+                                        MXC_TPU_MODE_CBC, sz, out,
+                                        keySize);
+
+        /* store iv for next call */
+        if (status == 0) {
+            XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE);
+        }
+        return (status == 0) ? 0 : -1;
+    }
+    #endif /* HAVE_AES_DECRYPT */
+
+
+
 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
 
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
@@ -5388,7 +5635,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return 0;
 
         /* hardware fails on input that is not a multiple of AES block size */
-        if (sz % AES_BLOCK_SIZE != 0) {
+        if (sz % WC_AES_BLOCK_SIZE != 0) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             return BAD_LENGTH_E;
 #else
@@ -5397,13 +5644,13 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         }
 
         ret = wc_Pic32AesCrypt(
-            aes->key, aes->keylen, aes->reg, AES_BLOCK_SIZE,
+            aes->key, aes->keylen, aes->reg, WC_AES_BLOCK_SIZE,
             out, in, sz, PIC32_ENCRYPTION,
             PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCBC);
 
         /* store iv for next call */
         if (ret == 0) {
-            XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         }
 
         return ret;
@@ -5412,29 +5659,29 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
         int ret;
-        byte scratch[AES_BLOCK_SIZE];
+        byte scratch[WC_AES_BLOCK_SIZE];
 
         if (sz == 0)
             return 0;
 
         /* hardware fails on input that is not a multiple of AES block size */
-        if (sz % AES_BLOCK_SIZE != 0) {
+        if (sz % WC_AES_BLOCK_SIZE != 0) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             return BAD_LENGTH_E;
 #else
             return BAD_FUNC_ARG;
 #endif
         }
-        XMEMCPY(scratch, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        XMEMCPY(scratch, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
         ret = wc_Pic32AesCrypt(
-            aes->key, aes->keylen, aes->reg, AES_BLOCK_SIZE,
+            aes->key, aes->keylen, aes->reg, WC_AES_BLOCK_SIZE,
             out, in, sz, PIC32_DECRYPTION,
             PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCBC);
 
         /* store iv for next call */
         if (ret == 0) {
-            XMEMCPY((byte*)aes->reg, scratch, AES_BLOCK_SIZE);
+            XMEMCPY((byte*)aes->reg, scratch, WC_AES_BLOCK_SIZE);
         }
 
         return ret;
@@ -5499,9 +5746,9 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             return 0;
         }
 
-        blocks = sz / AES_BLOCK_SIZE;
+        blocks = sz / WC_AES_BLOCK_SIZE;
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             WOLFSSL_ERROR_VERBOSE(BAD_LENGTH_E);
             return BAD_LENGTH_E;
         }
@@ -5533,7 +5780,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         #elif defined(HAVE_INTEL_QA)
             return IntelQaSymAesCbcEncrypt(&aes->asyncDev, out, in, sz,
                 (const byte*)aes->devKey, aes->keylen,
-                (byte*)aes->reg, AES_BLOCK_SIZE);
+                (byte*)aes->reg, WC_AES_BLOCK_SIZE);
         #elif defined(WOLFSSL_ASYNC_CRYPT_SW)
             if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_CBC_ENCRYPT)) {
                 WC_ASYNC_SW* sw = &aes->asyncDev.sw;
@@ -5583,7 +5830,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             /* check alignment, decrypt doesn't need alignment */
             if ((wc_ptr_t)in % AESNI_ALIGN) {
             #ifndef NO_WOLFSSL_ALLOC_ALIGN
-                byte* tmp = (byte*)XMALLOC(sz + AES_BLOCK_SIZE + AESNI_ALIGN,
+                byte* tmp = (byte*)XMALLOC(sz + WC_AES_BLOCK_SIZE + AESNI_ALIGN,
                                             aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
                 byte* tmp_align;
                 if (tmp == NULL)
@@ -5594,7 +5841,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
                     AES_CBC_encrypt_AESNI(tmp_align, tmp_align, (byte*)aes->reg, sz,
                                           (byte*)aes->key, (int)aes->rounds);
                     /* store iv for next call */
-                    XMEMCPY(aes->reg, tmp_align + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+                    XMEMCPY(aes->reg, tmp_align + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
                     XMEMCPY(out, tmp_align, sz);
                     XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -5609,24 +5856,32 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
                 AES_CBC_encrypt_AESNI(in, out, (byte*)aes->reg, sz, (byte*)aes->key,
                                       (int)aes->rounds);
                 /* store iv for next call */
-                XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+                XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
                 ret = 0;
             }
         }
         else
+    #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+          !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto) {
+            AES_CBC_encrypt_AARCH64(in, out, sz, (byte*)aes->reg,
+                (byte*)aes->key, (int)aes->rounds);
+            ret = 0;
+        }
+        else
     #endif
         {
             ret = 0;
             while (blocks--) {
-                xorbuf((byte*)aes->reg, in, AES_BLOCK_SIZE);
+                xorbuf((byte*)aes->reg, in, WC_AES_BLOCK_SIZE);
                 ret = wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->reg);
                 if (ret != 0)
                     break;
-                XMEMCPY(out, aes->reg, AES_BLOCK_SIZE);
+                XMEMCPY(out, aes->reg, WC_AES_BLOCK_SIZE);
 
-                out += AES_BLOCK_SIZE;
-                in  += AES_BLOCK_SIZE;
+                out += WC_AES_BLOCK_SIZE;
+                in  += WC_AES_BLOCK_SIZE;
             }
         }
 
@@ -5667,8 +5922,8 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         }
     #endif
 
-        blocks = sz / AES_BLOCK_SIZE;
-        if (sz % AES_BLOCK_SIZE) {
+        blocks = sz / WC_AES_BLOCK_SIZE;
+        if (sz % WC_AES_BLOCK_SIZE) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             return BAD_LENGTH_E;
 #else
@@ -5702,7 +5957,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         #elif defined(HAVE_INTEL_QA)
             return IntelQaSymAesCbcDecrypt(&aes->asyncDev, out, in, sz,
                 (const byte*)aes->devKey, aes->keylen,
-                (byte*)aes->reg, AES_BLOCK_SIZE);
+                (byte*)aes->reg, WC_AES_BLOCK_SIZE);
         #elif defined(WOLFSSL_ASYNC_CRYPT_SW)
             if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_CBC_DECRYPT)) {
                 WC_ASYNC_SW* sw = &aes->asyncDev.sw;
@@ -5739,7 +5994,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             #endif
 
             /* if input and output same will overwrite input iv */
-            XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
             #if defined(WOLFSSL_AESNI_BY4) || defined(WOLFSSL_X86_BUILD)
             AES_CBC_decrypt_AESNI_by4(in, out, (byte*)aes->reg, sz, (byte*)aes->key,
                             aes->rounds);
@@ -5751,7 +6006,15 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
                             (int)aes->rounds);
             #endif /* WOLFSSL_AESNI_BYx */
             /* store iv for next call */
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
+            ret = 0;
+        }
+        else
+    #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+          !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto) {
+            AES_CBC_decrypt_AARCH64(in, out, sz, (byte*)aes->reg,
+                (byte*)aes->key, (int)aes->rounds);
             ret = 0;
         }
         else
@@ -5760,76 +6023,76 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             ret = 0;
 #ifdef WC_AES_BITSLICED
             if (in != out) {
-                unsigned char dec[AES_BLOCK_SIZE * BS_WORD_SIZE];
+                unsigned char dec[WC_AES_BLOCK_SIZE * BS_WORD_SIZE];
 
                 while (blocks > BS_WORD_SIZE) {
-                    AesDecryptBlocks_C(aes, in, dec, AES_BLOCK_SIZE * BS_WORD_SIZE);
-                    xorbufout(out, dec, aes->reg, AES_BLOCK_SIZE);
-                    xorbufout(out + AES_BLOCK_SIZE, dec + AES_BLOCK_SIZE, in,
-                              AES_BLOCK_SIZE * (BS_WORD_SIZE - 1));
-                    XMEMCPY(aes->reg, in + (AES_BLOCK_SIZE * (BS_WORD_SIZE - 1)),
-                            AES_BLOCK_SIZE);
-                    in += AES_BLOCK_SIZE * BS_WORD_SIZE;
-                    out += AES_BLOCK_SIZE * BS_WORD_SIZE;
+                    AesDecryptBlocks_C(aes, in, dec, WC_AES_BLOCK_SIZE * BS_WORD_SIZE);
+                    xorbufout(out, dec, aes->reg, WC_AES_BLOCK_SIZE);
+                    xorbufout(out + WC_AES_BLOCK_SIZE, dec + WC_AES_BLOCK_SIZE, in,
+                              WC_AES_BLOCK_SIZE * (BS_WORD_SIZE - 1));
+                    XMEMCPY(aes->reg, in + (WC_AES_BLOCK_SIZE * (BS_WORD_SIZE - 1)),
+                            WC_AES_BLOCK_SIZE);
+                    in += WC_AES_BLOCK_SIZE * BS_WORD_SIZE;
+                    out += WC_AES_BLOCK_SIZE * BS_WORD_SIZE;
                     blocks -= BS_WORD_SIZE;
                 }
                 if (blocks > 0) {
-                    AesDecryptBlocks_C(aes, in, dec, blocks * AES_BLOCK_SIZE);
-                    xorbufout(out, dec, aes->reg, AES_BLOCK_SIZE);
-                    xorbufout(out + AES_BLOCK_SIZE, dec + AES_BLOCK_SIZE, in,
-                              AES_BLOCK_SIZE * (blocks - 1));
-                    XMEMCPY(aes->reg, in + (AES_BLOCK_SIZE * (blocks - 1)),
-                            AES_BLOCK_SIZE);
+                    AesDecryptBlocks_C(aes, in, dec, blocks * WC_AES_BLOCK_SIZE);
+                    xorbufout(out, dec, aes->reg, WC_AES_BLOCK_SIZE);
+                    xorbufout(out + WC_AES_BLOCK_SIZE, dec + WC_AES_BLOCK_SIZE, in,
+                              WC_AES_BLOCK_SIZE * (blocks - 1));
+                    XMEMCPY(aes->reg, in + (WC_AES_BLOCK_SIZE * (blocks - 1)),
+                            WC_AES_BLOCK_SIZE);
                     blocks = 0;
                 }
             }
             else {
-                unsigned char dec[AES_BLOCK_SIZE * BS_WORD_SIZE];
+                unsigned char dec[WC_AES_BLOCK_SIZE * BS_WORD_SIZE];
                 int i;
 
                 while (blocks > BS_WORD_SIZE) {
-                    AesDecryptBlocks_C(aes, in, dec, AES_BLOCK_SIZE * BS_WORD_SIZE);
-                    XMEMCPY(aes->tmp, in + (BS_WORD_SIZE - 1) * AES_BLOCK_SIZE,
-                            AES_BLOCK_SIZE);
+                    AesDecryptBlocks_C(aes, in, dec, WC_AES_BLOCK_SIZE * BS_WORD_SIZE);
+                    XMEMCPY(aes->tmp, in + (BS_WORD_SIZE - 1) * WC_AES_BLOCK_SIZE,
+                            WC_AES_BLOCK_SIZE);
                     for (i = BS_WORD_SIZE-1; i >= 1; i--) {
-                        xorbufout(out + i * AES_BLOCK_SIZE,
-                                  dec + i * AES_BLOCK_SIZE, in + (i - 1) * AES_BLOCK_SIZE,
-                                  AES_BLOCK_SIZE);
+                        xorbufout(out + i * WC_AES_BLOCK_SIZE,
+                                  dec + i * WC_AES_BLOCK_SIZE, in + (i - 1) * WC_AES_BLOCK_SIZE,
+                                  WC_AES_BLOCK_SIZE);
                     }
-                    xorbufout(out, dec, aes->reg, AES_BLOCK_SIZE);
-                    XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+                    xorbufout(out, dec, aes->reg, WC_AES_BLOCK_SIZE);
+                    XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
 
-                    in += AES_BLOCK_SIZE * BS_WORD_SIZE;
-                    out += AES_BLOCK_SIZE * BS_WORD_SIZE;
+                    in += WC_AES_BLOCK_SIZE * BS_WORD_SIZE;
+                    out += WC_AES_BLOCK_SIZE * BS_WORD_SIZE;
                     blocks -= BS_WORD_SIZE;
                 }
                 if (blocks > 0) {
-                    AesDecryptBlocks_C(aes, in, dec, blocks * AES_BLOCK_SIZE);
-                    XMEMCPY(aes->tmp, in + (blocks - 1) * AES_BLOCK_SIZE,
-                            AES_BLOCK_SIZE);
+                    AesDecryptBlocks_C(aes, in, dec, blocks * WC_AES_BLOCK_SIZE);
+                    XMEMCPY(aes->tmp, in + (blocks - 1) * WC_AES_BLOCK_SIZE,
+                            WC_AES_BLOCK_SIZE);
                     for (i = blocks-1; i >= 1; i--) {
-                        xorbufout(out + i * AES_BLOCK_SIZE,
-                                  dec + i * AES_BLOCK_SIZE, in + (i - 1) * AES_BLOCK_SIZE,
-                                  AES_BLOCK_SIZE);
+                        xorbufout(out + i * WC_AES_BLOCK_SIZE,
+                                  dec + i * WC_AES_BLOCK_SIZE, in + (i - 1) * WC_AES_BLOCK_SIZE,
+                                  WC_AES_BLOCK_SIZE);
                     }
-                    xorbufout(out, dec, aes->reg, AES_BLOCK_SIZE);
-                    XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+                    xorbufout(out, dec, aes->reg, WC_AES_BLOCK_SIZE);
+                    XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
 
                     blocks = 0;
                 }
             }
 #else
             while (blocks--) {
-                XMEMCPY(aes->tmp, in, AES_BLOCK_SIZE);
+                XMEMCPY(aes->tmp, in, WC_AES_BLOCK_SIZE);
                 ret = wc_AesDecrypt(aes, in, out);
                 if (ret != 0)
                     return ret;
-                xorbuf(out, (byte*)aes->reg, AES_BLOCK_SIZE);
+                xorbuf(out, (byte*)aes->reg, WC_AES_BLOCK_SIZE);
                 /* store iv for next call */
-                XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+                XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
 
-                out += AES_BLOCK_SIZE;
-                in  += AES_BLOCK_SIZE;
+                out += WC_AES_BLOCK_SIZE;
+                in  += WC_AES_BLOCK_SIZE;
             }
 #endif
         }
@@ -5856,7 +6119,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         #ifdef WOLFSSL_STM32_CUBEMX
             CRYP_HandleTypeDef hcryp;
             #ifdef STM32_HAL_V2
-            word32 iv[AES_BLOCK_SIZE/sizeof(word32)];
+            word32 iv[WC_AES_BLOCK_SIZE/sizeof(word32)];
             #endif
         #else
             word32 *iv;
@@ -5878,7 +6141,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
         #if defined(STM32_HAL_V2)
             hcryp.Init.Algorithm  = CRYP_AES_CTR;
-            ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE);
+            ByteReverseWords(iv, aes->reg, WC_AES_BLOCK_SIZE);
             hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv;
         #elif defined(STM32_CRYPTO_AES_ONLY)
             hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT;
@@ -5891,13 +6154,13 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             HAL_CRYP_Init(&hcryp);
 
         #if defined(STM32_HAL_V2)
-            ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE,
+            ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, WC_AES_BLOCK_SIZE,
                 (uint32_t*)out, STM32_HAL_TIMEOUT);
         #elif defined(STM32_CRYPTO_AES_ONLY)
-            ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE,
+            ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, WC_AES_BLOCK_SIZE,
                 out, STM32_HAL_TIMEOUT);
         #else
-            ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, AES_BLOCK_SIZE,
+            ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, WC_AES_BLOCK_SIZE,
                 out, STM32_HAL_TIMEOUT);
         #endif
             if (ret != HAL_OK) {
@@ -5972,11 +6235,11 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
         int wc_AesCtrEncryptBlock(Aes* aes, byte* out, const byte* in)
         {
-            word32 tmpIv[AES_BLOCK_SIZE / sizeof(word32)];
-            XMEMCPY(tmpIv, aes->reg, AES_BLOCK_SIZE);
+            word32 tmpIv[WC_AES_BLOCK_SIZE / sizeof(word32)];
+            XMEMCPY(tmpIv, aes->reg, WC_AES_BLOCK_SIZE);
             return wc_Pic32AesCrypt(
-                aes->key, aes->keylen, tmpIv, AES_BLOCK_SIZE,
-                out, in, AES_BLOCK_SIZE,
+                aes->key, aes->keylen, tmpIv, WC_AES_BLOCK_SIZE,
+                out, in, WC_AES_BLOCK_SIZE,
                 PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR);
         }
 
@@ -5996,7 +6259,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             }
 
             /* consume any unused bytes left in aes->tmp */
-            tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+            tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
             while (aes->left && sz) {
                 *(out++) = *(in++) ^ *(tmp++);
                 aes->left--;
@@ -6053,7 +6316,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         {
             /* in network byte order so start at end and work back */
             int i;
-            for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+            for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
                 if (++inOutCtr[i])  /* we're done unless we overflow */
                     return;
             }
@@ -6062,7 +6325,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         /* Software AES - CTR Encrypt */
         int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         {
-            byte scratch[AES_BLOCK_SIZE];
+            byte scratch[WC_AES_BLOCK_SIZE];
             int ret = 0;
             word32 processed;
 
@@ -6086,61 +6349,69 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
             /* consume any unused bytes left in aes->tmp */
             processed = min(aes->left, sz);
-            xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left,
+            xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left,
                       processed);
             out += processed;
             in += processed;
             aes->left -= processed;
             sz -= processed;
 
+        #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+            !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+            if (aes->use_aes_hw_crypto) {
+                AES_CTR_encrypt_AARCH64(aes, out, in, sz);
+                return 0;
+            }
+        #endif
+
             VECTOR_REGISTERS_PUSH;
 
         #if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
             !defined(XTRANSFORM_AESCTRBLOCK)
-            if (in != out && sz >= AES_BLOCK_SIZE) {
-                word32 blocks = sz / AES_BLOCK_SIZE;
+            if (in != out && sz >= WC_AES_BLOCK_SIZE) {
+                word32 blocks = sz / WC_AES_BLOCK_SIZE;
                 byte* counter = (byte*)aes->reg;
                 byte* c = out;
                 while (blocks--) {
-                    XMEMCPY(c, counter, AES_BLOCK_SIZE);
-                    c += AES_BLOCK_SIZE;
+                    XMEMCPY(c, counter, WC_AES_BLOCK_SIZE);
+                    c += WC_AES_BLOCK_SIZE;
                     IncrementAesCounter(counter);
                 }
 
                 /* reset number of blocks and then do encryption */
-                blocks = sz / AES_BLOCK_SIZE;
-                wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks);
-                xorbuf(out, in, AES_BLOCK_SIZE * blocks);
-                in += AES_BLOCK_SIZE * blocks;
-                out += AES_BLOCK_SIZE * blocks;
-                sz -= blocks * AES_BLOCK_SIZE;
+                blocks = sz / WC_AES_BLOCK_SIZE;
+                wc_AesEcbEncrypt(aes, out, out, WC_AES_BLOCK_SIZE * blocks);
+                xorbuf(out, in, WC_AES_BLOCK_SIZE * blocks);
+                in += WC_AES_BLOCK_SIZE * blocks;
+                out += WC_AES_BLOCK_SIZE * blocks;
+                sz -= blocks * WC_AES_BLOCK_SIZE;
             }
             else
         #endif
             {
             #ifdef WOLFSSL_CHECK_MEM_ZERO
                 wc_MemZero_Add("wc_AesCtrEncrypt scratch", scratch,
-                    AES_BLOCK_SIZE);
+                    WC_AES_BLOCK_SIZE);
             #endif
                 /* do as many block size ops as possible */
-                while (sz >= AES_BLOCK_SIZE) {
+                while (sz >= WC_AES_BLOCK_SIZE) {
                 #ifdef XTRANSFORM_AESCTRBLOCK
                     XTRANSFORM_AESCTRBLOCK(aes, out, in);
                 #else
                     ret = wc_AesEncrypt(aes, (byte*)aes->reg, scratch);
                     if (ret != 0)
                         break;
-                    xorbuf(scratch, in, AES_BLOCK_SIZE);
-                    XMEMCPY(out, scratch, AES_BLOCK_SIZE);
+                    xorbuf(scratch, in, WC_AES_BLOCK_SIZE);
+                    XMEMCPY(out, scratch, WC_AES_BLOCK_SIZE);
                 #endif
                     IncrementAesCounter((byte*)aes->reg);
 
-                    out += AES_BLOCK_SIZE;
-                    in  += AES_BLOCK_SIZE;
-                    sz  -= AES_BLOCK_SIZE;
+                    out += WC_AES_BLOCK_SIZE;
+                    in  += WC_AES_BLOCK_SIZE;
+                    sz  -= WC_AES_BLOCK_SIZE;
                     aes->left = 0;
                 }
-                ForceZero(scratch, AES_BLOCK_SIZE);
+                ForceZero(scratch, WC_AES_BLOCK_SIZE);
             }
 
             /* handle non block size remaining and store unused byte count in left */
@@ -6148,16 +6419,16 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
                 ret = wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp);
                 if (ret == 0) {
                     IncrementAesCounter((byte*)aes->reg);
-                    aes->left = AES_BLOCK_SIZE - sz;
+                    aes->left = WC_AES_BLOCK_SIZE - sz;
                     xorbufout(out, in, aes->tmp, sz);
                 }
             }
 
             if (ret < 0)
-                ForceZero(scratch, AES_BLOCK_SIZE);
+                ForceZero(scratch, WC_AES_BLOCK_SIZE);
 
         #ifdef WOLFSSL_CHECK_MEM_ZERO
-            wc_MemZero_Check(scratch, AES_BLOCK_SIZE);
+            wc_MemZero_Check(scratch, WC_AES_BLOCK_SIZE);
         #endif
 
             VECTOR_REGISTERS_POP;
@@ -6181,7 +6452,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     #endif /* NEED_AES_CTR_SOFT */
 
 #endif /* WOLFSSL_AES_COUNTER */
-#endif /* !WOLFSSL_ARMASM && ! WOLFSSL_RISCV_ASM */
+#endif /* !WOLFSSL_RISCV_ASM */
 
 
 /*
@@ -6212,15 +6483,31 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
 
 #ifdef WOLFSSL_AESGCM_STREAM
     /* Access initialization counter data. */
-    #define AES_INITCTR(aes)        ((aes)->streamData + 0 * AES_BLOCK_SIZE)
+    #define AES_INITCTR(aes)        ((aes)->streamData + 0 * WC_AES_BLOCK_SIZE)
     /* Access counter data. */
-    #define AES_COUNTER(aes)        ((aes)->streamData + 1 * AES_BLOCK_SIZE)
+    #define AES_COUNTER(aes)        ((aes)->streamData + 1 * WC_AES_BLOCK_SIZE)
     /* Access tag data. */
-    #define AES_TAG(aes)            ((aes)->streamData + 2 * AES_BLOCK_SIZE)
+    #define AES_TAG(aes)            ((aes)->streamData + 2 * WC_AES_BLOCK_SIZE)
     /* Access last GHASH block. */
-    #define AES_LASTGBLOCK(aes)     ((aes)->streamData + 3 * AES_BLOCK_SIZE)
+    #define AES_LASTGBLOCK(aes)     ((aes)->streamData + 3 * WC_AES_BLOCK_SIZE)
     /* Access last encrypted block. */
-    #define AES_LASTBLOCK(aes)      ((aes)->streamData + 4 * AES_BLOCK_SIZE)
+    #define AES_LASTBLOCK(aes)      ((aes)->streamData + 4 * WC_AES_BLOCK_SIZE)
+
+    #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+        !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        #define GHASH_ONE_BLOCK(aes, block)                                 \
+            do {                                                            \
+                if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {   \
+                    GHASH_ONE_BLOCK_AARCH64(aes, block);                    \
+                }                                                           \
+                else {                                                      \
+                    GHASH_ONE_BLOCK_SW(aes, block);                         \
+                }                                                           \
+            }                                                               \
+            while (0)
+    #else
+        #define GHASH_ONE_BLOCK     GHASH_ONE_BLOCK_SW
+    #endif
 #endif
 
 #if defined(HAVE_COLDFIRE_SEC)
@@ -6228,8 +6515,8 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
 
 #endif
 
-#ifdef WOLFSSL_ARMASM
-    /* implementation is located in wolfcrypt/src/port/arm/armv8-aes.c */
+#if defined(WOLFSSL_ARMASM) && !defined(__aarch64__)
+    /* implemented in wolfcrypt/src/port/arm/armv8-aes.c */
 
 #elif defined(WOLFSSL_RISCV_ASM)
     /* implemented in wolfcrypt/src/port/risc-v/riscv-64-aes.c */
@@ -6251,7 +6538,7 @@ static WC_INLINE void IncrementGcmCounter(byte* inOutCtr)
     int i;
 
     /* in network byte order so start at end and work back */
-    for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= WC_AES_BLOCK_SIZE - CTR_SZ; i--) {
         if (++inOutCtr[i])  /* we're done unless we overflow */
             return;
     }
@@ -6282,9 +6569,9 @@ static WC_INLINE void RIGHTSHIFTX(byte* x)
 {
     int i;
     int carryIn = 0;
-    byte borrow = (0x00 - (x[15] & 0x01)) & 0xE1;
+    byte borrow = (byte)((0x00U - (x[15] & 0x01U)) & 0xE1U);
 
-    for (i = 0; i < AES_BLOCK_SIZE; i++) {
+    for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
         int carryOut = (x[i] & 0x01) << 7;
         x[i] = (byte) ((x[i] >> 1) | carryIn);
         carryIn = carryOut;
@@ -6300,23 +6587,23 @@ static WC_INLINE void RIGHTSHIFTX(byte* x)
 void GenerateM0(Gcm* gcm)
 {
     int i, j;
-    byte (*m)[AES_BLOCK_SIZE] = gcm->M0;
+    byte (*m)[WC_AES_BLOCK_SIZE] = gcm->M0;
 
-    XMEMCPY(m[128], gcm->H, AES_BLOCK_SIZE);
+    XMEMCPY(m[128], gcm->H, WC_AES_BLOCK_SIZE);
 
     for (i = 64; i > 0; i /= 2) {
-        XMEMCPY(m[i], m[i*2], AES_BLOCK_SIZE);
+        XMEMCPY(m[i], m[i*2], WC_AES_BLOCK_SIZE);
         RIGHTSHIFTX(m[i]);
     }
 
     for (i = 2; i < 256; i *= 2) {
         for (j = 1; j < i; j++) {
-            XMEMCPY(m[i+j], m[i], AES_BLOCK_SIZE);
-            xorbuf(m[i+j], m[j], AES_BLOCK_SIZE);
+            XMEMCPY(m[i+j], m[i], WC_AES_BLOCK_SIZE);
+            xorbuf(m[i+j], m[j], WC_AES_BLOCK_SIZE);
         }
     }
 
-    XMEMSET(m[0], 0, AES_BLOCK_SIZE);
+    XMEMSET(m[0], 0, WC_AES_BLOCK_SIZE);
 }
 
 #elif defined(GCM_TABLE_4BIT)
@@ -6336,49 +6623,49 @@ void GenerateM0(Gcm* gcm)
 #if !defined(BIG_ENDIAN_ORDER) && !defined(WC_16BIT_CPU)
     int i;
 #endif
-    byte (*m)[AES_BLOCK_SIZE] = gcm->M0;
+    byte (*m)[WC_AES_BLOCK_SIZE] = gcm->M0;
 
     /* 0 times -> 0x0 */
-    XMEMSET(m[0x0], 0, AES_BLOCK_SIZE);
+    XMEMSET(m[0x0], 0, WC_AES_BLOCK_SIZE);
     /* 1 times -> 0x8 */
-    XMEMCPY(m[0x8], gcm->H, AES_BLOCK_SIZE);
+    XMEMCPY(m[0x8], gcm->H, WC_AES_BLOCK_SIZE);
     /* 2 times -> 0x4 */
-    XMEMCPY(m[0x4], m[0x8], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x4], m[0x8], WC_AES_BLOCK_SIZE);
     RIGHTSHIFTX(m[0x4]);
     /* 4 times -> 0x2 */
-    XMEMCPY(m[0x2], m[0x4], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x2], m[0x4], WC_AES_BLOCK_SIZE);
     RIGHTSHIFTX(m[0x2]);
     /* 8 times -> 0x1 */
-    XMEMCPY(m[0x1], m[0x2], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x1], m[0x2], WC_AES_BLOCK_SIZE);
     RIGHTSHIFTX(m[0x1]);
 
     /* 0x3 */
-    XMEMCPY(m[0x3], m[0x2], AES_BLOCK_SIZE);
-    xorbuf (m[0x3], m[0x1], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x3], m[0x2], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x3], m[0x1], WC_AES_BLOCK_SIZE);
 
     /* 0x5 -> 0x7 */
-    XMEMCPY(m[0x5], m[0x4], AES_BLOCK_SIZE);
-    xorbuf (m[0x5], m[0x1], AES_BLOCK_SIZE);
-    XMEMCPY(m[0x6], m[0x4], AES_BLOCK_SIZE);
-    xorbuf (m[0x6], m[0x2], AES_BLOCK_SIZE);
-    XMEMCPY(m[0x7], m[0x4], AES_BLOCK_SIZE);
-    xorbuf (m[0x7], m[0x3], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x5], m[0x4], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x5], m[0x1], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0x6], m[0x4], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x6], m[0x2], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0x7], m[0x4], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x7], m[0x3], WC_AES_BLOCK_SIZE);
 
     /* 0x9 -> 0xf */
-    XMEMCPY(m[0x9], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0x9], m[0x1], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xa], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xa], m[0x2], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xb], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xb], m[0x3], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xc], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xc], m[0x4], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xd], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xd], m[0x5], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xe], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xe], m[0x6], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xf], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xf], m[0x7], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x9], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x9], m[0x1], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xa], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xa], m[0x2], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xb], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xb], m[0x3], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xc], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xc], m[0x4], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xd], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xd], m[0x5], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xe], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xe], m[0x6], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xf], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xf], m[0x7], WC_AES_BLOCK_SIZE);
 
 #if !defined(BIG_ENDIAN_ORDER) && !defined(WC_16BIT_CPU)
     for (i = 0; i < 16; i++) {
@@ -6389,11 +6676,30 @@ void GenerateM0(Gcm* gcm)
 
 #endif /* GCM_TABLE */
 
+#if defined(WOLFSSL_AESNI) && defined(USE_INTEL_SPEEDUP)
+    #define HAVE_INTEL_AVX1
+    #define HAVE_INTEL_AVX2
+#endif
+
+#if defined(WOLFSSL_AESNI) && defined(GCM_TABLE_4BIT) && \
+    defined(WC_C_DYNAMIC_FALLBACK)
+void GCM_generate_m0_aesni(const unsigned char *h, unsigned char *m)
+                           XASM_LINK("GCM_generate_m0_aesni");
+#ifdef HAVE_INTEL_AVX1
+void GCM_generate_m0_avx1(const unsigned char *h, unsigned char *m)
+                          XASM_LINK("GCM_generate_m0_avx1");
+#endif
+#ifdef HAVE_INTEL_AVX2
+void GCM_generate_m0_avx2(const unsigned char *h, unsigned char *m)
+                          XASM_LINK("GCM_generate_m0_avx2");
+#endif
+#endif /* WOLFSSL_AESNI && GCM_TABLE_4BIT && WC_C_DYNAMIC_FALLBACK */
+
 /* Software AES - GCM SetKey */
 int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 {
     int  ret;
-    byte iv[AES_BLOCK_SIZE];
+    byte iv[WC_AES_BLOCK_SIZE];
 
     #ifdef WOLFSSL_IMX6_CAAM_BLOB
         byte   local[32];
@@ -6425,7 +6731,7 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
     XMEMSET(aes->gcm.aadH, 0, sizeof(aes->gcm.aadH));
     aes->gcm.aadLen = 0;
 #endif
-    XMEMSET(iv, 0, AES_BLOCK_SIZE);
+    XMEMSET(iv, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
 #ifdef WOLFSSL_AESGCM_STREAM
     aes->gcmKeySet = 1;
@@ -6441,6 +6747,13 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
         return ret;
     #endif /* WOLFSSL_RENESAS_RSIP && WOLFSSL_RENESAS_FSPSM_CRYPTONLY*/
 
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (ret == 0 && aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+        AES_GCM_set_key_AARCH64(aes, iv);
+    }
+    else
+#endif
 #if !defined(FREESCALE_LTC_AES_GCM)
     if (ret == 0) {
         VECTOR_REGISTERS_PUSH;
@@ -6451,9 +6764,33 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
         VECTOR_REGISTERS_POP;
     }
     if (ret == 0) {
-    #if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
-        GenerateM0(&aes->gcm);
-    #endif /* GCM_TABLE */
+#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
+#if defined(WOLFSSL_AESNI) && defined(GCM_TABLE_4BIT)
+        if (aes->use_aesni) {
+    #if defined(WC_C_DYNAMIC_FALLBACK)
+        #ifdef HAVE_INTEL_AVX2
+            if (IS_INTEL_AVX2(intel_flags)) {
+                GCM_generate_m0_avx2(aes->gcm.H, (byte*)aes->gcm.M0);
+            }
+            else
+        #endif
+        #if defined(HAVE_INTEL_AVX1)
+            if (IS_INTEL_AVX1(intel_flags)) {
+                GCM_generate_m0_avx1(aes->gcm.H, (byte*)aes->gcm.M0);
+            }
+            else
+        #endif
+            {
+                GCM_generate_m0_aesni(aes->gcm.H, (byte*)aes->gcm.M0);
+            }
+    #endif
+        }
+        else
+#endif
+        {
+            GenerateM0(&aes->gcm);
+        }
+#endif /* GCM_TABLE || GCM_TABLE_4BIT */
     }
 #endif /* FREESCALE_LTC_AES_GCM */
 
@@ -6476,11 +6813,6 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 
 #ifdef WOLFSSL_AESNI
 
-#if defined(USE_INTEL_SPEEDUP)
-    #define HAVE_INTEL_AVX1
-    #define HAVE_INTEL_AVX2
-#endif /* USE_INTEL_SPEEDUP */
-
 void AES_GCM_encrypt_aesni(const unsigned char *in, unsigned char *out,
                      const unsigned char* addt, const unsigned char* ivec,
                      unsigned char *tag, word32 nbytes,
@@ -6536,34 +6868,34 @@ void AES_GCM_decrypt_avx2(const unsigned char *in, unsigned char *out,
 #if defined(GCM_SMALL)
 static void GMULT(byte* X, byte* Y)
 {
-    byte Z[AES_BLOCK_SIZE];
-    byte V[AES_BLOCK_SIZE];
+    byte Z[WC_AES_BLOCK_SIZE];
+    byte V[WC_AES_BLOCK_SIZE];
     int i, j;
 
-    XMEMSET(Z, 0, AES_BLOCK_SIZE);
-    XMEMCPY(V, X, AES_BLOCK_SIZE);
-    for (i = 0; i < AES_BLOCK_SIZE; i++)
+    XMEMSET(Z, 0, WC_AES_BLOCK_SIZE);
+    XMEMCPY(V, X, WC_AES_BLOCK_SIZE);
+    for (i = 0; i < WC_AES_BLOCK_SIZE; i++)
     {
         byte y = Y[i];
         for (j = 0; j < 8; j++)
         {
             if (y & 0x80) {
-                xorbuf(Z, V, AES_BLOCK_SIZE);
+                xorbuf(Z, V, WC_AES_BLOCK_SIZE);
             }
 
             RIGHTSHIFTX(V);
             y = y << 1;
         }
     }
-    XMEMCPY(X, Z, AES_BLOCK_SIZE);
+    XMEMCPY(X, Z, WC_AES_BLOCK_SIZE);
 }
 
 
 void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     word32 cSz, byte* s, word32 sSz)
 {
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
     byte* h;
 
@@ -6572,38 +6904,38 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     }
 
     h = gcm->H;
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, a, AES_BLOCK_SIZE);
+            xorbuf(x, a, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, a, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
         }
     }
 
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, c, AES_BLOCK_SIZE);
+            xorbuf(x, c, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, c, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
         }
     }
@@ -6611,7 +6943,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     /* Hash in the lengths of A and C in bits */
     FlattenSzInBits(&scratch[0], aSz);
     FlattenSzInBits(&scratch[8], cSz);
-    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
     GMULT(x, h);
 
     /* Copy the result into s. */
@@ -6632,10 +6964,10 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                     \
+#define GHASH_ONE_BLOCK_SW(aes, block)                  \
     do {                                                \
-        xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE);    \
-        GMULT(AES_TAG(aes), aes->gcm.H);                \
+        xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \
+        GMULT(AES_TAG(aes), (aes)->gcm.H);              \
     }                                                   \
     while (0)
 #endif /* WOLFSSL_AESGCM_STREAM */
@@ -6709,17 +7041,17 @@ ALIGN16 static const byte R[256][2] = {
     {0xbc, 0xf8}, {0xbd, 0x3a}, {0xbf, 0x7c}, {0xbe, 0xbe} };
 
 
-static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
+static void GMULT(byte *x, byte m[256][WC_AES_BLOCK_SIZE])
 {
 #if !defined(WORD64_AVAILABLE) || defined(BIG_ENDIAN_ORDER)
     int i, j;
-    byte Z[AES_BLOCK_SIZE];
+    byte Z[WC_AES_BLOCK_SIZE];
     byte a;
 
     XMEMSET(Z, 0, sizeof(Z));
 
     for (i = 15; i > 0; i--) {
-        xorbuf(Z, m[x[i]], AES_BLOCK_SIZE);
+        xorbuf(Z, m[x[i]], WC_AES_BLOCK_SIZE);
         a = Z[15];
 
         for (j = 15; j > 0; j--) {
@@ -6729,11 +7061,11 @@ static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
         Z[0]  = R[a][0];
         Z[1] ^= R[a][1];
     }
-    xorbuf(Z, m[x[0]], AES_BLOCK_SIZE);
+    xorbuf(Z, m[x[0]], WC_AES_BLOCK_SIZE);
 
-    XMEMCPY(x, Z, AES_BLOCK_SIZE);
+    XMEMCPY(x, Z, WC_AES_BLOCK_SIZE);
 #elif defined(WC_32BIT_CPU)
-    byte Z[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
+    byte Z[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
     byte a;
     word32* pZ;
     word32* pm;
@@ -6765,7 +7097,7 @@ static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
     px[0] = pZ[0] ^ pm[0]; px[1] = pZ[1] ^ pm[1];
     px[2] = pZ[2] ^ pm[2]; px[3] = pZ[3] ^ pm[3];
 #else
-    byte Z[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
+    byte Z[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
     byte a;
     word64* pZ;
     word64* pm;
@@ -6797,46 +7129,46 @@ static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
 void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     word32 cSz, byte* s, word32 sSz)
 {
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
 
     if (gcm == NULL) {
         return;
     }
 
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, a, AES_BLOCK_SIZE);
+            xorbuf(x, a, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, a, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
         }
     }
 
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, c, AES_BLOCK_SIZE);
+            xorbuf(x, c, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, c, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
         }
     }
@@ -6844,7 +7176,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     /* Hash in the lengths of A and C in bits */
     FlattenSzInBits(&scratch[0], aSz);
     FlattenSzInBits(&scratch[8], cSz);
-    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
     GMULT(x, gcm->M0);
 
     /* Copy the result into s. */
@@ -6865,9 +7197,9 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                     \
+#define GHASH_ONE_BLOCK_SW(aes, block)                  \
     do {                                                \
-        xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE);    \
+        xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \
         GMULT(AES_TAG(aes), aes->gcm.M0);               \
     }                                                   \
     while (0)
@@ -6920,10 +7252,10 @@ static const word16 R[32] = {
  *    [0..15] * H
  */
 #if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU)
-static void GMULT(byte *x, byte m[16][AES_BLOCK_SIZE])
+static void GMULT(byte *x, byte m[16][WC_AES_BLOCK_SIZE])
 {
     int i, j, n;
-    byte Z[AES_BLOCK_SIZE];
+    byte Z[WC_AES_BLOCK_SIZE];
     byte a;
 
     XMEMSET(Z, 0, sizeof(Z));
@@ -6931,9 +7263,9 @@ static void GMULT(byte *x, byte m[16][AES_BLOCK_SIZE])
     for (i = 15; i >= 0; i--) {
         for (n = 0; n < 2; n++) {
             if (n == 0)
-                xorbuf(Z, m[x[i] & 0xf], AES_BLOCK_SIZE);
+                xorbuf(Z, m[x[i] & 0xf], WC_AES_BLOCK_SIZE);
             else {
-                xorbuf(Z, m[x[i] >> 4], AES_BLOCK_SIZE);
+                xorbuf(Z, m[x[i] >> 4], WC_AES_BLOCK_SIZE);
                 if (i == 0)
                     break;
             }
@@ -6948,10 +7280,10 @@ static void GMULT(byte *x, byte m[16][AES_BLOCK_SIZE])
         }
     }
 
-    XMEMCPY(x, Z, AES_BLOCK_SIZE);
+    XMEMCPY(x, Z, WC_AES_BLOCK_SIZE);
 }
 #elif defined(WC_32BIT_CPU)
-static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE])
+static WC_INLINE void GMULT(byte *x, byte m[32][WC_AES_BLOCK_SIZE])
 {
     int i;
     word32 z8[4] = {0, 0, 0, 0};
@@ -7025,7 +7357,7 @@ static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE])
     x8[0] = z8[0]; x8[1] = z8[1]; x8[2] = z8[2]; x8[3] = z8[3];
 }
 #else
-static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE])
+static WC_INLINE void GMULT(byte *x, byte m[32][WC_AES_BLOCK_SIZE])
 {
     int i;
     word64 z8[2] = {0, 0};
@@ -7097,46 +7429,46 @@ static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE])
 void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     word32 cSz, byte* s, word32 sSz)
 {
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
 
     if (gcm == NULL) {
         return;
     }
 
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, a, AES_BLOCK_SIZE);
+            xorbuf(x, a, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, a, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
         }
     }
 
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, c, AES_BLOCK_SIZE);
+            xorbuf(x, c, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, c, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, gcm->M0);
         }
     }
@@ -7144,7 +7476,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     /* Hash in the lengths of A and C in bits */
     FlattenSzInBits(&scratch[0], aSz);
     FlattenSzInBits(&scratch[8], cSz);
-    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
     GMULT(x, gcm->M0);
 
     /* Copy the result into s. */
@@ -7165,9 +7497,9 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                     \
+#define GHASH_ONE_BLOCK_SW(aes, block)                  \
     do {                                                \
-        xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE);    \
+        xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \
         GMULT(AES_TAG(aes), (aes)->gcm.M0);             \
     }                                                   \
     while (0)
@@ -7223,31 +7555,31 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         return;
     }
 
-    XMEMCPY(bigH, gcm->H, AES_BLOCK_SIZE);
+    XMEMCPY(bigH, gcm->H, WC_AES_BLOCK_SIZE);
     #ifdef LITTLE_ENDIAN_ORDER
-        ByteReverseWords64(bigH, bigH, AES_BLOCK_SIZE);
+        ByteReverseWords64(bigH, bigH, WC_AES_BLOCK_SIZE);
     #endif
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
         word64 bigA[2];
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            XMEMCPY(bigA, a, AES_BLOCK_SIZE);
+            XMEMCPY(bigA, a, WC_AES_BLOCK_SIZE);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
+                ByteReverseWords64(bigA, bigA, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigA[0];
             x[1] ^= bigA[1];
             GMULT(x, bigH);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(bigA, 0, AES_BLOCK_SIZE);
+            XMEMSET(bigA, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(bigA, a, partial);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
+                ByteReverseWords64(bigA, bigA, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigA[0];
             x[1] ^= bigA[1];
@@ -7265,8 +7597,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
         word64 bigC[2];
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
 #ifdef OPENSSL_EXTRA
         /* Start from last AAD partial tag */
         if(gcm->aadLen) {
@@ -7275,20 +7607,20 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
          }
 #endif
         while (blocks--) {
-            XMEMCPY(bigC, c, AES_BLOCK_SIZE);
+            XMEMCPY(bigC, c, WC_AES_BLOCK_SIZE);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
+                ByteReverseWords64(bigC, bigC, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigC[0];
             x[1] ^= bigC[1];
             GMULT(x, bigH);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(bigC, 0, AES_BLOCK_SIZE);
+            XMEMSET(bigC, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(bigC, c, partial);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
+                ByteReverseWords64(bigC, bigC, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigC[0];
             x[1] ^= bigC[1];
@@ -7313,7 +7645,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         GMULT(x, bigH);
     }
     #ifdef LITTLE_ENDIAN_ORDER
-        ByteReverseWords64(x, x, AES_BLOCK_SIZE);
+        ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE);
     #endif
     XMEMCPY(s, x, sSz);
 }
@@ -7328,7 +7660,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in] aes  AES GCM object.
  */
 #define GHASH_INIT_EXTRA(aes)                                               \
-    ByteReverseWords64((word64*)aes->gcm.H, (word64*)aes->gcm.H, AES_BLOCK_SIZE)
+    ByteReverseWords64((word64*)aes->gcm.H, (word64*)aes->gcm.H, WC_AES_BLOCK_SIZE)
 
 /* GHASH one block of data..
  *
@@ -7337,17 +7669,17 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                             \
-    do {                                                        \
-        word64* x = (word64*)AES_TAG(aes);                      \
-        word64* h = (word64*)aes->gcm.H;                        \
-        word64 block64[2];                                      \
-        XMEMCPY(block64, block, AES_BLOCK_SIZE);                \
-        ByteReverseWords64(block64, block64, AES_BLOCK_SIZE);   \
-        x[0] ^= block64[0];                                     \
-        x[1] ^= block64[1];                                     \
-        GMULT(x, h);                                            \
-    }                                                           \
+#define GHASH_ONE_BLOCK_SW(aes, block)                              \
+    do {                                                            \
+        word64* x = (word64*)AES_TAG(aes);                          \
+        word64* h = (word64*)aes->gcm.H;                            \
+        word64 block64[2];                                          \
+        XMEMCPY(block64, block, WC_AES_BLOCK_SIZE);                 \
+        ByteReverseWords64(block64, block64, WC_AES_BLOCK_SIZE);    \
+        x[0] ^= block64[0];                                         \
+        x[1] ^= block64[1];                                         \
+        GMULT(x, h);                                                \
+    }                                                               \
     while (0)
 
 #ifdef OPENSSL_EXTRA
@@ -7372,7 +7704,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         x[0] ^= len[0];                                 \
         x[1] ^= len[1];                                 \
         GMULT(x, h);                                    \
-        ByteReverseWords64(x, x, AES_BLOCK_SIZE);       \
+        ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE);    \
     }                                                   \
     while (0)
 #else
@@ -7395,7 +7727,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         x[0] ^= len[0];                                 \
         x[1] ^= len[1];                                 \
         GMULT(x, h);                                    \
-        ByteReverseWords64(x, x, AES_BLOCK_SIZE);       \
+        ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE);    \
     }                                                   \
     while (0)
 #endif
@@ -7415,12 +7747,12 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                     \
+#define GHASH_ONE_BLOCK_SW(aes, block)                  \
     do {                                                \
         word64* x = (word64*)AES_TAG(aes);              \
         word64* h = (word64*)aes->gcm.H;                \
         word64 block64[2];                              \
-        XMEMCPY(block64, block, AES_BLOCK_SIZE);        \
+        XMEMCPY(block64, block, WC_AES_BLOCK_SIZE);        \
         x[0] ^= block64[0];                             \
         x[1] ^= block64[1];                             \
         GMULT(x, h);                                    \
@@ -7540,33 +7872,33 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         return;
     }
 
-    XMEMCPY(bigH, gcm->H, AES_BLOCK_SIZE);
+    XMEMCPY(bigH, gcm->H, WC_AES_BLOCK_SIZE);
     #ifdef LITTLE_ENDIAN_ORDER
-        ByteReverseWords(bigH, bigH, AES_BLOCK_SIZE);
+        ByteReverseWords(bigH, bigH, WC_AES_BLOCK_SIZE);
     #endif
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
         word32 bigA[4];
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            XMEMCPY(bigA, a, AES_BLOCK_SIZE);
+            XMEMCPY(bigA, a, WC_AES_BLOCK_SIZE);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
+                ByteReverseWords(bigA, bigA, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigA[0];
             x[1] ^= bigA[1];
             x[2] ^= bigA[2];
             x[3] ^= bigA[3];
             GMULT(x, bigH);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(bigA, 0, AES_BLOCK_SIZE);
+            XMEMSET(bigA, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(bigA, a, partial);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
+                ByteReverseWords(bigA, bigA, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigA[0];
             x[1] ^= bigA[1];
@@ -7579,25 +7911,25 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
         word32 bigC[4];
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            XMEMCPY(bigC, c, AES_BLOCK_SIZE);
+            XMEMCPY(bigC, c, WC_AES_BLOCK_SIZE);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
+                ByteReverseWords(bigC, bigC, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigC[0];
             x[1] ^= bigC[1];
             x[2] ^= bigC[2];
             x[3] ^= bigC[3];
             GMULT(x, bigH);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(bigC, 0, AES_BLOCK_SIZE);
+            XMEMSET(bigC, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(bigC, c, partial);
             #ifdef LITTLE_ENDIAN_ORDER
-                ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
+                ByteReverseWords(bigC, bigC, WC_AES_BLOCK_SIZE);
             #endif
             x[0] ^= bigC[0];
             x[1] ^= bigC[1];
@@ -7624,7 +7956,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         GMULT(x, bigH);
     }
     #ifdef LITTLE_ENDIAN_ORDER
-        ByteReverseWords(x, x, AES_BLOCK_SIZE);
+        ByteReverseWords(x, x, WC_AES_BLOCK_SIZE);
     #endif
     XMEMCPY(s, x, sSz);
 }
@@ -7638,7 +7970,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes  AES GCM object.
  */
 #define GHASH_INIT_EXTRA(aes) \
-    ByteReverseWords((word32*)aes->gcm.H, (word32*)aes->gcm.H, AES_BLOCK_SIZE)
+    ByteReverseWords((word32*)aes->gcm.H, (word32*)aes->gcm.H, WC_AES_BLOCK_SIZE)
 
 /* GHASH one block of data..
  *
@@ -7647,19 +7979,19 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                         \
-    do {                                                    \
-        word32* x = (word32*)AES_TAG(aes);                  \
-        word32* h = (word32*)aes->gcm.H;                    \
-        word32 bigEnd[4];                                   \
-        XMEMCPY(bigEnd, block, AES_BLOCK_SIZE);             \
-        ByteReverseWords(bigEnd, bigEnd, AES_BLOCK_SIZE);   \
-        x[0] ^= bigEnd[0];                                  \
-        x[1] ^= bigEnd[1];                                  \
-        x[2] ^= bigEnd[2];                                  \
-        x[3] ^= bigEnd[3];                                  \
-        GMULT(x, h);                                        \
-    }                                                       \
+#define GHASH_ONE_BLOCK_SW(aes, block)                          \
+    do {                                                        \
+        word32* x = (word32*)AES_TAG(aes);                      \
+        word32* h = (word32*)aes->gcm.H;                        \
+        word32 bigEnd[4];                                       \
+        XMEMCPY(bigEnd, block, WC_AES_BLOCK_SIZE);              \
+        ByteReverseWords(bigEnd, bigEnd, WC_AES_BLOCK_SIZE);    \
+        x[0] ^= bigEnd[0];                                      \
+        x[1] ^= bigEnd[1];                                      \
+        x[2] ^= bigEnd[2];                                      \
+        x[3] ^= bigEnd[3];                                      \
+        GMULT(x, h);                                            \
+    }                                                           \
     while (0)
 
 /* GHASH in AAD and cipher text lengths in bits.
@@ -7682,7 +8014,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         x[2] ^= len[2];                                     \
         x[3] ^= len[3];                                     \
         GMULT(x, h);                                        \
-        ByteReverseWords(x, x, AES_BLOCK_SIZE);             \
+        ByteReverseWords(x, x, WC_AES_BLOCK_SIZE);          \
     }                                                       \
     while (0)
 #else
@@ -7699,12 +8031,12 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  * @param [in, out] aes    AES GCM object.
  * @param [in]      block  Block of AAD or cipher text.
  */
-#define GHASH_ONE_BLOCK(aes, block)                         \
+#define GHASH_ONE_BLOCK_SW(aes, block)                      \
     do {                                                    \
         word32* x = (word32*)AES_TAG(aes);                  \
         word32* h = (word32*)aes->gcm.H;                    \
         word32 block32[4];                                  \
-        XMEMCPY(block32, block, AES_BLOCK_SIZE);            \
+        XMEMCPY(block32, block, WC_AES_BLOCK_SIZE);         \
         x[0] ^= block32[0];                                 \
         x[1] ^= block32[1];                                 \
         x[2] ^= block32[2];                                 \
@@ -7748,7 +8080,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  */
 #define GHASH_LEN_BLOCK(aes)                      \
     do {                                          \
-        byte scratch[AES_BLOCK_SIZE];             \
+        byte scratch[WC_AES_BLOCK_SIZE];          \
         FlattenSzInBits(&scratch[0], (aes)->aSz); \
         FlattenSzInBits(&scratch[8], (aes)->cSz); \
         GHASH_ONE_BLOCK(aes, scratch);            \
@@ -7762,12 +8094,21 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
  */
 static void GHASH_INIT(Aes* aes) {
     /* Set tag to all zeros as initial value. */
-    XMEMSET(AES_TAG(aes), 0, AES_BLOCK_SIZE);
+    XMEMSET(AES_TAG(aes), 0, WC_AES_BLOCK_SIZE);
     /* Reset counts of AAD and cipher text. */
     aes->aOver = 0;
     aes->cOver = 0;
-    /* Extra initialization based on implementation. */
-    GHASH_INIT_EXTRA(aes);
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+        ; /* Don't do extra initialization. */
+    }
+    else
+#endif
+    {
+        /* Extra initialization based on implementation. */
+        GHASH_INIT_EXTRA(aes);
+    }
 }
 
 /* Update the GHASH with AAD and/or cipher text.
@@ -7791,14 +8132,14 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         /* Check if we have unprocessed data. */
         if (aes->aOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->aOver;
+            byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->aOver);
             if (sz > aSz) {
                 sz = (byte)aSz;
             }
             /* Copy extra into last GHASH block array and update count. */
             XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz);
-            aes->aOver += sz;
-            if (aes->aOver == AES_BLOCK_SIZE) {
+            aes->aOver = (byte)(aes->aOver + sz);
+            if (aes->aOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
                 GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
                 /* Reset count. */
@@ -7810,12 +8151,12 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         }
 
         /* Calculate number of blocks of AAD and the leftover. */
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         /* GHASH full blocks now. */
         while (blocks--) {
             GHASH_ONE_BLOCK(aes, a);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Cache the partial block. */
@@ -7826,7 +8167,7 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
     if (aes->aOver > 0 && cSz > 0 && c != NULL) {
         /* No more AAD coming and we have a partial block. */
         /* Fill the rest of the block with zeros. */
-        byte sz = AES_BLOCK_SIZE - aes->aOver;
+        byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->aOver);
         XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0, sz);
         /* GHASH last AAD block. */
         GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
@@ -7840,14 +8181,14 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         aes->cSz += cSz;
         if (aes->cOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->cOver;
+            byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->cOver);
             if (sz > cSz) {
                 sz = (byte)cSz;
             }
             XMEMCPY(AES_LASTGBLOCK(aes) + aes->cOver, c, sz);
             /* Update count of unused encrypted counter. */
-            aes->cOver += sz;
-            if (aes->cOver == AES_BLOCK_SIZE) {
+            aes->cOver = (byte)(aes->cOver + sz);
+            if (aes->cOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
                 GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
                 /* Reset count. */
@@ -7859,12 +8200,12 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         }
 
         /* Calculate number of blocks of cipher text and the leftover. */
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         /* GHASH full blocks now. */
         while (blocks--) {
             GHASH_ONE_BLOCK(aes, c);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Cache the partial block. */
@@ -7893,7 +8234,8 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz)
     }
     if (over > 0) {
         /* Zeroize the unused part of the block. */
-        XMEMSET(AES_LASTGBLOCK(aes) + over, 0, AES_BLOCK_SIZE - over);
+        XMEMSET(AES_LASTGBLOCK(aes) + over, 0,
+            (size_t)WC_AES_BLOCK_SIZE - over);
         /* Hash the last block of cipher text. */
         GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
     }
@@ -7901,6 +8243,8 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz)
     GHASH_LEN_BLOCK(aes);
     /* Copy the result into s. */
     XMEMCPY(s, AES_TAG(aes), sSz);
+    /* reset aes->gcm.H in case of reuse */
+    GHASH_INIT_EXTRA(aes);
 }
 #endif /* WOLFSSL_AESGCM_STREAM */
 
@@ -7915,7 +8259,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     word32 keySize;
 
     /* argument checks */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0) {
         return BAD_FUNC_ARG;
     }
 
@@ -7944,8 +8288,6 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 #ifdef STM32_CRYPTO_AES_GCM
 
 /* this function supports inline encrypt */
-/* define STM32_AESGCM_PARTIAL for STM HW that does not support authentication
- * on byte multiples (see CRYP_HEADERWIDTHUNIT_BYTE) */
 static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
                                   Aes* aes, byte* out, const byte* in, word32 sz,
                                   const byte* iv, word32 ivSz,
@@ -7961,16 +8303,16 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
     word32 keySize;
 #ifdef WOLFSSL_STM32_CUBEMX
     int status = HAL_OK;
-    word32 blocks = sz / AES_BLOCK_SIZE;
-    word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)];
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partialBlock[WC_AES_BLOCK_SIZE/sizeof(word32)];
 #else
     int status = SUCCESS;
 #endif
-    word32 partial = sz % AES_BLOCK_SIZE;
-    word32 tag[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 ctrInit[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 ctr[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)];
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
+    word32 tag[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 ctrInit[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 ctr[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 authhdr[WC_AES_BLOCK_SIZE/sizeof(word32)];
     byte* authInPadded = NULL;
     int authPadSz, wasAlloc = 0, useSwGhash = 0;
 
@@ -7984,21 +8326,31 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
         return ret;
 #endif
 
-    XMEMSET(ctr, 0, AES_BLOCK_SIZE);
+    XMEMSET(ctr, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         byte* pCtr = (byte*)ctr;
         XMEMCPY(ctr, iv, ivSz);
-        pCtr[AES_BLOCK_SIZE - 1] = 1;
+        pCtr[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, (byte*)ctr, WC_AES_BLOCK_SIZE);
     }
     XMEMCPY(ctrInit, ctr, sizeof(ctr)); /* save off initial counter for GMAC */
 
     /* Authentication buffer - must be 4-byte multiple zero padded */
     authPadSz = authInSz % sizeof(word32);
+#ifdef WOLFSSL_STM32MP13
+    /* STM32MP13 HAL at least v1.2 and lower has a bug with which it needs a
+     * minimum of 16 bytes for the auth
+     */
+    if ((authInSz > 0) && (authInSz < 16)) {
+        authPadSz = 16 - authInSz;
+    }
+#endif
     if (authPadSz != 0) {
-        authPadSz = authInSz + sizeof(word32) - authPadSz;
+        if (authPadSz < authInSz + sizeof(word32)) {
+            authPadSz = authInSz + sizeof(word32) - authPadSz;
+        }
         if (authPadSz <= sizeof(authhdr)) {
             authInPadded = (byte*)authhdr;
         }
@@ -8021,11 +8373,11 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
     /* for cases where hardware cannot be used for authTag calculate it */
     /* if IV is not 12 calculate GHASH using software */
     if (ivSz != GCM_NONCE_MID_SZ
-    #ifndef CRYP_HEADERWIDTHUNIT_BYTE
+    #if !defined(CRYP_HEADERWIDTHUNIT_BYTE)
         /* or hardware that does not support partial block */
         || sz == 0 || partial != 0
     #endif
-    #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(STM32_AESGCM_PARTIAL)
+    #if !defined(STM_CRYPT_HEADER_WIDTH) || STM_CRYPT_HEADER_WIDTH == 4
         /* or authIn is not a multiple of 4  */
         || authPadSz != authInSz
     #endif
@@ -8040,43 +8392,39 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
     if (ret != 0) {
         return ret;
     }
+
 #ifdef WOLFSSL_STM32_CUBEMX
     hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr;
     hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded;
 
 #if defined(STM32_HAL_V2)
     hcryp.Init.Algorithm = CRYP_AES_GCM;
-    #ifdef CRYP_HEADERWIDTHUNIT_BYTE
-    /* V2 with CRYP_HEADERWIDTHUNIT_BYTE uses byte size for header */
-    hcryp.Init.HeaderSize = authInSz;
-    #else
-    hcryp.Init.HeaderSize = authPadSz/sizeof(word32);
-    #endif
+    hcryp.Init.HeaderSize = authPadSz / STM_CRYPT_HEADER_WIDTH;
     #ifdef CRYP_KEYIVCONFIG_ONCE
     /* allows repeated calls to HAL_CRYP_Encrypt */
     hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE;
     #endif
-    ByteReverseWords(ctr, ctr, AES_BLOCK_SIZE);
+    ByteReverseWords(ctr, ctr, WC_AES_BLOCK_SIZE);
     hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr;
     HAL_CRYP_Init(&hcryp);
 
     #ifndef CRYP_KEYIVCONFIG_ONCE
     /* GCM payload phase - can handle partial blocks */
     status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in,
-        (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
+        (blocks * WC_AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
     #else
     /* GCM payload phase - blocks */
     if (blocks) {
         status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in,
-            (blocks * AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT);
+            (blocks * WC_AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT);
     }
     /* GCM payload phase - partial remainder */
     if (status == HAL_OK && (partial != 0 || blocks == 0)) {
         XMEMSET(partialBlock, 0, sizeof(partialBlock));
-        XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
+        XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial);
         status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)partialBlock, partial,
             (uint32_t*)partialBlock, STM32_HAL_TIMEOUT);
-        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
+        XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial);
     }
     #endif
     if (status == HAL_OK && !useSwGhash) {
@@ -8106,16 +8454,16 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
         hcryp.Init.GCMCMACPhase = CRYP_PAYLOAD_PHASE;
         if (blocks) {
             status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)in,
-                (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
+                (blocks * WC_AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
         }
     }
     if (status == HAL_OK && (partial != 0 || (sz > 0 && blocks == 0))) {
         /* GCM payload phase - partial remainder */
         XMEMSET(partialBlock, 0, sizeof(partialBlock));
-        XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
+        XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial);
         status = HAL_CRYPEx_AES_Auth(&hcryp, (uint8_t*)partialBlock, partial,
                 (uint8_t*)partialBlock, STM32_HAL_TIMEOUT);
-        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
+        XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial);
     }
     if (status == HAL_OK && !useSwGhash) {
         /* GCM final phase */
@@ -8128,15 +8476,15 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
     if (blocks) {
         /* GCM payload phase - blocks */
         status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (byte*)in,
-            (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
+            (blocks * WC_AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
     }
     if (status == HAL_OK && (partial != 0 || blocks == 0)) {
         /* GCM payload phase - partial remainder */
         XMEMSET(partialBlock, 0, sizeof(partialBlock));
-        XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
+        XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial);
         status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (uint8_t*)partialBlock, partial,
             (uint8_t*)partialBlock, STM32_HAL_TIMEOUT);
-        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
+        XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial);
     }
     if (status == HAL_OK && !useSwGhash) {
         /* Compute the authTag */
@@ -8205,20 +8553,20 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C(
                       const byte* authIn, word32 authInSz)
 {
     int ret = 0;
-    word32 blocks = sz / AES_BLOCK_SIZE;
-    word32 partial = sz % AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
     const byte* p = in;
     byte* c = out;
-    ALIGN16 byte counter[AES_BLOCK_SIZE];
-    ALIGN16 byte initialCounter[AES_BLOCK_SIZE];
-    ALIGN16 byte scratch[AES_BLOCK_SIZE];
+    ALIGN16 byte counter[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte initialCounter[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
 
     if (ivSz == GCM_NONCE_MID_SZ) {
         /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
         XMEMCPY(counter, iv, ivSz);
         XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
-                                         AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+                                         WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
         /* Counter is GHASH of IV. */
@@ -8226,21 +8574,21 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C(
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
 #endif
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
 #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
 #endif
     }
-    XMEMCPY(initialCounter, counter, AES_BLOCK_SIZE);
+    XMEMCPY(initialCounter, counter, WC_AES_BLOCK_SIZE);
 
 #ifdef WOLFSSL_PIC32MZ_CRYPT
     if (blocks) {
         /* use initial IV for HW, but don't use it below */
-        XMEMCPY(aes->reg, counter, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, counter, WC_AES_BLOCK_SIZE);
 
         ret = wc_Pic32AesCrypt(
-            aes->key, aes->keylen, aes->reg, AES_BLOCK_SIZE,
-            out, in, (blocks * AES_BLOCK_SIZE),
+            aes->key, aes->keylen, aes->reg, WC_AES_BLOCK_SIZE,
+            out, in, (blocks * WC_AES_BLOCK_SIZE),
             PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM);
         if (ret != 0)
             return ret;
@@ -8254,15 +8602,15 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C(
     if (c != p && blocks > 0) { /* can not handle inline encryption */
         while (blocks--) {
             IncrementGcmCounter(counter);
-            XMEMCPY(c, counter, AES_BLOCK_SIZE);
-            c += AES_BLOCK_SIZE;
+            XMEMCPY(c, counter, WC_AES_BLOCK_SIZE);
+            c += WC_AES_BLOCK_SIZE;
         }
 
         /* reset number of blocks and then do encryption */
-        blocks = sz / AES_BLOCK_SIZE;
-        wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks);
-        xorbuf(out, p, AES_BLOCK_SIZE * blocks);
-        p += AES_BLOCK_SIZE * blocks;
+        blocks = sz / WC_AES_BLOCK_SIZE;
+        wc_AesEcbEncrypt(aes, out, out, WC_AES_BLOCK_SIZE * blocks);
+        xorbuf(out, p, WC_AES_BLOCK_SIZE * blocks);
+        p += WC_AES_BLOCK_SIZE * blocks;
     }
     else
 #endif /* HAVE_AES_ECB && !WOLFSSL_PIC32MZ_CRYPT */
@@ -8273,10 +8621,10 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C(
             ret = wc_AesEncrypt(aes, counter, scratch);
             if (ret != 0)
                 return ret;
-            xorbufout(c, scratch, p, AES_BLOCK_SIZE);
+            xorbufout(c, scratch, p, WC_AES_BLOCK_SIZE);
         #endif
-            p += AES_BLOCK_SIZE;
-            c += AES_BLOCK_SIZE;
+            p += WC_AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
     }
 
@@ -8312,7 +8660,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     int ret;
 
     /* argument checks */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 ||
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 ||
         ((authTagSz > 0) && (authTag == NULL)) ||
         ((authInSz > 0) && (authIn == NULL)))
     {
@@ -8414,6 +8762,14 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         }
     }
     else
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+        AES_GCM_encrypt_AARCH64(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+            authIn, authInSz);
+        ret = 0;
+    }
+    else
 #endif /* WOLFSSL_AESNI */
     {
         ret = AES_GCM_encrypt_C(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
@@ -8443,7 +8799,7 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     /* If the sz is non-zero, both in and out must be set. If sz is 0,
      * in and out are don't cares, as this is is the GMAC case. */
     if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
-        authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 ||
+        authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || authTagSz == 0 ||
         ivSz == 0 || ((authInSz > 0) && (authIn == NULL)))
     {
         return BAD_FUNC_ARG;
@@ -8480,18 +8836,18 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
 #ifdef WOLFSSL_STM32_CUBEMX
     int status = HAL_OK;
     CRYP_HandleTypeDef hcryp;
-    word32 blocks = sz / AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
 #else
     int status = SUCCESS;
     word32 keyCopy[AES_256_KEY_SIZE/sizeof(word32)];
 #endif
     word32 keySize;
-    word32 partial = sz % AES_BLOCK_SIZE;
-    word32 tag[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 tagExpected[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 ctr[AES_BLOCK_SIZE/sizeof(word32)];
-    word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)];
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
+    word32 tag[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 tagExpected[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 partialBlock[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 ctr[WC_AES_BLOCK_SIZE/sizeof(word32)];
+    word32 authhdr[WC_AES_BLOCK_SIZE/sizeof(word32)];
     byte* authInPadded = NULL;
     int authPadSz, wasAlloc = 0, tagComputed = 0;
 
@@ -8505,14 +8861,14 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
         return ret;
 #endif
 
-    XMEMSET(ctr, 0, AES_BLOCK_SIZE);
+    XMEMSET(ctr, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         byte* pCtr = (byte*)ctr;
         XMEMCPY(ctr, iv, ivSz);
-        pCtr[AES_BLOCK_SIZE - 1] = 1;
+        pCtr[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, (byte*)ctr, WC_AES_BLOCK_SIZE);
     }
 
     /* Make copy of expected authTag, which could get corrupted in some
@@ -8529,14 +8885,23 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
         authPadSz = authInSz;
     }
 
+#ifdef WOLFSSL_STM32MP13
+    /* STM32MP13 HAL at least v1.2 and lower has a bug with which it needs a
+     * minimum of 16 bytes for the auth
+     */
+    if ((authInSz > 0) && (authInSz < 16)) {
+        authPadSz = 16 - authInSz;
+    }
+#endif
+
     /* for cases where hardware cannot be used for authTag calculate it */
     /* if IV is not 12 calculate GHASH using software */
     if (ivSz != GCM_NONCE_MID_SZ
-    #ifndef CRYP_HEADERWIDTHUNIT_BYTE
+    #if !defined(CRYP_HEADERWIDTHUNIT_BYTE)
         /* or hardware that does not support partial block */
         || sz == 0 || partial != 0
     #endif
-    #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(STM32_AESGCM_PARTIAL)
+    #if !defined(STM_CRYPT_HEADER_WIDTH) || STM_CRYPT_HEADER_WIDTH == 4
         /* or authIn is not a multiple of 4  */
         || authPadSz != authInSz
     #endif
@@ -8582,36 +8947,32 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
 
 #if defined(STM32_HAL_V2)
     hcryp.Init.Algorithm = CRYP_AES_GCM;
-    #ifdef CRYP_HEADERWIDTHUNIT_BYTE
-    /* V2 with CRYP_HEADERWIDTHUNIT_BYTE uses byte size for header */
-    hcryp.Init.HeaderSize = authInSz;
-    #else
-    hcryp.Init.HeaderSize = authPadSz/sizeof(word32);
-    #endif
+    hcryp.Init.HeaderSize = authPadSz / STM_CRYPT_HEADER_WIDTH;
+
     #ifdef CRYP_KEYIVCONFIG_ONCE
     /* allows repeated calls to HAL_CRYP_Decrypt */
     hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE;
     #endif
-    ByteReverseWords(ctr, ctr, AES_BLOCK_SIZE);
+    ByteReverseWords(ctr, ctr, WC_AES_BLOCK_SIZE);
     hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr;
     HAL_CRYP_Init(&hcryp);
 
     #ifndef CRYP_KEYIVCONFIG_ONCE
     status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in,
-        (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
+        (blocks * WC_AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
     #else
     /* GCM payload phase - blocks */
     if (blocks) {
         status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in,
-            (blocks * AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT);
+            (blocks * WC_AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT);
     }
     /* GCM payload phase - partial remainder */
     if (status == HAL_OK && (partial != 0 || blocks == 0)) {
         XMEMSET(partialBlock, 0, sizeof(partialBlock));
-        XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
+        XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial);
         status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)partialBlock, partial,
             (uint32_t*)partialBlock, STM32_HAL_TIMEOUT);
-        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
+        XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial);
     }
     #endif
     if (status == HAL_OK && !tagComputed) {
@@ -8641,16 +9002,16 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
         hcryp.Init.GCMCMACPhase = CRYP_PAYLOAD_PHASE;
         if (blocks) {
             status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)in,
-                (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
+                (blocks * WC_AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
         }
     }
     if (status == HAL_OK && (partial != 0 || (sz > 0 && blocks == 0))) {
         /* GCM payload phase - partial remainder */
         XMEMSET(partialBlock, 0, sizeof(partialBlock));
-        XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
+        XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial);
         status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)partialBlock, partial,
             (byte*)partialBlock, STM32_HAL_TIMEOUT);
-        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
+        XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial);
     }
     if (status == HAL_OK && tagComputed == 0) {
         /* GCM final phase */
@@ -8663,15 +9024,15 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
     if (blocks) {
         /* GCM payload phase - blocks */
         status = HAL_CRYPEx_AESGCM_Decrypt(&hcryp, (byte*)in,
-            (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
+            (blocks * WC_AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT);
     }
     if (status == HAL_OK && (partial != 0 || blocks == 0)) {
         /* GCM payload phase - partial remainder */
         XMEMSET(partialBlock, 0, sizeof(partialBlock));
-        XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
+        XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial);
         status = HAL_CRYPEx_AESGCM_Decrypt(&hcryp, (byte*)partialBlock, partial,
             (byte*)partialBlock, STM32_HAL_TIMEOUT);
-        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
+        XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial);
     }
     if (status == HAL_OK && tagComputed == 0) {
         /* Compute the authTag */
@@ -8736,22 +9097,22 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
                       const byte* authIn, word32 authInSz)
 {
     int ret;
-    word32 blocks = sz / AES_BLOCK_SIZE;
-    word32 partial = sz % AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
     const byte* c = in;
     byte* p = out;
-    ALIGN16 byte counter[AES_BLOCK_SIZE];
-    ALIGN16 byte scratch[AES_BLOCK_SIZE];
-    ALIGN16 byte Tprime[AES_BLOCK_SIZE];
-    ALIGN16 byte EKY0[AES_BLOCK_SIZE];
+    ALIGN16 byte counter[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte Tprime[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte EKY0[WC_AES_BLOCK_SIZE];
     sword32 res;
 
     if (ivSz == GCM_NONCE_MID_SZ) {
         /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
         XMEMCPY(counter, iv, ivSz);
         XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
-                                         AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+                                         WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
         /* Counter is GHASH of IV. */
@@ -8759,7 +9120,7 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
 #endif
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
 #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
 #endif
@@ -8796,11 +9157,11 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
 #if defined(WOLFSSL_PIC32MZ_CRYPT)
     if (blocks) {
         /* use initial IV for HW, but don't use it below */
-        XMEMCPY(aes->reg, counter, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, counter, WC_AES_BLOCK_SIZE);
 
         ret = wc_Pic32AesCrypt(
-            aes->key, aes->keylen, aes->reg, AES_BLOCK_SIZE,
-            out, in, (blocks * AES_BLOCK_SIZE),
+            aes->key, aes->keylen, aes->reg, WC_AES_BLOCK_SIZE,
+            out, in, (blocks * WC_AES_BLOCK_SIZE),
             PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM);
         if (ret != 0)
             return ret;
@@ -8814,16 +9175,16 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
     if (c != p && blocks > 0) { /* can not handle inline decryption */
         while (blocks--) {
             IncrementGcmCounter(counter);
-            XMEMCPY(p, counter, AES_BLOCK_SIZE);
-            p += AES_BLOCK_SIZE;
+            XMEMCPY(p, counter, WC_AES_BLOCK_SIZE);
+            p += WC_AES_BLOCK_SIZE;
         }
 
         /* reset number of blocks and then do encryption */
-        blocks = sz / AES_BLOCK_SIZE;
+        blocks = sz / WC_AES_BLOCK_SIZE;
 
-        wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks);
-        xorbuf(out, c, AES_BLOCK_SIZE * blocks);
-        c += AES_BLOCK_SIZE * blocks;
+        wc_AesEcbEncrypt(aes, out, out, WC_AES_BLOCK_SIZE * blocks);
+        xorbuf(out, c, WC_AES_BLOCK_SIZE * blocks);
+        c += WC_AES_BLOCK_SIZE * blocks;
     }
     else
 #endif /* HAVE_AES_ECB && !PIC32MZ */
@@ -8834,10 +9195,10 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
             ret = wc_AesEncrypt(aes, counter, scratch);
             if (ret != 0)
                 return ret;
-            xorbufout(p, scratch, c, AES_BLOCK_SIZE);
+            xorbufout(p, scratch, c, WC_AES_BLOCK_SIZE);
         #endif
-            p += AES_BLOCK_SIZE;
-            c += AES_BLOCK_SIZE;
+            p += WC_AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
     }
 
@@ -8862,7 +9223,7 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
     /* now use res as a mask for constant time return of ret, unless tag
      * mismatch, whereupon AES_GCM_AUTH_E is returned.
      */
-    ret = (ret & ~res) | (res & AES_GCM_AUTH_E);
+    ret = (ret & ~res) | (res & WC_NO_ERR_TRACE(AES_GCM_AUTH_E));
 #endif
     return ret;
 }
@@ -8882,7 +9243,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     /* If the sz is non-zero, both in and out must be set. If sz is 0,
      * in and out are don't cares, as this is is the GMAC case. */
     if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
-        authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 ||
+        authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || authTagSz == 0 ||
         ivSz == 0) {
 
         return BAD_FUNC_ARG;
@@ -8988,6 +9349,13 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         }
     }
     else
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+        ret = AES_GCM_decrypt_AARCH64(aes, out, in, sz, iv, ivSz, authTag,
+            authTagSz, authIn, authInSz);
+    }
+    else
 #endif /* WOLFSSL_AESNI */
     {
         ret = AES_GCM_decrypt_C(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
@@ -9011,15 +9379,15 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  */
 static WARN_UNUSED_RESULT int AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz)
 {
-    ALIGN32 byte counter[AES_BLOCK_SIZE];
+    ALIGN32 byte counter[WC_AES_BLOCK_SIZE];
     int ret;
 
     if (ivSz == GCM_NONCE_MID_SZ) {
         /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
         XMEMCPY(counter, iv, ivSz);
         XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
-                                         AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+                                         WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
         /* Counter is GHASH of IV. */
@@ -9027,14 +9395,14 @@ static WARN_UNUSED_RESULT int AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
     #endif
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
     #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
     #endif
     }
 
     /* Copy in the counter for use with cipher. */
-    XMEMCPY(AES_COUNTER(aes), counter, AES_BLOCK_SIZE);
+    XMEMCPY(AES_COUNTER(aes), counter, WC_AES_BLOCK_SIZE);
     /* Encrypt initial counter into a buffer for GCM. */
     ret = wc_AesEncrypt(aes, counter, AES_INITCTR(aes));
     if (ret != 0)
@@ -9067,12 +9435,12 @@ static WARN_UNUSED_RESULT int AesGcmCryptUpdate_C(
 
     /* Check if previous encrypted block was not used up. */
     if (aes->over > 0) {
-        byte pSz = AES_BLOCK_SIZE - aes->over;
+        byte pSz = (byte)(WC_AES_BLOCK_SIZE - aes->over);
         if (pSz > sz) pSz = (byte)sz;
 
         /* Use some/all of last encrypted block. */
         xorbufout(out, AES_LASTBLOCK(aes) + aes->over, in, pSz);
-        aes->over = (aes->over + pSz) & (AES_BLOCK_SIZE - 1);
+        aes->over = (aes->over + pSz) & (WC_AES_BLOCK_SIZE - 1);
 
         /* Some data used. */
         sz  -= pSz;
@@ -9082,8 +9450,8 @@ static WARN_UNUSED_RESULT int AesGcmCryptUpdate_C(
 
     /* Calculate the number of blocks needing to be encrypted and any leftover.
      */
-    blocks  = sz / AES_BLOCK_SIZE;
-    partial = sz & (AES_BLOCK_SIZE - 1);
+    blocks  = sz / WC_AES_BLOCK_SIZE;
+    partial = sz & (WC_AES_BLOCK_SIZE - 1);
 
 #if defined(HAVE_AES_ECB)
     /* Some hardware acceleration can gain performance from doing AES encryption
@@ -9095,33 +9463,33 @@ static WARN_UNUSED_RESULT int AesGcmCryptUpdate_C(
         /* Place incrementing counter blocks into cipher text. */
         for (b = 0; b < blocks; b++) {
             IncrementGcmCounter(AES_COUNTER(aes));
-            XMEMCPY(out + b * AES_BLOCK_SIZE, AES_COUNTER(aes), AES_BLOCK_SIZE);
+            XMEMCPY(out + b * WC_AES_BLOCK_SIZE, AES_COUNTER(aes), WC_AES_BLOCK_SIZE);
         }
 
         /* Encrypt counter blocks. */
-        wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks);
+        wc_AesEcbEncrypt(aes, out, out, WC_AES_BLOCK_SIZE * blocks);
         /* XOR in plaintext. */
-        xorbuf(out, in, AES_BLOCK_SIZE * blocks);
+        xorbuf(out, in, WC_AES_BLOCK_SIZE * blocks);
         /* Skip over processed data. */
-        in += AES_BLOCK_SIZE * blocks;
-        out += AES_BLOCK_SIZE * blocks;
+        in += WC_AES_BLOCK_SIZE * blocks;
+        out += WC_AES_BLOCK_SIZE * blocks;
     }
     else
 #endif /* HAVE_AES_ECB */
     {
         /* Encrypt block by block. */
         while (blocks--) {
-            ALIGN32 byte scratch[AES_BLOCK_SIZE];
+            ALIGN32 byte scratch[WC_AES_BLOCK_SIZE];
             IncrementGcmCounter(AES_COUNTER(aes));
             /* Encrypt counter into a buffer. */
             ret = wc_AesEncrypt(aes, AES_COUNTER(aes), scratch);
             if (ret != 0)
                 return ret;
             /* XOR plain text into encrypted counter into cipher text buffer. */
-            xorbufout(out, scratch, in, AES_BLOCK_SIZE);
+            xorbufout(out, scratch, in, WC_AES_BLOCK_SIZE);
             /* Data complete. */
-            in  += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            in  += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
     }
 
@@ -9159,7 +9527,7 @@ static WARN_UNUSED_RESULT int AesGcmFinal_C(
     aes->gcm.aadLen = aes->aSz;
 #endif
     /* Zeroize last block to protect sensitive data. */
-    ForceZero(AES_LASTBLOCK(aes), AES_BLOCK_SIZE);
+    ForceZero(AES_LASTBLOCK(aes), WC_AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -9244,7 +9612,7 @@ static WARN_UNUSED_RESULT int AesGcmInit_aesni(
     aes->aSz = 0;
     aes->cSz = 0;
     /* Set tag to all zeros as initial value. */
-    XMEMSET(AES_TAG(aes), 0, AES_BLOCK_SIZE);
+    XMEMSET(AES_TAG(aes), 0, WC_AES_BLOCK_SIZE);
     /* Reset counts of AAD and cipher text. */
     aes->aOver = 0;
     aes->cOver = 0;
@@ -9294,14 +9662,14 @@ static WARN_UNUSED_RESULT int AesGcmAadUpdate_aesni(
         /* Check if we have unprocessed data. */
         if (aes->aOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->aOver;
+            byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->aOver);
             if (sz > aSz) {
                 sz = (byte)aSz;
             }
             /* Copy extra into last GHASH block array and update count. */
             XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz);
-            aes->aOver += sz;
-            if (aes->aOver == AES_BLOCK_SIZE) {
+            aes->aOver = (byte)(aes->aOver + sz);
+            if (aes->aOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
             #ifdef HAVE_INTEL_AVX2
                 if (IS_INTEL_AVX2(intel_flags)) {
@@ -9330,30 +9698,30 @@ static WARN_UNUSED_RESULT int AesGcmAadUpdate_aesni(
         }
 
         /* Calculate number of blocks of AAD and the leftover. */
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
             /* GHASH full blocks now. */
         #ifdef HAVE_INTEL_AVX2
             if (IS_INTEL_AVX2(intel_flags)) {
-                AES_GCM_aad_update_avx2(a, blocks * AES_BLOCK_SIZE,
+                AES_GCM_aad_update_avx2(a, blocks * WC_AES_BLOCK_SIZE,
                                         AES_TAG(aes), aes->gcm.H);
             }
             else
         #endif
         #ifdef HAVE_INTEL_AVX1
             if (IS_INTEL_AVX1(intel_flags)) {
-                AES_GCM_aad_update_avx1(a, blocks * AES_BLOCK_SIZE,
+                AES_GCM_aad_update_avx1(a, blocks * WC_AES_BLOCK_SIZE,
                                         AES_TAG(aes), aes->gcm.H);
             }
             else
         #endif
             {
-                AES_GCM_aad_update_aesni(a, blocks * AES_BLOCK_SIZE,
+                AES_GCM_aad_update_aesni(a, blocks * WC_AES_BLOCK_SIZE,
                                          AES_TAG(aes), aes->gcm.H);
             }
             /* Skip over to end of AAD blocks. */
-            a += blocks * AES_BLOCK_SIZE;
+            a += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Cache the partial block. */
@@ -9365,7 +9733,7 @@ static WARN_UNUSED_RESULT int AesGcmAadUpdate_aesni(
         /* No more AAD coming and we have a partial block. */
         /* Fill the rest of the block with zeros. */
         XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0,
-                AES_BLOCK_SIZE - aes->aOver);
+                (size_t)WC_AES_BLOCK_SIZE - aes->aOver);
         /* GHASH last AAD block. */
     #ifdef HAVE_INTEL_AVX2
         if (IS_INTEL_AVX2(intel_flags)) {
@@ -9423,7 +9791,7 @@ static WARN_UNUSED_RESULT int AesGcmEncryptUpdate_aesni(
         aes->cSz += cSz;
         if (aes->cOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->cOver;
+            byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->cOver);
             if (sz > cSz) {
                 sz = (byte)cSz;
             }
@@ -9431,8 +9799,8 @@ static WARN_UNUSED_RESULT int AesGcmEncryptUpdate_aesni(
             xorbuf(AES_LASTGBLOCK(aes) + aes->cOver, p, sz);
             XMEMCPY(c, AES_LASTGBLOCK(aes) + aes->cOver, sz);
             /* Update count of unused encrypted counter. */
-            aes->cOver += sz;
-            if (aes->cOver == AES_BLOCK_SIZE) {
+            aes->cOver = (byte)(aes->cOver + sz);
+            if (aes->cOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
             #ifdef HAVE_INTEL_AVX2
                 if (IS_INTEL_AVX2(intel_flags)) {
@@ -9462,14 +9830,14 @@ static WARN_UNUSED_RESULT int AesGcmEncryptUpdate_aesni(
         }
 
         /* Calculate number of blocks of plaintext and the leftover. */
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
             /* Encrypt and GHASH full blocks now. */
         #ifdef HAVE_INTEL_AVX2
             if (IS_INTEL_AVX2(intel_flags)) {
                 AES_GCM_encrypt_update_avx2((byte*)aes->key, (int)aes->rounds,
-                    c, p, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
+                    c, p, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
                     AES_COUNTER(aes));
             }
             else
@@ -9477,23 +9845,23 @@ static WARN_UNUSED_RESULT int AesGcmEncryptUpdate_aesni(
         #ifdef HAVE_INTEL_AVX1
             if (IS_INTEL_AVX1(intel_flags)) {
                 AES_GCM_encrypt_update_avx1((byte*)aes->key, (int)aes->rounds,
-                    c, p, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
+                    c, p, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
                     AES_COUNTER(aes));
             }
             else
         #endif
             {
                 AES_GCM_encrypt_update_aesni((byte*)aes->key, (int)aes->rounds,
-                    c, p, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
+                    c, p, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
                     AES_COUNTER(aes));
             }
             /* Skip over to end of blocks. */
-            p += blocks * AES_BLOCK_SIZE;
-            c += blocks * AES_BLOCK_SIZE;
+            p += blocks * WC_AES_BLOCK_SIZE;
+            c += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Encrypt the counter - XOR in zeros as proxy for plaintext. */
-            XMEMSET(AES_LASTGBLOCK(aes), 0, AES_BLOCK_SIZE);
+            XMEMSET(AES_LASTGBLOCK(aes), 0, WC_AES_BLOCK_SIZE);
         #ifdef HAVE_INTEL_AVX2
             if (IS_INTEL_AVX2(intel_flags)) {
                 AES_GCM_encrypt_block_avx2((byte*)aes->key, (int)aes->rounds,
@@ -9547,7 +9915,7 @@ static WARN_UNUSED_RESULT int AesGcmEncryptFinal_aesni(
     }
     if (over > 0) {
         /* Fill the rest of the block with zeros. */
-        XMEMSET(AES_LASTGBLOCK(aes) + over, 0, AES_BLOCK_SIZE - over);
+        XMEMSET(AES_LASTGBLOCK(aes) + over, 0, (size_t)WC_AES_BLOCK_SIZE - over);
         /* GHASH last cipher block. */
     #ifdef HAVE_INTEL_AVX2
         if (IS_INTEL_AVX2(intel_flags)) {
@@ -9644,7 +10012,7 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni(
     ASSERT_SAVED_VECTOR_REGISTERS();
 
     /* Hash in A, the Authentication Data */
-    ret = AesGcmAadUpdate_aesni(aes, a, aSz, (cSz > 0) && (c != NULL));
+    ret = AesGcmAadUpdate_aesni(aes, a, aSz, cSz > 0);
     if (ret != 0)
         return ret;
 
@@ -9654,7 +10022,7 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni(
         aes->cSz += cSz;
         if (aes->cOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->cOver;
+            byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->cOver);
             if (sz > cSz) {
                 sz = (byte)cSz;
             }
@@ -9664,8 +10032,8 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni(
             xorbuf(AES_LASTGBLOCK(aes) + aes->cOver, c, sz);
             XMEMCPY(p, AES_LASTGBLOCK(aes) + aes->cOver, sz);
             /* Update count of unused encrypted counter. */
-            aes->cOver += sz;
-            if (aes->cOver == AES_BLOCK_SIZE) {
+            aes->cOver = (byte)(aes->cOver + sz);
+            if (aes->cOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
             #ifdef HAVE_INTEL_AVX2
                 if (IS_INTEL_AVX2(intel_flags)) {
@@ -9695,14 +10063,14 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni(
         }
 
         /* Calculate number of blocks of plaintext and the leftover. */
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
             /* Decrypt and GHASH full blocks now. */
         #ifdef HAVE_INTEL_AVX2
             if (IS_INTEL_AVX2(intel_flags)) {
                 AES_GCM_decrypt_update_avx2((byte*)aes->key, (int)aes->rounds,
-                    p, c, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
+                    p, c, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
                     AES_COUNTER(aes));
             }
             else
@@ -9710,23 +10078,23 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni(
         #ifdef HAVE_INTEL_AVX1
             if (IS_INTEL_AVX1(intel_flags)) {
                 AES_GCM_decrypt_update_avx1((byte*)aes->key, (int)aes->rounds,
-                    p, c, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
+                    p, c, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
                     AES_COUNTER(aes));
             }
             else
         #endif
             {
                 AES_GCM_decrypt_update_aesni((byte*)aes->key, (int)aes->rounds,
-                    p, c, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
+                    p, c, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H,
                     AES_COUNTER(aes));
             }
             /* Skip over to end of blocks. */
-            c += blocks * AES_BLOCK_SIZE;
-            p += blocks * AES_BLOCK_SIZE;
+            c += blocks * WC_AES_BLOCK_SIZE;
+            p += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Encrypt the counter - XOR in zeros as proxy for cipher text. */
-            XMEMSET(AES_LASTGBLOCK(aes), 0, AES_BLOCK_SIZE);
+            XMEMSET(AES_LASTGBLOCK(aes), 0, WC_AES_BLOCK_SIZE);
         #ifdef HAVE_INTEL_AVX2
             if (IS_INTEL_AVX2(intel_flags)) {
                 AES_GCM_encrypt_block_avx2((byte*)aes->key, (int)aes->rounds,
@@ -9787,7 +10155,7 @@ static WARN_UNUSED_RESULT int AesGcmDecryptFinal_aesni(
     }
     if (over > 0) {
         /* Zeroize the unused part of the block. */
-        XMEMSET(lastBlock + over, 0, AES_BLOCK_SIZE - over);
+        XMEMSET(lastBlock + over, 0, (size_t)WC_AES_BLOCK_SIZE - over);
         /* Hash the last block of cipher text. */
     #ifdef HAVE_INTEL_AVX2
         if (IS_INTEL_AVX2(intel_flags)) {
@@ -9865,7 +10233,8 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
     if ((ret == 0) && (aes->streamData == NULL)) {
         /* Allocate buffers for streaming. */
-        aes->streamData = (byte*)XMALLOC(5 * AES_BLOCK_SIZE, aes->heap,
+        aes->streamData_sz = 5 * WC_AES_BLOCK_SIZE;
+        aes->streamData = (byte*)XMALLOC(aes->streamData_sz, aes->heap,
                                                               DYNAMIC_TYPE_AES);
         if (aes->streamData == NULL) {
             ret = MEMORY_E;
@@ -9880,7 +10249,7 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
 
     if (ret == 0) {
         /* Set the IV passed in if it is smaller than a block. */
-        if ((iv != NULL) && (ivSz <= AES_BLOCK_SIZE)) {
+        if ((iv != NULL) && (ivSz <= WC_AES_BLOCK_SIZE)) {
             XMEMMOVE((byte*)aes->reg, iv, ivSz);
             aes->nonceSz = ivSz;
         }
@@ -9901,7 +10270,20 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
                 RESTORE_VECTOR_REGISTERS();
             }
             else
-        #endif
+        #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+              !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+            if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+                AES_GCM_init_AARCH64(aes, iv, ivSz);
+
+                /* Reset state fields. */
+                aes->over = 0;
+                aes->aSz = 0;
+                aes->cSz = 0;
+                /* Initialization for GHASH. */
+                GHASH_INIT(aes);
+            }
+            else
+        #endif /* WOLFSSL_AESNI */
             {
                 ret = AesGcmInit_C(aes, iv, ivSz);
             }
@@ -10027,6 +10409,13 @@ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
             RESTORE_VECTOR_REGISTERS();
         }
         else
+    #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+          !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+            AES_GCM_crypt_update_AARCH64(aes, out, in, sz);
+            GHASH_UPDATE_AARCH64(aes, authIn, authInSz, out, sz);
+        }
+        else
     #endif
         {
             /* Encrypt the plaintext. */
@@ -10057,7 +10446,7 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz)
     int ret = 0;
 
     /* Check validity of parameters. */
-    if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) ||
+    if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) ||
             (authTagSz == 0)) {
         ret = BAD_FUNC_ARG;
     }
@@ -10080,6 +10469,12 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz)
             RESTORE_VECTOR_REGISTERS();
         }
         else
+    #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+          !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+            AES_GCM_final_AARCH64(aes, authTag, authTagSz);
+        }
+        else
     #endif
         {
             ret = AesGcmFinal_C(aes, authTag, authTagSz);
@@ -10163,6 +10558,13 @@ int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
             RESTORE_VECTOR_REGISTERS();
         }
         else
+    #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+          !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+            GHASH_UPDATE_AARCH64(aes, authIn, authInSz, in, sz);
+            AES_GCM_crypt_update_AARCH64(aes, out, in, sz);
+        }
+        else
     #endif
         {
             /* Update the authentication tag with any authentication data and
@@ -10191,7 +10593,7 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
     int ret = 0;
 
     /* Check validity of parameters. */
-    if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) ||
+    if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) ||
             (authTagSz == 0)) {
         ret = BAD_FUNC_ARG;
     }
@@ -10214,9 +10616,20 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
             RESTORE_VECTOR_REGISTERS();
         }
         else
+    #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+          !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) {
+            ALIGN32 byte calcTag[WC_AES_BLOCK_SIZE];
+            AES_GCM_final_AARCH64(aes, calcTag, authTagSz);
+            /* Check calculated tag matches the one passed in. */
+            if (ConstantCompare(authTag, calcTag, (int)authTagSz) != 0) {
+                ret = AES_GCM_AUTH_E;
+            }
+        }
+        else
     #endif
         {
-            ALIGN32 byte calcTag[AES_BLOCK_SIZE];
+            ALIGN32 byte calcTag[WC_AES_BLOCK_SIZE];
             /* Calculate authentication tag. */
             ret = AesGcmFinal_C(aes, calcTag, authTagSz);
             if (ret == 0) {
@@ -10352,7 +10765,7 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
             byte* authTag, word32 authTagSz, WC_RNG* rng)
 {
 #ifdef WOLFSSL_SMALL_STACK
-    Aes *aes = NULL;
+    Aes *aes;
 #else
     Aes aes[1];
 #endif
@@ -10365,24 +10778,24 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
-                              DYNAMIC_TYPE_AES)) == NULL)
-        return MEMORY_E;
-#endif
-
+    aes = wc_AesNew(NULL, INVALID_DEVID, &ret);
+#else
     ret = wc_AesInit(aes, NULL, INVALID_DEVID);
-    if (ret == 0) {
-        ret = wc_AesGcmSetKey(aes, key, keySz);
-        if (ret == 0)
-            ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng);
-        if (ret == 0)
-            ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz,
+#endif
+    if (ret != 0)
+        return ret;
+
+    ret = wc_AesGcmSetKey(aes, key, keySz);
+    if (ret == 0)
+        ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng);
+    if (ret == 0)
+        ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz,
                                   authTag, authTagSz, authIn, authInSz);
-        wc_AesFree(aes);
-    }
-    ForceZero(aes, sizeof *aes);
+
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, NULL);
+#else
+    wc_AesFree(aes);
 #endif
 
     return ret;
@@ -10402,28 +10815,27 @@ int wc_GmacVerify(const byte* key, word32 keySz,
 #endif
 
     if (key == NULL || iv == NULL || (authIn == NULL && authInSz != 0) ||
-        authTag == NULL || authTagSz == 0 || authTagSz > AES_BLOCK_SIZE) {
+        authTag == NULL || authTagSz == 0 || authTagSz > WC_AES_BLOCK_SIZE) {
 
         return BAD_FUNC_ARG;
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
-                              DYNAMIC_TYPE_AES)) == NULL)
-        return MEMORY_E;
-#endif
-
+    aes = wc_AesNew(NULL, INVALID_DEVID, &ret);
+#else
     ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+#endif
     if (ret == 0) {
         ret = wc_AesGcmSetKey(aes, key, keySz);
         if (ret == 0)
             ret = wc_AesGcmDecrypt(aes, NULL, NULL, 0, iv, ivSz,
                                   authTag, authTagSz, authIn, authInSz);
-        wc_AesFree(aes);
+
     }
-    ForceZero(aes, sizeof *aes);
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, NULL);
+#else
+    wc_AesFree(aes);
 #endif
 #else
     (void)key;
@@ -10491,8 +10903,8 @@ int wc_AesCcmCheckTagSize(int sz)
     return 0;
 }
 
-#ifdef WOLFSSL_ARMASM
-    /* implementation located in wolfcrypt/src/port/arm/armv8-aes.c */
+#if defined(WOLFSSL_ARMASM) && !defined(__aarch64__)
+    /* implemented in wolfcrypt/src/port/arm/armv8-aes.c */
 
 #elif defined(WOLFSSL_RISCV_ASM)
     /* implementation located in wolfcrypt/src/port/risc-v/riscv-64-aes.c */
@@ -10622,10 +11034,10 @@ static WARN_UNUSED_RESULT int roll_x(
     int ret;
 
     /* process the bulk of the data */
-    while (inSz >= AES_BLOCK_SIZE) {
-        xorbuf(out, in, AES_BLOCK_SIZE);
-        in += AES_BLOCK_SIZE;
-        inSz -= AES_BLOCK_SIZE;
+    while (inSz >= WC_AES_BLOCK_SIZE) {
+        xorbuf(out, in, WC_AES_BLOCK_SIZE);
+        in += WC_AES_BLOCK_SIZE;
+        inSz -= WC_AES_BLOCK_SIZE;
 
         ret = wc_AesEncrypt(aes, out, out);
         if (ret != 0)
@@ -10671,7 +11083,7 @@ static WARN_UNUSED_RESULT int roll_auth(
      */
 
     /* start fill out the rest of the first block */
-    remainder = AES_BLOCK_SIZE - authLenSz;
+    remainder = WC_AES_BLOCK_SIZE - authLenSz;
     if (inSz >= remainder) {
         /* plenty of bulk data to fill the remainder of this block */
         xorbuf(out + authLenSz, in, remainder);
@@ -10698,7 +11110,7 @@ static WC_INLINE void AesCcmCtrInc(byte* B, word32 lenSz)
     word32 i;
 
     for (i = 0; i < lenSz; i++) {
-        if (++B[AES_BLOCK_SIZE - 1 - i] != 0) return;
+        if (++B[WC_AES_BLOCK_SIZE - 1 - i] != 0) return;
     }
 }
 
@@ -10708,23 +11120,23 @@ static WC_INLINE void AesCcmCtrIncSet4(byte* B, word32 lenSz)
     word32 i;
 
     /* B+1 = B */
-    XMEMCPY(B + AES_BLOCK_SIZE * 1, B, AES_BLOCK_SIZE);
+    XMEMCPY(B + WC_AES_BLOCK_SIZE * 1, B, WC_AES_BLOCK_SIZE);
     /* B+2,B+3 = B,B+1 */
-    XMEMCPY(B + AES_BLOCK_SIZE * 2, B, AES_BLOCK_SIZE * 2);
+    XMEMCPY(B + WC_AES_BLOCK_SIZE * 2, B, WC_AES_BLOCK_SIZE * 2);
 
     for (i = 0; i < lenSz; i++) {
-        if (++B[AES_BLOCK_SIZE * 2 - 1 - i] != 0) break;
+        if (++B[WC_AES_BLOCK_SIZE * 2 - 1 - i] != 0) break;
     }
-    B[AES_BLOCK_SIZE * 3 - 1] += 2;
-    if (B[AES_BLOCK_SIZE * 3 - 1] < 2) {
+    B[WC_AES_BLOCK_SIZE * 3 - 1] = (byte)(B[WC_AES_BLOCK_SIZE * 3 - 1] + 2U);
+    if (B[WC_AES_BLOCK_SIZE * 3 - 1] < 2U) {
         for (i = 1; i < lenSz; i++) {
-            if (++B[AES_BLOCK_SIZE * 3 - 1 - i] != 0) break;
+            if (++B[WC_AES_BLOCK_SIZE * 3 - 1 - i] != 0) break;
         }
     }
-    B[AES_BLOCK_SIZE * 4 - 1] += 3;
-    if (B[AES_BLOCK_SIZE * 4 - 1] < 3) {
+    B[WC_AES_BLOCK_SIZE * 4 - 1] = (byte)(B[WC_AES_BLOCK_SIZE * 4 - 1] + 3U);
+    if (B[WC_AES_BLOCK_SIZE * 4 - 1] < 3U) {
         for (i = 1; i < lenSz; i++) {
-            if (++B[AES_BLOCK_SIZE * 4 - 1 - i] != 0) break;
+            if (++B[WC_AES_BLOCK_SIZE * 4 - 1 - i] != 0) break;
         }
     }
 }
@@ -10733,10 +11145,10 @@ static WC_INLINE void AesCcmCtrInc4(byte* B, word32 lenSz)
 {
     word32 i;
 
-    B[AES_BLOCK_SIZE - 1] += 4;
-    if (B[AES_BLOCK_SIZE - 1] < 4) {
+    B[WC_AES_BLOCK_SIZE - 1] = (byte)(B[WC_AES_BLOCK_SIZE - 1] + 4U);
+    if (B[WC_AES_BLOCK_SIZE - 1] < 4U) {
         for (i = 1; i < lenSz; i++) {
-            if (++B[AES_BLOCK_SIZE - 1 - i] != 0) break;
+            if (++B[WC_AES_BLOCK_SIZE - 1 - i] != 0) break;
         }
     }
 }
@@ -10750,11 +11162,11 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    const byte* authIn, word32 authInSz)
 {
 #ifdef WOLFSSL_AESNI
-    ALIGN128 byte A[AES_BLOCK_SIZE * 4];
-    ALIGN128 byte B[AES_BLOCK_SIZE * 4];
+    ALIGN128 byte A[WC_AES_BLOCK_SIZE * 4];
+    ALIGN128 byte B[WC_AES_BLOCK_SIZE * 4];
 #else
-    byte A[AES_BLOCK_SIZE];
-    byte B[AES_BLOCK_SIZE];
+    byte A[WC_AES_BLOCK_SIZE];
+    byte B[WC_AES_BLOCK_SIZE];
 #endif
     byte lenSz;
     word32 i;
@@ -10765,7 +11177,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     /* sanity check on arguments */
     if (aes == NULL || (inSz != 0 && (in == NULL || out == NULL)) ||
         nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
-            authTagSz > AES_BLOCK_SIZE)
+            authTagSz > WC_AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
     /* Sanity check on authIn to prevent segfault in xorbuf() where
@@ -10794,14 +11206,14 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     XMEMSET(A, 0, sizeof(A));
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    lenSz = (byte)(WC_AES_BLOCK_SIZE - 1U - nonceSz);
     B[0] = (byte)((authInSz > 0 ? 64 : 0)
                   + (8 * (((byte)authTagSz - 2) / 2))
                   + (lenSz - 1));
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B[AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask);
+        B[WC_AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask);
     }
 
 #ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -10824,9 +11236,9 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     if (ret == 0) {
         XMEMCPY(authTag, A, authTagSz);
 
-        B[0] = lenSz - 1;
+        B[0] = (byte)(lenSz - 1U);
         for (i = 0; i < lenSz; i++)
-            B[AES_BLOCK_SIZE - 1 - i] = 0;
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
         ret = wc_AesEncrypt(aes, B, A);
     }
 
@@ -10836,35 +11248,35 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     }
 #ifdef WOLFSSL_AESNI
     if ((ret == 0) && aes->use_aesni) {
-        while (inSz >= AES_BLOCK_SIZE * 4) {
+        while (inSz >= WC_AES_BLOCK_SIZE * 4) {
             AesCcmCtrIncSet4(B, lenSz);
 
-            AES_ECB_encrypt_AESNI(B, A, AES_BLOCK_SIZE * 4, (byte*)aes->key,
+            AES_ECB_encrypt_AESNI(B, A, WC_AES_BLOCK_SIZE * 4, (byte*)aes->key,
                             (int)aes->rounds);
 
-            xorbuf(A, in, AES_BLOCK_SIZE * 4);
-            XMEMCPY(out, A, AES_BLOCK_SIZE * 4);
+            xorbuf(A, in, WC_AES_BLOCK_SIZE * 4);
+            XMEMCPY(out, A, WC_AES_BLOCK_SIZE * 4);
 
-            inSz -= AES_BLOCK_SIZE * 4;
-            in += AES_BLOCK_SIZE * 4;
-            out += AES_BLOCK_SIZE * 4;
+            inSz -= WC_AES_BLOCK_SIZE * 4;
+            in += WC_AES_BLOCK_SIZE * 4;
+            out += WC_AES_BLOCK_SIZE * 4;
 
             AesCcmCtrInc4(B, lenSz);
         }
     }
 #endif
     if (ret == 0) {
-        while (inSz >= AES_BLOCK_SIZE) {
+        while (inSz >= WC_AES_BLOCK_SIZE) {
             ret = wc_AesEncrypt(aes, B, A);
             if (ret != 0)
                 break;
-            xorbuf(A, in, AES_BLOCK_SIZE);
-            XMEMCPY(out, A, AES_BLOCK_SIZE);
+            xorbuf(A, in, WC_AES_BLOCK_SIZE);
+            XMEMCPY(out, A, WC_AES_BLOCK_SIZE);
 
             AesCcmCtrInc(B, lenSz);
-            inSz -= AES_BLOCK_SIZE;
-            in += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            inSz -= WC_AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
     }
     if ((ret == 0) && (inSz > 0)) {
@@ -10896,11 +11308,11 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    const byte* authIn, word32 authInSz)
 {
 #ifdef WOLFSSL_AESNI
-    ALIGN128 byte B[AES_BLOCK_SIZE * 4];
-    ALIGN128 byte A[AES_BLOCK_SIZE * 4];
+    ALIGN128 byte B[WC_AES_BLOCK_SIZE * 4];
+    ALIGN128 byte A[WC_AES_BLOCK_SIZE * 4];
 #else
-    byte A[AES_BLOCK_SIZE];
-    byte B[AES_BLOCK_SIZE];
+    byte A[WC_AES_BLOCK_SIZE];
+    byte B[WC_AES_BLOCK_SIZE];
 #endif
     byte* o;
     byte lenSz;
@@ -10912,7 +11324,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     /* sanity check on arguments */
     if (aes == NULL || (inSz != 0 && (in == NULL || out == NULL)) ||
         nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
-        authTagSz > AES_BLOCK_SIZE)
+        authTagSz > WC_AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
     /* Sanity check on authIn to prevent segfault in xorbuf() where
@@ -10943,11 +11355,11 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     oSz = inSz;
     XMEMSET(A, 0, sizeof A);
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    lenSz = (byte)(WC_AES_BLOCK_SIZE - 1U - nonceSz);
 
-    B[0] = lenSz - 1;
+    B[0] = (byte)(lenSz - 1U);
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     B[15] = 1;
 
 #ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -10959,34 +11371,34 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
 #ifdef WOLFSSL_AESNI
     if (aes->use_aesni) {
-        while (oSz >= AES_BLOCK_SIZE * 4) {
+        while (oSz >= WC_AES_BLOCK_SIZE * 4) {
             AesCcmCtrIncSet4(B, lenSz);
 
-            AES_ECB_encrypt_AESNI(B, A, AES_BLOCK_SIZE * 4, (byte*)aes->key,
+            AES_ECB_encrypt_AESNI(B, A, WC_AES_BLOCK_SIZE * 4, (byte*)aes->key,
                             (int)aes->rounds);
 
-            xorbuf(A, in, AES_BLOCK_SIZE * 4);
-            XMEMCPY(o, A, AES_BLOCK_SIZE * 4);
+            xorbuf(A, in, WC_AES_BLOCK_SIZE * 4);
+            XMEMCPY(o, A, WC_AES_BLOCK_SIZE * 4);
 
-            oSz -= AES_BLOCK_SIZE * 4;
-            in += AES_BLOCK_SIZE * 4;
-            o += AES_BLOCK_SIZE * 4;
+            oSz -= WC_AES_BLOCK_SIZE * 4;
+            in += WC_AES_BLOCK_SIZE * 4;
+            o += WC_AES_BLOCK_SIZE * 4;
 
             AesCcmCtrInc4(B, lenSz);
         }
     }
 #endif
 
-    while (oSz >= AES_BLOCK_SIZE) {
+    while (oSz >= WC_AES_BLOCK_SIZE) {
         ret = wc_AesEncrypt(aes, B, A);
         if (ret != 0)
             break;
-        xorbuf(A, in, AES_BLOCK_SIZE);
-        XMEMCPY(o, A, AES_BLOCK_SIZE);
+        xorbuf(A, in, WC_AES_BLOCK_SIZE);
+        XMEMCPY(o, A, WC_AES_BLOCK_SIZE);
         AesCcmCtrInc(B, lenSz);
-        oSz -= AES_BLOCK_SIZE;
-        in += AES_BLOCK_SIZE;
-        o += AES_BLOCK_SIZE;
+        oSz -= WC_AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        o += WC_AES_BLOCK_SIZE;
     }
 
     if ((ret == 0) && (inSz > 0))
@@ -10996,7 +11408,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         xorbuf(A, in, oSz);
         XMEMCPY(o, A, oSz);
         for (i = 0; i < lenSz; i++)
-            B[AES_BLOCK_SIZE - 1 - i] = 0;
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
         ret = wc_AesEncrypt(aes, B, A);
     }
 
@@ -11010,7 +11422,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         for (i = 0; i < lenSz; i++) {
             if (mask && i >= wordSz)
                 mask = 0x00;
-            B[AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask);
+            B[WC_AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask);
         }
 
         ret = wc_AesEncrypt(aes, B, A);
@@ -11024,9 +11436,9 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         ret = roll_x(aes, o, oSz, A);
 
     if (ret == 0) {
-        B[0] = lenSz - 1;
+        B[0] = (byte)(lenSz - 1U);
         for (i = 0; i < lenSz; i++)
-            B[AES_BLOCK_SIZE - 1 - i] = 0;
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
         ret = wc_AesEncrypt(aes, B, B);
     }
 
@@ -11135,8 +11547,41 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz,
 
 #endif /* HAVE_AESCCM */
 
+#ifndef WC_NO_CONSTRUCTORS
+Aes* wc_AesNew(void* heap, int devId, int *result_code)
+{
+    int ret;
+    Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES);
+    if (aes == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_AesInit(aes, heap, devId);
+        if (ret != 0) {
+            XFREE(aes, heap, DYNAMIC_TYPE_AES);
+            aes = NULL;
+        }
+    }
 
-/* Initialize Aes for use with async hardware */
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return aes;
+}
+
+int wc_AesDelete(Aes *aes, Aes** aes_p)
+{
+    if (aes == NULL)
+        return BAD_FUNC_ARG;
+    wc_AesFree(aes);
+    XFREE(aes, aes->heap, DYNAMIC_TYPE_AES);
+    if (aes_p != NULL)
+        *aes_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
+/* Initialize Aes */
 int wc_AesInit(Aes* aes, void* heap, int devId)
 {
     int ret = 0;
@@ -11144,17 +11589,12 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
     if (aes == NULL)
         return BAD_FUNC_ARG;
 
-    aes->heap = heap;
-    aes->rounds = 0;
+    XMEMSET(aes, 0, sizeof(*aes));
 
-#ifdef WOLFSSL_AESNI
-    /* clear here for the benefit of wc_AesGcmInit(). */
-    aes->use_aesni = 0;
-#endif
+    aes->heap = heap;
 
 #ifdef WOLF_CRYPTO_CB
     aes->devId = devId;
-    aes->devCtx = NULL;
 #else
     (void)devId;
 #endif
@@ -11167,51 +11607,18 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
     aes->alFd = WC_SOCK_NOTSET;
     aes->rdFd = WC_SOCK_NOTSET;
 #endif
-#ifdef WOLFSSL_KCAPI_AES
-    aes->handle = NULL;
-    aes->init   = 0;
-#endif
 #if defined(WOLFSSL_DEVCRYPTO) && \
    (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))
     aes->ctx.cfd = -1;
 #endif
-#if defined(WOLFSSL_CRYPTOCELL) && defined(WOLFSSL_CRYPTOCELL_AES)
-    XMEMSET(&aes->ctx, 0, sizeof(aes->ctx));
-#endif
 #if defined(WOLFSSL_IMXRT_DCP)
     DCPAesInit(aes);
 #endif
 
-#ifdef WOLFSSL_MAXQ10XX_CRYPTO
-    XMEMSET(&aes->maxq_ctx, 0, sizeof(aes->maxq_ctx));
-#endif
-
-#ifdef HAVE_AESGCM
-#ifdef OPENSSL_EXTRA
-    XMEMSET(aes->gcm.aadH, 0, sizeof(aes->gcm.aadH));
-    aes->gcm.aadLen = 0;
-#endif
-#endif
-
-#ifdef WOLFSSL_AESGCM_STREAM
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
-    aes->streamData = NULL;
-#endif
-    aes->keylen = 0;
-    aes->nonceSz = 0;
-    aes->gcmKeySet = 0;
-    aes->nonceSet = 0;
-    aes->ctrSet = 0;
-#endif
-
 #if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES)
     ret = wc_psa_aes_init(aes);
 #endif
 
-#if defined(WOLFSSL_RENESAS_FSPSM)
-    XMEMSET(&aes->ctx, 0, sizeof(aes->ctx));
-#endif
-
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
     if (ret == 0)
         ret = wc_debug_CipherLifecycleInit(&aes->CipherLifecycleTag, aes->heap);
@@ -11266,11 +11673,12 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId)
 }
 #endif
 
-/* Free Aes from use with async hardware */
+/* Free Aes resources */
 void wc_AesFree(Aes* aes)
 {
-    if (aes == NULL)
+    if (aes == NULL) {
         return;
+    }
 
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
     (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, aes->heap, 1);
@@ -11311,8 +11719,11 @@ void wc_AesFree(Aes* aes)
 #endif
 #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \
     !defined(WOLFSSL_AESNI)
-    XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES);
-    aes->streamData = NULL;
+    if (aes->streamData != NULL) {
+        ForceZero(aes->streamData, aes->streamData_sz);
+        XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES);
+        aes->streamData = NULL;
+    }
 #endif
 
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
@@ -11335,6 +11746,8 @@ void wc_AesFree(Aes* aes)
     wc_fspsm_Aesfree(aes);
 #endif
 
+    ForceZero(aes, sizeof(Aes));
+
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Check(aes, sizeof(Aes));
 #endif
@@ -11405,6 +11818,48 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize)
 #elif defined(WOLFSSL_RISCV_ASM)
     /* implemented in wolfcrypt/src/port/riscv/riscv-64-aes.c */
 
+#elif defined(MAX3266X_AES)
+
+int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL))
+        return BAD_FUNC_ARG;
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->key,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+
+#ifdef HAVE_AES_DECRYPT
+int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL))
+        return BAD_FUNC_ARG;
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->key,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+#endif /* HAVE_AES_DECRYPT */
+
 #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
 
 /* Software AES - ECB */
@@ -11457,6 +11912,18 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt(
         AES_ECB_encrypt_AESNI(in, out, sz, (byte*)aes->key, (int)aes->rounds);
     }
     else
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+      !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto) {
+        word32 i;
+
+        for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
+            AES_encrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds);
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
+        }
+    }
+    else
 #endif
     {
 #ifdef NEED_AES_TABLES
@@ -11464,12 +11931,12 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt(
 #else
         word32 i;
 
-        for (i = 0; i < sz; i += AES_BLOCK_SIZE) {
+        for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
             ret = wc_AesEncryptDirect(aes, out, in);
             if (ret != 0)
                 break;
-            in += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
 #endif
     }
@@ -11509,6 +11976,18 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt(
         AES_ECB_decrypt_AESNI(in, out, sz, (byte*)aes->key, (int)aes->rounds);
     }
     else
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+      !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (aes->use_aes_hw_crypto) {
+        word32 i;
+
+        for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
+            AES_decrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds);
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
+        }
+    }
+    else
 #endif
     {
 #ifdef NEED_AES_TABLES
@@ -11516,12 +11995,12 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt(
 #else
         word32 i;
 
-        for (i = 0; i < sz; i += AES_BLOCK_SIZE) {
+        for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
             ret = wc_AesDecryptDirect(aes, out, in);
             if (ret != 0)
                 break;
-            in += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
 #endif
     }
@@ -11536,7 +12015,7 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     if ((in == NULL) || (out == NULL) || (aes == NULL))
       return BAD_FUNC_ARG;
-    if ((sz % AES_BLOCK_SIZE) != 0) {
+    if ((sz % WC_AES_BLOCK_SIZE) != 0) {
         return BAD_LENGTH_E;
     }
 
@@ -11548,7 +12027,7 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     if ((in == NULL) || (out == NULL) || (aes == NULL))
       return BAD_FUNC_ARG;
-    if ((sz % AES_BLOCK_SIZE) != 0) {
+    if ((sz % WC_AES_BLOCK_SIZE) != 0) {
         return BAD_LENGTH_E;
     }
 
@@ -11584,10 +12063,10 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
 
     /* consume any unused bytes left in aes->tmp */
     processed = min(aes->left, sz);
-    xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, processed);
+    xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left, processed);
 #ifdef WOLFSSL_AES_CFB
     if (mode == AES_CFB_MODE) {
-        XMEMCPY((byte*)aes->reg + AES_BLOCK_SIZE - aes->left, out, processed);
+        XMEMCPY((byte*)aes->reg + WC_AES_BLOCK_SIZE - aes->left, out, processed);
     }
 #endif
     aes->left -= processed;
@@ -11597,26 +12076,26 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
 
     VECTOR_REGISTERS_PUSH;
 
-    while (sz >= AES_BLOCK_SIZE) {
+    while (sz >= WC_AES_BLOCK_SIZE) {
         /* Using aes->tmp here for inline case i.e. in=out */
         ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg);
         if (ret != 0)
             break;
     #ifdef WOLFSSL_AES_OFB
         if (mode == AES_OFB_MODE) {
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
         }
     #endif
-        xorbuf((byte*)aes->tmp, in, AES_BLOCK_SIZE);
+        xorbuf((byte*)aes->tmp, in, WC_AES_BLOCK_SIZE);
     #ifdef WOLFSSL_AES_CFB
         if (mode == AES_CFB_MODE) {
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
         }
     #endif
-        XMEMCPY(out, aes->tmp, AES_BLOCK_SIZE);
-        out += AES_BLOCK_SIZE;
-        in  += AES_BLOCK_SIZE;
-        sz  -= AES_BLOCK_SIZE;
+        XMEMCPY(out, aes->tmp, WC_AES_BLOCK_SIZE);
+        out += WC_AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        sz  -= WC_AES_BLOCK_SIZE;
         aes->left = 0;
     }
 
@@ -11625,11 +12104,11 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
         ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg);
     }
     if ((ret == 0) && sz) {
-        aes->left = AES_BLOCK_SIZE;
+        aes->left = WC_AES_BLOCK_SIZE;
         tmp = (byte*)aes->tmp;
     #ifdef WOLFSSL_AES_OFB
         if (mode == AES_OFB_MODE) {
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
         }
     #endif
 
@@ -11674,13 +12153,14 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
     /* check if more input needs copied over to aes->reg */
     if (aes->left && sz && mode == AES_CFB_MODE) {
         word32 size = min(aes->left, sz);
-        XMEMCPY((byte*)aes->reg + AES_BLOCK_SIZE - aes->left, in, size);
+        XMEMCPY((byte*)aes->reg + WC_AES_BLOCK_SIZE - aes->left, in, size);
     }
     #endif
 
     /* consume any unused bytes left in aes->tmp */
     processed = min(aes->left, sz);
-    xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, processed);
+    xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left,
+        processed);
     aes->left -= processed;
     out += processed;
     in += processed;
@@ -11688,26 +12168,26 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
 
     VECTOR_REGISTERS_PUSH;
 
-    while (sz > AES_BLOCK_SIZE) {
+    while (sz > WC_AES_BLOCK_SIZE) {
         /* Using aes->tmp here for inline case i.e. in=out */
         ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg);
         if (ret != 0)
             break;
     #ifdef WOLFSSL_AES_OFB
         if (mode == AES_OFB_MODE) {
-            XMEMCPY((byte*)aes->reg, (byte*)aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY((byte*)aes->reg, (byte*)aes->tmp, WC_AES_BLOCK_SIZE);
         }
     #endif
-        xorbuf((byte*)aes->tmp, in, AES_BLOCK_SIZE);
+        xorbuf((byte*)aes->tmp, in, WC_AES_BLOCK_SIZE);
     #ifdef WOLFSSL_AES_CFB
         if (mode == AES_CFB_MODE) {
-            XMEMCPY(aes->reg, in, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, in, WC_AES_BLOCK_SIZE);
         }
     #endif
-        XMEMCPY(out, (byte*)aes->tmp, AES_BLOCK_SIZE);
-        out += AES_BLOCK_SIZE;
-        in  += AES_BLOCK_SIZE;
-        sz  -= AES_BLOCK_SIZE;
+        XMEMCPY(out, (byte*)aes->tmp, WC_AES_BLOCK_SIZE);
+        out += WC_AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        sz  -= WC_AES_BLOCK_SIZE;
         aes->left = 0;
     }
 
@@ -11723,11 +12203,11 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
     #endif
     #ifdef WOLFSSL_AES_OFB
         if (mode == AES_OFB_MODE) {
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
         }
     #endif
 
-        aes->left = AES_BLOCK_SIZE - sz;
+        aes->left = WC_AES_BLOCK_SIZE - sz;
         xorbufout(out, in, aes->tmp, sz);
     }
 
@@ -11774,27 +12254,27 @@ int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 }
 #endif /* HAVE_AES_DECRYPT */
 
-
-/* shift the whole AES_BLOCK_SIZE array left by 8 or 1 bits */
+#ifndef WOLFSSL_NO_AES_CFB_1_8
+/* shift the whole WC_AES_BLOCK_SIZE array left by 8 or 1 bits */
 static void shiftLeftArray(byte* ary, byte shift)
 {
     int i;
 
     if (shift == WOLFSSL_BIT_SIZE) {
         /* shifting over by 8 bits */
-        for (i = 0; i < AES_BLOCK_SIZE - 1; i++) {
+        for (i = 0; i < WC_AES_BLOCK_SIZE - 1; i++) {
             ary[i] = ary[i+1];
         }
         ary[i] = 0;
     }
     else {
         /* shifting over by 7 or less bits */
-        for (i = 0; i < AES_BLOCK_SIZE - 1; i++) {
-            byte carry = ary[i+1] & (0XFF << (WOLFSSL_BIT_SIZE - shift));
-            carry >>= (WOLFSSL_BIT_SIZE - shift);
+        for (i = 0; i < WC_AES_BLOCK_SIZE - 1; i++) {
+            byte carry = (byte)(ary[i+1] & (0XFF << (WOLFSSL_BIT_SIZE - shift)));
+            carry = (byte)(carry >> (WOLFSSL_BIT_SIZE - shift));
             ary[i] = (byte)((ary[i] << shift) + carry);
         }
-        ary[i] = ary[i] << shift;
+        ary[i] = (byte)(ary[i] << shift);
     }
 }
 
@@ -11825,12 +12305,12 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB8(
 
             /* LSB + CAT */
             shiftLeftArray(pt, WOLFSSL_BIT_SIZE);
-            pt[AES_BLOCK_SIZE - 1] = in[0];
+            pt[WC_AES_BLOCK_SIZE - 1] = in[0];
         }
 
         /* MSB + XOR */
     #ifdef BIG_ENDIAN_ORDER
-        ByteReverseWords(aes->tmp, aes->tmp, AES_BLOCK_SIZE);
+        ByteReverseWords(aes->tmp, aes->tmp, WC_AES_BLOCK_SIZE);
     #endif
         out[0] = (byte)(aes->tmp[0] ^ in[0]);
         if (dir == AES_ENCRYPTION) {
@@ -11838,7 +12318,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB8(
 
             /* LSB + CAT */
             shiftLeftArray(pt, WOLFSSL_BIT_SIZE);
-            pt[AES_BLOCK_SIZE - 1] = out[0];
+            pt[WC_AES_BLOCK_SIZE - 1] = out[0];
         }
 
         out += 1;
@@ -11880,19 +12360,19 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB1(
             pt = (byte*)aes->reg;
 
             /* LSB + CAT */
-            tmp = (0X01 << bit) & in[0];
-            tmp = tmp >> bit;
+            tmp = (byte)((0X01U << bit) & in[0]);
+            tmp = (byte)(tmp >> bit);
             tmp &= 0x01;
             shiftLeftArray((byte*)aes->reg, 1);
-            pt[AES_BLOCK_SIZE - 1] |= tmp;
+            pt[WC_AES_BLOCK_SIZE - 1] |= tmp;
         }
 
         /* MSB  + XOR */
-        tmp = (0X01 << bit) & in[0];
+        tmp = (byte)((0X01U << bit) & in[0]);
         pt = (byte*)aes->tmp;
-        tmp = (pt[0] >> 7) ^ (tmp >> bit);
+        tmp = (byte)((pt[0] >> 7) ^ (tmp >> bit));
         tmp &= 0x01;
-        cur |= (tmp << bit);
+        cur = (byte)(cur | (tmp << bit));
 
 
         if (dir == AES_ENCRYPTION) {
@@ -11900,7 +12380,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB1(
 
             /* LSB + CAT */
             shiftLeftArray((byte*)aes->reg, 1);
-            pt[AES_BLOCK_SIZE - 1] |= tmp;
+            pt[WC_AES_BLOCK_SIZE - 1] |= tmp;
         }
 
         bit--;
@@ -11909,7 +12389,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB1(
             out += 1;
             in  += 1;
             sz  -= 1;
-            bit = 7;
+            bit = 7U;
             cur = 0;
         }
         else {
@@ -11992,6 +12472,7 @@ int wc_AesCfb8Decrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     return wc_AesFeedbackCFB8(aes, out, in, sz, AES_DECRYPTION);
 }
 #endif /* HAVE_AES_DECRYPT */
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 #endif /* WOLFSSL_AES_CFB */
 
 #ifdef WOLFSSL_AES_OFB
@@ -12079,7 +12560,7 @@ int wc_AesKeyWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out,
     int ret = 0;
 
     byte t[KEYWRAP_BLOCK_SIZE];
-    byte tmp[AES_BLOCK_SIZE];
+    byte tmp[WC_AES_BLOCK_SIZE];
 
     /* n must be at least 2 64-bit blocks, output size is (n + 1) 8 bytes (64-bit) */
     if (aes == NULL || in  == NULL || inSz < 2*KEYWRAP_BLOCK_SIZE ||
@@ -12187,7 +12668,7 @@ int wc_AesKeyUnWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out,
     int ret = 0;
 
     byte t[KEYWRAP_BLOCK_SIZE];
-    byte tmp[AES_BLOCK_SIZE];
+    byte tmp[WC_AES_BLOCK_SIZE];
 
     const byte* expIv;
     const byte defaultIV[] = {
@@ -12367,7 +12848,12 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
     }
 
     if ((len != (AES_128_KEY_SIZE*2)) &&
+#ifndef HAVE_FIPS
+        /* XTS-384 not allowed by FIPS and can not be treated like
+         * RSA-4096 bit keys back in the day, can not vendor affirm
+         * the use of 2 concatenated 192-bit keys (XTS-384) */
         (len != (AES_192_KEY_SIZE*2)) &&
+#endif
         (len != (AES_256_KEY_SIZE*2)))
     {
         WOLFSSL_MSG("Unsupported key size");
@@ -12508,16 +12994,16 @@ int wc_AesXtsEncryptSector(XtsAes* aes, byte* out, const byte* in,
         word32 sz, word64 sector)
 {
     byte* pt;
-    byte  i[AES_BLOCK_SIZE];
+    byte  i[WC_AES_BLOCK_SIZE];
 
-    XMEMSET(i, 0, AES_BLOCK_SIZE);
+    XMEMSET(i, 0, WC_AES_BLOCK_SIZE);
 #ifdef BIG_ENDIAN_ORDER
     sector = ByteReverseWord64(sector);
 #endif
     pt = (byte*)&sector;
     XMEMCPY(i, pt, sizeof(word64));
 
-    return wc_AesXtsEncrypt(aes, out, in, sz, (const byte*)i, AES_BLOCK_SIZE);
+    return wc_AesXtsEncrypt(aes, out, in, sz, (const byte*)i, WC_AES_BLOCK_SIZE);
 }
 
 
@@ -12536,20 +13022,24 @@ int wc_AesXtsDecryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz,
         word64 sector)
 {
     byte* pt;
-    byte  i[AES_BLOCK_SIZE];
+    byte  i[WC_AES_BLOCK_SIZE];
 
-    XMEMSET(i, 0, AES_BLOCK_SIZE);
+    XMEMSET(i, 0, WC_AES_BLOCK_SIZE);
 #ifdef BIG_ENDIAN_ORDER
     sector = ByteReverseWord64(sector);
 #endif
     pt = (byte*)&sector;
     XMEMCPY(i, pt, sizeof(word64));
 
-    return wc_AesXtsDecrypt(aes, out, in, sz, (const byte*)i, AES_BLOCK_SIZE);
+    return wc_AesXtsDecrypt(aes, out, in, sz, (const byte*)i, WC_AES_BLOCK_SIZE);
 }
 
 #ifdef WOLFSSL_AESNI
 
+#if defined(USE_INTEL_SPEEDUP_FOR_AES) && !defined(USE_INTEL_SPEEDUP)
+    #define USE_INTEL_SPEEDUP
+#endif
+
 #if defined(USE_INTEL_SPEEDUP)
     #define HAVE_INTEL_AVX1
     #define HAVE_INTEL_AVX2
@@ -12609,35 +13099,36 @@ void AES_XTS_decrypt_update_avx1(const unsigned char *in, unsigned char *out, wo
 
 #endif /* WOLFSSL_AESNI */
 
-#if !defined(WOLFSSL_ARMASM) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+#if !defined(WOLFSSL_ARMASM) || defined(__aarch64__) || \
+    defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
 #ifdef HAVE_AES_ECB
 /* helper function for encrypting / decrypting full buffer at once */
 static WARN_UNUSED_RESULT int _AesXtsHelper(
     Aes* aes, byte* out, const byte* in, word32 sz, int dir)
 {
     word32 outSz   = sz;
-    word32 totalSz = (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE; /* total bytes */
+    word32 totalSz = (sz / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE; /* total bytes */
     byte*  pt      = out;
 
-    outSz -= AES_BLOCK_SIZE;
+    outSz -= WC_AES_BLOCK_SIZE;
 
     while (outSz > 0) {
         word32 j;
         byte carry = 0;
 
         /* multiply by shift left and propagate carry */
-        for (j = 0; j < AES_BLOCK_SIZE && outSz > 0; j++, outSz--) {
+        for (j = 0; j < WC_AES_BLOCK_SIZE && outSz > 0; j++, outSz--) {
             byte tmpC;
 
             tmpC   = (pt[j] >> 7) & 0x01;
-            pt[j+AES_BLOCK_SIZE] = (byte)((pt[j] << 1) + carry);
+            pt[j+WC_AES_BLOCK_SIZE] = (byte)((pt[j] << 1) + carry);
             carry  = tmpC;
         }
         if (carry) {
-            pt[AES_BLOCK_SIZE] ^= GF_XTS;
+            pt[WC_AES_BLOCK_SIZE] ^= GF_XTS;
         }
 
-        pt += AES_BLOCK_SIZE;
+        pt += WC_AES_BLOCK_SIZE;
     }
 
     xorbuf(out, in, totalSz);
@@ -12678,7 +13169,7 @@ static int AesXtsEncrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         const byte* i)
 {
     int ret;
-    byte tweak_block[AES_BLOCK_SIZE];
+    byte tweak_block[WC_AES_BLOCK_SIZE];
 
     ret = wc_AesEncryptDirect(&xaes->tweak, tweak_block, i);
     if (ret != 0)
@@ -12720,13 +13211,13 @@ static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
                                   byte *i)
 {
     int ret = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     Aes *aes = &xaes->aes;
 
 #ifdef HAVE_AES_ECB
     /* encrypt all of buffer at once when possible */
     if (in != out) { /* can not handle inline */
-        XMEMCPY(out, i, AES_BLOCK_SIZE);
+        XMEMCPY(out, i, WC_AES_BLOCK_SIZE);
         if ((ret = _AesXtsHelper(aes, out, in, sz, AES_ENCRYPTION)) != 0)
             return ret;
     }
@@ -12740,18 +13231,18 @@ static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
         if (in == out)
 #endif
         { /* check for if inline */
-            byte buf[AES_BLOCK_SIZE];
+            byte buf[WC_AES_BLOCK_SIZE];
 
-            XMEMCPY(buf, in, AES_BLOCK_SIZE);
-            xorbuf(buf, i, AES_BLOCK_SIZE);
+            XMEMCPY(buf, in, WC_AES_BLOCK_SIZE);
+            xorbuf(buf, i, WC_AES_BLOCK_SIZE);
             ret = wc_AesEncryptDirect(aes, out, buf);
             if (ret != 0)
                 return ret;
         }
-        xorbuf(out, i, AES_BLOCK_SIZE);
+        xorbuf(out, i, WC_AES_BLOCK_SIZE);
 
         /* multiply by shift left and propagate carry */
-        for (j = 0; j < AES_BLOCK_SIZE; j++) {
+        for (j = 0; j < WC_AES_BLOCK_SIZE; j++) {
             byte tmpC;
 
             tmpC   = (i[j] >> 7) & 0x01;
@@ -12762,18 +13253,18 @@ static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
             i[0] ^= GF_XTS;
         }
 
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
-        sz  -= AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
+        sz  -= WC_AES_BLOCK_SIZE;
         blocks--;
     }
 
     /* stealing operation of XTS to handle left overs */
     if (sz > 0) {
-        byte buf[AES_BLOCK_SIZE];
+        byte buf[WC_AES_BLOCK_SIZE];
 
-        XMEMCPY(buf, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-        if (sz >= AES_BLOCK_SIZE) { /* extra sanity check before copy */
+        XMEMCPY(buf, out - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+        if (sz >= WC_AES_BLOCK_SIZE) { /* extra sanity check before copy */
             return BUFFER_E;
         }
         if (in != out) {
@@ -12781,17 +13272,17 @@ static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
             XMEMCPY(buf, in, sz);
         }
         else {
-            byte buf2[AES_BLOCK_SIZE];
+            byte buf2[WC_AES_BLOCK_SIZE];
 
             XMEMCPY(buf2, buf, sz);
             XMEMCPY(buf, in, sz);
             XMEMCPY(out, buf2, sz);
         }
 
-        xorbuf(buf, i, AES_BLOCK_SIZE);
-        ret = wc_AesEncryptDirect(aes, out - AES_BLOCK_SIZE, buf);
+        xorbuf(buf, i, WC_AES_BLOCK_SIZE);
+        ret = wc_AesEncryptDirect(aes, out - WC_AES_BLOCK_SIZE, buf);
         if (ret == 0)
-            xorbuf(out - AES_BLOCK_SIZE, i, AES_BLOCK_SIZE);
+            xorbuf(out - WC_AES_BLOCK_SIZE, i, WC_AES_BLOCK_SIZE);
     }
 
     return ret;
@@ -12804,7 +13295,7 @@ static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
  * in    input plain text buffer to encrypt
  * sz    size of both out and in buffers
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
  *       adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
@@ -12822,8 +13313,8 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
 
 #if FIPS_VERSION3_GE(6,0,0)
     /* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is
-     * AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to
-     * protect up to 1,048,576 blocks of AES_BLOCK_SIZE (16,777,216 bytes)
+     * WC_AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to
+     * protect up to 1,048,576 blocks of WC_AES_BLOCK_SIZE (16,777,216 bytes)
      */
     if (sz > FIPS_AES_XTS_MAX_BYTES_PER_TWEAK) {
         WOLFSSL_MSG("Request exceeds allowed bytes per SP800-38E");
@@ -12838,11 +13329,11 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         return BAD_FUNC_ARG;
     }
 
-    if (iSz < AES_BLOCK_SIZE) {
+    if (iSz < WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
-    if (sz < AES_BLOCK_SIZE) {
+    if (sz < WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("Plain text input too small for encryption");
         return BAD_FUNC_ARG;
     }
@@ -12871,6 +13362,13 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
             RESTORE_VECTOR_REGISTERS();
         }
         else
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+      !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto) {
+            AES_XTS_encrypt_AARCH64(xaes, out, in, sz, i);
+            ret = 0;
+        }
+        else
 #endif
         {
             ret = AesXtsEncrypt_sw(xaes, out, in, sz, i);
@@ -12886,7 +13384,7 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
  *
  * xaes  AES keys to use for block encrypt/decrypt
  * i     readwrite value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
  *       adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
@@ -12902,7 +13400,7 @@ int wc_AesXtsEncryptInit(XtsAes* xaes, const byte* i, word32 iSz,
         return BAD_FUNC_ARG;
     }
 
-    if (iSz < AES_BLOCK_SIZE) {
+    if (iSz < WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
@@ -12913,7 +13411,7 @@ int wc_AesXtsEncryptInit(XtsAes* xaes, const byte* i, word32 iSz,
         return BAD_FUNC_ARG;
     }
 
-    XMEMCPY(stream->tweak_block, i, AES_BLOCK_SIZE);
+    XMEMCPY(stream->tweak_block, i, WC_AES_BLOCK_SIZE);
     stream->bytes_crypted_with_this_tweak = 0;
 
     {
@@ -12949,16 +13447,16 @@ int wc_AesXtsEncryptInit(XtsAes* xaes, const byte* i, word32 iSz,
 
 /* Block-streaming AES-XTS
  *
- * Note that sz must be >= AES_BLOCK_SIZE in each call, and must be a multiple
- * of AES_BLOCK_SIZE in each call to wc_AesXtsEncryptUpdate().
- * wc_AesXtsEncryptFinal() can handle any length >= AES_BLOCK_SIZE.
+ * Note that sz must be >= WC_AES_BLOCK_SIZE in each call, and must be a multiple
+ * of WC_AES_BLOCK_SIZE in each call to wc_AesXtsEncryptUpdate().
+ * wc_AesXtsEncryptFinal() can handle any length >= WC_AES_BLOCK_SIZE.
  *
  * xaes  AES keys to use for block encrypt/decrypt
  * out   output buffer to hold cipher text
  * in    input plain text buffer to encrypt
- * sz    size of both out and in buffers -- must be >= AES_BLOCK_SIZE.
+ * sz    size of both out and in buffers -- must be >= WC_AES_BLOCK_SIZE.
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
  *       adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
@@ -12980,12 +13478,12 @@ static int AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 s
     aes = &xaes->aes;
 #endif
 
-    if (sz < AES_BLOCK_SIZE) {
+    if (sz < WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("Plain text input too small for encryption");
         return BAD_FUNC_ARG;
     }
 
-    if (stream->bytes_crypted_with_this_tweak & ((word32)AES_BLOCK_SIZE - 1U))
+    if (stream->bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))
     {
         WOLFSSL_MSG("Call to AesXtsEncryptUpdate after previous finalizing call");
         return BAD_FUNC_ARG;
@@ -12997,8 +13495,8 @@ static int AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 s
 #endif
 #if FIPS_VERSION3_GE(6,0,0)
     /* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is
-     * AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to
-     * protect up to 1,048,576 blocks of AES_BLOCK_SIZE (16,777,216 bytes)
+     * WC_AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to
+     * protect up to 1,048,576 blocks of WC_AES_BLOCK_SIZE (16,777,216 bytes)
      */
     if (stream->bytes_crypted_with_this_tweak >
         FIPS_AES_XTS_MAX_BYTES_PER_TWEAK)
@@ -13045,7 +13543,7 @@ int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
 {
     if (stream == NULL)
         return BAD_FUNC_ARG;
-    if (sz & ((word32)AES_BLOCK_SIZE - 1U))
+    if (sz & ((word32)WC_AES_BLOCK_SIZE - 1U))
         return BAD_FUNC_ARG;
     return AesXtsEncryptUpdate(xaes, out, in, sz, stream);
 }
@@ -13064,9 +13562,9 @@ int wc_AesXtsEncryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz,
      * after finalization.
      */
     stream->bytes_crypted_with_this_tweak |= 1U;
-    ForceZero(stream->tweak_block, AES_BLOCK_SIZE);
+    ForceZero(stream->tweak_block, WC_AES_BLOCK_SIZE);
 #ifdef WOLFSSL_CHECK_MEM_ZERO
-    wc_MemZero_Check(stream->tweak_block, AES_BLOCK_SIZE);
+    wc_MemZero_Check(stream->tweak_block, WC_AES_BLOCK_SIZE);
 #endif
     return ret;
 }
@@ -13093,7 +13591,7 @@ static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         const byte* i)
 {
     int ret;
-    byte tweak_block[AES_BLOCK_SIZE];
+    byte tweak_block[WC_AES_BLOCK_SIZE];
 
     ret = wc_AesEncryptDirect(&xaes->tweak, tweak_block, i);
     if (ret != 0)
@@ -13122,7 +13620,7 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
                                   word32 sz, byte *i)
 {
     int ret = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
 #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
     Aes *aes = &xaes->aes_decrypt;
 #else
@@ -13130,7 +13628,7 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
 #endif
     word32 j;
     byte carry = 0;
-    byte stl = (sz % AES_BLOCK_SIZE);
+    byte stl = (sz % WC_AES_BLOCK_SIZE);
 
     /* if Stealing then break out of loop one block early to handle special
      * case */
@@ -13141,7 +13639,7 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
 #ifdef HAVE_AES_ECB
     /* decrypt all of buffer at once when possible */
     if (in != out) { /* can not handle inline */
-        XMEMCPY(out, i, AES_BLOCK_SIZE);
+        XMEMCPY(out, i, WC_AES_BLOCK_SIZE);
         if ((ret = _AesXtsHelper(aes, out, in, sz, AES_DECRYPTION)) != 0)
             return ret;
     }
@@ -13152,18 +13650,18 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
         if (in == out)
 #endif
         { /* check for if inline */
-            byte buf[AES_BLOCK_SIZE];
+            byte buf[WC_AES_BLOCK_SIZE];
 
-            XMEMCPY(buf, in, AES_BLOCK_SIZE);
-            xorbuf(buf, i, AES_BLOCK_SIZE);
+            XMEMCPY(buf, in, WC_AES_BLOCK_SIZE);
+            xorbuf(buf, i, WC_AES_BLOCK_SIZE);
             ret = wc_AesDecryptDirect(aes, out, buf);
             if (ret != 0)
                 return ret;
         }
-        xorbuf(out, i, AES_BLOCK_SIZE);
+        xorbuf(out, i, WC_AES_BLOCK_SIZE);
 
         /* multiply by shift left and propagate carry */
-        for (j = 0; j < AES_BLOCK_SIZE; j++) {
+        for (j = 0; j < WC_AES_BLOCK_SIZE; j++) {
             byte tmpC;
 
             tmpC   = (i[j] >> 7) & 0x01;
@@ -13175,19 +13673,19 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
         }
         carry = 0;
 
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
-        sz  -= AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
+        sz  -= WC_AES_BLOCK_SIZE;
         blocks--;
     }
 
     /* stealing operation of XTS to handle left overs */
-    if (sz >= AES_BLOCK_SIZE) {
-        byte buf[AES_BLOCK_SIZE];
-        byte tmp2[AES_BLOCK_SIZE];
+    if (sz >= WC_AES_BLOCK_SIZE) {
+        byte buf[WC_AES_BLOCK_SIZE];
+        byte tmp2[WC_AES_BLOCK_SIZE];
 
         /* multiply by shift left and propagate carry */
-        for (j = 0; j < AES_BLOCK_SIZE; j++) {
+        for (j = 0; j < WC_AES_BLOCK_SIZE; j++) {
             byte tmpC;
 
             tmpC   = (i[j] >> 7) & 0x01;
@@ -13198,33 +13696,33 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
             tmp2[0] ^= GF_XTS;
         }
 
-        XMEMCPY(buf, in, AES_BLOCK_SIZE);
-        xorbuf(buf, tmp2, AES_BLOCK_SIZE);
+        XMEMCPY(buf, in, WC_AES_BLOCK_SIZE);
+        xorbuf(buf, tmp2, WC_AES_BLOCK_SIZE);
         ret = wc_AesDecryptDirect(aes, out, buf);
         if (ret != 0)
             return ret;
-        xorbuf(out, tmp2, AES_BLOCK_SIZE);
+        xorbuf(out, tmp2, WC_AES_BLOCK_SIZE);
 
         /* tmp2 holds partial | last */
-        XMEMCPY(tmp2, out, AES_BLOCK_SIZE);
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
-        sz  -= AES_BLOCK_SIZE;
+        XMEMCPY(tmp2, out, WC_AES_BLOCK_SIZE);
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
+        sz  -= WC_AES_BLOCK_SIZE;
 
         /* Make buffer with end of cipher text | last */
-        XMEMCPY(buf, tmp2, AES_BLOCK_SIZE);
-        if (sz >= AES_BLOCK_SIZE) { /* extra sanity check before copy */
+        XMEMCPY(buf, tmp2, WC_AES_BLOCK_SIZE);
+        if (sz >= WC_AES_BLOCK_SIZE) { /* extra sanity check before copy */
             return BUFFER_E;
         }
         XMEMCPY(buf, in,   sz);
         XMEMCPY(out, tmp2, sz);
 
-        xorbuf(buf, i, AES_BLOCK_SIZE);
+        xorbuf(buf, i, WC_AES_BLOCK_SIZE);
         ret = wc_AesDecryptDirect(aes, tmp2, buf);
         if (ret != 0)
             return ret;
-        xorbuf(tmp2, i, AES_BLOCK_SIZE);
-        XMEMCPY(out - AES_BLOCK_SIZE, tmp2, AES_BLOCK_SIZE);
+        xorbuf(tmp2, i, WC_AES_BLOCK_SIZE);
+        XMEMCPY(out - WC_AES_BLOCK_SIZE, tmp2, WC_AES_BLOCK_SIZE);
     }
 
     return ret;
@@ -13237,7 +13735,7 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
  * in    input cipher text buffer to decrypt
  * sz    size of both out and in buffers
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
  *       adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
@@ -13259,10 +13757,10 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
 #endif
 
 /* FIPS TODO: SP800-38E - Restrict data unit to 2^20 blocks per key. A block is
- * AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to
- * protect up to 1,048,576 blocks of AES_BLOCK_SIZE (16,777,216 bytes or
+ * WC_AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to
+ * protect up to 1,048,576 blocks of WC_AES_BLOCK_SIZE (16,777,216 bytes or
  * 134,217,728-bits) Add helpful printout and message along with BAD_FUNC_ARG
- * return whenever sz / AES_BLOCK_SIZE > 1,048,576 or equal to that and sz is
+ * return whenever sz / WC_AES_BLOCK_SIZE > 1,048,576 or equal to that and sz is
  * not a sequence of complete blocks.
  */
 
@@ -13271,11 +13769,11 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         return BAD_FUNC_ARG;
     }
 
-    if (iSz < AES_BLOCK_SIZE) {
+    if (iSz < WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
-    if (sz < AES_BLOCK_SIZE) {
+    if (sz < WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("Cipher text input too small for decryption");
         return BAD_FUNC_ARG;
     }
@@ -13304,6 +13802,13 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
             RESTORE_VECTOR_REGISTERS();
         }
         else
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+      !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (aes->use_aes_hw_crypto) {
+            AES_XTS_decrypt_AARCH64(xaes, out, in, sz, i);
+            ret = 0;
+        }
+        else
 #endif
         {
             ret = AesXtsDecrypt_sw(xaes, out, in, sz, i);
@@ -13319,7 +13824,7 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
  *
  * xaes  AES keys to use for block encrypt/decrypt
  * i     readwrite value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input
  *       adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
@@ -13345,11 +13850,11 @@ int wc_AesXtsDecryptInit(XtsAes* xaes, const byte* i, word32 iSz,
         return BAD_FUNC_ARG;
     }
 
-    if (iSz < AES_BLOCK_SIZE) {
+    if (iSz < WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
-    XMEMCPY(stream->tweak_block, i, AES_BLOCK_SIZE);
+    XMEMCPY(stream->tweak_block, i, WC_AES_BLOCK_SIZE);
     stream->bytes_crypted_with_this_tweak = 0;
 
     {
@@ -13386,15 +13891,15 @@ int wc_AesXtsDecryptInit(XtsAes* xaes, const byte* i, word32 iSz,
 
 /* Block-streaming AES-XTS
  *
- * Note that sz must be >= AES_BLOCK_SIZE in each call, and must be a multiple
- * of AES_BLOCK_SIZE in each call to wc_AesXtsDecryptUpdate().
- * wc_AesXtsDecryptFinal() can handle any length >= AES_BLOCK_SIZE.
+ * Note that sz must be >= WC_AES_BLOCK_SIZE in each call, and must be a multiple
+ * of WC_AES_BLOCK_SIZE in each call to wc_AesXtsDecryptUpdate().
+ * wc_AesXtsDecryptFinal() can handle any length >= WC_AES_BLOCK_SIZE.
  *
  * xaes  AES keys to use for block encrypt/decrypt
  * out   output buffer to hold plain text
  * in    input cipher text buffer to decrypt
  * sz    size of both out and in buffers
- * i     tweak buffer of size AES_BLOCK_SIZE.
+ * i     tweak buffer of size WC_AES_BLOCK_SIZE.
  *
  * returns 0 on success
  */
@@ -13418,12 +13923,12 @@ static int AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 s
 #endif
 #endif
 
-    if (sz < AES_BLOCK_SIZE) {
+    if (sz < WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("Cipher text input too small for decryption");
         return BAD_FUNC_ARG;
     }
 
-    if (stream->bytes_crypted_with_this_tweak & ((word32)AES_BLOCK_SIZE - 1U))
+    if (stream->bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))
     {
         WOLFSSL_MSG("Call to AesXtsDecryptUpdate after previous finalizing call");
         return BAD_FUNC_ARG;
@@ -13473,7 +13978,7 @@ int wc_AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
 {
     if (stream == NULL)
         return BAD_FUNC_ARG;
-    if (sz & ((word32)AES_BLOCK_SIZE - 1U))
+    if (sz & ((word32)WC_AES_BLOCK_SIZE - 1U))
         return BAD_FUNC_ARG;
     return AesXtsDecryptUpdate(xaes, out, in, sz, stream);
 }
@@ -13488,20 +13993,19 @@ int wc_AesXtsDecryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         ret = AesXtsDecryptUpdate(xaes, out, in, sz, stream);
     else
         ret = 0;
-    ForceZero(stream->tweak_block, AES_BLOCK_SIZE);
+    ForceZero(stream->tweak_block, WC_AES_BLOCK_SIZE);
     /* force the count odd, to assure error on attempt to AesXtsEncryptUpdate()
      * after finalization.
      */
     stream->bytes_crypted_with_this_tweak |= 1U;
 #ifdef WOLFSSL_CHECK_MEM_ZERO
-    wc_MemZero_Check(stream->tweak_block, AES_BLOCK_SIZE);
+    wc_MemZero_Check(stream->tweak_block, WC_AES_BLOCK_SIZE);
 #endif
     return ret;
 }
 
 #endif /* WOLFSSL_AESXTS_STREAM */
-
-#endif /* !WOLFSSL_ARMASM || WOLFSSL_ARMASM_NO_HW_CRYPTO */
+#endif
 
 /* Same as wc_AesXtsEncryptSector but the sector gets incremented by one every
  * sectorSz bytes
@@ -13527,7 +14031,7 @@ int wc_AesXtsEncryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in,
         return BAD_FUNC_ARG;
     }
 
-    if (sz < AES_BLOCK_SIZE) {
+    if (sz < WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("Cipher text input too small for encryption");
         return BAD_FUNC_ARG;
     }
@@ -13576,7 +14080,7 @@ int wc_AesXtsDecryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in,
         return BAD_FUNC_ARG;
     }
 
-    if (sz < AES_BLOCK_SIZE) {
+    if (sz < WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("Cipher text input too small for decryption");
         return BAD_FUNC_ARG;
     }
@@ -13609,7 +14113,7 @@ int wc_AesXtsDecryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in,
  * See RFC 5297 Section 2.4.
  */
 static WARN_UNUSED_RESULT int S2V(
-    const byte* key, word32 keySz, const byte* assoc, word32 assocSz,
+    const byte* key, word32 keySz, const AesSivAssoc* assoc, word32 numAssoc,
     const byte* nonce, word32 nonceSz, const byte* data,
     word32 dataSz, byte* out)
 {
@@ -13618,16 +14122,18 @@ static WARN_UNUSED_RESULT int S2V(
     int i;
     Cmac* cmac;
 #else
-    byte tmp[3][AES_BLOCK_SIZE];
+    byte tmp[3][WC_AES_BLOCK_SIZE];
     Cmac cmac[1];
 #endif
-    word32 macSz = AES_BLOCK_SIZE;
+    word32 macSz = WC_AES_BLOCK_SIZE;
     int ret = 0;
+    byte tmpi = 0;
+    word32 ai;
     word32 zeroBytes;
 
 #ifdef WOLFSSL_SMALL_STACK
     for (i = 0; i < 3; ++i) {
-        tmp[i] = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        tmp[i] = (byte*)XMALLOC(WC_AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp[i] == NULL) {
             ret = MEMORY_E;
             break;
@@ -13635,38 +14141,54 @@ static WARN_UNUSED_RESULT int S2V(
     }
     if (ret == 0)
 #endif
-    {
-        XMEMSET(tmp[1], 0, AES_BLOCK_SIZE);
-        XMEMSET(tmp[2], 0, AES_BLOCK_SIZE);
 
-        ret = wc_AesCmacGenerate(tmp[0], &macSz, tmp[1], AES_BLOCK_SIZE,
+    if ((numAssoc > 126) || ((nonceSz > 0) && (numAssoc > 125))) {
+        /* See RFC 5297 Section 7. */
+        WOLFSSL_MSG("Maximum number of ADs (including the nonce) for AES SIV is"
+                    " 126.");
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        XMEMSET(tmp[1], 0, WC_AES_BLOCK_SIZE);
+        XMEMSET(tmp[2], 0, WC_AES_BLOCK_SIZE);
+
+        ret = wc_AesCmacGenerate(tmp[0], &macSz, tmp[1], WC_AES_BLOCK_SIZE,
                                  key, keySz);
-        if (ret == 0) {
-            ShiftAndXorRb(tmp[1], tmp[0]);
-            ret = wc_AesCmacGenerate(tmp[0], &macSz, assoc, assocSz, key,
-                                     keySz);
+    }
+
+    if (ret == 0) {
+        /* Loop over authenticated associated data AD1..ADn */
+        for (ai = 0; ai < numAssoc; ++ai) {
+            ShiftAndXorRb(tmp[1-tmpi], tmp[tmpi]);
+            ret = wc_AesCmacGenerate(tmp[tmpi], &macSz, assoc[ai].assoc,
+                                     assoc[ai].assocSz, key, keySz);
+            if (ret != 0)
+                break;
+            xorbuf(tmp[1-tmpi], tmp[tmpi], WC_AES_BLOCK_SIZE);
+            tmpi = (byte)(1 - tmpi);
+        }
+
+        /* Add nonce as final AD. See RFC 5297 Section 3. */
+        if ((ret == 0) && (nonceSz > 0)) {
+            ShiftAndXorRb(tmp[1-tmpi], tmp[tmpi]);
+            ret = wc_AesCmacGenerate(tmp[tmpi], &macSz, nonce,
+                                     nonceSz, key, keySz);
             if (ret == 0) {
-                xorbuf(tmp[1], tmp[0], AES_BLOCK_SIZE);
+                xorbuf(tmp[1-tmpi], tmp[tmpi], WC_AES_BLOCK_SIZE);
             }
+            tmpi = (byte)(1U - tmpi);
+        }
+
+        /* For simplicity of the remaining code, make sure the "final" result
+           is always in tmp[0]. */
+        if (tmpi == 1) {
+            XMEMCPY(tmp[0], tmp[1], WC_AES_BLOCK_SIZE);
         }
     }
 
     if (ret == 0) {
-        if (nonceSz > 0) {
-            ShiftAndXorRb(tmp[0], tmp[1]);
-            ret = wc_AesCmacGenerate(tmp[1], &macSz, nonce, nonceSz, key,
-                                     keySz);
-            if (ret == 0) {
-                xorbuf(tmp[0], tmp[1], AES_BLOCK_SIZE);
-            }
-        }
-        else {
-            XMEMCPY(tmp[0], tmp[1], AES_BLOCK_SIZE);
-        }
-    }
-
-    if (ret == 0) {
-        if (dataSz >= AES_BLOCK_SIZE) {
+        if (dataSz >= WC_AES_BLOCK_SIZE) {
 
         #ifdef WOLFSSL_SMALL_STACK
             cmac = (Cmac*)XMALLOC(sizeof(Cmac), NULL, DYNAMIC_TYPE_CMAC);
@@ -13682,14 +14204,14 @@ static WARN_UNUSED_RESULT int S2V(
                     ((unsigned char *)cmac) + sizeof(Aes),
                     sizeof(Cmac) - sizeof(Aes));
             #endif
-                xorbuf(tmp[0], data + (dataSz - AES_BLOCK_SIZE),
-                       AES_BLOCK_SIZE);
+                xorbuf(tmp[0], data + (dataSz - WC_AES_BLOCK_SIZE),
+                       WC_AES_BLOCK_SIZE);
                 ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL);
                 if (ret == 0) {
-                    ret = wc_CmacUpdate(cmac, data, dataSz - AES_BLOCK_SIZE);
+                    ret = wc_CmacUpdate(cmac, data, dataSz - WC_AES_BLOCK_SIZE);
                 }
                 if (ret == 0) {
-                    ret = wc_CmacUpdate(cmac, tmp[0], AES_BLOCK_SIZE);
+                    ret = wc_CmacUpdate(cmac, tmp[0], WC_AES_BLOCK_SIZE);
                 }
                 if (ret == 0) {
                     ret = wc_CmacFinal(cmac, out, &macSz);
@@ -13704,13 +14226,13 @@ static WARN_UNUSED_RESULT int S2V(
         else {
             XMEMCPY(tmp[2], data, dataSz);
             tmp[2][dataSz] |= 0x80;
-            zeroBytes = AES_BLOCK_SIZE - (dataSz + 1);
+            zeroBytes = WC_AES_BLOCK_SIZE - (dataSz + 1);
             if (zeroBytes != 0) {
                 XMEMSET(tmp[2] + dataSz + 1, 0, zeroBytes);
             }
             ShiftAndXorRb(tmp[1], tmp[0]);
-            xorbuf(tmp[1], tmp[2], AES_BLOCK_SIZE);
-            ret = wc_AesCmacGenerate(out, &macSz, tmp[1], AES_BLOCK_SIZE, key,
+            xorbuf(tmp[1], tmp[2], WC_AES_BLOCK_SIZE);
+            ret = wc_AesCmacGenerate(out, &macSz, tmp[1], WC_AES_BLOCK_SIZE, key,
                                      keySz);
         }
     }
@@ -13727,8 +14249,8 @@ static WARN_UNUSED_RESULT int S2V(
 }
 
 static WARN_UNUSED_RESULT int AesSivCipher(
-    const byte* key, word32 keySz, const byte* assoc,
-    word32 assocSz, const byte* nonce, word32 nonceSz,
+    const byte* key, word32 keySz, const AesSivAssoc* assoc,
+    word32 numAssoc, const byte* nonce, word32 nonceSz,
     const byte* data, word32 dataSz, byte* siv, byte* out,
     int enc)
 {
@@ -13738,7 +14260,7 @@ static WARN_UNUSED_RESULT int AesSivCipher(
 #else
     Aes aes[1];
 #endif
-    byte sivTmp[AES_BLOCK_SIZE];
+    byte sivTmp[WC_AES_BLOCK_SIZE];
 
     if (key == NULL || siv == NULL || out == NULL) {
         WOLFSSL_MSG("Bad parameter");
@@ -13752,31 +14274,26 @@ static WARN_UNUSED_RESULT int AesSivCipher(
 
     if (ret == 0) {
         if (enc == 1) {
-            ret = S2V(key, keySz / 2, assoc, assocSz, nonce, nonceSz, data,
+            ret = S2V(key, keySz / 2, assoc, numAssoc, nonce, nonceSz, data,
                       dataSz, sivTmp);
             if (ret != 0) {
                 WOLFSSL_MSG("S2V failed.");
             }
             else {
-                XMEMCPY(siv, sivTmp, AES_BLOCK_SIZE);
+                XMEMCPY(siv, sivTmp, WC_AES_BLOCK_SIZE);
             }
         }
         else {
-            XMEMCPY(sivTmp, siv, AES_BLOCK_SIZE);
+            XMEMCPY(sivTmp, siv, WC_AES_BLOCK_SIZE);
         }
     }
 
+    if (ret == 0) {
 #ifdef WOLFSSL_SMALL_STACK
-    if (ret == 0) {
-        aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES);
-        if (aes == NULL) {
-            ret = MEMORY_E;
-        }
-    }
-#endif
-
-    if (ret == 0) {
+        aes = wc_AesNew(NULL, INVALID_DEVID, &ret);
+#else
         ret = wc_AesInit(aes, NULL, INVALID_DEVID);
+#endif
         if (ret != 0) {
             WOLFSSL_MSG("Failed to initialized AES object.");
         }
@@ -13799,21 +14316,22 @@ static WARN_UNUSED_RESULT int AesSivCipher(
     }
 
     if (ret == 0 && enc == 0) {
-        ret = S2V(key, keySz / 2, assoc, assocSz, nonce, nonceSz, out, dataSz,
+        ret = S2V(key, keySz / 2, assoc, numAssoc, nonce, nonceSz, out, dataSz,
                   sivTmp);
         if (ret != 0) {
             WOLFSSL_MSG("S2V failed.");
         }
 
-        if (XMEMCMP(siv, sivTmp, AES_BLOCK_SIZE) != 0) {
+        if (XMEMCMP(siv, sivTmp, WC_AES_BLOCK_SIZE) != 0) {
             WOLFSSL_MSG("Computed SIV doesn't match received SIV.");
             ret = AES_SIV_AUTH_E;
         }
     }
 
-    wc_AesFree(aes);
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, NULL);
+#else
+    wc_AesFree(aes);
 #endif
 
     return ret;
@@ -13826,7 +14344,10 @@ int wc_AesSivEncrypt(const byte* key, word32 keySz, const byte* assoc,
                      word32 assocSz, const byte* nonce, word32 nonceSz,
                      const byte* in, word32 inSz, byte* siv, byte* out)
 {
-    return AesSivCipher(key, keySz, assoc, assocSz, nonce, nonceSz, in, inSz,
+    AesSivAssoc ad;
+    ad.assoc = assoc;
+    ad.assocSz = assocSz;
+    return AesSivCipher(key, keySz, &ad, 1U, nonce, nonceSz, in, inSz,
                         siv, out, 1);
 }
 
@@ -13837,7 +14358,32 @@ int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc,
                      word32 assocSz, const byte* nonce, word32 nonceSz,
                      const byte* in, word32 inSz, byte* siv, byte* out)
 {
-    return AesSivCipher(key, keySz, assoc, assocSz, nonce, nonceSz, in, inSz,
+    AesSivAssoc ad;
+    ad.assoc = assoc;
+    ad.assocSz = assocSz;
+    return AesSivCipher(key, keySz, &ad, 1U, nonce, nonceSz, in, inSz,
+                        siv, out, 0);
+}
+
+/*
+ * See RFC 5297 Section 2.6.
+ */
+int wc_AesSivEncrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc,
+                        word32 numAssoc, const byte* nonce, word32 nonceSz,
+                        const byte* in, word32 inSz, byte* siv, byte* out)
+{
+    return AesSivCipher(key, keySz, assoc, numAssoc, nonce, nonceSz, in, inSz,
+                        siv, out, 1);
+}
+
+/*
+ * See RFC 5297 Section 2.7.
+ */
+int wc_AesSivDecrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc,
+                        word32 numAssoc, const byte* nonce, word32 nonceSz,
+                        const byte* in, word32 inSz, byte* siv, byte* out)
+{
+    return AesSivCipher(key, keySz, assoc, numAssoc, nonce, nonceSz, in, inSz,
                         siv, out, 0);
 }
 
@@ -14034,7 +14580,7 @@ int  wc_AesEaxInit(AesEax* eax,
         goto out;
     }
 
-    cmacSize = AES_BLOCK_SIZE;
+    cmacSize = WC_AES_BLOCK_SIZE;
     if ((ret = wc_CmacFinal(&eax->nonceCmac,
                             eax->nonceCmacFinal,
                             &cmacSize)) != 0) {
@@ -14051,7 +14597,7 @@ int  wc_AesEaxInit(AesEax* eax,
      * provided
      *   H' = OMAC^1_K(H)
      */
-    eax->prefixBuf[AES_BLOCK_SIZE-1] = 1;
+    eax->prefixBuf[WC_AES_BLOCK_SIZE-1] = 1;
     if ((ret = wc_InitCmac(&eax->aadCmac,
                            key,
                            keySz,
@@ -14078,7 +14624,7 @@ int  wc_AesEaxInit(AesEax* eax,
      * updated in subsequent calls to encrypt/decrypt
      *  C' = OMAC^2_K(C)
      */
-    eax->prefixBuf[AES_BLOCK_SIZE-1] = 2;
+    eax->prefixBuf[WC_AES_BLOCK_SIZE-1] = 2;
     if ((ret = wc_InitCmac(&eax->ciphertextCmac,
                            key,
                            keySz,
@@ -14226,12 +14772,12 @@ int wc_AesEaxEncryptFinal(AesEax* eax, byte* authTag, word32 authTagSz)
     int ret;
     word32 i;
 
-    if (eax == NULL || authTag == NULL || authTagSz > AES_BLOCK_SIZE) {
+    if (eax == NULL || authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
     /* Complete the OMAC for the ciphertext */
-    cmacSize = AES_BLOCK_SIZE;
+    cmacSize = WC_AES_BLOCK_SIZE;
     if ((ret = wc_CmacFinalNoFree(&eax->ciphertextCmac,
                                   eax->ciphertextCmacFinal,
                                   &cmacSize)) != 0) {
@@ -14239,7 +14785,7 @@ int wc_AesEaxEncryptFinal(AesEax* eax, byte* authTag, word32 authTagSz)
     }
 
     /* Complete the OMAC for auth data */
-    cmacSize = AES_BLOCK_SIZE;
+    cmacSize = WC_AES_BLOCK_SIZE;
     if ((ret = wc_CmacFinalNoFree(&eax->aadCmac,
                                   eax->aadCmacFinal,
                                   &cmacSize)) != 0) {
@@ -14280,15 +14826,15 @@ int wc_AesEaxDecryptFinal(AesEax* eax,
 #if defined(WOLFSSL_SMALL_STACK)
     byte *authTag;
 #else
-    byte authTag[AES_BLOCK_SIZE];
+    byte authTag[WC_AES_BLOCK_SIZE];
 #endif
 
-    if (eax == NULL || authIn == NULL || authInSz > AES_BLOCK_SIZE) {
+    if (eax == NULL || authIn == NULL || authInSz > WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
     /* Complete the OMAC for the ciphertext */
-    cmacSize = AES_BLOCK_SIZE;
+    cmacSize = WC_AES_BLOCK_SIZE;
     if ((ret = wc_CmacFinalNoFree(&eax->ciphertextCmac,
                                   eax->ciphertextCmacFinal,
                                   &cmacSize)) != 0) {
@@ -14296,7 +14842,7 @@ int wc_AesEaxDecryptFinal(AesEax* eax,
     }
 
     /* Complete the OMAC for auth data */
-    cmacSize = AES_BLOCK_SIZE;
+    cmacSize = WC_AES_BLOCK_SIZE;
     if ((ret = wc_CmacFinalNoFree(&eax->aadCmac,
                                   eax->aadCmacFinal,
                                   &cmacSize)) != 0) {
@@ -14304,7 +14850,7 @@ int wc_AesEaxDecryptFinal(AesEax* eax,
     }
 
 #if defined(WOLFSSL_SMALL_STACK)
-    authTag = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    authTag = (byte*)XMALLOC(WC_AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (authTag == NULL) {
         return MEMORY_E;
     }
diff --git a/wolfcrypt/src/aes_asm.S b/wolfcrypt/src/aes_asm.S
index c8d3ca703..f3e9b973d 100644
--- a/wolfcrypt/src/aes_asm.S
+++ b/wolfcrypt/src/aes_asm.S
@@ -1,6 +1,6 @@
 /* aes_asm.S
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/aes_asm.asm b/wolfcrypt/src/aes_asm.asm
index c0cb58c63..c4f0495af 100644
--- a/wolfcrypt/src/aes_asm.asm
+++ b/wolfcrypt/src/aes_asm.asm
@@ -1,6 +1,6 @@
 ; /* aes_asm.asm
 ;  *
-; * Copyright (C) 2006-2024 wolfSSL Inc.
+; * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
diff --git a/wolfcrypt/src/aes_gcm_asm.S b/wolfcrypt/src/aes_gcm_asm.S
index 156354c40..5dd99ee6b 100644
--- a/wolfcrypt/src/aes_gcm_asm.S
+++ b/wolfcrypt/src/aes_gcm_asm.S
@@ -1,6 +1,6 @@
 /* aes_gcm_asm.S */
 /*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,7 +42,9 @@
 #define HAVE_INTEL_AVX1
 #endif /* HAVE_INTEL_AVX1 */
 #ifndef NO_AVX2_SUPPORT
+#ifndef HAVE_INTEL_AVX2
 #define HAVE_INTEL_AVX2
+#endif /* HAVE_INTEL_AVX2 */
 #endif /* NO_AVX2_SUPPORT */
 
 #ifdef WOLFSSL_X86_64_BUILD
@@ -56,6 +58,272 @@
 #else
 .p2align	4
 #endif /* __APPLE__ */
+L_GCM_generate_m0_aesni_rev8:
+.quad	0x8090a0b0c0d0e0f, 0x1020304050607
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_GCM_generate_m0_aesni_mod2_128:
+.quad	0x0, 0xe100000000000000
+#ifndef __APPLE__
+.text
+.globl	GCM_generate_m0_aesni
+.type	GCM_generate_m0_aesni,@function
+.align	16
+GCM_generate_m0_aesni:
+#else
+.section	__TEXT,__text
+.globl	_GCM_generate_m0_aesni
+.p2align	4
+_GCM_generate_m0_aesni:
+#endif /* __APPLE__ */
+        movdqu	L_GCM_generate_m0_aesni_rev8(%rip), %xmm9
+        movdqu	L_GCM_generate_m0_aesni_mod2_128(%rip), %xmm10
+        pxor	%xmm8, %xmm8
+        movdqu	(%rdi), %xmm0
+        movdqu	%xmm8, (%rsi)
+        movdqu	%xmm0, %xmm8
+        pshufb	%xmm9, %xmm0
+        movdqu	%xmm0, %xmm5
+        movdqu	%xmm0, %xmm4
+        psllq	$63, %xmm5
+        psrlq	$0x01, %xmm4
+        movdqu	%xmm5, %xmm1
+        pslldq	$8, %xmm1
+        psrldq	$8, %xmm5
+        pshufd	$0xff, %xmm1, %xmm1
+        por	%xmm5, %xmm4
+        psrad	$31, %xmm1
+        pand	%xmm10, %xmm1
+        pxor	%xmm4, %xmm1
+        movdqu	%xmm1, %xmm5
+        movdqu	%xmm1, %xmm4
+        psllq	$63, %xmm5
+        psrlq	$0x01, %xmm4
+        movdqu	%xmm5, %xmm2
+        pslldq	$8, %xmm2
+        psrldq	$8, %xmm5
+        pshufd	$0xff, %xmm2, %xmm2
+        por	%xmm5, %xmm4
+        psrad	$31, %xmm2
+        pand	%xmm10, %xmm2
+        pxor	%xmm4, %xmm2
+        movdqu	%xmm2, %xmm5
+        movdqu	%xmm2, %xmm4
+        psllq	$63, %xmm5
+        psrlq	$0x01, %xmm4
+        movdqu	%xmm5, %xmm3
+        pslldq	$8, %xmm3
+        psrldq	$8, %xmm5
+        pshufd	$0xff, %xmm3, %xmm3
+        por	%xmm5, %xmm4
+        psrad	$31, %xmm3
+        pand	%xmm10, %xmm3
+        pxor	%xmm4, %xmm3
+        pshufb	%xmm9, %xmm3
+        pshufb	%xmm9, %xmm2
+        movdqu	%xmm3, %xmm8
+        pshufb	%xmm9, %xmm1
+        pshufb	%xmm9, %xmm0
+        pxor	%xmm2, %xmm8
+        movdqu	%xmm3, 16(%rsi)
+        movdqu	%xmm2, 32(%rsi)
+        movdqu	%xmm8, 48(%rsi)
+        movdqu	%xmm1, 64(%rsi)
+        movdqu	%xmm3, %xmm4
+        movdqu	%xmm2, %xmm5
+        movdqu	%xmm8, %xmm6
+        pxor	%xmm1, %xmm4
+        pxor	%xmm1, %xmm5
+        pxor	%xmm1, %xmm6
+        movdqu	%xmm4, 80(%rsi)
+        movdqu	%xmm5, 96(%rsi)
+        movdqu	%xmm6, 112(%rsi)
+        movdqu	%xmm0, 128(%rsi)
+        pxor	%xmm0, %xmm1
+        movdqu	%xmm3, %xmm4
+        movdqu	%xmm2, %xmm6
+        pxor	%xmm0, %xmm4
+        pxor	%xmm0, %xmm6
+        movdqu	%xmm4, 144(%rsi)
+        movdqu	%xmm6, 160(%rsi)
+        pxor	%xmm3, %xmm6
+        movdqu	%xmm6, 176(%rsi)
+        movdqu	%xmm1, 192(%rsi)
+        movdqu	%xmm3, %xmm4
+        movdqu	%xmm2, %xmm5
+        movdqu	%xmm8, %xmm6
+        pxor	%xmm1, %xmm4
+        pxor	%xmm1, %xmm5
+        pxor	%xmm1, %xmm6
+        movdqu	%xmm4, 208(%rsi)
+        movdqu	%xmm5, 224(%rsi)
+        movdqu	%xmm6, 240(%rsi)
+        movdqu	(%rsi), %xmm0
+        movdqu	16(%rsi), %xmm1
+        movdqu	32(%rsi), %xmm2
+        movdqu	48(%rsi), %xmm3
+        pshufb	%xmm9, %xmm0
+        pshufb	%xmm9, %xmm1
+        pshufb	%xmm9, %xmm2
+        pshufb	%xmm9, %xmm3
+        movdqu	%xmm0, %xmm4
+        movdqu	%xmm1, %xmm5
+        movdqu	%xmm2, %xmm6
+        movdqu	%xmm3, %xmm7
+        psllq	$60, %xmm4
+        psllq	$60, %xmm5
+        psllq	$60, %xmm6
+        psllq	$60, %xmm7
+        psrlq	$4, %xmm0
+        psrlq	$4, %xmm1
+        psrlq	$4, %xmm2
+        psrlq	$4, %xmm3
+        psrldq	$8, %xmm4
+        psrldq	$8, %xmm5
+        psrldq	$8, %xmm6
+        psrldq	$8, %xmm7
+        por	%xmm4, %xmm0
+        por	%xmm5, %xmm1
+        por	%xmm6, %xmm2
+        por	%xmm7, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        movdqu	%xmm0, 256(%rsi)
+        movdqu	%xmm1, 272(%rsi)
+        movdqu	%xmm2, 288(%rsi)
+        movdqu	%xmm3, 304(%rsi)
+        movdqu	64(%rsi), %xmm0
+        movdqu	80(%rsi), %xmm1
+        movdqu	96(%rsi), %xmm2
+        movdqu	112(%rsi), %xmm3
+        pshufb	%xmm9, %xmm0
+        pshufb	%xmm9, %xmm1
+        pshufb	%xmm9, %xmm2
+        pshufb	%xmm9, %xmm3
+        movdqu	%xmm0, %xmm4
+        movdqu	%xmm1, %xmm5
+        movdqu	%xmm2, %xmm6
+        movdqu	%xmm3, %xmm7
+        psllq	$60, %xmm4
+        psllq	$60, %xmm5
+        psllq	$60, %xmm6
+        psllq	$60, %xmm7
+        psrlq	$4, %xmm0
+        psrlq	$4, %xmm1
+        psrlq	$4, %xmm2
+        psrlq	$4, %xmm3
+        psrldq	$8, %xmm4
+        psrldq	$8, %xmm5
+        psrldq	$8, %xmm6
+        psrldq	$8, %xmm7
+        por	%xmm4, %xmm0
+        por	%xmm5, %xmm1
+        por	%xmm6, %xmm2
+        por	%xmm7, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        movdqu	%xmm0, 320(%rsi)
+        movdqu	%xmm1, 336(%rsi)
+        movdqu	%xmm2, 352(%rsi)
+        movdqu	%xmm3, 368(%rsi)
+        movdqu	128(%rsi), %xmm0
+        movdqu	144(%rsi), %xmm1
+        movdqu	160(%rsi), %xmm2
+        movdqu	176(%rsi), %xmm3
+        pshufb	%xmm9, %xmm0
+        pshufb	%xmm9, %xmm1
+        pshufb	%xmm9, %xmm2
+        pshufb	%xmm9, %xmm3
+        movdqu	%xmm0, %xmm4
+        movdqu	%xmm1, %xmm5
+        movdqu	%xmm2, %xmm6
+        movdqu	%xmm3, %xmm7
+        psllq	$60, %xmm4
+        psllq	$60, %xmm5
+        psllq	$60, %xmm6
+        psllq	$60, %xmm7
+        psrlq	$4, %xmm0
+        psrlq	$4, %xmm1
+        psrlq	$4, %xmm2
+        psrlq	$4, %xmm3
+        psrldq	$8, %xmm4
+        psrldq	$8, %xmm5
+        psrldq	$8, %xmm6
+        psrldq	$8, %xmm7
+        por	%xmm4, %xmm0
+        por	%xmm5, %xmm1
+        por	%xmm6, %xmm2
+        por	%xmm7, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        movdqu	%xmm0, 384(%rsi)
+        movdqu	%xmm1, 400(%rsi)
+        movdqu	%xmm2, 416(%rsi)
+        movdqu	%xmm3, 432(%rsi)
+        movdqu	192(%rsi), %xmm0
+        movdqu	208(%rsi), %xmm1
+        movdqu	224(%rsi), %xmm2
+        movdqu	240(%rsi), %xmm3
+        pshufb	%xmm9, %xmm0
+        pshufb	%xmm9, %xmm1
+        pshufb	%xmm9, %xmm2
+        pshufb	%xmm9, %xmm3
+        movdqu	%xmm0, %xmm4
+        movdqu	%xmm1, %xmm5
+        movdqu	%xmm2, %xmm6
+        movdqu	%xmm3, %xmm7
+        psllq	$60, %xmm4
+        psllq	$60, %xmm5
+        psllq	$60, %xmm6
+        psllq	$60, %xmm7
+        psrlq	$4, %xmm0
+        psrlq	$4, %xmm1
+        psrlq	$4, %xmm2
+        psrlq	$4, %xmm3
+        psrldq	$8, %xmm4
+        psrldq	$8, %xmm5
+        psrldq	$8, %xmm6
+        psrldq	$8, %xmm7
+        por	%xmm4, %xmm0
+        por	%xmm5, %xmm1
+        por	%xmm6, %xmm2
+        por	%xmm7, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        movdqu	%xmm0, 448(%rsi)
+        movdqu	%xmm1, 464(%rsi)
+        movdqu	%xmm2, 480(%rsi)
+        movdqu	%xmm3, 496(%rsi)
+        repz retq
+#ifndef __APPLE__
+.size	GCM_generate_m0_aesni,.-GCM_generate_m0_aesni
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
 L_aes_gcm_one:
 .quad	0x0, 0x1
 #ifndef __APPLE__
@@ -6221,6 +6489,238 @@ L_AES_GCM_decrypt_final_aesni_cmp_tag_done:
 #else
 .p2align	4
 #endif /* __APPLE__ */
+L_GCM_generate_m0_avx1_rev8:
+.quad	0x8090a0b0c0d0e0f, 0x1020304050607
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_GCM_generate_m0_avx1_mod2_128:
+.quad	0x0, 0xe100000000000000
+#ifndef __APPLE__
+.text
+.globl	GCM_generate_m0_avx1
+.type	GCM_generate_m0_avx1,@function
+.align	16
+GCM_generate_m0_avx1:
+#else
+.section	__TEXT,__text
+.globl	_GCM_generate_m0_avx1
+.p2align	4
+_GCM_generate_m0_avx1:
+#endif /* __APPLE__ */
+        vmovdqu	L_GCM_generate_m0_avx1_rev8(%rip), %xmm9
+        vmovdqu	L_GCM_generate_m0_avx1_mod2_128(%rip), %xmm10
+        vpxor	%xmm8, %xmm8, %xmm8
+        vmovdqu	(%rdi), %xmm0
+        vmovdqu	%xmm8, (%rsi)
+        vmovdqu	%xmm0, %xmm8
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpsllq	$63, %xmm0, %xmm5
+        vpsrlq	$0x01, %xmm0, %xmm4
+        vpslldq	$8, %xmm5, %xmm1
+        vpsrldq	$8, %xmm5, %xmm5
+        vpshufd	$0xff, %xmm1, %xmm1
+        vpor	%xmm5, %xmm4, %xmm4
+        vpsrad	$31, %xmm1, %xmm1
+        vpand	%xmm10, %xmm1, %xmm1
+        vpxor	%xmm4, %xmm1, %xmm1
+        vpsllq	$63, %xmm1, %xmm5
+        vpsrlq	$0x01, %xmm1, %xmm4
+        vpslldq	$8, %xmm5, %xmm2
+        vpsrldq	$8, %xmm5, %xmm5
+        vpshufd	$0xff, %xmm2, %xmm2
+        vpor	%xmm5, %xmm4, %xmm4
+        vpsrad	$31, %xmm2, %xmm2
+        vpand	%xmm10, %xmm2, %xmm2
+        vpxor	%xmm4, %xmm2, %xmm2
+        vpsllq	$63, %xmm2, %xmm5
+        vpsrlq	$0x01, %xmm2, %xmm4
+        vpslldq	$8, %xmm5, %xmm3
+        vpsrldq	$8, %xmm5, %xmm5
+        vpshufd	$0xff, %xmm3, %xmm3
+        vpor	%xmm5, %xmm4, %xmm4
+        vpsrad	$31, %xmm3, %xmm3
+        vpand	%xmm10, %xmm3, %xmm3
+        vpxor	%xmm4, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpxor	%xmm2, %xmm3, %xmm8
+        vmovdqu	%xmm3, 16(%rsi)
+        vmovdqu	%xmm2, 32(%rsi)
+        vmovdqu	%xmm8, 48(%rsi)
+        vmovdqu	%xmm1, 64(%rsi)
+        vpxor	%xmm1, %xmm3, %xmm4
+        vpxor	%xmm1, %xmm2, %xmm5
+        vpxor	%xmm1, %xmm8, %xmm6
+        vmovdqu	%xmm4, 80(%rsi)
+        vmovdqu	%xmm5, 96(%rsi)
+        vmovdqu	%xmm6, 112(%rsi)
+        vmovdqu	%xmm0, 128(%rsi)
+        vpxor	%xmm0, %xmm1, %xmm1
+        vpxor	%xmm0, %xmm3, %xmm4
+        vpxor	%xmm0, %xmm2, %xmm6
+        vmovdqu	%xmm4, 144(%rsi)
+        vmovdqu	%xmm6, 160(%rsi)
+        vpxor	%xmm6, %xmm3, %xmm6
+        vmovdqu	%xmm6, 176(%rsi)
+        vmovdqu	%xmm1, 192(%rsi)
+        vpxor	%xmm1, %xmm3, %xmm4
+        vpxor	%xmm1, %xmm2, %xmm5
+        vpxor	%xmm1, %xmm8, %xmm6
+        vmovdqu	%xmm4, 208(%rsi)
+        vmovdqu	%xmm5, 224(%rsi)
+        vmovdqu	%xmm6, 240(%rsi)
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 256(%rsi)
+        vmovdqu	%xmm1, 272(%rsi)
+        vmovdqu	%xmm2, 288(%rsi)
+        vmovdqu	%xmm3, 304(%rsi)
+        vmovdqu	64(%rsi), %xmm0
+        vmovdqu	80(%rsi), %xmm1
+        vmovdqu	96(%rsi), %xmm2
+        vmovdqu	112(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 320(%rsi)
+        vmovdqu	%xmm1, 336(%rsi)
+        vmovdqu	%xmm2, 352(%rsi)
+        vmovdqu	%xmm3, 368(%rsi)
+        vmovdqu	128(%rsi), %xmm0
+        vmovdqu	144(%rsi), %xmm1
+        vmovdqu	160(%rsi), %xmm2
+        vmovdqu	176(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 384(%rsi)
+        vmovdqu	%xmm1, 400(%rsi)
+        vmovdqu	%xmm2, 416(%rsi)
+        vmovdqu	%xmm3, 432(%rsi)
+        vmovdqu	192(%rsi), %xmm0
+        vmovdqu	208(%rsi), %xmm1
+        vmovdqu	224(%rsi), %xmm2
+        vmovdqu	240(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 448(%rsi)
+        vmovdqu	%xmm1, 464(%rsi)
+        vmovdqu	%xmm2, 480(%rsi)
+        vmovdqu	%xmm3, 496(%rsi)
+        repz retq
+#ifndef __APPLE__
+.size	GCM_generate_m0_avx1,.-GCM_generate_m0_avx1
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
 L_avx1_aes_gcm_one:
 .quad	0x0, 0x1
 #ifndef __APPLE__
@@ -9412,7 +9912,6 @@ L_AES_GCM_init_avx1_iv_done:
         vpaddd	L_avx1_aes_gcm_one(%rip), %xmm4, %xmm4
         vmovdqa	%xmm5, (%r8)
         vmovdqa	%xmm4, (%r9)
-        vzeroupper
         addq	$16, %rsp
         popq	%r13
         popq	%r12
@@ -9487,7 +9986,6 @@ L_AES_GCM_aad_update_avx1_16_loop:
         cmpl	%esi, %ecx
         jl	L_AES_GCM_aad_update_avx1_16_loop
         vmovdqa	%xmm5, (%rdx)
-        vzeroupper
         repz retq
 #ifndef __APPLE__
 .size	AES_GCM_aad_update_avx1,.-AES_GCM_aad_update_avx1
@@ -11454,6 +11952,238 @@ L_AES_GCM_decrypt_final_avx1_cmp_tag_done:
 #else
 .p2align	4
 #endif /* __APPLE__ */
+L_GCM_generate_m0_avx2_rev8:
+.quad	0x8090a0b0c0d0e0f, 0x1020304050607
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_GCM_generate_m0_avx2_mod2_128:
+.quad	0x0, 0xe100000000000000
+#ifndef __APPLE__
+.text
+.globl	GCM_generate_m0_avx2
+.type	GCM_generate_m0_avx2,@function
+.align	16
+GCM_generate_m0_avx2:
+#else
+.section	__TEXT,__text
+.globl	_GCM_generate_m0_avx2
+.p2align	4
+_GCM_generate_m0_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_GCM_generate_m0_avx2_rev8(%rip), %xmm9
+        vmovdqu	L_GCM_generate_m0_avx2_mod2_128(%rip), %xmm10
+        vpxor	%xmm8, %xmm8, %xmm8
+        vmovdqu	(%rdi), %xmm0
+        vmovdqu	%xmm8, (%rsi)
+        vmovdqu	%xmm0, %xmm8
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpsllq	$63, %xmm0, %xmm5
+        vpsrlq	$0x01, %xmm0, %xmm4
+        vpslldq	$8, %xmm5, %xmm1
+        vpsrldq	$8, %xmm5, %xmm5
+        vpshufd	$0xff, %xmm1, %xmm1
+        vpor	%xmm5, %xmm4, %xmm4
+        vpsrad	$31, %xmm1, %xmm1
+        vpand	%xmm10, %xmm1, %xmm1
+        vpxor	%xmm4, %xmm1, %xmm1
+        vpsllq	$63, %xmm1, %xmm5
+        vpsrlq	$0x01, %xmm1, %xmm4
+        vpslldq	$8, %xmm5, %xmm2
+        vpsrldq	$8, %xmm5, %xmm5
+        vpshufd	$0xff, %xmm2, %xmm2
+        vpor	%xmm5, %xmm4, %xmm4
+        vpsrad	$31, %xmm2, %xmm2
+        vpand	%xmm10, %xmm2, %xmm2
+        vpxor	%xmm4, %xmm2, %xmm2
+        vpsllq	$63, %xmm2, %xmm5
+        vpsrlq	$0x01, %xmm2, %xmm4
+        vpslldq	$8, %xmm5, %xmm3
+        vpsrldq	$8, %xmm5, %xmm5
+        vpshufd	$0xff, %xmm3, %xmm3
+        vpor	%xmm5, %xmm4, %xmm4
+        vpsrad	$31, %xmm3, %xmm3
+        vpand	%xmm10, %xmm3, %xmm3
+        vpxor	%xmm4, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpxor	%xmm2, %xmm3, %xmm8
+        vmovdqu	%xmm3, 16(%rsi)
+        vmovdqu	%xmm2, 32(%rsi)
+        vmovdqu	%xmm8, 48(%rsi)
+        vmovdqu	%xmm1, 64(%rsi)
+        vpxor	%xmm1, %xmm3, %xmm4
+        vpxor	%xmm1, %xmm2, %xmm5
+        vpxor	%xmm1, %xmm8, %xmm6
+        vmovdqu	%xmm4, 80(%rsi)
+        vmovdqu	%xmm5, 96(%rsi)
+        vmovdqu	%xmm6, 112(%rsi)
+        vmovdqu	%xmm0, 128(%rsi)
+        vpxor	%xmm0, %xmm1, %xmm1
+        vpxor	%xmm0, %xmm3, %xmm4
+        vpxor	%xmm0, %xmm2, %xmm6
+        vmovdqu	%xmm4, 144(%rsi)
+        vmovdqu	%xmm6, 160(%rsi)
+        vpxor	%xmm6, %xmm3, %xmm6
+        vmovdqu	%xmm6, 176(%rsi)
+        vmovdqu	%xmm1, 192(%rsi)
+        vpxor	%xmm1, %xmm3, %xmm4
+        vpxor	%xmm1, %xmm2, %xmm5
+        vpxor	%xmm1, %xmm8, %xmm6
+        vmovdqu	%xmm4, 208(%rsi)
+        vmovdqu	%xmm5, 224(%rsi)
+        vmovdqu	%xmm6, 240(%rsi)
+        vmovdqu	(%rsi), %xmm0
+        vmovdqu	16(%rsi), %xmm1
+        vmovdqu	32(%rsi), %xmm2
+        vmovdqu	48(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 256(%rsi)
+        vmovdqu	%xmm1, 272(%rsi)
+        vmovdqu	%xmm2, 288(%rsi)
+        vmovdqu	%xmm3, 304(%rsi)
+        vmovdqu	64(%rsi), %xmm0
+        vmovdqu	80(%rsi), %xmm1
+        vmovdqu	96(%rsi), %xmm2
+        vmovdqu	112(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 320(%rsi)
+        vmovdqu	%xmm1, 336(%rsi)
+        vmovdqu	%xmm2, 352(%rsi)
+        vmovdqu	%xmm3, 368(%rsi)
+        vmovdqu	128(%rsi), %xmm0
+        vmovdqu	144(%rsi), %xmm1
+        vmovdqu	160(%rsi), %xmm2
+        vmovdqu	176(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 384(%rsi)
+        vmovdqu	%xmm1, 400(%rsi)
+        vmovdqu	%xmm2, 416(%rsi)
+        vmovdqu	%xmm3, 432(%rsi)
+        vmovdqu	192(%rsi), %xmm0
+        vmovdqu	208(%rsi), %xmm1
+        vmovdqu	224(%rsi), %xmm2
+        vmovdqu	240(%rsi), %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vpsllq	$60, %xmm0, %xmm4
+        vpsllq	$60, %xmm1, %xmm5
+        vpsllq	$60, %xmm2, %xmm6
+        vpsllq	$60, %xmm3, %xmm7
+        vpsrlq	$4, %xmm0, %xmm0
+        vpsrlq	$4, %xmm1, %xmm1
+        vpsrlq	$4, %xmm2, %xmm2
+        vpsrlq	$4, %xmm3, %xmm3
+        vpsrldq	$8, %xmm4, %xmm4
+        vpsrldq	$8, %xmm5, %xmm5
+        vpsrldq	$8, %xmm6, %xmm6
+        vpsrldq	$8, %xmm7, %xmm7
+        vpor	%xmm4, %xmm0, %xmm0
+        vpor	%xmm5, %xmm1, %xmm1
+        vpor	%xmm6, %xmm2, %xmm2
+        vpor	%xmm7, %xmm3, %xmm3
+        vpshufb	%xmm9, %xmm0, %xmm0
+        vpshufb	%xmm9, %xmm1, %xmm1
+        vpshufb	%xmm9, %xmm2, %xmm2
+        vpshufb	%xmm9, %xmm3, %xmm3
+        vmovdqu	%xmm0, 448(%rsi)
+        vmovdqu	%xmm1, 464(%rsi)
+        vmovdqu	%xmm2, 480(%rsi)
+        vmovdqu	%xmm3, 496(%rsi)
+        repz retq
+#ifndef __APPLE__
+.size	GCM_generate_m0_avx2,.-GCM_generate_m0_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
 L_avx2_aes_gcm_one:
 .quad	0x0, 0x1
 #ifndef __APPLE__
diff --git a/wolfcrypt/src/aes_gcm_asm.asm b/wolfcrypt/src/aes_gcm_asm.asm
index 38d3a9872..a818e8658 100644
--- a/wolfcrypt/src/aes_gcm_asm.asm
+++ b/wolfcrypt/src/aes_gcm_asm.asm
@@ -1,6 +1,6 @@
 ; /* aes_gcm_asm.asm */
 ; /*
-; * Copyright (C) 2006-2024 wolfSSL Inc.
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
@@ -40,6 +40,259 @@ IFNDEF _WIN64
 _WIN64 = 1
 ENDIF
 
+_DATA SEGMENT
+ALIGN 16
+L_GCM_generate_m0_aesni_rev8 QWORD 579005069656919567, 283686952306183
+ptr_L_GCM_generate_m0_aesni_rev8 QWORD L_GCM_generate_m0_aesni_rev8
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_GCM_generate_m0_aesni_mod2_128 QWORD 0, 16212958658533785600
+ptr_L_GCM_generate_m0_aesni_mod2_128 QWORD L_GCM_generate_m0_aesni_mod2_128
+_DATA ENDS
+_text SEGMENT READONLY PARA
+GCM_generate_m0_aesni PROC
+        sub	rsp, 80
+        movdqu	OWORD PTR [rsp], xmm6
+        movdqu	OWORD PTR [rsp+16], xmm7
+        movdqu	OWORD PTR [rsp+32], xmm8
+        movdqu	OWORD PTR [rsp+48], xmm9
+        movdqu	OWORD PTR [rsp+64], xmm10
+        movdqu	xmm9, OWORD PTR L_GCM_generate_m0_aesni_rev8
+        movdqu	xmm10, OWORD PTR L_GCM_generate_m0_aesni_mod2_128
+        pxor	xmm8, xmm8
+        movdqu	xmm0, OWORD PTR [rcx]
+        movdqu	OWORD PTR [rdx], xmm8
+        movdqu	xmm8, xmm0
+        pshufb	xmm0, xmm9
+        movdqu	xmm5, xmm0
+        movdqu	xmm4, xmm0
+        psllq	xmm5, 63
+        psrlq	xmm4, 1
+        movdqu	xmm1, xmm5
+        pslldq	xmm1, 8
+        psrldq	xmm5, 8
+        pshufd	xmm1, xmm1, 255
+        por	xmm4, xmm5
+        psrad	xmm1, 31
+        pand	xmm1, xmm10
+        pxor	xmm1, xmm4
+        movdqu	xmm5, xmm1
+        movdqu	xmm4, xmm1
+        psllq	xmm5, 63
+        psrlq	xmm4, 1
+        movdqu	xmm2, xmm5
+        pslldq	xmm2, 8
+        psrldq	xmm5, 8
+        pshufd	xmm2, xmm2, 255
+        por	xmm4, xmm5
+        psrad	xmm2, 31
+        pand	xmm2, xmm10
+        pxor	xmm2, xmm4
+        movdqu	xmm5, xmm2
+        movdqu	xmm4, xmm2
+        psllq	xmm5, 63
+        psrlq	xmm4, 1
+        movdqu	xmm3, xmm5
+        pslldq	xmm3, 8
+        psrldq	xmm5, 8
+        pshufd	xmm3, xmm3, 255
+        por	xmm4, xmm5
+        psrad	xmm3, 31
+        pand	xmm3, xmm10
+        pxor	xmm3, xmm4
+        pshufb	xmm3, xmm9
+        pshufb	xmm2, xmm9
+        movdqu	xmm8, xmm3
+        pshufb	xmm1, xmm9
+        pshufb	xmm0, xmm9
+        pxor	xmm8, xmm2
+        movdqu	OWORD PTR [rdx+16], xmm3
+        movdqu	OWORD PTR [rdx+32], xmm2
+        movdqu	OWORD PTR [rdx+48], xmm8
+        movdqu	OWORD PTR [rdx+64], xmm1
+        movdqu	xmm4, xmm3
+        movdqu	xmm5, xmm2
+        movdqu	xmm6, xmm8
+        pxor	xmm4, xmm1
+        pxor	xmm5, xmm1
+        pxor	xmm6, xmm1
+        movdqu	OWORD PTR [rdx+80], xmm4
+        movdqu	OWORD PTR [rdx+96], xmm5
+        movdqu	OWORD PTR [rdx+112], xmm6
+        movdqu	OWORD PTR [rdx+128], xmm0
+        pxor	xmm1, xmm0
+        movdqu	xmm4, xmm3
+        movdqu	xmm6, xmm2
+        pxor	xmm4, xmm0
+        pxor	xmm6, xmm0
+        movdqu	OWORD PTR [rdx+144], xmm4
+        movdqu	OWORD PTR [rdx+160], xmm6
+        pxor	xmm6, xmm3
+        movdqu	OWORD PTR [rdx+176], xmm6
+        movdqu	OWORD PTR [rdx+192], xmm1
+        movdqu	xmm4, xmm3
+        movdqu	xmm5, xmm2
+        movdqu	xmm6, xmm8
+        pxor	xmm4, xmm1
+        pxor	xmm5, xmm1
+        pxor	xmm6, xmm1
+        movdqu	OWORD PTR [rdx+208], xmm4
+        movdqu	OWORD PTR [rdx+224], xmm5
+        movdqu	OWORD PTR [rdx+240], xmm6
+        movdqu	xmm0, OWORD PTR [rdx]
+        movdqu	xmm1, OWORD PTR [rdx+16]
+        movdqu	xmm2, OWORD PTR [rdx+32]
+        movdqu	xmm3, OWORD PTR [rdx+48]
+        pshufb	xmm0, xmm9
+        pshufb	xmm1, xmm9
+        pshufb	xmm2, xmm9
+        pshufb	xmm3, xmm9
+        movdqu	xmm4, xmm0
+        movdqu	xmm5, xmm1
+        movdqu	xmm6, xmm2
+        movdqu	xmm7, xmm3
+        psllq	xmm4, 60
+        psllq	xmm5, 60
+        psllq	xmm6, 60
+        psllq	xmm7, 60
+        psrlq	xmm0, 4
+        psrlq	xmm1, 4
+        psrlq	xmm2, 4
+        psrlq	xmm3, 4
+        psrldq	xmm4, 8
+        psrldq	xmm5, 8
+        psrldq	xmm6, 8
+        psrldq	xmm7, 8
+        por	xmm0, xmm4
+        por	xmm1, xmm5
+        por	xmm2, xmm6
+        por	xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        movdqu	OWORD PTR [rdx+256], xmm0
+        movdqu	OWORD PTR [rdx+272], xmm1
+        movdqu	OWORD PTR [rdx+288], xmm2
+        movdqu	OWORD PTR [rdx+304], xmm3
+        movdqu	xmm0, OWORD PTR [rdx+64]
+        movdqu	xmm1, OWORD PTR [rdx+80]
+        movdqu	xmm2, OWORD PTR [rdx+96]
+        movdqu	xmm3, OWORD PTR [rdx+112]
+        pshufb	xmm0, xmm9
+        pshufb	xmm1, xmm9
+        pshufb	xmm2, xmm9
+        pshufb	xmm3, xmm9
+        movdqu	xmm4, xmm0
+        movdqu	xmm5, xmm1
+        movdqu	xmm6, xmm2
+        movdqu	xmm7, xmm3
+        psllq	xmm4, 60
+        psllq	xmm5, 60
+        psllq	xmm6, 60
+        psllq	xmm7, 60
+        psrlq	xmm0, 4
+        psrlq	xmm1, 4
+        psrlq	xmm2, 4
+        psrlq	xmm3, 4
+        psrldq	xmm4, 8
+        psrldq	xmm5, 8
+        psrldq	xmm6, 8
+        psrldq	xmm7, 8
+        por	xmm0, xmm4
+        por	xmm1, xmm5
+        por	xmm2, xmm6
+        por	xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        movdqu	OWORD PTR [rdx+320], xmm0
+        movdqu	OWORD PTR [rdx+336], xmm1
+        movdqu	OWORD PTR [rdx+352], xmm2
+        movdqu	OWORD PTR [rdx+368], xmm3
+        movdqu	xmm0, OWORD PTR [rdx+128]
+        movdqu	xmm1, OWORD PTR [rdx+144]
+        movdqu	xmm2, OWORD PTR [rdx+160]
+        movdqu	xmm3, OWORD PTR [rdx+176]
+        pshufb	xmm0, xmm9
+        pshufb	xmm1, xmm9
+        pshufb	xmm2, xmm9
+        pshufb	xmm3, xmm9
+        movdqu	xmm4, xmm0
+        movdqu	xmm5, xmm1
+        movdqu	xmm6, xmm2
+        movdqu	xmm7, xmm3
+        psllq	xmm4, 60
+        psllq	xmm5, 60
+        psllq	xmm6, 60
+        psllq	xmm7, 60
+        psrlq	xmm0, 4
+        psrlq	xmm1, 4
+        psrlq	xmm2, 4
+        psrlq	xmm3, 4
+        psrldq	xmm4, 8
+        psrldq	xmm5, 8
+        psrldq	xmm6, 8
+        psrldq	xmm7, 8
+        por	xmm0, xmm4
+        por	xmm1, xmm5
+        por	xmm2, xmm6
+        por	xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        movdqu	OWORD PTR [rdx+384], xmm0
+        movdqu	OWORD PTR [rdx+400], xmm1
+        movdqu	OWORD PTR [rdx+416], xmm2
+        movdqu	OWORD PTR [rdx+432], xmm3
+        movdqu	xmm0, OWORD PTR [rdx+192]
+        movdqu	xmm1, OWORD PTR [rdx+208]
+        movdqu	xmm2, OWORD PTR [rdx+224]
+        movdqu	xmm3, OWORD PTR [rdx+240]
+        pshufb	xmm0, xmm9
+        pshufb	xmm1, xmm9
+        pshufb	xmm2, xmm9
+        pshufb	xmm3, xmm9
+        movdqu	xmm4, xmm0
+        movdqu	xmm5, xmm1
+        movdqu	xmm6, xmm2
+        movdqu	xmm7, xmm3
+        psllq	xmm4, 60
+        psllq	xmm5, 60
+        psllq	xmm6, 60
+        psllq	xmm7, 60
+        psrlq	xmm0, 4
+        psrlq	xmm1, 4
+        psrlq	xmm2, 4
+        psrlq	xmm3, 4
+        psrldq	xmm4, 8
+        psrldq	xmm5, 8
+        psrldq	xmm6, 8
+        psrldq	xmm7, 8
+        por	xmm0, xmm4
+        por	xmm1, xmm5
+        por	xmm2, xmm6
+        por	xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        movdqu	OWORD PTR [rdx+448], xmm0
+        movdqu	OWORD PTR [rdx+464], xmm1
+        movdqu	OWORD PTR [rdx+480], xmm2
+        movdqu	OWORD PTR [rdx+496], xmm3
+        movdqu	xmm6, OWORD PTR [rsp]
+        movdqu	xmm7, OWORD PTR [rsp+16]
+        movdqu	xmm8, OWORD PTR [rsp+32]
+        movdqu	xmm9, OWORD PTR [rsp+48]
+        movdqu	xmm10, OWORD PTR [rsp+64]
+        add	rsp, 80
+        ret
+GCM_generate_m0_aesni ENDP
+_text ENDS
 _DATA SEGMENT
 ALIGN 16
 L_aes_gcm_one QWORD 0, 1
@@ -6205,6 +6458,225 @@ _text ENDS
 IFDEF HAVE_INTEL_AVX1
 _DATA SEGMENT
 ALIGN 16
+L_GCM_generate_m0_avx1_rev8 QWORD 579005069656919567, 283686952306183
+ptr_L_GCM_generate_m0_avx1_rev8 QWORD L_GCM_generate_m0_avx1_rev8
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_GCM_generate_m0_avx1_mod2_128 QWORD 0, 16212958658533785600
+ptr_L_GCM_generate_m0_avx1_mod2_128 QWORD L_GCM_generate_m0_avx1_mod2_128
+_DATA ENDS
+_text SEGMENT READONLY PARA
+GCM_generate_m0_avx1 PROC
+        sub	rsp, 80
+        vmovdqu	OWORD PTR [rsp], xmm6
+        vmovdqu	OWORD PTR [rsp+16], xmm7
+        vmovdqu	OWORD PTR [rsp+32], xmm8
+        vmovdqu	OWORD PTR [rsp+48], xmm9
+        vmovdqu	OWORD PTR [rsp+64], xmm10
+        vmovdqu	xmm9, OWORD PTR L_GCM_generate_m0_avx1_rev8
+        vmovdqu	xmm10, OWORD PTR L_GCM_generate_m0_avx1_mod2_128
+        vpxor	xmm8, xmm8, xmm8
+        vmovdqu	xmm0, OWORD PTR [rcx]
+        vmovdqu	OWORD PTR [rdx], xmm8
+        vmovdqu	xmm8, xmm0
+        vpshufb	xmm0, xmm0, xmm9
+        vpsllq	xmm5, xmm0, 63
+        vpsrlq	xmm4, xmm0, 1
+        vpslldq	xmm1, xmm5, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpshufd	xmm1, xmm1, 255
+        vpor	xmm4, xmm4, xmm5
+        vpsrad	xmm1, xmm1, 31
+        vpand	xmm1, xmm1, xmm10
+        vpxor	xmm1, xmm1, xmm4
+        vpsllq	xmm5, xmm1, 63
+        vpsrlq	xmm4, xmm1, 1
+        vpslldq	xmm2, xmm5, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpshufd	xmm2, xmm2, 255
+        vpor	xmm4, xmm4, xmm5
+        vpsrad	xmm2, xmm2, 31
+        vpand	xmm2, xmm2, xmm10
+        vpxor	xmm2, xmm2, xmm4
+        vpsllq	xmm5, xmm2, 63
+        vpsrlq	xmm4, xmm2, 1
+        vpslldq	xmm3, xmm5, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpshufd	xmm3, xmm3, 255
+        vpor	xmm4, xmm4, xmm5
+        vpsrad	xmm3, xmm3, 31
+        vpand	xmm3, xmm3, xmm10
+        vpxor	xmm3, xmm3, xmm4
+        vpshufb	xmm3, xmm3, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm0, xmm0, xmm9
+        vpxor	xmm8, xmm3, xmm2
+        vmovdqu	OWORD PTR [rdx+16], xmm3
+        vmovdqu	OWORD PTR [rdx+32], xmm2
+        vmovdqu	OWORD PTR [rdx+48], xmm8
+        vmovdqu	OWORD PTR [rdx+64], xmm1
+        vpxor	xmm4, xmm3, xmm1
+        vpxor	xmm5, xmm2, xmm1
+        vpxor	xmm6, xmm8, xmm1
+        vmovdqu	OWORD PTR [rdx+80], xmm4
+        vmovdqu	OWORD PTR [rdx+96], xmm5
+        vmovdqu	OWORD PTR [rdx+112], xmm6
+        vmovdqu	OWORD PTR [rdx+128], xmm0
+        vpxor	xmm1, xmm1, xmm0
+        vpxor	xmm4, xmm3, xmm0
+        vpxor	xmm6, xmm2, xmm0
+        vmovdqu	OWORD PTR [rdx+144], xmm4
+        vmovdqu	OWORD PTR [rdx+160], xmm6
+        vpxor	xmm6, xmm3, xmm6
+        vmovdqu	OWORD PTR [rdx+176], xmm6
+        vmovdqu	OWORD PTR [rdx+192], xmm1
+        vpxor	xmm4, xmm3, xmm1
+        vpxor	xmm5, xmm2, xmm1
+        vpxor	xmm6, xmm8, xmm1
+        vmovdqu	OWORD PTR [rdx+208], xmm4
+        vmovdqu	OWORD PTR [rdx+224], xmm5
+        vmovdqu	OWORD PTR [rdx+240], xmm6
+        vmovdqu	xmm0, OWORD PTR [rdx]
+        vmovdqu	xmm1, OWORD PTR [rdx+16]
+        vmovdqu	xmm2, OWORD PTR [rdx+32]
+        vmovdqu	xmm3, OWORD PTR [rdx+48]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+256], xmm0
+        vmovdqu	OWORD PTR [rdx+272], xmm1
+        vmovdqu	OWORD PTR [rdx+288], xmm2
+        vmovdqu	OWORD PTR [rdx+304], xmm3
+        vmovdqu	xmm0, OWORD PTR [rdx+64]
+        vmovdqu	xmm1, OWORD PTR [rdx+80]
+        vmovdqu	xmm2, OWORD PTR [rdx+96]
+        vmovdqu	xmm3, OWORD PTR [rdx+112]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+320], xmm0
+        vmovdqu	OWORD PTR [rdx+336], xmm1
+        vmovdqu	OWORD PTR [rdx+352], xmm2
+        vmovdqu	OWORD PTR [rdx+368], xmm3
+        vmovdqu	xmm0, OWORD PTR [rdx+128]
+        vmovdqu	xmm1, OWORD PTR [rdx+144]
+        vmovdqu	xmm2, OWORD PTR [rdx+160]
+        vmovdqu	xmm3, OWORD PTR [rdx+176]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+384], xmm0
+        vmovdqu	OWORD PTR [rdx+400], xmm1
+        vmovdqu	OWORD PTR [rdx+416], xmm2
+        vmovdqu	OWORD PTR [rdx+432], xmm3
+        vmovdqu	xmm0, OWORD PTR [rdx+192]
+        vmovdqu	xmm1, OWORD PTR [rdx+208]
+        vmovdqu	xmm2, OWORD PTR [rdx+224]
+        vmovdqu	xmm3, OWORD PTR [rdx+240]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+448], xmm0
+        vmovdqu	OWORD PTR [rdx+464], xmm1
+        vmovdqu	OWORD PTR [rdx+480], xmm2
+        vmovdqu	OWORD PTR [rdx+496], xmm3
+        vmovdqu	xmm6, OWORD PTR [rsp]
+        vmovdqu	xmm7, OWORD PTR [rsp+16]
+        vmovdqu	xmm8, OWORD PTR [rsp+32]
+        vmovdqu	xmm9, OWORD PTR [rsp+48]
+        vmovdqu	xmm10, OWORD PTR [rsp+64]
+        add	rsp, 80
+        ret
+GCM_generate_m0_avx1 ENDP
+_text ENDS
+_DATA SEGMENT
+ALIGN 16
 L_avx1_aes_gcm_one QWORD 0, 1
 ptr_L_avx1_aes_gcm_one QWORD L_avx1_aes_gcm_one
 _DATA ENDS
@@ -9360,7 +9832,6 @@ L_AES_GCM_init_avx1_iv_done:
         vpaddd	xmm4, xmm4, OWORD PTR L_avx1_aes_gcm_one
         vmovdqa	OWORD PTR [rax], xmm5
         vmovdqa	OWORD PTR [r8], xmm4
-        vzeroupper
         vmovdqu	xmm6, OWORD PTR [rsp+16]
         vmovdqu	xmm7, OWORD PTR [rsp+32]
         vmovdqu	xmm8, OWORD PTR [rsp+48]
@@ -9433,7 +9904,6 @@ L_AES_GCM_aad_update_avx1_16_loop:
         cmp	ecx, edx
         jl	L_AES_GCM_aad_update_avx1_16_loop
         vmovdqa	OWORD PTR [r8], xmm5
-        vzeroupper
         vmovdqu	xmm6, OWORD PTR [rsp]
         vmovdqu	xmm7, OWORD PTR [rsp+16]
         add	rsp, 32
@@ -11436,6 +11906,225 @@ ENDIF
 IFDEF HAVE_INTEL_AVX2
 _DATA SEGMENT
 ALIGN 16
+L_GCM_generate_m0_avx2_rev8 QWORD 579005069656919567, 283686952306183
+ptr_L_GCM_generate_m0_avx2_rev8 QWORD L_GCM_generate_m0_avx2_rev8
+_DATA ENDS
+_DATA SEGMENT
+ALIGN 16
+L_GCM_generate_m0_avx2_mod2_128 QWORD 0, 16212958658533785600
+ptr_L_GCM_generate_m0_avx2_mod2_128 QWORD L_GCM_generate_m0_avx2_mod2_128
+_DATA ENDS
+_text SEGMENT READONLY PARA
+GCM_generate_m0_avx2 PROC
+        sub	rsp, 80
+        vmovdqu	OWORD PTR [rsp], xmm6
+        vmovdqu	OWORD PTR [rsp+16], xmm7
+        vmovdqu	OWORD PTR [rsp+32], xmm8
+        vmovdqu	OWORD PTR [rsp+48], xmm9
+        vmovdqu	OWORD PTR [rsp+64], xmm10
+        vmovdqu	xmm9, OWORD PTR L_GCM_generate_m0_avx2_rev8
+        vmovdqu	xmm10, OWORD PTR L_GCM_generate_m0_avx2_mod2_128
+        vpxor	xmm8, xmm8, xmm8
+        vmovdqu	xmm0, OWORD PTR [rcx]
+        vmovdqu	OWORD PTR [rdx], xmm8
+        vmovdqu	xmm8, xmm0
+        vpshufb	xmm0, xmm0, xmm9
+        vpsllq	xmm5, xmm0, 63
+        vpsrlq	xmm4, xmm0, 1
+        vpslldq	xmm1, xmm5, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpshufd	xmm1, xmm1, 255
+        vpor	xmm4, xmm4, xmm5
+        vpsrad	xmm1, xmm1, 31
+        vpand	xmm1, xmm1, xmm10
+        vpxor	xmm1, xmm1, xmm4
+        vpsllq	xmm5, xmm1, 63
+        vpsrlq	xmm4, xmm1, 1
+        vpslldq	xmm2, xmm5, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpshufd	xmm2, xmm2, 255
+        vpor	xmm4, xmm4, xmm5
+        vpsrad	xmm2, xmm2, 31
+        vpand	xmm2, xmm2, xmm10
+        vpxor	xmm2, xmm2, xmm4
+        vpsllq	xmm5, xmm2, 63
+        vpsrlq	xmm4, xmm2, 1
+        vpslldq	xmm3, xmm5, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpshufd	xmm3, xmm3, 255
+        vpor	xmm4, xmm4, xmm5
+        vpsrad	xmm3, xmm3, 31
+        vpand	xmm3, xmm3, xmm10
+        vpxor	xmm3, xmm3, xmm4
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpxor	xmm8, xmm3, xmm2
+        vmovdqu	OWORD PTR [rdx+16], xmm3
+        vmovdqu	OWORD PTR [rdx+32], xmm2
+        vmovdqu	OWORD PTR [rdx+48], xmm8
+        vmovdqu	OWORD PTR [rdx+64], xmm1
+        vpxor	xmm4, xmm3, xmm1
+        vpxor	xmm5, xmm2, xmm1
+        vpxor	xmm6, xmm8, xmm1
+        vmovdqu	OWORD PTR [rdx+80], xmm4
+        vmovdqu	OWORD PTR [rdx+96], xmm5
+        vmovdqu	OWORD PTR [rdx+112], xmm6
+        vmovdqu	OWORD PTR [rdx+128], xmm0
+        vpxor	xmm1, xmm1, xmm0
+        vpxor	xmm4, xmm3, xmm0
+        vpxor	xmm6, xmm2, xmm0
+        vmovdqu	OWORD PTR [rdx+144], xmm4
+        vmovdqu	OWORD PTR [rdx+160], xmm6
+        vpxor	xmm6, xmm3, xmm6
+        vmovdqu	OWORD PTR [rdx+176], xmm6
+        vmovdqu	OWORD PTR [rdx+192], xmm1
+        vpxor	xmm4, xmm3, xmm1
+        vpxor	xmm5, xmm2, xmm1
+        vpxor	xmm6, xmm8, xmm1
+        vmovdqu	OWORD PTR [rdx+208], xmm4
+        vmovdqu	OWORD PTR [rdx+224], xmm5
+        vmovdqu	OWORD PTR [rdx+240], xmm6
+        vmovdqu	xmm0, OWORD PTR [rdx]
+        vmovdqu	xmm1, OWORD PTR [rdx+16]
+        vmovdqu	xmm2, OWORD PTR [rdx+32]
+        vmovdqu	xmm3, OWORD PTR [rdx+48]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+256], xmm0
+        vmovdqu	OWORD PTR [rdx+272], xmm1
+        vmovdqu	OWORD PTR [rdx+288], xmm2
+        vmovdqu	OWORD PTR [rdx+304], xmm3
+        vmovdqu	xmm0, OWORD PTR [rdx+64]
+        vmovdqu	xmm1, OWORD PTR [rdx+80]
+        vmovdqu	xmm2, OWORD PTR [rdx+96]
+        vmovdqu	xmm3, OWORD PTR [rdx+112]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+320], xmm0
+        vmovdqu	OWORD PTR [rdx+336], xmm1
+        vmovdqu	OWORD PTR [rdx+352], xmm2
+        vmovdqu	OWORD PTR [rdx+368], xmm3
+        vmovdqu	xmm0, OWORD PTR [rdx+128]
+        vmovdqu	xmm1, OWORD PTR [rdx+144]
+        vmovdqu	xmm2, OWORD PTR [rdx+160]
+        vmovdqu	xmm3, OWORD PTR [rdx+176]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+384], xmm0
+        vmovdqu	OWORD PTR [rdx+400], xmm1
+        vmovdqu	OWORD PTR [rdx+416], xmm2
+        vmovdqu	OWORD PTR [rdx+432], xmm3
+        vmovdqu	xmm0, OWORD PTR [rdx+192]
+        vmovdqu	xmm1, OWORD PTR [rdx+208]
+        vmovdqu	xmm2, OWORD PTR [rdx+224]
+        vmovdqu	xmm3, OWORD PTR [rdx+240]
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vpsllq	xmm4, xmm0, 60
+        vpsllq	xmm5, xmm1, 60
+        vpsllq	xmm6, xmm2, 60
+        vpsllq	xmm7, xmm3, 60
+        vpsrlq	xmm0, xmm0, 4
+        vpsrlq	xmm1, xmm1, 4
+        vpsrlq	xmm2, xmm2, 4
+        vpsrlq	xmm3, xmm3, 4
+        vpsrldq	xmm4, xmm4, 8
+        vpsrldq	xmm5, xmm5, 8
+        vpsrldq	xmm6, xmm6, 8
+        vpsrldq	xmm7, xmm7, 8
+        vpor	xmm0, xmm0, xmm4
+        vpor	xmm1, xmm1, xmm5
+        vpor	xmm2, xmm2, xmm6
+        vpor	xmm3, xmm3, xmm7
+        vpshufb	xmm0, xmm0, xmm9
+        vpshufb	xmm1, xmm1, xmm9
+        vpshufb	xmm2, xmm2, xmm9
+        vpshufb	xmm3, xmm3, xmm9
+        vmovdqu	OWORD PTR [rdx+448], xmm0
+        vmovdqu	OWORD PTR [rdx+464], xmm1
+        vmovdqu	OWORD PTR [rdx+480], xmm2
+        vmovdqu	OWORD PTR [rdx+496], xmm3
+        vmovdqu	xmm6, OWORD PTR [rsp]
+        vmovdqu	xmm7, OWORD PTR [rsp+16]
+        vmovdqu	xmm8, OWORD PTR [rsp+32]
+        vmovdqu	xmm9, OWORD PTR [rsp+48]
+        vmovdqu	xmm10, OWORD PTR [rsp+64]
+        add	rsp, 80
+        ret
+GCM_generate_m0_avx2 ENDP
+_text ENDS
+_DATA SEGMENT
+ALIGN 16
 L_avx2_aes_gcm_one QWORD 0, 1
 ptr_L_avx2_aes_gcm_one QWORD L_avx2_aes_gcm_one
 _DATA ENDS
diff --git a/wolfcrypt/src/aes_gcm_x86_asm.S b/wolfcrypt/src/aes_gcm_x86_asm.S
index 8a384996e..239c06cc9 100644
--- a/wolfcrypt/src/aes_gcm_x86_asm.S
+++ b/wolfcrypt/src/aes_gcm_x86_asm.S
@@ -1,6 +1,6 @@
 /* aes_gcm_x86_asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,9 @@
 #define HAVE_INTEL_AVX1
 #endif /* HAVE_INTEL_AVX1 */
 #ifndef NO_AVX2_SUPPORT
+#ifndef HAVE_INTEL_AVX2
 #define HAVE_INTEL_AVX2
+#endif /* HAVE_INTEL_AVX2 */
 #endif /* NO_AVX2_SUPPORT */
 
 .type	data, @object
diff --git a/wolfcrypt/src/aes_xts_asm.S b/wolfcrypt/src/aes_xts_asm.S
index f65c01525..c5a1c3f95 100644
--- a/wolfcrypt/src/aes_xts_asm.S
+++ b/wolfcrypt/src/aes_xts_asm.S
@@ -1,6 +1,6 @@
 /* aes_xts_asm.S */
 /*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,7 +42,9 @@
 #define HAVE_INTEL_AVX1
 #endif /* HAVE_INTEL_AVX1 */
 #ifndef NO_AVX2_SUPPORT
+#ifndef HAVE_INTEL_AVX2
 #define HAVE_INTEL_AVX2
+#endif /* HAVE_INTEL_AVX2 */
 #endif /* NO_AVX2_SUPPORT */
 
 #ifdef WOLFSSL_AES_XTS
diff --git a/wolfcrypt/src/aes_xts_asm.asm b/wolfcrypt/src/aes_xts_asm.asm
index aea341fe7..731334465 100644
--- a/wolfcrypt/src/aes_xts_asm.asm
+++ b/wolfcrypt/src/aes_xts_asm.asm
@@ -1,6 +1,6 @@
 ; /* aes_xts_asm.asm */
 ; /*
-; * Copyright (C) 2006-2024 wolfSSL Inc.
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
diff --git a/wolfcrypt/src/arc4.c b/wolfcrypt/src/arc4.c
index 649d52fa3..a877d8b68 100644
--- a/wolfcrypt/src/arc4.c
+++ b/wolfcrypt/src/arc4.c
@@ -1,6 +1,6 @@
 /* arc4.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,16 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef NO_RC4
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/arc4.h>
 
 
diff --git a/wolfcrypt/src/ascon.c b/wolfcrypt/src/ascon.c
new file mode 100644
index 000000000..248d06aca
--- /dev/null
+++ b/wolfcrypt/src/ascon.c
@@ -0,0 +1,521 @@
+/* ascon.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
+#ifdef HAVE_ASCON
+
+#include <wolfssl/wolfcrypt/ascon.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+/*
+ * Implementation of the ASCON AEAD and HASH algorithms. Based on the NIST
+ * Initial Public Draft "NIST SP 800-232 ipd" and reference implementation found
+ * at https://github.com/ascon/ascon-c.
+ */
+
+/*
+ * TODO
+ * - Add support for big-endian systems
+ * - Add support for 32-bit and smaller systems */
+
+#ifndef WORD64_AVAILABLE
+    #error "Ascon implementation requires a 64-bit word"
+#endif
+
+/* Data block size in bytes */
+#define ASCON_HASH256_RATE                              8
+#define ASCON_HASH256_ROUNDS                           12
+#define ASCON_HASH256_IV            0x0000080100CC0002ULL
+
+#define ASCON_AEAD128_ROUNDS_PA                        12
+#define ASCON_AEAD128_ROUNDS_PB                         8
+#define ASCON_AEAD128_IV            0x00001000808C0001ULL
+#define ASCON_AEAD128_RATE                             16
+
+#define MAX_ROUNDS 12
+
+#ifndef WOLFSSL_ASCON_UNROLL
+
+/* Table 5 */
+static const byte round_constants[MAX_ROUNDS] = {
+    0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69, 0x5a, 0x4b
+};
+
+static byte start_index(byte rounds)
+{
+    switch (rounds) {
+        case 8:
+            return 4;
+        case 12:
+            return 0;
+        default:
+            WOLFSSL_MSG("Something went wrong in wolfCrypt logic. Wrong ASCON "
+                        "rounds value.");
+            return MAX_ROUNDS;
+    }
+}
+
+static WC_INLINE void ascon_round(AsconState* a, byte round)
+{
+    word64 tmp0, tmp1, tmp2, tmp3, tmp4;
+    /* 3.2 Constant-Addition Layer */
+    a->s64[2] ^= round_constants[round];
+    /* 3.3 Substitution Layer */
+    a->s64[0] ^= a->s64[4];
+    a->s64[4] ^= a->s64[3];
+    a->s64[2] ^= a->s64[1];
+    tmp0 = a->s64[0] ^ (~a->s64[1] & a->s64[2]);
+    tmp2 = a->s64[2] ^ (~a->s64[3] & a->s64[4]);
+    tmp4 = a->s64[4] ^ (~a->s64[0] & a->s64[1]);
+    tmp1 = a->s64[1] ^ (~a->s64[2] & a->s64[3]);
+    tmp3 = a->s64[3] ^ (~a->s64[4] & a->s64[0]);
+    tmp1 ^= tmp0;
+    tmp3 ^= tmp2;
+    tmp0 ^= tmp4;
+    tmp2 = ~tmp2;
+    /* 3.4 Linear Diffusion Layer */
+    a->s64[4] = tmp4 ^ rotrFixed64(tmp4,  7) ^ rotrFixed64(tmp4, 41);
+    a->s64[1] = tmp1 ^ rotrFixed64(tmp1, 61) ^ rotrFixed64(tmp1, 39);
+    a->s64[3] = tmp3 ^ rotrFixed64(tmp3, 10) ^ rotrFixed64(tmp3, 17);
+    a->s64[0] = tmp0 ^ rotrFixed64(tmp0, 19) ^ rotrFixed64(tmp0, 28);
+    a->s64[2] = tmp2 ^ rotrFixed64(tmp2,  1) ^ rotrFixed64(tmp2,  6);
+}
+
+static void permutation(AsconState* a, byte rounds)
+{
+    byte i = start_index(rounds);
+    for (; i < MAX_ROUNDS; i++) {
+        ascon_round(a, i);
+    }
+}
+
+#else
+
+#define p(a, c) do {                                                           \
+    word64 tmp0, tmp1, tmp2, tmp3, tmp4;                                       \
+    /* 3.2 Constant-Addition Layer */                                          \
+    (a)->s64[2] ^= c;                                                          \
+    /* 3.3 Substitution Layer */                                               \
+    (a)->s64[0] ^= (a)->s64[4];                                                \
+    (a)->s64[4] ^= (a)->s64[3];                                                \
+    (a)->s64[2] ^= (a)->s64[1];                                                \
+    tmp0 = (a)->s64[0] ^ (~(a)->s64[1] & (a)->s64[2]);                         \
+    tmp2 = (a)->s64[2] ^ (~(a)->s64[3] & (a)->s64[4]);                         \
+    tmp4 = (a)->s64[4] ^ (~(a)->s64[0] & (a)->s64[1]);                         \
+    tmp1 = (a)->s64[1] ^ (~(a)->s64[2] & (a)->s64[3]);                         \
+    tmp3 = (a)->s64[3] ^ (~(a)->s64[4] & (a)->s64[0]);                         \
+    tmp1 ^= tmp0;                                                              \
+    tmp3 ^= tmp2;                                                              \
+    tmp0 ^= tmp4;                                                              \
+    tmp2 = ~tmp2;                                                              \
+    /* 3.4 Linear Diffusion Layer */                                           \
+    (a)->s64[4] = tmp4 ^ rotrFixed64(tmp4,  7) ^ rotrFixed64(tmp4, 41);        \
+    (a)->s64[1] = tmp1 ^ rotrFixed64(tmp1, 61) ^ rotrFixed64(tmp1, 39);        \
+    (a)->s64[3] = tmp3 ^ rotrFixed64(tmp3, 10) ^ rotrFixed64(tmp3, 17);        \
+    (a)->s64[0] = tmp0 ^ rotrFixed64(tmp0, 19) ^ rotrFixed64(tmp0, 28);        \
+    (a)->s64[2] = tmp2 ^ rotrFixed64(tmp2,  1) ^ rotrFixed64(tmp2,  6);        \
+} while (0)
+
+#define p8(a) \
+    p(a, 0xb4); \
+    p(a, 0xa5); \
+    p(a, 0x96); \
+    p(a, 0x87); \
+    p(a, 0x78); \
+    p(a, 0x69); \
+    p(a, 0x5a); \
+    p(a, 0x4b)
+
+#define p12(a) \
+    p(a, 0xf0); \
+    p(a, 0xe1); \
+    p(a, 0xd2); \
+    p(a, 0xc3); \
+    p8(a)
+
+/* Needed layer to evaluate the macro values */
+#define _permutation(a, rounds) \
+    p ## rounds(a)
+
+#define permutation(a, rounds) \
+    _permutation(a, rounds)
+
+#endif
+
+/* AsconHash API */
+
+wc_AsconHash256* wc_AsconHash256_New(void)
+{
+    wc_AsconHash256* ret = (wc_AsconHash256*)XMALLOC(sizeof(wc_AsconHash256),
+            NULL, DYNAMIC_TYPE_ASCON);
+    if (ret != NULL) {
+        if (wc_AsconHash256_Init(ret) != 0) {
+            wc_AsconHash256_Free(ret);
+            ret = NULL;
+        }
+    }
+    return ret;
+}
+
+void wc_AsconHash256_Free(wc_AsconHash256* a)
+{
+    if (a != NULL) {
+        wc_AsconHash256_Clear(a);
+        XFREE(a, NULL, DYNAMIC_TYPE_ASCON);
+    }
+}
+
+int wc_AsconHash256_Init(wc_AsconHash256* a)
+{
+    if (a == NULL)
+        return BAD_FUNC_ARG;
+
+    XMEMSET(a, 0, sizeof(*a));
+
+    a->state.s64[0] = ASCON_HASH256_IV;
+    permutation(&a->state, ASCON_HASH256_ROUNDS);
+
+    return 0;
+}
+
+void wc_AsconHash256_Clear(wc_AsconHash256* a)
+{
+    if (a != NULL) {
+        ForceZero(a, sizeof(*a));
+    }
+}
+
+int wc_AsconHash256_Update(wc_AsconHash256* a, const byte* data, word32 dataSz)
+{
+    if (a == NULL || (data == NULL && dataSz != 0))
+        return BAD_FUNC_ARG;
+
+    if (dataSz == 0)
+        return 0;
+
+    /* Process leftover block */
+    if (a->lastBlkSz != 0) {
+        word32 toProcess = min(ASCON_HASH256_RATE - a->lastBlkSz, dataSz);
+        xorbuf(a->state.s8 + a->lastBlkSz, data, toProcess);
+        data += toProcess;
+        dataSz -= toProcess;
+        a->lastBlkSz += toProcess;
+
+        if (a->lastBlkSz < ASCON_HASH256_RATE)
+            return 0;
+
+        permutation(&a->state, ASCON_HASH256_ROUNDS);
+        /* Reset the counter */
+        a->lastBlkSz = 0;
+    }
+
+    while (dataSz >= ASCON_HASH256_RATE) {
+        /* Read in input as little endian numbers */
+        xorbuf(a->state.s64, data, ASCON_HASH256_RATE);
+        permutation(&a->state, ASCON_HASH256_ROUNDS);
+        data += ASCON_HASH256_RATE;
+        dataSz -= ASCON_HASH256_RATE;
+    }
+
+    xorbuf(a->state.s64, data, dataSz);
+    a->lastBlkSz = dataSz;
+
+    return 0;
+}
+
+int wc_AsconHash256_Final(wc_AsconHash256* a, byte* hash)
+{
+    byte i;
+
+    if (a == NULL || hash == NULL)
+        return BAD_FUNC_ARG;
+
+    /* Process last block */
+    a->state.s8[a->lastBlkSz] ^= 1;
+
+    for (i = 0; i < ASCON_HASH256_SZ; i += ASCON_HASH256_RATE) {
+        permutation(&a->state, ASCON_HASH256_ROUNDS);
+        XMEMCPY(hash, a->state.s64, ASCON_HASH256_RATE);
+        hash += ASCON_HASH256_RATE;
+    }
+
+    /* Clear state as soon as possible */
+    wc_AsconHash256_Clear(a);
+    return 0;
+}
+
+/* AsconAEAD API */
+
+wc_AsconAEAD128* wc_AsconAEAD128_New(void)
+{
+    wc_AsconAEAD128 *ret = (wc_AsconAEAD128*) XMALLOC(sizeof(wc_AsconAEAD128),
+            NULL, DYNAMIC_TYPE_ASCON);
+    if (ret != NULL) {
+        if (wc_AsconAEAD128_Init(ret) != 0) {
+            wc_AsconAEAD128_Free(ret);
+            ret = NULL;
+        }
+    }
+    return ret;
+}
+
+void wc_AsconAEAD128_Free(wc_AsconAEAD128 *a)
+{
+    if (a != NULL) {
+        wc_AsconAEAD128_Clear(a);
+        XFREE(a, NULL, DYNAMIC_TYPE_ASCON);
+    }
+}
+
+int wc_AsconAEAD128_Init(wc_AsconAEAD128 *a)
+{
+    if (a == NULL)
+        return BAD_FUNC_ARG;
+
+    XMEMSET(a, 0, sizeof(*a));
+    a->state.s64[0] = ASCON_AEAD128_IV;
+
+    return 0;
+}
+
+void wc_AsconAEAD128_Clear(wc_AsconAEAD128 *a)
+{
+    if (a != NULL) {
+        ForceZero(a, sizeof(*a));
+    }
+}
+
+int wc_AsconAEAD128_SetKey(wc_AsconAEAD128* a, const byte* key)
+{
+    if (a == NULL || key == NULL)
+        return BAD_FUNC_ARG;
+    if (a->keySet)
+        return BAD_STATE_E;
+
+    XMEMCPY(a->key, key, ASCON_AEAD128_KEY_SZ);
+    a->state.s64[1] = a->key[0];
+    a->state.s64[2] = a->key[1];
+    a->keySet = 1;
+
+    return 0;
+}
+
+int wc_AsconAEAD128_SetNonce(wc_AsconAEAD128* a, const byte* nonce)
+{
+    if (a == NULL || nonce == NULL)
+        return BAD_FUNC_ARG;
+    if (a->nonceSet)
+        return BAD_STATE_E;
+
+    XMEMCPY(&a->state.s64[3], nonce, ASCON_AEAD128_NONCE_SZ);
+    a->nonceSet = 1;
+
+    return 0;
+}
+
+int wc_AsconAEAD128_SetAD(wc_AsconAEAD128* a, const byte* ad,
+                                      word32 adSz)
+{
+    if (a == NULL || (ad == NULL && adSz > 0))
+        return BAD_FUNC_ARG;
+    if (!a->keySet || !a->nonceSet) /* key and nonce must be set before */
+        return BAD_STATE_E;
+
+    permutation(&a->state, ASCON_AEAD128_ROUNDS_PA);
+    a->state.s64[3] ^= a->key[0];
+    a->state.s64[4] ^= a->key[1];
+
+    if (adSz > 0) {
+        while (adSz >= ASCON_AEAD128_RATE) {
+            xorbuf(a->state.s64, ad, ASCON_AEAD128_RATE);
+            permutation(&a->state, ASCON_AEAD128_ROUNDS_PB);
+            ad += ASCON_AEAD128_RATE;
+            adSz -= ASCON_AEAD128_RATE;
+        }
+        xorbuf(a->state.s64, ad, adSz);
+        /* Pad the last block */
+        a->state.s8[adSz] ^= 1;
+        permutation(&a->state, ASCON_AEAD128_ROUNDS_PB);
+    }
+    a->state.s64[4] ^= 1ULL << 63;
+
+    a->adSet = 1;
+    return 0;
+}
+
+int wc_AsconAEAD128_EncryptUpdate(wc_AsconAEAD128* a, byte* out,
+                                  const byte* in, word32 inSz)
+{
+    if (a == NULL || (in == NULL && inSz > 0))
+        return BAD_FUNC_ARG;
+    if (!a->keySet || !a->nonceSet || !a->adSet)
+        return BAD_STATE_E;
+
+    if (a->op == ASCON_AEAD128_NOTSET)
+        a->op = ASCON_AEAD128_ENCRYPT;
+    else if (a->op != ASCON_AEAD128_ENCRYPT)
+        return BAD_STATE_E;
+
+    /* Process leftover from last block */
+    if (a->lastBlkSz != 0) {
+        word32 toProcess = min(ASCON_AEAD128_RATE - a->lastBlkSz, inSz);
+        xorbuf(&a->state.s8[a->lastBlkSz], in, toProcess);
+        XMEMCPY(out, &a->state.s8[a->lastBlkSz], toProcess);
+        a->lastBlkSz += toProcess;
+        in += toProcess;
+        out += toProcess;
+        inSz -= toProcess;
+
+        if (a->lastBlkSz < ASCON_AEAD128_RATE)
+            return 0;
+
+        permutation(&a->state, ASCON_AEAD128_ROUNDS_PB);
+        a->lastBlkSz = 0;
+    }
+
+    while (inSz >= ASCON_AEAD128_RATE) {
+        xorbuf(a->state.s64, in, ASCON_AEAD128_RATE);
+        XMEMCPY(out, a->state.s64, ASCON_AEAD128_RATE);
+        permutation(&a->state, ASCON_AEAD128_ROUNDS_PB);
+        in += ASCON_AEAD128_RATE;
+        out += ASCON_AEAD128_RATE;
+        inSz -= ASCON_AEAD128_RATE;
+    }
+    /* Store leftover */
+    xorbuf(a->state.s64, in, inSz);
+    XMEMCPY(out, a->state.s64, inSz);
+    a->lastBlkSz = inSz;
+
+    return 0;
+}
+
+
+int wc_AsconAEAD128_EncryptFinal(wc_AsconAEAD128* a, byte* tag)
+{
+    if (a == NULL || tag == NULL)
+        return BAD_FUNC_ARG;
+    if (!a->keySet || !a->nonceSet || !a->adSet)
+        return BAD_STATE_E;
+
+    if (a->op != ASCON_AEAD128_ENCRYPT)
+        return BAD_STATE_E;
+
+    /* Process leftover from last block */
+    a->state.s8[a->lastBlkSz] ^= 1;
+
+    a->state.s64[2] ^= a->key[0];
+    a->state.s64[3] ^= a->key[1];
+    permutation(&a->state, ASCON_AEAD128_ROUNDS_PA);
+    a->state.s64[3] ^= a->key[0];
+    a->state.s64[4] ^= a->key[1];
+
+    XMEMCPY(tag, &a->state.s64[3], ASCON_AEAD128_TAG_SZ);
+
+    /* Clear state as soon as possible */
+    wc_AsconAEAD128_Clear(a);
+
+    return 0;
+
+}
+
+
+int wc_AsconAEAD128_DecryptUpdate(wc_AsconAEAD128* a, byte* out,
+                                  const byte* in, word32 inSz)
+{
+    if (a == NULL || (in == NULL && inSz > 0))
+        return BAD_FUNC_ARG;
+    if (!a->keySet || !a->nonceSet || !a->adSet)
+        return BAD_STATE_E;
+
+    if (a->op == ASCON_AEAD128_NOTSET)
+        a->op = ASCON_AEAD128_DECRYPT;
+    else if (a->op != ASCON_AEAD128_DECRYPT)
+        return BAD_STATE_E;
+
+    /* Process leftover block */
+    if (a->lastBlkSz != 0) {
+        word32 toProcess = min(ASCON_AEAD128_RATE - a->lastBlkSz, inSz);
+        xorbufout(out, a->state.s8 + a->lastBlkSz, in, toProcess);
+        XMEMCPY(a->state.s8 + a->lastBlkSz, in, toProcess);
+        in += toProcess;
+        out += toProcess;
+        inSz -= toProcess;
+        a->lastBlkSz += toProcess;
+
+        if (a->lastBlkSz < ASCON_AEAD128_RATE)
+            return 0;
+
+        permutation(&a->state, ASCON_AEAD128_ROUNDS_PB);
+        a->lastBlkSz = 0;
+    }
+
+    while (inSz >= ASCON_AEAD128_RATE) {
+        xorbufout(out, a->state.s64, in, ASCON_AEAD128_RATE);
+        XMEMCPY(a->state.s64, in, ASCON_AEAD128_RATE);
+        permutation(&a->state, ASCON_AEAD128_ROUNDS_PB);
+        in += ASCON_AEAD128_RATE;
+        out += ASCON_AEAD128_RATE;
+        inSz -= ASCON_AEAD128_RATE;
+    }
+    /* Store leftover */
+    xorbufout(out, a->state.s64, in, inSz);
+    XMEMCPY(a->state.s64, in, inSz);
+    a->lastBlkSz = inSz;
+
+    return 0;
+}
+
+int wc_AsconAEAD128_DecryptFinal(wc_AsconAEAD128* a, const byte* tag)
+{
+    if (a == NULL || tag == NULL)
+        return BAD_FUNC_ARG;
+    if (!a->keySet || !a->nonceSet || !a->adSet)
+        return BAD_STATE_E;
+
+    if (a->op != ASCON_AEAD128_DECRYPT)
+        return BAD_STATE_E;
+
+    /* Pad last block */
+    a->state.s8[a->lastBlkSz] ^= 1;
+
+    a->state.s64[2] ^= a->key[0];
+    a->state.s64[3] ^= a->key[1];
+    permutation(&a->state, ASCON_AEAD128_ROUNDS_PA);
+    a->state.s64[3] ^= a->key[0];
+    a->state.s64[4] ^= a->key[1];
+
+    if (ConstantCompare(tag, (const byte*)&a->state.s64[3],
+                        ASCON_AEAD128_TAG_SZ) != 0)
+        return ASCON_AUTH_E;
+
+    /* Clear state as soon as possible */
+    wc_AsconAEAD128_Clear(a);
+
+    return 0;
+}
+
+#endif /* HAVE_ASCON */
diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c
index c36099067..a724114e0 100644
--- a/wolfcrypt/src/asm.c
+++ b/wolfcrypt/src/asm.c
@@ -1,6 +1,6 @@
 /* asm.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /*
  * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca,
@@ -529,6 +524,27 @@ __asm__(                           \
 #define LOOP_START \
    mu = c[x] * mp
 
+#ifdef __APPLE__
+
+#define INNERMUL                     \
+__asm__(                             \
+   " mullw    r16,%3,%4       \n\t"  \
+   " mulhwu   r17,%3,%4       \n\t"  \
+   " addc     r16,r16,%2      \n\t"  \
+   " addze    r17,r17         \n\t"  \
+   " addc     %1,r16,%5       \n\t"  \
+   " addze    %0,r17          \n\t"  \
+:"=r"(cy),"=r"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"r16", "r17", "cc"); ++tmpm;
+
+#define PROPCARRY                    \
+__asm__(                             \
+   " addc     %1,%3,%2      \n\t"    \
+   " xor      %0,%2,%2      \n\t"    \
+   " addze    %0,%2         \n\t"    \
+:"=r"(cy),"=r"(_c[0]):"0"(cy),"1"(_c[0]):"cc");
+
+#else
+
 #define INNERMUL                     \
 __asm__(                             \
    " mullw    16,%3,%4       \n\t"   \
@@ -546,6 +562,8 @@ __asm__(                             \
    " addze    %0,%2         \n\t"    \
 :"=r"(cy),"=r"(_c[0]):"0"(cy),"1"(_c[0]):"cc");
 
+#endif
+
 #elif defined(TFM_PPC64)
 
 /* PPC64 */
@@ -555,6 +573,8 @@ __asm__(                             \
 #define LOOP_START \
    mu = c[x] * mp
 
+#ifdef __APPLE__
+
 #define INNERMUL                      \
 __asm__(                              \
    " mulld    r16,%3,%4       \n\t"   \
@@ -576,6 +596,31 @@ __asm__(                              \
    " addze    %0,%0          \n\t"    \
 :"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"r16","cc");
 
+#else
+
+#define INNERMUL                     \
+__asm__(                             \
+   " mulld    16,%3,%4       \n\t"   \
+   " mulhdu   17,%3,%4       \n\t"   \
+   " addc     16,16,%0       \n\t"   \
+   " addze    17,17          \n\t"   \
+   " ldx      18,0,%1        \n\t"   \
+   " addc     16,16,18       \n\t"   \
+   " addze    %0,17          \n\t"   \
+   " sdx      16,0,%1        \n\t"   \
+:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","cc"); ++tmpm;
+
+#define PROPCARRY                    \
+__asm__(                             \
+   " ldx      16,0,%1       \n\t"    \
+   " addc     16,16,%0      \n\t"    \
+   " sdx      16,0,%1       \n\t"    \
+   " xor      %0,%0,%0      \n\t"    \
+   " addze    %0,%0         \n\t"    \
+:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"16","cc");
+
+#endif
+
 /******************************************************************/
 
 #elif defined(TFM_AVR32)
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 2d9d2b46e..8148a2cba 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1,6 +1,6 @@
 /* asn.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,11 +34,8 @@
  * Provides routines to convert BER into DER. Replaces indefinite length
  * encoded items with explicit lengths.
  */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
 
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /*
 ASN Options:
@@ -56,6 +53,8 @@ ASN Options:
  * WOLFSSL_CERT_GEN: Cert generation. Saves extra certificate info in GetName.
  * WOLFSSL_NO_ASN_STRICT: Disable strict RFC compliance checks to
     restore 3.13.0 behavior.
+ * WOLFSSL_ASN_ALLOW_0_SERIAL: Even if WOLFSSL_NO_ASN_STRICT is not defined,
+    allow a length=1, but zero value serial number.
  * WOLFSSL_NO_OCSP_OPTIONAL_CERTS: Skip optional OCSP certs (responder issuer
     must still be trusted)
  * WOLFSSL_NO_TRUSTED_CERTS_VERIFY: Workaround for situation where entire cert
@@ -100,9 +99,13 @@ ASN Options:
  *  which is discouraged by X.690 specification - default values shall not
  *  be encoded.
  * NO_TIME_SIGNEDNESS_CHECK: Disabled the time_t signedness check.
+ * WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED: Allows the ECDSA/EdDSA signature
+ *  algorithms in certificates to have NULL parameter instead of empty.
+ *  DO NOT enable this unless required for interoperability.
+ * WOLFSSL_ASN_EXTRA: Make more ASN.1 APIs available regardless of internal
+ *  usage.
 */
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifndef NO_RSA
     #include <wolfssl/wolfcrypt/rsa.h>
     #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_CRYPTOCELL)
@@ -121,7 +124,6 @@ ASN Options:
 #include <wolfssl/wolfcrypt/aes.h>
 #include <wolfssl/wolfcrypt/rc2.h>
 #include <wolfssl/wolfcrypt/wc_encrypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 
 #include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/hash.h>
@@ -1092,7 +1094,7 @@ static int GetASN_Integer(const byte* input, word32 idx, int length,
  * @return  0 on success.
  * @return  ASN_PARSE_E when unused bits is invalid.
  */
-static int GetASN_BitString(const byte* input, word32 idx, int length)
+int GetASN_BitString(const byte* input, word32 idx, int length)
 {
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
@@ -1266,8 +1268,8 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
             /* Fill number with all of data. */
             *data->data.u16 = 0;
             for (i = 0; i < len; i++) {
-                *data->data.u16 <<= 8;
-                *data->data.u16 |= input[idx + (word32)i] ;
+                *data->data.u16 = (word16)(*data->data.u16 << 8U);
+                *data->data.u16 = (word16)(*data->data.u16 | input[idx + (word32)i]);
             }
             break;
         case ASN_DATA_TYPE_WORD32:
@@ -1293,7 +1295,7 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
                 WOLFSSL_MSG_VSNPRINTF("Buffer too small for data: %d %d", len,
                         *data->data.buffer.length);
             #endif
-                return ASN_PARSE_E;
+                return BUFFER_E;
             }
             /* Copy in data and record actual length seen. */
             XMEMCPY(data->data.buffer.data, input + idx, (size_t)len);
@@ -1498,6 +1500,8 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
     int    minDepth;
     /* Integer had a zero prepended. */
     int    zeroPadded;
+    word32 tmpW32Val;
+    signed char tmpScharVal;
 
 #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
     WOLFSSL_ENTER("GetASN_Items");
@@ -1536,14 +1540,18 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
         /* Check if first of numbered choice. */
         if (choice == 0 && asn[i].optional > 1) {
             choice = asn[i].optional;
-            if (choiceMet[choice - 2] == -1) {
+            tmpScharVal = choiceMet[choice - 2];
+            XFENCE(); /* Prevent memory access */
+            if (tmpScharVal == -1) {
                 /* Choice seen but not found a match yet. */
                 choiceMet[choice - 2] = 0;
             }
         }
 
         /* Check for end of data or not a choice and tag not matching. */
-        if (idx == endIdx[depth] || (data[i].dataType != ASN_DATA_TYPE_CHOICE &&
+        tmpW32Val = endIdx[depth];
+        XFENCE(); /* Prevent memory access */
+        if (idx == tmpW32Val || (data[i].dataType != ASN_DATA_TYPE_CHOICE &&
                               (input[idx] & ~ASN_CONSTRUCTED) != asn[i].tag)) {
             if (asn[i].optional) {
                 /* Skip over ASN.1 items underneath this optional item. */
@@ -1611,6 +1619,7 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
 
         /* Store found tag in data. */
         data[i].tag = input[idx];
+        XFENCE(); /* Prevent memory access */
         if (data[i].dataType != ASN_DATA_TYPE_CHOICE) {
             int constructed = (input[idx] & ASN_CONSTRUCTED) == ASN_CONSTRUCTED;
             /* Check constructed match expected for non-choice ASN.1 item. */
@@ -2437,8 +2446,9 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx,
             ret = ASN_PARSE_E;
         }
         else if ((input[(int)idx + length - 1] & 0x80) == 0x80) {
-            /* Last octet of a sub-identifier has bit 8 clear. Last octet must be
-            * last of a subidentifier. Ensure last octet hasn't got top bit set. */
+            /* Last octet of a sub-identifier has bit 8 clear. Last octet must
+             * be last of a subidentifier. Ensure last octet hasn't got top bit
+             * set. */
             WOLFSSL_MSG("OID last octet has top bit set");
             ret = ASN_PARSE_E;
         }
@@ -2471,7 +2481,7 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx,
  * @return  BUFFER_E when there is not enough data to parse.
  * @return  ASN_PARSE_E when the expected tag is not found or length is invalid.
  */
-static int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
+int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
                         word32 maxIdx)
 {
     return GetASNHeader_ex(input, tag, inOutIdx, len, maxIdx, 1);
@@ -3164,7 +3174,7 @@ int GetMyVersion(const byte* input, word32* inOutIdx,
 }
 
 
-#ifndef NO_PWDBASED
+#if !defined(NO_PWDBASED) || defined(WOLFSSL_ASN_EXTRA)
 /* Decode small integer, 32 bits or less.
  *
  * @param [in]      input     Buffer of BER data.
@@ -3229,8 +3239,10 @@ int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx)
     return ret;
 #endif
 }
+#endif /* !NO_PWDBASED || WOLFSSL_ASN_EXTRA */
 
 
+#ifndef NO_PWDBASED
 #if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS8) || \
      defined(HAVE_PKCS12)
 /* Set small integer, 32 bits or less. DER encoding with no leading 0s
@@ -3613,8 +3625,8 @@ word32 SetIndefEnd(byte* output)
 
 /* Breaks an octet string up into chunks for use with streaming
  * returns 0 on success and updates idx */
-int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outSz,
-    word32* idx)
+int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out,
+                      word32* outSz, word32* idx)
 {
     word32 i  = 0;
     word32 outIdx = *idx;
@@ -3653,7 +3665,7 @@ int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outS
     }
     else {
         *outSz = outIdx;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 }
 
@@ -4021,7 +4033,7 @@ int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz)
     /* Return the length of the DER encoded ASN.1 */
     *derSz = j;
     if (der == NULL) {
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 end:
 #ifdef WOLFSSL_SMALL_STACK
@@ -4221,6 +4233,7 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
 #endif /* HAVE_FACON */
 #ifdef HAVE_DILITHIUM
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */
     static const byte sigDilithium_Level2Oid[] =
         {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4};
@@ -4232,6 +4245,19 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */
     static const byte sigDilithium_Level5Oid[] =
         {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7};
+#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+
+    /* ML-DSA Level 2: 2.16.840.1.101.3.4.3.17 */
+    static const byte sigMlDsa_Level2Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 17};
+
+    /* ML-DSA Level 3: 2.16.840.1.101.3.4.3.18 */
+    static const byte sigMlDsa_Level3Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 18};
+
+    /* ML-DSA Level 5: 2.16.840.1.101.3.4.3.19 */
+    static const byte sigMlDsa_Level5Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 19};
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
@@ -4295,6 +4321,7 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */
     static const byte keyDilithium_Level2Oid[] =
         {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4};
@@ -4306,6 +4333,19 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */
     static const byte keyDilithium_Level5Oid[] =
         {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7};
+#endif
+
+    /* ML-DSA Level 2: 2.16.840.1.101.3.4.3.17 */
+    static const byte keyMlDsa_Level2Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 17};
+
+    /* ML-DSA Level 3: 2.16.840.1.101.3.4.3.18 */
+    static const byte keyMlDsa_Level3Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 18};
+
+    /* ML-DSA Level 5: 2.16.840.1.101.3.4.3.19 */
+    static const byte keyMlDsa_Level5Oid[] =
+        {96, 134, 72, 1, 101, 3, 4, 3, 19};
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
@@ -4451,16 +4491,271 @@ static const byte extAuthInfoCaIssuerOid[] = {43, 6, 1, 5, 5, 7, 48, 2};
 
 /* certPolicyType */
 static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0};
+static const byte extCertPolicyIsrgDomainValid[] =
+    {43, 6, 1, 4, 1, 130, 223, 19, 1, 1, 1};
 #ifdef WOLFSSL_FPKI
 #define CERT_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 3, num}
+    static const byte extCertPolicyFpkiHighAssuranceOid[] =
+            CERT_POLICY_TYPE_OID_BASE(4);
+    static const byte extCertPolicyFpkiCommonHardwareOid[] =
+            CERT_POLICY_TYPE_OID_BASE(7);
+    static const byte extCertPolicyFpkiMediumHardwareOid[] =
+            CERT_POLICY_TYPE_OID_BASE(12);
     static const byte extCertPolicyFpkiCommonAuthOid[] =
             CERT_POLICY_TYPE_OID_BASE(13);
+    static const byte extCertPolicyFpkiCommonHighOid[] =
+            CERT_POLICY_TYPE_OID_BASE(16);
+    static const byte extCertPolicyFpkiCommonDevicesHardwareOid[] =
+            CERT_POLICY_TYPE_OID_BASE(36);
+    static const byte extCertPolicyFpkiCommonPivContentSigningOid[] =
+            CERT_POLICY_TYPE_OID_BASE(39);
     static const byte extCertPolicyFpkiPivAuthOid[] =
             CERT_POLICY_TYPE_OID_BASE(40);
     static const byte extCertPolicyFpkiPivAuthHwOid[] =
             CERT_POLICY_TYPE_OID_BASE(41);
     static const byte extCertPolicyFpkiPiviAuthOid[] =
             CERT_POLICY_TYPE_OID_BASE(45);
+
+    /* DoD PKI OIDs - 2.16.840.1.101.2.1.11.X */
+    #define DOD_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 2, 1, 11, num}
+    static const byte extCertPolicyDodMediumOid[] =
+            DOD_POLICY_TYPE_OID_BASE(5);
+    static const byte extCertPolicyDodMediumHardwareOid[] =
+            DOD_POLICY_TYPE_OID_BASE(9);
+    static const byte extCertPolicyDodPivAuthOid[] =
+            DOD_POLICY_TYPE_OID_BASE(10);
+    static const byte extCertPolicyDodMediumNpeOid[] =
+            DOD_POLICY_TYPE_OID_BASE(17);
+    static const byte extCertPolicyDodMedium2048Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(18);
+    static const byte extCertPolicyDodMediumHardware2048Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(19);
+    static const byte extCertPolicyDodPivAuth2048Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(20);
+    static const byte extCertPolicyDodPeerInteropOid[] =
+            DOD_POLICY_TYPE_OID_BASE(31);
+    static const byte extCertPolicyDodMediumNpe112Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(36);
+    static const byte extCertPolicyDodMediumNpe128Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(37);
+    static const byte extCertPolicyDodMediumNpe192Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(38);
+    static const byte extCertPolicyDodMedium112Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(39);
+    static const byte extCertPolicyDodMedium128Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(40);
+    static const byte extCertPolicyDodMedium192Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(41);
+    static const byte extCertPolicyDodMediumHardware112Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(42);
+    static const byte extCertPolicyDodMediumHardware128Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(43);
+    static const byte extCertPolicyDodMediumHardware192Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(44);
+    static const byte extCertPolicyDodAdminOid[] =
+            DOD_POLICY_TYPE_OID_BASE(59);
+    static const byte extCertPolicyDodInternalNpe112Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(60);
+    static const byte extCertPolicyDodInternalNpe128Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(61);
+    static const byte extCertPolicyDodInternalNpe192Oid[] =
+            DOD_POLICY_TYPE_OID_BASE(62);
+
+    /* ECA PKI OIDs - 2.16.840.1.101.3.2.1.12.X */
+    #define ECA_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 12, num}
+    static const byte extCertPolicyEcaMediumOid[] =
+            ECA_POLICY_TYPE_OID_BASE(1);
+    static const byte extCertPolicyEcaMediumHardwareOid[] =
+            ECA_POLICY_TYPE_OID_BASE(2);
+    static const byte extCertPolicyEcaMediumTokenOid[] =
+            ECA_POLICY_TYPE_OID_BASE(3);
+    static const byte extCertPolicyEcaMediumSha256Oid[] =
+            ECA_POLICY_TYPE_OID_BASE(4);
+    static const byte extCertPolicyEcaMediumTokenSha256Oid[] =
+            ECA_POLICY_TYPE_OID_BASE(5);
+    static const byte extCertPolicyEcaMediumHardwarePiviOid[] =
+            ECA_POLICY_TYPE_OID_BASE(6);
+    static const byte extCertPolicyEcaContentSigningPiviOid[] =
+            ECA_POLICY_TYPE_OID_BASE(8);
+    static const byte extCertPolicyEcaMediumDeviceSha256Oid[] =
+            ECA_POLICY_TYPE_OID_BASE(9);
+    static const byte extCertPolicyEcaMediumHardwareSha256Oid[] =
+            ECA_POLICY_TYPE_OID_BASE(10);
+
+    /* Department of State PKI OIDs - 2.16.840.1.101.3.2.1.6.X */
+    #define STATE_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 6, num}
+    static const byte extCertPolicyStateHighOid[] =
+            STATE_POLICY_TYPE_OID_BASE(4);
+    static const byte extCertPolicyStateMedHwOid[] =
+            STATE_POLICY_TYPE_OID_BASE(12);
+    static const byte extCertPolicyStateMediumDeviceHardwareOid[] =
+            STATE_POLICY_TYPE_OID_BASE(38);
+
+    /* U.S. Treasury SSP PKI OIDs - 2.16.840.1.101.3.2.1.5.X */
+    #define TREASURY_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 5, num}
+    static const byte extCertPolicyTreasuryMediumHardwareOid[] =
+            TREASURY_POLICY_TYPE_OID_BASE(4);
+    static const byte extCertPolicyTreasuryHighOid[] =
+            TREASURY_POLICY_TYPE_OID_BASE(5);
+    static const byte extCertPolicyTreasuryPiviHardwareOid[] =
+            TREASURY_POLICY_TYPE_OID_BASE(10);
+    static const byte extCertPolicyTreasuryPiviContentSigningOid[] =
+            TREASURY_POLICY_TYPE_OID_BASE(12);
+
+    /* Boeing PKI OIDs - 1.3.6.1.4.1.73.15.3.1.X */
+    #define BOEING_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 73, 15, 3, 1, num}
+    static const byte extCertPolicyBoeingMediumHardwareSha256Oid[] =
+            BOEING_POLICY_TYPE_OID_BASE(12);
+    static const byte extCertPolicyBoeingMediumHardwareContentSigningSha256Oid[] =
+            BOEING_POLICY_TYPE_OID_BASE(17);
+
+    /* Carillon Federal Services OIDs - 1.3.6.1.4.1.45606.3.1.X */
+    #define CARILLON_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 130, 228, 38, 3, 1, num}
+    static const byte extCertPolicyCarillonMediumhw256Oid[] =
+            CARILLON_POLICY_TYPE_OID_BASE(12);
+    static const byte extCertPolicyCarillonAivhwOid[] =
+            CARILLON_POLICY_TYPE_OID_BASE(20);
+    static const byte extCertPolicyCarillonAivcontentOid[] =
+            CARILLON_POLICY_TYPE_OID_BASE(22);
+
+    /* Carillon Information Security OIDs - 1.3.6.1.4.1.25054.3.1.X */
+    #define CIS_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 129, 195, 94, 3, 1, num}
+    static const byte extCertPolicyCisMediumhw256Oid[] =
+            CIS_POLICY_TYPE_OID_BASE(12);
+    static const byte extCertPolicyCisMeddevhw256Oid[] =
+            CIS_POLICY_TYPE_OID_BASE(14);
+    static const byte extCertPolicyCisIcecapHwOid[] =
+            CIS_POLICY_TYPE_OID_BASE(20);
+    static const byte extCertPolicyCisIcecapContentOid[] =
+            CIS_POLICY_TYPE_OID_BASE(22);
+
+    /* CertiPath Bridge OIDs - 1.3.6.1.4.1.24019.1.1.1.X */
+    #define CERTIPATH_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 129, 187, 83, 1, 1, 1, num}
+    static const byte extCertPolicyCertipathMediumhwOid[] =
+            CERTIPATH_POLICY_TYPE_OID_BASE(2);
+    static const byte extCertPolicyCertipathHighhwOid[] =
+            CERTIPATH_POLICY_TYPE_OID_BASE(3);
+    static const byte extCertPolicyCertipathIcecapHwOid[] =
+            CERTIPATH_POLICY_TYPE_OID_BASE(7);
+    static const byte extCertPolicyCertipathIcecapContentOid[] =
+            CERTIPATH_POLICY_TYPE_OID_BASE(9);
+    static const byte extCertPolicyCertipathVarMediumhwOid[] =
+            CERTIPATH_POLICY_TYPE_OID_BASE(18);
+    static const byte extCertPolicyCertipathVarHighhwOid[] =
+            CERTIPATH_POLICY_TYPE_OID_BASE(19);
+
+    /* TSCP Bridge OIDs - 1.3.6.1.4.1.38099.1.1.1.X */
+    #define TSCP_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 130, 169, 83, 1, 1, 1, num}
+    static const byte extCertPolicyTscpMediumhwOid[] =
+            TSCP_POLICY_TYPE_OID_BASE(2);
+    static const byte extCertPolicyTscpPiviOid[] =
+            TSCP_POLICY_TYPE_OID_BASE(5);
+    static const byte extCertPolicyTscpPiviContentOid[] =
+            TSCP_POLICY_TYPE_OID_BASE(7);
+
+    /* DigiCert NFI PKI OIDs - 2.16.840.1.113733.1.7.23.3.1.X */
+    #define DIGICERT_NFI_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 134, 248, 69, 1, 7, 23, 3, 1, num}
+    static const byte extCertPolicyDigicertNfiMediumHardwareOid[] =
+            DIGICERT_NFI_POLICY_TYPE_OID_BASE(7);
+    static const byte extCertPolicyDigicertNfiAuthOid[] =
+            DIGICERT_NFI_POLICY_TYPE_OID_BASE(13);
+    static const byte extCertPolicyDigicertNfiPiviHardwareOid[] =
+            DIGICERT_NFI_POLICY_TYPE_OID_BASE(18);
+    static const byte extCertPolicyDigicertNfiPiviContentSigningOid[] =
+            DIGICERT_NFI_POLICY_TYPE_OID_BASE(20);
+    static const byte extCertPolicyDigicertNfiMediumDevicesHardwareOid[] =
+            DIGICERT_NFI_POLICY_TYPE_OID_BASE(36);
+
+    /* Entrust Managed Services NFI PKI OIDs - 2.16.840.1.114027.200.3.10.7.X */
+    #define ENTRUST_NFI_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 134, 250, 107, 129, 72, 3, 10, 7, num}
+    static const byte extCertPolicyEntrustNfiMediumHardwareOid[] =
+            ENTRUST_NFI_POLICY_TYPE_OID_BASE(2);
+    static const byte extCertPolicyEntrustNfiMediumAuthenticationOid[] =
+            ENTRUST_NFI_POLICY_TYPE_OID_BASE(4);
+    static const byte extCertPolicyEntrustNfiPiviHardwareOid[] =
+            ENTRUST_NFI_POLICY_TYPE_OID_BASE(6);
+    static const byte extCertPolicyEntrustNfiPiviContentSigningOid[] =
+            ENTRUST_NFI_POLICY_TYPE_OID_BASE(9);
+    static const byte extCertPolicyEntrustNfiMediumDevicesHwOid[] =
+            ENTRUST_NFI_POLICY_TYPE_OID_BASE(16);
+
+    /* Exostar LLC PKI OIDs - 1.3.6.1.4.1.13948.1.1.1.X */
+    #define EXOSTAR_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 236, 124, 1, 1, 1, num}
+    static const byte extCertPolicyExostarMediumHardwareSha2Oid[] =
+            EXOSTAR_POLICY_TYPE_OID_BASE(6);
+
+    /* IdenTrust NFI OIDs - 2.16.840.1.113839.0.100.X.Y */
+    #define IDENTRUST_POLICY_TYPE_OID_BASE(num1, num2) {96, 134, 72, 1, 134, 249, 47, 0, 100, num1, num2}
+    static const byte extCertPolicyIdentrustMediumhwSignOid[] =
+            IDENTRUST_POLICY_TYPE_OID_BASE(12, 1);
+    static const byte extCertPolicyIdentrustMediumhwEncOid[] =
+            IDENTRUST_POLICY_TYPE_OID_BASE(12, 2);
+    static const byte extCertPolicyIdentrustPiviHwIdOid[] =
+            IDENTRUST_POLICY_TYPE_OID_BASE(18, 0);
+    static const byte extCertPolicyIdentrustPiviHwSignOid[] =
+            IDENTRUST_POLICY_TYPE_OID_BASE(18, 1);
+    static const byte extCertPolicyIdentrustPiviHwEncOid[] =
+            IDENTRUST_POLICY_TYPE_OID_BASE(18, 2);
+    static const byte extCertPolicyIdentrustPiviContentOid[] =
+            IDENTRUST_POLICY_TYPE_OID_BASE(20, 1);
+
+    /* Lockheed Martin PKI OIDs - 1.3.6.1.4.1.103.100.1.1.3.X */
+    #define LOCKHEED_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 103, 100, 1, 1, 3, num}
+    static const byte extCertPolicyLockheedMediumAssuranceHardwareOid[] =
+            LOCKHEED_POLICY_TYPE_OID_BASE(3);
+
+    /* Northrop Grumman PKI OIDs - 1.3.6.1.4.1.16334.509.2.X */
+    #define NORTHROP_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 255, 78, 131, 125, 2, num}
+    static const byte extCertPolicyNorthropMediumAssurance256HardwareTokenOid[] =
+            NORTHROP_POLICY_TYPE_OID_BASE(8);
+    static const byte extCertPolicyNorthropPiviAssurance256HardwareTokenOid[] =
+            NORTHROP_POLICY_TYPE_OID_BASE(9);
+    static const byte extCertPolicyNorthropPiviAssurance256ContentSigningOid[] =
+            NORTHROP_POLICY_TYPE_OID_BASE(11);
+    static const byte extCertPolicyNorthropMediumAssurance384HardwareTokenOid[] =
+            NORTHROP_POLICY_TYPE_OID_BASE(14);
+
+    /* Raytheon PKI OIDs - 1.3.6.1.4.1.1569.10.1.X and 1.3.6.1.4.1.26769.10.1.X */
+    #define RAYTHEON_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 140, 33, 10, 1, num}
+    static const byte extCertPolicyRaytheonMediumHardwareOid[] =
+            RAYTHEON_POLICY_TYPE_OID_BASE(12);
+    static const byte extCertPolicyRaytheonMediumDeviceHardwareOid[] =
+            RAYTHEON_POLICY_TYPE_OID_BASE(18);
+
+    #define RAYTHEON_SHA2_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 129, 209, 17, 10, 1, num}
+    static const byte extCertPolicyRaytheonSha2MediumHardwareOid[] =
+            RAYTHEON_SHA2_POLICY_TYPE_OID_BASE(12);
+    static const byte extCertPolicyRaytheonSha2MediumDeviceHardwareOid[] =
+            RAYTHEON_SHA2_POLICY_TYPE_OID_BASE(18);
+
+    /* WidePoint NFI PKI OIDs - 1.3.6.1.4.1.3922.1.1.1.X */
+    #define WIDEPOINT_NFI_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 158, 82, 1, 1, 1, num}
+    static const byte extCertPolicyWidepointNfiMediumHardwareOid[] =
+            WIDEPOINT_NFI_POLICY_TYPE_OID_BASE(12);
+    static const byte extCertPolicyWidepointNfiPiviHardwareOid[] =
+            WIDEPOINT_NFI_POLICY_TYPE_OID_BASE(18);
+    static const byte extCertPolicyWidepointNfiPiviContentSigningOid[] =
+            WIDEPOINT_NFI_POLICY_TYPE_OID_BASE(20);
+    static const byte extCertPolicyWidepointNfiMediumDevicesHardwareOid[] =
+            WIDEPOINT_NFI_POLICY_TYPE_OID_BASE(38);
+
+    /* Australian Defence Organisation PKI OIDs - 1.2.36.1.334.1.2.X.X */
+    #define ADO_POLICY_TYPE_OID_BASE(type, num) {42, 36, 1, 130, 78, 1, 2, type, num}
+    static const byte extCertPolicyAdoIndividualMediumAssuranceOid[] =
+            ADO_POLICY_TYPE_OID_BASE(1, 2);
+    static const byte extCertPolicyAdoIndividualHighAssuranceOid[] =
+            ADO_POLICY_TYPE_OID_BASE(1, 3);
+    static const byte extCertPolicyAdoResourceMediumAssuranceOid[] =
+            ADO_POLICY_TYPE_OID_BASE(2, 2);
+
+    /* Netherlands Ministry of Defence PKI OIDs - 2.16.528.1.1003.1.2.5.X */
+    #define NL_MOD_POLICY_TYPE_OID_BASE(num) {96, 132, 16, 1, 135, 107, 1, 2, 5, num}
+    static const byte extCertPolicyNlModAuthenticityOid[] =
+            NL_MOD_POLICY_TYPE_OID_BASE(1);
+    static const byte extCertPolicyNlModIrrefutabilityOid[] =
+            NL_MOD_POLICY_TYPE_OID_BASE(2);
+    static const byte extCertPolicyNlModConfidentialityOid[] =
+            NL_MOD_POLICY_TYPE_OID_BASE(3);
 #endif /* WOLFSSL_FPKI */
 
 /* certAltNameType */
@@ -4557,6 +4852,7 @@ static const byte dnsSRVOid[] = {43, 6, 1, 5, 5, 7, 8, 7};
 /* Pilot attribute types (0.9.2342.19200300.100.1.*) */
 #define PLT_ATTR_TYPE_OID_BASE(num) {9, 146, 38, 137, 147, 242, 44, 100, 1, num}
 static const byte uidOid[] = PLT_ATTR_TYPE_OID_BASE(1); /* user id */
+static const byte rfc822Mlbx[] = PLT_ATTR_TYPE_OID_BASE(3); /* RFC822 mailbox */
 static const byte fvrtDrk[] = PLT_ATTR_TYPE_OID_BASE(5);/* favourite drink*/
 #endif
 
@@ -4574,6 +4870,11 @@ static const byte dcOid[] = {9, 146, 38, 137, 147, 242, 44, 100, 1, 25}; /* doma
  *
  * Use oidIgnoreType to autofail.
  *
+ * Note that while this function currently handles a large
+ * number of FPKI certificate policy OIDs, these OIDs are not
+ * currently being handled in the code, they are just recognized
+ * as valid OIDs.
+ *
  * @param [in]  id     OID id.
  * @param [in]  type   Type of OID (enum Oid_Types).
  * @param [out] oidSz  Length of OID byte array returned.
@@ -4849,7 +5150,8 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     *oidSz = sizeof(sigFalcon_Level5Oid);
                     break;
                 #endif /* HAVE_FALCON */
-                #ifdef HAVE_DILITHIUM
+            #ifdef HAVE_DILITHIUM
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case CTC_DILITHIUM_LEVEL2:
                     oid = sigDilithium_Level2Oid;
                     *oidSz = sizeof(sigDilithium_Level2Oid);
@@ -4862,7 +5164,20 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     oid = sigDilithium_Level5Oid;
                     *oidSz = sizeof(sigDilithium_Level5Oid);
                     break;
-                #endif /* HAVE_DILITHIUM */
+                #endif
+                case CTC_ML_DSA_LEVEL2:
+                    oid = sigMlDsa_Level2Oid;
+                    *oidSz = sizeof(sigMlDsa_Level2Oid);
+                    break;
+                case CTC_ML_DSA_LEVEL3:
+                    oid = sigMlDsa_Level3Oid;
+                    *oidSz = sizeof(sigMlDsa_Level3Oid);
+                    break;
+                case CTC_ML_DSA_LEVEL5:
+                    oid = sigMlDsa_Level5Oid;
+                    *oidSz = sizeof(sigMlDsa_Level5Oid);
+                    break;
+            #endif /* HAVE_DILITHIUM */
                 #ifdef HAVE_SPHINCS
                 case CTC_SPHINCS_FAST_LEVEL1:
                     oid = sigSphincsFast_Level1Oid;
@@ -4960,7 +5275,8 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     *oidSz = sizeof(keyFalcon_Level5Oid);
                     break;
                 #endif /* HAVE_FALCON */
-                #ifdef HAVE_DILITHIUM
+            #ifdef HAVE_DILITHIUM
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case DILITHIUM_LEVEL2k:
                     oid = keyDilithium_Level2Oid;
                     *oidSz = sizeof(keyDilithium_Level2Oid);
@@ -4973,7 +5289,20 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     oid = keyDilithium_Level5Oid;
                     *oidSz = sizeof(keyDilithium_Level5Oid);
                     break;
-                #endif /* HAVE_DILITHIUM */
+                #endif
+                case ML_DSA_LEVEL2k:
+                    oid = keyMlDsa_Level2Oid;
+                    *oidSz = sizeof(keyMlDsa_Level2Oid);
+                    break;
+                case ML_DSA_LEVEL3k:
+                    oid = keyMlDsa_Level3Oid;
+                    *oidSz = sizeof(keyMlDsa_Level3Oid);
+                    break;
+                case ML_DSA_LEVEL5k:
+                    oid = keyMlDsa_Level5Oid;
+                    *oidSz = sizeof(keyMlDsa_Level5Oid);
+                    break;
+            #endif /* HAVE_DILITHIUM */
                 #ifdef HAVE_SPHINCS
                 case SPHINCS_FAST_LEVEL1k:
                     oid = keySphincsFast_Level1Oid;
@@ -5222,7 +5551,35 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     oid = extCertPolicyAnyOid;
                     *oidSz = sizeof(extCertPolicyAnyOid);
                     break;
+                case CP_ISRG_DOMAIN_VALID:
+                    oid = extCertPolicyIsrgDomainValid;
+                    *oidSz = sizeof(extCertPolicyIsrgDomainValid);
+                    break;
                 #if defined(WOLFSSL_FPKI)
+                case CP_FPKI_HIGH_ASSURANCE_OID:
+                    oid = extCertPolicyFpkiHighAssuranceOid;
+                    *oidSz = sizeof(extCertPolicyFpkiHighAssuranceOid);
+                    break;
+                case CP_FPKI_COMMON_HARDWARE_OID:
+                    oid = extCertPolicyFpkiCommonHardwareOid;
+                    *oidSz = sizeof(extCertPolicyFpkiCommonHardwareOid);
+                    break;
+                case CP_FPKI_MEDIUM_HARDWARE_OID:
+                    oid = extCertPolicyFpkiMediumHardwareOid;
+                    *oidSz = sizeof(extCertPolicyFpkiMediumHardwareOid);
+                    break;
+                case CP_FPKI_COMMON_HIGH_OID:
+                    oid = extCertPolicyFpkiCommonHighOid;
+                    *oidSz = sizeof(extCertPolicyFpkiCommonHighOid);
+                    break;
+                case CP_FPKI_COMMON_DEVICES_HARDWARE_OID:
+                    oid = extCertPolicyFpkiCommonDevicesHardwareOid;
+                    *oidSz = sizeof(extCertPolicyFpkiCommonDevicesHardwareOid);
+                    break;
+                case CP_FPKI_COMMON_PIV_CONTENT_SIGNING_OID:
+                    oid = extCertPolicyFpkiCommonPivContentSigningOid;
+                    *oidSz = sizeof(extCertPolicyFpkiCommonPivContentSigningOid);
+                    break;
                 case CP_FPKI_COMMON_AUTH_OID:
                     oid = extCertPolicyFpkiCommonAuthOid;
                     *oidSz = sizeof(extCertPolicyFpkiCommonAuthOid);
@@ -5239,6 +5596,404 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     oid = extCertPolicyFpkiPiviAuthOid;
                     *oidSz = sizeof(extCertPolicyFpkiPiviAuthOid);
                     break;
+                case CP_DOD_MEDIUM_OID:
+                    oid = extCertPolicyDodMediumOid;
+                    *oidSz = sizeof(extCertPolicyDodMediumOid);
+                    break;
+                case CP_DOD_MEDIUM_HARDWARE_OID:
+                    oid = extCertPolicyDodMediumHardwareOid;
+                    *oidSz = sizeof(extCertPolicyDodMediumHardwareOid);
+                    break;
+                case CP_DOD_PIV_AUTH_OID:
+                    oid = extCertPolicyDodPivAuthOid;
+                    *oidSz = sizeof(extCertPolicyDodPivAuthOid);
+                    break;
+                case CP_DOD_MEDIUM_NPE_OID:
+                    oid = extCertPolicyDodMediumNpeOid;
+                    *oidSz = sizeof(extCertPolicyDodMediumNpeOid);
+                    break;
+                case CP_DOD_MEDIUM_2048_OID:
+                    oid = extCertPolicyDodMedium2048Oid;
+                    *oidSz = sizeof(extCertPolicyDodMedium2048Oid);
+                    break;
+                case CP_DOD_MEDIUM_HARDWARE_2048_OID:
+                    oid = extCertPolicyDodMediumHardware2048Oid;
+                    *oidSz = sizeof(extCertPolicyDodMediumHardware2048Oid);
+                    break;
+                case CP_DOD_PIV_AUTH_2048_OID:
+                    oid = extCertPolicyDodPivAuth2048Oid;
+                    *oidSz = sizeof(extCertPolicyDodPivAuth2048Oid);
+                    break;
+                case CP_DOD_PEER_INTEROP_OID:
+                    oid = extCertPolicyDodPeerInteropOid;
+                    *oidSz = sizeof(extCertPolicyDodPeerInteropOid);
+                    break;
+                case CP_DOD_MEDIUM_NPE_112_OID:
+                    oid = extCertPolicyDodMediumNpe112Oid;
+                    *oidSz = sizeof(extCertPolicyDodMediumNpe112Oid);
+                    break;
+                case CP_DOD_MEDIUM_NPE_128_OID:
+                    oid = extCertPolicyDodMediumNpe128Oid;
+                    *oidSz = sizeof(extCertPolicyDodMediumNpe128Oid);
+                    break;
+                case CP_DOD_MEDIUM_NPE_192_OID:
+                    oid = extCertPolicyDodMediumNpe192Oid;
+                    *oidSz = sizeof(extCertPolicyDodMediumNpe192Oid);
+                    break;
+                case CP_DOD_MEDIUM_112_OID:
+                    oid = extCertPolicyDodMedium112Oid;
+                    *oidSz = sizeof(extCertPolicyDodMedium112Oid);
+                    break;
+                case CP_DOD_MEDIUM_128_OID:
+                    oid = extCertPolicyDodMedium128Oid;
+                    *oidSz = sizeof(extCertPolicyDodMedium128Oid);
+                    break;
+                case CP_DOD_MEDIUM_192_OID:
+                    oid = extCertPolicyDodMedium192Oid;
+                    *oidSz = sizeof(extCertPolicyDodMedium192Oid);
+                    break;
+                case CP_DOD_MEDIUM_HARDWARE_112_OID:
+                    oid = extCertPolicyDodMediumHardware112Oid;
+                    *oidSz = sizeof(extCertPolicyDodMediumHardware112Oid);
+                    break;
+                case CP_DOD_MEDIUM_HARDWARE_128_OID:
+                    oid = extCertPolicyDodMediumHardware128Oid;
+                    *oidSz = sizeof(extCertPolicyDodMediumHardware128Oid);
+                    break;
+                case CP_DOD_MEDIUM_HARDWARE_192_OID:
+                    oid = extCertPolicyDodMediumHardware192Oid;
+                    *oidSz = sizeof(extCertPolicyDodMediumHardware192Oid);
+                    break;
+                case CP_DOD_ADMIN_OID:
+                    oid = extCertPolicyDodAdminOid;
+                    *oidSz = sizeof(extCertPolicyDodAdminOid);
+                    break;
+                case CP_DOD_INTERNAL_NPE_112_OID:
+                    oid = extCertPolicyDodInternalNpe112Oid;
+                    *oidSz = sizeof(extCertPolicyDodInternalNpe112Oid);
+                    break;
+                case CP_DOD_INTERNAL_NPE_128_OID:
+                    oid = extCertPolicyDodInternalNpe128Oid;
+                    *oidSz = sizeof(extCertPolicyDodInternalNpe128Oid);
+                    break;
+                case CP_DOD_INTERNAL_NPE_192_OID:
+                    oid = extCertPolicyDodInternalNpe192Oid;
+                    *oidSz = sizeof(extCertPolicyDodInternalNpe192Oid);
+                    break;
+                case CP_ECA_MEDIUM_OID:
+                    oid = extCertPolicyEcaMediumOid;
+                    *oidSz = sizeof(extCertPolicyEcaMediumOid);
+                    break;
+                case CP_ECA_MEDIUM_HARDWARE_OID:
+                    oid = extCertPolicyEcaMediumHardwareOid;
+                    *oidSz = sizeof(extCertPolicyEcaMediumHardwareOid);
+                    break;
+                case CP_ECA_MEDIUM_TOKEN_OID:
+                    oid = extCertPolicyEcaMediumTokenOid;
+                    *oidSz = sizeof(extCertPolicyEcaMediumTokenOid);
+                    break;
+                case CP_ECA_MEDIUM_SHA256_OID:
+                    oid = extCertPolicyEcaMediumSha256Oid;
+                    *oidSz = sizeof(extCertPolicyEcaMediumSha256Oid);
+                    break;
+                case CP_ECA_MEDIUM_TOKEN_SHA256_OID:
+                    oid = extCertPolicyEcaMediumTokenSha256Oid;
+                    *oidSz = sizeof(extCertPolicyEcaMediumTokenSha256Oid);
+                    break;
+                case CP_ECA_MEDIUM_HARDWARE_PIVI_OID:
+                    oid = extCertPolicyEcaMediumHardwarePiviOid;
+                    *oidSz = sizeof(extCertPolicyEcaMediumHardwarePiviOid);
+                    break;
+                case CP_ECA_CONTENT_SIGNING_PIVI_OID:
+                    oid = extCertPolicyEcaContentSigningPiviOid;
+                    *oidSz = sizeof(extCertPolicyEcaContentSigningPiviOid);
+                    break;
+                case CP_ECA_MEDIUM_DEVICE_SHA256_OID:
+                    oid = extCertPolicyEcaMediumDeviceSha256Oid;
+                    *oidSz = sizeof(extCertPolicyEcaMediumDeviceSha256Oid);
+                    break;
+                case CP_ECA_MEDIUM_HARDWARE_SHA256_OID:
+                    oid = extCertPolicyEcaMediumHardwareSha256Oid;
+                    *oidSz = sizeof(extCertPolicyEcaMediumHardwareSha256Oid);
+                    break;
+
+                /* Department of State PKI OIDs */
+                case CP_STATE_HIGH_OID:
+                    oid = extCertPolicyStateHighOid;
+                    *oidSz = sizeof(extCertPolicyStateHighOid);
+                    break;
+                case CP_STATE_MEDHW_OID:
+                    oid = extCertPolicyStateMedHwOid;
+                    *oidSz = sizeof(extCertPolicyStateMedHwOid);
+                    break;
+                case CP_STATE_MEDDEVHW_OID:
+                    oid = extCertPolicyStateMediumDeviceHardwareOid;
+                    *oidSz = sizeof(extCertPolicyStateMediumDeviceHardwareOid);
+                    break;
+
+                /* U.S. Treasury SSP PKI OIDs */
+                case CP_TREAS_MEDIUMHW_OID:
+                    oid = extCertPolicyTreasuryMediumHardwareOid;
+                    *oidSz = sizeof(extCertPolicyTreasuryMediumHardwareOid);
+                    break;
+                case CP_TREAS_HIGH_OID:
+                    oid = extCertPolicyTreasuryHighOid;
+                    *oidSz = sizeof(extCertPolicyTreasuryHighOid);
+                    break;
+                case CP_TREAS_PIVI_HW_OID:
+                    oid = extCertPolicyTreasuryPiviHardwareOid;
+                    *oidSz = sizeof(extCertPolicyTreasuryPiviHardwareOid);
+                    break;
+                case CP_TREAS_PIVI_CONTENT_OID:
+                    oid = extCertPolicyTreasuryPiviContentSigningOid;
+                    *oidSz = sizeof(extCertPolicyTreasuryPiviContentSigningOid);
+                    break;
+
+                /* Boeing PKI OIDs */
+                case CP_BOEING_MEDIUMHW_SHA256_OID:
+                    oid = extCertPolicyBoeingMediumHardwareSha256Oid;
+                    *oidSz = sizeof(extCertPolicyBoeingMediumHardwareSha256Oid);
+                    break;
+                case CP_BOEING_MEDIUMHW_CONTENT_SHA256_OID:
+                    oid = extCertPolicyBoeingMediumHardwareContentSigningSha256Oid;
+                    *oidSz = sizeof(extCertPolicyBoeingMediumHardwareContentSigningSha256Oid);
+                    break;
+
+                /* DigiCert NFI PKI OIDs */
+                case CP_DIGICERT_NFSSP_MEDIUMHW_OID:
+                    oid = extCertPolicyDigicertNfiMediumHardwareOid;
+                    *oidSz = sizeof(extCertPolicyDigicertNfiMediumHardwareOid);
+                    break;
+                case CP_DIGICERT_NFSSP_AUTH_OID:
+                    oid = extCertPolicyDigicertNfiAuthOid;
+                    *oidSz = sizeof(extCertPolicyDigicertNfiAuthOid);
+                    break;
+                case CP_DIGICERT_NFSSP_PIVI_HW_OID:
+                    oid = extCertPolicyDigicertNfiPiviHardwareOid;
+                    *oidSz = sizeof(extCertPolicyDigicertNfiPiviHardwareOid);
+                    break;
+                case CP_DIGICERT_NFSSP_PIVI_CONTENT_OID:
+                    oid = extCertPolicyDigicertNfiPiviContentSigningOid;
+                    *oidSz = sizeof(extCertPolicyDigicertNfiPiviContentSigningOid);
+                    break;
+                case CP_DIGICERT_NFSSP_MEDDEVHW_OID:
+                    oid = extCertPolicyDigicertNfiMediumDevicesHardwareOid;
+                    *oidSz = sizeof(extCertPolicyDigicertNfiMediumDevicesHardwareOid);
+                    break;
+
+                /* Entrust Managed Services NFI PKI OIDs */
+                case CP_ENTRUST_NFSSP_MEDIUMHW_OID:
+                    oid = extCertPolicyEntrustNfiMediumHardwareOid;
+                    *oidSz = sizeof(extCertPolicyEntrustNfiMediumHardwareOid);
+                    break;
+                case CP_ENTRUST_NFSSP_MEDAUTH_OID:
+                    oid = extCertPolicyEntrustNfiMediumAuthenticationOid;
+                    *oidSz = sizeof(extCertPolicyEntrustNfiMediumAuthenticationOid);
+                    break;
+                case CP_ENTRUST_NFSSP_PIVI_HW_OID:
+                    oid = extCertPolicyEntrustNfiPiviHardwareOid;
+                    *oidSz = sizeof(extCertPolicyEntrustNfiPiviHardwareOid);
+                    break;
+                case CP_ENTRUST_NFSSP_PIVI_CONTENT_OID:
+                    oid = extCertPolicyEntrustNfiPiviContentSigningOid;
+                    *oidSz = sizeof(extCertPolicyEntrustNfiPiviContentSigningOid);
+                    break;
+                case CP_ENTRUST_NFSSP_MEDDEVHW_OID:
+                    oid = extCertPolicyEntrustNfiMediumDevicesHwOid;
+                    *oidSz = sizeof(extCertPolicyEntrustNfiMediumDevicesHwOid);
+                    break;
+
+                /* Exostar LLC PKI OIDs */
+                case CP_EXOSTAR_MEDIUMHW_SHA2_OID:
+                    oid = extCertPolicyExostarMediumHardwareSha2Oid;
+                    *oidSz = sizeof(extCertPolicyExostarMediumHardwareSha2Oid);
+                    break;
+
+                /* Lockheed Martin PKI OIDs */
+                case CP_LOCKHEED_MEDIUMHW_OID:
+                    oid = extCertPolicyLockheedMediumAssuranceHardwareOid;
+                    *oidSz = sizeof(extCertPolicyLockheedMediumAssuranceHardwareOid);
+                    break;
+
+                /* Northrop Grumman PKI OIDs */
+                case CP_NORTHROP_MEDIUM_256_HW_OID:
+                    oid = extCertPolicyNorthropMediumAssurance256HardwareTokenOid;
+                    *oidSz = sizeof(extCertPolicyNorthropMediumAssurance256HardwareTokenOid);
+                    break;
+                case CP_NORTHROP_PIVI_256_HW_OID:
+                    oid = extCertPolicyNorthropPiviAssurance256HardwareTokenOid;
+                    *oidSz = sizeof(extCertPolicyNorthropPiviAssurance256HardwareTokenOid);
+                    break;
+                case CP_NORTHROP_PIVI_256_CONTENT_OID:
+                    oid = extCertPolicyNorthropPiviAssurance256ContentSigningOid;
+                    *oidSz = sizeof(extCertPolicyNorthropPiviAssurance256ContentSigningOid);
+                    break;
+                case CP_NORTHROP_MEDIUM_384_HW_OID:
+                    oid = extCertPolicyNorthropMediumAssurance384HardwareTokenOid;
+                    *oidSz = sizeof(extCertPolicyNorthropMediumAssurance384HardwareTokenOid);
+                    break;
+
+                /* Raytheon PKI OIDs */
+                case CP_RAYTHEON_MEDIUMHW_OID:
+                    oid = extCertPolicyRaytheonMediumHardwareOid;
+                    *oidSz = sizeof(extCertPolicyRaytheonMediumHardwareOid);
+                    break;
+                case CP_RAYTHEON_MEDDEVHW_OID:
+                    oid = extCertPolicyRaytheonMediumDeviceHardwareOid;
+                    *oidSz = sizeof(extCertPolicyRaytheonMediumDeviceHardwareOid);
+                    break;
+                case CP_RAYTHEON_SHA2_MEDIUMHW_OID:
+                    oid = extCertPolicyRaytheonSha2MediumHardwareOid;
+                    *oidSz = sizeof(extCertPolicyRaytheonSha2MediumHardwareOid);
+                    break;
+                case CP_RAYTHEON_SHA2_MEDDEVHW_OID:
+                    oid = extCertPolicyRaytheonSha2MediumDeviceHardwareOid;
+                   *oidSz = sizeof(extCertPolicyRaytheonSha2MediumDeviceHardwareOid);
+                    break;
+
+                /* WidePoint NFI PKI OIDs */
+                case CP_WIDEPOINT_MEDIUMHW_OID:
+                    oid = extCertPolicyWidepointNfiMediumHardwareOid;
+                    *oidSz = sizeof(extCertPolicyWidepointNfiMediumHardwareOid);
+                    break;
+                case CP_WIDEPOINT_PIVI_HW_OID:
+                    oid = extCertPolicyWidepointNfiPiviHardwareOid;
+                    *oidSz = sizeof(extCertPolicyWidepointNfiPiviHardwareOid);
+                    break;
+                case CP_WIDEPOINT_PIVI_CONTENT_OID:
+                    oid = extCertPolicyWidepointNfiPiviContentSigningOid;
+                    *oidSz = sizeof(extCertPolicyWidepointNfiPiviContentSigningOid);
+                    break;
+                case CP_WIDEPOINT_MEDDEVHW_OID:
+                    oid = extCertPolicyWidepointNfiMediumDevicesHardwareOid;
+                    *oidSz = sizeof(extCertPolicyWidepointNfiMediumDevicesHardwareOid);
+                    break;
+
+                /* Australian Defence Organisation PKI OIDs */
+                case CP_ADO_MEDIUM_OID:
+                    oid = extCertPolicyAdoIndividualMediumAssuranceOid;
+                    *oidSz = sizeof(extCertPolicyAdoIndividualMediumAssuranceOid);
+                    break;
+                case CP_ADO_HIGH_OID:
+                    oid = extCertPolicyAdoIndividualHighAssuranceOid;
+                    *oidSz = sizeof(extCertPolicyAdoIndividualHighAssuranceOid);
+                    break;
+                case CP_ADO_RESOURCE_MEDIUM_OID:
+                    oid = extCertPolicyAdoResourceMediumAssuranceOid;
+                    *oidSz = sizeof(extCertPolicyAdoResourceMediumAssuranceOid);
+                    break;
+
+                /* Netherlands Ministry of Defence PKI OIDs */
+                case CP_NL_MOD_AUTH_OID:
+                    oid = extCertPolicyNlModAuthenticityOid;
+                    *oidSz = sizeof(extCertPolicyNlModAuthenticityOid);
+                    break;
+                case CP_NL_MOD_IRREFUT_OID:
+                    oid = extCertPolicyNlModIrrefutabilityOid;
+                    *oidSz = sizeof(extCertPolicyNlModIrrefutabilityOid);
+                    break;
+                case CP_NL_MOD_CONFID_OID:
+                    oid = extCertPolicyNlModConfidentialityOid;
+                    *oidSz = sizeof(extCertPolicyNlModConfidentialityOid);
+                    break;
+
+                /* IdenTrust NFI OIDs */
+                case CP_IDENTRUST_MEDIUMHW_SIGN_OID:
+                    oid = extCertPolicyIdentrustMediumhwSignOid;
+                    *oidSz = sizeof(extCertPolicyIdentrustMediumhwSignOid);
+                    break;
+                case CP_IDENTRUST_MEDIUMHW_ENC_OID:
+                    oid = extCertPolicyIdentrustMediumhwEncOid;
+                    *oidSz = sizeof(extCertPolicyIdentrustMediumhwEncOid);
+                    break;
+                case CP_IDENTRUST_PIVI_HW_ID_OID:
+                    oid = extCertPolicyIdentrustPiviHwIdOid;
+                    *oidSz = sizeof(extCertPolicyIdentrustPiviHwIdOid);
+                    break;
+                case CP_IDENTRUST_PIVI_HW_SIGN_OID:
+                    oid = extCertPolicyIdentrustPiviHwSignOid;
+                    *oidSz = sizeof(extCertPolicyIdentrustPiviHwSignOid);
+                    break;
+                case CP_IDENTRUST_PIVI_HW_ENC_OID:
+                    oid = extCertPolicyIdentrustPiviHwEncOid;
+                    *oidSz = sizeof(extCertPolicyIdentrustPiviHwEncOid);
+                    break;
+                case CP_IDENTRUST_PIVI_CONTENT_OID:
+                    oid = extCertPolicyIdentrustPiviContentOid;
+                    *oidSz = sizeof(extCertPolicyIdentrustPiviContentOid);
+                    break;
+
+                /* TSCP Bridge OIDs */
+                case CP_TSCP_MEDIUMHW_OID:
+                    oid = extCertPolicyTscpMediumhwOid;
+                    *oidSz = sizeof(extCertPolicyTscpMediumhwOid);
+                    break;
+                case CP_TSCP_PIVI_OID:
+                    oid = extCertPolicyTscpPiviOid;
+                    *oidSz = sizeof(extCertPolicyTscpPiviOid);
+                    break;
+                case CP_TSCP_PIVI_CONTENT_OID:
+                    oid = extCertPolicyTscpPiviContentOid;
+                    *oidSz = sizeof(extCertPolicyTscpPiviContentOid);
+                    break;
+
+                /* Carillon Federal Services OIDs */
+                case CP_CARILLON_MEDIUMHW_256_OID:
+                    oid = extCertPolicyCarillonMediumhw256Oid;
+                    *oidSz = sizeof(extCertPolicyCarillonMediumhw256Oid);
+                    break;
+                case CP_CARILLON_AIVHW_OID:
+                    oid = extCertPolicyCarillonAivhwOid;
+                    *oidSz = sizeof(extCertPolicyCarillonAivhwOid);
+                    break;
+                case CP_CARILLON_AIVCONTENT_OID:
+                    oid = extCertPolicyCarillonAivcontentOid;
+                    *oidSz = sizeof(extCertPolicyCarillonAivcontentOid);
+                    break;
+
+                /* Carillon Information Security OIDs */
+                case CP_CIS_MEDIUMHW_256_OID:
+                    oid = extCertPolicyCisMediumhw256Oid;
+                    *oidSz = sizeof(extCertPolicyCisMediumhw256Oid);
+                    break;
+                case CP_CIS_MEDDEVHW_256_OID:
+                    oid = extCertPolicyCisMeddevhw256Oid;
+                    *oidSz = sizeof(extCertPolicyCisMeddevhw256Oid);
+                    break;
+                case CP_CIS_ICECAP_HW_OID:
+                    oid = extCertPolicyCisIcecapHwOid;
+                    *oidSz = sizeof(extCertPolicyCisIcecapHwOid);
+                    break;
+                case CP_CIS_ICECAP_CONTENT_OID:
+                    oid = extCertPolicyCisIcecapContentOid;
+                    *oidSz = sizeof(extCertPolicyCisIcecapContentOid);
+                    break;
+
+                /* CertiPath Bridge OIDs */
+                case CP_CERTIPATH_MEDIUMHW_OID:
+                    oid = extCertPolicyCertipathMediumhwOid;
+                    *oidSz = sizeof(extCertPolicyCertipathMediumhwOid);
+                    break;
+                case CP_CERTIPATH_HIGHHW_OID:
+                    oid = extCertPolicyCertipathHighhwOid;
+                    *oidSz = sizeof(extCertPolicyCertipathHighhwOid);
+                    break;
+                case CP_CERTIPATH_ICECAP_HW_OID:
+                    oid = extCertPolicyCertipathIcecapHwOid;
+                    *oidSz = sizeof(extCertPolicyCertipathIcecapHwOid);
+                    break;
+                case CP_CERTIPATH_ICECAP_CONTENT_OID:
+                    oid = extCertPolicyCertipathIcecapContentOid;
+                    *oidSz = sizeof(extCertPolicyCertipathIcecapContentOid);
+                    break;
+                case CP_CERTIPATH_VAR_MEDIUMHW_OID:
+                    oid = extCertPolicyCertipathVarMediumhwOid;
+                    *oidSz = sizeof(extCertPolicyCertipathVarMediumhwOid);
+                    break;
+                case CP_CERTIPATH_VAR_HIGHHW_OID:
+                    oid = extCertPolicyCertipathVarHighhwOid;
+                    *oidSz = sizeof(extCertPolicyCertipathVarHighhwOid);
+                    break;
                 #endif /* WOLFSSL_FPKI */
                 default:
                     break;
@@ -5481,7 +6236,7 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
 #ifdef WOLFSSL_APACHE_HTTPD
         case oidCertNameType:
             switch (id) {
-                 case NID_id_on_dnsSRV:
+                 case WC_NID_id_on_dnsSRV:
                     oid = dnsSRVOid;
                     *oidSz = sizeof(dnsSRVOid);
                     break;
@@ -5640,7 +6395,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz)
     }
 
     /* compute length of encoded OID */
-    d = (in[0] * 40) + in[1];
+    d = ((word32)in[0] * 40) + in[1];
     len = 0;
     for (i = 1; i < (int)inSz; i++) {
         x = 0;
@@ -5663,7 +6418,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz)
         }
 
         /* calc first byte */
-        d = (in[0] * 40) + in[1];
+        d = ((word32)in[0] * 40) + in[1];
 
         /* encode bytes */
         x = 0;
@@ -5698,7 +6453,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz)
     }
 
     /* return length */
-    *outSz = len;
+    *outSz = (word32)len;
 
     return 0;
 }
@@ -5854,6 +6609,151 @@ static int DumpOID(const byte* oidData, word32 oidSz, word32 oid,
 }
 #endif /* ASN_DUMP_OID */
 
+#ifdef WOLFSSL_FPKI
+/* Handles the large number of collisions from FPKI certificate policy
+ * OID sums.  Returns a special value (100000 + actual sum) if a
+ * collision is detected.
+ * @param [in]      oid      Buffer holding OID.
+ * @param [in]      oidSz    Length of OID data in buffer.
+ * @param [in]      oidSum   The sum of the OID being passed in.
+ */
+static word32 fpkiCertPolOid(const byte* oid, word32 oidSz, word32 oidSum) {
+
+    switch (oidSum) {
+        case CP_FPKI_COMMON_DEVICES_HARDWARE_OID:
+            if ((word32)sizeof(extCertPolicyDodPeerInteropOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyDodPeerInteropOid,
+            sizeof(extCertPolicyDodPeerInteropOid)) == 0)
+                return CP_DOD_PEER_INTEROP_OID;
+            break;
+        case CP_FPKI_PIV_AUTH_HW_OID:
+            if ((word32)sizeof(extCertPolicyDodMediumNpe112Oid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyDodMediumNpe112Oid,
+            sizeof(extCertPolicyDodMediumNpe112Oid)) == 0)
+                return CP_DOD_MEDIUM_NPE_112_OID;
+            else if ((word32)sizeof(extCertPolicyStateMediumDeviceHardwareOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyStateMediumDeviceHardwareOid,
+            sizeof(extCertPolicyStateMediumDeviceHardwareOid)) == 0)
+                return CP_STATE_MEDDEVHW_OID;
+            break;
+        case CP_FPKI_PIVI_AUTH_OID:
+            if ((word32)sizeof(extCertPolicyDodMedium128Oid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyDodMedium128Oid,
+            sizeof(extCertPolicyDodMedium128Oid)) == 0)
+                return CP_DOD_MEDIUM_128_OID;
+            break;
+        case CP_FPKI_COMMON_PIVI_CONTENT_SIGNING_OID:
+            if ((word32)sizeof(extCertPolicyDodMediumHardware112Oid) == (word32)oidSz &&
+                XMEMCMP(oid, extCertPolicyDodMediumHardware112Oid,
+                sizeof(extCertPolicyDodMediumHardware112Oid)) == 0)
+                    return CP_DOD_MEDIUM_HARDWARE_112_OID;
+            if ((word32)sizeof(extCertPolicyCertipathHighhwOid) == (word32)oidSz &&
+                XMEMCMP(oid, extCertPolicyCertipathHighhwOid,
+                sizeof(extCertPolicyCertipathHighhwOid)) == 0)
+                    return CP_CERTIPATH_HIGHHW_OID;
+            break;
+        case CP_DOD_MEDIUM_OID:
+            if ((word32)sizeof(extCertPolicyEcaMediumOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyEcaMediumOid,
+            sizeof(extCertPolicyEcaMediumOid)) == 0)
+                return CP_ECA_MEDIUM_OID;
+            break;
+        case CP_FPKI_COMMON_AUTH_OID:
+            if ((word32)sizeof(extCertPolicyEcaMediumSha256Oid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyEcaMediumSha256Oid,
+            sizeof(extCertPolicyEcaMediumSha256Oid)) == 0)
+                return CP_ECA_MEDIUM_SHA256_OID;
+            break;
+        case CP_FPKI_MEDIUM_HARDWARE_OID:
+            if ((word32)sizeof(extCertPolicyEcaMediumTokenOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyEcaMediumTokenOid,
+            sizeof(extCertPolicyEcaMediumTokenOid)) == 0)
+                return CP_ECA_MEDIUM_TOKEN_OID;
+            else if ((word32)sizeof(extCertPolicyTreasuryPiviHardwareOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyTreasuryPiviHardwareOid,
+            sizeof(extCertPolicyTreasuryPiviHardwareOid)) == 0)
+                return CP_TREAS_PIVI_HW_OID;
+            break;
+        case CP_DOD_MEDIUM_HARDWARE_OID:
+            if ((word32)sizeof(extCertPolicyEcaMediumTokenSha256Oid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyEcaMediumTokenSha256Oid,
+            sizeof(extCertPolicyEcaMediumTokenSha256Oid)) == 0)
+                return CP_ECA_MEDIUM_TOKEN_SHA256_OID;
+            else if ((word32)sizeof(extCertPolicyTreasuryPiviContentSigningOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyTreasuryPiviContentSigningOid,
+            sizeof(extCertPolicyTreasuryPiviContentSigningOid)) == 0)
+                return CP_TREAS_PIVI_CONTENT_OID;
+            break;
+        case CP_DOD_PIV_AUTH_OID:
+            if ((word32)sizeof(extCertPolicyEcaMediumHardwarePiviOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyEcaMediumHardwarePiviOid,
+            sizeof(extCertPolicyEcaMediumHardwarePiviOid)) == 0)
+                return CP_ECA_MEDIUM_HARDWARE_PIVI_OID;
+            else if ((word32)sizeof(extCertPolicyStateMedHwOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyStateMedHwOid,
+            sizeof(extCertPolicyStateMedHwOid)) == 0)
+                return CP_STATE_MEDHW_OID;
+            break;
+        case CP_FPKI_COMMON_HARDWARE_OID:
+            if ((word32)sizeof(extCertPolicyStateHighOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyStateHighOid,
+            sizeof(extCertPolicyStateHighOid)) == 0)
+                return CP_STATE_HIGH_OID;
+            else if ((word32)sizeof(extCertPolicyTreasuryHighOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyTreasuryHighOid,
+            sizeof(extCertPolicyTreasuryHighOid)) == 0)
+                return CP_TREAS_HIGH_OID;
+            break;
+        case CP_ECA_MEDIUM_HARDWARE_OID:
+            if ((word32)sizeof(extCertPolicyExostarMediumHardwareSha2Oid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyExostarMediumHardwareSha2Oid,
+            sizeof(extCertPolicyExostarMediumHardwareSha2Oid)) == 0)
+                return CP_EXOSTAR_MEDIUMHW_SHA2_OID;
+            break;
+        case CP_ADO_HIGH_OID:
+            if ((word32)sizeof(extCertPolicyAdoResourceMediumAssuranceOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyAdoResourceMediumAssuranceOid,
+            sizeof(extCertPolicyAdoResourceMediumAssuranceOid)) == 0)
+                return CP_ADO_RESOURCE_MEDIUM_OID;
+            break;
+        case CP_DOD_ADMIN_OID:
+            if ((word32)sizeof(extCertPolicyCarillonAivcontentOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyCarillonAivcontentOid,
+            sizeof(extCertPolicyCarillonAivcontentOid)) == 0)
+                return CP_CARILLON_AIVCONTENT_OID;
+            break;
+        case CP_CIS_ICECAP_HW_OID:
+            if ((word32)sizeof(extCertPolicyNlModIrrefutabilityOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyNlModIrrefutabilityOid,
+            sizeof(extCertPolicyNlModIrrefutabilityOid)) == 0)
+                return CP_NL_MOD_IRREFUT_OID;
+            break;
+        case CP_DOD_MEDIUM_192_OID:
+            if ((word32)sizeof(extCertPolicyCertipathMediumhwOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyCertipathMediumhwOid,
+            sizeof(extCertPolicyCertipathMediumhwOid)) == 0)
+                return CP_CERTIPATH_MEDIUMHW_OID;
+            break;
+        case CP_CARILLON_AIVHW_OID:
+            if ((word32)sizeof(extCertPolicyCertipathVarMediumhwOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyCertipathVarMediumhwOid,
+            sizeof(extCertPolicyCertipathVarMediumhwOid)) == 0)
+                return CP_CERTIPATH_VAR_MEDIUMHW_OID;
+            break;
+        case CP_ISRG_DOMAIN_VALID:
+            if ((word32)sizeof(extCertPolicyEcaContentSigningPiviOid) == (word32)oidSz &&
+            XMEMCMP(oid, extCertPolicyEcaContentSigningPiviOid,
+            sizeof(extCertPolicyEcaContentSigningPiviOid)) == 0)
+                return CP_ECA_CONTENT_SIGNING_PIVI_OID;
+            break;
+        default:
+            break;
+    }
+
+    return 0;
+}
+#endif
+
 /* Get the OID data and verify it is of the type specified when compiled in.
  *
  * @param [in]      input     Buffer holding OID.
@@ -5879,13 +6779,13 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
     const byte* checkOid = NULL;
     word32 checkOidSz;
 #endif /* NO_VERIFY_OID */
-#if defined(HAVE_SPHINCS)
+#if defined(HAVE_SPHINCS) || defined(WOLFSSL_FPKI)
     word32 found_collision = 0;
 #endif
     (void)oidType;
     *oid = 0;
 
-#ifndef NO_VERIFY_OID
+#if !defined(NO_VERIFY_OID) || defined(WOLFSSL_FPKI)
     /* Keep references to OID data and length for check. */
     actualOid = &input[idx];
     actualOidSz = (word32)length;
@@ -5914,7 +6814,16 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
         idx++;
     }
 
-#ifdef HAVE_SPHINCS
+#ifdef WOLFSSL_FPKI
+    /* Due to the large number of OIDs for FPKI certificate policy, there
+       are multiple collsisions.  Handle them in a dedicated function,
+       if a collision is detected, the OID is adjusted. */
+    if (oidType == oidCertPolicyType) {
+        found_collision = fpkiCertPolOid(actualOid, actualOidSz, *oid);
+    }
+#endif
+
+#if defined(HAVE_SPHINCS) || defined(WOLFSSL_FPKI)
     if (found_collision) {
         *oid = found_collision;
     }
@@ -6344,7 +7253,7 @@ enum {
     RSAPSSPARAMSASN_IDX_SALTLEN,
     RSAPSSPARAMSASN_IDX_SALTLENINT,
     RSAPSSPARAMSASN_IDX_TRAILER,
-    RSAPSSPARAMSASN_IDX_TRAILERINT,
+    RSAPSSPARAMSASN_IDX_TRAILERINT
 };
 
 /* Number of items in ASN.1 template for an algorithm identifier. */
@@ -6520,16 +7429,16 @@ static int DecodeRsaPssParams(const byte* params, word32 sz,
      defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050)))
 /* Byte offset of numbers in RSA key. */
 size_t rsaIntOffset[] = {
-    OFFSETOF(RsaKey, n),
-    OFFSETOF(RsaKey, e),
+    WC_OFFSETOF(RsaKey, n),
+    WC_OFFSETOF(RsaKey, e),
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
-    OFFSETOF(RsaKey, d),
-    OFFSETOF(RsaKey, p),
-    OFFSETOF(RsaKey, q),
+    WC_OFFSETOF(RsaKey, d),
+    WC_OFFSETOF(RsaKey, p),
+    WC_OFFSETOF(RsaKey, q),
 #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
-    OFFSETOF(RsaKey, dP),
-    OFFSETOF(RsaKey, dQ),
-    OFFSETOF(RsaKey, u)
+    WC_OFFSETOF(RsaKey, dP),
+    WC_OFFSETOF(RsaKey, dQ),
+    WC_OFFSETOF(RsaKey, u)
 #endif
 #endif
 };
@@ -6870,8 +7779,9 @@ static const ASNItem pkcs8KeyASN[] = {
 /*  PKEY_ALGO_PARAM_SEQ */            { 2, ASN_SEQUENCE, 1, 0, 1 },
 #endif
 /*  PKEY_DATA           */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
-                /* attributes            [0] Attributes OPTIONAL */
-                /* [[2: publicKey        [1] PublicKey OPTIONAL ]] */
+/*  OPTIONAL Attributes IMPLICIT [0] */
+                                  { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 1 },
+/* [[2: publicKey        [1] PublicKey OPTIONAL ]] */
 };
 enum {
     PKCS8KEYASN_IDX_SEQ = 0,
@@ -6884,6 +7794,7 @@ enum {
     PKCS8KEYASN_IDX_PKEY_ALGO_PARAM_SEQ,
 #endif
     PKCS8KEYASN_IDX_PKEY_DATA,
+    PKCS8KEYASN_IDX_PKEY_ATTRIBUTES,
     WOLF_ENUM_DUMMY_LAST_ELEMENT(PKCS8KEYASN_IDX)
 };
 
@@ -7104,6 +8015,15 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz,
                     ret = ASN_PARSE_E;
                 }
                 break;
+        #endif
+        #ifndef NO_DH
+            case DHk:
+                /* Neither NULL item nor OBJECT_ID item allowed. */
+                if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
+                    (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
+                    ret = ASN_PARSE_E;
+                }
+                break;
         #endif
             /* DSAk not supported. */
             /* Falcon, Dilithium and Sphincs not supported. */
@@ -7224,7 +8144,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
 
         WOLFSSL_MSG("Checking size of PKCS8");
 
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     WOLFSSL_ENTER("wc_CreatePKCS8Key");
@@ -7294,7 +8214,9 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
     *outSz = tmpSz + sz;
     return (int)(tmpSz + sz);
 #else
-    DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length);
+    /* pkcs8KeyASN_Length-1, the -1 is because we are not adding the optional
+     * set of attributes */
+    DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1);
     int sz = 0;
     int ret = 0;
     word32 keyIdx = 0;
@@ -7315,7 +8237,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
         ret = ASN_PARSE_E;
     }
 
-    CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length, ret, NULL);
+    CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1, ret, NULL);
 
     if (ret == 0) {
         /* Only support default PKCS #8 format - v0. */
@@ -7341,20 +8263,20 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
         SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_DATA], key, keySz);
 
         /* Get the size of the DER encoding. */
-        ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, &sz);
+        ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, &sz);
     }
-    if (ret == 0) {
+    if ((ret == 0) || (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))) {
         /* Always return the calculated size. */
         *outSz = (word32)sz;
     }
     /* Check for buffer to encoded into. */
     if ((ret == 0) && (out == NULL)) {
         WOLFSSL_MSG("Checking size of PKCS8");
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (ret == 0) {
         /*  Encode PKCS #8 key into buffer. */
-        SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, out);
+        SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, out);
         ret = sz;
     }
 
@@ -7374,9 +8296,11 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
  * privKeySz : size of private key buffer
  * pubKey    : buffer holding DER format public key
  * pubKeySz  : size of public key buffer
- * ks        : type of key */
+ * ks        : type of key
+ * heap      : heap hint to use */
 int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
-                       const byte* pubKey, word32 pubKeySz, enum Key_Sum ks)
+                       const byte* pubKey, word32 pubKeySz, enum Key_Sum ks,
+                       void* heap)
 {
     int ret;
     (void)privKeySz;
@@ -7413,14 +8337,14 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
         }
     #endif
 
-        if ((ret = wc_InitRsaKey(a, NULL)) < 0) {
+        if ((ret = wc_InitRsaKey(a, heap)) < 0) {
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(b, NULL, DYNAMIC_TYPE_RSA);
             XFREE(a, NULL, DYNAMIC_TYPE_RSA);
     #endif
             return ret;
         }
-        if ((ret = wc_InitRsaKey(b, NULL)) < 0) {
+        if ((ret = wc_InitRsaKey(b, heap)) < 0) {
             wc_FreeRsaKey(a);
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(b, NULL, DYNAMIC_TYPE_RSA);
@@ -7481,7 +8405,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
         }
     #endif
 
-        if ((ret = wc_ecc_init(key_pair)) < 0) {
+        if ((ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(privDer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             XFREE(key_pair, NULL, DYNAMIC_TYPE_ECC);
@@ -7499,7 +8423,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
                 wc_MemZero_Add("wc_CheckPrivateKey privDer", privDer, privSz);
             #endif
                 wc_ecc_free(key_pair);
-                ret = wc_ecc_init(key_pair);
+                ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID);
                 if (ret == 0) {
                     ret = wc_ecc_import_private_key(privDer,
                                             privSz, pubKey,
@@ -7550,7 +8474,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_ed25519_init(key_pair)) < 0) {
+        if ((ret = wc_ed25519_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(key_pair, NULL, DYNAMIC_TYPE_ED25519);
     #endif
@@ -7600,7 +8524,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
             return MEMORY_E;
     #endif
 
-        if ((ret = wc_ed448_init(key_pair)) < 0) {
+        if ((ret = wc_ed448_init_ex(key_pair, heap, INVALID_DEVID)) < 0) {
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(key_pair, NULL, DYNAMIC_TYPE_ED448);
     #endif
@@ -7696,9 +8620,15 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
     #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
     !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
-    if ((ks == DILITHIUM_LEVEL2k) ||
-        (ks == DILITHIUM_LEVEL3k) ||
-        (ks == DILITHIUM_LEVEL5k)) {
+    if ((ks == ML_DSA_LEVEL2k) ||
+        (ks == ML_DSA_LEVEL3k) ||
+        (ks == ML_DSA_LEVEL5k)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (ks == DILITHIUM_LEVEL2k)
+     || (ks == DILITHIUM_LEVEL3k)
+     || (ks == DILITHIUM_LEVEL5k)
+    #endif
+        ) {
     #ifdef WOLFSSL_SMALL_STACK
         dilithium_key* key_pair = NULL;
     #else
@@ -7720,15 +8650,27 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
             return ret;
         }
 
-        if (ks == DILITHIUM_LEVEL2k) {
-            ret = wc_dilithium_set_level(key_pair, 2);
+
+        if (ks == ML_DSA_LEVEL2k) {
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_44);
+        }
+        else if (ks == ML_DSA_LEVEL3k) {
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_65);
+        }
+        else if (ks == ML_DSA_LEVEL5k) {
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_87);
+        }
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        else if (ks == DILITHIUM_LEVEL2k) {
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_44_DRAFT);
         }
         else if (ks == DILITHIUM_LEVEL3k) {
-            ret = wc_dilithium_set_level(key_pair, 3);
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_65_DRAFT);
         }
         else if (ks == DILITHIUM_LEVEL5k) {
-            ret = wc_dilithium_set_level(key_pair, 5);
+            ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_87_DRAFT);
         }
+    #endif
 
         if (ret  < 0) {
     #ifdef WOLFSSL_SMALL_STACK
@@ -7829,6 +8771,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
         ret = 0;
     }
     (void)ks;
+    (void)heap;
 
     return ret;
 }
@@ -7843,7 +8786,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
  * checkAlt : indicate if we check primary or alternative key
  */
 int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
-                           int checkAlt)
+                           int checkAlt, void* heap)
 {
     int ret = 0;
 
@@ -7857,7 +8800,7 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
         word32 idx = 0;
         /* Dilithium has the largest public key at the moment */
         word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
-        byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, NULL,
+        byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap,
                                              DYNAMIC_TYPE_PUBLIC_KEY);
         if (decodedPubKey == NULL) {
             ret = MEMORY_E;
@@ -7876,15 +8819,15 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
         }
         if (ret == 0) {
             ret = wc_CheckPrivateKey(key, keySz, decodedPubKey, pubKeyLen,
-                                     (enum Key_Sum) der->sapkiOID);
+                                     (enum Key_Sum) der->sapkiOID, heap);
         }
-        XFREE(decodedPubKey, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
+        XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
     }
     else
 #endif
     {
         ret = wc_CheckPrivateKey(key, keySz, der->publicKey,
-                der->pubKeySize, (enum Key_Sum) der->keyOID);
+                der->pubKeySize, (enum Key_Sum) der->keyOID, heap);
     }
 
     (void)checkAlt;
@@ -8044,7 +8987,7 @@ static int CheckAlgoV2(int oid, int* id, int* blockSz)
     case AES256CBCb:
         *id = PBE_AES256_CBC;
         if (blockSz != NULL) {
-            *blockSz = AES_BLOCK_SIZE;
+            *blockSz = WC_AES_BLOCK_SIZE;
         }
         break;
 #endif
@@ -8052,7 +8995,7 @@ static int CheckAlgoV2(int oid, int* id, int* blockSz)
     case AES128CBCb:
         *id = PBE_AES128_CBC;
         if (blockSz != NULL) {
-            *blockSz = AES_BLOCK_SIZE;
+            *blockSz = WC_AES_BLOCK_SIZE;
         }
         break;
 #endif
@@ -8214,31 +9157,28 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
 
         if (wc_dilithium_init(dilithium) != 0) {
             tmpIdx = 0;
-            if (wc_dilithium_set_level(dilithium, 2)
-                == 0) {
+            if (wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) {
                 if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
-                    keySz) == 0) {
-                    *algoID = DILITHIUM_LEVEL2k;
+                        keySz) == 0) {
+                    *algoID = ML_DSA_LEVEL2k;
                 }
                 else {
                     WOLFSSL_MSG("Not Dilithium Level 2 DER key");
                 }
             }
-            else if (wc_dilithium_set_level(dilithium, 3)
-                == 0) {
+            else if (wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) {
                 if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
-                    keySz) == 0) {
-                    *algoID = DILITHIUM_LEVEL3k;
+                        keySz) == 0) {
+                    *algoID = ML_DSA_LEVEL3k;
                 }
                 else {
                     WOLFSSL_MSG("Not Dilithium Level 3 DER key");
                 }
             }
-            else if (wc_dilithium_set_level(dilithium, 5)
-                == 0) {
+            else if (wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) {
                 if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
-                    keySz) == 0) {
-                    *algoID = DILITHIUM_LEVEL5k;
+                        keySz) == 0) {
+                    *algoID = ML_DSA_LEVEL5k;
                 }
                 else {
                     WOLFSSL_MSG("Not Dilithium Level 5 DER key");
@@ -8536,12 +9476,12 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
             pbeOidBuf = pbes2;
             pbeOidBufSz = sizeof(pbes2);
             /* kdf = OBJ pbkdf2 [ SEQ innerLen ] */
-            kdfLen = 2 + sizeof(pbkdf2Oid) + 2 + innerLen;
+            kdfLen = 2U + (word32)sizeof(pbkdf2Oid) + 2U + innerLen;
             /* enc = OBJ enc_alg OCT iv */
-            encLen = 2 + (word32)encOidSz + 2 + (word32)blockSz;
+            encLen = 2U + (word32)encOidSz + 2U + (word32)blockSz;
             /* pbe = OBJ pbse2 SEQ [ SEQ [ kdf ] SEQ [ enc ] ] */
-            pbeLen = (word32)(2 + sizeof(pbes2) + 2 + 2 + (size_t)kdfLen + 2 +
-                              (size_t)encLen);
+            pbeLen = 2U + (word32)sizeof(pbes2) + 2U + 2U + kdfLen + 2U +
+                encLen;
 
             ret = wc_RNG_GenerateBlock(rng, cbcIv, (word32)blockSz);
         }
@@ -8557,7 +9497,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
         if (out == NULL) {
             /* Sequence tag, length */
             *outSz = 1 + SetLength(outerLen, NULL) + outerLen;
-            return LENGTH_ONLY_E;
+            return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         SetOctetString(keySz + padSz, out);
 
@@ -8611,7 +9551,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz,
             idx += SetSequence(kdfLen, out + idx);
             idx += (word32)SetObjectId((int)sizeof(pbkdf2Oid), out + idx);
             XMEMCPY(out + idx, pbkdf2Oid, sizeof(pbkdf2Oid));
-            idx += sizeof(pbkdf2Oid);
+            idx += (word32)sizeof(pbkdf2Oid);
         }
         idx += SetSequence(innerLen, out + idx);
         idx += SetOctetString(saltSz, out + idx);
@@ -9105,26 +10045,6 @@ int ToTraditionalEnc(byte* input, word32 sz, const char* password,
 
 #ifdef HAVE_PKCS12
 
-#define PKCS8_MIN_BLOCK_SIZE 8
-static int Pkcs8Pad(byte* buf, int sz, int blockSz)
-{
-    int padSz;
-
-    /* calculate pad size */
-    padSz = blockSz - (sz & (blockSz - 1));
-
-    /* pad with padSz value */
-    if (buf) {
-        int i;
-        for (i = 0; i < padSz; i++) {
-            buf[sz+i] = (byte)(padSz & 0xFF);
-        }
-    }
-
-    /* return adjusted length */
-    return sz + padSz;
-}
-
 #ifdef WOLFSSL_ASN_TEMPLATE
 /* ASN.1 template for PKCS #8 encrypted key with PBES1 parameters.
  * PKCS #8: RFC 5958, 3 - EncryptedPrivateKeyInfo
@@ -9140,7 +10060,7 @@ static const ASNItem p8EncPbes1ASN[] = {
 /* ENCALGO_PBEPARAM_SALT */             { 3, ASN_OCTET_STRING, 0, 0, 0 },
                         /* Iteration Count */
 /* ENCALGO_PBEPARAM_ITER */             { 3, ASN_INTEGER, 0, 0, 0 },
-/* ENCDATA               */     { 1, ASN_OCTET_STRING, 0, 0, 0 },
+/* ENCDATA               */     { 1, (ASN_CONTEXT_SPECIFIC | 0), 0, 0, 0 },
 };
 enum {
     P8ENCPBES1ASN_IDX_SEQ = 0,
@@ -9234,7 +10154,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 
     /* calculate size */
     /* size of constructed string at end */
-    sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz);
+    sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz);
     totalSz  = ASN_TAG_SZ;
     totalSz += SetLength(sz, seq);
     totalSz += sz;
@@ -9271,7 +10191,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 
     if (out == NULL) {
         *outSz = totalSz;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     inOutIdx = 0;
@@ -9330,7 +10250,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
     out[inOutIdx++] = ASN_CONTEXT_SPECIFIC | 0;
 
     /* get pad size and verify buffer room */
-    sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz);
+    sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz);
     if (sz + inOutIdx > *outSz) {
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -9341,7 +10261,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 
     /* copy input to output buffer and pad end */
     XMEMCPY(out + inOutIdx, input, inputSz);
-    sz = (word32)Pkcs8Pad(out + inOutIdx, (int)inputSz, blockSz);
+    sz = wc_PkcsPad(out + inOutIdx, inputSz, (word32)blockSz);
 #ifdef WOLFSSL_SMALL_STACK
     cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
     if (cbcIv == NULL) {
@@ -9415,7 +10335,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
                 salt, saltSz);
         SetASN_Int16Bit(&dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_ITER],
                         (word16)itt);
-        pkcs8Sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz);
+        pkcs8Sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz);
         SetASN_Buffer(&dataASN[P8ENCPBES1ASN_IDX_ENCDATA], NULL, pkcs8Sz);
 
         /* Calculate size of encoding. */
@@ -9427,7 +10347,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
     /* Return size when no output buffer. */
     if ((ret == 0) && (out == NULL)) {
         *outSz = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check output buffer is big enough for encoded data. */
     if ((ret == 0) && (sz > (int)*outSz)) {
@@ -9453,7 +10373,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
         byte* pkcs8 =
             (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCDATA].data.buffer.data;
         XMEMCPY(pkcs8, input, inputSz);
-        Pkcs8Pad(pkcs8, (int)inputSz, blockSz);
+        (void)wc_PkcsPad(pkcs8, inputSz, (word32)blockSz);
 
         /* Encrypt PKCS#8 key inline. */
         ret = wc_CryptKey(password, passwordSz, salt, (int)saltSz, itt, id,
@@ -9473,7 +10393,73 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
 #endif /* HAVE_PKCS12 */
 #endif /* NO_PWDBASED */
 
+/* Block padding used for PKCS#5, PKCS#7, PKCS#8 and PKCS#12.
+ *
+ * The length of padding is the value of each padding byte.
+ *
+ * When buf is NULL, the padded size is returned.
+ *
+ * @param [in, out] buf      Buffer of data to be padded. May be NULL.
+ * @param [in]      sz       Size of data in bytes.
+ * @param [in]      blockSz  Size of block, in bytes, which buffer size must be
+ *                           a multiple of. Assumed to be less than 256 and
+ *                           a power of 2.
+ * @return  Size of padded buffer in bytes.
+ */
+word32 wc_PkcsPad(byte* buf, word32 sz, word32 blockSz)
+{
+    /* Calculate number of padding bytes. */
+    word32 padSz = blockSz - (sz & (blockSz - 1));
+
+    /* Pad with padSz byte. */
+    if (buf != NULL) {
+        word32 i;
+        for (i = 0; i < padSz; i++) {
+            buf[sz+i] = (byte)(padSz & 0xFF);
+        }
+    }
+
+    /* Return padded buffer size in bytes. */
+    return sz + padSz;
+}
+
 #ifndef NO_RSA
+#ifdef WOLFSSL_ASN_TEMPLATE
+/* ASN.1 template for an RSA public key.
+ * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
+ * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
+ */
+static const ASNItem rsaPublicKeyASN[] = {
+/*  SEQ            */ { 0, ASN_SEQUENCE, 1, 1, 0 },
+/*  ALGOID_SEQ     */     { 1, ASN_SEQUENCE, 1, 1, 0 },
+/*  ALGOID_OID     */         { 2, ASN_OBJECT_ID, 0, 0, 0 },
+/*  ALGOID_NULL    */         { 2, ASN_TAG_NULL, 0, 0, 1 },
+#ifdef WC_RSA_PSS
+/*  ALGOID_P_SEQ   */         { 2, ASN_SEQUENCE, 1, 0, 1 },
+#endif
+/*  PUBKEY         */     { 1, ASN_BIT_STRING, 0, 1, 0 },
+                                                  /* RSAPublicKey */
+/*  PUBKEY_RSA_SEQ */         { 2, ASN_SEQUENCE, 1, 1, 0 },
+/*  PUBKEY_RSA_N   */             { 3, ASN_INTEGER, 0, 0, 0 },
+/*  PUBKEY_RSA_E   */             { 3, ASN_INTEGER, 0, 0, 0 },
+};
+enum {
+    RSAPUBLICKEYASN_IDX_SEQ = 0,
+    RSAPUBLICKEYASN_IDX_ALGOID_SEQ,
+    RSAPUBLICKEYASN_IDX_ALGOID_OID,
+    RSAPUBLICKEYASN_IDX_ALGOID_NULL,
+#ifdef WC_RSA_PSS
+    RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ,
+#endif
+    RSAPUBLICKEYASN_IDX_PUBKEY,
+    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ,
+    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N,
+    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E
+};
+
+/* Number of items in ASN.1 template for an RSA public key. */
+#define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem))
+#endif
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
 /* This function is to retrieve key position information in a cert.*
@@ -9484,9 +10470,10 @@ static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx,
                                       word32* key_n_len, word32* key_e,
                                       word32* key_e_len)
 {
-
+#ifndef WOLFSSL_ASN_TEMPLATE
     int ret = 0;
     int length = 0;
+
 #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA)
     byte b;
 #endif
@@ -9549,48 +10536,31 @@ static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx,
     }
     if (key_e_len)
         *key_e_len = length;
-
     return ret;
+#else
+    int ret = 0;
+    const byte*  n   = NULL;
+    const byte*  e   = NULL; /* pointer to modulus/exponent */
+    word32 rawIndex = 0;
+
+    ret = wc_RsaPublicKeyDecode_ex(input, inOutIdx, (word32)inSz,
+                                                &n, key_n_len, &e, key_e_len);
+    if (ret == 0) {
+        /* convert pointer to offset */
+        if (key_n != NULL) {
+            rawIndex = n - input;
+            *key_n += rawIndex;
+        }
+        if (key_e != NULL) {
+            rawIndex = e - input;
+            *key_e += rawIndex;
+        }
+    }
+    return ret;
+#endif
+
 }
 #endif /* WOLFSSL_RENESAS_TSIP */
-
-#ifdef WOLFSSL_ASN_TEMPLATE
-/* ASN.1 template for an RSA public key.
- * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
- * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey
- */
-static const ASNItem rsaPublicKeyASN[] = {
-/*  SEQ            */ { 0, ASN_SEQUENCE, 1, 1, 0 },
-/*  ALGOID_SEQ     */     { 1, ASN_SEQUENCE, 1, 1, 0 },
-/*  ALGOID_OID     */         { 2, ASN_OBJECT_ID, 0, 0, 0 },
-/*  ALGOID_NULL    */         { 2, ASN_TAG_NULL, 0, 0, 1 },
-#ifdef WC_RSA_PSS
-/*  ALGOID_P_SEQ   */         { 2, ASN_SEQUENCE, 1, 0, 1 },
-#endif
-/*  PUBKEY         */     { 1, ASN_BIT_STRING, 0, 1, 0 },
-                                                  /* RSAPublicKey */
-/*  PUBKEY_RSA_SEQ */         { 2, ASN_SEQUENCE, 1, 1, 0 },
-/*  PUBKEY_RSA_N   */             { 3, ASN_INTEGER, 0, 0, 0 },
-/*  PUBKEY_RSA_E   */             { 3, ASN_INTEGER, 0, 0, 0 },
-};
-enum {
-    RSAPUBLICKEYASN_IDX_SEQ = 0,
-    RSAPUBLICKEYASN_IDX_ALGOID_SEQ,
-    RSAPUBLICKEYASN_IDX_ALGOID_OID,
-    RSAPUBLICKEYASN_IDX_ALGOID_NULL,
-#ifdef WC_RSA_PSS
-    RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ,
-#endif
-    RSAPUBLICKEYASN_IDX_PUBKEY,
-    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ,
-    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N,
-    RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E
-};
-
-/* Number of items in ASN.1 template for an RSA public key. */
-#define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem))
-#endif
-
 /* Decode RSA public key.
  *
  * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
@@ -10202,7 +11172,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv)
     /* if no output, then just getting size */
     if (output == NULL) {
         *outSz = total;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     /* make sure output fits in buffer */
@@ -10277,7 +11247,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv)
     ret = SizeASN_Items(dhKeyPkcs8ASN, dataASN, dhKeyPkcs8ASN_Length, &sz);
     if (output == NULL) {
         *outSz = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check buffer is big enough for encoding. */
     if ((ret == 0) && ((int)*outSz < sz)) {
@@ -10341,7 +11311,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz)
 
     if (output == NULL) {
         *outSz = idx;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* make sure output fits in buffer */
     if (idx > *outSz) {
@@ -10389,7 +11359,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz)
     }
     if ((ret == 0) && (output == NULL)) {
         *outSz = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check buffer is big enough for encoding. */
     if ((ret == 0) && (*outSz < (word32)sz)) {
@@ -11240,7 +12210,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen,
     *inLen = outLen;
     if (output == NULL) {
         FreeTmpDsas(tmps, key->heap, ints);
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (outLen > *inLen) {
         FreeTmpDsas(tmps, key->heap, ints);
@@ -11302,7 +12272,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen,
     }
     if ((ret == 0) && (output == NULL)) {
         *inLen = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check buffer is big enough for encoding. */
     if ((ret == 0) && (sz > (int)*inLen)) {
@@ -11353,8 +12323,8 @@ int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen)
 }
 
 /* This version of the function allows output to be NULL. In that case, the
-   DsaKeyIntsToDer will return LENGTH_ONLY_E and the required output buffer
-   size will be pointed to by inLen. */
+   DsaKeyIntsToDer will return WC_NO_ERR_TRACE(LENGTH_ONLY_E) and the required
+   output buffer size will be pointed to by inLen. */
 int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, word32* inLen)
 {
     if (!key || !inLen)
@@ -11850,8 +12820,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
     if (ret == 0) {
         /* Calculate the size of the encoded public point. */
         PRIVATE_KEY_UNLOCK();
-    #if defined(HAVE_COMP_KEY) && defined(HAVE_FIPS) && \
-            defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
+    #if defined(HAVE_COMP_KEY) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
         /* in earlier versions of FIPS the get length functionality is not
          * available with compressed keys */
         pubSz = key->dp ? key->dp->size : MAX_ECC_BYTES;
@@ -11859,7 +12828,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
             pubSz = 1 + pubSz;
         else
             pubSz = 1 + 2 * pubSz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     #else
         ret = wc_ecc_export_x963_ex(key, NULL, &pubSz, comp);
     #endif
@@ -11979,34 +12948,38 @@ int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve)
 
 #ifdef WOLFSSL_ASN_TEMPLATE
 #if defined(WC_ENABLE_ASYM_KEY_EXPORT) || defined(WC_ENABLE_ASYM_KEY_IMPORT)
-/* ASN.1 template for Ed25519 and Ed448 public key (SubkectPublicKeyInfo).
+/* ASN.1 template for the SubjectPublicKeyInfo of a general asymmetric key.
+ * Used with Ed448/Ed25519, Curve448/Curve25519, SPHINCS+, falcon, dilithium,
+ * etc.
+ *
+ * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo
  * RFC 8410, 4 - Subject Public Key Fields
  */
-static const ASNItem edPubKeyASN[] = {
+static const ASNItem publicKeyASN[] = {
             /* SubjectPublicKeyInfo */
 /* SEQ        */ { 0, ASN_SEQUENCE, 1, 1, 0 },
                                      /* AlgorithmIdentifier */
 /* ALGOID_SEQ */     { 1, ASN_SEQUENCE, 1, 1, 0 },
-                                         /* Ed25519/Ed448 OID */
+                                         /* Ed25519/Ed448 OID, etc. */
 /* ALGOID_OID */         { 2, ASN_OBJECT_ID, 0, 0, 1 },
                                      /* Public key stream */
 /* PUBKEY     */     { 1, ASN_BIT_STRING, 0, 0, 0 },
 };
 enum {
-    EDPUBKEYASN_IDX_SEQ = 0,
-    EDPUBKEYASN_IDX_ALGOID_SEQ,
-    EDPUBKEYASN_IDX_ALGOID_OID,
-    EDPUBKEYASN_IDX_PUBKEY
+    PUBKEYASN_IDX_SEQ = 0,
+    PUBKEYASN_IDX_ALGOID_SEQ,
+    PUBKEYASN_IDX_ALGOID_OID,
+    PUBKEYASN_IDX_PUBKEY
 };
 
-/* Number of items in ASN.1 template for Ed25519 and Ed448 public key. */
-#define edPubKeyASN_Length (sizeof(edPubKeyASN) / sizeof(ASNItem))
+/* Number of items in ASN.1 template for public key SubjectPublicKeyInfo. */
+#define publicKeyASN_Length (sizeof(publicKeyASN) / sizeof(ASNItem))
 #endif /* WC_ENABLE_ASYM_KEY_EXPORT || WC_ENABLE_ASYM_KEY_IMPORT */
 #endif /* WOLFSSL_ASN_TEMPLATE */
 
 #ifdef WC_ENABLE_ASYM_KEY_EXPORT
 
-/* Build ASN.1 formatted public key based on RFC 8410
+/* Build ASN.1 formatted public key based on RFC 5280 and RFC 8410
  *
  * Pass NULL for output to get the size of the encoding.
  *
@@ -12030,7 +13003,7 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
     word32 sz;
 #else
     int sz = 0;
-    DECL_ASNSETDATA(dataASN, edPubKeyASN_Length);
+    DECL_ASNSETDATA(dataASN, publicKeyASN_Length);
 #endif
 
     /* validate parameters */
@@ -12082,25 +13055,26 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
     }
 #else
     if (withHeader) {
-        CALLOC_ASNSETDATA(dataASN, edPubKeyASN_Length, ret, NULL);
+        CALLOC_ASNSETDATA(dataASN, publicKeyASN_Length, ret, NULL);
 
         if (ret == 0) {
             /* Set the OID. */
-            SetASN_OID(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], (word32)keyType,
+            SetASN_OID(&dataASN[PUBKEYASN_IDX_ALGOID_OID], (word32)keyType,
                     oidKeyType);
             /* Leave space for public point. */
-            SetASN_Buffer(&dataASN[EDPUBKEYASN_IDX_PUBKEY], NULL, pubKeyLen);
+            SetASN_Buffer(&dataASN[PUBKEYASN_IDX_PUBKEY], NULL, pubKeyLen);
             /* Calculate size of public key encoding. */
-            ret = SizeASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, &sz);
+            ret = SizeASN_Items(publicKeyASN, dataASN, publicKeyASN_Length,
+                                &sz);
         }
         if ((ret == 0) && (output != NULL) && (sz > (int)outLen)) {
             ret = BUFFER_E;
         }
         if ((ret == 0) && (output != NULL)) {
             /* Encode public key. */
-            SetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, output);
+            SetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, output);
             /* Set location to encode public point. */
-            output = (byte*)dataASN[EDPUBKEYASN_IDX_PUBKEY].data.buffer.data;
+            output = (byte*)dataASN[PUBKEYASN_IDX_PUBKEY].data.buffer.data;
         }
 
         FREE_ASNSETDATA(dataASN, NULL);
@@ -12708,16 +13682,15 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
             break;
     #endif /* HAVE_FALCON */
     #ifdef HAVE_DILITHIUM
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2k:
-            cert->pkCurveOID = DILITHIUM_LEVEL2k;
-            ret = StoreKey(cert, source, &srcIdx, maxIdx);
-            break;
         case DILITHIUM_LEVEL3k:
-            cert->pkCurveOID = DILITHIUM_LEVEL3k;
-            ret = StoreKey(cert, source, &srcIdx, maxIdx);
-            break;
         case DILITHIUM_LEVEL5k:
-            cert->pkCurveOID = DILITHIUM_LEVEL5k;
+        #endif
+        case ML_DSA_LEVEL2k:
+        case ML_DSA_LEVEL3k:
+        case ML_DSA_LEVEL5k:
+            cert->pkCurveOID = cert->keyOID;
             ret = StoreKey(cert, source, &srcIdx, maxIdx);
             break;
     #endif /* HAVE_DILITHIUM */
@@ -12969,111 +13942,111 @@ static const CertNameData certNameSubject[] = {
     {
         "/CN=", 4,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectCN),
-        OFFSETOF(DecodedCert, subjectCNLen),
-        OFFSETOF(DecodedCert, subjectCNEnc),
+        WC_OFFSETOF(DecodedCert, subjectCN),
+        WC_OFFSETOF(DecodedCert, subjectCNLen),
+        WC_OFFSETOF(DecodedCert, subjectCNEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
-        OFFSETOF(DecodedCert, issuerCN),
-        OFFSETOF(DecodedCert, issuerCNLen),
-        OFFSETOF(DecodedCert, issuerCNEnc),
+        WC_OFFSETOF(DecodedCert, issuerCN),
+        WC_OFFSETOF(DecodedCert, issuerCNLen),
+        WC_OFFSETOF(DecodedCert, issuerCNEnc),
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_commonName
+        WC_NID_commonName
 #endif
     },
     /* Surname */
     {
         "/SN=", 4,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectSN),
-        OFFSETOF(DecodedCert, subjectSNLen),
-        OFFSETOF(DecodedCert, subjectSNEnc),
+        WC_OFFSETOF(DecodedCert, subjectSN),
+        WC_OFFSETOF(DecodedCert, subjectSNLen),
+        WC_OFFSETOF(DecodedCert, subjectSNEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
-        OFFSETOF(DecodedCert, issuerSN),
-        OFFSETOF(DecodedCert, issuerSNLen),
-        OFFSETOF(DecodedCert, issuerSNEnc),
+        WC_OFFSETOF(DecodedCert, issuerSN),
+        WC_OFFSETOF(DecodedCert, issuerSNLen),
+        WC_OFFSETOF(DecodedCert, issuerSNEnc),
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_surname
+        WC_NID_surname
 #endif
     },
     /* Serial Number */
     {
         "/serialNumber=", 14,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectSND),
-        OFFSETOF(DecodedCert, subjectSNDLen),
-        OFFSETOF(DecodedCert, subjectSNDEnc),
+        WC_OFFSETOF(DecodedCert, subjectSND),
+        WC_OFFSETOF(DecodedCert, subjectSNDLen),
+        WC_OFFSETOF(DecodedCert, subjectSNDEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
-        OFFSETOF(DecodedCert, issuerSND),
-        OFFSETOF(DecodedCert, issuerSNDLen),
-        OFFSETOF(DecodedCert, issuerSNDEnc),
+        WC_OFFSETOF(DecodedCert, issuerSND),
+        WC_OFFSETOF(DecodedCert, issuerSNDLen),
+        WC_OFFSETOF(DecodedCert, issuerSNDEnc),
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_serialNumber
+        WC_NID_serialNumber
 #endif
     },
     /* Country Name */
     {
         "/C=", 3,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectC),
-        OFFSETOF(DecodedCert, subjectCLen),
-        OFFSETOF(DecodedCert, subjectCEnc),
+        WC_OFFSETOF(DecodedCert, subjectC),
+        WC_OFFSETOF(DecodedCert, subjectCLen),
+        WC_OFFSETOF(DecodedCert, subjectCEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
-        OFFSETOF(DecodedCert, issuerC),
-        OFFSETOF(DecodedCert, issuerCLen),
-        OFFSETOF(DecodedCert, issuerCEnc),
+        WC_OFFSETOF(DecodedCert, issuerC),
+        WC_OFFSETOF(DecodedCert, issuerCLen),
+        WC_OFFSETOF(DecodedCert, issuerCEnc),
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_countryName
+        WC_NID_countryName
 #endif
     },
     /* Locality Name */
     {
         "/L=", 3,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectL),
-        OFFSETOF(DecodedCert, subjectLLen),
-        OFFSETOF(DecodedCert, subjectLEnc),
+        WC_OFFSETOF(DecodedCert, subjectL),
+        WC_OFFSETOF(DecodedCert, subjectLLen),
+        WC_OFFSETOF(DecodedCert, subjectLEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
-        OFFSETOF(DecodedCert, issuerL),
-        OFFSETOF(DecodedCert, issuerLLen),
-        OFFSETOF(DecodedCert, issuerLEnc),
+        WC_OFFSETOF(DecodedCert, issuerL),
+        WC_OFFSETOF(DecodedCert, issuerLLen),
+        WC_OFFSETOF(DecodedCert, issuerLEnc),
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_localityName
+        WC_NID_localityName
 #endif
     },
     /* State Name */
     {
         "/ST=", 4,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectST),
-        OFFSETOF(DecodedCert, subjectSTLen),
-        OFFSETOF(DecodedCert, subjectSTEnc),
+        WC_OFFSETOF(DecodedCert, subjectST),
+        WC_OFFSETOF(DecodedCert, subjectSTLen),
+        WC_OFFSETOF(DecodedCert, subjectSTEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
-        OFFSETOF(DecodedCert, issuerST),
-        OFFSETOF(DecodedCert, issuerSTLen),
-        OFFSETOF(DecodedCert, issuerSTEnc),
+        WC_OFFSETOF(DecodedCert, issuerST),
+        WC_OFFSETOF(DecodedCert, issuerSTLen),
+        WC_OFFSETOF(DecodedCert, issuerSTEnc),
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_stateOrProvinceName
+        WC_NID_stateOrProvinceName
 #endif
     },
     /* Street Address */
     {
         "/street=", 8,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectStreet),
-        OFFSETOF(DecodedCert, subjectStreetLen),
-        OFFSETOF(DecodedCert, subjectStreetEnc),
+        WC_OFFSETOF(DecodedCert, subjectStreet),
+        WC_OFFSETOF(DecodedCert, subjectStreetLen),
+        WC_OFFSETOF(DecodedCert, subjectStreetEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
         0,
         0,
@@ -13081,41 +14054,41 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_streetAddress
+        WC_NID_streetAddress
 #endif
     },
     /* Organization Name */
     {
         "/O=", 3,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectO),
-        OFFSETOF(DecodedCert, subjectOLen),
-        OFFSETOF(DecodedCert, subjectOEnc),
+        WC_OFFSETOF(DecodedCert, subjectO),
+        WC_OFFSETOF(DecodedCert, subjectOLen),
+        WC_OFFSETOF(DecodedCert, subjectOEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
-        OFFSETOF(DecodedCert, issuerO),
-        OFFSETOF(DecodedCert, issuerOLen),
-        OFFSETOF(DecodedCert, issuerOEnc),
+        WC_OFFSETOF(DecodedCert, issuerO),
+        WC_OFFSETOF(DecodedCert, issuerOLen),
+        WC_OFFSETOF(DecodedCert, issuerOEnc),
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_organizationName
+        WC_NID_organizationName
 #endif
     },
     /* Organization Unit Name */
     {
         "/OU=", 4,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectOU),
-        OFFSETOF(DecodedCert, subjectOULen),
-        OFFSETOF(DecodedCert, subjectOUEnc),
+        WC_OFFSETOF(DecodedCert, subjectOU),
+        WC_OFFSETOF(DecodedCert, subjectOULen),
+        WC_OFFSETOF(DecodedCert, subjectOUEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
-        OFFSETOF(DecodedCert, issuerOU),
-        OFFSETOF(DecodedCert, issuerOULen),
-        OFFSETOF(DecodedCert, issuerOUEnc),
+        WC_OFFSETOF(DecodedCert, issuerOU),
+        WC_OFFSETOF(DecodedCert, issuerOULen),
+        WC_OFFSETOF(DecodedCert, issuerOUEnc),
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_organizationalUnitName
+        WC_NID_organizationalUnitName
 #endif
     },
     /* Title */
@@ -13173,9 +14146,9 @@ static const CertNameData certNameSubject[] = {
     {
         "/businessCategory=", 18,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectBC),
-        OFFSETOF(DecodedCert, subjectBCLen),
-        OFFSETOF(DecodedCert, subjectBCEnc),
+        WC_OFFSETOF(DecodedCert, subjectBC),
+        WC_OFFSETOF(DecodedCert, subjectBCLen),
+        WC_OFFSETOF(DecodedCert, subjectBCEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
         0,
         0,
@@ -13183,7 +14156,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_businessCategory
+        WC_NID_businessCategory
 #endif
     },
     /* Undefined */
@@ -13207,9 +14180,9 @@ static const CertNameData certNameSubject[] = {
     {
         "/postalCode=", 12,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectPC),
-        OFFSETOF(DecodedCert, subjectPCLen),
-        OFFSETOF(DecodedCert, subjectPCEnc),
+        WC_OFFSETOF(DecodedCert, subjectPC),
+        WC_OFFSETOF(DecodedCert, subjectPCLen),
+        WC_OFFSETOF(DecodedCert, subjectPCEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
         0,
         0,
@@ -13217,16 +14190,16 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_postalCode
+        WC_NID_postalCode
 #endif
     },
     /* User Id */
     {
         "/userid=", 8,
 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectUID),
-        OFFSETOF(DecodedCert, subjectUIDLen),
-        OFFSETOF(DecodedCert, subjectUIDEnc),
+        WC_OFFSETOF(DecodedCert, subjectUID),
+        WC_OFFSETOF(DecodedCert, subjectUIDLen),
+        WC_OFFSETOF(DecodedCert, subjectUIDEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
         0,
         0,
@@ -13234,7 +14207,7 @@ static const CertNameData certNameSubject[] = {
 #endif
 #endif
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_userId
+        WC_NID_userId
 #endif
     },
 #ifdef WOLFSSL_CERT_NAME_ALL
@@ -13242,9 +14215,9 @@ static const CertNameData certNameSubject[] = {
     {
         "/N=", 3,
     #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectN),
-        OFFSETOF(DecodedCert, subjectNLen),
-        OFFSETOF(DecodedCert, subjectNEnc),
+        WC_OFFSETOF(DecodedCert, subjectN),
+        WC_OFFSETOF(DecodedCert, subjectNLen),
+        WC_OFFSETOF(DecodedCert, subjectNEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
         0,
         0,
@@ -13252,16 +14225,16 @@ static const CertNameData certNameSubject[] = {
 #endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_name
+        WC_NID_name
     #endif
     },
     /* Given Name, id 42 */
     {
         "/GN=", 4,
     #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectGN),
-        OFFSETOF(DecodedCert, subjectGNLen),
-        OFFSETOF(DecodedCert, subjectGNEnc),
+        WC_OFFSETOF(DecodedCert, subjectGN),
+        WC_OFFSETOF(DecodedCert, subjectGNLen),
+        WC_OFFSETOF(DecodedCert, subjectGNEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
         0,
         0,
@@ -13269,16 +14242,16 @@ static const CertNameData certNameSubject[] = {
 #endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_givenName
+        WC_NID_givenName
     #endif
     },
     /* initials, id 43 */
     {
         "/initials=", 10,
     #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectI),
-        OFFSETOF(DecodedCert, subjectILen),
-        OFFSETOF(DecodedCert, subjectIEnc),
+        WC_OFFSETOF(DecodedCert, subjectI),
+        WC_OFFSETOF(DecodedCert, subjectILen),
+        WC_OFFSETOF(DecodedCert, subjectIEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
         0,
         0,
@@ -13286,16 +14259,16 @@ static const CertNameData certNameSubject[] = {
 #endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_initials
+        WC_NID_initials
     #endif
     },
     /* DN Qualifier Name, id 46 */
     {
         "/dnQualifier=", 13,
     #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-        OFFSETOF(DecodedCert, subjectDNQ),
-        OFFSETOF(DecodedCert, subjectDNQLen),
-        OFFSETOF(DecodedCert, subjectDNQEnc),
+        WC_OFFSETOF(DecodedCert, subjectDNQ),
+        WC_OFFSETOF(DecodedCert, subjectDNQLen),
+        WC_OFFSETOF(DecodedCert, subjectDNQEnc),
 #ifdef WOLFSSL_HAVE_ISSUER_NAMES
         0,
         0,
@@ -13303,7 +14276,7 @@ static const CertNameData certNameSubject[] = {
 #endif
     #endif
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        NID_dnQualifier
+        WC_NID_dnQualifier
     #endif
     },
 #endif /* WOLFSSL_CERT_NAME_ALL */
@@ -13354,7 +14327,7 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
 {
     int ret = 0;
     size_t nameSz = 0;
-    char tmpName[WOLFSSL_MAX_IPSTR] = {0};
+    char tmpName[WOLFSSL_MAX_IPSTR];
     unsigned char* ip;
 
     if (entry == NULL || entry->type != ASN_IP_TYPE) {
@@ -13368,6 +14341,8 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
     }
     ip = (unsigned char*)entry->name;
 
+    XMEMSET(tmpName, 0, sizeof(tmpName));
+
     /* store IP addresses as a string */
     if (entry->len == WOLFSSL_IP4_ADDR_LEN) {
         if (XSNPRINTF(tmpName, sizeof(tmpName), "%u.%u.%u.%u", 0xFFU & ip[0],
@@ -13419,7 +14394,7 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
 static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
 {
     int i, j, ret   = 0;
-    int nameSz      = 0;
+    word16 nameSz   = 0;
 #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
     int nid         = 0;
 #endif
@@ -13428,7 +14403,7 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
     word32 idx      = 0;
     word16 tmpName[MAX_OID_SZ];
     char   oidName[MAX_OID_SZ];
-    char*  finalName;
+    char*  finalName = NULL;
 
     if (entry == NULL || entry->type != ASN_RID_TYPE) {
         return BAD_FUNC_ARG;
@@ -13464,12 +14439,12 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
                     }
 
                     if (i < tmpSize - 1) {
-                        ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.",
-                            tmpName[i]);
+                        ret = XSNPRINTF(oidName + j, (word32)(MAX_OID_SZ - j),
+                            "%d.", tmpName[i]);
                     }
                     else {
-                        ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d",
-                            tmpName[i]);
+                        ret = XSNPRINTF(oidName + j, (word32)(MAX_OID_SZ - j),
+                            "%d", tmpName[i]);
                     }
 
                     if (ret >= 0) {
@@ -13486,9 +14461,12 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
     }
 
     if (ret == 0) {
-        nameSz = (int)XSTRLEN((const char*)finalName);
+        nameSz = (word16)XSTRLEN((const char*)finalName);
+        if (nameSz > MAX_OID_SZ) {
+            return BUFFER_E;
+        }
 
-        entry->ridString = (char*)XMALLOC(nameSz + 1, heap,
+        entry->ridString = (char*)XMALLOC((word32)(nameSz + 1), heap,
                 DYNAMIC_TYPE_ALTNAME);
 
         if (entry->ridString == NULL) {
@@ -13496,7 +14474,7 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
         }
 
         if (ret == 0) {
-            XMEMCPY(entry->ridString, finalName, nameSz + 1);
+            XMEMCPY(entry->ridString, finalName, (word32)(nameSz + 1));
         }
     }
 
@@ -13543,7 +14521,7 @@ static int AddDNSEntryToList(DNS_entry** lst, DNS_entry* entry)
 
 /* Allocate a DNS entry and set the fields.
  *
- * @param [in]      cert     Certificate object.
+ * @param [in]      heap     Heap hint.
  * @param [in]      str      DNS name string.
  * @param [in]      strLen   Length of DNS name string.
  * @param [in]      type     Type of DNS name string.
@@ -13551,24 +14529,21 @@ static int AddDNSEntryToList(DNS_entry** lst, DNS_entry* entry)
  * @return  0 on success.
  * @return  MEMORY_E when dynamic memory allocation fails.
  */
-static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
+static int SetDNSEntry(void* heap, const char* str, int strLen,
                        int type, DNS_entry** entries)
 {
     DNS_entry* dnsEntry;
     int ret = 0;
 
-    /* Only used for heap. */
-    (void)cert;
-
     /* TODO: consider one malloc. */
     /* Allocate DNS Entry object. */
-    dnsEntry = AltNameNew(cert->heap);
+    dnsEntry = AltNameNew(heap);
     if (dnsEntry == NULL) {
         ret = MEMORY_E;
     }
     if (ret == 0) {
         /* Allocate DNS Entry name - length of string plus 1 for NUL. */
-        dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
+        dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, heap,
                                                           DYNAMIC_TYPE_ALTNAME);
         if (dnsEntry->name == NULL) {
             ret = MEMORY_E;
@@ -13583,25 +14558,23 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
 
 #ifdef WOLFSSL_RID_ALT_NAME
         /* store registeredID as a string */
-        if (type == ASN_RID_TYPE) {
-            ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap);
-        }
-#endif
-#ifdef WOLFSSL_IP_ALT_NAME
-        /* store IP addresses as a string */
-        if (type == ASN_IP_TYPE) {
-            ret = GenerateDNSEntryIPString(dnsEntry, cert->heap);
-        }
+        if (type == ASN_RID_TYPE)
+            ret = GenerateDNSEntryRIDString(dnsEntry, heap);
 #endif
     }
+#ifdef WOLFSSL_IP_ALT_NAME
+    /* store IP addresses as a string */
+    if (ret == 0 && type == ASN_IP_TYPE)
+        ret = GenerateDNSEntryIPString(dnsEntry, heap);
+#endif
     if (ret == 0) {
         ret = AddDNSEntryToList(entries, dnsEntry);
     }
 
     /* failure cleanup */
     if (ret != 0 && dnsEntry != NULL) {
-        XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
-        XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
+        XFREE(dnsEntry->name, heap, DYNAMIC_TYPE_ALTNAME);
+        XFREE(dnsEntry, heap, DYNAMIC_TYPE_ALTNAME);
     }
 
     return ret;
@@ -13743,7 +14716,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr =  WOLFSSL_EMAIL_ADDR;
         typeStrLen = sizeof(WOLFSSL_EMAIL_ADDR) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_emailAddress;
+        *nid = WC_NID_emailAddress;
     #endif
     }
     else if (oidSz == sizeof(uidOid) && XMEMCMP(oid, uidOid, oidSz) == 0) {
@@ -13752,7 +14725,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr = WOLFSSL_USER_ID;
         typeStrLen = sizeof(WOLFSSL_USER_ID) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_userId;
+        *nid = WC_NID_userId;
     #endif
     }
     else if (oidSz == sizeof(dcOid) && XMEMCMP(oid, dcOid, oidSz) == 0) {
@@ -13761,7 +14734,16 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr = WOLFSSL_DOMAIN_COMPONENT;
         typeStrLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_domainComponent;
+        *nid = WC_NID_domainComponent;
+    #endif
+    }
+    else if (oidSz == sizeof(rfc822Mlbx) && XMEMCMP(oid, rfc822Mlbx, oidSz) == 0) {
+        /* Set the RFC822 mailbox, type string, length and NID. */
+        id = ASN_RFC822_MAILBOX;
+        typeStr = WOLFSSL_RFC822_MAILBOX;
+        typeStrLen = sizeof(WOLFSSL_RFC822_MAILBOX) - 1;
+    #ifdef WOLFSSL_X509_NAME_AVAILABLE
+        *nid = WC_NID_rfc822Mailbox;
     #endif
     }
     else if (oidSz == sizeof(fvrtDrk) && XMEMCMP(oid, fvrtDrk, oidSz) == 0) {
@@ -13770,7 +14752,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr = WOLFSSL_FAVOURITE_DRINK;
         typeStrLen = sizeof(WOLFSSL_FAVOURITE_DRINK) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_favouriteDrink;
+        *nid = WC_NID_favouriteDrink;
     #endif
     }
 #ifdef WOLFSSL_CERT_REQ
@@ -13781,7 +14763,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         typeStr = WOLFSSL_CONTENT_TYPE;
         typeStrLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1;
     #ifdef WOLFSSL_X509_NAME_AVAILABLE
-        *nid = NID_pkcs9_contentType;
+        *nid = WC_NID_pkcs9_contentType;
     #endif
     }
 #endif
@@ -13801,14 +14783,14 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
             typeStr = WOLFSSL_JOI_C;
             typeStrLen = sizeof(WOLFSSL_JOI_C) - 1;
         #ifdef WOLFSSL_X509_NAME_AVAILABLE
-            *nid = NID_jurisdictionCountryName;
+            *nid = WC_NID_jurisdictionCountryName;
         #endif /* WOLFSSL_X509_NAME_AVAILABLE */
         }
         else if (oid[ASN_JOI_PREFIX_SZ] == ASN_JOI_ST) {
             typeStr = WOLFSSL_JOI_ST;
             typeStrLen = sizeof(WOLFSSL_JOI_ST) - 1;
         #ifdef WOLFSSL_X509_NAME_AVAILABLE
-            *nid = NID_jurisdictionStateOrProvinceName;
+            *nid = WC_NID_jurisdictionStateOrProvinceName;
         #endif /* WOLFSSL_X509_NAME_AVAILABLE */
         }
         else {
@@ -13943,7 +14925,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
         byte        id      = 0;
     #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
                 && !defined(WOLFCRYPT_ONLY)
-         int        nid = NID_undef;
+         int        nid = WC_NID_undef;
          int        enc;
     #endif /* OPENSSL_EXTRA */
 
@@ -13992,13 +14974,17 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
             }
 
         #ifndef WOLFSSL_NO_ASN_STRICT
-            /* RFC 5280 section 4.1.2.4 lists a DirecotryString as being
+            /* RFC 5280 section 4.1.2.4 lists a DirectoryString as being
              * 1..MAX in length */
             if (strLen < 1) {
                 WOLFSSL_MSG("Non conforming DirectoryString of length 0 was"
                             " found");
                 WOLFSSL_MSG("Use WOLFSSL_NO_ASN_STRICT if wanting to allow"
                             " empty DirectoryString's");
+            #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
+            !defined(WOLFCRYPT_ONLY)
+                wolfSSL_X509_NAME_free(dName);
+            #endif /* OPENSSL_EXTRA */
                 return ASN_PARSE_E;
             }
         #endif
@@ -14022,7 +15008,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1;
             #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
                 && !defined(WOLFCRYPT_ONLY)
-                nid = NID_commonName;
+                nid = WC_NID_commonName;
             #endif /* OPENSSL_EXTRA */
             }
         #ifdef WOLFSSL_CERT_NAME_ALL
@@ -14039,7 +15025,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_name;
+                    nid = WC_NID_name;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_INITIALS) {
@@ -14055,7 +15041,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_initials;
+                    nid = WC_NID_initials;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_GIVEN_NAME) {
@@ -14071,7 +15057,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_givenName;
+                    nid = WC_NID_givenName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_DNQUALIFIER) {
@@ -14087,7 +15073,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_dnQualifier;
+                    nid = WC_NID_dnQualifier;
                 #endif /* OPENSSL_EXTRA */
             }
         #endif /* WOLFSSL_CERT_NAME_ALL */
@@ -14111,7 +15097,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_surname;
+                    nid = WC_NID_surname;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_COUNTRY_NAME) {
@@ -14134,7 +15120,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_countryName;
+                    nid = WC_NID_countryName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_LOCALITY_NAME) {
@@ -14157,7 +15143,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_localityName;
+                    nid = WC_NID_localityName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_STATE_NAME) {
@@ -14180,7 +15166,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_stateOrProvinceName;
+                    nid = WC_NID_stateOrProvinceName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_ORG_NAME) {
@@ -14203,7 +15189,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_organizationName;
+                    nid = WC_NID_organizationName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_ORGUNIT_NAME) {
@@ -14226,7 +15212,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_organizationalUnitName;
+                    nid = WC_NID_organizationalUnitName;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_SERIAL_NUMBER) {
@@ -14249,7 +15235,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_serialNumber;
+                    nid = WC_NID_serialNumber;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_USER_ID) {
@@ -14265,7 +15251,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_userId;
+                    nid = WC_NID_userId;
                 #endif /* OPENSSL_EXTRA */
             }
         #ifdef WOLFSSL_CERT_EXT
@@ -14282,7 +15268,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_streetAddress;
+                    nid = WC_NID_streetAddress;
                 #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_BUS_CAT) {
@@ -14297,7 +15283,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
             #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
             #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                nid = NID_businessCategory;
+                nid = WC_NID_businessCategory;
             #endif /* OPENSSL_EXTRA */
             }
             else if (id == ASN_POSTAL_CODE) {
@@ -14313,7 +15299,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_postalCode;
+                    nid = WC_NID_postalCode;
                 #endif /* OPENSSL_EXTRA */
             }
         #endif /* WOLFSSL_CERT_EXT */
@@ -14352,7 +15338,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_jurisdictionCountryName;
+                    nid = WC_NID_jurisdictionCountryName;
                 #endif /* OPENSSL_EXTRA */
             }
 
@@ -14370,7 +15356,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_jurisdictionStateOrProvinceName;
+                    nid = WC_NID_jurisdictionStateOrProvinceName;
                 #endif /* OPENSSL_EXTRA */
             }
 
@@ -14440,7 +15426,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                    nid = NID_emailAddress;
+                    nid = WC_NID_emailAddress;
                 #endif /* OPENSSL_EXTRA */
             }
 
@@ -14452,7 +15438,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                     #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                        nid = NID_userId;
+                        nid = WC_NID_userId;
                     #endif /* OPENSSL_EXTRA */
                         break;
                     case ASN_DOMAIN_COMPONENT:
@@ -14461,7 +15447,16 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                     #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                        nid = NID_domainComponent;
+                        nid = WC_NID_domainComponent;
+                    #endif /* OPENSSL_EXTRA */
+                        break;
+                    case ASN_RFC822_MAILBOX:
+                        copy = WOLFSSL_RFC822_MAILBOX;
+                        copyLen = sizeof(WOLFSSL_RFC822_MAILBOX) - 1;
+                    #if (defined(OPENSSL_EXTRA) || \
+                        defined(OPENSSL_EXTRA_X509_SMALL)) \
+                        && !defined(WOLFCRYPT_ONLY)
+                        nid = WC_NID_rfc822Mailbox;
                     #endif /* OPENSSL_EXTRA */
                         break;
                     case ASN_FAVOURITE_DRINK:
@@ -14470,7 +15465,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                     #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                        nid = NID_favouriteDrink;
+                        nid = WC_NID_favouriteDrink;
                     #endif /* OPENSSL_EXTRA */
                         break;
                     case ASN_CONTENT_TYPE:
@@ -14479,7 +15474,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                     #if (defined(OPENSSL_EXTRA) || \
                         defined(OPENSSL_EXTRA_X509_SMALL)) \
                         && !defined(WOLFCRYPT_ONLY)
-                        nid = NID_pkcs9_contentType;
+                        nid = WC_NID_pkcs9_contentType;
                     #endif /* OPENSSL_EXTRA */
                         break;
                     default:
@@ -14508,17 +15503,17 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
             !defined(WOLFCRYPT_ONLY)
         switch (b) {
             case CTC_UTF8:
-                enc = MBSTRING_UTF8;
+                enc = WOLFSSL_MBSTRING_UTF8;
                 break;
             case CTC_PRINTABLE:
-                enc = V_ASN1_PRINTABLESTRING;
+                enc = WOLFSSL_V_ASN1_PRINTABLESTRING;
                 break;
             default:
                 WOLFSSL_MSG("Unknown encoding type, using UTF8 by default");
-                enc = MBSTRING_UTF8;
+                enc = WOLFSSL_MBSTRING_UTF8;
         }
 
-        if (nid != NID_undef) {
+        if (nid != WC_NID_undef) {
             if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, enc,
                             &input[srcIdx], strLen, -1, -1) !=
                             WOLFSSL_SUCCESS) {
@@ -14634,7 +15629,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 GetASN_GetRef(&dataASN[RDNASN_IDX_ATTR_VAL], &str, &strLen);
 
             #ifndef WOLFSSL_NO_ASN_STRICT
-                /* RFC 5280 section 4.1.2.4 lists a DirecotryString as being
+                /* RFC 5280 section 4.1.2.4 lists a DirectoryString as being
                  * 1..MAX in length */
                 if (ret == 0 && strLen < 1) {
                     WOLFSSL_MSG("Non conforming DirectoryString of length 0 was"
@@ -14648,14 +15643,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                 /* Convert BER tag to a OpenSSL type. */
                 switch (tag) {
                     case CTC_UTF8:
-                        enc = MBSTRING_UTF8;
+                        enc = WOLFSSL_MBSTRING_UTF8;
                         break;
                     case CTC_PRINTABLE:
-                        enc = V_ASN1_PRINTABLESTRING;
+                        enc = WOLFSSL_V_ASN1_PRINTABLESTRING;
                         break;
                     default:
                         WOLFSSL_MSG("Unknown encoding type, default UTF8");
-                        enc = MBSTRING_UTF8;
+                        enc = WOLFSSL_MBSTRING_UTF8;
                 }
                 if (nid != 0) {
                     /* Add an entry to the X509_NAME. */
@@ -15879,7 +16874,7 @@ word32 SetLengthEx(word32 length, byte* output, byte isIndef)
  * @param [out] output  Buffer to encode into.
  * @return  Number of bytes encoded.
  */
-static word32 SetHeader(byte tag, word32 len, byte* output, byte isIndef)
+word32 SetHeader(byte tag, word32 len, byte* output, byte isIndef)
 {
     if (output) {
         /* Encode tag first. */
@@ -15991,7 +16986,6 @@ word32 SetOthername(void *name, byte *output)
     WOLFSSL_ASN1_OTHERNAME *nm = (WOLFSSL_ASN1_OTHERNAME *)name;
     char *nameStr = NULL;
     word32 nameSz = 0;
-    word32 len = 0;
 
     if ((nm == NULL) || (nm->value == NULL)) {
         WOLFSSL_MSG("otherName value is NULL");
@@ -16001,11 +16995,13 @@ word32 SetOthername(void *name, byte *output)
     nameStr = nm->value->value.utf8string->data;
     nameSz = (word32)nm->value->value.utf8string->length;
 
-    len = nm->type_id->objSz +
-          SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL, 0) +
-          SetHeader(CTC_UTF8, nameSz, NULL, 0) + nameSz;
-
-    if (output != NULL) {
+    if (output == NULL) {
+        return nm->type_id->objSz +
+            SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL, 0) +
+            SetHeader(CTC_UTF8, nameSz, NULL, 0) + nameSz;
+    }
+    else {
+        const byte *output_start = output;
         /* otherName OID */
         XMEMCPY(output, nm->type_id->obj, nm->type_id->objSz);
         output += nm->type_id->objSz;
@@ -16013,12 +17009,19 @@ word32 SetOthername(void *name, byte *output)
         output += SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2,
                             output, 0);
 
+        /* work around false positive from -fstack-protector */
+        PRAGMA_GCC_DIAG_PUSH
+        PRAGMA_GCC("GCC diagnostic ignored \"-Wstringop-overflow\"")
+
         output += SetHeader(CTC_UTF8, nameSz, output, 0);
 
-        XMEMCPY(output, nameStr, nameSz);
-    }
+        PRAGMA_GCC_DIAG_POP
 
-    return len;
+        XMEMCPY(output, nameStr, nameSz);
+
+        output += nameSz;
+        return (word32)(output - output_start);
+    }
 }
 #endif /* OPENSSL_EXTRA */
 
@@ -16077,9 +17080,14 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID)
               || (algoOID == FALCON_LEVEL5k)
         #endif
         #ifdef HAVE_DILITHIUM
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
               || (algoOID == DILITHIUM_LEVEL2k)
               || (algoOID == DILITHIUM_LEVEL3k)
               || (algoOID == DILITHIUM_LEVEL5k)
+            #endif
+              || (algoOID == ML_DSA_LEVEL2k)
+              || (algoOID == ML_DSA_LEVEL3k)
+              || (algoOID == ML_DSA_LEVEL5k)
         #endif
         #ifdef HAVE_SPHINCS
               || (algoOID == SPHINCS_FAST_LEVEL1k)
@@ -16103,7 +17111,8 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID)
  * @return  Encoded data size on success.
  * @return  0 when dynamic memory allocation fails.
  */
-static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz, byte absentParams)
+static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz,
+                            byte absentParams)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 tagSz, idSz, seqSz, algoSz = 0;
@@ -16233,7 +17242,8 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
     return SetAlgoIDImpl(algoOID, output, type, curveSz, FALSE);
 }
 
-word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz, byte absentParams)
+word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz,
+                   byte absentParams)
 {
     return SetAlgoIDImpl(algoOID, output, type, curveSz, absentParams);
 }
@@ -16438,9 +17448,14 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
                 break;
         #endif /* HAVE_FALCON */
         #if defined(HAVE_DILITHIUM)
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
             case DILITHIUM_LEVEL2k:
             case DILITHIUM_LEVEL3k:
             case DILITHIUM_LEVEL5k:
+            #endif
+            case ML_DSA_LEVEL2k:
+            case ML_DSA_LEVEL3k:
+            case ML_DSA_LEVEL5k:
                 wc_dilithium_free(sigCtx->key.dilithium);
                 XFREE(sigCtx->key.dilithium, sigCtx->heap,
                       DYNAMIC_TYPE_DILITHIUM);
@@ -16486,7 +17501,7 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
             }
             else if ((ret = wc_Md2Hash(buf, bufSz, digest)) == 0) {
                 *typeH    = MD2h;
-                *digestSz = MD2_DIGEST_SIZE;
+                *digestSz = WC_MD2_DIGEST_SIZE;
             }
         break;
     #endif
@@ -16612,9 +17627,14 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
             break;
     #endif
     #ifdef HAVE_DILITHIUM
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case CTC_DILITHIUM_LEVEL2:
         case CTC_DILITHIUM_LEVEL3:
         case CTC_DILITHIUM_LEVEL5:
+        #endif
+        case CTC_ML_DSA_LEVEL2:
+        case CTC_ML_DSA_LEVEL3:
+        case CTC_ML_DSA_LEVEL5:
             /* Hashes done in signing operation. */
             break;
     #endif
@@ -16647,14 +17667,14 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
 #endif /* !NO_ASN_CRYPT && !NO_HASH_WRAPPER */
 
 /* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */
-static int ConfirmSignature(SignatureCtx* sigCtx,
+int ConfirmSignature(SignatureCtx* sigCtx,
     const byte* buf, word32 bufSz,
     const byte* key, word32 keySz, word32 keyOID,
     const byte* sig, word32 sigSz, word32 sigOID,
     const byte* sigParams, word32 sigParamsSz,
     byte* rsaKeyIdx)
 {
-    int ret = ASN_SIG_CONFIRM_E; /* default to failure */
+    int ret = WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E); /* default to failure */
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
     CertAttribute* certatt = NULL;
 #endif
@@ -17066,83 +18086,59 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
             #if defined(HAVE_DILITHIUM) && \
                 !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
                 !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case DILITHIUM_LEVEL2k:
-                {
-                    word32 idx = 0;
-                    sigCtx->verify = 0;
-                    sigCtx->key.dilithium =
-                        (dilithium_key*)XMALLOC(sizeof(dilithium_key),
-                                             sigCtx->heap,
-                                             DYNAMIC_TYPE_DILITHIUM);
-                    if (sigCtx->key.dilithium == NULL) {
-                        ERROR_OUT(MEMORY_E, exit_cs);
-                    }
-                    if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
-                                            sigCtx->heap, sigCtx->devId)) < 0) {
-                        goto exit_cs;
-                    }
-                    if ((ret = wc_dilithium_set_level(
-                                   sigCtx->key.dilithium, 2))
-                        < 0) {
-                        goto exit_cs;
-                    }
-                    if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
-                        sigCtx->key.dilithium, keySz)) < 0) {
-                        WOLFSSL_MSG("ASN Key import error Dilithium Level 2");
-                        goto exit_cs;
-                    }
-                    break;
-                }
                 case DILITHIUM_LEVEL3k:
-                {
-                    word32 idx = 0;
-                    sigCtx->verify = 0;
-                    sigCtx->key.dilithium =
-                        (dilithium_key*)XMALLOC(sizeof(dilithium_key),
-                                             sigCtx->heap,
-                                             DYNAMIC_TYPE_DILITHIUM);
-                    if (sigCtx->key.dilithium == NULL) {
-                        ERROR_OUT(MEMORY_E, exit_cs);
-                    }
-                    if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
-                                            sigCtx->heap, sigCtx->devId)) < 0) {
-                        goto exit_cs;
-                    }
-                    if ((ret = wc_dilithium_set_level(
-                                   sigCtx->key.dilithium, 3))
-                        < 0) {
-                        goto exit_cs;
-                    }
-                    if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
-                        sigCtx->key.dilithium, keySz)) < 0) {
-                        WOLFSSL_MSG("ASN Key import error Dilithium Level 3");
-                        goto exit_cs;
-                    }
-                    break;
-                }
                 case DILITHIUM_LEVEL5k:
+                #endif
+                case ML_DSA_LEVEL2k:
+                case ML_DSA_LEVEL3k:
+                case ML_DSA_LEVEL5k:
                 {
                     word32 idx = 0;
+                    int level;
+                    if (keyOID == ML_DSA_LEVEL2k) {
+                        level = WC_ML_DSA_44;
+                    }
+                    else if (keyOID == ML_DSA_LEVEL3k) {
+                        level = WC_ML_DSA_65;
+                    }
+                    else if (keyOID == ML_DSA_LEVEL5k) {
+                        level = WC_ML_DSA_87;
+                    }
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+                    else if (keyOID == DILITHIUM_LEVEL2k) {
+                        level = WC_ML_DSA_44_DRAFT;
+                    }
+                    else if (keyOID == DILITHIUM_LEVEL3k) {
+                        level = WC_ML_DSA_65_DRAFT;
+                    }
+                    else if (keyOID == DILITHIUM_LEVEL5k) {
+                        level = WC_ML_DSA_87_DRAFT;
+                    }
+                #endif
+                    else {
+                        WOLFSSL_MSG("Invalid Dilithium key OID");
+                        goto exit_cs;
+                    }
                     sigCtx->verify = 0;
-                    sigCtx->key.dilithium =
-                        (dilithium_key*)XMALLOC(sizeof(dilithium_key),
-                                             sigCtx->heap,
-                                             DYNAMIC_TYPE_DILITHIUM);
+                    sigCtx->key.dilithium = (dilithium_key*)XMALLOC(
+                        sizeof(dilithium_key), sigCtx->heap,
+                        DYNAMIC_TYPE_DILITHIUM);
                     if (sigCtx->key.dilithium == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
                     if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
-                                            sigCtx->heap, sigCtx->devId)) < 0) {
+                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
-                    if ((ret = wc_dilithium_set_level(
-                                   sigCtx->key.dilithium, 5))
-                        < 0) {
+                    if ((ret = wc_dilithium_set_level(sigCtx->key.dilithium,
+                            level)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx,
                         sigCtx->key.dilithium, keySz)) < 0) {
-                        WOLFSSL_MSG("ASN Key import error Dilithium Level 5");
+                        WOLFSSL_MSG("ASN Key import error Dilithium");
                         goto exit_cs;
                     }
                     break;
@@ -17472,6 +18468,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
             #endif /* HAVE_FALCON */
             #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case DILITHIUM_LEVEL2k:
                 case DILITHIUM_LEVEL3k:
                 case DILITHIUM_LEVEL5k:
@@ -17481,6 +18478,15 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                                                sigCtx->key.dilithium);
                     break;
                 }
+                #endif
+                case ML_DSA_LEVEL2k:
+                case ML_DSA_LEVEL3k:
+                case ML_DSA_LEVEL5k:
+                {
+                    ret = wc_dilithium_verify_ctx_msg(sig, sigSz, NULL, 0, buf,
+                        bufSz, &sigCtx->verify, sigCtx->key.dilithium);
+                    break;
+                }
             #endif /* HAVE_DILITHIUM */
             #if defined(HAVE_SPHINCS)
                 case SPHINCS_FAST_LEVEL1k:
@@ -17675,39 +18681,22 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                 }
             #endif /* HAVE_FALCON */
             #ifdef HAVE_DILITHIUM
+                #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
                 case DILITHIUM_LEVEL2k:
-                {
-                    if (sigCtx->verify == 1) {
-                        ret = 0;
-                    }
-                    else {
-                        WOLFSSL_MSG("DILITHIUM_LEVEL2 Verify didn't match");
-                        ret = ASN_SIG_CONFIRM_E;
-                    }
-                    break;
-                }
                 case DILITHIUM_LEVEL3k:
-                {
-                    if (sigCtx->verify == 1) {
-                        ret = 0;
-                    }
-                    else {
-                        WOLFSSL_MSG("DILITHIUM_LEVEL3 Verify didn't match");
-                        ret = ASN_SIG_CONFIRM_E;
-                    }
-                    break;
-                }
                 case DILITHIUM_LEVEL5k:
-                {
+                #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+                case ML_DSA_LEVEL2k:
+                case ML_DSA_LEVEL3k:
+                case ML_DSA_LEVEL5k:
                     if (sigCtx->verify == 1) {
                         ret = 0;
                     }
                     else {
-                        WOLFSSL_MSG("DILITHIUM_LEVEL5 Verify didn't match");
+                        WOLFSSL_MSG("DILITHIUM Verify didn't match");
                         ret = ASN_SIG_CONFIRM_E;
                     }
                     break;
-                }
             #endif /* HAVE_DILITHIUM */
             #ifdef HAVE_SPHINCS
                 case SPHINCS_FAST_LEVEL1k:
@@ -17810,41 +18799,6 @@ exit_cs:
     return ret;
 }
 
-#ifdef WOLFSSL_DUAL_ALG_CERTS
-int wc_ConfirmAltSignature(
-    const byte* buf, word32 bufSz,
-    const byte* key, word32 keySz, word32 keyOID,
-    const byte* sig, word32 sigSz, word32 sigOID,
-    void *heap)
-{
-    int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    SignatureCtx* sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap,
-        DYNAMIC_TYPE_SIGNATURE);
-    if (sigCtx == NULL) {
-        ret = MEMORY_E;
-    }
-#else
-    SignatureCtx  sigCtx[1];
-    (void)heap;
-#endif
-
-    if (ret == 0) {
-        InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
-
-        ret = ConfirmSignature(sigCtx, buf, bufSz, key, keySz,
-             keyOID, sig, sigSz, sigOID, NULL, 0, NULL);
-
-        FreeSignatureCtx(sigCtx);
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
-#endif
-    return ret;
-}
-#endif /* WOLFSSL_DUAL_ALG_CERTS */
-
 #ifndef IGNORE_NAME_CONSTRAINTS
 
 static int MatchBaseName(int type, const char* name, int nameSz,
@@ -18215,7 +19169,7 @@ static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid)
     }
 
     if (ret == 0) {
-        ret = SetDNSEntry(cert, buf, (int)bufLen, ASN_OTHER_TYPE, &entry);
+        ret = SetDNSEntry(cert->heap, buf, (int)bufLen, ASN_OTHER_TYPE, &entry);
         if (ret == 0) {
         #ifdef WOLFSSL_FPKI
             entry->oidSum = oid;
@@ -18242,10 +19196,12 @@ static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid)
  * @return  BUFFER_E when data in buffer is too small.
  */
 static int DecodeOtherName(DecodedCert* cert, const byte* input,
-                           word32* inOutIdx, word32 maxIdx)
+                           word32* inOutIdx, int len)
 {
     DECL_ASNGETDATA(dataASN, otherNameASN_Length);
     int ret = 0;
+    word32 maxIdx = *inOutIdx + (word32)len;
+    const char* name = (const char*)input + *inOutIdx;
 
     CALLOC_ASNGETDATA(dataASN, otherNameASN_Length, ret, cert->heap);
 
@@ -18274,7 +19230,9 @@ static int DecodeOtherName(DecodedCert* cert, const byte* input,
                            (int)dataASN[OTHERNAMEASN_IDX_TYPEID].data.oid.sum);
                 break;
             default:
-                WOLFSSL_MSG("\tunsupported OID skipping");
+                WOLFSSL_MSG("\tadding unsupported OID");
+                ret = SetDNSEntry(cert->heap, name, len, ASN_OTHER_TYPE,
+                        &cert->altNames);
                 break;
         }
     }
@@ -18306,8 +19264,8 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
 
     /* GeneralName choice: dnsName */
     if (tag == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) {
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_DNS_TYPE,
-                &cert->altNames);
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
+                ASN_DNS_TYPE, &cert->altNames);
         if (ret == 0) {
             idx += (word32)len;
         }
@@ -18325,7 +19283,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
             return ASN_PARSE_E;
         }
 
-        ret = SetDNSEntry(cert, (const char*)(input + idxDir), strLen,
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idxDir), strLen,
                 ASN_DIR_TYPE, &cert->altDirNames);
         if (ret == 0) {
             idx += (word32)len;
@@ -18333,7 +19291,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
     }
     /* GeneralName choice: rfc822Name */
     else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) {
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len,
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
                 ASN_RFC822_TYPE, &cert->altEmailNames);
         if (ret == 0) {
             idx += (word32)len;
@@ -18381,8 +19339,8 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
         }
     #endif
 
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_URI_TYPE,
-                &cert->altNames);
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
+                ASN_URI_TYPE, &cert->altNames);
         if (ret == 0) {
             idx += (word32)len;
         }
@@ -18390,8 +19348,8 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
     #ifdef WOLFSSL_IP_ALT_NAME
     /* GeneralName choice: iPAddress */
     else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_IP_TYPE,
-                &cert->altNames);
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
+                ASN_IP_TYPE, &cert->altNames);
         if (ret == 0) {
             idx += (word32)len;
         }
@@ -18400,7 +19358,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
     #ifdef WOLFSSL_RID_ALT_NAME
     /* GeneralName choice: registeredID */
     else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) {
-        ret = SetDNSEntry(cert, (const char*)(input + idx), len,
+        ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len,
                 ASN_RID_TYPE, &cert->altNames);
         if (ret == 0) {
             idx += (word32)len;
@@ -18412,7 +19370,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
     /* GeneralName choice: otherName */
     else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) {
         /* TODO: test data for code path */
-        ret = DecodeOtherName(cert, input, &idx, idx + (word32)len);
+        ret = DecodeOtherName(cert, input, &idx, len);
     }
 #endif
     /* GeneralName choice: dNSName, x400Address, ediPartyName */
@@ -20762,7 +21720,7 @@ static const ASNItem subjDirAttrASN[] = {
 enum {
     SUBJDIRATTRASN_IDX_SEQ = 0,
     SUBJDIRATTRASN_IDX_OID,
-    SUBJDIRATTRASN_IDX_SET,
+    SUBJDIRATTRASN_IDX_SET
 };
 
 /* Number of items in ASN.1 template for BasicConstraints. */
@@ -21113,11 +22071,12 @@ static int DecodeAltSigAlg(const byte* input, int sz, DecodedCert* cert)
  * like a traditional signature in the certificate. */
 static int DecodeAltSigVal(const byte* input, int sz, DecodedCert* cert)
 {
-    (void)cert;
     int ret = 0;
     word32 idx = 0;
     int len = 0;
 
+    (void)cert;
+
     WOLFSSL_ENTER("DecodeAltSigVal");
 
     if (ret == 0) {
@@ -21386,16 +22345,19 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
     #ifdef WOLFSSL_DUAL_ALG_CERTS
         case SUBJ_ALT_PUB_KEY_INFO_OID:
             VERIFY_AND_SET_OID(cert->extSapkiSet);
+            cert->extSapkiCrit = critical ? 1 : 0;
             if (DecodeSubjAltPubKeyInfo(&input[idx], length, cert) < 0)
                 return ASN_PARSE_E;
             break;
         case ALT_SIG_ALG_OID:
             VERIFY_AND_SET_OID(cert->extAltSigAlgSet);
+            cert->extAltSigAlgCrit = critical ? 1 : 0;
             if (DecodeAltSigAlg(&input[idx], length, cert) < 0)
                 return ASN_PARSE_E;
             break;
         case ALT_SIG_VAL_OID:
             VERIFY_AND_SET_OID(cert->extAltSigValSet);
+            cert->extAltSigValCrit = critical ? 1 : 0;
             if (DecodeAltSigVal(&input[idx], length, cert) < 0)
                 return ASN_PARSE_E;
             break;
@@ -21718,7 +22680,7 @@ enum {
 #ifdef WC_RSA_PSS
     RPKCERTASN_IDX_SPUBKEYINFO_ALGO_P_SEQ,
 #endif
-    RPKCERTASN_IDX_SPUBKEYINFO_PUBKEY,
+    RPKCERTASN_IDX_SPUBKEYINFO_PUBKEY
 };
 
 #endif /* HAVE_RPK */
@@ -21896,8 +22858,8 @@ static int CheckDate(ASNGetData *dataASN, int dateType)
  * @param [in]  verify           Whether to verify dates before and after now.
  * @param [out] criticalExt      Critical extension return code.
  * @param [out] badDateRet       Bad date return code.
- * @param [in]  stopAtPubKey     Stop parsing before subkectPublicKeyInfo.
- * @param [in]  stopAfterPubKey  Stop parsing after subkectPublicKeyInfo.
+ * @param [in]  stopAtPubKey     Stop parsing before subjectPublicKeyInfo.
+ * @param [in]  stopAfterPubKey  Stop parsing after subjectPublicKeyInfo.
  * @return  0 on success.
  * @return  ASN_CRIT_EXT_E when a critical extension was not recognized.
  * @return  ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
@@ -22006,7 +22968,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
         cert->version = version;
         cert->serialSz = (int)serialSz;
 
-    #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON)
+    #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON) && \
+        !defined(WOLFSSL_ASN_ALLOW_0_SERIAL)
         /* RFC 5280 section 4.1.2.2 states that non-conforming CAs may issue
          * a negative or zero serial number and should be handled gracefully.
          * Since it is a non-conforming CA that issues a serial of 0 then we
@@ -22017,6 +22980,11 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
             ret = ASN_PARSE_E;
         }
     #endif
+        if (cert->serialSz == 0) {
+            WOLFSSL_MSG("Error serial size is zero. Should be at least one "
+                        "even with no serial number.");
+            ret = ASN_PARSE_E;
+        }
 
         cert->signatureOID = dataASN[X509CERTASN_IDX_TBS_ALGOID_OID].data.oid.sum;
         cert->keyOID = dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_OID].data.oid.sum;
@@ -22082,16 +23050,20 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
         }
         /* Parameters not allowed after ECDSA or EdDSA algorithm OID. */
         else if (IsSigAlgoECC(cert->signatureOID)) {
-            if ((dataASN[X509CERTASN_IDX_SIGALGO_PARAMS_NULL].tag != 0)
-        #ifdef WC_RSA_PSS
-                || (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0)
-        #endif
-                ) {
+        #ifndef WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED
+            if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS_NULL].tag != 0) {
                 WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
                 ret = ASN_PARSE_E;
             }
-        }
+        #endif
         #ifdef WC_RSA_PSS
+            if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
+                WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+                ret = ASN_PARSE_E;
+            }
+        #endif
+        }
+    #ifdef WC_RSA_PSS
         /* Check parameters starting with a SEQUENCE. */
         else if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
             word32 oid = dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum;
@@ -22133,7 +23105,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
                 cert->sigParamsLength = sigAlgParamsSz;
             }
         }
-        #endif
+    #endif
     }
     if ((ret == 0) && (!done)) {
         pubKeyEnd = dataASN[X509CERTASN_IDX_TBS_ISSUERUID].offset;
@@ -22553,7 +23525,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt)
 {
     DECL_ASNGETDATA(dataASN, certReqASN_Length);
     int ret = 0;
-    byte version;
+    byte version = 0;
     word32 idx;
 
     CALLOC_ASNGETDATA(dataASN, certReqASN_Length, ret, cert->heap);
@@ -23420,9 +24392,9 @@ typedef struct DecodeInstr {
     /* Tag expected. */
     byte tag;
     /* Operation to perform: step in or go over */
-    byte op:1;
+    WC_BITFIELD op:1;
     /* ASN.1 item is optional. */
-    byte optional:1;
+    WC_BITFIELD optional:1;
 } DecodeInstr;
 
 /* Step into ASN.1 item. */
@@ -23446,7 +24418,7 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz,
     const unsigned char** pubKey, word32* pubKeySz)
 {
     int ret = 0;
-    int l;
+    int l = 0;
     word32 o = 0;
     int i;
     static DecodeInstr ops[] = {
@@ -23515,6 +24487,19 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz,
     return ret;
 }
 #endif
+#ifdef HAVE_OCSP
+Signer* findSignerByKeyHash(Signer *list, byte *hash)
+{
+    Signer *s;
+    for (s = list; s != NULL; s = s->next) {
+        if (XMEMCMP(s->subjectKeyHash, hash, KEYID_SIZE) == 0) {
+            return s;
+        }
+    }
+    return NULL;
+}
+#endif /* WOLFSSL_OCSP */
+
 Signer* findSignerByName(Signer *list, byte *hash)
 {
     Signer *s;
@@ -23526,7 +24511,8 @@ Signer* findSignerByName(Signer *list, byte *hash)
     return NULL;
 }
 
-int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer *extraCAList)
+int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
+                      Signer *extraCAList)
 {
     int    ret = 0;
 #ifndef WOLFSSL_ASN_TEMPLATE
@@ -23934,7 +24920,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer
                     }
                 }
                 else {
-                    cert->maxPathLen = (byte)min(cert->ca->maxPathLen - 1,
+                    cert->maxPathLen = (byte)min(cert->ca->maxPathLen - 1U,
                                            cert->maxPathLen);
                 }
             }
@@ -24040,16 +25026,16 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer
                 if ((ret == 0) && cert->extAltSigAlgSet &&
                     cert->extAltSigValSet) {
                 #ifndef WOLFSSL_SMALL_STACK
-                    byte der[MAX_CERT_VERIFY_SZ];
+                    byte der[WC_MAX_CERT_VERIFY_SZ];
                 #else
-                    byte *der = (byte*)XMALLOC(MAX_CERT_VERIFY_SZ, cert->heap,
+                    byte *der = (byte*)XMALLOC(WC_MAX_CERT_VERIFY_SZ, cert->heap,
                                             DYNAMIC_TYPE_DCERT);
                     if (der == NULL) {
                         ret = MEMORY_E;
                     } else
                 #endif /* ! WOLFSSL_SMALL_STACK */
                     {
-                        ret = wc_GeneratePreTBS(cert, der, MAX_CERT_VERIFY_SZ);
+                        ret = wc_GeneratePreTBS(cert, der, WC_MAX_CERT_VERIFY_SZ);
 
                         if (ret > 0) {
                             ret = ConfirmSignature(&cert->sigCtx, der, ret,
@@ -24113,16 +25099,16 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer
             if ((ret == 0) && cert->extAltSigAlgSet &&
                 cert->extAltSigValSet) {
             #ifndef WOLFSSL_SMALL_STACK
-                byte der[MAX_CERT_VERIFY_SZ];
+                byte der[WC_MAX_CERT_VERIFY_SZ];
             #else
-                byte *der = (byte*)XMALLOC(MAX_CERT_VERIFY_SZ, cert->heap,
+                byte *der = (byte*)XMALLOC(WC_MAX_CERT_VERIFY_SZ, cert->heap,
                                         DYNAMIC_TYPE_DCERT);
                 if (der == NULL) {
                     ret = MEMORY_E;
                 } else
             #endif /* ! WOLFSSL_SMALL_STACK */
                 {
-                    ret = wc_GeneratePreTBS(cert, der, MAX_CERT_VERIFY_SZ);
+                    ret = wc_GeneratePreTBS(cert, der, WC_MAX_CERT_VERIFY_SZ);
 
                     if (ret > 0) {
                         ret = ConfirmSignature(&cert->sigCtx, der, ret,
@@ -24460,7 +25446,8 @@ int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
 #endif /* !NO_CERTS */
 
 #if defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS12) || \
-    (defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT))
+    (defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)) || \
+    (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
 int SetMyVersion(word32 version, byte* output, int header)
 {
     int i = 0;
@@ -24610,6 +25597,10 @@ wcchar END_CERT             = "-----END CERTIFICATE-----";
     wcchar BEGIN_CERT_REQ   = "-----BEGIN CERTIFICATE REQUEST-----";
     wcchar END_CERT_REQ     = "-----END CERTIFICATE REQUEST-----";
 #endif
+#if defined(WOLFSSL_ACERT)
+    wcchar BEGIN_ACERT      = "-----BEGIN ATTRIBUTE CERTIFICATE-----";
+    wcchar END_ACERT        = "-----END ATTRIBUTE CERTIFICATE-----";
+#endif /* WOLFSSL_ACERT */
 #ifndef NO_DH
     wcchar BEGIN_DH_PARAM   = "-----BEGIN DH PARAMETERS-----";
     wcchar END_DH_PARAM     = "-----END DH PARAMETERS-----";
@@ -24622,6 +25613,8 @@ wcchar END_CERT             = "-----END CERTIFICATE-----";
 #endif
 wcchar BEGIN_X509_CRL       = "-----BEGIN X509 CRL-----";
 wcchar END_X509_CRL         = "-----END X509 CRL-----";
+wcchar BEGIN_TRUSTED_CERT   = "-----BEGIN TRUSTED CERTIFICATE-----";
+wcchar END_TRUSTED_CERT     = "-----END TRUSTED CERTIFICATE-----";
 wcchar BEGIN_RSA_PRIV       = "-----BEGIN RSA PRIVATE KEY-----";
 wcchar END_RSA_PRIV         = "-----END RSA PRIVATE KEY-----";
 wcchar BEGIN_RSA_PUB        = "-----BEGIN RSA PUBLIC KEY-----";
@@ -24665,12 +25658,20 @@ wcchar END_PUB_KEY          = "-----END PUBLIC KEY-----";
     wcchar END_FALCON_LEVEL5_PRIV   = "-----END FALCON_LEVEL5 PRIVATE KEY-----";
 #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     wcchar BEGIN_DILITHIUM_LEVEL2_PRIV = "-----BEGIN DILITHIUM_LEVEL2 PRIVATE KEY-----";
     wcchar END_DILITHIUM_LEVEL2_PRIV   = "-----END DILITHIUM_LEVEL2 PRIVATE KEY-----";
     wcchar BEGIN_DILITHIUM_LEVEL3_PRIV = "-----BEGIN DILITHIUM_LEVEL3 PRIVATE KEY-----";
     wcchar END_DILITHIUM_LEVEL3_PRIV   = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----";
     wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----";
     wcchar END_DILITHIUM_LEVEL5_PRIV   = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----";
+    #endif
+    wcchar BEGIN_ML_DSA_LEVEL2_PRIV = "-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----";
+    wcchar END_ML_DSA_LEVEL2_PRIV   = "-----END ML_DSA_LEVEL2 PRIVATE KEY-----";
+    wcchar BEGIN_ML_DSA_LEVEL3_PRIV = "-----BEGIN ML_DSA_LEVEL3 PRIVATE KEY-----";
+    wcchar END_ML_DSA_LEVEL3_PRIV   = "-----END ML_DSA_LEVEL3 PRIVATE KEY-----";
+    wcchar BEGIN_ML_DSA_LEVEL5_PRIV = "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----";
+    wcchar END_ML_DSA_LEVEL5_PRIV   = "-----END ML_DSA_LEVEL5 PRIVATE KEY-----";
 #endif /* HAVE_DILITHIUM */
 #if defined(HAVE_SPHINCS)
     wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
@@ -24756,6 +25757,13 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             ret = 0;
             break;
     #endif
+    #if defined(WOLFSSL_ACERT)
+        case ACERT_TYPE:
+            if (header) *header = BEGIN_ACERT;
+            if (footer) *footer = END_ACERT;
+            ret = 0;
+            break;
+    #endif /* WOLFSSL_ACERT */
     #ifndef NO_DSA
         case DSA_TYPE:
         case DSA_PRIVATEKEY_TYPE:
@@ -24814,6 +25822,7 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             break;
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2_TYPE:
             if (header) *header = BEGIN_DILITHIUM_LEVEL2_PRIV;
             if (footer) *footer = END_DILITHIUM_LEVEL2_PRIV;
@@ -24829,6 +25838,22 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             if (footer) *footer = END_DILITHIUM_LEVEL5_PRIV;
             ret = 0;
             break;
+    #endif
+        case ML_DSA_LEVEL2_TYPE:
+            if (header) *header = BEGIN_ML_DSA_LEVEL2_PRIV;
+            if (footer) *footer = END_ML_DSA_LEVEL2_PRIV;
+            ret = 0;
+            break;
+        case ML_DSA_LEVEL3_TYPE:
+            if (header) *header = BEGIN_ML_DSA_LEVEL3_PRIV;
+            if (footer) *footer = END_ML_DSA_LEVEL3_PRIV;
+            ret = 0;
+            break;
+        case ML_DSA_LEVEL5_TYPE:
+            if (header) *header = BEGIN_ML_DSA_LEVEL5_PRIV;
+            if (footer) *footer = END_ML_DSA_LEVEL5_PRIV;
+            ret = 0;
+            break;
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
         case SPHINCS_FAST_LEVEL1_TYPE:
@@ -24886,6 +25911,11 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             if (footer) *footer = END_ENC_PRIV_KEY;
             ret = 0;
             break;
+        case TRUSTED_CERT_TYPE:
+            if (header) *header = BEGIN_TRUSTED_CERT;
+            if (footer) *footer = END_TRUSTED_CERT;
+            ret = 0;
+            break;
         default:
             ret = BAD_FUNC_ARG;
             break;
@@ -25131,8 +26161,8 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
     char header[MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE];
     char footer[MAX_X509_HEADER_SZ];
 #endif
-    int headerLen = MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE;
-    int footerLen = MAX_X509_HEADER_SZ;
+    size_t headerLen = MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE;
+    size_t footerLen = MAX_X509_HEADER_SZ;
     int i;
     int err;
     int outLen;   /* return length or error */
@@ -25159,9 +26189,9 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
 #endif
 
     /* build header and footer based on type */
-    XSTRNCPY(header, headerStr, (size_t)headerLen - 1);
+    XSTRNCPY(header, headerStr, headerLen - 1);
     header[headerLen - 2] = 0;
-    XSTRNCPY(footer, footerStr, (size_t)footerLen - 1);
+    XSTRNCPY(footer, footerStr, footerLen - 1);
     footer[footerLen - 2] = 0;
 
     /* add new line to end */
@@ -25169,7 +26199,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
     XSTRNCAT(footer, "\n", 2);
 
 #ifdef WOLFSSL_ENCRYPTED_KEYS
-    err = wc_EncryptedInfoAppend(header, headerLen, (char*)cipher_info);
+    err = wc_EncryptedInfoAppend(header, (int)headerLen, (char*)cipher_info);
     if (err != 0) {
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -25179,8 +26209,8 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
     }
 #endif
 
-    headerLen = (int)XSTRLEN(header);
-    footerLen = (int)XSTRLEN(footer);
+    headerLen = XSTRLEN(header);
+    footerLen = XSTRLEN(footer);
 
     /* if null output and 0 size passed in then return size needed */
     if (!output && outSz == 0) {
@@ -25194,7 +26224,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
             WOLFSSL_ERROR_VERBOSE(err);
             return err;
         }
-        return headerLen + footerLen + outLen;
+        return (int)headerLen + (int)footerLen + outLen;
     }
 
     if (!der || !output) {
@@ -25216,14 +26246,14 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
 
     /* header */
     XMEMCPY(output, header, (size_t)headerLen);
-    i = headerLen;
+    i = (int)headerLen;
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     /* body */
-    outLen = (int)outSz - (headerLen + footerLen);  /* input to Base64_Encode */
+    outLen = (int)outSz - (int)(headerLen + footerLen);  /* input to Base64_Encode */
     if ( (err = Base64_Encode(der, derSz, output + i, (word32*)&outLen)) < 0) {
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -25234,7 +26264,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
     i += outLen;
 
     /* footer */
-    if ( (i + footerLen) > (int)outSz) {
+    if ( (i + (int)footerLen) > (int)outSz) {
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
@@ -25246,7 +26276,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
     XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
-    return outLen + headerLen + footerLen;
+    return outLen + (int)headerLen + (int)footerLen;
 }
 
 #endif /* WOLFSSL_DER_TO_PEM */
@@ -25260,9 +26290,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 {
     const char* header      = NULL;
     const char* footer      = NULL;
-    const char* headerEnd;
-    const char* footerEnd;
-    const char* consumedEnd;
+    const char* headerEnd   = NULL;
+    const char* footerEnd   = NULL;
+    const char* consumedEnd = NULL;
     const char* bufferEnd   = (const char*)(buff + longSz);
     long        neededSz;
     int         ret         = 0;
@@ -25522,10 +26552,27 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
     }
     der = *pDer;
 
-    if (Base64_Decode((byte*)headerEnd, (word32)neededSz,
-                      der->buffer, &der->length) < 0) {
-        WOLFSSL_ERROR(BUFFER_E);
-        return BUFFER_E;
+    switch (type) {
+    case PUBLICKEY_TYPE:
+    case ECC_PUBLICKEY_TYPE:
+    case RSA_PUBLICKEY_TYPE:
+    case CERT_TYPE:
+    case TRUSTED_CERT_TYPE:
+    case CRL_TYPE:
+        if (Base64_Decode_nonCT((byte*)headerEnd, (word32)neededSz,
+                          der->buffer, &der->length) < 0)
+        {
+            WOLFSSL_ERROR(BUFFER_E);
+            return BUFFER_E;
+        }
+        break;
+    default:
+        if (Base64_Decode((byte*)headerEnd, (word32)neededSz,
+                          der->buffer, &der->length) < 0) {
+            WOLFSSL_ERROR(BUFFER_E);
+            return BUFFER_E;
+        }
+        break;
     }
 
     if ((header == BEGIN_PRIV_KEY
@@ -25567,7 +26614,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
         }
 
     #ifdef WOLFSSL_SMALL_STACK
-        password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING);
+        password = (char*)XMALLOC((size_t)passwordSz, heap, DYNAMIC_TYPE_STRING);
         if (password == NULL) {
             return MEMORY_E;
         }
@@ -25650,9 +26697,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
                 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && \
                     defined(HAVE_AES_DECRYPT)
                     if (info->cipherType == WC_CIPHER_AES_CBC) {
-                        if (der->length > AES_BLOCK_SIZE) {
+                        if (der->length > WC_AES_BLOCK_SIZE) {
                             padVal = der->buffer[der->length-1];
-                            if (padVal <= AES_BLOCK_SIZE) {
+                            if (padVal <= WC_AES_BLOCK_SIZE) {
                                 der->length -= (word32)padVal;
                             }
                         }
@@ -25663,14 +26710,14 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
             }
 #ifdef OPENSSL_EXTRA
             if (ret) {
-                PEMerr(0, PEM_R_BAD_DECRYPT);
+                WOLFSSL_PEMerr(0, WOLFSSL_PEM_R_BAD_DECRYPT_E);
             }
 #endif
             ForceZero(password, (word32)passwordSz);
         }
 #ifdef OPENSSL_EXTRA
         else {
-            PEMerr(0, PEM_R_BAD_PASSWORD_READ);
+            WOLFSSL_PEMerr(0, WOLFSSL_PEM_R_BAD_PASSWORD_READ_E);
         }
 #endif
 
@@ -26084,7 +27131,7 @@ int wc_GetPubKeyDerFromCert(struct DecodedCert* cert,
     /* if derKey is NULL, return required output buffer size in derKeySz */
     if (derKey == NULL) {
         *derKeySz = cert->pubKeySize;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (ret == 0) {
@@ -26151,7 +27198,7 @@ int wc_GetUUIDFromCert(struct DecodedCert* cert, byte* uuid, word32* uuidSz)
 
             if (uuid == NULL) {
                 *uuidSz = (word32)id->len;
-                return LENGTH_ONLY_E;
+                return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
 
             if ((int)*uuidSz < id->len) {
@@ -26179,7 +27226,7 @@ int wc_GetFASCNFromCert(struct DecodedCert* cert, byte* fascn, word32* fascnSz)
         if (id != NULL && id->oidSum == FASCN_OID) {
             if (fascn == NULL) {
                 *fascnSz = (word32)id->len;
-                return LENGTH_ONLY_E;
+                return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
 
             if ((int)*fascnSz < id->len) {
@@ -26833,7 +27880,7 @@ static int wc_SetCert_LoadDer(Cert* cert, const byte* der, word32 derSz,
 #ifndef NO_ASN_TIME
 static WC_INLINE byte itob(int number)
 {
-    return (byte)number + 0x30;
+    return (byte)(number + 0x30);
 }
 
 
@@ -27699,7 +28746,7 @@ static int SetCertificatePolicies(byte *output,
     byte   oid[MAX_OID_SZ];
     word32 oidSz;
     word32 sz = 0;
-    int    piSz;
+    int    piSz = 0;
 
     if ((input == NULL) || (nb_certpol > MAX_CERTPOL_NB)) {
         ret = BAD_FUNC_ARG;
@@ -27929,6 +28976,10 @@ static int EncodeName(EncodedName* name, const char* nameStr,
             thisLen += (int)sizeof(uidOid);
             firstSz  = (int)sizeof(uidOid);
             break;
+        case ASN_RFC822_MAILBOX:
+            thisLen += (int)sizeof(rfc822Mlbx);
+            firstSz  = (int)sizeof(rfc822Mlbx);
+            break;
         case ASN_FAVOURITE_DRINK:
             thisLen += (int)sizeof(fvrtDrk);
             firstSz  = (int)sizeof(fvrtDrk);
@@ -27994,6 +29045,12 @@ static int EncodeName(EncodedName* name, const char* nameStr,
             /* str type */
             name->encoded[idx++] = nameTag;
             break;
+        case ASN_RFC822_MAILBOX:
+            XMEMCPY(name->encoded + idx, rfc822Mlbx, sizeof(rfc822Mlbx));
+            idx += (int)sizeof(rfc822Mlbx);
+            /* str type */
+            name->encoded[idx++] = nameTag;
+            break;
         case ASN_FAVOURITE_DRINK:
             XMEMCPY(name->encoded + idx, fvrtDrk, sizeof(fvrtDrk));
             idx += (int)sizeof(fvrtDrk);
@@ -28090,15 +29147,19 @@ static int EncodeName(EncodedName* name, const char* nameStr,
                 oid = uidOid;
                 oidSz = sizeof(uidOid);
                 break;
+            case ASN_RFC822_MAILBOX:
+                oid = rfc822Mlbx;
+                oidSz = sizeof(rfc822Mlbx);
+                break;
             case ASN_FAVOURITE_DRINK:
                 oid = fvrtDrk;
                 oidSz = sizeof(fvrtDrk);
                 break;
         #ifdef WOLFSSL_CUSTOM_OID
             case ASN_CUSTOM_NAME:
-                nameSz = cname->custom.valSz;
+                nameSz = (word32)cname->custom.valSz;
                 oid = cname->custom.oid;
-                oidSz = cname->custom.oidSz;
+                oidSz = (word32)cname->custom.oidSz;
                 break;
         #endif
         #ifdef WOLFSSL_CERT_REQ
@@ -28413,6 +29474,12 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN,
                                 sizeof(uidOid), (byte)GetNameType(name, i),
                         (const byte*)GetOneCertName(name, i), nameLen[i]);
                 }
+                else if (type == ASN_RFC822_MAILBOX) {
+                    /* Copy RFC822 mailbox data into dynamic vars. */
+                    SetRdnItems(namesASN + idx, dataASN + idx, rfc822Mlbx,
+                                sizeof(rfc822Mlbx), (byte)GetNameType(name, i),
+                        (const byte*)GetOneCertName(name, i), nameLen[i]);
+                }
                 else if (type == ASN_FAVOURITE_DRINK) {
                     /* Copy favourite drink data into dynamic vars. */
                     SetRdnItems(namesASN + idx, dataASN + idx, fvrtDrk,
@@ -28422,8 +29489,8 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN,
                 else if (type == ASN_CUSTOM_NAME) {
                 #ifdef WOLFSSL_CUSTOM_OID
                     SetRdnItems(namesASN + idx, dataASN + idx, name->custom.oid,
-                        name->custom.oidSz, name->custom.enc,
-                        name->custom.val, name->custom.valSz);
+                        (word32)name->custom.oidSz, (byte)name->custom.enc,
+                        name->custom.val, (word32)name->custom.valSz);
                 #endif
                 }
                 else {
@@ -28597,6 +29664,13 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap)
         ret = 0;
     }
 
+    if (items == 0) {
+        /* if zero items, short-circuit return to avoid frivolous zero-size
+         * allocations.
+         */
+        return 0;
+    }
+
     /* Allocate dynamic data items. */
     dataASN = (ASNSetData*)XMALLOC(items * sizeof(ASNSetData), heap,
                                    DYNAMIC_TYPE_TMP_BUFFER);
@@ -28720,9 +29794,14 @@ static int EncodePublicKey(int keyType, byte* output, int outLen,
             break;
     #endif /* HAVE_FALCON */
     #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2_KEY:
         case DILITHIUM_LEVEL3_KEY:
         case DILITHIUM_LEVEL5_KEY:
+        #endif
+        case ML_DSA_LEVEL2_KEY:
+        case ML_DSA_LEVEL3_KEY:
+        case ML_DSA_LEVEL5_KEY:
             ret = wc_Dilithium_PublicKeyToDer(dilithiumKey, output,
                                               (word32)outLen, 1);
             if (ret <= 0) {
@@ -28760,6 +29839,7 @@ static const ASNItem static_certExtsASN[] = {
             /* Basic Constraints Extension - 4.2.1.9 */
 /* BC_SEQ        */    { 0, ASN_SEQUENCE, 1, 1, 0 },
 /* BC_OID        */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
+/* BC_CRIT       */        { 1, ASN_BOOLEAN, 0, 0, 0 },
 /* BC_STR        */        { 1, ASN_OCTET_STRING, 0, 1, 0 },
 /* BC_STR_SEQ    */            { 2, ASN_SEQUENCE, 1, 1, 0 },
                                                    /* cA */
@@ -28808,12 +29888,15 @@ static const ASNItem static_certExtsASN[] = {
 #ifdef WOLFSSL_DUAL_ALG_CERTS
 /* SAPKI_SEQ     */    { 0, ASN_SEQUENCE, 1, 1, 0 },
 /* SAPKI_OID     */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
+/* SAPKI_CRIT    */        { 1, ASN_BOOLEAN, 0, 0, 0 },
 /* SAPKI_STR     */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
 /* ALTSIGALG_SEQ */    { 0, ASN_SEQUENCE, 1, 1, 0 },
 /* ALTSIGALG_OID */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
+/* ALTSIGALG_CRIT*/        { 1, ASN_BOOLEAN, 0, 0, 0 },
 /* ALTSIGALG_STR */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
 /* ALTSIGVAL_SEQ */    { 0, ASN_SEQUENCE, 1, 1, 0 },
 /* ALTSIGVAL_OID */        { 1, ASN_OBJECT_ID, 0, 0, 0 },
+/* ALTSIGVAL_CRIT*/        { 1, ASN_BOOLEAN, 0, 0, 0 },
 /* ALTSIGVAL_STR */        { 1, ASN_OCTET_STRING, 0, 0, 0 },
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
 /* CUSTOM_SEQ    */    { 0, ASN_SEQUENCE, 1, 1, 0 },
@@ -28823,6 +29906,7 @@ static const ASNItem static_certExtsASN[] = {
 enum {
     CERTEXTSASN_IDX_BC_SEQ = 0,
     CERTEXTSASN_IDX_BC_OID,
+    CERTEXTSASN_IDX_BC_CRIT,
     CERTEXTSASN_IDX_BC_STR,
     CERTEXTSASN_IDX_BC_STR_SEQ,
     CERTEXTSASN_IDX_BC_CA,
@@ -28862,12 +29946,15 @@ enum {
 #ifdef WOLFSSL_DUAL_ALG_CERTS
     CERTEXTSASN_IDX_SAPKI_SEQ,
     CERTEXTSASN_IDX_SAPKI_OID,
+    CERTEXTSASN_IDX_SAPKI_CRIT,
     CERTEXTSASN_IDX_SAPKI_STR,
     CERTEXTSASN_IDX_ALTSIGALG_SEQ,
     CERTEXTSASN_IDX_ALTSIGALG_OID,
+    CERTEXTSASN_IDX_ALTSIGALG_CRIT,
     CERTEXTSASN_IDX_ALTSIGALG_STR,
     CERTEXTSASN_IDX_ALTSIGVAL_SEQ,
     CERTEXTSASN_IDX_ALTSIGVAL_OID,
+    CERTEXTSASN_IDX_ALTSIGVAL_CRIT,
     CERTEXTSASN_IDX_ALTSIGVAL_STR,
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
     CERTEXTSASN_IDX_CUSTOM_SEQ,
@@ -28959,6 +30046,12 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
             /* Set Basic Constraints to be a Certificate Authority. */
             SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CA], 1);
             SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_BC_OID], bcOID, sizeof(bcOID));
+            if (cert->basicConstCrit) {
+                SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CRIT], 1);
+            }
+            else {
+                dataASN[CERTEXTSASN_IDX_BC_CRIT].noOut = 1;
+            }
             if (cert->pathLenSet
             #ifdef WOLFSSL_CERT_EXT
                 && ((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage))
@@ -28975,12 +30068,24 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
         else if (cert->isCaSet) {
             SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CA], 0);
             SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_BC_OID], bcOID, sizeof(bcOID));
+            if (cert->basicConstCrit) {
+                SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CRIT], 1);
+            }
+            else {
+                dataASN[CERTEXTSASN_IDX_BC_CRIT].noOut = 1;
+            }
             dataASN[CERTEXTSASN_IDX_BC_PATHLEN].noOut = 1;
         }
     #endif
         else if (cert->basicConstSet) {
             /* Set Basic Constraints to be a non Certificate Authority. */
             SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_BC_OID], bcOID, sizeof(bcOID));
+            if (cert->basicConstCrit) {
+                SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CRIT], 1);
+            }
+            else {
+                dataASN[CERTEXTSASN_IDX_BC_CRIT].noOut = 1;
+            }
             dataASN[CERTEXTSASN_IDX_BC_CA].noOut = 1;
             dataASN[CERTEXTSASN_IDX_BC_PATHLEN].noOut = 1;
         }
@@ -29147,9 +30252,16 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
 
     #ifdef WOLFSSL_DUAL_ALG_CERTS
         if (cert->sapkiDer != NULL) {
-            /* Set subject alternative public key info OID and data. */
+            /* Set subject alternative public key info OID, criticality and
+             * data. */
             SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAPKI_OID], sapkiOID,
                     sizeof(sapkiOID));
+            if (cert->sapkiCrit) {
+                SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_SAPKI_CRIT], 1);
+            }
+            else {
+                dataASN[CERTEXTSASN_IDX_SAPKI_CRIT].noOut = 1;
+            }
             SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAPKI_STR], cert->sapkiDer,
                     cert->sapkiLen);
         }
@@ -29160,9 +30272,15 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
         }
 
         if (cert->altSigAlgDer != NULL) {
-            /* Set alternative signature algorithm OID and data. */
+            /* Set alternative signature algorithm OID, criticality and data. */
             SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGALG_OID], altSigAlgOID,
                     sizeof(altSigAlgOID));
+            if (cert->altSigAlgCrit) {
+                SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_ALTSIGALG_CRIT], 1);
+            }
+            else {
+                dataASN[CERTEXTSASN_IDX_ALTSIGALG_CRIT].noOut = 1;
+            }
             SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGALG_STR],
                     cert->altSigAlgDer, cert->altSigAlgLen);
         }
@@ -29173,9 +30291,15 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
         }
 
         if (cert->altSigValDer != NULL) {
-            /* Set alternative signature value OID and data. */
+            /* Set alternative signature value OID, criticality and data. */
             SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGVAL_OID], altSigValOID,
                     sizeof(altSigValOID));
+            if (cert->altSigValCrit) {
+                SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_ALTSIGVAL_CRIT], 1);
+            }
+            else {
+                dataASN[CERTEXTSASN_IDX_ALTSIGVAL_CRIT].noOut = 1;
+            }
             SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGVAL_STR],
                     cert->altSigValDer, cert->altSigValLen);
         }
@@ -29544,9 +30668,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
     }
 #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
-    if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
-        (cert->keyType == DILITHIUM_LEVEL3_KEY) ||
-        (cert->keyType == DILITHIUM_LEVEL5_KEY)) {
+    if ((cert->keyType == ML_DSA_LEVEL2_KEY) ||
+        (cert->keyType == ML_DSA_LEVEL3_KEY) ||
+        (cert->keyType == ML_DSA_LEVEL5_KEY)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (cert->keyType == DILITHIUM_LEVEL2_KEY)
+     || (cert->keyType == DILITHIUM_LEVEL3_KEY)
+     || (cert->keyType == DILITHIUM_LEVEL5_KEY)
+    #endif
+        ) {
         if (dilithiumKey == NULL)
             return PUBLIC_KEY_E;
 
@@ -30033,7 +31163,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
 
     case CERTSIGN_STATE_DO:
         certSignCtx->state = CERTSIGN_STATE_DO;
-        ret = ALGO_ID_E; /* default to error */
+        ret = -1; /* default to error, reassigned to ALGO_ID_E below. */
 
     #ifndef NO_RSA
         if (rsaKey) {
@@ -30087,9 +31217,23 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
         if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
             dilithiumKey) {
             word32 outSz = sigSz;
-            ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, rng);
-            if (ret == 0)
-                ret = outSz;
+            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+            if ((dilithiumKey->params->level == WC_ML_DSA_44_DRAFT) ||
+                    (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT) ||
+                    (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
+                ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey,
+                    rng);
+                if (ret == 0)
+                    ret = outSz;
+            }
+            else
+            #endif
+            {
+                ret = wc_dilithium_sign_ctx_msg(NULL, 0, buf, sz, sig,
+                    &outSz, dilithiumKey, rng);
+                if (ret == 0)
+                    ret = outSz;
+            }
         }
     #endif /* HAVE_DILITHIUM */
     #if defined(HAVE_SPHINCS)
@@ -30102,6 +31246,9 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
         }
     #endif /* HAVE_SPHINCS */
 
+        if (ret == -1)
+            ret = ALGO_ID_E;
+
         break;
     }
 
@@ -30232,8 +31379,8 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
     return (int)(idx + seqSz);
 #else
     DECL_ASNSETDATA(dataASN, sigASN_Length);
-    word32 seqSz;
-    int sz;
+    word32 seqSz = 0;
+    int sz = 0;
     int ret = 0;
 
     CALLOC_ASNSETDATA(dataASN, sigASN_Length, ret, NULL);
@@ -30324,12 +31471,32 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
         cert->keyType = FALCON_LEVEL5_KEY;
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2))
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL2_KEY;
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3))
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL3_KEY;
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5))
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL5_KEY;
+    }
+    #endif
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_44)) {
+        cert->keyType = ML_DSA_LEVEL2_KEY;
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_65)) {
+        cert->keyType = ML_DSA_LEVEL3_KEY;
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_87)) {
+        cert->keyType = ML_DSA_LEVEL5_KEY;
+    }
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@@ -30419,15 +31586,32 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
         }
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) {
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL2_KEY;
         }
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) {
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL3_KEY;
         }
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) {
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL5_KEY;
         }
+    #endif
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_44)) {
+            cert->keyType = ML_DSA_LEVEL2_KEY;
+        }
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_65)) {
+            cert->keyType = ML_DSA_LEVEL3_KEY;
+        }
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_87)) {
+            cert->keyType = ML_DSA_LEVEL5_KEY;
+        }
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
         else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@@ -30704,8 +31888,18 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
 #endif
 }
 
-
-/* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */
+/* Make an x509 Certificate v3 from cert input using any
+ * key type, and write to buffer.
+ *
+ * @param [in, out] cert      Certificate object.
+ * @param [out]     derBuffer Buffer to write der in.
+ * @param [in]      derSz     Der buffer size.
+ * @param [in]      keyType   The type of key.
+ * @param [in]      key       Key data.
+ * @param [in]      rng       Random number generator.
+ * @return          Size of encoded data in bytes on success.
+ * @return          < 0 on error
+ * */
 int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
                    void* key, WC_RNG* rng)
 {
@@ -30732,12 +31926,20 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -31039,9 +32241,15 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
     }
 #endif
 #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
-    if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
-        (cert->keyType == DILITHIUM_LEVEL3_KEY) ||
-        (cert->keyType == DILITHIUM_LEVEL5_KEY)) {
+    if ((cert->keyType == ML_DSA_LEVEL2_KEY) ||
+        (cert->keyType == ML_DSA_LEVEL3_KEY) ||
+        (cert->keyType == ML_DSA_LEVEL5_KEY)
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+     || (cert->keyType == DILITHIUM_LEVEL2_KEY)
+     || (cert->keyType == DILITHIUM_LEVEL3_KEY)
+     || (cert->keyType == DILITHIUM_LEVEL5_KEY)
+   #endif
+        ) {
         if (dilithiumKey == NULL)
             return PUBLIC_KEY_E;
         der->publicKeySz = wc_Dilithium_PublicKeyToDer(dilithiumKey,
@@ -31393,12 +32601,32 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
         cert->keyType = FALCON_LEVEL5_KEY;
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2))
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL2_KEY;
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3))
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL3_KEY;
-    else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5))
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
         cert->keyType = DILITHIUM_LEVEL5_KEY;
+    }
+    #endif
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_44)) {
+        cert->keyType = ML_DSA_LEVEL2_KEY;
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_65)) {
+        cert->keyType = ML_DSA_LEVEL3_KEY;
+    }
+    else if ((dilithiumKey != NULL) &&
+                (dilithiumKey->params->level == WC_ML_DSA_87)) {
+        cert->keyType = ML_DSA_LEVEL5_KEY;
+    }
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@@ -31489,15 +32717,32 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
         }
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) {
+    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL2_KEY;
         }
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) {
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL3_KEY;
         }
-        else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) {
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
             cert->keyType = DILITHIUM_LEVEL5_KEY;
         }
+    #endif
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_44)) {
+            cert->keyType = ML_DSA_LEVEL2_KEY;
+        }
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_65)) {
+            cert->keyType = ML_DSA_LEVEL3_KEY;
+        }
+        else if ((dilithiumKey != NULL) &&
+                    (dilithiumKey->level == WC_ML_DSA_87)) {
+            cert->keyType = ML_DSA_LEVEL5_KEY;
+        }
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
         else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
@@ -31709,12 +32954,20 @@ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -31814,6 +33067,21 @@ static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
 }
 
 #ifdef WOLFSSL_DUAL_ALG_CERTS
+/* Generate a signature from input buffer using
+ * any key type.
+ *
+ * @param [out] sig     The signature buffer to write in.
+ * @param [out] sigsz   The signature buffer size.
+ * @param [in]  sType   The signature type.
+ * @param [in]  buf     The input buf to sign.
+ * @param [in]  bufSz   The buffer size
+ * @param [in]  keyType The key type.
+ * @param [in]  key     Key data.
+ * @param [in]  rng     Random number generator.
+ *
+ * @return  Size of signature on success.
+ * @return  < 0 on error.
+ * */
 int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
                          word32 bufSz, int keyType, void* key, WC_RNG* rng)
 {
@@ -31824,13 +33092,14 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
     falcon_key*        falconKey = NULL;
     dilithium_key*     dilithiumKey = NULL;
     sphincs_key*       sphincsKey = NULL;
-
     int ret = 0;
     int headerSz;
     void* heap = NULL;
     CertSignCtx  certSignCtx_lcl;
     CertSignCtx* certSignCtx = &certSignCtx_lcl;
 
+    WOLFSSL_ENTER("wc_MakeSigWithBitStr");
+
     if ((sig == NULL) || (sigSz <= 0)) {
         return BAD_FUNC_ARG;
     }
@@ -31855,9 +33124,14 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
         case FALCON_LEVEL5_TYPE:
             falconKey = (falcon_key*)key;
             break;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
         case DILITHIUM_LEVEL2_TYPE:
         case DILITHIUM_LEVEL3_TYPE:
         case DILITHIUM_LEVEL5_TYPE:
+#endif
+        case ML_DSA_LEVEL2_TYPE:
+        case ML_DSA_LEVEL3_TYPE:
+        case ML_DSA_LEVEL5_TYPE:
             dilithiumKey = (dilithium_key*)key;
             break;
         case SPHINCS_FAST_LEVEL1_TYPE:
@@ -31935,6 +33209,20 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
 }
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
 
+/* Sign an x509 Certificate v3 from cert input using any
+ * key type, and write to buffer.
+ *
+ * @param [in]     requestSz Size of requested data to sign.
+ * @param [in]     sType     The signature type.
+ * @param [in,out] buf       Der buffer to sign.
+ * @param [in]     buffSz    Der buffer size.
+ * @param [in]     keyType   The type of key.
+ * @param [in]     key       Key data.
+ * @param [in]     rng       Random number generator.
+ *
+ * @return  Size of signature on success.
+ * @return  < 0 on error
+ * */
 int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz,
                    int keyType, void* key, WC_RNG* rng)
 {
@@ -31958,12 +33246,20 @@ int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz,
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -32011,7 +33307,7 @@ int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz,
 WOLFSSL_ABI
 int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert)
 {
-    int rc = BAD_FUNC_ARG;
+    int rc = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
     if ((subjectRaw != NULL) && (cert != NULL)) {
         *subjectRaw = cert->sbjRaw;
         rc = 0;
@@ -32137,12 +33433,20 @@ int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -32190,12 +33494,20 @@ int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
         falconKey = (falcon_key*)key;
     else if (keyType == FALCON_LEVEL5_TYPE)
         falconKey = (falcon_key*)key;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     else if (keyType == DILITHIUM_LEVEL2_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL3_TYPE)
         dilithiumKey = (dilithium_key*)key;
     else if (keyType == DILITHIUM_LEVEL5_TYPE)
         dilithiumKey = (dilithium_key*)key;
+#endif
+    else if (keyType == ML_DSA_LEVEL2_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL3_TYPE)
+        dilithiumKey = (dilithium_key*)key;
+    else if (keyType == ML_DSA_LEVEL5_TYPE)
+        dilithiumKey = (dilithium_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
         sphincsKey = (sphincs_key*)key;
     else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
@@ -32461,7 +33773,7 @@ int wc_SetExtKeyUsageOID(Cert *cert, const char *in, word32 sz, byte idx,
     }
 
     XMEMCPY(cert->extKeyUsageOID[idx], oid, oidSz);
-    cert->extKeyUsageOIDSz[idx] = oidSz;
+    cert->extKeyUsageOIDSz[idx] = (byte)oidSz;
     cert->extKeyUsage |= EXTKEYUSE_USER;
 
     return 0;
@@ -32497,7 +33809,7 @@ int wc_SetCustomExtension(Cert *cert, int critical, const char *oid,
     ext->oid = (char*)oid;
     ext->crit = (critical == 0) ? 0 : 1;
     ext->val = (byte*)der;
-    ext->valSz = derSz;
+    ext->valSz = (int)derSz;
 
     cert->customCertExtCount++;
     return 0;
@@ -33072,7 +34384,8 @@ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap)
                 return BUFFER_E;
             }
 
-            out[idx++] += (byte)val;
+            out[idx] = (byte)(out[idx] + val);
+            ++idx;
         }
         else {
             word32  tb = 0;
@@ -33418,8 +34731,14 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
     ret = GetASNInt(sig, &idx, &len, sigLen);
     if (ret != 0)
         return ret;
-    if (rLen)
-        *rLen = (word32)len;
+    if (rLen) {
+        if (*rLen >= (word32)len)
+            *rLen = (word32)len;
+        else {
+            /* Buffer too small to hold r value */
+            return BUFFER_E;
+        }
+    }
     if (r)
         XMEMCPY(r, (byte*)sig + idx, (size_t)len);
     idx += (word32)len;
@@ -33427,8 +34746,14 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
     ret = GetASNInt(sig, &idx, &len, sigLen);
     if (ret != 0)
         return ret;
-    if (sLen)
-        *sLen = (word32)len;
+    if (sLen) {
+        if (*sLen >= (word32)len)
+            *sLen = (word32)len;
+        else {
+            /* Buffer too small to hold s value */
+            return BUFFER_E;
+        }
+    }
     if (s)
         XMEMCPY(s, (byte*)sig + idx, (size_t)len);
 
@@ -33810,23 +35135,26 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz,
     }
     #endif /* WOLFSSL_ECC_CURVE_STATIC */
 
-    if (key) {
-        /* Store parameter set in key. */
-        if ((ret == 0) && (wc_ecc_set_custom_curve(key, curve) < 0)) {
-            ret = ASN_PARSE_E;
-        }
-        if (ret == 0) {
-            /* The parameter set was allocated.. */
-            key->deallocSet = 1;
-        }
-    }
-
     if ((ret == 0) && (curveSz)) {
         *curveSz = curve->size;
     }
 
-    if ((ret != 0) && (curve != NULL)) {
-        /* Failed to set parameters so free parameter set. */
+    if (key) {
+        /* Store parameter set in key. */
+        if (ret == 0) {
+            if (wc_ecc_set_custom_curve(key, curve) < 0) {
+                ret = ASN_PARSE_E;
+            }
+            else {
+                /* The parameter set was allocated.. */
+                key->deallocSet = 1;
+                /* Don't deallocate below. */
+                curve = NULL;
+            }
+        }
+    }
+
+    if (curve != NULL) { /* NOLINT(clang-analyzer-unix.Malloc) */
         wc_ecc_free_curve(curve, heap);
     }
 
@@ -33982,7 +35310,8 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
                     ret = BUFFER_E;
                 else {
             #ifdef WOLFSSL_SMALL_STACK
-                    pub = (byte*)XMALLOC(pubSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                    pub = (byte*)XMALLOC(pubSz, key->heap,
+                                         DYNAMIC_TYPE_TMP_BUFFER);
                     if (pub == NULL)
                         ret = MEMORY_E;
                     else
@@ -34013,7 +35342,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
     byte version = 0;
     int ret = 0;
     int curve_id = ECC_CURVE_DEF;
-#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2)
+#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(WOLFSSL_SM2)
     word32 algId = 0;
     word32 eccOid = 0;
 #endif
@@ -34023,7 +35352,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
         ret = BAD_FUNC_ARG;
     }
 
-#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2)
+#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(WOLFSSL_SM2)
     /* if has pkcs8 header skip it */
     if (ToTraditionalInline_ex2(input, inOutIdx, inSz, &algId, &eccOid) < 0) {
         /* ignore error, did not have pkcs8 header */
@@ -34657,7 +35986,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
             XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
         }
     #endif
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (inLen != NULL && totalSz > *inLen) {
         #ifndef WOLFSSL_NO_MALLOC
@@ -34769,7 +36098,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
     /* Return the size if no buffer. */
     if ((ret == 0) && (output == NULL)) {
         *inLen = (word32)sz;
-        ret = LENGTH_ONLY_E;
+        ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     /* Check the buffer is big enough. */
     if ((ret == 0) && (inLen != NULL) && (sz > (int)*inLen)) {
@@ -34814,6 +36143,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
 
 /* Write a Private ecc key, including public to DER format,
  * length on success else < 0 */
+/* Note: use wc_EccKeyDerSize to get length only */
 WOLFSSL_ABI
 int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
 {
@@ -34825,10 +36155,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
 int wc_EccKeyDerSize(ecc_key* key, int pub)
 {
     word32 sz = 0;
-    int ret;
-
-    ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1);
-
+    int ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1);
     if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         return ret;
     }
@@ -34839,7 +36166,11 @@ int wc_EccKeyDerSize(ecc_key* key, int pub)
  * length on success else < 0 */
 int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen)
 {
-    return wc_BuildEccKeyDer(key, output, &inLen, 0, 1);
+    int ret = wc_BuildEccKeyDer(key, output, &inLen, 0, 1);
+    if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
+        return (int)inLen;
+    }
+    return ret;
 }
 
 #ifdef HAVE_PKCS8
@@ -34908,7 +36239,7 @@ static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen,
         XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
         *outLen = pkcs8Sz;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
 
     }
     else if (*outLen < pkcs8Sz) {
@@ -34998,9 +36329,10 @@ enum {
     || (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \
     || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))
 
+
 int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz,
     const byte** privKey, word32* privKeyLen,
-    const byte** pubKey, word32* pubKeyLen, int keyType)
+    const byte** pubKey, word32* pubKeyLen, int* inOutKeyType)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 oid;
@@ -35014,7 +36346,7 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz,
 #endif
 
     if (input == NULL || inOutIdx == NULL || inSz == 0 ||
-        privKey == NULL || privKeyLen == NULL) {
+        privKey == NULL || privKeyLen == NULL || inOutKeyType == NULL) {
     #ifdef WOLFSSL_ASN_TEMPLATE
         FREE_ASNGETDATA(dataASN, NULL);
     #endif
@@ -35028,14 +36360,22 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz,
         if (GetMyVersion(input, inOutIdx, &version, inSz) < 0)
             return ASN_PARSE_E;
         if (version != 0) {
-            WOLFSSL_MSG("Unrecognized version of ED25519 private key");
+            WOLFSSL_MSG("Unrecognized version of private key");
             return ASN_PARSE_E;
         }
 
         if (GetAlgoId(input, inOutIdx, &oid, oidKeyType, inSz) < 0)
             return ASN_PARSE_E;
-        if (oid != (word32)keyType)
+
+        /* If user supplies ANONk (0) key type, we want to auto-detect from
+         * DER and copy it back to user */
+        if (*inOutKeyType == ANONk) {
+            *inOutKeyType = oid;
+        }
+        /* Otherwise strictly validate against the expected type */
+        else if (oid != (word32)*inOutKeyType) {
             return ASN_PARSE_E;
+        }
 
         if (GetOctetString(input, inOutIdx, &length, inSz) < 0)
             return ASN_PARSE_E;
@@ -35085,10 +36425,21 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz,
     return 0;
 #else
     if (ret == 0) {
-        /* Require OID. */
-        word32 oidSz;
-        const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz);
-        GetASN_ExpBuffer(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oid, oidSz);
+        /* If user supplies an expected keyType (algorithm OID sum), attempt to
+         * process DER accordingly */
+        if (*inOutKeyType != ANONk) {
+            word32 oidSz;
+            /* Explicit OID check - use expected type */
+            const byte* oidDerBytes = OidFromId((word32)*inOutKeyType,
+                                                oidKeyType, &oidSz);
+            GetASN_ExpBuffer(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oidDerBytes,
+                            oidSz);
+        }
+        else {
+            /* Auto-detect OID using template */
+            GetASN_OID(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oidKeyType);
+        }
+
         /* Parse full private key. */
         ret = GetASN_Items(edKeyASN, dataASN, edKeyASN_Length, 1, input,
                 inOutIdx, inSz);
@@ -35101,6 +36452,12 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz,
                 ret = ASN_PARSE_E;
             }
         }
+
+        /* Store detected OID if requested */
+        if (ret == 0 && *inOutKeyType == ANONk) {
+            *inOutKeyType =
+                (int)dataASN[EDKEYASN_IDX_PKEYALGO_OID].data.oid.sum;
+        }
     }
     if (ret == 0) {
         /* Import private value. */
@@ -35141,7 +36498,7 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
 
     if (ret == 0) {
         ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKeyPtr,
-            &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, keyType);
+            &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, &keyType);
     }
     if ((ret == 0) && (privKeyPtrLen > *privKeyLen)) {
         ret = BUFFER_E;
@@ -35164,7 +36521,7 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
 }
 
 int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz,
-    const byte** pubKey, word32* pubKeyLen, int keyType)
+    const byte** pubKey, word32* pubKeyLen, int *inOutKeyType)
 {
     int ret = 0;
 #ifndef WOLFSSL_ASN_TEMPLATE
@@ -35172,11 +36529,11 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz,
     word32 oid;
 #else
     word32 len;
-    DECL_ASNGETDATA(dataASN, edPubKeyASN_Length);
+    DECL_ASNGETDATA(dataASN, publicKeyASN_Length);
 #endif
 
     if (input == NULL || inSz == 0 || inOutIdx == NULL ||
-        pubKey == NULL || pubKeyLen == NULL) {
+        pubKey == NULL || pubKeyLen == NULL || inOutKeyType == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -35189,8 +36546,16 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz,
 
     if (GetObjectId(input, inOutIdx, &oid, oidKeyType, inSz) < 0)
         return ASN_PARSE_E;
-    if (oid != (word32)keyType)
+
+    /* If user supplies ANONk (0) key type, we want to auto-detect from
+     * DER and copy it back to user */
+    if (*inOutKeyType == ANONk) {
+        *inOutKeyType = oid;
+    }
+    /* Otherwise strictly validate against the expected type */
+    else if (oid != (word32)*inOutKeyType) {
         return ASN_PARSE_E;
+    }
 
     /* key header */
     ret = CheckBitString(input, inOutIdx, &length, inSz, 1, NULL);
@@ -35207,36 +36572,52 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz,
 #else
     len = inSz - *inOutIdx;
 
-    CALLOC_ASNGETDATA(dataASN, edPubKeyASN_Length, ret, NULL);
+    CALLOC_ASNGETDATA(dataASN, publicKeyASN_Length, ret, NULL);
 
     if (ret == 0) {
-        /* Require OID. */
-        word32 oidSz;
-        const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz);
-
-        GetASN_ExpBuffer(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], oid, oidSz);
-        /* Decode Ed25519 private key. */
-        ret = GetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, 1, input,
-                inOutIdx, inSz);
+        /* If user supplies an expected keyType (algorithm OID sum), attempt to
+         * process DER accordingly */
+        if (*inOutKeyType != ANONk) {
+            word32 oidSz;
+            /* Explicit OID check - use expected type */
+            const byte* oidDerBytes = OidFromId((word32)*inOutKeyType,
+                                              oidKeyType, &oidSz);
+            GetASN_ExpBuffer(&dataASN[PUBKEYASN_IDX_ALGOID_OID], oidDerBytes,
+                           oidSz);
+        }
+        else {
+            /* Auto-detect OID using template */
+            GetASN_OID(&dataASN[PUBKEYASN_IDX_ALGOID_OID], oidKeyType);
+        }
+        /* Decode public key. */
+        ret = GetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, 1,
+                           input, inOutIdx, inSz);
         if (ret != 0)
             ret = ASN_PARSE_E;
         /* check that input buffer is exhausted */
         if (*inOutIdx != inSz)
             ret = ASN_PARSE_E;
+
+        /* Store detected OID if requested */
+        if (ret == 0 && *inOutKeyType == ANONk) {
+            *inOutKeyType =
+                (int)dataASN[PUBKEYASN_IDX_ALGOID_OID].data.oid.sum;
+        }
     }
     /* Check that the all the buffer was used. */
     if ((ret == 0) &&
-            (GetASNItem_Length(dataASN[EDPUBKEYASN_IDX_SEQ], input) != len)) {
+            (GetASNItem_Length(dataASN[PUBKEYASN_IDX_SEQ], input) != len)) {
         ret = ASN_PARSE_E;
     }
     if (ret == 0) {
-        *pubKeyLen = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.length;
-        *pubKey = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.data;
+        *pubKeyLen = dataASN[PUBKEYASN_IDX_PUBKEY].data.ref.length;
+        *pubKey = dataASN[PUBKEYASN_IDX_PUBKEY].data.ref.data;
     }
 
     FREE_ASNGETDATA(dataASN, NULL);
 #endif /* WOLFSSL_ASN_TEMPLATE */
     return ret;
+
 }
 
 int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
@@ -35252,7 +36633,7 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
 
     if (ret == 0) {
         ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKeyPtr,
-            &pubKeyPtrLen, keyType);
+            &pubKeyPtrLen, &keyType);
     }
     if ((ret == 0) && (pubKeyPtrLen > *pubKeyLen)) {
         ret = BUFFER_E;
@@ -35352,6 +36733,55 @@ int wc_Curve25519PublicKeyDecode(const byte* input, word32* inOutIdx,
     }
     return ret;
 }
+
+/* Decode Curve25519 key from DER format - can handle private only,
+ * public only, or private+public key pairs.
+ * return 0 on success, negative on error */
+int wc_Curve25519KeyDecode(const byte* input, word32* inOutIdx,
+                          curve25519_key* key, word32 inSz)
+{
+    int ret;
+    byte privKey[CURVE25519_KEYSIZE];
+    byte pubKey[CURVE25519_PUB_KEY_SIZE];
+    word32 privKeyLen = CURVE25519_KEYSIZE;
+    word32 pubKeyLen = CURVE25519_PUB_KEY_SIZE;
+
+    /* sanity check */
+    if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Try to decode as private key first (may include public) */
+    ret = DecodeAsymKey(input, inOutIdx, inSz, privKey, &privKeyLen,
+                        pubKey, &pubKeyLen, X25519k);
+
+    if (ret == 0) {
+        /* Successfully decoded private key */
+        if (pubKeyLen > 0) {
+            /* Have both private and public */
+            ret = wc_curve25519_import_private_raw(privKey, privKeyLen,
+                                                   pubKey, pubKeyLen, key);
+        }
+        else {
+            /* Private only */
+            ret = wc_curve25519_import_private(privKey, privKeyLen, key);
+        }
+    }
+    else {
+        /* Try decoding as public key */
+        *inOutIdx = 0; /* Reset index */
+        pubKeyLen = CURVE25519_KEYSIZE;
+        ret = DecodeAsymKeyPublic(input, inOutIdx, inSz,
+                                  pubKey, &pubKeyLen, X25519k);
+        if (ret == 0) {
+            /* Successfully decoded public key */
+            ret = wc_curve25519_import_public(pubKey, pubKeyLen, key);
+        }
+    }
+
+    return ret;
+}
+
 #endif /* HAVE_CURVE25519 && HAVE_ED25519_KEY_IMPORT */
 
 
@@ -35381,7 +36811,7 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
     word32 idx = 0, seqSz, verSz, algoSz, privSz, pubSz = 0, sz;
 #else
     DECL_ASNSETDATA(dataASN, edKeyASN_Length);
-    int sz;
+    int sz = 0;
 #endif
 
     /* validate parameters */
@@ -35521,7 +36951,8 @@ int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, word32 inLen)
 #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
 /* Write only private Curve25519 key to DER format,
  * length on success else < 0 */
-int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output, word32 inLen)
+int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output,
+                                 word32 inLen)
 {
     int    ret;
     byte   privKey[CURVE25519_KEYSIZE];
@@ -35559,6 +36990,64 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen,
     }
     return ret;
 }
+
+/* Export Curve25519 key to DER format - handles private only, public only,
+ * or private+public key pairs based on what's set in the key structure.
+ * Returns length written on success, negative on error */
+int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen,
+                          int withAlg)
+{
+    int ret;
+    byte privKey[CURVE25519_KEYSIZE];
+    byte pubKey[CURVE25519_PUB_KEY_SIZE];
+    word32 privKeyLen = CURVE25519_KEYSIZE;
+    word32 pubKeyLen = CURVE25519_PUB_KEY_SIZE;
+
+    if (key == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Check what we have in the key structure */
+    if (key->privSet) {
+        /* Export private key to buffer */
+        ret = wc_curve25519_export_private_raw(key, privKey, &privKeyLen);
+        if (ret != 0) {
+            return ret;
+        }
+
+        if (key->pubSet) {
+            /* Export public key if available */
+            ret = wc_curve25519_export_public(key, pubKey, &pubKeyLen);
+            if (ret != 0) {
+                return ret;
+            }
+            /* Export both private and public */
+            ret = SetAsymKeyDer(privKey, privKeyLen,
+                                pubKey, pubKeyLen,
+                                output, inLen, X25519k);
+        }
+        else {
+            /* Export private only */
+            ret = SetAsymKeyDer(privKey, privKeyLen,
+                                NULL, 0,
+                                output, inLen, X25519k);
+        }
+    }
+    else if (key->pubSet) {
+        /* Export public key only */
+        ret = wc_curve25519_export_public(key, pubKey, &pubKeyLen);
+        if (ret == 0) {
+            ret = SetAsymKeyDerPublic(pubKey, pubKeyLen,
+                                      output, inLen, X25519k, withAlg);
+        }
+    }
+    else {
+        /* Neither public nor private key is set */
+        ret = BAD_FUNC_ARG;
+    }
+
+    return ret;
+}
 #endif /* HAVE_CURVE25519 && HAVE_CURVE25519_KEY_EXPORT */
 
 #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
@@ -35786,17 +37275,7 @@ static int GetEnumerated(const byte* input, word32* inOutIdx, int *value,
 static const ASNItem singleResponseASN[] = {
 /* SEQ                   */ { 0, ASN_SEQUENCE, 1, 1, 0 },
                                                       /* certId */
-/* CID_SEQ               */     { 1, ASN_SEQUENCE, 1, 1, 0 },
-                                                          /* hashAlgorithm */
-/* CID_HASHALGO_SEQ      */         { 2, ASN_SEQUENCE, 1, 1, 0 },
-/* CID_HASHALGO_OID      */             { 3, ASN_OBJECT_ID, 0, 0, 0 },
-/* CID_HASHALGO_NULL     */             { 3, ASN_TAG_NULL, 0, 0, 1 },
-                                                          /* issuerNameHash */
-/* CID_ISSUERHASH        */         { 2, ASN_OCTET_STRING, 0, 0, 0 },
-                                                          /* issuerKeyHash */
-/* CID_ISSUERKEYHASH     */         { 2, ASN_OCTET_STRING, 0, 0, 0 },
-                                                          /* serialNumber */
-/* CID_SERIAL            */         { 2, ASN_INTEGER, 0, 0, 0 },
+/* CID_SEQ               */     { 1, ASN_SEQUENCE, 1, 0, 0 },
                                                       /* certStatus - CHOICE */
                                                       /* good              [0] IMPLICIT NULL */
 /* CS_GOOD               */     { 1, ASN_CONTEXT_SPECIFIC | 0, 0, 0, 2 },
@@ -35822,12 +37301,6 @@ static const ASNItem singleResponseASN[] = {
 enum {
     SINGLERESPONSEASN_IDX_SEQ = 0,
     SINGLERESPONSEASN_IDX_CID_SEQ,
-    SINGLERESPONSEASN_IDX_CID_HASHALGO_SEQ,
-    SINGLERESPONSEASN_IDX_CID_HASHALGO_OID,
-    SINGLERESPONSEASN_IDX_CID_HASHALGO_NULL,
-    SINGLERESPONSEASN_IDX_CID_ISSUERHASH,
-    SINGLERESPONSEASN_IDX_CID_ISSUERKEYHASH,
-    SINGLERESPONSEASN_IDX_CID_SERIAL,
     SINGLERESPONSEASN_IDX_CS_GOOD,
     SINGLERESPONSEASN_IDX_CS_REVOKED,
     SINGLERESPONSEASN_IDX_CS_REVOKED_TIME,
@@ -35842,13 +37315,139 @@ enum {
 
 /* Number of items in ASN.1 template for OCSP single response. */
 #define singleResponseASN_Length (sizeof(singleResponseASN) / sizeof(ASNItem))
+
+static const ASNItem certIDASNItems[] = {
+                                                            /* hashAlgorithm */
+/* CID_HASHALGO_SEQ      */         { 0, ASN_SEQUENCE, 1, 1, 0 },
+/* CID_HASHALGO_OID      */             { 1, ASN_OBJECT_ID, 0, 0, 0 },
+/* CID_HASHALGO_NULL     */             { 1, ASN_TAG_NULL, 0, 0, 1 },
+                                                          /* issuerNameHash */
+/* CID_ISSUERHASH        */         { 0, ASN_OCTET_STRING, 0, 0, 0 },
+                                                          /* issuerKeyHash */
+/* CID_ISSUERKEYHASH     */         { 0, ASN_OCTET_STRING, 0, 0, 0 },
+                                                          /* serialNumber */
+/* CID_SERIAL            */         { 0, ASN_INTEGER, 0, 0, 0 },
+};
+
+enum {
+    CERTIDASN_IDX_CID_HASHALGO_SEQ,
+    CERTIDASN_IDX_CID_HASHALGO_OID,
+    CERTIDASN_IDX_CID_HASHALGO_NULL,
+    CERTIDASN_IDX_CID_ISSUERHASH,
+    CERTIDASN_IDX_CID_ISSUERKEYHASH,
+    CERTIDASN_IDX_CID_SERIAL,
+};
+
+#define certidasn_Length (sizeof(certIDASNItems) / sizeof(ASNItem))
 #endif
 
+#ifndef WOLFSSL_ASN_TEMPLATE
+static int OcspDecodeCertIDInt(const byte* input, word32* inOutIdx, word32 inSz,
+                 OcspEntry* entry)
+{
+    int length;
+    word32 oid;
+    int ret;
+    /* Hash algorithm */
+    ret = GetAlgoId(input, inOutIdx, &oid, oidHashType, inSz);
+    if (ret < 0)
+        return ret;
+    entry->hashAlgoOID = oid;
+    /* Save reference to the hash of CN */
+    ret = GetOctetString(input, inOutIdx, &length, inSz);
+    if (ret < 0)
+        return ret;
+    if (length != OCSP_DIGEST_SIZE)
+        return ASN_PARSE_E;
+    XMEMCPY(entry->issuerHash, input + *inOutIdx, length);
+    *inOutIdx += length;
+    /* Save reference to the hash of the issuer public key */
+    ret = GetOctetString(input, inOutIdx, &length, inSz);
+    if (ret < 0)
+        return ret;
+    if (length != OCSP_DIGEST_SIZE)
+        return ASN_PARSE_E;
+    XMEMCPY(entry->issuerKeyHash, input + *inOutIdx, length);
+    *inOutIdx += length;
+
+    /* Get serial number */
+    if (wc_GetSerialNumber(input, inOutIdx, entry->status->serial,
+                        &entry->status->serialSz, inSz) < 0)
+        return ASN_PARSE_E;
+    return 0;
+}
+#else
+static int OcspDecodeCertIDInt(const byte* input, word32* inOutIdx, word32 inSz,
+                 OcspEntry* entry)
+{
+    DECL_ASNGETDATA(dataASN, certidasn_Length);
+    word32 issuerKeyHashLen = OCSP_DIGEST_SIZE;
+    word32 issuerHashLen = OCSP_DIGEST_SIZE;
+    word32 serialSz = EXTERNAL_SERIAL_SIZE;
+    word32 digestSz;
+    int ret = 0;
+
+    WOLFSSL_ENTER("DecodeCertIdTemplate");
+    CALLOC_ASNGETDATA(dataASN, certidasn_Length, ret, NULL);
+    if (ret != 0)
+        return ret;
+
+    GetASN_OID(&dataASN[CERTIDASN_IDX_CID_HASHALGO_OID], oidHashType);
+    GetASN_Buffer(&dataASN[CERTIDASN_IDX_CID_ISSUERHASH], entry->issuerHash,
+        &issuerHashLen);
+    GetASN_Buffer(&dataASN[CERTIDASN_IDX_CID_ISSUERKEYHASH],
+        entry->issuerKeyHash, &issuerKeyHashLen);
+    GetASN_Buffer(&dataASN[CERTIDASN_IDX_CID_SERIAL], entry->status->serial,
+                    &serialSz);
+    ret = GetASN_Items(certIDASNItems, dataASN, certidasn_Length,
+                1, input, inOutIdx, inSz);
+    if (ret != 0) {
+       goto out;
+    }
+    entry->status->serialSz = serialSz;
+    entry->hashAlgoOID =
+        dataASN[CERTIDASN_IDX_CID_HASHALGO_OID].data.oid.sum;
+    digestSz = wc_HashGetDigestSize(wc_OidGetHash(entry->hashAlgoOID));
+    if (issuerKeyHashLen != digestSz || issuerHashLen != digestSz) {
+        ret = ASN_PARSE_E;
+        goto out;
+    }
+out:
+    FREE_ASNGETDATA(dataASN, NULL);
+    return ret;
+}
+#endif
+
+int OcspDecodeCertID(const byte *input, word32 *inOutIdx, word32 inSz,
+    OcspEntry *entry)
+{
+    word32 seqIdx = 0;
+    int len = inSz;
+    int ret;
+
+#ifndef WOLFSSL_ASN_TEMPLATE
+    ret = GetSequence(input, inOutIdx, &len, inSz);
+#else
+    ret = GetASN_Sequence(input, inOutIdx, &len, inSz, 0);
+#endif
+    if (ret < 0)
+        return ASN_PARSE_E;
+    ret = OcspDecodeCertIDInt(input + *inOutIdx, &seqIdx, len, entry);
+    if (ret < 0)
+        return ASN_PARSE_E;
+    if (seqIdx != (word32)len)
+        return ASN_PARSE_E;
+    *inOutIdx += len;
+
+    return 0;
+}
+
+
 static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
                                 int wrapperSz, OcspEntry* single)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
-    word32 idx = *ioIndex, prevIndex, oid, localIdx, certIdIdx;
+    word32 idx = *ioIndex, prevIndex, localIdx, certIdIdx;
     int length;
     int ret;
     byte tag;
@@ -35866,31 +37465,8 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
     if (GetSequence(source, &idx, &length, size) < 0)
         return ASN_PARSE_E;
     single->rawCertId = source + certIdIdx;
-    /* Hash algorithm */
-    ret = GetAlgoId(source, &idx, &oid, oidIgnoreType, size);
+    ret = OcspDecodeCertIDInt(source, &idx, size, single);
     if (ret < 0)
-        return ret;
-    single->hashAlgoOID = oid;
-    /* Save reference to the hash of CN */
-    ret = GetOctetString(source, &idx, &length, size);
-    if (ret < 0)
-        return ret;
-    if (length > (int)sizeof(single->issuerHash))
-        return BUFFER_E;
-    XMEMCPY(single->issuerHash, source + idx, length);
-    idx += length;
-    /* Save reference to the hash of the issuer public key */
-    ret = GetOctetString(source, &idx, &length, size);
-    if (ret < 0)
-        return ret;
-    if (length > (int)sizeof(single->issuerKeyHash))
-        return BUFFER_E;
-    XMEMCPY(single->issuerKeyHash, source + idx, length);
-    idx += length;
-
-    /* Get serial number */
-    if (wc_GetSerialNumber(source, &idx, single->status->serial,
-                        &single->status->serialSz, size) < 0)
         return ASN_PARSE_E;
     single->rawCertIdSize = idx - certIdIdx;
 
@@ -35937,12 +37513,13 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
             single->status->thisDateParsed.length);
 #endif
     if (GetBasicDate(source, &idx, single->status->thisDate,
-                                                &single->status->thisDateFormat, size) < 0)
+                     &single->status->thisDateFormat, size) < 0)
         return ASN_PARSE_E;
 
 #ifndef NO_ASN_TIME_CHECK
 #ifndef WOLFSSL_NO_OCSP_DATE_CHECK
-    if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, ASN_BEFORE))
+    if (!XVALIDATE_DATE(single->status->thisDate,
+        single->status->thisDateFormat, ASN_BEFORE))
         return ASN_BEFORE_DATE_E;
 #endif
 #endif
@@ -35973,7 +37550,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
                 single->status->nextDateParsed.length);
 #endif
         if (GetBasicDate(source, &idx, single->status->nextDate,
-                                                &single->status->nextDateFormat, size) < 0)
+                         &single->status->nextDateFormat, size) < 0)
             return ASN_PARSE_E;
 
 #ifndef NO_ASN_TIME_CHECK
@@ -35999,20 +37576,13 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
     *ioIndex = idx;
 
     return 0;
-#else
+#else /* WOLFSSL_ASN_TEMPLATE */
     DECL_ASNGETDATA(dataASN, singleResponseASN_Length);
     int ret = 0;
-    word32 ocspDigestSize = OCSP_DIGEST_SIZE;
     CertStatus* cs = NULL;
-    word32 serialSz;
-    word32 issuerHashLen;
-    word32 issuerKeyHashLen;
     word32 thisDateLen;
     word32 nextDateLen;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
-    WOLFSSL_ASN1_TIME *at;
-#endif
+    word32 certIdSeqIdx;
 
     (void)wrapperSz;
 
@@ -36021,25 +37591,12 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
     CALLOC_ASNGETDATA(dataASN, singleResponseASN_Length, ret, NULL);
 
     if (ret == 0) {
-        /* Certificate Status field. */
         cs = single->status;
-
         /* Set maximum lengths for data. */
-        issuerHashLen    = OCSP_DIGEST_SIZE;
-        issuerKeyHashLen = OCSP_DIGEST_SIZE;
-        serialSz         = EXTERNAL_SERIAL_SIZE;
         thisDateLen      = MAX_DATE_SIZE;
         nextDateLen      = MAX_DATE_SIZE;
 
         /* Set OID type, buffers to hold data and variables to hold size. */
-        GetASN_OID(&dataASN[SINGLERESPONSEASN_IDX_CID_HASHALGO_OID],
-                oidHashType);
-        GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_ISSUERHASH],
-                single->issuerHash, &issuerHashLen);
-        GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_ISSUERKEYHASH],
-                single->issuerKeyHash, &issuerKeyHashLen);
-        GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_SERIAL], cs->serial,
-                &serialSz);
         GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT],
                 cs->thisDate, &thisDateLen);
         GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT],
@@ -36050,27 +37607,11 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
                 1, source, ioIndex, size);
     }
     if (ret == 0) {
-        single->hashAlgoOID =
-            dataASN[SINGLERESPONSEASN_IDX_CID_HASHALGO_OID].data.oid.sum;
-        ocspDigestSize = (word32)wc_HashGetDigestSize(
-            wc_OidGetHash((int)single->hashAlgoOID));
-    }
-    /* Validate the issuer hash length is the size required. */
-    if ((ret == 0) && (issuerHashLen != ocspDigestSize)) {
-        ret = ASN_PARSE_E;
-    }
-    /* Validate the issuer key hash length is the size required. */
-    if (ret == 0) {
-        if (issuerKeyHashLen != ocspDigestSize) {
-            ret = ASN_PARSE_E;
-        }
+        certIdSeqIdx = 0;
+        ret = OcspDecodeCertIDInt(dataASN[SINGLERESPONSEASN_IDX_CID_SEQ].data.ref.data,
+            &certIdSeqIdx, dataASN[SINGLERESPONSEASN_IDX_CID_SEQ].data.ref.length, single);
     }
     if (ret == 0) {
-        /* Store serial size. */
-        cs->serialSz = (int)serialSz;
-        /* Set the hash algorithm OID */
-        single->hashAlgoOID =
-                dataASN[SINGLERESPONSEASN_IDX_CID_HASHALGO_OID].data.oid.sum;
 
         /* Determine status by which item was found. */
         if (dataASN[SINGLERESPONSEASN_IDX_CS_GOOD].tag != 0) {
@@ -36090,19 +37631,20 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
         if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, ASN_BEFORE)) {
             ret = ASN_BEFORE_DATE_E;
         }
+    #endif /* !NO_ASN_TIME_CHECK && !WOLFSSL_NO_OCSP_DATE_CHECK */
     }
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     if (ret == 0) {
-    #endif
-    #ifdef WOLFSSL_OCSP_PARSE_STATUS
         /* Store ASN.1 version of thisDate. */
+        WOLFSSL_ASN1_TIME *at;
         cs->thisDateAsn = GetASNItem_Addr(
                 dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT], source);
         at = &cs->thisDateParsed;
         at->type = ASN_GENERALIZED_TIME;
         XMEMCPY(at->data, cs->thisDate, thisDateLen);
         at->length = (int)thisDateLen;
-    #endif
     }
+#endif
     if ((ret == 0) &&
             (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) {
         /* Store the nextDate format - only one possible. */
@@ -36112,20 +37654,22 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
         if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, ASN_AFTER)) {
             ret = ASN_AFTER_DATE_E;
         }
+    #endif /* !NO_ASN_TIME_CHECK && !WOLFSSL_NO_OCSP_DATE_CHECK */
     }
+#ifdef WOLFSSL_OCSP_PARSE_STATUS
     if ((ret == 0) &&
-            (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) {
-    #endif
-    #ifdef WOLFSSL_OCSP_PARSE_STATUS
+            (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0))
+    {
         /* Store ASN.1 version of thisDate. */
+        WOLFSSL_ASN1_TIME *at;
         cs->nextDateAsn = GetASNItem_Addr(
                 dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT], source);
         at = &cs->nextDateParsed;
         at->type = ASN_GENERALIZED_TIME;
         XMEMCPY(at->data, cs->nextDate, nextDateLen);
         at->length = (int)nextDateLen;
-    #endif
     }
+#endif
     if (ret == 0) {
         /* OcspEntry now used. */
         single->used = 1;
@@ -36133,7 +37677,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
 
     FREE_ASNGETDATA(dataASN, NULL);
     return ret;
-#endif
+#endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
 #ifdef WOLFSSL_ASN_TEMPLATE
@@ -36303,7 +37847,8 @@ static const ASNItem ocspRespDataASN[] = {
                                              /* byName */
 /* BYNAME      */        { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 0, 2 },
                                              /* byKey */
-/* BYKEY       */        { 1, ASN_CONTEXT_SPECIFIC | 2, 1, 0, 2 },
+/* BYKEY       */        { 1, ASN_CONTEXT_SPECIFIC | 2, 1, 1, 2 },
+/* BYKEY_OCT   */            { 2, ASN_OCTET_STRING, 0, 0, 0 },
                                              /* producedAt */
 /* PA          */        { 1, ASN_GENERALIZED_TIME, 0, 0, 0, },
                                              /* responses */
@@ -36317,6 +37862,7 @@ enum {
     OCSPRESPDATAASN_IDX_VER,
     OCSPRESPDATAASN_IDX_BYNAME,
     OCSPRESPDATAASN_IDX_BYKEY,
+    OCSPRESPDATAASN_IDX_BYKEY_OCT,
     OCSPRESPDATAASN_IDX_PA,
     OCSPRESPDATAASN_IDX_RESP,
     OCSPRESPDATAASN_IDX_RESPEXT,
@@ -36361,16 +37907,40 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
         version = 0;
 
     localIdx = idx;
-    if (GetASNTag(source, &localIdx, &tag, size) == 0 &&
-        ( tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1) ||
-          tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2) ))
+    if (GetASNTag(source, &localIdx, &tag, size) != 0)
+        return ASN_PARSE_E;
+
+    resp->responderIdType = OCSP_RESPONDER_ID_INVALID;
+    /* parse byName */
+    if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))
     {
         idx++; /* advance past ASN tag */
         if (GetLength(source, &idx, &length, size) < 0)
             return ASN_PARSE_E;
+        /* compute the hash of the name */
+        resp->responderIdType = OCSP_RESPONDER_ID_NAME;
+        ret = CalcHashId_ex(source + idx, length,
+                resp->responderId.nameHash, OCSP_RESPONDER_ID_HASH_TYPE);
+        if (ret != 0)
+            return ret;
         idx += length;
     }
-    else
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2))
+    {
+        idx++; /* advance past ASN tag */
+        if (GetLength(source, &idx, &length, size) < 0)
+            return ASN_PARSE_E;
+
+        if (GetOctetString(source, &idx, &length, size) < 0)
+            return ASN_PARSE_E;
+
+        if (length != OCSP_RESPONDER_ID_KEY_SZ)
+            return ASN_PARSE_E;
+        resp->responderIdType = OCSP_RESPONDER_ID_KEY;
+        XMEMCPY(resp->responderId.keyHash, source + idx, length);
+        idx += length;
+    }
+    if (resp->responderIdType == OCSP_RESPONDER_ID_INVALID)
         return ASN_PARSE_E;
 
     /* save pointer to the producedAt time */
@@ -36406,6 +37976,7 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
             XMEMSET(single->next->status, 0, sizeof(CertStatus));
 
             single->next->isDynamic = 1;
+            single->next->ownStatus = 1;
 
             single = single->next;
         }
@@ -36426,6 +37997,7 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
     int ret = 0;
     byte version;
     word32 dateSz = 0;
+    word32 responderByKeySz = OCSP_RESPONDER_ID_KEY_SZ;
     word32 idx = *ioIndex;
     OcspEntry* single = NULL;
 
@@ -36444,6 +38016,8 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
         GetASN_Int8Bit(&dataASN[OCSPRESPDATAASN_IDX_VER], &version);
         GetASN_Buffer(&dataASN[OCSPRESPDATAASN_IDX_PA], resp->producedDate,
                 &dateSz);
+        GetASN_Buffer(&dataASN[OCSPRESPDATAASN_IDX_BYKEY_OCT],
+                resp->responderId.keyHash, &responderByKeySz);
         /* Decode the ResponseData. */
         ret = GetASN_Items(ocspRespDataASN, dataASN, ocspRespDataASN_Length,
                 1, source, ioIndex, size);
@@ -36461,7 +38035,23 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
         }
     }
     if (ret == 0) {
-        /* TODO: use byName/byKey fields. */
+        if (dataASN[OCSPRESPDATAASN_IDX_BYNAME].tag != 0) {
+            resp->responderIdType = OCSP_RESPONDER_ID_NAME;
+            ret = CalcHashId_ex(
+                dataASN[OCSPRESPDATAASN_IDX_BYNAME].data.ref.data,
+                dataASN[OCSPRESPDATAASN_IDX_BYNAME].data.ref.length,
+                resp->responderId.nameHash, OCSP_RESPONDER_ID_HASH_TYPE);
+        } else {
+            resp->responderIdType = OCSP_RESPONDER_ID_KEY;
+            if (dataASN[OCSPRESPDATAASN_IDX_BYKEY_OCT].length
+                    != OCSP_RESPONDER_ID_KEY_SZ) {
+                ret = ASN_PARSE_E;
+            } else {
+                resp->responderIdType = OCSP_RESPONDER_ID_KEY;
+            }
+        }
+    }
+    if (ret == 0) {
         /* Store size of response. */
         resp->responseSz = *ioIndex - idx;
         /* Store date format/tag. */
@@ -36495,6 +38085,7 @@ static int DecodeResponseData(byte* source, word32* ioIndex,
 
                     /* Entry to be freed. */
                     single->next->isDynamic = 1;
+                    single->next->ownStatus = 1;
                     /* used will be 0 (false) */
 
                     single = single->next;
@@ -36603,8 +38194,139 @@ enum {
 #define ocspBasicRespASN_Length (sizeof(ocspBasicRespASN) / sizeof(ASNItem))
 #endif /* WOLFSSL_ASN_TEMPLATE */
 
+static int OcspRespIdMatch(OcspResponse *resp, const byte *NameHash,
+    const byte *keyHash)
+{
+    if (resp->responderIdType == OCSP_RESPONDER_ID_INVALID)
+        return 0;
+    if (resp->responderIdType == OCSP_RESPONDER_ID_NAME)
+        return XMEMCMP(NameHash, resp->responderId.nameHash,
+            SIGNER_DIGEST_SIZE) == 0;
+    /* OCSP_RESPONDER_ID_KEY */
+    return ((int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ) &&
+        XMEMCMP(keyHash, resp->responderId.keyHash, KEYID_SIZE) == 0;
+}
+
+#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
+static int OcspRespCheck(OcspResponse *resp, Signer *responder)
+{
+    OcspEntry *s;
+
+    s = resp->single;
+    if (s == NULL)
+        return -1;
+
+    /* singles responses must have the same issuer */
+    for (; s != NULL; s = s->next) {
+        if (XMEMCMP(s->issuerKeyHash, responder->subjectKeyHash,
+                KEYID_SIZE) != 0)
+            return -1;
+    }
+
+    return 0;
+}
+#endif
+
+static Signer *OcspFindSigner(OcspResponse *resp, WOLFSSL_CERT_MANAGER *cm)
+{
+    Signer *s;
+
+    if (cm == NULL)
+        return NULL;
+
+    if (resp->responderIdType == OCSP_RESPONDER_ID_NAME) {
+#ifndef NO_SKID
+        s = GetCAByName(cm, resp->responderId.nameHash);
+#else
+        s = GetCA(cm, resp->responderId.nameHash);
+#endif
+        if (s)
+            return s;
+    }
+    else if ((int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ) {
+        s = GetCAByKeyHash(cm, resp->responderId.keyHash);
+        if (s)
+            return s;
+    }
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+    if (resp->pendingCAs == NULL)
+        return NULL;
+
+    if (resp->responderIdType == OCSP_RESPONDER_ID_NAME) {
+        s = findSignerByName(resp->pendingCAs, resp->responderId.nameHash);
+        if (s)
+            return s;
+    }
+    else {
+        s = findSignerByKeyHash(resp->pendingCAs, resp->responderId.keyHash);
+        if (s)
+            return s;
+    }
+#endif
+    return NULL;
+}
+
+static int OcspCheckCert(OcspResponse *resp, int noVerify,
+    int noVerifySignature, WOLFSSL_CERT_MANAGER *cm, void *heap)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedCert *cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
+                                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (cert == NULL)
+        return MEMORY_E;
+#else
+    DecodedCert cert[1];
+#endif
+
+    InitDecodedCert(cert, resp->cert, resp->certSz, heap);
+    ret = ParseCertRelative(cert, CERT_TYPE,
+                            noVerify ? NO_VERIFY : VERIFY_OCSP_CERT,
+                            cm, resp->pendingCAs);
+    if (ret < 0) {
+        WOLFSSL_MSG("\tOCSP Responder certificate parsing failed");
+    }
+
+    if (ret == 0 &&
+            OcspRespIdMatch(resp,
+                cert->subjectHash, cert->subjectKeyHash) == 0) {
+        WOLFSSL_MSG("\tInternal check doesn't match responder ID, ignoring\n");
+        ret = BAD_OCSP_RESPONDER;
+        goto err;
+    }
+
+#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
+    if (ret == 0 && !noVerify) {
+        ret = CheckOcspResponder(resp, cert, cm);
+        if (ret != 0) {
+            WOLFSSL_MSG("\tOCSP Responder certificate issuer check failed");
+            goto err;
+        }
+    }
+#endif /* WOLFSSL_NO_OCSP_ISSUER_CHECK */
+    if (ret == 0 && !noVerifySignature) {
+        ret = ConfirmSignature(
+            &cert->sigCtx,
+            resp->response, resp->responseSz,
+            cert->publicKey, cert->pubKeySize, cert->keyOID,
+            resp->sig, resp->sigSz, resp->sigOID, resp->sigParams,
+            resp->sigParamsSz, NULL);
+    }
+err:
+    FreeDecodedCert(cert);
+
+#ifdef WOLFSSL_SMALL_STACK
+    if (cert != NULL) {
+        XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+#endif
+
+    return ret;
+}
+
 static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
-            OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify)
+            OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify,
+            int noVerifySignature)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     int    length;
@@ -36614,8 +38336,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     #endif
     int    ret;
     int    sigLength;
-    const byte*   sigParams = NULL;
-    word32        sigParamsSz = 0;
+    int    sigValid = 0;
     WOLFSSL_ENTER("DecodeBasicOcspResponse");
     (void)heap;
 
@@ -36639,16 +38360,16 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     else if (resp->sigOID == CTC_RSASSAPSS) {
         word32 sz;
         int len;
-        const byte* params;
+        byte* params;
 
         sz = idx;
         params = source + idx;
         if (GetSequence(source, &idx, &len, size) < 0)
-            ret = ASN_PARSE_E;
+            return ASN_PARSE_E;
         if (ret == 0) {
             idx += len;
-            sigParams = params;
-            sigParamsSz = idx - sz;
+            resp->sigParams = params;
+            resp->sigParamsSz = idx - sz;
         }
     }
 #endif
@@ -36668,107 +38389,43 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
 #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
     if (idx < end_index)
     {
-        int cert_inited = 0;
-#ifdef WOLFSSL_SMALL_STACK
-        DecodedCert *cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
-                                                  DYNAMIC_TYPE_TMP_BUFFER);
-        if (cert == NULL)
-            return MEMORY_E;
-#else
-        DecodedCert cert[1];
-#endif
+        if (DecodeCerts(source, &idx, resp, size) < 0)
+            return ASN_PARSE_E;
 
-        do {
-            if (DecodeCerts(source, &idx, resp, size) < 0) {
-                ret = ASN_PARSE_E;
-                break;
-            }
-
-            InitDecodedCert(cert, resp->cert, resp->certSz, heap);
-            cert_inited = 1;
-
-            /* Don't verify if we don't have access to Cert Manager. */
-            ret = ParseCertRelative(cert, CERT_TYPE,
-                                    noVerify ? NO_VERIFY : VERIFY_OCSP_CERT,
-                                    cm, resp->pendingCAs);
-            if (ret < 0) {
-                WOLFSSL_MSG("\tOCSP Responder certificate parsing failed");
-                break;
-            }
-
-#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
-            if ((cert->extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) == 0) {
-                if (XMEMCMP(cert->subjectHash,
-                            resp->single->issuerHash, OCSP_DIGEST_SIZE) == 0) {
-                    WOLFSSL_MSG("\tOCSP Response signed by issuer");
-                }
-                else {
-                    WOLFSSL_MSG("\tOCSP Responder key usage check failed");
-    #ifdef OPENSSL_EXTRA
-                    resp->verifyError = OCSP_BAD_ISSUER;
-    #else
-                    ret = BAD_OCSP_RESPONDER;
-                    break;
-    #endif
-                }
-            }
-#endif
-
-            /* ConfirmSignature is blocking here */
-            ret = ConfirmSignature(
-                &cert->sigCtx,
-                resp->response, resp->responseSz,
-                cert->publicKey, cert->pubKeySize, cert->keyOID,
-                resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
-                NULL);
-
-            if (ret != 0) {
-                WOLFSSL_MSG("\tOCSP Confirm signature failed");
-                ret = ASN_OCSP_CONFIRM_E;
-                break;
-            }
-        } while(0);
-
-        if (cert_inited)
-            FreeDecodedCert(cert);
-#ifdef WOLFSSL_SMALL_STACK
-        XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-        if (ret != 0)
-            return ret;
+        ret = OcspCheckCert(resp, noVerify, noVerifySignature, cm, heap);
+        if (ret == 0) {
+            sigValid = 1;
+        }
+        else {
+            WOLFSSL_MSG("OCSP Internal cert can't verify the response\n");
+            /* try to verify the OCSP response with CA certs */
+            ret = 0;
+        }
     }
     else
 #endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */
-    {
+    if (!noVerifySignature && !sigValid) {
         Signer* ca;
-        int sigValid = -1;
+        SignatureCtx sigCtx;
+        ca = OcspFindSigner(resp, cm);
+        if (ca == NULL)
+            return ASN_NO_SIGNER_E;
 
-        #ifndef NO_SKID
-            ca = GetCA(cm, resp->single->issuerKeyHash);
-        #else
-            ca = GetCA(cm, resp->single->issuerHash);
-        #endif
-#if defined(HAVE_CERTIFICATE_STATUS_V2)
-        if (ca == NULL && resp->pendingCAs != NULL) {
-            ca = findSignerByName(resp->pendingCAs, resp->single->issuerHash);
-        }
+#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
+        if (OcspRespCheck(resp, ca) != 0)
+           return BAD_OCSP_RESPONDER;
 #endif
-        if (ca) {
-            SignatureCtx sigCtx;
-            InitSignatureCtx(&sigCtx, heap, INVALID_DEVID);
+        InitSignatureCtx(&sigCtx, heap, INVALID_DEVID);
 
-            /* ConfirmSignature is blocking here */
-            sigValid = ConfirmSignature(&sigCtx, resp->response,
-                resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
-                resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
-                NULL);
-        }
-        if (ca == NULL || sigValid != 0) {
+        /* ConfirmSignature is blocking here */
+        sigValid = ConfirmSignature(&sigCtx, resp->response,
+            resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
+            resp->sig, resp->sigSz, resp->sigOID, resp->sigParams,
+            resp->sigParamsSz, NULL);
+        if (sigValid != 0) {
             WOLFSSL_MSG("\tOCSP Confirm signature failed");
             return ASN_OCSP_CONFIRM_E;
         }
-
         (void)noVerify;
     }
 
@@ -36778,16 +38435,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     DECL_ASNGETDATA(dataASN, ocspBasicRespASN_Length);
     int ret = 0;
     word32 idx = *ioIndex;
-    const byte*   sigParams = NULL;
-    word32        sigParamsSz = 0;
-#ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
-    #ifdef WOLFSSL_SMALL_STACK
-        DecodedCert* cert = NULL;
-    #else
-        DecodedCert cert[1];
-    #endif
-    int certInit = 0;
-#endif
+    Signer* ca = NULL;
+    int sigValid = 0;
 
     WOLFSSL_ENTER("DecodeBasicOcspResponse");
     (void)heap;
@@ -36812,10 +38461,10 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     }
 #ifdef WC_RSA_PSS
     if (ret == 0 && (dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS].tag != 0)) {
-        sigParams = GetASNItem_Addr(
+        resp->sigParams = GetASNItem_Addr(
                 dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS],
                 source);
-        sigParamsSz =
+        resp->sigParamsSz =
                GetASNItem_Length(dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS],
                source);
     }
@@ -36826,6 +38475,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
         GetASN_GetRef(&dataASN[OCSPBASICRESPASN_IDX_SIGNATURE], &resp->sig,
                 &resp->sigSz);
     }
+    resp->certSz = 0;
 #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
     if ((ret == 0) &&
             (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL)) {
@@ -36833,106 +38483,52 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
         /* Store reference to certificate BER data. */
         GetASN_GetRef(&dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ], &resp->cert,
                 &resp->certSz);
-
-        /* Allocate a certificate object to decode cert into. */
-    #ifdef WOLFSSL_SMALL_STACK
-        cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap,
-                DYNAMIC_TYPE_TMP_BUFFER);
-        if (cert == NULL) {
-            ret = MEMORY_E;
-        }
     }
-    if ((ret == 0) &&
-            (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL)) {
-    #endif
-        /* Initialize the certificate object. */
-        InitDecodedCert(cert, resp->cert, resp->certSz, heap);
-        certInit = 1;
-        /* Parse the certificate and don't verify if we don't have access to
-         * Cert Manager. */
-        ret = ParseCertRelative(cert, CERT_TYPE, noVerify ? NO_VERIFY : VERIFY,
-                cm, resp->pendingCAs);
-        if (ret < 0) {
-            WOLFSSL_MSG("\tOCSP Responder certificate parsing failed");
+
+    if ((ret == 0) && resp->certSz > 0) {
+        ret = OcspCheckCert(resp, noVerify, noVerifySignature,
+                            (WOLFSSL_CERT_MANAGER*)cm, heap);
+        if (ret == 0) {
+            sigValid = 1;
         }
+        ret = 0; /* try to verify the OCSP response with CA certs */
+    }
+#endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */
+    /* try to verify using cm certs */
+    if (ret == 0 && !noVerifySignature && !sigValid)
+    {
+        ca = OcspFindSigner(resp, (WOLFSSL_CERT_MANAGER*)cm);
+        if (ca == NULL)
+            ret = ASN_NO_SIGNER_E;
     }
 #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
-    if ((ret == 0) &&
-            (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL) &&
-            !noVerify) {
-        ret = CheckOcspResponder(resp, cert, cm);
+    if (ret == 0 && !noVerifySignature && !sigValid) {
+        if (OcspRespCheck(resp, ca) != 0) {
+            ret = BAD_OCSP_RESPONDER;
+        }
     }
-#endif /* WOLFSSL_NO_OCSP_ISSUER_CHECK */
-    if ((ret == 0) &&
-            (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL)) {
+#endif
+    if (ret == 0 && !noVerifySignature && !sigValid) {
+        SignatureCtx sigCtx;
+        /* Initialize the signature context. */
+        InitSignatureCtx(&sigCtx, heap, INVALID_DEVID);
+
         /* TODO: ConfirmSignature is blocking here */
-        /* Check the signature of the response. */
-        ret = ConfirmSignature(&cert->sigCtx, resp->response, resp->responseSz,
-            cert->publicKey, cert->pubKeySize, cert->keyOID, resp->sig,
-            resp->sigSz, resp->sigOID, NULL, 0, NULL);
-        if (ret != 0) {
+        /* Check the signature of the response CA public key. */
+        sigValid = ConfirmSignature(&sigCtx, resp->response,
+            resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
+            resp->sig, resp->sigSz, resp->sigOID, resp->sigParams,
+            resp->sigParamsSz, NULL);
+        if (sigValid != 0) {
             WOLFSSL_MSG("\tOCSP Confirm signature failed");
             ret = ASN_OCSP_CONFIRM_E;
         }
     }
-    if ((ret == 0) &&
-            (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data == NULL))
-#else
-    if (ret == 0)
-#endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */
-    {
-        Signer* ca;
-        int sigValid = -1;
-
-        /* Response didn't have a certificate - lookup CA. */
-    #ifndef NO_SKID
-        ca = GetCA(cm, resp->single->issuerKeyHash);
-    #else
-        ca = GetCA(cm, resp->single->issuerHash);
-    #endif
-
-    #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
-        if (ca == NULL && resp->pendingCAs != NULL) {
-            ca = findSignerByName(resp->pendingCAs, resp->single->issuerHash);
-        }
-    #endif
-
-        if (ca) {
-            SignatureCtx sigCtx;
-
-            /* Initialize he signature context. */
-            InitSignatureCtx(&sigCtx, heap, INVALID_DEVID);
-
-            /* TODO: ConfirmSignature is blocking here */
-            /* Check the signature of the response CA public key. */
-            sigValid = ConfirmSignature(&sigCtx, resp->response,
-                resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
-                resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
-                NULL);
-        }
-        if ((ca == NULL) || (sigValid != 0)) {
-            /* Didn't find certificate or signature verificate failed. */
-            WOLFSSL_MSG("\tOCSP Confirm signature failed");
-            ret = ASN_OCSP_CONFIRM_E;
-        }
-    }
-
     if (ret == 0) {
         /* Update the position to after response data. */
         *ioIndex = idx;
     }
 
-#ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS
-    if (certInit) {
-        FreeDecodedCert(cert);
-    }
-    #ifdef WOLFSSL_SMALL_STACK
-    if (cert != NULL) {
-        /* Dispose of certificate object. */
-        XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    #endif
-#endif
     FREE_ASNGETDATA(dataASN, heap);
     return ret;
 #endif /* WOLFSSL_ASN_TEMPLATE */
@@ -36955,6 +38551,9 @@ void InitOcspResponse(OcspResponse* resp, OcspEntry* single, CertStatus* status,
     resp->maxIdx         = inSz;
     resp->heap           = heap;
     resp->pendingCAs     = NULL;
+    resp->sigParams      = NULL;
+    resp->sigParamsSz    = 0;
+    resp->responderIdType = OCSP_RESPONDER_ID_INVALID;
 }
 
 void FreeOcspResponse(OcspResponse* resp)
@@ -37008,7 +38607,8 @@ enum {
 #define ocspResponseASN_Length (sizeof(ocspResponseASN) / sizeof(ASNItem))
 #endif /* WOLFSSL_ASN_TEMPLATE */
 
-int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
+int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap,
+    int noVerifyCert, int noVerifySignature)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     int ret;
@@ -37077,7 +38677,8 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
         return ret;
     }
 
-    ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap, noVerify);
+    ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap,
+         noVerifyCert, noVerifySignature);
     if (ret < 0) {
         WOLFSSL_LEAVE("OcspResponseDecode", ret);
         return ret;
@@ -37117,7 +38718,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
             idx = 0;
             /* Decode BasicOCSPResponse. */
             ret = DecodeBasicOcspResponse(basic, &idx, resp, basicSz, cm, heap,
-                noVerify);
+                noVerifyCert, noVerifySignature);
         }
         /* Only support BasicOCSPResponse. */
         else {
@@ -38135,7 +39736,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
     {
 #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
         if (verify != NO_VERIFY &&
-                !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) {
+            !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) {
             WOLFSSL_MSG("CRL after date is no longer valid");
             WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
             return CRL_CERT_DATE_ERR;
@@ -38239,7 +39840,6 @@ static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl)
 }
 #endif
 
-
 #ifndef WOLFSSL_ASN_TEMPLATE
 static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
         word32* inOutIdx, word32 sz)
@@ -38431,7 +40031,34 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
                 }
             #endif
             }
-            /* TODO: Parse CRL Number extension */
+            else if (oid == CRL_NUMBER_OID) {
+            #ifdef WOLFSSL_SMALL_STACK
+                mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL,
+                        DYNAMIC_TYPE_BIGINT);
+                if (m == NULL) {
+                    ret = MEMORY_E;
+                }
+            #else
+                mp_int m[1];
+            #endif
+
+                if (ret == 0) {
+                    if (mp_init(m) != MP_OKAY) {
+                        ret = MP_INIT_E;
+                    }
+                }
+                if (ret == 0) {
+                    ret = GetInt(m, buf, &idx, maxIdx);
+                }
+                if (ret == 0) {
+                    dcrl->crlNumber = (int)m->dp[0];
+                }
+
+                mp_free(m);
+            #ifdef WOLFSSL_SMALL_STACK
+                XFREE(m, NULL, DYNAMIC_TYPE_BIGINT);
+            #endif
+            }
             /* TODO: check criticality */
             /* Move index on to next extension. */
             idx += (word32)length;
@@ -38531,10 +40158,8 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz,
     int          ret = 0;
     int          len;
     word32       idx = 0;
-#ifdef WC_RSA_PSS
     const byte* sigParams = NULL;
     int sigParamsSz = 0;
-#endif
 
     WOLFSSL_MSG("ParseCRL");
 
@@ -38699,7 +40324,7 @@ end:
             tbsParams =
                 GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS],
                     buff);
-            tbsParamsSz =
+            tbsParamsSz =(int)
                 GetASNItem_Length(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS],
                     buff);
         }
@@ -38707,7 +40332,7 @@ end:
             sigParams =
                 GetASNItem_Addr(dataASN[CRLASN_IDX_SIGALGO_PARAMS],
                     buff);
-            sigParamsSz =
+            sigParamsSz = (int)
                 GetASNItem_Length(dataASN[CRLASN_IDX_SIGALGO_PARAMS],
                     buff);
             dcrl->sigParamsIndex =
@@ -38734,7 +40359,7 @@ end:
             ret = ASN_PARSE_E;
         }
         else if ((tbsParamsSz > 0) &&
-                 (XMEMCMP(tbsParams, sigParams, tbsParamsSz) != 0)) {
+                 (XMEMCMP(tbsParams, sigParams, (word32)tbsParamsSz) != 0)) {
             WOLFSSL_MSG("CRL TBS and signature parameter mismatch");
             ret = ASN_PARSE_E;
         }
@@ -39216,8 +40841,8 @@ int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end)
 }
 
 /*****************************************************************************
-* wc_MIME_find_header_name - Searches through all given headers until a header with
-* a name matching the provided name is found.
+* wc_MIME_find_header_name - Searches through all given headers until a header
+* with a name matching the provided name is found.
 *
 * RETURNS:
 * returns a pointer to the found header, if no match was found, returns NULL.
@@ -39295,8 +40920,8 @@ char* wc_MIME_single_canonicalize(const char* line, word32* len)
 }
 
 /*****************************************************************************
-* wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting from
-* the provided header pointer.
+* wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting
+* from the provided header pointer.
 *
 * RETURNS:
 * returns zero on success, non-zero on error.
@@ -40151,6 +41776,1104 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
 }
 #endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */
 
+#if defined(WOLFSSL_ACERT) && defined(WOLFSSL_ASN_TEMPLATE)
+/* Initialize decoded attribute certificate object with buffer of DER encoding.
+ *
+ * @param [in, out] acert   Decoded attribute certificate object.
+ * @param [in]      source  Buffer containing DER encoded certificate.
+ * @param [in]      inSz    Size of DER data in buffer in bytes.
+ * @param [in]      heap    Dynamic memory hint.
+ */
+void InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz,
+                      void* heap)
+{
+    WOLFSSL_MSG("InitDecodedAcert");
+
+    if (acert == NULL) {
+        return;
+    }
+
+    XMEMSET(acert, 0, sizeof(DecodedAcert));
+    acert->heap = heap;
+    acert->source = source;  /* don't own */
+    acert->maxIdx = inSz;    /* can't go over this index */
+    acert->heap = heap;
+
+    InitSignatureCtx(&acert->sigCtx, heap, INVALID_DEVID);
+
+    return;
+}
+
+/* Free the decoded attribute cert object's dynamic data.
+ *
+ * @param [in, out] acert   Decoded attribute certificate object.
+ */
+void FreeDecodedAcert(DecodedAcert * acert)
+{
+    WOLFSSL_MSG("FreeDecodedAcert");
+
+    if (acert == NULL) {
+        return;
+    }
+
+    if (acert->holderIssuerName) {
+        FreeAltNames(acert->holderIssuerName, acert->heap);
+        acert->holderIssuerName = NULL;
+    }
+
+    if (acert->holderEntityName) {
+        FreeAltNames(acert->holderEntityName, acert->heap);
+        acert->holderEntityName = NULL;
+    }
+
+    if (acert->AttCertIssuerName) {
+        FreeAltNames(acert->AttCertIssuerName, acert->heap);
+        acert->AttCertIssuerName = NULL;
+    }
+
+    FreeSignatureCtx(&acert->sigCtx);
+
+    XMEMSET(acert, 0, sizeof(DecodedAcert));
+    return;
+}
+
+/* Decode an Attribute Cert GeneralName field.
+ *
+ * @param [in]      input     Buffer containing encoded OtherName.
+ * @param [in, out] inOutIdx  On in, the index of the start of the OtherName.
+ *                            On out, index after OtherName.
+ * @param [in]      len       Length of data in buffer.
+ * @param [in]      acert     Decoded attribute certificate object.
+ * @param [in, out] entries   Linked list of DNS name entries.
+ *
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx,
+                                  byte tag, int len, DecodedAcert* acert,
+                                  DNS_entry** entries)
+{
+    int    ret = 0;
+    word32 idx = *inOutIdx;
+
+    /* GeneralName choice: dnsName */
+    if (tag == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) {
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                          ASN_DNS_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+#ifndef IGNORE_NAME_CONSTRAINTS
+    /* GeneralName choice: directoryName */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) {
+        int    strLen = 0;
+        word32 idxDir = idx;
+
+        /* Expecting a SEQUENCE using up all data. */
+        if (GetASN_Sequence(input, &idxDir, &strLen, idx + (word32)len, 1) < 0)
+        {
+            WOLFSSL_MSG("\tfail: seq length");
+            return ASN_PARSE_E;
+        }
+
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idxDir), strLen,
+                          ASN_DIR_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    /* GeneralName choice: rfc822Name */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) {
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                ASN_RFC822_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    /* GeneralName choice: uniformResourceIdentifier */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) {
+        WOLFSSL_MSG("\tPutting URI into list but not using");
+
+    #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI)
+        /* Verify RFC 5280 Sec 4.2.1.6 rule:
+           "The name MUST NOT be a relative URI"
+           As per RFC 3986 Sec 4.3, an absolute URI is only required to contain
+           a scheme and hier-part.  So the only strict requirement is a ':'
+           being present after the scheme.  If a '/' is present as part of the
+           hier-part, it must come after the ':' (see RFC 3986 Sec 3). */
+        {
+            int i = 0;
+
+            /* skip past scheme (i.e http,ftp,...) finding first ':' char */
+            for (i = 0; i < len; i++) {
+                if (input[idx + (word32)i] == ':') {
+                    break;
+                }
+                if (input[idx + (word32)i] == '/') {
+                    i = len; /* error, found relative path since '/' was
+                              * encountered before ':'. Returning error
+                              * value in next if statement. */
+                }
+            }
+
+            /* test hier-part is empty */
+            if (i == 0 || i == len) {
+                WOLFSSL_MSG("\tEmpty or malformed URI");
+                WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E);
+                return ASN_ALT_NAME_E;
+            }
+
+            /* test if scheme is missing  */
+            if (input[idx + (word32)i] != ':') {
+                WOLFSSL_MSG("\tAlt Name must be absolute URI");
+                WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E);
+                return ASN_ALT_NAME_E;
+            }
+        }
+    #endif
+
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                          ASN_URI_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
+                                            defined(WOLFSSL_IP_ALT_NAME)
+    /* GeneralName choice: iPAddress */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                          ASN_IP_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    #endif /* WOLFSSL_QT || OPENSSL_ALL */
+
+    #ifdef OPENSSL_ALL
+    /* GeneralName choice: registeredID */
+    else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) {
+        ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len,
+                ASN_RID_TYPE, entries);
+        if (ret == 0) {
+            idx += (word32)len;
+        }
+    }
+    #endif
+#endif /* IGNORE_NAME_CONSTRAINTS */
+    /* GeneralName choice: dNSName, x400Address, ediPartyName */
+    else {
+        WOLFSSL_MSG("\tUnsupported name type, skipping");
+        idx += (word32)len;
+    }
+
+    if (ret == 0) {
+        /* Return index of next encoded byte. */
+        *inOutIdx = idx;
+    }
+    return ret;
+}
+
+/* Decode General Names from an ACERT input.
+ *
+ * @param [in]      input    Buffer holding encoded data.
+ * @param [in]      sz       Size of encoded data in bytes.
+ * @param [in]      tag      ASN.1 tag value expected in header.
+ * @param [in, out] acert    Decoded attribute certificate object.
+ * @param [in, out] entries  Linked list of DNS name entries.
+ *
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ */
+static int DecodeAcertGeneralNames(const byte* input, word32 sz,
+                                   byte tag, DecodedAcert* acert,
+                                   DNS_entry** entries)
+{
+    word32 idx = 0;
+    int    length = 0;
+    int    ret = 0;
+    word32 numNames = 0;
+
+    if (GetASNHeader(input, tag, &idx, &length, sz) <= 0) {
+        WOLFSSL_MSG("error: acert general names: bad header");
+        return ASN_PARSE_E;
+    }
+
+    if (length == 0) {
+        WOLFSSL_MSG("error: acert general names: zero length");
+        return ASN_PARSE_E;
+    }
+
+    if ((word32)length + idx != sz) {
+        #ifdef DEBUG_WOLFSSL
+        WOLFSSL_MSG_EX("error: acert general names: got %d, expected %d",
+                       (word32)length + idx, sz);
+        #endif
+        return ASN_PARSE_E;
+    }
+
+    while ((ret == 0) && (idx < sz)) {
+        ASNGetData dataASN[altNameASN_Length];
+
+        /* Not sure what a reasonable max would be for attribute certs,
+         * therefore observing WOLFSSL_MAX_ALT_NAMES limit. */
+        numNames++;
+        if (numNames > WOLFSSL_MAX_ALT_NAMES) {
+            #ifdef DEBUG_WOLFSSL
+            WOLFSSL_MSG_EX("error: acert general names: too many names, %d",
+                           numNames);
+            #endif
+            ret = ASN_ALT_NAME_E;
+            break;
+        }
+
+        /* Clear dynamic data items. */
+        XMEMSET(dataASN, 0, sizeof(dataASN));
+        /* Parse GeneralName with the choices supported. */
+        GetASN_Choice(&dataASN[ALTNAMEASN_IDX_GN], generalNameChoice);
+        /* Decode a GeneralName choice. */
+        ret = GetASN_Items(altNameASN, dataASN, altNameASN_Length, 0, input,
+                           &idx, sz);
+
+        if (ret != 0) {
+            break;
+        }
+
+        ret = DecodeAcertGeneralName(input, &idx,
+                                     dataASN[ALTNAMEASN_IDX_GN].tag,
+                                     (int)dataASN[ALTNAMEASN_IDX_GN].length,
+                                     acert, entries);
+    }
+
+    return ret;
+}
+
+/* Holder has three potential forms:
+ *   Holder ::= SEQUENCE {
+ *     baseCertificateID   [0] IssuerSerial OPTIONAL,
+ *         -- the issuer and serial number of
+ *         -- the holder's Public Key Certificate
+ *     entityName          [1] GeneralNames OPTIONAL,
+ *         -- the name of the claimant or role
+ *     objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
+ *         -- used to directly authenticate the holder,
+ *         -- for example, an executable
+ *   }
+ *
+ * where IssuerSerial is:
+ *   IssuerSerial  ::=  SEQUENCE {
+ *     issuer         GeneralNames,
+ *     serial         CertificateSerialNumber,
+ *     issuerUID      UniqueIdentifier OPTIONAL
+ *   }
+ *
+ * Note:
+ *   - Holder Option 2 objectDigestInfo is not mandatory
+ *     for the spec and is not implemented here yet.
+ *
+ *   - issuerUniqueID not supported yet.
+ * */
+static const ASNItem HolderASN[] =
+{
+                     /* Holder root sequence. */
+/* HOLDER_SEQ  */    { 0, ASN_SEQUENCE, 1, 1, 0 },
+                         /* Holder Option 0:*/
+                         /* baseCertificateID   [0] IssuerSerial OPTIONAL */
+/* ISSUERSERIAL_SEQ  */  { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 2 },
+                             /* issuer         GeneralNames, */
+/* GN_SEQ  */                { 2, ASN_SEQUENCE, 1, 0, 0 },
+                             /* serial     CertificateSerialNumber */
+/* SERIAL_INT  */            { 2, ASN_INTEGER, 0, 0, 0 },
+                         /* Holder Option 1: */
+                         /* entityName          [1] GeneralNames OPTIONAL */
+/* ENTITYNAME_SEQ  */  { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 1, 2 },
+};
+
+enum {
+    HOLDER_IDX_SEQ = 0,
+    HOLDER_IDX_ISSUERSERIAL_SEQ,
+    HOLDER_IDX_GN_SEQ,
+    HOLDER_IDX_SERIAL_INT,
+    HOLDER_IDX_GN_SEQ_OPT1
+};
+
+/* Number of items in ASN template for an X509 Acert. */
+#define HolderASN_Length (sizeof(HolderASN) / sizeof(ASNItem))
+
+/* Decode the Holder field of an x509 attribute certificate.
+ *
+ * @param [in]      input     Buffer containing encoded Holder field.
+ * @param [in]      len       Length of Holder field.
+ * @param [in, out] acert     Decoded attribute certificate object.
+ *
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * */
+static int DecodeHolder(const byte* input, word32 len, DecodedAcert* acert)
+{
+    DECL_ASNGETDATA(dataASN, HolderASN_Length);
+    int    ret = 0;
+    word32 idx = 0;
+    word32 holderSerialSz = 0;
+
+    if (input == NULL || len <= 0 || acert == NULL) {
+        return BUFFER_E;
+    }
+
+    #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+    printf("debug: decode holder: holder len: %d\n", len);
+    #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
+
+    CALLOC_ASNGETDATA(dataASN, HolderASN_Length, ret, acert->heap);
+
+    if (ret != 0) {
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        return MEMORY_E;
+    }
+
+    holderSerialSz = EXTERNAL_SERIAL_SIZE;
+
+    GetASN_Buffer(&dataASN[HOLDER_IDX_SERIAL_INT], acert->holderSerial,
+                  &holderSerialSz);
+
+    ret = GetASN_Items(HolderASN, dataASN, HolderASN_Length, 0, input,
+                       &idx, len);
+
+    if (ret != 0) {
+        WOLFSSL_MSG("error: Holder: GetASN_Items failed");
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        return ret;
+    }
+
+    if (dataASN[HOLDER_IDX_SERIAL_INT].tag != 0) {
+        acert->holderSerialSz = (int)holderSerialSz;
+    }
+    else {
+        acert->holderSerialSz = 0;
+    }
+
+    {
+        /* Now parse the GeneralNames field.
+         * Use the HOLDER_IDX_GN_SEQ offset for input. */
+        const byte * gn_input = NULL;
+        word32       gn_len = 0;
+        byte         tag = 0x00;
+
+        /* Determine which tag was seen. */
+        if (dataASN[HOLDER_IDX_GN_SEQ].tag != 0) {
+            gn_input = input + dataASN[HOLDER_IDX_GN_SEQ].offset;
+            gn_len = dataASN[HOLDER_IDX_GN_SEQ].length;
+            tag = dataASN[HOLDER_IDX_GN_SEQ].tag;
+
+            if (gn_len >= ASN_LONG_LENGTH) {
+                gn_len += 3;
+            }
+            else {
+                gn_len += 2;
+            }
+
+            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+            printf("debug: decode holder: holder index: %d\n",
+                   HOLDER_IDX_GN_SEQ);
+            #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
+
+            ret = DecodeAcertGeneralNames(gn_input, gn_len, tag, acert,
+                                          &acert->holderIssuerName);
+        }
+
+        if (dataASN[HOLDER_IDX_GN_SEQ_OPT1].tag != 0) {
+            gn_input = input + dataASN[HOLDER_IDX_GN_SEQ_OPT1].offset;
+            gn_len = dataASN[HOLDER_IDX_GN_SEQ_OPT1].length;
+            tag = dataASN[HOLDER_IDX_GN_SEQ_OPT1].tag;
+
+            if (gn_len >= ASN_LONG_LENGTH) {
+                gn_len += 3;
+            }
+            else {
+                gn_len += 2;
+            }
+
+            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+            printf("debug: decode holder: holder index: %d\n",
+                   HOLDER_IDX_GN_SEQ_OPT1);
+            #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
+
+            ret = DecodeAcertGeneralNames(gn_input, gn_len, tag, acert,
+                                          &acert->holderEntityName);
+        }
+
+        if (ret != 0) {
+            WOLFSSL_MSG("error: Holder: DecodeAcertGeneralNames failed");
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            return ret;
+        }
+    }
+
+    FREE_ASNGETDATA(dataASN, acert->heap);
+    return 0;
+}
+
+/* Note on AttCertIssuer field. ACERTs are supposed to follow
+ * v2form, but some (acert_bc1.pem) follow v1form. Because
+ * of the limited set of example ACERTs, the v1form will be
+ * tolerated for now but the field will not be parsed.
+ *
+ * More info from RFC below:
+ *
+ * From RFC 5755.
+ * 4.2.3.  Issuer
+ *
+ * ACs conforming to this profile MUST use the v2Form choice, which MUST
+ * contain one and only one GeneralName in the issuerName, which MUST
+ * contain a non-empty distinguished name in the directoryName field.
+ * This means that all AC issuers MUST have non-empty distinguished
+ * names.  ACs conforming to this profile MUST omit the
+ * baseCertificateID and objectDigestInfo fields.
+ *
+ * 4.1.  X.509 Attribute Certificate Definition
+ *
+ * AttCertIssuer ::= CHOICE {
+ *   v1Form      GeneralNames,  -- MUST NOT be used in this
+ *                              -- profile
+ *   v2Form  [0] V2Form         -- v2 only
+ * }
+ *
+ * V2Form ::= SEQUENCE {
+ *   issuerName             GeneralNames  OPTIONAL,
+ *   baseCertificateID  [0] IssuerSerial  OPTIONAL,
+ *   objectDigestInfo   [1] ObjectDigestInfo  OPTIONAL
+ *          -- issuerName MUST be present in this profile
+ *          -- baseCertificateID and objectDigestInfo MUST
+ *          -- NOT be present in this profile
+ * }
+ * */
+static const ASNItem AttCertIssuerASN[] =
+{
+                           /* V2Form ::= SEQUENCE { */
+/* AttCertIssuer_GN_SEQ */ { 0, ASN_SEQUENCE, 1, 0, 0 },
+};
+
+enum {
+    ATTCERTISSUER_IDX_GN_SEQ
+};
+
+/* Number of items in ASN template for an X509 Acert. */
+#define AttCertIssuerASN_Length (sizeof(AttCertIssuerASN) / sizeof(ASNItem))
+
+/* Decode the AttCertIssuer Field of an x509 attribute certificate.
+ *
+ * @param [in]      input     Buffer containing encoded AttCertIssuer field.
+ * @param [in]      len       Length of Holder field.
+ * @param [in,out]  acert     Decoded attribute certificate object.
+ *
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
+ * @return  MEMORY_E when dynamic memory allocation fails.
+ * */
+static int DecodeAttCertIssuer(const byte* input, word32 len,
+                               DecodedAcert* cert)
+{
+    DECL_ASNGETDATA(dataASN, AttCertIssuerASN_Length);
+    int          ret = 0;
+    word32       idx = 0;
+    const byte * gn_input = NULL;
+    word32       gn_len = 0;
+    byte         tag = 0x00;
+
+    if (input == NULL || len <= 0 || cert == NULL) {
+        return BUFFER_E;
+    }
+
+    CALLOC_ASNGETDATA(dataASN, AttCertIssuerASN_Length, ret, cert->heap);
+
+    if (ret != 0) {
+        return MEMORY_E;
+    }
+
+    ret = GetASN_Items(AttCertIssuerASN, dataASN, AttCertIssuerASN_Length,
+                       0, input, &idx, len);
+
+    if (ret != 0) {
+        FREE_ASNGETDATA(dataASN, cert->heap);
+        WOLFSSL_MSG("error: AttCertIssuer: GetASN_Items failed");
+        return ret;
+    }
+
+    /* Now parse the GeneralNames field.
+     * Use the HOLDER_IDX_GN_SEQ offset for input. */
+    gn_input = input + dataASN[ATTCERTISSUER_IDX_GN_SEQ].offset;
+    gn_len = dataASN[ATTCERTISSUER_IDX_GN_SEQ].length;
+    tag = dataASN[ATTCERTISSUER_IDX_GN_SEQ].tag;
+
+    if (gn_len >= ASN_LONG_LENGTH) {
+        gn_len += 3;
+    }
+    else {
+        gn_len += 2;
+    }
+
+    ret = DecodeAcertGeneralNames(gn_input, gn_len, tag, cert,
+                                  &cert->AttCertIssuerName);
+
+    if (ret != 0) {
+        FREE_ASNGETDATA(dataASN, cert->heap);
+        WOLFSSL_MSG("error: AttCertIssuer: DecodeAcertGeneralNames failed");
+        return ret;
+    }
+
+    FREE_ASNGETDATA(dataASN, cert->heap);
+    return 0;
+}
+
+
+/* ASN template for an X509 Attribute Certificate,
+ * from RFC 5755
+ */
+static const ASNItem AcertASN[] =
+{
+                          /* AttributeCertificate ::= SEQUENCE */
+/* SEQ                */  { 0, ASN_SEQUENCE, 1, 1, 0 },
+                              /* AttributeCertificateInfo ::= SEQUENCE  */
+/* ACINFO_SEQ         */      { 1, ASN_SEQUENCE, 1, 1, 0 },
+                                  /* AttCertVersion ::= INTEGER { v2(1) } */
+/* ACINFO_VER_INT     */          { 2, ASN_INTEGER, 0, 0, 0 },
+                                  /* holder   Holder */
+/* ACINFO_HOLDER_SEQ  */          { 2, ASN_SEQUENCE, 1, 0, 0 },
+                                  /* issuer   AttCertIssuer */
+                                  /* v2Form   [0] V2Form  */
+/* ACINFO_ISSUER_V2FORM */        { 2, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 2 },
+                                  /* v1Form   GeneralNames */
+/* ACINFO_ISSUER_V1FORM  */       { 2, ASN_SEQUENCE, 1, 0, 2 },
+                                  /* signature    AlgorithmIdentifier */
+                                  /* AlgorithmIdentifier ::= SEQUENCE */
+/* ACINFO_ALGOID_SEQ */           { 2, ASN_SEQUENCE, 1, 1, 0 },
+                                      /* Algorithm    OBJECT IDENTIFIER */
+/* ACINFO_ALGOID_OID */               { 3, ASN_OBJECT_ID, 0, 0, 0 },
+                                      /* parameters */
+/* ACINFO_ALGOID_PARAMS_NULL */       { 3, ASN_TAG_NULL, 0, 0, 2 },
+#ifdef WC_RSA_PSS
+/* ACINFO_ALGOID_PARAMS */            { 3, ASN_SEQUENCE, 1, 0, 2 },
+#endif
+                                  /* CertificateSerialNumber ::= INTEGER */
+/* ACINFO_SERIAL        */        { 2, ASN_INTEGER, 0, 0, 0 },
+                                  /* Validity ::= SEQUENCE */
+/* ACINFO_VALIDITY_SEQ      */    { 2, ASN_SEQUENCE, 1, 1, 0 },
+                                      /* notBeforeTime  GeneralizedTime,  */
+/* ACINFO_VALIDITY_NOTB_GT  */        { 3, ASN_GENERALIZED_TIME, 0, 0, 2 },
+                                      /* notAfterTime   GeneralizedTime */
+/* ACINFO_VALIDITY_NOTA_GT  */        { 3, ASN_GENERALIZED_TIME, 0, 0, 3 },
+                                  /* attributes        SEQUENCE OF Attribute */
+/* ACINFO_ATTRIBUTES_SEQ    */    { 2, ASN_SEQUENCE, 1, 0, 0 },
+                                  /* issuerUniqueID    OPTIONAL, */
+/* ACINFO_UNIQUE_ID         */    { 2, ASN_CONTEXT_SPECIFIC | 1, 0, 0, 1 },
+                                  /* extensions        OPTIONAL */
+/* ACINFO_EXT               */    { 2, ASN_CONTEXT_SPECIFIC | 2, 1, 1, 1 },
+/* ACINFO_EXT_SEQ           */    { 2, ASN_SEQUENCE, 1, 0, 1 },
+                              /* signature    AlgorithmIdentifier */
+                              /* AlgorithmIdentifier ::= SEQUENCE */
+/* SIGALGO_SEQ         */     { 1, ASN_SEQUENCE, 1, 1, 0 },
+                                  /* Algorithm    OBJECT IDENTIFIER */
+/* SIGALGO_OID         */         { 2, ASN_OBJECT_ID, 0, 0, 0 },
+                                  /* parameters */
+/* SIGALGO_PARAMS_NULL */         { 2, ASN_TAG_NULL, 0, 0, 2 },
+#ifdef WC_RSA_PSS
+/* SIGALGO_PARAMS      */         { 2, ASN_SEQUENCE, 1, 0, 2 },
+#endif
+                              /* signature    BIT STRING */
+/* SIGNATURE           */     { 1, ASN_BIT_STRING, 0, 0, 0 },
+};
+
+enum {
+    ACERT_IDX_SEQ = 0,
+    ACERT_IDX_ACINFO_SEQ,
+    ACERT_IDX_ACINFO_VER_INT,
+    /* ACINFO holder and issuer */
+    ACERT_IDX_ACINFO_HOLDER_SEQ,
+    /* The issuer should be in V2 form, but tolerate V1 for now. */
+    ACERT_IDX_ACINFO_ISSUER_V2,
+    ACERT_IDX_ACINFO_ISSUER_V1,
+    /* ACINFO sig alg*/
+    ACERT_IDX_ACINFO_ALGOID_SEQ,
+    ACERT_IDX_ACINFO_ALGOID_OID,
+    ACERT_IDX_ACINFO_ALGOID_PARAMS_NULL,
+#ifdef WC_RSA_PSS
+    /* Additional RSA-PSS params. */
+    ACERT_IDX_ACINFO_ALGOID_PARAMS,
+#endif
+    /* serial number */
+    ACERT_IDX_ACINFO_SERIAL,
+    /* validity time */
+    ACERT_IDX_ACINFO_VALIDITY_SEQ,
+    ACERT_IDX_ACINFO_VALIDITY_NOTB_GT,
+    ACERT_IDX_ACINFO_VALIDITY_NOTA_GT,
+    /* attributes */
+    ACERT_IDX_ACINFO_ATTRIBUTES_SEQ,
+    /* unique identifier */
+    ACERT_IDX_ACINFO_UNIQUE_ID,
+    /* extensions */
+    ACERT_ACINFO_EXT,
+    ACERT_ACINFO_EXT_SEQ,
+    /* sig alg */
+    ACERT_IDX_SIGALGO_SEQ,
+    ACERT_IDX_SIGALGO_OID,
+    ACERT_IDX_SIGALGO_PARAMS_NULL,
+#ifdef WC_RSA_PSS
+    /* Additional RSA-PSS params. */
+    ACERT_IDX_SIGALGO_PARAMS,
+#endif
+    /* signature */
+    ACERT_IDX_SIGNATURE,
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(ACERT_IDX)
+};
+
+/* Number of items in ASN template for an X509 Acert. */
+#define AcertASN_Length (sizeof(AcertASN) / sizeof(ASNItem))
+
+/* Initial implementation for parsing and verifying an
+ * X509 Attribute Certificate (RFC 5755).
+ *
+ * At present these fields are NOT parsed:
+ *   - issuerUniqueID
+ *   - extensions
+ *   - attributes
+ *
+ * @param [in, out] acert   Decoded attribute certificate object.
+ * @param [in]      verify  Whether to verify dates.
+ * @return  0 on success.
+ * @return  negative error code on error/fail.
+ * */
+int ParseX509Acert(DecodedAcert* acert, int verify)
+{
+    DECL_ASNGETDATA(dataASN, AcertASN_Length);
+    int    ret = 0;
+    word32 idx = 0;
+    int    badDate = 0;
+    byte   version = 0;
+    word32 serialSz = EXTERNAL_SERIAL_SIZE;
+
+    WOLFSSL_MSG("ParseX509Acert");
+
+    if (acert == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    CALLOC_ASNGETDATA(dataASN, AcertASN_Length, ret, acert->heap);
+
+    if (ret != 0) {
+        return MEMORY_E;
+    }
+
+    /* Get the version and put the serial number into the buffer. */
+    GetASN_Int8Bit(&dataASN[ACERT_IDX_ACINFO_VER_INT], &version);
+
+    GetASN_Buffer(&dataASN[ACERT_IDX_ACINFO_SERIAL], acert->serial,
+                  &serialSz);
+
+    /* Check OID types for signature algorithm. */
+    GetASN_OID(&dataASN[ACERT_IDX_ACINFO_ALGOID_OID], oidSigType);
+    GetASN_OID(&dataASN[ACERT_IDX_SIGALGO_OID], oidSigType);
+
+    /* Parse the X509 certificate. */
+    ret = GetASN_Items(AcertASN, dataASN, AcertASN_Length, 1,
+                       acert->source, &acert->srcIdx, acert->maxIdx);
+
+    if (ret != 0) {
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        return ret;
+    }
+
+    /* Check version is valid/supported - can't be negative. */
+    if (version > MAX_X509_VERSION) {
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        WOLFSSL_MSG("Unexpected attribute certificate version");
+        WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+        return ASN_PARSE_E;
+    }
+
+    acert->version = version;
+    acert->serialSz = (int)serialSz;
+
+    acert->signatureOID = dataASN[ACERT_IDX_ACINFO_ALGOID_OID].data.oid.sum;
+    acert->certBegin = dataASN[ACERT_IDX_ACINFO_SEQ].offset;
+
+    /* check BEFORE date. */
+    idx = ACERT_IDX_ACINFO_VALIDITY_NOTB_GT;
+    if (CheckDate(&dataASN[idx], BEFORE) < 0) {
+        if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) {
+            badDate = ASN_BEFORE_DATE_E;
+        }
+    }
+
+    /* Store reference to BEFORE date. */
+    acert->beforeDate = GetASNItem_Addr(dataASN[idx], acert->source);
+    acert->beforeDateLen = (int)GetASNItem_Length(dataASN[idx], acert->source);
+
+    /* check AFTER date. */
+    idx = ACERT_IDX_ACINFO_VALIDITY_NOTA_GT;
+    if (CheckDate(&dataASN[idx], AFTER) < 0) {
+        if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) {
+            badDate = ASN_BEFORE_DATE_E;
+        }
+    }
+
+    /* Store reference to AFTER date. */
+    acert->afterDate = GetASNItem_Addr(dataASN[idx], acert->source);
+    acert->afterDateLen = (int)GetASNItem_Length(dataASN[idx], acert->source);
+
+    /* Store the signature information. */
+    acert->sigIndex = dataASN[ACERT_IDX_SIGALGO_SEQ].offset;
+    GetASN_GetConstRef(&dataASN[ACERT_IDX_SIGNATURE],
+                       &acert->signature, &acert->sigLength);
+
+    /* Make sure 'signature' and 'signatureAlgorithm' are the same. */
+    if (dataASN[ACERT_IDX_SIGALGO_OID].data.oid.sum != acert->signatureOID) {
+        FREE_ASNGETDATA(dataASN, acert->heap);
+        WOLFSSL_ERROR_VERBOSE(ASN_SIG_OID_E);
+        return ASN_SIG_OID_E;
+    }
+
+    /* Parameters not allowed after ECDSA or EdDSA algorithm OID. */
+    if (IsSigAlgoECC(acert->signatureOID)) {
+        if ((dataASN[ACERT_IDX_SIGALGO_PARAMS_NULL].tag != 0)
+    #ifdef WC_RSA_PSS
+            || (dataASN[ACERT_IDX_SIGALGO_PARAMS].tag != 0)
+    #endif
+            ) {
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+            return ASN_PARSE_E;
+        }
+    }
+
+    #ifdef WC_RSA_PSS
+    /* Check parameters starting with a SEQUENCE. */
+    if (dataASN[ACERT_IDX_SIGALGO_PARAMS].tag != 0) {
+        word32       oid = dataASN[ACERT_IDX_SIGALGO_OID].data.oid.sum;
+        word32       sigAlgParamsSz = 0;
+        const byte * acParams = NULL;
+        word32       acParamsSz = 0;
+        const byte * sigAlgParams = NULL;
+
+        /* Parameters only with RSA PSS. */
+        if (oid != CTC_RSASSAPSS) {
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+            return ASN_PARSE_E;
+        }
+
+        /* Check RSA PSS parameters are the same. */
+        acParams = GetASNItem_Addr(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS],
+                                   acert->source);
+        acParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS],
+                                       acert->source);
+        sigAlgParams = GetASNItem_Addr(dataASN[ACERT_IDX_SIGALGO_PARAMS],
+                                       acert->source);
+        sigAlgParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_SIGALGO_PARAMS],
+                                           acert->source);
+
+        if ((acParamsSz != sigAlgParamsSz) ||
+            (XMEMCMP(acParams, sigAlgParams, acParamsSz) != 0)) {
+
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
+            return ASN_PARSE_E;
+        }
+
+        /* Store RSA PSS parameters for use in signature verification. */
+        acert->sigParamsIndex = dataASN[ACERT_IDX_SIGALGO_PARAMS].offset;
+        acert->sigParamsLength = sigAlgParamsSz;
+    }
+    #endif
+
+    /* Store the raw Attributes field. */
+    GetASN_GetConstRef(&dataASN[ACERT_IDX_ACINFO_ATTRIBUTES_SEQ],
+                       &acert->rawAttr, &acert->rawAttrLen);
+
+    {
+        /* Now parse the Holder and AttCertIssuer fields.
+         * Use the ACINFO holder and issuer sequence offset for input. */
+        const byte * holder_input = NULL;
+        word32       holder_len = 0;
+        const byte * issuer_input = NULL;
+        word32       issuer_len = 0;
+        word32       i_holder = ACERT_IDX_ACINFO_HOLDER_SEQ;
+        word32       i_issuer = 0;
+
+        /* Determine which issuer tag was seen. We need this to determine
+         * the holder_input. */
+        i_issuer = (dataASN[ACERT_IDX_ACINFO_ISSUER_V2].tag != 0) ?
+                    ACERT_IDX_ACINFO_ISSUER_V2 : ACERT_IDX_ACINFO_ISSUER_V1;
+
+        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+        printf("debug: parse acert: issuer index: %d\n", i_issuer);
+        printf("debug: parse acert: issuer seq offset: %d\n",
+               dataASN[i_issuer].offset);
+        #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
+
+        holder_input = acert->source + dataASN[i_holder].offset;
+        holder_len = dataASN[i_issuer].offset - dataASN[i_holder].offset;
+
+        ret = DecodeHolder(holder_input, holder_len, acert);
+
+        if (ret != 0) {
+            FREE_ASNGETDATA(dataASN, acert->heap);
+            return ret;
+        }
+
+        GetASN_GetConstRef(&dataASN[i_issuer], &issuer_input, &issuer_len);
+
+        if (i_issuer == ACERT_IDX_ACINFO_ISSUER_V2 && issuer_len > 0) {
+            /* Try to decode the AttCertIssuer as well. */
+            ret = DecodeAttCertIssuer(issuer_input, issuer_len, acert);
+
+            if (ret != 0) {
+                FREE_ASNGETDATA(dataASN, acert->heap);
+                return ret;
+            }
+        }
+        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+        else {
+            printf("debug: parse acert: unsupported issuer format: %d, %d\n",
+                   i_issuer, issuer_len);
+        }
+        #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
+    }
+
+    if (badDate) {
+        if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) {
+            ret = badDate;
+        }
+    }
+
+    FREE_ASNGETDATA(dataASN, acert->heap);
+    return ret;
+}
+
+/* Given the parsed attribute cert info, verify the signature.
+ * The sigCtx is alloced and freed here.
+ *
+ * @param [in]      acinfo        the parsed acinfo sequence
+ * @param [in]      acinfoSz      the parsed acinfo sequence length
+ * @param [in]      pubKey        public key
+ * @param [in]      pubKeySz      public key length
+ * @param [in]      pubKeyOID     public key oid
+ * @param [in]      sig           the parsed signature
+ * @param [in]      sigSz         the parsed signature length
+ * @param [in]      sigOID        the parsed signature OID
+ * @param [in]      sigParams     the parsed signature RSA-PSS params
+ * @param [in]      sigParamsSz   the parsed signature RSA-PSS params length
+ * @param [in]      heap          heap hint
+ *
+ * @return  0   on verify success
+ * @return  < 0 on error
+ * */
+static int acert_sig_verify(const byte * acinfo, word32 acinfoSz,
+                            const byte * pubKey, word32 pubKeySz,
+                            int pubKeyOID, const byte * sig, word32 sigSz,
+                            word32 sigOID, const byte * sigParams,
+                            word32 sigParamsSz, void * heap)
+{
+#ifndef WOLFSSL_SMALL_STACK
+    SignatureCtx   sigCtx[1];
+#else
+    SignatureCtx * sigCtx = NULL;
+#endif
+    int            ret = 0;
+
+    #ifdef WOLFSSL_SMALL_STACK
+    sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap,
+                                    DYNAMIC_TYPE_SIGNATURE);
+    if (sigCtx == NULL) {
+        WOLFSSL_MSG("error: VerifyX509Acert: malloc sigCtx failed");
+        return MEMORY_E;
+    }
+    #endif
+
+    InitSignatureCtx(sigCtx, heap, INVALID_DEVID);
+
+    /* Check x509 acert signature. */
+    ret = ConfirmSignature(sigCtx, acinfo, acinfoSz, pubKey, pubKeySz,
+                           (word32)pubKeyOID, sig, sigSz, sigOID,
+                           sigParams, sigParamsSz, NULL);
+
+    if (ret == WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E)) {
+        WOLFSSL_MSG("info: VerifyX509Acert: confirm signature failed");
+    }
+
+    FreeSignatureCtx(sigCtx);
+    #ifdef WOLFSSL_SMALL_STACK
+    XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
+    sigCtx = NULL;
+    #endif
+
+    return ret;
+}
+
+/* Verify the X509 ACERT signature, using the given pubkey.
+ *
+ * @param [in]      der         input acert in der format
+ * @param [in]      derSz       acert length
+ * @param [in]      pubKey      public key
+ * @param [in]      pubKeySz    public key length
+ * @param [in]      pubKeyOID   public key oid
+ * @param [in]      heap        heap hint
+ *
+ * @return  0   on success
+ * @return  < 0 on error
+ * */
+int VerifyX509Acert(const byte* der, word32 derSz,
+                    const byte* pubKey, word32 pubKeySz, int pubKeyOID,
+                    void * heap)
+{
+    DECL_ASNGETDATA(dataASN, AcertASN_Length);
+    word32         idx = 0;
+    int            ret = 0;
+    const byte *   acinfo = NULL; /* The acinfo sequence. */
+    word32         acinfoSz = 0;  /* The acinfo sequence length. */
+#ifdef WC_RSA_PSS
+    const byte *   acParams = NULL;
+    word32         acParamsSz = 0;
+#endif
+    const byte *   sig = NULL;
+    word32         sigSz = 0;
+    word32         sigOID = 0;
+    const byte *   sigParams = NULL;
+    word32         sigParamsSz = 0;
+
+    WOLFSSL_MSG("VerifyX509Acert");
+
+    if (der == NULL || pubKey == NULL || derSz == 0 || pubKeySz == 0) {
+        WOLFSSL_MSG("error: VerifyX509Acert: bad args");
+        return BAD_FUNC_ARG;
+    }
+
+    CALLOC_ASNGETDATA(dataASN, AcertASN_Length, ret, heap);
+
+    if (ret != 0) {
+        WOLFSSL_MSG("error: VerifyX509Acert: calloc dataASN failed");
+        return MEMORY_E;
+    }
+
+    /* Check OID types for signature algorithm. */
+    GetASN_OID(&dataASN[ACERT_IDX_ACINFO_ALGOID_OID], oidSigType);
+    GetASN_OID(&dataASN[ACERT_IDX_SIGALGO_OID], oidSigType);
+
+    /* Parse the X509 certificate. */
+    ret = GetASN_Items(AcertASN, dataASN, AcertASN_Length, 1,
+                       der, &idx, derSz);
+
+    if (ret != 0) {
+        WOLFSSL_MSG("error: VerifyX509Acert: GetASN_Items failed");
+        FREE_ASNGETDATA(dataASN, heap);
+        return ret;
+    }
+
+    /* Check signature OIDs match. */
+    if (dataASN[ACERT_IDX_ACINFO_ALGOID_OID].data.oid.sum
+        != dataASN[ACERT_IDX_SIGALGO_OID].data.oid.sum) {
+        WOLFSSL_MSG("error: VerifyX509Acert: sig OID mismatch");
+        FREE_ASNGETDATA(dataASN, heap);
+        return ASN_SIG_OID_E;
+    }
+
+    /* Get the attribute certificate info. */
+    acinfo = GetASNItem_Addr(dataASN[ACERT_IDX_ACINFO_SEQ], der);
+    acinfoSz = GetASNItem_Length(dataASN[ACERT_IDX_ACINFO_SEQ], der);
+
+    if (acinfo == NULL || acinfoSz == 0) {
+        WOLFSSL_MSG("error: VerifyX509Acert: empty acinfo");
+        FREE_ASNGETDATA(dataASN, heap);
+        return ASN_PARSE_E;
+    }
+
+    /* Get acert signature and sig info. */
+    sigOID = dataASN[ACERT_IDX_ACINFO_ALGOID_OID].data.oid.sum;
+    #ifdef WC_RSA_PSS
+    if (dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS].tag != 0) {
+        acParams = GetASNItem_Addr(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS],
+                                  der);
+        acParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS],
+                                       der);
+    }
+    if (dataASN[ACERT_IDX_SIGALGO_PARAMS].tag != 0) {
+        sigParams = GetASNItem_Addr(dataASN[ACERT_IDX_SIGALGO_PARAMS], der);
+        sigParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_SIGALGO_PARAMS],
+                                        der);
+    }
+    #endif
+
+    GetASN_GetConstRef(&dataASN[ACERT_IDX_SIGNATURE], &sig, &sigSz);
+
+    #ifdef WC_RSA_PSS
+    if (acParamsSz != sigParamsSz) {
+        ret = ASN_PARSE_E;
+    }
+    else if ((acParamsSz > 0) && (sigOID != CTC_RSASSAPSS)) {
+        ret = ASN_PARSE_E;
+    }
+    else if ((acParamsSz > 0) &&
+             (XMEMCMP(acParams, sigParams, acParamsSz) != 0)) {
+        ret = ASN_PARSE_E;
+    }
+    #endif
+
+    if (ret == 0) {
+        /* Finally, do the verification. */
+        ret = acert_sig_verify(acinfo, acinfoSz,
+                               pubKey, pubKeySz, pubKeyOID,
+                               sig, sigSz, sigOID, sigParams, sigParamsSz,
+                               heap);
+    }
+
+    FREE_ASNGETDATA(dataASN, heap);
+    return ret;
+}
+
+/**
+ * Wrapper API to expose Acert ASN functions. See Acert ASN functions
+ * for comments.
+ * */
+void wc_InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz,
+                         void* heap)
+{
+    InitDecodedAcert(acert, source, inSz, heap);
+}
+
+void wc_FreeDecodedAcert(DecodedAcert * acert)
+{
+    FreeDecodedAcert(acert);
+}
+
+int wc_ParseX509Acert(DecodedAcert* acert, int verify)
+{
+    return ParseX509Acert(acert, verify);
+}
+
+int wc_VerifyX509Acert(const byte* acert, word32 acertSz,
+                       const byte* pubKey, word32 pubKeySz,
+                       int pubKeyOID, void * heap)
+{
+    return VerifyX509Acert(acert, acertSz, pubKey, pubKeySz,
+                           pubKeyOID, heap);
+}
+
+#endif /* WOLFSSL_ACERT && WOLFSSL_ASN_TEMPLATE */
 
 #ifdef WOLFSSL_SEP
 
diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c
index bce74b305..c1f3e7a80 100644
--- a/wolfcrypt/src/blake2b.c
+++ b/wolfcrypt/src/blake2b.c
@@ -12,7 +12,7 @@
 */
 /* blake2b.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,20 +31,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_BLAKE2
 
 #include <wolfssl/wolfcrypt/blake2.h>
 #include <wolfssl/wolfcrypt/blake2-impl.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
 
 static const word64 blake2b_IV[8] =
 {
@@ -491,6 +483,16 @@ int wc_InitBlake2b_WithKey(Blake2b* b2b, word32 digestSz, const byte *key, word3
 /* Blake2b Update */
 int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz)
 {
+    if (b2b == NULL){
+        return BAD_FUNC_ARG;
+    }
+    if (data == NULL && sz != 0){
+        return BAD_FUNC_ARG;
+    }
+    if (sz == 0){
+        return 0;
+    }
+
     return blake2b_update(b2b->S, data, sz);
 }
 
@@ -498,7 +500,16 @@ int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz)
 /* Blake2b Final, if pass in zero size we use init digestSz */
 int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz)
 {
-    word32 sz = requestSz ? requestSz : b2b->digestSz;
+    word32 sz;
+
+    if (b2b == NULL){
+        return BAD_FUNC_ARG;
+    }
+    if (final == NULL){
+        return BAD_FUNC_ARG;
+    }
+
+    sz = requestSz ? requestSz : b2b->digestSz;
 
     return blake2b_final(b2b->S, final, (byte)sz);
 }
diff --git a/wolfcrypt/src/blake2s.c b/wolfcrypt/src/blake2s.c
index 7e36d6ee1..7f9d3ff65 100644
--- a/wolfcrypt/src/blake2s.c
+++ b/wolfcrypt/src/blake2s.c
@@ -12,7 +12,7 @@
 */
 /* blake2s.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,20 +31,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_BLAKE2S
 
 #include <wolfssl/wolfcrypt/blake2.h>
 #include <wolfssl/wolfcrypt/blake2-impl.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
 
 static const word32 blake2s_IV[8] =
 {
@@ -487,6 +479,16 @@ int wc_InitBlake2s_WithKey(Blake2s* b2s, word32 digestSz, const byte *key, word3
 /* Blake2s Update */
 int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz)
 {
+    if (b2s == NULL){
+        return BAD_FUNC_ARG;
+    }
+    if (data == NULL && sz != 0){
+        return BAD_FUNC_ARG;
+    }
+    if (sz == 0){
+        return 0;
+    }
+
     return blake2s_update(b2s->S, data, sz);
 }
 
@@ -494,7 +496,16 @@ int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz)
 /* Blake2s Final, if pass in zero size we use init digestSz */
 int wc_Blake2sFinal(Blake2s* b2s, byte* final, word32 requestSz)
 {
-    word32 sz = requestSz ? requestSz : b2s->digestSz;
+    word32 sz;
+
+    if (b2s == NULL){
+        return BAD_FUNC_ARG;
+    }
+    if (final == NULL){
+        return BAD_FUNC_ARG;
+    }
+
+    sz = requestSz ? requestSz : b2s->digestSz;
 
     return blake2s_final(b2s->S, final, (byte)sz);
 }
diff --git a/wolfcrypt/src/camellia.c b/wolfcrypt/src/camellia.c
index 3425177e5..c1ff47e39 100644
--- a/wolfcrypt/src/camellia.c
+++ b/wolfcrypt/src/camellia.c
@@ -27,7 +27,7 @@
 
 /* camellia.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -52,18 +52,11 @@
  *  http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_CAMELLIA
 
 #include <wolfssl/wolfcrypt/camellia.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -1466,7 +1459,7 @@ static void camellia_decrypt256(const u32 *subkey, u32 *io)
 
 static void Camellia_EncryptBlock(const word32 keyBitLength,
                            const unsigned char *plaintext,
-                           const KEY_TABLE_TYPE keyTable,
+                           const WC_CAMELLIA_KEY_TABLE_TYPE keyTable,
                            unsigned char *ciphertext)
 {
     u32 tmp[4];
@@ -1497,7 +1490,7 @@ static void Camellia_EncryptBlock(const word32 keyBitLength,
 
 static void Camellia_DecryptBlock(const word32 keyBitLength,
                            const unsigned char *ciphertext,
-                           const KEY_TABLE_TYPE keyTable,
+                           const WC_CAMELLIA_KEY_TABLE_TYPE keyTable,
                            unsigned char *plaintext)
 {
     u32 tmp[4];
@@ -1529,13 +1522,13 @@ static void Camellia_DecryptBlock(const word32 keyBitLength,
 
 /* wolfCrypt wrappers to the Camellia code */
 
-int wc_CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv)
+int wc_CamelliaSetKey(wc_Camellia* cam, const byte* key, word32 len, const byte* iv)
 {
     int ret = 0;
 
     if (cam == NULL) return BAD_FUNC_ARG;
 
-    XMEMSET(cam->key, 0, CAMELLIA_TABLE_BYTE_LEN);
+    XMEMSET(cam->key, 0, WC_CAMELLIA_TABLE_BYTE_LEN);
 
     switch (len) {
         case 16:
@@ -1560,21 +1553,21 @@ int wc_CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv
 }
 
 
-int wc_CamelliaSetIV(Camellia* cam, const byte* iv)
+int wc_CamelliaSetIV(wc_Camellia* cam, const byte* iv)
 {
     if (cam == NULL)
         return BAD_FUNC_ARG;
 
     if (iv)
-        XMEMCPY(cam->reg, iv, CAMELLIA_BLOCK_SIZE);
+        XMEMCPY(cam->reg, iv, WC_CAMELLIA_BLOCK_SIZE);
     else
-        XMEMSET(cam->reg,  0, CAMELLIA_BLOCK_SIZE);
+        XMEMSET(cam->reg,  0, WC_CAMELLIA_BLOCK_SIZE);
 
     return 0;
 }
 
 
-int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, const byte* in)
+int wc_CamelliaEncryptDirect(wc_Camellia* cam, byte* out, const byte* in)
 {
     if (cam == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
@@ -1585,7 +1578,7 @@ int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, const byte* in)
 }
 
 
-int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, const byte* in)
+int wc_CamelliaDecryptDirect(wc_Camellia* cam, byte* out, const byte* in)
 {
     if (cam == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
@@ -1596,44 +1589,44 @@ int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, const byte* in)
 }
 
 
-int wc_CamelliaCbcEncrypt(Camellia* cam, byte* out, const byte* in, word32 sz)
+int wc_CamelliaCbcEncrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz)
 {
     word32 blocks;
     if (cam == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
-    blocks = sz / CAMELLIA_BLOCK_SIZE;
+    blocks = sz / WC_CAMELLIA_BLOCK_SIZE;
 
     while (blocks--) {
-        xorbuf((byte*)cam->reg, in, CAMELLIA_BLOCK_SIZE);
+        xorbuf((byte*)cam->reg, in, WC_CAMELLIA_BLOCK_SIZE);
         Camellia_EncryptBlock(cam->keySz, (byte*)cam->reg,
                                                      cam->key, (byte*)cam->reg);
-        XMEMCPY(out, cam->reg, CAMELLIA_BLOCK_SIZE);
+        XMEMCPY(out, cam->reg, WC_CAMELLIA_BLOCK_SIZE);
 
-        out += CAMELLIA_BLOCK_SIZE;
-        in  += CAMELLIA_BLOCK_SIZE;
+        out += WC_CAMELLIA_BLOCK_SIZE;
+        in  += WC_CAMELLIA_BLOCK_SIZE;
     }
 
     return 0;
 }
 
 
-int wc_CamelliaCbcDecrypt(Camellia* cam, byte* out, const byte* in, word32 sz)
+int wc_CamelliaCbcDecrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz)
 {
     word32 blocks;
     if (cam == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
-    blocks = sz / CAMELLIA_BLOCK_SIZE;
+    blocks = sz / WC_CAMELLIA_BLOCK_SIZE;
 
     while (blocks--) {
-        XMEMCPY(cam->tmp, in, CAMELLIA_BLOCK_SIZE);
+        XMEMCPY(cam->tmp, in, WC_CAMELLIA_BLOCK_SIZE);
         Camellia_DecryptBlock(cam->keySz, (byte*)cam->tmp, cam->key, out);
-        xorbuf(out, (byte*)cam->reg, CAMELLIA_BLOCK_SIZE);
-        XMEMCPY(cam->reg, cam->tmp, CAMELLIA_BLOCK_SIZE);
+        xorbuf(out, (byte*)cam->reg, WC_CAMELLIA_BLOCK_SIZE);
+        XMEMCPY(cam->reg, cam->tmp, WC_CAMELLIA_BLOCK_SIZE);
 
-        out += CAMELLIA_BLOCK_SIZE;
-        in  += CAMELLIA_BLOCK_SIZE;
+        out += WC_CAMELLIA_BLOCK_SIZE;
+        in  += WC_CAMELLIA_BLOCK_SIZE;
     }
 
     return 0;
diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c
index b87418a72..1a1d676c0 100644
--- a/wolfcrypt/src/chacha.c
+++ b/wolfcrypt/src/chacha.c
@@ -1,6 +1,6 @@
 /* chacha.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,31 +29,56 @@ Public domain.
 
 */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
+#ifdef HAVE_CHACHA
+    #include <wolfssl/wolfcrypt/chacha.h>
 
-#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)
+    #ifdef NO_INLINE
+        #include <wolfssl/wolfcrypt/misc.h>
+    #else
+        #define WOLFSSL_MISC_INCLUDED
+        #include <wolfcrypt/src/misc.c>
+    #endif
+
+    #ifdef BIG_ENDIAN_ORDER
+        #define LITTLE32(x) ByteReverseWord32(x)
+    #else
+        #define LITTLE32(x) (x)
+    #endif
+
+    /* Number of rounds */
+    #define ROUNDS  20
+
+    #define U32C(v) (v##U)
+    #define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF))
+    #define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0])
+
+    #define ROTATE(v,c) rotlFixed(v, c)
+    #define XOR(v,w)    ((v) ^ (w))
+    #define PLUS(v,w)   (U32V((v) + (w)))
+    #define PLUSONE(v)  (PLUS((v),1))
+
+    #define QUARTERROUND(a,b,c,d) \
+        x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \
+        x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \
+        x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \
+        x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7);
+#endif /* HAVE_CHACHA */
+
+
+#if defined(WOLFSSL_ARMASM) && !defined(NO_CHACHA_ASM)
     /* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */
 
-#elif defined(WOLFSSL_RISCV_ASM)
-    /* implementation located in wolfcrypt/src/port/rsicv/riscv-64-chacha.c */
+#elif defined(WOLFSSL_RISCV_ASM) && !defined(NO_CHACHA_ASM)
+    /* implementation located in wolfcrypt/src/port/riscv/riscv-64-chacha.c */
 
 #else
+
+/* BEGIN ChaCha C implementation */
 #if defined(HAVE_CHACHA)
 
-#include <wolfssl/wolfcrypt/chacha.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
-#ifdef NO_INLINE
-    #include <wolfssl/wolfcrypt/misc.h>
-#else
-    #define WOLFSSL_MISC_INCLUDED
-    #include <wolfcrypt/src/misc.c>
-#endif
 
 #ifdef CHACHA_AEAD_TEST
     #include <stdio.h>
@@ -88,31 +113,6 @@ Public domain.
     static word32 cpuidFlags = 0;
 #endif
 
-#ifdef BIG_ENDIAN_ORDER
-    #define LITTLE32(x) ByteReverseWord32(x)
-#else
-    #define LITTLE32(x) (x)
-#endif
-
-/* Number of rounds */
-#define ROUNDS  20
-
-#define U32C(v) (v##U)
-#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF))
-#define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0])
-
-#define ROTATE(v,c) rotlFixed(v, c)
-#define XOR(v,w)    ((v) ^ (w))
-#define PLUS(v,w)   (U32V((v) + (w)))
-#define PLUSONE(v)  (PLUS((v),1))
-
-#define QUARTERROUND(a,b,c,d) \
-  x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \
-  x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \
-  x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \
-  x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7);
-
-
 /**
   * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
   * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
@@ -238,86 +238,6 @@ static WC_INLINE void wc_Chacha_wordtobyte(word32 x[CHACHA_CHUNK_WORDS],
 }
 #endif /* !USE_INTEL_CHACHA_SPEEDUP */
 
-
-#ifdef HAVE_XCHACHA
-
-/*
- * wc_HChacha_block - half a ChaCha block, for XChaCha
- *
- * see https://tools.ietf.org/html/draft-arciszewski-xchacha-03
- */
-static WC_INLINE void wc_HChacha_block(ChaCha* ctx, word32 stream[CHACHA_CHUNK_WORDS/2], word32 nrounds)
-{
-    word32 x[CHACHA_CHUNK_WORDS];
-    word32 i;
-
-    for (i = 0; i < CHACHA_CHUNK_WORDS; i++) {
-        x[i] = ctx->X[i];
-    }
-
-    for (i = nrounds; i > 0; i -= 2) {
-        QUARTERROUND(0, 4,  8, 12)
-        QUARTERROUND(1, 5,  9, 13)
-        QUARTERROUND(2, 6, 10, 14)
-        QUARTERROUND(3, 7, 11, 15)
-        QUARTERROUND(0, 5, 10, 15)
-        QUARTERROUND(1, 6, 11, 12)
-        QUARTERROUND(2, 7,  8, 13)
-        QUARTERROUND(3, 4,  9, 14)
-    }
-
-    for (i = 0; i < CHACHA_CHUNK_WORDS/4; ++i)
-        stream[i] = x[i];
-    for (i = CHACHA_CHUNK_WORDS/4; i < CHACHA_CHUNK_WORDS/2; ++i)
-        stream[i] = x[i + CHACHA_CHUNK_WORDS/2];
-}
-
-/* XChaCha -- https://tools.ietf.org/html/draft-arciszewski-xchacha-03 */
-int wc_XChacha_SetKey(ChaCha *ctx,
-                      const byte *key, word32 keySz,
-                      const byte *nonce, word32 nonceSz,
-                      word32 counter) {
-    word32 k[CHACHA_MAX_KEY_SZ];
-    byte iv[CHACHA_IV_BYTES];
-    int ret;
-
-    if (nonceSz != XCHACHA_NONCE_BYTES)
-        return BAD_FUNC_ARG;
-
-    if ((ret = wc_Chacha_SetKey(ctx, key, keySz)) < 0)
-        return ret;
-
-    /* form a first chacha IV from the first 16 bytes of the nonce.
-     * the first word is supplied in the "counter" arg, and
-     * the result is a full 128 bit nonceful IV for the one-time block
-     * crypto op that follows.
-     */
-    if ((ret = wc_Chacha_SetIV(ctx, nonce + 4, U8TO32_LITTLE(nonce))) < 0)
-        return ret;
-
-    wc_HChacha_block(ctx, k, 20); /* 20 rounds, but keeping half the output. */
-
-    /* the HChacha output is used as a 256 bit key for the main cipher. */
-    XMEMCPY(&ctx->X[4], k, 8 * sizeof(word32));
-
-    /* use 8 bytes from the end of the 24 byte nonce, padded up to 12 bytes,
-     * to form the IV for the main cipher.
-     */
-    XMEMSET(iv, 0, 4);
-    XMEMCPY(iv + 4, nonce + 16, 8);
-
-    if ((ret = wc_Chacha_SetIV(ctx, iv, counter)) < 0)
-        return ret;
-
-    ForceZero(k, sizeof k);
-    ForceZero(iv, sizeof iv);
-
-    return 0;
-}
-
-#endif /* HAVE_XCHACHA */
-
-
 #ifdef __cplusplus
     extern "C" {
 #endif
@@ -441,7 +361,13 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
 #endif
 }
 
-void wc_Chacha_purge_current_block(ChaCha* ctx) {
+#endif /* HAVE_CHACHA */
+#endif /* END ChaCha C implementation */
+
+#if defined(HAVE_CHACHA) && defined(HAVE_XCHACHA)
+
+void wc_Chacha_purge_current_block(ChaCha* ctx)
+{
     if (ctx->left > 0) {
         byte scratch[CHACHA_CHUNK_BYTES];
         XMEMSET(scratch, 0, sizeof(scratch));
@@ -449,6 +375,80 @@ void wc_Chacha_purge_current_block(ChaCha* ctx) {
     }
 }
 
-#endif /* HAVE_CHACHA */
+/*
+ * wc_HChacha_block - half a ChaCha block, for XChaCha
+ *
+ * see https://tools.ietf.org/html/draft-arciszewski-xchacha-03
+ */
+static WC_INLINE void wc_HChacha_block(ChaCha* ctx,
+    word32 stream[CHACHA_CHUNK_WORDS/2], word32 nrounds)
+{
+    word32 x[CHACHA_CHUNK_WORDS];
+    word32 i;
 
-#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */
+    for (i = 0; i < CHACHA_CHUNK_WORDS; i++) {
+        x[i] = ctx->X[i];
+    }
+
+    for (i = nrounds; i > 0; i -= 2) {
+        QUARTERROUND(0, 4,  8, 12)
+        QUARTERROUND(1, 5,  9, 13)
+        QUARTERROUND(2, 6, 10, 14)
+        QUARTERROUND(3, 7, 11, 15)
+        QUARTERROUND(0, 5, 10, 15)
+        QUARTERROUND(1, 6, 11, 12)
+        QUARTERROUND(2, 7,  8, 13)
+        QUARTERROUND(3, 4,  9, 14)
+    }
+
+    for (i = 0; i < CHACHA_CHUNK_WORDS/4; ++i)
+        stream[i] = x[i];
+    for (i = CHACHA_CHUNK_WORDS/4; i < CHACHA_CHUNK_WORDS/2; ++i)
+        stream[i] = x[i + CHACHA_CHUNK_WORDS/2];
+}
+
+/* XChaCha -- https://tools.ietf.org/html/draft-arciszewski-xchacha-03 */
+int wc_XChacha_SetKey(ChaCha *ctx,
+                      const byte *key, word32 keySz,
+                      const byte *nonce, word32 nonceSz,
+                      word32 counter)
+{
+    int ret;
+    word32 k[CHACHA_MAX_KEY_SZ];
+    byte   iv[CHACHA_IV_BYTES];
+
+    if (nonceSz != XCHACHA_NONCE_BYTES)
+        return BAD_FUNC_ARG;
+
+    if ((ret = wc_Chacha_SetKey(ctx, key, keySz)) < 0)
+        return ret;
+
+    /* form a first chacha IV from the first 16 bytes of the nonce.
+     * the first word is supplied in the "counter" arg, and
+     * the result is a full 128 bit nonceful IV for the one-time block
+     * crypto op that follows.
+     */
+    if ((ret = wc_Chacha_SetIV(ctx, nonce + 4, U8TO32_LITTLE(nonce))) < 0)
+        return ret;
+
+    wc_HChacha_block(ctx, k, 20); /* 20 rounds, but keeping half the output. */
+
+    /* the HChacha output is used as a 256 bit key for the main cipher. */
+    XMEMCPY(&ctx->X[4], k, 8 * sizeof(word32));
+
+    /* use 8 bytes from the end of the 24 byte nonce, padded up to 12 bytes,
+     * to form the IV for the main cipher.
+     */
+    XMEMSET(iv, 0, 4);
+    XMEMCPY(iv + 4, nonce + 16, 8);
+
+    if ((ret = wc_Chacha_SetIV(ctx, iv, counter)) < 0)
+        return ret;
+
+    ForceZero(k, sizeof k);
+    ForceZero(iv, sizeof iv);
+
+    return 0;
+}
+
+#endif /* HAVE_CHACHA && HAVE_XCHACHA */
diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c
index a29a18f25..09d522d01 100644
--- a/wolfcrypt/src/chacha20_poly1305.c
+++ b/wolfcrypt/src/chacha20_poly1305.c
@@ -1,6 +1,6 @@
 /* chacha.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,17 +27,11 @@ or Authenticated Encryption with Additional Data (AEAD) algorithm.
 
 */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
 
 #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 
 #ifdef NO_INLINE
 #include <wolfssl/wolfcrypt/misc.h>
diff --git a/wolfcrypt/src/chacha_asm.S b/wolfcrypt/src/chacha_asm.S
index 0ef097836..664033907 100644
--- a/wolfcrypt/src/chacha_asm.S
+++ b/wolfcrypt/src/chacha_asm.S
@@ -1,6 +1,6 @@
 /* chacha_asm.S */
 /*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,7 +42,9 @@
 #define HAVE_INTEL_AVX1
 #endif /* HAVE_INTEL_AVX1 */
 #ifndef NO_AVX2_SUPPORT
+#ifndef HAVE_INTEL_AVX2
 #define HAVE_INTEL_AVX2
+#endif /* HAVE_INTEL_AVX2 */
 #endif /* NO_AVX2_SUPPORT */
 
 #ifdef WOLFSSL_X86_64_BUILD
@@ -1033,7 +1035,6 @@ L_chacha20_avx1_partial_end64:
         subl	%r11d, %r8d
         movl	%r8d, 76(%rdi)
 L_chacha20_avx1_partial_done:
-        vzeroupper
         addq	$0x190, %rsp
         popq	%r15
         popq	%r14
diff --git a/wolfcrypt/src/chacha_asm.asm b/wolfcrypt/src/chacha_asm.asm
index 43b4ee16e..e9988945b 100644
--- a/wolfcrypt/src/chacha_asm.asm
+++ b/wolfcrypt/src/chacha_asm.asm
@@ -1,6 +1,6 @@
 ; /* chacha_asm.asm */
 ; /*
-; * Copyright (C) 2006-2024 wolfSSL Inc.
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
@@ -990,7 +990,6 @@ L_chacha20_avx1_partial_end64:
         sub	r10d, r13d
         mov	DWORD PTR [rcx+76], r10d
 L_chacha20_avx1_partial_done:
-        vzeroupper
         vmovdqu	xmm6, OWORD PTR [rsp+400]
         vmovdqu	xmm7, OWORD PTR [rsp+416]
         vmovdqu	xmm8, OWORD PTR [rsp+432]
diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c
index 8accb1a87..b83214cbb 100644
--- a/wolfcrypt/src/cmac.c
+++ b/wolfcrypt/src/cmac.c
@@ -1,6 +1,6 @@
 /* cmac.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
 #ifdef WOLFSSL_QNX_CAAM
 #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
 #endif
@@ -32,7 +28,7 @@
 #include <wolfssl/wolfcrypt/hash.h>
 #endif
 
-#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+#if defined(WOLFSSL_CMAC)
 
 #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
     /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
@@ -51,7 +47,6 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/aes.h>
 #include <wolfssl/wolfcrypt/cmac.h>
 
@@ -80,7 +75,7 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz)
 }
 #endif /* WOLFSSL_HASH_KEEP */
 
-
+#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
 /* Used by AES-SIV. See aes.c. */
 void ShiftAndXorRb(byte* out, byte* in)
 {
@@ -90,7 +85,7 @@ void ShiftAndXorRb(byte* out, byte* in)
 
     xorRb = (in[0] & 0x80) != 0;
 
-    for (i = 1, j = AES_BLOCK_SIZE - 1; i <= AES_BLOCK_SIZE; i++, j--) {
+    for (i = 1, j = WC_AES_BLOCK_SIZE - 1; i <= WC_AES_BLOCK_SIZE; i++, j--) {
         last = (in[j] & 0x80) ? 1 : 0;
         out[j] = (byte)((in[j] << 1) | mask);
         mask = last;
@@ -100,6 +95,7 @@ void ShiftAndXorRb(byte* out, byte* in)
         }
     }
 }
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
 
 /* returns 0 on success */
 int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
@@ -146,30 +142,40 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
         return BAD_FUNC_ARG;
     }
 
-    ret = wc_AesInit(&cmac->aes, heap, devId);
+    switch (type) {
+#if !defined (NO_AES) && defined(WOLFSSL_AES_DIRECT)
+    case WC_CMAC_AES:
+        cmac->type = WC_CMAC_AES;
+        ret = wc_AesInit(&cmac->aes, heap, devId);
 
-#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
-    cmac->useSWCrypt = useSW;
-    if (cmac->useSWCrypt == 1) {
-        cmac->aes.useSWCrypt = 1;
-    }
-#endif
-
-    if (ret == 0) {
-        ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION);
-    }
-
-    if (ret == 0) {
-        byte l[AES_BLOCK_SIZE];
-
-        XMEMSET(l, 0, AES_BLOCK_SIZE);
-        ret = wc_AesEncryptDirect(&cmac->aes, l, l);
-        if (ret == 0) {
-            ShiftAndXorRb(cmac->k1, l);
-            ShiftAndXorRb(cmac->k2, cmac->k1);
-            ForceZero(l, AES_BLOCK_SIZE);
+    #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT)
+        cmac->useSWCrypt = useSW;
+        if (cmac->useSWCrypt == 1) {
+            cmac->aes.useSWCrypt = 1;
         }
+    #endif
+
+        if (ret == 0) {
+            ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION);
+        }
+
+        if (ret == 0) {
+            byte l[WC_AES_BLOCK_SIZE];
+
+            XMEMSET(l, 0, WC_AES_BLOCK_SIZE);
+            ret = wc_AesEncryptDirect(&cmac->aes, l, l);
+            if (ret == 0) {
+                ShiftAndXorRb(cmac->k1, l);
+                ShiftAndXorRb(cmac->k2, cmac->k1);
+                ForceZero(l, WC_AES_BLOCK_SIZE);
+            }
+        }
+        break;
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
+    default:
+        return BAD_FUNC_ARG;
     }
+
     return ret;
 }
 
@@ -201,7 +207,7 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
     #endif
     {
         ret = wc_CryptoCb_Cmac(cmac, NULL, 0, in, inSz,
-                NULL, NULL, 0, NULL);
+            NULL, NULL, (int)cmac->type, NULL);
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
@@ -211,26 +217,35 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
     /* Clear CRYPTOCB_UNAVAILABLE return code */
     ret = 0;
 
-    while ((ret == 0) && (inSz != 0)) {
-        word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz);
-        XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add);
+    switch (cmac->type) {
+#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+    case WC_CMAC_AES:
+    {
+        while ((ret == 0) && (inSz != 0)) {
+            word32 add = min(inSz, WC_AES_BLOCK_SIZE - cmac->bufferSz);
+            XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add);
 
-        cmac->bufferSz += add;
-        in += add;
-        inSz -= add;
+            cmac->bufferSz += add;
+            in += add;
+            inSz -= add;
 
-        if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) {
-            if (cmac->totalSz != 0) {
-                xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
-            }
-            ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
-            if (ret == 0) {
-                cmac->totalSz += AES_BLOCK_SIZE;
-                cmac->bufferSz = 0;
+            if (cmac->bufferSz == WC_AES_BLOCK_SIZE && inSz != 0) {
+                if (cmac->totalSz != 0) {
+                    xorbuf(cmac->buffer, cmac->digest, WC_AES_BLOCK_SIZE);
+                }
+                ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest,
+                        cmac->buffer);
+                if (ret == 0) {
+                    cmac->totalSz += WC_AES_BLOCK_SIZE;
+                    cmac->bufferSz = 0;
+                }
             }
         }
+    }; break;
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
+    default:
+        ret = BAD_FUNC_ARG;
     }
-
     return ret;
 }
 
@@ -244,7 +259,16 @@ int wc_CmacFree(Cmac* cmac)
      * wc_CmacFinal() not called. */
     XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-    wc_AesFree(&cmac->aes);
+    switch (cmac->type) {
+#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+    case WC_CMAC_AES:
+        wc_AesFree(&cmac->aes);
+        break;
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
+    default:
+        /* Nothing to do */
+        (void)cmac;
+    }
     ForceZero(cmac, sizeof(Cmac));
     return 0;
 }
@@ -252,8 +276,6 @@ int wc_CmacFree(Cmac* cmac)
 int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz)
 {
     int ret = 0;
-    const byte* subKey;
-    word32 remainder;
 
     if (cmac == NULL || out == NULL || outSz == NULL) {
         return BAD_FUNC_ARG;
@@ -267,44 +289,64 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz)
     if (cmac->devId != INVALID_DEVID)
     #endif
     {
-        ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, 0, NULL);
+        ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz,
+            (int)cmac->type, NULL);
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
+
+        /* Clear CRYPTOCB_UNAVAILABLE return code */
+       ret = 0;
+
         /* fall-through when unavailable */
     }
 #endif
-
-    if (cmac->bufferSz == AES_BLOCK_SIZE) {
-        subKey = cmac->k1;
-    }
-    else {
-        /* ensure we will have a valid remainder value */
-        if (cmac->bufferSz > AES_BLOCK_SIZE) {
-            return BAD_STATE_E;
-        }
-        remainder = AES_BLOCK_SIZE - cmac->bufferSz;
-
-        if (remainder == 0) {
-            remainder = AES_BLOCK_SIZE;
-        }
-        if (remainder > 1) {
-            XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder);
-        }
-
-        cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80;
-        subKey = cmac->k2;
-    }
-    xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
-    xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE);
-    ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
     if (ret == 0) {
-        XMEMCPY(out, cmac->digest, *outSz);
-    }
+        switch (cmac->type) {
+    #if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+        case WC_CMAC_AES:
+        {
+            const byte* subKey;
+            word32 remainder;
 
-    return 0;
+            if (cmac->bufferSz == WC_AES_BLOCK_SIZE) {
+                subKey = cmac->k1;
+            }
+            else {
+                /* ensure we will have a valid remainder value */
+                if (cmac->bufferSz > WC_AES_BLOCK_SIZE) {
+                    ret = BAD_STATE_E;
+                    break;
+                }
+                remainder = WC_AES_BLOCK_SIZE - cmac->bufferSz;
+
+                if (remainder == 0) {
+                    remainder = WC_AES_BLOCK_SIZE;
+                }
+                if (remainder > 1) {
+                    XMEMSET(cmac->buffer + WC_AES_BLOCK_SIZE - remainder, 0,
+                            remainder);
+                }
+
+                cmac->buffer[WC_AES_BLOCK_SIZE - remainder] = 0x80;
+                subKey = cmac->k2;
+            }
+            xorbuf(cmac->buffer, cmac->digest, WC_AES_BLOCK_SIZE);
+            xorbuf(cmac->buffer, subKey, WC_AES_BLOCK_SIZE);
+            ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
+            if (ret == 0) {
+                XMEMCPY(out, cmac->digest, *outSz);
+            }
+        }; break;
+    #endif /* !NO_AES && WOLFSSL_AES_DIRECT */
+        default:
+            ret = BAD_FUNC_ARG;
+        }
+    }
+    return ret;
 }
 
-int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) {
+int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
+{
     int ret = 0;
 
     if (cmac == NULL)
@@ -314,7 +356,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) {
     return ret;
 }
 
-
+#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
 int wc_AesCmacGenerate_ex(Cmac* cmac,
                           byte* out, word32* outSz,
                           const byte* in, word32 inSz,
@@ -334,8 +376,6 @@ int wc_AesCmacGenerate_ex(Cmac* cmac,
     if (devId != INVALID_DEVID)
     #endif
     {
-        cmac->devCtx = NULL;
-
         ret = wc_CryptoCb_Cmac(cmac, key, keySz, in, inSz, out, outSz,
                 WC_CMAC_AES, NULL);
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
@@ -428,11 +468,12 @@ int wc_AesCmacVerify_ex(Cmac* cmac,
                         void* heap, int devId)
 {
     int ret = 0;
-    byte a[AES_BLOCK_SIZE];
+    byte a[WC_AES_BLOCK_SIZE];
     word32 aSz = sizeof(a);
     int compareRet;
 
-    if (cmac == NULL || check == NULL || checkSz == 0 || (in == NULL && inSz != 0)) {
+    if (cmac == NULL || check == NULL || checkSz == 0 ||
+            (in == NULL && inSz != 0)) {
         return BAD_FUNC_ARG;
     }
 
@@ -498,5 +539,6 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
 
     return ret;
 }
+#endif /* !NO_AES && WOLFSSL_AES_DIRECT */
 
-#endif /* WOLFSSL_CMAC && NO_AES && WOLFSSL_AES_DIRECT */
+#endif /* WOLFSSL_CMAC */
diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index 27cf98818..739fde538 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -1,6 +1,6 @@
 /* coding.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,18 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef NO_CODING
 
 #include <wolfssl/wolfcrypt/coding.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #ifndef NO_ASN
     #include <wolfssl/wolfcrypt/asn.h> /* For PEM_LINE_SZ */
 #endif
@@ -59,23 +52,33 @@ enum {
 
 #ifdef WOLFSSL_BASE64_DECODE
 
-#ifdef BASE64_NO_TABLE
-static WC_INLINE byte Base64_Char2Val(byte c)
+static WC_INLINE byte Base64_Char2Val_CT(byte c)
 {
-    word16 v = 0x0000;
+    int v;
+    int smallEnd   = (int)c - 0x7b;
+    int smallStart = (int)c - 0x61;
+    int bigEnd     = (int)c - 0x5b;
+    int bigStart   = (int)c - 0x41;
+    int numEnd     = (int)c - 0x3a;
+    int numStart   = (int)c - 0x30;
+    int slashEnd   = (int)c - 0x30;
+    int slashStart = (int)c - 0x2f;
+    int plusEnd    = (int)c - 0x2c;
+    int plusStart  = (int)c - 0x2b;
 
-    v |= 0xff3E & ctMask16Eq(c, 0x2b);
-    v |= 0xff3F & ctMask16Eq(c, 0x2f);
-    v |= (c + 0xff04) & ctMask16GTE(c, 0x30) & ctMask16LTE(c, 0x39);
-    v |= (0xff00 + c - 0x41) & ctMask16GTE(c, 0x41) & ctMask16LTE(c, 0x5a);
-    v |= (0xff00 + c - 0x47) & ctMask16GTE(c, 0x61) & ctMask16LTE(c, 0x7a);
-    v |= ~(v >> 8);
+    v  = ((smallStart >> 8) ^ (smallEnd >> 8)) & (smallStart + 26 + 1);
+    v |= ((bigStart   >> 8) ^ (bigEnd   >> 8)) & (bigStart   +  0 + 1);
+    v |= ((numStart   >> 8) ^ (numEnd   >> 8)) & (numStart   + 52 + 1);
+    v |= ((slashStart >> 8) ^ (slashEnd >> 8)) & (slashStart + 63 + 1);
+    v |= ((plusStart  >> 8) ^ (plusEnd  >> 8)) & (plusStart  + 62 + 1);
 
-    return (byte)v;
+    return (byte)(v - 1);
 }
-#else
+
+#ifndef BASE64_NO_TABLE
+
 static
-ALIGN64 const byte base64Decode[] = {          /* + starts at 0x2B */
+ALIGN64 const byte base64Decode_table[] = {    /* + starts at 0x2B */
 /* 0x28:       + , - . / */                   62, BAD, BAD, BAD,  63,
 /* 0x30: 0 1 2 3 4 5 6 7 */    52,  53,  54,  55,  56,  57,  58,  59,
 /* 0x38: 8 9 : ; < = > ? */    60,  61, BAD, BAD, BAD, BAD, BAD, BAD,
@@ -88,30 +91,31 @@ ALIGN64 const byte base64Decode[] = {          /* + starts at 0x2B */
 /* 0x70: p q r s t u v w */    41,  42,  43,  44,  45,  46,  47,  48,
 /* 0x78: x y z           */    49,  50,  51
                             };
-#define BASE64DECODE_SZ    (byte)(sizeof(base64Decode))
+#define BASE64DECODE_TABLE_SZ    (byte)(sizeof(base64Decode_table))
 
-static WC_INLINE byte Base64_Char2Val(byte c)
+static WC_INLINE byte Base64_Char2Val_by_table(byte c)
 {
-#ifndef WC_NO_CACHE_RESISTANT
+#ifdef WC_CACHE_RESISTANT_BASE64_TABLE
     /* 80 characters in table.
      * 64 bytes in a cache line - first line has 64, second has 16
      */
     byte v;
     byte mask;
 
-    c -= BASE64_MIN;
+    c = (byte)(c - BASE64_MIN);
     mask = (byte)((((byte)(0x3f - c)) >> 7) - 1);
     /* Load a value from the first cache line and use when mask set. */
-    v  = (byte)(base64Decode[ c & 0x3f        ] &   mask);
+    v  = (byte)(base64Decode_table[ c & 0x3f        ] &   mask);
     /* Load a value from the second cache line and use when mask not set. */
-    v |= (byte)(base64Decode[(c & 0x0f) | 0x40] & (~mask));
+    v |= (byte)(base64Decode_table[(c & 0x0f) | 0x40] & (~mask));
 
     return v;
 #else
-    return base64Decode[c - BASE64_MIN];
+    return base64Decode_table[c - BASE64_MIN];
 #endif
 }
-#endif
+
+#endif /* !BASE64_NO_TABLE */
 
 int Base64_SkipNewline(const byte* in, word32 *inLen,
   word32 *outJ)
@@ -161,15 +165,15 @@ int Base64_SkipNewline(const byte* in, word32 *inLen,
     return 0;
 }
 
-int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
+#ifndef BASE64_NO_TABLE
+
+int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
     word32 i = 0;
     word32 j = 0;
     word32 plainSz = inLen - ((inLen + (BASE64_LINE_SZ - 1)) / BASE64_LINE_SZ );
     int ret;
-#ifndef BASE64_NO_TABLE
-    const byte maxIdx = BASE64DECODE_SZ + BASE64_MIN - 1;
-#endif
+    const byte maxIdx = BASE64DECODE_TABLE_SZ + BASE64_MIN - 1;
 
     plainSz = (plainSz * 3 + 3) / 4;
     if (plainSz > *outLen) return BAD_FUNC_ARG;
@@ -216,7 +220,6 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         if (pad3 && !pad4)
             return ASN_INPUT_E;
 
-#ifndef BASE64_NO_TABLE
         if (e1 < BASE64_MIN || e2 < BASE64_MIN || e3 < BASE64_MIN ||
                                                               e4 < BASE64_MIN) {
             WOLFSSL_MSG("Bad Base64 Decode data, too small");
@@ -227,17 +230,16 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
             WOLFSSL_MSG("Bad Base64 Decode data, too big");
             return ASN_INPUT_E;
         }
-#endif
 
         if (i + 1 + !pad3 + !pad4 > *outLen) {
             WOLFSSL_MSG("Bad Base64 Decode out buffer, too small");
             return BAD_FUNC_ARG;
         }
 
-        e1 = Base64_Char2Val(e1);
-        e2 = Base64_Char2Val(e2);
-        e3 = (byte)((e3 == PAD) ? 0 : Base64_Char2Val(e3));
-        e4 = (byte)((e4 == PAD) ? 0 : Base64_Char2Val(e4));
+        e1 = Base64_Char2Val_by_table(e1);
+        e2 = Base64_Char2Val_by_table(e2);
+        e3 = (byte)((e3 == PAD) ? 0 : Base64_Char2Val_by_table(e3));
+        e4 = (byte)((e4 == PAD) ? 0 : Base64_Char2Val_by_table(e4));
 
         if (e1 == BAD || e2 == BAD || e3 == BAD || e4 == BAD) {
             WOLFSSL_MSG("Bad Base64 Decode bad character");
@@ -256,7 +258,8 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         else
             break;
     }
-/* If the output buffer has a room for an extra byte, add a null terminator */
+
+    /* If the output buffer has a room for an extra byte, add a null terminator */
     if (out && *outLen > i)
         out[i]= '\0';
 
@@ -265,6 +268,103 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
     return 0;
 }
 
+#endif /* !BASE64_NO_TABLE */
+
+int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
+{
+    word32 i = 0;
+    word32 j = 0;
+    word32 plainSz = inLen - ((inLen + (BASE64_LINE_SZ - 1)) / BASE64_LINE_SZ );
+    int ret;
+
+    plainSz = (plainSz * 3 + 3) / 4;
+    if (plainSz > *outLen) return BAD_FUNC_ARG;
+
+    while (inLen > 3) {
+        int pad3 = 0;
+        int pad4 = 0;
+        byte b1, b2, b3;
+        byte e1, e2, e3, e4;
+
+        if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) {
+            if (ret == WC_NO_ERR_TRACE(BUFFER_E)) {
+                /* Running out of buffer here is not an error */
+                break;
+            }
+            return ret;
+        }
+        e1 = in[j++];
+        if (e1 == '\0') {
+            break;
+        }
+        inLen--;
+        if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) {
+            return ret;
+        }
+        e2 = in[j++];
+        inLen--;
+        if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) {
+            return ret;
+        }
+        e3 = in[j++];
+        inLen--;
+        if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) {
+            return ret;
+        }
+        e4 = in[j++];
+        inLen--;
+
+        if (e3 == PAD)
+            pad3 = 1;
+        if (e4 == PAD)
+            pad4 = 1;
+
+        if (pad3 && !pad4)
+            return ASN_INPUT_E;
+
+        if (i + 1 + !pad3 + !pad4 > *outLen) {
+            WOLFSSL_MSG("Bad Base64 Decode out buffer, too small");
+            return BAD_FUNC_ARG;
+        }
+
+        e1 = Base64_Char2Val_CT(e1);
+        e2 = Base64_Char2Val_CT(e2);
+        e3 = (byte)((e3 == PAD) ? 0 : Base64_Char2Val_CT(e3));
+        e4 = (byte)((e4 == PAD) ? 0 : Base64_Char2Val_CT(e4));
+
+        if (e1 == BAD || e2 == BAD || e3 == BAD || e4 == BAD) {
+            WOLFSSL_MSG("Bad Base64 Decode bad character");
+            return ASN_INPUT_E;
+        }
+
+        b1 = (byte)((e1 << 2) | (e2 >> 4));
+        b2 = (byte)(((e2 & 0xF) << 4) | (e3 >> 2));
+        b3 = (byte)(((e3 & 0x3) << 6) | e4);
+
+        out[i++] = b1;
+        if (!pad3)
+            out[i++] = b2;
+        if (!pad4)
+            out[i++] = b3;
+        else
+            break;
+    }
+
+    /* If the output buffer has a room for an extra byte, add a null terminator */
+    if (out && *outLen > i)
+        out[i]= '\0';
+
+    *outLen = i;
+
+    return 0;
+}
+
+#ifdef BASE64_NO_TABLE
+int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out, word32* outLen) {
+    return Base64_Decode(in, inLen, out, outLen);
+}
+#endif /* BASE64_NO_TABLE */
+
 #endif /* WOLFSSL_BASE64_DECODE */
 
 #if defined(WOLFSSL_BASE64_ENCODE)
@@ -297,8 +397,10 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 maxSz,
 
     if (raw)
         basic = e;
-    else
+    else if (e < sizeof(base64Encode))
         basic = base64Encode[e];
+    else
+        return BAD_FUNC_ARG;
 
     /* check whether to escape. Only escape for EncodeEsc */
     if (escaped == WC_ESC_NL_ENC) {
@@ -458,7 +560,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
     *outLen = i;
 
     if (ret == 0)
-        return getSzOnly ? LENGTH_ONLY_E : 0;
+        return getSzOnly ? WC_NO_ERR_TRACE(LENGTH_ONLY_E) : 0;
 
     return ret;
 }
@@ -488,7 +590,7 @@ int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen)
 #ifdef WOLFSSL_BASE16
 
 static
-const byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
+const ALIGN64 byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
                            BAD, BAD, BAD, BAD, BAD, BAD, BAD,
                            10, 11, 12, 13, 14, 15,  /* upper case A-F */
                            BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD,
@@ -507,7 +609,7 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         return BAD_FUNC_ARG;
 
     if (inLen == 1 && *outLen && in) {
-        byte b = in[inIdx++] - BASE16_MIN;  /* 0 starts at 0x30 */
+        byte b = (byte)(in[inIdx++] - BASE16_MIN);  /* 0 starts at 0x30 */
 
         /* sanity check */
         if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
@@ -531,8 +633,8 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         return BAD_FUNC_ARG;
 
     while (inLen) {
-        byte b  = in[inIdx++] - BASE16_MIN;  /* 0 starts at 0x30 */
-        byte b2 = in[inIdx++] - BASE16_MIN;
+        byte b  = (byte)(in[inIdx++] - BASE16_MIN);  /* 0 starts at 0x30 */
+        byte b2 = (byte)(in[inIdx++] - BASE16_MIN);
 
         /* sanity checks */
         if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
@@ -554,6 +656,11 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
     return 0;
 }
 
+static
+const ALIGN64 byte hexEncode[] = { '0', '1', '2', '3', '4', '5', '6', '7',
+                                   '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
+};
+
 int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
     word32 outIdx = 0;
@@ -569,15 +676,8 @@ int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
         byte hb = in[i] >> 4;
         byte lb = in[i] & 0x0f;
 
-        /* ASCII value */
-        hb += '0';
-        if (hb > '9')
-            hb += 7;
-
-        /* ASCII value */
-        lb += '0';
-        if (lb>'9')
-            lb += 7;
+        hb = hexEncode[hb];
+        lb = hexEncode[lb];
 
         out[outIdx++] = hb;
         out[outIdx++] = lb;
diff --git a/wolfcrypt/src/compress.c b/wolfcrypt/src/compress.c
index 941596e7f..e3c42ccdf 100644
--- a/wolfcrypt/src/compress.c
+++ b/wolfcrypt/src/compress.c
@@ -1,6 +1,6 @@
 /* compress.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,20 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_LIBZ
 
 
 #include <wolfssl/wolfcrypt/compress.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
diff --git a/wolfcrypt/src/cpuid.c b/wolfcrypt/src/cpuid.c
index 67223860c..a0b80fdfe 100644
--- a/wolfcrypt/src/cpuid.c
+++ b/wolfcrypt/src/cpuid.c
@@ -1,6 +1,6 @@
 /* cpuid.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,16 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #include <wolfssl/wolfcrypt/cpuid.h>
 
-#if defined(HAVE_CPUID) || defined(HAVE_CPUID_INTEL)
+#if defined(HAVE_CPUID) || defined(HAVE_CPUID_INTEL) || \
+    defined(HAVE_CPUID_AARCH64)
     static word32 cpuid_check = 0;
     static word32 cpuid_flags = 0;
 #endif
@@ -101,6 +97,224 @@
             cpuid_check = 1;
         }
     }
+#elif defined(HAVE_CPUID_AARCH64)
+
+#define CPUID_AARCH64_FEAT_AES         ((word64)1 << 4)
+#define CPUID_AARCH64_FEAT_AES_PMULL   ((word64)1 << 5)
+#define CPUID_AARCH64_FEAT_SHA256      ((word64)1 << 12)
+#define CPUID_AARCH64_FEAT_SHA256_512  ((word64)1 << 13)
+#define CPUID_AARCH64_FEAT_RDM         ((word64)1 << 28)
+#define CPUID_AARCH64_FEAT_SHA3        ((word64)1 << 32)
+#define CPUID_AARCH64_FEAT_SM3         ((word64)1 << 36)
+#define CPUID_AARCH64_FEAT_SM4         ((word64)1 << 40)
+
+#ifdef WOLFSSL_AARCH64_PRIVILEGE_MODE
+    /* https://developer.arm.com/documentation/ddi0601/2024-09/AArch64-Registers
+     * /ID-AA64ISAR0-EL1--AArch64-Instruction-Set-Attribute-Register-0 */
+
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            word64 features;
+
+            __asm__ __volatile (
+                "mrs    %[feat], ID_AA64ISAR0_EL1\n"
+                : [feat] "=r" (features)
+                :
+                :
+            );
+
+            if (features & CPUID_AARCH64_FEAT_AES)
+                cpuid_flags |= CPUID_AES;
+            if (features & CPUID_AARCH64_FEAT_AES_PMULL) {
+                cpuid_flags |= CPUID_AES;
+                cpuid_flags |= CPUID_PMULL;
+            }
+            if (features & CPUID_AARCH64_FEAT_SHA256)
+                cpuid_flags |= CPUID_SHA256;
+            if (features & CPUID_AARCH64_FEAT_SHA256_512)
+                cpuid_flags |= CPUID_SHA256 | CPUID_SHA512;
+            if (features & CPUID_AARCH64_FEAT_RDM)
+                cpuid_flags |= CPUID_RDM;
+            if (features & CPUID_AARCH64_FEAT_SHA3)
+                cpuid_flags |= CPUID_SHA3;
+            if (features & CPUID_AARCH64_FEAT_SM3)
+                cpuid_flags |= CPUID_SM3;
+            if (features & CPUID_AARCH64_FEAT_SM4)
+                cpuid_flags |= CPUID_SM4;
+
+            cpuid_check = 1;
+        }
+    }
+#elif defined(__linux__)
+    /* https://community.arm.com/arm-community-blogs/b/operating-systems-blog/
+     * posts/runtime-detection-of-cpu-features-on-an-armv8-a-cpu */
+
+    #include <sys/auxv.h>
+    #include <asm/hwcap.h>
+
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            word64 hwcaps = getauxval(AT_HWCAP);
+
+        #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
+            if (hwcaps & HWCAP_AES)
+                cpuid_flags |= CPUID_AES;
+            if (hwcaps & HWCAP_PMULL)
+                cpuid_flags |= CPUID_PMULL;
+            if (hwcaps & HWCAP_SHA2)
+                cpuid_flags |= CPUID_SHA256;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
+            if (hwcaps & HWCAP_SHA512)
+                cpuid_flags |= CPUID_SHA512;
+        #endif
+        #if defined(HWCAP_ASIMDRDM) && !defined(WOLFSSL_AARCH64_NO_SQRDMLSH)
+            if (hwcaps & HWCAP_ASIMDRDM)
+                cpuid_flags |= CPUID_RDM;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (hwcaps & HWCAP_SHA3)
+                cpuid_flags |= CPUID_SHA3;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SM3
+            if (hwcaps & HWCAP_SM3)
+                cpuid_flags |= CPUID_SM3;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SM4
+            if (hwcaps & HWCAP_SM4)
+                cpuid_flags |= CPUID_SM4;
+        #endif
+
+            cpuid_check = 1;
+        }
+    }
+#elif defined(__ANDROID__) || defined(ANDROID)
+    /* https://community.arm.com/arm-community-blogs/b/operating-systems-blog/
+     * posts/runtime-detection-of-cpu-features-on-an-armv8-a-cpu */
+
+    #include "cpu-features.h"
+
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            word64 features = android_getCpuFeatures();
+
+            if (features & ANDROID_CPU_ARM_FEATURE_AES)
+                cpuid_flags |= CPUID_AES;
+            if (features & ANDROID_CPU_ARM_FEATURE_PMULL)
+                cpuid_flags |= CPUID_PMULL;
+            if (features & ANDROID_CPU_ARM_FEATURE_SHA2)
+                cpuid_flags |= CPUID_SHA256;
+
+            cpuid_check = 1;
+        }
+    }
+#elif defined(__APPLE__)
+    /* https://developer.apple.com/documentation/kernel/1387446-sysctlbyname/
+     * determining_instruction_set_characteristics */
+
+    #include <sys/sysctl.h>
+
+    static word64 cpuid_get_sysctlbyname(const char* name)
+    {
+        word64 ret = 0;
+        size_t size = sizeof(ret);
+
+        sysctlbyname(name, &ret, &size, NULL, 0);
+
+        return ret;
+    }
+
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_AES") != 0)
+                cpuid_flags |= CPUID_AES;
+            if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_PMULL") != 0)
+                cpuid_flags |= CPUID_PMULL;
+            if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_SHA256") != 0)
+                cpuid_flags |= CPUID_SHA256;
+            if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_SHA512") != 0)
+                cpuid_flags |= CPUID_SHA512;
+            if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_RDM") != 0)
+                cpuid_flags |= CPUID_RDM;
+            if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_SHA3") != 0)
+                cpuid_flags |= CPUID_SHA3;
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SM3
+            cpuid_flags |= CPUID_SM3;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SM4
+            cpuid_flags |= CPUID_SM4;
+        #endif
+
+            cpuid_check = 1;
+        }
+    }
+#elif defined(__FreeBSD__) || defined(__OpenBSD__)
+    /* https://man.freebsd.org/cgi/man.cgi?elf_aux_info(3) */
+
+    #include <sys/auxv.h>
+
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            word64 features = 0;
+
+            elf_aux_info(AT_HWCAP, &features, sizeof(features));
+
+            if (features & CPUID_AARCH64_FEAT_AES)
+                cpuid_flags |= CPUID_AES;
+            if (features & CPUID_AARCH64_FEAT_AES_PMULL) {
+                cpuid_flags |= CPUID_AES;
+                cpuid_flags |= CPUID_PMULL;
+            }
+            if (features & CPUID_AARCH64_FEAT_SHA256)
+                cpuid_flags |= CPUID_SHA256;
+            if (features & CPUID_AARCH64_FEAT_SHA256_512)
+                cpuid_flags |= CPUID_SHA256 | CPUID_SHA512;
+            if (features & CPUID_AARCH64_FEAT_RDM)
+                cpuid_flags |= CPUID_RDM;
+            if (features & CPUID_AARCH64_FEAT_SHA3)
+                cpuid_flags |= CPUID_SHA3;
+            if (features & CPUID_AARCH64_FEAT_SM3)
+                cpuid_flags |= CPUID_SM3;
+            if (features & CPUID_AARCH64_FEAT_SM4)
+                cpuid_flags |= CPUID_SM4;
+
+            cpuid_check = 1;
+        }
+    }
+#else
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+        #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
+            cpuid_flags |= CPUID_AES;
+            cpuid_flags |= CPUID_PMULL;
+            cpuid_flags |= CPUID_SHA256;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
+            cpuid_flags |= CPUID_SHA512;
+        #endif
+        #ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+            cpuid_flags |= CPUID_RDM;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            cpuid_flags |= CPUID_SHA3;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SM3
+            cpuid_flags |= CPUID_SM3;
+        #endif
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SM4
+            cpuid_flags |= CPUID_SM4;
+        #endif
+
+            cpuid_check = 1;
+        }
+    }
+#endif
 #elif defined(HAVE_CPUID)
     void cpuid_set_flags(void)
     {
diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c
index e3c62a86f..a83e529f9 100644
--- a/wolfcrypt/src/cryptocb.c
+++ b/wolfcrypt/src/cryptocb.c
@@ -1,6 +1,6 @@
 /* cryptocb.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,17 +36,11 @@
  * DEBUG_CRYPTOCB
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLF_CRYPTO_CB
 
 #include <wolfssl/wolfcrypt/cryptocb.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 
 #ifdef HAVE_ARIA
     #include <wolfssl/wolfcrypt/port/aria/aria-cryptocb.h>
@@ -55,7 +49,6 @@
 #ifdef WOLFSSL_CAAM
     #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
 #endif
-
 /* TODO: Consider linked list with mutex */
 #ifndef MAX_CRYPTO_DEVID_CALLBACKS
 #define MAX_CRYPTO_DEVID_CALLBACKS 8
@@ -66,7 +59,7 @@ typedef struct CryptoCb {
     CryptoDevCallbackFunc cb;
     void* ctx;
 } CryptoCb;
-static WOLFSSL_GLOBAL CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS];
+static WC_THREADSHARED CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS];
 
 #ifdef WOLF_CRYPTO_CB_FIND
 static CryptoDevCallbackFind CryptoCb_FindCb = NULL;
@@ -85,6 +78,8 @@ static const char* GetAlgoTypeStr(int algo)
         case WC_ALGO_TYPE_RNG:    return "RNG";
         case WC_ALGO_TYPE_SEED:   return "Seed";
         case WC_ALGO_TYPE_HMAC:   return "HMAC";
+        case WC_ALGO_TYPE_CMAC:   return "CMAC";
+        case WC_ALGO_TYPE_CERT:   return "Cert";
     }
     return NULL;
 }
@@ -104,6 +99,7 @@ static const char* GetPkTypeStr(int pk)
     }
     return NULL;
 }
+#if !defined(NO_AES) || !defined(NO_DES3)
 static const char* GetCipherTypeStr(int cipher)
 {
     switch (cipher) {
@@ -119,6 +115,7 @@ static const char* GetCipherTypeStr(int cipher)
     }
     return NULL;
 }
+#endif /* !NO_AES || !NO_DES3 */
 static const char* GetHashTypeStr(int hash)
 {
     switch (hash) {
@@ -141,6 +138,16 @@ static const char* GetHashTypeStr(int hash)
     return NULL;
 }
 
+#ifdef WOLFSSL_CMAC
+static const char* GetCmacTypeStr(int type)
+{
+    switch (type) {
+        case WC_CMAC_AES: return "AES";
+    }
+    return NULL;
+}
+#endif  /* WOLFSSL_CMAC */
+
 #ifndef NO_RSA
 static const char* GetRsaType(int type)
 {
@@ -186,12 +193,16 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
                 GetPkTypeStr(info->pk.type), info->pk.type);
         }
     }
+#if !defined(NO_AES) || !defined(NO_DES3)
     else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
         printf("Crypto CB: %s %s (%d) (%p ctx)\n",
             GetAlgoTypeStr(info->algo_type),
             GetCipherTypeStr(info->cipher.type),
             info->cipher.type, info->cipher.ctx);
     }
+#endif /* !NO_AES || !NO_DES3 */
+#if !defined(NO_SHA) || !defined(NO_SHA256) || \
+    defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA3)
     else if (info->algo_type == WC_ALGO_TYPE_HASH) {
         printf("Crypto CB: %s %s (%d) (%p ctx) %s\n",
             GetAlgoTypeStr(info->algo_type),
@@ -199,6 +210,8 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
             info->hash.type, info->hash.ctx,
             (info->hash.in != NULL) ? "Update" : "Final");
     }
+#endif
+#ifndef NO_HMAC
     else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
         printf("Crypto CB: %s %s (%d) (%p ctx) %s\n",
             GetAlgoTypeStr(info->algo_type),
@@ -206,6 +219,18 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
             info->hmac.macType, info->hmac.hmac,
             (info->hmac.in != NULL) ? "Update" : "Final");
     }
+#endif
+#ifdef WOLFSSL_CMAC
+    else if (info->algo_type == WC_ALGO_TYPE_CMAC) {
+        printf("Crypto CB: %s %s (%d) (%p ctx) %s %s %s\n",
+            GetAlgoTypeStr(info->algo_type),
+            GetCmacTypeStr(info->cmac.type),
+            info->cmac.type, info->cmac.cmac,
+            (info->cmac.key != NULL) ? "Init " : "",
+            (info->cmac.in != NULL) ? "Update " : "",
+            (info->cmac.out != NULL) ? "Final" : "");
+    }
+#endif
 #ifdef WOLF_CRYPTO_CB_CMD
     else if (info->algo_type == WC_ALGO_TYPE_NONE) {
         printf("Crypto CB: %s %s (%d)\n",
@@ -418,6 +443,60 @@ int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
+                       word32* outLen, int type, RsaKey* key, WC_RNG* rng,
+                       RsaPadding *padding)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    CryptoCb* dev;
+    int pk_type;
+
+    if (key == NULL)
+        return ret;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
+
+    if (padding != NULL) {
+        switch (padding->pad_type) {
+        case WC_RSA_PKCSV15_PAD:
+            pk_type = WC_PK_TYPE_RSA_PKCS;
+            break;
+        case WC_RSA_PSS_PAD:
+            pk_type = WC_PK_TYPE_RSA_PSS;
+            break;
+        case WC_RSA_OAEP_PAD:
+            pk_type = WC_PK_TYPE_RSA_OAEP;
+            break;
+        default:
+            pk_type = WC_PK_TYPE_RSA;
+        }
+    } else {
+        pk_type = WC_PK_TYPE_RSA;
+    }
+
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+        cryptoInfo.pk.type = pk_type;
+        cryptoInfo.pk.rsa.in = in;
+        cryptoInfo.pk.rsa.inLen = inLen;
+        cryptoInfo.pk.rsa.out = out;
+        cryptoInfo.pk.rsa.outLen = outLen;
+        cryptoInfo.pk.rsa.type = type;
+        cryptoInfo.pk.rsa.key = key;
+        cryptoInfo.pk.rsa.rng = rng;
+        cryptoInfo.pk.rsa.padding = padding;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* WOLF_CRYPTO_CB_RSA_PAD */
+
 #ifdef WOLFSSL_KEY_GEN
 int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 {
@@ -785,7 +864,7 @@ int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
 }
 #endif /* HAVE_ED25519 */
 
-#if defined(WOLFSSL_HAVE_KYBER)
+#if defined(WOLFSSL_HAVE_MLKEM)
 int wc_CryptoCb_PqcKemGetDevId(int type, void* key)
 {
     int devId = INVALID_DEVID;
@@ -904,7 +983,7 @@ int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext, word32 ciphertextLen,
 
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
-#endif /* WOLFSSL_HAVE_KYBER */
+#endif /* WOLFSSL_HAVE_MLKEM */
 
 #if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
 int wc_CryptoCb_PqcSigGetDevId(int type, void* key)
@@ -963,7 +1042,8 @@ int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize,
 }
 
 int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen,
-    WC_RNG* rng, int type, void* key)
+    const byte* context, byte contextLen, word32 preHashType, WC_RNG* rng,
+    int type, void* key)
 {
     int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     int devId = INVALID_DEVID;
@@ -988,6 +1068,9 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen,
         cryptoInfo.pk.pqc_sign.inlen = inlen;
         cryptoInfo.pk.pqc_sign.out = out;
         cryptoInfo.pk.pqc_sign.outlen = outlen;
+        cryptoInfo.pk.pqc_sign.context = context;
+        cryptoInfo.pk.pqc_sign.contextLen = contextLen;
+        cryptoInfo.pk.pqc_sign.preHashType = preHashType;
         cryptoInfo.pk.pqc_sign.rng = rng;
         cryptoInfo.pk.pqc_sign.key = key;
         cryptoInfo.pk.pqc_sign.type = type;
@@ -999,7 +1082,8 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen,
 }
 
 int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg,
-    word32 msglen, int* res, int type, void* key)
+    word32 msglen, const byte* context, byte contextLen, word32 preHashType,
+    int* res, int type, void* key)
 {
     int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     int devId = INVALID_DEVID;
@@ -1024,6 +1108,9 @@ int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg,
         cryptoInfo.pk.pqc_verify.siglen = siglen;
         cryptoInfo.pk.pqc_verify.msg = msg;
         cryptoInfo.pk.pqc_verify.msglen = msglen;
+        cryptoInfo.pk.pqc_verify.context = context;
+        cryptoInfo.pk.pqc_verify.contextLen = contextLen;
+        cryptoInfo.pk.pqc_verify.preHashType = preHashType;
         cryptoInfo.pk.pqc_verify.res = res;
         cryptoInfo.pk.pqc_verify.key = key;
         cryptoInfo.pk.pqc_verify.type = type;
@@ -1719,7 +1806,39 @@ int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz)
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
 #endif /* !WC_NO_RNG */
-#ifdef WOLFSSL_CMAC
+
+#ifndef NO_CERTS
+int wc_CryptoCb_GetCert(int devId, const char *label, word32 labelLen,
+                        const byte *id, word32 idLen, byte** out,
+                        word32* outSz, int *format, void *heap)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    CryptoCb* dev;
+
+    /* locate registered callback */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_CERT);
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_CERT;
+        cryptoInfo.cert.label = label;
+        cryptoInfo.cert.labelLen = labelLen;
+        cryptoInfo.cert.id = id;
+        cryptoInfo.cert.idLen = idLen;
+        cryptoInfo.cert.heap = heap;
+        cryptoInfo.cert.certDataOut = out;
+        cryptoInfo.cert.certSz = outSz;
+        cryptoInfo.cert.certFormatOut = format;
+        cryptoInfo.cert.heap = heap;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* ifndef NO_CERTS */
+
+#if defined(WOLFSSL_CMAC)
 int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
         const byte* in, word32 inSz, byte* out, word32* outSz, int type,
         void* ctx)
@@ -1735,7 +1854,6 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
         /* locate first callback and try using it */
         dev = wc_CryptoCb_FindDeviceByIndex(0);
     }
-
     if (dev && dev->cb) {
         wc_CryptoInfo cryptoInfo;
         XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
@@ -1756,13 +1874,19 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
 
     return wc_CryptoCb_TranslateErrorCode(ret);
 }
-#endif
+#endif /* WOLFSSL_CMAC */
 
 /* returns the default dev id for the current build */
 int wc_CryptoCb_DefaultDevID(void)
 {
     int ret;
 
+/* Explicitly disable the "default devId" behavior. Ensures that any devId
+ * will only be used if explicitly passed as an argument to crypto functions,
+ * and never automatically selected. */
+#ifdef WC_NO_DEFAULT_DEVID
+    ret = INVALID_DEVID;
+#else
     /* conditional macro selection based on build */
 #ifdef WOLFSSL_CAAM_DEVID
     ret = WOLFSSL_CAAM_DEVID;
@@ -1774,6 +1898,7 @@ int wc_CryptoCb_DefaultDevID(void)
     /* try first available */
     ret = wc_CryptoCb_GetDevIdAtIndex(0);
 #endif
+#endif /* WC_NO_DEFAULT_DEVID */
 
     return ret;
 }
diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
index e24034222..ae2a6b427 100644
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -1,6 +1,6 @@
 /* curve25519.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,17 +22,11 @@
 
  /* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_CURVE25519
 
 #include <wolfssl/wolfcrypt/curve25519.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -51,10 +45,18 @@
     #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
 
+#if defined(WOLFSSL_CURVE25519_BLINDING)
+    #if defined(CURVE25519_SMALL)
+        #error "Blinding not needed nor available for small implementation"
+    #elif defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_ARMASM)
+        #error "Blinding not needed nor available for assembly implementation"
+    #endif
+#endif
+
 #if defined(WOLFSSL_LINUXKM) && !defined(USE_INTEL_SPEEDUP)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
@@ -143,6 +145,7 @@ int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
         XMEMCPY(pub, wc_pub.point, CURVE25519_KEYSIZE);
     }
 #else
+#ifndef WOLFSSL_CURVE25519_BLINDING
     fe_init();
 
     SAVE_VECTOR_REGISTERS(return _svr_ret;);
@@ -150,10 +153,119 @@ int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
     ret = curve25519(pub, priv, (byte*)kCurve25519BasePoint);
 
     RESTORE_VECTOR_REGISTERS();
+#else
+    {
+        WC_RNG rng;
+
+        ret = wc_InitRng(&rng);
+        if (ret == 0) {
+            ret = wc_curve25519_make_pub_blind(public_size, pub, private_size,
+                priv, &rng);
+
+            wc_FreeRng(&rng);
+        }
+    }
+#endif /* !WOLFSSL_CURVE25519_BLINDING */
+#endif /* FREESCALE_LTC_ECC */
+
+    return ret;
+}
+
+#ifdef WOLFSSL_CURVE25519_BLINDING
+#ifndef FREESCALE_LTC_ECC
+#ifndef WOLFSSL_CURVE25519_BLINDING_RAND_CNT
+    #define WOLFSSL_CURVE25519_BLINDING_RAND_CNT    10
+#endif
+static int curve25519_smul_blind(byte* rp, const byte* n, const byte* p,
+    WC_RNG* rng)
+{
+    int ret;
+    byte a[CURVE25519_KEYSIZE];
+    byte n_a[CURVE25519_KEYSIZE];
+    byte rz[CURVE25519_KEYSIZE];
+    int i;
+    int cnt;
+
+    SAVE_VECTOR_REGISTERS(return _svr_ret;);
+
+    /* Generate random z. */
+    for (cnt = 0; cnt < WOLFSSL_CURVE25519_BLINDING_RAND_CNT; cnt++) {
+        ret = wc_RNG_GenerateBlock(rng, rz, sizeof(rz));
+        if (ret < 0) {
+            return ret;
+        }
+        for (i = CURVE25519_KEYSIZE; i > 0; i--) {
+            if (rz[i] != 0xff)
+                break;
+        }
+        if ((i != 0) || (rz[0] <= 0xec)) {
+            break;
+        }
+    }
+    if (cnt == WOLFSSL_CURVE25519_BLINDING_RAND_CNT) {
+        return RNG_FAILURE_E;
+    }
+
+    /* Generate 253 random bits. */
+    ret = wc_RNG_GenerateBlock(rng, a, sizeof(a));
+    if (ret != 0)
+        return ret;
+    a[CURVE25519_KEYSIZE-1] &= 0x7f;
+    /* k' = k ^ 2k ^ a */
+    n_a[0] = n[0] ^ (n[0] << 1) ^ a[0];
+    for (i = 1; i < CURVE25519_KEYSIZE; i++) {
+        byte b1, b2, b3;
+        b1 = n[i] ^ a[i];
+        b2 = (n[i] << 1) ^ a[i];
+        b3 = (n[i-1] >> 7) ^ a[i];
+        n_a[i] = b1 ^ b2 ^ b3;
+    }
+    /* Scalar multiple blinded scalar with blinding value. */
+    ret = curve25519_blind(rp, n_a, a, p, rz);
+
+    RESTORE_VECTOR_REGISTERS();
+
+    return ret;
+}
+#endif
+
+int wc_curve25519_make_pub_blind(int public_size, byte* pub, int private_size,
+                                 const byte* priv, WC_RNG* rng)
+{
+    int ret;
+#ifdef FREESCALE_LTC_ECC
+    const ECPoint* basepoint = nxp_ltc_curve25519_GetBasePoint();
+    ECPoint wc_pub;
+#endif
+
+    if ( (public_size != CURVE25519_KEYSIZE) ||
+        (private_size != CURVE25519_KEYSIZE)) {
+        return ECC_BAD_ARG_E;
+    }
+    if ((pub == NULL) || (priv == NULL)) {
+        return ECC_BAD_ARG_E;
+    }
+
+    /* check clamping */
+    ret = curve25519_priv_clamp_check(priv);
+    if (ret != 0)
+        return ret;
+
+#ifdef FREESCALE_LTC_ECC
+    /* input basepoint on Weierstrass curve */
+    ret = nxp_ltc_curve25519(&wc_pub, priv, basepoint, kLTC_Weierstrass);
+    if (ret == 0) {
+        XMEMCPY(pub, wc_pub.point, CURVE25519_KEYSIZE);
+    }
+#else
+    fe_init();
+
+    ret = curve25519_smul_blind(pub, priv, (byte*)kCurve25519BasePoint, rng);
 #endif
 
     return ret;
 }
+#endif
 
 /* compute the public key from an existing private key, with supplied basepoint,
  * using bare vectors.
@@ -170,6 +282,7 @@ int wc_curve25519_generic(int public_size, byte* pub,
      * nxp_ltc_curve25519_GetBasePoint() */
     return WC_HW_E;
 #else
+#ifndef WOLFSSL_CURVE25519_BLINDING
     int ret;
 
     if ((public_size != CURVE25519_KEYSIZE) ||
@@ -194,9 +307,64 @@ int wc_curve25519_generic(int public_size, byte* pub,
     RESTORE_VECTOR_REGISTERS();
 
     return ret;
+#else
+    WC_RNG rng;
+    int ret;
+
+    ret = wc_InitRng(&rng);
+    if (ret == 0) {
+        ret = wc_curve25519_generic_blind(public_size, pub, private_size, priv,
+            basepoint_size, basepoint, &rng);
+
+        wc_FreeRng(&rng);
+    }
+
+    return ret;
+#endif
 #endif /* FREESCALE_LTC_ECC */
 }
 
+#ifdef WOLFSSL_CURVE25519_BLINDING
+/* compute the public key from an existing private key, with supplied basepoint,
+ * using bare vectors.
+ *
+ * return value is propagated from curve25519() (0 on success),
+ * and the byte vectors are little endian.
+ */
+int wc_curve25519_generic_blind(int public_size, byte* pub,
+                                int private_size, const byte* priv,
+                                int basepoint_size, const byte* basepoint,
+                                WC_RNG* rng)
+{
+#ifdef FREESCALE_LTC_ECC
+    /* unsupported with NXP LTC, only supports single basepoint with
+     * nxp_ltc_curve25519_GetBasePoint() */
+    return WC_HW_E;
+#else
+    int ret;
+
+    if ((public_size != CURVE25519_KEYSIZE) ||
+        (private_size != CURVE25519_KEYSIZE) ||
+        (basepoint_size != CURVE25519_KEYSIZE)) {
+        return ECC_BAD_ARG_E;
+    }
+    if ((pub == NULL) || (priv == NULL) || (basepoint == NULL))
+        return ECC_BAD_ARG_E;
+
+    /* check clamping */
+    ret = curve25519_priv_clamp_check(priv);
+    if (ret != 0)
+        return ret;
+
+    fe_init();
+
+    ret = curve25519_smul_blind(pub, priv, basepoint, rng);
+
+    return ret;
+#endif /* FREESCALE_LTC_ECC */
+}
+#endif
+
 /* generate a new private key, as a bare vector.
  *
  * return value is propagated from wc_RNG_GenerateBlock(() (0 on success),
@@ -250,8 +418,14 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
     ret = wc_curve25519_make_priv(rng, keysize, key->k);
     if (ret == 0) {
         key->privSet = 1;
+#ifdef WOLFSSL_CURVE25519_BLINDING
+        ret = wc_curve25519_make_pub_blind((int)sizeof(key->p.point),
+                                           key->p.point, (int)sizeof(key->k),
+                                           key->k, rng);
+#else
         ret = wc_curve25519_make_pub((int)sizeof(key->p.point), key->p.point,
                                      (int)sizeof(key->k), key->k);
+#endif
         key->pubSet = (ret == 0);
     }
 #endif
@@ -320,11 +494,16 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
     else
     #endif
     {
+#ifndef WOLFSSL_CURVE25519_BLINDING
     SAVE_VECTOR_REGISTERS(return _svr_ret;);
 
     ret = curve25519(o.point, private_key->k, public_key->p.point);
 
     RESTORE_VECTOR_REGISTERS();
+#else
+    ret = curve25519_smul_blind(o.point, private_key->k, public_key->p.point,
+                                private_key->rng);
+#endif
     }
 #endif
 #ifdef WOLFSSL_ECDHX_SHARED_NOT_ZERO
@@ -379,8 +558,14 @@ int wc_curve25519_export_public_ex(curve25519_key* key, byte* out,
 
     /* calculate public if missing */
     if (!key->pubSet) {
+#ifdef WOLFSSL_CURVE25519_BLINDING
+        ret = wc_curve25519_make_pub_blind((int)sizeof(key->p.point),
+                                           key->p.point, (int)sizeof(key->k),
+                                           key->k, key->rng);
+#else
         ret = wc_curve25519_make_pub((int)sizeof(key->p.point), key->p.point,
                                      (int)sizeof(key->k), key->k);
+#endif
         key->pubSet = (ret == 0);
     }
     /* export public point with endianness */
@@ -639,6 +824,9 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
     }
 
 #ifdef WOLFSSL_SE050
+#ifdef WOLFSSL_SE050_AUTO_ERASE
+    wc_se050_erase_object(key->keyId);
+#endif
     /* release NXP resources if set */
     se050_curve25519_free_key(key);
 #endif
@@ -655,6 +843,40 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
 
 #endif /* HAVE_CURVE25519_KEY_IMPORT */
 
+#ifndef WC_NO_CONSTRUCTORS
+curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code)
+{
+    int ret;
+    curve25519_key* key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), heap,
+                           DYNAMIC_TYPE_CURVE25519);
+    if (key == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_curve25519_init_ex(key, heap, devId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_CURVE25519);
+            key = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return key;
+}
+
+int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p) {
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_curve25519_free(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_CURVE25519);
+    if (key_p != NULL)
+        *key_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
 int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId)
 {
     if (key == NULL)
@@ -698,16 +920,23 @@ void wc_curve25519_free(curve25519_key* key)
     se050_curve25519_free_key(key);
 #endif
 
-    key->dp = NULL;
-    ForceZero(key->k, sizeof(key->k));
-    XMEMSET(&key->p, 0, sizeof(key->p));
-    key->pubSet = 0;
-    key->privSet = 0;
+    ForceZero(key, sizeof(*key));
+
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Check(key, sizeof(curve25519_key));
 #endif
 }
 
+#ifdef WOLFSSL_CURVE25519_BLINDING
+int wc_curve25519_set_rng(curve25519_key* key, WC_RNG* rng)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    key->rng = rng;
+    return 0;
+}
+#endif
+
 /* get key size */
 int wc_curve25519_size(curve25519_key* key)
 {
diff --git a/wolfcrypt/src/curve448.c b/wolfcrypt/src/curve448.c
index 3cbf577c0..f3cf9f35b 100644
--- a/wolfcrypt/src/curve448.c
+++ b/wolfcrypt/src/curve448.c
@@ -1,6 +1,6 @@
 /* curve448.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,16 +25,11 @@
  * Reworked for curve448 by Sean Parkinson.
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_CURVE448
 
 #include <wolfssl/wolfcrypt/curve448.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c
index 87502ab07..7a9ba3bc7 100644
--- a/wolfcrypt/src/des3.c
+++ b/wolfcrypt/src/des3.c
@@ -1,6 +1,6 @@
 /* des3.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,15 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef NO_DES3
 
@@ -163,8 +155,13 @@
                 STM32_HAL_TIMEOUT);
         }
         /* save off IV */
-        des->reg[0] = hcryp.Instance->IV0LR;
-        des->reg[1] = hcryp.Instance->IV0RR;
+        #ifdef WOLFSSL_STM32MP13
+            des->reg[0] = ((CRYP_TypeDef *)(hcryp.Instance))->IV0LR;
+            des->reg[1] = ((CRYP_TypeDef *)(hcryp.Instance))->IV0RR;
+        #else
+            des->reg[0] = hcryp.Instance->IV0LR;
+            des->reg[1] = hcryp.Instance->IV0RR;
+        #endif
     #else
         while (sz > 0) {
             /* if input and output same will overwrite input iv */
@@ -324,8 +321,13 @@
                     STM32_HAL_TIMEOUT);
             }
             /* save off IV */
-            des->reg[0] = hcryp.Instance->IV0LR;
-            des->reg[1] = hcryp.Instance->IV0RR;
+            #ifdef WOLFSSL_STM32MP13
+                des->reg[0] = ((CRYP_TypeDef *)(hcryp.Instance))->IV0LR;
+                des->reg[1] = ((CRYP_TypeDef *)(hcryp.Instance))->IV0RR;
+            #else
+                des->reg[0] = hcryp.Instance->IV0LR;
+                des->reg[1] = hcryp.Instance->IV0RR;
+            #endif
         #else
             while (sz > 0) {
                 if (dir == DES_ENCRYPTION) {
@@ -438,8 +440,6 @@
 
 #elif defined(HAVE_COLDFIRE_SEC)
 
-    #include <wolfssl/wolfcrypt/types.h>
-
     #include "sec.h"
     #include "mcf5475_sec.h"
     #include "mcf5475_siu.h"
@@ -1031,6 +1031,169 @@
     }
 
 
+#ifdef WOLFSSL_DES_ECB
+    /* One block, compatibility only */
+    int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+    {
+        int offset = 0;
+        int len = sz;
+        int ret = 0;
+        byte temp_block[DES_BLOCK_SIZE];
+
+
+    #ifdef FREESCALE_MMCAU_CLASSIC
+        if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) {
+            WOLFSSL_MSG("Bad cau_des_encrypt alignment");
+            return BAD_ALIGN_E;
+        }
+    #endif
+
+        while (len > 0)
+        {
+            XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
+
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret != 0) {
+                return ret;
+            }
+        #ifdef FREESCALE_MMCAU_CLASSIC
+            cau_des_encrypt(temp_block, (byte*)des->key, out + offset);
+        #else
+            MMCAU_DES_EncryptEcb(temp_block, (byte*)des->key, out + offset);
+        #endif
+            wolfSSL_CryptHwMutexUnLock();
+
+            len    -= DES_BLOCK_SIZE;
+            offset += DES_BLOCK_SIZE;
+
+        }
+       return ret;
+
+    }
+
+    int wc_Des_EcbDecrypt(Des* des, byte* out, const byte* in, word32 sz)
+    {
+        int offset = 0;
+        int len = sz;
+        int ret = 0;
+        byte temp_block[DES_BLOCK_SIZE];
+
+    #ifdef FREESCALE_MMCAU_CLASSIC
+        if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) {
+            WOLFSSL_MSG("Bad cau_des_decrypt alignment");
+            return BAD_ALIGN_E;
+        }
+    #endif
+
+        while (len > 0)
+        {
+            XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
+
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret != 0) {
+                return ret;
+            }
+
+        #ifdef FREESCALE_MMCAU_CLASSIC
+            cau_des_decrypt(in + offset, (byte*)des->key, out + offset);
+        #else
+            MMCAU_DES_DecryptEcb(in + offset, (byte*)des->key, out + offset);
+        #endif
+            wolfSSL_CryptHwMutexUnLock();
+
+            len    -= DES_BLOCK_SIZE;
+            offset += DES_BLOCK_SIZE;
+        }
+
+        return ret;
+    }
+
+    int wc_Des3_EcbEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
+    {
+        int offset = 0;
+        int len = sz;
+        int ret = 0;
+
+        byte temp_block[DES_BLOCK_SIZE];
+
+
+    #ifdef FREESCALE_MMCAU_CLASSIC
+        if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) {
+            WOLFSSL_MSG("Bad 3ede cau_des_encrypt alignment");
+            return BAD_ALIGN_E;
+        }
+    #endif
+
+        while (len > 0)
+        {
+            XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
+
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret != 0) {
+                return ret;
+            }
+    #ifdef FREESCALE_MMCAU_CLASSIC
+            cau_des_encrypt(temp_block,   (byte*)des->key[0], out + offset);
+            cau_des_decrypt(out + offset, (byte*)des->key[1], out + offset);
+            cau_des_encrypt(out + offset, (byte*)des->key[2], out + offset);
+    #else
+            MMCAU_DES_EncryptEcb(temp_block  , (byte*)des->key[0], out + offset);
+            MMCAU_DES_DecryptEcb(out + offset, (byte*)des->key[1], out + offset);
+            MMCAU_DES_EncryptEcb(out + offset, (byte*)des->key[2], out + offset);
+    #endif
+            wolfSSL_CryptHwMutexUnLock();
+
+            len    -= DES_BLOCK_SIZE;
+            offset += DES_BLOCK_SIZE;
+
+        }
+
+        return ret;
+    }
+
+    int wc_Des3_EcbDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
+    {
+        int offset = 0;
+        int len = sz;
+        int ret = 0;
+
+        byte temp_block[DES_BLOCK_SIZE];
+
+    #ifdef FREESCALE_MMCAU_CLASSIC
+        if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) {
+            WOLFSSL_MSG("Bad 3ede cau_des_decrypt alignment");
+            return BAD_ALIGN_E;
+        }
+    #endif
+
+        while (len > 0)
+        {
+            XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
+
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret != 0) {
+                return ret;
+            }
+        #ifdef FREESCALE_MMCAU_CLASSIC
+            cau_des_decrypt(in + offset,  (byte*)des->key[2], out + offset);
+            cau_des_encrypt(out + offset, (byte*)des->key[1], out + offset);
+            cau_des_decrypt(out + offset, (byte*)des->key[0], out + offset);
+        #else
+            MMCAU_DES_DecryptEcb(in + offset , (byte*)des->key[2], out + offset);
+            MMCAU_DES_EncryptEcb(out + offset, (byte*)des->key[1], out + offset);
+            MMCAU_DES_DecryptEcb(out + offset, (byte*)des->key[0], out + offset);
+        #endif
+            wolfSSL_CryptHwMutexUnLock();
+
+            len    -= DES_BLOCK_SIZE;
+            offset += DES_BLOCK_SIZE;
+        }
+
+        return ret;
+    }
+#endif /* WOLFSSL_DES_ECB */
+
+
 #elif defined(WOLFSSL_PIC32MZ_CRYPT)
 
     /* PIC32MZ DES hardware requires size multiple of block size */
diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index c2f1fc0b2..8869c0374 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -1,6 +1,6 @@
 /* dh.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef NO_DH
 
@@ -41,8 +36,6 @@
 #endif
 
 #include <wolfssl/wolfcrypt/dh.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 
 #ifdef WOLFSSL_HAVE_SP_DH
 #include <wolfssl/wolfcrypt/sp.h>
@@ -67,7 +60,7 @@
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
@@ -1981,7 +1974,7 @@ int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng,
 
 #ifndef WOLFSSL_KCAPI_DH
 static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
-    const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
+    const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz, int ct)
 {
     int ret = 0;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -2036,19 +2029,21 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
 #ifndef WOLFSSL_SP_NO_2048
     if (mp_count_bits(&key->p) == 2048) {
         if (mp_init(y) != MP_OKAY)
-            return MP_INIT_E;
+            ret = MP_INIT_E;
 
-        SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
+        if (ret == 0) {
+            SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
 
-        if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
-            ret = MP_READ_E;
+            if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
+                ret = MP_READ_E;
 
-        if (ret == 0)
-            ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz);
+            if (ret == 0)
+                ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz);
 
-        mp_clear(y);
+            mp_clear(y);
 
-        RESTORE_VECTOR_REGISTERS();
+            RESTORE_VECTOR_REGISTERS();
+        }
 
         /* make sure agree is > 1 (SP800-56A, 5.7.1.1) */
         if ((ret == 0) &&
@@ -2070,19 +2065,21 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
 #ifndef WOLFSSL_SP_NO_3072
     if (mp_count_bits(&key->p) == 3072) {
         if (mp_init(y) != MP_OKAY)
-            return MP_INIT_E;
+            ret = MP_INIT_E;
 
-        SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
+        if (ret == 0) {
+            SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
 
-        if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
-            ret = MP_READ_E;
+            if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
+                ret = MP_READ_E;
 
-        if (ret == 0)
-            ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz);
+            if (ret == 0)
+                ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz);
 
-        mp_clear(y);
+            mp_clear(y);
 
-        RESTORE_VECTOR_REGISTERS();
+            RESTORE_VECTOR_REGISTERS();
+        }
 
         /* make sure agree is > 1 (SP800-56A, 5.7.1.1) */
         if ((ret == 0) &&
@@ -2104,19 +2101,21 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
 #ifdef WOLFSSL_SP_4096
     if (mp_count_bits(&key->p) == 4096) {
         if (mp_init(y) != MP_OKAY)
-            return MP_INIT_E;
+            ret = MP_INIT_E;
 
-        SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
+        if (ret == 0) {
+            SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
 
-        if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
-            ret = MP_READ_E;
+            if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
+                ret = MP_READ_E;
 
-        if (ret == 0)
-            ret = sp_DhExp_4096(y, priv, privSz, &key->p, agree, agreeSz);
+            if (ret == 0)
+                ret = sp_DhExp_4096(y, priv, privSz, &key->p, agree, agreeSz);
 
-        mp_clear(y);
+            mp_clear(y);
 
-        RESTORE_VECTOR_REGISTERS();
+            RESTORE_VECTOR_REGISTERS();
+        }
 
         /* make sure agree is > 1 (SP800-56A, 5.7.1.1) */
         if ((ret == 0) &&
@@ -2138,6 +2137,13 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
 #endif
 
 #if !defined(WOLFSSL_SP_MATH)
+    if (ct) {
+        /* for the constant-time variant, we will probably use more bits in x for
+         * the modexp than we read from the private key, and those extra bits need
+         * to be zeroed.
+         */
+        XMEMSET(x, 0, sizeof *x);
+    }
     if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) {
     #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         XFREE(z, key->heap, DYNAMIC_TYPE_DH);
@@ -2159,8 +2165,17 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
     if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
         ret = MP_READ_E;
 
-    if (ret == 0 && mp_exptmod(y, x, &key->p, z) != MP_OKAY)
-        ret = MP_EXPTMOD_E;
+    if (ret == 0) {
+        if (ct)
+            ret = mp_exptmod_ex(y, x,
+                                ((int)*agreeSz + DIGIT_BIT - 1) / DIGIT_BIT,
+                                &key->p, z);
+        else
+            ret = mp_exptmod(y, x, &key->p, z);
+        if (ret != MP_OKAY)
+            ret = MP_EXPTMOD_E;
+    }
+
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     if (ret == 0)
         mp_memzero_add("wc_DhAgree_Sync z", z);
@@ -2170,11 +2185,16 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
     if (ret == 0 && (mp_cmp_d(z, 1) == MP_EQ))
         ret = MP_VAL;
 
-    if (ret == 0 && mp_to_unsigned_bin(z, agree) != MP_OKAY)
-        ret = MP_TO_E;
-
-    if (ret == 0)
-        *agreeSz = (word32)mp_unsigned_bin_size(z);
+    if (ret == 0) {
+        if (ct) {
+            ret = mp_to_unsigned_bin_len_ct(z, agree, (int)*agreeSz);
+        }
+        else {
+            ret = mp_to_unsigned_bin(z, agree);
+            if (ret == MP_OKAY)
+                *agreeSz = (word32)mp_unsigned_bin_size(z);
+        }
+    }
 
     mp_forcezero(z);
     mp_clear(y);
@@ -2183,6 +2203,7 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
     RESTORE_VECTOR_REGISTERS();
 
 #else
+    (void)ct;
     ret = WC_KEY_SIZE_E;
 #endif
 
@@ -2238,7 +2259,8 @@ static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz,
 #endif
 
     /* otherwise use software DH */
-    ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
+    ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz,
+                          0);
 
     return ret;
 }
@@ -2267,13 +2289,69 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
     else
 #endif
     {
-        ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
+        ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub,
+                              pubSz, 0);
     }
 #endif /* WOLFSSL_KCAPI_DH */
 
     return ret;
 }
 
+int wc_DhAgree_ct(DhKey* key, byte* agree, word32 *agreeSz, const byte* priv,
+            word32 privSz, const byte* otherPub, word32 pubSz)
+{
+    int ret;
+    word32 requested_agreeSz;
+#ifndef WOLFSSL_NO_MALLOC
+    byte *agree_buffer = NULL;
+#else
+    byte agree_buffer[DH_MAX_SIZE / 8];
+#endif
+
+    if (key == NULL || agree == NULL || agreeSz == NULL || priv == NULL ||
+                                                            otherPub == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    requested_agreeSz = *agreeSz;
+
+#ifndef WOLFSSL_NO_MALLOC
+    agree_buffer = (byte *)XMALLOC(requested_agreeSz, key->heap,
+                                   DYNAMIC_TYPE_DH);
+    if (agree_buffer == NULL)
+        return MEMORY_E;
+#endif
+
+    XMEMSET(agree_buffer, 0, requested_agreeSz);
+
+    ret = wc_DhAgree_Sync(key, agree_buffer, agreeSz, priv, privSz, otherPub,
+                          pubSz, 1);
+
+    if (ret == 0) {
+        /* Arrange for correct fixed-length, right-justified key, even if the
+         * crypto back end doesn't support it.  This assures that the key is
+         * unconditionally agreed correctly.  With some crypto back ends,
+         * e.g. heapmath, there are no provisions for actual constant time, but
+         * with others the key computation and clamping is constant time, and
+         * the unclamping here is also constant time.
+         */
+        byte *agree_src = agree_buffer + *agreeSz - 1,
+            *agree_dst = agree + requested_agreeSz - 1;
+        while (agree_dst >= agree) {
+            word32 mask = (agree_src >= agree_buffer) - 1U;
+            agree_src += (mask & requested_agreeSz);
+            *agree_dst-- = *agree_src--;
+        }
+        *agreeSz = requested_agreeSz;
+    }
+
+#ifndef WOLFSSL_NO_MALLOC
+    XFREE(agree_buffer, key->heap, DYNAMIC_TYPE_DH);
+#endif
+
+    return ret;
+}
+
 #ifdef WOLFSSL_DH_EXTRA
 WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst)
 {
@@ -2465,10 +2543,56 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
 
     if (ret == 0 && !trusted) {
         int isPrime = 0;
-        if (rng != NULL)
-            ret = mp_prime_is_prime_ex(keyP, 8, &isPrime, rng);
+
+        /* Short-circuit the primality check for p if it is one of the named
+         * public moduli (known primes) from RFC 7919.
+         */
+        #ifdef HAVE_FFDHE_2048
+        if ((pSz == sizeof(dh_ffdhe2048_p)) &&
+            (XMEMCMP(p, dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p)) == 0))
+        {
+            isPrime = 1;
+        }
         else
-            ret = mp_prime_is_prime(keyP, 8, &isPrime);
+        #endif
+        #ifdef HAVE_FFDHE_3072
+        if ((pSz == sizeof(dh_ffdhe3072_p)) &&
+            (XMEMCMP(p, dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p)) == 0))
+        {
+            isPrime = 1;
+        }
+        else
+        #endif
+        #ifdef HAVE_FFDHE_4096
+        if ((pSz == sizeof(dh_ffdhe4096_p)) &&
+            (XMEMCMP(p, dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p)) == 0))
+        {
+            isPrime = 1;
+        }
+        else
+        #endif
+        #ifdef HAVE_FFDHE_6144
+        if ((pSz == sizeof(dh_ffdhe6144_p)) &&
+            (XMEMCMP(p, dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p)) == 0))
+        {
+            isPrime = 1;
+        }
+        else
+        #endif
+        #ifdef HAVE_FFDHE_8192
+        if ((pSz == sizeof(dh_ffdhe8192_p)) &&
+            (XMEMCMP(p, dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p)) == 0))
+        {
+            isPrime = 1;
+        }
+        else
+        #endif
+        {
+            if (rng != NULL)
+                ret = mp_prime_is_prime_ex(keyP, 8, &isPrime, rng);
+            else
+                ret = mp_prime_is_prime(keyP, 8, &isPrime);
+        }
 
         if (ret == 0 && isPrime == 0)
             ret = DH_CHECK_PUB_E;
@@ -2900,7 +3024,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
             primeCheckCount = 0;
     int     primeCheck = MP_NO,
             ret = 0;
+#ifdef WOLFSSL_NO_MALLOC
+    unsigned char buf[DH_MAX_SIZE / WOLFSSL_BIT_SIZE];
+#else
     unsigned char *buf = NULL;
+#endif
 
 #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
     XMEMSET(tmp, 0, sizeof(tmp));
@@ -2950,11 +3078,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
     if (ret == 0) {
         bufSz = (word32)modSz - groupSz;
 
+#ifdef WOLFSSL_NO_MALLOC
+        if (bufSz > sizeof(buf))
+            ret = MEMORY_E;
+#else
         /* allocate ram */
         buf = (unsigned char *)XMALLOC(bufSz,
                                        dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (buf == NULL)
             ret = MEMORY_E;
+#endif
     }
 
     /* make a random string that will be multiplied against q */
@@ -3088,11 +3221,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
 
     RESTORE_VECTOR_REGISTERS();
 
-    if (buf != NULL) {
+#ifndef WOLFSSL_NO_MALLOC
+    if (buf != NULL)
+#endif
+    {
         ForceZero(buf, bufSz);
+#ifndef WOLFSSL_NO_MALLOC
         if (dh != NULL) {
             XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
         }
+#endif
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -3149,7 +3287,7 @@ int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
             *pSz = pLen;
             *qSz = qLen;
             *gSz = gLen;
-            ret = LENGTH_ONLY_E;
+            ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
     }
 
diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c
index bedba14ae..e4498edca 100644
--- a/wolfcrypt/src/dilithium.c
+++ b/wolfcrypt/src/dilithium.c
@@ -1,6 +1,6 @@
 /* dilithium.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -70,7 +70,7 @@
  *   but is slower.
  * WOLFSSL_DILITHIUM_SMALL_MEM_POLY64                         Default: OFF
  *   Compiles the small memory implementations to use a 64-bit polynomial.
- *   Uses 2KB of memory but is slighlty quicker (2.75-7%).
+ *   Uses 2KB of memory but is slightly quicker (2.75-7%).
  *
  * WOLFSSL_DILITHIUM_ALIGNMENT                                Default: 8
  *   Use to indicate whether loading and storing of words needs to be aligned.
@@ -80,6 +80,9 @@
  *
  * WOLFSSL_DILITHIUM_NO_ASN1                                  Default: OFF
  *   Disables any ASN.1 encoding or decoding code.
+ * WOLFSSL_DILITHIUM_REVERSE_HASH_OID                         Default: OFF
+ *   Reverse the DER encoded hash oid when signing and verifying a pre-hashed
+ *   message.
  *
  * WC_DILITHIUM_CACHE_MATRIX_A                                Default: OFF
  *   Enable caching of the A matrix on import.
@@ -127,13 +130,7 @@
  *   shift equivalent.
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-/* in case user set HAVE_PQC there */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef WOLFSSL_DILITHIUM_NO_ASN1
 #include <wolfssl/wolfcrypt/asn.h>
@@ -146,8 +143,8 @@
 #endif
 
 #include <wolfssl/wolfcrypt/dilithium.h>
+#include <wolfssl/wolfcrypt/hash.h>
 #include <wolfssl/wolfcrypt/sha3.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -246,6 +243,9 @@ void print_data(const char* name, const byte* d, int len)
 /* Number of bytes to a block of SHAKE-256 when generating s1 and s2. */
 #define DILITHIUM_GEN_S_BLOCK_BYTES    (WC_SHA3_256_COUNT * 8)
 
+/* Length of the hash OID to include in pre-hash message. */
+#define DILITHIUM_HASH_OID_LEN         11
+
 
 /* The ML-DSA parameters sets. */
 static const wc_dilithium_params dilithium_params[] = {
@@ -285,6 +285,44 @@ static const wc_dilithium_params dilithium_params[] = {
       PARAMS_ML_DSA_87_Z_ENC_SIZE,
       PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE },
 #endif
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+#ifndef WOLFSSL_NO_ML_DSA_44
+    { WC_ML_DSA_44_DRAFT, PARAMS_ML_DSA_44_K, PARAMS_ML_DSA_44_L,
+      PARAMS_ML_DSA_44_ETA, PARAMS_ML_DSA_44_ETA_BITS,
+      PARAMS_ML_DSA_44_TAU, PARAMS_ML_DSA_44_BETA, PARAMS_ML_DSA_44_OMEGA,
+      PARAMS_ML_DSA_44_LAMBDA,
+      PARAMS_ML_DSA_44_GAMMA1_BITS, PARAMS_ML_DSA_44_GAMMA2,
+      PARAMS_ML_DSA_44_W1_ENC_SZ, PARAMS_ML_DSA_44_A_SIZE,
+      PARAMS_ML_DSA_44_S1_SIZE, PARAMS_ML_DSA_44_S1_ENC_SIZE,
+      PARAMS_ML_DSA_44_S2_SIZE, PARAMS_ML_DSA_44_S2_ENC_SIZE,
+      PARAMS_ML_DSA_44_Z_ENC_SIZE,
+      PARAMS_ML_DSA_44_PK_SIZE, PARAMS_ML_DSA_44_SIG_SIZE },
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    { WC_ML_DSA_65_DRAFT, PARAMS_ML_DSA_65_K, PARAMS_ML_DSA_65_L,
+      PARAMS_ML_DSA_65_ETA, PARAMS_ML_DSA_65_ETA_BITS,
+      PARAMS_ML_DSA_65_TAU, PARAMS_ML_DSA_65_BETA, PARAMS_ML_DSA_65_OMEGA,
+      PARAMS_ML_DSA_65_LAMBDA,
+      PARAMS_ML_DSA_65_GAMMA1_BITS, PARAMS_ML_DSA_65_GAMMA2,
+      PARAMS_ML_DSA_65_W1_ENC_SZ, PARAMS_ML_DSA_65_A_SIZE,
+      PARAMS_ML_DSA_65_S1_SIZE, PARAMS_ML_DSA_65_S1_ENC_SIZE,
+      PARAMS_ML_DSA_65_S2_SIZE, PARAMS_ML_DSA_65_S2_ENC_SIZE,
+      PARAMS_ML_DSA_65_Z_ENC_SIZE,
+      PARAMS_ML_DSA_65_PK_SIZE, PARAMS_ML_DSA_65_SIG_SIZE },
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    { WC_ML_DSA_87_DRAFT, PARAMS_ML_DSA_87_K, PARAMS_ML_DSA_87_L,
+      PARAMS_ML_DSA_87_ETA, PARAMS_ML_DSA_87_ETA_BITS,
+      PARAMS_ML_DSA_87_TAU, PARAMS_ML_DSA_87_BETA, PARAMS_ML_DSA_87_OMEGA,
+      PARAMS_ML_DSA_87_LAMBDA,
+      PARAMS_ML_DSA_87_GAMMA1_BITS, PARAMS_ML_DSA_87_GAMMA2,
+      PARAMS_ML_DSA_87_W1_ENC_SZ, PARAMS_ML_DSA_87_A_SIZE,
+      PARAMS_ML_DSA_87_S1_SIZE, PARAMS_ML_DSA_87_S1_ENC_SIZE,
+      PARAMS_ML_DSA_87_S2_SIZE, PARAMS_ML_DSA_87_S2_ENC_SIZE,
+      PARAMS_ML_DSA_87_Z_ENC_SIZE,
+      PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE },
+#endif
+#endif
 };
 /* Number of ML-DSA parameter sets compiled in. */
 #define DILITHIUM_PARAMS_CNT \
@@ -300,7 +338,7 @@ static const wc_dilithium_params dilithium_params[] = {
 static int dilithium_get_params(int level, const wc_dilithium_params** params)
 {
     unsigned int i;
-    int ret = NOT_COMPILED_IN;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
     for (i = 0; i < DILITHIUM_PARAMS_CNT; i++) {
         if (dilithium_params[i].level == level) {
@@ -347,7 +385,6 @@ static int dilithium_shake256(wc_Shake* shake256, const byte* data,
     return ret;
 }
 
-#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
 /* 256-bit hash using SHAKE-256.
  *
  * FIPS 204. 8.3: H(v,d) <- SHAKE256(v,d)
@@ -385,6 +422,195 @@ static int dilithium_hash256(wc_Shake* shake256, const byte* data1,
 
     return ret;
 }
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+/* 256-bit hash of context and message using SHAKE-256.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *   10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                         ctx) || M
+ *   ...
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.Sign_internal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64))
+ *   ...
+ *
+ * @param [in, out] shake256  SHAKE-256 object.
+ * @param [in]      tr        Public key hash.
+ * @param [in]      trLen     Length of public key hash in bytes.
+ * @param [in]      preHash   0 when message was not hashed,
+ *                            1 when message was hashed.
+ * @param [in]      ctx       Context of signature.
+ * @param [in]      ctxLen    Length of context of signature in bytes.
+ * @param [in]      ctx       Message to sign.
+ * @param [in]      ctxLen    Length of message to sign in bytes.
+ * @param [out]     hash      Buffer to hold hash result.
+ * @param [in]      hashLen   Number of bytes of hash to return.
+ * @return  0 on success.
+ * @return  Negative on error.
+ */
+static int dilithium_hash256_ctx_msg(wc_Shake* shake256, const byte* tr,
+    byte trLen, byte preHash, const byte* ctx, byte ctxLen, const byte* msg,
+    word32 msgLen, byte* hash, word32 hashLen)
+{
+    int ret;
+    byte prefix[2];
+
+    prefix[0] = preHash;
+    prefix[1] = ctxLen;
+
+    /* Initialize SHAKE-256 operation. */
+    ret = wc_InitShake256(shake256, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        /* Update with public key hash. */
+        ret = wc_Shake256_Update(shake256, tr, trLen);
+    }
+    if (ret == 0) {
+        /* Update with context prefix - 0 | ctxLen. */
+        ret = wc_Shake256_Update(shake256, prefix, (word32)sizeof(prefix));
+    }
+    if (ret == 0) {
+        /* Update with context. */
+        ret = wc_Shake256_Update(shake256, ctx, ctxLen);
+    }
+    if (ret == 0) {
+        /* Update with message. */
+        ret = wc_Shake256_Update(shake256, msg, msgLen);
+    }
+    if (ret == 0) {
+        /* Compute hash of data. */
+        ret = wc_Shake256_Final(shake256, hash, hashLen);
+    }
+
+    return ret;
+}
+
+/* Get the OID for the digest hash.
+ *
+ * @param [in]  hash         Hash algorithm.
+ * @param [out] oidBuffer   Buffer to hold OID.
+ * @param [out] oidLen      Length of OID in buffer.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG if hash algorithm not known.
+ */
+static int dilithium_get_hash_oid(int hash, byte* oidBuffer, word32* oidLen)
+{
+    int ret = 0;
+    const byte* oid;
+
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+
+    oid = OidFromId(wc_HashGetOID((enum wc_HashType)hash), oidHashType, oidLen);
+    if ((oid != NULL) && (*oidLen <= DILITHIUM_HASH_OID_LEN - 2)) {
+#ifndef WOLFSSL_DILITHIUM_REVERSE_HASH_OID
+        oidBuffer[0] = 0x06;   /* ObjectID */
+        oidBuffer[1] = *oidLen;   /* ObjectID */
+        oidBuffer += 2;
+        XMEMCPY(oidBuffer, oid, *oidLen);
+#else
+        int i;
+        for (i = (int)*oidLen - 1; i >= 0; i--) {
+            *(oidBuffer++) = oid[i];
+        }
+        *(oidBuffer++) = *oidLen;   /* ObjectID */
+        * oidBuffer    = 0x06;   /* ObjectID */
+#endif
+        *oidLen += 2;
+     }
+     else {
+        ret = BAD_FUNC_ARG;
+    }
+
+#else
+
+    *oidLen = DILITHIUM_HASH_OID_LEN;
+#ifndef NO_SHA256
+    if (hash == WC_HASH_TYPE_SHA256) {
+        static byte sha256Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
+        };
+        oid = sha256Oid;
+    }
+    else
+#endif
+#ifdef WOLFSSL_SHA384
+    if (hash == WC_HASH_TYPE_SHA384) {
+        static byte sha384Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
+        };
+        oid = sha384Oid;
+    }
+    else
+#endif
+#ifdef WOLFSSL_SHA512
+    if (hash == WC_HASH_TYPE_SHA512) {
+        static byte sha512Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
+        };
+        oid = sha512Oid;
+    }
+    else
+#ifndef WOLFSSL_NOSHA512_256
+    if (hash == WC_HASH_TYPE_SHA512_256) {
+        static byte sha512_256Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x06
+        };
+        oid = sha512_256Oid;
+    }
+    else
+#endif
+#endif
+    if (hash == WC_HASH_TYPE_SHAKE128) {
+        static byte shake128Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0B
+        };
+        oid = shake128Oid;
+    }
+    else if (hash == WC_HASH_TYPE_SHAKE256) {
+        static byte shake256Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0C
+        };
+        oid = shake256Oid;
+    }
+    else if (hash == WC_HASH_TYPE_SHA3_256) {
+        static byte sha3_256Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x08
+        };
+        oid = sha3_256Oid;
+    }
+    else if (hash == WC_HASH_TYPE_SHA3_384) {
+        static byte sha3_384Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x09
+        };
+        oid = sha3_384Oid;
+    }
+    else if (hash == WC_HASH_TYPE_SHA3_512) {
+        static byte sha3_512Oid[DILITHIUM_HASH_OID_LEN] = {
+            0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0A
+        };
+        oid = sha3_512Oid;
+    }
+    else {
+        oid = NULL;
+        ret = BAD_FUNC_ARG;
+    }
+
+    if ((oid != NULL) && (*oidLen <= DILITHIUM_HASH_OID_LEN)) {
+#ifndef WOLFSSL_DILITHIUM_REVERSE_HASH_OID
+        XMEMCPY(oidBuffer, oid, *oidLen);
+#else
+        int i;
+        for (i = (int)*oidLen - 1; i >= 0; i--) {
+            *(oidBuffer++) = oid[i];
+        }
+#endif
+    }
+#endif
+
+    return ret;
+}
 #endif
 
 #ifndef WOLFSSL_DILITHIUM_SMALL
@@ -739,13 +965,13 @@ static void dilithium_vec_decode_eta_bits(const byte* p, byte eta, sword32* s,
  *   2: r0 <- r+ mod +/- 2^d
  *   3: return ((r+ - r0) / 2^d, r0)
  *
- * FIPS 204. 8.2: Algorithm 18 skEncode(rho, K, tr, s1, s2, t0)
+ * FIPS 204. 7.2: Algorithm 24 skEncode(rho, K, tr, s1, s2, t0)
  *   ...
  *   8: for i form 0 to k - 1 do
  *   9:     sk <- sk || BitPack(t0[i], s^(d-1) - 1, 2^(d-1))
  *  10: end for
  *
- * FIPS 204. 8.2: Algorithm 16 pkEncode(rho, t1)
+ * FIPS 204. 7.2: Algorithm 22 pkEncode(rho, t1)
  *   ...
  *   2: for i from 0 to k - 1 do
  *   3:     pk <- pk || SimpleBitPack(t1[i], 2^bitlen(q-1) - d - 1)
@@ -761,9 +987,9 @@ static void dilithium_vec_encode_t0_t1(sword32* t, byte d, byte* t0, byte* t1)
     unsigned int i;
     unsigned int j;
 
-    /* Alg 18, Step 8 and Alg 16, Step 2. For each polynomial of vector. */
+    /* Alg 24, Step 8 and Alg 22, Step 2. For each polynomial of vector. */
     for (i = 0; i < d; i++) {
-        /* Alg 18, Step 9 and Alg 16, Step 3.
+        /* Alg 24, Step 9 and Alg 22, Step 3.
          * Do all polynomial values - 8 at a time. */
         for (j = 0; j < DILITHIUM_N; j += 8) {
             /* Take 8 values of t and take top bits and make positive. */
@@ -1962,7 +2188,7 @@ static int dilithium_rej_ntt_poly_ex(wc_Shake* shake128, byte* seed, sword32* a,
 static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
     void* heap)
 {
-    int ret;
+    int ret = 0;
 #if defined(WOLFSSL_SMALL_STACK)
     byte* h = NULL;
 #else
@@ -1979,7 +2205,8 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
     }
 #endif
 
-    ret = dilithium_rej_ntt_poly_ex(shake128, seed, a, h);
+    if (ret == 0)
+        ret = dilithium_rej_ntt_poly_ex(shake128, seed, a, h);
 
 #if defined(WOLFSSL_SMALL_STACK)
     XFREE(h, heap, DYNAMIC_TYPE_DILITHIUM);
@@ -2528,8 +2755,8 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed,
         word16 n = kappa + r;
 
         /* Step 4: Append to seed and squeeze out data. */
-        seed[DILITHIUM_PRIV_RAND_SEED_SZ + 0] = n;
-        seed[DILITHIUM_PRIV_RAND_SEED_SZ + 1] = n >> 8;
+        seed[DILITHIUM_PRIV_RAND_SEED_SZ + 0] = (byte)n;
+        seed[DILITHIUM_PRIV_RAND_SEED_SZ + 1] = (byte)(n >> 8);
         ret = dilithium_squeeze256(shake256, seed, DILITHIUM_Y_SEED_SZ, v,
             DILITHIUM_MAX_V_BLOCKS);
         if (ret == 0) {
@@ -2564,14 +2791,15 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed,
  *
  * @param [in]  shake256  SHAKE-256 object.
  * @param [in]  seed      Buffer containing seed to expand.
+ * @param [in]  seedLen   Length of seed in bytes.
  * @param [in]  tau       Number of +/- 1s in polynomial.
  * @param [out] c         Commit polynomial.
  * @param [in]  block     Memory to use for block from key.
  * @return  0 on success.
  * @return  Negative on hash error.
  */
-static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed,
-   byte tau, sword32* c, byte* block)
+static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256,
+   const byte* seed, word32 seedLen, byte tau, sword32* c, byte* block)
 {
     int ret = 0;
     unsigned int k;
@@ -2584,8 +2812,18 @@ static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed,
         XMEMSET(c, 0, DILITHIUM_POLY_SIZE);
 
         /* Generate a block of data from seed. */
-        ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block,
-            DILITHIUM_GEN_C_BLOCK_BYTES);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        if (level >= WC_ML_DSA_DRAFT) {
+            ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block,
+                DILITHIUM_GEN_C_BLOCK_BYTES);
+        }
+        else
+#endif
+        {
+            (void)level;
+            ret = dilithium_shake256(shake256, seed, seedLen, block,
+                DILITHIUM_GEN_C_BLOCK_BYTES);
+        }
     }
     if (ret == 0) {
         /* Copy first 8 bytes of first hash block as random sign bits. */
@@ -2634,6 +2872,7 @@ static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed,
  *
  * @param [in]  shake256  SHAKE-256 object.
  * @param [in]  seed      Buffer containing seed to expand.
+ * @param [in]  seedLen   Length of seed in bytes.
  * @param [in]  tau       Number of +/- 1s in polynomial.
  * @param [out] c         Commit polynomial.
  * @param [in]  heap      Dynamic memory hint.
@@ -2641,8 +2880,8 @@ static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed,
  * @return  MEMORY_E when dynamic memory allocation fails.
  * @return  Negative on hash error.
  */
-static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed,
-   byte tau, sword32* c, void* heap)
+static int dilithium_sample_in_ball(int level, wc_Shake* shake256,
+   const byte* seed, word32 seedLen, byte tau, sword32* c, void* heap)
 {
     int ret = 0;
 #if defined(WOLFSSL_SMALL_STACK)
@@ -2662,7 +2901,8 @@ static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed,
 #endif
 
     if (ret == 0) {
-        ret = dilithium_sample_in_ball_ex(shake256, seed, tau, c, block);
+        ret = dilithium_sample_in_ball_ex(level, shake256, seed, seedLen, tau,
+            c, block);
     }
 
 #if defined(WOLFSSL_SMALL_STACK)
@@ -3201,7 +3441,7 @@ static int dilithium_check_hint(const byte* h, byte k, byte omega)
             }
         }
         /* Ensure the last hint is less than the current hint. */
-        else if (h[i - 1] > h[i]) {
+        else if (h[i - 1] >= h[i]) {
             ret = SIG_VERIFY_E;
             break;
         }
@@ -5218,27 +5458,27 @@ static void dilithium_vec_make_pos(sword32* a, byte l)
 /* Make a key from a random seed.
  *
  * xi is seed passed in.
- * FIPS 204. 5: Algorithm 1 ML-DSA.KeyGen()
- *   ...
- *   2: (rho, rho', K) E {0,1}256 x {0,1}512 x {0,1}256 <- H(xi, 1024)
+ * FIPS 204. 6.1: Algorithm 6 ML-DSA.KeyGen_internal(xi)
+ *   1: (rho, rho', K) E B32 x B64 x B32 <- H(xi||k||l, 1024)
+ *   2:
  *   3: A_circum <- ExpandA(rho)
  *   4: (s1,s2) <- ExpandS(rho')
  *   5: t <- NTT-1(A_circum o NTT(s1)) + s2
  *   6: (t1, t0) <- Power2Round(t, d)
  *   7: pk <- pkEncode(rho, t1)
- *   8: tr <- H(BytesToBits(pk), 512)
+ *   8: tr <- H(pk, 64)
  *   9: sk <- skEncode(rho, K, tr, s1, s2, t0)
  *  10: return (pk, sk)
  *
- * FIPS 204. 8.2: Algorithm 16 pkEncode(rho, t1)
- *   1: pk <- BitsToBytes(rho)
- *   2: for i from 0 to l - 1 do
+ * FIPS 204. 7.2: Algorithm 22 pkEncode(rho, t1)
+ *   1: pk <- rho
+ *   2: for i from 0 to k - 1 do
  *   3:     pk <- pk || SimpleBitPack(t1[i], 2^(bitlen(q-1)-d) - 1)
  *   4: end for
  *   5: return pk
  *
- * FIPS 204. 8.2: Algorithm 18 skEncode(rho, K, tr, s, s2, t0)
- *   1: sk <- BitsToBytes(rho) || BitsToBytes(K) || BitsToBytes(tr)
+ * FIPS 204. 7.2: Algorithm 24 skEncode(rho, K, tr, s, s2, t0)
+ *   1: sk <- rho || K || tr
  *   2: for i from 0 to l - 1 do
  *   3:     sk <- sk || BitPack(s1[i], eta, eta)
  *   4: end for
@@ -5268,6 +5508,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
     sword32* s2 = NULL;
     sword32* t = NULL;
     byte* pub_seed = key->k;
+    byte kl[2];
 
     /* Allocate memory for large intermediates. */
 #ifdef WC_DILITHIUM_CACHE_MATRIX_A
@@ -5328,13 +5569,28 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
 #endif
 
     if (ret == 0) {
-        /* Step 2: Create public seed, private seed and K from seed.
-         * Step 9; Alg 18, Step 1: Public seed is placed into private key. */
-        ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed,
-            DILITHIUM_SEEDS_SZ);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        if (key->params->level >= WC_ML_DSA_DRAFT) {
+            /* Step 2: Create public seed, private seed and K from seed.
+             * Step 9; Alg 18, Step 1: Public seed is placed into private key.
+             */
+            ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ,
+                pub_seed, DILITHIUM_SEEDS_SZ);
+        }
+        else
+#endif
+        {
+            kl[0] = params->k;
+            kl[1] = params->l;
+            /* Step 1: Create public seed, private seed and K from seed.
+             * Step 9; Alg 24, Step 1: Public seed is placed into private key.
+             */
+            ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2,
+                pub_seed, DILITHIUM_SEEDS_SZ);
+        }
     }
     if (ret == 0) {
-        /* Step 7; Alg 16 Step 1: Copy public seed into public key. */
+        /* Step 7; Alg 22 Step 1: Copy public seed into public key. */
         XMEMCPY(key->p, pub_seed, DILITHIUM_PUB_SEED_SZ);
 
         /* Step 3: Expand public seed into a matrix of polynomials. */
@@ -5358,9 +5614,9 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
 
         /* Step 9: Move k down to after public seed. */
         XMEMCPY(k, k + DILITHIUM_PRIV_SEED_SZ, DILITHIUM_K_SZ);
-        /* Step 9. Alg 18 Steps 2-4: Encode s1 into private key. */
+        /* Step 9. Alg 24 Steps 2-4: Encode s1 into private key. */
         dilthium_vec_encode_eta_bits(s1, params->l, params->eta, s1p);
-        /* Step 9. Alg 18 Steps 5-7: Encode s2 into private key. */
+        /* Step 9. Alg 24 Steps 5-7: Encode s2 into private key. */
         dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p);
 
         /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */
@@ -5371,11 +5627,11 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
 
         /* Make positive for decomposing. */
         dilithium_vec_make_pos(t, params->k);
-        /* Step 6, Step 7, Step 9. Alg 16 Steps 2-4, Alg 18 Steps 8-10.
+        /* Step 6, Step 7, Step 9. Alg 22 Steps 2-4, Alg 24 Steps 8-10.
          * Decompose t in t0 and t1 and encode into public and private key.
          */
         dilithium_vec_encode_t0_t1(t, params->k, t0, t1);
-        /* Step 8. Alg 18, Step 1: Hash public key into private key. */
+        /* Step 8. Alg 24, Step 1: Hash public key into private key. */
         ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr,
             DILITHIUM_TR_SZ);
     }
@@ -5415,6 +5671,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
     byte* pub_seed = key->k;
     unsigned int r;
     unsigned int s;
+    byte kl[2];
 
     /* Allocate memory for large intermediates. */
     if (ret == 0) {
@@ -5443,15 +5700,30 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
     }
 
     if (ret == 0) {
-        /* Step 2: Create public seed, private seed and K from seed.
-         * Step 9; Alg 18, Step 1: Public seed is placed into private key. */
-        ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed,
-            DILITHIUM_SEEDS_SZ);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        if (key->params->level >= WC_ML_DSA_DRAFT) {
+            /* Step 2: Create public seed, private seed and K from seed.
+             * Step 9; Alg 18, Step 1: Public seed is placed into private key.
+             */
+            ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ,
+                pub_seed, DILITHIUM_SEEDS_SZ);
+        }
+        else
+#endif
+        {
+            kl[0] = params->k;
+            kl[1] = params->l;
+            /* Step 1: Create public seed, private seed and K from seed.
+             * Step 9; Alg 24, Step 1: Public seed is placed into private key.
+             */
+            ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2,
+                pub_seed, DILITHIUM_SEEDS_SZ);
+        }
     }
     if (ret == 0) {
         byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ;
 
-        /* Step 7; Alg 16 Step 1: Copy public seed into public key. */
+        /* Step 7; Alg 22 Step 1: Copy public seed into public key. */
         XMEMCPY(key->p, pub_seed, DILITHIUM_PUB_SEED_SZ);
 
         /* Step 4: Expand private seed into to vectors of polynomials. */
@@ -5471,9 +5743,9 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
 
         /* Step 9: Move k down to after public seed. */
         XMEMCPY(k, k + DILITHIUM_PRIV_SEED_SZ, DILITHIUM_K_SZ);
-        /* Step 9. Alg 18 Steps 2-4: Encode s1 into private key. */
+        /* Step 9. Alg 24 Steps 2-4: Encode s1 into private key. */
         dilthium_vec_encode_eta_bits(s1, params->l, params->eta, s1p);
-        /* Step 9. Alg 18 Steps 5-7: Encode s2 into private key. */
+        /* Step 9. Alg 24 Steps 5-7: Encode s2 into private key. */
         dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p);
 
         /* Step 5: NTT(s1) */
@@ -5588,11 +5860,11 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
             s2t += DILITHIUM_N;
         }
 
-        /* Step 6, Step 7, Step 9. Alg 16 Steps 2-4, Alg 18 Steps 8-10.
+        /* Step 6, Step 7, Step 9. Alg 22 Steps 2-4, Alg 24 Steps 8-10.
          * Decompose t in t0 and t1 and encode into public and private key.
          */
         dilithium_vec_encode_t0_t1(t, params->k, t0, t1);
-        /* Step 8. Alg 18, Step 1: Hash public key into private key. */
+        /* Step 8. Alg 24, Step 1: Hash public key into private key. */
         ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr,
             DILITHIUM_TR_SZ);
     }
@@ -5609,9 +5881,12 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
 
 /* Make a key from a random seed.
  *
- * FIPS 204. 5: Algorithm 1 ML-DSA.KeyGen()
- *   1: xi <- {0,1}256  [Choose random seed]
- *   ...
+ * FIPS 204. 5.1: Algorithm 1 ML-DSA.KeyGen()
+ *   1: xi <- B32  [Choose random seed]
+ *   2: if xi = NULL then
+ *   3:   return falsam
+ *   4: end if
+ *   5: return ML-DSA.KeyGen_internal(xi)
  *
  * @param [in, out] key  Dilithium key.
  * @param [in]      rng  Random number generator.
@@ -5624,10 +5899,11 @@ static int dilithium_make_key(dilithium_key* key, WC_RNG* rng)
     int ret;
     byte seed[DILITHIUM_SEED_SZ];
 
-    /* Generate a 256-bit random seed. */
+    /* Step 1: Generate a 32 byte random seed. */
     ret = wc_RNG_GenerateBlock(rng, seed, DILITHIUM_SEED_SZ);
+    /* Step 2: Check for error. */
     if (ret == 0) {
-        /* Make key with random seed. */
+        /* Step 5: Make key with random seed. */
         ret = wc_dilithium_make_key_from_seed(key, seed);
     }
 
@@ -5642,7 +5918,7 @@ static int dilithium_make_key(dilithium_key* key, WC_RNG* rng)
     defined(WC_DILITHIUM_CACHE_PRIV_VECTORS)
 /* Decode, from private key, and NTT private key vectors s1, s2, and t0.
  *
- * FIPS 204. 6: Algorithm 2 MD-DSA.Sign(sk, M)
+ * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M)
  *   1: (rho, K, tr, s1, s2, t0) <- skDecode(sk)
  *   2: s1_circum <- NTT(s1)
  *   3: s2_circum <- NTT(s2)
@@ -5685,7 +5961,13 @@ static void dilithium_make_priv_vecs(dilithium_key* key, sword32* s1,
 
 /* Sign a message with the key and a seed.
  *
- * FIPS 204. 6: Algorithm 2 MD-DSA.Sign(sk, M)
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.sign(sk, M, ctx)
+ *   ...
+ *  10: M' <- ByyesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx) || M
+ *   ...
+ *
+ * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M)
  *   1: (rho, K, tr, s1, s2, t0) <- skDecode(sk)
  *   2: s1_circum <- NTT(s1)
  *   3: s2_circum <- NTT(s2)
@@ -5724,26 +6006,25 @@ static void dilithium_make_priv_vecs(dilithium_key* key, sword32* s1,
  *  33: return sigma
  *
  * @param [in, out] key     Dilithium key.
- * @param [in, out] seed    Random seed.
- * @param [in]      msg     Message data to sign.
- * @param [in]      msgLen  Length of message data in bytes.
+ * @param [in]      seedMu  Random seed || mu.
  * @param [out]     sig     Buffer to hold signature.
  * @param [in, out] sigLen  On in, length of buffer in bytes.
  *                          On out, the length of the signature in bytes.
  * @return  0 on success.
+ * @return  BAD_FUNC_ARG when context length is greater than 255.
  * @return  BUFFER_E when the signature buffer is too small.
  * @return  MEMORY_E when memory allocation fails.
  * @return  Other negative when an error occurs.
  */
-static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
-    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen)
+static int dilithium_sign_with_seed_mu(dilithium_key* key,
+    const byte* seedMu, byte* sig, word32 *sigLen)
 {
 #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
     int ret = 0;
     const wc_dilithium_params* params = key->params;
     const byte* pub_seed = key->k;
     const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
-    const byte* tr = k + DILITHIUM_K_SZ;
+    const byte* mu = seedMu + DILITHIUM_RND_SZ;
     sword32* a = NULL;
     sword32* s1 = NULL;
     sword32* s2 = NULL;
@@ -5754,13 +6035,11 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
     sword32* c = NULL;
     sword32* z = NULL;
     sword32* ct0 = NULL;
-    byte data[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
-    byte* mu = data + DILITHIUM_RND_SZ;
     byte priv_rand_seed[DILITHIUM_Y_SEED_SZ];
-    byte* h = sig + params->lambda * 2 + params->zEncSz;
+    byte* h = sig + params->lambda / 4 + params->zEncSz;
 
     /* Check the signature buffer isn't too small. */
-    if ((ret == 0) && (*sigLen < params->sigSz)) {
+    if (*sigLen < params->sigSz) {
         ret = BUFFER_E;
     }
     if (ret == 0) {
@@ -5785,11 +6064,13 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
 #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
 #ifndef WC_DILITHIUM_FIXED_ARRAY
     if ((ret == 0) && (key->s1 == NULL)) {
-        key->s1 = (sword32*)XMALLOC(params->aSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        key->s1 = (sword32*)XMALLOC(params->aSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
         if (key->s1 == NULL) {
             ret = MEMORY_E;
         }
         else {
+            XMEMSET(key->s1, 0, params->aSz);
             key->s2 = key->s1  + params->s1Sz / sizeof(*s1);
             key->t0 = key->s2  + params->s2Sz / sizeof(*s2);
         }
@@ -5859,18 +6140,9 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
 #endif
         }
     }
-    if (ret == 0) {
-        /* Step 6: Compute the hash of tr, public key hash, and message. */
-        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
-            mu, DILITHIUM_MU_SZ);
-    }
-    if (ret == 0) {
-        /* Step 7: Copy random into buffer for hashing. */
-        XMEMCPY(data, seed, DILITHIUM_RND_SZ);
-    }
     if (ret == 0) {
         /* Step 9: Compute private random using hash. */
-        ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, data,
+        ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, seedMu,
             DILITHIUM_RND_SZ + DILITHIUM_MU_SZ, priv_rand_seed,
             DILITHIUM_PRIV_RAND_SEED_SZ);
     }
@@ -5914,11 +6186,11 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
                 /* Step 15: Hash mu and encoded w1.
                  * Step 32: Hash is stored in signature. */
                 ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ,
-                    w1e, params->w1EncSz, commit, 2 * params->lambda);
+                    w1e, params->w1EncSz, commit, params->lambda / 4);
                 if (ret == 0) {
                     /* Step 17: Compute c from first 256 bits of commit. */
-                    ret = dilithium_sample_in_ball(&key->shake, commit,
-                        params->tau, c, key->heap);
+                    ret = dilithium_sample_in_ball(params->level, &key->shake,
+                        commit, params->lambda / 4, params->tau, c, key->heap);
                 }
                 if (ret == 0) {
                     sword32 hi;
@@ -5982,7 +6254,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
         while ((ret == 0) && (!valid));
     }
     if (ret == 0) {
-        byte* ze = sig + params->lambda * 2;
+        byte* ze = sig + params->lambda / 4;
         /* Step 32: Encode z into signature.
          * Commit (c) and h already encoded into signature. */
         dilithium_vec_encode_gamma1(z, params->l, params->gamma1_bits, ze);
@@ -5999,6 +6271,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
     const byte* s1p = tr + DILITHIUM_TR_SZ;
     const byte* s2p = s1p + params->s1EncSz;
     const byte* t0p = s2p + params->s2EncSz;
+    const byte* mu = seedMu + DILITHIUM_RND_SZ;
     sword32* a = NULL;
     sword32* s1 = NULL;
     sword32* s2 = NULL;
@@ -6014,10 +6287,8 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
     sword64* t64 = NULL;
 #endif
     byte* blocks = NULL;
-    byte data[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
-    byte* mu = data + DILITHIUM_RND_SZ;
     byte priv_rand_seed[DILITHIUM_Y_SEED_SZ];
-    byte* h = sig + params->lambda * 2 + params->zEncSz;
+    byte* h = sig + params->lambda / 4 + params->zEncSz;
 #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
     byte maxK = (byte)min(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A,
         params->k);
@@ -6088,17 +6359,9 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
         }
     }
 
-    if (ret == 0) {
-        /* Step 7: Copy random into buffer for hashing. */
-        XMEMCPY(data, seed, DILITHIUM_RND_SZ);
-
-        /* Step 6: Compute the hash of tr, public key hash, and message. */
-        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
-            mu, DILITHIUM_MU_SZ);
-    }
     if (ret == 0) {
         /* Step 9: Compute private random using hash. */
-        ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, data,
+        ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, seedMu,
             DILITHIUM_RND_SZ + DILITHIUM_MU_SZ, priv_rand_seed,
             DILITHIUM_PRIV_RAND_SEED_SZ);
     }
@@ -6327,18 +6590,19 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
             #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
                 const byte* s1pt = s1p;
             #endif
-                byte* ze = sig + params->lambda * 2;
+                byte* ze = sig + params->lambda / 4;
 
                 /* Step 15: Encode w1. */
                 dilithium_vec_encode_w1(w1, params->k, params->gamma2, w1e);
                 /* Step 15: Hash mu and encoded w1.
                  * Step 32: Hash is stored in signature. */
                 ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ,
-                    w1e, params->w1EncSz, commit, 2 * params->lambda);
+                    w1e, params->w1EncSz, commit, params->lambda / 4);
                 if (ret == 0) {
                     /* Step 17: Compute c from first 256 bits of commit. */
-                    ret = dilithium_sample_in_ball_ex(&key->shake, commit,
-                        params->tau, c, blocks);
+                    ret = dilithium_sample_in_ball_ex(params->level,
+                        &key->shake, commit, params->lambda / 4, params->tau, c,
+                        blocks);
                 }
                 if (ret == 0) {
                     /* Step 18: NTT(c). */
@@ -6515,11 +6779,185 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
 #endif
 }
 
+/* Sign a message with the key and a seed.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *  10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || M)
+ *  11: sigma <- ML-DSA.Sign_internal(sk, M', rnd)
+ *  12: return sigma
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      seed    Random seed.
+ * @param [in]      ctx     Context of signature.
+ * @param [in]      ctxLen  Length of context in bytes.
+ * @param [in]      msg     Message data to sign.
+ * @param [in]      msgLen  Length of message data in bytes.
+ * @param [out]     sig     Buffer to hold signature.
+ * @param [in, out] sigLen  On in, length of buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when context length is greater than 255.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_ctx_msg_with_seed(dilithium_key* key,
+    const byte* seed, const byte* ctx, byte ctxLen, const byte* msg,
+    word32 msgLen, byte* sig, word32 *sigLen)
+{
+    int ret;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
+
+    XMEMCPY(seedMu, seed, DILITHIUM_RND_SZ);
+    /* Step 6. Calculate mu. */
+    ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0,
+        ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ);
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+
+/* Sign a message with the key and a seed.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *  10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || M)
+ *  11: sigma <- ML-DSA.Sign_internal(sk, M', rnd)
+ *  12: return sigma
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      seed    Random seed.
+ * @param [in]      msg     Message data to sign.
+ * @param [in]      msgLen  Length of message data in bytes.
+ * @param [out]     sig     Buffer to hold signature.
+ * @param [in, out] sigLen  On in, length of buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when context length is greater than 255.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
+    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen)
+{
+    int ret;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
+
+    XMEMCPY(seedMu, seed, DILITHIUM_RND_SZ);
+    /* Step 6. Calculate mu. */
+    ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, mu,
+        DILITHIUM_MU_SZ);
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+
 /* Sign a message with the key and a random number generator.
  *
- * FIPS 204. 6: Algorithm 2 MD-DSA.Sign(sk, M)
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
  *   ...
- *   7: rnd <- {0,1}256  [Randomly generated.]
+ *   5: rnd <- B32  [Randomly generated.]
+ *   6: if rnd = NULL then
+ *   7:     return falsam
+ *   8: end if
+ *   9:
+ *  10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || M)
+ *   ...
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in, out] rng     Random number generator.
+ * @param [in]      ctx     Context of signature.
+ * @param [in]      ctxLen  Length of context.
+ * @param [in]      msg     Message data to sign.
+ * @param [in]      msgLen  Length of message data in bytes.
+ * @param [out]     sig     Buffer to hold signature.
+ * @param [in, out] sigLen  On in, length of buffer in bytes.
+ *                          On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_ctx_msg(dilithium_key* key, WC_RNG* rng,
+    const byte* ctx, byte ctxLen, const byte* msg, word32 msgLen, byte* sig,
+    word32 *sigLen)
+{
+    int ret = 0;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
+
+    /* Must have a random number generator. */
+    if (rng == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 7: Generate random seed. */
+        ret = wc_RNG_GenerateBlock(rng, seedMu, DILITHIUM_RND_SZ);
+    }
+    if (ret == 0) {
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0,
+            ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+
+/* Sign a message with the key and a random number generator.
+ *
+ * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx)
+ *   ...
+ *   5: rnd <- B32  [Randomly generated.]
+ *   6: if rnd = NULL then
+ *   7:     return falsam
+ *   8: end if
+ *   9:
+ *  10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || M)
+ *   ...
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
  *   ...
  *
  * @param [in, out] key     Dilithium key.
@@ -6534,11 +6972,15 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
  * @return  MEMORY_E when memory allocation fails.
  * @return  Other negative when an error occurs.
  */
-static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng, const byte* msg,
-    word32 msgLen, byte* sig, word32 *sigLen)
+static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng,
+    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen)
 {
     int ret = 0;
-    byte rnd[DILITHIUM_RND_SZ];
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
 
     /* Must have a random number generator. */
     if (rng == NULL) {
@@ -6547,12 +6989,136 @@ static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng, const byte* msg,
 
     if (ret == 0) {
         /* Step 7: Generate random seed. */
-        ret = wc_RNG_GenerateBlock(rng, rnd, DILITHIUM_RND_SZ);
+        ret = wc_RNG_GenerateBlock(rng, seedMu, DILITHIUM_RND_SZ);
     }
     if (ret == 0) {
-        /* Sign with random seed. */
-        ret = dilithium_sign_msg_with_seed(key, rnd, msg, msgLen, sig,
-            sigLen);
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
+            mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+
+/* Sign a pre-hashed message with the key and a seed.
+ *
+ * FIPS 204. 5.4.1: Algorithm 4 HashML-DSA.Sign(sk, M, ctx, PH)
+ *   ...
+ *  10: switch PH do
+ *  11:    case SHA-256:
+ *  12:       OID <-  IntegerToBytes(0x0609608648016503040201, 11)
+ *  13:       PHm <- SHA256(M)    (not done here as hash is passed in)
+ *   ...
+ *  22: end switch
+ *  23: M' <- BytesToBits(IntegerToBytes(1, 1) || IntegerToBytes(|ctx|, 1) ||
+ *                        ctx || OID || PHm)
+ *  24: sigma <- ML-DSA.Sign_internal(sk, M', rnd)
+ *  25: return sigma
+ *
+ * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd)
+ *   ...
+ *   6: mu <- H(BytesToBits(tr)||M', 64)
+ *   ...
+ *
+ * @param [in, out] key      Dilithium key.
+ * @param [in]      seed     Random seed.
+ * @param [in]      ctx      Context of signature.
+ * @param [in]      ctxLen   Length of context.
+ * @param [in]      hashAlg  Hash algorithm used on message.
+ * @param [in]      hash     Message hash to sign.
+ * @param [in]      hashLen  Length of message hash in bytes.
+ * @param [out]     sig      Buffer to hold signature.
+ * @param [in, out] sigLen   On in, length of buffer in bytes.
+ *                           On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_ctx_hash_with_seed(dilithium_key* key,
+    const byte* seed, const byte* ctx, byte ctxLen, int hashAlg,
+    const byte* hash, word32 hashLen, byte* sig, word32 *sigLen)
+{
+    int ret = 0;
+    const byte* pub_seed = key->k;
+    const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ;
+    const byte* tr = k + DILITHIUM_K_SZ;
+    byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ];
+    byte* mu = seedMu + DILITHIUM_RND_SZ;
+    byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE];
+    word32 oidMsgHashLen;
+
+    if ((ret == 0) && (hashLen > WC_MAX_DIGEST_SIZE)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        XMEMCPY(seedMu, seed, DILITHIUM_RND_SZ);
+
+        ret = dilithium_get_hash_oid(hashAlg, oidMsgHash, &oidMsgHashLen);
+    }
+    if (ret == 0) {
+        XMEMCPY(oidMsgHash + oidMsgHashLen, hash, hashLen);
+        oidMsgHashLen += hashLen;
+
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 1,
+            ctx, ctxLen, oidMsgHash, oidMsgHashLen, mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen);
+    }
+
+    return ret;
+}
+
+/* Sign a pre-hashed message with the key and a random number generator.
+ *
+ * FIPS 204. 5.4.1: Algorithm 4 HashML-DSA.Sign(sk, M, ctx, PH)
+ *   ...
+ *   5: rnd <- B32  [Randomly generated.]
+ *   6: if rnd = NULL then
+ *   7:     return falsam
+ *   8: end if
+ *   ...
+ *
+ * @param [in, out] key      Dilithium key.
+ * @param [in, out] rng      Random number generator.
+ * @param [in]      ctx      Context of signature.
+ * @param [in]      ctxLen   Length of context.
+ * @param [in]      hashAlg  Hash algorithm used on message.
+ * @param [in]      hash     Message hash to sign.
+ * @param [in]      hashLen  Length of message hash in bytes.
+ * @param [out]     sig      Buffer to hold signature.
+ * @param [in, out] sigLen   On in, length of buffer in bytes.
+ *                           On out, the length of the signature in bytes.
+ * @return  0 on success.
+ * @return  BUFFER_E when the signature buffer is too small.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_sign_ctx_hash(dilithium_key* key, WC_RNG* rng,
+    const byte* ctx, byte ctxLen, int hashAlg, const byte* hash, word32 hashLen,
+    byte* sig, word32 *sigLen)
+{
+    int ret = 0;
+    byte seed[DILITHIUM_RND_SZ];
+
+    /* Must have a random number generator. */
+    if (rng == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* Step 7: Generate random seed. */
+        ret = wc_RNG_GenerateBlock(rng, seed, DILITHIUM_RND_SZ);
+    }
+
+    if (ret == 0) {
+        ret = dilithium_sign_ctx_hash_with_seed(key, seed, ctx, ctxLen, hashAlg,
+            hash, hashLen, sig, sigLen);
     }
 
     return ret;
@@ -6564,6 +7130,11 @@ static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng, const byte* msg,
 
 #if !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) || \
      defined(WC_DILITHIUM_CACHE_PUB_VECTORS)
+/* Make public vector from public key data.
+ *
+ * @param [in, out] key  Key with public key data.
+ * @param [out]     t1   Vector in NTT form.
+ */
 static void dilithium_make_pub_vec(dilithium_key* key, sword32* t1)
 {
     const wc_dilithium_params* params = key->params;
@@ -6590,15 +7161,14 @@ static void dilithium_make_pub_vec(dilithium_key* key, sword32* t1)
  *  7: mu <- H(tr||M, 512)
  *  8: (c1_tilde, c2_tilde) E {0,1}256 x {0,1)2*lambda-256 <- c_tilde
  *  9: c <- SampleInBall(c1_tilde)
- * 10: w'approx <- NTT-1(A_circum o NTT(z) - NTT(c) o NTT(t1.s^d))
+ * 10: w'approx <- NTT-1(A_circum o NTT(z) - NTT(c) o NTT(t1.2^d))
  * 11: w1' <- UseHint(h, w'approx)
  * 12: c'_tilde < H(mu||w1Encode(w1'), 2*lambda)
  * 13: return [[ ||z||inf < GAMMA1 - BETA]] and [[c_tilde = c'_tilde]] and
  *             [[number of 1's in h is <= OMEGA
  *
  * @param [in, out] key     Dilithium key.
- * @param [in]      msg     Message to verify.
- * @param [in]      msgLen  Length of message in bytes.
+ * @param [in]      mu      Data to verify.
  * @param [in]      sig     Signature to verify message.
  * @param [in]      sigLen  Length of message in bytes.
  * @param [out]     res     Result of verification.
@@ -6609,15 +7179,15 @@ static void dilithium_make_pub_vec(dilithium_key* key, sword32* t1)
  * @return  MEMORY_E when memory allocation fails.
  * @return  Other negative when an error occurs.
  */
-static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
-    word32 msgLen, const byte* sig, word32 sigLen, int* res)
+static int dilithium_verify_mu(dilithium_key* key, const byte* mu,
+    const byte* sig, word32 sigLen, int* res)
 {
 #ifndef WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
     int ret = 0;
     const wc_dilithium_params* params = key->params;
     const byte* pub_seed = key->p;
     const byte* commit = sig;
-    const byte* ze = sig + params->lambda * 2;
+    const byte* ze = sig + params->lambda / 4;
     const byte* h = ze + params->zEncSz;
     sword32* a = NULL;
     sword32* t1 = NULL;
@@ -6625,10 +7195,8 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
     sword32* z = NULL;
     sword32* w = NULL;
     sword32* t1c = NULL;
-    byte tr[DILITHIUM_TR_SZ];
-    byte* mu = tr;
+    byte commit_calc[DILITHIUM_TR_SZ];
     byte* w1e = NULL;
-    byte* commit_calc = tr;
     int valid = 0;
     sword32 hi;
 
@@ -6650,6 +7218,9 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
         if (key->a == NULL) {
             ret = MEMORY_E;
         }
+        else {
+            XMEMSET(key->a, 0, params->aSz);
+        }
     }
 #endif
     if (ret == 0) {
@@ -6664,6 +7235,9 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
         if (key->t1 == NULL) {
             ret = MEMORY_E;
         }
+        else {
+            XMEMSET(key->t1, 0, params->s2Sz);
+        }
     }
 #endif
     if (ret == 0) {
@@ -6686,6 +7260,7 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
             ret = MEMORY_E;
         }
         else {
+            XMEMSET(z, 0, allocSz);
             c   = z  + params->s1Sz / sizeof(*z);
             w   = c  + DILITHIUM_N;
 #ifndef WC_DILITHIUM_CACHE_PUB_VECTORS
@@ -6733,19 +7308,9 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
         }
     }
     if ((ret == 0) && valid) {
-        /* Step 6: Hash public key. */
-        ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr,
-            DILITHIUM_TR_SZ);
-    }
-    if ((ret == 0) && valid) {
-        /* Step 7: Hash hash of public key and message. */
-        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
-            mu, DILITHIUM_MU_SZ);
-    }
-    if ((ret == 0) && valid) {
-        /* Step 9: Compute c from first 256 bits of commit. */
-        ret = dilithium_sample_in_ball(&key->shake, commit, params->tau, c,
-            key->heap);
+        /* Step 9: Compute c from commit. */
+        ret = dilithium_sample_in_ball(params->level, &key->shake, commit,
+            params->lambda / 4, params->tau, c, key->heap);
     }
     if ((ret == 0) && valid) {
         /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */
@@ -6761,11 +7326,11 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
         dilithium_vec_encode_w1(w, params->k, params->gamma2, w1e);
         /* Step 12: Hash mu and encoded w1. */
         ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, w1e,
-            params->w1EncSz, commit_calc, 2 * params->lambda);
+            params->w1EncSz, commit_calc, params->lambda / 4);
     }
     if ((ret == 0) && valid) {
         /* Step 13: Compare commit. */
-        valid = (XMEMCMP(commit, commit_calc, 2 * params->lambda) == 0);
+        valid = (XMEMCMP(commit, commit_calc, params->lambda / 4) == 0);
     }
 
     *res = valid;
@@ -6777,7 +7342,7 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
     const byte* pub_seed = key->p;
     const byte* t1p = pub_seed + DILITHIUM_PUB_SEED_SZ;
     const byte* commit = sig;
-    const byte* ze = sig + params->lambda * 2;
+    const byte* ze = sig + params->lambda / 4;
     const byte* h = ze + params->zEncSz;
     sword32* t1 = NULL;
     sword32* a = NULL;
@@ -6790,16 +7355,14 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
 #ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
     byte*    block = NULL;
 #endif
-    byte tr[DILITHIUM_TR_SZ];
-    byte* mu = tr;
     byte* w1e = NULL;
-    byte* commit_calc = tr;
+    byte commit_calc[DILITHIUM_TR_SZ];
     int valid = 0;
     sword32 hi;
     unsigned int r;
     byte o;
     byte* encW1;
-    byte* seed = tr;
+    byte* seed = commit_calc;
 
     /* Ensure the signature is the right size for the parameters. */
     if (sigLen != params->sigSz) {
@@ -6826,6 +7389,7 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
             ret = MEMORY_E;
         }
         else {
+            XMEMSET(z, 0, allocSz);
             c     = z + params->s1Sz / sizeof(*t1);
             w     = c + DILITHIUM_N;
             t1    = w + DILITHIUM_N;
@@ -6864,11 +7428,11 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
 
          /* Step 9: Compute c from first 256 bits of commit. */
 #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
-         ret = dilithium_sample_in_ball_ex(&key->shake, commit, params->tau, c,
-             key->block);
+         ret = dilithium_sample_in_ball_ex(params->level, &key->shake, commit,
+             params->lambda / 4, params->tau, c, key->block);
 #else
-         ret = dilithium_sample_in_ball_ex(&key->shake, commit, params->tau, c,
-             block);
+         ret = dilithium_sample_in_ball_ex(params->level, &key->shake, commit,
+             params->lambda / 4, params->tau, c, block);
 #endif
     }
     if ((ret == 0) && valid) {
@@ -7013,24 +7577,14 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
             }
         }
     }
-    if ((ret == 0) && valid) {
-        /* Step 6: Hash public key. */
-        ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr,
-            DILITHIUM_TR_SZ);
-    }
-    if ((ret == 0) && valid) {
-        /* Step 7: Hash hash of public key and message. */
-        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
-            mu, DILITHIUM_MU_SZ);
-    }
     if ((ret == 0) && valid) {
         /* Step 12: Hash mu and encoded w1. */
         ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, w1e,
-            params->w1EncSz, commit_calc, 2 * params->lambda);
+            params->w1EncSz, commit_calc, params->lambda / 4);
     }
     if ((ret == 0) && valid) {
         /* Step 13: Compare commit. */
-        valid = (XMEMCMP(commit, commit_calc, 2 * params->lambda) == 0);
+        valid = (XMEMCMP(commit, commit_calc, params->lambda / 4) == 0);
     }
 
     *res = valid;
@@ -7041,6 +7595,149 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
 #endif /* !WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM */
 }
 
+/* Verify signature of message using public key.
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      ctx     Context of verification.
+ * @param [in]      ctxLen  Length of context in bytes.
+ * @param [in]      msg     Message to verify.
+ * @param [in]      msgLen  Length of message in bytes.
+ * @param [in]      sig     Signature to verify message.
+ * @param [in]      sigLen  Length of message in bytes.
+ * @param [out]     res     Result of verification.
+ * @return  0 on success.
+ * @return  SIG_VERIFY_E when hint is malformed.
+ * @return  BUFFER_E when the length of the signature does not match
+ *          parameters.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_verify_ctx_msg(dilithium_key* key, const byte* ctx,
+    word32 ctxLen, const byte* msg, word32 msgLen, const byte* sig,
+    word32 sigLen, int* res)
+{
+    int ret = 0;
+    byte tr[DILITHIUM_TR_SZ];
+    byte* mu = tr;
+
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 6: Hash public key. */
+        ret = dilithium_shake256(&key->shake, key->p, key->params->pkSz, tr,
+            DILITHIUM_TR_SZ);
+    }
+    if (ret == 0) {
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0,
+            ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_verify_mu(key, mu, sig, sigLen, res);
+    }
+
+    return ret;
+}
+
+/* Verify signature of message using public key.
+ *
+ * @param [in, out] key     Dilithium key.
+ * @param [in]      msg     Message to verify.
+ * @param [in]      msgLen  Length of message in bytes.
+ * @param [in]      sig     Signature to verify message.
+ * @param [in]      sigLen  Length of message in bytes.
+ * @param [out]     res     Result of verification.
+ * @return  0 on success.
+ * @return  SIG_VERIFY_E when hint is malformed.
+ * @return  BUFFER_E when the length of the signature does not match
+ *          parameters.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
+    word32 msgLen, const byte* sig, word32 sigLen, int* res)
+{
+    int ret = 0;
+    byte tr[DILITHIUM_TR_SZ];
+    byte* mu = tr;
+
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 6: Hash public key. */
+        ret = dilithium_shake256(&key->shake, key->p, key->params->pkSz, tr,
+            DILITHIUM_TR_SZ);
+    }
+    if (ret == 0) {
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen,
+            mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_verify_mu(key, mu, sig, sigLen, res);
+    }
+
+    return ret;
+}
+
+/* Verify signature of message using public key.
+ *
+ * @param [in, out] key       Dilithium key.
+ * @param [in]      ctx       Context of verification.
+ * @param [in]      ctxLen    Length of context in bytes.
+ * @param [iu]      hashAlg   Hash algorithm used on message.
+ * @param [in]      hash      Hash of message to verify.
+ * @param [in]      hashLen   Length of message hash in bytes.
+ * @param [in]      sig       Signature to verify message.
+ * @param [in]      sigLen    Length of message in bytes.
+ * @param [out]     res       Result of verification.
+ * @return  0 on success.
+ * @return  SIG_VERIFY_E when hint is malformed.
+ * @return  BUFFER_E when the length of the signature does not match
+ *          parameters.
+ * @return  MEMORY_E when memory allocation fails.
+ * @return  Other negative when an error occurs.
+ */
+static int dilithium_verify_ctx_hash(dilithium_key* key, const byte* ctx,
+    word32 ctxLen, int hashAlg, const byte* hash, word32 hashLen,
+    const byte* sig, word32 sigLen, int* res)
+{
+    int ret = 0;
+    byte tr[DILITHIUM_TR_SZ];
+    byte* mu = tr;
+    byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE];
+    word32 oidMsgHashLen;
+
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Step 6: Hash public key. */
+        ret = dilithium_shake256(&key->shake, key->p, key->params->pkSz, tr,
+            DILITHIUM_TR_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_get_hash_oid(hashAlg, oidMsgHash, &oidMsgHashLen);
+    }
+    if (ret == 0) {
+        XMEMCPY(oidMsgHash + oidMsgHashLen, hash, hashLen);
+        oidMsgHashLen += hashLen;
+
+        /* Step 6. Calculate mu. */
+        ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 1,
+            ctx, ctxLen, oidMsgHash, oidMsgHashLen, mu, DILITHIUM_MU_SZ);
+    }
+    if (ret == 0) {
+        ret = dilithium_verify_mu(key, mu, sig, sigLen, res);
+    }
+
+    return ret;
+}
 #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */
 
 #elif defined(HAVE_LIBOQS)
@@ -7120,18 +7817,18 @@ static int oqs_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
     /* check and set up out length */
     if (ret == 0) {
         if ((key->level == WC_ML_DSA_44) &&
-                (*sigLen < DILITHIUM_LEVEL2_SIG_SIZE)) {
-            *sigLen = DILITHIUM_LEVEL2_SIG_SIZE;
+                (*sigLen < ML_DSA_LEVEL2_SIG_SIZE)) {
+            *sigLen = ML_DSA_LEVEL2_SIG_SIZE;
             ret = BUFFER_E;
         }
         else if ((key->level == WC_ML_DSA_65) &&
-                 (*sigLen < DILITHIUM_LEVEL3_SIG_SIZE)) {
-            *sigLen = DILITHIUM_LEVEL3_SIG_SIZE;
+                 (*sigLen < ML_DSA_LEVEL3_SIG_SIZE)) {
+            *sigLen = ML_DSA_LEVEL3_SIG_SIZE;
             ret = BUFFER_E;
         }
         else if ((key->level == WC_ML_DSA_87) &&
-                 (*sigLen < DILITHIUM_LEVEL5_SIG_SIZE)) {
-            *sigLen = DILITHIUM_LEVEL5_SIG_SIZE;
+                 (*sigLen < ML_DSA_LEVEL5_SIG_SIZE)) {
+            *sigLen = ML_DSA_LEVEL5_SIG_SIZE;
             ret = BUFFER_E;
         }
         localOutLen = *sigLen;
@@ -7286,6 +7983,63 @@ int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
 #endif
 
 #ifndef WOLFSSL_DILITHIUM_NO_SIGN
+/* Sign the message using the dilithium private key.
+ *
+ *  ctx         [in]      Context of signature.
+ *  ctxLen      [in]      Length of context in bytes.
+ *  msg         [in]      Message to sign.
+ *  msgLen      [in]      Length of the message in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
+    word32 msgLen, byte* sig, word32 *sigLen, dilithium_key* key, WC_RNG* rng)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, ctx, ctxLen,
+                    WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_ctx_msg(key, rng, ctx, ctxLen, msg, msgLen, sig,
+            sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = oqs_dilithium_sign_msg(msg, msgLen, sig, sigLen, key, rng);
+    #endif
+    }
+
+    return ret;
+}
+
 /* Sign the message using the dilithium private key.
  *
  *  msg         [in]      Message to sign.
@@ -7314,8 +8068,8 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
         if (key->devId != INVALID_DEVID)
     #endif
         {
-            ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng,
-                WC_PQC_SIG_TYPE_DILITHIUM, key);
+            ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, NULL, 0,
+                    WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
             if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
                 return ret;
             /* fall-through when unavailable */
@@ -7336,6 +8090,113 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
     return ret;
 }
 
+/* Sign the message hash using the dilithium private key.
+ *
+ *  ctx         [in]      Context of signature.
+ *  ctxLen      [in]      Length of context in bytes.
+ *  hashAlg     [in]      Hash algorithm used on message.
+ *  hash        [in]      Hash of message to sign.
+ *  hashLen     [in]      Length of the message hash in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
+   const byte* hash, word32 hashLen, byte* sig, word32 *sigLen,
+   dilithium_key* key, WC_RNG* rng)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((hash == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_PqcSign(hash, hashLen, sig, sigLen, ctx, ctxLen,
+                    hashAlg, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_ctx_hash(key, rng, ctx, ctxLen, hashAlg, hash,
+            hashLen, sig, sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)hashAlg;
+        (void)hash;
+        (void)hashLen;
+        (void)rng;
+    #endif
+    }
+
+    return ret;
+}
+
+/* Sign the message using the dilithium private key.
+ *
+ *  ctx         [in]      Context of signature.
+ *  ctxLen      [in]      Length of context in bytes.
+ *  msg         [in]      Message to sign.
+ *  msgLen      [in]      Length of the message in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
+    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen,
+    dilithium_key* key, const byte* seed)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_ctx_msg_with_seed(key, seed, ctx, ctxLen, msg,
+            msgLen, sig, sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)msgLen;
+        (void)seed;
+    #endif
+    }
+
+    return ret;
+}
+
 /* Sign the message using the dilithium private key.
  *
  *  msg         [in]      Message to sign.
@@ -7349,7 +8210,7 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
  *          0 otherwise.
  */
 int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
-    word32 *sigLen, dilithium_key* key, byte* seed)
+    word32 *sigLen, dilithium_key* key, const byte* seed)
 {
     int ret = 0;
 
@@ -7371,9 +8232,116 @@ int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
 
     return ret;
 }
+
+/* Sign the message using the dilithium private key.
+ *
+ *  ctx         [in]      Context of signature.
+ *  ctxLen      [in]      Length of context in bytes.
+ *  hashAlg     [in]      Hash algorithm used on message.
+ *  hash        [in]      Hash of message to sign.
+ *  hashLen     [in]      Length of the message hash in bytes.
+ *  sig         [out]     Buffer to write signature into.
+ *  sigLen      [in/out]  On in, size of buffer.
+ *                        On out, the length of the signature in bytes.
+ *  key         [in]      Dilithium key to use when signing
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen,
+    int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32 *sigLen,
+    dilithium_key* key, const byte* seed)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((hash == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Sign message. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_sign_ctx_hash_with_seed(key, seed, ctx, ctxLen,
+            hashAlg, hash, hashLen, sig, sigLen);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)hashAlg;
+        (void)hash;
+        (void)hashLen;
+        (void)seed;
+    #endif
+    }
+
+    return ret;
+}
 #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
+/* Verify the message using the dilithium public key.
+ *
+ *  sig         [in]  Signature to verify.
+ *  sigLen      [in]  Size of signature in bytes.
+ *  ctx         [in]  Context of signature.
+ *  ctxLen      [in]  Length of context in bytes.
+ *  msg         [in]  Message to verify.
+ *  msgLen      [in]  Length of the message in bytes.
+ *  res         [out] *res is set to 1 on successful verification.
+ *  key         [in]  Dilithium key to use to verify.
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
+    word32 ctxLen, const byte* msg, word32 msgLen, int* res, dilithium_key* key)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (sig == NULL) || (msg == NULL) || (res == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, ctx, ctxLen,
+                    WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Verify message with signature. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_verify_ctx_msg(key, ctx, ctxLen, msg, msgLen, sig,
+            sigLen, res);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)sigLen;
+        (void)msgLen;
+        (void)res;
+    #endif
+    }
+
+    return ret;
+}
+
 /* Verify the message using the dilithium public key.
  *
  *  sig         [in]  Signature to verify.
@@ -7396,21 +8364,21 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
         ret = BAD_FUNC_ARG;
     }
 
-    #ifdef WOLF_CRYPTO_CB
+#ifdef WOLF_CRYPTO_CB
     if (ret == 0) {
-        #ifndef WOLF_CRYPTO_CB_FIND
+    #ifndef WOLF_CRYPTO_CB_FIND
         if (key->devId != INVALID_DEVID)
-        #endif
+    #endif
         {
-            ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res,
-                WC_PQC_SIG_TYPE_DILITHIUM, key);
+            ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0,
+                    WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
             if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
                 return ret;
             /* fall-through when unavailable */
             ret = 0;
         }
     }
-    #endif
+#endif
 
     if (ret == 0) {
         /* Verify message with signature. */
@@ -7423,6 +8391,69 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
 
     return ret;
 }
+
+/* Verify the message using the dilithium public key.
+ *
+ *  sig         [in]  Signature to verify.
+ *  sigLen      [in]  Size of signature in bytes.
+ *  ctx         [in]  Context of signature.
+ *  ctxLen      [in]  Length of context in bytes.
+ *  hashAlg     [in]  Hash algorithm used on message.
+ *  hash        [in]  Hash of message to verify.
+ *  hashLen     [in]  Length of the message hash in bytes.
+ *  res         [out] *res is set to 1 on successful verification.
+ *  key         [in]  Dilithium key to use to verify.
+ *  returns BAD_FUNC_ARG when a parameter is NULL, public key not set
+ *          or ctx is NULL and ctxLen is not 0,
+ *          BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
+ *          0 otherwise.
+ */
+int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
+    const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash,
+    word32 hashLen, int* res, dilithium_key* key)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (sig == NULL) || (hash == NULL) || (res == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+#ifdef WOLF_CRYPTO_CB
+    if (ret == 0) {
+    #ifndef WOLF_CRYPTO_CB_FIND
+        if (key->devId != INVALID_DEVID)
+    #endif
+        {
+            ret = wc_CryptoCb_PqcVerify(sig, sigLen, hash, hashLen, ctx, ctxLen,
+                    hashAlg, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Verify message with signature. */
+    #ifdef WOLFSSL_WC_DILITHIUM
+        ret = dilithium_verify_ctx_hash(key, ctx, ctxLen, hashAlg, hash,
+            hashLen, sig, sigLen, res);
+    #elif defined(HAVE_LIBOQS)
+        ret = NOT_COMPILED_IN;
+        (void)sigLen;
+        (void)hashAlg;
+        (void)hash;
+        (void)hashLen;
+    #endif
+    }
+
+    return ret;
+}
 #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */
 
 /* Initialize the dilithium private/public key.
@@ -7543,8 +8574,17 @@ int wc_dilithium_set_level(dilithium_key* key, byte level)
     if (key == NULL) {
         ret = BAD_FUNC_ARG;
     }
-    if ((ret == 0) && (level != WC_ML_DSA_44) && (level != WC_ML_DSA_65) &&
-            (level != WC_ML_DSA_87)) {
+    if ((ret == 0) && ((level == WC_ML_DSA_44) || (level == WC_ML_DSA_65) ||
+            (level == WC_ML_DSA_87))) {
+        /* Nothing to do. */
+    }
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+    else if ((ret == 0) && ((level == WC_ML_DSA_44_DRAFT) ||
+             (level == WC_ML_DSA_65_DRAFT) || (level == WC_ML_DSA_87_DRAFT))) {
+        /* Nothing to do. */
+    }
+#endif
+    else {
         ret = BAD_FUNC_ARG;
     }
 
@@ -7577,7 +8617,7 @@ int wc_dilithium_set_level(dilithium_key* key, byte level)
 #endif /* WOLFSSL_WC_DILITHIUM */
 
         /* Store level and indicate public and private key are not set. */
-        key->level = level;
+        key->level = level % WC_ML_DSA_DRAFT;
         key->pubKeySet = 0;
         key->prvKeySet = 0;
     }
@@ -7649,18 +8689,33 @@ void wc_dilithium_free(dilithium_key* key)
  */
 int wc_dilithium_size(dilithium_key* key)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key != NULL) {
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             ret = DILITHIUM_LEVEL2_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             ret = DILITHIUM_LEVEL3_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             ret = DILITHIUM_LEVEL5_KEY_SIZE;
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = ML_DSA_LEVEL2_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = ML_DSA_LEVEL3_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = ML_DSA_LEVEL5_KEY_SIZE;
+        }
     }
 
     return ret;
@@ -7675,18 +8730,32 @@ int wc_dilithium_size(dilithium_key* key)
  */
 int wc_dilithium_priv_size(dilithium_key* key)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key != NULL) {
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             ret = DILITHIUM_LEVEL2_PRV_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             ret = DILITHIUM_LEVEL3_PRV_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             ret = DILITHIUM_LEVEL5_PRV_KEY_SIZE;
         }
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = ML_DSA_LEVEL2_PRV_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = ML_DSA_LEVEL3_PRV_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = ML_DSA_LEVEL5_PRV_KEY_SIZE;
+        }
     }
 
     return ret;
@@ -7722,18 +8791,33 @@ int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len)
  */
 int wc_dilithium_pub_size(dilithium_key* key)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key != NULL) {
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             ret = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             ret = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             ret = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = ML_DSA_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = ML_DSA_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = ML_DSA_LEVEL5_PUB_KEY_SIZE;
+        }
     }
 
     return ret;
@@ -7768,18 +8852,33 @@ int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len)
  */
 int wc_dilithium_sig_size(dilithium_key* key)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     if (key != NULL) {
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             ret = DILITHIUM_LEVEL2_SIG_SIZE;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             ret = DILITHIUM_LEVEL3_SIG_SIZE;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             ret = DILITHIUM_LEVEL5_SIG_SIZE;
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = ML_DSA_LEVEL2_SIG_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = ML_DSA_LEVEL3_SIG_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = ML_DSA_LEVEL5_SIG_SIZE;
+        }
     }
 
     return ret;
@@ -7844,9 +8943,10 @@ int wc_dilithium_check_key(dilithium_key* key)
      */
 
     if (ret == 0) {
-        params = key->params;
         unsigned int allocSz;
 
+        params = key->params;
+
         /* s1-L, s2-K, t0-K, t-K, t1-K */
         allocSz = params->s1Sz + 4 * params->s2Sz;
 #if !defined(WC_DILITHIUM_CACHE_MATRIX_A)
@@ -7860,6 +8960,7 @@ int wc_dilithium_check_key(dilithium_key* key)
             ret = MEMORY_E;
         }
         else {
+            XMEMSET(s1, 0, allocSz);
             s2 = s1 + params->s1Sz / sizeof(*s1);
             t0 = s2 + params->s2Sz / sizeof(*s2);
             t  = t0 + params->s2Sz / sizeof(*t0);
@@ -7992,7 +9093,11 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen)
     if (ret == 0) {
         /* Get length passed in for checking. */
         inLen = *outLen;
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             /* Set out length. */
             *outLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
             /* Validate length passed in. */
@@ -8000,7 +9105,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen)
                 ret = BUFFER_E;
             }
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             /* Set out length. */
             *outLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
             /* Validate length passed in. */
@@ -8008,7 +9113,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen)
                 ret = BUFFER_E;
             }
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             /* Set out length. */
             *outLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
             /* Validate length passed in. */
@@ -8016,6 +9121,32 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen)
                 ret = BUFFER_E;
             }
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            /* Set out length. */
+            *outLen = ML_DSA_LEVEL2_PUB_KEY_SIZE;
+            /* Validate length passed in. */
+            if (inLen < ML_DSA_LEVEL2_PUB_KEY_SIZE) {
+                ret = BUFFER_E;
+            }
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            /* Set out length. */
+            *outLen = ML_DSA_LEVEL3_PUB_KEY_SIZE;
+            /* Validate length passed in. */
+            if (inLen < ML_DSA_LEVEL3_PUB_KEY_SIZE) {
+                ret = BUFFER_E;
+            }
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            /* Set out length. */
+            *outLen = ML_DSA_LEVEL5_PUB_KEY_SIZE;
+            /* Validate length passed in. */
+            if (inLen < ML_DSA_LEVEL5_PUB_KEY_SIZE) {
+                ret = BUFFER_E;
+            }
+        }
         else {
             /* Level not set. */
             ret = BAD_FUNC_ARG;
@@ -8054,24 +9185,48 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key)
         ret = BAD_FUNC_ARG;
     }
     if (ret == 0) {
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             /* Check length. */
             if (inLen != DILITHIUM_LEVEL2_PUB_KEY_SIZE) {
                 ret = BAD_FUNC_ARG;
             }
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             /* Check length. */
             if (inLen != DILITHIUM_LEVEL3_PUB_KEY_SIZE) {
                 ret = BAD_FUNC_ARG;
             }
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             /* Check length. */
             if (inLen != DILITHIUM_LEVEL5_PUB_KEY_SIZE) {
                 ret = BAD_FUNC_ARG;
             }
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            /* Check length. */
+            if (inLen != ML_DSA_LEVEL2_PUB_KEY_SIZE) {
+                ret = BAD_FUNC_ARG;
+            }
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            /* Check length. */
+            if (inLen != ML_DSA_LEVEL3_PUB_KEY_SIZE) {
+                ret = BAD_FUNC_ARG;
+            }
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            /* Check length. */
+            if (inLen != ML_DSA_LEVEL5_PUB_KEY_SIZE) {
+                ret = BAD_FUNC_ARG;
+            }
+        }
         else {
             /* Level not set. */
             ret = BAD_FUNC_ARG;
@@ -8095,6 +9250,9 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key)
             if (key->t1 == NULL) {
                 ret = MEMORY_E;
             }
+            else {
+                XMEMSET(key->t1, 0, key->params->s2Sz);
+            }
         }
     #endif
     }
@@ -8111,6 +9269,9 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key)
             if (key->a == NULL) {
                 ret = MEMORY_E;
             }
+            else {
+                XMEMSET(key->a, 0, key->params->aSz);
+            }
         }
     #endif
     }
@@ -8154,9 +9315,9 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz,
 #endif
 
     /* Validate parameters. */
-    if ((privSz != DILITHIUM_LEVEL2_KEY_SIZE) &&
-            (privSz != DILITHIUM_LEVEL3_KEY_SIZE) &&
-            (privSz != DILITHIUM_LEVEL5_KEY_SIZE)) {
+    if ((privSz != ML_DSA_LEVEL2_KEY_SIZE) &&
+            (privSz != ML_DSA_LEVEL3_KEY_SIZE) &&
+            (privSz != ML_DSA_LEVEL5_KEY_SIZE)) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -8180,6 +9341,9 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz,
             if (key->a == NULL) {
                 ret = MEMORY_E;
             }
+            else {
+                XMEMSET(key->a, 0, params->aSz);
+            }
         }
     }
 #endif
@@ -8201,6 +9365,9 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz,
         if (key->s1 == NULL) {
             ret = MEMORY_E;
         }
+        else {
+            XMEMSET(key->s1, 0, params->s1Sz + params->s2Sz + params->s2Sz);
+        }
         if (ret == 0) {
             /* Set pointers into allocated memory. */
             key->s2 = key->s1 + params->s1Sz / sizeof(*key->s1);
@@ -8322,15 +9489,30 @@ int wc_dilithium_export_private(dilithium_key* key, byte* out,
     if (ret == 0) {
         inLen = *outLen;
         /* check and set up out length */
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             *outLen = DILITHIUM_LEVEL2_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             *outLen = DILITHIUM_LEVEL3_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             *outLen = DILITHIUM_LEVEL5_KEY_SIZE;
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            *outLen = ML_DSA_LEVEL2_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            *outLen = ML_DSA_LEVEL3_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            *outLen = ML_DSA_LEVEL5_KEY_SIZE;
+        }
         else {
             /* Level not set. */
             ret = BAD_FUNC_ARG;
@@ -8384,6 +9566,29 @@ int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz,
 
 #ifndef WOLFSSL_DILITHIUM_NO_ASN1
 
+/* Maps ASN.1 OID to wolfCrypt security level macros */
+static int mapOidToSecLevel(word32 oid)
+{
+    switch (oid) {
+        case ML_DSA_LEVEL2k:
+            return WC_ML_DSA_44;
+        case ML_DSA_LEVEL3k:
+            return WC_ML_DSA_65;
+        case ML_DSA_LEVEL5k:
+            return WC_ML_DSA_87;
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+        case DILITHIUM_LEVEL2k:
+            return WC_ML_DSA_44_DRAFT;
+        case DILITHIUM_LEVEL3k:
+            return WC_ML_DSA_65_DRAFT;
+        case DILITHIUM_LEVEL5k:
+            return WC_ML_DSA_87_DRAFT;
+#endif
+        default:
+            return ASN_UNKNOWN_OID_E;
+    }
+}
+
 #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
 
 /* Decode the DER encoded Dilithium key.
@@ -8391,11 +9596,19 @@ int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz,
  * @param [in]      input     Array holding DER encoded data.
  * @param [in, out] inOutIdx  On in, index into array of start of DER encoding.
  *                            On out, index into array after DER encoding.
- * @param [in, out] key       Dilithium key to store key.
- * @param [in]      inSz      Total size of data in array.
+ * @param [in, out] key       Dilithium key structure to hold the decoded key.
+ *                            If the security level is set in the key structure
+ *                            on input, the DER key will be decoded as such and
+ *                            will fail if there is a mismatch. If the level
+ *                            and parameters are not set in the key structure on
+ *                            input, the level will be detected from the DER
+ *                            file based on the algorithm OID, appropriately
+ *                            decoded, then updated in the key structure on
+ *                            output. Auto-detection of the security level is
+ *                            not supported if compiled for FIPS 204 draft mode.
+ * @param [in]      inSz      Total size of the input DER buffer array.
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0.
- * @return  BAD_FUNC_ARG when level not set.
  * @return  Other negative on parse error.
  */
 int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
@@ -8415,46 +9628,97 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
 
     if (ret == 0) {
         /* Get OID sum for level. */
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             keytype = DILITHIUM_LEVEL2k;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             keytype = DILITHIUM_LEVEL3k;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             keytype = DILITHIUM_LEVEL5k;
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            keytype = ML_DSA_LEVEL2k;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            keytype = ML_DSA_LEVEL3k;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            keytype = ML_DSA_LEVEL5k;
+        }
         else {
-            /* Level not set. */
-            ret = BAD_FUNC_ARG;
+            /* Level not set by caller, decode from DER */
+            keytype = ANONk; /* 0, not a valid key type in this situation*/
         }
     }
 
     if (ret == 0) {
         /* Decode the asymmetric key and get out private and public key data. */
-        ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKey, &privKeyLen,
-            &pubKey, &pubKeyLen, keytype);
+        ret = DecodeAsymKey_Assign(input, inOutIdx, inSz,
+                                   &privKey, &privKeyLen,
+                                   &pubKey, &pubKeyLen, &keytype);
+        if (ret == 0
+#ifdef WOLFSSL_WC_DILITHIUM
+            && key->params == NULL
+#endif
+        ) {
+            /* Set the security level based on the decoded key. */
+            ret = mapOidToSecLevel(keytype);
+            if (ret > 0) {
+                ret = wc_dilithium_set_level(key, ret);
+            }
+        }
     }
     if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) {
         /* Check if the public key is included in the private key. */
-        if ((key->level == WC_ML_DSA_44) &&
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if ((key->params->level == WC_ML_DSA_44_DRAFT) &&
             (privKeyLen == DILITHIUM_LEVEL2_PRV_KEY_SIZE)) {
             pubKey = privKey + DILITHIUM_LEVEL2_KEY_SIZE;
             pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
             privKeyLen -= DILITHIUM_LEVEL2_PUB_KEY_SIZE;
         }
-        else if ((key->level == WC_ML_DSA_65) &&
+        else if ((key->params->level == WC_ML_DSA_65_DRAFT) &&
                  (privKeyLen == DILITHIUM_LEVEL3_PRV_KEY_SIZE)) {
             pubKey = privKey + DILITHIUM_LEVEL3_KEY_SIZE;
             pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
             privKeyLen -= DILITHIUM_LEVEL3_PUB_KEY_SIZE;
         }
-        else if ((key->level == WC_ML_DSA_87) &&
+        else if ((key->params->level == WC_ML_DSA_87_DRAFT) &&
                  (privKeyLen == DILITHIUM_LEVEL5_PRV_KEY_SIZE)) {
             pubKey = privKey + DILITHIUM_LEVEL5_KEY_SIZE;
             pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
             privKeyLen -= DILITHIUM_LEVEL5_PUB_KEY_SIZE;
         }
+        else
+    #endif
+        if ((key->level == WC_ML_DSA_44) &&
+            (privKeyLen == ML_DSA_LEVEL2_PRV_KEY_SIZE)) {
+            pubKey = privKey + ML_DSA_LEVEL2_KEY_SIZE;
+            pubKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE;
+            privKeyLen -= ML_DSA_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if ((key->level == WC_ML_DSA_65) &&
+                 (privKeyLen == ML_DSA_LEVEL3_PRV_KEY_SIZE)) {
+            pubKey = privKey + ML_DSA_LEVEL3_KEY_SIZE;
+            pubKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE;
+            privKeyLen -= ML_DSA_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if ((key->level == WC_ML_DSA_87) &&
+                 (privKeyLen == ML_DSA_LEVEL5_PRV_KEY_SIZE)) {
+            pubKey = privKey + ML_DSA_LEVEL5_KEY_SIZE;
+            pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE;
+            privKeyLen -= ML_DSA_LEVEL5_PUB_KEY_SIZE;
+        }
     }
 
     if (ret == 0) {
@@ -8489,23 +9753,38 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
 
 #if defined(WOLFSSL_DILITHIUM_NO_ASN1)
 #ifndef WOLFSSL_NO_ML_DSA_44
+static unsigned char ml_dsa_oid_44[] = {
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11
+};
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
 static unsigned char dilithium_oid_44[] = {
     0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
     0x0c, 0x04, 0x04
 };
 #endif
+#endif
 #ifndef WOLFSSL_NO_ML_DSA_65
+static unsigned char ml_dsa_oid_65[] = {
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12
+};
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
 static unsigned char dilithium_oid_65[] = {
     0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
     0x0c, 0x06, 0x05
 };
 #endif
+#endif
 #ifndef WOLFSSL_NO_ML_DSA_87
+static unsigned char ml_dsa_oid_87[] = {
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x13
+};
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
 static unsigned char dilithium_oid_87[] = {
     0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b,
     0x0c, 0x08, 0x07
 };
 #endif
+#endif
 
 static int dilitihium_get_der_length(const byte* input, word32* inOutIdx,
     int *length, word32 inSz)
@@ -8585,7 +9864,17 @@ static int dilithium_check_type(const byte* input, word32* inOutIdx, byte type,
  * @param [in]      input     Array holding DER encoded data.
  * @param [in, out] inOutIdx  On in, index into array of start of DER encoding.
  *                            On out, index into array after DER encoding.
- * @param [in, out] key       Dilithium key to store key.
+ * @param [in, out] key       Dilithium key structure to hold the decoded key.
+ *                            If the security level is set in the key structure
+ *                            on input, the DER key will be decoded as such
+ *                            and will fail if there is a mismatch. If the level
+ *                            and parameters are not set in the key structure on
+ *                            input, the level will be detected from the DER
+ *                            file based on the algorithm OID, appropriately
+ *                            decoded, then updated in the key structure on
+ *                            output. Auto-detection of the security level is
+ *                            not supported if compiled for FIPS 204
+ *                            draft mode.
  * @param [in]      inSz      Total size of data in array.
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0.
@@ -8622,47 +9911,101 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
 
     #if !defined(WOLFSSL_DILITHIUM_NO_ASN1)
             /* Get OID sum for level. */
-            if (key->level == WC_ML_DSA_44) {
+        #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+            if (key->params == NULL) {
+                ret = BAD_FUNC_ARG;
+            }
+            else if (key->params->level == WC_ML_DSA_44_DRAFT) {
                 keytype = DILITHIUM_LEVEL2k;
             }
-            else if (key->level == WC_ML_DSA_65) {
+            else if (key->params->level == WC_ML_DSA_65_DRAFT) {
                 keytype = DILITHIUM_LEVEL3k;
             }
-            else if (key->level == WC_ML_DSA_87) {
+            else if (key->params->level == WC_ML_DSA_87_DRAFT) {
                 keytype = DILITHIUM_LEVEL5k;
             }
+            else
+        #endif
+            if (key->level == WC_ML_DSA_44) {
+                keytype = ML_DSA_LEVEL2k;
+            }
+            else if (key->level == WC_ML_DSA_65) {
+                keytype = ML_DSA_LEVEL3k;
+            }
+            else if (key->level == WC_ML_DSA_87) {
+                keytype = ML_DSA_LEVEL5k;
+            }
             else {
-                /* Level not set. */
-                ret = BAD_FUNC_ARG;
+                /* Level not set by caller, decode from DER */
+                keytype = ANONk; /* 0, not a valid key type in this situation*/
             }
             if (ret == 0) {
                 /* Decode the asymmetric key and get out public key data. */
-                ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKey,
-                    &pubKeyLen, keytype);
+                ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz,
+                                                 &pubKey, &pubKeyLen,
+                                                 &keytype);
+                if (ret == 0
+#ifdef WOLFSSL_WC_DILITHIUM
+                    && key->params == NULL
+#endif
+                ) {
+                    /* Set the security level based on the decoded key. */
+                    ret = mapOidToSecLevel(keytype);
+                    if (ret > 0) {
+                        ret = wc_dilithium_set_level(key, ret);
+                    }
+                }
             }
     #else
             /* Get OID sum for level. */
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+            if (key->params == NULL) {
+                ret = BAD_FUNC_ARG;
+            }
+            else
         #ifndef WOLFSSL_NO_ML_DSA_44
-            if (key->level == WC_ML_DSA_44) {
+            if (key->params->level == WC_ML_DSA_44_DRAFT) {
                 oid = dilithium_oid_44;
                 oidLen = (int)sizeof(dilithium_oid_44);
             }
             else
         #endif
         #ifndef WOLFSSL_NO_ML_DSA_65
-            if (key->level == WC_ML_DSA_65) {
+            if (key->params->level == WC_ML_DSA_65_DRAFT) {
                 oid = dilithium_oid_65;
                 oidLen = (int)sizeof(dilithium_oid_65);
             }
             else
         #endif
         #ifndef WOLFSSL_NO_ML_DSA_87
-            if (key->level == WC_ML_DSA_87) {
+            if (key->params->level == WC_ML_DSA_87_DRAFT) {
                 oid = dilithium_oid_87;
                 oidLen = (int)sizeof(dilithium_oid_87);
             }
             else
         #endif
+    #endif
+        #ifndef WOLFSSL_NO_ML_DSA_44
+            if (key->level == WC_ML_DSA_44) {
+                oid = ml_dsa_oid_44;
+                oidLen = (int)sizeof(ml_dsa_oid_44);
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_DSA_65
+            if (key->level == WC_ML_DSA_65) {
+                oid = ml_dsa_oid_65;
+                oidLen = (int)sizeof(ml_dsa_oid_65);
+            }
+            else
+        #endif
+        #ifndef WOLFSSL_NO_ML_DSA_87
+            if (key->level == WC_ML_DSA_87) {
+                oid = ml_dsa_oid_87;
+                oidLen = (int)sizeof(ml_dsa_oid_87);
+            }
+            else
+        #endif
             {
                 /* Level not set. */
                 ret = BAD_FUNC_ARG;
@@ -8699,7 +10042,7 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
                 ret = dilitihium_get_der_length(input, &idx, &length, inSz);
             }
             if (ret == 0) {
-                if (input[idx] != 0) {
+                if ((input[idx] != 0) || (length == 0)) {
                     ret = ASN_PARSE_E;
                 }
                 idx++;
@@ -8753,18 +10096,36 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len,
 
     if (ret == 0) {
         /* Get OID and length for level. */
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             keytype = DILITHIUM_LEVEL2k;
             pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             keytype = DILITHIUM_LEVEL3k;
             pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             keytype = DILITHIUM_LEVEL5k;
             pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            keytype = ML_DSA_LEVEL2k;
+            pubKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            keytype = ML_DSA_LEVEL3k;
+            pubKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            keytype = ML_DSA_LEVEL5k;
+            pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE;
+        }
         else {
             /* Level not set. */
             ret = BAD_FUNC_ARG;
@@ -8802,23 +10163,41 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len,
  */
 int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 len)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     /* Validate parameters and check public and private key set. */
     if ((key != NULL) && key->prvKeySet && key->pubKeySet) {
         /* Create DER for level. */
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p,
                 DILITHIUM_LEVEL2_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL2k);
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p,
                 DILITHIUM_LEVEL3_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL3k);
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p,
                 DILITHIUM_LEVEL5_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL5k);
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL2_KEY_SIZE, key->p,
+                ML_DSA_LEVEL2_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL2k);
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL3_KEY_SIZE, key->p,
+                ML_DSA_LEVEL3_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL3k);
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL5_KEY_SIZE, key->p,
+                ML_DSA_LEVEL5_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL5k);
+        }
     }
 
     return ret;
@@ -8838,23 +10217,41 @@ int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 len)
  */
 int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 len)
 {
-    int ret = BAD_FUNC_ARG;
+    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     /* Validate parameters and check private key set. */
     if ((key != NULL) && key->prvKeySet) {
         /* Create DER for level. */
-        if (key->level == WC_ML_DSA_44) {
+    #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+        if (key->params == NULL) {
+            ret = BAD_FUNC_ARG;
+        }
+        else if (key->params->level == WC_ML_DSA_44_DRAFT) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0,
                 output, len, DILITHIUM_LEVEL2k);
         }
-        else if (key->level == WC_ML_DSA_65) {
+        else if (key->params->level == WC_ML_DSA_65_DRAFT) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0,
                 output, len, DILITHIUM_LEVEL3k);
         }
-        else if (key->level == WC_ML_DSA_87) {
+        else if (key->params->level == WC_ML_DSA_87_DRAFT) {
             ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0,
                 output, len, DILITHIUM_LEVEL5k);
         }
+        else
+    #endif
+        if (key->level == WC_ML_DSA_44) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL2_KEY_SIZE, NULL, 0, output,
+                len, ML_DSA_LEVEL2k);
+        }
+        else if (key->level == WC_ML_DSA_65) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL3_KEY_SIZE, NULL, 0, output,
+                len, ML_DSA_LEVEL3k);
+        }
+        else if (key->level == WC_ML_DSA_87) {
+            ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL5_KEY_SIZE, NULL, 0, output,
+                len, ML_DSA_LEVEL5k);
+        }
     }
 
     return ret;
diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c
index 520c10040..5be431aaf 100644
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -1,6 +1,6 @@
 /* dsa.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,19 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef NO_DSA
 
 #include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/wolfmath.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/sha.h>
 #include <wolfssl/wolfcrypt/dsa.h>
 
@@ -45,7 +38,7 @@
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
@@ -173,7 +166,7 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
         return MEMORY_E;
     }
 
-    SAVE_VECTOR_REGISTERS();
+    SAVE_VECTOR_REGISTERS(;);
 
 #ifdef WOLFSSL_SMALL_STACK
     if ((tmpQ = (mp_int *)XMALLOC(sizeof(*tmpQ), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL)
@@ -542,7 +535,7 @@ int wc_DsaExportParamsRaw(DsaKey* dsa, byte* p, word32* pSz,
         *pSz = pLen;
         *qSz = qLen;
         *gSz = gLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (p == NULL || q == NULL || g == NULL)
@@ -616,7 +609,7 @@ int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y, word32* ySz)
     if (x == NULL && y == NULL) {
         *xSz = xLen;
         *ySz = yLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (x == NULL || y == NULL)
@@ -1112,32 +1105,32 @@ int wc_DsaVerify_ex(const byte* digest, word32 digestSz, const byte* sig,
 
 #ifdef WOLFSSL_SMALL_STACK
     if (s) {
-        if (ret != WC_NO_ERR_TRACE(MP_INIT_E))
+        if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E))
             mp_clear(s);
         XFREE(s, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (r) {
-        if (ret != WC_NO_ERR_TRACE(MP_INIT_E))
+        if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E))
             mp_clear(r);
         XFREE(r, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (u1) {
-        if (ret != WC_NO_ERR_TRACE(MP_INIT_E))
+        if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E))
             mp_clear(u1);
         XFREE(u1, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (u2) {
-        if (ret != WC_NO_ERR_TRACE(MP_INIT_E))
+        if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E))
             mp_clear(u2);
         XFREE(u2, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (w) {
-        if (ret != WC_NO_ERR_TRACE(MP_INIT_E))
+        if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E))
             mp_clear(w);
         XFREE(w, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
     if (v) {
-        if (ret != WC_NO_ERR_TRACE(MP_INIT_E))
+        if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E))
             mp_clear(v);
         XFREE(v, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 46d7da16c..6d4cd4de7 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -1,6 +1,6 @@
 /* ecc.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,14 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-/* in case user set HAVE_ECC there */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_ECC_NO_SMALL_STACK
 #undef WOLFSSL_SMALL_STACK
@@ -104,6 +97,9 @@ Possible ECC enable options:
  *                      unmasked copy is computed and stored each time it is
  *                      needed.
  *                                                              default: off
+ * WOLFSSL_CHECK_VER_FAULTS
+ *                      Sanity check on verification steps in case of faults.
+ *                                                              default: off
  */
 
 /*
@@ -158,9 +154,6 @@ ECC Curve Sizes:
 
 #include <wolfssl/wolfcrypt/ecc.h>
 #include <wolfssl/wolfcrypt/asn.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/types.h>
 
 #ifdef WOLFSSL_HAVE_SP_ECC
 #include <wolfssl/wolfcrypt/sp.h>
@@ -231,19 +224,11 @@ ECC Curve Sizes:
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
 
-#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
-    #define GEN_MEM_ERR MP_MEM
-#elif defined(USE_FAST_MATH)
-    #define GEN_MEM_ERR FP_MEM
-#else
-    #define GEN_MEM_ERR MP_MEM
-#endif
-
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
     !defined(WOLFSSL_KCAPI_ECC) && !defined(WOLFSSL_SE050) && \
@@ -262,12 +247,12 @@ ECC Curve Sizes:
 
 
 /* macro guard for ecc_check_pubkey_order functionality */
-#if !defined(WOLFSSL_SP_MATH) && \
-    !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
-    !defined(WOLFSSL_SE050) && !defined(WOLFSSL_STM32_PKA) && \
-    (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_IMXRT1170_CAAM) || \
-      defined(WOLFSSL_QNX_CAAM))
+#if (!defined(NO_ECC_CHECK_PUBKEY_ORDER) && \
+     !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
+     !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
+     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
+     !defined(WOLFSSL_SE050) && !defined(WOLFSSL_STM32_PKA)) || \
+     defined(WOLFSSL_IMXRT1170_CAAM) || defined(WOLFSSL_QNX_CAAM)
 
     /* CAAM builds use public key validation as a means to check if an
      * imported private key is an encrypted black key or not */
@@ -864,6 +849,14 @@ enum {
 /* This holds the key settings.
    ***MUST*** be organized by size from smallest to largest. */
 
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
+    #undef ecc_sets
+    #undef ecc_sets_count
+#endif
+
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
+static
+#endif
 const ecc_set_type ecc_sets[] = {
 #ifdef ECC112
     #ifndef NO_ECC_SECP
@@ -1407,8 +1400,17 @@ const ecc_set_type ecc_sets[] = {
     }
 };
 #define ECC_SET_COUNT   (sizeof(ecc_sets)/sizeof(ecc_set_type))
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
+static
+#endif
 const size_t ecc_sets_count = ECC_SET_COUNT - 1;
 
+const ecc_set_type *wc_ecc_get_sets(void) {
+    return ecc_sets;
+}
+size_t wc_ecc_get_sets_count(void) {
+    return ecc_sets_count;
+}
 
 #ifdef HAVE_OID_ENCODING
     /* encoded OID cache */
@@ -1417,13 +1419,19 @@ const size_t ecc_sets_count = ECC_SET_COUNT - 1;
         byte oid[ECC_MAX_OID_LEN];
     } oid_cache_t;
     static oid_cache_t ecc_oid_cache[ECC_SET_COUNT];
+
+    static wolfSSL_Mutex ecc_oid_cache_lock
+        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ecc_oid_cache_lock);
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    static volatile int eccOidLockInit = 0;
 #endif
+#endif /* HAVE_OID_ENCODING */
 
 /* Forward declarations */
 #if defined(HAVE_COMP_KEY) && defined(HAVE_ECC_KEY_EXPORT)
 static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen);
 #endif
-#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER
+#if defined(HAVE_ECC_CHECK_PUBKEY_ORDER) && !defined(WOLFSSL_SP_MATH)
 static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
     mp_int* prime, mp_int* order);
 #endif
@@ -1558,7 +1566,7 @@ static int xil_mpi_import(mp_int *mpi,
     #endif
 
     #define DECLARE_CURVE_SPECS(intcount) ecc_curve_spec* curve = NULL
-    #define ALLOC_CURVE_SPECS(intcount, err) WC_DO_NOTHING
+    #define ALLOC_CURVE_SPECS(intcount, err) (err) = MP_OKAY
     #define FREE_CURVE_SPECS() WC_DO_NOTHING
 #elif defined(WOLFSSL_SMALL_STACK)
 #ifdef WOLFSSL_SP_MATH_ALL
@@ -1570,13 +1578,17 @@ static int xil_mpi_import(mp_int *mpi,
         curve->spec_count = intcount
 
     #define ALLOC_CURVE_SPECS(intcount, err)                            \
+    do {                                                                \
         spec_ints = (unsigned char*)XMALLOC(MP_INT_SIZEOF(MP_BITS_CNT(  \
             MAX_ECC_BITS_USE)) * (intcount), NULL,                      \
             DYNAMIC_TYPE_ECC);                                          \
         if (spec_ints == NULL)                                          \
             (err) = MEMORY_E;                                           \
-        else                                                            \
-            curve->spec_ints = spec_ints
+        else {                                                          \
+            curve->spec_ints = spec_ints;                               \
+            (err) = MP_OKAY;                                            \
+        }                                                               \
+    } while (0)
 #else
     #define DECLARE_CURVE_SPECS(intcount)                               \
         mp_int* spec_ints = NULL;                                       \
@@ -1586,12 +1598,16 @@ static int xil_mpi_import(mp_int *mpi,
         curve->spec_count = intcount
 
     #define ALLOC_CURVE_SPECS(intcount, err)                            \
+    do {                                                                \
         spec_ints = (mp_int*)XMALLOC(sizeof(mp_int) * (intcount), NULL, \
                             DYNAMIC_TYPE_ECC);                          \
         if (spec_ints == NULL)                                          \
             (err) = MEMORY_E;                                           \
-        else                                                            \
-            curve->spec_ints = spec_ints
+        else {                                                          \
+            curve->spec_ints = spec_ints;                               \
+            (err) = MP_OKAY;                                            \
+        }                                                               \
+    } while (0)
 #endif
     #define FREE_CURVE_SPECS()                                          \
         XFREE(spec_ints, NULL, DYNAMIC_TYPE_ECC)
@@ -1614,7 +1630,7 @@ static int xil_mpi_import(mp_int *mpi,
         curve->spec_ints = spec_ints;                                   \
         curve->spec_count = (intcount)
 #endif
-    #define ALLOC_CURVE_SPECS(intcount, err) WC_DO_NOTHING
+    #define ALLOC_CURVE_SPECS(intcount, err) (err) = MP_OKAY
     #define FREE_CURVE_SPECS() WC_DO_NOTHING
 #endif /* ECC_CACHE_CURVE */
 
@@ -1627,7 +1643,7 @@ static void wc_ecc_curve_cache_free_spec_item(ecc_curve_spec* curve, mp_int* ite
     #endif
         mp_clear(item);
     }
-    curve->load_mask &= ~mask;
+    curve->load_mask = (byte)(curve->load_mask & ~mask);
 }
 static void wc_ecc_curve_cache_free_spec(ecc_curve_spec* curve)
 {
@@ -2491,8 +2507,7 @@ static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
    }
    if (err == MP_OKAY && mp_iszero((MP_INT_SIZE*)t2)) {
       /* T2 = X * X */
-      if (err == MP_OKAY)
-          err = mp_sqr(x, t2);
+      err = mp_sqr(x, t2);
       if (err == MP_OKAY)
           err = mp_montgomery_reduce(t2, modulus, mp);
       /* T1 = T2 + T1 */
@@ -2506,8 +2521,7 @@ static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
       /* use "a" in calc */
 
       /* T2 = T1 * T1 */
-      if (err == MP_OKAY)
-          err = mp_sqr(t1, t2);
+      err = mp_sqr(t1, t2);
       if (err == MP_OKAY)
           err = mp_montgomery_reduce(t2, modulus, mp);
       /* T1 = T2 * a */
@@ -2904,7 +2918,7 @@ done:
    if ((mp_count_bits(modulus) == 256) && (!mp_is_bit_set(modulus, 224))) {
        err = sp_ecc_map_sm2_256(P->x, P->y, P->z);
    }
-#elif defined(WOLFSSL_SP_NO_256)
+#elif !defined(WOLFSSL_SP_NO_256)
    if (mp_count_bits(modulus) == 256) {
        err = sp_ecc_map_256(P->x, P->y, P->z);
    }
@@ -4079,24 +4093,24 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap)
    }
 
    p = *point;
-#ifndef WOLFSSL_NO_MALLOC
    if (p == NULL) {
       p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC);
    }
-#endif
    if (p == NULL) {
       return MEMORY_E;
    }
    XMEMSET(p, 0, sizeof(ecc_point));
 
+   if (*point == NULL)
+       p->isAllocated = 1;
+
 #ifndef ALT_ECC_SIZE
    err = mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL);
    if (err != MP_OKAY) {
       WOLFSSL_MSG("mp_init_multi failed.");
-   #ifndef WOLFSSL_NO_MALLOC
-      XFREE(p, heap, DYNAMIC_TYPE_ECC);
-   #endif
-      return err;
+      if (p->isAllocated)
+          XFREE(p, heap, DYNAMIC_TYPE_ECC);
+      p = NULL;
    }
 #else
    p->x = (mp_int*)&p->xyz[0];
@@ -4135,9 +4149,8 @@ static void wc_ecc_del_point_ex(ecc_point* p, void* heap)
       mp_clear(p->x);
       mp_clear(p->y);
       mp_clear(p->z);
-   #ifndef WOLFSSL_NO_MALLOC
-      XFREE(p, heap, DYNAMIC_TYPE_ECC);
-   #endif
+      if (p->isAllocated)
+          XFREE(p, heap, DYNAMIC_TYPE_ECC);
    }
    (void)heap;
 }
@@ -4250,7 +4263,7 @@ int wc_ecc_get_curve_idx(int curve_id)
 
 int wc_ecc_get_curve_id(int curve_idx)
 {
-    if (wc_ecc_is_valid_idx(curve_idx)) {
+    if (wc_ecc_is_valid_idx(curve_idx) && curve_idx >= 0) {
         return ecc_sets[curve_idx].id;
     }
     return ECC_CURVE_INVALID;
@@ -4542,13 +4555,11 @@ int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len)
     }
 #endif
 
-#if !defined(HAVE_OID_ENCODING) && !defined(HAVE_OID_DECODING)
     if (len == 0) {
         /* SAKKE has zero oidSz and will otherwise match with len==0. */
         WOLFSSL_MSG("zero oidSz");
         return ECC_CURVE_INVALID;
     }
-#endif
 
     for (curve_idx = 0; ecc_sets[curve_idx].size != 0; curve_idx++) {
     #if defined(HAVE_OID_ENCODING) && !defined(HAVE_OID_DECODING)
@@ -5520,7 +5531,7 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
             /* Map in a separate call as this should be constant time */
             err = wc_ecc_mulmod_ex2(ecc_get_k(key), base, pub, curve->Af,
                                  curve->prime, curve->order, rng, 0, key->heap);
-            if (err == MP_MEM) {
+            if (err == WC_NO_ERR_TRACE(MP_MEM)) {
                err = MEMORY_E;
             }
         }
@@ -5536,7 +5547,7 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve,
 
     if (err != MP_OKAY
     #ifdef WOLFSSL_ASYNC_CRYPT
-        && err != WC_PENDING_E
+        && err != WC_NO_ERR_TRACE(WC_PENDING_E)
     #endif
     ) {
         /* clean up if failed */
@@ -5990,7 +6001,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
 
         if (err == MP_OKAY
         #ifdef WOLFSSL_ASYNC_CRYPT
-            || err == WC_PENDING_E
+            || err == WC_NO_ERR_TRACE(WC_PENDING_E)
         #endif
         ) {
             key->type = ECC_PRIVATEKEY;
@@ -6640,6 +6651,10 @@ static int wc_ecc_sign_hash_async(const byte* in, word32 inlen, byte* out,
                 #if !defined(WOLFSSL_ASYNC_CRYPT_SW) && defined(HAVE_ECC_CDH)
                     DECLARE_CURVE_SPECS(1);
                     ALLOC_CURVE_SPECS(1, err);
+                    if (err != MP_OKAY) {
+                        WOLFSSL_MSG("ALLOC_CURVE_SPECS failed");
+                        break;
+                    }
 
                     /* get curve order */
                     err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ORDER);
@@ -7495,7 +7510,7 @@ static int _HMAC_K(byte* K, word32 KSz, byte* V, word32 VSz,
 
     ret = init = wc_HmacInit(&hmac, heap, INVALID_DEVID);
     if (ret == 0)
-        ret = wc_HmacSetKey(&hmac, hashType, K, KSz);
+        ret = wc_HmacSetKey(&hmac, (int)hashType, K, KSz);
 
     if (ret == 0)
         ret = wc_HmacUpdate(&hmac, V, VSz);
@@ -7925,6 +7940,9 @@ int wc_ecc_free(ecc_key* key)
 #endif
 
 #ifdef WOLFSSL_SE050
+#ifdef WOLFSSL_SE050_AUTO_ERASE
+    wc_se050_erase_object(key->keyId);
+#endif
     se050_ecc_free_key(key);
 #endif
 
@@ -8206,12 +8224,12 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
   /* allocate memory */
   tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER);
   if (tA == NULL) {
-     return GEN_MEM_ERR;
+     return MP_MEM;
   }
   tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER);
   if (tB == NULL) {
      XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER);
-     return GEN_MEM_ERR;
+     return MP_MEM;
   }
 #endif
 
@@ -8220,7 +8238,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
   if (key == NULL) {
      XFREE(tB, heap, DYNAMIC_TYPE_ECC_BUFFER);
      XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER);
-     return GEN_MEM_ERR;
+     return MP_MEM;
   }
 #endif
 #ifdef WOLFSSL_SMALL_STACK
@@ -8232,7 +8250,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
   #ifdef WOLFSSL_SMALL_STACK_CACHE
      XFREE(key, heap, DYNAMIC_TYPE_ECC_BUFFER);
   #endif
-     return GEN_MEM_ERR;
+     return MP_MEM;
   }
 #endif
 #ifdef WOLFSSL_SMALL_STACK_CACHE
@@ -8870,9 +8888,12 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
 #endif
    mp_int*    e;
    mp_int*    v = NULL;      /* Will be w. */
+#if defined(WOLFSSL_CHECK_VER_FAULTS) && defined(WOLFSSL_NO_MALLOC)
+   mp_int     u1tmp[1];
+   mp_int     u2tmp[1];
+#endif
    mp_int*    u1 = NULL;     /* Will be e. */
    mp_int*    u2 = NULL;     /* Will be w. */
-
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM_V)
    err = wc_ecc_alloc_mpint(key, &key->e);
    if (err != 0) {
@@ -8960,13 +8981,33 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
 #endif
 
    if (err == MP_OKAY) {
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    #ifndef WOLFSSL_NO_MALLOC
+        u1 = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC);
+        u2 = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC);
+       if (u1 == NULL || u2 == NULL)
+            err = MEMORY_E;
+    #else
+        u1 = u1tmp;
+        u2 = u2tmp;
+    #endif
+#else
        u1 = e;
        u2 = w;
+#endif
        v = w;
    }
    if (err == MP_OKAY) {
        err = INIT_MP_INT_SIZE(w, ECC_KEY_MAX_BITS_NONULLCHECK(key));
    }
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+   if (err == MP_OKAY) {
+       err = INIT_MP_INT_SIZE(u1, ECC_KEY_MAX_BITS_NONULLCHECK(key));
+   }
+   if (err == MP_OKAY) {
+       err = INIT_MP_INT_SIZE(u2, ECC_KEY_MAX_BITS_NONULLCHECK(key));
+   }
+#endif
 
    /* allocate points */
    if (err == MP_OKAY) {
@@ -8990,10 +9031,22 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
    if (err == MP_OKAY)
        err = mp_mulmod(e, w, curve->order, u1);
 
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    if (err == MP_OKAY && mp_iszero(e) != MP_YES && mp_cmp(u1, e) == MP_EQ) {
+        err = BAD_STATE_E;
+    }
+#endif
+
    /* u2 = rw */
    if (err == MP_OKAY)
        err = mp_mulmod(r, w, curve->order, u2);
 
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    if (err == MP_OKAY && mp_cmp(u2, w) == MP_EQ) {
+        err = BAD_STATE_E;
+    }
+#endif
+
    /* find mG and mQ */
    if (err == MP_OKAY)
        err = mp_copy(curve->Gx, mG->x);
@@ -9021,16 +9074,35 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
 #ifndef ECC_SHAMIR
     if (err == MP_OKAY)
     {
+     #ifdef WOLFSSL_CHECK_VER_FAULTS
+        ecc_point mG1, mQ1;
+        wc_ecc_copy_point(mQ, &mQ1);
+        wc_ecc_copy_point(mG, &mG1);
+     #endif
+
         mp_digit mp = 0;
 
         if (!mp_iszero((MP_INT_SIZE*)u1)) {
             /* compute u1*mG + u2*mQ = mG */
             err = wc_ecc_mulmod_ex(u1, mG, mG, curve->Af, curve->prime, 0,
                                                                      key->heap);
+        #ifdef WOLFSSL_CHECK_VER_FAULTS
+            if (err == MP_OKAY && wc_ecc_cmp_point(mG, &mG1) == MP_EQ) {
+                err = BAD_STATE_E;
+            }
+
+            /* store new value for comparing with after add operation */
+           wc_ecc_copy_point(mG, &mG1);
+        #endif
             if (err == MP_OKAY) {
                 err = wc_ecc_mulmod_ex(u2, mQ, mQ, curve->Af, curve->prime, 0,
                                                                      key->heap);
             }
+        #ifdef WOLFSSL_CHECK_VER_FAULTS
+            if (err == MP_OKAY && wc_ecc_cmp_point(mQ, &mQ1) == MP_EQ) {
+                err = BAD_STATE_E;
+            }
+        #endif
 
             /* find the montgomery mp */
             if (err == MP_OKAY)
@@ -9040,6 +9112,14 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
             if (err == MP_OKAY)
                 err = ecc_projective_add_point_safe(mQ, mG, mG, curve->Af,
                                                         curve->prime, mp, NULL);
+        #ifdef WOLFSSL_CHECK_VER_FAULTS
+            if (err == MP_OKAY && wc_ecc_cmp_point(mG, &mG1) == MP_EQ) {
+                err = BAD_STATE_E;
+            }
+            if (err == MP_OKAY && wc_ecc_cmp_point(mG, mQ) == MP_EQ) {
+                err = BAD_STATE_E;
+            }
+        #endif
         }
         else {
             /* compute 0*mG + u2*mQ = mG */
@@ -9062,6 +9142,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
     }
 #endif /* ECC_SHAMIR */
 #endif /* FREESCALE_LTC_ECC */
+
    /* v = X_x1 mod n */
    if (err == MP_OKAY)
        err = mp_mod(mG->x, curve->order, v);
@@ -9070,6 +9151,11 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
    if (err == MP_OKAY) {
        if (mp_cmp(v, r) == MP_EQ)
            *res = 1;
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+       /* redundant comparison as sanity check that first one happened */
+       if (*res == 1 && mp_cmp(r, v) != MP_EQ)
+           *res = 0;
+#endif
    }
 
    /* cleanup */
@@ -9079,6 +9165,14 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
    mp_clear(e);
    mp_clear(w);
    FREE_MP_INT_SIZE(w, key->heap, DYNAMIC_TYPE_ECC);
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+   mp_clear(u1);
+   mp_clear(u2);
+#ifndef WOLFSSL_NO_MALLOC
+   XFREE(u1, key->heap, DYNAMIC_TYPE_ECC);
+   XFREE(u2, key->heap, DYNAMIC_TYPE_ECC);
+#endif
+#endif
 #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V)
    FREE_MP_INT_SIZE(e_lcl, key->heap, DYNAMIC_TYPE_ECC);
 #endif
@@ -9124,6 +9218,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 #elif defined(WOLFSSL_XILINX_CRYPT_VERSAL)
    byte sigRS[ECC_MAX_CRYPTO_HW_SIZE * 2];
    byte hashcopy[ECC_MAX_CRYPTO_HW_SIZE] = {0};
+#elif defined(WOLFSSL_SE050)
 #else
    int curveLoaded = 0;
    DECLARE_CURVE_SPECS(ECC_CURVE_FIELD_COUNT);
@@ -9291,7 +9386,6 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 
 #if !defined(WOLFSSL_SP_MATH) || defined(FREESCALE_LTC_ECC)
    if (!curveLoaded) {
-       err = 0; /* potential for NOT_COMPILED_IN error from SP attempt */
        ALLOC_CURVE_SPECS(ECC_CURVE_FIELD_COUNT, err);
        if (err != 0) {
           return err;
@@ -9603,7 +9697,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
     /* return length needed only */
     if (point != NULL && out == NULL && outLen != NULL) {
         *outLen = 1 + 2*numlen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (point == NULL || out == NULL || outLen == NULL)
@@ -9679,7 +9773,7 @@ int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point,
     /* return length needed only */
     if (point != NULL && out == NULL && outLen != NULL) {
         *outLen = output_len;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (point == NULL || out == NULL || outLen == NULL)
@@ -9743,7 +9837,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
       /* if key hasn't been setup assume max bytes for size estimation */
       numlen = key->dp ? (word32)key->dp->size : MAX_ECC_BYTES;
       *outLen = 1 + 2 * numlen;
-      return LENGTH_ONLY_E;
+      return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
    }
 
    if (key == NULL || out == NULL || outLen == NULL)
@@ -9840,11 +9934,7 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
 #endif /* HAVE_ECC_KEY_EXPORT */
 
 
-#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
-    !defined(WOLFSSL_STM32_PKA) && \
-    (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \
-      defined(WOLFSSL_IMXRT1170_CAAM))
+#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER
 
 /* is ecc point on curve described by dp ? */
 static int _ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
@@ -10045,6 +10135,10 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
         return BAD_FUNC_ARG;
 
     ALLOC_CURVE_SPECS(3, err);
+    if (err != MP_OKAY) {
+        WOLFSSL_MSG("ALLOC_CURVE_SPECS failed");
+        return err;
+    }
 
 #ifdef WOLFSSL_NO_MALLOC
     res = &lcl_res;
@@ -10186,7 +10280,6 @@ static int ecc_check_privkey_gen_helper(ecc_key* key)
     /* Hardware based private key, so this operation is not supported */
     err = MP_OKAY; /* just report success */
 #else
-    err = MP_OKAY;
     ALLOC_CURVE_SPECS(2, err);
 
     /* load curve info */
@@ -10221,23 +10314,32 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
     }
 
     if (!err && (flags & WC_ECC_FLAG_DEC_SIGN)) {
+#ifndef WOLFSSL_SMALL_STACK
+        #define SIG_SZ ((MAX_ECC_BYTES * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)
+        byte sig[SIG_SZ + WC_SHA256_DIGEST_SIZE];
+#else
         byte* sig;
+#endif
         byte* digest;
         word32 sigLen, digestLen;
         int dynRng = 0, res = 0;
 
         sigLen = (word32)wc_ecc_sig_size(key);
         digestLen = WC_SHA256_DIGEST_SIZE;
-        sig = (byte*)XMALLOC(sigLen + digestLen, NULL, DYNAMIC_TYPE_ECC);
+#ifdef WOLFSSL_SMALL_STACK
+        sig = (byte*)XMALLOC(sigLen + digestLen, key->heap, DYNAMIC_TYPE_ECC);
         if (sig == NULL)
             return MEMORY_E;
+#endif
         digest = sig + sigLen;
 
         if (rng == NULL) {
             dynRng = 1;
-            rng = wc_rng_new(NULL, 0, NULL);
+            rng = wc_rng_new(NULL, 0, key->heap);
             if (rng == NULL) {
-                XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
+#ifdef WOLFSSL_SMALL_STACK
+                XFREE(sig, key->heap, DYNAMIC_TYPE_ECC);
+#endif
                 return MEMORY_E;
             }
         }
@@ -10258,7 +10360,9 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
             wc_rng_free(rng);
         }
         ForceZero(sig, sigLen + digestLen);
-        XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(sig, key->heap, DYNAMIC_TYPE_ECC);
+#endif
     }
     (void)rng;
 
@@ -10267,9 +10371,10 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
 
     return err;
 }
-#endif /* (FIPS v5 or later || WOLFSSL_VALIDATE_ECC_KEYGEN) &&!WOLFSSL_KCAPI_ECC */
+#endif /* (FIPS v5 or later || WOLFSSL_VALIDATE_ECC_KEYGEN) && \
+          !WOLFSSL_KCAPI_ECC */
 
-#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER
+#ifndef WOLFSSL_SP_MATH
 /* validate order * pubkey = point at infinity, 0 on success */
 static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
         mp_int* prime, mp_int* order)
@@ -10342,12 +10447,8 @@ static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
     return err;
 }
 #endif /* !WOLFSSL_SP_MATH */
+#endif /* HAVE_ECC_CHECK_PUBKEY_ORDER */
 
-#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A &&
-          !WOLFSSL_CRYPTOCELL && !WOLFSSL_SE050 && !WOLFSSL_STM32_PKA &&
-          (!WOLF_CRYPTO_CB_ONLY_ECC || WOLFSSL_QNX_CAAM ||
-            WOLFSSL_IMXRT1170_CAAM)
-       */
 
 #ifdef OPENSSL_EXTRA
 int wc_ecc_get_generator(ecc_point* ecp, int curve_idx)
@@ -10375,7 +10476,7 @@ int wc_ecc_get_generator(ecc_point* ecp, int curve_idx)
 
     return err;
 }
-#endif /* OPENSSLALL */
+#endif /* OPENSSL_EXTRA */
 
 
 /* Validate the public key per SP 800-56Ar3 section 5.6.2.3.3,
@@ -10387,7 +10488,7 @@ int wc_ecc_get_generator(ecc_point* ecp, int curve_idx)
 static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
 {
     int err = MP_OKAY;
-#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER
+#if defined(HAVE_ECC_CHECK_PUBKEY_ORDER) && !defined(WOLFSSL_SP_MATH)
     mp_int* b = NULL;
     #ifdef USE_ECC_B_PARAM
         DECLARE_CURVE_SPECS(4);
@@ -10397,13 +10498,23 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
         #endif
         DECLARE_CURVE_SPECS(3);
     #endif /* USE_ECC_B_PARAM */
-#endif /* HAVE_ECC_CHECK_PUBKEY_ORDER */
+#endif
 
     ASSERT_SAVED_VECTOR_REGISTERS();
 
     if (key == NULL)
         return BAD_FUNC_ARG;
 
+#ifndef HAVE_ECC_CHECK_PUBKEY_ORDER
+    /* consider key check success on HW crypto
+     * ex: ATECC508/608A, CryptoCell and Silabs
+     *
+     * consider key check success on most Crypt Cb only builds
+     */
+    err = MP_OKAY;
+
+#else
+
 #ifdef WOLFSSL_HAVE_SP_ECC
 #ifndef WOLFSSL_SP_NO_256
     if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) {
@@ -10438,15 +10549,6 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
 #endif
 
 #ifndef WOLFSSL_SP_MATH
-#ifndef HAVE_ECC_CHECK_PUBKEY_ORDER
-    /* consider key check success on HW crypto
-     * ex: ATECC508/608A, CryptoCell and Silabs
-     *
-     * consider key check success on most Crypt Cb only builds
-     */
-    err = MP_OKAY;
-
-#else
     #ifdef USE_ECC_B_PARAM
         ALLOC_CURVE_SPECS(4, err);
     #else
@@ -10570,11 +10672,13 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
 #endif
 
     FREE_CURVE_SPECS();
-#endif /* HAVE_ECC_CHECK_PUBKEY_ORDER */
 
 #else
+    /* The single precision math curve is not available */
     err = WC_KEY_SIZE_E;
 #endif /* !WOLFSSL_SP_MATH */
+#endif /* HAVE_ECC_CHECK_PUBKEY_ORDER */
+
     (void)partial;
     (void)priv;
     return err;
@@ -11252,7 +11356,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
 #endif
 
 #ifdef WOLFSSL_MAXQ10XX_CRYPTO
-    if (ret == 0) {
+    if ((ret == 0) && (key->devId != INVALID_DEVID)) {
         ret = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
     }
 #elif defined(WOLFSSL_SILABS_SE_ACCEL)
@@ -12417,6 +12521,9 @@ static const struct {
 /* find a hole and free as required, return -1 if no hole found */
 static int find_hole(void)
 {
+#ifdef WOLFSSL_NO_MALLOC
+   return -1;
+#else
    int      x, y, z;
    for (z = -1, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) {
        if (fp_cache[x].lru_count < y && fp_cache[x].lock == 0) {
@@ -12445,6 +12552,7 @@ static int find_hole(void)
       fp_cache[z].lru_count = 0;
    }
    return z;
+#endif /* !WOLFSSL_NO_MALLOC */
 }
 
 /* determine if a base is already in the cache and if so, where */
@@ -12473,7 +12581,7 @@ static int add_entry(int idx, ecc_point *g)
    /* allocate base and LUT */
    fp_cache[idx].g = wc_ecc_new_point();
    if (fp_cache[idx].g == NULL) {
-      return GEN_MEM_ERR;
+      return MP_MEM;
    }
 
    /* copy x and y */
@@ -12482,7 +12590,7 @@ static int add_entry(int idx, ecc_point *g)
        (mp_copy(g->z, fp_cache[idx].g->z) != MP_OKAY)) {
       wc_ecc_del_point(fp_cache[idx].g);
       fp_cache[idx].g = NULL;
-      return GEN_MEM_ERR;
+      return MP_MEM;
    }
 
    for (x = 0; x < (1U<<FP_LUT); x++) {
@@ -12495,7 +12603,7 @@ static int add_entry(int idx, ecc_point *g)
          wc_ecc_del_point(fp_cache[idx].g);
          fp_cache[idx].g         = NULL;
          fp_cache[idx].lru_count = 0;
-         return GEN_MEM_ERR;
+         return MP_MEM;
       }
    }
 
@@ -12531,7 +12639,7 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp,
 
    err = mp_init(tmp);
    if (err != MP_OKAY) {
-       err = GEN_MEM_ERR;
+       err = MP_MEM;
        goto errout;
    }
 
@@ -12568,20 +12676,22 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp,
 
    /* make all single bit entries */
    for (x = 1; x < FP_LUT; x++) {
-      if ((mp_copy(fp_cache[idx].LUT[1<<(x-1)]->x,
-                   fp_cache[idx].LUT[1<<x]->x) != MP_OKAY) ||
-          (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->y,
-                   fp_cache[idx].LUT[1<<x]->y) != MP_OKAY) ||
-          (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->z,
-                   fp_cache[idx].LUT[1<<x]->z) != MP_OKAY)){
+      if ((mp_copy(fp_cache[idx].LUT[(unsigned int)(1 << (x-1))]->x,
+                   fp_cache[idx].LUT[(unsigned int)(1 <<  x   )]->x) != MP_OKAY) ||
+          (mp_copy(fp_cache[idx].LUT[(unsigned int)(1 << (x-1))]->y,
+                   fp_cache[idx].LUT[(unsigned int)(1 <<  x   )]->y) != MP_OKAY) ||
+          (mp_copy(fp_cache[idx].LUT[(unsigned int)(1 << (x-1))]->z,
+                   fp_cache[idx].LUT[(unsigned int)(1 <<  x   )]->z) != MP_OKAY)) {
           err = MP_INIT_E;
           goto errout;
       } else {
 
          /* now double it bitlen/FP_LUT times */
          for (y = 0; y < lut_gap; y++) {
-             if ((err = ecc_projective_dbl_point_safe(fp_cache[idx].LUT[1<<x],
-                            fp_cache[idx].LUT[1<<x], a, modulus, mp)) != MP_OKAY) {
+             if ((err = ecc_projective_dbl_point_safe(
+                                      fp_cache[idx].LUT[(unsigned int)(1<<x)],
+                                      fp_cache[idx].LUT[(unsigned int)(1<<x)],
+                                      a, modulus, mp)) != MP_OKAY) {
                  goto errout;
              }
          }
@@ -12784,7 +12894,7 @@ static int accel_fp_mul(int idx, const mp_int* k, ecc_point *R, mp_int* a,
              by x bits from the start */
           bitpos = (unsigned)x;
           for (y = z = 0; y < FP_LUT; y++) {
-             z |= ((kb[bitpos>>3] >> (bitpos&7)) & 1) << y;
+             z |= (((word32)kb[bitpos>>3U] >> (bitpos&7U)) & 1U) << y;
              bitpos += lut_gap;  /* it's y*lut_gap + x, but here we can avoid
                                     the mult in each loop */
           }
@@ -12807,7 +12917,7 @@ static int accel_fp_mul(int idx, const mp_int* k, ecc_point *R, mp_int* a,
              if ((mp_copy(fp_cache[idx].LUT[z]->x, R->x) != MP_OKAY) ||
                  (mp_copy(fp_cache[idx].LUT[z]->y, R->y) != MP_OKAY) ||
                  (mp_copy(&fp_cache[idx].mu,       R->z) != MP_OKAY)) {
-                 err = GEN_MEM_ERR;
+                 err = MP_MEM;
                  break;
              }
              first = 0;
@@ -13037,8 +13147,8 @@ static int accel_fp_mul2add(int idx1, int idx2,
              offset by x bits from the start */
           bitpos = (unsigned)x;
           for (y = zA = zB = 0; y < FP_LUT; y++) {
-             zA |= ((kb[0][bitpos>>3] >> (bitpos&7)) & 1) << y;
-             zB |= ((kb[1][bitpos>>3] >> (bitpos&7)) & 1) << y;
+             zA |= (((word32)kb[0][bitpos>>3U] >> (bitpos&7U)) & 1U) << y;
+             zB |= (((word32)kb[1][bitpos>>3U] >> (bitpos&7U)) & 1U) << y;
              bitpos += lut_gap;    /* it's y*lut_gap + x, but here we can avoid
                                       the mult in each loop */
           }
@@ -13071,7 +13181,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
                  if ((mp_copy(fp_cache[idx1].LUT[zA]->x, R->x) != MP_OKAY) ||
                      (mp_copy(fp_cache[idx1].LUT[zA]->y, R->y) != MP_OKAY) ||
                      (mp_copy(&fp_cache[idx1].mu,        R->z) != MP_OKAY)) {
-                     err = GEN_MEM_ERR;
+                     err = MP_MEM;
                      break;
                  }
                     first = 0;
@@ -13086,7 +13196,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
                  if ((mp_copy(fp_cache[idx2].LUT[zB]->x, R->x) != MP_OKAY) ||
                      (mp_copy(fp_cache[idx2].LUT[zB]->y, R->y) != MP_OKAY) ||
                      (mp_copy(&fp_cache[idx2].mu,        R->z) != MP_OKAY)) {
-                     err = GEN_MEM_ERR;
+                     err = MP_MEM;
                      break;
                  }
                     first = 0;
@@ -13148,7 +13258,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
                 ecc_point* C, mp_int* a, mp_int* modulus, void* heap)
 {
    int  idx1 = -1, idx2 = -1, err, mpInit = 0;
-   mp_digit mp;
+   mp_digit mp = 0;
 #ifdef WOLFSSL_SMALL_STACK
    mp_int   *mu = (mp_int *)XMALLOC(sizeof *mu, NULL, DYNAMIC_TYPE_ECC_BUFFER);
 
@@ -13296,7 +13406,7 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
 {
 #if !defined(WOLFSSL_SP_MATH)
    int   idx, err = MP_OKAY;
-   mp_digit mp;
+   mp_digit mp = 0;
 #ifdef WOLFSSL_SMALL_STACK
    mp_int   *mu = NULL;
 #else
@@ -13472,7 +13582,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
 {
 #if !defined(WOLFSSL_SP_MATH)
    int   idx, err = MP_OKAY;
-   mp_digit mp;
+   mp_digit mp = 0;
 #ifdef WOLFSSL_SMALL_STACK
    mp_int   *mu = NULL;
 #else
@@ -13890,16 +14000,26 @@ int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz)
     if (ctx == NULL || (salt == NULL && sz != 0))
         return BAD_FUNC_ARG;
 
-    ctx->kdfSalt   = salt;
-    ctx->kdfSaltSz = sz;
+    /* truncate salt if exceeds max */
+    if (sz > EXCHANGE_SALT_SZ)
+        sz = EXCHANGE_SALT_SZ;
 
+    /* using a custom kdf salt, so borrow clientSalt/serverSalt for it,
+     * since wc_ecc_ctx_set_peer_salt will set kdf and mac salts */
     if (ctx->protocol == REQ_RESP_CLIENT) {
         ctx->cliSt = ecCLI_SALT_SET;
+        ctx->kdfSalt = ctx->clientSalt;
     }
     else if (ctx->protocol == REQ_RESP_SERVER) {
         ctx->srvSt = ecSRV_SALT_SET;
+        ctx->kdfSalt = ctx->serverSalt;
     }
 
+    if (salt != NULL) {
+        XMEMCPY((byte*)ctx->kdfSalt, salt, sz);
+    }
+    ctx->kdfSaltSz = sz;
+
     return 0;
 }
 
@@ -14038,12 +14158,12 @@ static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz,
             case ecAES_128_CBC:
                 *encKeySz = KEY_SIZE_128;
                 *ivSz     = IV_SIZE_128;
-                *blockSz  = AES_BLOCK_SIZE;
+                *blockSz  = WC_AES_BLOCK_SIZE;
                 break;
             case ecAES_256_CBC:
                 *encKeySz = KEY_SIZE_256;
                 *ivSz     = IV_SIZE_128;
-                *blockSz  = AES_BLOCK_SIZE;
+                *blockSz  = WC_AES_BLOCK_SIZE;
                 break;
         #endif
         #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
@@ -14340,7 +14460,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
             case ecAES_256_CTR:
             {
         #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
-                byte ctr_iv[AES_BLOCK_SIZE];
+                byte ctr_iv[WC_AES_BLOCK_SIZE];
             #ifndef WOLFSSL_SMALL_STACK
                 Aes aes[1];
             #else
@@ -14355,7 +14475,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
                 /* Include 4 byte counter starting at all zeros. */
                 XMEMCPY(ctr_iv, encIv, WOLFSSL_ECIES_GEN_IV_SIZE);
                 XMEMSET(ctr_iv + WOLFSSL_ECIES_GEN_IV_SIZE, 0,
-                    AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE);
+                    WC_AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE);
 
                 ret = wc_AesInit(aes, NULL, INVALID_DEVID);
                 if (ret == 0) {
@@ -14746,8 +14866,9 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
                     if (ret == 0)
                         ret = wc_HmacFinal(hmac, verify);
                     if ((ret == 0) && (XMEMCMP(verify, msg + msgSz - digestSz,
-                                                              digestSz) != 0)) {
-                        ret = -1;
+                                                             digestSz) != 0)) {
+                        ret = HASH_TYPE_E;
+                        WOLFSSL_MSG("ECC Decrypt HMAC Check failed!");
                     }
 
                     wc_HmacFree(hmac);
@@ -14816,11 +14937,11 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
              #endif
                 ret = wc_AesInit(aes, NULL, INVALID_DEVID);
                 if (ret == 0) {
-                    byte ctr_iv[AES_BLOCK_SIZE];
+                    byte ctr_iv[WC_AES_BLOCK_SIZE];
                     /* Make a 16 byte IV from the bytes passed in. */
                     XMEMCPY(ctr_iv, encIv, WOLFSSL_ECIES_GEN_IV_SIZE);
                     XMEMSET(ctr_iv + WOLFSSL_ECIES_GEN_IV_SIZE, 0,
-                        AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE);
+                        WC_AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE);
                     ret = wc_AesSetKey(aes, encKey, (word32)encKeySz, ctr_iv,
                                                                 AES_ENCRYPTION);
                     if (ret == 0) {
@@ -15376,7 +15497,7 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
 
    if (*outLen < (1 + numlen)) {
       *outLen = 1 + numlen;
-      return LENGTH_ONLY_E;
+      return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
    }
 
    if (out == NULL)
@@ -15400,22 +15521,57 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
 #endif /* HAVE_ECC_KEY_EXPORT */
 #endif /* HAVE_COMP_KEY */
 
+#ifdef HAVE_OID_ENCODING
+int wc_ecc_oid_cache_init(void)
+{
+    int ret = 0;
+#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
+    ret = wc_InitMutex(&ecc_oid_cache_lock);
+#endif
+    return ret;
+}
+
+void wc_ecc_oid_cache_free(void)
+{
+#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
+    wc_FreeMutex(&ecc_oid_cache_lock);
+#endif
+}
+#endif /* HAVE_OID_ENCODING */
 
 int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
 {
     int x;
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+#ifdef HAVE_OID_ENCODING
+    oid_cache_t* o = NULL;
+#endif
 
     if (oidSum == 0) {
         return BAD_FUNC_ARG;
     }
 
+#ifdef HAVE_OID_ENCODING
+    #ifndef WOLFSSL_MUTEX_INITIALIZER
+        /* extra sanity check if wolfCrypt_Init not called */
+        if (eccOidLockInit == 0) {
+            wc_InitMutex(&ecc_oid_cache_lock);
+            eccOidLockInit = 1;
+        }
+    #endif
+
+    if (wc_LockMutex(&ecc_oid_cache_lock) != 0) {
+        return BAD_MUTEX_E;
+    }
+#endif
+
     /* find matching OID sum (based on encoded value) */
     for (x = 0; ecc_sets[x].size != 0; x++) {
         if (ecc_sets[x].oidSum == oidSum) {
         #ifdef HAVE_OID_ENCODING
-            int ret = 0;
             /* check cache */
-            oid_cache_t* o = &ecc_oid_cache[x];
+            ret = 0;
+            o = &ecc_oid_cache[x];
             if (o->oidSz == 0) {
                 o->oidSz = sizeof(o->oid);
                 ret = EncodeObjectId(ecc_sets[x].oid, ecc_sets[x].oidSz,
@@ -15427,11 +15583,12 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
             if (oid) {
                 *oid = o->oid;
             }
+
             /* on success return curve id */
             if (ret == 0) {
                 ret = ecc_sets[x].id;
             }
-            return ret;
+            break;
         #else
             if (oidSz) {
                 *oidSz = ecc_sets[x].oidSz;
@@ -15439,12 +15596,17 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
             if (oid) {
                 *oid = ecc_sets[x].oid;
             }
-            return ecc_sets[x].id;
+            ret = ecc_sets[x].id;
+            break;
         #endif
         }
     }
 
-    return NOT_COMPILED_IN;
+#ifdef HAVE_OID_ENCODING
+    wc_UnLockMutex(&ecc_oid_cache_lock);
+#endif
+
+    return ret;
 }
 
 #ifdef WOLFSSL_CUSTOM_CURVES
diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c
index 157c5ba7a..537e64cc5 100644
--- a/wolfcrypt/src/eccsi.c
+++ b/wolfcrypt/src/eccsi.c
@@ -1,6 +1,6 @@
 /* eccsi.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -36,7 +30,6 @@
 
 #ifdef WOLFCRYPT_HAVE_ECCSI
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/eccsi.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
 #ifdef WOLFSSL_HAVE_SP_ECC
@@ -46,7 +39,7 @@
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
@@ -516,7 +509,7 @@ static int eccsi_encode_point(ecc_point* point, word32 size, byte* data,
 
     if (data == NULL) {
         *sz = size * 2 + !raw;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*sz < size * 2 + !raw)) {
         err = BUFFER_E;
@@ -655,7 +648,7 @@ int wc_ExportEccsiKey(EccsiKey* key, byte* data, word32* sz)
     if (err == 0) {
         if (data == NULL) {
             *sz = (word32)(key->ecc.dp->size * 3);
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         else if (*sz < (word32)key->ecc.dp->size * 3) {
             err = BUFFER_E;
@@ -777,7 +770,7 @@ int wc_ExportEccsiPrivateKey(EccsiKey* key, byte* data, word32* sz)
     if (err == 0) {
         if (data == NULL) {
             *sz = (word32)key->ecc.dp->size;
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         else if (*sz < (word32)key->ecc.dp->size) {
             err = BUFFER_E;
@@ -1016,7 +1009,7 @@ int wc_EncodeEccsiPair(const EccsiKey* key, mp_int* ssk, ecc_point* pvt,
 
     if ((err == 0) && (data == NULL)) {
         *sz = (word32)(key->ecc.dp->size * 3);
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*sz < (word32)(key->ecc.dp->size * 3))) {
         err = BUFFER_E;
@@ -1077,7 +1070,7 @@ int wc_EncodeEccsiSsk(const EccsiKey* key, mp_int* ssk, byte* data, word32* sz)
     if (err == 0) {
         if (data == NULL) {
             *sz = (word32)key->ecc.dp->size;
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         else if (*sz < (word32)key->ecc.dp->size) {
             err = BUFFER_E;
@@ -2000,7 +1993,7 @@ int wc_SignEccsiHash(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType,
         sz = (word32)key->ecc.dp->size;
         if (sig == NULL) {
             *sigSz = sz * 4 + 1;
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
     }
     if ((err == 0) && (*sigSz < sz * 4 + 1)) {
diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c
index 86f594dd7..85f7f8ab0 100644
--- a/wolfcrypt/src/ed25519.c
+++ b/wolfcrypt/src/ed25519.c
@@ -1,6 +1,6 @@
 /* ed25519.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,12 +28,7 @@
  *     Check that the private key didn't change during the signing operations.
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-/* in case user set HAVE_ED25519 there */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_ED25519
 #if FIPS_VERSION3_GE(6,0,0)
@@ -48,7 +43,6 @@
 
 #include <wolfssl/wolfcrypt/ed25519.h>
 #include <wolfssl/wolfcrypt/ge_operations.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/hash.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -628,6 +622,35 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out,
 
 #ifdef HAVE_ED25519_VERIFY
 #ifndef WOLFSSL_SE050
+
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+static const byte sha512_empty[] = {
+    0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd,
+    0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07,
+    0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
+    0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce,
+    0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0,
+    0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
+    0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81,
+    0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e
+};
+
+/* sanity check that hash operation happened
+ * returns 0 on success */
+static int ed25519_hash_check(ed25519_key* key, byte* h)
+{
+    (void)key; /* passing in key in case other hash algroithms are used */
+
+    if (XMEMCMP(h, sha512_empty, WC_SHA512_DIGEST_SIZE) != 0) {
+        return 0;
+    }
+    else {
+        return BAD_STATE_E;
+    }
+}
+#endif
+
+
 /*
    sig        is array of bytes containing the signature
    sigLen     is the length of sig byte array
@@ -675,6 +698,22 @@ static int ed25519_verify_msg_init_with_sha(const byte* sig, word32 sigLen,
     }
     if (ret == 0)
         ret = ed25519_hash_update(key, sha, sig, ED25519_SIG_SIZE/2);
+
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    /* sanity check that hash operation happened */
+    if (ret == 0) {
+        byte h[WC_MAX_DIGEST_SIZE];
+
+        ret = wc_Sha512GetHash(sha, h);
+        if (ret == 0) {
+            ret = ed25519_hash_check(key, h);
+            if (ret != 0) {
+                WOLFSSL_MSG("Unexpected initial state of hash found");
+            }
+        }
+    }
+#endif
+
     if (ret == 0)
         ret = ed25519_hash_update(key, sha, key->p, ED25519_PUB_KEY_SIZE);
 
@@ -791,7 +830,16 @@ static int ed25519_verify_msg_final_with_sha(const byte* sig, word32 sigLen,
     ret = ConstantCompare(rcheck, sig, ED25519_SIG_SIZE/2);
     if (ret != 0) {
         ret = SIG_VERIFY_E;
-    } else {
+    }
+
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    /* redundant comparison as sanity check that first one happened */
+    if (ret == 0 && ConstantCompare(rcheck, sig, ED25519_SIG_SIZE/2) != 0) {
+        ret = SIG_VERIFY_E;
+    }
+#endif
+
+    if (ret == 0) {
         /* set the verification status */
         *res = 1;
     }
@@ -968,6 +1016,39 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
 }
 #endif /* HAVE_ED25519_VERIFY */
 
+#ifndef WC_NO_CONSTRUCTORS
+ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code)
+{
+    int ret;
+    ed25519_key* key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap,
+                        DYNAMIC_TYPE_ED25519);
+    if (key == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_ed25519_init_ex(key, heap, devId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_ED25519);
+            key = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return key;
+}
+
+int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p) {
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_ed25519_free(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_ED25519);
+    if (key_p != NULL)
+        *key_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
 
 /* initialize information and memory for key */
 int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId)
@@ -1016,6 +1097,9 @@ void wc_ed25519_free(ed25519_key* key)
 #endif
 
 #ifdef WOLFSSL_SE050
+#ifdef WOLFSSL_SE050_AUTO_ERASE
+    wc_se050_erase_object(key->keyId);
+#endif
     se050_ed25519_free_key(key);
 #endif
 
diff --git a/wolfcrypt/src/ed448.c b/wolfcrypt/src/ed448.c
index 1598c9c98..a5e63a1f6 100644
--- a/wolfcrypt/src/ed448.c
+++ b/wolfcrypt/src/ed448.c
@@ -1,6 +1,6 @@
 /* ed448.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,12 +30,7 @@
  *     Check that the private key didn't change during the signing operations.
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-/* in case user set HAVE_ED448 there */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_ED448
 #if FIPS_VERSION3_GE(6,0,0)
@@ -49,7 +44,6 @@
 #endif
 
 #include <wolfssl/wolfcrypt/ed448.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/hash.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 3a1ae2151..af5ba36b4 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -1,6 +1,6 @@
 /* error.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,14 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef _MSC_VER
     /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */
@@ -42,7 +35,22 @@
 WOLFSSL_ABI
 const char* wc_GetErrorString(int error)
 {
-    switch (error) {
+    switch ((enum wolfCrypt_ErrorCodes)error) {
+
+    case WC_FAILURE:
+        return "wolfCrypt generic failure";
+
+    case MP_MEM :
+        return "MP integer dynamic memory allocation failed";
+
+    case MP_VAL :
+        return "MP integer invalid argument";
+
+    case MP_WOULDBLOCK :
+        return "MP integer non-blocking operation would block";
+
+    case MP_NOT_INF:
+        return "MP point not at infinity";
 
     case OPEN_RAN_E :
         return "opening random device error";
@@ -352,13 +360,13 @@ const char* wc_GetErrorString(int error)
         return "ECC is point on curve failed";
 
     case ECC_INF_E:
-        return " ECC point at infinity error";
+        return "ECC point at infinity error";
 
     case ECC_OUT_OF_RANGE_E:
-        return " ECC Qx or Qy out of range error";
+        return "ECC Qx or Qy out of range error";
 
     case ECC_PRIV_KEY_E:
-        return " ECC private key is not valid error";
+        return "ECC private key is not valid error";
 
     case SRP_CALL_ORDER_E:
         return "SRP function called in the wrong order error";
@@ -630,9 +638,20 @@ const char* wc_GetErrorString(int error)
     case PBKDF2_KAT_FIPS_E:
         return "wolfCrypt FIPS PBKDF2 Known Answer Test Failure";
 
+    case WC_KEY_MISMATCH_E:
+        return "key values mismatch";
+
+    case DEADLOCK_AVERTED_E:
+        return "Deadlock averted -- retry the call";
+
+    case ASCON_AUTH_E:
+        return "ASCON Authentication check fail";
+
+    case MAX_CODE_E:
+    case WC_SPAN1_MIN_CODE_E:
+    case MIN_CODE_E:
     default:
         return "unknown error number";
-
     }
 }
 
@@ -646,4 +665,3 @@ void wc_ErrorString(int error, char* buffer)
     buffer[WOLFSSL_MAX_ERROR_SZ-1] = 0;
 }
 #endif /* !NO_ERROR_STRINGS */
-
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index 41ca86e6f..967779aa7 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -1,6 +1,6 @@
 /* evp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if !defined(WOLFSSL_EVP_INCLUDED)
     #ifndef WOLFSSL_IGNORE_FILE_WARN
@@ -41,7 +36,6 @@
     #include <wolfssl/wolfcrypt/aes.h>
 #endif
 
-
 #include <wolfssl/openssl/ecdsa.h>
 #include <wolfssl/openssl/evp.h>
 #include <wolfssl/openssl/kdf.h>
@@ -53,67 +47,67 @@ static const struct s_ent {
     const char *name;
 } md_tbl[] = {
 #ifndef NO_MD4
-    {WC_HASH_TYPE_MD4, NID_md4, "MD4"},
+    {WC_HASH_TYPE_MD4, WC_NID_md4, WC_SN_md4},
 #endif /* NO_MD4 */
 
 #ifndef NO_MD5
-    {WC_HASH_TYPE_MD5, NID_md5, "MD5"},
+    {WC_HASH_TYPE_MD5, WC_NID_md5, WC_SN_md5},
 #endif /* NO_MD5 */
 
 #ifndef NO_SHA
-    {WC_HASH_TYPE_SHA, NID_sha1, "SHA1"},
-    {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, /* Leave for backwards compatibility */
+    {WC_HASH_TYPE_SHA, WC_NID_sha1, WC_SN_sha1},
+    {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA"}, /* Leave for backwards compatibility */
 #endif /* NO_SHA */
 
 #ifdef WOLFSSL_SHA224
-    {WC_HASH_TYPE_SHA224, NID_sha224, "SHA224"},
+    {WC_HASH_TYPE_SHA224, WC_NID_sha224, WC_SN_sha224},
 #endif /* WOLFSSL_SHA224 */
 #ifndef NO_SHA256
-    {WC_HASH_TYPE_SHA256, NID_sha256, "SHA256"},
+    {WC_HASH_TYPE_SHA256, WC_NID_sha256, WC_SN_sha256},
 #endif
 
 #ifdef WOLFSSL_SHA384
-    {WC_HASH_TYPE_SHA384, NID_sha384, "SHA384"},
+    {WC_HASH_TYPE_SHA384, WC_NID_sha384, WC_SN_sha384},
 #endif /* WOLFSSL_SHA384 */
 
 #ifdef WOLFSSL_SHA512
-    {WC_HASH_TYPE_SHA512, NID_sha512, "SHA512"},
+    {WC_HASH_TYPE_SHA512, WC_NID_sha512, WC_SN_sha512},
 #endif /* WOLFSSL_SHA512 */
 
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-    {WC_HASH_TYPE_SHA512_224, NID_sha512_224, "SHA512_224"},
+    {WC_HASH_TYPE_SHA512_224, WC_NID_sha512_224, WC_SN_sha512_224},
 #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
 
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-    {WC_HASH_TYPE_SHA512_256, NID_sha512_256, "SHA512_256"},
+    {WC_HASH_TYPE_SHA512_256, WC_NID_sha512_256, WC_SN_sha512_256},
 #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
 
 #ifndef WOLFSSL_NOSHA3_224
-    {WC_HASH_TYPE_SHA3_224, NID_sha3_224, "SHA3_224"},
+    {WC_HASH_TYPE_SHA3_224, WC_NID_sha3_224, WC_SN_sha3_224},
 #endif
 #ifndef WOLFSSL_NOSHA3_256
-    {WC_HASH_TYPE_SHA3_256, NID_sha3_256, "SHA3_256"},
+    {WC_HASH_TYPE_SHA3_256, WC_NID_sha3_256, WC_SN_sha3_256},
 #endif
 #ifndef WOLFSSL_NOSHA3_384
-    {WC_HASH_TYPE_SHA3_384, NID_sha3_384, "SHA3_384"},
+    {WC_HASH_TYPE_SHA3_384, WC_NID_sha3_384, WC_SN_sha3_384},
 #endif
 #ifndef WOLFSSL_NOSHA3_512
-    {WC_HASH_TYPE_SHA3_512, NID_sha3_512, "SHA3_512"},
+    {WC_HASH_TYPE_SHA3_512, WC_NID_sha3_512, WC_SN_sha3_512},
 #endif
 #ifdef WOLFSSL_SM3
-    {WC_HASH_TYPE_SM3, NID_sm3, "SM3"},
+    {WC_HASH_TYPE_SM3, WC_NID_sm3, WC_SN_sm3},
 #endif /* WOLFSSL_SHA512 */
 #ifdef HAVE_BLAKE2
-    {WC_HASH_TYPE_BLAKE2B, NID_blake2b512, "BLAKE2B512"},
+    {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, WC_SN_blake2b512},
 #endif
 #ifdef HAVE_BLAKE2S
-    {WC_HASH_TYPE_BLAKE2S, NID_blake2s256, "BLAKE2S256"},
+    {WC_HASH_TYPE_BLAKE2S, WC_NID_blake2s256, WC_SN_blake2s256},
 #endif
 #ifdef WOLFSSL_SHAKE128
-    {WC_HASH_TYPE_SHAKE128, NID_shake128, "SHAKE128"},
+    {WC_HASH_TYPE_SHAKE128, WC_NID_shake128, WC_SN_shake128},
 #endif
 #ifdef WOLFSSL_SHAKE256
-    {WC_HASH_TYPE_SHAKE256, NID_shake256, "SHAKE256"},
+    {WC_HASH_TYPE_SHAKE256, WC_NID_shake256, WC_SN_shake256},
 #endif
     {WC_HASH_TYPE_NONE, 0, NULL}
 };
@@ -158,6 +152,7 @@ static const struct s_ent {
               (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
 
     #ifdef WOLFSSL_AES_CFB
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
         static const char EVP_AES_128_CFB1[] = "AES-128-CFB1";
     #endif
@@ -177,6 +172,7 @@ static const struct s_ent {
     #ifdef WOLFSSL_AES_256
         static const char EVP_AES_256_CFB8[] = "AES-256-CFB8";
     #endif
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
     #ifdef WOLFSSL_AES_128
         static const char EVP_AES_128_CFB128[] = "AES-128-CFB128";
@@ -287,21 +283,21 @@ static const struct pkey_type_name_ent {
     int type;
     const char *name;
 } pkey_type_names[] = {
-    { EVP_PKEY_RSA,     "RSA" },
-    { EVP_PKEY_EC,      "EC" },
-    { EVP_PKEY_DH,      "DH" },
-    { EVP_PKEY_DSA,     "DSA" }
+    { WC_EVP_PKEY_RSA,     "RSA" },
+    { WC_EVP_PKEY_EC,      "EC" },
+    { WC_EVP_PKEY_DH,      "DH" },
+    { WC_EVP_PKEY_DSA,     "DSA" }
 };
 
 static int pkey_type_by_name(const char *name) {
     unsigned int i;
     if (name == NULL)
-        return EVP_PKEY_NONE;
+        return WC_EVP_PKEY_NONE;
     for (i = 0; i < XELEM_CNT(pkey_type_names); ++i) {
         if (XSTRCMP(name, pkey_type_names[i].name) == 0)
             return pkey_type_names[i].type;
     }
-    return EVP_PKEY_NONE;
+    return WC_EVP_PKEY_NONE;
 }
 
 int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) {
@@ -311,7 +307,7 @@ int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) {
         return WOLFSSL_FAILURE;
 
     type = pkey_type_by_name(name);
-    if (type == EVP_PKEY_NONE)
+    if (type == WC_EVP_PKEY_NONE)
         return WOLFSSL_FAILURE;
 
     return (pkey->type == type) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
@@ -319,8 +315,8 @@ int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) {
 
 #define EVP_CIPHER_TYPE_MATCHES(x, y) (XSTRCMP(x,y) == 0)
 
-#define EVP_PKEY_PRINT_LINE_WIDTH_MAX  80
-#define EVP_PKEY_PRINT_DIGITS_PER_LINE 15
+#define WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX  80
+#define WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE 15
 
 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher);
 
@@ -346,81 +342,81 @@ int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c)
     switch (cipherType(c)) {
 #if !defined(NO_AES)
   #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-      case AES_128_CBC_TYPE: return 16;
-      case AES_192_CBC_TYPE: return 24;
-      case AES_256_CBC_TYPE: return 32;
+      case WC_AES_128_CBC_TYPE: return 16;
+      case WC_AES_192_CBC_TYPE: return 24;
+      case WC_AES_256_CBC_TYPE: return 32;
   #endif
   #if defined(WOLFSSL_AES_CFB)
-      case AES_128_CFB1_TYPE: return 16;
-      case AES_192_CFB1_TYPE: return 24;
-      case AES_256_CFB1_TYPE: return 32;
-      case AES_128_CFB8_TYPE: return 16;
-      case AES_192_CFB8_TYPE: return 24;
-      case AES_256_CFB8_TYPE: return 32;
-      case AES_128_CFB128_TYPE: return 16;
-      case AES_192_CFB128_TYPE: return 24;
-      case AES_256_CFB128_TYPE: return 32;
+      case WC_AES_128_CFB1_TYPE: return 16;
+      case WC_AES_192_CFB1_TYPE: return 24;
+      case WC_AES_256_CFB1_TYPE: return 32;
+      case WC_AES_128_CFB8_TYPE: return 16;
+      case WC_AES_192_CFB8_TYPE: return 24;
+      case WC_AES_256_CFB8_TYPE: return 32;
+      case WC_AES_128_CFB128_TYPE: return 16;
+      case WC_AES_192_CFB128_TYPE: return 24;
+      case WC_AES_256_CFB128_TYPE: return 32;
   #endif
   #if defined(WOLFSSL_AES_OFB)
-      case AES_128_OFB_TYPE: return 16;
-      case AES_192_OFB_TYPE: return 24;
-      case AES_256_OFB_TYPE: return 32;
+      case WC_AES_128_OFB_TYPE: return 16;
+      case WC_AES_192_OFB_TYPE: return 24;
+      case WC_AES_256_OFB_TYPE: return 32;
   #endif
   #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
       /* Two keys for XTS. */
-      case AES_128_XTS_TYPE: return 16 * 2;
-      case AES_256_XTS_TYPE: return 32 * 2;
+      case WC_AES_128_XTS_TYPE: return 16 * 2;
+      case WC_AES_256_XTS_TYPE: return 32 * 2;
   #endif
   #if defined(HAVE_AESGCM)
-      case AES_128_GCM_TYPE: return 16;
-      case AES_192_GCM_TYPE: return 24;
-      case AES_256_GCM_TYPE: return 32;
+      case WC_AES_128_GCM_TYPE: return 16;
+      case WC_AES_192_GCM_TYPE: return 24;
+      case WC_AES_256_GCM_TYPE: return 32;
   #endif
   #if defined(HAVE_AESCCM)
-      case AES_128_CCM_TYPE: return 16;
-      case AES_192_CCM_TYPE: return 24;
-      case AES_256_CCM_TYPE: return 32;
+      case WC_AES_128_CCM_TYPE: return 16;
+      case WC_AES_192_CCM_TYPE: return 24;
+      case WC_AES_256_CCM_TYPE: return 32;
   #endif
   #if defined(WOLFSSL_AES_COUNTER)
-      case AES_128_CTR_TYPE: return 16;
-      case AES_192_CTR_TYPE: return 24;
-      case AES_256_CTR_TYPE: return 32;
+      case WC_AES_128_CTR_TYPE: return 16;
+      case WC_AES_192_CTR_TYPE: return 24;
+      case WC_AES_256_CTR_TYPE: return 32;
   #endif
   #if defined(HAVE_AES_ECB)
-      case AES_128_ECB_TYPE: return 16;
-      case AES_192_ECB_TYPE: return 24;
-      case AES_256_ECB_TYPE: return 32;
+      case WC_AES_128_ECB_TYPE: return 16;
+      case WC_AES_192_ECB_TYPE: return 24;
+      case WC_AES_256_ECB_TYPE: return 32;
   #endif
 #endif /* !NO_AES */
   #ifndef NO_DES3
-      case DES_CBC_TYPE:      return 8;
-      case DES_EDE3_CBC_TYPE: return 24;
-      case DES_ECB_TYPE:      return 8;
-      case DES_EDE3_ECB_TYPE: return 24;
+      case WC_DES_CBC_TYPE:      return 8;
+      case WC_DES_EDE3_CBC_TYPE: return 24;
+      case WC_DES_ECB_TYPE:      return 8;
+      case WC_DES_EDE3_ECB_TYPE: return 24;
   #endif
   #ifndef NO_RC4
-      case ARC4_TYPE:         return 16;
+      case WC_ARC4_TYPE:         return 16;
   #endif
   #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-      case CHACHA20_POLY1305_TYPE: return 32;
+      case WC_CHACHA20_POLY1305_TYPE: return 32;
   #endif
   #ifdef HAVE_CHACHA
-      case CHACHA20_TYPE: return CHACHA_MAX_KEY_SZ;
+      case WC_CHACHA20_TYPE: return CHACHA_MAX_KEY_SZ;
   #endif
   #ifdef WOLFSSL_SM4_ECB
-      case SM4_ECB_TYPE:      return 16;
+      case WC_SM4_ECB_TYPE:      return 16;
   #endif
   #ifdef WOLFSSL_SM4_CBC
-      case SM4_CBC_TYPE:      return 16;
+      case WC_SM4_CBC_TYPE:      return 16;
   #endif
   #ifdef WOLFSSL_SM4_CTR
-      case SM4_CTR_TYPE:      return 16;
+      case WC_SM4_CTR_TYPE:      return 16;
   #endif
   #ifdef WOLFSSL_SM4_GCM
-      case SM4_GCM_TYPE:      return 16;
+      case WC_SM4_GCM_TYPE:      return 16;
   #endif
   #ifdef WOLFSSL_SM4_CCM
-      case SM4_CCM_TYPE:      return 16;
+      case WC_SM4_CCM_TYPE:      return 16;
   #endif
       default:
           return 0;
@@ -489,7 +485,7 @@ void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx)
 
 int wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX *ctx)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (ctx != NULL) {
         WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_reset");
@@ -603,9 +599,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
     switch (ctx->cipherType) {
 #if !defined(NO_AES)
     #if defined(HAVE_AES_CBC)
-        case AES_128_CBC_TYPE:
-        case AES_192_CBC_TYPE:
-        case AES_256_CBC_TYPE:
+        case WC_AES_128_CBC_TYPE:
+        case WC_AES_192_CBC_TYPE:
+        case WC_AES_256_CBC_TYPE:
             if (ctx->enc)
                 ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -613,16 +609,16 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
     #if defined(WOLFSSL_AES_COUNTER)
-        case AES_128_CTR_TYPE:
-        case AES_192_CTR_TYPE:
-        case AES_256_CTR_TYPE:
+        case WC_AES_128_CTR_TYPE:
+        case WC_AES_192_CTR_TYPE:
+        case WC_AES_256_CTR_TYPE:
             ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl);
             break;
     #endif
     #if defined(HAVE_AES_ECB)
-        case AES_128_ECB_TYPE:
-        case AES_192_ECB_TYPE:
-        case AES_256_ECB_TYPE:
+        case WC_AES_128_ECB_TYPE:
+        case WC_AES_192_ECB_TYPE:
+        case WC_AES_256_ECB_TYPE:
             if (ctx->enc)
                 ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -630,9 +626,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
     #if defined(WOLFSSL_AES_OFB)
-        case AES_128_OFB_TYPE:
-        case AES_192_OFB_TYPE:
-        case AES_256_OFB_TYPE:
+        case WC_AES_128_OFB_TYPE:
+        case WC_AES_192_OFB_TYPE:
+        case WC_AES_256_OFB_TYPE:
             if (ctx->enc)
                 ret = wc_AesOfbEncrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -640,10 +636,10 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
     #if defined(WOLFSSL_AES_CFB)
-    #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        case AES_128_CFB1_TYPE:
-        case AES_192_CFB1_TYPE:
-        case AES_256_CFB1_TYPE:
+    #if !defined(WOLFSSL_NO_AES_CFB_1_8)
+        case WC_AES_128_CFB1_TYPE:
+        case WC_AES_192_CFB1_TYPE:
+        case WC_AES_256_CFB1_TYPE:
             if (ctx->enc)
                 ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, out, in,
                         inl * WOLFSSL_BIT_SIZE);
@@ -652,19 +648,19 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
                         inl * WOLFSSL_BIT_SIZE);
             break;
 
-        case AES_128_CFB8_TYPE:
-        case AES_192_CFB8_TYPE:
-        case AES_256_CFB8_TYPE:
+        case WC_AES_128_CFB8_TYPE:
+        case WC_AES_192_CFB8_TYPE:
+        case WC_AES_256_CFB8_TYPE:
             if (ctx->enc)
                 ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, out, in, inl);
             else
                 ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, out, in, inl);
             break;
-    #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
-        case AES_128_CFB128_TYPE:
-        case AES_192_CFB128_TYPE:
-        case AES_256_CFB128_TYPE:
+        case WC_AES_128_CFB128_TYPE:
+        case WC_AES_192_CFB128_TYPE:
+        case WC_AES_256_CFB128_TYPE:
             if (ctx->enc)
                 ret = wc_AesCfbEncrypt(&ctx->cipher.aes, out, in, inl);
             else
@@ -672,8 +668,8 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
     #endif
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-    case AES_128_XTS_TYPE:
-    case AES_256_XTS_TYPE:
+    case WC_AES_128_XTS_TYPE:
+    case WC_AES_256_XTS_TYPE:
         if (ctx->enc)
             ret = wc_AesXtsEncrypt(&ctx->cipher.xts, out, in, inl,
                     ctx->iv, (word32)ctx->ivSz);
@@ -684,34 +680,34 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
 #endif
 #endif /* !NO_AES */
     #ifndef NO_DES3
-        case DES_CBC_TYPE:
+        case WC_DES_CBC_TYPE:
             if (ctx->enc)
                 ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
             else
                 ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
             break;
-        case DES_EDE3_CBC_TYPE:
+        case WC_DES_EDE3_CBC_TYPE:
             if (ctx->enc)
                 ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
             else
                 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
             break;
         #if defined(WOLFSSL_DES_ECB)
-        case DES_ECB_TYPE:
+        case WC_DES_ECB_TYPE:
             ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
             break;
-        case DES_EDE3_ECB_TYPE:
+        case WC_DES_EDE3_ECB_TYPE:
             ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
             break;
         #endif
     #endif
     #ifndef NO_RC4
-        case ARC4_TYPE:
+        case WC_ARC4_TYPE:
             wc_Arc4Process(&ctx->cipher.arc4, out, in, inl);
             break;
     #endif
 #if defined(WOLFSSL_SM4_ECB)
-        case SM4_ECB_TYPE:
+        case WC_SM4_ECB_TYPE:
             if (ctx->enc)
                 wc_Sm4EcbEncrypt(&ctx->cipher.sm4, out, in, inl);
             else
@@ -719,7 +715,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
 #endif
 #if defined(WOLFSSL_SM4_CBC)
-        case SM4_CBC_TYPE:
+        case WC_SM4_CBC_TYPE:
             if (ctx->enc)
                 wc_Sm4CbcEncrypt(&ctx->cipher.sm4, out, in, inl);
             else
@@ -727,7 +723,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
             break;
 #endif
 #if defined(WOLFSSL_SM4_CTR)
-        case SM4_CTR_TYPE:
+        case WC_SM4_CTR_TYPE:
             wc_Sm4CtrEncrypt(&ctx->cipher.sm4, out, in, inl);
             break;
 #endif
@@ -783,7 +779,7 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
 
 #if defined(WOLFSSL_SM4_GCM) || !defined(WOLFSSL_AESGCM_STREAM)
 #if defined(WOLFSSL_SM4_GCM) && defined(WOLFSSL_AESGCM_STREAM)
-    if (ctx->cipherType == SM4_GCM_TYPE)
+    if (ctx->cipherType == WC_SM4_GCM_TYPE)
 #endif
     {
         int ret = 0;
@@ -1058,30 +1054,38 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
     }
 
     switch (ctx->cipherType) {
+        case WC_NULL_CIPHER_TYPE:
+            if (out == NULL) {
+                WOLFSSL_MSG("Bad argument");
+                return WOLFSSL_FAILURE;
+            }
+            XMEMCPY(out, in, inl);
+            *outl = inl;
+            return WOLFSSL_SUCCESS;
 #if !defined(NO_AES) && defined(HAVE_AESGCM)
-        case AES_128_GCM_TYPE:
-        case AES_192_GCM_TYPE:
-        case AES_256_GCM_TYPE:
+        case WC_AES_128_GCM_TYPE:
+        case WC_AES_192_GCM_TYPE:
+        case WC_AES_256_GCM_TYPE:
             /* if out == NULL, in/inl contains the additional auth data */
             return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
 #endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */
 #if !defined(NO_AES) && defined(HAVE_AESCCM)
-        case AES_128_CCM_TYPE:
-        case AES_192_CCM_TYPE:
-        case AES_256_CCM_TYPE:
+        case WC_AES_128_CCM_TYPE:
+        case WC_AES_192_CCM_TYPE:
+        case WC_AES_256_CCM_TYPE:
             /* if out == NULL, in/inl contains the
              * additional auth data */
             return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl);
 #endif /* !defined(NO_AES) && defined(HAVE_AESCCM) */
 #if defined(HAVE_ARIA)
-        case ARIA_128_GCM_TYPE:
-        case ARIA_192_GCM_TYPE:
-        case ARIA_256_GCM_TYPE:
+        case WC_ARIA_128_GCM_TYPE:
+        case WC_ARIA_192_GCM_TYPE:
+        case WC_ARIA_256_GCM_TYPE:
             /* if out == NULL, in/inl contains the additional auth data */
             return wolfSSL_EVP_CipherUpdate_AriaGCM(ctx, out, outl, in, inl);
 #endif /* defined(HAVE_ARIA) */
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             if (out == NULL) {
                 if (wc_ChaCha20Poly1305_UpdateAad(&ctx->cipher.chachaPoly, in,
                                                   (word32)inl) != 0) {
@@ -1106,7 +1110,7 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
             }
 #endif
 #ifdef HAVE_CHACHA
-        case CHACHA20_TYPE:
+        case WC_CHACHA20_TYPE:
             if (wc_Chacha_Process(&ctx->cipher.chacha, out, in, (word32)inl) !=
                     0) {
                 WOLFSSL_MSG("wc_ChaCha_Process failed");
@@ -1116,12 +1120,12 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
             return WOLFSSL_SUCCESS;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        case SM4_GCM_TYPE:
+        case WC_SM4_GCM_TYPE:
             /* if out == NULL, in/inl contains the additional auth data */
             return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        case SM4_CCM_TYPE:
+        case WC_SM4_CCM_TYPE:
             /* if out == NULL, in/inl contains the
              * additional auth data */
             return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl);
@@ -1274,9 +1278,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
     switch (ctx->cipherType) {
 #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-        case AES_128_GCM_TYPE:
-        case AES_192_GCM_TYPE:
-        case AES_256_GCM_TYPE:
+        case WC_AES_128_GCM_TYPE:
+        case WC_AES_192_GCM_TYPE:
+        case WC_AES_256_GCM_TYPE:
 #ifndef WOLFSSL_AESGCM_STREAM
             if ((ctx->authBuffer && ctx->authBufferLen > 0)
              || (ctx->authBufferLen == 0)) {
@@ -1347,7 +1351,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
                 }
                 else {
                     /* Clear IV, since IV reuse is not recommended for AES GCM. */
-                    XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
+                    XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE);
                 }
                 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
                     ret = WOLFSSL_FAILURE;
@@ -1358,9 +1362,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
         * HAVE_FIPS_VERSION >= 2 */
 #if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-        case AES_128_CCM_TYPE:
-        case AES_192_CCM_TYPE:
-        case AES_256_CCM_TYPE:
+        case WC_AES_128_CCM_TYPE:
+        case WC_AES_192_CCM_TYPE:
+        case WC_AES_256_CCM_TYPE:
             if ((ctx->authBuffer && ctx->authBufferLen > 0)
              || (ctx->authBufferLen == 0)) {
                 if (ctx->enc) {
@@ -1406,7 +1410,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
                 else {
                     /* Clear IV, since IV reuse is not recommended
                      * for AES CCM. */
-                    XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
+                    XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE);
                 }
                 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
                     ret = WOLFSSL_FAILURE;
@@ -1417,9 +1421,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
         * HAVE_FIPS_VERSION >= 2 */
 #if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-        case ARIA_128_GCM_TYPE:
-        case ARIA_192_GCM_TYPE:
-        case ARIA_256_GCM_TYPE:
+        case WC_ARIA_128_GCM_TYPE:
+        case WC_ARIA_192_GCM_TYPE:
+        case WC_ARIA_256_GCM_TYPE:
             if ((ctx->authBuffer && ctx->authBufferLen > 0)
              || (ctx->authBufferLen == 0)) {
                 if (ctx->enc)
@@ -1471,7 +1475,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
 #endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
         * HAVE_FIPS_VERSION >= 2 */
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             if (wc_ChaCha20Poly1305_Final(&ctx->cipher.chachaPoly,
                                           ctx->authTag) != 0) {
                 WOLFSSL_MSG("wc_ChaCha20Poly1305_Final failed");
@@ -1484,7 +1488,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
             break;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        case SM4_GCM_TYPE:
+        case WC_SM4_GCM_TYPE:
             if ((ctx->authBuffer && ctx->authBufferLen > 0) ||
                      (ctx->authBufferLen == 0)) {
                 if (ctx->enc)
@@ -1535,7 +1539,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
             break;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        case SM4_CCM_TYPE:
+        case WC_SM4_CCM_TYPE:
             if ((ctx->authBuffer && ctx->authBufferLen > 0) ||
                     (ctx->authBufferLen == 0)) {
                 if (ctx->enc)
@@ -1660,20 +1664,20 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
          */
         if (FALSE
         #ifdef HAVE_AESGCM
-            || ctx->cipherType == AES_128_GCM_TYPE ||
-            ctx->cipherType == AES_192_GCM_TYPE ||
-            ctx->cipherType == AES_256_GCM_TYPE
+            || ctx->cipherType == WC_AES_128_GCM_TYPE ||
+            ctx->cipherType == WC_AES_192_GCM_TYPE ||
+            ctx->cipherType == WC_AES_256_GCM_TYPE
         #endif
         #ifdef HAVE_AESCCM
-            || ctx->cipherType == AES_128_CCM_TYPE ||
-            ctx->cipherType == AES_192_CCM_TYPE ||
-            ctx->cipherType == AES_256_CCM_TYPE
+            || ctx->cipherType == WC_AES_128_CCM_TYPE ||
+            ctx->cipherType == WC_AES_192_CCM_TYPE ||
+            ctx->cipherType == WC_AES_256_CCM_TYPE
         #endif
         #ifdef WOLFSSL_SM4_GCM
-            || ctx->cipherType == SM4_GCM_TYPE
+            || ctx->cipherType == WC_SM4_GCM_TYPE
         #endif
         #ifdef WOLFSSL_SM4_CCM
-            || ctx->cipherType == SM4_CCM_TYPE
+            || ctx->cipherType == WC_SM4_CCM_TYPE
         #endif
             ) {
             tmp = ctx->authIvGenEnable;
@@ -1688,20 +1692,20 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
     ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || FIPS_VERSION_GE(2,0))
         if (FALSE
         #ifdef HAVE_AESGCM
-            || ctx->cipherType == AES_128_GCM_TYPE ||
-            ctx->cipherType == AES_192_GCM_TYPE ||
-            ctx->cipherType == AES_256_GCM_TYPE
+            || ctx->cipherType == WC_AES_128_GCM_TYPE ||
+            ctx->cipherType == WC_AES_192_GCM_TYPE ||
+            ctx->cipherType == WC_AES_256_GCM_TYPE
         #endif
         #ifdef HAVE_AESCCM
-            || ctx->cipherType == AES_128_CCM_TYPE ||
-            ctx->cipherType == AES_192_CCM_TYPE ||
-            ctx->cipherType == AES_256_CCM_TYPE
+            || ctx->cipherType == WC_AES_128_CCM_TYPE ||
+            ctx->cipherType == WC_AES_192_CCM_TYPE ||
+            ctx->cipherType == WC_AES_256_CCM_TYPE
         #endif
         #ifdef WOLFSSL_SM4_GCM
-            || ctx->cipherType == SM4_GCM_TYPE
+            || ctx->cipherType == WC_SM4_GCM_TYPE
         #endif
         #ifdef WOLFSSL_SM4_CCM
-            || ctx->cipherType == SM4_CCM_TYPE
+            || ctx->cipherType == WC_SM4_CCM_TYPE
         #endif
             ) {
             ctx->authIvGenEnable = (tmp == 1);
@@ -1725,7 +1729,7 @@ int  wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx,
 {
     int fl;
     if (ctx == NULL || out == NULL || outl == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_legacy");
     if (ctx->block_size == 1) {
@@ -1764,80 +1768,80 @@ int  wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx,
 
 int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
 {
-    if (ctx == NULL) return BAD_FUNC_ARG;
+    if (ctx == NULL) return WOLFSSL_FAILURE;
     switch (ctx->cipherType) {
 #if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4)
 #if !defined(NO_AES)
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-    case AES_128_CBC_TYPE:
-    case AES_192_CBC_TYPE:
-    case AES_256_CBC_TYPE:
+    case WC_AES_128_CBC_TYPE:
+    case WC_AES_192_CBC_TYPE:
+    case WC_AES_256_CBC_TYPE:
 #endif
 #if defined(HAVE_AESGCM)
-    case AES_128_GCM_TYPE:
-    case AES_192_GCM_TYPE:
-    case AES_256_GCM_TYPE:
+    case WC_AES_128_GCM_TYPE:
+    case WC_AES_192_GCM_TYPE:
+    case WC_AES_256_GCM_TYPE:
 #endif
 #if defined(HAVE_AESCCM)
-    case AES_128_CCM_TYPE:
-    case AES_192_CCM_TYPE:
-    case AES_256_CCM_TYPE:
+    case WC_AES_128_CCM_TYPE:
+    case WC_AES_192_CCM_TYPE:
+    case WC_AES_256_CCM_TYPE:
 #endif
 #if defined(WOLFSSL_AES_COUNTER)
-    case AES_128_CTR_TYPE:
-    case AES_192_CTR_TYPE:
-    case AES_256_CTR_TYPE:
+    case WC_AES_128_CTR_TYPE:
+    case WC_AES_192_CTR_TYPE:
+    case WC_AES_256_CTR_TYPE:
 #endif
 #if defined(WOLFSSL_AES_CFB)
-    case AES_128_CFB1_TYPE:
-    case AES_192_CFB1_TYPE:
-    case AES_256_CFB1_TYPE:
-    case AES_128_CFB8_TYPE:
-    case AES_192_CFB8_TYPE:
-    case AES_256_CFB8_TYPE:
-    case AES_128_CFB128_TYPE:
-    case AES_192_CFB128_TYPE:
-    case AES_256_CFB128_TYPE:
+    case WC_AES_128_CFB1_TYPE:
+    case WC_AES_192_CFB1_TYPE:
+    case WC_AES_256_CFB1_TYPE:
+    case WC_AES_128_CFB8_TYPE:
+    case WC_AES_192_CFB8_TYPE:
+    case WC_AES_256_CFB8_TYPE:
+    case WC_AES_128_CFB128_TYPE:
+    case WC_AES_192_CFB128_TYPE:
+    case WC_AES_256_CFB128_TYPE:
 #endif
 #if defined(WOLFSSL_AES_OFB)
-    case AES_128_OFB_TYPE:
-    case AES_192_OFB_TYPE:
-    case AES_256_OFB_TYPE:
+    case WC_AES_128_OFB_TYPE:
+    case WC_AES_192_OFB_TYPE:
+    case WC_AES_256_OFB_TYPE:
 #endif
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-    case AES_128_XTS_TYPE:
-    case AES_256_XTS_TYPE:
+    case WC_AES_128_XTS_TYPE:
+    case WC_AES_256_XTS_TYPE:
 #endif
 #if defined(HAVE_ARIA)
-    case ARIA_128_GCM_TYPE:
-    case ARIA_192_GCM_TYPE:
-    case ARIA_256_GCM_TYPE:
+    case WC_ARIA_128_GCM_TYPE:
+    case WC_ARIA_192_GCM_TYPE:
+    case WC_ARIA_256_GCM_TYPE:
 #endif
 
-    case AES_128_ECB_TYPE:
-    case AES_192_ECB_TYPE:
-    case AES_256_ECB_TYPE:
+    case WC_AES_128_ECB_TYPE:
+    case WC_AES_192_ECB_TYPE:
+    case WC_AES_256_ECB_TYPE:
 #endif /* !NO_AES */
 #ifndef NO_DES3
-    case DES_CBC_TYPE:
-    case DES_ECB_TYPE:
-    case DES_EDE3_CBC_TYPE:
-    case DES_EDE3_ECB_TYPE:
+    case WC_DES_CBC_TYPE:
+    case WC_DES_ECB_TYPE:
+    case WC_DES_EDE3_CBC_TYPE:
+    case WC_DES_EDE3_ECB_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_ECB
-    case SM4_ECB_TYPE:
+    case WC_SM4_ECB_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_CBC
-    case SM4_CBC_TYPE:
+    case WC_SM4_CBC_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_CTR
-    case SM4_CTR_TYPE:
+    case WC_SM4_CTR_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_GCM
-    case SM4_GCM_TYPE:
+    case WC_SM4_GCM_TYPE:
 #endif
 #ifdef WOLFSSL_SM4_CCM
-    case SM4_CCM_TYPE:
+    case WC_SM4_CCM_TYPE:
 #endif
         return ctx->block_size;
 #endif /* !NO_AES || !NO_DES3 || WOLFSSL_SM4 */
@@ -1851,307 +1855,468 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
     if (cipher == NULL) return 0; /* dummy for #ifdef */
 #ifndef NO_DES3
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_CBC))
-        return DES_CBC_TYPE;
+        return WC_DES_CBC_TYPE;
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_CBC))
-        return DES_EDE3_CBC_TYPE;
+        return WC_DES_EDE3_CBC_TYPE;
 #if !defined(NO_DES3)
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_ECB))
-        return DES_ECB_TYPE;
+        return WC_DES_ECB_TYPE;
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_ECB))
-        return DES_EDE3_ECB_TYPE;
+        return WC_DES_EDE3_ECB_TYPE;
 #endif /* NO_DES3 && HAVE_AES_ECB */
 #endif
 #if !defined(NO_AES)
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CBC))
-        return AES_128_CBC_TYPE;
+        return WC_AES_128_CBC_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CBC))
-        return AES_192_CBC_TYPE;
+        return WC_AES_192_CBC_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CBC))
-        return AES_256_CBC_TYPE;
+        return WC_AES_256_CBC_TYPE;
     #endif
 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
 #if defined(HAVE_AESGCM)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_GCM))
-        return AES_128_GCM_TYPE;
+        return WC_AES_128_GCM_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_GCM))
-        return AES_192_GCM_TYPE;
+        return WC_AES_192_GCM_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_GCM))
-        return AES_256_GCM_TYPE;
+        return WC_AES_256_GCM_TYPE;
     #endif
 #endif /* HAVE_AESGCM */
 #if defined(HAVE_AESCCM)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CCM))
-        return AES_128_CCM_TYPE;
+        return WC_AES_128_CCM_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CCM))
-        return AES_192_CCM_TYPE;
+        return WC_AES_192_CCM_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CCM))
-        return AES_256_CCM_TYPE;
+        return WC_AES_256_CCM_TYPE;
     #endif
 #endif /* HAVE_AESCCM */
 #if defined(WOLFSSL_AES_COUNTER)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CTR))
-        return AES_128_CTR_TYPE;
+        return WC_AES_128_CTR_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CTR))
-        return AES_192_CTR_TYPE;
+        return WC_AES_192_CTR_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CTR))
-        return AES_256_CTR_TYPE;
+        return WC_AES_256_CTR_TYPE;
     #endif
 #endif /* HAVE_AES_CBC */
 #if defined(HAVE_AES_ECB)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_ECB))
-        return AES_128_ECB_TYPE;
+        return WC_AES_128_ECB_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_ECB))
-        return AES_192_ECB_TYPE;
+        return WC_AES_192_ECB_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_ECB))
-        return AES_256_ECB_TYPE;
+        return WC_AES_256_ECB_TYPE;
     #endif
 #endif /*HAVE_AES_CBC */
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_XTS))
-        return AES_128_XTS_TYPE;
+        return WC_AES_128_XTS_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_XTS))
-        return AES_256_XTS_TYPE;
+        return WC_AES_256_XTS_TYPE;
     #endif
 #endif /* WOLFSSL_AES_XTS */
 #if defined(WOLFSSL_AES_CFB)
+#ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB1))
-        return AES_128_CFB1_TYPE;
+        return WC_AES_128_CFB1_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB1))
-        return AES_192_CFB1_TYPE;
+        return WC_AES_192_CFB1_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB1))
-        return AES_256_CFB1_TYPE;
+        return WC_AES_256_CFB1_TYPE;
     #endif
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB8))
-        return AES_128_CFB8_TYPE;
+        return WC_AES_128_CFB8_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB8))
-        return AES_192_CFB8_TYPE;
+        return WC_AES_192_CFB8_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB8))
-        return AES_256_CFB8_TYPE;
+        return WC_AES_256_CFB8_TYPE;
     #endif
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB128))
-        return AES_128_CFB128_TYPE;
+        return WC_AES_128_CFB128_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB128))
-        return AES_192_CFB128_TYPE;
+        return WC_AES_192_CFB128_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB128))
-        return AES_256_CFB128_TYPE;
+        return WC_AES_256_CFB128_TYPE;
     #endif
 #endif /*HAVE_AES_CBC */
 #if defined(WOLFSSL_AES_OFB)
     #ifdef WOLFSSL_AES_128
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_OFB))
-      return AES_128_OFB_TYPE;
+      return WC_AES_128_OFB_TYPE;
     #endif
     #ifdef WOLFSSL_AES_192
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_OFB))
-      return AES_192_OFB_TYPE;
+      return WC_AES_192_OFB_TYPE;
     #endif
     #ifdef WOLFSSL_AES_256
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_OFB))
-      return AES_256_OFB_TYPE;
+      return WC_AES_256_OFB_TYPE;
     #endif
 #endif
 #endif /* !NO_AES */
 #if defined(HAVE_ARIA)
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_128_GCM))
-        return ARIA_128_GCM_TYPE;
+        return WC_ARIA_128_GCM_TYPE;
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_192_GCM))
-        return ARIA_192_GCM_TYPE;
+        return WC_ARIA_192_GCM_TYPE;
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_256_GCM))
-        return ARIA_256_GCM_TYPE;
+        return WC_ARIA_256_GCM_TYPE;
 #endif /* HAVE_ARIA */
 
 #ifndef NO_RC4
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARC4))
-      return ARC4_TYPE;
+      return WC_ARC4_TYPE;
 #endif
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_CHACHA20_POLY1305))
-        return CHACHA20_POLY1305_TYPE;
+        return WC_CHACHA20_POLY1305_TYPE;
 #endif
 
 #ifdef HAVE_CHACHA
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_CHACHA20))
-        return CHACHA20_TYPE;
+        return WC_CHACHA20_TYPE;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_ECB))
-        return SM4_ECB_TYPE;
+        return WC_SM4_ECB_TYPE;
 #endif
 #ifdef WOLFSSL_SM4_CBC
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CBC))
-        return SM4_CBC_TYPE;
+        return WC_SM4_CBC_TYPE;
 #endif
 #ifdef WOLFSSL_SM4_CTR
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CTR))
-        return SM4_CTR_TYPE;
+        return WC_SM4_CTR_TYPE;
 #endif
 #ifdef WOLFSSL_SM4_GCM
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_GCM))
-        return SM4_GCM_TYPE;
+        return WC_SM4_GCM_TYPE;
 #endif
 #ifdef WOLFSSL_SM4_CCM
     else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CCM))
-        return SM4_CCM_TYPE;
+        return WC_SM4_CCM_TYPE;
 #endif
 
       else return 0;
 }
 
+/* Getter function for cipher type string
+ *
+ * cipherType  cipherType enum value to get string for
+ *
+ * Returns string representation of the cipher type or NULL if not found
+ */
+const char* wolfSSL_EVP_CIPHER_type_string(unsigned int cipherType)
+{
+    WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_type_string");
+
+    switch (cipherType) {
+#ifndef NO_DES3
+        case WC_DES_CBC_TYPE:           return EVP_DES_CBC;
+        case WC_DES_EDE3_CBC_TYPE:      return EVP_DES_EDE3_CBC;
+        case WC_DES_ECB_TYPE:           return EVP_DES_ECB;
+        case WC_DES_EDE3_ECB_TYPE:      return EVP_DES_EDE3_ECB;
+#endif
+#if !defined(NO_AES)
+    #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
+        #ifdef WOLFSSL_AES_128
+        case WC_AES_128_CBC_TYPE:       return EVP_AES_128_CBC;
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case WC_AES_192_CBC_TYPE:       return EVP_AES_192_CBC;
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case WC_AES_256_CBC_TYPE:       return EVP_AES_256_CBC;
+        #endif
+    #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
+    #if defined(WOLFSSL_AES_CFB)
+        #ifndef WOLFSSL_NO_AES_CFB_1_8
+            #ifdef WOLFSSL_AES_128
+            case WC_AES_128_CFB1_TYPE:      return EVP_AES_128_CFB1;
+            #endif
+            #ifdef WOLFSSL_AES_192
+            case WC_AES_192_CFB1_TYPE:      return EVP_AES_192_CFB1;
+            #endif
+            #ifdef WOLFSSL_AES_256
+            case WC_AES_256_CFB1_TYPE:      return EVP_AES_256_CFB1;
+            #endif
+            #ifdef WOLFSSL_AES_128
+            case WC_AES_128_CFB8_TYPE:      return EVP_AES_128_CFB8;
+            #endif
+            #ifdef WOLFSSL_AES_192
+            case WC_AES_192_CFB8_TYPE:      return EVP_AES_192_CFB8;
+            #endif
+            #ifdef WOLFSSL_AES_256
+            case WC_AES_256_CFB8_TYPE:      return EVP_AES_256_CFB8;
+            #endif
+        #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
+        #ifdef WOLFSSL_AES_128
+        case WC_AES_128_CFB128_TYPE:    return EVP_AES_128_CFB128;
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case WC_AES_192_CFB128_TYPE:    return EVP_AES_192_CFB128;
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case WC_AES_256_CFB128_TYPE:    return EVP_AES_256_CFB128;
+        #endif
+    #endif /* WOLFSSL_AES_CFB */
+    #if defined(WOLFSSL_AES_OFB)
+        #ifdef WOLFSSL_AES_128
+        case WC_AES_128_OFB_TYPE:       return EVP_AES_128_OFB;
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case WC_AES_192_OFB_TYPE:       return EVP_AES_192_OFB;
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case WC_AES_256_OFB_TYPE:       return EVP_AES_256_OFB;
+        #endif
+    #endif /* WOLFSSL_AES_OFB */
+    #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
+        #ifdef WOLFSSL_AES_128
+        case WC_AES_128_XTS_TYPE:       return EVP_AES_128_XTS;
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case WC_AES_256_XTS_TYPE:       return EVP_AES_256_XTS;
+        #endif
+    #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
+    #if defined(HAVE_AESGCM)
+        #ifdef WOLFSSL_AES_128
+        case WC_AES_128_GCM_TYPE:       return EVP_AES_128_GCM;
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case WC_AES_192_GCM_TYPE:       return EVP_AES_192_GCM;
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case WC_AES_256_GCM_TYPE:       return EVP_AES_256_GCM;
+        #endif
+    #endif /* HAVE_AESGCM */
+    #if defined(HAVE_AESCCM)
+        #ifdef WOLFSSL_AES_128
+        case WC_AES_128_CCM_TYPE:       return EVP_AES_128_CCM;
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case WC_AES_192_CCM_TYPE:       return EVP_AES_192_CCM;
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case WC_AES_256_CCM_TYPE:       return EVP_AES_256_CCM;
+        #endif
+    #endif /* HAVE_AESCCM */
+    #if defined(WOLFSSL_AES_COUNTER)
+        #ifdef WOLFSSL_AES_128
+        case WC_AES_128_CTR_TYPE:       return EVP_AES_128_CTR;
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case WC_AES_192_CTR_TYPE:       return EVP_AES_192_CTR;
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case WC_AES_256_CTR_TYPE:       return EVP_AES_256_CTR;
+        #endif
+    #endif /* WOLFSSL_AES_COUNTER */
+    #if defined(HAVE_AES_ECB)
+        #ifdef WOLFSSL_AES_128
+        case WC_AES_128_ECB_TYPE:       return EVP_AES_128_ECB;
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case WC_AES_192_ECB_TYPE:       return EVP_AES_192_ECB;
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case WC_AES_256_ECB_TYPE:       return EVP_AES_256_ECB;
+        #endif
+    #endif /* HAVE_AES_ECB */
+#endif /* !NO_AES */
+#if defined(HAVE_ARIA)
+        case WC_ARIA_128_GCM_TYPE:      return EVP_ARIA_128_GCM;
+        case WC_ARIA_192_GCM_TYPE:      return EVP_ARIA_192_GCM;
+        case WC_ARIA_256_GCM_TYPE:      return EVP_ARIA_256_GCM;
+#endif /* HAVE_ARIA */
+#ifndef NO_RC4
+        case WC_ARC4_TYPE:              return EVP_ARC4;
+#endif
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+        case WC_CHACHA20_POLY1305_TYPE: return EVP_CHACHA20_POLY1305;
+#endif
+#ifdef HAVE_CHACHA
+        case WC_CHACHA20_TYPE:          return EVP_CHACHA20;
+#endif
+#ifdef WOLFSSL_SM4_ECB
+        case WC_SM4_ECB_TYPE:           return EVP_SM4_ECB;
+#endif
+#ifdef WOLFSSL_SM4_CBC
+        case WC_SM4_CBC_TYPE:           return EVP_SM4_CBC;
+#endif
+#ifdef WOLFSSL_SM4_CTR
+        case WC_SM4_CTR_TYPE:           return EVP_SM4_CTR;
+#endif
+#ifdef WOLFSSL_SM4_GCM
+        case WC_SM4_GCM_TYPE:           return EVP_SM4_GCM;
+#endif
+#ifdef WOLFSSL_SM4_CCM
+        case WC_SM4_CCM_TYPE:           return EVP_SM4_CCM;
+#endif
+        case WC_NULL_CIPHER_TYPE:       return EVP_NULL;
+        default:
+            return NULL;
+    }
+}
+
 int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher)
 {
     if (cipher == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     switch (cipherType(cipher)) {
 #if !defined(NO_AES)
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-        case AES_128_CBC_TYPE:
-        case AES_192_CBC_TYPE:
-        case AES_256_CBC_TYPE:
-            return AES_BLOCK_SIZE;
+        case WC_AES_128_CBC_TYPE:
+        case WC_AES_192_CBC_TYPE:
+        case WC_AES_256_CBC_TYPE:
+            return WC_AES_BLOCK_SIZE;
     #endif
     #if defined(HAVE_AESGCM)
-        case AES_128_GCM_TYPE:
-        case AES_192_GCM_TYPE:
-        case AES_256_GCM_TYPE:
+        case WC_AES_128_GCM_TYPE:
+        case WC_AES_192_GCM_TYPE:
+        case WC_AES_256_GCM_TYPE:
             return 1;
     #endif
     #if defined(HAVE_AESCCM)
-        case AES_128_CCM_TYPE:
-        case AES_192_CCM_TYPE:
-        case AES_256_CCM_TYPE:
+        case WC_AES_128_CCM_TYPE:
+        case WC_AES_192_CCM_TYPE:
+        case WC_AES_256_CCM_TYPE:
             return 1;
     #endif
     #if defined(WOLFSSL_AES_COUNTER)
-        case AES_128_CTR_TYPE:
-        case AES_192_CTR_TYPE:
-        case AES_256_CTR_TYPE:
+        case WC_AES_128_CTR_TYPE:
+        case WC_AES_192_CTR_TYPE:
+        case WC_AES_256_CTR_TYPE:
             return 1;
     #endif
     #if defined(HAVE_AES_ECB)
-        case AES_128_ECB_TYPE:
-        case AES_192_ECB_TYPE:
-        case AES_256_ECB_TYPE:
-            return AES_BLOCK_SIZE;
+        case WC_AES_128_ECB_TYPE:
+        case WC_AES_192_ECB_TYPE:
+        case WC_AES_256_ECB_TYPE:
+            return WC_AES_BLOCK_SIZE;
     #endif
     #if defined(WOLFSSL_AES_CFB)
-        case AES_128_CFB1_TYPE:
-        case AES_192_CFB1_TYPE:
-        case AES_256_CFB1_TYPE:
-        case AES_128_CFB8_TYPE:
-        case AES_192_CFB8_TYPE:
-        case AES_256_CFB8_TYPE:
-        case AES_128_CFB128_TYPE:
-        case AES_192_CFB128_TYPE:
-        case AES_256_CFB128_TYPE:
+        case WC_AES_128_CFB1_TYPE:
+        case WC_AES_192_CFB1_TYPE:
+        case WC_AES_256_CFB1_TYPE:
+        case WC_AES_128_CFB8_TYPE:
+        case WC_AES_192_CFB8_TYPE:
+        case WC_AES_256_CFB8_TYPE:
+        case WC_AES_128_CFB128_TYPE:
+        case WC_AES_192_CFB128_TYPE:
+        case WC_AES_256_CFB128_TYPE:
             return 1;
     #endif
     #if defined(WOLFSSL_AES_OFB)
-        case AES_128_OFB_TYPE:
-        case AES_192_OFB_TYPE:
-        case AES_256_OFB_TYPE:
+        case WC_AES_128_OFB_TYPE:
+        case WC_AES_192_OFB_TYPE:
+        case WC_AES_256_OFB_TYPE:
             return 1;
     #endif
     #if defined(WOLFSSL_AES_XTS) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-        case AES_128_XTS_TYPE:
-        case AES_256_XTS_TYPE:
+        case WC_AES_128_XTS_TYPE:
+        case WC_AES_256_XTS_TYPE:
             return 1;
     #endif
   #endif /* NO_AES */
 
   #ifndef NO_RC4
-        case ARC4_TYPE:
+        case WC_ARC4_TYPE:
             return 1;
   #endif
 #if defined(HAVE_ARIA)
-    case ARIA_128_GCM_TYPE:
-    case ARIA_192_GCM_TYPE:
-    case ARIA_256_GCM_TYPE:
+    case WC_ARIA_128_GCM_TYPE:
+    case WC_ARIA_192_GCM_TYPE:
+    case WC_ARIA_256_GCM_TYPE:
         return 1;
 #endif
 
 #ifndef NO_DES3
-        case DES_CBC_TYPE: return 8;
-        case DES_EDE3_CBC_TYPE: return 8;
-        case DES_ECB_TYPE: return 8;
-        case DES_EDE3_ECB_TYPE: return 8;
+        case WC_DES_CBC_TYPE: return 8;
+        case WC_DES_EDE3_CBC_TYPE: return 8;
+        case WC_DES_ECB_TYPE: return 8;
+        case WC_DES_EDE3_ECB_TYPE: return 8;
 #endif
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             return 1;
 #endif
 
 #ifdef HAVE_CHACHA
-        case CHACHA20_TYPE:
+        case WC_CHACHA20_TYPE:
             return 1;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-       case SM4_ECB_TYPE:
+       case WC_SM4_ECB_TYPE:
             return SM4_BLOCK_SIZE;
 #endif
 #ifdef WOLFSSL_SM4_CBC
-       case SM4_CBC_TYPE:
+       case WC_SM4_CBC_TYPE:
             return SM4_BLOCK_SIZE;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-       case SM4_CTR_TYPE:
+       case WC_SM4_CTR_TYPE:
             return 1;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-       case SM4_GCM_TYPE:
+       case WC_SM4_GCM_TYPE:
             return 1;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-       case SM4_CCM_TYPE:
+       case WC_SM4_CCM_TYPE:
             return 1;
 #endif
 
@@ -2165,107 +2330,107 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
     switch (cipherType(cipher)) {
 #if !defined(NO_AES)
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-        case AES_128_CBC_TYPE:
-        case AES_192_CBC_TYPE:
-        case AES_256_CBC_TYPE:
+        case WC_AES_128_CBC_TYPE:
+        case WC_AES_192_CBC_TYPE:
+        case WC_AES_256_CBC_TYPE:
             return WOLFSSL_EVP_CIPH_CBC_MODE;
     #endif
     #if defined(HAVE_AESGCM)
-        case AES_128_GCM_TYPE:
-        case AES_192_GCM_TYPE:
-        case AES_256_GCM_TYPE:
+        case WC_AES_128_GCM_TYPE:
+        case WC_AES_192_GCM_TYPE:
+        case WC_AES_256_GCM_TYPE:
             return WOLFSSL_EVP_CIPH_GCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #if defined(HAVE_AESCCM)
-        case AES_128_CCM_TYPE:
-        case AES_192_CCM_TYPE:
-        case AES_256_CCM_TYPE:
+        case WC_AES_128_CCM_TYPE:
+        case WC_AES_192_CCM_TYPE:
+        case WC_AES_256_CCM_TYPE:
             return WOLFSSL_EVP_CIPH_CCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #if defined(WOLFSSL_AES_COUNTER)
-        case AES_128_CTR_TYPE:
-        case AES_192_CTR_TYPE:
-        case AES_256_CTR_TYPE:
+        case WC_AES_128_CTR_TYPE:
+        case WC_AES_192_CTR_TYPE:
+        case WC_AES_256_CTR_TYPE:
             return WOLFSSL_EVP_CIPH_CTR_MODE;
     #endif
     #if defined(WOLFSSL_AES_CFB)
-        case AES_128_CFB1_TYPE:
-        case AES_192_CFB1_TYPE:
-        case AES_256_CFB1_TYPE:
-        case AES_128_CFB8_TYPE:
-        case AES_192_CFB8_TYPE:
-        case AES_256_CFB8_TYPE:
-        case AES_128_CFB128_TYPE:
-        case AES_192_CFB128_TYPE:
-        case AES_256_CFB128_TYPE:
+        case WC_AES_128_CFB1_TYPE:
+        case WC_AES_192_CFB1_TYPE:
+        case WC_AES_256_CFB1_TYPE:
+        case WC_AES_128_CFB8_TYPE:
+        case WC_AES_192_CFB8_TYPE:
+        case WC_AES_256_CFB8_TYPE:
+        case WC_AES_128_CFB128_TYPE:
+        case WC_AES_192_CFB128_TYPE:
+        case WC_AES_256_CFB128_TYPE:
             return WOLFSSL_EVP_CIPH_CFB_MODE;
     #endif
     #if defined(WOLFSSL_AES_OFB)
-        case AES_128_OFB_TYPE:
-        case AES_192_OFB_TYPE:
-        case AES_256_OFB_TYPE:
+        case WC_AES_128_OFB_TYPE:
+        case WC_AES_192_OFB_TYPE:
+        case WC_AES_256_OFB_TYPE:
             return WOLFSSL_EVP_CIPH_OFB_MODE;
     #endif
     #if defined(WOLFSSL_AES_XTS) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-        case AES_128_XTS_TYPE:
-        case AES_256_XTS_TYPE:
+        case WC_AES_128_XTS_TYPE:
+        case WC_AES_256_XTS_TYPE:
             return WOLFSSL_EVP_CIPH_XTS_MODE;
     #endif
-        case AES_128_ECB_TYPE:
-        case AES_192_ECB_TYPE:
-        case AES_256_ECB_TYPE:
+        case WC_AES_128_ECB_TYPE:
+        case WC_AES_192_ECB_TYPE:
+        case WC_AES_256_ECB_TYPE:
             return WOLFSSL_EVP_CIPH_ECB_MODE;
 #endif /* !NO_AES */
     #if defined(HAVE_ARIA)
-        case ARIA_128_GCM_TYPE:
-        case ARIA_192_GCM_TYPE:
-        case ARIA_256_GCM_TYPE:
+        case WC_ARIA_128_GCM_TYPE:
+        case WC_ARIA_192_GCM_TYPE:
+        case WC_ARIA_256_GCM_TYPE:
             return WOLFSSL_EVP_CIPH_GCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #ifndef NO_DES3
-        case DES_CBC_TYPE:
-        case DES_EDE3_CBC_TYPE:
+        case WC_DES_CBC_TYPE:
+        case WC_DES_EDE3_CBC_TYPE:
             return WOLFSSL_EVP_CIPH_CBC_MODE;
-        case DES_ECB_TYPE:
-        case DES_EDE3_ECB_TYPE:
+        case WC_DES_ECB_TYPE:
+        case WC_DES_EDE3_ECB_TYPE:
             return WOLFSSL_EVP_CIPH_ECB_MODE;
     #endif
     #ifndef NO_RC4
-        case ARC4_TYPE:
-            return EVP_CIPH_STREAM_CIPHER;
+        case WC_ARC4_TYPE:
+            return WOLFSSL_EVP_CIPH_STREAM_CIPHER;
     #endif
     #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             return WOLFSSL_EVP_CIPH_STREAM_CIPHER |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #ifdef HAVE_CHACHA
-        case CHACHA20_TYPE:
+        case WC_CHACHA20_TYPE:
             return WOLFSSL_EVP_CIPH_STREAM_CIPHER;
     #endif
     #ifdef WOLFSSL_SM4_ECB
-        case SM4_ECB_TYPE:
+        case WC_SM4_ECB_TYPE:
             return WOLFSSL_EVP_CIPH_ECB_MODE;
     #endif
     #ifdef WOLFSSL_SM4_CBC
-        case SM4_CBC_TYPE:
+        case WC_SM4_CBC_TYPE:
             return WOLFSSL_EVP_CIPH_CBC_MODE;
     #endif
     #ifdef WOLFSSL_SM4_CTR
-        case SM4_CTR_TYPE:
+        case WC_SM4_CTR_TYPE:
             return WOLFSSL_EVP_CIPH_CTR_MODE;
     #endif
     #ifdef WOLFSSL_SM4_GCM
-        case SM4_GCM_TYPE:
+        case WC_SM4_GCM_TYPE:
             return WOLFSSL_EVP_CIPH_GCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
     #ifdef WOLFSSL_SM4_CCM
-        case SM4_CCM_TYPE:
+        case WC_SM4_CCM_TYPE:
             return WOLFSSL_EVP_CIPH_CCM_MODE |
                     WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
     #endif
@@ -2306,7 +2471,7 @@ int  wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx,
     int padding)
 {
     if (ctx == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
     if (padding) {
         ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_NO_PADDING;
     }
@@ -2318,9 +2483,10 @@ int  wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx,
 
 int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest)
 {
-    (void)digest;
     /* nothing to do */
-    return 0;
+    if (digest == NULL)
+        return WOLFSSL_FAILURE;
+    return WOLFSSL_SUCCESS;
 }
 
 
@@ -2373,7 +2539,7 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E
     XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX));
     ctx->pkey = pkey;
 #if !defined(NO_RSA)
-    ctx->padding = RSA_PKCS1_PADDING;
+    ctx->padding = WC_RSA_PKCS1_PADDING;
     ctx->md = NULL;
 #endif
 #ifdef HAVE_ECC
@@ -2415,7 +2581,7 @@ int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding)
  * returns WOLFSSL_SUCCESS on success.
  */
 int wolfSSL_EVP_PKEY_CTX_set_signature_md(WOLFSSL_EVP_PKEY_CTX *ctx,
-    const EVP_MD* md)
+    const WOLFSSL_EVP_MD* md)
 {
     if (ctx == NULL) return 0;
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_signature_md");
@@ -2467,7 +2633,7 @@ int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx)
         return WOLFSSL_FAILURE;
     }
     wolfSSL_EVP_PKEY_free(ctx->peerKey);
-    ctx->op = EVP_PKEY_OP_DERIVE;
+    ctx->op = WC_EVP_PKEY_OP_DERIVE;
     ctx->padding = 0;
     ctx->nbits = 0;
     return WOLFSSL_SUCCESS;
@@ -2477,7 +2643,7 @@ int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY
 {
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive_set_peer");
 
-    if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE) {
+    if (!ctx || ctx->op != WC_EVP_PKEY_OP_DERIVE) {
         return WOLFSSL_FAILURE;
     }
     wolfSSL_EVP_PKEY_free(ctx->peerKey);
@@ -2512,14 +2678,14 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
 
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive");
 
-    if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE || !ctx->pkey || (!ctx->peerKey
-        && ctx->pkey->type != EVP_PKEY_HKDF) || !keylen || (ctx->pkey->type
-        != EVP_PKEY_HKDF && ctx->pkey->type != ctx->peerKey->type)) {
+    if (!ctx || ctx->op != WC_EVP_PKEY_OP_DERIVE || !ctx->pkey || (!ctx->peerKey
+        && ctx->pkey->type != WC_EVP_PKEY_HKDF) || !keylen || (ctx->pkey->type
+        != WC_EVP_PKEY_HKDF && ctx->pkey->type != ctx->peerKey->type)) {
         return WOLFSSL_FAILURE;
     }
     switch (ctx->pkey->type) {
 #ifndef NO_DH
-    case EVP_PKEY_DH:
+    case WC_EVP_PKEY_DH:
         /* Use DH */
         if (!ctx->pkey->dh || !ctx->peerKey->dh) {
             return WOLFSSL_FAILURE;
@@ -2552,7 +2718,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
         break;
 #endif
 #if defined(HAVE_ECC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         /* Use ECDH */
         if (!ctx->pkey->ecc || !ctx->peerKey->ecc) {
             return WOLFSSL_FAILURE;
@@ -2620,7 +2786,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
         break;
 #endif
 #ifdef HAVE_HKDF
-    case EVP_PKEY_HKDF:
+    case WC_EVP_PKEY_HKDF:
         (void)len;
 
         hkdfHashType = EvpMd2MacType(ctx->pkey->hkdfMd);
@@ -2628,8 +2794,8 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
             WOLFSSL_MSG("Invalid hash type for HKDF.");
             return WOLFSSL_FAILURE;
         }
-        if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) {
-            if (wc_HKDF(hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz,
+        if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) {
+            if (wc_HKDF((int)hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz,
                         ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz,
                         ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key,
                         (word32)*keylen) != 0) {
@@ -2637,8 +2803,8 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
                 return WOLFSSL_FAILURE;
             }
         }
-        else if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) {
-            if (wc_HKDF_Extract(hkdfHashType, ctx->pkey->hkdfSalt,
+        else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) {
+            if (wc_HKDF_Extract((int)hkdfHashType, ctx->pkey->hkdfSalt,
                                 ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfKey,
                                 ctx->pkey->hkdfKeySz, key) != 0) {
                 WOLFSSL_MSG("wc_HKDF_Extract failed.");
@@ -2654,8 +2820,8 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
                 *keylen = (size_t)hkdfHashSz;
             }
         }
-        else if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
-            if (wc_HKDF_Expand(hkdfHashType, ctx->pkey->hkdfKey,
+        else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
+            if (wc_HKDF_Expand((int)hkdfHashType, ctx->pkey->hkdfKey,
                                ctx->pkey->hkdfKeySz, ctx->pkey->hkdfInfo,
                                ctx->pkey->hkdfInfoSz, key,
                                (word32)*keylen) != 0) {
@@ -2710,7 +2876,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx,
         WOLFSSL_MSG("Bad argument.");
         ret = WOLFSSL_FAILURE;
     }
-    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) {
+    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) {
         WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
         ret = WOLFSSL_FAILURE;
     }
@@ -2745,7 +2911,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx,
         WOLFSSL_MSG("Bad argument.");
         ret = WOLFSSL_FAILURE;
     }
-    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) {
+    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) {
         WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
         ret = WOLFSSL_FAILURE;
     }
@@ -2780,7 +2946,7 @@ int wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(WOLFSSL_EVP_PKEY_CTX* ctx,
         WOLFSSL_MSG("Bad argument.");
         ret = WOLFSSL_FAILURE;
     }
-    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) {
+    if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) {
         WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
         ret = WOLFSSL_FAILURE;
     }
@@ -2830,9 +2996,10 @@ int wolfSSL_EVP_PKEY_CTX_hkdf_mode(WOLFSSL_EVP_PKEY_CTX* ctx, int mode)
     }
 
     if (ret == WOLFSSL_SUCCESS &&
-        mode != EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND &&
-        mode != EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY &&
-        mode != EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
+        mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND &&
+        mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY &&
+        mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY)
+    {
         WOLFSSL_MSG("Invalid HKDF mode.");
         ret = WOLFSSL_FAILURE;
     }
@@ -2880,7 +3047,7 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
 
     switch (ctx->pkey->type) {
 #if !defined(NO_RSA)
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         if (out == NULL) {
             if (ctx->pkey->rsa == NULL) {
                 WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL.");
@@ -2909,8 +3076,8 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
         }
 #endif /* NO_RSA */
 
-    case EVP_PKEY_EC:
-        WOLFSSL_MSG("EVP_PKEY_EC not implemented.");
+    case WC_EVP_PKEY_EC:
+        WOLFSSL_MSG("WC_EVP_PKEY_EC not implemented.");
         FALL_THROUGH;
     default:
         break;
@@ -2931,10 +3098,10 @@ int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
     if (ctx == NULL) return WOLFSSL_FAILURE;
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_decrypt_init");
     switch (ctx->pkey->type) {
-    case EVP_PKEY_RSA:
-        ctx->op = EVP_PKEY_OP_DECRYPT;
+    case WC_EVP_PKEY_RSA:
+        ctx->op = WC_EVP_PKEY_OP_DECRYPT;
         return WOLFSSL_SUCCESS;
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         WOLFSSL_MSG("not implemented");
         FALL_THROUGH;
     default:
@@ -2969,8 +3136,8 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
         return 0;
     }
 
-    if (ctx->op != EVP_PKEY_OP_ENCRYPT) {
-        WOLFSSL_MSG("ctx->op must be set to EVP_PKEY_OP_ENCRYPT. Use "
+    if (ctx->op != WC_EVP_PKEY_OP_ENCRYPT) {
+        WOLFSSL_MSG("ctx->op must be set to WC_EVP_PKEY_OP_ENCRYPT. Use "
             "wolfSSL_EVP_PKEY_encrypt_init.");
         return WOLFSSL_FAILURE;
     }
@@ -2983,7 +3150,7 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
 
     switch (ctx->pkey->type) {
 #if !defined(NO_RSA)
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         if (out == NULL) {
             if (ctx->pkey->rsa == NULL) {
                 WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL.");
@@ -3013,8 +3180,8 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
         }
 #endif /* NO_RSA */
 
-    case EVP_PKEY_EC:
-        WOLFSSL_MSG("EVP_PKEY_EC not implemented");
+    case WC_EVP_PKEY_EC:
+        WOLFSSL_MSG("WC_EVP_PKEY_EC not implemented");
         FALL_THROUGH;
     default:
         break;
@@ -3036,10 +3203,10 @@ int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_encrypt_init");
 
     switch (ctx->pkey->type) {
-    case EVP_PKEY_RSA:
-        ctx->op = EVP_PKEY_OP_ENCRYPT;
+    case WC_EVP_PKEY_RSA:
+        ctx->op = WC_EVP_PKEY_OP_ENCRYPT;
         return WOLFSSL_SUCCESS;
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         WOLFSSL_MSG("not implemented");
         FALL_THROUGH;
     default:
@@ -3064,22 +3231,22 @@ int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx)
 
     switch (ctx->pkey->type) {
 #if !defined(NO_RSA)
-        case EVP_PKEY_RSA:
-            ctx->op = EVP_PKEY_OP_SIGN;
+        case WC_EVP_PKEY_RSA:
+            ctx->op = WC_EVP_PKEY_OP_SIGN;
             ret = WOLFSSL_SUCCESS;
             break;
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-        case EVP_PKEY_DSA:
-            ctx->op = EVP_PKEY_OP_SIGN;
+        case WC_EVP_PKEY_DSA:
+            ctx->op = WC_EVP_PKEY_OP_SIGN;
             ret = WOLFSSL_SUCCESS;
             break;
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
-            ctx->op = EVP_PKEY_OP_SIGN;
+        case WC_EVP_PKEY_EC:
+            ctx->op = WC_EVP_PKEY_OP_SIGN;
             ret = WOLFSSL_SUCCESS;
             break;
 #endif /* HAVE_ECC */
@@ -3102,7 +3269,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
 {
     WOLFSSL_MSG("wolfSSL_EVP_PKEY_sign");
 
-    if (!ctx || ctx->op != EVP_PKEY_OP_SIGN || !ctx->pkey || !siglen)
+    if (!ctx || ctx->op != WC_EVP_PKEY_OP_SIGN || !ctx->pkey || !siglen)
         return WOLFSSL_FAILURE;
 
     (void)sig;
@@ -3112,7 +3279,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
 
     switch (ctx->pkey->type) {
 #if !defined(NO_RSA)
-    case EVP_PKEY_RSA: {
+    case WC_EVP_PKEY_RSA: {
         unsigned int usiglen = (unsigned int)*siglen;
         if (!sig) {
             int len;
@@ -3137,13 +3304,13 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-    case EVP_PKEY_DSA: {
+    case WC_EVP_PKEY_DSA: {
         int bytes;
         int ret;
         if (!ctx->pkey->dsa)
             return WOLFSSL_FAILURE;
         bytes = wolfSSL_BN_num_bytes(ctx->pkey->dsa->q);
-        if (bytes == WOLFSSL_FAILURE)
+        if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             return WOLFSSL_FAILURE;
         bytes *= 2;
         if (!sig) {
@@ -3156,7 +3323,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
         /* wolfSSL_DSA_do_sign() can return WOLFSSL_FATAL_ERROR */
         if (ret != WOLFSSL_SUCCESS)
             return ret;
-        if (bytes == WOLFSSL_FAILURE)
+        if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             return WOLFSSL_FAILURE;
         *siglen = (size_t)bytes;
         return WOLFSSL_SUCCESS;
@@ -3164,7 +3331,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC: {
+    case WC_EVP_PKEY_EC: {
         int ret;
         WOLFSSL_ECDSA_SIG *ecdsaSig;
         if (!sig) {
@@ -3226,20 +3393,20 @@ int wolfSSL_EVP_PKEY_verify_init(WOLFSSL_EVP_PKEY_CTX *ctx)
 
     switch (ctx->pkey->type) {
 #if !defined(NO_RSA)
-        case EVP_PKEY_RSA:
-            ctx->op = EVP_PKEY_OP_VERIFY;
+        case WC_EVP_PKEY_RSA:
+            ctx->op = WC_EVP_PKEY_OP_VERIFY;
             return WOLFSSL_SUCCESS;
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-        case EVP_PKEY_DSA:
-            ctx->op = EVP_PKEY_OP_VERIFY;
+        case WC_EVP_PKEY_DSA:
+            ctx->op = WC_EVP_PKEY_OP_VERIFY;
             return WOLFSSL_SUCCESS;
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
-            ctx->op = EVP_PKEY_OP_VERIFY;
+        case WC_EVP_PKEY_EC:
+            ctx->op = WC_EVP_PKEY_OP_VERIFY;
             return WOLFSSL_SUCCESS;
 #endif /* HAVE_ECC */
 
@@ -3263,19 +3430,19 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig,
 {
     WOLFSSL_MSG("wolfSSL_EVP_PKEY_verify");
 
-    if (!ctx || ctx->op != EVP_PKEY_OP_VERIFY || !ctx->pkey)
+    if (!ctx || ctx->op != WC_EVP_PKEY_OP_VERIFY || !ctx->pkey)
         return WOLFSSL_FAILURE;
 
     switch (ctx->pkey->type) {
 #if !defined(NO_RSA)
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         return wolfSSL_RSA_verify_ex(WC_HASH_TYPE_NONE, tbs,
             (unsigned int)tbslen, sig, (unsigned int)siglen, ctx->pkey->rsa,
             ctx->padding);
 #endif /* NO_RSA */
 
 #ifndef NO_DSA
-     case EVP_PKEY_DSA: {
+     case WC_EVP_PKEY_DSA: {
         int dsacheck = 0;
         if (wolfSSL_DSA_do_verify(tbs, (unsigned char *)sig, ctx->pkey->dsa,
             &dsacheck) != WOLFSSL_SUCCESS || dsacheck != 1)
@@ -3285,7 +3452,7 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig,
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC: {
+    case WC_EVP_PKEY_EC: {
         int ret;
         WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG(
             NULL, (const unsigned char **)&sig, (long)siglen);
@@ -3333,7 +3500,7 @@ int wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX *ctx,
 {
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid");
 #ifdef HAVE_ECC
-    if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == EVP_PKEY_EC) {
+    if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == WC_EVP_PKEY_EC) {
         ctx->curveNID = nid;
         return WOLFSSL_SUCCESS;
     }
@@ -3366,7 +3533,7 @@ int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx,
 
     if (ret == WOLFSSL_SUCCESS && *pkey == NULL) {
         /* Only ECC is supported currently. */
-        if (ctx->pkey == NULL || ctx->pkey->type != EVP_PKEY_EC) {
+        if (ctx->pkey == NULL || ctx->pkey->type != WC_EVP_PKEY_EC) {
             WOLFSSL_MSG("Key not set or key type not supported.");
             ret = WOLFSSL_FAILURE;
         }
@@ -3387,7 +3554,7 @@ int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx,
         #ifdef HAVE_ECC
             /* For ECC parameter generation we just need to set the group, which
              * wolfSSL_EC_KEY_new_by_curve_name will do. */
-            case EVP_PKEY_EC:
+            case WC_EVP_PKEY_EC:
                 (*pkey)->ecc = wolfSSL_EC_KEY_new_by_curve_name(ctx->curveNID);
                 if ((*pkey)->ecc == NULL) {
                     WOLFSSL_MSG("Failed to create WOLFSSL_EC_KEY.");
@@ -3437,24 +3604,24 @@ int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx)
 int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
   WOLFSSL_EVP_PKEY **ppkey)
 {
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     int ownPkey = 0;
     WOLFSSL_EVP_PKEY* pkey;
 
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_keygen");
 
     if (ctx == NULL || ppkey == NULL) {
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
     }
 
     pkey = *ppkey;
     if (pkey == NULL) {
         if (ctx->pkey == NULL ||
-                (ctx->pkey->type != EVP_PKEY_EC &&
-                 ctx->pkey->type != EVP_PKEY_RSA &&
-                 ctx->pkey->type != EVP_PKEY_DH)) {
+                (ctx->pkey->type != WC_EVP_PKEY_EC &&
+                 ctx->pkey->type != WC_EVP_PKEY_RSA &&
+                 ctx->pkey->type != WC_EVP_PKEY_DH)) {
             WOLFSSL_MSG("Key not set or key type not supported");
-            return BAD_FUNC_ARG;
+            return WOLFSSL_FAILURE;
         }
         pkey = wolfSSL_EVP_PKEY_new();
         if (pkey == NULL) {
@@ -3466,7 +3633,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
 
     switch (pkey->type) {
 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             pkey->rsa = wolfSSL_RSA_generate_key(ctx->nbits, WC_RSA_EXPONENT,
                 NULL, NULL);
             if (pkey->rsa) {
@@ -3478,7 +3645,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
             break;
 #endif
 #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             /* pkey->ecc may not be NULL, if, for example, it was populated by a
              * prior call to wolfSSL_EVP_PKEY_paramgen. */
             if (pkey->ecc == NULL) {
@@ -3493,7 +3660,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
             break;
 #endif
 #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
-        case EVP_PKEY_DH:
+        case WC_EVP_PKEY_DH:
             pkey->dh = wolfSSL_DH_new();
             if (pkey->dh) {
                 pkey->ownDh = 1;
@@ -3539,12 +3706,12 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
 
     switch (pkey->type) {
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa));
 #endif /* !NO_RSA */
 
 #ifndef NO_DSA
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         if (pkey->dsa == NULL ||
                 (!pkey->dsa->exSet &&
                         SetDsaExternal(pkey->dsa) != WOLFSSL_SUCCESS))
@@ -3553,7 +3720,7 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
 #endif
 
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         if (pkey->ecc == NULL || pkey->ecc->internal == NULL) {
             WOLFSSL_MSG("No ECC key has been set");
             break;
@@ -3578,7 +3745,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
         return WOLFSSL_FAILURE;
     }
 
-    if (to->type == EVP_PKEY_NONE) {
+    if (to->type == WC_EVP_PKEY_NONE) {
         to->type = from->type;
     }
     else if (to->type != from->type) {
@@ -3588,7 +3755,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
 
     switch(from->type) {
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         if (from->ecc) {
             if (!to->ecc) {
                 if ((to->ecc = wolfSSL_EC_KEY_new()) == NULL) {
@@ -3608,7 +3775,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
         break;
 #endif
 #ifndef NO_DSA
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
         if (from->dsa) {
             WOLFSSL_BIGNUM* cpy;
             if (!to->dsa) {
@@ -3650,7 +3817,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
         break;
 #endif
 #ifndef NO_DH
-    case EVP_PKEY_DH:
+    case WC_EVP_PKEY_DH:
         if (from->dh) {
             WOLFSSL_BIGNUM* cpy;
             if (!to->dh) {
@@ -3692,7 +3859,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
         break;
 #endif
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
 #endif
     default:
         WOLFSSL_MSG("Copy parameters not available for this key type");
@@ -3739,13 +3906,13 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b)
     /* get size based on key type */
     switch (a->type) {
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
         a_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa));
         b_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa));
         break;
 #endif /* !NO_RSA */
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
         if (a->ecc == NULL || a->ecc->internal == NULL ||
             b->ecc == NULL || b->ecc->internal == NULL) {
             return ret;
@@ -3790,18 +3957,11 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b)
 static int DH_param_check(WOLFSSL_DH* dh_key)
 {
     int ret = WOLFSSL_SUCCESS;
-    WOLFSSL_BN_CTX* ctx = NULL;
     WOLFSSL_BIGNUM *num1 = NULL;
     WOLFSSL_BIGNUM *num2 = NULL;
 
     WOLFSSL_ENTER("DH_param_check");
 
-    ctx = wolfSSL_BN_CTX_new();
-    if (ctx == NULL) {
-        WOLFSSL_MSG("failed to allocate memory");
-        return WOLFSSL_FAILURE;
-    }
-
     num1 = wolfSSL_BN_new();
     num2 = wolfSSL_BN_new();
     if (num1 == NULL || num2 == NULL) {
@@ -3835,21 +3995,22 @@ static int DH_param_check(WOLFSSL_DH* dh_key)
         dh_key->q != NULL)
     {
         if (ret == WOLFSSL_SUCCESS &&
-            wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx) ==
-            WOLFSSL_FAILURE) {
+            wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, NULL)
+               == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
             WOLFSSL_MSG("BN_mod_exp failed");
             ret = WOLFSSL_FAILURE;
         }
         else
             if (ret == WOLFSSL_SUCCESS &&
-                wolfSSL_BN_is_one(num1) == WOLFSSL_FAILURE) {
+                wolfSSL_BN_is_one(num1) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
                 WOLFSSL_MSG("dh_key->g is not suitable generator");
                 ret = WOLFSSL_FAILURE;
             }
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
         /* test if the number q is prime. */
         if (ret == WOLFSSL_SUCCESS &&
-            (wolfSSL_BN_is_prime_ex(dh_key->q, 64, ctx, NULL) <= 0)) {
+            (wolfSSL_BN_is_prime_ex(dh_key->q, 64, NULL, NULL) <= 0)) {
             WOLFSSL_MSG("dh_key->q is not prime or error during check.");
             ret = WOLFSSL_FAILURE;
         } /* else TODO check q div q - 1. need BN_div */
@@ -3857,7 +4018,6 @@ static int DH_param_check(WOLFSSL_DH* dh_key)
     }
 
     /* clean up */
-    wolfSSL_BN_CTX_free(ctx);
     wolfSSL_BN_free(num1);
     wolfSSL_BN_free(num2);
 
@@ -3883,23 +4043,23 @@ int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx)
     type = wolfSSL_EVP_PKEY_type(wolfSSL_EVP_PKEY_base_id(ctx->pkey));
     switch (type) {
         #if !defined(NO_RSA)
-            case EVP_PKEY_RSA:
-                WOLFSSL_MSG("EVP_PKEY_RSA not yet implemented");
+            case WC_EVP_PKEY_RSA:
+                WOLFSSL_MSG("WC_EVP_PKEY_RSA not yet implemented");
                 return WOLFSSL_FAILURE;
         #endif
         #if defined(HAVE_ECC)
-            case EVP_PKEY_EC:
-                WOLFSSL_MSG("EVP_PKEY_EC not yet implemented");
+            case WC_EVP_PKEY_EC:
+                WOLFSSL_MSG("WC_EVP_PKEY_EC not yet implemented");
                 return WOLFSSL_FAILURE;
         #endif
         #if !defined(NO_DSA)
-            case EVP_PKEY_DSA:
-                WOLFSSL_MSG("EVP_PKEY_DSA not yet implemented");
+            case WC_EVP_PKEY_DSA:
+                WOLFSSL_MSG("WC_EVP_PKEY_DSA not yet implemented");
                 return WOLFSSL_FAILURE;
         #endif
         #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
         #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
-            case EVP_PKEY_DH:
+            case WC_EVP_PKEY_DH:
                 dh_key = wolfSSL_EVP_PKEY_get1_DH(ctx->pkey);
                 if (dh_key != NULL) {
                     ret = DH_param_check(dh_key);
@@ -3990,7 +4150,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
     (void)siglen;
 
     WOLFSSL_ENTER("EVP_SignFinal");
-    if (ctx == NULL)
+    if (ctx == NULL || sigret == NULL || siglen == NULL || pkey == NULL)
         return WOLFSSL_FAILURE;
 
     ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
@@ -3999,7 +4159,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
 
     switch (pkey->type) {
 #if !defined(NO_RSA)
-    case EVP_PKEY_RSA: {
+    case WC_EVP_PKEY_RSA: {
         int nid;
         const WOLFSSL_EVP_MD *ctxmd;
 
@@ -4015,22 +4175,43 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
     }
 #endif /* NO_RSA */
 #ifndef NO_DSA
-    case EVP_PKEY_DSA: {
+    case WC_EVP_PKEY_DSA: {
         int bytes;
         ret = wolfSSL_DSA_do_sign(md, sigret, pkey->dsa);
         /* wolfSSL_DSA_do_sign() can return WOLFSSL_FATAL_ERROR */
         if (ret != WOLFSSL_SUCCESS)
             return ret;
         bytes = wolfSSL_BN_num_bytes(pkey->dsa->q);
-        if (bytes == WOLFSSL_FAILURE || (int)*siglen < bytes * 2)
+        if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE) ||
+            (int)*siglen < bytes * 2)
+        {
             return WOLFSSL_FAILURE;
+        }
         *siglen = (unsigned int)(bytes * 2);
         return WOLFSSL_SUCCESS;
     }
 #endif
-    case EVP_PKEY_EC:
-        WOLFSSL_MSG("not implemented");
-        FALL_THROUGH;
+#ifdef HAVE_ECC
+    case WC_EVP_PKEY_EC: {
+        WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_ECDSA_do_sign(md, (int)mdsize,
+                pkey->ecc);
+        if (ecdsaSig == NULL)
+            return WOLFSSL_FAILURE;
+        /* get signature length only */
+        ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL);
+        if (ret <= 0 || ret > (int)*siglen) {
+            wolfSSL_ECDSA_SIG_free(ecdsaSig);
+            return WOLFSSL_FAILURE;
+        }
+        /* perform validation of signature */
+        ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sigret);
+        wolfSSL_ECDSA_SIG_free(ecdsaSig);
+        if (ret <= 0 || ret > (int)*siglen)
+            return WOLFSSL_FAILURE;
+        *siglen = (unsigned int)ret;
+        return WOLFSSL_SUCCESS;
+    }
+#endif
     default:
         break;
     }
@@ -4088,14 +4269,15 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
     if (ctx == NULL) return WOLFSSL_FAILURE;
     WOLFSSL_ENTER("EVP_VerifyFinal");
     ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
-    if (ret <= 0) return ret;
+    if (ret <= 0)
+        return ret;
 
     (void)sig;
     (void)siglen;
 
     switch (pkey->type) {
 #if !defined(NO_RSA)
-    case EVP_PKEY_RSA: {
+    case WC_EVP_PKEY_RSA: {
         int nid;
         const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
         if (ctxmd == NULL) break;
@@ -4105,9 +4287,19 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
                 (unsigned int)siglen, pkey->rsa);
     }
 #endif /* NO_RSA */
-
-    case EVP_PKEY_DSA:
-    case EVP_PKEY_EC:
+#ifdef HAVE_ECC
+    case WC_EVP_PKEY_EC: {
+        WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG(
+            NULL, (const unsigned char **)&sig, (long)siglen);
+        if (ecdsaSig == NULL)
+            return WOLFSSL_FAILURE;
+        ret = wolfSSL_ECDSA_do_verify(md, (int)mdsize, ecdsaSig,
+            pkey->ecc);
+        wolfSSL_ECDSA_SIG_free(ecdsaSig);
+        return ret;
+    }
+#endif
+    case WC_EVP_PKEY_DSA:
         WOLFSSL_MSG("not implemented");
         FALL_THROUGH;
     default:
@@ -4118,9 +4310,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
 
 int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher)
 {
-    (void)cipher;
     /* nothing to do */
-    return 0;
+    if (cipher == NULL)
+        return WOLFSSL_FAILURE;
+    return WOLFSSL_SUCCESS;
 }
 
 
@@ -4131,7 +4324,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, WOLFSSL_ENGINE* e,
 
     (void)e;
 
-    if (type != EVP_PKEY_HMAC || (key == NULL && keylen != 0))
+    if (type != WC_EVP_PKEY_HMAC || (key == NULL && keylen != 0))
         return NULL;
 
     pkey = wolfSSL_EVP_PKEY_new();
@@ -4177,7 +4370,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e,
     }
 
     ret = wolfSSL_CMAC_Init(ctx, priv, len, cipher, e);
-    if (ret == WOLFSSL_FAILURE) {
+    if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
         wolfSSL_CMAC_CTX_free(ctx);
         WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", 0);
         return NULL;
@@ -4197,7 +4390,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e,
                 XMEMCPY(pkey->pkey.ptr, priv, (size_t)len);
             }
             pkey->pkey_sz = (int)len;
-            pkey->type = pkey->save_type = EVP_PKEY_CMAC;
+            pkey->type = pkey->save_type = WC_EVP_PKEY_CMAC;
             pkey->cmacCtx = ctx;
         }
     }
@@ -4227,69 +4420,69 @@ static int wolfssl_evp_md_to_hash_type(const WOLFSSL_EVP_MD *type,
     int ret = 0;
 
 #ifndef NO_SHA256
-    if (XSTRCMP(type, "SHA256") == 0) {
+    if (XSTRCMP(type, WC_SN_sha256) == 0) {
         *hashType = WC_SHA256;
     }
     else
 #endif
 #ifndef NO_SHA
-    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) {
+    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) {
         *hashType = WC_SHA;
     }
     else
 #endif /* NO_SHA */
 #ifdef WOLFSSL_SHA224
-    if (XSTRCMP(type, "SHA224") == 0) {
+    if (XSTRCMP(type, WC_SN_sha224) == 0) {
         *hashType = WC_SHA224;
     }
     else
 #endif
 #ifdef WOLFSSL_SHA384
-    if (XSTRCMP(type, "SHA384") == 0) {
+    if (XSTRCMP(type, WC_SN_sha384) == 0) {
         *hashType = WC_SHA384;
     }
     else
 #endif
 #ifdef WOLFSSL_SHA512
-    if (XSTRCMP(type, "SHA512") == 0) {
+    if (XSTRCMP(type, WC_SN_sha512) == 0) {
         *hashType = WC_SHA512;
     }
     else
 #endif
 #ifdef WOLFSSL_SHA3
     #ifndef WOLFSSL_NOSHA3_224
-        if (XSTRCMP(type, "SHA3_224") == 0) {
+        if (XSTRCMP(type, WC_SN_sha3_224) == 0) {
             *hashType = WC_SHA3_224;
         }
         else
     #endif
     #ifndef WOLFSSL_NOSHA3_256
-        if (XSTRCMP(type, "SHA3_256") == 0) {
+        if (XSTRCMP(type, WC_SN_sha3_256) == 0) {
             *hashType = WC_SHA3_256;
         }
         else
     #endif
     #ifndef WOLFSSL_NOSHA3_384
-        if (XSTRCMP(type, "SHA3_384") == 0) {
+        if (XSTRCMP(type, WC_SN_sha3_384) == 0) {
             *hashType = WC_SHA3_384;
         }
         else
     #endif
     #ifndef WOLFSSL_NOSHA3_512
-        if (XSTRCMP(type, "SHA3_512") == 0) {
+        if (XSTRCMP(type, WC_SN_sha3_512) == 0) {
             *hashType = WC_SHA3_512;
         }
         else
     #endif
 #endif
 #ifdef WOLFSSL_SM3
-    if (XSTRCMP(type, "SM3") == 0) {
+    if (XSTRCMP(type, WC_SN_sm3) == 0) {
         *hashType = WC_SM3;
     }
     else
 #endif
 #ifndef NO_MD5
-    if (XSTRCMP(type, "MD5") == 0) {
+    if (XSTRCMP(type, WC_SN_md5) == 0) {
         *hashType = WC_MD5;
     }
     else
@@ -4319,11 +4512,11 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
         }
         type = wolfSSL_EVP_get_digestbynid(default_digest);
         if (type == NULL) {
-            return BAD_FUNC_ARG;
+            return WOLFSSL_FAILURE;
         }
     }
 
-    if (pkey->type == EVP_PKEY_HMAC) {
+    if (pkey->type == WC_EVP_PKEY_HMAC) {
         int hashType;
         int ret;
         size_t keySz = 0;
@@ -4511,7 +4704,7 @@ int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
     WOLFSSL_ENTER("EVP_DigestSignInit");
 
     if (ctx == NULL || pkey == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
 }
@@ -4523,7 +4716,7 @@ int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d,
     WOLFSSL_ENTER("EVP_DigestSignUpdate");
 
     if (ctx == NULL || d == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     return wolfssl_evp_digest_pk_update(ctx, d, cnt);
 }
@@ -4533,7 +4726,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
 {
     unsigned char digest[WC_MAX_DIGEST_SIZE];
     unsigned int  hashLen;
-    int           ret = WOLFSSL_FAILURE;
+    int           ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("EVP_DigestSignFinal");
 
@@ -4550,7 +4743,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
         }
     }
 #ifndef NO_RSA
-    else if (ctx->pctx->pkey->type == EVP_PKEY_RSA) {
+    else if (ctx->pctx->pkey->type == WC_EVP_PKEY_RSA) {
         if (sig == NULL) {
             *siglen = (size_t)wolfSSL_RSA_size(ctx->pctx->pkey->rsa);
             return WOLFSSL_SUCCESS;
@@ -4558,7 +4751,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
     }
 #endif /* !NO_RSA */
 #ifdef HAVE_ECC
-    else if (ctx->pctx->pkey->type == EVP_PKEY_EC) {
+    else if (ctx->pctx->pkey->type == WC_EVP_PKEY_EC) {
         if (sig == NULL) {
             /* SEQ + INT + INT */
             *siglen = (size_t)ecc_sets[ctx->pctx->pkey->ecc->group->curve_idx].
@@ -4584,7 +4777,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
         /* Sign the digest. */
         switch (ctx->pctx->pkey->type) {
     #if !defined(NO_RSA)
-        case EVP_PKEY_RSA: {
+        case WC_EVP_PKEY_RSA: {
             unsigned int sigSz = (unsigned int)*siglen;
             int nid;
             const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
@@ -4602,7 +4795,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
     #endif /* NO_RSA */
 
     #ifdef HAVE_ECC
-        case EVP_PKEY_EC: {
+        case WC_EVP_PKEY_EC: {
             int len;
             WOLFSSL_ECDSA_SIG *ecdsaSig;
             ecdsaSig = wolfSSL_ECDSA_do_sign(digest, (int)hashLen,
@@ -4636,7 +4829,7 @@ int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx,
     WOLFSSL_ENTER("EVP_DigestVerifyInit");
 
     if (ctx == NULL || type == NULL || pkey == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
 }
@@ -4648,7 +4841,7 @@ int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d,
     WOLFSSL_ENTER("EVP_DigestVerifyUpdate");
 
     if (ctx == NULL || d == NULL)
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
 
     return wolfssl_evp_digest_pk_update(ctx, d, (unsigned int)cnt);
 }
@@ -4687,7 +4880,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
         /* Verify the signature with the digest. */
         switch (ctx->pctx->pkey->type) {
     #if !defined(NO_RSA)
-        case EVP_PKEY_RSA: {
+        case WC_EVP_PKEY_RSA: {
             int nid;
             const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
             if (md == NULL)
@@ -4702,7 +4895,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
     #endif /* NO_RSA */
 
     #ifdef HAVE_ECC
-        case EVP_PKEY_EC: {
+        case WC_EVP_PKEY_EC: {
             int ret;
             WOLFSSL_ECDSA_SIG *ecdsaSig;
             ecdsaSig = wolfSSL_d2i_ECDSA_SIG(NULL, &sig, (long)siglen);
@@ -4789,7 +4982,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
 int wolfSSL_EVP_read_pw_string(char* buf, int bufSz, const char* banner, int v)
 {
     printf("%s", banner);
-    if (XGETPASSWD(buf, bufSz) == WOLFSSL_FAILURE) {
+    if (XGETPASSWD(buf, bufSz) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
         return -1;
     }
     (void)v; /* fgets always sanity checks size of input vs buffer */
@@ -4832,6 +5025,7 @@ int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
 {
     const char *nostring = "";
     int ret = 0;
+    enum wc_HashType pbkdf2HashType;
 
     if (pass == NULL) {
         passlen = 0;
@@ -4840,8 +5034,10 @@ int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
         passlen = (int)XSTRLEN(pass);
     }
 
+    pbkdf2HashType = EvpMd2MacType(digest);
+
     ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen,
-                    iter, keylen, EvpMd2MacType(digest));
+                    iter, keylen, pbkdf2HashType);
     if (ret == 0)
         return WOLFSSL_SUCCESS;
     else
@@ -4924,159 +5120,161 @@ static const struct cipher{
 #ifndef NO_AES
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
     #ifdef WOLFSSL_AES_128
-    {AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc},
+    {WC_AES_128_CBC_TYPE, EVP_AES_128_CBC, WC_NID_aes_128_cbc},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CBC_TYPE, EVP_AES_192_CBC, NID_aes_192_cbc},
+    {WC_AES_192_CBC_TYPE, EVP_AES_192_CBC, WC_NID_aes_192_cbc},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CBC_TYPE, EVP_AES_256_CBC, NID_aes_256_cbc},
+    {WC_AES_256_CBC_TYPE, EVP_AES_256_CBC, WC_NID_aes_256_cbc},
     #endif
     #endif
 
     #ifdef WOLFSSL_AES_CFB
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
-    {AES_128_CFB1_TYPE, EVP_AES_128_CFB1, NID_aes_128_cfb1},
+    {WC_AES_128_CFB1_TYPE, EVP_AES_128_CFB1, WC_NID_aes_128_cfb1},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CFB1_TYPE, EVP_AES_192_CFB1, NID_aes_192_cfb1},
+    {WC_AES_192_CFB1_TYPE, EVP_AES_192_CFB1, WC_NID_aes_192_cfb1},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CFB1_TYPE, EVP_AES_256_CFB1, NID_aes_256_cfb1},
+    {WC_AES_256_CFB1_TYPE, EVP_AES_256_CFB1, WC_NID_aes_256_cfb1},
     #endif
 
     #ifdef WOLFSSL_AES_128
-    {AES_128_CFB8_TYPE, EVP_AES_128_CFB8, NID_aes_128_cfb8},
+    {WC_AES_128_CFB8_TYPE, EVP_AES_128_CFB8, WC_NID_aes_128_cfb8},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CFB8_TYPE, EVP_AES_192_CFB8, NID_aes_192_cfb8},
+    {WC_AES_192_CFB8_TYPE, EVP_AES_192_CFB8, WC_NID_aes_192_cfb8},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CFB8_TYPE, EVP_AES_256_CFB8, NID_aes_256_cfb8},
+    {WC_AES_256_CFB8_TYPE, EVP_AES_256_CFB8, WC_NID_aes_256_cfb8},
     #endif
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
     #ifdef WOLFSSL_AES_128
-    {AES_128_CFB128_TYPE, EVP_AES_128_CFB128, NID_aes_128_cfb128},
+    {WC_AES_128_CFB128_TYPE, EVP_AES_128_CFB128, WC_NID_aes_128_cfb128},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CFB128_TYPE, EVP_AES_192_CFB128, NID_aes_192_cfb128},
+    {WC_AES_192_CFB128_TYPE, EVP_AES_192_CFB128, WC_NID_aes_192_cfb128},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CFB128_TYPE, EVP_AES_256_CFB128, NID_aes_256_cfb128},
-    #endif
+    {WC_AES_256_CFB128_TYPE, EVP_AES_256_CFB128, WC_NID_aes_256_cfb128},
     #endif
+    #endif /* WOLFSSL_AES_CFB */
 
     #ifdef WOLFSSL_AES_OFB
     #ifdef WOLFSSL_AES_128
-    {AES_128_OFB_TYPE, EVP_AES_128_OFB, NID_aes_128_ofb},
+    {WC_AES_128_OFB_TYPE, EVP_AES_128_OFB, WC_NID_aes_128_ofb},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_OFB_TYPE, EVP_AES_192_OFB, NID_aes_192_ofb},
+    {WC_AES_192_OFB_TYPE, EVP_AES_192_OFB, WC_NID_aes_192_ofb},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_OFB_TYPE, EVP_AES_256_OFB, NID_aes_256_ofb},
+    {WC_AES_256_OFB_TYPE, EVP_AES_256_OFB, WC_NID_aes_256_ofb},
     #endif
     #endif
 
     #if defined(WOLFSSL_AES_XTS) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
     #ifdef WOLFSSL_AES_128
-    {AES_128_XTS_TYPE, EVP_AES_128_XTS, NID_aes_128_xts},
+    {WC_AES_128_XTS_TYPE, EVP_AES_128_XTS, WC_NID_aes_128_xts},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_XTS_TYPE, EVP_AES_256_XTS, NID_aes_256_xts},
+    {WC_AES_256_XTS_TYPE, EVP_AES_256_XTS, WC_NID_aes_256_xts},
     #endif
     #endif
 
     #ifdef HAVE_AESGCM
     #ifdef WOLFSSL_AES_128
-    {AES_128_GCM_TYPE, EVP_AES_128_GCM, NID_aes_128_gcm},
+    {WC_AES_128_GCM_TYPE, EVP_AES_128_GCM, WC_NID_aes_128_gcm},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_GCM_TYPE, EVP_AES_192_GCM, NID_aes_192_gcm},
+    {WC_AES_192_GCM_TYPE, EVP_AES_192_GCM, WC_NID_aes_192_gcm},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_GCM_TYPE, EVP_AES_256_GCM, NID_aes_256_gcm},
+    {WC_AES_256_GCM_TYPE, EVP_AES_256_GCM, WC_NID_aes_256_gcm},
     #endif
     #endif
 
     #ifdef HAVE_AESCCM
     #ifdef WOLFSSL_AES_128
-    {AES_128_CCM_TYPE, EVP_AES_128_CCM, NID_aes_128_ccm},
+    {WC_AES_128_CCM_TYPE, EVP_AES_128_CCM, WC_NID_aes_128_ccm},
     #endif
     #ifdef WOLFSSL_AES_192
-    {AES_192_CCM_TYPE, EVP_AES_192_CCM, NID_aes_192_ccm},
+    {WC_AES_192_CCM_TYPE, EVP_AES_192_CCM, WC_NID_aes_192_ccm},
     #endif
     #ifdef WOLFSSL_AES_256
-    {AES_256_CCM_TYPE, EVP_AES_256_CCM, NID_aes_256_ccm},
+    {WC_AES_256_CCM_TYPE, EVP_AES_256_CCM, WC_NID_aes_256_ccm},
     #endif
     #endif
 
     #ifdef WOLFSSL_AES_COUNTER
     #ifdef WOLFSSL_AES_128
-        {AES_128_CTR_TYPE, EVP_AES_128_CTR, NID_aes_128_ctr},
+        {WC_AES_128_CTR_TYPE, EVP_AES_128_CTR, WC_NID_aes_128_ctr},
     #endif
     #ifdef WOLFSSL_AES_192
-        {AES_192_CTR_TYPE, EVP_AES_192_CTR, NID_aes_192_ctr},
+        {WC_AES_192_CTR_TYPE, EVP_AES_192_CTR, WC_NID_aes_192_ctr},
     #endif
     #ifdef WOLFSSL_AES_256
-        {AES_256_CTR_TYPE, EVP_AES_256_CTR, NID_aes_256_ctr},
+        {WC_AES_256_CTR_TYPE, EVP_AES_256_CTR, WC_NID_aes_256_ctr},
     #endif
     #endif
 
     #ifdef HAVE_AES_ECB
     #ifdef WOLFSSL_AES_128
-        {AES_128_ECB_TYPE, EVP_AES_128_ECB, NID_aes_128_ecb},
+        {WC_AES_128_ECB_TYPE, EVP_AES_128_ECB, WC_NID_aes_128_ecb},
     #endif
     #ifdef WOLFSSL_AES_192
-        {AES_192_ECB_TYPE, EVP_AES_192_ECB, NID_aes_192_ecb},
+        {WC_AES_192_ECB_TYPE, EVP_AES_192_ECB, WC_NID_aes_192_ecb},
     #endif
     #ifdef WOLFSSL_AES_256
-        {AES_256_ECB_TYPE, EVP_AES_256_ECB, NID_aes_256_ecb},
+        {WC_AES_256_ECB_TYPE, EVP_AES_256_ECB, WC_NID_aes_256_ecb},
     #endif
     #endif
 #endif
 
 #ifdef HAVE_ARIA
-    {ARIA_128_GCM_TYPE, EVP_ARIA_128_GCM, NID_aria_128_gcm},
-    {ARIA_192_GCM_TYPE, EVP_ARIA_192_GCM, NID_aria_192_gcm},
-    {ARIA_256_GCM_TYPE, EVP_ARIA_256_GCM, NID_aria_256_gcm},
+    {WC_ARIA_128_GCM_TYPE, EVP_ARIA_128_GCM, WC_NID_aria_128_gcm},
+    {WC_ARIA_192_GCM_TYPE, EVP_ARIA_192_GCM, WC_NID_aria_192_gcm},
+    {WC_ARIA_256_GCM_TYPE, EVP_ARIA_256_GCM, WC_NID_aria_256_gcm},
 #endif
 
 #ifndef NO_DES3
-    {DES_CBC_TYPE, EVP_DES_CBC, NID_des_cbc},
-    {DES_ECB_TYPE, EVP_DES_ECB, NID_des_ecb},
+    {WC_DES_CBC_TYPE, EVP_DES_CBC, WC_NID_des_cbc},
+    {WC_DES_ECB_TYPE, EVP_DES_ECB, WC_NID_des_ecb},
 
-    {DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, NID_des_ede3_cbc},
-    {DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, NID_des_ede3_ecb},
+    {WC_DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, WC_NID_des_ede3_cbc},
+    {WC_DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, WC_NID_des_ede3_ecb},
 #endif
 
 #ifndef NO_RC4
-    {ARC4_TYPE, EVP_ARC4, NID_undef},
+    {WC_ARC4_TYPE, EVP_ARC4, WC_NID_undef},
 #endif
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-    {CHACHA20_POLY1305_TYPE, EVP_CHACHA20_POLY1305, NID_chacha20_poly1305},
+    {WC_CHACHA20_POLY1305_TYPE, EVP_CHACHA20_POLY1305, WC_NID_chacha20_poly1305},
 #endif
 
 #ifdef HAVE_CHACHA
-    {CHACHA20_TYPE, EVP_CHACHA20, NID_chacha20},
+    {WC_CHACHA20_TYPE, EVP_CHACHA20, WC_NID_chacha20},
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-    {SM4_ECB_TYPE, EVP_SM4_ECB, NID_sm4_ecb},
+    {WC_SM4_ECB_TYPE, EVP_SM4_ECB, WC_NID_sm4_ecb},
 #endif
 #ifdef WOLFSSL_SM4_CBC
-    {SM4_CBC_TYPE, EVP_SM4_CBC, NID_sm4_cbc},
+    {WC_SM4_CBC_TYPE, EVP_SM4_CBC, WC_NID_sm4_cbc},
 #endif
 #ifdef WOLFSSL_SM4_CTR
-    {SM4_CTR_TYPE, EVP_SM4_CTR, NID_sm4_ctr},
+    {WC_SM4_CTR_TYPE, EVP_SM4_CTR, WC_NID_sm4_ctr},
 #endif
 #ifdef WOLFSSL_SM4_GCM
-    {SM4_GCM_TYPE, EVP_SM4_GCM, NID_sm4_gcm},
+    {WC_SM4_GCM_TYPE, EVP_SM4_GCM, WC_NID_sm4_gcm},
 #endif
 #ifdef WOLFSSL_SM4_CCM
-    {SM4_CCM_TYPE, EVP_SM4_CCM, NID_sm4_ccm},
+    {WC_SM4_CCM_TYPE, EVP_SM4_CCM, WC_NID_sm4_ccm},
 #endif
 
     { 0, NULL, 0}
@@ -5262,128 +5460,128 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id)
 #ifndef NO_AES
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_cbc:
+        case WC_NID_aes_128_cbc:
             return wolfSSL_EVP_aes_128_cbc();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_cbc:
+        case WC_NID_aes_192_cbc:
             return wolfSSL_EVP_aes_192_cbc();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_cbc:
+        case WC_NID_aes_256_cbc:
             return wolfSSL_EVP_aes_256_cbc();
         #endif
     #endif
     #ifdef WOLFSSL_AES_COUNTER
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_ctr:
+        case WC_NID_aes_128_ctr:
             return wolfSSL_EVP_aes_128_ctr();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_ctr:
+        case WC_NID_aes_192_ctr:
             return wolfSSL_EVP_aes_192_ctr();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_ctr:
+        case WC_NID_aes_256_ctr:
             return wolfSSL_EVP_aes_256_ctr();
         #endif
     #endif /* WOLFSSL_AES_COUNTER */
     #ifdef HAVE_AES_ECB
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_ecb:
+        case WC_NID_aes_128_ecb:
             return wolfSSL_EVP_aes_128_ecb();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_ecb:
+        case WC_NID_aes_192_ecb:
             return wolfSSL_EVP_aes_192_ecb();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_ecb:
+        case WC_NID_aes_256_ecb:
             return wolfSSL_EVP_aes_256_ecb();
         #endif
     #endif /* HAVE_AES_ECB */
     #ifdef HAVE_AESGCM
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_gcm:
+        case WC_NID_aes_128_gcm:
             return wolfSSL_EVP_aes_128_gcm();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_gcm:
+        case WC_NID_aes_192_gcm:
             return wolfSSL_EVP_aes_192_gcm();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_gcm:
+        case WC_NID_aes_256_gcm:
             return wolfSSL_EVP_aes_256_gcm();
         #endif
     #endif
     #ifdef HAVE_AESCCM
         #ifdef WOLFSSL_AES_128
-        case NID_aes_128_ccm:
+        case WC_NID_aes_128_ccm:
             return wolfSSL_EVP_aes_128_ccm();
         #endif
         #ifdef WOLFSSL_AES_192
-        case NID_aes_192_ccm:
+        case WC_NID_aes_192_ccm:
             return wolfSSL_EVP_aes_192_ccm();
         #endif
         #ifdef WOLFSSL_AES_256
-        case NID_aes_256_ccm:
+        case WC_NID_aes_256_ccm:
             return wolfSSL_EVP_aes_256_ccm();
         #endif
     #endif
 #endif
 
 #ifdef HAVE_ARIA
-    case NID_aria_128_gcm:
+    case WC_NID_aria_128_gcm:
         return wolfSSL_EVP_aria_128_gcm();
-    case NID_aria_192_gcm:
+    case WC_NID_aria_192_gcm:
         return wolfSSL_EVP_aria_192_gcm();
-    case NID_aria_256_gcm:
+    case WC_NID_aria_256_gcm:
         return wolfSSL_EVP_aria_256_gcm();
 #endif
 
 #ifndef NO_DES3
-        case NID_des_cbc:
+        case WC_NID_des_cbc:
             return wolfSSL_EVP_des_cbc();
 #ifdef WOLFSSL_DES_ECB
-        case NID_des_ecb:
+        case WC_NID_des_ecb:
             return wolfSSL_EVP_des_ecb();
 #endif
-        case NID_des_ede3_cbc:
+        case WC_NID_des_ede3_cbc:
             return wolfSSL_EVP_des_ede3_cbc();
 #ifdef WOLFSSL_DES_ECB
-        case NID_des_ede3_ecb:
+        case WC_NID_des_ede3_ecb:
             return wolfSSL_EVP_des_ede3_ecb();
 #endif
 #endif /*NO_DES3*/
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case NID_chacha20_poly1305:
+        case WC_NID_chacha20_poly1305:
             return wolfSSL_EVP_chacha20_poly1305();
 #endif
 
 #ifdef HAVE_CHACHA
-        case NID_chacha20:
+        case WC_NID_chacha20:
             return wolfSSL_EVP_chacha20();
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-        case NID_sm4_ecb:
+        case WC_NID_sm4_ecb:
             return wolfSSL_EVP_sm4_ecb();
 #endif
 #ifdef WOLFSSL_SM4_CBC
-        case NID_sm4_cbc:
+        case WC_NID_sm4_cbc:
             return wolfSSL_EVP_sm4_cbc();
 #endif
 #ifdef WOLFSSL_SM4_CTR
-        case NID_sm4_ctr:
+        case WC_NID_sm4_ctr:
             return wolfSSL_EVP_sm4_ctr();
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        case NID_sm4_gcm:
+        case WC_NID_sm4_gcm:
             return wolfSSL_EVP_sm4_gcm();
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        case NID_sm4_ccm:
+        case WC_NID_sm4_ccm:
             return wolfSSL_EVP_sm4_ccm();
 #endif
 
@@ -5591,7 +5789,7 @@ void wolfSSL_EVP_init(void)
     #endif /* HAVE_AES_CBC */
 
     #ifdef WOLFSSL_AES_CFB
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0))
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
     #ifdef WOLFSSL_AES_128
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void)
     {
@@ -5639,7 +5837,7 @@ void wolfSSL_EVP_init(void)
         return EVP_AES_256_CFB8;
     }
     #endif /* WOLFSSL_AES_256 */
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+    #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 
     #ifdef WOLFSSL_AES_128
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void)
@@ -5946,7 +6144,7 @@ void wolfSSL_EVP_init(void)
     int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, int type, \
                                     int arg, void *ptr)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 #if defined(HAVE_AESGCM) || (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
 #ifndef WC_NO_RNG
         WC_RNG rng;
@@ -5961,22 +6159,22 @@ void wolfSSL_EVP_init(void)
         WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_ctrl");
 
         switch(type) {
-            case EVP_CTRL_INIT:
+            case WOLFSSL_EVP_CTRL_INIT:
                 wolfSSL_EVP_CIPHER_CTX_init(ctx);
                 if(ctx)
                     ret = WOLFSSL_SUCCESS;
                 break;
-            case EVP_CTRL_SET_KEY_LENGTH:
+            case WOLFSSL_EVP_CTRL_SET_KEY_LENGTH:
                 ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg);
                 break;
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \
         defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \
         (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
-            case EVP_CTRL_AEAD_SET_IVLEN:
+            case WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
             #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-                if (ctx->cipherType == CHACHA20_POLY1305_TYPE) {
+                if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) {
                     if (arg != CHACHA20_POLY1305_AEAD_IV_SIZE) {
                         break;
                     }
@@ -5984,7 +6182,7 @@ void wolfSSL_EVP_init(void)
                 else
             #endif /* HAVE_CHACHA && HAVE_POLY1305 */
             #if defined(WOLFSSL_SM4_GCM)
-                if (ctx->cipherType == SM4_GCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_GCM_TYPE) {
                     if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
                         break;
                     }
@@ -5992,7 +6190,7 @@ void wolfSSL_EVP_init(void)
                 else
             #endif
             #if defined(WOLFSSL_SM4_CCM)
-                if (ctx->cipherType == SM4_CCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_CCM_TYPE) {
                     if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
                         break;
                     }
@@ -6000,7 +6198,7 @@ void wolfSSL_EVP_init(void)
                 else
             #endif
                 {
-                    if (arg <= 0 || arg > AES_BLOCK_SIZE)
+                    if (arg <= 0 || arg > WC_AES_BLOCK_SIZE)
                         break;
                 }
                 ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg);
@@ -6008,7 +6206,7 @@ void wolfSSL_EVP_init(void)
 
 #if defined(HAVE_AESGCM) || defined(WOLFSSL_SM4_GCM) || \
     (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
-            case EVP_CTRL_AEAD_SET_IV_FIXED:
+            case WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
                 if (arg == -1) {
@@ -6067,7 +6265,7 @@ void wolfSSL_EVP_init(void)
              * EVP_CipherInit between each iteration. The IV is incremented for
              * each subsequent EVP_Cipher call to prevent IV reuse.
              */
-            case EVP_CTRL_GCM_IV_GEN:
+            case WOLFSSL_EVP_CTRL_GCM_IV_GEN:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
                 if (!ctx->authIvGenEnable) {
@@ -6103,11 +6301,11 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif /* (HAVE_AESGCM || WOLFSSL_SM4_GCM) && !_WIN32 && !HAVE_SELFTEST &&
         * !HAVE_FIPS || FIPS_VERSION >= 2)*/
-            case EVP_CTRL_AEAD_SET_TAG:
+            case WOLFSSL_EVP_CTRL_AEAD_SET_TAG:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-                if (ctx->cipherType == CHACHA20_POLY1305_TYPE) {
+                if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) {
                     if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) {
                         break;
                     }
@@ -6121,7 +6319,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
 #if defined(WOLFSSL_SM4_GCM)
-                if (ctx->cipherType == SM4_GCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_GCM_TYPE) {
                     if ((arg <= 0) || (arg > SM4_BLOCK_SIZE) || (ptr == NULL)) {
                         break;
                     }
@@ -6134,7 +6332,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif
 #if defined(WOLFSSL_SM4_CCM)
-                if (ctx->cipherType == SM4_CCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_CCM_TYPE) {
                     if ((arg <= 0) || (arg > SM4_BLOCK_SIZE) || (ptr == NULL)) {
                         break;
                     }
@@ -6155,12 +6353,12 @@ void wolfSSL_EVP_init(void)
                     ret = WOLFSSL_SUCCESS;
                     break;
                 }
-            case EVP_CTRL_AEAD_GET_TAG:
+            case WOLFSSL_EVP_CTRL_AEAD_GET_TAG:
                 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
                     break;
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-                if (ctx->cipherType == CHACHA20_POLY1305_TYPE) {
+                if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) {
                     if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) {
                         break;
                     }
@@ -6168,7 +6366,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
 #if defined(WOLFSSL_SM4_GCM)
-                if (ctx->cipherType == SM4_GCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_GCM_TYPE) {
                     if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
                         break;
                     }
@@ -6176,7 +6374,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif
 #if defined(WOLFSSL_SM4_CCM)
-                if (ctx->cipherType == SM4_CCM_TYPE) {
+                if (ctx->cipherType == WC_SM4_CCM_TYPE) {
                     if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
                         break;
                     }
@@ -6184,7 +6382,7 @@ void wolfSSL_EVP_init(void)
                 else
 #endif
                 {
-                    if (arg <= 0 || arg > AES_BLOCK_SIZE)
+                    if (arg <= 0 || arg > WC_AES_BLOCK_SIZE)
                         break;
                 }
 
@@ -6221,62 +6419,64 @@ void wolfSSL_EVP_init(void)
     defined(WOLFSSL_AES_XTS)
 
     #if defined(HAVE_AESGCM)
-                case AES_128_GCM_TYPE:
-                case AES_192_GCM_TYPE:
-                case AES_256_GCM_TYPE:
+                case WC_AES_128_GCM_TYPE:
+                case WC_AES_192_GCM_TYPE:
+                case WC_AES_256_GCM_TYPE:
     #endif /* HAVE_AESGCM */
     #if defined(HAVE_AESCCM)
-                case AES_128_CCM_TYPE:
-                case AES_192_CCM_TYPE:
-                case AES_256_CCM_TYPE:
+                case WC_AES_128_CCM_TYPE:
+                case WC_AES_192_CCM_TYPE:
+                case WC_AES_256_CCM_TYPE:
     #endif /* HAVE_AESCCM */
     #ifdef HAVE_AES_CBC
-                case AES_128_CBC_TYPE:
-                case AES_192_CBC_TYPE:
-                case AES_256_CBC_TYPE:
+                case WC_AES_128_CBC_TYPE:
+                case WC_AES_192_CBC_TYPE:
+                case WC_AES_256_CBC_TYPE:
     #endif
     #ifdef WOLFSSL_AES_COUNTER
-                case AES_128_CTR_TYPE:
-                case AES_192_CTR_TYPE:
-                case AES_256_CTR_TYPE:
+                case WC_AES_128_CTR_TYPE:
+                case WC_AES_192_CTR_TYPE:
+                case WC_AES_256_CTR_TYPE:
     #endif
     #ifdef HAVE_AES_ECB
-                case AES_128_ECB_TYPE:
-                case AES_192_ECB_TYPE:
-                case AES_256_ECB_TYPE:
+                case WC_AES_128_ECB_TYPE:
+                case WC_AES_192_ECB_TYPE:
+                case WC_AES_256_ECB_TYPE:
     #endif
     #ifdef WOLFSSL_AES_CFB
-                case AES_128_CFB1_TYPE:
-                case AES_192_CFB1_TYPE:
-                case AES_256_CFB1_TYPE:
-                case AES_128_CFB8_TYPE:
-                case AES_192_CFB8_TYPE:
-                case AES_256_CFB8_TYPE:
-                case AES_128_CFB128_TYPE:
-                case AES_192_CFB128_TYPE:
-                case AES_256_CFB128_TYPE:
+                case WC_AES_128_CFB1_TYPE:
+                case WC_AES_192_CFB1_TYPE:
+                case WC_AES_256_CFB1_TYPE:
+                case WC_AES_128_CFB8_TYPE:
+                case WC_AES_192_CFB8_TYPE:
+                case WC_AES_256_CFB8_TYPE:
+                case WC_AES_128_CFB128_TYPE:
+                case WC_AES_192_CFB128_TYPE:
+                case WC_AES_256_CFB128_TYPE:
     #endif
     #ifdef WOLFSSL_AES_OFB
-                case AES_128_OFB_TYPE:
-                case AES_192_OFB_TYPE:
-                case AES_256_OFB_TYPE:
+                case WC_AES_128_OFB_TYPE:
+                case WC_AES_192_OFB_TYPE:
+                case WC_AES_256_OFB_TYPE:
     #endif
                     wc_AesFree(&ctx->cipher.aes);
-                    ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
+                    ctx->flags &=
+                        (unsigned long)~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
                     break;
     #if defined(WOLFSSL_AES_XTS) && \
         (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-                case AES_128_XTS_TYPE:
-                case AES_256_XTS_TYPE:
+                case WC_AES_128_XTS_TYPE:
+                case WC_AES_256_XTS_TYPE:
                     wc_AesXtsFree(&ctx->cipher.xts);
-                    ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
+                    ctx->flags &=
+                        (unsigned long)~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
                     break;
     #endif
 #endif /* AES */
     #ifdef HAVE_ARIA
-                case ARIA_128_GCM_TYPE:
-                case ARIA_192_GCM_TYPE:
-                case ARIA_256_GCM_TYPE:
+                case WC_ARIA_128_GCM_TYPE:
+                case WC_ARIA_192_GCM_TYPE:
+                case WC_ARIA_256_GCM_TYPE:
                     {
                         int result = wc_AriaFreeCrypt(&ctx->cipher.aria);
                         if (result != 0) {
@@ -6293,19 +6493,19 @@ void wolfSSL_EVP_init(void)
 #ifdef WOLFSSL_SM4
             switch (ctx->cipherType) {
     #ifdef WOLFSSL_SM4_ECB
-                case SM4_ECB_TYPE:
+                case WC_SM4_ECB_TYPE:
     #endif
     #ifdef WOLFSSL_SM4_CBC
-                case SM4_CBC_TYPE:
+                case WC_SM4_CBC_TYPE:
     #endif
     #ifdef WOLFSSL_SM4_CTR
-                case SM4_CTR_TYPE:
+                case WC_SM4_CTR_TYPE:
     #endif
     #ifdef WOLFSSL_SM4_GCM
-                case SM4_GCM_TYPE:
+                case WC_SM4_GCM_TYPE:
     #endif
     #ifdef WOLFSSL_SM4_CCM
-                case SM4_CCM_TYPE:
+                case WC_SM4_CCM_TYPE:
     #endif
                     wc_Sm4Free(&ctx->cipher.sm4);
             }
@@ -6390,7 +6590,7 @@ void wolfSSL_EVP_init(void)
         }
 
         ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL);
-        if (ret == WOLFSSL_FAILURE)
+        if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
             goto end;
 
         ret = wc_PBKDF1_ex(key, (int)info->keySz, iv, (int)info->ivSz, data, sz,
@@ -6431,7 +6631,7 @@ void wolfSSL_EVP_init(void)
         /* wc_AesSetKey clear aes.reg if iv == NULL.
            Keep IV for openSSL compatibility */
         if (iv == NULL)
-            XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, AES_BLOCK_SIZE);
+            XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, WC_AES_BLOCK_SIZE);
         if (direct) {
         #if defined(WOLFSSL_AES_DIRECT)
             ret = wc_AesSetKeyDirect(aes, key, len, iv, dir);
@@ -6443,7 +6643,7 @@ void wolfSSL_EVP_init(void)
             ret = wc_AesSetKey(aes, key, len, iv, dir);
         }
         if (iv == NULL)
-            XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, WC_AES_BLOCK_SIZE);
         return ret;
     }
 #endif /* AES_ANY_SIZE && AES_SET_KEY */
@@ -6461,8 +6661,8 @@ void wolfSSL_EVP_init(void)
         ctx->authIn = NULL;
         ctx->authInSz = 0;
 
-        ctx->block_size = AES_BLOCK_SIZE;
-        ctx->authTagSz = AES_BLOCK_SIZE;
+        ctx->block_size = WC_AES_BLOCK_SIZE;
+        ctx->authTagSz = WC_AES_BLOCK_SIZE;
         if (ctx->ivSz == 0) {
             ctx->ivSz = GCM_NONCE_MID_SZ;
         }
@@ -6474,26 +6674,26 @@ void wolfSSL_EVP_init(void)
         }
 
     #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_GCM_TYPE ||
+        if (ctx->cipherType == WC_AES_128_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM))) {
             WOLFSSL_MSG("EVP_AES_128_GCM");
-            ctx->cipherType = AES_128_GCM_TYPE;
+            ctx->cipherType = WC_AES_128_GCM_TYPE;
             ctx->keyLen = AES_128_KEY_SIZE;
         }
     #endif
     #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_GCM_TYPE ||
+        if (ctx->cipherType == WC_AES_192_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM))) {
             WOLFSSL_MSG("EVP_AES_192_GCM");
-            ctx->cipherType = AES_192_GCM_TYPE;
+            ctx->cipherType = WC_AES_192_GCM_TYPE;
             ctx->keyLen = AES_192_KEY_SIZE;
         }
     #endif
     #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_GCM_TYPE ||
+        if (ctx->cipherType == WC_AES_256_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM))) {
             WOLFSSL_MSG("EVP_AES_256_GCM");
-            ctx->cipherType = AES_256_GCM_TYPE;
+            ctx->cipherType = WC_AES_256_GCM_TYPE;
             ctx->keyLen = AES_256_KEY_SIZE;
         }
     #endif
@@ -6547,7 +6747,7 @@ void wolfSSL_EVP_init(void)
     static int EvpCipherAesGCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst,
                                byte* src, word32 len)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     #ifndef WOLFSSL_AESGCM_STREAM
         /* No destination means only AAD. */
@@ -6666,8 +6866,8 @@ void wolfSSL_EVP_init(void)
         ctx->authIn = NULL;
         ctx->authInSz = 0;
 
-        ctx->block_size = AES_BLOCK_SIZE;
-        ctx->authTagSz = AES_BLOCK_SIZE;
+        ctx->block_size = WC_AES_BLOCK_SIZE;
+        ctx->authTagSz = WC_AES_BLOCK_SIZE;
         if (ctx->ivSz == 0) {
             ctx->ivSz = GCM_NONCE_MID_SZ;
         }
@@ -6679,26 +6879,26 @@ void wolfSSL_EVP_init(void)
         }
 
     #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CCM_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CCM))) {
             WOLFSSL_MSG("EVP_AES_128_CCM");
-            ctx->cipherType = AES_128_CCM_TYPE;
+            ctx->cipherType = WC_AES_128_CCM_TYPE;
             ctx->keyLen = AES_128_KEY_SIZE;
         }
     #endif
     #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CCM_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CCM))) {
             WOLFSSL_MSG("EVP_AES_192_CCM");
-            ctx->cipherType = AES_192_CCM_TYPE;
+            ctx->cipherType = WC_AES_192_CCM_TYPE;
             ctx->keyLen = AES_192_KEY_SIZE;
         }
     #endif
     #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CCM_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CCM))) {
             WOLFSSL_MSG("EVP_AES_256_CCM");
-            ctx->cipherType = AES_256_CCM_TYPE;
+            ctx->cipherType = WC_AES_256_CCM_TYPE;
             ctx->keyLen = AES_256_KEY_SIZE;
         }
     #endif
@@ -6739,7 +6939,7 @@ void wolfSSL_EVP_init(void)
     static int EvpCipherAesCCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst,
                                byte* src, word32 len)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
         /* No destination means only AAD. */
         if (src != NULL && dst == NULL) {
@@ -6791,20 +6991,20 @@ void wolfSSL_EVP_init(void)
     {
         int ret = WOLFSSL_SUCCESS;
 
-        if (ctx->cipherType == ARIA_128_GCM_TYPE ||
+        if (ctx->cipherType == WC_ARIA_128_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM))) {
             WOLFSSL_MSG("EVP_ARIA_128_GCM");
-            ctx->cipherType = ARIA_128_GCM_TYPE;
+            ctx->cipherType = WC_ARIA_128_GCM_TYPE;
             ctx->keyLen = ARIA_128_KEY_SIZE;
-        } else if (ctx->cipherType == ARIA_192_GCM_TYPE ||
+        } else if (ctx->cipherType == WC_ARIA_192_GCM_TYPE ||
                    (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM))) {
             WOLFSSL_MSG("EVP_ARIA_192_GCM");
-            ctx->cipherType = ARIA_192_GCM_TYPE;
+            ctx->cipherType = WC_ARIA_192_GCM_TYPE;
             ctx->keyLen = ARIA_192_KEY_SIZE;
-        } else if (ctx->cipherType == ARIA_256_GCM_TYPE ||
+        } else if (ctx->cipherType == WC_ARIA_256_GCM_TYPE ||
                    (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM))) {
             WOLFSSL_MSG("EVP_ARIA_256_GCM");
-            ctx->cipherType = ARIA_256_GCM_TYPE;
+            ctx->cipherType = WC_ARIA_256_GCM_TYPE;
             ctx->keyLen = ARIA_256_KEY_SIZE;
         } else {
             WOLFSSL_MSG("Unrecognized cipher type");
@@ -6815,8 +7015,8 @@ void wolfSSL_EVP_init(void)
         ctx->authIn = NULL;
         ctx->authInSz = 0;
 
-        ctx->block_size = AES_BLOCK_SIZE;
-        ctx->authTagSz = AES_BLOCK_SIZE;
+        ctx->block_size = WC_AES_BLOCK_SIZE;
+        ctx->authTagSz = WC_AES_BLOCK_SIZE;
         if (ctx->ivSz == 0) {
             ctx->ivSz = GCM_NONCE_MID_SZ;
         }
@@ -6828,17 +7028,17 @@ void wolfSSL_EVP_init(void)
         }
 
         switch(ctx->cipherType) {
-            case ARIA_128_GCM_TYPE:
+            case WC_ARIA_128_GCM_TYPE:
                 ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_128BITKEY);
                 break;
-            case ARIA_192_GCM_TYPE:
+            case WC_ARIA_192_GCM_TYPE:
                 ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_192BITKEY);
                 break;
-            case ARIA_256_GCM_TYPE:
+            case WC_ARIA_256_GCM_TYPE:
                 ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_256BITKEY);
                 break;
             default:
-                WOLFSSL_MSG("Not implemented cipherType");
+                WOLFSSL_MSG("Unimplemented cipherType");
                 return WOLFSSL_NOT_IMPLEMENTED; /* This should never happen */
         }
         if (ret != 0) {
@@ -6900,15 +7100,15 @@ void wolfSSL_EVP_init(void)
 #ifndef NO_AES
     #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CBC_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CBC_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CBC))) {
             WOLFSSL_MSG("EVP_AES_128_CBC");
-            ctx->cipherType = AES_128_CBC_TYPE;
+            ctx->cipherType = WC_AES_128_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 16;
-            ctx->block_size = AES_BLOCK_SIZE;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->block_size = WC_AES_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
             if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
@@ -6930,15 +7130,15 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CBC_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CBC_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CBC))) {
             WOLFSSL_MSG("EVP_AES_192_CBC");
-            ctx->cipherType = AES_192_CBC_TYPE;
+            ctx->cipherType = WC_AES_192_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 24;
-            ctx->block_size = AES_BLOCK_SIZE;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->block_size = WC_AES_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
             if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
@@ -6960,15 +7160,15 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CBC_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CBC_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CBC))) {
             WOLFSSL_MSG("EVP_AES_256_CBC");
-            ctx->cipherType = AES_256_CBC_TYPE;
+            ctx->cipherType = WC_AES_256_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 32;
-            ctx->block_size = AES_BLOCK_SIZE;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->block_size = WC_AES_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
             if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
@@ -6998,15 +7198,15 @@ void wolfSSL_EVP_init(void)
         || FIPS_VERSION_GE(2,0))
         if (FALSE
         #ifdef WOLFSSL_AES_128
-            || ctx->cipherType == AES_128_GCM_TYPE ||
+            || ctx->cipherType == WC_AES_128_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM))
         #endif
         #ifdef WOLFSSL_AES_192
-            || ctx->cipherType == AES_192_GCM_TYPE ||
+            || ctx->cipherType == WC_AES_192_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM))
         #endif
         #ifdef WOLFSSL_AES_256
-            || ctx->cipherType == AES_256_GCM_TYPE ||
+            || ctx->cipherType == WC_AES_256_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM))
         #endif
           ) {
@@ -7022,15 +7222,15 @@ void wolfSSL_EVP_init(void)
             || FIPS_VERSION_GE(2,0))
         if (FALSE
         #ifdef WOLFSSL_AES_128
-            || ctx->cipherType == AES_128_CCM_TYPE ||
+            || ctx->cipherType == WC_AES_128_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CCM))
         #endif
         #ifdef WOLFSSL_AES_192
-            || ctx->cipherType == AES_192_CCM_TYPE ||
+            || ctx->cipherType == WC_AES_192_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CCM))
         #endif
         #ifdef WOLFSSL_AES_256
-            || ctx->cipherType == AES_256_CCM_TYPE ||
+            || ctx->cipherType == WC_AES_256_CCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CCM))
         #endif
           )
@@ -7044,15 +7244,15 @@ void wolfSSL_EVP_init(void)
             * HAVE_FIPS_VERSION >= 2 */
 #ifdef WOLFSSL_AES_COUNTER
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CTR_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CTR_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CTR))) {
             WOLFSSL_MSG("EVP_AES_128_CTR");
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
-            ctx->cipherType = AES_128_CTR_TYPE;
+            ctx->cipherType = WC_AES_128_CTR_TYPE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CTR_MODE;
             ctx->keyLen     = 16;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
             ctx->cipher.aes.left = 0;
 #endif
@@ -7077,15 +7277,15 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CTR_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CTR_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CTR))) {
             WOLFSSL_MSG("EVP_AES_192_CTR");
-            ctx->cipherType = AES_192_CTR_TYPE;
+            ctx->cipherType = WC_AES_192_CTR_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CTR_MODE;
             ctx->keyLen     = 24;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
             ctx->cipher.aes.left = 0;
 #endif
@@ -7110,15 +7310,15 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CTR_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CTR_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CTR))) {
             WOLFSSL_MSG("EVP_AES_256_CTR");
-            ctx->cipherType = AES_256_CTR_TYPE;
+            ctx->cipherType = WC_AES_256_CTR_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CTR_MODE;
             ctx->keyLen     = 32;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
             ctx->cipher.aes.left = 0;
 #endif
@@ -7145,14 +7345,14 @@ void wolfSSL_EVP_init(void)
 #endif /* WOLFSSL_AES_COUNTER */
     #ifdef HAVE_AES_ECB
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_ECB_TYPE ||
+        if (ctx->cipherType == WC_AES_128_ECB_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_ECB))) {
             WOLFSSL_MSG("EVP_AES_128_ECB");
-            ctx->cipherType = AES_128_ECB_TYPE;
+            ctx->cipherType = WC_AES_128_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 16;
-            ctx->block_size = AES_BLOCK_SIZE;
+            ctx->block_size = WC_AES_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
             if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
@@ -7169,14 +7369,14 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_ECB_TYPE ||
+        if (ctx->cipherType == WC_AES_192_ECB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_ECB))) {
             WOLFSSL_MSG("EVP_AES_192_ECB");
-            ctx->cipherType = AES_192_ECB_TYPE;
+            ctx->cipherType = WC_AES_192_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 24;
-            ctx->block_size = AES_BLOCK_SIZE;
+            ctx->block_size = WC_AES_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
             if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
@@ -7193,14 +7393,14 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_ECB_TYPE ||
+        if (ctx->cipherType == WC_AES_256_ECB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_ECB))) {
             WOLFSSL_MSG("EVP_AES_256_ECB");
-            ctx->cipherType = AES_256_ECB_TYPE;
+            ctx->cipherType = WC_AES_256_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 32;
-            ctx->block_size = AES_BLOCK_SIZE;
+            ctx->block_size = WC_AES_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
             if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
@@ -7218,11 +7418,12 @@ void wolfSSL_EVP_init(void)
         #endif /* WOLFSSL_AES_256 */
     #endif /* HAVE_AES_ECB */
     #ifdef WOLFSSL_AES_CFB
+    #ifndef WOLFSSL_NO_AES_CFB_1_8
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CFB1_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CFB1_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB1))) {
             WOLFSSL_MSG("EVP_AES_128_CFB1");
-            ctx->cipherType = AES_128_CFB1_TYPE;
+            ctx->cipherType = WC_AES_128_CFB1_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 16;
@@ -7248,10 +7449,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CFB1_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CFB1_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB1))) {
             WOLFSSL_MSG("EVP_AES_192_CFB1");
-            ctx->cipherType = AES_192_CFB1_TYPE;
+            ctx->cipherType = WC_AES_192_CFB1_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 24;
@@ -7277,10 +7478,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CFB1_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CFB1_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB1))) {
             WOLFSSL_MSG("EVP_AES_256_CFB1");
-            ctx->cipherType = AES_256_CFB1_TYPE;
+            ctx->cipherType = WC_AES_256_CFB1_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 32;
@@ -7310,10 +7511,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_256 */
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CFB8_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CFB8_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB8))) {
             WOLFSSL_MSG("EVP_AES_128_CFB8");
-            ctx->cipherType = AES_128_CFB8_TYPE;
+            ctx->cipherType = WC_AES_128_CFB8_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 16;
@@ -7339,10 +7540,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CFB8_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CFB8_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB8))) {
             WOLFSSL_MSG("EVP_AES_192_CFB8");
-            ctx->cipherType = AES_192_CFB8_TYPE;
+            ctx->cipherType = WC_AES_192_CFB8_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 24;
@@ -7368,10 +7569,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CFB8_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CFB8_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB8))) {
             WOLFSSL_MSG("EVP_AES_256_CFB8");
-            ctx->cipherType = AES_256_CFB8_TYPE;
+            ctx->cipherType = WC_AES_256_CFB8_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 32;
@@ -7400,11 +7601,12 @@ void wolfSSL_EVP_init(void)
             }
         }
         #endif /* WOLFSSL_AES_256 */
+        #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_CFB128_TYPE ||
+        if (ctx->cipherType == WC_AES_128_CFB128_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB128))) {
             WOLFSSL_MSG("EVP_AES_128_CFB128");
-            ctx->cipherType = AES_128_CFB128_TYPE;
+            ctx->cipherType = WC_AES_128_CFB128_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 16;
@@ -7430,10 +7632,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_CFB128_TYPE ||
+        if (ctx->cipherType == WC_AES_192_CFB128_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB128))) {
             WOLFSSL_MSG("EVP_AES_192_CFB128");
-            ctx->cipherType = AES_192_CFB128_TYPE;
+            ctx->cipherType = WC_AES_192_CFB128_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 24;
@@ -7459,10 +7661,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_CFB128_TYPE ||
+        if (ctx->cipherType == WC_AES_256_CFB128_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB128))) {
             WOLFSSL_MSG("EVP_AES_256_CFB128");
-            ctx->cipherType = AES_256_CFB128_TYPE;
+            ctx->cipherType = WC_AES_256_CFB128_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CFB_MODE;
             ctx->keyLen     = 32;
@@ -7494,10 +7696,10 @@ void wolfSSL_EVP_init(void)
     #endif /* WOLFSSL_AES_CFB */
     #ifdef WOLFSSL_AES_OFB
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_OFB_TYPE ||
+        if (ctx->cipherType == WC_AES_128_OFB_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_OFB))) {
             WOLFSSL_MSG("EVP_AES_128_OFB");
-            ctx->cipherType = AES_128_OFB_TYPE;
+            ctx->cipherType = WC_AES_128_OFB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_OFB_MODE;
             ctx->keyLen     = 16;
@@ -7523,10 +7725,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_192
-        if (ctx->cipherType == AES_192_OFB_TYPE ||
+        if (ctx->cipherType == WC_AES_192_OFB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_OFB))) {
             WOLFSSL_MSG("EVP_AES_192_OFB");
-            ctx->cipherType = AES_192_OFB_TYPE;
+            ctx->cipherType = WC_AES_192_OFB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_OFB_MODE;
             ctx->keyLen     = 24;
@@ -7552,10 +7754,10 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_192 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_OFB_TYPE ||
+        if (ctx->cipherType == WC_AES_256_OFB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_OFB))) {
             WOLFSSL_MSG("EVP_AES_256_OFB");
-            ctx->cipherType = AES_256_OFB_TYPE;
+            ctx->cipherType = WC_AES_256_OFB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_OFB_MODE;
             ctx->keyLen     = 32;
@@ -7588,22 +7790,22 @@ void wolfSSL_EVP_init(void)
         #if defined(WOLFSSL_AES_XTS) && \
             (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
         #ifdef WOLFSSL_AES_128
-        if (ctx->cipherType == AES_128_XTS_TYPE ||
+        if (ctx->cipherType == WC_AES_128_XTS_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_XTS))) {
             WOLFSSL_MSG("EVP_AES_128_XTS");
-            ctx->cipherType = AES_128_XTS_TYPE;
+            ctx->cipherType = WC_AES_128_XTS_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_XTS_MODE;
             ctx->keyLen     = 32;
             ctx->block_size = 1;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
 
             if (iv != NULL) {
                 if (iv != ctx->iv) /* Valgrind error when src == dst */
                     XMEMCPY(ctx->iv, iv, (size_t)ctx->ivSz);
             }
             else
-                XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
+                XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE);
 
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
@@ -7629,22 +7831,22 @@ void wolfSSL_EVP_init(void)
         }
         #endif /* WOLFSSL_AES_128 */
         #ifdef WOLFSSL_AES_256
-        if (ctx->cipherType == AES_256_XTS_TYPE ||
+        if (ctx->cipherType == WC_AES_256_XTS_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_XTS))) {
             WOLFSSL_MSG("EVP_AES_256_XTS");
-            ctx->cipherType = AES_256_XTS_TYPE;
+            ctx->cipherType = WC_AES_256_XTS_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_XTS_MODE;
             ctx->keyLen     = 64;
             ctx->block_size = 1;
-            ctx->ivSz       = AES_BLOCK_SIZE;
+            ctx->ivSz       = WC_AES_BLOCK_SIZE;
 
             if (iv != NULL) {
                 if (iv != ctx->iv) /* Valgrind error when src == dst */
                     XMEMCPY(ctx->iv, iv, (size_t)ctx->ivSz);
             }
             else
-                XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
+                XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE);
 
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
@@ -7673,11 +7875,11 @@ void wolfSSL_EVP_init(void)
               (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
 #endif /* NO_AES */
     #if defined(HAVE_ARIA)
-        if (ctx->cipherType == ARIA_128_GCM_TYPE ||
+        if (ctx->cipherType == WC_ARIA_128_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM))
-            || ctx->cipherType == ARIA_192_GCM_TYPE ||
+            || ctx->cipherType == WC_ARIA_192_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM))
-            || ctx->cipherType == ARIA_256_GCM_TYPE ||
+            || ctx->cipherType == WC_ARIA_256_GCM_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM))
           ) {
             if (EvpCipherInitAriaGCM(ctx, type, key, iv, enc)
@@ -7690,10 +7892,10 @@ void wolfSSL_EVP_init(void)
 
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        if (ctx->cipherType == CHACHA20_POLY1305_TYPE ||
+        if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20_POLY1305))) {
             WOLFSSL_MSG("EVP_CHACHA20_POLY1305");
-            ctx->cipherType = CHACHA20_POLY1305_TYPE;
+            ctx->cipherType = WC_CHACHA20_POLY1305_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
             ctx->keyLen     = CHACHA20_POLY1305_AEAD_KEYSIZE;
@@ -7727,10 +7929,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef HAVE_CHACHA
-        if (ctx->cipherType == CHACHA20_TYPE ||
+        if (ctx->cipherType == WC_CHACHA20_TYPE ||
             (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20))) {
             WOLFSSL_MSG("EVP_CHACHA20");
-            ctx->cipherType = CHACHA20_TYPE;
+            ctx->cipherType = WC_CHACHA20_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->keyLen     = CHACHA_MAX_KEY_SZ;
             ctx->block_size = 1;
@@ -7760,10 +7962,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_ECB
-        if (ctx->cipherType == SM4_ECB_TYPE ||
+        if (ctx->cipherType == WC_SM4_ECB_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_ECB))) {
             WOLFSSL_MSG("EVP_SM4_ECB");
-            ctx->cipherType = SM4_ECB_TYPE;
+            ctx->cipherType = WC_SM4_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = SM4_KEY_SIZE;
@@ -7779,10 +7981,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_CBC
-        if (ctx->cipherType == SM4_CBC_TYPE ||
+        if (ctx->cipherType == WC_SM4_CBC_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CBC))) {
             WOLFSSL_MSG("EVP_SM4_CBC");
-            ctx->cipherType = SM4_CBC_TYPE;
+            ctx->cipherType = WC_SM4_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = SM4_KEY_SIZE;
@@ -7805,14 +8007,14 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_CTR
-        if (ctx->cipherType == SM4_CTR_TYPE ||
+        if (ctx->cipherType == WC_SM4_CTR_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CTR))) {
             WOLFSSL_MSG("EVP_SM4_CTR");
-            ctx->cipherType = SM4_CTR_TYPE;
+            ctx->cipherType = WC_SM4_CTR_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CTR_MODE;
             ctx->keyLen     = SM4_KEY_SIZE;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
             ctx->ivSz       = SM4_BLOCK_SIZE;
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
@@ -7831,14 +8033,14 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        if (ctx->cipherType == SM4_GCM_TYPE ||
+        if (ctx->cipherType == WC_SM4_GCM_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_GCM))) {
             WOLFSSL_MSG("EVP_SM4_GCM");
-            ctx->cipherType = SM4_GCM_TYPE;
+            ctx->cipherType = WC_SM4_GCM_TYPE;
             ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
                           WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
             ctx->keyLen     = SM4_KEY_SIZE;
             if (ctx->ivSz == 0) {
                 ctx->ivSz = GCM_NONCE_MID_SZ;
@@ -7861,14 +8063,14 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        if (ctx->cipherType == SM4_CCM_TYPE ||
+        if (ctx->cipherType == WC_SM4_CCM_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CCM))) {
             WOLFSSL_MSG("EVP_SM4_CCM");
-            ctx->cipherType = SM4_CCM_TYPE;
+            ctx->cipherType = WC_SM4_CCM_TYPE;
             ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags |= WOLFSSL_EVP_CIPH_CCM_MODE |
                           WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
-            ctx->block_size = NO_PADDING_BLOCK_SIZE;
+            ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
             ctx->keyLen     = SM4_KEY_SIZE;
             if (ctx->ivSz == 0) {
                 ctx->ivSz = GCM_NONCE_MID_SZ;
@@ -7891,10 +8093,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif
 #ifndef NO_DES3
-        if (ctx->cipherType == DES_CBC_TYPE ||
+        if (ctx->cipherType == WC_DES_CBC_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_CBC))) {
             WOLFSSL_MSG("EVP_DES_CBC");
-            ctx->cipherType = DES_CBC_TYPE;
+            ctx->cipherType = WC_DES_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 8;
@@ -7913,10 +8115,10 @@ void wolfSSL_EVP_init(void)
                 wc_Des_SetIV(&ctx->cipher.des, iv);
         }
 #ifdef WOLFSSL_DES_ECB
-        else if (ctx->cipherType == DES_ECB_TYPE ||
+        else if (ctx->cipherType == WC_DES_ECB_TYPE ||
                  (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_ECB))) {
             WOLFSSL_MSG("EVP_DES_ECB");
-            ctx->cipherType = DES_ECB_TYPE;
+            ctx->cipherType = WC_DES_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 8;
@@ -7932,11 +8134,11 @@ void wolfSSL_EVP_init(void)
             }
         }
 #endif
-        else if (ctx->cipherType == DES_EDE3_CBC_TYPE ||
+        else if (ctx->cipherType == WC_DES_EDE3_CBC_TYPE ||
                  (type &&
                   EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_CBC))) {
             WOLFSSL_MSG("EVP_DES_EDE3_CBC");
-            ctx->cipherType = DES_EDE3_CBC_TYPE;
+            ctx->cipherType = WC_DES_EDE3_CBC_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_CBC_MODE;
             ctx->keyLen     = 24;
@@ -7957,11 +8159,11 @@ void wolfSSL_EVP_init(void)
                     return WOLFSSL_FAILURE;
             }
         }
-        else if (ctx->cipherType == DES_EDE3_ECB_TYPE ||
+        else if (ctx->cipherType == WC_DES_EDE3_ECB_TYPE ||
                  (type &&
                   EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_ECB))) {
             WOLFSSL_MSG("EVP_DES_EDE3_ECB");
-            ctx->cipherType = DES_EDE3_ECB_TYPE;
+            ctx->cipherType = WC_DES_EDE3_ECB_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_ECB_MODE;
             ctx->keyLen     = 24;
@@ -7977,10 +8179,10 @@ void wolfSSL_EVP_init(void)
         }
 #endif /* NO_DES3 */
 #ifndef NO_RC4
-        if (ctx->cipherType == ARC4_TYPE ||
+        if (ctx->cipherType == WC_ARC4_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARC4))) {
             WOLFSSL_MSG("ARC4");
-            ctx->cipherType = ARC4_TYPE;
+            ctx->cipherType = WC_ARC4_TYPE;
             ctx->flags     &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
             ctx->flags     |= WOLFSSL_EVP_CIPH_STREAM_CIPHER;
             ctx->block_size = 1;
@@ -7990,10 +8192,10 @@ void wolfSSL_EVP_init(void)
                 wc_Arc4SetKey(&ctx->cipher.arc4, key, (word32)ctx->keyLen);
         }
 #endif /* NO_RC4 */
-        if (ctx->cipherType == NULL_CIPHER_TYPE ||
+        if (ctx->cipherType == WC_NULL_CIPHER_TYPE ||
                 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_NULL))) {
             WOLFSSL_MSG("NULL cipher");
-            ctx->cipherType = NULL_CIPHER_TYPE;
+            ctx->cipherType = WC_NULL_CIPHER_TYPE;
             ctx->keyLen = 0;
             ctx->block_size = 16;
         }
@@ -8014,120 +8216,120 @@ void wolfSSL_EVP_init(void)
         WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_nid");
         if (ctx == NULL) {
             WOLFSSL_ERROR_MSG("Bad parameters");
-            return NID_undef;
+            return WC_NID_undef;
         }
 
         switch (ctx->cipherType) {
 #ifndef NO_AES
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-            case AES_128_CBC_TYPE :
-                return NID_aes_128_cbc;
-            case AES_192_CBC_TYPE :
-                return NID_aes_192_cbc;
-            case AES_256_CBC_TYPE :
-                return NID_aes_256_cbc;
+            case WC_AES_128_CBC_TYPE :
+                return WC_NID_aes_128_cbc;
+            case WC_AES_192_CBC_TYPE :
+                return WC_NID_aes_192_cbc;
+            case WC_AES_256_CBC_TYPE :
+                return WC_NID_aes_256_cbc;
 #endif
 #ifdef HAVE_AESGCM
-            case AES_128_GCM_TYPE :
-                return NID_aes_128_gcm;
-            case AES_192_GCM_TYPE :
-                return NID_aes_192_gcm;
-            case AES_256_GCM_TYPE :
-                return NID_aes_256_gcm;
+            case WC_AES_128_GCM_TYPE :
+                return WC_NID_aes_128_gcm;
+            case WC_AES_192_GCM_TYPE :
+                return WC_NID_aes_192_gcm;
+            case WC_AES_256_GCM_TYPE :
+                return WC_NID_aes_256_gcm;
 #endif
 #ifdef HAVE_AESCCM
-            case AES_128_CCM_TYPE :
-                return NID_aes_128_ccm;
-            case AES_192_CCM_TYPE :
-                return NID_aes_192_ccm;
-            case AES_256_CCM_TYPE :
-                return NID_aes_256_ccm;
+            case WC_AES_128_CCM_TYPE :
+                return WC_NID_aes_128_ccm;
+            case WC_AES_192_CCM_TYPE :
+                return WC_NID_aes_192_ccm;
+            case WC_AES_256_CCM_TYPE :
+                return WC_NID_aes_256_ccm;
 #endif
 #ifdef HAVE_AES_ECB
-            case AES_128_ECB_TYPE :
-                return NID_aes_128_ecb;
-            case AES_192_ECB_TYPE :
-                return NID_aes_192_ecb;
-            case AES_256_ECB_TYPE :
-                return NID_aes_256_ecb;
+            case WC_AES_128_ECB_TYPE :
+                return WC_NID_aes_128_ecb;
+            case WC_AES_192_ECB_TYPE :
+                return WC_NID_aes_192_ecb;
+            case WC_AES_256_ECB_TYPE :
+                return WC_NID_aes_256_ecb;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
-            case AES_128_CTR_TYPE :
-                return NID_aes_128_ctr;
-            case AES_192_CTR_TYPE :
-                return NID_aes_192_ctr;
-            case AES_256_CTR_TYPE :
-                return NID_aes_256_ctr;
+            case WC_AES_128_CTR_TYPE :
+                return WC_NID_aes_128_ctr;
+            case WC_AES_192_CTR_TYPE :
+                return WC_NID_aes_192_ctr;
+            case WC_AES_256_CTR_TYPE :
+                return WC_NID_aes_256_ctr;
 #endif
 
 #endif /* NO_AES */
 
 #ifdef HAVE_ARIA
-            case ARIA_128_GCM_TYPE :
-                return NID_aria_128_gcm;
-            case ARIA_192_GCM_TYPE :
-                return NID_aria_192_gcm;
-            case ARIA_256_GCM_TYPE :
-                return NID_aria_256_gcm;
+            case WC_ARIA_128_GCM_TYPE :
+                return WC_NID_aria_128_gcm;
+            case WC_ARIA_192_GCM_TYPE :
+                return WC_NID_aria_192_gcm;
+            case WC_ARIA_256_GCM_TYPE :
+                return WC_NID_aria_256_gcm;
 #endif
 
 #ifndef NO_DES3
-            case DES_CBC_TYPE :
-                return NID_des_cbc;
+            case WC_DES_CBC_TYPE :
+                return WC_NID_des_cbc;
 
-            case DES_EDE3_CBC_TYPE :
-                return NID_des_ede3_cbc;
+            case WC_DES_EDE3_CBC_TYPE :
+                return WC_NID_des_ede3_cbc;
 #endif
 #ifdef WOLFSSL_DES_ECB
-            case DES_ECB_TYPE :
-                return NID_des_ecb;
-            case DES_EDE3_ECB_TYPE :
-                return NID_des_ede3_ecb;
+            case WC_DES_ECB_TYPE :
+                return WC_NID_des_ecb;
+            case WC_DES_EDE3_ECB_TYPE :
+                return WC_NID_des_ede3_ecb;
 #endif
 
-            case ARC4_TYPE :
-                return NID_rc4;
+            case WC_ARC4_TYPE :
+                return WC_NID_rc4;
 
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-            case CHACHA20_POLY1305_TYPE:
-                return NID_chacha20_poly1305;
+            case WC_CHACHA20_POLY1305_TYPE:
+                return WC_NID_chacha20_poly1305;
 #endif
 
 #ifdef HAVE_CHACHA
-            case CHACHA20_TYPE:
-                return NID_chacha20;
+            case WC_CHACHA20_TYPE:
+                return WC_NID_chacha20;
 #endif
 
 #ifdef WOLFSSL_SM4_ECB
-            case SM4_ECB_TYPE:
-                return NID_sm4_ecb;
+            case WC_SM4_ECB_TYPE:
+                return WC_NID_sm4_ecb;
 #endif
 
 #ifdef WOLFSSL_SM4_CBC
-            case SM4_CBC_TYPE:
-                return NID_sm4_cbc;
+            case WC_SM4_CBC_TYPE:
+                return WC_NID_sm4_cbc;
 #endif
 
 #ifdef WOLFSSL_SM4_CTR
-            case SM4_CTR_TYPE:
-                return NID_sm4_ctr;
+            case WC_SM4_CTR_TYPE:
+                return WC_NID_sm4_ctr;
 #endif
 
 #ifdef WOLFSSL_SM4_GCM
-            case SM4_GCM_TYPE:
-                return NID_sm4_gcm;
+            case WC_SM4_GCM_TYPE:
+                return WC_NID_sm4_gcm;
 #endif
 
 #ifdef WOLFSSL_SM4_CCM
-            case SM4_CCM_TYPE:
-                return NID_sm4_ccm;
+            case WC_SM4_CCM_TYPE:
+                return WC_NID_sm4_ccm;
 #endif
 
-            case NULL_CIPHER_TYPE :
+            case WC_NULL_CIPHER_TYPE :
                 WOLFSSL_ERROR_MSG("Null cipher has no NID");
                 FALL_THROUGH;
             default:
-                return NID_undef;
+                return WC_NID_undef;
         }
     }
 
@@ -8219,20 +8421,20 @@ void wolfSSL_EVP_init(void)
     }
 #endif /* !NO_AES || !NO_DES3 */
 
-    static int IsCipherTypeAEAD(unsigned char cipherType)
+    static int IsCipherTypeAEAD(unsigned int type)
     {
-        switch (cipherType) {
-            case AES_128_GCM_TYPE:
-            case AES_192_GCM_TYPE:
-            case AES_256_GCM_TYPE:
-            case AES_128_CCM_TYPE:
-            case AES_192_CCM_TYPE:
-            case AES_256_CCM_TYPE:
-            case ARIA_128_GCM_TYPE:
-            case ARIA_192_GCM_TYPE:
-            case ARIA_256_GCM_TYPE:
-            case SM4_GCM_TYPE:
-            case SM4_CCM_TYPE:
+        switch (type) {
+            case WC_AES_128_GCM_TYPE:
+            case WC_AES_192_GCM_TYPE:
+            case WC_AES_256_GCM_TYPE:
+            case WC_AES_128_CCM_TYPE:
+            case WC_AES_192_CCM_TYPE:
+            case WC_AES_256_CCM_TYPE:
+            case WC_ARIA_128_GCM_TYPE:
+            case WC_ARIA_192_GCM_TYPE:
+            case WC_ARIA_256_GCM_TYPE:
+            case WC_SM4_GCM_TYPE:
+            case WC_SM4_CCM_TYPE:
                 return 1;
             default:
                 return 0;
@@ -8243,7 +8445,7 @@ void wolfSSL_EVP_init(void)
     int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
                            word32 len)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
         WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
 
@@ -8272,24 +8474,24 @@ void wolfSSL_EVP_init(void)
 
 #ifndef NO_AES
 #ifdef HAVE_AES_CBC
-            case AES_128_CBC_TYPE :
-            case AES_192_CBC_TYPE :
-            case AES_256_CBC_TYPE :
+            case WC_AES_128_CBC_TYPE :
+            case WC_AES_192_CBC_TYPE :
+            case WC_AES_256_CBC_TYPE :
                 WOLFSSL_MSG("AES CBC");
                 if (ctx->enc)
                     ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
                 else
                     ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
                 if (ret == 0)
-                    ret = (int)((len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE);
+                    ret = (int)((len / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE);
                 break;
 #endif /* HAVE_AES_CBC */
 
 #ifdef WOLFSSL_AES_CFB
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-            case AES_128_CFB1_TYPE:
-            case AES_192_CFB1_TYPE:
-            case AES_256_CFB1_TYPE:
+#if !defined(WOLFSSL_NO_AES_CFB_1_8)
+            case WC_AES_128_CFB1_TYPE:
+            case WC_AES_192_CFB1_TYPE:
+            case WC_AES_256_CFB1_TYPE:
                 WOLFSSL_MSG("AES CFB1");
                 if (ctx->enc)
                     ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, dst, src, len);
@@ -8298,9 +8500,9 @@ void wolfSSL_EVP_init(void)
                 if (ret == 0)
                     ret = (int)len;
                 break;
-            case AES_128_CFB8_TYPE:
-            case AES_192_CFB8_TYPE:
-            case AES_256_CFB8_TYPE:
+            case WC_AES_128_CFB8_TYPE:
+            case WC_AES_192_CFB8_TYPE:
+            case WC_AES_256_CFB8_TYPE:
                 WOLFSSL_MSG("AES CFB8");
                 if (ctx->enc)
                     ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, dst, src, len);
@@ -8309,10 +8511,10 @@ void wolfSSL_EVP_init(void)
                 if (ret == 0)
                     ret = (int)len;
                 break;
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
-            case AES_128_CFB128_TYPE:
-            case AES_192_CFB128_TYPE:
-            case AES_256_CFB128_TYPE:
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
+            case WC_AES_128_CFB128_TYPE:
+            case WC_AES_192_CFB128_TYPE:
+            case WC_AES_256_CFB128_TYPE:
                 WOLFSSL_MSG("AES CFB128");
                 if (ctx->enc)
                     ret = wc_AesCfbEncrypt(&ctx->cipher.aes, dst, src, len);
@@ -8323,9 +8525,9 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif /* WOLFSSL_AES_CFB */
 #if defined(WOLFSSL_AES_OFB)
-            case AES_128_OFB_TYPE:
-            case AES_192_OFB_TYPE:
-            case AES_256_OFB_TYPE:
+            case WC_AES_128_OFB_TYPE:
+            case WC_AES_192_OFB_TYPE:
+            case WC_AES_256_OFB_TYPE:
                 WOLFSSL_MSG("AES OFB");
                 if (ctx->enc)
                     ret = wc_AesOfbEncrypt(&ctx->cipher.aes, dst, src, len);
@@ -8336,8 +8538,8 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif /* WOLFSSL_AES_OFB */
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-            case AES_128_XTS_TYPE:
-            case AES_256_XTS_TYPE:
+            case WC_AES_128_XTS_TYPE:
+            case WC_AES_256_XTS_TYPE:
                 WOLFSSL_MSG("AES XTS");
                 if (ctx->enc)
                     ret = wc_AesXtsEncrypt(&ctx->cipher.xts, dst, src, len,
@@ -8352,9 +8554,9 @@ void wolfSSL_EVP_init(void)
 
 #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-            case AES_128_GCM_TYPE :
-            case AES_192_GCM_TYPE :
-            case AES_256_GCM_TYPE :
+            case WC_AES_128_GCM_TYPE :
+            case WC_AES_192_GCM_TYPE :
+            case WC_AES_256_GCM_TYPE :
                 WOLFSSL_MSG("AES GCM");
                 ret = EvpCipherAesGCM(ctx, dst, src, len);
                 break;
@@ -8362,31 +8564,31 @@ void wolfSSL_EVP_init(void)
         * HAVE_FIPS_VERSION >= 2 */
 #if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-            case AES_128_CCM_TYPE :
-            case AES_192_CCM_TYPE :
-            case AES_256_CCM_TYPE :
+            case WC_AES_128_CCM_TYPE :
+            case WC_AES_192_CCM_TYPE :
+            case WC_AES_256_CCM_TYPE :
                 WOLFSSL_MSG("AES CCM");
                 ret = EvpCipherAesCCM(ctx, dst, src, len);
                 break;
 #endif /* HAVE_AESCCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
         * HAVE_FIPS_VERSION >= 2 */
 #ifdef HAVE_AES_ECB
-            case AES_128_ECB_TYPE :
-            case AES_192_ECB_TYPE :
-            case AES_256_ECB_TYPE :
+            case WC_AES_128_ECB_TYPE :
+            case WC_AES_192_ECB_TYPE :
+            case WC_AES_256_ECB_TYPE :
                 WOLFSSL_MSG("AES ECB");
                 if (ctx->enc)
                     ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len);
                 else
                     ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len);
                 if (ret == 0)
-                    ret = (int)((len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE);
+                    ret = (int)((len / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE);
                 break;
 #endif
 #ifdef WOLFSSL_AES_COUNTER
-            case AES_128_CTR_TYPE :
-            case AES_192_CTR_TYPE :
-            case AES_256_CTR_TYPE :
+            case WC_AES_128_CTR_TYPE :
+            case WC_AES_192_CTR_TYPE :
+            case WC_AES_256_CTR_TYPE :
                 WOLFSSL_MSG("AES CTR");
                 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
                 if (ret == 0)
@@ -8397,9 +8599,9 @@ void wolfSSL_EVP_init(void)
 
 #if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
     || FIPS_VERSION_GE(2,0))
-            case ARIA_128_GCM_TYPE :
-            case ARIA_192_GCM_TYPE :
-            case ARIA_256_GCM_TYPE :
+            case WC_ARIA_128_GCM_TYPE :
+            case WC_ARIA_192_GCM_TYPE :
+            case WC_ARIA_256_GCM_TYPE :
                 WOLFSSL_MSG("ARIA GCM");
                 if (ctx->enc) {
                     ret = wc_AriaEncrypt(&ctx->cipher.aria, dst, src, len,
@@ -8416,7 +8618,7 @@ void wolfSSL_EVP_init(void)
         * HAVE_FIPS_VERSION >= 2 */
 
 #ifndef NO_DES3
-            case DES_CBC_TYPE :
+            case WC_DES_CBC_TYPE :
                 WOLFSSL_MSG("DES CBC");
                 if (ctx->enc)
                     wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
@@ -8425,7 +8627,7 @@ void wolfSSL_EVP_init(void)
                 if (ret == 0)
                     ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
                 break;
-            case DES_EDE3_CBC_TYPE :
+            case WC_DES_EDE3_CBC_TYPE :
                 WOLFSSL_MSG("DES3 CBC");
                 if (ctx->enc)
                     ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
@@ -8435,13 +8637,13 @@ void wolfSSL_EVP_init(void)
                     ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
                 break;
 #ifdef WOLFSSL_DES_ECB
-            case DES_ECB_TYPE :
+            case WC_DES_ECB_TYPE :
                 WOLFSSL_MSG("DES ECB");
                 ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
                 if (ret == 0)
                     ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
                 break;
-            case DES_EDE3_ECB_TYPE :
+            case WC_DES_EDE3_ECB_TYPE :
                 WOLFSSL_MSG("DES3 ECB");
                 ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
                 if (ret == 0)
@@ -8451,7 +8653,7 @@ void wolfSSL_EVP_init(void)
 #endif /* !NO_DES3 */
 
 #ifndef NO_RC4
-            case ARC4_TYPE :
+            case WC_ARC4_TYPE :
                 WOLFSSL_MSG("ARC4");
                 wc_Arc4Process(&ctx->cipher.arc4, dst, src, len);
                 if (ret == 0)
@@ -8462,7 +8664,7 @@ void wolfSSL_EVP_init(void)
             /* TODO: Chacha??? */
 
 #ifdef WOLFSSL_SM4_ECB
-            case SM4_ECB_TYPE :
+            case WC_SM4_ECB_TYPE :
                 WOLFSSL_MSG("Sm4 ECB");
                 if (ctx->enc)
                     ret = wc_Sm4EcbEncrypt(&ctx->cipher.sm4, dst, src, len);
@@ -8473,7 +8675,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CBC
-            case SM4_CBC_TYPE :
+            case WC_SM4_CBC_TYPE :
                 WOLFSSL_MSG("Sm4 CBC");
                 if (ctx->enc)
                     ret = wc_Sm4CbcEncrypt(&ctx->cipher.sm4, dst, src, len);
@@ -8484,7 +8686,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-            case SM4_CTR_TYPE :
+            case WC_SM4_CTR_TYPE :
                 WOLFSSL_MSG("AES CTR");
                 ret = wc_Sm4CtrEncrypt(&ctx->cipher.sm4, dst, src, len);
                 if (ret == 0)
@@ -8492,7 +8694,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-            case SM4_GCM_TYPE :
+            case WC_SM4_GCM_TYPE :
                 WOLFSSL_MSG("SM4 GCM");
                 /* No destination means only AAD. */
                 if (src != NULL && dst == NULL) {
@@ -8520,7 +8722,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-            case SM4_CCM_TYPE :
+            case WC_SM4_CCM_TYPE :
                 WOLFSSL_MSG("SM4 CCM");
                 /* No destination means only AAD. */
                 if (src != NULL && dst == NULL) {
@@ -8561,7 +8763,7 @@ void wolfSSL_EVP_init(void)
                 break;
 #endif
 
-            case NULL_CIPHER_TYPE :
+            case WC_NULL_CIPHER_TYPE :
                 WOLFSSL_MSG("NULL CIPHER");
                 XMEMCPY(dst, src, (size_t)len);
                 ret = (int)len;
@@ -8774,7 +8976,7 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
     clearEVPPkeyKeys(pkey);
     pkey->rsa    = key;
     pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */
-    pkey->type   = EVP_PKEY_RSA;
+    pkey->type   = WC_EVP_PKEY_RSA;
     pkey->pkcs8HeaderSz = key->pkcs8HeaderSz;
     if (key->inSet == 0) {
         if (SetRsaInternal(key) != WOLFSSL_SUCCESS) {
@@ -8820,7 +9022,7 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key)
     clearEVPPkeyKeys(pkey);
     pkey->dsa    = key;
     pkey->ownDsa = 0; /* pkey does not own DSA */
-    pkey->type   = EVP_PKEY_DSA;
+    pkey->type   = WC_EVP_PKEY_DSA;
     if (key->inSet == 0) {
         if (SetDsaInternal(key) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("SetDsaInternal failed");
@@ -8830,7 +9032,7 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key)
     dsa = (DsaKey*)key->internal;
 
     /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */
-    derMax = 4 * wolfSSL_BN_num_bytes(key->g) + AES_BLOCK_SIZE;
+    derMax = 4 * wolfSSL_BN_num_bytes(key->g) + WC_AES_BLOCK_SIZE;
 
     derBuf = (byte*)XMALLOC((size_t)derMax, pkey->heap,
         DYNAMIC_TYPE_TMP_BUFFER);
@@ -8898,13 +9100,13 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
         return NULL;
     }
 
-    if (key->type == EVP_PKEY_DSA) {
+    if (key->type == WC_EVP_PKEY_DSA) {
         if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr,
-                    key->pkey_sz) != SSL_SUCCESS) {
+                    key->pkey_sz) != WOLFSSL_SUCCESS) {
             /* now try public key */
             if (wolfSSL_DSA_LoadDer_ex(local,
                         (const unsigned char*)key->pkey.ptr, key->pkey_sz,
-                        WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) {
+                        WOLFSSL_DSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) {
                 wolfSSL_DSA_free(local);
                 local = NULL;
             }
@@ -8923,7 +9125,7 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
 WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey)
 {
     WOLFSSL_EC_KEY *eckey = NULL;
-    if (pkey && pkey->type == EVP_PKEY_EC) {
+    if (pkey && pkey->type == WC_EVP_PKEY_EC) {
 #ifdef HAVE_ECC
         eckey = pkey->ecc;
 #endif
@@ -8936,10 +9138,10 @@ WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
     WOLFSSL_EC_KEY* local = NULL;
     WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY");
 
-    if (key == NULL || key->type != EVP_PKEY_EC) {
+    if (key == NULL || key->type != WC_EVP_PKEY_EC) {
         return NULL;
     }
-    if (key->type == EVP_PKEY_EC) {
+    if (key->type == WC_EVP_PKEY_EC) {
         if (key->ecc != NULL) {
             if (wolfSSL_EC_KEY_up_ref(key->ecc) != WOLFSSL_SUCCESS) {
                 return NULL;
@@ -9004,7 +9206,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
 
     pkey->dh    = key;
     pkey->ownDh = 1; /* pkey does not own DH but needs to call free on it */
-    pkey->type  = EVP_PKEY_DH;
+    pkey->type  = WC_EVP_PKEY_DH;
     if (key->inSet == 0) {
         if (SetDhInternal(key) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("SetDhInternal failed");
@@ -9020,7 +9222,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
     /* Get size of DER buffer only */
     if (havePublic && !havePrivate) {
         ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz);
-    } else if (havePrivate && !havePublic) {
+    } else if (havePrivate) {
         ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz);
     } else {
         ret = wc_DhParamsToDer(dhkey,NULL,&derSz);
@@ -9040,7 +9242,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
     /* Fill DER buffer */
     if (havePublic && !havePrivate) {
         ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz);
-    } else if (havePrivate && !havePublic) {
+    } else if (havePrivate) {
         ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz);
     } else {
         ret = wc_DhParamsToDer(dhkey,derBuf,&derSz);
@@ -9078,7 +9280,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key)
         return NULL;
     }
 
-    if (key->type == EVP_PKEY_DH) {
+    if (key->type == WC_EVP_PKEY_DH) {
         /* if key->dh already exists copy instead of re-importing from DER */
         if (key->dh != NULL) {
             if (wolfSSL_DH_up_ref(key->dh) != WOLFSSL_SUCCESS) {
@@ -9095,7 +9297,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key)
                 return NULL;
             }
             if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr,
-                        key->pkey_sz) != SSL_SUCCESS) {
+                        key->pkey_sz) != WOLFSSL_SUCCESS) {
                 wolfSSL_DH_free(local);
                 WOLFSSL_MSG("Error wolfSSL_DH_LoadDer");
                 local = NULL;
@@ -9125,22 +9327,22 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key)
     /* pkey and key checked if NULL in subsequent assign functions */
     switch(type) {
     #ifndef NO_RSA
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
             ret = wolfSSL_EVP_PKEY_assign_RSA(pkey, (WOLFSSL_RSA*)key);
             break;
     #endif
     #ifndef NO_DSA
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
             ret = wolfSSL_EVP_PKEY_assign_DSA(pkey, (WOLFSSL_DSA*)key);
             break;
     #endif
     #ifdef HAVE_ECC
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
             ret = wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, (WOLFSSL_EC_KEY*)key);
             break;
     #endif
     #ifndef NO_DH
-         case EVP_PKEY_DH:
+         case WC_EVP_PKEY_DH:
             ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key);
             break;
     #endif
@@ -9155,7 +9357,7 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key)
 
 #if defined(HAVE_ECC)
 /* try and populate public pkey_sz and pkey.ptr */
-static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
+static int ECC_populate_EVP_PKEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
 {
     int derSz = 0;
     byte* derBuf = NULL;
@@ -9264,7 +9466,7 @@ int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key)
     }
     pkey->ecc    = key;
     pkey->ownEcc = 1; /* pkey needs to call free on key */
-    pkey->type   = EVP_PKEY_EC;
+    pkey->type   = WC_EVP_PKEY_EC;
     return ECC_populate_EVP_PKEY(pkey, key);
 #else
     (void)pkey;
@@ -9279,7 +9481,7 @@ void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 
     if (ctx) {
         switch (ctx->cipherType) {
-            case ARC4_TYPE:
+            case WC_ARC4_TYPE:
                 WOLFSSL_MSG("returning arc4 state");
                 return (void*)&ctx->cipher.arc4.x;
 
@@ -9291,7 +9493,7 @@ void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 
     return NULL;
 }
-int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
+int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
 {
     int ret;
 
@@ -9303,7 +9505,7 @@ int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
     if (ret == WOLFSSL_SUCCESS) { /* take ownership of key if can be used */
         clearEVPPkeyKeys(pkey); /* clear out any previous keys */
 
-        pkey->type = EVP_PKEY_EC;
+        pkey->type = WC_EVP_PKEY_EC;
         pkey->ecc = key;
         pkey->ownEcc = 1;
     }
@@ -9323,32 +9525,32 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void)
 
 int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type)
 {
-    int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type");
 
     if (type != NULL) {
-        if (XSTRCMP(type, "MD5") == 0) {
-            ret = NID_md5WithRSAEncryption;
+        if (XSTRCMP(type, WC_SN_md5) == 0) {
+            ret = WC_NID_md5WithRSAEncryption;
         }
-        else if (XSTRCMP(type, "SHA1") == 0) {
-            ret = NID_sha1WithRSAEncryption;
+        else if (XSTRCMP(type, WC_SN_sha1) == 0) {
+            ret = WC_NID_sha1WithRSAEncryption;
         }
-        else if (XSTRCMP(type, "SHA224") == 0) {
-            ret = NID_sha224WithRSAEncryption;
+        else if (XSTRCMP(type, WC_SN_sha224) == 0) {
+            ret = WC_NID_sha224WithRSAEncryption;
         }
-        else if (XSTRCMP(type, "SHA256") == 0) {
-            ret = NID_sha256WithRSAEncryption;
+        else if (XSTRCMP(type, WC_SN_sha256) == 0) {
+            ret = WC_NID_sha256WithRSAEncryption;
         }
-        else if (XSTRCMP(type, "SHA384") == 0) {
-            ret = NID_sha384WithRSAEncryption;
+        else if (XSTRCMP(type, WC_SN_sha384) == 0) {
+            ret = WC_NID_sha384WithRSAEncryption;
         }
-        else if (XSTRCMP(type, "SHA512") == 0) {
-            ret = NID_sha512WithRSAEncryption;
+        else if (XSTRCMP(type, WC_SN_sha512) == 0) {
+            ret = WC_NID_sha512WithRSAEncryption;
         }
     }
     else {
-        ret = BAD_FUNC_ARG;
+        ret = WOLFSSL_FAILURE;
     }
 
     WOLFSSL_LEAVE("wolfSSL_EVP_MD_pkey_type", ret);
@@ -9370,18 +9572,18 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
     switch (ctx->cipherType) {
 
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
-        case AES_128_CBC_TYPE :
-        case AES_192_CBC_TYPE :
-        case AES_256_CBC_TYPE :
+        case WC_AES_128_CBC_TYPE :
+        case WC_AES_192_CBC_TYPE :
+        case WC_AES_256_CBC_TYPE :
             WOLFSSL_MSG("AES CBC");
-            return AES_BLOCK_SIZE;
+            return WC_AES_BLOCK_SIZE;
 #endif
 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
 #ifdef HAVE_AESGCM
-        case AES_128_GCM_TYPE :
-        case AES_192_GCM_TYPE :
-        case AES_256_GCM_TYPE :
+        case WC_AES_128_GCM_TYPE :
+        case WC_AES_192_GCM_TYPE :
+        case WC_AES_256_GCM_TYPE :
             WOLFSSL_MSG("AES GCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9389,9 +9591,9 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             return GCM_NONCE_MID_SZ;
 #endif
 #ifdef HAVE_AESCCM
-        case AES_128_CCM_TYPE :
-        case AES_192_CCM_TYPE :
-        case AES_256_CCM_TYPE :
+        case WC_AES_128_CCM_TYPE :
+        case WC_AES_192_CCM_TYPE :
+        case WC_AES_256_CCM_TYPE :
             WOLFSSL_MSG("AES CCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9400,62 +9602,62 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 #endif
 #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
 #ifdef WOLFSSL_AES_COUNTER
-        case AES_128_CTR_TYPE :
-        case AES_192_CTR_TYPE :
-        case AES_256_CTR_TYPE :
+        case WC_AES_128_CTR_TYPE :
+        case WC_AES_192_CTR_TYPE :
+        case WC_AES_256_CTR_TYPE :
             WOLFSSL_MSG("AES CTR");
-            return AES_BLOCK_SIZE;
+            return WC_AES_BLOCK_SIZE;
 #endif
 #ifndef NO_DES3
-        case DES_CBC_TYPE :
+        case WC_DES_CBC_TYPE :
             WOLFSSL_MSG("DES CBC");
             return DES_BLOCK_SIZE;
 
-        case DES_EDE3_CBC_TYPE :
+        case WC_DES_EDE3_CBC_TYPE :
             WOLFSSL_MSG("DES EDE3 CBC");
             return DES_BLOCK_SIZE;
 #endif
 #ifndef NO_RC4
-        case ARC4_TYPE :
+        case WC_ARC4_TYPE :
             WOLFSSL_MSG("ARC4");
             return 0;
 #endif
 #ifdef WOLFSSL_AES_CFB
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        case AES_128_CFB1_TYPE:
-        case AES_192_CFB1_TYPE:
-        case AES_256_CFB1_TYPE:
+        case WC_AES_128_CFB1_TYPE:
+        case WC_AES_192_CFB1_TYPE:
+        case WC_AES_256_CFB1_TYPE:
             WOLFSSL_MSG("AES CFB1");
-            return AES_BLOCK_SIZE;
-        case AES_128_CFB8_TYPE:
-        case AES_192_CFB8_TYPE:
-        case AES_256_CFB8_TYPE:
+            return WC_AES_BLOCK_SIZE;
+        case WC_AES_128_CFB8_TYPE:
+        case WC_AES_192_CFB8_TYPE:
+        case WC_AES_256_CFB8_TYPE:
             WOLFSSL_MSG("AES CFB8");
-            return AES_BLOCK_SIZE;
+            return WC_AES_BLOCK_SIZE;
 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
-        case AES_128_CFB128_TYPE:
-        case AES_192_CFB128_TYPE:
-        case AES_256_CFB128_TYPE:
+        case WC_AES_128_CFB128_TYPE:
+        case WC_AES_192_CFB128_TYPE:
+        case WC_AES_256_CFB128_TYPE:
             WOLFSSL_MSG("AES CFB128");
-            return AES_BLOCK_SIZE;
+            return WC_AES_BLOCK_SIZE;
 #endif /* WOLFSSL_AES_CFB */
 #if defined(WOLFSSL_AES_OFB)
-        case AES_128_OFB_TYPE:
-        case AES_192_OFB_TYPE:
-        case AES_256_OFB_TYPE:
+        case WC_AES_128_OFB_TYPE:
+        case WC_AES_192_OFB_TYPE:
+        case WC_AES_256_OFB_TYPE:
             WOLFSSL_MSG("AES OFB");
-            return AES_BLOCK_SIZE;
+            return WC_AES_BLOCK_SIZE;
 #endif /* WOLFSSL_AES_OFB */
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
-        case AES_128_XTS_TYPE:
-        case AES_256_XTS_TYPE:
+        case WC_AES_128_XTS_TYPE:
+        case WC_AES_256_XTS_TYPE:
             WOLFSSL_MSG("AES XTS");
-            return AES_BLOCK_SIZE;
+            return WC_AES_BLOCK_SIZE;
 #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
 #ifdef HAVE_ARIA
-        case ARIA_128_GCM_TYPE :
-        case ARIA_192_GCM_TYPE :
-        case ARIA_256_GCM_TYPE :
+        case WC_ARIA_128_GCM_TYPE :
+        case WC_ARIA_192_GCM_TYPE :
+        case WC_ARIA_256_GCM_TYPE :
             WOLFSSL_MSG("ARIA GCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9463,27 +9665,27 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             return GCM_NONCE_MID_SZ;
 #endif
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-        case CHACHA20_POLY1305_TYPE:
+        case WC_CHACHA20_POLY1305_TYPE:
             WOLFSSL_MSG("CHACHA20 POLY1305");
             return CHACHA20_POLY1305_AEAD_IV_SIZE;
 #endif /* HAVE_CHACHA HAVE_POLY1305 */
 #ifdef HAVE_CHACHA
-        case CHACHA20_TYPE:
+        case WC_CHACHA20_TYPE:
             WOLFSSL_MSG("CHACHA20");
             return WOLFSSL_EVP_CHACHA_IV_BYTES;
 #endif /* HAVE_CHACHA */
 #ifdef WOLFSSL_SM4_CBC
-        case SM4_CBC_TYPE :
+        case WC_SM4_CBC_TYPE :
             WOLFSSL_MSG("SM4 CBC");
             return SM4_BLOCK_SIZE;
 #endif
 #ifdef WOLFSSL_SM4_CTR
-        case SM4_CTR_TYPE :
+        case WC_SM4_CTR_TYPE :
             WOLFSSL_MSG("SM4 CTR");
             return SM4_BLOCK_SIZE;
 #endif
 #ifdef WOLFSSL_SM4_GCM
-        case SM4_GCM_TYPE :
+        case WC_SM4_GCM_TYPE :
             WOLFSSL_MSG("SM4 GCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9491,7 +9693,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             return GCM_NONCE_MID_SZ;
 #endif
 #ifdef WOLFSSL_SM4_CCM
-        case SM4_CCM_TYPE :
+        case WC_SM4_CCM_TYPE :
             WOLFSSL_MSG("SM4 CCM");
             if (ctx->ivSz != 0) {
                 return ctx->ivSz;
@@ -9499,7 +9701,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
             return CCM_NONCE_MIN_SZ;
 #endif
 
-        case NULL_CIPHER_TYPE :
+        case WC_NULL_CIPHER_TYPE :
             WOLFSSL_MSG("NULL");
             return 0;
 
@@ -9519,15 +9721,15 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
     #ifdef WOLFSSL_AES_128
     if (XSTRCMP(name, EVP_AES_128_CBC) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif
     #ifdef WOLFSSL_AES_192
     if (XSTRCMP(name, EVP_AES_192_CBC) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif
     #ifdef WOLFSSL_AES_256
     if (XSTRCMP(name, EVP_AES_256_CBC) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif
 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
@@ -9564,26 +9766,26 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
 #ifdef WOLFSSL_AES_COUNTER
     #ifdef WOLFSSL_AES_128
     if (XSTRCMP(name, EVP_AES_128_CTR) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif
     #ifdef WOLFSSL_AES_192
     if (XSTRCMP(name, EVP_AES_192_CTR) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif
     #ifdef WOLFSSL_AES_256
     if (XSTRCMP(name, EVP_AES_256_CTR) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif
 #endif
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
     #ifdef WOLFSSL_AES_128
     if (XSTRCMP(name, EVP_AES_128_XTS) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif /* WOLFSSL_AES_128 */
 
     #ifdef WOLFSSL_AES_256
     if (XSTRCMP(name, EVP_AES_256_XTS) == 0)
-        return AES_BLOCK_SIZE;
+        return WC_AES_BLOCK_SIZE;
     #endif /* WOLFSSL_AES_256 */
 #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
 
@@ -9643,7 +9845,7 @@ int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 
     if (ctx) {
         switch (ctx->cipherType) {
-            case ARC4_TYPE:
+            case WC_ARC4_TYPE:
                 WOLFSSL_MSG("returning arc4 state size");
                 return sizeof(Arc4);
 
@@ -9657,27 +9859,27 @@ int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 }
 
 
-/* return of pkey->type which will be EVP_PKEY_RSA for example.
+/* return of pkey->type which will be WC_EVP_PKEY_RSA for example.
  *
  * type  type of EVP_PKEY
  *
- * returns type or if type is not found then NID_undef
+ * returns type or if type is not found then WC_NID_undef
  */
 int wolfSSL_EVP_PKEY_type(int type)
 {
     WOLFSSL_MSG("wolfSSL_EVP_PKEY_type");
 
     switch (type) {
-        case EVP_PKEY_RSA:
-            return EVP_PKEY_RSA;
-        case EVP_PKEY_DSA:
-            return EVP_PKEY_DSA;
-        case EVP_PKEY_EC:
-            return EVP_PKEY_EC;
-        case EVP_PKEY_DH:
-            return EVP_PKEY_DH;
+        case WC_EVP_PKEY_RSA:
+            return WC_EVP_PKEY_RSA;
+        case WC_EVP_PKEY_DSA:
+            return WC_EVP_PKEY_DSA;
+        case WC_EVP_PKEY_EC:
+            return WC_EVP_PKEY_EC;
+        case WC_EVP_PKEY_DH:
+            return WC_EVP_PKEY_DH;
         default:
-            return NID_undef;
+            return WC_NID_undef;
     }
 }
 
@@ -9693,7 +9895,7 @@ int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey)
 int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey)
 {
     if (pkey == NULL)
-        return NID_undef;
+        return WC_NID_undef;
     return wolfSSL_EVP_PKEY_type(pkey->type);
 }
 
@@ -9707,17 +9909,17 @@ int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid)
     }
 
     switch (pkey->type) {
-    case EVP_PKEY_HMAC:
+    case WC_EVP_PKEY_HMAC:
 #ifndef NO_DSA
-    case EVP_PKEY_DSA:
+    case WC_EVP_PKEY_DSA:
 #endif
 #ifndef NO_RSA
-    case EVP_PKEY_RSA:
+    case WC_EVP_PKEY_RSA:
 #endif
 #ifdef HAVE_ECC
-    case EVP_PKEY_EC:
+    case WC_EVP_PKEY_EC:
 #endif
-        *pnid = NID_sha256;
+        *pnid = WC_NID_sha256;
         return WOLFSSL_SUCCESS;
     default:
         return WOLFSSL_FAILURE;
@@ -9739,7 +9941,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8)
 /* this function just casts and returns pointer */
 WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey)
 {
-    return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey;
+    if (pkey == NULL || pkey->pkey.ptr == NULL) {
+        return NULL;
+    }
+
+    return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&pkey->pkey.ptr,
+        pkey->pkey_sz);
 }
 #endif
 
@@ -9764,13 +9971,13 @@ int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey)
 }
 
 #ifndef NO_RSA
-int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
+int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_RSA* key)
 {
     if (pkey == NULL || key == NULL)
         return WOLFSSL_FAILURE;
 
     clearEVPPkeyKeys(pkey);
-    pkey->type = EVP_PKEY_RSA;
+    pkey->type = WC_EVP_PKEY_RSA;
     pkey->rsa = key;
     pkey->ownRsa = 1;
 
@@ -9801,13 +10008,13 @@ int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
 #endif /* !NO_RSA */
 
 #ifndef NO_DSA
-int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key)
+int wolfSSL_EVP_PKEY_assign_DSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DSA* key)
 {
     if (pkey == NULL || key == NULL)
         return WOLFSSL_FAILURE;
 
     clearEVPPkeyKeys(pkey);
-    pkey->type = EVP_PKEY_DSA;
+    pkey->type = WC_EVP_PKEY_DSA;
     pkey->dsa = key;
     pkey->ownDsa = 1;
 
@@ -9816,13 +10023,13 @@ int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key)
 #endif /* !NO_DSA */
 
 #ifndef NO_DH
-int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key)
+int wolfSSL_EVP_PKEY_assign_DH(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DH* key)
 {
     if (pkey == NULL || key == NULL)
         return WOLFSSL_FAILURE;
 
     clearEVPPkeyKeys(pkey);
-    pkey->type = EVP_PKEY_DH;
+    pkey->type = WC_EVP_PKEY_DH;
     pkey->dh = key;
     pkey->ownDh = 1;
 
@@ -9892,40 +10099,44 @@ static const struct alias {
             const char *alias;
 } digest_alias_tbl[] =
 {
-    {"MD4", "ssl3-md4"},
-    {"MD5", "ssl3-md5"},
-    {"SHA1", "ssl3-sha1"},
-    {"SHA1", "SHA"},
+    {WC_SN_md4, "md4"},
+    {WC_SN_md5, "md5"},
+    {WC_SN_sha1, "sha1"},
+    {WC_SN_sha1, "SHA"},
+    {WC_SN_sha224, "sha224"},
+    {WC_SN_sha256, "sha256"},
+    {WC_SN_sha384, "sha384"},
+    {WC_SN_sha512, "sha512"},
+    {WC_SN_sha512_224, "sha512_224"},
+    {WC_SN_sha3_224, "sha3_224"},
+    {WC_SN_sha3_256, "sha3_256"},
+    {WC_SN_sha3_384, "sha3_384"},
+    {WC_SN_sha3_512, "sha3_512"},
+    {WC_SN_sm3, "sm3"},
+    {WC_SN_blake2b512, "blake2b512"},
+    {WC_SN_blake2s256, "blake2s256"},
+    {WC_SN_shake128, "shake128"},
+    {WC_SN_shake256, "shake256"},
     { NULL, NULL}
 };
 
 const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
 {
-    char nameUpper[15]; /* 15 bytes should be enough for any name */
-    size_t i;
-
     const struct alias  *al;
     const struct s_ent *ent;
 
-    for (i = 0; i < sizeof(nameUpper) && name[i] != '\0'; i++) {
-        nameUpper[i] = (char)XTOUPPER((unsigned char) name[i]);
-    }
-    if (i < sizeof(nameUpper))
-        nameUpper[i] = '\0';
-    else
-        return NULL;
-
-    name = nameUpper;
-    for (al = digest_alias_tbl; al->name != NULL; al++)
+    for (al = digest_alias_tbl; al->name != NULL; al++) {
         if(XSTRCMP(name, al->alias) == 0) {
             name = al->name;
             break;
         }
+    }
 
-    for (ent = md_tbl; ent->name != NULL; ent++)
+    for (ent = md_tbl; ent->name != NULL; ent++) {
         if(XSTRCMP(name, ent->name) == 0) {
-            return (EVP_MD *)ent->name;
+            return (WOLFSSL_EVP_MD *)ent->name;
         }
+    }
     return NULL;
 }
 
@@ -9933,7 +10144,7 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
  *
  * type - pointer to WOLFSSL_EVP_MD for which to return NID value
  *
- * Returns NID on success, or NID_undef if none exists.
+ * Returns NID on success, or WC_NID_undef if none exists.
  */
 int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
 {
@@ -9942,7 +10153,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
 
     if (type == NULL) {
         WOLFSSL_MSG("MD type arg is NULL");
-        return NID_undef;
+        return WC_NID_undef;
     }
 
     for( ent = md_tbl; ent->name != NULL; ent++){
@@ -9950,7 +10161,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             return ent->nid;
         }
     }
-    return NID_undef;
+    return WC_NID_undef;
 }
 
 #ifndef NO_MD4
@@ -9959,7 +10170,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void)
     {
         WOLFSSL_ENTER("EVP_md4");
-        return EVP_get_digestbyname("MD4");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_md4);
     }
 
 #endif /* !NO_MD4 */
@@ -9970,7 +10181,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void)
     {
         WOLFSSL_ENTER("EVP_md5");
-        return EVP_get_digestbyname("MD5");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_md5);
     }
 
 #endif /* !NO_MD5 */
@@ -9982,8 +10193,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
      */
     const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2b512(void)
     {
-        WOLFSSL_ENTER("EVP_blake2b512");
-        return EVP_get_digestbyname("BLAKE2b512");
+        WOLFSSL_ENTER("wolfSSL_EVP_blake2b512");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_blake2b512);
     }
 
 #endif
@@ -9996,7 +10207,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void)
     {
         WOLFSSL_ENTER("EVP_blake2s256");
-        return EVP_get_digestbyname("BLAKE2s256");
+        return wolfSSL_EVP_get_digestbyname("BLAKE2s256");
     }
 
 #endif
@@ -10022,7 +10233,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
     {
         WOLFSSL_ENTER("EVP_sha1");
-        return EVP_get_digestbyname("SHA1");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha1);
     }
 #endif /* NO_SHA */
 
@@ -10031,7 +10242,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void)
     {
         WOLFSSL_ENTER("EVP_sha224");
-        return EVP_get_digestbyname("SHA224");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha224);
     }
 
 #endif /* WOLFSSL_SHA224 */
@@ -10040,7 +10251,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
     {
         WOLFSSL_ENTER("EVP_sha256");
-        return EVP_get_digestbyname("SHA256");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha256);
     }
 
 #ifdef WOLFSSL_SHA384
@@ -10048,7 +10259,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void)
     {
         WOLFSSL_ENTER("EVP_sha384");
-        return EVP_get_digestbyname("SHA384");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha384);
     }
 
 #endif /* WOLFSSL_SHA384 */
@@ -10058,7 +10269,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void)
     {
         WOLFSSL_ENTER("EVP_sha512");
-        return EVP_get_digestbyname("SHA512");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha512);
     }
 
 #ifndef WOLFSSL_NOSHA512_224
@@ -10066,7 +10277,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_224(void)
     {
         WOLFSSL_ENTER("EVP_sha512_224");
-        return EVP_get_digestbyname("SHA512_224");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha512_224);
     }
 
 #endif /* !WOLFSSL_NOSHA512_224 */
@@ -10075,7 +10286,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_256(void)
     {
         WOLFSSL_ENTER("EVP_sha512_256");
-        return EVP_get_digestbyname("SHA512_256");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha512_256);
     }
 
 #endif /* !WOLFSSL_NOSHA512_224 */
@@ -10087,7 +10298,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void)
     {
         WOLFSSL_ENTER("EVP_sha3_224");
-        return EVP_get_digestbyname("SHA3_224");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_224);
     }
 #endif /* WOLFSSL_NOSHA3_224 */
 
@@ -10096,7 +10307,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void)
     {
         WOLFSSL_ENTER("EVP_sha3_256");
-        return EVP_get_digestbyname("SHA3_256");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_256);
     }
 #endif /* WOLFSSL_NOSHA3_256 */
 
@@ -10104,7 +10315,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void)
     {
         WOLFSSL_ENTER("EVP_sha3_384");
-        return EVP_get_digestbyname("SHA3_384");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_384);
     }
 #endif /* WOLFSSL_NOSHA3_384 */
 
@@ -10112,7 +10323,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void)
     {
         WOLFSSL_ENTER("EVP_sha3_512");
-        return EVP_get_digestbyname("SHA3_512");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_512);
     }
 #endif /* WOLFSSL_NOSHA3_512 */
 
@@ -10120,7 +10331,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_shake128(void)
     {
         WOLFSSL_ENTER("EVP_shake128");
-        return EVP_get_digestbyname("SHAKE128");
+        return wolfSSL_EVP_get_digestbyname("SHAKE128");
     }
 #endif /* WOLFSSL_SHAKE128 */
 
@@ -10128,7 +10339,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_shake256(void)
     {
         WOLFSSL_ENTER("EVP_shake256");
-        return EVP_get_digestbyname("SHAKE256");
+        return wolfSSL_EVP_get_digestbyname("SHAKE256");
     }
 #endif /* WOLFSSL_SHAKE256 */
 
@@ -10138,7 +10349,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sm3(void)
     {
         WOLFSSL_ENTER("EVP_sm3");
-        return EVP_get_digestbyname("SM3");
+        return wolfSSL_EVP_get_digestbyname(WC_SN_sm3);
     }
 #endif /* WOLFSSL_SM3 */
 
@@ -10173,7 +10384,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             const struct s_ent *ent;
 
             if (ctx->isHMAC) {
-                return NID_hmac;
+                return WC_NID_hmac;
             }
 
             for(ent = md_tbl; ent->name != NULL; ent++) {
@@ -10224,7 +10435,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
      * @param n message digest type name
      * @return alias name, otherwise NULL
      */
-    static const char* hasAliasName(const char* n)
+    static const char* getMdAliasName(const char* n)
     {
 
         const char* aliasnm = NULL;
@@ -10255,23 +10466,15 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     {
         struct do_all_md *md = (struct do_all_md*)arg;
 
-        const struct s_ent *ent;
-
         /* sanity check */
         if (md == NULL || nm == NULL || md->fn == NULL ||
             nm->type != WOLFSSL_OBJ_NAME_TYPE_MD_METH)
             return;
 
-        /* loop all md */
-        for (ent = md_tbl; ent->name != NULL; ent++){
-            /* check if the md has alias */
-            if(hasAliasName(ent->name) != NULL) {
-                md->fn(NULL, ent->name, ent->name, md->arg);
-            }
-            else {
-                md->fn(ent->name, ent->name, NULL, md->arg);
-            }
-        }
+        if (nm->alias)
+            md->fn(NULL, nm->name, nm->data, md->arg);
+        else
+            md->fn((const WOLFSSL_EVP_MD *)nm->data, nm->name, NULL, md->arg);
     }
 
     /* call md_do_all function to do all md algorithm via a callback function
@@ -10306,11 +10509,30 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
         if (!fn)
             return;
 
-        objnm.type = type;
-
         switch(type) {
             case WOLFSSL_OBJ_NAME_TYPE_MD_METH:
-                fn(&objnm, arg);
+                {
+                    const struct s_ent *ent;
+                    /* loop all md */
+                    for (ent = md_tbl; ent->name != NULL; ent++){
+                        XMEMSET(&objnm, 0, sizeof(objnm));
+
+                        /* populate objnm with info about the md */
+                        objnm.type = WOLFSSL_OBJ_NAME_TYPE_MD_METH;
+                        objnm.name = ent->name;
+                        objnm.data = (const char*)
+                                wolfSSL_EVP_get_digestbyname(ent->name);
+                        fn(&objnm, arg);
+
+                        /* check if the md has alias and also call fn with it */
+                        objnm.name = getMdAliasName(ent->name);
+                        if (objnm.name != NULL) {
+                            objnm.alias |= WOLFSSL_OBJ_NAME_ALIAS;
+                            objnm.data = ent->name;
+                            fn(&objnm, arg);
+                        }
+                    }
+                }
                 break;
             case WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH:
             case WOLFSSL_OBJ_NAME_TYPE_PKEY_METH:
@@ -10413,17 +10635,21 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
                     /* Not an error since an unused struct could be free'd or
                      * reset. */
                     break;
+            #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
+                case WC_HASH_TYPE_SHAKE128:
+                    wc_Shake128_Free(&ctx->hash.digest.shake);
+                    break;
+            #endif
+            #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
+                case WC_HASH_TYPE_SHAKE256:
+                    wc_Shake256_Free(&ctx->hash.digest.shake);
+                    break;
+            #endif
                 case WC_HASH_TYPE_MD2:
                 case WC_HASH_TYPE_MD4:
                 case WC_HASH_TYPE_MD5_SHA:
                 case WC_HASH_TYPE_BLAKE2B:
                 case WC_HASH_TYPE_BLAKE2S:
-            #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
-                case WC_HASH_TYPE_SHAKE128:
-            #endif
-            #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
-                case WC_HASH_TYPE_SHAKE256:
-            #endif
                 default:
                     ret = WOLFSSL_FAILURE;
                     break;
@@ -10439,20 +10665,17 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
                                const WOLFSSL_EVP_MD* md)
     {
         int ret = WOLFSSL_SUCCESS;
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        wc_static_assert(WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV));
+    #endif
 
         WOLFSSL_ENTER("EVP_DigestInit");
 
         if (ctx == NULL) {
-            return BAD_FUNC_ARG;
+            return WOLFSSL_FAILURE;
         }
 
-
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        /* compile-time validation of ASYNC_CTX_SIZE */
-        typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ?
-                                                                        1 : -1];
-        (void)sizeof(async_test);
-    #endif
+        wolfSSL_EVP_MD_CTX_init(ctx);
 
         /* Set to 0 if no match */
         ctx->macType = EvpMd2MacType(md);
@@ -10460,76 +10683,92 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
              XMEMSET(&ctx->hash.digest, 0, sizeof(WOLFSSL_Hasher));
         } else
     #ifndef NO_SHA
-        if ((XSTRCMP(md, "SHA") == 0) || (XSTRCMP(md, "SHA1") == 0)) {
+        if ((XSTRCMP(md, "SHA") == 0) || (XSTRCMP(md, WC_SN_sha1) == 0)) {
              ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha));
         } else
     #endif
     #ifndef NO_SHA256
-        if (XSTRCMP(md, "SHA256") == 0) {
+        if (XSTRCMP(md, WC_SN_sha256) == 0) {
              ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256));
         } else
     #endif
     #ifdef WOLFSSL_SHA224
-        if (XSTRCMP(md, "SHA224") == 0) {
+        if (XSTRCMP(md, WC_SN_sha224) == 0) {
              ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224));
         } else
     #endif
     #ifdef WOLFSSL_SHA384
-        if (XSTRCMP(md, "SHA384") == 0) {
+        if (XSTRCMP(md, WC_SN_sha384) == 0) {
              ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384));
         } else
     #endif
     #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
         defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-        if (XSTRCMP(md, "SHA512_224") == 0) {
+        if (XSTRCMP(md, WC_SN_sha512_224) == 0) {
              ret = wolfSSL_SHA512_224_Init(&(ctx->hash.digest.sha512));
         } else
     #endif
     #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
         defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-        if (XSTRCMP(md, "SHA512_256") == 0) {
+        if (XSTRCMP(md, WC_SN_sha512_256) == 0) {
              ret = wolfSSL_SHA512_256_Init(&(ctx->hash.digest.sha512));
         } else
     #endif
     #ifdef WOLFSSL_SHA512
-        if (XSTRCMP(md, "SHA512") == 0) {
+        if (XSTRCMP(md, WC_SN_sha512) == 0) {
              ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512));
         } else
     #endif
     #ifndef NO_MD4
-        if (XSTRCMP(md, "MD4") == 0) {
+        if (XSTRCMP(md, WC_SN_md4) == 0) {
             wolfSSL_MD4_Init(&(ctx->hash.digest.md4));
         } else
     #endif
     #ifndef NO_MD5
-        if (XSTRCMP(md, "MD5") == 0) {
+        if (XSTRCMP(md, WC_SN_md5) == 0) {
             ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5));
         } else
     #endif
 #ifdef WOLFSSL_SHA3
     #ifndef WOLFSSL_NOSHA3_224
-        if (XSTRCMP(md, "SHA3_224") == 0) {
+        if (XSTRCMP(md, WC_SN_sha3_224) == 0) {
              ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224));
         } else
     #endif
     #ifndef WOLFSSL_NOSHA3_256
-        if (XSTRCMP(md, "SHA3_256") == 0) {
+        if (XSTRCMP(md, WC_SN_sha3_256) == 0) {
              ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256));
         } else
     #endif
     #ifndef WOLFSSL_NOSHA3_384
-        if (XSTRCMP(md, "SHA3_384") == 0) {
+        if (XSTRCMP(md, WC_SN_sha3_384) == 0) {
              ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384));
         } else
     #endif
     #ifndef WOLFSSL_NOSHA3_512
-        if (XSTRCMP(md, "SHA3_512") == 0) {
+        if (XSTRCMP(md, WC_SN_sha3_512) == 0) {
              ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512));
         } else
     #endif
+    #ifdef WOLFSSL_SHAKE128
+        if (XSTRCMP(md, WC_SN_shake128) == 0) {
+            if (wc_InitShake128(&(ctx->hash.digest.shake), NULL,
+                INVALID_DEVID) != 0) {
+                ret = WOLFSSL_FAILURE;
+            }
+        } else
+    #endif
+    #ifdef WOLFSSL_SHAKE256
+        if (XSTRCMP(md, WC_SN_shake256) == 0) {
+            if (wc_InitShake256(&(ctx->hash.digest.shake), NULL,
+                INVALID_DEVID) != 0) {
+                ret = WOLFSSL_FAILURE;
+            }
+        } else
+    #endif
 #endif
     #ifdef WOLFSSL_SM3
-        if (XSTRCMP(md, "SM3") == 0) {
+        if (XSTRCMP(md, WC_SN_sm3) == 0) {
              ret = wc_InitSm3(&ctx->hash.digest.sm3, NULL, INVALID_DEVID);
              if (ret == 0) {
                 ret = WOLFSSL_SUCCESS;
@@ -10541,7 +10780,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     #endif
         {
              ctx->macType = WC_HASH_TYPE_NONE;
-             return BAD_FUNC_ARG;
+             return WOLFSSL_FAILURE;
         }
 
         return ret;
@@ -10551,53 +10790,53 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
                                 size_t sz)
     {
-        int ret = WOLFSSL_FAILURE;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
         enum wc_HashType macType;
 
         WOLFSSL_ENTER("EVP_DigestUpdate");
 
-        macType = EvpMd2MacType(EVP_MD_CTX_md(ctx));
+        macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx));
         switch (macType) {
             case WC_HASH_TYPE_MD4:
         #ifndef NO_MD4
-                wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data,
+                wolfSSL_MD4_Update((WOLFSSL_MD4_CTX*)&ctx->hash, data,
                                   (unsigned long)sz);
                 ret = WOLFSSL_SUCCESS;
         #endif
                 break;
             case WC_HASH_TYPE_MD5:
         #ifndef NO_MD5
-                ret = wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data,
+                ret = wolfSSL_MD5_Update((WOLFSSL_MD5_CTX*)&ctx->hash, data,
                                   (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA:
         #ifndef NO_SHA
-                ret = wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA_Update((WOLFSSL_SHA_CTX*)&ctx->hash, data,
                                   (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA224:
         #ifdef WOLFSSL_SHA224
-                ret = wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA224_Update((WOLFSSL_SHA224_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA256:
         #ifndef NO_SHA256
-                ret = wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA256_Update((WOLFSSL_SHA256_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif /* !NO_SHA256 */
                 break;
             case WC_HASH_TYPE_SHA384:
         #ifdef WOLFSSL_SHA384
-                ret = wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA384_Update((WOLFSSL_SHA384_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA512:
         #ifdef WOLFSSL_SHA512
-                ret = wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA512_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif /* WOLFSSL_SHA512 */
                 break;
@@ -10606,7 +10845,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             case WC_HASH_TYPE_SHA512_224:
         #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
             defined(WOLFSSL_SHA512)
-                ret = wolfSSL_SHA512_224_Update((SHA512_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA512_224_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
@@ -10616,7 +10855,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             case WC_HASH_TYPE_SHA512_256:
         #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
             defined(WOLFSSL_SHA512)
-                ret = wolfSSL_SHA512_256_Update((SHA512_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA512_256_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif /* WOLFSSL_SHA512 */
                 break;
@@ -10624,25 +10863,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
 
             case WC_HASH_TYPE_SHA3_224:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-                ret = wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA3_224_Update((WOLFSSL_SHA3_224_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_256:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-                ret = wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA3_256_Update((WOLFSSL_SHA3_256_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_384:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-                ret = wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA3_384_Update((WOLFSSL_SHA3_384_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_512:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-                ret = wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data,
+                ret = wolfSSL_SHA3_512_Update((WOLFSSL_SHA3_512_CTX*)&ctx->hash, data,
                                      (unsigned long)sz);
         #endif
                 break;
@@ -10656,18 +10895,29 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
                     ret = WOLFSSL_FAILURE;
                 }
                 break;
+        #endif
+        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
+            case WC_HASH_TYPE_SHAKE128:
+                if (wc_Shake128_Update(&ctx->hash.digest.shake,
+                        (const byte*)data, (word32)sz) == 0) {
+
+                    ret = WOLFSSL_SUCCESS;
+                }
+                break;
+        #endif
+        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
+            case WC_HASH_TYPE_SHAKE256:
+                if (wc_Shake256_Update(&ctx->hash.digest.shake,
+                        (const byte*)data, (word32)sz) == 0) {
+                    ret = WOLFSSL_SUCCESS;
+                }
+                break;
         #endif
             case WC_HASH_TYPE_NONE:
             case WC_HASH_TYPE_MD2:
             case WC_HASH_TYPE_MD5_SHA:
             case WC_HASH_TYPE_BLAKE2B:
             case WC_HASH_TYPE_BLAKE2S:
-        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
-            case WC_HASH_TYPE_SHAKE128:
-        #endif
-        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
-            case WC_HASH_TYPE_SHAKE256:
-        #endif
             default:
                 return WOLFSSL_FAILURE;
         }
@@ -10676,55 +10926,52 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
     }
 
     /* WOLFSSL_SUCCESS on ok */
-    int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
-                               unsigned int* s)
+    static int wolfSSL_EVP_DigestFinal_Common(WOLFSSL_EVP_MD_CTX* ctx,
+            unsigned char* md, unsigned int* s, enum wc_HashType macType)
     {
-        int ret = WOLFSSL_FAILURE;
-        enum wc_HashType macType;
+        int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
-        WOLFSSL_ENTER("EVP_DigestFinal");
-        macType = EvpMd2MacType(EVP_MD_CTX_md(ctx));
         switch (macType) {
             case WC_HASH_TYPE_MD4:
         #ifndef NO_MD4
-                wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash);
-                if (s) *s = MD4_DIGEST_SIZE;
+                wolfSSL_MD4_Final(md, (WOLFSSL_MD4_CTX*)&ctx->hash);
+                if (s) *s = WC_MD4_DIGEST_SIZE;
                 ret = WOLFSSL_SUCCESS;
         #endif
                 break;
             case WC_HASH_TYPE_MD5:
         #ifndef NO_MD5
-                ret = wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
+                ret = wolfSSL_MD5_Final(md, (WOLFSSL_MD5_CTX*)&ctx->hash);
                 if (s) *s = WC_MD5_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA:
         #ifndef NO_SHA
-                ret = wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA_Final(md, (WOLFSSL_SHA_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA224:
         #ifdef WOLFSSL_SHA224
-                ret = wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA224_Final(md, (WOLFSSL_SHA224_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA224_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA256:
         #ifndef NO_SHA256
-                ret = wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA256_Final(md, (WOLFSSL_SHA256_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA256_DIGEST_SIZE;
         #endif /* !NO_SHA256 */
                 break;
             case WC_HASH_TYPE_SHA384:
         #ifdef WOLFSSL_SHA384
-                ret = wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA384_Final(md, (WOLFSSL_SHA384_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA384_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA512:
         #ifdef WOLFSSL_SHA512
-                ret = wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA512_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA512_DIGEST_SIZE;
         #endif /* WOLFSSL_SHA512 */
                 break;
@@ -10732,7 +10979,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             case WC_HASH_TYPE_SHA512_224:
         #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
             defined(WOLFSSL_SHA512)
-                ret = wolfSSL_SHA512_224_Final(md, (SHA512_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA512_224_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA512_224_DIGEST_SIZE;
         #endif
                 break;
@@ -10741,32 +10988,32 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
             case WC_HASH_TYPE_SHA512_256:
         #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
             defined(WOLFSSL_SHA512)
-                ret = wolfSSL_SHA512_256_Final(md, (SHA512_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA512_256_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA512_256_DIGEST_SIZE;
         #endif
                 break;
         #endif /* !WOLFSSL_NOSHA512_256 */
             case WC_HASH_TYPE_SHA3_224:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-                ret = wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA3_224_Final(md, (WOLFSSL_SHA3_224_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA3_224_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_256:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-                ret = wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA3_256_Final(md, (WOLFSSL_SHA3_256_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA3_256_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_384:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-                ret = wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA3_384_Final(md, (WOLFSSL_SHA3_384_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA3_384_DIGEST_SIZE;
         #endif
                 break;
             case WC_HASH_TYPE_SHA3_512:
         #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-                ret = wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash);
+                ret = wolfSSL_SHA3_512_Final(md, (WOLFSSL_SHA3_512_CTX*)&ctx->hash);
                 if (s) *s = WC_SHA3_512_DIGEST_SIZE;
         #endif
                 break;
@@ -10781,32 +11028,133 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
                 }
                 if (s) *s = WC_SM3_DIGEST_SIZE;
                 break;
+        #endif
+        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
+            case WC_HASH_TYPE_SHAKE128:
+                if (wc_Shake128_Final(&ctx->hash.digest.shake, md, *s) == 0) {
+                    ret = WOLFSSL_SUCCESS;
+                }
+                break;
+        #endif
+        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
+            case WC_HASH_TYPE_SHAKE256:
+                if (wc_Shake256_Final(&ctx->hash.digest.shake, md, *s) == 0) {
+                    ret = WOLFSSL_SUCCESS;
+                }
+                break;
         #endif
             case WC_HASH_TYPE_NONE:
             case WC_HASH_TYPE_MD2:
             case WC_HASH_TYPE_MD5_SHA:
             case WC_HASH_TYPE_BLAKE2B:
             case WC_HASH_TYPE_BLAKE2S:
+            default:
+                return WOLFSSL_FAILURE;
+        }
+
+        return ret;
+    }
+
+    int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
+                               unsigned int* s)
+    {
+        enum wc_HashType macType;
+
+        WOLFSSL_ENTER("wolfSSL_EVP_DigestFinal");
+        macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx));
+        switch (macType) {
+            case WC_HASH_TYPE_MD4:
+            case WC_HASH_TYPE_MD5:
+            case WC_HASH_TYPE_SHA:
+            case WC_HASH_TYPE_SHA224:
+            case WC_HASH_TYPE_SHA256:
+            case WC_HASH_TYPE_SHA384:
+            case WC_HASH_TYPE_SHA512:
+        #ifndef WOLFSSL_NOSHA512_224
+            case WC_HASH_TYPE_SHA512_224:
+        #endif /* !WOLFSSL_NOSHA512_224 */
+        #ifndef WOLFSSL_NOSHA512_256
+            case WC_HASH_TYPE_SHA512_256:
+        #endif /* !WOLFSSL_NOSHA512_256 */
+            case WC_HASH_TYPE_SHA3_224:
+            case WC_HASH_TYPE_SHA3_256:
+            case WC_HASH_TYPE_SHA3_384:
+            case WC_HASH_TYPE_SHA3_512:
+        #ifdef WOLFSSL_SM3
+            case WC_HASH_TYPE_SM3:
+        #endif
+            case WC_HASH_TYPE_NONE:
+            case WC_HASH_TYPE_MD2:
+            case WC_HASH_TYPE_MD5_SHA:
+            case WC_HASH_TYPE_BLAKE2B:
+            case WC_HASH_TYPE_BLAKE2S:
+                break;
+
+        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
+            case WC_HASH_TYPE_SHAKE128:
+                *s = 16; /* if mixing up XOF with plain digest 128 bit is
+                          * default for SHAKE128 */
+                break;
+        #endif
+        #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
+            case WC_HASH_TYPE_SHAKE256:
+                *s = 32; /* if mixing up XOF with plain digest 256 bit is
+                          * default for SHAKE256 */
+                break;
+        #endif
+            default:
+                return WOLFSSL_FAILURE;
+        }
+        return wolfSSL_EVP_DigestFinal_Common(ctx, md, s, macType);
+    }
+
+    /* WOLFSSL_SUCCESS on ok */
+    int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
+                                   unsigned int* s)
+    {
+        WOLFSSL_ENTER("EVP_DigestFinal_ex");
+        return wolfSSL_EVP_DigestFinal(ctx, md, s);
+    }
+
+
+    /* XOF stands for extendable-output functions. This is used for algos such
+     * as SHAKE256.
+     *
+     * returns 1 (WOLFSSL_SUCCESS) on success and 0 (WOLFSSL_FAILURE) on fail */
+    int wolfSSL_EVP_DigestFinalXOF(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *md,
+        size_t sz)
+    {
+        unsigned int len;
+        enum wc_HashType macType;
+
+        WOLFSSL_ENTER("wolfSSL_EVP_DigestFinalXOF");
+        len = (unsigned int)sz;
+
+        macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx));
+        return wolfSSL_EVP_DigestFinal_Common(ctx, md, &len, macType);
+    }
+
+
+    unsigned long wolfSSL_EVP_MD_flags(const WOLFSSL_EVP_MD *md)
+    {
+        enum wc_HashType macType;
+
+        macType = EvpMd2MacType(md);
+        switch ((int)macType) {
+            case WC_HASH_TYPE_BLAKE2B:
+            case WC_HASH_TYPE_BLAKE2S:
         #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
             case WC_HASH_TYPE_SHAKE128:
         #endif
         #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
             case WC_HASH_TYPE_SHAKE256:
         #endif
+                return WOLFSSL_EVP_MD_FLAG_XOF;
             default:
-                return WOLFSSL_FAILURE;
+                return 0;
         }
-
-        return ret;
     }
 
-    /* WOLFSSL_SUCCESS on ok */
-    int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
-                                   unsigned int* s)
-    {
-        WOLFSSL_ENTER("EVP_DigestFinal_ex");
-        return EVP_DigestFinal(ctx, md, s);
-    }
 
     void wolfSSL_EVP_cleanup(void)
     {
@@ -10818,32 +11166,36 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
     WOLFSSL_MSG("wolfSSL_get_digestbynid");
 
     switch(id) {
+#ifndef NO_MD4
+        case WC_NID_md4:
+            return wolfSSL_EVP_md4();
+#endif
 #ifndef NO_MD5
-        case NID_md5:
+        case WC_NID_md5:
             return wolfSSL_EVP_md5();
 #endif
 #ifndef NO_SHA
-        case NID_sha1:
+        case WC_NID_sha1:
             return wolfSSL_EVP_sha1();
 #endif
 #ifdef WOLFSSL_SHA224
-        case NID_sha224:
+        case WC_NID_sha224:
             return wolfSSL_EVP_sha224();
 #endif
 #ifndef NO_SHA256
-        case NID_sha256:
+        case WC_NID_sha256:
             return wolfSSL_EVP_sha256();
 #endif
 #ifdef WOLFSSL_SHA384
-        case NID_sha384:
+        case WC_NID_sha384:
             return wolfSSL_EVP_sha384();
 #endif
 #ifdef WOLFSSL_SHA512
-        case NID_sha512:
+        case WC_NID_sha512:
             return wolfSSL_EVP_sha512();
 #endif
 #ifdef WOLFSSL_SM3
-        case NID_sm3:
+        case WC_NID_sm3:
             return wolfSSL_EVP_sm3();
 #endif
         default:
@@ -10858,73 +11210,73 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type)
 
     if (type == NULL) {
         WOLFSSL_MSG("No md type arg");
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
     }
 
 #ifndef NO_SHA
-    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) {
+    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) {
         return WC_SHA_BLOCK_SIZE;
     } else
 #endif
 #ifndef NO_SHA256
-    if (XSTRCMP(type, "SHA256") == 0) {
+    if (XSTRCMP(type, WC_SN_sha256) == 0) {
         return WC_SHA256_BLOCK_SIZE;
     } else
 #endif
 #ifndef NO_MD4
-    if (XSTRCMP(type, "MD4") == 0) {
-        return MD4_BLOCK_SIZE;
+    if (XSTRCMP(type, WC_SN_md4) == 0) {
+        return WC_MD4_BLOCK_SIZE;
     } else
 #endif
 #ifndef NO_MD5
-    if (XSTRCMP(type, "MD5") == 0) {
+    if (XSTRCMP(type, WC_SN_md5) == 0) {
         return WC_MD5_BLOCK_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA224
-    if (XSTRCMP(type, "SHA224") == 0) {
+    if (XSTRCMP(type, WC_SN_sha224) == 0) {
         return WC_SHA224_BLOCK_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA384
-    if (XSTRCMP(type, "SHA384") == 0) {
+    if (XSTRCMP(type, WC_SN_sha384) == 0) {
         return WC_SHA384_BLOCK_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA512
-    if (XSTRCMP(type, "SHA512") == 0) {
+    if (XSTRCMP(type, WC_SN_sha512) == 0) {
         return WC_SHA512_BLOCK_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA3
 #ifndef WOLFSSL_NOSHA3_224
-    if (XSTRCMP(type, "SHA3_224") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_224) == 0) {
         return WC_SHA3_224_BLOCK_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_256
-    if (XSTRCMP(type, "SHA3_256") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_256) == 0) {
         return WC_SHA3_256_BLOCK_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_384
-    if (XSTRCMP(type, "SHA3_384") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_384) == 0) {
         return WC_SHA3_384_BLOCK_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_512
-    if (XSTRCMP(type, "SHA3_512") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_512) == 0) {
         return WC_SHA3_512_BLOCK_SIZE;
-    }
+    } else
 #endif
 #endif /* WOLFSSL_SHA3 */
 #ifdef WOLFSSL_SM3
-    if (XSTRCMP(type, "SM3") == 0) {
+    if (XSTRCMP(type, WC_SN_sm3) == 0) {
         return WC_SM3_BLOCK_SIZE;
     } else
 #endif
 
-    return BAD_FUNC_ARG;
+    return WOLFSSL_FAILURE;
 }
 
 int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
@@ -10933,83 +11285,83 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
 
     if (type == NULL) {
         WOLFSSL_MSG("No md type arg");
-        return BAD_FUNC_ARG;
+        return WOLFSSL_FAILURE;
     }
 
 #ifndef NO_SHA
-    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) {
+    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) {
         return WC_SHA_DIGEST_SIZE;
     } else
 #endif
 #ifndef NO_SHA256
-    if (XSTRCMP(type, "SHA256") == 0) {
+    if (XSTRCMP(type, WC_SN_sha256) == 0) {
         return WC_SHA256_DIGEST_SIZE;
     } else
 #endif
 #ifndef NO_MD4
-    if (XSTRCMP(type, "MD4") == 0) {
-        return MD4_DIGEST_SIZE;
+    if (XSTRCMP(type, WC_SN_md4) == 0) {
+        return WC_MD4_DIGEST_SIZE;
     } else
 #endif
 #ifndef NO_MD5
-    if (XSTRCMP(type, "MD5") == 0) {
+    if (XSTRCMP(type, WC_SN_md5) == 0) {
         return WC_MD5_DIGEST_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA224
-    if (XSTRCMP(type, "SHA224") == 0) {
+    if (XSTRCMP(type, WC_SN_sha224) == 0) {
         return WC_SHA224_DIGEST_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA384
-    if (XSTRCMP(type, "SHA384") == 0) {
+    if (XSTRCMP(type, WC_SN_sha384) == 0) {
         return WC_SHA384_DIGEST_SIZE;
     } else
 #endif
 #ifdef WOLFSSL_SHA512
-    if (XSTRCMP(type, "SHA512") == 0) {
+    if (XSTRCMP(type, WC_SN_sha512) == 0) {
         return WC_SHA512_DIGEST_SIZE;
     } else
 #ifndef WOLFSSL_NOSHA512_224
-    if (XSTRCMP(type, "SHA512_224") == 0) {
+    if (XSTRCMP(type, WC_SN_sha512_224) == 0) {
         return WC_SHA512_224_DIGEST_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA512_256
-    if (XSTRCMP(type, "SHA512_256") == 0) {
+    if (XSTRCMP(type, WC_SN_sha512_256) == 0) {
         return WC_SHA512_256_DIGEST_SIZE;
     } else
 #endif
 #endif
 #ifdef WOLFSSL_SHA3
 #ifndef WOLFSSL_NOSHA3_224
-    if (XSTRCMP(type, "SHA3_224") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_224) == 0) {
         return WC_SHA3_224_DIGEST_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_256
-    if (XSTRCMP(type, "SHA3_256") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_256) == 0) {
         return WC_SHA3_256_DIGEST_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_384
-    if (XSTRCMP(type, "SHA3_384") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_384) == 0) {
         return WC_SHA3_384_DIGEST_SIZE;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_512
-    if (XSTRCMP(type, "SHA3_512") == 0) {
+    if (XSTRCMP(type, WC_SN_sha3_512) == 0) {
         return WC_SHA3_512_DIGEST_SIZE;
     } else
 #endif
 #endif /* WOLFSSL_SHA3 */
 #ifdef WOLFSSL_SM3
-    if (XSTRCMP(type, "SM3") == 0) {
+    if (XSTRCMP(type, WC_SN_sm3) == 0) {
         return WC_SM3_DIGEST_SIZE;
     }
 #endif
 
-    return BAD_FUNC_ARG;
+    return WOLFSSL_FAILURE;
 }
 
 #endif /* OPENSSL_EXTRA  || HAVE_CURL */
@@ -11089,7 +11441,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
             switch(key->type)
             {
                 #ifndef NO_RSA
-                case EVP_PKEY_RSA:
+                case WC_EVP_PKEY_RSA:
                     if (key->rsa != NULL && key->ownRsa == 1) {
                         wolfSSL_RSA_free(key->rsa);
                         key->rsa = NULL;
@@ -11098,7 +11450,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
                 #endif /* NO_RSA */
 
                 #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
-                case EVP_PKEY_EC:
+                case WC_EVP_PKEY_EC:
                     if (key->ecc != NULL && key->ownEcc == 1) {
                         wolfSSL_EC_KEY_free(key->ecc);
                         key->ecc = NULL;
@@ -11107,7 +11459,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
                 #endif /* HAVE_ECC && OPENSSL_EXTRA */
 
                 #ifndef NO_DSA
-                case EVP_PKEY_DSA:
+                case WC_EVP_PKEY_DSA:
                     if (key->dsa != NULL && key->ownDsa == 1) {
                         wolfSSL_DSA_free(key->dsa);
                         key->dsa = NULL;
@@ -11117,7 +11469,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
 
                 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || \
                        defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL))
-                case EVP_PKEY_DH:
+                case WC_EVP_PKEY_DH:
                     if (key->dh != NULL && key->ownDh == 1) {
                         wolfSSL_DH_free(key->dh);
                         key->dh = NULL;
@@ -11126,7 +11478,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
                 #endif /* ! NO_DH ... */
 
                 #ifdef HAVE_HKDF
-                case EVP_PKEY_HKDF:
+                case WC_EVP_PKEY_HKDF:
                     XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
                     key->hkdfSalt = NULL;
                     XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
@@ -11141,7 +11493,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
 
                 #if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
                     defined(WOLFSSL_AES_DIRECT)
-                case EVP_PKEY_CMAC:
+                case WC_EVP_PKEY_CMAC:
                     if (key->cmacCtx != NULL) {
                         wolfSSL_CMAC_CTX_free(key->cmacCtx);
                         key->cmacCtx = NULL;
@@ -11172,8 +11524,8 @@ static int Indent(WOLFSSL_BIO* out, int indents)
     if (out == NULL) {
         return 0;
     }
-    if (indents > EVP_PKEY_PRINT_INDENT_MAX) {
-        indents = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indents > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indents = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
     for (i = 0; i < indents; i++) {
         if (wolfSSL_BIO_write(out, &space, 1) < 0) {
@@ -11201,7 +11553,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
 #ifdef WOLFSSL_SMALL_STACK
     byte*  buff = NULL;
 #else
-    byte   buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 };
+    byte   buff[WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 };
 #endif /* WOLFSSL_SMALL_STACK */
     int    ret = WOLFSSL_SUCCESS;
     word32 in = 0;
@@ -11218,14 +11570,14 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     data = input;
 
 #ifdef WOLFSSL_SMALL_STACK
-    buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL,
+    buff = (byte*)XMALLOC(WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     if (!buff) {
         return WOLFSSL_FAILURE;
@@ -11236,9 +11588,9 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
     idx = 0;
 
     for (in = 0; in < (word32)inlen && ret == WOLFSSL_SUCCESS; in +=
-                                        EVP_PKEY_PRINT_DIGITS_PER_LINE ) {
+             WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE ) {
         Indent(out, indent);
-        for (i = 0; (i < EVP_PKEY_PRINT_DIGITS_PER_LINE) &&
+        for (i = 0; (i < WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE) &&
                                         (in + i < (word32)inlen); i++) {
 
             if (ret == WOLFSSL_SUCCESS) {
@@ -11267,7 +11619,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
             ret = wolfSSL_BIO_write(out, "\n", 1) > 0;
         }
         if (ret == WOLFSSL_SUCCESS) {
-            XMEMSET(buff, 0, EVP_PKEY_PRINT_LINE_WIDTH_MAX);
+            XMEMSET(buff, 0, WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX);
             idx = 0;
         }
     }
@@ -11289,10 +11641,10 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
  * Returns 1 on success, 0 on failure.
 */
 static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
-    int indent, int bitlen, ASN1_PCTX* pctx)
+    int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
     byte   buff[8] = { 0 };
-    int    res = WOLFSSL_FAILURE;
+    int    res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     word32 inOutIdx = 0;
     word32 nSz;             /* size of modulus */
     word32 eSz;             /* size of public exponent */
@@ -11325,8 +11677,8 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     do {
@@ -11443,7 +11795,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
  * Returns 1 on success, 0 on failure.
 */
 static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
-    int indent, int bitlen, ASN1_PCTX* pctx)
+    int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
     byte*   pub = NULL;
     word32  pubSz = 0;
@@ -11505,8 +11857,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     if (indent < 0) {
         indent = 0;
     }
-    else if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    else if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     if (res == WOLFSSL_SUCCESS) {
@@ -11639,12 +11991,12 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
  * Returns 1 on success, 0 on failure.
 */
 static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
-    int indent, int bitlen, ASN1_PCTX* pctx)
+    int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
 
     byte    buff[8] = { 0 };
     int     length;
-    int     res = WOLFSSL_FAILURE;
+    int     res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     word32  inOutIdx = 0;
     word32  oid;
     byte    tagFound;
@@ -11675,8 +12027,8 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     do {
@@ -11858,11 +12210,11 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
  * Returns 1 on success, 0 on failure.
 */
 static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
-    int indent, int bitlen, ASN1_PCTX* pctx)
+    int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
 
     byte    buff[8] = { 0 };
-    int     res = WOLFSSL_FAILURE;
+    int     res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     word32  length;
     word32  inOutIdx;
     word32  oid;
@@ -11899,8 +12251,8 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 
     do {
@@ -12089,7 +12441,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
  * Can handle RSA, ECC, DSA and DH public keys.
  */
 int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
-    const WOLFSSL_EVP_PKEY* pkey, int indent, ASN1_PCTX* pctx)
+    const WOLFSSL_EVP_PKEY* pkey, int indent, WOLFSSL_ASN1_PCTX* pctx)
 {
     int res;
 #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
@@ -12107,13 +12459,13 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
     if (indent < 0) {
         indent = 0;
     }
-    if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
-        indent = EVP_PKEY_PRINT_INDENT_MAX;
+    if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
+        indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
     }
 #endif
 
     switch (pkey->type) {
-        case EVP_PKEY_RSA:
+        case WC_EVP_PKEY_RSA:
 
 #if !defined(NO_RSA)
             keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
@@ -12129,7 +12481,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
 #endif
             break;
 
-        case EVP_PKEY_EC:
+        case WC_EVP_PKEY_EC:
 
 #if defined(HAVE_ECC)
             keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
@@ -12145,7 +12497,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
 #endif
             break;
 
-        case EVP_PKEY_DSA:
+        case WC_EVP_PKEY_DSA:
 
 #if !defined(NO_DSA)
             keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
@@ -12161,7 +12513,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
 #endif
             break;
 
-        case EVP_PKEY_DH:
+        case WC_EVP_PKEY_DH:
 
 #if defined(WOLFSSL_DH_EXTRA)
             keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
@@ -12197,64 +12549,64 @@ int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
     }
 
 #ifndef NO_SHA
-    if ((XSTRCMP("SHA", evp) == 0) || (XSTRCMP("SHA1", evp) == 0)) {
+    if ((XSTRCMP("SHA", evp) == 0) || (XSTRCMP(WC_SN_sha1, evp) == 0)) {
         hash = WC_HASH_TYPE_SHA;
     } else
 #endif
 #ifdef WOLFSSL_SHA224
-    if (XSTRCMP("SHA224", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha224, evp) == 0) {
         hash = WC_HASH_TYPE_SHA224;
     } else
 #endif
 #ifndef NO_SHA256
-    if (XSTRCMP("SHA256", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha256, evp) == 0) {
         hash = WC_HASH_TYPE_SHA256;
     } else
 #endif
 #ifdef WOLFSSL_SHA384
-    if (XSTRCMP("SHA384", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha384, evp) == 0) {
         hash = WC_HASH_TYPE_SHA384;
     } else
 #endif
 #ifdef WOLFSSL_SHA512
-    if (XSTRCMP("SHA512", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha512, evp) == 0) {
         hash = WC_HASH_TYPE_SHA512;
     } else
 #ifndef WOLFSSL_NOSHA512_224
-    if (XSTRCMP("SHA512_224", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha512_224, evp) == 0) {
         hash = WC_HASH_TYPE_SHA512_224;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA512_256
-    if (XSTRCMP("SHA512_256", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha512_256, evp) == 0) {
         hash = WC_HASH_TYPE_SHA512_256;
     } else
 #endif
 #endif
 #ifdef WOLFSSL_SHA3
 #ifndef WOLFSSL_NOSHA3_224
-    if (XSTRCMP("SHA3_224", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha3_224, evp) == 0) {
         hash = WC_HASH_TYPE_SHA3_224;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_256
-    if (XSTRCMP("SHA3_256", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha3_256, evp) == 0) {
         hash = WC_HASH_TYPE_SHA3_256;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_384
-    if (XSTRCMP("SHA3_384", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha3_384, evp) == 0) {
         hash = WC_HASH_TYPE_SHA3_384;
     } else
 #endif
 #ifndef WOLFSSL_NOSHA3_512
-    if (XSTRCMP("SHA3_512", evp) == 0) {
+    if (XSTRCMP(WC_SN_sha3_512, evp) == 0) {
         hash = WC_HASH_TYPE_SHA3_512;
     } else
 #endif
 #endif /* WOLFSSL_SHA3 */
 #ifdef WOLFSSL_SM3
-    if (XSTRCMP("SM3", evp) == 0) {
+    if (XSTRCMP(WC_SN_sm3, evp) == 0) {
         hash = WC_HASH_TYPE_SM3;
     } else
 #endif
@@ -12264,12 +12616,12 @@ int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
     } else
 #endif
 #ifndef NO_MD4
-    if (XSTRCMP("MD4", evp) == 0) {
+    if (XSTRCMP(WC_SN_md4, evp) == 0) {
         hash = WC_HASH_TYPE_MD4;
     } else
 #endif
 #ifndef NO_MD5
-    if (XSTRCMP("MD5", evp) == 0) {
+    if (XSTRCMP(WC_SN_md5, evp) == 0) {
         hash = WC_HASH_TYPE_MD5;
     } else
 #endif
diff --git a/wolfcrypt/src/ext_lms.c b/wolfcrypt/src/ext_lms.c
index 70dfa5bd7..21b41ba14 100644
--- a/wolfcrypt/src/ext_lms.c
+++ b/wolfcrypt/src/ext_lms.c
@@ -1,6 +1,6 @@
 /* ext_lms.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS)
 
diff --git a/wolfcrypt/src/ext_kyber.c b/wolfcrypt/src/ext_mlkem.c
similarity index 82%
rename from wolfcrypt/src/ext_kyber.c
rename to wolfcrypt/src/ext_mlkem.c
index 4f1a754df..3a9ccee16 100644
--- a/wolfcrypt/src/ext_kyber.c
+++ b/wolfcrypt/src/ext_mlkem.c
@@ -1,6 +1,6 @@
-/* ext_kyber.c
+/* ext_mlkem.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,16 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-
-#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_WC_KYBER)
-#include <wolfssl/wolfcrypt/ext_kyber.h>
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_WC_MLKEM)
+#include <wolfssl/wolfcrypt/ext_mlkem.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -43,15 +37,22 @@
 
 static const char* OQS_ID2name(int id) {
     switch (id) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:  return OQS_KEM_alg_ml_kem_512;
+        case WC_ML_KEM_768:  return OQS_KEM_alg_ml_kem_768;
+        case WC_ML_KEM_1024: return OQS_KEM_alg_ml_kem_1024;
+    #endif
+    #ifdef WOLFSSL_MLKEM_KYBER
         case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512;
         case KYBER_LEVEL3: return OQS_KEM_alg_kyber_768;
         case KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024;
+    #endif
         default:           break;
     }
     return NULL;
 }
 
-int ext_kyber_enabled(int id)
+int ext_mlkem_enabled(int id)
 {
     const char * name = OQS_ID2name(id);
     return OQS_KEM_alg_is_enabled(name);
@@ -64,15 +65,15 @@ int ext_kyber_enabled(int id)
 /**
  * Initialize the Kyber key.
  *
- * @param  [in]   type   Type of key: KYBER512, KYBER768, KYBER1024.
  * @param  [out]  key    Kyber key object to initialize.
+ * @param  [in]   type   Type of key: KYBER512, KYBER768, KYBER1024.
  * @param  [in]   heap   Dynamic memory hint.
  * @param  [in]   devId  Device Id.
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when key is NULL or type is unrecognized.
  * @return  NOT_COMPILED_IN when key type is not supported.
  */
-int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
+int wc_MlKemKey_Init(MlKemKey* key, int type, void* heap, int devId)
 {
     int ret = 0;
 
@@ -83,11 +84,20 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
     if (ret == 0) {
         /* Validate type. */
         switch (type) {
+#ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+    #ifdef HAVE_LIBOQS
+        case WC_ML_KEM_768:
+        case WC_ML_KEM_1024:
+    #endif /* HAVE_LIBOQS */
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
         case KYBER_LEVEL1:
-#ifdef HAVE_LIBOQS
+    #ifdef HAVE_LIBOQS
         case KYBER_LEVEL3:
         case KYBER_LEVEL5:
-#endif /* HAVE_LIBOQS */
+    #endif /* HAVE_LIBOQS */
+#endif
             break;
         default:
             /* No other values supported. */
@@ -119,12 +129,14 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
  *
  * @param  [in, out]  key   Kyber key object to dispose of.
  */
-void wc_KyberKey_Free(KyberKey* key)
+int wc_MlKemKey_Free(MlKemKey* key)
 {
     if (key != NULL) {
         /* Ensure all private data is zeroed. */
         ForceZero(key, sizeof(*key));
     }
+
+    return 0;
 }
 
 /******************************************************************************/
@@ -139,7 +151,7 @@ void wc_KyberKey_Free(KyberKey* key)
  * @return  BAD_FUNC_ARG when key or len is NULL.
  * @return  NOT_COMPILED_IN when key type is not supported.
  */
-int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
+int wc_MlKemKey_PrivateKeySize(MlKemKey* key, word32* len)
 {
     int ret = 0;
 
@@ -152,6 +164,18 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
     /* NOTE: SHAKE and AES variants have the same length private key. */
     if (ret == 0) {
         switch (key->type) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+            *len = OQS_KEM_ml_kem_512_length_secret_key;
+            break;
+        case WC_ML_KEM_768:
+            *len = OQS_KEM_ml_kem_768_length_secret_key;
+            break;
+        case WC_ML_KEM_1024:
+            *len = OQS_KEM_ml_kem_1024_length_secret_key;
+            break;
+    #endif
+    #ifdef WOLFSSL_MLKEM_KYBER
         case KYBER_LEVEL1:
             *len = OQS_KEM_kyber_512_length_secret_key;
             break;
@@ -161,6 +185,7 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
         case KYBER_LEVEL5:
             *len = OQS_KEM_kyber_1024_length_secret_key;
             break;
+    #endif
         default:
             /* No other values supported. */
             ret = BAD_FUNC_ARG;
@@ -168,12 +193,6 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
         }
     }
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    (void)key;
-    if (ret == 0) {
-        *len = PQM4_PRIVATE_KEY_LENGTH;
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 }
@@ -187,7 +206,7 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
  * @return  BAD_FUNC_ARG when key or len is NULL.
  * @return  NOT_COMPILED_IN when key type is not supported.
  */
-int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
+int wc_MlKemKey_PublicKeySize(MlKemKey* key, word32* len)
 {
     int ret = 0;
 
@@ -200,6 +219,18 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
     /* NOTE: SHAKE and AES variants have the same length public key. */
     if (ret == 0) {
         switch (key->type) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+            *len = OQS_KEM_ml_kem_512_length_public_key;
+            break;
+        case WC_ML_KEM_768:
+            *len = OQS_KEM_ml_kem_768_length_public_key;
+            break;
+        case WC_ML_KEM_1024:
+            *len = OQS_KEM_ml_kem_1024_length_public_key;
+            break;
+    #endif
+    #ifdef WOLFSSL_MLKEM_KYBER
         case KYBER_LEVEL1:
             *len = OQS_KEM_kyber_512_length_public_key;
             break;
@@ -209,6 +240,7 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
         case KYBER_LEVEL5:
             *len = OQS_KEM_kyber_1024_length_public_key;
             break;
+    #endif
         default:
             /* No other values supported. */
             ret = BAD_FUNC_ARG;
@@ -216,12 +248,6 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
         }
     }
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    (void)key;
-    if (ret == 0) {
-        *len = PQM4_PUBLIC_KEY_LENGTH;
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 }
@@ -235,7 +261,7 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
  * @return  BAD_FUNC_ARG when key or len is NULL.
  * @return  NOT_COMPILED_IN when key type is not supported.
  */
-int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
+int wc_MlKemKey_CipherTextSize(MlKemKey* key, word32* len)
 {
     int ret = 0;
 
@@ -248,6 +274,18 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
     /* NOTE: SHAKE and AES variants have the same length ciphertext. */
     if (ret == 0) {
         switch (key->type) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+            *len = OQS_KEM_ml_kem_512_length_ciphertext;
+            break;
+        case WC_ML_KEM_768:
+            *len = OQS_KEM_ml_kem_768_length_ciphertext;
+            break;
+        case WC_ML_KEM_1024:
+            *len = OQS_KEM_ml_kem_1024_length_ciphertext;
+            break;
+    #endif
+    #ifdef WOLFSSL_MLKEM_KYBER
         case KYBER_LEVEL1:
             *len = OQS_KEM_kyber_512_length_ciphertext;
             break;
@@ -257,6 +295,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
         case KYBER_LEVEL5:
             *len = OQS_KEM_kyber_1024_length_ciphertext;
             break;
+    #endif
         default:
             /* No other values supported. */
             ret = BAD_FUNC_ARG;
@@ -264,12 +303,6 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
         }
     }
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    (void)key;
-    if (ret == 0) {
-        *len = PQM4_CIPHERTEXT_LENGTH;
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 }
@@ -282,7 +315,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
  * @return  0 on success.
  * @return  0 to indicate success.
  */
-int wc_KyberKey_SharedSecretSize(KyberKey* key, word32* len)
+int wc_MlKemKey_SharedSecretSize(MlKemKey* key, word32* len)
 {
     (void)key;
     /* Validate parameters. */
@@ -301,7 +334,7 @@ int wc_KyberKey_SharedSecretSize(KyberKey* key, word32* len)
 /**
  * Make a Kyber key object using a random number generator.
  *
- * NOTE: rng is ignored. OQS and PQM4 don't use our RNG.
+ * NOTE: rng is ignored. OQS doesn't use our RNG.
  *
  * @param  [in, out]  key   Kyber key ovject.
  * @param  [in]       rng   Random number generator.
@@ -309,7 +342,7 @@ int wc_KyberKey_SharedSecretSize(KyberKey* key, word32* len)
  * @return  BAD_FUNC_ARG when key or rng is NULL.
  * @return  MEMORY_E when dynamic memory allocation failed.
  */
-int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng)
+int wc_MlKemKey_MakeKey(MlKemKey* key, WC_RNG* rng)
 {
     int ret = 0;
 #ifdef HAVE_LIBOQS
@@ -362,14 +395,6 @@ int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng)
     wolfSSL_liboqsRngMutexUnlock();
     OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    if (ret == 0) {
-        if (crypto_kem_keypair(key->pub, key->priv) != 0) {
-            WOLFSSL_MSG("PQM4 keygen failure");
-            ret = BAD_FUNC_ARG;
-        }
-    }
-#endif /* HAVE_PQM4 */
 
     if (ret != 0) {
         ForceZero(key, sizeof(*key));
@@ -389,13 +414,13 @@ int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng)
  * @return  NOT_COMPILED_IN when key type is not supported.
  * @return  MEMORY_E when dynamic memory allocation failed.
  */
-int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
+int wc_MlKemKey_MakeKeyWithRandom(MlKemKey* key, const unsigned char* rand,
     int len)
 {
     (void)rand;
     (void)len;
-    /* OQS and PQM4 don't support external randomness. */
-    return wc_KyberKey_MakeKey(key, NULL);
+    /* OQS doesn't support external randomness. */
+    return wc_MlKemKey_MakeKey(key, NULL);
 }
 
 /**
@@ -410,7 +435,7 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
  * @return  NOT_COMPILED_IN when key type is not supported.
  * @return  MEMORY_E when dynamic memory allocation failed.
  */
-int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
+int wc_MlKemKey_Encapsulate(MlKemKey* key, unsigned char* ct, unsigned char* ss,
     WC_RNG* rng)
 {
     int ret = 0;
@@ -431,7 +456,7 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
 
 #ifdef WOLF_CRYPTO_CB
     if (ret == 0) {
-        ret = wc_KyberKey_CipherTextSize(key, &ctlen);
+        ret = wc_MlKemKey_CipherTextSize(key, &ctlen);
     }
     if ((ret == 0)
     #ifndef WOLF_CRYPTO_CB_FIND
@@ -471,14 +496,6 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
     wolfSSL_liboqsRngMutexUnlock();
     OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    if (ret == 0) {
-        if (crypto_kem_enc(ct, ss, key->pub) != 0) {
-            WOLFSSL_MSG("PQM4 Encapsulation failure.");
-            ret = BAD_FUNC_ARG;
-        }
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 }
@@ -496,13 +513,13 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
  * @return  NOT_COMPILED_IN when key type is not supported.
  * @return  MEMORY_E when dynamic memory allocation failed.
  */
-int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
+int wc_MlKemKey_EncapsulateWithRandom(MlKemKey* key, unsigned char* ct,
     unsigned char* ss, const unsigned char* rand, int len)
 {
     (void)rand;
     (void)len;
-    /* OQS and PQM4 don't support external randomness. */
-    return wc_KyberKey_Encapsulate(key, ct, ss, NULL);
+    /* OQS doesn't support external randomness. */
+    return wc_MlKemKey_Encapsulate(key, ct, ss, NULL);
 }
 
 /**
@@ -520,7 +537,7 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
  * @return  BUFFER_E when len is not the length of cipher text for the key type.
  * @return  MEMORY_E when dynamic memory allocation failed.
  */
-int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
+int wc_MlKemKey_Decapsulate(MlKemKey* key, unsigned char* ss,
     const unsigned char* ct, word32 len)
 {
     int ret = 0;
@@ -535,7 +552,7 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
         ret = BAD_FUNC_ARG;
     }
     if (ret == 0) {
-        ret = wc_KyberKey_CipherTextSize(key, &ctlen);
+        ret = wc_MlKemKey_CipherTextSize(key, &ctlen);
     }
     if ((ret == 0) && (len != ctlen)) {
         ret = BUFFER_E;
@@ -577,14 +594,6 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
 
     OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
-#ifdef HAVE_PQM4
-    if (ret == 0) {
-        if (crypto_kem_dec(ss, ct, key->priv) != 0) {
-            WOLFSSL_MSG("PQM4 Decapsulation failure.");
-            ret = BAD_FUNC_ARG;
-        }
-    }
-#endif /* HAVE_PQM4 */
 
     return ret;
 
@@ -608,7 +617,7 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
  * @return  NOT_COMPILED_IN when key type is not supported.
  * @return  BUFFER_E when len is not the correct size.
  */
-int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in,
+int wc_MlKemKey_DecodePrivateKey(MlKemKey* key, const unsigned char* in,
     word32 len)
 {
     int ret = 0;
@@ -620,7 +629,7 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in,
     }
 
     if (ret == 0) {
-        ret = wc_KyberKey_PrivateKeySize(key, &privLen);
+        ret = wc_MlKemKey_PrivateKeySize(key, &privLen);
     }
 
     /* Ensure the data is the correct length for the key type. */
@@ -648,7 +657,7 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in,
  * @return  NOT_COMPILED_IN when key type is not supported.
  * @return  BUFFER_E when len is not the correct size.
  */
-int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in,
+int wc_MlKemKey_DecodePublicKey(MlKemKey* key, const unsigned char* in,
     word32 len)
 {
     int ret = 0;
@@ -660,7 +669,7 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in,
     }
 
     if (ret == 0) {
-        ret = wc_KyberKey_PublicKeySize(key, &pubLen);
+        ret = wc_MlKemKey_PublicKeySize(key, &pubLen);
     }
 
     /* Ensure the data is the correct length for the key type. */
@@ -688,7 +697,7 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in,
  * available.
  * @return  NOT_COMPILED_IN when key type is not supported.
  */
-int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len)
+int wc_MlKemKey_EncodePrivateKey(MlKemKey* key, unsigned char* out, word32 len)
 {
     int ret = 0;
     unsigned int privLen = 0;
@@ -698,7 +707,7 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len)
     }
 
     if (ret == 0) {
-        ret = wc_KyberKey_PrivateKeySize(key, &privLen);
+        ret = wc_MlKemKey_PrivateKeySize(key, &privLen);
     }
 
     /* Check buffer is big enough for encoding. */
@@ -725,7 +734,7 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len)
  * @return  BAD_FUNC_ARG when key or out is NULL or public key not available.
  * @return  NOT_COMPILED_IN when key type is not supported.
  */
-int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
+int wc_MlKemKey_EncodePublicKey(MlKemKey* key, unsigned char* out, word32 len)
 {
     int ret = 0;
     unsigned int pubLen = 0;
@@ -735,7 +744,7 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
     }
 
     if (ret == 0) {
-        ret = wc_KyberKey_PublicKeySize(key, &pubLen);
+        ret = wc_MlKemKey_PublicKeySize(key, &pubLen);
     }
 
     /* Check buffer is big enough for encoding. */
@@ -750,4 +759,4 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
     return ret;
 }
 
-#endif /* WOLFSSL_HAVE_KYBER && !WOLFSSL_WC_KYBER */
+#endif /* WOLFSSL_HAVE_MLKEM && !WOLFSSL_WC_MLKEM */
diff --git a/wolfcrypt/src/ext_xmss.c b/wolfcrypt/src/ext_xmss.c
index 938d5136d..48912a3ea 100644
--- a/wolfcrypt/src/ext_xmss.c
+++ b/wolfcrypt/src/ext_xmss.c
@@ -1,6 +1,6 @@
 /* ext_xmss.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/sha256.h>
 
 #if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS)
diff --git a/wolfcrypt/src/falcon.c b/wolfcrypt/src/falcon.c
index b1aabb13b..6562a809c 100644
--- a/wolfcrypt/src/falcon.c
+++ b/wolfcrypt/src/falcon.c
@@ -1,6 +1,6 @@
 /* falcon.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,25 +19,19 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
 /* Based on ed448.c and Reworked for Falcon by Anthony Hu. */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-/* in case user set HAVE_PQC there */
-#include <wolfssl/wolfcrypt/settings.h>
+#if defined(HAVE_PQC) && defined(HAVE_FALCON)
 
 #include <wolfssl/wolfcrypt/asn.h>
 
-#if defined(HAVE_PQC) && defined(HAVE_FALCON)
-
 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
 #endif
 
 #include <wolfssl/wolfcrypt/falcon.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -62,6 +56,10 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
                               falcon_key* key, WC_RNG* rng)
 {
     int ret = 0;
+#ifdef HAVE_LIBOQS
+    OQS_SIG *oqssig = NULL;
+    size_t localOutLen = 0;
+#endif
 
     /* sanity check on arguments */
     if ((in == NULL) || (out == NULL) || (outLen == NULL) || (key == NULL)) {
@@ -73,8 +71,8 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
     if (key->devId != INVALID_DEVID)
     #endif
     {
-        ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, rng,
-                                  WC_PQC_SIG_TYPE_FALCON, key);
+        ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, NULL, 0,
+                WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_FALCON, key);
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
@@ -83,9 +81,6 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
 #endif
 
 #ifdef HAVE_LIBOQS
-    OQS_SIG *oqssig = NULL;
-    size_t localOutLen = 0;
-
     if ((ret == 0) && (!key->prvKeySet)) {
         ret = BAD_FUNC_ARG;
     }
@@ -161,6 +156,9 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                         word32 msgLen, int* res, falcon_key* key)
 {
     int ret = 0;
+#ifdef HAVE_LIBOQS
+    OQS_SIG *oqssig = NULL;
+#endif
 
     if (key == NULL || sig == NULL || msg == NULL || res == NULL) {
         return BAD_FUNC_ARG;
@@ -171,8 +169,8 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
     if (key->devId != INVALID_DEVID)
     #endif
     {
-        ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res,
-                                    WC_PQC_SIG_TYPE_FALCON, key);
+        ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0,
+                WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_FALCON, key);
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
         /* fall-through when unavailable */
@@ -181,8 +179,6 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
 #endif
 
 #ifdef HAVE_LIBOQS
-    OQS_SIG *oqssig = NULL;
-
     if ((ret == 0) && (!key->pubKeySet)) {
         ret = BAD_FUNC_ARG;
     }
@@ -708,12 +704,12 @@ int wc_falcon_export_key(falcon_key* key, byte* priv, word32 *privSz,
  */
 int wc_falcon_check_key(falcon_key* key)
 {
+    int ret = 0;
+
     if (key == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    int ret = 0;
-
     /* The public key is also decoded and stored within the private key buffer
      * behind the private key. Hence, we can compare both stored public keys. */
     if (key->level == 1) {
diff --git a/wolfcrypt/src/fe_448.c b/wolfcrypt/src/fe_448.c
index ede162a5e..8cf0245dd 100644
--- a/wolfcrypt/src/fe_448.c
+++ b/wolfcrypt/src/fe_448.c
@@ -1,6 +1,6 @@
 /* fe_448.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,11 +24,7 @@
  * Reworked for curve448 by Sean Parkinson.
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(HAVE_CURVE448) || defined(HAVE_ED448)
 
@@ -1437,56 +1433,56 @@ void fe448_to_bytes(unsigned char* b, const sword32* a)
     b[ 0] = (byte)(in0  >>  0);
     b[ 1] = (byte)(in0  >>  8);
     b[ 2] = (byte)(in0  >> 16);
-    b[ 3] = (byte)((in0  >> 24) + ((in1  >>  0) <<  4));
+    b[ 3] = (byte)((byte)(in0  >> 24) + (byte)((in1  >>  0) <<  4));
     b[ 4] = (byte)(in1  >>  4);
     b[ 5] = (byte)(in1  >> 12);
     b[ 6] = (byte)(in1  >> 20);
     b[ 7] = (byte)(in2  >>  0);
     b[ 8] = (byte)(in2  >>  8);
     b[ 9] = (byte)(in2  >> 16);
-    b[10] = (byte)((in2  >> 24) + ((in3  >>  0) <<  4));
+    b[10] = (byte)((byte)(in2  >> 24) + (byte)((in3  >>  0) <<  4));
     b[11] = (byte)(in3  >>  4);
     b[12] = (byte)(in3  >> 12);
     b[13] = (byte)(in3  >> 20);
     b[14] = (byte)(in4  >>  0);
     b[15] = (byte)(in4  >>  8);
     b[16] = (byte)(in4  >> 16);
-    b[17] = (byte)((in4  >> 24) + ((in5  >>  0) <<  4));
+    b[17] = (byte)((byte)(in4  >> 24) + (byte)((in5  >>  0) <<  4));
     b[18] = (byte)(in5  >>  4);
     b[19] = (byte)(in5  >> 12);
     b[20] = (byte)(in5  >> 20);
     b[21] = (byte)(in6  >>  0);
     b[22] = (byte)(in6  >>  8);
     b[23] = (byte)(in6  >> 16);
-    b[24] = (byte)((in6  >> 24) + ((in7  >>  0) <<  4));
+    b[24] = (byte)((byte)(in6  >> 24) + (byte)((in7  >>  0) <<  4));
     b[25] = (byte)(in7  >>  4);
     b[26] = (byte)(in7  >> 12);
     b[27] = (byte)(in7  >> 20);
     b[28] = (byte)(in8  >>  0);
     b[29] = (byte)(in8  >>  8);
     b[30] = (byte)(in8  >> 16);
-    b[31] = (byte)((in8  >> 24) + ((in9  >>  0) <<  4));
+    b[31] = (byte)((byte)(in8  >> 24) + (byte)((in9  >>  0) <<  4));
     b[32] = (byte)(in9  >>  4);
     b[33] = (byte)(in9  >> 12);
     b[34] = (byte)(in9  >> 20);
     b[35] = (byte)(in10 >>  0);
     b[36] = (byte)(in10 >>  8);
     b[37] = (byte)(in10 >> 16);
-    b[38] = (byte)((in10 >> 24) + ((in11 >>  0) <<  4));
+    b[38] = (byte)((byte)(in10 >> 24) + (byte)((in11 >>  0) <<  4));
     b[39] = (byte)(in11 >>  4);
     b[40] = (byte)(in11 >> 12);
     b[41] = (byte)(in11 >> 20);
     b[42] = (byte)(in12 >>  0);
     b[43] = (byte)(in12 >>  8);
     b[44] = (byte)(in12 >> 16);
-    b[45] = (byte)((in12 >> 24) + ((in13 >>  0) <<  4));
+    b[45] = (byte)((byte)(in12 >> 24) + (byte)((in13 >>  0) <<  4));
     b[46] = (byte)(in13 >>  4);
     b[47] = (byte)(in13 >> 12);
     b[48] = (byte)(in13 >> 20);
     b[49] = (byte)(in14 >>  0);
     b[50] = (byte)(in14 >>  8);
     b[51] = (byte)(in14 >> 16);
-    b[52] = (byte)((in14 >> 24) + ((in15 >>  0) <<  4));
+    b[52] = (byte)((byte)(in14 >> 24) + (byte)((in15 >>  0) <<  4));
     b[53] = (byte)(in15 >>  4);
     b[54] = (byte)(in15 >> 12);
     b[55] = (byte)(in15 >> 20);
@@ -1770,6 +1766,8 @@ void fe448_mul39081(sword32* r, const sword32* a)
 static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b)
 {
     sword64 t;
+    sword64 o;
+    sword64 t15;
     sword64 t0   = (sword64)a[ 0] * b[ 0];
     sword64 t1   = (sword64)a[ 0] * b[ 1];
     sword64 t101 = (sword64)a[ 1] * b[ 0];
@@ -1834,7 +1832,6 @@ static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b
     sword64 t13  = (sword64)a[ 6] * b[ 7];
     sword64 t113 = (sword64)a[ 7] * b[ 6];
     sword64 t14  = (sword64)a[ 7] * b[ 7];
-    sword64 o, t15;
     t1  += t101;
     t2  += t102; t2  += t202;
     t3  += t103; t3  += t203; t3  += t303;
diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c
index ad10a0e94..febc1231d 100644
--- a/wolfcrypt/src/fe_low_mem.c
+++ b/wolfcrypt/src/fe_low_mem.c
@@ -1,6 +1,6 @@
 /* fe_low_mem.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,15 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /* Based from Daniel Beer's public domain work. */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
 #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
 #if defined(CURVE25519_SMALL) || defined(ED25519_SMALL) /* use slower code that takes less memory */
 
diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c
index 2910151df..135d7030d 100644
--- a/wolfcrypt/src/fe_operations.c
+++ b/wolfcrypt/src/fe_operations.c
@@ -1,6 +1,6 @@
 /* fe_operations.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,15 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
  /* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
 #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
 #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) /* run when not defined to use small memory math */
 
@@ -128,11 +123,9 @@ void fe_init(void)
 
 #if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \
     !defined(FREESCALE_LTC_ECC)
+#ifndef WOLFSSL_CURVE25519_BLINDING
 int curve25519(byte* q, const byte* n, const byte* p)
 {
-#if 0
-  unsigned char e[32];
-#endif
   fe x1 = {0};
   fe x2 = {0};
   fe z2 = {0};
@@ -143,17 +136,6 @@ int curve25519(byte* q, const byte* n, const byte* p)
   int pos = 0;
   unsigned int swap = 0;
 
-  /* Clamp already done during key generation and import */
-#if 0
-  {
-    unsigned int i;
-    for (i = 0;i < 32;++i) e[i] = n[i];
-    e[0] &= 248;
-    e[31] &= 127;
-    e[31] |= 64;
-  }
-#endif
-
   fe_frombytes(x1,p);
   fe_1(x2);
   fe_0(z2);
@@ -163,11 +145,7 @@ int curve25519(byte* q, const byte* n, const byte* p)
   swap = 0;
   for (pos = 254;pos >= 0;--pos) {
     unsigned int b;
-#if 0
-    b = e[pos / 8] >> (pos & 7);
-#else
-    b = n[pos / 8] >> (pos & 7);
-#endif
+    b = (unsigned int)(n[pos / 8]) >> (pos & 7);
     b &= 1;
     swap ^= b;
     fe_cswap(x2,x3,(int)swap);
@@ -203,6 +181,74 @@ int curve25519(byte* q, const byte* n, const byte* p)
 
   return 0;
 }
+#else
+int curve25519_blind(byte* q, const byte* n, const byte* mask, const byte* p,
+    const byte* rz)
+{
+  fe x1 = {0};
+  fe x2 = {0};
+  fe z2 = {0};
+  fe x3 = {0};
+  fe z3 = {0};
+  fe tmp0 = {0};
+  fe tmp1 = {0};
+  int pos = 0;
+  unsigned int b;
+
+  fe_frombytes(x1,p);
+  fe_1(x2);
+  fe_0(z2);
+  fe_copy(x3,x1);
+  fe_frombytes(z3, rz);
+  fe_mul(x3, x3, z3);
+
+  /* mask_bits[252] */
+  b = mask[31] >> 7;
+  b &= 1;
+  fe_cswap(x2,x3,(int)b);
+  fe_cswap(z2,z3,(int)b);
+  for (pos = 255;pos >= 1;--pos) {
+    b = n[pos / 8] >> (pos & 7);
+    b &= 1;
+    fe_cswap(x2,x3,(int)b);
+    fe_cswap(z2,z3,(int)b);
+
+    /* montgomery */
+    fe_sub(tmp0,x3,z3);
+    fe_sub(tmp1,x2,z2);
+    fe_add(x2,x2,z2);
+    fe_add(z2,x3,z3);
+    fe_mul(z3,tmp0,x2);
+    fe_mul(z2,z2,tmp1);
+    fe_sq(tmp0,tmp1);
+    fe_sq(tmp1,x2);
+    fe_add(x3,z3,z2);
+    fe_sub(z2,z3,z2);
+    fe_mul(x2,tmp1,tmp0);
+    fe_sub(tmp1,tmp1,tmp0);
+    fe_sq(z2,z2);
+    fe_mul121666(z3,tmp1);
+    fe_sq(x3,x3);
+    fe_add(tmp0,tmp0,z3);
+    fe_mul(z3,x1,z2);
+    fe_mul(z2,tmp1,tmp0);
+
+    b = mask[(pos-1) / 8] >> ((pos-1) & 7);
+    b &= 1;
+    fe_cswap(x2,x3,(int)b);
+    fe_cswap(z2,z3,(int)b);
+  }
+  b = n[0] & 1;
+  fe_cswap(x2,x3,(int)b);
+  fe_cswap(z2,z3,(int)b);
+
+  fe_invert(z2,z2);
+  fe_mul(x2,x2,z2);
+  fe_tobytes(q,x2);
+
+  return 0;
+}
+#endif
 #endif /* HAVE_CURVE25519 && !CURVE25519_SMALL && !FREESCALE_LTC_ECC */
 
 
diff --git a/wolfcrypt/src/fe_x25519_128.h b/wolfcrypt/src/fe_x25519_128.h
index 3ddc41aba..089d8474c 100644
--- a/wolfcrypt/src/fe_x25519_128.h
+++ b/wolfcrypt/src/fe_x25519_128.h
@@ -1,6 +1,6 @@
 /* fe_x25519_128.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -120,30 +120,30 @@ void fe_tobytes(unsigned char *out, const fe n)
     out[ 3] = (((byte)((in[0] >> 24)       ))      );
     out[ 4] = (((byte)((in[0] >> 32)       ))      );
     out[ 5] = (((byte)((in[0] >> 40)       ))      );
-    out[ 6] = (((byte)((in[0] >> 48) & 0x07))      )
-            | (((byte)((in[1]      ) & 0x1f)) <<  3);
+    out[ 6] = (byte)((((byte)((in[0] >> 48) & 0x07))      )
+                   | (((byte)((in[1]      ) & 0x1f)) <<  3));
     out[ 7] = (((byte)((in[1] >>  5)       ))      );
     out[ 8] = (((byte)((in[1] >> 13)       ))      );
     out[ 9] = (((byte)((in[1] >> 21)       ))      );
     out[10] = (((byte)((in[1] >> 29)       ))      );
     out[11] = (((byte)((in[1] >> 37)       ))      );
-    out[12] = (((byte)((in[1] >> 45) & 0x3f))      )
-            | (((byte)((in[2]      ) & 0x03)) <<  6);
+    out[12] = (byte)((((byte)((in[1] >> 45) & 0x3f))      )
+                   | (((byte)((in[2]      ) & 0x03)) <<  6));
     out[13] = (((byte)((in[2] >>  2)       ))      );
     out[14] = (((byte)((in[2] >> 10)       ))      );
     out[15] = (((byte)((in[2] >> 18)       ))      );
     out[16] = (((byte)((in[2] >> 26)       ))      );
     out[17] = (((byte)((in[2] >> 34)       ))      );
     out[18] = (((byte)((in[2] >> 42)       ))      );
-    out[19] = (((byte)((in[2] >> 50) & 0x01))      )
-            | (((byte)((in[3]      ) & 0x7f)) <<  1);
+    out[19] = (byte)((((byte)((in[2] >> 50) & 0x01))      )
+                   | (((byte)((in[3]      ) & 0x7f)) <<  1));
     out[20] = (((byte)((in[3] >>  7)       ))      );
     out[21] = (((byte)((in[3] >> 15)       ))      );
     out[22] = (((byte)((in[3] >> 23)       ))      );
     out[23] = (((byte)((in[3] >> 31)       ))      );
     out[24] = (((byte)((in[3] >> 39)       ))      );
-    out[25] = (((byte)((in[3] >> 47) & 0x0f))      )
-            | (((byte)((in[4]      ) & 0x0f)) <<  4);
+    out[25] = (byte)((((byte)((in[3] >> 47) & 0x0f))      )
+                   | (((byte)((in[4]      ) & 0x0f)) <<  4));
     out[26] = (((byte)((in[4] >>  4)       ))      );
     out[27] = (((byte)((in[4] >> 12)       ))      );
     out[28] = (((byte)((in[4] >> 20)       ))      );
@@ -404,6 +404,7 @@ void fe_invert(fe r, const fe a)
 }
 
 #ifndef CURVE25519_SMALL
+#ifndef WOLFSSL_CURVE25519_BLINDING
 /* Scalar multiply the field element a by n using Montgomery Ladder and places
  * result in r.
  *
@@ -427,7 +428,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
 
     swap = 0;
     for (pos = 254;pos >= 0;--pos) {
-        b = n[pos / 8] >> (pos & 7);
+        b = (unsigned int)(n[pos / 8] >> (pos & 7));
         b &= 1;
         swap ^= b;
         fe_cswap(x2, x3, (int)swap);
@@ -462,6 +463,69 @@ int curve25519(byte* r, const byte* n, const byte* a)
 
     return 0;
 }
+#else
+int curve25519_blind(byte* r, const byte* n, const byte* mask, const byte* a,
+    const byte* rz)
+{
+    fe           x1, x2, z2, x3, z3;
+    fe           t0, t1;
+    int          pos;
+    unsigned int b;
+
+    fe_frombytes(x1, a);
+    fe_1(x2);
+    fe_0(z2);
+    fe_copy(x3, x1);
+    fe_frombytes(z3, rz);
+    fe_mul(x3, x3, z3);
+
+    /* mask_bits[252] */
+    b = (unsigned int)(mask[31] >> 7);
+    b &= 1;
+    fe_cswap(x2,x3,(int)b);
+    fe_cswap(z2,z3,(int)b);
+    for (pos = 255;pos >= 1;--pos) {
+        b = (unsigned int)(n[pos / 8] >> (pos & 7));
+        b &= 1;
+        fe_cswap(x2, x3, (int)b);
+        fe_cswap(z2, z3, (int)b);
+
+        /* montgomery */
+        fe_sub(t0, x3, z3);
+        fe_sub(t1, x2, z2);
+        fe_add(x2, x2, z2);
+        fe_add(z2, x3, z3);
+        fe_mul(z3, t0, x2);
+        fe_mul(z2, z2, t1);
+        fe_sq(t0, t1);
+        fe_sq(t1, x2);
+        fe_add(x3, z3, z2);
+        fe_sub(z2, z3, z2);
+        fe_mul(x2, t1, t0);
+        fe_sub(t1, t1, t0);
+        fe_sq(z2, z2);
+        fe_mul121666(z3, t1);
+        fe_sq(x3, x3);
+        fe_add(t0, t0, z3);
+        fe_mul(z3, x1, z2);
+        fe_mul(z2, t1, t0);
+
+        b = (unsigned int)(mask[(pos - 1) / 8] >> ((pos - 1) & 7));
+        b &= 1;
+        fe_cswap(x2, x3, (int)b);
+        fe_cswap(z2, z3, (int)b);
+    }
+    b = (unsigned int)(n[0] & 1);
+    fe_cswap(x2, x3, (int)b);
+    fe_cswap(z2, z3, (int)b);
+
+    fe_invert(z2, z2);
+    fe_mul(x2, x2, z2);
+    fe_tobytes(r, x2);
+
+    return 0;
+}
+#endif /* WOLFSSL_CURVE25519_BLINDING */
 #endif /* !CURVE25519_SMALL */
 
 /* The field element value 0 as an array of bytes. */
diff --git a/wolfcrypt/src/fe_x25519_asm.S b/wolfcrypt/src/fe_x25519_asm.S
index 308aaae03..ef4749a02 100644
--- a/wolfcrypt/src/fe_x25519_asm.S
+++ b/wolfcrypt/src/fe_x25519_asm.S
@@ -1,6 +1,6 @@
 /* fe_x25519_asm.S */
 /*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,7 +42,9 @@
 #define HAVE_INTEL_AVX1
 #endif /* HAVE_INTEL_AVX1 */
 #ifndef NO_AVX2_SUPPORT
+#ifndef HAVE_INTEL_AVX2
 #define HAVE_INTEL_AVX2
+#endif /* HAVE_INTEL_AVX2 */
 #endif /* NO_AVX2_SUPPORT */
 
 #ifndef __APPLE__
diff --git a/wolfcrypt/src/fp_mont_small.i b/wolfcrypt/src/fp_mont_small.i
index c75547b6a..c6a11b4f3 100644
--- a/wolfcrypt/src/fp_mont_small.i
+++ b/wolfcrypt/src/fp_mont_small.i
@@ -1,6 +1,6 @@
 /* fp_mont_small.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_12.i b/wolfcrypt/src/fp_mul_comba_12.i
index 153b02c4e..0da18245c 100644
--- a/wolfcrypt/src/fp_mul_comba_12.i
+++ b/wolfcrypt/src/fp_mul_comba_12.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_12.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_17.i b/wolfcrypt/src/fp_mul_comba_17.i
index 6e2487cd6..2dd0ce43e 100644
--- a/wolfcrypt/src/fp_mul_comba_17.i
+++ b/wolfcrypt/src/fp_mul_comba_17.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_17.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_20.i b/wolfcrypt/src/fp_mul_comba_20.i
index b2994324f..982c64260 100644
--- a/wolfcrypt/src/fp_mul_comba_20.i
+++ b/wolfcrypt/src/fp_mul_comba_20.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_20.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_24.i b/wolfcrypt/src/fp_mul_comba_24.i
index cc1463e2d..9b38273bc 100644
--- a/wolfcrypt/src/fp_mul_comba_24.i
+++ b/wolfcrypt/src/fp_mul_comba_24.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_24.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_28.i b/wolfcrypt/src/fp_mul_comba_28.i
index 5d079164f..d1754d47b 100644
--- a/wolfcrypt/src/fp_mul_comba_28.i
+++ b/wolfcrypt/src/fp_mul_comba_28.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_28.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_3.i b/wolfcrypt/src/fp_mul_comba_3.i
index 4318b8e0c..10879a2b6 100644
--- a/wolfcrypt/src/fp_mul_comba_3.i
+++ b/wolfcrypt/src/fp_mul_comba_3.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_3.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_32.i b/wolfcrypt/src/fp_mul_comba_32.i
index e381d7359..dd1008e4f 100644
--- a/wolfcrypt/src/fp_mul_comba_32.i
+++ b/wolfcrypt/src/fp_mul_comba_32.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_32.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_4.i b/wolfcrypt/src/fp_mul_comba_4.i
index 0f404ff89..f5773a760 100644
--- a/wolfcrypt/src/fp_mul_comba_4.i
+++ b/wolfcrypt/src/fp_mul_comba_4.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_4.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_48.i b/wolfcrypt/src/fp_mul_comba_48.i
index 2189b601b..500bb328e 100644
--- a/wolfcrypt/src/fp_mul_comba_48.i
+++ b/wolfcrypt/src/fp_mul_comba_48.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_48.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_6.i b/wolfcrypt/src/fp_mul_comba_6.i
index f5c33d2fc..736da8834 100644
--- a/wolfcrypt/src/fp_mul_comba_6.i
+++ b/wolfcrypt/src/fp_mul_comba_6.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_6.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_64.i b/wolfcrypt/src/fp_mul_comba_64.i
index dba74829e..475281ed3 100644
--- a/wolfcrypt/src/fp_mul_comba_64.i
+++ b/wolfcrypt/src/fp_mul_comba_64.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_64.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_7.i b/wolfcrypt/src/fp_mul_comba_7.i
index ffb8a322e..0edd76ba1 100644
--- a/wolfcrypt/src/fp_mul_comba_7.i
+++ b/wolfcrypt/src/fp_mul_comba_7.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_7.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_8.i b/wolfcrypt/src/fp_mul_comba_8.i
index 044a731fb..7260b4737 100644
--- a/wolfcrypt/src/fp_mul_comba_8.i
+++ b/wolfcrypt/src/fp_mul_comba_8.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_8.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_9.i b/wolfcrypt/src/fp_mul_comba_9.i
index 4ebc10349..adcc6e73e 100644
--- a/wolfcrypt/src/fp_mul_comba_9.i
+++ b/wolfcrypt/src/fp_mul_comba_9.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_9.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_mul_comba_small_set.i b/wolfcrypt/src/fp_mul_comba_small_set.i
index 7b6277917..ed18ab41c 100644
--- a/wolfcrypt/src/fp_mul_comba_small_set.i
+++ b/wolfcrypt/src/fp_mul_comba_small_set.i
@@ -1,6 +1,6 @@
 /* fp_mul_comba_small_set.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_12.i b/wolfcrypt/src/fp_sqr_comba_12.i
index 87deca00a..920c43594 100644
--- a/wolfcrypt/src/fp_sqr_comba_12.i
+++ b/wolfcrypt/src/fp_sqr_comba_12.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_12.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_17.i b/wolfcrypt/src/fp_sqr_comba_17.i
index b6c589a9f..4b85f7ba4 100644
--- a/wolfcrypt/src/fp_sqr_comba_17.i
+++ b/wolfcrypt/src/fp_sqr_comba_17.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_17.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_20.i b/wolfcrypt/src/fp_sqr_comba_20.i
index f8776d59e..1f5a6a075 100644
--- a/wolfcrypt/src/fp_sqr_comba_20.i
+++ b/wolfcrypt/src/fp_sqr_comba_20.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_20.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_24.i b/wolfcrypt/src/fp_sqr_comba_24.i
index 25178e371..f5080661c 100644
--- a/wolfcrypt/src/fp_sqr_comba_24.i
+++ b/wolfcrypt/src/fp_sqr_comba_24.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_24.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_28.i b/wolfcrypt/src/fp_sqr_comba_28.i
index 1e639ffb7..9c80c4a7a 100644
--- a/wolfcrypt/src/fp_sqr_comba_28.i
+++ b/wolfcrypt/src/fp_sqr_comba_28.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_28.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_3.i b/wolfcrypt/src/fp_sqr_comba_3.i
index b16412c92..ed2b9ad35 100644
--- a/wolfcrypt/src/fp_sqr_comba_3.i
+++ b/wolfcrypt/src/fp_sqr_comba_3.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_3.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_32.i b/wolfcrypt/src/fp_sqr_comba_32.i
index 359a47e41..e3ca3fe1d 100644
--- a/wolfcrypt/src/fp_sqr_comba_32.i
+++ b/wolfcrypt/src/fp_sqr_comba_32.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_32.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_4.i b/wolfcrypt/src/fp_sqr_comba_4.i
index 92e38b5d6..90a891035 100644
--- a/wolfcrypt/src/fp_sqr_comba_4.i
+++ b/wolfcrypt/src/fp_sqr_comba_4.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_4.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_48.i b/wolfcrypt/src/fp_sqr_comba_48.i
index d6568f95e..6c7773ec8 100644
--- a/wolfcrypt/src/fp_sqr_comba_48.i
+++ b/wolfcrypt/src/fp_sqr_comba_48.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_48.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_6.i b/wolfcrypt/src/fp_sqr_comba_6.i
index a92eb1032..a9cb954b1 100644
--- a/wolfcrypt/src/fp_sqr_comba_6.i
+++ b/wolfcrypt/src/fp_sqr_comba_6.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_6.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_64.i b/wolfcrypt/src/fp_sqr_comba_64.i
index 41da93331..c270c40ab 100644
--- a/wolfcrypt/src/fp_sqr_comba_64.i
+++ b/wolfcrypt/src/fp_sqr_comba_64.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_64.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_7.i b/wolfcrypt/src/fp_sqr_comba_7.i
index 2b2f1d8fb..689377577 100644
--- a/wolfcrypt/src/fp_sqr_comba_7.i
+++ b/wolfcrypt/src/fp_sqr_comba_7.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_7.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_8.i b/wolfcrypt/src/fp_sqr_comba_8.i
index 13b728366..997eb305d 100644
--- a/wolfcrypt/src/fp_sqr_comba_8.i
+++ b/wolfcrypt/src/fp_sqr_comba_8.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_8.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_9.i b/wolfcrypt/src/fp_sqr_comba_9.i
index aa04a22df..c4a199c9d 100644
--- a/wolfcrypt/src/fp_sqr_comba_9.i
+++ b/wolfcrypt/src/fp_sqr_comba_9.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_9.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/fp_sqr_comba_small_set.i b/wolfcrypt/src/fp_sqr_comba_small_set.i
index a47ca8c2d..231708c5a 100644
--- a/wolfcrypt/src/fp_sqr_comba_small_set.i
+++ b/wolfcrypt/src/fp_sqr_comba_small_set.i
@@ -1,6 +1,6 @@
 /* fp_sqr_comba_small_set.i
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/ge_448.c b/wolfcrypt/src/ge_448.c
index 415928f97..a09a92d37 100644
--- a/wolfcrypt/src/ge_448.c
+++ b/wolfcrypt/src/ge_448.c
@@ -1,6 +1,6 @@
 /* ge_448.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,17 +24,12 @@
  * Reworked for ed448 by Sean Parkinson.
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_ED448
 
 #include <wolfssl/wolfcrypt/ge_448.h>
 #include <wolfssl/wolfcrypt/ed448.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -77,6 +72,14 @@ static const ge448_p2 ed448_base = {
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
 };
 
+static const word8 ed448_order[56] = {
+    0xf3, 0x44, 0x58, 0xab, 0x92, 0xc2, 0x78, 0x23, 0x55, 0x8f, 0xc5, 0x8d,
+    0x72, 0xc2, 0x6c, 0x21, 0x90, 0x36, 0xd6, 0xae, 0x49, 0xdb, 0x4e, 0xc4,
+    0xe9, 0x23, 0xca, 0x7c, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f,
+};
+
 /* Part of order of ed448 that needs tp be multiplied when reducing */
 static const word8 ed448_order_mul[56] = {
     0x0d, 0xbb, 0xa7, 0x54, 0x6d, 0x3d, 0x87, 0xdc, 0xaa, 0x70, 0x3a, 0x72,
@@ -87,6 +90,8 @@ static const word8 ed448_order_mul[56] = {
 /* Reduce scalar mod the order of the curve.
  * Scalar Will be 114 bytes.
  *
+ * Only performs a weak reduce.
+ *
  * b  [in]  Scalar to reduce.
  */
 void sc448_reduce(byte* b)
@@ -149,6 +154,7 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     int i, j;
     word32 t[112];
     word8 o;
+    sword16 u;
 
     /* a * b + d */
     for (i = 0; i < 56; i++)
@@ -200,6 +206,16 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     }
     r[i] = t[i] & 0xff;
     r[i+1] = 0;
+    /* Reduce to mod order. */
+    u = 0;
+    for (i = 0; i < 56; i++) {
+        u += r[i] - ed448_order[i]; u >>= 8;
+    }
+    o = 0 - (u >= 0);
+    u = 0;
+    for (i = 0; i < 56; i++) {
+        u += r[i] - (ed448_order[i] & o); r[i] = u & 0xff; u >>= 8;
+    }
 }
 
 /* Double the point on the Twisted Edwards curve. r = 2.p
@@ -348,7 +364,7 @@ int ge448_scalarmult_base(ge448_p2* h, const byte* a)
     return 0;
 }
 
-/* Perform a scalar multplication of the base point and public point.
+/* Perform a scalar multiplication of the base point and public point.
  *   r = a * p + b * base
  * Uses a sliding window of 5 bits.
  * Not constant time.
@@ -431,6 +447,8 @@ int ge448_from_bytes_negate_vartime(ge448_p2 *r, const byte *b)
 /* Reduce scalar mod the order of the curve.
  * Scalar Will be 114 bytes.
  *
+ * Only performs a weak reduce.
+ *
  * b  [in]  Scalar to reduce.
  */
 void sc448_reduce(byte* b)
@@ -441,120 +459,120 @@ void sc448_reduce(byte* b)
     word64 o;
 
     /* Load from bytes */
-    t[ 0] =  ((sword64) (b[ 0]) <<  0)
-          |  ((sword64) (b[ 1]) <<  8)
-          |  ((sword64) (b[ 2]) << 16)
-          |  ((sword64) (b[ 3]) << 24)
-          |  ((sword64) (b[ 4]) << 32)
-          |  ((sword64) (b[ 5]) << 40)
-          |  ((sword64) (b[ 6]) << 48);
-    t[ 1] =  ((sword64) (b[ 7]) <<  0)
-          |  ((sword64) (b[ 8]) <<  8)
-          |  ((sword64) (b[ 9]) << 16)
-          |  ((sword64) (b[10]) << 24)
-          |  ((sword64) (b[11]) << 32)
-          |  ((sword64) (b[12]) << 40)
-          |  ((sword64) (b[13]) << 48);
-    t[ 2] =  ((sword64) (b[14]) <<  0)
-          |  ((sword64) (b[15]) <<  8)
-          |  ((sword64) (b[16]) << 16)
-          |  ((sword64) (b[17]) << 24)
-          |  ((sword64) (b[18]) << 32)
-          |  ((sword64) (b[19]) << 40)
-          |  ((sword64) (b[20]) << 48);
-    t[ 3] =  ((sword64) (b[21]) <<  0)
-          |  ((sword64) (b[22]) <<  8)
-          |  ((sword64) (b[23]) << 16)
-          |  ((sword64) (b[24]) << 24)
-          |  ((sword64) (b[25]) << 32)
-          |  ((sword64) (b[26]) << 40)
-          |  ((sword64) (b[27]) << 48);
-    t[ 4] =  ((sword64) (b[28]) <<  0)
-          |  ((sword64) (b[29]) <<  8)
-          |  ((sword64) (b[30]) << 16)
-          |  ((sword64) (b[31]) << 24)
-          |  ((sword64) (b[32]) << 32)
-          |  ((sword64) (b[33]) << 40)
-          |  ((sword64) (b[34]) << 48);
-    t[ 5] =  ((sword64) (b[35]) <<  0)
-          |  ((sword64) (b[36]) <<  8)
-          |  ((sword64) (b[37]) << 16)
-          |  ((sword64) (b[38]) << 24)
-          |  ((sword64) (b[39]) << 32)
-          |  ((sword64) (b[40]) << 40)
-          |  ((sword64) (b[41]) << 48);
-    t[ 6] =  ((sword64) (b[42]) <<  0)
-          |  ((sword64) (b[43]) <<  8)
-          |  ((sword64) (b[44]) << 16)
-          |  ((sword64) (b[45]) << 24)
-          |  ((sword64) (b[46]) << 32)
-          |  ((sword64) (b[47]) << 40)
-          |  ((sword64) (b[48]) << 48);
-    t[ 7] =  ((sword64) (b[49]) <<  0)
-          |  ((sword64) (b[50]) <<  8)
-          |  ((sword64) (b[51]) << 16)
-          |  ((sword64) (b[52]) << 24)
-          |  ((sword64) (b[53]) << 32)
-          |  ((sword64) (b[54]) << 40)
-          |  ((sword64) (b[55]) << 48);
-    t[ 8] =  ((sword64) (b[56]) <<  0)
-          |  ((sword64) (b[57]) <<  8)
-          |  ((sword64) (b[58]) << 16)
-          |  ((sword64) (b[59]) << 24)
-          |  ((sword64) (b[60]) << 32)
-          |  ((sword64) (b[61]) << 40)
-          |  ((sword64) (b[62]) << 48);
-    t[ 9] =  ((sword64) (b[63]) <<  0)
-          |  ((sword64) (b[64]) <<  8)
-          |  ((sword64) (b[65]) << 16)
-          |  ((sword64) (b[66]) << 24)
-          |  ((sword64) (b[67]) << 32)
-          |  ((sword64) (b[68]) << 40)
-          |  ((sword64) (b[69]) << 48);
-    t[10] =  ((sword64) (b[70]) <<  0)
-          |  ((sword64) (b[71]) <<  8)
-          |  ((sword64) (b[72]) << 16)
-          |  ((sword64) (b[73]) << 24)
-          |  ((sword64) (b[74]) << 32)
-          |  ((sword64) (b[75]) << 40)
-          |  ((sword64) (b[76]) << 48);
-    t[11] =  ((sword64) (b[77]) <<  0)
-          |  ((sword64) (b[78]) <<  8)
-          |  ((sword64) (b[79]) << 16)
-          |  ((sword64) (b[80]) << 24)
-          |  ((sword64) (b[81]) << 32)
-          |  ((sword64) (b[82]) << 40)
-          |  ((sword64) (b[83]) << 48);
-    t[12] =  ((sword64) (b[84]) <<  0)
-          |  ((sword64) (b[85]) <<  8)
-          |  ((sword64) (b[86]) << 16)
-          |  ((sword64) (b[87]) << 24)
-          |  ((sword64) (b[88]) << 32)
-          |  ((sword64) (b[89]) << 40)
-          |  ((sword64) (b[90]) << 48);
-    t[13] =  ((sword64) (b[91]) <<  0)
-          |  ((sword64) (b[92]) <<  8)
-          |  ((sword64) (b[93]) << 16)
-          |  ((sword64) (b[94]) << 24)
-          |  ((sword64) (b[95]) << 32)
-          |  ((sword64) (b[96]) << 40)
-          |  ((sword64) (b[97]) << 48);
-    t[14] =  ((sword64) (b[98]) <<  0)
-          |  ((sword64) (b[99]) <<  8)
-          |  ((sword64) (b[100]) << 16)
-          |  ((sword64) (b[101]) << 24)
-          |  ((sword64) (b[102]) << 32)
-          |  ((sword64) (b[103]) << 40)
-          |  ((sword64) (b[104]) << 48);
-    t[15] =  ((sword64) (b[105]) <<  0)
-          |  ((sword64) (b[106]) <<  8)
-          |  ((sword64) (b[107]) << 16)
-          |  ((sword64) (b[108]) << 24)
-          |  ((sword64) (b[109]) << 32)
-          |  ((sword64) (b[110]) << 40)
-          |  ((sword64) (b[111]) << 48);
-    t[16] =  ((sword64) (b[112]) <<  0)
-          |  ((sword64) (b[113]) <<  8);
+    t[ 0] =  (word64)((sword64) (b[ 0]) <<  0)
+          |  (word64)((sword64) (b[ 1]) <<  8)
+          |  (word64)((sword64) (b[ 2]) << 16)
+          |  (word64)((sword64) (b[ 3]) << 24)
+          |  (word64)((sword64) (b[ 4]) << 32)
+          |  (word64)((sword64) (b[ 5]) << 40)
+          |  (word64)((sword64) (b[ 6]) << 48);
+    t[ 1] =  (word64)((sword64) (b[ 7]) <<  0)
+          |  (word64)((sword64) (b[ 8]) <<  8)
+          |  (word64)((sword64) (b[ 9]) << 16)
+          |  (word64)((sword64) (b[10]) << 24)
+          |  (word64)((sword64) (b[11]) << 32)
+          |  (word64)((sword64) (b[12]) << 40)
+          |  (word64)((sword64) (b[13]) << 48);
+    t[ 2] =  (word64)((sword64) (b[14]) <<  0)
+          |  (word64)((sword64) (b[15]) <<  8)
+          |  (word64)((sword64) (b[16]) << 16)
+          |  (word64)((sword64) (b[17]) << 24)
+          |  (word64)((sword64) (b[18]) << 32)
+          |  (word64)((sword64) (b[19]) << 40)
+          |  (word64)((sword64) (b[20]) << 48);
+    t[ 3] =  (word64)((sword64) (b[21]) <<  0)
+          |  (word64)((sword64) (b[22]) <<  8)
+          |  (word64)((sword64) (b[23]) << 16)
+          |  (word64)((sword64) (b[24]) << 24)
+          |  (word64)((sword64) (b[25]) << 32)
+          |  (word64)((sword64) (b[26]) << 40)
+          |  (word64)((sword64) (b[27]) << 48);
+    t[ 4] =  (word64)((sword64) (b[28]) <<  0)
+          |  (word64)((sword64) (b[29]) <<  8)
+          |  (word64)((sword64) (b[30]) << 16)
+          |  (word64)((sword64) (b[31]) << 24)
+          |  (word64)((sword64) (b[32]) << 32)
+          |  (word64)((sword64) (b[33]) << 40)
+          |  (word64)((sword64) (b[34]) << 48);
+    t[ 5] =  (word64)((sword64) (b[35]) <<  0)
+          |  (word64)((sword64) (b[36]) <<  8)
+          |  (word64)((sword64) (b[37]) << 16)
+          |  (word64)((sword64) (b[38]) << 24)
+          |  (word64)((sword64) (b[39]) << 32)
+          |  (word64)((sword64) (b[40]) << 40)
+          |  (word64)((sword64) (b[41]) << 48);
+    t[ 6] =  (word64)((sword64) (b[42]) <<  0)
+          |  (word64)((sword64) (b[43]) <<  8)
+          |  (word64)((sword64) (b[44]) << 16)
+          |  (word64)((sword64) (b[45]) << 24)
+          |  (word64)((sword64) (b[46]) << 32)
+          |  (word64)((sword64) (b[47]) << 40)
+          |  (word64)((sword64) (b[48]) << 48);
+    t[ 7] =  (word64)((sword64) (b[49]) <<  0)
+          |  (word64)((sword64) (b[50]) <<  8)
+          |  (word64)((sword64) (b[51]) << 16)
+          |  (word64)((sword64) (b[52]) << 24)
+          |  (word64)((sword64) (b[53]) << 32)
+          |  (word64)((sword64) (b[54]) << 40)
+          |  (word64)((sword64) (b[55]) << 48);
+    t[ 8] =  (word64)((sword64) (b[56]) <<  0)
+          |  (word64)((sword64) (b[57]) <<  8)
+          |  (word64)((sword64) (b[58]) << 16)
+          |  (word64)((sword64) (b[59]) << 24)
+          |  (word64)((sword64) (b[60]) << 32)
+          |  (word64)((sword64) (b[61]) << 40)
+          |  (word64)((sword64) (b[62]) << 48);
+    t[ 9] =  (word64)((sword64) (b[63]) <<  0)
+          |  (word64)((sword64) (b[64]) <<  8)
+          |  (word64)((sword64) (b[65]) << 16)
+          |  (word64)((sword64) (b[66]) << 24)
+          |  (word64)((sword64) (b[67]) << 32)
+          |  (word64)((sword64) (b[68]) << 40)
+          |  (word64)((sword64) (b[69]) << 48);
+    t[10] =  (word64)((sword64) (b[70]) <<  0)
+          |  (word64)((sword64) (b[71]) <<  8)
+          |  (word64)((sword64) (b[72]) << 16)
+          |  (word64)((sword64) (b[73]) << 24)
+          |  (word64)((sword64) (b[74]) << 32)
+          |  (word64)((sword64) (b[75]) << 40)
+          |  (word64)((sword64) (b[76]) << 48);
+    t[11] =  (word64)((sword64) (b[77]) <<  0)
+          |  (word64)((sword64) (b[78]) <<  8)
+          |  (word64)((sword64) (b[79]) << 16)
+          |  (word64)((sword64) (b[80]) << 24)
+          |  (word64)((sword64) (b[81]) << 32)
+          |  (word64)((sword64) (b[82]) << 40)
+          |  (word64)((sword64) (b[83]) << 48);
+    t[12] =  (word64)((sword64) (b[84]) <<  0)
+          |  (word64)((sword64) (b[85]) <<  8)
+          |  (word64)((sword64) (b[86]) << 16)
+          |  (word64)((sword64) (b[87]) << 24)
+          |  (word64)((sword64) (b[88]) << 32)
+          |  (word64)((sword64) (b[89]) << 40)
+          |  (word64)((sword64) (b[90]) << 48);
+    t[13] =  (word64)((sword64) (b[91]) <<  0)
+          |  (word64)((sword64) (b[92]) <<  8)
+          |  (word64)((sword64) (b[93]) << 16)
+          |  (word64)((sword64) (b[94]) << 24)
+          |  (word64)((sword64) (b[95]) << 32)
+          |  (word64)((sword64) (b[96]) << 40)
+          |  (word64)((sword64) (b[97]) << 48);
+    t[14] =  (word64)((sword64) (b[98]) <<  0)
+          |  (word64)((sword64) (b[99]) <<  8)
+          |  (word64)((sword64) (b[100]) << 16)
+          |  (word64)((sword64) (b[101]) << 24)
+          |  (word64)((sword64) (b[102]) << 32)
+          |  (word64)((sword64) (b[103]) << 40)
+          |  (word64)((sword64) (b[104]) << 48);
+    t[15] =  (word64)((sword64) (b[105]) <<  0)
+          |  (word64)((sword64) (b[106]) <<  8)
+          |  (word64)((sword64) (b[107]) << 16)
+          |  (word64)((sword64) (b[108]) << 24)
+          |  (word64)((sword64) (b[109]) << 32)
+          |  (word64)((sword64) (b[110]) << 40)
+          |  (word64)((sword64) (b[111]) << 48);
+    t[16] =  (word64)((sword64) (b[112]) <<  0)
+          |  (word64)((sword64) (b[113]) <<  8);
 
     /* Mod curve order */
     /* 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d */
@@ -721,244 +739,245 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     word128 t[16];
     word128 c;
     word64 o;
+    sword64 u;
 
     /* Load from bytes */
-    ad[ 0] =  ((sword64) (a[ 0]) <<  0)
-           |  ((sword64) (a[ 1]) <<  8)
-           |  ((sword64) (a[ 2]) << 16)
-           |  ((sword64) (a[ 3]) << 24)
-           |  ((sword64) (a[ 4]) << 32)
-           |  ((sword64) (a[ 5]) << 40)
-           |  ((sword64) (a[ 6]) << 48);
-    ad[ 1] =  ((sword64) (a[ 7]) <<  0)
-           |  ((sword64) (a[ 8]) <<  8)
-           |  ((sword64) (a[ 9]) << 16)
-           |  ((sword64) (a[10]) << 24)
-           |  ((sword64) (a[11]) << 32)
-           |  ((sword64) (a[12]) << 40)
-           |  ((sword64) (a[13]) << 48);
-    ad[ 2] =  ((sword64) (a[14]) <<  0)
-           |  ((sword64) (a[15]) <<  8)
-           |  ((sword64) (a[16]) << 16)
-           |  ((sword64) (a[17]) << 24)
-           |  ((sword64) (a[18]) << 32)
-           |  ((sword64) (a[19]) << 40)
-           |  ((sword64) (a[20]) << 48);
-    ad[ 3] =  ((sword64) (a[21]) <<  0)
-           |  ((sword64) (a[22]) <<  8)
-           |  ((sword64) (a[23]) << 16)
-           |  ((sword64) (a[24]) << 24)
-           |  ((sword64) (a[25]) << 32)
-           |  ((sword64) (a[26]) << 40)
-           |  ((sword64) (a[27]) << 48);
-    ad[ 4] =  ((sword64) (a[28]) <<  0)
-           |  ((sword64) (a[29]) <<  8)
-           |  ((sword64) (a[30]) << 16)
-           |  ((sword64) (a[31]) << 24)
-           |  ((sword64) (a[32]) << 32)
-           |  ((sword64) (a[33]) << 40)
-           |  ((sword64) (a[34]) << 48);
-    ad[ 5] =  ((sword64) (a[35]) <<  0)
-           |  ((sword64) (a[36]) <<  8)
-           |  ((sword64) (a[37]) << 16)
-           |  ((sword64) (a[38]) << 24)
-           |  ((sword64) (a[39]) << 32)
-           |  ((sword64) (a[40]) << 40)
-           |  ((sword64) (a[41]) << 48);
-    ad[ 6] =  ((sword64) (a[42]) <<  0)
-           |  ((sword64) (a[43]) <<  8)
-           |  ((sword64) (a[44]) << 16)
-           |  ((sword64) (a[45]) << 24)
-           |  ((sword64) (a[46]) << 32)
-           |  ((sword64) (a[47]) << 40)
-           |  ((sword64) (a[48]) << 48);
-    ad[ 7] =  ((sword64) (a[49]) <<  0)
-           |  ((sword64) (a[50]) <<  8)
-           |  ((sword64) (a[51]) << 16)
-           |  ((sword64) (a[52]) << 24)
-           |  ((sword64) (a[53]) << 32)
-           |  ((sword64) (a[54]) << 40)
-           |  ((sword64) (a[55]) << 48);
+    ad[ 0] =  (word64)((sword64) (a[ 0]) <<  0)
+           |  (word64)((sword64) (a[ 1]) <<  8)
+           |  (word64)((sword64) (a[ 2]) << 16)
+           |  (word64)((sword64) (a[ 3]) << 24)
+           |  (word64)((sword64) (a[ 4]) << 32)
+           |  (word64)((sword64) (a[ 5]) << 40)
+           |  (word64)((sword64) (a[ 6]) << 48);
+    ad[ 1] =  (word64)((sword64) (a[ 7]) <<  0)
+           |  (word64)((sword64) (a[ 8]) <<  8)
+           |  (word64)((sword64) (a[ 9]) << 16)
+           |  (word64)((sword64) (a[10]) << 24)
+           |  (word64)((sword64) (a[11]) << 32)
+           |  (word64)((sword64) (a[12]) << 40)
+           |  (word64)((sword64) (a[13]) << 48);
+    ad[ 2] =  (word64)((sword64) (a[14]) <<  0)
+           |  (word64)((sword64) (a[15]) <<  8)
+           |  (word64)((sword64) (a[16]) << 16)
+           |  (word64)((sword64) (a[17]) << 24)
+           |  (word64)((sword64) (a[18]) << 32)
+           |  (word64)((sword64) (a[19]) << 40)
+           |  (word64)((sword64) (a[20]) << 48);
+    ad[ 3] =  (word64)((sword64) (a[21]) <<  0)
+           |  (word64)((sword64) (a[22]) <<  8)
+           |  (word64)((sword64) (a[23]) << 16)
+           |  (word64)((sword64) (a[24]) << 24)
+           |  (word64)((sword64) (a[25]) << 32)
+           |  (word64)((sword64) (a[26]) << 40)
+           |  (word64)((sword64) (a[27]) << 48);
+    ad[ 4] =  (word64)((sword64) (a[28]) <<  0)
+           |  (word64)((sword64) (a[29]) <<  8)
+           |  (word64)((sword64) (a[30]) << 16)
+           |  (word64)((sword64) (a[31]) << 24)
+           |  (word64)((sword64) (a[32]) << 32)
+           |  (word64)((sword64) (a[33]) << 40)
+           |  (word64)((sword64) (a[34]) << 48);
+    ad[ 5] =  (word64)((sword64) (a[35]) <<  0)
+           |  (word64)((sword64) (a[36]) <<  8)
+           |  (word64)((sword64) (a[37]) << 16)
+           |  (word64)((sword64) (a[38]) << 24)
+           |  (word64)((sword64) (a[39]) << 32)
+           |  (word64)((sword64) (a[40]) << 40)
+           |  (word64)((sword64) (a[41]) << 48);
+    ad[ 6] =  (word64)((sword64) (a[42]) <<  0)
+           |  (word64)((sword64) (a[43]) <<  8)
+           |  (word64)((sword64) (a[44]) << 16)
+           |  (word64)((sword64) (a[45]) << 24)
+           |  (word64)((sword64) (a[46]) << 32)
+           |  (word64)((sword64) (a[47]) << 40)
+           |  (word64)((sword64) (a[48]) << 48);
+    ad[ 7] =  (word64)((sword64) (a[49]) <<  0)
+           |  (word64)((sword64) (a[50]) <<  8)
+           |  (word64)((sword64) (a[51]) << 16)
+           |  (word64)((sword64) (a[52]) << 24)
+           |  (word64)((sword64) (a[53]) << 32)
+           |  (word64)((sword64) (a[54]) << 40)
+           |  (word64)((sword64) (a[55]) << 48);
     /* Load from bytes */
-    bd[ 0] =  ((sword64) (b[ 0]) <<  0)
-           |  ((sword64) (b[ 1]) <<  8)
-           |  ((sword64) (b[ 2]) << 16)
-           |  ((sword64) (b[ 3]) << 24)
-           |  ((sword64) (b[ 4]) << 32)
-           |  ((sword64) (b[ 5]) << 40)
-           |  ((sword64) (b[ 6]) << 48);
-    bd[ 1] =  ((sword64) (b[ 7]) <<  0)
-           |  ((sword64) (b[ 8]) <<  8)
-           |  ((sword64) (b[ 9]) << 16)
-           |  ((sword64) (b[10]) << 24)
-           |  ((sword64) (b[11]) << 32)
-           |  ((sword64) (b[12]) << 40)
-           |  ((sword64) (b[13]) << 48);
-    bd[ 2] =  ((sword64) (b[14]) <<  0)
-           |  ((sword64) (b[15]) <<  8)
-           |  ((sword64) (b[16]) << 16)
-           |  ((sword64) (b[17]) << 24)
-           |  ((sword64) (b[18]) << 32)
-           |  ((sword64) (b[19]) << 40)
-           |  ((sword64) (b[20]) << 48);
-    bd[ 3] =  ((sword64) (b[21]) <<  0)
-           |  ((sword64) (b[22]) <<  8)
-           |  ((sword64) (b[23]) << 16)
-           |  ((sword64) (b[24]) << 24)
-           |  ((sword64) (b[25]) << 32)
-           |  ((sword64) (b[26]) << 40)
-           |  ((sword64) (b[27]) << 48);
-    bd[ 4] =  ((sword64) (b[28]) <<  0)
-           |  ((sword64) (b[29]) <<  8)
-           |  ((sword64) (b[30]) << 16)
-           |  ((sword64) (b[31]) << 24)
-           |  ((sword64) (b[32]) << 32)
-           |  ((sword64) (b[33]) << 40)
-           |  ((sword64) (b[34]) << 48);
-    bd[ 5] =  ((sword64) (b[35]) <<  0)
-           |  ((sword64) (b[36]) <<  8)
-           |  ((sword64) (b[37]) << 16)
-           |  ((sword64) (b[38]) << 24)
-           |  ((sword64) (b[39]) << 32)
-           |  ((sword64) (b[40]) << 40)
-           |  ((sword64) (b[41]) << 48);
-    bd[ 6] =  ((sword64) (b[42]) <<  0)
-           |  ((sword64) (b[43]) <<  8)
-           |  ((sword64) (b[44]) << 16)
-           |  ((sword64) (b[45]) << 24)
-           |  ((sword64) (b[46]) << 32)
-           |  ((sword64) (b[47]) << 40)
-           |  ((sword64) (b[48]) << 48);
-    bd[ 7] =  ((sword64) (b[49]) <<  0)
-           |  ((sword64) (b[50]) <<  8)
-           |  ((sword64) (b[51]) << 16)
-           |  ((sword64) (b[52]) << 24)
-           |  ((sword64) (b[53]) << 32)
-           |  ((sword64) (b[54]) << 40)
-           |  ((sword64) (b[55]) << 48);
+    bd[ 0] =  (word64)((sword64) (b[ 0]) <<  0)
+           |  (word64)((sword64) (b[ 1]) <<  8)
+           |  (word64)((sword64) (b[ 2]) << 16)
+           |  (word64)((sword64) (b[ 3]) << 24)
+           |  (word64)((sword64) (b[ 4]) << 32)
+           |  (word64)((sword64) (b[ 5]) << 40)
+           |  (word64)((sword64) (b[ 6]) << 48);
+    bd[ 1] =  (word64)((sword64) (b[ 7]) <<  0)
+           |  (word64)((sword64) (b[ 8]) <<  8)
+           |  (word64)((sword64) (b[ 9]) << 16)
+           |  (word64)((sword64) (b[10]) << 24)
+           |  (word64)((sword64) (b[11]) << 32)
+           |  (word64)((sword64) (b[12]) << 40)
+           |  (word64)((sword64) (b[13]) << 48);
+    bd[ 2] =  (word64)((sword64) (b[14]) <<  0)
+           |  (word64)((sword64) (b[15]) <<  8)
+           |  (word64)((sword64) (b[16]) << 16)
+           |  (word64)((sword64) (b[17]) << 24)
+           |  (word64)((sword64) (b[18]) << 32)
+           |  (word64)((sword64) (b[19]) << 40)
+           |  (word64)((sword64) (b[20]) << 48);
+    bd[ 3] =  (word64)((sword64) (b[21]) <<  0)
+           |  (word64)((sword64) (b[22]) <<  8)
+           |  (word64)((sword64) (b[23]) << 16)
+           |  (word64)((sword64) (b[24]) << 24)
+           |  (word64)((sword64) (b[25]) << 32)
+           |  (word64)((sword64) (b[26]) << 40)
+           |  (word64)((sword64) (b[27]) << 48);
+    bd[ 4] =  (word64)((sword64) (b[28]) <<  0)
+           |  (word64)((sword64) (b[29]) <<  8)
+           |  (word64)((sword64) (b[30]) << 16)
+           |  (word64)((sword64) (b[31]) << 24)
+           |  (word64)((sword64) (b[32]) << 32)
+           |  (word64)((sword64) (b[33]) << 40)
+           |  (word64)((sword64) (b[34]) << 48);
+    bd[ 5] =  (word64)((sword64) (b[35]) <<  0)
+           |  (word64)((sword64) (b[36]) <<  8)
+           |  (word64)((sword64) (b[37]) << 16)
+           |  (word64)((sword64) (b[38]) << 24)
+           |  (word64)((sword64) (b[39]) << 32)
+           |  (word64)((sword64) (b[40]) << 40)
+           |  (word64)((sword64) (b[41]) << 48);
+    bd[ 6] =  (word64)((sword64) (b[42]) <<  0)
+           |  (word64)((sword64) (b[43]) <<  8)
+           |  (word64)((sword64) (b[44]) << 16)
+           |  (word64)((sword64) (b[45]) << 24)
+           |  (word64)((sword64) (b[46]) << 32)
+           |  (word64)((sword64) (b[47]) << 40)
+           |  (word64)((sword64) (b[48]) << 48);
+    bd[ 7] =  (word64)((sword64) (b[49]) <<  0)
+           |  (word64)((sword64) (b[50]) <<  8)
+           |  (word64)((sword64) (b[51]) << 16)
+           |  (word64)((sword64) (b[52]) << 24)
+           |  (word64)((sword64) (b[53]) << 32)
+           |  (word64)((sword64) (b[54]) << 40)
+           |  (word64)((sword64) (b[55]) << 48);
     /* Load from bytes */
-    dd[ 0] =  ((sword64) (d[ 0]) <<  0)
-           |  ((sword64) (d[ 1]) <<  8)
-           |  ((sword64) (d[ 2]) << 16)
-           |  ((sword64) (d[ 3]) << 24)
-           |  ((sword64) (d[ 4]) << 32)
-           |  ((sword64) (d[ 5]) << 40)
-           |  ((sword64) (d[ 6]) << 48);
-    dd[ 1] =  ((sword64) (d[ 7]) <<  0)
-           |  ((sword64) (d[ 8]) <<  8)
-           |  ((sword64) (d[ 9]) << 16)
-           |  ((sword64) (d[10]) << 24)
-           |  ((sword64) (d[11]) << 32)
-           |  ((sword64) (d[12]) << 40)
-           |  ((sword64) (d[13]) << 48);
-    dd[ 2] =  ((sword64) (d[14]) <<  0)
-           |  ((sword64) (d[15]) <<  8)
-           |  ((sword64) (d[16]) << 16)
-           |  ((sword64) (d[17]) << 24)
-           |  ((sword64) (d[18]) << 32)
-           |  ((sword64) (d[19]) << 40)
-           |  ((sword64) (d[20]) << 48);
-    dd[ 3] =  ((sword64) (d[21]) <<  0)
-           |  ((sword64) (d[22]) <<  8)
-           |  ((sword64) (d[23]) << 16)
-           |  ((sword64) (d[24]) << 24)
-           |  ((sword64) (d[25]) << 32)
-           |  ((sword64) (d[26]) << 40)
-           |  ((sword64) (d[27]) << 48);
-    dd[ 4] =  ((sword64) (d[28]) <<  0)
-           |  ((sword64) (d[29]) <<  8)
-           |  ((sword64) (d[30]) << 16)
-           |  ((sword64) (d[31]) << 24)
-           |  ((sword64) (d[32]) << 32)
-           |  ((sword64) (d[33]) << 40)
-           |  ((sword64) (d[34]) << 48);
-    dd[ 5] =  ((sword64) (d[35]) <<  0)
-           |  ((sword64) (d[36]) <<  8)
-           |  ((sword64) (d[37]) << 16)
-           |  ((sword64) (d[38]) << 24)
-           |  ((sword64) (d[39]) << 32)
-           |  ((sword64) (d[40]) << 40)
-           |  ((sword64) (d[41]) << 48);
-    dd[ 6] =  ((sword64) (d[42]) <<  0)
-           |  ((sword64) (d[43]) <<  8)
-           |  ((sword64) (d[44]) << 16)
-           |  ((sword64) (d[45]) << 24)
-           |  ((sword64) (d[46]) << 32)
-           |  ((sword64) (d[47]) << 40)
-           |  ((sword64) (d[48]) << 48);
-    dd[ 7] =  ((sword64) (d[49]) <<  0)
-           |  ((sword64) (d[50]) <<  8)
-           |  ((sword64) (d[51]) << 16)
-           |  ((sword64) (d[52]) << 24)
-           |  ((sword64) (d[53]) << 32)
-           |  ((sword64) (d[54]) << 40)
-           |  ((sword64) (d[55]) << 48);
+    dd[ 0] =  (word64)((sword64) (d[ 0]) <<  0)
+           |  (word64)((sword64) (d[ 1]) <<  8)
+           |  (word64)((sword64) (d[ 2]) << 16)
+           |  (word64)((sword64) (d[ 3]) << 24)
+           |  (word64)((sword64) (d[ 4]) << 32)
+           |  (word64)((sword64) (d[ 5]) << 40)
+           |  (word64)((sword64) (d[ 6]) << 48);
+    dd[ 1] =  (word64)((sword64) (d[ 7]) <<  0)
+           |  (word64)((sword64) (d[ 8]) <<  8)
+           |  (word64)((sword64) (d[ 9]) << 16)
+           |  (word64)((sword64) (d[10]) << 24)
+           |  (word64)((sword64) (d[11]) << 32)
+           |  (word64)((sword64) (d[12]) << 40)
+           |  (word64)((sword64) (d[13]) << 48);
+    dd[ 2] =  (word64)((sword64) (d[14]) <<  0)
+           |  (word64)((sword64) (d[15]) <<  8)
+           |  (word64)((sword64) (d[16]) << 16)
+           |  (word64)((sword64) (d[17]) << 24)
+           |  (word64)((sword64) (d[18]) << 32)
+           |  (word64)((sword64) (d[19]) << 40)
+           |  (word64)((sword64) (d[20]) << 48);
+    dd[ 3] =  (word64)((sword64) (d[21]) <<  0)
+           |  (word64)((sword64) (d[22]) <<  8)
+           |  (word64)((sword64) (d[23]) << 16)
+           |  (word64)((sword64) (d[24]) << 24)
+           |  (word64)((sword64) (d[25]) << 32)
+           |  (word64)((sword64) (d[26]) << 40)
+           |  (word64)((sword64) (d[27]) << 48);
+    dd[ 4] =  (word64)((sword64) (d[28]) <<  0)
+           |  (word64)((sword64) (d[29]) <<  8)
+           |  (word64)((sword64) (d[30]) << 16)
+           |  (word64)((sword64) (d[31]) << 24)
+           |  (word64)((sword64) (d[32]) << 32)
+           |  (word64)((sword64) (d[33]) << 40)
+           |  (word64)((sword64) (d[34]) << 48);
+    dd[ 5] =  (word64)((sword64) (d[35]) <<  0)
+           |  (word64)((sword64) (d[36]) <<  8)
+           |  (word64)((sword64) (d[37]) << 16)
+           |  (word64)((sword64) (d[38]) << 24)
+           |  (word64)((sword64) (d[39]) << 32)
+           |  (word64)((sword64) (d[40]) << 40)
+           |  (word64)((sword64) (d[41]) << 48);
+    dd[ 6] =  (word64)((sword64) (d[42]) <<  0)
+           |  (word64)((sword64) (d[43]) <<  8)
+           |  (word64)((sword64) (d[44]) << 16)
+           |  (word64)((sword64) (d[45]) << 24)
+           |  (word64)((sword64) (d[46]) << 32)
+           |  (word64)((sword64) (d[47]) << 40)
+           |  (word64)((sword64) (d[48]) << 48);
+    dd[ 7] =  (word64)((sword64) (d[49]) <<  0)
+           |  (word64)((sword64) (d[50]) <<  8)
+           |  (word64)((sword64) (d[51]) << 16)
+           |  (word64)((sword64) (d[52]) << 24)
+           |  (word64)((sword64) (d[53]) << 32)
+           |  (word64)((sword64) (d[54]) << 40)
+           |  (word64)((sword64) (d[55]) << 48);
 
     /* a * b + d */
-    t[ 0] = (word128)dd[ 0] + (sword128)ad[ 0] * bd[ 0];
-    t[ 1] = (word128)dd[ 1] + (sword128)ad[ 0] * bd[ 1]
-                            + (sword128)ad[ 1] * bd[ 0];
-    t[ 2] = (word128)dd[ 2] + (sword128)ad[ 0] * bd[ 2]
-                            + (sword128)ad[ 1] * bd[ 1]
-                            + (sword128)ad[ 2] * bd[ 0];
-    t[ 3] = (word128)dd[ 3] + (sword128)ad[ 0] * bd[ 3]
-                            + (sword128)ad[ 1] * bd[ 2]
-                            + (sword128)ad[ 2] * bd[ 1]
-                            + (sword128)ad[ 3] * bd[ 0];
-    t[ 4] = (word128)dd[ 4] + (sword128)ad[ 0] * bd[ 4]
-                            + (sword128)ad[ 1] * bd[ 3]
-                            + (sword128)ad[ 2] * bd[ 2]
-                            + (sword128)ad[ 3] * bd[ 1]
-                            + (sword128)ad[ 4] * bd[ 0];
-    t[ 5] = (word128)dd[ 5] + (sword128)ad[ 0] * bd[ 5]
-                            + (sword128)ad[ 1] * bd[ 4]
-                            + (sword128)ad[ 2] * bd[ 3]
-                            + (sword128)ad[ 3] * bd[ 2]
-                            + (sword128)ad[ 4] * bd[ 1]
-                            + (sword128)ad[ 5] * bd[ 0];
-    t[ 6] = (word128)dd[ 6] + (sword128)ad[ 0] * bd[ 6]
-                            + (sword128)ad[ 1] * bd[ 5]
-                            + (sword128)ad[ 2] * bd[ 4]
-                            + (sword128)ad[ 3] * bd[ 3]
-                            + (sword128)ad[ 4] * bd[ 2]
-                            + (sword128)ad[ 5] * bd[ 1]
-                            + (sword128)ad[ 6] * bd[ 0];
-    t[ 7] = (word128)dd[ 7] + (sword128)ad[ 0] * bd[ 7]
-                            + (sword128)ad[ 1] * bd[ 6]
-                            + (sword128)ad[ 2] * bd[ 5]
-                            + (sword128)ad[ 3] * bd[ 4]
-                            + (sword128)ad[ 4] * bd[ 3]
-                            + (sword128)ad[ 5] * bd[ 2]
-                            + (sword128)ad[ 6] * bd[ 1]
-                            + (sword128)ad[ 7] * bd[ 0];
-    t[ 8] = (word128)          (sword128)ad[ 1] * bd[ 7]
-                            + (sword128)ad[ 2] * bd[ 6]
-                            + (sword128)ad[ 3] * bd[ 5]
-                            + (sword128)ad[ 4] * bd[ 4]
-                            + (sword128)ad[ 5] * bd[ 3]
-                            + (sword128)ad[ 6] * bd[ 2]
-                            + (sword128)ad[ 7] * bd[ 1];
-    t[ 9] = (word128)          (sword128)ad[ 2] * bd[ 7]
-                            + (sword128)ad[ 3] * bd[ 6]
-                            + (sword128)ad[ 4] * bd[ 5]
-                            + (sword128)ad[ 5] * bd[ 4]
-                            + (sword128)ad[ 6] * bd[ 3]
-                            + (sword128)ad[ 7] * bd[ 2];
-    t[10] = (word128)          (sword128)ad[ 3] * bd[ 7]
-                            + (sword128)ad[ 4] * bd[ 6]
-                            + (sword128)ad[ 5] * bd[ 5]
-                            + (sword128)ad[ 6] * bd[ 4]
-                            + (sword128)ad[ 7] * bd[ 3];
-    t[11] = (word128)          (sword128)ad[ 4] * bd[ 7]
-                            + (sword128)ad[ 5] * bd[ 6]
-                            + (sword128)ad[ 6] * bd[ 5]
-                            + (sword128)ad[ 7] * bd[ 4];
-    t[12] = (word128)          (sword128)ad[ 5] * bd[ 7]
-                            + (sword128)ad[ 6] * bd[ 6]
-                            + (sword128)ad[ 7] * bd[ 5];
-    t[13] = (word128)          (sword128)ad[ 6] * bd[ 7]
-                            + (sword128)ad[ 7] * bd[ 6];
-    t[14] = (word128)          (sword128)ad[ 7] * bd[ 7];
+    t[ 0] = (word128)(dd[ 0] + (word128)((sword128)ad[ 0] * bd[ 0]));
+    t[ 1] = (word128)(dd[ 1] + (word128)((sword128)ad[ 0] * bd[ 1]
+                                       + (sword128)ad[ 1] * bd[ 0]));
+    t[ 2] = (word128)(dd[ 2] + (word128)((sword128)ad[ 0] * bd[ 2]
+                                       + (sword128)ad[ 1] * bd[ 1]
+                                       + (sword128)ad[ 2] * bd[ 0]));
+    t[ 3] = (word128)(dd[ 3] + (word128)((sword128)ad[ 0] * bd[ 3]
+                                       + (sword128)ad[ 1] * bd[ 2]
+                                       + (sword128)ad[ 2] * bd[ 1]
+                                       + (sword128)ad[ 3] * bd[ 0]));
+    t[ 4] = (word128)(dd[ 4] + (word128)((sword128)ad[ 0] * bd[ 4]
+                                       + (sword128)ad[ 1] * bd[ 3]
+                                       + (sword128)ad[ 2] * bd[ 2]
+                                       + (sword128)ad[ 3] * bd[ 1]
+                                       + (sword128)ad[ 4] * bd[ 0]));
+    t[ 5] = (word128)(dd[ 5] + (word128)((sword128)ad[ 0] * bd[ 5]
+                                       + (sword128)ad[ 1] * bd[ 4]
+                                       + (sword128)ad[ 2] * bd[ 3]
+                                       + (sword128)ad[ 3] * bd[ 2]
+                                       + (sword128)ad[ 4] * bd[ 1]
+                                       + (sword128)ad[ 5] * bd[ 0]));
+    t[ 6] = (word128)(dd[ 6] + (word128)((sword128)ad[ 0] * bd[ 6]
+                                       + (sword128)ad[ 1] * bd[ 5]
+                                       + (sword128)ad[ 2] * bd[ 4]
+                                       + (sword128)ad[ 3] * bd[ 3]
+                                       + (sword128)ad[ 4] * bd[ 2]
+                                       + (sword128)ad[ 5] * bd[ 1]
+                                       + (sword128)ad[ 6] * bd[ 0]));
+    t[ 7] = (word128)(dd[ 7] + (word128)((sword128)ad[ 0] * bd[ 7]
+                                       + (sword128)ad[ 1] * bd[ 6]
+                                       + (sword128)ad[ 2] * bd[ 5]
+                                       + (sword128)ad[ 3] * bd[ 4]
+                                       + (sword128)ad[ 4] * bd[ 3]
+                                       + (sword128)ad[ 5] * bd[ 2]
+                                       + (sword128)ad[ 6] * bd[ 1]
+                                       + (sword128)ad[ 7] * bd[ 0]));
+    t[ 8] = (word128)(                   (sword128)ad[ 1] * bd[ 7]
+                                       + (sword128)ad[ 2] * bd[ 6]
+                                       + (sword128)ad[ 3] * bd[ 5]
+                                       + (sword128)ad[ 4] * bd[ 4]
+                                       + (sword128)ad[ 5] * bd[ 3]
+                                       + (sword128)ad[ 6] * bd[ 2]
+                                       + (sword128)ad[ 7] * bd[ 1]);
+    t[ 9] = (word128)(                   (sword128)ad[ 2] * bd[ 7]
+                                       + (sword128)ad[ 3] * bd[ 6]
+                                       + (sword128)ad[ 4] * bd[ 5]
+                                       + (sword128)ad[ 5] * bd[ 4]
+                                       + (sword128)ad[ 6] * bd[ 3]
+                                       + (sword128)ad[ 7] * bd[ 2]);
+    t[10] = (word128)(                   (sword128)ad[ 3] * bd[ 7]
+                                       + (sword128)ad[ 4] * bd[ 6]
+                                       + (sword128)ad[ 5] * bd[ 5]
+                                       + (sword128)ad[ 6] * bd[ 4]
+                                       + (sword128)ad[ 7] * bd[ 3]);
+    t[11] = (word128)(                   (sword128)ad[ 4] * bd[ 7]
+                                       + (sword128)ad[ 5] * bd[ 6]
+                                       + (sword128)ad[ 6] * bd[ 5]
+                                       + (sword128)ad[ 7] * bd[ 4]);
+    t[12] = (word128)(                   (sword128)ad[ 5] * bd[ 7]
+                                       + (sword128)ad[ 6] * bd[ 6]
+                                       + (sword128)ad[ 7] * bd[ 5]);
+    t[13] = (word128)(                   (sword128)ad[ 6] * bd[ 7]
+                                       + (sword128)ad[ 7] * bd[ 6]);
+    t[14] = (word128)(                   (sword128)ad[ 7] * bd[ 7]);
     t[15] = 0;
 
     /* Mod curve order */
@@ -1044,6 +1063,41 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     o = rd[ 4] >> 56; rd[ 5] += o; rd[ 4] = rd[ 4] & 0xffffffffffffff;
     o = rd[ 5] >> 56; rd[ 6] += o; rd[ 5] = rd[ 5] & 0xffffffffffffff;
     o = rd[ 6] >> 56; rd[ 7] += o; rd[ 6] = rd[ 6] & 0xffffffffffffff;
+    /* Reduce to mod order. */
+    u = 0;
+    u += (sword64)rd[0] - (sword64)0x078c292ab5844f3L; u >>= 56;
+    u += (sword64)rd[1] - (sword64)0x0c2728dc58f5523L; u >>= 56;
+    u += (sword64)rd[2] - (sword64)0x049aed63690216cL; u >>= 56;
+    u += (sword64)rd[3] - (sword64)0x07cca23e9c44edbL; u >>= 56;
+    u += (sword64)rd[4] - (sword64)0x0ffffffffffffffL; u >>= 56;
+    u += (sword64)rd[5] - (sword64)0x0ffffffffffffffL; u >>= 56;
+    u += (sword64)rd[6] - (sword64)0x0ffffffffffffffL; u >>= 56;
+    u += (sword64)rd[7] - (sword64)0x03fffffffffffffL; u >>= 56;
+    o = (word64)0 - (u >= 0);
+    u = 0;
+    u += (sword64)rd[0] - (sword64)((word64)0x078c292ab5844f3L & o);
+    rd[0] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[1] - (sword64)((word64)0x0c2728dc58f5523L & o);
+    rd[1] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[2] - (sword64)((word64)0x049aed63690216cL & o);
+    rd[2] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[3] - (sword64)((word64)0x07cca23e9c44edbL & o);
+    rd[3] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[4] - (sword64)((word64)0x0ffffffffffffffL & o);
+    rd[4] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[5] - (sword64)((word64)0x0ffffffffffffffL & o);
+    rd[5] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[6] - (sword64)((word64)0x0ffffffffffffffL & o);
+    rd[6] = u & 0xffffffffffffff;
+    u >>= 56;
+    u += (sword64)rd[7] - (sword64)((word64)0x03fffffffffffffL & o);
+    rd[7] = u & 0xffffffffffffff;
 
     /* Convert to bytes */
     r[ 0] = (byte)(rd[0 ] >>  0);
@@ -5072,6 +5126,8 @@ static const ge448_precomp base_i[16] = {
 /* Reduce scalar mod the order of the curve.
  * Scalar Will be 114 bytes.
  *
+ * Only performs a weak reduce.
+ *
  * b  [in]  Scalar to reduce.
  */
 void sc448_reduce(byte* b)
@@ -5082,136 +5138,169 @@ void sc448_reduce(byte* b)
     word32 o;
 
     /* Load from bytes */
-    t[ 0] =  (((sword32)((b[ 0]        ) >>  0)) <<  0)
+    t[ 0] = (word64)(
+             (((sword32)((b[ 0]        ) >>  0)) <<  0)
           |  (((sword32)((b[ 1]        ) >>  0)) <<  8)
           |  (((sword32)((b[ 2]        ) >>  0)) << 16)
-          | ((((sword32)((b[ 3] & 0xf )) >>  0)) << 24);
-    t[ 1] =  (((sword32)((b[ 3]        ) >>  4)) <<  0)
+          | ((((sword32)((b[ 3] & 0xf )) >>  0)) << 24));
+    t[ 1] = (word64)(
+             (((sword32)((b[ 3]        ) >>  4)) <<  0)
           |  (((sword32)((b[ 4]        ) >>  0)) <<  4)
           |  (((sword32)((b[ 5]        ) >>  0)) << 12)
-          |  (((sword32)((b[ 6]        ) >>  0)) << 20);
-    t[ 2] =  (((sword32)((b[ 7]        ) >>  0)) <<  0)
+          |  (((sword32)((b[ 6]        ) >>  0)) << 20));
+    t[ 2] = (word64)(
+             (((sword32)((b[ 7]        ) >>  0)) <<  0)
           |  (((sword32)((b[ 8]        ) >>  0)) <<  8)
           |  (((sword32)((b[ 9]        ) >>  0)) << 16)
-          | ((((sword32)((b[10] & 0xf )) >>  0)) << 24);
-    t[ 3] =  (((sword32)((b[10]        ) >>  4)) <<  0)
+          | ((((sword32)((b[10] & 0xf )) >>  0)) << 24));
+    t[ 3] = (word64)(
+             (((sword32)((b[10]        ) >>  4)) <<  0)
           |  (((sword32)((b[11]        ) >>  0)) <<  4)
           |  (((sword32)((b[12]        ) >>  0)) << 12)
-          |  (((sword32)((b[13]        ) >>  0)) << 20);
-    t[ 4] =  (((sword32)((b[14]        ) >>  0)) <<  0)
+          |  (((sword32)((b[13]        ) >>  0)) << 20));
+    t[ 4] = (word64)(
+             (((sword32)((b[14]        ) >>  0)) <<  0)
           |  (((sword32)((b[15]        ) >>  0)) <<  8)
           |  (((sword32)((b[16]        ) >>  0)) << 16)
-          | ((((sword32)((b[17] & 0xf )) >>  0)) << 24);
-    t[ 5] =  (((sword32)((b[17]        ) >>  4)) <<  0)
+          | ((((sword32)((b[17] & 0xf )) >>  0)) << 24));
+    t[ 5] = (word64)(
+             (((sword32)((b[17]        ) >>  4)) <<  0)
           |  (((sword32)((b[18]        ) >>  0)) <<  4)
           |  (((sword32)((b[19]        ) >>  0)) << 12)
-          |  (((sword32)((b[20]        ) >>  0)) << 20);
-    t[ 6] =  (((sword32)((b[21]        ) >>  0)) <<  0)
+          |  (((sword32)((b[20]        ) >>  0)) << 20));
+    t[ 6] = (word64)(
+             (((sword32)((b[21]        ) >>  0)) <<  0)
           |  (((sword32)((b[22]        ) >>  0)) <<  8)
           |  (((sword32)((b[23]        ) >>  0)) << 16)
-          | ((((sword32)((b[24] & 0xf )) >>  0)) << 24);
-    t[ 7] =  (((sword32)((b[24]        ) >>  4)) <<  0)
+          | ((((sword32)((b[24] & 0xf )) >>  0)) << 24));
+    t[ 7] = (word64)(
+             (((sword32)((b[24]        ) >>  4)) <<  0)
           |  (((sword32)((b[25]        ) >>  0)) <<  4)
           |  (((sword32)((b[26]        ) >>  0)) << 12)
-          |  (((sword32)((b[27]        ) >>  0)) << 20);
-    t[ 8] =  (((sword32)((b[28]        ) >>  0)) <<  0)
+          |  (((sword32)((b[27]        ) >>  0)) << 20));
+    t[ 8] = (word64)(
+             (((sword32)((b[28]        ) >>  0)) <<  0)
           |  (((sword32)((b[29]        ) >>  0)) <<  8)
           |  (((sword32)((b[30]        ) >>  0)) << 16)
-          | ((((sword32)((b[31] & 0xf )) >>  0)) << 24);
-    t[ 9] =  (((sword32)((b[31]        ) >>  4)) <<  0)
+          | ((((sword32)((b[31] & 0xf )) >>  0)) << 24));
+    t[ 9] = (word64)(
+             (((sword32)((b[31]        ) >>  4)) <<  0)
           |  (((sword32)((b[32]        ) >>  0)) <<  4)
           |  (((sword32)((b[33]        ) >>  0)) << 12)
-          |  (((sword32)((b[34]        ) >>  0)) << 20);
-    t[10] =  (((sword32)((b[35]        ) >>  0)) <<  0)
+          |  (((sword32)((b[34]        ) >>  0)) << 20));
+    t[10] = (word64)(
+             (((sword32)((b[35]        ) >>  0)) <<  0)
           |  (((sword32)((b[36]        ) >>  0)) <<  8)
           |  (((sword32)((b[37]        ) >>  0)) << 16)
-          | ((((sword32)((b[38] & 0xf )) >>  0)) << 24);
-    t[11] =  (((sword32)((b[38]        ) >>  4)) <<  0)
+          | ((((sword32)((b[38] & 0xf )) >>  0)) << 24));
+    t[11] = (word64)(
+             (((sword32)((b[38]        ) >>  4)) <<  0)
           |  (((sword32)((b[39]        ) >>  0)) <<  4)
           |  (((sword32)((b[40]        ) >>  0)) << 12)
-          |  (((sword32)((b[41]        ) >>  0)) << 20);
-    t[12] =  (((sword32)((b[42]        ) >>  0)) <<  0)
+          |  (((sword32)((b[41]        ) >>  0)) << 20));
+    t[12] = (word64)(
+             (((sword32)((b[42]        ) >>  0)) <<  0)
           |  (((sword32)((b[43]        ) >>  0)) <<  8)
           |  (((sword32)((b[44]        ) >>  0)) << 16)
-          | ((((sword32)((b[45] & 0xf )) >>  0)) << 24);
-    t[13] =  (((sword32)((b[45]        ) >>  4)) <<  0)
+          | ((((sword32)((b[45] & 0xf )) >>  0)) << 24));
+    t[13] = (word64)(
+             (((sword32)((b[45]        ) >>  4)) <<  0)
           |  (((sword32)((b[46]        ) >>  0)) <<  4)
           |  (((sword32)((b[47]        ) >>  0)) << 12)
-          |  (((sword32)((b[48]        ) >>  0)) << 20);
-    t[14] =  (((sword32)((b[49]        ) >>  0)) <<  0)
+          |  (((sword32)((b[48]        ) >>  0)) << 20));
+    t[14] = (word64)(
+             (((sword32)((b[49]        ) >>  0)) <<  0)
           |  (((sword32)((b[50]        ) >>  0)) <<  8)
           |  (((sword32)((b[51]        ) >>  0)) << 16)
-          | ((((sword32)((b[52] & 0xf )) >>  0)) << 24);
-    t[15] =  (((sword32)((b[52]        ) >>  4)) <<  0)
+          | ((((sword32)((b[52] & 0xf )) >>  0)) << 24));
+    t[15] = (word64)(
+             (((sword32)((b[52]        ) >>  4)) <<  0)
           |  (((sword32)((b[53]        ) >>  0)) <<  4)
           |  (((sword32)((b[54]        ) >>  0)) << 12)
-          |  (((sword32)((b[55]        ) >>  0)) << 20);
-    t[16] =  (((sword32)((b[56]        ) >>  0)) <<  0)
+          |  (((sword32)((b[55]        ) >>  0)) << 20));
+    t[16] = (word64)(
+             (((sword32)((b[56]        ) >>  0)) <<  0)
           |  (((sword32)((b[57]        ) >>  0)) <<  8)
           |  (((sword32)((b[58]        ) >>  0)) << 16)
-          | ((((sword32)((b[59] & 0xf )) >>  0)) << 24);
-    t[17] =  (((sword32)((b[59]        ) >>  4)) <<  0)
+          | ((((sword32)((b[59] & 0xf )) >>  0)) << 24));
+    t[17] = (word64)(
+             (((sword32)((b[59]        ) >>  4)) <<  0)
           |  (((sword32)((b[60]        ) >>  0)) <<  4)
           |  (((sword32)((b[61]        ) >>  0)) << 12)
-          |  (((sword32)((b[62]        ) >>  0)) << 20);
-    t[18] =  (((sword32)((b[63]        ) >>  0)) <<  0)
+          |  (((sword32)((b[62]        ) >>  0)) << 20));
+    t[18] = (word64)(
+             (((sword32)((b[63]        ) >>  0)) <<  0)
           |  (((sword32)((b[64]        ) >>  0)) <<  8)
           |  (((sword32)((b[65]        ) >>  0)) << 16)
-          | ((((sword32)((b[66] & 0xf )) >>  0)) << 24);
-    t[19] =  (((sword32)((b[66]        ) >>  4)) <<  0)
+          | ((((sword32)((b[66] & 0xf )) >>  0)) << 24));
+    t[19] = (word64)(
+             (((sword32)((b[66]        ) >>  4)) <<  0)
           |  (((sword32)((b[67]        ) >>  0)) <<  4)
           |  (((sword32)((b[68]        ) >>  0)) << 12)
-          |  (((sword32)((b[69]        ) >>  0)) << 20);
-    t[20] =  (((sword32)((b[70]        ) >>  0)) <<  0)
+          |  (((sword32)((b[69]        ) >>  0)) << 20));
+    t[20] = (word64)(
+             (((sword32)((b[70]        ) >>  0)) <<  0)
           |  (((sword32)((b[71]        ) >>  0)) <<  8)
           |  (((sword32)((b[72]        ) >>  0)) << 16)
-          | ((((sword32)((b[73] & 0xf )) >>  0)) << 24);
-    t[21] =  (((sword32)((b[73]        ) >>  4)) <<  0)
+          | ((((sword32)((b[73] & 0xf )) >>  0)) << 24));
+    t[21] = (word64)(
+             (((sword32)((b[73]        ) >>  4)) <<  0)
           |  (((sword32)((b[74]        ) >>  0)) <<  4)
           |  (((sword32)((b[75]        ) >>  0)) << 12)
-          |  (((sword32)((b[76]        ) >>  0)) << 20);
-    t[22] =  (((sword32)((b[77]        ) >>  0)) <<  0)
+          |  (((sword32)((b[76]        ) >>  0)) << 20));
+    t[22] = (word64)(
+             (((sword32)((b[77]        ) >>  0)) <<  0)
           |  (((sword32)((b[78]        ) >>  0)) <<  8)
           |  (((sword32)((b[79]        ) >>  0)) << 16)
-          | ((((sword32)((b[80] & 0xf )) >>  0)) << 24);
-    t[23] =  (((sword32)((b[80]        ) >>  4)) <<  0)
+          | ((((sword32)((b[80] & 0xf )) >>  0)) << 24));
+    t[23] = (word64)(
+             (((sword32)((b[80]        ) >>  4)) <<  0)
           |  (((sword32)((b[81]        ) >>  0)) <<  4)
           |  (((sword32)((b[82]        ) >>  0)) << 12)
-          |  (((sword32)((b[83]        ) >>  0)) << 20);
-    t[24] =  (((sword32)((b[84]        ) >>  0)) <<  0)
+          |  (((sword32)((b[83]        ) >>  0)) << 20));
+    t[24] = (word64)(
+             (((sword32)((b[84]        ) >>  0)) <<  0)
           |  (((sword32)((b[85]        ) >>  0)) <<  8)
           |  (((sword32)((b[86]        ) >>  0)) << 16)
-          | ((((sword32)((b[87] & 0xf )) >>  0)) << 24);
-    t[25] =  (((sword32)((b[87]        ) >>  4)) <<  0)
+          | ((((sword32)((b[87] & 0xf )) >>  0)) << 24));
+    t[25] = (word64)(
+             (((sword32)((b[87]        ) >>  4)) <<  0)
           |  (((sword32)((b[88]        ) >>  0)) <<  4)
           |  (((sword32)((b[89]        ) >>  0)) << 12)
-          |  (((sword32)((b[90]        ) >>  0)) << 20);
-    t[26] =  (((sword32)((b[91]        ) >>  0)) <<  0)
+          |  (((sword32)((b[90]        ) >>  0)) << 20));
+    t[26] = (word64)(
+             (((sword32)((b[91]        ) >>  0)) <<  0)
           |  (((sword32)((b[92]        ) >>  0)) <<  8)
           |  (((sword32)((b[93]        ) >>  0)) << 16)
-          | ((((sword32)((b[94] & 0xf )) >>  0)) << 24);
-    t[27] =  (((sword32)((b[94]        ) >>  4)) <<  0)
+          | ((((sword32)((b[94] & 0xf )) >>  0)) << 24));
+    t[27] = (word64)(
+             (((sword32)((b[94]        ) >>  4)) <<  0)
           |  (((sword32)((b[95]        ) >>  0)) <<  4)
           |  (((sword32)((b[96]        ) >>  0)) << 12)
-          |  (((sword32)((b[97]        ) >>  0)) << 20);
-    t[28] =  (((sword32)((b[98]        ) >>  0)) <<  0)
+          |  (((sword32)((b[97]        ) >>  0)) << 20));
+    t[28] = (word64)(
+             (((sword32)((b[98]        ) >>  0)) <<  0)
           |  (((sword32)((b[99]        ) >>  0)) <<  8)
           |  (((sword32)((b[100]        ) >>  0)) << 16)
-          | ((((sword32)((b[101] & 0xf )) >>  0)) << 24);
-    t[29] =  (((sword32)((b[101]        ) >>  4)) <<  0)
+          | ((((sword32)((b[101] & 0xf )) >>  0)) << 24));
+    t[29] = (word64)(
+             (((sword32)((b[101]        ) >>  4)) <<  0)
           |  (((sword32)((b[102]        ) >>  0)) <<  4)
           |  (((sword32)((b[103]        ) >>  0)) << 12)
-          |  (((sword32)((b[104]        ) >>  0)) << 20);
-    t[30] =  (((sword32)((b[105]        ) >>  0)) <<  0)
+          |  (((sword32)((b[104]        ) >>  0)) << 20));
+    t[30] = (word64)(
+             (((sword32)((b[105]        ) >>  0)) <<  0)
           |  (((sword32)((b[106]        ) >>  0)) <<  8)
           |  (((sword32)((b[107]        ) >>  0)) << 16)
-          | ((((sword32)((b[108] & 0xf )) >>  0)) << 24);
-    t[31] =  (((sword32)((b[108]        ) >>  4)) <<  0)
+          | ((((sword32)((b[108] & 0xf )) >>  0)) << 24));
+    t[31] = (word64)(
+             (((sword32)((b[108]        ) >>  4)) <<  0)
           |  (((sword32)((b[109]        ) >>  0)) <<  4)
           |  (((sword32)((b[110]        ) >>  0)) << 12)
-          |  (((sword32)((b[111]        ) >>  0)) << 20);
-    t[32] =  (((sword32)((b[112]        ) >>  0)) <<  0)
-          |  (((sword32)((b[113]        ) >>  0)) <<  8);
+          |  (((sword32)((b[111]        ) >>  0)) << 20));
+    t[32] = (word64)(
+             (((sword32)((b[112]        ) >>  0)) <<  0)
+          |  (((sword32)((b[113]        ) >>  0)) <<  8));
 
     /* Mod curve order */
     /* 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d */
@@ -5453,56 +5542,56 @@ void sc448_reduce(byte* b)
     b[ 0] = (byte)(d[0 ] >>  0);
     b[ 1] = (byte)(d[0 ] >>  8);
     b[ 2] = (byte)(d[0 ] >> 16);
-    b[ 3] = (byte)((d[0 ] >> 24) + ((d[1 ] >>  0) <<  4));
+    b[ 3] = (byte)((byte)(d[0 ] >> 24) + (byte)((d[1 ] >>  0) <<  4));
     b[ 4] = (byte)(d[1 ] >>  4);
     b[ 5] = (byte)(d[1 ] >> 12);
     b[ 6] = (byte)(d[1 ] >> 20);
     b[ 7] = (byte)(d[2 ] >>  0);
     b[ 8] = (byte)(d[2 ] >>  8);
     b[ 9] = (byte)(d[2 ] >> 16);
-    b[10] = (byte)((d[2 ] >> 24) + ((d[3 ] >>  0) <<  4));
+    b[10] = (byte)((byte)(d[2 ] >> 24) + (byte)((d[3 ] >>  0) <<  4));
     b[11] = (byte)(d[3 ] >>  4);
     b[12] = (byte)(d[3 ] >> 12);
     b[13] = (byte)(d[3 ] >> 20);
     b[14] = (byte)(d[4 ] >>  0);
     b[15] = (byte)(d[4 ] >>  8);
     b[16] = (byte)(d[4 ] >> 16);
-    b[17] = (byte)((d[4 ] >> 24) + ((d[5 ] >>  0) <<  4));
+    b[17] = (byte)((byte)(d[4 ] >> 24) + (byte)((d[5 ] >>  0) <<  4));
     b[18] = (byte)(d[5 ] >>  4);
     b[19] = (byte)(d[5 ] >> 12);
     b[20] = (byte)(d[5 ] >> 20);
     b[21] = (byte)(d[6 ] >>  0);
     b[22] = (byte)(d[6 ] >>  8);
     b[23] = (byte)(d[6 ] >> 16);
-    b[24] = (byte)((d[6 ] >> 24) + ((d[7 ] >>  0) <<  4));
+    b[24] = (byte)((byte)(d[6 ] >> 24) + (byte)((d[7 ] >>  0) <<  4));
     b[25] = (byte)(d[7 ] >>  4);
     b[26] = (byte)(d[7 ] >> 12);
     b[27] = (byte)(d[7 ] >> 20);
     b[28] = (byte)(d[8 ] >>  0);
     b[29] = (byte)(d[8 ] >>  8);
     b[30] = (byte)(d[8 ] >> 16);
-    b[31] = (byte)((d[8 ] >> 24) + ((d[9 ] >>  0) <<  4));
+    b[31] = (byte)((byte)(d[8 ] >> 24) + (byte)((d[9 ] >>  0) <<  4));
     b[32] = (byte)(d[9 ] >>  4);
     b[33] = (byte)(d[9 ] >> 12);
     b[34] = (byte)(d[9 ] >> 20);
     b[35] = (byte)(d[10] >>  0);
     b[36] = (byte)(d[10] >>  8);
     b[37] = (byte)(d[10] >> 16);
-    b[38] = (byte)((d[10] >> 24) + ((d[11] >>  0) <<  4));
+    b[38] = (byte)((byte)(d[10] >> 24) + (byte)((d[11] >>  0) <<  4));
     b[39] = (byte)(d[11] >>  4);
     b[40] = (byte)(d[11] >> 12);
     b[41] = (byte)(d[11] >> 20);
     b[42] = (byte)(d[12] >>  0);
     b[43] = (byte)(d[12] >>  8);
     b[44] = (byte)(d[12] >> 16);
-    b[45] = (byte)((d[12] >> 24) + ((d[13] >>  0) <<  4));
+    b[45] = (byte)((byte)(d[12] >> 24) + (byte)((d[13] >>  0) <<  4));
     b[46] = (byte)(d[13] >>  4);
     b[47] = (byte)(d[13] >> 12);
     b[48] = (byte)(d[13] >> 20);
     b[49] = (byte)(d[14] >>  0);
     b[50] = (byte)(d[14] >>  8);
     b[51] = (byte)(d[14] >> 16);
-    b[52] = (byte)((d[14] >> 24) + ((d[15] >>  0) <<  4));
+    b[52] = (byte)((byte)(d[14] >> 24) + (byte)((d[15] >>  0) <<  4));
     b[53] = (byte)(d[15] >>  4);
     b[54] = (byte)(d[15] >> 12);
     b[55] = (byte)(d[15] >> 20);
@@ -5522,460 +5611,509 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     word64 t[32];
     word64 c;
     word32 o;
+    sword32 u;
 
     /* Load from bytes */
-    ad[ 0] =  (((sword32)((a[ 0]        ) >>  0)) <<  0)
+    ad[ 0] = (word32)(
+              (((sword32)((a[ 0]        ) >>  0)) <<  0)
            |  (((sword32)((a[ 1]        ) >>  0)) <<  8)
            |  (((sword32)((a[ 2]        ) >>  0)) << 16)
-           | ((((sword32)((a[ 3] & 0xf )) >>  0)) << 24);
-    ad[ 1] =  (((sword32)((a[ 3]        ) >>  4)) <<  0)
+           | ((((sword32)((a[ 3] & 0xf )) >>  0)) << 24));
+    ad[ 1] = (word32)(
+              (((sword32)((a[ 3]        ) >>  4)) <<  0)
            |  (((sword32)((a[ 4]        ) >>  0)) <<  4)
            |  (((sword32)((a[ 5]        ) >>  0)) << 12)
-           |  (((sword32)((a[ 6]        ) >>  0)) << 20);
-    ad[ 2] =  (((sword32)((a[ 7]        ) >>  0)) <<  0)
+           |  (((sword32)((a[ 6]        ) >>  0)) << 20));
+    ad[ 2] = (word32)(
+              (((sword32)((a[ 7]        ) >>  0)) <<  0)
            |  (((sword32)((a[ 8]        ) >>  0)) <<  8)
            |  (((sword32)((a[ 9]        ) >>  0)) << 16)
-           | ((((sword32)((a[10] & 0xf )) >>  0)) << 24);
-    ad[ 3] =  (((sword32)((a[10]        ) >>  4)) <<  0)
+           | ((((sword32)((a[10] & 0xf )) >>  0)) << 24));
+    ad[ 3] = (word32)(
+              (((sword32)((a[10]        ) >>  4)) <<  0)
            |  (((sword32)((a[11]        ) >>  0)) <<  4)
            |  (((sword32)((a[12]        ) >>  0)) << 12)
-           |  (((sword32)((a[13]        ) >>  0)) << 20);
-    ad[ 4] =  (((sword32)((a[14]        ) >>  0)) <<  0)
+           |  (((sword32)((a[13]        ) >>  0)) << 20));
+    ad[ 4] = (word32)(
+              (((sword32)((a[14]        ) >>  0)) <<  0)
            |  (((sword32)((a[15]        ) >>  0)) <<  8)
            |  (((sword32)((a[16]        ) >>  0)) << 16)
-           | ((((sword32)((a[17] & 0xf )) >>  0)) << 24);
-    ad[ 5] =  (((sword32)((a[17]        ) >>  4)) <<  0)
+           | ((((sword32)((a[17] & 0xf )) >>  0)) << 24));
+    ad[ 5] = (word32)(
+              (((sword32)((a[17]        ) >>  4)) <<  0)
            |  (((sword32)((a[18]        ) >>  0)) <<  4)
            |  (((sword32)((a[19]        ) >>  0)) << 12)
-           |  (((sword32)((a[20]        ) >>  0)) << 20);
-    ad[ 6] =  (((sword32)((a[21]        ) >>  0)) <<  0)
+           |  (((sword32)((a[20]        ) >>  0)) << 20));
+    ad[ 6] = (word32)(
+              (((sword32)((a[21]        ) >>  0)) <<  0)
            |  (((sword32)((a[22]        ) >>  0)) <<  8)
            |  (((sword32)((a[23]        ) >>  0)) << 16)
-           | ((((sword32)((a[24] & 0xf )) >>  0)) << 24);
-    ad[ 7] =  (((sword32)((a[24]        ) >>  4)) <<  0)
+           | ((((sword32)((a[24] & 0xf )) >>  0)) << 24));
+    ad[ 7] = (word32)(
+              (((sword32)((a[24]        ) >>  4)) <<  0)
            |  (((sword32)((a[25]        ) >>  0)) <<  4)
            |  (((sword32)((a[26]        ) >>  0)) << 12)
-           |  (((sword32)((a[27]        ) >>  0)) << 20);
-    ad[ 8] =  (((sword32)((a[28]        ) >>  0)) <<  0)
+           |  (((sword32)((a[27]        ) >>  0)) << 20));
+    ad[ 8] = (word32)(
+              (((sword32)((a[28]        ) >>  0)) <<  0)
            |  (((sword32)((a[29]        ) >>  0)) <<  8)
            |  (((sword32)((a[30]        ) >>  0)) << 16)
-           | ((((sword32)((a[31] & 0xf )) >>  0)) << 24);
-    ad[ 9] =  (((sword32)((a[31]        ) >>  4)) <<  0)
+           | ((((sword32)((a[31] & 0xf )) >>  0)) << 24));
+    ad[ 9] = (word32)(
+              (((sword32)((a[31]        ) >>  4)) <<  0)
            |  (((sword32)((a[32]        ) >>  0)) <<  4)
            |  (((sword32)((a[33]        ) >>  0)) << 12)
-           |  (((sword32)((a[34]        ) >>  0)) << 20);
-    ad[10] =  (((sword32)((a[35]        ) >>  0)) <<  0)
+           |  (((sword32)((a[34]        ) >>  0)) << 20));
+    ad[10] = (word32)(
+              (((sword32)((a[35]        ) >>  0)) <<  0)
            |  (((sword32)((a[36]        ) >>  0)) <<  8)
            |  (((sword32)((a[37]        ) >>  0)) << 16)
-           | ((((sword32)((a[38] & 0xf )) >>  0)) << 24);
-    ad[11] =  (((sword32)((a[38]        ) >>  4)) <<  0)
+           | ((((sword32)((a[38] & 0xf )) >>  0)) << 24));
+    ad[11] = (word32)(
+              (((sword32)((a[38]        ) >>  4)) <<  0)
            |  (((sword32)((a[39]        ) >>  0)) <<  4)
            |  (((sword32)((a[40]        ) >>  0)) << 12)
-           |  (((sword32)((a[41]        ) >>  0)) << 20);
-    ad[12] =  (((sword32)((a[42]        ) >>  0)) <<  0)
+           |  (((sword32)((a[41]        ) >>  0)) << 20));
+    ad[12] = (word32)(
+              (((sword32)((a[42]        ) >>  0)) <<  0)
            |  (((sword32)((a[43]        ) >>  0)) <<  8)
            |  (((sword32)((a[44]        ) >>  0)) << 16)
-           | ((((sword32)((a[45] & 0xf )) >>  0)) << 24);
-    ad[13] =  (((sword32)((a[45]        ) >>  4)) <<  0)
+           | ((((sword32)((a[45] & 0xf )) >>  0)) << 24));
+    ad[13] = (word32)(
+              (((sword32)((a[45]        ) >>  4)) <<  0)
            |  (((sword32)((a[46]        ) >>  0)) <<  4)
            |  (((sword32)((a[47]        ) >>  0)) << 12)
-           |  (((sword32)((a[48]        ) >>  0)) << 20);
-    ad[14] =  (((sword32)((a[49]        ) >>  0)) <<  0)
+           |  (((sword32)((a[48]        ) >>  0)) << 20));
+    ad[14] = (word32)(
+              (((sword32)((a[49]        ) >>  0)) <<  0)
            |  (((sword32)((a[50]        ) >>  0)) <<  8)
            |  (((sword32)((a[51]        ) >>  0)) << 16)
-           | ((((sword32)((a[52] & 0xf )) >>  0)) << 24);
-    ad[15] =  (((sword32)((a[52]        ) >>  4)) <<  0)
+           | ((((sword32)((a[52] & 0xf )) >>  0)) << 24));
+    ad[15] = (word32)(
+              (((sword32)((a[52]        ) >>  4)) <<  0)
            |  (((sword32)((a[53]        ) >>  0)) <<  4)
            |  (((sword32)((a[54]        ) >>  0)) << 12)
-           |  (((sword32)((a[55]        ) >>  0)) << 20);
+           |  (((sword32)((a[55]        ) >>  0)) << 20));
     /* Load from bytes */
-    bd[ 0] =  (((sword32)((b[ 0]        ) >>  0)) <<  0)
+    bd[ 0] = (word32)(
+              (((sword32)((b[ 0]        ) >>  0)) <<  0)
            |  (((sword32)((b[ 1]        ) >>  0)) <<  8)
            |  (((sword32)((b[ 2]        ) >>  0)) << 16)
-           | ((((sword32)((b[ 3] & 0xf )) >>  0)) << 24);
-    bd[ 1] =  (((sword32)((b[ 3]        ) >>  4)) <<  0)
+           | ((((sword32)((b[ 3] & 0xf )) >>  0)) << 24));
+    bd[ 1] = (word32)(
+              (((sword32)((b[ 3]        ) >>  4)) <<  0)
            |  (((sword32)((b[ 4]        ) >>  0)) <<  4)
            |  (((sword32)((b[ 5]        ) >>  0)) << 12)
-           |  (((sword32)((b[ 6]        ) >>  0)) << 20);
-    bd[ 2] =  (((sword32)((b[ 7]        ) >>  0)) <<  0)
+           |  (((sword32)((b[ 6]        ) >>  0)) << 20));
+    bd[ 2] = (word32)(
+              (((sword32)((b[ 7]        ) >>  0)) <<  0)
            |  (((sword32)((b[ 8]        ) >>  0)) <<  8)
            |  (((sword32)((b[ 9]        ) >>  0)) << 16)
-           | ((((sword32)((b[10] & 0xf )) >>  0)) << 24);
-    bd[ 3] =  (((sword32)((b[10]        ) >>  4)) <<  0)
+           | ((((sword32)((b[10] & 0xf )) >>  0)) << 24));
+    bd[ 3] = (word32)(
+              (((sword32)((b[10]        ) >>  4)) <<  0)
            |  (((sword32)((b[11]        ) >>  0)) <<  4)
            |  (((sword32)((b[12]        ) >>  0)) << 12)
-           |  (((sword32)((b[13]        ) >>  0)) << 20);
-    bd[ 4] =  (((sword32)((b[14]        ) >>  0)) <<  0)
+           |  (((sword32)((b[13]        ) >>  0)) << 20));
+    bd[ 4] = (word32)(
+              (((sword32)((b[14]        ) >>  0)) <<  0)
            |  (((sword32)((b[15]        ) >>  0)) <<  8)
            |  (((sword32)((b[16]        ) >>  0)) << 16)
-           | ((((sword32)((b[17] & 0xf )) >>  0)) << 24);
-    bd[ 5] =  (((sword32)((b[17]        ) >>  4)) <<  0)
+           | ((((sword32)((b[17] & 0xf )) >>  0)) << 24));
+    bd[ 5] = (word32)(
+              (((sword32)((b[17]        ) >>  4)) <<  0)
            |  (((sword32)((b[18]        ) >>  0)) <<  4)
            |  (((sword32)((b[19]        ) >>  0)) << 12)
-           |  (((sword32)((b[20]        ) >>  0)) << 20);
-    bd[ 6] =  (((sword32)((b[21]        ) >>  0)) <<  0)
+           |  (((sword32)((b[20]        ) >>  0)) << 20));
+    bd[ 6] = (word32)(
+              (((sword32)((b[21]        ) >>  0)) <<  0)
            |  (((sword32)((b[22]        ) >>  0)) <<  8)
            |  (((sword32)((b[23]        ) >>  0)) << 16)
-           | ((((sword32)((b[24] & 0xf )) >>  0)) << 24);
-    bd[ 7] =  (((sword32)((b[24]        ) >>  4)) <<  0)
+           | ((((sword32)((b[24] & 0xf )) >>  0)) << 24));
+    bd[ 7] = (word32)(
+              (((sword32)((b[24]        ) >>  4)) <<  0)
            |  (((sword32)((b[25]        ) >>  0)) <<  4)
            |  (((sword32)((b[26]        ) >>  0)) << 12)
-           |  (((sword32)((b[27]        ) >>  0)) << 20);
-    bd[ 8] =  (((sword32)((b[28]        ) >>  0)) <<  0)
+           |  (((sword32)((b[27]        ) >>  0)) << 20));
+    bd[ 8] = (word32)(
+              (((sword32)((b[28]        ) >>  0)) <<  0)
            |  (((sword32)((b[29]        ) >>  0)) <<  8)
            |  (((sword32)((b[30]        ) >>  0)) << 16)
-           | ((((sword32)((b[31] & 0xf )) >>  0)) << 24);
-    bd[ 9] =  (((sword32)((b[31]        ) >>  4)) <<  0)
+           | ((((sword32)((b[31] & 0xf )) >>  0)) << 24));
+    bd[ 9] = (word32)(
+              (((sword32)((b[31]        ) >>  4)) <<  0)
            |  (((sword32)((b[32]        ) >>  0)) <<  4)
            |  (((sword32)((b[33]        ) >>  0)) << 12)
-           |  (((sword32)((b[34]        ) >>  0)) << 20);
-    bd[10] =  (((sword32)((b[35]        ) >>  0)) <<  0)
+           |  (((sword32)((b[34]        ) >>  0)) << 20));
+    bd[10] = (word32)(
+              (((sword32)((b[35]        ) >>  0)) <<  0)
            |  (((sword32)((b[36]        ) >>  0)) <<  8)
            |  (((sword32)((b[37]        ) >>  0)) << 16)
-           | ((((sword32)((b[38] & 0xf )) >>  0)) << 24);
-    bd[11] =  (((sword32)((b[38]        ) >>  4)) <<  0)
+           | ((((sword32)((b[38] & 0xf )) >>  0)) << 24));
+    bd[11] = (word32)(
+              (((sword32)((b[38]        ) >>  4)) <<  0)
            |  (((sword32)((b[39]        ) >>  0)) <<  4)
            |  (((sword32)((b[40]        ) >>  0)) << 12)
-           |  (((sword32)((b[41]        ) >>  0)) << 20);
-    bd[12] =  (((sword32)((b[42]        ) >>  0)) <<  0)
+           |  (((sword32)((b[41]        ) >>  0)) << 20));
+    bd[12] = (word32)(
+              (((sword32)((b[42]        ) >>  0)) <<  0)
            |  (((sword32)((b[43]        ) >>  0)) <<  8)
            |  (((sword32)((b[44]        ) >>  0)) << 16)
-           | ((((sword32)((b[45] & 0xf )) >>  0)) << 24);
-    bd[13] =  (((sword32)((b[45]        ) >>  4)) <<  0)
+           | ((((sword32)((b[45] & 0xf )) >>  0)) << 24));
+    bd[13] = (word32)(
+              (((sword32)((b[45]        ) >>  4)) <<  0)
            |  (((sword32)((b[46]        ) >>  0)) <<  4)
            |  (((sword32)((b[47]        ) >>  0)) << 12)
-           |  (((sword32)((b[48]        ) >>  0)) << 20);
-    bd[14] =  (((sword32)((b[49]        ) >>  0)) <<  0)
+           |  (((sword32)((b[48]        ) >>  0)) << 20));
+    bd[14] = (word32)(
+              (((sword32)((b[49]        ) >>  0)) <<  0)
            |  (((sword32)((b[50]        ) >>  0)) <<  8)
            |  (((sword32)((b[51]        ) >>  0)) << 16)
-           | ((((sword32)((b[52] & 0xf )) >>  0)) << 24);
-    bd[15] =  (((sword32)((b[52]        ) >>  4)) <<  0)
+           | ((((sword32)((b[52] & 0xf )) >>  0)) << 24));
+    bd[15] = (word32)(
+              (((sword32)((b[52]        ) >>  4)) <<  0)
            |  (((sword32)((b[53]        ) >>  0)) <<  4)
            |  (((sword32)((b[54]        ) >>  0)) << 12)
-           |  (((sword32)((b[55]        ) >>  0)) << 20);
+           |  (((sword32)((b[55]        ) >>  0)) << 20));
     /* Load from bytes */
-    dd[ 0] =  (((sword32)((d[ 0]        ) >>  0)) <<  0)
+    dd[ 0] = (word32)(
+              (((sword32)((d[ 0]        ) >>  0)) <<  0)
            |  (((sword32)((d[ 1]        ) >>  0)) <<  8)
            |  (((sword32)((d[ 2]        ) >>  0)) << 16)
-           | ((((sword32)((d[ 3] & 0xf )) >>  0)) << 24);
-    dd[ 1] =  (((sword32)((d[ 3]        ) >>  4)) <<  0)
+           | ((((sword32)((d[ 3] & 0xf )) >>  0)) << 24));
+    dd[ 1] = (word32)(
+              (((sword32)((d[ 3]        ) >>  4)) <<  0)
            |  (((sword32)((d[ 4]        ) >>  0)) <<  4)
            |  (((sword32)((d[ 5]        ) >>  0)) << 12)
-           |  (((sword32)((d[ 6]        ) >>  0)) << 20);
-    dd[ 2] =  (((sword32)((d[ 7]        ) >>  0)) <<  0)
+           |  (((sword32)((d[ 6]        ) >>  0)) << 20));
+    dd[ 2] = (word32)(
+              (((sword32)((d[ 7]        ) >>  0)) <<  0)
            |  (((sword32)((d[ 8]        ) >>  0)) <<  8)
            |  (((sword32)((d[ 9]        ) >>  0)) << 16)
-           | ((((sword32)((d[10] & 0xf )) >>  0)) << 24);
-    dd[ 3] =  (((sword32)((d[10]        ) >>  4)) <<  0)
+           | ((((sword32)((d[10] & 0xf )) >>  0)) << 24));
+    dd[ 3] = (word32)(
+              (((sword32)((d[10]        ) >>  4)) <<  0)
            |  (((sword32)((d[11]        ) >>  0)) <<  4)
            |  (((sword32)((d[12]        ) >>  0)) << 12)
-           |  (((sword32)((d[13]        ) >>  0)) << 20);
-    dd[ 4] =  (((sword32)((d[14]        ) >>  0)) <<  0)
+           |  (((sword32)((d[13]        ) >>  0)) << 20));
+    dd[ 4] = (word32)(
+              (((sword32)((d[14]        ) >>  0)) <<  0)
            |  (((sword32)((d[15]        ) >>  0)) <<  8)
            |  (((sword32)((d[16]        ) >>  0)) << 16)
-           | ((((sword32)((d[17] & 0xf )) >>  0)) << 24);
-    dd[ 5] =  (((sword32)((d[17]        ) >>  4)) <<  0)
+           | ((((sword32)((d[17] & 0xf )) >>  0)) << 24));
+    dd[ 5] = (word32)(
+              (((sword32)((d[17]        ) >>  4)) <<  0)
            |  (((sword32)((d[18]        ) >>  0)) <<  4)
            |  (((sword32)((d[19]        ) >>  0)) << 12)
-           |  (((sword32)((d[20]        ) >>  0)) << 20);
-    dd[ 6] =  (((sword32)((d[21]        ) >>  0)) <<  0)
+           |  (((sword32)((d[20]        ) >>  0)) << 20));
+    dd[ 6] = (word32)(
+              (((sword32)((d[21]        ) >>  0)) <<  0)
            |  (((sword32)((d[22]        ) >>  0)) <<  8)
            |  (((sword32)((d[23]        ) >>  0)) << 16)
-           | ((((sword32)((d[24] & 0xf )) >>  0)) << 24);
-    dd[ 7] =  (((sword32)((d[24]        ) >>  4)) <<  0)
+           | ((((sword32)((d[24] & 0xf )) >>  0)) << 24));
+    dd[ 7] = (word32)(
+              (((sword32)((d[24]        ) >>  4)) <<  0)
            |  (((sword32)((d[25]        ) >>  0)) <<  4)
            |  (((sword32)((d[26]        ) >>  0)) << 12)
-           |  (((sword32)((d[27]        ) >>  0)) << 20);
-    dd[ 8] =  (((sword32)((d[28]        ) >>  0)) <<  0)
+           |  (((sword32)((d[27]        ) >>  0)) << 20));
+    dd[ 8] = (word32)(
+              (((sword32)((d[28]        ) >>  0)) <<  0)
            |  (((sword32)((d[29]        ) >>  0)) <<  8)
            |  (((sword32)((d[30]        ) >>  0)) << 16)
-           | ((((sword32)((d[31] & 0xf )) >>  0)) << 24);
-    dd[ 9] =  (((sword32)((d[31]        ) >>  4)) <<  0)
+           | ((((sword32)((d[31] & 0xf )) >>  0)) << 24));
+    dd[ 9] = (word32)(
+              (((sword32)((d[31]        ) >>  4)) <<  0)
            |  (((sword32)((d[32]        ) >>  0)) <<  4)
            |  (((sword32)((d[33]        ) >>  0)) << 12)
-           |  (((sword32)((d[34]        ) >>  0)) << 20);
-    dd[10] =  (((sword32)((d[35]        ) >>  0)) <<  0)
+           |  (((sword32)((d[34]        ) >>  0)) << 20));
+    dd[10] = (word32)(
+              (((sword32)((d[35]        ) >>  0)) <<  0)
            |  (((sword32)((d[36]        ) >>  0)) <<  8)
            |  (((sword32)((d[37]        ) >>  0)) << 16)
-           | ((((sword32)((d[38] & 0xf )) >>  0)) << 24);
-    dd[11] =  (((sword32)((d[38]        ) >>  4)) <<  0)
+           | ((((sword32)((d[38] & 0xf )) >>  0)) << 24));
+    dd[11] = (word32)(
+              (((sword32)((d[38]        ) >>  4)) <<  0)
            |  (((sword32)((d[39]        ) >>  0)) <<  4)
            |  (((sword32)((d[40]        ) >>  0)) << 12)
-           |  (((sword32)((d[41]        ) >>  0)) << 20);
-    dd[12] =  (((sword32)((d[42]        ) >>  0)) <<  0)
+           |  (((sword32)((d[41]        ) >>  0)) << 20));
+    dd[12] = (word32)(
+              (((sword32)((d[42]        ) >>  0)) <<  0)
            |  (((sword32)((d[43]        ) >>  0)) <<  8)
            |  (((sword32)((d[44]        ) >>  0)) << 16)
-           | ((((sword32)((d[45] & 0xf )) >>  0)) << 24);
-    dd[13] =  (((sword32)((d[45]        ) >>  4)) <<  0)
+           | ((((sword32)((d[45] & 0xf )) >>  0)) << 24));
+    dd[13] = (word32)(
+              (((sword32)((d[45]        ) >>  4)) <<  0)
            |  (((sword32)((d[46]        ) >>  0)) <<  4)
            |  (((sword32)((d[47]        ) >>  0)) << 12)
-           |  (((sword32)((d[48]        ) >>  0)) << 20);
-    dd[14] =  (((sword32)((d[49]        ) >>  0)) <<  0)
+           |  (((sword32)((d[48]        ) >>  0)) << 20));
+    dd[14] = (word32)(
+              (((sword32)((d[49]        ) >>  0)) <<  0)
            |  (((sword32)((d[50]        ) >>  0)) <<  8)
            |  (((sword32)((d[51]        ) >>  0)) << 16)
-           | ((((sword32)((d[52] & 0xf )) >>  0)) << 24);
-    dd[15] =  (((sword32)((d[52]        ) >>  4)) <<  0)
+           | ((((sword32)((d[52] & 0xf )) >>  0)) << 24));
+    dd[15] = (word32)(
+              (((sword32)((d[52]        ) >>  4)) <<  0)
            |  (((sword32)((d[53]        ) >>  0)) <<  4)
            |  (((sword32)((d[54]        ) >>  0)) << 12)
-           |  (((sword32)((d[55]        ) >>  0)) << 20);
+           |  (((sword32)((d[55]        ) >>  0)) << 20));
 
     /* a * b + d */
-    t[ 0] = (word64)dd[ 0] + (sword64)ad[ 0] * bd[ 0];
-    t[ 1] = (word64)dd[ 1] + (sword64)ad[ 0] * bd[ 1]
-                           + (sword64)ad[ 1] * bd[ 0];
-    t[ 2] = (word64)dd[ 2] + (sword64)ad[ 0] * bd[ 2]
-                           + (sword64)ad[ 1] * bd[ 1]
-                           + (sword64)ad[ 2] * bd[ 0];
-    t[ 3] = (word64)dd[ 3] + (sword64)ad[ 0] * bd[ 3]
-                           + (sword64)ad[ 1] * bd[ 2]
-                           + (sword64)ad[ 2] * bd[ 1]
-                           + (sword64)ad[ 3] * bd[ 0];
-    t[ 4] = (word64)dd[ 4] + (sword64)ad[ 0] * bd[ 4]
-                           + (sword64)ad[ 1] * bd[ 3]
-                           + (sword64)ad[ 2] * bd[ 2]
-                           + (sword64)ad[ 3] * bd[ 1]
-                           + (sword64)ad[ 4] * bd[ 0];
-    t[ 5] = (word64)dd[ 5] + (sword64)ad[ 0] * bd[ 5]
-                           + (sword64)ad[ 1] * bd[ 4]
-                           + (sword64)ad[ 2] * bd[ 3]
-                           + (sword64)ad[ 3] * bd[ 2]
-                           + (sword64)ad[ 4] * bd[ 1]
-                           + (sword64)ad[ 5] * bd[ 0];
-    t[ 6] = (word64)dd[ 6] + (sword64)ad[ 0] * bd[ 6]
-                           + (sword64)ad[ 1] * bd[ 5]
-                           + (sword64)ad[ 2] * bd[ 4]
-                           + (sword64)ad[ 3] * bd[ 3]
-                           + (sword64)ad[ 4] * bd[ 2]
-                           + (sword64)ad[ 5] * bd[ 1]
-                           + (sword64)ad[ 6] * bd[ 0];
-    t[ 7] = (word64)dd[ 7] + (sword64)ad[ 0] * bd[ 7]
-                           + (sword64)ad[ 1] * bd[ 6]
-                           + (sword64)ad[ 2] * bd[ 5]
-                           + (sword64)ad[ 3] * bd[ 4]
-                           + (sword64)ad[ 4] * bd[ 3]
-                           + (sword64)ad[ 5] * bd[ 2]
-                           + (sword64)ad[ 6] * bd[ 1]
-                           + (sword64)ad[ 7] * bd[ 0];
-    t[ 8] = (word64)dd[ 8] + (sword64)ad[ 0] * bd[ 8]
-                           + (sword64)ad[ 1] * bd[ 7]
-                           + (sword64)ad[ 2] * bd[ 6]
-                           + (sword64)ad[ 3] * bd[ 5]
-                           + (sword64)ad[ 4] * bd[ 4]
-                           + (sword64)ad[ 5] * bd[ 3]
-                           + (sword64)ad[ 6] * bd[ 2]
-                           + (sword64)ad[ 7] * bd[ 1]
-                           + (sword64)ad[ 8] * bd[ 0];
-    t[ 9] = (word64)dd[ 9] + (sword64)ad[ 0] * bd[ 9]
-                           + (sword64)ad[ 1] * bd[ 8]
-                           + (sword64)ad[ 2] * bd[ 7]
-                           + (sword64)ad[ 3] * bd[ 6]
-                           + (sword64)ad[ 4] * bd[ 5]
-                           + (sword64)ad[ 5] * bd[ 4]
-                           + (sword64)ad[ 6] * bd[ 3]
-                           + (sword64)ad[ 7] * bd[ 2]
-                           + (sword64)ad[ 8] * bd[ 1]
-                           + (sword64)ad[ 9] * bd[ 0];
-    t[10] = (word64)dd[10] + (sword64)ad[ 0] * bd[10]
-                           + (sword64)ad[ 1] * bd[ 9]
-                           + (sword64)ad[ 2] * bd[ 8]
-                           + (sword64)ad[ 3] * bd[ 7]
-                           + (sword64)ad[ 4] * bd[ 6]
-                           + (sword64)ad[ 5] * bd[ 5]
-                           + (sword64)ad[ 6] * bd[ 4]
-                           + (sword64)ad[ 7] * bd[ 3]
-                           + (sword64)ad[ 8] * bd[ 2]
-                           + (sword64)ad[ 9] * bd[ 1]
-                           + (sword64)ad[10] * bd[ 0];
-    t[11] = (word64)dd[11] + (sword64)ad[ 0] * bd[11]
-                           + (sword64)ad[ 1] * bd[10]
-                           + (sword64)ad[ 2] * bd[ 9]
-                           + (sword64)ad[ 3] * bd[ 8]
-                           + (sword64)ad[ 4] * bd[ 7]
-                           + (sword64)ad[ 5] * bd[ 6]
-                           + (sword64)ad[ 6] * bd[ 5]
-                           + (sword64)ad[ 7] * bd[ 4]
-                           + (sword64)ad[ 8] * bd[ 3]
-                           + (sword64)ad[ 9] * bd[ 2]
-                           + (sword64)ad[10] * bd[ 1]
-                           + (sword64)ad[11] * bd[ 0];
-    t[12] = (word64)dd[12] + (sword64)ad[ 0] * bd[12]
-                           + (sword64)ad[ 1] * bd[11]
-                           + (sword64)ad[ 2] * bd[10]
-                           + (sword64)ad[ 3] * bd[ 9]
-                           + (sword64)ad[ 4] * bd[ 8]
-                           + (sword64)ad[ 5] * bd[ 7]
-                           + (sword64)ad[ 6] * bd[ 6]
-                           + (sword64)ad[ 7] * bd[ 5]
-                           + (sword64)ad[ 8] * bd[ 4]
-                           + (sword64)ad[ 9] * bd[ 3]
-                           + (sword64)ad[10] * bd[ 2]
-                           + (sword64)ad[11] * bd[ 1]
-                           + (sword64)ad[12] * bd[ 0];
-    t[13] = (word64)dd[13] + (sword64)ad[ 0] * bd[13]
-                           + (sword64)ad[ 1] * bd[12]
-                           + (sword64)ad[ 2] * bd[11]
-                           + (sword64)ad[ 3] * bd[10]
-                           + (sword64)ad[ 4] * bd[ 9]
-                           + (sword64)ad[ 5] * bd[ 8]
-                           + (sword64)ad[ 6] * bd[ 7]
-                           + (sword64)ad[ 7] * bd[ 6]
-                           + (sword64)ad[ 8] * bd[ 5]
-                           + (sword64)ad[ 9] * bd[ 4]
-                           + (sword64)ad[10] * bd[ 3]
-                           + (sword64)ad[11] * bd[ 2]
-                           + (sword64)ad[12] * bd[ 1]
-                           + (sword64)ad[13] * bd[ 0];
-    t[14] = (word64)dd[14] + (sword64)ad[ 0] * bd[14]
-                           + (sword64)ad[ 1] * bd[13]
-                           + (sword64)ad[ 2] * bd[12]
-                           + (sword64)ad[ 3] * bd[11]
-                           + (sword64)ad[ 4] * bd[10]
-                           + (sword64)ad[ 5] * bd[ 9]
-                           + (sword64)ad[ 6] * bd[ 8]
-                           + (sword64)ad[ 7] * bd[ 7]
-                           + (sword64)ad[ 8] * bd[ 6]
-                           + (sword64)ad[ 9] * bd[ 5]
-                           + (sword64)ad[10] * bd[ 4]
-                           + (sword64)ad[11] * bd[ 3]
-                           + (sword64)ad[12] * bd[ 2]
-                           + (sword64)ad[13] * bd[ 1]
-                           + (sword64)ad[14] * bd[ 0];
-    t[15] = (word64)dd[15] + (sword64)ad[ 0] * bd[15]
-                           + (sword64)ad[ 1] * bd[14]
-                           + (sword64)ad[ 2] * bd[13]
-                           + (sword64)ad[ 3] * bd[12]
-                           + (sword64)ad[ 4] * bd[11]
-                           + (sword64)ad[ 5] * bd[10]
-                           + (sword64)ad[ 6] * bd[ 9]
-                           + (sword64)ad[ 7] * bd[ 8]
-                           + (sword64)ad[ 8] * bd[ 7]
-                           + (sword64)ad[ 9] * bd[ 6]
-                           + (sword64)ad[10] * bd[ 5]
-                           + (sword64)ad[11] * bd[ 4]
-                           + (sword64)ad[12] * bd[ 3]
-                           + (sword64)ad[13] * bd[ 2]
-                           + (sword64)ad[14] * bd[ 1]
-                           + (sword64)ad[15] * bd[ 0];
-    t[16] = (word64)          (sword64)ad[ 1] * bd[15]
-                           + (sword64)ad[ 2] * bd[14]
-                           + (sword64)ad[ 3] * bd[13]
-                           + (sword64)ad[ 4] * bd[12]
-                           + (sword64)ad[ 5] * bd[11]
-                           + (sword64)ad[ 6] * bd[10]
-                           + (sword64)ad[ 7] * bd[ 9]
-                           + (sword64)ad[ 8] * bd[ 8]
-                           + (sword64)ad[ 9] * bd[ 7]
-                           + (sword64)ad[10] * bd[ 6]
-                           + (sword64)ad[11] * bd[ 5]
-                           + (sword64)ad[12] * bd[ 4]
-                           + (sword64)ad[13] * bd[ 3]
-                           + (sword64)ad[14] * bd[ 2]
-                           + (sword64)ad[15] * bd[ 1];
-    t[17] = (word64)          (sword64)ad[ 2] * bd[15]
-                           + (sword64)ad[ 3] * bd[14]
-                           + (sword64)ad[ 4] * bd[13]
-                           + (sword64)ad[ 5] * bd[12]
-                           + (sword64)ad[ 6] * bd[11]
-                           + (sword64)ad[ 7] * bd[10]
-                           + (sword64)ad[ 8] * bd[ 9]
-                           + (sword64)ad[ 9] * bd[ 8]
-                           + (sword64)ad[10] * bd[ 7]
-                           + (sword64)ad[11] * bd[ 6]
-                           + (sword64)ad[12] * bd[ 5]
-                           + (sword64)ad[13] * bd[ 4]
-                           + (sword64)ad[14] * bd[ 3]
-                           + (sword64)ad[15] * bd[ 2];
-    t[18] = (word64)          (sword64)ad[ 3] * bd[15]
-                           + (sword64)ad[ 4] * bd[14]
-                           + (sword64)ad[ 5] * bd[13]
-                           + (sword64)ad[ 6] * bd[12]
-                           + (sword64)ad[ 7] * bd[11]
-                           + (sword64)ad[ 8] * bd[10]
-                           + (sword64)ad[ 9] * bd[ 9]
-                           + (sword64)ad[10] * bd[ 8]
-                           + (sword64)ad[11] * bd[ 7]
-                           + (sword64)ad[12] * bd[ 6]
-                           + (sword64)ad[13] * bd[ 5]
-                           + (sword64)ad[14] * bd[ 4]
-                           + (sword64)ad[15] * bd[ 3];
-    t[19] = (word64)          (sword64)ad[ 4] * bd[15]
-                           + (sword64)ad[ 5] * bd[14]
-                           + (sword64)ad[ 6] * bd[13]
-                           + (sword64)ad[ 7] * bd[12]
-                           + (sword64)ad[ 8] * bd[11]
-                           + (sword64)ad[ 9] * bd[10]
-                           + (sword64)ad[10] * bd[ 9]
-                           + (sword64)ad[11] * bd[ 8]
-                           + (sword64)ad[12] * bd[ 7]
-                           + (sword64)ad[13] * bd[ 6]
-                           + (sword64)ad[14] * bd[ 5]
-                           + (sword64)ad[15] * bd[ 4];
-    t[20] = (word64)          (sword64)ad[ 5] * bd[15]
-                           + (sword64)ad[ 6] * bd[14]
-                           + (sword64)ad[ 7] * bd[13]
-                           + (sword64)ad[ 8] * bd[12]
-                           + (sword64)ad[ 9] * bd[11]
-                           + (sword64)ad[10] * bd[10]
-                           + (sword64)ad[11] * bd[ 9]
-                           + (sword64)ad[12] * bd[ 8]
-                           + (sword64)ad[13] * bd[ 7]
-                           + (sword64)ad[14] * bd[ 6]
-                           + (sword64)ad[15] * bd[ 5];
-    t[21] = (word64)          (sword64)ad[ 6] * bd[15]
-                           + (sword64)ad[ 7] * bd[14]
-                           + (sword64)ad[ 8] * bd[13]
-                           + (sword64)ad[ 9] * bd[12]
-                           + (sword64)ad[10] * bd[11]
-                           + (sword64)ad[11] * bd[10]
-                           + (sword64)ad[12] * bd[ 9]
-                           + (sword64)ad[13] * bd[ 8]
-                           + (sword64)ad[14] * bd[ 7]
-                           + (sword64)ad[15] * bd[ 6];
-    t[22] = (word64)          (sword64)ad[ 7] * bd[15]
-                           + (sword64)ad[ 8] * bd[14]
-                           + (sword64)ad[ 9] * bd[13]
-                           + (sword64)ad[10] * bd[12]
-                           + (sword64)ad[11] * bd[11]
-                           + (sword64)ad[12] * bd[10]
-                           + (sword64)ad[13] * bd[ 9]
-                           + (sword64)ad[14] * bd[ 8]
-                           + (sword64)ad[15] * bd[ 7];
-    t[23] = (word64)          (sword64)ad[ 8] * bd[15]
-                           + (sword64)ad[ 9] * bd[14]
-                           + (sword64)ad[10] * bd[13]
-                           + (sword64)ad[11] * bd[12]
-                           + (sword64)ad[12] * bd[11]
-                           + (sword64)ad[13] * bd[10]
-                           + (sword64)ad[14] * bd[ 9]
-                           + (sword64)ad[15] * bd[ 8];
-    t[24] = (word64)          (sword64)ad[ 9] * bd[15]
-                           + (sword64)ad[10] * bd[14]
-                           + (sword64)ad[11] * bd[13]
-                           + (sword64)ad[12] * bd[12]
-                           + (sword64)ad[13] * bd[11]
-                           + (sword64)ad[14] * bd[10]
-                           + (sword64)ad[15] * bd[ 9];
-    t[25] = (word64)          (sword64)ad[10] * bd[15]
-                           + (sword64)ad[11] * bd[14]
-                           + (sword64)ad[12] * bd[13]
-                           + (sword64)ad[13] * bd[12]
-                           + (sword64)ad[14] * bd[11]
-                           + (sword64)ad[15] * bd[10];
-    t[26] = (word64)          (sword64)ad[11] * bd[15]
-                           + (sword64)ad[12] * bd[14]
-                           + (sword64)ad[13] * bd[13]
-                           + (sword64)ad[14] * bd[12]
-                           + (sword64)ad[15] * bd[11];
-    t[27] = (word64)          (sword64)ad[12] * bd[15]
-                           + (sword64)ad[13] * bd[14]
-                           + (sword64)ad[14] * bd[13]
-                           + (sword64)ad[15] * bd[12];
-    t[28] = (word64)          (sword64)ad[13] * bd[15]
-                           + (sword64)ad[14] * bd[14]
-                           + (sword64)ad[15] * bd[13];
-    t[29] = (word64)          (sword64)ad[14] * bd[15]
-                           + (sword64)ad[15] * bd[14];
-    t[30] = (word64)          (sword64)ad[15] * bd[15];
+    t[ 0] = (word64)(dd[ 0] + (word64)((sword64)ad[ 0] * bd[ 0]));
+    t[ 1] = (word64)(dd[ 1] + (word64)((sword64)ad[ 0] * bd[ 1]
+                                      + (sword64)ad[ 1] * bd[ 0]));
+    t[ 2] = (word64)(dd[ 2] + (word64)((sword64)ad[ 0] * bd[ 2]
+                                      + (sword64)ad[ 1] * bd[ 1]
+                                      + (sword64)ad[ 2] * bd[ 0]));
+    t[ 3] = (word64)(dd[ 3] + (word64)((sword64)ad[ 0] * bd[ 3]
+                                      + (sword64)ad[ 1] * bd[ 2]
+                                      + (sword64)ad[ 2] * bd[ 1]
+                                      + (sword64)ad[ 3] * bd[ 0]));
+    t[ 4] = (word64)(dd[ 4] + (word64)((sword64)ad[ 0] * bd[ 4]
+                                      + (sword64)ad[ 1] * bd[ 3]
+                                      + (sword64)ad[ 2] * bd[ 2]
+                                      + (sword64)ad[ 3] * bd[ 1]
+                                      + (sword64)ad[ 4] * bd[ 0]));
+    t[ 5] = (word64)(dd[ 5] + (word64)((sword64)ad[ 0] * bd[ 5]
+                                      + (sword64)ad[ 1] * bd[ 4]
+                                      + (sword64)ad[ 2] * bd[ 3]
+                                      + (sword64)ad[ 3] * bd[ 2]
+                                      + (sword64)ad[ 4] * bd[ 1]
+                                      + (sword64)ad[ 5] * bd[ 0]));
+    t[ 6] = (word64)(dd[ 6] + (word64)((sword64)ad[ 0] * bd[ 6]
+                                      + (sword64)ad[ 1] * bd[ 5]
+                                      + (sword64)ad[ 2] * bd[ 4]
+                                      + (sword64)ad[ 3] * bd[ 3]
+                                      + (sword64)ad[ 4] * bd[ 2]
+                                      + (sword64)ad[ 5] * bd[ 1]
+                                      + (sword64)ad[ 6] * bd[ 0]));
+    t[ 7] = (word64)(dd[ 7] + (word64)((sword64)ad[ 0] * bd[ 7]
+                                      + (sword64)ad[ 1] * bd[ 6]
+                                      + (sword64)ad[ 2] * bd[ 5]
+                                      + (sword64)ad[ 3] * bd[ 4]
+                                      + (sword64)ad[ 4] * bd[ 3]
+                                      + (sword64)ad[ 5] * bd[ 2]
+                                      + (sword64)ad[ 6] * bd[ 1]
+                                      + (sword64)ad[ 7] * bd[ 0]));
+    t[ 8] = (word64)(dd[ 8] + (word64)((sword64)ad[ 0] * bd[ 8]
+                                      + (sword64)ad[ 1] * bd[ 7]
+                                      + (sword64)ad[ 2] * bd[ 6]
+                                      + (sword64)ad[ 3] * bd[ 5]
+                                      + (sword64)ad[ 4] * bd[ 4]
+                                      + (sword64)ad[ 5] * bd[ 3]
+                                      + (sword64)ad[ 6] * bd[ 2]
+                                      + (sword64)ad[ 7] * bd[ 1]
+                                      + (sword64)ad[ 8] * bd[ 0]));
+    t[ 9] = (word64)(dd[ 9] + (word64)((sword64)ad[ 0] * bd[ 9]
+                                      + (sword64)ad[ 1] * bd[ 8]
+                                      + (sword64)ad[ 2] * bd[ 7]
+                                      + (sword64)ad[ 3] * bd[ 6]
+                                      + (sword64)ad[ 4] * bd[ 5]
+                                      + (sword64)ad[ 5] * bd[ 4]
+                                      + (sword64)ad[ 6] * bd[ 3]
+                                      + (sword64)ad[ 7] * bd[ 2]
+                                      + (sword64)ad[ 8] * bd[ 1]
+                                      + (sword64)ad[ 9] * bd[ 0]));
+    t[10] = (word64)(dd[10] + (word64)((sword64)ad[ 0] * bd[10]
+                                      + (sword64)ad[ 1] * bd[ 9]
+                                      + (sword64)ad[ 2] * bd[ 8]
+                                      + (sword64)ad[ 3] * bd[ 7]
+                                      + (sword64)ad[ 4] * bd[ 6]
+                                      + (sword64)ad[ 5] * bd[ 5]
+                                      + (sword64)ad[ 6] * bd[ 4]
+                                      + (sword64)ad[ 7] * bd[ 3]
+                                      + (sword64)ad[ 8] * bd[ 2]
+                                      + (sword64)ad[ 9] * bd[ 1]
+                                      + (sword64)ad[10] * bd[ 0]));
+    t[11] = (word64)(dd[11] + (word64)((sword64)ad[ 0] * bd[11]
+                                      + (sword64)ad[ 1] * bd[10]
+                                      + (sword64)ad[ 2] * bd[ 9]
+                                      + (sword64)ad[ 3] * bd[ 8]
+                                      + (sword64)ad[ 4] * bd[ 7]
+                                      + (sword64)ad[ 5] * bd[ 6]
+                                      + (sword64)ad[ 6] * bd[ 5]
+                                      + (sword64)ad[ 7] * bd[ 4]
+                                      + (sword64)ad[ 8] * bd[ 3]
+                                      + (sword64)ad[ 9] * bd[ 2]
+                                      + (sword64)ad[10] * bd[ 1]
+                                      + (sword64)ad[11] * bd[ 0]));
+    t[12] = (word64)(dd[12] + (word64)((sword64)ad[ 0] * bd[12]
+                                      + (sword64)ad[ 1] * bd[11]
+                                      + (sword64)ad[ 2] * bd[10]
+                                      + (sword64)ad[ 3] * bd[ 9]
+                                      + (sword64)ad[ 4] * bd[ 8]
+                                      + (sword64)ad[ 5] * bd[ 7]
+                                      + (sword64)ad[ 6] * bd[ 6]
+                                      + (sword64)ad[ 7] * bd[ 5]
+                                      + (sword64)ad[ 8] * bd[ 4]
+                                      + (sword64)ad[ 9] * bd[ 3]
+                                      + (sword64)ad[10] * bd[ 2]
+                                      + (sword64)ad[11] * bd[ 1]
+                                      + (sword64)ad[12] * bd[ 0]));
+    t[13] = (word64)(dd[13] + (word64)((sword64)ad[ 0] * bd[13]
+                                      + (sword64)ad[ 1] * bd[12]
+                                      + (sword64)ad[ 2] * bd[11]
+                                      + (sword64)ad[ 3] * bd[10]
+                                      + (sword64)ad[ 4] * bd[ 9]
+                                      + (sword64)ad[ 5] * bd[ 8]
+                                      + (sword64)ad[ 6] * bd[ 7]
+                                      + (sword64)ad[ 7] * bd[ 6]
+                                      + (sword64)ad[ 8] * bd[ 5]
+                                      + (sword64)ad[ 9] * bd[ 4]
+                                      + (sword64)ad[10] * bd[ 3]
+                                      + (sword64)ad[11] * bd[ 2]
+                                      + (sword64)ad[12] * bd[ 1]
+                                      + (sword64)ad[13] * bd[ 0]));
+    t[14] = (word64)(dd[14] + (word64)((sword64)ad[ 0] * bd[14]
+                                      + (sword64)ad[ 1] * bd[13]
+                                      + (sword64)ad[ 2] * bd[12]
+                                      + (sword64)ad[ 3] * bd[11]
+                                      + (sword64)ad[ 4] * bd[10]
+                                      + (sword64)ad[ 5] * bd[ 9]
+                                      + (sword64)ad[ 6] * bd[ 8]
+                                      + (sword64)ad[ 7] * bd[ 7]
+                                      + (sword64)ad[ 8] * bd[ 6]
+                                      + (sword64)ad[ 9] * bd[ 5]
+                                      + (sword64)ad[10] * bd[ 4]
+                                      + (sword64)ad[11] * bd[ 3]
+                                      + (sword64)ad[12] * bd[ 2]
+                                      + (sword64)ad[13] * bd[ 1]
+                                      + (sword64)ad[14] * bd[ 0]));
+    t[15] = (word64)(dd[15] + (word64)((sword64)ad[ 0] * bd[15]
+                                      + (sword64)ad[ 1] * bd[14]
+                                      + (sword64)ad[ 2] * bd[13]
+                                      + (sword64)ad[ 3] * bd[12]
+                                      + (sword64)ad[ 4] * bd[11]
+                                      + (sword64)ad[ 5] * bd[10]
+                                      + (sword64)ad[ 6] * bd[ 9]
+                                      + (sword64)ad[ 7] * bd[ 8]
+                                      + (sword64)ad[ 8] * bd[ 7]
+                                      + (sword64)ad[ 9] * bd[ 6]
+                                      + (sword64)ad[10] * bd[ 5]
+                                      + (sword64)ad[11] * bd[ 4]
+                                      + (sword64)ad[12] * bd[ 3]
+                                      + (sword64)ad[13] * bd[ 2]
+                                      + (sword64)ad[14] * bd[ 1]
+                                      + (sword64)ad[15] * bd[ 0]));
+    t[16] = (word64)(                   (sword64)ad[ 1] * bd[15]
+                                      + (sword64)ad[ 2] * bd[14]
+                                      + (sword64)ad[ 3] * bd[13]
+                                      + (sword64)ad[ 4] * bd[12]
+                                      + (sword64)ad[ 5] * bd[11]
+                                      + (sword64)ad[ 6] * bd[10]
+                                      + (sword64)ad[ 7] * bd[ 9]
+                                      + (sword64)ad[ 8] * bd[ 8]
+                                      + (sword64)ad[ 9] * bd[ 7]
+                                      + (sword64)ad[10] * bd[ 6]
+                                      + (sword64)ad[11] * bd[ 5]
+                                      + (sword64)ad[12] * bd[ 4]
+                                      + (sword64)ad[13] * bd[ 3]
+                                      + (sword64)ad[14] * bd[ 2]
+                                      + (sword64)ad[15] * bd[ 1]);
+    t[17] = (word64)(                   (sword64)ad[ 2] * bd[15]
+                                      + (sword64)ad[ 3] * bd[14]
+                                      + (sword64)ad[ 4] * bd[13]
+                                      + (sword64)ad[ 5] * bd[12]
+                                      + (sword64)ad[ 6] * bd[11]
+                                      + (sword64)ad[ 7] * bd[10]
+                                      + (sword64)ad[ 8] * bd[ 9]
+                                      + (sword64)ad[ 9] * bd[ 8]
+                                      + (sword64)ad[10] * bd[ 7]
+                                      + (sword64)ad[11] * bd[ 6]
+                                      + (sword64)ad[12] * bd[ 5]
+                                      + (sword64)ad[13] * bd[ 4]
+                                      + (sword64)ad[14] * bd[ 3]
+                                      + (sword64)ad[15] * bd[ 2]);
+    t[18] = (word64)(                   (sword64)ad[ 3] * bd[15]
+                                      + (sword64)ad[ 4] * bd[14]
+                                      + (sword64)ad[ 5] * bd[13]
+                                      + (sword64)ad[ 6] * bd[12]
+                                      + (sword64)ad[ 7] * bd[11]
+                                      + (sword64)ad[ 8] * bd[10]
+                                      + (sword64)ad[ 9] * bd[ 9]
+                                      + (sword64)ad[10] * bd[ 8]
+                                      + (sword64)ad[11] * bd[ 7]
+                                      + (sword64)ad[12] * bd[ 6]
+                                      + (sword64)ad[13] * bd[ 5]
+                                      + (sword64)ad[14] * bd[ 4]
+                                      + (sword64)ad[15] * bd[ 3]);
+    t[19] = (word64)(                   (sword64)ad[ 4] * bd[15]
+                                      + (sword64)ad[ 5] * bd[14]
+                                      + (sword64)ad[ 6] * bd[13]
+                                      + (sword64)ad[ 7] * bd[12]
+                                      + (sword64)ad[ 8] * bd[11]
+                                      + (sword64)ad[ 9] * bd[10]
+                                      + (sword64)ad[10] * bd[ 9]
+                                      + (sword64)ad[11] * bd[ 8]
+                                      + (sword64)ad[12] * bd[ 7]
+                                      + (sword64)ad[13] * bd[ 6]
+                                      + (sword64)ad[14] * bd[ 5]
+                                      + (sword64)ad[15] * bd[ 4]);
+    t[20] = (word64)(                   (sword64)ad[ 5] * bd[15]
+                                      + (sword64)ad[ 6] * bd[14]
+                                      + (sword64)ad[ 7] * bd[13]
+                                      + (sword64)ad[ 8] * bd[12]
+                                      + (sword64)ad[ 9] * bd[11]
+                                      + (sword64)ad[10] * bd[10]
+                                      + (sword64)ad[11] * bd[ 9]
+                                      + (sword64)ad[12] * bd[ 8]
+                                      + (sword64)ad[13] * bd[ 7]
+                                      + (sword64)ad[14] * bd[ 6]
+                                      + (sword64)ad[15] * bd[ 5]);
+    t[21] = (word64)(                   (sword64)ad[ 6] * bd[15]
+                                      + (sword64)ad[ 7] * bd[14]
+                                      + (sword64)ad[ 8] * bd[13]
+                                      + (sword64)ad[ 9] * bd[12]
+                                      + (sword64)ad[10] * bd[11]
+                                      + (sword64)ad[11] * bd[10]
+                                      + (sword64)ad[12] * bd[ 9]
+                                      + (sword64)ad[13] * bd[ 8]
+                                      + (sword64)ad[14] * bd[ 7]
+                                      + (sword64)ad[15] * bd[ 6]);
+    t[22] = (word64)(                   (sword64)ad[ 7] * bd[15]
+                                      + (sword64)ad[ 8] * bd[14]
+                                      + (sword64)ad[ 9] * bd[13]
+                                      + (sword64)ad[10] * bd[12]
+                                      + (sword64)ad[11] * bd[11]
+                                      + (sword64)ad[12] * bd[10]
+                                      + (sword64)ad[13] * bd[ 9]
+                                      + (sword64)ad[14] * bd[ 8]
+                                      + (sword64)ad[15] * bd[ 7]);
+    t[23] = (word64)(                   (sword64)ad[ 8] * bd[15]
+                                      + (sword64)ad[ 9] * bd[14]
+                                      + (sword64)ad[10] * bd[13]
+                                      + (sword64)ad[11] * bd[12]
+                                      + (sword64)ad[12] * bd[11]
+                                      + (sword64)ad[13] * bd[10]
+                                      + (sword64)ad[14] * bd[ 9]
+                                      + (sword64)ad[15] * bd[ 8]);
+    t[24] = (word64)(                   (sword64)ad[ 9] * bd[15]
+                                      + (sword64)ad[10] * bd[14]
+                                      + (sword64)ad[11] * bd[13]
+                                      + (sword64)ad[12] * bd[12]
+                                      + (sword64)ad[13] * bd[11]
+                                      + (sword64)ad[14] * bd[10]
+                                      + (sword64)ad[15] * bd[ 9]);
+    t[25] = (word64)(                   (sword64)ad[10] * bd[15]
+                                      + (sword64)ad[11] * bd[14]
+                                      + (sword64)ad[12] * bd[13]
+                                      + (sword64)ad[13] * bd[12]
+                                      + (sword64)ad[14] * bd[11]
+                                      + (sword64)ad[15] * bd[10]);
+    t[26] = (word64)(                   (sword64)ad[11] * bd[15]
+                                      + (sword64)ad[12] * bd[14]
+                                      + (sword64)ad[13] * bd[13]
+                                      + (sword64)ad[14] * bd[12]
+                                      + (sword64)ad[15] * bd[11]);
+    t[27] = (word64)(                   (sword64)ad[12] * bd[15]
+                                      + (sword64)ad[13] * bd[14]
+                                      + (sword64)ad[14] * bd[13]
+                                      + (sword64)ad[15] * bd[12]);
+    t[28] = (word64)(                   (sword64)ad[13] * bd[15]
+                                      + (sword64)ad[14] * bd[14]
+                                      + (sword64)ad[15] * bd[13]);
+    t[29] = (word64)(                   (sword64)ad[14] * bd[15]
+                                      + (sword64)ad[15] * bd[14]);
+    t[30] = (word64)(                   (sword64)ad[15] * bd[15]);
     t[31] = 0;
 
     /* Mod curve order */
@@ -6201,61 +6339,128 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     o = rd[12] >> 28; rd[13] += o; rd[12] = rd[12] & 0xfffffff;
     o = rd[13] >> 28; rd[14] += o; rd[13] = rd[13] & 0xfffffff;
     o = rd[14] >> 28; rd[15] += o; rd[14] = rd[14] & 0xfffffff;
+    /* Reduce to mod order. */
+    u = 0;
+    u += (sword32)rd[0] - (sword32)0x0b5844f3L; u >>= 28;
+    u += (sword32)rd[1] - (sword32)0x078c292aL; u >>= 28;
+    u += (sword32)rd[2] - (sword32)0x058f5523L; u >>= 28;
+    u += (sword32)rd[3] - (sword32)0x0c2728dcL; u >>= 28;
+    u += (sword32)rd[4] - (sword32)0x0690216cL; u >>= 28;
+    u += (sword32)rd[5] - (sword32)0x049aed63L; u >>= 28;
+    u += (sword32)rd[6] - (sword32)0x09c44edbL; u >>= 28;
+    u += (sword32)rd[7] - (sword32)0x07cca23eL; u >>= 28;
+    u += (sword32)rd[8] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[9] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[10] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[11] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[12] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[13] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[14] - (sword32)0x0fffffffL; u >>= 28;
+    u += (sword32)rd[15] - (sword32)0x03ffffffL; u >>= 28;
+    o = (word32)0 - (u >= 0);
+    u = 0;
+    u += (sword32)rd[0] - (sword32)((word32)0x0b5844f3L & o);
+    rd[0] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[1] - (sword32)((word32)0x078c292aL & o);
+    rd[1] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[2] - (sword32)((word32)0x058f5523L & o);
+    rd[2] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[3] - (sword32)((word32)0x0c2728dcL & o);
+    rd[3] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[4] - (sword32)((word32)0x0690216cL & o);
+    rd[4] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[5] - (sword32)((word32)0x049aed63L & o);
+    rd[5] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[6] - (sword32)((word32)0x09c44edbL & o);
+    rd[6] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[7] - (sword32)((word32)0x07cca23eL & o);
+    rd[7] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[8] - (sword32)((word32)0x0fffffffL & o);
+    rd[8] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[9] - (sword32)((word32)0x0fffffffL & o);
+    rd[9] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[10] - (sword32)((word32)0x0fffffffL & o);
+    rd[10] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[11] - (sword32)((word32)0x0fffffffL & o);
+    rd[11] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[12] - (sword32)((word32)0x0fffffffL & o);
+    rd[12] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[13] - (sword32)((word32)0x0fffffffL & o);
+    rd[13] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[14] - (sword32)((word32)0x0fffffffL & o);
+    rd[14] = u & 0xfffffff;
+    u >>= 28;
+    u += (sword32)rd[15] - (sword32)((word32)0x03ffffffL & o);
+    rd[15] = u & 0xfffffff;
 
     /* Convert to bytes */
     r[ 0] = (byte)(rd[0 ] >>  0);
     r[ 1] = (byte)(rd[0 ] >>  8);
     r[ 2] = (byte)(rd[0 ] >> 16);
-    r[ 3] = (byte)((rd[0 ] >> 24) + ((rd[1 ] >>  0) <<  4));
+    r[ 3] = (byte)((byte)(rd[0 ] >> 24) + (byte)((rd[1 ] >>  0) <<  4));
     r[ 4] = (byte)(rd[1 ] >>  4);
     r[ 5] = (byte)(rd[1 ] >> 12);
     r[ 6] = (byte)(rd[1 ] >> 20);
     r[ 7] = (byte)(rd[2 ] >>  0);
     r[ 8] = (byte)(rd[2 ] >>  8);
     r[ 9] = (byte)(rd[2 ] >> 16);
-    r[10] = (byte)((rd[2 ] >> 24) + ((rd[3 ] >>  0) <<  4));
+    r[10] = (byte)((byte)(rd[2 ] >> 24) + (byte)((rd[3 ] >>  0) <<  4));
     r[11] = (byte)(rd[3 ] >>  4);
     r[12] = (byte)(rd[3 ] >> 12);
     r[13] = (byte)(rd[3 ] >> 20);
     r[14] = (byte)(rd[4 ] >>  0);
     r[15] = (byte)(rd[4 ] >>  8);
     r[16] = (byte)(rd[4 ] >> 16);
-    r[17] = (byte)((rd[4 ] >> 24) + ((rd[5 ] >>  0) <<  4));
+    r[17] = (byte)((byte)(rd[4 ] >> 24) + (byte)((rd[5 ] >>  0) <<  4));
     r[18] = (byte)(rd[5 ] >>  4);
     r[19] = (byte)(rd[5 ] >> 12);
     r[20] = (byte)(rd[5 ] >> 20);
     r[21] = (byte)(rd[6 ] >>  0);
     r[22] = (byte)(rd[6 ] >>  8);
     r[23] = (byte)(rd[6 ] >> 16);
-    r[24] = (byte)((rd[6 ] >> 24) + ((rd[7 ] >>  0) <<  4));
+    r[24] = (byte)((byte)(rd[6 ] >> 24) + (byte)((rd[7 ] >>  0) <<  4));
     r[25] = (byte)(rd[7 ] >>  4);
     r[26] = (byte)(rd[7 ] >> 12);
     r[27] = (byte)(rd[7 ] >> 20);
     r[28] = (byte)(rd[8 ] >>  0);
     r[29] = (byte)(rd[8 ] >>  8);
     r[30] = (byte)(rd[8 ] >> 16);
-    r[31] = (byte)((rd[8 ] >> 24) + ((rd[9 ] >>  0) <<  4));
+    r[31] = (byte)((byte)(rd[8 ] >> 24) + (byte)((rd[9 ] >>  0) <<  4));
     r[32] = (byte)(rd[9 ] >>  4);
     r[33] = (byte)(rd[9 ] >> 12);
     r[34] = (byte)(rd[9 ] >> 20);
     r[35] = (byte)(rd[10] >>  0);
     r[36] = (byte)(rd[10] >>  8);
     r[37] = (byte)(rd[10] >> 16);
-    r[38] = (byte)((rd[10] >> 24) + ((rd[11] >>  0) <<  4));
+    r[38] = (byte)((byte)(rd[10] >> 24) + (byte)((rd[11] >>  0) <<  4));
     r[39] = (byte)(rd[11] >>  4);
     r[40] = (byte)(rd[11] >> 12);
     r[41] = (byte)(rd[11] >> 20);
     r[42] = (byte)(rd[12] >>  0);
     r[43] = (byte)(rd[12] >>  8);
     r[44] = (byte)(rd[12] >> 16);
-    r[45] = (byte)((rd[12] >> 24) + ((rd[13] >>  0) <<  4));
+    r[45] = (byte)((byte)(rd[12] >> 24) + (byte)((rd[13] >>  0) <<  4));
     r[46] = (byte)(rd[13] >>  4);
     r[47] = (byte)(rd[13] >> 12);
     r[48] = (byte)(rd[13] >> 20);
     r[49] = (byte)(rd[14] >>  0);
     r[50] = (byte)(rd[14] >>  8);
     r[51] = (byte)(rd[14] >> 16);
-    r[52] = (byte)((rd[14] >> 24) + ((rd[15] >>  0) <<  4));
+    r[52] = (byte)((byte)(rd[14] >> 24) + (byte)((rd[15] >>  0) <<  4));
     r[53] = (byte)(rd[15] >>  4);
     r[54] = (byte)(rd[15] >> 12);
     r[55] = (byte)(rd[15] >> 20);
@@ -10456,7 +10661,7 @@ void ge448_to_bytes(byte *b, const ge448_p2 *p)
     fe448_mul(x, p->X, recip);
     fe448_mul(y, p->Y, recip);
     fe448_to_bytes(b, y);
-    b[56] = (byte)fe448_isnegative(x) << 7;
+    b[56] = (byte)((byte)fe448_isnegative(x) << 7);
 }
 
 /* Convert point to byte array assuming z is 1.
@@ -10467,7 +10672,7 @@ void ge448_to_bytes(byte *b, const ge448_p2 *p)
 static void ge448_p2z1_to_bytes(byte *b, const ge448_p2 *p)
 {
     fe448_to_bytes(b, p->Y);
-    b[56] = (byte)fe448_isnegative(p->X) << 7;
+    b[56] = (byte)((byte)fe448_isnegative(p->X) << 7);
 }
 
 /* Compress the point to y-ordinate and negative bit.
@@ -10589,20 +10794,20 @@ int ge448_scalarmult_base(ge448_p2* r, const byte* a)
 
     carry = 0;
     for (i = 0; i < 56; ++i) {
-        e[2 * i + 0] = ((a[i] >> 0) & 0xf) + carry;
-        carry = e[2 * i + 0] + 8;
+        e[2 * i + 0] = (byte)(((a[i] >> 0) & 0xf) + carry);
+        carry = (byte)(e[2 * i + 0] + 8);
         carry >>= 4;
-        e[2 * i + 0] -= (byte)(carry << 4);
+        e[2 * i + 0] = (byte)(e[2 * i + 0] - (byte)(carry << 4));
 
-        e[2 * i + 1] = ((a[i] >> 4) & 0xf) + carry;
-        carry = e[2 * i + 1] + 8;
-        carry >>= 4;
-        e[2 * i + 1] -= (byte)(carry << 4);
+        e[2 * i + 1] = (byte)(((a[i] >> 4) & 0xf) + carry);
+        carry = (byte)(e[2 * i + 1] + 8);
+        carry = (byte)(carry >> 4);
+        e[2 * i + 1] = (byte)(e[2 * i + 1] - (carry << 4));
     }
     e[112] = carry;
     /* each e[i] is between -8 and 8 */
 
-    /* Odd indeces first - sum based on even index so multiply by 16 */
+    /* Odd indices first - sum based on even index so multiply by 16 */
     ge448_select(t, 0, e[1]);
     fe448_copy(r->X, t->x);
     fe448_copy(r->Y, t->y);
@@ -10617,7 +10822,7 @@ int ge448_scalarmult_base(ge448_p2* r, const byte* a)
     ge448_dbl(r, r);
     ge448_dbl(r, r);
 
-    /* Add even indeces */
+    /* Add even indices */
     for (i = 0; i <= 112; i += 2) {
         ge448_select(t, i / 2, e[i]);
         ge448_madd(r, r, t);
@@ -10633,7 +10838,7 @@ int ge448_scalarmult_base(ge448_p2* r, const byte* a)
 
 /* Create to a sliding window for the scalar multiplicaton.
  *
- * r  [in]  Array of indeces.
+ * r  [in]  Array of indices.
  * a  [in]  Scalar to break up.
  */
 static void slide(sword8 *r, const byte *a)
@@ -10657,11 +10862,11 @@ static void slide(sword8 *r, const byte *a)
             }
 
             if (r[i] + (r[i + b] << b) <= 31) {
-                r[i] += (sword8)(r[i + b] << b);
+                r[i] = (sword8)(r[i] + (r[i + b] << b));
                 r[i + b] = 0;
             }
             else if (r[i] - (r[i + b] << b) >= -31) {
-                r[i] -= (sword8)(r[i + b] << b);
+                r[i] = (sword8)(r[i] - (r[i + b] << b));
                 for (k = i + b; k < 448; ++k) {
                     if (!r[k]) {
                         r[k] = 1;
diff --git a/wolfcrypt/src/ge_low_mem.c b/wolfcrypt/src/ge_low_mem.c
index df747a126..c0a952b55 100644
--- a/wolfcrypt/src/ge_low_mem.c
+++ b/wolfcrypt/src/ge_low_mem.c
@@ -1,6 +1,6 @@
 /* ge_low_mem.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,20 +19,14 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
  /* Based from Daniel Beer's public domain work. */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
 #ifdef HAVE_ED25519
 #ifdef ED25519_SMALL /* use slower code that takes less memory */
 
 #include <wolfssl/wolfcrypt/ge_operations.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -512,6 +506,33 @@ int ge_frombytes_negate_vartime(ge_p3 *p,const unsigned char *s)
     return ret;
 }
 
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+/* return 0 if equal and -1 if not equal */
+static int ge_equal(ge a, ge b)
+{
+    if (XMEMCMP(a, b, sizeof(ge)) == 0) {
+        return 0;
+    }
+    else {
+        return -1;
+    }
+}
+
+/* returns 0 if a == b */
+static int ge_p3_equal(ge_p3* a, ge_p3* b)
+{
+    int ret = 0;
+
+    ret |= ge_equal(a->X, b->X);
+    ret |= ge_equal(a->Y, b->Y);
+    ret |= ge_equal(a->Z, b->Z);
+    ret |= ge_equal(a->T, b->T);
+
+    return ret;
+}
+#endif
+
+
 
 int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h,
                                  const ge_p3 *inA,const unsigned char *sig)
@@ -526,9 +547,19 @@ int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h,
 
     /* find H(R,A,M) * -A */
     ed25519_smult(&A, &A, h);
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    if (ge_p3_equal(&A, (ge_p3*)inA) == 0) {
+        ret = BAD_STATE_E;
+    }
+#endif
 
     /* SB + -H(R,A,M)A */
     ed25519_add(&A, &p, &A);
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+    if (ge_p3_equal(&A, &p) == 0) {
+        ret = BAD_STATE_E;
+    }
+#endif
 
     lm_copy(R->X, A.X);
     lm_copy(R->Y, A.Y);
diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c
index bcf9d354b..bde5a06f9 100644
--- a/wolfcrypt/src/ge_operations.c
+++ b/wolfcrypt/src/ge_operations.c
@@ -1,6 +1,6 @@
 /* ge_operations.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,19 +22,13 @@
 
  /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_ED25519
 #ifndef ED25519_SMALL /* run when not defined to use small memory math */
 
 #include <wolfssl/wolfcrypt/ge_operations.h>
 #include <wolfssl/wolfcrypt/ed25519.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -9125,12 +9119,12 @@ void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
 
   carry = 0;
   for (i = 0;i < 63;++i) {
-    e[i] += carry;
-    carry = e[i] + 8;
-    carry >>= 4;
-    e[i] -= (signed char)(carry << 4);
+    e[i] = (signed char)(e[i] + carry);
+    carry = (signed char)(e[i] + 8);
+    carry = (signed char)(carry >> 4);
+    e[i] = (signed char)(e[i] - (carry << 4));
   }
-  e[63] += carry;
+  e[63] = (signed char)(e[63] + carry);
   /* each e[i] is between -8 and 8 */
 
 #ifndef CURVED25519_ASM
@@ -9190,9 +9184,10 @@ static void slide(signed char *r,const unsigned char *a)
       for (b = 1;b <= 6 && i + b < SLIDE_SIZE;++b) {
         if (r[i + b]) {
           if (r[i] + (r[i + b] << b) <= 15) {
-            r[i] += (signed char)(r[i + b] << b); r[i + b] = 0;
+              r[i] = (signed char)(r[i] + (r[i + b] << b));
+              r[i + b] = 0;
           } else if (r[i] - (r[i + b] << b) >= -15) {
-            r[i] -= (signed char)(r[i + b] << b);
+            r[i] = (signed char)(r[i] - (r[i + b] << b));
             for (k = i + b;k < SLIDE_SIZE;++k) {
               if (!r[k]) {
                 r[k] = 1;
@@ -9391,7 +9386,7 @@ B is the Ed25519 base point (x,4/5) with x positive.
 int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a,
                                  const ge_p3 *A, const unsigned char *b)
 {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
   signed char *aslide = NULL;
   signed char *bslide = NULL;
   ge_cached *Ai = NULL; /* A,3A,5A,7A,9A,11A,13A,15A */
@@ -9412,7 +9407,7 @@ int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a,
 #endif
   int i;
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
   if (((aslide = (signed char *)XMALLOC(SLIDE_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) ||
       ((bslide = (signed char *)XMALLOC(SLIDE_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) ||
       ((Ai = (ge_cached *)XMALLOC(8 * sizeof(*Ai), NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) ||
@@ -9467,7 +9462,14 @@ int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a,
     ge_p1p1_to_p2(r,t);
   }
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+#ifdef WOLFSSL_CHECK_VER_FAULTS
+  if (i != -1) {
+      /* did not go through whole loop */
+      return BAD_STATE_E;
+  }
+#endif
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
   out:
 
   XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER);
diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
index db3a04799..c709fa3df 100644
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -1,6 +1,6 @@
 /* hash.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,14 +19,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifndef NO_ASN
 #include <wolfssl/wolfcrypt/asn.h>
 #endif
@@ -322,12 +316,12 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type)
     {
         case WC_HASH_TYPE_MD2:
         #ifdef WOLFSSL_MD2
-            dig_size = MD2_DIGEST_SIZE;
+            dig_size = WC_MD2_DIGEST_SIZE;
         #endif
             break;
         case WC_HASH_TYPE_MD4:
         #ifndef NO_MD4
-            dig_size = MD4_DIGEST_SIZE;
+            dig_size = WC_MD4_DIGEST_SIZE;
         #endif
             break;
         case WC_HASH_TYPE_MD5:
@@ -441,12 +435,12 @@ int wc_HashGetBlockSize(enum wc_HashType hash_type)
     {
         case WC_HASH_TYPE_MD2:
         #ifdef WOLFSSL_MD2
-            block_size = MD2_BLOCK_SIZE;
+            block_size = WC_MD2_BLOCK_SIZE;
         #endif
             break;
         case WC_HASH_TYPE_MD4:
         #ifndef NO_MD4
-            block_size = MD4_BLOCK_SIZE;
+            block_size = WC_MD4_BLOCK_SIZE;
         #endif
             break;
         case WC_HASH_TYPE_MD5:
@@ -686,6 +680,44 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data,
         NULL, INVALID_DEVID);
 }
 
+#ifndef WC_NO_CONSTRUCTORS
+wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId,
+                       int *result_code)
+{
+    int ret;
+    wc_HashAlg* hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap,
+                        DYNAMIC_TYPE_HASHES);
+    if (hash == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_HashInit_ex(hash, type, heap, devId);
+        if (ret != 0) {
+            XFREE(hash, heap, DYNAMIC_TYPE_HASHES);
+            hash = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return hash;
+}
+
+int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p) {
+    int ret;
+    if (hash == NULL)
+        return BAD_FUNC_ARG;
+    ret = wc_HashFree(hash, hash->type);
+    if (ret < 0)
+        return ret;
+    XFREE(hash, hash->heap, DYNAMIC_TYPE_HASHES);
+    if (hash_p != NULL)
+        *hash_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
 int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap,
     int devId)
 {
@@ -694,42 +726,50 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap,
     if (hash == NULL)
         return BAD_FUNC_ARG;
 
+    hash->type = type;
+
+#ifdef WC_NO_CONSTRUCTORS
+    (void)heap;
+#else
+    hash->heap = heap;
+#endif
+
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_InitMd5_ex(&hash->md5, heap, devId);
+            ret = wc_InitMd5_ex(&hash->alg.md5, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_InitSha_ex(&hash->sha, heap, devId);
+            ret = wc_InitSha_ex(&hash->alg.sha, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_InitSha224_ex(&hash->sha224, heap, devId);
+            ret = wc_InitSha224_ex(&hash->alg.sha224, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_InitSha256_ex(&hash->sha256, heap, devId);
+            ret = wc_InitSha256_ex(&hash->alg.sha256, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_InitSha384_ex(&hash->sha384, heap, devId);
+            ret = wc_InitSha384_ex(&hash->alg.sha384, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            ret = wc_InitSha512_ex(&hash->sha512, heap, devId);
+            ret = wc_InitSha512_ex(&hash->alg.sha512, heap, devId);
 #endif
             break;
     #ifndef WOLFSSL_NOSHA512_224
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            ret = wc_InitSha512_224_ex(&hash->sha512, heap, devId);
+            ret = wc_InitSha512_224_ex(&hash->alg.sha512, heap, devId);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
@@ -738,35 +778,35 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap,
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-            ret = wc_InitSha512_256_ex(&hash->sha512, heap, devId);
+            ret = wc_InitSha512_256_ex(&hash->alg.sha512, heap, devId);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
     #endif
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            ret = wc_InitSha3_224(&hash->sha3, heap, devId);
+            ret = wc_InitSha3_224(&hash->alg.sha3, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            ret = wc_InitSha3_256(&hash->sha3, heap, devId);
+            ret = wc_InitSha3_256(&hash->alg.sha3, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            ret = wc_InitSha3_384(&hash->sha3, heap, devId);
+            ret = wc_InitSha3_384(&hash->alg.sha3, heap, devId);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            ret = wc_InitSha3_512(&hash->sha3, heap, devId);
+            ret = wc_InitSha3_512(&hash->alg.sha3, heap, devId);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_InitSm3(&hash->sm3, heap, devId);
+            ret = wc_InitSm3(&hash->alg.sm3, heap, devId);
             break;
     #endif
 
@@ -787,7 +827,6 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap,
             ret = BAD_FUNC_ARG;
     };
 
-    (void)heap;
     (void)devId;
 
     return ret;
@@ -806,42 +845,49 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data,
     if (hash == NULL || (data == NULL && dataSz > 0))
         return BAD_FUNC_ARG;
 
+#ifdef DEBUG_WOLFSSL
+    if (hash->type != type) {
+        WOLFSSL_MSG("Hash update type mismatch!");
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5Update(&hash->md5, data, dataSz);
+            ret = wc_Md5Update(&hash->alg.md5, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaUpdate(&hash->sha, data, dataSz);
+            ret = wc_ShaUpdate(&hash->alg.sha, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224Update(&hash->sha224, data, dataSz);
+            ret = wc_Sha224Update(&hash->alg.sha224, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256Update(&hash->sha256, data, dataSz);
+            ret = wc_Sha256Update(&hash->alg.sha256, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384Update(&hash->sha384, data, dataSz);
+            ret = wc_Sha384Update(&hash->alg.sha384, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512Update(&hash->sha512, data, dataSz);
+            ret = wc_Sha512Update(&hash->alg.sha512, data, dataSz);
 #endif
             break;
     #ifndef WOLFSSL_NOSHA512_224
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            ret = wc_Sha512_224Update(&hash->sha512, data, dataSz);
+            ret = wc_Sha512_224Update(&hash->alg.sha512, data, dataSz);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
@@ -850,35 +896,35 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data,
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-            ret = wc_Sha512_256Update(&hash->sha512, data, dataSz);
+            ret = wc_Sha512_256Update(&hash->alg.sha512, data, dataSz);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
     #endif
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            ret = wc_Sha3_224_Update(&hash->sha3, data, dataSz);
+            ret = wc_Sha3_224_Update(&hash->alg.sha3, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            ret = wc_Sha3_256_Update(&hash->sha3, data, dataSz);
+            ret = wc_Sha3_256_Update(&hash->alg.sha3, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            ret = wc_Sha3_384_Update(&hash->sha3, data, dataSz);
+            ret = wc_Sha3_384_Update(&hash->alg.sha3, data, dataSz);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            ret = wc_Sha3_512_Update(&hash->sha3, data, dataSz);
+            ret = wc_Sha3_512_Update(&hash->alg.sha3, data, dataSz);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3Update(&hash->sm3, data, dataSz);
+            ret = wc_Sm3Update(&hash->alg.sm3, data, dataSz);
             break;
     #endif
 
@@ -909,42 +955,49 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out)
     if (hash == NULL || out == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef DEBUG_WOLFSSL
+    if (hash->type != type) {
+        WOLFSSL_MSG("Hash final type mismatch!");
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5Final(&hash->md5, out);
+            ret = wc_Md5Final(&hash->alg.md5, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaFinal(&hash->sha, out);
+            ret = wc_ShaFinal(&hash->alg.sha, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224Final(&hash->sha224, out);
+            ret = wc_Sha224Final(&hash->alg.sha224, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256Final(&hash->sha256, out);
+            ret = wc_Sha256Final(&hash->alg.sha256, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384Final(&hash->sha384, out);
+            ret = wc_Sha384Final(&hash->alg.sha384, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512Final(&hash->sha512, out);
+            ret = wc_Sha512Final(&hash->alg.sha512, out);
 #endif
             break;
     #ifndef WOLFSSL_NOSHA512_224
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            ret = wc_Sha512_224Final(&hash->sha512, out);
+            ret = wc_Sha512_224Final(&hash->alg.sha512, out);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
@@ -953,35 +1006,35 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out)
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-            ret = wc_Sha512_256Final(&hash->sha512, out);
+            ret = wc_Sha512_256Final(&hash->alg.sha512, out);
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
             break;
     #endif
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            ret = wc_Sha3_224_Final(&hash->sha3, out);
+            ret = wc_Sha3_224_Final(&hash->alg.sha3, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            ret = wc_Sha3_256_Final(&hash->sha3, out);
+            ret = wc_Sha3_256_Final(&hash->alg.sha3, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            ret = wc_Sha3_384_Final(&hash->sha3, out);
+            ret = wc_Sha3_384_Final(&hash->alg.sha3, out);
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            ret = wc_Sha3_512_Final(&hash->sha3, out);
+            ret = wc_Sha3_512_Final(&hash->alg.sha3, out);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3Final(&hash->sm3, out);
+            ret = wc_Sm3Final(&hash->alg.sm3, out);
             break;
     #endif
 
@@ -1012,40 +1065,47 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
     if (hash == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef DEBUG_WOLFSSL
+    if (hash->type != type) {
+        WOLFSSL_MSG("Hash free type mismatch!");
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            wc_Md5Free(&hash->md5);
+            wc_Md5Free(&hash->alg.md5);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            wc_ShaFree(&hash->sha);
+            wc_ShaFree(&hash->alg.sha);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            wc_Sha224Free(&hash->sha224);
+            wc_Sha224Free(&hash->alg.sha224);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            wc_Sha256Free(&hash->sha256);
+            wc_Sha256Free(&hash->alg.sha256);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            wc_Sha384Free(&hash->sha384);
+            wc_Sha384Free(&hash->alg.sha384);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
 #ifdef WOLFSSL_SHA512
-            wc_Sha512Free(&hash->sha512);
+            wc_Sha512Free(&hash->alg.sha512);
             ret = 0;
 #endif
             break;
@@ -1053,7 +1113,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
         case WC_HASH_TYPE_SHA512_224:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
-            wc_Sha512_224Free(&hash->sha512);
+            wc_Sha512_224Free(&hash->alg.sha512);
             ret = 0;
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
@@ -1063,7 +1123,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
         case WC_HASH_TYPE_SHA512_256:
 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
-            wc_Sha512_256Free(&hash->sha512);
+            wc_Sha512_256Free(&hash->alg.sha512);
             ret = 0;
 #endif
 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
@@ -1071,32 +1131,32 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
     #endif
         case WC_HASH_TYPE_SHA3_224:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
-            wc_Sha3_224_Free(&hash->sha3);
+            wc_Sha3_224_Free(&hash->alg.sha3);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA3_256:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-            wc_Sha3_256_Free(&hash->sha3);
+            wc_Sha3_256_Free(&hash->alg.sha3);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA3_384:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
-            wc_Sha3_384_Free(&hash->sha3);
+            wc_Sha3_384_Free(&hash->alg.sha3);
             ret = 0;
 #endif
             break;
         case WC_HASH_TYPE_SHA3_512:
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
-            wc_Sha3_512_Free(&hash->sha3);
+            wc_Sha3_512_Free(&hash->alg.sha3);
             ret = 0;
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            wc_Sm3Free(&hash->sm3);
+            wc_Sm3Free(&hash->alg.sm3);
             ret = 0;
             break;
     #endif
@@ -1132,27 +1192,27 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5SetFlags(&hash->md5, flags);
+            ret = wc_Md5SetFlags(&hash->alg.md5, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaSetFlags(&hash->sha, flags);
+            ret = wc_ShaSetFlags(&hash->alg.sha, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224SetFlags(&hash->sha224, flags);
+            ret = wc_Sha224SetFlags(&hash->alg.sha224, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256SetFlags(&hash->sha256, flags);
+            ret = wc_Sha256SetFlags(&hash->alg.sha256, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384SetFlags(&hash->sha384, flags);
+            ret = wc_Sha384SetFlags(&hash->alg.sha384, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
@@ -1163,7 +1223,7 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
         case WC_HASH_TYPE_SHA512_256:
     #endif
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512SetFlags(&hash->sha512, flags);
+            ret = wc_Sha512SetFlags(&hash->alg.sha512, flags);
 #endif
             break;
 
@@ -1172,13 +1232,13 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
         case WC_HASH_TYPE_SHA3_384:
         case WC_HASH_TYPE_SHA3_512:
 #ifdef WOLFSSL_SHA3
-            ret = wc_Sha3_SetFlags(&hash->sha3, flags);
+            ret = wc_Sha3_SetFlags(&hash->alg.sha3, flags);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3SetFlags(&hash->sm3, flags);
+            ret = wc_Sm3SetFlags(&hash->alg.sm3, flags);
             break;
     #endif
 
@@ -1211,27 +1271,27 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
     switch (type) {
         case WC_HASH_TYPE_MD5:
 #ifndef NO_MD5
-            ret = wc_Md5GetFlags(&hash->md5, flags);
+            ret = wc_Md5GetFlags(&hash->alg.md5, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA:
 #ifndef NO_SHA
-            ret = wc_ShaGetFlags(&hash->sha, flags);
+            ret = wc_ShaGetFlags(&hash->alg.sha, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA224:
 #ifdef WOLFSSL_SHA224
-            ret = wc_Sha224GetFlags(&hash->sha224, flags);
+            ret = wc_Sha224GetFlags(&hash->alg.sha224, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA256:
 #ifndef NO_SHA256
-            ret = wc_Sha256GetFlags(&hash->sha256, flags);
+            ret = wc_Sha256GetFlags(&hash->alg.sha256, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA384:
 #ifdef WOLFSSL_SHA384
-            ret = wc_Sha384GetFlags(&hash->sha384, flags);
+            ret = wc_Sha384GetFlags(&hash->alg.sha384, flags);
 #endif
             break;
         case WC_HASH_TYPE_SHA512:
@@ -1242,7 +1302,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
         case WC_HASH_TYPE_SHA512_256:
     #endif
 #ifdef WOLFSSL_SHA512
-            ret = wc_Sha512GetFlags(&hash->sha512, flags);
+            ret = wc_Sha512GetFlags(&hash->alg.sha512, flags);
 #endif
             break;
 
@@ -1251,13 +1311,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
         case WC_HASH_TYPE_SHA3_384:
         case WC_HASH_TYPE_SHA3_512:
 #ifdef WOLFSSL_SHA3
-            ret = wc_Sha3_GetFlags(&hash->sha3, flags);
+            ret = wc_Sha3_GetFlags(&hash->alg.sha3, flags);
 #endif
             break;
 
     #ifdef WOLFSSL_SM3
         case WC_HASH_TYPE_SM3:
-            ret = wc_Sm3GetFlags(&hash->sm3, flags);
+            ret = wc_Sm3GetFlags(&hash->alg.sm3, flags);
             break;
     #endif
 
diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
index 47f8f1382..912b26dc1 100644
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -1,6 +1,6 @@
 /* hmac.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,13 +20,7 @@
  */
 
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/wc_port.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef NO_HMAC
 
@@ -154,76 +148,72 @@ int wc_HmacSizeByType(int type)
     return ret;
 }
 
-int _InitHmac(Hmac* hmac, int type, void* heap)
+static int HmacKeyInitHash(wc_HmacHash* hash, int type, void* heap, int devId)
 {
     int ret = 0;
-#ifdef WOLF_CRYPTO_CB
-    int devId = hmac->devId;
-#else
-    int devId = INVALID_DEVID;
-#endif
+
     switch (type) {
     #ifndef NO_MD5
         case WC_MD5:
-            ret = wc_InitMd5_ex(&hmac->hash.md5, heap, devId);
+            ret = wc_InitMd5_ex(&hash->md5, heap, devId);
             break;
     #endif /* !NO_MD5 */
 
     #ifndef NO_SHA
         case WC_SHA:
-            ret = wc_InitSha_ex(&hmac->hash.sha, heap, devId);
+            ret = wc_InitSha_ex(&hash->sha, heap, devId);
             break;
     #endif /* !NO_SHA */
 
     #ifdef WOLFSSL_SHA224
         case WC_SHA224:
-            ret = wc_InitSha224_ex(&hmac->hash.sha224, heap, devId);
+            ret = wc_InitSha224_ex(&hash->sha224, heap, devId);
             break;
     #endif /* WOLFSSL_SHA224 */
 
     #ifndef NO_SHA256
         case WC_SHA256:
-            ret = wc_InitSha256_ex(&hmac->hash.sha256, heap, devId);
+            ret = wc_InitSha256_ex(&hash->sha256, heap, devId);
             break;
     #endif /* !NO_SHA256 */
 
     #ifdef WOLFSSL_SHA384
         case WC_SHA384:
-            ret = wc_InitSha384_ex(&hmac->hash.sha384, heap, devId);
+            ret = wc_InitSha384_ex(&hash->sha384, heap, devId);
             break;
     #endif /* WOLFSSL_SHA384 */
     #ifdef WOLFSSL_SHA512
         case WC_SHA512:
-            ret = wc_InitSha512_ex(&hmac->hash.sha512, heap, devId);
+            ret = wc_InitSha512_ex(&hash->sha512, heap, devId);
             break;
     #endif /* WOLFSSL_SHA512 */
 
     #ifdef WOLFSSL_SHA3
     #ifndef WOLFSSL_NOSHA3_224
         case WC_SHA3_224:
-            ret = wc_InitSha3_224(&hmac->hash.sha3, heap, devId);
+            ret = wc_InitSha3_224(&hash->sha3, heap, devId);
             break;
     #endif
     #ifndef WOLFSSL_NOSHA3_256
         case WC_SHA3_256:
-            ret = wc_InitSha3_256(&hmac->hash.sha3, heap, devId);
+            ret = wc_InitSha3_256(&hash->sha3, heap, devId);
             break;
     #endif
     #ifndef WOLFSSL_NOSHA3_384
         case WC_SHA3_384:
-            ret = wc_InitSha3_384(&hmac->hash.sha3, heap, devId);
+            ret = wc_InitSha3_384(&hash->sha3, heap, devId);
             break;
     #endif
     #ifndef WOLFSSL_NOSHA3_512
         case WC_SHA3_512:
-            ret = wc_InitSha3_512(&hmac->hash.sha3, heap, devId);
+            ret = wc_InitSha3_512(&hash->sha3, heap, devId);
             break;
     #endif
     #endif
 
     #ifdef WOLFSSL_SM3
         case WC_SM3:
-            ret = wc_InitSm3(&hmac->hash.sm3, heap, devId);
+            ret = wc_InitSm3(&hash->sm3, heap, devId);
             break;
     #endif
 
@@ -232,6 +222,22 @@ int _InitHmac(Hmac* hmac, int type, void* heap)
             break;
     }
 
+    return ret;
+}
+
+int _InitHmac(Hmac* hmac, int type, void* heap)
+{
+    int ret;
+#ifdef WOLF_CRYPTO_CB
+    int devId = hmac->devId;
+#else
+    int devId = INVALID_DEVID;
+#endif
+
+    ret = HmacKeyInitHash(&hmac->hash, type, heap, devId);
+    if (ret != 0)
+        return ret;
+
     /* default to NULL heap hint or test value */
 #ifdef WOLFSSL_HEAP_TEST
     hmac->heap = (void*)WOLFSSL_HEAP_TEST;
@@ -242,6 +248,158 @@ int _InitHmac(Hmac* hmac, int type, void* heap)
     return ret;
 }
 
+#ifdef WOLFSSL_HMAC_COPY_HASH
+static int HmacKeyCopyHash(byte macType, wc_HmacHash* src, wc_HmacHash* dst)
+{
+    int ret = 0;
+
+    switch (macType) {
+    #ifndef NO_MD5
+        case WC_MD5:
+            ret = wc_Md5Copy(&src->md5, &dst->md5);
+            break;
+    #endif /* !NO_MD5 */
+
+    #ifndef NO_SHA
+        case WC_SHA:
+            ret = wc_ShaCopy(&src->sha, &dst->sha);
+            break;
+    #endif /* !NO_SHA */
+
+    #ifdef WOLFSSL_SHA224
+        case WC_SHA224:
+            ret = wc_Sha224Copy(&src->sha224, &dst->sha224);
+            break;
+    #endif /* WOLFSSL_SHA224 */
+    #ifndef NO_SHA256
+        case WC_SHA256:
+            ret = wc_Sha256Copy(&src->sha256, &dst->sha256);
+            break;
+    #endif /* !NO_SHA256 */
+
+    #ifdef WOLFSSL_SHA384
+        case WC_SHA384:
+            ret = wc_Sha384Copy(&src->sha384, &dst->sha384);
+            break;
+    #endif /* WOLFSSL_SHA384 */
+    #ifdef WOLFSSL_SHA512
+        case WC_SHA512:
+            ret = wc_Sha512Copy(&src->sha512, &dst->sha512);
+            break;
+    #endif /* WOLFSSL_SHA512 */
+
+    #ifdef WOLFSSL_SHA3
+    #ifndef WOLFSSL_NOSHA3_224
+        case WC_SHA3_224:
+            ret = wc_Sha3_224_Copy(&src->sha3, &dst->sha3);
+            break;
+    #endif
+    #ifndef WOLFSSL_NOSHA3_256
+        case WC_SHA3_256:
+            ret = wc_Sha3_256_Copy(&src->sha3, &dst->sha3);
+            break;
+    #endif
+    #ifndef WOLFSSL_NOSHA3_384
+        case WC_SHA3_384:
+            ret = wc_Sha3_384_Copy(&src->sha3, &dst->sha3);
+            break;
+    #endif
+    #ifndef WOLFSSL_NOSHA3_512
+        case WC_SHA3_512:
+            ret = wc_Sha3_512_Copy(&src->sha3, &dst->sha3);
+            break;
+    #endif
+    #endif /* WOLFSSL_SHA3 */
+
+    #ifdef WOLFSSL_SM3
+        case WC_SM3:
+            ret = wc_Sm3Copy(&src->sm3, &dst->sm3);
+            break;
+    #endif
+
+        default:
+            break;
+    }
+
+    return ret;
+}
+#endif
+
+static int HmacKeyHashUpdate(byte macType, wc_HmacHash* hash, byte* pad)
+{
+    int ret = 0;
+
+    switch (macType) {
+    #ifndef NO_MD5
+        case WC_MD5:
+            ret = wc_Md5Update(&hash->md5, pad, WC_MD5_BLOCK_SIZE);
+            break;
+    #endif /* !NO_MD5 */
+
+    #ifndef NO_SHA
+        case WC_SHA:
+            ret = wc_ShaUpdate(&hash->sha, pad, WC_SHA_BLOCK_SIZE);
+            break;
+    #endif /* !NO_SHA */
+
+    #ifdef WOLFSSL_SHA224
+        case WC_SHA224:
+            ret = wc_Sha224Update(&hash->sha224, pad, WC_SHA224_BLOCK_SIZE);
+            break;
+    #endif /* WOLFSSL_SHA224 */
+    #ifndef NO_SHA256
+        case WC_SHA256:
+            ret = wc_Sha256Update(&hash->sha256, pad, WC_SHA256_BLOCK_SIZE);
+            break;
+    #endif /* !NO_SHA256 */
+
+    #ifdef WOLFSSL_SHA384
+        case WC_SHA384:
+            ret = wc_Sha384Update(&hash->sha384, pad, WC_SHA384_BLOCK_SIZE);
+            break;
+    #endif /* WOLFSSL_SHA384 */
+    #ifdef WOLFSSL_SHA512
+        case WC_SHA512:
+            ret = wc_Sha512Update(&hash->sha512, pad, WC_SHA512_BLOCK_SIZE);
+            break;
+    #endif /* WOLFSSL_SHA512 */
+
+    #ifdef WOLFSSL_SHA3
+    #ifndef WOLFSSL_NOSHA3_224
+        case WC_SHA3_224:
+            ret = wc_Sha3_224_Update(&hash->sha3, pad, WC_SHA3_224_BLOCK_SIZE);
+            break;
+    #endif
+    #ifndef WOLFSSL_NOSHA3_256
+        case WC_SHA3_256:
+            ret = wc_Sha3_256_Update(&hash->sha3, pad, WC_SHA3_256_BLOCK_SIZE);
+            break;
+    #endif
+    #ifndef WOLFSSL_NOSHA3_384
+        case WC_SHA3_384:
+            ret = wc_Sha3_384_Update(&hash->sha3, pad, WC_SHA3_384_BLOCK_SIZE);
+            break;
+    #endif
+    #ifndef WOLFSSL_NOSHA3_512
+        case WC_SHA3_512:
+            ret = wc_Sha3_512_Update(&hash->sha3, pad, WC_SHA3_512_BLOCK_SIZE);
+            break;
+    #endif
+    #endif /* WOLFSSL_SHA3 */
+
+    #ifdef WOLFSSL_SM3
+        case WC_SM3:
+            ret = wc_Sm3Update(&hash->sm3, pad, WC_SM3_BLOCK_SIZE);
+            break;
+    #endif
+
+        default:
+            break;
+    }
+
+    return ret;
+}
+
 
 int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
                      int allowFlag)
@@ -266,6 +424,7 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
         return BAD_FUNC_ARG;
     }
 
+    heap = hmac->heap;
 #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
     /* if set key has already been run then make sure and free existing */
     /* This is for async and PIC32MZ situations, and just normally OK,
@@ -273,7 +432,13 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
        available in FIPS builds. In current FIPS builds, the hashes are
        not allocating resources. */
     if (hmac->macType != WC_HASH_TYPE_NONE) {
+    #ifdef WOLF_CRYPTO_CB
+        int devId = hmac->devId;
+    #endif
         wc_HmacFree(hmac);
+    #ifdef WOLF_CRYPTO_CB
+        hmac->devId = devId;
+    #endif
     }
 #endif
 
@@ -595,6 +760,29 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
         }
     }
 
+#ifdef WOLFSSL_HMAC_COPY_HASH
+    if ( ret == 0) {
+    #ifdef WOLF_CRYPTO_CB
+        int devId = hmac->devId;
+    #else
+        int devId = INVALID_DEVID;
+    #endif
+
+        ret = HmacKeyInitHash(&hmac->i_hash, hmac->macType, heap, devId);
+        if (ret != 0)
+            return ret;
+        ret = HmacKeyInitHash(&hmac->o_hash, hmac->macType, heap, devId);
+        if (ret != 0)
+            return ret;
+        ret = HmacKeyHashUpdate(hmac->macType, &hmac->i_hash, ip);
+        if (ret != 0)
+            return ret;
+        ret = HmacKeyHashUpdate(hmac->macType, &hmac->o_hash, op);
+        if (ret != 0)
+            return ret;
+    }
+#endif
+
     return ret;
 #endif /* WOLFSSL_MAXQ108X */
 }
@@ -610,96 +798,6 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
     return wc_HmacSetKey_ex(hmac, type, key, length, allowFlag);
 }
 
-static int HmacKeyInnerHash(Hmac* hmac)
-{
-    int ret = 0;
-
-    switch (hmac->macType) {
-    #ifndef NO_MD5
-        case WC_MD5:
-            ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->ipad,
-                                                             WC_MD5_BLOCK_SIZE);
-            break;
-    #endif /* !NO_MD5 */
-
-    #ifndef NO_SHA
-        case WC_SHA:
-            ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->ipad,
-                                                             WC_SHA_BLOCK_SIZE);
-            break;
-    #endif /* !NO_SHA */
-
-    #ifdef WOLFSSL_SHA224
-        case WC_SHA224:
-            ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->ipad,
-                                                          WC_SHA224_BLOCK_SIZE);
-            break;
-    #endif /* WOLFSSL_SHA224 */
-    #ifndef NO_SHA256
-        case WC_SHA256:
-            ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->ipad,
-                                                          WC_SHA256_BLOCK_SIZE);
-            break;
-    #endif /* !NO_SHA256 */
-
-    #ifdef WOLFSSL_SHA384
-        case WC_SHA384:
-            ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->ipad,
-                                                          WC_SHA384_BLOCK_SIZE);
-            break;
-    #endif /* WOLFSSL_SHA384 */
-    #ifdef WOLFSSL_SHA512
-        case WC_SHA512:
-            ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->ipad,
-                                                          WC_SHA512_BLOCK_SIZE);
-            break;
-    #endif /* WOLFSSL_SHA512 */
-
-    #ifdef WOLFSSL_SHA3
-    #ifndef WOLFSSL_NOSHA3_224
-        case WC_SHA3_224:
-            ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
-                                                        WC_SHA3_224_BLOCK_SIZE);
-            break;
-    #endif
-    #ifndef WOLFSSL_NOSHA3_256
-        case WC_SHA3_256:
-            ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
-                                                        WC_SHA3_256_BLOCK_SIZE);
-            break;
-    #endif
-    #ifndef WOLFSSL_NOSHA3_384
-        case WC_SHA3_384:
-            ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
-                                                        WC_SHA3_384_BLOCK_SIZE);
-            break;
-    #endif
-    #ifndef WOLFSSL_NOSHA3_512
-        case WC_SHA3_512:
-            ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->ipad,
-                                                        WC_SHA3_512_BLOCK_SIZE);
-            break;
-    #endif
-    #endif /* WOLFSSL_SHA3 */
-
-    #ifdef WOLFSSL_SM3
-        case WC_SM3:
-            ret = wc_Sm3Update(&hmac->hash.sm3, (byte*)hmac->ipad,
-                                                             WC_SM3_BLOCK_SIZE);
-            break;
-    #endif
-
-        default:
-            break;
-    }
-
-    if (ret == 0)
-        hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_SW;
-
-    return ret;
-}
-
-
 int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
 {
     int ret = 0;
@@ -731,9 +829,14 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
     if (!hmac->innerHashKeyed) {
-        ret = HmacKeyInnerHash(hmac);
+#ifndef WOLFSSL_HMAC_COPY_HASH
+        ret = HmacKeyHashUpdate(hmac->macType, &hmac->hash, (byte*)hmac->ipad);
+#else
+        ret = HmacKeyCopyHash(hmac->macType, &hmac->i_hash, &hmac->hash);
+#endif
         if (ret != 0)
             return ret;
+        hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_SW;
     }
 
     switch (hmac->macType) {
@@ -843,9 +946,14 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
     if (!hmac->innerHashKeyed) {
-        ret = HmacKeyInnerHash(hmac);
+#ifndef WOLFSSL_HMAC_COPY_HASH
+        ret = HmacKeyHashUpdate(hmac->macType, &hmac->hash, (byte*)hmac->ipad);
+#else
+        ret = HmacKeyCopyHash(hmac->macType, &hmac->i_hash, &hmac->hash);
+#endif
         if (ret != 0)
             return ret;
+        hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_SW;
     }
 
     switch (hmac->macType) {
@@ -854,8 +962,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Md5Final(&hmac->hash.md5, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->opad,
                                                              WC_MD5_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_MD5, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->innerHash,
@@ -871,8 +983,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_ShaFinal(&hmac->hash.sha, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad,
                                                              WC_SHA_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash,
@@ -888,8 +1004,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha224Final(&hmac->hash.sha224, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->opad,
                                                           WC_SHA224_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA224, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->innerHash,
@@ -906,8 +1026,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha256Final(&hmac->hash.sha256, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad,
                                                           WC_SHA256_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA256, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->innerHash,
@@ -923,8 +1047,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha384Final(&hmac->hash.sha384, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad,
                                                           WC_SHA384_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA384, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->innerHash,
@@ -939,8 +1067,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha512Final(&hmac->hash.sha512, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->opad,
                                                           WC_SHA512_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA512, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->innerHash,
@@ -957,8 +1089,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha3_224_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->opad,
                                                         WC_SHA3_224_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA3_224, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
@@ -973,8 +1109,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha3_256_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->opad,
                                                         WC_SHA3_256_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA3_256, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
@@ -989,8 +1129,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha3_384_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->opad,
                                                         WC_SHA3_384_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA3_384, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
@@ -1005,8 +1149,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sha3_512_Final(&hmac->hash.sha3, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->opad,
                                                         WC_SHA3_512_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SHA3_512, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->innerHash,
@@ -1023,8 +1171,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
             ret = wc_Sm3Final(&hmac->hash.sm3, (byte*)hmac->innerHash);
             if (ret != 0)
                 break;
+       #ifndef WOLFSSL_HMAC_COPY_HASH
             ret = wc_Sm3Update(&hmac->hash.sm3, (byte*)hmac->opad,
                                                              WC_SM3_BLOCK_SIZE);
+       #else
+            ret = HmacKeyCopyHash(WC_SM3, &hmac->o_hash, &hmac->hash);
+       #endif
             if (ret != 0)
                 break;
             ret = wc_Sm3Update(&hmac->hash.sm3, (byte*)hmac->innerHash,
@@ -1155,34 +1307,58 @@ void wc_HmacFree(Hmac* hmac)
     #ifndef NO_MD5
         case WC_MD5:
             wc_Md5Free(&hmac->hash.md5);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Md5Free(&hmac->i_hash.md5);
+            wc_Md5Free(&hmac->o_hash.md5);
+        #endif
             break;
     #endif /* !NO_MD5 */
 
     #ifndef NO_SHA
         case WC_SHA:
             wc_ShaFree(&hmac->hash.sha);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_ShaFree(&hmac->i_hash.sha);
+            wc_ShaFree(&hmac->o_hash.sha);
+        #endif
             break;
     #endif /* !NO_SHA */
 
     #ifdef WOLFSSL_SHA224
         case WC_SHA224:
             wc_Sha224Free(&hmac->hash.sha224);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha224Free(&hmac->i_hash.sha224);
+            wc_Sha224Free(&hmac->o_hash.sha224);
+        #endif
             break;
     #endif /* WOLFSSL_SHA224 */
     #ifndef NO_SHA256
         case WC_SHA256:
             wc_Sha256Free(&hmac->hash.sha256);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha256Free(&hmac->i_hash.sha256);
+            wc_Sha256Free(&hmac->o_hash.sha256);
+        #endif
             break;
     #endif /* !NO_SHA256 */
 
     #ifdef WOLFSSL_SHA384
         case WC_SHA384:
             wc_Sha384Free(&hmac->hash.sha384);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha384Free(&hmac->i_hash.sha384);
+            wc_Sha384Free(&hmac->o_hash.sha384);
+        #endif
             break;
     #endif /* WOLFSSL_SHA384 */
     #ifdef WOLFSSL_SHA512
         case WC_SHA512:
             wc_Sha512Free(&hmac->hash.sha512);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha512Free(&hmac->i_hash.sha512);
+            wc_Sha512Free(&hmac->o_hash.sha512);
+        #endif
             break;
     #endif /* WOLFSSL_SHA512 */
 
@@ -1190,21 +1366,37 @@ void wc_HmacFree(Hmac* hmac)
     #ifndef WOLFSSL_NOSHA3_224
         case WC_SHA3_224:
             wc_Sha3_224_Free(&hmac->hash.sha3);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha3_224_Free(&hmac->i_hash.sha3);
+            wc_Sha3_224_Free(&hmac->o_hash.sha3);
+        #endif
             break;
     #endif
     #ifndef WOLFSSL_NOSHA3_256
         case WC_SHA3_256:
             wc_Sha3_256_Free(&hmac->hash.sha3);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha3_256_Free(&hmac->i_hash.sha3);
+            wc_Sha3_256_Free(&hmac->o_hash.sha3);
+        #endif
             break;
     #endif
     #ifndef WOLFSSL_NOSHA3_384
         case WC_SHA3_384:
             wc_Sha3_384_Free(&hmac->hash.sha3);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha3_384_Free(&hmac->i_hash.sha3);
+            wc_Sha3_384_Free(&hmac->o_hash.sha3);
+        #endif
             break;
     #endif
     #ifndef WOLFSSL_NOSHA3_512
         case WC_SHA3_512:
             wc_Sha3_512_Free(&hmac->hash.sha3);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sha3_512_Free(&hmac->i_hash.sha3);
+            wc_Sha3_512_Free(&hmac->o_hash.sha3);
+        #endif
             break;
     #endif
     #endif /* WOLFSSL_SHA3 */
@@ -1212,6 +1404,10 @@ void wc_HmacFree(Hmac* hmac)
     #ifdef WOLFSSL_SM3
         case WC_SM3:
             wc_Sm3Free(&hmac->hash.sm3);
+        #ifdef WOLFSSL_HMAC_COPY_HASH
+            wc_Sm3Free(&hmac->i_hash.sm3);
+            wc_Sm3Free(&hmac->i_hash.sm3);
+        #endif
             break;
     #endif
 
diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c
index 450ee7317..4cd679f4d 100644
--- a/wolfcrypt/src/hpke.c
+++ b/wolfcrypt/src/hpke.c
@@ -1,6 +1,6 @@
 /* hpke.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,16 +23,11 @@
  * TODO: Add X448 and ChaCha20
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(HAVE_HPKE) && (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \
     defined(HAVE_AESGCM)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/ecc.h>
 #include <wolfssl/wolfcrypt/curve25519.h>
 #include <wolfssl/wolfcrypt/curve448.h>
@@ -256,13 +251,13 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
         case HPKE_AES_128_GCM:
             hpke->Nk = AES_128_KEY_SIZE;
             hpke->Nn = GCM_NONCE_MID_SZ;
-            hpke->Nt = AES_BLOCK_SIZE;
+            hpke->Nt = WC_AES_BLOCK_SIZE;
             break;
 
         case HPKE_AES_256_GCM:
             hpke->Nk = AES_256_KEY_SIZE;
             hpke->Nn = GCM_NONCE_MID_SZ;
-            hpke->Nt = AES_BLOCK_SIZE;
+            hpke->Nt = WC_AES_BLOCK_SIZE;
             break;
 
         default:
@@ -875,49 +870,63 @@ static int wc_HpkeSetupBaseSender(Hpke* hpke, HpkeBaseContext* context,
     return ret;
 }
 
+/* give SetupBaseSender a more intuitive and wolfCrypt friendly name */
+int wc_HpkeInitSealContext(Hpke* hpke, HpkeBaseContext* context,
+    void* ephemeralKey, void* receiverKey, byte* info, word32 infoSz)
+{
+    if (hpke == NULL || context == NULL || ephemeralKey == NULL ||
+        receiverKey == NULL || (info == NULL && infoSz > 0)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* zero out all fields */
+    XMEMSET(context, 0, sizeof(HpkeBaseContext));
+
+    return wc_HpkeSetupBaseSender(hpke, context, ephemeralKey, receiverKey,
+        info, infoSz);
+}
+
 /* encrypt a message using an hpke base context, return 0 or error */
-static int wc_HpkeContextSealBase(Hpke* hpke, HpkeBaseContext* context,
+int wc_HpkeContextSealBase(Hpke* hpke, HpkeBaseContext* context,
     byte* aad, word32 aadSz, byte* plaintext, word32 ptSz, byte* out)
 {
     int ret;
     byte nonce[HPKE_Nn_MAX];
 #ifndef WOLFSSL_SMALL_STACK
-    Aes aes_key[1];
+    Aes aes[1];
 #else
-    Aes* aes_key;
+    Aes* aes;
 #endif
-
-    if (hpke == NULL) {
+    if (hpke == NULL || context == NULL || (aad == NULL && aadSz > 0) ||
+        plaintext == NULL || out == NULL) {
         return BAD_FUNC_ARG;
     }
-
 #ifdef WOLFSSL_SMALL_STACK
-    aes_key = (Aes*)XMALLOC(sizeof(Aes), hpke->heap, DYNAMIC_TYPE_AES);
-    if (aes_key == NULL) {
+    aes = (Aes*)XMALLOC(sizeof(Aes), hpke->heap, DYNAMIC_TYPE_AES);
+    if (aes == NULL) {
         return MEMORY_E;
     }
 #endif
-
-    ret = wc_AesInit(aes_key, hpke->heap, INVALID_DEVID);
+    ret = wc_AesInit(aes, hpke->heap, INVALID_DEVID);
     if (ret == 0) {
+        /* compute nonce */
         ret = wc_HpkeContextComputeNonce(hpke, context, nonce);
         if (ret == 0) {
-            ret = wc_AesGcmSetKey(aes_key, context->key, hpke->Nk);
+            ret = wc_AesGcmSetKey(aes, context->key, hpke->Nk);
         }
         if (ret == 0) {
-            ret = wc_AesGcmEncrypt(aes_key, out, plaintext, ptSz, nonce,
+            ret = wc_AesGcmEncrypt(aes, out, plaintext, ptSz, nonce,
                 hpke->Nn, out + ptSz, hpke->Nt, aad, aadSz);
         }
+        /* increment sequence for non one shot */
         if (ret == 0) {
             context->seq++;
         }
-        wc_AesFree(aes_key);
+        wc_AesFree(aes);
     }
-
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes_key, hpke->heap, DYNAMIC_TYPE_AES);
+    XFREE(aes, hpke->heap, DYNAMIC_TYPE_AES);
 #endif
-
     return ret;
 }
 
@@ -1021,8 +1030,10 @@ static int wc_HpkeDecap(Hpke* hpke, void* receiverKey, const byte* pubKey,
 #ifdef ECC_TIMING_RESISTANT
                 rng = wc_rng_new(NULL, 0, hpke->heap);
 
-                if (rng == NULL)
-                    return RNG_FAILURE_E;
+                if (rng == NULL) {
+                    ret = RNG_FAILURE_E;
+                    break;
+                }
 
                 wc_ecc_set_rng((ecc_key*)receiverKey, rng);
 #endif
@@ -1111,49 +1122,60 @@ static int wc_HpkeSetupBaseReceiver(Hpke* hpke, HpkeBaseContext* context,
     return ret;
 }
 
+/* give SetupBaseReceiver a more intuitive and wolfCrypt friendly name */
+int wc_HpkeInitOpenContext(Hpke* hpke, HpkeBaseContext* context,
+    void* receiverKey, const byte* pubKey, word16 pubKeySz, byte* info,
+    word32 infoSz)
+{
+    if (hpke == NULL || context == NULL || receiverKey == NULL || pubKey == NULL
+        || (info == NULL && infoSz > 0)) {
+        return BAD_FUNC_ARG;
+    }
+
+    return wc_HpkeSetupBaseReceiver(hpke, context, receiverKey, pubKey,
+        pubKeySz, info, infoSz);
+}
+
 /* decrypt a message using a setup hpke context, return 0 or error */
-static int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context,
-    byte* aad, word32 aadSz, byte* ciphertext, word32 ctSz, byte* out)
+int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context, byte* aad,
+    word32 aadSz, byte* ciphertext, word32 ctSz, byte* out)
 {
     int ret;
     byte nonce[HPKE_Nn_MAX];
 #ifndef WOLFSSL_SMALL_STACK
-    Aes aes_key[1];
+    Aes aes[1];
 #else
-    Aes* aes_key;
+    Aes* aes;
 #endif
-
     if (hpke == NULL) {
         return BAD_FUNC_ARG;
     }
-
     XMEMSET(nonce, 0, sizeof(nonce));
 #ifdef WOLFSSL_SMALL_STACK
-    aes_key = (Aes*)XMALLOC(sizeof(Aes), hpke->heap, DYNAMIC_TYPE_AES);
-    if (aes_key == NULL) {
+    aes = (Aes*)XMALLOC(sizeof(Aes), hpke->heap, DYNAMIC_TYPE_AES);
+    if (aes == NULL) {
         return MEMORY_E;
     }
 #endif
-
+    /* compute nonce */
     ret = wc_HpkeContextComputeNonce(hpke, context, nonce);
     if (ret == 0)
-        ret = wc_AesInit(aes_key, hpke->heap, INVALID_DEVID);
+        ret = wc_AesInit(aes, hpke->heap, INVALID_DEVID);
     if (ret == 0) {
-        ret = wc_AesGcmSetKey(aes_key, context->key, hpke->Nk);
+        ret = wc_AesGcmSetKey(aes, context->key, hpke->Nk);
         if (ret == 0) {
-            ret = wc_AesGcmDecrypt(aes_key, out, ciphertext, ctSz, nonce,
+            ret = wc_AesGcmDecrypt(aes, out, ciphertext, ctSz, nonce,
                 hpke->Nn, ciphertext + ctSz, hpke->Nt, aad, aadSz);
         }
+        /* increment sequence for non one shot */
         if (ret == 0) {
             context->seq++;
         }
-        wc_AesFree(aes_key);
+        wc_AesFree(aes);
     }
-
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes_key, hpke->heap, DYNAMIC_TYPE_AES);
+    XFREE(aes, hpke->heap, DYNAMIC_TYPE_AES);
 #endif
-
     return ret;
 }
 
diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am
index e6a93af6d..872dffd0f 100644
--- a/wolfcrypt/src/include.am
+++ b/wolfcrypt/src/include.am
@@ -103,6 +103,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/st/stm32.c \
               wolfcrypt/src/port/st/stsafe.c \
               wolfcrypt/src/port/st/README.md \
+              wolfcrypt/src/port/st/STM32MP13.md \
+			  wolfcrypt/src/port/st/STM32MP25.md \
               wolfcrypt/src/port/af_alg/afalg_aes.c \
               wolfcrypt/src/port/af_alg/afalg_hash.c \
               wolfcrypt/src/port/kcapi/kcapi_aes.c \
@@ -123,6 +125,12 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c \
               wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c \
               wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py \
+              wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem \
               wolfcrypt/src/port/Espressif/README.md \
               wolfcrypt/src/port/arm/cryptoCell.c \
               wolfcrypt/src/port/arm/cryptoCellHash.c \
@@ -139,7 +147,11 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \
               wolfcrypt/src/port/Renesas/README.md \
               wolfcrypt/src/port/cypress/psoc6_crypto.c \
-              wolfcrypt/src/port/liboqs/liboqs.c
+              wolfcrypt/src/port/liboqs/liboqs.c \
+              wolfcrypt/src/port/maxim/max3266x.c \
+              wolfcrypt/src/ASN_TEMPLATE.md \
+              wolfcrypt/src/port/rpi_pico/pico.c \
+              wolfcrypt/src/port/rpi_pico/README.md
 
 $(ASYNC_FILES):
 	$(AM_V_at)touch $(srcdir)/$@
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index 3deeaeb82..341d99d67 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -1,6 +1,6 @@
 /* integer.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,21 +19,13 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /*
  * Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca,
  * http://math.libtomcrypt.com
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-/* in case user set USE_FAST_MATH there */
-#include <wolfssl/wolfcrypt/settings.h>
-
 #ifndef NO_BIG_INT
 
 #if !defined(USE_FAST_MATH) && defined(USE_INTEGER_HEAP_MATH)
@@ -177,6 +169,9 @@ int mp_init (mp_int * a)
 /* clear one (frees)  */
 void mp_clear (mp_int * a)
 {
+#ifdef HAVE_FIPS
+    mp_forcezero(a);
+#else
   int i;
 
   if (a == NULL)
@@ -202,6 +197,7 @@ void mp_clear (mp_int * a)
     a->alloc = a->used = 0;
     a->sign  = MP_ZPOS;
   }
+#endif
 }
 
 void mp_free (mp_int * a)
@@ -409,11 +405,10 @@ int mp_copy (const mp_int * a, mp_int * b)
 /* grow as required */
 int mp_grow (mp_int * a, int size)
 {
-  int     i;
   mp_digit *tmp;
 
   /* if the alloc size is smaller alloc more ram */
-  if (a->alloc < size || size == 0) {
+  if ((a->alloc < size) || (size == 0) || (a->alloc == 0)) {
     /* ensure there are always at least MP_PREC digits extra on top */
     size += (MP_PREC * 2) - (size % MP_PREC);
 
@@ -434,11 +429,12 @@ int mp_grow (mp_int * a, int size)
     a->dp = tmp;
 
     /* zero excess digits */
-    i        = a->alloc;
+    XMEMSET(&a->dp[a->alloc], 0, sizeof (mp_digit) * (size - a->alloc));
     a->alloc = size;
-    for (; i < a->alloc; i++) {
-      a->dp[i] = 0;
-    }
+  }
+  else if (a->dp == NULL) {
+      /* opportunistic sanity check for null a->dp with nonzero a->alloc */
+      return MP_VAL;
   }
   return MP_OKAY;
 }
@@ -1758,6 +1754,13 @@ int s_mp_add (mp_int * a, mp_int * b, mp_int * c)
     /* destination */
     tmpc = c->dp;
 
+    /* sanity-check dp pointers. */
+    if ((min_ab > 0) &&
+        ((tmpa == NULL) || (tmpb == NULL) || (tmpc == NULL)))
+    {
+        return MP_VAL;
+    }
+
     /* zero the carry */
     u = 0;
     for (i = 0; i < min_ab; i++) {
@@ -1833,6 +1836,13 @@ int s_mp_sub (mp_int * a, mp_int * b, mp_int * c)
     tmpb = b->dp;
     tmpc = c->dp;
 
+    /* sanity-check dp pointers from a and b. */
+    if ((min_b > 0) &&
+        ((tmpa == NULL) || (tmpb == NULL)))
+    {
+        return MP_VAL;
+    }
+
     /* set carry to zero */
     u = 0;
     for (i = 0; i < min_b; i++) {
@@ -3290,6 +3300,10 @@ int mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
   q.used = a->used;
   q.sign = a->sign;
   w = 0;
+
+  if (a->used == 0)
+      return MP_VAL;
+
   for (ix = a->used - 1; ix >= 0; ix--) {
      w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);
 
@@ -3332,8 +3346,6 @@ int mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
 /* init an mp_init for a given size */
 int mp_init_size (mp_int * a, int size)
 {
-  int x;
-
   /* pad size so there are always extra digits */
   size += (MP_PREC * 2) - (size % MP_PREC);
 
@@ -3353,9 +3365,7 @@ int mp_init_size (mp_int * a, int size)
 #endif
 
   /* zero the digits */
-  for (x = 0; x < size; x++) {
-      a->dp[x] = 0;
-  }
+  XMEMSET(a->dp, 0, sizeof (mp_digit) * size);
 
   return MP_OKAY;
 }
@@ -4681,8 +4691,11 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
       }
   }
 
-
   w = 0;
+
+  if (a->used == 0)
+      return MP_VAL;
+
   for (ix = a->used - 1; ix >= 0; ix--) {
      w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);
 
diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c
index 690774474..0e092ddf4 100644
--- a/wolfcrypt/src/kdf.c
+++ b/wolfcrypt/src/kdf.c
@@ -1,6 +1,6 @@
 /* kdf.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,14 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/wc_port.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef NO_KDF
 
@@ -84,11 +77,9 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
     word32 lastTime;
     int    ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
-    byte*  previous;
     byte*  current;
     Hmac*  hmac;
 #else
-    byte   previous[P_HASH_MAX_SIZE];  /* max size */
     byte   current[P_HASH_MAX_SIZE];   /* max size */
     Hmac   hmac[1];
 #endif
@@ -153,19 +144,16 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
     lastTime = times - 1;
 
 #ifdef WOLFSSL_SMALL_STACK
-    previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
-    current  = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
-    hmac     = (Hmac*)XMALLOC(sizeof(Hmac),    heap, DYNAMIC_TYPE_HMAC);
-    if (previous == NULL || current == NULL || hmac == NULL) {
-        XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
+    current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
+    hmac    = (Hmac*)XMALLOC(sizeof(Hmac),    heap, DYNAMIC_TYPE_HMAC);
+    if (current == NULL || hmac == NULL) {
         XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
         XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
         return MEMORY_E;
     }
 #endif
 #ifdef WOLFSSL_CHECK_MEM_ZERO
-    XMEMSET(previous, 0xff, P_HASH_MAX_SIZE);
-    wc_MemZero_Add("wc_PRF previous", previous, P_HASH_MAX_SIZE);
+    XMEMSET(current, 0xff, P_HASH_MAX_SIZE);
     wc_MemZero_Add("wc_PRF current", current, P_HASH_MAX_SIZE);
     wc_MemZero_Add("wc_PRF hmac", hmac, sizeof(Hmac));
 #endif
@@ -176,53 +164,53 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
         if (ret == 0)
             ret = wc_HmacUpdate(hmac, seed, seedLen); /* A0 = seed */
         if (ret == 0)
-            ret = wc_HmacFinal(hmac, previous);       /* A1 */
+            ret = wc_HmacFinal(hmac, current);        /* A1 */
         if (ret == 0) {
             word32 i;
             word32 idx = 0;
 
             for (i = 0; i < times; i++) {
-                ret = wc_HmacUpdate(hmac, previous, len);
+                ret = wc_HmacUpdate(hmac, current, len);
                 if (ret != 0)
                     break;
                 ret = wc_HmacUpdate(hmac, seed, seedLen);
                 if (ret != 0)
                     break;
-                ret = wc_HmacFinal(hmac, current);
-                if (ret != 0)
-                    break;
+                if ((i != lastTime) || !lastLen) {
+                    ret = wc_HmacFinal(hmac, &result[idx]);
+                    if (ret != 0)
+                        break;
+                    idx += len;
 
-                if ((i == lastTime) && lastLen)
+                    ret = wc_HmacUpdate(hmac, current, len);
+                    if (ret != 0)
+                        break;
+                    ret = wc_HmacFinal(hmac, current);
+                    if (ret != 0)
+                        break;
+                }
+                else {
+                    ret = wc_HmacFinal(hmac, current);
+                    if (ret != 0)
+                        break;
                     XMEMCPY(&result[idx], current,
                                              min(lastLen, P_HASH_MAX_SIZE));
-                else {
-                    XMEMCPY(&result[idx], current, len);
-                    idx += len;
-                    ret = wc_HmacUpdate(hmac, previous, len);
-                    if (ret != 0)
-                        break;
-                    ret = wc_HmacFinal(hmac, previous);
-                    if (ret != 0)
-                        break;
                 }
             }
         }
         wc_HmacFree(hmac);
     }
 
-    ForceZero(previous,  P_HASH_MAX_SIZE);
-    ForceZero(current,   P_HASH_MAX_SIZE);
-    ForceZero(hmac,      sizeof(Hmac));
+    ForceZero(current, P_HASH_MAX_SIZE);
+    ForceZero(hmac,    sizeof(Hmac));
 
 #if defined(WOLFSSL_CHECK_MEM_ZERO)
-    wc_MemZero_Check(previous, P_HASH_MAX_SIZE);
-    wc_MemZero_Check(current,  P_HASH_MAX_SIZE);
-    wc_MemZero_Check(hmac,     sizeof(Hmac));
+    wc_MemZero_Check(current, P_HASH_MAX_SIZE);
+    wc_MemZero_Check(hmac,    sizeof(Hmac));
 #endif
 
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
-    XFREE(current,  heap, DYNAMIC_TYPE_DIGEST);
+    XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
     XFREE(hmac,     heap, DYNAMIC_TYPE_HMAC);
 #endif
 
@@ -818,7 +806,7 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz,
         return BAD_FUNC_ARG;
     }
 
-    ret = wc_HmacSizeByType(enmhashId);
+    ret = wc_HmacSizeByType((int)enmhashId);
     if (ret <= 0) {
         return BAD_FUNC_ARG;
     }
@@ -946,11 +934,11 @@ static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx,
         }
         else {
             /* XOR in as bit shifted index. */
-            block[WC_SRTP_MAX_SALT - indexSz] ^= index[0] >> bits;
+            block[WC_SRTP_MAX_SALT - indexSz] ^= (byte)(index[0] >> bits);
             for (i = 1; i < indexSz; i++) {
                 block[i + WC_SRTP_MAX_SALT - indexSz] ^=
-                    (index[i-1] << (8 - bits)) |
-                    (index[i+0] >>      bits );
+                    (byte)((index[i-1] << (8 - bits)) |
+                           (index[i+0] >>      bits ));
             }
         }
     }
@@ -973,7 +961,7 @@ static int wc_srtp_kdf_derive_key(byte* block, int indexSz, byte label,
     int i;
     int ret = 0;
     /* Calculate the number of full blocks needed for derived key. */
-    int blocks = (int)(keySz / AES_BLOCK_SIZE);
+    int blocks = (int)(keySz / WC_AES_BLOCK_SIZE);
 
     /* XOR in label. */
     block[WC_SRTP_MAX_SALT - indexSz - 1] ^= label;
@@ -981,19 +969,19 @@ static int wc_srtp_kdf_derive_key(byte* block, int indexSz, byte label,
         /* Set counter. */
         block[15] = (byte)i;
         /* Encrypt block into key buffer. */
-        ret = wc_AesEcbEncrypt(aes, key, block, AES_BLOCK_SIZE);
+        ret = wc_AesEcbEncrypt(aes, key, block, WC_AES_BLOCK_SIZE);
         /* Reposition for more derived key. */
-        key += AES_BLOCK_SIZE;
+        key += WC_AES_BLOCK_SIZE;
         /* Reduce the count of key bytes required. */
-        keySz -= AES_BLOCK_SIZE;
+        keySz -= WC_AES_BLOCK_SIZE;
     }
     /* Do any partial blocks. */
     if ((ret == 0) && (keySz > 0)) {
-        byte enc[AES_BLOCK_SIZE];
+        byte enc[WC_AES_BLOCK_SIZE];
         /* Set counter. */
         block[15] = (byte)i;
         /* Encrypt block into temporary. */
-        ret = wc_AesEcbEncrypt(aes, enc, block, AES_BLOCK_SIZE);
+        ret = wc_AesEcbEncrypt(aes, enc, block, WC_AES_BLOCK_SIZE);
         if (ret == 0) {
             /* Copy into key required amount. */
             XMEMCPY(key, enc, keySz);
@@ -1034,7 +1022,7 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
         word32 key2Sz, byte* key3, word32 key3Sz)
 {
     int ret = 0;
-    byte block[AES_BLOCK_SIZE];
+    byte block[WC_AES_BLOCK_SIZE];
 #ifdef WOLFSSL_SMALL_STACK
     Aes* aes = NULL;
 #else
@@ -1055,11 +1043,7 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
             ret = MEMORY_E;
         }
     }
-    if (aes != NULL)
 #endif
-    {
-        XMEMSET(aes, 0, sizeof(Aes));
-    }
 
     /* Setup AES object. */
     if (ret == 0) {
@@ -1129,7 +1113,7 @@ int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, word32 salt
         word32 key2Sz, byte* key3, word32 key3Sz, int idxLenIndicator)
 {
     int ret = 0;
-    byte block[AES_BLOCK_SIZE];
+    byte block[WC_AES_BLOCK_SIZE];
 #ifdef WOLFSSL_SMALL_STACK
     Aes* aes = NULL;
 #else
@@ -1159,11 +1143,7 @@ int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, word32 salt
             ret = MEMORY_E;
         }
     }
-    if (aes != NULL)
 #endif
-    {
-        XMEMSET(aes, 0, sizeof(Aes));
-    }
 
     /* Setup AES object. */
     if (ret == 0) {
@@ -1238,7 +1218,7 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt,
         word32 outKeySz)
 {
     int ret = 0;
-    byte block[AES_BLOCK_SIZE];
+    byte block[WC_AES_BLOCK_SIZE];
 #ifdef WOLFSSL_SMALL_STACK
     Aes* aes = NULL;
 #else
@@ -1260,11 +1240,7 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt,
             ret = MEMORY_E;
         }
     }
-    if (aes != NULL)
 #endif
-    {
-        XMEMSET(aes, 0, sizeof(Aes));
-    }
 
     /* Setup AES object. */
     if (ret == 0) {
@@ -1321,7 +1297,7 @@ int wc_SRTCP_KDF_label(const byte* key, word32 keySz, const byte* salt,
         word32 outKeySz)
 {
     int ret = 0;
-    byte block[AES_BLOCK_SIZE];
+    byte block[WC_AES_BLOCK_SIZE];
 #ifdef WOLFSSL_SMALL_STACK
     Aes* aes = NULL;
 #else
@@ -1343,11 +1319,7 @@ int wc_SRTCP_KDF_label(const byte* key, word32 keySz, const byte* salt,
             ret = MEMORY_E;
         }
     }
-    if (aes != NULL)
 #endif
-    {
-        XMEMSET(aes, 0, sizeof(Aes));
-    }
 
     /* Setup AES object. */
     if (ret == 0) {
diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c
index 9568f1c6a..29b9221df 100644
--- a/wolfcrypt/src/logging.c
+++ b/wolfcrypt/src/logging.c
@@ -1,6 +1,6 @@
 /* logging.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,15 +19,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
 /* avoid adding WANT_READ and WANT_WRITE to error queue */
 #include <wolfssl/error-ssl.h>
@@ -265,7 +258,6 @@ void WOLFSSL_TIME(int count)
     /* the requisite linux/kernel.h is included in wc_port.h, with incompatible warnings masked out. */
 #elif defined(FUSION_RTOS)
     #include <fclstdio.h>
-    #include <wolfssl/wolfcrypt/wc_port.h>
     #define fprintf FCL_FPRINTF
 #else
     #include <stdio.h>  /* for default printf stuff */
@@ -904,7 +896,7 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line,
  * Get the error value at the HEAD of the ERR queue or 0 if the queue
  * is empty. The HEAD entry is removed by this call.
  */
-unsigned long wc_GetErrorNodeErr(void)
+int wc_GetErrorNodeErr(void)
 {
     int ret;
 
@@ -923,7 +915,7 @@ unsigned long wc_GetErrorNodeErr(void)
             wc_ClearErrorNodes();
         }
     }
-    return (unsigned long)ret;
+    return ret;
 }
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
@@ -1171,7 +1163,7 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file)
             sz = WOLFSSL_MAX_ERROR_SZ - 1;
         }
         if (sz > 0) {
-            XMEMCPY(err->error, buf, sz);
+            XMEMCPY(err->error, buf, (size_t)sz);
         }
 
         sz = (int)XSTRLEN(file);
@@ -1179,7 +1171,7 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file)
             sz = WOLFSSL_MAX_ERROR_SZ - 1;
         }
         if (sz > 0) {
-            XMEMCPY(err->file, file, sz);
+            XMEMCPY(err->file, file, (size_t)sz);
         }
 
         err->value = error;
@@ -1420,7 +1412,7 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line,
     }
 }
 
-unsigned long wc_GetErrorNodeErr(void)
+int wc_GetErrorNodeErr(void)
 {
     int ret;
 
@@ -1428,7 +1420,7 @@ unsigned long wc_GetErrorNodeErr(void)
 
     if (ERRQ_LOCK() != 0) {
         WOLFSSL_MSG("Lock debug mutex failed");
-        return (unsigned long)(0 - BAD_MUTEX_E);
+        return (0 - BAD_MUTEX_E);
     }
 
     ret = pullErrorNode(NULL, NULL, NULL);
@@ -1595,10 +1587,10 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line,
     return (unsigned long)(0 - NOT_COMPILED_IN);
 }
 
-unsigned long wc_GetErrorNodeErr(void)
+int wc_GetErrorNodeErr(void)
 {
     WOLFSSL_ENTER("wc_GetErrorNodeErr");
-    return (unsigned long)(0 - NOT_COMPILED_IN);
+    return (0 - NOT_COMPILED_IN);
 }
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
@@ -1721,6 +1713,14 @@ void WOLFSSL_ERROR_MSG(const char* msg)
 
 #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
 
+#ifdef WOLFSSL_LINUXKM
+
+void wc_backtrace_render(void) {
+    dump_stack();
+}
+
+#else /* !WOLFSSL_LINUXKM */
+
 #include <backtrace-supported.h>
 
 #if BACKTRACE_SUPPORTED != 1
@@ -1848,5 +1848,6 @@ void wc_backtrace_render(void) {
 
     wc_UnLockMutex(&backtrace_mutex);
 }
+#endif /* !WOLFSSL_LINUXKM */
 
 #endif /* WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES */
diff --git a/wolfcrypt/src/md2.c b/wolfcrypt/src/md2.c
index c28a049d4..89cec62f0 100644
--- a/wolfcrypt/src/md2.c
+++ b/wolfcrypt/src/md2.c
@@ -1,6 +1,6 @@
 /* md2.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,18 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_MD2
 
 #include <wolfssl/wolfcrypt/md2.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -40,16 +33,19 @@
 #endif
 
 
-void wc_InitMd2(Md2* md2)
+void wc_InitMd2(wc_Md2* md2)
 {
-    XMEMSET(md2->X, 0, MD2_X_SIZE);
-    XMEMSET(md2->C, 0, MD2_BLOCK_SIZE);
-    XMEMSET(md2->buffer, 0, MD2_BLOCK_SIZE);
+    if (md2 == NULL)
+        return;
+
+    XMEMSET(md2->X, 0, WC_MD2_X_SIZE);
+    XMEMSET(md2->C, 0, WC_MD2_BLOCK_SIZE);
+    XMEMSET(md2->buffer, 0, WC_MD2_BLOCK_SIZE);
     md2->count = 0;
 }
 
 
-void wc_Md2Update(Md2* md2, const byte* data, word32 len)
+void wc_Md2Update(wc_Md2* md2, const byte* data, word32 len)
 {
     static const byte S[256] =
     {
@@ -73,31 +69,34 @@ void wc_Md2Update(Md2* md2, const byte* data, word32 len)
         31, 26, 219, 153, 141, 51, 159, 17, 131, 20
     };
 
+    if (md2 == NULL || (data == NULL && len != 0))
+        return;
+
     while (len) {
-        word32 L = (MD2_PAD_SIZE - md2->count) < len ?
-                   (MD2_PAD_SIZE - md2->count) : len;
+        word32 L = (WC_MD2_PAD_SIZE - md2->count) < len ?
+                   (WC_MD2_PAD_SIZE - md2->count) : len;
         XMEMCPY(md2->buffer + md2->count, data, L);
         md2->count += L;
         data += L;
         len  -= L;
 
-        if (md2->count == MD2_PAD_SIZE) {
+        if (md2->count == WC_MD2_PAD_SIZE) {
             int  i;
             byte t;
 
             md2->count = 0;
-            XMEMCPY(md2->X + MD2_PAD_SIZE, md2->buffer, MD2_PAD_SIZE);
+            XMEMCPY(md2->X + WC_MD2_PAD_SIZE, md2->buffer, WC_MD2_PAD_SIZE);
             t = md2->C[15];
 
-            for(i = 0; i < MD2_PAD_SIZE; i++) {
-                md2->X[32 + i] = md2->X[MD2_PAD_SIZE + i] ^ md2->X[i];
+            for(i = 0; i < WC_MD2_PAD_SIZE; i++) {
+                md2->X[32 + i] = md2->X[WC_MD2_PAD_SIZE + i] ^ md2->X[i];
                 t = md2->C[i] ^= S[md2->buffer[i] ^ t];
             }
 
             t=0;
             for(i = 0; i < 18; i++) {
                 int j;
-                for(j = 0; j < MD2_X_SIZE; j += 8) {
+                for(j = 0; j < WC_MD2_X_SIZE; j += 8) {
                     t = md2->X[j+0] ^= S[t];
                     t = md2->X[j+1] ^= S[t];
                     t = md2->X[j+2] ^= S[t];
@@ -114,19 +113,23 @@ void wc_Md2Update(Md2* md2, const byte* data, word32 len)
 }
 
 
-void wc_Md2Final(Md2* md2, byte* hash)
+void wc_Md2Final(wc_Md2* md2, byte* hash)
 {
-    byte   padding[MD2_BLOCK_SIZE];
-    word32 padLen = MD2_PAD_SIZE - md2->count;
+    byte   padding[WC_MD2_BLOCK_SIZE];
+    word32 padLen;
     word32 i;
 
+    if (md2 == NULL || hash == NULL)
+        return;
+
+    padLen = WC_MD2_PAD_SIZE - md2->count;
     for (i = 0; i < padLen; i++)
         padding[i] = (byte)padLen;
 
     wc_Md2Update(md2, padding, padLen); /* cppcheck-suppress uninitvar */
-    wc_Md2Update(md2, md2->C, MD2_BLOCK_SIZE);
+    wc_Md2Update(md2, md2->C, WC_MD2_BLOCK_SIZE);
 
-    XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE);
+    XMEMCPY(hash, md2->X, WC_MD2_DIGEST_SIZE);
 
     wc_InitMd2(md2);
 }
@@ -135,13 +138,13 @@ void wc_Md2Final(Md2* md2, byte* hash)
 int wc_Md2Hash(const byte* data, word32 len, byte* hash)
 {
 #ifdef WOLFSSL_SMALL_STACK
-    Md2* md2;
+    wc_Md2* md2;
 #else
-    Md2 md2[1];
+    wc_Md2 md2[1];
 #endif
 
 #ifdef WOLFSSL_SMALL_STACK
-    md2 = (Md2*)XMALLOC(sizeof(Md2), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    md2 = (wc_Md2*)XMALLOC(sizeof(wc_Md2), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (md2 == NULL)
         return MEMORY_E;
 #endif
diff --git a/wolfcrypt/src/md4.c b/wolfcrypt/src/md4.c
index 65b4dc23f..53d206e09 100644
--- a/wolfcrypt/src/md4.c
+++ b/wolfcrypt/src/md4.c
@@ -1,6 +1,6 @@
 /* md4.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef NO_MD4
 
@@ -37,8 +32,11 @@
 #endif
 
 
-void wc_InitMd4(Md4* md4)
+void wc_InitMd4(wc_Md4* md4)
 {
+    if (md4 == NULL)
+        return;
+
     md4->digest[0] = 0x67452301L;
     md4->digest[1] = 0xefcdab89L;
     md4->digest[2] = 0x98badcfeL;
@@ -50,7 +48,7 @@ void wc_InitMd4(Md4* md4)
 }
 
 
-static void Transform(Md4* md4)
+static void Transform(wc_Md4* md4)
 {
 #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
 #define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
@@ -130,7 +128,7 @@ static void Transform(Md4* md4)
 }
 
 
-static WC_INLINE void AddLength(Md4* md4, word32 len)
+static WC_INLINE void AddLength(wc_Md4* md4, word32 len)
 {
     word32 tmp = md4->loLen;
     if ( (md4->loLen += len) < tmp)
@@ -138,51 +136,59 @@ static WC_INLINE void AddLength(Md4* md4, word32 len)
 }
 
 
-void wc_Md4Update(Md4* md4, const byte* data, word32 len)
+void wc_Md4Update(wc_Md4* md4, const byte* data, word32 len)
 {
     /* do block size increments */
-    byte* local = (byte*)md4->buffer;
+    byte* local;
 
+    if (md4 == NULL || (data == NULL && len != 0))
+        return;
+
+    local = (byte*)md4->buffer;
     while (len) {
-        word32 add = min(len, MD4_BLOCK_SIZE - md4->buffLen);
+        word32 add = min(len, WC_MD4_BLOCK_SIZE - md4->buffLen);
         XMEMCPY(&local[md4->buffLen], data, add);
 
         md4->buffLen += add;
         data         += add;
         len          -= add;
 
-        if (md4->buffLen == MD4_BLOCK_SIZE) {
+        if (md4->buffLen == WC_MD4_BLOCK_SIZE) {
             #ifdef BIG_ENDIAN_ORDER
-                ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
+                ByteReverseWords(md4->buffer, md4->buffer, WC_MD4_BLOCK_SIZE);
             #endif
             Transform(md4);
-            AddLength(md4, MD4_BLOCK_SIZE);
+            AddLength(md4, WC_MD4_BLOCK_SIZE);
             md4->buffLen = 0;
         }
     }
 }
 
 
-void wc_Md4Final(Md4* md4, byte* hash)
+void wc_Md4Final(wc_Md4* md4, byte* hash)
 {
-    byte* local = (byte*)md4->buffer;
+    byte* local;
 
+    if (md4 == NULL || hash == NULL)
+        return;
+
+    local = (byte*)md4->buffer;
     AddLength(md4, md4->buffLen);               /* before adding pads */
 
     local[md4->buffLen++] = 0x80;  /* add 1 */
 
     /* pad with zeros */
-    if (md4->buffLen > MD4_PAD_SIZE) {
-        XMEMSET(&local[md4->buffLen], 0, MD4_BLOCK_SIZE - md4->buffLen);
-        md4->buffLen += MD4_BLOCK_SIZE - md4->buffLen;
+    if (md4->buffLen > WC_MD4_PAD_SIZE) {
+        XMEMSET(&local[md4->buffLen], 0, WC_MD4_BLOCK_SIZE - md4->buffLen);
+        md4->buffLen += WC_MD4_BLOCK_SIZE - md4->buffLen;
 
         #ifdef BIG_ENDIAN_ORDER
-            ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
+            ByteReverseWords(md4->buffer, md4->buffer, WC_MD4_BLOCK_SIZE);
         #endif
         Transform(md4);
         md4->buffLen = 0;
     }
-    XMEMSET(&local[md4->buffLen], 0, MD4_PAD_SIZE - md4->buffLen);
+    XMEMSET(&local[md4->buffLen], 0, WC_MD4_PAD_SIZE - md4->buffLen);
 
     /* put lengths in bits */
     md4->hiLen = (md4->loLen >> (8*sizeof(md4->loLen) - 3)) +
@@ -191,17 +197,17 @@ void wc_Md4Final(Md4* md4, byte* hash)
 
     /* store lengths */
     #ifdef BIG_ENDIAN_ORDER
-        ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
+        ByteReverseWords(md4->buffer, md4->buffer, WC_MD4_BLOCK_SIZE);
     #endif
     /* ! length ordering dependent on digest endian type ! */
-    XMEMCPY(&local[MD4_PAD_SIZE], &md4->loLen, sizeof(word32));
-    XMEMCPY(&local[MD4_PAD_SIZE + sizeof(word32)], &md4->hiLen, sizeof(word32));
+    XMEMCPY(&local[WC_MD4_PAD_SIZE], &md4->loLen, sizeof(word32));
+    XMEMCPY(&local[WC_MD4_PAD_SIZE + sizeof(word32)], &md4->hiLen, sizeof(word32));
 
     Transform(md4);
     #ifdef BIG_ENDIAN_ORDER
-        ByteReverseWords(md4->digest, md4->digest, MD4_DIGEST_SIZE);
+        ByteReverseWords(md4->digest, md4->digest, WC_MD4_DIGEST_SIZE);
     #endif
-    XMEMCPY(hash, md4->digest, MD4_DIGEST_SIZE);
+    XMEMCPY(hash, md4->digest, WC_MD4_DIGEST_SIZE);
 
     wc_InitMd4(md4);  /* reset state */
 }
diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index f6ca240be..84f1117f4 100644
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -1,6 +1,6 @@
 /* md5.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if !defined(NO_MD5)
 
@@ -35,8 +29,6 @@
 #else
 
 #include <wolfssl/wolfcrypt/md5.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/hash.h>
 
 #ifdef NO_INLINE
@@ -48,7 +40,7 @@
 
 
 /* Hardware Acceleration */
-#if defined(STM32_HASH)
+#if defined(STM32_HASH) && !defined(STM32_NOMD5)
 
 /* Supports CubeMX HAL or Standard Peripheral Library */
 #define HAVE_MD5_CUST_API
diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c
index 164dc9571..c24d841f8 100644
--- a/wolfcrypt/src/memory.c
+++ b/wolfcrypt/src/memory.c
@@ -1,6 +1,6 @@
 /* memory.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,19 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/* inhibit "#undef current" in linuxkm_wc_port.h, included from wc_port.h,
+ * because needed in linuxkm_memory.c, included below.
+ */
+#define WOLFSSL_LINUXKM_NEED_LINUX_CURRENT
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#ifdef WOLFSSL_LINUXKM
-    /* inhibit "#undef current" in linuxkm_wc_port.h, included from wc_port.h,
-     * because needed in linuxkm_memory.c, included below.
-     */
-    #define WOLFSSL_NEED_LINUX_CURRENT
-#endif
-
-#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /*
 Possible memory options:
@@ -68,9 +61,9 @@ Possible memory options:
 void *z_realloc(void *ptr, size_t size)
 {
     if (ptr == NULL)
-        ptr = malloc(size);
+        ptr = malloc(size); /* native heap */
     else
-        ptr = realloc(ptr, size);
+        ptr = realloc(ptr, size); /* native heap */
 
     return ptr;
 }
@@ -80,8 +73,6 @@ void *z_realloc(void *ptr, size_t size)
 #ifdef USE_WOLFSSL_MEMORY
 
 #include <wolfssl/wolfcrypt/memory.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 
 #if defined(WOLFSSL_DEBUG_MEMORY) && defined(WOLFSSL_DEBUG_MEMORY_PRINT)
 #include <stdio.h>
@@ -359,7 +350,7 @@ void* wolfSSL_Malloc(size_t size)
         }
         #endif
 
-        res = malloc(size);
+        res = malloc(size); /* native heap */
     #else
         WOLFSSL_MSG("No malloc available");
     #endif
@@ -400,7 +391,7 @@ void* wolfSSL_Malloc(size_t size)
         #endif
         }
         else {
-            free(res); /* clear */
+            free(res); /* native heap */
         }
         gMemFailCount = gMemFailCountSeed; /* reset */
         return NULL;
@@ -444,7 +435,7 @@ void wolfSSL_Free(void *ptr)
     }
     else {
     #ifndef WOLFSSL_NO_MALLOC
-        free(ptr);
+        free(ptr); /* native heap */
     #else
         WOLFSSL_MSG("No free available");
     #endif
@@ -502,7 +493,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size)
     }
     else {
     #ifndef WOLFSSL_NO_MALLOC
-        res = realloc(ptr, size);
+        res = realloc(ptr, size); /* native heap */
     #else
         WOLFSSL_MSG("No realloc available");
     #endif
@@ -668,7 +659,7 @@ static int wc_partition_static_memory(byte* buffer, word32 sz, int flag,
 }
 
 static int wc_init_memory_heap(WOLFSSL_HEAP* heap, unsigned int listSz,
-        const unsigned int* sizeList, const unsigned int* distList)
+        const word32 *sizeList, const word32 *distList)
 {
     unsigned int i;
 
@@ -694,8 +685,8 @@ static int wc_init_memory_heap(WOLFSSL_HEAP* heap, unsigned int listSz,
 }
 
 int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint,
-        unsigned int listSz, const unsigned int* sizeList,
-        const unsigned int* distList, unsigned char* buf,
+        unsigned int listSz, const word32 *sizeList,
+        const word32 *distList, unsigned char *buf,
         unsigned int sz, int flag, int maxSz)
 {
     WOLFSSL_HEAP*      heap = NULL;
@@ -772,13 +763,8 @@ int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint,
 int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
     unsigned char* buf, unsigned int sz, int flag, int maxSz)
 {
-#ifdef WOLFSSL_LEAN_STATIC_PSK
-    word16 sizeList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS };
-    byte   distList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST };
-#else
     word32 sizeList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS };
     word32 distList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST };
-#endif
     int ret = 0;
 
     WOLFSSL_ENTER("wc_LoadStaticMemory");
@@ -816,7 +802,7 @@ int wolfSSL_MemoryPaddingSz(void)
 /* Used to calculate memory size for optimum use with buckets.
    returns the suggested size rounded down to the nearest bucket. */
 int wolfSSL_StaticBufferSz_ex(unsigned int listSz,
-        const unsigned int *sizeList, const unsigned int *distList,
+        const word32 *sizeList, const word32 *distList,
         byte* buffer, word32 sz, int flag)
 {
     word32 ava = sz;
@@ -1001,7 +987,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
     /* check for testing heap hint was set */
 #ifdef WOLFSSL_HEAP_TEST
     if (heap == (void*)WOLFSSL_HEAP_TEST) {
-        return malloc(size);
+        return malloc(size); /* native heap */
     }
 #endif
 
@@ -1012,7 +998,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
             if (type == DYNAMIC_TYPE_CTX || type == DYNAMIC_TYPE_METHOD ||
                                             type == DYNAMIC_TYPE_CERT_MANAGER) {
                 WOLFSSL_MSG("ERROR allowing null heap hint for ctx/method");
-                res = malloc(size);
+                res = malloc(size); /* native heap */
             }
             else {
                 WOLFSSL_MSG("ERROR null heap hint passed into XMALLOC");
@@ -1021,15 +1007,16 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
         #else
         #ifndef WOLFSSL_NO_MALLOC
             #ifdef FREERTOS
-                res = pvPortMalloc(size);
+                res = pvPortMalloc(size); /* native heap */
             #elif defined(WOLFSSL_EMBOS)
                 res = OS_HEAP_malloc(size);
             #else
-                res = malloc(size);
+                res = malloc(size); /* native heap */
             #endif
 
             #ifdef WOLFSSL_DEBUG_MEMORY
-                fprintf(stderr, "Alloc: %p -> %u at %s:%d\n", res, (word32)size, func, line);
+                fprintf(stderr, "[HEAP %p] Alloc: %p -> %u at %s:%d\n", heap,
+                    res, (word32)size, func, line);
             #endif
         #else
             WOLFSSL_MSG("No heap hint found to use and no malloc");
@@ -1096,8 +1083,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
                         }
                     #ifdef WOLFSSL_DEBUG_STATIC_MEMORY
                         else {
-                            fprintf(stderr, "Size: %lu, Empty: %d\n", (unsigned long) size,
-                                                              mem->sizeList[i]);
+                            fprintf(stderr, "Size: %lu, Empty: %d\n",
+                                (unsigned long) size, mem->sizeList[i]);
                         }
                     #endif
                     }
@@ -1113,7 +1100,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
 
         #ifdef WOLFSSL_DEBUG_MEMORY
             pt->szUsed = size;
-            fprintf(stderr, "Alloc: %p -> %lu at %s:%d\n", pt->buffer, size, func, line);
+            fprintf(stderr, "[HEAP %p] Alloc: %p -> %lu at %s:%d\n", heap,
+                pt->buffer, size, func, line);
         #endif
         #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
             if (DebugCb) {
@@ -1142,8 +1130,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
             WOLFSSL_MSG("ERROR ran out of static memory");
             res = NULL;
             #ifdef WOLFSSL_DEBUG_MEMORY
-                fprintf(stderr, "Looking for %lu bytes at %s:%d\n", (unsigned long) size, func,
-                        line);
+                fprintf(stderr, "Looking for %lu bytes at %s:%d\n",
+                    (unsigned long) size, func, line);
             #endif
             #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
             if (DebugCb) {
@@ -1186,9 +1174,10 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
     #ifdef WOLFSSL_HEAP_TEST
         if (heap == (void*)WOLFSSL_HEAP_TEST) {
         #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "Free: %p at %s:%d\n", pt, func, line);
+            fprintf(stderr, "[HEAP %p] Free: %p at %s:%d\n", heap, pt, func,
+                line);
         #endif
-            return free(ptr);
+            return free(ptr); /* native heap */
         }
     #endif
 
@@ -1204,15 +1193,16 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
             }
         #endif
         #ifndef WOLFSSL_NO_MALLOC
-            #ifdef FREERTOS
-                vPortFree(ptr);
-            #elif defined(WOLFSSL_EMBOS)
-                OS_HEAP_free(ptr);
-            #else
-                free(ptr);
-            #endif
             #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "Free: %p at %s:%d\n", ptr, func, line);
+            fprintf(stderr, "[HEAP %p] Free: %p at %s:%d\n", heap, pt, func,
+                line);
+            #endif
+            #ifdef FREERTOS
+                vPortFree(ptr); /* native heap */
+            #elif defined(WOLFSSL_EMBOS)
+                OS_HEAP_free(ptr); /* native heap */
+            #else
+                free(ptr); /* native heap */
             #endif
         #else
             WOLFSSL_MSG("Error trying to call free when turned off");
@@ -1285,8 +1275,8 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
         #endif
 
         #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf (stderr, "Free: %p -> %u at %s:%d\n", pt->buffer,
-                     pt->szUsed, func, line);
+            fprintf(stderr, "[HEAP %p] Free: %p -> %u at %s:%d\n", heap,
+                pt->buffer, pt->szUsed, func, line);
         #endif
 
         #ifndef WOLFSSL_STATIC_MEMORY_LEAN
@@ -1334,7 +1324,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
     /* check for testing heap hint was set */
 #ifdef WOLFSSL_HEAP_TEST
     if (heap == (void*)WOLFSSL_HEAP_TEST) {
-        return realloc(ptr, size);
+        return realloc(ptr, size); /* native heap */
     }
 #endif
 
@@ -1343,7 +1333,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
             WOLFSSL_MSG("ERROR null heap hint passed in to XREALLOC");
         #endif
         #ifndef WOLFSSL_NO_MALLOC
-            res = realloc(ptr, size);
+            res = realloc(ptr, size); /* native heap */
         #else
             WOLFSSL_MSG("NO heap found to use for realloc");
         #endif /* WOLFSSL_NO_MALLOC */
@@ -1492,7 +1482,7 @@ void* XMALLOC(size_t n, void* heap, int type)
             return NULL;
     }
 
-    return malloc(n);
+    return malloc(n); /* native heap */
 }
 
 void* XREALLOC(void *p, size_t n, void* heap, int type)
@@ -1513,7 +1503,7 @@ void* XREALLOC(void *p, size_t n, void* heap, int type)
             return NULL;
     }
 
-    return realloc(p, n);
+    return realloc(p, n); /* native heap */
 }
 
 void XFREE(void *p, void* heap, int type)
@@ -1526,7 +1516,7 @@ void XFREE(void *p, void* heap, int type)
     if (type == DYNAMIC_TYPE_OUT_BUFFER)
         return;  /* do nothing, static pool */
 
-    free(p);
+    free(p); /* native heap */
 }
 
 #endif /* HAVE_IO_POOL */
@@ -1553,7 +1543,7 @@ void *xmalloc(size_t n, void* heap, int type, const char* func,
 #endif
     }
     else
-        p32 = malloc(n + sizeof(word32) * 4);
+        p32 = malloc(n + sizeof(word32) * 4); /* native heap */
 
     if (p32 != NULL) {
         p32[0] = (word32)n;
@@ -1596,7 +1586,7 @@ void *xrealloc(void *p, size_t n, void* heap, int type, const char* func,
 #endif
     }
     else
-        p32 = realloc(oldp32, n + sizeof(word32) * 4);
+        p32 = realloc(oldp32, n + sizeof(word32) * 4); /* native heap */
 
     if (p32 != NULL) {
         p32[0] = (word32)n;
@@ -1642,7 +1632,7 @@ void xfree(void *p, void* heap, int type, const char* func, const char* file,
 #endif
         }
         else
-            free(p32);
+            free(p32); /* native heap */
     }
 
     (void)heap;
diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c
index 7a9bcb02c..98b83c7ae 100644
--- a/wolfcrypt/src/misc.c
+++ b/wolfcrypt/src/misc.c
@@ -1,6 +1,6 @@
 /* misc.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,11 +25,15 @@ This module implements the arithmetic-shift right, left, byte swapping, XOR,
 masking and clearing memory logic.
 
 */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
 
-#include <wolfssl/wolfcrypt/settings.h>
+#ifdef WOLFSSL_VIS_FOR_TESTS
+    #ifdef HAVE_CONFIG_H
+        #include <config.h>
+    #endif
+    #include <wolfssl/wolfcrypt/settings.h>
+#else
+    #include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+#endif
 
 #ifndef WOLF_CRYPT_MISC_C
 #define WOLF_CRYPT_MISC_C
@@ -115,23 +119,19 @@ masking and clearing memory logic.
 
 #endif
 
-#ifdef WC_RC2
-
 /* This routine performs a left circular arithmetic shift of <x> by <y> value */
 WC_MISC_STATIC WC_INLINE word16 rotlFixed16(word16 x, word16 y)
 {
-    return (x << y) | (x >> (sizeof(x) * 8 - y));
+    return (word16)((x << y) | (x >> (sizeof(x) * 8U - y)));
 }
 
 
 /* This routine performs a right circular arithmetic shift of <x> by <y> value */
 WC_MISC_STATIC WC_INLINE word16 rotrFixed16(word16 x, word16 y)
 {
-    return (x >> y) | (x << (sizeof(x) * 8 - y));
+    return (word16)((x >> y) | (x << (sizeof(x) * 8U - y)));
 }
 
-#endif /* WC_RC2 */
-
 /* This routine performs a byte swap of 32-bit word value. */
 #if defined(__CCRX__) && !defined(NO_INLINE) /* shortest version for CC-RX */
     #define ByteReverseWord32(value) _builtin_revl(value)
@@ -193,6 +193,28 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
             out[i] = ByteReverseWord32(in[i]);
     }
 #ifdef WOLFSSL_USE_ALIGN
+    else if (((size_t)in & 0x3) == 0) {
+        byte *out_bytes = (byte *)out;
+        word32 scratch;
+
+        byteCount &= ~0x3U;
+
+        for (i = 0; i < byteCount; i += (word32)sizeof(word32)) {
+            scratch = ByteReverseWord32(*in++);
+            XMEMCPY(out_bytes + i, &scratch, sizeof(scratch));
+        }
+    }
+    else if (((size_t)out & 0x3) == 0) {
+        byte *in_bytes = (byte *)in;
+        word32 scratch;
+
+        byteCount &= ~0x3U;
+
+        for (i = 0; i < byteCount; i += (word32)sizeof(word32)) {
+            XMEMCPY(&scratch, in_bytes + i, sizeof(scratch));
+            *out++ = ByteReverseWord32(scratch);
+        }
+    }
     else {
         byte *in_bytes = (byte *)in;
         byte *out_bytes = (byte *)out;
@@ -200,7 +222,7 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
 
         byteCount &= ~0x3U;
 
-        for (i = 0; i < byteCount; i += sizeof(word32)) {
+        for (i = 0; i < byteCount; i += (word32)sizeof(word32)) {
             XMEMCPY(&scratch, in_bytes + i, sizeof(scratch));
             scratch = ByteReverseWord32(scratch);
             XMEMCPY(out_bytes + i, &scratch, sizeof(scratch));
@@ -209,8 +231,101 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
 #endif
 }
 
+WC_MISC_STATIC WC_INLINE word32 readUnalignedWord32(const byte *in)
+{
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
+        return *(word32 *)in;
+    else {
+        word32 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */
+        XMEMCPY(&out, in, sizeof(out));
+        return out;
+    }
+}
+
+WC_MISC_STATIC WC_INLINE word32 writeUnalignedWord32(void *out, word32 in)
+{
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
+        *(word32 *)out = in;
+    else {
+        XMEMCPY(out, &in, sizeof(in));
+    }
+    return in;
+}
+
+WC_MISC_STATIC WC_INLINE void readUnalignedWords32(word32 *out, const byte *in,
+                                                   size_t count)
+{
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) {
+        const word32 *in_word32 = (const word32 *)in;
+        while (count-- > 0)
+            *out++ = *in_word32++;
+    }
+    else {
+        XMEMCPY(out, in, count * sizeof(*out));
+    }
+}
+
+WC_MISC_STATIC WC_INLINE void writeUnalignedWords32(byte *out, const word32 *in,
+                                                    size_t count)
+{
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) {
+        word32 *out_word32 = (word32 *)out;
+        while (count-- > 0)
+            *out_word32++ = *in++;
+    }
+    else {
+        XMEMCPY(out, in, count * sizeof(*in));
+    }
+}
+
 #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
 
+WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in)
+{
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
+        return *(word64 *)in;
+    else {
+        word64 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */
+        XMEMCPY(&out, in, sizeof(out));
+        return out;
+    }
+}
+
+WC_MISC_STATIC WC_INLINE word64 writeUnalignedWord64(void *out, word64 in)
+{
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
+        *(word64 *)out = in;
+    else {
+        XMEMCPY(out, &in, sizeof(in));
+    }
+    return in;
+}
+
+WC_MISC_STATIC WC_INLINE void readUnalignedWords64(word64 *out, const byte *in,
+                                                   size_t count)
+{
+    if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) {
+        const word64 *in_word64 = (const word64 *)in;
+        while (count-- > 0)
+            *out++ = *in_word64++;
+    }
+    else {
+        XMEMCPY(out, in, count * sizeof(*out));
+    }
+}
+
+WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in,
+                                                    size_t count)
+{
+    if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) {
+        word64 *out_word64 = (word64 *)out;
+        while (count-- > 0)
+            *out_word64++ = *in++;
+    }
+    else {
+        XMEMCPY(out, in, count * sizeof(*in));
+    }
+}
 
 WC_MISC_STATIC WC_INLINE word64 rotlFixed64(word64 x, word64 y)
 {
@@ -246,22 +361,68 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
 {
     word32 count = byteCount/(word32)sizeof(word64), i;
 
-    for (i = 0; i < count; i++)
-        out[i] = ByteReverseWord64(in[i]);
+#ifdef WOLFSSL_USE_ALIGN
+    if ((((size_t)in & 0x7) == 0) &&
+        (((size_t)out & 0x7) == 0))
+#endif
+    {
+        for (i = 0; i < count; i++)
+            out[i] = ByteReverseWord64(in[i]);
+    }
+#ifdef WOLFSSL_USE_ALIGN
+    else if (((size_t)in & 0x7) == 0) {
+        byte *out_bytes = (byte *)out;
+        word64 scratch;
 
+        byteCount &= ~0x7U;
+
+        for (i = 0; i < byteCount; i += (word32)sizeof(word64)) {
+            scratch = ByteReverseWord64(*in++);
+            XMEMCPY(out_bytes + i, &scratch, sizeof(scratch));
+        }
+    }
+    else if (((size_t)out & 0x7) == 0) {
+        byte *in_bytes = (byte *)in;
+        word64 scratch;
+
+        byteCount &= ~0x7U;
+
+        for (i = 0; i < byteCount; i += (word32)sizeof(word64)) {
+            XMEMCPY(&scratch, in_bytes + i, sizeof(scratch));
+            *out++ = ByteReverseWord64(scratch);
+        }
+    }
+    else {
+        byte *in_bytes = (byte *)in;
+        byte *out_bytes = (byte *)out;
+        word64 scratch;
+
+        byteCount &= ~0x7U;
+
+        for (i = 0; i < byteCount; i += (word32)sizeof(word64)) {
+            XMEMCPY(&scratch, in_bytes + i, sizeof(scratch));
+            scratch = ByteReverseWord64(scratch);
+            XMEMCPY(out_bytes + i, &scratch, sizeof(scratch));
+        }
+    }
+#endif
 }
 
 #endif /* WORD64_AVAILABLE && !WOLFSSL_NO_WORD64_OPS */
 
 #ifndef WOLFSSL_NO_XOR_OPS
+
+/* Leave no doubt that WOLFSSL_WORD_SIZE is a power of 2. */
+wc_static_assert((WOLFSSL_WORD_SIZE & (WOLFSSL_WORD_SIZE - 1)) == 0);
+
 /* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
 of wolfssl_words, placing the result in <*r>. */
 WC_MISC_STATIC WC_INLINE void XorWordsOut(wolfssl_word** r,
                        const wolfssl_word** a, const wolfssl_word** b, word32 n)
 {
-    word32 i;
+    const wolfssl_word *e = *a + n;
 
-    for (i = 0; i < n; i++)
+    while (*a < e)
         *((*r)++) = *((*a)++) ^ *((*b)++);
 }
 
@@ -271,48 +432,68 @@ counts, placing the result in <*buf>. */
 WC_MISC_STATIC WC_INLINE void xorbufout(void* out, const void* buf,
                                         const void* mask, word32 count)
 {
-    word32      i;
-    byte*       o;
-    const byte* b;
-    const byte* m;
+    byte*       o = (byte*)out;
+    const byte* b = (const byte*)buf;
+    const byte* m = (const byte*)mask;
 
-    o = (byte*)out;
-    b = (const byte*)buf;
-    m = (const byte*)mask;
+    /* type-punning helpers */
+    union {
+        byte* bp;
+        wolfssl_word* wp;
+    } tpo;
+    union {
+        const byte* bp;
+        const wolfssl_word* wp;
+    } tpb, tpm;
 
+    if (((((wc_ptr_t)o) & (WOLFSSL_WORD_SIZE - 1)) == 0) &&
+        ((((wc_ptr_t)b) & (WOLFSSL_WORD_SIZE - 1)) == 0) &&
+        ((((wc_ptr_t)m) & (WOLFSSL_WORD_SIZE - 1)) == 0))
+    {
+        /* All buffers are already aligned.  Possible to XOR by words without
+         * fixup.
+         */
 
-    if (((wc_ptr_t)o) % WOLFSSL_WORD_SIZE ==
-            ((wc_ptr_t)b) % WOLFSSL_WORD_SIZE &&
-            ((wc_ptr_t)b) % WOLFSSL_WORD_SIZE ==
-                        ((wc_ptr_t)m) % WOLFSSL_WORD_SIZE) {
-        /* type-punning helpers */
-        union {
-            byte* bp;
-            wolfssl_word* wp;
-        } tpo;
-        union {
-            const byte* bp;
-            const wolfssl_word* wp;
-        } tpb, tpm;
-        /* Alignment checks out. Possible to XOR words. */
-        /* Move alignment so that it lines up with a
-         * WOLFSSL_WORD_SIZE boundary */
-        while (((wc_ptr_t)b) % WOLFSSL_WORD_SIZE != 0 && count > 0) {
-            *(o++) = (byte)(*(b++) ^ *(m++));
-            count--;
-        }
         tpo.bp = o;
         tpb.bp = b;
         tpm.bp = m;
-        XorWordsOut( &tpo.wp, &tpb.wp, &tpm.wp, count / WOLFSSL_WORD_SIZE);
+        XorWordsOut(&tpo.wp, &tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2);
         o = tpo.bp;
         b = tpb.bp;
         m = tpm.bp;
-        count %= WOLFSSL_WORD_SIZE;
+        count &= (WOLFSSL_WORD_SIZE - 1);
+    }
+    else if ((((wc_ptr_t)o) & (WOLFSSL_WORD_SIZE - 1)) ==
+             (((wc_ptr_t)b) & (WOLFSSL_WORD_SIZE - 1)) &&
+             (((wc_ptr_t)b) & (WOLFSSL_WORD_SIZE - 1)) ==
+             (((wc_ptr_t)m) & (WOLFSSL_WORD_SIZE - 1)))
+    {
+        /* Alignment can be fixed up to allow XOR by words. */
+
+        /* Perform bytewise xor until pointers are aligned to
+         * WOLFSSL_WORD_SIZE.
+         */
+        while ((((wc_ptr_t)b & (WOLFSSL_WORD_SIZE - 1)) != 0) && (count > 0))
+        {
+            *o++ = (byte)(*b++ ^ *m++);
+            count--;
+        }
+
+        tpo.bp = o;
+        tpb.bp = b;
+        tpm.bp = m;
+        XorWordsOut(&tpo.wp, &tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2);
+        o = tpo.bp;
+        b = tpb.bp;
+        m = tpm.bp;
+        count &= (WOLFSSL_WORD_SIZE - 1);
+    }
+
+    while (count > 0) {
+        *o++ = (byte)(*b++ ^ *m++);
+        count--;
     }
 
-    for (i = 0; i < count; i++)
-        o[i] = (byte)(b[i] ^ m[i]);
 }
 
 /* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
@@ -320,9 +501,9 @@ of wolfssl_words, placing the result in <*r>. */
 WC_MISC_STATIC WC_INLINE void XorWords(wolfssl_word** r, const wolfssl_word** a,
                                        word32 n)
 {
-    word32 i;
+    const wolfssl_word *e = *a + n;
 
-    for (i = 0; i < n; i++)
+    while (*a < e)
         *((*r)++) ^= *((*a)++);
 }
 
@@ -331,47 +512,82 @@ counts, placing the result in <*buf>. */
 
 WC_MISC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
 {
-    word32      i;
-    byte*       b;
-    const byte* m;
+    byte*       b = (byte*)buf;
+    const byte* m = (const byte*)mask;
 
-    b = (byte*)buf;
-    m = (const byte*)mask;
+    /* type-punning helpers */
+    union {
+        byte* bp;
+        wolfssl_word* wp;
+    } tpb;
+    union {
+        const byte* bp;
+        const wolfssl_word* wp;
+    } tpm;
 
-    if (((wc_ptr_t)b) % WOLFSSL_WORD_SIZE ==
-            ((wc_ptr_t)m) % WOLFSSL_WORD_SIZE) {
-        /* type-punning helpers */
-        union {
-            byte* bp;
-            wolfssl_word* wp;
-        } tpb;
-        union {
-            const byte* bp;
-            const wolfssl_word* wp;
-        } tpm;
-        /* Alignment checks out. Possible to XOR words. */
-        /* Move alignment so that it lines up with a
-         * WOLFSSL_WORD_SIZE boundary */
-        while (((wc_ptr_t)buf) % WOLFSSL_WORD_SIZE != 0 && count > 0) {
+    if ((((wc_ptr_t)buf & (WOLFSSL_WORD_SIZE - 1)) == 0) &&
+        (((wc_ptr_t)mask & (WOLFSSL_WORD_SIZE - 1)) == 0))
+    {
+        /* Both buffers are already aligned.  Possible to XOR by words without
+         * fixup.
+         */
+
+        tpb.bp = b;
+        tpm.bp = m;
+        /* Work around false positives from linuxkm CONFIG_FORTIFY_SOURCE. */
+        #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE)
+            PRAGMA_GCC_DIAG_PUSH;
+            PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
+        #endif
+        XorWords(&tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2);
+        #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE)
+            PRAGMA_GCC_DIAG_POP;
+        #endif
+        b = tpb.bp;
+        m = tpm.bp;
+        count &= (WOLFSSL_WORD_SIZE - 1);
+    }
+    else if (((wc_ptr_t)buf & (WOLFSSL_WORD_SIZE - 1)) ==
+             ((wc_ptr_t)mask & (WOLFSSL_WORD_SIZE - 1)))
+    {
+        /* Alignment can be fixed up to allow XOR by words. */
+
+        /* Perform bytewise xor until pointers are aligned to
+         * WOLFSSL_WORD_SIZE.
+         */
+        while ((((wc_ptr_t)b & (WOLFSSL_WORD_SIZE - 1)) != 0) && (count > 0))
+        {
             *(b++) ^= *(m++);
             count--;
         }
+
         tpb.bp = b;
         tpm.bp = m;
-        XorWords( &tpb.wp, &tpm.wp, count / WOLFSSL_WORD_SIZE);
+        /* Work around false positives from linuxkm CONFIG_FORTIFY_SOURCE. */
+        #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE)
+            PRAGMA_GCC_DIAG_PUSH;
+            PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
+        #endif
+        XorWords(&tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2);
+        #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE)
+            PRAGMA_GCC_DIAG_POP;
+        #endif
         b = tpb.bp;
         m = tpm.bp;
-        count %= WOLFSSL_WORD_SIZE;
+        count &= (WOLFSSL_WORD_SIZE - 1);
     }
 
-    for (i = 0; i < count; i++)
-        b[i] ^= m[i];
+    while (count > 0) {
+        *b++ ^= *m++;
+        count--;
+    }
 }
-#endif
+
+#endif /* !WOLFSSL_NO_XOR_OPS */
 
 #ifndef WOLFSSL_NO_FORCE_ZERO
 /* This routine fills the first len bytes of the memory area pointed by mem
-   with zeros. It ensures compiler optimizations doesn't skip it  */
+   with zeros. It ensures compiler optimization doesn't skip it  */
 WC_MISC_STATIC WC_INLINE void ForceZero(void* mem, word32 len)
 {
     volatile byte* z = (volatile byte*)mem;
@@ -417,158 +633,6 @@ WC_MISC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b,
 }
 #endif
 
-
-#ifndef WOLFSSL_HAVE_MIN
-    #define WOLFSSL_HAVE_MIN
-    #if defined(HAVE_FIPS) && !defined(min) /* so ifdef check passes */
-        #define min min
-    #endif
-    /* returns the smaller of a and b */
-    WC_MISC_STATIC WC_INLINE word32 min(word32 a, word32 b)
-    {
-        return a > b ? b : a;
-    }
-#endif /* !WOLFSSL_HAVE_MIN */
-
-#ifndef WOLFSSL_HAVE_MAX
-    #define WOLFSSL_HAVE_MAX
-    #if defined(HAVE_FIPS) && !defined(max) /* so ifdef check passes */
-        #define max max
-    #endif
-    WC_MISC_STATIC WC_INLINE word32 max(word32 a, word32 b)
-    {
-        return a > b ? a : b;
-    }
-#endif /* !WOLFSSL_HAVE_MAX */
-
-#ifndef WOLFSSL_NO_INT_ENCODE
-/* converts a 32 bit integer to 24 bit */
-WC_MISC_STATIC WC_INLINE void c32to24(word32 in, word24 out)
-{
-    out[0] = (byte)((in >> 16) & 0xff);
-    out[1] = (byte)((in >>  8) & 0xff);
-    out[2] =  (byte)(in        & 0xff);
-}
-
-/* convert 16 bit integer to opaque */
-WC_MISC_STATIC WC_INLINE void c16toa(word16 wc_u16, byte* c)
-{
-    c[0] = (byte)((wc_u16 >> 8) & 0xff);
-    c[1] =  (byte)(wc_u16       & 0xff);
-}
-
-/* convert 32 bit integer to opaque */
-WC_MISC_STATIC WC_INLINE void c32toa(word32 wc_u32, byte* c)
-{
-#ifdef WOLFSSL_USE_ALIGN
-    c[0] = (byte)((wc_u32 >> 24) & 0xff);
-    c[1] = (byte)((wc_u32 >> 16) & 0xff);
-    c[2] = (byte)((wc_u32 >>  8) & 0xff);
-    c[3] =  (byte)(wc_u32        & 0xff);
-#elif defined(LITTLE_ENDIAN_ORDER)
-    *(word32*)c = ByteReverseWord32(wc_u32);
-#else
-    *(word32*)c = wc_u32;
-#endif
-}
-#endif
-
-#ifndef WOLFSSL_NO_INT_DECODE
-/* convert a 24 bit integer into a 32 bit one */
-WC_MISC_STATIC WC_INLINE void c24to32(const word24 wc_u24, word32* wc_u32)
-{
-    *wc_u32 = ((word32)wc_u24[0] << 16) |
-              ((word32)wc_u24[1] << 8) |
-               (word32)wc_u24[2];
-}
-
-
-/* convert opaque to 24 bit integer */
-WC_MISC_STATIC WC_INLINE void ato24(const byte* c, word32* wc_u24)
-{
-    *wc_u24 = ((word32)c[0] << 16) | ((word32)c[1] << 8) | c[2];
-}
-
-/* convert opaque to 16 bit integer */
-WC_MISC_STATIC WC_INLINE void ato16(const byte* c, word16* wc_u16)
-{
-    *wc_u16 = (word16) ((c[0] << 8) | (c[1]));
-}
-
-/* convert opaque to 32 bit integer */
-WC_MISC_STATIC WC_INLINE void ato32(const byte* c, word32* wc_u32)
-{
-#ifdef WOLFSSL_USE_ALIGN
-    *wc_u32 = ((word32)c[0] << 24) |
-              ((word32)c[1] << 16) |
-              ((word32)c[2] << 8) |
-               (word32)c[3];
-#elif defined(LITTLE_ENDIAN_ORDER)
-    *wc_u32 = ByteReverseWord32(*(word32*)c);
-#else
-    *wc_u32 = *(word32*)c;
-#endif
-}
-
-/* convert opaque to 32 bit integer. Interpret as little endian. */
-WC_MISC_STATIC WC_INLINE void ato32le(const byte* c, word32* wc_u32)
-{
-    *wc_u32 =  (word32)c[0] |
-              ((word32)c[1] << 8) |
-              ((word32)c[2] << 16) |
-              ((word32)c[3] << 24);
-}
-
-
-WC_MISC_STATIC WC_INLINE word32 btoi(byte b)
-{
-    return (word32)(b - 0x30);
-}
-#endif
-
-WC_MISC_STATIC WC_INLINE signed char HexCharToByte(char ch)
-{
-    signed char ret = (signed char)ch;
-    if (ret >= '0' && ret <= '9')
-        ret -= '0';
-    else if (ret >= 'A' && ret <= 'F')
-        ret -= 'A' - 10;
-    else if (ret >= 'a' && ret <= 'f')
-        ret -= 'a' - 10;
-    else
-        ret = -1; /* error case - return code must be signed */
-    return ret;
-}
-
-WC_MISC_STATIC WC_INLINE char ByteToHex(byte in)
-{
-    static const char kHexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7',
-                                     '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
-    return (char)(kHexChar[in & 0xF]);
-}
-
-WC_MISC_STATIC WC_INLINE int ByteToHexStr(byte in, char* out)
-{
-    if (out == NULL)
-        return -1;
-
-    out[0] = ByteToHex((byte)(in >> 4));
-    out[1] = ByteToHex((byte)(in & 0xf));
-    return 0;
-}
-
-WC_MISC_STATIC WC_INLINE int CharIsWhiteSpace(char ch)
-{
-    switch (ch) {
-        case ' ':
-        case '\t':
-        case '\n':
-            return 1;
-        default:
-            return 0;
-    }
-}
-
 #ifndef WOLFSSL_NO_CT_OPS
 /* Constant time - mask set when a > b. */
 WC_MISC_STATIC WC_INLINE byte ctMaskGT(int a, int b)
@@ -588,6 +652,14 @@ WC_MISC_STATIC WC_INLINE int ctMaskIntGTE(int a, int b)
     return (int)((((word32)a - (word32)b) >> 31) - 1);
 }
 
+#ifdef WORD64_AVAILABLE
+/* Constant time - mask set when a >= b. */
+WC_MISC_STATIC WC_INLINE word32 ctMaskWord32GTE(word32 a, word32 b)
+{
+  return (word32)((((word64)a - (word64)b) >> 63) - 1);
+}
+#endif
+
 /* Constant time - mask set when a < b. */
 WC_MISC_STATIC WC_INLINE byte ctMaskLT(int a, int b)
 {
@@ -679,7 +751,176 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src,
     }
 }
 
+#endif /* !WOLFSSL_NO_CT_OPS */
+
+#ifndef WOLFSSL_HAVE_MIN
+    #define WOLFSSL_HAVE_MIN
+    #if defined(HAVE_FIPS) && !defined(min) /* so ifdef check passes */
+        #define min min
+    #endif
+    /* returns the smaller of a and b */
+    WC_MISC_STATIC WC_INLINE word32 min(word32 a, word32 b)
+    {
+#if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE)
+        word32 gte_mask = (word32)ctMaskWord32GTE(a, b);
+        return (a & ~gte_mask) | (b & gte_mask);
+#else /* WOLFSSL_NO_CT_OPS */
+        return a > b ? b : a;
+#endif /* WOLFSSL_NO_CT_OPS */
+    }
+#endif /* !WOLFSSL_HAVE_MIN */
+
+#ifndef WOLFSSL_HAVE_MAX
+    #define WOLFSSL_HAVE_MAX
+    #if defined(HAVE_FIPS) && !defined(max) /* so ifdef check passes */
+        #define max max
+    #endif
+    WC_MISC_STATIC WC_INLINE word32 max(word32 a, word32 b)
+    {
+#if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE)
+        word32 gte_mask = (word32)ctMaskWord32GTE(a, b);
+        return (a & gte_mask) | (b & ~gte_mask);
+#else /* WOLFSSL_NO_CT_OPS */
+        return a > b ? a : b;
+#endif /* WOLFSSL_NO_CT_OPS */
+    }
+#endif /* !WOLFSSL_HAVE_MAX */
+
+#ifndef WOLFSSL_NO_INT_ENCODE
+/* converts a 32 bit integer to 24 bit */
+WC_MISC_STATIC WC_INLINE void c32to24(word32 in, word24 out)
+{
+    out[0] = (byte)((in >> 16) & 0xff);
+    out[1] = (byte)((in >>  8) & 0xff);
+    out[2] =  (byte)(in        & 0xff);
+}
+
+/* convert 16 bit integer to opaque */
+WC_MISC_STATIC WC_INLINE void c16toa(word16 wc_u16, byte* c)
+{
+    c[0] = (byte)((wc_u16 >> 8) & 0xff);
+    c[1] =  (byte)(wc_u16       & 0xff);
+}
+
+/* convert 32 bit integer to opaque */
+WC_MISC_STATIC WC_INLINE void c32toa(word32 wc_u32, byte* c)
+{
+#ifdef WOLFSSL_USE_ALIGN
+    c[0] = (byte)((wc_u32 >> 24) & 0xff);
+    c[1] = (byte)((wc_u32 >> 16) & 0xff);
+    c[2] = (byte)((wc_u32 >>  8) & 0xff);
+    c[3] =  (byte)(wc_u32        & 0xff);
+#elif defined(LITTLE_ENDIAN_ORDER)
+    *(word32*)c = ByteReverseWord32(wc_u32);
+#else
+    *(word32*)c = wc_u32;
 #endif
+}
+#endif
+
+#ifndef WOLFSSL_NO_INT_DECODE
+/* convert a 24 bit integer into a 32 bit one */
+WC_MISC_STATIC WC_INLINE void c24to32(const word24 wc_u24, word32* wc_u32)
+{
+    *wc_u32 = ((word32)wc_u24[0] << 16) |
+              ((word32)wc_u24[1] << 8) |
+               (word32)wc_u24[2];
+}
+
+
+/* convert opaque to 24 bit integer */
+WC_MISC_STATIC WC_INLINE void ato24(const byte* c, word32* wc_u24)
+{
+    *wc_u24 = ((word32)c[0] << 16) | ((word32)c[1] << 8) | c[2];
+}
+
+/* convert opaque to 16 bit integer */
+WC_MISC_STATIC WC_INLINE void ato16(const byte* c, word16* wc_u16)
+{
+    *wc_u16 = (word16) ((c[0] << 8) | (c[1]));
+}
+
+/* convert opaque to 32 bit integer */
+WC_MISC_STATIC WC_INLINE void ato32(const byte* c, word32* wc_u32)
+{
+#ifdef WOLFSSL_USE_ALIGN
+    *wc_u32 = ((word32)c[0] << 24) |
+              ((word32)c[1] << 16) |
+              ((word32)c[2] << 8) |
+               (word32)c[3];
+#elif defined(LITTLE_ENDIAN_ORDER)
+    *wc_u32 = ByteReverseWord32(*(word32*)c);
+#else
+    *wc_u32 = *(word32*)c;
+#endif
+}
+
+/* convert opaque to 32 bit integer. Interpret as little endian. */
+WC_MISC_STATIC WC_INLINE void ato32le(const byte* c, word32* wc_u32)
+{
+    *wc_u32 =  (word32)c[0] |
+              ((word32)c[1] << 8) |
+              ((word32)c[2] << 16) |
+              ((word32)c[3] << 24);
+}
+
+
+WC_MISC_STATIC WC_INLINE word32 btoi(byte b)
+{
+    return (word32)(b - 0x30);
+}
+#endif
+
+WC_MISC_STATIC WC_INLINE signed char HexCharToByte(char ch)
+{
+    signed char ret = (signed char)ch;
+    if (ret >= '0' && ret <= '9')
+        ret = (signed char)(ret - '0');
+    else if (ret >= 'A' && ret <= 'F')
+        ret = (signed char)(ret - ('A' - 10));
+    else if (ret >= 'a' && ret <= 'f')
+        ret = (signed char)(ret - ('a' - 10));
+    else
+        ret = -1; /* error case - return code must be signed */
+    return ret;
+}
+
+WC_MISC_STATIC WC_INLINE char ByteToHex(byte in)
+{
+    static ALIGN64 const char kHexChar[] = {
+        '0', '1', '2', '3', '4', '5', '6', '7',
+        '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
+    };
+    return (char)(kHexChar[in & 0xF]);
+}
+
+WC_MISC_STATIC WC_INLINE int ByteToHexStr(byte in, char* out)
+{
+    if (out == NULL)
+        return -1;
+
+    out[0] = ByteToHex((byte)(in >> 4));
+    out[1] = ByteToHex((byte)(in & 0xf));
+    return 0;
+}
+
+WC_MISC_STATIC WC_INLINE int CharIsWhiteSpace(char ch)
+{
+#ifndef WOLFSSL_NO_CT_OPS
+    return (ctMaskEq(ch, ' ') |
+            ctMaskEq(ch, '\t') |
+            ctMaskEq(ch, '\n')) & 1;
+#else /* WOLFSSL_NO_CT_OPS */
+    switch (ch) {
+        case ' ':
+        case '\t':
+        case '\n':
+            return 1;
+        default:
+            return 0;
+    }
+#endif /* WOLFSSL_NO_CT_OPS */
+}
 
 #if defined(WOLFSSL_W64_WRAPPER)
 #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_W64_WRAPPER_TEST)
diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c
index c24e1f181..9d026792b 100644
--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@@ -1,6 +1,6 @@
 /* pkcs12.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,11 +21,7 @@
 
 /* PKCS#12 allows storage of key and certificates into containers */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(HAVE_PKCS12) && \
     !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
@@ -33,9 +29,7 @@
 
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/hmac.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -289,6 +283,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
         if (wc_BerToDer(input, safe->dataSz, NULL,
                         &pkcs12->safeDersz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
             WOLFSSL_MSG("Not BER sequence");
+            freeSafe(safe, pkcs12->heap);
             return ASN_PARSE_E;
         }
 
@@ -978,7 +973,7 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
 
         totalSz += 4; /* Element */
 
-        totalSz += 2 + sizeof(WC_PKCS12_DATA_OID);
+        totalSz += 2U + (word32)sizeof(WC_PKCS12_DATA_OID);
 
         totalSz += 4; /* Seq */
 
@@ -995,7 +990,7 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
             if (der == NULL && derSz != NULL) {
                 *derSz = (int)totalSz;
                 XFREE(sdBuf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-                return LENGTH_ONLY_E;
+                return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
 
             if (*der == NULL) {
@@ -1037,7 +1032,7 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
         /* OID */
         idx += (word32)SetObjectId(sizeof(WC_PKCS12_DATA_OID), &buf[idx]);
         XMEMCPY(&buf[idx], WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID));
-        idx += sizeof(WC_PKCS12_DATA_OID);
+        idx += (word32)sizeof(WC_PKCS12_DATA_OID);
 
         /* Element */
         buf[idx++] = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC;
@@ -1112,7 +1107,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list,
 
         InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
         if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) {
-            if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0) == 1) {
+            if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0, heap) == 1) {
                 WOLFSSL_MSG("Key Pair found");
                 *cert = current->buffer;
                 *certSz = current->bufferSz;
@@ -1144,7 +1139,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list,
 #ifdef ASN_BER_TO_DER
 /* append data to encrypted content cache in PKCS12 structure
  * return buffer on success, NULL on error */
-static byte* PKCS12_ConcatonateContent(WC_PKCS12* pkcs12,byte* mergedData,
+static byte* PKCS12_ConcatenateContent(WC_PKCS12* pkcs12,byte* mergedData,
         word32* mergedSz, byte* in, word32 inSz)
 {
     byte* oldContent;
@@ -1257,7 +1252,7 @@ static int PKCS12_CoalesceOctetStrings(WC_PKCS12* pkcs12, byte* data,
                     ret = MEMORY_E;
                 }
             }
-            mergedData = PKCS12_ConcatonateContent(pkcs12, mergedData,
+            mergedData = PKCS12_ConcatenateContent(pkcs12, mergedData,
                     &mergedSz, &data[*idx], (word32)encryptedContentSz);
             if (mergedData == NULL) {
                 ret = MEMORY_E;
@@ -1269,17 +1264,19 @@ static int PKCS12_CoalesceOctetStrings(WC_PKCS12* pkcs12, byte* data,
         *idx += (word32)encryptedContentSz;
     }
 
-    *idx = saveIdx;
+    if (ret == 0) {
+        *idx = saveIdx;
 
-    *idx += SetLength(mergedSz, &data[*idx]);
+        *idx += SetLength(mergedSz, &data[*idx]);
 
-    if (mergedSz > 0) {
-        /* Copy over concatenated octet strings into data buffer */
-        XMEMCPY(&data[*idx], mergedData, mergedSz);
-
-        XFREE(mergedData, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+        if (mergedSz > 0) {
+            /* Copy over concatenated octet strings into data buffer */
+            XMEMCPY(&data[*idx], mergedData, mergedSz);
+        }
     }
 
+    XFREE(mergedData, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+
     return ret;
 }
 #endif
@@ -1809,7 +1806,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
     }
     if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         *outSz =  sz + MAX_LENGTH_SZ + 1;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if (ret < 0) {
         return ret;
@@ -1871,7 +1868,7 @@ static int wc_PKCS12_create_key_bag(WC_PKCS12* pkcs12, WC_RNG* rng,
     if (out == NULL) {
         *outSz = MAX_SEQ_SZ + WC_PKCS12_DATA_OBJ_SZ + 1 + MAX_LENGTH_SZ +
             length;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     heap = wc_PKCS12_GetHeap(pkcs12);
@@ -1948,7 +1945,7 @@ static int wc_PKCS12_create_cert_bag(WC_PKCS12* pkcs12,
         *outSz = (word32)(MAX_SEQ_SZ + WC_CERTBAG_OBJECT_ID + 1 + MAX_LENGTH_SZ +
             MAX_SEQ_SZ + WC_CERTBAG1_OBJECT_ID + 1 + MAX_LENGTH_SZ + 1 +
             MAX_LENGTH_SZ + (int)certSz);
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     /* check buffer size able to handle max size */
@@ -2080,12 +2077,12 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
 
         /* calculate size */
         totalSz  = (word32)SetObjectId(sizeof(WC_PKCS12_ENCRYPTED_OID), seq);
-        totalSz += sizeof(WC_PKCS12_ENCRYPTED_OID);
+        totalSz += (word32)sizeof(WC_PKCS12_ENCRYPTED_OID);
         totalSz += ASN_TAG_SZ;
 
         length  = (word32)SetMyVersion(0, seq, 0);
         tmpSz   = (word32)SetObjectId(sizeof(WC_PKCS12_DATA_OID), seq);
-        tmpSz  += sizeof(WC_PKCS12_DATA_OID);
+        tmpSz  += (word32)sizeof(WC_PKCS12_DATA_OID);
         tmpSz  += encSz;
         length += SetSequence(tmpSz, seq) + tmpSz;
         outerSz = SetSequence(length, seq) + length;
@@ -2093,7 +2090,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
         totalSz += SetLength(outerSz, seq) + outerSz;
         if (out == NULL) {
             *outSz = totalSz + SetSequence(totalSz, seq);
-            return LENGTH_ONLY_E;
+            return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
 
         if (*outSz < totalSz + SetSequence(totalSz, seq)) {
@@ -2108,7 +2105,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
         }
         XMEMCPY(out + idx, WC_PKCS12_ENCRYPTED_OID,
                 sizeof(WC_PKCS12_ENCRYPTED_OID));
-        idx += sizeof(WC_PKCS12_ENCRYPTED_OID);
+        idx += (word32)sizeof(WC_PKCS12_ENCRYPTED_OID);
 
         if (idx + 1 > *outSz){
             return BUFFER_E;
@@ -2149,7 +2146,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
             return BUFFER_E;
         }
         XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID));
-        idx += sizeof(WC_PKCS12_DATA_OID);
+        idx += (word32)sizeof(WC_PKCS12_DATA_OID);
 
         /* copy over encrypted data */
         if (idx + encSz > *outSz){
@@ -2171,7 +2168,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
     if (type == WC_PKCS12_DATA) {
         /* calculate size */
         totalSz = (word32)SetObjectId(sizeof(WC_PKCS12_DATA_OID), seq);
-        totalSz += sizeof(WC_PKCS12_DATA_OID);
+        totalSz += (word32)sizeof(WC_PKCS12_DATA_OID);
         totalSz += ASN_TAG_SZ;
 
         length   = SetOctetString(contentSz, seq);
@@ -2181,7 +2178,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
 
         if (out == NULL) {
             *outSz = totalSz + SetSequence(totalSz, seq);
-            return LENGTH_ONLY_E;
+            return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
 
         if (*outSz < (totalSz + SetSequence(totalSz, seq))) {
@@ -2197,7 +2194,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
             return BUFFER_E;
         }
         XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID));
-        idx += sizeof(WC_PKCS12_DATA_OID);
+        idx += (word32)sizeof(WC_PKCS12_DATA_OID);
 
         if (idx + 1 > *outSz){
             return BUFFER_E;
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 9b04166c5..a8545ba0a 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -1,6 +1,6 @@
 /* pkcs7.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,18 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_PKCS7
 
 #include <wolfssl/wolfcrypt/pkcs7.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/hash.h>
 #ifndef NO_RSA
     #include <wolfssl/wolfcrypt/rsa.h>
@@ -88,8 +81,8 @@ struct PKCS7State {
     byte* content;
     byte* buffer;   /* main internal read buffer */
 
-    wc_HashAlg hashAlg;
-    int   hashType;
+    wc_HashAlg  hashAlg;
+    enum wc_HashType hashType;
     int   cntIdfCnt; /* count of in-definite length in content info */
 
     /* stack variables to store for when returning */
@@ -118,17 +111,17 @@ struct PKCS7State {
     word32 peakUsed; /* most bytes used for struct at any one time */
     word32 peakRead; /* most bytes used by read buffer */
 #endif
-    byte   multi:1;  /* flag for if content is in multiple parts */
-    byte   flagOne:1;
-    byte   detached:1; /* flag to indicate detached signature is present */
-    byte   noContent:1;/* indicates content isn't included in bundle */
-    byte   degenerate:1;
-    byte   indefLen:1; /* flag to indicate indef-length encoding used */
+    WC_BITFIELD multi:1;  /* flag for if content is in multiple parts */
+    WC_BITFIELD flagOne:1;
+    WC_BITFIELD detached:1; /* flag to indicate detached signature is present */
+    WC_BITFIELD noContent:1;/* indicates content isn't included in bundle */
+    WC_BITFIELD degenerate:1;
+    WC_BITFIELD indefLen:1; /* flag to indicate indef-length encoding used */
 };
 
 
 /* creates a PKCS7State structure and returns 0 on success */
-static int wc_PKCS7_CreateStream(PKCS7* pkcs7)
+static int wc_PKCS7_CreateStream(wc_PKCS7* pkcs7)
 {
     WOLFSSL_MSG("creating PKCS7 stream structure");
     pkcs7->stream = (PKCS7State*)XMALLOC(sizeof(PKCS7State), pkcs7->heap,
@@ -144,7 +137,7 @@ static int wc_PKCS7_CreateStream(PKCS7* pkcs7)
 }
 
 
-static void wc_PKCS7_ResetStream(PKCS7* pkcs7)
+static void wc_PKCS7_ResetStream(wc_PKCS7* pkcs7)
 {
     if (pkcs7 != NULL && pkcs7->stream != NULL) {
 #ifdef WC_PKCS7_STREAM_DEBUG
@@ -211,7 +204,7 @@ static void wc_PKCS7_ResetStream(PKCS7* pkcs7)
 }
 
 
-static void wc_PKCS7_FreeStream(PKCS7* pkcs7)
+static void wc_PKCS7_FreeStream(wc_PKCS7* pkcs7)
 {
     if (pkcs7 != NULL && pkcs7->stream != NULL) {
         wc_PKCS7_ResetStream(pkcs7);
@@ -228,7 +221,7 @@ static void wc_PKCS7_FreeStream(PKCS7* pkcs7)
 
 /* used to increase the max size for internal buffer
  * returns 0 on success  */
-static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz)
+static int wc_PKCS7_GrowStream(wc_PKCS7* pkcs7, word32 newSz)
 {
     byte* pt;
     pt = (byte*)XMALLOC(newSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -257,7 +250,7 @@ static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz)
  * Sets idx to be the current offset into "pt" buffer
  * returns 0 on success
  */
-static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_AddDataToStream(wc_PKCS7* pkcs7, byte* in, word32 inSz,
         word32 expected, byte** pt, word32* idx)
 {
     word32 rdSz = pkcs7->stream->idx;
@@ -289,7 +282,7 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
 
     /* try to store input data into stream buffer */
     if (inSz - rdSz > 0 && pkcs7->stream->length < expected) {
-        int len = (int)min(inSz - rdSz, expected - pkcs7->stream->length);
+        word32 len = min(inSz - rdSz, expected - pkcs7->stream->length);
 
         /* sanity check that the input buffer is not internal buffer */
         if (in == pkcs7->stream->buffer) {
@@ -297,7 +290,9 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
         }
 
         /* check if internal buffer size needs to be increased */
-        if (len + pkcs7->stream->length > pkcs7->stream->bufferSz) {
+        if ((len + pkcs7->stream->length > pkcs7->stream->bufferSz) ||
+            (pkcs7->stream->buffer == NULL))
+        {
             int ret = wc_PKCS7_GrowStream(pkcs7, expected);
             if (ret < 0) {
                 return ret;
@@ -335,7 +330,7 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
 
 
 /* setter function for stored variables */
-static void wc_PKCS7_StreamStoreVar(PKCS7* pkcs7, word32 var1, int var2,
+static void wc_PKCS7_StreamStoreVar(wc_PKCS7* pkcs7, word32 var1, int var2,
         int var3)
 {
     if (pkcs7 != NULL && pkcs7->stream != NULL) {
@@ -348,7 +343,7 @@ static void wc_PKCS7_StreamStoreVar(PKCS7* pkcs7, word32 var1, int var2,
 /* Tries to peek at the SEQ and get the length
  * returns 0 on success
  */
-static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz)
+static int wc_PKCS7_SetMaxStream(wc_PKCS7* pkcs7, byte* in, word32 defSz)
 {
     /* check there is a buffer to read from */
     if (pkcs7) {
@@ -376,16 +371,12 @@ static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz)
             return ret;
         }
 
-    #ifdef ASN_BER_TO_DER
         if (length == 0 && ret == 0) {
             idx = 0;
-            if ((ret = wc_BerToDer(pt, maxIdx, NULL, (word32*)&length))
-                != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
-                return ret;
-            }
+            WOLFSSL_MSG("PKCS7 found indef SEQ with peek");
         }
-    #endif /* ASN_BER_TO_DER */
-        pkcs7->stream->maxLen = length + idx;
+
+        pkcs7->stream->maxLen = (word32)length + idx;
 
         if (pkcs7->stream->maxLen == 0) {
             pkcs7->stream->maxLen = defSz;
@@ -397,7 +388,7 @@ static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz)
 
 
 /* getter function for stored variables */
-static void wc_PKCS7_StreamGetVar(PKCS7* pkcs7, word32* var1, int* var2,
+static void wc_PKCS7_StreamGetVar(wc_PKCS7* pkcs7, word32* var1, int* var2,
         int* var3)
 {
     if (pkcs7 != NULL && pkcs7->stream != NULL) {
@@ -410,7 +401,7 @@ static void wc_PKCS7_StreamGetVar(PKCS7* pkcs7, word32* var1, int* var2,
 
 /* common update of index and total read after section complete
  * returns 0 on success */
-static int wc_PKCS7_StreamEndCase(PKCS7* pkcs7, word32* tmpIdx, word32* idx)
+static int wc_PKCS7_StreamEndCase(wc_PKCS7* pkcs7, word32* tmpIdx, word32* idx)
 {
     int ret = 0;
 
@@ -497,7 +488,7 @@ static const char* wc_PKCS7_GetStateName(int in)
 
 /* Used to change the PKCS7 state. Having state change as a function allows
  * for easier debugging */
-static void wc_PKCS7_ChangeState(PKCS7* pkcs7, int newState)
+static void wc_PKCS7_ChangeState(wc_PKCS7* pkcs7, int newState)
 {
 #ifdef WC_PKCS7_STREAM_DEBUG
     printf("\tChanging from state [%02d] %s to [%02d] %s\n",
@@ -550,7 +541,7 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output, word32 outputSz)
        { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C };
 #endif
 
-    int idSz, idx = 0;
+    word32 idSz, idx = 0;
     word32 typeSz = 0;
     const byte* typeName = 0;
     byte ID_Length[MAX_LENGTH_SZ];
@@ -630,14 +621,14 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output, word32 outputSz)
         return BAD_FUNC_ARG;
     }
 
-    idSz  = (int)SetLength(typeSz, ID_Length);
+    idSz  = SetLength(typeSz, ID_Length);
     output[idx++] = ASN_OBJECT_ID;
     XMEMCPY(output + idx, ID_Length, idSz);
     idx += idSz;
     XMEMCPY(output + idx, typeName, typeSz);
     idx += typeSz;
 
-    return idx;
+    return (int)idx;
 }
 
 
@@ -695,7 +686,7 @@ static int wc_PKCS7_GetOIDBlockSize(int oid)
         case AES256CCMb:
         #endif
     #endif
-            blockSz = AES_BLOCK_SIZE;
+            blockSz = WC_AES_BLOCK_SIZE;
             break;
 #endif /* !NO_AES */
 
@@ -782,11 +773,11 @@ static int wc_PKCS7_GetOIDKeySize(int oid)
 }
 
 
-PKCS7* wc_PKCS7_New(void* heap, int devId)
+wc_PKCS7* wc_PKCS7_New(void* heap, int devId)
 {
-    PKCS7* pkcs7 = (PKCS7*)XMALLOC(sizeof(PKCS7), heap, DYNAMIC_TYPE_PKCS7);
+    wc_PKCS7* pkcs7 = (wc_PKCS7*)XMALLOC(sizeof(wc_PKCS7), heap, DYNAMIC_TYPE_PKCS7);
     if (pkcs7) {
-        XMEMSET(pkcs7, 0, sizeof(PKCS7));
+        XMEMSET(pkcs7, 0, sizeof(wc_PKCS7));
         if (wc_PKCS7_Init(pkcs7, heap, devId) == 0) {
             pkcs7->isDynamic = 1;
         }
@@ -807,7 +798,7 @@ PKCS7* wc_PKCS7_New(void* heap, int devId)
  *
  * returns 0 on success or a negative value for failure
  */
-int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
+int wc_PKCS7_Init(wc_PKCS7* pkcs7, void* heap, int devId)
 {
     word16 isDynamic;
 
@@ -818,8 +809,8 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
     }
 
     isDynamic = pkcs7->isDynamic;
-    XMEMSET(pkcs7, 0, sizeof(PKCS7));
-    pkcs7->isDynamic = isDynamic;
+    XMEMSET(pkcs7, 0, sizeof(wc_PKCS7));
+    pkcs7->isDynamic = (isDynamic != 0);
 #ifdef WOLFSSL_HEAP_TEST
     pkcs7->heap = (void*)WOLFSSL_HEAP_TEST;
 #else
@@ -831,7 +822,7 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
 }
 
 #ifdef WC_ASN_UNKNOWN_EXT_CB
-void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, wc_UnknownExtCallback cb)
+void wc_PKCS7_SetUnknownExtCallback(wc_PKCS7* pkcs7, wc_UnknownExtCallback cb)
 {
     if (pkcs7 != NULL) {
         pkcs7->unknownExtCallback = cb;
@@ -860,7 +851,7 @@ struct Pkcs7EncodedRecip {
 
 
 /* free all members of Pkcs7Cert linked list */
-static void wc_PKCS7_FreeCertSet(PKCS7* pkcs7)
+static void wc_PKCS7_FreeCertSet(wc_PKCS7* pkcs7)
 {
     Pkcs7Cert* curr = NULL;
     Pkcs7Cert* next = NULL;
@@ -885,9 +876,9 @@ static void wc_PKCS7_FreeCertSet(PKCS7* pkcs7)
 /* Get total size of all recipients in recipient list.
  *
  * Returns total size of recipients, or negative upon error */
-static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7)
+static int wc_PKCS7_GetRecipientListSize(wc_PKCS7* pkcs7)
 {
-    int totalSz = 0;
+    word32 totalSz = 0;
     Pkcs7EncodedRecip* tmp = NULL;
 
     if (pkcs7 == NULL)
@@ -900,12 +891,12 @@ static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7)
         tmp = tmp->next;
     }
 
-    return totalSz;
+    return (int)totalSz;
 }
 
 
 /* free all members of Pkcs7EncodedRecip linked list */
-static void wc_PKCS7_FreeEncodedRecipientSet(PKCS7* pkcs7)
+static void wc_PKCS7_FreeEncodedRecipientSet(wc_PKCS7* pkcs7)
 {
     Pkcs7EncodedRecip* curr = NULL;
     Pkcs7EncodedRecip* next = NULL;
@@ -930,7 +921,7 @@ static void wc_PKCS7_FreeEncodedRecipientSet(PKCS7* pkcs7)
 /* search through RecipientInfo list for specific type.
  * return 1 if ANY recipient of type specified is present, otherwise
  * return 0 */
-static int wc_PKCS7_RecipientListIncludesType(PKCS7* pkcs7, int type)
+static int wc_PKCS7_RecipientListIncludesType(wc_PKCS7* pkcs7, int type)
 {
     Pkcs7EncodedRecip* tmp = NULL;
 
@@ -952,7 +943,7 @@ static int wc_PKCS7_RecipientListIncludesType(PKCS7* pkcs7, int type)
 
 /* searches through RecipientInfo list, returns 1 if all structure
  * versions are set to 0, otherwise returns 0 */
-static int wc_PKCS7_RecipientListVersionsAllZero(PKCS7* pkcs7)
+static int wc_PKCS7_RecipientListVersionsAllZero(wc_PKCS7* pkcs7)
 {
     Pkcs7EncodedRecip* tmp = NULL;
 
@@ -979,7 +970,7 @@ static int wc_PKCS7_RecipientListVersionsAllZero(PKCS7* pkcs7)
  * keySz  - size of key, octets
  *
  * Returns 0 on success, negative on error */
-static int wc_PKCS7_CheckPublicKeyDer(PKCS7* pkcs7, int keyOID,
+static int wc_PKCS7_CheckPublicKeyDer(wc_PKCS7* pkcs7, int keyOID,
                                       const byte* key, word32 keySz)
 {
     int ret = 0;
@@ -1075,7 +1066,7 @@ static int wc_PKCS7_CheckPublicKeyDer(PKCS7* pkcs7, int keyOID,
 
 /* Init PKCS7 struct with recipient cert, decode into DecodedCert
  * NOTE: keeps previously set pkcs7 heap hint, devId and isDynamic */
-int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
+int wc_PKCS7_InitWithCert(wc_PKCS7* pkcs7, byte* derCert, word32 derCertSz)
 {
     int ret = 0;
     void* heap;
@@ -1165,7 +1156,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
         }
 
         /* verify extracted public key is valid before storing */
-        ret = wc_PKCS7_CheckPublicKeyDer(pkcs7, dCert->keyOID,
+        ret = wc_PKCS7_CheckPublicKeyDer(pkcs7, (int)dCert->keyOID,
                                          dCert->publicKey, dCert->pubKeySize);
         if (ret != 0) {
             WOLFSSL_MSG("Invalid public key, check pkcs7->cert");
@@ -1192,7 +1183,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
         XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE);
         pkcs7->issuer = dCert->issuerRaw;
         pkcs7->issuerSz = (word32)dCert->issuerRawLen;
-        XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz);
+        XMEMCPY(pkcs7->issuerSn, dCert->serial, (word32)dCert->serialSz);
         pkcs7->issuerSnSz = (word32)dCert->serialSz;
         XMEMCPY(pkcs7->issuerSubjKeyId, dCert->extSubjKeyId, KEYID_SIZE);
 
@@ -1226,7 +1217,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
  * This API does not currently validate certificates.
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
+int wc_PKCS7_AddCertificate(wc_PKCS7* pkcs7, byte* derCert, word32 derCertSz)
 {
     Pkcs7Cert* cert;
 
@@ -1276,7 +1267,7 @@ static void wc_PKCS7_FreeDecodedAttrib(PKCS7DecodedAttrib* attrib, void* heap)
 
 
 /* return 0 on success */
-static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7)
+static int wc_PKCS7_SignerInfoNew(wc_PKCS7* pkcs7)
 {
     XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     pkcs7->signerInfo = NULL;
@@ -1292,7 +1283,7 @@ static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7)
 }
 
 
-static void wc_PKCS7_SignerInfoFree(PKCS7* pkcs7)
+static void wc_PKCS7_SignerInfoFree(wc_PKCS7* pkcs7)
 {
     if (pkcs7->signerInfo != NULL) {
         XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -1306,7 +1297,7 @@ static void wc_PKCS7_SignerInfoFree(PKCS7* pkcs7)
 /* free's any current SID and sets it to "in"
  * returns 0 on success
  */
-static int wc_PKCS7_SignerInfoSetSID(PKCS7* pkcs7, byte* in, int inSz)
+static int wc_PKCS7_SignerInfoSetSID(wc_PKCS7* pkcs7, byte* in, int inSz)
 {
     if (pkcs7 == NULL || in == NULL || inSz < 0) {
         return BAD_FUNC_ARG;
@@ -1314,19 +1305,19 @@ static int wc_PKCS7_SignerInfoSetSID(PKCS7* pkcs7, byte* in, int inSz)
 
     XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     pkcs7->signerInfo->sid = NULL;
-    pkcs7->signerInfo->sid = (byte*)XMALLOC(inSz, pkcs7->heap,
+    pkcs7->signerInfo->sid = (byte*)XMALLOC((word32)inSz, pkcs7->heap,
             DYNAMIC_TYPE_PKCS7);
     if (pkcs7->signerInfo->sid == NULL) {
         return MEMORY_E;
     }
-    XMEMCPY(pkcs7->signerInfo->sid, in, inSz);
+    XMEMCPY(pkcs7->signerInfo->sid, in, (word32)inSz);
     pkcs7->signerInfo->sidSz = (word32)inSz;
     return 0;
 }
 
 
 /* releases any memory allocated by a PKCS7 initializer */
-void wc_PKCS7_Free(PKCS7* pkcs7)
+void wc_PKCS7_Free(wc_PKCS7* pkcs7)
 {
     if (pkcs7 == NULL)
         return;
@@ -1376,6 +1367,12 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
         pkcs7->cachedEncryptedContentSz = 0;
     }
 
+    if (pkcs7->customSKID) {
+        XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        pkcs7->customSKID = NULL;
+        pkcs7->customSKIDSz = 0;
+    }
+
     if (pkcs7->isDynamic) {
         pkcs7->isDynamic = 0;
         XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -1385,7 +1382,7 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
 
 /* helper function for parsing through attributes and finding a specific one.
  * returns PKCS7DecodedAttrib pointer on success */
-static PKCS7DecodedAttrib* findAttrib(PKCS7* pkcs7, const byte* oid, word32 oidSz)
+static PKCS7DecodedAttrib* findAttrib(wc_PKCS7* pkcs7, const byte* oid, word32 oidSz)
 {
     PKCS7DecodedAttrib* list;
 
@@ -1440,7 +1437,7 @@ static PKCS7DecodedAttrib* findAttrib(PKCS7* pkcs7, const byte* oid, word32 oidS
  *
  * returns size of value on success
  */
-int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz,
+int wc_PKCS7_GetAttributeValue(wc_PKCS7* pkcs7, const byte* oid, word32 oidSz,
         byte* out, word32* outSz)
 {
     PKCS7DecodedAttrib* attrib;
@@ -1456,7 +1453,7 @@ int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz,
 
     if (out == NULL) {
         *outSz = attrib->valueSz;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (*outSz < attrib->valueSz) {
@@ -1464,12 +1461,12 @@ int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz,
     }
 
     XMEMCPY(out, attrib->value, attrib->valueSz);
-    return attrib->valueSz;
+    return (int)attrib->valueSz;
 }
 
 
 /* build PKCS#7 data content type */
-int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     static const byte oid[] =
         { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
@@ -1479,7 +1476,7 @@ int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
     word32 seqSz;
     word32 octetStrSz;
     word32 oidSz = (word32)sizeof(oid);
-    int idx = 0;
+    word32 idx = 0;
 
     if (pkcs7 == NULL || output == NULL) {
         return BAD_FUNC_ARG;
@@ -1500,7 +1497,7 @@ int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz)
     XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz);
     idx += pkcs7->contentSz;
 
-    return idx;
+    return (int)idx;
 }
 
 
@@ -1517,7 +1514,7 @@ typedef struct ESD {
     wc_HashAlg  hash;
     enum wc_HashType hashType;
     byte contentDigest[WC_MAX_DIGEST_SIZE + 2]; /* content only + ASN.1 heading */
-    byte contentDigestSet:1;
+    WC_BITFIELD contentDigestSet:1;
     byte contentAttribsDigest[WC_MAX_DIGEST_SIZE];
     byte encContentDigest[MAX_ENCRYPTED_KEY_SZ];
 
@@ -1564,26 +1561,26 @@ static int EncodeAttributes(EncodedAttrib* ea, int eaSz,
                                             PKCS7Attrib* attribs, int attribsSz)
 {
     int i;
-    int maxSz = (int)min((word32)eaSz, attribsSz);
+    int maxSz = (int)min((word32)eaSz, (word32)attribsSz);
     int allAttribsSz = 0;
 
     for (i = 0; i < maxSz; i++)
     {
-        int attribSz = 0;
+        word32 attribSz = 0;
 
         ea[i].value = attribs[i].value;
         ea[i].valueSz = attribs[i].valueSz;
         attribSz += ea[i].valueSz;
-        ea[i].valueSetSz = SetSet((word32)attribSz, ea[i].valueSet);
+        ea[i].valueSetSz = SetSet(attribSz, ea[i].valueSet);
         attribSz += ea[i].valueSetSz;
         ea[i].oid = attribs[i].oid;
         ea[i].oidSz = attribs[i].oidSz;
         attribSz += ea[i].oidSz;
-        ea[i].valueSeqSz = SetSequence((word32)attribSz, ea[i].valueSeq);
+        ea[i].valueSeqSz = SetSequence(attribSz, ea[i].valueSeq);
         attribSz += ea[i].valueSeqSz;
-        ea[i].totalSz = (word32)attribSz;
+        ea[i].totalSz = attribSz;
 
-        allAttribsSz += attribSz;
+        allAttribsSz += (int)attribSz;
     }
     return allAttribsSz;
 }
@@ -1609,7 +1606,7 @@ static FlatAttrib* NewAttrib(void* heap)
 }
 
 /* Free FlatAttrib array and memory allocated to internal struct members */
-static void FreeAttribArray(PKCS7* pkcs7, FlatAttrib** arr, int rows)
+static void FreeAttribArray(wc_PKCS7* pkcs7, FlatAttrib** arr, int rows)
 {
     int i;
 
@@ -1669,10 +1666,11 @@ static int SortAttribArray(FlatAttrib** arr, int rows)
 
 /* Build up array of FlatAttrib structs from EncodedAttrib ones. FlatAttrib
  * holds flattened DER encoding of each attribute */
-static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows,
+static int FlattenEncodedAttribs(wc_PKCS7* pkcs7, FlatAttrib** derArr, int rows,
                                  EncodedAttrib* ea, int eaSz)
 {
-    int i, idx, sz;
+    int i;
+    word32 idx, sz;
     byte* output   = NULL;
     FlatAttrib* fa = NULL;
 
@@ -1705,7 +1703,7 @@ static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows,
 
         fa = derArr[i];
         fa->data = output;
-        fa->dataSz = (word32)sz;
+        fa->dataSz = sz;
     }
 
     return 0;
@@ -1713,10 +1711,11 @@ static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows,
 
 
 /* Sort and Flatten EncodedAttrib attributes into output buffer */
-static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
+static int FlattenAttributes(wc_PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
                              int eaSz)
 {
-    int i, idx, ret;
+    int i, ret;
+    word32 idx;
     FlatAttrib** derArr = NULL;
     FlatAttrib*  fa     = NULL;
 
@@ -1725,8 +1724,8 @@ static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
     }
 
     /* create array of FlatAttrib struct pointers to hold DER attribs */
-    derArr = (FlatAttrib**) XMALLOC((unsigned long)eaSz * sizeof(FlatAttrib*), pkcs7->heap,
-                                    DYNAMIC_TYPE_TMP_BUFFER);
+    derArr = (FlatAttrib**) XMALLOC((unsigned long)eaSz * sizeof(FlatAttrib*),
+        pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
     if (derArr == NULL) {
         return MEMORY_E;
     }
@@ -1771,7 +1770,7 @@ static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
 
 #ifndef NO_RSA
 
-static int wc_PKCS7_ImportRSA(PKCS7* pkcs7, RsaKey* privKey)
+static int wc_PKCS7_ImportRSA(wc_PKCS7* pkcs7, RsaKey* privKey)
 {
     int ret;
     word32 idx;
@@ -1814,7 +1813,7 @@ static int wc_PKCS7_ImportRSA(PKCS7* pkcs7, RsaKey* privKey)
 
 
 /* returns size of signature put into out, negative on error */
-static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
+static int wc_PKCS7_RsaSign(wc_PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
 {
     int ret;
 #ifdef WOLFSSL_SMALL_STACK
@@ -1865,7 +1864,7 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
 
 #ifdef HAVE_ECC
 
-static int wc_PKCS7_ImportECC(PKCS7* pkcs7, ecc_key* privKey)
+static int wc_PKCS7_ImportECC(wc_PKCS7* pkcs7, ecc_key* privKey)
 {
     int ret;
     word32 idx;
@@ -1904,7 +1903,7 @@ static int wc_PKCS7_ImportECC(PKCS7* pkcs7, ecc_key* privKey)
 
 
 /* returns size of signature put into out, negative on error */
-static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
+static int wc_PKCS7_EcdsaSign(wc_PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
 {
     int ret;
     word32 outSz;
@@ -1956,7 +1955,7 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
 #endif /* HAVE_ECC */
 
 /* returns encContentDigestSz based on the signature set to be used */
-static int wc_PKCS7_GetSignSize(PKCS7* pkcs7)
+static int wc_PKCS7_GetSignSize(wc_PKCS7* pkcs7)
 {
     int ret = 0;
 
@@ -2023,7 +2022,7 @@ static int wc_PKCS7_GetSignSize(PKCS7* pkcs7)
  * esd   - pointer to initialized ESD structure, used for output
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
+static int wc_PKCS7_BuildSignedAttributes(wc_PKCS7* pkcs7, ESD* esd,
                     const byte* contentType, word32 contentTypeSz,
                     const byte* contentTypeOid, word32 contentTypeOidSz,
                     const byte* messageDigestOid, word32 messageDigestOidSz,
@@ -2065,6 +2064,8 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
 
         cannedAttribsCount = sizeof(cannedAttribs)/sizeof(PKCS7Attrib);
 
+        XMEMSET(&cannedAttribs[idx], 0, sizeof(cannedAttribs[idx]));
+
         if ((pkcs7->defaultSignedAttribs & WOLFSSL_CONTENT_TYPE_ATTRIBUTE) ||
             pkcs7->defaultSignedAttribs == 0) {
             cannedAttribs[idx].oid     = contentTypeOid;
@@ -2095,8 +2096,9 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
         }
 
         esd->signedAttribsCount += cannedAttribsCount;
-        esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[atrIdx],
-            (int)idx, cannedAttribs, cannedAttribsCount);
+        esd->signedAttribsSz += (word32)EncodeAttributes(
+            &esd->signedAttribs[atrIdx], (int)idx, cannedAttribs,
+            (int)cannedAttribsCount);
         atrIdx += idx;
     } else {
         esd->signedAttribsCount = 0;
@@ -2106,9 +2108,9 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
     /* add custom signed attributes if set */
     if (pkcs7->signedAttribsSz > 0 && pkcs7->signedAttribs != NULL) {
         esd->signedAttribsCount += pkcs7->signedAttribsSz;
-        esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[atrIdx],
-                                  esd->signedAttribsCount,
-                                  pkcs7->signedAttribs, pkcs7->signedAttribsSz);
+        esd->signedAttribsSz += (word32)EncodeAttributes(
+            &esd->signedAttribs[atrIdx], (int)esd->signedAttribsCount,
+            pkcs7->signedAttribs, (int)pkcs7->signedAttribsSz);
     }
 
 #ifdef NO_ASN_TIME
@@ -2129,7 +2131,7 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
  * digEncAlgoType - [OUT] output for algo ID type
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_SignedDataGetEncAlgoId(PKCS7* pkcs7, int* digEncAlgoId,
+static int wc_PKCS7_SignedDataGetEncAlgoId(wc_PKCS7* pkcs7, int* digEncAlgoId,
                                            int* digEncAlgoType)
 {
     int algoId   = 0;
@@ -2272,16 +2274,16 @@ static int wc_PKCS7_SignedDataGetEncAlgoId(PKCS7* pkcs7, int* digEncAlgoId,
  * digestInfoSz - [IN/OUT] - input size of array, size of digestInfo
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
+static int wc_PKCS7_BuildDigestInfo(wc_PKCS7* pkcs7, byte* flatSignedAttribs,
                                     word32 flatSignedAttribsSz, ESD* esd,
                                     byte* digestInfo, word32* digestInfoSz)
 {
-    int ret, hashSz, digIdx = 0;
+    int ret, digIdx = 0;
     byte digestInfoSeq[MAX_SEQ_SZ];
     byte digestStr[MAX_OCTET_STR_SZ];
     byte attribSet[MAX_SET_SZ];
     byte algoId[MAX_ALGO_SZ];
-    word32 digestInfoSeqSz, digestStrSz, algoIdSz;
+    word32 digestInfoSeqSz, digestStrSz, algoIdSz, dgstInfoSz, hashSz;
     word32 attribSetSz;
 
     if (pkcs7 == NULL || esd == NULL || digestInfo == NULL ||
@@ -2289,9 +2291,10 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
         return BAD_FUNC_ARG;
     }
 
-    hashSz = wc_HashGetDigestSize(esd->hashType);
-    if (hashSz < 0)
-        return hashSz;
+    ret = wc_HashGetDigestSize(esd->hashType);
+    if (ret < 0)
+        return ret;
+    hashSz = (word32)ret;
 
     if (flatSignedAttribsSz != 0) {
 
@@ -2327,21 +2330,21 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
                            0, pkcs7->hashParamsAbsent);
 
     digestStrSz = SetOctetString(hashSz, digestStr);
-    digestInfoSeqSz = SetSequence(algoIdSz + digestStrSz + hashSz,
-                                  digestInfoSeq);
+    dgstInfoSz = algoIdSz + digestStrSz + hashSz;
+    digestInfoSeqSz = SetSequence(dgstInfoSz, digestInfoSeq);
 
-    if (*digestInfoSz < (digestInfoSeqSz + algoIdSz + digestStrSz + hashSz)) {
+    if (*digestInfoSz < (digestInfoSeqSz + dgstInfoSz)) {
         return BUFFER_E;
     }
 
     XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz);
-    digIdx += digestInfoSeqSz;
+    digIdx += (int)digestInfoSeqSz;
     XMEMCPY(digestInfo + digIdx, algoId, algoIdSz);
-    digIdx += algoIdSz;
+    digIdx += (int)algoIdSz;
     XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz);
-    digIdx += digestStrSz;
+    digIdx += (int)digestStrSz;
     XMEMCPY(digestInfo + digIdx, esd->contentAttribsDigest, hashSz);
-    digIdx += hashSz;
+    digIdx += (int)hashSz;
 
     *digestInfoSz = (word32)digIdx;
 
@@ -2357,7 +2360,7 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs,
  * esd - pointer to initialized ESD struct
  *
  * returns length of signature on success, negative on error */
-static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
+static int wc_PKCS7_SignedDataBuildSignature(wc_PKCS7* pkcs7,
                                              byte* flatSignedAttribs,
                                              word32 flatSignedAttribsSz,
                                              ESD* esd)
@@ -2477,7 +2480,7 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
  * @param esd Pointer to an ESD structure for digest calculation.
  * @return Returns 0 on success, and a negative value on failure.
  */
-static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType,
+static int wc_PKCS7_EncodeContentStreamHelper(wc_PKCS7* pkcs7, int cipherType,
     Aes* aes, byte* encContentOut, byte* contentData, int contentDataSz,
     byte* out, word32* outIdx, ESD* esd)
 {
@@ -2487,7 +2490,7 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType,
 
     switch (cipherType) {
         case WC_CIPHER_NONE:
-            XMEMCPY(encContentOut, contentData, contentDataSz);
+            XMEMCPY(encContentOut, contentData, (word32)contentDataSz);
             if (esd && esd->contentDigestSet != 1) {
                 ret = wc_HashUpdate(&esd->hash, esd->hashType,
                     contentData, (word32)contentDataSz);
@@ -2524,7 +2527,7 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType,
         *outIdx += encContentOutOctSz;
         wc_PKCS7_WriteOut(pkcs7, (out)? out + *outIdx : NULL,
                                             encContentOut, (word32)contentDataSz);
-        *outIdx += contentDataSz;
+        *outIdx += (word32)contentDataSz;
     }
 
     return ret;
@@ -2543,10 +2546,10 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType,
  *
  * Returns 0 on success */
 #ifndef NO_AES
-static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, Aes* aes,
+static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, Aes* aes,
     byte* in, int inSz, byte* out, int cipherType)
 #else
-static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
+static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, void* aes,
     byte* in, int inSz, byte* out, int cipherType)
 #endif
 {
@@ -2561,10 +2564,10 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
         byte*  encContentOut;
         byte*  contentData;
         word32 idx = 0, outIdx = 0;
-        int padSz = 0;
+        word32 padSz = 0;
 
         if (cipherType != WC_CIPHER_NONE) {
-            padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz,
+            padSz = (word32)wc_PKCS7_GetPadSize(pkcs7->contentSz,
                    (word32)wc_PKCS7_GetOIDBlockSize(pkcs7->encryptOID));
         }
 
@@ -2616,8 +2619,8 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
                     return BAD_FUNC_ARG;
                 }
 
-                if (szLeft + totalSz > (word32)inSz)
-                    szLeft = inSz - totalSz;
+                if ((word32)szLeft + totalSz > (word32)inSz)
+                    szLeft = inSz - (int)totalSz;
 
                 contentDataRead = szLeft;
                 buf = in + totalSz;
@@ -2631,35 +2634,46 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
 
             /* check and handle octet boundary */
             sz = contentDataRead;
-            if (idx + sz > BER_OCTET_LENGTH) {
-                sz = BER_OCTET_LENGTH - idx;
-                contentDataRead -= sz;
+            if ((int)idx + sz > BER_OCTET_LENGTH) {
+                int amtWritten = 0;
 
-                XMEMCPY(contentData + idx, buf, sz);
-                ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType,
-                    aes, encContentOut, contentData, BER_OCTET_LENGTH, out,
-                    &outIdx, esd);
-                if (ret != 0) {
-                    XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
-                    XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
-                    return ret;
+                /* loop over current buffer until it is empty */
+                while (idx + (word32)sz > BER_OCTET_LENGTH) {
+                    sz = BER_OCTET_LENGTH;
+                    if (idx > 0) { /* account for previously stored data */
+                        sz = BER_OCTET_LENGTH - (int)idx;
+                    }
+                    contentDataRead -= sz;
+
+                    XMEMCPY(contentData + idx, buf, (word32)sz);
+                    ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType,
+                        aes, encContentOut, contentData, BER_OCTET_LENGTH, out,
+                        &outIdx, esd);
+                    if (ret != 0) {
+                        XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+                        XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+                        return ret;
+                    }
+                    idx = 0; /* cleared out previously stored data */
+                    amtWritten += sz;
+                    sz  = contentDataRead;
                 }
 
                 /* copy over any remaining data */
-                XMEMCPY(contentData, buf + sz, contentDataRead);
+                XMEMCPY(contentData, buf + amtWritten, (word32)contentDataRead);
                 idx = (word32)contentDataRead;
             }
             else {
                 /* was not on an octet boundary, copy full
                  * amount over */
-                XMEMCPY(contentData + idx, buf, sz);
-                idx += sz;
+                XMEMCPY(contentData + idx, buf, (word32)sz);
+                idx += (word32)sz;
             }
         } while (totalSz < pkcs7->contentSz);
 
         /* add in padding to the end */
         if ((cipherType != WC_CIPHER_NONE) && (totalSz == pkcs7->contentSz)) {
-            int i;
+            word32 i;
 
             if (BER_OCTET_LENGTH < idx) {
                 XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
@@ -2670,7 +2684,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
             for (i = 0; i < padSz; i++) {
                 contentData[idx + i] = (byte)padSz;
             }
-            idx += padSz;
+            idx += (word32)padSz;
         }
 
         /* encrypt and flush out remainder of content data */
@@ -2696,7 +2710,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
         switch (cipherType) {
             case WC_CIPHER_NONE:
                 if (!pkcs7->detached) {
-                    XMEMCPY(out, in, inSz);
+                    XMEMCPY(out, in, (word32)inSz);
                 }
                 if (esd && esd->contentDigestSet != 1) {
                     ret = wc_HashInit(&esd->hash, esd->hashType);
@@ -2739,7 +2753,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
 
 /* build PKCS#7 signedData content type */
 /* To get the output size then set output = 0 and *outputSz = 0 */
-static int PKCS7_EncodeSigned(PKCS7* pkcs7,
+static int PKCS7_EncodeSigned(wc_PKCS7* pkcs7,
     const byte* hashBuf, word32 hashSz, byte* output, word32* outputSz,
     byte* output2, word32* output2Sz)
 {
@@ -2812,6 +2826,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     keyIdSize = KEYID_SIZE;
 #endif
 
+    /* use custom SKID if set */
+    if (pkcs7->customSKIDSz > 0) {
+        if (pkcs7->customSKID == NULL) {
+            WOLFSSL_MSG("Bad custom SKID setup, size > 0 and was NULL");
+            return BAD_FUNC_ARG;
+        }
+        keyIdSize = pkcs7->customSKIDSz;
+    }
+
 #ifdef WOLFSSL_SMALL_STACK
     signedDataOid = (byte *)XMALLOC(MAX_OID_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
     if (signedDataOid == NULL) {
@@ -2898,8 +2921,13 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     /* SignerIdentifier */
     if (pkcs7->sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
         /* IssuerAndSerialNumber */
-        esd->issuerSnSz = (word32)SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
+        ret = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
                                           esd->issuerSn, MAX_SN_SZ, MAX_SN_SZ);
+        if (ret < 0) {
+            idx = ret;
+            goto out;
+        }
+        esd->issuerSnSz = (word32)ret;
         signerInfoSz += esd->issuerSnSz;
         esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName);
         signerInfoSz += esd->issuerNameSz + pkcs7->issuerSz;
@@ -2918,9 +2946,11 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     } else if (pkcs7->sidType == CMS_SKID) {
         /* SubjectKeyIdentifier */
         esd->issuerSKIDSz = SetOctetString((word32)keyIdSize, esd->issuerSKID);
-        esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + keyIdSize,
+        esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz +
+                                           (word32)keyIdSize,
                                            esd->issuerSKIDSeq, 0);
-        signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz + keyIdSize);
+        signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz +
+                         (word32)keyIdSize);
 
         /* version MUST be 3 */
         esd->signerVersionSz = (word32)SetMyVersion(3, esd->signerVersion, 0);
@@ -2971,8 +3001,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
             flatSignedAttribsSz = esd->signedAttribsSz;
 
-            FlattenAttributes(pkcs7, flatSignedAttribs,
-                                       esd->signedAttribs, esd->signedAttribsCount);
+            FlattenAttributes(pkcs7, flatSignedAttribs, esd->signedAttribs,
+                                                  (int)esd->signedAttribsCount);
             esd->signedAttribSetSz = SetImplicit(ASN_SET, 0, esd->signedAttribsSz,
                                                               esd->signedAttribSet, 0);
         } else {
@@ -3130,37 +3160,37 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     idx = 0;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->outerSeq, esd->outerSeqSz);
-    idx += esd->outerSeqSz;
+    idx += (int)esd->outerSeqSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             signedDataOid, signedDataOidSz);
-    idx += signedDataOidSz;
+    idx += (int)signedDataOidSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->outerContent, esd->outerContentSz);
-    idx += esd->outerContentSz;
+    idx += (int)esd->outerContentSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->innerSeq, esd->innerSeqSz);
-    idx += esd->innerSeqSz;
+    idx += (int)esd->innerSeqSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->version, esd->versionSz);
-    idx += esd->versionSz;
+    idx += (int)esd->versionSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->digAlgoIdSet, esd->digAlgoIdSetSz);
-    idx += esd->digAlgoIdSetSz;
+    idx += (int)esd->digAlgoIdSetSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->singleDigAlgoId, esd->singleDigAlgoIdSz);
-    idx += esd->singleDigAlgoIdSz;
+    idx += (int)esd->singleDigAlgoIdSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->contentInfoSeq, esd->contentInfoSeqSz);
-    idx += esd->contentInfoSeqSz;
+    idx += (int)esd->contentInfoSeqSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             pkcs7->contentType, pkcs7->contentTypeSz);
-    idx += pkcs7->contentTypeSz;
+    idx += (int)pkcs7->contentTypeSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->innerContSeq, esd->innerContSeqSz);
-    idx += esd->innerContSeqSz;
+    idx += (int)esd->innerContSeqSz;
     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             esd->innerOctets, esd->innerOctetsSz);
-    idx += esd->innerOctetsSz;
+    idx += (int)esd->innerOctetsSz;
 
     /* support returning header and footer without content */
     if (output2 && output2Sz) {
@@ -3176,14 +3206,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
         #endif
              && pkcs7->contentSz > 0) {
             wc_PKCS7_EncodeContentStream(pkcs7, esd, NULL, pkcs7->content,
-               pkcs7->contentSz, (output)? output + idx : NULL, WC_CIPHER_NONE);
+                (int)pkcs7->contentSz, (output)? output + idx : NULL,
+                WC_CIPHER_NONE);
             if (!pkcs7->detached) {
             #ifdef ASN_BER_TO_DER
                 if (pkcs7->encodeStream) {
                     byte indefEnd[ASN_INDEF_END_SZ * 3];
                     word32 localIdx = 0;
 
-                    idx += streamSz;
+                    idx += (int)streamSz;
 
                     /* end of content octet string */
                     localIdx += SetIndefEnd(indefEnd + localIdx);
@@ -3196,12 +3227,12 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
                     wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
                         indefEnd, localIdx);
-                    idx += localIdx;
+                    idx += (int)localIdx;
                 }
                 else
             #endif
                 {
-                        idx += pkcs7->contentSz;
+                        idx += (int)pkcs7->contentSz;
                 }
             }
         }
@@ -3211,14 +3242,14 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     /* certificates */
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
         esd->certsSet, esd->certsSetSz);
-    idx += esd->certsSetSz;
+    idx += (int)esd->certsSetSz;
 
     if (pkcs7->noCerts != 1) {
         certPtr = pkcs7->certList;
         while (certPtr != NULL) {
             wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 certPtr->der, certPtr->derSz);
-            idx += certPtr->derSz;
+            idx += (int)certPtr->derSz;
             certPtr = certPtr->next;
         }
     }
@@ -3227,38 +3258,45 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->signerInfoSet, esd->signerInfoSetSz);
-    idx += esd->signerInfoSetSz;
+    idx += (int)esd->signerInfoSetSz;
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->signerInfoSeq, esd->signerInfoSeqSz);
-    idx += esd->signerInfoSeqSz;
+    idx += (int)esd->signerInfoSeqSz;
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->signerVersion, esd->signerVersionSz);
-    idx += esd->signerVersionSz;
+    idx += (int)esd->signerVersionSz;
     /* SignerIdentifier */
     if (pkcs7->sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
         /* IssuerAndSerialNumber */
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->issuerSnSeq, esd->issuerSnSeqSz);
-        idx += esd->issuerSnSeqSz;
+        idx += (int)esd->issuerSnSeqSz;
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->issuerName, esd->issuerNameSz);
-        idx += esd->issuerNameSz;
+        idx += (int)esd->issuerNameSz;
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 pkcs7->issuer, pkcs7->issuerSz);
-        idx += pkcs7->issuerSz;
+        idx += (int)pkcs7->issuerSz;
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->issuerSn, esd->issuerSnSz);
-        idx += esd->issuerSnSz;
+        idx += (int)esd->issuerSnSz;
     } else if (pkcs7->sidType == CMS_SKID) {
         /* SubjectKeyIdentifier */
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->issuerSKIDSeq, esd->issuerSKIDSeqSz);
-        idx += esd->issuerSKIDSeqSz;
+        idx += (int)esd->issuerSKIDSeqSz;
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->issuerSKID, esd->issuerSKIDSz);
-        idx += esd->issuerSKIDSz;
-        wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+        idx += (int)esd->issuerSKIDSz;
+
+        if (pkcs7->customSKID) {
+            wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
+                pkcs7->customSKID, (word32)keyIdSize);
+        }
+        else {
+            wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 pkcs7->issuerSubjKeyId, (word32)keyIdSize);
+        }
         idx += keyIdSize;
     } else if (pkcs7->sidType == DEGENERATE_SID) {
         /* no signer infos in degenerate case */
@@ -3268,7 +3306,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
     }
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->signerDigAlgoId, esd->signerDigAlgoIdSz);
-    idx += esd->signerDigAlgoIdSz;
+    idx += (int)esd->signerDigAlgoIdSz;
 
     /* SignerInfo:Attributes */
     if (flatSignedAttribsSz > 0) {
@@ -3299,7 +3337,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
                 flatSignedAttribsSz = esd->signedAttribsSz;
                 FlattenAttributes(pkcs7, flatSignedAttribs,
-                                   esd->signedAttribs, esd->signedAttribsCount);
+                                  esd->signedAttribs,
+                                  (int)esd->signedAttribsCount);
             } else {
                 esd->signedAttribSetSz = 0;
             }
@@ -3307,10 +3346,10 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->signedAttribSet, esd->signedAttribSetSz);
-        idx += esd->signedAttribSetSz;
+        idx += (int)esd->signedAttribSetSz;
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 flatSignedAttribs, flatSignedAttribsSz);
-        idx += flatSignedAttribsSz;
+        idx += (int)flatSignedAttribsSz;
     }
 
     if (hashBuf == NULL && pkcs7->sidType != DEGENERATE_SID) {
@@ -3326,14 +3365,14 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->digEncAlgoId, esd->digEncAlgoIdSz);
-    idx += esd->digEncAlgoIdSz;
+    idx += (int)esd->digEncAlgoIdSz;
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->signerDigest, esd->signerDigestSz);
-    idx += esd->signerDigestSz;
+    idx += (int)esd->signerDigestSz;
 
     wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                 esd->encContentDigest, esd->encContentDigestSz);
-    idx += esd->encContentDigestSz;
+    idx += (int)esd->encContentDigestSz;
 
 #ifdef ASN_BER_TO_DER
     if (pkcs7->encodeStream) {
@@ -3351,7 +3390,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
 
         wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL,
                     indefEnd, localIdx);
-        idx += localIdx;
+        idx += (int)localIdx;
     }
 #endif
 
@@ -3383,7 +3422,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7,
  * pkcs7->contentSz: Must be provided as actual sign of raw data
  * return codes: 0=success, negative=error
  */
-int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+int wc_PKCS7_EncodeSignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf,
     word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot,
     word32* outputFootSz)
 {
@@ -3410,6 +3449,40 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
     return ret;
 }
 
+
+/* Sets a custom SKID in PKCS7 struct, used before calling an encode operation
+ * Returns 0 on success, negative upon error. */
+int wc_PKCS7_SetCustomSKID(wc_PKCS7* pkcs7, const byte* in, word16 inSz)
+{
+    int ret = 0;
+
+    if (pkcs7 == NULL || (in == NULL && inSz > 0)) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (in == NULL) {
+        if (pkcs7->customSKID != NULL) {
+            XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        }
+        pkcs7->customSKIDSz = 0;
+        pkcs7->customSKID   = NULL;
+    }
+    else {
+        pkcs7->customSKID = (byte*)XMALLOC(inSz, pkcs7->heap,
+            DYNAMIC_TYPE_PKCS7);
+        if (pkcs7->customSKID == NULL) {
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMCPY(pkcs7->customSKID, in, inSz);
+            pkcs7->customSKIDSz = inSz;
+        }
+    }
+
+    return ret;
+}
+
+
 /* Toggle detached signature mode on/off for PKCS#7/CMS SignedData content type.
  * By default wolfCrypt includes the data to be signed in the SignedData
  * bundle. This data can be omitted in the case when a detached signature is
@@ -3423,12 +3496,12 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
  * flag  - turn on/off detached signature generation (1 or 0)
  *
  * Returns 0 on success, negative upon error. */
-int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag)
+int wc_PKCS7_SetDetached(wc_PKCS7* pkcs7, word16 flag)
 {
     if (pkcs7 == NULL || (flag != 0 && flag != 1))
         return BAD_FUNC_ARG;
 
-    pkcs7->detached = flag;
+    pkcs7->detached = (flag != 0);
 
     return 0;
 }
@@ -3444,7 +3517,7 @@ int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag)
  * pkcs7 - pointer to initialized PKCS7 structure
  *
  * Returns 0 on success, negative upon error. */
-int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7)
+int wc_PKCS7_NoDefaultSignedAttribs(wc_PKCS7* pkcs7)
 {
     return wc_PKCS7_SetDefaultSignedAttribs(pkcs7, WOLFSSL_NO_ATTRIBUTES);
 }
@@ -3461,7 +3534,7 @@ int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7)
  * pkcs7 - pointer to initialized PKCS7 structure
  *
  * Returns 0 on success, negative upon error. */
-int  wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag)
+int  wc_PKCS7_SetDefaultSignedAttribs(wc_PKCS7* pkcs7, word16 flag)
 {
     if (pkcs7 == NULL) {
         return BAD_FUNC_ARG;
@@ -3490,7 +3563,7 @@ int  wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag)
 
 
 /* return codes: >0: Size of signed PKCS7 output buffer, negative: error */
-int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeSignedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     int ret;
 
@@ -3559,7 +3632,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
  * outputSz             - size of output buffer, octets
  *
  * Returns length of generated bundle on success, negative upon error. */
-int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
+int wc_PKCS7_EncodeSignedFPD(wc_PKCS7* pkcs7, byte* privateKey,
                              word32 privateKeySz, int signOID, int hashOID,
                              byte* content, word32 contentSz,
                              PKCS7Attrib* signedAttribs, word32 signedAttribsSz,
@@ -3628,7 +3701,7 @@ int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
  * outputSz             - size of output buffer, octets
  *
  * Returns length of generated bundle on success, negative upon error. */
-int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey,
+int wc_PKCS7_EncodeSignedEncryptedFPD(wc_PKCS7* pkcs7, byte* encryptKey,
                                       word32 encryptKeySz, byte* privateKey,
                                       word32 privateKeySz, int encryptOID,
                                       int signOID, int hashOID,
@@ -3670,13 +3743,14 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey,
     }
 
     /* save encryptedData, reset output buffer and struct */
-    encrypted = (byte*)XMALLOC(encryptedSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    encrypted = (byte*)XMALLOC((word32)encryptedSz, pkcs7->heap,
+                               DYNAMIC_TYPE_PKCS7);
     if (encrypted == NULL) {
         ForceZero(output, outputSz);
         return MEMORY_E;
     }
 
-    XMEMCPY(encrypted, output, encryptedSz);
+    XMEMCPY(encrypted, output, (word32)encryptedSz);
     ForceZero(output, outputSz);
 
     ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId);
@@ -3735,7 +3809,7 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey,
  * outputSz             - size of output buffer, octets
  *
  * Returns length of generated bundle on success, negative upon error. */
-int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7, byte* privateKey,
+int wc_PKCS7_EncodeSignedCompressedFPD(wc_PKCS7* pkcs7, byte* privateKey,
                                        word32 privateKeySz, int signOID,
                                        int hashOID, byte* content,
                                        word32 contentSz,
@@ -3839,7 +3913,7 @@ int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7, byte* privateKey,
  * outputSz             - size of output buffer, octets
  *
  * Returns length of generated bundle on success, negative upon error. */
-int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7, byte* encryptKey,
+int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(wc_PKCS7* pkcs7, byte* encryptKey,
                                        word32 encryptKeySz, byte* privateKey,
                                        word32 privateKeySz, int encryptOID,
                                        int signOID, int hashOID, byte* content,
@@ -3953,7 +4027,7 @@ int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7, byte* encryptKey,
 
 #ifdef HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
 /* register raw RSA sign digest callback */
-int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7, CallbackRsaSignRawDigest cb)
+int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7, CallbackRsaSignRawDigest cb)
 {
     if (pkcs7 == NULL || cb == NULL) {
         return BAD_FUNC_ARG;
@@ -3966,7 +4040,7 @@ int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7, CallbackRsaSignRawDigest cb)
 #endif
 
 /* returns size of signature put into out, negative on error */
-static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
+static int wc_PKCS7_RsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz,
                               byte* hash, word32 hashSz)
 {
     int ret = 0, i;
@@ -3975,8 +4049,14 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
     byte* digest;
     RsaKey* key;
     DecodedCert* dCert;
+#else
+#ifdef WOLFSSL_NO_MALLOC
+    byte digest[RSA_MAX_SIZE / WOLFSSL_BIT_SIZE]; /* accessed in-place with size
+                                                   * key->dataLen
+                                                   */
 #else
     byte digest[MAX_PKCS7_DIGEST_SZ];
+#endif
     RsaKey key[1];
     DecodedCert stack_dCert;
     DecodedCert* dCert = &stack_dCert;
@@ -4092,7 +4172,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
 #ifdef HAVE_ECC
 
 /* returns size of signature put into out, negative on error */
-static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
+static int wc_PKCS7_EcdsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz,
                                 byte* hash, word32 hashSz)
 {
     int ret = 0, i;
@@ -4231,7 +4311,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
  * plainDigestSz  - [OUT] size of digest at plainDigest
  *
  * returns 0 on success, negative on error */
-static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
+static int wc_PKCS7_BuildSignedDataDigest(wc_PKCS7* pkcs7, byte* signedAttrib,
                                       word32 signedAttribSz, byte* pkcs7Digest,
                                       word32* pkcs7DigestSz, byte** plainDigest,
                                       word32* plainDigestSz,
@@ -4337,15 +4417,15 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
                                   digestInfoSeq);
 
     XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz);
-    digIdx += digestInfoSeqSz;
+    digIdx += (int)digestInfoSeqSz;
     XMEMCPY(digestInfo + digIdx, algoId, algoIdSz);
-    digIdx += algoIdSz;
+    digIdx += (int)algoIdSz;
     XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz);
-    digIdx += digestStrSz;
+    digIdx += (int)digestStrSz;
     XMEMCPY(digestInfo + digIdx, digest, hashSz);
-    digIdx += hashSz;
+    digIdx += (int)hashSz;
 
-    XMEMCPY(pkcs7Digest, digestInfo, digIdx);
+    XMEMCPY(pkcs7Digest, digestInfo, (word32)digIdx);
     *pkcs7DigestSz = (word32)digIdx;
 
     /* set plain digest pointer */
@@ -4370,7 +4450,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
  * hashBufSz      - size of hashBuf, octets
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7,
+static int wc_PKCS7_VerifyContentMessageDigest(wc_PKCS7* pkcs7,
                                                const byte* hashBuf,
                                                word32 hashSz)
 {
@@ -4515,7 +4595,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7,
  * signedAttribSz - size of signedAttributes
  *
  * return 0 on success, negative on error */
-static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig,
+static int wc_PKCS7_SignedDataVerifySignature(wc_PKCS7* pkcs7, byte* sig,
                                              word32 sigSz, byte* signedAttrib,
                                              word32 signedAttribSz,
                                              const byte* hashBuf, word32 hashSz)
@@ -4671,7 +4751,7 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig,
 
 /* set correct public key OID based on signature OID, stores in
  * pkcs7->publicKeyOID and returns same value */
-static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID)
+static int wc_PKCS7_SetPublicKeyOID(wc_PKCS7* pkcs7, int sigOID)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -4739,7 +4819,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID)
             return ASN_SIG_KEY_E;
     }
 
-    return pkcs7->publicKeyOID;
+    return (int)pkcs7->publicKeyOID;
 }
 
 
@@ -4759,7 +4839,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID)
  *
  * returns the number of attributes parsed on success
  */
-static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
+static int wc_PKCS7_ParseAttribs(wc_PKCS7* pkcs7, byte* in, int inSz)
 {
     int    found = 0;
     word32 idx   = 0;
@@ -4771,7 +4851,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
 
     while (idx < (word32)inSz) {
         int length  = 0;
-        int oidIdx;
+        word32 oidIdx;
         PKCS7DecodedAttrib* attrib;
 
         if (GetSequence(in, &idx, &length, (word32)inSz) < 0)
@@ -4784,7 +4864,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
         }
         XMEMSET(attrib, 0, sizeof(PKCS7DecodedAttrib));
 
-        oidIdx = (int)idx;
+        oidIdx = idx;
         if (GetObjectId(in, &idx, &oid, oidIgnoreType, (word32)inSz)
                 < 0) {
             XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -4806,7 +4886,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
             return ASN_PARSE_E;
         }
 
-        if ((inSz - idx) < (word32)length) {
+        if ((inSz - (int)idx) < length) {
             XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             return ASN_PARSE_E;
@@ -4821,7 +4901,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
             return MEMORY_E;
         }
         XMEMCPY(attrib->value, in + idx, attrib->valueSz);
-        idx += length;
+        idx += (word32)length;
 
         /* store attribute in linked list */
         if (pkcs7->decodedAttrib != NULL) {
@@ -4843,7 +4923,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz)
  *
  * by default support for SignedData degenerate cases is on
  */
-void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag)
+void wc_PKCS7_AllowDegenerate(wc_PKCS7* pkcs7, word16 flag)
 {
     if (pkcs7) {
         if (flag) { /* flag of 1 turns on support for degenerate */
@@ -4865,7 +4945,7 @@ void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag)
  *
  * returns 0 on success
  */
-static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_ParseSignerInfo(wc_PKCS7* pkcs7, byte* in, word32 inSz,
         word32* idxIn, int degenerate, byte** signedAttrib, int* signedAttribSz)
 {
     int ret = 0;
@@ -4911,7 +4991,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
 
             if (ret == 0) {
                 ret = wc_PKCS7_SignerInfoSetSID(pkcs7, in + idx, length);
-                idx += length;
+                idx += (word32)length;
             }
 
         } else if (ret == 0 && version == 3) {
@@ -4967,7 +5047,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
 
             if (ret == 0) {
                 ret = wc_PKCS7_SignerInfoSetSID(pkcs7, in + idx, length);
-                idx += length;
+                idx += (word32)length;
             }
 
         } else {
@@ -4981,7 +5061,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
             ret = ASN_PARSE_E;
         }
         pkcs7->hashOID = (int)hashOID;
-        pkcs7->hashParamsAbsent = absentParams;
+        pkcs7->hashParamsAbsent = (absentParams != 0);
 
         /* Get the IMPLICIT[0] SET OF signedAttributes */
         localIdx = idx;
@@ -5002,7 +5082,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
                 ret = ASN_PARSE_E;
             }
 
-            idx += length;
+            idx += (word32)length;
         }
 
         /* Get digestEncryptionAlgorithm - key type or signature type */
@@ -5039,10 +5119,10 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
  * pkcs7->stream->content and stores its size in pkcs7->stream->contentSz.
  */
 #ifndef NO_PKCS7_STREAM
-static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                 word32* tmpIdx, word32* idx, int keepContent)
 {
-    int ret, length;
+    int ret, length = 0;
     word32 msgSz, i, contBufSz;
     byte tag;
     byte* msg = NULL;
@@ -5131,7 +5211,7 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz,
                  * number of indef is stored in pkcs7->stream->cntIdfCnt.
                  */
                 pkcs7->stream->expected = (word32)(ASN_TAG_SZ + TRAILING_ZERO) *
-                                                    pkcs7->stream->cntIdfCnt;
+                                               (word32)pkcs7->stream->cntIdfCnt;
 
                 /* dec idx by one since already consumed to get ASN_EOC */
                 (*idx)--;
@@ -5196,35 +5276,52 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz,
             /* got partial octet string data */
             /* accumulate partial octet string to buffer */
             if (keepContent) {
-
-                /* store current content buffer temporarily */
-                tempBuf = pkcs7->stream->content;
-                pkcs7->stream->content = NULL;
-
-                /* grow content buffer */
-                contBufSz = pkcs7->stream->accumContSz;
-                pkcs7->stream->accumContSz += pkcs7->stream->expected;
-
-                pkcs7->stream->content =
-                                (byte*)XMALLOC(pkcs7->stream->accumContSz,
-                                            pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-
-                if (pkcs7->stream->content == NULL) {
-                    WOLFSSL_MSG("failed to grow content buffer.");
-                    XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                    tempBuf = NULL;
-                    ret = MEMORY_E;
-                    break;
+            #ifdef ASN_BER_TO_DER
+                if (pkcs7->streamOutCb) {
+                    ret = wc_HashUpdate(&pkcs7->stream->hashAlg,
+                        pkcs7->stream->hashType,
+                        msg + *idx, pkcs7->stream->expected);
+                    if (ret != 0)
+                        break;
+                    pkcs7->streamOutCb(pkcs7, msg + *idx,
+                        pkcs7->stream->expected, pkcs7->streamCtx);
                 }
-                else {
-                    /* accumulate content */
-                    if (tempBuf != NULL && contBufSz != 0) {
-                        XMEMCPY(pkcs7->stream->content, tempBuf, contBufSz);
+                else
+            #endif /* ASN_BER_TO_DER */
+                {
+                    /* store current content buffer temporarily */
+                    tempBuf = pkcs7->stream->content;
+                    pkcs7->stream->content = NULL;
+
+                    /* grow content buffer */
+                    contBufSz = pkcs7->stream->accumContSz;
+                    pkcs7->stream->accumContSz += pkcs7->stream->expected;
+
+                    pkcs7->stream->content =
+                                    (byte*)XMALLOC(pkcs7->stream->accumContSz,
+                                               pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+
+                    if (pkcs7->stream->content == NULL) {
+                        WOLFSSL_MSG("failed to grow content buffer.");
+                            if (tempBuf != NULL) {
+                        XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                        tempBuf = NULL;
+                            }
+                        ret = MEMORY_E;
+                        break;
+                    }
+                    else {
+                        /* accumulate content */
+                        if (tempBuf != NULL && contBufSz != 0) {
+                            XMEMCPY(pkcs7->stream->content, tempBuf, contBufSz);
+                        }
+                        XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx,
+                                                       pkcs7->stream->expected);
+                        if (tempBuf != NULL) {
+                            XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                            tempBuf = NULL;
+                        }
                     }
-                    XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx,
-                                                    pkcs7->stream->expected);
-                    XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                    tempBuf = NULL;
                 }
             }
 
@@ -5270,11 +5367,11 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz,
  * When adding support for the case of SignedAndEnvelopedData content types a
  * signer is required. In this case the PKCS7 flag noDegenerate could be set.
  */
-static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
+static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
     word32 hashSz, byte* in, word32 inSz,
     byte* in2, word32 in2Sz)
 {
-    word32 idx, maxIdx = inSz, outerContentType, contentTypeSz = 0, totalSz = 0;
+    word32 idx, maxIdx = inSz, outerContentType = 0, contentTypeSz = 0, totalSz = 0;
     int length = 0, version = 0, ret = 0;
     byte* content = NULL;
     byte* contentDynamic = NULL;
@@ -5361,7 +5458,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 break;
             }
             if (ret == 0 && length > 0)
-                pkcs7->stream->maxLen = length + localIdx;
+                pkcs7->stream->maxLen = (word32)length + localIdx;
             else
                 pkcs7->stream->maxLen = inSz;
 
@@ -5513,12 +5610,12 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
         #endif /* !NO_PKCS7_STREAM */
 
             /* Skip the set. */
-            idx += length;
+            idx += (word32)length;
             degenerate = (length == 0) ? 1 : 0;
         #ifndef NO_PKCS7_STREAM
-            pkcs7->stream->degenerate = degenerate;
+            pkcs7->stream->degenerate = (degenerate != 0);
         #endif /* !NO_PKCS7_STREAM */
-            if (pkcs7->noDegenerate == 1 && degenerate == 1) {
+            if (pkcs7->noDegenerate == 1 && degenerate != 0) {
                 ret = PKCS7_NO_SIGNER_E;
             }
 
@@ -5582,8 +5679,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                 }
                 if (GetASNObjectId(pkiMsg, &idx, &length, pkiMsgSz) == 0) {
                     contentType = pkiMsg + tmpIdx;
-                    contentTypeSz = length + (idx - tmpIdx);
-                    idx += length;
+                    contentTypeSz = (word32)length + (idx - tmpIdx);
+                    idx += (word32)length;
                 }
                 else {
                     ret = ASN_PARSE_E;
@@ -5616,7 +5713,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             /* Set error state if no more data left in ContentInfo, meaning
              * no content - may be detached. Will recover from error below */
             if ((encapContentInfoLen != 0) &&
-                (encapContentInfoLen - contentTypeSz == 0)) {
+                ((word32)encapContentInfoLen - contentTypeSz == 0)) {
                 ret = ASN_PARSE_E;
             #ifndef NO_PKCS7_STREAM
                 pkcs7->stream->noContent = 1;
@@ -5716,11 +5813,12 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
                     if (ret == 0) {
                         /* Use single OCTET_STRING directly, or reset length. */
-                        if (localIdx - start + length == (word32)contentLen) {
+                        if (localIdx - start + (word32)length ==
+                                                           (word32)contentLen) {
                             multiPart = 0;
                         } else {
                         #ifndef NO_PKCS7_STREAM
-                            pkcs7->stream->multi         = multiPart;
+                            pkcs7->stream->multi         = (multiPart != 0);
                             pkcs7->stream->currContIdx   = localIdx;
                             pkcs7->stream->currContSz    = (word32)length;
                             pkcs7->stream->currContRmnSz = (word32)length;
@@ -5748,7 +5846,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                         ret = ASN_PARSE_E;
                 #ifndef NO_PKCS7_STREAM
                     if (ret == 0) {
-                        pkcs7->stream->multi         = multiPart;
+                        pkcs7->stream->multi         = (multiPart != 0);
                         pkcs7->stream->currContIdx   = localIdx;
                         pkcs7->stream->currContSz    = (word32)length;
                         pkcs7->stream->currContRmnSz = (word32)length;
@@ -5800,7 +5898,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
         #ifndef NO_PKCS7_STREAM
             /* save detached flag value */
-            pkcs7->stream->detached = detached;
+            pkcs7->stream->detached = (detached != 0);
 
             /* save contentType */
             pkcs7->stream->nonce = (byte*)XMALLOC(contentTypeSz, pkcs7->heap,
@@ -5843,6 +5941,16 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3);
 
         #ifndef NO_PKCS7_STREAM
+        #ifdef ASN_BER_TO_DER
+            /* setup hash struct for creating hash of content if needed */
+            if (pkcs7->streamOutCb) {
+                ret = wc_HashInit_ex(&pkcs7->stream->hashAlg,
+                    pkcs7->stream->hashType, pkcs7->heap, pkcs7->devId);
+                if (ret != 0)
+                    break;
+            }
+        #endif /* ASN_BER_TO_DER */
+
         /* free pkcs7->stream->content buffer */
         XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         pkcs7->stream->content = NULL;
@@ -6065,7 +6173,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                         WOLFSSL_MSG("certificate set found");
 
                         /* adjust cert length */
-                        length += localIdx - certIdx;
+                        length += (int)(localIdx - certIdx);
                         idx = certIdx;
                     }
                 }
@@ -6138,18 +6246,17 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
             /* store current index to get the signerInfo index later  */
             certIdx2 = idx;
-
             /* store certificate if needed */
             if (length > 0 && in2Sz == 0) {
                 /* free tmpCert if not NULL */
                 XFREE(pkcs7->stream->tmpCert, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                pkcs7->stream->tmpCert = (byte*)XMALLOC(length,
+                pkcs7->stream->tmpCert = (byte*)XMALLOC((word32)length,
                         pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 if ((pkiMsg2 == NULL) || (pkcs7->stream->tmpCert == NULL)) {
                     ret = MEMORY_E;
                     break;
                 }
-                XMEMCPY(pkcs7->stream->tmpCert, pkiMsg2 + idx, length);
+                XMEMCPY(pkcs7->stream->tmpCert, pkiMsg2 + idx, (word32)length);
                 pkiMsg2 = pkcs7->stream->tmpCert;
                 pkiMsg2Sz = (word32)length;
                 idx = 0;
@@ -6180,7 +6287,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                             ret = ASN_PARSE_E;
 
                         cert = &pkiMsg2[idx];
-                        certSz += (certIdx - idx);
+                        certSz += (int)(certIdx - idx);
                         if (certSz > length) {
                             ret = BUFFER_E;
                             break;
@@ -6202,7 +6309,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
                         /* Save dynamic content before freeing PKCS7 struct */
                         if (pkcs7->contentDynamic != NULL) {
-                            contentDynamic = (byte*)XMALLOC(contentSz,
+                            contentDynamic = (byte*)XMALLOC((word32)contentSz,
                                                pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                             if (contentDynamic == NULL) {
                             #ifndef NO_PKCS7_STREAM
@@ -6212,13 +6319,13 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                                 break;
                             }
                             XMEMCPY(contentDynamic, pkcs7->contentDynamic,
-                                    contentSz);
+                                    (word32)contentSz);
                         }
 
                         /* Free pkcs7 resources but not the structure itself */
                         pkcs7->isDynamic = 0;
                         wc_PKCS7_Free(pkcs7);
-                        pkcs7->isDynamic = isDynamic;
+                        pkcs7->isDynamic = (isDynamic != 0);
                         /* This will reset PKCS7 structure and then set the
                          * certificate */
                         ret = wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz);
@@ -6231,7 +6338,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                         }
 
                         /* Restore content is PKCS#7 flag */
-                        pkcs7->contentIsPkcs7Type = contentIsPkcs7Type;
+                        pkcs7->contentIsPkcs7Type = (contentIsPkcs7Type != 0);
 
                     #ifndef NO_PKCS7_STREAM
                         pkcs7->stream = stream;
@@ -6251,7 +6358,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
                         pkcs7->cert[0]   = cert;
                         pkcs7->certSz[0] = (word32)certSz;
-                        certIdx = idx + certSz;
+                        certIdx = idx + (word32)certSz;
 
                         for (i = 1; i < MAX_PKCS7_CERTS &&
                                 certIdx + 1 < pkiMsg2Sz &&
@@ -6273,21 +6380,22 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                                 }
 
                                 pkcs7->cert[i]   = &pkiMsg2[localIdx];
-                                pkcs7->certSz[i] = sz + (certIdx - localIdx);
-                                certIdx += sz;
+                                pkcs7->certSz[i] = (word32)sz +
+                                                   (certIdx - localIdx);
+                                certIdx += (word32)sz;
                             }
                         }
                     }
                 }
-                idx += length;
+                idx += (word32)length;
 
             if (!detached) {
                 /* set content and size after init of PKCS7 structure */
                 pkcs7->content   = content;
-                pkcs7->contentSz = contentSz;
+                pkcs7->contentSz = (word32)contentSz;
             }
 
-            idx = certIdx2 + length;
+            idx = certIdx2 + (word32)length;
 
             if (ret != 0) {
                 break;
@@ -6313,7 +6421,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             /* if certificate set has indef-length, there maybe trailing zeros.
              * add expected size to include size of zeros. */
             if (pkcs7->stream->cntIdfCnt > 0) {
-                pkcs7->stream->expected += pkcs7->stream->cntIdfCnt * 2;
+                pkcs7->stream->expected += (word32)pkcs7->stream->cntIdfCnt * 2;
             }
 
             if (pkcs7->stream->expected > (pkcs7->stream->maxLen -
@@ -6373,10 +6481,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             /* prior to find set of crls, remove trailing zeros of
              * set of certificates */
             if (ret == 0 && pkcs7->stream->cntIdfCnt > 0) {
-                int i;
+                word32 i;
+                word32 sz = (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
                 localIdx = idx;
-                for (i = 0; i < pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
-                                                                         i++) {
+                for (i = 0; i < sz; i++) {
                     if (pkiMsg2[localIdx + i] == 0)
                         continue;
                     else {
@@ -6385,7 +6493,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     }
                 }
                 if (ret == 0) {
-                    idx += pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
+                    idx += (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
                     pkcs7->stream->cntIdfCnt = 0;
                 }
             }
@@ -6402,7 +6510,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     ret = ASN_PARSE_E;
 
                 /* Skip the set */
-                idx += length;
+                idx += (word32)length;
             }
 
             /* Get the set of signerInfos */
@@ -6497,15 +6605,38 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                     sig = &pkiMsg2[idx];
                     sigSz = length;
 
-                    idx += length;
+                    idx += (word32)length;
                 }
 
                 pkcs7->content = content;
                 pkcs7->contentSz = (word32)contentSz;
 
                 if (ret == 0) {
-                    ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig, (word32)sigSz,
-                                                   signedAttrib, (word32)signedAttribSz,
+                #if !defined(NO_PKCS7_STREAM) && defined(ASN_BER_TO_DER)
+                    byte streamHash[WC_MAX_DIGEST_SIZE];
+
+                    /* get final hash if having done hash updates while
+                     * streaming out the content */
+                    if (pkcs7->streamOutCb) {
+                        ret = wc_HashFinal(&pkcs7->stream->hashAlg,
+                            pkcs7->stream->hashType, streamHash);
+                        hashBuf = streamHash;
+                        length  = wc_HashGetDigestSize(pkcs7->stream->hashType);
+                        if (length < 0) {
+                            WOLFSSL_MSG("Error getting digest size");
+                            ret = ASN_PARSE_E;
+                        }
+                        else {
+                            hashSz = (word32)length;
+                        }
+                        wc_HashFree(&pkcs7->stream->hashAlg,
+                            pkcs7->stream->hashType);
+                        if (ret != 0)
+                            break;
+                    }
+                #endif /* !NO_PKCS7_STREAM && ASN_BER_TO_DER */
+                    ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig,
+                            (word32)sigSz, signedAttrib, (word32)signedAttribSz,
                                                    hashBuf, hashSz);
                 }
             }
@@ -6514,7 +6645,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
             /* make sure that terminating zero's follow */
             if ((ret == WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK) || ret >= 0) &&
                     pkcs7->stream->indefLen == 1) {
-                int i;
+                word32 i;
                 for (i = 0; i < 3 * ASN_INDEF_END_SZ; i++) {
                     if (pkiMsg2[idx + i] != 0) {
                         ret = ASN_PARSE_E;
@@ -6557,7 +6688,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
  * return 0 on success and LENGTH_ONLY_E if just setting "outSz" for buffer
  *  length needed.
  */
-int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz)
+int wc_PKCS7_GetSignerSID(wc_PKCS7* pkcs7, byte* out, word32* outSz)
 {
     if (outSz == NULL || pkcs7 == NULL) {
         return BAD_FUNC_ARG;
@@ -6576,7 +6707,7 @@ int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz)
 
     if (out == NULL) {
         *outSz = pkcs7->signerInfo->sidSz;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if (*outSz < pkcs7->signerInfo->sidSz) {
@@ -6610,7 +6741,7 @@ int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz)
  * Returns 0 on success, negative upon error.
  *
  */
-int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+int wc_PKCS7_VerifySignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf,
     word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
     word32 pkiMsgFootSz)
 {
@@ -6618,7 +6749,7 @@ int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
         pkiMsgHead, pkiMsgHeadSz, pkiMsgFoot, pkiMsgFootSz);
 }
 
-int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
+int wc_PKCS7_VerifySignedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
 {
     return PKCS7_VerifySignedData(pkcs7, NULL, 0, pkiMsg, pkiMsgSz, NULL, 0);
 }
@@ -6631,7 +6762,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
  * len   - length of key to be generated
  *
  * Returns 0 on success, negative upon error */
-static int PKCS7_GenerateContentEncryptionKey(PKCS7* pkcs7, word32 len)
+static int PKCS7_GenerateContentEncryptionKey(wc_PKCS7* pkcs7, word32 len)
 {
     int ret;
     WC_RNG rng;
@@ -6756,15 +6887,15 @@ typedef struct WC_PKCS7_KARI {
     word32   sharedInfoSz;         /* size of ECC-CMS-SharedInfo encoded */
     byte     ukmOwner;             /* do we own ukm buffer? 1:yes, 0:no */
     byte     direction;            /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */
-    byte     decodedInit : 1;      /* indicates decoded was initialized */
-    byte     recipKeyInit : 1;     /* indicates recipKey was initialized */
-    byte     senderKeyInit : 1;    /* indicates senderKey was initialized */
+    WC_BITFIELD decodedInit:1;     /* indicates decoded was initialized */
+    WC_BITFIELD recipKeyInit:1;    /* indicates recipKey was initialized */
+    WC_BITFIELD senderKeyInit:1;   /* indicates senderKey was initialized */
 } WC_PKCS7_KARI;
 
 
 /* allocate and create new WC_PKCS7_KARI struct,
  * returns struct pointer on success, NULL on failure */
-static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction)
+static WC_PKCS7_KARI* wc_PKCS7_KariNew(wc_PKCS7* pkcs7, byte direction)
 {
     WC_PKCS7_KARI* kari = NULL;
 
@@ -7050,22 +7181,22 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID)
 
     /* kekOctet */
     kekOctetSz = (int)SetOctetString(sizeof(word32), kekOctet);
-    sharedInfoSz += (kekOctetSz + sizeof(word32));
+    sharedInfoSz += (kekOctetSz + (int)sizeof(word32));
 
     /* suppPubInfo */
-    suppPubInfoSeqSz = SetImplicit(ASN_SEQUENCE, 2,
-                                   kekOctetSz + sizeof(word32),
-                                   suppPubInfoSeq, 0);
+    suppPubInfoSeqSz = (int)SetImplicit(ASN_SEQUENCE, 2,
+                                        (word32)kekOctetSz + (word32)sizeof(word32),
+                                        suppPubInfoSeq, 0);
     sharedInfoSz += suppPubInfoSeqSz;
 
     /* optional ukm/entityInfo */
     if (kari->ukmSz > 0) {
         entityUInfoOctetSz = (int)SetOctetString(kari->ukmSz, entityUInfoOctet);
-        sharedInfoSz += (entityUInfoOctetSz + kari->ukmSz);
+        sharedInfoSz += (entityUInfoOctetSz + (int)kari->ukmSz);
 
-        entityUInfoExplicitSz = SetExplicit(0, entityUInfoOctetSz +
-                                            kari->ukmSz,
-                                            entityUInfoExplicitSeq, 0);
+        entityUInfoExplicitSz = (int)SetExplicit(0,
+                                       (word32)entityUInfoOctetSz + kari->ukmSz,
+                                       entityUInfoExplicitSeq, 0);
         sharedInfoSz += entityUInfoExplicitSz;
     }
 
@@ -7077,29 +7208,30 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID)
     sharedInfoSeqSz = (int)SetSequence((word32)sharedInfoSz, sharedInfoSeq);
     sharedInfoSz += sharedInfoSeqSz;
 
-    kari->sharedInfo = (byte*)XMALLOC(sharedInfoSz, kari->heap,
+    kari->sharedInfo = (byte*)XMALLOC((word32)sharedInfoSz, kari->heap,
                                       DYNAMIC_TYPE_PKCS7);
     if (kari->sharedInfo == NULL)
         return MEMORY_E;
 
     kari->sharedInfoSz = (word32)sharedInfoSz;
 
-    XMEMCPY(kari->sharedInfo + idx, sharedInfoSeq, sharedInfoSeqSz);
+    XMEMCPY(kari->sharedInfo + idx, sharedInfoSeq, (word32)sharedInfoSeqSz);
     idx += sharedInfoSeqSz;
-    XMEMCPY(kari->sharedInfo + idx, keyInfo, keyInfoSz);
+    XMEMCPY(kari->sharedInfo + idx, keyInfo, (word32)keyInfoSz);
     idx += keyInfoSz;
     if (kari->ukmSz > 0) {
         XMEMCPY(kari->sharedInfo + idx, entityUInfoExplicitSeq,
-                entityUInfoExplicitSz);
+                (word32)entityUInfoExplicitSz);
         idx += entityUInfoExplicitSz;
-        XMEMCPY(kari->sharedInfo + idx, entityUInfoOctet, entityUInfoOctetSz);
+        XMEMCPY(kari->sharedInfo + idx, entityUInfoOctet,
+                (word32)entityUInfoOctetSz);
         idx += entityUInfoOctetSz;
         XMEMCPY(kari->sharedInfo + idx, kari->ukm, kari->ukmSz);
-        idx += kari->ukmSz;
+        idx += (int)kari->ukmSz;
     }
-    XMEMCPY(kari->sharedInfo + idx, suppPubInfoSeq, suppPubInfoSeqSz);
+    XMEMCPY(kari->sharedInfo + idx, suppPubInfoSeq, (word32)suppPubInfoSeqSz);
     idx += suppPubInfoSeqSz;
-    XMEMCPY(kari->sharedInfo + idx, kekOctet, kekOctetSz);
+    XMEMCPY(kari->sharedInfo + idx, kekOctet, (word32)kekOctetSz);
     idx += kekOctetSz;
 
     kekBitSz = (kari->kekSz) * 8;              /* convert to bits */
@@ -7132,7 +7264,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
     if (kSz < 0)
         return kSz;
 
-    kari->kek = (byte*)XMALLOC(kSz, kari->heap, DYNAMIC_TYPE_PKCS7);
+    kari->kek = (byte*)XMALLOC((word32)kSz, kari->heap, DYNAMIC_TYPE_PKCS7);
     if (kari->kek == NULL)
         return MEMORY_E;
 
@@ -7238,7 +7370,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
  * to CMS/PKCS#7 EnvelopedData structure.
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
+int wc_PKCS7_AddRecipient_KARI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz,
                                int keyWrapOID, int keyAgreeOID, byte* ukm,
                                word32 ukmSz, int options)
 {
@@ -7432,16 +7564,18 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     /* Start of RecipientEncryptedKeys */
 
     /* EncryptedKey */
-    encryptedKeyOctetSz = (int)SetOctetString(encryptedKeySz, encryptedKeyOctet);
-    totalSz += (encryptedKeyOctetSz + encryptedKeySz);
+    encryptedKeyOctetSz = (int)SetOctetString(encryptedKeySz,
+                                              encryptedKeyOctet);
+    totalSz += (encryptedKeyOctetSz + (int)encryptedKeySz);
 
     /* SubjectKeyIdentifier */
     subjKeyIdOctetSz = (int)SetOctetString((word32)keyIdSize, subjKeyIdOctet);
     totalSz += (subjKeyIdOctetSz + keyIdSize);
 
     /* RecipientKeyIdentifier IMPLICIT [0] */
-    recipKeyIdSeqSz = SetImplicit(ASN_SEQUENCE, 0, subjKeyIdOctetSz +
-                                  keyIdSize, recipKeyIdSeq, 0);
+    recipKeyIdSeqSz = (int)SetImplicit(ASN_SEQUENCE, 0,
+                                       (word32)(subjKeyIdOctetSz + keyIdSize),
+                                       recipKeyIdSeq, 0);
     totalSz += recipKeyIdSeqSz;
 
     /* RecipientEncryptedKey */
@@ -7456,9 +7590,9 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
 
     if (kari->ukmSz > 0) {
         ukmOctetSz = (int)SetOctetString(kari->ukmSz, ukmOctetStr);
-        totalSz += (ukmOctetSz + kari->ukmSz);
+        totalSz += (ukmOctetSz + (int)kari->ukmSz);
 
-        ukmExplicitSz = SetExplicit(1, ukmOctetSz + kari->ukmSz,
+        ukmExplicitSz = (int)SetExplicit(1, (word32)ukmOctetSz + kari->ukmSz,
                                     ukmExplicitSeq, 0);
         totalSz += ukmExplicitSz;
     }
@@ -7481,7 +7615,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     origPubKeyStr[0] = ASN_BIT_STRING;
     origPubKeyStrSz = (int)SetLength(kari->senderKeyExportSz + 1,
                                 origPubKeyStr + 1) + 2;
-    totalSz += (origPubKeyStrSz + kari->senderKeyExportSz);
+    totalSz += (origPubKeyStrSz + (int)kari->senderKeyExportSz);
 
     /* Originator AlgorithmIdentifier, params set to NULL for interop
        compatibility */
@@ -7492,15 +7626,15 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
 
     /* outer OriginatorPublicKey IMPLICIT [1] */
     origPubKeySeqSz = (int)SetImplicit(ASN_SEQUENCE, 1,
-                                  origAlgIdSz + origPubKeyStrSz +
-                                  kari->senderKeyExportSz, origPubKeySeq, 0);
+                               (word32)(origAlgIdSz + origPubKeyStrSz +
+                               (int)kari->senderKeyExportSz), origPubKeySeq, 0);
     totalSz += origPubKeySeqSz;
 
     /* outer OriginatorIdentifierOrKey IMPLICIT [0] */
     origIdOrKeySeqSz = (int)SetImplicit(ASN_SEQUENCE, 0,
-                                   origPubKeySeqSz + origAlgIdSz +
-                                   origPubKeyStrSz + kari->senderKeyExportSz,
-                                   origIdOrKeySeq, 0);
+                                (word32)(origPubKeySeqSz + origAlgIdSz +
+                                origPubKeyStrSz + (int)kari->senderKeyExportSz),
+                                origIdOrKeySeq, 0);
     totalSz += origIdOrKeySeqSz;
 
     /* version, always 3 */
@@ -7522,53 +7656,53 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
         return BUFFER_E;
     }
 
-    XMEMCPY(recip->recip + idx, kariSeq, kariSeqSz);
-    idx += kariSeqSz;
-    XMEMCPY(recip->recip + idx, ver, verSz);
-    idx += verSz;
+    XMEMCPY(recip->recip + idx, kariSeq, (word32)kariSeqSz);
+    idx += (word32)kariSeqSz;
+    XMEMCPY(recip->recip + idx, ver, (word32)verSz);
+    idx += (word32)verSz;
 
-    XMEMCPY(recip->recip + idx, origIdOrKeySeq, origIdOrKeySeqSz);
-    idx += origIdOrKeySeqSz;
-    XMEMCPY(recip->recip + idx, origPubKeySeq, origPubKeySeqSz);
-    idx += origPubKeySeqSz;
+    XMEMCPY(recip->recip + idx, origIdOrKeySeq, (word32)origIdOrKeySeqSz);
+    idx += (word32)origIdOrKeySeqSz;
+    XMEMCPY(recip->recip + idx, origPubKeySeq, (word32)origPubKeySeqSz);
+    idx += (word32)origPubKeySeqSz;
 
     /* AlgorithmIdentifier with NULL parameter */
-    XMEMCPY(recip->recip + idx, origAlgId, origAlgIdSz);
-    idx += origAlgIdSz;
+    XMEMCPY(recip->recip + idx, origAlgId, (word32)origAlgIdSz);
+    idx += (word32)origAlgIdSz;
 
-    XMEMCPY(recip->recip + idx, origPubKeyStr, origPubKeyStrSz);
-    idx += origPubKeyStrSz;
+    XMEMCPY(recip->recip + idx, origPubKeyStr, (word32)origPubKeyStrSz);
+    idx += (word32)origPubKeyStrSz;
     /* ephemeral public key */
     XMEMCPY(recip->recip + idx, kari->senderKeyExport, kari->senderKeyExportSz);
     idx += kari->senderKeyExportSz;
 
     if (kari->ukmSz > 0) {
-        XMEMCPY(recip->recip + idx, ukmExplicitSeq, ukmExplicitSz);
-        idx += ukmExplicitSz;
-        XMEMCPY(recip->recip + idx, ukmOctetStr, ukmOctetSz);
-        idx += ukmOctetSz;
+        XMEMCPY(recip->recip + idx, ukmExplicitSeq, (word32)ukmExplicitSz);
+        idx += (word32)ukmExplicitSz;
+        XMEMCPY(recip->recip + idx, ukmOctetStr, (word32)ukmOctetSz);
+        idx += (word32)ukmOctetSz;
         XMEMCPY(recip->recip + idx, kari->ukm, kari->ukmSz);
         idx += kari->ukmSz;
     }
 
-    XMEMCPY(recip->recip + idx, keyEncryptAlgoId, keyEncryptAlgoIdSz);
-    idx += keyEncryptAlgoIdSz;
-    XMEMCPY(recip->recip + idx, keyWrapAlg, keyWrapAlgSz);
-    idx += keyWrapAlgSz;
+    XMEMCPY(recip->recip + idx, keyEncryptAlgoId, (word32)keyEncryptAlgoIdSz);
+    idx += (word32)keyEncryptAlgoIdSz;
+    XMEMCPY(recip->recip + idx, keyWrapAlg, (word32)keyWrapAlgSz);
+    idx += (word32)keyWrapAlgSz;
 
-    XMEMCPY(recip->recip + idx, recipEncKeysSeq, recipEncKeysSeqSz);
-    idx += recipEncKeysSeqSz;
-    XMEMCPY(recip->recip + idx, recipEncKeySeq, recipEncKeySeqSz);
-    idx += recipEncKeySeqSz;
-    XMEMCPY(recip->recip + idx, recipKeyIdSeq, recipKeyIdSeqSz);
-    idx += recipKeyIdSeqSz;
-    XMEMCPY(recip->recip + idx, subjKeyIdOctet, subjKeyIdOctetSz);
-    idx += subjKeyIdOctetSz;
+    XMEMCPY(recip->recip + idx, recipEncKeysSeq, (word32)recipEncKeysSeqSz);
+    idx += (word32)recipEncKeysSeqSz;
+    XMEMCPY(recip->recip + idx, recipEncKeySeq, (word32)recipEncKeySeqSz);
+    idx += (word32)recipEncKeySeqSz;
+    XMEMCPY(recip->recip + idx, recipKeyIdSeq, (word32)recipKeyIdSeqSz);
+    idx += (word32)recipKeyIdSeqSz;
+    XMEMCPY(recip->recip + idx, subjKeyIdOctet, (word32)subjKeyIdOctetSz);
+    idx += (word32)subjKeyIdOctetSz;
     /* subject key id */
-    XMEMCPY(recip->recip + idx, kari->decoded->extSubjKeyId, keyIdSize);
-    idx += keyIdSize;
-    XMEMCPY(recip->recip + idx, encryptedKeyOctet, encryptedKeyOctetSz);
-    idx += encryptedKeyOctetSz;
+    XMEMCPY(recip->recip + idx, kari->decoded->extSubjKeyId, (word32)keyIdSize);
+    idx += (word32)keyIdSize;
+    XMEMCPY(recip->recip + idx, encryptedKeyOctet, (word32)encryptedKeyOctetSz);
+    idx += (word32)encryptedKeyOctetSz;
     /* encrypted CEK */
     XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
     idx += encryptedKeySz;
@@ -7606,7 +7740,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
  * to CMS/PKCS#7 EnvelopedData structure.
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
+int wc_PKCS7_AddRecipient_KTRI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz,
                                int options)
 {
     Pkcs7EncodedRecip* recip = NULL;
@@ -7783,8 +7917,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
             XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             return -1;
         }
-        snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial,
-                               MAX_SN_SZ, MAX_SN_SZ);
+        snSz = SetSerialNumber(decoded->serial, (word32)decoded->serialSz,
+                               serial, MAX_SN_SZ, MAX_SN_SZ);
         if (snSz < 0) {
             WOLFSSL_MSG("Error setting the serial number");
             FreeDecodedCert(decoded);
@@ -7797,8 +7931,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
             XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             return -1;
         }
-        issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz,
-                                        issuerSerialSeq);
+        issuerSerialSeqSz = (int)SetSequence((word32)(issuerSeqSz + issuerSz +
+                                             snSz), issuerSerialSeq);
     } else if (sidType == CMS_SKID) {
 
         /* version, must be 2 for SubjectKeyIdentifier */
@@ -7833,7 +7967,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
         return ALGO_ID_E;
     }
 
-    keyEncAlgSz = SetAlgoID(pkcs7->publicKeyOID, keyAlgArray, oidKeyType, 0);
+    keyEncAlgSz = (int)SetAlgoID((int)pkcs7->publicKeyOID, keyAlgArray,
+                                 oidKeyType, 0);
     if (keyEncAlgSz == 0) {
         FreeDecodedCert(decoded);
 #ifdef WOLFSSL_SMALL_STACK
@@ -7945,12 +8080,12 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
 
     /* RecipientInfo */
     if (sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
-        recipSeqSz = (int)SetSequence(verSz + issuerSerialSeqSz + issuerSeqSz +
-                                 issuerSz + snSz + keyEncAlgSz +
-                                 encKeyOctetStrSz + encryptedKeySz, recipSeq);
+        int recipLen =  verSz + (int)issuerSerialSeqSz + issuerSeqSz +
+            issuerSz + snSz + keyEncAlgSz + encKeyOctetStrSz +
+            (int)encryptedKeySz;
+        recipSeqSz = (int)SetSequence((word32)recipLen, recipSeq);
 
-        if (recipSeqSz + verSz + issuerSerialSeqSz + issuerSeqSz + snSz +
-            keyEncAlgSz + encKeyOctetStrSz + encryptedKeySz > MAX_RECIP_SZ) {
+        if ((recipSeqSz + recipLen) > MAX_RECIP_SZ) {
             WOLFSSL_MSG("RecipientInfo output buffer too small");
             FreeDecodedCert(decoded);
 #ifdef WOLFSSL_SMALL_STACK
@@ -7964,12 +8099,10 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
         }
 
     } else {
-        recipSeqSz = SetSequence(verSz + ASN_TAG_SZ + issuerSKIDSz +
-                                 keyIdSize + keyEncAlgSz + encKeyOctetStrSz +
-                                 encryptedKeySz, recipSeq);
-
-        if (recipSeqSz + verSz + ASN_TAG_SZ + issuerSKIDSz + keyIdSize +
-            keyEncAlgSz + encKeyOctetStrSz + encryptedKeySz > MAX_RECIP_SZ) {
+        int recipLen =  verSz + ASN_TAG_SZ + (int)issuerSKIDSz + keyIdSize +
+                keyEncAlgSz + encKeyOctetStrSz + (int)encryptedKeySz;
+        recipSeqSz = (int)SetSequence((word32)recipLen, recipSeq);
+        if ((recipSeqSz + recipLen) > MAX_RECIP_SZ) {
             WOLFSSL_MSG("RecipientInfo output buffer too small");
             FreeDecodedCert(decoded);
 #ifdef WOLFSSL_SMALL_STACK
@@ -7984,31 +8117,31 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
     }
 
     idx = 0;
-    XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz);
-    idx += recipSeqSz;
-    XMEMCPY(recip->recip + idx, ver, verSz);
-    idx += verSz;
+    XMEMCPY(recip->recip + idx, recipSeq, (word32)recipSeqSz);
+    idx += (word32)recipSeqSz;
+    XMEMCPY(recip->recip + idx, ver, (word32)verSz);
+    idx += (word32)verSz;
     if (sidType == CMS_ISSUER_AND_SERIAL_NUMBER) {
-        XMEMCPY(recip->recip + idx, issuerSerialSeq, issuerSerialSeqSz);
-        idx += issuerSerialSeqSz;
-        XMEMCPY(recip->recip + idx, issuerSeq, issuerSeqSz);
-        idx += issuerSeqSz;
-        XMEMCPY(recip->recip + idx, decoded->issuerRaw, issuerSz);
-        idx += issuerSz;
-        XMEMCPY(recip->recip + idx, serial, snSz);
-        idx += snSz;
+        XMEMCPY(recip->recip + idx, issuerSerialSeq, (word32)issuerSerialSeqSz);
+        idx += (word32)issuerSerialSeqSz;
+        XMEMCPY(recip->recip + idx, issuerSeq, (word32)issuerSeqSz);
+        idx += (word32)issuerSeqSz;
+        XMEMCPY(recip->recip + idx, decoded->issuerRaw, (word32)issuerSz);
+        idx += (word32)issuerSz;
+        XMEMCPY(recip->recip + idx, serial, (word32)snSz);
+        idx += (word32)snSz;
     } else {
         recip->recip[idx] = ASN_CONTEXT_SPECIFIC;
         idx += ASN_TAG_SZ;
         XMEMCPY(recip->recip + idx, issuerSKID, issuerSKIDSz);
         idx += issuerSKIDSz;
-        XMEMCPY(recip->recip + idx, pkcs7->issuerSubjKeyId, keyIdSize);
-        idx += keyIdSize;
+        XMEMCPY(recip->recip + idx, pkcs7->issuerSubjKeyId, (word32)keyIdSize);
+        idx += (word32)keyIdSize;
     }
-    XMEMCPY(recip->recip + idx, keyAlgArray, keyEncAlgSz);
-    idx += keyEncAlgSz;
-    XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz);
-    idx += encKeyOctetStrSz;
+    XMEMCPY(recip->recip + idx, keyAlgArray, (word32)keyEncAlgSz);
+    idx += (word32)keyEncAlgSz;
+    XMEMCPY(recip->recip + idx, encKeyOctetStr, (word32)encKeyOctetStrSz);
+    idx += (word32)encKeyOctetStrSz;
     XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
     idx += encryptedKeySz;
 
@@ -8044,7 +8177,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
 /* abstraction for writing out PKCS7 bundle during creation
    returns 0 on success
  */
-int wc_PKCS7_WriteOut(PKCS7* pkcs7, byte* output, const byte* input,
+int wc_PKCS7_WriteOut(wc_PKCS7* pkcs7, byte* output, const byte* input,
     word32 inputSz)
 {
     int ret = 0;
@@ -8082,7 +8215,7 @@ int wc_PKCS7_WriteOut(PKCS7* pkcs7, byte* output, const byte* input,
 
 
 /* encrypt content using encryptOID algo */
-static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
+static int wc_PKCS7_EncryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key,
                                    int keySz,
                                    byte* iv, int ivSz, byte* aad, word32 aadSz,
                                    byte* authTag, word32 authTagSz, byte* in,
@@ -8139,7 +8272,7 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
                 #ifdef WOLFSSL_AES_256
                     (encryptOID == AES256CBCb && keySz != 32 ) ||
                 #endif
-                    (ivSz  != AES_BLOCK_SIZE) )
+                    (ivSz  != WC_AES_BLOCK_SIZE) )
                 return BAD_FUNC_ARG;
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -8191,16 +8324,18 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
                         ret = NOT_COMPILED_IN;
                     }
                     else {
-                        ret = wc_AesGcmEncrypt(aes, out, in, inSz, iv, ivSz,
-                                           authTag, authTagSz, aad, aadSz);
+                        ret = wc_AesGcmEncrypt(aes, out, in, (word32)inSz, iv,
+                                  (word32)ivSz, authTag, authTagSz, aad, aadSz);
                     #ifdef WOLFSSL_ASYNC_CRYPT
-                        /* async encrypt not available here, so block till done */
+                        /* async encrypt not available here, so block till done
+                         */
                         ret = wc_AsyncWait(ret, &aes->asyncDev,
                             WC_ASYNC_FLAG_NONE);
                     #endif
                     }
                 #else
-                    ret = wc_AesGcmEncryptInit(aes, key, (word32)keySz, iv, ivSz);
+                    ret = wc_AesGcmEncryptInit(aes, key, (word32)keySz, iv,
+                        (word32)ivSz);
                     if (ret == 0) {
                         ret = wc_AesGcmEncryptUpdate(aes, NULL, NULL, 0, aad,
                             aadSz);
@@ -8252,8 +8387,9 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
             if (ret == 0) {
                 ret = wc_AesCcmSetKey(aes, key, (word32)keySz);
                 if (ret == 0) {
-                    ret = wc_AesCcmEncrypt(aes, out, in, (word32)inSz, iv, ivSz,
-                                           authTag, authTagSz, aad, aadSz);
+                    ret = wc_AesCcmEncrypt(aes, out, in, (word32)inSz, iv,
+                                           (word32)ivSz, authTag, authTagSz,
+                                           aad, aadSz);
                 #ifdef WOLFSSL_ASYNC_CRYPT
                     /* async encrypt not available here, so block till done */
                     ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -8322,34 +8458,21 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
 }
 
 
-/* decrypt content using encryptOID algo
- * returns 0 on success */
-static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
-        int keySz, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag,
-        word32 authTagSz, byte* in, int inSz, byte* out, int devId, void* heap)
+static int wc_PKCS7_DecryptContentInit(wc_PKCS7* pkcs7, word32 encryptOID,
+    byte* key, word32 keySz, byte* iv, int ivSz, int devId, void* heap)
 {
     int ret;
 #ifndef NO_AES
-#ifdef WOLFSSL_SMALL_STACK
     Aes  *aes;
-#else
-    Aes  aes[1];
-#endif
 #endif
 #ifndef NO_DES3
-    Des  des;
-    Des3 des3;
+    Des  *des;
+    Des3 *des3;
 #endif
 
-    if (iv == NULL || in == NULL || out == NULL)
+    if (iv == NULL)
         return BAD_FUNC_ARG;
 
-    if (pkcs7->decryptionCb != NULL) {
-        return pkcs7->decryptionCb(pkcs7, encryptOID, iv, ivSz,
-                                      aad, aadSz, authTag, authTagSz, in,
-                                      inSz, out, pkcs7->decryptionCtx);
-    }
-
     if (key == NULL)
         return BAD_FUNC_ARG;
 
@@ -8375,28 +8498,144 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
                 #ifdef WOLFSSL_AES_256
                     (encryptOID == AES256CBCb && keySz != 32 ) ||
                 #endif
-                    (ivSz  != AES_BLOCK_SIZE) )
+                    (ivSz  != WC_AES_BLOCK_SIZE) )
                 return BAD_FUNC_ARG;
-#ifdef WOLFSSL_SMALL_STACK
-            if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
-                                      DYNAMIC_TYPE_AES)) == NULL)
+
+            pkcs7->decryptKey.aes = (Aes *)XMALLOC(sizeof *aes, NULL,
+                                      DYNAMIC_TYPE_AES);
+            aes = pkcs7->decryptKey.aes;
+            if (aes == NULL)
                 return MEMORY_E;
-#endif
             ret = wc_AesInit(aes, heap, devId);
             if (ret == 0) {
                 ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_DECRYPTION);
-                if (ret == 0) {
-                    ret = wc_AesCbcDecrypt(aes, out, in, (word32)inSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async decrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
-                #endif
-                }
-                wc_AesFree(aes);
             }
-#ifdef WOLFSSL_SMALL_STACK
-            XFREE(aes, NULL, DYNAMIC_TYPE_AES);
-#endif
+            break;
+
+    #endif /* HAVE_AES_CBC */
+    #ifdef HAVE_AESGCM
+        #ifdef WOLFSSL_AES_128
+        case AES128GCMb:
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case AES192GCMb:
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case AES256GCMb:
+        #endif
+        #if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \
+            defined(WOLFSSL_AES_256)
+            pkcs7->decryptKey.aes = (Aes *)XMALLOC(sizeof *aes, NULL,
+                                      DYNAMIC_TYPE_AES);
+            aes = pkcs7->decryptKey.aes;
+            if (aes == NULL)
+                return MEMORY_E;
+            ret = wc_AesInit(aes, heap, devId);
+            if (ret == 0) {
+                ret = wc_AesGcmSetKey(aes, key, (word32)keySz);
+            }
+            break;
+        #endif
+    #endif /* HAVE_AESGCM */
+    #ifdef HAVE_AESCCM
+        #ifdef WOLFSSL_AES_128
+        case AES128CCMb:
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case AES192CCMb:
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case AES256CCMb:
+        #endif
+        #if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \
+            defined(WOLFSSL_AES_256)
+            pkcs7->decryptKey.aes = (Aes *)XMALLOC(sizeof *aes, NULL,
+                                      DYNAMIC_TYPE_AES);
+            aes = pkcs7->decryptKey.aes;
+            if (aes == NULL)
+                return MEMORY_E;
+            ret = wc_AesInit(aes, heap, devId);
+            if (ret == 0) {
+                ret = wc_AesCcmSetKey(aes, key, (word32)keySz);
+            }
+            break;
+        #endif
+    #endif /* HAVE_AESCCM */
+#endif /* !NO_AES */
+#ifndef NO_DES3
+        case DESb:
+            if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
+                return BAD_FUNC_ARG;
+
+            pkcs7->decryptKey.des = (Des *)XMALLOC(sizeof *des, NULL,
+                                      DYNAMIC_TYPE_PKCS7);
+            des = pkcs7->decryptKey.des;
+            if (des == NULL) {
+                return MEMORY_E;
+            }
+            ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION);
+            break;
+        case DES3b:
+            if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE)
+                return BAD_FUNC_ARG;
+
+            pkcs7->decryptKey.des3 = (Des3 *)XMALLOC(sizeof *des3, NULL,
+                                      DYNAMIC_TYPE_PKCS7);
+            des3 = pkcs7->decryptKey.des3;
+            if (des3 == NULL) {
+                return MEMORY_E;
+            }
+            ret = wc_Des3Init(des3, heap, devId);
+            if (ret == 0) {
+                ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION);
+            }
+
+            break;
+#endif /* !NO_DES3 */
+        default:
+            WOLFSSL_MSG("Unsupported content cipher type");
+            return ALGO_ID_E;
+    };
+
+    return ret;
+}
+
+
+/* Only does decryption of content using encryptOID algo and already set keys
+ * returns 0 on success */
+static int wc_PKCS7_DecryptContentEx(wc_PKCS7* pkcs7, word32 encryptOID,
+    byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag,
+    word32 authTagSz, byte* in, int inSz, byte* out)
+{
+    int ret;
+
+    if (in == NULL
+    #ifdef ASN_BER_TO_DER
+        && pkcs7->getContentCb == NULL
+    #endif
+    ) {
+        return BAD_FUNC_ARG;
+    }
+
+    switch (encryptOID) {
+#ifndef NO_AES
+    #ifdef HAVE_AES_CBC
+    #ifdef WOLFSSL_AES_128
+        case AES128CBCb:
+    #endif
+    #ifdef WOLFSSL_AES_192
+        case AES192CBCb:
+    #endif
+    #ifdef WOLFSSL_AES_256
+        case AES256CBCb:
+    #endif
+            ret = wc_AesCbcDecrypt(pkcs7->decryptKey.aes, out, in,
+                (word32)inSz);
+        #ifdef WOLFSSL_ASYNC_CRYPT
+            /* async decrypt not available here, so block till done */
+            ret = wc_AsyncWait(ret, &pkcs7->decryptKey.aes->asyncDev,
+                WC_ASYNC_FLAG_NONE);
+        #endif
             break;
     #endif /* HAVE_AES_CBC */
     #ifdef HAVE_AESGCM
@@ -8414,27 +8653,14 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
             if (authTag == NULL)
                 return BAD_FUNC_ARG;
 
-#ifdef WOLFSSL_SMALL_STACK
-            if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
-                                      DYNAMIC_TYPE_AES)) == NULL)
-                return MEMORY_E;
-#endif
-            ret = wc_AesInit(aes, heap, devId);
-            if (ret == 0) {
-                ret = wc_AesGcmSetKey(aes, key, (word32)keySz);
-                if (ret == 0) {
-                    ret = wc_AesGcmDecrypt(aes, out, in, (word32)inSz, iv, ivSz,
-                                           authTag, authTagSz, aad, aadSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async decrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
-                #endif
-                }
-                wc_AesFree(aes);
-            }
-#ifdef WOLFSSL_SMALL_STACK
-            XFREE(aes, NULL, DYNAMIC_TYPE_AES);
-#endif
+            ret = wc_AesGcmDecrypt(pkcs7->decryptKey.aes, out, in,
+                    (word32)inSz, iv, (word32)ivSz, authTag, authTagSz,
+                    aad, aadSz);
+        #ifdef WOLFSSL_ASYNC_CRYPT
+            /* async decrypt not available here, so block till done */
+            ret = wc_AsyncWait(ret, &pkcs7->decryptKey.aes->asyncDev,
+                WC_ASYNC_FLAG_NONE);
+        #endif
             break;
         #endif
     #endif /* HAVE_AESGCM */
@@ -8448,63 +8674,31 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
         #ifdef WOLFSSL_AES_256
         case AES256CCMb:
         #endif
-        #if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \
-            defined(WOLFSSL_AES_256)
-            if (authTag == NULL)
-                return BAD_FUNC_ARG;
-
-#ifdef WOLFSSL_SMALL_STACK
-            if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL,
-                                      DYNAMIC_TYPE_AES)) == NULL)
-                return MEMORY_E;
-#endif
-            ret = wc_AesInit(aes, heap, devId);
-            if (ret == 0) {
-                ret = wc_AesCcmSetKey(aes, key, (word32)keySz);
-                if (ret == 0) {
-                    ret = wc_AesCcmDecrypt(aes, out, in, (word32)inSz, iv, ivSz,
-                                           authTag, authTagSz, aad, aadSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async decrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
-                #endif
-                }
-                wc_AesFree(aes);
-            }
-#ifdef WOLFSSL_SMALL_STACK
-            XFREE(aes, NULL, DYNAMIC_TYPE_AES);
-#endif
-            break;
+            ret = wc_AesCcmDecrypt(pkcs7->decryptKey.aes, out, in,
+                (word32)inSz, iv, (word32)ivSz, authTag, authTagSz,
+                aad, aadSz);
+        #ifdef WOLFSSL_ASYNC_CRYPT
+            /* async decrypt not available here, so block till done */
+            ret = wc_AsyncWait(ret, &pkcs7->decryptKey.aes->asyncDev,
+                WC_ASYNC_FLAG_NONE);
         #endif
+            break;
     #endif /* HAVE_AESCCM */
 #endif /* !NO_AES */
 #ifndef NO_DES3
         case DESb:
-            if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
-                return BAD_FUNC_ARG;
-
-            ret = wc_Des_SetKey(&des, key, iv, DES_DECRYPTION);
-            if (ret == 0)
-                ret = wc_Des_CbcDecrypt(&des, out, in, (word32)inSz);
-
+            ret = wc_Des_CbcDecrypt(pkcs7->decryptKey.des, out, in,
+                (word32)inSz);
             break;
+
         case DES3b:
-            if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE)
-                return BAD_FUNC_ARG;
-
-            ret = wc_Des3Init(&des3, heap, devId);
-            if (ret == 0) {
-                ret = wc_Des3_SetKey(&des3, key, iv, DES_DECRYPTION);
-                if (ret == 0) {
-                    ret = wc_Des3_CbcDecrypt(&des3, out, in, (word32)inSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async decrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &des3.asyncDev, WC_ASYNC_FLAG_NONE);
-                #endif
-                }
-                wc_Des3Free(&des3);
-            }
-
+            ret = wc_Des3_CbcDecrypt(pkcs7->decryptKey.des3, out, in,
+                (word32)inSz);
+        #ifdef WOLFSSL_ASYNC_CRYPT
+            /* async decrypt not available here, so block till done */
+            ret = wc_AsyncWait(ret,
+              &pkcs7->decryptKey.des3->asyncDev, WC_ASYNC_FLAG_NONE);
+        #endif
             break;
 #endif /* !NO_DES3 */
         default:
@@ -8523,9 +8717,106 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
 }
 
 
+/* clears up struct for algo used and free's memory */
+static void wc_PKCS7_DecryptContentFree(wc_PKCS7* pkcs7, word32 encryptOID,
+    void* heap)
+{
+    switch (encryptOID) {
+#ifndef NO_AES
+    #ifdef HAVE_AES_CBC
+    #ifdef WOLFSSL_AES_128
+        case AES128CBCb:
+    #endif
+    #ifdef WOLFSSL_AES_192
+        case AES192CBCb:
+    #endif
+    #ifdef WOLFSSL_AES_256
+        case AES256CBCb:
+    #endif
+    #endif /* HAVE_AES_CBC */
+    #ifdef HAVE_AESGCM
+        #ifdef WOLFSSL_AES_128
+        case AES128GCMb:
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case AES192GCMb:
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case AES256GCMb:
+        #endif
+    #endif /* HAVE_AESGCM */
+    #ifdef HAVE_AESCCM
+        #ifdef WOLFSSL_AES_128
+        case AES128CCMb:
+        #endif
+        #ifdef WOLFSSL_AES_192
+        case AES192CCMb:
+        #endif
+        #ifdef WOLFSSL_AES_256
+        case AES256CCMb:
+        #endif
+    #endif /* HAVE_AESCCM */
+            if (pkcs7->decryptKey.aes != NULL) {
+                wc_AesFree(pkcs7->decryptKey.aes);
+                XFREE(pkcs7->decryptKey.aes, heap, DYNAMIC_TYPE_AES);
+                pkcs7->decryptKey.aes = NULL;
+            }
+            break;
+#endif /* !NO_AES */
+#ifndef NO_DES3
+        case DESb:
+            if (pkcs7->decryptKey.des != NULL) {
+                XFREE(pkcs7->decryptKey.des, heap, DYNAMIC_TYPE_PKCS7);
+                pkcs7->decryptKey.des = NULL;
+            }
+            break;
+        case DES3b:
+            if (pkcs7->decryptKey.des3 != NULL) {
+                wc_Des3Free(pkcs7->decryptKey.des3);
+                XFREE(pkcs7->decryptKey.des3, heap, DYNAMIC_TYPE_PKCS7);
+                pkcs7->decryptKey.des3 = NULL;
+            }
+            break;
+#endif /* !NO_DES3 */
+        default:
+            WOLFSSL_MSG("Unsupported content cipher type");
+    };
+}
+
+
+/* decrypts the content in one shot, doing init / decrypt / free
+ * returns 0 on success
+ */
+static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, word32 encryptOID,
+        byte* key, word32 keySz, byte* iv, int ivSz, byte* aad, word32 aadSz,
+        byte* authTag, word32 authTagSz, byte* in, int inSz, byte* out,
+        int devId, void* heap)
+{
+    int ret;
+
+    if (pkcs7->decryptionCb != NULL) {
+        return pkcs7->decryptionCb(pkcs7, (int)encryptOID, iv, ivSz,
+                                      aad, aadSz, authTag, authTagSz, in,
+                                      inSz, out, pkcs7->decryptionCtx);
+    }
+
+    ret = wc_PKCS7_DecryptContentInit(pkcs7, encryptOID, key, keySz, iv, ivSz,
+        devId, heap);
+
+    if (ret == 0) {
+        ret = wc_PKCS7_DecryptContentEx(pkcs7, encryptOID, iv, ivSz, aad,
+            aadSz, authTag, authTagSz, in, inSz, out);
+    }
+
+    wc_PKCS7_DecryptContentFree(pkcs7, encryptOID, heap);
+
+    return ret;
+}
+
+
 /* Generate random block, place in out, return 0 on success negative on error.
  * Used for generation of IV, nonce, etc */
-static int wc_PKCS7_GenerateBlock(PKCS7* pkcs7, WC_RNG* rng, byte* out,
+static int wc_PKCS7_GenerateBlock(wc_PKCS7* pkcs7, WC_RNG* rng, byte* out,
                                   word32 outSz)
 {
     int ret;
@@ -8573,7 +8864,7 @@ static int wc_PKCS7_GenerateBlock(PKCS7* pkcs7, WC_RNG* rng, byte* out,
  * type  - either CMS_ISSUER_AND_SERIAL_NUMBER, CMS_SKID or DEGENERATE_SID
  *
  * return 0 on success, negative upon error */
-int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type)
+int wc_PKCS7_SetSignerIdentifierType(wc_PKCS7* pkcs7, int type)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -8597,7 +8888,7 @@ int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type)
  * sz          - length of contentType array, octets
  *
  * return 0 on success, negative upon error */
-int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, word32 sz)
+int wc_PKCS7_SetContentType(wc_PKCS7* pkcs7, byte* contentType, word32 sz)
 {
     if (pkcs7 == NULL || contentType == NULL || sz == 0)
         return BAD_FUNC_ARG;
@@ -8617,14 +8908,10 @@ int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, word32 sz)
 /* return size of padded data, padded to blockSz chunks, or negative on error */
 int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz)
 {
-    int padSz;
-
     if (blockSz == 0)
         return BAD_FUNC_ARG;
 
-    padSz = blockSz - (inputSz % blockSz);
-
-    return padSz;
+    return (int)(blockSz - (inputSz % blockSz));
 }
 
 
@@ -8633,26 +8920,16 @@ int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz)
 int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
                      word32 blockSz)
 {
-    int i, padSz;
-
     if (in == NULL  || inSz == 0 ||
-        out == NULL || outSz == 0)
+        out == NULL || outSz == 0 || blockSz == 0)
         return BAD_FUNC_ARG;
 
-    padSz = wc_PKCS7_GetPadSize(inSz, blockSz);
-    if (padSz < 0)
-        return padSz;
-
-    if (outSz < (inSz + padSz))
+    if (outSz < wc_PkcsPad(NULL, inSz, blockSz))
         return BAD_FUNC_ARG;
 
     XMEMCPY(out, in, inSz);
 
-    for (i = 0; i < padSz; i++) {
-        out[inSz + i] = (byte)padSz;
-    }
-
-    return inSz + padSz;
+    return (int)wc_PkcsPad(out, inSz, blockSz);
 }
 
 
@@ -8660,7 +8937,7 @@ int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
  * to CMS/PKCS#7 EnvelopedData structure.
  *
  * Return 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
+int wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
                               int options)
 {
     int oriTypeLenSz, blockKeySz, ret;
@@ -8713,8 +8990,8 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
 
     oriTypeLenSz = (int)SetLength(oriTypeSz, oriTypeLen);
 
-    recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + oriTypeLenSz + oriTypeSz +
-                             oriValueSz, recipSeq, 0);
+    recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + (word32)oriTypeLenSz +
+                             oriTypeSz + oriValueSz, recipSeq, 0);
 
     idx = 0;
     XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz);
@@ -8722,8 +8999,8 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
     /* oriType */
     recip->recip[idx] = ASN_OBJECT_ID;
     idx += 1;
-    XMEMCPY(recip->recip + idx, oriTypeLen, oriTypeLenSz);
-    idx += oriTypeLenSz;
+    XMEMCPY(recip->recip + idx, oriTypeLen, (word32)oriTypeLenSz);
+    idx += (word32)oriTypeLenSz;
     XMEMCPY(recip->recip + idx, oriType, oriTypeSz);
     idx += oriTypeSz;
     /* oriValue, input MUST already be ASN.1 encoded */
@@ -8754,7 +9031,7 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb,
 #if !defined(NO_PWDBASED) && !defined(NO_SHA)
 
 
-static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
+static int wc_PKCS7_GenerateKEK_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
                                      byte* salt, word32 saltSz, int kdfOID,
                                      int prfOID, int iterations, byte* out,
                                      word32 outSz)
@@ -8768,8 +9045,8 @@ static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 
         case PBKDF2_OID:
 
-            ret = wc_PBKDF2(out, passwd, (int)pLen, salt, saltSz, iterations,
-                            (int)outSz, prfOID);
+            ret = wc_PBKDF2(out, passwd, (int)pLen, salt, (int)saltSz,
+                            iterations, (int)outSz, prfOID);
             if (ret != 0) {
                 return ret;
             }
@@ -8788,10 +9065,9 @@ static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 /* RFC3211 (Section 2.3.1) key wrap algorithm (id-alg-PWRI-KEK).
  *
  * Returns output size on success, negative upon error */
-static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
-                                    const byte* cek, word32 cekSz,
-                                    byte* out, word32 *outSz,
-                                    const byte* iv, word32 ivSz, int algID)
+static int wc_PKCS7_PwriKek_KeyWrap(wc_PKCS7* pkcs7, const byte* kek,
+        word32 kekSz, const byte* cek, word32 cekSz,
+        byte* out, word32 *outSz, const byte* iv, word32 ivSz, int algID)
 {
     WC_RNG rng;
     int blockSz, outLen, ret;
@@ -8811,17 +9087,17 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
     }
 
     /* get pad bytes needed to block boundary */
-    padSz = blockSz - ((4 + cekSz) % blockSz);
-    outLen = 4 + cekSz + padSz;
+    padSz = (word32)blockSz - ((4 + cekSz) % (word32)blockSz);
+    outLen = (int)(4 + cekSz + padSz);
 
     /* must be at least two blocks long */
     if (outLen < 2 * blockSz)
-        padSz += blockSz;
+        padSz += (word32)blockSz;
 
     /* if user set out to NULL, give back required length */
     if (out == NULL) {
         *outSz = (word32)outLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     /* verify output buffer is large enough */
@@ -8829,9 +9105,9 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
         return BUFFER_E;
 
     out[0] = (byte)cekSz;
-    out[1] = ~cek[0];
-    out[2] = ~cek[1];
-    out[3] = ~cek[2];
+    out[1] = (byte)~cek[0];
+    out[2] = (byte)~cek[1];
+    out[3] = (byte)~cek[2];
     XMEMCPY(out + 4, cek, cekSz);
 
     /* random padding of size padSz */
@@ -8844,8 +9120,8 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
     if (ret == 0) {
         /* encrypt, normal */
         ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, (int)kekSz,
-                                      (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, out,
-                                      outLen, out);
+                                    (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, out,
+                                    outLen, out);
     }
 
     if (ret == 0) {
@@ -8871,10 +9147,10 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz,
 /* RFC3211 (Section 2.3.2) key unwrap algorithm (id-alg-PWRI-KEK).
  *
  * Returns cek size on success, negative upon error */
-static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
+static int wc_PKCS7_PwriKek_KeyUnWrap(wc_PKCS7* pkcs7, const byte* kek,
                                       word32 kekSz, const byte* in, word32 inSz,
                                       byte* out, word32 outSz, const byte* iv,
-                                      word32 ivSz, int algID)
+                                      word32 ivSz, word32 algID)
 {
     int blockSz, cekLen, ret;
     byte* tmpIv     = NULL;
@@ -8891,7 +9167,7 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
         return MEMORY_E;
 
     /* get encryption algorithm block size */
-    blockSz = wc_PKCS7_GetOIDBlockSize(algID);
+    blockSz = wc_PKCS7_GetOIDBlockSize((int)algID);
     if (blockSz <= 0) {
         XFREE(outTmp, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (blockSz < 0)
@@ -8901,7 +9177,7 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
     }
 
     /* input needs to be blockSz multiple and at least 2 * blockSz */
-    if (((inSz % blockSz) != 0) || (inSz < (2 * (word32)blockSz))) {
+    if (((inSz % (word32)blockSz) != 0) || (inSz < (2 * (word32)blockSz))) {
         WOLFSSL_MSG("PWRI-KEK unwrap input must of block size and >= 2 "
                     "times block size");
         XFREE(outTmp, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -8913,23 +9189,23 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
     tmpIv = lastBlock - blockSz;
 
     /* decrypt last block */
-    ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, tmpIv,
+    ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, tmpIv,
             blockSz, NULL, 0, NULL, 0, lastBlock, blockSz,
             outTmp + inSz - blockSz, pkcs7->devId, pkcs7->heap);
 
     if (ret == 0) {
         /* using last decrypted block as IV, decrypt [0 ... n-1] blocks */
         lastBlock = outTmp + inSz - blockSz;
-        ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz,
-                lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in, inSz - blockSz,
-                outTmp, pkcs7->devId, pkcs7->heap);
+        ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz,
+                lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in,
+                (int)inSz - blockSz, outTmp, pkcs7->devId, pkcs7->heap);
     }
 
     if (ret == 0) {
         /* decrypt using original kek and iv */
-        ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz,
-                (byte*)iv, ivSz, NULL, 0, NULL, 0, outTmp, inSz, outTmp,
-                pkcs7->devId, pkcs7->heap);
+        ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz,
+                (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, outTmp, (int)inSz,
+                outTmp, pkcs7->devId, pkcs7->heap);
     }
 
     if (ret != 0) {
@@ -8974,7 +9250,7 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek,
  * to CMS/PKCS#7 EnvelopedData structure.
  *
  * Return 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
+int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
                                byte* salt, word32 saltSz, int kdfOID,
                                int hashOID, int iterations, int kekEncryptOID,
                                int options)
@@ -9064,7 +9340,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
     if (recip == NULL)
         return MEMORY_E;
 
-    kek = (byte*)XMALLOC(kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    kek = (byte*)XMALLOC((word32)kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     if (kek == NULL) {
         XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return MEMORY_E;
@@ -9080,7 +9356,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 
     encryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
     XMEMSET(recip, 0, sizeof(Pkcs7EncodedRecip));
-    XMEMSET(kek, 0, kekKeySz);
+    XMEMSET(kek, 0, (word32)kekKeySz);
     XMEMSET(encryptedKey, 0, encryptedKeySz);
 
     /* generate KEK: expand password into KEK */
@@ -9112,12 +9388,12 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 
     /* put together IV OCTET STRING */
     ivOctetStringSz = SetOctetString((word32)kekBlockSz, ivOctetString);
-    totalSz += (ivOctetStringSz + kekBlockSz);
+    totalSz += (ivOctetStringSz + (word32)kekBlockSz);
 
     /* set PWRIAlgorithms AlgorithmIdentifier, adding (ivOctetStringSz +
        blockKeySz) for IV OCTET STRING */
     pwriEncAlgoIdSz = SetAlgoID(encryptOID, pwriEncAlgoId,
-                                oidBlkType, ivOctetStringSz + kekBlockSz);
+                                oidBlkType, (int)ivOctetStringSz + kekBlockSz);
     totalSz += pwriEncAlgoIdSz;
 
     /* set KeyEncryptionAlgorithms OID */
@@ -9133,7 +9409,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
 
     /* KeyEncryptionAlgorithm SEQ */
     keyEncAlgoIdSeqSz = SetSequence(keyEncAlgoIdSz + pwriEncAlgoIdSz +
-                                    ivOctetStringSz + kekBlockSz,
+                                    ivOctetStringSz + (word32)kekBlockSz,
                                     keyEncAlgoIdSeq);
     totalSz += keyEncAlgoIdSeqSz;
 
@@ -9142,7 +9418,8 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
     totalSz += (kdfSaltOctetStrSz + saltSz);
 
     /* set KDF iteration count */
-    kdfIterationsSz = (word32)SetMyVersion((word32)iterations, kdfIterations, 0);
+    kdfIterationsSz = (word32)SetMyVersion((word32)iterations, kdfIterations,
+        0);
     totalSz += kdfIterationsSz;
 
     /* set KDF params SEQ */
@@ -9209,8 +9486,8 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
     idx += pwriEncAlgoIdSz;
     XMEMCPY(recip->recip + idx, ivOctetString, ivOctetStringSz);
     idx += ivOctetStringSz;
-    XMEMCPY(recip->recip + idx, tmpIv, kekBlockSz);
-    idx += kekBlockSz;
+    XMEMCPY(recip->recip + idx, tmpIv, (word32)kekBlockSz);
+    idx += (word32)kekBlockSz;
     XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz);
     idx += encKeyOctetStrSz;
     XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
@@ -9245,7 +9522,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
  * the password info for decryption a EnvelopedData PWRI RecipientInfo.
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen)
+int wc_PKCS7_SetPassword(wc_PKCS7* pkcs7, byte* passwd, word32 pLen)
 {
     if (pkcs7 == NULL || passwd == NULL || pLen == 0)
         return BAD_FUNC_ARG;
@@ -9275,7 +9552,7 @@ int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen)
  * otherSz    - size of other (OPTIONAL)
  *
  * Returns 0 on success, negative upon error */
-int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
+int wc_PKCS7_AddRecipient_KEKRI(wc_PKCS7* pkcs7, int keyWrapOID, byte* kek,
                                 word32 kekSz, byte* keyId, word32 keyIdSz,
                                 void* timePtr, byte* otherOID,
                                 word32 otherOIDSz, byte* other, word32 otherSz,
@@ -9345,7 +9622,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     }
 #endif
     encryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
-    XMEMSET(encryptedKey, 0, encryptedKeySz);
+    XMEMSET(encryptedKey, 0, (word32)encryptedKeySz);
 
     #ifndef NO_AES
         direction = AES_ENCRYPTION;
@@ -9354,8 +9631,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     #endif
 
     encryptedKeySz = wc_PKCS7_KeyWrap(pkcs7->cek, pkcs7->cekSz, kek, kekSz,
-                                      encryptedKey, (word32)encryptedKeySz, keyWrapOID,
-                                      direction);
+                               encryptedKey, (word32)encryptedKeySz, keyWrapOID,
+                               direction);
     if (encryptedKeySz < 0) {
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -9373,7 +9650,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     }
 
     encKeyOctetStrSz = SetOctetString((word32)encryptedKeySz, encKeyOctetStr);
-    totalSz += (encKeyOctetStrSz + encryptedKeySz);
+    totalSz += (encKeyOctetStrSz + (word32)encryptedKeySz);
 
     /* KeyEncryptionAlgorithmIdentifier */
     encAlgoIdSz = SetAlgoID(keyWrapOID, encAlgoId, oidKeyWrapType, 0);
@@ -9395,7 +9672,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
         #endif
             return timeSz;
         }
-        totalSz += timeSz;
+        totalSz += (word32)timeSz;
     }
 #endif
 
@@ -9406,7 +9683,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     }
 
     /* KEKIdentifier SEQ */
-    kekIdSeqSz = SetSequence(kekIdOctetStrSz + keyIdSz + timeSz +
+    kekIdSeqSz = SetSequence(kekIdOctetStrSz + keyIdSz + (word32)timeSz +
                              otherAttSeqSz + otherOIDSz + otherSz, kekIdSeq);
     totalSz += kekIdSeqSz;
 
@@ -9439,8 +9716,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     XMEMCPY(recip->recip + idx, keyId, keyIdSz);
     idx += keyIdSz;
     if (timePtr != NULL) {
-        XMEMCPY(recip->recip + idx, genTime, timeSz);
-        idx += timeSz;
+        XMEMCPY(recip->recip + idx, genTime, (word32)timeSz);
+        idx += (word32)timeSz;
     }
     if (other != NULL && otherSz > 0) {
         XMEMCPY(recip->recip + idx, otherAttSeq, otherAttSeqSz);
@@ -9454,8 +9731,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
     idx += encAlgoIdSz;
     XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz);
     idx += encKeyOctetStrSz;
-    XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
-    idx += encryptedKeySz;
+    XMEMCPY(recip->recip + idx, encryptedKey, (word32)encryptedKeySz);
+    idx += (word32)encryptedKeySz;
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -9482,7 +9759,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
 }
 
 
-static int wc_PKCS7_GetCMSVersion(PKCS7* pkcs7, int cmsContentType)
+static int wc_PKCS7_GetCMSVersion(wc_PKCS7* pkcs7, int cmsContentType)
 {
     int version = -1;
 
@@ -9524,7 +9801,7 @@ static int wc_PKCS7_GetCMSVersion(PKCS7* pkcs7, int cmsContentType)
 
 
 /* build PKCS#7 envelopedData content type, return enveloped size */
-int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     int ret, idx = 0;
     int totalSz, padSz, encryptedOutSz;
@@ -9569,8 +9846,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     }
 
 #ifndef ASN_BER_TO_DER
-    if (output == NULL || outputSz == 0)
+    if (output == NULL || outputSz == 0) {
         return BAD_FUNC_ARG;
+    }
 #else
     /* if both output and callback are not set then error out */
     if ((output == NULL || outputSz == 0) && (pkcs7->streamOutCb == NULL)) {
@@ -9683,20 +9961,21 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         return padSz;
     }
 
-    encryptedOutSz = pkcs7->contentSz + padSz;
+    encryptedOutSz = (int)pkcs7->contentSz + padSz;
 
 #ifdef ASN_BER_TO_DER
     if (pkcs7->getContentCb == NULL)
 #endif
     {
-        plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        plain = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap,
+                               DYNAMIC_TYPE_PKCS7);
         if (plain == NULL) {
             wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
             return MEMORY_E;
         }
 
         ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain,
-                               (word32)encryptedOutSz, blockSz);
+                               (word32)encryptedOutSz, (word32)blockSz);
         if (ret < 0) {
             XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
@@ -9709,7 +9988,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     if (pkcs7->streamOutCb == NULL)
 #endif
     {
-        encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
+        encryptedContent = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap,
                                           DYNAMIC_TYPE_PKCS7);
         if (encryptedContent == NULL) {
             XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -9733,11 +10012,11 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         return BAD_FUNC_ARG;
     }
 
-    encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz,
-                                encContentOctet, pkcs7->encodeStream);
-    encContentSeqSz = (int)SetSequenceEx(contentTypeSz + contentEncAlgoSz +
-                              ivOctetStringSz + blockSz +
-                              encContentOctetSz + encryptedOutSz,
+    encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0,
+            (word32)encryptedOutSz, encContentOctet, pkcs7->encodeStream);
+    encContentSeqSz = (int)SetSequenceEx((word32)(contentTypeSz +
+                              contentEncAlgoSz + ivOctetStringSz + blockSz +
+                              encContentOctetSz + encryptedOutSz),
                               encContentSeq, pkcs7->encodeStream);
 
     /* keep track of sizes for outer wrapper layering */
@@ -9757,23 +10036,25 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         totalSz += ASN_INDEF_END_SZ;
 
         /* account for asn1 syntax around octet strings */
-        StreamOctetString(NULL, (word32)encryptedOutSz, NULL, &streamSz, &tmpIdx);
-        totalSz += (streamSz - encryptedOutSz);
+        StreamOctetString(NULL, (word32)encryptedOutSz, NULL, &streamSz,
+                                                                       &tmpIdx);
+        totalSz += ((int)streamSz - encryptedOutSz);
 
         /* resize encrypted content buffer */
         if (encryptedContent != NULL) {
-        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        encryptedContent = (byte*)XMALLOC(streamSz, pkcs7->heap,
-                                          DYNAMIC_TYPE_PKCS7);
-        if (encryptedContent == NULL) {
-            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-            return MEMORY_E;
-        }
+            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            encryptedContent = (byte*)XMALLOC(streamSz, pkcs7->heap,
+                                              DYNAMIC_TYPE_PKCS7);
+            if (encryptedContent == NULL) {
+                XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+                return MEMORY_E;
+            }
         }
     }
 #endif
-    envDataSeqSz = (int)SetSequenceEx((word32)totalSz, envDataSeq, pkcs7->encodeStream);
+    envDataSeqSz = (int)SetSequenceEx((word32)totalSz, envDataSeq,
+        pkcs7->encodeStream);
     totalSz += envDataSeqSz;
 #ifdef ASN_BER_TO_DER
     if (pkcs7->encodeStream) {
@@ -9782,7 +10063,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 #endif
 
     /* outer content */
-    outerContentSz = (int)SetExplicit(0, (word32)totalSz, outerContent, pkcs7->encodeStream);
+    outerContentSz = (int)SetExplicit(0, (word32)totalSz, outerContent,
+        pkcs7->encodeStream);
 #ifdef ASN_BER_TO_DER
     if (pkcs7->encodeStream) {
         totalSz += ASN_INDEF_END_SZ;
@@ -9842,7 +10124,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     while (tmpRecip != NULL) {
         wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             tmpRecip->recip, tmpRecip->recipSz);
-        idx += tmpRecip->recipSz;
+        idx += (int)tmpRecip->recipSz;
         tmpRecip = tmpRecip->next;
     }
     wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
@@ -9868,7 +10150,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     /* encrypt content */
     ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, pkcs7->cek,
-            pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain,
+            (int)pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain,
             encryptedOutSz, encryptedContent);
     if (ret != 0) {
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -9890,7 +10172,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
             wc_PKCS7_WriteOut(pkcs7, (output)? output + idx : NULL,
                 encryptedContent, streamSz);
         }
-        idx += streamSz;
+        idx += (int)streamSz;
 
         /* end of encrypted content */
         localIdx += SetIndefEnd(indefEnd + localIdx);
@@ -9909,13 +10191,13 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
         wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
             indefEnd, localIdx);
-        idx += localIdx;
+        idx += (int)localIdx;
     }
     else
 #endif
     {
         wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL,
-            encryptedContent, encryptedOutSz);
+            encryptedContent, (word32)encryptedOutSz);
         idx += encryptedOutSz;
     }
 
@@ -9928,7 +10210,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
 #ifndef NO_RSA
 /* decode KeyTransRecipientInfo (ktri), return 0 on success, <0 on error */
-static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -10002,8 +10284,6 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                 ret = BUFFER_E;
                 break;
             }
-            pkcs7->stream->expected = (pkcs7->stream->maxLen -
-                                pkcs7->stream->totalRd) + pkcs7->stream->length;
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_DECRYPT_KTRI_2);
             FALL_THROUGH;
@@ -10042,7 +10322,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                 }
 
                 pkcs7->stream->expected = (word32)sz + MAX_ALGO_SZ + ASN_TAG_SZ +
-                                          MAX_LENGTH_SZ;
+                                          MAX_LENGTH_SZ + 512;
                 if (pkcs7->stream->length > 0 &&
                         pkcs7->stream->length < pkcs7->stream->expected) {
                     return WC_PKCS7_WANT_READ_E;
@@ -10061,7 +10341,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                     return ASN_PARSE_E;
 
                 /* if we found correct recipient, issuer hashes will match */
-                if (XMEMCMP(issuerHash, pkcs7->issuerHash, keyIdSize) == 0) {
+                if (XMEMCMP(issuerHash, pkcs7->issuerHash,
+                            (word32)keyIdSize) == 0) {
                     *recipFound = 1;
                 }
 
@@ -10114,10 +10395,10 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
 
                 /* if we found correct recipient, SKID will match */
                 if (XMEMCMP(pkiMsg + (*idx), pkcs7->issuerSubjKeyId,
-                            keyIdSize) == 0) {
+                            (word32)keyIdSize) == 0) {
                     *recipFound = 1;
                 }
-                (*idx) += keyIdSize;
+                (*idx) += (word32)keyIdSize;
             }
 
             if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0)
@@ -10162,7 +10443,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
                     break;
             }
-            wc_PKCS7_StreamStoreVar(pkcs7, (word32)encryptedKeySz, sidType, version);
+            wc_PKCS7_StreamStoreVar(pkcs7, (word32)encryptedKeySz, sidType,
+                version);
             pkcs7->stream->expected = (word32)encryptedKeySz;
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_DECRYPT_KTRI_3);
@@ -10178,14 +10460,14 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
         #endif
 
             /* Always allocate to ensure aligned use with RSA */
-            encryptedKey = (byte*)XMALLOC(encryptedKeySz, pkcs7->heap,
+            encryptedKey = (byte*)XMALLOC((word32)encryptedKeySz, pkcs7->heap,
                                           DYNAMIC_TYPE_WOLF_BIGINT);
             if (encryptedKey == NULL)
                 return MEMORY_E;
 
             if (*recipFound == 1)
-                XMEMCPY(encryptedKey, &pkiMsg[*idx], encryptedKeySz);
-            *idx += encryptedKeySz;
+                XMEMCPY(encryptedKey, &pkiMsg[*idx], (word32)encryptedKeySz);
+            *idx += (word32)encryptedKeySz;
 
             /* load private key */
         #ifdef WOLFSSL_SMALL_STACK
@@ -10245,8 +10527,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                     if (encOID != RSAESOAEPk) {
             #endif
                         keySz = wc_RsaPrivateDecryptInline(encryptedKey,
-                                                        (word32)encryptedKeySz, &outKey,
-                                                        privKey);
+                                                (word32)encryptedKeySz, &outKey,
+                                                privKey);
             #ifndef WC_NO_RSA_OAEP
                     }
                     else {
@@ -10300,7 +10582,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                 return keySz;
             } else {
                 *decryptedKeySz = (word32)keySz;
-                XMEMCPY(decryptedKey, outKey, keySz);
+                XMEMCPY(decryptedKey, outKey, (word32)keySz);
                 ForceZero(encryptedKey, (word32)encryptedKeySz);
             }
 
@@ -10406,15 +10688,16 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari,
     kari->senderKeyInit = 1;
 
     /* length-1 for unused bits counter */
-    ret = wc_ecc_import_x963_ex(pkiMsg + (*idx), length - 1, kari->senderKey,
-            curve_id);
+    ret = wc_ecc_import_x963_ex(pkiMsg + (*idx), (word32)length - 1,
+            kari->senderKey, curve_id);
     if (ret != 0) {
-        ret = wc_EccPublicKeyDecode(pkiMsg, idx, kari->senderKey, *idx + length - 1);
+        ret = wc_EccPublicKeyDecode(pkiMsg, idx, kari->senderKey,
+            *idx + (word32)length - 1);
         if (ret != 0)
             return ret;
     }
     else {
-        (*idx) += length - 1;
+        (*idx) += (word32)(length - 1);
     }
 
     return 0;
@@ -10467,15 +10750,16 @@ static int wc_PKCS7_KariGetUserKeyingMaterial(WC_PKCS7_KARI* kari,
 
     kari->ukm = NULL;
     if (length > 0) {
-        kari->ukm = (byte*)XMALLOC(length, kari->heap, DYNAMIC_TYPE_PKCS7);
+        kari->ukm = (byte*)XMALLOC((word32)length, kari->heap,
+                                                            DYNAMIC_TYPE_PKCS7);
         if (kari->ukm == NULL)
             return MEMORY_E;
 
-        XMEMCPY(kari->ukm, pkiMsg + (*idx), length);
+        XMEMCPY(kari->ukm, pkiMsg + (*idx), (word32)length);
         kari->ukmOwner = 1;
     }
 
-    (*idx) += length;
+    (*idx) += (word32)length;
     kari->ukmSz = (word32)length;
 
     return 0;
@@ -10507,7 +10791,7 @@ static int wc_PKCS7_KariGetKeyEncryptionAlgorithmId(WC_PKCS7_KARI* kari,
         return ASN_PARSE_E;
     }
 
-    if (localIdx < *idx + length) {
+    if (localIdx < *idx + (word32)length) {
         *idx = localIdx;
     }
     /* remove KeyWrapAlgorithm, stored in parameter of KeyEncAlgoId */
@@ -10566,11 +10850,11 @@ static int wc_PKCS7_KariGetSubjectKeyIdentifier(WC_PKCS7_KARI* kari,
     if (length != keyIdSize)
         return ASN_PARSE_E;
 
-    XMEMCPY(rid, pkiMsg + (*idx), keyIdSize);
-    (*idx) += length;
+    XMEMCPY(rid, pkiMsg + (*idx), (word32)keyIdSize);
+    (*idx) += (word32)length;
 
     /* subject key id should match if recipient found */
-    if (XMEMCMP(rid, kari->decoded->extSubjKeyId, keyIdSize) == 0) {
+    if (XMEMCMP(rid, kari->decoded->extSubjKeyId, (word32)keyIdSize) == 0) {
         *recipFound = 1;
     }
 
@@ -10616,7 +10900,7 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari,
 
     /* if we found correct recipient, issuer hashes will match */
     if (kari->decodedInit == 1) {
-        if (XMEMCMP(rid, kari->decoded->issuerHash, keyIdSize) == 0) {
+        if (XMEMCMP(rid, kari->decoded->issuerHash, (word32)keyIdSize) == 0) {
             *recipFound = 1;
         }
     }
@@ -10651,7 +10935,7 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari,
     ret = mp_init(recipSerial);
     if (ret == MP_OKAY)
         ret = mp_read_unsigned_bin(recipSerial, kari->decoded->serial,
-                             kari->decoded->serialSz);
+                             (word32)kari->decoded->serialSz);
     if (ret != MP_OKAY) {
         mp_clear(serial);
         WOLFSSL_MSG("Failed to parse CMS recipient serial number");
@@ -10743,9 +11027,9 @@ static int wc_PKCS7_KariGetRecipientEncryptedKeys(WC_PKCS7_KARI* kari,
     if (length > *encryptedKeySz)
         return BUFFER_E;
 
-    XMEMCPY(encryptedKey, pkiMsg + (*idx), length);
+    XMEMCPY(encryptedKey, pkiMsg + (*idx), (word32)length);
     *encryptedKeySz = length;
-    (*idx) += length;
+    (*idx) += (word32)length;
 
     return 0;
 }
@@ -10753,7 +11037,7 @@ static int wc_PKCS7_KariGetRecipientEncryptedKeys(WC_PKCS7_KARI* kari,
 #endif /* HAVE_ECC */
 
 
-int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx)
+int wc_PKCS7_SetOriEncryptCtx(wc_PKCS7* pkcs7, void* ctx)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -10764,7 +11048,7 @@ int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx)
 }
 
 
-int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx)
+int wc_PKCS7_SetOriDecryptCtx(wc_PKCS7* pkcs7, void* ctx)
 {
 
     if (pkcs7 == NULL)
@@ -10776,7 +11060,7 @@ int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx)
 }
 
 
-int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb)
+int wc_PKCS7_SetOriDecryptCb(wc_PKCS7* pkcs7, CallbackOriDecrypt cb)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -10788,7 +11072,7 @@ int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb)
 
 
 /* return 0 on success */
-int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7, CallbackWrapCEK cb)
+int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7, CallbackWrapCEK cb)
 {
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -10814,7 +11098,7 @@ int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7, CallbackWrapCEK cb)
  *
  * Return 0 on success, negative upon error.
  */
-static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptOri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -10856,12 +11140,12 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
             if (GetASNObjectId(pkiMsg, idx, &oriOIDSz, pkiMsgSz) != 0)
                 return ASN_PARSE_E;
 
-            XMEMCPY(oriOID, pkiMsg + *idx, oriOIDSz);
-            *idx += oriOIDSz;
+            XMEMCPY(oriOID, pkiMsg + *idx, (word32)oriOIDSz);
+            *idx += (word32)oriOIDSz;
 
             /* get oriValue, increment idx */
             oriValue = pkiMsg + *idx;
-            oriValueSz = seqSz - (*idx - tmpIdx);
+            oriValueSz = (word32)seqSz - (*idx - tmpIdx);
             *idx += oriValueSz;
 
             /* pass oriOID and oriValue to user callback, expect back
@@ -10876,7 +11160,8 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
                 return PKCS7_RECIP_E;
             }
 
-            /* mark recipFound, since we only support one RecipientInfo for now */
+            /* mark recipFound, since we only support one RecipientInfo for
+             * now */
             *recipFound = 1;
 
         #ifndef NO_PKCS7_STREAM
@@ -10900,7 +11185,7 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
 
 /* decode ASN.1 PasswordRecipientInfo (pwri), return 0 on success,
  * < 0 on error */
-static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -10969,12 +11254,13 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             if (GetLength(pkiMsg, idx, &saltSz, pkiMsgSz) < 0)
                 return ASN_PARSE_E;
 
-            salt = (byte*)XMALLOC(saltSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            salt = (byte*)XMALLOC((word32)saltSz, pkcs7->heap,
+                                                            DYNAMIC_TYPE_PKCS7);
             if (salt == NULL)
                 return MEMORY_E;
 
-            XMEMCPY(salt, pkiMsg + (*idx), saltSz);
-            *idx += saltSz;
+            XMEMCPY(salt, pkiMsg + (*idx), (word32)saltSz);
+            *idx += (word32)saltSz;
 
             /* get KDF iterations */
             if (GetMyVersion(pkiMsg, idx, &iterations, pkiMsgSz) < 0) {
@@ -10995,7 +11281,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* get pwriEncAlgoId */
-            if (GetAlgoId(pkiMsg, idx, &pwriEncAlgoId, oidBlkType, pkiMsgSz) < 0) {
+            if (GetAlgoId(pkiMsg, idx, &pwriEncAlgoId, oidBlkType,
+                                                                pkiMsgSz) < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 return ASN_PARSE_E;
             }
@@ -11030,13 +11317,14 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             if (length != blockSz) {
-                WOLFSSL_MSG("Incorrect IV length, must be of content alg block size");
+                WOLFSSL_MSG("Incorrect IV length, must be of content alg block "
+                            "size");
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 return ASN_PARSE_E;
             }
 
-            XMEMCPY(tmpIv, pkiMsg + (*idx), length);
-            *idx += length;
+            XMEMCPY(tmpIv, pkiMsg + (*idx), (word32)length);
+            *idx += (word32)length;
 
             /* get EncryptedKey */
             if (GetASNTag(pkiMsg, idx, &tag, pkiMsgSz) < 0) {
@@ -11063,7 +11351,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* generate KEK */
-            kek = (byte*)XMALLOC(kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            kek = (byte*)XMALLOC((word32)kekKeySz, pkcs7->heap,
+                                                            DYNAMIC_TYPE_PKCS7);
             if (kek == NULL) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -11071,8 +11360,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             ret = wc_PKCS7_GenerateKEK_PWRI(pkcs7, pkcs7->pass, pkcs7->passSz,
-                                            salt, (word32)saltSz, kdfAlgoId, hashOID,
-                                            iterations, kek, (word32)kekKeySz);
+                                  salt, (word32)saltSz, (int)kdfAlgoId, hashOID,
+                                  iterations, kek, (word32)kekKeySz);
             if (ret < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -11082,9 +11371,9 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
 
             /* decrypt CEK with KEK */
             ret = wc_PKCS7_PwriKek_KeyUnWrap(pkcs7, kek, (word32)kekKeySz,
-                                             pkiMsg + (*idx), (word32)length, cek,
-                                             cekSz, tmpIv, (word32)blockSz,
-                                             (int)pwriEncAlgoId);
+                                             pkiMsg + (*idx), (word32)length,
+                                             cek, cekSz, tmpIv, (word32)blockSz,
+                                             pwriEncAlgoId);
             if (ret < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -11110,7 +11399,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
 
             /* mark recipFound, since we only support one RecipientInfo for now */
             *recipFound = 1;
-            *idx += length;
+            *idx += (word32)length;
         #ifndef NO_PKCS7_STREAM
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
                 break;
@@ -11131,7 +11420,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
 
 /* decode ASN.1 KEKRecipientInfo (kekri), return 0 on success,
  * < 0 on error */
-static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptKekri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -11184,11 +11473,11 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
             localIdx = *idx;
             if ((*idx < kekIdSz) && GetASNTag(pkiMsg, &localIdx, &tag,
                         pkiMsgSz) == 0 && tag == ASN_GENERALIZED_TIME) {
-                if (wc_GetDateInfo(pkiMsg + *idx, (int)pkiMsgSz, &datePtr, &dateFormat,
-                                   &dateLen) != 0) {
+                if (wc_GetDateInfo(pkiMsg + *idx, (int)pkiMsgSz, &datePtr,
+                        &dateFormat, &dateLen) != 0) {
                     return ASN_PARSE_E;
                 }
-                *idx += (dateLen + 1);
+                *idx += (word32)(dateLen + 1);
             }
 
             if (*idx > pkiMsgSz) {
@@ -11204,7 +11493,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
                     return ASN_PARSE_E;
 
                 /* skip it */
-                *idx += length;
+                *idx += (word32)length;
             }
 
             if (*idx > pkiMsgSz) {
@@ -11212,7 +11501,8 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* get KeyEncryptionAlgorithmIdentifier */
-            if (GetAlgoId(pkiMsg, idx, &keyWrapOID, oidKeyWrapType, pkiMsgSz) < 0)
+            if (GetAlgoId(pkiMsg, idx, &keyWrapOID, oidKeyWrapType, pkiMsgSz)
+                    < 0)
                 return ASN_PARSE_E;
 
             /* get EncryptedKey */
@@ -11233,24 +11523,26 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
 
             /* decrypt CEK with KEK */
             if (pkcs7->wrapCEKCb) {
-                keySz = pkcs7->wrapCEKCb(pkcs7, pkiMsg + *idx, (word32)length, keyId,
-                                     keyIdSz, NULL, 0, decryptedKey,
-                                     *decryptedKeySz, (int)keyWrapOID,
-                                     (int)PKCS7_KEKRI, direction);
+                keySz = pkcs7->wrapCEKCb(pkcs7, pkiMsg + *idx, (word32)length,
+                                    keyId, keyIdSz, NULL, 0, decryptedKey,
+                                    *decryptedKeySz, (int)keyWrapOID,
+                                    (int)PKCS7_KEKRI, direction);
             }
             else {
-                keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, (word32)length, pkcs7->privateKey,
-                                     pkcs7->privateKeySz, decryptedKey, *decryptedKeySz,
-                                     (int)keyWrapOID, direction);
+                keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, (word32)length,
+                                    pkcs7->privateKey, pkcs7->privateKeySz,
+                                    decryptedKey, *decryptedKeySz,
+                                    (int)keyWrapOID, direction);
             }
             if (keySz <= 0)
                 return keySz;
 
             *decryptedKeySz = (word32)keySz;
 
-            /* mark recipFound, since we only support one RecipientInfo for now */
+            /* mark recipFound, since we only support one RecipientInfo for
+             * now */
             *recipFound = 1;
-            *idx += length;
+            *idx += (word32)length;
 
         #ifndef NO_PKCS7_STREAM
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
@@ -11273,7 +11565,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
 
 /* decode ASN.1 KeyAgreeRecipientInfo (kari), return 0 on success,
  * < 0 on error */
-static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
+static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                word32* idx, byte* decryptedKey,
                                word32* decryptedKeySz, int* recipFound)
 {
@@ -11296,7 +11588,6 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
 #ifndef NO_PKCS7_STREAM
     word32 tmpIdx = (idx) ? *idx : 0;
 #endif
-
     WOLFSSL_ENTER("wc_PKCS7_DecryptKari");
     if (pkcs7 == NULL || pkiMsg == NULL ||
         idx == NULL || decryptedKey == NULL || decryptedKeySz == NULL) {
@@ -11340,9 +11631,10 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
 
             /* parse cert and key */
             ret = wc_PKCS7_KariParseRecipCert(kari, (byte*)pkcs7->singleCert,
-                                          pkcs7->singleCertSz, pkcs7->privateKey,
-                                          pkcs7->privateKeySz);
-            if (ret != 0) {
+                                         pkcs7->singleCertSz, pkcs7->privateKey,
+                                         pkcs7->privateKeySz);
+
+             if (ret != 0) {
                 wc_PKCS7_KariFree(kari);
             #ifdef WOLFSSL_SMALL_STACK
                 XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -11362,7 +11654,8 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* try and remove optional UserKeyingMaterial */
-            ret = wc_PKCS7_KariGetUserKeyingMaterial(kari, pkiMsg, pkiMsgSz, idx);
+            ret = wc_PKCS7_KariGetUserKeyingMaterial(kari, pkiMsg, pkiMsgSz,
+                idx);
             if (ret != 0) {
                 wc_PKCS7_KariFree(kari);
                 #ifdef WOLFSSL_SMALL_STACK
@@ -11382,7 +11675,8 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
                 return ret;
             }
 
-            /* if user has not explicitly set keyAgreeOID, set from one in bundle */
+            /* if user has not explicitly set keyAgreeOID, set from one in
+             * bundle */
             if (pkcs7->keyAgreeOID == 0)
                 pkcs7->keyAgreeOID = (int)keyAgreeOID;
 
@@ -11437,6 +11731,10 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
                 ret = wc_ecc_export_x963(kari->senderKey, NULL, &tmpKeySz);
                 PRIVATE_KEY_LOCK();
                 if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
+                    wc_PKCS7_KariFree(kari);
+                    #ifdef WOLFSSL_SMALL_STACK
+                    XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                    #endif
                     return ret;
                 }
 
@@ -11451,21 +11749,29 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
                 tmpKeyDer = (byte*)XMALLOC(tmpKeySz, pkcs7->heap,
                         DYNAMIC_TYPE_TMP_BUFFER);
                 if (tmpKeyDer == NULL) {
+                    wc_PKCS7_KariFree(kari);
+                    #ifdef WOLFSSL_SMALL_STACK
+                    XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                    #endif
                     return MEMORY_E;
                 }
 
                 ret = wc_EccPublicKeyToDer(kari->senderKey, tmpKeyDer,
                                          tmpKeySz, 1);
                 if (ret < 0) {
+                    wc_PKCS7_KariFree(kari);
+                    #ifdef WOLFSSL_SMALL_STACK
+                    XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                    #endif
                     XFREE(tmpKeyDer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
                     return ret;
                 }
                 tmpKeySz = (word32)ret;
 
-                keySz = pkcs7->wrapCEKCb(pkcs7, encryptedKey, (word32)encryptedKeySz,
-                        rid, (word32)keyIdSize, tmpKeyDer, tmpKeySz,
-                        decryptedKey, *decryptedKeySz,
-                        (int)keyWrapOID, (int)PKCS7_KARI, direction);
+                keySz = pkcs7->wrapCEKCb(pkcs7, encryptedKey,
+                    (word32)encryptedKeySz, rid, (word32)keyIdSize, tmpKeyDer,
+                    tmpKeySz, decryptedKey, *decryptedKeySz,
+                    (int)keyWrapOID, (int)PKCS7_KARI, direction);
                 XFREE(tmpKeyDer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
                 if (keySz  > 0) {
@@ -11478,8 +11784,8 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
             }
             else {
                 /* create KEK */
-                ret = wc_PKCS7_KariGenerateKEK(kari, pkcs7->rng, (int)keyWrapOID,
-                                               pkcs7->keyAgreeOID);
+                ret = wc_PKCS7_KariGenerateKEK(kari, pkcs7->rng,
+                    (int)keyWrapOID, pkcs7->keyAgreeOID);
                 if (ret != 0) {
                     wc_PKCS7_KariFree(kari);
                     #ifdef WOLFSSL_SMALL_STACK
@@ -11489,9 +11795,9 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
                 }
 
                 /* decrypt CEK with KEK */
-                keySz = wc_PKCS7_KeyWrap(encryptedKey, (word32)encryptedKeySz, kari->kek,
-                                         kari->kekSz, decryptedKey, *decryptedKeySz,
-                                         (int)keyWrapOID, direction);
+                keySz = wc_PKCS7_KeyWrap(encryptedKey, (word32)encryptedKeySz,
+                    kari->kek, kari->kekSz, decryptedKey, *decryptedKeySz,
+                    (int)keyWrapOID, direction);
             }
             if (keySz <= 0) {
                 wc_PKCS7_KariFree(kari);
@@ -11540,7 +11846,7 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
 
 
 /* decode ASN.1 RecipientInfos SET, return 0 on success, < 0 on error */
-static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
+static int wc_PKCS7_DecryptRecipientInfos(wc_PKCS7* pkcs7, byte* in,
                             word32  inSz, word32* idx, byte* decryptedKey,
                             word32* decryptedKeySz, int* recipFound)
 {
@@ -11619,7 +11925,7 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
 
     /* when looking for next recipient, use first sequence and version to
      * indicate there is another, if not, move on */
-    while(*recipFound == 0) {
+    while (*recipFound == 0) {
 
         /* remove RecipientInfo, if we don't have a SEQUENCE, back up idx to
          * last good saved one */
@@ -11777,15 +12083,15 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
 /* Parse encoded EnvelopedData bundle up to RecipientInfo set.
  *
  * return size of RecipientInfo SET on success, negative upon error */
-static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
+static int wc_PKCS7_ParseToRecipientInfoSet(wc_PKCS7* pkcs7, byte* in,
                                             word32 inSz, word32* idx,
                                             int type)
 {
-    int version = 0, length, ret = 0;
-    word32 contentType;
-    byte* pkiMsg = in;
+    int version = 0, length = 0, ret = 0;
+    word32 contentType= 0;
     word32 pkiMsgSz = inSz;
-    byte  tag;
+    byte*  pkiMsg = in;
+    byte   tag = 0;
 #ifndef NO_PKCS7_STREAM
     word32 tmpIdx = 0;
 #endif
@@ -11811,7 +12117,6 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
 
     switch (pkcs7->state) {
         case WC_PKCS7_INFOSET_START:
-        case WC_PKCS7_INFOSET_BER:
         case WC_PKCS7_INFOSET_STAGE1:
         case WC_PKCS7_INFOSET_STAGE2:
         case WC_PKCS7_INFOSET_END:
@@ -11843,41 +12148,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
 
             if (ret == 0 && length == 0 && pkiMsg[(*idx)-1] == 0x80) {
         #ifdef ASN_BER_TO_DER
-                word32 len;
-
-                wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_INFOSET_BER);
-                FALL_THROUGH;
-
-                /* full buffer is needed for conversion */
-                case WC_PKCS7_INFOSET_BER:
-                #ifndef NO_PKCS7_STREAM
-                if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
-                            pkcs7->stream->maxLen - pkcs7->stream->length,
-                            &pkiMsg, idx)) != 0) {
-                    return ret;
-                }
-                pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
-                    inSz;
-                #endif
-
-                len = 0;
-
-                ret = wc_BerToDer(pkiMsg, pkiMsgSz, NULL, &len);
-                if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
-                    return ret;
-                pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                if (pkcs7->der == NULL)
-                    return MEMORY_E;
-                ret = wc_BerToDer(pkiMsg, pkiMsgSz, pkcs7->der, &len);
-                if (ret < 0)
-                    return ret;
-
-                pkiMsg = in = pkcs7->der;
-                pkiMsgSz = pkcs7->derSz = inSz = len;
-                *idx = 0;
-
-                if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0)
-                    return ASN_PARSE_E;
+                pkcs7->indefDepth++;
         #else
                 return BER_INDEF_E;
         #endif
@@ -11906,7 +12177,8 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
                     ret = ASN_PARSE_E;
 
                 if (ret == 0) {
-                    if (type == ENVELOPED_DATA && contentType != ENVELOPED_DATA) {
+                    if (type == ENVELOPED_DATA && contentType !=
+                            ENVELOPED_DATA) {
                         WOLFSSL_MSG("PKCS#7 input not of type EnvelopedData");
                         ret = PKCS7_OID_E;
                     } else if (type == AUTH_ENVELOPED_DATA &&
@@ -11996,7 +12268,8 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
             } else {
                 /* AuthEnvelopedData version MUST be 0 */
                 if (version != 0) {
-                    WOLFSSL_MSG("PKCS#7 AuthEnvelopedData needs to be of version 0");
+                    WOLFSSL_MSG(
+                           "PKCS#7 AuthEnvelopedData needs to be of version 0");
                     ret = ASN_VERSION_E;
                 }
             }
@@ -12010,6 +12283,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
                 break;
 
         #ifndef NO_PKCS7_STREAM
+            pkcs7->stream->expected = (word32)length;
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) {
                 break;
             }
@@ -12034,7 +12308,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
  * the secret key for decryption a EnvelopedData KEKRI RecipientInfo.
  *
  * Returns 0 on success, negative upon error */
-WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz)
+WOLFSSL_API int wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz)
 {
     if (pkcs7 == NULL || key == NULL || keySz == 0)
         return BAD_FUNC_ARG;
@@ -12046,9 +12320,10 @@ WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz)
 }
 
 
+#if 0
 /* append data to encrypted content cache in PKCS7 structure
  * return 0 on success, negative on error */
-static int PKCS7_CacheEncryptedContent(PKCS7* pkcs7, byte* in, word32 inSz)
+static int PKCS7_CacheEncryptedContent(wc_PKCS7* pkcs7, byte* in, word32 inSz)
 {
     byte* oldCache;
     word32 oldCacheSz;
@@ -12079,10 +12354,11 @@ static int PKCS7_CacheEncryptedContent(PKCS7* pkcs7, byte* in, word32 inSz)
 
     return 0;
 }
+#endif
 
 
 /* unwrap and decrypt PKCS#7 envelopedData object, return decoded size */
-WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
+WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
                                          word32 inSz, byte* output,
                                          word32 outputSz)
 {
@@ -12107,16 +12383,23 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
     byte padLen;
     byte* encryptedContent = NULL;
     int explicitOctet = 0;
-    word32 localIdx;
+    word32 localIdx = 0;
     byte   tag = 0;
 
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
 
-    if (pkiMsg == NULL || pkiMsgSz == 0 ||
-        output == NULL || outputSz == 0)
+    if (pkiMsg == NULL || pkiMsgSz == 0)
         return BAD_FUNC_ARG;
 
+    if ((output == NULL || outputSz == 0)
+    #ifdef ASN_BER_TO_DER
+        && pkcs7->streamOutCb == NULL
+    #endif
+    ) {
+        return BAD_FUNC_ARG;
+    }
+
 #ifndef NO_PKCS7_STREAM
     (void)tmpIv; /* help out static analysis */
     if (pkcs7->stream == NULL) {
@@ -12129,7 +12412,6 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
     switch (pkcs7->state) {
         case WC_PKCS7_START:
         case WC_PKCS7_INFOSET_START:
-        case WC_PKCS7_INFOSET_BER:
         case WC_PKCS7_INFOSET_STAGE1:
         case WC_PKCS7_INFOSET_STAGE2:
         case WC_PKCS7_INFOSET_END:
@@ -12139,17 +12421,6 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                 break;
             }
 
-        #ifdef ASN_BER_TO_DER
-            /* check if content was BER and has been converted to DER */
-            if (pkcs7->derSz > 0) {
-                pkiMsg = in = pkcs7->der;
-                inSz = pkcs7->derSz;
-            #ifdef NO_PKCS7_STREAM
-                pkiMsgSz = pkcs7->derSz;
-            #endif
-            }
-        #endif
-
             decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap,
                                                        DYNAMIC_TYPE_PKCS7);
             if (decryptedKey == NULL)
@@ -12187,7 +12458,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                                         decryptedKey, &decryptedKeySz,
                                         &recipFound);
             if (ret == 0 && recipFound == 0) {
-                WOLFSSL_MSG("No recipient found in envelopedData that matches input");
+                WOLFSSL_MSG(
+                      "No recipient found in envelopedData that matches input");
                 ret = PKCS7_RECIP_E;
             }
 
@@ -12196,6 +12468,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
         #ifndef NO_PKCS7_STREAM
             tmpIdx               = idx;
             pkcs7->stream->aadSz = decryptedKeySz;
+            pkcs7->stream->expected = MAX_LENGTH_SZ + MAX_VERSION_SZ +
+                ASN_TAG_SZ + MAX_LENGTH_SZ;
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_3);
             FALL_THROUGH;
@@ -12203,10 +12477,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
         case WC_PKCS7_ENV_3:
 
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ +
-                                                MAX_VERSION_SZ + ASN_TAG_SZ +
-                                                MAX_LENGTH_SZ, &pkiMsg, &idx))
-                                                != 0) {
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                    pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
                 return ret;
             }
             pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
@@ -12220,6 +12492,40 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                 ret = ASN_PARSE_E;
             }
 
+        #ifndef NO_PKCS7_STREAM
+            if (length == 0) {
+                /* if indefinite length, assume worst case size
+                 * - Content Type OID + tag/length
+                 * - Algorithm ID structure (OID + parameters)
+                 * - Version
+                 */
+                pkcs7->stream->expected = MAX_SEQ_SZ +    /* outer sequence */
+                                          MAX_OID_SZ +    /* content type OID */
+                                          MAX_ALGO_SZ +   /* algo identifier */
+                                          MAX_VERSION_SZ +/* version */
+                                          ASN_TAG_SZ +    /* tag */
+                                          MAX_LENGTH_SZ;  /* length */
+            }
+            else {
+                /* revize expected size if known */
+                pkcs7->stream->expected = (word32)length + ASN_TAG_SZ;
+            }
+
+            /* Did we get enough for the expected length? */
+            if (pkcs7->stream->expected > pkiMsgSz) {
+                localIdx = idx;
+                if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                        pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+                    return ret;
+                }
+                pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
+                                                        inSz;
+                if (pkcs7->stream->length > 0) {
+                    idx = localIdx; /* account for byte used with seq read */
+                }
+            }
+        #endif
+
             if (ret == 0 && wc_GetContentType(pkiMsg, &idx, &contentType,
                         pkiMsgSz) < 0) {
                 ret = ASN_PARSE_E;
@@ -12259,7 +12565,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
             }
 
             if (ret == 0 && length != expBlockSz) {
-                WOLFSSL_MSG("Incorrect IV length, must be of content alg block size");
+                WOLFSSL_MSG(
+                      "Incorrect IV length, must be of content alg block size");
                 ret = ASN_PARSE_E;
             }
 
@@ -12271,8 +12578,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
             }
             wc_PKCS7_StreamStoreVar(pkcs7, encOID, expBlockSz, length);
             pkcs7->stream->contentSz = (word32)blockKeySz;
-            pkcs7->stream->expected = (word32)length + MAX_LENGTH_SZ + MAX_LENGTH_SZ +
-                ASN_TAG_SZ + ASN_TAG_SZ;
+            pkcs7->stream->expected = (word32)length + MAX_LENGTH_SZ +
+                MAX_LENGTH_SZ + ASN_TAG_SZ + ASN_TAG_SZ;
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_4);
             FALL_THROUGH;
@@ -12297,8 +12604,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
             ret = 0;
         #endif
 
-            XMEMCPY(tmpIv, &pkiMsg[idx], length);
-            idx += length;
+            XMEMCPY(tmpIv, &pkiMsg[idx], (word32)length);
+            idx += (word32)length;
 
             explicitOctet = 0;
             localIdx = idx;
@@ -12314,8 +12621,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
             }
             idx++;
 
-            if (ret == 0 && GetLength(pkiMsg, &idx, &encryptedContentTotalSz,
-                                                               pkiMsgSz) <= 0) {
+            if (ret == 0 && GetLength_ex(pkiMsg, &idx, &encryptedContentTotalSz,
+                                                            pkiMsgSz, 0) < 0) {
                 ret = ASN_PARSE_E;
             }
 
@@ -12327,8 +12634,24 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                 break;
             }
             pkcs7->stream->expected = (word32)encryptedContentTotalSz;
+            if (explicitOctet) {
+                pkcs7->stream->expected = MAX_OCTET_STR_SZ;
+            }
             wc_PKCS7_StreamGetVar(pkcs7, &encOID, &expBlockSz, 0);
             wc_PKCS7_StreamStoreVar(pkcs7, encOID, expBlockSz, explicitOctet);
+
+            if (explicitOctet) {
+                /* initialize decryption state in preparation */
+                if (pkcs7->decryptionCb == NULL) {
+                    ret = wc_PKCS7_DecryptContentInit(pkcs7, encOID,
+                        pkcs7->stream->aad, pkcs7->stream->aadSz,
+                        pkcs7->stream->tmpIv, expBlockSz,
+                        pkcs7->devId, pkcs7->heap);
+                    if (ret != 0)
+                        break;
+                }
+            }
+
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_5);
             FALL_THROUGH;
@@ -12345,6 +12668,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
             tmpIv = pkcs7->stream->tmpIv;
             encryptedContentTotalSz = (int)pkcs7->stream->expected;
 
+            pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
+
             /* restore decrypted key */
             decryptedKey   = pkcs7->stream->aad;
             decryptedKeySz = pkcs7->stream->aadSz;
@@ -12356,11 +12681,27 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
             if (explicitOctet) {
                 /* encrypted content may be fragmented into multiple
                  * consecutive OCTET STRINGs, if so loop through
-                 * collecting and caching encrypted content bytes */
-                localIdx = idx;
-                while (idx < (localIdx + encryptedContentTotalSz)) {
+                 * decrypting and outputting or caching contents until the indef
+                 * ending tag is found */
 
-                    if (GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) {
+                while (1) {
+                    encryptedContentSz = 0;
+                    if (pkiMsgSz <= localIdx + MAX_OCTET_STR_SZ) {
+                    #ifndef NO_PKCS7_STREAM
+                        /* ran out of data to parse */
+                        if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+                            break;
+                        }
+                        pkiMsgSz = (pkcs7->stream->length > 0) ?
+                            pkcs7->stream->length : inSz;
+                    #else
+                        ret = BUFFER_E;
+                    #endif
+                    }
+
+                    localIdx = idx;
+                    if (GetASNTag(pkiMsg, &localIdx, &tag, pkiMsgSz) < 0) {
                         ret = ASN_PARSE_E;
                     }
 
@@ -12368,60 +12709,175 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
                         ret = ASN_PARSE_E;
                     }
 
-                    if (ret == 0 && GetLength(pkiMsg, &idx,
-                                &encryptedContentSz, pkiMsgSz) <= 0) {
+                    if (ret == 0 && GetLength_ex(pkiMsg, &localIdx,
+                                &encryptedContentSz, pkiMsgSz, 0) <= 0) {
                         ret = ASN_PARSE_E;
                     }
+                #ifndef NO_PKCS7_STREAM
+                    if (ret == 0) {
+                        /* always try to get 2 extra bytes to catch indef ending */
+                        pkcs7->stream->expected = (word32)encryptedContentSz +
+                            (localIdx - idx) + ASN_INDEF_END_SZ;
+                    }
+                #endif
+
+                    if (ret == 0 &&
+                         pkcs7->cachedEncryptedContentSz <
+                         (word32)encryptedContentSz) {
+                        if (pkcs7->cachedEncryptedContent != NULL) {
+                            XFREE(pkcs7->cachedEncryptedContent, pkcs7->heap,
+                                DYNAMIC_TYPE_PKCS7);
+                        }
+                        pkcs7->cachedEncryptedContent = (byte*)XMALLOC(
+                            (word32)encryptedContentSz, pkcs7->heap,
+                            DYNAMIC_TYPE_PKCS7);
+                        if (pkcs7->cachedEncryptedContent == NULL) {
+                            ret = MEMORY_E;
+                        }
+                    }
+                    pkcs7->cachedEncryptedContentSz =
+                        (word32)encryptedContentSz;
+
+                    /* sanity check that the buffer has all of the data */
+                    if (ret == 0 && (localIdx + (word32)encryptedContentSz) >
+                            pkiMsgSz) {
+                    #ifndef NO_PKCS7_STREAM
+                        word32 ofsetIdx = localIdx - idx;
+                        if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &pkiMsg, &localIdx))
+                                != 0) {
+                            return ret;
+                        }
+                        localIdx += ofsetIdx;
+                        pkiMsgSz = (pkcs7->stream->length > 0)?
+                            pkcs7->stream->length: inSz;
+                    #else
+                        ret = BUFFER_E;
+                    #endif
+                    }
+
+                    /* Use callback for decryption still, if set */
+                    if (ret == 0 && pkcs7->decryptionCb != NULL) {
+                        ret = pkcs7->decryptionCb(pkcs7, (int)encOID, tmpIv,
+                            expBlockSz, NULL, 0, NULL, 0, &pkiMsg[localIdx],
+                            encryptedContentSz, pkcs7->cachedEncryptedContent,
+                            pkcs7->decryptionCtx);
+                    }
 
                     if (ret == 0) {
-                        ret = PKCS7_CacheEncryptedContent(pkcs7, &pkiMsg[idx],
-                                                          (word32)encryptedContentSz);
+                        ret = wc_PKCS7_DecryptContentEx(pkcs7, encOID,
+                            tmpIv, expBlockSz, NULL, 0, NULL, 0,
+                            &pkiMsg[localIdx], encryptedContentSz,
+                            pkcs7->cachedEncryptedContent);
                     }
 
+                #ifndef NO_PKCS7_STREAM
                     if (ret != 0) {
+                        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                            wc_PKCS7_StreamEndCase(pkcs7, &localIdx, &idx);
+                        }
                         break;
                     }
+                #endif
 
                     /* advance idx past encrypted content */
-                    idx += encryptedContentSz;
+                    localIdx += (word32)encryptedContentSz;
+
+                    if (localIdx + ASN_INDEF_END_SZ <= pkiMsgSz) {
+                        if (pkiMsg[localIdx] == ASN_EOC &&
+                                pkiMsg[localIdx+1] == ASN_EOC) {
+                            /* found the end of encrypted content */
+                            localIdx += ASN_INDEF_END_SZ;
+                            break;
+                        }
+                    }
+                #ifndef NO_PKCS7_STREAM
+                    pkcs7->stream->expected = MAX_OCTET_STR_SZ;
+                    if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &localIdx,
+                            &localIdx)) != 0) {
+                        break;
+                    }
+                #endif
+
+                    /* save last decrypted string to handle padding (this output
+                     * flush happens outside of the while loop in the case that
+                     * the indef end was found) */
+                    if (ret == 0) {
+                    #ifdef ASN_BER_TO_DER
+                        if (pkcs7->streamOutCb) {
+                            ret = pkcs7->streamOutCb(pkcs7,
+                                pkcs7->cachedEncryptedContent,
+                                (word32)encryptedContentSz, pkcs7->streamCtx);
+                        }
+                    #endif /* ASN_BER_TO_DER */
+                    }
+
+                    idx = localIdx;
                 }
 
                 if (ret != 0) {
+                    if (ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                        /* free up in an error case if not looking for more
+                         * data */
+                        wc_PKCS7_DecryptContentFree(pkcs7, encOID,
+                            pkcs7->heap);
+                    }
                     break;
                 }
-
+                wc_PKCS7_DecryptContentFree(pkcs7, encOID, pkcs7->heap);
             } else {
-                /* cache encrypted content, no OCTET STRING */
-                ret = PKCS7_CacheEncryptedContent(pkcs7, &pkiMsg[idx],
-                                                  (word32)encryptedContentTotalSz);
+                pkcs7->cachedEncryptedContentSz =
+                    (word32)encryptedContentTotalSz;
+                pkcs7->cachedEncryptedContent = (byte*)XMALLOC(
+                        pkcs7->cachedEncryptedContentSz, pkcs7->heap,
+                    DYNAMIC_TYPE_PKCS7);
+
+                /* decrypt encryptedContent */
+                ret = wc_PKCS7_DecryptContent(pkcs7, encOID, decryptedKey,
+                        (word32)blockKeySz, tmpIv, expBlockSz, NULL, 0, NULL, 0,
+                        &pkiMsg[idx], encryptedContentTotalSz,
+                        pkcs7->cachedEncryptedContent,
+                        pkcs7->devId, pkcs7->heap);
                 if (ret != 0) {
                     break;
                 }
-                idx += encryptedContentTotalSz;
+
+                idx += (word32)encryptedContentTotalSz;
             }
 
             /* use cached content */
             encryptedContent = pkcs7->cachedEncryptedContent;
             encryptedContentSz = (int)pkcs7->cachedEncryptedContentSz;
-
-            /* decrypt encryptedContent */
-            ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, decryptedKey,
-                    blockKeySz, tmpIv, expBlockSz, NULL, 0, NULL, 0,
-                    encryptedContent, encryptedContentSz, encryptedContent,
-                    pkcs7->devId, pkcs7->heap);
-            if (ret != 0) {
-                break;
-            }
-
             padLen = encryptedContent[encryptedContentSz-1];
 
             /* copy plaintext to output */
-            if (padLen > encryptedContentSz ||
-                    (word32)(encryptedContentSz - padLen) > outputSz) {
+            if (padLen > encryptedContentSz) {
                 ret = BUFFER_E;
                 break;
             }
-            XMEMCPY(output, encryptedContent, encryptedContentSz - padLen);
+
+        #ifdef ASN_BER_TO_DER
+            if (pkcs7->streamOutCb) {
+                ret = pkcs7->streamOutCb(pkcs7, encryptedContent,
+                                (word32)encryptedContentSz - padLen,
+                                pkcs7->streamCtx);
+                if (ret != 0) {
+                    WOLFSSL_MSG("Stream out callback returned failure");
+                    ret = BUFFER_E;
+                    break;
+                }
+            }
+            else
+        #endif /* ASN_BER_TO_DER */
+            {
+                if (output == NULL || (word32)(encryptedContentSz - padLen) >
+                        outputSz) {
+                    ret = BUFFER_E;
+                    break;
+                }
+                XMEMCPY(output, encryptedContent,
+                                           (word32)encryptedContentSz - padLen);
+            }
 
             /* free memory, zero out keys */
             ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
@@ -12474,7 +12930,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
 
 
 /* build PKCS#7 authEnvelopedData content type, return enveloped size */
-int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
+int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output,
                                      word32 outputSz)
 {
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
@@ -12508,7 +12964,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
     byte encContentOctet[MAX_OCTET_STR_SZ];
     byte macOctetString[MAX_OCTET_STR_SZ];
 
-    byte authTag[AES_BLOCK_SIZE];
+    byte authTag[WC_AES_BLOCK_SIZE];
     byte nonce[GCM_NONCE_MID_SZ];   /* GCM nonce is larger than CCM */
     byte macInt[MAX_VERSION_SZ];
     byte algoParamSeq[MAX_SEQ_SZ];
@@ -12729,17 +13185,18 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
             contentTypeAttrib.valueSz = pkcs7->contentTypeSz;
         }
 
-        authAttribsSz += EncodeAttributes(authAttribs, 1,
-                                          &contentTypeAttrib, 1);
+        authAttribsSz += (word32)EncodeAttributes(authAttribs, 1,
+                                                         &contentTypeAttrib, 1);
         authAttribsCount += 1;
     }
 
     /* authAttribs: add in user authenticated attributes */
     if (pkcs7->authAttribs != NULL && pkcs7->authAttribsSz > 0) {
-        authAttribsSz += EncodeAttributes(authAttribs + authAttribsCount,
-                                 MAX_AUTH_ATTRIBS_SZ - authAttribsCount,
+        authAttribsSz += (word32)EncodeAttributes(
+                                 authAttribs + authAttribsCount,
+                                 (int)(MAX_AUTH_ATTRIBS_SZ - authAttribsCount),
                                  pkcs7->authAttribs,
-                                 pkcs7->authAttribsSz);
+                                 (int)pkcs7->authAttribsSz);
         authAttribsCount += pkcs7->authAttribsSz;
     }
 
@@ -12787,23 +13244,27 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
 
     /* build up unauthenticated attributes (unauthAttrs) */
     if (pkcs7->unauthAttribsSz > 0) {
-        unauthAttribsSz = EncodeAttributes(unauthAttribs + unauthAttribsCount,
-                                     MAX_UNAUTH_ATTRIBS_SZ - unauthAttribsCount,
-                                     pkcs7->unauthAttribs,
-                                     pkcs7->unauthAttribsSz);
+        unauthAttribsSz = (word32)EncodeAttributes(
+                              unauthAttribs + unauthAttribsCount,
+                              (int)(MAX_UNAUTH_ATTRIBS_SZ - unauthAttribsCount),
+                              pkcs7->unauthAttribs,
+                              (int)pkcs7->unauthAttribsSz);
         unauthAttribsCount = pkcs7->unauthAttribsSz;
 
-        flatUnauthAttribs = (byte*)XMALLOC(unauthAttribsSz, pkcs7->heap,
-                                            DYNAMIC_TYPE_PKCS7);
-        if (flatUnauthAttribs == NULL) {
-            wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-            XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
-            XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            return MEMORY_E;
+        if (unauthAttribsSz > 0) {
+            flatUnauthAttribs = (byte*)XMALLOC(unauthAttribsSz, pkcs7->heap,
+                                               DYNAMIC_TYPE_PKCS7);
+            if (flatUnauthAttribs == NULL) {
+                wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
+                XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                return MEMORY_E;
+            }
+
+            FlattenAttributes(pkcs7, flatUnauthAttribs, unauthAttribs,
+                              (int)unauthAttribsCount);
         }
 
-        FlattenAttributes(pkcs7, flatUnauthAttribs, unauthAttribs,
-                          (int)unauthAttribsCount);
         unauthAttribsSetSz = SetImplicit(ASN_SET, 2, unauthAttribsSz,
                                          unauthAttribSet, 0);
     }
@@ -12819,7 +13280,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
 
     /* Copy content to plain buffer (zero-padded) to encrypt in full,
      * contiguous blocks */
-    plain = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    plain = (byte*)XMALLOC((word32)encryptedAllocSz, pkcs7->heap,
+        DYNAMIC_TYPE_PKCS7);
     if (plain == NULL) {
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
         XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -12830,10 +13292,11 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
 
     XMEMCPY(plain, pkcs7->content, pkcs7->contentSz);
     if ((encryptedAllocSz - encryptedOutSz) > 0) {
-        XMEMSET(plain + encryptedOutSz, 0, encryptedAllocSz - encryptedOutSz);
+        XMEMSET(plain + encryptedOutSz, 0,
+            (word32)(encryptedAllocSz - encryptedOutSz));
     }
 
-    encryptedContent = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap,
+    encryptedContent = (byte*)XMALLOC((word32)encryptedAllocSz, pkcs7->heap,
                                       DYNAMIC_TYPE_PKCS7);
     if (encryptedContent == NULL) {
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -12846,8 +13309,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
 
     /* encrypt content */
     ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, pkcs7->cek,
-            pkcs7->cekSz, nonce, nonceSz, aadBuffer, aadBufferSz, authTag,
-            sizeof(authTag), plain, encryptedOutSz, encryptedContent);
+            (int)pkcs7->cekSz, nonce, (int)nonceSz, aadBuffer, aadBufferSz,
+            authTag, sizeof(authTag), plain, encryptedOutSz, encryptedContent);
 
     XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     plain = NULL;
@@ -12883,15 +13346,15 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
     macIntSz = (word32)SetMyVersion(sizeof(authTag), macInt, 0);
 
     /* add nonce and icv len into parameters string RFC5084 */
-    algoParamSeqSz = SetSequence(nonceOctetStringSz + nonceSz + macIntSz,
-            algoParamSeq);
+    algoParamSeqSz = SetSequence((word32)nonceOctetStringSz + nonceSz +
+            macIntSz, algoParamSeq);
 
     /* build up our ContentEncryptionAlgorithmIdentifier sequence,
      * adding (nonceOctetStringSz + blockSz + macIntSz) for nonce OCTET STRING
      * and tag size */
     contentEncAlgoSz = (int)SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
-                                 oidBlkType, nonceOctetStringSz + nonceSz +
-                                 macIntSz + algoParamSeqSz);
+                                 oidBlkType, nonceOctetStringSz + (int)nonceSz +
+                                 (int)macIntSz + (int)algoParamSeqSz);
 
     if (contentEncAlgoSz == 0) {
         wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
@@ -12901,21 +13364,23 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
         return BAD_FUNC_ARG;
     }
 
-    encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz,
-                                    encContentOctet, 0);
-    encContentSeqSz = (int)SetSequence(contentTypeSz + contentEncAlgoSz +
-                                  nonceOctetStringSz + nonceSz + macIntSz +
-                                  algoParamSeqSz + encContentOctetSz +
-                                  encryptedOutSz, encContentSeq);
+    encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0,
+                                (word32)encryptedOutSz, encContentOctet, 0);
+    encContentSeqSz = (int)SetSequence((word32)contentTypeSz +
+                               (word32)contentEncAlgoSz +
+                               (word32)nonceOctetStringSz + nonceSz + macIntSz +
+                               algoParamSeqSz + (word32)encContentOctetSz +
+                               (word32)encryptedOutSz, encContentSeq);
 
     macOctetStringSz = (int)SetOctetString(sizeof(authTag), macOctetString);
 
     /* keep track of sizes for outer wrapper layering */
-    totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz +
-              contentEncAlgoSz + nonceOctetStringSz + nonceSz + macIntSz +
-              algoParamSeqSz + encContentOctetSz + encryptedOutSz +
-              authAttribsSz + authAttribsSetSz + macOctetStringSz +
-              sizeof(authTag) + unauthAttribsSz + unauthAttribsSetSz;
+    totalSz = verSz + recipSetSz + recipSz + encContentSeqSz +
+              contentTypeSz + contentEncAlgoSz + nonceOctetStringSz +
+              (int)nonceSz + (int)macIntSz + (int)algoParamSeqSz +
+              encContentOctetSz + encryptedOutSz + (int)authAttribsSz +
+              (int)authAttribsSetSz + macOctetStringSz + (int)sizeof(authTag) +
+              (int)unauthAttribsSz + (int)unauthAttribsSetSz;
 
     /* EnvelopedData */
     envDataSeqSz = (int)SetSequence((word32)totalSz, envDataSeq);
@@ -12939,67 +13404,67 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
         return BUFFER_E;
     }
 
-    XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz);
+    XMEMCPY(output + idx, contentInfoSeq, (word32)contentInfoSeqSz);
     idx += contentInfoSeqSz;
-    XMEMCPY(output + idx, outerContentType, outerContentTypeSz);
+    XMEMCPY(output + idx, outerContentType, (word32)outerContentTypeSz);
     idx += outerContentTypeSz;
-    XMEMCPY(output + idx, outerContent, outerContentSz);
+    XMEMCPY(output + idx, outerContent, (word32)outerContentSz);
     idx += outerContentSz;
-    XMEMCPY(output + idx, envDataSeq, envDataSeqSz);
+    XMEMCPY(output + idx, envDataSeq, (word32)envDataSeqSz);
     idx += envDataSeqSz;
-    XMEMCPY(output + idx, ver, verSz);
+    XMEMCPY(output + idx, ver, (word32)verSz);
     idx += verSz;
-    XMEMCPY(output + idx, recipSet, recipSetSz);
+    XMEMCPY(output + idx, recipSet, (word32)recipSetSz);
     idx += recipSetSz;
     /* copy in recipients from list */
     tmpRecip = pkcs7->recipList;
     while (tmpRecip != NULL) {
         XMEMCPY(output + idx, tmpRecip->recip, tmpRecip->recipSz);
-        idx += tmpRecip->recipSz;
+        idx += (int)tmpRecip->recipSz;
         tmpRecip = tmpRecip->next;
     }
     wc_PKCS7_FreeEncodedRecipientSet(pkcs7);
-    XMEMCPY(output + idx, encContentSeq, encContentSeqSz);
+    XMEMCPY(output + idx, encContentSeq, (word32)encContentSeqSz);
     idx += encContentSeqSz;
-    XMEMCPY(output + idx, contentType, contentTypeSz);
+    XMEMCPY(output + idx, contentType, (word32)contentTypeSz);
     idx += contentTypeSz;
-    XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
+    XMEMCPY(output + idx, contentEncAlgo, (word32)contentEncAlgoSz);
     idx += contentEncAlgoSz;
     XMEMCPY(output + idx, algoParamSeq, algoParamSeqSz);
-    idx += algoParamSeqSz;
-    XMEMCPY(output + idx, nonceOctetString, nonceOctetStringSz);
+    idx += (int)algoParamSeqSz;
+    XMEMCPY(output + idx, nonceOctetString, (word32)nonceOctetStringSz);
     idx += nonceOctetStringSz;
     XMEMCPY(output + idx, nonce, nonceSz);
-    idx += nonceSz;
+    idx += (int)nonceSz;
     XMEMCPY(output + idx, macInt, macIntSz);
-    idx += macIntSz;
+    idx += (int)macIntSz;
 
 
-    XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
+    XMEMCPY(output + idx, encContentOctet, (word32)encContentOctetSz);
     idx += encContentOctetSz;
-    XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
+    XMEMCPY(output + idx, encryptedContent, (word32)encryptedOutSz);
     idx += encryptedOutSz;
 
     /* authenticated attributes */
     if (flatAuthAttribs && authAttribsSz > 0) {
         XMEMCPY(output + idx, authAttribSet, authAttribsSetSz);
-        idx += authAttribsSetSz;
+        idx += (int)authAttribsSetSz;
         XMEMCPY(output + idx, flatAuthAttribs, authAttribsSz);
-        idx += authAttribsSz;
+        idx += (int)authAttribsSz;
         XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     }
 
-    XMEMCPY(output + idx, macOctetString, macOctetStringSz);
+    XMEMCPY(output + idx, macOctetString, (word32)macOctetStringSz);
     idx += macOctetStringSz;
     XMEMCPY(output + idx, authTag, sizeof(authTag));
-    idx += sizeof(authTag);
+    idx += (int)sizeof(authTag);
 
     /* unauthenticated attributes */
     if (unauthAttribsSz > 0) {
         XMEMCPY(output + idx, unauthAttribSet, unauthAttribsSetSz);
-        idx += unauthAttribsSetSz;
+        idx += (int)unauthAttribsSetSz;
         XMEMCPY(output + idx, flatUnauthAttribs, unauthAttribsSz);
-        idx += unauthAttribsSz;
+        idx += (int)unauthAttribsSz;
     }
 
     XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -13020,7 +13485,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
 
 
 /* unwrap and decrypt PKCS#7 AuthEnvelopedData object, return decoded size */
-WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
+WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
                                                  word32 inSz, byte* output,
                                                  word32 outputSz)
 {
@@ -13037,27 +13502,22 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
     word32 pkiMsgSz = inSz;
 
     int expBlockSz = 0, blockKeySz = 0;
-    byte authTag[AES_BLOCK_SIZE];
+    byte authTag[WC_AES_BLOCK_SIZE];
     byte nonce[GCM_NONCE_MID_SZ];       /* GCM nonce is larger than CCM */
-    int nonceSz = 0, authTagSz = 0, macSz = 0;
-
-#ifdef WOLFSSL_SMALL_STACK
+    int nonceSz = 0, macSz = 0;
+    word32 authTagSz = 0;
     byte* decryptedKey = NULL;
-#else
-    byte  decryptedKey[MAX_ENCRYPTED_KEY_SZ];
-#endif
     int encryptedContentSz = 0;
     int encryptedAllocSz = 0;
     byte* encryptedContent = NULL;
     int explicitOctet = 0;
 
-    byte authAttribSetByte = 0;
     byte* encodedAttribs = NULL;
     word32 encodedAttribIdx = 0, encodedAttribSz = 0;
     byte* authAttrib = NULL;
     int authAttribSz = 0;
     word32 localIdx;
-    byte tag;
+    byte tag = 0;
 
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -13097,9 +13557,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                 break;
             }
         #endif
-        #ifdef WOLFSSL_SMALL_STACK
             decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap,
-                                                               DYNAMIC_TYPE_PKCS7);
+                                                            DYNAMIC_TYPE_PKCS7);
             if (decryptedKey == NULL) {
                 ret = MEMORY_E;
                 break;
@@ -13109,7 +13568,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             }
         #ifndef NO_PKCS7_STREAM
             pkcs7->stream->key = decryptedKey;
-        #endif
         #endif
             XMEMSET(decryptedKey, 0, MAX_ENCRYPTED_KEY_SZ);
             FALL_THROUGH;
@@ -13123,10 +13581,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
         case WC_PKCS7_DECRYPT_ORI:
 
             decryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
-        #ifdef WOLFSSL_SMALL_STACK
-            #ifndef NO_PKCS7_STREAM
+        #ifndef NO_PKCS7_STREAM
             decryptedKey = pkcs7->stream->key;
-            #endif
         #endif
 
             ret = wc_PKCS7_DecryptRecipientInfos(pkcs7, in, inSz, &idx,
@@ -13137,32 +13593,48 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             }
 
             if (recipFound == 0) {
-                WOLFSSL_MSG("No recipient found in envelopedData that matches input");
+                WOLFSSL_MSG(
+                      "No recipient found in envelopedData that matches input");
                 ret = PKCS7_RECIP_E;
                 break;
             }
 
         #ifndef NO_PKCS7_STREAM
             tmpIdx = idx;
+            pkcs7->stream->expected = MAX_SEQ_SZ;
         #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_3);
             FALL_THROUGH;
 
         case WC_PKCS7_AUTHENV_3:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_SEQ_SZ +
-                            MAX_ALGO_SZ + MAX_ALGO_SZ + ASN_TAG_SZ,
-                            &pkiMsg, &idx)) != 0) {
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                    pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
                 break;
             }
             pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
         #endif
 
             /* remove EncryptedContentInfo */
-            if (ret == 0 && GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
+            if (ret == 0 && GetSequence_ex(pkiMsg, &idx, &length, pkiMsgSz, 0)
+                    < 0) {
                 ret = ASN_PARSE_E;
             }
 
+        #ifndef NO_PKCS7_STREAM
+            /* check that the expected size was accurate */
+            if (ret == 0) {
+                if (length > (int)pkcs7->stream->expected && length >
+                        (int)pkiMsgSz) {
+                    pkcs7->stream->expected = (word32)length + 1;
+                    if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+                        break;
+                    }
+                }
+            }
+        #endif
+
             if (ret == 0 && wc_GetContentType(pkiMsg, &idx, &contentType,
                         pkiMsgSz) < 0) {
                 ret = ASN_PARSE_E;
@@ -13246,8 +13718,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             }
 
             if (ret == 0) {
-                XMEMCPY(nonce, &pkiMsg[idx], nonceSz);
-                idx += nonceSz;
+                XMEMCPY(nonce, &pkiMsg[idx], (word32)nonceSz);
+                idx += (word32)nonceSz;
             }
 
             /* get mac size, also stored in OPTIONAL parameter of AlgoID */
@@ -13272,8 +13744,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                 ret = ASN_PARSE_E;
             }
 
-            if (ret == 0 && GetLength(pkiMsg, &idx, &encryptedContentSz,
-                        pkiMsgSz) <= 0) {
+            if (ret == 0 && GetLength_ex(pkiMsg, &idx, &encryptedContentSz,
+                        pkiMsgSz, 0) <= 0) {
                 ret = ASN_PARSE_E;
             }
 
@@ -13302,18 +13774,19 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             /* store nonce for later */
             if (nonceSz > 0) {
                 pkcs7->stream->nonceSz = (word32)nonceSz;
-                pkcs7->stream->nonce = (byte*)XMALLOC(nonceSz, pkcs7->heap,
-                        DYNAMIC_TYPE_PKCS7);
+                pkcs7->stream->nonce = (byte*)XMALLOC((word32)nonceSz,
+                        pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 if (pkcs7->stream->nonce == NULL) {
                     ret = MEMORY_E;
                     break;
                 }
                 else {
-                    XMEMCPY(pkcs7->stream->nonce, nonce, nonceSz);
+                    XMEMCPY(pkcs7->stream->nonce, nonce, (word32)nonceSz);
                 }
             }
 
-            pkcs7->stream->expected = (word32)encryptedContentSz;
+            pkcs7->stream->expected = (word32)encryptedContentSz +
+                    MAX_LENGTH_SZ + ASN_TAG_SZ + ASN_TAG_SZ;
             wc_PKCS7_StreamStoreVar(pkcs7, encOID, blockKeySz,
                     encryptedContentSz);
         #endif
@@ -13323,21 +13796,20 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
 
         case WC_PKCS7_AUTHENV_5:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ +
-                            ASN_TAG_SZ + ASN_TAG_SZ + pkcs7->stream->expected,
-                            &pkiMsg, &idx)) != 0) {
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                    pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
                 break;
             }
             pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
 
-            encryptedContentSz = (int)pkcs7->stream->expected;
+            wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz,
+                &encryptedContentSz);
         #else
             pkiMsgSz = inSz;
         #endif
 
             if (expBlockSz == 0) {
         #ifndef NO_PKCS7_STREAM
-                wc_PKCS7_StreamGetVar(pkcs7, &encOID, NULL, NULL);
         #endif
                 if (encOID == 0)
                     expBlockSz = 1;
@@ -13358,18 +13830,19 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                                    encryptedContentSz + expBlockSz -
                                    (encryptedContentSz % expBlockSz) :
                                    encryptedContentSz;
-            encryptedContent = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap,
-                                                            DYNAMIC_TYPE_PKCS7);
+            encryptedContent = (byte*)XMALLOC((word32)encryptedAllocSz,
+                                               pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             if (ret == 0 && encryptedContent == NULL) {
                 ret = MEMORY_E;
             }
 
             if (ret == 0) {
-                XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz);
-                idx += encryptedContentSz;
+                XMEMCPY(encryptedContent, &pkiMsg[idx],
+                                                    (word32)encryptedContentSz);
+                idx += (word32)encryptedContentSz;
             }
         #ifndef NO_PKCS7_STREAM
-                pkcs7->stream->bufferPt = encryptedContent;
+            pkcs7->stream->bufferPt = encryptedContent;
         #endif
 
             /* may have IMPLICIT [1] authenticatedAttributes */
@@ -13377,32 +13850,32 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             if (ret == 0 && GetASNTag(pkiMsg, &localIdx, &tag, pkiMsgSz) == 0 &&
                     tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) {
                 encodedAttribIdx = idx;
-                encodedAttribs = pkiMsg + idx;
                 idx++;
 
-                if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) <= 0)
+                if (GetLength_ex(pkiMsg, &idx, &length, pkiMsgSz, 0) <= 0) {
                     ret = ASN_PARSE_E;
+                }
             #ifndef NO_PKCS7_STREAM
                 pkcs7->stream->expected = (word32)length;
             #endif
-                encodedAttribSz = length + (idx - encodedAttribIdx);
+                encodedAttribSz = (word32)length + (idx - encodedAttribIdx);
 
                 if (ret != 0)
                     break;
 
-            #ifndef NO_PKCS7_STREAM
                 if (encodedAttribSz > 0) {
-                    pkcs7->stream->aadSz = encodedAttribSz;
-                    pkcs7->stream->aad = (byte*)XMALLOC(encodedAttribSz,
+                    encodedAttribs = (byte*)XMALLOC(encodedAttribSz,
                             pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                    if (pkcs7->stream->aad == NULL) {
+                    if (encodedAttribs == NULL) {
                         ret = MEMORY_E;
                         break;
                     }
-                    else {
-                        XMEMCPY(pkcs7->stream->aad, encodedAttribs,
-                                (idx - encodedAttribIdx));
-                    }
+                }
+
+            #ifndef NO_PKCS7_STREAM
+                if (encodedAttribSz > 0) {
+                    pkcs7->stream->aadSz = encodedAttribSz;
+                    pkcs7->stream->aad   = encodedAttribs;
                 }
 
                 if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
@@ -13416,7 +13889,9 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                 if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
                     break;
                 }
+                pkcs7->stream->expected = MAX_LENGTH_SZ + ASN_TAG_SZ;
             #endif
+                wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_ATRBEND);
                 goto authenv_atrbend; /* jump over attribute cases */
             }
             FALL_THROUGH;
@@ -13436,23 +13911,40 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
             authAttrib = &pkiMsg[idx];
             authAttribSz = length;
 
-            if (ret == 0 && wc_PKCS7_ParseAttribs(pkcs7, authAttrib, authAttribSz) < 0) {
+            {
+                word32 ofst;
+
+                /* From RFC5083, "For the purpose of constructing the
+                * AAD, the IMPLICIT [1] tag in the authAttrs field is
+                * not used for the DER encoding: rather a universal SET
+                * OF tag is used. */
+                ofst = SetSet((word32)length, encodedAttribs);
+
+                XMEMCPY(encodedAttribs + ofst, authAttrib,
+                    (word32)authAttribSz);
+            }
+
+            /* ignoring the size returned, we know it is
+                * idx - encodedAttribIdx from parsing what's given */
+
+            if (ret == 0 && wc_PKCS7_ParseAttribs(pkcs7, authAttrib,
+                    authAttribSz) < 0) {
                 WOLFSSL_MSG("Error parsing authenticated attributes");
                 ret = ASN_PARSE_E;
                 break;
             }
 
-            idx += length;
+            idx += (word32)length;
 
     #ifndef NO_PKCS7_STREAM
-            if (encodedAttribSz > 0) {
-                XMEMCPY(pkcs7->stream->aad + (encodedAttribSz - length),
-                        authAttrib, authAttribSz);
+            if (pkcs7->stream->aadSz > 0) {
+                XMEMCPY(pkcs7->stream->aad + (pkcs7->stream->aadSz -
+                        (word32)length), authAttrib, (word32)authAttribSz);
             }
             if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
                 break;
             }
-
+            pkcs7->stream->expected = MAX_LENGTH_SZ + ASN_TAG_SZ;
     #endif
             wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_ATRBEND);
             FALL_THROUGH;
@@ -13460,8 +13952,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
         case WC_PKCS7_AUTHENV_ATRBEND:
 authenv_atrbend:
         #ifndef NO_PKCS7_STREAM
-            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ +
-                            ASN_TAG_SZ, &pkiMsg, &idx)) != 0) {
+            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                    pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
                 return ret;
             }
             pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
@@ -13473,19 +13965,37 @@ authenv_atrbend:
         #endif
 
 
-            /* get authTag OCTET STRING */
-            if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) {
-                ret = ASN_PARSE_E;
-            }
-            if (ret == 0 && tag != ASN_OCTET_STRING) {
-                ret = ASN_PARSE_E;
-            }
+            localIdx = idx;
 
-            if (ret == 0 && GetLength(pkiMsg, &idx, &authTagSz, pkiMsgSz) < 0) {
+            /* Get authTag OCTET STRING */
+            if (ret == 0 && pkiMsg[localIdx] != ASN_OCTET_STRING) {
                 ret = ASN_PARSE_E;
             }
+            localIdx++; /* move past ASN_OCTET_STRING */
 
-            if (ret == 0 && authTagSz > (int)sizeof(authTag)) {
+            if (ret == 0 && GetLength_ex(pkiMsg, &localIdx, &length,
+                    pkiMsgSz, 0) < 0) {
+                ret = ASN_PARSE_E;
+            }
+            authTagSz = (word32)length;
+
+        #ifndef NO_PKCS7_STREAM
+            /* there might not be enough data for the auth tag too */
+            if (ret == 0) {
+                if ((authTagSz + (localIdx - idx)) > pkcs7->stream->expected &&
+                    (authTagSz + (localIdx - idx)) > pkiMsgSz) {
+                        pkcs7->stream->expected = authTagSz +
+                            (localIdx - idx);
+                        if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+                            pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
+                            return ret;
+                        }
+                }
+            }
+        #endif
+            idx = localIdx;
+
+            if (ret == 0 && authTagSz > (word32)sizeof(authTag)) {
                 WOLFSSL_MSG("AuthEnvelopedData authTag too large for buffer");
                 ret = ASN_PARSE_E;
             }
@@ -13495,14 +14005,6 @@ authenv_atrbend:
                 idx += authTagSz;
             }
 
-            if (ret == 0 && authAttrib != NULL) {
-                /* temporarily swap authAttribs byte[0] to SET OF instead of
-                 * IMPLICIT [1], for aad calculation */
-                authAttribSetByte = encodedAttribs[0];
-
-                encodedAttribs[0] = ASN_SET | ASN_CONSTRUCTED;
-            }
-
             if (ret < 0)
                 break;
 
@@ -13516,9 +14018,9 @@ authenv_atrbend:
 
             /* store tag for later */
             if (authTagSz > 0) {
-                pkcs7->stream->tagSz = (word32)authTagSz;
-                pkcs7->stream->tag = (byte*)XMALLOC(authTagSz, pkcs7->heap,
-                        DYNAMIC_TYPE_PKCS7);
+                pkcs7->stream->tagSz = authTagSz;
+                pkcs7->stream->tag = (byte*)XMALLOC(authTagSz,
+                        pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 if (pkcs7->stream->tag == NULL) {
                     ret = MEMORY_E;
                     break;
@@ -13548,13 +14050,13 @@ authenv_atrbend:
                     break;
                 }
                 else {
-                    XMEMCPY(nonce, pkcs7->stream->nonce, nonceSz);
+                    XMEMCPY(nonce, pkcs7->stream->nonce, (word32)nonceSz);
                 }
             }
 
             if (pkcs7->stream->tagSz > 0) {
-                authTagSz = (int)pkcs7->stream->tagSz;
-                if (authTagSz > AES_BLOCK_SIZE) {
+                authTagSz = pkcs7->stream->tagSz;
+                if (authTagSz > WC_AES_BLOCK_SIZE) {
                     WOLFSSL_MSG("PKCS7 saved tag is too large");
                     ret = BUFFER_E;
                     break;
@@ -13572,39 +14074,40 @@ authenv_atrbend:
             wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz,
                                   &encryptedContentSz);
             encryptedContent   = pkcs7->stream->bufferPt;
-        #ifdef WOLFSSL_SMALL_STACK
             decryptedKey = pkcs7->stream->key;
-        #endif
         #endif
 
             /* decrypt encryptedContent */
-            ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, decryptedKey,
-                    blockKeySz, nonce, nonceSz, encodedAttribs, encodedAttribSz,
-                    authTag, (word32)authTagSz, encryptedContent, encryptedContentSz,
-                    encryptedContent, pkcs7->devId, pkcs7->heap);
+            ret = wc_PKCS7_DecryptContent(pkcs7, encOID, decryptedKey,
+                    (word32)blockKeySz, nonce, nonceSz, encodedAttribs,
+                    encodedAttribSz, authTag, authTagSz,
+                    encryptedContent, encryptedContentSz, encryptedContent,
+                    pkcs7->devId, pkcs7->heap);
             if (ret != 0) {
                 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 return ret;
             }
 
-            if (authAttrib != NULL) {
-                /* restore authAttrib IMPLICIT [1] */
-                encodedAttribs[0] = authAttribSetByte;
+            if (encodedAttribs != NULL) {
+                XFREE(encodedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                encodedAttribs = NULL;
+            #ifndef NO_PKCS7_STREAM
+                pkcs7->stream->aad = NULL;
+            #endif
             }
 
             /* copy plaintext to output */
-            XMEMCPY(output, encryptedContent, encryptedContentSz);
+            XMEMCPY(output, encryptedContent, (word32)encryptedContentSz);
 
             /* free memory, zero out keys */
             ForceZero(encryptedContent, (word32)encryptedContentSz);
             XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            encryptedContent = NULL;
             ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
-        #ifdef WOLFSSL_SMALL_STACK
             XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             decryptedKey = NULL;
-            #ifndef NO_PKCS7_STREAM
+        #ifndef NO_PKCS7_STREAM
             pkcs7->stream->key = NULL;
-            #endif
         #endif
             ret = encryptedContentSz;
         #ifndef NO_PKCS7_STREAM
@@ -13617,14 +14120,34 @@ authenv_atrbend:
             ret = BAD_FUNC_ARG;
     }
 
-#ifdef WOLFSSL_SMALL_STACK
     if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
         if (decryptedKey != NULL) {
             ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
+            XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            decryptedKey = NULL;
+        #ifndef NO_PKCS7_STREAM
+            pkcs7->stream->key = NULL;
+        #endif
+        }
+
+        if (encryptedContent != NULL) {
+            ForceZero(encryptedContent, (word32)encryptedContentSz);
+            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            encryptedContent = NULL;
+        #ifndef NO_PKCS7_STREAM
+            pkcs7->stream->bufferPt = NULL;
+        #endif
+        }
+
+        if (encodedAttribs != NULL) {
+            XFREE(encodedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            encodedAttribs = NULL;
+        #ifndef NO_PKCS7_STREAM
+            pkcs7->stream->aad = NULL;
+        #endif
         }
-        XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     }
-#endif
+
 #ifndef NO_PKCS7_STREAM
     if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
         wc_PKCS7_ResetStream(pkcs7);
@@ -13649,7 +14172,7 @@ authenv_atrbend:
 #ifndef NO_PKCS7_ENCRYPTED_DATA
 
 /* build PKCS#7 encryptedData content type, return encrypted size */
-int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeEncryptedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz)
 {
     int ret, idx = 0;
     int totalSz, padSz, encryptedOutSz;
@@ -13729,21 +14252,21 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     if (padSz < 0)
         return padSz;
 
-    encryptedOutSz = pkcs7->contentSz + padSz;
+    encryptedOutSz = (int)pkcs7->contentSz + padSz;
 
-    plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
+    plain = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap,
                            DYNAMIC_TYPE_PKCS7);
     if (plain == NULL)
         return MEMORY_E;
 
     ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain,
-                           (word32)encryptedOutSz, blockSz);
+                           (word32)encryptedOutSz, (word32)blockSz);
     if (ret < 0) {
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         return ret;
     }
 
-    encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap,
+    encryptedContent = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap,
                                       DYNAMIC_TYPE_PKCS7);
     if (encryptedContent == NULL) {
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -13773,8 +14296,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     }
 
     ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID,
-            pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv, blockSz, NULL,
-            0, NULL, 0, plain, encryptedOutSz, encryptedContent);
+            pkcs7->encryptionKey, (int)pkcs7->encryptionKeySz, tmpIv, blockSz,
+            NULL, 0, NULL, 0, plain, encryptedOutSz, encryptedContent);
     if (ret != 0) {
         XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -13784,9 +14307,9 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0,
                                     (word32)encryptedOutSz, encContentOctet, 0);
 
-    encContentSeqSz = (int)SetSequence(contentTypeSz + contentEncAlgoSz +
-                                  ivOctetStringSz + blockSz +
-                                  encContentOctetSz + encryptedOutSz,
+    encContentSeqSz = (int)SetSequence((word32)(contentTypeSz +
+                                  contentEncAlgoSz + ivOctetStringSz + blockSz +
+                                  encContentOctetSz + encryptedOutSz),
                                   encContentSeq);
 
     /* optional UnprotectedAttributes */
@@ -13808,26 +14331,32 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         }
 
         attribsCount = pkcs7->unprotectedAttribsSz;
-        attribsSz = EncodeAttributes(attribs, pkcs7->unprotectedAttribsSz,
+        attribsSz = (word32)EncodeAttributes(attribs,
+                                     (int)pkcs7->unprotectedAttribsSz,
                                      pkcs7->unprotectedAttribs,
-                                     pkcs7->unprotectedAttribsSz);
+                                     (int)pkcs7->unprotectedAttribsSz);
 
-        flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-        if (flatAttribs == NULL) {
-            XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            return MEMORY_E;
+        if (attribsSz > 0) {
+            flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap,
+                                         DYNAMIC_TYPE_PKCS7);
+            if (flatAttribs == NULL) {
+                XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                return MEMORY_E;
+            }
+
+            ret = FlattenAttributes(pkcs7, flatAttribs, attribs,
+                                    (int)attribsCount);
+            if (ret != 0) {
+                XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                return ret;
+            }
         }
 
-        ret = FlattenAttributes(pkcs7, flatAttribs, attribs, (int)attribsCount);
-        if (ret != 0) {
-            XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-            return ret;
-        }
         attribsSetSz = SetImplicit(ASN_SET, 1, attribsSz, attribSet, 0);
 
     } else {
@@ -13838,7 +14367,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     /* keep track of sizes for outer wrapper layering */
     totalSz = verSz + encContentSeqSz + contentTypeSz + contentEncAlgoSz +
               ivOctetStringSz + blockSz + encContentOctetSz + encryptedOutSz +
-              attribsSz + attribsSetSz;
+              (int)attribsSz + (int)attribsSetSz;
 
     /* EncryptedData */
     encDataSeqSz = (int)SetSequence((word32)totalSz, encDataSeq);
@@ -13866,36 +14395,38 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         return BUFFER_E;
     }
 
-    XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz);
+    XMEMCPY(output + idx, contentInfoSeq, (word32)contentInfoSeqSz);
     idx += contentInfoSeqSz;
-    XMEMCPY(output + idx, outerContentType, outerContentTypeSz);
+    XMEMCPY(output + idx, outerContentType, (word32)outerContentTypeSz);
     idx += outerContentTypeSz;
-    XMEMCPY(output + idx, outerContent, outerContentSz);
+    XMEMCPY(output + idx, outerContent, (word32)outerContentSz);
     idx += outerContentSz;
-    XMEMCPY(output + idx, encDataSeq, encDataSeqSz);
+    XMEMCPY(output + idx, encDataSeq, (word32)encDataSeqSz);
     idx += encDataSeqSz;
-    XMEMCPY(output + idx, ver, verSz);
+    XMEMCPY(output + idx, ver, (word32)verSz);
     idx += verSz;
-    XMEMCPY(output + idx, encContentSeq, encContentSeqSz);
+    XMEMCPY(output + idx, encContentSeq, (word32)encContentSeqSz);
     idx += encContentSeqSz;
-    XMEMCPY(output + idx, contentType, contentTypeSz);
+    XMEMCPY(output + idx, contentType, (word32)contentTypeSz);
     idx += contentTypeSz;
-    XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz);
+    XMEMCPY(output + idx, contentEncAlgo, (word32)contentEncAlgoSz);
     idx += contentEncAlgoSz;
-    XMEMCPY(output + idx, ivOctetString, ivOctetStringSz);
+    XMEMCPY(output + idx, ivOctetString, (word32)ivOctetStringSz);
     idx += ivOctetStringSz;
-    XMEMCPY(output + idx, tmpIv, blockSz);
+    XMEMCPY(output + idx, tmpIv, (word32)blockSz);
     idx += blockSz;
-    XMEMCPY(output + idx, encContentOctet, encContentOctetSz);
+    XMEMCPY(output + idx, encContentOctet, (word32)encContentOctetSz);
     idx += encContentOctetSz;
-    XMEMCPY(output + idx, encryptedContent, encryptedOutSz);
+    XMEMCPY(output + idx, encryptedContent, (word32)encryptedOutSz);
     idx += encryptedOutSz;
 
     if (pkcs7->unprotectedAttribsSz != 0) {
         XMEMCPY(output + idx, attribSet, attribsSetSz);
-        idx += attribsSetSz;
-        XMEMCPY(output + idx, flatAttribs, attribsSz);
-        idx += attribsSz;
+        idx += (int)attribsSetSz;
+        if (attribsSz > 0) {
+            XMEMCPY(output + idx, flatAttribs, attribsSz);
+            idx += (int)attribsSz;
+        }
     }
 
     XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -13909,7 +14440,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
 /* decode and store unprotected attributes in PKCS7->decodedAttrib. Return
  * 0 on success, negative on error. User must call wc_PKCS7_Free(). */
-static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg,
+static int wc_PKCS7_DecodeUnprotectedAttributes(wc_PKCS7* pkcs7, byte* pkiMsg,
                                              word32 pkiMsgSz, word32* inOutIdx)
 {
     int ret, attribLen;
@@ -13943,10 +14474,10 @@ static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg,
 
 
 /* unwrap and decrypt PKCS#7/CMS encrypted-data object, returned decoded size */
-int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
+int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                  byte* output, word32 outputSz)
 {
-    int ret = 0, version, length = 0, haveAttribs = 0;
+    int ret = 0, version = 0, length = 0, haveAttribs = 0;
     word32 idx = 0;
 
 #ifndef NO_PKCS7_STREAM
@@ -13964,7 +14495,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
 
     byte* pkiMsg = in;
     word32 pkiMsgSz = inSz;
-    byte  tag;
+    byte  tag = 0;
 
     if (pkcs7 == NULL ||
             ((pkcs7->encryptionKey == NULL || pkcs7->encryptionKeySz == 0) &&
@@ -14089,7 +14620,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
             if (ret == 0 && (ret = GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType,
                         pkiMsgSz)) < 0)
                 ret = ASN_PARSE_E;
-            if (ret == 0 && (expBlockSz = wc_PKCS7_GetOIDBlockSize((int)encOID)) < 0)
+            if (ret == 0 && (expBlockSz =
+                    wc_PKCS7_GetOIDBlockSize((int)encOID)) < 0)
                 ret = expBlockSz;
 
             if (ret != 0) break;
@@ -14130,7 +14662,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                 ret = ASN_PARSE_E;
 
             if (ret == 0 && length != expBlockSz) {
-                WOLFSSL_MSG("Incorrect IV length, must be of content alg block size");
+                WOLFSSL_MSG(
+                      "Incorrect IV length, must be of content alg block size");
                 ret = ASN_PARSE_E;
             }
 
@@ -14160,8 +14693,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
             tmpIv  = pkcs7->stream->tmpIv;
             length = (int)pkcs7->stream->expected;
 #endif
-            XMEMCPY(tmpIv, &pkiMsg[idx], length);
-            idx += length;
+            XMEMCPY(tmpIv, &pkiMsg[idx], (word32)length);
+            idx += (word32)length;
             /* read encryptedContent, cont[0] */
             if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0)
                 ret = ASN_PARSE_E;
@@ -14181,7 +14714,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                 break;
             }
 
-            if (pkcs7->stream->totalRd +  encryptedContentSz <
+            if (pkcs7->stream->totalRd + (word32)encryptedContentSz <
                     pkcs7->stream->maxLen) {
                 pkcs7->stream->flagOne = 1;
             }
@@ -14209,22 +14742,29 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
             version    = (int)pkcs7->stream->vers;
             tmpIv      = pkcs7->stream->tmpIv;
 #endif
+            if (encryptedContentSz <= 0) {
+                ret = BUFFER_E;
+                break;
+            }
+
             if (ret == 0 && (encryptedContent = (byte*)XMALLOC(
-                encryptedContentSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7)) == NULL) {
+                                  (unsigned int)encryptedContentSz, pkcs7->heap,
+                                  DYNAMIC_TYPE_PKCS7)) == NULL) {
                 ret = MEMORY_E;
                 break;
             }
 
             if (ret == 0) {
-                XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz);
-                idx += encryptedContentSz;
+                XMEMCPY(encryptedContent, &pkiMsg[idx],
+                    (unsigned int)encryptedContentSz);
+                idx += (word32)encryptedContentSz;
 
                 /* decrypt encryptedContent */
-                ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID,
-                            pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv,
-                            expBlockSz, NULL, 0, NULL, 0, encryptedContent,
-                            encryptedContentSz, encryptedContent,
-                            pkcs7->devId, pkcs7->heap);
+                ret = wc_PKCS7_DecryptContent(pkcs7, encOID,
+                              pkcs7->encryptionKey, pkcs7->encryptionKeySz,
+                              tmpIv, expBlockSz, NULL, 0, NULL, 0,
+                              encryptedContent, encryptedContentSz,
+                              encryptedContent, pkcs7->devId, pkcs7->heap);
                 if (ret != 0) {
                     XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 }
@@ -14241,7 +14781,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                 }
 
                 /* copy plaintext to output */
-                XMEMCPY(output, encryptedContent, encryptedContentSz - padLen);
+                XMEMCPY(output, encryptedContent,
+                    (unsigned int)(encryptedContentSz - padLen));
 
                 /* get implicit[1] unprotected attributes, optional */
                 wc_PKCS7_FreeDecodedAttrib(pkcs7->decodedAttrib, pkcs7->heap);
@@ -14258,7 +14799,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                                                        pkiMsgSz, &idx);
                     if (ret != 0) {
                         ForceZero(encryptedContent, (word32)encryptedContentSz);
-                        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                        XFREE(encryptedContent, pkcs7->heap,
+                            DYNAMIC_TYPE_PKCS7);
                         ret = ASN_PARSE_E;
                     }
                 }
@@ -14268,7 +14810,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                 ForceZero(encryptedContent, (word32)encryptedContentSz);
                 XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
 
-                /* go back and check the version now that attribs have been processed */
+                /* go back and check the version now that attribs have been
+                 * processed */
                 if (pkcs7->version == 3 && version != 0) {
                     WOLFSSL_MSG("Wrong PKCS#7 FirmwareEncryptedData version");
                     return ASN_VERSION_E;
@@ -14311,7 +14854,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
  * on the parsed bundle so far.
  * returns 0 on success
  */
-int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
+int wc_PKCS7_SetDecodeEncryptedCb(wc_PKCS7* pkcs7,
         CallbackDecryptContent decryptionCb)
 {
     if (pkcs7 != NULL) {
@@ -14324,7 +14867,7 @@ int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
 /* Set an optional user context that gets passed to callback
  * returns 0 on success
  */
-int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx)
+int wc_PKCS7_SetDecodeEncryptedCtx(wc_PKCS7* pkcs7, void* ctx)
 {
     if (pkcs7 != NULL) {
         pkcs7->decryptionCtx = ctx;
@@ -14336,7 +14879,7 @@ int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx)
 
 /* set stream mode for encoding and signing
  * returns 0 on success */
-int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag,
+int wc_PKCS7_SetStreamMode(wc_PKCS7* pkcs7, byte flag,
     CallbackGetContent getContentCb,
     CallbackStreamOut streamOutCb, void* ctx)
 {
@@ -14344,7 +14887,7 @@ int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag,
         return BAD_FUNC_ARG;
     }
 #ifdef ASN_BER_TO_DER
-    pkcs7->encodeStream = flag;
+    pkcs7->encodeStream = (flag != 0);
     pkcs7->getContentCb = getContentCb;
     pkcs7->streamOutCb  = streamOutCb;
     pkcs7->streamCtx    = ctx;
@@ -14360,7 +14903,7 @@ int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag,
 
 
 /* returns to current stream mode flag on success, negative values on fail */
-int wc_PKCS7_GetStreamMode(PKCS7* pkcs7)
+int wc_PKCS7_GetStreamMode(wc_PKCS7* pkcs7)
 {
     if (pkcs7 == NULL) {
         return BAD_FUNC_ARG;
@@ -14375,18 +14918,18 @@ int wc_PKCS7_GetStreamMode(PKCS7* pkcs7)
 
 /* set option to not include certificates when creating a bundle
  * returns 0 on success */
-int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag)
+int wc_PKCS7_SetNoCerts(wc_PKCS7* pkcs7, byte flag)
 {
     if (pkcs7 == NULL) {
         return BAD_FUNC_ARG;
     }
-    pkcs7->noCerts = flag;
+    pkcs7->noCerts = (flag != 0);
     return 0;
 }
 
 
 /* returns the current noCerts flag value on success, negative values on fail */
-int wc_PKCS7_GetNoCerts(PKCS7* pkcs7)
+int wc_PKCS7_GetNoCerts(wc_PKCS7* pkcs7)
 {
     if (pkcs7 == NULL) {
         return BAD_FUNC_ARG;
@@ -14398,7 +14941,8 @@ int wc_PKCS7_GetNoCerts(PKCS7* pkcs7)
 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
 
 /* build PKCS#7 compressedData content type, return encrypted size */
-int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
+int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output,
+    word32 outputSz)
 {
     byte contentInfoSeq[MAX_SEQ_SZ];
     byte contentInfoTypeOid[MAX_OID_SZ];
@@ -14509,7 +15053,8 @@ int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
          */
 
         /* ContentInfo content EXPLICIT SEQUENCE */
-        contentInfoContentSeqSz = SetExplicit(0, totalSz, contentInfoContentSeq, 0);
+        contentInfoContentSeqSz = SetExplicit(0, totalSz, contentInfoContentSeq,
+            0);
         totalSz += contentInfoContentSeqSz;
 
         ret = wc_SetContentType(COMPRESSED_DATA, contentInfoTypeOid,
@@ -14570,8 +15115,8 @@ int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 /* unwrap and decompress PKCS#7/CMS compressedData object,
  * Handles content wrapped compressed data and raw compressed data packet
  * returned decoded size */
-int wc_PKCS7_DecodeCompressedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
-                                  byte* output, word32 outputSz)
+int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg,
+    word32 pkiMsgSz, byte* output, word32 outputSz)
 {
     int length, version, ret;
     word32 idx = 0, algOID, contentType;
diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c
index b4b5c0f7e..bd72a409c 100644
--- a/wolfcrypt/src/poly1305.c
+++ b/wolfcrypt/src/poly1305.c
@@ -1,6 +1,6 @@
 /* poly1305.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,16 +36,10 @@ and Daniel J. Bernstein
  *                     303.004 MiB/s with and 1874.194 MiB/s without.
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_POLY1305
 #include <wolfssl/wolfcrypt/poly1305.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -231,7 +225,8 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac);
         p[7] = (byte)(v >> 56);
     }
 #endif/* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
-#else /* if not 64 bit then use 32 bit */
+/* if not 64 bit then use 32 bit */
+#elif !defined(WOLFSSL_ARMASM)
 
     static word32 U8TO32(const byte *p)
     {
@@ -268,8 +263,7 @@ static WC_INLINE void u32tole64(const word32 inLe32, byte outLe64[8])
 }
 
 
-#if (!defined(WOLFSSL_ARMASM) || !defined(__aarch64__)) && \
-    !defined(WOLFSSL_RISCV_ASM)
+#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM)
 /*
 This local function operates on a message with a given number of bytes
 with a given ctx pointer to a Poly1305 structure.
@@ -529,6 +523,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
     #endif
         poly1305_setkey_avx(ctx, key);
     RESTORE_VECTOR_REGISTERS();
+    ctx->started = 0;
 #elif defined(POLY130564)
 
     /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
@@ -788,7 +783,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
 
     return 0;
 }
-#endif /* (!WOLFSSL_ARMASM || !__aarch64__) && !WOLFSSL_RISCV_ASM */
+#endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
 
 
 int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
@@ -813,13 +808,49 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
     printf("\n");
 #endif
 
+#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_THUMB2) && \
+    !defined(WOLFSSL_ARMASM_NO_NEON)
+    /* handle leftover */
+    if (ctx->leftover) {
+        size_t want = sizeof(ctx->buffer) - ctx->leftover;
+        if (want > bytes)
+            want = bytes;
+
+        for (i = 0; i < want; i++)
+            ctx->buffer[ctx->leftover + i] = m[i];
+        bytes -= (word32)want;
+        m += want;
+        ctx->leftover += want;
+        if (ctx->leftover < sizeof(ctx->buffer)) {
+            return 0;
+        }
+
+        poly1305_blocks(ctx, ctx->buffer, sizeof(ctx->buffer));
+        ctx->leftover = 0;
+    }
+
+    /* process full blocks */
+    if (bytes >= sizeof(ctx->buffer)) {
+        size_t want = bytes & ~((size_t)POLY1305_BLOCK_SIZE - 1);
+
+        poly1305_blocks(ctx, m, want);
+        m += want;
+        bytes -= (word32)want;
+    }
+
+    /* store leftover */
+    if (bytes) {
+        for (i = 0; i < bytes; i++)
+            ctx->buffer[ctx->leftover + i] = m[i];
+        ctx->leftover += bytes;
+    }
+#else
 #ifdef USE_INTEL_POLY1305_SPEEDUP
     #ifdef HAVE_INTEL_AVX2
     if (IS_INTEL_AVX2(intel_flags)) {
         SAVE_VECTOR_REGISTERS(return _svr_ret;);
 
         /* handle leftover */
-
         if (ctx->leftover) {
             size_t want = sizeof(ctx->buffer) - ctx->leftover;
             if (want > bytes)
@@ -835,8 +866,10 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
                 return 0;
             }
 
-            if (!ctx->started)
+            if (!ctx->started) {
                 poly1305_calc_powers_avx2(ctx);
+                ctx->started = 1;
+            }
             poly1305_blocks_avx2(ctx, ctx->buffer, sizeof(ctx->buffer));
             ctx->leftover = 0;
         }
@@ -845,8 +878,10 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
         if (bytes >= sizeof(ctx->buffer)) {
             size_t want = bytes & ~(sizeof(ctx->buffer) - 1);
 
-            if (!ctx->started)
+            if (!ctx->started) {
                 poly1305_calc_powers_avx2(ctx);
+                ctx->started = 1;
+            }
             poly1305_blocks_avx2(ctx, m, want);
             m += want;
             bytes -= (word32)want;
@@ -883,8 +918,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
         /* process full blocks */
         if (bytes >= POLY1305_BLOCK_SIZE) {
             size_t want = ((size_t)bytes & ~((size_t)POLY1305_BLOCK_SIZE - 1));
-#if (!defined(WOLFSSL_ARMASM) || !defined(__aarch64__)) && \
-    !defined(WOLFSSL_RISCV_ASM)
+#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM)
             int ret;
             ret = poly1305_blocks(ctx, m, want);
             if (ret != 0)
@@ -903,6 +937,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes)
             ctx->leftover += bytes;
         }
     }
+#endif
 
     return 0;
 }
diff --git a/wolfcrypt/src/poly1305_asm.S b/wolfcrypt/src/poly1305_asm.S
index b995670f8..be3a7a5dd 100644
--- a/wolfcrypt/src/poly1305_asm.S
+++ b/wolfcrypt/src/poly1305_asm.S
@@ -1,6 +1,6 @@
 /* poly1305_asm.S */
 /*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,7 +42,9 @@
 #define HAVE_INTEL_AVX1
 #endif /* HAVE_INTEL_AVX1 */
 #ifndef NO_AVX2_SUPPORT
+#ifndef HAVE_INTEL_AVX2
 #define HAVE_INTEL_AVX2
+#endif /* HAVE_INTEL_AVX2 */
 #endif /* NO_AVX2_SUPPORT */
 
 #ifdef WOLFSSL_X86_64_BUILD
diff --git a/wolfcrypt/src/poly1305_asm.asm b/wolfcrypt/src/poly1305_asm.asm
index 1182da509..5c408fe78 100644
--- a/wolfcrypt/src/poly1305_asm.asm
+++ b/wolfcrypt/src/poly1305_asm.asm
@@ -1,6 +1,6 @@
 ; /* poly1305_asm.asm */
 ; /*
-; * Copyright (C) 2006-2024 wolfSSL Inc.
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
diff --git a/wolfcrypt/src/port/Espressif/README.md b/wolfcrypt/src/port/Espressif/README.md
index 40114f9fd..3c27d8373 100644
--- a/wolfcrypt/src/port/Espressif/README.md
+++ b/wolfcrypt/src/port/Espressif/README.md
@@ -12,20 +12,20 @@ Support for the ESP32 on-board cryptographic hardware acceleration for symmetric
 
 ## ESP32 Acceleration
 
-More details about ESP32 HW Accelerationcan be found in:
+More details about ESP32 HW Acceleration can be found in:
 
-* [ESP32 Technical Reference Manual](https://espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf)
-* [ESP32-S2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s2_technical_reference_manual_en.pdf)
-* [ESP32-S3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf)
-* [ESP32-C2 (aka ESP8684 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp8684_technical_reference_manual_en.pdf)
-* [ESP32-C3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf)
-* [ESP32-C6 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c6_technical_reference_manual_en.pdf)
-* [ESP32-H2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-h2_technical_reference_manual_en.pdf)
+* `esp32_technical_reference_manual_en.pdf`
+* `esp32-s2_technical_reference_manual_en.pdf`
+* `esp32-s3_technical_reference_manual_en.pdf`
+* `esp8684_technical_reference_manual_en.pdf`
+* `esp32-c3_technical_reference_manual_en.pdf`
+* `esp32-c6_technical_reference_manual_en.pdf`
+* `esp32-h2_technical_reference_manual_en.pdf`
 
 ### Building
 
 Simply run `ESP-IDF.py` in any of the [Espressif/ESP-IDF/Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples).
-See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl).
+See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
 
 Hardware acceleration is enabled by default. All settings should be adjusted in the respective project component
 `user_settings.h` file. See the example in [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h).
@@ -160,10 +160,10 @@ ECDSA    256 sign            4 ops took 1.101 sec, avg 275.250 ms, 3.633 ops/sec
 ECDSA    256 verify          2 ops took 1.092 sec, avg 546.000 ms, 1.832 ops/sec
 ```
 
-Condition  :  
-- Model    : ESP32-WROOM-32  
-- CPU Speed: 240Mhz  
-- ESP-IDF  : v3.3-beta1-39-g6cb37ecc5(commit hash : 6cb37ecc5)  
+Condition  :
+- Model    : ESP32-WROOM-32
+- CPU Speed: 240Mhz
+- ESP-IDF  : v3.3-beta1-39-g6cb37ecc5(commit hash : 6cb37ecc5)
 - OS       : Ubuntu 18.04.1 LTS (Bionic Beaver)
 
 ## Support
diff --git a/wolfcrypt/src/port/Espressif/esp32_aes.c b/wolfcrypt/src/port/Espressif/esp32_aes.c
index e8c917c9a..b1479de33 100644
--- a/wolfcrypt/src/port/Espressif/esp32_aes.c
+++ b/wolfcrypt/src/port/Espressif/esp32_aes.c
@@ -1,6 +1,6 @@
 /* esp32_aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -514,9 +514,9 @@ int wc_esp32AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     int ret;
     int i;
     int offset = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     byte *iv;
-    byte temp_block[AES_BLOCK_SIZE];
+    byte temp_block[WC_AES_BLOCK_SIZE];
 
     ESP_LOGV(TAG, "enter wc_esp32AesCbcEncrypt");
 
@@ -533,19 +533,19 @@ int wc_esp32AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     if (ret == ESP_OK) {
         while (blocks--) {
-            XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
+            XMEMCPY(temp_block, in + offset, WC_AES_BLOCK_SIZE);
 
             /* XOR block with IV for CBC */
-            for (i = 0; i < AES_BLOCK_SIZE; i++) {
+            for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
                 temp_block[i] ^= iv[i];
             }
 
             esp_aes_bk(temp_block, (out + offset));
 
-            offset += AES_BLOCK_SIZE;
+            offset += WC_AES_BLOCK_SIZE;
 
             /* store IV for next block */
-            XMEMCPY(iv, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(iv, out + offset - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         } /* while (blocks--) */
     } /* if Set Mode successful (ret == ESP_OK) */
 
@@ -573,9 +573,9 @@ int wc_esp32AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     int i;
     int offset = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     byte* iv;
-    byte temp_block[AES_BLOCK_SIZE];
+    byte temp_block[WC_AES_BLOCK_SIZE];
 
     ESP_LOGV(TAG, "enter wc_esp32AesCbcDecrypt");
 
@@ -592,19 +592,19 @@ int wc_esp32AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     if (ret == ESP_OK) {
         while (blocks--) {
-            XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
+            XMEMCPY(temp_block, in + offset, WC_AES_BLOCK_SIZE);
 
             esp_aes_bk((in + offset), (out + offset));
 
             /* XOR block with IV for CBC */
-            for (i = 0; i < AES_BLOCK_SIZE; i++) {
+            for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
                 (out + offset)[i] ^= iv[i];
             }
 
             /* store IV for next block */
-            XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
+            XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE);
 
-            offset += AES_BLOCK_SIZE;
+            offset += WC_AES_BLOCK_SIZE;
         } /* while (blocks--) */
         esp_aes_hw_Leave();
     } /* if Set Mode was successful (ret == ESP_OK) */
@@ -637,7 +637,7 @@ int esp_hw_show_aes_metrics(void)
 #if defined(WOLFSSL_HW_METRICS)
 
     ESP_LOGI(TAG, "--------------------------------------------------------");
-    ESP_LOGI(TAG, "------------- wolfSSL ESP HW AES Metrics----------------");
+    ESP_LOGI(TAG, "-------------  wolfSSL ESP HW AES Metrics  -------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
 
     ESP_LOGI(TAG, "esp_aes_unsupported_length_usage_ct = %lu",
diff --git a/wolfcrypt/src/port/Espressif/esp32_mp.c b/wolfcrypt/src/port/Espressif/esp32_mp.c
index 5c3759273..dbfd13342 100644
--- a/wolfcrypt/src/port/Espressif/esp32_mp.c
+++ b/wolfcrypt/src/port/Espressif/esp32_mp.c
@@ -1,6 +1,6 @@
 /* esp32_mp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,7 +35,6 @@
  *
  * Also, beware: "we have uint32_t == unsigned long for both Xtensa and RISC-V"
  * see https://github.com/espressif/esp-idf/issues/9511#issuecomment-1207342464
- * https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/release-5.x/5.0/gcc.html
  */
 
 #ifdef HAVE_CONFIG_H
@@ -69,9 +68,70 @@
     #include <freertos/semphr.h>
 #endif
 
-#define ESP_HW_RSAMAX_BIT           4096
-#define ESP_HW_MULTI_RSAMAX_BITS    2048
 #define ESP_HW_RSAMIN_BIT           512
+#define ESP_HW_RSAMAX_BIT           4096
+#if defined(CONFIG_IDF_TARGET_ESP32)
+    /* See 24.3.2 Large Number Modular Exponentiation:
+     *     esp32_technical_reference_manual_en.pdf
+     * The RSA Accelerator supports specific operand lengths of N
+     * {512, 1024, 1536, 2048, 2560, 3072, 3584, 4096} bits
+     *
+     * 24.3.4 Large Number Multiplication
+     * The length of Z is twice that of X and Y . Therefore, the RSA Accelerator
+     * supports large-number multiplication with only four operand lengths of
+     * N in {512, 1024, 1536, 2048} */
+    #define ESP_HW_MOD_RSAMAX_BITS      4096
+    #define ESP_HW_MULTI_RSAMAX_BITS    2048
+#elif defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* See 18.3.1 Large Number Modular Exponentiation
+     *     esp32-s2_technical_reference_manual_en.pdf
+     * RSA Accelerator supports operands of length N = (32 * x),
+     * where x in {1, 2, 3, . . . , 128}. The bit lengths of arguments
+     * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation
+     * must be of the same length. 32 * 128 = 4096 */
+    #define ESP_HW_MOD_RSAMAX_BITS      4096
+    #define ESP_HW_MULTI_RSAMAX_BITS    2048
+#elif defined(CONFIG_IDF_TARGET_ESP32S3)
+    /* See 20.3.1 Large Number Modular Exponentiation
+     *     esp32-s3_technical_reference_manual_en.pdf
+     * RSA Accelerator supports operands of length N = (32 * x),
+     * where x in {1, 2, 3, . . . , 128}. The bit lengths of arguments
+     * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation
+     * must be of the same length. 32 * 128 = 4096 */
+    #define ESP_HW_MOD_RSAMAX_BITS      4096
+    #define ESP_HW_MULTI_RSAMAX_BITS    2048
+#elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    /* See 20.3.1 Large Number Modular Exponentiation
+     *     esp32-c3_technical_reference_manual_en.pdf
+     * RSA Accelerator supports operands of length N = (32 * x),
+     * where x in {1, 2, 3, . . . , 96}. The bit lengths of arguments
+     * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation
+     * must be of the same length. 32 * 96 = 3072 */
+    #define ESP_HW_MOD_RSAMAX_BITS      3072
+    /* The length of result Z is twice that of operand X and operand Y.
+     * Therefore, the RSA accelerator only supports large-number multiplication
+     * with operand length N = 32 * x, where x in {1, 2, 3, . . . , 48}.
+     * 32 * (96/2) = 32 * (48/2) = 1536 */
+    #define ESP_HW_MULTI_RSAMAX_BITS    1536
+#elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    /* See 22.3.1 Large-number Modular Exponentiation
+     *   esp32-c6_technical_reference_manual_en.pdf
+     * The RSA accelerator supports operands of length N = (32 * x),
+     * where x in {1, 2, 3, . . . , 96}. The bit lengths of arguments
+     * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation
+     * must be of the same length. 32 * 96 = 3072 */
+    #define ESP_HW_MOD_RSAMAX_BITS      3072
+    /* The length of result Z is twice that of operand X and operand Y.
+     * Therefore, the RSA accelerator only supports large-number multiplication
+     * with operand length N = 32 * x, where x in {1, 2, 3, . . . , 48}.
+     * 32 * (96/2) = 32 * (48/2) = 1536 */
+    #define ESP_HW_MULTI_RSAMAX_BITS    1536
+#else
+    /* No HW on ESP8266, but then we'll not even use this lib.
+     * Other ESP32 devices not implemented: */
+    #define ESP_HW_MOD_RSAMAX_BITS      0
+    #define ESP_HW_MULTI_RSAMAX_BITS    0
+#endif
 
 /* (s+(4-1))/ 4    */
 #define BYTE_TO_WORDS(s)            (((s+3)>>2))
@@ -81,6 +141,7 @@
 
 #define BITS_IN_ONE_WORD            32
 
+/* Some minimum operand sizes, fall back to SW if too small: */
 #ifndef ESP_RSA_MULM_BITS
     #define ESP_RSA_MULM_BITS 16
 #endif
@@ -93,8 +154,18 @@
     #define ESP_RSA_EXPT_YBITS 8
 #endif
 
+/* RSA math calculation timeout */
+#ifndef ESP_RSA_TIMEOUT_CNT
+    #define ESP_RSA_TIMEOUT_CNT 0x5000000
+#endif
 #define ESP_TIMEOUT(cnt)         (cnt >= ESP_RSA_TIMEOUT_CNT)
 
+/* Hardware Ready Timeout */
+#ifndef ESP_RSA_WAIT_TIMEOUT_CNT
+    #define ESP_RSA_WAIT_TIMEOUT_CNT 0x20
+#endif
+#define ESP_WAIT_TIMEOUT(cnt)    (cnt >= ESP_RSA_WAIT_TIMEOUT_CNT)
+
 #if defined(CONFIG_IDF_TARGET_ESP32C3)
     #include <soc/system_reg.h>
     #include <soc/hwcrypto_reg.h>
@@ -142,33 +213,42 @@ static portMUX_TYPE wc_rsa_reg_lock = portMUX_INITIALIZER_UNLOCKED;
 #ifdef WOLFSSL_HW_METRICS
         static unsigned long esp_mp_max_used = 0;
 
-        static unsigned long esp_mp_mulmod_small_x_ct = 0;
-        static unsigned long esp_mp_mulmod_small_y_ct = 0;
-
-        static unsigned long esp_mp_max_timeout = 0;
+        static unsigned long esp_mp_max_timeout = 0; /* Calc duration */
+        static unsigned long esp_mp_max_wait_timeout; /* HW wait duration */
 
+    /* HW Multiplication Metrics */
     #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
         static unsigned long esp_mp_mul_usage_ct = 0;
         static unsigned long esp_mp_mul_error_ct = 0;
+        static unsigned long esp_mp_mul_tiny_ct = 0;
+        static unsigned long esp_mp_mul_max_exceeded_ct = 0;
     #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */
 
+    /* HW Modular Multiplication Metrics */
     #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+        static unsigned long esp_mp_mulmod_small_x_ct = 0;
+        static unsigned long esp_mp_mulmod_small_y_ct = 0;
+        static unsigned long esp_mp_mulmod_max_exceeded_ct = 0;
         static unsigned long esp_mp_mulmod_usage_ct = 0;
         static unsigned long esp_mp_mulmod_fallback_ct = 0;
         static unsigned long esp_mp_mulmod_even_mod_ct = 0;
         static unsigned long esp_mp_mulmod_error_ct = 0;
-    #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
+     #endif
 
+    /* HW Modular Exponentiation Metrics */
     #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
         static unsigned long esp_mp_exptmod_usage_ct = 0;
         static unsigned long esp_mp_exptmod_error_ct = 0;
+        static unsigned long esp_mp_exptmod_max_exceeded_ct = 0;
         static unsigned long esp_mp_exptmod_fallback_ct = 0;
     #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
-#endif
+#endif /* WOLFSSL_HW_METRICS */
 
 /* mutex */
 #ifdef SINGLE_THREADED
-    int single_thread_locked = 0;
+    /* Although freeRTOS is multithreaded, if we know we'll only be in
+     * a single thread for wolfSSL, we can avoid the complexity of mutexes. */
+    static int single_thread_locked = 0;
 #else
     static wolfSSL_Mutex mp_mutex;
     static int espmp_CryptHwMutexInit = 0;
@@ -185,7 +265,7 @@ static portMUX_TYPE wc_rsa_reg_lock = portMUX_INITIALIZER_UNLOCKED;
 * check if the HW is ready before accessing it
 *
 * See 24.3.1 Initialization of ESP32 Technical Reference Manual
-* https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf
+*   esp32_technical_reference_manual_en.pdf
 *
 * The RSA Accelerator is activated by enabling the corresponding peripheral
 * clock, and by clearing the DPORT_RSA_PD bit in the DPORT_RSA_PD_CTRL_REG
@@ -238,14 +318,23 @@ static int esp_mp_hw_wait_clean(void)
     /* no HW timeout if we don't know the platform. assumes no HW */
 #endif
 
-    #if defined(WOLFSSL_HW_METRICS)
-    {
-        esp_mp_max_timeout = (timeout > esp_mp_max_timeout) ? timeout :
-                                                        esp_mp_max_timeout;
+#if defined(WOLFSSL_HW_METRICS)
+    /* The wait timeout is separate from the overall max calc timeout. */
+    if (timeout > esp_mp_max_wait_timeout) {
+        esp_mp_max_wait_timeout = timeout;
     }
-    #endif
+    /* Also see if the overall timeout has been increased. */
+    if (timeout > esp_mp_max_timeout) {
+        esp_mp_max_timeout = timeout;
+    }
+#endif
 
     if (ESP_TIMEOUT(timeout)) {
+        /* This is highly unusual and will likely only occur in multi-threaded
+         * application. wolfSSL ctx is not thread safe. */
+    #ifndef SINGLE_THREADED
+        ESP_LOGI(TAG, "Consider #define SINGLE_THREADED. See docs");
+    #endif
         ESP_LOGE(TAG, "esp_mp_hw_wait_clean waiting HW ready timed out.");
         ret = WC_HW_WAIT_E; /* hardware is busy, MP_HW_BUSY; */
     }
@@ -293,7 +382,7 @@ static int esp_mp_hw_islocked(void)
 * Returns 0 (ESP_OK) if the HW lock was initialized and mutex lock.
 *
 * See Chapter 24:
-*  https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf
+*   esp32_technical_reference_manual_en.pdf
 *
 * The RSA Accelerator is activated by enabling the corresponding peripheral
 * clock, and by clearing the DPORT_RSA_PD bit in the DPORT_RSA_PD_CTRL_REG
@@ -332,8 +421,7 @@ static int esp_mp_hw_lock(void)
     if (ret == ESP_OK) {
         /* lock hardware; there should be exactly one instance
          * of esp_CryptHwMutexLock(&mp_mutex ...) in code  */
-        /* TODO - do we really want to wait?
-         *    probably not */
+
         ret = esp_CryptHwMutexLock(&mp_mutex, ESP_MP_HW_LOCK_MAX_DELAY);
         if (ret != ESP_OK) {
             ESP_LOGE(TAG, "mp engine lock failed.");
@@ -529,7 +617,9 @@ static int esp_mp_hw_unlock(void)
         ESP_LOGV(TAG, "exit esp_mp_hw_unlock");
     }
     else {
+#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
         ESP_LOGW(TAG, "Warning: esp_mp_hw_unlock called when not locked.");
+#endif
     }
 
     return ret;
@@ -736,6 +826,12 @@ static int wait_until_done(word32 reg)
 
 #endif
 
+#if defined(WOLFSSL_HW_METRICS)
+    if (timeout > esp_mp_max_timeout) {
+        esp_mp_max_timeout = timeout;
+    }
+#endif
+
     if (ESP_TIMEOUT(timeout)) {
         ESP_LOGE(TAG, "rsa operation timed out.");
         ret = WC_HW_E; /* MP_HW_ERROR; */
@@ -1084,12 +1180,17 @@ int esp_mp_montgomery_init(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M,
                 mph->hwWords_sz  = words2hwords(mph->maxWords_sz);
 
                 if ((mph->hwWords_sz << 5) > ESP_HW_RSAMAX_BIT) {
+            #if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) || \
+                defined(WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS)
                     ESP_LOGW(TAG, "Warning: hwWords_sz = %d (%d bits)"
                                   " exceeds HW maximum bits (%d), "
                                   " falling back to SW.",
                         mph->hwWords_sz,
                         mph->hwWords_sz << 5,
                         ESP_HW_RSAMAX_BIT);
+            #endif
+                    /* The fallback error code is expected to be handled by
+                     * caller to perform software instead. */
                     ret = MP_HW_FALLBACK;
                 } /* hwWords_sz check  */
             } /* X and Y size ok */
@@ -1285,17 +1386,34 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
     Zs = Xs + Ys;
 
     /* RSA Accelerator only supports Large Number Multiplication
-     * with operand length N = 32 * x,
-     * where x in {1, 2, 3, . . . , 64} */
-    if (Xs > 64 || Ys > 64) {
-        return MP_HW_FALLBACK; /* TODO add count metric on size fallback */
+     * with certain operand lengths N = (32 * x); See above. */
+    if (Xs > ESP_HW_MULTI_RSAMAX_BITS) {
+#if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS)
+        ESP_LOGW(TAG, "mp-mul X %d bits exceeds max bit length (%d)",
+                        Xs, ESP_HW_MULTI_RSAMAX_BITS);
+#endif
+        esp_mp_mul_max_exceeded_ct++;
+        return MP_HW_FALLBACK;
+    }
+    if (Ys > ESP_HW_MULTI_RSAMAX_BITS) {
+#if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS)
+        ESP_LOGW(TAG, "mp-mul Y %d bits exceeds max bit length (%d)",
+                        Ys, ESP_HW_MULTI_RSAMAX_BITS);
+#endif
+        esp_mp_mul_max_exceeded_ct++;
+        return MP_HW_FALLBACK;
     }
 
-    if (Zs <= sizeof(mp_digit)*8) {
+    /* sizeof(mp_digit) is typically 4 bytes.
+     * If the total Zs fits into a 4 * 8 = 32 bit word, just do regular math: */
+    if (Zs <= sizeof(mp_digit) * 8) {
         Z->dp[0] = X->dp[0] * Y->dp[0];
         Z->used = 1;
 #if defined(WOLFSSL_SP_INT_NEGATIVE) || defined(USE_FAST_MATH)
         Z->sign = res_sign; /* See above mp_isneg() for negative detection */
+#endif
+#if defined(WOLFSSL_HW_METRICS)
+        esp_mp_mul_tiny_ct++;
 #endif
         return MP_OKAY;
     }
@@ -1306,13 +1424,21 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
         hwWords_sz  = words2hwords(maxWords_sz);
 
         resultWords_sz = bits2words(Xs + Ys);
-        /* sanity check */
+
+        /* Final parameter sanity check */
         if ( (hwWords_sz << 5) > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "exceeds max bit length(2048) (a)");
-            ret = MP_HW_FALLBACK; /*  Error: value is not able to be used. */
+    #if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS)
+            ESP_LOGW(TAG, "mp-mul exceeds max bit length (%d)",
+                           ESP_HW_MULTI_RSAMAX_BITS);
+    #endif
+    #if defined(WOLFSSL_HW_METRICS)
+            esp_mp_mul_max_exceeded_ct++;
+    #endif
+            return MP_HW_FALLBACK; /*  Fallback to use SW */
         }
     }
 
+    /* If no initial exit, proceed to hardware multiplication calculations: */
 #if defined(CONFIG_IDF_TARGET_ESP32)
     /* assumed to be regular ESP32 Xtensa here */
 
@@ -1440,11 +1566,17 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
 
     /* Make sure we are within capabilities of hardware. */
     if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) {
-        ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS);
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        ESP_LOGW(TAG, "exceeds max bit length(%d)",
+                       ESP_HW_MULTI_RSAMAX_BITS);
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
     if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) {
-        ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT );
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        ESP_LOGW(TAG, "result exceeds max bit length(%d) * 2",
+                       ESP_HW_RSAMAX_BIT );
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
 
@@ -1517,21 +1649,30 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
     /* Unlike the ESP32 that is limited to only four operand lengths,
      * the ESP32-C6 The RSA Accelerator supports large-number modular
-     * multiplication with operands of 128 different lengths.
+     * multiplication with operands of 96 different lengths. (1 .. 96 words)
      *
      * X & Y must be represented by the same number of bits. Must be
-     * enough to represent the larger one. */
+     * enough to represent the larger one.
+     *
+     * Multiplication is limited to 48 different lengths (1 .. 48 words) */
 
     /* Figure out how many words we need to
      * represent each operand & the result. */
 
     /* Make sure we are within capabilities of hardware. */
+
     if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) {
-        ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS);
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        ESP_LOGW(TAG, "RSA mul result hwWords_sz %d exceeds max bit length %d",
+                       hwWords_sz, ESP_HW_MULTI_RSAMAX_BITS);
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
     if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) {
-        ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT );
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        ESP_LOGW(TAG, "RSA max result hwWords_sz %d exceeds max bit length %d",
+                       hwWords_sz, ESP_HW_RSAMAX_BIT );
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
 
@@ -1627,11 +1768,15 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z)
 
     /* Make sure we are within capabilities of hardware. */
     if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) {
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
         ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS);
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
     if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) {
+#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
         ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT );
+#endif
         ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */
     }
 
@@ -1934,10 +2079,9 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
         }
         #endif
         ret = MP_HW_FALLBACK;
-        /* TODO add debug metrics */
         #ifdef WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
         {
-            ESP_LOGV(TAG, "esp_mp_mulmod falling back for ESP_RSA_MULM_BITS!");
+            ESP_LOGW(TAG, "esp_mp_mulmod falling back for ESP_RSA_MULM_BITS!");
         }
         #endif
     }
@@ -2101,9 +2245,11 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
         /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */
         OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
+        if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
             ESP_LOGW(TAG, "result exceeds max bit length");
-            return MP_VAL; /*  Error: value is not able to be used. */
+    #endif
+            return MP_HW_FALLBACK; /*  Error: value is not able to be used. */
         }
         WordsForOperand = bits2words(OperandBits);
         /* alt inline calc:
@@ -2190,9 +2336,16 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
         /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */
         OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            return MP_VAL; /*  Error: value is not able to be used. */
+        if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            ESP_LOGW(TAG, "mulmod OperandBits = %d "
+                          "result exceeds max bit length %d",
+                           OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+    #endif
+            if (mulmod_lock_called) {
+                ret = esp_mp_hw_unlock();
+            }
+            return MP_HW_FALLBACK; /*  Error: value is not able to be used. */
         }
         WordsForOperand = bits2words(OperandBits);
         /* alt inline calc:
@@ -2282,9 +2435,12 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
         /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */
         OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            return MP_VAL; /*  Error: value is not able to be used. */
+        if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            ESP_LOGW(TAG, "mp_mulmod OperandBits %d exceeds max bit length %d.",
+                           OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+    #endif
+            return MP_HW_FALLBACK; /*  Error: value is not able to be used. */
         }
         WordsForOperand = bits2words(OperandBits);
         /* alt inline calc:
@@ -2346,7 +2502,9 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
             ESP_LOGV(TAG, "Lock not called due to no-lock MP_HW_FALLBACK");
         }
         else {
-            ESP_LOGW(TAG, "Lock unexpectedly not called");
+    #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
+            ESP_LOGW(TAG, "Lock unexpectedly not called for mp_mulmod");
+    #endif
         }
     }
 
@@ -2505,8 +2663,8 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
  *
  *    Z = X^Y mod M
  *
- *  ESP32, Section 24.3.2  https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf
- *  ESP32S3, Section 20.3.1, https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf
+ *  ESP32, Section 24.3.2  esp32_technical_reference_manual_en.pdf
+ *  ESP32S3, Section 20.3.1, esp32-s3_technical_reference_manual_en.pdf
  *
  * The operation is based on Montgomery multiplication. Aside from the
  * arguments X, Y , and M, two additional ones are needed -r and M'
@@ -2623,6 +2781,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
             #ifdef DEBUG_WOLFSSL
                 esp_mp_exptmod_depth_counter--;
             #endif
+            return MP_HW_FALLBACK; /* If we can't lock HW, fall back to SW */
         }
     } /* the only thing we expect is success or busy */
 
@@ -2700,6 +2859,25 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
     }
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+    OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
+    if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_HW_METRICS
+        ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d",
+                       OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+        esp_mp_mulmod_max_exceeded_ct++;
+    #endif
+       if (exptmod_lock_called) {
+            ret = esp_mp_hw_unlock();
+        }
+        ESP_LOGV(TAG, "Return esp_mp_exptmod fallback");
+
+        /* HW not capable for this size, return error to fall back to SW: */
+        return MP_HW_FALLBACK;
+    }
+    else {
+        WordsForOperand = bits2words(OperandBits);
+    }
+
     /* Steps to perform large number modular exponentiation.
      * Calculates Z = (X ^ Y) modulo M.
      * The number of bits in the operands (X, Y) is N. N can be 32x,
@@ -2725,17 +2903,6 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
         ret = esp_mp_hw_wait_clean();
     }
 
-    if (ret == MP_OKAY) {
-        OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            ret = MP_VAL; /*  Error: value is not able to be used. */
-        }
-        else {
-            WordsForOperand = bits2words(OperandBits);
-        }
-    }
-
     if (ret == MP_OKAY) {
         /* 2. Disable completion interrupt signal; we don't use.
         **    0 => no interrupt; 1 => interrupt on completion. */
@@ -2786,6 +2953,25 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
     /* end if CONFIG_IDF_TARGET_ESP32C3 */
 
 #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+    OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
+    if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_HW_METRICS
+        ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d",
+                       OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+        esp_mp_mulmod_max_exceeded_ct++;
+    #endif
+       if (exptmod_lock_called) {
+            ret = esp_mp_hw_unlock();
+        }
+        ESP_LOGV(TAG, "Return esp_mp_exptmod fallback");
+
+        /* HW not capable for this size, return error to fall back to SW: */
+        return MP_HW_FALLBACK;
+    }
+    else {
+        WordsForOperand = bits2words(OperandBits);
+    }
+
     /* Steps to perform large number modular exponentiation.
      * Calculates Z = (X ^ Y) modulo M.
      * The number of bits in the operands (X, Y) is N. N can be 32x,
@@ -2811,17 +2997,6 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
         ret = esp_mp_hw_wait_clean();
     }
 
-    if (ret == MP_OKAY) {
-        OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            ret = MP_VAL; /*  Error: value is not able to be used. */
-        }
-        else {
-            WordsForOperand = bits2words(OperandBits);
-        }
-    }
-
     if (ret == MP_OKAY) {
         /* 2. Disable completion interrupt signal; we don't use.
         **    0 => no interrupt; 1 => interrupt on completion. */
@@ -2864,11 +3039,16 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
     }
 
     /* 8. clear and release HW                    */
+    #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
+        ESP_LOGI(TAG, "Unlock esp_mp_exptmod");
+    #endif
     if (exptmod_lock_called) {
         ret = esp_mp_hw_unlock();
     }
     else {
+    #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
         ESP_LOGV(TAG, "Lock not called");
+    #endif
     }
     /* end if CONFIG_IDF_TARGET_ESP32C6 */
 
@@ -2900,9 +3080,12 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
     if (ret == MP_OKAY) {
         OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms);
-        if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) {
-            ESP_LOGW(TAG, "result exceeds max bit length");
-            ret = MP_VAL; /*  Error: value is not able to be used. */
+        if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) {
+    #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d",
+                           OperandBits, ESP_HW_MOD_RSAMAX_BITS);
+    #endif
+            ret = MP_HW_FALLBACK; /*  Error: value is not able to be used. */
         }
         else {
             WordsForOperand = bits2words(OperandBits);
@@ -2978,6 +3161,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 #ifdef WOLFSSL_HW_METRICS
     esp_mp_max_used = (Z->used > esp_mp_max_used) ? Z->used : esp_mp_max_used;
 #endif
+    ESP_LOGV(TAG, "Return esp_mp_exptmod %d", ret);
 
     return ret;
 } /* esp_mp_exptmod */
@@ -2988,6 +3172,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
 
 #endif /* !NO_RSA || HAVE_ECC */
 
+/* Some optional metrics when using RSA HW Acceleration */
 #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS)
 int esp_hw_show_mp_metrics(void)
 {
@@ -3004,6 +3189,10 @@ int esp_hw_show_mp_metrics(void)
     ESP_LOGI(TAG, "esp_mp_mul HW acceleration enabled.");
     ESP_LOGI(TAG, "Number of calls to esp_mp_mul: %lu",
                    esp_mp_mul_usage_ct);
+    ESP_LOGI(TAG, "Number of calls to esp_mp_mul with tiny operands: %lu",
+                   esp_mp_mul_tiny_ct);
+    ESP_LOGI(TAG, "Number of calls to esp_mp_mul HW operand exceeded: %lu",
+                   esp_mp_mul_max_exceeded_ct);
     if (esp_mp_mul_error_ct == 0) {
         ESP_LOGI(TAG, "Success: no esp_mp_mul() errors.");
     }
@@ -3025,6 +3214,8 @@ int esp_hw_show_mp_metrics(void)
     /* Metrics: esp_mp_mulmod() */
     ESP_LOGI(TAG, "Number of calls to esp_mp_mulmod: %lu",
                    esp_mp_mulmod_usage_ct);
+    ESP_LOGI(TAG, "Number of calls to esp_mp_mulmod HW operand exceeded: %lu",
+                   esp_mp_mulmod_max_exceeded_ct);
     ESP_LOGI(TAG, "Number of fallback to SW mp_mulmod: %lu",
                    esp_mp_mulmod_fallback_ct);
 
@@ -3065,6 +3256,8 @@ int esp_hw_show_mp_metrics(void)
 
     ESP_LOGI(TAG, "Number of calls to esp_mp_exptmod: %lu",
                    esp_mp_exptmod_usage_ct);
+    ESP_LOGI(TAG, "Number of calls to esp_mp_exptmod HW operand exceeded: %lu",
+                   esp_mp_exptmod_max_exceeded_ct);
     ESP_LOGI(TAG, "Number of fallback to SW mp_exptmod: %lu",
                    esp_mp_exptmod_fallback_ct);
     if (esp_mp_exptmod_error_ct == 0) {
@@ -3078,7 +3271,10 @@ int esp_hw_show_mp_metrics(void)
 #endif /* EXPTMOD not disabled !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
 
     ESP_LOGI(TAG, "Max N->used: esp_mp_max_used = %lu", esp_mp_max_used);
-    ESP_LOGI(TAG, "Max timeout: esp_mp_max_timeout = %lu", esp_mp_max_timeout);
+    ESP_LOGI(TAG, "Max hw wait timeout: esp_mp_max_wait_timeout = %lu",
+                   esp_mp_max_wait_timeout);
+    ESP_LOGI(TAG, "Max calc timeout: esp_mp_max_timeout = 0x%08lx",
+                   esp_mp_max_timeout);
 
 #else
     /* no HW math, no HW math metrics */
diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c
index bef77b09e..f9f8d9095 100644
--- a/wolfcrypt/src/port/Espressif/esp32_sha.c
+++ b/wolfcrypt/src/port/Espressif/esp32_sha.c
@@ -1,6 +1,6 @@
 /* esp32_sha.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,7 +20,7 @@
  */
 
 /*
- * ESP32-C3: https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf
+ * ESP32-C3: esp32-c3_technical_reference_manual_en.pdf
  *  see page 335: no SHA-512
  *
  */
@@ -135,16 +135,33 @@ static const char* TAG = "wolf_hw_sha";
 #endif
 
     static uintptr_t mutex_ctx_owner = NULLPTR;
-    static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED;
 
-#if defined(ESP_MONITOR_HW_TASK_LOCK)
+#if (defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)) \
+    || defined(WOLFSSL_DEBUG_MUTEX)
+    static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED;
+#endif
+
+#if defined(ESP_MONITOR_HW_TASK_LOCK) || !defined(SINGLE_THREADED)
     #ifdef SINGLE_THREADED
         uintptr_t esp_sha_mutex_ctx_owner(void)
         {
             return mutex_ctx_owner;
         }
+
+        uintptr_t esp_sha_mutex_ctx_owner_set(uintptr_t new_mutex_ctx_owner) {
+            mutex_ctx_owner = new_mutex_ctx_owner;
+            return new_mutex_ctx_owner;
+        }
+
+        uintptr_t esp_sha_mutex_ctx_owner_clear(void) {
+            return esp_sha_mutex_ctx_owner_set(NULLPTR);
+        }
     #else
-        static TaskHandle_t mutex_ctx_task = NULL;
+        #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
+
+            static TaskHandle_t mutex_ctx_task = NULL;
+        #endif
+
         uintptr_t esp_sha_mutex_ctx_owner(void)
         {
             uintptr_t ret = 0;
@@ -155,7 +172,22 @@ static const char* TAG = "wolf_hw_sha";
             taskEXIT_CRITICAL(&sha_crit_sect);
             return ret;
         };
-    #endif
+
+        uintptr_t esp_sha_mutex_ctx_owner_set(uintptr_t new_mutex_ctx_owner)
+        {
+            taskENTER_CRITICAL(&sha_crit_sect);
+            {
+                mutex_ctx_owner = new_mutex_ctx_owner;
+            }
+            taskEXIT_CRITICAL(&sha_crit_sect);
+            return new_mutex_ctx_owner;
+        };
+
+        uintptr_t esp_sha_mutex_ctx_owner_clear(void) {
+            return esp_sha_mutex_ctx_owner_set(NULLPTR);
+        }
+    #endif /* ! SINGLE_THREADED */
+
 
     #ifdef WOLFSSL_DEBUG_MUTEX
         WC_ESP32SHA* stray_ctx;
@@ -188,7 +220,11 @@ int esp_set_hw(WC_ESP32SHA* ctx)
              ESP_LOGV(TAG, "esp_set_hw already locked: 0x%x", (intptr_t)ctx);
         }
         ctx->mode = ESP32_SHA_HW;
+#if defined(ESP_MONITOR_HW_TASK_LOCK) || !defined(SINGLE_THREADED)
+        mutex_ctx_owner = esp_sha_mutex_ctx_owner_set((uintptr_t)ctx);
+#else
         mutex_ctx_owner = (uintptr_t)ctx;
+#endif
         ret = ESP_OK;
     }
     else {
@@ -409,7 +445,7 @@ int esp_sha_init_ctx(WC_ESP32SHA* ctx)
         if (esp_sha_hw_islocked(ctx)) {
             esp_sha_hw_unlock(ctx);
         }
-        mutex_ctx_owner = (uintptr_t)ctx;
+        mutex_ctx_owner = esp_sha_mutex_ctx_owner_set((uintptr_t)ctx);
     }
     else {
         ESP_LOGI(TAG, "MUTEX_DURING_INIT esp_sha_init_ctx for non-owner: "
@@ -506,7 +542,7 @@ int esp_sha224_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst)
     dst->ctx.initializer = (uintptr_t)&dst->ctx;
     #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
     {
-        /* not HW mode for copy, so we are not interested in task owner: */
+        /* Not HW mode for copy, so we are not interested in task owner: */
         dst->ctx.task_owner = 0;
     }
     #endif
@@ -985,27 +1021,27 @@ int esp_sha_hw_in_use()
 */
 uintptr_t esp_sha_hw_islocked(WC_ESP32SHA* ctx)
 {
-    TaskHandle_t mutexHolder;
     uintptr_t ret = 0;
+    #if !defined(WOLFSSL_DEBUG_MUTEX) && !defined(SINGLE_THREADED)
+        TaskHandle_t mutexHolder;
+    #endif
     CTX_STACK_CHECK(ctx);
 
 #ifdef WOLFSSL_DEBUG_MUTEX
-    taskENTER_CRITICAL(&sha_crit_sect);
-    {
-        ret = (uintptr_t)mutex_ctx_owner;
-        if (ctx == 0) {
-            /* we are not checking if a given ctx has the lock */
+    ret = esp_sha_mutex_ctx_owner();
+    if (ctx == 0) {
+        ESP_LOGV(TAG, "ctx == 0; Not checking if a given ctx has the lock");
+    }
+    else {
+        if (ret == (uintptr_t)ctx->initializer) {
+            ESP_LOGV(TAG, "confirmed this object is the owner");
         }
         else {
-            if (ret == (uintptr_t)ctx->initializer) {
-                /* confirmed this object is the owner */
-            }
-            else {
-                /* this object is not the lock owner */
-            }
+            ESP_LOGV(TAG, "this object is not the lock owner");
+
         }
-    }
-    taskEXIT_CRITICAL(&sha_crit_sect);
+    } /* ctx != 0 */
+
 #else
     #ifdef SINGLE_THREADED
     {
@@ -1086,17 +1122,27 @@ uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx)
                 ESP_LOGW(TAG, "New mutex_ctx_owner = NULL");
                 #ifdef ESP_MONITOR_HW_TASK_LOCK
                 {
-                    mutex_ctx_owner = NULLPTR;
+                    esp_sha_mutex_ctx_owner_clear();
                 }
                 #endif
             }
             else {
-                /* the only mismatch expected may be in a multi-thread RTOS */
-                ESP_LOGE(TAG, "ERROR: Release unfinished lock for %x but "
-                              "found %x", ret, ctx->initializer);
-            }
+        #if defined(WOLFSSL_DEBUG_MUTEX) || defined(WOLFSSL_ESP32_HW_LOCK_DEBUG)
+                if (ctx->initializer == 0) {
+                    /* A zero likely indicates prior cleanup for abandoned hash.
+                     * Check the calling code to confirm this is the case. */
+                    ESP_LOGW(TAG, "Release already finished lock for %x ?",
+                                   ctx->initializer);
+                    }
+                else {
+                    /* Mismatch expected may be in a multi-thread RTOS. */
+                    ESP_LOGW(TAG, "ERROR: Release unfinished lock for %x but "
+                                  "found %x", ret, ctx->initializer);
+                }
+        #endif
+            }  /* ret != ctx->initializer */
         #ifdef WOLFSSL_DEBUG_MUTEX
-            ESP_LOGE(TAG, "\n>>>> esp_sha_release_unfinished_lock %x\n", ret);
+            ESP_LOGW(TAG, "\n>>>> esp_sha_release_unfinished_lock %x\n", ret);
         #endif
 
             /* unlock only if this ctx is the initializer of the lock */
@@ -1132,7 +1178,9 @@ uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx)
         ESP_LOGW(TAG, "esp_sha_release_unfinished_lock mode = %d", ctx->mode);
 #endif
         if (ctx->mode == ESP32_SHA_HW) {
+#if defined(DEBUG_WOLFSSL_ESP32_UNFINISHED_HW)
             ESP_LOGW(TAG, "esp_sha_release_unfinished_lock HW!");
+#endif
         }
     }
     return ret;
@@ -1145,11 +1193,22 @@ uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx)
 int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
 {
     int ret = 0;
+
+#if defined(SINGLE_THREADED)
+    /* no mutex monitoring available in single thread mode */
+#else
+    /* thread safe get of global static mutex_ctx_owner: */
+    uintptr_t this_mutex_owner;
+
+    /* mutex_ctx_owner could change in multiple threads, assign once here: */
+    this_mutex_owner = esp_sha_mutex_ctx_owner();
+#endif
+
     CTX_STACK_CHECK(ctx);
 
 #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
-    ESP_LOGI(TAG, "enter esp_sha_hw_lock for %x",
-                   (uintptr_t)ctx->initializer);
+    ESP_LOGI(TAG, "enter esp_sha_hw_lock for %x, initializer %x",
+                   (uintptr_t)ctx, (uintptr_t)ctx->initializer);
 #endif
 
     #ifdef WOLFSSL_DEBUG_MUTEX
@@ -1218,7 +1277,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
         ret = esp_CryptHwMutexInit(&sha_mutex);
         if (ret == 0) {
             ESP_LOGV(TAG, "esp_CryptHwMutexInit sha_mutex init success.");
-            mutex_ctx_owner = NULLPTR; /* No one has the mutex yet.*/
+            esp_sha_mutex_ctx_owner_clear(); /* No one has the mutex yet. */
             #ifdef WOLFSSL_DEBUG_MUTEX
             {
                 /* Take mutex for lock/unlock test drive to ensure it works: */
@@ -1239,8 +1298,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
             ESP_LOGE(TAG, "esp_CryptHwMutexInit sha_mutex failed.");
             #ifdef WOLFSSL_DEBUG_MUTEX
             {
-                ESP_LOGV(TAG, "Current mutext owner = %x",
-                               (int)esp_sha_mutex_ctx_owner());
+                ESP_LOGV(TAG, "Current mutext owner = %x", this_mutex_owner);
             }
             #endif
 
@@ -1264,8 +1322,8 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
             if (((WC_ESP32SHA*)mutex_ctx_owner)->mode == ESP32_SHA_FREED) {
                 ESP_LOGW(TAG, "ESP32_SHA_FREED unlocking mutex_ctx_task = %x"
                               " for mutex_ctx_owner = %x",
-                              (int)mutex_ctx_task,
-                              (int)mutex_ctx_owner);
+                              (uintptr_t)mutex_ctx_task,
+                              (uintptr_t)this_mutex_owner);
             }
             else {
                 if (ctx->mode == ESP32_SHA_FREED) {
@@ -1278,7 +1336,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
                     /* Not very interesting during init. */
                     if (ctx->mode == ESP32_SHA_INIT) {
                         ESP_LOGV(TAG, "mutex_ctx_owner = 0x%x",
-                                       mutex_ctx_owner);
+                                       this_mutex_owner);
                         ESP_LOGV(TAG, "This ctx = 0x%x is ESP32_SHA_INIT",
                                       (uintptr_t)ctx);
                     }
@@ -1289,7 +1347,10 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
             } /* mutex owner ESP32_SHA_FREED check */
         } /* mutex_ctx_task is current task */
         else {
-            ESP_LOGW(TAG, "Warning: sha mutex unlock from unexpected task");
+            ESP_LOGW(TAG, "Warning: sha mutex unlock from unexpected task.");
+            ESP_LOGW(TAG, "Locking task: 0x%x", (word32)mutex_ctx_task);
+            ESP_LOGW(TAG, "This xTaskGetCurrentTaskHandle: 0x%x",
+                          (word32)xTaskGetCurrentTaskHandle());
         }
     }
 #endif /* ESP_MONITOR_HW_TASK_LOCK */
@@ -1298,7 +1359,8 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
     if (ctx->mode == ESP32_SHA_INIT) {
         /* try to lock the HW engine */
 #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
-        ESP_LOGI(TAG, "ESP32_SHA_INIT for %x\n", (uintptr_t)ctx->initializer);
+        ESP_LOGI(TAG, "ESP32_SHA_INIT for %x, initializer %x\n",
+                       (uintptr_t)ctx, (uintptr_t)ctx->initializer);
 #endif
         ESP_LOGV(TAG, "Init; release unfinished ESP32_SHA_INIT lock "
                        "for ctx 0x%x", (uintptr_t)ctx);
@@ -1316,8 +1378,9 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
         if ((mutex_ctx_owner == NULLPTR) &&
             esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0) == ESP_OK) {
             /* we've successfully locked */
-            mutex_ctx_owner = (uintptr_t)ctx;
-            ESP_LOGV(TAG, "Assigned mutex_ctx_owner to 0x%x", mutex_ctx_owner);
+            this_mutex_owner = (uintptr_t)ctx;
+            esp_sha_mutex_ctx_owner_set(this_mutex_owner);
+            ESP_LOGV(TAG, "Assigned mutex_ctx_owner to 0x%x", this_mutex_owner);
         #ifdef ESP_MONITOR_HW_TASK_LOCK
             mutex_ctx_task = xTaskGetCurrentTaskHandle();
         #endif
@@ -1336,6 +1399,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
                     else {
                         stray_ctx->initializer = (intptr_t)stray_ctx;
                         mutex_ctx_owner = (intptr_t)stray_ctx->initializer;
+                        this_mutex_owner = mutex_ctx_owner;
                     }
                 }
                 taskEXIT_CRITICAL(&sha_crit_sect);
@@ -1351,8 +1415,11 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
                              "\n\nLocking with stray\n\n"
                              "WOLFSSL_DEBUG_MUTEX call count 8, "
                              "ctx->mode = ESP32_SHA_SW %x\n\n",
-                             (int)mutex_ctx_owner);
+                             this_mutex_owner);
+            #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
+                    /* ctx->task_owner is only available for multi-threaded */
                     ctx->task_owner = xTaskGetCurrentTaskHandle();
+            #endif
                     ctx->mode = ESP32_SHA_SW;
                     return ESP_OK; /* success, but revert to SW */
                 }
@@ -1362,7 +1429,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
             /* check to see if we had a prior fail and need to unroll enables */
         #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
             ESP_LOGW(TAG, "Locking for ctx %x, current mutex_ctx_owner = %x",
-                           (uintptr_t)&ctx, esp_sha_mutex_ctx_owner());
+                           (uintptr_t)&ctx, this_mutex_owner);
             ESP_LOGI(TAG, "ctx->lockDepth = %d", ctx->lockDepth);
         #endif
             if (ctx->mode == ESP32_SHA_INIT) {
@@ -1394,7 +1461,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
         }
         else {
             /* When the lock is already in use: is it for this ctx? */
-            if ((uintptr_t)ctx == esp_sha_mutex_ctx_owner()) {
+            if ((uintptr_t)ctx == this_mutex_owner) {
                 ESP_LOGV(TAG, "I'm the owner! 0x%x", (uintptr_t)ctx);
                 ctx->mode = ESP32_SHA_SW;
             }
@@ -1402,20 +1469,20 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
             #ifdef WOLFSSL_DEBUG_MUTEX
                 ESP_LOGW(TAG, "\nHardware in use by %x; "
                                "Mode REVERT to ESP32_SHA_SW for %x\n",
-                               esp_sha_mutex_ctx_owner(),
+                               this_mutex_owner,
                                (uintptr_t)ctx->initializer);
                 ESP_LOGI(TAG, "Software Mode, lock depth = %d, for this %x",
                                ctx->lockDepth, (uintptr_t)ctx->initializer);
                 ESP_LOGI(TAG, "Current mutext owner = %x",
-                               esp_sha_mutex_ctx_owner());
+                               this_mutex_owner);
             #endif
                 ESP_LOGV(TAG, "I'm not owner! 0x%x; owner = 0x%x",
                               (uintptr_t)ctx, mutex_ctx_owner);
-                if (mutex_ctx_owner) {
+                if (this_mutex_owner) {
                 #ifdef WOLFSSL_DEBUG_MUTEX
                     ESP_LOGW(TAG, "revert to SW since mutex_ctx_owner = %x"
                                     " but we are currently ctx = %x",
-                                    mutex_ctx_owner, (intptr_t)ctx);
+                                    this_mutex_owner, (intptr_t)ctx);
                 #endif
                 }
                 else {
@@ -2376,7 +2443,7 @@ int esp_hw_show_sha_metrics(void)
     int ret = 0;
 #if defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
     ESP_LOGI(TAG, "--------------------------------------------------------");
-    ESP_LOGI(TAG, "------------- wolfSSL ESP HW SHA Metrics----------------");
+    ESP_LOGI(TAG, "-------------  wolfSSL ESP HW SHA Metrics  -------------");
     ESP_LOGI(TAG, "--------------------------------------------------------");
 
     ESP_LOGI(TAG, "esp_sha_hw_copy_ct            = %lu",
diff --git a/wolfcrypt/src/port/Espressif/esp32_util.c b/wolfcrypt/src/port/Espressif/esp32_util.c
index 793554a4a..90b3cdcc8 100644
--- a/wolfcrypt/src/port/Espressif/esp32_util.c
+++ b/wolfcrypt/src/port/Espressif/esp32_util.c
@@ -1,6 +1,6 @@
 /* esp32_util.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,7 +37,9 @@
 #if ESP_IDF_VERSION_MAJOR > 4
     #include <hal/efuse_hal.h>
     #include <rtc_wdt.h>
+    #include <esp_task_wdt.h>
 #endif
+
 /* wolfSSL */
 #include <wolfssl/wolfcrypt/wolfmath.h> /* needed to print MATH_INT_T value */
 #include <wolfssl/wolfcrypt/types.h>
@@ -98,21 +100,44 @@ int esp_CryptHwMutexInit(wolfSSL_Mutex* mutex) {
 }
 
 /*
- * call the ESP-IDF mutex lock; xSemaphoreTake
+ * Call the ESP-IDF mutex lock; xSemaphoreTake
  * this is a general mutex locker, used for different mutex objects for
- * different HW acclerators or other single-use HW features.
+ * different HW accelerators or other single-use HW features.
+ *
+ * We should already have known if the resource is in use or not.
+ *
+ * Return 0 (ESP_OK) on success, otherwise BAD_MUTEX_E
  */
 int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t block_time) {
+    int ret;
     if (mutex == NULL) {
         WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex");
         return BAD_MUTEX_E;
     }
 
 #ifdef SINGLE_THREADED
-    return wc_LockMutex(mutex); /* xSemaphoreTake take with portMAX_DELAY */
+    /* does nothing in single thread mode, always return 0 */
+    ret = wc_LockMutex(mutex);
 #else
-    return ((xSemaphoreTake(*mutex, block_time) == pdTRUE) ? 0 : BAD_MUTEX_E);
+    ret = xSemaphoreTake(*mutex, block_time);
+    ESP_LOGV(TAG, "xSemaphoreTake 0x%x = %d", (intptr_t)*mutex, ret);
+    if (ret == pdTRUE) {
+        ret = ESP_OK;
+    }
+    else {
+        if (ret == pdFALSE) {
+            ESP_LOGW(TAG, "xSemaphoreTake failed for 0x%x. Still busy?",
+                           (intptr_t)*mutex);
+            ret = ESP_ERR_NOT_FINISHED;
+        }
+        else {
+            ESP_LOGE(TAG, "xSemaphoreTake 0x%x unexpected = %d",
+                           (intptr_t)*mutex, ret);
+            ret = BAD_MUTEX_E;
+        }
+    }
 #endif
+    return ret;
 }
 
 /*
@@ -120,17 +145,36 @@ int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t block_time) {
  *
  */
 esp_err_t esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) {
+    int ret = pdTRUE;
     if (mutex == NULL) {
         WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex");
         return BAD_MUTEX_E;
     }
 
 #ifdef SINGLE_THREADED
-    return wc_UnLockMutex(mutex);
+    ret = wc_UnLockMutex(mutex);
 #else
-    xSemaphoreGive(*mutex);
-    return ESP_OK;
+    ESP_LOGV(TAG, ">> xSemaphoreGive 0x%x", (intptr_t)*mutex);
+    TaskHandle_t mutexHolder = xSemaphoreGetMutexHolder(*mutex);
+
+    if (mutexHolder == NULL) {
+        ESP_LOGW(TAG, "esp_CryptHwMutexUnLock with no lock owner 0x%x",
+                        (intptr_t)*mutex);
+        ret = ESP_OK;
+    }
+    else {
+        ret = xSemaphoreGive(*mutex);
+        if (ret == pdTRUE) {
+            ESP_LOGV(TAG, "Success: give mutex 0x%x", (intptr_t)*mutex);
+            ret = ESP_OK;
+        }
+        else {
+            ESP_LOGV(TAG, "Failed: give mutex 0x%x", (intptr_t)*mutex);
+            ret = ESP_FAIL;
+        }
+    }
 #endif
+    return ret;
 }
 #endif /* WOLFSSL_ESP32_CRYPT, etc. */
 
@@ -168,6 +212,7 @@ static int ShowExtendedSystemInfo_platform_espressif(void)
 
     WOLFSSL_VERSION_PRINTF("Xthal_have_ccount: %u",
                            Xthal_have_ccount);
+#endif
 
     /* this is the legacy stack size */
 #if defined(CONFIG_MAIN_TASK_STACK_SIZE)
@@ -205,24 +250,35 @@ static int ShowExtendedSystemInfo_platform_espressif(void)
 
 #endif
 
-#elif CONFIG_IDF_TARGET_ESP32S2
-    WOLFSSL_VERSION_PRINTF("Xthal_have_ccount = %u",
+/* Platform-specific attributes of interest*/
+#if CONFIG_IDF_TARGET_ESP32
+    #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ)
+        WOLFSSL_VERSION_PRINTF("CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: %u MHz",
+                               CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ);
+    #endif
+    WOLFSSL_VERSION_PRINTF("Xthal_have_ccount: %u",
                            Xthal_have_ccount);
-#elif CONFIG_IDF_TARGET_ESP32C6
-  /* TODO find Xthal for C6 */
+
 #elif CONFIG_IDF_TARGET_ESP32C2
-  /* TODO find Xthal for C6 */
-#elif defined(CONFIG_IDF_TARGET_ESP8684)
-  /* TODO find Xthal for C6 */
+    /* TODO find Xthal for C2 */
 #elif CONFIG_IDF_TARGET_ESP32C3
     /* not supported at this time */
-#elif CONFIG_IDF_TARGET_ESP32S3
-    WOLFSSL_VERSION_PRINTF("Xthal_have_ccount = %u",
-                           Xthal_have_ccount);
+#elif CONFIG_IDF_TARGET_ESP32C6
+    /* TODO find Xthal for C6 */
 #elif CONFIG_IDF_TARGET_ESP32H2
-    /* not supported at this time */
-#elif CONFIG_IDF_TARGET_ESP32C2
-    /* not supported at this time */
+    /* TODO find Xthal for H2 */
+#elif CONFIG_IDF_TARGET_ESP32S2
+    ESP_LOGI(TAG, "CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ = %u MHz",
+                   CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
+             );
+    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
+#elif CONFIG_IDF_TARGET_ESP32S3
+    ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz",
+                   CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
+             );
+    ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount);
+#elif defined(CONFIG_IDF_TARGET_ESP8684)
+    /* TODO find Xthal for ESP8684 */
 #else
     /* not supported at this time */
 #endif
@@ -438,6 +494,7 @@ esp_err_t ShowExtendedSystemInfo_config(void)
 {
     esp_ShowMacroStatus_need_header = 1;
 
+    show_macro("NO_ESP32_CRYPT",            STR_IFNDEF(NO_ESP32_CRYPT));
     show_macro("NO_ESPIDF_DEFAULT",         STR_IFNDEF(NO_ESPIDF_DEFAULT));
 
     show_macro("HW_MATH_ENABLED",           STR_IFNDEF(HW_MATH_ENABLED));
@@ -562,11 +619,11 @@ int ShowExtendedSystemInfo(void)
 
 #if defined(WOLFSSL_MULTI_INSTALL_WARNING)
     /* CMake may have detected undesired multiple installs, so give warning. */
-    WOLFSSL_VERSION_PRINTF("");
+    WOLFSSL_VERSION_PRINTF(WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
     WOLFSSL_VERSION_PRINTF("WARNING: Multiple wolfSSL installs found.");
     WOLFSSL_VERSION_PRINTF("Check ESP-IDF components and "
                            "local project [components] directory.");
-    WOLFSSL_VERSION_PRINTF("");
+    WOLFSSL_VERSION_PRINTF(WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 #else
     #ifdef WOLFSSL_USER_SETTINGS_DIR
     {
@@ -684,15 +741,25 @@ esp_err_t esp_DisableWatchdog(void)
         #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
               defined(CONFIG_IDF_TARGET_ESP32C3) || \
               defined(CONFIG_IDF_TARGET_ESP32C6) || \
-              defined(CONFIG_IDF_TARGET_ESP32H2)
-            ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform.");
+              defined(CONFIG_IDF_TARGET_ESP32H2) || \
+              defined(CONFIG_IDF_TARGET_ESP32P4)
+            #if ESP_IDF_VERSION_MINOR >= 3
+                #if CONFIG_ESP_TASK_WDT
+                    ret = esp_task_wdt_deinit();
+                #else
+                    /* CONFIG_ESP_TASK_WDT=y needed in sdkconfig */
+                    ESP_LOGW(TAG, "esp_task_wdt_deinit not available");
+                #endif
+            #else
+                    ESP_LOGW(TAG, "esp_task_wdt_deinit not implemented");
+            #endif
         #else
             rtc_wdt_protect_off();
             rtc_wdt_disable();
         #endif
     }
     #else
-        ESP_LOGW(TAG, "esp_DisableWatchdog not implemented on ESP_OIDF v%d",
+        ESP_LOGW(TAG, "esp_DisableWatchdog not implemented on ESP_IDF v%d",
                       ESP_IDF_VERSION_MAJOR);
     #endif
 #endif
@@ -725,8 +792,17 @@ esp_err_t esp_EnabledWatchdog(void)
         #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
               defined(CONFIG_IDF_TARGET_ESP32C3) || \
               defined(CONFIG_IDF_TARGET_ESP32C6) || \
-              defined(CONFIG_IDF_TARGET_ESP32H2)
+              defined(CONFIG_IDF_TARGET_ESP32H2) || \
+              defined(CONFIG_IDF_TARGET_ESP32P4)
             ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform.");
+            esp_task_wdt_config_t twdt_config = {
+                .timeout_ms = 5000,     /* Timeout in milliseconds  */
+                .trigger_panic = true,  /* trigger panic on timeout */
+                .idle_core_mask = (1 << 0), /*  Enable on Core 0    */
+            };
+            ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform.");
+            esp_task_wdt_init(&twdt_config);
+            esp_task_wdt_add(NULL);
         #else
             rtc_wdt_protect_on();
             rtc_wdt_enable();
@@ -737,14 +813,11 @@ esp_err_t esp_EnabledWatchdog(void)
                       ESP_IDF_VERSION_MAJOR);
     #endif
 #endif
-
-#ifdef DEBUG_WOLFSSL
-    ESP_LOGI(TAG, "Watchdog enabled.");
-#endif
-
     return ret;
 }
 
+
+
 /* Print a MATH_INT_T attribute list.
  *
  * Note with the right string parameters, the result can be pasted as
@@ -904,4 +977,49 @@ esp_err_t esp_hw_show_metrics(void)
     return ESP_OK;
 }
 
+int show_binary(byte* theVar, size_t dataSz) {
+    printf("*****************************************************\n");
+    word32 i;
+    for (i = 0; i < dataSz; i++)
+        printf("%02X", theVar[i]);
+    printf("\n");
+    printf("******************************************************\n");
+    return 0;
+}
+
+int hexToBinary(byte* toVar, const char* fromHexString, size_t szHexString ) {
+    int ret = 0;
+    /* Calculate the actual binary length of the hex string */
+    size_t byteLen = szHexString / 2;
+
+    if (toVar == NULL || fromHexString == NULL) {
+        ESP_LOGE("ssh", " error");
+        return -1;
+    }
+    if ((szHexString % 2 != 0)) {
+        ESP_LOGE("ssh", "fromHexString length not even!");
+    }
+
+    ESP_LOGW(TAG, "Replacing %d bytes at %x", byteLen, (word32)toVar);
+    memset(toVar, 0, byteLen);
+    /* Iterate through the hex string and convert to binary */
+    for (size_t i = 0; i < szHexString; i += 2) {
+        /* Convert hex character to decimal */
+        int decimalValue;
+        sscanf(&fromHexString[i], "%2x", &decimalValue);
+        size_t index = i / 2;
+#if (0)
+        /* Optionally peek at new values */
+        byte new_val =  (decimalValue & 0x0F) << ((i % 2) * 4);
+        ESP_LOGI("hex", "Current char = %d", toVar[index]);
+        ESP_LOGI("hex", "New val = %d", decimalValue);
+#endif
+        toVar[index]  = decimalValue;
+    }
+
+    return ret;
+}
+
+
+
 #endif /* WOLFSSL_ESPIDF */
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md
new file mode 100644
index 000000000..00f898eef
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md
@@ -0,0 +1,287 @@
+# wolfSSL Support for ESP-IDF Certificate Bundles
+
+These files are typically only used when integrating wolfSSL with the ESP-IDF
+and with the intention of using Certificate Bundles in the esp-tls component.
+
+See the ESP-IDF `idf.py menuconfig`. A recent version of the [wolfSSL Kconfig](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig)
+file is needed. The [template example](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template)
+can be use for creating a project-specific [wolfSSL component](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl)
+when not using a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
+
+## Getting Started
+
+Use the `idf.py menuconfig`,
+
+When in doubt, delete the `./build` directory. This is particularly important when changing Certificate Bundle PEM files.
+
+## Certificate Inspection
+
+The certificates in the bundle are in PEM format. The [gen_crt_bundle.py script](./gen_crt_bundle.py)
+converts them to DER format to load into the `x509_crt_imported_bundle_wolfssl_bin_start` binary
+array.
+
+To convert a PEM to DER from command-line:
+
+```
+MY_CERT_NAME=ISRG_ROOT_X1
+openssl x509 -outform der -in "$MY_CERT_NAME".pem -out "$MY_CERT_NAME".der
+```
+
+To inspect a DER file:
+
+```
+openssl x509 -inform der -in "$MY_CERT_NAME".der -text -noout
+```
+
+
+## Known Problems and Issues
+
+Here are the areas that may need attention. Most are related to older published versions of the ESP-IDF
+that may not yet have wolfSSL integration. An updated ESP-IDF is required to use wolfSSL component _in_ the ESP-IDF.
+There's a [gojimmypi V5.2.2 WIP Branch](https://github.com/gojimmypi/esp-idf/tree/my_522/components/lwip) for reference
+until a PR is created for upstream support.
+
+### Time
+
+The wolfSSL libraries are by default considerably more robust and strict. As such, it is important to have an accurate
+time and date setting for the certificate date ranges.. The wolfssL libraries include some
+[time helper functions](https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h).
+These can be enabled with `#define USE_WOLFSSL_ESP_SDK_TIME` in the `user_settings.h`.
+
+Alternatively, the `WOLFSSL_DEBUG_IGNORE_ASN_TIME` can be used to ignore the time. This is strongly discouraged in anything
+other than a development / test environment where the time is known to be incorrect.
+
+### Examples may need to have wolfSSL Certificate Bundles enabled.
+
+In cases where [some examples are gated out](https://github.com/espressif/esp-idf/blob/c9df77efbf871d4c3ae9fb828778ff8c4ab36804/examples/protocols/esp_http_client/main/esp_http_client_example.c#L419),
+the "or" needs to be added for `CONFIG_WOLFSSL_CERTIFICATE_BUNDLE` option like this:
+
+```
+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE || CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+```
+
+### Adding Embedded Certificates
+
+The `main` app directory has a [CMakeLists.txt](https://github.com/espressif/esp-idf/blob/6e5414b6c4f265a0adfb56a15fbfbe6beb1f8373/examples/protocols/esp_http_client/main/CMakeLists.txt#L10)
+with the `idf_component_register` function:
+
+```
+idf_component_register(SRCS "esp_http_client_example.c"
+                      INCLUDE_DIRS "."
+                      REQUIRES ${requires}
+                      EMBED_TXTFILES howsmyssl_com_root_cert.pem
+                                     postman_root_cert.pem)
+```
+
+This data ends up in the [extern const char](https://github.com/espressif/esp-idf/blob/6e5414b6c4f265a0adfb56a15fbfbe6beb1f8373/examples/protocols/esp_http_client/main/esp_http_client_example.c#L45)
+arrays:
+
+```
+extern const char howsmyssl_com_root_cert_pem_start[] asm("_binary_howsmyssl_com_root_cert_pem_start");
+extern const char howsmyssl_com_root_cert_pem_end[]   asm("_binary_howsmyssl_com_root_cert_pem_end");
+
+extern const char postman_root_cert_pem_start[] asm("_binary_postman_root_cert_pem_start");
+extern const char postman_root_cert_pem_end[]   asm("_binary_postman_root_cert_pem_end");
+```
+
+When changing the source files (also located in the `main` directory) - it is usually best to
+delete the `./build` directory to ensure fresh contents get parsed in as desired.
+
+VS Code / PlatformIO users can consider deleting the `./pio` and `./vscode` directories.
+
+Visual Studio/VisualGDB users can remove the `./vs` and `.visualgdb`.
+
+### TLS 1.3 issues with howsmyssl.com
+
+Espressif is using the well known https://www.howsmyssl.com/ in the
+[examples](https://github.com/espressif/esp-idf/tree/master/examples/protocols/), for instance in
+the [esp_http_client](https://github.com/espressif/esp-idf/tree/master/examples/protocols/esp_http_client).
+
+It was recently observed that TLS 1.3 is _not_ currently configured properly on that web site.
+See [howsmyssl #716](https://github.com/jmhodges/howsmyssl/issues/716).
+
+As such, when configuring wolfSSL for _only_ TLS 1.3, a `fatal error -313` may occur.
+
+Additionally, not that there's a [cert in the app](https://github.com/espressif/esp-idf/blob/c9df77efbf871d4c3ae9fb828778ff8c4ab36804/examples/protocols/esp_http_client/main/esp_http_client_example.c#L45)
+in `howsmyssl_com_root_cert_pem_start`, separate from the bundle certificate data. Take note of this when
+attempting to simply change `www.howsmyssl.com` to `www.google.com`.
+
+
+### postman
+
+Beware there's a hard-coded PEM certificate for the [postman root cert](https://github.com/espressif/esp-idf/blob/c9df77efbf871d4c3ae9fb828778ff8c4ab36804/examples/protocols/esp_http_client/main/esp_http_client_example.c#L48)
+(not in the bundle). If you see a failure, the data may need to be updated.
+
+See the comments for adding certificate data, copied here for reference:
+
+>Root cert for howsmyssl.com, taken from howsmyssl_com_root_cert.pem
+
+>The PEM file was extracted from the output of this command:
+   openssl s_client -showcerts -connect www.howsmyssl.com:443 </dev/null
+
+>The CA root cert is the last cert given in the chain of certs.
+
+>To embed it in the app binary, the PEM file is named
+   in the component.mk COMPONENT_EMBED_TXTFILES variable.
+
+## Timeout
+
+Occasionally there may be connection timeouts. This is not specific to wolfSSL. The root cause is likely CDN related.
+
+See the `.timeout_ms` and make adjustments as necessary in the `esp_http_client_config_t`:.
+
+```
+    esp_http_client_config_t config = {
+        .url = "https://postman-echo.com/post",
+        .event_handler = _http_event_handler,
+        .cert_pem = postman_root_cert_pem_start,
+        .is_async = true,
+        .timeout_ms = 5000,
+    };
+```
+
+## Failed to load CA
+
+This is expected to be a common error to encounter:
+
+```
+E (28454) esp_crt_bundle-wolfssl: Failed to load CA
+W (28454) esp_crt_bundle-wolfssl: Warning: found a matching cert, but not added to the Certificate Manager. error: 0
+E (28454) esp_crt_bundle-wolfssl: Did not find a matching crt
+E (28464) internal.c: ssl != NULL; no callback, verifyFail = 1
+W (28474) internal.c: CleanupStoreCtxCallback
+E (28474) internal.c: DoCertFatalAlert = -188
+E (28484) esp-tls-wolfssl: wolfSSL_connect returned -1, error code: -188
+E (28484) esp-tls-wolfssl: Failed to verify peer certificate , returned 24
+E (28494) esp-tls: Failed to open new connection
+E (28504) transport_base: Failed to open a new connection
+E (28514) HTTP_CLIENT: Connection failed, sock < 0
+E (28514) HTTP_CLIENT: HTTP request failed: ESP_ERR_HTTP_CONNECT
+```
+
+The problem here is that the example [esp_http_client](https://github.com/espressif/esp-idf/tree/master/examples/protocols/esp_http_client)
+app _does not work_ immediately out of the box unless changes are made to the source:
+
+```
+#ifdef CONFIG_ESP_TLS_USING_WOLFSSL
+    #include <wolfssl/wolfcrypt/settings.h>
+    #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
+
+    /* TODO: conditional bundle */
+    #include <wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h>
+#endif
+```
+
+` openssl s_client -connect postman-echo.com:443 -CAfile ./postman.pem`
+
+### Component esp-wolfssl needs to be installed
+
+The wrong ESP-IDF toolchain is being used. Use the [gojimmypi my_522 branch](https://github.com/gojimmypi/esp-idf/tree/my_522).
+
+```
+-- Component esp-wolfssl needs to be installed. See api-reference/protocols/esp_tls docs.
+CMake Error at /mnt/c/SysGCC/esp32/esp-idf/v5.2/tools/cmake/component.cmake:382 (message):
+  Component esp-wolfssl not found
+Call Stack (most recent call first):
+  /mnt/c/SysGCC/esp32/esp-idf/v5.2/components/esp-tls/CMakeLists.txt:26 (idf_component_get_property)
+
+
+-- Configuring incomplete, errors occurred!
+```
+
+## x509_crt_bundle_wolfssl.S not found
+
+It is important to note that PlatformIO components can NOT be used for esp-tls.
+
+The wolfSSL library MUST be used from either the local project `components` or from the ESP-IDF.
+
+```
+*** [.pio\bld_8mb_dbg_wolfssl\.pio\bld_8mb_dbg_wolfssl\x509_crt_bundle_wolfssl.S.o]
+Source `.pio\bld_8mb_dbg_wolfssl\x509_crt_bundle_wolfssl.S' not found,
+needed by target `.pio\bld_8mb_dbg_wolfssl\.pio\bld_8mb_dbg_wolfssl\x509_crt_bundle_wolfssl.S.o'.
+```
+
+
+## Error couldn't get hostname for not.existent.url
+
+This error is as desired, showing that a bad URL will fail.
+
+```
+E (50613) esp-tls: couldn't get hostname for :not.existent.url: getaddrinfo() returns 202, addrinfo=0x0
+E (50613) esp-tls: Failed to open new connection
+E (50613) transport_base: Failed to open a new connection
+E (50623) HTTP_CLIENT: Connection failed, sock < 0
+E (50623) HTTP_CLIENT: Error perform http request ESP_ERR_HTTP_CONNECT
+```
+
+## Tool doesn't match supported version from list
+
+Edit the `C:\Users\%USER%\.platformio\packages\framework-espidf\tools\tools.json` and replace
+`13.2.0_20230928` with the desired version, such as `esp-13.2.0_20240530`.
+
+```
+  Tool doesn't match supported version from list ['esp-13.2.0_20230928']:
+  C:/Users/gojimmypi/.platformio/packages/toolchain-xtensa-esp-elf/bin/xtensa-esp32-elf-gcc.exe
+```
+
+## ESP_ERROR_CHECK failed: esp_err_t 0xffffffff (ESP_FAIL) at 0x400d3b60
+
+This is a generic `ESP_ERROR_CHECK` result, in this case the default WiFi SSID and password could not connect:
+
+
+```
+I (25970) example_connect: Wi-Fi disconnected, trying to reconnect...
+I (28380) example_connect: WiFi Connect failed 7 times, stop reconnect.
+ESP_ERROR_CHECK failed: esp_err_t 0xffffffff (ESP_FAIL) at 0x400d3b60
+file: "main/esp_http_client_example.c" line 936
+func: app_main
+expression: example_connect()
+
+abort() was called at PC 0x400890e3 on core 0
+```
+
+## Manual Testing
+
+To test if the `howsmyssl` web site has TLS 1.3 working, use the [wolfSSL client example](https://github.com/wolfSSL/wolfssl/tree/master/examples/client):
+
+```bash
+./examples/client/client -v 4 -h www.howsmyssl.com -p 443 -g -j
+```
+
+Or OpenSSL:
+
+```bash
+openssl s_client -connect www.howsmyssl.com:443 -tls1_3 -ciphersuites 'TLS_AES_256_GCM_SHA384'
+```
+
+Returns this unintuitive error:
+
+```text
+$ openssl s_client -connect www.howsmyssl.com:443 -tls1_3 -ciphersuites 'TLS_AES_256_GCM_SHA384'
+CONNECTED(00000003)
+4007DA6C617F0000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1584:SSL alert number 40
+---
+no peer certificate available
+---
+No client certificate CA names sent
+---
+SSL handshake has read 7 bytes and written 247 bytes
+Verification: OK
+---
+New, (NONE), Cipher is (NONE)
+Secure Renegotiation IS NOT supported
+Compression: NONE
+Expansion: NONE
+No ALPN negotiated
+Early data was not sent
+Verify return code: 0 (ok)
+---
+```
+
+
+
+Or OpenSSL,
+
+```bash
+openssl s_client -tls1_3 -host www.howsmyssl.com -port 443
+```
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem
new file mode 100644
index 000000000..4ea6c1ead
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_all.pem
@@ -0,0 +1,3602 @@
+##
+## Bundle of CA Root Certificates
+##
+## Certificate data from Mozilla as of: Tue Jul  2 03:12:04 2024 GMT
+##
+## This is a bundle of X.509 certificates of public Certificate Authorities
+## (CA). These were automatically extracted from Mozilla's root certificates
+## file (certdata.txt).  This file can be found in the mozilla source tree:
+## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
+##
+## It contains the certificates in PEM format and therefore
+## can be directly used with curl / libcurl / php_curl, or with
+## an Apache+mod_ssl webserver for SSL client authentication.
+## Just configure this file as the SSLCACertificateFile.
+##
+## Conversion done with mk-ca-bundle.pl version 1.29.
+## SHA256: 456ff095dde6dd73354c5c28c73d9c06f53b61a803963414cb91a1d92945cdd3
+##
+
+
+Google Trust Services LLC, CN = GTS Root R1
+-----BEGIN CERTIFICATE-----
+MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBX
+MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE
+CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYx
+OTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT
+GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIx
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63
+ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwS
+iV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351k
+KSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZ
+DrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zk
+j5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5
+cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esW
+CruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499
+iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35Ei
+Eua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbap
+sZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b
+9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAf
+BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIw
+JQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUH
+MAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6Al
+oCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAy
+MAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIF
+AwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9
+NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9
+WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw
+9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy
++qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvi
+d0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8=
+-----END CERTIFICATE-----
+
+
+GlobalSign Root CA
+==================
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx
+GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds
+b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV
+BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD
+VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa
+DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc
+THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb
+Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP
+c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX
+gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF
+AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj
+Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG
+j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH
+hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC
+X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
+
+Entrust.net Premium 2048 Secure Server CA
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u
+ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp
+bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
+BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx
+NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3
+d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl
+MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u
+ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL
+Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr
+hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW
+nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi
+VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ
+KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy
+T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
+zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT
+J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e
+nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE=
+-----END CERTIFICATE-----
+
+Baltimore CyberTrust Root
+=========================
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE
+ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li
+ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC
+SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs
+dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME
+uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB
+UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C
+G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9
+XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr
+l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI
+VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB
+BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh
+cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5
+hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa
+Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H
+RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----
+
+Entrust Root Certification Authority
+====================================
+-----BEGIN CERTIFICATE-----
+MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV
+BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw
+b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG
+A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0
+MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu
+MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu
+Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v
+dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz
+A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww
+Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68
+j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN
+rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1
+MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH
+hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
+A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM
+Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa
+v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS
+W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0
+tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8
+-----END CERTIFICATE-----
+
+Comodo AAA Services root
+========================
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS
+R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg
+TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw
+MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl
+c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
+BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG
+C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs
+i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW
+Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH
+Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK
+Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f
+BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl
+cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz
+LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm
+7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z
+8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C
+12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 2
+==================
+-----BEGIN CERTIFICATE-----
+MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
+EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx
+ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6
+XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk
+lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB
+lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy
+lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt
+66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn
+wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh
+D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy
+BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie
+J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud
+DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU
+a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
+ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv
+Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3
+UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm
+VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK
++JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW
+IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1
+WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X
+f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II
+4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8
+VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 3
+==================
+-----BEGIN CERTIFICATE-----
+MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
+EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx
+OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg
+DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij
+KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K
+DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv
+BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp
+p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8
+nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX
+MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM
+Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz
+uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT
+BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj
+YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
+aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB
+BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD
+VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4
+ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE
+AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV
+qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s
+hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z
+POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2
+Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp
+8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC
+bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu
+g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p
+vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr
+qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto=
+-----END CERTIFICATE-----
+
+XRamp Global CA Root
+====================
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE
+BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj
+dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx
+HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg
+U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu
+IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx
+foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE
+zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs
+AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry
+xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap
+oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC
+AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
+/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
+qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n
+nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz
+8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw=
+-----END CERTIFICATE-----
+
+Go Daddy Class 2 CA
+===================
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY
+VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG
+A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
+RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD
+ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv
+2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32
+qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j
+YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY
+vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O
+BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o
+atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu
+MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim
+PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt
+I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI
+Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b
+vZ8=
+-----END CERTIFICATE-----
+
+Starfield Class 2 CA
+====================
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc
+U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo
+MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG
+A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG
+SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY
+bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ
+JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm
+epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN
+F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF
+MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f
+hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo
+bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs
+afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM
+PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD
+KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3
+QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
+
+DigiCert Assured ID Root CA
+===========================
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
+IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx
+MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
+ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO
+9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy
+UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW
+/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy
+oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf
+GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF
+66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq
+hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc
+EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn
+SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i
+8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+-----END CERTIFICATE-----
+
+DigiCert Global Root CA
+=======================
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
+HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw
+MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
+dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn
+TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5
+BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H
+4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y
+7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB
+o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm
+8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF
+BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr
+EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt
+tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886
+UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
+
+DigiCert High Assurance EV Root CA
+==================================
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw
+KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw
+MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
+MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu
+Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t
+Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS
+OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3
+MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ
+NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe
+h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB
+Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY
+JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ
+V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp
+myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK
+mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K
+-----END CERTIFICATE-----
+
+SwissSign Gold CA - G2
+======================
+-----BEGIN CERTIFICATE-----
+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw
+EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN
+MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp
+c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq
+t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C
+jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg
+vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF
+ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR
+AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend
+jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO
+peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR
+7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi
+GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64
+OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
+L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm
+5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr
+44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf
+Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m
+Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp
+mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk
+vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf
+KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br
+NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj
+viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
+-----END CERTIFICATE-----
+
+SwissSign Silver CA - G2
+========================
+-----BEGIN CERTIFICATE-----
+MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT
+BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X
+DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3
+aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644
+N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm
++/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH
+6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu
+MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h
+qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5
+FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs
+ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc
+celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X
+CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB
+tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
+cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P
+4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F
+kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L
+3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx
+/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa
+DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP
+e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu
+WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ
+DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub
+DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
+-----END CERTIFICATE-----
+
+SecureTrust CA
+==============
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG
+EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy
+dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe
+BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX
+OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t
+DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH
+GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b
+01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH
+ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj
+aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ
+KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu
+SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf
+mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ
+nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
+-----END CERTIFICATE-----
+
+Secure Global CA
+================
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG
+EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH
+bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg
+MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx
+YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ
+bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g
+8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV
+HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi
+0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn
+oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA
+MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+
+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn
+CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5
+3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
+f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
+-----END CERTIFICATE-----
+
+COMODO Certification Authority
+==============================
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb
+MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD
+T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH
++7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww
+xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV
+4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA
+1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI
+rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k
+b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC
+AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP
+OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
+RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc
+IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN
++8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ==
+-----END CERTIFICATE-----
+
+COMODO ECC Certification Authority
+==================================
+-----BEGIN CERTIFICATE-----
+MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix
+GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
+Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X
+4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni
+wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG
+FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA
+U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
+-----END CERTIFICATE-----
+
+Certigna
+========
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw
+EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3
+MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI
+Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q
+XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH
+GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p
+ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg
+DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf
+Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ
+tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ
+BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J
+SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA
+hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+
+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu
+PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY
+1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
+WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
+-----END CERTIFICATE-----
+
+ePKI Root Certification Authority
+=================================
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG
+EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg
+Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx
+MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq
+MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs
+IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi
+lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv
+qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX
+12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O
+WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+
+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao
+lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/
+vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi
+Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi
+MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH
+ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0
+1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq
+KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV
+xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP
+NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r
+GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE
+xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx
+gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy
+sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD
+BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw=
+-----END CERTIFICATE-----
+
+certSIGN ROOT CA
+================
+-----BEGIN CERTIFICATE-----
+MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD
+VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa
+Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE
+CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I
+JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH
+rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2
+ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD
+0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943
+AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
+Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB
+AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8
+SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0
+x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt
+vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz
+TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD
+-----END CERTIFICATE-----
+
+NetLock Arany (Class Gold) Főtanúsítvány
+========================================
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G
+A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610
+dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB
+cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx
+MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO
+ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6
+c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu
+0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw
+/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk
+H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw
+fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1
+neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW
+qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta
+YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
+bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna
+NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu
+dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
+-----END CERTIFICATE-----
+
+SecureSign RootCA11
+===================
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi
+SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS
+b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw
+KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1
+cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL
+TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO
+wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq
+g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP
+O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA
+bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX
+t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh
+OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r
+bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ
+Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01
+y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061
+lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I=
+-----END CERTIFICATE-----
+
+Microsec e-Szigno Root CA 2009
+==============================
+-----BEGIN CERTIFICATE-----
+MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER
+MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv
+c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o
+dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE
+BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt
+U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA
+fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG
+0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA
+pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm
+1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC
+AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf
+QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE
+FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o
+lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX
+I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775
+tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02
+yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi
+LXpUq3DDfSJlgnCW
+-----END CERTIFICATE-----
+
+GlobalSign Root CA - R3
+=======================
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv
+YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
+bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT
+aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln
+bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt
+iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ
+0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3
+rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl
+OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2
+xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7
+lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8
+EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E
+bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18
+YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r
+kpeDMdmztcpHWD9f
+-----END CERTIFICATE-----
+
+Izenpe.com
+==========
+-----BEGIN CERTIFICATE-----
+MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG
+EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz
+MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu
+QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ
+03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK
+ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU
++zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC
+PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT
+OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK
+F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK
+0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+
+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB
+leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID
+AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+
+SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG
+NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx
+MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
+BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l
+Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga
+kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q
+hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs
+g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5
+aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5
+nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC
+ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo
+Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
+WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
+-----END CERTIFICATE-----
+
+Go Daddy Root Certificate Authority - G2
+========================================
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu
+MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
+MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
+b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G
+A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq
+9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD
++qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd
+fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl
+NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9
+BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac
+vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r
+5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV
+N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
+LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1
+-----END CERTIFICATE-----
+
+Starfield Root Certificate Authority - G2
+=========================================
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
+b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0
+eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw
+DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg
+VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB
+dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv
+W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs
+bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk
+N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf
+ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU
+JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol
+TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx
+4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw
+F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
+pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ
+c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
+-----END CERTIFICATE-----
+
+Starfield Services Root Certificate Authority - G2
+==================================================
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
+b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl
+IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT
+dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2
+h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa
+hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP
+LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB
+rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG
+SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP
+E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy
+xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
+iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza
+YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6
+-----END CERTIFICATE-----
+
+AffirmTrust Commercial
+======================
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw
+MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
+bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb
+DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV
+C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6
+BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww
+MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV
+HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG
+hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi
+qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv
+0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh
+sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
+-----END CERTIFICATE-----
+
+AffirmTrust Networking
+======================
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw
+MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
+bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE
+Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI
+dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24
+/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb
+h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV
+HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu
+UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6
+12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23
+WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9
+/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
+-----END CERTIFICATE-----
+
+AffirmTrust Premium
+===================
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy
+OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy
+dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn
+BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV
+5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs
++7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd
+GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R
+p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI
+S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04
+6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5
+/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo
++Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB
+/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv
+MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
+Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC
+6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S
+L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK
++4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV
+BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg
+IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60
+g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb
+zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw==
+-----END CERTIFICATE-----
+
+AffirmTrust Premium ECC
+=======================
+-----BEGIN CERTIFICATE-----
+MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV
+BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx
+MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U
+cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ
+N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW
+BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK
+BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X
+57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM
+eQ==
+-----END CERTIFICATE-----
+
+Certum Trusted Network CA
+=========================
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK
+ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy
+MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU
+ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC
+l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J
+J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4
+fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0
+cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB
+Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw
+DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj
+jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1
+mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj
+Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
+03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
+-----END CERTIFICATE-----
+
+TWCA Root Certification Authority
+=================================
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ
+VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG
+EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB
+IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx
+QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC
+oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP
+4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r
+y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG
+9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC
+mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW
+QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY
+T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny
+Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==
+-----END CERTIFICATE-----
+
+Security Communication RootCA2
+==============================
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
+U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh
+dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC
+SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy
+aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++
++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R
+3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV
+spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K
+EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8
+QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj
+u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk
+3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q
+tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29
+mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
+-----END CERTIFICATE-----
+
+Actalis Authentication Root CA
+==============================
+-----BEGIN CERTIFICATE-----
+MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM
+BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE
+AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky
+MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz
+IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290
+IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ
+wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa
+by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6
+zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f
+YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2
+oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l
+EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7
+hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8
+EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5
+jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY
+iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt
+ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI
+WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0
+JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx
+K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+
+Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC
+4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo
+2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz
+lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem
+OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9
+vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg==
+-----END CERTIFICATE-----
+
+Buypass Class 2 Root CA
+=======================
+-----BEGIN CERTIFICATE-----
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
+QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X
+DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
+eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1
+g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn
+9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b
+/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU
+CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff
+awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI
+zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn
+Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX
+Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs
+M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
+AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s
+A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI
+osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S
+aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd
+DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD
+LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0
+oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC
+wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS
+CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN
+rJgWVqA=
+-----END CERTIFICATE-----
+
+Buypass Class 3 Root CA
+=======================
+-----BEGIN CERTIFICATE-----
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
+QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X
+DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
+eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH
+sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR
+5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh
+7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ
+ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH
+2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV
+/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ
+RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA
+Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq
+j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
+AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV
+cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G
+uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG
+Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8
+ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2
+KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz
+6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug
+UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe
+eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi
+Cp/HuZc=
+-----END CERTIFICATE-----
+
+T-TeleSec GlobalRoot Class 3
+============================
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
+IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
+cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx
+MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
+dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK
+9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU
+NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF
+iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W
+0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr
+AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb
+fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT
+ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h
+P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
+e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw==
+-----END CERTIFICATE-----
+
+D-TRUST Root Class 3 CA 2 2009
+==============================
+-----BEGIN CERTIFICATE-----
+MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe
+Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE
+LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD
+ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA
+BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv
+KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z
+p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC
+AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ
+4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y
+eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw
+MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G
+PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw
+OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm
+2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0
+o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV
+dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph
+X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I=
+-----END CERTIFICATE-----
+
+D-TRUST Root Class 3 CA 2 EV 2009
+=================================
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
+OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
+OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS
+egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh
+zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T
+7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60
+sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35
+11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv
+cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v
+ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El
+MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp
+b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh
+c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+
+PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05
+nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX
+ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA
+NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv
+w9y4AyHqnxbxLFS1
+-----END CERTIFICATE-----
+
+CA Disig Root R2
+================
+-----BEGIN CERTIFICATE-----
+MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw
+EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp
+ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx
+EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp
+c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC
+w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia
+xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7
+A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S
+GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV
+g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa
+5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE
+koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A
+Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i
+Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u
+Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM
+tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV
+sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je
+dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8
+1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx
+mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01
+utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0
+sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg
+UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV
+7+ZtsH8tZ/3zbBt1RqPlShfppNcL
+-----END CERTIFICATE-----
+
+ACCVRAIZ1
+=========
+-----BEGIN CERTIFICATE-----
+MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB
+SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1
+MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH
+UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM
+jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0
+RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD
+aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ
+0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG
+WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7
+8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR
+5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J
+9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK
+Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw
+Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu
+Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2
+VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM
+Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA
+QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh
+AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA
+YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj
+AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA
+IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk
+aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0
+dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2
+MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI
+hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E
+R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN
+YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49
+nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ
+TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3
+sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h
+I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg
+Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd
+3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p
+EfbRD0tVNEYqi4Y7
+-----END CERTIFICATE-----
+
+TWCA Global Root CA
+===================
+-----BEGIN CERTIFICATE-----
+MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT
+CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD
+QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK
+EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg
+Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C
+nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV
+r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR
+Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV
+tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W
+KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99
+sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p
+yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn
+kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI
+zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g
+cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn
+LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M
+8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg
+/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg
+lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP
+A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m
+i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8
+EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3
+zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0=
+-----END CERTIFICATE-----
+
+TeliaSonera Root CA v1
+======================
+-----BEGIN CERTIFICATE-----
+MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE
+CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4
+MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW
+VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+
+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA
+3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k
+B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn
+Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH
+oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3
+F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ
+oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7
+gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc
+TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB
+AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW
+DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm
+zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx
+0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW
+pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV
+G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc
+c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT
+JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2
+qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6
+Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems
+WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY=
+-----END CERTIFICATE-----
+
+T-TeleSec GlobalRoot Class 2
+============================
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
+IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
+cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx
+MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
+dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ
+SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F
+vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970
+2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV
+WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy
+YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4
+r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf
+vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR
+3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
+9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg==
+-----END CERTIFICATE-----
+
+Atos TrustedRoot 2011
+=====================
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU
+cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4
+MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG
+A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV
+hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr
+54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+
+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320
+HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR
+z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R
+l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ
+bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h
+k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh
+TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9
+61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G
+3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 1 G3
+=====================
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE
+PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm
+PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6
+Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN
+ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l
+g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV
+7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX
+9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f
+iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg
+t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI
+hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC
+MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3
+GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct
+Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP
++V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh
+3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa
+wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6
+O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0
+FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV
+hMJKzRwuJIczYOXD
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 2 G3
+=====================
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh
+ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY
+NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t
+oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o
+MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l
+V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo
+L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ
+sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD
+6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh
+lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI
+hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66
+AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K
+pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9
+x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz
+dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X
+U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw
+mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD
+zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN
+JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr
+O3jtZsSOeWmD3n+M
+-----END CERTIFICATE-----
+
+QuoVadis Root CA 3 G3
+=====================
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286
+IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL
+Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe
+6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3
+I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U
+VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7
+5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi
+Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM
+dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt
+rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI
+hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px
+KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS
+t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ
+TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du
+DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib
+Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD
+hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX
+0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW
+dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2
+PpxxVJkES/1Y+Zj0
+-----END CERTIFICATE-----
+
+DigiCert Assured ID Root G2
+===========================
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
+IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw
+MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
+ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH
+35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq
+bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw
+VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP
+YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn
+lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO
+w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv
+0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz
+d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW
+hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M
+jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo
+IhNzbM8m9Yop5w==
+-----END CERTIFICATE-----
+
+DigiCert Assured ID Root G3
+===========================
+-----BEGIN CERTIFICATE-----
+MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD
+VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1
+MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb
+RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs
+KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF
+UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy
+YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy
+1vUhZscv6pZjamVFkpUBtA==
+-----END CERTIFICATE-----
+
+DigiCert Global Root G2
+=======================
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
+HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx
+MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
+dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ
+kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO
+3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV
+BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM
+UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB
+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu
+5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr
+F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U
+WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH
+QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/
+iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
+MrY=
+-----END CERTIFICATE-----
+
+DigiCert Global Root G3
+=======================
+-----BEGIN CERTIFICATE-----
+MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD
+VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw
+MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k
+aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C
+AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O
+YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp
+Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y
+3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34
+VOKa5Vt8sycX
+-----END CERTIFICATE-----
+
+DigiCert Trusted Root G4
+========================
+-----BEGIN CERTIFICATE-----
+MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw
+HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1
+MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp
+pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o
+k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa
+vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY
+QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6
+MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm
+mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7
+f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH
+dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8
+oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD
+ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY
+ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr
+yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy
+7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah
+ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN
+5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb
+/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa
+5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK
+G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP
+82Z+
+-----END CERTIFICATE-----
+
+COMODO RSA Certification Authority
+==================================
+-----BEGIN CERTIFICATE-----
+MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
+dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
+FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
+5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
+x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
+2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
+OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
+sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
+GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
+WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
+FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
+rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
+tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
+sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
+pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
+zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
+ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
+7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
+LaZRfyHBNVOFBkpdn627G190
+-----END CERTIFICATE-----
+
+USERTrust RSA Certification Authority
+=====================================
+-----BEGIN CERTIFICATE-----
+MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK
+ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK
+ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz
+0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j
+Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn
+RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O
++T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq
+/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE
+Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM
+lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8
+yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+
+eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
+BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW
+FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ
+7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ
+Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM
+8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi
+FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi
+yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c
+J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw
+sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx
+Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9
+-----END CERTIFICATE-----
+
+USERTrust ECC Certification Authority
+=====================================
+-----BEGIN CERTIFICATE-----
+MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2
+0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez
+nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV
+HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB
+HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu
+9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg=
+-----END CERTIFICATE-----
+
+GlobalSign ECC Root CA - R5
+===========================
+-----BEGIN CERTIFICATE-----
+MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6
+SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS
+h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx
+uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7
+yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3
+-----END CERTIFICATE-----
+
+IdenTrust Commercial Root CA 1
+==============================
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG
+EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS
+b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES
+MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB
+IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld
+hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/
+mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi
+1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C
+XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl
+3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy
+NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV
+WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg
+xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix
+uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI
+hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
+6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg
+ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt
+ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV
+YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX
+feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro
+kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe
+2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz
+Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R
+cGzM7vRX+Bi6hG6H
+-----END CERTIFICATE-----
+
+IdenTrust Public Sector Root CA 1
+=================================
+-----BEGIN CERTIFICATE-----
+MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
+EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv
+ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV
+UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS
+b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy
+P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6
+Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI
+rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf
+qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS
+mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn
+ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh
+LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v
+iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL
+4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B
+Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw
+DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj
+t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A
+mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt
+GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt
+m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx
+NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4
+Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI
+ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC
+ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ
+3Wl9af0AVqW3rLatt8o+Ae+c
+-----END CERTIFICATE-----
+
+Entrust Root Certification Authority - G2
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV
+BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy
+bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug
+b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw
+HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT
+DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx
+OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP
+/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz
+HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU
+s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y
+TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx
+AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6
+0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z
+iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
+Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi
+nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+
+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO
+e4pIb4tF9g==
+-----END CERTIFICATE-----
+
+Entrust Root Certification Authority - EC1
+==========================================
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn
+YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl
+ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw
+FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs
+LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg
+dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy
+AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef
+9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h
+vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8
+kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
+-----END CERTIFICATE-----
+
+CFCA EV ROOT
+============
+-----BEGIN CERTIFICATE-----
+MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE
+CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB
+IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw
+MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD
+DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV
+BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD
+7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN
+uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW
+ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7
+xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f
+py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K
+gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol
+hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ
+tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf
+BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB
+ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q
+ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua
+4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG
+E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX
+BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn
+aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy
+PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX
+kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C
+ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su
+-----END CERTIFICATE-----
+
+OISTE WISeKey Global Root GB CA
+===============================
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG
+EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl
+ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw
+MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD
+VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds
+b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX
+scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP
+rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk
+9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o
+Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg
+GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI
+hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD
+dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0
+VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui
+HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic
+Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM=
+-----END CERTIFICATE-----
+
+SZAFIR ROOT CA2
+===============
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG
+A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV
+BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ
+BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD
+VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q
+qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK
+DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE
+2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ
+ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi
+ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC
+AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5
+O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67
+oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul
+4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6
++/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw==
+-----END CERTIFICATE-----
+
+Certum Trusted Network CA 2
+===========================
+-----BEGIN CERTIFICATE-----
+MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE
+BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1
+bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y
+ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ
+TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB
+IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9
+7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o
+CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b
+Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p
+uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130
+GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ
+9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB
+Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye
+hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM
+BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
+hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW
+Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA
+L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo
+clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM
+pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb
+w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo
+J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm
+ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX
+is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7
+zAYspsbiDrW5viSP
+-----END CERTIFICATE-----
+
+Hellenic Academic and Research Institutions RootCA 2015
+=======================================================
+-----BEGIN CERTIFICATE-----
+MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT
+BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0
+aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl
+YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx
+MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg
+QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV
+BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw
+MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv
+bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh
+iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+
+6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd
+FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr
+i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F
+GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2
+fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu
+iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc
+Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI
+hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+
+D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM
+d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y
+d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn
+82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb
+davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F
+Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt
+J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa
+JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q
+p/UsQu0yrbYhnr68
+-----END CERTIFICATE-----
+
+Hellenic Academic and Research Institutions ECC RootCA 2015
+===========================================================
+-----BEGIN CERTIFICATE-----
+MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0
+aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u
+cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj
+aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw
+MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj
+IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD
+VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290
+Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP
+dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK
+Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
+BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA
+GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn
+dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR
+-----END CERTIFICATE-----
+
+ISRG Root X1
+============
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE
+BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD
+EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG
+EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT
+DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r
+Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1
+3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K
+b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN
+Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ
+4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf
+1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu
+hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH
+usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r
+OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY
+9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV
+0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt
+hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw
+TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx
+e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA
+JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD
+YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n
+JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ
+m+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----
+
+AC RAIZ FNMT-RCM
+================
+-----BEGIN CERTIFICATE-----
+MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT
+AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw
+MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD
+TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf
+qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr
+btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL
+j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou
+08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw
+WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT
+tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ
+47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC
+ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa
+i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o
+dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD
+nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s
+D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ
+j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT
+Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW
++YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7
+Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d
+8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm
+5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG
+rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM=
+-----END CERTIFICATE-----
+
+Amazon Root CA 1
+================
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD
+VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1
+MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv
+bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH
+FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ
+gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t
+dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce
+VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3
+DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM
+CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy
+8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa
+2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2
+xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5
+-----END CERTIFICATE-----
+
+Amazon Root CA 2
+================
+-----BEGIN CERTIFICATE-----
+MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD
+VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1
+MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv
+bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4
+kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp
+N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9
+AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd
+fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx
+kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS
+btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0
+Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN
+c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+
+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw
+DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA
+A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY
++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE
+YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW
+xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ
+gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW
+aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV
+Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3
+KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi
+JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw=
+-----END CERTIFICATE-----
+
+Amazon Root CA 3
+================
+-----BEGIN CERTIFICATE-----
+MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG
+EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy
+NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ
+MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB
+f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr
+Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43
+rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc
+eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw==
+-----END CERTIFICATE-----
+
+Amazon Root CA 4
+================
+-----BEGIN CERTIFICATE-----
+MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG
+EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy
+NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ
+MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN
+/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri
+83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA
+MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1
+AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA==
+-----END CERTIFICATE-----
+
+TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
+=============================================
+-----BEGIN CERTIFICATE-----
+MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIxGDAWBgNVBAcT
+D0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNlbCB2ZSBUZWtub2xvamlr
+IEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24g
+TWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRp
+ZmlrYXNpIC0gU3VydW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYD
+VQQGEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXllIEJpbGlt
+c2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklUQUsxLTArBgNVBAsTJEth
+bXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBTTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11
+IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAr3UwM6q7a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y8
+6Ij5iySrLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INrN3wc
+wv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2XYacQuFWQfw4tJzh0
+3+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/iSIzL+aFCr2lqBs23tPcLG07xxO9
+WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4fAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQU
+ZT/HiobGPN08VFw1+DrtUgxHV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh
+AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPfIPP54+M638yc
+lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R
+e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j
+q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM=
+-----END CERTIFICATE-----
+
+GDCA TrustAUTH R5 ROOT
+======================
+-----BEGIN CERTIFICATE-----
+MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw
+BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD
+DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow
+YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ
+IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs
+AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p
+OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr
+pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ
+9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ
+xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM
+R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ
+D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4
+oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx
+9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg
+p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9
+H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35
+6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd
++PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ
+HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD
+F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ
+8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv
+/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT
+aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g==
+-----END CERTIFICATE-----
+
+SSL.com Root Certification Authority RSA
+========================================
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM
+BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x
+MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw
+MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
+EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM
+LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C
+Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8
+P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge
+oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp
+k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z
+fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ
+gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2
+UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8
+1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s
+bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV
+HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr
+dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf
+ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl
+u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq
+erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj
+MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ
+vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI
+Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y
+wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI
+WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k=
+-----END CERTIFICATE-----
+
+SSL.com Root Certification Authority ECC
+========================================
+-----BEGIN CERTIFICATE-----
+MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV
+BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv
+BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy
+MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO
+BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv
+bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+
+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR
+hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT
+jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW
+e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z
+5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl
+-----END CERTIFICATE-----
+
+SSL.com EV Root Certification Authority RSA R2
+==============================================
+-----BEGIN CERTIFICATE-----
+MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w
+DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u
+MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy
+MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI
+DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD
+VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh
+hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w
+cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO
+Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+
+B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh
+CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim
+9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto
+RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm
+JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48
++qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
+HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp
+qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1
+++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx
+Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G
+guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz
+OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7
+CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq
+lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR
+rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1
+hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX
+9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w==
+-----END CERTIFICATE-----
+
+SSL.com EV Root Certification Authority ECC
+===========================================
+-----BEGIN CERTIFICATE-----
+MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV
+BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy
+BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw
+MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
+EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM
+LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy
+3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O
+BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe
+5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ
+N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm
+m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==
+-----END CERTIFICATE-----
+
+GlobalSign Root CA - R6
+=======================
+-----BEGIN CERTIFICATE-----
+MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEgMB4GA1UECxMX
+R2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9i
+YWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs
+U2lnbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQss
+grRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1kZguSgMpE
+3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxDaNc9PIrFsmbVkJq3MQbF
+vuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqM
+PKq0pPbzlUoSB239jLKJz9CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+
+azayOeSsJDa38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05O
+WgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/hbguy
+CLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4nWUx2OVvq+aWh2IMP
+0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kN
+b7gu3GduyYsRtYQUigAZcIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQE
+AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNV
+HSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN
+nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0
+lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrY
+BzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFym
+Fe944Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr
+3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB1
+0jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/T
+uTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItK
+oZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+t
+JDfLRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA=
+-----END CERTIFICATE-----
+
+OISTE WISeKey Global Root GC CA
+===============================
+-----BEGIN CERTIFICATE-----
+MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJD
+SDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEo
+MCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRa
+Fw00MjA1MDkwOTU4MzNaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQL
+ExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh
+bCBSb290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4nieUqjFqdr
+VCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4Wp2OQ0jnUsYd4XxiWD1Ab
+NTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7TrYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0E
+AwMDaAAwZQIwJsdpW9zV57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtk
+AjEA2zQgMgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9
+-----END CERTIFICATE-----
+
+UCA Global G2 Root
+==================
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQG
+EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0x
+NjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0xCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlU
+cnVzdDEbMBkGA1UEAwwSVUNBIEdsb2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxeYrb3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmT
+oni9kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzmVHqUwCoV
+8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/RVogvGjqNO7uCEeBHANBS
+h6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDcC/Vkw85DvG1xudLeJ1uK6NjGruFZfc8o
+LTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIjtm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/
+R+zvWr9LesGtOxdQXGLYD0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBe
+KW4bHAyvj5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6DlNaBa
+4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6iIis7nCs+dwp4wwc
+OxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznPO6Q0ibd5Ei9Hxeepl2n8pndntd97
+8XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFIHEjMz15DD/pQwIX4wVZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo
+5sOASD0Ee/ojL3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5
+1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl1qnN3e92mI0A
+Ds0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oUb3n09tDh05S60FdRvScFDcH9
+yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LVPtateJLbXDzz2K36uGt/xDYotgIVilQsnLAX
+c47QN6MUPJiVAAwpBVueSUmxX8fjy88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHo
+jhJi6IjMtX9Gl8CbEGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZk
+bxqgDMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI+Vg7RE+x
+ygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGyYiGqhkCyLmTTX8jjfhFn
+RR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bXUB+K+wb1whnw0A==
+-----END CERTIFICATE-----
+
+UCA Extended Validation Root
+============================
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQG
+EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9u
+IFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8G
+A1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrs
+iWogD4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF
+Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r3CTu
+eUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR
+59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH
+0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KR
+el7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/TuDv
+B0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41Gsx2VYVdWf6/wFlth
+WG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs1+lvK9JKBZP8nm9rZ/+I8U6laUpS
+NwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS
+3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL
+BQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR
+ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cM
+aVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4
+dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb
++7lsq+KePRXBOy5nAliRn+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOW
+F3sGPjLtx7dCvHaj2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwi
+GpWOvpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOc
+GMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSi
+djzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr
+dhh2n1ax
+-----END CERTIFICATE-----
+
+Certigna Root CA
+================
+-----BEGIN CERTIFICATE-----
+MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE
+BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZ
+MBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjda
+MFoxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYz
+MDgxMDAwMzYxGTAXBgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgX
+stmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyz
+KNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8
+JXrJhFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16
+XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq
+4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3YzIoej
+wpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1VTp2lc5ZmIoJ
+lXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10TWuXekG9qxf5kBdI
+jzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp/
+/TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of
+1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3d3cuY2Vy
+dGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25h
+LmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2Nl
+cnRpZ25hcm9vdGNhLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOIt
+OoldaDgvUSILSo3L6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxP
+TGRGHVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq
+7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl3
+4bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd
+8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS
+6Cvu5zHbugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaY
+tlu3zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS
+aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LOPNde
+E4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0=
+-----END CERTIFICATE-----
+
+emSign Root CA - G1
+===================
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJJTjET
+MBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRl
+ZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgx
+ODMwMDBaMGcxCzAJBgNVBAYTAklOMRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVk
+aHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQzf2N4aLTN
+LnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO8oG0x5ZOrRkVUkr+PHB1
+cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aqd7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHW
+DV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhMtTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ
+6DqS0hdW5TUaQBw+jSztOd9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrH
+hQIDAQABo0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31xPaOfG1vR2vjTnGs2
+vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjMwiI/aTvFthUvozXGaCocV685743Q
+NcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6dGNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q
++Mri/Tm3R7nrft8EI6/6nAYH6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeih
+U80Bv2noWgbyRQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx
+iN66zB+Afko=
+-----END CERTIFICATE-----
+
+emSign ECC Root CA - G3
+=======================
+-----BEGIN CERTIFICATE-----
+MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJJTjETMBEG
+A1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEg
+MB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4
+MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11
+ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g
+RzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc
+58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIr
+MgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+D
+CBeQyh+KTOgNG3qxrdWBCUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7
+jHvrZQnD+JbNR6iC8hZVdyR+EhCVBCyj
+-----END CERTIFICATE-----
+
+emSign Root CA - C1
+===================
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVVMx
+EzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNp
+Z24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UE
+BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQD
+ExNlbVNpZ24gUm9vdCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+up
+ufGZBczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZHdPIWoU/
+Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH3DspVpNqs8FqOp099cGX
+OFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvHGPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4V
+I5b2P/AgNBbeCsbEBEV5f6f9vtKppa+cxSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleooms
+lMuoaJuvimUnzYnu3Yy1aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+
+XJGFehiqTbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87/kOXSTKZEhVb3xEp
+/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4kqNPEjE2NuLe/gDEo2APJ62gsIq1
+NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrGYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9
+wC68AivTxEDkigcxHpvOJpkT+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQ
+BmIMMMAVSKeoWXzhriKi4gp6D/piq1JM4fHfyr6DDUI=
+-----END CERTIFICATE-----
+
+emSign ECC Root CA - C3
+=======================
+-----BEGIN CERTIFICATE-----
+MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQGEwJVUzETMBEG
+A1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMTF2VtU2lnbiBF
+Q0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UE
+BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQD
+ExdlbVNpZ24gRUNDIFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd
+6bciMK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4OjavtisIGJAnB9
+SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0OBBYEFPtaSNCAIEDyqOkA
+B2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gA
+MGUCMQC02C8Cif22TGK6Q04ThHK1rt0c3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwU
+ZOR8loMRnLDRWmFLpg9J0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ==
+-----END CERTIFICATE-----
+
+Hongkong Post Root CA 3
+=======================
+-----BEGIN CERTIFICATE-----
+MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQELBQAwbzELMAkG
+A1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJSG9uZyBLb25nMRYwFAYDVQQK
+Ew1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2
+MDMwMjI5NDZaFw00MjA2MDMwMjI5NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv
+bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMX
+SG9uZ2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz
+iNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFOdem1p+/l6TWZ5Mwc50tf
+jTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mIVoBc+L0sPOFMV4i707mV78vH9toxdCim
+5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOe
+sL4jpNrcyCse2m5FHomY2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj
+0mRiikKYvLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+TtbNe/
+JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZbx39ri1UbSsUgYT2u
+y1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+l2oBlKN8W4UdKjk60FSh0Tlxnf0h
++bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YKTE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsG
+xVd7GYYKecsAyVKvQv83j+GjHno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwID
+AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e
+i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEwDQYJKoZIhvcN
+AQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG7BJ8dNVI0lkUmcDrudHr9Egw
+W62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCkMpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWld
+y8joRTnU+kLBEUx3XZL7av9YROXrgZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov
++BS5gLNdTaqX4fnkGMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDc
+eqFS3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJmOzj/2ZQw
+9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+l6mc1X5VTMbeRRAc6uk7
+nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6cJfTzPV4e0hz5sy229zdcxsshTrD3mUcY
+hcErulWuBurQB7Lcq9CClnXO0lD+mefPL5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB
+60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fq
+dBb9HxEGmpv0
+-----END CERTIFICATE-----
+
+Entrust Root Certification Authority - G4
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAwgb4xCzAJBgNV
+BAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3Qu
+bmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1
+dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eSAtIEc0MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYT
+AlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0
+L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
+cml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3D
+umSXbcr3DbVZwbPLqGgZ2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV
+3imz/f3ET+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j5pds
+8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAMC1rlLAHGVK/XqsEQ
+e9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73TDtTUXm6Hnmo9RR3RXRv06QqsYJn7
+ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNXwbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5X
+xNMhIWNlUpEbsZmOeX7m640A2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV
+7rtNOzK+mndmnqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8
+dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwlN4y6mACXi0mW
+Hv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNjc0kCAwEAAaNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9n
+MA0GCSqGSIb3DQEBCwUAA4ICAQAS5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4Q
+jbRaZIxowLByQzTSGwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht
+7LGrhFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/B7NTeLUK
+YvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uIAeV8KEsD+UmDfLJ/fOPt
+jqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbwH5Lk6rWS02FREAutp9lfx1/cH6NcjKF+
+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKW
+RGhXxNUzzxkvFMSUHHuk2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjA
+JOgc47OlIQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk5F6G
++TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuYn/PIjhs4ViFqUZPT
+kcpG2om3PVODLAgfi49T3f+sHw==
+-----END CERTIFICATE-----
+
+Microsoft ECC Root Certificate Authority 2017
+=============================================
+-----BEGIN CERTIFICATE-----
+MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV
+UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQgRUND
+IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4
+MjMxNjA0WjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw
+NAYDVQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZRogPZnZH6
+thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYbhGBKia/teQ87zvH2RPUB
+eMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTIy5lycFIM
++Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlf
+Xu5gKcs68tvWMoQZP3zVL8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaR
+eNtUjGUBiudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M=
+-----END CERTIFICATE-----
+
+Microsoft RSA Root Certificate Authority 2017
+=============================================
+-----BEGIN CERTIFICATE-----
+MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBlMQswCQYDVQQG
+EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQg
+UlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIw
+NzE4MjMwMDIzWjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
+MTYwNAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZNt9GkMml
+7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0ZdDMbRnMlfl7rEqUrQ7e
+S0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw7
+1VdyvD/IybLeS2v4I2wDwAW9lcfNcztmgGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+
+dkC0zVJhUXAoP8XFWvLJjEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49F
+yGcohJUcaDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaGYaRS
+MLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6W6IYZVcSn2i51BVr
+lMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4KUGsTuqwPN1q3ErWQgR5WrlcihtnJ
+0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH+FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJ
+ClTUFLkqqNfs+avNJVgyeY+QW5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC
+NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZCLgLNFgVZJ8og
+6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OCgMNPOsduET/m4xaRhPtthH80
+dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk
++ONVFT24bcMKpBLBaYVu32TxU5nhSnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex
+/2kskZGT4d9Mozd2TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDy
+AmH3pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGRxpl/j8nW
+ZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiAppGWSZI1b7rCoucL5mxAyE
+7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKT
+c0QWbej09+CVgI+WXTik9KveCjCHk9hNAHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D
+5KbvtwEwXlGjefVwaaZBRA+GsCyRxj3qrg+E
+-----END CERTIFICATE-----
+
+e-Szigno Root CA 2017
+=====================
+-----BEGIN CERTIFICATE-----
+MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNVBAYTAkhVMREw
+DwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUt
+MjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJvb3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZa
+Fw00MjA4MjIxMjA3MDZaMHExCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UE
+CgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3pp
+Z25vIFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtvxie+RJCx
+s1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+HWyx7xf58etqjYzBhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSHERUI0arBeAyxr87GyZDv
+vzAEwDAfBgNVHSMEGDAWgBSHERUI0arBeAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEA
+tVfd14pVCzbhhkT61NlojbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxO
+svxyqltZ+efcMQ==
+-----END CERTIFICATE-----
+
+certSIGN Root CA G2
+===================
+-----BEGIN CERTIFICATE-----
+MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNVBAYTAlJPMRQw
+EgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjAeFw0xNzAy
+MDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lH
+TiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAMDFdRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05
+N0IwvlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZuIt4Imfk
+abBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhpn+Sc8CnTXPnGFiWeI8Mg
+wT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKscpc/I1mbySKEwQdPzH/iV8oScLumZfNp
+dWO9lfsbl83kqK/20U6o2YpxJM02PbyWxPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91Qqh
+ngLjYl/rNUssuHLoPj1PrCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732
+jcZZroiFDsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fxDTvf
+95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgyLcsUDFDYg2WD7rlc
+z8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6CeWRgKRM+o/1Pcmqr4tTluCRVLERL
+iohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud
+DgQWBBSCIS1mxteg4BXrzkwJd8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOB
+ywaK8SJJ6ejqkX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC
+b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQlqiCA2ClV9+BB
+/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0OJD7uNGzcgbJceaBxXntC6Z5
+8hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+cNywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5
+BiKDUyUM/FHE5r7iOZULJK2v0ZXkltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklW
+atKcsWMy5WHgUyIOpwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tU
+Sxfj03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZkPuXaTH4M
+NMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE1LlSVHJ7liXMvGnjSG4N
+0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MXQRBdJ3NghVdJIgc=
+-----END CERTIFICATE-----
+
+Trustwave Global Certification Authority
+========================================
+-----BEGIN CERTIFICATE-----
+MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJV
+UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2
+ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTAeFw0xNzA4MjMxOTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJV
+UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2
+ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALldUShLPDeS0YLOvR29
+zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0XznswuvCAAJWX/NKSqIk4cXGIDtiLK0thAf
+LdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4Bq
+stTnoApTAbqOl5F2brz81Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9o
+WN0EACyW80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotPJqX+
+OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1lRtzuzWniTY+HKE40
+Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfwhI0Vcnyh78zyiGG69Gm7DIwLdVcE
+uE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm
++9jaJXLE9gCxInm943xZYkqcBW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqj
+ifLJS3tBEW1ntwiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1UdDwEB/wQEAwIB
+BjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W0OhUKDtkLSGm+J1WE2pIPU/H
+PinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfeuyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0H
+ZJDmHvUqoai7PF35owgLEQzxPy0QlG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla
+4gt5kNdXElE1GYhBaCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5R
+vbbEsLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPTMaCm/zjd
+zyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qequ5AvzSxnI9O4fKSTx+O
+856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxhVicGaeVyQYHTtgGJoC86cnn+OjC/QezH
+Yj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu
+3R3y4G5OBVixwJAWKqQ9EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP
+29FpHOTKyeC2nOnOcXHebD8WpHk=
+-----END CERTIFICATE-----
+
+Trustwave Global ECC P256 Certification Authority
+=================================================
+-----BEGIN CERTIFICATE-----
+MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYDVQQGEwJVUzER
+MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI
+b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYD
+VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy
+dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1
+NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH77bOYj
+43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoNFWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqm
+P62jQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt
+0UrrdaVKEJmzsaGLSvcwCgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjz
+RM4q3wghDDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7
+-----END CERTIFICATE-----
+
+Trustwave Global ECC P384 Certification Authority
+=================================================
+-----BEGIN CERTIFICATE-----
+MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYDVQQGEwJVUzER
+MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI
+b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYD
+VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy
+dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4
+NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuBBAAiA2IABGvaDXU1CDFH
+Ba5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJj9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr
+/TklZvFe/oyujUF5nQlgziip04pt89ZF1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNV
+HQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNn
+ADBkAjA3AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsCMGcl
+CrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVuSw==
+-----END CERTIFICATE-----
+
+NAVER Global Root Certification Authority
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEMBQAwaTELMAkG
+A1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRGT1JNIENvcnAuMTIwMAYDVQQD
+DClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4
+NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVT
+UyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBb
+UGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW
++j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7
+XNr4rRVqmfeSVPc0W+m/6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2
+aacp+yPOiNgSnABIqKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4
+Yb8ObtoqvC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3z
+VHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53B
+A0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai
+cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejy
+YhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNV
+HQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoNqo0hV4/GPnrK
+21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3cvuzHV+YwIHHW1xDBE1UB
+jCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bx
+hYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTg
+E34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTH
+D8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQ
+A76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSY
+qqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oG
+I/hGoiLtk/bdmuYqh7GYVPEi92tF4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmg
+kpzNNIaRkPpkUZ3+/uul9XXeifdy
+-----END CERTIFICATE-----
+
+AC RAIZ FNMT-RCM SERVIDORES SEGUROS
+===================================
+-----BEGIN CERTIFICATE-----
+MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQswCQYDVQQGEwJF
+UzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgy
+NjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4
+MTIyMDA5MzczM1oXDTQzMTIyMDA5MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt
+UkNNMQ4wDAYDVQQLDAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNB
+QyBSQUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LHsbI6GA60XYyzZl2hNPk2
+LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oKUm8BA06Oi6NCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqG
+SM49BAMDA2kAMGYCMQCuSuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoD
+zBOQn5ICMQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJyv+c=
+-----END CERTIFICATE-----
+
+GlobalSign Root R46
+===================
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNV
+BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJv
+b3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAX
+BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08Es
+CVeJOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQGvGIFAha/
+r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud316HCkD7rRlr+/fKYIje
+2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo0q3v84RLHIf8E6M6cqJaESvWJ3En7YEt
+bWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSEy132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvj
+K8Cd+RTyG/FWaha/LIWFzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD4
+12lPFzYE+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCNI/on
+ccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzsx2sZy/N78CsHpdls
+eVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqaByFrgY/bxFn63iLABJzjqls2k+g9
+vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEM
+BQADggIBAHx47PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg
+JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti2kM3S+LGteWy
+gxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIkpnnpHs6i58FZFZ8d4kuaPp92
+CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRFFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZm
+OUdkLG5NrmJ7v2B0GbhWrJKsFjLtrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qq
+JZ4d16GLuc1CLgSkZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwye
+qiv5u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP4vkYxboz
+nxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6N3ec592kD3ZDZopD8p/7
+DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3vouXsXgxT7PntgMTzlSdriVZzH81Xwj3
+QEUxeCp6
+-----END CERTIFICATE-----
+
+GlobalSign Root E46
+===================
+-----BEGIN CERTIFICATE-----
+MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYT
+AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3Qg
+RTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNV
+BAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkB
+jtjqR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCj
+QjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRL
+gLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZk
+vLtoURMMA/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+
+CAezNIm8BZ/3Hobui3A=
+-----END CERTIFICATE-----
+
+ANF Secure Server Root CA
+=========================
+-----BEGIN CERTIFICATE-----
+MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNVBAUTCUc2MzI4
+NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lv
+bjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNVBAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3Qg
+Q0EwHhcNMTkwOTA0MTAwMDM4WhcNMzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEw
+MQswCQYDVQQGEwJFUzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQw
+EgYDVQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQTCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCjcqQZAZ2cC4Ffc0m6p6zz
+BE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9qyGFOtibBTI3/TO80sh9l2Ll49a2pcbnv
+T1gdpd50IJeh7WhM3pIXS7yr/2WanvtH2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcv
+B2VSAKduyK9o7PQUlrZXH1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXse
+zx76W0OLzc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyRp1RM
+VwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQzW7i1o0TJrH93PB0j
+7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/SiOL9V8BY9KHcyi1Swr1+KuCLH5z
+JTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJnLNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe
+8TZBAQIvfXOn3kLMTOmJDVb3n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVO
+Hj1tyRRM4y5Bu8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj
+o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAOBgNVHQ8BAf8E
+BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEATh65isagmD9uw2nAalxJ
+UqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzx
+j6ptBZNscsdW699QIyjlRRA96Gejrw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDt
+dD+4E5UGUcjohybKpFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM
+5gf0vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjqOknkJjCb
+5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ/zo1PqVUSlJZS2Db7v54
+EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ92zg/LFis6ELhDtjTO0wugumDLmsx2d1H
+hk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI+PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGy
+g77FGr8H6lnco4g175x2MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3
+r5+qPeoott7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw=
+-----END CERTIFICATE-----
+
+Certum EC-384 CA
+================
+-----BEGIN CERTIFICATE-----
+MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQswCQYDVQQGEwJQ
+TDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2
+MDcyNDU0WhcNNDMwMzI2MDcyNDU0WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERh
+dGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
+GTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATEKI6rGFtq
+vm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7TmFy8as10CW4kjPMIRBSqn
+iBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68KjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFI0GZnQkdjrzife81r1HfS+8EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNo
+ADBlAjADVS2m5hjEfO/JUG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0
+QoSZ/6vnnvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k=
+-----END CERTIFICATE-----
+
+Certum Trusted Root CA
+======================
+-----BEGIN CERTIFICATE-----
+MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6MQswCQYDVQQG
+EwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0g
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0Ew
+HhcNMTgwMzE2MTIxMDEzWhcNNDMwMzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMY
+QXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZn0EGze2jusDbCSzBfN8p
+fktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/qp1x4EaTByIVcJdPTsuclzxFUl6s1wB52
+HO8AU5853BSlLCIls3Jy/I2z5T4IHhQqNwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2
+fJmItdUDmj0VDT06qKhF8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGt
+g/BKEiJ3HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGamqi4
+NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi7VdNIuJGmj8PkTQk
+fVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSFytKAQd8FqKPVhJBPC/PgP5sZ0jeJ
+P/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0PqafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSY
+njYJdmZm/Bo/6khUHL4wvYBQv3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHK
+HRzQ+8S1h9E6Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1
+vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAEii1QAL
+LtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4WxmB82M+w85bj/UvXgF2Ez8s
+ALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvozMrnadyHncI013nR03e4qllY/p0m+jiGPp2K
+h2RX5Rc64vmNueMzeMGQ2Ljdt4NR5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8
+CYyqOhNf6DR5UMEQGfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA
+4kZf5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq0Uc9Nneo
+WWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7DP78v3DSk+yshzWePS/Tj
+6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTMqJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmT
+OPQD8rv7gmsHINFSH5pkAnuYZttcTVoP0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZck
+bxJF0WddCajJFdr60qZfE2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb
+-----END CERTIFICATE-----
+
+TunTrust Root CA
+================
+-----BEGIN CERTIFICATE-----
+MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQELBQAwYTELMAkG
+A1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUgQ2VydGlmaWNhdGlvbiBFbGVj
+dHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJvb3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQw
+NDI2MDg1NzU2WjBhMQswCQYDVQQGEwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBD
+ZXJ0aWZpY2F0aW9uIEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZn56eY+hz
+2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd2JQDoOw05TDENX37Jk0b
+bjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgFVwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7
+NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZGoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAd
+gjH8KcwAWJeRTIAAHDOFli/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViW
+VSHbhlnUr8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2eY8f
+Tpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIbMlEsPvLfe/ZdeikZ
+juXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISgjwBUFfyRbVinljvrS5YnzWuioYas
+DXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwS
+VXAkPcvCFDVDXSdOvsC9qnyW5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI
+04Y+oXNZtPdEITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0
+90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+zxiD2BkewhpMl
+0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYuQEkHDVneixCwSQXi/5E/S7fd
+Ao74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4FstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRY
+YdZ2vyJ/0Adqp2RT8JeNnYA/u8EH22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJp
+adbGNjHh/PqAulxPxOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65x
+xBzndFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5Xc0yGYuP
+jCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7bnV2UqL1g52KAdoGDDIzM
+MEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQCvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9z
+ZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZHu/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3r
+AZ3r2OvEhJn7wAzMMujjd9qDRIueVSjAi1jTkD5OGwDxFa2DK5o=
+-----END CERTIFICATE-----
+
+HARICA TLS RSA Root CA 2021
+===========================
+-----BEGIN CERTIFICATE-----
+MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG
+EwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u
+cyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0EgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUz
+OFoXDTQ1MDIxMzEwNTUzN1owbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRl
+bWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNB
+IFJvb3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569lmwVnlskN
+JLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE4VGC/6zStGndLuwRo0Xu
+a2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uva9of08WRiFukiZLRgeaMOVig1mlDqa2Y
+Ulhu2wr7a89o+uOkXjpFc5gH6l8Cct4MpbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K
+5FrZx40d/JiZ+yykgmvwKh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEv
+dmn8kN3bLW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcYAuUR
+0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqBAGMUuTNe3QvboEUH
+GjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYqE613TBoYm5EPWNgGVMWX+Ko/IIqm
+haZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHrW2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQ
+CPxrvrNQKlr9qEgYRtaQQJKQCoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAUX15QvWiWkKQU
+EapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3f5Z2EMVGpdAgS1D0NTsY9FVq
+QRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxajaH6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxD
+QpSbIPDRzbLrLFPCU3hKTwSUQZqPJzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcR
+j88YxeMn/ibvBZ3PzzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5
+vZStjBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0/L5H9MG0
+qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pTBGIBnfHAT+7hOtSLIBD6
+Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79aPib8qXPMThcFarmlwDB31qlpzmq6YR/
+PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YWxw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnn
+kf3/W9b3raYvAwtt41dU63ZTGI0RmLo=
+-----END CERTIFICATE-----
+
+HARICA TLS ECC Root CA 2021
+===========================
+-----BEGIN CERTIFICATE-----
+MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQswCQYDVQQGEwJH
+UjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBD
+QTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoX
+DTQ1MDIxMzExMDEwOVowbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWlj
+IGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJv
+b3QgQ0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7KKrxcm1l
+AEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9YSTHMmE5gEYd103KUkE+b
+ECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW
+0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAi
+rcJRQO9gcS3ujwLEXQNwSaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/Qw
+CZ61IygNnxS2PFOiTAZpffpskcYqSUXm7LcT4Tps
+-----END CERTIFICATE-----
+
+Autoridad de Certificacion Firmaprofesional CIF A62634068
+=========================================================
+-----BEGIN CERTIFICATE-----
+MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCRVMxQjBA
+BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1MDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIw
+QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB
+NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD
+Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P
+B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY
+7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH
+ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI
+plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX
+MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX
+LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK
+bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU
+vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1Ud
+DgQWBBRlzeurNR4APn7VdMActHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4w
+gZswgZgGBFUdIAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j
+b20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABCAG8AbgBhAG4A
+bwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAwADEANzAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9miWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL
+4QjbEwj4KKE1soCzC1HA01aajTNFSa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDb
+LIpgD7dvlAceHabJhfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1il
+I45PVf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZEEAEeiGaP
+cjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV1aUsIC+nmCjuRfzxuIgA
+LI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2tCsvMo2ebKHTEm9caPARYpoKdrcd7b/+A
+lun4jWq9GJAd/0kakFI3ky88Al2CdgtR5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH
+9IBk9W6VULgRfhVwOEqwf9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpf
+NIbnYrX9ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNKGbqE
+ZycPvEJdvSRUDewdcAZfpLz6IHxV
+-----END CERTIFICATE-----
+
+vTrus ECC Root CA
+=================
+-----BEGIN CERTIFICATE-----
+MIICDzCCAZWgAwIBAgIUbmq8WapTvpg5Z6LSa6Q75m0c1towCgYIKoZIzj0EAwMwRzELMAkGA1UE
+BhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBS
+b290IENBMB4XDTE4MDczMTA3MjY0NFoXDTQzMDczMTA3MjY0NFowRzELMAkGA1UEBhMCQ04xHDAa
+BgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBSb290IENBMHYw
+EAYHKoZIzj0CAQYFK4EEACIDYgAEZVBKrox5lkqqHAjDo6LN/llWQXf9JpRCux3NCNtzslt188+c
+ToL0v/hhJoVs1oVbcnDS/dtitN9Ti72xRFhiQgnH+n9bEOf+QP3A2MMrMudwpremIFUde4BdS49n
+TPEQo0IwQDAdBgNVHQ4EFgQUmDnNvtiyjPeyq+GtJK97fKHbH88wDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIwV53dVvHH4+m4SVBrm2nDb+zDfSXkV5UT
+QJtS0zvzQBm8JsctBp61ezaf9SXUY2sAAjEA6dPGnlaaKsyh2j/IZivTWJwghfqrkYpwcBE4YGQL
+YgmRWAD5Tfs0aNoJrSEGGJTO
+-----END CERTIFICATE-----
+
+vTrus Root CA
+=============
+-----BEGIN CERTIFICATE-----
+MIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQELBQAwQzELMAkG
+A1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xFjAUBgNVBAMTDXZUcnVzIFJv
+b3QgQ0EwHhcNMTgwNzMxMDcyNDA1WhcNNDMwNzMxMDcyNDA1WjBDMQswCQYDVQQGEwJDTjEcMBoG
+A1UEChMTaVRydXNDaGluYSBDby4sTHRkLjEWMBQGA1UEAxMNdlRydXMgUm9vdCBDQTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL1VfGHTuB0EYgWgrmy3cLRB6ksDXhA/kFocizuwZots
+SKYcIrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykUAyyNJJrI
+ZIO1aqwTLDPxn9wsYTwaP3BVm60AUn/PBLn+NvqcwBauYv6WTEN+VRS+GrPSbcKvdmaVayqwlHeF
+XgQPYh1jdfdr58tbmnDsPmcF8P4HCIDPKNsFxhQnL4Z98Cfe/+Z+M0jnCx5Y0ScrUw5XSmXX+6KA
+YPxMvDVTAWqXcoKv8R1w6Jz1717CbMdHflqUhSZNO7rrTOiwCcJlwp2dCZtOtZcFrPUGoPc2BX70
+kLJrxLT5ZOrpGgrIDajtJ8nU57O5q4IikCc9Kuh8kO+8T/3iCiSn3mUkpF3qwHYw03dQ+A0Em5Q2
+AXPKBlim0zvc+gRGE1WKyURHuFE5Gi7oNOJ5y1lKCn+8pu8fA2dqWSslYpPZUxlmPCdiKYZNpGvu
+/9ROutW04o5IWgAZCfEF2c6Rsffr6TlP9m8EQ5pV9T4FFL2/s1m02I4zhKOQUqqzApVg+QxMaPnu
+1RcN+HFXtSXkKe5lXa/R7jwXC1pDxaWG6iSe4gUH3DRCEpHWOXSuTEGC2/KmSNGzm/MzqvOmwMVO
+9fSddmPmAsYiS8GVP1BkLFTltvA8Kc9XAgMBAAGjQjBAMB0GA1UdDgQWBBRUYnBj8XWEQ1iO0RYg
+scasGrz2iTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
+AgEAKbqSSaet8PFww+SX8J+pJdVrnjT+5hpk9jprUrIQeBqfTNqK2uwcN1LgQkv7bHbKJAs5EhWd
+nxEt/Hlk3ODg9d3gV8mlsnZwUKT+twpw1aA08XXXTUm6EdGz2OyC/+sOxL9kLX1jbhd47F18iMjr
+jld22VkE+rxSH0Ws8HqA7Oxvdq6R2xCOBNyS36D25q5J08FsEhvMKar5CKXiNxTKsbhm7xqC5PD4
+8acWabfbqWE8n/Uxy+QARsIvdLGx14HuqCaVvIivTDUHKgLKeBRtRytAVunLKmChZwOgzoy8sHJn
+xDHO2zTlJQNgJXtxmOTAGytfdELSS8VZCAeHvsXDf+eW2eHcKJfWjwXj9ZtOyh1QRwVTsMo554Wg
+icEFOwE30z9J4nfrI8iIZjs9OXYhRvHsXyO466JmdXTBQPfYaJqT4i2pLr0cox7IdMakLXogqzu4
+sEb9b91fUlV1YvCXoHzXOP0l382gmxDPi7g4Xl7FtKYCNqEeXxzP4padKar9mK5S4fNBUvupLnKW
+nyfjqnN9+BojZns7q2WwMgFLFT49ok8MKzWixtlnEjUwzXYuFrOZnk1PTi07NEPhmg4NpGaXutIc
+SkwsKouLgU9xGqndXHt7CMUADTdA43x7VF8vhV929vensBxXVsFy6K2ir40zSbofitzmdHxghm+H
+l3s=
+-----END CERTIFICATE-----
+
+ISRG Root X2
+============
+-----BEGIN CERTIFICATE-----
+MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQswCQYDVQQGEwJV
+UzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElT
+UkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVT
+MSkwJwYDVQQKEyBJbnRlcm5ldCBTZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNS
+RyBSb290IFgyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0H
+ttwW+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9ItgKbppb
+d9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZIzj0EAwMDaAAwZQIwe3lORlCEwkSHRhtF
+cP9Ymd70/aTSVaYgLXTWNLxBo1BfASdWtL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5
+U6VR5CmD1/iQMVtCnwr1/q4AaOeMSQ+2b1tbFfLn
+-----END CERTIFICATE-----
+
+HiPKI Root CA - G1
+==================
+-----BEGIN CERTIFICATE-----
+MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQG
+EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xGzAZBgNVBAMMEkhpUEtJ
+IFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRaFw0zNzEyMzExNTU5NTlaME8xCzAJBgNVBAYT
+AlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEbMBkGA1UEAwwSSGlQS0kg
+Um9vdCBDQSAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9B5/UnMyDHPkvRN0
+o9QwqNCuS9i233VHZvR85zkEHmpwINJaR3JnVfSl6J3VHiGh8Ge6zCFovkRTv4354twvVcg3Px+k
+wJyz5HdcoEb+d/oaoDjq7Zpy3iu9lFc6uux55199QmQ5eiY29yTw1S+6lZgRZq2XNdZ1AYDgr/SE
+YYwNHl98h5ZeQa/rh+r4XfEuiAU+TCK72h8q3VJGZDnzQs7ZngyzsHeXZJzA9KMuH5UHsBffMNsA
+GJZMoYFL3QRtU6M9/Aes1MU3guvklQgZKILSQjqj2FPseYlgSGDIcpJQ3AOPgz+yQlda22rpEZfd
+hSi8MEyr48KxRURHH+CKFgeW0iEPU8DtqX7UTuybCeyvQqww1r/REEXgphaypcXTT3OUM3ECoWqj
+1jOXTyFjHluP2cFeRXF3D4FdXyGarYPM+l7WjSNfGz1BryB1ZlpK9p/7qxj3ccC2HTHsOyDry+K4
+9a6SsvfhhEvyovKTmiKe0xRvNlS9H15ZFblzqMF8b3ti6RZsR1pl8w4Rm0bZ/W3c1pzAtH2lsN0/
+Vm+h+fbkEkj9Bn8SV7apI09bA8PgcSojt/ewsTu8mL3WmKgMa/aOEmem8rJY5AIJEzypuxC00jBF
+8ez3ABHfZfjcK0NVvxaXxA/VLGGEqnKG/uY6fsI/fe78LxQ+5oXdUG+3Se0CAwEAAaNCMEAwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ncX+l6o/vY9cdVouslGDDjYr7AwDgYDVR0PAQH/BAQD
+AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBQUfB13HAE4/+qddRxosuej6ip0691x1TPOhwEmSKsxBHi
+7zNKpiMdDg1H2DfHb680f0+BazVP6XKlMeJ45/dOlBhbQH3PayFUhuaVevvGyuqcSE5XCV0vrPSl
+tJczWNWseanMX/mF+lLFjfiRFOs6DRfQUsJ748JzjkZ4Bjgs6FzaZsT0pPBWGTMpWmWSBUdGSquE
+wx4noR8RkpkndZMPvDY7l1ePJlsMu5wP1G4wB9TcXzZoZjmDlicmisjEOf6aIW/Vcobpf2Lll07Q
+JNBAsNB1CI69aO4I1258EHBGG3zgiLKecoaZAeO/n0kZtCW+VmWuF2PlHt/o/0elv+EmBYTksMCv
+5wiZqAxeJoBF1PhoL5aPruJKHJwWDBNvOIf2u8g0X5IDUXlwpt/L9ZlNec1OvFefQ05rLisY+Gpz
+jLrFNe85akEez3GoorKGB1s6yeHvP2UEgEcyRHCVTjFnanRbEEV16rCf0OY1/k6fi8wrkkVbbiVg
+hUbN0aqwdmaTd5a+g744tiROJgvM7XpWGuDpWsZkrUx6AEhEL7lAuxM+vhV4nYWBSipX3tUZQ9rb
+yltHhoMLP7YNdnhzeSJesYAfz77RP1YQmCuVh6EfnWQUYDksswBVLuT1sw5XxJFBAJw/6KXf6vb/
+yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ==
+-----END CERTIFICATE-----
+
+GlobalSign ECC Root CA - R4
+===========================
+-----BEGIN CERTIFICATE-----
+MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYDVQQLExtHbG9i
+YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgwMTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9i
+YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkW
+ymOxuYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNVHQ8BAf8E
+BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/+wpu+74zyTyjhNUwCgYI
+KoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147bmF0774BxL4YSFlhgjICICadVGNA3jdg
+UM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm
+-----END CERTIFICATE-----
+
+GTS Root R1
+===========
+-----BEGIN CERTIFICATE-----
+MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV
+UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg
+UjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE
+ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM
+f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7raKb0
+xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjwTcLCeoiKu7rPWRnWr4+w
+B7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0PfyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXW
+nOunVmSPlk9orj2XwoSPwLxAwAtcvfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk
+9+aCEI3oncKKiPo4Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zq
+kUspzBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92wO1A
+K/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70paDPvOmbsB4om3xPX
+V2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDW
+cfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQAD
+ggIBAJ+qQibbC5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe
+QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuyh6f88/qBVRRi
+ClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM47HLwEXWdyzRSjeZ2axfG34ar
+J45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8JZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYci
+NuaCp+0KueIHoI17eko8cdLiA6EfMgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5me
+LMFrUKTX5hgUvYU/Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJF
+fbdT6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ0E6yove+
+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm2tIMPNuzjsmhDYAPexZ3
+FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bbbP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3
+gm3c
+-----END CERTIFICATE-----
+
+GTS Root R2
+===========
+-----BEGIN CERTIFICATE-----
+MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV
+UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg
+UjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE
+ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv
+CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY6Dlo7JUl
+e3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAuMC6C/Pq8tBcKSOWIm8Wb
+a96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS
++LFjKBC4swm4VndAoiaYecb+3yXuPuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7M
+kogwTZq9TwtImoS1mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJG
+r61K8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RWIr9q
+S34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKaG73VululycslaVNV
+J1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCqgc7dGtxRcw1PcOnlthYhGXmy5okL
+dWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQAD
+ggIBAB/Kzt3HvqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8
+0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyCB19m3H0Q/gxh
+swWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2uNmSRXbBoGOqKYcl3qJfEycel
+/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMgyALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVn
+jWQye+mew4K6Ki3pHrTgSAai/GevHyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y5
+9PYjJbigapordwj6xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M
+7YNRTOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924SgJPFI/2R8
+0L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV7LXTWtiBmelDGDfrs7vR
+WGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjW
+HYbL
+-----END CERTIFICATE-----
+
+GTS Root R3
+===========
+-----BEGIN CERTIFICATE-----
+MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi
+MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMw
+HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ
+R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout
+736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL24CejQjBA
+MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP0/Eq
+Er24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azT
+L818+FsuVbu/3ZL3pAzcMeGiAjEA/JdmZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV
+11RZt+cRLInUue4X
+-----END CERTIFICATE-----
+
+GTS Root R4
+===========
+-----BEGIN CERTIFICATE-----
+MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi
+MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQw
+HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ
+R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu
+hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvRHYqjQjBA
+MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSATNbrdP9JNqPV2Py1
+PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/C
+r8deVl5c1RxYIigL9zC2L7F8AjEA8GE8p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh
+4rsUecrNIdSUtUlD
+-----END CERTIFICATE-----
+
+Telia Root CA v2
+================
+-----BEGIN CERTIFICATE-----
+MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYT
+AkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2
+MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQK
+DBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ7
+6zBqAMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9vVYiQJ3q
+9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9lRdU2HhE8Qx3FZLgmEKn
+pNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTODn3WhUidhOPFZPY5Q4L15POdslv5e2QJl
+tI5c0BE0312/UqeBAMN/mUWZFdUXyApT7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW
+5olWK8jjfN7j/4nlNW4o6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNr
+RBH0pUPCTEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6WT0E
+BXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63RDolUK5X6wK0dmBR4
+M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZIpEYslOqodmJHixBTB0hXbOKSTbau
+BcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGjYzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7W
+xy+G2CQ5MB0GA1UdDgQWBBRyrOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ
+8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi0f6X+J8wfBj5
+tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMMA8iZGok1GTzTyVR8qPAs5m4H
+eW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBSSRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+C
+y748fdHif64W1lZYudogsYMVoe+KTTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygC
+QMez2P2ccGrGKMOF6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15
+h2Er3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMtTy3EHD70
+sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pTVmBds9hCG1xLEooc6+t9
+xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAWysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQ
+raVplI/owd8k+BsHMYeB2F326CjYSlKArBPuUBQemMc=
+-----END CERTIFICATE-----
+
+D-TRUST BR Root CA 1 2020
+=========================
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE
+RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEJSIFJvb3QgQ0EgMSAy
+MDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5NDQ1OVowSDELMAkGA1UEBhMCREUxFTATBgNV
+BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDEgMjAyMDB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABMbLxyjR+4T1mu9CFCDhQ2tuda38KwOE1HaTJddZO0Flax7mNCq7
+dPYSzuht56vkPE4/RAiLzRZxy7+SmfSk1zxQVFKQhYN4lGdnoxwJGT11NIXe7WB9xwy0QVK5buXu
+QqOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHOREKv/VbNafAkl1bK6CKBrqx9t
+MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu
+bmV0L2NybC9kLXRydXN0X2JyX3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj
+dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwQlIlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP
+PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD
+AwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFWwKrY7RjEsK70Pvom
+AjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHVdWNbFJWcHwHP2NVypw87
+-----END CERTIFICATE-----
+
+D-TRUST EV Root CA 1 2020
+=========================
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE
+RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEVWIFJvb3QgQ0EgMSAy
+MDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5NTk1OVowSDELMAkGA1UEBhMCREUxFTATBgNV
+BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDEgMjAyMDB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABPEL3YZDIBnfl4XoIkqbz52Yv7QFJsnL46bSj8WeeHsxiamJrSc8
+ZRCC/N/DnU7wMyPE0jL1HLDfMxddxfCxivnvubcUyilKwg+pf3VlSSowZ/Rk99Yad9rDwpdhQntJ
+raOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFH8QARY3OqQo5FD4pPfsazK2/umL
+MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu
+bmV0L2NybC9kLXRydXN0X2V2X3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj
+dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwRVYlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP
+PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD
+AwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CAy/m0sRtW9XLS/BnR
+AjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJbgfM0agPnIjhQW+0ZT0MW
+-----END CERTIFICATE-----
+
+DigiCert TLS ECC P384 Root G5
+=============================
+-----BEGIN CERTIFICATE-----
+MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURpZ2lDZXJ0IFRMUyBFQ0MgUDM4
+NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMx
+FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQg
+Um9vdCBHNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1Tzvd
+lHJS7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp0zVozptj
+n4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICISB4CIfBFqMA4GA1UdDwEB
+/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQCJao1H5+z8blUD2Wds
+Jk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQLgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIx
+AJSdYsiJvRmEFOml+wG4DXZDjC5Ty3zfDBeWUA==
+-----END CERTIFICATE-----
+
+DigiCert TLS RSA4096 Root G5
+============================
+-----BEGIN CERTIFICATE-----
+MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBNMQswCQYDVQQG
+EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0
+MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcNNDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2
+IFJvb3QgRzUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS8
+7IE+ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG02C+JFvuU
+AT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgpwgscONyfMXdcvyej/Ces
+tyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZMpG2T6T867jp8nVid9E6P/DsjyG244gXa
+zOvswzH016cpVIDPRFtMbzCe88zdH5RDnU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnV
+DdXifBBiqmvwPXbzP6PosMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9q
+TXeXAaDxZre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cdLvvy
+z6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvXKyY//SovcfXWJL5/
+MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNeXoVPzthwiHvOAbWWl9fNff2C+MIk
+wcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPLtgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4E
+FgQUUTMc7TZArxfTJc1paPKvTiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw
+GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7HPNtQOa27PShN
+lnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLFO4uJ+DQtpBflF+aZfTCIITfN
+MBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQREtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/
+u4cnYiWB39yhL/btp/96j1EuMPikAdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9G
+OUrYU9DzLjtxpdRv/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh
+47a+p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilwMUc/dNAU
+FvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WFqUITVuwhd4GTWgzqltlJ
+yqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCKovfepEWFJqgejF0pW8hL2JpqA15w8oVP
+bEtoL8pU9ozaMv7Da4M/OMZ+
+-----END CERTIFICATE-----
+
+Certainly Root R1
+=================
+-----BEGIN CERTIFICATE-----
+MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UE
+BhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2VydGFpbmx5IFJvb3QgUjEwHhcN
+MjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2Vy
+dGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBANA21B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O
+5MQTvqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbedaFySpvXl
+8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b01C7jcvk2xusVtyWMOvwl
+DbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5r3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGI
+XsXwClTNSaa/ApzSRKft43jvRl5tcdF5cBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkN
+KPl6I7ENPT2a/Z2B7yyQwHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQ
+AjeZjOVJ6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA2Cnb
+rlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyHWyf5QBGenDPBt+U1
+VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMReiFPCyEQtkA6qyI6BJyLm4SGcprS
+p6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBTgqj8ljZ9EXME66C6ud0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAsz
+HQNTVfSVcOQrPbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d
+8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi1wrykXprOQ4v
+MMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrdrRT90+7iIgXr0PK3aBLXWopB
+GsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9ditaY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+
+gjwN/KUD+nsa2UUeYNrEjvn8K8l7lcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgH
+JBu6haEaBQmAupVjyTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7
+fpYnKx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLyyCwzk5Iw
+x06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5nwXARPbv0+Em34yaXOp/S
+X3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6OV+KmalBWQewLK8=
+-----END CERTIFICATE-----
+
+Certainly Root E1
+=================
+-----BEGIN CERTIFICATE-----
+MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQswCQYDVQQGEwJV
+UzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBFMTAeFw0yMTA0
+MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlu
+bHkxGjAYBgNVBAMTEUNlcnRhaW5seSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4
+fxzf7flHh4axpMCK+IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9
+YBk2QNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4hevIIgcwCgYIKoZIzj0E
+AwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozmut6Dacpps6kFtZaSF4fC0urQe87YQVt8
+rgIwRt7qy12a7DLCZRawTDBcMPPaTnOGBtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR
+-----END CERTIFICATE-----
+
+Security Communication RootCA3
+==============================
+-----BEGIN CERTIFICATE-----
+MIIFfzCCA2egAwIBAgIJAOF8N0D9G/5nMA0GCSqGSIb3DQEBDAUAMF0xCzAJBgNVBAYTAkpQMSUw
+IwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQDEx5TZWN1cml0eSBD
+b21tdW5pY2F0aW9uIFJvb3RDQTMwHhcNMTYwNjE2MDYxNzE2WhcNMzgwMTE4MDYxNzE2WjBdMQsw
+CQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UE
+AxMeU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA48lySfcw3gl8qUCBWNO0Ot26YQ+TUG5pPDXC7ltzkBtnTCHsXzW7OT4rCmDvu20r
+hvtxosis5FaU+cmvsXLUIKx00rgVrVH+hXShuRD+BYD5UpOzQD11EKzAlrenfna84xtSGc4RHwsE
+NPXY9Wk8d/Nk9A2qhd7gCVAEF5aEt8iKvE1y/By7z/MGTfmfZPd+pmaGNXHIEYBMwXFAWB6+oHP2
+/D5Q4eAvJj1+XCO1eXDe+uDRpdYMQXF79+qMHIjH7Iv10S9VlkZ8WjtYO/u62C21Jdp6Ts9EriGm
+npjKIG58u4iFW/vAEGK78vknR+/RiTlDxN/e4UG/VHMgly1s2vPUB6PmudhvrvyMGS7TZ2crldtY
+XLVqAvO4g160a75BflcJdURQVc1aEWEhCmHCqYj9E7wtiS/NYeCVvsq1e+F7NGcLH7YMx3weGVPK
+p7FKFSBWFHA9K4IsD50VHUeAR/94mQ4xr28+j+2GaR57GIgUssL8gjMunEst+3A7caoreyYn8xrC
+3PsXuKHqy6C0rtOUfnrQq8PsOC0RLoi/1D+tEjtCrI8Cbn3M0V9hvqG8OmpI6iZVIhZdXw3/JzOf
+GAN0iltSIEdrRU0id4xVJ/CvHozJgyJUt5rQT9nO/NkuHJYosQLTA70lUhw0Zk8jq/R3gpYd0Vcw
+CBEF/VfR2ccCAwEAAaNCMEAwHQYDVR0OBBYEFGQUfPxYchamCik0FW8qy7z8r6irMA4GA1UdDwEB
+/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQDcAiMI4u8hOscNtybS
+YpOnpSNyByCCYN8Y11StaSWSntkUz5m5UoHPrmyKO1o5yGwBQ8IibQLwYs1OY0PAFNr0Y/Dq9HHu
+Tofjcan0yVflLl8cebsjqodEV+m9NU1Bu0soo5iyG9kLFwfl9+qd9XbXv8S2gVj/yP9kaWJ5rW4O
+H3/uHWnlt3Jxs/6lATWUVCvAUm2PVcTJ0rjLyjQIUYWg9by0F1jqClx6vWPGOi//lkkZhOpn2ASx
+YfQAW0q3nHE3GYV5v4GwxxMOdnE+OoAGrgYWp421wsTL/0ClXI2lyTrtcoHKXJg80jQDdwj98ClZ
+XSEIx2C/pHF7uNkegr4Jr2VvKKu/S7XuPghHJ6APbw+LP6yVGPO5DtxnVW5inkYO0QR4ynKudtml
++LLfiAlhi+8kTtFZP1rUPcmTPCtk9YENFpb3ksP+MW/oKjJ0DvRMmEoYDjBU1cXrvMUVnuiZIesn
+KwkK2/HmcBhWuwzkvvnoEKQTkrgc4NtnHVMDpCKn3F2SEDzq//wbEBrD2NCcnWXL0CsnMQMeNuE9
+dnUM/0Umud1RvCPHX9jYhxBAEg09ODfnRDwYwFMJZI//1ZqmfHAuc1Uh6N//g7kdPjIe1qZ9LPFm
+6Vwdp6POXiUyK+OVrCoHzrQoeIY8LaadTdJ0MN1kURXbg4NR16/9M51NZg==
+-----END CERTIFICATE-----
+
+Security Communication ECC RootCA1
+==================================
+-----BEGIN CERTIFICATE-----
+MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYTAkpQMSUwIwYD
+VQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYDVQQDEyJTZWN1cml0eSBDb21t
+dW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYxNjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTEL
+MAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNV
+BAMTIlNlY3VyaXR5IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+CnnfdldB9sELLo
+5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpKULGjQjBAMB0GA1UdDgQW
+BBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAK
+BggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3L
+snNdo4gIxwwCMQDAqy0Obe0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70e
+N9k=
+-----END CERTIFICATE-----
+
+BJCA Global Root CA1
+====================
+-----BEGIN CERTIFICATE-----
+MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQG
+EwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJK
+Q0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAzMTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkG
+A1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQD
+DBRCSkNBIEdsb2JhbCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFm
+CL3ZxRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZspDyRhyS
+sTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O558dnJCNPYwpj9mZ9S1Wn
+P3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgRat7GGPZHOiJBhyL8xIkoVNiMpTAK+BcW
+yqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRj
+eulumijWML3mG90Vr4TqnMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNn
+MoH1V6XKV0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/pj+b
+OT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZOz2nxbkRs1CTqjSSh
+GL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXnjSXWgXSHRtQpdaJCbPdzied9v3pK
+H9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMB
+AAGjQjBAMB0GA1UdDgQWBBTF7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4
+YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3KliawLwQ8hOnThJ
+dMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u+2D2/VnGKhs/I0qUJDAnyIm8
+60Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuh
+TaRjAv04l5U/BXCga99igUOLtFkNSoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW
+4AB+dAb/OMRyHdOoP2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmp
+GQrI+pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRzznfSxqxx
+4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9eVzYH6Eze9mCUAyTF6ps
+3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4S
+SPfSKcOYKMryMguTjClPPGAyzQWWYezyr/6zcCwupvI=
+-----END CERTIFICATE-----
+
+BJCA Global Root CA2
+====================
+-----BEGIN CERTIFICATE-----
+MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQswCQYDVQQGEwJD
+TjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJKQ0Eg
+R2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgyMVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UE
+BhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRC
+SkNBIEdsb2JhbCBSb290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jl
+SR9BIgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK++kpRuDCK
+/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJKsVF/BvDRgh9Obl+rg/xI
+1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8
+W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8g
+UXOQwKhbYdDFUDn9hf7B43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w==
+-----END CERTIFICATE-----
+
+Sectigo Public Server Authentication Root E46
+=============================================
+-----BEGIN CERTIFICATE-----
+MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQswCQYDVQQGEwJH
+QjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBTZXJ2
+ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5
+WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0
+aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccCWvkEN/U0
+NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+6xnOQ6OjQjBAMB0GA1Ud
+DgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAKBggqhkjOPQQDAwNnADBkAjAn7qRaqCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RH
+lAFWovgzJQxC36oCMB3q4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21U
+SAGKcw==
+-----END CERTIFICATE-----
+
+Sectigo Public Server Authentication Root R46
+=============================================
+-----BEGIN CERTIFICATE-----
+MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBfMQswCQYDVQQG
+EwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT
+ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1
+OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T
+ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDaef0rty2k
+1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnzSDBh+oF8HqcIStw+Kxwf
+GExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xfiOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMP
+FF1bFOdLvt30yNoDN9HWOaEhUTCDsG3XME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vu
+ZDCQOc2TZYEhMbUjUDM3IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5Qaz
+Yw6A3OASVYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgESJ/A
+wSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu+Zd4KKTIRJLpfSYF
+plhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt8uaZFURww3y8nDnAtOFr94MlI1fZ
+EoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+LHaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW
+6aWWrL3DkJiy4Pmi1KZHQ3xtzwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWI
+IUkwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c
+mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQYKlJfp/imTYp
+E0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52gDY9hAaLMyZlbcp+nv4fjFg4
+exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZAFv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M
+0ejf5lG5Nkc/kLnHvALcWxxPDkjBJYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI
+84HxZmduTILA7rpXDhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9m
+pFuiTdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5dHn5Hrwd
+Vw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65LvKRRFHQV80MNNVIIb/b
+E/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmm
+J1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAYQqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL
+-----END CERTIFICATE-----
+
+SSL.com TLS RSA Root CA 2022
+============================
+-----BEGIN CERTIFICATE-----
+MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQG
+EwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBSU0Eg
+Um9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloXDTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMC
+VVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJv
+b3QgQ0EgMjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u
+9nTPL3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OYt6/wNr/y
+7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0insS657Lb85/bRi3pZ7Qcac
+oOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3PnxEX4MN8/HdIGkWCVDi1FW24IBydm5M
+R7d1VVm0U3TZlMZBrViKMWYPHqIbKUBOL9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDG
+D6C1vBdOSHtRwvzpXGk3R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEW
+TO6Af77wdr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS+YCk
+8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYSd66UNHsef8JmAOSq
+g+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoGAtUjHBPW6dvbxrB6y3snm/vg1UYk
+7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2fgTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1Ud
+EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsu
+N+7jhHonLs0ZNbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt
+hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsMQtfhWsSWTVTN
+j8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvfR4iyrT7gJ4eLSYwfqUdYe5by
+iB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJDPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjU
+o3KUQyxi4U5cMj29TH0ZR6LDSeeWP4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqo
+ENjwuSfr98t67wVylrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7Egkaib
+MOlqbLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2wAgDHbICi
+vRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3qr5nsLFR+jM4uElZI7xc7
+P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sjiMho6/4UIyYOf8kpIEFR3N+2ivEC+5BB0
+9+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA=
+-----END CERTIFICATE-----
+
+SSL.com TLS ECC Root CA 2022
+============================
+-----BEGIN CERTIFICATE-----
+MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV
+UzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBFQ0MgUm9v
+dCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3Qg
+Q0EgMjAyMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWy
+JGYmacCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFNSeR7T5v1
+5wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSJjy+j6CugFFR7
+81a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NWuCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGG
+MAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w
+7deedWo1dlJF4AIxAMeNb0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5
+Zn6g6g==
+-----END CERTIFICATE-----
+
+Atos TrustedRoot Root CA ECC TLS 2021
+=====================================
+-----BEGIN CERTIFICATE-----
+MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4wLAYDVQQDDCVB
+dG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQswCQYD
+VQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3Mg
+VHJ1c3RlZFJvb3QgUm9vdCBDQSBFQ0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYT
+AkRFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6K
+DP/XtXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4AjJn8ZQS
+b+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2KCXWfeBmmnoJsmo7jjPX
+NtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaAAwZQIwW5kp85wxtolrbNa9d+F851F+
+uDrNozZffPc8dz7kUK2o59JZDCaOMDtuCCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGY
+a3cpetskz2VAv9LcjBHo9H1/IISpQuQo
+-----END CERTIFICATE-----
+
+Atos TrustedRoot Root CA RSA TLS 2021
+=====================================
+-----BEGIN CERTIFICATE-----
+MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBMMS4wLAYDVQQD
+DCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQsw
+CQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0
+b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNV
+BAYTAkRFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BB
+l01Z4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYvYe+W/CBG
+vevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZkmGbzSoXfduP9LVq6hdK
+ZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDsGY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt
+0xU6kGpn8bRrZtkh68rZYnxGEFzedUlnnkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVK
+PNe0OwANwI8f4UDErmwh3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMY
+sluMWuPD0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzygeBY
+Br3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8ANSbhqRAvNncTFd+
+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezBc6eUWsuSZIKmAMFwoW4sKeFYV+xa
+fJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lIpw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUdEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0G
+CSqGSIb3DQEBDAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS
+4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPso0UvFJ/1TCpl
+Q3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJqM7F78PRreBrAwA0JrRUITWX
+AdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuywxfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9G
+slA9hGCZcbUztVdF5kJHdWoOsAgMrr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2Vkt
+afcxBPTy+av5EzH4AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9q
+TFsR0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuYo7Ey7Nmj
+1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5dDTedk+SKlOxJTnbPP/l
+PqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcEoji2jbDwN/zIIX8/syQbPYtuzE2wFg2W
+HYMfRsCbvUOZ58SWLs5fyQ==
+-----END CERTIFICATE-----
+
+TrustAsia Global Root CA G3
+===========================
+-----BEGIN CERTIFICATE-----
+MIIFpTCCA42gAwIBAgIUZPYOZXdhaqs7tOqFhLuxibhxkw8wDQYJKoZIhvcNAQEMBQAwWjELMAkG
+A1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMM
+G1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHMzAeFw0yMTA1MjAwMjEwMTlaFw00NjA1MTkwMjEw
+MTlaMFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMu
+MSQwIgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzMwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDAMYJhkuSUGwoqZdC+BqmHO1ES6nBBruL7dOoKjbmzTNyPtxNST1QY4Sxz
+lZHFZjtqz6xjbYdT8PfxObegQ2OwxANdV6nnRM7EoYNl9lA+sX4WuDqKAtCWHwDNBSHvBm3dIZwZ
+Q0WhxeiAysKtQGIXBsaqvPPW5vxQfmZCHzyLpnl5hkA1nyDvP+uLRx+PjsXUjrYsyUQE49RDdT/V
+P68czH5GX6zfZBCK70bwkPAPLfSIC7Epqq+FqklYqL9joDiR5rPmd2jE+SoZhLsO4fWvieylL1Ag
+dB4SQXMeJNnKziyhWTXAyB1GJ2Faj/lN03J5Zh6fFZAhLf3ti1ZwA0pJPn9pMRJpxx5cynoTi+jm
+9WAPzJMshH/x/Gr8m0ed262IPfN2dTPXS6TIi/n1Q1hPy8gDVI+lhXgEGvNz8teHHUGf59gXzhqc
+D0r83ERoVGjiQTz+LISGNzzNPy+i2+f3VANfWdP3kXjHi3dqFuVJhZBFcnAvkV34PmVACxmZySYg
+WmjBNb9Pp1Hx2BErW+Canig7CjoKH8GB5S7wprlppYiU5msTf9FkPz2ccEblooV7WIQn3MSAPmea
+mseaMQ4w7OYXQJXZRe0Blqq/DPNL0WP3E1jAuPP6Z92bfW1K/zJMtSU7/xxnD4UiWQWRkUF3gdCF
+TIcQcf+eQxuulXUtgQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEDk5PIj
+7zjKsK5Xf/IhMBY027ySMB0GA1UdDgQWBBRA5OTyI+84yrCuV3/yITAWNNu8kjAOBgNVHQ8BAf8E
+BAMCAQYwDQYJKoZIhvcNAQEMBQADggIBACY7UeFNOPMyGLS0XuFlXsSUT9SnYaP4wM8zAQLpw6o1
+D/GUE3d3NZ4tVlFEbuHGLige/9rsR82XRBf34EzC4Xx8MnpmyFq2XFNFV1pF1AWZLy4jVe5jaN/T
+G3inEpQGAHUNcoTpLrxaatXeL1nHo+zSh2bbt1S1JKv0Q3jbSwTEb93mPmY+KfJLaHEih6D4sTNj
+duMNhXJEIlU/HHzp/LgV6FL6qj6jITk1dImmasI5+njPtqzn59ZW/yOSLlALqbUHM/Q4X6RJpstl
+cHboCoWASzY9M/eVVHUl2qzEc4Jl6VL1XP04lQJqaTDFHApXB64ipCz5xUG3uOyfT0gA+QEEVcys
++TIxxHWVBqB/0Y0n3bOppHKH/lmLmnp0Ft0WpWIp6zqW3IunaFnT63eROfjXy9mPX1onAX1daBli
+2MjN9LdyR75bl87yraKZk62Uy5P2EgmVtqvXO9A/EcswFi55gORngS1d7XB4tmBZrOFdRWOPyN9y
+aFvqHbgB8X7754qz41SgOAngPN5C8sLtLpvzHzW2NtjjgKGLzZlkD8Kqq7HK9W+eQ42EVJmzbsAS
+ZthwEPEGNTNDqJwuuhQxzhB/HIbjj9LV+Hfsm6vxL2PZQl/gZ4FkkfGXL/xuJvYz+NO1+MRiqzFR
+JQJ6+N1rZdVtTTDIZbpoFGWsJwt0ivKH
+-----END CERTIFICATE-----
+
+TrustAsia Global Root CA G4
+===========================
+-----BEGIN CERTIFICATE-----
+MIICVTCCAdygAwIBAgIUTyNkuI6XY57GU4HBdk7LKnQV1tcwCgYIKoZIzj0EAwMwWjELMAkGA1UE
+BhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMMG1Ry
+dXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHNDAeFw0yMTA1MjAwMjEwMjJaFw00NjA1MTkwMjEwMjJa
+MFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQw
+IgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AATxs8045CVD5d4ZCbuBeaIVXxVjAd7Cq92zphtnS4CDr5nLrBfbK5bKfFJV4hrhPVbwLxYI+hW8
+m7tH5j/uqOFMjPXTNvk4XatwmkcN4oFBButJ+bAp3TPsUKV/eSm4IJijYzBhMA8GA1UdEwEB/wQF
+MAMBAf8wHwYDVR0jBBgwFoAUpbtKl86zK3+kMd6Xg1mDpm9xy94wHQYDVR0OBBYEFKW7SpfOsyt/
+pDHel4NZg6ZvccveMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjBe8usGzEkxn0AA
+bbd+NvBNEU/zy4k6LHiRUKNbwMp1JvK/kF0LgoxgKJ/GcJpo5PECMFxYDlZ2z1jD1xCMuo6u47xk
+dUfFVZDj/bpV6wfEU6s3qe4hsiFbYI89MvHVI5TWWA==
+-----END CERTIFICATE-----
+
+CommScope Public Trust ECC Root-01
+==================================
+-----BEGIN CERTIFICATE-----
+MIICHTCCAaOgAwIBAgIUQ3CCd89NXTTxyq4yLzf39H91oJ4wCgYIKoZIzj0EAwMwTjELMAkGA1UE
+BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz
+dCBFQ0MgUm9vdC0wMTAeFw0yMTA0MjgxNzM1NDNaFw00NjA0MjgxNzM1NDJaME4xCzAJBgNVBAYT
+AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg
+RUNDIFJvb3QtMDEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARLNumuV16ocNfQj3Rid8NeeqrltqLx
+eP0CflfdkXmcbLlSiFS8LwS+uM32ENEp7LXQoMPwiXAZu1FlxUOcw5tjnSCDPgYLpkJEhRGnSjot
+6dZoL0hOUysHP029uax3OVejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBSOB2LAUN3GGQYARnQE9/OufXVNMDAKBggqhkjOPQQDAwNoADBlAjEAnDPfQeMjqEI2
+Jpc1XHvr20v4qotzVRVcrHgpD7oh2MSg2NED3W3ROT3Ek2DS43KyAjB8xX6I01D1HiXo+k515liW
+pDVfG2XqYZpwI7UNo5uSUm9poIyNStDuiw7LR47QjRE=
+-----END CERTIFICATE-----
+
+CommScope Public Trust ECC Root-02
+==================================
+-----BEGIN CERTIFICATE-----
+MIICHDCCAaOgAwIBAgIUKP2ZYEFHpgE6yhR7H+/5aAiDXX0wCgYIKoZIzj0EAwMwTjELMAkGA1UE
+BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz
+dCBFQ0MgUm9vdC0wMjAeFw0yMTA0MjgxNzQ0NTRaFw00NjA0MjgxNzQ0NTNaME4xCzAJBgNVBAYT
+AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg
+RUNDIFJvb3QtMDIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR4MIHoYx7l63FRD/cHB8o5mXxO1Q/M
+MDALj2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmUv4RDsNuE
+SgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBTmGHX/72DehKT1RsfeSlXjMjZ59TAKBggqhkjOPQQDAwNnADBkAjAmc0l6tqvmSfR9
+Uj/UQQSugEODZXW5hYA4O9Zv5JOGq4/nich/m35rChJVYaoR4HkCMHfoMXGsPHED1oQmHhS48zs7
+3u1Z/GtMMH9ZzkXpc2AVmkzw5l4lIhVtwodZ0LKOag==
+-----END CERTIFICATE-----
+
+CommScope Public Trust RSA Root-01
+==================================
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIUPgNJgXUWdDGOTKvVxZAplsU5EN0wDQYJKoZIhvcNAQELBQAwTjELMAkG
+A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU
+cnVzdCBSU0EgUm9vdC0wMTAeFw0yMTA0MjgxNjQ1NTRaFw00NjA0MjgxNjQ1NTNaME4xCzAJBgNV
+BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1
+c3QgUlNBIFJvb3QtMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwSGWjDR1C45Ft
+nYSkYZYSwu3D2iM0GXb26v1VWvZVAVMP8syMl0+5UMuzAURWlv2bKOx7dAvnQmtVzslhsuitQDy6
+uUEKBU8bJoWPQ7VAtYXR1HHcg0Hz9kXHgKKEUJdGzqAMxGBWBB0HW0alDrJLpA6lfO741GIDuZNq
+ihS4cPgugkY4Iw50x2tBt9Apo52AsH53k2NC+zSDO3OjWiE260f6GBfZumbCk6SP/F2krfxQapWs
+vCQz0b2If4b19bJzKo98rwjyGpg/qYFlP8GMicWWMJoKz/TUyDTtnS+8jTiGU+6Xn6myY5QXjQ/c
+Zip8UlF1y5mO6D1cv547KI2DAg+pn3LiLCuz3GaXAEDQpFSOm117RTYm1nJD68/A6g3czhLmfTif
+BSeolz7pUcZsBSjBAg/pGG3svZwG1KdJ9FQFa2ww8esD1eo9anbCyxooSU1/ZOD6K9pzg4H/kQO9
+lLvkuI6cMmPNn7togbGEW682v3fuHX/3SZtS7NJ3Wn2RnU3COS3kuoL4b/JOHg9O5j9ZpSPcPYeo
+KFgo0fEbNttPxP/hjFtyjMcmAyejOQoBqsCyMWCDIqFPEgkBEa801M/XrmLTBQe0MXXgDW1XT2mH
++VepuhX2yFJtocucH+X8eKg1mp9BFM6ltM6UCBwJrVbl2rZJmkrqYxhTnCwuwwIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUN12mmnQywsL5x6YVEFm4
+5P3luG0wDQYJKoZIhvcNAQELBQADggIBAK+nz97/4L1CjU3lIpbfaOp9TSp90K09FlxD533Ahuh6
+NWPxzIHIxgvoLlI1pKZJkGNRrDSsBTtXAOnTYtPZKdVUvhwQkZyybf5Z/Xn36lbQnmhUQo8mUuJM
+3y+Xpi/SB5io82BdS5pYV4jvguX6r2yBS5KPQJqTRlnLX3gWsWc+QgvfKNmwrZggvkN80V4aCRck
+jXtdlemrwWCrWxhkgPut4AZ9HcpZuPN4KWfGVh2vtrV0KnahP/t1MJ+UXjulYPPLXAziDslg+Mkf
+Foom3ecnf+slpoq9uC02EJqxWE2aaE9gVOX2RhOOiKy8IUISrcZKiX2bwdgt6ZYD9KJ0DLwAHb/W
+NyVntHKLr4W96ioDj8z7PEQkguIBpQtZtjSNMgsSDesnwv1B10A8ckYpwIzqug/xBpMu95yo9GA+
+o/E4Xo4TwbM6l4c/ksp4qRyv0LAbJh6+cOx69TOY6lz/KwsETkPdY34Op054A5U+1C0wlREQKC6/
+oAI+/15Z0wUOlV9TRe9rh9VIzRamloPh37MG88EU26fsHItdkJANclHnYfkUyq+Dj7+vsQpZXdxc
+1+SWrVtgHdqul7I52Qb1dgAT+GhMIbA1xNxVssnBQVocicCMb3SgazNNtQEo/a2tiRc7ppqEvOuM
+6sRxJKi6KfkIsidWNTJf6jn7MZrVGczw
+-----END CERTIFICATE-----
+
+CommScope Public Trust RSA Root-02
+==================================
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIUVBa/O345lXGN0aoApYYNK496BU4wDQYJKoZIhvcNAQELBQAwTjELMAkG
+A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU
+cnVzdCBSU0EgUm9vdC0wMjAeFw0yMTA0MjgxNzE2NDNaFw00NjA0MjgxNzE2NDJaME4xCzAJBgNV
+BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1
+c3QgUlNBIFJvb3QtMDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDh+g77aAASyE3V
+rCLENQE7xVTlWXZjpX/rwcRqmL0yjReA61260WI9JSMZNRTpf4mnG2I81lDnNJUDMrG0kyI9p+Kx
+7eZ7Ti6Hmw0zdQreqjXnfuU2mKKuJZ6VszKWpCtYHu8//mI0SFHRtI1CrWDaSWqVcN3SAOLMV2MC
+e5bdSZdbkk6V0/nLKR8YSvgBKtJjCW4k6YnS5cciTNxzhkcAqg2Ijq6FfUrpuzNPDlJwnZXjfG2W
+Wy09X6GDRl224yW4fKcZgBzqZUPckXk2LHR88mcGyYnJ27/aaL8j7dxrrSiDeS/sOKUNNwFnJ5rp
+M9kzXzehxfCrPfp4sOcsn/Y+n2Dg70jpkEUeBVF4GiwSLFworA2iI540jwXmojPOEXcT1A6kHkIf
+hs1w/tkuFT0du7jyU1fbzMZ0KZwYszZ1OC4PVKH4kh+Jlk+71O6d6Ts2QrUKOyrUZHk2EOH5kQMr
+eyBUzQ0ZGshBMjTRsJnhkB4BQDa1t/qp5Xd1pCKBXbCL5CcSD1SIxtuFdOa3wNemKfrb3vOTlycE
+VS8KbzfFPROvCgCpLIscgSjX74Yxqa7ybrjKaixUR9gqiC6vwQcQeKwRoi9C8DfF8rhW3Q5iLc4t
+Vn5V8qdE9isy9COoR+jUKgF4z2rDN6ieZdIs5fq6M8EGRPbmz6UNp2YINIos8wIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUR9DnsSL/nSz12Vdgs7Gx
+cJXvYXowDQYJKoZIhvcNAQELBQADggIBAIZpsU0v6Z9PIpNojuQhmaPORVMbc0RTAIFhzTHjCLqB
+KCh6krm2qMhDnscTJk3C2OVVnJJdUNjCK9v+5qiXz1I6JMNlZFxHMaNlNRPDk7n3+VGXu6TwYofF
+1gbTl4MgqX67tiHCpQ2EAOHyJxCDut0DgdXdaMNmEMjRdrSzbymeAPnCKfWxkxlSaRosTKCL4BWa
+MS/TiJVZbuXEs1DIFAhKm4sTg7GkcrI7djNB3NyqpgdvHSQSn8h2vS/ZjvQs7rfSOBAkNlEv41xd
+gSGn2rtO/+YHqP65DSdsu3BaVXoT6fEqSWnHX4dXTEN5bTpl6TBcQe7rd6VzEojov32u5cSoHw2O
+HG1QAk8mGEPej1WFsQs3BWDJVTkSBKEqz3EWnzZRSb9wO55nnPt7eck5HHisd5FUmrh1CoFSl+Nm
+YWvtPjgelmFV4ZFUjO2MJB+ByRCac5krFk5yAD9UG/iNuovnFNa2RU9g7Jauwy8CTl2dlklyALKr
+dVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670v64fG9PiO/yzcnMcmyiQ
+iRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17Org3bhzjlP1v9mxnhMUF6cKojawHhRUzN
+lM47ni3niAIi9G7oyOzWPPO5std3eqx7
+-----END CERTIFICATE-----
+
+Telekom Security TLS ECC Root 2020
+==================================
+-----BEGIN CERTIFICATE-----
+MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQswCQYDVQQGEwJE
+RTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJUZWxl
+a29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIwMB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIz
+NTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkg
+R21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqG
+SM49AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/OtdKPD/M1
+2kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDPf8iAC8GXs7s1J8nCG6NC
+MEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6fMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMAoGCCqGSM49BAMDA2cAMGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZ
+Mo7k+5Dck2TOrbRBR2Diz6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdU
+ga/sf+Rn27iQ7t0l
+-----END CERTIFICATE-----
+
+Telekom Security TLS RSA Root 2023
+==================================
+-----BEGIN CERTIFICATE-----
+MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBjMQswCQYDVQQG
+EwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJU
+ZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAyMDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMy
+NzIzNTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJp
+dHkgR21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9cUD/h3VC
+KSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHVcp6R+SPWcHu79ZvB7JPP
+GeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMAU6DksquDOFczJZSfvkgdmOGjup5czQRx
+UX11eKvzWarE4GC+j4NSuHUaQTXtvPM6Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWo
+l8hHD/BeEIvnHRz+sTugBTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9
+FIS3R/qy8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73Jco4v
+zLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg8qKrBC7m8kwOFjQg
+rIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8rFEz0ciD0cmfHdRHNCk+y7AO+oML
+KFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7S
+WWO/gLCMk3PLNaaZlSJhZQNg+y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNV
+HQ4EFgQUtqeXgj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2
+p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQpGv7qHBFfLp+
+sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm9S3ul0A8Yute1hTWjOKWi0Fp
+kzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErwM807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy
+/SKE8YXJN3nptT+/XOR0so8RYgDdGGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4
+mZqTuXNnQkYRIer+CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtz
+aL1txKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+w6jv/naa
+oqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aKL4x35bcF7DvB7L6Gs4a8
+wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+ljX273CXE2whJdV/LItM3z7gLfEdxquVeE
+HVlNjM7IDiPCtyaaEBRx/pOyiriA8A4QntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0
+o82bNSQ3+pCTE4FCxpgmdTdmQRCsu/WU48IxK63nI1bMNSWSs1A=
+-----END CERTIFICATE-----
+
+FIRMAPROFESIONAL CA ROOT-A WEB
+==============================
+-----BEGIN CERTIFICATE-----
+MIICejCCAgCgAwIBAgIQMZch7a+JQn81QYehZ1ZMbTAKBggqhkjOPQQDAzBuMQswCQYDVQQGEwJF
+UzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4
+MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENBIFJPT1QtQSBXRUIwHhcNMjIwNDA2MDkwMTM2
+WhcNNDcwMzMxMDkwMTM2WjBuMQswCQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25h
+bCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFM
+IENBIFJPT1QtQSBXRUIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARHU+osEaR3xyrq89Zfe9MEkVz6
+iMYiuYMQYneEMy3pA4jU4DP37XcsSmDq5G+tbbT4TIqk5B/K6k84Si6CcyvHZpsKjECcfIr28jlg
+st7L7Ljkb+qbXbdTkBgyVcUgt5SjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUk+FD
+Y1w8ndYn81LsF7Kpryz3dvgwHQYDVR0OBBYEFJPhQ2NcPJ3WJ/NS7Beyqa8s93b4MA4GA1UdDwEB
+/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjAdfKR7w4l1M+E7qUW/Runpod3JIha3RxEL2Jq68cgL
+cFBTApFwhVmpHqTm6iMxoAACMQD94vizrxa5HnPEluPBMBnYfubDl94cT7iJLzPrSA8Z94dGXSaQ
+pYXFuXqUPoeovQA=
+-----END CERTIFICATE-----
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem
new file mode 100644
index 000000000..2c2f6d9fb
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem
@@ -0,0 +1,198 @@
+##
+## Deprecated CA Root Certificates
+## Deprecated CA Root Certificates that get appended to 'cacrt_all.pem'
+
+## These certificates have been removed from the newer Mozilla CA certificate store.
+## Refer to https://wiki.mozilla.org/CA/Removed_Certificates for more information.
+
+## These certificates might be removed from ESP-IDF during every major release.
+
+## The current deprecated certificate bundle is up-to-date with the Mozilla cert bundle (cacrt_all.pem) dated Tue Jul  2 03:12:04 2024 GMT
+
+
+Hongkong Post Root CA 1
+=======================
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT
+DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx
+NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n
+IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1
+ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr
+auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh
+qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY
+V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV
+HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i
+h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio
+l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei
+IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps
+T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT
+c4afU9hDDl3WY4JxHYB0yvbiAmvZWg==
+-----END CERTIFICATE-----
+
+E-Tugra Certification Authority
+===============================
+-----BEGIN CERTIFICATE-----
+MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAlRSMQ8w
+DQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamls
+ZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN
+ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMw
+NTEyMDk0OFoXDTIzMDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmEx
+QDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxl
+cmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQD
+DB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA4vU/kwVRHoViVF56C/UYB4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vd
+hQd2h8y/L5VMzH2nPbxHD5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5K
+CKpbknSFQ9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEoq1+g
+ElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3Dk14opz8n8Y4e0ypQ
+BaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcHfC425lAcP9tDJMW/hkd5s3kc91r0
+E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsutdEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gz
+rt48Ue7LE3wBf4QOXVGUnhMMti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAq
+jqFGOjGY5RH8zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn
+rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUXU8u3Zg5mTPj5
+dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6Jyr+zE7S6E5UMA8GA1UdEwEB
+/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBCwUAA4ICAQAFNzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAK
+kEh47U6YA5n+KGCRHTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jO
+XKqYGwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c77NCR807
+VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3+GbHeJAAFS6LrVE1Uweo
+a2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WKvJUawSg5TB9D0pH0clmKuVb8P7Sd2nCc
+dlqMQ1DujjByTd//SffGqWfZbawCEeI6FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEV
+KV0jq9BgoRJP3vQXzTLlyb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gT
+Dx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q0
+8ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0G
+C7TbO6Orb1wdtn7os4I07QZcJA==
+-----END CERTIFICATE-----
+
+E-Tugra Global Root CA RSA v3
+=============================
+-----BEGIN CERTIFICATE-----
+MIIF8zCCA9ugAwIBAgIUDU3FzRYilZYIfrgLfxUGNPt5EDQwDQYJKoZIhvcNAQELBQAwgYAxCzAJ
+BgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVncmEgRUJHIEEuUy4xHTAb
+BgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290
+IENBIFJTQSB2MzAeFw0yMDAzMTgwOTA3MTdaFw00NTAzMTIwOTA3MTdaMIGAMQswCQYDVQQGEwJU
+UjEPMA0GA1UEBxMGQW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRF
+LVR1Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBSU0Eg
+djMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCiZvCJt3J77gnJY9LTQ91ew6aEOErx
+jYG7FL1H6EAX8z3DeEVypi6Q3po61CBxyryfHUuXCscxuj7X/iWpKo429NEvx7epXTPcMHD4QGxL
+sqYxYdE0PD0xesevxKenhOGXpOhL9hd87jwH7eKKV9y2+/hDJVDqJ4GohryPUkqWOmAalrv9c/SF
+/YP9f4RtNGx/ardLAQO/rWm31zLZ9Vdq6YaCPqVmMbMWPcLzJmAy01IesGykNz709a/r4d+ABs8q
+QedmCeFLl+d3vSFtKbZnwy1+7dZ5ZdHPOrbRsV5WYVB6Ws5OUDGAA5hH5+QYfERaxqSzO8bGwzrw
+bMOLyKSRBfP12baqBqG3q+Sx6iEUXIOk/P+2UNOMEiaZdnDpwA+mdPy70Bt4znKS4iicvObpCdg6
+04nmvi533wEKb5b25Y08TVJ2Glbhc34XrD2tbKNSEhhw5oBOM/J+JjKsBY04pOZ2PJ8QaQ5tndLB
+eSBrW88zjdGUdjXnXVXHt6woq0bM5zshtQoK5EpZ3IE1S0SVEgpnpaH/WwAH0sDM+T/8nzPyAPiM
+bIedBi3x7+PmBvrFZhNb/FAHnnGGstpvdDDPk1Po3CLW3iAfYY2jLqN4MpBs3KwytQXk9TwzDdbg
+h3cXTJ2w2AmoDVf3RIXwyAS+XF1a4xeOVGNpf0l0ZAWMowIDAQABo2MwYTAPBgNVHRMBAf8EBTAD
+AQH/MB8GA1UdIwQYMBaAFLK0ruYt9ybVqnUtdkvAG1Mh0EjvMB0GA1UdDgQWBBSytK7mLfcm1ap1
+LXZLwBtTIdBI7zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAImocn+M684uGMQQ
+gC0QDP/7FM0E4BQ8Tpr7nym/Ip5XuYJzEmMmtcyQ6dIqKe6cLcwsmb5FJ+Sxce3kOJUxQfJ9emN4
+38o2Fi+CiJ+8EUdPdk3ILY7r3y18Tjvarvbj2l0Upq7ohUSdBm6O++96SmotKygY/r+QLHUWnw/q
+ln0F7psTpURs+APQ3SPh/QMSEgj0GDSz4DcLdxEBSL9htLX4GdnLTeqjjO/98Aa1bZL0SmFQhO3s
+SdPkvmjmLuMxC1QLGpLWgti2omU8ZgT5Vdps+9u1FGZNlIM7zR6mK7L+d0CGq+ffCsn99t2HVhjY
+sCxVYJb6CH5SkPVLpi6HfMsg2wY+oF0Dd32iPBMbKaITVaA9FCKvb7jQmhty3QUBjYZgv6Rn7rWl
+DdF/5horYmbDB7rnoEgcOMPpRfunf/ztAmgayncSd6YAVSgU7NbHEqIbZULpkejLPoeJVF3Zr52X
+nGnnCv8PWniLYypMfUeUP95L6VPQMPHF9p5J3zugkaOj/s1YzOrfr28oO6Bpm4/srK4rVJ2bBLFH
+IK+WEj5jlB0E5y67hscMmoi/dkfv97ALl2bSRM9gUgfh1SxKOidhd8rXj+eHDjD/DLsE4mHDosiX
+YY60MGo8bcIHX0pzLz/5FooBZu+6kcpSV3uu1OYP3Qt6f4ueJiDPO++BcYNZ
+-----END CERTIFICATE-----
+
+E-Tugra Global Root CA ECC v3
+=============================
+-----BEGIN CERTIFICATE-----
+MIICpTCCAiqgAwIBAgIUJkYZdzHhT28oNt45UYbm1JeIIsEwCgYIKoZIzj0EAwMwgYAxCzAJBgNV
+BAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVncmEgRUJHIEEuUy4xHTAbBgNV
+BAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENB
+IEVDQyB2MzAeFw0yMDAzMTgwOTQ2NThaFw00NTAzMTIwOTQ2NThaMIGAMQswCQYDVQQGEwJUUjEP
+MA0GA1UEBxMGQW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1
+Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBFQ0MgdjMw
+djAQBgcqhkjOPQIBBgUrgQQAIgNiAASOmCm/xxAeJ9urA8woLNheSBkQKczLWYHMjLiSF4mDKpL2
+w6QdTGLVn9agRtwcvHbB40fQWxPa56WzZkjnIZpKT4YKfWzqTTKACrJ6CZtpS5iB4i7sAnCWH/31
+Rs7K3IKjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU/4Ixcj75xGZsrTie0bBRiKWQ
+zPUwHQYDVR0OBBYEFP+CMXI++cRmbK04ntGwUYilkMz1MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjO
+PQQDAwNpADBmAjEA5gVYaWHlLcoNy/EZCL3W/VGSGn5jVASQkZo1kTmZ+gepZpO6yGjUij/67W4W
+Aie3AjEA3VoXK3YdZUKWpqxdinlW2Iob35reX8dQj7FbcQwm32pAAOwzkSFxvmjkI6TZraE3
+-----END CERTIFICATE-----
+
+Security Communication Root CA
+==============================
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
+U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
+HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
+U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw
+8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM
+DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX
+5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd
+DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2
+JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g
+0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a
+mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ
+s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ
+6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi
+FL39vmwLAw==
+-----END CERTIFICATE-----
+
+Autoridad de Certificacion Firmaprofesional CIF A62634068
+=========================================================
+-----BEGIN CERTIFICATE-----
+MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA
+BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw
+QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB
+NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD
+Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P
+B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY
+7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH
+ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI
+plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX
+MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX
+LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK
+bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU
+vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud
+EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH
+DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp
+cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA
+bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx
+ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx
+51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk
+R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP
+T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f
+Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl
+osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR
+crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR
+saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD
+KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi
+6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
+-----END CERTIFICATE-----
+
+GLOBALTRUST 2020
+================
+-----BEGIN CERTIFICATE-----
+MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCQVQx
+IzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVT
+VCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYxMDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAh
+BgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAy
+MDIwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWi
+D59bRatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9ZYybNpyrO
+VPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3QWPKzv9pj2gOlTblzLmM
+CcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPwyJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCm
+fecqQjuCgGOlYx8ZzHyyZqjC0203b+J+BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKA
+A1GqtH6qRNdDYfOiaxaJSaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9OR
+JitHHmkHr96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj04KlG
+DfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9MedKZssCz3AwyIDMvU
+clOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIwq7ejMZdnrY8XD2zHc+0klGvIg5rQ
+mjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1Ud
+IwQYMBaAFNwuH9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA
+VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJCXtzoRlgHNQIw
+4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd6IwPS3BD0IL/qMy/pJTAvoe9
+iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS
+8cE54+X1+NZK3TTN+2/BT+MAi1bikvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2
+HcqtbepBEX4tdJP7wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxS
+vTOBTI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6CMUO+1918
+oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn4rnvyOL2NSl6dPrFf4IF
+YqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+IaFvowdlxfv1k7/9nR4hYJS8+hge9+6jl
+gqispdNpQ80xiEmEU5LAsTkbOYMBMMTyqfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg==
+-----END CERTIFICATE-----
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem
new file mode 100644
index 000000000..3633ed161
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem
@@ -0,0 +1,33 @@
+##
+## Local CA Root Certificates
+##
+## Local CA Root Certificates that gets appended to "cacrt_all.pem"
+
+
+## letsencrypt has generated a cross signed certificate with DST ROOT CA X3
+## for compatibility after the expiry of the certificate.
+## The new certificate has the ISSUER name as DST Root CA X3.
+## Thus, the handshake fails if esp_crt_bundle does not find the
+## respective name in the crt_bundle.
+## Keeping this certificate for compatibility reasons.
+## This will be removed once the cross-signed certificate expires in Sep 2024.
+
+DST Root CA X3
+==============
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK
+ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X
+DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1
+cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT
+rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9
+UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy
+xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d
+utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug
+dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE
+GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw
+RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS
+fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c
new file mode 100644
index 000000000..6e7b625c4
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c
@@ -0,0 +1,1572 @@
+/* esp_crt_bundle.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt  */
+/* Reminder: settings.h pulls in user_settings.h                         */
+/*   Do not explicitly include user_settings.h here.                     */
+#include <wolfssl/wolfcrypt/settings.h>
+
+/* Espressif */
+#include <esp_log.h>
+
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
+#include <wolfssl/wolfcrypt/logging.h>
+
+static const char *TAG = "esp_crt_bundle-wolfssl";
+
+
+#if defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \
+    defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE) && \
+    (CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE == 1)
+
+/* esp_crt_bundle_attach() used by ESP-IDF esp-tls layer.
+ * When there's no bundle selected, but a call is made, return a warning: */
+esp_err_t esp_crt_bundle_attach(void *conf)
+{
+    esp_err_t ret = ESP_OK;
+    ESP_LOGW(TAG, "No certificate bundle was selected");
+    return ret;
+}
+#else
+/* Certificate Bundles are enabled, and something other than NONE selected. */
+#include <wolfssl/internal.h>
+#include <wolfssl/ssl.h>
+
+#include <wolfssl/wolfcrypt/asn.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_CMAKE_REQUIRED_ESP_TLS
+    /* We're already here since CONFIG_ESP_TLS_USING_WOLFSSL is enabled,    */
+    /* but do we have a recent version of wolfSSL CMakeLists.txt to support */
+    /* using wolfSSL in ESP-IDF? If so, include the esp-tls component here: */
+    #include <esp_tls.h> /* needed only for esp_tls_free_global_ca_store()  */
+#endif
+
+/* There's a minimum version of wolfSSL needed for Certificate Bundle Support.
+ *
+ * See the latest code at:
+ * https://github.com/wolfSSL/wolfssl or Managed Components at
+ * https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/
+ */
+#if defined(WOLFSSL_ESPIDF_COMPONENT_VERSION)
+    #if (WOLFSSL_ESPIDF_COMPONENT_VERSION > 0)
+        #define WOLFSSL_ESPIDF_COMPONENT_VERSION_VALID 1
+    #else
+        #define WOLFSSL_ESPIDF_COMPONENT_VERSION_VALID 0
+        #warning "This library depends on a recent version of wolfSSL config"
+    #endif
+#else
+    #warning "This library depends on a recent version of wolfSSL config"
+    #define WOLFSSL_ESPIDF_COMPONENT_VERSION_VALID -1
+#endif
+
+#include <wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h>
+
+/* Bundle debug may come from user_settings.h and/or sdkconfig.h */
+#if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) || \
+    defined(       WOLFSSL_DEBUG_CERT_BUNDLE)
+    /* We'll only locally check this one: */
+    #undef         WOLFSSL_DEBUG_CERT_BUNDLE
+    #define        WOLFSSL_DEBUG_CERT_BUNDLE
+    /* Only display certificate bundle debugging messages when enabled: */
+    #define ESP_LOGCBI ESP_LOGI
+    #define ESP_LOGCBW ESP_LOGW
+    #define ESP_LOGCBV ESP_LOGV
+    /* Always show bundle name debugging when cert bundle debugging. */
+    #define ESP_LOGCBNI ESP_LOGI
+    #define ESP_LOGCBNW ESP_LOGW
+    #define ESP_LOGCBNV ESP_LOGV
+#else
+    /* Only display certificate bundle messages for most verbose setting.
+     * Note that the delays will likely cause TLS connection failures. */
+    #define ESP_LOGCBI ESP_LOGV
+    #define ESP_LOGCBW ESP_LOGV
+    #define ESP_LOGCBV ESP_LOGV
+    /* Optionally debug only certificate bundle names: */
+    /* #define WOLFSSL_DEBUG_CERT_BUNDLE_NAME          */
+    #ifdef WOLFSSL_DEBUG_CERT_BUNDLE_NAME
+        #define ESP_LOGCBNI ESP_LOGI
+        #define ESP_LOGCBNW ESP_LOGW
+        #define ESP_LOGCBNV ESP_LOGV
+    #else
+        #define ESP_LOGCBNI ESP_LOGV
+        #define ESP_LOGCBNW ESP_LOGV
+        #define ESP_LOGCBNV ESP_LOGV
+    #endif
+#endif
+
+#if defined(WOLFSSL_EXAMPLE_VERBOSITY)
+    #define ESP_LOGXI ESP_LOGI
+    #define ESP_LOGXW ESP_LOGW
+    #define ESP_LOGXV ESP_LOGW
+#else
+    #define ESP_LOGXI ESP_LOGV
+    #define ESP_LOGXI ESP_LOGV
+    #define ESP_LOGXI ESP_LOGV
+#endif
+
+#ifndef X509_MAX_SUBJECT_LEN
+    #define X509_MAX_SUBJECT_LEN 255
+#endif
+
+#ifndef CTC_DATE_SIZE
+    #define CTC_DATE_SIZE 32
+#endif
+
+#define IS_WOLFSSL_CERT_BUNDLE_FORMAT
+#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT
+    /* For reference only, the other cert bundles are structured differently!
+     * The others contain only a PARTIAL certificate, along with a name. */
+    #define BUNDLE_HEADER_OFFSET 2
+    #define CRT_HEADER_OFFSET 4
+#else
+    /* Note these are also set in [ESP-IDF]/components/esp-tls/esp_tls_wolfssl.c
+     * to avoid conflicts with other cert bundles that may, in theory,
+     * be enabled concurrently (NOT recommended).
+     *
+     * Ensure they exactly match here: */
+    #define BUNDLE_HEADER_OFFSET 2
+    #define CRT_HEADER_OFFSET 2
+#endif
+
+/* NOTE: Manually edit sort order in gen_crt_bundle.py
+ *
+ * The default is having the bundle pre-sorted in the python script
+ * to allow for rapid binary cert match search at runtime. The unsorted
+ * search ALWAYS works, but when expecting a sorted search the python
+ * script MUST presort the data, otherwise the connection will likely fail.
+ *
+ * When debugging and using an unsorted bundle, define CERT_BUNDLE_UNSORTED
+ * Reminder: the actual sort occurs in gen_crt_bundly.py call from CMake. */
+/* #define CERT_BUNDLE_UNSORTED */
+
+/* Inline cert bundle functions performance hint unless otherwise specified. */
+#ifndef CB_INLINE
+    #define CB_INLINE inline
+#endif
+
+/* A "Certificate Bundle" is this array of [size] + [x509 CA List]
+ * certs that the client trusts: */
+extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_start[]
+                     asm("_binary_x509_crt_bundle_wolfssl_start");
+
+extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_end[]
+                     asm("_binary_x509_crt_bundle_wolfssl_end");
+
+/* This crt_bundle_t type must match other providers in esp-tls from ESP-IDF.
+ * TODO: Move to common header in ESP-IDF. (requires ESP-IDF modification).
+ * For now, it is here: */
+typedef struct crt_bundle_t {
+    const uint8_t **crts;
+    uint16_t num_certs;
+    size_t x509_crt_bundle_wolfssl_len;
+} crt_bundle_t;
+
+static WOLFSSL_X509* store_cert = NULL; /* will point to existing param values*/
+static WOLFSSL_X509* bundle_cert = NULL; /* the iterating cert being reviewed.*/
+
+#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    static const uint8_t **crts = NULL;
+    static uint16_t num_certs = 0;
+#endif
+
+#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle,
+                                             size_t bundle_size);
+static esp_err_t _esp_crt_bundle_is_valid = ESP_FAIL;
+#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */
+
+static crt_bundle_t s_crt_bundle = { 0 };
+static esp_err_t _wolfssl_found_zero_serial = ESP_OK;
+
+static int _cert_bundle_loaded = 0;
+
+static int _crt_found = 0;
+
+static int _added_cert = 0;
+
+static int _need_bundle_cert = 0;
+
+
+/* Returns ESP_OK if there are no zero serial numbers in the bundle,
+ * OR there may be zeros, but */
+static CB_INLINE int wolfssl_found_zero_serial(void)
+{
+    return _wolfssl_found_zero_serial;
+}
+
+/* Returns:
+ *   1 if the cert has a zero serial number
+ *   0 if the cert has a non-zero serial number
+ * < 0 for error wolfssl\wolfcrypt\error-crypt.h values  */
+static CB_INLINE int wolfssl_is_zero_serial_number(const uint8_t *der_cert,
+                                                             int sz)
+{
+    DecodedCert cert;
+    int ret = 0;
+
+    wc_InitDecodedCert(&cert, der_cert, sz, NULL);
+
+    ret = wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
+
+    /* Check the special case of parse error with strict checking. */
+    if ((cert.serialSz == 1) && (cert.serial[0] == 0x0)) {
+        /* If we find a zero serial number, a parse error may still occur. */
+        if (ret == ASN_PARSE_E) {
+            /* Issuer amd subject will only be non-blank with relaxed check */
+            ESP_LOGW(TAG, "Encountered ASN Parse error with zero serial");
+            ESP_LOGCBI(TAG, "Issuer: %s", cert.issuer);
+            ESP_LOGCBI(TAG, "Subject: %s", cert.subject);
+#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) || \
+    defined(       WOLFSSL_NO_ASN_STRICT)
+            ESP_LOGW(TAG, "WOLFSSL_NO_ASN_STRICT enabled. Ignoring error.");
+
+            /* We'll force the return result to one for a "valid"
+             * parsing result, but not strict and found zero serial num. */
+            ret = 1;
+#else
+    #if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) || \
+        defined(       WOLFSSL_ASN_ALLOW_0_SERIAL)
+            /* Issuer amd subject will only be non-blank with relaxed check */
+            ESP_LOGCBW(TAG, "WOLFSSL_ASN_ALLOW_0_SERIAL enabled. "
+                            "Ignoring error.");
+
+            /* We'll force the return result for a "valid" parsing result,
+             * not strict and found zero serial num. */
+            ret = 1;
+    #else
+            ESP_LOGE(TAG, "ERROR: Certificate must have a Serial Number.");
+            ESP_LOGE(TAG, "Define WOLFSSL_NO_ASN_STRICT or "
+                          "WOLFSSL_ASN_ALLOW_0_SERIALto relax checks.");
+            /* ret (Keep ASN_PARSE_E)  */
+    #endif
+#endif
+        } /* special ASN_PARSE_E handling */
+        else {
+            /* Not an ASN Parse Error; the zero configured to be allowed. */
+            ESP_LOGV(TAG, "WARNING: Certificate has no Serial Number.");
+
+            /* If we found a zero, and the result of wc_ParseCert is zero,
+             * we'll return that zero as "cert has a zero serial number". */
+        }
+    }
+    else {
+        ESP_LOGV(TAG, "Not a special case zero serial number.");
+    }
+
+    if (ret > -1) {
+        ESP_LOGV(TAG, "Issuer: %s", cert.issuer);
+        ESP_LOGV(TAG, "Subject: %s", cert.subject);
+        ESP_LOGV(TAG, "Serial Number: %.*s", cert.serialSz, cert.serial);
+    }
+    else {
+        ESP_LOGCBV(TAG, "wolfssl_is_zero_serial_number exit  = %d", ret);
+    }
+
+    /* Clean up and exit */
+    wc_FreeDecodedCert(&cert);
+
+    return ret;
+}
+
+/* API for determining if the wolfSSL cert bundle is loaded. */
+int wolfssl_cert_bundle_loaded(void)
+{
+    return _cert_bundle_loaded;
+}
+
+/* API for determining if the wolfSSL cert bundle is needed. */
+int wolfssl_need_bundle_cert(void)
+{
+    return _need_bundle_cert;
+}
+
+/* Public API wolfSSL_X509_get_cert_items() */
+int wolfSSL_X509_get_cert_items(char* CERT_TAG,
+                                WOLFSSL_X509* cert,
+                                WOLFSSL_X509_NAME** issuer,
+                                WOLFSSL_X509_NAME** subject)
+{
+    char stringVaue[X509_MAX_SUBJECT_LEN + 1];
+#ifdef WOLFSSL_DEBUG_CERT_BUNDLE
+    char before_str[CTC_DATE_SIZE];
+    char after_str[CTC_DATE_SIZE];
+    WOLFSSL_ASN1_TIME *notBefore = NULL, *notAfter = NULL;
+#endif
+    int ret = WOLFSSL_SUCCESS; /* Not ESP value! Success = 1, fail = 0 */
+
+    *issuer  = wolfSSL_X509_get_issuer_name(cert);
+    if (wolfSSL_X509_NAME_oneline(*issuer,
+                                  stringVaue, sizeof(stringVaue)) == NULL) {
+        ESP_LOGE(TAG, "%s Error converting subject name to string.", CERT_TAG);
+        ret = WOLFSSL_FAILURE;
+    }
+    else {
+        ESP_LOGCBI(TAG, "%s Store Cert Issuer: %s", CERT_TAG, stringVaue);
+    }
+
+    *subject = wolfSSL_X509_get_subject_name(cert);
+    if (wolfSSL_X509_NAME_oneline(*subject,
+                                  stringVaue, sizeof(stringVaue)) == NULL) {
+        ESP_LOGE(TAG, "%s Error converting subject name to string.", CERT_TAG);
+        ret = WOLFSSL_FAILURE;
+    }
+    else {
+        ESP_LOGCBI(TAG, "%s Store Cert Subject: %s", CERT_TAG, stringVaue );
+    }
+
+#ifdef WOLFSSL_DEBUG_CERT_BUNDLE
+    notBefore = wolfSSL_X509_get_notBefore(cert);
+    if (wolfSSL_ASN1_TIME_to_string(notBefore, before_str,
+                                    sizeof(before_str)) == NULL) {
+        ESP_LOGCBW(TAG, "%s Not Before value not valid", CERT_TAG);
+    }
+    else {
+        ESP_LOGCBI(TAG, "%s Not Before: %s", CERT_TAG, before_str);
+    }
+
+    esp_show_current_datetime();
+
+    notAfter = wolfSSL_X509_get_notAfter(cert);
+    if (wolfSSL_ASN1_TIME_to_string(notAfter, after_str,
+                                    sizeof(after_str)) == NULL) {
+        ESP_LOGCBW(TAG, "%s Not After value not valid", CERT_TAG);
+    }
+    else {
+        ESP_LOGCBI(TAG, "%s Not After: %s", CERT_TAG, after_str);
+    }
+
+#endif
+
+    return ret;
+} /* wolfSSL_X509_show_cert */
+
+
+/*
+ * cert_manager_load()
+ *
+ * returns preverify value.
+ *
+ * WARNING: It is the caller's responsibility to confirm the der cert should be
+ *          added. (Typically during a callback error override).
+ *
+ * Verify Callback Arguments:
+ * preverify:           1=Verify Okay, 0=Failure
+ * store->error:        Failure error code (0 indicates no failure)
+ * store->current_cert: Current WOLFSSL_X509 object (only with OPENSSL_EXTRA)
+ * store->error_depth:  Current Index
+ * store->domain:       Subject CN as string (null term)
+ * store->totalCerts:   Number of certs presented by peer
+ * store->certs[i]:     A `WOLFSSL_BUFFER_INFO` with plain DER for each cert
+ * store->store:        WOLFSSL_X509_STORE with CA cert chain
+ * store->store->cm:    WOLFSSL_CERT_MANAGER
+ * store->ex_data:      The WOLFSSL object pointer
+ * store->discardSessionCerts: When set to non-zero value session certs
+                               will be discarded (only with SESSION_CERTS) */
+static CB_INLINE int cert_manager_load(int preverify,
+                                       WOLFSSL_X509_STORE_CTX* store,
+                                       const unsigned char * der, long derSz)
+{
+    int ret;
+    WOLFSSL_CERT_MANAGER* cm = NULL; /* points to wolfSSL cm, no cleanup need */
+    WOLFSSL_X509_NAME *issuer = NULL;
+    WOLFSSL_X509_NAME *subject = NULL;
+
+    WOLFSSL_X509* peer = NULL; /* points to wolfSSL cm store, no cleanup need */
+
+    if (der == NULL) {
+        ESP_LOGE(TAG, "cert_manager_load der is null");
+        return 0; /* preverify */
+    }
+
+    if (store == NULL) {
+        ESP_LOGE(TAG, "cert_manager_load store is null");
+        return 0; /* preverify */
+    }
+
+    if (store->current_cert == NULL) {
+        ESP_LOGE(TAG, "cert_manager_load store->current_cert is null");
+        return 0; /* preverify */
+    }
+
+    cm = store->store->cm;
+    peer = store->current_cert;
+    wolfSSL_X509_get_cert_items("peer", peer, &issuer, &subject);
+
+    /* It is the caller's responsibility to check conditions to add cert. */
+    if ((preverify == 0)  && (store->error == ASN_NO_SIGNER_E)) {
+        ESP_LOGCBI(TAG, "Confirmed call for ASN_NO_SIGNER_E");
+    }
+    else {
+        ESP_LOGW(TAG, "Warning: calling for non ASN_NO_SIGNER_E error.");
+    }
+
+    /* Some interesting cert bundle debug details: */
+    ESP_LOGCBI(TAG, "Cert %d:\n\tIssuer: %s\n\tSubject: %s\n",
+        store->error_depth,
+        issuer->name != NULL ? issuer->name : "[none]",
+        subject->name != NULL ? subject->name : "[none]");
+
+    /* Load the der cert to Certificate Manager:*/
+    ret = wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
+                                          WOLFSSL_FILETYPE_ASN1);
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Attempt to validate the certificate again */
+        ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
+            WOLFSSL_FILETYPE_ASN1);
+
+        if (ret == WOLFSSL_SUCCESS) {
+            ESP_LOGCBI(TAG, "Successfully validated cert: %s\n", subject->name);
+
+            /* If verification is successful then override error. */
+            preverify = 1;
+        }
+        else {
+            ESP_LOGE(TAG, "Failed to verify cert after loading new CA. "
+                          "err = %d", ret);
+        }
+    }
+    else {
+        ESP_LOGE(TAG, "Failed to load CA");
+    }
+
+    /* We don't free the issue and subject, as they are
+     * pointers to current store->current_cert values. */
+    return preverify;
+}
+
+/* Not a Best Practice, but in dev one can ignore cert date/time: */
+#if defined(WOLFSSL_DEBUG_CERT_BUNDLE) && defined(WOLFSSL_DEBUG_IGNORE_ASN_TIME)
+static CB_INLINE int wolfssl_ssl_conf_verify_cb_before_date(int preverify,
+                                                WOLFSSL_X509_STORE_CTX* store)
+{
+    if (store == NULL) {
+        ESP_LOGE(TAG, "wolfssl_ssl_conf_verify_cb_before_date store is null");
+        preverify = 0;
+    }
+    else if ((preverify == 0) && (store->error == ASN_BEFORE_DATE_E)) {
+        ESP_LOGW(TAG, "Overriding ASN_BEFORE_DATE_E!");
+        preverify = 1;
+    }
+
+    return preverify;
+}
+
+static CB_INLINE int wolfssl_ssl_conf_verify_cb_after_date(int preverify,
+                                                WOLFSSL_X509_STORE_CTX* store)
+{
+    if (store == NULL) {
+        ESP_LOGE(TAG, "wolfssl_ssl_conf_verify_cb_after_date store is null");
+        preverify = 0;
+    }
+    else if ((preverify == 0) && (store->error == ASN_AFTER_DATE_E)) {
+        ESP_LOGW(TAG, "Overriding ASN_AFTER_DATE_E!");
+        preverify = 1;
+    }
+
+    return preverify;
+}
+#endif /* WOLFSSL_DEBUG_CERT_BUNDLE && WOLFSSL_DEBUG_IGNORE_ASN_TIME */
+
+#ifdef CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
+void print_cert_subject_and_issuer(WOLFSSL_X509_STORE_CTX* store)
+{
+    char subjectStr[X509_MAX_SUBJECT_LEN + 1];
+    char issuerStr[X509_MAX_SUBJECT_LEN + 1];
+    WOLFSSL_BUFFER_INFO buffer;
+    WOLFSSL_X509_NAME* subject;
+    WOLFSSL_X509_NAME* issuer;
+    WOLFSSL_X509* cert;
+    int totalCerts;
+    int i;
+
+    if (store == NULL) {
+        ESP_LOGCBI(TAG, "store is NULL");
+        totalCerts = 0;
+    }
+    else {
+        totalCerts = store->totalCerts;
+    }
+
+    for (i = 0; i < totalCerts; i++) {
+        buffer = store->certs[i];
+        cert = wolfSSL_X509_d2i(NULL,
+                                            (const unsigned char*)buffer.buffer,
+                                              buffer.length);
+        if (cert == NULL) {
+            ESP_LOGCBI(TAG, "Failed to parse certificate at index %d\n", i);
+            continue;
+        }
+
+        subject = wolfSSL_X509_get_subject_name(cert);
+        issuer = wolfSSL_X509_get_issuer_name(cert);
+
+        if (subject != NULL && issuer != NULL) {
+            wolfSSL_X509_NAME_oneline(subject, subjectStr, sizeof(subjectStr));
+            wolfSSL_X509_NAME_oneline(issuer, issuerStr, sizeof(issuerStr));
+
+            ESP_LOGCBI(TAG, "Certificate at index %d:\n", i);
+            ESP_LOGCBI(TAG, "  Subject: %s\n", subjectStr);
+            ESP_LOGCBI(TAG, "  Issuer: %s\n", issuerStr);
+        }
+        else {
+            ESP_LOGCBI(TAG, "Failed to extract subject or issuer at index "
+                            "%d\n", i);
+        }
+
+        /* Clean up and exit */
+        wolfSSL_X509_free(cert);
+    }
+} /* print_cert_subject_and_issuer */
+#endif
+
+/* wolfssl_ssl_conf_verify_cb_no_signer() should only be called
+ *  from wolfssl_ssl_conf_verify_cb, handling the special case of
+ *  TLS handshake preverify failure for the "No Signer" condition. */
+static CB_INLINE int wolfssl_ssl_conf_verify_cb_no_signer(int preverify,
+                                                 WOLFSSL_X509_STORE_CTX* store)
+{
+    char subjectName[X509_MAX_SUBJECT_LEN + 1];
+
+    const unsigned char* cert_data = NULL;
+    const unsigned char* cert_bundle_data = NULL;
+
+    WOLFSSL_X509_NAME* store_cert_subject = NULL; /* part of store_cert*/
+    WOLFSSL_X509_NAME* store_cert_issuer = NULL;  /* part of store_cert*/
+    WOLFSSL_X509_NAME* this_subject = NULL;     /* part of bundle_cert.*/
+    WOLFSSL_X509_NAME* this_issuer = NULL;      /* part of bundle_cert.*/
+
+    intptr_t this_addr = 0; /* Beginning of the bundle object: [size][cert]  */
+    int derCertLength = 0; /* The [size] value: length of [cert] budnle item */
+    int cmp_res = 0;
+    int last_cmp = -1;
+
+    int start = 0;  /* Beginning of search; only changes if binary search.   */
+    int end = 0;    /* End of bunndle search; only changes if binary search. */
+    int middle = 0; /* Middle value for binary search, otherwise increments. */
+
+#ifdef WOLFSSL_ALT_CERT_CHAINS
+    WOLFSSL_BUFFER_INFO buffer;
+#endif
+#ifdef CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
+    WOLFSSL_STACK* chain;
+    int numCerts;
+#endif
+
+    int ret = WOLFSSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfssl_ssl_conf_verify_cb_no_signer");
+    ESP_LOGCBI(TAG, "\n\nBegin callback: "
+                    "wolfssl_ssl_conf_verify_cb_no_signer\n");
+
+    /* Debugging section for viewing preverify values. */
+#ifndef NO_SKIP_PREVIEW
+    if (preverify == WOLFSSL_SUCCESS) {
+        ESP_LOGCBI(TAG, "Success: Detected prior Pre-verification == 1.");
+        /* So far, so good... we need to now check cert against alt */
+    }
+    else {
+        ESP_LOGCBW(TAG, "Detected prior Pre-verification Failure.");
+    }
+#else
+    /* Skip pre-verification, so we'll start with success. */
+    ret = WOLFSSL_SUCCESS;
+#endif
+
+    /* Check how many CA Certs in our bundle. Need at least one to proceed. */
+    if (ret == WOLFSSL_SUCCESS) {
+        if (s_crt_bundle.crts == NULL) {
+            ESP_LOGE(TAG, "No certificates in bundle.");
+            ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ESP_LOGCBI(TAG, "%d certificates in bundle.",
+                            s_crt_bundle.num_certs);
+            ret = WOLFSSL_SUCCESS;
+        }
+    }
+
+    /* Get the current cert from the store. */
+    if (ret == WOLFSSL_SUCCESS) {
+        /* Get the current certificate being verified during the certificate
+         * chain validation process. */
+#ifdef OPENSSL_EXTRA
+    #ifdef WOLFSSL_ALT_CERT_CHAINS
+            /*  Retrieve the last WOLFSSL_BUFFER_INFO struct with alt chains */
+            buffer = store->certs[store->totalCerts - 1];
+            store_cert = wolfSSL_X509_d2i(NULL,
+                                          (const unsigned char*)buffer.buffer,
+                                          buffer.length);
+    #else
+            store_cert = wolfSSL_X509_STORE_CTX_get_current_cert(store);
+    #endif
+
+    #ifdef CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
+        chain = wolfSSL_X509_STORE_CTX_get_chain(store);
+        numCerts = wolfSSL_sk_X509_num(chain);
+        if (!chain) {
+            numCerts = 0; /* Verification failed. */
+        }
+        ESP_LOGI(TAG, "Number of certificates in chain: %d", numCerts);
+        print_cert_subject_and_issuer(store);
+    #endif
+#else
+        store_cert = store->current_cert;
+#endif
+        if (store_cert == NULL) {
+            ESP_LOGE(TAG, "Failed to get current certificate.\n");
+            ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ret = WOLFSSL_SUCCESS;
+        }
+    } /* this (ret == WOLFSSL_SUCCESS) step to get cert from store */
+
+
+    /* Get the target name and subject from the current_cert(store) */
+    if (ret == WOLFSSL_SUCCESS) {
+        store_cert_subject = wolfSSL_X509_get_subject_name(store_cert);
+        if (wolfSSL_X509_NAME_oneline(store_cert_subject, subjectName,
+                                      sizeof(subjectName)) == NULL) {
+            ESP_LOGE(TAG, "Error converting subject name to string.");
+            ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ESP_LOGCBNI(TAG, "Store Cert Subject: %s", subjectName );
+        }
+        store_cert_issuer = wolfSSL_X509_get_issuer_name(store_cert);
+        if (store_cert_issuer == NULL) {
+            ESP_LOGE(TAG, "Error converting Store Cert Issuer to string");
+            ret = WOLFSSL_FAILURE;
+        }
+        else {
+            ESP_LOGCBI(TAG, "Store Cert Issuer:  %s", store_cert_issuer->name );
+        }
+    }
+
+    /* When the server presents its certificate, the client checks if this
+     * certificate can be traced back to one of the CA certificates in the
+     * bundle.
+     *
+     * NOTE: To save memory, the store `cert` from above is overwritten below.
+     * Any details needed from the store `cert` should have been saved.
+     *
+     * We'll proceed by assigning `cert` to each of the respective items in
+     * bundle as we attempt to find the desired cert: */
+    if (ret == WOLFSSL_SUCCESS) {
+        _cert_bundle_loaded = 1;
+        start = 0;
+        if (s_crt_bundle.num_certs > 0) {
+            end = s_crt_bundle.num_certs - 1;
+        }
+        else {
+            ESP_LOGCBW(TAG, "The certificate bundle is empty.");
+            end = -1;
+        }
+
+#ifndef CERT_BUNDLE_UNSORTED
+        /* When sorted (not unsorted), binary search: */
+        middle = (end - start) / 2;
+#else
+        /* When not sorted, we start at beginning and look at each: */
+        ESP_LOGCBW(TAG, "Looking at CA indexed. Start = %d, end = %d",
+                         start, end);
+        middle = 0;
+#endif
+        /* Look for the certificate searching on subject name: */
+        while (start <= end) {
+#ifndef CERT_BUNDLE_UNSORTED
+            ESP_LOGCBNW(TAG, "Looking at CA #%d; Binary Search start = %d,"
+                            "end = %d", middle, start, end);
+#else
+            ESP_LOGCBNW(TAG, "Looking at CA index #%d", middle);
+#endif
+#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT
+            /* For reference only */
+            name_len = s_crt_bundle.crts[middle][0] << 8 |
+                       s_crt_bundle.crts[middle][1];
+            crt_name = s_crt_bundle.crts[middle] + CRT_HEADER_OFFSET;
+            ESP_LOGI(TAG, "String: %.*s", name_len, crt_name);
+            int cmp_res =  memcmp(subject, crt_name, name_len);
+#else
+            /* Each cert length should have been saved via python script: */
+            derCertLength = (s_crt_bundle.crts[middle][0] << 8) |
+                             s_crt_bundle.crts[middle][1];
+            this_addr = (intptr_t)s_crt_bundle.crts[middle];
+            ESP_LOGCBI(TAG, "This addr = 0x%x", this_addr);
+
+            cert_data = (const unsigned char*)(this_addr + CRT_HEADER_OFFSET);
+
+            if (wolfssl_is_zero_serial_number(cert_data, derCertLength)) {
+                ESP_LOGW(TAG, "Warning: No Certificate Serial Number: "
+                              "for Certificate #%d", middle);
+            }
+
+            ESP_LOGCBI(TAG, "s_crt_bundle ptr = 0x%x", (intptr_t)cert_data);
+            ESP_LOGCBI(TAG, "derCertLength    = %d", derCertLength);
+
+            /* Convert the DER format in the Cert Bundle to x509.
+             * Reminder: Cert PEM files converted to DER by gen_crt_bundle.py */
+            cert_bundle_data = cert_data; /* wolfSSL_d2i_X509 changes address */
+
+            /* Ensure we don't keep adding new bundle_certs to the heap. */
+            if (bundle_cert != NULL) {
+                wolfSSL_X509_free(bundle_cert);
+            }
+            bundle_cert = wolfSSL_d2i_X509(NULL, &cert_bundle_data,
+                                                  derCertLength);
+
+            if (bundle_cert == NULL) {
+                ESP_LOGE(TAG, "Error loading DER Certificate Authority (CA)"
+                              "from bundle #%d.", middle);
+        #if !defined(WOLFSSL_NO_ASN_STRICT) && \
+            !defined(WOLFSSL_ASN_ALLOW_0_SERIAL)
+                /* Suggestion only when relevant: */
+                if (wolfssl_found_zero_serial()) {
+                    ESP_LOGE(TAG, "Try turning on WOLFSSL_NO_ASN_STRICT "
+                                  "or WOLFSSL_ASN_ALLOW_0_SERIAL");
+                }
+        #endif
+                ret = WOLFSSL_FAILURE;
+            }
+            else {
+                ESP_LOGCBI(TAG, "Successfully loaded DER certificate!");
+                ret = WOLFSSL_SUCCESS;
+            }
+
+            if (ret == WOLFSSL_SUCCESS) {
+                this_issuer = wolfSSL_X509_get_issuer_name(bundle_cert);
+                if (this_issuer == NULL) {
+                    ESP_LOGE(TAG, "Error getting issuer name.");
+                    ret = WOLFSSL_FAILURE;
+                }
+                else {
+                    ESP_LOGCBNI(TAG, "This Bundle Item Issuer Name:  %s",
+                                  this_issuer->name);
+                }
+
+                this_subject = wolfSSL_X509_get_subject_name(bundle_cert);
+                if (this_subject == NULL) {
+                    ESP_LOGE(TAG, "Error getting subject name.");
+                    ret = WOLFSSL_FAILURE;
+                }
+                else {
+                    if (wolfSSL_X509_NAME_oneline(this_subject, subjectName,
+                                                 sizeof(subjectName)) == NULL) {
+                        ESP_LOGE(TAG, "Error converting subject name "
+                                      "to string.");
+                        ret = WOLFSSL_FAILURE;
+                    }
+                    ESP_LOGCBI(TAG, "This Bundle Item Subject Name: %s",
+                                   subjectName);
+                }
+            }
+
+            /* subject == issuer */
+            if (ret == WOLFSSL_SUCCESS) {
+                /* Compare the current store cert issuer saved above, to the
+                 * current one being inspected in the bundle loop. We want to
+                 * match this bundle item issuer with the store certificate
+                 * subject name, as later we'll call wolfSSL_X509_check_issued()
+                 * which compares these fields. */
+
+                cmp_res = strcmp(this_subject->name,
+                                 store_cert_issuer->name);
+                last_cmp = cmp_res; /* in case we have to skip an item, save */
+            }
+            else {
+                ESP_LOGCBW(TAG, "Skipping CA #%d due to failure", middle);
+                cmp_res = last_cmp;
+            }
+    #ifdef CERT_BUNDLE_UNSORTED
+            if (cmp_res != last_cmp) {
+                ESP_LOGE(TAG, "Warning: unsorted!");
+            }
+    #endif
+#endif
+            ESP_LOGCBV(TAG, "This cmp_res = %d", cmp_res);
+            if (cmp_res == 0) {
+                ESP_LOGCBI(TAG, "Found a cert issuer match: %s",
+                                this_issuer->name);
+                _crt_found = 1;
+                break;
+            }
+
+            /* The next indexed cert item to look at: [middle] value: */
+#ifndef CERT_BUNDLE_UNSORTED
+            /* If the list is presorted, we can use a binary search. */
+            else if (cmp_res < 0) {
+                start = middle + 1;
+            }
+            else {
+                end = middle - 1;
+            }
+            middle = start + ((end - start) / 2);
+#else
+            /* When the list is NOT presorted, typically during debugging,
+             * just step though in the order found until one is found: */
+            else {
+                middle++;
+                start = middle;
+            }
+#endif
+            ESP_LOGCBV(TAG, "Item = %d; start: %d, end: %d",
+                             middle, start, end);
+            if (!_crt_found) {
+                /* this_issuer and this_subject are parts of this bundle_cert
+                 * so we don't need to clean them up explicitly.
+                 *
+                 * However, we'll start over with a freash bundle_cert for the
+                 * next search iteration. */
+                if (bundle_cert != NULL) {
+                    wolfSSL_X509_free(bundle_cert);
+                }
+                bundle_cert = wolfSSL_X509_new();
+            }
+        } /* while (start <= end) */
+
+        /************************* END Bundle Search. *************************/
+
+        /* After searching the bundle for an appropriate CA, if found then
+         * load into the provided cert manager. */
+        if (_crt_found) {
+            ESP_LOGCBW(TAG, "Found a Matching Certificate Name in the bundle!");
+            ret = cert_manager_load(preverify, store, cert_data, derCertLength);
+            if (ret == WOLFSSL_FAILURE) {
+                ESP_LOGW(TAG, "Warning: found a matching cert, but not added "
+                              "to the Certificate Manager. error: %d", ret);
+            }
+            else {
+                ESP_LOGCBI(TAG, "New CA added to the Certificate Manager.");
+            }
+        }
+        else {
+            ESP_LOGCBW(TAG, "Matching Certificate Name not found in bundle!");
+            ret = WOLFSSL_FAILURE;
+        } /* crt search result */
+
+        if ((_crt_found == 1) && (ret == WOLFSSL_SUCCESS)) {
+#ifdef WOLFSSL_ALT_CERT_CHAINS
+            /* Store verify will fail when alt certs enabled. */
+            ESP_LOGCBI(TAG, "Skipping pre-update store verify with "
+                            "WOLFSSL_ALT_CERT_CHAINS enabled.");
+#else
+            /* Unlikely to work without alt cert chains, try to verify: */
+            ret = wolfSSL_X509_verify_cert(store);
+            if (ret == WOLFSSL_SUCCESS) {
+                ESP_LOGCBI(TAG, "Successfully verified store before "
+                                "making changes");
+            }
+            else {
+                ESP_LOGE(TAG, "Failed to verify store before making changes! "
+                              "ret = %d", ret);
+            }
+#endif
+
+#if defined(OPENSSL_EXTRA)
+            ESP_LOGCBI(TAG, "Checking wolfSSL_X509_check_issued(bundle_cert, "
+                            "store_cert)");
+            if (store_cert && wolfSSL_X509_check_issued(bundle_cert,
+                                                     store_cert) == X509_V_OK) {
+                ESP_LOGCBI(TAG, "wolfSSL_X509_check_issued == X509_V_OK");
+
+            }
+            else {
+                /* This is ok, we may have others */
+                ESP_LOGCBI(TAG, "wolfSSL_X509_check_issued failed. "
+                                "(there may be others)");
+            }
+#else
+            ESP_LOGW(TAG, "Warning: skipping wolfSSL_X509_check_issued, "
+                          "OPENSSL_EXTRA not enabled.");
+#endif
+
+            if (_added_cert == 0) {
+                /* Is this a CA or Leaf? */
+                if (bundle_cert->isCa == 1) {
+                        ESP_LOGCBI(TAG, "Adding Certificate Authority.");
+                    }
+                else {
+                        ESP_LOGCBW(TAG, "Warning: Adding end-entity leaf "
+                                        "certificate.");
+                }
+
+                /* Note that although we are adding a certificate to the store
+                 * now, it is too late to be used in the current TLS connection
+                 * that caused the callback. See the Cerfiicate Manager for
+                 * validation and possible overriding of preverify values. */
+                ESP_LOGCBI(TAG, "\n\nAdding Cert for Certificate Store!\n");
+                ret = wolfSSL_X509_STORE_add_cert(store->store, bundle_cert);
+                if (ret == WOLFSSL_SUCCESS) {
+                    ESP_LOGCBI(TAG, "Successfully added cert to wolfSSL "
+                                    "Certificate Store!");
+                    _added_cert = 1;
+                }
+                else {
+                    ESP_LOGE(TAG, "Failed to add cert to store! ret = %d", ret);
+                    ret = WOLFSSL_FAILURE;
+                }
+            }
+            else {
+                ESP_LOGCBI(TAG, "Already added a matching cert!");
+            } /* _added_cert */
+
+#ifdef WOLFSSL_ALT_CERT_CHAINS
+            /* Store verify will fail when alt certs enabled. */
+            ESP_LOGCBI(TAG, "Skipping post-update store verify with "
+                            "WOLFSSL_ALT_CERT_CHAINS enabled.");
+#else
+            ESP_LOGCBI(TAG, "wolfSSL_X509_verify_cert(store)");
+            ret = wolfSSL_X509_verify_cert(store);
+            if (ret == WOLFSSL_SUCCESS) {
+                ESP_LOGCBI(TAG, "Successfully verified cert in updated store!");
+            }
+            else {
+                ESP_LOGE(TAG, "Failed to verify cert in updated store! "
+                              "ret = %d", ret);
+                ret = WOLFSSL_FAILURE;
+            }
+#endif
+        } /* crt_found */
+        else {
+            ESP_LOGE(TAG, "Did not find a matching crt");
+            ret = WOLFSSL_FAILURE;
+        }
+    } /* Did not find a cert */
+    else {
+        /* not successful, so return zero for failure. */
+        ret = WOLFSSL_FAILURE;
+    } /* Failed to init, didn't even try to search. */
+
+
+    /* Clean up and exit */
+    if ((_crt_found == 0) && (bundle_cert != NULL)) {
+        ESP_LOGW(TAG, "Cert not found, free bundle_cert");
+        wolfSSL_X509_free(bundle_cert);
+        bundle_cert = NULL;
+        /* this_subject and this_issuer are pointers into cert used.
+         * Don't free if the cert was found. */
+        wolfSSL_X509_NAME_free(this_subject);
+        this_subject = NULL;
+        wolfSSL_X509_NAME_free(this_issuer);
+        this_issuer = NULL;
+    }
+
+    /* We don't clean up the store_cert and x509 as we are in a callback,
+     * and it is just a pointer into the actual ctx store cert.
+     *
+     * See wolfSSL_bundle_cleanup() called after connection completed. */
+    ESP_LOGCBI(TAG, "Exit wolfssl_ssl_conf_verify_cb ret = %d", ret);
+
+    WOLFSSL_LEAVE( "wolfssl_ssl_conf_verify_cb complete", ret);
+
+    return ret; /* preverify */
+}
+
+/* wolfssl_ssl_conf_verify_cb()
+ *   for reference:
+ *     typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
+ *
+ * This is the callback for TLS handshake verify / validation. See related:
+ *   wolfssl_ssl_conf_verify_cb_no_signer
+ *   wolfssl_ssl_conf_verify_cb_before_date
+ *   wolfssl_ssl_conf_verify_cb_after_date
+ *
+ * This callback is called FOR EACH cert in the store.
+ * Not all certs in the store will have a match for a cert in the bundle,
+ * but we NEED ONE to match when a preverify error occurs.
+ *
+ * See wolfssl_ssl_conf_verify() for setting callback to this function.
+ * Typically set when calling esp_crt_bundle_attach(). Specifically:
+ *    cfg->crt_bundle_attach(&tls->conf) in esp_tls_wolfssl.c
+ *    from the ESP-IDF esp-tls component.
+ *
+ * See esp_tls.h file: esp_err_t (*crt_bundle_attach)(void *conf)
+ *   and initialization in esp_transport_ssl_crt_bundle_attach
+ *       from the tcp_transport component: (transport_ssl.c)
+ *
+ * Functions in esp_crt_bundle are same names as other providers and
+ * gated in as appropriate when enabling CONFIG_ESP_TLS_USING_WOLFSSL.
+ *
+ * Note the wolfSSL component CMakeLists.txt *MUST* be properly linked in the
+ * file to be used within the ESP-IDF. Something like this:
+ *
+ *   target_link_libraries(${COMPONENT_LIB} PUBLIC ${wolfssl})
+ *
+ * Returns:
+ * 0 if the verification process should stop immediately with an error.
+ * 1 if the verification process should continue with the rest of handshake. */
+static CB_INLINE int wolfssl_ssl_conf_verify_cb(int preverify,
+                                      WOLFSSL_X509_STORE_CTX* store)
+{
+#ifdef WOLFSSL_DEBUG_CERT_BUNDLE
+    char before_str[CTC_DATE_SIZE];
+    char after_str[CTC_DATE_SIZE];
+    WOLFSSL_ASN1_TIME *notBefore = NULL;
+    WOLFSSL_ASN1_TIME *notAfter = NULL;
+
+    int initial_preverify;
+    initial_preverify = preverify;
+
+    if (store == NULL) {
+        ESP_LOGCBW(TAG, "wolfssl_ssl_conf_verify_cb store is Null. Abort");
+        return initial_preverify;
+    }
+
+    /* Show the interesting preverify & error state upon entry to callback. */
+    if (preverify == 1) {
+        ESP_LOGCBI(TAG, "preverify == 1\n");
+    }
+    else {
+        ESP_LOGCBW(TAG, "preverify == %d\n", preverify);
+    }
+
+    if (store->error == 0) {
+        ESP_LOGCBI(TAG, "store->error == 0");
+    }
+    else {
+        ESP_LOGCBW(TAG, "store->error: %d", store->error);
+    }
+
+    notBefore = wolfSSL_X509_get_notBefore(store->current_cert);
+    if (wolfSSL_ASN1_TIME_to_string(notBefore, before_str,
+                                    sizeof(before_str)) == NULL) {
+        ESP_LOGCBW(TAG, "Not Before value not valid");
+    }
+    else {
+        ESP_LOGCBI(TAG, "Not Before: %s", before_str);
+    }
+
+    esp_show_current_datetime();
+
+    notAfter = wolfSSL_X509_get_notAfter(store->current_cert);
+    if (wolfSSL_ASN1_TIME_to_string(notAfter, after_str,
+                                    sizeof(after_str)) == NULL) {
+        ESP_LOGCBW(TAG, "Not After value not valid");
+    }
+    else {
+        ESP_LOGCBI(TAG, "Not After: %s", after_str);
+    }
+#endif
+
+    /* One possible condition is the error "Failed to find signer".
+     * This is where we search the bundle for a matching needed CA cert. */
+    if ((preverify == 0) && (store->error == ASN_NO_SIGNER_E)) {
+        ESP_LOGCBW(TAG, "Setting _need_bundle_cert!");
+        _need_bundle_cert = 1;
+
+        preverify = wolfssl_ssl_conf_verify_cb_no_signer(preverify, store);
+    }
+
+    /* Another common issue is the date/timestamp.
+     * During debugging, we can ignore cert ASN before/after limits: */
+#if defined(WOLFSSL_DEBUG_CERT_BUNDLE) && defined(WOLFSSL_DEBUG_IGNORE_ASN_TIME)
+    esp_show_current_datetime();
+
+    if ((preverify == 0) && (store->error == ASN_BEFORE_DATE_E)) {
+        preverify = wolfssl_ssl_conf_verify_cb_before_date(preverify, store);
+    }
+
+    if ((preverify == 0) && (store->error == ASN_AFTER_DATE_E)) {
+        preverify = wolfssl_ssl_conf_verify_cb_after_date(preverify, store);
+    }
+#endif
+
+    /* Insert any other callback handlers here. */
+
+#ifdef WOLFSSL_DEBUG_CERT_BUNDLE
+    /* When debugging, show if have we resolved any error. */
+    if (preverify == 1) {
+        ESP_LOGCBI(TAG, "Returning preverify == 1\n");
+        if (preverify != initial_preverify) {
+            /* Here we assume wolfssl_ssl_conf_verify_cb_no_signer
+             * properly found and validated the problem: such as
+             * a new cert from the bundled needed for signing. */
+            ESP_LOGCBW(TAG, "Callback overriding error initial preverify = %d, "
+                            "returning preverify = %d",
+                            initial_preverify, preverify );
+        }
+    }
+    else {
+        ESP_LOGCBW(TAG, "Warning; returning preverify == %d\n", preverify);
+    }
+#endif
+
+    return preverify;
+} /* wolfssl_ssl_conf_verify_cb */
+
+/* wolfssl_ssl_conf_verify() patterned after ESP-IDF.
+ * Used locally here only. Not used directly by esp-tls.
+ *
+ * This is typically called during esp_crt_bundle_attach() in
+ * *this* file, which has same-name functions gated with the macro:
+ *   CONFIG_ESP_TLS_USING_WOLFSSL
+ *
+ * See also ESP-IDF transport_ssl component. */
+void CB_INLINE wolfssl_ssl_conf_verify(wolfssl_ssl_config *conf,
+                             int (*f_vrfy) WOLFSSL_X509_VERIFY_CALLBACK,
+                             void (*p_vrfy) )
+{
+    /* Other Cryptographic providers for reference:
+    conf->f_vrfy      = f_vrfy;  (verification function callback)
+    conf->p_vrfy      = p_vrfy;  (pre-verification value)
+    */
+
+    /* typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); */
+    wolfSSL_CTX_set_verify( (WOLFSSL_CTX *)(conf->priv_ctx),
+                            WOLFSSL_VERIFY_PEER, wolfssl_ssl_conf_verify_cb);
+}
+
+/* esp_crt_verify_callback() patterned after ESP-IDF.
+ * Used locally here only. Not used directly by esp-tls.
+ *
+ * This callback is called for every certificate in the chain. If the chain
+ * is proper each intermediate certificate is validated through its parent
+ * in the x509_crt_verify_chain() function. So this callback should
+ * only verify the first untrusted link in the chain is signed by the
+ * root certificate in the trusted bundle
+*/
+int esp_crt_verify_callback(void *buf, WOLFSSL_X509 *crt, int depth,
+                            uint32_t *flags)
+{
+    WOLFSSL_X509 *child;
+    const uint8_t *crt_name;
+    int start = 0;
+    int middle = 0;
+    int end  = 0;
+    int crt_found = 0;
+    int ret = -1;
+    size_t name_len = 0;
+    size_t key_len  = 0;
+
+    child = crt;
+
+    if (s_crt_bundle.crts == NULL) {
+        ESP_LOGE(TAG, "No certificates in bundle");
+        return -1;
+    }
+
+    ESP_LOGCBI(TAG, "esp_crt_verify_callback: %d certificates in bundle",
+                  s_crt_bundle.num_certs);
+
+    name_len = 0;
+
+    crt_found = false;
+    start = 0;
+    if (s_crt_bundle.num_certs > 0) {
+        end = s_crt_bundle.num_certs - 1;
+        middle = (end - start) / 2;
+    }
+    else {
+        end = -1;
+        middle = -1;
+    }
+    /* Look for the certificate using binary search on subject name */
+    while (start <= end) {
+        name_len = (s_crt_bundle.crts[middle][0] << 8) |
+                   (s_crt_bundle.crts[middle][1]);
+        crt_name = s_crt_bundle.crts[middle] + CRT_HEADER_OFFSET;
+
+        int cmp_res = memcmp(child->altNames, crt_name, name_len);
+        if (cmp_res == 0) {
+            ESP_LOGCBI(TAG, "crt found %s", crt_name);
+            crt_found = true;
+            break;
+        }
+        else if (cmp_res < 0) {
+            end = middle + 1;
+        }
+        else {
+            start = middle - 1;
+        }
+        middle = (start + end) / 2;
+    }
+
+    ret = -1; /* WOLFSSL_ERR_X509_FATAL_ERROR; */
+    if (crt_found) {
+        key_len = (s_crt_bundle.crts[middle][2] << 8) |
+                  (s_crt_bundle.crts[middle][3]);
+        /* This is the wolfssl_ssl_conf_verify callback to attach bundle.
+         * We'll verify at certificate attachment time. */
+        ESP_LOGV(TAG, "Found key. Len = %d", key_len);
+        /* Optional validation not implemented at this time. */
+        /* See wolfssl_ssl_conf_verify_cb() */
+    }
+    else {
+        ESP_LOGW(TAG, "crt not found!");
+    }
+
+    if (ret == 0) {
+        ESP_LOGCBI(TAG, "Certificate validated (2)");
+        *flags = 0;
+        return 0;
+    }
+
+    ESP_LOGW(TAG, "Deprecated; this API for compiler compatibility only.");
+    ESP_LOGW(TAG, "Please use wolfssl_ssl_conf_verify_cb() .");
+    ESP_LOGE(TAG, "Failed to verify certificate");
+    return -1; /* WOLFSSL_ERR_X509_FATAL_ERROR; */
+} /* esp_crt_verify_callback */
+
+/* wolfssl_ssl_conf_authmode() patterned after ESP-IDF. */
+void wolfssl_ssl_conf_authmode(wolfssl_ssl_config *conf, int authmode)
+{
+    wolfSSL_CTX_set_verify( (WOLFSSL_CTX *)conf->priv_ctx, authmode, NULL);
+}
+
+/* API wolfssl_x509_crt_init */
+void wolfssl_x509_crt_init(WOLFSSL_X509 *crt)
+{
+    InitX509(crt, 0, NULL);
+}
+
+/* cert buffer compatibility helper */
+void wolfssl_ssl_conf_ca_chain(wolfssl_ssl_config *conf,
+                               WOLFSSL_X509       *ca_chain,
+                               WOLFSSL_X509_CRL   *ca_crl)
+{
+    conf->ca_chain   = ca_chain;
+    conf->ca_crl     = ca_crl;
+
+#if defined(WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK)
+    /* wolfssl_ssl_conf_ca_chain() and wolfsslssl_ssl_conf_ca_cb()
+     * cannot be used together. */
+    conf->f_ca_cb = NULL;
+    conf->p_ca_cb = NULL;
+#endif /* WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK */
+}
+
+#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+esp_err_t esp_crt_bundle_is_valid(void)
+{
+    return _esp_crt_bundle_is_valid;
+}
+
+/* Initialize the bundle into an array so we can do binary
+ * search for certs; the bundle generated by the python utility is
+ * normally already presorted by subject name attributes in ARBITRARY order!
+ *
+ * See gen_crt_bundle.py regarding element extraction sort.
+ *
+ * To used as unsorted list, see above:
+ *    `#define CERT_BUNDLE_UNSORTED`
+ */
+static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle,
+                                             size_t bundle_size)
+{
+    const uint8_t *bundle_end = NULL;
+    const uint8_t *cur_crt = NULL;
+    uint16_t i;
+    size_t cert_len;
+    int ret = ESP_OK;
+
+    WOLFSSL_ENTER("wolfssl_esp_crt_bundle_init");
+    _esp_crt_bundle_is_valid = ESP_OK; /* Assume valid until proven otherwise. */
+
+    _cert_bundle_loaded = 0;
+    _crt_found = 0;
+    _added_cert = 0;
+    _need_bundle_cert = 0;
+
+    /* Basic check of bundle size. */
+    if (ret == ESP_OK) {
+        if (bundle_size < BUNDLE_HEADER_OFFSET + CRT_HEADER_OFFSET) {
+            ESP_LOGE(TAG, "Invalid certificate bundle size");
+            _esp_crt_bundle_is_valid = ESP_FAIL;
+            ret = ESP_ERR_INVALID_ARG;
+        }
+    }
+
+    /* Number of certificates pre-calculated in python script, extract value: */
+    if (ret == ESP_OK) {
+        num_certs = (x509_bundle[0] << 8) | x509_bundle[1];
+        if (num_certs > CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS) {
+            ESP_LOGE(TAG, "Number of certs in the certificate bundle = %d "
+                          "exceeds\nMax allowed certificates in certificate "
+                          "bundle = %d\nPlease update the menuconfig option",
+                          num_certs,
+                          CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS);
+            _esp_crt_bundle_is_valid = ESP_FAIL;
+            ret = ESP_ERR_INVALID_ARG;
+        }
+        else {
+            ESP_LOGCBI(TAG, "No. of certs in certificate bundle = % d",
+                            num_certs);
+            ESP_LOGCBI(TAG, "Max allowed certificates in certificate bundle = "
+                            "%d", CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS);
+        }
+    } /* ret == ESP_OK */
+
+    if (ret == ESP_OK) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGW(TAG, "calloc certs: %d bytes", (uint)sizeof(x509_bundle));
+#endif
+        /* Contiguous allocation is important to our cert extraction. */
+        crts = calloc(num_certs, sizeof(x509_bundle));
+        if (crts == NULL) {
+            ESP_LOGE(TAG, "Unable to allocate memory for bundle pointers");
+            _esp_crt_bundle_is_valid = ESP_FAIL;
+            ret = ESP_ERR_NO_MEM;
+        }
+    } /* ret == ESP_OK */
+
+    /* If all is ok, proceed with initialization of Certificate Bundle */
+    if (ret == ESP_OK) {
+        /* This is the maximum region that is allowed to access */
+        ESP_LOGV(TAG, "Bundle Start 0x%x", (intptr_t)x509_bundle);
+        ESP_LOGV(TAG, "Bundle Size  %d", bundle_size);
+        bundle_end = x509_bundle + bundle_size;
+        ESP_LOGV(TAG, "Bundle End   0x%x", (intptr_t)bundle_end);
+        cur_crt = x509_bundle + BUNDLE_HEADER_OFFSET;
+
+        for (i = 0; i < num_certs; i++) {
+            ESP_LOGV(TAG, "Init Cert %d", i);
+            if (cur_crt + CRT_HEADER_OFFSET > bundle_end) {
+                ESP_LOGE(TAG, "Invalid certificate bundle current offset");
+                _esp_crt_bundle_is_valid = ESP_FAIL;
+                ret = ESP_ERR_INVALID_ARG;
+                break;
+            }
+
+            crts[i] = cur_crt;
+
+#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT
+            /* For reference only */
+            size_t name_len = cur_crt[0] << 8 | cur_crt[1];
+            size_t key_len = cur_crt[2] << 8 | cur_crt[3];
+            cur_crt = cur_crt + CRT_HEADER_OFFSET + name_len + key_len;
+#else
+            cert_len = cur_crt[0] << 8 | cur_crt[1];
+    #if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) || \
+            defined(       WOLFSSL_ASN_ALLOW_0_SERIAL) || \
+            defined(CONFIG_WOLFSSL_NO_ASN_STRICT)      || \
+            defined(       WOLFSSL_NO_ASN_STRICT)
+            if (wolfssl_is_zero_serial_number(cur_crt + CRT_HEADER_OFFSET,
+                                                 cert_len) > 0) {
+                ESP_LOGW(TAG, "Warning: found zero value for serial number in "
+                              "certificate #%d", i);
+                ESP_LOGW(TAG, "Enable WOLFSSL_NO_ASN_STRICT to allow zero in "
+                              "serial number.");
+            }
+    #endif
+            cur_crt = cur_crt + (CRT_HEADER_OFFSET + cert_len);
+#endif
+        } /* for certs 0 to num_certs - 1 in the order found */
+    } /* ret == ESP_OK */
+
+    /* One final validation check. */
+    if (cur_crt > bundle_end) {
+        ESP_LOGE(TAG, "Invalid certificate bundle after end");
+        _esp_crt_bundle_is_valid = ESP_FAIL;
+        ret = ESP_ERR_INVALID_ARG;
+    }
+
+    if (_esp_crt_bundle_is_valid ==  ESP_FAIL) {
+        if (crts == NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+            ESP_LOGW(TAG, "Free certs after invalid bundle");
+#endif
+            free(crts);
+            crts = NULL;
+            s_crt_bundle.num_certs = 0;
+            s_crt_bundle.crts = NULL;
+        }
+    }
+    else {
+        /* The previous crt bundle is only updated when initialization of the
+         * current crt_bundle is successful */
+        /* Free previous crt_bundle */
+        if (s_crt_bundle.crts != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+            ESP_LOGI(TAG, "Free crts");
+#endif
+            free(s_crt_bundle.crts);
+        }
+        s_crt_bundle.num_certs = num_certs;
+        s_crt_bundle.crts = crts;
+    }
+
+    /* Consider using WOLFSSL_ASN_ALLOW_0_SERIAL or WOLFSSL_NO_ASN_STRICT
+     * to relax checks. Use with caution. See wolfSSL documentation. */
+    if (wolfssl_found_zero_serial()) {
+        ESP_LOGCBW(TAG, "Warning: At least one certificate in the bundle "
+                        "is missing a serial number.");
+    }
+
+    WOLFSSL_LEAVE("wolfssl_esp_crt_bundle_init", ret);
+    return ret;
+} /* esp_crt_bundle_init */
+
+/* esp_crt_bundle_attach() used by ESP-IDF esp-tls layer. */
+esp_err_t esp_crt_bundle_attach(void *conf)
+{
+    esp_err_t ret = ESP_OK;
+    ESP_LOGCBI(TAG, "Enter esp_crt_bundle_attach");
+    /* If no bundle has been set by the user,
+     * then use the bundle embedded in the binary */
+    if (s_crt_bundle.crts == NULL) {
+        ESP_LOGCBI(TAG, "No bundle set by user; using the embedded binary.");
+        ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_start 0x%x",
+               (intptr_t)x509_crt_imported_bundle_wolfssl_bin_start);
+        ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_end 0x%x",
+               (intptr_t)x509_crt_imported_bundle_wolfssl_bin_end);
+        ret = wolfssl_esp_crt_bundle_init(
+                         x509_crt_imported_bundle_wolfssl_bin_start,
+                        (x509_crt_imported_bundle_wolfssl_bin_end
+                       - x509_crt_imported_bundle_wolfssl_bin_start));
+    }
+    else {
+        ESP_LOGCBI(TAG, "Cert bundle set by user at 0x%x.",
+                       (intptr_t)s_crt_bundle.crts);
+    }
+
+    if (ret == ESP_OK) {
+        if (conf) {
+            wolfssl_ssl_config *ssl_conf = (wolfssl_ssl_config *)conf;
+            wolfssl_ssl_conf_verify(ssl_conf, esp_crt_verify_callback, NULL);
+        }
+        else {
+            ESP_LOGCBI(TAG, "esp_crt_bundle_attach no conf object supplied");
+        }
+    }
+    else {
+        ESP_LOGE(TAG, "Failed to attach bundle");
+    }
+    ESP_LOGCBI(TAG, "esp_crt_bundle_attach completed for wolfSSL");
+
+    _esp_crt_bundle_is_valid = ret;
+    return ret;
+} /* esp_crt_bundle_attach */
+
+/* esp_crt_bundle_detach() used by ESP-IDF esp-tls layer. */
+void esp_crt_bundle_detach(wolfssl_ssl_config *conf)
+{
+    ESP_LOGI(TAG, "esp_crt_bundle_detach");
+    _wolfssl_found_zero_serial = ESP_OK;
+    _cert_bundle_loaded = 0;
+    _crt_found = 0;
+    _added_cert = 0;
+    _need_bundle_cert = 0;
+
+    if (s_crt_bundle.crts != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGI(TAG, "Free s_crt_bundle.crts");
+#endif
+        free(s_crt_bundle.crts);
+        s_crt_bundle.crts = NULL;
+    }
+    if (conf) {
+        wolfssl_ssl_conf_verify(conf, NULL, NULL);
+        ESP_LOGE(TAG, "esp_crt_bundle_detach not implemented for wolfSSL");
+    }
+    ESP_LOGE(TAG, "Not implemented: esp_crt_bundle_detach");
+
+    /* If there's no cert bundle attached, it is not valid: */
+    _esp_crt_bundle_is_valid = ESP_FAIL;
+}
+
+/* The name esp_crt_bundle_set() used by ESP-IDF esp-tls layer,
+ * but called wolfssl_esp_crt_bundle_init here. */
+esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size)
+{
+    return wolfssl_esp_crt_bundle_init(x509_bundle, bundle_size);
+}
+
+/* Clean up bundle when closing connection from ESP-TLS layer. */
+esp_err_t wolfSSL_bundle_cleanup(void)
+{
+#ifdef DEBUG_WOLFSSL_MALLOC
+    size_t free_heap_size;
+    size_t min_free_heap_size;
+    size_t free_internal_heap_size;
+#endif
+
+    ESP_LOGV(TAG, "Enter wolfSSL_bundle_cleanup");
+
+    if (s_crt_bundle.crts != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGI(TAG, "Free s_crt_bundle.crts in wolfSSL_bundle_cleanup");
+#endif
+        free(s_crt_bundle.crts);
+        s_crt_bundle.crts = NULL;
+    }
+
+#ifdef WOLFSSL_CMAKE_REQUIRED_ESP_TLS
+    /* When the esp-tls is linked as a requirement in CMake and used by the
+     * ESP-IDF in the esp-tls component, call at cleanup time: */
+    esp_tls_free_global_ca_store();
+#endif
+
+    /* Be sure to free the bundle_cert first, as it may be part of store. */
+    if (bundle_cert != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGI(TAG, "Free bundle_cert in wolfSSL_bundle_cleanup");
+#endif
+        wolfSSL_X509_free(bundle_cert);
+        bundle_cert = NULL;
+    }
+
+    if (store_cert != NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        ESP_LOGI(TAG, "Free store_cert in wolfSSL_bundle_cleanup");
+#endif
+        wolfSSL_X509_free(store_cert);
+        store_cert = NULL;
+    }
+
+    memset(&s_crt_bundle, 0, sizeof(s_crt_bundle));
+
+#ifdef DEBUG_WOLFSSL_MALLOC
+    /* Get total free heap size */
+    free_heap_size = esp_get_free_heap_size();
+    ESP_LOGI(TAG, "Free heap size: %u bytes", free_heap_size);
+
+    /* Get minimum ever free heap size (since boot) */
+    min_free_heap_size = esp_get_minimum_free_heap_size();
+    ESP_LOGI(TAG, "Minimum ever free heap size: %u bytes", min_free_heap_size);
+
+    /* Get the amount of free memory in internal RAM */
+    free_internal_heap_size = heap_caps_get_free_size(MALLOC_CAP_INTERNAL);
+    ESP_LOGI(TAG, "Free internal heap size: %u bytes", free_internal_heap_size);
+#endif /* DEBUG_WOLFSSL_MALLOC */
+
+    return ESP_OK;
+}
+#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */
+
+/* Sanity checks: */
+#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_NO_ASN_STRICT)
+    /* The settings.h and/or user_settings.h should have detected config
+     * values from Kconfig and set the appropriate wolfSSL macro: */
+    #error "CONFIG_WOLFSSL_NO_ASN_STRICT found without WOLFSSL_NO_ASN_STRICT"
+#endif /* CONFIG_WOLFSSL_NO_ASN_STRICT && ! WOLFSSL_NO_ASN_STRICT */
+
+#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE && !(NONE cert) */
+#endif /* CONFIG_ESP_TLS_USING_WOLFSSL */
+#endif /* WOLFSSL_ESPIDF */
diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py b/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
new file mode 100644
index 000000000..5763e8820
--- /dev/null
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
@@ -0,0 +1,360 @@
+#!/usr/bin/env python
+#
+#  gen_crt_bundle.py
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#
+# ESP32 x509 certificate bundle generation utility
+#
+# Converts PEM and DER certificates to a custom bundle format which stores just the
+# subject name and public key to reduce space
+#
+# The bundle will have the format:
+# number of certificates;
+# crt 1 subject name length;
+# crt 1 public key length;
+# crt 1 subject name;
+# crt 1 public key;
+# crt 2...
+
+
+from __future__ import with_statement
+
+import argparse
+import csv
+import os
+import re
+import unicodedata
+import struct
+import sys
+from io import open
+
+try:
+    from cryptography import x509
+    from cryptography.hazmat.backends import default_backend
+    from cryptography.hazmat.primitives import serialization
+    from cryptography.x509.oid import NameOID
+
+except ImportError:
+    print('The cryptography package is not installed.'
+          'Please refer to the Get Started section of the ESP-IDF Programming Guide for '
+          'setting up the required packages.')
+    raise
+
+ca_bundle_bin_file = 'x509_crt_bundle_wolfssl'
+
+quiet = False
+
+
+def status(msg):
+    """ Print status message to stderr """
+    if not quiet:
+        critical(msg)
+
+
+def critical(msg):
+    """ Print critical message to stderr """
+    sys.stderr.write('gen_crt_bundle.py: ')
+    sys.stderr.write(msg)
+    sys.stderr.write('\n')
+
+
+class CertificateBundle:
+    def __init__(self):
+        self.certificates = []
+        self.compressed_crts = []
+
+        if os.path.isfile(ca_bundle_bin_file):
+            os.remove(ca_bundle_bin_file)
+
+    def add_from_path(self, crts_path):
+
+        found = False
+        for file_path in os.listdir(crts_path):
+            found |= self.add_from_file(os.path.join(crts_path, file_path))
+
+        if found is False:
+            raise InputError('No valid x509 certificates found in %s' % crts_path)
+
+    def add_from_file(self, file_path):
+        try:
+            if file_path.endswith('.pem'):
+                status('Parsing certificates from %s' % file_path)
+                with open(file_path, 'r', encoding='utf-8') as f:
+                    crt_str = f.read()
+                    self.add_from_pem(crt_str)
+                    return True
+
+            elif file_path.endswith('.der'):
+                status('Parsing certificates from %s' % file_path)
+                with open(file_path, 'rb') as f:
+                    crt_str = f.read()
+                    self.add_from_der(crt_str)
+                    return True
+
+        except ValueError:
+            critical('Invalid certificate in %s' % file_path)
+            raise InputError('Invalid certificate')
+
+        return False
+
+    def add_from_pem(self, crt_str):
+        """ A single PEM file may have multiple certificates """
+
+        crt = ''
+        count = 0
+        start = False
+
+        for strg in crt_str.splitlines(True):
+            if strg == '-----BEGIN CERTIFICATE-----\n' and start is False:
+                crt = ''
+                start = True
+            elif strg == '-----END CERTIFICATE-----\n' and start is True:
+                crt += strg + '\n'
+                start = False
+                self.certificates.append(x509.load_pem_x509_certificate(crt.encode(), default_backend()))
+                count += 1
+            if start is True:
+                crt += strg
+
+        if count == 0:
+            raise InputError('No certificate found')
+
+        status('Successfully added %d certificates' % count)
+
+    def add_from_der(self, crt_str):
+        self.certificates.append(x509.load_der_x509_certificate(crt_str, default_backend()))
+        status('Successfully added 1 certificate')
+
+    def get_subject_text(self, cert):
+        # Extract subject as a string in the desired format
+        return ", ".join(
+            f"/{attribute.oid._name}={attribute.value}"  # Adjust as necessary to format as "/C=US/O=..."
+            for attribute in cert.subject
+        )
+
+    # We are currently sorting in AS FOUND order. wolfSSL does this in wolfSSL_X509_NAME_oneline()
+    # But for reference, if desired:
+    #
+    # /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA
+    # /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave
+    desired_dn_order = ["/C=", "/ST=", "/L=", "/O=", "/OU=", "/CN="]
+
+    def extract_dn_components(self, cert):
+        """
+        Extract the DN components based on the desired order and return the assembled string.
+        """
+        #dn_dict = {"/C=": "/C=", "/ST=": "/ST=", "/L=": "/L=", "/O=": "/O=", "/OU=": "/OU=", "/CN=": "/CN="}
+        dn_dict = {"/C=": "", "/ST=": "", "/L=": "", "/O=": "", "/OU=": "", "/CN=": ""}
+
+        # Map the actual DN elements to the correct keys in the desired order
+        for attribute in cert.subject:
+            if attribute.oid == x509.NameOID.COUNTRY_NAME:
+                dn_dict["/C="] = attribute.value
+            elif attribute.oid == x509.NameOID.ORGANIZATIONAL_UNIT_NAME:
+                dn_dict["/OU="] = attribute.value
+            elif attribute.oid == x509.NameOID.ORGANIZATION_NAME:
+                dn_dict["/O="] = attribute.value
+            elif attribute.oid == x509.NameOID.COMMON_NAME:
+                dn_dict["/CN="] = attribute.value
+            elif attribute.oid == x509.NameOID.LOCALITY_NAME:
+                dn_dict["/L="] = attribute.value
+            elif attribute.oid == x509.NameOID.STATE_OR_PROVINCE_NAME:
+                dn_dict["/ST="] = attribute.value
+
+        #return ''.join([f"{key}{dn_dict[key]}" for key in self.desired_dn_order])
+        return dn_dict
+
+    def sorting_key(self, cert):
+        """
+        Create a tuple for sorting, where each component is sorted in the order defined by `desired_dn_order`.
+        If a component is missing, it is replaced with a value that will ensure proper sorting (empty string).
+        """
+        dn_dict = self.extract_dn_components(cert)
+
+        return ''.join([f"{key}{dn_dict[key]}" for key in self.desired_dn_order if dn_dict[key]])
+
+    def sort_certificates_by_dn_order(self, certificates):
+        """
+        Sort the list of certificates based on the DN string assembled in the specified order.
+        """
+        return sorted(certificates, key=self.sorting_key)
+
+    def extract_dn_components_as_is(self, cert):
+        """
+        Extract the DN components exactly as they appear in the certificate.
+        """
+        # dn_string = ', '.join([f"{attribute.oid._name}={attribute.value}" for attribute in cert.subject])
+        dn_string = ""
+        result_string = ""
+
+        # Mapping of known OIDs to their short names
+        oid_short_names = {
+            'commonName': '/CN',
+            'countryName': '/C',
+            'stateOrProvinceName': '/ST',
+            'localityName': '/L',
+            'organizationName': '/O',
+            'organizationalUnitName': '/OU'
+        }
+
+        with open("cert_bundle.log", "a") as file:
+            # Write to the file
+            file.write("\nNew cert\n\n")
+            for attribute in cert.subject:
+                # Use a predefined map for known OIDs, and fallback to the dotted string if not found
+                oid_full_name  = attribute.oid._name if attribute.oid._name else attribute.oid.dotted_string
+
+                # The common string uses "/CN" and not "commonName", so we need to swap out keywords such as commonName:
+                oid_name = oid_short_names.get(oid_full_name, oid_full_name)
+                file.write(f"oid_name={oid_name}\n")
+
+                # Strip unicode
+                normalized_string = unicodedata.normalize('NFKD', attribute.value)
+
+                # Encode to ASCII bytes, ignoring any characters that can't be converted
+                ascii_bytes = normalized_string.encode('ascii', 'ignore')
+
+                # Decode back to ASCII string
+                ascii_string = ascii_bytes.decode('ascii')
+                file.write(f"attribute_value={ascii_string}\n")
+
+                # assemble the dn string for this cert
+                dn_string += f"/{oid_name}={ascii_string}"
+                file.write(f"dn_string={dn_string}\n")
+
+            # Remove any unprintable characters
+            cleaned_string = re.sub(r'[^\x20-\x7E]', ' ', dn_string)
+            file.write(f"cleaned_string={cleaned_string}\n")
+            result_string = cleaned_string.replace("=", " ")
+            file.write(f"result_string={result_string}\n")
+
+        # Reminder this is a sort order only; cert NOT modified.
+        return result_string
+
+    def sorting_key_as_is(self, cert):
+        """
+        Use the DN string as found in the certificate as the sorting key.
+        """
+        dn_string = self.extract_dn_components_as_is(cert)
+        return dn_string
+
+    def sort_certificates_by_as_is(self, certificates):
+        """
+        Sort the list of certificates based on the DN string assembled in the specified order.
+        """
+        return sorted(certificates, key=self.sorting_key_as_is)
+
+    def create_bundle(self):
+        # Sort certificates in order to do binary search when looking up certificates
+        # NOTE: When sorting, see `esp_crt_bundle.c`;
+        #       Use `#define CERT_BUNDLE_UNSORTED` when not sorting.
+        #
+        with open("cert_bundle.log", "w") as file:
+            # Write to the file
+            file.write("init.\n")
+        self.certificates = self.sort_certificates_by_as_is(self.certificates)
+
+
+        bundle = struct.pack('>H', len(self.certificates))
+
+        for crt in self.certificates:
+            cert_der = crt.public_bytes(serialization.Encoding.DER)
+            cert_der_len = len(cert_der)
+
+            len_data = struct.pack('>H', cert_der_len)
+            bundle += len_data
+            bundle += cert_der
+
+        return bundle
+
+    def add_with_filter(self, crts_path, filter_path):
+
+        filter_set = set()
+        with open(filter_path, 'r', encoding='utf-8') as f:
+            csv_reader = csv.reader(f, delimiter=',')
+
+            # Skip header
+            next(csv_reader)
+            for row in csv_reader:
+                filter_set.add(row[1])
+
+        status('Parsing certificates from %s' % crts_path)
+        crt_str = []
+        with open(crts_path, 'r', encoding='utf-8') as f:
+            crt_str = f.read()
+
+            # Split all certs into a list of (name, certificate string) tuples
+            pem_crts = re.findall(r'(^.+?)\n(=+\n[\s\S]+?END CERTIFICATE-----\n)', crt_str, re.MULTILINE)
+
+            filtered_crts = ''
+            for name, crt in pem_crts:
+                if name in filter_set:
+                    filtered_crts += crt
+
+        self.add_from_pem(filtered_crts)
+
+
+class InputError(RuntimeError):
+    def __init__(self, e):
+        super(InputError, self).__init__(e)
+
+
+def main():
+    global quiet
+
+    parser = argparse.ArgumentParser(description='ESP-IDF x509 certificate bundle utility')
+
+    parser.add_argument('--quiet', '-q', help="Don't print non-critical status messages to stderr", action='store_true')
+    parser.add_argument('--input', '-i', nargs='+', required=True,
+                        help='Paths to the custom certificate folders or files to parse, parses all .pem or .der files')
+    parser.add_argument('--filter', '-f', help='Path to CSV-file where the second columns contains the name of the certificates \
+                        that should be included from cacrt_all.pem')
+
+    args = parser.parse_args()
+
+    quiet = args.quiet
+
+    bundle = CertificateBundle()
+
+    for path in args.input:
+        if os.path.isfile(path):
+            if os.path.basename(path) == 'cacrt_all.pem' and args.filter:
+                bundle.add_with_filter(path, args.filter)
+            else:
+                bundle.add_from_file(path)
+        elif os.path.isdir(path):
+            bundle.add_from_path(path)
+        else:
+            raise InputError('Invalid --input=%s, is neither file nor folder' % args.input)
+
+    status('Successfully added %d certificates in total' % len(bundle.certificates))
+
+    crt_bundle = bundle.create_bundle()
+
+    with open(ca_bundle_bin_file, 'wb') as f:
+        f.write(crt_bundle)
+
+
+if __name__ == '__main__':
+    try:
+        main()
+    except InputError as e:
+        print(e)
+        sys.exit(2)
diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
index 8c5cd3708..5bd7a649d 100644
--- a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
+++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
@@ -1,6 +1,6 @@
 /* esp_sdk_mem_lib.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,10 +25,10 @@
 
 /* wolfSSL */
 /* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
-/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
-#ifdef WOLFSSL_USER_SETTINGS
-    #include <wolfssl/wolfcrypt/settings.h>
-#endif
+/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt  */
+/* Reminder: settings.h pulls in user_settings.h                         */
+/*   Do not explicitly include user_settings.h here.                     */
+#include <wolfssl/wolfcrypt/settings.h>
 
 #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
 
@@ -71,8 +71,6 @@ extern wc_ptr_t _rodata_start[];
 extern wc_ptr_t _rodata_end[];
 extern wc_ptr_t _bss_start[];
 extern wc_ptr_t _bss_end[];
-extern wc_ptr_t _rtc_data_start[];
-extern wc_ptr_t _rtc_data_end[];
 extern wc_ptr_t _rtc_bss_start[];
 extern wc_ptr_t _rtc_bss_end[];
 extern wc_ptr_t _iram_start[];
@@ -83,18 +81,29 @@ extern wc_ptr_t _init_end[];
 #endif
 extern wc_ptr_t _iram_text_start[];
 extern wc_ptr_t _iram_text_end[];
-extern wc_ptr_t _iram_bss_start[];
-extern wc_ptr_t _iram_bss_end[];
+#if defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* TODO: Find ESP32-S2 equivalent */
+#else
+    extern wc_ptr_t _iram_bss_start[];
+    extern wc_ptr_t _iram_bss_end[];
+#endif
 extern wc_ptr_t _noinit_start[];
 extern wc_ptr_t _noinit_end[];
 extern wc_ptr_t _text_start[];
 extern wc_ptr_t _text_end[];
 extern wc_ptr_t _heap_start[];
 extern wc_ptr_t _heap_end[];
-extern wc_ptr_t _rtc_data_start[];
-extern wc_ptr_t _rtc_data_end[];
-extern void* _thread_local_start;
-extern void* _thread_local_end;
+#ifdef CONFIG_IDF_TARGET_ESP32C2
+    /* no rtc_data on ESP32-C2*/
+#else
+    extern wc_ptr_t _rtc_data_start[];
+    extern wc_ptr_t _rtc_data_end[];
+#endif
+
+#if defined(CONFIG_IDF_TARGET_ARCH_XTENSA) && CONFIG_IDF_TARGET_ARCH_XTENSA == 1
+    extern void* _thread_local_start;
+    extern void* _thread_local_end;
+#endif
 
 /* See https://github.com/esp8266/esp8266-wiki/wiki/Memory-Map */
 #define MEM_MAP_IO_START  ((void*)(0x3FF00000))
@@ -161,7 +170,7 @@ static const char* sdk_memory_segment_text[SDK_MEMORY_SEGMENT_COUNT + 1] = {
 int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end)
 {
     const char* str;
-    int len = 0;
+    word32 len = 0;
     str = sdk_memory_segment_text[m];
     sdk_memory_segment_start[m] = start;
     sdk_memory_segment_end[m] = end;
@@ -173,7 +182,7 @@ int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end)
         ESP_LOGI(TAG, "                  Start         End          Length");
     }
     else {
-        len = (uint32_t)end - (uint32_t)start;
+        len = (word32)end - (word32)start;
         ESP_LOGI(TAG, "%s: %p ~ %p : 0x%05x (%d)", str, start, end, len, len );
     }
     return ESP_OK;
@@ -186,10 +195,16 @@ int sdk_init_meminfo(void) {
 
     sdk_log_meminfo(SDK_MEMORY_SEGMENT_COUNT, NULL, NULL); /* print header */
     sdk_log_meminfo(mem_map_io,    MEM_MAP_IO_START,    MEM_MAP_IO_END);
+#if defined(CONFIG_IDF_TARGET_ARCH_XTENSA) && CONFIG_IDF_TARGET_ARCH_XTENSA == 1
     sdk_log_meminfo(thread_local,  _thread_local_start, _thread_local_end);
+#endif
     sdk_log_meminfo(data,          _data_start,         _data_end);
     sdk_log_meminfo(user_data_ram, USER_DATA_START,     USER_DATA_END);
+#if defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* TODO: Find ESP32-S2 equivalent of bss */
+#else
     sdk_log_meminfo(bss,           _bss_start,          _bss_end);
+#endif
     sdk_log_meminfo(noinit,        _noinit_start,       _noinit_end);
     sdk_log_meminfo(ets_system,    ETS_SYS_START,       ETS_SYS_END);
     sdk_log_meminfo(rodata,        _rodata_start,       _rodata_end);
@@ -198,12 +213,20 @@ int sdk_init_meminfo(void) {
     sdk_log_meminfo(iramf2,        IRAMF2_START,        IRAMF2_END);
     sdk_log_meminfo(iram,          _iram_start,         _iram_end);
     sdk_log_meminfo(iram_text,     _iram_text_start,    _iram_text_end);
+#if defined(CONFIG_IDF_TARGET_ESP32S2)
+    /* No iram_bss on ESP32-C2 at this time. TODO: something equivalent? */
+#else
     sdk_log_meminfo(iram_bss,      _iram_bss_start,     _iram_bss_end);
+#endif
 #if defined(CONFIG_IDF_TARGET_ESP8266)
     sdk_log_meminfo(init,          _init_start,         _init_end);
 #endif
     sdk_log_meminfo(text,          _text_start,         _text_end);
+#if defined(CONFIG_IDF_TARGET_ESP32C2)
+    /* No rtc_data on ESP32-C2 at this time. TODO: something equivalent? */
+#else
     sdk_log_meminfo(rtc_data,      _rtc_data_start,     _rtc_data_end);
+#endif
     ESP_LOGI(TAG, "-----------------------------------------------------");
     sample_heap_var = malloc(1);
     if (sample_heap_var == NULL) {
diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c
index 1ef8de408..036174e73 100644
--- a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c
+++ b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c
@@ -1,6 +1,6 @@
 /* esp_sdk_time_lib.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,14 +23,17 @@
     #include <config.h>
 #endif
 
-/* Reminder: user_settings.h is needed and included from settings.h
- * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.     */
+/* Reminder: settings.h pulls in user_settings.h                          */
+/*   Do not explicitly include user_settings.h here.                      */
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF. */
+#include "sdkconfig.h"      /* programmatically generated from sdkconfig. */
+
 #if defined(USE_WOLFSSL_ESP_SDK_TIME)
 /* Espressif */
-#include "sdkconfig.h" /* programmatically generated from sdkconfig */
 #include <esp_log.h>
 #include <esp_err.h>
 
@@ -71,10 +74,10 @@ esp_err_t esp_sdk_time_lib_init(void)
 
 /* ESP-IDF uses a 64-bit signed integer to represent time_t
  * starting from release v5.0
- * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
+ * See: Espressif api-reference system_time (year-2036-and-2038-overflow-issues)
  */
 
-/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */
+/* see gnu TZ-Variable */
 #ifndef TIME_ZONE
     /*
      * PST represents Pacific Standard Time.
@@ -116,6 +119,41 @@ esp_err_t esp_sdk_time_lib_init(void)
     #define CONFIG_LWIP_SNTP_MAX_SERVERS NTP_SERVER_COUNT
 #endif
 
+/* When reproducible builds are enabled in ESP-IDF
+ * (starting from version 4.0 and above),
+ * the __DATE__ and __TIME__ macros are deliberately disabled. */
+#ifndef  __DATE__
+    #define YEAR  2024
+    #define MONTH 9
+    #define DAY   25
+#else
+    /* e.g. __DATE__ "Sep 25 2024" */
+    #define YEAR  ( \
+        ((__DATE__)[7]  - '0') * 1000 + \
+        ((__DATE__)[8]  - '0') * 100  + \
+        ((__DATE__)[9]  - '0') * 10   + \
+        ((__DATE__)[10] - '0') * 1      \
+    )
+
+    #define MONTH ( \
+        __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+      : __DATE__[2] == 'b' ? 2 \
+      : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+      : __DATE__[2] == 'y' ? 5 \
+      : __DATE__[2] == 'l' ? 7 \
+      : __DATE__[2] == 'g' ? 8 \
+      : __DATE__[2] == 'p' ? 9 \
+      : __DATE__[2] == 't' ? 10 \
+      : __DATE__[2] == 'v' ? 11 \
+      : 12 \
+    )
+
+    #define DAY ( \
+        ((__DATE__)[4]  - '0') * 10 + \
+        ((__DATE__)[5]  - '0') * 1   \
+    )
+#endif
+
 /* our NTP server list is global info */
 extern char* ntpServerList[NTP_SERVER_COUNT];
 
@@ -144,12 +182,12 @@ int set_fixed_default_time(void)
     /* ideally, we'd like to set time from network,
      * but let's set a default time, just in case */
     struct tm timeinfo = {
-        .tm_year = 2024 - 1900,
-        .tm_mon  = 1,
-        .tm_mday = 05,
+        .tm_year = YEAR,
+        .tm_mon  = MONTH, /* Month, where 0 = Jan */
+        .tm_mday = DAY,   /* Numeric decimal day of the month */
         .tm_hour = 13,
-        .tm_min  = 01,
-        .tm_sec  = 05
+        .tm_min  =  1,
+        .tm_sec  =  5
     };
     struct timeval now;
     time_t interim_time;
@@ -341,7 +379,7 @@ int set_time(void)
     if (NTP_SERVER_COUNT) {
         /* next, let's setup NTP time servers
          *
-         * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
+         * see Espressif api-reference system_time (sntp-time-synchronization)
          *
          * WARNING: do not set operating mode while SNTP client is running!
          */
diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c
index 06c9f81e8..db7c95435 100644
--- a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c
+++ b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c
@@ -1,6 +1,6 @@
 /* esp_sdk_wifi_lib.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -23,12 +23,15 @@
     #include <config.h>
 #endif
 
-/* Reminder: user_settings.h is needed and included from settings.h
- * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt  */
+/* Reminder: settings.h pulls in user_settings.h                         */
+/*   Do not explicitly include user_settings.h here.                     */
 #include <wolfssl/wolfcrypt/settings.h>
 
 #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
-#if defined(USE_WOLFSSL_ESP_SDK_WIFI)
+#if defined(USE_WOLFSSL_ESP_SDK_WIFI) && ESP_IDF_VERSION_MAJOR > 4
 
 /* Espressif */
 #include "sdkconfig.h" /* programmatically generated from sdkconfig */
@@ -59,8 +62,8 @@ esp_err_t esp_sdk_wifi_lib_init(void)
 #if defined(CONFIG_IDF_TARGET_ESP8266)
 #elif ESP_IDF_VERSION_MAJOR >= 5 && defined(FOUND_PROTOCOL_EXAMPLES_DIR)
     /* example path set in cmake file */
-#elif ESP_IDF_VERSION_MAJOR >= 4
-    #include "protocol_examples_common.h"
+#elif ESP_IDF_VERSION_MAJOR > 4
+/*    #include "protocol_examples_common.h" */
 #else
     const static int CONNECTED_BIT = BIT0;
     static EventGroupHandle_t wifi_event_group;
@@ -266,7 +269,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
         ESP_LOGI(TAG, "got ip:%s",
                  ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
     #endif
-        /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */
+        /* see Espressif api-reference freertos_idf */
         xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
         break;
     case SYSTEM_EVENT_STA_DISCONNECTED:
diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c
index 6924b31eb..ea2a60878 100644
--- a/wolfcrypt/src/port/Renesas/renesas_common.c
+++ b/wolfcrypt/src/port/Renesas/renesas_common.c
@@ -1,6 +1,6 @@
 /* renesas_common.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -252,27 +252,74 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 
     if (info->algo_type == WC_ALGO_TYPE_PK) {
     #if !defined(NO_RSA)
-        #if defined(WOLFSSL_KEY_GEN)
-        if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
-            (info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) {
+    #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+        if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
             ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
+            if (ret == 0) {
+                TsipUserCtx* tsipCtx = (TsipUserCtx*)ctx;
+                RsaKey* key = info->pk.rsakg.key;
+            #if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
+                if (info->pk.rsakg.size == 1024) {
+                    /* export generated public key to the RsaKey structure */
+                    ret = wc_RsaPublicKeyDecodeRaw(
+                        tsipCtx->rsa1024pub_keyIdx->value.key_n,
+                            R_TSIP_RSA_1024_KEY_N_LENGTH_BYTE_SIZE,
+                        tsipCtx->rsa1024pub_keyIdx->value.key_e,
+                            R_TSIP_RSA_1024_KEY_E_LENGTH_BYTE_SIZE,
+                        key
+                    );
+                }
+            #endif
+            #if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
+                if (info->pk.rsakg.size == 2048) {
+                    /* export generated public key to the RsaKey structure */
+                    ret = wc_RsaPublicKeyDecodeRaw(
+                        tsipCtx->rsa2048pub_keyIdx->value.key_n,
+                            R_TSIP_RSA_2048_KEY_N_LENGTH_BYTE_SIZE,
+                        tsipCtx->rsa2048pub_keyIdx->value.key_e,
+                            R_TSIP_RSA_2048_KEY_E_LENGTH_BYTE_SIZE,
+                        key
+                    );
+                }
+            #endif
+            }
         }
+    #endif
+        /* tsip only supports PKCSV15 padding scheme */
+        if (info->pk.type == WC_PK_TYPE_RSA_PKCS) {
+            RsaPadding* pad = info->pk.rsa.padding;
+            if (pad && pad->pad_value == RSA_BLOCK_TYPE_1) {
+                /* sign / verify */
+                if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT ||
+                    info->pk.rsa.type == RSA_PRIVATE_DECRYPT) {
+                    ret = tsip_SignRsaPkcs(info, cbInfo);
+                }
+            #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+                else {
+                    ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
+                }
+            #endif
+            }
+        #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+            else if (pad && pad->pad_value == RSA_BLOCK_TYPE_2) {
+                /* encrypt/decrypt */
+                ret = wc_tsip_RsaFunction(info, cbInfo);
+            }
         #endif
-
-        /* RSA Signing
-         * Can handle only RSA PkCS#1v1.5 padding scheme here.
-         */
-        if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
-            ret = tsip_SignRsaPkcs(info, cbInfo);
-        }
-        #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-        /* RSA Verify */
-        if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
-            ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
         }
+        if (info->pk.type == WC_PK_TYPE_RSA_GET_SIZE) {
+            if (cbInfo->wrappedKeyType == TSIP_KEY_TYPE_RSA2048) {
+                *info->pk.rsa_get_size.keySize = 256;
+                ret = 0;
+            }
+        #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+            else if (cbInfo->wrappedKeyType == TSIP_KEY_TYPE_RSA1024) {
+                *info->pk.rsa_get_size.keySize = 128;
+                ret = 0;
+            }
         #endif
+        }
     #endif /* !NO_RSA */
-
     #if defined(HAVE_ECC)
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
         if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
@@ -461,7 +508,7 @@ int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated)
  * Get Callback ctx by devId
  *
  * devId   : devId to get its CTX
- * return  asocciated CTX when the method is successfully called.
+ * return  associated CTX when the method is successfully called.
  *         otherwise, NULL
  */
 WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
index 0028786c5..e25afa43c 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
@@ -1,6 +1,6 @@
 /* renesas_fspsm_aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -243,7 +243,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
     (void) key_server_aes;
 
     /* sanity check */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -275,8 +275,8 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
         /* allocate buffers for plain text, cipher text and authTag to make sure
          * those buffers 32bit aligned as SCE requests.
          */
-         delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 :
-                             (byte)(AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE));
+         delta = ((sz % WC_AES_BLOCK_SIZE) == 0) ? 0 :
+                             (byte)(WC_AES_BLOCK_SIZE - (sz % WC_AES_BLOCK_SIZE));
         plainBuf  = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
         cipherBuf = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
         aTagBuf   = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
@@ -301,9 +301,9 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
              * Aes.ctx.tsip_keyIdx is not used here.
              */
             key_client_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            aes->heap, DYNAMIC_TYPE_AES);
             key_server_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            aes->heap, DYNAMIC_TYPE_AES);
             if (key_client_aes == NULL || key_server_aes == NULL) {
                 XFREE(plainBuf,  aes->heap, DYNAMIC_TYPE_AES);
                 XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
@@ -371,7 +371,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
                 */
                 dataLen = 0;
                 ret = finalFn(&_handle,
-                           cipherBuf + (sz + delta - AES_BLOCK_SIZE),
+                           cipherBuf + (sz + delta - WC_AES_BLOCK_SIZE),
                               &dataLen,
                               aTagBuf);
 
@@ -452,7 +452,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
     FSPSM_AES_PWKEY      key_server_aes = NULL;
     (void) key_client_aes;
     /* sanity check */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -482,8 +482,8 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
        /* allocate buffers for plain-text, cipher-text, authTag and AAD.
          * TSIP requests those buffers 32bit aligned.
          */
-         delta = ((sz % AES_BLOCK_SIZE) == 0) ? 0 :
-                            (byte)(AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE));
+         delta = ((sz % WC_AES_BLOCK_SIZE) == 0) ? 0 :
+                            (byte)(WC_AES_BLOCK_SIZE - (sz % WC_AES_BLOCK_SIZE));
         cipherBuf = XMALLOC(sz, aes->heap, DYNAMIC_TYPE_AES);
         plainBuf  = XMALLOC(sz + delta, aes->heap, DYNAMIC_TYPE_AES);
         aTagBuf   = XMALLOC(SCE_AES_GCM_AUTH_TAG_SIZE, aes->heap,
@@ -505,9 +505,9 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
              * Aes.ctx.tsip_keyIdx is not used here.
              */
             key_client_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            aes->heap, DYNAMIC_TYPE_AES);
             key_server_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            aes->heap, DYNAMIC_TYPE_AES);
             if (key_client_aes == NULL || key_server_aes == NULL) {
                 XFREE(plainBuf,  aes->heap, DYNAMIC_TYPE_AES);
                 XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
@@ -571,7 +571,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
             if (ret == FSP_SUCCESS) {
                 dataLen = 0;
                 ret = finalFn(&_handle,
-                                  plainBuf + (sz + delta - AES_BLOCK_SIZE),
+                                  plainBuf + (sz + delta - WC_AES_BLOCK_SIZE),
                             &dataLen,
                             aTagBuf,
                             min(16, authTagSz));
@@ -620,7 +620,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
 {
     FSPSM_AES_HANDLE _handle;
     int ret;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     uint32_t dataLength;
     byte *iv;
 
@@ -656,13 +656,13 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
 
         if (aes->ctx.keySize == 16)
             ret = FSPSM_AES128CBCEnc_Up(&_handle, (uint8_t*)in,
-                                    (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                    (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
         else
             ret = FSPSM_AES256CBCEnc_Up(&_handle, (uint8_t*)in,
-                                    (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                    (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
 
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 
     if (ret == FSP_SUCCESS) {
@@ -694,7 +694,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
 {
     FSPSM_AES_HANDLE _handle;
     int ret;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     uint32_t dataLength;
     byte *iv;
 
@@ -727,13 +727,13 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
 
         if (aes->ctx.keySize == 16)
             ret = FSPSM_AES128CBCDec_Up(&_handle, (uint8_t*)in,
-                                        (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                        (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
         else
             ret = FSPSM_AES256CBCDec_Up(&_handle, (uint8_t*)in,
-                                        (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                        (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
 
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 
     if (ret == FSP_SUCCESS) {
@@ -795,7 +795,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
         return BAD_FUNC_ARG;
     }
 
-#ifdef WOLFSSL_AES_COUNTER
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
 #endif
 
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
index 778e5fff6..bd38b75ef 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
@@ -1,6 +1,6 @@
 /* renesas_fspsm_rsa.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,7 +67,7 @@ WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(RsaKey *key)
 /* Set Rsa key by pre-created wrapped user key
  *
  * key    RsaKey object
- * size   desired keylenth, in bits. supports 1024 or 2048 bits
+ * size   desired key length, in bits. supports 1024 or 2048 bits
  * ctx    Callback context including pointer to hold generated key
  * return FSP_SUCCESS(0) on Success, otherwise negative value
  */
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
index 3ea643892..dc6612595 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
@@ -1,6 +1,6 @@
 /* renesas_fspsm_sha.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
index e3f1547be..2300d21a5 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
@@ -1,6 +1,6 @@
 /* renesas_fspsm_util.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -56,7 +56,7 @@ extern FSPSM_CONFIG     gFSPSM_cfg;
 #endif
 
 #if defined(WOLFSSL_RENESAS_FSPSM_ECC)
-WOLFSSL_GLOBAL FSPSM_ST_PKC gPKCbInfo;
+WC_THREADSHARED FSPSM_ST_PKC gPKCbInfo;
 #endif
 
 
@@ -336,7 +336,7 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
     }
 
     if ((sigforSCE = (uint8_t*)XMALLOC(HW_SCE_ECDSA_DATA_BYTE_SIZE, NULL,
-                                                  DYNAMIC_TYPE_TEMP)) == NULL) {
+                                                  DYNAMIC_TYPE_TMP_BUFFER)) == NULL) {
         WOLFSSL_MSG("failed to malloc memory");
         return MEMORY_E;
     }
@@ -371,7 +371,7 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
 
     ret = fspsm_ServerKeyExVerify(2, ssl, sigforSCE, 64, ctx);
 
-    XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP);
+    XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (ret == WOLFSSL_SUCCESS) {
         *result = 1;
@@ -749,9 +749,9 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
         }
         else {
             key_client_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            ssl->heap, DYNAMIC_TYPE_AES);
             key_server_aes = (FSPSM_AES_PWKEY)XMALLOC(sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            ssl->heap, DYNAMIC_TYPE_AES);
             if (key_client_aes == NULL || key_server_aes == NULL) {
                 return MEMORY_E;
             }
@@ -790,7 +790,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
                 XMEMSET(enc->aes, 0, sizeof(Aes));
                 enc->aes->ctx.wrapped_key = (FSPSM_AES_PWKEY)XMALLOC
                                             (sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            ssl->heap, DYNAMIC_TYPE_AES);
                 if (enc->aes->ctx.wrapped_key == NULL)
                     return MEMORY_E;
             }
@@ -808,7 +808,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
 
                     dec->aes->ctx.wrapped_key = (FSPSM_AES_PWKEY)XMALLOC
                                             (sizeof(FSPSM_AES_WKEY),
-                                            aes->heap, DYNAMIC_TYPE_AE);
+                                            ssl->heap, DYNAMIC_TYPE_AES);
                     if (dec->aes->ctx.wrapped_key == NULL)
                         return MEMORY_E;
                     }
@@ -857,8 +857,8 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
             cbInfo->keyflgs_tls.bits.session_key_set = 1;
         }
 
-        XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES);
-        XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES);
+        XFREE(key_client_aes, ssl->heap, DYNAMIC_TYPE_AES);
+        XFREE(key_server_aes, ssl->heap, DYNAMIC_TYPE_AES);
 
         /* unlock hw */
         wc_fspsm_hw_unlock();
@@ -1019,7 +1019,7 @@ WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
                                 SCE_TLS_PUBLIC_KEY_TYPE_ECDSA_P256/*ECDSA*/) {
 
       if ((sigforSCE = (uint8_t*)XMALLOC(HW_SCE_ECDSA_DATA_BYTE_SIZE, NULL,
-                                                  DYNAMIC_TYPE_TEMP)) == NULL) {
+                                                  DYNAMIC_TYPE_TMP_BUFFER)) == NULL) {
         WOLFSSL_MSG("failed to malloc memory");
         return MEMORY_E;
       }
@@ -1071,7 +1071,7 @@ WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
         if (ret != FSP_SUCCESS) {
             WOLFSSL_MSG(" R_XXX_TlsCertificateVerification() failed");
         }
-        XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TEMP);
+        XFREE(sigforSCE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         wc_fspsm_hw_unlock();
     }
     else {
diff --git a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c
index caee3c2a3..d39e9de74 100644
--- a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c
+++ b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c
@@ -2,7 +2,7 @@
  *
  * Contributed by Johnson Controls Tyco IP Holdings LLP.
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c
index 72505868e..fc168bb4d 100644
--- a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c
@@ -2,7 +2,7 @@
  *
  * Contributed by Johnson Controls Tyco IP Holdings LLP.
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
index dc9bcd5f3..54dc6f5f8 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
@@ -1,6 +1,6 @@
 /* renesas_tsip_aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -100,9 +100,9 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
     e_tsip_err_t    err = TSIP_SUCCESS;
     TsipUserCtx*    tuc = NULL;
     e_tsip_tls13_cipher_suite_t cs;
-    word32  cipher[(AES_BLOCK_SIZE + TSIP_AES_GCM_AUTH_TAG_SIZE) /
+    word32  cipher[(WC_AES_BLOCK_SIZE + TSIP_AES_GCM_AUTH_TAG_SIZE) /
                                                              sizeof(word32)];
-    word32  plain[AES_BLOCK_SIZE / sizeof(word32)];
+    word32  plain[WC_AES_BLOCK_SIZE / sizeof(word32)];
     int             idxIn,idxOut;
     uint32_t        remain;
     uint32_t        dataSz, finalSz;
@@ -177,7 +177,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
 
         while (err == TSIP_SUCCESS && remain > 0) {
 
-            dataSz = min(remain, AES_BLOCK_SIZE);
+            dataSz = min(remain, WC_AES_BLOCK_SIZE);
             ForceZero(plain, sizeof(plain));
             ForceZero(cipher, sizeof(cipher));
             XMEMCPY(plain, input + idxIn, dataSz);
@@ -190,7 +190,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
                                     dataSz);
 
             if (err == TSIP_SUCCESS) {
-                if (dataSz >= AES_BLOCK_SIZE) {
+                if (dataSz >= WC_AES_BLOCK_SIZE) {
                     XMEMCPY(output + idxOut, cipher, dataSz);
                     idxOut += dataSz;
                 }
@@ -247,8 +247,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
     e_tsip_err_t    err = TSIP_SUCCESS;
     TsipUserCtx*    tuc = NULL;
     e_tsip_tls13_cipher_suite_t cs;
-    word32          cipher[AES_BLOCK_SIZE / sizeof(word32)];
-    word32          plain[AES_BLOCK_SIZE / sizeof(word32)];
+    word32          cipher[WC_AES_BLOCK_SIZE / sizeof(word32)];
+    word32          plain[WC_AES_BLOCK_SIZE / sizeof(word32)];
     int             idxIn,idxOut;
     int             blocks;
     uint32_t        remain,conRemain;
@@ -302,7 +302,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
         return CRYPTOCB_UNAVAILABLE;
 
 
-    blocks    = sz / AES_BLOCK_SIZE;
+    blocks    = sz / WC_AES_BLOCK_SIZE;
     remain    = sz;
     conRemain = sz - TSIP_AES_GCM_AUTH_TAG_SIZE;
 
@@ -326,9 +326,9 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
 
         while (err == TSIP_SUCCESS && (blocks--) >= 0) {
 
-            dataSz = min(remain, AES_BLOCK_SIZE);
+            dataSz = min(remain, WC_AES_BLOCK_SIZE);
             XMEMCPY(cipher, input + idxIn, dataSz);
-            ForceZero(plain, AES_BLOCK_SIZE);
+            ForceZero(plain, WC_AES_BLOCK_SIZE);
 
             err = R_TSIP_Tls13DecryptUpdate(
                                     &(tuc->handle13),
@@ -337,7 +337,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
                                     dataSz);
 
             if (err == TSIP_SUCCESS) {
-                if (dataSz >= AES_BLOCK_SIZE && conRemain >= AES_BLOCK_SIZE) {
+                if (dataSz >= WC_AES_BLOCK_SIZE && conRemain >= WC_AES_BLOCK_SIZE) {
                     XMEMCPY(output + idxOut, plain, dataSz);
                     idxOut += dataSz;
                     conRemain -= min(conRemain, dataSz);
@@ -472,7 +472,7 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
 {
     tsip_aes_handle_t _handle;
     int ret;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     uint32_t dataLength;
     byte *iv;
 
@@ -502,13 +502,13 @@ int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
     while (ret == TSIP_SUCCESS && blocks--) {
         if (aes->ctx.keySize == 16)
             ret = R_TSIP_Aes128CbcEncryptUpdate(&_handle, (uint8_t*)in,
-                                    (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                    (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
         else
             ret = R_TSIP_Aes256CbcEncryptUpdate(&_handle, (uint8_t*)in,
-                                    (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                    (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
 
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 
     if (ret == TSIP_SUCCESS) {
@@ -532,7 +532,7 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
 {
    tsip_aes_handle_t _handle;
     int ret;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
     uint32_t dataLength;
     byte *iv;
 
@@ -561,13 +561,13 @@ int wc_tsip_AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz)
 
         if (aes->ctx.keySize == 16)
             ret = R_TSIP_Aes128CbcDecryptUpdate(&_handle, (uint8_t*)in,
-                                        (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                        (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
         else
             ret = R_TSIP_Aes256CbcDecryptUpdate(&_handle, (uint8_t*)in,
-                                        (uint8_t*)out, (uint32_t)AES_BLOCK_SIZE);
+                                        (uint8_t*)out, (uint32_t)WC_AES_BLOCK_SIZE);
 
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 
     if (ret == TSIP_SUCCESS) {
@@ -660,8 +660,8 @@ int wc_tsip_AesGcmEncrypt(
 
     userCtx = (TsipUserCtx*)ctx;
 
-    /* buffer for cipher data output must be multiple of AES_BLOCK_SIZE */
-    cipherBufSz = ((sz / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE;
+    /* buffer for cipher data output must be multiple of WC_AES_BLOCK_SIZE */
+    cipherBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE;
 
     if ((ret = tsip_hw_lock()) == 0) {
 
@@ -754,7 +754,7 @@ int wc_tsip_AesGcmEncrypt(
             */
             dataLen = 0;
             err = finalFn(&hdl,
-                          cipherBuf + (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE,
+                          cipherBuf + (sz / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE,
                           &dataLen,
                           aTagBuf); /* aad of 16 bytes will be output */
 
@@ -859,8 +859,8 @@ int wc_tsip_AesGcmDecrypt(
 
     userCtx = (TsipUserCtx *)ctx;
 
-    /* buffer for plain data output must be multiple of AES_BLOCK_SIZE */
-    plainBufSz = ((sz / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE;
+    /* buffer for plain data output must be multiple of WC_AES_BLOCK_SIZE */
+    plainBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE;
 
     if ((ret = tsip_hw_lock()) == 0) {
 
@@ -950,7 +950,7 @@ int wc_tsip_AesGcmDecrypt(
             if (err == TSIP_SUCCESS) {
                 dataLen = 0;
                 err = finalFn(&hdl,
-                        plainBuf + (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE,
+                        plainBuf + (sz / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE,
                         &dataLen,
                         aTagBuf,
                         min(16, authTagSz)); /* TSIP accepts upto 16 byte */
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
index 13db2dba1..33bf4df8c 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
@@ -1,6 +1,6 @@
-/* renesas_sce_rsa.c
+/* renesas_tsip_rsa.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,8 +22,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #if !defined(NO_RSA) && \
-    (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
-     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
+     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 
 #include <string.h>
 #include <stdio.h>
@@ -39,75 +38,102 @@
 #include <wolfssl/wolfcrypt/rsa.h>
 #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
 
-#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+/* Make sure at least RSA 1024 or RSA 2048 is enabled */
+#if (defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 0) && \
+    (defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 0)
+    #error Please enable TSIP RSA 1024 or 2048. \
+This code assumes at least one is enabled
+#endif
+
 /* Make RSA key for TSIP and set it to callback ctx
  * Assumes to be called by Crypt Callback
  *
- * size   desired keylenth, in bits. supports 1024 or 2048 bits
+ * size   desired key length, in bits. supports 1024 or 2048 bits
  * ctx    Callback context including pointer to hold generated key
  * return TSIP_SUCCESS(0) on Success, otherwise negative value
  */
-WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
+int wc_tsip_MakeRsaKey(int size, void* ctx)
 {
     e_tsip_err_t     ret;
     TsipUserCtx     *info = (TsipUserCtx*)ctx;
-
+#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
     tsip_rsa1024_key_pair_index_t *tsip_pair1024_key = NULL;
+#endif
+#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
     tsip_rsa2048_key_pair_index_t *tsip_pair2048_key = NULL;
+#endif
 
     /* sanity check */
     if (ctx == NULL)
         return BAD_FUNC_ARG;
 
+
     if (size != 1024 && size != 2048) {
-        WOLFSSL_MSG("Failed to generate key pair by TSIP");
+        WOLFSSL_MSG("TSIP RSA KeyGen bit size not supported");
         return CRYPTOCB_UNAVAILABLE;
     }
+#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 0
+    if (size == 1024)
+        return CRYPTOCB_UNAVAILABLE;
+#endif
+#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 0
+    if (size == 2048)
+        return CRYPTOCB_UNAVAILABLE;
+#endif
 
     if ((ret = tsip_hw_lock()) == 0) {
         if (size == 1024) {
+#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
             tsip_pair1024_key =
-            (tsip_rsa1024_key_pair_index_t*)XMALLOC(
-                sizeof(tsip_rsa1024_key_pair_index_t), NULL,
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-            if (tsip_pair1024_key == NULL)
+                (tsip_rsa1024_key_pair_index_t*)XMALLOC(
+                    sizeof(tsip_rsa1024_key_pair_index_t), NULL,
+                    DYNAMIC_TYPE_RSA_BUFFER);
+            if (tsip_pair1024_key == NULL) {
+                tsip_hw_unlock();
                 return MEMORY_E;
-
+            }
             ret = R_TSIP_GenerateRsa1024RandomKeyIndex(tsip_pair1024_key);
+#endif
         }
         else if (size == 2048) {
+#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
             tsip_pair2048_key =
-            (tsip_rsa2048_key_pair_index_t*)XMALLOC(
-                sizeof(tsip_rsa2048_key_pair_index_t), NULL,
-                                                DYNAMIC_TYPE_RSA_BUFFER);
-            if (tsip_pair2048_key == NULL)
+                (tsip_rsa2048_key_pair_index_t*)XMALLOC(
+                    sizeof(tsip_rsa2048_key_pair_index_t), NULL,
+                    DYNAMIC_TYPE_RSA_BUFFER);
+            if (tsip_pair2048_key == NULL) {
+                tsip_hw_unlock();
                 return MEMORY_E;
-
+            }
             ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key);
+#endif
         }
-
         if (ret == TSIP_SUCCESS) {
             if (size == 1024) {
+#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
                 XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                 XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+
                 info->rsa1024pri_keyIdx =
-                (tsip_rsa1024_private_key_index_t*)XMALLOC(
-                    sizeof(tsip_rsa1024_private_key_index_t), NULL,
-                                                DYNAMIC_TYPE_RSA_BUFFER);
+                    (tsip_rsa1024_private_key_index_t*)XMALLOC(
+                        sizeof(tsip_rsa1024_private_key_index_t), NULL,
+                        DYNAMIC_TYPE_RSA_BUFFER);
 
                 if (info->rsa1024pri_keyIdx == NULL) {
                     XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                    tsip_hw_unlock();
                     return MEMORY_E;
                 }
 
                 info->rsa1024pub_keyIdx =
-                (tsip_rsa1024_public_key_index_t*)XMALLOC(
-                    sizeof(tsip_rsa1024_public_key_index_t), NULL,
-                                                DYNAMIC_TYPE_RSA_BUFFER);
+                    (tsip_rsa1024_public_key_index_t*)XMALLOC(
+                        sizeof(tsip_rsa1024_public_key_index_t), NULL,
+                        DYNAMIC_TYPE_RSA_BUFFER);
 
                 if (info->rsa1024pub_keyIdx == NULL) {
                     XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                     XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                    tsip_hw_unlock();
                     return MEMORY_E;
                 }
                 /* copy generated key pair and free malloced key */
@@ -121,17 +147,22 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
 
                 info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
                 info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
+                info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
+#endif
             }
             else if (size == 2048) {
+#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
                 XFREE(info->rsa2048pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                 XFREE(info->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+
                 info->rsa2048pri_keyIdx =
-                (tsip_rsa2048_private_key_index_t*)XMALLOC(
-                    sizeof(tsip_rsa2048_private_key_index_t), NULL,
-                                    DYNAMIC_TYPE_RSA_BUFFER);
+                    (tsip_rsa2048_private_key_index_t*)XMALLOC(
+                        sizeof(tsip_rsa2048_private_key_index_t), NULL,
+                        DYNAMIC_TYPE_RSA_BUFFER);
 
                 if (info->rsa2048pri_keyIdx == NULL) {
                     XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
+                    tsip_hw_unlock();
                     return MEMORY_E;
                 }
 
@@ -144,6 +175,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
                     XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                     XFREE(info->rsa2048pri_keyIdx, NULL,
                                     DYNAMIC_TYPE_RSA_BUFFER);
+                    tsip_hw_unlock();
                     return MEMORY_E;
                 }
 
@@ -158,30 +190,155 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
 
                 info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
                 info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
+                info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
+#endif
             }
         }
-
         tsip_hw_unlock();
     }
 
-
     return 0;
 }
 
+/* Generate TSIP key index if needed
+ *
+ * tuc    struct pointer of TsipUserCtx
+ * return FSP_SUCCESS(0) on Success, otherwise CRYPTOCB_UNAVAILABLE
+ */
+static int tsip_RsakeyImport(TsipUserCtx* tuc)
+{
+    int ret = 0;
 
+    switch (tuc->wrappedKeyType) {
+#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
+        case TSIP_KEY_TYPE_RSA1024:
+            if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
+                ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
+
+                WOLFSSL_MSG("tsip rsa private key 1024 not set");
+                if (ret != 0)
+                    ret = CRYPTOCB_UNAVAILABLE;
+
+            }
+            break;
+#endif
+#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
+        case TSIP_KEY_TYPE_RSA2048:
+            if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
+                ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
+
+                WOLFSSL_MSG("tsip rsa private key 2048 not set");
+                if (ret != 0)
+                    ret = CRYPTOCB_UNAVAILABLE;
+            }
+            break;
+#endif
+        default:
+            WOLFSSL_MSG("wrapped private key is not supported");
+            ret = CRYPTOCB_UNAVAILABLE;
+            break;
+    }
+
+    return ret;
+}
+
+/* Perform rsa encryption/decryption by TSIP
+ * Assumes to be called by Crypt Callback
+ *
+ * info struct pointer of wc_CryptoInfo including necessary info
+ * tuc  struct pointer of TsipUserCtx including TSIP key info
+ * return FSP_SUCCESS(0) on Success, otherwise negative value
+ */
+int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
+{
+    int ret;
+    int keySize;
+    int type;
+    tsip_rsa_byte_data_t plain, cipher;
+
+    if (info == NULL || tuc == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (tsip_RsakeyImport(tuc) == 0) {
+        type = info->pk.rsa.type;
+        keySize = (int)tuc->wrappedKeyType;
+
+        if ((ret = tsip_hw_lock()) == 0) {
+            if (type == RSA_PUBLIC_ENCRYPT ||
+                type == RSA_PUBLIC_DECRYPT)
+            {
+                plain.pdata = (uint8_t*)info->pk.rsa.in;
+                plain.data_length = info->pk.rsa.inLen;
+                cipher.pdata = (uint8_t*)info->pk.rsa.out;
+                cipher.data_length = *(info->pk.rsa.outLen);
+
+                switch (keySize) {
+#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
+                case TSIP_KEY_TYPE_RSA1024:
+                    ret = R_TSIP_RsaesPkcs1024Encrypt(&plain, &cipher,
+                            tuc->rsa1024pub_keyIdx);
+                    break;
+#endif
+#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
+                case TSIP_KEY_TYPE_RSA2048:
+                    ret = R_TSIP_RsaesPkcs2048Encrypt(&plain, &cipher,
+                            tuc->rsa2048pub_keyIdx);
+                    break;
+#endif
+                default:
+                    ret = CRYPTOCB_UNAVAILABLE;
+                }
+                if (ret == 0) {
+                    *(info->pk.rsa.outLen) = cipher.data_length;
+                }
+            }
+            else if (type == RSA_PRIVATE_DECRYPT ||
+                     type == RSA_PRIVATE_ENCRYPT)
+            {
+                plain.pdata = (uint8_t*)info->pk.rsa.out;
+                plain.data_length = *(info->pk.rsa.outLen);
+                cipher.pdata = (uint8_t*)info->pk.rsa.in;
+                cipher.data_length = info->pk.rsa.inLen;
+
+                switch (keySize) {
+#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
+                case TSIP_KEY_TYPE_RSA1024:
+                    ret = R_TSIP_RsaesPkcs1024Decrypt(&cipher, &plain,
+                            tuc->rsa1024pri_keyIdx);
+                    break;
+#endif
+#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
+                case TSIP_KEY_TYPE_RSA2048:
+                    ret = R_TSIP_RsaesPkcs2048Decrypt(&cipher, &plain,
+                            tuc->rsa2048pri_keyIdx);
+                    break;
+#endif
+                default:
+                    ret = CRYPTOCB_UNAVAILABLE;
+                }
+                if (ret == 0) {
+                    *(info->pk.rsa.outLen) = plain.data_length;
+                }
+            }
+            tsip_hw_unlock();
+        }
+    }
+
+    if (ret != 0) {
+        WOLFSSL_MSG("RSA key size is not supported (only 1024 or 2048 bits)");
+    }
+    return ret;
+}
 /* Perform Rsa verify by TSIP
  * Assumes to be called by Crypt Callback
  *
- * in     Buffer to hold plaintext
- * inLen  Length of plaintext in bytes
- * out    Buffer to hold generated signature
- * outLen Length of signature in bytes
- * key    rsa key object
- * ctx    The callback context
+ * info struct pointer of wc_CryptoInfo including necessary info
+ * tuc  struct pointer of TsipUserCtx including TSIP key info
  * return FSP_SUCCESS(0) on Success, otherwise negative value
  */
 
-WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
+int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 {
     int ret = 0;
     e_tsip_err_t    err = TSIP_SUCCESS;
@@ -204,43 +361,18 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
            ret = CRYPTOCB_UNAVAILABLE;
     }
 
-    switch (tuc->wrappedKeyType) {
-        case TSIP_KEY_TYPE_RSA1024:
-            if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
-                ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
-
-                WOLFSSL_MSG("tsip rsa private key 1024 not set");
-                if (ret != 0)
-                    ret = CRYPTOCB_UNAVAILABLE;
-
-            }
-            break;
-        case TSIP_KEY_TYPE_RSA2048:
-            if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
-                ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
-
-                WOLFSSL_MSG("tsip rsa private key 2048 not set");
-                if (ret != 0)
-                    ret = CRYPTOCB_UNAVAILABLE;
-            }
-            break;
-        default:
-            WOLFSSL_MSG("wrapped private key is not supported");
-            ret = CRYPTOCB_UNAVAILABLE;
-            break;
-    }
-
-    if (ret == 0) {
-        hashData.pdata = (uint8_t*)info->pk.rsa.in;
-        hashData.data_length = info->pk.rsa.inLen;
+    if (tsip_RsakeyImport(tuc) == 0) {
+        hashData.pdata = (uint8_t*)info->pk.rsa.out;
+        hashData.data_length = *(info->pk.rsa.outLen);
         hashData.data_type =
             tuc->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
 
-        sigData.pdata = (uint8_t*)info->pk.rsa.out;
-        sigData.data_length = info->pk.rsa.outLen;
+        sigData.pdata = (uint8_t*)info->pk.rsa.in;
+        sigData.data_length = info->pk.rsa.inLen;
 
         if ((ret = tsip_hw_lock()) == 0) {
             switch (tuc->wrappedKeyType) {
+#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
                 case TSIP_KEY_TYPE_RSA1024:
                     err = R_TSIP_RsassaPkcs1024SignatureVerification(&sigData,
                             &hashData,
@@ -257,6 +389,8 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
                         ret = WC_HW_E;
                     }
                     break;
+#endif
+#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
                 case TSIP_KEY_TYPE_RSA2048:
                     err = R_TSIP_RsassaPkcs2048SignatureVerification(&sigData,
                             &hashData,
@@ -273,6 +407,9 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
                         ret = WC_HW_E;
                     }
                     break;
+#endif
+                default:
+                    ret = CRYPTOCB_UNAVAILABLE;
             }
             tsip_hw_unlock();
         }
@@ -280,6 +417,4 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 
     return ret;
 }
-#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
-#endif /* WOLFSSL_RENESAS_TSIP_TLS || \
-          WOLFSSL_RENESAS_TSIP_CRYPTONLY */
+#endif /* !NO_RSA && WOLFSSL_RENESAS_TSIP_CRYPTONLY */
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
index a12c1ebcf..f85553834 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
@@ -1,6 +1,6 @@
 /* renesas_tsip_sha.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,23 +18,25 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#include <string.h>
-#include <stdio.h>
 
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
+
+#if !defined(NO_SHA) || !defined(NO_SHA256)
+#include <string.h>
+#include <stdio.h>
+
 #include <wolfssl/internal.h>
+#include <wolfssl/wolfcrypt/logging.h>
+
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
     #define WOLFSSL_MISC_INCLUDED
     #include <wolfcrypt/src/misc.c>
 #endif
-#if !defined(NO_SHA) || !defined(NO_SHA256)
-
-#include <wolfssl/wolfcrypt/logging.h>
 
 #if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
      defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
index 579e7333f..c19a21556 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
@@ -1,6 +1,6 @@
 /* renesas_tsip_util.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -1679,7 +1679,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
     }
 
     if (ret == 0) {
-        ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
+        ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
     }
 
     if (ret == 0) {
@@ -1702,7 +1702,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
     }
 
     if (ret == 0) {
-        recordSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA * 2;
+        recordSz = WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA * 2;
         /* check for available size */
         ret = CheckAvailableSize(ssl, recordSz);
         recordSz = 0;
@@ -1749,11 +1749,11 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
 
     if (ret == 0) {
         if (isRsa) {
-            ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
+            ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
         }
         else {
 #if defined(WOLFSSL_CHECK_SIG_FAULTS)
-            ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
+            ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
 #endif
         }
     }
@@ -2301,7 +2301,7 @@ static byte _tls2tsipdef(byte cipher)
  *   TSIP_KEY_TYPE_ECDSAP256   ecdsa p256r1 key
  *   TSIP_KEY_TYPE_ECDSAP384   ecdsa p384r1 key
  */
-static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
+int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
 {
     int          ret = 0;
     e_tsip_err_t err = TSIP_SUCCESS;
@@ -2309,7 +2309,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
     uint8_t* iv               = g_user_key_info.iv;
     uint8_t* encPrivKey;
 
-    WOLFSSL_ENTER("tsipImportPrivateKey");
+    WOLFSSL_ENTER("tsip_ImportPrivateKey");
 
     if (tuc == NULL)
         return BAD_FUNC_ARG;
@@ -2377,7 +2377,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
     else {
         WOLFSSL_MSG("mutex locking error");
     }
-    WOLFSSL_LEAVE("tsipImportPrivateKey", ret);
+    WOLFSSL_LEAVE("tsip_ImportPrivateKey", ret);
     return ret;
 }
 
@@ -2393,7 +2393,7 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
  *   TSIP_KEY_TYPE_ECDSAP256   ecdsa p256r1 key
  *   TSIP_KEY_TYPE_ECDSAP384   ecdsa p384r1 key
  */
-WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
+WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
 {
     int          ret = 0;
     e_tsip_err_t err = TSIP_SUCCESS;
@@ -2401,7 +2401,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
     uint8_t* iv               = g_user_key_info.iv;
     uint8_t* encPubKey;
 
-    WOLFSSL_ENTER("tsipImportPublicKey");
+    WOLFSSL_ENTER("tsip_ImportPublicKey");
 
     if (tuc == NULL ) {
         return BAD_FUNC_ARG;
@@ -2425,6 +2425,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
         switch (keyType) {
 
         #if !defined(NO_RSA)
+        #if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
             case TSIP_KEY_TYPE_RSA2048:
             #if defined(WOLFSSL_RENESAS_TSIP_TLS)
                 tuc->ClientRsa2048PubKey_set = 0;
@@ -2458,7 +2459,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
                     ret = WC_HW_E;
                 }
                 break;
-
+        #endif /* TSIP_RSAES_2048 */
             case TSIP_KEY_TYPE_RSA4096:
                 /* not supported as of TSIPv1.15 */
                 ret = CRYPTOCB_UNAVAILABLE;
@@ -2515,7 +2516,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
     else {
         WOLFSSL_MSG("mutex locking error");
     }
-    WOLFSSL_LEAVE("tsipImportPublicKey", ret);
+    WOLFSSL_LEAVE("tsip_ImportPublicKey", ret);
     return ret;
 }
 
@@ -3015,13 +3016,25 @@ int wc_tsip_ShaXHmacVerify(
     }
     wrapped_key = ssl->keys.tsip_server_write_MAC_secret;
 
-    if (wrapped_key.type == TSIP_KEY_INDEX_TYPE_HMAC_SHA1_FOR_TLS) {
+    if (wrapped_key.type ==
+#if (WOLFSSL_RENESAS_TSIP_VER >= 121)
+        TSIP_KEY_INDEX_TYPE_TLS_SERVER_HMAC_SHA1_FOR_CLIENT
+#else
+        TSIP_KEY_INDEX_TYPE_HMAC_SHA1_FOR_TLS
+#endif
+     ){
         WOLFSSL_MSG("perform Sha1-Hmac verification");
         initFn   = R_TSIP_Sha1HmacVerifyInit;
         updateFn = R_TSIP_Sha1HmacVerifyUpdate;
         finalFn  = R_TSIP_Sha1HmacVerifyFinal;
     }
-    else if (wrapped_key.type == TSIP_KEY_INDEX_TYPE_HMAC_SHA256_FOR_TLS) {
+    else if (wrapped_key.type ==
+#if (WOLFSSL_RENESAS_TSIP_VER >= 121)
+        TSIP_KEY_INDEX_TYPE_TLS_SERVER_HMAC_SHA256_FOR_CLIENT
+#else
+        TSIP_KEY_INDEX_TYPE_HMAC_SHA256_FOR_TLS
+#endif
+    ) {
         WOLFSSL_MSG("perform Sha256-Hmac verification");
         initFn   = R_TSIP_Sha256HmacVerifyInit;
         updateFn = R_TSIP_Sha256HmacVerifyUpdate;
@@ -3620,6 +3633,7 @@ int wc_tsip_tls_RootCertVerify(
     return ret;
 }
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
+
 #if !defined(NO_RSA)
 /*  Perform signing with the client's RSA private key on hash value of messages
  *  exchanged with server.
@@ -3634,7 +3648,7 @@ int wc_tsip_tls_RootCertVerify(
  *   0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
  *
  */
-WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
+int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 {
     int ret = 0;
     e_tsip_err_t    err = TSIP_SUCCESS;
@@ -3664,7 +3678,7 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 
     if (ret == 0) {
         /* import private key_index from wrapped key */
-        ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
+        ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
     }
 
     if (ret == 0) {
@@ -3692,18 +3706,22 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
     }
 
     switch (tuc->wrappedKeyType) {
+#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
         case TSIP_KEY_TYPE_RSA1024:
             if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) {
                 WOLFSSL_MSG("tsip rsa private key 1024 not set");
                     ret = CRYPTOCB_UNAVAILABLE;
             }
             break;
+#endif
+#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
         case TSIP_KEY_TYPE_RSA2048:
             if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) {
                 WOLFSSL_MSG("tsip rsa private key 2048 not set");
                     ret = CRYPTOCB_UNAVAILABLE;
             }
             break;
+#endif
         default:
             WOLFSSL_MSG("wrapped private key is not supported");
             ret = CRYPTOCB_UNAVAILABLE;
@@ -3712,21 +3730,21 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 #endif
 
     if (ret == 0) {
-       #ifdef WOLFSSL_RENESAS_TSIP_TLS
+    #ifdef WOLFSSL_RENESAS_TSIP_TLS
         hashData.pdata      = (uint8_t*)ssl->buffers.digest.buffer;
         hashData.data_type  = 1;
         sigData.pdata       = (uint8_t*)info->pk.rsa.in;
         sigData.data_length = 0; /* signature size will be returned here */
-       #else
+    #else
         hashData.pdata      = (uint8_t*)info->pk.rsa.in;
         hashData.data_length= info->pk.rsa.inLen;
         hashData.data_type  = tuc->keyflgs_crypt.bits.message_type;
         sigData.pdata       = (uint8_t*)info->pk.rsa.out;
         sigData.data_length = 0;
-       #endif
+    #endif
         if ((ret = tsip_hw_lock()) == 0) {
             switch (tuc->wrappedKeyType) {
-            #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
+#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
                 case TSIP_KEY_TYPE_RSA1024:
                     err = R_TSIP_RsassaPkcs1024SignatureGenerate(
                                                 &hashData, &sigData,
@@ -3738,9 +3756,9 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
                         ret = WC_HW_E;
                     }
                     break;
-            #endif
+#endif
+#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
                 case TSIP_KEY_TYPE_RSA2048:
-
                     err = R_TSIP_RsassaPkcs2048SignatureGenerate(
                                                 &hashData, &sigData,
                                    #ifdef WOLFSSL_RENESAS_TSIP_TLS
@@ -3754,8 +3772,9 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
                     if (err != TSIP_SUCCESS) {
                         ret = WC_HW_E;
                     }
+                    *(info->pk.rsa.outLen) = sigData.data_length;
                     break;
-
+#endif
                 case TSIP_KEY_TYPE_RSA4096:
                     ret = CRYPTOCB_UNAVAILABLE;
                     break;
@@ -3813,7 +3832,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
 
     if (ret == 0) {
         /* import public key_index from wrapped key */
-        ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
+        ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
     }
 
     if (ret == 0) {
@@ -3836,7 +3855,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
         if ((ret = tsip_hw_lock()) == 0) {
 
             switch (tuc->wrappedKeyType) {
-
+#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
                 case TSIP_KEY_TYPE_RSA2048:
                     sigData.data_length = 256;
                     err = R_TSIP_RsassaPkcs2048SignatureVerification(
@@ -3854,7 +3873,7 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
                         ret = WC_HW_E;
                     }
                     break;
-
+#endif
                 case TSIP_KEY_TYPE_RSA4096:
                     ret = CRYPTOCB_UNAVAILABLE;
                     break;
@@ -3923,7 +3942,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
 
     if (ret == 0) {
         /* import private key_index from wrapped key */
-        ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
+        ret = tsip_ImportPrivateKey(tuc, tuc->wrappedKeyType);
     }
 
     if (ret == 0) {
@@ -4049,7 +4068,7 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
 
     if (ret == 0) {
         /* import public key_index from wrapped key */
-        ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
+        ret = tsip_ImportPublicKey(tuc, tuc->wrappedKeyType);
     }
 
     if (ret == 0) {
diff --git a/wolfcrypt/src/port/af_alg/afalg_aes.c b/wolfcrypt/src/port/af_alg/afalg_aes.c
index 3fd902360..fc7bb2fbc 100644
--- a/wolfcrypt/src/port/af_alg/afalg_aes.c
+++ b/wolfcrypt/src/port/af_alg/afalg_aes.c
@@ -1,6 +1,6 @@
 /* afalg_aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,20 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if !defined(NO_AES) && (defined(WOLFSSL_AFALG) || \
                          defined(WOLFSSL_AFALG_XILINX_AES))
 
 #include <wolfssl/wolfcrypt/aes.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/af_alg/wc_afalg.h>
 
 #include <sys/uio.h> /* for readv */
@@ -177,7 +169,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
         }
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -190,8 +182,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             }
         }
 
-        sz = sz - (sz % AES_BLOCK_SIZE);
-        if ((sz / AES_BLOCK_SIZE) > 0) {
+        sz = sz - (sz % WC_AES_BLOCK_SIZE);
+        if ((sz / WC_AES_BLOCK_SIZE) > 0) {
             /* update IV */
             cmsg = CMSG_FIRSTHDR(&(aes->msg));
             ret = wc_Afalg_SetIv(CMSG_NXTHDR(&(aes->msg), cmsg),
@@ -218,7 +210,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             }
 
             /* set IV for next CBC call */
-            XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         }
 
         return 0;
@@ -235,7 +227,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             return BAD_FUNC_ARG;
         }
 
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             return BAD_LENGTH_E;
 #else
@@ -250,7 +242,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             }
         }
 
-        if ((sz / AES_BLOCK_SIZE) > 0) {
+        if ((sz / WC_AES_BLOCK_SIZE) > 0) {
             /* update IV */
             cmsg = CMSG_FIRSTHDR(&(aes->msg));
             ret = wc_Afalg_SetIv(CMSG_NXTHDR(&(aes->msg), cmsg),
@@ -267,7 +259,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             aes->msg.msg_iovlen = 1; /* # of iov structures */
 
             /* set IV for next CBC call */
-            XMEMCPY(aes->reg, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
             ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0);
             if (ret < 0) {
@@ -336,13 +328,13 @@ static int wc_Afalg_AesDirect(Aes* aes, byte* out, const byte* in, word32 sz)
 #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AFALG)
 int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return wc_Afalg_AesDirect(aes, out, in, AES_BLOCK_SIZE);
+    return wc_Afalg_AesDirect(aes, out, in, WC_AES_BLOCK_SIZE);
 }
 
 
 int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return wc_Afalg_AesDirect(aes, out, in, AES_BLOCK_SIZE);
+    return wc_Afalg_AesDirect(aes, out, in, WC_AES_BLOCK_SIZE);
 }
 
 
@@ -363,7 +355,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
         {
             /* in network byte order so start at end and work back */
             int i;
-            for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+            for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
                 if (++inOutCtr[i])  /* we're done unless we overflow */
                     return;
             }
@@ -381,7 +373,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
             }
 
             /* consume any unused bytes left in aes->tmp */
-            tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+            tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
             while (aes->left && sz) {
                *(out++) = *(in++) ^ *(tmp++);
                aes->left--;
@@ -397,11 +389,11 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
             }
 
             if (sz > 0) {
-                aes->left = sz % AES_BLOCK_SIZE;
+                aes->left = sz % WC_AES_BLOCK_SIZE;
 
                 /* clear previously leftover data */
                 tmp = (byte*)aes->tmp;
-                XMEMSET(tmp, 0, AES_BLOCK_SIZE);
+                XMEMSET(tmp, 0, WC_AES_BLOCK_SIZE);
 
                 /* update IV */
                 cmsg = CMSG_FIRSTHDR(&(aes->msg));
@@ -419,7 +411,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
                 iov[1].iov_base = tmp;
                 if (aes->left > 0) {
                     XMEMCPY(tmp, in + sz - aes->left, aes->left);
-                    iov[1].iov_len  = AES_BLOCK_SIZE;
+                    iov[1].iov_len  = WC_AES_BLOCK_SIZE;
                 }
                 else {
                     iov[1].iov_len  = 0;
@@ -440,7 +432,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
 
                 iov[1].iov_base = tmp;
                 if (aes->left > 0) {
-                    iov[1].iov_len  = AES_BLOCK_SIZE;
+                    iov[1].iov_len  = WC_AES_BLOCK_SIZE;
                 }
                 else {
                     iov[1].iov_len  = 0;
@@ -453,14 +445,14 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
 
                 if (aes->left > 0) {
                     XMEMCPY(out + sz - aes->left, tmp, aes->left);
-                    aes->left = AES_BLOCK_SIZE - aes->left;
+                    aes->left = WC_AES_BLOCK_SIZE - aes->left;
                 }
             }
 
             /* adjust counter after call to hardware */
-            while (sz >= AES_BLOCK_SIZE) {
+            while (sz >= WC_AES_BLOCK_SIZE) {
                 IncrementAesCounter((byte*)aes->reg);
-                sz  -= AES_BLOCK_SIZE;
+                sz  -= WC_AES_BLOCK_SIZE;
             }
 
             if (aes->left > 0) {
@@ -566,10 +558,10 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     struct iovec    iov[3];
     int ret;
     struct msghdr* msg;
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
 
     /* argument checks */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
@@ -639,7 +631,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         #ifndef NO_WOLFSSL_ALLOC_ALIGN
             byte* tmp_align;
             tmp = (byte*)XMALLOC(sz + WOLFSSL_XILINX_ALIGN +
-                    AES_BLOCK_SIZE, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                    WC_AES_BLOCK_SIZE, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
             if (tmp == NULL) {
                 return MEMORY_E;
             }
@@ -655,7 +647,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         else {
             iov[0].iov_base = (byte*)in;
         }
-        iov[0].iov_len  = sz + AES_BLOCK_SIZE;
+        iov[0].iov_len  = sz + WC_AES_BLOCK_SIZE;
 
         msg->msg_iov    = iov;
         msg->msg_iovlen = 1; /* # of iov structures */
@@ -668,7 +660,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
             return WC_AFALG_SOCK_E;
         }
 
-        ret = read(aes->rdFd, out, sz + AES_BLOCK_SIZE);
+        ret = read(aes->rdFd, out, sz + WC_AES_BLOCK_SIZE);
         if (ret < 0) {
             return WC_AFALG_SOCK_E;
         }
@@ -677,10 +669,10 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
     /* handle completing tag with using software if additional data added */
     if (authIn != NULL && authInSz > 0) {
-        byte initalCounter[AES_BLOCK_SIZE];
-        XMEMSET(initalCounter, 0, AES_BLOCK_SIZE);
+        byte initalCounter[WC_AES_BLOCK_SIZE];
+        XMEMSET(initalCounter, 0, WC_AES_BLOCK_SIZE);
         XMEMCPY(initalCounter, iv, ivSz);
-        initalCounter[AES_BLOCK_SIZE - 1] = 1;
+        initalCounter[WC_AES_BLOCK_SIZE - 1] = 1;
         GHASH(&aes->gcm, authIn, authInSz, out, sz, authTag, authTagSz);
         ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
         if (ret < 0) {
@@ -756,19 +748,19 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     struct cmsghdr* cmsg;
     struct msghdr* msg;
     struct iovec    iov[3];
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     int ret;
 #ifdef WOLFSSL_AFALG_XILINX_AES
     byte* tag = (byte*)authTag;
-    byte buf[AES_BLOCK_SIZE];
-    byte initalCounter[AES_BLOCK_SIZE];
+    byte buf[WC_AES_BLOCK_SIZE];
+    byte initalCounter[WC_AES_BLOCK_SIZE];
 #ifndef NO_WOLFSSL_ALLOC_ALIGN
     byte* tmp = NULL;
 #endif
 #endif
 
     /* argument checks */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
@@ -830,33 +822,33 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     /* check for and handle additional data */
     if (authIn != NULL && authInSz > 0) {
 
-        XMEMSET(initalCounter, 0, AES_BLOCK_SIZE);
+        XMEMSET(initalCounter, 0, WC_AES_BLOCK_SIZE);
         XMEMCPY(initalCounter, iv, ivSz);
-        initalCounter[AES_BLOCK_SIZE - 1] = 1;
+        initalCounter[WC_AES_BLOCK_SIZE - 1] = 1;
         tag = buf;
-        GHASH(&aes->gcm, NULL, 0, in, sz, tag, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, in, sz, tag, WC_AES_BLOCK_SIZE);
         ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
         if (ret < 0)
             return ret;
-        xorbuf(tag, scratch, AES_BLOCK_SIZE);
+        xorbuf(tag, scratch, WC_AES_BLOCK_SIZE);
         if (ret != 0) {
             return AES_GCM_AUTH_E;
         }
     }
 
     /* it is assumed that in buffer size is large enough to hold TAG */
-    XMEMCPY((byte*)in + sz, tag, AES_BLOCK_SIZE);
+    XMEMCPY((byte*)in + sz, tag, WC_AES_BLOCK_SIZE);
     if ((wc_ptr_t)in % WOLFSSL_XILINX_ALIGN) {
     #ifndef NO_WOLFSSL_ALLOC_ALIGN
         byte* tmp_align;
         tmp = (byte*)XMALLOC(sz + WOLFSSL_XILINX_ALIGN +
-                AES_BLOCK_SIZE, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                WC_AES_BLOCK_SIZE, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp == NULL) {
             return MEMORY_E;
         }
         tmp_align = tmp + (WOLFSSL_XILINX_ALIGN -
                 ((size_t)tmp % WOLFSSL_XILINX_ALIGN));
-        XMEMCPY(tmp_align, in, sz + AES_BLOCK_SIZE);
+        XMEMCPY(tmp_align, in, sz + WC_AES_BLOCK_SIZE);
         iov[0].iov_base = tmp_align;
     #else
         WOLFSSL_MSG("Buffer expected to be word aligned");
@@ -866,7 +858,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     else {
         iov[0].iov_base = (byte*)in;
     }
-    iov[0].iov_len = sz + AES_BLOCK_SIZE;
+    iov[0].iov_len = sz + WC_AES_BLOCK_SIZE;
 
     msg->msg_iov = iov;
     msg->msg_iovlen = 1;
@@ -879,18 +871,18 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return WC_AFALG_SOCK_E;
     }
 
-    ret = read(aes->rdFd, out, sz + AES_BLOCK_SIZE);
+    ret = read(aes->rdFd, out, sz + WC_AES_BLOCK_SIZE);
     if (ret < 0) {
         return AES_GCM_AUTH_E;
     }
 
     /* check on tag */
     if (authIn != NULL && authInSz > 0) {
-        GHASH(&aes->gcm, authIn, authInSz, in, sz, tag, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, authIn, authInSz, in, sz, tag, WC_AES_BLOCK_SIZE);
         ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
         if (ret < 0)
             return ret;
-        xorbuf(tag, scratch, AES_BLOCK_SIZE);
+        xorbuf(tag, scratch, WC_AES_BLOCK_SIZE);
         if (ConstantCompare(tag, authTag, authTagSz) != 0) {
             return AES_GCM_AUTH_E;
         }
diff --git a/wolfcrypt/src/port/af_alg/afalg_hash.c b/wolfcrypt/src/port/af_alg/afalg_hash.c
index c14dfb0ee..42f3e7a4e 100644
--- a/wolfcrypt/src/port/af_alg/afalg_hash.c
+++ b/wolfcrypt/src/port/af_alg/afalg_hash.c
@@ -1,6 +1,6 @@
 /* afalg_hash.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,18 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_AFALG_HASH) || (defined(WOLFSSL_AFALG_XILINX_SHA3) \
         && defined(WOLFSSL_SHA3))
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/af_alg/wc_afalg.h>
 #include <wolfssl/wolfcrypt/port/af_alg/afalg_hash.h>
 
diff --git a/wolfcrypt/src/port/af_alg/wc_afalg.c b/wolfcrypt/src/port/af_alg/wc_afalg.c
index b278d1f7d..6aba8a021 100644
--- a/wolfcrypt/src/port/af_alg/wc_afalg.c
+++ b/wolfcrypt/src/port/af_alg/wc_afalg.c
@@ -1,6 +1,6 @@
 /* wc_afalg.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX)
 
diff --git a/wolfcrypt/src/port/aria/aria-crypt.c b/wolfcrypt/src/port/aria/aria-crypt.c
index 0dd20b0c8..1568f4e7f 100644
--- a/wolfcrypt/src/port/aria/aria-crypt.c
+++ b/wolfcrypt/src/port/aria/aria-crypt.c
@@ -1,6 +1,6 @@
 /* aria-crypt.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/aria/aria-cryptocb.c b/wolfcrypt/src/port/aria/aria-cryptocb.c
index cd9ed7437..d88683fd5 100644
--- a/wolfcrypt/src/port/aria/aria-cryptocb.c
+++ b/wolfcrypt/src/port/aria/aria-cryptocb.c
@@ -1,6 +1,6 @@
 /* aria-cryptocb.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -558,8 +558,10 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key,
                         (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)))
                         ret = wc_AriaFree(&(info->hash.sha256->hSession),NULL);
                 }
-                if (ret != 0)
+                if (ret != 0) {
+                    wc_AriaFree(&(info->hash.sha256->hSession),NULL);
                     ret = CRYPTOCB_UNAVAILABLE;
+                }
                 /* reset devId */
                 info->hash.sha256->devId = devIdArg;
             }
@@ -590,7 +592,10 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key,
                         ret = wc_AriaFree(&(info->hash.sha384->hSession),NULL);
                     }
                 }
-                if (ret != 0) ret = CRYPTOCB_UNAVAILABLE;
+                if (ret != 0) {
+                    wc_AriaFree(&(info->hash.sha384->hSession),NULL);
+                    ret = CRYPTOCB_UNAVAILABLE;
+                }
                 /* reset devId */
                 info->hash.sha384->devId = devIdArg;
             }
diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
index 345f19408..b331e293a 100644
--- a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
@@ -1,6 +1,6 @@
 /* armv8-32-aes-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,14 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./aes/aes.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
+ *   ruby ./aes/aes.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
 #ifndef NO_AES
 #ifdef HAVE_AES_DECRYPT
@@ -296,7 +294,9 @@ L_AES_ARM32_td_data:
 	.word	0x74486c5c
 	.word	0x42d0b857
 #endif /* HAVE_AES_DECRYPT */
-#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \
+    defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
 	.text
 	.type	L_AES_ARM32_te_data, %object
 	.size	L_AES_ARM32_te_data, 1024
@@ -558,7 +558,8 @@ L_AES_ARM32_te_data:
 	.word	0xfca85454
 	.word	0xd66dbbbb
 	.word	0x3a2c1616
-#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM ||
+        * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
 	.text
 	.type	L_AES_ARM32_td, %object
@@ -567,14 +568,17 @@ L_AES_ARM32_te_data:
 L_AES_ARM32_td:
 	.word	L_AES_ARM32_td_data
 #endif /* HAVE_AES_DECRYPT */
-#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \
+    defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
 	.text
 	.type	L_AES_ARM32_te, %object
 	.size	L_AES_ARM32_te, 12
 	.align	4
 L_AES_ARM32_te:
 	.word	L_AES_ARM32_te_data
-#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM ||
+        * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
 	.text
 	.align	4
@@ -807,8 +811,7 @@ AES_set_encrypt_key:
 	cmp	r1, #0xc0
 	beq	L_AES_set_encrypt_key_start_192
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -1037,8 +1040,7 @@ L_AES_set_encrypt_key_loop_256:
 	b	L_AES_set_encrypt_key_end
 L_AES_set_encrypt_key_start_192:
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -1202,8 +1204,7 @@ L_AES_set_encrypt_key_loop_192:
 	b	L_AES_set_encrypt_key_end
 L_AES_set_encrypt_key_start_128:
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -1937,7 +1938,8 @@ L_AES_encrypt_block_nr:
 	eor	r7, r7, r11
 	pop	{pc}
 	.size	AES_encrypt_block,.-AES_encrypt_block
-#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
 	.text
 	.type	L_AES_ARM32_te_ecb, %object
 	.size	L_AES_ARM32_te_ecb, 12
@@ -2177,7 +2179,8 @@ L_AES_ECB_encrypt_end:
 	pop	{r3}
 	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	.size	AES_ECB_encrypt,.-AES_ECB_encrypt
-#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT ||
+        * WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_CBC
 	.text
 	.type	L_AES_ARM32_te_cbc, %object
@@ -2693,7 +2696,8 @@ L_AES_CTR_encrypt_end:
 	.size	AES_CTR_encrypt,.-AES_CTR_encrypt
 #endif /* WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CBC)
+    #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \
+        defined(HAVE_AES_CBC)
 	.text
 	.align	4
 	.globl	AES_decrypt_block
@@ -3843,13 +3847,13 @@ L_AES_ECB_decrypt_end:
 	.type	AES_CBC_decrypt, %function
 AES_CBC_decrypt:
 	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
-	ldr	r8, [sp, #36]
-	ldr	r4, [sp, #40]
 	mov	lr, r0
 	adr	r0, L_AES_ARM32_td_ecb
 	ldr	r0, [r0]
 	mov	r12, r2
 	adr	r2, L_AES_ARM32_td4
+	ldr	r8, [sp, #36]
+	ldr	r4, [sp, #40]
 	push	{r3, r4}
 	cmp	r8, #10
 	beq	L_AES_CBC_decrypt_loop_block_128
@@ -3951,8 +3955,7 @@ L_AES_CBC_decrypt_loop_block_256:
 	ldr	r7, [lr, #12]
 	ldr	lr, [sp, #16]
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [lr]
-	str	r5, [lr, #4]
+	stm	lr, {r4, r5}
 #else
 	strd	r4, r5, [lr]
 #endif
@@ -4140,8 +4143,7 @@ L_AES_CBC_decrypt_loop_block_192:
 	ldr	r7, [lr, #12]
 	ldr	lr, [sp, #16]
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [lr]
-	str	r5, [lr, #4]
+	stm	lr, {r4, r5}
 #else
 	strd	r4, r5, [lr]
 #endif
@@ -4329,8 +4331,7 @@ L_AES_CBC_decrypt_loop_block_128:
 	ldr	r7, [lr, #12]
 	ldr	lr, [sp, #16]
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [lr]
-	str	r5, [lr, #4]
+	stm	lr, {r4, r5}
 #else
 	strd	r4, r5, [lr]
 #endif
@@ -4437,8 +4438,7 @@ L_AES_CBC_decrypt_end_odd:
 	ldrd	r10, r11, [r4, #24]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r8, [r4]
-	str	r9, [r4, #4]
+	stm	r4, {r8, r9}
 #else
 	strd	r8, r9, [r4]
 #endif
@@ -5304,7 +5304,7 @@ L_AES_GCM_encrypt_end:
 	.size	AES_GCM_encrypt,.-AES_GCM_encrypt
 #endif /* HAVE_AESGCM */
 #endif /* !NO_AES */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
index f8ba89ac0..199a4fe5f 100644
--- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-aes-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,41 +21,38 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./aes/aes.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.c
+ *   ruby ./aes/aes.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.c
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
 #endif /* __IAR_SYSTEMS_ICC__ */
 #ifdef __KEIL__
 #define __asm__        __asm
 #define __volatile__   volatile
 #endif /* __KEIL__ */
+#ifdef __ghs__
+#define __asm__        __asm
+#define __volatile__
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __ghs__ */
 #ifndef NO_AES
 #include <wolfssl/wolfcrypt/aes.h>
 
 #ifdef HAVE_AES_DECRYPT
-static const uint32_t L_AES_ARM32_td_data[] = {
+static const word32 L_AES_ARM32_td_data[] = {
     0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
     0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
     0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
@@ -123,8 +120,10 @@ static const uint32_t L_AES_ARM32_td_data[] = {
 };
 
 #endif /* HAVE_AES_DECRYPT */
-#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t L_AES_ARM32_te_data[] = {
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \
+    defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+static const word32 L_AES_ARM32_te_data[] = {
     0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
     0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
     0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b,
@@ -191,21 +190,36 @@ static const uint32_t L_AES_ARM32_te_data[] = {
     0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616,
 };
 
-#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM ||
+        * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-static const uint32_t* L_AES_ARM32_td = L_AES_ARM32_td_data;
+static const word32* L_AES_ARM32_td = L_AES_ARM32_td_data;
 #endif /* HAVE_AES_DECRYPT */
-#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t* L_AES_ARM32_te = L_AES_ARM32_te_data;
-#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \
+    defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+static const word32* L_AES_ARM32_te = L_AES_ARM32_te_data;
+#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM ||
+        * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-void AES_invert_key(unsigned char* ks, word32 rounds);
+void AES_invert_key(unsigned char* ks_p, word32 rounds_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void AES_invert_key(unsigned char* ks_p, word32 rounds_p)
+#else
+void AES_invert_key(unsigned char* ks, word32 rounds)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register unsigned char* ks asm ("r0") = (unsigned char*)ks_p;
     register word32 rounds asm ("r1") = (word32)rounds_p;
-    register uint32_t* L_AES_ARM32_te_c asm ("r2") = (uint32_t*)L_AES_ARM32_te;
-    register uint32_t* L_AES_ARM32_td_c asm ("r3") = (uint32_t*)L_AES_ARM32_td;
+    register word32* L_AES_ARM32_te_c asm ("r2") = (word32*)L_AES_ARM32_te;
+    register word32* L_AES_ARM32_td_c asm ("r3") = (word32*)L_AES_ARM32_td;
+#else
+    register word32* L_AES_ARM32_te_c = (word32*)L_AES_ARM32_te;
+
+    register word32* L_AES_ARM32_td_c = (word32*)L_AES_ARM32_td;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "mov	r12, %[L_AES_ARM32_te]\n\t"
@@ -401,27 +415,52 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p)
         "str	r8, [%[ks]], #4\n\t"
         "subs	r11, r11, #1\n\t"
         "bne	L_AES_invert_key_mix_loop_%=\n\t"
-        : [ks] "+r" (ks), [rounds] "+r" (rounds), [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), [L_AES_ARM32_td] "+r" (L_AES_ARM32_td_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [ks] "+r" (ks), [rounds] "+r" (rounds),
+          [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c),
+          [L_AES_ARM32_td] "+r" (L_AES_ARM32_td_c)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [ks] "r" (ks), [rounds] "r" (rounds),
+          [L_AES_ARM32_te] "r" (L_AES_ARM32_te_c),
+          [L_AES_ARM32_td] "r" (L_AES_ARM32_td_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
 }
 
 #endif /* HAVE_AES_DECRYPT */
-static const uint32_t L_AES_ARM32_rcon[] = {
+static const word32 L_AES_ARM32_rcon[] = {
     0x01000000, 0x02000000, 0x04000000, 0x08000000,
     0x10000000, 0x20000000, 0x40000000, 0x80000000,
-    0x1b000000, 0x36000000, 
+    0x1b000000, 0x36000000
 };
 
-void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks);
-void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char* ks_p)
+void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p,
+    unsigned char* ks_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p,
+    unsigned char* ks_p)
+#else
+void AES_set_encrypt_key(const unsigned char* key, word32 len,
+    unsigned char* ks)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register const unsigned char* key asm ("r0") = (const unsigned char*)key_p;
     register word32 len asm ("r1") = (word32)len_p;
     register unsigned char* ks asm ("r2") = (unsigned char*)ks_p;
-    register uint32_t* L_AES_ARM32_te_c asm ("r3") = (uint32_t*)L_AES_ARM32_te;
-    register uint32_t* L_AES_ARM32_rcon_c asm ("r4") = (uint32_t*)&L_AES_ARM32_rcon;
+    register word32* L_AES_ARM32_te_c asm ("r3") = (word32*)L_AES_ARM32_te;
+    register word32* L_AES_ARM32_rcon_c asm ("r4") =
+        (word32*)&L_AES_ARM32_rcon;
+#else
+    register word32* L_AES_ARM32_te_c = (word32*)L_AES_ARM32_te;
+
+    register word32* L_AES_ARM32_rcon_c = (word32*)&L_AES_ARM32_rcon;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "mov	r8, %[L_AES_ARM32_te]\n\t"
@@ -431,8 +470,7 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char
         "cmp	%[len], #0xc0\n\t"
         "beq	L_AES_set_encrypt_key_start_192_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[key]]\n\t"
-        "ldr	r5, [%[key], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[key]]\n\t"
 #endif
@@ -663,8 +701,7 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char
         "\n"
     "L_AES_set_encrypt_key_start_192_%=: \n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[key]]\n\t"
-        "ldr	r5, [%[key], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[key]]\n\t"
 #endif
@@ -830,8 +867,7 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char
         "\n"
     "L_AES_set_encrypt_key_start_128_%=: \n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[key]]\n\t"
-        "ldr	r5, [%[key], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[key]]\n\t"
 #endif
@@ -922,19 +958,36 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char
         "bne	L_AES_set_encrypt_key_loop_128_%=\n\t"
         "\n"
     "L_AES_set_encrypt_key_end_%=: \n\t"
-        : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks), [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), [L_AES_ARM32_rcon] "+r" (L_AES_ARM32_rcon_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks),
+          [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c),
+          [L_AES_ARM32_rcon] "+r" (L_AES_ARM32_rcon_c)
         :
-        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "cc"
+#else
+        :
+        : [key] "r" (key), [len] "r" (len), [ks] "r" (ks),
+          [L_AES_ARM32_te] "r" (L_AES_ARM32_te_c),
+          [L_AES_ARM32_rcon] "r" (L_AES_ARM32_rcon_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8"
     );
 }
 
-void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks);
-void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t* ks_p)
+void AES_encrypt_block(const word32* te_p, int nr_p, int len_p,
+    const word32* ks_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void AES_encrypt_block(const word32* te_p, int nr_p, int len_p,
+    const word32* ks_p)
+#else
+void AES_encrypt_block(const word32* te, int nr, int len, const word32* ks)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
-    register const uint32_t* te asm ("r0") = (const uint32_t*)te_p;
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register const word32* te asm ("r0") = (const word32*)te_p;
     register int nr asm ("r1") = (int)nr_p;
     register int len asm ("r2") = (int)len_p;
-    register const uint32_t* ks asm ("r3") = (const uint32_t*)ks_p;
+    register const word32* ks asm ("r3") = (const word32*)ks_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "\n"
@@ -1573,28 +1626,51 @@ void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t
         "eor	r5, r5, r9\n\t"
         "eor	r6, r6, r10\n\t"
         "eor	r7, r7, r11\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [te] "+r" (te), [nr] "+r" (nr), [len] "+r" (len), [ks] "+r" (ks)
         :
-        : "memory", "lr", "cc"
+#else
+        :
+        : [te] "r" (te), [nr] "r" (nr), [len] "r" (len), [ks] "r" (ks)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr"
     );
 }
 
-#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t* L_AES_ARM32_te_ecb = L_AES_ARM32_te_data;
-void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr);
-void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p)
+#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+static const word32* L_AES_ARM32_te_ecb = L_AES_ARM32_te_data;
+void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p)
+#else
+void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
     register unsigned long len asm ("r2") = (unsigned long)len_p;
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
-    register uint32_t* L_AES_ARM32_te_ecb_c asm ("r5") = (uint32_t*)L_AES_ARM32_te_ecb;
+    register word32* L_AES_ARM32_te_ecb_c asm ("r5") =
+        (word32*)L_AES_ARM32_te_ecb;
+#else
+    register word32* L_AES_ARM32_te_ecb_c = (word32*)L_AES_ARM32_te_ecb;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "mov	lr, %[in]\n\t"
         "mov	r0, %[L_AES_ARM32_te_ecb]\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "mov	r12, r4\n\t"
+#else
+        "mov	r12, %[nr]\n\t"
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "push	{%[ks]}\n\t"
         "cmp	r12, #10\n\t"
         "beq	L_AES_ECB_encrypt_start_block_128_%=\n\t"
@@ -1822,29 +1898,60 @@ void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "\n"
     "L_AES_ECB_encrypt_end_%=: \n\t"
         "pop	{%[ks]}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [L_AES_ARM32_te_ecb] "+r" (L_AES_ARM32_te_ecb_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [L_AES_ARM32_te_ecb] "+r" (L_AES_ARM32_te_ecb_c)
         :
-        : "memory", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [in] "r" (in), [out] "r" (out), [len] "r" (len), [ks] "r" (ks),
+          [nr] "r" (nr), [L_AES_ARM32_te_ecb] "r" (L_AES_ARM32_te_ecb_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
-#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT ||
+        * WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_CBC
-static const uint32_t* L_AES_ARM32_te_cbc = L_AES_ARM32_te_data;
-void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
-void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p)
+static const word32* L_AES_ARM32_te_cbc = L_AES_ARM32_te_data;
+void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p)
+#else
+void AES_CBC_encrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr, unsigned char* iv)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
     register unsigned long len asm ("r2") = (unsigned long)len_p;
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
     register unsigned char* iv asm ("r5") = (unsigned char*)iv_p;
-    register uint32_t* L_AES_ARM32_te_cbc_c asm ("r6") = (uint32_t*)L_AES_ARM32_te_cbc;
+    register word32* L_AES_ARM32_te_cbc_c asm ("r6") =
+        (word32*)L_AES_ARM32_te_cbc;
+#else
+    register word32* L_AES_ARM32_te_cbc_c = (word32*)L_AES_ARM32_te_cbc;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "mov	r8, r4\n\t"
+#else
+        "mov	r8, %[nr]\n\t"
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "mov	r9, r5\n\t"
+#else
+        "mov	r9, %[iv]\n\t"
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "mov	lr, %[in]\n\t"
         "mov	r0, %[L_AES_ARM32_te_cbc]\n\t"
         "ldm	r9, {r4, r5, r6, r7}\n\t"
@@ -2088,29 +2195,61 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
     "L_AES_CBC_encrypt_end_%=: \n\t"
         "pop	{%[ks], r9}\n\t"
         "stm	r9, {r4, r5, r6, r7}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv), [L_AES_ARM32_te_cbc] "+r" (L_AES_ARM32_te_cbc_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [iv] "+r" (iv),
+          [L_AES_ARM32_te_cbc] "+r" (L_AES_ARM32_te_cbc_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [in] "r" (in), [out] "r" (out), [len] "r" (len), [ks] "r" (ks),
+          [nr] "r" (nr), [iv] "r" (iv),
+          [L_AES_ARM32_te_cbc] "r" (L_AES_ARM32_te_cbc_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
 #endif /* HAVE_AES_CBC */
 #ifdef WOLFSSL_AES_COUNTER
-static const uint32_t* L_AES_ARM32_te_ctr = L_AES_ARM32_te_data;
-void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
-void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p)
+static const word32* L_AES_ARM32_te_ctr = L_AES_ARM32_te_data;
+void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p)
+#else
+void AES_CTR_encrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
     register unsigned long len asm ("r2") = (unsigned long)len_p;
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
     register unsigned char* ctr asm ("r5") = (unsigned char*)ctr_p;
-    register uint32_t* L_AES_ARM32_te_ctr_c asm ("r6") = (uint32_t*)L_AES_ARM32_te_ctr;
+    register word32* L_AES_ARM32_te_ctr_c asm ("r6") =
+        (word32*)L_AES_ARM32_te_ctr;
+#else
+    register word32* L_AES_ARM32_te_ctr_c = (word32*)L_AES_ARM32_te_ctr;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "mov	r12, r4\n\t"
+#else
+        "mov	r12, %[nr]\n\t"
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "mov	r8, r5\n\t"
+#else
+        "mov	r8, %[ctr]\n\t"
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "mov	lr, %[in]\n\t"
         "mov	r0, %[L_AES_ARM32_te_ctr]\n\t"
         "ldm	r8, {r4, r5, r6, r7}\n\t"
@@ -2356,21 +2495,37 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "rev	r7, r7\n\t"
 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
         "stm	r8, {r4, r5, r6, r7}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr), [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [ctr] "+r" (ctr),
+          [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [in] "r" (in), [out] "r" (out), [len] "r" (len), [ks] "r" (ks),
+          [nr] "r" (nr), [ctr] "r" (ctr),
+          [L_AES_ARM32_te_ctr] "r" (L_AES_ARM32_te_ctr_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
 #endif /* WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CBC)
-void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4);
-void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p)
+    #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \
+        defined(HAVE_AES_CBC)
+void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p)
+#else
+void AES_decrypt_block(const word32* td, int nr, const byte* td4)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
-    register const uint32_t* td asm ("r0") = (const uint32_t*)td_p;
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register const word32* td asm ("r0") = (const word32*)td_p;
     register int nr asm ("r1") = (int)nr_p;
-    register const uint8_t* td4 asm ("r2") = (const uint8_t*)td4_p;
+    register const byte* td4 asm ("r2") = (const byte*)td4_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "\n"
@@ -3009,14 +3164,19 @@ void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p)
         "eor	r5, r5, r9\n\t"
         "eor	r6, r6, r10\n\t"
         "eor	r7, r7, r11\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [td] "+r" (td), [nr] "+r" (nr), [td4] "+r" (td4)
         :
-        : "memory", "lr", "cc"
+#else
+        :
+        : [td] "r" (td), [nr] "r" (nr), [td4] "r" (td4)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr"
     );
 }
 
-static const uint32_t* L_AES_ARM32_td_ecb = L_AES_ARM32_td_data;
-static const unsigned char L_AES_ARM32_td4[] = {
+static const word32* L_AES_ARM32_td_ecb = L_AES_ARM32_td_data;
+static const byte L_AES_ARM32_td4[] = {
     0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
     0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
     0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
@@ -3052,19 +3212,38 @@ static const unsigned char L_AES_ARM32_td4[] = {
 };
 
 #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr);
-void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p)
+void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p)
+#else
+void AES_ECB_decrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
     register unsigned long len asm ("r2") = (unsigned long)len_p;
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
-    register uint32_t* L_AES_ARM32_td_ecb_c asm ("r5") = (uint32_t*)L_AES_ARM32_td_ecb;
-    register unsigned char* L_AES_ARM32_td4_c asm ("r6") = (unsigned char*)&L_AES_ARM32_td4;
+    register word32* L_AES_ARM32_td_ecb_c asm ("r5") =
+        (word32*)L_AES_ARM32_td_ecb;
+    register byte* L_AES_ARM32_td4_c asm ("r6") = (byte*)&L_AES_ARM32_td4;
+#else
+    register word32* L_AES_ARM32_td_ecb_c = (word32*)L_AES_ARM32_td_ecb;
+
+    register byte* L_AES_ARM32_td4_c = (byte*)&L_AES_ARM32_td4;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "mov	r8, r4\n\t"
+#else
+        "mov	r8, %[nr]\n\t"
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "mov	lr, %[in]\n\t"
         "mov	r0, %[L_AES_ARM32_td_ecb]\n\t"
         "mov	r12, %[len]\n\t"
@@ -3291,33 +3470,67 @@ void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "bne	L_AES_ECB_decrypt_loop_block_128_%=\n\t"
         "\n"
     "L_AES_ECB_decrypt_end_%=: \n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c),
+          [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [in] "r" (in), [out] "r" (out), [len] "r" (len), [ks] "r" (ks),
+          [nr] "r" (nr), [L_AES_ARM32_td_ecb] "r" (L_AES_ARM32_td_ecb_c),
+          [L_AES_ARM32_td4] "r" (L_AES_ARM32_td4_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_CBC
-void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
-void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p)
+void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p)
+#else
+void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr, unsigned char* iv)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
     register unsigned long len asm ("r2") = (unsigned long)len_p;
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
     register unsigned char* iv asm ("r5") = (unsigned char*)iv_p;
-    register uint32_t* L_AES_ARM32_td_ecb_c asm ("r6") = (uint32_t*)L_AES_ARM32_td_ecb;
-    register unsigned char* L_AES_ARM32_td4_c asm ("r7") = (unsigned char*)&L_AES_ARM32_td4;
+    register word32* L_AES_ARM32_td_ecb_c asm ("r6") =
+        (word32*)L_AES_ARM32_td_ecb;
+    register byte* L_AES_ARM32_td4_c asm ("r7") = (byte*)&L_AES_ARM32_td4;
+#else
+    register word32* L_AES_ARM32_td_ecb_c = (word32*)L_AES_ARM32_td_ecb;
+
+    register byte* L_AES_ARM32_td4_c = (byte*)&L_AES_ARM32_td4;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
-        "mov	r8, r4\n\t"
-        "mov	r4, r5\n\t"
         "mov	lr, %[in]\n\t"
         "mov	r0, %[L_AES_ARM32_td_ecb]\n\t"
         "mov	r12, %[len]\n\t"
         "mov	r2, %[L_AES_ARM32_td4]\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        "mov	r8, r4\n\t"
+#else
+        "mov	r8, %[nr]\n\t"
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        "mov	r4, r5\n\t"
+#else
+        "mov	r4, %[iv]\n\t"
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "push	{%[ks]-r4}\n\t"
         "cmp	r8, #10\n\t"
         "beq	L_AES_CBC_decrypt_loop_block_128_%=\n\t"
@@ -3420,8 +3633,7 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldr	r7, [lr, #12]\n\t"
         "ldr	lr, [sp, #16]\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [lr]\n\t"
-        "str	r5, [lr, #4]\n\t"
+        "stm	lr, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [lr]\n\t"
 #endif
@@ -3610,8 +3822,7 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldr	r7, [lr, #12]\n\t"
         "ldr	lr, [sp, #16]\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [lr]\n\t"
-        "str	r5, [lr, #4]\n\t"
+        "stm	lr, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [lr]\n\t"
 #endif
@@ -3800,8 +4011,7 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldr	r7, [lr, #12]\n\t"
         "ldr	lr, [sp, #16]\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [lr]\n\t"
-        "str	r5, [lr, #4]\n\t"
+        "stm	lr, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [lr]\n\t"
 #endif
@@ -3909,8 +4119,7 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "ldrd	r10, r11, [r4, #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r8, [r4]\n\t"
-        "str	r9, [r4, #4]\n\t"
+        "stm	r4, {r8, r9}\n\t"
 #else
         "strd	r8, r9, [r4]\n\t"
 #endif
@@ -3923,9 +4132,20 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "\n"
     "L_AES_CBC_decrypt_end_%=: \n\t"
         "pop	{%[ks]-r4}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [iv] "+r" (iv),
+          [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c),
+          [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c)
         :
-        : "memory", "r12", "lr", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [in] "r" (in), [out] "r" (out), [len] "r" (len), [ks] "r" (ks),
+          [nr] "r" (nr), [iv] "r" (iv),
+          [L_AES_ARM32_td_ecb] "r" (L_AES_ARM32_td_ecb_c),
+          [L_AES_ARM32_td4] "r" (L_AES_ARM32_td4_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r8", "r9", "r10", "r11"
     );
 }
 
@@ -3933,21 +4153,35 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC */
 #endif /* HAVE_AES_DECRYPT */
 #ifdef HAVE_AESGCM
-static const uint32_t L_GCM_gmult_len_r[] = {
+static const word32 L_GCM_gmult_len_r[] = {
     0x00000000, 0x1c200000, 0x38400000, 0x24600000,
     0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000,
     0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000,
     0x91800000, 0x8da00000, 0xa9c00000, 0xb5e00000,
 };
 
-void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned char* data, unsigned long len);
-void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, const unsigned char* data_p, unsigned long len_p)
+void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p,
+    const unsigned char* data_p, unsigned long len_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p,
+    const unsigned char* data_p, unsigned long len_p)
+#else
+void GCM_gmult_len(unsigned char* x, const unsigned char** m,
+    const unsigned char* data, unsigned long len)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register unsigned char* x asm ("r0") = (unsigned char*)x_p;
     register const unsigned char** m asm ("r1") = (const unsigned char**)m_p;
-    register const unsigned char* data asm ("r2") = (const unsigned char*)data_p;
+    register const unsigned char* data asm ("r2") =
+        (const unsigned char*)data_p;
     register unsigned long len asm ("r3") = (unsigned long)len_p;
-    register uint32_t* L_GCM_gmult_len_r_c asm ("r4") = (uint32_t*)&L_GCM_gmult_len_r;
+    register word32* L_GCM_gmult_len_r_c asm ("r4") =
+        (word32*)&L_GCM_gmult_len_r;
+#else
+    register word32* L_GCM_gmult_len_r_c = (word32*)&L_GCM_gmult_len_r;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "mov	lr, %[L_GCM_gmult_len_r]\n\t"
@@ -4521,27 +4755,58 @@ void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, const unsigned
         "subs	%[len], %[len], #16\n\t"
         "add	%[data], %[data], #16\n\t"
         "bne	L_GCM_gmult_len_start_block_%=\n\t"
-        : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len), [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len),
+          [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c)
         :
-        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [x] "r" (x), [m] "r" (m), [data] "r" (data), [len] "r" (len),
+          [L_GCM_gmult_len_r] "r" (L_GCM_gmult_len_r_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11"
     );
 }
 
-static const uint32_t* L_AES_ARM32_te_gcm = L_AES_ARM32_te_data;
-void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
-void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p)
+static const word32* L_AES_ARM32_te_gcm = L_AES_ARM32_te_data;
+void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p)
+#else
+void AES_GCM_encrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register const unsigned char* in asm ("r0") = (const unsigned char*)in_p;
     register unsigned char* out asm ("r1") = (unsigned char*)out_p;
     register unsigned long len asm ("r2") = (unsigned long)len_p;
     register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p;
     register int nr asm ("r4") = (int)nr_p;
     register unsigned char* ctr asm ("r5") = (unsigned char*)ctr_p;
-    register uint32_t* L_AES_ARM32_te_gcm_c asm ("r6") = (uint32_t*)L_AES_ARM32_te_gcm;
+    register word32* L_AES_ARM32_te_gcm_c asm ("r6") =
+        (word32*)L_AES_ARM32_te_gcm;
+#else
+    register word32* L_AES_ARM32_te_gcm_c = (word32*)L_AES_ARM32_te_gcm;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "mov	r12, r4\n\t"
+#else
+        "mov	r12, %[nr]\n\t"
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "mov	r8, r5\n\t"
+#else
+        "mov	r8, %[ctr]\n\t"
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "mov	lr, %[in]\n\t"
         "mov	r0, %[L_AES_ARM32_te_gcm]\n\t"
         "ldm	r8, {r4, r5, r6, r7}\n\t"
@@ -4778,17 +5043,24 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned l
         "rev	r7, r7\n\t"
 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
         "stm	r8, {r4, r5, r6, r7}\n\t"
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr), [L_AES_ARM32_te_gcm] "+r" (L_AES_ARM32_te_gcm_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [ctr] "+r" (ctr),
+          [L_AES_ARM32_te_gcm] "+r" (L_AES_ARM32_te_gcm_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [in] "r" (in), [out] "r" (out), [len] "r" (len), [ks] "r" (ks),
+          [nr] "r" (nr), [ctr] "r" (ctr),
+          [L_AES_ARM32_te_gcm] "r" (L_AES_ARM32_te_gcm_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
 }
 
 #endif /* HAVE_AESGCM */
 #endif /* !NO_AES */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S
new file mode 100644
index 000000000..c4855533d
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S
@@ -0,0 +1,520 @@
+/* armv8-32-chacha-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./chacha/chacha.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifdef HAVE_CHACHA
+	.text
+	.align	4
+	.globl	wc_chacha_setiv
+	.type	wc_chacha_setiv, %function
+wc_chacha_setiv:
+	push	{r4, lr}
+	add	r3, r0, #52
+	ldr	r4, [r1]
+	ldr	r12, [r1, #4]
+	ldr	lr, [r1, #8]
+	str	r2, [r0, #48]
+#ifdef BIG_ENDIAN_ORDER
+	rev	r4, r4
+	rev	r12, r12
+	rev	lr, lr
+#endif /* BIG_ENDIAN_ORDER */
+	stm	r3, {r4, r12, lr}
+	pop	{r4, pc}
+	.size	wc_chacha_setiv,.-wc_chacha_setiv
+	.text
+	.type	L_chacha_arm32_constants, %object
+	.size	L_chacha_arm32_constants, 32
+	.align	4
+L_chacha_arm32_constants:
+	.word	0x61707865
+	.word	0x3120646e
+	.word	0x79622d36
+	.word	0x6b206574
+	.word	0x61707865
+	.word	0x3320646e
+	.word	0x79622d32
+	.word	0x6b206574
+	.text
+	.align	4
+	.globl	wc_chacha_setkey
+	.type	wc_chacha_setkey, %function
+wc_chacha_setkey:
+	push	{r4, r5, lr}
+	adr	r3, L_chacha_arm32_constants
+	subs	r2, r2, #16
+	add	r3, r3, r2
+	# Start state with constants
+	ldm	r3, {r4, r5, r12, lr}
+	stm	r0!, {r4, r5, r12, lr}
+	# Next is first 16 bytes of key.
+	ldr	r4, [r1]
+	ldr	r5, [r1, #4]
+	ldr	r12, [r1, #8]
+	ldr	lr, [r1, #12]
+#ifdef BIG_ENDIAN_ORDER
+	rev	r4, r4
+	rev	r5, r5
+	rev	r12, r12
+	rev	lr, lr
+#endif /* BIG_ENDIAN_ORDER */
+	stm	r0!, {r4, r5, r12, lr}
+	# Next 16 bytes of key.
+	beq	L_chacha_arm32_setkey_same_keyb_ytes
+	# Update key pointer for next 16 bytes.
+	add	r1, r1, r2
+	ldr	r4, [r1]
+	ldr	r5, [r1, #4]
+	ldr	r12, [r1, #8]
+	ldr	lr, [r1, #12]
+L_chacha_arm32_setkey_same_keyb_ytes:
+	stm	r0, {r4, r5, r12, lr}
+	pop	{r4, r5, pc}
+	.size	wc_chacha_setkey,.-wc_chacha_setkey
+#ifdef WOLFSSL_ARMASM_NO_NEON
+	.text
+	.align	4
+	.globl	wc_chacha_crypt_bytes
+	.type	wc_chacha_crypt_bytes, %function
+wc_chacha_crypt_bytes:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #52
+	mov	lr, r0
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r0, [sp, #32]
+	str	r1, [sp, #36]
+#else
+	strd	r0, r1, [sp, #32]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r2, [sp, #40]
+	str	r3, [sp, #44]
+#else
+	strd	r2, r3, [sp, #40]
+#endif
+L_chacha_arm32_crypt_block:
+	# Put x[12]..x[15] onto stack.
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r4, [lr, #48]
+	ldr	r5, [lr, #52]
+#else
+	ldrd	r4, r5, [lr, #48]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r6, [lr, #56]
+	ldr	r7, [lr, #60]
+#else
+	ldrd	r6, r7, [lr, #56]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r4, [sp, #16]
+	str	r5, [sp, #20]
+#else
+	strd	r4, r5, [sp, #16]
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	str	r6, [sp, #24]
+	str	r7, [sp, #28]
+#else
+	strd	r6, r7, [sp, #24]
+#endif
+	# Load x[0]..x[12] into registers.
+	ldm	lr, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12}
+	# 10x 2 full rounds to perform.
+	mov	lr, #10
+	str	lr, [sp, #48]
+L_chacha_arm32_crypt_loop:
+	# 0, 4,  8, 12
+	# 1, 5,  9, 13
+	ldr	lr, [sp, #20]
+	add	r0, r0, r4
+	add	r1, r1, r5
+	eor	r12, r12, r0
+	eor	lr, lr, r1
+	ror	r12, r12, #16
+	ror	lr, lr, #16
+	add	r8, r8, r12
+	add	r9, r9, lr
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	ror	r4, r4, #20
+	ror	r5, r5, #20
+	add	r0, r0, r4
+	add	r1, r1, r5
+	eor	r12, r12, r0
+	eor	lr, lr, r1
+	ror	r12, r12, #24
+	ror	lr, lr, #24
+	add	r8, r8, r12
+	add	r9, r9, lr
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	ror	r4, r4, #25
+	ror	r5, r5, #25
+	str	r12, [sp, #16]
+	str	lr, [sp, #20]
+	# 2, 6, 10, 14
+	# 3, 7, 11, 15
+	ldr	r12, [sp, #24]
+	ldr	lr, [sp, #28]
+	add	r2, r2, r6
+	add	r3, r3, r7
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	ror	r12, r12, #16
+	ror	lr, lr, #16
+	add	r10, r10, r12
+	add	r11, r11, lr
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	ror	r6, r6, #20
+	ror	r7, r7, #20
+	add	r2, r2, r6
+	add	r3, r3, r7
+	eor	r12, r12, r2
+	eor	lr, lr, r3
+	ror	r12, r12, #24
+	ror	lr, lr, #24
+	add	r10, r10, r12
+	add	r11, r11, lr
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	ror	r6, r6, #25
+	ror	r7, r7, #25
+	# 3, 4,  9, 14
+	# 0, 5, 10, 15
+	add	r3, r3, r4
+	add	r0, r0, r5
+	eor	r12, r12, r3
+	eor	lr, lr, r0
+	ror	r12, r12, #16
+	ror	lr, lr, #16
+	add	r9, r9, r12
+	add	r10, r10, lr
+	eor	r4, r4, r9
+	eor	r5, r5, r10
+	ror	r4, r4, #20
+	ror	r5, r5, #20
+	add	r3, r3, r4
+	add	r0, r0, r5
+	eor	r12, r12, r3
+	eor	lr, lr, r0
+	ror	r12, r12, #24
+	ror	lr, lr, #24
+	add	r9, r9, r12
+	add	r10, r10, lr
+	eor	r4, r4, r9
+	eor	r5, r5, r10
+	ror	r4, r4, #25
+	ror	r5, r5, #25
+	str	r12, [sp, #24]
+	str	lr, [sp, #28]
+	ldr	r12, [sp, #16]
+	ldr	lr, [sp, #20]
+	# 1, 6, 11, 12
+	# 2, 7,  8, 13
+	add	r1, r1, r6
+	add	r2, r2, r7
+	eor	r12, r12, r1
+	eor	lr, lr, r2
+	ror	r12, r12, #16
+	ror	lr, lr, #16
+	add	r11, r11, r12
+	add	r8, r8, lr
+	eor	r6, r6, r11
+	eor	r7, r7, r8
+	ror	r6, r6, #20
+	ror	r7, r7, #20
+	add	r1, r1, r6
+	add	r2, r2, r7
+	eor	r12, r12, r1
+	eor	lr, lr, r2
+	ror	r12, r12, #24
+	ror	lr, lr, #24
+	add	r11, r11, r12
+	add	r8, r8, lr
+	eor	r6, r6, r11
+	eor	r7, r7, r8
+	ror	r6, r6, #25
+	ror	r7, r7, #25
+	str	lr, [sp, #20]
+	# Check if we have done enough rounds.
+	ldr	lr, [sp, #48]
+	subs	lr, lr, #1
+	str	lr, [sp, #48]
+	bgt	L_chacha_arm32_crypt_loop
+	stm	sp, {r8, r9, r10, r11, r12}
+	ldr	lr, [sp, #32]
+	mov	r12, sp
+	# Add in original state
+	ldm	lr!, {r8, r9, r10, r11}
+	add	r0, r0, r8
+	add	r1, r1, r9
+	add	r2, r2, r10
+	add	r3, r3, r11
+	ldm	lr!, {r8, r9, r10, r11}
+	add	r4, r4, r8
+	add	r5, r5, r9
+	add	r6, r6, r10
+	add	r7, r7, r11
+	ldm	r12, {r8, r9}
+	ldm	lr!, {r10, r11}
+	add	r8, r8, r10
+	add	r9, r9, r11
+	stm	r12!, {r8, r9}
+	ldm	r12, {r8, r9}
+	ldm	lr!, {r10, r11}
+	add	r8, r8, r10
+	add	r9, r9, r11
+	stm	r12!, {r8, r9}
+	ldm	r12, {r8, r9}
+	ldm	lr!, {r10, r11}
+	add	r8, r8, r10
+	add	r9, r9, r11
+	add	r10, r10, #1
+	stm	r12!, {r8, r9}
+	str	r10, [lr, #-8]
+	ldm	r12, {r8, r9}
+	ldm	lr, {r10, r11}
+	add	r8, r8, r10
+	add	r9, r9, r11
+	stm	r12, {r8, r9}
+	ldr	r12, [sp, #44]
+	cmp	r12, #0x40
+	blt	L_chacha_arm32_crypt_lt_block
+	ldr	r12, [sp, #40]
+	ldr	lr, [sp, #36]
+	# XOR state into 64 bytes.
+	ldr	r8, [r12]
+	ldr	r9, [r12, #4]
+	ldr	r10, [r12, #8]
+	ldr	r11, [r12, #12]
+	eor	r0, r0, r8
+	eor	r1, r1, r9
+	eor	r2, r2, r10
+	eor	r3, r3, r11
+	str	r0, [lr]
+	str	r1, [lr, #4]
+	str	r2, [lr, #8]
+	str	r3, [lr, #12]
+	ldr	r8, [r12, #16]
+	ldr	r9, [r12, #20]
+	ldr	r10, [r12, #24]
+	ldr	r11, [r12, #28]
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	str	r4, [lr, #16]
+	str	r5, [lr, #20]
+	str	r6, [lr, #24]
+	str	r7, [lr, #28]
+	ldr	r4, [sp]
+	ldr	r5, [sp, #4]
+	ldr	r6, [sp, #8]
+	ldr	r7, [sp, #12]
+	ldr	r8, [r12, #32]
+	ldr	r9, [r12, #36]
+	ldr	r10, [r12, #40]
+	ldr	r11, [r12, #44]
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	str	r4, [lr, #32]
+	str	r5, [lr, #36]
+	str	r6, [lr, #40]
+	str	r7, [lr, #44]
+	ldr	r4, [sp, #16]
+	ldr	r5, [sp, #20]
+	ldr	r6, [sp, #24]
+	ldr	r7, [sp, #28]
+	ldr	r8, [r12, #48]
+	ldr	r9, [r12, #52]
+	ldr	r10, [r12, #56]
+	ldr	r11, [r12, #60]
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	eor	r6, r6, r10
+	eor	r7, r7, r11
+	str	r4, [lr, #48]
+	str	r5, [lr, #52]
+	str	r6, [lr, #56]
+	str	r7, [lr, #60]
+	ldr	r3, [sp, #44]
+	add	r12, r12, #0x40
+	add	lr, lr, #0x40
+	str	r12, [sp, #40]
+	str	lr, [sp, #36]
+	subs	r3, r3, #0x40
+	ldr	lr, [sp, #32]
+	str	r3, [sp, #44]
+	bne	L_chacha_arm32_crypt_block
+	b	L_chacha_arm32_crypt_done
+L_chacha_arm32_crypt_lt_block:
+	# Store in over field of ChaCha.
+	ldr	lr, [sp, #32]
+	add	r12, lr, #0x44
+	stm	r12!, {r0, r1, r2, r3, r4, r5, r6, r7}
+	ldm	sp, {r0, r1, r2, r3, r4, r5, r6, r7}
+	stm	r12, {r0, r1, r2, r3, r4, r5, r6, r7}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldr	r2, [sp, #40]
+	ldr	r3, [sp, #44]
+#else
+	ldrd	r2, r3, [sp, #40]
+#endif
+	ldr	r1, [sp, #36]
+	rsb	r12, r3, #0x40
+	str	r12, [lr, #64]
+	add	lr, lr, #0x44
+L_chacha_arm32_crypt_16byte_loop:
+	cmp	r3, #16
+	blt	L_chacha_arm32_crypt_word_loop
+	# 16 bytes of state XORed into message.
+	ldm	lr!, {r4, r5, r6, r7}
+	ldr	r8, [r2]
+	ldr	r9, [r2, #4]
+	ldr	r10, [r2, #8]
+	ldr	r11, [r2, #12]
+	eor	r8, r8, r4
+	eor	r9, r9, r5
+	eor	r10, r10, r6
+	eor	r11, r11, r7
+	subs	r3, r3, #16
+	str	r8, [r1]
+	str	r9, [r1, #4]
+	str	r10, [r1, #8]
+	str	r11, [r1, #12]
+	beq	L_chacha_arm32_crypt_done
+	add	r2, r2, #16
+	add	r1, r1, #16
+	b	L_chacha_arm32_crypt_16byte_loop
+L_chacha_arm32_crypt_word_loop:
+	cmp	r3, #4
+	blt	L_chacha_arm32_crypt_byte_start
+	# 4 bytes of state XORed into message.
+	ldr	r4, [lr]
+	ldr	r8, [r2]
+	eor	r8, r8, r4
+	subs	r3, r3, #4
+	str	r8, [r1]
+	beq	L_chacha_arm32_crypt_done
+	add	lr, lr, #4
+	add	r2, r2, #4
+	add	r1, r1, #4
+	b	L_chacha_arm32_crypt_word_loop
+L_chacha_arm32_crypt_byte_start:
+	ldr	r4, [lr]
+L_chacha_arm32_crypt_byte_loop:
+	ldrb	r8, [r2]
+	eor	r8, r8, r4
+	subs	r3, r3, #1
+	strb	r8, [r1]
+	beq	L_chacha_arm32_crypt_done
+	lsr	r4, r4, #8
+	add	r2, r2, #1
+	add	r1, r1, #1
+	b	L_chacha_arm32_crypt_byte_loop
+L_chacha_arm32_crypt_done:
+	add	sp, sp, #52
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	wc_chacha_crypt_bytes,.-wc_chacha_crypt_bytes
+	.text
+	.align	4
+	.globl	wc_chacha_use_over
+	.type	wc_chacha_use_over, %function
+wc_chacha_use_over:
+	push	{r4, r5, r6, r7, r8, r9, lr}
+L_chacha_arm32_over_16byte_loop:
+	cmp	r3, #16
+	blt	L_chacha_arm32_over_word_loop
+	# 16 bytes of state XORed into message.
+	ldr	r12, [r0]
+	ldr	lr, [r0, #4]
+	ldr	r4, [r0, #8]
+	ldr	r5, [r0, #12]
+	ldr	r6, [r2]
+	ldr	r7, [r2, #4]
+	ldr	r8, [r2, #8]
+	ldr	r9, [r2, #12]
+	eor	r12, r12, r6
+	eor	lr, lr, r7
+	eor	r4, r4, r8
+	eor	r5, r5, r9
+	subs	r3, r3, #16
+	str	r12, [r1]
+	str	lr, [r1, #4]
+	str	r4, [r1, #8]
+	str	r5, [r1, #12]
+	beq	L_chacha_arm32_over_done
+	add	r0, r0, #16
+	add	r2, r2, #16
+	add	r1, r1, #16
+	b	L_chacha_arm32_over_16byte_loop
+L_chacha_arm32_over_word_loop:
+	cmp	r3, #4
+	blt	L_chacha_arm32_over_byte_loop
+	# 4 bytes of state XORed into message.
+	ldr	r12, [r0]
+	ldr	r6, [r2]
+	eor	r12, r12, r6
+	subs	r3, r3, #4
+	str	r12, [r1]
+	beq	L_chacha_arm32_over_done
+	add	r0, r0, #4
+	add	r2, r2, #4
+	add	r1, r1, #4
+	b	L_chacha_arm32_over_word_loop
+L_chacha_arm32_over_byte_loop:
+	# 4 bytes of state XORed into message.
+	ldrb	r12, [r0]
+	ldrb	r6, [r2]
+	eor	r12, r12, r6
+	subs	r3, r3, #1
+	strb	r12, [r1]
+	beq	L_chacha_arm32_over_done
+	add	r0, r0, #1
+	add	r2, r2, #1
+	add	r1, r1, #1
+	b	L_chacha_arm32_over_byte_loop
+L_chacha_arm32_over_done:
+	pop	{r4, r5, r6, r7, r8, r9, pc}
+	.size	wc_chacha_use_over,.-wc_chacha_use_over
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#endif /* HAVE_CHACHA */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c
new file mode 100644
index 000000000..d9244a4a9
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c
@@ -0,0 +1,621 @@
+/* armv8-32-chacha-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./chacha/chacha.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.c
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#include <stdint.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef __ghs__
+#define __asm__        __asm
+#define __volatile__
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __ghs__ */
+#ifdef HAVE_CHACHA
+#include <wolfssl/wolfcrypt/chacha.h>
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_setiv(word32* x_p, const byte* iv_p, word32 counter_p)
+#else
+void wc_chacha_setiv(word32* x, const byte* iv, word32 counter)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register word32* x asm ("r0") = (word32*)x_p;
+    register const byte* iv asm ("r1") = (const byte*)iv_p;
+    register word32 counter asm ("r2") = (word32)counter_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "add	r3, %[x], #52\n\t"
+        "ldr	r4, [%[iv]]\n\t"
+        "ldr	r12, [%[iv], #4]\n\t"
+        "ldr	lr, [%[iv], #8]\n\t"
+        "str	%[counter], [%[x], #48]\n\t"
+#ifdef BIG_ENDIAN_ORDER
+        "rev	r4, r4\n\t"
+        "rev	r12, r12\n\t"
+        "rev	lr, lr\n\t"
+#endif /* BIG_ENDIAN_ORDER */
+        "stm	r3, {r4, r12, lr}\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter)
+        :
+#else
+        :
+        : [x] "r" (x), [iv] "r" (iv), [counter] "r" (counter)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r3", "r12", "lr", "r4"
+    );
+}
+
+static const word32 L_chacha_arm32_constants[] = {
+    0x61707865, 0x3120646e, 0x79622d36, 0x6b206574,
+    0x61707865, 0x3320646e, 0x79622d32, 0x6b206574,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p)
+#else
+void wc_chacha_setkey(word32* x, const byte* key, word32 keySz)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register word32* x asm ("r0") = (word32*)x_p;
+    register const byte* key asm ("r1") = (const byte*)key_p;
+    register word32 keySz asm ("r2") = (word32)keySz_p;
+    register word32* L_chacha_arm32_constants_c asm ("r3") =
+        (word32*)&L_chacha_arm32_constants;
+#else
+    register word32* L_chacha_arm32_constants_c =
+        (word32*)&L_chacha_arm32_constants;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "mov	r3, %[L_chacha_arm32_constants]\n\t"
+        "subs	%[keySz], %[keySz], #16\n\t"
+        "add	r3, r3, %[keySz]\n\t"
+        /* Start state with constants */
+        "ldm	r3, {r4, r5, r12, lr}\n\t"
+        "stm	%[x]!, {r4, r5, r12, lr}\n\t"
+        /* Next is first 16 bytes of key. */
+        "ldr	r4, [%[key]]\n\t"
+        "ldr	r5, [%[key], #4]\n\t"
+        "ldr	r12, [%[key], #8]\n\t"
+        "ldr	lr, [%[key], #12]\n\t"
+#ifdef BIG_ENDIAN_ORDER
+        "rev	r4, r4\n\t"
+        "rev	r5, r5\n\t"
+        "rev	r12, r12\n\t"
+        "rev	lr, lr\n\t"
+#endif /* BIG_ENDIAN_ORDER */
+        "stm	%[x]!, {r4, r5, r12, lr}\n\t"
+        /* Next 16 bytes of key. */
+        "beq	L_chacha_arm32_setkey_same_keyb_ytes_%=\n\t"
+        /* Update key pointer for next 16 bytes. */
+        "add	%[key], %[key], %[keySz]\n\t"
+        "ldr	r4, [%[key]]\n\t"
+        "ldr	r5, [%[key], #4]\n\t"
+        "ldr	r12, [%[key], #8]\n\t"
+        "ldr	lr, [%[key], #12]\n\t"
+        "\n"
+    "L_chacha_arm32_setkey_same_keyb_ytes_%=: \n\t"
+        "stm	%[x], {r4, r5, r12, lr}\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz),
+          [L_chacha_arm32_constants] "+r" (L_chacha_arm32_constants_c)
+        :
+#else
+        :
+        : [x] "r" (x), [key] "r" (key), [keySz] "r" (keySz),
+          [L_chacha_arm32_constants] "r" (L_chacha_arm32_constants_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r4", "r5"
+    );
+}
+
+#ifdef WOLFSSL_ARMASM_NO_NEON
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p,
+    word32 len_p)
+#else
+void wc_chacha_crypt_bytes(ChaCha* ctx, byte* c, const byte* m, word32 len)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register ChaCha* ctx asm ("r0") = (ChaCha*)ctx_p;
+    register byte* c asm ("r1") = (byte*)c_p;
+    register const byte* m asm ("r2") = (const byte*)m_p;
+    register word32 len asm ("r3") = (word32)len_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #52\n\t"
+        "mov	lr, %[ctx]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	%[ctx], [sp, #32]\n\t"
+        "str	%[c], [sp, #36]\n\t"
+#else
+        "strd	%[ctx], %[c], [sp, #32]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	%[m], [sp, #40]\n\t"
+        "str	%[len], [sp, #44]\n\t"
+#else
+        "strd	%[m], %[len], [sp, #40]\n\t"
+#endif
+        "\n"
+    "L_chacha_arm32_crypt_block_%=: \n\t"
+        /* Put x[12]..x[15] onto stack. */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r4, [lr, #48]\n\t"
+        "ldr	r5, [lr, #52]\n\t"
+#else
+        "ldrd	r4, r5, [lr, #48]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	r6, [lr, #56]\n\t"
+        "ldr	r7, [lr, #60]\n\t"
+#else
+        "ldrd	r6, r7, [lr, #56]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r4, [sp, #16]\n\t"
+        "str	r5, [sp, #20]\n\t"
+#else
+        "strd	r4, r5, [sp, #16]\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "str	r6, [sp, #24]\n\t"
+        "str	r7, [sp, #28]\n\t"
+#else
+        "strd	r6, r7, [sp, #24]\n\t"
+#endif
+        /* Load x[0]..x[12] into registers. */
+        "ldm	lr, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
+        /* 10x 2 full rounds to perform. */
+        "mov	lr, #10\n\t"
+        "str	lr, [sp, #48]\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_loop_%=: \n\t"
+        /* 0, 4,  8, 12 */
+        /* 1, 5,  9, 13 */
+        "ldr	lr, [sp, #20]\n\t"
+        "add	%[ctx], %[ctx], r4\n\t"
+        "add	%[c], %[c], r5\n\t"
+        "eor	r12, r12, %[ctx]\n\t"
+        "eor	lr, lr, %[c]\n\t"
+        "ror	r12, r12, #16\n\t"
+        "ror	lr, lr, #16\n\t"
+        "add	r8, r8, r12\n\t"
+        "add	r9, r9, lr\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "ror	r4, r4, #20\n\t"
+        "ror	r5, r5, #20\n\t"
+        "add	%[ctx], %[ctx], r4\n\t"
+        "add	%[c], %[c], r5\n\t"
+        "eor	r12, r12, %[ctx]\n\t"
+        "eor	lr, lr, %[c]\n\t"
+        "ror	r12, r12, #24\n\t"
+        "ror	lr, lr, #24\n\t"
+        "add	r8, r8, r12\n\t"
+        "add	r9, r9, lr\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "ror	r4, r4, #25\n\t"
+        "ror	r5, r5, #25\n\t"
+        "str	r12, [sp, #16]\n\t"
+        "str	lr, [sp, #20]\n\t"
+        /* 2, 6, 10, 14 */
+        /* 3, 7, 11, 15 */
+        "ldr	r12, [sp, #24]\n\t"
+        "ldr	lr, [sp, #28]\n\t"
+        "add	%[m], %[m], r6\n\t"
+        "add	%[len], %[len], r7\n\t"
+        "eor	r12, r12, %[m]\n\t"
+        "eor	lr, lr, %[len]\n\t"
+        "ror	r12, r12, #16\n\t"
+        "ror	lr, lr, #16\n\t"
+        "add	r10, r10, r12\n\t"
+        "add	r11, r11, lr\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "ror	r6, r6, #20\n\t"
+        "ror	r7, r7, #20\n\t"
+        "add	%[m], %[m], r6\n\t"
+        "add	%[len], %[len], r7\n\t"
+        "eor	r12, r12, %[m]\n\t"
+        "eor	lr, lr, %[len]\n\t"
+        "ror	r12, r12, #24\n\t"
+        "ror	lr, lr, #24\n\t"
+        "add	r10, r10, r12\n\t"
+        "add	r11, r11, lr\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "ror	r6, r6, #25\n\t"
+        "ror	r7, r7, #25\n\t"
+        /* 3, 4,  9, 14 */
+        /* 0, 5, 10, 15 */
+        "add	%[len], %[len], r4\n\t"
+        "add	%[ctx], %[ctx], r5\n\t"
+        "eor	r12, r12, %[len]\n\t"
+        "eor	lr, lr, %[ctx]\n\t"
+        "ror	r12, r12, #16\n\t"
+        "ror	lr, lr, #16\n\t"
+        "add	r9, r9, r12\n\t"
+        "add	r10, r10, lr\n\t"
+        "eor	r4, r4, r9\n\t"
+        "eor	r5, r5, r10\n\t"
+        "ror	r4, r4, #20\n\t"
+        "ror	r5, r5, #20\n\t"
+        "add	%[len], %[len], r4\n\t"
+        "add	%[ctx], %[ctx], r5\n\t"
+        "eor	r12, r12, %[len]\n\t"
+        "eor	lr, lr, %[ctx]\n\t"
+        "ror	r12, r12, #24\n\t"
+        "ror	lr, lr, #24\n\t"
+        "add	r9, r9, r12\n\t"
+        "add	r10, r10, lr\n\t"
+        "eor	r4, r4, r9\n\t"
+        "eor	r5, r5, r10\n\t"
+        "ror	r4, r4, #25\n\t"
+        "ror	r5, r5, #25\n\t"
+        "str	r12, [sp, #24]\n\t"
+        "str	lr, [sp, #28]\n\t"
+        "ldr	r12, [sp, #16]\n\t"
+        "ldr	lr, [sp, #20]\n\t"
+        /* 1, 6, 11, 12 */
+        /* 2, 7,  8, 13 */
+        "add	%[c], %[c], r6\n\t"
+        "add	%[m], %[m], r7\n\t"
+        "eor	r12, r12, %[c]\n\t"
+        "eor	lr, lr, %[m]\n\t"
+        "ror	r12, r12, #16\n\t"
+        "ror	lr, lr, #16\n\t"
+        "add	r11, r11, r12\n\t"
+        "add	r8, r8, lr\n\t"
+        "eor	r6, r6, r11\n\t"
+        "eor	r7, r7, r8\n\t"
+        "ror	r6, r6, #20\n\t"
+        "ror	r7, r7, #20\n\t"
+        "add	%[c], %[c], r6\n\t"
+        "add	%[m], %[m], r7\n\t"
+        "eor	r12, r12, %[c]\n\t"
+        "eor	lr, lr, %[m]\n\t"
+        "ror	r12, r12, #24\n\t"
+        "ror	lr, lr, #24\n\t"
+        "add	r11, r11, r12\n\t"
+        "add	r8, r8, lr\n\t"
+        "eor	r6, r6, r11\n\t"
+        "eor	r7, r7, r8\n\t"
+        "ror	r6, r6, #25\n\t"
+        "ror	r7, r7, #25\n\t"
+        "str	lr, [sp, #20]\n\t"
+        /* Check if we have done enough rounds. */
+        "ldr	lr, [sp, #48]\n\t"
+        "subs	lr, lr, #1\n\t"
+        "str	lr, [sp, #48]\n\t"
+        "bgt	L_chacha_arm32_crypt_loop_%=\n\t"
+        "stm	sp, {r8, r9, r10, r11, r12}\n\t"
+        "ldr	lr, [sp, #32]\n\t"
+        "mov	r12, sp\n\t"
+        /* Add in original state */
+        "ldm	lr!, {r8, r9, r10, r11}\n\t"
+        "add	%[ctx], %[ctx], r8\n\t"
+        "add	%[c], %[c], r9\n\t"
+        "add	%[m], %[m], r10\n\t"
+        "add	%[len], %[len], r11\n\t"
+        "ldm	lr!, {r8, r9, r10, r11}\n\t"
+        "add	r4, r4, r8\n\t"
+        "add	r5, r5, r9\n\t"
+        "add	r6, r6, r10\n\t"
+        "add	r7, r7, r11\n\t"
+        "ldm	r12, {r8, r9}\n\t"
+        "ldm	lr!, {r10, r11}\n\t"
+        "add	r8, r8, r10\n\t"
+        "add	r9, r9, r11\n\t"
+        "stm	r12!, {r8, r9}\n\t"
+        "ldm	r12, {r8, r9}\n\t"
+        "ldm	lr!, {r10, r11}\n\t"
+        "add	r8, r8, r10\n\t"
+        "add	r9, r9, r11\n\t"
+        "stm	r12!, {r8, r9}\n\t"
+        "ldm	r12, {r8, r9}\n\t"
+        "ldm	lr!, {r10, r11}\n\t"
+        "add	r8, r8, r10\n\t"
+        "add	r9, r9, r11\n\t"
+        "add	r10, r10, #1\n\t"
+        "stm	r12!, {r8, r9}\n\t"
+        "str	r10, [lr, #-8]\n\t"
+        "ldm	r12, {r8, r9}\n\t"
+        "ldm	lr, {r10, r11}\n\t"
+        "add	r8, r8, r10\n\t"
+        "add	r9, r9, r11\n\t"
+        "stm	r12, {r8, r9}\n\t"
+        "ldr	r12, [sp, #44]\n\t"
+        "cmp	r12, #0x40\n\t"
+        "blt	L_chacha_arm32_crypt_lt_block_%=\n\t"
+        "ldr	r12, [sp, #40]\n\t"
+        "ldr	lr, [sp, #36]\n\t"
+        /* XOR state into 64 bytes. */
+        "ldr	r8, [r12]\n\t"
+        "ldr	r9, [r12, #4]\n\t"
+        "ldr	r10, [r12, #8]\n\t"
+        "ldr	r11, [r12, #12]\n\t"
+        "eor	%[ctx], %[ctx], r8\n\t"
+        "eor	%[c], %[c], r9\n\t"
+        "eor	%[m], %[m], r10\n\t"
+        "eor	%[len], %[len], r11\n\t"
+        "str	%[ctx], [lr]\n\t"
+        "str	%[c], [lr, #4]\n\t"
+        "str	%[m], [lr, #8]\n\t"
+        "str	%[len], [lr, #12]\n\t"
+        "ldr	r8, [r12, #16]\n\t"
+        "ldr	r9, [r12, #20]\n\t"
+        "ldr	r10, [r12, #24]\n\t"
+        "ldr	r11, [r12, #28]\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "str	r4, [lr, #16]\n\t"
+        "str	r5, [lr, #20]\n\t"
+        "str	r6, [lr, #24]\n\t"
+        "str	r7, [lr, #28]\n\t"
+        "ldr	r4, [sp]\n\t"
+        "ldr	r5, [sp, #4]\n\t"
+        "ldr	r6, [sp, #8]\n\t"
+        "ldr	r7, [sp, #12]\n\t"
+        "ldr	r8, [r12, #32]\n\t"
+        "ldr	r9, [r12, #36]\n\t"
+        "ldr	r10, [r12, #40]\n\t"
+        "ldr	r11, [r12, #44]\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "str	r4, [lr, #32]\n\t"
+        "str	r5, [lr, #36]\n\t"
+        "str	r6, [lr, #40]\n\t"
+        "str	r7, [lr, #44]\n\t"
+        "ldr	r4, [sp, #16]\n\t"
+        "ldr	r5, [sp, #20]\n\t"
+        "ldr	r6, [sp, #24]\n\t"
+        "ldr	r7, [sp, #28]\n\t"
+        "ldr	r8, [r12, #48]\n\t"
+        "ldr	r9, [r12, #52]\n\t"
+        "ldr	r10, [r12, #56]\n\t"
+        "ldr	r11, [r12, #60]\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "eor	r6, r6, r10\n\t"
+        "eor	r7, r7, r11\n\t"
+        "str	r4, [lr, #48]\n\t"
+        "str	r5, [lr, #52]\n\t"
+        "str	r6, [lr, #56]\n\t"
+        "str	r7, [lr, #60]\n\t"
+        "ldr	%[len], [sp, #44]\n\t"
+        "add	r12, r12, #0x40\n\t"
+        "add	lr, lr, #0x40\n\t"
+        "str	r12, [sp, #40]\n\t"
+        "str	lr, [sp, #36]\n\t"
+        "subs	%[len], %[len], #0x40\n\t"
+        "ldr	lr, [sp, #32]\n\t"
+        "str	%[len], [sp, #44]\n\t"
+        "bne	L_chacha_arm32_crypt_block_%=\n\t"
+        "b	L_chacha_arm32_crypt_done_%=\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_lt_block_%=: \n\t"
+        /* Store in over field of ChaCha. */
+        "ldr	lr, [sp, #32]\n\t"
+        "add	r12, lr, #0x44\n\t"
+        "stm	r12!, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm	sp, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+        "stm	r12, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldr	%[m], [sp, #40]\n\t"
+        "ldr	%[len], [sp, #44]\n\t"
+#else
+        "ldrd	%[m], %[len], [sp, #40]\n\t"
+#endif
+        "ldr	%[c], [sp, #36]\n\t"
+        "rsb	r12, %[len], #0x40\n\t"
+        "str	r12, [lr, #64]\n\t"
+        "add	lr, lr, #0x44\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_16byte_loop_%=: \n\t"
+        "cmp	%[len], #16\n\t"
+        "blt	L_chacha_arm32_crypt_word_loop_%=\n\t"
+        /* 16 bytes of state XORed into message. */
+        "ldm	lr!, {r4, r5, r6, r7}\n\t"
+        "ldr	r8, [%[m]]\n\t"
+        "ldr	r9, [%[m], #4]\n\t"
+        "ldr	r10, [%[m], #8]\n\t"
+        "ldr	r11, [%[m], #12]\n\t"
+        "eor	r8, r8, r4\n\t"
+        "eor	r9, r9, r5\n\t"
+        "eor	r10, r10, r6\n\t"
+        "eor	r11, r11, r7\n\t"
+        "subs	%[len], %[len], #16\n\t"
+        "str	r8, [%[c]]\n\t"
+        "str	r9, [%[c], #4]\n\t"
+        "str	r10, [%[c], #8]\n\t"
+        "str	r11, [%[c], #12]\n\t"
+        "beq	L_chacha_arm32_crypt_done_%=\n\t"
+        "add	%[m], %[m], #16\n\t"
+        "add	%[c], %[c], #16\n\t"
+        "b	L_chacha_arm32_crypt_16byte_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_word_loop_%=: \n\t"
+        "cmp	%[len], #4\n\t"
+        "blt	L_chacha_arm32_crypt_byte_start_%=\n\t"
+        /* 4 bytes of state XORed into message. */
+        "ldr	r4, [lr]\n\t"
+        "ldr	r8, [%[m]]\n\t"
+        "eor	r8, r8, r4\n\t"
+        "subs	%[len], %[len], #4\n\t"
+        "str	r8, [%[c]]\n\t"
+        "beq	L_chacha_arm32_crypt_done_%=\n\t"
+        "add	lr, lr, #4\n\t"
+        "add	%[m], %[m], #4\n\t"
+        "add	%[c], %[c], #4\n\t"
+        "b	L_chacha_arm32_crypt_word_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_byte_start_%=: \n\t"
+        "ldr	r4, [lr]\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_byte_loop_%=: \n\t"
+        "ldrb	r8, [%[m]]\n\t"
+        "eor	r8, r8, r4\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "strb	r8, [%[c]]\n\t"
+        "beq	L_chacha_arm32_crypt_done_%=\n\t"
+        "lsr	r4, r4, #8\n\t"
+        "add	%[m], %[m], #1\n\t"
+        "add	%[c], %[c], #1\n\t"
+        "b	L_chacha_arm32_crypt_byte_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_crypt_done_%=: \n\t"
+        "add	sp, sp, #52\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len)
+        :
+#else
+        :
+        : [ctx] "r" (ctx), [c] "r" (c), [m] "r" (m), [len] "r" (len)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p,
+    word32 len_p)
+#else
+void wc_chacha_use_over(byte* over, byte* output, const byte* input, word32 len)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register byte* over asm ("r0") = (byte*)over_p;
+    register byte* output asm ("r1") = (byte*)output_p;
+    register const byte* input asm ("r2") = (const byte*)input_p;
+    register word32 len asm ("r3") = (word32)len_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "\n"
+    "L_chacha_arm32_over_16byte_loop_%=: \n\t"
+        "cmp	%[len], #16\n\t"
+        "blt	L_chacha_arm32_over_word_loop_%=\n\t"
+        /* 16 bytes of state XORed into message. */
+        "ldr	r12, [%[over]]\n\t"
+        "ldr	lr, [%[over], #4]\n\t"
+        "ldr	r4, [%[over], #8]\n\t"
+        "ldr	r5, [%[over], #12]\n\t"
+        "ldr	r6, [%[input]]\n\t"
+        "ldr	r7, [%[input], #4]\n\t"
+        "ldr	r8, [%[input], #8]\n\t"
+        "ldr	r9, [%[input], #12]\n\t"
+        "eor	r12, r12, r6\n\t"
+        "eor	lr, lr, r7\n\t"
+        "eor	r4, r4, r8\n\t"
+        "eor	r5, r5, r9\n\t"
+        "subs	%[len], %[len], #16\n\t"
+        "str	r12, [%[output]]\n\t"
+        "str	lr, [%[output], #4]\n\t"
+        "str	r4, [%[output], #8]\n\t"
+        "str	r5, [%[output], #12]\n\t"
+        "beq	L_chacha_arm32_over_done_%=\n\t"
+        "add	%[over], %[over], #16\n\t"
+        "add	%[input], %[input], #16\n\t"
+        "add	%[output], %[output], #16\n\t"
+        "b	L_chacha_arm32_over_16byte_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_over_word_loop_%=: \n\t"
+        "cmp	%[len], #4\n\t"
+        "blt	L_chacha_arm32_over_byte_loop_%=\n\t"
+        /* 4 bytes of state XORed into message. */
+        "ldr	r12, [%[over]]\n\t"
+        "ldr	r6, [%[input]]\n\t"
+        "eor	r12, r12, r6\n\t"
+        "subs	%[len], %[len], #4\n\t"
+        "str	r12, [%[output]]\n\t"
+        "beq	L_chacha_arm32_over_done_%=\n\t"
+        "add	%[over], %[over], #4\n\t"
+        "add	%[input], %[input], #4\n\t"
+        "add	%[output], %[output], #4\n\t"
+        "b	L_chacha_arm32_over_word_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_over_byte_loop_%=: \n\t"
+        /* 4 bytes of state XORed into message. */
+        "ldrb	r12, [%[over]]\n\t"
+        "ldrb	r6, [%[input]]\n\t"
+        "eor	r12, r12, r6\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "strb	r12, [%[output]]\n\t"
+        "beq	L_chacha_arm32_over_done_%=\n\t"
+        "add	%[over], %[over], #1\n\t"
+        "add	%[input], %[input], #1\n\t"
+        "add	%[output], %[output], #1\n\t"
+        "b	L_chacha_arm32_over_byte_loop_%=\n\t"
+        "\n"
+    "L_chacha_arm32_over_done_%=: \n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input),
+          [len] "+r" (len)
+        :
+#else
+        :
+        : [over] "r" (over), [output] "r" (output), [input] "r" (input),
+          [len] "r" (len)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9"
+    );
+}
+
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#endif /* HAVE_CHACHA */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S
index 69cb22e4e..44fa7f7e5 100644
--- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S
@@ -1,6 +1,6 @@
 /* armv8-32-curve25519
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,14 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+ *   ruby ./x25519/x25519.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
 #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
 #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
@@ -50,14 +48,12 @@ fe_add_sub_op:
 	push	{lr}
 	# Add-Sub
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r2]
-	ldr	r5, [r2, #4]
+	ldm	r2, {r4, r5}
 #else
 	ldrd	r4, r5, [r2]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r3]
-	ldr	r7, [r3, #4]
+	ldm	r3, {r6, r7}
 #else
 	ldrd	r6, r7, [r3]
 #endif
@@ -67,8 +63,7 @@ fe_add_sub_op:
 	adcs	r9, r5, r7
 	adc	r12, r12, #0
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r8, [r0]
-	str	r9, [r0, #4]
+	stm	r0, {r8, r9}
 #else
 	strd	r8, r9, [r0]
 #endif
@@ -76,8 +71,7 @@ fe_add_sub_op:
 	subs	r10, r4, r6
 	sbcs	r11, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r10, [r1]
-	str	r11, [r1, #4]
+	stm	r1, {r10, r11}
 #else
 	strd	r10, r11, [r1]
 #endif
@@ -176,8 +170,7 @@ fe_add_sub_op:
 	mul	r12, r3, r12
 	#   Add -x*modulus (if overflow)
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -192,8 +185,7 @@ fe_add_sub_op:
 	adcs	r6, r6, #0
 	adcs	r7, r7, #0
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -467,8 +459,7 @@ fe_copy:
 	push	{r4, r5, lr}
 	# Copy
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r2, [r1]
-	ldr	r3, [r1, #4]
+	ldm	r1, {r2, r3}
 #else
 	ldrd	r2, r3, [r1]
 #endif
@@ -479,8 +470,7 @@ fe_copy:
 	ldrd	r4, r5, [r1, #8]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r2, [r0]
-	str	r3, [r0, #4]
+	stm	r0, {r2, r3}
 #else
 	strd	r2, r3, [r0]
 #endif
@@ -616,7 +606,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -628,19 +618,12 @@ fe_cmov_table:
 	mov	r7, #0
 	mov	r8, #0
 	mov	r9, #0
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #31
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -675,19 +658,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #30
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -722,19 +698,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #29
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -769,19 +738,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #28
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -816,19 +778,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #27
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -863,19 +818,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #26
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -910,19 +858,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #25
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -957,19 +898,12 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #24
 	ror	r3, r3, r12
 	asr	r3, r3, #31
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -1025,8 +959,7 @@ fe_cmov_table:
 	and	r11, r11, r12
 	eor	r9, r9, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -1044,7 +977,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -1056,13 +989,7 @@ fe_cmov_table:
 	mov	r7, #0
 	mov	r8, #0
 	mov	r9, #0
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #31
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1103,13 +1030,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #30
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1150,13 +1071,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #29
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1197,13 +1112,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #28
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1244,13 +1153,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #27
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1291,13 +1194,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #26
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1338,13 +1235,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #25
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1385,13 +1276,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #24
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1473,7 +1358,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -1485,13 +1370,7 @@ fe_cmov_table:
 	mov	r7, #0
 	mov	r8, #0
 	mov	r9, #0
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #31
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1532,13 +1411,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #30
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1579,13 +1452,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #29
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1626,13 +1493,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #28
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1673,13 +1534,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #27
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1720,13 +1575,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #26
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1767,13 +1616,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #25
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1814,13 +1657,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #24
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1902,7 +1739,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -1914,13 +1751,7 @@ fe_cmov_table:
 	mov	r7, #0
 	mov	r8, #0
 	mov	r9, #0
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #31
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -1961,13 +1792,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #30
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2008,13 +1833,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #29
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2055,13 +1874,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #28
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2102,13 +1915,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #27
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2149,13 +1956,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #26
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2196,13 +1997,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #25
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2243,13 +2038,7 @@ fe_cmov_table:
 	eor	r8, r8, r10
 	eor	r9, r9, r11
 	add	r1, r1, #0x60
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x800000
-	lsl	r3, r3, #8
-	add	r3, r3, #0x0
-#else
 	mov	r3, #0x80000000
-#endif
 	ror	r3, r3, #24
 	ror	r3, r3, r12
 	asr	r3, r3, #31
@@ -2345,7 +2134,7 @@ fe_cmov_table:
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
 	lsl	r3, r2, #24
-	asr	r3, r2, #31
+	asr	r3, r3, #31
 #else
 	sbfx	r3, r2, #7, #1
 #endif
@@ -3404,20 +3193,21 @@ fe_mul121666:
 	# Multiply by 121666
 	ldm	r1, {r2, r3, r4, r5, r6, r7, r8, r9}
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #1
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xdb
-	lsl	r10, r10, #8
-	orr	r10, r10, #0x42
+	mov	r10, #0x42
+	orr	r10, r10, #0x10000
+	orr	r10, r10, #0xdb00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xdb
-	lsl	r10, r10, #8
-	add	r10, r10, #0x42
+	mov	r10, #0x42
+	orr	r10, r10, #0xdb00
 #else
 	mov	r10, #0xdb42
 #endif
-	movt	r10, #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x10000
+#else
+	movt	r10, #0x1
+#endif
 #endif
 	umull	r2, r12, r10, r2
 	umull	r3, lr, r10, r3
@@ -3471,20 +3261,21 @@ fe_mul121666:
 	# Multiply by 121666
 	ldm	r1, {r2, r3, r4, r5, r6, r7, r8, r9}
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #1
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xdb
-	lsl	lr, lr, #8
-	orr	lr, lr, #0x42
+	mov	lr, #0x42
+	orr	lr, lr, #0x10000
+	orr	lr, lr, #0xdb00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #0xdb
-	lsl	lr, lr, #8
-	add	lr, lr, #0x42
+	mov	lr, #0x42
+	orr	lr, lr, #0xdb00
 #else
 	mov	lr, #0xdb42
 #endif
-	movt	lr, #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x10000
+#else
+	movt	lr, #0x1
+#endif
 #endif
 	umull	r2, r10, lr, r2
 	sub	r12, lr, #1
@@ -5463,40 +5254,42 @@ sc_reduce:
 	sub	r0, r0, #28
 	# Add order times bits 504..511
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xa3
-	lsl	r10, r10, #8
-	orr	r10, r10, #10
-	lsl	r10, r10, #8
-	orr	r10, r10, #44
-	lsl	r10, r10, #8
-	orr	r10, r10, #19
+	mov	r10, #19
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+	orr	r10, r10, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x2c
-	lsl	r10, r10, #8
-	add	r10, r10, #0x13
+	mov	r10, #0x13
+	orr	r10, r10, #0x2c00
 #else
 	mov	r10, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+#else
 	movt	r10, #0xa30a
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xa7
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xed
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x9c
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+	orr	r11, r11, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x9c
-	lsl	r11, r11, #8
-	add	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0x9c00
 #else
 	mov	r11, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+#else
 	movt	r11, #0xa7ed
+#endif
 #endif
 	mov	r1, #0
 	umlal	r2, r1, r10, lr
@@ -5505,40 +5298,42 @@ sc_reduce:
 	adc	r1, r1, #0
 	umlal	r3, r1, r11, lr
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5d
-	lsl	r10, r10, #8
-	orr	r10, r10, #8
-	lsl	r10, r10, #8
-	orr	r10, r10, #0x63
-	lsl	r10, r10, #8
-	orr	r10, r10, #41
+	mov	r10, #41
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+	orr	r10, r10, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x63
-	lsl	r10, r10, #8
-	add	r10, r10, #0x29
+	mov	r10, #0x29
+	orr	r10, r10, #0x6300
 #else
 	mov	r10, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+#else
 	movt	r10, #0x5d08
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xeb
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
-	lsl	r11, r11, #8
-	orr	r11, r11, #6
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
+	mov	r11, #33
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+	orr	r11, r11, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x6
-	lsl	r11, r11, #8
-	add	r11, r11, #0x21
+	mov	r11, #0x21
+	orr	r11, r11, #0x600
 #else
 	mov	r11, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+#else
 	movt	r11, #0xeb21
+#endif
 #endif
 	adds	r4, r4, r1
 	mov	r1, #0
@@ -5559,22 +5354,23 @@ sc_reduce:
 	# Sub product of top 8 words and order
 	mov	r12, sp
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0!, {r10, r11}
@@ -5622,22 +5418,23 @@ sc_reduce:
 	sub	r0, r0, #16
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -5679,22 +5476,23 @@ sc_reduce:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -5736,22 +5534,23 @@ sc_reduce:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -5812,92 +5611,84 @@ sc_reduce:
 	sub	r12, r12, #36
 	asr	lr, r11, #25
 	# Conditionally subtract order starting at bit 125
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa00000
-	lsl	r1, r1, #8
-	add	r1, r1, #0x0
-#else
 	mov	r1, #0xa0000000
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0x4b
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x9e
-	lsl	r2, r2, #8
-	orr	r2, r2, #0xba
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+	orr	r2, r2, #0xba00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0xba
-	lsl	r2, r2, #8
-	add	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0xba00
 #else
 	mov	r2, #0xba7d
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+#else
 	movt	r2, #0x4b9e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0xcb
-	lsl	r3, r3, #8
-	orr	r3, r3, #2
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x4c
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+	orr	r3, r3, #0x4c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x4c
-	lsl	r3, r3, #8
-	add	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0x4c00
 #else
 	mov	r3, #0x4c63
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+#else
 	movt	r3, #0xcb02
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xd4
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x5e
-	lsl	r4, r4, #8
-	orr	r4, r4, #0xf3
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+	orr	r4, r4, #0xf300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xf3
-	lsl	r4, r4, #8
-	add	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xf300
 #else
 	mov	r4, #0xf39a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+#else
 	movt	r4, #0xd45e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #2
-	lsl	r5, r5, #8
-	orr	r5, r5, #0x9b
-	lsl	r5, r5, #8
-	orr	r5, r5, #0xdf
-	lsl	r5, r5, #8
-	orr	r5, r5, #59
+	mov	r5, #59
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+	orr	r5, r5, #0xdf00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #0xdf
-	lsl	r5, r5, #8
-	add	r5, r5, #0x3b
+	mov	r5, #0x3b
+	orr	r5, r5, #0xdf00
 #else
 	mov	r5, #0xdf3b
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+#else
 	movt	r5, #0x29b
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r9, #0x20000
-	lsl	r9, r9, #8
-	add	r9, r9, #0x0
-#else
-	mov	r9, #0x2000000
 #endif
+	mov	r9, #0x2000000
 	and	r1, r1, lr
 	and	r2, r2, lr
 	and	r3, r3, lr
@@ -5946,22 +5737,23 @@ sc_reduce:
 	mov	r0, sp
 	#   * -5cf5d3ed
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -5982,22 +5774,23 @@ sc_reduce:
 	add	r0, r0, #4
 	#   * -5812631b
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	r10, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6018,22 +5811,23 @@ sc_reduce:
 	add	r0, r0, #4
 	#   * -a2f79cd7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	r11, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6054,22 +5848,23 @@ sc_reduce:
 	add	r0, r0, #4
 	#   * -14def9df
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	r12, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6108,76 +5903,80 @@ sc_reduce:
 	sub	r0, r0, #16
 	ldm	r0, {r2, r3, r4, r5}
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5c
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xf5
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xd3
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+	orr	r10, r10, #0xd300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xd3
-	lsl	r10, r10, #8
-	add	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0xd300
 #else
 	mov	r10, #0xd3ed
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+#else
 	movt	r10, #0x5cf5
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x58
-	lsl	r11, r11, #8
-	orr	r11, r11, #18
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x63
-	lsl	r11, r11, #8
-	orr	r11, r11, #26
+	mov	r11, #26
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+	orr	r11, r11, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x63
-	lsl	r11, r11, #8
-	add	r11, r11, #0x1a
+	mov	r11, #0x1a
+	orr	r11, r11, #0x6300
 #else
 	mov	r11, #0x631a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+#else
 	movt	r11, #0x5812
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0xa2
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xf7
-	lsl	r12, r12, #8
-	orr	r12, r12, #0x9c
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+	orr	r12, r12, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0x9c
-	lsl	r12, r12, #8
-	add	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0x9c00
 #else
 	mov	r12, #0x9cd6
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+#else
 	movt	r12, #0xa2f7
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #20
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xf9
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+	orr	lr, lr, #0xf900
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #0xf9
-	lsl	lr, lr, #8
-	add	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0xf900
 #else
 	mov	lr, #0xf9de
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+#else
 	movt	lr, #0x14de
+#endif
 #endif
 	and	r10, r10, r1
 	and	r11, r11, r1
@@ -6240,79 +6039,83 @@ sc_reduce:
 	sub	r0, r0, #28
 	# Add order times bits 504..511
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xa3
-	lsl	r10, r10, #8
-	orr	r10, r10, #10
-	lsl	r10, r10, #8
-	orr	r10, r10, #44
-	lsl	r10, r10, #8
-	orr	r10, r10, #19
+	mov	r10, #19
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+	orr	r10, r10, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x2c
-	lsl	r10, r10, #8
-	add	r10, r10, #0x13
+	mov	r10, #0x13
+	orr	r10, r10, #0x2c00
 #else
 	mov	r10, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+#else
 	movt	r10, #0xa30a
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xa7
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xed
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x9c
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+	orr	r11, r11, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x9c
-	lsl	r11, r11, #8
-	add	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0x9c00
 #else
 	mov	r11, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+#else
 	movt	r11, #0xa7ed
+#endif
 #endif
 	mov	r1, #0
 	umlal	r2, r1, r10, lr
 	umaal	r3, r1, r11, lr
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5d
-	lsl	r10, r10, #8
-	orr	r10, r10, #8
-	lsl	r10, r10, #8
-	orr	r10, r10, #0x63
-	lsl	r10, r10, #8
-	orr	r10, r10, #41
+	mov	r10, #41
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+	orr	r10, r10, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x63
-	lsl	r10, r10, #8
-	add	r10, r10, #0x29
+	mov	r10, #0x29
+	orr	r10, r10, #0x6300
 #else
 	mov	r10, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+#else
 	movt	r10, #0x5d08
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xeb
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
-	lsl	r11, r11, #8
-	orr	r11, r11, #6
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
+	mov	r11, #33
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+	orr	r11, r11, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x6
-	lsl	r11, r11, #8
-	add	r11, r11, #0x21
+	mov	r11, #0x21
+	orr	r11, r11, #0x600
 #else
 	mov	r11, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+#else
 	movt	r11, #0xeb21
+#endif
 #endif
 	umaal	r4, r1, r10, lr
 	umaal	r5, r1, r11, lr
@@ -6327,22 +6130,23 @@ sc_reduce:
 	# Sub product of top 8 words and order
 	mov	r12, sp
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0!, {r10, r11}
@@ -6369,22 +6173,23 @@ sc_reduce:
 	sub	r0, r0, #16
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -6405,22 +6210,23 @@ sc_reduce:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -6441,22 +6247,23 @@ sc_reduce:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -6496,92 +6303,84 @@ sc_reduce:
 	sub	r12, r12, #36
 	asr	lr, r11, #25
 	# Conditionally subtract order starting at bit 125
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa00000
-	lsl	r1, r1, #8
-	add	r1, r1, #0x0
-#else
 	mov	r1, #0xa0000000
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0x4b
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x9e
-	lsl	r2, r2, #8
-	orr	r2, r2, #0xba
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+	orr	r2, r2, #0xba00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0xba
-	lsl	r2, r2, #8
-	add	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0xba00
 #else
 	mov	r2, #0xba7d
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+#else
 	movt	r2, #0x4b9e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0xcb
-	lsl	r3, r3, #8
-	orr	r3, r3, #2
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x4c
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+	orr	r3, r3, #0x4c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x4c
-	lsl	r3, r3, #8
-	add	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0x4c00
 #else
 	mov	r3, #0x4c63
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+#else
 	movt	r3, #0xcb02
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xd4
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x5e
-	lsl	r4, r4, #8
-	orr	r4, r4, #0xf3
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+	orr	r4, r4, #0xf300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xf3
-	lsl	r4, r4, #8
-	add	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xf300
 #else
 	mov	r4, #0xf39a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+#else
 	movt	r4, #0xd45e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #2
-	lsl	r5, r5, #8
-	orr	r5, r5, #0x9b
-	lsl	r5, r5, #8
-	orr	r5, r5, #0xdf
-	lsl	r5, r5, #8
-	orr	r5, r5, #59
+	mov	r5, #59
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+	orr	r5, r5, #0xdf00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #0xdf
-	lsl	r5, r5, #8
-	add	r5, r5, #0x3b
+	mov	r5, #0x3b
+	orr	r5, r5, #0xdf00
 #else
 	mov	r5, #0xdf3b
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+#else
 	movt	r5, #0x29b
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r9, #0x20000
-	lsl	r9, r9, #8
-	add	r9, r9, #0x0
-#else
-	mov	r9, #0x2000000
 #endif
+	mov	r9, #0x2000000
 	and	r1, r1, lr
 	and	r2, r2, lr
 	and	r3, r3, lr
@@ -6630,22 +6429,23 @@ sc_reduce:
 	mov	r0, sp
 	#   * -5cf5d3ed
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6657,22 +6457,23 @@ sc_reduce:
 	add	r0, r0, #4
 	#   * -5812631b
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	r10, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6684,22 +6485,23 @@ sc_reduce:
 	add	r0, r0, #4
 	#   * -a2f79cd7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	r11, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6711,22 +6513,23 @@ sc_reduce:
 	add	r0, r0, #4
 	#   * -14def9df
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	r12, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -6756,76 +6559,80 @@ sc_reduce:
 	sub	r0, r0, #16
 	ldm	r0, {r2, r3, r4, r5}
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5c
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xf5
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xd3
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+	orr	r10, r10, #0xd300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xd3
-	lsl	r10, r10, #8
-	add	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0xd300
 #else
 	mov	r10, #0xd3ed
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+#else
 	movt	r10, #0x5cf5
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x58
-	lsl	r11, r11, #8
-	orr	r11, r11, #18
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x63
-	lsl	r11, r11, #8
-	orr	r11, r11, #26
+	mov	r11, #26
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+	orr	r11, r11, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x63
-	lsl	r11, r11, #8
-	add	r11, r11, #0x1a
+	mov	r11, #0x1a
+	orr	r11, r11, #0x6300
 #else
 	mov	r11, #0x631a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+#else
 	movt	r11, #0x5812
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0xa2
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xf7
-	lsl	r12, r12, #8
-	orr	r12, r12, #0x9c
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+	orr	r12, r12, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0x9c
-	lsl	r12, r12, #8
-	add	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0x9c00
 #else
 	mov	r12, #0x9cd6
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+#else
 	movt	r12, #0xa2f7
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #20
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xf9
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+	orr	lr, lr, #0xf900
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #0xf9
-	lsl	lr, lr, #8
-	add	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0xf900
 #else
 	mov	lr, #0xf9de
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+#else
 	movt	lr, #0x14de
+#endif
 #endif
 	and	r10, r10, r1
 	and	r11, r11, r1
@@ -7240,40 +7047,42 @@ sc_muladd:
 #endif
 	# Add order times bits 504..507
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xa3
-	lsl	r10, r10, #8
-	orr	r10, r10, #10
-	lsl	r10, r10, #8
-	orr	r10, r10, #44
-	lsl	r10, r10, #8
-	orr	r10, r10, #19
+	mov	r10, #19
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+	orr	r10, r10, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x2c
-	lsl	r10, r10, #8
-	add	r10, r10, #0x13
+	mov	r10, #0x13
+	orr	r10, r10, #0x2c00
 #else
 	mov	r10, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+#else
 	movt	r10, #0xa30a
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xa7
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xed
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x9c
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+	orr	r11, r11, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x9c
-	lsl	r11, r11, #8
-	add	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0x9c00
 #else
 	mov	r11, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+#else
 	movt	r11, #0xa7ed
+#endif
 #endif
 	mov	r1, #0
 	umlal	r2, r1, r10, lr
@@ -7282,40 +7091,42 @@ sc_muladd:
 	adc	r1, r1, #0
 	umlal	r3, r1, r11, lr
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5d
-	lsl	r10, r10, #8
-	orr	r10, r10, #8
-	lsl	r10, r10, #8
-	orr	r10, r10, #0x63
-	lsl	r10, r10, #8
-	orr	r10, r10, #41
+	mov	r10, #41
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+	orr	r10, r10, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x63
-	lsl	r10, r10, #8
-	add	r10, r10, #0x29
+	mov	r10, #0x29
+	orr	r10, r10, #0x6300
 #else
 	mov	r10, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+#else
 	movt	r10, #0x5d08
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xeb
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
-	lsl	r11, r11, #8
-	orr	r11, r11, #6
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
+	mov	r11, #33
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+	orr	r11, r11, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x6
-	lsl	r11, r11, #8
-	add	r11, r11, #0x21
+	mov	r11, #0x21
+	orr	r11, r11, #0x600
 #else
 	mov	r11, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+#else
 	movt	r11, #0xeb21
+#endif
 #endif
 	adds	r4, r4, r1
 	mov	r1, #0
@@ -7336,22 +7147,23 @@ sc_muladd:
 	# Sub product of top 8 words and order
 	mov	r12, sp
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0!, {r10, r11}
@@ -7399,22 +7211,23 @@ sc_muladd:
 	sub	r0, r0, #16
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -7456,22 +7269,23 @@ sc_muladd:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -7513,22 +7327,23 @@ sc_muladd:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -7589,92 +7404,84 @@ sc_muladd:
 	sub	r12, r12, #36
 	asr	lr, r11, #25
 	# Conditionally subtract order starting at bit 125
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa00000
-	lsl	r1, r1, #8
-	add	r1, r1, #0x0
-#else
 	mov	r1, #0xa0000000
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0x4b
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x9e
-	lsl	r2, r2, #8
-	orr	r2, r2, #0xba
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+	orr	r2, r2, #0xba00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0xba
-	lsl	r2, r2, #8
-	add	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0xba00
 #else
 	mov	r2, #0xba7d
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+#else
 	movt	r2, #0x4b9e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0xcb
-	lsl	r3, r3, #8
-	orr	r3, r3, #2
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x4c
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+	orr	r3, r3, #0x4c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x4c
-	lsl	r3, r3, #8
-	add	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0x4c00
 #else
 	mov	r3, #0x4c63
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+#else
 	movt	r3, #0xcb02
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xd4
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x5e
-	lsl	r4, r4, #8
-	orr	r4, r4, #0xf3
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+	orr	r4, r4, #0xf300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xf3
-	lsl	r4, r4, #8
-	add	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xf300
 #else
 	mov	r4, #0xf39a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+#else
 	movt	r4, #0xd45e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #2
-	lsl	r5, r5, #8
-	orr	r5, r5, #0x9b
-	lsl	r5, r5, #8
-	orr	r5, r5, #0xdf
-	lsl	r5, r5, #8
-	orr	r5, r5, #59
+	mov	r5, #59
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+	orr	r5, r5, #0xdf00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #0xdf
-	lsl	r5, r5, #8
-	add	r5, r5, #0x3b
+	mov	r5, #0x3b
+	orr	r5, r5, #0xdf00
 #else
 	mov	r5, #0xdf3b
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+#else
 	movt	r5, #0x29b
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r9, #0x20000
-	lsl	r9, r9, #8
-	add	r9, r9, #0x0
-#else
-	mov	r9, #0x2000000
 #endif
+	mov	r9, #0x2000000
 	and	r1, r1, lr
 	and	r2, r2, lr
 	and	r3, r3, lr
@@ -7723,22 +7530,23 @@ sc_muladd:
 	mov	r0, sp
 	#   * -5cf5d3ed
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -7759,22 +7567,23 @@ sc_muladd:
 	add	r0, r0, #4
 	#   * -5812631b
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	r10, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -7795,22 +7604,23 @@ sc_muladd:
 	add	r0, r0, #4
 	#   * -a2f79cd7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	r11, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -7831,22 +7641,23 @@ sc_muladd:
 	add	r0, r0, #4
 	#   * -14def9df
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	r12, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -7885,76 +7696,80 @@ sc_muladd:
 	sub	r0, r0, #16
 	ldm	r0, {r2, r3, r4, r5}
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5c
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xf5
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xd3
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+	orr	r10, r10, #0xd300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xd3
-	lsl	r10, r10, #8
-	add	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0xd300
 #else
 	mov	r10, #0xd3ed
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+#else
 	movt	r10, #0x5cf5
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x58
-	lsl	r11, r11, #8
-	orr	r11, r11, #18
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x63
-	lsl	r11, r11, #8
-	orr	r11, r11, #26
+	mov	r11, #26
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+	orr	r11, r11, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x63
-	lsl	r11, r11, #8
-	add	r11, r11, #0x1a
+	mov	r11, #0x1a
+	orr	r11, r11, #0x6300
 #else
 	mov	r11, #0x631a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+#else
 	movt	r11, #0x5812
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0xa2
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xf7
-	lsl	r12, r12, #8
-	orr	r12, r12, #0x9c
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+	orr	r12, r12, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0x9c
-	lsl	r12, r12, #8
-	add	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0x9c00
 #else
 	mov	r12, #0x9cd6
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+#else
 	movt	r12, #0xa2f7
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #20
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xf9
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+	orr	lr, lr, #0xf900
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #0xf9
-	lsl	lr, lr, #8
-	add	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0xf900
 #else
 	mov	lr, #0xf9de
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+#else
 	movt	lr, #0x14de
+#endif
 #endif
 	and	r10, r10, r1
 	and	r11, r11, r1
@@ -8147,79 +7962,83 @@ sc_muladd:
 #endif
 	# Add order times bits 504..507
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xa3
-	lsl	r10, r10, #8
-	orr	r10, r10, #10
-	lsl	r10, r10, #8
-	orr	r10, r10, #44
-	lsl	r10, r10, #8
-	orr	r10, r10, #19
+	mov	r10, #19
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+	orr	r10, r10, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x2c
-	lsl	r10, r10, #8
-	add	r10, r10, #0x13
+	mov	r10, #0x13
+	orr	r10, r10, #0x2c00
 #else
 	mov	r10, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xa3000000
+	orr	r10, r10, #0xa0000
+#else
 	movt	r10, #0xa30a
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xa7
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xed
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x9c
-	lsl	r11, r11, #8
-	orr	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+	orr	r11, r11, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x9c
-	lsl	r11, r11, #8
-	add	r11, r11, #0xe5
+	mov	r11, #0xe5
+	orr	r11, r11, #0x9c00
 #else
 	mov	r11, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xa7000000
+	orr	r11, r11, #0xed0000
+#else
 	movt	r11, #0xa7ed
+#endif
 #endif
 	mov	r1, #0
 	umlal	r2, r1, r10, lr
 	umaal	r3, r1, r11, lr
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5d
-	lsl	r10, r10, #8
-	orr	r10, r10, #8
-	lsl	r10, r10, #8
-	orr	r10, r10, #0x63
-	lsl	r10, r10, #8
-	orr	r10, r10, #41
+	mov	r10, #41
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+	orr	r10, r10, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x63
-	lsl	r10, r10, #8
-	add	r10, r10, #0x29
+	mov	r10, #0x29
+	orr	r10, r10, #0x6300
 #else
 	mov	r10, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5d000000
+	orr	r10, r10, #0x80000
+#else
 	movt	r10, #0x5d08
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0xeb
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
-	lsl	r11, r11, #8
-	orr	r11, r11, #6
-	lsl	r11, r11, #8
-	orr	r11, r11, #33
+	mov	r11, #33
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+	orr	r11, r11, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x6
-	lsl	r11, r11, #8
-	add	r11, r11, #0x21
+	mov	r11, #0x21
+	orr	r11, r11, #0x600
 #else
 	mov	r11, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0xeb000000
+	orr	r11, r11, #0x210000
+#else
 	movt	r11, #0xeb21
+#endif
 #endif
 	umaal	r4, r1, r10, lr
 	umaal	r5, r1, r11, lr
@@ -8234,22 +8053,23 @@ sc_muladd:
 	# Sub product of top 8 words and order
 	mov	r12, sp
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0!, {r10, r11}
@@ -8276,22 +8096,23 @@ sc_muladd:
 	sub	r0, r0, #16
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -8312,22 +8133,23 @@ sc_muladd:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -8348,22 +8170,23 @@ sc_muladd:
 	stm	r12!, {r10, r11, lr}
 	sub	r12, r12, #32
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	lr, #0
 	ldm	r12, {r10, r11}
@@ -8403,92 +8226,84 @@ sc_muladd:
 	sub	r12, r12, #36
 	asr	lr, r11, #25
 	# Conditionally subtract order starting at bit 125
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa00000
-	lsl	r1, r1, #8
-	add	r1, r1, #0x0
-#else
 	mov	r1, #0xa0000000
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0x4b
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x9e
-	lsl	r2, r2, #8
-	orr	r2, r2, #0xba
-	lsl	r2, r2, #8
-	orr	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+	orr	r2, r2, #0xba00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r2, #0xba
-	lsl	r2, r2, #8
-	add	r2, r2, #0x7d
+	mov	r2, #0x7d
+	orr	r2, r2, #0xba00
 #else
 	mov	r2, #0xba7d
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r2, r2, #0x4b000000
+	orr	r2, r2, #0x9e0000
+#else
 	movt	r2, #0x4b9e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0xcb
-	lsl	r3, r3, #8
-	orr	r3, r3, #2
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x4c
-	lsl	r3, r3, #8
-	orr	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+	orr	r3, r3, #0x4c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r3, #0x4c
-	lsl	r3, r3, #8
-	add	r3, r3, #0x63
+	mov	r3, #0x63
+	orr	r3, r3, #0x4c00
 #else
 	mov	r3, #0x4c63
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r3, r3, #0xcb000000
+	orr	r3, r3, #0x20000
+#else
 	movt	r3, #0xcb02
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xd4
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x5e
-	lsl	r4, r4, #8
-	orr	r4, r4, #0xf3
-	lsl	r4, r4, #8
-	orr	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+	orr	r4, r4, #0xf300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r4, #0xf3
-	lsl	r4, r4, #8
-	add	r4, r4, #0x9a
+	mov	r4, #0x9a
+	orr	r4, r4, #0xf300
 #else
 	mov	r4, #0xf39a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r4, r4, #0xd4000000
+	orr	r4, r4, #0x5e0000
+#else
 	movt	r4, #0xd45e
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #2
-	lsl	r5, r5, #8
-	orr	r5, r5, #0x9b
-	lsl	r5, r5, #8
-	orr	r5, r5, #0xdf
-	lsl	r5, r5, #8
-	orr	r5, r5, #59
+	mov	r5, #59
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+	orr	r5, r5, #0xdf00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r5, #0xdf
-	lsl	r5, r5, #8
-	add	r5, r5, #0x3b
+	mov	r5, #0x3b
+	orr	r5, r5, #0xdf00
 #else
 	mov	r5, #0xdf3b
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r5, r5, #0x2000000
+	orr	r5, r5, #0x9b0000
+#else
 	movt	r5, #0x29b
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r9, #0x20000
-	lsl	r9, r9, #8
-	add	r9, r9, #0x0
-#else
-	mov	r9, #0x2000000
 #endif
+	mov	r9, #0x2000000
 	and	r1, r1, lr
 	and	r2, r2, lr
 	and	r3, r3, lr
@@ -8537,22 +8352,23 @@ sc_muladd:
 	mov	r0, sp
 	#   * -5cf5d3ed
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa3
-	lsl	r1, r1, #8
-	orr	r1, r1, #10
-	lsl	r1, r1, #8
-	orr	r1, r1, #44
-	lsl	r1, r1, #8
-	orr	r1, r1, #19
+	mov	r1, #19
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+	orr	r1, r1, #0x2c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x2c
-	lsl	r1, r1, #8
-	add	r1, r1, #0x13
+	mov	r1, #0x13
+	orr	r1, r1, #0x2c00
 #else
 	mov	r1, #0x2c13
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa3000000
+	orr	r1, r1, #0xa0000
+#else
 	movt	r1, #0xa30a
+#endif
 #endif
 	mov	lr, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -8564,22 +8380,23 @@ sc_muladd:
 	add	r0, r0, #4
 	#   * -5812631b
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xa7
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xed
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x9c
-	lsl	r1, r1, #8
-	orr	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+	orr	r1, r1, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x9c
-	lsl	r1, r1, #8
-	add	r1, r1, #0xe5
+	mov	r1, #0xe5
+	orr	r1, r1, #0x9c00
 #else
 	mov	r1, #0x9ce5
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xa7000000
+	orr	r1, r1, #0xed0000
+#else
 	movt	r1, #0xa7ed
+#endif
 #endif
 	mov	r10, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -8591,22 +8408,23 @@ sc_muladd:
 	add	r0, r0, #4
 	#   * -a2f79cd7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x5d
-	lsl	r1, r1, #8
-	orr	r1, r1, #8
-	lsl	r1, r1, #8
-	orr	r1, r1, #0x63
-	lsl	r1, r1, #8
-	orr	r1, r1, #41
+	mov	r1, #41
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+	orr	r1, r1, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x63
-	lsl	r1, r1, #8
-	add	r1, r1, #0x29
+	mov	r1, #0x29
+	orr	r1, r1, #0x6300
 #else
 	mov	r1, #0x6329
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0x5d000000
+	orr	r1, r1, #0x80000
+#else
 	movt	r1, #0x5d08
+#endif
 #endif
 	mov	r11, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -8618,22 +8436,23 @@ sc_muladd:
 	add	r0, r0, #4
 	#   * -14def9df
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0xeb
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
-	lsl	r1, r1, #8
-	orr	r1, r1, #6
-	lsl	r1, r1, #8
-	orr	r1, r1, #33
+	mov	r1, #33
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+	orr	r1, r1, #0x600
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r1, #0x6
-	lsl	r1, r1, #8
-	add	r1, r1, #0x21
+	mov	r1, #0x21
+	orr	r1, r1, #0x600
 #else
 	mov	r1, #0x621
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r1, r1, #0xeb000000
+	orr	r1, r1, #0x210000
+#else
 	movt	r1, #0xeb21
+#endif
 #endif
 	mov	r12, #0
 	ldm	r0, {r6, r7, r8, r9}
@@ -8663,76 +8482,80 @@ sc_muladd:
 	sub	r0, r0, #16
 	ldm	r0, {r2, r3, r4, r5}
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0x5c
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xf5
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xd3
-	lsl	r10, r10, #8
-	orr	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+	orr	r10, r10, #0xd300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r10, #0xd3
-	lsl	r10, r10, #8
-	add	r10, r10, #0xed
+	mov	r10, #0xed
+	orr	r10, r10, #0xd300
 #else
 	mov	r10, #0xd3ed
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0x5c000000
+	orr	r10, r10, #0xf50000
+#else
 	movt	r10, #0x5cf5
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x58
-	lsl	r11, r11, #8
-	orr	r11, r11, #18
-	lsl	r11, r11, #8
-	orr	r11, r11, #0x63
-	lsl	r11, r11, #8
-	orr	r11, r11, #26
+	mov	r11, #26
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+	orr	r11, r11, #0x6300
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r11, #0x63
-	lsl	r11, r11, #8
-	add	r11, r11, #0x1a
+	mov	r11, #0x1a
+	orr	r11, r11, #0x6300
 #else
 	mov	r11, #0x631a
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x58000000
+	orr	r11, r11, #0x120000
+#else
 	movt	r11, #0x5812
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0xa2
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xf7
-	lsl	r12, r12, #8
-	orr	r12, r12, #0x9c
-	lsl	r12, r12, #8
-	orr	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+	orr	r12, r12, #0x9c00
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	r12, #0x9c
-	lsl	r12, r12, #8
-	add	r12, r12, #0xd6
+	mov	r12, #0xd6
+	orr	r12, r12, #0x9c00
 #else
 	mov	r12, #0x9cd6
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xa2000000
+	orr	r12, r12, #0xf70000
+#else
 	movt	r12, #0xa2f7
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #20
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xf9
-	lsl	lr, lr, #8
-	orr	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+	orr	lr, lr, #0xf900
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	mov	lr, #0xf9
-	lsl	lr, lr, #8
-	add	lr, lr, #0xde
+	mov	lr, #0xde
+	orr	lr, lr, #0xf900
 #else
 	mov	lr, #0xf9de
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0x14000000
+	orr	lr, lr, #0xde0000
+#else
 	movt	lr, #0x14de
+#endif
 #endif
 	and	r10, r10, r1
 	and	r11, r11, r1
@@ -8771,7 +8594,7 @@ sc_muladd:
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
index 09ef2eb43..9d683b958 100644
--- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-curve25519
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,36 +21,33 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.c
+ *   ruby ./x25519/x25519.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.c
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
 #endif /* __IAR_SYSTEMS_ICC__ */
 #ifdef __KEIL__
 #define __asm__        __asm
 #define __volatile__   volatile
 #endif /* __KEIL__ */
+#ifdef __ghs__
+#define __asm__        __asm
+#define __volatile__
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __ghs__ */
 /* Based on work by: Emil Lenngren
  * https://github.com/pornin/X25519-Cortex-M4
  */
@@ -62,30 +59,45 @@
 #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
 #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_init()
+#else
+void fe_init()
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
     __asm__ __volatile__ (
         "\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         :
         :
+#else
+        :
+        :
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         : "memory", "cc"
     );
 }
 
 void fe_add_sub_op(void);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_add_sub_op()
+#else
+void fe_add_sub_op()
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
     __asm__ __volatile__ (
         /* Add-Sub */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [r2]\n\t"
-        "ldr	r5, [r2, #4]\n\t"
+        "ldm	r2, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [r2]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [r3]\n\t"
-        "ldr	r7, [r3, #4]\n\t"
+        "ldm	r3, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [r3]\n\t"
 #endif
@@ -95,8 +107,7 @@ void fe_add_sub_op()
         "adcs	r9, r5, r7\n\t"
         "adc	r12, r12, #0\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r8, [r0]\n\t"
-        "str	r9, [r0, #4]\n\t"
+        "stm	r0, {r8, r9}\n\t"
 #else
         "strd	r8, r9, [r0]\n\t"
 #endif
@@ -104,8 +115,7 @@ void fe_add_sub_op()
         "subs	r10, r4, r6\n\t"
         "sbcs	r11, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r10, [r1]\n\t"
-        "str	r11, [r1, #4]\n\t"
+        "stm	r1, {r10, r11}\n\t"
 #else
         "strd	r10, r11, [r1]\n\t"
 #endif
@@ -204,8 +214,7 @@ void fe_add_sub_op()
         "mul	r12, r3, r12\n\t"
         /*   Add -x*modulus (if overflow) */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [r0]\n\t"
-        "ldr	r5, [r0, #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [r0]\n\t"
 #endif
@@ -220,8 +229,7 @@ void fe_add_sub_op()
         "adcs	r6, r6, #0\n\t"
         "adcs	r7, r7, #0\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [r0]\n\t"
-        "str	r5, [r0, #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [r0]\n\t"
 #endif
@@ -280,15 +288,26 @@ void fe_add_sub_op()
         "sbc	r11, r11, #0\n\t"
         "stm	r1, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         /* Done Add-Sub */
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         :
         :
-        : "memory", "lr", "cc"
+#else
+        :
+        :
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr"
     );
 }
 
 void fe_sub_op(void);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sub_op()
+#else
+void fe_sub_op()
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
     __asm__ __volatile__ (
         /* Sub */
         "ldm	r2!, {r6, r7, r8, r9, r10, r11, r12, lr}\n\t"
@@ -322,29 +341,52 @@ void fe_sub_op()
         "sbc	lr, lr, #0\n\t"
         "stm	r0, {r6, r7, r8, r9, r10, r11, r12, lr}\n\t"
         /* Done Sub */
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         :
         :
-        : "memory", "lr", "cc"
+#else
+        :
+        :
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sub(fe r_p, const fe a_p, const fe b_p)
+#else
+void fe_sub(fe r, const fe a, const fe b)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* r asm ("r0") = (sword32*)r_p;
     register const sword32* a asm ("r1") = (const sword32*)a_p;
     register const sword32* b asm ("r2") = (const sword32*)b_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "bl	fe_sub_op\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [a] "r" (a), [b] "r" (b)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
 void fe_add_op(void);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_add_op()
+#else
+void fe_add_op()
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
     __asm__ __volatile__ (
         /* Add */
         "ldm	r2!, {r6, r7, r8, r9, r10, r11, r12, lr}\n\t"
@@ -379,31 +421,54 @@ void fe_add_op()
         "adc	lr, lr, #0\n\t"
         "stm	r0, {r6, r7, r8, r9, r10, r11, r12, lr}\n\t"
         /* Done Add */
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         :
         :
-        : "memory", "lr", "cc"
+#else
+        :
+        :
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_add(fe r_p, const fe a_p, const fe b_p)
+#else
+void fe_add(fe r, const fe a, const fe b)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* r asm ("r0") = (sword32*)r_p;
     register const sword32* a asm ("r1") = (const sword32*)a_p;
     register const sword32* b asm ("r2") = (const sword32*)b_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "bl	fe_add_op\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [a] "r" (a), [b] "r" (b)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
 #ifdef HAVE_ED25519
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_frombytes(fe out_p, const unsigned char* in_p)
+#else
+void fe_frombytes(fe out, const unsigned char* in)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* out asm ("r0") = (sword32*)out_p;
     register const unsigned char* in asm ("r1") = (const unsigned char*)in_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "ldr	r2, [%[in]]\n\t"
@@ -427,16 +492,27 @@ void fe_frombytes(fe out_p, const unsigned char* in_p)
         "str	r7, [%[out], #20]\n\t"
         "str	r8, [%[out], #24]\n\t"
         "str	r9, [%[out], #28]\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [out] "+r" (out), [in] "+r" (in)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+#else
+        :
+        : [out] "r" (out), [in] "r" (in)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_tobytes(unsigned char* out_p, const fe n_p)
+#else
+void fe_tobytes(unsigned char* out, const fe n)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register unsigned char* out asm ("r0") = (unsigned char*)out_p;
     register const sword32* n asm ("r1") = (const sword32*)n_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "ldm	%[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
@@ -471,15 +547,26 @@ void fe_tobytes(unsigned char* out_p, const fe n_p)
         "str	r7, [%[out], #20]\n\t"
         "str	r8, [%[out], #24]\n\t"
         "str	r9, [%[out], #28]\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [out] "+r" (out), [n] "+r" (n)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "cc"
+#else
+        :
+        : [out] "r" (out), [n] "r" (n)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_1(fe n_p)
+#else
+void fe_1(fe n)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* n asm ("r0") = (sword32*)n_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         /* Set one */
@@ -492,15 +579,26 @@ void fe_1(fe n_p)
         "mov	r8, #0\n\t"
         "mov	r9, #0\n\t"
         "stm	%[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [n] "+r" (n)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+#else
+        :
+        : [n] "r" (n)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_0(fe n_p)
+#else
+void fe_0(fe n)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* n asm ("r0") = (sword32*)n_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         /* Set zero */
@@ -513,22 +611,32 @@ void fe_0(fe n_p)
         "mov	r8, #0\n\t"
         "mov	r9, #0\n\t"
         "stm	%[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [n] "+r" (n)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+#else
+        :
+        : [n] "r" (n)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_copy(fe r_p, const fe a_p)
+#else
+void fe_copy(fe r, const fe a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* r asm ("r0") = (sword32*)r_p;
     register const sword32* a asm ("r1") = (const sword32*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         /* Copy */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r2, [%[a]]\n\t"
-        "ldr	r3, [%[a], #4]\n\t"
+        "ldm	r1, {r2, r3}\n\t"
 #else
         "ldrd	r2, r3, [%[a]]\n\t"
 #endif
@@ -539,8 +647,7 @@ void fe_copy(fe r_p, const fe a_p)
         "ldrd	r4, r5, [%[a], #8]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r2, [%[r]]\n\t"
-        "str	r3, [%[r], #4]\n\t"
+        "stm	r0, {r2, r3}\n\t"
 #else
         "strd	r2, r3, [%[r]]\n\t"
 #endif
@@ -574,16 +681,27 @@ void fe_copy(fe r_p, const fe a_p)
 #else
         "strd	r4, r5, [%[r], #24]\n\t"
 #endif
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "cc"
+#else
+        :
+        : [r] "r" (r), [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r4", "r5"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_neg(fe r_p, const fe a_p)
+#else
+void fe_neg(fe r, const fe a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* r asm ("r0") = (sword32*)r_p;
     register const sword32* a asm ("r1") = (const sword32*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "mvn	lr, #0\n\t"
@@ -601,15 +719,26 @@ void fe_neg(fe r_p, const fe a_p)
         "sbcs	r4, lr, r4\n\t"
         "sbc	r5, r12, r5\n\t"
         "stm	%[r]!, {r2, r3, r4, r5}\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r12", "lr"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 int fe_isnonzero(const fe a_p)
+#else
+int fe_isnonzero(const fe a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register const sword32* a asm ("r0") = (const sword32*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "ldm	%[a], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
@@ -643,16 +772,28 @@ int fe_isnonzero(const fe a_p)
         "orr	r4, r4, r6\n\t"
         "orr	r2, r2, r8\n\t"
         "orr	%[a], r2, r4\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "cc"
+#else
+        :
+        : [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r12"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 int fe_isnegative(const fe a_p)
+#else
+int fe_isnegative(const fe a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register const sword32* a asm ("r0") = (const sword32*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "ldm	%[a]!, {r2, r3, r4, r5}\n\t"
@@ -669,20 +810,31 @@ int fe_isnegative(const fe a_p)
         "and	%[a], r2, #1\n\t"
         "lsr	r1, r1, #31\n\t"
         "eor	%[a], %[a], r1\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
+#else
+        :
+        : [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN)
 #ifndef WC_NO_CACHE_RESISTANT
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
+#else
+void fe_cmov_table(fe* r, fe* base, signed char b)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register fe* r asm ("r0") = (fe*)r_p;
     register fe* base asm ("r1") = (fe*)base_p;
     register signed char b asm ("r2") = (signed char)b_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
@@ -693,7 +845,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -705,19 +857,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "mov	r7, #0\n\t"
         "mov	r8, #0\n\t"
         "mov	r9, #0\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #31\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -752,19 +897,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #30\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -799,19 +937,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #29\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -846,19 +977,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #28\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -893,19 +1017,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #27\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -940,19 +1057,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #26\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -987,19 +1097,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #25\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -1034,19 +1137,12 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #24\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [%[base]]\n\t"
-        "ldr	r11, [%[base], #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [%[base]]\n\t"
 #endif
@@ -1102,8 +1198,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "and	r11, r11, r12\n\t"
         "eor	r9, r9, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[r]]\n\t"
-        "str	r5, [%[r], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[r]]\n\t"
 #endif
@@ -1121,7 +1216,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -1133,13 +1228,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "mov	r7, #0\n\t"
         "mov	r8, #0\n\t"
         "mov	r9, #0\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #31\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1180,13 +1269,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #30\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1227,13 +1310,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #29\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1274,13 +1351,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #28\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1321,13 +1392,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #27\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1368,13 +1433,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #26\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1415,13 +1474,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #25\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1462,13 +1515,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #24\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1550,7 +1597,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -1562,13 +1609,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "mov	r7, #0\n\t"
         "mov	r8, #0\n\t"
         "mov	r9, #0\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #31\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1609,13 +1650,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #30\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1656,13 +1691,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #29\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1703,13 +1732,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #28\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1750,13 +1773,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #27\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1797,13 +1814,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #26\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1844,13 +1855,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #25\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1891,13 +1896,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #24\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -1979,7 +1978,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -1991,13 +1990,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "mov	r7, #0\n\t"
         "mov	r8, #0\n\t"
         "mov	r9, #0\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #31\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2038,13 +2031,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #30\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2085,13 +2072,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #29\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2132,13 +2113,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #28\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2179,13 +2154,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #27\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2226,13 +2195,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #26\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2273,13 +2236,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #25\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2320,13 +2277,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "eor	r8, r8, r10\n\t"
         "eor	r9, r9, r11\n\t"
         "add	%[base], %[base], #0x60\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x800000\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x0\n\t"
-#else
         "mov	r3, #0x80000000\n\t"
-#endif
         "ror	r3, r3, #24\n\t"
         "ror	r3, r3, r12\n\t"
         "asr	r3, r3, #31\n\t"
@@ -2405,18 +2356,30 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #else
         "strd	r8, r9, [%[r], #88]\n\t"
 #endif
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r3", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [base] "r" (base), [b] "r" (b)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r3", "r10",
+            "r11", "r12", "lr"
     );
 }
 
 #else
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
+#else
+void fe_cmov_table(fe* r, fe* base, signed char b)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register fe* r asm ("r0") = (fe*)r_p;
     register fe* base asm ("r1") = (fe*)base_p;
     register signed char b asm ("r2") = (signed char)b_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
@@ -2427,7 +2390,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
         "lsl	r3, %[b], #24\n\t"
-        "asr	r3, %[b], #31\n\t"
+        "asr	r3, r3, #31\n\t"
 #else
         "sbfx	r3, %[b], #7, #1\n\t"
 #endif
@@ -2525,9 +2488,15 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
         "and	r7, r7, lr\n\t"
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         "sub	%[base], %[base], %[b]\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [base] "r" (base), [b] "r" (b)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -2536,8 +2505,14 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p)
 #endif /* HAVE_ED25519 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
 void fe_mul_op(void);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul_op()
+#else
+void fe_mul_op()
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
     __asm__ __volatile__ (
         "sub	sp, sp, #40\n\t"
         "str	r0, [sp, #36]\n\t"
@@ -2912,16 +2887,27 @@ void fe_mul_op()
         "ldr	r0, [sp, #36]\n\t"
         "stm	r0, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
         "add	sp, sp, #40\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         :
         :
-        : "memory", "lr", "cc"
+#else
+        :
+        :
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr"
     );
 }
 
 #else
 void fe_mul_op(void);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul_op()
+#else
+void fe_mul_op()
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
     __asm__ __volatile__ (
         "sub	sp, sp, #44\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
@@ -3055,31 +3041,54 @@ void fe_mul_op()
         /* Store */
         "stm	lr, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         "add	sp, sp, #16\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         :
         :
-        : "memory", "lr", "cc"
+#else
+        :
+        :
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr"
     );
 }
 
 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul(fe r_p, const fe a_p, const fe b_p)
+#else
+void fe_mul(fe r, const fe a, const fe b)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* r asm ("r0") = (sword32*)r_p;
     register const sword32* a asm ("r1") = (const sword32*)a_p;
     register const sword32* b asm ("r2") = (const sword32*)b_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "bl	fe_mul_op\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [a] "r" (a), [b] "r" (b)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
 void fe_sq_op(void);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq_op()
+#else
+void fe_sq_op()
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
     __asm__ __volatile__ (
         "sub	sp, sp, #0x44\n\t"
         "str	r0, [sp, #64]\n\t"
@@ -3347,16 +3356,27 @@ void fe_sq_op()
         "ldr	r0, [sp, #64]\n\t"
         "stm	r0, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
         "add	sp, sp, #0x44\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         :
         :
-        : "memory", "lr", "cc"
+#else
+        :
+        :
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr"
     );
 }
 
 #else
 void fe_sq_op(void);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq_op()
+#else
+void fe_sq_op()
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
     __asm__ __volatile__ (
         "sub	sp, sp, #32\n\t"
         "str	r0, [sp, #28]\n\t"
@@ -3476,51 +3496,75 @@ void fe_sq_op()
         "pop	{lr}\n\t"
         /* Store */
         "stm	lr, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         :
         :
-        : "memory", "lr", "cc"
+#else
+        :
+        :
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr"
     );
 }
 
 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq(fe r_p, const fe a_p)
+#else
+void fe_sq(fe r, const fe a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* r asm ("r0") = (sword32*)r_p;
     register const sword32* a asm ("r1") = (const sword32*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "bl	fe_sq_op\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "r11", "cc"
+#else
+        :
+        : [r] "r" (r), [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10", "r11"
     );
 }
 
 #ifdef HAVE_CURVE25519
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul121666(fe r_p, fe a_p)
+#else
+void fe_mul121666(fe r, fe a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* r asm ("r0") = (sword32*)r_p;
     register sword32* a asm ("r1") = (sword32*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         /* Multiply by 121666 */
         "ldm	%[a], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #1\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xdb\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0x42\n\t"
+        "mov	r10, #0x42\n\t"
+        "orr	r10, r10, #0x10000\n\t"
+        "orr	r10, r10, #0xdb00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xdb\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x42\n\t"
+        "mov	r10, #0x42\n\t"
+        "orr	r10, r10, #0xdb00\n\t"
 #else
         "mov	r10, #0xdb42\n\t"
 #endif
-        "movt	r10, #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x10000\n\t"
+#else
+        "movt	r10, #0x1\n\t"
+#endif
 #endif
         "umull	r2, r12, r10, r2\n\t"
         "umull	r3, lr, r10, r3\n\t"
@@ -3562,36 +3606,49 @@ void fe_mul121666(fe r_p, fe a_p)
         "adcs	r8, r8, #0\n\t"
         "adc	r9, r9, #0\n\t"
         "stm	%[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc"
+#else
+        :
+        : [r] "r" (r), [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10"
     );
 }
 
 #else
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul121666(fe r_p, fe a_p)
+#else
+void fe_mul121666(fe r, fe a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* r asm ("r0") = (sword32*)r_p;
     register sword32* a asm ("r1") = (sword32*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         /* Multiply by 121666 */
         "ldm	%[a], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #1\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xdb\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0x42\n\t"
+        "mov	lr, #0x42\n\t"
+        "orr	lr, lr, #0x10000\n\t"
+        "orr	lr, lr, #0xdb00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #0xdb\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "add	lr, lr, #0x42\n\t"
+        "mov	lr, #0x42\n\t"
+        "orr	lr, lr, #0xdb00\n\t"
 #else
         "mov	lr, #0xdb42\n\t"
 #endif
-        "movt	lr, #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x10000\n\t"
+#else
+        "movt	lr, #0x1\n\t"
+#endif
 #endif
         "umull	r2, r10, lr, r2\n\t"
         "sub	r12, lr, #1\n\t"
@@ -3620,19 +3677,31 @@ void fe_mul121666(fe r_p, fe a_p)
         "adcs	r8, r8, #0\n\t"
         "adc	r9, r9, #0\n\t"
         "stm	%[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc"
+#else
+        :
+        : [r] "r" (r), [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10"
     );
 }
 
 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
 #ifndef WC_NO_CACHE_RESISTANT
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
+#else
+int curve25519(byte* r, const byte* n, const byte* a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register byte* r asm ("r0") = (byte*)r_p;
     register const byte* n asm ("r1") = (const byte*)n_p;
     register const byte* a asm ("r2") = (const byte*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0xbc\n\t"
@@ -4010,19 +4079,31 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "bl	fe_mul_op\n\t"
         "mov	r0, #0\n\t"
         "add	sp, sp, #0xbc\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [n] "r" (n), [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
+#else
+int curve25519(byte* r, const byte* n, const byte* a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register byte* r asm ("r0") = (byte*)r_p;
     register const byte* n asm ("r1") = (const byte*)n_p;
     register const byte* a asm ("r2") = (const byte*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0xc0\n\t"
@@ -4323,20 +4404,32 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
         "stm	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "mov	r0, #0\n\t"
         "add	sp, sp, #0xc0\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [n] "r" (n), [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WC_NO_CACHE_RESISTANT */
 #endif /* HAVE_CURVE25519 */
 #ifdef HAVE_ED25519
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_invert(fe r_p, const fe a_p)
+#else
+void fe_invert(fe r, const fe a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* r asm ("r0") = (sword32*)r_p;
     register const sword32* a asm ("r1") = (const sword32*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0x88\n\t"
@@ -4497,17 +4590,29 @@ void fe_invert(fe r_p, const fe a_p)
         "ldr	%[a], [sp, #132]\n\t"
         "ldr	%[r], [sp, #128]\n\t"
         "add	sp, sp, #0x88\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [r] "r" (r), [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq2(fe r_p, const fe a_p)
+#else
+void fe_sq2(fe r, const fe a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* r asm ("r0") = (sword32*)r_p;
     register const sword32* a asm ("r1") = (const sword32*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0x44\n\t"
@@ -4817,17 +4922,28 @@ void fe_sq2(fe r_p, const fe a_p)
         "ldr	r0, [sp, #64]\n\t"
         "stm	r0, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
         "add	sp, sp, #0x44\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr"
     );
 }
 
 #else
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq2(fe r_p, const fe a_p)
+#else
+void fe_sq2(fe r, const fe a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* r asm ("r0") = (sword32*)r_p;
     register const sword32* a asm ("r1") = (const sword32*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #36\n\t"
@@ -4996,17 +5112,28 @@ void fe_sq2(fe r_p, const fe a_p)
         "stm	r12, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         "mov	r0, r12\n\t"
         "mov	r1, lr\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr"
     );
 }
 
 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_pow22523(fe r_p, const fe a_p)
+#else
+void fe_pow22523(fe r, const fe a)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* r asm ("r0") = (sword32*)r_p;
     register const sword32* a asm ("r1") = (const sword32*)a_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0x68\n\t"
@@ -5167,16 +5294,28 @@ void fe_pow22523(fe r_p, const fe a_p)
         "ldr	%[a], [sp, #100]\n\t"
         "ldr	%[r], [sp, #96]\n\t"
         "add	sp, sp, #0x68\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [r] "r" (r), [a] "r" (a)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void ge_p1p1_to_p2(ge_p2 * r_p, const ge_p1p1 * p_p)
+#else
+void ge_p1p1_to_p2(ge_p2 * r, const ge_p1p1 * p)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register ge_p2 * r asm ("r0") = (ge_p2 *)r_p;
     register const ge_p1p1 * p asm ("r1") = (const ge_p1p1 *)p_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #8\n\t"
@@ -5197,16 +5336,28 @@ void ge_p1p1_to_p2(ge_p2 * r_p, const ge_p1p1 * p_p)
         "add	r0, r0, #0x40\n\t"
         "bl	fe_mul_op\n\t"
         "add	sp, sp, #8\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [r] "r" (r), [p] "r" (p)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void ge_p1p1_to_p3(ge_p3 * r_p, const ge_p1p1 * p_p)
+#else
+void ge_p1p1_to_p3(ge_p3 * r, const ge_p1p1 * p)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register ge_p3 * r asm ("r0") = (ge_p3 *)r_p;
     register const ge_p1p1 * p asm ("r1") = (const ge_p1p1 *)p_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #8\n\t"
@@ -5232,16 +5383,28 @@ void ge_p1p1_to_p3(ge_p3 * r_p, const ge_p1p1 * p_p)
         "add	r0, r0, #0x60\n\t"
         "bl	fe_mul_op\n\t"
         "add	sp, sp, #8\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [r] "r" (r), [p] "r" (p)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void ge_p2_dbl(ge_p1p1 * r_p, const ge_p2 * p_p)
+#else
+void ge_p2_dbl(ge_p1p1 * r, const ge_p2 * p)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register ge_p1p1 * r asm ("r0") = (ge_p1p1 *)r_p;
     register const ge_p2 * p asm ("r1") = (const ge_p2 *)p_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #8\n\t"
@@ -5279,17 +5442,29 @@ void ge_p2_dbl(ge_p1p1 * r_p, const ge_p2 * p_p)
         "mov	r1, r0\n\t"
         "bl	fe_sub_op\n\t"
         "add	sp, sp, #8\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [p] "r" (p)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void ge_madd(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p)
+#else
+void ge_madd(ge_p1p1 * r, const ge_p3 * p, const ge_precomp * q)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register ge_p1p1 * r asm ("r0") = (ge_p1p1 *)r_p;
     register const ge_p3 * p asm ("r1") = (const ge_p3 *)p_p;
     register const ge_precomp * q asm ("r2") = (const ge_precomp *)q_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #12\n\t"
@@ -5365,17 +5540,29 @@ void ge_madd(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p)
         "add	r1, r0, #32\n\t"
         "bl	fe_add_sub_op\n\t"
         "add	sp, sp, #12\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [p] "r" (p), [q] "r" (q)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void ge_msub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p)
+#else
+void ge_msub(ge_p1p1 * r, const ge_p3 * p, const ge_precomp * q)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register ge_p1p1 * r asm ("r0") = (ge_p1p1 *)r_p;
     register const ge_p3 * p asm ("r1") = (const ge_p3 *)p_p;
     register const ge_precomp * q asm ("r2") = (const ge_precomp *)q_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #12\n\t"
@@ -5452,17 +5639,29 @@ void ge_msub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p)
         "add	r0, r0, #32\n\t"
         "bl	fe_add_sub_op\n\t"
         "add	sp, sp, #12\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [p] "r" (p), [q] "r" (q)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void ge_add(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p)
+#else
+void ge_add(ge_p1p1 * r, const ge_p3 * p, const ge_cached* q)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register ge_p1p1 * r asm ("r0") = (ge_p1p1 *)r_p;
     register const ge_p3 * p asm ("r1") = (const ge_p3 *)p_p;
     register const ge_cached* q asm ("r2") = (const ge_cached*)q_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #44\n\t"
@@ -5539,17 +5738,29 @@ void ge_add(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p)
         "add	r0, r0, #32\n\t"
         "bl	fe_add_sub_op\n\t"
         "add	sp, sp, #44\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [p] "r" (p), [q] "r" (q)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void ge_sub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p)
+#else
+void ge_sub(ge_p1p1 * r, const ge_p3 * p, const ge_cached* q)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register ge_p1p1 * r asm ("r0") = (ge_p1p1 *)r_p;
     register const ge_p3 * p asm ("r1") = (const ge_p3 *)p_p;
     register const ge_cached* q asm ("r2") = (const ge_cached*)q_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #44\n\t"
@@ -5626,16 +5837,28 @@ void ge_sub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p)
         "add	r0, r0, #0x40\n\t"
         "bl	fe_add_sub_op\n\t"
         "add	sp, sp, #44\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [r] "r" (r), [p] "r" (p), [q] "r" (q)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void sc_reduce(byte* s_p)
+#else
+void sc_reduce(byte* s)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register byte* s asm ("r0") = (byte*)s_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #56\n\t"
@@ -5668,40 +5891,42 @@ void sc_reduce(byte* s_p)
         "sub	%[s], %[s], #28\n\t"
         /* Add order times bits 504..511 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xa3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #10\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #44\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #19\n\t"
+        "mov	r10, #19\n\t"
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x2c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x13\n\t"
+        "mov	r10, #0x13\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
         "mov	r10, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+#else
         "movt	r10, #0xa30a\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xa7\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xed\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
         "mov	r11, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+#else
         "movt	r11, #0xa7ed\n\t"
+#endif
 #endif
         "mov	r1, #0\n\t"
         "umlal	r2, r1, r10, lr\n\t"
@@ -5710,40 +5935,42 @@ void sc_reduce(byte* s_p)
         "adc	r1, r1, #0\n\t"
         "umlal	r3, r1, r11, lr\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5d\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #8\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #41\n\t"
+        "mov	r10, #41\n\t"
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x29\n\t"
+        "mov	r10, #0x29\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
         "mov	r10, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+#else
         "movt	r10, #0x5d08\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xeb\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
+        "mov	r11, #33\n\t"
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x21\n\t"
+        "mov	r11, #0x21\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
         "mov	r11, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+#else
         "movt	r11, #0xeb21\n\t"
+#endif
 #endif
         "adds	r4, r4, r1\n\t"
         "mov	r1, #0\n\t"
@@ -5764,22 +5991,23 @@ void sc_reduce(byte* s_p)
         /* Sub product of top 8 words and order */
         "mov	r12, sp\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa3\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #10\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #44\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #19\n\t"
+        "mov	r1, #19\n\t"
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x2c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x13\n\t"
+        "mov	r1, #0x13\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
         "mov	r1, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+#else
         "movt	r1, #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s]!, {r10, r11}\n\t"
@@ -5827,22 +6055,23 @@ void sc_reduce(byte* s_p)
         "sub	%[s], %[s], #16\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa7\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xed\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
         "mov	r1, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+#else
         "movt	r1, #0xa7ed\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -5884,22 +6113,23 @@ void sc_reduce(byte* s_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x5d\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #8\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #41\n\t"
+        "mov	r1, #41\n\t"
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x29\n\t"
+        "mov	r1, #0x29\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
         "mov	r1, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+#else
         "movt	r1, #0x5d08\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -5941,22 +6171,23 @@ void sc_reduce(byte* s_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xeb\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
+        "mov	r1, #33\n\t"
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x21\n\t"
+        "mov	r1, #0x21\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
         "mov	r1, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+#else
         "movt	r1, #0xeb21\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -6017,92 +6248,84 @@ void sc_reduce(byte* s_p)
         "sub	r12, r12, #36\n\t"
         "asr	lr, r11, #25\n\t"
         /* Conditionally subtract order starting at bit 125 */
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa00000\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x0\n\t"
-#else
         "mov	r1, #0xa0000000\n\t"
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x4b\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "orr	r2, r2, #0x9e\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "orr	r2, r2, #0xba\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "orr	r2, r2, #0x7d\n\t"
+        "mov	r2, #0x7d\n\t"
+        "orr	r2, r2, #0x4b000000\n\t"
+        "orr	r2, r2, #0x9e0000\n\t"
+        "orr	r2, r2, #0xba00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0xba\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x7d\n\t"
+        "mov	r2, #0x7d\n\t"
+        "orr	r2, r2, #0xba00\n\t"
 #else
         "mov	r2, #0xba7d\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r2, r2, #0x4b000000\n\t"
+        "orr	r2, r2, #0x9e0000\n\t"
+#else
         "movt	r2, #0x4b9e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0xcb\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "orr	r3, r3, #2\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "orr	r3, r3, #0x4c\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "orr	r3, r3, #0x63\n\t"
+        "mov	r3, #0x63\n\t"
+        "orr	r3, r3, #0xcb000000\n\t"
+        "orr	r3, r3, #0x20000\n\t"
+        "orr	r3, r3, #0x4c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x4c\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x63\n\t"
+        "mov	r3, #0x63\n\t"
+        "orr	r3, r3, #0x4c00\n\t"
 #else
         "mov	r3, #0x4c63\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r3, r3, #0xcb000000\n\t"
+        "orr	r3, r3, #0x20000\n\t"
+#else
         "movt	r3, #0xcb02\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xd4\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x5e\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "add	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
         "mov	r4, #0xf39a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+#else
         "movt	r4, #0xd45e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #2\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0x9b\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #59\n\t"
+        "mov	r5, #59\n\t"
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "add	r5, r5, #0x3b\n\t"
+        "mov	r5, #0x3b\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
         "mov	r5, #0xdf3b\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+#else
         "movt	r5, #0x29b\n\t"
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r9, #0x20000\n\t"
-        "lsl	r9, r9, #8\n\t"
-        "add	r9, r9, #0x0\n\t"
-#else
-        "mov	r9, #0x2000000\n\t"
 #endif
+        "mov	r9, #0x2000000\n\t"
         "and	r1, r1, lr\n\t"
         "and	r2, r2, lr\n\t"
         "and	r3, r3, lr\n\t"
@@ -6151,22 +6374,23 @@ void sc_reduce(byte* s_p)
         "mov	%[s], sp\n\t"
         /*   * -5cf5d3ed */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa3\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #10\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #44\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #19\n\t"
+        "mov	r1, #19\n\t"
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x2c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x13\n\t"
+        "mov	r1, #0x13\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
         "mov	r1, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+#else
         "movt	r1, #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6187,22 +6411,23 @@ void sc_reduce(byte* s_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -5812631b */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa7\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xed\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
         "mov	r1, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+#else
         "movt	r1, #0xa7ed\n\t"
+#endif
 #endif
         "mov	r10, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6223,22 +6448,23 @@ void sc_reduce(byte* s_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -a2f79cd7 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x5d\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #8\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #41\n\t"
+        "mov	r1, #41\n\t"
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x29\n\t"
+        "mov	r1, #0x29\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
         "mov	r1, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+#else
         "movt	r1, #0x5d08\n\t"
+#endif
 #endif
         "mov	r11, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6259,22 +6485,23 @@ void sc_reduce(byte* s_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -14def9df */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xeb\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
+        "mov	r1, #33\n\t"
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x21\n\t"
+        "mov	r1, #0x21\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
         "mov	r1, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+#else
         "movt	r1, #0xeb21\n\t"
+#endif
 #endif
         "mov	r12, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6313,76 +6540,80 @@ void sc_reduce(byte* s_p)
         "sub	%[s], %[s], #16\n\t"
         "ldm	%[s], {r2, r3, r4, r5}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xf5\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
         "mov	r10, #0xd3ed\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+#else
         "movt	r10, #0x5cf5\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x58\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #18\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #26\n\t"
+        "mov	r11, #26\n\t"
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x1a\n\t"
+        "mov	r11, #0x1a\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
         "mov	r11, #0x631a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+#else
         "movt	r11, #0x5812\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0xa2\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xf7\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "add	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
         "mov	r12, #0x9cd6\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+#else
         "movt	r12, #0xa2f7\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #20\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "add	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
         "mov	lr, #0xf9de\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+#else
         "movt	lr, #0x14de\n\t"
+#endif
 #endif
         "and	r10, r10, r1\n\t"
         "and	r11, r11, r1\n\t"
@@ -6406,16 +6637,28 @@ void sc_reduce(byte* s_p)
         "ldr	%[s], [sp, #52]\n\t"
         "stm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "add	sp, sp, #56\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [s] "+r" (s)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [s] "r" (s)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
 }
 
 #else
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void sc_reduce(byte* s_p)
+#else
+void sc_reduce(byte* s)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register byte* s asm ("r0") = (byte*)s_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #56\n\t"
@@ -6448,79 +6691,83 @@ void sc_reduce(byte* s_p)
         "sub	%[s], %[s], #28\n\t"
         /* Add order times bits 504..511 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xa3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #10\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #44\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #19\n\t"
+        "mov	r10, #19\n\t"
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x2c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x13\n\t"
+        "mov	r10, #0x13\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
         "mov	r10, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+#else
         "movt	r10, #0xa30a\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xa7\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xed\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
         "mov	r11, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+#else
         "movt	r11, #0xa7ed\n\t"
+#endif
 #endif
         "mov	r1, #0\n\t"
         "umlal	r2, r1, r10, lr\n\t"
         "umaal	r3, r1, r11, lr\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5d\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #8\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #41\n\t"
+        "mov	r10, #41\n\t"
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x29\n\t"
+        "mov	r10, #0x29\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
         "mov	r10, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+#else
         "movt	r10, #0x5d08\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xeb\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
+        "mov	r11, #33\n\t"
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x21\n\t"
+        "mov	r11, #0x21\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
         "mov	r11, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+#else
         "movt	r11, #0xeb21\n\t"
+#endif
 #endif
         "umaal	r4, r1, r10, lr\n\t"
         "umaal	r5, r1, r11, lr\n\t"
@@ -6535,22 +6782,23 @@ void sc_reduce(byte* s_p)
         /* Sub product of top 8 words and order */
         "mov	r12, sp\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa3\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #10\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #44\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #19\n\t"
+        "mov	r1, #19\n\t"
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x2c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x13\n\t"
+        "mov	r1, #0x13\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
         "mov	r1, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+#else
         "movt	r1, #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s]!, {r10, r11}\n\t"
@@ -6577,22 +6825,23 @@ void sc_reduce(byte* s_p)
         "sub	%[s], %[s], #16\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa7\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xed\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
         "mov	r1, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+#else
         "movt	r1, #0xa7ed\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -6613,22 +6862,23 @@ void sc_reduce(byte* s_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x5d\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #8\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #41\n\t"
+        "mov	r1, #41\n\t"
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x29\n\t"
+        "mov	r1, #0x29\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
         "mov	r1, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+#else
         "movt	r1, #0x5d08\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -6649,22 +6899,23 @@ void sc_reduce(byte* s_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xeb\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
+        "mov	r1, #33\n\t"
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x21\n\t"
+        "mov	r1, #0x21\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
         "mov	r1, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+#else
         "movt	r1, #0xeb21\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -6704,92 +6955,84 @@ void sc_reduce(byte* s_p)
         "sub	r12, r12, #36\n\t"
         "asr	lr, r11, #25\n\t"
         /* Conditionally subtract order starting at bit 125 */
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa00000\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x0\n\t"
-#else
         "mov	r1, #0xa0000000\n\t"
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x4b\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "orr	r2, r2, #0x9e\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "orr	r2, r2, #0xba\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "orr	r2, r2, #0x7d\n\t"
+        "mov	r2, #0x7d\n\t"
+        "orr	r2, r2, #0x4b000000\n\t"
+        "orr	r2, r2, #0x9e0000\n\t"
+        "orr	r2, r2, #0xba00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0xba\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x7d\n\t"
+        "mov	r2, #0x7d\n\t"
+        "orr	r2, r2, #0xba00\n\t"
 #else
         "mov	r2, #0xba7d\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r2, r2, #0x4b000000\n\t"
+        "orr	r2, r2, #0x9e0000\n\t"
+#else
         "movt	r2, #0x4b9e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0xcb\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "orr	r3, r3, #2\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "orr	r3, r3, #0x4c\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "orr	r3, r3, #0x63\n\t"
+        "mov	r3, #0x63\n\t"
+        "orr	r3, r3, #0xcb000000\n\t"
+        "orr	r3, r3, #0x20000\n\t"
+        "orr	r3, r3, #0x4c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x4c\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0x63\n\t"
+        "mov	r3, #0x63\n\t"
+        "orr	r3, r3, #0x4c00\n\t"
 #else
         "mov	r3, #0x4c63\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r3, r3, #0xcb000000\n\t"
+        "orr	r3, r3, #0x20000\n\t"
+#else
         "movt	r3, #0xcb02\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xd4\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x5e\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "add	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
         "mov	r4, #0xf39a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+#else
         "movt	r4, #0xd45e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #2\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0x9b\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #59\n\t"
+        "mov	r5, #59\n\t"
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "add	r5, r5, #0x3b\n\t"
+        "mov	r5, #0x3b\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
         "mov	r5, #0xdf3b\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+#else
         "movt	r5, #0x29b\n\t"
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r9, #0x20000\n\t"
-        "lsl	r9, r9, #8\n\t"
-        "add	r9, r9, #0x0\n\t"
-#else
-        "mov	r9, #0x2000000\n\t"
 #endif
+        "mov	r9, #0x2000000\n\t"
         "and	r1, r1, lr\n\t"
         "and	r2, r2, lr\n\t"
         "and	r3, r3, lr\n\t"
@@ -6838,22 +7081,23 @@ void sc_reduce(byte* s_p)
         "mov	%[s], sp\n\t"
         /*   * -5cf5d3ed */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa3\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #10\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #44\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #19\n\t"
+        "mov	r1, #19\n\t"
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x2c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x13\n\t"
+        "mov	r1, #0x13\n\t"
+        "orr	r1, r1, #0x2c00\n\t"
 #else
         "mov	r1, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa3000000\n\t"
+        "orr	r1, r1, #0xa0000\n\t"
+#else
         "movt	r1, #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6865,22 +7109,23 @@ void sc_reduce(byte* s_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -5812631b */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xa7\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xed\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x9c\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0xe5\n\t"
+        "mov	r1, #0xe5\n\t"
+        "orr	r1, r1, #0x9c00\n\t"
 #else
         "mov	r1, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xa7000000\n\t"
+        "orr	r1, r1, #0xed0000\n\t"
+#else
         "movt	r1, #0xa7ed\n\t"
+#endif
 #endif
         "mov	r10, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6892,22 +7137,23 @@ void sc_reduce(byte* s_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -a2f79cd7 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x5d\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #8\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #41\n\t"
+        "mov	r1, #41\n\t"
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x63\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x29\n\t"
+        "mov	r1, #0x29\n\t"
+        "orr	r1, r1, #0x6300\n\t"
 #else
         "mov	r1, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0x5d000000\n\t"
+        "orr	r1, r1, #0x80000\n\t"
+#else
         "movt	r1, #0x5d08\n\t"
+#endif
 #endif
         "mov	r11, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6919,22 +7165,23 @@ void sc_reduce(byte* s_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -14def9df */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0xeb\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "orr	r1, r1, #33\n\t"
+        "mov	r1, #33\n\t"
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r1, #0x6\n\t"
-        "lsl	r1, r1, #8\n\t"
-        "add	r1, r1, #0x21\n\t"
+        "mov	r1, #0x21\n\t"
+        "orr	r1, r1, #0x600\n\t"
 #else
         "mov	r1, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r1, r1, #0xeb000000\n\t"
+        "orr	r1, r1, #0x210000\n\t"
+#else
         "movt	r1, #0xeb21\n\t"
+#endif
 #endif
         "mov	r12, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -6964,76 +7211,80 @@ void sc_reduce(byte* s_p)
         "sub	%[s], %[s], #16\n\t"
         "ldm	%[s], {r2, r3, r4, r5}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xf5\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
         "mov	r10, #0xd3ed\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+#else
         "movt	r10, #0x5cf5\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x58\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #18\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #26\n\t"
+        "mov	r11, #26\n\t"
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x1a\n\t"
+        "mov	r11, #0x1a\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
         "mov	r11, #0x631a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+#else
         "movt	r11, #0x5812\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0xa2\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xf7\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "add	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
         "mov	r12, #0x9cd6\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+#else
         "movt	r12, #0xa2f7\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #20\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "add	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
         "mov	lr, #0xf9de\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+#else
         "movt	lr, #0x14de\n\t"
+#endif
 #endif
         "and	r10, r10, r1\n\t"
         "and	r11, r11, r1\n\t"
@@ -7057,26 +7308,38 @@ void sc_reduce(byte* s_p)
         "ldr	%[s], [sp, #52]\n\t"
         "stm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "add	sp, sp, #56\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [s] "+r" (s)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [s] "r" (s)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
 }
 
 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
 #ifdef HAVE_ED25519_SIGN
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
+#else
+void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register byte* s asm ("r0") = (byte*)s_p;
     register const byte* a asm ("r1") = (const byte*)a_p;
     register const byte* b asm ("r2") = (const byte*)b_p;
     register const byte* c asm ("r3") = (const byte*)c_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0x50\n\t"
         "add	lr, sp, #0x44\n\t"
-        "stm	lr, {%[s], %[a], %[c]}\n\t"
+        "stm	lr, {r0, r1, r3}\n\t"
         "mov	%[s], #0\n\t"
         "ldr	r12, [%[a]]\n\t"
         /* A[0] * B[0] */
@@ -7402,24 +7665,24 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "adc	r10, %[s], #0\n\t"
         "umlal	r9, r10, r12, lr\n\t"
         "add	lr, sp, #32\n\t"
-        "stm	lr, {%[c], r4, r5, r6, r7, r8, r9, r10}\n\t"
+        "stm	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
         "mov	%[s], sp\n\t"
         /* Add c to a * b */
         "ldr	lr, [sp, #76]\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "ldm	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm	lr!, {r1, r10, r11, r12}\n\t"
         "adds	%[b], %[b], %[a]\n\t"
         "adcs	%[c], %[c], r10\n\t"
         "adcs	r4, r4, r11\n\t"
         "adcs	r5, r5, r12\n\t"
-        "ldm	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm	lr!, {r1, r10, r11, r12}\n\t"
         "adcs	r6, r6, %[a]\n\t"
         "adcs	r7, r7, r10\n\t"
         "adcs	r8, r8, r11\n\t"
         "adcs	r9, r9, r12\n\t"
         "mov	%[a], r9\n\t"
-        "stm	%[s]!, {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
+        "stm	%[s]!, {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "adcs	%[b], %[b], #0\n\t"
         "adcs	%[c], %[c], #0\n\t"
         "adcs	r4, r4, #0\n\t"
@@ -7454,40 +7717,42 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #endif
         /* Add order times bits 504..507 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xa3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #10\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #44\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #19\n\t"
+        "mov	r10, #19\n\t"
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x2c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x13\n\t"
+        "mov	r10, #0x13\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
         "mov	r10, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+#else
         "movt	r10, #0xa30a\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xa7\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xed\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
         "mov	r11, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+#else
         "movt	r11, #0xa7ed\n\t"
+#endif
 #endif
         "mov	%[a], #0\n\t"
         "umlal	%[b], %[a], r10, lr\n\t"
@@ -7496,40 +7761,42 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "adc	%[a], %[a], #0\n\t"
         "umlal	%[c], %[a], r11, lr\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5d\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #8\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #41\n\t"
+        "mov	r10, #41\n\t"
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x29\n\t"
+        "mov	r10, #0x29\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
         "mov	r10, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+#else
         "movt	r10, #0x5d08\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xeb\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
+        "mov	r11, #33\n\t"
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x21\n\t"
+        "mov	r11, #0x21\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
         "mov	r11, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+#else
         "movt	r11, #0xeb21\n\t"
+#endif
 #endif
         "adds	r4, r4, %[a]\n\t"
         "mov	%[a], #0\n\t"
@@ -7550,22 +7817,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         /* Sub product of top 8 words and order */
         "mov	r12, sp\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa3\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #10\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #44\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #19\n\t"
+        "mov	%[a], #19\n\t"
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x2c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x13\n\t"
+        "mov	%[a], #0x13\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
         "mov	%[a], #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+#else
         "movt	%[a], #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s]!, {r10, r11}\n\t"
@@ -7613,22 +7881,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sub	%[s], %[s], #16\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa7\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xed\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
         "mov	%[a], #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+#else
         "movt	%[a], #0xa7ed\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -7670,22 +7939,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x5d\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #8\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #41\n\t"
+        "mov	%[a], #41\n\t"
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x29\n\t"
+        "mov	%[a], #0x29\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
         "mov	%[a], #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+#else
         "movt	%[a], #0x5d08\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -7727,22 +7997,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xeb\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
+        "mov	%[a], #33\n\t"
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x21\n\t"
+        "mov	%[a], #0x21\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
         "mov	%[a], #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+#else
         "movt	%[a], #0xeb21\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -7803,92 +8074,84 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sub	r12, r12, #36\n\t"
         "asr	lr, r11, #25\n\t"
         /* Conditionally subtract order starting at bit 125 */
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa00000\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x0\n\t"
-#else
         "mov	%[a], #0xa0000000\n\t"
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[b], #0x4b\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "orr	%[b], %[b], #0x9e\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "orr	%[b], %[b], #0xba\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "orr	%[b], %[b], #0x7d\n\t"
+        "mov	%[b], #0x7d\n\t"
+        "orr	%[b], %[b], #0x4b000000\n\t"
+        "orr	%[b], %[b], #0x9e0000\n\t"
+        "orr	%[b], %[b], #0xba00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[b], #0xba\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "add	%[b], %[b], #0x7d\n\t"
+        "mov	%[b], #0x7d\n\t"
+        "orr	%[b], %[b], #0xba00\n\t"
 #else
         "mov	%[b], #0xba7d\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[b], %[b], #0x4b000000\n\t"
+        "orr	%[b], %[b], #0x9e0000\n\t"
+#else
         "movt	%[b], #0x4b9e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[c], #0xcb\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "orr	%[c], %[c], #2\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "orr	%[c], %[c], #0x4c\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "orr	%[c], %[c], #0x63\n\t"
+        "mov	%[c], #0x63\n\t"
+        "orr	%[c], %[c], #0xcb000000\n\t"
+        "orr	%[c], %[c], #0x20000\n\t"
+        "orr	%[c], %[c], #0x4c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[c], #0x4c\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "add	%[c], %[c], #0x63\n\t"
+        "mov	%[c], #0x63\n\t"
+        "orr	%[c], %[c], #0x4c00\n\t"
 #else
         "mov	%[c], #0x4c63\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[c], %[c], #0xcb000000\n\t"
+        "orr	%[c], %[c], #0x20000\n\t"
+#else
         "movt	%[c], #0xcb02\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xd4\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x5e\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "add	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
         "mov	r4, #0xf39a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+#else
         "movt	r4, #0xd45e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #2\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0x9b\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #59\n\t"
+        "mov	r5, #59\n\t"
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "add	r5, r5, #0x3b\n\t"
+        "mov	r5, #0x3b\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
         "mov	r5, #0xdf3b\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+#else
         "movt	r5, #0x29b\n\t"
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r9, #0x20000\n\t"
-        "lsl	r9, r9, #8\n\t"
-        "add	r9, r9, #0x0\n\t"
-#else
-        "mov	r9, #0x2000000\n\t"
 #endif
+        "mov	r9, #0x2000000\n\t"
         "and	%[a], %[a], lr\n\t"
         "and	%[b], %[b], lr\n\t"
         "and	%[c], %[c], lr\n\t"
@@ -7918,7 +8181,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "mov	r12, sp\n\t"
         /* Load bits 252-376 */
         "add	r12, r12, #28\n\t"
-        "ldm	r12, {%[a], %[b], %[c], r4, r5}\n\t"
+        "ldm	r12, {r1, r2, r3, r4, r5}\n\t"
         "lsl	r5, r5, #4\n\t"
         "orr	r5, r5, r4, lsr #28\n\t"
         "lsl	r4, r4, #4\n\t"
@@ -7937,22 +8200,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "mov	%[s], sp\n\t"
         /*   * -5cf5d3ed */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa3\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #10\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #44\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #19\n\t"
+        "mov	%[a], #19\n\t"
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x2c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x13\n\t"
+        "mov	%[a], #0x13\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
         "mov	%[a], #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+#else
         "movt	%[a], #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -7973,22 +8237,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -5812631b */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa7\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xed\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
         "mov	%[a], #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+#else
         "movt	%[a], #0xa7ed\n\t"
+#endif
 #endif
         "mov	r10, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8009,22 +8274,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -a2f79cd7 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x5d\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #8\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #41\n\t"
+        "mov	%[a], #41\n\t"
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x29\n\t"
+        "mov	%[a], #0x29\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
         "mov	%[a], #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+#else
         "movt	%[a], #0x5d08\n\t"
+#endif
 #endif
         "mov	r11, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8045,22 +8311,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -14def9df */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xeb\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
+        "mov	%[a], #33\n\t"
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x21\n\t"
+        "mov	%[a], #0x21\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
         "mov	%[a], #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+#else
         "movt	%[a], #0xeb21\n\t"
+#endif
 #endif
         "mov	r12, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8097,78 +8364,82 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sbcs	r9, r9, r5\n\t"
         "sbc	%[a], %[a], %[a]\n\t"
         "sub	%[s], %[s], #16\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xf5\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
         "mov	r10, #0xd3ed\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+#else
         "movt	r10, #0x5cf5\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x58\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #18\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #26\n\t"
+        "mov	r11, #26\n\t"
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x1a\n\t"
+        "mov	r11, #0x1a\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
         "mov	r11, #0x631a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+#else
         "movt	r11, #0x5812\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0xa2\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xf7\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "add	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
         "mov	r12, #0x9cd6\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+#else
         "movt	r12, #0xa2f7\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #20\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "add	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
         "mov	lr, #0xf9de\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+#else
         "movt	lr, #0x14de\n\t"
+#endif
 #endif
         "and	r10, r10, %[a]\n\t"
         "and	r11, r11, %[a]\n\t"
@@ -8199,26 +8470,38 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "str	r8, [%[s], #24]\n\t"
         "str	r9, [%[s], #28]\n\t"
         "add	sp, sp, #0x50\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [s] "r" (s), [a] "r" (a), [b] "r" (b), [c] "r" (c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12", "lr"
     );
 }
 
 #else
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
+#else
+void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register byte* s asm ("r0") = (byte*)s_p;
     register const byte* a asm ("r1") = (const byte*)a_p;
     register const byte* b asm ("r2") = (const byte*)b_p;
     register const byte* c asm ("r3") = (const byte*)c_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0x50\n\t"
         "add	lr, sp, #0x44\n\t"
-        "stm	lr, {%[s], %[a], %[c]}\n\t"
+        "stm	lr, {r0, r1, r3}\n\t"
         "mov	lr, %[b]\n\t"
-        "ldm	%[a], {%[s], %[a], %[b], %[c]}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3}\n\t"
         "ldm	lr!, {r4, r5, r6}\n\t"
         "umull	r10, r11, %[s], r4\n\t"
         "umull	r12, r7, %[a], r4\n\t"
@@ -8263,7 +8546,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "umaal	r4, r6, %[b], r7\n\t"
         "sub	lr, lr, #16\n\t"
         "umaal	r5, r6, %[c], r7\n\t"
-        "ldm	%[s], {%[s], %[a], %[b], %[c]}\n\t"
+        "ldm	%[s], {r0, r1, r2, r3}\n\t"
         "str	r6, [sp, #64]\n\t"
         "ldm	lr!, {r6}\n\t"
         "mov	r7, #0\n\t"
@@ -8315,24 +8598,24 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "umaal	r9, r10, %[c], lr\n\t"
         "mov	%[c], r12\n\t"
         "add	lr, sp, #32\n\t"
-        "stm	lr, {%[c], r4, r5, r6, r7, r8, r9, r10}\n\t"
+        "stm	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
         "mov	%[s], sp\n\t"
         /* Add c to a * b */
         "ldr	lr, [sp, #76]\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "ldm	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm	lr!, {r1, r10, r11, r12}\n\t"
         "adds	%[b], %[b], %[a]\n\t"
         "adcs	%[c], %[c], r10\n\t"
         "adcs	r4, r4, r11\n\t"
         "adcs	r5, r5, r12\n\t"
-        "ldm	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm	lr!, {r1, r10, r11, r12}\n\t"
         "adcs	r6, r6, %[a]\n\t"
         "adcs	r7, r7, r10\n\t"
         "adcs	r8, r8, r11\n\t"
         "adcs	r9, r9, r12\n\t"
         "mov	%[a], r9\n\t"
-        "stm	%[s]!, {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
+        "stm	%[s]!, {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "adcs	%[b], %[b], #0\n\t"
         "adcs	%[c], %[c], #0\n\t"
         "adcs	r4, r4, #0\n\t"
@@ -8367,79 +8650,83 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #endif
         /* Add order times bits 504..507 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xa3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #10\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #44\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #19\n\t"
+        "mov	r10, #19\n\t"
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x2c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x13\n\t"
+        "mov	r10, #0x13\n\t"
+        "orr	r10, r10, #0x2c00\n\t"
 #else
         "mov	r10, #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xa3000000\n\t"
+        "orr	r10, r10, #0xa0000\n\t"
+#else
         "movt	r10, #0xa30a\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xa7\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xed\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x9c\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0xe5\n\t"
+        "mov	r11, #0xe5\n\t"
+        "orr	r11, r11, #0x9c00\n\t"
 #else
         "mov	r11, #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xa7000000\n\t"
+        "orr	r11, r11, #0xed0000\n\t"
+#else
         "movt	r11, #0xa7ed\n\t"
+#endif
 #endif
         "mov	%[a], #0\n\t"
         "umlal	%[b], %[a], r10, lr\n\t"
         "umaal	%[c], %[a], r11, lr\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5d\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #8\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #41\n\t"
+        "mov	r10, #41\n\t"
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x63\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0x29\n\t"
+        "mov	r10, #0x29\n\t"
+        "orr	r10, r10, #0x6300\n\t"
 #else
         "mov	r10, #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5d000000\n\t"
+        "orr	r10, r10, #0x80000\n\t"
+#else
         "movt	r10, #0x5d08\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0xeb\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #33\n\t"
+        "mov	r11, #33\n\t"
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x6\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x21\n\t"
+        "mov	r11, #0x21\n\t"
+        "orr	r11, r11, #0x600\n\t"
 #else
         "mov	r11, #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0xeb000000\n\t"
+        "orr	r11, r11, #0x210000\n\t"
+#else
         "movt	r11, #0xeb21\n\t"
+#endif
 #endif
         "umaal	r4, %[a], r10, lr\n\t"
         "umaal	r5, %[a], r11, lr\n\t"
@@ -8454,22 +8741,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         /* Sub product of top 8 words and order */
         "mov	r12, sp\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa3\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #10\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #44\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #19\n\t"
+        "mov	%[a], #19\n\t"
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x2c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x13\n\t"
+        "mov	%[a], #0x13\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
         "mov	%[a], #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+#else
         "movt	%[a], #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s]!, {r10, r11}\n\t"
@@ -8496,22 +8784,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sub	%[s], %[s], #16\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa7\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xed\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
         "mov	%[a], #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+#else
         "movt	%[a], #0xa7ed\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -8532,22 +8821,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x5d\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #8\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #41\n\t"
+        "mov	%[a], #41\n\t"
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x29\n\t"
+        "mov	%[a], #0x29\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
         "mov	%[a], #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+#else
         "movt	%[a], #0x5d08\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -8568,22 +8858,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "stm	r12!, {r10, r11, lr}\n\t"
         "sub	r12, r12, #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xeb\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
+        "mov	%[a], #33\n\t"
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x21\n\t"
+        "mov	%[a], #0x21\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
         "mov	%[a], #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+#else
         "movt	%[a], #0xeb21\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	r12, {r10, r11}\n\t"
@@ -8623,92 +8914,84 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sub	r12, r12, #36\n\t"
         "asr	lr, r11, #25\n\t"
         /* Conditionally subtract order starting at bit 125 */
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa00000\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x0\n\t"
-#else
         "mov	%[a], #0xa0000000\n\t"
-#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[b], #0x4b\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "orr	%[b], %[b], #0x9e\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "orr	%[b], %[b], #0xba\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "orr	%[b], %[b], #0x7d\n\t"
+        "mov	%[b], #0x7d\n\t"
+        "orr	%[b], %[b], #0x4b000000\n\t"
+        "orr	%[b], %[b], #0x9e0000\n\t"
+        "orr	%[b], %[b], #0xba00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[b], #0xba\n\t"
-        "lsl	%[b], %[b], #8\n\t"
-        "add	%[b], %[b], #0x7d\n\t"
+        "mov	%[b], #0x7d\n\t"
+        "orr	%[b], %[b], #0xba00\n\t"
 #else
         "mov	%[b], #0xba7d\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[b], %[b], #0x4b000000\n\t"
+        "orr	%[b], %[b], #0x9e0000\n\t"
+#else
         "movt	%[b], #0x4b9e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[c], #0xcb\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "orr	%[c], %[c], #2\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "orr	%[c], %[c], #0x4c\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "orr	%[c], %[c], #0x63\n\t"
+        "mov	%[c], #0x63\n\t"
+        "orr	%[c], %[c], #0xcb000000\n\t"
+        "orr	%[c], %[c], #0x20000\n\t"
+        "orr	%[c], %[c], #0x4c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[c], #0x4c\n\t"
-        "lsl	%[c], %[c], #8\n\t"
-        "add	%[c], %[c], #0x63\n\t"
+        "mov	%[c], #0x63\n\t"
+        "orr	%[c], %[c], #0x4c00\n\t"
 #else
         "mov	%[c], #0x4c63\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[c], %[c], #0xcb000000\n\t"
+        "orr	%[c], %[c], #0x20000\n\t"
+#else
         "movt	%[c], #0xcb02\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xd4\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x5e\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "orr	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0xf3\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "add	r4, r4, #0x9a\n\t"
+        "mov	r4, #0x9a\n\t"
+        "orr	r4, r4, #0xf300\n\t"
 #else
         "mov	r4, #0xf39a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r4, r4, #0xd4000000\n\t"
+        "orr	r4, r4, #0x5e0000\n\t"
+#else
         "movt	r4, #0xd45e\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #2\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0x9b\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "orr	r5, r5, #59\n\t"
+        "mov	r5, #59\n\t"
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r5, #0xdf\n\t"
-        "lsl	r5, r5, #8\n\t"
-        "add	r5, r5, #0x3b\n\t"
+        "mov	r5, #0x3b\n\t"
+        "orr	r5, r5, #0xdf00\n\t"
 #else
         "mov	r5, #0xdf3b\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r5, r5, #0x2000000\n\t"
+        "orr	r5, r5, #0x9b0000\n\t"
+#else
         "movt	r5, #0x29b\n\t"
 #endif
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r9, #0x20000\n\t"
-        "lsl	r9, r9, #8\n\t"
-        "add	r9, r9, #0x0\n\t"
-#else
-        "mov	r9, #0x2000000\n\t"
 #endif
+        "mov	r9, #0x2000000\n\t"
         "and	%[a], %[a], lr\n\t"
         "and	%[b], %[b], lr\n\t"
         "and	%[c], %[c], lr\n\t"
@@ -8738,7 +9021,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "mov	r12, sp\n\t"
         /* Load bits 252-376 */
         "add	r12, r12, #28\n\t"
-        "ldm	r12, {%[a], %[b], %[c], r4, r5}\n\t"
+        "ldm	r12, {r1, r2, r3, r4, r5}\n\t"
         "lsl	r5, r5, #4\n\t"
         "orr	r5, r5, r4, lsr #28\n\t"
         "lsl	r4, r4, #4\n\t"
@@ -8757,22 +9040,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "mov	%[s], sp\n\t"
         /*   * -5cf5d3ed */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa3\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #10\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #44\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #19\n\t"
+        "mov	%[a], #19\n\t"
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x2c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x13\n\t"
+        "mov	%[a], #0x13\n\t"
+        "orr	%[a], %[a], #0x2c00\n\t"
 #else
         "mov	%[a], #0x2c13\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa3000000\n\t"
+        "orr	%[a], %[a], #0xa0000\n\t"
+#else
         "movt	%[a], #0xa30a\n\t"
+#endif
 #endif
         "mov	lr, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8784,22 +9068,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -5812631b */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xa7\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xed\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x9c\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0xe5\n\t"
+        "mov	%[a], #0xe5\n\t"
+        "orr	%[a], %[a], #0x9c00\n\t"
 #else
         "mov	%[a], #0x9ce5\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xa7000000\n\t"
+        "orr	%[a], %[a], #0xed0000\n\t"
+#else
         "movt	%[a], #0xa7ed\n\t"
+#endif
 #endif
         "mov	r10, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8811,22 +9096,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -a2f79cd7 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x5d\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #8\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #41\n\t"
+        "mov	%[a], #41\n\t"
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x63\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x29\n\t"
+        "mov	%[a], #0x29\n\t"
+        "orr	%[a], %[a], #0x6300\n\t"
 #else
         "mov	%[a], #0x6329\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0x5d000000\n\t"
+        "orr	%[a], %[a], #0x80000\n\t"
+#else
         "movt	%[a], #0x5d08\n\t"
+#endif
 #endif
         "mov	r11, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8838,22 +9124,23 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "add	%[s], %[s], #4\n\t"
         /*   * -14def9df */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0xeb\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "orr	%[a], %[a], #33\n\t"
+        "mov	%[a], #33\n\t"
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	%[a], #0x6\n\t"
-        "lsl	%[a], %[a], #8\n\t"
-        "add	%[a], %[a], #0x21\n\t"
+        "mov	%[a], #0x21\n\t"
+        "orr	%[a], %[a], #0x600\n\t"
 #else
         "mov	%[a], #0x621\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	%[a], %[a], #0xeb000000\n\t"
+        "orr	%[a], %[a], #0x210000\n\t"
+#else
         "movt	%[a], #0xeb21\n\t"
+#endif
 #endif
         "mov	r12, #0\n\t"
         "ldm	%[s], {r6, r7, r8, r9}\n\t"
@@ -8881,78 +9168,82 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "sbcs	r9, r9, r5\n\t"
         "sbc	%[a], %[a], %[a]\n\t"
         "sub	%[s], %[s], #16\n\t"
-        "ldm	%[s], {%[b], %[c], r4, r5}\n\t"
+        "ldm	%[s], {r2, r3, r4, r5}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x5c\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xf5\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "orr	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0xd3\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0xed\n\t"
+        "mov	r10, #0xed\n\t"
+        "orr	r10, r10, #0xd300\n\t"
 #else
         "mov	r10, #0xd3ed\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0x5c000000\n\t"
+        "orr	r10, r10, #0xf50000\n\t"
+#else
         "movt	r10, #0x5cf5\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x58\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #18\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "orr	r11, r11, #26\n\t"
+        "mov	r11, #26\n\t"
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r11, #0x63\n\t"
-        "lsl	r11, r11, #8\n\t"
-        "add	r11, r11, #0x1a\n\t"
+        "mov	r11, #0x1a\n\t"
+        "orr	r11, r11, #0x6300\n\t"
 #else
         "mov	r11, #0x631a\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x58000000\n\t"
+        "orr	r11, r11, #0x120000\n\t"
+#else
         "movt	r11, #0x5812\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0xa2\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xf7\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "orr	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0x9c\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "add	r12, r12, #0xd6\n\t"
+        "mov	r12, #0xd6\n\t"
+        "orr	r12, r12, #0x9c00\n\t"
 #else
         "mov	r12, #0x9cd6\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xa2000000\n\t"
+        "orr	r12, r12, #0xf70000\n\t"
+#else
         "movt	r12, #0xa2f7\n\t"
 #endif
+#endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #20\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "orr	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #0xf9\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "add	lr, lr, #0xde\n\t"
+        "mov	lr, #0xde\n\t"
+        "orr	lr, lr, #0xf900\n\t"
 #else
         "mov	lr, #0xf9de\n\t"
 #endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0x14000000\n\t"
+        "orr	lr, lr, #0xde0000\n\t"
+#else
         "movt	lr, #0x14de\n\t"
+#endif
 #endif
         "and	r10, r10, %[a]\n\t"
         "and	r11, r11, %[a]\n\t"
@@ -8983,9 +9274,15 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
         "str	r8, [%[s], #24]\n\t"
         "str	r9, [%[s], #28]\n\t"
         "add	sp, sp, #0x50\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+#else
+        :
+        : [s] "r" (s), [a] "r" (a), [b] "r" (b), [c] "r" (c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12", "lr"
     );
 }
 
@@ -8995,9 +9292,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-mlkem-asm.S b/wolfcrypt/src/port/arm/armv8-32-mlkem-asm.S
new file mode 100644
index 000000000..ba63bc64d
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-mlkem-asm.S
@@ -0,0 +1,8826 @@
+/* armv8-32-mlkem-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-mlkem-asm.S
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifdef WOLFSSL_WC_MLKEM
+	.text
+	.type	L_mlkem_arm32_ntt_zetas, %object
+	.size	L_mlkem_arm32_ntt_zetas, 256
+	.align	4
+L_mlkem_arm32_ntt_zetas:
+	.short	0x8ed
+	.short	0xa0b
+	.short	0xb9a
+	.short	0x714
+	.short	0x5d5
+	.short	0x58e
+	.short	0x11f
+	.short	0xca
+	.short	0xc56
+	.short	0x26e
+	.short	0x629
+	.short	0xb6
+	.short	0x3c2
+	.short	0x84f
+	.short	0x73f
+	.short	0x5bc
+	.short	0x23d
+	.short	0x7d4
+	.short	0x108
+	.short	0x17f
+	.short	0x9c4
+	.short	0x5b2
+	.short	0x6bf
+	.short	0xc7f
+	.short	0xa58
+	.short	0x3f9
+	.short	0x2dc
+	.short	0x260
+	.short	0x6fb
+	.short	0x19b
+	.short	0xc34
+	.short	0x6de
+	.short	0x4c7
+	.short	0x28c
+	.short	0xad9
+	.short	0x3f7
+	.short	0x7f4
+	.short	0x5d3
+	.short	0xbe7
+	.short	0x6f9
+	.short	0x204
+	.short	0xcf9
+	.short	0xbc1
+	.short	0xa67
+	.short	0x6af
+	.short	0x877
+	.short	0x7e
+	.short	0x5bd
+	.short	0x9ac
+	.short	0xca7
+	.short	0xbf2
+	.short	0x33e
+	.short	0x6b
+	.short	0x774
+	.short	0xc0a
+	.short	0x94a
+	.short	0xb73
+	.short	0x3c1
+	.short	0x71d
+	.short	0xa2c
+	.short	0x1c0
+	.short	0x8d8
+	.short	0x2a5
+	.short	0x806
+	.short	0x8b2
+	.short	0x1ae
+	.short	0x22b
+	.short	0x34b
+	.short	0x81e
+	.short	0x367
+	.short	0x60e
+	.short	0x69
+	.short	0x1a6
+	.short	0x24b
+	.short	0xb1
+	.short	0xc16
+	.short	0xbde
+	.short	0xb35
+	.short	0x626
+	.short	0x675
+	.short	0xc0b
+	.short	0x30a
+	.short	0x487
+	.short	0xc6e
+	.short	0x9f8
+	.short	0x5cb
+	.short	0xaa7
+	.short	0x45f
+	.short	0x6cb
+	.short	0x284
+	.short	0x999
+	.short	0x15d
+	.short	0x1a2
+	.short	0x149
+	.short	0xc65
+	.short	0xcb6
+	.short	0x331
+	.short	0x449
+	.short	0x25b
+	.short	0x262
+	.short	0x52a
+	.short	0x7fc
+	.short	0x748
+	.short	0x180
+	.short	0x842
+	.short	0xc79
+	.short	0x4c2
+	.short	0x7ca
+	.short	0x997
+	.short	0xdc
+	.short	0x85e
+	.short	0x686
+	.short	0x860
+	.short	0x707
+	.short	0x803
+	.short	0x31a
+	.short	0x71b
+	.short	0x9ab
+	.short	0x99b
+	.short	0x1de
+	.short	0xc95
+	.short	0xbcd
+	.short	0x3e4
+	.short	0x3df
+	.short	0x3be
+	.short	0x74d
+	.short	0x5f2
+	.short	0x65c
+	.text
+	.align	4
+	.globl	mlkem_arm32_ntt
+	.type	mlkem_arm32_ntt, %function
+mlkem_arm32_ntt:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #8
+	adr	r1, L_mlkem_arm32_ntt_zetas
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xc000000
+	orr	r10, r10, #0xff0000
+#else
+	movt	r10, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r2, #16
+L_mlkem_arm32_ntt_loop_123:
+	str	r2, [sp]
+	ldrh	r11, [r1, #2]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #64]
+	ldr	r4, [r0, #128]
+	ldr	r5, [r0, #192]
+	ldr	r6, [r0, #256]
+	ldr	r7, [r0, #320]
+	ldr	r8, [r0, #384]
+	ldr	r9, [r0, #448]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r6
+	smulbt	r6, r11, r6
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	lr, r10, lr, r6
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r6, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r6, r6, #16
+	mul	r12, lr, r12
+	mul	r6, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r6
+	sub	r6, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, lr, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	lr, r10, lr, r7
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r7, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r7, r7, #16
+	mul	r12, lr, r12
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r7
+	sub	r7, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, lr, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r8
+	smulbt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r4, r12
+	sadd16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r4, lr
+	add	r4, r4, lr
+	sub	lr, r4, r12, lsr #16
+	add	r12, r4, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r9
+	smulbt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r5, r12
+	sadd16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r5, lr
+	add	r5, r5, lr
+	sub	lr, r5, r12, lsr #16
+	add	r12, r5, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #4]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r4
+	smulbt	r4, r11, r4
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	lr, r10, lr, r4
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r4, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r4, r4, #16
+	mul	r12, lr, r12
+	mul	r4, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r4
+	sub	r4, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, lr, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r5
+	smulbt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r8
+	smultt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r7, r12
+	sadd16	r7, r7, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r7, lr
+	add	r7, r7, lr
+	sub	lr, r7, r12, lsr #16
+	add	r12, r7, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #8]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r3
+	smulbt	r3, r11, r3
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	lr, r10, lr, r3
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r3, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r3, r3, #16
+	mul	r12, lr, r12
+	mul	r3, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r3
+	sub	r3, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, lr, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r5
+	smultt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r4, r12
+	sadd16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r4, lr
+	add	r4, r4, lr
+	sub	lr, r4, r12, lsr #16
+	add	r12, r4, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #12]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	lr, r10, lr, r7
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r7, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r7, r7, #16
+	mul	r12, lr, r12
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r7
+	sub	r7, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, lr, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r8, r12
+	sadd16	r8, r8, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r8, lr
+	add	r8, r8, lr
+	sub	lr, r8, r12, lsr #16
+	add	r12, r8, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #64]
+	str	r4, [r0, #128]
+	str	r5, [r0, #192]
+	str	r6, [r0, #256]
+	str	r7, [r0, #320]
+	str	r8, [r0, #384]
+	str	r9, [r0, #448]
+	ldr	r2, [sp]
+	subs	r2, r2, #1
+	add	r0, r0, #4
+	bne	L_mlkem_arm32_ntt_loop_123
+	sub	r0, r0, #0x40
+	mov	r3, #0
+L_mlkem_arm32_ntt_loop_4_j:
+	str	r3, [sp, #4]
+	add	r11, r1, r3, lsr #4
+	mov	r2, #4
+	ldr	r11, [r11, #16]
+L_mlkem_arm32_ntt_loop_4_i:
+	str	r2, [sp]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #16]
+	ldr	r4, [r0, #32]
+	ldr	r5, [r0, #48]
+	ldr	r6, [r0, #64]
+	ldr	r7, [r0, #80]
+	ldr	r8, [r0, #96]
+	ldr	r9, [r0, #112]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r4
+	smulbt	r4, r11, r4
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	lr, r10, lr, r4
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r4, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r4, r4, #16
+	mul	r12, lr, r12
+	mul	r4, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r4
+	sub	r4, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, lr, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r5
+	smulbt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r8
+	smultt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r7, r12
+	sadd16	r7, r7, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r7, lr
+	add	r7, r7, lr
+	sub	lr, r7, r12, lsr #16
+	add	r12, r7, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #16]
+	str	r4, [r0, #32]
+	str	r5, [r0, #48]
+	str	r6, [r0, #64]
+	str	r7, [r0, #80]
+	str	r8, [r0, #96]
+	str	r9, [r0, #112]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	sp, {r2, r3}
+#else
+	ldrd	r2, r3, [sp]
+#endif
+	subs	r2, r2, #1
+	add	r0, r0, #4
+	bne	L_mlkem_arm32_ntt_loop_4_i
+	add	r3, r3, #0x40
+	rsbs	r12, r3, #0x100
+	add	r0, r0, #0x70
+	bne	L_mlkem_arm32_ntt_loop_4_j
+	sub	r0, r0, #0x200
+	mov	r3, #0
+L_mlkem_arm32_ntt_loop_567:
+	add	r11, r1, r3, lsr #3
+	str	r3, [sp, #4]
+	ldrh	r11, [r11, #32]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #4]
+	ldr	r4, [r0, #8]
+	ldr	r5, [r0, #12]
+	ldr	r6, [r0, #16]
+	ldr	r7, [r0, #20]
+	ldr	r8, [r0, #24]
+	ldr	r9, [r0, #28]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r6
+	smulbt	r6, r11, r6
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	lr, r10, lr, r6
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r6, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r6, r6, #16
+	mul	r12, lr, r12
+	mul	r6, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r6
+	sub	r6, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, lr, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	lr, r10, lr, r7
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r7, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r7, r7, #16
+	mul	r12, lr, r12
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r7
+	sub	r7, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, lr, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r8
+	smulbt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r4, r12
+	sadd16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r4, lr
+	add	r4, r4, lr
+	sub	lr, r4, r12, lsr #16
+	add	r12, r4, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r9
+	smulbt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r5, r12
+	sadd16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r5, lr
+	add	r5, r5, lr
+	sub	lr, r5, r12, lsr #16
+	add	r12, r5, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #2
+	ldr	r11, [r11, #64]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r4
+	smulbt	r4, r11, r4
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	lr, r10, lr, r4
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r4, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r4, r4, #16
+	mul	r12, lr, r12
+	mul	r4, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r4
+	sub	r4, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, lr, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r5
+	smulbt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r3, r12
+	sadd16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r3, lr
+	add	r3, r3, lr
+	sub	lr, r3, r12, lsr #16
+	add	r12, r3, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r8
+	smultt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	lr, r10, lr, r8
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r8, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r8, r8, #16
+	mul	r12, lr, r12
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r8
+	sub	r8, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, lr, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r7, r12
+	sadd16	r7, r7, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r7, lr
+	add	r7, r7, lr
+	sub	lr, r7, r12, lsr #16
+	add	r12, r7, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #1
+	ldr	r11, [r11, #128]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r3
+	smulbt	r3, r11, r3
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	lr, r10, lr, r3
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r3, r2, r12
+	sadd16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r3, r3, #16
+	mul	r12, lr, r12
+	mul	r3, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r3
+	sub	r3, r2, lr
+	add	r2, r2, lr
+	sub	lr, r2, r12, lsr #16
+	add	r12, r2, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, lr, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r5
+	smultt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	lr, r10, lr, r5
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r5, r4, r12
+	sadd16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r5, r5, #16
+	mul	r12, lr, r12
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r5
+	sub	r5, r4, lr
+	add	r4, r4, lr
+	sub	lr, r4, r12, lsr #16
+	add	r12, r4, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, lr, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #1
+	ldr	r11, [r11, #132]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	lr, r10, lr, r7
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r7, r6, r12
+	sadd16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r7, r7, #16
+	mul	r12, lr, r12
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r7
+	sub	r7, r6, lr
+	add	r6, r6, lr
+	sub	lr, r6, r12, lsr #16
+	add	r12, r6, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, lr, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultb	r12, r11, r9
+	smultt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	lr, r10, lr, r9
+	pkhtb	r12, lr, r12, ASR #16
+	ssub16	r9, r8, r12
+	sadd16	r8, r8, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r9, r9, #16
+	mul	r12, lr, r12
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	lr, r10, lr, r9
+	sub	r9, r8, lr
+	add	r8, r8, lr
+	sub	lr, r8, r12, lsr #16
+	add	r12, r8, r12, lsr #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, lr, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xc0
+	orr	r11, r11, #0xaf00
+#else
+	mov	r11, #0xafc0
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x130000
+#else
+	movt	r11, #0x13
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xbf
+	orr	r11, r11, #0x4e00
+#else
+	mov	r11, #0x4ebf
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r2
+	smulwt	lr, r11, r2
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r2, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r2, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r2, #16
+#else
+	sbfx	lr, r2, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r2, lr, lsl #16
+	sub	r2, r2, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff0000
+	bic	r2, r2, #0xff000000
+	orr	r2, r2, lr, lsl #16
+#else
+	bfi	r2, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r3
+	smulwt	lr, r11, r3
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r3, #16
+#else
+	sbfx	lr, r3, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r3, lr, lsl #16
+	sub	r3, r3, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff0000
+	bic	r3, r3, #0xff000000
+	orr	r3, r3, lr, lsl #16
+#else
+	bfi	r3, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r4
+	smulwt	lr, r11, r4
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r4, #16
+#else
+	sbfx	lr, r4, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r4, lr, lsl #16
+	sub	r4, r4, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff0000
+	bic	r4, r4, #0xff000000
+	orr	r4, r4, lr, lsl #16
+#else
+	bfi	r4, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r5
+	smulwt	lr, r11, r5
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r5, #16
+#else
+	sbfx	lr, r5, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r5, lr, lsl #16
+	sub	r5, r5, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff0000
+	bic	r5, r5, #0xff000000
+	orr	r5, r5, lr, lsl #16
+#else
+	bfi	r5, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r6
+	smulwt	lr, r11, r6
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r6, r6, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r6, #16
+#else
+	sbfx	lr, r6, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r6, lr, lsl #16
+	sub	r6, r6, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff0000
+	bic	r6, r6, #0xff000000
+	orr	r6, r6, lr, lsl #16
+#else
+	bfi	r6, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r7
+	smulwt	lr, r11, r7
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r7, r7, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r7, #16
+#else
+	sbfx	lr, r7, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r7, lr, lsl #16
+	sub	r7, r7, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff0000
+	bic	r7, r7, #0xff000000
+	orr	r7, r7, lr, lsl #16
+#else
+	bfi	r7, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r8
+	smulwt	lr, r11, r8
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r8, r8, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r8, #16
+#else
+	sbfx	lr, r8, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r8, lr, lsl #16
+	sub	r8, r8, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff0000
+	bic	r8, r8, #0xff000000
+	orr	r8, r8, lr, lsl #16
+#else
+	bfi	r8, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r9
+	smulwt	lr, r11, r9
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r9, r9, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r9, #16
+#else
+	sbfx	lr, r9, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r9, lr, lsl #16
+	sub	r9, r9, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff0000
+	bic	r9, r9, #0xff000000
+	orr	r9, r9, lr, lsl #16
+#else
+	bfi	r9, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xc000000
+	orr	r10, r10, #0xff0000
+#else
+	movt	r10, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #4]
+	str	r4, [r0, #8]
+	str	r5, [r0, #12]
+	str	r6, [r0, #16]
+	str	r7, [r0, #20]
+	str	r8, [r0, #24]
+	str	r9, [r0, #28]
+	ldr	r3, [sp, #4]
+	add	r3, r3, #16
+	rsbs	r12, r3, #0x100
+	add	r0, r0, #32
+	bne	L_mlkem_arm32_ntt_loop_567
+	add	sp, sp, #8
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	mlkem_arm32_ntt,.-mlkem_arm32_ntt
+	.text
+	.type	L_mlkem_invntt_zetas_inv, %object
+	.size	L_mlkem_invntt_zetas_inv, 256
+	.align	4
+L_mlkem_invntt_zetas_inv:
+	.short	0x6a5
+	.short	0x70f
+	.short	0x5b4
+	.short	0x943
+	.short	0x922
+	.short	0x91d
+	.short	0x134
+	.short	0x6c
+	.short	0xb23
+	.short	0x366
+	.short	0x356
+	.short	0x5e6
+	.short	0x9e7
+	.short	0x4fe
+	.short	0x5fa
+	.short	0x4a1
+	.short	0x67b
+	.short	0x4a3
+	.short	0xc25
+	.short	0x36a
+	.short	0x537
+	.short	0x83f
+	.short	0x88
+	.short	0x4bf
+	.short	0xb81
+	.short	0x5b9
+	.short	0x505
+	.short	0x7d7
+	.short	0xa9f
+	.short	0xaa6
+	.short	0x8b8
+	.short	0x9d0
+	.short	0x4b
+	.short	0x9c
+	.short	0xbb8
+	.short	0xb5f
+	.short	0xba4
+	.short	0x368
+	.short	0xa7d
+	.short	0x636
+	.short	0x8a2
+	.short	0x25a
+	.short	0x736
+	.short	0x309
+	.short	0x93
+	.short	0x87a
+	.short	0x9f7
+	.short	0xf6
+	.short	0x68c
+	.short	0x6db
+	.short	0x1cc
+	.short	0x123
+	.short	0xeb
+	.short	0xc50
+	.short	0xab6
+	.short	0xb5b
+	.short	0xc98
+	.short	0x6f3
+	.short	0x99a
+	.short	0x4e3
+	.short	0x9b6
+	.short	0xad6
+	.short	0xb53
+	.short	0x44f
+	.short	0x4fb
+	.short	0xa5c
+	.short	0x429
+	.short	0xb41
+	.short	0x2d5
+	.short	0x5e4
+	.short	0x940
+	.short	0x18e
+	.short	0x3b7
+	.short	0xf7
+	.short	0x58d
+	.short	0xc96
+	.short	0x9c3
+	.short	0x10f
+	.short	0x5a
+	.short	0x355
+	.short	0x744
+	.short	0xc83
+	.short	0x48a
+	.short	0x652
+	.short	0x29a
+	.short	0x140
+	.short	0x8
+	.short	0xafd
+	.short	0x608
+	.short	0x11a
+	.short	0x72e
+	.short	0x50d
+	.short	0x90a
+	.short	0x228
+	.short	0xa75
+	.short	0x83a
+	.short	0x623
+	.short	0xcd
+	.short	0xb66
+	.short	0x606
+	.short	0xaa1
+	.short	0xa25
+	.short	0x908
+	.short	0x2a9
+	.short	0x82
+	.short	0x642
+	.short	0x74f
+	.short	0x33d
+	.short	0xb82
+	.short	0xbf9
+	.short	0x52d
+	.short	0xac4
+	.short	0x745
+	.short	0x5c2
+	.short	0x4b2
+	.short	0x93f
+	.short	0xc4b
+	.short	0x6d8
+	.short	0xa93
+	.short	0xab
+	.short	0xc37
+	.short	0xbe2
+	.short	0x773
+	.short	0x72c
+	.short	0x5ed
+	.short	0x167
+	.short	0x2f6
+	.short	0x5a1
+	.text
+	.align	4
+	.globl	mlkem_arm32_invntt
+	.type	mlkem_arm32_invntt, %function
+mlkem_arm32_invntt:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #8
+	adr	r1, L_mlkem_invntt_zetas_inv
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r10, r10, #0xc000000
+	orr	r10, r10, #0xff0000
+#else
+	movt	r10, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r3, #0
+L_mlkem_invntt_loop_765:
+	add	r11, r1, r3, lsr #1
+	str	r3, [sp, #4]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #4]
+	ldr	r4, [r0, #8]
+	ldr	r5, [r0, #12]
+	ldr	r6, [r0, #16]
+	ldr	r7, [r0, #20]
+	ldr	r8, [r0, #24]
+	ldr	r9, [r0, #28]
+	ldr	r11, [r11]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r3
+	sadd16	r2, r2, r3
+	smulbt	r3, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	r3, r10, lr, r3
+	pkhtb	r3, r3, r12, ASR #16
+#else
+	sub	lr, r2, r3
+	add	r10, r2, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r3
+	add	r2, r2, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r3, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r3, r10, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r4, r5
+	sadd16	r4, r4, r5
+	smultt	r5, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r4, r5
+	add	r10, r4, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+	sub	r12, r4, r5
+	add	r4, r4, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #1
+	ldr	r11, [r11, #4]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r7
+	sadd16	r6, r6, r7
+	smulbt	r7, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+	sub	lr, r6, r7
+	add	r10, r6, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r7
+	add	r6, r6, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r7, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r8, r9
+	sadd16	r8, r8, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r8, r9
+	add	r10, r8, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+	sub	r12, r8, r9
+	add	r8, r8, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r10, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #2
+	ldr	r11, [r11, #128]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r4
+	sadd16	r2, r2, r4
+	smulbt	r4, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	r4, r10, lr, r4
+	pkhtb	r4, r4, r12, ASR #16
+#else
+	sub	lr, r2, r4
+	add	r10, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r4
+	add	r2, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r4, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r4, r10, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r5
+	sadd16	r3, r3, r5
+	smulbt	r5, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r3, r5
+	add	r10, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r5
+	add	r3, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r8
+	sadd16	r6, r6, r8
+	smultt	r8, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r6, r8
+	add	r10, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r8
+	add	r6, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r7, r9
+	sadd16	r7, r7, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r7, r9
+	add	r10, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+	sub	r12, r7, r9
+	add	r7, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r10, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [sp, #4]
+	add	r11, r1, r11, lsr #3
+	ldr	r11, [r11, #192]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r6
+	sadd16	r2, r2, r6
+	smulbt	r6, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	r6, r10, lr, r6
+	pkhtb	r6, r6, r12, ASR #16
+#else
+	sub	lr, r2, r6
+	add	r10, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r6
+	add	r2, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r6, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r6, r10, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r7
+	sadd16	r3, r3, r7
+	smulbt	r7, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+	sub	lr, r3, r7
+	add	r10, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r7
+	add	r3, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r7, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r4, r8
+	sadd16	r4, r4, r8
+	smulbt	r8, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r4, r8
+	add	r10, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+	sub	r12, r4, r8
+	add	r4, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r5, r9
+	sadd16	r5, r5, r9
+	smulbt	r9, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r5, r9
+	add	r10, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+	sub	r12, r5, r9
+	add	r5, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r10, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xc0
+	orr	r11, r11, #0xaf00
+#else
+	mov	r11, #0xafc0
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x130000
+#else
+	movt	r11, #0x13
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xbf
+	orr	r11, r11, #0x4e00
+#else
+	mov	r11, #0x4ebf
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r2
+	smulwt	lr, r11, r2
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r2, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r2, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r2, #16
+#else
+	sbfx	lr, r2, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r2, lr, lsl #16
+	sub	r2, r2, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff0000
+	bic	r2, r2, #0xff000000
+	orr	r2, r2, lr, lsl #16
+#else
+	bfi	r2, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r3
+	smulwt	lr, r11, r3
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r3, #16
+#else
+	sbfx	lr, r3, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r3, lr, lsl #16
+	sub	r3, r3, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff0000
+	bic	r3, r3, #0xff000000
+	orr	r3, r3, lr, lsl #16
+#else
+	bfi	r3, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r4
+	smulwt	lr, r11, r4
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r4, #16
+#else
+	sbfx	lr, r4, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r4, lr, lsl #16
+	sub	r4, r4, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff0000
+	bic	r4, r4, #0xff000000
+	orr	r4, r4, lr, lsl #16
+#else
+	bfi	r4, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r5
+	smulwt	lr, r11, r5
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r5, #16
+#else
+	sbfx	lr, r5, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r5, lr, lsl #16
+	sub	r5, r5, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff0000
+	bic	r5, r5, #0xff000000
+	orr	r5, r5, lr, lsl #16
+#else
+	bfi	r5, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #4]
+	str	r4, [r0, #8]
+	str	r5, [r0, #12]
+	str	r6, [r0, #16]
+	str	r7, [r0, #20]
+	str	r8, [r0, #24]
+	str	r9, [r0, #28]
+	ldr	r3, [sp, #4]
+	add	r3, r3, #16
+	rsbs	r12, r3, #0x100
+	add	r0, r0, #32
+	bne	L_mlkem_invntt_loop_765
+	sub	r0, r0, #0x200
+	mov	r3, #0
+L_mlkem_invntt_loop_4_j:
+	str	r3, [sp, #4]
+	add	r11, r1, r3, lsr #4
+	mov	r2, #4
+	ldr	r11, [r11, #224]
+L_mlkem_invntt_loop_4_i:
+	str	r2, [sp]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #16]
+	ldr	r4, [r0, #32]
+	ldr	r5, [r0, #48]
+	ldr	r6, [r0, #64]
+	ldr	r7, [r0, #80]
+	ldr	r8, [r0, #96]
+	ldr	r9, [r0, #112]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r4
+	sadd16	r2, r2, r4
+	smulbt	r4, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	r4, r10, lr, r4
+	pkhtb	r4, r4, r12, ASR #16
+#else
+	sub	lr, r2, r4
+	add	r10, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r4
+	add	r2, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r4, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r4, r10, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r5
+	sadd16	r3, r3, r5
+	smulbt	r5, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r3, r5
+	add	r10, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r5
+	add	r3, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r8
+	sadd16	r6, r6, r8
+	smultt	r8, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r6, r8
+	add	r10, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r8
+	add	r6, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r7, r9
+	sadd16	r7, r7, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r7, r9
+	add	r10, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+	sub	r12, r7, r9
+	add	r7, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r10, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #16]
+	str	r4, [r0, #32]
+	str	r5, [r0, #48]
+	str	r6, [r0, #64]
+	str	r7, [r0, #80]
+	str	r8, [r0, #96]
+	str	r9, [r0, #112]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	ldm	sp, {r2, r3}
+#else
+	ldrd	r2, r3, [sp]
+#endif
+	subs	r2, r2, #1
+	add	r0, r0, #4
+	bne	L_mlkem_invntt_loop_4_i
+	add	r3, r3, #0x40
+	rsbs	r12, r3, #0x100
+	add	r0, r0, #0x70
+	bne	L_mlkem_invntt_loop_4_j
+	sub	r0, r0, #0x200
+	mov	r2, #16
+L_mlkem_invntt_loop_321:
+	str	r2, [sp]
+	ldrh	r11, [r1, #2]
+	ldr	r2, [r0]
+	ldr	r3, [r0, #64]
+	ldr	r4, [r0, #128]
+	ldr	r5, [r0, #192]
+	ldr	r6, [r0, #256]
+	ldr	r7, [r0, #320]
+	ldr	r8, [r0, #384]
+	ldr	r9, [r0, #448]
+	ldr	r11, [r1, #240]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r3
+	sadd16	r2, r2, r3
+	smulbt	r3, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	r3, r10, lr, r3
+	pkhtb	r3, r3, r12, ASR #16
+#else
+	sub	lr, r2, r3
+	add	r10, r2, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r3
+	add	r2, r2, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r3, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r3, r10, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r4, r5
+	sadd16	r4, r4, r5
+	smultt	r5, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r4, r5
+	add	r10, r4, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+	sub	r12, r4, r5
+	add	r4, r4, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #244]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r7
+	sadd16	r6, r6, r7
+	smulbt	r7, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+	sub	lr, r6, r7
+	add	r10, r6, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r7
+	add	r6, r6, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r7, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r8, r9
+	sadd16	r8, r8, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r8, r9
+	add	r10, r8, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+	sub	r12, r8, r9
+	add	r8, r8, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r10, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #248]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r4
+	sadd16	r2, r2, r4
+	smulbt	r4, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	r4, r10, lr, r4
+	pkhtb	r4, r4, r12, ASR #16
+#else
+	sub	lr, r2, r4
+	add	r10, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r4
+	add	r2, r2, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r4, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r4, r10, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r5
+	sadd16	r3, r3, r5
+	smulbt	r5, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+	sub	lr, r3, r5
+	add	r10, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r5
+	add	r3, r3, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r5, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r6, r8
+	sadd16	r6, r6, r8
+	smultt	r8, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r6, r8
+	add	r10, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	sub	r12, r6, r8
+	add	r6, r6, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r10, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r7, r9
+	sadd16	r7, r7, r9
+	smultt	r9, r11, r12
+	smultb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r7, r9
+	add	r10, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+	sub	r12, r7, r9
+	add	r7, r7, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r10, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r11, #16
+#else
+	sbfx	lr, r11, #16, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xc0
+	orr	r11, r11, #0xaf00
+#else
+	mov	r11, #0xafc0
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x130000
+#else
+	movt	r11, #0x13
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r11, #0xbf
+	orr	r11, r11, #0x4e00
+#else
+	mov	r11, #0x4ebf
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r2
+	smulwt	lr, r11, r2
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r2, r2, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r2, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r2, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r2, #16
+#else
+	sbfx	lr, r2, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r2, lr, lsl #16
+	sub	r2, r2, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff0000
+	bic	r2, r2, #0xff000000
+	orr	r2, r2, lr, lsl #16
+#else
+	bfi	r2, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r3
+	smulwt	lr, r11, r3
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r3, r3, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r3, #16
+#else
+	sbfx	lr, r3, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r3, lr, lsl #16
+	sub	r3, r3, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff0000
+	bic	r3, r3, #0xff000000
+	orr	r3, r3, lr, lsl #16
+#else
+	bfi	r3, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r4
+	smulwt	lr, r11, r4
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r4, r4, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r4, #16
+#else
+	sbfx	lr, r4, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r4, lr, lsl #16
+	sub	r4, r4, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff0000
+	bic	r4, r4, #0xff000000
+	orr	r4, r4, lr, lsl #16
+#else
+	bfi	r4, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulwb	r12, r11, r5
+	smulwt	lr, r11, r5
+	smulbt	r12, r10, r12
+	smulbt	lr, r10, lr
+	pkhbt	r12, r12, lr, LSL #16
+	ssub16	r5, r5, r12
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	lr, r5, #16
+#else
+	sbfx	lr, r5, #16, #16
+#endif
+	mul	r12, r11, r12
+	mul	lr, r11, lr
+	asr	r12, r12, #26
+	asr	lr, lr, #26
+	mul	r12, r10, r12
+	mul	lr, r10, lr
+	sub	lr, r5, lr, lsl #16
+	sub	r5, r5, r12
+	lsr	lr, lr, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff0000
+	bic	r5, r5, #0xff000000
+	orr	r5, r5, lr, lsl #16
+#else
+	bfi	r5, lr, #16, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #252]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r2, r6
+	sadd16	r2, r2, r6
+	smulbt	r6, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	r6, r10, lr, r6
+	pkhtb	r6, r6, r12, ASR #16
+#else
+	sub	lr, r2, r6
+	add	r10, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r2, r2, #0xff
+	bic	r2, r2, #0xff00
+#else
+	bfc	r2, #0, #16
+#endif
+	sub	r12, r2, r6
+	add	r2, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r6, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r6, r10, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r3, r7
+	sadd16	r3, r3, r7
+	smulbt	r7, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+	sub	lr, r3, r7
+	add	r10, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r3, r3, #0xff
+	bic	r3, r3, #0xff00
+#else
+	bfc	r3, #0, #16
+#endif
+	sub	r12, r3, r7
+	add	r3, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r7, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r4, r8
+	sadd16	r4, r4, r8
+	smulbt	r8, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+	sub	lr, r4, r8
+	add	r10, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r4, r4, #0xff
+	bic	r4, r4, #0xff00
+#else
+	bfc	r4, #0, #16
+#endif
+	sub	r12, r4, r8
+	add	r4, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r8, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r12, r5, r9
+	sadd16	r5, r5, r9
+	smulbt	r9, r11, r12
+	smulbb	r12, r11, r12
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+	sub	lr, r5, r9
+	add	r10, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r5, r5, #0xff
+	bic	r5, r5, #0xff00
+#else
+	bfc	r5, #0, #16
+#endif
+	sub	r12, r5, r9
+	add	r5, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r12, r12, #16
+	orr	r12, r12, lr, lsl #16
+	ror	r12, r12, #16
+#else
+	bfi	r12, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r10, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r10, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+	asr	r10, r12, #16
+	mul	r9, lr, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r12, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r12, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r12, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r12, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	ldr	r11, [r1, #254]
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r2
+	smulbt	r2, r11, r2
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r2
+	smlabb	r2, r10, lr, r2
+	pkhtb	r2, r2, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r2, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r2, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r2, r2, #16
+#else
+	sbfx	r2, r2, #16, #16
+#endif
+	mul	r2, lr, r2
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r2, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r2, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r2, r10, lr, r2
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r12, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r3
+	smulbt	r3, r11, r3
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r3
+	smlabb	r3, r10, lr, r3
+	pkhtb	r3, r3, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r3, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r3, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r3, r3, #16
+#else
+	sbfx	r3, r3, #16, #16
+#endif
+	mul	r3, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r3, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r3, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r3, r10, lr, r3
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r12, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r4
+	smulbt	r4, r11, r4
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r4
+	smlabb	r4, r10, lr, r4
+	pkhtb	r4, r4, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r4, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r4, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r4, r4, #16
+#else
+	sbfx	r4, r4, #16, #16
+#endif
+	mul	r4, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r4, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r4, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r4, r10, lr, r4
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r12, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r5
+	smulbt	r5, r11, r5
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r5
+	smlabb	r5, r10, lr, r5
+	pkhtb	r5, r5, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r5, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r5, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r5, r5, #16
+#else
+	sbfx	r5, r5, #16, #16
+#endif
+	mul	r5, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r5, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r5, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r5, r10, lr, r5
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r12, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r6
+	smulbt	r6, r11, r6
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r6
+	smlabb	r6, r10, lr, r6
+	pkhtb	r6, r6, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r6, r6, #16
+#else
+	sbfx	r6, r6, #16, #16
+#endif
+	mul	r6, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r6, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r6, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r6, r10, lr, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r6, r6, #16
+	orr	r6, r6, r12, lsl #16
+	ror	r6, r6, #16
+#else
+	bfi	r6, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r7
+	smulbt	r7, r11, r7
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r7
+	smlabb	r7, r10, lr, r7
+	pkhtb	r7, r7, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r7, r7, #16
+#else
+	sbfx	r7, r7, #16, #16
+#endif
+	mul	r7, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r7, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r7, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r7, r10, lr, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r7, #16
+	orr	r7, r7, r12, lsl #16
+	ror	r7, r7, #16
+#else
+	bfi	r7, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r8
+	smulbt	r8, r11, r8
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r8
+	smlabb	r8, r10, lr, r8
+	pkhtb	r8, r8, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r8, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r8, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r8, r8, #16
+#else
+	sbfx	r8, r8, #16, #16
+#endif
+	mul	r8, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r8, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r8, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r8, r10, lr, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r8, r8, #16
+	orr	r8, r8, r12, lsl #16
+	ror	r8, r8, #16
+#else
+	bfi	r8, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smulbb	r12, r11, r9
+	smulbt	r9, r11, r9
+	smultb	lr, r10, r12
+	smlabb	r12, r10, lr, r12
+	smultb	lr, r10, r9
+	smlabb	r9, r10, lr, r9
+	pkhtb	r9, r9, r12, ASR #16
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r11, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r11, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r9, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r9, #0, #16
+#endif
+	mul	r12, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #16, #16
+#endif
+	mul	r9, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+	mul	lr, r10, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	mla	r12, r10, lr, r12
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0xff
+	orr	r10, r10, #0xc00
+#else
+	mov	r10, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, r9, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, r9, #0, #16
+#endif
+	mul	lr, r10, lr
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r10, #0x1
+	orr	r10, r10, #0xd00
+#else
+	mov	r10, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	lr, lr, #16
+	asr	lr, lr, #16
+#else
+	sbfx	lr, lr, #0, #16
+#endif
+	lsr	r12, r12, #16
+	mla	r9, r10, lr, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r9, r9, #16
+	orr	r9, r9, r12, lsl #16
+	ror	r9, r9, #16
+#else
+	bfi	r9, r12, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	str	r2, [r0]
+	str	r3, [r0, #64]
+	str	r4, [r0, #128]
+	str	r5, [r0, #192]
+	str	r6, [r0, #256]
+	str	r7, [r0, #320]
+	str	r8, [r0, #384]
+	str	r9, [r0, #448]
+	ldr	r2, [sp]
+	subs	r2, r2, #1
+	add	r0, r0, #4
+	bne	L_mlkem_invntt_loop_321
+	add	sp, sp, #8
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	mlkem_arm32_invntt,.-mlkem_arm32_invntt
+	.text
+	.type	L_mlkem_basemul_mont_zetas, %object
+	.size	L_mlkem_basemul_mont_zetas, 256
+	.align	4
+L_mlkem_basemul_mont_zetas:
+	.short	0x8ed
+	.short	0xa0b
+	.short	0xb9a
+	.short	0x714
+	.short	0x5d5
+	.short	0x58e
+	.short	0x11f
+	.short	0xca
+	.short	0xc56
+	.short	0x26e
+	.short	0x629
+	.short	0xb6
+	.short	0x3c2
+	.short	0x84f
+	.short	0x73f
+	.short	0x5bc
+	.short	0x23d
+	.short	0x7d4
+	.short	0x108
+	.short	0x17f
+	.short	0x9c4
+	.short	0x5b2
+	.short	0x6bf
+	.short	0xc7f
+	.short	0xa58
+	.short	0x3f9
+	.short	0x2dc
+	.short	0x260
+	.short	0x6fb
+	.short	0x19b
+	.short	0xc34
+	.short	0x6de
+	.short	0x4c7
+	.short	0x28c
+	.short	0xad9
+	.short	0x3f7
+	.short	0x7f4
+	.short	0x5d3
+	.short	0xbe7
+	.short	0x6f9
+	.short	0x204
+	.short	0xcf9
+	.short	0xbc1
+	.short	0xa67
+	.short	0x6af
+	.short	0x877
+	.short	0x7e
+	.short	0x5bd
+	.short	0x9ac
+	.short	0xca7
+	.short	0xbf2
+	.short	0x33e
+	.short	0x6b
+	.short	0x774
+	.short	0xc0a
+	.short	0x94a
+	.short	0xb73
+	.short	0x3c1
+	.short	0x71d
+	.short	0xa2c
+	.short	0x1c0
+	.short	0x8d8
+	.short	0x2a5
+	.short	0x806
+	.short	0x8b2
+	.short	0x1ae
+	.short	0x22b
+	.short	0x34b
+	.short	0x81e
+	.short	0x367
+	.short	0x60e
+	.short	0x69
+	.short	0x1a6
+	.short	0x24b
+	.short	0xb1
+	.short	0xc16
+	.short	0xbde
+	.short	0xb35
+	.short	0x626
+	.short	0x675
+	.short	0xc0b
+	.short	0x30a
+	.short	0x487
+	.short	0xc6e
+	.short	0x9f8
+	.short	0x5cb
+	.short	0xaa7
+	.short	0x45f
+	.short	0x6cb
+	.short	0x284
+	.short	0x999
+	.short	0x15d
+	.short	0x1a2
+	.short	0x149
+	.short	0xc65
+	.short	0xcb6
+	.short	0x331
+	.short	0x449
+	.short	0x25b
+	.short	0x262
+	.short	0x52a
+	.short	0x7fc
+	.short	0x748
+	.short	0x180
+	.short	0x842
+	.short	0xc79
+	.short	0x4c2
+	.short	0x7ca
+	.short	0x997
+	.short	0xdc
+	.short	0x85e
+	.short	0x686
+	.short	0x860
+	.short	0x707
+	.short	0x803
+	.short	0x31a
+	.short	0x71b
+	.short	0x9ab
+	.short	0x99b
+	.short	0x1de
+	.short	0xc95
+	.short	0xbcd
+	.short	0x3e4
+	.short	0x3df
+	.short	0x3be
+	.short	0x74d
+	.short	0x5f2
+	.short	0x65c
+	.text
+	.align	4
+	.globl	mlkem_arm32_basemul_mont
+	.type	mlkem_arm32_basemul_mont, %function
+mlkem_arm32_basemul_mont:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	adr	r3, L_mlkem_basemul_mont_zetas
+	add	r3, r3, #0x80
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xc000000
+	orr	r12, r12, #0xff0000
+#else
+	movt	r12, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r8, #0
+L_mlkem_basemul_mont_loop:
+	ldm	r1!, {r4, r5}
+	ldm	r2!, {r6, r7}
+	ldr	lr, [r3, r8]
+	add	r8, r8, #2
+	push	{r8}
+	cmp	r8, #0x80
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultt	r8, r4, r6
+	smultt	r10, r5, r7
+	smultb	r9, r12, r8
+	smultb	r11, r12, r10
+	smlabb	r8, r12, r9, r8
+	smlabb	r10, r12, r11, r10
+	rsb	r11, lr, #0
+	smulbt	r8, lr, r8
+	smulbt	r10, r11, r10
+	smlabb	r8, r4, r6, r8
+	smlabb	r10, r5, r7, r10
+	smultb	r9, r12, r8
+	smultb	r11, r12, r10
+	smlabb	r8, r12, r9, r8
+	smlabb	r10, r12, r11, r10
+	smulbt	r9, r4, r6
+	smulbt	r11, r5, r7
+	smlatb	r9, r4, r6, r9
+	smlatb	r11, r5, r7, r11
+	smultb	r6, r12, r9
+	smultb	r7, r12, r11
+	smlabb	r9, r12, r6, r9
+	smlabb	r11, r12, r7, r11
+	pkhtb	r4, r9, r8, ASR #16
+	pkhtb	r5, r11, r10, ASR #16
+#else
+	asr	r8, r4, #16
+	asr	r10, r5, #16
+	asr	r9, r6, #16
+	asr	r11, r7, #16
+	mul	r8, r9, r8
+	mul	r10, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xff
+	orr	r12, r12, #0xc00
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r8, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r10, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r10, #0, #16
+#endif
+	mul	r9, r12, r8
+	mul	r11, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r9, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	mla	r8, r12, r9, r8
+	mla	r10, r12, r11, r10
+	rsb	r11, lr, #0
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, lr, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	asr	r8, r8, #16
+	asr	r10, r10, #16
+	mul	r8, r9, r8
+	mul	r10, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r4, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r5, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mla	r8, r9, r12, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mla	r10, r11, r12, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xff
+	orr	r12, r12, #0xc00
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r8, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r10, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r10, #0, #16
+#endif
+	mul	r9, r12, r9
+	mul	r11, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r9, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	mla	r8, r12, r9, r8
+	mla	r10, r12, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r4, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r5, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r5, #0, #16
+#endif
+	asr	r12, r6, #16
+	mul	r9, r12, r9
+	asr	r12, r7, #16
+	mul	r11, r12, r11
+	asr	r4, r4, #16
+	asr	r5, r5, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mla	r9, r4, r12, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mla	r11, r5, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xff
+	orr	r12, r12, #0xc00
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r6, r9, #16
+	asr	r6, r6, #16
+#else
+	sbfx	r6, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r11, #16
+	asr	r7, r7, #16
+#else
+	sbfx	r7, r11, #0, #16
+#endif
+	mul	r6, r12, r6
+	mul	r7, r12, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r4, r6, #16
+	asr	r4, r4, #16
+#else
+	sbfx	r4, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r5, r7, #16
+	asr	r5, r5, #16
+#else
+	sbfx	r5, r7, #0, #16
+#endif
+	mla	r9, r12, r4, r9
+	mla	r11, r12, r5, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r11, r11, #0xff
+	bic	r11, r11, #0xff00
+#else
+	bfc	r11, #0, #16
+#endif
+	orr	r4, r9, r8, lsr #16
+	orr	r5, r11, r10, lsr #16
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	stm	r0!, {r4, r5}
+	pop	{r8}
+	bne	L_mlkem_basemul_mont_loop
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	mlkem_arm32_basemul_mont,.-mlkem_arm32_basemul_mont
+	.text
+	.align	4
+	.globl	mlkem_arm32_basemul_mont_add
+	.type	mlkem_arm32_basemul_mont_add, %function
+mlkem_arm32_basemul_mont_add:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	adr	r3, L_mlkem_basemul_mont_zetas
+	add	r3, r3, #0x80
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r12, r12, #0xc000000
+	orr	r12, r12, #0xff0000
+#else
+	movt	r12, #0xcff
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r8, #0
+L_mlkem_arm32_basemul_mont_add_loop:
+	ldm	r1!, {r4, r5}
+	ldm	r2!, {r6, r7}
+	ldr	lr, [r3, r8]
+	add	r8, r8, #2
+	push	{r8}
+	cmp	r8, #0x80
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	smultt	r8, r4, r6
+	smultt	r10, r5, r7
+	smultb	r9, r12, r8
+	smultb	r11, r12, r10
+	smlabb	r8, r12, r9, r8
+	smlabb	r10, r12, r11, r10
+	rsb	r11, lr, #0
+	smulbt	r8, lr, r8
+	smulbt	r10, r11, r10
+	smlabb	r8, r4, r6, r8
+	smlabb	r10, r5, r7, r10
+	smultb	r9, r12, r8
+	smultb	r11, r12, r10
+	smlabb	r8, r12, r9, r8
+	smlabb	r10, r12, r11, r10
+	smulbt	r9, r4, r6
+	smulbt	r11, r5, r7
+	smlatb	r9, r4, r6, r9
+	smlatb	r11, r5, r7, r11
+	smultb	r6, r12, r9
+	smultb	r7, r12, r11
+	smlabb	r9, r12, r6, r9
+	smlabb	r11, r12, r7, r11
+	ldm	r0, {r4, r5}
+	pkhtb	r9, r9, r8, ASR #16
+	pkhtb	r11, r11, r10, ASR #16
+	sadd16	r4, r4, r9
+	sadd16	r5, r5, r11
+#else
+	asr	r8, r4, #16
+	asr	r10, r5, #16
+	asr	r9, r6, #16
+	asr	r11, r7, #16
+	mul	r8, r9, r8
+	mul	r10, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xff
+	orr	r12, r12, #0xc00
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r8, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r10, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r10, #0, #16
+#endif
+	mul	r9, r12, r8
+	mul	r11, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r9, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	mla	r8, r12, r9, r8
+	mla	r10, r12, r11, r10
+	rsb	r11, lr, #0
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, lr, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, lr, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	asr	r8, r8, #16
+	asr	r10, r10, #16
+	mul	r8, r9, r8
+	mul	r10, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r4, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r5, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r5, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mla	r8, r9, r12, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mla	r10, r11, r12, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xff
+	orr	r12, r12, #0xc00
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r8, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r10, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r10, #0, #16
+#endif
+	mul	r9, r12, r9
+	mul	r11, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r9, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r11, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r11, #0, #16
+#endif
+	mla	r8, r12, r9, r8
+	mla	r10, r12, r11, r10
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r9, r4, #16
+	asr	r9, r9, #16
+#else
+	sbfx	r9, r4, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r11, r5, #16
+	asr	r11, r11, #16
+#else
+	sbfx	r11, r5, #0, #16
+#endif
+	asr	r12, r6, #16
+	mul	r9, r12, r9
+	asr	r12, r7, #16
+	mul	r11, r12, r11
+	asr	r4, r4, #16
+	asr	r5, r5, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r6, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r6, #0, #16
+#endif
+	mla	r9, r4, r12, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r12, r7, #16
+	asr	r12, r12, #16
+#else
+	sbfx	r12, r7, #0, #16
+#endif
+	mla	r11, r5, r12, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0xff
+	orr	r12, r12, #0xc00
+#else
+	mov	r12, #0xcff
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r6, r9, #16
+	asr	r6, r6, #16
+#else
+	sbfx	r6, r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r11, #16
+	asr	r7, r7, #16
+#else
+	sbfx	r7, r11, #0, #16
+#endif
+	mul	r6, r12, r6
+	mul	r7, r12, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r4, r6, #16
+	asr	r4, r4, #16
+#else
+	sbfx	r4, r6, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r5, r7, #16
+	asr	r5, r5, #16
+#else
+	sbfx	r5, r7, #0, #16
+#endif
+	mla	r9, r12, r4, r9
+	mla	r11, r12, r5, r11
+	ldm	r0, {r4, r5}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r11, r11, #0xff
+	bic	r11, r11, #0xff00
+#else
+	bfc	r11, #0, #16
+#endif
+	orr	r9, r9, r8, lsr #16
+	orr	r11, r11, r10, lsr #16
+	add	r8, r4, r9
+	add	r10, r5, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r11, r11, #0xff
+	bic	r11, r11, #0xff00
+#else
+	bfc	r11, #0, #16
+#endif
+	add	r4, r4, r9
+	add	r5, r5, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r8, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r8, #0, #16
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r10, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r10, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	stm	r0!, {r4, r5}
+	pop	{r8}
+	bne	L_mlkem_arm32_basemul_mont_add_loop
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	mlkem_arm32_basemul_mont_add,.-mlkem_arm32_basemul_mont_add
+	.text
+	.align	4
+	.globl	mlkem_arm32_csubq
+	.type	mlkem_arm32_csubq, %function
+mlkem_arm32_csubq:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r12, #0x1
+	orr	r12, r12, #0xd00
+#else
+	mov	r12, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	lr, #0x1
+	orr	lr, lr, #0xd00
+#else
+	mov	lr, #0xd01
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	lr, lr, #0xd000000
+	orr	lr, lr, #0x10000
+#else
+	movt	lr, #0xd01
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	mov	r11, #0x8000
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	orr	r11, r11, #0x80000000
+#else
+	movt	r11, #0x8000
+#endif
+	mov	r1, #0x100
+L_mlkem_arm32_csubq_loop:
+	ldm	r0, {r2, r3, r4, r5}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+	ssub16	r2, r2, lr
+	ssub16	r3, r3, lr
+	ssub16	r4, r4, lr
+	ssub16	r5, r5, lr
+	and	r6, r2, r11
+	and	r7, r3, r11
+	and	r8, r4, r11
+	and	r9, r5, r11
+	lsr	r6, r6, #15
+	lsr	r7, r7, #15
+	lsr	r8, r8, #15
+	lsr	r9, r9, #15
+	mul	r6, r12, r6
+	mul	r7, r12, r7
+	mul	r8, r12, r8
+	mul	r9, r12, r9
+	sadd16	r2, r2, r6
+	sadd16	r3, r3, r7
+	sadd16	r4, r4, r8
+	sadd16	r5, r5, r9
+#else
+	sub	r6, r2, lr
+	sub	r2, r2, lr, lsl #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r6, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r6, #0, #16
+#endif
+	sub	r7, r3, lr
+	sub	r3, r3, lr, lsl #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r7, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r7, #0, #16
+#endif
+	sub	r8, r4, lr
+	sub	r4, r4, lr, lsl #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r8, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r8, #0, #16
+#endif
+	sub	r9, r5, lr
+	sub	r5, r5, lr, lsl #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r9, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r9, #0, #16
+#endif
+	and	r6, r2, r11
+	and	r7, r3, r11
+	and	r8, r4, r11
+	and	r9, r5, r11
+	lsr	r6, r6, #15
+	lsr	r7, r7, #15
+	lsr	r8, r8, #15
+	lsr	r9, r9, #15
+	mul	r6, r12, r6
+	mul	r7, r12, r7
+	mul	r8, r12, r8
+	mul	r9, r12, r9
+	add	r10, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r6, r6, #0xff
+	bic	r6, r6, #0xff00
+#else
+	bfc	r6, #0, #16
+#endif
+	add	r2, r2, r6
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r2, r2, #16
+	orr	r2, r2, r10, lsl #16
+	ror	r2, r2, #16
+#else
+	bfi	r2, r10, #0, #16
+#endif
+	add	r10, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff
+	bic	r7, r7, #0xff00
+#else
+	bfc	r7, #0, #16
+#endif
+	add	r3, r3, r7
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r3, r3, #16
+	orr	r3, r3, r10, lsl #16
+	ror	r3, r3, #16
+#else
+	bfi	r3, r10, #0, #16
+#endif
+	add	r10, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r8, r8, #0xff
+	bic	r8, r8, #0xff00
+#else
+	bfc	r8, #0, #16
+#endif
+	add	r4, r4, r8
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r4, r4, #16
+	orr	r4, r4, r10, lsl #16
+	ror	r4, r4, #16
+#else
+	bfi	r4, r10, #0, #16
+#endif
+	add	r10, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r9, r9, #0xff
+	bic	r9, r9, #0xff00
+#else
+	bfc	r9, #0, #16
+#endif
+	add	r5, r5, r9
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r5, r5, #16
+	orr	r5, r5, r10, lsl #16
+	ror	r5, r5, #16
+#else
+	bfi	r5, r10, #0, #16
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+	stm	r0!, {r2, r3, r4, r5}
+	subs	r1, r1, #8
+	bne	L_mlkem_arm32_csubq_loop
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	mlkem_arm32_csubq,.-mlkem_arm32_csubq
+	.text
+	.align	4
+	.globl	mlkem_arm32_rej_uniform
+	.type	mlkem_arm32_rej_uniform, %function
+mlkem_arm32_rej_uniform:
+	push	{r4, r5, r6, r7, r8, lr}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	mov	r8, #0x1
+	orr	r8, r8, #0xd00
+#else
+	mov	r8, #0xd01
+#endif
+	mov	r12, #0
+L_mlkem_arm32_rej_uniform_loop_no_fail:
+	cmp	r1, #8
+	blt	L_mlkem_arm32_rej_uniform_done_no_fail
+	ldm	r2!, {r4, r5, r6}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r4, #20
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r4, #0, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r4, #8
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r4, #12, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r4, #24
+#else
+	ubfx	r7, r4, #24, #8
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xf00
+	ror	r7, r7, #12
+	orr	r7, r7, r5, lsl #28
+	ror	r7, r7, #20
+#else
+	bfi	r7, r5, #8, #4
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r5, #16
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r5, #4, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r5, #4
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r5, #16, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r5, #28
+#else
+	ubfx	r7, r5, #28, #4
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff0
+	ror	r7, r7, #12
+	orr	r7, r7, r6, lsl #24
+	ror	r7, r7, #20
+#else
+	bfi	r7, r6, #4, #8
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r6, #12
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r6, #8, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r6, #20
+#else
+	ubfx	r7, r6, #20, #12
+#endif
+	strh	r7, [r0, r12]
+	sub	lr, r7, r8
+	lsr	lr, lr, #31
+	sub	r1, r1, lr
+	add	r12, r12, lr, lsl #1
+	subs	r3, r3, #12
+	bne	L_mlkem_arm32_rej_uniform_loop_no_fail
+	b	L_mlkem_arm32_rej_uniform_done
+L_mlkem_arm32_rej_uniform_done_no_fail:
+	cmp	r1, #0
+	beq	L_mlkem_arm32_rej_uniform_done
+L_mlkem_arm32_rej_uniform_loop:
+	ldm	r2!, {r4, r5, r6}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r4, #20
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r4, #0, #12
+#endif
+	cmp	r7, r8
+	bge	L_mlkem_arm32_rej_uniform_fail_0
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_mlkem_arm32_rej_uniform_done
+L_mlkem_arm32_rej_uniform_fail_0:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r4, #8
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r4, #12, #12
+#endif
+	cmp	r7, r8
+	bge	L_mlkem_arm32_rej_uniform_fail_1
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_mlkem_arm32_rej_uniform_done
+L_mlkem_arm32_rej_uniform_fail_1:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r4, #24
+#else
+	ubfx	r7, r4, #24, #8
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xf00
+	ror	r7, r7, #12
+	orr	r7, r7, r5, lsl #28
+	ror	r7, r7, #20
+#else
+	bfi	r7, r5, #8, #4
+#endif
+	cmp	r7, r8
+	bge	L_mlkem_arm32_rej_uniform_fail_2
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_mlkem_arm32_rej_uniform_done
+L_mlkem_arm32_rej_uniform_fail_2:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r5, #16
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r5, #4, #12
+#endif
+	cmp	r7, r8
+	bge	L_mlkem_arm32_rej_uniform_fail_3
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_mlkem_arm32_rej_uniform_done
+L_mlkem_arm32_rej_uniform_fail_3:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r5, #4
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r5, #16, #12
+#endif
+	cmp	r7, r8
+	bge	L_mlkem_arm32_rej_uniform_fail_4
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_mlkem_arm32_rej_uniform_done
+L_mlkem_arm32_rej_uniform_fail_4:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r5, #28
+#else
+	ubfx	r7, r5, #28, #4
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	bic	r7, r7, #0xff0
+	ror	r7, r7, #12
+	orr	r7, r7, r6, lsl #24
+	ror	r7, r7, #20
+#else
+	bfi	r7, r6, #4, #8
+#endif
+	cmp	r7, r8
+	bge	L_mlkem_arm32_rej_uniform_fail_5
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_mlkem_arm32_rej_uniform_done
+L_mlkem_arm32_rej_uniform_fail_5:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsl	r7, r6, #12
+	lsr	r7, r7, #20
+#else
+	ubfx	r7, r6, #8, #12
+#endif
+	cmp	r7, r8
+	bge	L_mlkem_arm32_rej_uniform_fail_6
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_mlkem_arm32_rej_uniform_done
+L_mlkem_arm32_rej_uniform_fail_6:
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+	lsr	r7, r6, #20
+#else
+	ubfx	r7, r6, #20, #12
+#endif
+	cmp	r7, r8
+	bge	L_mlkem_arm32_rej_uniform_fail_7
+	strh	r7, [r0, r12]
+	subs	r1, r1, #1
+	add	r12, r12, #2
+	beq	L_mlkem_arm32_rej_uniform_done
+L_mlkem_arm32_rej_uniform_fail_7:
+	subs	r3, r3, #12
+	bgt	L_mlkem_arm32_rej_uniform_loop
+L_mlkem_arm32_rej_uniform_done:
+	lsr	r0, r12, #1
+	pop	{r4, r5, r6, r7, r8, pc}
+	.size	mlkem_arm32_rej_uniform,.-mlkem_arm32_rej_uniform
+#endif /* WOLFSSL_WC_MLKEM */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-mlkem-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-mlkem-asm_c.c
new file mode 100644
index 000000000..d48025b70
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-mlkem-asm_c.c
@@ -0,0 +1,8722 @@
+/* armv8-32-mlkem-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-mlkem-asm.c
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#include <stdint.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef __ghs__
+#define __asm__        __asm
+#define __volatile__
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __ghs__ */
+#include <wolfssl/wolfcrypt/wc_mlkem.h>
+
+#ifdef WOLFSSL_WC_MLKEM
+static const word16 L_mlkem_arm32_ntt_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714,
+    0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6,
+    0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f,
+    0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260,
+    0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x028c, 0x0ad9, 0x03f7,
+    0x07f4, 0x05d3, 0x0be7, 0x06f9,
+    0x0204, 0x0cf9, 0x0bc1, 0x0a67,
+    0x06af, 0x0877, 0x007e, 0x05bd,
+    0x09ac, 0x0ca7, 0x0bf2, 0x033e,
+    0x006b, 0x0774, 0x0c0a, 0x094a,
+    0x0b73, 0x03c1, 0x071d, 0x0a2c,
+    0x01c0, 0x08d8, 0x02a5, 0x0806,
+    0x08b2, 0x01ae, 0x022b, 0x034b,
+    0x081e, 0x0367, 0x060e, 0x0069,
+    0x01a6, 0x024b, 0x00b1, 0x0c16,
+    0x0bde, 0x0b35, 0x0626, 0x0675,
+    0x0c0b, 0x030a, 0x0487, 0x0c6e,
+    0x09f8, 0x05cb, 0x0aa7, 0x045f,
+    0x06cb, 0x0284, 0x0999, 0x015d,
+    0x01a2, 0x0149, 0x0c65, 0x0cb6,
+    0x0331, 0x0449, 0x025b, 0x0262,
+    0x052a, 0x07fc, 0x0748, 0x0180,
+    0x0842, 0x0c79, 0x04c2, 0x07ca,
+    0x0997, 0x00dc, 0x085e, 0x0686,
+    0x0860, 0x0707, 0x0803, 0x031a,
+    0x071b, 0x09ab, 0x099b, 0x01de,
+    0x0c95, 0x0bcd, 0x03e4, 0x03df,
+    0x03be, 0x074d, 0x05f2, 0x065c,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void mlkem_arm32_ntt(sword16* r_p)
+#else
+void mlkem_arm32_ntt(sword16* r)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r asm ("r0") = (sword16*)r_p;
+    register word16* L_mlkem_arm32_ntt_zetas_c asm ("r1") =
+        (word16*)&L_mlkem_arm32_ntt_zetas;
+#else
+    register word16* L_mlkem_arm32_ntt_zetas_c =
+        (word16*)&L_mlkem_arm32_ntt_zetas;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #8\n\t"
+        "mov	r1, %[L_mlkem_arm32_ntt_zetas]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xc000000\n\t"
+        "orr	r10, r10, #0xff0000\n\t"
+#else
+        "movt	r10, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r2, #16\n\t"
+        "\n"
+    "L_mlkem_arm32_ntt_loop_123_%=: \n\t"
+        "str	r2, [sp]\n\t"
+        "ldrh	r11, [r1, #2]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #64]\n\t"
+        "ldr	r4, [%[r], #128]\n\t"
+        "ldr	r5, [%[r], #192]\n\t"
+        "ldr	r6, [%[r], #256]\n\t"
+        "ldr	r7, [%[r], #320]\n\t"
+        "ldr	r8, [%[r], #384]\n\t"
+        "ldr	r9, [%[r], #448]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r6\n\t"
+        "smulbt	r6, r11, r6\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	lr, r10, lr, r6\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r6, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r6, r6, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r6, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r6\n\t"
+        "sub	r6, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, lr, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	lr, r10, lr, r7\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r7, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r7, r7, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r7\n\t"
+        "sub	r7, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r8\n\t"
+        "smulbt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r4, r12\n\t"
+        "sadd16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r4, lr\n\t"
+        "add	r4, r4, lr\n\t"
+        "sub	lr, r4, r12, lsr #16\n\t"
+        "add	r12, r4, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r9\n\t"
+        "smulbt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r5, r12\n\t"
+        "sadd16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r5, lr\n\t"
+        "add	r5, r5, lr\n\t"
+        "sub	lr, r5, r12, lsr #16\n\t"
+        "add	r12, r5, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #4]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r4\n\t"
+        "smulbt	r4, r11, r4\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	lr, r10, lr, r4\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r4, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r4, r4, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r4, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r4\n\t"
+        "sub	r4, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r5\n\t"
+        "smulbt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r8\n\t"
+        "smultt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r7, r12\n\t"
+        "sadd16	r7, r7, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r7, lr\n\t"
+        "add	r7, r7, lr\n\t"
+        "sub	lr, r7, r12, lsr #16\n\t"
+        "add	r12, r7, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #8]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r3\n\t"
+        "smulbt	r3, r11, r3\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	lr, r10, lr, r3\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r3, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r3, r3, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r3, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r3\n\t"
+        "sub	r3, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r5\n\t"
+        "smultt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r4, r12\n\t"
+        "sadd16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r4, lr\n\t"
+        "add	r4, r4, lr\n\t"
+        "sub	lr, r4, r12, lsr #16\n\t"
+        "add	r12, r4, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #12]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	lr, r10, lr, r7\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r7, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r7, r7, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r7\n\t"
+        "sub	r7, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r8, r12\n\t"
+        "sadd16	r8, r8, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r8, lr\n\t"
+        "add	r8, r8, lr\n\t"
+        "sub	lr, r8, r12, lsr #16\n\t"
+        "add	r12, r8, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #64]\n\t"
+        "str	r4, [%[r], #128]\n\t"
+        "str	r5, [%[r], #192]\n\t"
+        "str	r6, [%[r], #256]\n\t"
+        "str	r7, [%[r], #320]\n\t"
+        "str	r8, [%[r], #384]\n\t"
+        "str	r9, [%[r], #448]\n\t"
+        "ldr	r2, [sp]\n\t"
+        "subs	r2, r2, #1\n\t"
+        "add	%[r], %[r], #4\n\t"
+        "bne	L_mlkem_arm32_ntt_loop_123_%=\n\t"
+        "sub	%[r], %[r], #0x40\n\t"
+        "mov	r3, #0\n\t"
+        "\n"
+    "L_mlkem_arm32_ntt_loop_4_j_%=: \n\t"
+        "str	r3, [sp, #4]\n\t"
+        "add	r11, r1, r3, lsr #4\n\t"
+        "mov	r2, #4\n\t"
+        "ldr	r11, [r11, #16]\n\t"
+        "\n"
+    "L_mlkem_arm32_ntt_loop_4_i_%=: \n\t"
+        "str	r2, [sp]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #16]\n\t"
+        "ldr	r4, [%[r], #32]\n\t"
+        "ldr	r5, [%[r], #48]\n\t"
+        "ldr	r6, [%[r], #64]\n\t"
+        "ldr	r7, [%[r], #80]\n\t"
+        "ldr	r8, [%[r], #96]\n\t"
+        "ldr	r9, [%[r], #112]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r4\n\t"
+        "smulbt	r4, r11, r4\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	lr, r10, lr, r4\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r4, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r4, r4, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r4, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r4\n\t"
+        "sub	r4, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r5\n\t"
+        "smulbt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r8\n\t"
+        "smultt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r7, r12\n\t"
+        "sadd16	r7, r7, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r7, lr\n\t"
+        "add	r7, r7, lr\n\t"
+        "sub	lr, r7, r12, lsr #16\n\t"
+        "add	r12, r7, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #16]\n\t"
+        "str	r4, [%[r], #32]\n\t"
+        "str	r5, [%[r], #48]\n\t"
+        "str	r6, [%[r], #64]\n\t"
+        "str	r7, [%[r], #80]\n\t"
+        "str	r8, [%[r], #96]\n\t"
+        "str	r9, [%[r], #112]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	sp, {r2, r3}\n\t"
+#else
+        "ldrd	r2, r3, [sp]\n\t"
+#endif
+        "subs	r2, r2, #1\n\t"
+        "add	%[r], %[r], #4\n\t"
+        "bne	L_mlkem_arm32_ntt_loop_4_i_%=\n\t"
+        "add	r3, r3, #0x40\n\t"
+        "rsbs	r12, r3, #0x100\n\t"
+        "add	%[r], %[r], #0x70\n\t"
+        "bne	L_mlkem_arm32_ntt_loop_4_j_%=\n\t"
+        "sub	%[r], %[r], #0x200\n\t"
+        "mov	r3, #0\n\t"
+        "\n"
+    "L_mlkem_arm32_ntt_loop_567_%=: \n\t"
+        "add	r11, r1, r3, lsr #3\n\t"
+        "str	r3, [sp, #4]\n\t"
+        "ldrh	r11, [r11, #32]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #4]\n\t"
+        "ldr	r4, [%[r], #8]\n\t"
+        "ldr	r5, [%[r], #12]\n\t"
+        "ldr	r6, [%[r], #16]\n\t"
+        "ldr	r7, [%[r], #20]\n\t"
+        "ldr	r8, [%[r], #24]\n\t"
+        "ldr	r9, [%[r], #28]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r6\n\t"
+        "smulbt	r6, r11, r6\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	lr, r10, lr, r6\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r6, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r6, r6, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r6, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r6\n\t"
+        "sub	r6, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, lr, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	lr, r10, lr, r7\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r7, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r7, r7, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r7\n\t"
+        "sub	r7, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r8\n\t"
+        "smulbt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r4, r12\n\t"
+        "sadd16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r4, lr\n\t"
+        "add	r4, r4, lr\n\t"
+        "sub	lr, r4, r12, lsr #16\n\t"
+        "add	r12, r4, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r9\n\t"
+        "smulbt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r5, r12\n\t"
+        "sadd16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r5, lr\n\t"
+        "add	r5, r5, lr\n\t"
+        "sub	lr, r5, r12, lsr #16\n\t"
+        "add	r12, r5, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #2\n\t"
+        "ldr	r11, [r11, #64]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r4\n\t"
+        "smulbt	r4, r11, r4\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	lr, r10, lr, r4\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r4, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r4, r4, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r4, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r4\n\t"
+        "sub	r4, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r5\n\t"
+        "smulbt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r3, r12\n\t"
+        "sadd16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r3, lr\n\t"
+        "add	r3, r3, lr\n\t"
+        "sub	lr, r3, r12, lsr #16\n\t"
+        "add	r12, r3, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r8\n\t"
+        "smultt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	lr, r10, lr, r8\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r8, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r8\n\t"
+        "sub	r8, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r7, r12\n\t"
+        "sadd16	r7, r7, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r7, lr\n\t"
+        "add	r7, r7, lr\n\t"
+        "sub	lr, r7, r12, lsr #16\n\t"
+        "add	r12, r7, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #1\n\t"
+        "ldr	r11, [r11, #128]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r3\n\t"
+        "smulbt	r3, r11, r3\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	lr, r10, lr, r3\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r3, r2, r12\n\t"
+        "sadd16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r3, r3, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r3, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r3\n\t"
+        "sub	r3, r2, lr\n\t"
+        "add	r2, r2, lr\n\t"
+        "sub	lr, r2, r12, lsr #16\n\t"
+        "add	r12, r2, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r5\n\t"
+        "smultt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	lr, r10, lr, r5\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r5, r4, r12\n\t"
+        "sadd16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r5, r5, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r5\n\t"
+        "sub	r5, r4, lr\n\t"
+        "add	r4, r4, lr\n\t"
+        "sub	lr, r4, r12, lsr #16\n\t"
+        "add	r12, r4, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #1\n\t"
+        "ldr	r11, [r11, #132]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	lr, r10, lr, r7\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r7, r6, r12\n\t"
+        "sadd16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r7, r7, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r7\n\t"
+        "sub	r7, r6, lr\n\t"
+        "add	r6, r6, lr\n\t"
+        "sub	lr, r6, r12, lsr #16\n\t"
+        "add	r12, r6, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultb	r12, r11, r9\n\t"
+        "smultt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	lr, r10, lr, r9\n\t"
+        "pkhtb	r12, lr, r12, ASR #16\n\t"
+        "ssub16	r9, r8, r12\n\t"
+        "sadd16	r8, r8, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r9, r9, #16\n\t"
+        "mul	r12, lr, r12\n\t"
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	lr, r10, lr, r9\n\t"
+        "sub	r9, r8, lr\n\t"
+        "add	r8, r8, lr\n\t"
+        "sub	lr, r8, r12, lsr #16\n\t"
+        "add	r12, r8, r12, lsr #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xc0\n\t"
+        "orr	r11, r11, #0xaf00\n\t"
+#else
+        "mov	r11, #0xafc0\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x130000\n\t"
+#else
+        "movt	r11, #0x13\n\t"
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xbf\n\t"
+        "orr	r11, r11, #0x4e00\n\t"
+#else
+        "mov	r11, #0x4ebf\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r2\n\t"
+        "smulwt	lr, r11, r2\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r2, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r2, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r2, #16\n\t"
+#else
+        "sbfx	lr, r2, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r2, lr, lsl #16\n\t"
+        "sub	r2, r2, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff0000\n\t"
+        "bic	r2, r2, #0xff000000\n\t"
+        "orr	r2, r2, lr, lsl #16\n\t"
+#else
+        "bfi	r2, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r3\n\t"
+        "smulwt	lr, r11, r3\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r3, #16\n\t"
+#else
+        "sbfx	lr, r3, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r3, lr, lsl #16\n\t"
+        "sub	r3, r3, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff0000\n\t"
+        "bic	r3, r3, #0xff000000\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+#else
+        "bfi	r3, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r4\n\t"
+        "smulwt	lr, r11, r4\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r4, #16\n\t"
+#else
+        "sbfx	lr, r4, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r4, lr, lsl #16\n\t"
+        "sub	r4, r4, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff0000\n\t"
+        "bic	r4, r4, #0xff000000\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+#else
+        "bfi	r4, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r5\n\t"
+        "smulwt	lr, r11, r5\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r5, #16\n\t"
+#else
+        "sbfx	lr, r5, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r5, lr, lsl #16\n\t"
+        "sub	r5, r5, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff0000\n\t"
+        "bic	r5, r5, #0xff000000\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+#else
+        "bfi	r5, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r6\n\t"
+        "smulwt	lr, r11, r6\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r6, r6, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r6, #16\n\t"
+#else
+        "sbfx	lr, r6, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r6, lr, lsl #16\n\t"
+        "sub	r6, r6, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff0000\n\t"
+        "bic	r6, r6, #0xff000000\n\t"
+        "orr	r6, r6, lr, lsl #16\n\t"
+#else
+        "bfi	r6, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r7\n\t"
+        "smulwt	lr, r11, r7\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r7, r7, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r7, #16\n\t"
+#else
+        "sbfx	lr, r7, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r7, lr, lsl #16\n\t"
+        "sub	r7, r7, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff0000\n\t"
+        "bic	r7, r7, #0xff000000\n\t"
+        "orr	r7, r7, lr, lsl #16\n\t"
+#else
+        "bfi	r7, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r8\n\t"
+        "smulwt	lr, r11, r8\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r8, r8, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r8, #16\n\t"
+#else
+        "sbfx	lr, r8, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r8, lr, lsl #16\n\t"
+        "sub	r8, r8, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff0000\n\t"
+        "bic	r8, r8, #0xff000000\n\t"
+        "orr	r8, r8, lr, lsl #16\n\t"
+#else
+        "bfi	r8, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r9\n\t"
+        "smulwt	lr, r11, r9\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r9, r9, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r9, #16\n\t"
+#else
+        "sbfx	lr, r9, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r9, lr, lsl #16\n\t"
+        "sub	r9, r9, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff0000\n\t"
+        "bic	r9, r9, #0xff000000\n\t"
+        "orr	r9, r9, lr, lsl #16\n\t"
+#else
+        "bfi	r9, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xc000000\n\t"
+        "orr	r10, r10, #0xff0000\n\t"
+#else
+        "movt	r10, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #4]\n\t"
+        "str	r4, [%[r], #8]\n\t"
+        "str	r5, [%[r], #12]\n\t"
+        "str	r6, [%[r], #16]\n\t"
+        "str	r7, [%[r], #20]\n\t"
+        "str	r8, [%[r], #24]\n\t"
+        "str	r9, [%[r], #28]\n\t"
+        "ldr	r3, [sp, #4]\n\t"
+        "add	r3, r3, #16\n\t"
+        "rsbs	r12, r3, #0x100\n\t"
+        "add	%[r], %[r], #32\n\t"
+        "bne	L_mlkem_arm32_ntt_loop_567_%=\n\t"
+        "add	sp, sp, #8\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [r] "+r" (r),
+          [L_mlkem_arm32_ntt_zetas] "+r" (L_mlkem_arm32_ntt_zetas_c)
+        :
+#else
+        :
+        : [r] "r" (r),
+          [L_mlkem_arm32_ntt_zetas] "r" (L_mlkem_arm32_ntt_zetas_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
+    );
+}
+
+static const word16 L_mlkem_invntt_zetas_inv[] = {
+    0x06a5, 0x070f, 0x05b4, 0x0943,
+    0x0922, 0x091d, 0x0134, 0x006c,
+    0x0b23, 0x0366, 0x0356, 0x05e6,
+    0x09e7, 0x04fe, 0x05fa, 0x04a1,
+    0x067b, 0x04a3, 0x0c25, 0x036a,
+    0x0537, 0x083f, 0x0088, 0x04bf,
+    0x0b81, 0x05b9, 0x0505, 0x07d7,
+    0x0a9f, 0x0aa6, 0x08b8, 0x09d0,
+    0x004b, 0x009c, 0x0bb8, 0x0b5f,
+    0x0ba4, 0x0368, 0x0a7d, 0x0636,
+    0x08a2, 0x025a, 0x0736, 0x0309,
+    0x0093, 0x087a, 0x09f7, 0x00f6,
+    0x068c, 0x06db, 0x01cc, 0x0123,
+    0x00eb, 0x0c50, 0x0ab6, 0x0b5b,
+    0x0c98, 0x06f3, 0x099a, 0x04e3,
+    0x09b6, 0x0ad6, 0x0b53, 0x044f,
+    0x04fb, 0x0a5c, 0x0429, 0x0b41,
+    0x02d5, 0x05e4, 0x0940, 0x018e,
+    0x03b7, 0x00f7, 0x058d, 0x0c96,
+    0x09c3, 0x010f, 0x005a, 0x0355,
+    0x0744, 0x0c83, 0x048a, 0x0652,
+    0x029a, 0x0140, 0x0008, 0x0afd,
+    0x0608, 0x011a, 0x072e, 0x050d,
+    0x090a, 0x0228, 0x0a75, 0x083a,
+    0x0623, 0x00cd, 0x0b66, 0x0606,
+    0x0aa1, 0x0a25, 0x0908, 0x02a9,
+    0x0082, 0x0642, 0x074f, 0x033d,
+    0x0b82, 0x0bf9, 0x052d, 0x0ac4,
+    0x0745, 0x05c2, 0x04b2, 0x093f,
+    0x0c4b, 0x06d8, 0x0a93, 0x00ab,
+    0x0c37, 0x0be2, 0x0773, 0x072c,
+    0x05ed, 0x0167, 0x02f6, 0x05a1,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void mlkem_arm32_invntt(sword16* r_p)
+#else
+void mlkem_arm32_invntt(sword16* r)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r asm ("r0") = (sword16*)r_p;
+    register word16* L_mlkem_invntt_zetas_inv_c asm ("r1") =
+        (word16*)&L_mlkem_invntt_zetas_inv;
+#else
+    register word16* L_mlkem_invntt_zetas_inv_c =
+        (word16*)&L_mlkem_invntt_zetas_inv;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #8\n\t"
+        "mov	r1, %[L_mlkem_invntt_zetas_inv]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r10, r10, #0xc000000\n\t"
+        "orr	r10, r10, #0xff0000\n\t"
+#else
+        "movt	r10, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r3, #0\n\t"
+        "\n"
+    "L_mlkem_invntt_loop_765_%=: \n\t"
+        "add	r11, r1, r3, lsr #1\n\t"
+        "str	r3, [sp, #4]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #4]\n\t"
+        "ldr	r4, [%[r], #8]\n\t"
+        "ldr	r5, [%[r], #12]\n\t"
+        "ldr	r6, [%[r], #16]\n\t"
+        "ldr	r7, [%[r], #20]\n\t"
+        "ldr	r8, [%[r], #24]\n\t"
+        "ldr	r9, [%[r], #28]\n\t"
+        "ldr	r11, [r11]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r3\n\t"
+        "sadd16	r2, r2, r3\n\t"
+        "smulbt	r3, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	r3, r10, lr, r3\n\t"
+        "pkhtb	r3, r3, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r3\n\t"
+        "add	r10, r2, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r3\n\t"
+        "add	r2, r2, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r3, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r3, r10, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r4, r5\n\t"
+        "sadd16	r4, r4, r5\n\t"
+        "smultt	r5, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r4, r5\n\t"
+        "add	r10, r4, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+        "sub	r12, r4, r5\n\t"
+        "add	r4, r4, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #1\n\t"
+        "ldr	r11, [r11, #4]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r7\n\t"
+        "sadd16	r6, r6, r7\n\t"
+        "smulbt	r7, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r7\n\t"
+        "add	r10, r6, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r7\n\t"
+        "add	r6, r6, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r7, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r8, r9\n\t"
+        "sadd16	r8, r8, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r8, r9\n\t"
+        "add	r10, r8, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+        "sub	r12, r8, r9\n\t"
+        "add	r8, r8, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r10, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #2\n\t"
+        "ldr	r11, [r11, #128]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r4\n\t"
+        "sadd16	r2, r2, r4\n\t"
+        "smulbt	r4, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	r4, r10, lr, r4\n\t"
+        "pkhtb	r4, r4, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r4\n\t"
+        "add	r10, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r4\n\t"
+        "add	r2, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r4, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r4, r10, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r5\n\t"
+        "sadd16	r3, r3, r5\n\t"
+        "smulbt	r5, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r5\n\t"
+        "add	r10, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r5\n\t"
+        "add	r3, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r8\n\t"
+        "sadd16	r6, r6, r8\n\t"
+        "smultt	r8, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r8\n\t"
+        "add	r10, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r8\n\t"
+        "add	r6, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r7, r9\n\t"
+        "sadd16	r7, r7, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r7, r9\n\t"
+        "add	r10, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+        "sub	r12, r7, r9\n\t"
+        "add	r7, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r10, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [sp, #4]\n\t"
+        "add	r11, r1, r11, lsr #3\n\t"
+        "ldr	r11, [r11, #192]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r6\n\t"
+        "sadd16	r2, r2, r6\n\t"
+        "smulbt	r6, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	r6, r10, lr, r6\n\t"
+        "pkhtb	r6, r6, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r6\n\t"
+        "add	r10, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r6\n\t"
+        "add	r2, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r6, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r6, r10, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r7\n\t"
+        "sadd16	r3, r3, r7\n\t"
+        "smulbt	r7, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r7\n\t"
+        "add	r10, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r7\n\t"
+        "add	r3, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r7, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r4, r8\n\t"
+        "sadd16	r4, r4, r8\n\t"
+        "smulbt	r8, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r4, r8\n\t"
+        "add	r10, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+        "sub	r12, r4, r8\n\t"
+        "add	r4, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r5, r9\n\t"
+        "sadd16	r5, r5, r9\n\t"
+        "smulbt	r9, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r5, r9\n\t"
+        "add	r10, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+        "sub	r12, r5, r9\n\t"
+        "add	r5, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r10, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xc0\n\t"
+        "orr	r11, r11, #0xaf00\n\t"
+#else
+        "mov	r11, #0xafc0\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x130000\n\t"
+#else
+        "movt	r11, #0x13\n\t"
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xbf\n\t"
+        "orr	r11, r11, #0x4e00\n\t"
+#else
+        "mov	r11, #0x4ebf\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r2\n\t"
+        "smulwt	lr, r11, r2\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r2, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r2, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r2, #16\n\t"
+#else
+        "sbfx	lr, r2, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r2, lr, lsl #16\n\t"
+        "sub	r2, r2, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff0000\n\t"
+        "bic	r2, r2, #0xff000000\n\t"
+        "orr	r2, r2, lr, lsl #16\n\t"
+#else
+        "bfi	r2, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r3\n\t"
+        "smulwt	lr, r11, r3\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r3, #16\n\t"
+#else
+        "sbfx	lr, r3, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r3, lr, lsl #16\n\t"
+        "sub	r3, r3, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff0000\n\t"
+        "bic	r3, r3, #0xff000000\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+#else
+        "bfi	r3, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r4\n\t"
+        "smulwt	lr, r11, r4\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r4, #16\n\t"
+#else
+        "sbfx	lr, r4, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r4, lr, lsl #16\n\t"
+        "sub	r4, r4, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff0000\n\t"
+        "bic	r4, r4, #0xff000000\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+#else
+        "bfi	r4, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r5\n\t"
+        "smulwt	lr, r11, r5\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r5, #16\n\t"
+#else
+        "sbfx	lr, r5, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r5, lr, lsl #16\n\t"
+        "sub	r5, r5, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff0000\n\t"
+        "bic	r5, r5, #0xff000000\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+#else
+        "bfi	r5, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #4]\n\t"
+        "str	r4, [%[r], #8]\n\t"
+        "str	r5, [%[r], #12]\n\t"
+        "str	r6, [%[r], #16]\n\t"
+        "str	r7, [%[r], #20]\n\t"
+        "str	r8, [%[r], #24]\n\t"
+        "str	r9, [%[r], #28]\n\t"
+        "ldr	r3, [sp, #4]\n\t"
+        "add	r3, r3, #16\n\t"
+        "rsbs	r12, r3, #0x100\n\t"
+        "add	%[r], %[r], #32\n\t"
+        "bne	L_mlkem_invntt_loop_765_%=\n\t"
+        "sub	%[r], %[r], #0x200\n\t"
+        "mov	r3, #0\n\t"
+        "\n"
+    "L_mlkem_invntt_loop_4_j_%=: \n\t"
+        "str	r3, [sp, #4]\n\t"
+        "add	r11, r1, r3, lsr #4\n\t"
+        "mov	r2, #4\n\t"
+        "ldr	r11, [r11, #224]\n\t"
+        "\n"
+    "L_mlkem_invntt_loop_4_i_%=: \n\t"
+        "str	r2, [sp]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #16]\n\t"
+        "ldr	r4, [%[r], #32]\n\t"
+        "ldr	r5, [%[r], #48]\n\t"
+        "ldr	r6, [%[r], #64]\n\t"
+        "ldr	r7, [%[r], #80]\n\t"
+        "ldr	r8, [%[r], #96]\n\t"
+        "ldr	r9, [%[r], #112]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r4\n\t"
+        "sadd16	r2, r2, r4\n\t"
+        "smulbt	r4, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	r4, r10, lr, r4\n\t"
+        "pkhtb	r4, r4, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r4\n\t"
+        "add	r10, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r4\n\t"
+        "add	r2, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r4, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r4, r10, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r5\n\t"
+        "sadd16	r3, r3, r5\n\t"
+        "smulbt	r5, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r5\n\t"
+        "add	r10, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r5\n\t"
+        "add	r3, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r8\n\t"
+        "sadd16	r6, r6, r8\n\t"
+        "smultt	r8, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r8\n\t"
+        "add	r10, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r8\n\t"
+        "add	r6, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r7, r9\n\t"
+        "sadd16	r7, r7, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r7, r9\n\t"
+        "add	r10, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+        "sub	r12, r7, r9\n\t"
+        "add	r7, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r10, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #16]\n\t"
+        "str	r4, [%[r], #32]\n\t"
+        "str	r5, [%[r], #48]\n\t"
+        "str	r6, [%[r], #64]\n\t"
+        "str	r7, [%[r], #80]\n\t"
+        "str	r8, [%[r], #96]\n\t"
+        "str	r9, [%[r], #112]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "ldm	sp, {r2, r3}\n\t"
+#else
+        "ldrd	r2, r3, [sp]\n\t"
+#endif
+        "subs	r2, r2, #1\n\t"
+        "add	%[r], %[r], #4\n\t"
+        "bne	L_mlkem_invntt_loop_4_i_%=\n\t"
+        "add	r3, r3, #0x40\n\t"
+        "rsbs	r12, r3, #0x100\n\t"
+        "add	%[r], %[r], #0x70\n\t"
+        "bne	L_mlkem_invntt_loop_4_j_%=\n\t"
+        "sub	%[r], %[r], #0x200\n\t"
+        "mov	r2, #16\n\t"
+        "\n"
+    "L_mlkem_invntt_loop_321_%=: \n\t"
+        "str	r2, [sp]\n\t"
+        "ldrh	r11, [r1, #2]\n\t"
+        "ldr	r2, [%[r]]\n\t"
+        "ldr	r3, [%[r], #64]\n\t"
+        "ldr	r4, [%[r], #128]\n\t"
+        "ldr	r5, [%[r], #192]\n\t"
+        "ldr	r6, [%[r], #256]\n\t"
+        "ldr	r7, [%[r], #320]\n\t"
+        "ldr	r8, [%[r], #384]\n\t"
+        "ldr	r9, [%[r], #448]\n\t"
+        "ldr	r11, [r1, #240]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r3\n\t"
+        "sadd16	r2, r2, r3\n\t"
+        "smulbt	r3, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	r3, r10, lr, r3\n\t"
+        "pkhtb	r3, r3, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r3\n\t"
+        "add	r10, r2, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r3\n\t"
+        "add	r2, r2, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r3, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r3, r10, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r4, r5\n\t"
+        "sadd16	r4, r4, r5\n\t"
+        "smultt	r5, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r4, r5\n\t"
+        "add	r10, r4, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+        "sub	r12, r4, r5\n\t"
+        "add	r4, r4, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #244]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r7\n\t"
+        "sadd16	r6, r6, r7\n\t"
+        "smulbt	r7, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r7\n\t"
+        "add	r10, r6, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r7\n\t"
+        "add	r6, r6, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r7, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r8, r9\n\t"
+        "sadd16	r8, r8, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r8, r9\n\t"
+        "add	r10, r8, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+        "sub	r12, r8, r9\n\t"
+        "add	r8, r8, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r10, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #248]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r4\n\t"
+        "sadd16	r2, r2, r4\n\t"
+        "smulbt	r4, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	r4, r10, lr, r4\n\t"
+        "pkhtb	r4, r4, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r4\n\t"
+        "add	r10, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r4\n\t"
+        "add	r2, r2, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r4, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r4, r10, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r5\n\t"
+        "sadd16	r3, r3, r5\n\t"
+        "smulbt	r5, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r5\n\t"
+        "add	r10, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r5\n\t"
+        "add	r3, r3, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r5, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r6, r8\n\t"
+        "sadd16	r6, r6, r8\n\t"
+        "smultt	r8, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r6, r8\n\t"
+        "add	r10, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "sub	r12, r6, r8\n\t"
+        "add	r6, r6, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r10, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r7, r9\n\t"
+        "sadd16	r7, r7, r9\n\t"
+        "smultt	r9, r11, r12\n\t"
+        "smultb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r7, r9\n\t"
+        "add	r10, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+        "sub	r12, r7, r9\n\t"
+        "add	r7, r7, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r10, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r11, #16\n\t"
+#else
+        "sbfx	lr, r11, #16, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xc0\n\t"
+        "orr	r11, r11, #0xaf00\n\t"
+#else
+        "mov	r11, #0xafc0\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x130000\n\t"
+#else
+        "movt	r11, #0x13\n\t"
+#endif
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r11, #0xbf\n\t"
+        "orr	r11, r11, #0x4e00\n\t"
+#else
+        "mov	r11, #0x4ebf\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r2\n\t"
+        "smulwt	lr, r11, r2\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r2, r2, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r2, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r2, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r2, #16\n\t"
+#else
+        "sbfx	lr, r2, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r2, lr, lsl #16\n\t"
+        "sub	r2, r2, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff0000\n\t"
+        "bic	r2, r2, #0xff000000\n\t"
+        "orr	r2, r2, lr, lsl #16\n\t"
+#else
+        "bfi	r2, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r3\n\t"
+        "smulwt	lr, r11, r3\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r3, r3, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r3, #16\n\t"
+#else
+        "sbfx	lr, r3, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r3, lr, lsl #16\n\t"
+        "sub	r3, r3, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff0000\n\t"
+        "bic	r3, r3, #0xff000000\n\t"
+        "orr	r3, r3, lr, lsl #16\n\t"
+#else
+        "bfi	r3, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r4\n\t"
+        "smulwt	lr, r11, r4\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r4, r4, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r4, #16\n\t"
+#else
+        "sbfx	lr, r4, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r4, lr, lsl #16\n\t"
+        "sub	r4, r4, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff0000\n\t"
+        "bic	r4, r4, #0xff000000\n\t"
+        "orr	r4, r4, lr, lsl #16\n\t"
+#else
+        "bfi	r4, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulwb	r12, r11, r5\n\t"
+        "smulwt	lr, r11, r5\n\t"
+        "smulbt	r12, r10, r12\n\t"
+        "smulbt	lr, r10, lr\n\t"
+        "pkhbt	r12, r12, lr, LSL #16\n\t"
+        "ssub16	r5, r5, r12\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	lr, r5, #16\n\t"
+#else
+        "sbfx	lr, r5, #16, #16\n\t"
+#endif
+        "mul	r12, r11, r12\n\t"
+        "mul	lr, r11, lr\n\t"
+        "asr	r12, r12, #26\n\t"
+        "asr	lr, lr, #26\n\t"
+        "mul	r12, r10, r12\n\t"
+        "mul	lr, r10, lr\n\t"
+        "sub	lr, r5, lr, lsl #16\n\t"
+        "sub	r5, r5, r12\n\t"
+        "lsr	lr, lr, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff0000\n\t"
+        "bic	r5, r5, #0xff000000\n\t"
+        "orr	r5, r5, lr, lsl #16\n\t"
+#else
+        "bfi	r5, lr, #16, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #252]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r2, r6\n\t"
+        "sadd16	r2, r2, r6\n\t"
+        "smulbt	r6, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	r6, r10, lr, r6\n\t"
+        "pkhtb	r6, r6, r12, ASR #16\n\t"
+#else
+        "sub	lr, r2, r6\n\t"
+        "add	r10, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r2, r2, #0xff\n\t"
+        "bic	r2, r2, #0xff00\n\t"
+#else
+        "bfc	r2, #0, #16\n\t"
+#endif
+        "sub	r12, r2, r6\n\t"
+        "add	r2, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r6, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r6, r10, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r3, r7\n\t"
+        "sadd16	r3, r3, r7\n\t"
+        "smulbt	r7, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+        "sub	lr, r3, r7\n\t"
+        "add	r10, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r3, r3, #0xff\n\t"
+        "bic	r3, r3, #0xff00\n\t"
+#else
+        "bfc	r3, #0, #16\n\t"
+#endif
+        "sub	r12, r3, r7\n\t"
+        "add	r3, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r7, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r4, r8\n\t"
+        "sadd16	r4, r4, r8\n\t"
+        "smulbt	r8, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+        "sub	lr, r4, r8\n\t"
+        "add	r10, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r4, r4, #0xff\n\t"
+        "bic	r4, r4, #0xff00\n\t"
+#else
+        "bfc	r4, #0, #16\n\t"
+#endif
+        "sub	r12, r4, r8\n\t"
+        "add	r4, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r8, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r12, r5, r9\n\t"
+        "sadd16	r5, r5, r9\n\t"
+        "smulbt	r9, r11, r12\n\t"
+        "smulbb	r12, r11, r12\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+        "sub	lr, r5, r9\n\t"
+        "add	r10, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r5, r5, #0xff\n\t"
+        "bic	r5, r5, #0xff00\n\t"
+#else
+        "bfc	r5, #0, #16\n\t"
+#endif
+        "sub	r12, r5, r9\n\t"
+        "add	r5, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r12, r12, #16\n\t"
+        "orr	r12, r12, lr, lsl #16\n\t"
+        "ror	r12, r12, #16\n\t"
+#else
+        "bfi	r12, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r10, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r10, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+        "asr	r10, r12, #16\n\t"
+        "mul	r9, lr, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r12, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r12, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r12, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r12, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "ldr	r11, [r1, #254]\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r2\n\t"
+        "smulbt	r2, r11, r2\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r2\n\t"
+        "smlabb	r2, r10, lr, r2\n\t"
+        "pkhtb	r2, r2, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r2, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r2, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r2, r2, #16\n\t"
+#else
+        "sbfx	r2, r2, #16, #16\n\t"
+#endif
+        "mul	r2, lr, r2\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r2, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r2, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r2, r10, lr, r2\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r12, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r3\n\t"
+        "smulbt	r3, r11, r3\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r3\n\t"
+        "smlabb	r3, r10, lr, r3\n\t"
+        "pkhtb	r3, r3, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r3, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r3, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r3, r3, #16\n\t"
+#else
+        "sbfx	r3, r3, #16, #16\n\t"
+#endif
+        "mul	r3, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r3, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r3, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r3, r10, lr, r3\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r12, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r4\n\t"
+        "smulbt	r4, r11, r4\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r4\n\t"
+        "smlabb	r4, r10, lr, r4\n\t"
+        "pkhtb	r4, r4, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r4, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r4, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r4, r4, #16\n\t"
+#else
+        "sbfx	r4, r4, #16, #16\n\t"
+#endif
+        "mul	r4, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r4, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r4, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r4, r10, lr, r4\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r12, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r5\n\t"
+        "smulbt	r5, r11, r5\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r5\n\t"
+        "smlabb	r5, r10, lr, r5\n\t"
+        "pkhtb	r5, r5, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r5, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r5, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r5, r5, #16\n\t"
+#else
+        "sbfx	r5, r5, #16, #16\n\t"
+#endif
+        "mul	r5, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r5, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r5, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r5, r10, lr, r5\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r12, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r6\n\t"
+        "smulbt	r6, r11, r6\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r6\n\t"
+        "smlabb	r6, r10, lr, r6\n\t"
+        "pkhtb	r6, r6, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r6, r6, #16\n\t"
+#else
+        "sbfx	r6, r6, #16, #16\n\t"
+#endif
+        "mul	r6, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r6, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r6, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r6, r10, lr, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r6, r6, #16\n\t"
+        "orr	r6, r6, r12, lsl #16\n\t"
+        "ror	r6, r6, #16\n\t"
+#else
+        "bfi	r6, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r7\n\t"
+        "smulbt	r7, r11, r7\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r7\n\t"
+        "smlabb	r7, r10, lr, r7\n\t"
+        "pkhtb	r7, r7, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r7, r7, #16\n\t"
+#else
+        "sbfx	r7, r7, #16, #16\n\t"
+#endif
+        "mul	r7, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r7, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r7, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r7, r10, lr, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r7, #16\n\t"
+        "orr	r7, r7, r12, lsl #16\n\t"
+        "ror	r7, r7, #16\n\t"
+#else
+        "bfi	r7, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r8\n\t"
+        "smulbt	r8, r11, r8\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r8\n\t"
+        "smlabb	r8, r10, lr, r8\n\t"
+        "pkhtb	r8, r8, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r8, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r8, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r8, r8, #16\n\t"
+#else
+        "sbfx	r8, r8, #16, #16\n\t"
+#endif
+        "mul	r8, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r8, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r8, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r8, r10, lr, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r8, r8, #16\n\t"
+        "orr	r8, r8, r12, lsl #16\n\t"
+        "ror	r8, r8, #16\n\t"
+#else
+        "bfi	r8, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smulbb	r12, r11, r9\n\t"
+        "smulbt	r9, r11, r9\n\t"
+        "smultb	lr, r10, r12\n\t"
+        "smlabb	r12, r10, lr, r12\n\t"
+        "smultb	lr, r10, r9\n\t"
+        "smlabb	r9, r10, lr, r9\n\t"
+        "pkhtb	r9, r9, r12, ASR #16\n\t"
+#else
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r11, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r11, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r9, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r9, #0, #16\n\t"
+#endif
+        "mul	r12, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #16, #16\n\t"
+#endif
+        "mul	r9, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+        "mul	lr, r10, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "mla	r12, r10, lr, r12\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0xc00\n\t"
+#else
+        "mov	r10, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, r9, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, r9, #0, #16\n\t"
+#endif
+        "mul	lr, r10, lr\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r10, #0x1\n\t"
+        "orr	r10, r10, #0xd00\n\t"
+#else
+        "mov	r10, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	lr, lr, #16\n\t"
+        "asr	lr, lr, #16\n\t"
+#else
+        "sbfx	lr, lr, #0, #16\n\t"
+#endif
+        "lsr	r12, r12, #16\n\t"
+        "mla	r9, r10, lr, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r9, r9, #16\n\t"
+        "orr	r9, r9, r12, lsl #16\n\t"
+        "ror	r9, r9, #16\n\t"
+#else
+        "bfi	r9, r12, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "str	r2, [%[r]]\n\t"
+        "str	r3, [%[r], #64]\n\t"
+        "str	r4, [%[r], #128]\n\t"
+        "str	r5, [%[r], #192]\n\t"
+        "str	r6, [%[r], #256]\n\t"
+        "str	r7, [%[r], #320]\n\t"
+        "str	r8, [%[r], #384]\n\t"
+        "str	r9, [%[r], #448]\n\t"
+        "ldr	r2, [sp]\n\t"
+        "subs	r2, r2, #1\n\t"
+        "add	%[r], %[r], #4\n\t"
+        "bne	L_mlkem_invntt_loop_321_%=\n\t"
+        "add	sp, sp, #8\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [r] "+r" (r),
+          [L_mlkem_invntt_zetas_inv] "+r" (L_mlkem_invntt_zetas_inv_c)
+        :
+#else
+        :
+        : [r] "r" (r),
+          [L_mlkem_invntt_zetas_inv] "r" (L_mlkem_invntt_zetas_inv_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
+    );
+}
+
+static const word16 L_mlkem_basemul_mont_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714,
+    0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6,
+    0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f,
+    0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260,
+    0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x028c, 0x0ad9, 0x03f7,
+    0x07f4, 0x05d3, 0x0be7, 0x06f9,
+    0x0204, 0x0cf9, 0x0bc1, 0x0a67,
+    0x06af, 0x0877, 0x007e, 0x05bd,
+    0x09ac, 0x0ca7, 0x0bf2, 0x033e,
+    0x006b, 0x0774, 0x0c0a, 0x094a,
+    0x0b73, 0x03c1, 0x071d, 0x0a2c,
+    0x01c0, 0x08d8, 0x02a5, 0x0806,
+    0x08b2, 0x01ae, 0x022b, 0x034b,
+    0x081e, 0x0367, 0x060e, 0x0069,
+    0x01a6, 0x024b, 0x00b1, 0x0c16,
+    0x0bde, 0x0b35, 0x0626, 0x0675,
+    0x0c0b, 0x030a, 0x0487, 0x0c6e,
+    0x09f8, 0x05cb, 0x0aa7, 0x045f,
+    0x06cb, 0x0284, 0x0999, 0x015d,
+    0x01a2, 0x0149, 0x0c65, 0x0cb6,
+    0x0331, 0x0449, 0x025b, 0x0262,
+    0x052a, 0x07fc, 0x0748, 0x0180,
+    0x0842, 0x0c79, 0x04c2, 0x07ca,
+    0x0997, 0x00dc, 0x085e, 0x0686,
+    0x0860, 0x0707, 0x0803, 0x031a,
+    0x071b, 0x09ab, 0x099b, 0x01de,
+    0x0c95, 0x0bcd, 0x03e4, 0x03df,
+    0x03be, 0x074d, 0x05f2, 0x065c,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void mlkem_arm32_basemul_mont(sword16* r_p, const sword16* a_p,
+    const sword16* b_p)
+#else
+void mlkem_arm32_basemul_mont(sword16* r, const sword16* a, const sword16* b)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r asm ("r0") = (sword16*)r_p;
+    register const sword16* a asm ("r1") = (const sword16*)a_p;
+    register const sword16* b asm ("r2") = (const sword16*)b_p;
+    register word16* L_mlkem_basemul_mont_zetas_c asm ("r3") =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+#else
+    register word16* L_mlkem_basemul_mont_zetas_c =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "mov	r3, %[L_mlkem_basemul_mont_zetas]\n\t"
+        "add	r3, r3, #0x80\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xc000000\n\t"
+        "orr	r12, r12, #0xff0000\n\t"
+#else
+        "movt	r12, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r8, #0\n\t"
+        "\n"
+    "L_mlkem_basemul_mont_loop_%=: \n\t"
+        "ldm	%[a]!, {r4, r5}\n\t"
+        "ldm	%[b]!, {r6, r7}\n\t"
+        "ldr	lr, [r3, r8]\n\t"
+        "add	r8, r8, #2\n\t"
+        "push	{r8}\n\t"
+        "cmp	r8, #0x80\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultt	r8, r4, r6\n\t"
+        "smultt	r10, r5, r7\n\t"
+        "smultb	r9, r12, r8\n\t"
+        "smultb	r11, r12, r10\n\t"
+        "smlabb	r8, r12, r9, r8\n\t"
+        "smlabb	r10, r12, r11, r10\n\t"
+        "rsb	r11, lr, #0\n\t"
+        "smulbt	r8, lr, r8\n\t"
+        "smulbt	r10, r11, r10\n\t"
+        "smlabb	r8, r4, r6, r8\n\t"
+        "smlabb	r10, r5, r7, r10\n\t"
+        "smultb	r9, r12, r8\n\t"
+        "smultb	r11, r12, r10\n\t"
+        "smlabb	r8, r12, r9, r8\n\t"
+        "smlabb	r10, r12, r11, r10\n\t"
+        "smulbt	r9, r4, r6\n\t"
+        "smulbt	r11, r5, r7\n\t"
+        "smlatb	r9, r4, r6, r9\n\t"
+        "smlatb	r11, r5, r7, r11\n\t"
+        "smultb	r6, r12, r9\n\t"
+        "smultb	r7, r12, r11\n\t"
+        "smlabb	r9, r12, r6, r9\n\t"
+        "smlabb	r11, r12, r7, r11\n\t"
+        "pkhtb	r4, r9, r8, ASR #16\n\t"
+        "pkhtb	r5, r11, r10, ASR #16\n\t"
+#else
+        "asr	r8, r4, #16\n\t"
+        "asr	r10, r5, #16\n\t"
+        "asr	r9, r6, #16\n\t"
+        "asr	r11, r7, #16\n\t"
+        "mul	r8, r9, r8\n\t"
+        "mul	r10, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0xc00\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r8, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r10, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r10, #0, #16\n\t"
+#endif
+        "mul	r9, r12, r8\n\t"
+        "mul	r11, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r9, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "mla	r8, r12, r9, r8\n\t"
+        "mla	r10, r12, r11, r10\n\t"
+        "rsb	r11, lr, #0\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, lr, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "asr	r10, r10, #16\n\t"
+        "mul	r8, r9, r8\n\t"
+        "mul	r10, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r4, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r5, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mla	r8, r9, r12, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mla	r10, r11, r12, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0xc00\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r8, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r10, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r10, #0, #16\n\t"
+#endif
+        "mul	r9, r12, r9\n\t"
+        "mul	r11, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r9, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "mla	r8, r12, r9, r8\n\t"
+        "mla	r10, r12, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r4, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r5, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r5, #0, #16\n\t"
+#endif
+        "asr	r12, r6, #16\n\t"
+        "mul	r9, r12, r9\n\t"
+        "asr	r12, r7, #16\n\t"
+        "mul	r11, r12, r11\n\t"
+        "asr	r4, r4, #16\n\t"
+        "asr	r5, r5, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mla	r9, r4, r12, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mla	r11, r5, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0xc00\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r6, r9, #16\n\t"
+        "asr	r6, r6, #16\n\t"
+#else
+        "sbfx	r6, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r11, #16\n\t"
+        "asr	r7, r7, #16\n\t"
+#else
+        "sbfx	r7, r11, #0, #16\n\t"
+#endif
+        "mul	r6, r12, r6\n\t"
+        "mul	r7, r12, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r4, r6, #16\n\t"
+        "asr	r4, r4, #16\n\t"
+#else
+        "sbfx	r4, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r5, r7, #16\n\t"
+        "asr	r5, r5, #16\n\t"
+#else
+        "sbfx	r5, r7, #0, #16\n\t"
+#endif
+        "mla	r9, r12, r4, r9\n\t"
+        "mla	r11, r12, r5, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r11, r11, #0xff\n\t"
+        "bic	r11, r11, #0xff00\n\t"
+#else
+        "bfc	r11, #0, #16\n\t"
+#endif
+        "orr	r4, r9, r8, lsr #16\n\t"
+        "orr	r5, r11, r10, lsr #16\n\t"
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "stm	%[r]!, {r4, r5}\n\t"
+        "pop	{r8}\n\t"
+        "bne	L_mlkem_basemul_mont_loop_%=\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b),
+          [L_mlkem_basemul_mont_zetas] "+r" (L_mlkem_basemul_mont_zetas_c)
+        :
+#else
+        :
+        : [r] "r" (r), [a] "r" (a), [b] "r" (b),
+          [L_mlkem_basemul_mont_zetas] "r" (L_mlkem_basemul_mont_zetas_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void mlkem_arm32_basemul_mont_add(sword16* r_p, const sword16* a_p,
+    const sword16* b_p)
+#else
+void mlkem_arm32_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r asm ("r0") = (sword16*)r_p;
+    register const sword16* a asm ("r1") = (const sword16*)a_p;
+    register const sword16* b asm ("r2") = (const sword16*)b_p;
+    register word16* L_mlkem_basemul_mont_zetas_c asm ("r3") =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+#else
+    register word16* L_mlkem_basemul_mont_zetas_c =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "mov	r3, %[L_mlkem_basemul_mont_zetas]\n\t"
+        "add	r3, r3, #0x80\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r12, r12, #0xc000000\n\t"
+        "orr	r12, r12, #0xff0000\n\t"
+#else
+        "movt	r12, #0xcff\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r8, #0\n\t"
+        "\n"
+    "L_mlkem_arm32_basemul_mont_add_loop_%=: \n\t"
+        "ldm	%[a]!, {r4, r5}\n\t"
+        "ldm	%[b]!, {r6, r7}\n\t"
+        "ldr	lr, [r3, r8]\n\t"
+        "add	r8, r8, #2\n\t"
+        "push	{r8}\n\t"
+        "cmp	r8, #0x80\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "smultt	r8, r4, r6\n\t"
+        "smultt	r10, r5, r7\n\t"
+        "smultb	r9, r12, r8\n\t"
+        "smultb	r11, r12, r10\n\t"
+        "smlabb	r8, r12, r9, r8\n\t"
+        "smlabb	r10, r12, r11, r10\n\t"
+        "rsb	r11, lr, #0\n\t"
+        "smulbt	r8, lr, r8\n\t"
+        "smulbt	r10, r11, r10\n\t"
+        "smlabb	r8, r4, r6, r8\n\t"
+        "smlabb	r10, r5, r7, r10\n\t"
+        "smultb	r9, r12, r8\n\t"
+        "smultb	r11, r12, r10\n\t"
+        "smlabb	r8, r12, r9, r8\n\t"
+        "smlabb	r10, r12, r11, r10\n\t"
+        "smulbt	r9, r4, r6\n\t"
+        "smulbt	r11, r5, r7\n\t"
+        "smlatb	r9, r4, r6, r9\n\t"
+        "smlatb	r11, r5, r7, r11\n\t"
+        "smultb	r6, r12, r9\n\t"
+        "smultb	r7, r12, r11\n\t"
+        "smlabb	r9, r12, r6, r9\n\t"
+        "smlabb	r11, r12, r7, r11\n\t"
+        "ldm	%[r], {r4, r5}\n\t"
+        "pkhtb	r9, r9, r8, ASR #16\n\t"
+        "pkhtb	r11, r11, r10, ASR #16\n\t"
+        "sadd16	r4, r4, r9\n\t"
+        "sadd16	r5, r5, r11\n\t"
+#else
+        "asr	r8, r4, #16\n\t"
+        "asr	r10, r5, #16\n\t"
+        "asr	r9, r6, #16\n\t"
+        "asr	r11, r7, #16\n\t"
+        "mul	r8, r9, r8\n\t"
+        "mul	r10, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0xc00\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r8, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r10, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r10, #0, #16\n\t"
+#endif
+        "mul	r9, r12, r8\n\t"
+        "mul	r11, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r9, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "mla	r8, r12, r9, r8\n\t"
+        "mla	r10, r12, r11, r10\n\t"
+        "rsb	r11, lr, #0\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, lr, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, lr, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "asr	r8, r8, #16\n\t"
+        "asr	r10, r10, #16\n\t"
+        "mul	r8, r9, r8\n\t"
+        "mul	r10, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r4, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r5, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r5, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mla	r8, r9, r12, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mla	r10, r11, r12, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0xc00\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r8, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r10, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r10, #0, #16\n\t"
+#endif
+        "mul	r9, r12, r9\n\t"
+        "mul	r11, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r9, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r11, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r11, #0, #16\n\t"
+#endif
+        "mla	r8, r12, r9, r8\n\t"
+        "mla	r10, r12, r11, r10\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r9, r4, #16\n\t"
+        "asr	r9, r9, #16\n\t"
+#else
+        "sbfx	r9, r4, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r11, r5, #16\n\t"
+        "asr	r11, r11, #16\n\t"
+#else
+        "sbfx	r11, r5, #0, #16\n\t"
+#endif
+        "asr	r12, r6, #16\n\t"
+        "mul	r9, r12, r9\n\t"
+        "asr	r12, r7, #16\n\t"
+        "mul	r11, r12, r11\n\t"
+        "asr	r4, r4, #16\n\t"
+        "asr	r5, r5, #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r6, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r6, #0, #16\n\t"
+#endif
+        "mla	r9, r4, r12, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r12, r7, #16\n\t"
+        "asr	r12, r12, #16\n\t"
+#else
+        "sbfx	r12, r7, #0, #16\n\t"
+#endif
+        "mla	r11, r5, r12, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0xc00\n\t"
+#else
+        "mov	r12, #0xcff\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r6, r9, #16\n\t"
+        "asr	r6, r6, #16\n\t"
+#else
+        "sbfx	r6, r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r11, #16\n\t"
+        "asr	r7, r7, #16\n\t"
+#else
+        "sbfx	r7, r11, #0, #16\n\t"
+#endif
+        "mul	r6, r12, r6\n\t"
+        "mul	r7, r12, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r4, r6, #16\n\t"
+        "asr	r4, r4, #16\n\t"
+#else
+        "sbfx	r4, r6, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r5, r7, #16\n\t"
+        "asr	r5, r5, #16\n\t"
+#else
+        "sbfx	r5, r7, #0, #16\n\t"
+#endif
+        "mla	r9, r12, r4, r9\n\t"
+        "mla	r11, r12, r5, r11\n\t"
+        "ldm	%[r], {r4, r5}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r11, r11, #0xff\n\t"
+        "bic	r11, r11, #0xff00\n\t"
+#else
+        "bfc	r11, #0, #16\n\t"
+#endif
+        "orr	r9, r9, r8, lsr #16\n\t"
+        "orr	r11, r11, r10, lsr #16\n\t"
+        "add	r8, r4, r9\n\t"
+        "add	r10, r5, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r11, r11, #0xff\n\t"
+        "bic	r11, r11, #0xff00\n\t"
+#else
+        "bfc	r11, #0, #16\n\t"
+#endif
+        "add	r4, r4, r9\n\t"
+        "add	r5, r5, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r8, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r8, #0, #16\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r10, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r10, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "stm	%[r]!, {r4, r5}\n\t"
+        "pop	{r8}\n\t"
+        "bne	L_mlkem_arm32_basemul_mont_add_loop_%=\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b),
+          [L_mlkem_basemul_mont_zetas] "+r" (L_mlkem_basemul_mont_zetas_c)
+        :
+#else
+        :
+        : [r] "r" (r), [a] "r" (a), [b] "r" (b),
+          [L_mlkem_basemul_mont_zetas] "r" (L_mlkem_basemul_mont_zetas_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void mlkem_arm32_csubq(sword16* p_p)
+#else
+void mlkem_arm32_csubq(sword16* p)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* p asm ("r0") = (sword16*)p_p;
+    register word16* L_mlkem_basemul_mont_zetas_c asm ("r1") =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+#else
+    register word16* L_mlkem_basemul_mont_zetas_c =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r12, #0x1\n\t"
+        "orr	r12, r12, #0xd00\n\t"
+#else
+        "mov	r12, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	lr, #0x1\n\t"
+        "orr	lr, lr, #0xd00\n\t"
+#else
+        "mov	lr, #0xd01\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	lr, lr, #0xd000000\n\t"
+        "orr	lr, lr, #0x10000\n\t"
+#else
+        "movt	lr, #0xd01\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "mov	r11, #0x8000\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "orr	r11, r11, #0x80000000\n\t"
+#else
+        "movt	r11, #0x8000\n\t"
+#endif
+        "mov	r1, #0x100\n\t"
+        "\n"
+    "L_mlkem_arm32_csubq_loop_%=: \n\t"
+        "ldm	%[p], {r2, r3, r4, r5}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6)
+        "ssub16	r2, r2, lr\n\t"
+        "ssub16	r3, r3, lr\n\t"
+        "ssub16	r4, r4, lr\n\t"
+        "ssub16	r5, r5, lr\n\t"
+        "and	r6, r2, r11\n\t"
+        "and	r7, r3, r11\n\t"
+        "and	r8, r4, r11\n\t"
+        "and	r9, r5, r11\n\t"
+        "lsr	r6, r6, #15\n\t"
+        "lsr	r7, r7, #15\n\t"
+        "lsr	r8, r8, #15\n\t"
+        "lsr	r9, r9, #15\n\t"
+        "mul	r6, r12, r6\n\t"
+        "mul	r7, r12, r7\n\t"
+        "mul	r8, r12, r8\n\t"
+        "mul	r9, r12, r9\n\t"
+        "sadd16	r2, r2, r6\n\t"
+        "sadd16	r3, r3, r7\n\t"
+        "sadd16	r4, r4, r8\n\t"
+        "sadd16	r5, r5, r9\n\t"
+#else
+        "sub	r6, r2, lr\n\t"
+        "sub	r2, r2, lr, lsl #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r6, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r6, #0, #16\n\t"
+#endif
+        "sub	r7, r3, lr\n\t"
+        "sub	r3, r3, lr, lsl #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r7, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r7, #0, #16\n\t"
+#endif
+        "sub	r8, r4, lr\n\t"
+        "sub	r4, r4, lr, lsl #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r8, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r8, #0, #16\n\t"
+#endif
+        "sub	r9, r5, lr\n\t"
+        "sub	r5, r5, lr, lsl #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r9, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r9, #0, #16\n\t"
+#endif
+        "and	r6, r2, r11\n\t"
+        "and	r7, r3, r11\n\t"
+        "and	r8, r4, r11\n\t"
+        "and	r9, r5, r11\n\t"
+        "lsr	r6, r6, #15\n\t"
+        "lsr	r7, r7, #15\n\t"
+        "lsr	r8, r8, #15\n\t"
+        "lsr	r9, r9, #15\n\t"
+        "mul	r6, r12, r6\n\t"
+        "mul	r7, r12, r7\n\t"
+        "mul	r8, r12, r8\n\t"
+        "mul	r9, r12, r9\n\t"
+        "add	r10, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r6, r6, #0xff\n\t"
+        "bic	r6, r6, #0xff00\n\t"
+#else
+        "bfc	r6, #0, #16\n\t"
+#endif
+        "add	r2, r2, r6\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r2, r2, #16\n\t"
+        "orr	r2, r2, r10, lsl #16\n\t"
+        "ror	r2, r2, #16\n\t"
+#else
+        "bfi	r2, r10, #0, #16\n\t"
+#endif
+        "add	r10, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff\n\t"
+        "bic	r7, r7, #0xff00\n\t"
+#else
+        "bfc	r7, #0, #16\n\t"
+#endif
+        "add	r3, r3, r7\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r3, r3, #16\n\t"
+        "orr	r3, r3, r10, lsl #16\n\t"
+        "ror	r3, r3, #16\n\t"
+#else
+        "bfi	r3, r10, #0, #16\n\t"
+#endif
+        "add	r10, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r8, r8, #0xff\n\t"
+        "bic	r8, r8, #0xff00\n\t"
+#else
+        "bfc	r8, #0, #16\n\t"
+#endif
+        "add	r4, r4, r8\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r4, r4, #16\n\t"
+        "orr	r4, r4, r10, lsl #16\n\t"
+        "ror	r4, r4, #16\n\t"
+#else
+        "bfi	r4, r10, #0, #16\n\t"
+#endif
+        "add	r10, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r9, r9, #0xff\n\t"
+        "bic	r9, r9, #0xff00\n\t"
+#else
+        "bfc	r9, #0, #16\n\t"
+#endif
+        "add	r5, r5, r9\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r5, r5, #16\n\t"
+        "orr	r5, r5, r10, lsl #16\n\t"
+        "ror	r5, r5, #16\n\t"
+#else
+        "bfi	r5, r10, #0, #16\n\t"
+#endif
+#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */
+        "stm	%[p]!, {r2, r3, r4, r5}\n\t"
+        "subs	r1, r1, #8\n\t"
+        "bne	L_mlkem_arm32_csubq_loop_%=\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [p] "+r" (p),
+          [L_mlkem_basemul_mont_zetas] "+r" (L_mlkem_basemul_mont_zetas_c)
+        :
+#else
+        :
+        : [p] "r" (p),
+          [L_mlkem_basemul_mont_zetas] "r" (L_mlkem_basemul_mont_zetas_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+unsigned int mlkem_arm32_rej_uniform(sword16* p_p, unsigned int len_p,
+    const byte* r_p, unsigned int rLen_p)
+#else
+unsigned int mlkem_arm32_rej_uniform(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* p asm ("r0") = (sword16*)p_p;
+    register unsigned int len asm ("r1") = (unsigned int)len_p;
+    register const byte* r asm ("r2") = (const byte*)r_p;
+    register unsigned int rLen asm ("r3") = (unsigned int)rLen_p;
+    register word16* L_mlkem_basemul_mont_zetas_c asm ("r4") =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+#else
+    register word16* L_mlkem_basemul_mont_zetas_c =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "mov	r8, #0x1\n\t"
+        "orr	r8, r8, #0xd00\n\t"
+#else
+        "mov	r8, #0xd01\n\t"
+#endif
+        "mov	r12, #0\n\t"
+        "\n"
+    "L_mlkem_arm32_rej_uniform_loop_no_fail_%=: \n\t"
+        "cmp	%[len], #8\n\t"
+        "blt	L_mlkem_arm32_rej_uniform_done_no_fail_%=\n\t"
+        "ldm	%[r]!, {r4, r5, r6}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r4, #20\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r4, #0, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r4, #8\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r4, #12, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r4, #24\n\t"
+#else
+        "ubfx	r7, r4, #24, #8\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xf00\n\t"
+        "ror	r7, r7, #12\n\t"
+        "orr	r7, r7, r5, lsl #28\n\t"
+        "ror	r7, r7, #20\n\t"
+#else
+        "bfi	r7, r5, #8, #4\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r5, #16\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r5, #4, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r5, #4\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r5, #16, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r5, #28\n\t"
+#else
+        "ubfx	r7, r5, #28, #4\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff0\n\t"
+        "ror	r7, r7, #12\n\t"
+        "orr	r7, r7, r6, lsl #24\n\t"
+        "ror	r7, r7, #20\n\t"
+#else
+        "bfi	r7, r6, #4, #8\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r6, #12\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r6, #8, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r6, #20\n\t"
+#else
+        "ubfx	r7, r6, #20, #12\n\t"
+#endif
+        "strh	r7, [%[p], r12]\n\t"
+        "sub	lr, r7, r8\n\t"
+        "lsr	lr, lr, #31\n\t"
+        "sub	%[len], %[len], lr\n\t"
+        "add	r12, r12, lr, lsl #1\n\t"
+        "subs	%[rLen], %[rLen], #12\n\t"
+        "bne	L_mlkem_arm32_rej_uniform_loop_no_fail_%=\n\t"
+        "b	L_mlkem_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_mlkem_arm32_rej_uniform_done_no_fail_%=: \n\t"
+        "cmp	%[len], #0\n\t"
+        "beq	L_mlkem_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_mlkem_arm32_rej_uniform_loop_%=: \n\t"
+        "ldm	%[r]!, {r4, r5, r6}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r4, #20\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r4, #0, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_mlkem_arm32_rej_uniform_fail_0_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_mlkem_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_mlkem_arm32_rej_uniform_fail_0_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r4, #8\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r4, #12, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_mlkem_arm32_rej_uniform_fail_1_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_mlkem_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_mlkem_arm32_rej_uniform_fail_1_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r4, #24\n\t"
+#else
+        "ubfx	r7, r4, #24, #8\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xf00\n\t"
+        "ror	r7, r7, #12\n\t"
+        "orr	r7, r7, r5, lsl #28\n\t"
+        "ror	r7, r7, #20\n\t"
+#else
+        "bfi	r7, r5, #8, #4\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_mlkem_arm32_rej_uniform_fail_2_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_mlkem_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_mlkem_arm32_rej_uniform_fail_2_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r5, #16\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r5, #4, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_mlkem_arm32_rej_uniform_fail_3_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_mlkem_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_mlkem_arm32_rej_uniform_fail_3_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r5, #4\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r5, #16, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_mlkem_arm32_rej_uniform_fail_4_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_mlkem_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_mlkem_arm32_rej_uniform_fail_4_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r5, #28\n\t"
+#else
+        "ubfx	r7, r5, #28, #4\n\t"
+#endif
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "bic	r7, r7, #0xff0\n\t"
+        "ror	r7, r7, #12\n\t"
+        "orr	r7, r7, r6, lsl #24\n\t"
+        "ror	r7, r7, #20\n\t"
+#else
+        "bfi	r7, r6, #4, #8\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_mlkem_arm32_rej_uniform_fail_5_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_mlkem_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_mlkem_arm32_rej_uniform_fail_5_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsl	r7, r6, #12\n\t"
+        "lsr	r7, r7, #20\n\t"
+#else
+        "ubfx	r7, r6, #8, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_mlkem_arm32_rej_uniform_fail_6_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_mlkem_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_mlkem_arm32_rej_uniform_fail_6_%=: \n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
+        "lsr	r7, r6, #20\n\t"
+#else
+        "ubfx	r7, r6, #20, #12\n\t"
+#endif
+        "cmp	r7, r8\n\t"
+        "bge	L_mlkem_arm32_rej_uniform_fail_7_%=\n\t"
+        "strh	r7, [%[p], r12]\n\t"
+        "subs	%[len], %[len], #1\n\t"
+        "add	r12, r12, #2\n\t"
+        "beq	L_mlkem_arm32_rej_uniform_done_%=\n\t"
+        "\n"
+    "L_mlkem_arm32_rej_uniform_fail_7_%=: \n\t"
+        "subs	%[rLen], %[rLen], #12\n\t"
+        "bgt	L_mlkem_arm32_rej_uniform_loop_%=\n\t"
+        "\n"
+    "L_mlkem_arm32_rej_uniform_done_%=: \n\t"
+        "lsr	r0, r12, #1\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen),
+          [L_mlkem_basemul_mont_zetas] "+r" (L_mlkem_basemul_mont_zetas_c)
+        :
+#else
+        :
+        : [p] "r" (p), [len] "r" (len), [r] "r" (r), [rLen] "r" (rLen),
+          [L_mlkem_basemul_mont_zetas] "r" (L_mlkem_basemul_mont_zetas_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8"
+    );
+    return (word32)(size_t)p;
+}
+
+#endif /* WOLFSSL_WC_MLKEM */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S
new file mode 100644
index 000000000..4c6b93212
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S
@@ -0,0 +1,1293 @@
+/* armv8-32-poly1305-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./poly1305/poly1305.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifdef HAVE_POLY1305
+#ifdef WOLFSSL_ARMASM_NO_NEON
+	.text
+	.align	4
+	.globl	poly1305_arm32_blocks_16
+	.type	poly1305_arm32_blocks_16, %function
+poly1305_arm32_blocks_16:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #28
+	cmp	r2, #0
+	beq	L_poly1305_arm32_16_done
+	add	lr, sp, #12
+	stm	lr, {r0, r1, r2, r3}
+	# Get h pointer
+	add	lr, r0, #16
+	ldm	lr, {r4, r5, r6, r7, r8}
+L_poly1305_arm32_16_loop:
+	# Add m to h
+	ldr	r1, [sp, #16]
+	ldr	r2, [r1]
+	ldr	r3, [r1, #4]
+	ldr	r9, [r1, #8]
+	ldr	r10, [r1, #12]
+	ldr	r11, [sp, #24]
+	adds	r4, r4, r2
+	adcs	r5, r5, r3
+	adcs	r6, r6, r9
+	adcs	r7, r7, r10
+	add	r1, r1, #16
+	adc	r8, r8, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	stm	lr, {r4, r5, r6, r7, r8}
+#else
+	# h[0]-h[2] in r4-r6 for multiplication.
+	str	r7, [lr, #12]
+	str	r8, [lr, #16]
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+	str	r1, [sp, #16]
+	ldr	r1, [sp, #12]
+	# Multiply h by r
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	# r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i]
+	ldr	r3, [r1]
+	eor	r0, r0, r0
+	# r[0] * h[0]
+	# h[0] in r4
+	umull	r4, r5, r3, r4
+	# r[0] * h[2]
+	# h[2] in r6
+	umull	r6, r7, r3, r6
+	# r[0] * h[4]
+	# h[4] in r8
+	mul	r8, r3, r8
+	# r[0] * h[1]
+	ldr	r2, [lr, #4]
+	mov	r12, r0
+	umlal	r5, r12, r3, r2
+	# r[0] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r6, r6, r12
+	adc	r7, r7, r0
+	umlal	r7, r8, r3, r2
+	# r[1] * h[0]
+	ldr	r3, [r1, #4]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r5, r12, r3, r2
+	# r[1] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r6, r6, r12
+	adc	r12, r0, r0
+	umlal	r6, r12, r3, r2
+	# r[1] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r7, r7, r12
+	adc	r12, r0, r0
+	umlal	r7, r12, r3, r2
+	# r[1] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r8, r8, r12
+	adc	r9, r0, r0
+	umlal	r8, r9, r3, r2
+	# r[1] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r9, r3, r2, r9
+	# r[2] * h[0]
+	ldr	r3, [r1, #8]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r6, r12, r3, r2
+	# r[2] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r7, r7, r12
+	adc	r12, r0, r0
+	umlal	r7, r12, r3, r2
+	# r[2] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r8, r8, r12
+	adc	r12, r0, r0
+	umlal	r8, r12, r3, r2
+	# r[2] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r9, r9, r12
+	adc	r10, r0, r0
+	umlal	r9, r10, r3, r2
+	# r[2] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r10, r3, r2, r10
+	# r[3] * h[0]
+	ldr	r3, [r1, #12]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r7, r12, r3, r2
+	# r[3] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r8, r8, r12
+	adc	r12, r0, r0
+	umlal	r8, r12, r3, r2
+	# r[3] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r9, r9, r12
+	adc	r10, r10, r0
+	umlal	r9, r10, r3, r2
+	# r[3] * h[3]
+	ldr	r2, [lr, #12]
+	mov	r11, r0
+	umlal	r10, r11, r3, r2
+	# r[3] * h[4]
+	ldr	r2, [lr, #16]
+	mov	r12, r0
+	mla	r11, r3, r2, r11
+#else
+	ldm	r1, {r0, r1, r2, r3}
+	# r[0] * h[0]
+	umull	r10, r11, r0, r4
+	# r[1] * h[0]
+	umull	r12, r7, r1, r4
+	# r[0] * h[1]
+	umaal	r11, r12, r0, r5
+	# r[2] * h[0]
+	umull	r8, r9, r2, r4
+	# r[1] * h[1]
+	umaal	r12, r8, r1, r5
+	# r[0] * h[2]
+	umaal	r12, r7, r0, r6
+	# r[3] * h[0]
+	umaal	r8, r9, r3, r4
+	stm	sp, {r10, r11, r12}
+	# r[2] * h[1]
+	umaal	r7, r8, r2, r5
+	# Replace h[0] with h[3]
+	ldr	r4, [lr, #12]
+	# r[1] * h[2]
+	umull	r10, r11, r1, r6
+	# r[2] * h[2]
+	umaal	r8, r9, r2, r6
+	# r[0] * h[3]
+	umaal	r7, r10, r0, r4
+	# r[3] * h[1]
+	umaal	r8, r11, r3, r5
+	# r[1] * h[3]
+	umaal	r8, r10, r1, r4
+	# r[3] * h[2]
+	umaal	r9, r11, r3, r6
+	# r[2] * h[3]
+	umaal	r9, r10, r2, r4
+	# Replace h[1] with h[4]
+	ldr	r5, [lr, #16]
+	# r[3] * h[3]
+	umaal	r10, r11, r3, r4
+	mov	r12, #0
+	# r[0] * h[4]
+	umaal	r8, r12, r0, r5
+	# r[1] * h[4]
+	umaal	r9, r12, r1, r5
+	# r[2] * h[4]
+	umaal	r10, r12, r2, r5
+	# r[3] * h[4]
+	umaal	r11, r12, r3, r5
+	# DONE
+	ldm	sp, {r4, r5, r6}
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+	# r12 will be zero because r is masked.
+	# Load length
+	ldr	r2, [sp, #20]
+	# Reduce mod 2^130 - 5
+	bic	r3, r8, #0x3
+	and	r8, r8, #3
+	adds	r4, r4, r3
+	lsr	r3, r3, #2
+	adcs	r5, r5, r9
+	orr	r3, r3, r9, LSL #30
+	adcs	r6, r6, r10
+	lsr	r9, r9, #2
+	adcs	r7, r7, r11
+	orr	r9, r9, r10, LSL #30
+	adc	r8, r8, r12
+	lsr	r10, r10, #2
+	adds	r4, r4, r3
+	orr	r10, r10, r11, LSL #30
+	adcs	r5, r5, r9
+	lsr	r11, r11, #2
+	adcs	r6, r6, r10
+	adcs	r7, r7, r11
+	adc	r8, r8, r12
+	# Sub 16 from length.
+	subs	r2, r2, #16
+	# Store length.
+	str	r2, [sp, #20]
+	# Loop again if more message to do.
+	bgt	L_poly1305_arm32_16_loop
+	stm	lr, {r4, r5, r6, r7, r8}
+L_poly1305_arm32_16_done:
+	add	sp, sp, #28
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	poly1305_arm32_blocks_16,.-poly1305_arm32_blocks_16
+	.text
+	.type	L_poly1305_arm32_clamp, %object
+	.size	L_poly1305_arm32_clamp, 16
+	.align	4
+L_poly1305_arm32_clamp:
+	.word	0xfffffff
+	.word	0xffffffc
+	.word	0xffffffc
+	.word	0xffffffc
+	.text
+	.align	4
+	.globl	poly1305_set_key
+	.type	poly1305_set_key, %function
+poly1305_set_key:
+	push	{r4, r5, r6, r7, r8, lr}
+	# Load mask.
+	adr	lr, L_poly1305_arm32_clamp
+	ldm	lr, {r6, r7, r8, r12}
+	# Load and cache padding.
+	ldr	r2, [r1, #16]
+	ldr	r3, [r1, #20]
+	ldr	r4, [r1, #24]
+	ldr	r5, [r1, #28]
+	add	lr, r0, #36
+	stm	lr, {r2, r3, r4, r5}
+	# Load, mask and store r.
+	ldr	r2, [r1]
+	ldr	r3, [r1, #4]
+	ldr	r4, [r1, #8]
+	ldr	r5, [r1, #12]
+	and	r2, r2, r6
+	and	r3, r3, r7
+	and	r4, r4, r8
+	and	r5, r5, r12
+	add	lr, r0, #0
+	stm	lr, {r2, r3, r4, r5}
+	# h (accumulator) = 0
+	eor	r6, r6, r6
+	eor	r7, r7, r7
+	eor	r8, r8, r8
+	eor	r12, r12, r12
+	add	lr, r0, #16
+	eor	r5, r5, r5
+	stm	lr, {r5, r6, r7, r8, r12}
+	# Zero leftover
+	str	r5, [r0, #52]
+	pop	{r4, r5, r6, r7, r8, pc}
+	.size	poly1305_set_key,.-poly1305_set_key
+	.text
+	.align	4
+	.globl	poly1305_final
+	.type	poly1305_final, %function
+poly1305_final:
+	push	{r4, r5, r6, r7, r8, r9, lr}
+	add	r9, r0, #16
+	ldm	r9, {r4, r5, r6, r7, r8}
+	# Add 5 and check for h larger than p.
+	adds	r2, r4, #5
+	adcs	r2, r5, #0
+	adcs	r2, r6, #0
+	adcs	r2, r7, #0
+	adc	r2, r8, #0
+	sub	r2, r2, #4
+	lsr	r2, r2, #31
+	sub	r2, r2, #1
+	and	r2, r2, #5
+	# Add 0/5 to h.
+	adds	r4, r4, r2
+	adcs	r5, r5, #0
+	adcs	r6, r6, #0
+	adc	r7, r7, #0
+	# Add padding
+	add	r9, r0, #36
+	ldm	r9, {r2, r3, r12, lr}
+	adds	r4, r4, r2
+	adcs	r5, r5, r3
+	adcs	r6, r6, r12
+	adc	r7, r7, lr
+	# Store MAC
+	str	r4, [r1]
+	str	r5, [r1, #4]
+	str	r6, [r1, #8]
+	str	r7, [r1, #12]
+	# Zero out h.
+	eor	r4, r4, r4
+	eor	r5, r5, r5
+	eor	r6, r6, r6
+	eor	r7, r7, r7
+	eor	r8, r8, r8
+	add	r9, r0, #16
+	stm	r9, {r4, r5, r6, r7, r8}
+	# Zero out r.
+	add	r9, r0, #0
+	stm	r9, {r4, r5, r6, r7}
+	# Zero out padding.
+	add	r9, r0, #36
+	stm	r9, {r4, r5, r6, r7}
+	pop	{r4, r5, r6, r7, r8, r9, pc}
+	.size	poly1305_final,.-poly1305_final
+#else
+	.text
+	.align	4
+	.globl	poly1305_arm32_blocks_16
+	.type	poly1305_arm32_blocks_16, %function
+poly1305_arm32_blocks_16:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	sub	sp, sp, #28
+	cmp	r2, #0
+	beq	L_poly1305_arm32_16_done
+	add	lr, sp, #12
+	stm	lr, {r0, r1, r2, r3}
+	# Get h pointer
+	add	lr, r0, #16
+	ldm	lr, {r4, r5, r6, r7, r8}
+L_poly1305_arm32_16_loop:
+	# Add m to h
+	ldr	r1, [sp, #16]
+	ldr	r2, [r1]
+	ldr	r3, [r1, #4]
+	ldr	r9, [r1, #8]
+	ldr	r10, [r1, #12]
+	ldr	r11, [sp, #24]
+	adds	r4, r4, r2
+	adcs	r5, r5, r3
+	adcs	r6, r6, r9
+	adcs	r7, r7, r10
+	add	r1, r1, #16
+	adc	r8, r8, r11
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	stm	lr, {r4, r5, r6, r7, r8}
+#else
+	# h[0]-h[2] in r4-r6 for multiplication.
+	str	r7, [lr, #12]
+	str	r8, [lr, #16]
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+	str	r1, [sp, #16]
+	ldr	r1, [sp, #12]
+	# Multiply h by r
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	# r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i]
+	ldr	r3, [r1]
+	eor	r0, r0, r0
+	# r[0] * h[0]
+	# h[0] in r4
+	umull	r4, r5, r3, r4
+	# r[0] * h[2]
+	# h[2] in r6
+	umull	r6, r7, r3, r6
+	# r[0] * h[4]
+	# h[4] in r8
+	mul	r8, r3, r8
+	# r[0] * h[1]
+	ldr	r2, [lr, #4]
+	mov	r12, r0
+	umlal	r5, r12, r3, r2
+	# r[0] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r6, r6, r12
+	adc	r7, r7, r0
+	umlal	r7, r8, r3, r2
+	# r[1] * h[0]
+	ldr	r3, [r1, #4]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r5, r12, r3, r2
+	# r[1] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r6, r6, r12
+	adc	r12, r0, r0
+	umlal	r6, r12, r3, r2
+	# r[1] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r7, r7, r12
+	adc	r12, r0, r0
+	umlal	r7, r12, r3, r2
+	# r[1] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r8, r8, r12
+	adc	r9, r0, r0
+	umlal	r8, r9, r3, r2
+	# r[1] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r9, r3, r2, r9
+	# r[2] * h[0]
+	ldr	r3, [r1, #8]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r6, r12, r3, r2
+	# r[2] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r7, r7, r12
+	adc	r12, r0, r0
+	umlal	r7, r12, r3, r2
+	# r[2] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r8, r8, r12
+	adc	r12, r0, r0
+	umlal	r8, r12, r3, r2
+	# r[2] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r9, r9, r12
+	adc	r10, r0, r0
+	umlal	r9, r10, r3, r2
+	# r[2] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r10, r3, r2, r10
+	# r[3] * h[0]
+	ldr	r3, [r1, #12]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r7, r12, r3, r2
+	# r[3] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r8, r8, r12
+	adc	r12, r0, r0
+	umlal	r8, r12, r3, r2
+	# r[3] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r9, r9, r12
+	adc	r10, r10, r0
+	umlal	r9, r10, r3, r2
+	# r[3] * h[3]
+	ldr	r2, [lr, #12]
+	mov	r11, r0
+	umlal	r10, r11, r3, r2
+	# r[3] * h[4]
+	ldr	r2, [lr, #16]
+	mov	r12, r0
+	mla	r11, r3, r2, r11
+#else
+	ldm	r1, {r0, r1, r2, r3}
+	# r[0] * h[0]
+	umull	r10, r11, r0, r4
+	# r[1] * h[0]
+	umull	r12, r7, r1, r4
+	# r[0] * h[1]
+	umaal	r11, r12, r0, r5
+	# r[2] * h[0]
+	umull	r8, r9, r2, r4
+	# r[1] * h[1]
+	umaal	r12, r8, r1, r5
+	# r[0] * h[2]
+	umaal	r12, r7, r0, r6
+	# r[3] * h[0]
+	umaal	r8, r9, r3, r4
+	stm	sp, {r10, r11, r12}
+	# r[2] * h[1]
+	umaal	r7, r8, r2, r5
+	# Replace h[0] with h[3]
+	ldr	r4, [lr, #12]
+	# r[1] * h[2]
+	umull	r10, r11, r1, r6
+	# r[2] * h[2]
+	umaal	r8, r9, r2, r6
+	# r[0] * h[3]
+	umaal	r7, r10, r0, r4
+	# r[3] * h[1]
+	umaal	r8, r11, r3, r5
+	# r[1] * h[3]
+	umaal	r8, r10, r1, r4
+	# r[3] * h[2]
+	umaal	r9, r11, r3, r6
+	# r[2] * h[3]
+	umaal	r9, r10, r2, r4
+	# Replace h[1] with h[4]
+	ldr	r5, [lr, #16]
+	# r[3] * h[3]
+	umaal	r10, r11, r3, r4
+	mov	r12, #0
+	# r[0] * h[4]
+	umaal	r8, r12, r0, r5
+	# r[1] * h[4]
+	umaal	r9, r12, r1, r5
+	# r[2] * h[4]
+	umaal	r10, r12, r2, r5
+	# r[3] * h[4]
+	umaal	r11, r12, r3, r5
+	# DONE
+	ldm	sp, {r4, r5, r6}
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+	# r12 will be zero because r is masked.
+	# Load length
+	ldr	r2, [sp, #20]
+	# Reduce mod 2^130 - 5
+	bic	r3, r8, #0x3
+	and	r8, r8, #3
+	adds	r4, r4, r3
+	lsr	r3, r3, #2
+	adcs	r5, r5, r9
+	orr	r3, r3, r9, LSL #30
+	adcs	r6, r6, r10
+	lsr	r9, r9, #2
+	adcs	r7, r7, r11
+	orr	r9, r9, r10, LSL #30
+	adc	r8, r8, r12
+	lsr	r10, r10, #2
+	adds	r4, r4, r3
+	orr	r10, r10, r11, LSL #30
+	adcs	r5, r5, r9
+	lsr	r11, r11, #2
+	adcs	r6, r6, r10
+	adcs	r7, r7, r11
+	adc	r8, r8, r12
+	# Sub 16 from length.
+	subs	r2, r2, #16
+	# Store length.
+	str	r2, [sp, #20]
+	# Loop again if more message to do.
+	bgt	L_poly1305_arm32_16_loop
+	stm	lr, {r4, r5, r6, r7, r8}
+L_poly1305_arm32_16_done:
+	add	sp, sp, #28
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	poly1305_arm32_blocks_16,.-poly1305_arm32_blocks_16
+	.text
+	.align	4
+	.globl	poly1305_arm32_blocks
+	.type	poly1305_arm32_blocks, %function
+poly1305_arm32_blocks:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	vpush	{d8-d15}
+	cmp	r2, #16
+	add	r12, r0, #16
+	bgt	L_poly1305_arm32_blocks_begin_neon
+	ldm	r12, {r7, r8, r9, r10, r11}
+	b	L_poly1305_arm32_blocks_start_1
+L_poly1305_arm32_blocks_begin_neon:
+	vmov.i16	q15, #0xffff
+	vshr.u64	q15, q15, #38
+	vld1.64	{d0-d2}, [r12]
+	vshl.u64	d4, d2, #24
+	vsri.u64	d4, d1, #40
+	vshr.u64	d3, d1, #14
+	vshl.u64	d2, d1, #12
+	vsri.u64	d1, d0, #26
+	vsri.u64	d2, d0, #52
+	vand.u64	d0, d0, d31
+	vand.u64	d3, d3, d31
+	vand.u64	d2, d2, d31
+	vand.u64	d1, d1, d31
+	add	r3, r0, #0x7c
+	vldm.32	r3, {d20-d24}
+	cmp	r2, #0x40
+	bge	L_poly1305_arm32_blocks_begin_4
+	vshl.u32	d6, d21, #2
+	vshl.u32	d7, d22, #2
+	vshl.u32	d8, d23, #2
+	vshl.u32	d9, d24, #2
+	vadd.u32	d6, d6, d21
+	vadd.u32	d7, d7, d22
+	vadd.u32	d8, d8, d23
+	vadd.u32	d9, d9, d24
+	b	L_poly1305_arm32_blocks_start_2
+L_poly1305_arm32_blocks_begin_4:
+	add	r3, r0, #0xa4
+	vldm.32	r3, {d26-d30}
+L_poly1305_arm32_blocks_start_4:
+	sub	r2, #0x40
+	vld4.32	{d10-d13}, [r1]!
+	vshl.u32	d6, d27, #2
+	vshl.u32	d7, d28, #2
+	vshl.u32	d8, d29, #2
+	vshl.u32	d9, d30, #2
+	vadd.u32	d6, d6, d27
+	vadd.u32	d7, d7, d28
+	vadd.u32	d8, d8, d29
+	vadd.u32	d9, d9, d30
+	vshr.u32	d14, d13, #8
+	vshl.u32	d13, d13, #18
+	vorr.i32	d14, d14, #0x1000000
+	vsri.u32	d13, d12, #14
+	vshl.u32	d12, d12, #12
+	vand.i32	d13, d13, #0x3ffffff
+	vsri.u32	d12, d11, #20
+	vshl.u32	d11, d11, #6
+	vand.i32	d12, d12, #0x3ffffff
+	vsri.u32	d11, d10, #26
+	vand.i32	d10, d10, #0x3ffffff
+	vand.i32	d11, d11, #0x3ffffff
+	vadd.u32	d4, d4, d14
+	vadd.u32	q1, q1, q6
+	vadd.u32	q0, q0, q5
+	vmull.u32	q5, d0, d26
+	vmull.u32	q6, d0, d27
+	vmull.u32	q7, d0, d28
+	vmull.u32	q8, d0, d29
+	vmull.u32	q9, d0, d30
+	vmlal.u32	q5, d1, d9
+	vmlal.u32	q6, d1, d26
+	vmlal.u32	q7, d1, d27
+	vmlal.u32	q8, d1, d28
+	vmlal.u32	q9, d1, d29
+	vmlal.u32	q5, d2, d8
+	vmlal.u32	q6, d2, d9
+	vmlal.u32	q7, d2, d26
+	vmlal.u32	q8, d2, d27
+	vmlal.u32	q9, d2, d28
+	vmlal.u32	q5, d3, d7
+	vmlal.u32	q6, d3, d8
+	vmlal.u32	q7, d3, d9
+	vmlal.u32	q8, d3, d26
+	vmlal.u32	q9, d3, d27
+	vmlal.u32	q5, d4, d6
+	vmlal.u32	q6, d4, d7
+	vmlal.u32	q7, d4, d8
+	vmlal.u32	q8, d4, d9
+	vmlal.u32	q9, d4, d26
+	vld4.32	{d0-d3}, [r1]!
+	vshl.u32	d6, d21, #2
+	vshl.u32	d7, d22, #2
+	vshl.u32	d8, d23, #2
+	vshl.u32	d9, d24, #2
+	vadd.u32	d6, d6, d21
+	vadd.u32	d7, d7, d22
+	vadd.u32	d8, d8, d23
+	vadd.u32	d9, d9, d24
+	vshr.u32	d4, d3, #8
+	vshl.u32	d3, d3, #18
+	vorr.i32	d4, d4, #0x1000000
+	vsri.u32	d3, d2, #14
+	vshl.u32	d2, d2, #12
+	vand.i32	d3, d3, #0x3ffffff
+	vsri.u32	d2, d1, #20
+	vshl.u32	d1, d1, #6
+	vand.i32	d2, d2, #0x3ffffff
+	vsri.u32	d1, d0, #26
+	vand.i32	d0, d0, #0x3ffffff
+	vand.i32	d1, d1, #0x3ffffff
+	vmlal.u32	q5, d0, d20
+	vmlal.u32	q6, d0, d21
+	vmlal.u32	q7, d0, d22
+	vmlal.u32	q8, d0, d23
+	vmlal.u32	q9, d0, d24
+	vmlal.u32	q5, d1, d9
+	vmlal.u32	q6, d1, d20
+	vmlal.u32	q7, d1, d21
+	vmlal.u32	q8, d1, d22
+	vmlal.u32	q9, d1, d23
+	vmlal.u32	q5, d2, d8
+	vmlal.u32	q6, d2, d9
+	vmlal.u32	q7, d2, d20
+	vmlal.u32	q8, d2, d21
+	vmlal.u32	q9, d2, d22
+	vmlal.u32	q5, d3, d7
+	vmlal.u32	q6, d3, d8
+	vmlal.u32	q7, d3, d9
+	vmlal.u32	q8, d3, d20
+	vmlal.u32	q9, d3, d21
+	vmlal.u32	q5, d4, d6
+	vmlal.u32	q6, d4, d7
+	vmlal.u32	q7, d4, d8
+	vmlal.u32	q8, d4, d9
+	vmlal.u32	q9, d4, d20
+	vadd.u64	d0, d10, d11
+	vadd.u64	d1, d12, d13
+	vadd.u64	d2, d14, d15
+	vadd.u64	d3, d16, d17
+	vadd.u64	d4, d18, d19
+	vsra.u64	d1, d0, #26
+	vand.u64	d0, d0, d31
+	vsra.u64	d2, d1, #26
+	vand.u64	d1, d1, d31
+	vsra.u64	d3, d2, #26
+	vand.u64	d2, d2, d31
+	vsra.u64	d4, d3, #26
+	vand.u64	d3, d3, d31
+	vshr.u64	d15, d4, #26
+	vand.u64	d4, d4, d31
+	vadd.u64	d0, d0, d15
+	vshl.u64	d15, d15, #2
+	vadd.u64	d0, d0, d15
+	vsra.u64	d1, d0, #26
+	vand.u64	d0, d0, d31
+	cmp	r2, #0x40
+	bge	L_poly1305_arm32_blocks_start_4
+	cmp	r2, #32
+	blt	L_poly1305_arm32_blocks_done_neon
+L_poly1305_arm32_blocks_start_2:
+	sub	r2, #32
+	vld4.32	{d10-d13}, [r1]!
+	vshr.u32	d14, d13, #8
+	vshl.u32	d13, d13, #18
+	vorr.i32	d14, d14, #0x1000000
+	vsri.u32	d13, d12, #14
+	vshl.u32	d12, d12, #12
+	vand.i32	d13, d13, #0x3ffffff
+	vsri.u32	d12, d11, #20
+	vshl.u32	d11, d11, #6
+	vand.i32	d12, d12, #0x3ffffff
+	vsri.u32	d11, d10, #26
+	vand.i32	d10, d10, #0x3ffffff
+	vand.i32	d11, d11, #0x3ffffff
+	vadd.u32	d4, d4, d14
+	vadd.u32	q1, q1, q6
+	vadd.u32	q0, q0, q5
+	vmull.u32	q5, d0, d20
+	vmull.u32	q6, d0, d21
+	vmull.u32	q7, d0, d22
+	vmull.u32	q8, d0, d23
+	vmull.u32	q9, d0, d24
+	vmlal.u32	q5, d1, d9
+	vmlal.u32	q6, d1, d20
+	vmlal.u32	q7, d1, d21
+	vmlal.u32	q8, d1, d22
+	vmlal.u32	q9, d1, d23
+	vmlal.u32	q5, d2, d8
+	vmlal.u32	q6, d2, d9
+	vmlal.u32	q7, d2, d20
+	vmlal.u32	q8, d2, d21
+	vmlal.u32	q9, d2, d22
+	vmlal.u32	q5, d3, d7
+	vmlal.u32	q6, d3, d8
+	vmlal.u32	q7, d3, d9
+	vmlal.u32	q8, d3, d20
+	vmlal.u32	q9, d3, d21
+	vmlal.u32	q5, d4, d6
+	vmlal.u32	q6, d4, d7
+	vmlal.u32	q7, d4, d8
+	vmlal.u32	q8, d4, d9
+	vmlal.u32	q9, d4, d20
+	vadd.u64	d0, d10, d11
+	vadd.u64	d1, d12, d13
+	vadd.u64	d2, d14, d15
+	vadd.u64	d3, d16, d17
+	vadd.u64	d4, d18, d19
+	vsra.u64	d1, d0, #26
+	vand.u64	d0, d0, d31
+	vsra.u64	d2, d1, #26
+	vand.u64	d1, d1, d31
+	vsra.u64	d3, d2, #26
+	vand.u64	d2, d2, d31
+	vsra.u64	d4, d3, #26
+	vand.u64	d3, d3, d31
+	vshr.u64	d5, d4, #26
+	vand.u64	d4, d4, d31
+	vadd.u64	d0, d0, d5
+	vshl.u64	d5, d5, #2
+	vadd.u64	d0, d0, d5
+	vsra.u64	d1, d0, #26
+	vand.u64	d0, d0, d31
+L_poly1305_arm32_blocks_done_neon:
+	cmp	r2, #16
+	beq	L_poly1305_arm32_blocks_begin_1
+	add	r12, r0, #16
+	vsli.u64	d0, d1, #26
+	vsli.u64	d0, d2, #52
+	vshr.u64	d1, d2, #12
+	vsli.u64	d1, d3, #14
+	vsli.u64	d1, d4, #40
+	vshr.u64	d2, d4, #24
+	vst1.64	{d0-d2}, [r12]
+	b	L_poly1305_arm32_blocks_done
+L_poly1305_arm32_blocks_begin_1:
+	vsli.u64	d0, d1, #26
+	vsli.u64	d0, d2, #52
+	vshr.u64	d1, d2, #12
+	vsli.u64	d1, d3, #14
+	vsli.u64	d1, d4, #40
+	vshr.u64	d2, d4, #24
+	vmov	r7, r8, d0
+	vmov	r9, r10, d1
+	vmov	r11, d2[0]
+L_poly1305_arm32_blocks_start_1:
+	mov	r12, #1
+	push	{r2}
+	# Load message
+	ldr	r2, [r1]
+	ldr	r3, [r1, #4]
+	ldr	r4, [r1, #8]
+	ldr	r5, [r1, #12]
+	# Add message
+	adds	r7, r7, r2
+	adcs	r8, r8, r3
+	adcs	r9, r9, r4
+	adcs	r10, r10, r5
+	adc	r11, r11, r12
+	push	{r0, r1}
+	add	r1, r0, #0
+	add	lr, r0, #16
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	stm	lr, {r7, r8, r9, r10, r11}
+#else
+	# h[0]-h[2] in r4-r6 for multiplication.
+	str	r10, [lr, #12]
+	str	r11, [lr, #16]
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	# r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i]
+	ldr	r3, [r1]
+	eor	r0, r0, r0
+	# r[0] * h[0]
+	# h[0] in r4
+	umull	r7, r8, r3, r7
+	# r[0] * h[2]
+	# h[2] in r6
+	umull	r9, r10, r3, r9
+	# r[0] * h[4]
+	# h[4] in r8
+	mul	r11, r3, r11
+	# r[0] * h[1]
+	ldr	r2, [lr, #4]
+	mov	r12, r0
+	umlal	r8, r12, r3, r2
+	# r[0] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r9, r9, r12
+	adc	r10, r10, r0
+	umlal	r10, r11, r3, r2
+	# r[1] * h[0]
+	ldr	r3, [r1, #4]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r8, r12, r3, r2
+	# r[1] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r9, r9, r12
+	adc	r12, r0, r0
+	umlal	r9, r12, r3, r2
+	# r[1] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r10, r10, r12
+	adc	r12, r0, r0
+	umlal	r10, r12, r3, r2
+	# r[1] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r11, r11, r12
+	adc	r4, r0, r0
+	umlal	r11, r4, r3, r2
+	# r[1] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r4, r3, r2, r4
+	# r[2] * h[0]
+	ldr	r3, [r1, #8]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r9, r12, r3, r2
+	# r[2] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r10, r10, r12
+	adc	r12, r0, r0
+	umlal	r10, r12, r3, r2
+	# r[2] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r11, r11, r12
+	adc	r12, r0, r0
+	umlal	r11, r12, r3, r2
+	# r[2] * h[3]
+	ldr	r2, [lr, #12]
+	adds	r4, r4, r12
+	adc	r5, r0, r0
+	umlal	r4, r5, r3, r2
+	# r[2] * h[4]
+	ldr	r2, [lr, #16]
+	mla	r5, r3, r2, r5
+	# r[3] * h[0]
+	ldr	r3, [r1, #12]
+	ldr	r2, [lr]
+	mov	r12, r0
+	umlal	r10, r12, r3, r2
+	# r[3] * h[1]
+	ldr	r2, [lr, #4]
+	adds	r11, r11, r12
+	adc	r12, r0, r0
+	umlal	r11, r12, r3, r2
+	# r[3] * h[2]
+	ldr	r2, [lr, #8]
+	adds	r4, r4, r12
+	adc	r5, r5, r0
+	umlal	r4, r5, r3, r2
+	# r[3] * h[3]
+	ldr	r2, [lr, #12]
+	mov	r6, r0
+	umlal	r5, r6, r3, r2
+	# r[3] * h[4]
+	ldr	r2, [lr, #16]
+	mov	r12, r0
+	mla	r6, r3, r2, r6
+#else
+	sub	sp, sp, #12
+	ldm	r1, {r0, r1, r2, r3}
+	# r[0] * h[0]
+	umull	r5, r6, r0, r7
+	# r[1] * h[0]
+	umull	r12, r10, r1, r7
+	# r[0] * h[1]
+	umaal	r6, r12, r0, r8
+	# r[2] * h[0]
+	umull	r11, r4, r2, r7
+	# r[1] * h[1]
+	umaal	r12, r11, r1, r8
+	# r[0] * h[2]
+	umaal	r12, r10, r0, r9
+	# r[3] * h[0]
+	umaal	r11, r4, r3, r7
+	stm	sp, {r5, r6, r12}
+	# r[2] * h[1]
+	umaal	r10, r11, r2, r8
+	# Replace h[0] with h[3]
+	ldr	r7, [lr, #12]
+	# r[1] * h[2]
+	umull	r5, r6, r1, r9
+	# r[2] * h[2]
+	umaal	r11, r4, r2, r9
+	# r[0] * h[3]
+	umaal	r10, r5, r0, r7
+	# r[3] * h[1]
+	umaal	r11, r6, r3, r8
+	# r[1] * h[3]
+	umaal	r11, r5, r1, r7
+	# r[3] * h[2]
+	umaal	r4, r6, r3, r9
+	# r[2] * h[3]
+	umaal	r4, r5, r2, r7
+	# Replace h[1] with h[4]
+	ldr	r8, [lr, #16]
+	# r[3] * h[3]
+	umaal	r5, r6, r3, r7
+	mov	r12, #0
+	# r[0] * h[4]
+	umaal	r11, r12, r0, r8
+	# r[1] * h[4]
+	umaal	r4, r12, r1, r8
+	# r[2] * h[4]
+	umaal	r5, r12, r2, r8
+	# r[3] * h[4]
+	umaal	r6, r12, r3, r8
+	# DONE
+	ldm	sp, {r7, r8, r9}
+	add	sp, sp, #12
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+	# Reduce mod 2^130 - 5
+	bic	r3, r11, #0x3
+	and	r11, r11, #3
+	adds	r7, r7, r3
+	lsr	r3, r3, #2
+	adcs	r8, r8, r4
+	orr	r3, r3, r4, LSL #30
+	adcs	r9, r9, r5
+	lsr	r4, r4, #2
+	adcs	r10, r10, r6
+	orr	r4, r4, r5, LSL #30
+	adc	r11, r11, r12
+	lsr	r5, r5, #2
+	adds	r7, r7, r3
+	orr	r5, r5, r6, LSL #30
+	adcs	r8, r8, r4
+	lsr	r6, r6, #2
+	adcs	r9, r9, r5
+	adcs	r10, r10, r6
+	adc	r11, r11, r12
+	pop	{r0, r1}
+	pop	{r2}
+	add	r12, r0, #16
+	stm	r12, {r7, r8, r9, r10, r11}
+L_poly1305_arm32_blocks_done:
+	vpop	{d8-d15}
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	poly1305_arm32_blocks,.-poly1305_arm32_blocks
+	.text
+	.type	L_poly1305_arm32_clamp, %object
+	.size	L_poly1305_arm32_clamp, 16
+	.align	4
+L_poly1305_arm32_clamp:
+	.word	0xfffffff
+	.word	0xffffffc
+	.word	0xffffffc
+	.word	0xffffffc
+	.text
+	.align	4
+	.globl	poly1305_set_key
+	.type	poly1305_set_key, %function
+poly1305_set_key:
+	push	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	vpush	{d8-d15}
+	# Load mask.
+	adr	lr, L_poly1305_arm32_clamp
+	ldm	lr, {r6, r7, r8, r9}
+	# Load and cache padding.
+	ldr	r2, [r1, #16]
+	ldr	r3, [r1, #20]
+	ldr	r4, [r1, #24]
+	ldr	r5, [r1, #28]
+	add	lr, r0, #40
+	stm	lr, {r2, r3, r4, r5}
+	# Load, mask and store r.
+	ldr	r2, [r1]
+	ldr	r3, [r1, #4]
+	ldr	r4, [r1, #8]
+	ldr	r5, [r1, #12]
+	and	r2, r2, r6
+	and	r3, r3, r7
+	and	r4, r4, r8
+	and	r5, r5, r9
+	add	lr, r0, #0
+	stm	lr, {r2, r3, r4, r5}
+	vmov.i16	q10, #0xffff
+	vshr.u64	q10, q10, #38
+	lsr	r8, r2, #26
+	lsr	r9, r3, #20
+	lsr	r10, r4, #14
+	lsr	r11, r5, #8
+	eor	r8, r8, r3, lsl #6
+	eor	r9, r9, r4, lsl #12
+	eor	r10, r10, r5, lsl #18
+	and	r7, r2, #0x3ffffff
+	and	r8, r8, #0x3ffffff
+	and	r9, r9, #0x3ffffff
+	and	r10, r10, #0x3ffffff
+	vmov.i32	s1, r7
+	vmov.i32	s3, r8
+	vmov.i32	s5, r9
+	vmov.i32	s7, r10
+	vmov.i32	s9, r11
+	push	{r0, r1}
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+	# Square r
+	umull	r1, r6, r2, r3
+	mov	r12, #0
+	umull	r7, r8, r2, r5
+	mov	lr, r12
+	umlal	r6, lr, r2, r4
+	adds	r7, r7, lr
+	adc	lr, r12, r12
+	umlal	r7, lr, r3, r4
+	mov	r9, r12
+	umlal	lr, r9, r3, r5
+	adds	r8, r8, lr
+	adcs	r9, r9, r12
+	adc	r10, r12, r12
+	umlal	r9, r10, r4, r5
+	adds	r1, r1, r1
+	adcs	r6, r6, r6
+	adcs	r7, r7, r7
+	adcs	r8, r8, r8
+	adcs	r9, r9, r9
+	adcs	r10, r10, r10
+	adc	r11, r12, r12
+	umull	r0, lr, r2, r2
+	adds	r1, r1, lr
+	adcs	r6, r6, r12
+	adc	lr, r12, r12
+	umlal	r6, lr, r3, r3
+	adds	r7, r7, lr
+	adcs	r8, r8, r12
+	adc	lr, r12, r12
+	umlal	r8, lr, r4, r4
+	adds	r9, r9, lr
+	adcs	r10, r10, r12
+	adc	r11, r11, r12
+	umlal	r10, r11, r5, r5
+#else
+	umull	r0, r1, r2, r2
+	umull	r6, r7, r2, r3
+	adds	r6, r6, r6
+	mov	r12, #0
+	umaal	r1, r6, r12, r12
+	mov	r8, r12
+	umaal	r8, r7, r2, r4
+	adcs	r8, r8, r8
+	umaal	r6, r8, r3, r3
+	umull	r9, r10, r2, r5
+	umaal	r7, r9, r3, r4
+	adcs	r7, r7, r7
+	umaal	r7, r8, r12, r12
+	umaal	r10, r9, r3, r5
+	adcs	r10, r10, r10
+	umaal	r8, r10, r4, r4
+	mov	r11, r12
+	umaal	r9, r11, r4, r5
+	adcs	r9, r9, r9
+	umaal	r9, r10, r12, r12
+	adcs	r11, r11, r11
+	umaal	r10, r11, r5, r5
+	adc	r11, r11, r12
+#endif /* defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) */
+	# Reduce mod 2^130 - 5
+	bic	r2, r8, #0x3
+	and	r8, r8, #3
+	adds	r0, r0, r2
+	lsr	r2, r2, #2
+	adcs	r1, r1, r9
+	orr	r2, r2, r9, LSL #30
+	adcs	r6, r6, r10
+	lsr	r9, r9, #2
+	adcs	r7, r7, r11
+	orr	r9, r9, r10, LSL #30
+	adc	r8, r8, r12
+	lsr	r10, r10, #2
+	adds	r0, r0, r2
+	orr	r10, r10, r11, LSL #30
+	adcs	r1, r1, r9
+	lsr	r11, r11, #2
+	adcs	r6, r6, r10
+	adcs	r7, r7, r11
+	adc	r8, r8, r12
+	lsr	r3, r0, #26
+	lsr	r4, r1, #20
+	lsr	r5, r6, #14
+	lsr	r10, r7, #8
+	eor	r3, r3, r1, lsl #6
+	eor	r4, r4, r6, lsl #12
+	eor	r5, r5, r7, lsl #18
+	eor	r10, r10, r8, lsl #24
+	and	r2, r0, #0x3ffffff
+	and	r3, r3, #0x3ffffff
+	and	r4, r4, #0x3ffffff
+	and	r5, r5, #0x3ffffff
+	vmov.i32	s0, r2
+	vmov.i32	s2, r3
+	vmov.i32	s4, r4
+	vmov.i32	s6, r5
+	vmov.i32	s8, r10
+	pop	{r0, r1}
+	add	lr, r0, #0x7c
+	vstm.32	lr, {d0-d4}
+	# Multiply r^2, r by r^2
+	vshl.u32	d6, d1, #2
+	vshl.u32	d7, d2, #2
+	vshl.u32	d8, d3, #2
+	vshl.u32	d9, d4, #2
+	vadd.u32	d6, d6, d1
+	vadd.u32	d7, d7, d2
+	vadd.u32	d8, d8, d3
+	vadd.u32	d9, d9, d4
+	vmull.u32	q5, d0, d0[0]
+	vmull.u32	q6, d0, d1[0]
+	vmull.u32	q7, d0, d2[0]
+	vmull.u32	q8, d0, d3[0]
+	vmull.u32	q9, d0, d4[0]
+	vmlal.u32	q5, d1, d9[0]
+	vmlal.u32	q6, d1, d0[0]
+	vmlal.u32	q7, d1, d1[0]
+	vmlal.u32	q8, d1, d2[0]
+	vmlal.u32	q9, d1, d3[0]
+	vmlal.u32	q5, d2, d8[0]
+	vmlal.u32	q6, d2, d9[0]
+	vmlal.u32	q7, d2, d0[0]
+	vmlal.u32	q8, d2, d1[0]
+	vmlal.u32	q9, d2, d2[0]
+	vmlal.u32	q5, d3, d7[0]
+	vmlal.u32	q6, d3, d8[0]
+	vmlal.u32	q7, d3, d9[0]
+	vmlal.u32	q8, d3, d0[0]
+	vmlal.u32	q9, d3, d1[0]
+	vmlal.u32	q5, d4, d6[0]
+	vmlal.u32	q6, d4, d7[0]
+	vmlal.u32	q7, d4, d8[0]
+	vmlal.u32	q8, d4, d9[0]
+	vmlal.u32	q9, d4, d0[0]
+	vsra.u64	q6, q5, #26
+	vand.u64	q5, q5, q10
+	vsra.u64	q7, q6, #26
+	vand.u64	q6, q6, q10
+	vsra.u64	q8, q7, #26
+	vand.u64	q7, q7, q10
+	vsra.u64	q9, q8, #26
+	vand.u64	q8, q8, q10
+	vshr.u64	q3, q9, #26
+	vand.u64	q9, q9, q10
+	vadd.u64	q5, q5, q3
+	vshl.u64	q3, q3, #2
+	vadd.u64	q5, q5, q3
+	vsra.u64	q6, q5, #26
+	vand.u64	q5, q5, q10
+	vmovn.i64	d10, q5
+	vmovn.i64	d11, q6
+	vmovn.i64	d12, q7
+	vmovn.i64	d13, q8
+	vmovn.i64	d14, q9
+	add	lr, r0, #0xa4
+	vstm.32	lr, {d10-d14}
+	# h (accumulator) = 0
+	eor	r6, r6, r6
+	eor	r7, r7, r7
+	eor	r8, r8, r8
+	eor	r9, r9, r9
+	add	lr, r0, #16
+	eor	r4, r4, r4
+	eor	r5, r5, r5
+	stm	lr, {r4, r5, r6, r7, r8, r9}
+	# Zero leftover
+	str	r5, [r0, #56]
+	vpop	{d8-d15}
+	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	.size	poly1305_set_key,.-poly1305_set_key
+	.text
+	.align	4
+	.globl	poly1305_final
+	.type	poly1305_final, %function
+poly1305_final:
+	push	{r4, r5, r6, r7, r8, r9, lr}
+	add	r9, r0, #16
+	ldm	r9, {r4, r5, r6, r7, r8}
+	# Add 5 and check for h larger than p.
+	adds	r2, r4, #5
+	adcs	r2, r5, #0
+	adcs	r2, r6, #0
+	adcs	r2, r7, #0
+	adc	r2, r8, #0
+	sub	r2, r2, #4
+	lsr	r2, r2, #31
+	sub	r2, r2, #1
+	and	r2, r2, #5
+	# Add 0/5 to h.
+	adds	r4, r4, r2
+	adcs	r5, r5, #0
+	adcs	r6, r6, #0
+	adc	r7, r7, #0
+	# Add padding
+	add	r9, r0, #40
+	ldm	r9, {r2, r3, r12, lr}
+	adds	r4, r4, r2
+	adcs	r5, r5, r3
+	adcs	r6, r6, r12
+	adc	r7, r7, lr
+	# Store MAC
+	str	r4, [r1]
+	str	r5, [r1, #4]
+	str	r6, [r1, #8]
+	str	r7, [r1, #12]
+	# Zero out h.
+	eor	r4, r4, r4
+	eor	r5, r5, r5
+	eor	r6, r6, r6
+	eor	r7, r7, r7
+	eor	r8, r8, r8
+	add	r9, r0, #16
+	stm	r9, {r4, r5, r6, r7, r8}
+	# Zero out r.
+	add	r9, r0, #0
+	stm	r9, {r4, r5, r6, r7}
+	# Zero out padding.
+	add	r9, r0, #40
+	stm	r9, {r4, r5, r6, r7}
+	pop	{r4, r5, r6, r7, r8, r9, pc}
+	.size	poly1305_final,.-poly1305_final
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#endif /* HAVE_POLY1305 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c
new file mode 100644
index 000000000..7b27f1a80
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c
@@ -0,0 +1,1454 @@
+/* armv8-32-poly1305-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./poly1305/poly1305.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.c
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
+#include <stdint.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef __ghs__
+#define __asm__        __asm
+#define __volatile__
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __ghs__ */
+#ifdef HAVE_POLY1305
+#include <wolfssl/wolfcrypt/poly1305.h>
+
+#ifdef WOLFSSL_ARMASM_NO_NEON
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_arm32_blocks_16(Poly1305* ctx_p, const byte* m_p, word32 len_p,
+    int notLast_p)
+#else
+void poly1305_arm32_blocks_16(Poly1305* ctx, const byte* m, word32 len,
+    int notLast)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register const byte* m asm ("r1") = (const byte*)m_p;
+    register word32 len asm ("r2") = (word32)len_p;
+    register int notLast asm ("r3") = (int)notLast_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #28\n\t"
+        "cmp	%[len], #0\n\t"
+        "beq	L_poly1305_arm32_16_done_%=\n\t"
+        "add	lr, sp, #12\n\t"
+        "stm	lr, {r0, r1, r2, r3}\n\t"
+        /* Get h pointer */
+        "add	lr, %[ctx], #16\n\t"
+        "ldm	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+    "L_poly1305_arm32_16_loop_%=: \n\t"
+        /* Add m to h */
+        "ldr	%[m], [sp, #16]\n\t"
+        "ldr	%[len], [%[m]]\n\t"
+        "ldr	%[notLast], [%[m], #4]\n\t"
+        "ldr	r9, [%[m], #8]\n\t"
+        "ldr	r10, [%[m], #12]\n\t"
+        "ldr	r11, [sp, #24]\n\t"
+        "adds	r4, r4, %[len]\n\t"
+        "adcs	r5, r5, %[notLast]\n\t"
+        "adcs	r6, r6, r9\n\t"
+        "adcs	r7, r7, r10\n\t"
+        "add	%[m], %[m], #16\n\t"
+        "adc	r8, r8, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        "stm	lr, {r4, r5, r6, r7, r8}\n\t"
+#else
+        /* h[0]-h[2] in r4-r6 for multiplication. */
+        "str	r7, [lr, #12]\n\t"
+        "str	r8, [lr, #16]\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+        "str	%[m], [sp, #16]\n\t"
+        "ldr	%[m], [sp, #12]\n\t"
+        /* Multiply h by r */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+        "ldr	%[notLast], [%[m]]\n\t"
+        "eor	%[ctx], %[ctx], %[ctx]\n\t"
+        /* r[0] * h[0] */
+        /* h[0] in r4 */
+        "umull	r4, r5, %[notLast], r4\n\t"
+        /* r[0] * h[2] */
+        /* h[2] in r6 */
+        "umull	r6, r7, %[notLast], r6\n\t"
+        /* r[0] * h[4] */
+        /* h[4] in r8 */
+        "mul	r8, %[notLast], r8\n\t"
+        /* r[0] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r5, r12, %[notLast], %[len]\n\t"
+        /* r[0] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r6, r6, r12\n\t"
+        "adc	r7, r7, %[ctx]\n\t"
+        "umlal	r7, r8, %[notLast], %[len]\n\t"
+        /* r[1] * h[0] */
+        "ldr	%[notLast], [%[m], #4]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r5, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r6, r6, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r6, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r7, r7, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r9, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r9, %[notLast], %[len]\n\t"
+        /* r[1] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mla	r9, %[notLast], %[len], r9\n\t"
+        /* r[2] * h[0] */
+        "ldr	%[notLast], [%[m], #8]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r6, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r7, r7, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r10, %[ctx], %[ctx]\n\t"
+        "umlal	r9, r10, %[notLast], %[len]\n\t"
+        /* r[2] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mla	r10, %[notLast], %[len], r10\n\t"
+        /* r[3] * h[0] */
+        "ldr	%[notLast], [%[m], #12]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r10, r10, %[ctx]\n\t"
+        "umlal	r9, r10, %[notLast], %[len]\n\t"
+        /* r[3] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "mov	r11, %[ctx]\n\t"
+        "umlal	r10, r11, %[notLast], %[len]\n\t"
+        /* r[3] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "mla	r11, %[notLast], %[len], r11\n\t"
+#else
+        "ldm	%[m], {r0, r1, r2, r3}\n\t"
+        /* r[0] * h[0] */
+        "umull	r10, r11, %[ctx], r4\n\t"
+        /* r[1] * h[0] */
+        "umull	r12, r7, %[m], r4\n\t"
+        /* r[0] * h[1] */
+        "umaal	r11, r12, %[ctx], r5\n\t"
+        /* r[2] * h[0] */
+        "umull	r8, r9, %[len], r4\n\t"
+        /* r[1] * h[1] */
+        "umaal	r12, r8, %[m], r5\n\t"
+        /* r[0] * h[2] */
+        "umaal	r12, r7, %[ctx], r6\n\t"
+        /* r[3] * h[0] */
+        "umaal	r8, r9, %[notLast], r4\n\t"
+        "stm	sp, {r10, r11, r12}\n\t"
+        /* r[2] * h[1] */
+        "umaal	r7, r8, %[len], r5\n\t"
+        /* Replace h[0] with h[3] */
+        "ldr	r4, [lr, #12]\n\t"
+        /* r[1] * h[2] */
+        "umull	r10, r11, %[m], r6\n\t"
+        /* r[2] * h[2] */
+        "umaal	r8, r9, %[len], r6\n\t"
+        /* r[0] * h[3] */
+        "umaal	r7, r10, %[ctx], r4\n\t"
+        /* r[3] * h[1] */
+        "umaal	r8, r11, %[notLast], r5\n\t"
+        /* r[1] * h[3] */
+        "umaal	r8, r10, %[m], r4\n\t"
+        /* r[3] * h[2] */
+        "umaal	r9, r11, %[notLast], r6\n\t"
+        /* r[2] * h[3] */
+        "umaal	r9, r10, %[len], r4\n\t"
+        /* Replace h[1] with h[4] */
+        "ldr	r5, [lr, #16]\n\t"
+        /* r[3] * h[3] */
+        "umaal	r10, r11, %[notLast], r4\n\t"
+        "mov	r12, #0\n\t"
+        /* r[0] * h[4] */
+        "umaal	r8, r12, %[ctx], r5\n\t"
+        /* r[1] * h[4] */
+        "umaal	r9, r12, %[m], r5\n\t"
+        /* r[2] * h[4] */
+        "umaal	r10, r12, %[len], r5\n\t"
+        /* r[3] * h[4] */
+        "umaal	r11, r12, %[notLast], r5\n\t"
+        /* DONE */
+        "ldm	sp, {r4, r5, r6}\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+        /* r12 will be zero because r is masked. */
+        /* Load length */
+        "ldr	%[len], [sp, #20]\n\t"
+        /* Reduce mod 2^130 - 5 */
+        "bic	%[notLast], r8, #0x3\n\t"
+        "and	r8, r8, #3\n\t"
+        "adds	r4, r4, %[notLast]\n\t"
+        "lsr	%[notLast], %[notLast], #2\n\t"
+        "adcs	r5, r5, r9\n\t"
+        "orr	%[notLast], %[notLast], r9, LSL #30\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "lsr	r9, r9, #2\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "orr	r9, r9, r10, LSL #30\n\t"
+        "adc	r8, r8, r12\n\t"
+        "lsr	r10, r10, #2\n\t"
+        "adds	r4, r4, %[notLast]\n\t"
+        "orr	r10, r10, r11, LSL #30\n\t"
+        "adcs	r5, r5, r9\n\t"
+        "lsr	r11, r11, #2\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "adc	r8, r8, r12\n\t"
+        /* Sub 16 from length. */
+        "subs	%[len], %[len], #16\n\t"
+        /* Store length. */
+        "str	%[len], [sp, #20]\n\t"
+        /* Loop again if more message to do. */
+        "bgt	L_poly1305_arm32_16_loop_%=\n\t"
+        "stm	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+    "L_poly1305_arm32_16_done_%=: \n\t"
+        "add	sp, sp, #28\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len),
+          [notLast] "+r" (notLast)
+        :
+#else
+        :
+        : [ctx] "r" (ctx), [m] "r" (m), [len] "r" (len),
+          [notLast] "r" (notLast)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+static const word32 L_poly1305_arm32_clamp[] = {
+    0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_set_key(Poly1305* ctx_p, const byte* key_p)
+#else
+void poly1305_set_key(Poly1305* ctx, const byte* key)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register const byte* key asm ("r1") = (const byte*)key_p;
+    register word32* L_poly1305_arm32_clamp_c asm ("r2") =
+        (word32*)&L_poly1305_arm32_clamp;
+#else
+    register word32* L_poly1305_arm32_clamp_c =
+        (word32*)&L_poly1305_arm32_clamp;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        /* Load mask. */
+        "mov	lr, %[L_poly1305_arm32_clamp]\n\t"
+        "ldm	lr, {r6, r7, r8, r12}\n\t"
+        /* Load and cache padding. */
+        "ldr	r2, [%[key], #16]\n\t"
+        "ldr	r3, [%[key], #20]\n\t"
+        "ldr	r4, [%[key], #24]\n\t"
+        "ldr	r5, [%[key], #28]\n\t"
+        "add	lr, %[ctx], #36\n\t"
+        "stm	lr, {r2, r3, r4, r5}\n\t"
+        /* Load, mask and store r. */
+        "ldr	r2, [%[key]]\n\t"
+        "ldr	r3, [%[key], #4]\n\t"
+        "ldr	r4, [%[key], #8]\n\t"
+        "ldr	r5, [%[key], #12]\n\t"
+        "and	r2, r2, r6\n\t"
+        "and	r3, r3, r7\n\t"
+        "and	r4, r4, r8\n\t"
+        "and	r5, r5, r12\n\t"
+        "add	lr, %[ctx], #0\n\t"
+        "stm	lr, {r2, r3, r4, r5}\n\t"
+        /* h (accumulator) = 0 */
+        "eor	r6, r6, r6\n\t"
+        "eor	r7, r7, r7\n\t"
+        "eor	r8, r8, r8\n\t"
+        "eor	r12, r12, r12\n\t"
+        "add	lr, %[ctx], #16\n\t"
+        "eor	r5, r5, r5\n\t"
+        "stm	lr, {r5, r6, r7, r8, r12}\n\t"
+        /* Zero leftover */
+        "str	r5, [%[ctx], #52]\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [ctx] "+r" (ctx), [key] "+r" (key),
+          [L_poly1305_arm32_clamp] "+r" (L_poly1305_arm32_clamp_c)
+        :
+#else
+        :
+        : [ctx] "r" (ctx), [key] "r" (key),
+          [L_poly1305_arm32_clamp] "r" (L_poly1305_arm32_clamp_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_final(Poly1305* ctx_p, byte* mac_p)
+#else
+void poly1305_final(Poly1305* ctx, byte* mac)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register byte* mac asm ("r1") = (byte*)mac_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "add	r9, %[ctx], #16\n\t"
+        "ldm	r9, {r4, r5, r6, r7, r8}\n\t"
+        /* Add 5 and check for h larger than p. */
+        "adds	r2, r4, #5\n\t"
+        "adcs	r2, r5, #0\n\t"
+        "adcs	r2, r6, #0\n\t"
+        "adcs	r2, r7, #0\n\t"
+        "adc	r2, r8, #0\n\t"
+        "sub	r2, r2, #4\n\t"
+        "lsr	r2, r2, #31\n\t"
+        "sub	r2, r2, #1\n\t"
+        "and	r2, r2, #5\n\t"
+        /* Add 0/5 to h. */
+        "adds	r4, r4, r2\n\t"
+        "adcs	r5, r5, #0\n\t"
+        "adcs	r6, r6, #0\n\t"
+        "adc	r7, r7, #0\n\t"
+        /* Add padding */
+        "add	r9, %[ctx], #36\n\t"
+        "ldm	r9, {r2, r3, r12, lr}\n\t"
+        "adds	r4, r4, r2\n\t"
+        "adcs	r5, r5, r3\n\t"
+        "adcs	r6, r6, r12\n\t"
+        "adc	r7, r7, lr\n\t"
+        /* Store MAC */
+        "str	r4, [%[mac]]\n\t"
+        "str	r5, [%[mac], #4]\n\t"
+        "str	r6, [%[mac], #8]\n\t"
+        "str	r7, [%[mac], #12]\n\t"
+        /* Zero out h. */
+        "eor	r4, r4, r4\n\t"
+        "eor	r5, r5, r5\n\t"
+        "eor	r6, r6, r6\n\t"
+        "eor	r7, r7, r7\n\t"
+        "eor	r8, r8, r8\n\t"
+        "add	r9, %[ctx], #16\n\t"
+        "stm	r9, {r4, r5, r6, r7, r8}\n\t"
+        /* Zero out r. */
+        "add	r9, %[ctx], #0\n\t"
+        "stm	r9, {r4, r5, r6, r7}\n\t"
+        /* Zero out padding. */
+        "add	r9, %[ctx], #36\n\t"
+        "stm	r9, {r4, r5, r6, r7}\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [ctx] "+r" (ctx), [mac] "+r" (mac)
+        :
+#else
+        :
+        : [ctx] "r" (ctx), [mac] "r" (mac)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9"
+    );
+}
+
+#else
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_arm32_blocks_16(Poly1305* ctx_p, const byte* m_p, word32 len_p,
+    int notLast_p)
+#else
+void poly1305_arm32_blocks_16(Poly1305* ctx, const byte* m, word32 len,
+    int notLast)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register const byte* m asm ("r1") = (const byte*)m_p;
+    register word32 len asm ("r2") = (word32)len_p;
+    register int notLast asm ("r3") = (int)notLast_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "sub	sp, sp, #28\n\t"
+        "cmp	%[len], #0\n\t"
+        "beq	L_poly1305_arm32_16_done_%=\n\t"
+        "add	lr, sp, #12\n\t"
+        "stm	lr, {r0, r1, r2, r3}\n\t"
+        /* Get h pointer */
+        "add	lr, %[ctx], #16\n\t"
+        "ldm	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+    "L_poly1305_arm32_16_loop_%=: \n\t"
+        /* Add m to h */
+        "ldr	%[m], [sp, #16]\n\t"
+        "ldr	%[len], [%[m]]\n\t"
+        "ldr	%[notLast], [%[m], #4]\n\t"
+        "ldr	r9, [%[m], #8]\n\t"
+        "ldr	r10, [%[m], #12]\n\t"
+        "ldr	r11, [sp, #24]\n\t"
+        "adds	r4, r4, %[len]\n\t"
+        "adcs	r5, r5, %[notLast]\n\t"
+        "adcs	r6, r6, r9\n\t"
+        "adcs	r7, r7, r10\n\t"
+        "add	%[m], %[m], #16\n\t"
+        "adc	r8, r8, r11\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        "stm	lr, {r4, r5, r6, r7, r8}\n\t"
+#else
+        /* h[0]-h[2] in r4-r6 for multiplication. */
+        "str	r7, [lr, #12]\n\t"
+        "str	r8, [lr, #16]\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+        "str	%[m], [sp, #16]\n\t"
+        "ldr	%[m], [sp, #12]\n\t"
+        /* Multiply h by r */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+        "ldr	%[notLast], [%[m]]\n\t"
+        "eor	%[ctx], %[ctx], %[ctx]\n\t"
+        /* r[0] * h[0] */
+        /* h[0] in r4 */
+        "umull	r4, r5, %[notLast], r4\n\t"
+        /* r[0] * h[2] */
+        /* h[2] in r6 */
+        "umull	r6, r7, %[notLast], r6\n\t"
+        /* r[0] * h[4] */
+        /* h[4] in r8 */
+        "mul	r8, %[notLast], r8\n\t"
+        /* r[0] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r5, r12, %[notLast], %[len]\n\t"
+        /* r[0] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r6, r6, r12\n\t"
+        "adc	r7, r7, %[ctx]\n\t"
+        "umlal	r7, r8, %[notLast], %[len]\n\t"
+        /* r[1] * h[0] */
+        "ldr	%[notLast], [%[m], #4]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r5, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r6, r6, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r6, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r7, r7, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r9, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r9, %[notLast], %[len]\n\t"
+        /* r[1] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mla	r9, %[notLast], %[len], r9\n\t"
+        /* r[2] * h[0] */
+        "ldr	%[notLast], [%[m], #8]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r6, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r7, r7, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r10, %[ctx], %[ctx]\n\t"
+        "umlal	r9, r10, %[notLast], %[len]\n\t"
+        /* r[2] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mla	r10, %[notLast], %[len], r10\n\t"
+        /* r[3] * h[0] */
+        "ldr	%[notLast], [%[m], #12]\n\t"
+        "ldr	%[len], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r7, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[1] */
+        "ldr	%[len], [lr, #4]\n\t"
+        "adds	r8, r8, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r8, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[2] */
+        "ldr	%[len], [lr, #8]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r10, r10, %[ctx]\n\t"
+        "umlal	r9, r10, %[notLast], %[len]\n\t"
+        /* r[3] * h[3] */
+        "ldr	%[len], [lr, #12]\n\t"
+        "mov	r11, %[ctx]\n\t"
+        "umlal	r10, r11, %[notLast], %[len]\n\t"
+        /* r[3] * h[4] */
+        "ldr	%[len], [lr, #16]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "mla	r11, %[notLast], %[len], r11\n\t"
+#else
+        "ldm	%[m], {r0, r1, r2, r3}\n\t"
+        /* r[0] * h[0] */
+        "umull	r10, r11, %[ctx], r4\n\t"
+        /* r[1] * h[0] */
+        "umull	r12, r7, %[m], r4\n\t"
+        /* r[0] * h[1] */
+        "umaal	r11, r12, %[ctx], r5\n\t"
+        /* r[2] * h[0] */
+        "umull	r8, r9, %[len], r4\n\t"
+        /* r[1] * h[1] */
+        "umaal	r12, r8, %[m], r5\n\t"
+        /* r[0] * h[2] */
+        "umaal	r12, r7, %[ctx], r6\n\t"
+        /* r[3] * h[0] */
+        "umaal	r8, r9, %[notLast], r4\n\t"
+        "stm	sp, {r10, r11, r12}\n\t"
+        /* r[2] * h[1] */
+        "umaal	r7, r8, %[len], r5\n\t"
+        /* Replace h[0] with h[3] */
+        "ldr	r4, [lr, #12]\n\t"
+        /* r[1] * h[2] */
+        "umull	r10, r11, %[m], r6\n\t"
+        /* r[2] * h[2] */
+        "umaal	r8, r9, %[len], r6\n\t"
+        /* r[0] * h[3] */
+        "umaal	r7, r10, %[ctx], r4\n\t"
+        /* r[3] * h[1] */
+        "umaal	r8, r11, %[notLast], r5\n\t"
+        /* r[1] * h[3] */
+        "umaal	r8, r10, %[m], r4\n\t"
+        /* r[3] * h[2] */
+        "umaal	r9, r11, %[notLast], r6\n\t"
+        /* r[2] * h[3] */
+        "umaal	r9, r10, %[len], r4\n\t"
+        /* Replace h[1] with h[4] */
+        "ldr	r5, [lr, #16]\n\t"
+        /* r[3] * h[3] */
+        "umaal	r10, r11, %[notLast], r4\n\t"
+        "mov	r12, #0\n\t"
+        /* r[0] * h[4] */
+        "umaal	r8, r12, %[ctx], r5\n\t"
+        /* r[1] * h[4] */
+        "umaal	r9, r12, %[m], r5\n\t"
+        /* r[2] * h[4] */
+        "umaal	r10, r12, %[len], r5\n\t"
+        /* r[3] * h[4] */
+        "umaal	r11, r12, %[notLast], r5\n\t"
+        /* DONE */
+        "ldm	sp, {r4, r5, r6}\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+        /* r12 will be zero because r is masked. */
+        /* Load length */
+        "ldr	%[len], [sp, #20]\n\t"
+        /* Reduce mod 2^130 - 5 */
+        "bic	%[notLast], r8, #0x3\n\t"
+        "and	r8, r8, #3\n\t"
+        "adds	r4, r4, %[notLast]\n\t"
+        "lsr	%[notLast], %[notLast], #2\n\t"
+        "adcs	r5, r5, r9\n\t"
+        "orr	%[notLast], %[notLast], r9, LSL #30\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "lsr	r9, r9, #2\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "orr	r9, r9, r10, LSL #30\n\t"
+        "adc	r8, r8, r12\n\t"
+        "lsr	r10, r10, #2\n\t"
+        "adds	r4, r4, %[notLast]\n\t"
+        "orr	r10, r10, r11, LSL #30\n\t"
+        "adcs	r5, r5, r9\n\t"
+        "lsr	r11, r11, #2\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "adc	r8, r8, r12\n\t"
+        /* Sub 16 from length. */
+        "subs	%[len], %[len], #16\n\t"
+        /* Store length. */
+        "str	%[len], [sp, #20]\n\t"
+        /* Loop again if more message to do. */
+        "bgt	L_poly1305_arm32_16_loop_%=\n\t"
+        "stm	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+    "L_poly1305_arm32_16_done_%=: \n\t"
+        "add	sp, sp, #28\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len),
+          [notLast] "+r" (notLast)
+        :
+#else
+        :
+        : [ctx] "r" (ctx), [m] "r" (m), [len] "r" (len),
+          [notLast] "r" (notLast)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_arm32_blocks(Poly1305* ctx_p, const unsigned char* m_p,
+    size_t bytes_p)
+#else
+void poly1305_arm32_blocks(Poly1305* ctx, const unsigned char* m, size_t bytes)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register const unsigned char* m asm ("r1") = (const unsigned char*)m_p;
+    register size_t bytes asm ("r2") = (size_t)bytes_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "cmp	%[bytes], #16\n\t"
+        "add	r12, %[ctx], #16\n\t"
+        "bgt	L_poly1305_arm32_blocks_begin_neon_%=\n\t"
+        "ldm	r12, {r7, r8, r9, r10, r11}\n\t"
+        "b	L_poly1305_arm32_blocks_start_1_%=\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_begin_neon_%=: \n\t"
+        "vmov.i16	q15, #0xffff\n\t"
+        "vshr.u64	q15, q15, #38\n\t"
+        "vld1.64	{d0-d2}, [r12]\n\t"
+        "vshl.u64	d4, d2, #24\n\t"
+        "vsri.u64	d4, d1, #40\n\t"
+        "vshr.u64	d3, d1, #14\n\t"
+        "vshl.u64	d2, d1, #12\n\t"
+        "vsri.u64	d1, d0, #26\n\t"
+        "vsri.u64	d2, d0, #52\n\t"
+        "vand.u64	d0, d0, d31\n\t"
+        "vand.u64	d3, d3, d31\n\t"
+        "vand.u64	d2, d2, d31\n\t"
+        "vand.u64	d1, d1, d31\n\t"
+        "add	r3, %[ctx], #0x7c\n\t"
+        "vldm.32	r3, {d20-d24}\n\t"
+        "cmp	%[bytes], #0x40\n\t"
+        "bge	L_poly1305_arm32_blocks_begin_4_%=\n\t"
+        "vshl.u32	d6, d21, #2\n\t"
+        "vshl.u32	d7, d22, #2\n\t"
+        "vshl.u32	d8, d23, #2\n\t"
+        "vshl.u32	d9, d24, #2\n\t"
+        "vadd.u32	d6, d6, d21\n\t"
+        "vadd.u32	d7, d7, d22\n\t"
+        "vadd.u32	d8, d8, d23\n\t"
+        "vadd.u32	d9, d9, d24\n\t"
+        "b	L_poly1305_arm32_blocks_start_2_%=\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_begin_4_%=: \n\t"
+        "add	r3, %[ctx], #0xa4\n\t"
+        "vldm.32	r3, {d26-d30}\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_start_4_%=: \n\t"
+        "sub	%[bytes], #0x40\n\t"
+        "vld4.32	{d10-d13}, [%[m]]!\n\t"
+        "vshl.u32	d6, d27, #2\n\t"
+        "vshl.u32	d7, d28, #2\n\t"
+        "vshl.u32	d8, d29, #2\n\t"
+        "vshl.u32	d9, d30, #2\n\t"
+        "vadd.u32	d6, d6, d27\n\t"
+        "vadd.u32	d7, d7, d28\n\t"
+        "vadd.u32	d8, d8, d29\n\t"
+        "vadd.u32	d9, d9, d30\n\t"
+        "vshr.u32	d14, d13, #8\n\t"
+        "vshl.u32	d13, d13, #18\n\t"
+        "vorr.i32	d14, d14, #0x1000000\n\t"
+        "vsri.u32	d13, d12, #14\n\t"
+        "vshl.u32	d12, d12, #12\n\t"
+        "vand.i32	d13, d13, #0x3ffffff\n\t"
+        "vsri.u32	d12, d11, #20\n\t"
+        "vshl.u32	d11, d11, #6\n\t"
+        "vand.i32	d12, d12, #0x3ffffff\n\t"
+        "vsri.u32	d11, d10, #26\n\t"
+        "vand.i32	d10, d10, #0x3ffffff\n\t"
+        "vand.i32	d11, d11, #0x3ffffff\n\t"
+        "vadd.u32	d4, d4, d14\n\t"
+        "vadd.u32	q1, q1, q6\n\t"
+        "vadd.u32	q0, q0, q5\n\t"
+        "vmull.u32	q5, d0, d26\n\t"
+        "vmull.u32	q6, d0, d27\n\t"
+        "vmull.u32	q7, d0, d28\n\t"
+        "vmull.u32	q8, d0, d29\n\t"
+        "vmull.u32	q9, d0, d30\n\t"
+        "vmlal.u32	q5, d1, d9\n\t"
+        "vmlal.u32	q6, d1, d26\n\t"
+        "vmlal.u32	q7, d1, d27\n\t"
+        "vmlal.u32	q8, d1, d28\n\t"
+        "vmlal.u32	q9, d1, d29\n\t"
+        "vmlal.u32	q5, d2, d8\n\t"
+        "vmlal.u32	q6, d2, d9\n\t"
+        "vmlal.u32	q7, d2, d26\n\t"
+        "vmlal.u32	q8, d2, d27\n\t"
+        "vmlal.u32	q9, d2, d28\n\t"
+        "vmlal.u32	q5, d3, d7\n\t"
+        "vmlal.u32	q6, d3, d8\n\t"
+        "vmlal.u32	q7, d3, d9\n\t"
+        "vmlal.u32	q8, d3, d26\n\t"
+        "vmlal.u32	q9, d3, d27\n\t"
+        "vmlal.u32	q5, d4, d6\n\t"
+        "vmlal.u32	q6, d4, d7\n\t"
+        "vmlal.u32	q7, d4, d8\n\t"
+        "vmlal.u32	q8, d4, d9\n\t"
+        "vmlal.u32	q9, d4, d26\n\t"
+        "vld4.32	{d0-d3}, [%[m]]!\n\t"
+        "vshl.u32	d6, d21, #2\n\t"
+        "vshl.u32	d7, d22, #2\n\t"
+        "vshl.u32	d8, d23, #2\n\t"
+        "vshl.u32	d9, d24, #2\n\t"
+        "vadd.u32	d6, d6, d21\n\t"
+        "vadd.u32	d7, d7, d22\n\t"
+        "vadd.u32	d8, d8, d23\n\t"
+        "vadd.u32	d9, d9, d24\n\t"
+        "vshr.u32	d4, d3, #8\n\t"
+        "vshl.u32	d3, d3, #18\n\t"
+        "vorr.i32	d4, d4, #0x1000000\n\t"
+        "vsri.u32	d3, d2, #14\n\t"
+        "vshl.u32	d2, d2, #12\n\t"
+        "vand.i32	d3, d3, #0x3ffffff\n\t"
+        "vsri.u32	d2, d1, #20\n\t"
+        "vshl.u32	d1, d1, #6\n\t"
+        "vand.i32	d2, d2, #0x3ffffff\n\t"
+        "vsri.u32	d1, d0, #26\n\t"
+        "vand.i32	d0, d0, #0x3ffffff\n\t"
+        "vand.i32	d1, d1, #0x3ffffff\n\t"
+        "vmlal.u32	q5, d0, d20\n\t"
+        "vmlal.u32	q6, d0, d21\n\t"
+        "vmlal.u32	q7, d0, d22\n\t"
+        "vmlal.u32	q8, d0, d23\n\t"
+        "vmlal.u32	q9, d0, d24\n\t"
+        "vmlal.u32	q5, d1, d9\n\t"
+        "vmlal.u32	q6, d1, d20\n\t"
+        "vmlal.u32	q7, d1, d21\n\t"
+        "vmlal.u32	q8, d1, d22\n\t"
+        "vmlal.u32	q9, d1, d23\n\t"
+        "vmlal.u32	q5, d2, d8\n\t"
+        "vmlal.u32	q6, d2, d9\n\t"
+        "vmlal.u32	q7, d2, d20\n\t"
+        "vmlal.u32	q8, d2, d21\n\t"
+        "vmlal.u32	q9, d2, d22\n\t"
+        "vmlal.u32	q5, d3, d7\n\t"
+        "vmlal.u32	q6, d3, d8\n\t"
+        "vmlal.u32	q7, d3, d9\n\t"
+        "vmlal.u32	q8, d3, d20\n\t"
+        "vmlal.u32	q9, d3, d21\n\t"
+        "vmlal.u32	q5, d4, d6\n\t"
+        "vmlal.u32	q6, d4, d7\n\t"
+        "vmlal.u32	q7, d4, d8\n\t"
+        "vmlal.u32	q8, d4, d9\n\t"
+        "vmlal.u32	q9, d4, d20\n\t"
+        "vadd.u64	d0, d10, d11\n\t"
+        "vadd.u64	d1, d12, d13\n\t"
+        "vadd.u64	d2, d14, d15\n\t"
+        "vadd.u64	d3, d16, d17\n\t"
+        "vadd.u64	d4, d18, d19\n\t"
+        "vsra.u64	d1, d0, #26\n\t"
+        "vand.u64	d0, d0, d31\n\t"
+        "vsra.u64	d2, d1, #26\n\t"
+        "vand.u64	d1, d1, d31\n\t"
+        "vsra.u64	d3, d2, #26\n\t"
+        "vand.u64	d2, d2, d31\n\t"
+        "vsra.u64	d4, d3, #26\n\t"
+        "vand.u64	d3, d3, d31\n\t"
+        "vshr.u64	d15, d4, #26\n\t"
+        "vand.u64	d4, d4, d31\n\t"
+        "vadd.u64	d0, d0, d15\n\t"
+        "vshl.u64	d15, d15, #2\n\t"
+        "vadd.u64	d0, d0, d15\n\t"
+        "vsra.u64	d1, d0, #26\n\t"
+        "vand.u64	d0, d0, d31\n\t"
+        "cmp	%[bytes], #0x40\n\t"
+        "bge	L_poly1305_arm32_blocks_start_4_%=\n\t"
+        "cmp	%[bytes], #32\n\t"
+        "blt	L_poly1305_arm32_blocks_done_neon_%=\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_start_2_%=: \n\t"
+        "sub	%[bytes], #32\n\t"
+        "vld4.32	{d10-d13}, [%[m]]!\n\t"
+        "vshr.u32	d14, d13, #8\n\t"
+        "vshl.u32	d13, d13, #18\n\t"
+        "vorr.i32	d14, d14, #0x1000000\n\t"
+        "vsri.u32	d13, d12, #14\n\t"
+        "vshl.u32	d12, d12, #12\n\t"
+        "vand.i32	d13, d13, #0x3ffffff\n\t"
+        "vsri.u32	d12, d11, #20\n\t"
+        "vshl.u32	d11, d11, #6\n\t"
+        "vand.i32	d12, d12, #0x3ffffff\n\t"
+        "vsri.u32	d11, d10, #26\n\t"
+        "vand.i32	d10, d10, #0x3ffffff\n\t"
+        "vand.i32	d11, d11, #0x3ffffff\n\t"
+        "vadd.u32	d4, d4, d14\n\t"
+        "vadd.u32	q1, q1, q6\n\t"
+        "vadd.u32	q0, q0, q5\n\t"
+        "vmull.u32	q5, d0, d20\n\t"
+        "vmull.u32	q6, d0, d21\n\t"
+        "vmull.u32	q7, d0, d22\n\t"
+        "vmull.u32	q8, d0, d23\n\t"
+        "vmull.u32	q9, d0, d24\n\t"
+        "vmlal.u32	q5, d1, d9\n\t"
+        "vmlal.u32	q6, d1, d20\n\t"
+        "vmlal.u32	q7, d1, d21\n\t"
+        "vmlal.u32	q8, d1, d22\n\t"
+        "vmlal.u32	q9, d1, d23\n\t"
+        "vmlal.u32	q5, d2, d8\n\t"
+        "vmlal.u32	q6, d2, d9\n\t"
+        "vmlal.u32	q7, d2, d20\n\t"
+        "vmlal.u32	q8, d2, d21\n\t"
+        "vmlal.u32	q9, d2, d22\n\t"
+        "vmlal.u32	q5, d3, d7\n\t"
+        "vmlal.u32	q6, d3, d8\n\t"
+        "vmlal.u32	q7, d3, d9\n\t"
+        "vmlal.u32	q8, d3, d20\n\t"
+        "vmlal.u32	q9, d3, d21\n\t"
+        "vmlal.u32	q5, d4, d6\n\t"
+        "vmlal.u32	q6, d4, d7\n\t"
+        "vmlal.u32	q7, d4, d8\n\t"
+        "vmlal.u32	q8, d4, d9\n\t"
+        "vmlal.u32	q9, d4, d20\n\t"
+        "vadd.u64	d0, d10, d11\n\t"
+        "vadd.u64	d1, d12, d13\n\t"
+        "vadd.u64	d2, d14, d15\n\t"
+        "vadd.u64	d3, d16, d17\n\t"
+        "vadd.u64	d4, d18, d19\n\t"
+        "vsra.u64	d1, d0, #26\n\t"
+        "vand.u64	d0, d0, d31\n\t"
+        "vsra.u64	d2, d1, #26\n\t"
+        "vand.u64	d1, d1, d31\n\t"
+        "vsra.u64	d3, d2, #26\n\t"
+        "vand.u64	d2, d2, d31\n\t"
+        "vsra.u64	d4, d3, #26\n\t"
+        "vand.u64	d3, d3, d31\n\t"
+        "vshr.u64	d5, d4, #26\n\t"
+        "vand.u64	d4, d4, d31\n\t"
+        "vadd.u64	d0, d0, d5\n\t"
+        "vshl.u64	d5, d5, #2\n\t"
+        "vadd.u64	d0, d0, d5\n\t"
+        "vsra.u64	d1, d0, #26\n\t"
+        "vand.u64	d0, d0, d31\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_done_neon_%=: \n\t"
+        "cmp	%[bytes], #16\n\t"
+        "beq	L_poly1305_arm32_blocks_begin_1_%=\n\t"
+        "add	r12, %[ctx], #16\n\t"
+        "vsli.u64	d0, d1, #26\n\t"
+        "vsli.u64	d0, d2, #52\n\t"
+        "vshr.u64	d1, d2, #12\n\t"
+        "vsli.u64	d1, d3, #14\n\t"
+        "vsli.u64	d1, d4, #40\n\t"
+        "vshr.u64	d2, d4, #24\n\t"
+        "vst1.64	{d0-d2}, [r12]\n\t"
+        "b	L_poly1305_arm32_blocks_done_%=\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_begin_1_%=: \n\t"
+        "vsli.u64	d0, d1, #26\n\t"
+        "vsli.u64	d0, d2, #52\n\t"
+        "vshr.u64	d1, d2, #12\n\t"
+        "vsli.u64	d1, d3, #14\n\t"
+        "vsli.u64	d1, d4, #40\n\t"
+        "vshr.u64	d2, d4, #24\n\t"
+        "vmov	r7, r8, d0\n\t"
+        "vmov	r9, r10, d1\n\t"
+        "vmov	r11, d2[0]\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_start_1_%=: \n\t"
+        "mov	r12, #1\n\t"
+        "push	{r2}\n\t"
+        /* Load message */
+        "ldr	%[bytes], [%[m]]\n\t"
+        "ldr	r3, [%[m], #4]\n\t"
+        "ldr	r4, [%[m], #8]\n\t"
+        "ldr	r5, [%[m], #12]\n\t"
+        /* Add message */
+        "adds	r7, r7, %[bytes]\n\t"
+        "adcs	r8, r8, r3\n\t"
+        "adcs	r9, r9, r4\n\t"
+        "adcs	r10, r10, r5\n\t"
+        "adc	r11, r11, r12\n\t"
+        "push	{r0-r1}\n\t"
+        "add	%[m], %[ctx], #0\n\t"
+        "add	lr, %[ctx], #16\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        "stm	lr, {r7, r8, r9, r10, r11}\n\t"
+#else
+        /* h[0]-h[2] in r4-r6 for multiplication. */
+        "str	r10, [lr, #12]\n\t"
+        "str	r11, [lr, #16]\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+        "ldr	r3, [%[m]]\n\t"
+        "eor	%[ctx], %[ctx], %[ctx]\n\t"
+        /* r[0] * h[0] */
+        /* h[0] in r4 */
+        "umull	r7, r8, r3, r7\n\t"
+        /* r[0] * h[2] */
+        /* h[2] in r6 */
+        "umull	r9, r10, r3, r9\n\t"
+        /* r[0] * h[4] */
+        /* h[4] in r8 */
+        "mul	r11, r3, r11\n\t"
+        /* r[0] * h[1] */
+        "ldr	%[bytes], [lr, #4]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r8, r12, r3, %[bytes]\n\t"
+        /* r[0] * h[3] */
+        "ldr	%[bytes], [lr, #12]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r10, r10, %[ctx]\n\t"
+        "umlal	r10, r11, r3, %[bytes]\n\t"
+        /* r[1] * h[0] */
+        "ldr	r3, [%[m], #4]\n\t"
+        "ldr	%[bytes], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r8, r12, r3, %[bytes]\n\t"
+        /* r[1] * h[1] */
+        "ldr	%[bytes], [lr, #4]\n\t"
+        "adds	r9, r9, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r9, r12, r3, %[bytes]\n\t"
+        /* r[1] * h[2] */
+        "ldr	%[bytes], [lr, #8]\n\t"
+        "adds	r10, r10, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r10, r12, r3, %[bytes]\n\t"
+        /* r[1] * h[3] */
+        "ldr	%[bytes], [lr, #12]\n\t"
+        "adds	r11, r11, r12\n\t"
+        "adc	r4, %[ctx], %[ctx]\n\t"
+        "umlal	r11, r4, r3, %[bytes]\n\t"
+        /* r[1] * h[4] */
+        "ldr	%[bytes], [lr, #16]\n\t"
+        "mla	r4, r3, %[bytes], r4\n\t"
+        /* r[2] * h[0] */
+        "ldr	r3, [%[m], #8]\n\t"
+        "ldr	%[bytes], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r9, r12, r3, %[bytes]\n\t"
+        /* r[2] * h[1] */
+        "ldr	%[bytes], [lr, #4]\n\t"
+        "adds	r10, r10, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r10, r12, r3, %[bytes]\n\t"
+        /* r[2] * h[2] */
+        "ldr	%[bytes], [lr, #8]\n\t"
+        "adds	r11, r11, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r11, r12, r3, %[bytes]\n\t"
+        /* r[2] * h[3] */
+        "ldr	%[bytes], [lr, #12]\n\t"
+        "adds	r4, r4, r12\n\t"
+        "adc	r5, %[ctx], %[ctx]\n\t"
+        "umlal	r4, r5, r3, %[bytes]\n\t"
+        /* r[2] * h[4] */
+        "ldr	%[bytes], [lr, #16]\n\t"
+        "mla	r5, r3, %[bytes], r5\n\t"
+        /* r[3] * h[0] */
+        "ldr	r3, [%[m], #12]\n\t"
+        "ldr	%[bytes], [lr]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "umlal	r10, r12, r3, %[bytes]\n\t"
+        /* r[3] * h[1] */
+        "ldr	%[bytes], [lr, #4]\n\t"
+        "adds	r11, r11, r12\n\t"
+        "adc	r12, %[ctx], %[ctx]\n\t"
+        "umlal	r11, r12, r3, %[bytes]\n\t"
+        /* r[3] * h[2] */
+        "ldr	%[bytes], [lr, #8]\n\t"
+        "adds	r4, r4, r12\n\t"
+        "adc	r5, r5, %[ctx]\n\t"
+        "umlal	r4, r5, r3, %[bytes]\n\t"
+        /* r[3] * h[3] */
+        "ldr	%[bytes], [lr, #12]\n\t"
+        "mov	r6, %[ctx]\n\t"
+        "umlal	r5, r6, r3, %[bytes]\n\t"
+        /* r[3] * h[4] */
+        "ldr	%[bytes], [lr, #16]\n\t"
+        "mov	r12, %[ctx]\n\t"
+        "mla	r6, r3, %[bytes], r6\n\t"
+#else
+        "sub	sp, sp, #12\n\t"
+        "ldm	%[m], {r0, r1, r2, r3}\n\t"
+        /* r[0] * h[0] */
+        "umull	r5, r6, %[ctx], r7\n\t"
+        /* r[1] * h[0] */
+        "umull	r12, r10, %[m], r7\n\t"
+        /* r[0] * h[1] */
+        "umaal	r6, r12, %[ctx], r8\n\t"
+        /* r[2] * h[0] */
+        "umull	r11, r4, %[bytes], r7\n\t"
+        /* r[1] * h[1] */
+        "umaal	r12, r11, %[m], r8\n\t"
+        /* r[0] * h[2] */
+        "umaal	r12, r10, %[ctx], r9\n\t"
+        /* r[3] * h[0] */
+        "umaal	r11, r4, r3, r7\n\t"
+        "stm	sp, {r5, r6, r12}\n\t"
+        /* r[2] * h[1] */
+        "umaal	r10, r11, %[bytes], r8\n\t"
+        /* Replace h[0] with h[3] */
+        "ldr	r7, [lr, #12]\n\t"
+        /* r[1] * h[2] */
+        "umull	r5, r6, %[m], r9\n\t"
+        /* r[2] * h[2] */
+        "umaal	r11, r4, %[bytes], r9\n\t"
+        /* r[0] * h[3] */
+        "umaal	r10, r5, %[ctx], r7\n\t"
+        /* r[3] * h[1] */
+        "umaal	r11, r6, r3, r8\n\t"
+        /* r[1] * h[3] */
+        "umaal	r11, r5, %[m], r7\n\t"
+        /* r[3] * h[2] */
+        "umaal	r4, r6, r3, r9\n\t"
+        /* r[2] * h[3] */
+        "umaal	r4, r5, %[bytes], r7\n\t"
+        /* Replace h[1] with h[4] */
+        "ldr	r8, [lr, #16]\n\t"
+        /* r[3] * h[3] */
+        "umaal	r5, r6, r3, r7\n\t"
+        "mov	r12, #0\n\t"
+        /* r[0] * h[4] */
+        "umaal	r11, r12, %[ctx], r8\n\t"
+        /* r[1] * h[4] */
+        "umaal	r4, r12, %[m], r8\n\t"
+        /* r[2] * h[4] */
+        "umaal	r5, r12, %[bytes], r8\n\t"
+        /* r[3] * h[4] */
+        "umaal	r6, r12, r3, r8\n\t"
+        /* DONE */
+        "ldm	sp, {r7, r8, r9}\n\t"
+        "add	sp, sp, #12\n\t"
+#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */
+        /* Reduce mod 2^130 - 5 */
+        "bic	r3, r11, #0x3\n\t"
+        "and	r11, r11, #3\n\t"
+        "adds	r7, r7, r3\n\t"
+        "lsr	r3, r3, #2\n\t"
+        "adcs	r8, r8, r4\n\t"
+        "orr	r3, r3, r4, LSL #30\n\t"
+        "adcs	r9, r9, r5\n\t"
+        "lsr	r4, r4, #2\n\t"
+        "adcs	r10, r10, r6\n\t"
+        "orr	r4, r4, r5, LSL #30\n\t"
+        "adc	r11, r11, r12\n\t"
+        "lsr	r5, r5, #2\n\t"
+        "adds	r7, r7, r3\n\t"
+        "orr	r5, r5, r6, LSL #30\n\t"
+        "adcs	r8, r8, r4\n\t"
+        "lsr	r6, r6, #2\n\t"
+        "adcs	r9, r9, r5\n\t"
+        "adcs	r10, r10, r6\n\t"
+        "adc	r11, r11, r12\n\t"
+        "pop	{r0-r1}\n\t"
+        "pop	{r2}\n\t"
+        "add	r12, %[ctx], #16\n\t"
+        "stm	r12, {r7, r8, r9, r10, r11}\n\t"
+        "\n"
+    "L_poly1305_arm32_blocks_done_%=: \n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [ctx] "+r" (ctx), [m] "+r" (m), [bytes] "+r" (bytes)
+        :
+#else
+        :
+        : [ctx] "r" (ctx), [m] "r" (m), [bytes] "r" (bytes)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8",
+            "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", "d17", "d18",
+            "d19", "d20", "d21", "d22", "d23", "d24", "d25", "d26", "d27",
+            "d28", "d29", "d30", "d31"
+    );
+}
+
+static const word32 L_poly1305_arm32_clamp[] = {
+    0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_set_key(Poly1305* ctx_p, const byte* key_p)
+#else
+void poly1305_set_key(Poly1305* ctx, const byte* key)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register const byte* key asm ("r1") = (const byte*)key_p;
+    register word32* L_poly1305_arm32_clamp_c asm ("r2") =
+        (word32*)&L_poly1305_arm32_clamp;
+#else
+    register word32* L_poly1305_arm32_clamp_c =
+        (word32*)&L_poly1305_arm32_clamp;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        /* Load mask. */
+        "mov	lr, %[L_poly1305_arm32_clamp]\n\t"
+        "ldm	lr, {r6, r7, r8, r9}\n\t"
+        /* Load and cache padding. */
+        "ldr	r2, [%[key], #16]\n\t"
+        "ldr	r3, [%[key], #20]\n\t"
+        "ldr	r4, [%[key], #24]\n\t"
+        "ldr	r5, [%[key], #28]\n\t"
+        "add	lr, %[ctx], #40\n\t"
+        "stm	lr, {r2, r3, r4, r5}\n\t"
+        /* Load, mask and store r. */
+        "ldr	r2, [%[key]]\n\t"
+        "ldr	r3, [%[key], #4]\n\t"
+        "ldr	r4, [%[key], #8]\n\t"
+        "ldr	r5, [%[key], #12]\n\t"
+        "and	r2, r2, r6\n\t"
+        "and	r3, r3, r7\n\t"
+        "and	r4, r4, r8\n\t"
+        "and	r5, r5, r9\n\t"
+        "add	lr, %[ctx], #0\n\t"
+        "stm	lr, {r2, r3, r4, r5}\n\t"
+        "vmov.i16	q10, #0xffff\n\t"
+        "vshr.u64	q10, q10, #38\n\t"
+        "lsr	r8, r2, #26\n\t"
+        "lsr	r9, r3, #20\n\t"
+        "lsr	r10, r4, #14\n\t"
+        "lsr	r11, r5, #8\n\t"
+        "eor	r8, r8, r3, lsl #6\n\t"
+        "eor	r9, r9, r4, lsl #12\n\t"
+        "eor	r10, r10, r5, lsl #18\n\t"
+        "and	r7, r2, #0x3ffffff\n\t"
+        "and	r8, r8, #0x3ffffff\n\t"
+        "and	r9, r9, #0x3ffffff\n\t"
+        "and	r10, r10, #0x3ffffff\n\t"
+        "vmov.i32	s1, r7\n\t"
+        "vmov.i32	s3, r8\n\t"
+        "vmov.i32	s5, r9\n\t"
+        "vmov.i32	s7, r10\n\t"
+        "vmov.i32	s9, r11\n\t"
+        "push	{%[ctx]-%[key]}\n\t"
+#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
+        /* Square r */
+        "umull	%[key], r6, r2, r3\n\t"
+        "mov	r12, #0\n\t"
+        "umull	r7, r8, r2, r5\n\t"
+        "mov	lr, r12\n\t"
+        "umlal	r6, lr, r2, r4\n\t"
+        "adds	r7, r7, lr\n\t"
+        "adc	lr, r12, r12\n\t"
+        "umlal	r7, lr, r3, r4\n\t"
+        "mov	r9, r12\n\t"
+        "umlal	lr, r9, r3, r5\n\t"
+        "adds	r8, r8, lr\n\t"
+        "adcs	r9, r9, r12\n\t"
+        "adc	r10, r12, r12\n\t"
+        "umlal	r9, r10, r4, r5\n\t"
+        "adds	%[key], %[key], %[key]\n\t"
+        "adcs	r6, r6, r6\n\t"
+        "adcs	r7, r7, r7\n\t"
+        "adcs	r8, r8, r8\n\t"
+        "adcs	r9, r9, r9\n\t"
+        "adcs	r10, r10, r10\n\t"
+        "adc	r11, r12, r12\n\t"
+        "umull	%[ctx], lr, r2, r2\n\t"
+        "adds	%[key], %[key], lr\n\t"
+        "adcs	r6, r6, r12\n\t"
+        "adc	lr, r12, r12\n\t"
+        "umlal	r6, lr, r3, r3\n\t"
+        "adds	r7, r7, lr\n\t"
+        "adcs	r8, r8, r12\n\t"
+        "adc	lr, r12, r12\n\t"
+        "umlal	r8, lr, r4, r4\n\t"
+        "adds	r9, r9, lr\n\t"
+        "adcs	r10, r10, r12\n\t"
+        "adc	r11, r11, r12\n\t"
+        "umlal	r10, r11, r5, r5\n\t"
+#else
+        "umull	%[ctx], %[key], r2, r2\n\t"
+        "umull	r6, r7, r2, r3\n\t"
+        "adds	r6, r6, r6\n\t"
+        "mov	r12, #0\n\t"
+        "umaal	%[key], r6, r12, r12\n\t"
+        "mov	r8, r12\n\t"
+        "umaal	r8, r7, r2, r4\n\t"
+        "adcs	r8, r8, r8\n\t"
+        "umaal	r6, r8, r3, r3\n\t"
+        "umull	r9, r10, r2, r5\n\t"
+        "umaal	r7, r9, r3, r4\n\t"
+        "adcs	r7, r7, r7\n\t"
+        "umaal	r7, r8, r12, r12\n\t"
+        "umaal	r10, r9, r3, r5\n\t"
+        "adcs	r10, r10, r10\n\t"
+        "umaal	r8, r10, r4, r4\n\t"
+        "mov	r11, r12\n\t"
+        "umaal	r9, r11, r4, r5\n\t"
+        "adcs	r9, r9, r9\n\t"
+        "umaal	r9, r10, r12, r12\n\t"
+        "adcs	r11, r11, r11\n\t"
+        "umaal	r10, r11, r5, r5\n\t"
+        "adc	r11, r11, r12\n\t"
+#endif /* defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) */
+        /* Reduce mod 2^130 - 5 */
+        "bic	r2, r8, #0x3\n\t"
+        "and	r8, r8, #3\n\t"
+        "adds	%[ctx], %[ctx], r2\n\t"
+        "lsr	r2, r2, #2\n\t"
+        "adcs	%[key], %[key], r9\n\t"
+        "orr	r2, r2, r9, LSL #30\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "lsr	r9, r9, #2\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "orr	r9, r9, r10, LSL #30\n\t"
+        "adc	r8, r8, r12\n\t"
+        "lsr	r10, r10, #2\n\t"
+        "adds	%[ctx], %[ctx], r2\n\t"
+        "orr	r10, r10, r11, LSL #30\n\t"
+        "adcs	%[key], %[key], r9\n\t"
+        "lsr	r11, r11, #2\n\t"
+        "adcs	r6, r6, r10\n\t"
+        "adcs	r7, r7, r11\n\t"
+        "adc	r8, r8, r12\n\t"
+        "lsr	r3, %[ctx], #26\n\t"
+        "lsr	r4, %[key], #20\n\t"
+        "lsr	r5, r6, #14\n\t"
+        "lsr	r10, r7, #8\n\t"
+        "eor	r3, r3, %[key], lsl #6\n\t"
+        "eor	r4, r4, r6, lsl #12\n\t"
+        "eor	r5, r5, r7, lsl #18\n\t"
+        "eor	r10, r10, r8, lsl #24\n\t"
+        "and	r2, %[ctx], #0x3ffffff\n\t"
+        "and	r3, r3, #0x3ffffff\n\t"
+        "and	r4, r4, #0x3ffffff\n\t"
+        "and	r5, r5, #0x3ffffff\n\t"
+        "vmov.i32	s0, r2\n\t"
+        "vmov.i32	s2, r3\n\t"
+        "vmov.i32	s4, r4\n\t"
+        "vmov.i32	s6, r5\n\t"
+        "vmov.i32	s8, r10\n\t"
+        "pop	{%[ctx]-%[key]}\n\t"
+        "add	lr, %[ctx], #0x7c\n\t"
+        "vstm.32	lr, {d0-d4}\n\t"
+        /* Multiply r^2, r by r^2 */
+        "vshl.u32	d6, d1, #2\n\t"
+        "vshl.u32	d7, d2, #2\n\t"
+        "vshl.u32	d8, d3, #2\n\t"
+        "vshl.u32	d9, d4, #2\n\t"
+        "vadd.u32	d6, d6, d1\n\t"
+        "vadd.u32	d7, d7, d2\n\t"
+        "vadd.u32	d8, d8, d3\n\t"
+        "vadd.u32	d9, d9, d4\n\t"
+        "vmull.u32	q5, d0, d0[0]\n\t"
+        "vmull.u32	q6, d0, d1[0]\n\t"
+        "vmull.u32	q7, d0, d2[0]\n\t"
+        "vmull.u32	q8, d0, d3[0]\n\t"
+        "vmull.u32	q9, d0, d4[0]\n\t"
+        "vmlal.u32	q5, d1, d9[0]\n\t"
+        "vmlal.u32	q6, d1, d0[0]\n\t"
+        "vmlal.u32	q7, d1, d1[0]\n\t"
+        "vmlal.u32	q8, d1, d2[0]\n\t"
+        "vmlal.u32	q9, d1, d3[0]\n\t"
+        "vmlal.u32	q5, d2, d8[0]\n\t"
+        "vmlal.u32	q6, d2, d9[0]\n\t"
+        "vmlal.u32	q7, d2, d0[0]\n\t"
+        "vmlal.u32	q8, d2, d1[0]\n\t"
+        "vmlal.u32	q9, d2, d2[0]\n\t"
+        "vmlal.u32	q5, d3, d7[0]\n\t"
+        "vmlal.u32	q6, d3, d8[0]\n\t"
+        "vmlal.u32	q7, d3, d9[0]\n\t"
+        "vmlal.u32	q8, d3, d0[0]\n\t"
+        "vmlal.u32	q9, d3, d1[0]\n\t"
+        "vmlal.u32	q5, d4, d6[0]\n\t"
+        "vmlal.u32	q6, d4, d7[0]\n\t"
+        "vmlal.u32	q7, d4, d8[0]\n\t"
+        "vmlal.u32	q8, d4, d9[0]\n\t"
+        "vmlal.u32	q9, d4, d0[0]\n\t"
+        "vsra.u64	q6, q5, #26\n\t"
+        "vand.u64	q5, q5, q10\n\t"
+        "vsra.u64	q7, q6, #26\n\t"
+        "vand.u64	q6, q6, q10\n\t"
+        "vsra.u64	q8, q7, #26\n\t"
+        "vand.u64	q7, q7, q10\n\t"
+        "vsra.u64	q9, q8, #26\n\t"
+        "vand.u64	q8, q8, q10\n\t"
+        "vshr.u64	q3, q9, #26\n\t"
+        "vand.u64	q9, q9, q10\n\t"
+        "vadd.u64	q5, q5, q3\n\t"
+        "vshl.u64	q3, q3, #2\n\t"
+        "vadd.u64	q5, q5, q3\n\t"
+        "vsra.u64	q6, q5, #26\n\t"
+        "vand.u64	q5, q5, q10\n\t"
+        "vmovn.i64	d10, q5\n\t"
+        "vmovn.i64	d11, q6\n\t"
+        "vmovn.i64	d12, q7\n\t"
+        "vmovn.i64	d13, q8\n\t"
+        "vmovn.i64	d14, q9\n\t"
+        "add	lr, %[ctx], #0xa4\n\t"
+        "vstm.32	lr, {d10-d14}\n\t"
+        /* h (accumulator) = 0 */
+        "eor	r6, r6, r6\n\t"
+        "eor	r7, r7, r7\n\t"
+        "eor	r8, r8, r8\n\t"
+        "eor	r9, r9, r9\n\t"
+        "add	lr, %[ctx], #16\n\t"
+        "eor	r4, r4, r4\n\t"
+        "eor	r5, r5, r5\n\t"
+        "stm	lr, {r4, r5, r6, r7, r8, r9}\n\t"
+        /* Zero leftover */
+        "str	r5, [%[ctx], #56]\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [ctx] "+r" (ctx), [key] "+r" (key),
+          [L_poly1305_arm32_clamp] "+r" (L_poly1305_arm32_clamp_c)
+        :
+#else
+        :
+        : [ctx] "r" (ctx), [key] "r" (key),
+          [L_poly1305_arm32_clamp] "r" (L_poly1305_arm32_clamp_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8",
+            "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", "d17", "d18",
+            "d19", "d20", "d21"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_final(Poly1305* ctx_p, byte* mac_p)
+#else
+void poly1305_final(Poly1305* ctx, byte* mac)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p;
+    register byte* mac asm ("r1") = (byte*)mac_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "add	r9, %[ctx], #16\n\t"
+        "ldm	r9, {r4, r5, r6, r7, r8}\n\t"
+        /* Add 5 and check for h larger than p. */
+        "adds	r2, r4, #5\n\t"
+        "adcs	r2, r5, #0\n\t"
+        "adcs	r2, r6, #0\n\t"
+        "adcs	r2, r7, #0\n\t"
+        "adc	r2, r8, #0\n\t"
+        "sub	r2, r2, #4\n\t"
+        "lsr	r2, r2, #31\n\t"
+        "sub	r2, r2, #1\n\t"
+        "and	r2, r2, #5\n\t"
+        /* Add 0/5 to h. */
+        "adds	r4, r4, r2\n\t"
+        "adcs	r5, r5, #0\n\t"
+        "adcs	r6, r6, #0\n\t"
+        "adc	r7, r7, #0\n\t"
+        /* Add padding */
+        "add	r9, %[ctx], #40\n\t"
+        "ldm	r9, {r2, r3, r12, lr}\n\t"
+        "adds	r4, r4, r2\n\t"
+        "adcs	r5, r5, r3\n\t"
+        "adcs	r6, r6, r12\n\t"
+        "adc	r7, r7, lr\n\t"
+        /* Store MAC */
+        "str	r4, [%[mac]]\n\t"
+        "str	r5, [%[mac], #4]\n\t"
+        "str	r6, [%[mac], #8]\n\t"
+        "str	r7, [%[mac], #12]\n\t"
+        /* Zero out h. */
+        "eor	r4, r4, r4\n\t"
+        "eor	r5, r5, r5\n\t"
+        "eor	r6, r6, r6\n\t"
+        "eor	r7, r7, r7\n\t"
+        "eor	r8, r8, r8\n\t"
+        "add	r9, %[ctx], #16\n\t"
+        "stm	r9, {r4, r5, r6, r7, r8}\n\t"
+        /* Zero out r. */
+        "add	r9, %[ctx], #0\n\t"
+        "stm	r9, {r4, r5, r6, r7}\n\t"
+        /* Zero out padding. */
+        "add	r9, %[ctx], #40\n\t"
+        "stm	r9, {r4, r5, r6, r7}\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [ctx] "+r" (ctx), [mac] "+r" (mac)
+        :
+#else
+        :
+        : [ctx] "r" (ctx), [mac] "r" (mac)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9"
+    );
+}
+
+#endif /* WOLFSSL_ARMASM_NO_NEON */
+#endif /* HAVE_POLY1305 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
index 14a1ec48f..bdfe196aa 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
@@ -1,6 +1,6 @@
 /* armv8-32-sha256-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,14 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha256.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+ *   ruby ./sha2/sha256.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
 #ifndef NO_SHA256
 #ifdef WOLFSSL_ARMASM_NO_NEON
@@ -113,8 +111,7 @@ Transform_Sha256_Len:
 	adr	r3, L_SHA256_transform_len_k
 	# Copy digest to add in at end
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -185,8 +182,7 @@ L_SHA256_transform_len_begin:
 	eor	r6, r6, r10, lsr #8
 	eor	r7, r7, r11, lsr #8
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [sp]
-	str	r5, [sp, #4]
+	stm	sp, {r4, r5}
 #else
 	strd	r4, r5, [sp]
 #endif
@@ -310,8 +306,7 @@ L_SHA256_transform_len_begin:
 	rev	r10, r10
 	rev	r11, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [sp]
-	str	r5, [sp, #4]
+	stm	sp, {r4, r5}
 #else
 	strd	r4, r5, [sp]
 #endif
@@ -1649,8 +1644,7 @@ L_SHA256_transform_len_start:
 	str	r9, [r0]
 	# Add in digest from start
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -1677,8 +1671,7 @@ L_SHA256_transform_len_start:
 	add	r6, r6, r10
 	add	r7, r7, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -1840,8 +1833,7 @@ Transform_Sha256_Len:
 	vpush	{d8-d11}
 	sub	sp, sp, #24
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r0, [sp]
-	str	r1, [sp, #4]
+	stm	sp, {r0, r1}
 #else
 	strd	r0, r1, [sp]
 #endif
@@ -1849,8 +1841,7 @@ Transform_Sha256_Len:
 	adr	r12, L_SHA256_transform_neon_len_k
 	# Load digest into registers
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r2, [r0]
-	ldr	r3, [r0, #4]
+	ldm	r0, {r2, r3}
 #else
 	ldrd	r2, r3, [r0]
 #endif
@@ -2798,16 +2789,14 @@ L_SHA256_transform_neon_len_start:
 	ldr	r10, [sp]
 	# Add in digest from start
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r0, [r10]
-	ldr	r1, [r10, #4]
+	ldm	r10, {r0, r1}
 #else
 	ldrd	r0, r1, [r10]
 #endif
 	add	r2, r2, r0
 	add	r3, r3, r1
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r2, [r10]
-	str	r3, [r10, #4]
+	stm	r10, {r2, r3}
 #else
 	strd	r2, r3, [r10]
 #endif
@@ -2865,7 +2854,7 @@ L_SHA256_transform_neon_len_start:
 	.size	Transform_Sha256_Len,.-Transform_Sha256_Len
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
index 391075340..15f2295a9 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-sha256-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,41 +21,38 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha256.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.c
+ *   ruby ./sha2/sha256.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.c
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
 #endif /* __IAR_SYSTEMS_ICC__ */
 #ifdef __KEIL__
 #define __asm__        __asm
 #define __volatile__   volatile
 #endif /* __KEIL__ */
+#ifdef __ghs__
+#define __asm__        __asm
+#define __volatile__
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __ghs__ */
 #ifndef NO_SHA256
 #include <wolfssl/wolfcrypt/sha256.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-static const uint32_t L_SHA256_transform_len_k[] = {
+static const word32 L_SHA256_transform_len_k[] = {
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
@@ -74,20 +71,32 @@ static const uint32_t L_SHA256_transform_len_k[] = {
     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
 };
 
-void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len);
+void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p,
+    word32 len_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
+#else
+void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register wc_Sha256* sha256 asm ("r0") = (wc_Sha256*)sha256_p;
     register const byte* data asm ("r1") = (const byte*)data_p;
     register word32 len asm ("r2") = (word32)len_p;
-    register uint32_t* L_SHA256_transform_len_k_c asm ("r3") = (uint32_t*)&L_SHA256_transform_len_k;
+    register word32* L_SHA256_transform_len_k_c asm ("r3") =
+        (word32*)&L_SHA256_transform_len_k;
+#else
+    register word32* L_SHA256_transform_len_k_c =
+        (word32*)&L_SHA256_transform_len_k;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0xc0\n\t"
+        "mov	r3, %[L_SHA256_transform_len_k]\n\t"
         /* Copy digest to add in at end */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha256]]\n\t"
-        "ldr	r5, [%[sha256], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha256]]\n\t"
 #endif
@@ -159,8 +168,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "eor	r6, r6, r10, lsr #8\n\t"
         "eor	r7, r7, r11, lsr #8\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [sp]\n\t"
-        "str	r5, [sp, #4]\n\t"
+        "stm	sp, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [sp]\n\t"
 #endif
@@ -284,8 +292,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "rev	r10, r10\n\t"
         "rev	r11, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [sp]\n\t"
-        "str	r5, [sp, #4]\n\t"
+        "stm	sp, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [sp]\n\t"
 #endif
@@ -1624,8 +1631,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "str	r9, [%[sha256]]\n\t"
         /* Add in digest from start */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha256]]\n\t"
-        "ldr	r5, [%[sha256], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha256]]\n\t"
 #endif
@@ -1652,8 +1658,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "add	r6, r6, r10\n\t"
         "add	r7, r7, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha256]]\n\t"
-        "str	r5, [%[sha256], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha256]]\n\t"
 #endif
@@ -1732,9 +1737,17 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "add	%[data], %[data], #0x40\n\t"
         "bne	L_SHA256_transform_len_begin_%=\n\t"
         "add	sp, sp, #0xc0\n\t"
-        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len),
+          [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+#else
+        :
+        : [sha256] "r" (sha256), [data] "r" (data), [len] "r" (len),
+          [L_SHA256_transform_len_k] "r" (L_SHA256_transform_len_k_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
@@ -1742,7 +1755,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
 #include <wolfssl/wolfcrypt/sha256.h>
 
 #ifndef WOLFSSL_ARMASM_NO_NEON
-static const uint32_t L_SHA256_transform_neon_len_k[] = {
+static const word32 L_SHA256_transform_neon_len_k[] = {
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
@@ -1761,19 +1774,30 @@ static const uint32_t L_SHA256_transform_neon_len_k[] = {
     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
 };
 
-void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len);
+void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p,
+    word32 len_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
+#else
+void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register wc_Sha256* sha256 asm ("r0") = (wc_Sha256*)sha256_p;
     register const byte* data asm ("r1") = (const byte*)data_p;
     register word32 len asm ("r2") = (word32)len_p;
-    register uint32_t* L_SHA256_transform_neon_len_k_c asm ("r3") = (uint32_t*)&L_SHA256_transform_neon_len_k;
+    register word32* L_SHA256_transform_neon_len_k_c asm ("r3") =
+        (word32*)&L_SHA256_transform_neon_len_k;
+#else
+    register word32* L_SHA256_transform_neon_len_k_c =
+        (word32*)&L_SHA256_transform_neon_len_k;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #24\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	%[sha256], [sp]\n\t"
-        "str	%[data], [sp, #4]\n\t"
+        "stm	sp, {r0, r1}\n\t"
 #else
         "strd	%[sha256], %[data], [sp]\n\t"
 #endif
@@ -1781,8 +1805,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "mov	r12, %[L_SHA256_transform_neon_len_k]\n\t"
         /* Load digest into registers */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	%[len], [%[sha256]]\n\t"
-        "ldr	r3, [%[sha256], #4]\n\t"
+        "ldm	r0, {r2, r3}\n\t"
 #else
         "ldrd	%[len], r3, [%[sha256]]\n\t"
 #endif
@@ -2732,16 +2755,14 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "ldr	r10, [sp]\n\t"
         /* Add in digest from start */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	%[sha256], [r10]\n\t"
-        "ldr	%[data], [r10, #4]\n\t"
+        "ldm	r10, {r0, r1}\n\t"
 #else
         "ldrd	%[sha256], %[data], [r10]\n\t"
 #endif
         "add	%[len], %[len], %[sha256]\n\t"
         "add	r3, r3, %[data]\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	%[len], [r10]\n\t"
-        "str	r3, [r10, #4]\n\t"
+        "stm	r10, {r2, r3}\n\t"
 #else
         "strd	%[len], r3, [r10]\n\t"
 #endif
@@ -2794,17 +2815,24 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p)
         "str	r10, [sp, #8]\n\t"
         "bne	L_SHA256_transform_neon_len_begin_%=\n\t"
         "add	sp, sp, #24\n\t"
-        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), [L_SHA256_transform_neon_len_k] "+r" (L_SHA256_transform_neon_len_k_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len),
+          [L_SHA256_transform_neon_len_k] "+r" (L_SHA256_transform_neon_len_k_c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "cc"
+#else
+        :
+        : [sha256] "r" (sha256), [data] "r" (data), [len] "r" (len),
+          [L_SHA256_transform_neon_len_k] "r" (L_SHA256_transform_neon_len_k_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr",
+            "r10", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9",
+            "d10", "d11"
     );
 }
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
index 76629726f..748cd10ae 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
@@ -1,6 +1,6 @@
 /* armv8-32-sha3-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,17 +21,17 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha3/sha3.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
+ *   ruby ./sha3/sha3.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
+#ifdef WOLFSSL_SHA3
+#ifndef WOLFSSL_ARMASM_NO_NEON
 	.text
 	.type	L_sha3_arm2_neon_rt, %object
 	.size	L_sha3_arm2_neon_rt, 192
@@ -85,60 +85,6 @@ L_sha3_arm2_neon_rt:
 	.word	0x0
 	.word	0x80008008
 	.word	0x80000000
-	.text
-	.type	L_sha3_arm2_rt, %object
-	.size	L_sha3_arm2_rt, 192
-	.align	4
-L_sha3_arm2_rt:
-	.word	0x1
-	.word	0x0
-	.word	0x8082
-	.word	0x0
-	.word	0x808a
-	.word	0x80000000
-	.word	0x80008000
-	.word	0x80000000
-	.word	0x808b
-	.word	0x0
-	.word	0x80000001
-	.word	0x0
-	.word	0x80008081
-	.word	0x80000000
-	.word	0x8009
-	.word	0x80000000
-	.word	0x8a
-	.word	0x0
-	.word	0x88
-	.word	0x0
-	.word	0x80008009
-	.word	0x0
-	.word	0x8000000a
-	.word	0x0
-	.word	0x8000808b
-	.word	0x0
-	.word	0x8b
-	.word	0x80000000
-	.word	0x8089
-	.word	0x80000000
-	.word	0x8003
-	.word	0x80000000
-	.word	0x8002
-	.word	0x80000000
-	.word	0x80
-	.word	0x80000000
-	.word	0x800a
-	.word	0x0
-	.word	0x8000000a
-	.word	0x80000000
-	.word	0x80008081
-	.word	0x80000000
-	.word	0x8080
-	.word	0x80000000
-	.word	0x80000001
-	.word	0x0
-	.word	0x80008008
-	.word	0x80000000
-#ifndef WOLFSSL_ARMASM_NO_NEON
 	.text
 	.align	4
 	.globl	BlockSha3
@@ -407,6 +353,59 @@ L_sha3_arm32_neon_begin:
 	.size	BlockSha3,.-BlockSha3
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #ifdef WOLFSSL_ARMASM_NO_NEON
+	.text
+	.type	L_sha3_arm2_rt, %object
+	.size	L_sha3_arm2_rt, 192
+	.align	4
+L_sha3_arm2_rt:
+	.word	0x1
+	.word	0x0
+	.word	0x8082
+	.word	0x0
+	.word	0x808a
+	.word	0x80000000
+	.word	0x80008000
+	.word	0x80000000
+	.word	0x808b
+	.word	0x0
+	.word	0x80000001
+	.word	0x0
+	.word	0x80008081
+	.word	0x80000000
+	.word	0x8009
+	.word	0x80000000
+	.word	0x8a
+	.word	0x0
+	.word	0x88
+	.word	0x0
+	.word	0x80008009
+	.word	0x0
+	.word	0x8000000a
+	.word	0x0
+	.word	0x8000808b
+	.word	0x0
+	.word	0x8b
+	.word	0x80000000
+	.word	0x8089
+	.word	0x80000000
+	.word	0x8003
+	.word	0x80000000
+	.word	0x8002
+	.word	0x80000000
+	.word	0x80
+	.word	0x80000000
+	.word	0x800a
+	.word	0x0
+	.word	0x8000000a
+	.word	0x80000000
+	.word	0x80008081
+	.word	0x80000000
+	.word	0x8080
+	.word	0x80000000
+	.word	0x80000001
+	.word	0x0
+	.word	0x80008008
+	.word	0x80000000
 	.text
 	.align	4
 	.globl	BlockSha3
@@ -508,8 +507,7 @@ L_sha3_arm32_begin:
 	eor	r3, r3, r5, lsl #1
 	# Calc b[0] and XOR t[0] into s[x*5+0]
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -546,8 +544,7 @@ L_sha3_arm32_begin:
 	eor	r10, r10, r2
 	eor	r11, r11, r3
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -722,8 +719,7 @@ L_sha3_arm32_begin:
 	str	lr, [sp, #20]
 	# Calc t[1]
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r2, [sp]
-	ldr	r3, [sp, #4]
+	ldm	sp, {r2, r3}
 #else
 	ldrd	r2, r3, [sp]
 #endif
@@ -882,8 +878,7 @@ L_sha3_arm32_begin:
 	ldrd	r2, r3, [sp, #24]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [sp]
-	ldr	r5, [sp, #4]
+	ldm	sp, {r4, r5}
 #else
 	ldrd	r4, r5, [sp]
 #endif
@@ -957,8 +952,7 @@ L_sha3_arm32_begin:
 	# Row Mix
 	# Row 0
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r2, [r0]
-	ldr	r3, [r0, #4]
+	ldm	r0, {r2, r3}
 #else
 	ldrd	r2, r3, [r0]
 #endif
@@ -1034,8 +1028,7 @@ L_sha3_arm32_begin:
 	str	lr, [sp, #36]
 	# Get constant
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -1491,8 +1484,7 @@ L_sha3_arm32_begin:
 	eor	r3, r3, r5, lsl #1
 	# Calc b[0] and XOR t[0] into s[x*5+0]
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [sp]
-	ldr	r5, [sp, #4]
+	ldm	sp, {r4, r5}
 #else
 	ldrd	r4, r5, [sp]
 #endif
@@ -1529,8 +1521,7 @@ L_sha3_arm32_begin:
 	eor	r10, r10, r2
 	eor	r11, r11, r3
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [sp]
-	str	r5, [sp, #4]
+	stm	sp, {r4, r5}
 #else
 	strd	r4, r5, [sp]
 #endif
@@ -1705,8 +1696,7 @@ L_sha3_arm32_begin:
 	str	lr, [r0, #20]
 	# Calc t[1]
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r2, [r0]
-	ldr	r3, [r0, #4]
+	ldm	r0, {r2, r3}
 #else
 	ldrd	r2, r3, [r0]
 #endif
@@ -1865,8 +1855,7 @@ L_sha3_arm32_begin:
 	ldrd	r2, r3, [r0, #24]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -1940,8 +1929,7 @@ L_sha3_arm32_begin:
 	# Row Mix
 	# Row 0
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r2, [sp]
-	ldr	r3, [sp, #4]
+	ldm	sp, {r2, r3}
 #else
 	ldrd	r2, r3, [sp]
 #endif
@@ -2017,8 +2005,7 @@ L_sha3_arm32_begin:
 	str	lr, [r0, #36]
 	# Get constant
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r10, [r1]
-	ldr	r11, [r1, #4]
+	ldm	r1, {r10, r11}
 #else
 	ldrd	r10, r11, [r1]
 #endif
@@ -2391,7 +2378,8 @@ L_sha3_arm32_begin:
 	pop	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	.size	BlockSha3,.-BlockSha3
 #endif /* WOLFSSL_ARMASM_NO_NEON */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
+#endif /* WOLFSSL_SHA3 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
index 6d2efa1b0..d6ebd68d9 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-sha3-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,52 +21,36 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha3/sha3.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.c
+ *   ruby ./sha3/sha3.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.c
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
 #endif /* __IAR_SYSTEMS_ICC__ */
 #ifdef __KEIL__
 #define __asm__        __asm
 #define __volatile__   volatile
 #endif /* __KEIL__ */
-static const uint64_t L_sha3_arm2_neon_rt[] = {
-    0x0000000000000001UL, 0x0000000000008082UL,
-    0x800000000000808aUL, 0x8000000080008000UL,
-    0x000000000000808bUL, 0x0000000080000001UL,
-    0x8000000080008081UL, 0x8000000000008009UL,
-    0x000000000000008aUL, 0x0000000000000088UL,
-    0x0000000080008009UL, 0x000000008000000aUL,
-    0x000000008000808bUL, 0x800000000000008bUL,
-    0x8000000000008089UL, 0x8000000000008003UL,
-    0x8000000000008002UL, 0x8000000000000080UL,
-    0x000000000000800aUL, 0x800000008000000aUL,
-    0x8000000080008081UL, 0x8000000000008080UL,
-    0x0000000080000001UL, 0x8000000080008008UL,
-};
-
-static const uint64_t L_sha3_arm2_rt[] = {
+#ifdef __ghs__
+#define __asm__        __asm
+#define __volatile__
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __ghs__ */
+#ifdef WOLFSSL_SHA3
+#ifndef WOLFSSL_ARMASM_NO_NEON
+static const word64 L_sha3_arm2_neon_rt[] = {
     0x0000000000000001UL, 0x0000000000008082UL,
     0x800000000000808aUL, 0x8000000080008000UL,
     0x000000000000808bUL, 0x0000000080000001UL,
@@ -83,15 +67,24 @@ static const uint64_t L_sha3_arm2_rt[] = {
 
 #include <wolfssl/wolfcrypt/sha3.h>
 
-#ifndef WOLFSSL_ARMASM_NO_NEON
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void BlockSha3(word64* state_p)
+#else
+void BlockSha3(word64* state)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register word64* state asm ("r0") = (word64*)state_p;
-    register uint64_t* L_sha3_arm2_neon_rt_c asm ("r1") = (uint64_t*)&L_sha3_arm2_neon_rt;
-    register uint64_t* L_sha3_arm2_rt_c asm ("r2") = (uint64_t*)&L_sha3_arm2_rt;
+    register word64* L_sha3_arm2_neon_rt_c asm ("r1") =
+        (word64*)&L_sha3_arm2_neon_rt;
+#else
+    register word64* L_sha3_arm2_neon_rt_c = (word64*)&L_sha3_arm2_neon_rt;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #16\n\t"
+        "mov	r1, %[L_sha3_arm2_neon_rt]\n\t"
         "mov	r2, #24\n\t"
         "mov	r3, sp\n\t"
         "vld1.8	{d0-d3}, [%[state]]!\n\t"
@@ -348,21 +341,54 @@ void BlockSha3(word64* state_p)
         "vst1.8	{d20-d23}, [%[state]]!\n\t"
         "vst1.8	{d24}, [%[state]]\n\t"
         "add	sp, sp, #16\n\t"
-        : [state] "+r" (state), [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [state] "+r" (state),
+          [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c)
         :
-        : "memory", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", "d17", "d18", "d19", "d20", "d21", "d22", "d23", "d24", "d25", "d26", "d27", "d28", "d29", "d30", "d31", "cc"
+#else
+        :
+        : [state] "r" (state),
+          [L_sha3_arm2_neon_rt] "r" (L_sha3_arm2_neon_rt_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6",
+            "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16",
+            "d17", "d18", "d19", "d20", "d21", "d22", "d23", "d24", "d25",
+            "d26", "d27", "d28", "d29", "d30", "d31"
     );
 }
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
+#ifdef WOLFSSL_ARMASM_NO_NEON
+static const word64 L_sha3_arm2_rt[] = {
+    0x0000000000000001UL, 0x0000000000008082UL,
+    0x800000000000808aUL, 0x8000000080008000UL,
+    0x000000000000808bUL, 0x0000000080000001UL,
+    0x8000000080008081UL, 0x8000000000008009UL,
+    0x000000000000008aUL, 0x0000000000000088UL,
+    0x0000000080008009UL, 0x000000008000000aUL,
+    0x000000008000808bUL, 0x800000000000008bUL,
+    0x8000000000008089UL, 0x8000000000008003UL,
+    0x8000000000008002UL, 0x8000000000000080UL,
+    0x000000000000800aUL, 0x800000008000000aUL,
+    0x8000000080008081UL, 0x8000000000008080UL,
+    0x0000000080000001UL, 0x8000000080008008UL,
+};
+
 #include <wolfssl/wolfcrypt/sha3.h>
 
-#ifdef WOLFSSL_ARMASM_NO_NEON
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void BlockSha3(word64* state_p)
+#else
+void BlockSha3(word64* state)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register word64* state asm ("r0") = (word64*)state_p;
-    register uint64_t* L_sha3_arm2_neon_rt_c asm ("r1") = (uint64_t*)&L_sha3_arm2_neon_rt;
-    register uint64_t* L_sha3_arm2_rt_c asm ("r2") = (uint64_t*)&L_sha3_arm2_rt;
+    register word64* L_sha3_arm2_rt_c asm ("r1") = (word64*)&L_sha3_arm2_rt;
+#else
+    register word64* L_sha3_arm2_rt_c = (word64*)&L_sha3_arm2_rt;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0xcc\n\t"
@@ -461,8 +487,7 @@ void BlockSha3(word64* state_p)
         "eor	r3, r3, r5, lsl #1\n\t"
         /* Calc b[0] and XOR t[0] into s[x*5+0] */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[state]]\n\t"
-        "ldr	r5, [%[state], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[state]]\n\t"
 #endif
@@ -499,8 +524,7 @@ void BlockSha3(word64* state_p)
         "eor	r10, r10, r2\n\t"
         "eor	r11, r11, r3\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[state]]\n\t"
-        "str	r5, [%[state], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[state]]\n\t"
 #endif
@@ -675,8 +699,7 @@ void BlockSha3(word64* state_p)
         "str	lr, [sp, #20]\n\t"
         /* Calc t[1] */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r2, [sp]\n\t"
-        "ldr	r3, [sp, #4]\n\t"
+        "ldm	sp, {r2, r3}\n\t"
 #else
         "ldrd	r2, r3, [sp]\n\t"
 #endif
@@ -835,8 +858,7 @@ void BlockSha3(word64* state_p)
         "ldrd	r2, r3, [sp, #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [sp]\n\t"
-        "ldr	r5, [sp, #4]\n\t"
+        "ldm	sp, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [sp]\n\t"
 #endif
@@ -910,8 +932,7 @@ void BlockSha3(word64* state_p)
         /* Row Mix */
         /* Row 0 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r2, [%[state]]\n\t"
-        "ldr	r3, [%[state], #4]\n\t"
+        "ldm	r0, {r2, r3}\n\t"
 #else
         "ldrd	r2, r3, [%[state]]\n\t"
 #endif
@@ -987,8 +1008,7 @@ void BlockSha3(word64* state_p)
         "str	lr, [sp, #36]\n\t"
         /* Get constant */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [r1]\n\t"
-        "ldr	r11, [r1, #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [r1]\n\t"
 #endif
@@ -1444,8 +1464,7 @@ void BlockSha3(word64* state_p)
         "eor	r3, r3, r5, lsl #1\n\t"
         /* Calc b[0] and XOR t[0] into s[x*5+0] */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [sp]\n\t"
-        "ldr	r5, [sp, #4]\n\t"
+        "ldm	sp, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [sp]\n\t"
 #endif
@@ -1482,8 +1501,7 @@ void BlockSha3(word64* state_p)
         "eor	r10, r10, r2\n\t"
         "eor	r11, r11, r3\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [sp]\n\t"
-        "str	r5, [sp, #4]\n\t"
+        "stm	sp, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [sp]\n\t"
 #endif
@@ -1658,8 +1676,7 @@ void BlockSha3(word64* state_p)
         "str	lr, [%[state], #20]\n\t"
         /* Calc t[1] */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r2, [%[state]]\n\t"
-        "ldr	r3, [%[state], #4]\n\t"
+        "ldm	r0, {r2, r3}\n\t"
 #else
         "ldrd	r2, r3, [%[state]]\n\t"
 #endif
@@ -1818,8 +1835,7 @@ void BlockSha3(word64* state_p)
         "ldrd	r2, r3, [%[state], #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[state]]\n\t"
-        "ldr	r5, [%[state], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[state]]\n\t"
 #endif
@@ -1893,8 +1909,7 @@ void BlockSha3(word64* state_p)
         /* Row Mix */
         /* Row 0 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r2, [sp]\n\t"
-        "ldr	r3, [sp, #4]\n\t"
+        "ldm	sp, {r2, r3}\n\t"
 #else
         "ldrd	r2, r3, [sp]\n\t"
 #endif
@@ -1970,8 +1985,7 @@ void BlockSha3(word64* state_p)
         "str	lr, [%[state], #36]\n\t"
         /* Get constant */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r10, [r1]\n\t"
-        "ldr	r11, [r1, #4]\n\t"
+        "ldm	r1, {r10, r11}\n\t"
 #else
         "ldrd	r10, r11, [r1]\n\t"
 #endif
@@ -2341,16 +2355,21 @@ void BlockSha3(word64* state_p)
         "subs	r2, r2, #1\n\t"
         "bne	L_sha3_arm32_begin_%=\n\t"
         "add	sp, sp, #0xcc\n\t"
-        : [state] "+r" (state), [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [state] "+r" (state), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+#else
+        :
+        : [state] "r" (state), [L_sha3_arm2_rt] "r" (L_sha3_arm2_rt_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */
+#endif /* WOLFSSL_SHA3 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
index 4dbfeafad..55c6f4232 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
@@ -1,6 +1,6 @@
 /* armv8-32-sha512-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,18 +21,16 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+ *   ruby ./sha2/sha512.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #ifndef WOLFSSL_ARMASM_INLINE
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 #ifdef WOLFSSL_ARMASM_NO_NEON
 	.text
 	.type	L_SHA512_transform_len_k, %object
@@ -209,8 +207,7 @@ Transform_Sha512_Len:
 	adr	r3, L_SHA512_transform_len_k
 	# Copy digest to add in at end
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -684,16 +681,14 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [sp]
-	ldr	r9, [sp, #4]
+	ldm	sp, {r8, r9}
 #else
 	ldrd	r8, r9, [sp]
 #endif
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r3]
-	ldr	r7, [r3, #4]
+	ldm	r3, {r6, r7}
 #else
 	ldrd	r6, r7, [r3]
 #endif
@@ -716,8 +711,7 @@ L_SHA512_transform_len_start:
 	adds	r8, r8, r4
 	adc	r9, r9, r5
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -752,8 +746,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -814,8 +807,7 @@ L_SHA512_transform_len_start:
 	eor	r7, r7, r9
 	eor	r6, r6, r8
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [sp]
-	ldr	r5, [sp, #4]
+	ldm	sp, {r4, r5}
 #else
 	ldrd	r4, r5, [sp]
 #endif
@@ -830,8 +822,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r8
 	adc	r5, r5, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [sp]
-	str	r5, [sp, #4]
+	stm	sp, {r4, r5}
 #else
 	strd	r4, r5, [sp]
 #endif
@@ -857,16 +848,14 @@ L_SHA512_transform_len_start:
 	eor	r7, r7, r9
 	eor	r6, r6, r8
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [sp]
-	ldr	r5, [sp, #4]
+	ldm	sp, {r4, r5}
 #else
 	ldrd	r4, r5, [sp]
 #endif
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [sp]
-	str	r5, [sp, #4]
+	stm	sp, {r4, r5}
 #else
 	strd	r4, r5, [sp]
 #endif
@@ -1012,8 +1001,7 @@ L_SHA512_transform_len_start:
 	ldrd	r8, r9, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -1301,8 +1289,7 @@ L_SHA512_transform_len_start:
 	mov	r11, r9
 	# Calc new W[2]
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [sp]
-	ldr	r5, [sp, #4]
+	ldm	sp, {r4, r5}
 #else
 	ldrd	r4, r5, [sp]
 #endif
@@ -1462,8 +1449,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r8
 	adc	r5, r5, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -1484,8 +1470,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #40]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r8, [r0]
-	str	r9, [r0, #4]
+	stm	r0, {r8, r9}
 #else
 	strd	r8, r9, [r0]
 #endif
@@ -1634,8 +1619,7 @@ L_SHA512_transform_len_start:
 #endif
 	# Round 4
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -1670,8 +1654,7 @@ L_SHA512_transform_len_start:
 	strd	r4, r5, [r0, #24]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -1930,8 +1913,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -2190,8 +2172,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -2416,8 +2397,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #9
 	orr	r8, r8, r5, lsr #9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -2426,8 +2406,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -2456,8 +2435,7 @@ L_SHA512_transform_len_start:
 	eor	r6, r6, r8
 	eor	r7, r7, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -2486,8 +2464,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -2520,8 +2497,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #7
 	orr	r8, r8, r5, lsr #7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -2542,8 +2518,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #16]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -2554,16 +2529,14 @@ L_SHA512_transform_len_start:
 	eor	r10, r10, r6
 	eor	r11, r11, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
 	adds	r6, r6, r10
 	adc	r7, r7, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r6, [r0]
-	str	r7, [r0, #4]
+	stm	r0, {r6, r7}
 #else
 	strd	r6, r7, [r0]
 #endif
@@ -2598,8 +2571,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [sp, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [sp]
-	ldr	r9, [sp, #4]
+	ldm	sp, {r8, r9}
 #else
 	ldrd	r8, r9, [sp]
 #endif
@@ -2748,8 +2720,7 @@ L_SHA512_transform_len_start:
 	adds	r8, r8, r4
 	adc	r9, r9, r5
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -2784,8 +2755,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -3044,8 +3014,7 @@ L_SHA512_transform_len_start:
 	ldrd	r8, r9, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -3494,8 +3463,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r8
 	adc	r5, r5, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -3516,8 +3484,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #40]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r8, [r0]
-	str	r9, [r0, #4]
+	stm	r0, {r8, r9}
 #else
 	strd	r8, r9, [r0]
 #endif
@@ -3666,8 +3633,7 @@ L_SHA512_transform_len_start:
 #endif
 	# Round 12
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -3702,8 +3668,7 @@ L_SHA512_transform_len_start:
 	strd	r4, r5, [r0, #24]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -3962,8 +3927,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -4222,8 +4186,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -4448,8 +4411,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #9
 	orr	r8, r8, r5, lsr #9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -4458,8 +4420,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -4488,8 +4449,7 @@ L_SHA512_transform_len_start:
 	eor	r6, r6, r8
 	eor	r7, r7, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -4518,8 +4478,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -4552,8 +4511,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #7
 	orr	r8, r8, r5, lsr #7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -4574,8 +4532,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #16]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -4586,16 +4543,14 @@ L_SHA512_transform_len_start:
 	eor	r10, r10, r6
 	eor	r11, r11, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
 	adds	r6, r6, r10
 	adc	r7, r7, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r6, [r0]
-	str	r7, [r0, #4]
+	stm	r0, {r6, r7}
 #else
 	strd	r6, r7, [r0]
 #endif
@@ -4646,8 +4601,7 @@ L_SHA512_transform_len_start:
 	strd	r4, r5, [sp, #120]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [sp]
-	ldr	r5, [sp, #4]
+	ldm	sp, {r4, r5}
 #else
 	ldrd	r4, r5, [sp]
 #endif
@@ -4751,16 +4705,14 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [sp]
-	ldr	r9, [sp, #4]
+	ldm	sp, {r8, r9}
 #else
 	ldrd	r8, r9, [sp]
 #endif
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r3]
-	ldr	r7, [r3, #4]
+	ldm	r3, {r6, r7}
 #else
 	ldrd	r6, r7, [r3]
 #endif
@@ -4783,8 +4735,7 @@ L_SHA512_transform_len_start:
 	adds	r8, r8, r4
 	adc	r9, r9, r5
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -4819,8 +4770,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -5000,8 +4950,7 @@ L_SHA512_transform_len_start:
 	ldrd	r8, r9, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -5292,8 +5241,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r8
 	adc	r5, r5, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -5314,8 +5262,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #40]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r8, [r0]
-	str	r9, [r0, #4]
+	stm	r0, {r8, r9}
 #else
 	strd	r8, r9, [r0]
 #endif
@@ -5385,8 +5332,7 @@ L_SHA512_transform_len_start:
 	mov	r11, r9
 	# Round 4
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -5421,8 +5367,7 @@ L_SHA512_transform_len_start:
 	strd	r4, r5, [r0, #24]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -5602,8 +5547,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -5783,8 +5727,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -5930,8 +5873,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #9
 	orr	r8, r8, r5, lsr #9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -5940,8 +5882,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -5970,8 +5911,7 @@ L_SHA512_transform_len_start:
 	eor	r6, r6, r8
 	eor	r7, r7, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -6000,8 +5940,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -6034,8 +5973,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #7
 	orr	r8, r8, r5, lsr #7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -6056,8 +5994,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #16]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -6068,16 +6005,14 @@ L_SHA512_transform_len_start:
 	eor	r10, r10, r6
 	eor	r11, r11, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
 	adds	r6, r6, r10
 	adc	r7, r7, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r6, [r0]
-	str	r7, [r0, #4]
+	stm	r0, {r6, r7}
 #else
 	strd	r6, r7, [r0]
 #endif
@@ -6183,8 +6118,7 @@ L_SHA512_transform_len_start:
 	adds	r8, r8, r4
 	adc	r9, r9, r5
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -6219,8 +6153,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -6400,8 +6333,7 @@ L_SHA512_transform_len_start:
 	ldrd	r8, r9, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -6692,8 +6624,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r8
 	adc	r5, r5, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -6714,8 +6645,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #40]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r8, [r0]
-	str	r9, [r0, #4]
+	stm	r0, {r8, r9}
 #else
 	strd	r8, r9, [r0]
 #endif
@@ -6785,8 +6715,7 @@ L_SHA512_transform_len_start:
 	mov	r11, r9
 	# Round 12
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -6821,8 +6750,7 @@ L_SHA512_transform_len_start:
 	strd	r4, r5, [r0, #24]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -7002,8 +6930,7 @@ L_SHA512_transform_len_start:
 	ldrd	r4, r5, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
@@ -7183,8 +7110,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #56]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r8, [r0]
-	ldr	r9, [r0, #4]
+	ldm	r0, {r8, r9}
 #else
 	ldrd	r8, r9, [r0]
 #endif
@@ -7330,8 +7256,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #9
 	orr	r8, r8, r5, lsr #9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -7340,8 +7265,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -7370,8 +7294,7 @@ L_SHA512_transform_len_start:
 	eor	r6, r6, r8
 	eor	r7, r7, r9
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -7400,8 +7323,7 @@ L_SHA512_transform_len_start:
 	adds	r4, r4, r6
 	adc	r5, r5, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -7434,8 +7356,7 @@ L_SHA512_transform_len_start:
 	orr	r9, r9, r4, lsr #7
 	orr	r8, r8, r5, lsr #7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -7456,8 +7377,7 @@ L_SHA512_transform_len_start:
 	ldrd	r6, r7, [r0, #16]
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -7468,16 +7388,14 @@ L_SHA512_transform_len_start:
 	eor	r10, r10, r6
 	eor	r11, r11, r7
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r6, [r0]
-	ldr	r7, [r0, #4]
+	ldm	r0, {r6, r7}
 #else
 	ldrd	r6, r7, [r0]
 #endif
 	adds	r6, r6, r10
 	adc	r7, r7, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r6, [r0]
-	str	r7, [r0, #4]
+	stm	r0, {r6, r7}
 #else
 	strd	r6, r7, [r0]
 #endif
@@ -7485,8 +7403,7 @@ L_SHA512_transform_len_start:
 	mov	r11, r9
 	# Add in digest from start
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	ldr	r4, [r0]
-	ldr	r5, [r0, #4]
+	ldm	r0, {r4, r5}
 #else
 	ldrd	r4, r5, [r0]
 #endif
@@ -7513,8 +7430,7 @@ L_SHA512_transform_len_start:
 	adds	r6, r6, r10
 	adc	r7, r7, r11
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-	str	r4, [r0]
-	str	r5, [r0, #4]
+	stm	r0, {r4, r5}
 #else
 	strd	r4, r5, [r0]
 #endif
@@ -9365,8 +9281,8 @@ L_SHA512_transform_neon_len_start:
 	bx	lr
 	.size	Transform_Sha512_Len,.-Transform_Sha512_Len
 #endif /* !WOLFSSL_ARMASM_NO_NEON */
-#endif /* WOLFSSL_SHA512 */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
index b59668d12..29717a1a0 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-32-sha512-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,41 +21,38 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c
+ *   ruby ./sha2/sha512.rb arm32 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
+#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2)
 #include <stdint.h>
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 #ifdef WOLFSSL_ARMASM_INLINE
 
-#ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__)
-
 #ifdef __IAR_SYSTEMS_ICC__
 #define __asm__        asm
 #define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
 #endif /* __IAR_SYSTEMS_ICC__ */
 #ifdef __KEIL__
 #define __asm__        __asm
 #define __volatile__   volatile
 #endif /* __KEIL__ */
-#ifdef WOLFSSL_SHA512
+#ifdef __ghs__
+#define __asm__        __asm
+#define __volatile__
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __ghs__ */
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 #include <wolfssl/wolfcrypt/sha512.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-static const uint64_t L_SHA512_transform_len_k[] = {
+static const word64 L_SHA512_transform_len_k[] = {
     0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
     0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
     0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
@@ -98,20 +95,32 @@ static const uint64_t L_SHA512_transform_len_k[] = {
     0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL,
 };
 
-void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len);
+void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p,
+    word32 len_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
+#else
+void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register wc_Sha512* sha512 asm ("r0") = (wc_Sha512*)sha512_p;
     register const byte* data asm ("r1") = (const byte*)data_p;
     register word32 len asm ("r2") = (word32)len_p;
-    register uint64_t* L_SHA512_transform_len_k_c asm ("r3") = (uint64_t*)&L_SHA512_transform_len_k;
+    register word64* L_SHA512_transform_len_k_c asm ("r3") =
+        (word64*)&L_SHA512_transform_len_k;
+#else
+    register word64* L_SHA512_transform_len_k_c =
+        (word64*)&L_SHA512_transform_len_k;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
         "sub	sp, sp, #0xc0\n\t"
+        "mov	r3, %[L_SHA512_transform_len_k]\n\t"
         /* Copy digest to add in at end */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -587,16 +596,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [sp]\n\t"
-        "ldr	r9, [sp, #4]\n\t"
+        "ldm	sp, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [sp]\n\t"
 #endif
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [r3]\n\t"
-        "ldr	r7, [r3, #4]\n\t"
+        "ldm	r3, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [r3]\n\t"
 #endif
@@ -619,8 +626,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r8, r8, r4\n\t"
         "adc	r9, r9, r5\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -655,8 +661,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -717,8 +722,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r7, r7, r9\n\t"
         "eor	r6, r6, r8\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [sp]\n\t"
-        "ldr	r5, [sp, #4]\n\t"
+        "ldm	sp, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [sp]\n\t"
 #endif
@@ -733,8 +737,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r8\n\t"
         "adc	r5, r5, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [sp]\n\t"
-        "str	r5, [sp, #4]\n\t"
+        "stm	sp, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [sp]\n\t"
 #endif
@@ -760,16 +763,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r7, r7, r9\n\t"
         "eor	r6, r6, r8\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [sp]\n\t"
-        "ldr	r5, [sp, #4]\n\t"
+        "ldm	sp, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [sp]\n\t"
 #endif
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [sp]\n\t"
-        "str	r5, [sp, #4]\n\t"
+        "stm	sp, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [sp]\n\t"
 #endif
@@ -915,8 +916,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r8, r9, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -1204,8 +1204,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "mov	r11, r9\n\t"
         /* Calc new W[2] */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [sp]\n\t"
-        "ldr	r5, [sp, #4]\n\t"
+        "ldm	sp, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [sp]\n\t"
 #endif
@@ -1365,8 +1364,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r8\n\t"
         "adc	r5, r5, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -1387,8 +1385,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #40]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r8, [%[sha512]]\n\t"
-        "str	r9, [%[sha512], #4]\n\t"
+        "stm	r0, {r8, r9}\n\t"
 #else
         "strd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -1537,8 +1534,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
 #endif
         /* Round 4 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -1573,8 +1569,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "strd	r4, r5, [%[sha512], #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -1833,8 +1828,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -2093,8 +2087,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -2319,8 +2312,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #9\n\t"
         "orr	r8, r8, r5, lsr #9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2329,8 +2321,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2359,8 +2350,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2389,8 +2379,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2423,8 +2412,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #7\n\t"
         "orr	r8, r8, r5, lsr #7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2445,8 +2433,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #16]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2457,16 +2444,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r10, r10, r6\n\t"
         "eor	r11, r11, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
         "adds	r6, r6, r10\n\t"
         "adc	r7, r7, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r6, [%[sha512]]\n\t"
-        "str	r7, [%[sha512], #4]\n\t"
+        "stm	r0, {r6, r7}\n\t"
 #else
         "strd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -2501,8 +2486,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [sp, #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [sp]\n\t"
-        "ldr	r9, [sp, #4]\n\t"
+        "ldm	sp, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [sp]\n\t"
 #endif
@@ -2651,8 +2635,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r8, r8, r4\n\t"
         "adc	r9, r9, r5\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -2687,8 +2670,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -2947,8 +2929,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r8, r9, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -3397,8 +3378,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r8\n\t"
         "adc	r5, r5, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -3419,8 +3399,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #40]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r8, [%[sha512]]\n\t"
-        "str	r9, [%[sha512], #4]\n\t"
+        "stm	r0, {r8, r9}\n\t"
 #else
         "strd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -3569,8 +3548,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
 #endif
         /* Round 12 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -3605,8 +3583,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "strd	r4, r5, [%[sha512], #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -3865,8 +3842,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -4125,8 +4101,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -4351,8 +4326,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #9\n\t"
         "orr	r8, r8, r5, lsr #9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4361,8 +4335,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4391,8 +4364,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4421,8 +4393,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4455,8 +4426,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #7\n\t"
         "orr	r8, r8, r5, lsr #7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4477,8 +4447,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #16]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4489,16 +4458,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r10, r10, r6\n\t"
         "eor	r11, r11, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
         "adds	r6, r6, r10\n\t"
         "adc	r7, r7, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r6, [%[sha512]]\n\t"
-        "str	r7, [%[sha512], #4]\n\t"
+        "stm	r0, {r6, r7}\n\t"
 #else
         "strd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -4549,8 +4516,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "strd	r4, r5, [sp, #120]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [sp]\n\t"
-        "ldr	r5, [sp, #4]\n\t"
+        "ldm	sp, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [sp]\n\t"
 #endif
@@ -4654,16 +4620,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [sp]\n\t"
-        "ldr	r9, [sp, #4]\n\t"
+        "ldm	sp, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [sp]\n\t"
 #endif
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [r3]\n\t"
-        "ldr	r7, [r3, #4]\n\t"
+        "ldm	r3, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [r3]\n\t"
 #endif
@@ -4686,8 +4650,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r8, r8, r4\n\t"
         "adc	r9, r9, r5\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -4722,8 +4685,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -4903,8 +4865,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r8, r9, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -5195,8 +5156,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r8\n\t"
         "adc	r5, r5, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -5217,8 +5177,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #40]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r8, [%[sha512]]\n\t"
-        "str	r9, [%[sha512], #4]\n\t"
+        "stm	r0, {r8, r9}\n\t"
 #else
         "strd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -5288,8 +5247,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "mov	r11, r9\n\t"
         /* Round 4 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5324,8 +5282,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "strd	r4, r5, [%[sha512], #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5505,8 +5462,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -5686,8 +5642,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -5833,8 +5788,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #9\n\t"
         "orr	r8, r8, r5, lsr #9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5843,8 +5797,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5873,8 +5826,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5903,8 +5855,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5937,8 +5888,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #7\n\t"
         "orr	r8, r8, r5, lsr #7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5959,8 +5909,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #16]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -5971,16 +5920,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r10, r10, r6\n\t"
         "eor	r11, r11, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
         "adds	r6, r6, r10\n\t"
         "adc	r7, r7, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r6, [%[sha512]]\n\t"
-        "str	r7, [%[sha512], #4]\n\t"
+        "stm	r0, {r6, r7}\n\t"
 #else
         "strd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -6086,8 +6033,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r8, r8, r4\n\t"
         "adc	r9, r9, r5\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -6122,8 +6068,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -6303,8 +6248,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r8, r9, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -6595,8 +6539,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r8\n\t"
         "adc	r5, r5, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -6617,8 +6560,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #40]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r8, [%[sha512]]\n\t"
-        "str	r9, [%[sha512], #4]\n\t"
+        "stm	r0, {r8, r9}\n\t"
 #else
         "strd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -6688,8 +6630,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "mov	r11, r9\n\t"
         /* Round 12 */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -6724,8 +6665,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "strd	r4, r5, [%[sha512], #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -6905,8 +6845,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r4, r5, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -7086,8 +7025,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #56]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[sha512]]\n\t"
-        "ldr	r9, [%[sha512], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[sha512]]\n\t"
 #endif
@@ -7233,8 +7171,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #9\n\t"
         "orr	r8, r8, r5, lsr #9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7243,8 +7180,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7273,8 +7209,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r6, r6, r8\n\t"
         "eor	r7, r7, r9\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7303,8 +7238,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r4, r4, r6\n\t"
         "adc	r5, r5, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7337,8 +7271,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "orr	r9, r9, r4, lsr #7\n\t"
         "orr	r8, r8, r5, lsr #7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7359,8 +7292,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "ldrd	r6, r7, [%[sha512], #16]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7371,16 +7303,14 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "eor	r10, r10, r6\n\t"
         "eor	r11, r11, r7\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r6, [%[sha512]]\n\t"
-        "ldr	r7, [%[sha512], #4]\n\t"
+        "ldm	r0, {r6, r7}\n\t"
 #else
         "ldrd	r6, r7, [%[sha512]]\n\t"
 #endif
         "adds	r6, r6, r10\n\t"
         "adc	r7, r7, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r6, [%[sha512]]\n\t"
-        "str	r7, [%[sha512], #4]\n\t"
+        "stm	r0, {r6, r7}\n\t"
 #else
         "strd	r6, r7, [%[sha512]]\n\t"
 #endif
@@ -7388,8 +7318,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "mov	r11, r9\n\t"
         /* Add in digest from start */
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[sha512]]\n\t"
-        "ldr	r5, [%[sha512], #4]\n\t"
+        "ldm	r0, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7416,8 +7345,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "adds	r6, r6, r10\n\t"
         "adc	r7, r7, r11\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r4, [%[sha512]]\n\t"
-        "str	r5, [%[sha512], #4]\n\t"
+        "stm	r0, {r4, r5}\n\t"
 #else
         "strd	r4, r5, [%[sha512]]\n\t"
 #endif
@@ -7601,9 +7529,17 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "bne	L_SHA512_transform_len_begin_%=\n\t"
         "eor	r0, r0, r0\n\t"
         "add	sp, sp, #0xc0\n\t"
-        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len),
+          [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+#else
+        :
+        : [sha512] "r" (sha512), [data] "r" (data), [len] "r" (len),
+          [L_SHA512_transform_len_k] "r" (L_SHA512_transform_len_k_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
@@ -7611,7 +7547,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
 #include <wolfssl/wolfcrypt/sha512.h>
 
 #ifndef WOLFSSL_ARMASM_NO_NEON
-static const uint64_t L_SHA512_transform_neon_len_k[] = {
+static const word64 L_SHA512_transform_neon_len_k[] = {
     0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
     0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
     0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
@@ -7654,15 +7590,28 @@ static const uint64_t L_SHA512_transform_neon_len_k[] = {
     0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL,
 };
 
-void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len);
+void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p,
+    word32 len_p);
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
+#else
+void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
+#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
 {
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register wc_Sha512* sha512 asm ("r0") = (wc_Sha512*)sha512_p;
     register const byte* data asm ("r1") = (const byte*)data_p;
     register word32 len asm ("r2") = (word32)len_p;
-    register uint64_t* L_SHA512_transform_neon_len_k_c asm ("r3") = (uint64_t*)&L_SHA512_transform_neon_len_k;
+    register word64* L_SHA512_transform_neon_len_k_c asm ("r3") =
+        (word64*)&L_SHA512_transform_neon_len_k;
+#else
+    register word64* L_SHA512_transform_neon_len_k_c =
+        (word64*)&L_SHA512_transform_neon_len_k;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
+        "mov	r3, %[L_SHA512_transform_neon_len_k]\n\t"
         /* Load digest into working vars */
         "vldm.64	%[sha512], {d0-d7}\n\t"
         /* Start of loop processing a block */
@@ -9151,17 +9100,24 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p)
         "subs	%[len], %[len], #0x80\n\t"
         "sub	r3, r3, #0x280\n\t"
         "bne	L_SHA512_transform_neon_len_begin_%=\n\t"
-        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), [L_SHA512_transform_neon_len_k] "+r" (L_SHA512_transform_neon_len_k_c)
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len),
+          [L_SHA512_transform_neon_len_k] "+r" (L_SHA512_transform_neon_len_k_c)
         :
-        : "memory", "r12", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "q8", "q9", "q10", "q11", "q12", "q13", "q14", "q15", "cc"
+#else
+        :
+        : [sha512] "r" (sha512), [data] "r" (data), [len] "r" (len),
+          [L_SHA512_transform_neon_len_k] "r" (L_SHA512_transform_neon_len_k_c)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7",
+            "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "q8", "q9",
+            "q10", "q11", "q12", "q13", "q14", "q15"
     );
 }
 
 #endif /* !WOLFSSL_ARMASM_NO_NEON */
-#endif /* WOLFSSL_SHA512 */
-#endif /* !__aarch64__ && __arm__ && !__thumb__ */
-#endif /* WOLFSSL_ARMASM */
-#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
+#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c
index 4a3e3dc24..13fdaae2b 100644
--- a/wolfcrypt/src/port/arm/armv8-aes.c
+++ b/wolfcrypt/src/port/arm/armv8-aes.c
@@ -1,6 +1,6 @@
 /* armv8-aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,20 +19,13 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /*
  * There are two versions one for 64 (Aarch64) and one for 32 bit (Aarch32).
  * If changing one check the other.
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
 #if !defined(NO_AES) && defined(WOLFSSL_ARMASM)
 
 #if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS)
@@ -44,8 +37,18 @@
     #endif
 #endif
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+
+/* Enable Hardware Callback */
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    /* Revert back to SW so HW CB works */
+    /* HW only works for AES: ECB, CBC, and partial via ECB for other modes */
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+#endif
+#endif
+
 #include <wolfssl/wolfcrypt/aes.h>
-#include <wolfssl/wolfcrypt/logging.h>
 
 #if FIPS_VERSION3_GE(6,0,0)
     const unsigned int wolfCrypt_FIPS_aes_ro_sanity[2] =
@@ -75,8 +78,8 @@ static const byte rcon[] = {
     /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
 };
 
-/* get table value from hardware */
 #ifdef __aarch64__
+/* get table value from hardware */
     #define SBOX(x)                      \
         do {                             \
             __asm__ volatile (           \
@@ -137,7 +140,7 @@ static WC_INLINE void IncrementGcmCounter(byte* inOutCtr)
     int i;
 
     /* in network byte order so start at end and work back */
-    for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= WC_AES_BLOCK_SIZE - CTR_SZ; i--) {
         if (++inOutCtr[i])  /* we're done unless we overflow */
             return;
     }
@@ -164,6 +167,115 @@ static WC_INLINE void FlattenSzInBits(byte* buf, word32 sz)
 
 #endif /* HAVE_AESGCM */
 
+#if defined(__aarch64__)
+
+int AES_set_key_AARCH64(const unsigned char *userKey, const int keylen,
+    Aes* aes, int dir)
+{
+    word32 temp;
+    word32* rk = aes->key;
+    unsigned int i = 0;
+
+    XMEMCPY(rk, userKey, keylen);
+
+    switch (keylen) {
+#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 && \
+        defined(WOLFSSL_AES_128)
+    case 16:
+        while (1) {
+            temp  = rk[3];
+            SBOX(temp);
+            temp = rotrFixed(temp, 8);
+            rk[4] = rk[0] ^ temp ^ rcon[i];
+            rk[5] = rk[4] ^ rk[1];
+            rk[6] = rk[5] ^ rk[2];
+            rk[7] = rk[6] ^ rk[3];
+            if (++i == 10)
+                break;
+            rk += 4;
+        }
+        break;
+#endif /* 128 */
+
+#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192 && \
+        defined(WOLFSSL_AES_192)
+    case 24:
+        /* for (;;) here triggers a bug in VC60 SP4 w/ Pro Pack */
+        while (1) {
+            temp  = rk[5];
+            SBOX(temp);
+            temp = rotrFixed(temp, 8);
+            rk[ 6] = rk[ 0] ^ temp ^ rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8)
+                break;
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+        break;
+#endif /* 192 */
+
+#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256 && \
+        defined(WOLFSSL_AES_256)
+    case 32:
+        while (1) {
+            temp  = rk[7];
+            SBOX(temp);
+            temp = rotrFixed(temp, 8);
+            rk[8] = rk[0] ^ temp ^ rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7)
+                break;
+            temp  = rk[11];
+            SBOX(temp);
+            rk[12] = rk[ 4] ^ temp;
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+        }
+        break;
+#endif /* 256 */
+
+    default:
+        return BAD_FUNC_ARG;
+    }
+
+    if (dir == AES_DECRYPTION) {
+#ifdef HAVE_AES_DECRYPT
+        unsigned int j;
+        rk = aes->key;
+
+        /* invert the order of the round keys: */
+        for (i = 0, j = 4* aes->rounds; i < j; i += 4, j -= 4) {
+            temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+            temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+            temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+            temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+        }
+        /* apply the inverse MixColumn transform to all round keys but the
+           first and the last: */
+        for (i = 1; i < aes->rounds; i++) {
+            rk += 4;
+            IMIX(rk);
+        }
+#else
+    WOLFSSL_MSG("AES Decryption not compiled in");
+    return BAD_FUNC_ARG;
+#endif /* HAVE_AES_DECRYPT */
+    }
+
+    return 0;
+}
+
+#else
+
 /* Similar to wolfSSL software implementation of expanding the AES key.
  * Changed out the locations of where table look ups where made to
  * use hardware instruction. Also altered decryption key to match. */
@@ -190,7 +302,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     }
 #endif
 
-    #ifdef WOLFSSL_AES_COUNTER
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif /* WOLFSSL_AES_COUNTER */
 
@@ -299,6 +412,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     return wc_AesSetIV(aes, iv);
 }
 
+
 #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
     int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
                         const byte* iv, int dir)
@@ -314,593 +428,528 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         return BAD_FUNC_ARG;
 
     if (iv)
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
     else
-        XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
+        XMEMSET(aes->reg,  0, WC_AES_BLOCK_SIZE);
 
     return 0;
 }
 
+#endif /* __aarch64__ */
 
 #ifdef __aarch64__
 /* AES CCM/GCM use encrypt direct but not decrypt */
 #if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
-    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-    static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
-    {
-            word32* keyPt = aes->key;
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \
+    defined(HAVE_AES_CBC)
 
-            /*
-              AESE exor's input with round key
-                   shift rows of exor'ed result
-                   sub bytes for shifted rows
-             */
+void AES_encrypt_AARCH64(const byte* inBlock, byte* outBlock, byte* key, int nr)
+{
+    /*
+      AESE exor's input with round key
+           shift rows of exor'ed result
+           sub bytes for shifted rows
+     */
 
-            __asm__ __volatile__ (
-                "LD1 {v0.16b}, [%[CtrIn]] \n"
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
+    __asm__ __volatile__ (
+        "LD1 {v0.16b}, [%[in]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
 
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v3.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v4.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v1.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
 
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v3.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v4.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
+        "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+        "AESE v0.16b, v1.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
 
-                "LD1 {v1.2d-v2.2d}, [%[Key]], #32  \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
+        "LD1 {v1.2d-v2.2d}, [%[key]], #32  \n"
+        "AESE v0.16b, v1.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b  \n"
 
-                "#subtract rounds done so far and see if should continue\n"
-                "MOV w12, %w[R]    \n"
-                "SUB w12, w12, #10 \n"
-                "CBZ w12, 1f       \n"
-                "LD1 {v1.2d-v2.2d}, [%[Key]], #32  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
+        "#subtract rounds done so far and see if should continue\n"
+        "MOV w12, %w[nr]    \n"
+        "SUB w12, w12, #10 \n"
+        "CBZ w12, 1f       \n"
+        "LD1 {v1.2d-v2.2d}, [%[key]], #32  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v1.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b  \n"
 
-                "SUB w12, w12, #2 \n"
-                "CBZ w12, 1f      \n"
-                "LD1 {v1.2d-v2.2d}, [%[Key]], #32  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
+        "SUB w12, w12, #2 \n"
+        "CBZ w12, 1f      \n"
+        "LD1 {v1.2d-v2.2d}, [%[key]], #32  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v1.16b  \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b  \n"
 
-                "#Final AddRoundKey then store result \n"
-                "1: \n"
-                "LD1 {v1.2d}, [%[Key]], #16 \n"
-                "EOR v0.16b, v0.16b, v1.16b  \n"
-                "ST1 {v0.16b}, [%[CtrOut]]   \n"
+        "#Final AddRoundKey then store result \n"
+    "1: \n"
+        "LD1 {v1.2d}, [%[key]], #16 \n"
+        "EOR v0.16b, v0.16b, v1.16b  \n"
+        "ST1 {v0.16b}, [%[out]]   \n"
 
-                :[CtrOut] "=r" (outBlock), "=r" (keyPt), "=r" (aes->rounds),
-                 "=r" (inBlock)
-                :"0" (outBlock), [Key] "1" (keyPt), [R] "2" (aes->rounds),
-                 [CtrIn] "3" (inBlock)
-                : "cc", "memory", "w12", "v0", "v1", "v2", "v3", "v4"
-            );
-
-        return 0;
-    }
-#endif /* AES_GCM, AES_CCM, DIRECT or COUNTER */
-#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-    #ifdef HAVE_AES_DECRYPT
-    static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
-    {
-            word32* keyPt = aes->key;
-
-            /*
-              AESE exor's input with round key
-                   shift rows of exor'ed result
-                   sub bytes for shifted rows
-             */
-
-            __asm__ __volatile__ (
-                "LD1 {v0.16b}, [%[CtrIn]] \n"
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
-
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v3.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v4.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v3.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v4.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-
-                "LD1 {v1.2d-v2.2d}, [%[Key]], #32  \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-
-                "#subtract rounds done so far and see if should continue\n"
-                "MOV w12, %w[R]    \n"
-                "SUB w12, w12, #10 \n"
-                "CBZ w12, 1f       \n"
-                "LD1 {v1.2d-v2.2d}, [%[Key]], #32  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-
-                "SUB w12, w12, #2  \n"
-                "CBZ w12, 1f       \n"
-                "LD1 {v1.2d-v2.2d}, [%[Key]], #32  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-
-                "#Final AddRoundKey then store result \n"
-                "1: \n"
-                "LD1 {v1.2d}, [%[Key]], #16 \n"
-                "EOR v0.16b, v0.16b, v1.16b  \n"
-                "ST1 {v0.4s}, [%[CtrOut]]    \n"
-
-                :[CtrOut] "=r" (outBlock), "=r" (keyPt), "=r" (aes->rounds),
-                 "=r" (inBlock)
-                :[Key] "1" (aes->key), "0" (outBlock), [R] "2" (aes->rounds),
-                 [CtrIn] "3" (inBlock)
-                : "cc", "memory", "w12", "v0", "v1", "v2", "v3", "v4"
-            );
-
-        return 0;
+        : [key] "+r" (key)
+        : [in] "r" (inBlock), [out] "r" (outBlock), [nr] "r" (nr)
+        : "cc", "memory", "w12", "v0", "v1", "v2", "v3", "v4"
+    );
 }
-    #endif /* HAVE_AES_DECRYPT */
+#endif /* AES_GCM, AES_CCM, DIRECT or COUNTER */
+#if !defined(WC_AES_BITSLICED) || defined(WOLFSSL_AES_DIRECT) || \
+    defined(WOLFSSL_AES_COUNTER)
+#ifdef HAVE_AES_DECRYPT
+void AES_decrypt_AARCH64(const byte* inBlock, byte* outBlock, byte* key, int nr)
+{
+    /*
+      AESE exor's input with round key
+           shift rows of exor'ed result
+           sub bytes for shifted rows
+     */
+
+    __asm__ __volatile__ (
+        "LD1 {v0.16b}, [%[in]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+
+        "AESD v0.16b, v1.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v2.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v3.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v4.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+
+        "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+        "AESD v0.16b, v1.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v2.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v3.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v4.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+
+        "LD1 {v1.2d-v2.2d}, [%[key]], #32  \n"
+        "AESD v0.16b, v1.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v2.16b   \n"
+
+        "#subtract rounds done so far and see if should continue\n"
+        "MOV w12, %w[nr]    \n"
+        "SUB w12, w12, #10 \n"
+        "CBZ w12, 1f       \n"
+        "LD1 {v1.2d-v2.2d}, [%[key]], #32  \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v1.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v2.16b   \n"
+
+        "SUB w12, w12, #2  \n"
+        "CBZ w12, 1f       \n"
+        "LD1 {v1.2d-v2.2d}, [%[key]], #32  \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v1.16b   \n"
+        "AESIMC v0.16b, v0.16b \n"
+        "AESD v0.16b, v2.16b   \n"
+
+        "#Final AddRoundKey then store result \n"
+    "1: \n"
+        "LD1 {v1.2d}, [%[key]], #16 \n"
+        "EOR v0.16b, v0.16b, v1.16b  \n"
+        "ST1 {v0.4s}, [%[out]]    \n"
+
+        : [key] "+r" (key)
+        : [in] "r" (inBlock), [out] "r" (outBlock), [nr] "r" (nr)
+        : "cc", "memory", "w12", "v0", "v1", "v2", "v3", "v4"
+    );
+}
+#endif /* HAVE_AES_DECRYPT */
 #endif /* DIRECT or COUNTER */
 
 /* AES-CBC */
 #ifdef HAVE_AES_CBC
-    int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-    {
-        word32 numBlocks = sz / AES_BLOCK_SIZE;
+void AES_CBC_encrypt_AARCH64(const byte* in, byte* out, word32 sz, byte* reg,
+    byte* key, int rounds)
+{
+    word32 numBlocks = sz / WC_AES_BLOCK_SIZE;
 
-        if (aes == NULL || out == NULL || in == NULL) {
-            return BAD_FUNC_ARG;
-        }
-
-        if (sz == 0) {
-            return 0;
-        }
-
-#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
-            return BAD_LENGTH_E;
-        }
-#endif
-
-        /* do as many block size ops as possible */
-        if (numBlocks > 0) {
-            word32* key = aes->key;
-            word32* reg = aes->reg;
-            /*
-            AESE exor's input with round key
-            shift rows of exor'ed result
+    /*
+    AESE exor's input with round key
+    shift rows of exor'ed result
             sub bytes for shifted rows
 
-            note: grouping AESE & AESMC together as pairs reduces latency
-            */
-            switch(aes->rounds) {
+    note: grouping AESE & AESMC together as pairs reduces latency
+    */
+    switch (rounds) {
 #ifdef WOLFSSL_AES_128
-            case 10: /* AES 128 BLOCK */
-                __asm__ __volatile__ (
-                "MOV w11, %w[blocks] \n"
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
-                "LD1 {v5.2d-v8.2d}, [%[Key]], #64  \n"
-                "LD1 {v9.2d-v11.2d},[%[Key]], #48  \n"
-                "LD1 {v0.2d}, [%[reg]] \n"
+    case 10: /* AES 128 BLOCK */
+        __asm__ __volatile__ (
+            "MOV w11, %w[blocks] \n"
+            "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+            "LD1 {v5.2d-v8.2d}, [%[key]], #64  \n"
+            "LD1 {v9.2d-v11.2d},[%[key]], #48  \n"
+            "LD1 {v0.2d}, [%[reg]] \n"
 
-                "LD1 {v12.2d}, [%[input]], #16 \n"
-                "1:\n"
-                "#CBC operations, xorbuf in with current aes->reg \n"
-                "EOR v0.16b, v0.16b, v12.16b \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v3.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v4.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v5.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v6.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v7.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v8.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v9.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v10.16b  \n"
-                "SUB w11, w11, #1 \n"
-                "EOR v0.16b, v0.16b, v11.16b  \n"
-                "ST1 {v0.2d}, [%[out]], #16   \n"
+            "LD1 {v12.2d}, [%[in]], #16 \n"
+        "1:\n"
+            "#CBC operations, xorbuf in with current reg \n"
+            "EOR v0.16b, v0.16b, v12.16b \n"
+            "AESE v0.16b, v1.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v2.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v3.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v4.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v5.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v6.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v7.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v8.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v9.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v10.16b  \n"
+            "SUB w11, w11, #1 \n"
+            "EOR v0.16b, v0.16b, v11.16b  \n"
+            "ST1 {v0.2d}, [%[out]], #16   \n"
 
-                "CBZ w11, 2f \n"
-                "LD1 {v12.2d}, [%[input]], #16 \n"
-                "B 1b \n"
+            "CBZ w11, 2f \n"
+            "LD1 {v12.2d}, [%[in]], #16 \n"
+            "B 1b \n"
 
-                "2:\n"
-                "#store current counter value at the end \n"
-                "ST1 {v0.2d}, [%[regOut]] \n"
+        "2:\n"
+            "#store current counter value at the end \n"
+            "ST1 {v0.2d}, [%[reg]] \n"
 
-                :[out] "=r" (out), [regOut] "=r" (reg), "=r" (in)
-                :"0" (out), [Key] "r" (key), [input] "2" (in),
-                 [blocks] "r" (numBlocks), [reg] "1" (reg)
-                : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
-                "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13"
-                );
-                break;
+            : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key)
+            : [reg] "r" (reg), [blocks] "r" (numBlocks)
+            : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13"
+        );
+        break;
 #endif /* WOLFSSL_AES_128 */
 #ifdef WOLFSSL_AES_192
-            case 12: /* AES 192 BLOCK */
-                __asm__ __volatile__ (
-                "MOV w11, %w[blocks] \n"
-                "LD1 {v1.2d-v4.2d}, %[Key], #64  \n"
-                "LD1 {v5.2d-v8.2d}, %[Key], #64  \n"
-                "LD1 {v9.2d-v12.2d},%[Key], #64  \n"
-                "LD1 {v13.2d}, %[Key], #16 \n"
-                "LD1 {v0.2d}, %[reg] \n"
+    case 12: /* AES 192 BLOCK */
+        __asm__ __volatile__ (
+            "MOV w11, %w[blocks] \n"
+            "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+            "LD1 {v5.2d-v8.2d}, [%[key]], #64  \n"
+            "LD1 {v9.2d-v12.2d},[%[key]], #64  \n"
+            "LD1 {v13.2d}, [%[key]], #16 \n"
+            "LD1 {v0.2d}, [%[reg]] \n"
 
-                "LD1 {v14.2d}, [%[input]], #16  \n"
-                "1:\n"
-                "#CBC operations, xorbuf in with current aes->reg \n"
-                "EOR v0.16b, v0.16b, v14.16b \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v3.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v4.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v5.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v6.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v7.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v8.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v9.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v10.16b \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v11.16b \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v12.16b \n"
-                "EOR v0.16b, v0.16b, v13.16b  \n"
-                "SUB w11, w11, #1 \n"
-                "ST1 {v0.2d}, [%[out]], #16  \n"
+            "LD1 {v14.2d}, [%[in]], #16  \n"
+        "1:\n"
+            "#CBC operations, xorbuf in with current reg \n"
+            "EOR v0.16b, v0.16b, v14.16b \n"
+            "AESE v0.16b, v1.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v2.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v3.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v4.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v5.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v6.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v7.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v8.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v9.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v10.16b \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v11.16b \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v12.16b \n"
+            "EOR v0.16b, v0.16b, v13.16b  \n"
+            "SUB w11, w11, #1 \n"
+            "ST1 {v0.2d}, [%[out]], #16  \n"
 
-                "CBZ w11, 2f \n"
-                "LD1 {v14.2d}, [%[input]], #16\n"
-                "B 1b \n"
+            "CBZ w11, 2f \n"
+            "LD1 {v14.2d}, [%[in]], #16\n"
+            "B 1b \n"
 
-                "2:\n"
-                "#store current counter value at the end \n"
-                "ST1 {v0.2d}, %[regOut]   \n"
+        "2:\n"
+            "#store current counter value at the end \n"
+            "ST1 {v0.2d}, [%[reg]]   \n"
 
-
-                :[out] "=r" (out), [regOut] "=m" (aes->reg), "=r" (in)
-                :"0" (out), [Key] "m" (aes->key), [input] "2" (in),
-                 [blocks] "r" (numBlocks), [reg] "m" (aes->reg)
-                : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
-                "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14"
-                );
-                break;
+            : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key)
+            : [reg] "r" (reg), [blocks] "r" (numBlocks)
+            : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14"
+        );
+        break;
 #endif /* WOLFSSL_AES_192*/
 #ifdef WOLFSSL_AES_256
-            case 14: /* AES 256 BLOCK */
-                __asm__ __volatile__ (
-                "MOV w11, %w[blocks] \n"
-                "LD1 {v1.2d-v4.2d},   %[Key], #64 \n"
+    case 14: /* AES 256 BLOCK */
+        __asm__ __volatile__ (
+            "MOV w11, %w[blocks] \n"
+            "LD1 {v1.2d-v4.2d},   [%[key]], #64 \n"
 
-                "LD1 {v5.2d-v8.2d},   %[Key], #64 \n"
-                "LD1 {v9.2d-v12.2d},  %[Key], #64 \n"
-                "LD1 {v13.2d-v15.2d}, %[Key], #48 \n"
-                "LD1 {v0.2d}, %[reg] \n"
+            "LD1 {v5.2d-v8.2d},   [%[key]], #64 \n"
+            "LD1 {v9.2d-v12.2d},  [%[key]], #64 \n"
+            "LD1 {v13.2d-v15.2d}, [%[key]], #48 \n"
+            "LD1 {v0.2d}, [%[reg]] \n"
 
-                "LD1 {v16.2d}, [%[input]], #16  \n"
-                "1: \n"
-                "#CBC operations, xorbuf in with current aes->reg \n"
-                "EOR v0.16b, v0.16b, v16.16b \n"
-                "AESE v0.16b, v1.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v2.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v3.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v4.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v5.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v6.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v7.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v8.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v9.16b  \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v10.16b \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v11.16b \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v12.16b \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v13.16b \n"
-                "AESMC v0.16b, v0.16b \n"
-                "AESE v0.16b, v14.16b \n"
-                "EOR v0.16b, v0.16b, v15.16b \n"
-                "SUB w11, w11, #1     \n"
-                "ST1 {v0.2d}, [%[out]], #16  \n"
+            "LD1 {v16.2d}, [%[in]], #16  \n"
+        "1: \n"
+            "#CBC operations, xorbuf in with current reg \n"
+            "EOR v0.16b, v0.16b, v16.16b \n"
+            "AESE v0.16b, v1.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v2.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v3.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v4.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v5.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v6.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v7.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v8.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v9.16b  \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v10.16b \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v11.16b \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v12.16b \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v13.16b \n"
+            "AESMC v0.16b, v0.16b \n"
+            "AESE v0.16b, v14.16b \n"
+            "EOR v0.16b, v0.16b, v15.16b \n"
+            "SUB w11, w11, #1     \n"
+            "ST1 {v0.2d}, [%[out]], #16  \n"
 
-                "CBZ w11, 2f \n"
-                "LD1 {v16.2d}, [%[input]], #16 \n"
-                "B 1b \n"
+            "CBZ w11, 2f \n"
+            "LD1 {v16.2d}, [%[in]], #16 \n"
+            "B 1b \n"
 
-                "2: \n"
-                "#store current counter value at the end \n"
-                "ST1 {v0.2d}, %[regOut]   \n"
+        "2: \n"
+            "#store current counter value at the end \n"
+            "ST1 {v0.2d}, [%[reg]]   \n"
 
-
-                :[out] "=r" (out), [regOut] "=m" (aes->reg), "=r" (in)
-                :"0" (out), [Key] "m" (aes->key), [input] "2" (in),
-                 [blocks] "r" (numBlocks), [reg] "m" (aes->reg)
-                : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
-                "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14","v15",
-                "v16"
-                );
-                break;
+            : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key)
+            : [reg] "r" (reg), [blocks] "r" (numBlocks)
+            : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14","v15",
+            "v16"
+        );
+        break;
 #endif /* WOLFSSL_AES_256 */
-            default:
-                WOLFSSL_MSG("Bad AES-CBC round value");
-                return BAD_FUNC_ARG;
-            }
-        }
-
-        return 0;
     }
+}
 
-    #ifdef HAVE_AES_DECRYPT
-    int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-    {
-        word32 numBlocks = sz / AES_BLOCK_SIZE;
+#ifdef HAVE_AES_DECRYPT
+void AES_CBC_decrypt_AARCH64(const byte* in, byte* out, word32 sz,
+    byte* reg, byte* key, int rounds)
+{
+    word32 numBlocks = sz / WC_AES_BLOCK_SIZE;
 
-        if (aes == NULL || out == NULL || in == NULL) {
-            return BAD_FUNC_ARG;
-        }
-
-        if (sz == 0) {
-            return 0;
-        }
-
-        if (sz % AES_BLOCK_SIZE) {
-#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-            return BAD_LENGTH_E;
-#else
-            return BAD_FUNC_ARG;
-#endif
-        }
-
-        /* do as many block size ops as possible */
-        if (numBlocks > 0) {
-            word32* key = aes->key;
-            word32* reg = aes->reg;
-
-            switch(aes->rounds) {
+    switch (rounds) {
 #ifdef WOLFSSL_AES_128
-            case 10: /* AES 128 BLOCK */
-                __asm__ __volatile__ (
-                "MOV w11, %w[blocks] \n"
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
-                "LD1 {v5.2d-v8.2d}, [%[Key]], #64  \n"
-                "LD1 {v9.2d-v11.2d},[%[Key]], #48  \n"
-                "LD1 {v13.2d}, [%[reg]] \n"
+    case 10: /* AES 128 BLOCK */
+        __asm__ __volatile__ (
+            "MOV w11, %w[blocks] \n"
+            "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+            "LD1 {v5.2d-v8.2d}, [%[key]], #64  \n"
+            "LD1 {v9.2d-v11.2d},[%[key]], #48  \n"
+            "LD1 {v13.2d}, [%[reg]] \n"
 
-                "1:\n"
-                "LD1 {v0.2d}, [%[input]], #16  \n"
-                "MOV v12.16b, v0.16b \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v3.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v4.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v5.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v6.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v7.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v8.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v9.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v10.16b  \n"
-                "EOR v0.16b, v0.16b, v11.16b \n"
+        "1:\n"
+            "LD1 {v0.2d}, [%[in]], #16  \n"
+            "MOV v12.16b, v0.16b \n"
+            "AESD v0.16b, v1.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v2.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v3.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v4.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v5.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v6.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v7.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v8.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v9.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v10.16b  \n"
+            "EOR v0.16b, v0.16b, v11.16b \n"
 
-                "EOR v0.16b, v0.16b, v13.16b \n"
-                "SUB w11, w11, #1            \n"
-                "ST1 {v0.2d}, [%[out]], #16  \n"
-                "MOV v13.16b, v12.16b        \n"
+            "EOR v0.16b, v0.16b, v13.16b \n"
+            "SUB w11, w11, #1            \n"
+            "ST1 {v0.2d}, [%[out]], #16  \n"
+            "MOV v13.16b, v12.16b        \n"
 
-                "CBZ w11, 2f \n"
-                "B 1b      \n"
+            "CBZ w11, 2f \n"
+            "B 1b      \n"
 
-                "2: \n"
-                "#store current counter value at the end \n"
-                "ST1 {v13.2d}, [%[regOut]] \n"
+        "2: \n"
+            "#store current counter value at the end \n"
+            "ST1 {v13.2d}, [%[reg]] \n"
 
-                :[out] "=r" (out), [regOut] "=r" (reg), "=r" (in)
-                :"0" (out), [Key] "r" (key), [input] "2" (in),
-                 [blocks] "r" (numBlocks), [reg] "1" (reg)
-                : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
-                "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13"
-                );
-                break;
+            : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key)
+            : [reg] "r" (reg), [blocks] "r" (numBlocks)
+            : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13"
+        );
+        break;
 #endif /* WOLFSSL_AES_128 */
 #ifdef WOLFSSL_AES_192
-            case 12: /* AES 192 BLOCK */
-                __asm__ __volatile__ (
-                "MOV w11, %w[blocks] \n"
-                "LD1 {v1.2d-v4.2d}, [%[Key]], #64  \n"
-                "LD1 {v5.2d-v8.2d}, [%[Key]], #64  \n"
-                "LD1 {v9.2d-v12.2d},[%[Key]], #64  \n"
-                "LD1 {v13.16b}, [%[Key]], #16 \n"
-                "LD1 {v15.2d}, [%[reg]]       \n"
+    case 12: /* AES 192 BLOCK */
+        __asm__ __volatile__ (
+            "MOV w11, %w[blocks] \n"
+            "LD1 {v1.2d-v4.2d}, [%[key]], #64  \n"
+            "LD1 {v5.2d-v8.2d}, [%[key]], #64  \n"
+            "LD1 {v9.2d-v12.2d},[%[key]], #64  \n"
+            "LD1 {v13.16b}, [%[key]], #16 \n"
+            "LD1 {v15.2d}, [%[reg]]       \n"
 
-                "LD1 {v0.2d}, [%[input]], #16  \n"
-                "1:    \n"
-                "MOV v14.16b, v0.16b   \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v3.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v4.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v5.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v6.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v7.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v8.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v9.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v10.16b  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v11.16b  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v12.16b  \n"
-                "EOR v0.16b, v0.16b, v13.16b \n"
+            "LD1 {v0.2d}, [%[in]], #16  \n"
+        "1:    \n"
+            "MOV v14.16b, v0.16b   \n"
+            "AESD v0.16b, v1.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v2.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v3.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v4.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v5.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v6.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v7.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v8.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v9.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v10.16b  \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v11.16b  \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v12.16b  \n"
+            "EOR v0.16b, v0.16b, v13.16b \n"
 
-                "EOR v0.16b, v0.16b, v15.16b \n"
-                "SUB w11, w11, #1            \n"
-                "ST1 {v0.2d}, [%[out]], #16  \n"
-                "MOV v15.16b, v14.16b        \n"
+            "EOR v0.16b, v0.16b, v15.16b \n"
+            "SUB w11, w11, #1            \n"
+            "ST1 {v0.2d}, [%[out]], #16  \n"
+            "MOV v15.16b, v14.16b        \n"
 
-                "CBZ w11, 2f \n"
-                "LD1 {v0.2d}, [%[input]], #16 \n"
-                "B 1b \n"
+            "CBZ w11, 2f \n"
+            "LD1 {v0.2d}, [%[in]], #16 \n"
+            "B 1b \n"
 
-                "2:\n"
-                "#store current counter value at the end \n"
-                "ST1 {v15.2d}, [%[regOut]] \n"
+        "2:\n"
+            "#store current counter value at the end \n"
+            "ST1 {v15.2d}, [%[reg]] \n"
 
-                :[out] "=r" (out), [regOut] "=r" (reg), "=r" (in)
-                :"0" (out), [Key] "r" (key), [input] "2" (in),
-                 [blocks] "r" (numBlocks), [reg] "1" (reg)
-                : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
-                "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15"
-                );
-                break;
+            : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key)
+            : [reg] "r" (reg), [blocks] "r" (numBlocks)
+            : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15"
+        );
+        break;
 #endif /* WOLFSSL_AES_192 */
 #ifdef WOLFSSL_AES_256
-            case 14: /* AES 256 BLOCK */
-                __asm__ __volatile__ (
-                "MOV w11, %w[blocks] \n"
-                "LD1 {v1.2d-v4.2d},   [%[Key]], #64  \n"
-                "LD1 {v5.2d-v8.2d},   [%[Key]], #64  \n"
-                "LD1 {v9.2d-v12.2d},  [%[Key]], #64  \n"
-                "LD1 {v13.2d-v15.2d}, [%[Key]], #48  \n"
-                "LD1 {v17.2d}, [%[reg]] \n"
+    case 14: /* AES 256 BLOCK */
+        __asm__ __volatile__ (
+            "MOV w11, %w[blocks] \n"
+            "LD1 {v1.2d-v4.2d},   [%[key]], #64  \n"
+            "LD1 {v5.2d-v8.2d},   [%[key]], #64  \n"
+            "LD1 {v9.2d-v12.2d},  [%[key]], #64  \n"
+            "LD1 {v13.2d-v15.2d}, [%[key]], #48  \n"
+            "LD1 {v17.2d}, [%[reg]] \n"
 
-                "LD1 {v0.2d}, [%[input]], #16  \n"
-                "1:    \n"
-                "MOV v16.16b, v0.16b   \n"
-                "AESD v0.16b, v1.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v2.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v3.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v4.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v5.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v6.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v7.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v8.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v9.16b   \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v10.16b  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v11.16b  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v12.16b  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v13.16b  \n"
-                "AESIMC v0.16b, v0.16b \n"
-                "AESD v0.16b, v14.16b  \n"
-                "EOR v0.16b, v0.16b, v15.16b \n"
+            "LD1 {v0.2d}, [%[in]], #16  \n"
+        "1:    \n"
+            "MOV v16.16b, v0.16b   \n"
+            "AESD v0.16b, v1.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v2.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v3.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v4.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v5.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v6.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v7.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v8.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v9.16b   \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v10.16b  \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v11.16b  \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v12.16b  \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v13.16b  \n"
+            "AESIMC v0.16b, v0.16b \n"
+            "AESD v0.16b, v14.16b  \n"
+            "EOR v0.16b, v0.16b, v15.16b \n"
 
-                "EOR v0.16b, v0.16b, v17.16b \n"
-                "SUB w11, w11, #1            \n"
-                "ST1 {v0.2d}, [%[out]], #16  \n"
-                "MOV v17.16b, v16.16b        \n"
+            "EOR v0.16b, v0.16b, v17.16b \n"
+            "SUB w11, w11, #1            \n"
+            "ST1 {v0.2d}, [%[out]], #16  \n"
+            "MOV v17.16b, v16.16b        \n"
 
-                "CBZ w11, 2f \n"
-                "LD1 {v0.2d}, [%[input]], #16  \n"
-                "B 1b \n"
+            "CBZ w11, 2f \n"
+            "LD1 {v0.2d}, [%[in]], #16  \n"
+            "B 1b \n"
 
-                "2:\n"
-                "#store current counter value at the end \n"
-                "ST1 {v17.2d}, [%[regOut]]   \n"
+        "2:\n"
+            "#store current counter value at the end \n"
+            "ST1 {v17.2d}, [%[reg]]   \n"
 
-                :[out] "=r" (out), [regOut] "=r" (reg), "=r" (in)
-                :"0" (out), [Key] "r" (key), [input] "2" (in),
-                 [blocks] "r" (numBlocks), [reg] "1" (reg)
-                : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
-                "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14","v15",
-                "v16", "v17"
-                );
-                break;
+            : [out] "+r" (out), [in] "+r" (in), [key] "+r" (key)
+            : [reg] "r" (reg), [blocks] "r" (numBlocks)
+            : "cc", "memory", "w11", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14","v15",
+            "v16", "v17"
+        );
+        break;
 #endif /* WOLFSSL_AES_256 */
-            default:
-                WOLFSSL_MSG("Bad AES-CBC round value");
-                return BAD_FUNC_ARG;
-            }
-        }
-
-        return 0;
     }
-    #endif
+}
+#endif
 
 #endif /* HAVE_AES_CBC */
 
@@ -1408,57 +1457,28 @@ static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in,
     }
 }
 
-int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+void AES_CTR_encrypt_AARCH64(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     byte* tmp;
     word32 numBlocks;
 
-    if (aes == NULL || out == NULL || in == NULL) {
-        return BAD_FUNC_ARG;
-    }
-    switch(aes->rounds) {
-    #ifdef WOLFSSL_AES_128
-        case 10: /* AES 128 BLOCK */
-    #endif /* WOLFSSL_AES_128 */
-    #ifdef WOLFSSL_AES_192
-        case 12: /* AES 192 BLOCK */
-    #endif /* WOLFSSL_AES_192 */
-    #ifdef WOLFSSL_AES_256
-        case 14: /* AES 256 BLOCK */
-    #endif /* WOLFSSL_AES_256 */
-            break;
-        default:
-            WOLFSSL_MSG("Bad AES-CTR round value");
-            return BAD_FUNC_ARG;
-    }
-
-
-    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
-
-    /* consume any unused bytes left in aes->tmp */
-    while ((aes->left != 0) && (sz != 0)) {
-       *(out++) = *(in++) ^ *(tmp++);
-       aes->left--;
-       sz--;
-    }
-
     /* do as many block size ops as possible */
-    numBlocks = sz / AES_BLOCK_SIZE;
+    numBlocks = sz / WC_AES_BLOCK_SIZE;
     if (numBlocks > 0) {
         wc_aes_ctr_encrypt_asm(aes, out, in, (byte*)aes->key, numBlocks);
 
-        sz  -= numBlocks * AES_BLOCK_SIZE;
-        out += numBlocks * AES_BLOCK_SIZE;
-        in  += numBlocks * AES_BLOCK_SIZE;
+        sz  -= numBlocks * WC_AES_BLOCK_SIZE;
+        out += numBlocks * WC_AES_BLOCK_SIZE;
+        in  += numBlocks * WC_AES_BLOCK_SIZE;
     }
 
     /* handle non block size remaining */
     if (sz) {
-        byte zeros[AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
+        byte zeros[WC_AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
                                        0, 0, 0, 0, 0, 0, 0, 0 };
         wc_aes_ctr_encrypt_asm(aes, (byte*)aes->tmp, zeros, (byte*)aes->key, 1);
 
-        aes->left = AES_BLOCK_SIZE;
+        aes->left = WC_AES_BLOCK_SIZE;
         tmp = (byte*)aes->tmp;
 
         while (sz--) {
@@ -1466,14 +1486,6 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             aes->left--;
         }
     }
-    return 0;
-}
-
-int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
-        const byte* iv, int dir)
-{
-    (void)dir;
-    return wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
 }
 
 #endif /* WOLFSSL_AES_COUNTER */
@@ -1488,7 +1500,7 @@ int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
 
 /* PMULL and RBIT only with AArch64 */
 /* Use ARM hardware for polynomial multiply */
-void GMULT(byte* X, byte* Y)
+void GMULT_AARCH64(byte* X, byte* Y)
 {
     __asm__ volatile (
         "LD1 {v0.16b}, [%[X]] \n"
@@ -1520,10 +1532,10 @@ void GMULT(byte* X, byte* Y)
     );
 }
 
-void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
-    word32 cSz, byte* s, word32 sSz)
+static void GHASH_AARCH64_EOR(Gcm* gcm, const byte* a, word32 aSz,
+    const byte* c, word32 cSz, byte* s, word32 sSz)
 {
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
 
     __asm__ __volatile__ (
         "LD1 {v3.16b}, %[h] \n"
@@ -1596,12 +1608,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v9.1q, v12.1d, v4.1d \n"
         "PMULL2 v12.1q, v12.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v2.16b, v2.16b, v12.16b, v9.16b \n"
-#else
         "EOR v12.16b, v12.16b, v9.16b \n"
         "EOR v2.16b, v2.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v8.1q, v11.1d, v5.1d \n"
         "PMULL2 v9.1q, v11.2d, v5.2d \n"
@@ -1610,12 +1618,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "EXT v11.16b, v11.16b, v11.16b, #8 \n"
         "PMULL  v9.1q, v11.1d, v5.1d \n"
         "PMULL2 v11.1q, v11.2d, v5.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v2.16b, v2.16b, v11.16b, v9.16b \n"
-#else
         "EOR v11.16b, v11.16b, v9.16b \n"
         "EOR v2.16b, v2.16b, v11.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v8.1q, v10.1d, v6.1d \n"
         "PMULL2 v9.1q, v10.2d, v6.2d \n"
@@ -1624,23 +1628,13 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "EXT v10.16b, v10.16b, v10.16b, #8 \n"
         "PMULL  v9.1q, v10.1d, v6.1d \n"
         "PMULL2 v10.1q, v10.2d, v6.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v2.16b, v2.16b, v10.16b, v9.16b \n"
-#else
         "EOR v10.16b, v10.16b, v9.16b \n"
         "EOR v2.16b, v2.16b, v10.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v9.16b, v0.16b, v1.16b, #8 \n"
         "PMULL2 v8.1q, v1.2d, v7.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v9.16b, v9.16b, v2.16b, v8.16b \n"
-#else
         "EOR v9.16b, v9.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v9.16b, v9.16b, v8.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v8.1q, v9.2d, v7.2d \n"
         "MOV v0.D[1], v9.D[0] \n"
         "EOR v0.16b, v0.16b, v8.16b \n"
@@ -1767,12 +1761,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v9.1q, v12.1d, v4.1d \n"
         "PMULL2 v12.1q, v12.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v2.16b, v2.16b, v12.16b, v9.16b \n"
-#else
         "EOR v12.16b, v12.16b, v9.16b \n"
         "EOR v2.16b, v2.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v8.1q, v11.1d, v5.1d \n"
         "PMULL2 v9.1q, v11.2d, v5.2d \n"
@@ -1781,12 +1771,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "EXT v11.16b, v11.16b, v11.16b, #8 \n"
         "PMULL  v9.1q, v11.1d, v5.1d \n"
         "PMULL2 v11.1q, v11.2d, v5.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v2.16b, v2.16b, v11.16b, v9.16b \n"
-#else
         "EOR v11.16b, v11.16b, v9.16b \n"
         "EOR v2.16b, v2.16b, v11.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v8.1q, v10.1d, v6.1d \n"
         "PMULL2 v9.1q, v10.2d, v6.2d \n"
@@ -1795,23 +1781,13 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
         "EXT v10.16b, v10.16b, v10.16b, #8 \n"
         "PMULL  v9.1q, v10.1d, v6.1d \n"
         "PMULL2 v10.1q, v10.2d, v6.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v2.16b, v2.16b, v10.16b, v9.16b \n"
-#else
         "EOR v10.16b, v10.16b, v9.16b \n"
         "EOR v2.16b, v2.16b, v10.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v9.16b, v0.16b, v1.16b, #8 \n"
         "PMULL2 v8.1q, v1.2d, v7.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v9.16b, v9.16b, v2.16b, v8.16b \n"
-#else
         "EOR v9.16b, v9.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v9.16b, v9.16b, v8.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v8.1q, v9.2d, v7.2d \n"
         "MOV v0.D[1], v9.D[0] \n"
         "EOR v0.16b, v0.16b, v8.16b \n"
@@ -1889,15 +1865,642 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
 
     XMEMCPY(s, scratch, sSz);
 }
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+
+static void GHASH_AARCH64_EOR3(Gcm* gcm, const byte* a, word32 aSz,
+    const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    byte scratch[WC_AES_BLOCK_SIZE];
+
+    __asm__ __volatile__ (
+        "LD1 {v3.16b}, %[h] \n"
+        "MOVI v7.16b, #0x87 \n"
+        "EOR v0.16b, v0.16b, v0.16b \n"
+        "USHR v7.2d, v7.2d, #56 \n"
+
+        "# AAD \n"
+        "CBZ %[a], 20f \n"
+        "CBZ %w[aSz], 20f \n"
+        "MOV w12, %w[aSz] \n"
+
+        "CMP x12, #64 \n"
+        "BLT 15f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v11.1q, v3.2d, v3.2d \n"
+        "PMULL  v10.1q, v3.1d, v3.1d \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v11.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v4.16b, v10.16b, v11.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v10.1q, v4.1d, v3.1d \n"
+        "PMULL2 v11.1q, v4.2d, v3.2d \n"
+        "EXT v12.16b, v3.16b, v3.16b, #8 \n"
+        "PMULL  v13.1q, v4.1d, v12.1d \n"
+        "PMULL2 v12.1q, v4.2d, v12.2d \n"
+        "EOR v12.16b, v12.16b, v13.16b \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "# Reduce \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v12.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v5.16b, v10.16b, v12.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v11.1q, v4.2d, v4.2d \n"
+        "PMULL  v10.1q, v4.1d, v4.1d \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v11.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v6.16b, v10.16b, v11.16b \n"
+        "14: \n"
+        "LD1 {v10.2d-v13.2d}, [%[a]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v10.16b, v10.16b \n"
+        "RBIT v11.16b, v11.16b \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "EOR v10.16b, v10.16b, v0.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v0.1q, v13.1d, v3.1d \n"
+        "PMULL2 v1.1q, v13.2d, v3.2d \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v2.1q, v13.1d, v3.1d \n"
+        "PMULL2 v9.1q, v13.2d, v3.2d \n"
+        "EOR v2.16b, v2.16b, v9.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v8.1q, v12.1d, v4.1d \n"
+        "PMULL2 v9.1q, v12.2d, v4.2d \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "EOR v1.16b, v1.16b, v9.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v9.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "EOR3 v2.16b, v2.16b, v12.16b, v9.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v8.1q, v11.1d, v5.1d \n"
+        "PMULL2 v9.1q, v11.2d, v5.2d \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "EOR v1.16b, v1.16b, v9.16b \n"
+        "EXT v11.16b, v11.16b, v11.16b, #8 \n"
+        "PMULL  v9.1q, v11.1d, v5.1d \n"
+        "PMULL2 v11.1q, v11.2d, v5.2d \n"
+        "EOR3 v2.16b, v2.16b, v11.16b, v9.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v8.1q, v10.1d, v6.1d \n"
+        "PMULL2 v9.1q, v10.2d, v6.2d \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "EOR v1.16b, v1.16b, v9.16b \n"
+        "EXT v10.16b, v10.16b, v10.16b, #8 \n"
+        "PMULL  v9.1q, v10.1d, v6.1d \n"
+        "PMULL2 v10.1q, v10.2d, v6.2d \n"
+        "EOR3 v2.16b, v2.16b, v10.16b, v9.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v9.16b, v0.16b, v1.16b, #8 \n"
+        "PMULL2 v8.1q, v1.2d, v7.2d \n"
+        "EOR3 v9.16b, v9.16b, v2.16b, v8.16b \n"
+        "PMULL2 v8.1q, v9.2d, v7.2d \n"
+        "MOV v0.D[1], v9.D[0] \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 14b \n"
+        "CBZ x12, 20f \n"
+        "15: \n"
+        "CMP x12, #16 \n"
+        "BLT 12f \n"
+        "11: \n"
+        "LD1 {v14.2d}, [%[a]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v14.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v14.16b \n"
+        "PMULL  v10.1q, v0.1d, v3.1d \n"
+        "PMULL2 v11.1q, v0.2d, v3.2d \n"
+        "EXT v12.16b, v3.16b, v3.16b, #8 \n"
+        "PMULL  v13.1q, v0.1d, v12.1d \n"
+        "PMULL2 v12.1q, v0.2d, v12.2d \n"
+        "EOR v12.16b, v12.16b, v13.16b \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "# Reduce \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v12.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v0.16b, v10.16b, v12.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 11b \n"
+        "CBZ x12, 120f \n"
+        "12: \n"
+        "# Partial AAD \n"
+        "EOR v14.16b, v14.16b, v14.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v14.2d}, [%[scratch]] \n"
+        "13: \n"
+        "LDRB w13, [%[a]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 13b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v14.2d}, [%[scratch]] \n"
+        "RBIT v14.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v14.16b \n"
+        "PMULL  v10.1q, v0.1d, v3.1d \n"
+        "PMULL2 v11.1q, v0.2d, v3.2d \n"
+        "EXT v12.16b, v3.16b, v3.16b, #8 \n"
+        "PMULL  v13.1q, v0.1d, v12.1d \n"
+        "PMULL2 v12.1q, v0.2d, v12.2d \n"
+        "EOR v12.16b, v12.16b, v13.16b \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "# Reduce \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v12.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v0.16b, v10.16b, v12.16b \n"
+
+        "20: \n"
+        "# Cipher Text \n"
+        "CBZ %[c], 120f \n"
+        "CBZ %w[cSz], 120f \n"
+        "MOV w12, %w[cSz] \n"
+
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v11.1q, v3.2d, v3.2d \n"
+        "PMULL  v10.1q, v3.1d, v3.1d \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v11.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v4.16b, v10.16b, v11.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v10.1q, v4.1d, v3.1d \n"
+        "PMULL2 v11.1q, v4.2d, v3.2d \n"
+        "EXT v12.16b, v3.16b, v3.16b, #8 \n"
+        "PMULL  v13.1q, v4.1d, v12.1d \n"
+        "PMULL2 v12.1q, v4.2d, v12.2d \n"
+        "EOR v12.16b, v12.16b, v13.16b \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "# Reduce \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v12.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v5.16b, v10.16b, v12.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v11.1q, v4.2d, v4.2d \n"
+        "PMULL  v10.1q, v4.1d, v4.1d \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v11.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v6.16b, v10.16b, v11.16b \n"
+        "114: \n"
+        "LD1 {v10.2d-v13.2d}, [%[c]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v10.16b, v10.16b \n"
+        "RBIT v11.16b, v11.16b \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "EOR v10.16b, v10.16b, v0.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v0.1q, v13.1d, v3.1d \n"
+        "PMULL2 v1.1q, v13.2d, v3.2d \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v2.1q, v13.1d, v3.1d \n"
+        "PMULL2 v9.1q, v13.2d, v3.2d \n"
+        "EOR v2.16b, v2.16b, v9.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v8.1q, v12.1d, v4.1d \n"
+        "PMULL2 v9.1q, v12.2d, v4.2d \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "EOR v1.16b, v1.16b, v9.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v9.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "EOR3 v2.16b, v2.16b, v12.16b, v9.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v8.1q, v11.1d, v5.1d \n"
+        "PMULL2 v9.1q, v11.2d, v5.2d \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "EOR v1.16b, v1.16b, v9.16b \n"
+        "EXT v11.16b, v11.16b, v11.16b, #8 \n"
+        "PMULL  v9.1q, v11.1d, v5.1d \n"
+        "PMULL2 v11.1q, v11.2d, v5.2d \n"
+        "EOR3 v2.16b, v2.16b, v11.16b, v9.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v8.1q, v10.1d, v6.1d \n"
+        "PMULL2 v9.1q, v10.2d, v6.2d \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "EOR v1.16b, v1.16b, v9.16b \n"
+        "EXT v10.16b, v10.16b, v10.16b, #8 \n"
+        "PMULL  v9.1q, v10.1d, v6.1d \n"
+        "PMULL2 v10.1q, v10.2d, v6.2d \n"
+        "EOR3 v2.16b, v2.16b, v10.16b, v9.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v9.16b, v0.16b, v1.16b, #8 \n"
+        "PMULL2 v8.1q, v1.2d, v7.2d \n"
+        "EOR3 v9.16b, v9.16b, v2.16b, v8.16b \n"
+        "PMULL2 v8.1q, v9.2d, v7.2d \n"
+        "MOV v0.D[1], v9.D[0] \n"
+        "EOR v0.16b, v0.16b, v8.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v14.2d}, [%[c]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v14.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v14.16b \n"
+        "PMULL  v10.1q, v0.1d, v3.1d \n"
+        "PMULL2 v11.1q, v0.2d, v3.2d \n"
+        "EXT v12.16b, v3.16b, v3.16b, #8 \n"
+        "PMULL  v13.1q, v0.1d, v12.1d \n"
+        "PMULL2 v12.1q, v0.2d, v12.2d \n"
+        "EOR v12.16b, v12.16b, v13.16b \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "# Reduce \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v12.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v0.16b, v10.16b, v12.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial cipher text \n"
+        "EOR v14.16b, v14.16b, v14.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v14.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[c]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v14.2d}, [%[scratch]] \n"
+        "RBIT v14.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v14.16b \n"
+        "PMULL  v10.1q, v0.1d, v3.1d \n"
+        "PMULL2 v11.1q, v0.2d, v3.2d \n"
+        "EXT v12.16b, v3.16b, v3.16b, #8 \n"
+        "PMULL  v13.1q, v0.1d, v12.1d \n"
+        "PMULL2 v12.1q, v0.2d, v12.2d \n"
+        "EOR v12.16b, v12.16b, v13.16b \n"
+        "EXT v13.16b, v10.16b, v11.16b, #8 \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "# Reduce \n"
+        "PMULL2 v12.1q, v11.2d, v7.2d \n"
+        "EOR v13.16b, v13.16b, v12.16b \n"
+        "PMULL2 v12.1q, v13.2d, v7.2d \n"
+        "MOV v10.D[1], v13.D[0] \n"
+        "EOR v0.16b, v10.16b, v12.16b \n"
+        "120: \n"
+        "RBIT v0.16b, v0.16b \n"
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[cSz], %x[cSz], #3 \n"
+        "MOV v10.D[0], %x[aSz] \n"
+        "MOV v10.D[1], %x[cSz] \n"
+        "REV64 v10.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v10.16b \n"
+        "ST1 {v0.16b}, [%[scratch]] \n"
+        : [cSz] "+r" (cSz), [c] "+r" (c), [aSz] "+r" (aSz), [a] "+r" (a)
+        : [scratch] "r" (scratch), [h] "m" (gcm->H)
+        : "cc", "memory", "w12", "w13", "x14",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14"
+    );
+
+    XMEMCPY(s, scratch, sSz);
+}
+#endif
+
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+
+#define GHASH_AARCH64(gcm, a, aSz, c, cSz, s, sSz)              \
+    do {                                                        \
+        if (aes->use_sha3_hw_crypto) {                          \
+            GHASH_AARCH64_EOR3(gcm, a, aSz, c, cSz, s, sSz);    \
+        }                                                       \
+        else {                                                  \
+            GHASH_AARCH64_EOR(gcm, a, aSz, c, cSz, s, sSz);     \
+        }                                                       \
+    }                                                           \
+    while (0)
+
+#else
+
+    #define GHASH_AARCH64(gcm, a, aSz, c, cSz, s, sSz)          \
+        GHASH_AARCH64_EOR(gcm, a, aSz, c, cSz, s, sSz)
+
+#endif
+
+#ifdef WOLFSSL_AESGCM_STREAM
+    /* Access initialization counter data. */
+    #define AES_INITCTR(aes)        ((aes)->streamData + 0 * WC_AES_BLOCK_SIZE)
+    /* Access counter data. */
+    #define AES_COUNTER(aes)        ((aes)->streamData + 1 * WC_AES_BLOCK_SIZE)
+    /* Access tag data. */
+    #define AES_TAG(aes)            ((aes)->streamData + 2 * WC_AES_BLOCK_SIZE)
+    /* Access last GHASH block. */
+    #define AES_LASTGBLOCK(aes)     ((aes)->streamData + 3 * WC_AES_BLOCK_SIZE)
+    /* Access last encrypted block. */
+    #define AES_LASTBLOCK(aes)      ((aes)->streamData + 4 * WC_AES_BLOCK_SIZE)
+
+/* GHASH one block of data.
+ *
+ * XOR block into tag and GMULT with H.
+ *
+ * @param [in, out] aes    AES GCM object.
+ * @param [in]      block  Block of AAD or cipher text.
+ */
+#define GHASH_ONE_BLOCK_AARCH64(aes, block)             \
+    do {                                                \
+        xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \
+        GMULT_AARCH64(AES_TAG(aes), aes->gcm.H);        \
+    }                                                   \
+    while (0)
+
+/* Hash in the lengths of the AAD and cipher text in bits.
+ *
+ * Default implementation.
+ *
+ * @param [in, out] aes  AES GCM object.
+ */
+#define GHASH_LEN_BLOCK_AARCH64(aes)            \
+    do {                                        \
+        byte scratch[WC_AES_BLOCK_SIZE];        \
+        FlattenSzInBits(&scratch[0], aes->aSz); \
+        FlattenSzInBits(&scratch[8], aes->cSz); \
+        GHASH_ONE_BLOCK_AARCH64(aes, scratch);  \
+    }                                           \
+    while (0)
+
+/* Update the GHASH with AAD and/or cipher text.
+ *
+ * @param [in,out] aes   AES GCM object.
+ * @param [in]     a     Additional authentication data buffer.
+ * @param [in]     aSz   Size of data in AAD buffer.
+ * @param [in]     c     Cipher text buffer.
+ * @param [in]     cSz   Size of data in cipher text buffer.
+ */
+void GHASH_UPDATE_AARCH64(Aes* aes, const byte* a, word32 aSz, const byte* c,
+    word32 cSz)
+{
+    word32 blocks;
+    word32 partial;
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        /* Update count of AAD we have hashed. */
+        aes->aSz += aSz;
+        /* Check if we have unprocessed data. */
+        if (aes->aOver > 0) {
+            /* Calculate amount we can use - fill up the block. */
+            byte sz = WC_AES_BLOCK_SIZE - aes->aOver;
+            if (sz > aSz) {
+                sz = aSz;
+            }
+            /* Copy extra into last GHASH block array and update count. */
+            XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz);
+            aes->aOver += sz;
+            if (aes->aOver == WC_AES_BLOCK_SIZE) {
+                /* We have filled up the block and can process. */
+                GHASH_ONE_BLOCK_AARCH64(aes, AES_LASTGBLOCK(aes));
+                /* Reset count. */
+                aes->aOver = 0;
+            }
+            /* Used up some data. */
+            aSz -= sz;
+            a += sz;
+        }
+
+        /* Calculate number of blocks of AAD and the leftover. */
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
+        /* GHASH full blocks now. */
+        while (blocks--) {
+            GHASH_ONE_BLOCK_AARCH64(aes, a);
+            a += WC_AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            /* Cache the partial block. */
+            XMEMCPY(AES_LASTGBLOCK(aes), a, partial);
+            aes->aOver = (byte)partial;
+        }
+    }
+    if (aes->aOver > 0 && cSz > 0 && c != NULL) {
+        /* No more AAD coming and we have a partial block. */
+        /* Fill the rest of the block with zeros. */
+        byte sz = WC_AES_BLOCK_SIZE - aes->aOver;
+        XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0, sz);
+        /* GHASH last AAD block. */
+        GHASH_ONE_BLOCK_AARCH64(aes, AES_LASTGBLOCK(aes));
+        /* Clear partial count for next time through. */
+        aes->aOver = 0;
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        /* Update count of cipher text we have hashed. */
+        aes->cSz += cSz;
+        if (aes->cOver > 0) {
+            /* Calculate amount we can use - fill up the block. */
+            byte sz = WC_AES_BLOCK_SIZE - aes->cOver;
+            if (sz > cSz) {
+                sz = cSz;
+            }
+            XMEMCPY(AES_LASTGBLOCK(aes) + aes->cOver, c, sz);
+            /* Update count of unused encrypted counter. */
+            aes->cOver += sz;
+            if (aes->cOver == WC_AES_BLOCK_SIZE) {
+                /* We have filled up the block and can process. */
+                GHASH_ONE_BLOCK_AARCH64(aes, AES_LASTGBLOCK(aes));
+                /* Reset count. */
+                aes->cOver = 0;
+            }
+            /* Used up some data. */
+            cSz -= sz;
+            c += sz;
+        }
+
+        /* Calculate number of blocks of cipher text and the leftover. */
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
+        /* GHASH full blocks now. */
+        while (blocks--) {
+            GHASH_ONE_BLOCK_AARCH64(aes, c);
+            c += WC_AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            /* Cache the partial block. */
+            XMEMCPY(AES_LASTGBLOCK(aes), c, partial);
+            aes->cOver = (byte)partial;
+        }
+    }
+}
+
+/* Finalize the GHASH calculation.
+ *
+ * Complete hashing cipher text and hash the AAD and cipher text lengths.
+ *
+ * @param [in, out] aes  AES GCM object.
+ * @param [out]     s    Authentication tag.
+ * @param [in]      sSz  Size of authentication tag required.
+ */
+static void GHASH_FINAL_AARCH64(Aes* aes, byte* s, word32 sSz)
+{
+    /* AAD block incomplete when > 0 */
+    byte over = aes->aOver;
+
+    if (aes->cOver > 0) {
+        /* Cipher text block incomplete. */
+        over = aes->cOver;
+    }
+    if (over > 0) {
+        /* Zeroize the unused part of the block. */
+        XMEMSET(AES_LASTGBLOCK(aes) + over, 0, WC_AES_BLOCK_SIZE - over);
+        /* Hash the last block of cipher text. */
+        GHASH_ONE_BLOCK_AARCH64(aes, AES_LASTGBLOCK(aes));
+    }
+    /* Hash in the lengths of AAD and cipher text in bits */
+    GHASH_LEN_BLOCK_AARCH64(aes);
+    /* Copy the result into s. */
+    XMEMCPY(s, AES_TAG(aes), sSz);
+}
+
+void AES_GCM_init_AARCH64(Aes* aes, const byte* iv, word32 ivSz)
+{
+    ALIGN32 byte counter[WC_AES_BLOCK_SIZE];
+
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
+        XMEMCPY(counter, iv, ivSz);
+        XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
+                                      WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        /* Counter is GHASH of IV. */
+    #ifdef OPENSSL_EXTRA
+        word32 aadTemp = aes->gcm.aadLen;
+        aes->gcm.aadLen = 0;
+    #endif
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    #ifdef OPENSSL_EXTRA
+        aes->gcm.aadLen = aadTemp;
+    #endif
+    }
+
+    /* Copy in the counter for use with cipher. */
+    XMEMCPY(AES_COUNTER(aes), counter, WC_AES_BLOCK_SIZE);
+    /* Encrypt initial counter into a buffer for GCM. */
+    AES_encrypt_AARCH64(counter, AES_INITCTR(aes), (byte*)aes->key,
+        (int)aes->rounds);
+}
+
+void AES_GCM_crypt_update_AARCH64(Aes* aes, byte* out, const byte* in,
+    word32 sz)
+{
+    word32 blocks;
+    word32 partial;
+
+    /* Check if previous encrypted block was not used up. */
+    if (aes->over > 0) {
+        byte pSz = WC_AES_BLOCK_SIZE - aes->over;
+        if (pSz > sz) pSz = sz;
+
+        /* Use some/all of last encrypted block. */
+        xorbufout(out, AES_LASTBLOCK(aes) + aes->over, in, pSz);
+        aes->over = (aes->over + pSz) & (WC_AES_BLOCK_SIZE - 1);
+
+        /* Some data used. */
+        sz  -= pSz;
+        in  += pSz;
+        out += pSz;
+    }
+
+    /* Calculate the number of blocks needing to be encrypted and any leftover.
+     */
+    blocks  = sz / WC_AES_BLOCK_SIZE;
+    partial = sz & (WC_AES_BLOCK_SIZE - 1);
+
+    /* Encrypt block by block. */
+    while (blocks--) {
+        ALIGN32 byte scratch[WC_AES_BLOCK_SIZE];
+        IncrementGcmCounter(AES_COUNTER(aes));
+        /* Encrypt counter into a buffer. */
+        AES_encrypt_AARCH64(AES_COUNTER(aes), scratch, (byte*)aes->key,
+            (int)aes->rounds);
+        /* XOR plain text into encrypted counter into cipher text buffer. */
+        xorbufout(out, scratch, in, WC_AES_BLOCK_SIZE);
+        /* Data complete. */
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
+    }
+
+    if (partial != 0) {
+        /* Generate an extra block and use up as much as needed. */
+        IncrementGcmCounter(AES_COUNTER(aes));
+        /* Encrypt counter into cache. */
+        AES_encrypt_AARCH64(AES_COUNTER(aes), AES_LASTBLOCK(aes),
+            (byte*)aes->key, (int)aes->rounds);
+        /* XOR plain text into encrypted counter into cipher text buffer. */
+        xorbufout(out, AES_LASTBLOCK(aes), in, partial);
+        /* Keep amount of encrypted block used. */
+        aes->over = partial;
+    }
+}
+
+/* Calculates authentication tag for AES GCM. C implementation.
+ *
+ * @param [in, out] aes        AES object.
+ * @param [out]     authTag    Buffer to store authentication tag in.
+ * @param [in]      authTagSz  Length of tag to create.
+ */
+void AES_GCM_final_AARCH64(Aes* aes, byte* authTag, word32 authTagSz)
+{
+    /* Calculate authentication tag. */
+    GHASH_FINAL_AARCH64(aes, authTag, authTagSz);
+    /* XOR in as much of encrypted counter as is required. */
+    xorbuf(authTag, AES_INITCTR(aes), authTagSz);
+#ifdef OPENSSL_EXTRA
+    /* store AAD size for next call */
+    aes->gcm.aadLen = aes->aSz;
+#endif
+    /* Zeroize last block to protect sensitive data. */
+    ForceZero(AES_LASTBLOCK(aes), WC_AES_BLOCK_SIZE);
+}
+#endif /* WOLFSSL_AESGCM_STREAM */
 
 #ifdef WOLFSSL_AES_128
-/* internal function : see wc_AesGcmEncrypt */
-static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
-    const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+/* internal function : see AES_GCM_encrypt_AARCH64 */
+static void Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     /* Noticed different optimization levels treated head of array different.
      * Some cases was stack pointer plus offset others was a register containing
      * address. To make uniform for passing in to inline assembly code am using
@@ -1906,14 +2509,14 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     byte* ctr  = counter;
     byte* keyPt = (byte*)aes->key;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
-        GMULT(counter, aes->gcm.H);
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
     }
 
     __asm__ __volatile__ (
@@ -1987,12 +2590,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -2001,12 +2600,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -2015,23 +2610,13 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v30.16b, #8 \n"
         "PMULL2 v14.1q, v30.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -2484,12 +3069,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -2508,12 +3089,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "LDR q1, [%[Key], #32] \n"
         "AESE v5.16b, v22.16b \n"
         "AESMC v5.16b, v5.16b \n"
@@ -2533,12 +3110,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v22.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "# x[0-2] += C * H^5 \n"
@@ -2558,12 +3131,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v15.1q, v15.2d, v9.2d \n"
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
         "# x[0-2] += C * H^6 \n"
@@ -2582,12 +3151,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v14.2d, v10.2d \n"
         "AESE v29.16b, v1.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^7 \n"
@@ -2607,12 +3172,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v13.1q, v13.2d, v11.2d \n"
         "AESE v8.16b, v22.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "# x[0-2] += C * H^8 \n"
@@ -2632,12 +3193,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "LDR q22, [%[Key], #80] \n"
         "AESE v5.16b, v1.16b \n"
         "AESMC v5.16b, v5.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
         "# Reduce X = x[0-2] \n"
@@ -2647,16 +3204,10 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v1.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v1.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
@@ -2794,12 +3345,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v3.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v2.1q, v19.1d, v25.1d \n"
         "PMULL2 v3.1q, v19.2d, v25.2d \n"
@@ -2808,12 +3355,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v3.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v2.1q, v18.1d, v26.1d \n"
         "PMULL2 v3.1q, v18.2d, v26.2d \n"
@@ -2822,12 +3365,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v3.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^5 \n"
         "PMULL  v2.1q, v15.1d, v9.1d \n"
         "PMULL2 v3.1q, v15.2d, v9.2d \n"
@@ -2836,12 +3375,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v15.16b, v15.16b, v15.16b, #8 \n"
         "PMULL  v3.1q, v15.1d, v9.1d \n"
         "PMULL2 v15.1q, v15.2d, v9.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^6 \n"
         "PMULL  v2.1q, v14.1d, v10.1d \n"
         "PMULL2 v3.1q, v14.2d, v10.2d \n"
@@ -2850,12 +3385,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v14.16b, v14.16b, v14.16b, #8 \n"
         "PMULL  v3.1q, v14.1d, v10.1d \n"
         "PMULL2 v14.1q, v14.2d, v10.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^7 \n"
         "PMULL  v2.1q, v13.1d, v11.1d \n"
         "PMULL2 v3.1q, v13.2d, v11.2d \n"
@@ -2864,12 +3395,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v13.16b, v13.16b, v13.16b, #8 \n"
         "PMULL  v3.1q, v13.1d, v11.1d \n"
         "PMULL2 v13.1q, v13.2d, v11.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^8 \n"
         "PMULL  v2.1q, v12.1d, v4.1d \n"
         "PMULL2 v3.1q, v12.2d, v4.2d \n"
@@ -2878,23 +3405,13 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v3.1q, v12.1d, v4.1d \n"
         "PMULL2 v12.1q, v12.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v3.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
         "MOV v17.D[1], v3.D[0] \n"
         "EOR v17.16b, v17.16b, v2.16b \n"
@@ -3083,12 +3600,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v28.16b, v3.16b \n"
         "AESMC v28.16b, v28.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v29.16b, v3.16b \n"
         "AESMC v29.16b, v29.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -3107,12 +3620,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v29.16b, v4.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v4.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^4 \n"
@@ -3131,12 +3640,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v30.16b, v5.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "SUB w11, w11, #64 \n"
         "AESE v27.16b, v6.16b \n"
         "AESMC v27.16b, v27.16b \n"
@@ -3147,16 +3652,10 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
         "AESE v29.16b, v6.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v6.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v7.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
@@ -3227,12 +3726,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -3241,12 +3736,8 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -3255,23 +3746,13 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -3531,19 +4012,17 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
           "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
           "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
     );
-
-
-    return 0;
 }
 #endif /* WOLFSSL_AES_128 */
-#ifdef WOLFSSL_AES_192
-/* internal function : see wc_AesGcmEncrypt */
-static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
-    const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifdef WOLFSSL_AES_128
+/* internal function : see AES_GCM_encrypt_AARCH64 */
+static void Aes128GcmEncrypt_EOR3(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     /* Noticed different optimization levels treated head of array different.
      * Some cases was stack pointer plus offset others was a register containing
      * address. To make uniform for passing in to inline assembly code am using
@@ -3552,14 +4031,14 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     byte* ctr  = counter;
     byte* keyPt = (byte*)aes->key;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
-        GMULT(counter, aes->gcm.H);
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
     }
 
     __asm__ __volatile__ (
@@ -3633,12 +4112,7 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
-        "EOR v20.16b, v20.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -3647,12 +4121,7 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
-        "EOR v19.16b, v19.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -3661,23 +4130,1509 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
-        "EOR v18.16b, v18.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v30.16b, #8 \n"
         "PMULL2 v14.1q, v30.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v15.2d}, [%[aad]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial AAD \n"
+        "EOR v15.16b, v15.16b, v15.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[aad]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "120: \n"
+
+        "# Encrypt plaintext and GHASH ciphertext \n"
+        "LDR w12, [%[ctr], #12] \n"
+        "MOV w11, %w[sz] \n"
+        "REV w12, w12 \n"
+        "CMP w11, #64 \n"
+        "BLT 80f \n"
+        "CMP %w[aSz], #64 \n"
+        "BGE 82f \n"
+
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "82: \n"
+        "# Should we do 8 blocks at a time? \n"
+        "CMP w11, #512 \n"
+        "BLT 80f \n"
+
+        "# Calculate H^[5-8] - GMULT partials \n"
+        "# Multiply H and H^4 => H^5 \n"
+        "PMULL  v18.1q, v26.1d, v16.1d \n"
+        "PMULL2 v19.1q, v26.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v26.1d, v20.1d \n"
+        "PMULL2 v20.1q, v26.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v9.16b, v18.16b, v20.16b \n"
+        "# Square H^3 - H^6 \n"
+        "PMULL2 v19.1q, v25.2d, v25.2d \n"
+        "PMULL  v18.1q, v25.1d, v25.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v10.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^6 => H^7 \n"
+        "PMULL  v18.1q, v10.1d, v16.1d \n"
+        "PMULL2 v19.1q, v10.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v10.1d, v20.1d \n"
+        "PMULL2 v20.1q, v10.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v11.16b, v18.16b, v20.16b \n"
+        "# Square H^4 => H^8 \n"
+        "PMULL2 v19.1q, v26.2d, v26.2d \n"
+        "PMULL  v18.1q, v26.1d, v26.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v4.16b, v18.16b, v19.16b \n"
+
+        "# First encrypt - no GHASH \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v12.16b, v12.16b, v5.16b \n"
+        "EOR v13.16b, v13.16b, v6.16b \n"
+        "EOR v14.16b, v14.16b, v7.16b \n"
+        "EOR v15.16b, v15.16b, v8.16b \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "ST1 {v12.2d-v15.2d}, [%[out]], #64 \n \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+
+        "81: \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w15, w15 \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "REV w13, w13 \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "REV w15, w15 \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "REV w13, w13 \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v9.1d \n"
+        "PMULL2 v3.1q, v15.2d, v9.2d \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "PMULL  v3.1q, v15.1d, v9.1d \n"
+        "PMULL2 v15.1q, v15.2d, v9.2d \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v10.1d \n"
+        "PMULL2 v3.1q, v14.2d, v10.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v3.1q, v14.1d, v10.1d \n"
+        "PMULL2 v14.1q, v14.2d, v10.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v11.1d \n"
+        "PMULL2 v3.1q, v13.2d, v11.2d \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL  v3.1q, v13.1d, v11.1d \n"
+        "PMULL2 v13.1q, v13.2d, v11.2d \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v4.1d \n"
+        "PMULL2 v3.1q, v12.2d, v4.2d \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v3.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v12.16b, v12.16b, v5.16b \n"
+        "EOR v13.16b, v13.16b, v6.16b \n"
+        "EOR v14.16b, v14.16b, v7.16b \n"
+        "EOR v15.16b, v15.16b, v8.16b \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "ST1 {v12.2d-v15.2d}, [%[out]], #64 \n \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+
+        "CMP w11, #128 \n"
+        "BGE 81b \n"
+
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v9.1d \n"
+        "PMULL2 v3.1q, v15.2d, v9.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "PMULL  v3.1q, v15.1d, v9.1d \n"
+        "PMULL2 v15.1q, v15.2d, v9.2d \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v10.1d \n"
+        "PMULL2 v3.1q, v14.2d, v10.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "PMULL  v3.1q, v14.1d, v10.1d \n"
+        "PMULL2 v14.1q, v14.2d, v10.2d \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v11.1d \n"
+        "PMULL2 v3.1q, v13.2d, v11.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v3.1q, v13.1d, v11.1d \n"
+        "PMULL2 v13.1q, v13.2d, v11.2d \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v4.1d \n"
+        "PMULL2 v3.1q, v12.2d, v4.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v3.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+
+        "80: \n"
+        "LD1 {v22.2d}, [%[ctr]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[Key]], #64 \n"
+        "LD1 {v5.2d-v8.2d}, [%[Key]], #64 \n"
+        "LD1 {v9.2d-v11.2d}, [%[Key]], #48 \n"
+        "# Can we do 4 blocks at a time? \n"
+        "CMP w11, #64 \n"
+        "BLT 10f \n"
+
+        "# First encrypt - no GHASH \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "EOR v27.16b, v27.16b, v11.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "EOR v28.16b, v28.16b, v11.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "EOR v29.16b, v29.16b, v11.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "EOR v30.16b, v30.16b, v11.16b \n"
+
+        "# XOR in input \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BLT 12f \n"
+
+        "11: \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "REV w15, w15 \n"
+        "RBIT v19.16b, v19.16b \n"
+        "REV w14, w14 \n"
+        "RBIT v20.16b, v20.16b \n"
+        "REV w13, w13 \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "EOR v27.16b, v27.16b, v11.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "EOR v28.16b, v28.16b, v11.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "EOR v29.16b, v29.16b, v11.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "EOR v30.16b, v30.16b, v11.16b \n"
+
+        "# XOR in input \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BGE 11b \n"
+
+        "12: \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+
+        "10: \n"
+        "CBZ w11, 30f \n"
+        "CMP w11, #16 \n"
+        "BLT 20f \n"
+        "# Encrypt first block for GHASH \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[out]], #16 \n"
+
+        "# When only one full block to encrypt go straight to GHASH \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+
+        "# Interweave GHASH and encrypt if more then 1 block \n"
+        "2: \n"
+        "RBIT v15.16b, v15.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[out]], #16 \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+        "B 2b \n"
+
+        "# GHASH on last block \n"
+        "1: \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "20: \n"
+        "CBZ w11, 30f \n"
+        "EOR v31.16b, v31.16b, v31.16b \n"
+        "MOV x15, x11 \n"
+        "ST1 {v31.2d}, [%[scratch]] \n"
+        "23: \n"
+        "LDRB w14, [%[input]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 23b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+        "LD1 {v31.2d}, [%[scratch]] \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "MOV x15, x11 \n"
+        "24: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[out]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 24b \n"
+        "MOV x15, #16 \n"
+        "EOR w14, w14, w14 \n"
+        "SUB x15, x15, x11 \n"
+        "25: \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 25b \n"
+        "SUB %[scratch], %[scratch], #16 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "30: \n"
+        "# store current counter value at the end \n"
+        "REV w13, w12 \n"
+        "MOV v22.S[3], w13 \n"
+        "LD1 {v0.2d}, [%[ctr]] \n"
+        "ST1 {v22.2d}, [%[ctr]] \n"
+
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[sz], %x[sz], #3 \n"
+        "MOV v15.d[0], %x[aSz] \n"
+        "MOV v15.d[1], %x[sz] \n"
+        "REV64 v15.16b, v15.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "RBIT v17.16b, v17.16b \n"
+        "EOR v0.16b, v0.16b, v17.16b \n \n"
+        "CMP %w[tagSz], #16 \n"
+        "BNE 40f \n"
+        "ST1 {v0.2d}, [%[tag]] \n"
+        "B 41f \n"
+        "40: \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV x15, %x[tagSz] \n"
+        "44: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[tag]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 44b \n"
+        "SUB %[scratch], %[scratch], %x[tagSz] \n"
+        "41: \n"
+
+        : [out] "+r" (out), [input] "+r" (in), [Key] "+r" (keyPt),
+          [aSz] "+r" (authInSz), [sz] "+r" (sz), [aad] "+r" (authIn)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "m" (aes->gcm.H), [tag] "r" (authTag), [tagSz] "r" (authTagSz)
+        : "cc", "memory", "x11", "x12", "w13", "x14", "x15", "w16",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+          "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+          "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
+    );
+}
+#endif /* WOLFSSL_AES_128 */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#ifdef WOLFSSL_AES_192
+/* internal function : see AES_GCM_encrypt_AARCH64 */
+static void Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    /* Noticed different optimization levels treated head of array different.
+     * Some cases was stack pointer plus offset others was a register containing
+     * address. To make uniform for passing in to inline assembly code am using
+     * pointers to the head of each local array.
+     */
+    byte* ctr  = counter;
+    byte* keyPt = (byte*)aes->key;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    }
+
+    __asm__ __volatile__ (
+        "LD1 {v16.16b}, %[h] \n"
+        "# v23 = 0x00000000000000870000000000000087 reflected 0xe1.... \n"
+        "MOVI v23.16b, #0x87 \n"
+        "EOR v17.16b, v17.16b, v17.16b \n"
+        "USHR v23.2d, v23.2d, #56 \n"
+        "CBZ %w[aSz], 120f \n"
+
+        "MOV w12, %w[aSz] \n"
+
+        "# GHASH AAD \n"
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "114: \n"
+        "LD1 {v18.2d-v21.2d}, [%[aad]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v30.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR v20.16b, v20.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v20.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR v19.16b, v19.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v19.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR v18.16b, v18.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v18.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v30.16b, #8 \n"
+        "PMULL2 v14.1q, v30.2d, v23.2d \n"
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -4164,12 +6119,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -4188,12 +6139,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "LDR q1, [%[Key], #32] \n"
         "AESE v5.16b, v22.16b \n"
         "AESMC v5.16b, v5.16b \n"
@@ -4213,12 +6160,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v22.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "# x[0-2] += C * H^5 \n"
@@ -4238,12 +6181,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v15.1q, v15.2d, v9.2d \n"
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
         "# x[0-2] += C * H^6 \n"
@@ -4262,12 +6201,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v14.2d, v10.2d \n"
         "AESE v29.16b, v1.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^7 \n"
@@ -4287,12 +6222,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v13.1q, v13.2d, v11.2d \n"
         "AESE v8.16b, v22.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "# x[0-2] += C * H^8 \n"
@@ -4312,12 +6243,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "LDR q22, [%[Key], #80] \n"
         "AESE v5.16b, v1.16b \n"
         "AESMC v5.16b, v5.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
         "# Reduce X = x[0-2] \n"
@@ -4327,16 +6254,10 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v1.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v1.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
@@ -4508,12 +6429,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v3.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v2.1q, v19.1d, v25.1d \n"
         "PMULL2 v3.1q, v19.2d, v25.2d \n"
@@ -4522,12 +6439,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v3.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v2.1q, v18.1d, v26.1d \n"
         "PMULL2 v3.1q, v18.2d, v26.2d \n"
@@ -4536,12 +6449,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v3.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^5 \n"
         "PMULL  v2.1q, v15.1d, v9.1d \n"
         "PMULL2 v3.1q, v15.2d, v9.2d \n"
@@ -4550,12 +6459,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v15.16b, v15.16b, v15.16b, #8 \n"
         "PMULL  v3.1q, v15.1d, v9.1d \n"
         "PMULL2 v15.1q, v15.2d, v9.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^6 \n"
         "PMULL  v2.1q, v14.1d, v10.1d \n"
         "PMULL2 v3.1q, v14.2d, v10.2d \n"
@@ -4564,12 +6469,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v14.16b, v14.16b, v14.16b, #8 \n"
         "PMULL  v3.1q, v14.1d, v10.1d \n"
         "PMULL2 v14.1q, v14.2d, v10.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^7 \n"
         "PMULL  v2.1q, v13.1d, v11.1d \n"
         "PMULL2 v3.1q, v13.2d, v11.2d \n"
@@ -4578,12 +6479,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v13.16b, v13.16b, v13.16b, #8 \n"
         "PMULL  v3.1q, v13.1d, v11.1d \n"
         "PMULL2 v13.1q, v13.2d, v11.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^8 \n"
         "PMULL  v2.1q, v12.1d, v4.1d \n"
         "PMULL2 v3.1q, v12.2d, v4.2d \n"
@@ -4592,23 +6489,13 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v3.1q, v12.1d, v4.1d \n"
         "PMULL2 v12.1q, v12.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v3.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
         "MOV v17.D[1], v3.D[0] \n"
         "EOR v17.16b, v17.16b, v2.16b \n"
@@ -4814,12 +6701,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v28.16b, v3.16b \n"
         "AESMC v28.16b, v28.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v29.16b, v3.16b \n"
         "AESMC v29.16b, v29.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -4838,12 +6721,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v29.16b, v4.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v4.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^4 \n"
@@ -4862,12 +6741,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v30.16b, v5.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "SUB w11, w11, #64 \n"
         "AESE v27.16b, v6.16b \n"
         "AESMC v27.16b, v27.16b \n"
@@ -4878,16 +6753,10 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
         "AESE v29.16b, v6.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v6.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v7.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
@@ -4974,12 +6843,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -4988,12 +6853,8 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -5002,23 +6863,13 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -5294,19 +7145,17 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
           "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
           "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
     );
-
-
-    return 0;
 }
 #endif /* WOLFSSL_AES_192 */
-#ifdef WOLFSSL_AES_256
-/* internal function : see wc_AesGcmEncrypt */
-static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
-    const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifdef WOLFSSL_AES_192
+/* internal function : see AES_GCM_encrypt_AARCH64 */
+static void Aes192GcmEncrypt_EOR3(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     /* Noticed different optimization levels treated head of array different.
      * Some cases was stack pointer plus offset others was a register containing
      * address. To make uniform for passing in to inline assembly code am using
@@ -5315,14 +7164,14 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     byte* ctr  = counter;
     byte* keyPt = (byte*)aes->key;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
-        GMULT(counter, aes->gcm.H);
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
     }
 
     __asm__ __volatile__ (
@@ -5396,12 +7245,7 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
-        "EOR v20.16b, v20.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -5410,12 +7254,7 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
-        "EOR v19.16b, v19.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -5424,23 +7263,1626 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
-        "EOR v18.16b, v18.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v30.16b, #8 \n"
         "PMULL2 v14.1q, v30.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v15.2d}, [%[aad]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial AAD \n"
+        "EOR v15.16b, v15.16b, v15.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[aad]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "120: \n"
+
+        "# Encrypt plaintext and GHASH ciphertext \n"
+        "LDR w12, [%[ctr], #12] \n"
+        "MOV w11, %w[sz] \n"
+        "REV w12, w12 \n"
+        "CMP w11, #64 \n"
+        "BLT 80f \n"
+        "CMP %w[aSz], #64 \n"
+        "BGE 82f \n"
+
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "82: \n"
+        "# Should we do 8 blocks at a time? \n"
+        "CMP w11, #512 \n"
+        "BLT 80f \n"
+
+        "# Calculate H^[5-8] - GMULT partials \n"
+        "# Multiply H and H^4 => H^5 \n"
+        "PMULL  v18.1q, v26.1d, v16.1d \n"
+        "PMULL2 v19.1q, v26.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v26.1d, v20.1d \n"
+        "PMULL2 v20.1q, v26.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v9.16b, v18.16b, v20.16b \n"
+        "# Square H^3 - H^6 \n"
+        "PMULL2 v19.1q, v25.2d, v25.2d \n"
+        "PMULL  v18.1q, v25.1d, v25.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v10.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^6 => H^7 \n"
+        "PMULL  v18.1q, v10.1d, v16.1d \n"
+        "PMULL2 v19.1q, v10.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v10.1d, v20.1d \n"
+        "PMULL2 v20.1q, v10.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v11.16b, v18.16b, v20.16b \n"
+        "# Square H^4 => H^8 \n"
+        "PMULL2 v19.1q, v26.2d, v26.2d \n"
+        "PMULL  v18.1q, v26.1d, v26.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v4.16b, v18.16b, v19.16b \n"
+
+        "# First encrypt - no GHASH \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v12.16b, v12.16b, v5.16b \n"
+        "EOR v13.16b, v13.16b, v6.16b \n"
+        "EOR v14.16b, v14.16b, v7.16b \n"
+        "EOR v15.16b, v15.16b, v8.16b \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "ST1 {v12.2d-v15.2d}, [%[out]], #64 \n \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+
+        "81: \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w15, w15 \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "REV w13, w13 \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "REV w15, w15 \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "REV w13, w13 \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v9.1d \n"
+        "PMULL2 v3.1q, v15.2d, v9.2d \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "PMULL  v3.1q, v15.1d, v9.1d \n"
+        "PMULL2 v15.1q, v15.2d, v9.2d \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v10.1d \n"
+        "PMULL2 v3.1q, v14.2d, v10.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v3.1q, v14.1d, v10.1d \n"
+        "PMULL2 v14.1q, v14.2d, v10.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v11.1d \n"
+        "PMULL2 v3.1q, v13.2d, v11.2d \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL  v3.1q, v13.1d, v11.1d \n"
+        "PMULL2 v13.1q, v13.2d, v11.2d \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v4.1d \n"
+        "PMULL2 v3.1q, v12.2d, v4.2d \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v3.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v12.16b, v12.16b, v5.16b \n"
+        "EOR v13.16b, v13.16b, v6.16b \n"
+        "EOR v14.16b, v14.16b, v7.16b \n"
+        "EOR v15.16b, v15.16b, v8.16b \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "ST1 {v12.2d-v15.2d}, [%[out]], #64 \n \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+
+        "CMP w11, #128 \n"
+        "BGE 81b \n"
+
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v9.1d \n"
+        "PMULL2 v3.1q, v15.2d, v9.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "PMULL  v3.1q, v15.1d, v9.1d \n"
+        "PMULL2 v15.1q, v15.2d, v9.2d \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v10.1d \n"
+        "PMULL2 v3.1q, v14.2d, v10.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "PMULL  v3.1q, v14.1d, v10.1d \n"
+        "PMULL2 v14.1q, v14.2d, v10.2d \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v11.1d \n"
+        "PMULL2 v3.1q, v13.2d, v11.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v3.1q, v13.1d, v11.1d \n"
+        "PMULL2 v13.1q, v13.2d, v11.2d \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v4.1d \n"
+        "PMULL2 v3.1q, v12.2d, v4.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v3.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+
+        "80: \n"
+        "LD1 {v22.2d}, [%[ctr]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[Key]], #64 \n"
+        "LD1 {v5.2d-v8.2d}, [%[Key]], #64 \n"
+        "LD1 {v9.2d-v11.2d}, [%[Key]], #48 \n"
+        "LD1 {v12.2d-v13.2d}, [%[Key]], #32 \n"
+        "# Can we do 4 blocks at a time? \n"
+        "CMP w11, #64 \n"
+        "BLT 10f \n"
+
+        "# First encrypt - no GHASH \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v12.16b \n"
+        "EOR v27.16b, v27.16b, v13.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "EOR v28.16b, v28.16b, v13.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "EOR v29.16b, v29.16b, v13.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "EOR v30.16b, v30.16b, v13.16b \n"
+
+        "# XOR in input \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BLT 12f \n"
+
+        "11: \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "REV w15, w15 \n"
+        "RBIT v19.16b, v19.16b \n"
+        "REV w14, w14 \n"
+        "RBIT v20.16b, v20.16b \n"
+        "REV w13, w13 \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v12.16b \n"
+        "EOR v27.16b, v27.16b, v13.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "EOR v28.16b, v28.16b, v13.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "EOR v29.16b, v29.16b, v13.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "EOR v30.16b, v30.16b, v13.16b \n"
+
+        "# XOR in input \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BGE 11b \n"
+
+        "12: \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+
+        "10: \n"
+        "CBZ w11, 30f \n"
+        "CMP w11, #16 \n"
+        "BLT 20f \n"
+        "# Encrypt first block for GHASH \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[out]], #16 \n"
+
+        "# When only one full block to encrypt go straight to GHASH \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+
+        "# Interweave GHASH and encrypt if more then 1 block \n"
+        "2: \n"
+        "RBIT v15.16b, v15.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[out]], #16 \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+        "B 2b \n"
+
+        "# GHASH on last block \n"
+        "1: \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "20: \n"
+        "CBZ w11, 30f \n"
+        "EOR v31.16b, v31.16b, v31.16b \n"
+        "MOV x15, x11 \n"
+        "ST1 {v31.2d}, [%[scratch]] \n"
+        "23: \n"
+        "LDRB w14, [%[input]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 23b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+        "LD1 {v31.2d}, [%[scratch]] \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "MOV x15, x11 \n"
+        "24: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[out]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 24b \n"
+        "MOV x15, #16 \n"
+        "EOR w14, w14, w14 \n"
+        "SUB x15, x15, x11 \n"
+        "25: \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 25b \n"
+        "SUB %[scratch], %[scratch], #16 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "30: \n"
+        "# store current counter value at the end \n"
+        "REV w13, w12 \n"
+        "MOV v22.S[3], w13 \n"
+        "LD1 {v0.2d}, [%[ctr]] \n"
+        "ST1 {v22.2d}, [%[ctr]] \n"
+
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[sz], %x[sz], #3 \n"
+        "MOV v15.d[0], %x[aSz] \n"
+        "MOV v15.d[1], %x[sz] \n"
+        "REV64 v15.16b, v15.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "RBIT v17.16b, v17.16b \n"
+        "EOR v0.16b, v0.16b, v17.16b \n \n"
+        "CMP %w[tagSz], #16 \n"
+        "BNE 40f \n"
+        "ST1 {v0.2d}, [%[tag]] \n"
+        "B 41f \n"
+        "40: \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV x15, %x[tagSz] \n"
+        "44: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[tag]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 44b \n"
+        "SUB %[scratch], %[scratch], %x[tagSz] \n"
+        "41: \n"
+
+        : [out] "+r" (out), [input] "+r" (in), [Key] "+r" (keyPt),
+          [aSz] "+r" (authInSz), [sz] "+r" (sz), [aad] "+r" (authIn)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "m" (aes->gcm.H), [tag] "r" (authTag), [tagSz] "r" (authTagSz)
+        : "cc", "memory", "x11", "x12", "w13", "x14", "x15", "w16",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+          "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+          "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
+    );
+}
+#endif /* WOLFSSL_AES_192 */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#ifdef WOLFSSL_AES_256
+/* internal function : see AES_GCM_encrypt_AARCH64 */
+static void Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    /* Noticed different optimization levels treated head of array different.
+     * Some cases was stack pointer plus offset others was a register containing
+     * address. To make uniform for passing in to inline assembly code am using
+     * pointers to the head of each local array.
+     */
+    byte* ctr  = counter;
+    byte* keyPt = (byte*)aes->key;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    }
+
+    __asm__ __volatile__ (
+        "LD1 {v16.16b}, %[h] \n"
+        "# v23 = 0x00000000000000870000000000000087 reflected 0xe1.... \n"
+        "MOVI v23.16b, #0x87 \n"
+        "EOR v17.16b, v17.16b, v17.16b \n"
+        "USHR v23.2d, v23.2d, #56 \n"
+        "CBZ %w[aSz], 120f \n"
+
+        "MOV w12, %w[aSz] \n"
+
+        "# GHASH AAD \n"
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "114: \n"
+        "LD1 {v18.2d-v21.2d}, [%[aad]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v30.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR v20.16b, v20.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v20.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR v19.16b, v19.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v19.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR v18.16b, v18.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v18.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v30.16b, #8 \n"
+        "PMULL2 v14.1q, v30.2d, v23.2d \n"
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -5961,12 +9403,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -5985,12 +9423,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "LDR q1, [%[Key], #32] \n"
         "AESE v5.16b, v22.16b \n"
         "AESMC v5.16b, v5.16b \n"
@@ -6010,12 +9444,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v22.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "# x[0-2] += C * H^5 \n"
@@ -6035,12 +9465,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v15.1q, v15.2d, v9.2d \n"
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
         "# x[0-2] += C * H^6 \n"
@@ -6059,12 +9485,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v14.2d, v10.2d \n"
         "AESE v29.16b, v1.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^7 \n"
@@ -6084,12 +9506,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v13.1q, v13.2d, v11.2d \n"
         "AESE v8.16b, v22.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "# x[0-2] += C * H^8 \n"
@@ -6109,12 +9527,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "LDR q22, [%[Key], #80] \n"
         "AESE v5.16b, v1.16b \n"
         "AESMC v5.16b, v5.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
         "# Reduce X = x[0-2] \n"
@@ -6124,16 +9538,10 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v1.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v1.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
@@ -6339,12 +9747,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v3.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v2.1q, v19.1d, v25.1d \n"
         "PMULL2 v3.1q, v19.2d, v25.2d \n"
@@ -6353,12 +9757,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v3.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v2.1q, v18.1d, v26.1d \n"
         "PMULL2 v3.1q, v18.2d, v26.2d \n"
@@ -6367,12 +9767,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v3.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^5 \n"
         "PMULL  v2.1q, v15.1d, v9.1d \n"
         "PMULL2 v3.1q, v15.2d, v9.2d \n"
@@ -6381,12 +9777,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v15.16b, v15.16b, v15.16b, #8 \n"
         "PMULL  v3.1q, v15.1d, v9.1d \n"
         "PMULL2 v15.1q, v15.2d, v9.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^6 \n"
         "PMULL  v2.1q, v14.1d, v10.1d \n"
         "PMULL2 v3.1q, v14.2d, v10.2d \n"
@@ -6395,12 +9787,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v14.16b, v14.16b, v14.16b, #8 \n"
         "PMULL  v3.1q, v14.1d, v10.1d \n"
         "PMULL2 v14.1q, v14.2d, v10.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^7 \n"
         "PMULL  v2.1q, v13.1d, v11.1d \n"
         "PMULL2 v3.1q, v13.2d, v11.2d \n"
@@ -6409,12 +9797,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v13.16b, v13.16b, v13.16b, #8 \n"
         "PMULL  v3.1q, v13.1d, v11.1d \n"
         "PMULL2 v13.1q, v13.2d, v11.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^8 \n"
         "PMULL  v2.1q, v12.1d, v4.1d \n"
         "PMULL2 v3.1q, v12.2d, v4.2d \n"
@@ -6423,23 +9807,13 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v3.1q, v12.1d, v4.1d \n"
         "PMULL2 v12.1q, v12.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v3.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
         "MOV v17.D[1], v3.D[0] \n"
         "EOR v17.16b, v17.16b, v2.16b \n"
@@ -6662,12 +10036,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v28.16b, v3.16b \n"
         "AESMC v28.16b, v28.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v29.16b, v3.16b \n"
         "AESMC v29.16b, v29.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -6686,12 +10056,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v29.16b, v4.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v4.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^4 \n"
@@ -6710,12 +10076,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v30.16b, v5.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "SUB w11, w11, #64 \n"
         "AESE v27.16b, v6.16b \n"
         "AESMC v27.16b, v27.16b \n"
@@ -6726,16 +10088,10 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
         "AESE v29.16b, v6.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v6.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v7.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
@@ -6839,12 +10195,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -6853,12 +10205,8 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -6867,23 +10215,13 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -7188,11 +10526,1751 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
           "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
           "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
     );
-
-
-    return 0;
 }
 #endif /* WOLFSSL_AES_256 */
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifdef WOLFSSL_AES_256
+/* internal function : see AES_GCM_encrypt_AARCH64 */
+static void Aes256GcmEncrypt_EOR3(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    /* Noticed different optimization levels treated head of array different.
+     * Some cases was stack pointer plus offset others was a register containing
+     * address. To make uniform for passing in to inline assembly code am using
+     * pointers to the head of each local array.
+     */
+    byte* ctr  = counter;
+    byte* keyPt = (byte*)aes->key;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    }
+
+    __asm__ __volatile__ (
+        "LD1 {v16.16b}, %[h] \n"
+        "# v23 = 0x00000000000000870000000000000087 reflected 0xe1.... \n"
+        "MOVI v23.16b, #0x87 \n"
+        "EOR v17.16b, v17.16b, v17.16b \n"
+        "USHR v23.2d, v23.2d, #56 \n"
+        "CBZ %w[aSz], 120f \n"
+
+        "MOV w12, %w[aSz] \n"
+
+        "# GHASH AAD \n"
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "114: \n"
+        "LD1 {v18.2d-v21.2d}, [%[aad]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v30.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v30.16b, #8 \n"
+        "PMULL2 v14.1q, v30.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v15.2d}, [%[aad]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial AAD \n"
+        "EOR v15.16b, v15.16b, v15.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[aad]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "120: \n"
+
+        "# Encrypt plaintext and GHASH ciphertext \n"
+        "LDR w12, [%[ctr], #12] \n"
+        "MOV w11, %w[sz] \n"
+        "REV w12, w12 \n"
+        "CMP w11, #64 \n"
+        "BLT 80f \n"
+        "CMP %w[aSz], #64 \n"
+        "BGE 82f \n"
+
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "82: \n"
+        "# Should we do 8 blocks at a time? \n"
+        "CMP w11, #512 \n"
+        "BLT 80f \n"
+
+        "# Calculate H^[5-8] - GMULT partials \n"
+        "# Multiply H and H^4 => H^5 \n"
+        "PMULL  v18.1q, v26.1d, v16.1d \n"
+        "PMULL2 v19.1q, v26.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v26.1d, v20.1d \n"
+        "PMULL2 v20.1q, v26.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v9.16b, v18.16b, v20.16b \n"
+        "# Square H^3 - H^6 \n"
+        "PMULL2 v19.1q, v25.2d, v25.2d \n"
+        "PMULL  v18.1q, v25.1d, v25.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v10.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^6 => H^7 \n"
+        "PMULL  v18.1q, v10.1d, v16.1d \n"
+        "PMULL2 v19.1q, v10.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v10.1d, v20.1d \n"
+        "PMULL2 v20.1q, v10.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v11.16b, v18.16b, v20.16b \n"
+        "# Square H^4 => H^8 \n"
+        "PMULL2 v19.1q, v26.2d, v26.2d \n"
+        "PMULL  v18.1q, v26.1d, v26.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v4.16b, v18.16b, v19.16b \n"
+
+        "# First encrypt - no GHASH \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #192] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #208] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v12.16b, v12.16b, v5.16b \n"
+        "EOR v13.16b, v13.16b, v6.16b \n"
+        "EOR v14.16b, v14.16b, v7.16b \n"
+        "EOR v15.16b, v15.16b, v8.16b \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "ST1 {v12.2d-v15.2d}, [%[out]], #64 \n \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+
+        "81: \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w15, w15 \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "REV w13, w13 \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "REV w15, w15 \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "REV w13, w13 \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v9.1d \n"
+        "PMULL2 v3.1q, v15.2d, v9.2d \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "PMULL  v3.1q, v15.1d, v9.1d \n"
+        "PMULL2 v15.1q, v15.2d, v9.2d \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v10.1d \n"
+        "PMULL2 v3.1q, v14.2d, v10.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v3.1q, v14.1d, v10.1d \n"
+        "PMULL2 v14.1q, v14.2d, v10.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v11.1d \n"
+        "PMULL2 v3.1q, v13.2d, v11.2d \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL  v3.1q, v13.1d, v11.1d \n"
+        "PMULL2 v13.1q, v13.2d, v11.2d \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v4.1d \n"
+        "PMULL2 v3.1q, v12.2d, v4.2d \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v3.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #192] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #208] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v12.16b, v12.16b, v5.16b \n"
+        "EOR v13.16b, v13.16b, v6.16b \n"
+        "EOR v14.16b, v14.16b, v7.16b \n"
+        "EOR v15.16b, v15.16b, v8.16b \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "ST1 {v12.2d-v15.2d}, [%[out]], #64 \n \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+
+        "CMP w11, #128 \n"
+        "BGE 81b \n"
+
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v9.1d \n"
+        "PMULL2 v3.1q, v15.2d, v9.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "PMULL  v3.1q, v15.1d, v9.1d \n"
+        "PMULL2 v15.1q, v15.2d, v9.2d \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v10.1d \n"
+        "PMULL2 v3.1q, v14.2d, v10.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "PMULL  v3.1q, v14.1d, v10.1d \n"
+        "PMULL2 v14.1q, v14.2d, v10.2d \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v11.1d \n"
+        "PMULL2 v3.1q, v13.2d, v11.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v3.1q, v13.1d, v11.1d \n"
+        "PMULL2 v13.1q, v13.2d, v11.2d \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v4.1d \n"
+        "PMULL2 v3.1q, v12.2d, v4.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v3.1q, v12.1d, v4.1d \n"
+        "PMULL2 v12.1q, v12.2d, v4.2d \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+
+        "80: \n"
+        "LD1 {v22.2d}, [%[ctr]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[Key]], #64 \n"
+        "LD1 {v5.2d-v8.2d}, [%[Key]], #64 \n"
+        "LD1 {v9.2d-v11.2d}, [%[Key]], #48 \n"
+        "LD1 {v12.2d-v13.2d}, [%[Key]], #32 \n"
+        "# Can we do 4 blocks at a time? \n"
+        "CMP w11, #64 \n"
+        "BLT 10f \n"
+
+        "# First encrypt - no GHASH \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v12.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v14.2d, v15.2d}, [%[Key]] \n"
+        "AESE v27.16b, v13.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v13.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v13.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v13.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v14.16b \n"
+        "EOR v27.16b, v27.16b, v15.16b \n"
+        "AESE v28.16b, v14.16b \n"
+        "EOR v28.16b, v28.16b, v15.16b \n"
+        "AESE v29.16b, v14.16b \n"
+        "EOR v29.16b, v29.16b, v15.16b \n"
+        "AESE v30.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+
+        "# XOR in input \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BLT 12f \n"
+
+        "11: \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "REV w15, w15 \n"
+        "RBIT v19.16b, v19.16b \n"
+        "REV w14, w14 \n"
+        "RBIT v20.16b, v20.16b \n"
+        "REV w13, w13 \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v12.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v14.2d, v15.2d}, [%[Key]] \n"
+        "AESE v27.16b, v13.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v13.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v13.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v13.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v14.16b \n"
+        "EOR v27.16b, v27.16b, v15.16b \n"
+        "AESE v28.16b, v14.16b \n"
+        "EOR v28.16b, v28.16b, v15.16b \n"
+        "AESE v29.16b, v14.16b \n"
+        "EOR v29.16b, v29.16b, v15.16b \n"
+        "AESE v30.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+
+        "# XOR in input \n"
+        "EOR v18.16b, v18.16b, v27.16b \n"
+        "EOR v19.16b, v19.16b, v28.16b \n"
+        "EOR v20.16b, v20.16b, v29.16b \n"
+        "EOR v21.16b, v21.16b, v30.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v18.2d-v21.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BGE 11b \n"
+
+        "12: \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+
+        "10: \n"
+        "SUB %[Key], %[Key], #32 \n"
+        "CBZ w11, 30f \n"
+        "CMP w11, #16 \n"
+        "BLT 20f \n"
+        "# Encrypt first block for GHASH \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]] \n"
+        "SUB %[Key], %[Key], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[out]], #16 \n"
+
+        "# When only one full block to encrypt go straight to GHASH \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+
+        "# Interweave GHASH and encrypt if more then 1 block \n"
+        "2: \n"
+        "RBIT v15.16b, v15.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]] \n"
+        "SUB %[Key], %[Key], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[out]], #16 \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "LD1 {v31.2d}, [%[input]], #16 \n"
+        "B 2b \n"
+
+        "# GHASH on last block \n"
+        "1: \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "20: \n"
+        "CBZ w11, 30f \n"
+        "EOR v31.16b, v31.16b, v31.16b \n"
+        "MOV x15, x11 \n"
+        "ST1 {v31.2d}, [%[scratch]] \n"
+        "23: \n"
+        "LDRB w14, [%[input]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 23b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+        "LD1 {v31.2d}, [%[scratch]] \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]] \n"
+        "SUB %[Key], %[Key], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v15.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "MOV x15, x11 \n"
+        "24: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[out]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 24b \n"
+        "MOV x15, #16 \n"
+        "EOR w14, w14, w14 \n"
+        "SUB x15, x15, x11 \n"
+        "25: \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 25b \n"
+        "SUB %[scratch], %[scratch], #16 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "30: \n"
+        "# store current counter value at the end \n"
+        "REV w13, w12 \n"
+        "MOV v22.S[3], w13 \n"
+        "LD1 {v0.2d}, [%[ctr]] \n"
+        "ST1 {v22.2d}, [%[ctr]] \n"
+
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[sz], %x[sz], #3 \n"
+        "MOV v15.d[0], %x[aSz] \n"
+        "MOV v15.d[1], %x[sz] \n"
+        "REV64 v15.16b, v15.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v12.2d, v13.2d}, [%[Key]] \n"
+        "SUB %[Key], %[Key], #32 \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "RBIT v17.16b, v17.16b \n"
+        "EOR v0.16b, v0.16b, v17.16b \n \n"
+        "CMP %w[tagSz], #16 \n"
+        "BNE 40f \n"
+        "ST1 {v0.2d}, [%[tag]] \n"
+        "B 41f \n"
+        "40: \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV x15, %x[tagSz] \n"
+        "44: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[tag]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 44b \n"
+        "SUB %[scratch], %[scratch], %x[tagSz] \n"
+        "41: \n"
+
+        : [out] "+r" (out), [input] "+r" (in), [Key] "+r" (keyPt),
+          [aSz] "+r" (authInSz), [sz] "+r" (sz), [aad] "+r" (authIn)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "m" (aes->gcm.H), [tag] "r" (authTag), [tagSz] "r" (authTagSz)
+        : "cc", "memory", "x11", "x12", "w13", "x14", "x15", "w16",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+          "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+          "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
+    );
+}
+#endif /* WOLFSSL_AES_256 */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
 
 /* aarch64 with PMULL and PMULL2
  * Encrypt and tag data using AES with GCM mode.
@@ -7215,65 +12293,80 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  * by Conrado P.L. Gouvea and Julio Lopez reduction on 256bit value using
  * Algorithm 5
  */
-int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+void AES_GCM_encrypt_AARCH64(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    /* sanity checks */
-    if ((aes == NULL) || (iv == NULL && ivSz > 0) || (authTag == NULL) ||
-            ((authIn == NULL) && (authInSz > 0)) || (ivSz == 0)) {
-        WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
-        return BAD_FUNC_ARG;
-    }
-
-    if ((authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) || (authTagSz > AES_BLOCK_SIZE)) {
-        WOLFSSL_MSG("GcmEncrypt authTagSz error");
-        return BAD_FUNC_ARG;
-    }
-
     switch (aes->rounds) {
 #ifdef WOLFSSL_AES_128
         case 10:
-            return Aes128GcmEncrypt(aes, out, in, sz, iv, ivSz,
-                                    authTag, authTagSz, authIn, authInSz);
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (aes->use_sha3_hw_crypto) {
+                Aes128GcmEncrypt_EOR3(aes, out, in, sz, iv, ivSz, authTag,
+                    authTagSz, authIn, authInSz);
+            }
+            else
+        #endif
+            {
+                Aes128GcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+                    authIn, authInSz);
+            }
+            break;
 #endif
 #ifdef WOLFSSL_AES_192
         case 12:
-            return Aes192GcmEncrypt(aes, out, in, sz, iv, ivSz,
-                                    authTag, authTagSz, authIn, authInSz);
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (aes->use_sha3_hw_crypto) {
+                Aes192GcmEncrypt_EOR3(aes, out, in, sz, iv, ivSz, authTag,
+                    authTagSz, authIn, authInSz);
+            }
+            else
+        #endif
+            {
+                Aes192GcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+                    authIn, authInSz);
+            }
+            break;
 #endif
 #ifdef WOLFSSL_AES_256
         case 14:
-            return Aes256GcmEncrypt(aes, out, in, sz, iv, ivSz,
-                                    authTag, authTagSz, authIn, authInSz);
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (aes->use_sha3_hw_crypto) {
+                Aes256GcmEncrypt_EOR3(aes, out, in, sz, iv, ivSz, authTag,
+                    authTagSz, authIn, authInSz);
+            }
+            else
+        #endif
+            {
+                Aes256GcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+                    authIn, authInSz);
+            }
+            break;
 #endif
-        default:
-            WOLFSSL_MSG("AES-GCM invalid round number");
-            return BAD_FUNC_ARG;
     }
 }
 
 #ifdef HAVE_AES_DECRYPT
 #ifdef WOLFSSL_AES_128
-/* internal function : see wc_AesGcmDecrypt */
+/* internal function : see AES_GCM_decrypt_AARCH64 */
 static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     byte *ctr = counter;
     byte* keyPt = (byte*)aes->key;
     int ret = 0;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
-        GMULT(counter, aes->gcm.H);
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
     }
 
     __asm__ __volatile__ (
@@ -7347,12 +12440,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -7361,12 +12450,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -7375,23 +12460,13 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v30.16b, #8 \n"
         "PMULL2 v14.1q, v30.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -7844,12 +12919,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -7868,12 +12939,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "LDR q1, [%[Key], #32] \n"
         "AESE v5.16b, v22.16b \n"
         "AESMC v5.16b, v5.16b \n"
@@ -7893,12 +12960,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v22.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "# x[0-2] += C * H^5 \n"
@@ -7918,12 +12981,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v15.1q, v15.2d, v4.2d \n"
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
         "# x[0-2] += C * H^6 \n"
@@ -7942,12 +13001,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v14.2d, v9.2d \n"
         "AESE v29.16b, v1.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^7 \n"
@@ -7967,12 +13022,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v13.1q, v13.2d, v10.2d \n"
         "AESE v8.16b, v22.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "# x[0-2] += C * H^8 \n"
@@ -7992,12 +13043,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "LDR q22, [%[Key], #80] \n"
         "AESE v5.16b, v1.16b \n"
         "AESMC v5.16b, v5.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
         "# Reduce X = x[0-2] \n"
@@ -8007,16 +13054,10 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v1.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v1.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
@@ -8154,12 +13195,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v3.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v2.1q, v19.1d, v25.1d \n"
         "PMULL2 v3.1q, v19.2d, v25.2d \n"
@@ -8168,12 +13205,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v3.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v2.1q, v18.1d, v26.1d \n"
         "PMULL2 v3.1q, v18.2d, v26.2d \n"
@@ -8182,12 +13215,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v3.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^5 \n"
         "PMULL  v2.1q, v15.1d, v4.1d \n"
         "PMULL2 v3.1q, v15.2d, v4.2d \n"
@@ -8196,12 +13225,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v15.16b, v15.16b, v15.16b, #8 \n"
         "PMULL  v3.1q, v15.1d, v4.1d \n"
         "PMULL2 v15.1q, v15.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^6 \n"
         "PMULL  v2.1q, v14.1d, v9.1d \n"
         "PMULL2 v3.1q, v14.2d, v9.2d \n"
@@ -8210,12 +13235,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v14.16b, v14.16b, v14.16b, #8 \n"
         "PMULL  v3.1q, v14.1d, v9.1d \n"
         "PMULL2 v14.1q, v14.2d, v9.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^7 \n"
         "PMULL  v2.1q, v13.1d, v10.1d \n"
         "PMULL2 v3.1q, v13.2d, v10.2d \n"
@@ -8224,12 +13245,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v13.16b, v13.16b, v13.16b, #8 \n"
         "PMULL  v3.1q, v13.1d, v10.1d \n"
         "PMULL2 v13.1q, v13.2d, v10.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^8 \n"
         "PMULL  v2.1q, v12.1d, v11.1d \n"
         "PMULL2 v3.1q, v12.2d, v11.2d \n"
@@ -8238,23 +13255,13 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v3.1q, v12.1d, v11.1d \n"
         "PMULL2 v12.1q, v12.2d, v11.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v3.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
         "MOV v17.D[1], v3.D[0] \n"
         "EOR v17.16b, v17.16b, v2.16b \n"
@@ -8443,12 +13450,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v28.16b, v3.16b \n"
         "AESMC v28.16b, v28.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v29.16b, v3.16b \n"
         "AESMC v29.16b, v29.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -8467,12 +13470,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v29.16b, v4.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v4.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^4 \n"
@@ -8491,12 +13490,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v30.16b, v5.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "SUB w11, w11, #64 \n"
         "AESE v27.16b, v6.16b \n"
         "AESMC v27.16b, v27.16b \n"
@@ -8507,16 +13502,10 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
         "AESE v29.16b, v6.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v6.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v7.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
@@ -8587,12 +13576,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -8601,12 +13586,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -8615,23 +13596,13 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -8905,26 +13876,27 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     return ret;
 }
 #endif /* WOLFSSL_AES_128 */
-#ifdef WOLFSSL_AES_192
-/* internal function : see wc_AesGcmDecrypt */
-static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifdef WOLFSSL_AES_128
+/* internal function : see AES_GCM_decrypt_AARCH64 */
+static int Aes128GcmDecrypt_EOR3(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     byte *ctr = counter;
     byte* keyPt = (byte*)aes->key;
     int ret = 0;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
-        GMULT(counter, aes->gcm.H);
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
     }
 
     __asm__ __volatile__ (
@@ -8998,12 +13970,7 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
-        "EOR v20.16b, v20.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -9012,12 +13979,7 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
-        "EOR v19.16b, v19.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -9026,23 +13988,1517 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
-        "EOR v18.16b, v18.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v30.16b, #8 \n"
         "PMULL2 v14.1q, v30.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v15.2d}, [%[aad]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial AAD \n"
+        "EOR v15.16b, v15.16b, v15.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[aad]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "120: \n"
+
+        "# Decrypt ciphertext and GHASH ciphertext \n"
+        "LDR w12, [%[ctr], #12] \n"
+        "MOV w11, %w[sz] \n"
+        "REV w12, w12 \n"
+        "CMP w11, #64 \n"
+        "BLT 80f \n"
+        "CMP %w[aSz], #64 \n"
+        "BGE 82f \n"
+
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "82: \n"
+        "# Should we do 8 blocks at a time? \n"
+        "CMP w11, #512 \n"
+        "BLT 80f \n"
+
+        "# Calculate H^[5-8] - GMULT partials \n"
+        "# Multiply H and H^4 => H^5 \n"
+        "PMULL  v18.1q, v26.1d, v16.1d \n"
+        "PMULL2 v19.1q, v26.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v26.1d, v20.1d \n"
+        "PMULL2 v20.1q, v26.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v4.16b, v18.16b, v20.16b \n"
+        "# Square H^3 - H^6 \n"
+        "PMULL2 v19.1q, v25.2d, v25.2d \n"
+        "PMULL  v18.1q, v25.1d, v25.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v9.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^6 => H^7 \n"
+        "PMULL  v18.1q, v9.1d, v16.1d \n"
+        "PMULL2 v19.1q, v9.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v9.1d, v20.1d \n"
+        "PMULL2 v20.1q, v9.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v10.16b, v18.16b, v20.16b \n"
+        "# Square H^4 => H^8 \n"
+        "PMULL2 v19.1q, v26.2d, v26.2d \n"
+        "PMULL  v18.1q, v26.1d, v26.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v11.16b, v18.16b, v19.16b \n"
+
+        "# First decrypt - no GHASH \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v5.16b, v5.16b, v12.16b \n"
+        "EOR v6.16b, v6.16b, v13.16b \n"
+        "EOR v7.16b, v7.16b, v14.16b \n"
+        "EOR v8.16b, v8.16b, v15.16b \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "ST1 {v5.2d-v8.2d}, [%[out]], #64 \n \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+
+        "81: \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w15, w15 \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "REV w13, w13 \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "REV w15, w15 \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "REV w13, w13 \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v4.1d \n"
+        "PMULL2 v3.1q, v15.2d, v4.2d \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "PMULL  v3.1q, v15.1d, v4.1d \n"
+        "PMULL2 v15.1q, v15.2d, v4.2d \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v9.1d \n"
+        "PMULL2 v3.1q, v14.2d, v9.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v3.1q, v14.1d, v9.1d \n"
+        "PMULL2 v14.1q, v14.2d, v9.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v10.1d \n"
+        "PMULL2 v3.1q, v13.2d, v10.2d \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL  v3.1q, v13.1d, v10.1d \n"
+        "PMULL2 v13.1q, v13.2d, v10.2d \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v11.1d \n"
+        "PMULL2 v3.1q, v12.2d, v11.2d \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v3.1q, v12.1d, v11.1d \n"
+        "PMULL2 v12.1q, v12.2d, v11.2d \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v5.16b, v5.16b, v12.16b \n"
+        "EOR v6.16b, v6.16b, v13.16b \n"
+        "EOR v7.16b, v7.16b, v14.16b \n"
+        "EOR v8.16b, v8.16b, v15.16b \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "ST1 {v5.2d-v8.2d}, [%[out]], #64 \n \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+
+        "CMP w11, #128 \n"
+        "BGE 81b \n"
+
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v4.1d \n"
+        "PMULL2 v3.1q, v15.2d, v4.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "PMULL  v3.1q, v15.1d, v4.1d \n"
+        "PMULL2 v15.1q, v15.2d, v4.2d \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v9.1d \n"
+        "PMULL2 v3.1q, v14.2d, v9.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "PMULL  v3.1q, v14.1d, v9.1d \n"
+        "PMULL2 v14.1q, v14.2d, v9.2d \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v10.1d \n"
+        "PMULL2 v3.1q, v13.2d, v10.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v3.1q, v13.1d, v10.1d \n"
+        "PMULL2 v13.1q, v13.2d, v10.2d \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v11.1d \n"
+        "PMULL2 v3.1q, v12.2d, v11.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v3.1q, v12.1d, v11.1d \n"
+        "PMULL2 v12.1q, v12.2d, v11.2d \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+
+        "80: \n"
+        "LD1 {v22.2d}, [%[ctr]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[Key]], #64 \n"
+        "LD1 {v5.2d-v8.2d}, [%[Key]], #64 \n"
+        "LD1 {v9.2d-v11.2d}, [%[Key]], #48 \n"
+        "# Can we do 4 blocks at a time? \n"
+        "CMP w11, #64 \n"
+        "BLT 10f \n"
+
+        "# First decrypt - no GHASH \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "EOR v27.16b, v27.16b, v11.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "EOR v28.16b, v28.16b, v11.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "EOR v29.16b, v29.16b, v11.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "EOR v30.16b, v30.16b, v11.16b \n"
+
+        "# XOR in input \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BLT 12f \n"
+
+        "11: \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "REV w15, w15 \n"
+        "RBIT v19.16b, v19.16b \n"
+        "REV w14, w14 \n"
+        "RBIT v20.16b, v20.16b \n"
+        "REV w13, w13 \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "EOR v27.16b, v27.16b, v11.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "EOR v28.16b, v28.16b, v11.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "EOR v29.16b, v29.16b, v11.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "EOR v30.16b, v30.16b, v11.16b \n"
+
+        "# XOR in input \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BGE 11b \n"
+
+        "12: \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+
+        "10: \n"
+        "CBZ w11, 30f \n"
+        "CMP w11, #16 \n"
+        "BLT 20f \n"
+        "# Decrypt first block for GHASH \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v28.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "EOR v0.16b, v0.16b, v28.16b \n \n"
+        "ST1 {v0.2d}, [%[out]], #16 \n"
+
+        "# When only one full block to decrypt go straight to GHASH \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "# Interweave GHASH and decrypt if more then 1 block \n"
+        "2: \n"
+        "RBIT v28.16b, v28.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "LD1 {v28.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "EOR v0.16b, v0.16b, v28.16b \n \n"
+        "ST1 {v0.2d}, [%[out]], #16 \n"
+        "CMP w11, #16 \n"
+        "BGE 2b \n"
+
+        "# GHASH on last block \n"
+        "1: \n"
+        "RBIT v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "20: \n"
+        "CBZ w11, 30f \n"
+        "EOR v31.16b, v31.16b, v31.16b \n"
+        "MOV x15, x11 \n"
+        "ST1 {v31.2d}, [%[scratch]] \n"
+        "23: \n"
+        "LDRB w14, [%[input]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 23b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+        "LD1 {v31.2d}, [%[scratch]] \n"
+        "RBIT v31.16b, v31.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v31.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "RBIT v31.16b, v31.16b \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "EOR v0.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV x15, x11 \n"
+        "24: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[out]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 24b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+
+        "30: \n"
+        "# store current counter value at the end \n"
+        "REV w13, w12 \n"
+        "MOV v22.S[3], w13 \n"
+        "LD1 {v0.16b}, [%[ctr]] \n"
+        "ST1 {v22.16b}, [%[ctr]] \n"
+
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[sz], %x[sz], #3 \n"
+        "MOV v28.d[0], %x[aSz] \n"
+        "MOV v28.d[1], %x[sz] \n"
+        "REV64 v28.16b, v28.16b \n"
+        "RBIT v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "EOR v0.16b, v0.16b, v11.16b \n \n"
+        "RBIT v17.16b, v17.16b \n"
+        "EOR v0.16b, v0.16b, v17.16b \n \n"
+        "CMP %w[tagSz], #16 \n"
+        "BNE 40f \n"
+        "LD1 {v1.2d}, [%[tag]] \n"
+        "B 41f \n"
+        "40: \n"
+        "EOR v1.16b, v1.16b, v1.16b \n"
+        "MOV x15, %x[tagSz] \n"
+        "ST1 {v1.2d}, [%[scratch]] \n"
+        "43: \n"
+        "LDRB w14, [%[tag]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 43b \n"
+        "SUB %[scratch], %[scratch], %x[tagSz] \n"
+        "LD1 {v1.2d}, [%[scratch]] \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV w14, #16 \n"
+        "SUB w14, w14, %w[tagSz] \n"
+        "ADD %[scratch], %[scratch], %x[tagSz] \n"
+        "44: \n"
+        "STRB wzr, [%[scratch]], #1 \n"
+        "SUB w14, w14, #1 \n"
+        "CBNZ w14, 44b \n"
+        "SUB %[scratch], %[scratch], #16 \n"
+        "LD1 {v0.2d}, [%[scratch]] \n"
+        "41: \n"
+        "EOR v0.16b, v0.16b, v1.16b \n"
+        "MOV v1.D[0], v0.D[1] \n"
+        "EOR v0.8b, v0.8b, v1.8b \n"
+        "MOV %x[ret], v0.D[0] \n"
+        "CMP %x[ret], #0 \n"
+        "MOV w11, #-180 \n"
+        "CSETM %w[ret], ne \n"
+        "AND %w[ret], %w[ret], w11 \n"
+
+        : [out] "+r" (out), [input] "+r" (in), [Key] "+r" (keyPt),
+          [aSz] "+r" (authInSz), [sz] "+r" (sz), [aad] "+r" (authIn),
+          [ret] "+r" (ret)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "m" (aes->gcm.H), [tag] "r" (authTag), [tagSz] "r" (authTagSz)
+        : "cc", "memory", "x11", "x12", "w13", "x14", "x15", "w16",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+          "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+          "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
+    );
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_128 */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#ifdef WOLFSSL_AES_192
+/* internal function : see AES_GCM_decrypt_AARCH64 */
+static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte *ctr = counter;
+    byte* keyPt = (byte*)aes->key;
+    int ret = 0;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    }
+
+    __asm__ __volatile__ (
+        "LD1 {v16.16b}, %[h] \n"
+        "# v23 = 0x00000000000000870000000000000087 reflected 0xe1.... \n"
+        "MOVI v23.16b, #0x87 \n"
+        "EOR v17.16b, v17.16b, v17.16b \n"
+        "USHR v23.2d, v23.2d, #56 \n"
+        "CBZ %w[aSz], 120f \n"
+
+        "MOV w12, %w[aSz] \n"
+
+        "# GHASH AAD \n"
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "114: \n"
+        "LD1 {v18.2d-v21.2d}, [%[aad]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v30.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR v20.16b, v20.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v20.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR v19.16b, v19.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v19.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR v18.16b, v18.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v18.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v30.16b, #8 \n"
+        "PMULL2 v14.1q, v30.2d, v23.2d \n"
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -9529,12 +15985,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -9553,12 +16005,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "LDR q1, [%[Key], #32] \n"
         "AESE v5.16b, v22.16b \n"
         "AESMC v5.16b, v5.16b \n"
@@ -9578,12 +16026,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v22.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "# x[0-2] += C * H^5 \n"
@@ -9603,12 +16047,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v15.1q, v15.2d, v4.2d \n"
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
         "# x[0-2] += C * H^6 \n"
@@ -9627,12 +16067,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v14.2d, v9.2d \n"
         "AESE v29.16b, v1.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^7 \n"
@@ -9652,12 +16088,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v13.1q, v13.2d, v10.2d \n"
         "AESE v8.16b, v22.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "# x[0-2] += C * H^8 \n"
@@ -9677,12 +16109,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "LDR q22, [%[Key], #80] \n"
         "AESE v5.16b, v1.16b \n"
         "AESMC v5.16b, v5.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
         "# Reduce X = x[0-2] \n"
@@ -9692,16 +16120,10 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v1.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v1.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
@@ -9873,12 +16295,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v3.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v2.1q, v19.1d, v25.1d \n"
         "PMULL2 v3.1q, v19.2d, v25.2d \n"
@@ -9887,12 +16305,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v3.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v2.1q, v18.1d, v26.1d \n"
         "PMULL2 v3.1q, v18.2d, v26.2d \n"
@@ -9901,12 +16315,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v3.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^5 \n"
         "PMULL  v2.1q, v15.1d, v4.1d \n"
         "PMULL2 v3.1q, v15.2d, v4.2d \n"
@@ -9915,12 +16325,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v15.16b, v15.16b, v15.16b, #8 \n"
         "PMULL  v3.1q, v15.1d, v4.1d \n"
         "PMULL2 v15.1q, v15.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^6 \n"
         "PMULL  v2.1q, v14.1d, v9.1d \n"
         "PMULL2 v3.1q, v14.2d, v9.2d \n"
@@ -9929,12 +16335,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v14.16b, v14.16b, v14.16b, #8 \n"
         "PMULL  v3.1q, v14.1d, v9.1d \n"
         "PMULL2 v14.1q, v14.2d, v9.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^7 \n"
         "PMULL  v2.1q, v13.1d, v10.1d \n"
         "PMULL2 v3.1q, v13.2d, v10.2d \n"
@@ -9943,12 +16345,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v13.16b, v13.16b, v13.16b, #8 \n"
         "PMULL  v3.1q, v13.1d, v10.1d \n"
         "PMULL2 v13.1q, v13.2d, v10.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^8 \n"
         "PMULL  v2.1q, v12.1d, v11.1d \n"
         "PMULL2 v3.1q, v12.2d, v11.2d \n"
@@ -9957,23 +16355,13 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v3.1q, v12.1d, v11.1d \n"
         "PMULL2 v12.1q, v12.2d, v11.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v3.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
         "MOV v17.D[1], v3.D[0] \n"
         "EOR v17.16b, v17.16b, v2.16b \n"
@@ -10179,12 +16567,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v28.16b, v3.16b \n"
         "AESMC v28.16b, v28.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v29.16b, v3.16b \n"
         "AESMC v29.16b, v29.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -10203,12 +16587,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v29.16b, v4.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v4.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^4 \n"
@@ -10227,12 +16607,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v30.16b, v5.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "SUB w11, w11, #64 \n"
         "AESE v27.16b, v6.16b \n"
         "AESMC v27.16b, v27.16b \n"
@@ -10243,16 +16619,10 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
         "AESE v29.16b, v6.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v6.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v7.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
@@ -10339,12 +16709,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -10353,12 +16719,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -10367,23 +16729,13 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -10673,26 +17025,27 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     return ret;
 }
 #endif /* WOLFSSL_AES_192 */
-#ifdef WOLFSSL_AES_256
-/* internal function : see wc_AesGcmDecrypt */
-static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifdef WOLFSSL_AES_192
+/* internal function : see AES_GCM_decrypt_AARCH64 */
+static int Aes192GcmDecrypt_EOR3(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     byte *ctr = counter;
     byte* keyPt = (byte*)aes->key;
     int ret = 0;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
-        GMULT(counter, aes->gcm.H);
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
     }
 
     __asm__ __volatile__ (
@@ -10766,12 +17119,7 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
-        "EOR v20.16b, v20.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -10780,12 +17128,7 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
-        "EOR v19.16b, v19.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -10794,23 +17137,1634 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
-        "EOR v18.16b, v18.16b, v15.16b \n"
-        "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v30.16b, #8 \n"
         "PMULL2 v14.1q, v30.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v15.2d}, [%[aad]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial AAD \n"
+        "EOR v15.16b, v15.16b, v15.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[aad]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "120: \n"
+
+        "# Decrypt ciphertext and GHASH ciphertext \n"
+        "LDR w12, [%[ctr], #12] \n"
+        "MOV w11, %w[sz] \n"
+        "REV w12, w12 \n"
+        "CMP w11, #64 \n"
+        "BLT 80f \n"
+        "CMP %w[aSz], #64 \n"
+        "BGE 82f \n"
+
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "82: \n"
+        "# Should we do 8 blocks at a time? \n"
+        "CMP w11, #512 \n"
+        "BLT 80f \n"
+
+        "# Calculate H^[5-8] - GMULT partials \n"
+        "# Multiply H and H^4 => H^5 \n"
+        "PMULL  v18.1q, v26.1d, v16.1d \n"
+        "PMULL2 v19.1q, v26.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v26.1d, v20.1d \n"
+        "PMULL2 v20.1q, v26.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v4.16b, v18.16b, v20.16b \n"
+        "# Square H^3 - H^6 \n"
+        "PMULL2 v19.1q, v25.2d, v25.2d \n"
+        "PMULL  v18.1q, v25.1d, v25.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v9.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^6 => H^7 \n"
+        "PMULL  v18.1q, v9.1d, v16.1d \n"
+        "PMULL2 v19.1q, v9.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v9.1d, v20.1d \n"
+        "PMULL2 v20.1q, v9.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v10.16b, v18.16b, v20.16b \n"
+        "# Square H^4 => H^8 \n"
+        "PMULL2 v19.1q, v26.2d, v26.2d \n"
+        "PMULL  v18.1q, v26.1d, v26.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v11.16b, v18.16b, v19.16b \n"
+
+        "# First decrypt - no GHASH \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v5.16b, v5.16b, v12.16b \n"
+        "EOR v6.16b, v6.16b, v13.16b \n"
+        "EOR v7.16b, v7.16b, v14.16b \n"
+        "EOR v8.16b, v8.16b, v15.16b \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "ST1 {v5.2d-v8.2d}, [%[out]], #64 \n \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+
+        "81: \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w15, w15 \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "REV w13, w13 \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "REV w15, w15 \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "REV w13, w13 \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v4.1d \n"
+        "PMULL2 v3.1q, v15.2d, v4.2d \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "PMULL  v3.1q, v15.1d, v4.1d \n"
+        "PMULL2 v15.1q, v15.2d, v4.2d \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v9.1d \n"
+        "PMULL2 v3.1q, v14.2d, v9.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v3.1q, v14.1d, v9.1d \n"
+        "PMULL2 v14.1q, v14.2d, v9.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v10.1d \n"
+        "PMULL2 v3.1q, v13.2d, v10.2d \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL  v3.1q, v13.1d, v10.1d \n"
+        "PMULL2 v13.1q, v13.2d, v10.2d \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v11.1d \n"
+        "PMULL2 v3.1q, v12.2d, v11.2d \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v3.1q, v12.1d, v11.1d \n"
+        "PMULL2 v12.1q, v12.2d, v11.2d \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v5.16b, v5.16b, v12.16b \n"
+        "EOR v6.16b, v6.16b, v13.16b \n"
+        "EOR v7.16b, v7.16b, v14.16b \n"
+        "EOR v8.16b, v8.16b, v15.16b \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "ST1 {v5.2d-v8.2d}, [%[out]], #64 \n \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+
+        "CMP w11, #128 \n"
+        "BGE 81b \n"
+
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v4.1d \n"
+        "PMULL2 v3.1q, v15.2d, v4.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "PMULL  v3.1q, v15.1d, v4.1d \n"
+        "PMULL2 v15.1q, v15.2d, v4.2d \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v9.1d \n"
+        "PMULL2 v3.1q, v14.2d, v9.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "PMULL  v3.1q, v14.1d, v9.1d \n"
+        "PMULL2 v14.1q, v14.2d, v9.2d \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v10.1d \n"
+        "PMULL2 v3.1q, v13.2d, v10.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v3.1q, v13.1d, v10.1d \n"
+        "PMULL2 v13.1q, v13.2d, v10.2d \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v11.1d \n"
+        "PMULL2 v3.1q, v12.2d, v11.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v3.1q, v12.1d, v11.1d \n"
+        "PMULL2 v12.1q, v12.2d, v11.2d \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+
+        "80: \n"
+        "LD1 {v22.2d}, [%[ctr]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[Key]], #64 \n"
+        "LD1 {v5.2d-v8.2d}, [%[Key]], #64 \n"
+        "LD1 {v9.2d-v11.2d}, [%[Key]], #48 \n"
+        "LD1 {v12.2d-v13.2d}, [%[Key]], #32 \n"
+        "# Can we do 4 blocks at a time? \n"
+        "CMP w11, #64 \n"
+        "BLT 10f \n"
+
+        "# First decrypt - no GHASH \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v12.16b \n"
+        "EOR v27.16b, v27.16b, v13.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "EOR v28.16b, v28.16b, v13.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "EOR v29.16b, v29.16b, v13.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "EOR v30.16b, v30.16b, v13.16b \n"
+
+        "# XOR in input \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BLT 12f \n"
+
+        "11: \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "REV w15, w15 \n"
+        "RBIT v19.16b, v19.16b \n"
+        "REV w14, w14 \n"
+        "RBIT v20.16b, v20.16b \n"
+        "REV w13, w13 \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v12.16b \n"
+        "EOR v27.16b, v27.16b, v13.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "EOR v28.16b, v28.16b, v13.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "EOR v29.16b, v29.16b, v13.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "EOR v30.16b, v30.16b, v13.16b \n"
+
+        "# XOR in input \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BGE 11b \n"
+
+        "12: \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+
+        "10: \n"
+        "CBZ w11, 30f \n"
+        "CMP w11, #16 \n"
+        "BLT 20f \n"
+        "# Decrypt first block for GHASH \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v28.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v0.16b, v0.16b, v28.16b \n \n"
+        "ST1 {v0.2d}, [%[out]], #16 \n"
+
+        "# When only one full block to decrypt go straight to GHASH \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "# Interweave GHASH and decrypt if more then 1 block \n"
+        "2: \n"
+        "RBIT v28.16b, v28.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "LD1 {v28.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v0.16b, v0.16b, v28.16b \n \n"
+        "ST1 {v0.2d}, [%[out]], #16 \n"
+        "CMP w11, #16 \n"
+        "BGE 2b \n"
+
+        "# GHASH on last block \n"
+        "1: \n"
+        "RBIT v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "20: \n"
+        "CBZ w11, 30f \n"
+        "EOR v31.16b, v31.16b, v31.16b \n"
+        "MOV x15, x11 \n"
+        "ST1 {v31.2d}, [%[scratch]] \n"
+        "23: \n"
+        "LDRB w14, [%[input]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 23b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+        "LD1 {v31.2d}, [%[scratch]] \n"
+        "RBIT v31.16b, v31.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v31.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "RBIT v31.16b, v31.16b \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "EOR v0.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV x15, x11 \n"
+        "24: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[out]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 24b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+
+        "30: \n"
+        "# store current counter value at the end \n"
+        "REV w13, w12 \n"
+        "MOV v22.S[3], w13 \n"
+        "LD1 {v0.16b}, [%[ctr]] \n"
+        "ST1 {v22.16b}, [%[ctr]] \n"
+
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[sz], %x[sz], #3 \n"
+        "MOV v28.d[0], %x[aSz] \n"
+        "MOV v28.d[1], %x[sz] \n"
+        "REV64 v28.16b, v28.16b \n"
+        "RBIT v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "EOR v0.16b, v0.16b, v13.16b \n \n"
+        "RBIT v17.16b, v17.16b \n"
+        "EOR v0.16b, v0.16b, v17.16b \n \n"
+        "CMP %w[tagSz], #16 \n"
+        "BNE 40f \n"
+        "LD1 {v1.2d}, [%[tag]] \n"
+        "B 41f \n"
+        "40: \n"
+        "EOR v1.16b, v1.16b, v1.16b \n"
+        "MOV x15, %x[tagSz] \n"
+        "ST1 {v1.2d}, [%[scratch]] \n"
+        "43: \n"
+        "LDRB w14, [%[tag]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 43b \n"
+        "SUB %[scratch], %[scratch], %x[tagSz] \n"
+        "LD1 {v1.2d}, [%[scratch]] \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV w14, #16 \n"
+        "SUB w14, w14, %w[tagSz] \n"
+        "ADD %[scratch], %[scratch], %x[tagSz] \n"
+        "44: \n"
+        "STRB wzr, [%[scratch]], #1 \n"
+        "SUB w14, w14, #1 \n"
+        "CBNZ w14, 44b \n"
+        "SUB %[scratch], %[scratch], #16 \n"
+        "LD1 {v0.2d}, [%[scratch]] \n"
+        "41: \n"
+        "EOR v0.16b, v0.16b, v1.16b \n"
+        "MOV v1.D[0], v0.D[1] \n"
+        "EOR v0.8b, v0.8b, v1.8b \n"
+        "MOV %x[ret], v0.D[0] \n"
+        "CMP %x[ret], #0 \n"
+        "MOV w11, #-180 \n"
+        "CSETM %w[ret], ne \n"
+        "AND %w[ret], %w[ret], w11 \n"
+
+        : [out] "+r" (out), [input] "+r" (in), [Key] "+r" (keyPt),
+          [aSz] "+r" (authInSz), [sz] "+r" (sz), [aad] "+r" (authIn),
+          [ret] "+r" (ret)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "m" (aes->gcm.H), [tag] "r" (authTag), [tagSz] "r" (authTagSz)
+        : "cc", "memory", "x11", "x12", "w13", "x14", "x15", "w16",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+          "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+          "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
+    );
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_192 */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#ifdef WOLFSSL_AES_256
+/* internal function : see AES_GCM_decrypt_AARCH64 */
+static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte *ctr = counter;
+    byte* keyPt = (byte*)aes->key;
+    int ret = 0;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    }
+
+    __asm__ __volatile__ (
+        "LD1 {v16.16b}, %[h] \n"
+        "# v23 = 0x00000000000000870000000000000087 reflected 0xe1.... \n"
+        "MOVI v23.16b, #0x87 \n"
+        "EOR v17.16b, v17.16b, v17.16b \n"
+        "USHR v23.2d, v23.2d, #56 \n"
+        "CBZ %w[aSz], 120f \n"
+
+        "MOV w12, %w[aSz] \n"
+
+        "# GHASH AAD \n"
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "114: \n"
+        "LD1 {v18.2d-v21.2d}, [%[aad]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v30.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR v20.16b, v20.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v20.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR v19.16b, v19.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v19.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR v18.16b, v18.16b, v15.16b \n"
+        "EOR v31.16b, v31.16b, v18.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v30.16b, #8 \n"
+        "PMULL2 v14.1q, v30.2d, v23.2d \n"
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -11331,12 +19285,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -11355,12 +19305,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "LDR q1, [%[Key], #32] \n"
         "AESE v5.16b, v22.16b \n"
         "AESMC v5.16b, v5.16b \n"
@@ -11380,12 +19326,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v22.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "# x[0-2] += C * H^5 \n"
@@ -11405,12 +19347,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v15.1q, v15.2d, v4.2d \n"
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v7.16b, v1.16b \n"
         "AESMC v7.16b, v7.16b \n"
         "# x[0-2] += C * H^6 \n"
@@ -11429,12 +19367,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v14.2d, v9.2d \n"
         "AESE v29.16b, v1.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v1.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^7 \n"
@@ -11454,12 +19388,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v13.1q, v13.2d, v10.2d \n"
         "AESE v8.16b, v22.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v22.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "# x[0-2] += C * H^8 \n"
@@ -11479,12 +19409,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "LDR q22, [%[Key], #80] \n"
         "AESE v5.16b, v1.16b \n"
         "AESMC v5.16b, v5.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v6.16b, v1.16b \n"
         "AESMC v6.16b, v6.16b \n"
         "# Reduce X = x[0-2] \n"
@@ -11494,16 +19420,10 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
         "AESE v8.16b, v1.16b \n"
         "AESMC v8.16b, v8.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v1.16b \n"
         "AESMC v27.16b, v27.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v28.16b, v1.16b \n"
         "AESMC v28.16b, v28.16b \n"
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
@@ -11709,12 +19629,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v3.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
-#else
         "EOR v20.16b, v20.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v2.1q, v19.1d, v25.1d \n"
         "PMULL2 v3.1q, v19.2d, v25.2d \n"
@@ -11723,12 +19639,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v3.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
-#else
         "EOR v19.16b, v19.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v2.1q, v18.1d, v26.1d \n"
         "PMULL2 v3.1q, v18.2d, v26.2d \n"
@@ -11737,12 +19649,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v3.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
-#else
         "EOR v18.16b, v18.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^5 \n"
         "PMULL  v2.1q, v15.1d, v4.1d \n"
         "PMULL2 v3.1q, v15.2d, v4.2d \n"
@@ -11751,12 +19659,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v15.16b, v15.16b, v15.16b, #8 \n"
         "PMULL  v3.1q, v15.1d, v4.1d \n"
         "PMULL2 v15.1q, v15.2d, v4.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
-#else
         "EOR v15.16b, v15.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v15.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^6 \n"
         "PMULL  v2.1q, v14.1d, v9.1d \n"
         "PMULL2 v3.1q, v14.2d, v9.2d \n"
@@ -11765,12 +19669,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v14.16b, v14.16b, v14.16b, #8 \n"
         "PMULL  v3.1q, v14.1d, v9.1d \n"
         "PMULL2 v14.1q, v14.2d, v9.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
-#else
         "EOR v14.16b, v14.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^7 \n"
         "PMULL  v2.1q, v13.1d, v10.1d \n"
         "PMULL2 v3.1q, v13.2d, v10.2d \n"
@@ -11779,12 +19679,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v13.16b, v13.16b, v13.16b, #8 \n"
         "PMULL  v3.1q, v13.1d, v10.1d \n"
         "PMULL2 v13.1q, v13.2d, v10.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
-#else
         "EOR v13.16b, v13.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v13.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^8 \n"
         "PMULL  v2.1q, v12.1d, v11.1d \n"
         "PMULL2 v3.1q, v12.2d, v11.2d \n"
@@ -11793,23 +19689,13 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v12.16b, v12.16b, v12.16b, #8 \n"
         "PMULL  v3.1q, v12.1d, v11.1d \n"
         "PMULL2 v12.1q, v12.2d, v11.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
-#else
         "EOR v12.16b, v12.16b, v3.16b \n"
         "EOR v31.16b, v31.16b, v12.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v3.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v2.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
-#else
         "EOR v3.16b, v3.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v3.16b, v3.16b, v2.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v2.1q, v3.2d, v23.2d \n"
         "MOV v17.D[1], v3.D[0] \n"
         "EOR v17.16b, v17.16b, v2.16b \n"
@@ -12033,12 +19919,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
         "AESE v28.16b, v3.16b \n"
         "AESMC v28.16b, v28.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v29.16b, v3.16b \n"
         "AESMC v29.16b, v29.16b \n"
         "# x[0-2] += C * H^3 \n"
@@ -12057,12 +19939,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
         "AESE v29.16b, v4.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v4.16b \n"
         "AESMC v30.16b, v30.16b \n"
         "# x[0-2] += C * H^4 \n"
@@ -12081,12 +19959,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
         "AESE v30.16b, v5.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "SUB w11, w11, #64 \n"
         "AESE v27.16b, v6.16b \n"
         "AESMC v27.16b, v27.16b \n"
@@ -12097,16 +19971,10 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
         "AESE v29.16b, v6.16b \n"
         "AESMC v29.16b, v29.16b \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v30.16b, v6.16b \n"
         "AESMC v30.16b, v30.16b \n"
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "AESE v27.16b, v7.16b \n"
         "AESMC v27.16b, v27.16b \n"
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
@@ -12210,12 +20078,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v20.16b, v20.16b, v20.16b, #8 \n"
         "PMULL  v15.1q, v20.1d, v24.1d \n"
         "PMULL2 v20.1q, v20.2d, v24.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
-#else
         "EOR v20.16b, v20.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v20.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^3 \n"
         "PMULL  v14.1q, v19.1d, v25.1d \n"
         "PMULL2 v15.1q, v19.2d, v25.2d \n"
@@ -12224,12 +20088,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v19.16b, v19.16b, v19.16b, #8 \n"
         "PMULL  v15.1q, v19.1d, v25.1d \n"
         "PMULL2 v19.1q, v19.2d, v25.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
-#else
         "EOR v19.16b, v19.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v19.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# x[0-2] += C * H^4 \n"
         "PMULL  v14.1q, v18.1d, v26.1d \n"
         "PMULL2 v15.1q, v18.2d, v26.2d \n"
@@ -12238,23 +20098,13 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         "EXT v18.16b, v18.16b, v18.16b, #8 \n"
         "PMULL  v15.1q, v18.1d, v26.1d \n"
         "PMULL2 v18.1q, v18.2d, v26.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
-#else
         "EOR v18.16b, v18.16b, v15.16b \n"
         "EOR v31.16b, v31.16b, v18.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "# Reduce X = x[0-2] \n"
         "EXT v15.16b, v17.16b, v0.16b, #8 \n"
         "PMULL2 v14.1q, v0.2d, v23.2d \n"
-#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
-#else
         "EOR v15.16b, v15.16b, v31.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA3
         "EOR v15.16b, v15.16b, v14.16b \n"
-#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
         "PMULL2 v14.1q, v15.2d, v23.2d \n"
         "MOV v17.D[1], v15.D[0] \n"
         "EOR v17.16b, v17.16b, v14.16b \n"
@@ -12562,6 +20412,1747 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     return ret;
 }
 #endif /* WOLFSSL_AES_256 */
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifdef WOLFSSL_AES_256
+/* internal function : see AES_GCM_decrypt_AARCH64 */
+static int Aes256GcmDecrypt_EOR3(Aes* aes, byte* out, const byte* in, word32 sz,
+    const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz)
+{
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte *ctr = counter;
+    byte* keyPt = (byte*)aes->key;
+    int ret = 0;
+
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
+    if (ivSz == GCM_NONCE_MID_SZ) {
+        XMEMCPY(counter, iv, GCM_NONCE_MID_SZ);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
+    }
+    else {
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    }
+
+    __asm__ __volatile__ (
+        "LD1 {v16.16b}, %[h] \n"
+        "# v23 = 0x00000000000000870000000000000087 reflected 0xe1.... \n"
+        "MOVI v23.16b, #0x87 \n"
+        "EOR v17.16b, v17.16b, v17.16b \n"
+        "USHR v23.2d, v23.2d, #56 \n"
+        "CBZ %w[aSz], 120f \n"
+
+        "MOV w12, %w[aSz] \n"
+
+        "# GHASH AAD \n"
+        "CMP x12, #64 \n"
+        "BLT 115f \n"
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "114: \n"
+        "LD1 {v18.2d-v21.2d}, [%[aad]], #64 \n"
+        "SUB x12, x12, #64 \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v30.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v30.16b, #8 \n"
+        "PMULL2 v14.1q, v30.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "CMP x12, #64 \n"
+        "BGE 114b \n"
+        "CBZ x12, 120f \n"
+        "115: \n"
+        "CMP x12, #16 \n"
+        "BLT 112f \n"
+        "111: \n"
+        "LD1 {v15.2d}, [%[aad]], #16 \n"
+        "SUB x12, x12, #16 \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "CMP x12, #16 \n"
+        "BGE 111b \n"
+        "CBZ x12, 120f \n"
+        "112: \n"
+        "# Partial AAD \n"
+        "EOR v15.16b, v15.16b, v15.16b \n"
+        "MOV x14, x12 \n"
+        "ST1 {v15.2d}, [%[scratch]] \n"
+        "113: \n"
+        "LDRB w13, [%[aad]], #1 \n"
+        "STRB w13, [%[scratch]], #1 \n"
+        "SUB x14, x14, #1 \n"
+        "CBNZ x14, 113b \n"
+        "SUB %[scratch], %[scratch], x12 \n"
+        "LD1 {v15.2d}, [%[scratch]] \n"
+        "RBIT v15.16b, v15.16b \n"
+        "EOR v17.16b, v17.16b, v15.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "120: \n"
+
+        "# Decrypt ciphertext and GHASH ciphertext \n"
+        "LDR w12, [%[ctr], #12] \n"
+        "MOV w11, %w[sz] \n"
+        "REV w12, w12 \n"
+        "CMP w11, #64 \n"
+        "BLT 80f \n"
+        "CMP %w[aSz], #64 \n"
+        "BGE 82f \n"
+
+        "# Calculate H^[1-4] - GMULT partials \n"
+        "# Square H => H^2 \n"
+        "PMULL2 v19.1q, v16.2d, v16.2d \n"
+        "PMULL  v18.1q, v16.1d, v16.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v24.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^2 => H^3 \n"
+        "PMULL  v18.1q, v24.1d, v16.1d \n"
+        "PMULL2 v19.1q, v24.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v24.1d, v20.1d \n"
+        "PMULL2 v20.1q, v24.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v25.16b, v18.16b, v20.16b \n"
+        "# Square H^2 => H^4 \n"
+        "PMULL2 v19.1q, v24.2d, v24.2d \n"
+        "PMULL  v18.1q, v24.1d, v24.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v26.16b, v18.16b, v19.16b \n"
+        "82: \n"
+        "# Should we do 8 blocks at a time? \n"
+        "CMP w11, #512 \n"
+        "BLT 80f \n"
+
+        "# Calculate H^[5-8] - GMULT partials \n"
+        "# Multiply H and H^4 => H^5 \n"
+        "PMULL  v18.1q, v26.1d, v16.1d \n"
+        "PMULL2 v19.1q, v26.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v26.1d, v20.1d \n"
+        "PMULL2 v20.1q, v26.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v4.16b, v18.16b, v20.16b \n"
+        "# Square H^3 - H^6 \n"
+        "PMULL2 v19.1q, v25.2d, v25.2d \n"
+        "PMULL  v18.1q, v25.1d, v25.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v9.16b, v18.16b, v19.16b \n"
+        "# Multiply H and H^6 => H^7 \n"
+        "PMULL  v18.1q, v9.1d, v16.1d \n"
+        "PMULL2 v19.1q, v9.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v9.1d, v20.1d \n"
+        "PMULL2 v20.1q, v9.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v10.16b, v18.16b, v20.16b \n"
+        "# Square H^4 => H^8 \n"
+        "PMULL2 v19.1q, v26.2d, v26.2d \n"
+        "PMULL  v18.1q, v26.1d, v26.1d \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v19.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v11.16b, v18.16b, v19.16b \n"
+
+        "# First decrypt - no GHASH \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #192] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #208] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v5.16b, v5.16b, v12.16b \n"
+        "EOR v6.16b, v6.16b, v13.16b \n"
+        "EOR v7.16b, v7.16b, v14.16b \n"
+        "EOR v8.16b, v8.16b, v15.16b \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "ST1 {v5.2d-v8.2d}, [%[out]], #64 \n \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+
+        "81: \n"
+        "LDR q1, [%[Key]] \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "LD1 {v5.2d}, [%[ctr]] \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v6.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v7.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v8.16b, v5.16b \n"
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w15, w15 \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "REV w13, w13 \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "REV w16, w12 \n"
+        "MOV v5.S[3], w15 \n"
+        "MOV v6.S[3], w14 \n"
+        "MOV v7.S[3], w13 \n"
+        "MOV v8.S[3], w16 \n"
+        "# Calculate next 4 counters (+5-8) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v5.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v5.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v5.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v5.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "REV w15, w15 \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "REV w14, w14 \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "REV w13, w13 \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 8 counters \n"
+        "LDR q22, [%[Key], #16] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "LDR q1, [%[Key], #32] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v4.1d \n"
+        "PMULL2 v3.1q, v15.2d, v4.2d \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "LDR q22, [%[Key], #48] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "PMULL  v3.1q, v15.1d, v4.1d \n"
+        "PMULL2 v15.1q, v15.2d, v4.2d \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v9.1d \n"
+        "PMULL2 v3.1q, v14.2d, v9.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v3.1q, v14.1d, v9.1d \n"
+        "PMULL2 v14.1q, v14.2d, v9.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v10.1d \n"
+        "PMULL2 v3.1q, v13.2d, v10.2d \n"
+        "LDR q1, [%[Key], #64] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL  v3.1q, v13.1d, v10.1d \n"
+        "PMULL2 v13.1q, v13.2d, v10.2d \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v11.1d \n"
+        "PMULL2 v3.1q, v12.2d, v11.2d \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v3.1q, v12.1d, v11.1d \n"
+        "PMULL2 v12.1q, v12.2d, v11.2d \n"
+        "LDR q22, [%[Key], #80] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #128 \n"
+        "LDR q1, [%[Key], #96] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #112] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #128] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #144] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #160] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q22, [%[Key], #176] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LDR q1, [%[Key], #192] \n"
+        "AESE v5.16b, v22.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v12.2d-v15.2d}, [%[input]], #64 \n"
+        "LDP q22, q31, [%[Key], #208] \n"
+        "AESE v5.16b, v1.16b \n"
+        "AESMC v5.16b, v5.16b \n"
+        "AESE v6.16b, v1.16b \n"
+        "AESMC v6.16b, v6.16b \n"
+        "AESE v7.16b, v1.16b \n"
+        "AESMC v7.16b, v7.16b \n"
+        "AESE v8.16b, v1.16b \n"
+        "AESMC v8.16b, v8.16b \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v5.16b, v22.16b \n"
+        "EOR v5.16b, v5.16b, v31.16b \n"
+        "AESE v6.16b, v22.16b \n"
+        "EOR v6.16b, v6.16b, v31.16b \n"
+        "AESE v7.16b, v22.16b \n"
+        "EOR v7.16b, v7.16b, v31.16b \n"
+        "AESE v8.16b, v22.16b \n"
+        "EOR v8.16b, v8.16b, v31.16b \n"
+        "AESE v27.16b, v22.16b \n"
+        "EOR v27.16b, v27.16b, v31.16b \n"
+        "AESE v28.16b, v22.16b \n"
+        "EOR v28.16b, v28.16b, v31.16b \n"
+        "AESE v29.16b, v22.16b \n"
+        "EOR v29.16b, v29.16b, v31.16b \n"
+        "AESE v30.16b, v22.16b \n"
+        "EOR v30.16b, v30.16b, v31.16b \n"
+
+        "# XOR in input \n"
+        "EOR v5.16b, v5.16b, v12.16b \n"
+        "EOR v6.16b, v6.16b, v13.16b \n"
+        "EOR v7.16b, v7.16b, v14.16b \n"
+        "EOR v8.16b, v8.16b, v15.16b \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "ST1 {v5.2d-v8.2d}, [%[out]], #64 \n \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+
+        "CMP w11, #128 \n"
+        "BGE 81b \n"
+
+        "# GHASH - 8 blocks \n"
+        "RBIT v12.16b, v12.16b \n"
+        "RBIT v13.16b, v13.16b \n"
+        "RBIT v14.16b, v14.16b \n"
+        "RBIT v15.16b, v15.16b \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v12.16b, v12.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v3.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v3.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v2.1q, v20.1d, v24.1d \n"
+        "PMULL2 v3.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v3.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v3.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v2.1q, v19.1d, v25.1d \n"
+        "PMULL2 v3.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v3.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v3.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v2.1q, v18.1d, v26.1d \n"
+        "PMULL2 v3.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v3.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v3.16b \n"
+        "# x[0-2] += C * H^5 \n"
+        "PMULL  v2.1q, v15.1d, v4.1d \n"
+        "PMULL2 v3.1q, v15.2d, v4.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v15.16b, v15.16b, v15.16b, #8 \n"
+        "PMULL  v3.1q, v15.1d, v4.1d \n"
+        "PMULL2 v15.1q, v15.2d, v4.2d \n"
+        "EOR3 v31.16b, v31.16b, v15.16b, v3.16b \n"
+        "# x[0-2] += C * H^6 \n"
+        "PMULL  v2.1q, v14.1d, v9.1d \n"
+        "PMULL2 v3.1q, v14.2d, v9.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v14.16b, v14.16b, v14.16b, #8 \n"
+        "PMULL  v3.1q, v14.1d, v9.1d \n"
+        "PMULL2 v14.1q, v14.2d, v9.2d \n"
+        "EOR3 v31.16b, v31.16b, v14.16b, v3.16b \n"
+        "# x[0-2] += C * H^7 \n"
+        "PMULL  v2.1q, v13.1d, v10.1d \n"
+        "PMULL2 v3.1q, v13.2d, v10.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v13.16b, v13.16b, v13.16b, #8 \n"
+        "PMULL  v3.1q, v13.1d, v10.1d \n"
+        "PMULL2 v13.1q, v13.2d, v10.2d \n"
+        "EOR3 v31.16b, v31.16b, v13.16b, v3.16b \n"
+        "# x[0-2] += C * H^8 \n"
+        "PMULL  v2.1q, v12.1d, v11.1d \n"
+        "PMULL2 v3.1q, v12.2d, v11.2d \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+        "EOR v0.16b, v0.16b, v3.16b \n"
+        "EXT v12.16b, v12.16b, v12.16b, #8 \n"
+        "PMULL  v3.1q, v12.1d, v11.1d \n"
+        "PMULL2 v12.1q, v12.2d, v11.2d \n"
+        "EOR3 v31.16b, v31.16b, v12.16b, v3.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v3.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v2.1q, v0.2d, v23.2d \n"
+        "EOR3 v3.16b, v3.16b, v31.16b, v2.16b \n"
+        "PMULL2 v2.1q, v3.2d, v23.2d \n"
+        "MOV v17.D[1], v3.D[0] \n"
+        "EOR v17.16b, v17.16b, v2.16b \n"
+
+        "80: \n"
+        "LD1 {v22.2d}, [%[ctr]] \n"
+        "LD1 {v1.2d-v4.2d}, [%[Key]], #64 \n"
+        "LD1 {v5.2d-v8.2d}, [%[Key]], #64 \n"
+        "LD1 {v9.2d-v11.2d}, [%[Key]], #48 \n"
+        "LD1 {v12.2d-v13.2d}, [%[Key]], #32 \n"
+        "LD1 {v14.2d-v15.2d}, [%[Key]] \n"
+        "# Can we do 4 blocks at a time? \n"
+        "CMP w11, #64 \n"
+        "BLT 10f \n"
+
+        "# First decrypt - no GHASH \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "REV w15, w15 \n"
+        "REV w14, w14 \n"
+        "REV w13, w13 \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v12.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v14.2d, v15.2d}, [%[Key]] \n"
+        "AESE v27.16b, v13.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v13.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v13.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v13.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v14.16b \n"
+        "EOR v27.16b, v27.16b, v15.16b \n"
+        "AESE v28.16b, v14.16b \n"
+        "EOR v28.16b, v28.16b, v15.16b \n"
+        "AESE v29.16b, v14.16b \n"
+        "EOR v29.16b, v29.16b, v15.16b \n"
+        "AESE v30.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+
+        "# XOR in input \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BLT 12f \n"
+
+        "11: \n"
+        "# Calculate next 4 counters (+1-4) \n"
+        "ADD w15, w12, #1 \n"
+        "MOV v27.16b, v22.16b \n"
+        "ADD w14, w12, #2 \n"
+        "MOV v28.16b, v22.16b \n"
+        "ADD w13, w12, #3 \n"
+        "MOV v29.16b, v22.16b \n"
+        "ADD w12, w12, #4 \n"
+        "MOV v30.16b, v22.16b \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "REV w15, w15 \n"
+        "RBIT v19.16b, v19.16b \n"
+        "REV w14, w14 \n"
+        "RBIT v20.16b, v20.16b \n"
+        "REV w13, w13 \n"
+        "RBIT v21.16b, v21.16b \n"
+        "REV w16, w12 \n"
+        "MOV v27.S[3], w15 \n"
+        "MOV v28.S[3], w14 \n"
+        "MOV v29.S[3], w13 \n"
+        "MOV v30.S[3], w16 \n"
+
+        "# Encrypt 4 counters \n"
+        "AESE v27.16b, v1.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "AESE v28.16b, v1.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "AESE v29.16b, v1.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "AESE v30.16b, v1.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "AESE v27.16b, v2.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "AESE v28.16b, v2.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "AESE v29.16b, v2.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v30.16b, v2.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "AESE v27.16b, v3.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "AESE v28.16b, v3.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "AESE v29.16b, v3.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "AESE v30.16b, v3.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v27.16b, v4.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "AESE v28.16b, v4.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "AESE v29.16b, v4.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "AESE v30.16b, v4.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "AESE v27.16b, v5.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "AESE v28.16b, v5.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "AESE v29.16b, v5.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "AESE v30.16b, v5.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "SUB w11, w11, #64 \n"
+        "AESE v27.16b, v6.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "AESE v28.16b, v6.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "AESE v29.16b, v6.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "AESE v30.16b, v6.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v7.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "AESE v28.16b, v7.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "AESE v29.16b, v7.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v7.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v8.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v8.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v8.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v8.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v9.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v9.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v9.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v9.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v10.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v10.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v10.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v10.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v11.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v11.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v11.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v11.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "# Load plaintext \n"
+        "LD1 {v18.2d-v21.2d}, [%[input]], #64 \n"
+        "AESE v27.16b, v12.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v12.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v12.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v12.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "LD1 {v14.2d, v15.2d}, [%[Key]] \n"
+        "AESE v27.16b, v13.16b \n"
+        "AESMC v27.16b, v27.16b \n"
+        "AESE v28.16b, v13.16b \n"
+        "AESMC v28.16b, v28.16b \n"
+        "AESE v29.16b, v13.16b \n"
+        "AESMC v29.16b, v29.16b \n"
+        "AESE v30.16b, v13.16b \n"
+        "AESMC v30.16b, v30.16b \n"
+        "AESE v27.16b, v14.16b \n"
+        "EOR v27.16b, v27.16b, v15.16b \n"
+        "AESE v28.16b, v14.16b \n"
+        "EOR v28.16b, v28.16b, v15.16b \n"
+        "AESE v29.16b, v14.16b \n"
+        "EOR v29.16b, v29.16b, v15.16b \n"
+        "AESE v30.16b, v14.16b \n"
+        "EOR v30.16b, v30.16b, v15.16b \n"
+
+        "# XOR in input \n"
+        "EOR v27.16b, v27.16b, v18.16b \n"
+        "EOR v28.16b, v28.16b, v19.16b \n"
+        "EOR v29.16b, v29.16b, v20.16b \n"
+        "EOR v30.16b, v30.16b, v21.16b \n"
+        "# Store cipher text \n"
+        "ST1 {v27.2d-v30.2d}, [%[out]], #64 \n \n"
+        "CMP w11, #64 \n"
+        "BGE 11b \n"
+
+        "12: \n"
+        "# GHASH - 4 blocks \n"
+        "RBIT v18.16b, v18.16b \n"
+        "RBIT v19.16b, v19.16b \n"
+        "RBIT v20.16b, v20.16b \n"
+        "RBIT v21.16b, v21.16b \n"
+        "EOR v18.16b, v18.16b, v17.16b \n"
+        "# x[0-2] = C * H^1 \n"
+        "PMULL  v17.1q, v21.1d, v16.1d \n"
+        "PMULL2 v0.1q, v21.2d, v16.2d \n"
+        "EXT v21.16b, v21.16b, v21.16b, #8 \n"
+        "PMULL  v31.1q, v21.1d, v16.1d \n"
+        "PMULL2 v15.1q, v21.2d, v16.2d \n"
+        "EOR v31.16b, v31.16b, v15.16b \n"
+        "# x[0-2] += C * H^2 \n"
+        "PMULL  v14.1q, v20.1d, v24.1d \n"
+        "PMULL2 v15.1q, v20.2d, v24.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v20.16b, v20.16b, v20.16b, #8 \n"
+        "PMULL  v15.1q, v20.1d, v24.1d \n"
+        "PMULL2 v20.1q, v20.2d, v24.2d \n"
+        "EOR3 v31.16b, v31.16b, v20.16b, v15.16b \n"
+        "# x[0-2] += C * H^3 \n"
+        "PMULL  v14.1q, v19.1d, v25.1d \n"
+        "PMULL2 v15.1q, v19.2d, v25.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v19.16b, v19.16b, v19.16b, #8 \n"
+        "PMULL  v15.1q, v19.1d, v25.1d \n"
+        "PMULL2 v19.1q, v19.2d, v25.2d \n"
+        "EOR3 v31.16b, v31.16b, v19.16b, v15.16b \n"
+        "# x[0-2] += C * H^4 \n"
+        "PMULL  v14.1q, v18.1d, v26.1d \n"
+        "PMULL2 v15.1q, v18.2d, v26.2d \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n"
+        "EXT v18.16b, v18.16b, v18.16b, #8 \n"
+        "PMULL  v15.1q, v18.1d, v26.1d \n"
+        "PMULL2 v18.1q, v18.2d, v26.2d \n"
+        "EOR3 v31.16b, v31.16b, v18.16b, v15.16b \n"
+        "# Reduce X = x[0-2] \n"
+        "EXT v15.16b, v17.16b, v0.16b, #8 \n"
+        "PMULL2 v14.1q, v0.2d, v23.2d \n"
+        "EOR3 v15.16b, v15.16b, v31.16b, v14.16b \n"
+        "PMULL2 v14.1q, v15.2d, v23.2d \n"
+        "MOV v17.D[1], v15.D[0] \n"
+        "EOR v17.16b, v17.16b, v14.16b \n"
+        "LD1 {v14.2d, v15.2d}, [%[Key]] \n"
+
+        "10: \n"
+        "CBZ w11, 30f \n"
+        "CMP w11, #16 \n"
+        "BLT 20f \n"
+        "LD1 {v14.2d, v15.2d}, [%[Key]] \n"
+        "# Decrypt first block for GHASH \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "LD1 {v28.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n \n"
+        "EOR v0.16b, v0.16b, v28.16b \n \n"
+        "ST1 {v0.2d}, [%[out]], #16 \n"
+
+        "# When only one full block to decrypt go straight to GHASH \n"
+        "CMP w11, 16 \n"
+        "BLT 1f \n"
+
+        "# Interweave GHASH and decrypt if more then 1 block \n"
+        "2: \n"
+        "RBIT v28.16b, v28.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "SUB w11, w11, #16 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "LD1 {v28.2d}, [%[input]], #16 \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n \n"
+        "EOR v0.16b, v0.16b, v28.16b \n \n"
+        "ST1 {v0.2d}, [%[out]], #16 \n"
+        "CMP w11, #16 \n"
+        "BGE 2b \n"
+
+        "# GHASH on last block \n"
+        "1: \n"
+        "RBIT v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+
+        "20: \n"
+        "CBZ w11, 30f \n"
+        "EOR v31.16b, v31.16b, v31.16b \n"
+        "MOV x15, x11 \n"
+        "ST1 {v31.2d}, [%[scratch]] \n"
+        "23: \n"
+        "LDRB w14, [%[input]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 23b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+        "LD1 {v31.2d}, [%[scratch]] \n"
+        "RBIT v31.16b, v31.16b \n"
+        "ADD w12, w12, #1 \n"
+        "MOV v0.16b, v22.16b \n"
+        "REV w13, w12 \n"
+        "MOV v0.S[3], w13 \n"
+        "EOR v17.16b, v17.16b, v31.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "RBIT v31.16b, v31.16b \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n \n"
+        "EOR v0.16b, v0.16b, v31.16b \n \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV x15, x11 \n"
+        "24: \n"
+        "LDRB w14, [%[scratch]], #1 \n"
+        "STRB w14, [%[out]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 24b \n"
+        "SUB %[scratch], %[scratch], x11 \n"
+
+        "30: \n"
+        "# store current counter value at the end \n"
+        "REV w13, w12 \n"
+        "MOV v22.S[3], w13 \n"
+        "LD1 {v0.16b}, [%[ctr]] \n"
+        "ST1 {v22.16b}, [%[ctr]] \n"
+
+        "LSL %x[aSz], %x[aSz], #3 \n"
+        "LSL %x[sz], %x[sz], #3 \n"
+        "MOV v28.d[0], %x[aSz] \n"
+        "MOV v28.d[1], %x[sz] \n"
+        "REV64 v28.16b, v28.16b \n"
+        "RBIT v28.16b, v28.16b \n"
+        "EOR v17.16b, v17.16b, v28.16b \n"
+        "PMULL  v18.1q, v17.1d, v16.1d \n"
+        "PMULL2 v19.1q, v17.2d, v16.2d \n"
+        "EXT v20.16b, v16.16b, v16.16b, #8 \n"
+        "AESE v0.16b, v1.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL  v21.1q, v17.1d, v20.1d \n"
+        "PMULL2 v20.1q, v17.2d, v20.2d \n"
+        "AESE v0.16b, v2.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v20.16b, v20.16b, v21.16b \n"
+        "AESE v0.16b, v3.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EXT v21.16b, v18.16b, v19.16b, #8 \n"
+        "AESE v0.16b, v4.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v5.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "# Reduce \n"
+        "PMULL2 v20.1q, v19.2d, v23.2d \n"
+        "AESE v0.16b, v6.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v21.16b, v21.16b, v20.16b \n"
+        "AESE v0.16b, v7.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "PMULL2 v20.1q, v21.2d, v23.2d \n"
+        "AESE v0.16b, v8.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "MOV v18.D[1], v21.D[0] \n"
+        "AESE v0.16b, v9.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "EOR v17.16b, v18.16b, v20.16b \n"
+        "AESE v0.16b, v10.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v11.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v12.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v13.16b \n"
+        "AESMC v0.16b, v0.16b \n"
+        "AESE v0.16b, v14.16b \n"
+        "EOR v0.16b, v0.16b, v15.16b \n \n"
+        "RBIT v17.16b, v17.16b \n"
+        "EOR v0.16b, v0.16b, v17.16b \n \n"
+        "CMP %w[tagSz], #16 \n"
+        "BNE 40f \n"
+        "LD1 {v1.2d}, [%[tag]] \n"
+        "B 41f \n"
+        "40: \n"
+        "EOR v1.16b, v1.16b, v1.16b \n"
+        "MOV x15, %x[tagSz] \n"
+        "ST1 {v1.2d}, [%[scratch]] \n"
+        "43: \n"
+        "LDRB w14, [%[tag]], #1 \n"
+        "STRB w14, [%[scratch]], #1 \n"
+        "SUB x15, x15, #1 \n"
+        "CBNZ x15, 43b \n"
+        "SUB %[scratch], %[scratch], %x[tagSz] \n"
+        "LD1 {v1.2d}, [%[scratch]] \n"
+        "ST1 {v0.2d}, [%[scratch]] \n"
+        "MOV w14, #16 \n"
+        "SUB w14, w14, %w[tagSz] \n"
+        "ADD %[scratch], %[scratch], %x[tagSz] \n"
+        "44: \n"
+        "STRB wzr, [%[scratch]], #1 \n"
+        "SUB w14, w14, #1 \n"
+        "CBNZ w14, 44b \n"
+        "SUB %[scratch], %[scratch], #16 \n"
+        "LD1 {v0.2d}, [%[scratch]] \n"
+        "41: \n"
+        "EOR v0.16b, v0.16b, v1.16b \n"
+        "MOV v1.D[0], v0.D[1] \n"
+        "EOR v0.8b, v0.8b, v1.8b \n"
+        "MOV %x[ret], v0.D[0] \n"
+        "CMP %x[ret], #0 \n"
+        "MOV w11, #-180 \n"
+        "CSETM %w[ret], ne \n"
+        "AND %w[ret], %w[ret], w11 \n"
+
+        : [out] "+r" (out), [input] "+r" (in), [Key] "+r" (keyPt),
+          [aSz] "+r" (authInSz), [sz] "+r" (sz), [aad] "+r" (authIn),
+          [ret] "+r" (ret)
+        : [ctr] "r" (ctr), [scratch] "r" (scratch),
+          [h] "m" (aes->gcm.H), [tag] "r" (authTag), [tagSz] "r" (authTagSz)
+        : "cc", "memory", "x11", "x12", "w13", "x14", "x15", "w16",
+          "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+          "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+          "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+          "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31"
+    );
+
+    return ret;
+}
+#endif /* WOLFSSL_AES_256 */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
 /*
  * Check tag and decrypt data using AES with GCM mode.
  * aes: Aes structure having already been set with set key function
@@ -12575,38 +22166,56 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  * authIn:    additional data buffer
  * authInSz:  size of additional data buffer
  */
-int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+int AES_GCM_decrypt_AARCH64(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz,
     const byte* authIn, word32 authInSz)
 {
-    /* sanity checks */
-    if ((aes == NULL) || (iv == NULL) || (authTag == NULL) ||
-            (authTagSz > AES_BLOCK_SIZE) || (authTagSz == 0) || (ivSz == 0) ||
-            ((sz != 0) && ((in == NULL) || (out == NULL)))) {
-        WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
-        return BAD_FUNC_ARG;
-    }
-
     switch (aes->rounds) {
 #ifdef WOLFSSL_AES_128
         case 10:
-            return Aes128GcmDecrypt(aes, out, in, sz, iv, ivSz,
-                                    authTag, authTagSz, authIn, authInSz);
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (aes->use_sha3_hw_crypto) {
+                return Aes128GcmDecrypt_EOR3(aes, out, in, sz, iv, ivSz,
+                    authTag, authTagSz, authIn, authInSz);
+            }
+            else
+        #endif
+            {
+                return Aes128GcmDecrypt(aes, out, in, sz, iv, ivSz, authTag,
+                    authTagSz, authIn, authInSz);
+            }
 #endif
 #ifdef WOLFSSL_AES_192
         case 12:
-            return Aes192GcmDecrypt(aes, out, in, sz, iv, ivSz,
-                                    authTag, authTagSz, authIn, authInSz);
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (aes->use_sha3_hw_crypto) {
+                return Aes192GcmDecrypt_EOR3(aes, out, in, sz, iv, ivSz,
+                    authTag, authTagSz, authIn, authInSz);
+            }
+            else
+        #endif
+            {
+                return Aes192GcmDecrypt(aes, out, in, sz, iv, ivSz, authTag,
+                    authTagSz, authIn, authInSz);
+            }
 #endif
 #ifdef WOLFSSL_AES_256
         case 14:
-            return Aes256GcmDecrypt(aes, out, in, sz, iv, ivSz,
-                                    authTag, authTagSz, authIn, authInSz);
+        #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+            if (aes->use_sha3_hw_crypto) {
+                return Aes256GcmDecrypt_EOR3(aes, out, in, sz, iv, ivSz,
+                    authTag, authTagSz, authIn, authInSz);
+            }
+            else
+        #endif
+            {
+                return Aes256GcmDecrypt(aes, out, in, sz, iv, ivSz, authTag,
+                    authTagSz, authIn, authInSz);
+            }
 #endif
-        default:
-            WOLFSSL_MSG("AES-GCM invalid round number");
-            return BAD_FUNC_ARG;
     }
+
+    return BAD_FUNC_ARG;
 }
 
 #endif /* HAVE_AES_DECRYPT */
@@ -12780,7 +22389,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 #ifdef HAVE_AES_CBC
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
-        word32 numBlocks = sz / AES_BLOCK_SIZE;
+        word32 numBlocks = sz / WC_AES_BLOCK_SIZE;
 
         if (aes == NULL || out == NULL || in == NULL) {
             return BAD_FUNC_ARG;
@@ -12791,7 +22400,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         }
 
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
             return BAD_LENGTH_E;
         }
 #endif
@@ -13022,7 +22631,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     #ifdef HAVE_AES_DECRYPT
     int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
-        word32 numBlocks = sz / AES_BLOCK_SIZE;
+        word32 numBlocks = sz / WC_AES_BLOCK_SIZE;
 
         if (aes == NULL || out == NULL || in == NULL) {
             return BAD_FUNC_ARG;
@@ -13032,7 +22641,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
             return 0;
         }
 
-        if (sz % AES_BLOCK_SIZE) {
+        if (sz % WC_AES_BLOCK_SIZE) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
             return BAD_LENGTH_E;
 #else
@@ -13855,7 +23464,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
 
-    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+    tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
 
     /* consume any unused bytes left in aes->tmp */
     while ((aes->left != 0) && (sz != 0)) {
@@ -13865,22 +23474,22 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* do as many block size ops as possible */
-    numBlocks = sz / AES_BLOCK_SIZE;
+    numBlocks = sz / WC_AES_BLOCK_SIZE;
     if (numBlocks > 0) {
         wc_aes_ctr_encrypt_asm(aes, out, in, numBlocks);
 
-        sz  -= numBlocks * AES_BLOCK_SIZE;
-        out += numBlocks * AES_BLOCK_SIZE;
-        in  += numBlocks * AES_BLOCK_SIZE;
+        sz  -= numBlocks * WC_AES_BLOCK_SIZE;
+        out += numBlocks * WC_AES_BLOCK_SIZE;
+        in  += numBlocks * WC_AES_BLOCK_SIZE;
     }
 
     /* handle non block size remaining */
     if (sz) {
-        byte zeros[AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
+        byte zeros[WC_AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
                                        0, 0, 0, 0, 0, 0, 0, 0 };
         wc_aes_ctr_encrypt_asm(aes, (byte*)aes->tmp, zeros, 1);
 
-        aes->left = AES_BLOCK_SIZE;
+        aes->left = WC_AES_BLOCK_SIZE;
         tmp = (byte*)aes->tmp;
 
         while (sz--) {
@@ -13968,43 +23577,43 @@ void GMULT(byte* X, byte* Y)
 void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
     byte* s, word32 sSz)
 {
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
     byte* h = gcm->H;
 
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, a, AES_BLOCK_SIZE);
+            xorbuf(x, a, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, a, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
         }
     }
 
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
-            xorbuf(x, c, AES_BLOCK_SIZE);
+            xorbuf(x, c, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, c, partial);
-            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
             GMULT(x, h);
         }
     }
@@ -14012,7 +23621,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
     /* Hash in the lengths of A and C in bits */
     FlattenSzInBits(&scratch[0], aSz);
     FlattenSzInBits(&scratch[8], cSz);
-    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    xorbuf(x, scratch, WC_AES_BLOCK_SIZE);
     GMULT(x, h);
 
     /* Copy the result into s. */
@@ -14038,14 +23647,14 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                    byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-    word32 blocks = sz / AES_BLOCK_SIZE;
-    word32 partial = sz % AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
     const byte* p = in;
     byte* c = out;
-    byte counter[AES_BLOCK_SIZE];
-    byte initialCounter[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte initialCounter[WC_AES_BLOCK_SIZE];
     byte *ctr ;
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     ctr = counter ;
 
     /* sanity checks */
@@ -14057,28 +23666,28 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return BAD_FUNC_ARG;
     }
 
-    if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ || authTagSz > AES_BLOCK_SIZE) {
+    if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ || authTagSz > WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("GcmEncrypt authTagSz error");
         return BAD_FUNC_ARG;
     }
 
-    XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
+    XMEMSET(initialCounter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
-        initialCounter[AES_BLOCK_SIZE - 1] = 1;
+        initialCounter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, initialCounter, WC_AES_BLOCK_SIZE);
     }
-    XMEMCPY(ctr, initialCounter, AES_BLOCK_SIZE);
+    XMEMCPY(ctr, initialCounter, WC_AES_BLOCK_SIZE);
 
     while (blocks--) {
         IncrementGcmCounter(ctr);
         wc_AesEncrypt(aes, ctr, scratch);
-        xorbuf(scratch, p, AES_BLOCK_SIZE);
-        XMEMCPY(c, scratch, AES_BLOCK_SIZE);
-        p += AES_BLOCK_SIZE;
-        c += AES_BLOCK_SIZE;
+        xorbuf(scratch, p, WC_AES_BLOCK_SIZE);
+        XMEMCPY(c, scratch, WC_AES_BLOCK_SIZE);
+        p += WC_AES_BLOCK_SIZE;
+        c += WC_AES_BLOCK_SIZE;
     }
 
     if (partial != 0) {
@@ -14091,8 +23700,8 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
     GHASH(&aes->gcm, authIn, authInSz, out, sz, authTag, authTagSz);
     wc_AesEncrypt(aes, initialCounter, scratch);
-    if (authTagSz > AES_BLOCK_SIZE) {
-        xorbuf(authTag, scratch, AES_BLOCK_SIZE);
+    if (authTagSz > WC_AES_BLOCK_SIZE) {
+        xorbuf(authTag, scratch, WC_AES_BLOCK_SIZE);
     }
     else {
         xorbuf(authTag, scratch, authTagSz);
@@ -14121,39 +23730,39 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                    const byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-    word32 blocks = sz / AES_BLOCK_SIZE;
-    word32 partial = sz % AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
     const byte* c = in;
     byte* p = out;
-    byte counter[AES_BLOCK_SIZE];
-    byte initialCounter[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte initialCounter[WC_AES_BLOCK_SIZE];
     byte *ctr ;
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     ctr = counter ;
 
     /* sanity checks */
     if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
-        authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 ||
+        authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || authTagSz == 0 ||
         ivSz == 0) {
         WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
         return BAD_FUNC_ARG;
     }
 
-    XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
+    XMEMSET(initialCounter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
-        initialCounter[AES_BLOCK_SIZE - 1] = 1;
+        initialCounter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, initialCounter, WC_AES_BLOCK_SIZE);
     }
-    XMEMCPY(ctr, initialCounter, AES_BLOCK_SIZE);
+    XMEMCPY(ctr, initialCounter, WC_AES_BLOCK_SIZE);
 
     /* Calculate the authTag again using the received auth data and the
      * cipher text. */
     {
-        byte Tprime[AES_BLOCK_SIZE];
-        byte EKY0[AES_BLOCK_SIZE];
+        byte Tprime[WC_AES_BLOCK_SIZE];
+        byte EKY0[WC_AES_BLOCK_SIZE];
 
         GHASH(&aes->gcm, authIn, authInSz, in, sz, Tprime, sizeof(Tprime));
         wc_AesEncrypt(aes, ctr, EKY0);
@@ -14167,10 +23776,11 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     while (blocks--) {
         IncrementGcmCounter(ctr);
         wc_AesEncrypt(aes, ctr, scratch);
-        xorbuf(scratch, c, AES_BLOCK_SIZE);
-        XMEMCPY(p, scratch, AES_BLOCK_SIZE);
-        p += AES_BLOCK_SIZE;
-        c += AES_BLOCK_SIZE;
+#endif
+        xorbuf(scratch, c, WC_AES_BLOCK_SIZE);
+        XMEMCPY(p, scratch, WC_AES_BLOCK_SIZE);
+        p += WC_AES_BLOCK_SIZE;
+        c += WC_AES_BLOCK_SIZE;
     }
     if (partial != 0) {
         IncrementGcmCounter(ctr);
@@ -14189,20 +23799,19 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 #endif /* HAVE_AES_DECRYPT */
 #endif /* HAVE_AESGCM */
 
-#endif /* aarch64 */
-
 #ifdef HAVE_AESGCM
 #ifdef WOLFSSL_AESGCM_STREAM
+#ifndef __aarch64__
     /* Access initialization counter data. */
-    #define AES_INITCTR(aes)        ((aes)->streamData + 0 * AES_BLOCK_SIZE)
+    #define AES_INITCTR(aes)        ((aes)->streamData + 0 * WC_AES_BLOCK_SIZE)
     /* Access counter data. */
-    #define AES_COUNTER(aes)        ((aes)->streamData + 1 * AES_BLOCK_SIZE)
+    #define AES_COUNTER(aes)        ((aes)->streamData + 1 * WC_AES_BLOCK_SIZE)
     /* Access tag data. */
-    #define AES_TAG(aes)            ((aes)->streamData + 2 * AES_BLOCK_SIZE)
+    #define AES_TAG(aes)            ((aes)->streamData + 2 * WC_AES_BLOCK_SIZE)
     /* Access last GHASH block. */
-    #define AES_LASTGBLOCK(aes)     ((aes)->streamData + 3 * AES_BLOCK_SIZE)
+    #define AES_LASTGBLOCK(aes)     ((aes)->streamData + 3 * WC_AES_BLOCK_SIZE)
     /* Access last encrypted block. */
-    #define AES_LASTBLOCK(aes)      ((aes)->streamData + 4 * AES_BLOCK_SIZE)
+    #define AES_LASTBLOCK(aes)      ((aes)->streamData + 4 * WC_AES_BLOCK_SIZE)
 
 /* GHASH one block of data.
  *
@@ -14213,7 +23822,7 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  */
 #define GHASH_ONE_BLOCK(aes, block)                     \
     do {                                                \
-        xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE);    \
+        xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE);    \
         GMULT(AES_TAG(aes), aes->gcm.H);                \
     }                                                   \
     while (0)
@@ -14226,7 +23835,7 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  */
 #define GHASH_LEN_BLOCK(aes)                    \
     do {                                        \
-        byte scratch[AES_BLOCK_SIZE];           \
+        byte scratch[WC_AES_BLOCK_SIZE];           \
         FlattenSzInBits(&scratch[0], aes->aSz); \
         FlattenSzInBits(&scratch[8], aes->cSz); \
         GHASH_ONE_BLOCK(aes, scratch);          \
@@ -14248,7 +23857,7 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
  */
 static void GHASH_INIT(Aes* aes) {
     /* Set tag to all zeros as initial value. */
-    XMEMSET(AES_TAG(aes), 0, AES_BLOCK_SIZE);
+    XMEMSET(AES_TAG(aes), 0, WC_AES_BLOCK_SIZE);
     /* Reset counts of AAD and cipher text. */
     aes->aOver = 0;
     aes->cOver = 0;
@@ -14275,14 +23884,14 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         /* Check if we have unprocessed data. */
         if (aes->aOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->aOver;
+            byte sz = WC_AES_BLOCK_SIZE - aes->aOver;
             if (sz > aSz) {
                 sz = aSz;
             }
             /* Copy extra into last GHASH block array and update count. */
             XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz);
             aes->aOver += sz;
-            if (aes->aOver == AES_BLOCK_SIZE) {
+            if (aes->aOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
                 GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
                 /* Reset count. */
@@ -14294,12 +23903,12 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         }
 
         /* Calculate number of blocks of AAD and the leftover. */
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         /* GHASH full blocks now. */
         while (blocks--) {
             GHASH_ONE_BLOCK(aes, a);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Cache the partial block. */
@@ -14310,7 +23919,7 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
     if (aes->aOver > 0 && cSz > 0 && c != NULL) {
         /* No more AAD coming and we have a partial block. */
         /* Fill the rest of the block with zeros. */
-        byte sz = AES_BLOCK_SIZE - aes->aOver;
+        byte sz = WC_AES_BLOCK_SIZE - aes->aOver;
         XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0, sz);
         /* GHASH last AAD block. */
         GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
@@ -14324,14 +23933,14 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         aes->cSz += cSz;
         if (aes->cOver > 0) {
             /* Calculate amount we can use - fill up the block. */
-            byte sz = AES_BLOCK_SIZE - aes->cOver;
+            byte sz = WC_AES_BLOCK_SIZE - aes->cOver;
             if (sz > cSz) {
                 sz = cSz;
             }
             XMEMCPY(AES_LASTGBLOCK(aes) + aes->cOver, c, sz);
             /* Update count of unused encrypted counter. */
             aes->cOver += sz;
-            if (aes->cOver == AES_BLOCK_SIZE) {
+            if (aes->cOver == WC_AES_BLOCK_SIZE) {
                 /* We have filled up the block and can process. */
                 GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
                 /* Reset count. */
@@ -14343,12 +23952,12 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
         }
 
         /* Calculate number of blocks of cipher text and the leftover. */
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         /* GHASH full blocks now. */
         while (blocks--) {
             GHASH_ONE_BLOCK(aes, c);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
             /* Cache the partial block. */
@@ -14377,7 +23986,7 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz)
     }
     if (over > 0) {
         /* Zeroize the unused part of the block. */
-        XMEMSET(AES_LASTGBLOCK(aes) + over, 0, AES_BLOCK_SIZE - over);
+        XMEMSET(AES_LASTGBLOCK(aes) + over, 0, WC_AES_BLOCK_SIZE - over);
         /* Hash the last block of cipher text. */
         GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
     }
@@ -14395,14 +24004,14 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz)
  */
 static void AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz)
 {
-    ALIGN32 byte counter[AES_BLOCK_SIZE];
+    ALIGN32 byte counter[WC_AES_BLOCK_SIZE];
 
     if (ivSz == GCM_NONCE_MID_SZ) {
         /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
         XMEMCPY(counter, iv, ivSz);
         XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
-                                         AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+                                      WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
         /* Counter is GHASH of IV. */
@@ -14410,17 +24019,27 @@ static void AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz)
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
     #endif
-        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
+    #ifdef __aarch64__
+        GHASH_AARCH64(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
+        GMULT_AARCH64(counter, aes->gcm.H);
+    #else
+        GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE);
         GMULT(counter, aes->gcm.H);
+    #endif
     #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
     #endif
     }
 
     /* Copy in the counter for use with cipher. */
-    XMEMCPY(AES_COUNTER(aes), counter, AES_BLOCK_SIZE);
+    XMEMCPY(AES_COUNTER(aes), counter, WC_AES_BLOCK_SIZE);
     /* Encrypt initial counter into a buffer for GCM. */
+#ifdef __aarch64__
+    AES_encrypt_AARCH64(counter, AES_INITCTR(aes), (byte*)aes->key,
+        aes->rounds);
+#else
     wc_AesEncrypt(aes, counter, AES_INITCTR(aes));
+#endif
     /* Reset state fields. */
     aes->over = 0;
     aes->aSz = 0;
@@ -14445,12 +24064,12 @@ static void AesGcmCryptUpdate_C(Aes* aes, byte* out, const byte* in, word32 sz)
 
     /* Check if previous encrypted block was not used up. */
     if (aes->over > 0) {
-        byte pSz = AES_BLOCK_SIZE - aes->over;
+        byte pSz = WC_AES_BLOCK_SIZE - aes->over;
         if (pSz > sz) pSz = sz;
 
         /* Use some/all of last encrypted block. */
         xorbufout(out, AES_LASTBLOCK(aes) + aes->over, in, pSz);
-        aes->over = (aes->over + pSz) & (AES_BLOCK_SIZE - 1);
+        aes->over = (aes->over + pSz) & (WC_AES_BLOCK_SIZE - 1);
 
         /* Some data used. */
         sz  -= pSz;
@@ -14460,27 +24079,37 @@ static void AesGcmCryptUpdate_C(Aes* aes, byte* out, const byte* in, word32 sz)
 
     /* Calculate the number of blocks needing to be encrypted and any leftover.
      */
-    blocks  = sz / AES_BLOCK_SIZE;
-    partial = sz & (AES_BLOCK_SIZE - 1);
+    blocks  = sz / WC_AES_BLOCK_SIZE;
+    partial = sz & (WC_AES_BLOCK_SIZE - 1);
 
     /* Encrypt block by block. */
     while (blocks--) {
-        ALIGN32 byte scratch[AES_BLOCK_SIZE];
+        ALIGN32 byte scratch[WC_AES_BLOCK_SIZE];
         IncrementGcmCounter(AES_COUNTER(aes));
         /* Encrypt counter into a buffer. */
+    #ifdef __aarch64__
+        AES_encrypt_AARCH64(AES_COUNTER(aes), scratch, (byte*)aes->key,
+             aes->rounds);
+    #else
         wc_AesEncrypt(aes, AES_COUNTER(aes), scratch);
+    #endif
         /* XOR plain text into encrypted counter into cipher text buffer. */
-        xorbufout(out, scratch, in, AES_BLOCK_SIZE);
+        xorbufout(out, scratch, in, WC_AES_BLOCK_SIZE);
         /* Data complete. */
-        in  += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        in  += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
 
     if (partial != 0) {
         /* Generate an extra block and use up as much as needed. */
         IncrementGcmCounter(AES_COUNTER(aes));
         /* Encrypt counter into cache. */
+    #ifdef __aarch64__
+        AES_encrypt_AARCH64(AES_COUNTER(aes), AES_LASTBLOCK(aes),
+            (byte*)aes->key, (int)aes->rounds);
+    #else
         wc_AesEncrypt(aes, AES_COUNTER(aes), AES_LASTBLOCK(aes));
+    #endif
         /* XOR plain text into encrypted counter into cipher text buffer. */
         xorbufout(out, AES_LASTBLOCK(aes), in, partial);
         /* Keep amount of encrypted block used. */
@@ -14505,7 +24134,7 @@ static void AesGcmFinal_C(Aes* aes, byte* authTag, word32 authTagSz)
     aes->gcm.aadLen = aes->aSz;
 #endif
     /* Zeroize last block to protect sensitive data. */
-    ForceZero(AES_LASTBLOCK(aes), AES_BLOCK_SIZE);
+    ForceZero(AES_LASTBLOCK(aes), WC_AES_BLOCK_SIZE);
 }
 
 /* Initialize an AES GCM cipher for encryption or decryption.
@@ -14536,7 +24165,7 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
     if ((ret == 0) && (aes->streamData == NULL)) {
         /* Allocate buffers for streaming. */
-        aes->streamData = (byte*)XMALLOC(5 * AES_BLOCK_SIZE, aes->heap,
+        aes->streamData = (byte*)XMALLOC(5 * WC_AES_BLOCK_SIZE, aes->heap,
                                                               DYNAMIC_TYPE_AES);
         if (aes->streamData == NULL) {
             ret = MEMORY_E;
@@ -14551,7 +24180,7 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
 
     if (ret == 0) {
         /* Set the IV passed in if it is smaller than a block. */
-        if ((iv != NULL) && (ivSz <= AES_BLOCK_SIZE)) {
+        if ((iv != NULL) && (ivSz <= WC_AES_BLOCK_SIZE)) {
             XMEMMOVE((byte*)aes->reg, iv, ivSz);
             aes->nonceSz = ivSz;
         }
@@ -14685,7 +24314,7 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz)
     int ret = 0;
 
     /* Check validity of parameters. */
-    if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) ||
+    if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) ||
             (authTagSz == 0)) {
         ret = BAD_FUNC_ARG;
     }
@@ -14796,7 +24425,7 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
     int ret = 0;
 
     /* Check validity of parameters. */
-    if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) ||
+    if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) ||
             (authTagSz == 0)) {
         ret = BAD_FUNC_ARG;
     }
@@ -14812,7 +24441,7 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
 
     if (ret == 0) {
         /* Calculate authentication tag and compare with one passed in.. */
-        ALIGN32 byte calcTag[AES_BLOCK_SIZE];
+        ALIGN32 byte calcTag[WC_AES_BLOCK_SIZE];
         /* Calculate authentication tag. */
         AesGcmFinal_C(aes, calcTag, authTagSz);
         /* Check calculated tag matches the one passed in. */
@@ -14824,21 +24453,23 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
     return ret;
 }
 #endif /* HAVE_AES_DECRYPT || HAVE_AESGCM_DECRYPT */
+#endif /* !__aarch64__ */
 #endif /* WOLFSSL_AESGCM_STREAM */
 #endif /* HAVE_AESGCM */
 
 
 #ifdef HAVE_AESCCM
+#ifndef __aarch64__
 /* Software version of AES-CCM from wolfcrypt/src/aes.c
  * Gets some speed up from hardware acceleration of wc_AesEncrypt */
 
 static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out)
 {
     /* process the bulk of the data */
-    while (inSz >= AES_BLOCK_SIZE) {
-        xorbuf(out, in, AES_BLOCK_SIZE);
-        in += AES_BLOCK_SIZE;
-        inSz -= AES_BLOCK_SIZE;
+    while (inSz >= WC_AES_BLOCK_SIZE) {
+        xorbuf(out, in, WC_AES_BLOCK_SIZE);
+        in += WC_AES_BLOCK_SIZE;
+        inSz -= WC_AES_BLOCK_SIZE;
 
         wc_AesEncrypt(aes, out, out);
     }
@@ -14877,7 +24508,7 @@ static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out)
         return;
 
     /* start fill out the rest of the first block */
-    remainder = AES_BLOCK_SIZE - authLenSz;
+    remainder = WC_AES_BLOCK_SIZE - authLenSz;
     if (inSz >= remainder) {
         /* plenty of bulk data to fill the remainder of this block */
         xorbuf(out + authLenSz, in, remainder);
@@ -14901,7 +24532,7 @@ static WC_INLINE void AesCcmCtrInc(byte* B, word32 lenSz)
     word32 i;
 
     for (i = 0; i < lenSz; i++) {
-        if (++B[AES_BLOCK_SIZE - 1 - i] != 0) return;
+        if (++B[WC_AES_BLOCK_SIZE - 1 - i] != 0) return;
     }
 }
 
@@ -14912,8 +24543,8 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-    byte A[AES_BLOCK_SIZE];
-    byte B[AES_BLOCK_SIZE];
+    byte A[WC_AES_BLOCK_SIZE];
+    byte B[WC_AES_BLOCK_SIZE];
     byte lenSz;
     word32 i;
     byte mask     = 0xFF;
@@ -14928,15 +24559,29 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz,
+                                      authTag, authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B[0] = (authInSz > 0 ? 64 : 0)
          + (8 * (((byte)authTagSz - 2) / 2))
          + (lenSz - 1);
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
     }
 
     wc_AesEncrypt(aes, B, A);
@@ -14949,20 +24594,20 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     wc_AesEncrypt(aes, B, A);
     xorbuf(authTag, A, authTagSz);
 
     B[15] = 1;
-    while (inSz >= AES_BLOCK_SIZE) {
+    while (inSz >= WC_AES_BLOCK_SIZE) {
         wc_AesEncrypt(aes, B, A);
-        xorbuf(A, in, AES_BLOCK_SIZE);
-        XMEMCPY(out, A, AES_BLOCK_SIZE);
+        xorbuf(A, in, WC_AES_BLOCK_SIZE);
+        XMEMCPY(out, A, WC_AES_BLOCK_SIZE);
 
         AesCcmCtrInc(B, lenSz);
-        inSz -= AES_BLOCK_SIZE;
-        in += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        inSz -= WC_AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
     if (inSz > 0) {
         wc_AesEncrypt(aes, B, A);
@@ -14970,8 +24615,8 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         XMEMCPY(out, A, inSz);
     }
 
-    ForceZero(A, AES_BLOCK_SIZE);
-    ForceZero(B, AES_BLOCK_SIZE);
+    ForceZero(A, WC_AES_BLOCK_SIZE);
+    ForceZero(B, WC_AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -14982,8 +24627,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    const byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-    byte A[AES_BLOCK_SIZE];
-    byte B[AES_BLOCK_SIZE];
+    byte A[WC_AES_BLOCK_SIZE];
+    byte B[WC_AES_BLOCK_SIZE];
     byte* o;
     byte lenSz;
     word32 i, oSz;
@@ -15000,25 +24645,39 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz,
+            authTag, authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     o = out;
     oSz = inSz;
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
 
     B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     B[15] = 1;
 
-    while (oSz >= AES_BLOCK_SIZE) {
+    while (oSz >= WC_AES_BLOCK_SIZE) {
         wc_AesEncrypt(aes, B, A);
-        xorbuf(A, in, AES_BLOCK_SIZE);
-        XMEMCPY(o, A, AES_BLOCK_SIZE);
+        xorbuf(A, in, WC_AES_BLOCK_SIZE);
+        XMEMCPY(o, A, WC_AES_BLOCK_SIZE);
 
         AesCcmCtrInc(B, lenSz);
-        oSz -= AES_BLOCK_SIZE;
-        in += AES_BLOCK_SIZE;
-        o += AES_BLOCK_SIZE;
+        oSz -= WC_AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        o += WC_AES_BLOCK_SIZE;
     }
     if (inSz > 0) {
         wc_AesEncrypt(aes, B, A);
@@ -15027,7 +24686,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     }
 
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     wc_AesEncrypt(aes, B, A);
 
     o = out;
@@ -15039,7 +24698,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
     }
 
     wc_AesEncrypt(aes, B, A);
@@ -15051,7 +24710,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     wc_AesEncrypt(aes, B, B);
     xorbuf(A, B, authTagSz);
 
@@ -15063,27 +24722,46 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         result = AES_CCM_AUTH_E;
     }
 
-    ForceZero(A, AES_BLOCK_SIZE);
-    ForceZero(B, AES_BLOCK_SIZE);
+    ForceZero(A, WC_AES_BLOCK_SIZE);
+    ForceZero(B, WC_AES_BLOCK_SIZE);
     o = NULL;
 
     return result;
 }
 #endif /* HAVE_AES_DECRYPT */
+#endif /* !__aarch64__ */
 #endif /* HAVE_AESCCM */
 
 
 
 #ifdef HAVE_AESGCM /* common GCM functions 32 and 64 bit */
+#if defined(__aarch64__)
+void AES_GCM_set_key_AARCH64(Aes* aes, byte* iv)
+{
+
+    AES_encrypt_AARCH64(iv, aes->gcm.H, (byte*)aes->key, aes->rounds);
+    {
+        word32* pt = (word32*)aes->gcm.H;
+        __asm__ volatile (
+            "LD1 {v0.16b}, [%[h]] \n"
+            "RBIT v0.16b, v0.16b \n"
+            "ST1 {v0.16b}, [%[out]] \n"
+            : [out] "=r" (pt)
+            : [h] "0" (pt)
+            : "cc", "memory", "v0"
+        );
+    }
+}
+#else
 int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 {
     int  ret;
-    byte iv[AES_BLOCK_SIZE];
+    byte iv[WC_AES_BLOCK_SIZE];
 
     if (!((len == 16) || (len == 24) || (len == 32)))
         return BAD_FUNC_ARG;
 
-    XMEMSET(iv, 0, AES_BLOCK_SIZE);
+    XMEMSET(iv, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
 
     if (ret == 0) {
@@ -15092,19 +24770,6 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 #endif
 
         wc_AesEncrypt(aes, iv, aes->gcm.H);
-    #if defined(__aarch64__)
-        {
-            word32* pt = (word32*)aes->gcm.H;
-            __asm__ volatile (
-                "LD1 {v0.16b}, [%[h]] \n"
-                "RBIT v0.16b, v0.16b \n"
-                "ST1 {v0.16b}, [%[out]] \n"
-                : [out] "=r" (pt)
-                : [h] "0" (pt)
-                : "cc", "memory", "v0"
-            );
-        }
-    #else
         {
             word32* pt = (word32*)aes->gcm.H;
             __asm__ volatile (
@@ -15117,14 +24782,15 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
                 : "cc", "memory", "q0"
             );
         }
-    #endif
     }
 
     return ret;
 }
+#endif
 
 #endif /* HAVE_AESGCM */
 
+#ifndef __aarch64__
 /* AES-DIRECT */
 #if defined(WOLFSSL_AES_DIRECT)
         /* Allow direct access to one block encrypt */
@@ -15148,6 +24814,7 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
         }
     #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_DIRECT */
+#endif /* !__aarch64__ */
 
 #ifdef WOLFSSL_AES_XTS
 
@@ -15326,30 +24993,16 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
  * in    input plain text buffer to encrypt
  * sz    size of both out and in buffers
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
- *       adds a sanity check on how the user calls the function.
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this
+ *       input adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
  */
-int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
-        const byte* i, word32 iSz)
+void AES_XTS_encrypt_AARCH64(XtsAes* xaes, byte* out, const byte* in, word32 sz,
+        const byte* i)
 {
-    int ret = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
-    byte tmp[AES_BLOCK_SIZE];
-
-    if (xaes == NULL || out == NULL || in == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (iSz < AES_BLOCK_SIZE) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (blocks == 0) {
-        WOLFSSL_MSG("Plain text input too small for encryption");
-        return BAD_FUNC_ARG;
-    }
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
+    byte tmp[WC_AES_BLOCK_SIZE];
 
     __asm__ __volatile__ (
         "MOV x19, 0x87 \n"
@@ -15651,8 +25304,6 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
           "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
           "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23"
     );
-
-    return ret;
 }
 
 /* Same process as encryption but Aes key is AES_DECRYPTION type.
@@ -15662,31 +25313,17 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
  * in    input cipher text buffer to decrypt
  * sz    size of both out and in buffers
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
- *       adds a sanity check on how the user calls the function.
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this
+ *       input adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
  */
-int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
-        const byte* i, word32 iSz)
+void AES_XTS_decrypt_AARCH64(XtsAes* xaes, byte* out, const byte* in, word32 sz,
+     const byte* i)
 {
-    int ret = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
-    byte tmp[AES_BLOCK_SIZE];
-    byte stl = (sz % AES_BLOCK_SIZE);
-
-    if (xaes == NULL || out == NULL || in == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (iSz < AES_BLOCK_SIZE) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (blocks == 0) {
-        WOLFSSL_MSG("Plain text input too small for encryption");
-        return BAD_FUNC_ARG;
-    }
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
+    byte tmp[WC_AES_BLOCK_SIZE];
+    byte stl = (sz % WC_AES_BLOCK_SIZE);
 
     /* if Stealing then break out of loop one block early to handle special
      * case */
@@ -15999,8 +25636,6 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
           "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
           "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23"
     );
-
-    return ret;
 }
 #else
 
@@ -16199,8 +25834,8 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
  * in    input plain text buffer to encrypt
  * sz    size of both out and in buffers
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
- *       adds a sanity check on how the user calls the function.
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this
+ *       input adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
  */
@@ -16208,15 +25843,15 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         const byte* i, word32 iSz)
 {
     int ret = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
-    byte tmp[AES_BLOCK_SIZE];
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
+    byte tmp[WC_AES_BLOCK_SIZE];
     word32* key2 = xaes->tweak.key;
 
     if (xaes == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    if (iSz < AES_BLOCK_SIZE) {
+    if (iSz < WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
@@ -16333,8 +25968,8 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
  * in    input cipher text buffer to decrypt
  * sz    size of both out and in buffers
  * i     value to use for tweak
- * iSz   size of i buffer, should always be AES_BLOCK_SIZE but having this input
- *       adds a sanity check on how the user calls the function.
+ * iSz   size of i buffer, should always be WC_AES_BLOCK_SIZE but having this
+ *       input adds a sanity check on how the user calls the function.
  *
  * returns 0 on success
  */
@@ -16342,16 +25977,16 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
         const byte* i, word32 iSz)
 {
     int ret = 0;
-    word32 blocks = (sz / AES_BLOCK_SIZE);
-    byte tmp[AES_BLOCK_SIZE];
-    byte stl = (sz % AES_BLOCK_SIZE);
+    word32 blocks = (sz / WC_AES_BLOCK_SIZE);
+    byte tmp[WC_AES_BLOCK_SIZE];
+    byte stl = (sz % WC_AES_BLOCK_SIZE);
     word32* key2 = xaes->tweak.key;
 
     if (xaes == NULL || out == NULL || in == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    if (iSz < AES_BLOCK_SIZE) {
+    if (iSz < WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
@@ -16509,18 +26144,21 @@ extern void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
 extern void AES_CTR_encrypt(const unsigned char* in, unsigned char* out,
     unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
 #if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
-/* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved. */
-extern void GCM_gmult_len(byte* x, /* const */ byte m[32][AES_BLOCK_SIZE],
+/* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved.
+ */
+extern void GCM_gmult_len(byte* x, /* const */ byte m[32][WC_AES_BLOCK_SIZE],
     const unsigned char* data, unsigned long len);
 #endif
 extern void AES_GCM_encrypt(const unsigned char* in, unsigned char* out,
     unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
 
+#ifndef __aarch64__
 int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
             const byte* iv, int dir)
 {
 #if defined(AES_MAX_KEY_SIZE)
     const word32 max_key_len = (AES_MAX_KEY_SIZE / 8);
+    word32 userKey_aligned[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)];
 #endif
 
     if (((keylen != 16) && (keylen != 24) && (keylen != 32)) ||
@@ -16535,14 +26173,41 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     }
 #endif
 
-#ifdef WOLFSSL_AES_COUNTER
+#if !defined(AES_MAX_KEY_SIZE)
+    /* Check alignment */
+    if ((unsigned long)userKey & (sizeof(aes->key[0]) - 1U)) {
+        return BAD_FUNC_ARG;
+    }
+#endif
+
+#ifdef WOLF_CRYPTO_CB
+    if (aes->devId != INVALID_DEVID) {
+        if (keylen > sizeof(aes->devKey)) {
+            return BAD_FUNC_ARG;
+        }
+        XMEMCPY(aes->devKey, userKey, keylen);
+    }
+#endif
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
-#endif /* WOLFSSL_AES_COUNTER */
+#endif
 
     aes->keylen = keylen;
     aes->rounds = keylen/4 + 6;
 
-    AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key);
+#if defined(AES_MAX_KEY_SIZE)
+    if ((unsigned long)userKey & (sizeof(aes->key[0]) - 1U)) {
+        XMEMCPY(userKey_aligned, userKey, keylen);
+        AES_set_encrypt_key((byte *)userKey_aligned, keylen * 8,
+                            (byte*)aes->key);
+    }
+    else
+#endif
+    {
+        AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key);
+    }
+
 #ifdef HAVE_AES_DECRYPT
     if (dir == AES_DECRYPTION) {
         AES_invert_key((byte*)aes->key, aes->rounds);
@@ -16569,9 +26234,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         return BAD_FUNC_ARG;
 
     if (iv)
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
     else
-        XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
+        XMEMSET(aes->reg,  0, WC_AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -16584,7 +26249,21 @@ static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
         return KEYUSAGE_E;
     }
 
-    AES_ECB_encrypt(inBlock, outBlock, AES_BLOCK_SIZE,
+#ifdef MAX3266X_CB /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret_cb = wc_CryptoCb_AesEcbEncrypt(aes, outBlock, inBlock,
+                                            WC_AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            return ret_cb;
+        }
+        /* fall-through when unavailable */
+    }
+#endif
+
+    AES_ECB_encrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     return 0;
 }
@@ -16598,7 +26277,20 @@ static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
         return KEYUSAGE_E;
     }
 
-    AES_ECB_decrypt(inBlock, outBlock, AES_BLOCK_SIZE,
+#ifdef MAX3266X_CB /* Can do a basic ECB block */
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret_cb = wc_CryptoCb_AesEcbDecrypt(aes, outBlock, inBlock,
+                                            WC_AES_BLOCK_SIZE);
+        if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret_cb;
+        /* fall-through when unavailable */
+    }
+#endif
+
+    AES_ECB_decrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     return 0;
 }
@@ -16644,7 +26336,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     if (sz == 0) {
         return 0;
     }
-    if (sz % AES_BLOCK_SIZE) {
+    if (sz % WC_AES_BLOCK_SIZE) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
         return BAD_LENGTH_E;
 #else
@@ -16652,6 +26344,18 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #endif
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret = wc_CryptoCb_AesCbcEncrypt(aes, out, in, sz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     AES_CBC_encrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds,
         (unsigned char*)aes->reg);
 
@@ -16673,7 +26377,7 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     if (sz == 0) {
         return 0;
     }
-    if (sz % AES_BLOCK_SIZE) {
+    if (sz % WC_AES_BLOCK_SIZE) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
         return BAD_LENGTH_E;
 #else
@@ -16681,6 +26385,18 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #endif
     }
 
+    #ifdef WOLF_CRYPTO_CB
+        #ifndef WOLF_CRYPTO_CB_FIND
+        if (aes->devId != INVALID_DEVID)
+        #endif
+        {
+            int crypto_cb_ret = wc_CryptoCb_AesCbcDecrypt(aes, out, in, sz);
+            if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return crypto_cb_ret;
+            /* fall-through when unavailable */
+        }
+    #endif
+
     AES_CBC_decrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds,
         (unsigned char*)aes->reg);
 
@@ -16703,8 +26419,20 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         WOLFSSL_ERROR_VERBOSE(KEYUSAGE_E);
         return KEYUSAGE_E;
     }
+    #ifdef WOLF_CRYPTO_CB
+        #ifndef WOLF_CRYPTO_CB_FIND
+        if (aes->devId != INVALID_DEVID)
+        #endif
+        {
+            int crypto_cb_ret = wc_CryptoCb_AesCtrEncrypt(aes, out, in, sz);
+            if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return crypto_cb_ret;
+            /* fall-through when unavailable */
+        }
+    #endif
 
-    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+
+    tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
     /* consume any unused bytes left in aes->tmp */
     while ((aes->left != 0) && (sz != 0)) {
        *(out++) = *(in++) ^ *(tmp++);
@@ -16713,25 +26441,25 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* do as many block size ops as possible */
-    numBlocks = sz / AES_BLOCK_SIZE;
+    numBlocks = sz / WC_AES_BLOCK_SIZE;
     if (numBlocks > 0) {
-        AES_CTR_encrypt(in, out, numBlocks * AES_BLOCK_SIZE, (byte*)aes->key,
+        AES_CTR_encrypt(in, out, numBlocks * WC_AES_BLOCK_SIZE, (byte*)aes->key,
             aes->rounds, (byte*)aes->reg);
 
-        sz  -= numBlocks * AES_BLOCK_SIZE;
-        out += numBlocks * AES_BLOCK_SIZE;
-        in  += numBlocks * AES_BLOCK_SIZE;
+        sz  -= numBlocks * WC_AES_BLOCK_SIZE;
+        out += numBlocks * WC_AES_BLOCK_SIZE;
+        in  += numBlocks * WC_AES_BLOCK_SIZE;
     }
 
     /* handle non block size remaining */
     if (sz) {
-        byte zeros[AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
+        byte zeros[WC_AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0,
                                        0, 0, 0, 0, 0, 0, 0, 0 };
 
-        AES_CTR_encrypt(zeros, (byte*)aes->tmp, AES_BLOCK_SIZE, (byte*)aes->key,
-            aes->rounds, (byte*)aes->reg);
+        AES_CTR_encrypt(zeros, (byte*)aes->tmp, WC_AES_BLOCK_SIZE,
+            (byte*)aes->key, aes->rounds, (byte*)aes->reg);
 
-        aes->left = AES_BLOCK_SIZE;
+        aes->left = WC_AES_BLOCK_SIZE;
         tmp = (byte*)aes->tmp;
 
         while (sz--) {
@@ -16757,10 +26485,10 @@ int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
 static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out)
 {
     /* process the bulk of the data */
-    while (inSz >= AES_BLOCK_SIZE) {
-        xorbuf(out, in, AES_BLOCK_SIZE);
-        in += AES_BLOCK_SIZE;
-        inSz -= AES_BLOCK_SIZE;
+    while (inSz >= WC_AES_BLOCK_SIZE) {
+        xorbuf(out, in, WC_AES_BLOCK_SIZE);
+        in += WC_AES_BLOCK_SIZE;
+        inSz -= WC_AES_BLOCK_SIZE;
 
         wc_AesEncrypt(aes, out, out);
     }
@@ -16799,7 +26527,7 @@ static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out)
         return;
 
     /* start fill out the rest of the first block */
-    remainder = AES_BLOCK_SIZE - authLenSz;
+    remainder = WC_AES_BLOCK_SIZE - authLenSz;
     if (inSz >= remainder) {
         /* plenty of bulk data to fill the remainder of this block */
         xorbuf(out + authLenSz, in, remainder);
@@ -16823,7 +26551,7 @@ static WC_INLINE void AesCcmCtrInc(byte* B, word32 lenSz)
     word32 i;
 
     for (i = 0; i < lenSz; i++) {
-        if (++B[AES_BLOCK_SIZE - 1 - i] != 0) return;
+        if (++B[WC_AES_BLOCK_SIZE - 1 - i] != 0) return;
     }
 }
 
@@ -16834,31 +26562,33 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-    byte A[AES_BLOCK_SIZE];
-    byte B[AES_BLOCK_SIZE];
+    byte A[WC_AES_BLOCK_SIZE];
+    byte B[WC_AES_BLOCK_SIZE];
     byte lenSz;
     word32 i;
     byte mask     = 0xFF;
     word32 wordSz = (word32)sizeof(word32);
 
     /* sanity check on arguments */
-    if (aes == NULL || out == NULL || in == NULL || nonce == NULL
-            || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+    if (aes == NULL || out == NULL || ((inSz > 0) && (in == NULL)) ||
+        nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+    {
         return BAD_FUNC_ARG;
+    }
 
     if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
         return BAD_FUNC_ARG;
     }
 
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B[0] = (authInSz > 0 ? 64 : 0)
          + (8 * (((byte)authTagSz - 2) / 2))
          + (lenSz - 1);
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
     }
 
     wc_AesEncrypt(aes, B, A);
@@ -16871,20 +26601,20 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     wc_AesEncrypt(aes, B, A);
     xorbuf(authTag, A, authTagSz);
 
     B[15] = 1;
-    while (inSz >= AES_BLOCK_SIZE) {
+    while (inSz >= WC_AES_BLOCK_SIZE) {
         wc_AesEncrypt(aes, B, A);
-        xorbuf(A, in, AES_BLOCK_SIZE);
-        XMEMCPY(out, A, AES_BLOCK_SIZE);
+        xorbuf(A, in, WC_AES_BLOCK_SIZE);
+        XMEMCPY(out, A, WC_AES_BLOCK_SIZE);
 
         AesCcmCtrInc(B, lenSz);
-        inSz -= AES_BLOCK_SIZE;
-        in += AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
+        inSz -= WC_AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        out += WC_AES_BLOCK_SIZE;
     }
     if (inSz > 0) {
         wc_AesEncrypt(aes, B, A);
@@ -16892,8 +26622,8 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         XMEMCPY(out, A, inSz);
     }
 
-    ForceZero(A, AES_BLOCK_SIZE);
-    ForceZero(B, AES_BLOCK_SIZE);
+    ForceZero(A, WC_AES_BLOCK_SIZE);
+    ForceZero(B, WC_AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -16904,8 +26634,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    const byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
 {
-    byte A[AES_BLOCK_SIZE];
-    byte B[AES_BLOCK_SIZE];
+    byte A[WC_AES_BLOCK_SIZE];
+    byte B[WC_AES_BLOCK_SIZE];
     byte* o;
     byte lenSz;
     word32 i, oSz;
@@ -16914,9 +26644,11 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     word32 wordSz = (word32)sizeof(word32);
 
     /* sanity check on arguments */
-    if (aes == NULL || out == NULL || in == NULL || nonce == NULL
-            || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+    if (aes == NULL || out == NULL || ((inSz > 0) && (in == NULL)) ||
+        nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+    {
         return BAD_FUNC_ARG;
+    }
 
     if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
         return BAD_FUNC_ARG;
@@ -16925,22 +26657,22 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     o = out;
     oSz = inSz;
     XMEMCPY(B+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
 
     B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     B[15] = 1;
 
-    while (oSz >= AES_BLOCK_SIZE) {
+    while (oSz >= WC_AES_BLOCK_SIZE) {
         wc_AesEncrypt(aes, B, A);
-        xorbuf(A, in, AES_BLOCK_SIZE);
-        XMEMCPY(o, A, AES_BLOCK_SIZE);
+        xorbuf(A, in, WC_AES_BLOCK_SIZE);
+        XMEMCPY(o, A, WC_AES_BLOCK_SIZE);
 
         AesCcmCtrInc(B, lenSz);
-        oSz -= AES_BLOCK_SIZE;
-        in += AES_BLOCK_SIZE;
-        o += AES_BLOCK_SIZE;
+        oSz -= WC_AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        o += WC_AES_BLOCK_SIZE;
     }
     if (inSz > 0) {
         wc_AesEncrypt(aes, B, A);
@@ -16949,7 +26681,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     }
 
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     wc_AesEncrypt(aes, B, A);
 
     o = out;
@@ -16961,7 +26693,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
     }
 
     wc_AesEncrypt(aes, B, A);
@@ -16973,7 +26705,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     B[0] = lenSz - 1;
     for (i = 0; i < lenSz; i++)
-        B[AES_BLOCK_SIZE - 1 - i] = 0;
+        B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
     wc_AesEncrypt(aes, B, B);
     xorbuf(A, B, authTagSz);
 
@@ -16985,8 +26717,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         result = AES_CCM_AUTH_E;
     }
 
-    ForceZero(A, AES_BLOCK_SIZE);
-    ForceZero(B, AES_BLOCK_SIZE);
+    ForceZero(A, WC_AES_BLOCK_SIZE);
+    ForceZero(B, WC_AES_BLOCK_SIZE);
     o = NULL;
 
     return result;
@@ -17001,7 +26733,7 @@ static WC_INLINE void RIGHTSHIFTX(byte* x)
     int carryIn = 0;
     byte borrow = (0x00 - (x[15] & 0x01)) & 0xE1;
 
-    for (i = 0; i < AES_BLOCK_SIZE; i++) {
+    for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
         int carryOut = (x[i] & 0x01) << 7;
         x[i] = (byte) ((x[i] >> 1) | carryIn);
         carryIn = carryOut;
@@ -17010,53 +26742,67 @@ static WC_INLINE void RIGHTSHIFTX(byte* x)
 }
 
 #if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
-void GenerateM0(Gcm* gcm)
+
+#if defined(__aarch64__) && !defined(BIG_ENDIAN_ORDER)
+static WC_INLINE void Shift4_M0(byte *r8, byte *z8)
 {
     int i;
-    byte (*m)[AES_BLOCK_SIZE] = gcm->M0;
+    for (i = 15; i > 0; i--)
+        r8[i] = (byte)(z8[i-1] << 4) | (byte)(z8[i] >> 4);
+    r8[0] = (byte)(z8[0] >> 4);
+}
+#endif
+
+void GenerateM0(Gcm* gcm)
+{
+#if !defined(__aarch64__) || !defined(BIG_ENDIAN_ORDER)
+    int i;
+#endif
+    byte (*m)[WC_AES_BLOCK_SIZE] = gcm->M0;
 
     /* 0 times -> 0x0 */
-    XMEMSET(m[0x0], 0, AES_BLOCK_SIZE);
+    XMEMSET(m[0x0], 0, WC_AES_BLOCK_SIZE);
     /* 1 times -> 0x8 */
-    XMEMCPY(m[0x8], gcm->H, AES_BLOCK_SIZE);
+    XMEMCPY(m[0x8], gcm->H, WC_AES_BLOCK_SIZE);
     /* 2 times -> 0x4 */
-    XMEMCPY(m[0x4], m[0x8], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x4], m[0x8], WC_AES_BLOCK_SIZE);
     RIGHTSHIFTX(m[0x4]);
     /* 4 times -> 0x2 */
-    XMEMCPY(m[0x2], m[0x4], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x2], m[0x4], WC_AES_BLOCK_SIZE);
     RIGHTSHIFTX(m[0x2]);
     /* 8 times -> 0x1 */
-    XMEMCPY(m[0x1], m[0x2], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x1], m[0x2], WC_AES_BLOCK_SIZE);
     RIGHTSHIFTX(m[0x1]);
 
     /* 0x3 */
-    XMEMCPY(m[0x3], m[0x2], AES_BLOCK_SIZE);
-    xorbuf (m[0x3], m[0x1], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x3], m[0x2], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x3], m[0x1], WC_AES_BLOCK_SIZE);
 
     /* 0x5 -> 0x7 */
-    XMEMCPY(m[0x5], m[0x4], AES_BLOCK_SIZE);
-    xorbuf (m[0x5], m[0x1], AES_BLOCK_SIZE);
-    XMEMCPY(m[0x6], m[0x4], AES_BLOCK_SIZE);
-    xorbuf (m[0x6], m[0x2], AES_BLOCK_SIZE);
-    XMEMCPY(m[0x7], m[0x4], AES_BLOCK_SIZE);
-    xorbuf (m[0x7], m[0x3], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x5], m[0x4], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x5], m[0x1], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0x6], m[0x4], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x6], m[0x2], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0x7], m[0x4], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x7], m[0x3], WC_AES_BLOCK_SIZE);
 
     /* 0x9 -> 0xf */
-    XMEMCPY(m[0x9], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0x9], m[0x1], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xa], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xa], m[0x2], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xb], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xb], m[0x3], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xc], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xc], m[0x4], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xd], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xd], m[0x5], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xe], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xe], m[0x6], AES_BLOCK_SIZE);
-    XMEMCPY(m[0xf], m[0x8], AES_BLOCK_SIZE);
-    xorbuf (m[0xf], m[0x7], AES_BLOCK_SIZE);
+    XMEMCPY(m[0x9], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0x9], m[0x1], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xa], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xa], m[0x2], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xb], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xb], m[0x3], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xc], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xc], m[0x4], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xd], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xd], m[0x5], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xe], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xe], m[0x6], WC_AES_BLOCK_SIZE);
+    XMEMCPY(m[0xf], m[0x8], WC_AES_BLOCK_SIZE);
+    xorbuf (m[0xf], m[0x7], WC_AES_BLOCK_SIZE);
 
+#ifndef __aarch64__
     for (i = 0; i < 16; i++) {
         word32* m32 = (word32*)gcm->M0[i];
         m32[0] = ByteReverseWord32(m32[0]);
@@ -17064,13 +26810,18 @@ void GenerateM0(Gcm* gcm)
         m32[2] = ByteReverseWord32(m32[2]);
         m32[3] = ByteReverseWord32(m32[3]);
     }
+#elif !defined(BIG_ENDIAN_ORDER)
+    for (i = 0; i < 16; i++) {
+        Shift4_M0(m[16+i], m[i]);
+    }
+#endif
 }
 #endif /* GCM_TABLE */
 
 int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 {
     int  ret;
-    byte iv[AES_BLOCK_SIZE];
+    byte iv[WC_AES_BLOCK_SIZE];
 
     if (aes == NULL) {
         return BAD_FUNC_ARG;
@@ -17080,11 +26831,18 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
         return BAD_FUNC_ARG;
     }
 
-    XMEMSET(iv, 0, AES_BLOCK_SIZE);
+
+    #ifdef WOLF_CRYPTO_CB
+        if (aes->devId != INVALID_DEVID) {
+            XMEMCPY(aes->devKey, key, len);
+        }
+    #endif
+
+    XMEMSET(iv, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
 
     if (ret == 0) {
-        AES_ECB_encrypt(iv, aes->gcm.H, AES_BLOCK_SIZE,
+        AES_ECB_encrypt(iv, aes->gcm.H, WC_AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds);
         #if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
             GenerateM0(&aes->gcm);
@@ -17094,16 +26852,18 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
     return ret;
 }
 
+#ifndef __aarch64__
 static WC_INLINE void IncrementGcmCounter(byte* inOutCtr)
 {
     int i;
 
     /* in network byte order so start at end and work back */
-    for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= WC_AES_BLOCK_SIZE - CTR_SZ; i--) {
         if (++inOutCtr[i])  /* we're done unless we overflow */
             return;
     }
 }
+#endif
 
 static WC_INLINE void FlattenSzInBits(byte* buf, word32 sz)
 {
@@ -17129,30 +26889,30 @@ static WC_INLINE void FlattenSzInBits(byte* buf, word32 sz)
     static void GCM_gmult_len(byte* x, const byte* h,
         const unsigned char* a, unsigned long len)
     {
-        byte Z[AES_BLOCK_SIZE];
-        byte V[AES_BLOCK_SIZE];
+        byte Z[WC_AES_BLOCK_SIZE];
+        byte V[WC_AES_BLOCK_SIZE];
         int i, j;
 
-        while (len >= AES_BLOCK_SIZE) {
-            xorbuf(x, a, AES_BLOCK_SIZE);
+        while (len >= WC_AES_BLOCK_SIZE) {
+            xorbuf(x, a, WC_AES_BLOCK_SIZE);
 
-            XMEMSET(Z, 0, AES_BLOCK_SIZE);
-            XMEMCPY(V, x, AES_BLOCK_SIZE);
-            for (i = 0; i < AES_BLOCK_SIZE; i++) {
+            XMEMSET(Z, 0, WC_AES_BLOCK_SIZE);
+            XMEMCPY(V, x, WC_AES_BLOCK_SIZE);
+            for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
                 byte y = h[i];
                 for (j = 0; j < 8; j++) {
                     if (y & 0x80) {
-                        xorbuf(Z, V, AES_BLOCK_SIZE);
+                        xorbuf(Z, V, WC_AES_BLOCK_SIZE);
                     }
 
                     RIGHTSHIFTX(V);
                     y = y << 1;
                 }
             }
-            XMEMCPY(x, Z, AES_BLOCK_SIZE);
+            XMEMCPY(x, Z, WC_AES_BLOCK_SIZE);
 
-            len -= AES_BLOCK_SIZE;
-            a += AES_BLOCK_SIZE;
+            len -= WC_AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
     }
     #define GCM_GMULT_LEN(aes, x, a, len) GCM_gmult_len(x, aes->gcm.H, a, len)
@@ -17163,50 +26923,50 @@ static WC_INLINE void FlattenSzInBits(byte* buf, word32 sz)
 static void gcm_ghash_arm32(Aes* aes, const byte* a, word32 aSz, const byte* c,
     word32 cSz, byte* s, word32 sSz)
 {
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
 
     if (aes == NULL) {
         return;
     }
 
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
-            GCM_GMULT_LEN(aes, x, a, blocks * AES_BLOCK_SIZE);
-            a += blocks * AES_BLOCK_SIZE;
+            GCM_GMULT_LEN(aes, x, a, blocks * WC_AES_BLOCK_SIZE);
+            a += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, a, partial);
-            GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
         }
     }
 
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
-            GCM_GMULT_LEN(aes, x, c, blocks * AES_BLOCK_SIZE);
-            c += blocks * AES_BLOCK_SIZE;
+            GCM_GMULT_LEN(aes, x, c, blocks * WC_AES_BLOCK_SIZE);
+            c += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, c, partial);
-            GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
         }
     }
 
     /* Hash in the lengths of A and C in bits */
     FlattenSzInBits(&scratch[0], aSz);
     FlattenSzInBits(&scratch[8], cSz);
-    GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
+    GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
 
     /* Copy the result into s. */
     XMEMCPY(s, x, sSz);
@@ -17219,10 +26979,10 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 {
     word32 blocks;
     word32 partial;
-    byte counter[AES_BLOCK_SIZE];
-    byte initialCounter[AES_BLOCK_SIZE];
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte initialCounter[WC_AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
 
     /* sanity checks */
     if (aes == NULL || (iv == NULL && ivSz > 0) || (authTag == NULL) ||
@@ -17231,7 +26991,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return BAD_FUNC_ARG;
     }
 
-    if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ || authTagSz > AES_BLOCK_SIZE) {
+    if (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ || authTagSz > WC_AES_BLOCK_SIZE) {
         WOLFSSL_MSG("GcmEncrypt authTagSz error");
         return BAD_FUNC_ARG;
     }
@@ -17241,69 +27001,84 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return KEYUSAGE_E;
     }
 
-    XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesGcmEncrypt(aes, out, in, sz, iv, ivSz, authTag,
+                                      authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
+    XMEMSET(initialCounter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
-        initialCounter[AES_BLOCK_SIZE - 1] = 1;
+        initialCounter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        gcm_ghash_arm32(aes, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
+        gcm_ghash_arm32(aes, NULL, 0, iv, ivSz, initialCounter,
+                        WC_AES_BLOCK_SIZE);
     }
-    XMEMCPY(counter, initialCounter, AES_BLOCK_SIZE);
+    XMEMCPY(counter, initialCounter, WC_AES_BLOCK_SIZE);
 
     /* Hash in the Additional Authentication Data */
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
     if (authInSz != 0 && authIn != NULL) {
-        blocks = authInSz / AES_BLOCK_SIZE;
-        partial = authInSz % AES_BLOCK_SIZE;
+        blocks = authInSz / WC_AES_BLOCK_SIZE;
+        partial = authInSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
-            GCM_GMULT_LEN(aes, x, authIn, blocks * AES_BLOCK_SIZE);
-            authIn += blocks * AES_BLOCK_SIZE;
+            GCM_GMULT_LEN(aes, x, authIn, blocks * WC_AES_BLOCK_SIZE);
+            authIn += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, authIn, partial);
-            GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
         }
     }
 
     /* do as many blocks as possible */
-    blocks = sz / AES_BLOCK_SIZE;
-    partial = sz % AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
+    partial = sz % WC_AES_BLOCK_SIZE;
     if (blocks > 0) {
-        AES_GCM_encrypt(in, out, blocks * AES_BLOCK_SIZE,
+        AES_GCM_encrypt(in, out, blocks * WC_AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds, counter);
-        GCM_GMULT_LEN(aes, x, out, blocks * AES_BLOCK_SIZE);
-        in += blocks * AES_BLOCK_SIZE;
-        out += blocks * AES_BLOCK_SIZE;
+        GCM_GMULT_LEN(aes, x, out, blocks * WC_AES_BLOCK_SIZE);
+        in += blocks * WC_AES_BLOCK_SIZE;
+        out += blocks * WC_AES_BLOCK_SIZE;
     }
 
     /* take care of partial block sizes leftover */
     if (partial != 0) {
-        AES_GCM_encrypt(in, scratch, AES_BLOCK_SIZE,
+        AES_GCM_encrypt(in, scratch, WC_AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds, counter);
         XMEMCPY(out, scratch, partial);
 
-        XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+        XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
         XMEMCPY(scratch, out, partial);
-        GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
+        GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
     }
 
     /* Hash in the lengths of A and C in bits */
-    XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+    XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
     FlattenSzInBits(&scratch[0], authInSz);
     FlattenSzInBits(&scratch[8], sz);
-    GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
-    if (authTagSz > AES_BLOCK_SIZE) {
-        XMEMCPY(authTag, x, AES_BLOCK_SIZE);
+    GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
+    if (authTagSz > WC_AES_BLOCK_SIZE) {
+        XMEMCPY(authTag, x, WC_AES_BLOCK_SIZE);
     }
     else {
-        /* authTagSz can be smaller than AES_BLOCK_SIZE */
+        /* authTagSz can be smaller than WC_AES_BLOCK_SIZE */
         XMEMCPY(authTag, x, authTagSz);
     }
 
     /* Auth tag calculation. */
-    AES_ECB_encrypt(initialCounter, scratch, AES_BLOCK_SIZE,
+    AES_ECB_encrypt(initialCounter, scratch, WC_AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     xorbuf(authTag, scratch, authTagSz);
 
@@ -17316,71 +27091,86 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 {
     word32 blocks;
     word32 partial;
-    byte counter[AES_BLOCK_SIZE];
-    byte initialCounter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
-    byte x[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte initialCounter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
 
     /* sanity checks */
     if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
-        authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 ||
+        authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || authTagSz == 0 ||
         ivSz == 0) {
         WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
         return BAD_FUNC_ARG;
     }
 
-    XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (aes->devId != INVALID_DEVID)
+    #endif
+    {
+        int crypto_cb_ret =
+            wc_CryptoCb_AesGcmDecrypt(aes, out, in, sz, iv, ivSz,
+                                      authTag, authTagSz, authIn, authInSz);
+        if (crypto_cb_ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return crypto_cb_ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
+    XMEMSET(initialCounter, 0, WC_AES_BLOCK_SIZE);
     if (ivSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(initialCounter, iv, ivSz);
-        initialCounter[AES_BLOCK_SIZE - 1] = 1;
+        initialCounter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
-        gcm_ghash_arm32(aes, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
+        gcm_ghash_arm32(aes, NULL, 0, iv, ivSz, initialCounter,
+                        WC_AES_BLOCK_SIZE);
     }
-    XMEMCPY(counter, initialCounter, AES_BLOCK_SIZE);
+    XMEMCPY(counter, initialCounter, WC_AES_BLOCK_SIZE);
 
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
     /* Hash in the Additional Authentication Data */
     if (authInSz != 0 && authIn != NULL) {
-        blocks = authInSz / AES_BLOCK_SIZE;
-        partial = authInSz % AES_BLOCK_SIZE;
+        blocks = authInSz / WC_AES_BLOCK_SIZE;
+        partial = authInSz % WC_AES_BLOCK_SIZE;
         if (blocks > 0) {
-            GCM_GMULT_LEN(aes, x, authIn, blocks * AES_BLOCK_SIZE);
-            authIn += blocks * AES_BLOCK_SIZE;
+            GCM_GMULT_LEN(aes, x, authIn, blocks * WC_AES_BLOCK_SIZE);
+            authIn += blocks * WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, authIn, partial);
-            GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
+            GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
         }
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
-    partial = sz % AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
+    partial = sz % WC_AES_BLOCK_SIZE;
     /* do as many blocks as possible */
     if (blocks > 0) {
-        GCM_GMULT_LEN(aes, x, in, blocks * AES_BLOCK_SIZE);
+        GCM_GMULT_LEN(aes, x, in, blocks * WC_AES_BLOCK_SIZE);
 
-        AES_GCM_encrypt(in, out, blocks * AES_BLOCK_SIZE,
+        AES_GCM_encrypt(in, out, blocks * WC_AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds, counter);
-        in += blocks * AES_BLOCK_SIZE;
-        out += blocks * AES_BLOCK_SIZE;
+        in += blocks * WC_AES_BLOCK_SIZE;
+        out += blocks * WC_AES_BLOCK_SIZE;
     }
     if (partial != 0) {
-        XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+        XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
         XMEMCPY(scratch, in, partial);
-        GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
+        GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
 
-        AES_GCM_encrypt(in, scratch, AES_BLOCK_SIZE,
+        AES_GCM_encrypt(in, scratch, WC_AES_BLOCK_SIZE,
             (const unsigned char*)aes->key, aes->rounds, counter);
         XMEMCPY(out, scratch, partial);
     }
 
-    XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+    XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
     FlattenSzInBits(&scratch[0], authInSz);
     FlattenSzInBits(&scratch[8], sz);
-    GCM_GMULT_LEN(aes, x, scratch, AES_BLOCK_SIZE);
-    AES_ECB_encrypt(initialCounter, scratch, AES_BLOCK_SIZE,
+    GCM_GMULT_LEN(aes, x, scratch, WC_AES_BLOCK_SIZE);
+    AES_ECB_encrypt(initialCounter, scratch, WC_AES_BLOCK_SIZE,
         (const unsigned char*)aes->key, aes->rounds);
     xorbuf(x, scratch, authTagSz);
     if (authTag != NULL) {
@@ -17392,6 +27182,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     return 0;
 }
 #endif /* HAVE_AESGCM */
+#endif /* !__aarch64__ */
 
 #endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */
 #endif /* !NO_AES && WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/armv8-chacha.c b/wolfcrypt/src/port/arm/armv8-chacha.c
index c7de0a265..019b1ee5e 100644
--- a/wolfcrypt/src/port/arm/armv8-chacha.c
+++ b/wolfcrypt/src/port/arm/armv8-chacha.c
@@ -1,6 +1,6 @@
 /* armv8-chacha.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,22 +19,17 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-/*  The paper NEON crypto by Daniel J. Bernstein and Peter Schwabe was used to optimize for ARM
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
+/*  The paper NEON crypto by Daniel J. Bernstein and Peter Schwabe was used to
+ *  optimize for ARM
  *  https://cryptojedi.org/papers/neoncrypto-20120320.pdf
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)
+#if defined(WOLFSSL_ARMASM)
 #ifdef HAVE_CHACHA
 
 #include <wolfssl/wolfcrypt/chacha.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -73,15 +68,43 @@
   * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
   * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
   */
-int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
+int wc_Chacha_SetIV(ChaCha* ctx, const byte* iv, word32 counter)
 {
+#ifndef __aarch64__
+    int ret = 0;
+#ifdef CHACHA_AEAD_TEST
+    word32 i;
+
+    printf("NONCE : ");
+    if (iv != NULL) {
+        for (i = 0; i < CHACHA_IV_BYTES; i++) {
+            printf("%02x", iv[i]);
+        }
+    }
+    printf("\n\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (iv == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* No unused bytes to XOR into input. */
+        ctx->left = 0;
+
+        /* Set counter and IV into state. */
+        wc_chacha_setiv(ctx->X, iv, counter);
+    }
+
+    return ret;
+#else
     word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */
 
 #ifdef CHACHA_AEAD_TEST
     word32 i;
     printf("NONCE : ");
     for (i = 0; i < CHACHA_IV_BYTES; i++) {
-        printf("%02x", inIv[i]);
+        printf("%02x", iv[i]);
     }
     printf("\n\n");
 #endif
@@ -89,27 +112,63 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
     if (ctx == NULL)
         return BAD_FUNC_ARG;
 
-    XMEMCPY(temp, inIv, CHACHA_IV_BYTES);
+    XMEMCPY(temp, iv, CHACHA_IV_BYTES);
 
     ctx->left = 0;
     ctx->X[CHACHA_IV_BYTES+0] = counter;           /* block counter */
-    ctx->X[CHACHA_IV_BYTES+1] = LITTLE32(temp[0]); /* fixed variable from nonce */
+    ctx->X[CHACHA_IV_BYTES+1] = LITTLE32(temp[0]); /* fixed var from nonce */
     ctx->X[CHACHA_IV_BYTES+2] = LITTLE32(temp[1]); /* counter from nonce */
     ctx->X[CHACHA_IV_BYTES+3] = LITTLE32(temp[2]); /* counter from nonce */
 
     return 0;
+#endif
 }
 
+#ifdef __aarch64__
 /* "expand 32-byte k" as unsigned 32 byte */
 static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574};
 /* "expand 16-byte k" as unsigned 16 byte */
 static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574};
+#endif
 
 /**
   * Key setup. 8 word iv (nonce)
   */
 int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
 {
+#ifndef __aarch64__
+    int ret = 0;
+
+#ifdef CHACHA_AEAD_TEST
+    printf("ChaCha key used :\n");
+    if (key != NULL) {
+        word32 i;
+        for (i = 0; i < keySz; i++) {
+            printf("%02x", key[i]);
+            if ((i % 8) == 7)
+               printf("\n");
+        }
+    }
+    printf("\n\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else if ((keySz != (CHACHA_MAX_KEY_SZ / 2)) &&
+             (keySz !=  CHACHA_MAX_KEY_SZ     )) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ctx->left = 0;
+
+        wc_chacha_setkey(ctx->X, key, keySz);
+    }
+
+    return ret;
+#else
     const word32* constants;
     const byte*   k;
 
@@ -169,8 +228,10 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
     ctx->left = 0;
 
     return 0;
+#endif
 }
 
+#ifndef WOLFSSL_ARMASM_NO_NEON
 static const word32 L_chacha20_neon_inc_first_word[] = {
     0x1,
     0x0,
@@ -180,7 +241,7 @@ static const word32 L_chacha20_neon_inc_first_word[] = {
 
 #ifdef __aarch64__
 
-static const word32 L_chacha20_neon_add_all_counters[] = {
+static const word32 L_chacha20_neon_add_all_cntrs[] = {
     0x0,
     0x1,
     0x2,
@@ -194,7 +255,8 @@ static const word32 L_chacha20_neon_rol8[] = {
     0xe0d0c0f,
 };
 
-static WC_INLINE void wc_Chacha_encrypt_320(const word32* input, const byte* m, byte* c, word32 bytes)
+static WC_INLINE void wc_Chacha_encrypt_320(const word32* input, const byte* m,
+    byte* c, word32 bytes)
 {
 #ifdef CHACHA_TEST
     printf("Entering wc_Chacha_encrypt_320 with %d bytes\n", bytes);
@@ -204,22 +266,26 @@ static WC_INLINE void wc_Chacha_encrypt_320(const word32* input, const byte* m,
         /*
          * The layout of used registers is:
          * ARM
-         * w4-w19: these registers hold the fifth Chacha block for calculation in regular ARM
+         * w4-w19: these registers hold the fifth Chacha block for calculation
+         * in regular ARM
          * w20: loop counter for how many even-odd rounds need to be executed
          * w21: the counter offset for the block in ARM registers
-         * NEON
-         * v0-v15: the vi'th register holds the i'th word of four blocks during the quarter rounds.
-         *         these registers are later transposed make ADDing the input and XORing the message easier.
-         * v16-v19: these are helper registers that are used as temporary location to store data
+         *      NEON
+         * v0-v15: the vi'th register holds the i'th word of four blocks during
+         *         the quarter rounds. these registers are later transposed make
+         *         ADDing the input and XORing the message easier.
+         * v16-v19: these are helper registers that are used as temporary
+         *          location to store data
          * v20-v23: load the next message block
          * v24-v27: the 64 byte initial Chacha block
          * v28: vector to increment the counter words of each block
-         * v29: vector of 5's to increment counters between L_chacha20_arm64_outer_%= loops
+         * v29: vector of 5's to increment counters between
+         *      L_chacha20_arm64_outer_%= loops
          * v30: table lookup indices to rotate values by 8
          */
 
         /* Load counter-add values for each block */
-        "LD1    {v28.4s}, [%[L_chacha20_neon_add_all_counters]] \n\t"
+        "LD1    {v28.4s}, [%[L_chacha20_neon_add_all_cntrs]] \n\t"
         /* Load index look-up for rotating left 8 bits */
         "LD1    {v30.16b}, [%[L_chacha20_neon_rol8]] \n\t"
         /* For adding 5 to each counter-add for next 320-byte chunk */
@@ -603,7 +669,7 @@ static WC_INLINE void wc_Chacha_encrypt_320(const word32* input, const byte* m,
         "BNE    L_chacha20_arm64_outer_%= \n\t"
         : [input] "+r" (input), [m] "+r" (m), [c] "+r" (c),
           [bytes] "+r" (bytes64)
-        : [L_chacha20_neon_add_all_counters] "r" (L_chacha20_neon_add_all_counters),
+        : [L_chacha20_neon_add_all_cntrs] "r" (L_chacha20_neon_add_all_cntrs),
           [L_chacha20_neon_rol8] "r" (L_chacha20_neon_rol8)
         : "memory", "cc",
           "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12",
@@ -618,7 +684,8 @@ static WC_INLINE void wc_Chacha_encrypt_320(const word32* input, const byte* m,
 /**
   * Converts word into bytes with rotations having been done.
   */
-static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS], const byte* m, byte* c)
+static WC_INLINE int wc_Chacha_encrypt_256(
+    const word32 input[CHACHA_CHUNK_WORDS], const byte* m, byte* c)
 {
 #ifdef CHACHA_TEST
     printf("Entering wc_Chacha_encrypt_256\n");
@@ -969,7 +1036,8 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
     );
 #else
     __asm__ __volatile__ (
-        // The paper NEON crypto by Daniel J. Bernstein and Peter Schwabe was used to optimize for ARM
+        // The paper NEON crypto by Daniel J. Bernstein and Peter Schwabe was
+        // used to optimize for ARM
         // https://cryptojedi.org/papers/neoncrypto-20120320.pdf
 
         ".align 2 \n\t"
@@ -1021,7 +1089,8 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
         "VMOV d14, r10, r11 \n\t"
         "ADD r10, r10, #1 \n\t"
         "VMOV d22, r10, r11 \n\t"
-        "ADD r10, r10, #1 \n\t" // ARM calculates the fourth block (two was already added earlier)
+        "ADD r10, r10, #1 \n\t" // ARM calculates the fourth block (two was
+                                // already added earlier)
         "\n"
     "L_chacha20_arm32_256_loop_%=: \n\t"
         "SUBS r14, r14, #1 \n\t"
@@ -1043,7 +1112,8 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
         "ROR r11, r11, #16 \n\t" // 13 13
         "VEOR q14, q11, q8 \n\t"
         "ADD r8, r8, r10 \n\t" // 8 8 12
-        // rotation by 16 bits may be done by reversing the 16 bit elements in 32 bit words
+        // rotation by 16 bits may be done by reversing the 16 bit elements in
+        // 32 bit words
         "VREV32.16 q3, q12 \n\t"
         "ADD r9, r9, r11 \n\t" //  9 9 13
         "VREV32.16 q7, q13 \n\t"
@@ -1063,7 +1133,8 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
         "EOR r10, r10, r0 \n\t" // 12 12 0
         "VEOR q14, q9, q10 \n\t"
         "EOR r11, r11, r1 \n\t" // 13 13 1
-        // SIMD instructions don't support rotation so we have to cheat using shifts and a help register
+        // SIMD instructions don't support rotation so we have to cheat using
+        // shifts and a help register
         "VSHL.I32 q1, q12, #12 \n\t"
         "ROR r10, r10, #24 \n\t" // 12 12
         "VSHL.I32 q5, q13, #12 \n\t"
@@ -1089,7 +1160,8 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
         "STR r9, [sp, #4*9] \n\t"
         "VEOR q14, q11, q8 \n\t"
         "LDR r9, [sp, #4*11] \n\t"
-        // SIMD instructions don't support rotation so we have to cheat using shifts and a help register
+        // SIMD instructions don't support rotation so we have to cheat using
+        // shifts and a help register
         "VSHL.I32 q3, q12, #8 \n\t"
         "ROR r4, r4, #25 \n\t" // 4 4
         "VSHL.I32 q7, q13, #8 \n\t"
@@ -1122,7 +1194,8 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
         "EOR r6, r6, r8 \n\t" // 6 6 10
         "VEOR q14, q9, q10 \n\t"
         "EOR r7, r7, r9 \n\t" // 7 7 11
-        // SIMD instructions don't support rotation so we have to cheat using shifts and a help register
+        // SIMD instructions don't support rotation so we have to cheat using
+        // shifts and a help register
         "VSHL.I32 q1, q12, #7 \n\t"
         "ROR r6, r6, #20 \n\t" // 6 6
         "VSHL.I32 q5, q13, #7 \n\t"
@@ -1174,7 +1247,8 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
         "ROR r10, r10, #16 \n\t" // 12 12
         "VEOR q14, q11, q8 \n\t"
         "ADD r8, r8, r11 \n\t" // 10 10 15
-        // rotation by 16 bits may be done by reversing the 16 bit elements in 32 bit words
+        // rotation by 16 bits may be done by reversing the 16 bit elements in
+        // 32 bit words
         "VREV32.16 q3, q12 \n\t"
         "ADD r9, r9, r10 \n\t" // 11 11 12
         "VREV32.16 q7, q13 \n\t"
@@ -1194,7 +1268,8 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
         "EOR r11, r11, r0 \n\t" // 15 15 0
         "VEOR q14, q9, q10 \n\t"
         "EOR r10, r10, r1 \n\t" // 12 12 1
-        // SIMD instructions don't support rotation so we have to cheat using shifts and a help register
+        // SIMD instructions don't support rotation so we have to cheat using
+        // shifts and a help register
         "VSHL.I32 q1, q12, #12 \n\t"
         "ROR r11, r11, #24 \n\t" // 15 15
         "VSHL.I32 q5, q13, #12 \n\t"
@@ -1220,7 +1295,8 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
         "STR r9, [sp, #4*11] \n\t"
         "VEOR q14, q11, q8 \n\t"
         "LDR r9, [sp, #4*9] \n\t"
-        // SIMD instructions don't support rotation so we have to cheat using shifts and a help register
+        // SIMD instructions don't support rotation so we have to cheat using
+        // shifts and a help register
         "VSHL.I32 q3, q12, #8 \n\t"
         "ROR r5, r5, #25 \n\t" // 5 5
         "VSHL.I32 q7, q13, #8 \n\t"
@@ -1253,7 +1329,8 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
         "EOR r7, r7, r8 \n\t" // 7 7 8
         "VEOR q14, q9, q10 \n\t"
         "EOR r4, r4, r9 \n\t" // 4 4 9
-        // SIMD instructions don't support rotation so we have to cheat using shifts and a help register
+        // SIMD instructions don't support rotation so we have to cheat using
+        // shifts and a help register
         "VSHL.I32 q1, q12, #7 \n\t"
         "ROR r7, r7, #20 \n\t" // 7 7
         "VSHL.I32 q5, q13, #7 \n\t"
@@ -1395,7 +1472,8 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
 }
 
 
-static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS], const byte* m, byte* c)
+static WC_INLINE int wc_Chacha_encrypt_128(
+    const word32 input[CHACHA_CHUNK_WORDS], const byte* m, byte* c)
 {
 #ifdef CHACHA_TEST
     printf("Entering wc_Chacha_encrypt_128\n");
@@ -1560,7 +1638,8 @@ static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS
         "VADD.I32 q4, q4, q5 \n\t"
         "VEOR q8, q3, q0 \n\t"
         "VEOR q9, q7, q4 \n\t"
-        // rotation by 16 bits may be done by reversing the 16 bit elements in 32 bit words
+        // rotation by 16 bits may be done by reversing the 16 bit elements in
+        // 32 bit words
         "VREV32.16 q3, q8 \n\t"
         "VREV32.16 q7, q9 \n\t"
 
@@ -1568,7 +1647,8 @@ static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS
         "VADD.I32 q6, q6, q7 \n\t"
         "VEOR q8, q1, q2 \n\t"
         "VEOR q9, q5, q6 \n\t"
-        // SIMD instructions don't support rotation so we have to cheat using shifts and a help register
+        // SIMD instructions don't support rotation so we have to cheat using
+        // shifts and a help register
         "VSHL.I32 q1, q8, #12 \n\t"
         "VSHL.I32 q5, q9, #12 \n\t"
         "VSRI.I32 q1, q8, #20 \n\t"
@@ -1578,7 +1658,8 @@ static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS
         "VADD.I32 q4, q4, q5 \n\t"
         "VEOR q8, q3, q0 \n\t"
         "VEOR q9, q7, q4 \n\t"
-        // SIMD instructions don't support rotation so we have to cheat using shifts and a help register
+        // SIMD instructions don't support rotation so we have to cheat using
+        // shifts and a help register
         "VSHL.I32 q3, q8, #8 \n\t"
         "VSHL.I32 q7, q9, #8 \n\t"
         "VSRI.I32 q3, q8, #24 \n\t"
@@ -1588,7 +1669,8 @@ static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS
         "VADD.I32 q6, q6, q7 \n\t"
         "VEOR q8, q1, q2 \n\t"
         "VEOR q9, q5, q6 \n\t"
-        // SIMD instructions don't support rotation so we have to cheat using shifts and a help register
+        // SIMD instructions don't support rotation so we have to cheat using
+        // shifts and a help register
         "VSHL.I32 q1, q8, #7 \n\t"
         "VSHL.I32 q5, q9, #7 \n\t"
         "VSRI.I32 q1, q8, #25 \n\t"
@@ -1608,7 +1690,8 @@ static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS
         "VADD.I32 q4, q4, q5 \n\t"
         "VEOR q8, q3, q0 \n\t"
         "VEOR q9, q7, q4 \n\t"
-        // rotation by 16 bits may be done by reversing the 16 bit elements in 32 bit words
+        // rotation by 16 bits may be done by reversing the 16 bit elements in
+        // 32 bit words
         "VREV32.16 q3, q8 \n\t"
         "VREV32.16 q7, q9 \n\t"
 
@@ -1616,7 +1699,8 @@ static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS
         "VADD.I32 q6, q6, q7 \n\t"
         "VEOR q8, q1, q2 \n\t"
         "VEOR q9, q5, q6 \n\t"
-        // SIMD instructions don't support rotation so we have to cheat using shifts and a help register
+        // SIMD instructions don't support rotation so we have to cheat using
+        // shifts and a help register
         "VSHL.I32 q1, q8, #12 \n\t"
         "VSHL.I32 q5, q9, #12 \n\t"
         "VSRI.I32 q1, q8, #20 \n\t"
@@ -1626,7 +1710,8 @@ static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS
         "VADD.I32 q4, q4, q5 \n\t"
         "VEOR q8, q3, q0 \n\t"
         "VEOR q9, q7, q4 \n\t"
-        // SIMD instructions don't support rotation so we have to cheat using shifts and a help register
+        // SIMD instructions don't support rotation so we have to cheat using
+        // shifts and a help register
         "VSHL.I32 q3, q8, #8 \n\t"
         "VSHL.I32 q7, q9, #8 \n\t"
         "VSRI.I32 q3, q8, #24 \n\t"
@@ -1636,7 +1721,8 @@ static WC_INLINE int wc_Chacha_encrypt_128(const word32 input[CHACHA_CHUNK_WORDS
         "VADD.I32 q6, q6, q7 \n\t"
         "VEOR q8, q1, q2 \n\t"
         "VEOR q9, q5, q6 \n\t"
-        // SIMD instructions don't support rotation so we have to cheat using shifts and a help register
+        // SIMD instructions don't support rotation so we have to cheat using
+        // shifts and a help register
         "VSHL.I32 q1, q8, #7 \n\t"
         "VSHL.I32 q5, q9, #7 \n\t"
         "VSRI.I32 q1, q8, #25 \n\t"
@@ -2222,7 +2308,8 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
         "BGT	L_chacha20_arm64_64_loop_lt_8_%= \n\t"
         "\n"
     "L_chacha20_arm64_64_done_%=: \n\t"
-        : [input] "+r" (input), [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes64)
+        : [input] "+r" (input), [m] "+r" (m), [c] "+r" (c),
+          [bytes] "+r" (bytes64)
         : [L_chacha20_neon_rol8] "r" (L_chacha20_neon_rol8),
           [L_chacha20_neon_inc_first_word] "r" (L_chacha20_neon_inc_first_word),
           [over] "r" (over)
@@ -2809,13 +2896,13 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
         : [L_chacha20_neon_inc_first_word] "r" (L_chacha20_neon_inc_first_word),
           [over] "r" (over)
         : "memory", "cc",
-          "q0", "q1", "q2", "q3", "q4", "q5", "q6", "q7", "q8", "q9", "q10", "q11", "q14", "r12", "r14"
+          "q0", "q1", "q2", "q3", "q4", "q5", "q6", "q7", "q8", "q9", "q10",
+          "q11", "q14", "r12", "r14"
     );
 #endif /* __aarch64__ */
 }
 
 
-
 /**
   * Encrypt a stream of bytes
   */
@@ -2832,7 +2919,8 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
         bytes -= processed;
         c += processed;
         m += processed;
-        ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES], processed / CHACHA_CHUNK_BYTES);
+        ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES],
+                                       processed / CHACHA_CHUNK_BYTES);
     }
     if (bytes >= CHACHA_CHUNK_BYTES * 4) {
 #else
@@ -2843,7 +2931,8 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
         bytes -= processed;
         c += processed;
         m += processed;
-        ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES], processed / CHACHA_CHUNK_BYTES);
+        ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES],
+                                       processed / CHACHA_CHUNK_BYTES);
     }
     if (bytes >= CHACHA_CHUNK_BYTES * 2) {
         processed = wc_Chacha_encrypt_128(ctx->X, m, c);
@@ -2851,7 +2940,8 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
         bytes -= processed;
         c += processed;
         m += processed;
-        ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES], processed / CHACHA_CHUNK_BYTES);
+        ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES],
+                                       processed / CHACHA_CHUNK_BYTES);
     }
     if (bytes > 0) {
         wc_Chacha_encrypt_64(ctx->X, m, c, bytes, (byte*)ctx->over);
@@ -2862,40 +2952,68 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
         ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]);
     }
 }
+#endif
 
 /**
   * API to encrypt/decrypt a message of any size.
   */
 int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
-                      word32 msglen)
+    word32 len)
 {
+#ifdef WOLFSSL_ARMASM_NO_NEON
+    int ret = 0;
+
+    if ((ctx == NULL) || (output == NULL) || (input == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Handle left over bytes from last block. */
+    if ((ret == 0) && (len > 0) && (ctx->left > 0)) {
+        byte* over = ((byte*)ctx->over) + CHACHA_CHUNK_BYTES - ctx->left;
+        word32 l = min(len, ctx->left);
+
+        wc_chacha_use_over(over, output, input, l);
+
+        ctx->left -= l;
+        input += l;
+        output += l;
+        len -= l;
+    }
+
+    if ((ret == 0) && (len != 0)) {
+        wc_chacha_crypt_bytes(ctx, output, input, len);
+    }
+
+    return ret;
+#else
     if (ctx == NULL || output == NULL || input == NULL)
         return BAD_FUNC_ARG;
 
     /* handle left overs */
-    if (msglen > 0 && ctx->left > 0) {
+    if (len > 0 && ctx->left > 0) {
         byte*  out;
         word32 i;
 
         out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left;
-        for (i = 0; i < msglen && i < ctx->left; i++) {
+        for (i = 0; i < len && i < ctx->left; i++) {
             output[i] = (byte)(input[i] ^ out[i]);
         }
         ctx->left -= i;
 
-        msglen -= i;
+        len -= i;
         output += i;
         input += i;
     }
 
-    if (msglen == 0) {
+    if (len == 0) {
         return 0;
     }
 
-    wc_Chacha_encrypt_bytes(ctx, input, output, msglen);
+    wc_Chacha_encrypt_bytes(ctx, input, output, len);
 
     return 0;
+#endif
 }
 
 #endif /* HAVE_CHACHA */
-#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */
+#endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/armv8-curve25519.S b/wolfcrypt/src/port/arm/armv8-curve25519.S
index cf20f6080..300bed345 100644
--- a/wolfcrypt/src/port/arm/armv8-curve25519.S
+++ b/wolfcrypt/src/port/arm/armv8-curve25519.S
@@ -1,6 +1,6 @@
 /* armv8-curve25519
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,14 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./x25519/x25519.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S
+ *   ruby ./x25519/x25519.rb arm64 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S
  */
 #ifdef WOLFSSL_ARMASM
 #ifdef __aarch64__
@@ -337,8 +335,7 @@ _fe_cmov_table:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-128]!
 	add	x29, sp, #0
-	str	x17, [x29, #40]
-	str	x19, [x29, #48]
+	stp	x17, x19, [x29, #40]
 	stp	x20, x21, [x29, #56]
 	stp	x22, x23, [x29, #72]
 	stp	x24, x25, [x29, #88]
@@ -546,8 +543,7 @@ _fe_cmov_table:
 	stp	x10, x11, [x0, #48]
 	stp	x12, x13, [x0, #64]
 	stp	x14, x15, [x0, #80]
-	ldr	x17, [x29, #40]
-	ldr	x19, [x29, #48]
+	ldp	x17, x19, [x29, #40]
 	ldp	x20, x21, [x29, #56]
 	ldp	x22, x23, [x29, #72]
 	ldp	x24, x25, [x29, #88]
@@ -573,8 +569,7 @@ _fe_mul:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-64]!
 	add	x29, sp, #0
-	str	x17, [x29, #24]
-	str	x19, [x29, #32]
+	stp	x17, x19, [x29, #24]
 	stp	x20, x21, [x29, #40]
 	str	x22, [x29, #56]
 	# Multiply
@@ -703,8 +698,7 @@ _fe_mul:
 	# Store
 	stp	x6, x7, [x0]
 	stp	x8, x9, [x0, #16]
-	ldr	x17, [x29, #24]
-	ldr	x19, [x29, #32]
+	ldp	x17, x19, [x29, #24]
 	ldp	x20, x21, [x29, #40]
 	ldr	x22, [x29, #56]
 	ldp	x29, x30, [sp], #0x40
@@ -835,8 +829,7 @@ _fe_invert:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-176]!
 	add	x29, sp, #0
-	str	x17, [x29, #160]
-	str	x20, [x29, #168]
+	stp	x17, x20, [x29, #160]
 	# Invert
 	str	x0, [x29, #144]
 	str	x1, [x29, #152]
@@ -1694,8 +1687,7 @@ L_fe_invert8:
 #else
 	bl	_fe_mul
 #endif /* __APPLE__ */
-	ldr	x17, [x29, #160]
-	ldr	x20, [x29, #168]
+	ldp	x17, x20, [x29, #160]
 	ldp	x29, x30, [sp], #0xb0
 	ret
 #ifndef __APPLE__
@@ -1715,8 +1707,7 @@ _curve25519:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-288]!
 	add	x29, sp, #0
-	str	x17, [x29, #200]
-	str	x19, [x29, #208]
+	stp	x17, x19, [x29, #200]
 	stp	x20, x21, [x29, #216]
 	stp	x22, x23, [x29, #232]
 	stp	x24, x25, [x29, #248]
@@ -3801,8 +3792,7 @@ L_curve25519_inv_8:
 	stp	x14, x15, [x0]
 	stp	x16, x17, [x0, #16]
 	mov	x0, xzr
-	ldr	x17, [x29, #200]
-	ldr	x19, [x29, #208]
+	ldp	x17, x19, [x29, #200]
 	ldp	x20, x21, [x29, #216]
 	ldp	x22, x23, [x29, #232]
 	ldp	x24, x25, [x29, #248]
@@ -3828,8 +3818,7 @@ _fe_pow22523:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #128]
-	str	x23, [x29, #136]
+	stp	x17, x23, [x29, #128]
 	# pow22523
 	str	x0, [x29, #112]
 	str	x1, [x29, #120]
@@ -4619,8 +4608,7 @@ L_fe_pow22523_7:
 #else
 	bl	_fe_mul
 #endif /* __APPLE__ */
-	ldr	x17, [x29, #128]
-	ldr	x23, [x29, #136]
+	ldp	x17, x23, [x29, #128]
 	ldp	x29, x30, [sp], #0x90
 	ret
 #ifndef __APPLE__
@@ -4640,8 +4628,7 @@ _ge_p1p1_to_p2:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-80]!
 	add	x29, sp, #0
-	str	x17, [x29, #40]
-	str	x19, [x29, #48]
+	stp	x17, x19, [x29, #40]
 	stp	x20, x21, [x29, #56]
 	str	x22, [x29, #72]
 	str	x0, [x29, #16]
@@ -5002,8 +4989,7 @@ _ge_p1p1_to_p2:
 	# Store
 	stp	x14, x15, [x0]
 	stp	x16, x17, [x0, #16]
-	ldr	x17, [x29, #40]
-	ldr	x19, [x29, #48]
+	ldp	x17, x19, [x29, #40]
 	ldp	x20, x21, [x29, #56]
 	ldr	x22, [x29, #72]
 	ldp	x29, x30, [sp], #0x50
@@ -5025,8 +5011,7 @@ _ge_p1p1_to_p3:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-112]!
 	add	x29, sp, #0
-	str	x17, [x29, #40]
-	str	x19, [x29, #48]
+	stp	x17, x19, [x29, #40]
 	stp	x20, x21, [x29, #56]
 	stp	x22, x23, [x29, #72]
 	stp	x24, x25, [x29, #88]
@@ -5505,8 +5490,7 @@ _ge_p1p1_to_p3:
 	# Store
 	stp	x14, x15, [x0]
 	stp	x16, x17, [x0, #16]
-	ldr	x17, [x29, #40]
-	ldr	x19, [x29, #48]
+	ldp	x17, x19, [x29, #40]
 	ldp	x20, x21, [x29, #56]
 	ldp	x22, x23, [x29, #72]
 	ldp	x24, x25, [x29, #88]
@@ -5530,8 +5514,7 @@ _ge_p2_dbl:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-128]!
 	add	x29, sp, #0
-	str	x17, [x29, #40]
-	str	x19, [x29, #48]
+	stp	x17, x19, [x29, #40]
 	stp	x20, x21, [x29, #56]
 	stp	x22, x23, [x29, #72]
 	stp	x24, x25, [x29, #88]
@@ -5986,8 +5969,7 @@ _ge_p2_dbl:
 	sbc	x7, x7, xzr
 	stp	x4, x5, [x0]
 	stp	x6, x7, [x0, #16]
-	ldr	x17, [x29, #40]
-	ldr	x19, [x29, #48]
+	ldp	x17, x19, [x29, #40]
 	ldp	x20, x21, [x29, #56]
 	ldp	x22, x23, [x29, #72]
 	ldp	x24, x25, [x29, #88]
@@ -6012,8 +5994,7 @@ _ge_madd:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #56]
-	str	x19, [x29, #64]
+	stp	x17, x19, [x29, #56]
 	stp	x20, x21, [x29, #72]
 	stp	x22, x23, [x29, #88]
 	stp	x24, x25, [x29, #104]
@@ -6503,8 +6484,7 @@ _ge_madd:
 	stp	x10, x11, [x0, #16]
 	stp	x4, x5, [x1]
 	stp	x6, x7, [x1, #16]
-	ldr	x17, [x29, #56]
-	ldr	x19, [x29, #64]
+	ldp	x17, x19, [x29, #56]
 	ldp	x20, x21, [x29, #72]
 	ldp	x22, x23, [x29, #88]
 	ldp	x24, x25, [x29, #104]
@@ -6529,8 +6509,7 @@ _ge_msub:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #56]
-	str	x19, [x29, #64]
+	stp	x17, x19, [x29, #56]
 	stp	x20, x21, [x29, #72]
 	stp	x22, x23, [x29, #88]
 	stp	x24, x25, [x29, #104]
@@ -7020,8 +6999,7 @@ _ge_msub:
 	stp	x10, x11, [x0, #16]
 	stp	x4, x5, [x1]
 	stp	x6, x7, [x1, #16]
-	ldr	x17, [x29, #56]
-	ldr	x19, [x29, #64]
+	ldp	x17, x19, [x29, #56]
 	ldp	x20, x21, [x29, #72]
 	ldp	x22, x23, [x29, #88]
 	ldp	x24, x25, [x29, #104]
@@ -7046,8 +7024,7 @@ _ge_add:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #56]
-	str	x19, [x29, #64]
+	stp	x17, x19, [x29, #56]
 	stp	x20, x21, [x29, #72]
 	stp	x22, x23, [x29, #88]
 	stp	x24, x25, [x29, #104]
@@ -7663,8 +7640,7 @@ _ge_add:
 	stp	x23, x24, [x0, #16]
 	stp	x12, x13, [x1]
 	stp	x14, x15, [x1, #16]
-	ldr	x17, [x29, #56]
-	ldr	x19, [x29, #64]
+	ldp	x17, x19, [x29, #56]
 	ldp	x20, x21, [x29, #72]
 	ldp	x22, x23, [x29, #88]
 	ldp	x24, x25, [x29, #104]
@@ -7689,8 +7665,7 @@ _ge_sub:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-144]!
 	add	x29, sp, #0
-	str	x17, [x29, #56]
-	str	x19, [x29, #64]
+	stp	x17, x19, [x29, #56]
 	stp	x20, x21, [x29, #72]
 	stp	x22, x23, [x29, #88]
 	stp	x24, x25, [x29, #104]
@@ -8321,8 +8296,7 @@ _ge_sub:
 	stp	x14, x15, [x0, #16]
 	stp	x21, x22, [x1]
 	stp	x23, x24, [x1, #16]
-	ldr	x17, [x29, #56]
-	ldr	x19, [x29, #64]
+	ldp	x17, x19, [x29, #56]
 	ldp	x20, x21, [x29, #72]
 	ldp	x22, x23, [x29, #88]
 	ldp	x24, x25, [x29, #104]
@@ -8347,8 +8321,7 @@ _sc_reduce:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-64]!
 	add	x29, sp, #0
-	str	x17, [x29, #16]
-	str	x19, [x29, #24]
+	stp	x17, x19, [x29, #16]
 	stp	x20, x21, [x29, #32]
 	stp	x22, x23, [x29, #48]
 	ldp	x2, x3, [x0]
@@ -8525,8 +8498,7 @@ _sc_reduce:
 	# Store result
 	stp	x2, x3, [x0]
 	stp	x4, x5, [x0, #16]
-	ldr	x17, [x29, #16]
-	ldr	x19, [x29, #24]
+	ldp	x17, x19, [x29, #16]
 	ldp	x20, x21, [x29, #32]
 	ldp	x22, x23, [x29, #48]
 	ldp	x29, x30, [sp], #0x40
@@ -8548,8 +8520,7 @@ _sc_muladd:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-96]!
 	add	x29, sp, #0
-	str	x17, [x29, #24]
-	str	x19, [x29, #32]
+	stp	x17, x19, [x29, #24]
 	stp	x20, x21, [x29, #40]
 	stp	x22, x23, [x29, #56]
 	stp	x24, x25, [x29, #72]
@@ -8824,8 +8795,7 @@ _sc_muladd:
 	# Store result
 	stp	x4, x5, [x0]
 	stp	x6, x7, [x0, #16]
-	ldr	x17, [x29, #24]
-	ldr	x19, [x29, #32]
+	ldp	x17, x19, [x29, #24]
 	ldp	x20, x21, [x29, #40]
 	ldp	x22, x23, [x29, #56]
 	ldp	x24, x25, [x29, #72]
diff --git a/wolfcrypt/src/port/arm/armv8-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-curve25519_c.c
index 6af75a632..d3d119fed 100644
--- a/wolfcrypt/src/port/arm/armv8-curve25519_c.c
+++ b/wolfcrypt/src/port/arm/armv8-curve25519_c.c
@@ -1,6 +1,6 @@
 /* armv8-curve25519
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,15 +19,13 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./x25519/x25519.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.c
+ *   ruby ./x25519/x25519.rb arm64 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.c
  */
 #ifdef WOLFSSL_ARMASM
 #ifdef __aarch64__
@@ -61,7 +59,7 @@ void fe_frombytes(fe out, const unsigned char* in)
         "stp	x4, x5, [%x[out], #16]\n\t"
         : [out] "+r" (out), [in] "+r" (in)
         :
-        : "memory", "x2", "x3", "x4", "x5", "x6", "cc"
+        : "memory", "cc", "x2", "x3", "x4", "x5", "x6"
     );
 }
 
@@ -85,7 +83,7 @@ void fe_tobytes(unsigned char* out, const fe n)
         "stp	x4, x5, [%x[out], #16]\n\t"
         : [out] "+r" (out), [n] "+r" (n)
         :
-        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "cc"
+        : "memory", "cc", "x2", "x3", "x4", "x5", "x6", "x7"
     );
 }
 
@@ -98,7 +96,7 @@ void fe_1(fe n)
         "stp	xzr, xzr, [%x[n], #16]\n\t"
         : [n] "+r" (n)
         :
-        : "memory", "x1", "cc"
+        : "memory", "cc", "x1"
     );
 }
 
@@ -124,7 +122,7 @@ void fe_copy(fe r, const fe a)
         "stp	x4, x5, [%x[r], #16]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "x2", "x3", "x4", "x5", "cc"
+        : "memory", "cc", "x2", "x3", "x4", "x5"
     );
 }
 
@@ -155,7 +153,8 @@ void fe_sub(fe r, const fe a, const fe b)
         "stp	x5, x6, [%x[r], #16]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "cc"
+        : "memory", "cc", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13"
     );
 }
 
@@ -186,7 +185,8 @@ void fe_add(fe r, const fe a, const fe b)
         "stp	x5, x6, [%x[r], #16]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "cc"
+        : "memory", "cc", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13"
     );
 }
 
@@ -207,7 +207,7 @@ void fe_neg(fe r, const fe a)
         "stp	x8, x9, [%x[r], #16]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "cc"
+        : "memory", "cc", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9"
     );
 }
 
@@ -232,9 +232,9 @@ int fe_isnonzero(const fe a)
         "orr	%x[a], %x[a], x3\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "cc"
+        : "memory", "cc", "x1", "x2", "x3", "x4", "x5", "x6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 int fe_isnegative(const fe a)
@@ -251,9 +251,9 @@ int fe_isnegative(const fe a)
         "eor	%x[a], %x[a], x5, lsr 63\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "cc"
+        : "memory", "cc", "x1", "x2", "x3", "x4", "x5", "x6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 void fe_cmov_table(fe* r, fe* base, signed char b)
@@ -466,7 +466,9 @@ void fe_cmov_table(fe* r, fe* base, signed char b)
         "ldp	x29, x30, [sp], #32\n\t"
         : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b)
         :
-        : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc"
+        : "memory", "cc", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28"
     );
 }
 
@@ -602,7 +604,9 @@ void fe_mul(fe r, const fe a, const fe b)
         "stp	x8, x9, [%x[r], #16]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "cc"
+        : "memory", "cc", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22"
     );
 }
 
@@ -704,7 +708,8 @@ void fe_sq(fe r, const fe a)
         "stp	x7, x8, [%x[r], #16]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "cc"
+        : "memory", "cc", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16"
     );
 }
 
@@ -1581,7 +1586,8 @@ void fe_invert(fe r, const fe a)
         "ldp	x29, x30, [sp], #0xa0\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "x2", "x20", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "cc"
+        : "memory", "cc", "x2", "x20", "x3", "x4", "x5", "x6", "x7", "x8", "x9",
+            "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17"
     );
 }
 
@@ -3681,9 +3687,11 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "ldp	x29, x30, [sp], #0xc0\n\t"
         : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a)
         :
-        : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc"
+        : "memory", "cc", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #ifdef HAVE_ED25519
@@ -4491,7 +4499,8 @@ void fe_pow22523(fe r, const fe a)
         "ldp	x29, x30, [sp], #0x80\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "x2", "x23", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "cc"
+        : "memory", "cc", "x2", "x23", "x3", "x4", "x5", "x6", "x7", "x8", "x9",
+            "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17"
     );
 }
 
@@ -4861,7 +4870,9 @@ void ge_p1p1_to_p2(ge_p2* r, const ge_p1p1* p)
         "ldp	x29, x30, [sp], #32\n\t"
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "cc"
+        : "memory", "cc", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22"
     );
 }
 
@@ -5347,7 +5358,9 @@ void ge_p1p1_to_p3(ge_p3* r, const ge_p1p1* p)
         "ldp	x29, x30, [sp], #32\n\t"
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "cc"
+        : "memory", "cc", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26"
     );
 }
 
@@ -5808,7 +5821,9 @@ void ge_p2_dbl(ge_p1p1* r, const ge_p2* p)
         "ldp	x29, x30, [sp], #32\n\t"
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc"
+        : "memory", "cc", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28"
     );
 }
 
@@ -6304,7 +6319,9 @@ void ge_madd(ge_p1p1* r, const ge_p3* p, const ge_precomp* q)
         "ldp	x29, x30, [sp], #48\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc"
+        : "memory", "cc", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28"
     );
 }
 
@@ -6800,7 +6817,9 @@ void ge_msub(ge_p1p1* r, const ge_p3* p, const ge_precomp* q)
         "ldp	x29, x30, [sp], #48\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc"
+        : "memory", "cc", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28"
     );
 }
 
@@ -7422,7 +7441,9 @@ void ge_add(ge_p1p1* r, const ge_p3* p, const ge_cached* q)
         "ldp	x29, x30, [sp], #48\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc"
+        : "memory", "cc", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28"
     );
 }
 
@@ -8059,7 +8080,9 @@ void ge_sub(ge_p1p1* r, const ge_p3* p, const ge_cached* q)
         "ldp	x29, x30, [sp], #48\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "cc"
+        : "memory", "cc", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28"
     );
 }
 
@@ -8242,7 +8265,9 @@ void sc_reduce(byte* s)
         "stp	x4, x5, [%x[s], #16]\n\t"
         : [s] "+r" (s)
         :
-        : "memory", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "cc"
+        : "memory", "cc", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9",
+            "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19",
+            "x20", "x21", "x22", "x23"
     );
 }
 
@@ -8521,7 +8546,9 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "stp	x6, x7, [%x[s], #16]\n\t"
         : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c)
         :
-        : "memory", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "cc"
+        : "memory", "cc", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11",
+            "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21",
+            "x22", "x23", "x24", "x25", "x26"
     );
 }
 
diff --git a/wolfcrypt/src/port/arm/armv8-mlkem-asm.S b/wolfcrypt/src/port/arm/armv8-mlkem-asm.S
new file mode 100644
index 000000000..cd37d6eda
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-mlkem-asm.S
@@ -0,0 +1,12030 @@
+/* armv8-mlkem-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb arm64 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-mlkem-asm.S
+ */
+#ifdef WOLFSSL_ARMASM
+#ifdef __aarch64__
+#ifndef WOLFSSL_ARMASM_INLINE
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_aarch64_q, %object
+	.section	.rodata
+	.size	L_mlkem_aarch64_q, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_aarch64_q:
+	.short	0x0d01,0x0d01,0x0d01,0x0d01,0x0d01,0x0d01,0x0d01,0x0d01
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_aarch64_consts, %object
+	.section	.rodata
+	.size	L_mlkem_aarch64_consts, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_aarch64_consts:
+	.short	0x0d01,0xf301,0x4ebf,0x0549,0x5049,0x0000,0x0000,0x0000
+#ifndef __APPLE__
+	.text
+	.type	L_sha3_aarch64_r, %object
+	.section	.rodata
+	.size	L_sha3_aarch64_r, 192
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	3
+#else
+	.p2align	3
+#endif /* __APPLE__ */
+L_sha3_aarch64_r:
+	.xword	0x0000000000000001
+	.xword	0x0000000000008082
+	.xword	0x800000000000808a
+	.xword	0x8000000080008000
+	.xword	0x000000000000808b
+	.xword	0x0000000080000001
+	.xword	0x8000000080008081
+	.xword	0x8000000000008009
+	.xword	0x000000000000008a
+	.xword	0x0000000000000088
+	.xword	0x0000000080008009
+	.xword	0x000000008000000a
+	.xword	0x000000008000808b
+	.xword	0x800000000000008b
+	.xword	0x8000000000008089
+	.xword	0x8000000000008003
+	.xword	0x8000000000008002
+	.xword	0x8000000000000080
+	.xword	0x000000000000800a
+	.xword	0x800000008000000a
+	.xword	0x8000000080008081
+	.xword	0x8000000000008080
+	.xword	0x0000000080000001
+	.xword	0x8000000080008008
+#ifdef WOLFSSL_WC_MLKEM
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_aarch64_zetas, %object
+	.section	.rodata
+	.size	L_mlkem_aarch64_zetas, 576
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_aarch64_zetas:
+	.short	0x08ed,0x0a0b,0x0b9a,0x0714,0x05d5,0x058e,0x011f,0x00ca
+	.short	0x0c56,0x026e,0x0629,0x00b6,0x03c2,0x084f,0x073f,0x05bc
+	.short	0x023d,0x07d4,0x0108,0x017f,0x09c4,0x05b2,0x06bf,0x0c7f
+	.short	0x0a58,0x03f9,0x02dc,0x0260,0x06fb,0x019b,0x0c34,0x06de
+	.short	0x04c7,0x04c7,0x04c7,0x04c7,0x028c,0x028c,0x028c,0x028c
+	.short	0x0ad9,0x0ad9,0x0ad9,0x0ad9,0x03f7,0x03f7,0x03f7,0x03f7
+	.short	0x07f4,0x07f4,0x07f4,0x07f4,0x05d3,0x05d3,0x05d3,0x05d3
+	.short	0x0be7,0x0be7,0x0be7,0x0be7,0x06f9,0x06f9,0x06f9,0x06f9
+	.short	0x0204,0x0204,0x0204,0x0204,0x0cf9,0x0cf9,0x0cf9,0x0cf9
+	.short	0x0bc1,0x0bc1,0x0bc1,0x0bc1,0x0a67,0x0a67,0x0a67,0x0a67
+	.short	0x06af,0x06af,0x06af,0x06af,0x0877,0x0877,0x0877,0x0877
+	.short	0x007e,0x007e,0x007e,0x007e,0x05bd,0x05bd,0x05bd,0x05bd
+	.short	0x09ac,0x09ac,0x09ac,0x09ac,0x0ca7,0x0ca7,0x0ca7,0x0ca7
+	.short	0x0bf2,0x0bf2,0x0bf2,0x0bf2,0x033e,0x033e,0x033e,0x033e
+	.short	0x006b,0x006b,0x006b,0x006b,0x0774,0x0774,0x0774,0x0774
+	.short	0x0c0a,0x0c0a,0x0c0a,0x0c0a,0x094a,0x094a,0x094a,0x094a
+	.short	0x0b73,0x0b73,0x0b73,0x0b73,0x03c1,0x03c1,0x03c1,0x03c1
+	.short	0x071d,0x071d,0x071d,0x071d,0x0a2c,0x0a2c,0x0a2c,0x0a2c
+	.short	0x01c0,0x01c0,0x01c0,0x01c0,0x08d8,0x08d8,0x08d8,0x08d8
+	.short	0x02a5,0x02a5,0x02a5,0x02a5,0x0806,0x0806,0x0806,0x0806
+	.short	0x08b2,0x08b2,0x01ae,0x01ae,0x022b,0x022b,0x034b,0x034b
+	.short	0x081e,0x081e,0x0367,0x0367,0x060e,0x060e,0x0069,0x0069
+	.short	0x01a6,0x01a6,0x024b,0x024b,0x00b1,0x00b1,0x0c16,0x0c16
+	.short	0x0bde,0x0bde,0x0b35,0x0b35,0x0626,0x0626,0x0675,0x0675
+	.short	0x0c0b,0x0c0b,0x030a,0x030a,0x0487,0x0487,0x0c6e,0x0c6e
+	.short	0x09f8,0x09f8,0x05cb,0x05cb,0x0aa7,0x0aa7,0x045f,0x045f
+	.short	0x06cb,0x06cb,0x0284,0x0284,0x0999,0x0999,0x015d,0x015d
+	.short	0x01a2,0x01a2,0x0149,0x0149,0x0c65,0x0c65,0x0cb6,0x0cb6
+	.short	0x0331,0x0331,0x0449,0x0449,0x025b,0x025b,0x0262,0x0262
+	.short	0x052a,0x052a,0x07fc,0x07fc,0x0748,0x0748,0x0180,0x0180
+	.short	0x0842,0x0842,0x0c79,0x0c79,0x04c2,0x04c2,0x07ca,0x07ca
+	.short	0x0997,0x0997,0x00dc,0x00dc,0x085e,0x085e,0x0686,0x0686
+	.short	0x0860,0x0860,0x0707,0x0707,0x0803,0x0803,0x031a,0x031a
+	.short	0x071b,0x071b,0x09ab,0x09ab,0x099b,0x099b,0x01de,0x01de
+	.short	0x0c95,0x0c95,0x0bcd,0x0bcd,0x03e4,0x03e4,0x03df,0x03df
+	.short	0x03be,0x03be,0x074d,0x074d,0x05f2,0x05f2,0x065c,0x065c
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_aarch64_zetas_qinv, %object
+	.section	.rodata
+	.size	L_mlkem_aarch64_zetas_qinv, 576
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_aarch64_zetas_qinv:
+	.short	0xffed,0x7b0b,0x399a,0x0314,0x34d5,0xcf8e,0x6e1f,0xbeca
+	.short	0xae56,0x6c6e,0xf129,0xc2b6,0x29c2,0x054f,0xd43f,0x79bc
+	.short	0xe93d,0x43d4,0x9908,0x8e7f,0x15c4,0xfbb2,0x53bf,0x997f
+	.short	0x9258,0x5ef9,0xd6dc,0x2260,0x47fb,0x229b,0x6834,0xc0de
+	.short	0xe9c7,0xe9c7,0xe9c7,0xe9c7,0xe68c,0xe68c,0xe68c,0xe68c
+	.short	0x05d9,0x05d9,0x05d9,0x05d9,0x78f7,0x78f7,0x78f7,0x78f7
+	.short	0xa3f4,0xa3f4,0xa3f4,0xa3f4,0x4ed3,0x4ed3,0x4ed3,0x4ed3
+	.short	0x50e7,0x50e7,0x50e7,0x50e7,0x61f9,0x61f9,0x61f9,0x61f9
+	.short	0xce04,0xce04,0xce04,0xce04,0x67f9,0x67f9,0x67f9,0x67f9
+	.short	0x3ec1,0x3ec1,0x3ec1,0x3ec1,0xcf67,0xcf67,0xcf67,0xcf67
+	.short	0x23af,0x23af,0x23af,0x23af,0xfd77,0xfd77,0xfd77,0xfd77
+	.short	0x9a7e,0x9a7e,0x9a7e,0x9a7e,0x6cbd,0x6cbd,0x6cbd,0x6cbd
+	.short	0x4dac,0x4dac,0x4dac,0x4dac,0x91a7,0x91a7,0x91a7,0x91a7
+	.short	0xc1f2,0xc1f2,0xc1f2,0xc1f2,0xdd3e,0xdd3e,0xdd3e,0xdd3e
+	.short	0x916b,0x916b,0x916b,0x916b,0x2374,0x2374,0x2374,0x2374
+	.short	0x8a0a,0x8a0a,0x8a0a,0x8a0a,0x474a,0x474a,0x474a,0x474a
+	.short	0x3473,0x3473,0x3473,0x3473,0x36c1,0x36c1,0x36c1,0x36c1
+	.short	0x8e1d,0x8e1d,0x8e1d,0x8e1d,0xce2c,0xce2c,0xce2c,0xce2c
+	.short	0x41c0,0x41c0,0x41c0,0x41c0,0x10d8,0x10d8,0x10d8,0x10d8
+	.short	0xa1a5,0xa1a5,0xa1a5,0xa1a5,0xba06,0xba06,0xba06,0xba06
+	.short	0xfeb2,0xfeb2,0x2bae,0x2bae,0xd32b,0xd32b,0x344b,0x344b
+	.short	0x821e,0x821e,0xc867,0xc867,0x500e,0x500e,0xab69,0xab69
+	.short	0x93a6,0x93a6,0x334b,0x334b,0x03b1,0x03b1,0xee16,0xee16
+	.short	0xc5de,0xc5de,0x5a35,0x5a35,0x1826,0x1826,0x1575,0x1575
+	.short	0x7d0b,0x7d0b,0x810a,0x810a,0x2987,0x2987,0x766e,0x766e
+	.short	0x71f8,0x71f8,0xb6cb,0xb6cb,0x8fa7,0x8fa7,0x315f,0x315f
+	.short	0xb7cb,0xb7cb,0x4e84,0x4e84,0x4499,0x4499,0x485d,0x485d
+	.short	0xc7a2,0xc7a2,0x4c49,0x4c49,0xeb65,0xeb65,0xceb6,0xceb6
+	.short	0x8631,0x8631,0x4f49,0x4f49,0x635b,0x635b,0x0862,0x0862
+	.short	0xe32a,0xe32a,0x3bfc,0x3bfc,0x5f48,0x5f48,0x8180,0x8180
+	.short	0xae42,0xae42,0xe779,0xe779,0x2ac2,0x2ac2,0xc5ca,0xc5ca
+	.short	0x5e97,0x5e97,0xd4dc,0xd4dc,0x425e,0x425e,0x3886,0x3886
+	.short	0x2860,0x2860,0xac07,0xac07,0xe103,0xe103,0xb11a,0xb11a
+	.short	0xa81b,0xa81b,0x5aab,0x5aab,0x2a9b,0x2a9b,0xbbde,0xbbde
+	.short	0x7b95,0x7b95,0xa2cd,0xa2cd,0x6fe4,0x6fe4,0xb0df,0xb0df
+	.short	0x5dbe,0x5dbe,0x1e4d,0x1e4d,0xbbf2,0xbbf2,0x5a5c,0x5a5c
+#ifndef __APPLE__
+.text
+.globl	mlkem_ntt
+.type	mlkem_ntt,@function
+.align	2
+mlkem_ntt:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_ntt
+.p2align	2
+_mlkem_ntt:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_mlkem_aarch64_zetas
+	add  x2, x2, :lo12:L_mlkem_aarch64_zetas
+#else
+	adrp x2, L_mlkem_aarch64_zetas@PAGE
+	add  x2, x2, :lo12:L_mlkem_aarch64_zetas@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_mlkem_aarch64_zetas_qinv
+	add  x3, x3, :lo12:L_mlkem_aarch64_zetas_qinv
+#else
+	adrp x3, L_mlkem_aarch64_zetas_qinv@PAGE
+	add  x3, x3, :lo12:L_mlkem_aarch64_zetas_qinv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_mlkem_aarch64_consts
+	add  x4, x4, :lo12:L_mlkem_aarch64_consts
+#else
+	adrp x4, L_mlkem_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_mlkem_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	add	x1, x0, #0x100
+	ldr	q4, [x4]
+	ldr	q5, [x0]
+	ldr	q6, [x0, #32]
+	ldr	q7, [x0, #64]
+	ldr	q8, [x0, #96]
+	ldr	q9, [x0, #128]
+	ldr	q10, [x0, #160]
+	ldr	q11, [x0, #192]
+	ldr	q12, [x0, #224]
+	ldr	q13, [x1]
+	ldr	q14, [x1, #32]
+	ldr	q15, [x1, #64]
+	ldr	q16, [x1, #96]
+	ldr	q17, [x1, #128]
+	ldr	q18, [x1, #160]
+	ldr	q19, [x1, #192]
+	ldr	q20, [x1, #224]
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	mul	v29.8h, v13.8h, v1.h[1]
+	mul	v30.8h, v14.8h, v1.h[1]
+	sqrdmulh	v21.8h, v13.8h, v0.h[1]
+	sqrdmulh	v22.8h, v14.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v15.8h, v1.h[1]
+	mul	v30.8h, v16.8h, v1.h[1]
+	sqrdmulh	v23.8h, v15.8h, v0.h[1]
+	sqrdmulh	v24.8h, v16.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[1]
+	mul	v30.8h, v18.8h, v1.h[1]
+	sqrdmulh	v25.8h, v17.8h, v0.h[1]
+	sqrdmulh	v26.8h, v18.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[1]
+	mul	v30.8h, v20.8h, v1.h[1]
+	sqrdmulh	v27.8h, v19.8h, v0.h[1]
+	sqrdmulh	v28.8h, v20.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v13.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v14.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v15.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v16.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v9.8h, v25.8h
+	add	v9.8h, v9.8h, v25.8h
+	sub	v18.8h, v10.8h, v26.8h
+	add	v10.8h, v10.8h, v26.8h
+	sub	v19.8h, v11.8h, v27.8h
+	add	v11.8h, v11.8h, v27.8h
+	sub	v20.8h, v12.8h, v28.8h
+	add	v12.8h, v12.8h, v28.8h
+	mul	v29.8h, v9.8h, v1.h[2]
+	mul	v30.8h, v10.8h, v1.h[2]
+	sqrdmulh	v21.8h, v9.8h, v0.h[2]
+	sqrdmulh	v22.8h, v10.8h, v0.h[2]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[2]
+	sqrdmulh	v23.8h, v11.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[2]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[3]
+	mul	v30.8h, v18.8h, v1.h[3]
+	sqrdmulh	v25.8h, v17.8h, v0.h[3]
+	sqrdmulh	v26.8h, v18.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[3]
+	mul	v30.8h, v20.8h, v1.h[3]
+	sqrdmulh	v27.8h, v19.8h, v0.h[3]
+	sqrdmulh	v28.8h, v20.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v9.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v10.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v12.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v18.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v15.8h, v27.8h
+	add	v15.8h, v15.8h, v27.8h
+	sub	v20.8h, v16.8h, v28.8h
+	add	v16.8h, v16.8h, v28.8h
+	mul	v29.8h, v7.8h, v1.h[4]
+	mul	v30.8h, v8.8h, v1.h[4]
+	sqrdmulh	v21.8h, v7.8h, v0.h[4]
+	sqrdmulh	v22.8h, v8.8h, v0.h[4]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[5]
+	mul	v30.8h, v12.8h, v1.h[5]
+	sqrdmulh	v23.8h, v11.8h, v0.h[5]
+	sqrdmulh	v24.8h, v12.8h, v0.h[5]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v15.8h, v1.h[6]
+	mul	v30.8h, v16.8h, v1.h[6]
+	sqrdmulh	v25.8h, v15.8h, v0.h[6]
+	sqrdmulh	v26.8h, v16.8h, v0.h[6]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[7]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v19.8h, v0.h[7]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v7.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v10.8h, v24.8h
+	add	v10.8h, v10.8h, v24.8h
+	sub	v15.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v18.8h, v28.8h
+	add	v18.8h, v18.8h, v28.8h
+	ldr	q0, [x2, #16]
+	ldr	q1, [x3, #16]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	str	q5, [x0]
+	str	q6, [x0, #32]
+	str	q7, [x0, #64]
+	str	q8, [x0, #96]
+	str	q9, [x0, #128]
+	str	q10, [x0, #160]
+	str	q11, [x0, #192]
+	str	q12, [x0, #224]
+	str	q13, [x1]
+	str	q14, [x1, #32]
+	str	q15, [x1, #64]
+	str	q16, [x1, #96]
+	str	q17, [x1, #128]
+	str	q18, [x1, #160]
+	str	q19, [x1, #192]
+	str	q20, [x1, #224]
+	ldr	q5, [x0, #16]
+	ldr	q6, [x0, #48]
+	ldr	q7, [x0, #80]
+	ldr	q8, [x0, #112]
+	ldr	q9, [x0, #144]
+	ldr	q10, [x0, #176]
+	ldr	q11, [x0, #208]
+	ldr	q12, [x0, #240]
+	ldr	q13, [x1, #16]
+	ldr	q14, [x1, #48]
+	ldr	q15, [x1, #80]
+	ldr	q16, [x1, #112]
+	ldr	q17, [x1, #144]
+	ldr	q18, [x1, #176]
+	ldr	q19, [x1, #208]
+	ldr	q20, [x1, #240]
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	mul	v29.8h, v13.8h, v1.h[1]
+	mul	v30.8h, v14.8h, v1.h[1]
+	sqrdmulh	v21.8h, v13.8h, v0.h[1]
+	sqrdmulh	v22.8h, v14.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v15.8h, v1.h[1]
+	mul	v30.8h, v16.8h, v1.h[1]
+	sqrdmulh	v23.8h, v15.8h, v0.h[1]
+	sqrdmulh	v24.8h, v16.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[1]
+	mul	v30.8h, v18.8h, v1.h[1]
+	sqrdmulh	v25.8h, v17.8h, v0.h[1]
+	sqrdmulh	v26.8h, v18.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[1]
+	mul	v30.8h, v20.8h, v1.h[1]
+	sqrdmulh	v27.8h, v19.8h, v0.h[1]
+	sqrdmulh	v28.8h, v20.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v13.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v14.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v15.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v16.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v9.8h, v25.8h
+	add	v9.8h, v9.8h, v25.8h
+	sub	v18.8h, v10.8h, v26.8h
+	add	v10.8h, v10.8h, v26.8h
+	sub	v19.8h, v11.8h, v27.8h
+	add	v11.8h, v11.8h, v27.8h
+	sub	v20.8h, v12.8h, v28.8h
+	add	v12.8h, v12.8h, v28.8h
+	mul	v29.8h, v9.8h, v1.h[2]
+	mul	v30.8h, v10.8h, v1.h[2]
+	sqrdmulh	v21.8h, v9.8h, v0.h[2]
+	sqrdmulh	v22.8h, v10.8h, v0.h[2]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[2]
+	sqrdmulh	v23.8h, v11.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[2]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[3]
+	mul	v30.8h, v18.8h, v1.h[3]
+	sqrdmulh	v25.8h, v17.8h, v0.h[3]
+	sqrdmulh	v26.8h, v18.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[3]
+	mul	v30.8h, v20.8h, v1.h[3]
+	sqrdmulh	v27.8h, v19.8h, v0.h[3]
+	sqrdmulh	v28.8h, v20.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v9.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v10.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v12.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v18.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v15.8h, v27.8h
+	add	v15.8h, v15.8h, v27.8h
+	sub	v20.8h, v16.8h, v28.8h
+	add	v16.8h, v16.8h, v28.8h
+	mul	v29.8h, v7.8h, v1.h[4]
+	mul	v30.8h, v8.8h, v1.h[4]
+	sqrdmulh	v21.8h, v7.8h, v0.h[4]
+	sqrdmulh	v22.8h, v8.8h, v0.h[4]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[5]
+	mul	v30.8h, v12.8h, v1.h[5]
+	sqrdmulh	v23.8h, v11.8h, v0.h[5]
+	sqrdmulh	v24.8h, v12.8h, v0.h[5]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v15.8h, v1.h[6]
+	mul	v30.8h, v16.8h, v1.h[6]
+	sqrdmulh	v25.8h, v15.8h, v0.h[6]
+	sqrdmulh	v26.8h, v16.8h, v0.h[6]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[7]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v19.8h, v0.h[7]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v7.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v10.8h, v24.8h
+	add	v10.8h, v10.8h, v24.8h
+	sub	v15.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v18.8h, v28.8h
+	add	v18.8h, v18.8h, v28.8h
+	ldr	q0, [x2, #16]
+	ldr	q1, [x3, #16]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	str	q5, [x0, #16]
+	str	q6, [x0, #48]
+	str	q7, [x0, #80]
+	str	q8, [x0, #112]
+	str	q9, [x0, #144]
+	str	q10, [x0, #176]
+	str	q11, [x0, #208]
+	str	q12, [x0, #240]
+	str	q13, [x1, #16]
+	str	q14, [x1, #48]
+	str	q15, [x1, #80]
+	str	q16, [x1, #112]
+	str	q17, [x1, #144]
+	str	q18, [x1, #176]
+	str	q19, [x1, #208]
+	str	q20, [x1, #240]
+	ldp	q5, q6, [x0]
+	ldp	q7, q8, [x0, #32]
+	ldp	q9, q10, [x0, #64]
+	ldp	q11, q12, [x0, #96]
+	ldp	q13, q14, [x0, #128]
+	ldp	q15, q16, [x0, #160]
+	ldp	q17, q18, [x0, #192]
+	ldp	q19, q20, [x0, #224]
+	ldr	q0, [x2, #32]
+	ldr	q1, [x3, #32]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #64]
+	ldr	q2, [x2, #80]
+	ldr	q1, [x3, #64]
+	ldr	q3, [x3, #80]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	trn2	v8.2d, v30.2d, v8.2d
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #96]
+	ldr	q2, [x2, #112]
+	ldr	q1, [x3, #96]
+	ldr	q3, [x3, #112]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	trn2	v12.2d, v30.2d, v12.2d
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #128]
+	ldr	q2, [x2, #144]
+	ldr	q1, [x3, #128]
+	ldr	q3, [x3, #144]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	trn2	v16.2d, v30.2d, v16.2d
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #160]
+	ldr	q2, [x2, #176]
+	ldr	q1, [x3, #160]
+	ldr	q3, [x3, #176]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	trn2	v20.2d, v30.2d, v20.2d
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #320]
+	ldr	q2, [x2, #336]
+	ldr	q1, [x3, #320]
+	ldr	q3, [x3, #336]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	trn2	v8.4s, v30.4s, v8.4s
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #352]
+	ldr	q2, [x2, #368]
+	ldr	q1, [x3, #352]
+	ldr	q3, [x3, #368]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	trn2	v12.4s, v30.4s, v12.4s
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #384]
+	ldr	q2, [x2, #400]
+	ldr	q1, [x3, #384]
+	ldr	q3, [x3, #400]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	trn2	v16.4s, v30.4s, v16.4s
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #416]
+	ldr	q2, [x2, #432]
+	ldr	q1, [x3, #416]
+	ldr	q3, [x3, #432]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	trn2	v20.4s, v30.4s, v20.4s
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	sqdmulh	v21.8h, v5.8h, v4.h[2]
+	sqdmulh	v22.8h, v6.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v5.8h, v21.8h, v4.h[0]
+	mls	v6.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v7.8h, v4.h[2]
+	sqdmulh	v22.8h, v8.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v7.8h, v21.8h, v4.h[0]
+	mls	v8.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v9.8h, v4.h[2]
+	sqdmulh	v22.8h, v10.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v9.8h, v21.8h, v4.h[0]
+	mls	v10.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v11.8h, v4.h[2]
+	sqdmulh	v22.8h, v12.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v11.8h, v21.8h, v4.h[0]
+	mls	v12.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v13.8h, v4.h[2]
+	sqdmulh	v22.8h, v14.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v13.8h, v21.8h, v4.h[0]
+	mls	v14.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v15.8h, v4.h[2]
+	sqdmulh	v22.8h, v16.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v15.8h, v21.8h, v4.h[0]
+	mls	v16.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v17.8h, v4.h[2]
+	sqdmulh	v22.8h, v18.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v17.8h, v21.8h, v4.h[0]
+	mls	v18.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v19.8h, v4.h[2]
+	sqdmulh	v22.8h, v20.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v19.8h, v21.8h, v4.h[0]
+	mls	v20.8h, v22.8h, v4.h[0]
+	mov	v29.16b, v5.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	mov	v29.16b, v5.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	mov	v29.16b, v7.16b
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v8.4s, v29.4s, v8.4s
+	mov	v29.16b, v7.16b
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v8.2d, v29.2d, v8.2d
+	mov	v29.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	mov	v29.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	mov	v29.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v29.4s, v12.4s
+	mov	v29.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v29.2d, v12.2d
+	mov	v29.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	mov	v29.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	mov	v29.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v29.4s, v16.4s
+	mov	v29.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v29.2d, v16.2d
+	mov	v29.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	mov	v29.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	mov	v29.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v29.4s, v20.4s
+	mov	v29.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v29.2d, v20.2d
+	stp	q5, q6, [x0]
+	stp	q7, q8, [x0, #32]
+	stp	q9, q10, [x0, #64]
+	stp	q11, q12, [x0, #96]
+	stp	q13, q14, [x0, #128]
+	stp	q15, q16, [x0, #160]
+	stp	q17, q18, [x0, #192]
+	stp	q19, q20, [x0, #224]
+	ldp	q5, q6, [x1]
+	ldp	q7, q8, [x1, #32]
+	ldp	q9, q10, [x1, #64]
+	ldp	q11, q12, [x1, #96]
+	ldp	q13, q14, [x1, #128]
+	ldp	q15, q16, [x1, #160]
+	ldp	q17, q18, [x1, #192]
+	ldp	q19, q20, [x1, #224]
+	ldr	q0, [x2, #48]
+	ldr	q1, [x3, #48]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #192]
+	ldr	q2, [x2, #208]
+	ldr	q1, [x3, #192]
+	ldr	q3, [x3, #208]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	trn2	v8.2d, v30.2d, v8.2d
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #224]
+	ldr	q2, [x2, #240]
+	ldr	q1, [x3, #224]
+	ldr	q3, [x3, #240]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	trn2	v12.2d, v30.2d, v12.2d
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #256]
+	ldr	q2, [x2, #272]
+	ldr	q1, [x3, #256]
+	ldr	q3, [x3, #272]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	trn2	v16.2d, v30.2d, v16.2d
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #288]
+	ldr	q2, [x2, #304]
+	ldr	q1, [x3, #288]
+	ldr	q3, [x3, #304]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	trn2	v20.2d, v30.2d, v20.2d
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #448]
+	ldr	q2, [x2, #464]
+	ldr	q1, [x3, #448]
+	ldr	q3, [x3, #464]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	trn2	v8.4s, v30.4s, v8.4s
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v21.8h, v21.8h, v29.8h
+	sub	v22.8h, v22.8h, v30.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #480]
+	ldr	q2, [x2, #496]
+	ldr	q1, [x3, #480]
+	ldr	q3, [x3, #496]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	trn2	v12.4s, v30.4s, v12.4s
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v23.8h, v23.8h, v29.8h
+	sub	v24.8h, v24.8h, v30.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #512]
+	ldr	q2, [x2, #528]
+	ldr	q1, [x3, #512]
+	ldr	q3, [x3, #528]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	trn2	v16.4s, v30.4s, v16.4s
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v25.8h, v25.8h, v29.8h
+	sub	v26.8h, v26.8h, v30.8h
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #544]
+	ldr	q2, [x2, #560]
+	ldr	q1, [x3, #544]
+	ldr	q3, [x3, #560]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	trn2	v20.4s, v30.4s, v20.4s
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmulh	v29.8h, v29.8h, v4.h[0]
+	sqrdmulh	v30.8h, v30.8h, v4.h[0]
+	sub	v27.8h, v27.8h, v29.8h
+	sub	v28.8h, v28.8h, v30.8h
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	sqdmulh	v21.8h, v5.8h, v4.h[2]
+	sqdmulh	v22.8h, v6.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v5.8h, v21.8h, v4.h[0]
+	mls	v6.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v7.8h, v4.h[2]
+	sqdmulh	v22.8h, v8.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v7.8h, v21.8h, v4.h[0]
+	mls	v8.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v9.8h, v4.h[2]
+	sqdmulh	v22.8h, v10.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v9.8h, v21.8h, v4.h[0]
+	mls	v10.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v11.8h, v4.h[2]
+	sqdmulh	v22.8h, v12.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v11.8h, v21.8h, v4.h[0]
+	mls	v12.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v13.8h, v4.h[2]
+	sqdmulh	v22.8h, v14.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v13.8h, v21.8h, v4.h[0]
+	mls	v14.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v15.8h, v4.h[2]
+	sqdmulh	v22.8h, v16.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v15.8h, v21.8h, v4.h[0]
+	mls	v16.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v17.8h, v4.h[2]
+	sqdmulh	v22.8h, v18.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v17.8h, v21.8h, v4.h[0]
+	mls	v18.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v19.8h, v4.h[2]
+	sqdmulh	v22.8h, v20.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v19.8h, v21.8h, v4.h[0]
+	mls	v20.8h, v22.8h, v4.h[0]
+	mov	v29.16b, v5.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	mov	v29.16b, v5.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	mov	v29.16b, v7.16b
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v8.4s, v29.4s, v8.4s
+	mov	v29.16b, v7.16b
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v8.2d, v29.2d, v8.2d
+	mov	v29.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	mov	v29.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	mov	v29.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v29.4s, v12.4s
+	mov	v29.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v29.2d, v12.2d
+	mov	v29.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	mov	v29.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	mov	v29.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v29.4s, v16.4s
+	mov	v29.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v29.2d, v16.2d
+	mov	v29.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	mov	v29.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	mov	v29.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v29.4s, v20.4s
+	mov	v29.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v29.2d, v20.2d
+	stp	q5, q6, [x1]
+	stp	q7, q8, [x1, #32]
+	stp	q9, q10, [x1, #64]
+	stp	q11, q12, [x1, #96]
+	stp	q13, q14, [x1, #128]
+	stp	q15, q16, [x1, #160]
+	stp	q17, q18, [x1, #192]
+	stp	q19, q20, [x1, #224]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_ntt,.-mlkem_ntt
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_aarch64_zetas_inv, %object
+	.section	.rodata
+	.size	L_mlkem_aarch64_zetas_inv, 576
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_aarch64_zetas_inv:
+	.short	0x06a5,0x06a5,0x070f,0x070f,0x05b4,0x05b4,0x0943,0x0943
+	.short	0x0922,0x0922,0x091d,0x091d,0x0134,0x0134,0x006c,0x006c
+	.short	0x0b23,0x0b23,0x0366,0x0366,0x0356,0x0356,0x05e6,0x05e6
+	.short	0x09e7,0x09e7,0x04fe,0x04fe,0x05fa,0x05fa,0x04a1,0x04a1
+	.short	0x067b,0x067b,0x04a3,0x04a3,0x0c25,0x0c25,0x036a,0x036a
+	.short	0x0537,0x0537,0x083f,0x083f,0x0088,0x0088,0x04bf,0x04bf
+	.short	0x0b81,0x0b81,0x05b9,0x05b9,0x0505,0x0505,0x07d7,0x07d7
+	.short	0x0a9f,0x0a9f,0x0aa6,0x0aa6,0x08b8,0x08b8,0x09d0,0x09d0
+	.short	0x004b,0x004b,0x009c,0x009c,0x0bb8,0x0bb8,0x0b5f,0x0b5f
+	.short	0x0ba4,0x0ba4,0x0368,0x0368,0x0a7d,0x0a7d,0x0636,0x0636
+	.short	0x08a2,0x08a2,0x025a,0x025a,0x0736,0x0736,0x0309,0x0309
+	.short	0x0093,0x0093,0x087a,0x087a,0x09f7,0x09f7,0x00f6,0x00f6
+	.short	0x068c,0x068c,0x06db,0x06db,0x01cc,0x01cc,0x0123,0x0123
+	.short	0x00eb,0x00eb,0x0c50,0x0c50,0x0ab6,0x0ab6,0x0b5b,0x0b5b
+	.short	0x0c98,0x0c98,0x06f3,0x06f3,0x099a,0x099a,0x04e3,0x04e3
+	.short	0x09b6,0x09b6,0x0ad6,0x0ad6,0x0b53,0x0b53,0x044f,0x044f
+	.short	0x04fb,0x04fb,0x04fb,0x04fb,0x0a5c,0x0a5c,0x0a5c,0x0a5c
+	.short	0x0429,0x0429,0x0429,0x0429,0x0b41,0x0b41,0x0b41,0x0b41
+	.short	0x02d5,0x02d5,0x02d5,0x02d5,0x05e4,0x05e4,0x05e4,0x05e4
+	.short	0x0940,0x0940,0x0940,0x0940,0x018e,0x018e,0x018e,0x018e
+	.short	0x03b7,0x03b7,0x03b7,0x03b7,0x00f7,0x00f7,0x00f7,0x00f7
+	.short	0x058d,0x058d,0x058d,0x058d,0x0c96,0x0c96,0x0c96,0x0c96
+	.short	0x09c3,0x09c3,0x09c3,0x09c3,0x010f,0x010f,0x010f,0x010f
+	.short	0x005a,0x005a,0x005a,0x005a,0x0355,0x0355,0x0355,0x0355
+	.short	0x0744,0x0744,0x0744,0x0744,0x0c83,0x0c83,0x0c83,0x0c83
+	.short	0x048a,0x048a,0x048a,0x048a,0x0652,0x0652,0x0652,0x0652
+	.short	0x029a,0x029a,0x029a,0x029a,0x0140,0x0140,0x0140,0x0140
+	.short	0x0008,0x0008,0x0008,0x0008,0x0afd,0x0afd,0x0afd,0x0afd
+	.short	0x0608,0x0608,0x0608,0x0608,0x011a,0x011a,0x011a,0x011a
+	.short	0x072e,0x072e,0x072e,0x072e,0x050d,0x050d,0x050d,0x050d
+	.short	0x090a,0x090a,0x090a,0x090a,0x0228,0x0228,0x0228,0x0228
+	.short	0x0a75,0x0a75,0x0a75,0x0a75,0x083a,0x083a,0x083a,0x083a
+	.short	0x0623,0x00cd,0x0b66,0x0606,0x0aa1,0x0a25,0x0908,0x02a9
+	.short	0x0082,0x0642,0x074f,0x033d,0x0b82,0x0bf9,0x052d,0x0ac4
+	.short	0x0745,0x05c2,0x04b2,0x093f,0x0c4b,0x06d8,0x0a93,0x00ab
+	.short	0x0c37,0x0be2,0x0773,0x072c,0x05ed,0x0167,0x02f6,0x05a1
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_aarch64_zetas_inv_qinv, %object
+	.section	.rodata
+	.size	L_mlkem_aarch64_zetas_inv_qinv, 576
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_aarch64_zetas_inv_qinv:
+	.short	0xa5a5,0xa5a5,0x440f,0x440f,0xe1b4,0xe1b4,0xa243,0xa243
+	.short	0x4f22,0x4f22,0x901d,0x901d,0x5d34,0x5d34,0x846c,0x846c
+	.short	0x4423,0x4423,0xd566,0xd566,0xa556,0xa556,0x57e6,0x57e6
+	.short	0x4ee7,0x4ee7,0x1efe,0x1efe,0x53fa,0x53fa,0xd7a1,0xd7a1
+	.short	0xc77b,0xc77b,0xbda3,0xbda3,0x2b25,0x2b25,0xa16a,0xa16a
+	.short	0x3a37,0x3a37,0xd53f,0xd53f,0x1888,0x1888,0x51bf,0x51bf
+	.short	0x7e81,0x7e81,0xa0b9,0xa0b9,0xc405,0xc405,0x1cd7,0x1cd7
+	.short	0xf79f,0xf79f,0x9ca6,0x9ca6,0xb0b8,0xb0b8,0x79d0,0x79d0
+	.short	0x314b,0x314b,0x149c,0x149c,0xb3b8,0xb3b8,0x385f,0x385f
+	.short	0xb7a4,0xb7a4,0xbb68,0xbb68,0xb17d,0xb17d,0x4836,0x4836
+	.short	0xcea2,0xcea2,0x705a,0x705a,0x4936,0x4936,0x8e09,0x8e09
+	.short	0x8993,0x8993,0xd67a,0xd67a,0x7ef7,0x7ef7,0x82f6,0x82f6
+	.short	0xea8c,0xea8c,0xe7db,0xe7db,0xa5cc,0xa5cc,0x3a23,0x3a23
+	.short	0x11eb,0x11eb,0xfc50,0xfc50,0xccb6,0xccb6,0x6c5b,0x6c5b
+	.short	0x5498,0x5498,0xaff3,0xaff3,0x379a,0x379a,0x7de3,0x7de3
+	.short	0xcbb6,0xcbb6,0x2cd6,0x2cd6,0xd453,0xd453,0x014f,0x014f
+	.short	0x45fb,0x45fb,0x45fb,0x45fb,0x5e5c,0x5e5c,0x5e5c,0x5e5c
+	.short	0xef29,0xef29,0xef29,0xef29,0xbe41,0xbe41,0xbe41,0xbe41
+	.short	0x31d5,0x31d5,0x31d5,0x31d5,0x71e4,0x71e4,0x71e4,0x71e4
+	.short	0xc940,0xc940,0xc940,0xc940,0xcb8e,0xcb8e,0xcb8e,0xcb8e
+	.short	0xb8b7,0xb8b7,0xb8b7,0xb8b7,0x75f7,0x75f7,0x75f7,0x75f7
+	.short	0xdc8d,0xdc8d,0xdc8d,0xdc8d,0x6e96,0x6e96,0x6e96,0x6e96
+	.short	0x22c3,0x22c3,0x22c3,0x22c3,0x3e0f,0x3e0f,0x3e0f,0x3e0f
+	.short	0x6e5a,0x6e5a,0x6e5a,0x6e5a,0xb255,0xb255,0xb255,0xb255
+	.short	0x9344,0x9344,0x9344,0x9344,0x6583,0x6583,0x6583,0x6583
+	.short	0x028a,0x028a,0x028a,0x028a,0xdc52,0xdc52,0xdc52,0xdc52
+	.short	0x309a,0x309a,0x309a,0x309a,0xc140,0xc140,0xc140,0xc140
+	.short	0x9808,0x9808,0x9808,0x9808,0x31fd,0x31fd,0x31fd,0x31fd
+	.short	0x9e08,0x9e08,0x9e08,0x9e08,0xaf1a,0xaf1a,0xaf1a,0xaf1a
+	.short	0xb12e,0xb12e,0xb12e,0xb12e,0x5c0d,0x5c0d,0x5c0d,0x5c0d
+	.short	0x870a,0x870a,0x870a,0x870a,0xfa28,0xfa28,0xfa28,0xfa28
+	.short	0x1975,0x1975,0x1975,0x1975,0x163a,0x163a,0x163a,0x163a
+	.short	0x3f23,0x97cd,0xdd66,0xb806,0xdda1,0x2925,0xa108,0x6da9
+	.short	0x6682,0xac42,0x044f,0xea3d,0x7182,0x66f9,0xbc2d,0x16c4
+	.short	0x8645,0x2bc2,0xfab2,0xd63f,0x3d4b,0x0ed8,0x9393,0x51ab
+	.short	0x4137,0x91e2,0x3073,0xcb2c,0xfced,0xc667,0x84f6,0xd8a1
+#ifndef __APPLE__
+.text
+.globl	mlkem_invntt
+.type	mlkem_invntt,@function
+.align	2
+mlkem_invntt:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_invntt
+.p2align	2
+_mlkem_invntt:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_mlkem_aarch64_zetas_inv
+	add  x2, x2, :lo12:L_mlkem_aarch64_zetas_inv
+#else
+	adrp x2, L_mlkem_aarch64_zetas_inv@PAGE
+	add  x2, x2, :lo12:L_mlkem_aarch64_zetas_inv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_mlkem_aarch64_zetas_inv_qinv
+	add  x3, x3, :lo12:L_mlkem_aarch64_zetas_inv_qinv
+#else
+	adrp x3, L_mlkem_aarch64_zetas_inv_qinv@PAGE
+	add  x3, x3, :lo12:L_mlkem_aarch64_zetas_inv_qinv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_mlkem_aarch64_consts
+	add  x4, x4, :lo12:L_mlkem_aarch64_consts
+#else
+	adrp x4, L_mlkem_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_mlkem_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	add	x1, x0, #0x100
+	ldr	q8, [x4]
+	ldp	q9, q10, [x0]
+	ldp	q11, q12, [x0, #32]
+	ldp	q13, q14, [x0, #64]
+	ldp	q15, q16, [x0, #96]
+	ldp	q17, q18, [x0, #128]
+	ldp	q19, q20, [x0, #160]
+	ldp	q21, q22, [x0, #192]
+	ldp	q23, q24, [x0, #224]
+	mov	v25.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	mov	v25.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	mov	v25.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v25.2d, v12.2d
+	mov	v25.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v25.4s, v12.4s
+	mov	v25.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	mov	v25.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	mov	v25.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v25.2d, v16.2d
+	mov	v25.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v25.4s, v16.4s
+	mov	v25.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	mov	v25.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	mov	v25.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v25.2d, v20.2d
+	mov	v25.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v25.4s, v20.4s
+	mov	v25.16b, v21.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	mov	v25.16b, v21.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	mov	v25.16b, v23.16b
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v24.2d, v25.2d, v24.2d
+	mov	v25.16b, v23.16b
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v24.4s, v25.4s, v24.4s
+	ldr	q0, [x2]
+	ldr	q1, [x2, #16]
+	ldr	q2, [x3]
+	ldr	q3, [x3, #16]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #32]
+	ldr	q1, [x2, #48]
+	ldr	q2, [x3, #32]
+	ldr	q3, [x3, #48]
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #64]
+	ldr	q1, [x2, #80]
+	ldr	q2, [x3, #64]
+	ldr	q3, [x3, #80]
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #96]
+	ldr	q1, [x2, #112]
+	ldr	q2, [x3, #96]
+	ldr	q3, [x3, #112]
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #256]
+	ldr	q1, [x2, #272]
+	ldr	q2, [x3, #256]
+	ldr	q3, [x3, #272]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	trn2	v12.4s, v26.4s, v12.4s
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #288]
+	ldr	q1, [x2, #304]
+	ldr	q2, [x3, #288]
+	ldr	q3, [x3, #304]
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	trn2	v16.4s, v26.4s, v16.4s
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #320]
+	ldr	q1, [x2, #336]
+	ldr	q2, [x3, #320]
+	ldr	q3, [x3, #336]
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	trn2	v20.4s, v26.4s, v20.4s
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #352]
+	ldr	q1, [x2, #368]
+	ldr	q2, [x3, #352]
+	ldr	q3, [x3, #368]
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	trn2	v24.4s, v26.4s, v24.4s
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #512]
+	ldr	q2, [x3, #512]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	trn2	v12.2d, v26.2d, v12.2d
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.h[0]
+	mul	v27.8h, v28.8h, v2.h[1]
+	sqrdmulh	v10.8h, v26.8h, v0.h[0]
+	sqrdmulh	v12.8h, v28.8h, v0.h[1]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	trn2	v16.2d, v26.2d, v16.2d
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.h[2]
+	mul	v27.8h, v28.8h, v2.h[3]
+	sqrdmulh	v14.8h, v26.8h, v0.h[2]
+	sqrdmulh	v16.8h, v28.8h, v0.h[3]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	trn2	v20.2d, v26.2d, v20.2d
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.h[4]
+	mul	v27.8h, v28.8h, v2.h[5]
+	sqrdmulh	v18.8h, v26.8h, v0.h[4]
+	sqrdmulh	v20.8h, v28.8h, v0.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	trn2	v24.2d, v26.2d, v24.2d
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.h[6]
+	mul	v27.8h, v28.8h, v2.h[7]
+	sqrdmulh	v22.8h, v26.8h, v0.h[6]
+	sqrdmulh	v24.8h, v28.8h, v0.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v11.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v11.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v13.8h, v8.h[2]
+	sqdmulh	v26.8h, v15.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v13.8h, v25.8h, v8.h[0]
+	mls	v15.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v19.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v19.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v21.8h, v8.h[2]
+	sqdmulh	v26.8h, v23.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v21.8h, v25.8h, v8.h[0]
+	mls	v23.8h, v26.8h, v8.h[0]
+	stp	q9, q10, [x0]
+	stp	q11, q12, [x0, #32]
+	stp	q13, q14, [x0, #64]
+	stp	q15, q16, [x0, #96]
+	stp	q17, q18, [x0, #128]
+	stp	q19, q20, [x0, #160]
+	stp	q21, q22, [x0, #192]
+	stp	q23, q24, [x0, #224]
+	ldp	q9, q10, [x1]
+	ldp	q11, q12, [x1, #32]
+	ldp	q13, q14, [x1, #64]
+	ldp	q15, q16, [x1, #96]
+	ldp	q17, q18, [x1, #128]
+	ldp	q19, q20, [x1, #160]
+	ldp	q21, q22, [x1, #192]
+	ldp	q23, q24, [x1, #224]
+	mov	v25.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	mov	v25.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	mov	v25.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v25.2d, v12.2d
+	mov	v25.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v25.4s, v12.4s
+	mov	v25.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	mov	v25.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	mov	v25.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v25.2d, v16.2d
+	mov	v25.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v25.4s, v16.4s
+	mov	v25.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	mov	v25.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	mov	v25.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v25.2d, v20.2d
+	mov	v25.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v25.4s, v20.4s
+	mov	v25.16b, v21.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	mov	v25.16b, v21.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	mov	v25.16b, v23.16b
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v24.2d, v25.2d, v24.2d
+	mov	v25.16b, v23.16b
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v24.4s, v25.4s, v24.4s
+	ldr	q0, [x2, #128]
+	ldr	q1, [x2, #144]
+	ldr	q2, [x3, #128]
+	ldr	q3, [x3, #144]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #160]
+	ldr	q1, [x2, #176]
+	ldr	q2, [x3, #160]
+	ldr	q3, [x3, #176]
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #192]
+	ldr	q1, [x2, #208]
+	ldr	q2, [x3, #192]
+	ldr	q3, [x3, #208]
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #224]
+	ldr	q1, [x2, #240]
+	ldr	q2, [x3, #224]
+	ldr	q3, [x3, #240]
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #384]
+	ldr	q1, [x2, #400]
+	ldr	q2, [x3, #384]
+	ldr	q3, [x3, #400]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	trn2	v12.4s, v26.4s, v12.4s
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #416]
+	ldr	q1, [x2, #432]
+	ldr	q2, [x3, #416]
+	ldr	q3, [x3, #432]
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	trn2	v16.4s, v26.4s, v16.4s
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #448]
+	ldr	q1, [x2, #464]
+	ldr	q2, [x3, #448]
+	ldr	q3, [x3, #464]
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	trn2	v20.4s, v26.4s, v20.4s
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #480]
+	ldr	q1, [x2, #496]
+	ldr	q2, [x3, #480]
+	ldr	q3, [x3, #496]
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	trn2	v24.4s, v26.4s, v24.4s
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #528]
+	ldr	q2, [x3, #528]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	trn2	v12.2d, v26.2d, v12.2d
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.h[0]
+	mul	v27.8h, v28.8h, v2.h[1]
+	sqrdmulh	v10.8h, v26.8h, v0.h[0]
+	sqrdmulh	v12.8h, v28.8h, v0.h[1]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	trn2	v16.2d, v26.2d, v16.2d
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.h[2]
+	mul	v27.8h, v28.8h, v2.h[3]
+	sqrdmulh	v14.8h, v26.8h, v0.h[2]
+	sqrdmulh	v16.8h, v28.8h, v0.h[3]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	trn2	v20.2d, v26.2d, v20.2d
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.h[4]
+	mul	v27.8h, v28.8h, v2.h[5]
+	sqrdmulh	v18.8h, v26.8h, v0.h[4]
+	sqrdmulh	v20.8h, v28.8h, v0.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	trn2	v24.2d, v26.2d, v24.2d
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.h[6]
+	mul	v27.8h, v28.8h, v2.h[7]
+	sqrdmulh	v22.8h, v26.8h, v0.h[6]
+	sqrdmulh	v24.8h, v28.8h, v0.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v11.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v11.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v13.8h, v8.h[2]
+	sqdmulh	v26.8h, v15.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v13.8h, v25.8h, v8.h[0]
+	mls	v15.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v19.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v19.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v21.8h, v8.h[2]
+	sqdmulh	v26.8h, v23.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v21.8h, v25.8h, v8.h[0]
+	mls	v23.8h, v26.8h, v8.h[0]
+	stp	q9, q10, [x1]
+	stp	q11, q12, [x1, #32]
+	stp	q13, q14, [x1, #64]
+	stp	q15, q16, [x1, #96]
+	stp	q17, q18, [x1, #128]
+	stp	q19, q20, [x1, #160]
+	stp	q21, q22, [x1, #192]
+	stp	q23, q24, [x1, #224]
+	ldr	q4, [x2, #544]
+	ldr	q5, [x2, #560]
+	ldr	q6, [x3, #544]
+	ldr	q7, [x3, #560]
+	ldr	q9, [x0]
+	ldr	q10, [x0, #32]
+	ldr	q11, [x0, #64]
+	ldr	q12, [x0, #96]
+	ldr	q13, [x0, #128]
+	ldr	q14, [x0, #160]
+	ldr	q15, [x0, #192]
+	ldr	q16, [x0, #224]
+	ldr	q17, [x1]
+	ldr	q18, [x1, #32]
+	ldr	q19, [x1, #64]
+	ldr	q20, [x1, #96]
+	ldr	q21, [x1, #128]
+	ldr	q22, [x1, #160]
+	ldr	q23, [x1, #192]
+	ldr	q24, [x1, #224]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v6.h[0]
+	mul	v27.8h, v28.8h, v6.h[1]
+	sqrdmulh	v10.8h, v26.8h, v4.h[0]
+	sqrdmulh	v12.8h, v28.8h, v4.h[1]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v6.h[2]
+	mul	v27.8h, v28.8h, v6.h[3]
+	sqrdmulh	v14.8h, v26.8h, v4.h[2]
+	sqrdmulh	v16.8h, v28.8h, v4.h[3]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v6.h[4]
+	mul	v27.8h, v28.8h, v6.h[5]
+	sqrdmulh	v18.8h, v26.8h, v4.h[4]
+	sqrdmulh	v20.8h, v28.8h, v4.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v6.h[6]
+	mul	v27.8h, v28.8h, v6.h[7]
+	sqrdmulh	v22.8h, v26.8h, v4.h[6]
+	sqrdmulh	v24.8h, v28.8h, v4.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v11.8h
+	sub	v28.8h, v10.8h, v12.8h
+	add	v9.8h, v9.8h, v11.8h
+	add	v10.8h, v10.8h, v12.8h
+	mul	v25.8h, v26.8h, v7.h[0]
+	mul	v27.8h, v28.8h, v7.h[0]
+	sqrdmulh	v11.8h, v26.8h, v5.h[0]
+	sqrdmulh	v12.8h, v28.8h, v5.h[0]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v11.8h, v11.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v15.8h
+	sub	v28.8h, v14.8h, v16.8h
+	add	v13.8h, v13.8h, v15.8h
+	add	v14.8h, v14.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[1]
+	mul	v27.8h, v28.8h, v7.h[1]
+	sqrdmulh	v15.8h, v26.8h, v5.h[1]
+	sqrdmulh	v16.8h, v28.8h, v5.h[1]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v19.8h
+	sub	v28.8h, v18.8h, v20.8h
+	add	v17.8h, v17.8h, v19.8h
+	add	v18.8h, v18.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[2]
+	mul	v27.8h, v28.8h, v7.h[2]
+	sqrdmulh	v19.8h, v26.8h, v5.h[2]
+	sqrdmulh	v20.8h, v28.8h, v5.h[2]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v23.8h
+	sub	v28.8h, v22.8h, v24.8h
+	add	v21.8h, v21.8h, v23.8h
+	add	v22.8h, v22.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[3]
+	mul	v27.8h, v28.8h, v7.h[3]
+	sqrdmulh	v23.8h, v26.8h, v5.h[3]
+	sqrdmulh	v24.8h, v28.8h, v5.h[3]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v13.8h
+	sub	v28.8h, v10.8h, v14.8h
+	add	v9.8h, v9.8h, v13.8h
+	add	v10.8h, v10.8h, v14.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v13.8h, v26.8h, v5.h[4]
+	sqrdmulh	v14.8h, v28.8h, v5.h[4]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v13.8h, v13.8h, v25.8h
+	sub	v14.8h, v14.8h, v27.8h
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	sub	v26.8h, v11.8h, v15.8h
+	sub	v28.8h, v12.8h, v16.8h
+	add	v11.8h, v11.8h, v15.8h
+	add	v12.8h, v12.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v15.8h, v26.8h, v5.h[4]
+	sqrdmulh	v16.8h, v28.8h, v5.h[4]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v21.8h
+	sub	v28.8h, v18.8h, v22.8h
+	add	v17.8h, v17.8h, v21.8h
+	add	v18.8h, v18.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v21.8h, v26.8h, v5.h[5]
+	sqrdmulh	v22.8h, v28.8h, v5.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v27.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v19.8h, v23.8h
+	sub	v28.8h, v20.8h, v24.8h
+	add	v19.8h, v19.8h, v23.8h
+	add	v20.8h, v20.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v23.8h, v26.8h, v5.h[5]
+	sqrdmulh	v24.8h, v28.8h, v5.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v10.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v10.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v11.8h, v8.h[2]
+	sqdmulh	v26.8h, v12.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v11.8h, v25.8h, v8.h[0]
+	mls	v12.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v18.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v18.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v19.8h, v8.h[2]
+	sqdmulh	v26.8h, v20.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v19.8h, v25.8h, v8.h[0]
+	mls	v20.8h, v26.8h, v8.h[0]
+	sub	v26.8h, v9.8h, v17.8h
+	sub	v28.8h, v10.8h, v18.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v17.8h, v26.8h, v5.h[6]
+	sqrdmulh	v18.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v17.8h, v17.8h, v25.8h
+	sub	v18.8h, v18.8h, v27.8h
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	sub	v26.8h, v11.8h, v19.8h
+	sub	v28.8h, v12.8h, v20.8h
+	add	v11.8h, v11.8h, v19.8h
+	add	v12.8h, v12.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v19.8h, v26.8h, v5.h[6]
+	sqrdmulh	v20.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v13.8h, v21.8h
+	sub	v28.8h, v14.8h, v22.8h
+	add	v13.8h, v13.8h, v21.8h
+	add	v14.8h, v14.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v21.8h, v26.8h, v5.h[6]
+	sqrdmulh	v22.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v27.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v15.8h, v23.8h
+	sub	v28.8h, v16.8h, v24.8h
+	add	v15.8h, v15.8h, v23.8h
+	add	v16.8h, v16.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v23.8h, v26.8h, v5.h[6]
+	sqrdmulh	v24.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v25.8h, v9.8h, v7.h[7]
+	mul	v26.8h, v10.8h, v7.h[7]
+	sqrdmulh	v9.8h, v9.8h, v5.h[7]
+	sqrdmulh	v10.8h, v10.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v9.8h, v9.8h, v25.8h
+	sub	v10.8h, v10.8h, v26.8h
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v25.8h, v11.8h, v7.h[7]
+	mul	v26.8h, v12.8h, v7.h[7]
+	sqrdmulh	v11.8h, v11.8h, v5.h[7]
+	sqrdmulh	v12.8h, v12.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v11.8h, v11.8h, v25.8h
+	sub	v12.8h, v12.8h, v26.8h
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v25.8h, v13.8h, v7.h[7]
+	mul	v26.8h, v14.8h, v7.h[7]
+	sqrdmulh	v13.8h, v13.8h, v5.h[7]
+	sqrdmulh	v14.8h, v14.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v13.8h, v13.8h, v25.8h
+	sub	v14.8h, v14.8h, v26.8h
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v25.8h, v15.8h, v7.h[7]
+	mul	v26.8h, v16.8h, v7.h[7]
+	sqrdmulh	v15.8h, v15.8h, v5.h[7]
+	sqrdmulh	v16.8h, v16.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v26.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mul	v25.8h, v17.8h, v7.h[7]
+	mul	v26.8h, v18.8h, v7.h[7]
+	sqrdmulh	v17.8h, v17.8h, v5.h[7]
+	sqrdmulh	v18.8h, v18.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v17.8h, v17.8h, v25.8h
+	sub	v18.8h, v18.8h, v26.8h
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	mul	v25.8h, v19.8h, v7.h[7]
+	mul	v26.8h, v20.8h, v7.h[7]
+	sqrdmulh	v19.8h, v19.8h, v5.h[7]
+	sqrdmulh	v20.8h, v20.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v26.8h
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mul	v25.8h, v21.8h, v7.h[7]
+	mul	v26.8h, v22.8h, v7.h[7]
+	sqrdmulh	v21.8h, v21.8h, v5.h[7]
+	sqrdmulh	v22.8h, v22.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v26.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v25.8h, v23.8h, v7.h[7]
+	mul	v26.8h, v24.8h, v7.h[7]
+	sqrdmulh	v23.8h, v23.8h, v5.h[7]
+	sqrdmulh	v24.8h, v24.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v26.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	str	q9, [x0]
+	str	q10, [x0, #32]
+	str	q11, [x0, #64]
+	str	q12, [x0, #96]
+	str	q13, [x0, #128]
+	str	q14, [x0, #160]
+	str	q15, [x0, #192]
+	str	q16, [x0, #224]
+	str	q17, [x1]
+	str	q18, [x1, #32]
+	str	q19, [x1, #64]
+	str	q20, [x1, #96]
+	str	q21, [x1, #128]
+	str	q22, [x1, #160]
+	str	q23, [x1, #192]
+	str	q24, [x1, #224]
+	ldr	q9, [x0, #16]
+	ldr	q10, [x0, #48]
+	ldr	q11, [x0, #80]
+	ldr	q12, [x0, #112]
+	ldr	q13, [x0, #144]
+	ldr	q14, [x0, #176]
+	ldr	q15, [x0, #208]
+	ldr	q16, [x0, #240]
+	ldr	q17, [x1, #16]
+	ldr	q18, [x1, #48]
+	ldr	q19, [x1, #80]
+	ldr	q20, [x1, #112]
+	ldr	q21, [x1, #144]
+	ldr	q22, [x1, #176]
+	ldr	q23, [x1, #208]
+	ldr	q24, [x1, #240]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v6.h[0]
+	mul	v27.8h, v28.8h, v6.h[1]
+	sqrdmulh	v10.8h, v26.8h, v4.h[0]
+	sqrdmulh	v12.8h, v28.8h, v4.h[1]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v10.8h, v10.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v6.h[2]
+	mul	v27.8h, v28.8h, v6.h[3]
+	sqrdmulh	v14.8h, v26.8h, v4.h[2]
+	sqrdmulh	v16.8h, v28.8h, v4.h[3]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v14.8h, v14.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v6.h[4]
+	mul	v27.8h, v28.8h, v6.h[5]
+	sqrdmulh	v18.8h, v26.8h, v4.h[4]
+	sqrdmulh	v20.8h, v28.8h, v4.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v18.8h, v18.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v6.h[6]
+	mul	v27.8h, v28.8h, v6.h[7]
+	sqrdmulh	v22.8h, v26.8h, v4.h[6]
+	sqrdmulh	v24.8h, v28.8h, v4.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v22.8h, v22.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v11.8h
+	sub	v28.8h, v10.8h, v12.8h
+	add	v9.8h, v9.8h, v11.8h
+	add	v10.8h, v10.8h, v12.8h
+	mul	v25.8h, v26.8h, v7.h[0]
+	mul	v27.8h, v28.8h, v7.h[0]
+	sqrdmulh	v11.8h, v26.8h, v5.h[0]
+	sqrdmulh	v12.8h, v28.8h, v5.h[0]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v11.8h, v11.8h, v25.8h
+	sub	v12.8h, v12.8h, v27.8h
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v15.8h
+	sub	v28.8h, v14.8h, v16.8h
+	add	v13.8h, v13.8h, v15.8h
+	add	v14.8h, v14.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[1]
+	mul	v27.8h, v28.8h, v7.h[1]
+	sqrdmulh	v15.8h, v26.8h, v5.h[1]
+	sqrdmulh	v16.8h, v28.8h, v5.h[1]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v19.8h
+	sub	v28.8h, v18.8h, v20.8h
+	add	v17.8h, v17.8h, v19.8h
+	add	v18.8h, v18.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[2]
+	mul	v27.8h, v28.8h, v7.h[2]
+	sqrdmulh	v19.8h, v26.8h, v5.h[2]
+	sqrdmulh	v20.8h, v28.8h, v5.h[2]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v23.8h
+	sub	v28.8h, v22.8h, v24.8h
+	add	v21.8h, v21.8h, v23.8h
+	add	v22.8h, v22.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[3]
+	mul	v27.8h, v28.8h, v7.h[3]
+	sqrdmulh	v23.8h, v26.8h, v5.h[3]
+	sqrdmulh	v24.8h, v28.8h, v5.h[3]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v13.8h
+	sub	v28.8h, v10.8h, v14.8h
+	add	v9.8h, v9.8h, v13.8h
+	add	v10.8h, v10.8h, v14.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v13.8h, v26.8h, v5.h[4]
+	sqrdmulh	v14.8h, v28.8h, v5.h[4]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v13.8h, v13.8h, v25.8h
+	sub	v14.8h, v14.8h, v27.8h
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	sub	v26.8h, v11.8h, v15.8h
+	sub	v28.8h, v12.8h, v16.8h
+	add	v11.8h, v11.8h, v15.8h
+	add	v12.8h, v12.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v15.8h, v26.8h, v5.h[4]
+	sqrdmulh	v16.8h, v28.8h, v5.h[4]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v27.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v21.8h
+	sub	v28.8h, v18.8h, v22.8h
+	add	v17.8h, v17.8h, v21.8h
+	add	v18.8h, v18.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v21.8h, v26.8h, v5.h[5]
+	sqrdmulh	v22.8h, v28.8h, v5.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v27.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v19.8h, v23.8h
+	sub	v28.8h, v20.8h, v24.8h
+	add	v19.8h, v19.8h, v23.8h
+	add	v20.8h, v20.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v23.8h, v26.8h, v5.h[5]
+	sqrdmulh	v24.8h, v28.8h, v5.h[5]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v10.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v10.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v11.8h, v8.h[2]
+	sqdmulh	v26.8h, v12.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v11.8h, v25.8h, v8.h[0]
+	mls	v12.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v18.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v18.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v19.8h, v8.h[2]
+	sqdmulh	v26.8h, v20.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v19.8h, v25.8h, v8.h[0]
+	mls	v20.8h, v26.8h, v8.h[0]
+	sub	v26.8h, v9.8h, v17.8h
+	sub	v28.8h, v10.8h, v18.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v17.8h, v26.8h, v5.h[6]
+	sqrdmulh	v18.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v17.8h, v17.8h, v25.8h
+	sub	v18.8h, v18.8h, v27.8h
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	sub	v26.8h, v11.8h, v19.8h
+	sub	v28.8h, v12.8h, v20.8h
+	add	v11.8h, v11.8h, v19.8h
+	add	v12.8h, v12.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v19.8h, v26.8h, v5.h[6]
+	sqrdmulh	v20.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v27.8h
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v13.8h, v21.8h
+	sub	v28.8h, v14.8h, v22.8h
+	add	v13.8h, v13.8h, v21.8h
+	add	v14.8h, v14.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v21.8h, v26.8h, v5.h[6]
+	sqrdmulh	v22.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v27.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v15.8h, v23.8h
+	sub	v28.8h, v16.8h, v24.8h
+	add	v15.8h, v15.8h, v23.8h
+	add	v16.8h, v16.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v23.8h, v26.8h, v5.h[6]
+	sqrdmulh	v24.8h, v28.8h, v5.h[6]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v27.8h, v27.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v27.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v25.8h, v9.8h, v7.h[7]
+	mul	v26.8h, v10.8h, v7.h[7]
+	sqrdmulh	v9.8h, v9.8h, v5.h[7]
+	sqrdmulh	v10.8h, v10.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v9.8h, v9.8h, v25.8h
+	sub	v10.8h, v10.8h, v26.8h
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v25.8h, v11.8h, v7.h[7]
+	mul	v26.8h, v12.8h, v7.h[7]
+	sqrdmulh	v11.8h, v11.8h, v5.h[7]
+	sqrdmulh	v12.8h, v12.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v11.8h, v11.8h, v25.8h
+	sub	v12.8h, v12.8h, v26.8h
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v25.8h, v13.8h, v7.h[7]
+	mul	v26.8h, v14.8h, v7.h[7]
+	sqrdmulh	v13.8h, v13.8h, v5.h[7]
+	sqrdmulh	v14.8h, v14.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v13.8h, v13.8h, v25.8h
+	sub	v14.8h, v14.8h, v26.8h
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v25.8h, v15.8h, v7.h[7]
+	mul	v26.8h, v16.8h, v7.h[7]
+	sqrdmulh	v15.8h, v15.8h, v5.h[7]
+	sqrdmulh	v16.8h, v16.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v15.8h, v15.8h, v25.8h
+	sub	v16.8h, v16.8h, v26.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mul	v25.8h, v17.8h, v7.h[7]
+	mul	v26.8h, v18.8h, v7.h[7]
+	sqrdmulh	v17.8h, v17.8h, v5.h[7]
+	sqrdmulh	v18.8h, v18.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v17.8h, v17.8h, v25.8h
+	sub	v18.8h, v18.8h, v26.8h
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	mul	v25.8h, v19.8h, v7.h[7]
+	mul	v26.8h, v20.8h, v7.h[7]
+	sqrdmulh	v19.8h, v19.8h, v5.h[7]
+	sqrdmulh	v20.8h, v20.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v19.8h, v19.8h, v25.8h
+	sub	v20.8h, v20.8h, v26.8h
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mul	v25.8h, v21.8h, v7.h[7]
+	mul	v26.8h, v22.8h, v7.h[7]
+	sqrdmulh	v21.8h, v21.8h, v5.h[7]
+	sqrdmulh	v22.8h, v22.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v21.8h, v21.8h, v25.8h
+	sub	v22.8h, v22.8h, v26.8h
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v25.8h, v23.8h, v7.h[7]
+	mul	v26.8h, v24.8h, v7.h[7]
+	sqrdmulh	v23.8h, v23.8h, v5.h[7]
+	sqrdmulh	v24.8h, v24.8h, v5.h[7]
+	sqrdmulh	v25.8h, v25.8h, v8.h[0]
+	sqrdmulh	v26.8h, v26.8h, v8.h[0]
+	sub	v23.8h, v23.8h, v25.8h
+	sub	v24.8h, v24.8h, v26.8h
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	str	q9, [x0, #16]
+	str	q10, [x0, #48]
+	str	q11, [x0, #80]
+	str	q12, [x0, #112]
+	str	q13, [x0, #144]
+	str	q14, [x0, #176]
+	str	q15, [x0, #208]
+	str	q16, [x0, #240]
+	str	q17, [x1, #16]
+	str	q18, [x1, #48]
+	str	q19, [x1, #80]
+	str	q20, [x1, #112]
+	str	q21, [x1, #144]
+	str	q22, [x1, #176]
+	str	q23, [x1, #208]
+	str	q24, [x1, #240]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_invntt,.-mlkem_invntt
+#endif /* __APPLE__ */
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+#ifndef __APPLE__
+.text
+.globl	mlkem_ntt_sqrdmlsh
+.type	mlkem_ntt_sqrdmlsh,@function
+.align	2
+mlkem_ntt_sqrdmlsh:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_ntt_sqrdmlsh
+.p2align	2
+_mlkem_ntt_sqrdmlsh:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_mlkem_aarch64_zetas
+	add  x2, x2, :lo12:L_mlkem_aarch64_zetas
+#else
+	adrp x2, L_mlkem_aarch64_zetas@PAGE
+	add  x2, x2, :lo12:L_mlkem_aarch64_zetas@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_mlkem_aarch64_zetas_qinv
+	add  x3, x3, :lo12:L_mlkem_aarch64_zetas_qinv
+#else
+	adrp x3, L_mlkem_aarch64_zetas_qinv@PAGE
+	add  x3, x3, :lo12:L_mlkem_aarch64_zetas_qinv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_mlkem_aarch64_consts
+	add  x4, x4, :lo12:L_mlkem_aarch64_consts
+#else
+	adrp x4, L_mlkem_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_mlkem_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	add	x1, x0, #0x100
+	ldr	q4, [x4]
+	ldr	q5, [x0]
+	ldr	q6, [x0, #32]
+	ldr	q7, [x0, #64]
+	ldr	q8, [x0, #96]
+	ldr	q9, [x0, #128]
+	ldr	q10, [x0, #160]
+	ldr	q11, [x0, #192]
+	ldr	q12, [x0, #224]
+	ldr	q13, [x1]
+	ldr	q14, [x1, #32]
+	ldr	q15, [x1, #64]
+	ldr	q16, [x1, #96]
+	ldr	q17, [x1, #128]
+	ldr	q18, [x1, #160]
+	ldr	q19, [x1, #192]
+	ldr	q20, [x1, #224]
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	mul	v29.8h, v13.8h, v1.h[1]
+	mul	v30.8h, v14.8h, v1.h[1]
+	sqrdmulh	v21.8h, v13.8h, v0.h[1]
+	sqrdmulh	v22.8h, v14.8h, v0.h[1]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v15.8h, v1.h[1]
+	mul	v30.8h, v16.8h, v1.h[1]
+	sqrdmulh	v23.8h, v15.8h, v0.h[1]
+	sqrdmulh	v24.8h, v16.8h, v0.h[1]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[1]
+	mul	v30.8h, v18.8h, v1.h[1]
+	sqrdmulh	v25.8h, v17.8h, v0.h[1]
+	sqrdmulh	v26.8h, v18.8h, v0.h[1]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[1]
+	mul	v30.8h, v20.8h, v1.h[1]
+	sqrdmulh	v27.8h, v19.8h, v0.h[1]
+	sqrdmulh	v28.8h, v20.8h, v0.h[1]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v13.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v14.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v15.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v16.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v9.8h, v25.8h
+	add	v9.8h, v9.8h, v25.8h
+	sub	v18.8h, v10.8h, v26.8h
+	add	v10.8h, v10.8h, v26.8h
+	sub	v19.8h, v11.8h, v27.8h
+	add	v11.8h, v11.8h, v27.8h
+	sub	v20.8h, v12.8h, v28.8h
+	add	v12.8h, v12.8h, v28.8h
+	mul	v29.8h, v9.8h, v1.h[2]
+	mul	v30.8h, v10.8h, v1.h[2]
+	sqrdmulh	v21.8h, v9.8h, v0.h[2]
+	sqrdmulh	v22.8h, v10.8h, v0.h[2]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[2]
+	sqrdmulh	v23.8h, v11.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[2]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[3]
+	mul	v30.8h, v18.8h, v1.h[3]
+	sqrdmulh	v25.8h, v17.8h, v0.h[3]
+	sqrdmulh	v26.8h, v18.8h, v0.h[3]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[3]
+	mul	v30.8h, v20.8h, v1.h[3]
+	sqrdmulh	v27.8h, v19.8h, v0.h[3]
+	sqrdmulh	v28.8h, v20.8h, v0.h[3]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v9.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v10.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v12.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v18.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v15.8h, v27.8h
+	add	v15.8h, v15.8h, v27.8h
+	sub	v20.8h, v16.8h, v28.8h
+	add	v16.8h, v16.8h, v28.8h
+	mul	v29.8h, v7.8h, v1.h[4]
+	mul	v30.8h, v8.8h, v1.h[4]
+	sqrdmulh	v21.8h, v7.8h, v0.h[4]
+	sqrdmulh	v22.8h, v8.8h, v0.h[4]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[5]
+	mul	v30.8h, v12.8h, v1.h[5]
+	sqrdmulh	v23.8h, v11.8h, v0.h[5]
+	sqrdmulh	v24.8h, v12.8h, v0.h[5]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v15.8h, v1.h[6]
+	mul	v30.8h, v16.8h, v1.h[6]
+	sqrdmulh	v25.8h, v15.8h, v0.h[6]
+	sqrdmulh	v26.8h, v16.8h, v0.h[6]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[7]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v19.8h, v0.h[7]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v7.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v10.8h, v24.8h
+	add	v10.8h, v10.8h, v24.8h
+	sub	v15.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v18.8h, v28.8h
+	add	v18.8h, v18.8h, v28.8h
+	ldr	q0, [x2, #16]
+	ldr	q1, [x3, #16]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	str	q5, [x0]
+	str	q6, [x0, #32]
+	str	q7, [x0, #64]
+	str	q8, [x0, #96]
+	str	q9, [x0, #128]
+	str	q10, [x0, #160]
+	str	q11, [x0, #192]
+	str	q12, [x0, #224]
+	str	q13, [x1]
+	str	q14, [x1, #32]
+	str	q15, [x1, #64]
+	str	q16, [x1, #96]
+	str	q17, [x1, #128]
+	str	q18, [x1, #160]
+	str	q19, [x1, #192]
+	str	q20, [x1, #224]
+	ldr	q5, [x0, #16]
+	ldr	q6, [x0, #48]
+	ldr	q7, [x0, #80]
+	ldr	q8, [x0, #112]
+	ldr	q9, [x0, #144]
+	ldr	q10, [x0, #176]
+	ldr	q11, [x0, #208]
+	ldr	q12, [x0, #240]
+	ldr	q13, [x1, #16]
+	ldr	q14, [x1, #48]
+	ldr	q15, [x1, #80]
+	ldr	q16, [x1, #112]
+	ldr	q17, [x1, #144]
+	ldr	q18, [x1, #176]
+	ldr	q19, [x1, #208]
+	ldr	q20, [x1, #240]
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	mul	v29.8h, v13.8h, v1.h[1]
+	mul	v30.8h, v14.8h, v1.h[1]
+	sqrdmulh	v21.8h, v13.8h, v0.h[1]
+	sqrdmulh	v22.8h, v14.8h, v0.h[1]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v15.8h, v1.h[1]
+	mul	v30.8h, v16.8h, v1.h[1]
+	sqrdmulh	v23.8h, v15.8h, v0.h[1]
+	sqrdmulh	v24.8h, v16.8h, v0.h[1]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[1]
+	mul	v30.8h, v18.8h, v1.h[1]
+	sqrdmulh	v25.8h, v17.8h, v0.h[1]
+	sqrdmulh	v26.8h, v18.8h, v0.h[1]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[1]
+	mul	v30.8h, v20.8h, v1.h[1]
+	sqrdmulh	v27.8h, v19.8h, v0.h[1]
+	sqrdmulh	v28.8h, v20.8h, v0.h[1]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v13.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v14.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v15.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v16.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v9.8h, v25.8h
+	add	v9.8h, v9.8h, v25.8h
+	sub	v18.8h, v10.8h, v26.8h
+	add	v10.8h, v10.8h, v26.8h
+	sub	v19.8h, v11.8h, v27.8h
+	add	v11.8h, v11.8h, v27.8h
+	sub	v20.8h, v12.8h, v28.8h
+	add	v12.8h, v12.8h, v28.8h
+	mul	v29.8h, v9.8h, v1.h[2]
+	mul	v30.8h, v10.8h, v1.h[2]
+	sqrdmulh	v21.8h, v9.8h, v0.h[2]
+	sqrdmulh	v22.8h, v10.8h, v0.h[2]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[2]
+	sqrdmulh	v23.8h, v11.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[2]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v17.8h, v1.h[3]
+	mul	v30.8h, v18.8h, v1.h[3]
+	sqrdmulh	v25.8h, v17.8h, v0.h[3]
+	sqrdmulh	v26.8h, v18.8h, v0.h[3]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[3]
+	mul	v30.8h, v20.8h, v1.h[3]
+	sqrdmulh	v27.8h, v19.8h, v0.h[3]
+	sqrdmulh	v28.8h, v20.8h, v0.h[3]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v9.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v10.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v7.8h, v23.8h
+	add	v7.8h, v7.8h, v23.8h
+	sub	v12.8h, v8.8h, v24.8h
+	add	v8.8h, v8.8h, v24.8h
+	sub	v17.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v18.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v15.8h, v27.8h
+	add	v15.8h, v15.8h, v27.8h
+	sub	v20.8h, v16.8h, v28.8h
+	add	v16.8h, v16.8h, v28.8h
+	mul	v29.8h, v7.8h, v1.h[4]
+	mul	v30.8h, v8.8h, v1.h[4]
+	sqrdmulh	v21.8h, v7.8h, v0.h[4]
+	sqrdmulh	v22.8h, v8.8h, v0.h[4]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v11.8h, v1.h[5]
+	mul	v30.8h, v12.8h, v1.h[5]
+	sqrdmulh	v23.8h, v11.8h, v0.h[5]
+	sqrdmulh	v24.8h, v12.8h, v0.h[5]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v15.8h, v1.h[6]
+	mul	v30.8h, v16.8h, v1.h[6]
+	sqrdmulh	v25.8h, v15.8h, v0.h[6]
+	sqrdmulh	v26.8h, v16.8h, v0.h[6]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v19.8h, v1.h[7]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v19.8h, v0.h[7]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v7.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v6.8h, v22.8h
+	add	v6.8h, v6.8h, v22.8h
+	sub	v11.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v10.8h, v24.8h
+	add	v10.8h, v10.8h, v24.8h
+	sub	v15.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v14.8h, v26.8h
+	add	v14.8h, v14.8h, v26.8h
+	sub	v19.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v18.8h, v28.8h
+	add	v18.8h, v18.8h, v28.8h
+	ldr	q0, [x2, #16]
+	ldr	q1, [x3, #16]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	str	q5, [x0, #16]
+	str	q6, [x0, #48]
+	str	q7, [x0, #80]
+	str	q8, [x0, #112]
+	str	q9, [x0, #144]
+	str	q10, [x0, #176]
+	str	q11, [x0, #208]
+	str	q12, [x0, #240]
+	str	q13, [x1, #16]
+	str	q14, [x1, #48]
+	str	q15, [x1, #80]
+	str	q16, [x1, #112]
+	str	q17, [x1, #144]
+	str	q18, [x1, #176]
+	str	q19, [x1, #208]
+	str	q20, [x1, #240]
+	ldp	q5, q6, [x0]
+	ldp	q7, q8, [x0, #32]
+	ldp	q9, q10, [x0, #64]
+	ldp	q11, q12, [x0, #96]
+	ldp	q13, q14, [x0, #128]
+	ldp	q15, q16, [x0, #160]
+	ldp	q17, q18, [x0, #192]
+	ldp	q19, q20, [x0, #224]
+	ldr	q0, [x2, #32]
+	ldr	q1, [x3, #32]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #64]
+	ldr	q2, [x2, #80]
+	ldr	q1, [x3, #64]
+	ldr	q3, [x3, #80]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	trn2	v8.2d, v30.2d, v8.2d
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #96]
+	ldr	q2, [x2, #112]
+	ldr	q1, [x3, #96]
+	ldr	q3, [x3, #112]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	trn2	v12.2d, v30.2d, v12.2d
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #128]
+	ldr	q2, [x2, #144]
+	ldr	q1, [x3, #128]
+	ldr	q3, [x3, #144]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	trn2	v16.2d, v30.2d, v16.2d
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #160]
+	ldr	q2, [x2, #176]
+	ldr	q1, [x3, #160]
+	ldr	q3, [x3, #176]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	trn2	v20.2d, v30.2d, v20.2d
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #320]
+	ldr	q2, [x2, #336]
+	ldr	q1, [x3, #320]
+	ldr	q3, [x3, #336]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	trn2	v8.4s, v30.4s, v8.4s
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #352]
+	ldr	q2, [x2, #368]
+	ldr	q1, [x3, #352]
+	ldr	q3, [x3, #368]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	trn2	v12.4s, v30.4s, v12.4s
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #384]
+	ldr	q2, [x2, #400]
+	ldr	q1, [x3, #384]
+	ldr	q3, [x3, #400]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	trn2	v16.4s, v30.4s, v16.4s
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #416]
+	ldr	q2, [x2, #432]
+	ldr	q1, [x3, #416]
+	ldr	q3, [x3, #432]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	trn2	v20.4s, v30.4s, v20.4s
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	sqdmulh	v21.8h, v5.8h, v4.h[2]
+	sqdmulh	v22.8h, v6.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v5.8h, v21.8h, v4.h[0]
+	mls	v6.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v7.8h, v4.h[2]
+	sqdmulh	v22.8h, v8.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v7.8h, v21.8h, v4.h[0]
+	mls	v8.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v9.8h, v4.h[2]
+	sqdmulh	v22.8h, v10.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v9.8h, v21.8h, v4.h[0]
+	mls	v10.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v11.8h, v4.h[2]
+	sqdmulh	v22.8h, v12.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v11.8h, v21.8h, v4.h[0]
+	mls	v12.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v13.8h, v4.h[2]
+	sqdmulh	v22.8h, v14.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v13.8h, v21.8h, v4.h[0]
+	mls	v14.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v15.8h, v4.h[2]
+	sqdmulh	v22.8h, v16.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v15.8h, v21.8h, v4.h[0]
+	mls	v16.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v17.8h, v4.h[2]
+	sqdmulh	v22.8h, v18.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v17.8h, v21.8h, v4.h[0]
+	mls	v18.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v19.8h, v4.h[2]
+	sqdmulh	v22.8h, v20.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v19.8h, v21.8h, v4.h[0]
+	mls	v20.8h, v22.8h, v4.h[0]
+	mov	v29.16b, v5.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	mov	v29.16b, v5.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	mov	v29.16b, v7.16b
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v8.4s, v29.4s, v8.4s
+	mov	v29.16b, v7.16b
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v8.2d, v29.2d, v8.2d
+	mov	v29.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	mov	v29.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	mov	v29.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v29.4s, v12.4s
+	mov	v29.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v29.2d, v12.2d
+	mov	v29.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	mov	v29.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	mov	v29.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v29.4s, v16.4s
+	mov	v29.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v29.2d, v16.2d
+	mov	v29.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	mov	v29.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	mov	v29.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v29.4s, v20.4s
+	mov	v29.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v29.2d, v20.2d
+	stp	q5, q6, [x0]
+	stp	q7, q8, [x0, #32]
+	stp	q9, q10, [x0, #64]
+	stp	q11, q12, [x0, #96]
+	stp	q13, q14, [x0, #128]
+	stp	q15, q16, [x0, #160]
+	stp	q17, q18, [x0, #192]
+	stp	q19, q20, [x0, #224]
+	ldp	q5, q6, [x1]
+	ldp	q7, q8, [x1, #32]
+	ldp	q9, q10, [x1, #64]
+	ldp	q11, q12, [x1, #96]
+	ldp	q13, q14, [x1, #128]
+	ldp	q15, q16, [x1, #160]
+	ldp	q17, q18, [x1, #192]
+	ldp	q19, q20, [x1, #224]
+	ldr	q0, [x2, #48]
+	ldr	q1, [x3, #48]
+	mul	v29.8h, v6.8h, v1.h[0]
+	mul	v30.8h, v8.8h, v1.h[1]
+	sqrdmulh	v21.8h, v6.8h, v0.h[0]
+	sqrdmulh	v22.8h, v8.8h, v0.h[1]
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v29.8h, v10.8h, v1.h[2]
+	mul	v30.8h, v12.8h, v1.h[3]
+	sqrdmulh	v23.8h, v10.8h, v0.h[2]
+	sqrdmulh	v24.8h, v12.8h, v0.h[3]
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v29.8h, v14.8h, v1.h[4]
+	mul	v30.8h, v16.8h, v1.h[5]
+	sqrdmulh	v25.8h, v14.8h, v0.h[4]
+	sqrdmulh	v26.8h, v16.8h, v0.h[5]
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	mul	v29.8h, v18.8h, v1.h[6]
+	mul	v30.8h, v20.8h, v1.h[7]
+	sqrdmulh	v27.8h, v18.8h, v0.h[6]
+	sqrdmulh	v28.8h, v20.8h, v0.h[7]
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #192]
+	ldr	q2, [x2, #208]
+	ldr	q1, [x3, #192]
+	ldr	q3, [x3, #208]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	trn2	v8.2d, v30.2d, v8.2d
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #224]
+	ldr	q2, [x2, #240]
+	ldr	q1, [x3, #224]
+	ldr	q3, [x3, #240]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	trn2	v12.2d, v30.2d, v12.2d
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #256]
+	ldr	q2, [x2, #272]
+	ldr	q1, [x3, #256]
+	ldr	q3, [x3, #272]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	trn2	v16.2d, v30.2d, v16.2d
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #288]
+	ldr	q2, [x2, #304]
+	ldr	q1, [x3, #288]
+	ldr	q3, [x3, #304]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	trn2	v20.2d, v30.2d, v20.2d
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	ldr	q0, [x2, #448]
+	ldr	q2, [x2, #464]
+	ldr	q1, [x3, #448]
+	ldr	q3, [x3, #464]
+	mov	v29.16b, v5.16b
+	mov	v30.16b, v7.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	trn2	v8.4s, v30.4s, v8.4s
+	mul	v29.8h, v6.8h, v1.8h
+	mul	v30.8h, v8.8h, v3.8h
+	sqrdmulh	v21.8h, v6.8h, v0.8h
+	sqrdmulh	v22.8h, v8.8h, v2.8h
+	sqrdmlsh	v21.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v22.8h, v30.8h, v4.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	ldr	q0, [x2, #480]
+	ldr	q2, [x2, #496]
+	ldr	q1, [x3, #480]
+	ldr	q3, [x3, #496]
+	mov	v29.16b, v9.16b
+	mov	v30.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	trn2	v12.4s, v30.4s, v12.4s
+	mul	v29.8h, v10.8h, v1.8h
+	mul	v30.8h, v12.8h, v3.8h
+	sqrdmulh	v23.8h, v10.8h, v0.8h
+	sqrdmulh	v24.8h, v12.8h, v2.8h
+	sqrdmlsh	v23.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v24.8h, v30.8h, v4.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #512]
+	ldr	q2, [x2, #528]
+	ldr	q1, [x3, #512]
+	ldr	q3, [x3, #528]
+	mov	v29.16b, v13.16b
+	mov	v30.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	trn2	v16.4s, v30.4s, v16.4s
+	mul	v29.8h, v14.8h, v1.8h
+	mul	v30.8h, v16.8h, v3.8h
+	sqrdmulh	v25.8h, v14.8h, v0.8h
+	sqrdmulh	v26.8h, v16.8h, v2.8h
+	sqrdmlsh	v25.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v26.8h, v30.8h, v4.h[0]
+	sshr	v25.8h, v25.8h, #1
+	sshr	v26.8h, v26.8h, #1
+	ldr	q0, [x2, #544]
+	ldr	q2, [x2, #560]
+	ldr	q1, [x3, #544]
+	ldr	q3, [x3, #560]
+	mov	v29.16b, v17.16b
+	mov	v30.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	trn2	v20.4s, v30.4s, v20.4s
+	mul	v29.8h, v18.8h, v1.8h
+	mul	v30.8h, v20.8h, v3.8h
+	sqrdmulh	v27.8h, v18.8h, v0.8h
+	sqrdmulh	v28.8h, v20.8h, v2.8h
+	sqrdmlsh	v27.8h, v29.8h, v4.h[0]
+	sqrdmlsh	v28.8h, v30.8h, v4.h[0]
+	sshr	v27.8h, v27.8h, #1
+	sshr	v28.8h, v28.8h, #1
+	sub	v6.8h, v5.8h, v21.8h
+	add	v5.8h, v5.8h, v21.8h
+	sub	v8.8h, v7.8h, v22.8h
+	add	v7.8h, v7.8h, v22.8h
+	sub	v10.8h, v9.8h, v23.8h
+	add	v9.8h, v9.8h, v23.8h
+	sub	v12.8h, v11.8h, v24.8h
+	add	v11.8h, v11.8h, v24.8h
+	sub	v14.8h, v13.8h, v25.8h
+	add	v13.8h, v13.8h, v25.8h
+	sub	v16.8h, v15.8h, v26.8h
+	add	v15.8h, v15.8h, v26.8h
+	sub	v18.8h, v17.8h, v27.8h
+	add	v17.8h, v17.8h, v27.8h
+	sub	v20.8h, v19.8h, v28.8h
+	add	v19.8h, v19.8h, v28.8h
+	sqdmulh	v21.8h, v5.8h, v4.h[2]
+	sqdmulh	v22.8h, v6.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v5.8h, v21.8h, v4.h[0]
+	mls	v6.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v7.8h, v4.h[2]
+	sqdmulh	v22.8h, v8.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v7.8h, v21.8h, v4.h[0]
+	mls	v8.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v9.8h, v4.h[2]
+	sqdmulh	v22.8h, v10.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v9.8h, v21.8h, v4.h[0]
+	mls	v10.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v11.8h, v4.h[2]
+	sqdmulh	v22.8h, v12.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v11.8h, v21.8h, v4.h[0]
+	mls	v12.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v13.8h, v4.h[2]
+	sqdmulh	v22.8h, v14.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v13.8h, v21.8h, v4.h[0]
+	mls	v14.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v15.8h, v4.h[2]
+	sqdmulh	v22.8h, v16.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v15.8h, v21.8h, v4.h[0]
+	mls	v16.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v17.8h, v4.h[2]
+	sqdmulh	v22.8h, v18.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v17.8h, v21.8h, v4.h[0]
+	mls	v18.8h, v22.8h, v4.h[0]
+	sqdmulh	v21.8h, v19.8h, v4.h[2]
+	sqdmulh	v22.8h, v20.8h, v4.h[2]
+	sshr	v21.8h, v21.8h, #11
+	sshr	v22.8h, v22.8h, #11
+	mls	v19.8h, v21.8h, v4.h[0]
+	mls	v20.8h, v22.8h, v4.h[0]
+	mov	v29.16b, v5.16b
+	trn1	v5.4s, v5.4s, v6.4s
+	trn2	v6.4s, v29.4s, v6.4s
+	mov	v29.16b, v5.16b
+	trn1	v5.2d, v5.2d, v6.2d
+	trn2	v6.2d, v29.2d, v6.2d
+	mov	v29.16b, v7.16b
+	trn1	v7.4s, v7.4s, v8.4s
+	trn2	v8.4s, v29.4s, v8.4s
+	mov	v29.16b, v7.16b
+	trn1	v7.2d, v7.2d, v8.2d
+	trn2	v8.2d, v29.2d, v8.2d
+	mov	v29.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v29.4s, v10.4s
+	mov	v29.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v29.2d, v10.2d
+	mov	v29.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v29.4s, v12.4s
+	mov	v29.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v29.2d, v12.2d
+	mov	v29.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v29.4s, v14.4s
+	mov	v29.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v29.2d, v14.2d
+	mov	v29.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v29.4s, v16.4s
+	mov	v29.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v29.2d, v16.2d
+	mov	v29.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v29.4s, v18.4s
+	mov	v29.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v29.2d, v18.2d
+	mov	v29.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v29.4s, v20.4s
+	mov	v29.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v29.2d, v20.2d
+	stp	q5, q6, [x1]
+	stp	q7, q8, [x1, #32]
+	stp	q9, q10, [x1, #64]
+	stp	q11, q12, [x1, #96]
+	stp	q13, q14, [x1, #128]
+	stp	q15, q16, [x1, #160]
+	stp	q17, q18, [x1, #192]
+	stp	q19, q20, [x1, #224]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_ntt_sqrdmlsh,.-mlkem_ntt_sqrdmlsh
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	mlkem_invntt_sqrdmlsh
+.type	mlkem_invntt_sqrdmlsh,@function
+.align	2
+mlkem_invntt_sqrdmlsh:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_invntt_sqrdmlsh
+.p2align	2
+_mlkem_invntt_sqrdmlsh:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_mlkem_aarch64_zetas_inv
+	add  x2, x2, :lo12:L_mlkem_aarch64_zetas_inv
+#else
+	adrp x2, L_mlkem_aarch64_zetas_inv@PAGE
+	add  x2, x2, :lo12:L_mlkem_aarch64_zetas_inv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_mlkem_aarch64_zetas_inv_qinv
+	add  x3, x3, :lo12:L_mlkem_aarch64_zetas_inv_qinv
+#else
+	adrp x3, L_mlkem_aarch64_zetas_inv_qinv@PAGE
+	add  x3, x3, :lo12:L_mlkem_aarch64_zetas_inv_qinv@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_mlkem_aarch64_consts
+	add  x4, x4, :lo12:L_mlkem_aarch64_consts
+#else
+	adrp x4, L_mlkem_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_mlkem_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	add	x1, x0, #0x100
+	ldr	q8, [x4]
+	ldp	q9, q10, [x0]
+	ldp	q11, q12, [x0, #32]
+	ldp	q13, q14, [x0, #64]
+	ldp	q15, q16, [x0, #96]
+	ldp	q17, q18, [x0, #128]
+	ldp	q19, q20, [x0, #160]
+	ldp	q21, q22, [x0, #192]
+	ldp	q23, q24, [x0, #224]
+	mov	v25.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	mov	v25.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	mov	v25.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v25.2d, v12.2d
+	mov	v25.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v25.4s, v12.4s
+	mov	v25.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	mov	v25.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	mov	v25.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v25.2d, v16.2d
+	mov	v25.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v25.4s, v16.4s
+	mov	v25.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	mov	v25.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	mov	v25.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v25.2d, v20.2d
+	mov	v25.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v25.4s, v20.4s
+	mov	v25.16b, v21.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	mov	v25.16b, v21.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	mov	v25.16b, v23.16b
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v24.2d, v25.2d, v24.2d
+	mov	v25.16b, v23.16b
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v24.4s, v25.4s, v24.4s
+	ldr	q0, [x2]
+	ldr	q1, [x2, #16]
+	ldr	q2, [x3]
+	ldr	q3, [x3, #16]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #32]
+	ldr	q1, [x2, #48]
+	ldr	q2, [x3, #32]
+	ldr	q3, [x3, #48]
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #64]
+	ldr	q1, [x2, #80]
+	ldr	q2, [x3, #64]
+	ldr	q3, [x3, #80]
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #96]
+	ldr	q1, [x2, #112]
+	ldr	q2, [x3, #96]
+	ldr	q3, [x3, #112]
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #256]
+	ldr	q1, [x2, #272]
+	ldr	q2, [x3, #256]
+	ldr	q3, [x3, #272]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	trn2	v12.4s, v26.4s, v12.4s
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #288]
+	ldr	q1, [x2, #304]
+	ldr	q2, [x3, #288]
+	ldr	q3, [x3, #304]
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	trn2	v16.4s, v26.4s, v16.4s
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #320]
+	ldr	q1, [x2, #336]
+	ldr	q2, [x3, #320]
+	ldr	q3, [x3, #336]
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	trn2	v20.4s, v26.4s, v20.4s
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #352]
+	ldr	q1, [x2, #368]
+	ldr	q2, [x3, #352]
+	ldr	q3, [x3, #368]
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	trn2	v24.4s, v26.4s, v24.4s
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #512]
+	ldr	q2, [x3, #512]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	trn2	v12.2d, v26.2d, v12.2d
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.h[0]
+	mul	v27.8h, v28.8h, v2.h[1]
+	sqrdmulh	v10.8h, v26.8h, v0.h[0]
+	sqrdmulh	v12.8h, v28.8h, v0.h[1]
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	trn2	v16.2d, v26.2d, v16.2d
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.h[2]
+	mul	v27.8h, v28.8h, v2.h[3]
+	sqrdmulh	v14.8h, v26.8h, v0.h[2]
+	sqrdmulh	v16.8h, v28.8h, v0.h[3]
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	trn2	v20.2d, v26.2d, v20.2d
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.h[4]
+	mul	v27.8h, v28.8h, v2.h[5]
+	sqrdmulh	v18.8h, v26.8h, v0.h[4]
+	sqrdmulh	v20.8h, v28.8h, v0.h[5]
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	trn2	v24.2d, v26.2d, v24.2d
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.h[6]
+	mul	v27.8h, v28.8h, v2.h[7]
+	sqrdmulh	v22.8h, v26.8h, v0.h[6]
+	sqrdmulh	v24.8h, v28.8h, v0.h[7]
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v11.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v11.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v13.8h, v8.h[2]
+	sqdmulh	v26.8h, v15.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v13.8h, v25.8h, v8.h[0]
+	mls	v15.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v19.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v19.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v21.8h, v8.h[2]
+	sqdmulh	v26.8h, v23.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v21.8h, v25.8h, v8.h[0]
+	mls	v23.8h, v26.8h, v8.h[0]
+	stp	q9, q10, [x0]
+	stp	q11, q12, [x0, #32]
+	stp	q13, q14, [x0, #64]
+	stp	q15, q16, [x0, #96]
+	stp	q17, q18, [x0, #128]
+	stp	q19, q20, [x0, #160]
+	stp	q21, q22, [x0, #192]
+	stp	q23, q24, [x0, #224]
+	ldp	q9, q10, [x1]
+	ldp	q11, q12, [x1, #32]
+	ldp	q13, q14, [x1, #64]
+	ldp	q15, q16, [x1, #96]
+	ldp	q17, q18, [x1, #128]
+	ldp	q19, q20, [x1, #160]
+	ldp	q21, q22, [x1, #192]
+	ldp	q23, q24, [x1, #224]
+	mov	v25.16b, v9.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	mov	v25.16b, v9.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	mov	v25.16b, v11.16b
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v12.2d, v25.2d, v12.2d
+	mov	v25.16b, v11.16b
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v12.4s, v25.4s, v12.4s
+	mov	v25.16b, v13.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	mov	v25.16b, v13.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	mov	v25.16b, v15.16b
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v16.2d, v25.2d, v16.2d
+	mov	v25.16b, v15.16b
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v16.4s, v25.4s, v16.4s
+	mov	v25.16b, v17.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	mov	v25.16b, v17.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	mov	v25.16b, v19.16b
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v20.2d, v25.2d, v20.2d
+	mov	v25.16b, v19.16b
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v20.4s, v25.4s, v20.4s
+	mov	v25.16b, v21.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	mov	v25.16b, v21.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	mov	v25.16b, v23.16b
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v24.2d, v25.2d, v24.2d
+	mov	v25.16b, v23.16b
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v24.4s, v25.4s, v24.4s
+	ldr	q0, [x2, #128]
+	ldr	q1, [x2, #144]
+	ldr	q2, [x3, #128]
+	ldr	q3, [x3, #144]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #160]
+	ldr	q1, [x2, #176]
+	ldr	q2, [x3, #160]
+	ldr	q3, [x3, #176]
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #192]
+	ldr	q1, [x2, #208]
+	ldr	q2, [x3, #192]
+	ldr	q3, [x3, #208]
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #224]
+	ldr	q1, [x2, #240]
+	ldr	q2, [x3, #224]
+	ldr	q3, [x3, #240]
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #384]
+	ldr	q1, [x2, #400]
+	ldr	q2, [x3, #384]
+	ldr	q3, [x3, #400]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.4s, v9.4s, v10.4s
+	trn1	v11.4s, v11.4s, v12.4s
+	trn2	v10.4s, v25.4s, v10.4s
+	trn2	v12.4s, v26.4s, v12.4s
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v10.8h, v26.8h, v0.8h
+	sqrdmulh	v12.8h, v28.8h, v1.8h
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	ldr	q0, [x2, #416]
+	ldr	q1, [x2, #432]
+	ldr	q2, [x3, #416]
+	ldr	q3, [x3, #432]
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.4s, v13.4s, v14.4s
+	trn1	v15.4s, v15.4s, v16.4s
+	trn2	v14.4s, v25.4s, v14.4s
+	trn2	v16.4s, v26.4s, v16.4s
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v14.8h, v26.8h, v0.8h
+	sqrdmulh	v16.8h, v28.8h, v1.8h
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	ldr	q0, [x2, #448]
+	ldr	q1, [x2, #464]
+	ldr	q2, [x3, #448]
+	ldr	q3, [x3, #464]
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.4s, v17.4s, v18.4s
+	trn1	v19.4s, v19.4s, v20.4s
+	trn2	v18.4s, v25.4s, v18.4s
+	trn2	v20.4s, v26.4s, v20.4s
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v18.8h, v26.8h, v0.8h
+	sqrdmulh	v20.8h, v28.8h, v1.8h
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	ldr	q0, [x2, #480]
+	ldr	q1, [x2, #496]
+	ldr	q2, [x3, #480]
+	ldr	q3, [x3, #496]
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.4s, v21.4s, v22.4s
+	trn1	v23.4s, v23.4s, v24.4s
+	trn2	v22.4s, v25.4s, v22.4s
+	trn2	v24.4s, v26.4s, v24.4s
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.8h
+	mul	v27.8h, v28.8h, v3.8h
+	sqrdmulh	v22.8h, v26.8h, v0.8h
+	sqrdmulh	v24.8h, v28.8h, v1.8h
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	ldr	q0, [x2, #528]
+	ldr	q2, [x3, #528]
+	mov	v25.16b, v9.16b
+	mov	v26.16b, v11.16b
+	trn1	v9.2d, v9.2d, v10.2d
+	trn1	v11.2d, v11.2d, v12.2d
+	trn2	v10.2d, v25.2d, v10.2d
+	trn2	v12.2d, v26.2d, v12.2d
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v2.h[0]
+	mul	v27.8h, v28.8h, v2.h[1]
+	sqrdmulh	v10.8h, v26.8h, v0.h[0]
+	sqrdmulh	v12.8h, v28.8h, v0.h[1]
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mov	v25.16b, v13.16b
+	mov	v26.16b, v15.16b
+	trn1	v13.2d, v13.2d, v14.2d
+	trn1	v15.2d, v15.2d, v16.2d
+	trn2	v14.2d, v25.2d, v14.2d
+	trn2	v16.2d, v26.2d, v16.2d
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v2.h[2]
+	mul	v27.8h, v28.8h, v2.h[3]
+	sqrdmulh	v14.8h, v26.8h, v0.h[2]
+	sqrdmulh	v16.8h, v28.8h, v0.h[3]
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mov	v25.16b, v17.16b
+	mov	v26.16b, v19.16b
+	trn1	v17.2d, v17.2d, v18.2d
+	trn1	v19.2d, v19.2d, v20.2d
+	trn2	v18.2d, v25.2d, v18.2d
+	trn2	v20.2d, v26.2d, v20.2d
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v2.h[4]
+	mul	v27.8h, v28.8h, v2.h[5]
+	sqrdmulh	v18.8h, v26.8h, v0.h[4]
+	sqrdmulh	v20.8h, v28.8h, v0.h[5]
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mov	v25.16b, v21.16b
+	mov	v26.16b, v23.16b
+	trn1	v21.2d, v21.2d, v22.2d
+	trn1	v23.2d, v23.2d, v24.2d
+	trn2	v22.2d, v25.2d, v22.2d
+	trn2	v24.2d, v26.2d, v24.2d
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v2.h[6]
+	mul	v27.8h, v28.8h, v2.h[7]
+	sqrdmulh	v22.8h, v26.8h, v0.h[6]
+	sqrdmulh	v24.8h, v28.8h, v0.h[7]
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v11.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v11.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v13.8h, v8.h[2]
+	sqdmulh	v26.8h, v15.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v13.8h, v25.8h, v8.h[0]
+	mls	v15.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v19.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v19.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v21.8h, v8.h[2]
+	sqdmulh	v26.8h, v23.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v21.8h, v25.8h, v8.h[0]
+	mls	v23.8h, v26.8h, v8.h[0]
+	stp	q9, q10, [x1]
+	stp	q11, q12, [x1, #32]
+	stp	q13, q14, [x1, #64]
+	stp	q15, q16, [x1, #96]
+	stp	q17, q18, [x1, #128]
+	stp	q19, q20, [x1, #160]
+	stp	q21, q22, [x1, #192]
+	stp	q23, q24, [x1, #224]
+	ldr	q4, [x2, #544]
+	ldr	q5, [x2, #560]
+	ldr	q6, [x3, #544]
+	ldr	q7, [x3, #560]
+	ldr	q9, [x0]
+	ldr	q10, [x0, #32]
+	ldr	q11, [x0, #64]
+	ldr	q12, [x0, #96]
+	ldr	q13, [x0, #128]
+	ldr	q14, [x0, #160]
+	ldr	q15, [x0, #192]
+	ldr	q16, [x0, #224]
+	ldr	q17, [x1]
+	ldr	q18, [x1, #32]
+	ldr	q19, [x1, #64]
+	ldr	q20, [x1, #96]
+	ldr	q21, [x1, #128]
+	ldr	q22, [x1, #160]
+	ldr	q23, [x1, #192]
+	ldr	q24, [x1, #224]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v6.h[0]
+	mul	v27.8h, v28.8h, v6.h[1]
+	sqrdmulh	v10.8h, v26.8h, v4.h[0]
+	sqrdmulh	v12.8h, v28.8h, v4.h[1]
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v6.h[2]
+	mul	v27.8h, v28.8h, v6.h[3]
+	sqrdmulh	v14.8h, v26.8h, v4.h[2]
+	sqrdmulh	v16.8h, v28.8h, v4.h[3]
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v6.h[4]
+	mul	v27.8h, v28.8h, v6.h[5]
+	sqrdmulh	v18.8h, v26.8h, v4.h[4]
+	sqrdmulh	v20.8h, v28.8h, v4.h[5]
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v6.h[6]
+	mul	v27.8h, v28.8h, v6.h[7]
+	sqrdmulh	v22.8h, v26.8h, v4.h[6]
+	sqrdmulh	v24.8h, v28.8h, v4.h[7]
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v11.8h
+	sub	v28.8h, v10.8h, v12.8h
+	add	v9.8h, v9.8h, v11.8h
+	add	v10.8h, v10.8h, v12.8h
+	mul	v25.8h, v26.8h, v7.h[0]
+	mul	v27.8h, v28.8h, v7.h[0]
+	sqrdmulh	v11.8h, v26.8h, v5.h[0]
+	sqrdmulh	v12.8h, v28.8h, v5.h[0]
+	sqrdmlsh	v11.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v15.8h
+	sub	v28.8h, v14.8h, v16.8h
+	add	v13.8h, v13.8h, v15.8h
+	add	v14.8h, v14.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[1]
+	mul	v27.8h, v28.8h, v7.h[1]
+	sqrdmulh	v15.8h, v26.8h, v5.h[1]
+	sqrdmulh	v16.8h, v28.8h, v5.h[1]
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v19.8h
+	sub	v28.8h, v18.8h, v20.8h
+	add	v17.8h, v17.8h, v19.8h
+	add	v18.8h, v18.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[2]
+	mul	v27.8h, v28.8h, v7.h[2]
+	sqrdmulh	v19.8h, v26.8h, v5.h[2]
+	sqrdmulh	v20.8h, v28.8h, v5.h[2]
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v23.8h
+	sub	v28.8h, v22.8h, v24.8h
+	add	v21.8h, v21.8h, v23.8h
+	add	v22.8h, v22.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[3]
+	mul	v27.8h, v28.8h, v7.h[3]
+	sqrdmulh	v23.8h, v26.8h, v5.h[3]
+	sqrdmulh	v24.8h, v28.8h, v5.h[3]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v13.8h
+	sub	v28.8h, v10.8h, v14.8h
+	add	v9.8h, v9.8h, v13.8h
+	add	v10.8h, v10.8h, v14.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v13.8h, v26.8h, v5.h[4]
+	sqrdmulh	v14.8h, v28.8h, v5.h[4]
+	sqrdmlsh	v13.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v14.8h, v27.8h, v8.h[0]
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	sub	v26.8h, v11.8h, v15.8h
+	sub	v28.8h, v12.8h, v16.8h
+	add	v11.8h, v11.8h, v15.8h
+	add	v12.8h, v12.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v15.8h, v26.8h, v5.h[4]
+	sqrdmulh	v16.8h, v28.8h, v5.h[4]
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v21.8h
+	sub	v28.8h, v18.8h, v22.8h
+	add	v17.8h, v17.8h, v21.8h
+	add	v18.8h, v18.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v21.8h, v26.8h, v5.h[5]
+	sqrdmulh	v22.8h, v28.8h, v5.h[5]
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v27.8h, v8.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v19.8h, v23.8h
+	sub	v28.8h, v20.8h, v24.8h
+	add	v19.8h, v19.8h, v23.8h
+	add	v20.8h, v20.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v23.8h, v26.8h, v5.h[5]
+	sqrdmulh	v24.8h, v28.8h, v5.h[5]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v10.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v10.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v11.8h, v8.h[2]
+	sqdmulh	v26.8h, v12.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v11.8h, v25.8h, v8.h[0]
+	mls	v12.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v18.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v18.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v19.8h, v8.h[2]
+	sqdmulh	v26.8h, v20.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v19.8h, v25.8h, v8.h[0]
+	mls	v20.8h, v26.8h, v8.h[0]
+	sub	v26.8h, v9.8h, v17.8h
+	sub	v28.8h, v10.8h, v18.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v17.8h, v26.8h, v5.h[6]
+	sqrdmulh	v18.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v17.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v18.8h, v27.8h, v8.h[0]
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	sub	v26.8h, v11.8h, v19.8h
+	sub	v28.8h, v12.8h, v20.8h
+	add	v11.8h, v11.8h, v19.8h
+	add	v12.8h, v12.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v19.8h, v26.8h, v5.h[6]
+	sqrdmulh	v20.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v13.8h, v21.8h
+	sub	v28.8h, v14.8h, v22.8h
+	add	v13.8h, v13.8h, v21.8h
+	add	v14.8h, v14.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v21.8h, v26.8h, v5.h[6]
+	sqrdmulh	v22.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v27.8h, v8.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v15.8h, v23.8h
+	sub	v28.8h, v16.8h, v24.8h
+	add	v15.8h, v15.8h, v23.8h
+	add	v16.8h, v16.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v23.8h, v26.8h, v5.h[6]
+	sqrdmulh	v24.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v25.8h, v9.8h, v7.h[7]
+	mul	v26.8h, v10.8h, v7.h[7]
+	sqrdmulh	v9.8h, v9.8h, v5.h[7]
+	sqrdmulh	v10.8h, v10.8h, v5.h[7]
+	sqrdmlsh	v9.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v10.8h, v26.8h, v8.h[0]
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v25.8h, v11.8h, v7.h[7]
+	mul	v26.8h, v12.8h, v7.h[7]
+	sqrdmulh	v11.8h, v11.8h, v5.h[7]
+	sqrdmulh	v12.8h, v12.8h, v5.h[7]
+	sqrdmlsh	v11.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v26.8h, v8.h[0]
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v25.8h, v13.8h, v7.h[7]
+	mul	v26.8h, v14.8h, v7.h[7]
+	sqrdmulh	v13.8h, v13.8h, v5.h[7]
+	sqrdmulh	v14.8h, v14.8h, v5.h[7]
+	sqrdmlsh	v13.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v14.8h, v26.8h, v8.h[0]
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v25.8h, v15.8h, v7.h[7]
+	mul	v26.8h, v16.8h, v7.h[7]
+	sqrdmulh	v15.8h, v15.8h, v5.h[7]
+	sqrdmulh	v16.8h, v16.8h, v5.h[7]
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v26.8h, v8.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mul	v25.8h, v17.8h, v7.h[7]
+	mul	v26.8h, v18.8h, v7.h[7]
+	sqrdmulh	v17.8h, v17.8h, v5.h[7]
+	sqrdmulh	v18.8h, v18.8h, v5.h[7]
+	sqrdmlsh	v17.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v18.8h, v26.8h, v8.h[0]
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	mul	v25.8h, v19.8h, v7.h[7]
+	mul	v26.8h, v20.8h, v7.h[7]
+	sqrdmulh	v19.8h, v19.8h, v5.h[7]
+	sqrdmulh	v20.8h, v20.8h, v5.h[7]
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v26.8h, v8.h[0]
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mul	v25.8h, v21.8h, v7.h[7]
+	mul	v26.8h, v22.8h, v7.h[7]
+	sqrdmulh	v21.8h, v21.8h, v5.h[7]
+	sqrdmulh	v22.8h, v22.8h, v5.h[7]
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v26.8h, v8.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v25.8h, v23.8h, v7.h[7]
+	mul	v26.8h, v24.8h, v7.h[7]
+	sqrdmulh	v23.8h, v23.8h, v5.h[7]
+	sqrdmulh	v24.8h, v24.8h, v5.h[7]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v26.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	str	q9, [x0]
+	str	q10, [x0, #32]
+	str	q11, [x0, #64]
+	str	q12, [x0, #96]
+	str	q13, [x0, #128]
+	str	q14, [x0, #160]
+	str	q15, [x0, #192]
+	str	q16, [x0, #224]
+	str	q17, [x1]
+	str	q18, [x1, #32]
+	str	q19, [x1, #64]
+	str	q20, [x1, #96]
+	str	q21, [x1, #128]
+	str	q22, [x1, #160]
+	str	q23, [x1, #192]
+	str	q24, [x1, #224]
+	ldr	q9, [x0, #16]
+	ldr	q10, [x0, #48]
+	ldr	q11, [x0, #80]
+	ldr	q12, [x0, #112]
+	ldr	q13, [x0, #144]
+	ldr	q14, [x0, #176]
+	ldr	q15, [x0, #208]
+	ldr	q16, [x0, #240]
+	ldr	q17, [x1, #16]
+	ldr	q18, [x1, #48]
+	ldr	q19, [x1, #80]
+	ldr	q20, [x1, #112]
+	ldr	q21, [x1, #144]
+	ldr	q22, [x1, #176]
+	ldr	q23, [x1, #208]
+	ldr	q24, [x1, #240]
+	sub	v26.8h, v9.8h, v10.8h
+	sub	v28.8h, v11.8h, v12.8h
+	add	v9.8h, v9.8h, v10.8h
+	add	v11.8h, v11.8h, v12.8h
+	mul	v25.8h, v26.8h, v6.h[0]
+	mul	v27.8h, v28.8h, v6.h[1]
+	sqrdmulh	v10.8h, v26.8h, v4.h[0]
+	sqrdmulh	v12.8h, v28.8h, v4.h[1]
+	sqrdmlsh	v10.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v10.8h, v10.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v14.8h
+	sub	v28.8h, v15.8h, v16.8h
+	add	v13.8h, v13.8h, v14.8h
+	add	v15.8h, v15.8h, v16.8h
+	mul	v25.8h, v26.8h, v6.h[2]
+	mul	v27.8h, v28.8h, v6.h[3]
+	sqrdmulh	v14.8h, v26.8h, v4.h[2]
+	sqrdmulh	v16.8h, v28.8h, v4.h[3]
+	sqrdmlsh	v14.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v14.8h, v14.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v18.8h
+	sub	v28.8h, v19.8h, v20.8h
+	add	v17.8h, v17.8h, v18.8h
+	add	v19.8h, v19.8h, v20.8h
+	mul	v25.8h, v26.8h, v6.h[4]
+	mul	v27.8h, v28.8h, v6.h[5]
+	sqrdmulh	v18.8h, v26.8h, v4.h[4]
+	sqrdmulh	v20.8h, v28.8h, v4.h[5]
+	sqrdmlsh	v18.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v18.8h, v18.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v22.8h
+	sub	v28.8h, v23.8h, v24.8h
+	add	v21.8h, v21.8h, v22.8h
+	add	v23.8h, v23.8h, v24.8h
+	mul	v25.8h, v26.8h, v6.h[6]
+	mul	v27.8h, v28.8h, v6.h[7]
+	sqrdmulh	v22.8h, v26.8h, v4.h[6]
+	sqrdmulh	v24.8h, v28.8h, v4.h[7]
+	sqrdmlsh	v22.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v22.8h, v22.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v11.8h
+	sub	v28.8h, v10.8h, v12.8h
+	add	v9.8h, v9.8h, v11.8h
+	add	v10.8h, v10.8h, v12.8h
+	mul	v25.8h, v26.8h, v7.h[0]
+	mul	v27.8h, v28.8h, v7.h[0]
+	sqrdmulh	v11.8h, v26.8h, v5.h[0]
+	sqrdmulh	v12.8h, v28.8h, v5.h[0]
+	sqrdmlsh	v11.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v27.8h, v8.h[0]
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	sub	v26.8h, v13.8h, v15.8h
+	sub	v28.8h, v14.8h, v16.8h
+	add	v13.8h, v13.8h, v15.8h
+	add	v14.8h, v14.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[1]
+	mul	v27.8h, v28.8h, v7.h[1]
+	sqrdmulh	v15.8h, v26.8h, v5.h[1]
+	sqrdmulh	v16.8h, v28.8h, v5.h[1]
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v19.8h
+	sub	v28.8h, v18.8h, v20.8h
+	add	v17.8h, v17.8h, v19.8h
+	add	v18.8h, v18.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[2]
+	mul	v27.8h, v28.8h, v7.h[2]
+	sqrdmulh	v19.8h, v26.8h, v5.h[2]
+	sqrdmulh	v20.8h, v28.8h, v5.h[2]
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v21.8h, v23.8h
+	sub	v28.8h, v22.8h, v24.8h
+	add	v21.8h, v21.8h, v23.8h
+	add	v22.8h, v22.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[3]
+	mul	v27.8h, v28.8h, v7.h[3]
+	sqrdmulh	v23.8h, v26.8h, v5.h[3]
+	sqrdmulh	v24.8h, v28.8h, v5.h[3]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sub	v26.8h, v9.8h, v13.8h
+	sub	v28.8h, v10.8h, v14.8h
+	add	v9.8h, v9.8h, v13.8h
+	add	v10.8h, v10.8h, v14.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v13.8h, v26.8h, v5.h[4]
+	sqrdmulh	v14.8h, v28.8h, v5.h[4]
+	sqrdmlsh	v13.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v14.8h, v27.8h, v8.h[0]
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	sub	v26.8h, v11.8h, v15.8h
+	sub	v28.8h, v12.8h, v16.8h
+	add	v11.8h, v11.8h, v15.8h
+	add	v12.8h, v12.8h, v16.8h
+	mul	v25.8h, v26.8h, v7.h[4]
+	mul	v27.8h, v28.8h, v7.h[4]
+	sqrdmulh	v15.8h, v26.8h, v5.h[4]
+	sqrdmulh	v16.8h, v28.8h, v5.h[4]
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v27.8h, v8.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	sub	v26.8h, v17.8h, v21.8h
+	sub	v28.8h, v18.8h, v22.8h
+	add	v17.8h, v17.8h, v21.8h
+	add	v18.8h, v18.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v21.8h, v26.8h, v5.h[5]
+	sqrdmulh	v22.8h, v28.8h, v5.h[5]
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v27.8h, v8.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v19.8h, v23.8h
+	sub	v28.8h, v20.8h, v24.8h
+	add	v19.8h, v19.8h, v23.8h
+	add	v20.8h, v20.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[5]
+	mul	v27.8h, v28.8h, v7.h[5]
+	sqrdmulh	v23.8h, v26.8h, v5.h[5]
+	sqrdmulh	v24.8h, v28.8h, v5.h[5]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	sqdmulh	v25.8h, v9.8h, v8.h[2]
+	sqdmulh	v26.8h, v10.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v9.8h, v25.8h, v8.h[0]
+	mls	v10.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v11.8h, v8.h[2]
+	sqdmulh	v26.8h, v12.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v11.8h, v25.8h, v8.h[0]
+	mls	v12.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v17.8h, v8.h[2]
+	sqdmulh	v26.8h, v18.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v17.8h, v25.8h, v8.h[0]
+	mls	v18.8h, v26.8h, v8.h[0]
+	sqdmulh	v25.8h, v19.8h, v8.h[2]
+	sqdmulh	v26.8h, v20.8h, v8.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v19.8h, v25.8h, v8.h[0]
+	mls	v20.8h, v26.8h, v8.h[0]
+	sub	v26.8h, v9.8h, v17.8h
+	sub	v28.8h, v10.8h, v18.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v17.8h, v26.8h, v5.h[6]
+	sqrdmulh	v18.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v17.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v18.8h, v27.8h, v8.h[0]
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	sub	v26.8h, v11.8h, v19.8h
+	sub	v28.8h, v12.8h, v20.8h
+	add	v11.8h, v11.8h, v19.8h
+	add	v12.8h, v12.8h, v20.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v19.8h, v26.8h, v5.h[6]
+	sqrdmulh	v20.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v27.8h, v8.h[0]
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	sub	v26.8h, v13.8h, v21.8h
+	sub	v28.8h, v14.8h, v22.8h
+	add	v13.8h, v13.8h, v21.8h
+	add	v14.8h, v14.8h, v22.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v21.8h, v26.8h, v5.h[6]
+	sqrdmulh	v22.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v27.8h, v8.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	sub	v26.8h, v15.8h, v23.8h
+	sub	v28.8h, v16.8h, v24.8h
+	add	v15.8h, v15.8h, v23.8h
+	add	v16.8h, v16.8h, v24.8h
+	mul	v25.8h, v26.8h, v7.h[6]
+	mul	v27.8h, v28.8h, v7.h[6]
+	sqrdmulh	v23.8h, v26.8h, v5.h[6]
+	sqrdmulh	v24.8h, v28.8h, v5.h[6]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v27.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	mul	v25.8h, v9.8h, v7.h[7]
+	mul	v26.8h, v10.8h, v7.h[7]
+	sqrdmulh	v9.8h, v9.8h, v5.h[7]
+	sqrdmulh	v10.8h, v10.8h, v5.h[7]
+	sqrdmlsh	v9.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v10.8h, v26.8h, v8.h[0]
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v25.8h, v11.8h, v7.h[7]
+	mul	v26.8h, v12.8h, v7.h[7]
+	sqrdmulh	v11.8h, v11.8h, v5.h[7]
+	sqrdmulh	v12.8h, v12.8h, v5.h[7]
+	sqrdmlsh	v11.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v12.8h, v26.8h, v8.h[0]
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v25.8h, v13.8h, v7.h[7]
+	mul	v26.8h, v14.8h, v7.h[7]
+	sqrdmulh	v13.8h, v13.8h, v5.h[7]
+	sqrdmulh	v14.8h, v14.8h, v5.h[7]
+	sqrdmlsh	v13.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v14.8h, v26.8h, v8.h[0]
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v25.8h, v15.8h, v7.h[7]
+	mul	v26.8h, v16.8h, v7.h[7]
+	sqrdmulh	v15.8h, v15.8h, v5.h[7]
+	sqrdmulh	v16.8h, v16.8h, v5.h[7]
+	sqrdmlsh	v15.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v16.8h, v26.8h, v8.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	mul	v25.8h, v17.8h, v7.h[7]
+	mul	v26.8h, v18.8h, v7.h[7]
+	sqrdmulh	v17.8h, v17.8h, v5.h[7]
+	sqrdmulh	v18.8h, v18.8h, v5.h[7]
+	sqrdmlsh	v17.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v18.8h, v26.8h, v8.h[0]
+	sshr	v17.8h, v17.8h, #1
+	sshr	v18.8h, v18.8h, #1
+	mul	v25.8h, v19.8h, v7.h[7]
+	mul	v26.8h, v20.8h, v7.h[7]
+	sqrdmulh	v19.8h, v19.8h, v5.h[7]
+	sqrdmulh	v20.8h, v20.8h, v5.h[7]
+	sqrdmlsh	v19.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v20.8h, v26.8h, v8.h[0]
+	sshr	v19.8h, v19.8h, #1
+	sshr	v20.8h, v20.8h, #1
+	mul	v25.8h, v21.8h, v7.h[7]
+	mul	v26.8h, v22.8h, v7.h[7]
+	sqrdmulh	v21.8h, v21.8h, v5.h[7]
+	sqrdmulh	v22.8h, v22.8h, v5.h[7]
+	sqrdmlsh	v21.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v22.8h, v26.8h, v8.h[0]
+	sshr	v21.8h, v21.8h, #1
+	sshr	v22.8h, v22.8h, #1
+	mul	v25.8h, v23.8h, v7.h[7]
+	mul	v26.8h, v24.8h, v7.h[7]
+	sqrdmulh	v23.8h, v23.8h, v5.h[7]
+	sqrdmulh	v24.8h, v24.8h, v5.h[7]
+	sqrdmlsh	v23.8h, v25.8h, v8.h[0]
+	sqrdmlsh	v24.8h, v26.8h, v8.h[0]
+	sshr	v23.8h, v23.8h, #1
+	sshr	v24.8h, v24.8h, #1
+	str	q9, [x0, #16]
+	str	q10, [x0, #48]
+	str	q11, [x0, #80]
+	str	q12, [x0, #112]
+	str	q13, [x0, #144]
+	str	q14, [x0, #176]
+	str	q15, [x0, #208]
+	str	q16, [x0, #240]
+	str	q17, [x1, #16]
+	str	q18, [x1, #48]
+	str	q19, [x1, #80]
+	str	q20, [x1, #112]
+	str	q21, [x1, #144]
+	str	q22, [x1, #176]
+	str	q23, [x1, #208]
+	str	q24, [x1, #240]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_invntt_sqrdmlsh,.-mlkem_invntt_sqrdmlsh
+#endif /* __APPLE__ */
+#endif /* WOLFSSL_AARCH64_NO_SQRDMLSH */
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_aarch64_zetas_mul, %object
+	.section	.rodata
+	.size	L_mlkem_aarch64_zetas_mul, 256
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_aarch64_zetas_mul:
+	.short	0x08b2,0xf74e,0x01ae,0xfe52,0x022b,0xfdd5,0x034b,0xfcb5
+	.short	0x081e,0xf7e2,0x0367,0xfc99,0x060e,0xf9f2,0x0069,0xff97
+	.short	0x01a6,0xfe5a,0x024b,0xfdb5,0x00b1,0xff4f,0x0c16,0xf3ea
+	.short	0x0bde,0xf422,0x0b35,0xf4cb,0x0626,0xf9da,0x0675,0xf98b
+	.short	0x0c0b,0xf3f5,0x030a,0xfcf6,0x0487,0xfb79,0x0c6e,0xf392
+	.short	0x09f8,0xf608,0x05cb,0xfa35,0x0aa7,0xf559,0x045f,0xfba1
+	.short	0x06cb,0xf935,0x0284,0xfd7c,0x0999,0xf667,0x015d,0xfea3
+	.short	0x01a2,0xfe5e,0x0149,0xfeb7,0x0c65,0xf39b,0x0cb6,0xf34a
+	.short	0x0331,0xfccf,0x0449,0xfbb7,0x025b,0xfda5,0x0262,0xfd9e
+	.short	0x052a,0xfad6,0x07fc,0xf804,0x0748,0xf8b8,0x0180,0xfe80
+	.short	0x0842,0xf7be,0x0c79,0xf387,0x04c2,0xfb3e,0x07ca,0xf836
+	.short	0x0997,0xf669,0x00dc,0xff24,0x085e,0xf7a2,0x0686,0xf97a
+	.short	0x0860,0xf7a0,0x0707,0xf8f9,0x0803,0xf7fd,0x031a,0xfce6
+	.short	0x071b,0xf8e5,0x09ab,0xf655,0x099b,0xf665,0x01de,0xfe22
+	.short	0x0c95,0xf36b,0x0bcd,0xf433,0x03e4,0xfc1c,0x03df,0xfc21
+	.short	0x03be,0xfc42,0x074d,0xf8b3,0x05f2,0xfa0e,0x065c,0xf9a4
+#ifndef __APPLE__
+.text
+.globl	mlkem_basemul_mont
+.type	mlkem_basemul_mont,@function
+.align	2
+mlkem_basemul_mont:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_basemul_mont
+.p2align	2
+_mlkem_basemul_mont:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x3, L_mlkem_aarch64_zetas_mul
+	add  x3, x3, :lo12:L_mlkem_aarch64_zetas_mul
+#else
+	adrp x3, L_mlkem_aarch64_zetas_mul@PAGE
+	add  x3, x3, :lo12:L_mlkem_aarch64_zetas_mul@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_mlkem_aarch64_consts
+	add  x4, x4, :lo12:L_mlkem_aarch64_consts
+#else
+	adrp x4, L_mlkem_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_mlkem_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q1, [x4]
+	ldp	q2, q3, [x1]
+	ldp	q4, q5, [x1, #32]
+	ldp	q6, q7, [x1, #64]
+	ldp	q8, q9, [x1, #96]
+	ldp	q10, q11, [x2]
+	ldp	q12, q13, [x2, #32]
+	ldp	q14, q15, [x2, #64]
+	ldp	q16, q17, [x2, #96]
+	ldr	q0, [x3]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0]
+	ldr	q0, [x3, #16]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #32]
+	ldr	q0, [x3, #32]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #64]
+	ldr	q0, [x3, #48]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #96]
+	ldp	q2, q3, [x1, #128]
+	ldp	q4, q5, [x1, #160]
+	ldp	q6, q7, [x1, #192]
+	ldp	q8, q9, [x1, #224]
+	ldp	q10, q11, [x2, #128]
+	ldp	q12, q13, [x2, #160]
+	ldp	q14, q15, [x2, #192]
+	ldp	q16, q17, [x2, #224]
+	ldr	q0, [x3, #64]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #128]
+	ldr	q0, [x3, #80]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #160]
+	ldr	q0, [x3, #96]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #192]
+	ldr	q0, [x3, #112]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #224]
+	ldp	q2, q3, [x1, #256]
+	ldp	q4, q5, [x1, #288]
+	ldp	q6, q7, [x1, #320]
+	ldp	q8, q9, [x1, #352]
+	ldp	q10, q11, [x2, #256]
+	ldp	q12, q13, [x2, #288]
+	ldp	q14, q15, [x2, #320]
+	ldp	q16, q17, [x2, #352]
+	ldr	q0, [x3, #128]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #256]
+	ldr	q0, [x3, #144]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #288]
+	ldr	q0, [x3, #160]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #320]
+	ldr	q0, [x3, #176]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #352]
+	ldp	q2, q3, [x1, #384]
+	ldp	q4, q5, [x1, #416]
+	ldp	q6, q7, [x1, #448]
+	ldp	q8, q9, [x1, #480]
+	ldp	q10, q11, [x2, #384]
+	ldp	q12, q13, [x2, #416]
+	ldp	q14, q15, [x2, #448]
+	ldp	q16, q17, [x2, #480]
+	ldr	q0, [x3, #192]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #384]
+	ldr	q0, [x3, #208]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #416]
+	ldr	q0, [x3, #224]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #448]
+	ldr	q0, [x3, #240]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	stp	q24, q25, [x0, #480]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_basemul_mont,.-mlkem_basemul_mont
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	mlkem_basemul_mont_add
+.type	mlkem_basemul_mont_add,@function
+.align	2
+mlkem_basemul_mont_add:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_basemul_mont_add
+.p2align	2
+_mlkem_basemul_mont_add:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x3, L_mlkem_aarch64_zetas_mul
+	add  x3, x3, :lo12:L_mlkem_aarch64_zetas_mul
+#else
+	adrp x3, L_mlkem_aarch64_zetas_mul@PAGE
+	add  x3, x3, :lo12:L_mlkem_aarch64_zetas_mul@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_mlkem_aarch64_consts
+	add  x4, x4, :lo12:L_mlkem_aarch64_consts
+#else
+	adrp x4, L_mlkem_aarch64_consts@PAGE
+	add  x4, x4, :lo12:L_mlkem_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q1, [x4]
+	ldp	q2, q3, [x1]
+	ldp	q4, q5, [x1, #32]
+	ldp	q6, q7, [x1, #64]
+	ldp	q8, q9, [x1, #96]
+	ldp	q10, q11, [x2]
+	ldp	q12, q13, [x2, #32]
+	ldp	q14, q15, [x2, #64]
+	ldp	q16, q17, [x2, #96]
+	ldp	q28, q29, [x0]
+	ldr	q0, [x3]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0]
+	ldp	q28, q29, [x0, #32]
+	ldr	q0, [x3, #16]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #32]
+	ldp	q28, q29, [x0, #64]
+	ldr	q0, [x3, #32]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #64]
+	ldp	q28, q29, [x0, #96]
+	ldr	q0, [x3, #48]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #96]
+	ldp	q2, q3, [x1, #128]
+	ldp	q4, q5, [x1, #160]
+	ldp	q6, q7, [x1, #192]
+	ldp	q8, q9, [x1, #224]
+	ldp	q10, q11, [x2, #128]
+	ldp	q12, q13, [x2, #160]
+	ldp	q14, q15, [x2, #192]
+	ldp	q16, q17, [x2, #224]
+	ldp	q28, q29, [x0, #128]
+	ldr	q0, [x3, #64]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #128]
+	ldp	q28, q29, [x0, #160]
+	ldr	q0, [x3, #80]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #160]
+	ldp	q28, q29, [x0, #192]
+	ldr	q0, [x3, #96]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #192]
+	ldp	q28, q29, [x0, #224]
+	ldr	q0, [x3, #112]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #224]
+	ldp	q2, q3, [x1, #256]
+	ldp	q4, q5, [x1, #288]
+	ldp	q6, q7, [x1, #320]
+	ldp	q8, q9, [x1, #352]
+	ldp	q10, q11, [x2, #256]
+	ldp	q12, q13, [x2, #288]
+	ldp	q14, q15, [x2, #320]
+	ldp	q16, q17, [x2, #352]
+	ldp	q28, q29, [x0, #256]
+	ldr	q0, [x3, #128]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #256]
+	ldp	q28, q29, [x0, #288]
+	ldr	q0, [x3, #144]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #288]
+	ldp	q28, q29, [x0, #320]
+	ldr	q0, [x3, #160]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #320]
+	ldp	q28, q29, [x0, #352]
+	ldr	q0, [x3, #176]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #352]
+	ldp	q2, q3, [x1, #384]
+	ldp	q4, q5, [x1, #416]
+	ldp	q6, q7, [x1, #448]
+	ldp	q8, q9, [x1, #480]
+	ldp	q10, q11, [x2, #384]
+	ldp	q12, q13, [x2, #416]
+	ldp	q14, q15, [x2, #448]
+	ldp	q16, q17, [x2, #480]
+	ldp	q28, q29, [x0, #384]
+	ldr	q0, [x3, #192]
+	uzp1	v18.8h, v2.8h, v3.8h
+	uzp2	v19.8h, v2.8h, v3.8h
+	uzp1	v20.8h, v10.8h, v11.8h
+	uzp2	v21.8h, v10.8h, v11.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #384]
+	ldp	q28, q29, [x0, #416]
+	ldr	q0, [x3, #208]
+	uzp1	v18.8h, v4.8h, v5.8h
+	uzp2	v19.8h, v4.8h, v5.8h
+	uzp1	v20.8h, v12.8h, v13.8h
+	uzp2	v21.8h, v12.8h, v13.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #416]
+	ldp	q28, q29, [x0, #448]
+	ldr	q0, [x3, #224]
+	uzp1	v18.8h, v6.8h, v7.8h
+	uzp2	v19.8h, v6.8h, v7.8h
+	uzp1	v20.8h, v14.8h, v15.8h
+	uzp2	v21.8h, v14.8h, v15.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #448]
+	ldp	q28, q29, [x0, #480]
+	ldr	q0, [x3, #240]
+	uzp1	v18.8h, v8.8h, v9.8h
+	uzp2	v19.8h, v8.8h, v9.8h
+	uzp1	v20.8h, v16.8h, v17.8h
+	uzp2	v21.8h, v16.8h, v17.8h
+	smull	v26.4s, v18.4h, v20.4h
+	smull2	v27.4s, v18.8h, v20.8h
+	smull	v23.4s, v19.4h, v21.4h
+	smull2	v24.4s, v19.8h, v21.8h
+	xtn	v25.4h, v23.4s
+	xtn2	v25.8h, v24.4s
+	mul	v25.8h, v25.8h, v1.h[1]
+	smlsl	v23.4s, v25.4h, v1.h[0]
+	smlsl2	v24.4s, v25.8h, v1.h[0]
+	shrn	v22.4h, v23.4s, #16
+	shrn2	v22.8h, v24.4s, #16
+	smlal	v26.4s, v22.4h, v0.4h
+	smlal2	v27.4s, v22.8h, v0.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v22.4h, v26.4s, #16
+	shrn2	v22.8h, v27.4s, #16
+	smull	v26.4s, v18.4h, v21.4h
+	smull2	v27.4s, v18.8h, v21.8h
+	smlal	v26.4s, v19.4h, v20.4h
+	smlal2	v27.4s, v19.8h, v20.8h
+	xtn	v24.4h, v26.4s
+	xtn2	v24.8h, v27.4s
+	mul	v24.8h, v24.8h, v1.h[1]
+	smlsl	v26.4s, v24.4h, v1.h[0]
+	smlsl2	v27.4s, v24.8h, v1.h[0]
+	shrn	v23.4h, v26.4s, #16
+	shrn2	v23.8h, v27.4s, #16
+	zip1	v24.8h, v22.8h, v23.8h
+	zip2	v25.8h, v22.8h, v23.8h
+	add	v28.8h, v28.8h, v24.8h
+	add	v29.8h, v29.8h, v25.8h
+	stp	q28, q29, [x0, #480]
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_basemul_mont_add,.-mlkem_basemul_mont_add
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	mlkem_csubq_neon
+.type	mlkem_csubq_neon,@function
+.align	2
+mlkem_csubq_neon:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_csubq_neon
+.p2align	2
+_mlkem_csubq_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x1, L_mlkem_aarch64_q
+	add  x1, x1, :lo12:L_mlkem_aarch64_q
+#else
+	adrp x1, L_mlkem_aarch64_q@PAGE
+	add  x1, x1, :lo12:L_mlkem_aarch64_q@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q20, [x1]
+	ld4	{v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40
+	ld4	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	ld4	{v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40
+	ld4	{v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	sub	v0.8h, v0.8h, v20.8h
+	sub	v1.8h, v1.8h, v20.8h
+	sub	v2.8h, v2.8h, v20.8h
+	sub	v3.8h, v3.8h, v20.8h
+	sub	v4.8h, v4.8h, v20.8h
+	sub	v5.8h, v5.8h, v20.8h
+	sub	v6.8h, v6.8h, v20.8h
+	sub	v7.8h, v7.8h, v20.8h
+	sub	v8.8h, v8.8h, v20.8h
+	sub	v9.8h, v9.8h, v20.8h
+	sub	v10.8h, v10.8h, v20.8h
+	sub	v11.8h, v11.8h, v20.8h
+	sub	v12.8h, v12.8h, v20.8h
+	sub	v13.8h, v13.8h, v20.8h
+	sub	v14.8h, v14.8h, v20.8h
+	sub	v15.8h, v15.8h, v20.8h
+	sshr	v16.8h, v0.8h, #15
+	sshr	v17.8h, v1.8h, #15
+	sshr	v18.8h, v2.8h, #15
+	sshr	v19.8h, v3.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v0.8h, v0.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	sshr	v16.8h, v4.8h, #15
+	sshr	v17.8h, v5.8h, #15
+	sshr	v18.8h, v6.8h, #15
+	sshr	v19.8h, v7.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v4.8h, v4.8h, v16.8h
+	add	v5.8h, v5.8h, v17.8h
+	add	v6.8h, v6.8h, v18.8h
+	add	v7.8h, v7.8h, v19.8h
+	sshr	v16.8h, v8.8h, #15
+	sshr	v17.8h, v9.8h, #15
+	sshr	v18.8h, v10.8h, #15
+	sshr	v19.8h, v11.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v8.8h, v8.8h, v16.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	add	v11.8h, v11.8h, v19.8h
+	sshr	v16.8h, v12.8h, #15
+	sshr	v17.8h, v13.8h, #15
+	sshr	v18.8h, v14.8h, #15
+	sshr	v19.8h, v15.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v12.8h, v12.8h, v16.8h
+	add	v13.8h, v13.8h, v17.8h
+	add	v14.8h, v14.8h, v18.8h
+	add	v15.8h, v15.8h, v19.8h
+	st4	{v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40
+	st4	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	st4	{v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40
+	st4	{v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40
+	ld4	{v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40
+	ld4	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	ld4	{v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40
+	ld4	{v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	sub	v0.8h, v0.8h, v20.8h
+	sub	v1.8h, v1.8h, v20.8h
+	sub	v2.8h, v2.8h, v20.8h
+	sub	v3.8h, v3.8h, v20.8h
+	sub	v4.8h, v4.8h, v20.8h
+	sub	v5.8h, v5.8h, v20.8h
+	sub	v6.8h, v6.8h, v20.8h
+	sub	v7.8h, v7.8h, v20.8h
+	sub	v8.8h, v8.8h, v20.8h
+	sub	v9.8h, v9.8h, v20.8h
+	sub	v10.8h, v10.8h, v20.8h
+	sub	v11.8h, v11.8h, v20.8h
+	sub	v12.8h, v12.8h, v20.8h
+	sub	v13.8h, v13.8h, v20.8h
+	sub	v14.8h, v14.8h, v20.8h
+	sub	v15.8h, v15.8h, v20.8h
+	sshr	v16.8h, v0.8h, #15
+	sshr	v17.8h, v1.8h, #15
+	sshr	v18.8h, v2.8h, #15
+	sshr	v19.8h, v3.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v0.8h, v0.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	sshr	v16.8h, v4.8h, #15
+	sshr	v17.8h, v5.8h, #15
+	sshr	v18.8h, v6.8h, #15
+	sshr	v19.8h, v7.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v4.8h, v4.8h, v16.8h
+	add	v5.8h, v5.8h, v17.8h
+	add	v6.8h, v6.8h, v18.8h
+	add	v7.8h, v7.8h, v19.8h
+	sshr	v16.8h, v8.8h, #15
+	sshr	v17.8h, v9.8h, #15
+	sshr	v18.8h, v10.8h, #15
+	sshr	v19.8h, v11.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v8.8h, v8.8h, v16.8h
+	add	v9.8h, v9.8h, v17.8h
+	add	v10.8h, v10.8h, v18.8h
+	add	v11.8h, v11.8h, v19.8h
+	sshr	v16.8h, v12.8h, #15
+	sshr	v17.8h, v13.8h, #15
+	sshr	v18.8h, v14.8h, #15
+	sshr	v19.8h, v15.8h, #15
+	and	v16.16b, v16.16b, v20.16b
+	and	v17.16b, v17.16b, v20.16b
+	and	v18.16b, v18.16b, v20.16b
+	and	v19.16b, v19.16b, v20.16b
+	add	v12.8h, v12.8h, v16.8h
+	add	v13.8h, v13.8h, v17.8h
+	add	v14.8h, v14.8h, v18.8h
+	add	v15.8h, v15.8h, v19.8h
+	st4	{v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40
+	st4	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	st4	{v8.8h, v9.8h, v10.8h, v11.8h}, [x0], #0x40
+	st4	{v12.8h, v13.8h, v14.8h, v15.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_csubq_neon,.-mlkem_csubq_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	mlkem_add_reduce
+.type	mlkem_add_reduce,@function
+.align	2
+mlkem_add_reduce:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_add_reduce
+.p2align	2
+_mlkem_add_reduce:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_mlkem_aarch64_consts
+	add  x2, x2, :lo12:L_mlkem_aarch64_consts
+#else
+	adrp x2, L_mlkem_aarch64_consts@PAGE
+	add  x2, x2, :lo12:L_mlkem_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x2]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_add_reduce,.-mlkem_add_reduce
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	mlkem_add3_reduce
+.type	mlkem_add3_reduce,@function
+.align	2
+mlkem_add3_reduce:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_add3_reduce
+.p2align	2
+_mlkem_add3_reduce:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x3, L_mlkem_aarch64_consts
+	add  x3, x3, :lo12:L_mlkem_aarch64_consts
+#else
+	adrp x3, L_mlkem_aarch64_consts@PAGE
+	add  x3, x3, :lo12:L_mlkem_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x3]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40
+	ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	add	v4.8h, v4.8h, v20.8h
+	add	v5.8h, v5.8h, v21.8h
+	add	v6.8h, v6.8h, v22.8h
+	add	v7.8h, v7.8h, v23.8h
+	add	v8.8h, v8.8h, v24.8h
+	sqdmulh	v25.8h, v1.8h, v0.h[2]
+	sqdmulh	v26.8h, v2.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v1.8h, v25.8h, v0.h[0]
+	mls	v2.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v3.8h, v0.h[2]
+	sqdmulh	v26.8h, v4.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v3.8h, v25.8h, v0.h[0]
+	mls	v4.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v5.8h, v0.h[2]
+	sqdmulh	v26.8h, v6.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v5.8h, v25.8h, v0.h[0]
+	mls	v6.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v7.8h, v0.h[2]
+	sqdmulh	v26.8h, v8.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v7.8h, v25.8h, v0.h[0]
+	mls	v8.8h, v26.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40
+	ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	add	v4.8h, v4.8h, v20.8h
+	add	v5.8h, v5.8h, v21.8h
+	add	v6.8h, v6.8h, v22.8h
+	add	v7.8h, v7.8h, v23.8h
+	add	v8.8h, v8.8h, v24.8h
+	sqdmulh	v25.8h, v1.8h, v0.h[2]
+	sqdmulh	v26.8h, v2.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v1.8h, v25.8h, v0.h[0]
+	mls	v2.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v3.8h, v0.h[2]
+	sqdmulh	v26.8h, v4.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v3.8h, v25.8h, v0.h[0]
+	mls	v4.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v5.8h, v0.h[2]
+	sqdmulh	v26.8h, v6.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v5.8h, v25.8h, v0.h[0]
+	mls	v6.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v7.8h, v0.h[2]
+	sqdmulh	v26.8h, v8.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v7.8h, v25.8h, v0.h[0]
+	mls	v8.8h, v26.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40
+	ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	add	v4.8h, v4.8h, v20.8h
+	add	v5.8h, v5.8h, v21.8h
+	add	v6.8h, v6.8h, v22.8h
+	add	v7.8h, v7.8h, v23.8h
+	add	v8.8h, v8.8h, v24.8h
+	sqdmulh	v25.8h, v1.8h, v0.h[2]
+	sqdmulh	v26.8h, v2.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v1.8h, v25.8h, v0.h[0]
+	mls	v2.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v3.8h, v0.h[2]
+	sqdmulh	v26.8h, v4.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v3.8h, v25.8h, v0.h[0]
+	mls	v4.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v5.8h, v0.h[2]
+	sqdmulh	v26.8h, v6.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v5.8h, v25.8h, v0.h[0]
+	mls	v6.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v7.8h, v0.h[2]
+	sqdmulh	v26.8h, v8.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v7.8h, v25.8h, v0.h[0]
+	mls	v8.8h, v26.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [x2], #0x40
+	ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [x2], #0x40
+	sub	x0, x0, #0x80
+	add	v1.8h, v1.8h, v9.8h
+	add	v2.8h, v2.8h, v10.8h
+	add	v3.8h, v3.8h, v11.8h
+	add	v4.8h, v4.8h, v12.8h
+	add	v5.8h, v5.8h, v13.8h
+	add	v6.8h, v6.8h, v14.8h
+	add	v7.8h, v7.8h, v15.8h
+	add	v8.8h, v8.8h, v16.8h
+	add	v1.8h, v1.8h, v17.8h
+	add	v2.8h, v2.8h, v18.8h
+	add	v3.8h, v3.8h, v19.8h
+	add	v4.8h, v4.8h, v20.8h
+	add	v5.8h, v5.8h, v21.8h
+	add	v6.8h, v6.8h, v22.8h
+	add	v7.8h, v7.8h, v23.8h
+	add	v8.8h, v8.8h, v24.8h
+	sqdmulh	v25.8h, v1.8h, v0.h[2]
+	sqdmulh	v26.8h, v2.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v1.8h, v25.8h, v0.h[0]
+	mls	v2.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v3.8h, v0.h[2]
+	sqdmulh	v26.8h, v4.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v3.8h, v25.8h, v0.h[0]
+	mls	v4.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v5.8h, v0.h[2]
+	sqdmulh	v26.8h, v6.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v5.8h, v25.8h, v0.h[0]
+	mls	v6.8h, v26.8h, v0.h[0]
+	sqdmulh	v25.8h, v7.8h, v0.h[2]
+	sqdmulh	v26.8h, v8.8h, v0.h[2]
+	sshr	v25.8h, v25.8h, #11
+	sshr	v26.8h, v26.8h, #11
+	mls	v7.8h, v25.8h, v0.h[0]
+	mls	v8.8h, v26.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_add3_reduce,.-mlkem_add3_reduce
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	mlkem_rsub_reduce
+.type	mlkem_rsub_reduce,@function
+.align	2
+mlkem_rsub_reduce:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_rsub_reduce
+.p2align	2
+_mlkem_rsub_reduce:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_mlkem_aarch64_consts
+	add  x2, x2, :lo12:L_mlkem_aarch64_consts
+#else
+	adrp x2, L_mlkem_aarch64_consts@PAGE
+	add  x2, x2, :lo12:L_mlkem_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x2]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	sub	v1.8h, v9.8h, v1.8h
+	sub	v2.8h, v10.8h, v2.8h
+	sub	v3.8h, v11.8h, v3.8h
+	sub	v4.8h, v12.8h, v4.8h
+	sub	v5.8h, v13.8h, v5.8h
+	sub	v6.8h, v14.8h, v6.8h
+	sub	v7.8h, v15.8h, v7.8h
+	sub	v8.8h, v16.8h, v8.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	sub	v1.8h, v9.8h, v1.8h
+	sub	v2.8h, v10.8h, v2.8h
+	sub	v3.8h, v11.8h, v3.8h
+	sub	v4.8h, v12.8h, v4.8h
+	sub	v5.8h, v13.8h, v5.8h
+	sub	v6.8h, v14.8h, v6.8h
+	sub	v7.8h, v15.8h, v7.8h
+	sub	v8.8h, v16.8h, v8.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	sub	v1.8h, v9.8h, v1.8h
+	sub	v2.8h, v10.8h, v2.8h
+	sub	v3.8h, v11.8h, v3.8h
+	sub	v4.8h, v12.8h, v4.8h
+	sub	v5.8h, v13.8h, v5.8h
+	sub	v6.8h, v14.8h, v6.8h
+	sub	v7.8h, v15.8h, v7.8h
+	sub	v8.8h, v16.8h, v8.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x1], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x1], #0x40
+	sub	x0, x0, #0x80
+	sub	v1.8h, v9.8h, v1.8h
+	sub	v2.8h, v10.8h, v2.8h
+	sub	v3.8h, v11.8h, v3.8h
+	sub	v4.8h, v12.8h, v4.8h
+	sub	v5.8h, v13.8h, v5.8h
+	sub	v6.8h, v14.8h, v6.8h
+	sub	v7.8h, v15.8h, v7.8h
+	sub	v8.8h, v16.8h, v8.8h
+	sqdmulh	v17.8h, v1.8h, v0.h[2]
+	sqdmulh	v18.8h, v2.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v1.8h, v17.8h, v0.h[0]
+	mls	v2.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v3.8h, v0.h[2]
+	sqdmulh	v18.8h, v4.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v3.8h, v17.8h, v0.h[0]
+	mls	v4.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v5.8h, v0.h[2]
+	sqdmulh	v18.8h, v6.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v5.8h, v17.8h, v0.h[0]
+	mls	v6.8h, v18.8h, v0.h[0]
+	sqdmulh	v17.8h, v7.8h, v0.h[2]
+	sqdmulh	v18.8h, v8.8h, v0.h[2]
+	sshr	v17.8h, v17.8h, #11
+	sshr	v18.8h, v18.8h, #11
+	mls	v7.8h, v17.8h, v0.h[0]
+	mls	v8.8h, v18.8h, v0.h[0]
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_rsub_reduce,.-mlkem_rsub_reduce
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	mlkem_to_mont
+.type	mlkem_to_mont,@function
+.align	2
+mlkem_to_mont:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_to_mont
+.p2align	2
+_mlkem_to_mont:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x1, L_mlkem_aarch64_consts
+	add  x1, x1, :lo12:L_mlkem_aarch64_consts
+#else
+	adrp x1, L_mlkem_aarch64_consts@PAGE
+	add  x1, x1, :lo12:L_mlkem_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x1]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	mul	v17.8h, v1.8h, v0.h[4]
+	mul	v18.8h, v2.8h, v0.h[4]
+	sqrdmulh	v1.8h, v1.8h, v0.h[3]
+	sqrdmulh	v2.8h, v2.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v1.8h, v1.8h, v17.8h
+	sub	v2.8h, v2.8h, v18.8h
+	sshr	v1.8h, v1.8h, #1
+	sshr	v2.8h, v2.8h, #1
+	mul	v17.8h, v3.8h, v0.h[4]
+	mul	v18.8h, v4.8h, v0.h[4]
+	sqrdmulh	v3.8h, v3.8h, v0.h[3]
+	sqrdmulh	v4.8h, v4.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v3.8h, v3.8h, v17.8h
+	sub	v4.8h, v4.8h, v18.8h
+	sshr	v3.8h, v3.8h, #1
+	sshr	v4.8h, v4.8h, #1
+	mul	v17.8h, v5.8h, v0.h[4]
+	mul	v18.8h, v6.8h, v0.h[4]
+	sqrdmulh	v5.8h, v5.8h, v0.h[3]
+	sqrdmulh	v6.8h, v6.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v5.8h, v5.8h, v17.8h
+	sub	v6.8h, v6.8h, v18.8h
+	sshr	v5.8h, v5.8h, #1
+	sshr	v6.8h, v6.8h, #1
+	mul	v17.8h, v7.8h, v0.h[4]
+	mul	v18.8h, v8.8h, v0.h[4]
+	sqrdmulh	v7.8h, v7.8h, v0.h[3]
+	sqrdmulh	v8.8h, v8.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v7.8h, v7.8h, v17.8h
+	sub	v8.8h, v8.8h, v18.8h
+	sshr	v7.8h, v7.8h, #1
+	sshr	v8.8h, v8.8h, #1
+	mul	v17.8h, v9.8h, v0.h[4]
+	mul	v18.8h, v10.8h, v0.h[4]
+	sqrdmulh	v9.8h, v9.8h, v0.h[3]
+	sqrdmulh	v10.8h, v10.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v9.8h, v9.8h, v17.8h
+	sub	v10.8h, v10.8h, v18.8h
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v17.8h, v11.8h, v0.h[4]
+	mul	v18.8h, v12.8h, v0.h[4]
+	sqrdmulh	v11.8h, v11.8h, v0.h[3]
+	sqrdmulh	v12.8h, v12.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v11.8h, v11.8h, v17.8h
+	sub	v12.8h, v12.8h, v18.8h
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v17.8h, v13.8h, v0.h[4]
+	mul	v18.8h, v14.8h, v0.h[4]
+	sqrdmulh	v13.8h, v13.8h, v0.h[3]
+	sqrdmulh	v14.8h, v14.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v13.8h, v13.8h, v17.8h
+	sub	v14.8h, v14.8h, v18.8h
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v17.8h, v15.8h, v0.h[4]
+	mul	v18.8h, v16.8h, v0.h[4]
+	sqrdmulh	v15.8h, v15.8h, v0.h[3]
+	sqrdmulh	v16.8h, v16.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v15.8h, v15.8h, v17.8h
+	sub	v16.8h, v16.8h, v18.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	mul	v17.8h, v1.8h, v0.h[4]
+	mul	v18.8h, v2.8h, v0.h[4]
+	sqrdmulh	v1.8h, v1.8h, v0.h[3]
+	sqrdmulh	v2.8h, v2.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v1.8h, v1.8h, v17.8h
+	sub	v2.8h, v2.8h, v18.8h
+	sshr	v1.8h, v1.8h, #1
+	sshr	v2.8h, v2.8h, #1
+	mul	v17.8h, v3.8h, v0.h[4]
+	mul	v18.8h, v4.8h, v0.h[4]
+	sqrdmulh	v3.8h, v3.8h, v0.h[3]
+	sqrdmulh	v4.8h, v4.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v3.8h, v3.8h, v17.8h
+	sub	v4.8h, v4.8h, v18.8h
+	sshr	v3.8h, v3.8h, #1
+	sshr	v4.8h, v4.8h, #1
+	mul	v17.8h, v5.8h, v0.h[4]
+	mul	v18.8h, v6.8h, v0.h[4]
+	sqrdmulh	v5.8h, v5.8h, v0.h[3]
+	sqrdmulh	v6.8h, v6.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v5.8h, v5.8h, v17.8h
+	sub	v6.8h, v6.8h, v18.8h
+	sshr	v5.8h, v5.8h, #1
+	sshr	v6.8h, v6.8h, #1
+	mul	v17.8h, v7.8h, v0.h[4]
+	mul	v18.8h, v8.8h, v0.h[4]
+	sqrdmulh	v7.8h, v7.8h, v0.h[3]
+	sqrdmulh	v8.8h, v8.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v7.8h, v7.8h, v17.8h
+	sub	v8.8h, v8.8h, v18.8h
+	sshr	v7.8h, v7.8h, #1
+	sshr	v8.8h, v8.8h, #1
+	mul	v17.8h, v9.8h, v0.h[4]
+	mul	v18.8h, v10.8h, v0.h[4]
+	sqrdmulh	v9.8h, v9.8h, v0.h[3]
+	sqrdmulh	v10.8h, v10.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v9.8h, v9.8h, v17.8h
+	sub	v10.8h, v10.8h, v18.8h
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v17.8h, v11.8h, v0.h[4]
+	mul	v18.8h, v12.8h, v0.h[4]
+	sqrdmulh	v11.8h, v11.8h, v0.h[3]
+	sqrdmulh	v12.8h, v12.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v11.8h, v11.8h, v17.8h
+	sub	v12.8h, v12.8h, v18.8h
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v17.8h, v13.8h, v0.h[4]
+	mul	v18.8h, v14.8h, v0.h[4]
+	sqrdmulh	v13.8h, v13.8h, v0.h[3]
+	sqrdmulh	v14.8h, v14.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v13.8h, v13.8h, v17.8h
+	sub	v14.8h, v14.8h, v18.8h
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v17.8h, v15.8h, v0.h[4]
+	mul	v18.8h, v16.8h, v0.h[4]
+	sqrdmulh	v15.8h, v15.8h, v0.h[3]
+	sqrdmulh	v16.8h, v16.8h, v0.h[3]
+	sqrdmulh	v17.8h, v17.8h, v0.h[0]
+	sqrdmulh	v18.8h, v18.8h, v0.h[0]
+	sub	v15.8h, v15.8h, v17.8h
+	sub	v16.8h, v16.8h, v18.8h
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_to_mont,.-mlkem_to_mont
+#endif /* __APPLE__ */
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+#ifndef __APPLE__
+.text
+.globl	mlkem_to_mont_sqrdmlsh
+.type	mlkem_to_mont_sqrdmlsh,@function
+.align	2
+mlkem_to_mont_sqrdmlsh:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_to_mont_sqrdmlsh
+.p2align	2
+_mlkem_to_mont_sqrdmlsh:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x1, L_mlkem_aarch64_consts
+	add  x1, x1, :lo12:L_mlkem_aarch64_consts
+#else
+	adrp x1, L_mlkem_aarch64_consts@PAGE
+	add  x1, x1, :lo12:L_mlkem_aarch64_consts@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x1]
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	mul	v17.8h, v1.8h, v0.h[4]
+	mul	v18.8h, v2.8h, v0.h[4]
+	sqrdmulh	v1.8h, v1.8h, v0.h[3]
+	sqrdmulh	v2.8h, v2.8h, v0.h[3]
+	sqrdmlsh	v1.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v2.8h, v18.8h, v0.h[0]
+	sshr	v1.8h, v1.8h, #1
+	sshr	v2.8h, v2.8h, #1
+	mul	v17.8h, v3.8h, v0.h[4]
+	mul	v18.8h, v4.8h, v0.h[4]
+	sqrdmulh	v3.8h, v3.8h, v0.h[3]
+	sqrdmulh	v4.8h, v4.8h, v0.h[3]
+	sqrdmlsh	v3.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v4.8h, v18.8h, v0.h[0]
+	sshr	v3.8h, v3.8h, #1
+	sshr	v4.8h, v4.8h, #1
+	mul	v17.8h, v5.8h, v0.h[4]
+	mul	v18.8h, v6.8h, v0.h[4]
+	sqrdmulh	v5.8h, v5.8h, v0.h[3]
+	sqrdmulh	v6.8h, v6.8h, v0.h[3]
+	sqrdmlsh	v5.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v6.8h, v18.8h, v0.h[0]
+	sshr	v5.8h, v5.8h, #1
+	sshr	v6.8h, v6.8h, #1
+	mul	v17.8h, v7.8h, v0.h[4]
+	mul	v18.8h, v8.8h, v0.h[4]
+	sqrdmulh	v7.8h, v7.8h, v0.h[3]
+	sqrdmulh	v8.8h, v8.8h, v0.h[3]
+	sqrdmlsh	v7.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v8.8h, v18.8h, v0.h[0]
+	sshr	v7.8h, v7.8h, #1
+	sshr	v8.8h, v8.8h, #1
+	mul	v17.8h, v9.8h, v0.h[4]
+	mul	v18.8h, v10.8h, v0.h[4]
+	sqrdmulh	v9.8h, v9.8h, v0.h[3]
+	sqrdmulh	v10.8h, v10.8h, v0.h[3]
+	sqrdmlsh	v9.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v10.8h, v18.8h, v0.h[0]
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v17.8h, v11.8h, v0.h[4]
+	mul	v18.8h, v12.8h, v0.h[4]
+	sqrdmulh	v11.8h, v11.8h, v0.h[3]
+	sqrdmulh	v12.8h, v12.8h, v0.h[3]
+	sqrdmlsh	v11.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v12.8h, v18.8h, v0.h[0]
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v17.8h, v13.8h, v0.h[4]
+	mul	v18.8h, v14.8h, v0.h[4]
+	sqrdmulh	v13.8h, v13.8h, v0.h[3]
+	sqrdmulh	v14.8h, v14.8h, v0.h[3]
+	sqrdmlsh	v13.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v14.8h, v18.8h, v0.h[0]
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v17.8h, v15.8h, v0.h[4]
+	mul	v18.8h, v16.8h, v0.h[4]
+	sqrdmulh	v15.8h, v15.8h, v0.h[3]
+	sqrdmulh	v16.8h, v16.8h, v0.h[3]
+	sqrdmlsh	v15.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v16.8h, v18.8h, v0.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	sub	x0, x0, #0x100
+	mul	v17.8h, v1.8h, v0.h[4]
+	mul	v18.8h, v2.8h, v0.h[4]
+	sqrdmulh	v1.8h, v1.8h, v0.h[3]
+	sqrdmulh	v2.8h, v2.8h, v0.h[3]
+	sqrdmlsh	v1.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v2.8h, v18.8h, v0.h[0]
+	sshr	v1.8h, v1.8h, #1
+	sshr	v2.8h, v2.8h, #1
+	mul	v17.8h, v3.8h, v0.h[4]
+	mul	v18.8h, v4.8h, v0.h[4]
+	sqrdmulh	v3.8h, v3.8h, v0.h[3]
+	sqrdmulh	v4.8h, v4.8h, v0.h[3]
+	sqrdmlsh	v3.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v4.8h, v18.8h, v0.h[0]
+	sshr	v3.8h, v3.8h, #1
+	sshr	v4.8h, v4.8h, #1
+	mul	v17.8h, v5.8h, v0.h[4]
+	mul	v18.8h, v6.8h, v0.h[4]
+	sqrdmulh	v5.8h, v5.8h, v0.h[3]
+	sqrdmulh	v6.8h, v6.8h, v0.h[3]
+	sqrdmlsh	v5.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v6.8h, v18.8h, v0.h[0]
+	sshr	v5.8h, v5.8h, #1
+	sshr	v6.8h, v6.8h, #1
+	mul	v17.8h, v7.8h, v0.h[4]
+	mul	v18.8h, v8.8h, v0.h[4]
+	sqrdmulh	v7.8h, v7.8h, v0.h[3]
+	sqrdmulh	v8.8h, v8.8h, v0.h[3]
+	sqrdmlsh	v7.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v8.8h, v18.8h, v0.h[0]
+	sshr	v7.8h, v7.8h, #1
+	sshr	v8.8h, v8.8h, #1
+	mul	v17.8h, v9.8h, v0.h[4]
+	mul	v18.8h, v10.8h, v0.h[4]
+	sqrdmulh	v9.8h, v9.8h, v0.h[3]
+	sqrdmulh	v10.8h, v10.8h, v0.h[3]
+	sqrdmlsh	v9.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v10.8h, v18.8h, v0.h[0]
+	sshr	v9.8h, v9.8h, #1
+	sshr	v10.8h, v10.8h, #1
+	mul	v17.8h, v11.8h, v0.h[4]
+	mul	v18.8h, v12.8h, v0.h[4]
+	sqrdmulh	v11.8h, v11.8h, v0.h[3]
+	sqrdmulh	v12.8h, v12.8h, v0.h[3]
+	sqrdmlsh	v11.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v12.8h, v18.8h, v0.h[0]
+	sshr	v11.8h, v11.8h, #1
+	sshr	v12.8h, v12.8h, #1
+	mul	v17.8h, v13.8h, v0.h[4]
+	mul	v18.8h, v14.8h, v0.h[4]
+	sqrdmulh	v13.8h, v13.8h, v0.h[3]
+	sqrdmulh	v14.8h, v14.8h, v0.h[3]
+	sqrdmlsh	v13.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v14.8h, v18.8h, v0.h[0]
+	sshr	v13.8h, v13.8h, #1
+	sshr	v14.8h, v14.8h, #1
+	mul	v17.8h, v15.8h, v0.h[4]
+	mul	v18.8h, v16.8h, v0.h[4]
+	sqrdmulh	v15.8h, v15.8h, v0.h[3]
+	sqrdmulh	v16.8h, v16.8h, v0.h[3]
+	sqrdmlsh	v15.8h, v17.8h, v0.h[0]
+	sqrdmlsh	v16.8h, v18.8h, v0.h[0]
+	sshr	v15.8h, v15.8h, #1
+	sshr	v16.8h, v16.8h, #1
+	st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40
+	st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [x0], #0x40
+	st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [x0], #0x40
+	st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_to_mont_sqrdmlsh,.-mlkem_to_mont_sqrdmlsh
+#endif /* __APPLE__ */
+#endif /* WOLFSSL_AARCH64_NO_SQRDMLSH */
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_to_msg_low, %object
+	.section	.rodata
+	.size	L_mlkem_to_msg_low, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_to_msg_low:
+	.short	0x0373,0x0373,0x0373,0x0373,0x0373,0x0373,0x0373,0x0373
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_to_msg_high, %object
+	.section	.rodata
+	.size	L_mlkem_to_msg_high, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_to_msg_high:
+	.short	0x09c0,0x09c0,0x09c0,0x09c0,0x09c0,0x09c0,0x09c0,0x09c0
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_to_msg_bits, %object
+	.section	.rodata
+	.size	L_mlkem_to_msg_bits, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_to_msg_bits:
+	.short	0x0001,0x0002,0x0004,0x0008,0x0010,0x0020,0x0040,0x0080
+#ifndef __APPLE__
+.text
+.globl	mlkem_to_msg_neon
+.type	mlkem_to_msg_neon,@function
+.align	2
+mlkem_to_msg_neon:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_to_msg_neon
+.p2align	2
+_mlkem_to_msg_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-80]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+	stp	d14, d15, [x29, #64]
+#ifndef __APPLE__
+	adrp x2, L_mlkem_to_msg_low
+	add  x2, x2, :lo12:L_mlkem_to_msg_low
+#else
+	adrp x2, L_mlkem_to_msg_low@PAGE
+	add  x2, x2, :lo12:L_mlkem_to_msg_low@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_mlkem_to_msg_high
+	add  x3, x3, :lo12:L_mlkem_to_msg_high
+#else
+	adrp x3, L_mlkem_to_msg_high@PAGE
+	add  x3, x3, :lo12:L_mlkem_to_msg_high@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x4, L_mlkem_to_msg_bits
+	add  x4, x4, :lo12:L_mlkem_to_msg_bits
+#else
+	adrp x4, L_mlkem_to_msg_bits@PAGE
+	add  x4, x4, :lo12:L_mlkem_to_msg_bits@PAGEOFF
+#endif /* __APPLE__ */
+	ldr	q0, [x2]
+	ldr	q1, [x3]
+	ldr	q26, [x4]
+	ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40
+	ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40
+	cmge	v10.8h, v2.8h, v0.8h
+	cmge	v18.8h, v1.8h, v2.8h
+	cmge	v11.8h, v3.8h, v0.8h
+	cmge	v19.8h, v1.8h, v3.8h
+	cmge	v12.8h, v4.8h, v0.8h
+	cmge	v20.8h, v1.8h, v4.8h
+	cmge	v13.8h, v5.8h, v0.8h
+	cmge	v21.8h, v1.8h, v5.8h
+	cmge	v14.8h, v6.8h, v0.8h
+	cmge	v22.8h, v1.8h, v6.8h
+	cmge	v15.8h, v7.8h, v0.8h
+	cmge	v23.8h, v1.8h, v7.8h
+	cmge	v16.8h, v8.8h, v0.8h
+	cmge	v24.8h, v1.8h, v8.8h
+	cmge	v17.8h, v9.8h, v0.8h
+	cmge	v25.8h, v1.8h, v9.8h
+	and	v18.16b, v18.16b, v10.16b
+	and	v19.16b, v19.16b, v11.16b
+	and	v20.16b, v20.16b, v12.16b
+	and	v21.16b, v21.16b, v13.16b
+	and	v22.16b, v22.16b, v14.16b
+	and	v23.16b, v23.16b, v15.16b
+	and	v24.16b, v24.16b, v16.16b
+	and	v25.16b, v25.16b, v17.16b
+	and	v18.16b, v18.16b, v26.16b
+	and	v19.16b, v19.16b, v26.16b
+	and	v20.16b, v20.16b, v26.16b
+	and	v21.16b, v21.16b, v26.16b
+	and	v22.16b, v22.16b, v26.16b
+	and	v23.16b, v23.16b, v26.16b
+	and	v24.16b, v24.16b, v26.16b
+	and	v25.16b, v25.16b, v26.16b
+	addv	h18, v18.8h
+	addv	h19, v19.8h
+	addv	h20, v20.8h
+	addv	h21, v21.8h
+	addv	h22, v22.8h
+	addv	h23, v23.8h
+	addv	h24, v24.8h
+	addv	h25, v25.8h
+	ins	v18.b[1], v19.b[0]
+	ins	v18.b[2], v20.b[0]
+	ins	v18.b[3], v21.b[0]
+	ins	v18.b[4], v22.b[0]
+	ins	v18.b[5], v23.b[0]
+	ins	v18.b[6], v24.b[0]
+	ins	v18.b[7], v25.b[0]
+	st1	{v18.8b}, [x0], #8
+	ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40
+	ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40
+	cmge	v10.8h, v2.8h, v0.8h
+	cmge	v18.8h, v1.8h, v2.8h
+	cmge	v11.8h, v3.8h, v0.8h
+	cmge	v19.8h, v1.8h, v3.8h
+	cmge	v12.8h, v4.8h, v0.8h
+	cmge	v20.8h, v1.8h, v4.8h
+	cmge	v13.8h, v5.8h, v0.8h
+	cmge	v21.8h, v1.8h, v5.8h
+	cmge	v14.8h, v6.8h, v0.8h
+	cmge	v22.8h, v1.8h, v6.8h
+	cmge	v15.8h, v7.8h, v0.8h
+	cmge	v23.8h, v1.8h, v7.8h
+	cmge	v16.8h, v8.8h, v0.8h
+	cmge	v24.8h, v1.8h, v8.8h
+	cmge	v17.8h, v9.8h, v0.8h
+	cmge	v25.8h, v1.8h, v9.8h
+	and	v18.16b, v18.16b, v10.16b
+	and	v19.16b, v19.16b, v11.16b
+	and	v20.16b, v20.16b, v12.16b
+	and	v21.16b, v21.16b, v13.16b
+	and	v22.16b, v22.16b, v14.16b
+	and	v23.16b, v23.16b, v15.16b
+	and	v24.16b, v24.16b, v16.16b
+	and	v25.16b, v25.16b, v17.16b
+	and	v18.16b, v18.16b, v26.16b
+	and	v19.16b, v19.16b, v26.16b
+	and	v20.16b, v20.16b, v26.16b
+	and	v21.16b, v21.16b, v26.16b
+	and	v22.16b, v22.16b, v26.16b
+	and	v23.16b, v23.16b, v26.16b
+	and	v24.16b, v24.16b, v26.16b
+	and	v25.16b, v25.16b, v26.16b
+	addv	h18, v18.8h
+	addv	h19, v19.8h
+	addv	h20, v20.8h
+	addv	h21, v21.8h
+	addv	h22, v22.8h
+	addv	h23, v23.8h
+	addv	h24, v24.8h
+	addv	h25, v25.8h
+	ins	v18.b[1], v19.b[0]
+	ins	v18.b[2], v20.b[0]
+	ins	v18.b[3], v21.b[0]
+	ins	v18.b[4], v22.b[0]
+	ins	v18.b[5], v23.b[0]
+	ins	v18.b[6], v24.b[0]
+	ins	v18.b[7], v25.b[0]
+	st1	{v18.8b}, [x0], #8
+	ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40
+	ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40
+	cmge	v10.8h, v2.8h, v0.8h
+	cmge	v18.8h, v1.8h, v2.8h
+	cmge	v11.8h, v3.8h, v0.8h
+	cmge	v19.8h, v1.8h, v3.8h
+	cmge	v12.8h, v4.8h, v0.8h
+	cmge	v20.8h, v1.8h, v4.8h
+	cmge	v13.8h, v5.8h, v0.8h
+	cmge	v21.8h, v1.8h, v5.8h
+	cmge	v14.8h, v6.8h, v0.8h
+	cmge	v22.8h, v1.8h, v6.8h
+	cmge	v15.8h, v7.8h, v0.8h
+	cmge	v23.8h, v1.8h, v7.8h
+	cmge	v16.8h, v8.8h, v0.8h
+	cmge	v24.8h, v1.8h, v8.8h
+	cmge	v17.8h, v9.8h, v0.8h
+	cmge	v25.8h, v1.8h, v9.8h
+	and	v18.16b, v18.16b, v10.16b
+	and	v19.16b, v19.16b, v11.16b
+	and	v20.16b, v20.16b, v12.16b
+	and	v21.16b, v21.16b, v13.16b
+	and	v22.16b, v22.16b, v14.16b
+	and	v23.16b, v23.16b, v15.16b
+	and	v24.16b, v24.16b, v16.16b
+	and	v25.16b, v25.16b, v17.16b
+	and	v18.16b, v18.16b, v26.16b
+	and	v19.16b, v19.16b, v26.16b
+	and	v20.16b, v20.16b, v26.16b
+	and	v21.16b, v21.16b, v26.16b
+	and	v22.16b, v22.16b, v26.16b
+	and	v23.16b, v23.16b, v26.16b
+	and	v24.16b, v24.16b, v26.16b
+	and	v25.16b, v25.16b, v26.16b
+	addv	h18, v18.8h
+	addv	h19, v19.8h
+	addv	h20, v20.8h
+	addv	h21, v21.8h
+	addv	h22, v22.8h
+	addv	h23, v23.8h
+	addv	h24, v24.8h
+	addv	h25, v25.8h
+	ins	v18.b[1], v19.b[0]
+	ins	v18.b[2], v20.b[0]
+	ins	v18.b[3], v21.b[0]
+	ins	v18.b[4], v22.b[0]
+	ins	v18.b[5], v23.b[0]
+	ins	v18.b[6], v24.b[0]
+	ins	v18.b[7], v25.b[0]
+	st1	{v18.8b}, [x0], #8
+	ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [x1], #0x40
+	ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [x1], #0x40
+	cmge	v10.8h, v2.8h, v0.8h
+	cmge	v18.8h, v1.8h, v2.8h
+	cmge	v11.8h, v3.8h, v0.8h
+	cmge	v19.8h, v1.8h, v3.8h
+	cmge	v12.8h, v4.8h, v0.8h
+	cmge	v20.8h, v1.8h, v4.8h
+	cmge	v13.8h, v5.8h, v0.8h
+	cmge	v21.8h, v1.8h, v5.8h
+	cmge	v14.8h, v6.8h, v0.8h
+	cmge	v22.8h, v1.8h, v6.8h
+	cmge	v15.8h, v7.8h, v0.8h
+	cmge	v23.8h, v1.8h, v7.8h
+	cmge	v16.8h, v8.8h, v0.8h
+	cmge	v24.8h, v1.8h, v8.8h
+	cmge	v17.8h, v9.8h, v0.8h
+	cmge	v25.8h, v1.8h, v9.8h
+	and	v18.16b, v18.16b, v10.16b
+	and	v19.16b, v19.16b, v11.16b
+	and	v20.16b, v20.16b, v12.16b
+	and	v21.16b, v21.16b, v13.16b
+	and	v22.16b, v22.16b, v14.16b
+	and	v23.16b, v23.16b, v15.16b
+	and	v24.16b, v24.16b, v16.16b
+	and	v25.16b, v25.16b, v17.16b
+	and	v18.16b, v18.16b, v26.16b
+	and	v19.16b, v19.16b, v26.16b
+	and	v20.16b, v20.16b, v26.16b
+	and	v21.16b, v21.16b, v26.16b
+	and	v22.16b, v22.16b, v26.16b
+	and	v23.16b, v23.16b, v26.16b
+	and	v24.16b, v24.16b, v26.16b
+	and	v25.16b, v25.16b, v26.16b
+	addv	h18, v18.8h
+	addv	h19, v19.8h
+	addv	h20, v20.8h
+	addv	h21, v21.8h
+	addv	h22, v22.8h
+	addv	h23, v23.8h
+	addv	h24, v24.8h
+	addv	h25, v25.8h
+	ins	v18.b[1], v19.b[0]
+	ins	v18.b[2], v20.b[0]
+	ins	v18.b[3], v21.b[0]
+	ins	v18.b[4], v22.b[0]
+	ins	v18.b[5], v23.b[0]
+	ins	v18.b[6], v24.b[0]
+	ins	v18.b[7], v25.b[0]
+	st1	{v18.8b}, [x0], #8
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	d14, d15, [x29, #64]
+	ldp	x29, x30, [sp], #0x50
+	ret
+#ifndef __APPLE__
+	.size	mlkem_to_msg_neon,.-mlkem_to_msg_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_from_msg_q1half, %object
+	.section	.rodata
+	.size	L_mlkem_from_msg_q1half, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_from_msg_q1half:
+	.short	0x0681,0x0681,0x0681,0x0681,0x0681,0x0681,0x0681,0x0681
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_from_msg_bits, %object
+	.section	.rodata
+	.size	L_mlkem_from_msg_bits, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	1
+#else
+	.p2align	1
+#endif /* __APPLE__ */
+L_mlkem_from_msg_bits:
+	.byte	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80
+	.byte	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80
+#ifndef __APPLE__
+.text
+.globl	mlkem_from_msg_neon
+.type	mlkem_from_msg_neon,@function
+.align	2
+mlkem_from_msg_neon:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_from_msg_neon
+.p2align	2
+_mlkem_from_msg_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-48]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+#ifndef __APPLE__
+	adrp x2, L_mlkem_from_msg_q1half
+	add  x2, x2, :lo12:L_mlkem_from_msg_q1half
+#else
+	adrp x2, L_mlkem_from_msg_q1half@PAGE
+	add  x2, x2, :lo12:L_mlkem_from_msg_q1half@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x3, L_mlkem_from_msg_bits
+	add  x3, x3, :lo12:L_mlkem_from_msg_bits
+#else
+	adrp x3, L_mlkem_from_msg_bits@PAGE
+	add  x3, x3, :lo12:L_mlkem_from_msg_bits@PAGEOFF
+#endif /* __APPLE__ */
+	ld1	{v2.16b, v3.16b}, [x1]
+	ldr	q1, [x2]
+	ldr	q0, [x3]
+	dup	v4.8b, v2.b[0]
+	dup	v5.8b, v2.b[1]
+	dup	v6.8b, v2.b[2]
+	dup	v7.8b, v2.b[3]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v2.b[4]
+	dup	v5.8b, v2.b[5]
+	dup	v6.8b, v2.b[6]
+	dup	v7.8b, v2.b[7]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v2.b[8]
+	dup	v5.8b, v2.b[9]
+	dup	v6.8b, v2.b[10]
+	dup	v7.8b, v2.b[11]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v2.b[12]
+	dup	v5.8b, v2.b[13]
+	dup	v6.8b, v2.b[14]
+	dup	v7.8b, v2.b[15]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v3.b[0]
+	dup	v5.8b, v3.b[1]
+	dup	v6.8b, v3.b[2]
+	dup	v7.8b, v3.b[3]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v3.b[4]
+	dup	v5.8b, v3.b[5]
+	dup	v6.8b, v3.b[6]
+	dup	v7.8b, v3.b[7]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v3.b[8]
+	dup	v5.8b, v3.b[9]
+	dup	v6.8b, v3.b[10]
+	dup	v7.8b, v3.b[11]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	dup	v4.8b, v3.b[12]
+	dup	v5.8b, v3.b[13]
+	dup	v6.8b, v3.b[14]
+	dup	v7.8b, v3.b[15]
+	cmtst	v4.8b, v4.8b, v0.8b
+	cmtst	v5.8b, v5.8b, v0.8b
+	cmtst	v6.8b, v6.8b, v0.8b
+	cmtst	v7.8b, v7.8b, v0.8b
+	zip1	v4.16b, v4.16b, v4.16b
+	zip1	v5.16b, v5.16b, v5.16b
+	zip1	v6.16b, v6.16b, v6.16b
+	zip1	v7.16b, v7.16b, v7.16b
+	and	v4.16b, v4.16b, v1.16b
+	and	v5.16b, v5.16b, v1.16b
+	and	v6.16b, v6.16b, v1.16b
+	and	v7.16b, v7.16b, v1.16b
+	st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [x0], #0x40
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	x29, x30, [sp], #48
+	ret
+#ifndef __APPLE__
+	.size	mlkem_from_msg_neon,.-mlkem_from_msg_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	mlkem_cmp_neon
+.type	mlkem_cmp_neon,@function
+.align	2
+mlkem_cmp_neon:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_cmp_neon
+.p2align	2
+_mlkem_cmp_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-48]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v8.16b, v0.16b, v4.16b
+	eor	v9.16b, v1.16b, v5.16b
+	eor	v10.16b, v2.16b, v6.16b
+	eor	v11.16b, v3.16b, v7.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	subs	w2, w2, #0x300
+	beq	L_mlkem_aarch64_cmp_neon_done
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	subs	w2, w2, #0x140
+	beq	L_mlkem_aarch64_cmp_neon_done
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40
+	ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	eor	v2.16b, v2.16b, v6.16b
+	eor	v3.16b, v3.16b, v7.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+	orr	v10.16b, v10.16b, v2.16b
+	orr	v11.16b, v11.16b, v3.16b
+	ld2	{v0.16b, v1.16b}, [x0]
+	ld2	{v4.16b, v5.16b}, [x1]
+	eor	v0.16b, v0.16b, v4.16b
+	eor	v1.16b, v1.16b, v5.16b
+	orr	v8.16b, v8.16b, v0.16b
+	orr	v9.16b, v9.16b, v1.16b
+L_mlkem_aarch64_cmp_neon_done:
+	orr	v8.16b, v8.16b, v9.16b
+	orr	v10.16b, v10.16b, v11.16b
+	orr	v8.16b, v8.16b, v10.16b
+	ins	v9.b[0], v8.b[1]
+	orr	v8.16b, v8.16b, v9.16b
+	mov	x0, v8.d[0]
+	subs	x0, x0, xzr
+	csetm	w0, ne
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	x29, x30, [sp], #48
+	ret
+#ifndef __APPLE__
+	.size	mlkem_cmp_neon,.-mlkem_cmp_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_rej_uniform_mask, %object
+	.section	.rodata
+	.size	L_mlkem_rej_uniform_mask, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_rej_uniform_mask:
+	.short	0x0fff,0x0fff,0x0fff,0x0fff,0x0fff,0x0fff,0x0fff,0x0fff
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_rej_uniform_bits, %object
+	.section	.rodata
+	.size	L_mlkem_rej_uniform_bits, 16
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	2
+#else
+	.p2align	2
+#endif /* __APPLE__ */
+L_mlkem_rej_uniform_bits:
+	.short	0x0001,0x0002,0x0004,0x0008,0x0010,0x0020,0x0040,0x0080
+#ifndef __APPLE__
+	.text
+	.type	L_mlkem_rej_uniform_indices, %object
+	.section	.rodata
+	.size	L_mlkem_rej_uniform_indices, 4096
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	1
+#else
+	.p2align	1
+#endif /* __APPLE__ */
+L_mlkem_rej_uniform_indices:
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0a,0x0b,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0a,0x0b,0xff,0xff,0xff,0xff
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0a,0x0b,0x0c,0x0d,0xff,0xff
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0a,0x0b,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0a,0x0b,0x0e,0x0f,0xff,0xff
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x08,0x09,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x06,0x07,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+	.byte	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x04,0x05,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d
+	.byte	0x0e,0x0f,0xff,0xff,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x02,0x03,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b
+	.byte	0x0c,0x0d,0x0e,0x0f,0xff,0xff,0xff,0xff
+	.byte	0x00,0x01,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09
+	.byte	0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xff,0xff
+	.byte	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
+	.byte	0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+#ifndef __APPLE__
+.text
+.globl	mlkem_rej_uniform_neon
+.type	mlkem_rej_uniform_neon,@function
+.align	2
+mlkem_rej_uniform_neon:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_rej_uniform_neon
+.p2align	2
+_mlkem_rej_uniform_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-64]!
+	add	x29, sp, #0
+	stp	d8, d9, [x29, #16]
+	stp	d10, d11, [x29, #32]
+	stp	d12, d13, [x29, #48]
+#ifndef __APPLE__
+	adrp x4, L_mlkem_rej_uniform_mask
+	add  x4, x4, :lo12:L_mlkem_rej_uniform_mask
+#else
+	adrp x4, L_mlkem_rej_uniform_mask@PAGE
+	add  x4, x4, :lo12:L_mlkem_rej_uniform_mask@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x5, L_mlkem_aarch64_q
+	add  x5, x5, :lo12:L_mlkem_aarch64_q
+#else
+	adrp x5, L_mlkem_aarch64_q@PAGE
+	add  x5, x5, :lo12:L_mlkem_aarch64_q@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x6, L_mlkem_rej_uniform_bits
+	add  x6, x6, :lo12:L_mlkem_rej_uniform_bits
+#else
+	adrp x6, L_mlkem_rej_uniform_bits@PAGE
+	add  x6, x6, :lo12:L_mlkem_rej_uniform_bits@PAGEOFF
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	adrp x7, L_mlkem_rej_uniform_indices
+	add  x7, x7, :lo12:L_mlkem_rej_uniform_indices
+#else
+	adrp x7, L_mlkem_rej_uniform_indices@PAGE
+	add  x7, x7, :lo12:L_mlkem_rej_uniform_indices@PAGEOFF
+#endif /* __APPLE__ */
+	eor	v1.16b, v1.16b, v1.16b
+	eor	v12.16b, v12.16b, v12.16b
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x12, x12, x12
+	eor	v10.16b, v10.16b, v10.16b
+	eor	v11.16b, v11.16b, v11.16b
+	mov	x13, #0xd01
+	ldr	q0, [x4]
+	ldr	q3, [x5]
+	ldr	q2, [x6]
+	subs	wzr, w1, #0
+	beq	L_mlkem_rej_uniform_done
+	subs	wzr, w1, #16
+	blt	L_mlkem_rej_uniform_loop_4
+L_mlkem_rej_uniform_loop_16:
+	ld3	{v4.8b, v5.8b, v6.8b}, [x2], #24
+	zip1	v4.16b, v4.16b, v1.16b
+	zip1	v5.16b, v5.16b, v1.16b
+	zip1	v6.16b, v6.16b, v1.16b
+	shl	v7.8h, v5.8h, #8
+	ushr	v8.8h, v5.8h, #4
+	shl	v6.8h, v6.8h, #4
+	orr	v4.16b, v4.16b, v7.16b
+	orr	v5.16b, v8.16b, v6.16b
+	and	v7.16b, v4.16b, v0.16b
+	and	v8.16b, v5.16b, v0.16b
+	zip1	v4.8h, v7.8h, v8.8h
+	zip2	v5.8h, v7.8h, v8.8h
+	cmgt	v7.8h, v3.8h, v4.8h
+	cmgt	v8.8h, v3.8h, v5.8h
+	ushr	v12.8h, v7.8h, #15
+	ushr	v13.8h, v8.8h, #15
+	addv	h12, v12.8h
+	addv	h13, v13.8h
+	mov	x10, v12.d[0]
+	mov	x11, v13.d[0]
+	and	v10.16b, v7.16b, v2.16b
+	and	v11.16b, v8.16b, v2.16b
+	addv	h10, v10.8h
+	addv	h11, v11.8h
+	mov	w8, v10.s[0]
+	mov	w9, v11.s[0]
+	lsl	w8, w8, #4
+	lsl	w9, w9, #4
+	ldr	q10, [x7, x8]
+	ldr	q11, [x7, x9]
+	tbl	v7.16b, {v4.16b}, v10.16b
+	tbl	v8.16b, {v5.16b}, v11.16b
+	str	q7, [x0]
+	add	x0, x0, x10, lsl 1
+	add	x12, x12, x10
+	str	q8, [x0]
+	add	x0, x0, x11, lsl 1
+	add	x12, x12, x11
+	subs	w3, w3, #24
+	beq	L_mlkem_rej_uniform_done
+	sub	w10, w1, w12
+	subs	x10, x10, #16
+	blt	L_mlkem_rej_uniform_loop_4
+	b	L_mlkem_rej_uniform_loop_16
+L_mlkem_rej_uniform_loop_4:
+	subs	w10, w1, w12
+	beq	L_mlkem_rej_uniform_done
+	subs	x10, x10, #4
+	blt	L_mlkem_rej_uniform_loop_lt_4
+	ldr	x4, [x2], #6
+	lsr	x5, x4, #12
+	lsr	x6, x4, #24
+	lsr	x7, x4, #36
+	and	x4, x4, #0xfff
+	and	x5, x5, #0xfff
+	and	x6, x6, #0xfff
+	and	x7, x7, #0xfff
+	strh	w4, [x0]
+	subs	xzr, x4, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	strh	w5, [x0]
+	subs	xzr, x5, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	strh	w6, [x0]
+	subs	xzr, x6, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	strh	w7, [x0]
+	subs	xzr, x7, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	w3, w3, #6
+	beq	L_mlkem_rej_uniform_done
+	b	L_mlkem_rej_uniform_loop_4
+L_mlkem_rej_uniform_loop_lt_4:
+	ldr	x4, [x2], #6
+	lsr	x5, x4, #12
+	lsr	x6, x4, #24
+	lsr	x7, x4, #36
+	and	x4, x4, #0xfff
+	and	x5, x5, #0xfff
+	and	x6, x6, #0xfff
+	and	x7, x7, #0xfff
+	strh	w4, [x0]
+	subs	xzr, x4, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	wzr, w1, w12
+	beq	L_mlkem_rej_uniform_done
+	strh	w5, [x0]
+	subs	xzr, x5, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	wzr, w1, w12
+	beq	L_mlkem_rej_uniform_done
+	strh	w6, [x0]
+	subs	xzr, x6, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	wzr, w1, w12
+	beq	L_mlkem_rej_uniform_done
+	strh	w7, [x0]
+	subs	xzr, x7, x13
+	cinc	x0, x0, lt
+	cinc	x0, x0, lt
+	cinc	x12, x12, lt
+	subs	wzr, w1, w12
+	beq	L_mlkem_rej_uniform_done
+	subs	w3, w3, #6
+	beq	L_mlkem_rej_uniform_done
+	b	L_mlkem_rej_uniform_loop_lt_4
+L_mlkem_rej_uniform_done:
+	mov	x0, x12
+	ldp	d8, d9, [x29, #16]
+	ldp	d10, d11, [x29, #32]
+	ldp	d12, d13, [x29, #48]
+	ldp	x29, x30, [sp], #0x40
+	ret
+#ifndef __APPLE__
+	.size	mlkem_rej_uniform_neon,.-mlkem_rej_uniform_neon
+#endif /* __APPLE__ */
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+#ifndef __APPLE__
+.text
+.globl	mlkem_sha3_blocksx3_neon
+.type	mlkem_sha3_blocksx3_neon,@function
+.align	2
+mlkem_sha3_blocksx3_neon:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_sha3_blocksx3_neon
+.p2align	2
+_mlkem_sha3_blocksx3_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x27, L_sha3_aarch64_r
+	add  x27, x27, :lo12:L_sha3_aarch64_r
+#else
+	adrp x27, L_sha3_aarch64_r@PAGE
+	add  x27, x27, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	ld4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	ld4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	ld4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	ld4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	ld4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	ld4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	ld1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	ld4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	ld4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	ld4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	ld4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	ld4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	ld4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	ld1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	ldp	x1, x2, [x0]
+	ldp	x3, x4, [x0, #16]
+	ldp	x5, x6, [x0, #32]
+	ldp	x7, x8, [x0, #48]
+	ldp	x9, x10, [x0, #64]
+	ldp	x11, x12, [x0, #80]
+	ldp	x13, x14, [x0, #96]
+	ldp	x15, x16, [x0, #112]
+	ldp	x17, x19, [x0, #128]
+	ldp	x20, x21, [x0, #144]
+	ldp	x22, x23, [x0, #160]
+	ldp	x24, x25, [x0, #176]
+	ldr	x26, [x0, #192]
+	mov	x28, #24
+	# Start of 24 rounds
+L_SHA3_transform_blocksx3_neon_begin:
+	stp	x27, x28, [x29, #48]
+	# Col Mix
+	eor3	v31.16b, v0.16b, v5.16b, v10.16b
+	eor	x0, x5, x10
+	eor3	v27.16b, v1.16b, v6.16b, v11.16b
+	eor	x30, x1, x6
+	eor3	v28.16b, v2.16b, v7.16b, v12.16b
+	eor	x28, x3, x8
+	eor3	v29.16b, v3.16b, v8.16b, v13.16b
+	eor	x0, x0, x15
+	eor3	v30.16b, v4.16b, v9.16b, v14.16b
+	eor	x30, x30, x11
+	eor3	v31.16b, v31.16b, v15.16b, v20.16b
+	eor	x28, x28, x13
+	eor3	v27.16b, v27.16b, v16.16b, v21.16b
+	eor	x0, x0, x21
+	eor3	v28.16b, v28.16b, v17.16b, v22.16b
+	eor	x30, x30, x16
+	eor3	v29.16b, v29.16b, v18.16b, v23.16b
+	eor	x28, x28, x19
+	eor3	v30.16b, v30.16b, v19.16b, v24.16b
+	eor	x0, x0, x26
+	rax1	v25.2d, v30.2d, v27.2d
+	eor	x30, x30, x22
+	rax1	v26.2d, v31.2d, v28.2d
+	eor	x28, x28, x24
+	rax1	v27.2d, v27.2d, v29.2d
+	str	x0, [x29, #32]
+	rax1	v28.2d, v28.2d, v30.2d
+	str	x28, [x29, #24]
+	rax1	v29.2d, v29.2d, v31.2d
+	eor	x27, x2, x7
+	eor	v0.16b, v0.16b, v25.16b
+	xar	v30.2d, v1.2d, v26.2d, #63
+	eor	x28, x4, x9
+	xar	v1.2d, v6.2d, v26.2d, #20
+	eor	x27, x27, x12
+	xar	v6.2d, v9.2d, v29.2d, #44
+	eor	x28, x28, x14
+	xar	v9.2d, v22.2d, v27.2d, #3
+	eor	x27, x27, x17
+	xar	v22.2d, v14.2d, v29.2d, #25
+	eor	x28, x28, x20
+	xar	v14.2d, v20.2d, v25.2d, #46
+	eor	x27, x27, x23
+	xar	v20.2d, v2.2d, v27.2d, #2
+	eor	x28, x28, x25
+	xar	v2.2d, v12.2d, v27.2d, #21
+	eor	x0, x0, x27, ror 63
+	xar	v12.2d, v13.2d, v28.2d, #39
+	eor	x27, x27, x28, ror 63
+	xar	v13.2d, v19.2d, v29.2d, #56
+	eor	x1, x1, x0
+	xar	v19.2d, v23.2d, v28.2d, #8
+	eor	x6, x6, x0
+	xar	v23.2d, v15.2d, v25.2d, #23
+	eor	x11, x11, x0
+	xar	v15.2d, v4.2d, v29.2d, #37
+	eor	x16, x16, x0
+	xar	v4.2d, v24.2d, v29.2d, #50
+	eor	x22, x22, x0
+	xar	v24.2d, v21.2d, v26.2d, #62
+	eor	x3, x3, x27
+	xar	v21.2d, v8.2d, v28.2d, #9
+	eor	x8, x8, x27
+	xar	v8.2d, v16.2d, v26.2d, #19
+	eor	x13, x13, x27
+	xar	v16.2d, v5.2d, v25.2d, #28
+	eor	x19, x19, x27
+	xar	v5.2d, v3.2d, v28.2d, #36
+	eor	x24, x24, x27
+	xar	v3.2d, v18.2d, v28.2d, #43
+	ldr	x0, [x29, #32]
+	xar	v18.2d, v17.2d, v27.2d, #49
+	ldr	x27, [x29, #24]
+	xar	v17.2d, v11.2d, v26.2d, #54
+	eor	x28, x28, x30, ror 63
+	xar	v11.2d, v7.2d, v27.2d, #58
+	eor	x30, x30, x27, ror 63
+	xar	v7.2d, v10.2d, v25.2d, #61
+	eor	x27, x27, x0, ror 63
+	# Row Mix
+	mov	v25.16b, v0.16b
+	eor	x5, x5, x28
+	mov	v26.16b, v1.16b
+	eor	x10, x10, x28
+	bcax	v0.16b, v25.16b, v2.16b, v26.16b
+	eor	x15, x15, x28
+	bcax	v1.16b, v26.16b, v3.16b, v2.16b
+	eor	x21, x21, x28
+	bcax	v2.16b, v2.16b, v4.16b, v3.16b
+	eor	x26, x26, x28
+	bcax	v3.16b, v3.16b, v25.16b, v4.16b
+	eor	x2, x2, x30
+	bcax	v4.16b, v4.16b, v26.16b, v25.16b
+	eor	x7, x7, x30
+	mov	v25.16b, v5.16b
+	eor	x12, x12, x30
+	mov	v26.16b, v6.16b
+	eor	x17, x17, x30
+	bcax	v5.16b, v25.16b, v7.16b, v26.16b
+	eor	x23, x23, x30
+	bcax	v6.16b, v26.16b, v8.16b, v7.16b
+	eor	x4, x4, x27
+	bcax	v7.16b, v7.16b, v9.16b, v8.16b
+	eor	x9, x9, x27
+	bcax	v8.16b, v8.16b, v25.16b, v9.16b
+	eor	x14, x14, x27
+	bcax	v9.16b, v9.16b, v26.16b, v25.16b
+	eor	x20, x20, x27
+	mov	v26.16b, v11.16b
+	eor	x25, x25, x27
+	# Swap Rotate Base
+	bcax	v10.16b, v30.16b, v12.16b, v26.16b
+	ror	x0, x2, #63
+	bcax	v11.16b, v26.16b, v13.16b, v12.16b
+	ror	x2, x7, #20
+	bcax	v12.16b, v12.16b, v14.16b, v13.16b
+	ror	x7, x10, #44
+	bcax	v13.16b, v13.16b, v30.16b, v14.16b
+	ror	x10, x24, #3
+	bcax	v14.16b, v14.16b, v26.16b, v30.16b
+	ror	x24, x15, #25
+	mov	v25.16b, v15.16b
+	ror	x15, x22, #46
+	mov	v26.16b, v16.16b
+	ror	x22, x3, #2
+	bcax	v15.16b, v25.16b, v17.16b, v26.16b
+	ror	x3, x13, #21
+	bcax	v16.16b, v26.16b, v18.16b, v17.16b
+	ror	x13, x14, #39
+	bcax	v17.16b, v17.16b, v19.16b, v18.16b
+	ror	x14, x21, #56
+	bcax	v18.16b, v18.16b, v25.16b, v19.16b
+	ror	x21, x25, #8
+	bcax	v19.16b, v19.16b, v26.16b, v25.16b
+	ror	x25, x16, #23
+	mov	v25.16b, v20.16b
+	ror	x16, x5, #37
+	mov	v26.16b, v21.16b
+	ror	x5, x26, #50
+	bcax	v20.16b, v25.16b, v22.16b, v26.16b
+	ror	x26, x23, #62
+	bcax	v21.16b, v26.16b, v23.16b, v22.16b
+	ror	x23, x9, #9
+	bcax	v22.16b, v22.16b, v24.16b, v23.16b
+	ror	x9, x17, #19
+	bcax	v23.16b, v23.16b, v25.16b, v24.16b
+	ror	x17, x6, #28
+	bcax	v24.16b, v24.16b, v26.16b, v25.16b
+	ror	x6, x4, #36
+	ror	x4, x20, #43
+	ror	x20, x19, #49
+	ror	x19, x12, #54
+	ror	x12, x8, #58
+	ror	x8, x11, #61
+	# Row Mix Base
+	bic	x11, x3, x2
+	bic	x27, x4, x3
+	bic	x28, x1, x5
+	bic	x30, x2, x1
+	eor	x1, x1, x11
+	eor	x2, x2, x27
+	bic	x11, x5, x4
+	eor	x4, x4, x28
+	eor	x3, x3, x11
+	eor	x5, x5, x30
+	bic	x11, x8, x7
+	bic	x27, x9, x8
+	bic	x28, x6, x10
+	bic	x30, x7, x6
+	eor	x6, x6, x11
+	eor	x7, x7, x27
+	bic	x11, x10, x9
+	eor	x9, x9, x28
+	eor	x8, x8, x11
+	eor	x10, x10, x30
+	bic	x11, x13, x12
+	bic	x27, x14, x13
+	bic	x28, x0, x15
+	bic	x30, x12, x0
+	eor	x11, x0, x11
+	eor	x12, x12, x27
+	bic	x0, x15, x14
+	eor	x14, x14, x28
+	eor	x13, x13, x0
+	eor	x15, x15, x30
+	bic	x0, x19, x17
+	bic	x27, x20, x19
+	bic	x28, x16, x21
+	bic	x30, x17, x16
+	eor	x16, x16, x0
+	eor	x17, x17, x27
+	bic	x0, x21, x20
+	eor	x20, x20, x28
+	eor	x19, x19, x0
+	eor	x21, x21, x30
+	bic	x0, x24, x23
+	bic	x27, x25, x24
+	bic	x28, x22, x26
+	bic	x30, x23, x22
+	eor	x22, x22, x0
+	eor	x23, x23, x27
+	bic	x0, x26, x25
+	eor	x25, x25, x28
+	eor	x24, x24, x0
+	eor	x26, x26, x30
+	# Done transforming
+	ldp	x27, x28, [x29, #48]
+	ldr	x0, [x27], #8
+	subs	x28, x28, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x1, x1, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_transform_blocksx3_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x1, x2, [x0]
+	stp	x3, x4, [x0, #16]
+	stp	x5, x6, [x0, #32]
+	stp	x7, x8, [x0, #48]
+	stp	x9, x10, [x0, #64]
+	stp	x11, x12, [x0, #80]
+	stp	x13, x14, [x0, #96]
+	stp	x15, x16, [x0, #112]
+	stp	x17, x19, [x0, #128]
+	stp	x20, x21, [x0, #144]
+	stp	x22, x23, [x0, #160]
+	stp	x24, x25, [x0, #176]
+	str	x26, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	mlkem_sha3_blocksx3_neon,.-mlkem_sha3_blocksx3_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	mlkem_shake128_blocksx3_seed_neon
+.type	mlkem_shake128_blocksx3_seed_neon,@function
+.align	2
+mlkem_shake128_blocksx3_seed_neon:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_shake128_blocksx3_seed_neon
+.p2align	2
+_mlkem_shake128_blocksx3_seed_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x28, L_sha3_aarch64_r
+	add  x28, x28, :lo12:L_sha3_aarch64_r
+#else
+	adrp x28, L_sha3_aarch64_r@PAGE
+	add  x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	add	x0, x0, #32
+	ld1	{v4.d}[0], [x0]
+	ldp	x2, x3, [x1], #16
+	add	x0, x0, #0xc8
+	ld1	{v4.d}[1], [x0]
+	ldp	x4, x5, [x1], #16
+	ldr	x6, [x0, #200]
+	eor	v5.16b, v5.16b, v5.16b
+	eor	x7, x7, x7
+	eor	v6.16b, v6.16b, v6.16b
+	eor	x8, x8, x8
+	eor	v7.16b, v7.16b, v7.16b
+	eor	x9, x9, x9
+	eor	v8.16b, v8.16b, v8.16b
+	eor	x10, x10, x10
+	eor	v9.16b, v9.16b, v9.16b
+	eor	x11, x11, x11
+	eor	v10.16b, v10.16b, v10.16b
+	eor	x12, x12, x12
+	eor	v11.16b, v11.16b, v11.16b
+	eor	x13, x13, x13
+	eor	v12.16b, v12.16b, v12.16b
+	eor	x14, x14, x14
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x15, x15, x15
+	eor	v14.16b, v14.16b, v14.16b
+	eor	x16, x16, x16
+	eor	v15.16b, v15.16b, v15.16b
+	eor	x17, x17, x17
+	eor	v16.16b, v16.16b, v16.16b
+	eor	x19, x19, x19
+	eor	v17.16b, v17.16b, v17.16b
+	eor	x20, x20, x20
+	eor	v18.16b, v18.16b, v18.16b
+	eor	x21, x21, x21
+	eor	v19.16b, v19.16b, v19.16b
+	eor	x22, x22, x22
+	movz	x23, #0x8000, lsl 48
+	eor	v21.16b, v21.16b, v21.16b
+	eor	x24, x24, x24
+	eor	v22.16b, v22.16b, v22.16b
+	eor	x25, x25, x25
+	eor	v23.16b, v23.16b, v23.16b
+	eor	x26, x26, x26
+	eor	v24.16b, v24.16b, v24.16b
+	eor	x27, x27, x27
+	dup	v0.2d, x2
+	dup	v1.2d, x3
+	dup	v2.2d, x4
+	dup	v3.2d, x5
+	dup	v20.2d, x23
+	mov	x1, #24
+	# Start of 24 rounds
+L_SHA3_shake128_blocksx3_seed_neon_begin:
+	stp	x28, x1, [x29, #48]
+	# Col Mix
+	eor3	v31.16b, v0.16b, v5.16b, v10.16b
+	eor	x0, x6, x11
+	eor3	v27.16b, v1.16b, v6.16b, v11.16b
+	eor	x30, x2, x7
+	eor3	v28.16b, v2.16b, v7.16b, v12.16b
+	eor	x28, x4, x9
+	eor3	v29.16b, v3.16b, v8.16b, v13.16b
+	eor	x0, x0, x16
+	eor3	v30.16b, v4.16b, v9.16b, v14.16b
+	eor	x30, x30, x12
+	eor3	v31.16b, v31.16b, v15.16b, v20.16b
+	eor	x28, x28, x14
+	eor3	v27.16b, v27.16b, v16.16b, v21.16b
+	eor	x0, x0, x22
+	eor3	v28.16b, v28.16b, v17.16b, v22.16b
+	eor	x30, x30, x17
+	eor3	v29.16b, v29.16b, v18.16b, v23.16b
+	eor	x28, x28, x20
+	eor3	v30.16b, v30.16b, v19.16b, v24.16b
+	eor	x0, x0, x27
+	rax1	v25.2d, v30.2d, v27.2d
+	eor	x30, x30, x23
+	rax1	v26.2d, v31.2d, v28.2d
+	eor	x28, x28, x25
+	rax1	v27.2d, v27.2d, v29.2d
+	str	x0, [x29, #32]
+	rax1	v28.2d, v28.2d, v30.2d
+	str	x28, [x29, #24]
+	rax1	v29.2d, v29.2d, v31.2d
+	eor	x1, x3, x8
+	eor	v0.16b, v0.16b, v25.16b
+	xar	v30.2d, v1.2d, v26.2d, #63
+	eor	x28, x5, x10
+	xar	v1.2d, v6.2d, v26.2d, #20
+	eor	x1, x1, x13
+	xar	v6.2d, v9.2d, v29.2d, #44
+	eor	x28, x28, x15
+	xar	v9.2d, v22.2d, v27.2d, #3
+	eor	x1, x1, x19
+	xar	v22.2d, v14.2d, v29.2d, #25
+	eor	x28, x28, x21
+	xar	v14.2d, v20.2d, v25.2d, #46
+	eor	x1, x1, x24
+	xar	v20.2d, v2.2d, v27.2d, #2
+	eor	x28, x28, x26
+	xar	v2.2d, v12.2d, v27.2d, #21
+	eor	x0, x0, x1, ror 63
+	xar	v12.2d, v13.2d, v28.2d, #39
+	eor	x1, x1, x28, ror 63
+	xar	v13.2d, v19.2d, v29.2d, #56
+	eor	x2, x2, x0
+	xar	v19.2d, v23.2d, v28.2d, #8
+	eor	x7, x7, x0
+	xar	v23.2d, v15.2d, v25.2d, #23
+	eor	x12, x12, x0
+	xar	v15.2d, v4.2d, v29.2d, #37
+	eor	x17, x17, x0
+	xar	v4.2d, v24.2d, v29.2d, #50
+	eor	x23, x23, x0
+	xar	v24.2d, v21.2d, v26.2d, #62
+	eor	x4, x4, x1
+	xar	v21.2d, v8.2d, v28.2d, #9
+	eor	x9, x9, x1
+	xar	v8.2d, v16.2d, v26.2d, #19
+	eor	x14, x14, x1
+	xar	v16.2d, v5.2d, v25.2d, #28
+	eor	x20, x20, x1
+	xar	v5.2d, v3.2d, v28.2d, #36
+	eor	x25, x25, x1
+	xar	v3.2d, v18.2d, v28.2d, #43
+	ldr	x0, [x29, #32]
+	xar	v18.2d, v17.2d, v27.2d, #49
+	ldr	x1, [x29, #24]
+	xar	v17.2d, v11.2d, v26.2d, #54
+	eor	x28, x28, x30, ror 63
+	xar	v11.2d, v7.2d, v27.2d, #58
+	eor	x30, x30, x1, ror 63
+	xar	v7.2d, v10.2d, v25.2d, #61
+	eor	x1, x1, x0, ror 63
+	# Row Mix
+	mov	v25.16b, v0.16b
+	eor	x6, x6, x28
+	mov	v26.16b, v1.16b
+	eor	x11, x11, x28
+	bcax	v0.16b, v25.16b, v2.16b, v26.16b
+	eor	x16, x16, x28
+	bcax	v1.16b, v26.16b, v3.16b, v2.16b
+	eor	x22, x22, x28
+	bcax	v2.16b, v2.16b, v4.16b, v3.16b
+	eor	x27, x27, x28
+	bcax	v3.16b, v3.16b, v25.16b, v4.16b
+	eor	x3, x3, x30
+	bcax	v4.16b, v4.16b, v26.16b, v25.16b
+	eor	x8, x8, x30
+	mov	v25.16b, v5.16b
+	eor	x13, x13, x30
+	mov	v26.16b, v6.16b
+	eor	x19, x19, x30
+	bcax	v5.16b, v25.16b, v7.16b, v26.16b
+	eor	x24, x24, x30
+	bcax	v6.16b, v26.16b, v8.16b, v7.16b
+	eor	x5, x5, x1
+	bcax	v7.16b, v7.16b, v9.16b, v8.16b
+	eor	x10, x10, x1
+	bcax	v8.16b, v8.16b, v25.16b, v9.16b
+	eor	x15, x15, x1
+	bcax	v9.16b, v9.16b, v26.16b, v25.16b
+	eor	x21, x21, x1
+	mov	v26.16b, v11.16b
+	eor	x26, x26, x1
+	# Swap Rotate Base
+	bcax	v10.16b, v30.16b, v12.16b, v26.16b
+	ror	x0, x3, #63
+	bcax	v11.16b, v26.16b, v13.16b, v12.16b
+	ror	x3, x8, #20
+	bcax	v12.16b, v12.16b, v14.16b, v13.16b
+	ror	x8, x11, #44
+	bcax	v13.16b, v13.16b, v30.16b, v14.16b
+	ror	x11, x25, #3
+	bcax	v14.16b, v14.16b, v26.16b, v30.16b
+	ror	x25, x16, #25
+	mov	v25.16b, v15.16b
+	ror	x16, x23, #46
+	mov	v26.16b, v16.16b
+	ror	x23, x4, #2
+	bcax	v15.16b, v25.16b, v17.16b, v26.16b
+	ror	x4, x14, #21
+	bcax	v16.16b, v26.16b, v18.16b, v17.16b
+	ror	x14, x15, #39
+	bcax	v17.16b, v17.16b, v19.16b, v18.16b
+	ror	x15, x22, #56
+	bcax	v18.16b, v18.16b, v25.16b, v19.16b
+	ror	x22, x26, #8
+	bcax	v19.16b, v19.16b, v26.16b, v25.16b
+	ror	x26, x17, #23
+	mov	v25.16b, v20.16b
+	ror	x17, x6, #37
+	mov	v26.16b, v21.16b
+	ror	x6, x27, #50
+	bcax	v20.16b, v25.16b, v22.16b, v26.16b
+	ror	x27, x24, #62
+	bcax	v21.16b, v26.16b, v23.16b, v22.16b
+	ror	x24, x10, #9
+	bcax	v22.16b, v22.16b, v24.16b, v23.16b
+	ror	x10, x19, #19
+	bcax	v23.16b, v23.16b, v25.16b, v24.16b
+	ror	x19, x7, #28
+	bcax	v24.16b, v24.16b, v26.16b, v25.16b
+	ror	x7, x5, #36
+	ror	x5, x21, #43
+	ror	x21, x20, #49
+	ror	x20, x13, #54
+	ror	x13, x9, #58
+	ror	x9, x12, #61
+	# Row Mix Base
+	bic	x12, x4, x3
+	bic	x1, x5, x4
+	bic	x28, x2, x6
+	bic	x30, x3, x2
+	eor	x2, x2, x12
+	eor	x3, x3, x1
+	bic	x12, x6, x5
+	eor	x5, x5, x28
+	eor	x4, x4, x12
+	eor	x6, x6, x30
+	bic	x12, x9, x8
+	bic	x1, x10, x9
+	bic	x28, x7, x11
+	bic	x30, x8, x7
+	eor	x7, x7, x12
+	eor	x8, x8, x1
+	bic	x12, x11, x10
+	eor	x10, x10, x28
+	eor	x9, x9, x12
+	eor	x11, x11, x30
+	bic	x12, x14, x13
+	bic	x1, x15, x14
+	bic	x28, x0, x16
+	bic	x30, x13, x0
+	eor	x12, x0, x12
+	eor	x13, x13, x1
+	bic	x0, x16, x15
+	eor	x15, x15, x28
+	eor	x14, x14, x0
+	eor	x16, x16, x30
+	bic	x0, x20, x19
+	bic	x1, x21, x20
+	bic	x28, x17, x22
+	bic	x30, x19, x17
+	eor	x17, x17, x0
+	eor	x19, x19, x1
+	bic	x0, x22, x21
+	eor	x21, x21, x28
+	eor	x20, x20, x0
+	eor	x22, x22, x30
+	bic	x0, x25, x24
+	bic	x1, x26, x25
+	bic	x28, x23, x27
+	bic	x30, x24, x23
+	eor	x23, x23, x0
+	eor	x24, x24, x1
+	bic	x0, x27, x26
+	eor	x26, x26, x28
+	eor	x25, x25, x0
+	eor	x27, x27, x30
+	# Done transforming
+	ldp	x28, x1, [x29, #48]
+	ldr	x0, [x28], #8
+	subs	x1, x1, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x2, x2, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_shake128_blocksx3_seed_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x2, x3, [x0]
+	stp	x4, x5, [x0, #16]
+	stp	x6, x7, [x0, #32]
+	stp	x8, x9, [x0, #48]
+	stp	x10, x11, [x0, #64]
+	stp	x12, x13, [x0, #80]
+	stp	x14, x15, [x0, #96]
+	stp	x16, x17, [x0, #112]
+	stp	x19, x20, [x0, #128]
+	stp	x21, x22, [x0, #144]
+	stp	x23, x24, [x0, #160]
+	stp	x25, x26, [x0, #176]
+	str	x27, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	mlkem_shake128_blocksx3_seed_neon,.-mlkem_shake128_blocksx3_seed_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	mlkem_shake256_blocksx3_seed_neon
+.type	mlkem_shake256_blocksx3_seed_neon,@function
+.align	2
+mlkem_shake256_blocksx3_seed_neon:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_shake256_blocksx3_seed_neon
+.p2align	2
+_mlkem_shake256_blocksx3_seed_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x28, L_sha3_aarch64_r
+	add  x28, x28, :lo12:L_sha3_aarch64_r
+#else
+	adrp x28, L_sha3_aarch64_r@PAGE
+	add  x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	add	x0, x0, #32
+	ld1	{v4.d}[0], [x0]
+	ldp	x2, x3, [x1], #16
+	add	x0, x0, #0xc8
+	ld1	{v4.d}[1], [x0]
+	ldp	x4, x5, [x1], #16
+	ldr	x6, [x0, #200]
+	eor	v5.16b, v5.16b, v5.16b
+	eor	x7, x7, x7
+	eor	v6.16b, v6.16b, v6.16b
+	eor	x8, x8, x8
+	eor	v7.16b, v7.16b, v7.16b
+	eor	x9, x9, x9
+	eor	v8.16b, v8.16b, v8.16b
+	eor	x10, x10, x10
+	eor	v9.16b, v9.16b, v9.16b
+	eor	x11, x11, x11
+	eor	v10.16b, v10.16b, v10.16b
+	eor	x12, x12, x12
+	eor	v11.16b, v11.16b, v11.16b
+	eor	x13, x13, x13
+	eor	v12.16b, v12.16b, v12.16b
+	eor	x14, x14, x14
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x15, x15, x15
+	eor	v14.16b, v14.16b, v14.16b
+	eor	x16, x16, x16
+	eor	v15.16b, v15.16b, v15.16b
+	eor	x17, x17, x17
+	movz	x19, #0x8000, lsl 48
+	eor	v17.16b, v17.16b, v17.16b
+	eor	x20, x20, x20
+	eor	v18.16b, v18.16b, v18.16b
+	eor	x21, x21, x21
+	eor	v19.16b, v19.16b, v19.16b
+	eor	x22, x22, x22
+	eor	v20.16b, v20.16b, v20.16b
+	eor	x23, x23, x23
+	eor	v21.16b, v21.16b, v21.16b
+	eor	x24, x24, x24
+	eor	v22.16b, v22.16b, v22.16b
+	eor	x25, x25, x25
+	eor	v23.16b, v23.16b, v23.16b
+	eor	x26, x26, x26
+	eor	v24.16b, v24.16b, v24.16b
+	eor	x27, x27, x27
+	dup	v0.2d, x2
+	dup	v1.2d, x3
+	dup	v2.2d, x4
+	dup	v3.2d, x5
+	dup	v16.2d, x19
+	mov	x1, #24
+	# Start of 24 rounds
+L_SHA3_shake256_blocksx3_seed_neon_begin:
+	stp	x28, x1, [x29, #48]
+	# Col Mix
+	eor3	v31.16b, v0.16b, v5.16b, v10.16b
+	eor	x0, x6, x11
+	eor3	v27.16b, v1.16b, v6.16b, v11.16b
+	eor	x30, x2, x7
+	eor3	v28.16b, v2.16b, v7.16b, v12.16b
+	eor	x28, x4, x9
+	eor3	v29.16b, v3.16b, v8.16b, v13.16b
+	eor	x0, x0, x16
+	eor3	v30.16b, v4.16b, v9.16b, v14.16b
+	eor	x30, x30, x12
+	eor3	v31.16b, v31.16b, v15.16b, v20.16b
+	eor	x28, x28, x14
+	eor3	v27.16b, v27.16b, v16.16b, v21.16b
+	eor	x0, x0, x22
+	eor3	v28.16b, v28.16b, v17.16b, v22.16b
+	eor	x30, x30, x17
+	eor3	v29.16b, v29.16b, v18.16b, v23.16b
+	eor	x28, x28, x20
+	eor3	v30.16b, v30.16b, v19.16b, v24.16b
+	eor	x0, x0, x27
+	rax1	v25.2d, v30.2d, v27.2d
+	eor	x30, x30, x23
+	rax1	v26.2d, v31.2d, v28.2d
+	eor	x28, x28, x25
+	rax1	v27.2d, v27.2d, v29.2d
+	str	x0, [x29, #32]
+	rax1	v28.2d, v28.2d, v30.2d
+	str	x28, [x29, #24]
+	rax1	v29.2d, v29.2d, v31.2d
+	eor	x1, x3, x8
+	eor	v0.16b, v0.16b, v25.16b
+	xar	v30.2d, v1.2d, v26.2d, #63
+	eor	x28, x5, x10
+	xar	v1.2d, v6.2d, v26.2d, #20
+	eor	x1, x1, x13
+	xar	v6.2d, v9.2d, v29.2d, #44
+	eor	x28, x28, x15
+	xar	v9.2d, v22.2d, v27.2d, #3
+	eor	x1, x1, x19
+	xar	v22.2d, v14.2d, v29.2d, #25
+	eor	x28, x28, x21
+	xar	v14.2d, v20.2d, v25.2d, #46
+	eor	x1, x1, x24
+	xar	v20.2d, v2.2d, v27.2d, #2
+	eor	x28, x28, x26
+	xar	v2.2d, v12.2d, v27.2d, #21
+	eor	x0, x0, x1, ror 63
+	xar	v12.2d, v13.2d, v28.2d, #39
+	eor	x1, x1, x28, ror 63
+	xar	v13.2d, v19.2d, v29.2d, #56
+	eor	x2, x2, x0
+	xar	v19.2d, v23.2d, v28.2d, #8
+	eor	x7, x7, x0
+	xar	v23.2d, v15.2d, v25.2d, #23
+	eor	x12, x12, x0
+	xar	v15.2d, v4.2d, v29.2d, #37
+	eor	x17, x17, x0
+	xar	v4.2d, v24.2d, v29.2d, #50
+	eor	x23, x23, x0
+	xar	v24.2d, v21.2d, v26.2d, #62
+	eor	x4, x4, x1
+	xar	v21.2d, v8.2d, v28.2d, #9
+	eor	x9, x9, x1
+	xar	v8.2d, v16.2d, v26.2d, #19
+	eor	x14, x14, x1
+	xar	v16.2d, v5.2d, v25.2d, #28
+	eor	x20, x20, x1
+	xar	v5.2d, v3.2d, v28.2d, #36
+	eor	x25, x25, x1
+	xar	v3.2d, v18.2d, v28.2d, #43
+	ldr	x0, [x29, #32]
+	xar	v18.2d, v17.2d, v27.2d, #49
+	ldr	x1, [x29, #24]
+	xar	v17.2d, v11.2d, v26.2d, #54
+	eor	x28, x28, x30, ror 63
+	xar	v11.2d, v7.2d, v27.2d, #58
+	eor	x30, x30, x1, ror 63
+	xar	v7.2d, v10.2d, v25.2d, #61
+	eor	x1, x1, x0, ror 63
+	# Row Mix
+	mov	v25.16b, v0.16b
+	eor	x6, x6, x28
+	mov	v26.16b, v1.16b
+	eor	x11, x11, x28
+	bcax	v0.16b, v25.16b, v2.16b, v26.16b
+	eor	x16, x16, x28
+	bcax	v1.16b, v26.16b, v3.16b, v2.16b
+	eor	x22, x22, x28
+	bcax	v2.16b, v2.16b, v4.16b, v3.16b
+	eor	x27, x27, x28
+	bcax	v3.16b, v3.16b, v25.16b, v4.16b
+	eor	x3, x3, x30
+	bcax	v4.16b, v4.16b, v26.16b, v25.16b
+	eor	x8, x8, x30
+	mov	v25.16b, v5.16b
+	eor	x13, x13, x30
+	mov	v26.16b, v6.16b
+	eor	x19, x19, x30
+	bcax	v5.16b, v25.16b, v7.16b, v26.16b
+	eor	x24, x24, x30
+	bcax	v6.16b, v26.16b, v8.16b, v7.16b
+	eor	x5, x5, x1
+	bcax	v7.16b, v7.16b, v9.16b, v8.16b
+	eor	x10, x10, x1
+	bcax	v8.16b, v8.16b, v25.16b, v9.16b
+	eor	x15, x15, x1
+	bcax	v9.16b, v9.16b, v26.16b, v25.16b
+	eor	x21, x21, x1
+	mov	v26.16b, v11.16b
+	eor	x26, x26, x1
+	# Swap Rotate Base
+	bcax	v10.16b, v30.16b, v12.16b, v26.16b
+	ror	x0, x3, #63
+	bcax	v11.16b, v26.16b, v13.16b, v12.16b
+	ror	x3, x8, #20
+	bcax	v12.16b, v12.16b, v14.16b, v13.16b
+	ror	x8, x11, #44
+	bcax	v13.16b, v13.16b, v30.16b, v14.16b
+	ror	x11, x25, #3
+	bcax	v14.16b, v14.16b, v26.16b, v30.16b
+	ror	x25, x16, #25
+	mov	v25.16b, v15.16b
+	ror	x16, x23, #46
+	mov	v26.16b, v16.16b
+	ror	x23, x4, #2
+	bcax	v15.16b, v25.16b, v17.16b, v26.16b
+	ror	x4, x14, #21
+	bcax	v16.16b, v26.16b, v18.16b, v17.16b
+	ror	x14, x15, #39
+	bcax	v17.16b, v17.16b, v19.16b, v18.16b
+	ror	x15, x22, #56
+	bcax	v18.16b, v18.16b, v25.16b, v19.16b
+	ror	x22, x26, #8
+	bcax	v19.16b, v19.16b, v26.16b, v25.16b
+	ror	x26, x17, #23
+	mov	v25.16b, v20.16b
+	ror	x17, x6, #37
+	mov	v26.16b, v21.16b
+	ror	x6, x27, #50
+	bcax	v20.16b, v25.16b, v22.16b, v26.16b
+	ror	x27, x24, #62
+	bcax	v21.16b, v26.16b, v23.16b, v22.16b
+	ror	x24, x10, #9
+	bcax	v22.16b, v22.16b, v24.16b, v23.16b
+	ror	x10, x19, #19
+	bcax	v23.16b, v23.16b, v25.16b, v24.16b
+	ror	x19, x7, #28
+	bcax	v24.16b, v24.16b, v26.16b, v25.16b
+	ror	x7, x5, #36
+	ror	x5, x21, #43
+	ror	x21, x20, #49
+	ror	x20, x13, #54
+	ror	x13, x9, #58
+	ror	x9, x12, #61
+	# Row Mix Base
+	bic	x12, x4, x3
+	bic	x1, x5, x4
+	bic	x28, x2, x6
+	bic	x30, x3, x2
+	eor	x2, x2, x12
+	eor	x3, x3, x1
+	bic	x12, x6, x5
+	eor	x5, x5, x28
+	eor	x4, x4, x12
+	eor	x6, x6, x30
+	bic	x12, x9, x8
+	bic	x1, x10, x9
+	bic	x28, x7, x11
+	bic	x30, x8, x7
+	eor	x7, x7, x12
+	eor	x8, x8, x1
+	bic	x12, x11, x10
+	eor	x10, x10, x28
+	eor	x9, x9, x12
+	eor	x11, x11, x30
+	bic	x12, x14, x13
+	bic	x1, x15, x14
+	bic	x28, x0, x16
+	bic	x30, x13, x0
+	eor	x12, x0, x12
+	eor	x13, x13, x1
+	bic	x0, x16, x15
+	eor	x15, x15, x28
+	eor	x14, x14, x0
+	eor	x16, x16, x30
+	bic	x0, x20, x19
+	bic	x1, x21, x20
+	bic	x28, x17, x22
+	bic	x30, x19, x17
+	eor	x17, x17, x0
+	eor	x19, x19, x1
+	bic	x0, x22, x21
+	eor	x21, x21, x28
+	eor	x20, x20, x0
+	eor	x22, x22, x30
+	bic	x0, x25, x24
+	bic	x1, x26, x25
+	bic	x28, x23, x27
+	bic	x30, x24, x23
+	eor	x23, x23, x0
+	eor	x24, x24, x1
+	bic	x0, x27, x26
+	eor	x26, x26, x28
+	eor	x25, x25, x0
+	eor	x27, x27, x30
+	# Done transforming
+	ldp	x28, x1, [x29, #48]
+	ldr	x0, [x28], #8
+	subs	x1, x1, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x2, x2, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_shake256_blocksx3_seed_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x2, x3, [x0]
+	stp	x4, x5, [x0, #16]
+	stp	x6, x7, [x0, #32]
+	stp	x8, x9, [x0, #48]
+	stp	x10, x11, [x0, #64]
+	stp	x12, x13, [x0, #80]
+	stp	x14, x15, [x0, #96]
+	stp	x16, x17, [x0, #112]
+	stp	x19, x20, [x0, #128]
+	stp	x21, x22, [x0, #144]
+	stp	x23, x24, [x0, #160]
+	stp	x25, x26, [x0, #176]
+	str	x27, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	mlkem_shake256_blocksx3_seed_neon,.-mlkem_shake256_blocksx3_seed_neon
+#endif /* __APPLE__ */
+#else
+#ifndef __APPLE__
+.text
+.globl	mlkem_sha3_blocksx3_neon
+.type	mlkem_sha3_blocksx3_neon,@function
+.align	2
+mlkem_sha3_blocksx3_neon:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_sha3_blocksx3_neon
+.p2align	2
+_mlkem_sha3_blocksx3_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x27, L_sha3_aarch64_r
+	add  x27, x27, :lo12:L_sha3_aarch64_r
+#else
+	adrp x27, L_sha3_aarch64_r@PAGE
+	add  x27, x27, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	ld4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	ld4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	ld4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	ld4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	ld4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	ld4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	ld1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	ld4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	ld4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	ld4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	ld4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	ld4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	ld4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	ld1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	ldp	x1, x2, [x0]
+	ldp	x3, x4, [x0, #16]
+	ldp	x5, x6, [x0, #32]
+	ldp	x7, x8, [x0, #48]
+	ldp	x9, x10, [x0, #64]
+	ldp	x11, x12, [x0, #80]
+	ldp	x13, x14, [x0, #96]
+	ldp	x15, x16, [x0, #112]
+	ldp	x17, x19, [x0, #128]
+	ldp	x20, x21, [x0, #144]
+	ldp	x22, x23, [x0, #160]
+	ldp	x24, x25, [x0, #176]
+	ldr	x26, [x0, #192]
+	mov	x28, #24
+	# Start of 24 rounds
+L_SHA3_transform_blocksx3_neon_begin:
+	stp	x27, x28, [x29, #48]
+	# Col Mix NEON
+	eor	v30.16b, v4.16b, v9.16b
+	eor	x0, x5, x10
+	eor	v27.16b, v1.16b, v6.16b
+	eor	x30, x1, x6
+	eor	v30.16b, v30.16b, v14.16b
+	eor	x28, x3, x8
+	eor	v27.16b, v27.16b, v11.16b
+	eor	x0, x0, x15
+	eor	v30.16b, v30.16b, v19.16b
+	eor	x30, x30, x11
+	eor	v27.16b, v27.16b, v16.16b
+	eor	x28, x28, x13
+	eor	v30.16b, v30.16b, v24.16b
+	eor	x0, x0, x21
+	eor	v27.16b, v27.16b, v21.16b
+	eor	x30, x30, x16
+	ushr	v25.2d, v27.2d, #63
+	eor	x28, x28, x19
+	sli	v25.2d, v27.2d, #1
+	eor	x0, x0, x26
+	eor	v25.16b, v25.16b, v30.16b
+	eor	x30, x30, x22
+	eor	v31.16b, v0.16b, v5.16b
+	eor	x28, x28, x24
+	eor	v28.16b, v2.16b, v7.16b
+	str	x0, [x29, #32]
+	eor	v31.16b, v31.16b, v10.16b
+	str	x28, [x29, #24]
+	eor	v28.16b, v28.16b, v12.16b
+	eor	x27, x2, x7
+	eor	v31.16b, v31.16b, v15.16b
+	eor	x28, x4, x9
+	eor	v28.16b, v28.16b, v17.16b
+	eor	x27, x27, x12
+	eor	v31.16b, v31.16b, v20.16b
+	eor	x28, x28, x14
+	eor	v28.16b, v28.16b, v22.16b
+	eor	x27, x27, x17
+	ushr	v29.2d, v30.2d, #63
+	eor	x28, x28, x20
+	ushr	v26.2d, v28.2d, #63
+	eor	x27, x27, x23
+	sli	v29.2d, v30.2d, #1
+	eor	x28, x28, x25
+	sli	v26.2d, v28.2d, #1
+	eor	x0, x0, x27, ror 63
+	eor	v28.16b, v28.16b, v29.16b
+	eor	x27, x27, x28, ror 63
+	eor	v29.16b, v3.16b, v8.16b
+	eor	x1, x1, x0
+	eor	v26.16b, v26.16b, v31.16b
+	eor	x6, x6, x0
+	eor	v29.16b, v29.16b, v13.16b
+	eor	x11, x11, x0
+	eor	v29.16b, v29.16b, v18.16b
+	eor	x16, x16, x0
+	eor	v29.16b, v29.16b, v23.16b
+	eor	x22, x22, x0
+	ushr	v30.2d, v29.2d, #63
+	eor	x3, x3, x27
+	sli	v30.2d, v29.2d, #1
+	eor	x8, x8, x27
+	eor	v27.16b, v27.16b, v30.16b
+	eor	x13, x13, x27
+	ushr	v30.2d, v31.2d, #63
+	eor	x19, x19, x27
+	sli	v30.2d, v31.2d, #1
+	eor	x24, x24, x27
+	eor	v29.16b, v29.16b, v30.16b
+	ldr	x0, [x29, #32]
+	# Swap Rotate NEON
+	eor	v0.16b, v0.16b, v25.16b
+	eor	v31.16b, v1.16b, v26.16b
+	ldr	x27, [x29, #24]
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x28, x28, x30, ror 63
+	ushr	v30.2d, v31.2d, #63
+	eor	x30, x30, x27, ror 63
+	ushr	v1.2d, v6.2d, #20
+	eor	x27, x27, x0, ror 63
+	sli	v30.2d, v31.2d, #1
+	eor	x5, x5, x28
+	sli	v1.2d, v6.2d, #44
+	eor	x10, x10, x28
+	eor	v31.16b, v9.16b, v29.16b
+	eor	x15, x15, x28
+	eor	v22.16b, v22.16b, v27.16b
+	eor	x21, x21, x28
+	ushr	v6.2d, v31.2d, #44
+	eor	x26, x26, x28
+	ushr	v9.2d, v22.2d, #3
+	eor	x2, x2, x30
+	sli	v6.2d, v31.2d, #20
+	eor	x7, x7, x30
+	sli	v9.2d, v22.2d, #61
+	eor	x12, x12, x30
+	eor	v31.16b, v14.16b, v29.16b
+	eor	x17, x17, x30
+	eor	v20.16b, v20.16b, v25.16b
+	eor	x23, x23, x30
+	ushr	v22.2d, v31.2d, #25
+	eor	x4, x4, x27
+	ushr	v14.2d, v20.2d, #46
+	eor	x9, x9, x27
+	sli	v22.2d, v31.2d, #39
+	eor	x14, x14, x27
+	sli	v14.2d, v20.2d, #18
+	eor	x20, x20, x27
+	eor	v31.16b, v2.16b, v27.16b
+	eor	x25, x25, x27
+	# Swap Rotate Base
+	eor	v12.16b, v12.16b, v27.16b
+	ror	x0, x2, #63
+	ushr	v20.2d, v31.2d, #2
+	ror	x2, x7, #20
+	ushr	v2.2d, v12.2d, #21
+	ror	x7, x10, #44
+	sli	v20.2d, v31.2d, #62
+	ror	x10, x24, #3
+	sli	v2.2d, v12.2d, #43
+	ror	x24, x15, #25
+	eor	v31.16b, v13.16b, v28.16b
+	ror	x15, x22, #46
+	eor	v19.16b, v19.16b, v29.16b
+	ror	x22, x3, #2
+	ushr	v12.2d, v31.2d, #39
+	ror	x3, x13, #21
+	ushr	v13.2d, v19.2d, #56
+	ror	x13, x14, #39
+	sli	v12.2d, v31.2d, #25
+	ror	x14, x21, #56
+	sli	v13.2d, v19.2d, #8
+	ror	x21, x25, #8
+	eor	v31.16b, v23.16b, v28.16b
+	ror	x25, x16, #23
+	eor	v15.16b, v15.16b, v25.16b
+	ror	x16, x5, #37
+	ushr	v19.2d, v31.2d, #8
+	ror	x5, x26, #50
+	ushr	v23.2d, v15.2d, #23
+	ror	x26, x23, #62
+	sli	v19.2d, v31.2d, #56
+	ror	x23, x9, #9
+	sli	v23.2d, v15.2d, #41
+	ror	x9, x17, #19
+	eor	v31.16b, v4.16b, v29.16b
+	ror	x17, x6, #28
+	eor	v24.16b, v24.16b, v29.16b
+	ror	x6, x4, #36
+	ushr	v15.2d, v31.2d, #37
+	ror	x4, x20, #43
+	ushr	v4.2d, v24.2d, #50
+	ror	x20, x19, #49
+	sli	v15.2d, v31.2d, #27
+	ror	x19, x12, #54
+	sli	v4.2d, v24.2d, #14
+	ror	x12, x8, #58
+	eor	v31.16b, v21.16b, v26.16b
+	ror	x8, x11, #61
+	# Row Mix Base
+	eor	v8.16b, v8.16b, v28.16b
+	bic	x11, x3, x2
+	ushr	v24.2d, v31.2d, #62
+	bic	x27, x4, x3
+	ushr	v21.2d, v8.2d, #9
+	bic	x28, x1, x5
+	sli	v24.2d, v31.2d, #2
+	bic	x30, x2, x1
+	sli	v21.2d, v8.2d, #55
+	eor	x1, x1, x11
+	eor	v31.16b, v16.16b, v26.16b
+	eor	x2, x2, x27
+	eor	v5.16b, v5.16b, v25.16b
+	bic	x11, x5, x4
+	ushr	v8.2d, v31.2d, #19
+	eor	x4, x4, x28
+	ushr	v16.2d, v5.2d, #28
+	eor	x3, x3, x11
+	sli	v8.2d, v31.2d, #45
+	eor	x5, x5, x30
+	sli	v16.2d, v5.2d, #36
+	bic	x11, x8, x7
+	eor	v31.16b, v3.16b, v28.16b
+	bic	x27, x9, x8
+	eor	v18.16b, v18.16b, v28.16b
+	bic	x28, x6, x10
+	ushr	v5.2d, v31.2d, #36
+	bic	x30, x7, x6
+	ushr	v3.2d, v18.2d, #43
+	eor	x6, x6, x11
+	sli	v5.2d, v31.2d, #28
+	eor	x7, x7, x27
+	sli	v3.2d, v18.2d, #21
+	bic	x11, x10, x9
+	eor	v31.16b, v17.16b, v27.16b
+	eor	x9, x9, x28
+	eor	v11.16b, v11.16b, v26.16b
+	eor	x8, x8, x11
+	ushr	v18.2d, v31.2d, #49
+	eor	x10, x10, x30
+	ushr	v17.2d, v11.2d, #54
+	bic	x11, x13, x12
+	sli	v18.2d, v31.2d, #15
+	bic	x27, x14, x13
+	sli	v17.2d, v11.2d, #10
+	bic	x28, x0, x15
+	eor	v31.16b, v7.16b, v27.16b
+	bic	x30, x12, x0
+	eor	v10.16b, v10.16b, v25.16b
+	eor	x11, x0, x11
+	ushr	v11.2d, v31.2d, #58
+	eor	x12, x12, x27
+	ushr	v7.2d, v10.2d, #61
+	bic	x0, x15, x14
+	sli	v11.2d, v31.2d, #6
+	eor	x14, x14, x28
+	sli	v7.2d, v10.2d, #3
+	eor	x13, x13, x0
+	# Row Mix NEON
+	bic	v25.16b, v2.16b, v1.16b
+	eor	x15, x15, x30
+	bic	v26.16b, v3.16b, v2.16b
+	bic	x0, x19, x17
+	bic	v27.16b, v4.16b, v3.16b
+	bic	x27, x20, x19
+	bic	v28.16b, v0.16b, v4.16b
+	bic	x28, x16, x21
+	bic	v29.16b, v1.16b, v0.16b
+	bic	x30, x17, x16
+	eor	v0.16b, v0.16b, v25.16b
+	eor	x16, x16, x0
+	eor	v1.16b, v1.16b, v26.16b
+	eor	x17, x17, x27
+	eor	v2.16b, v2.16b, v27.16b
+	bic	x0, x21, x20
+	eor	v3.16b, v3.16b, v28.16b
+	eor	x20, x20, x28
+	eor	v4.16b, v4.16b, v29.16b
+	eor	x19, x19, x0
+	bic	v25.16b, v7.16b, v6.16b
+	eor	x21, x21, x30
+	bic	v26.16b, v8.16b, v7.16b
+	bic	x0, x24, x23
+	bic	v27.16b, v9.16b, v8.16b
+	bic	x27, x25, x24
+	bic	v28.16b, v5.16b, v9.16b
+	bic	x28, x22, x26
+	bic	v29.16b, v6.16b, v5.16b
+	bic	x30, x23, x22
+	eor	v5.16b, v5.16b, v25.16b
+	eor	x22, x22, x0
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x23, x23, x27
+	eor	v7.16b, v7.16b, v27.16b
+	bic	x0, x26, x25
+	eor	v8.16b, v8.16b, v28.16b
+	eor	x25, x25, x28
+	eor	v9.16b, v9.16b, v29.16b
+	eor	x24, x24, x0
+	bic	v25.16b, v12.16b, v11.16b
+	eor	x26, x26, x30
+	bic	v26.16b, v13.16b, v12.16b
+	bic	v27.16b, v14.16b, v13.16b
+	bic	v28.16b, v30.16b, v14.16b
+	bic	v29.16b, v11.16b, v30.16b
+	eor	v10.16b, v30.16b, v25.16b
+	eor	v11.16b, v11.16b, v26.16b
+	eor	v12.16b, v12.16b, v27.16b
+	eor	v13.16b, v13.16b, v28.16b
+	eor	v14.16b, v14.16b, v29.16b
+	bic	v25.16b, v17.16b, v16.16b
+	bic	v26.16b, v18.16b, v17.16b
+	bic	v27.16b, v19.16b, v18.16b
+	bic	v28.16b, v15.16b, v19.16b
+	bic	v29.16b, v16.16b, v15.16b
+	eor	v15.16b, v15.16b, v25.16b
+	eor	v16.16b, v16.16b, v26.16b
+	eor	v17.16b, v17.16b, v27.16b
+	eor	v18.16b, v18.16b, v28.16b
+	eor	v19.16b, v19.16b, v29.16b
+	bic	v25.16b, v22.16b, v21.16b
+	bic	v26.16b, v23.16b, v22.16b
+	bic	v27.16b, v24.16b, v23.16b
+	bic	v28.16b, v20.16b, v24.16b
+	bic	v29.16b, v21.16b, v20.16b
+	eor	v20.16b, v20.16b, v25.16b
+	eor	v21.16b, v21.16b, v26.16b
+	eor	v22.16b, v22.16b, v27.16b
+	eor	v23.16b, v23.16b, v28.16b
+	eor	v24.16b, v24.16b, v29.16b
+	# Done transforming
+	ldp	x27, x28, [x29, #48]
+	ldr	x0, [x27], #8
+	subs	x28, x28, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x1, x1, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_transform_blocksx3_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x1, x2, [x0]
+	stp	x3, x4, [x0, #16]
+	stp	x5, x6, [x0, #32]
+	stp	x7, x8, [x0, #48]
+	stp	x9, x10, [x0, #64]
+	stp	x11, x12, [x0, #80]
+	stp	x13, x14, [x0, #96]
+	stp	x15, x16, [x0, #112]
+	stp	x17, x19, [x0, #128]
+	stp	x20, x21, [x0, #144]
+	stp	x22, x23, [x0, #160]
+	stp	x24, x25, [x0, #176]
+	str	x26, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	mlkem_sha3_blocksx3_neon,.-mlkem_sha3_blocksx3_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	mlkem_shake128_blocksx3_seed_neon
+.type	mlkem_shake128_blocksx3_seed_neon,@function
+.align	2
+mlkem_shake128_blocksx3_seed_neon:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_shake128_blocksx3_seed_neon
+.p2align	2
+_mlkem_shake128_blocksx3_seed_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x28, L_sha3_aarch64_r
+	add  x28, x28, :lo12:L_sha3_aarch64_r
+#else
+	adrp x28, L_sha3_aarch64_r@PAGE
+	add  x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	add	x0, x0, #32
+	ld1	{v4.d}[0], [x0]
+	ldp	x2, x3, [x1], #16
+	add	x0, x0, #0xc8
+	ld1	{v4.d}[1], [x0]
+	ldp	x4, x5, [x1], #16
+	ldr	x6, [x0, #200]
+	eor	v5.16b, v5.16b, v5.16b
+	eor	x7, x7, x7
+	eor	v6.16b, v6.16b, v6.16b
+	eor	x8, x8, x8
+	eor	v7.16b, v7.16b, v7.16b
+	eor	x9, x9, x9
+	eor	v8.16b, v8.16b, v8.16b
+	eor	x10, x10, x10
+	eor	v9.16b, v9.16b, v9.16b
+	eor	x11, x11, x11
+	eor	v10.16b, v10.16b, v10.16b
+	eor	x12, x12, x12
+	eor	v11.16b, v11.16b, v11.16b
+	eor	x13, x13, x13
+	eor	v12.16b, v12.16b, v12.16b
+	eor	x14, x14, x14
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x15, x15, x15
+	eor	v14.16b, v14.16b, v14.16b
+	eor	x16, x16, x16
+	eor	v15.16b, v15.16b, v15.16b
+	eor	x17, x17, x17
+	eor	v16.16b, v16.16b, v16.16b
+	eor	x19, x19, x19
+	eor	v17.16b, v17.16b, v17.16b
+	eor	x20, x20, x20
+	eor	v18.16b, v18.16b, v18.16b
+	eor	x21, x21, x21
+	eor	v19.16b, v19.16b, v19.16b
+	eor	x22, x22, x22
+	movz	x23, #0x8000, lsl 48
+	eor	v21.16b, v21.16b, v21.16b
+	eor	x24, x24, x24
+	eor	v22.16b, v22.16b, v22.16b
+	eor	x25, x25, x25
+	eor	v23.16b, v23.16b, v23.16b
+	eor	x26, x26, x26
+	eor	v24.16b, v24.16b, v24.16b
+	eor	x27, x27, x27
+	dup	v0.2d, x2
+	dup	v1.2d, x3
+	dup	v2.2d, x4
+	dup	v3.2d, x5
+	dup	v20.2d, x23
+	mov	x1, #24
+	# Start of 24 rounds
+L_SHA3_shake128_blocksx3_seed_neon_begin:
+	stp	x28, x1, [x29, #48]
+	# Col Mix NEON
+	eor	v30.16b, v4.16b, v9.16b
+	eor	x0, x6, x11
+	eor	v27.16b, v1.16b, v6.16b
+	eor	x30, x2, x7
+	eor	v30.16b, v30.16b, v14.16b
+	eor	x28, x4, x9
+	eor	v27.16b, v27.16b, v11.16b
+	eor	x0, x0, x16
+	eor	v30.16b, v30.16b, v19.16b
+	eor	x30, x30, x12
+	eor	v27.16b, v27.16b, v16.16b
+	eor	x28, x28, x14
+	eor	v30.16b, v30.16b, v24.16b
+	eor	x0, x0, x22
+	eor	v27.16b, v27.16b, v21.16b
+	eor	x30, x30, x17
+	ushr	v25.2d, v27.2d, #63
+	eor	x28, x28, x20
+	sli	v25.2d, v27.2d, #1
+	eor	x0, x0, x27
+	eor	v25.16b, v25.16b, v30.16b
+	eor	x30, x30, x23
+	eor	v31.16b, v0.16b, v5.16b
+	eor	x28, x28, x25
+	eor	v28.16b, v2.16b, v7.16b
+	str	x0, [x29, #32]
+	eor	v31.16b, v31.16b, v10.16b
+	str	x28, [x29, #24]
+	eor	v28.16b, v28.16b, v12.16b
+	eor	x1, x3, x8
+	eor	v31.16b, v31.16b, v15.16b
+	eor	x28, x5, x10
+	eor	v28.16b, v28.16b, v17.16b
+	eor	x1, x1, x13
+	eor	v31.16b, v31.16b, v20.16b
+	eor	x28, x28, x15
+	eor	v28.16b, v28.16b, v22.16b
+	eor	x1, x1, x19
+	ushr	v29.2d, v30.2d, #63
+	eor	x28, x28, x21
+	ushr	v26.2d, v28.2d, #63
+	eor	x1, x1, x24
+	sli	v29.2d, v30.2d, #1
+	eor	x28, x28, x26
+	sli	v26.2d, v28.2d, #1
+	eor	x0, x0, x1, ror 63
+	eor	v28.16b, v28.16b, v29.16b
+	eor	x1, x1, x28, ror 63
+	eor	v29.16b, v3.16b, v8.16b
+	eor	x2, x2, x0
+	eor	v26.16b, v26.16b, v31.16b
+	eor	x7, x7, x0
+	eor	v29.16b, v29.16b, v13.16b
+	eor	x12, x12, x0
+	eor	v29.16b, v29.16b, v18.16b
+	eor	x17, x17, x0
+	eor	v29.16b, v29.16b, v23.16b
+	eor	x23, x23, x0
+	ushr	v30.2d, v29.2d, #63
+	eor	x4, x4, x1
+	sli	v30.2d, v29.2d, #1
+	eor	x9, x9, x1
+	eor	v27.16b, v27.16b, v30.16b
+	eor	x14, x14, x1
+	ushr	v30.2d, v31.2d, #63
+	eor	x20, x20, x1
+	sli	v30.2d, v31.2d, #1
+	eor	x25, x25, x1
+	eor	v29.16b, v29.16b, v30.16b
+	ldr	x0, [x29, #32]
+	# Swap Rotate NEON
+	eor	v0.16b, v0.16b, v25.16b
+	eor	v31.16b, v1.16b, v26.16b
+	ldr	x1, [x29, #24]
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x28, x28, x30, ror 63
+	ushr	v30.2d, v31.2d, #63
+	eor	x30, x30, x1, ror 63
+	ushr	v1.2d, v6.2d, #20
+	eor	x1, x1, x0, ror 63
+	sli	v30.2d, v31.2d, #1
+	eor	x6, x6, x28
+	sli	v1.2d, v6.2d, #44
+	eor	x11, x11, x28
+	eor	v31.16b, v9.16b, v29.16b
+	eor	x16, x16, x28
+	eor	v22.16b, v22.16b, v27.16b
+	eor	x22, x22, x28
+	ushr	v6.2d, v31.2d, #44
+	eor	x27, x27, x28
+	ushr	v9.2d, v22.2d, #3
+	eor	x3, x3, x30
+	sli	v6.2d, v31.2d, #20
+	eor	x8, x8, x30
+	sli	v9.2d, v22.2d, #61
+	eor	x13, x13, x30
+	eor	v31.16b, v14.16b, v29.16b
+	eor	x19, x19, x30
+	eor	v20.16b, v20.16b, v25.16b
+	eor	x24, x24, x30
+	ushr	v22.2d, v31.2d, #25
+	eor	x5, x5, x1
+	ushr	v14.2d, v20.2d, #46
+	eor	x10, x10, x1
+	sli	v22.2d, v31.2d, #39
+	eor	x15, x15, x1
+	sli	v14.2d, v20.2d, #18
+	eor	x21, x21, x1
+	eor	v31.16b, v2.16b, v27.16b
+	eor	x26, x26, x1
+	# Swap Rotate Base
+	eor	v12.16b, v12.16b, v27.16b
+	ror	x0, x3, #63
+	ushr	v20.2d, v31.2d, #2
+	ror	x3, x8, #20
+	ushr	v2.2d, v12.2d, #21
+	ror	x8, x11, #44
+	sli	v20.2d, v31.2d, #62
+	ror	x11, x25, #3
+	sli	v2.2d, v12.2d, #43
+	ror	x25, x16, #25
+	eor	v31.16b, v13.16b, v28.16b
+	ror	x16, x23, #46
+	eor	v19.16b, v19.16b, v29.16b
+	ror	x23, x4, #2
+	ushr	v12.2d, v31.2d, #39
+	ror	x4, x14, #21
+	ushr	v13.2d, v19.2d, #56
+	ror	x14, x15, #39
+	sli	v12.2d, v31.2d, #25
+	ror	x15, x22, #56
+	sli	v13.2d, v19.2d, #8
+	ror	x22, x26, #8
+	eor	v31.16b, v23.16b, v28.16b
+	ror	x26, x17, #23
+	eor	v15.16b, v15.16b, v25.16b
+	ror	x17, x6, #37
+	ushr	v19.2d, v31.2d, #8
+	ror	x6, x27, #50
+	ushr	v23.2d, v15.2d, #23
+	ror	x27, x24, #62
+	sli	v19.2d, v31.2d, #56
+	ror	x24, x10, #9
+	sli	v23.2d, v15.2d, #41
+	ror	x10, x19, #19
+	eor	v31.16b, v4.16b, v29.16b
+	ror	x19, x7, #28
+	eor	v24.16b, v24.16b, v29.16b
+	ror	x7, x5, #36
+	ushr	v15.2d, v31.2d, #37
+	ror	x5, x21, #43
+	ushr	v4.2d, v24.2d, #50
+	ror	x21, x20, #49
+	sli	v15.2d, v31.2d, #27
+	ror	x20, x13, #54
+	sli	v4.2d, v24.2d, #14
+	ror	x13, x9, #58
+	eor	v31.16b, v21.16b, v26.16b
+	ror	x9, x12, #61
+	# Row Mix Base
+	eor	v8.16b, v8.16b, v28.16b
+	bic	x12, x4, x3
+	ushr	v24.2d, v31.2d, #62
+	bic	x1, x5, x4
+	ushr	v21.2d, v8.2d, #9
+	bic	x28, x2, x6
+	sli	v24.2d, v31.2d, #2
+	bic	x30, x3, x2
+	sli	v21.2d, v8.2d, #55
+	eor	x2, x2, x12
+	eor	v31.16b, v16.16b, v26.16b
+	eor	x3, x3, x1
+	eor	v5.16b, v5.16b, v25.16b
+	bic	x12, x6, x5
+	ushr	v8.2d, v31.2d, #19
+	eor	x5, x5, x28
+	ushr	v16.2d, v5.2d, #28
+	eor	x4, x4, x12
+	sli	v8.2d, v31.2d, #45
+	eor	x6, x6, x30
+	sli	v16.2d, v5.2d, #36
+	bic	x12, x9, x8
+	eor	v31.16b, v3.16b, v28.16b
+	bic	x1, x10, x9
+	eor	v18.16b, v18.16b, v28.16b
+	bic	x28, x7, x11
+	ushr	v5.2d, v31.2d, #36
+	bic	x30, x8, x7
+	ushr	v3.2d, v18.2d, #43
+	eor	x7, x7, x12
+	sli	v5.2d, v31.2d, #28
+	eor	x8, x8, x1
+	sli	v3.2d, v18.2d, #21
+	bic	x12, x11, x10
+	eor	v31.16b, v17.16b, v27.16b
+	eor	x10, x10, x28
+	eor	v11.16b, v11.16b, v26.16b
+	eor	x9, x9, x12
+	ushr	v18.2d, v31.2d, #49
+	eor	x11, x11, x30
+	ushr	v17.2d, v11.2d, #54
+	bic	x12, x14, x13
+	sli	v18.2d, v31.2d, #15
+	bic	x1, x15, x14
+	sli	v17.2d, v11.2d, #10
+	bic	x28, x0, x16
+	eor	v31.16b, v7.16b, v27.16b
+	bic	x30, x13, x0
+	eor	v10.16b, v10.16b, v25.16b
+	eor	x12, x0, x12
+	ushr	v11.2d, v31.2d, #58
+	eor	x13, x13, x1
+	ushr	v7.2d, v10.2d, #61
+	bic	x0, x16, x15
+	sli	v11.2d, v31.2d, #6
+	eor	x15, x15, x28
+	sli	v7.2d, v10.2d, #3
+	eor	x14, x14, x0
+	# Row Mix NEON
+	bic	v25.16b, v2.16b, v1.16b
+	eor	x16, x16, x30
+	bic	v26.16b, v3.16b, v2.16b
+	bic	x0, x20, x19
+	bic	v27.16b, v4.16b, v3.16b
+	bic	x1, x21, x20
+	bic	v28.16b, v0.16b, v4.16b
+	bic	x28, x17, x22
+	bic	v29.16b, v1.16b, v0.16b
+	bic	x30, x19, x17
+	eor	v0.16b, v0.16b, v25.16b
+	eor	x17, x17, x0
+	eor	v1.16b, v1.16b, v26.16b
+	eor	x19, x19, x1
+	eor	v2.16b, v2.16b, v27.16b
+	bic	x0, x22, x21
+	eor	v3.16b, v3.16b, v28.16b
+	eor	x21, x21, x28
+	eor	v4.16b, v4.16b, v29.16b
+	eor	x20, x20, x0
+	bic	v25.16b, v7.16b, v6.16b
+	eor	x22, x22, x30
+	bic	v26.16b, v8.16b, v7.16b
+	bic	x0, x25, x24
+	bic	v27.16b, v9.16b, v8.16b
+	bic	x1, x26, x25
+	bic	v28.16b, v5.16b, v9.16b
+	bic	x28, x23, x27
+	bic	v29.16b, v6.16b, v5.16b
+	bic	x30, x24, x23
+	eor	v5.16b, v5.16b, v25.16b
+	eor	x23, x23, x0
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x24, x24, x1
+	eor	v7.16b, v7.16b, v27.16b
+	bic	x0, x27, x26
+	eor	v8.16b, v8.16b, v28.16b
+	eor	x26, x26, x28
+	eor	v9.16b, v9.16b, v29.16b
+	eor	x25, x25, x0
+	bic	v25.16b, v12.16b, v11.16b
+	eor	x27, x27, x30
+	bic	v26.16b, v13.16b, v12.16b
+	bic	v27.16b, v14.16b, v13.16b
+	bic	v28.16b, v30.16b, v14.16b
+	bic	v29.16b, v11.16b, v30.16b
+	eor	v10.16b, v30.16b, v25.16b
+	eor	v11.16b, v11.16b, v26.16b
+	eor	v12.16b, v12.16b, v27.16b
+	eor	v13.16b, v13.16b, v28.16b
+	eor	v14.16b, v14.16b, v29.16b
+	bic	v25.16b, v17.16b, v16.16b
+	bic	v26.16b, v18.16b, v17.16b
+	bic	v27.16b, v19.16b, v18.16b
+	bic	v28.16b, v15.16b, v19.16b
+	bic	v29.16b, v16.16b, v15.16b
+	eor	v15.16b, v15.16b, v25.16b
+	eor	v16.16b, v16.16b, v26.16b
+	eor	v17.16b, v17.16b, v27.16b
+	eor	v18.16b, v18.16b, v28.16b
+	eor	v19.16b, v19.16b, v29.16b
+	bic	v25.16b, v22.16b, v21.16b
+	bic	v26.16b, v23.16b, v22.16b
+	bic	v27.16b, v24.16b, v23.16b
+	bic	v28.16b, v20.16b, v24.16b
+	bic	v29.16b, v21.16b, v20.16b
+	eor	v20.16b, v20.16b, v25.16b
+	eor	v21.16b, v21.16b, v26.16b
+	eor	v22.16b, v22.16b, v27.16b
+	eor	v23.16b, v23.16b, v28.16b
+	eor	v24.16b, v24.16b, v29.16b
+	# Done transforming
+	ldp	x28, x1, [x29, #48]
+	ldr	x0, [x28], #8
+	subs	x1, x1, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x2, x2, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_shake128_blocksx3_seed_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x2, x3, [x0]
+	stp	x4, x5, [x0, #16]
+	stp	x6, x7, [x0, #32]
+	stp	x8, x9, [x0, #48]
+	stp	x10, x11, [x0, #64]
+	stp	x12, x13, [x0, #80]
+	stp	x14, x15, [x0, #96]
+	stp	x16, x17, [x0, #112]
+	stp	x19, x20, [x0, #128]
+	stp	x21, x22, [x0, #144]
+	stp	x23, x24, [x0, #160]
+	stp	x25, x26, [x0, #176]
+	str	x27, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	mlkem_shake128_blocksx3_seed_neon,.-mlkem_shake128_blocksx3_seed_neon
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	mlkem_shake256_blocksx3_seed_neon
+.type	mlkem_shake256_blocksx3_seed_neon,@function
+.align	2
+mlkem_shake256_blocksx3_seed_neon:
+#else
+.section	__TEXT,__text
+.globl	_mlkem_shake256_blocksx3_seed_neon
+.p2align	2
+_mlkem_shake256_blocksx3_seed_neon:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-224]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+	stp	d8, d9, [x29, #160]
+	stp	d10, d11, [x29, #176]
+	stp	d12, d13, [x29, #192]
+	stp	d14, d15, [x29, #208]
+#ifndef __APPLE__
+	adrp x28, L_sha3_aarch64_r
+	add  x28, x28, :lo12:L_sha3_aarch64_r
+#else
+	adrp x28, L_sha3_aarch64_r@PAGE
+	add  x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF
+#endif /* __APPLE__ */
+	str	x0, [x29, #40]
+	add	x0, x0, #32
+	ld1	{v4.d}[0], [x0]
+	ldp	x2, x3, [x1], #16
+	add	x0, x0, #0xc8
+	ld1	{v4.d}[1], [x0]
+	ldp	x4, x5, [x1], #16
+	ldr	x6, [x0, #200]
+	eor	v5.16b, v5.16b, v5.16b
+	eor	x7, x7, x7
+	eor	v6.16b, v6.16b, v6.16b
+	eor	x8, x8, x8
+	eor	v7.16b, v7.16b, v7.16b
+	eor	x9, x9, x9
+	eor	v8.16b, v8.16b, v8.16b
+	eor	x10, x10, x10
+	eor	v9.16b, v9.16b, v9.16b
+	eor	x11, x11, x11
+	eor	v10.16b, v10.16b, v10.16b
+	eor	x12, x12, x12
+	eor	v11.16b, v11.16b, v11.16b
+	eor	x13, x13, x13
+	eor	v12.16b, v12.16b, v12.16b
+	eor	x14, x14, x14
+	eor	v13.16b, v13.16b, v13.16b
+	eor	x15, x15, x15
+	eor	v14.16b, v14.16b, v14.16b
+	eor	x16, x16, x16
+	eor	v15.16b, v15.16b, v15.16b
+	eor	x17, x17, x17
+	movz	x19, #0x8000, lsl 48
+	eor	v17.16b, v17.16b, v17.16b
+	eor	x20, x20, x20
+	eor	v18.16b, v18.16b, v18.16b
+	eor	x21, x21, x21
+	eor	v19.16b, v19.16b, v19.16b
+	eor	x22, x22, x22
+	eor	v20.16b, v20.16b, v20.16b
+	eor	x23, x23, x23
+	eor	v21.16b, v21.16b, v21.16b
+	eor	x24, x24, x24
+	eor	v22.16b, v22.16b, v22.16b
+	eor	x25, x25, x25
+	eor	v23.16b, v23.16b, v23.16b
+	eor	x26, x26, x26
+	eor	v24.16b, v24.16b, v24.16b
+	eor	x27, x27, x27
+	dup	v0.2d, x2
+	dup	v1.2d, x3
+	dup	v2.2d, x4
+	dup	v3.2d, x5
+	dup	v16.2d, x19
+	mov	x1, #24
+	# Start of 24 rounds
+L_SHA3_shake256_blocksx3_seed_neon_begin:
+	stp	x28, x1, [x29, #48]
+	# Col Mix NEON
+	eor	v30.16b, v4.16b, v9.16b
+	eor	x0, x6, x11
+	eor	v27.16b, v1.16b, v6.16b
+	eor	x30, x2, x7
+	eor	v30.16b, v30.16b, v14.16b
+	eor	x28, x4, x9
+	eor	v27.16b, v27.16b, v11.16b
+	eor	x0, x0, x16
+	eor	v30.16b, v30.16b, v19.16b
+	eor	x30, x30, x12
+	eor	v27.16b, v27.16b, v16.16b
+	eor	x28, x28, x14
+	eor	v30.16b, v30.16b, v24.16b
+	eor	x0, x0, x22
+	eor	v27.16b, v27.16b, v21.16b
+	eor	x30, x30, x17
+	ushr	v25.2d, v27.2d, #63
+	eor	x28, x28, x20
+	sli	v25.2d, v27.2d, #1
+	eor	x0, x0, x27
+	eor	v25.16b, v25.16b, v30.16b
+	eor	x30, x30, x23
+	eor	v31.16b, v0.16b, v5.16b
+	eor	x28, x28, x25
+	eor	v28.16b, v2.16b, v7.16b
+	str	x0, [x29, #32]
+	eor	v31.16b, v31.16b, v10.16b
+	str	x28, [x29, #24]
+	eor	v28.16b, v28.16b, v12.16b
+	eor	x1, x3, x8
+	eor	v31.16b, v31.16b, v15.16b
+	eor	x28, x5, x10
+	eor	v28.16b, v28.16b, v17.16b
+	eor	x1, x1, x13
+	eor	v31.16b, v31.16b, v20.16b
+	eor	x28, x28, x15
+	eor	v28.16b, v28.16b, v22.16b
+	eor	x1, x1, x19
+	ushr	v29.2d, v30.2d, #63
+	eor	x28, x28, x21
+	ushr	v26.2d, v28.2d, #63
+	eor	x1, x1, x24
+	sli	v29.2d, v30.2d, #1
+	eor	x28, x28, x26
+	sli	v26.2d, v28.2d, #1
+	eor	x0, x0, x1, ror 63
+	eor	v28.16b, v28.16b, v29.16b
+	eor	x1, x1, x28, ror 63
+	eor	v29.16b, v3.16b, v8.16b
+	eor	x2, x2, x0
+	eor	v26.16b, v26.16b, v31.16b
+	eor	x7, x7, x0
+	eor	v29.16b, v29.16b, v13.16b
+	eor	x12, x12, x0
+	eor	v29.16b, v29.16b, v18.16b
+	eor	x17, x17, x0
+	eor	v29.16b, v29.16b, v23.16b
+	eor	x23, x23, x0
+	ushr	v30.2d, v29.2d, #63
+	eor	x4, x4, x1
+	sli	v30.2d, v29.2d, #1
+	eor	x9, x9, x1
+	eor	v27.16b, v27.16b, v30.16b
+	eor	x14, x14, x1
+	ushr	v30.2d, v31.2d, #63
+	eor	x20, x20, x1
+	sli	v30.2d, v31.2d, #1
+	eor	x25, x25, x1
+	eor	v29.16b, v29.16b, v30.16b
+	ldr	x0, [x29, #32]
+	# Swap Rotate NEON
+	eor	v0.16b, v0.16b, v25.16b
+	eor	v31.16b, v1.16b, v26.16b
+	ldr	x1, [x29, #24]
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x28, x28, x30, ror 63
+	ushr	v30.2d, v31.2d, #63
+	eor	x30, x30, x1, ror 63
+	ushr	v1.2d, v6.2d, #20
+	eor	x1, x1, x0, ror 63
+	sli	v30.2d, v31.2d, #1
+	eor	x6, x6, x28
+	sli	v1.2d, v6.2d, #44
+	eor	x11, x11, x28
+	eor	v31.16b, v9.16b, v29.16b
+	eor	x16, x16, x28
+	eor	v22.16b, v22.16b, v27.16b
+	eor	x22, x22, x28
+	ushr	v6.2d, v31.2d, #44
+	eor	x27, x27, x28
+	ushr	v9.2d, v22.2d, #3
+	eor	x3, x3, x30
+	sli	v6.2d, v31.2d, #20
+	eor	x8, x8, x30
+	sli	v9.2d, v22.2d, #61
+	eor	x13, x13, x30
+	eor	v31.16b, v14.16b, v29.16b
+	eor	x19, x19, x30
+	eor	v20.16b, v20.16b, v25.16b
+	eor	x24, x24, x30
+	ushr	v22.2d, v31.2d, #25
+	eor	x5, x5, x1
+	ushr	v14.2d, v20.2d, #46
+	eor	x10, x10, x1
+	sli	v22.2d, v31.2d, #39
+	eor	x15, x15, x1
+	sli	v14.2d, v20.2d, #18
+	eor	x21, x21, x1
+	eor	v31.16b, v2.16b, v27.16b
+	eor	x26, x26, x1
+	# Swap Rotate Base
+	eor	v12.16b, v12.16b, v27.16b
+	ror	x0, x3, #63
+	ushr	v20.2d, v31.2d, #2
+	ror	x3, x8, #20
+	ushr	v2.2d, v12.2d, #21
+	ror	x8, x11, #44
+	sli	v20.2d, v31.2d, #62
+	ror	x11, x25, #3
+	sli	v2.2d, v12.2d, #43
+	ror	x25, x16, #25
+	eor	v31.16b, v13.16b, v28.16b
+	ror	x16, x23, #46
+	eor	v19.16b, v19.16b, v29.16b
+	ror	x23, x4, #2
+	ushr	v12.2d, v31.2d, #39
+	ror	x4, x14, #21
+	ushr	v13.2d, v19.2d, #56
+	ror	x14, x15, #39
+	sli	v12.2d, v31.2d, #25
+	ror	x15, x22, #56
+	sli	v13.2d, v19.2d, #8
+	ror	x22, x26, #8
+	eor	v31.16b, v23.16b, v28.16b
+	ror	x26, x17, #23
+	eor	v15.16b, v15.16b, v25.16b
+	ror	x17, x6, #37
+	ushr	v19.2d, v31.2d, #8
+	ror	x6, x27, #50
+	ushr	v23.2d, v15.2d, #23
+	ror	x27, x24, #62
+	sli	v19.2d, v31.2d, #56
+	ror	x24, x10, #9
+	sli	v23.2d, v15.2d, #41
+	ror	x10, x19, #19
+	eor	v31.16b, v4.16b, v29.16b
+	ror	x19, x7, #28
+	eor	v24.16b, v24.16b, v29.16b
+	ror	x7, x5, #36
+	ushr	v15.2d, v31.2d, #37
+	ror	x5, x21, #43
+	ushr	v4.2d, v24.2d, #50
+	ror	x21, x20, #49
+	sli	v15.2d, v31.2d, #27
+	ror	x20, x13, #54
+	sli	v4.2d, v24.2d, #14
+	ror	x13, x9, #58
+	eor	v31.16b, v21.16b, v26.16b
+	ror	x9, x12, #61
+	# Row Mix Base
+	eor	v8.16b, v8.16b, v28.16b
+	bic	x12, x4, x3
+	ushr	v24.2d, v31.2d, #62
+	bic	x1, x5, x4
+	ushr	v21.2d, v8.2d, #9
+	bic	x28, x2, x6
+	sli	v24.2d, v31.2d, #2
+	bic	x30, x3, x2
+	sli	v21.2d, v8.2d, #55
+	eor	x2, x2, x12
+	eor	v31.16b, v16.16b, v26.16b
+	eor	x3, x3, x1
+	eor	v5.16b, v5.16b, v25.16b
+	bic	x12, x6, x5
+	ushr	v8.2d, v31.2d, #19
+	eor	x5, x5, x28
+	ushr	v16.2d, v5.2d, #28
+	eor	x4, x4, x12
+	sli	v8.2d, v31.2d, #45
+	eor	x6, x6, x30
+	sli	v16.2d, v5.2d, #36
+	bic	x12, x9, x8
+	eor	v31.16b, v3.16b, v28.16b
+	bic	x1, x10, x9
+	eor	v18.16b, v18.16b, v28.16b
+	bic	x28, x7, x11
+	ushr	v5.2d, v31.2d, #36
+	bic	x30, x8, x7
+	ushr	v3.2d, v18.2d, #43
+	eor	x7, x7, x12
+	sli	v5.2d, v31.2d, #28
+	eor	x8, x8, x1
+	sli	v3.2d, v18.2d, #21
+	bic	x12, x11, x10
+	eor	v31.16b, v17.16b, v27.16b
+	eor	x10, x10, x28
+	eor	v11.16b, v11.16b, v26.16b
+	eor	x9, x9, x12
+	ushr	v18.2d, v31.2d, #49
+	eor	x11, x11, x30
+	ushr	v17.2d, v11.2d, #54
+	bic	x12, x14, x13
+	sli	v18.2d, v31.2d, #15
+	bic	x1, x15, x14
+	sli	v17.2d, v11.2d, #10
+	bic	x28, x0, x16
+	eor	v31.16b, v7.16b, v27.16b
+	bic	x30, x13, x0
+	eor	v10.16b, v10.16b, v25.16b
+	eor	x12, x0, x12
+	ushr	v11.2d, v31.2d, #58
+	eor	x13, x13, x1
+	ushr	v7.2d, v10.2d, #61
+	bic	x0, x16, x15
+	sli	v11.2d, v31.2d, #6
+	eor	x15, x15, x28
+	sli	v7.2d, v10.2d, #3
+	eor	x14, x14, x0
+	# Row Mix NEON
+	bic	v25.16b, v2.16b, v1.16b
+	eor	x16, x16, x30
+	bic	v26.16b, v3.16b, v2.16b
+	bic	x0, x20, x19
+	bic	v27.16b, v4.16b, v3.16b
+	bic	x1, x21, x20
+	bic	v28.16b, v0.16b, v4.16b
+	bic	x28, x17, x22
+	bic	v29.16b, v1.16b, v0.16b
+	bic	x30, x19, x17
+	eor	v0.16b, v0.16b, v25.16b
+	eor	x17, x17, x0
+	eor	v1.16b, v1.16b, v26.16b
+	eor	x19, x19, x1
+	eor	v2.16b, v2.16b, v27.16b
+	bic	x0, x22, x21
+	eor	v3.16b, v3.16b, v28.16b
+	eor	x21, x21, x28
+	eor	v4.16b, v4.16b, v29.16b
+	eor	x20, x20, x0
+	bic	v25.16b, v7.16b, v6.16b
+	eor	x22, x22, x30
+	bic	v26.16b, v8.16b, v7.16b
+	bic	x0, x25, x24
+	bic	v27.16b, v9.16b, v8.16b
+	bic	x1, x26, x25
+	bic	v28.16b, v5.16b, v9.16b
+	bic	x28, x23, x27
+	bic	v29.16b, v6.16b, v5.16b
+	bic	x30, x24, x23
+	eor	v5.16b, v5.16b, v25.16b
+	eor	x23, x23, x0
+	eor	v6.16b, v6.16b, v26.16b
+	eor	x24, x24, x1
+	eor	v7.16b, v7.16b, v27.16b
+	bic	x0, x27, x26
+	eor	v8.16b, v8.16b, v28.16b
+	eor	x26, x26, x28
+	eor	v9.16b, v9.16b, v29.16b
+	eor	x25, x25, x0
+	bic	v25.16b, v12.16b, v11.16b
+	eor	x27, x27, x30
+	bic	v26.16b, v13.16b, v12.16b
+	bic	v27.16b, v14.16b, v13.16b
+	bic	v28.16b, v30.16b, v14.16b
+	bic	v29.16b, v11.16b, v30.16b
+	eor	v10.16b, v30.16b, v25.16b
+	eor	v11.16b, v11.16b, v26.16b
+	eor	v12.16b, v12.16b, v27.16b
+	eor	v13.16b, v13.16b, v28.16b
+	eor	v14.16b, v14.16b, v29.16b
+	bic	v25.16b, v17.16b, v16.16b
+	bic	v26.16b, v18.16b, v17.16b
+	bic	v27.16b, v19.16b, v18.16b
+	bic	v28.16b, v15.16b, v19.16b
+	bic	v29.16b, v16.16b, v15.16b
+	eor	v15.16b, v15.16b, v25.16b
+	eor	v16.16b, v16.16b, v26.16b
+	eor	v17.16b, v17.16b, v27.16b
+	eor	v18.16b, v18.16b, v28.16b
+	eor	v19.16b, v19.16b, v29.16b
+	bic	v25.16b, v22.16b, v21.16b
+	bic	v26.16b, v23.16b, v22.16b
+	bic	v27.16b, v24.16b, v23.16b
+	bic	v28.16b, v20.16b, v24.16b
+	bic	v29.16b, v21.16b, v20.16b
+	eor	v20.16b, v20.16b, v25.16b
+	eor	v21.16b, v21.16b, v26.16b
+	eor	v22.16b, v22.16b, v27.16b
+	eor	v23.16b, v23.16b, v28.16b
+	eor	v24.16b, v24.16b, v29.16b
+	# Done transforming
+	ldp	x28, x1, [x29, #48]
+	ldr	x0, [x28], #8
+	subs	x1, x1, #1
+	mov	v30.d[0], x0
+	mov	v30.d[1], x0
+	eor	x2, x2, x0
+	eor	v0.16b, v0.16b, v30.16b
+	bne	L_SHA3_shake256_blocksx3_seed_neon_begin
+	ldr	x0, [x29, #40]
+	st4	{v0.d, v1.d, v2.d, v3.d}[0], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[0], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[0], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[0], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[0], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[0], [x0], #32
+	st1	{v24.d}[0], [x0]
+	add	x0, x0, #8
+	st4	{v0.d, v1.d, v2.d, v3.d}[1], [x0], #32
+	st4	{v4.d, v5.d, v6.d, v7.d}[1], [x0], #32
+	st4	{v8.d, v9.d, v10.d, v11.d}[1], [x0], #32
+	st4	{v12.d, v13.d, v14.d, v15.d}[1], [x0], #32
+	st4	{v16.d, v17.d, v18.d, v19.d}[1], [x0], #32
+	st4	{v20.d, v21.d, v22.d, v23.d}[1], [x0], #32
+	st1	{v24.d}[1], [x0]
+	add	x0, x0, #8
+	stp	x2, x3, [x0]
+	stp	x4, x5, [x0, #16]
+	stp	x6, x7, [x0, #32]
+	stp	x8, x9, [x0, #48]
+	stp	x10, x11, [x0, #64]
+	stp	x12, x13, [x0, #80]
+	stp	x14, x15, [x0, #96]
+	stp	x16, x17, [x0, #112]
+	stp	x19, x20, [x0, #128]
+	stp	x21, x22, [x0, #144]
+	stp	x23, x24, [x0, #160]
+	stp	x25, x26, [x0, #176]
+	str	x27, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	d8, d9, [x29, #160]
+	ldp	d10, d11, [x29, #176]
+	ldp	d12, d13, [x29, #192]
+	ldp	d14, d15, [x29, #208]
+	ldp	x29, x30, [sp], #0xe0
+	ret
+#ifndef __APPLE__
+	.size	mlkem_shake256_blocksx3_seed_neon,.-mlkem_shake256_blocksx3_seed_neon
+#endif /* __APPLE__ */
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#endif /* WOLFSSL_WC_MLKEM */
+#endif /* __aarch64__ */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-mlkem-asm_c.c b/wolfcrypt/src/port/arm/armv8-mlkem-asm_c.c
new file mode 100644
index 000000000..7b8cf20e0
--- /dev/null
+++ b/wolfcrypt/src/port/arm/armv8-mlkem-asm_c.c
@@ -0,0 +1,11705 @@
+/* armv8-mlkem-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb arm64 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-mlkem-asm.c
+ */
+#ifdef WOLFSSL_ARMASM
+#ifdef __aarch64__
+#ifdef WOLFSSL_ARMASM_INLINE
+static const word16 L_mlkem_aarch64_q[] = {
+    0x0d01, 0x0d01, 0x0d01, 0x0d01, 0x0d01, 0x0d01, 0x0d01, 0x0d01,
+};
+
+static const word16 L_mlkem_aarch64_consts[] = {
+    0x0d01, 0xf301, 0x4ebf, 0x0549, 0x5049, 0x0000, 0x0000, 0x0000,
+};
+
+static const word64 L_sha3_aarch64_r[] = {
+    0x0000000000000001, 0x0000000000008082,
+    0x800000000000808a, 0x8000000080008000,
+    0x000000000000808b, 0x0000000080000001,
+    0x8000000080008081, 0x8000000000008009,
+    0x000000000000008a, 0x0000000000000088,
+    0x0000000080008009, 0x000000008000000a,
+    0x000000008000808b, 0x800000000000008b,
+    0x8000000000008089, 0x8000000000008003,
+    0x8000000000008002, 0x8000000000000080,
+    0x000000000000800a, 0x800000008000000a,
+    0x8000000080008081, 0x8000000000008080,
+    0x0000000080000001, 0x8000000080008008,
+};
+
+#include <wolfssl/wolfcrypt/wc_mlkem.h>
+
+#ifdef WOLFSSL_WC_MLKEM
+static const word16 L_mlkem_aarch64_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260, 0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x04c7, 0x04c7, 0x04c7, 0x028c, 0x028c, 0x028c, 0x028c,
+    0x0ad9, 0x0ad9, 0x0ad9, 0x0ad9, 0x03f7, 0x03f7, 0x03f7, 0x03f7,
+    0x07f4, 0x07f4, 0x07f4, 0x07f4, 0x05d3, 0x05d3, 0x05d3, 0x05d3,
+    0x0be7, 0x0be7, 0x0be7, 0x0be7, 0x06f9, 0x06f9, 0x06f9, 0x06f9,
+    0x0204, 0x0204, 0x0204, 0x0204, 0x0cf9, 0x0cf9, 0x0cf9, 0x0cf9,
+    0x0bc1, 0x0bc1, 0x0bc1, 0x0bc1, 0x0a67, 0x0a67, 0x0a67, 0x0a67,
+    0x06af, 0x06af, 0x06af, 0x06af, 0x0877, 0x0877, 0x0877, 0x0877,
+    0x007e, 0x007e, 0x007e, 0x007e, 0x05bd, 0x05bd, 0x05bd, 0x05bd,
+    0x09ac, 0x09ac, 0x09ac, 0x09ac, 0x0ca7, 0x0ca7, 0x0ca7, 0x0ca7,
+    0x0bf2, 0x0bf2, 0x0bf2, 0x0bf2, 0x033e, 0x033e, 0x033e, 0x033e,
+    0x006b, 0x006b, 0x006b, 0x006b, 0x0774, 0x0774, 0x0774, 0x0774,
+    0x0c0a, 0x0c0a, 0x0c0a, 0x0c0a, 0x094a, 0x094a, 0x094a, 0x094a,
+    0x0b73, 0x0b73, 0x0b73, 0x0b73, 0x03c1, 0x03c1, 0x03c1, 0x03c1,
+    0x071d, 0x071d, 0x071d, 0x071d, 0x0a2c, 0x0a2c, 0x0a2c, 0x0a2c,
+    0x01c0, 0x01c0, 0x01c0, 0x01c0, 0x08d8, 0x08d8, 0x08d8, 0x08d8,
+    0x02a5, 0x02a5, 0x02a5, 0x02a5, 0x0806, 0x0806, 0x0806, 0x0806,
+    0x08b2, 0x08b2, 0x01ae, 0x01ae, 0x022b, 0x022b, 0x034b, 0x034b,
+    0x081e, 0x081e, 0x0367, 0x0367, 0x060e, 0x060e, 0x0069, 0x0069,
+    0x01a6, 0x01a6, 0x024b, 0x024b, 0x00b1, 0x00b1, 0x0c16, 0x0c16,
+    0x0bde, 0x0bde, 0x0b35, 0x0b35, 0x0626, 0x0626, 0x0675, 0x0675,
+    0x0c0b, 0x0c0b, 0x030a, 0x030a, 0x0487, 0x0487, 0x0c6e, 0x0c6e,
+    0x09f8, 0x09f8, 0x05cb, 0x05cb, 0x0aa7, 0x0aa7, 0x045f, 0x045f,
+    0x06cb, 0x06cb, 0x0284, 0x0284, 0x0999, 0x0999, 0x015d, 0x015d,
+    0x01a2, 0x01a2, 0x0149, 0x0149, 0x0c65, 0x0c65, 0x0cb6, 0x0cb6,
+    0x0331, 0x0331, 0x0449, 0x0449, 0x025b, 0x025b, 0x0262, 0x0262,
+    0x052a, 0x052a, 0x07fc, 0x07fc, 0x0748, 0x0748, 0x0180, 0x0180,
+    0x0842, 0x0842, 0x0c79, 0x0c79, 0x04c2, 0x04c2, 0x07ca, 0x07ca,
+    0x0997, 0x0997, 0x00dc, 0x00dc, 0x085e, 0x085e, 0x0686, 0x0686,
+    0x0860, 0x0860, 0x0707, 0x0707, 0x0803, 0x0803, 0x031a, 0x031a,
+    0x071b, 0x071b, 0x09ab, 0x09ab, 0x099b, 0x099b, 0x01de, 0x01de,
+    0x0c95, 0x0c95, 0x0bcd, 0x0bcd, 0x03e4, 0x03e4, 0x03df, 0x03df,
+    0x03be, 0x03be, 0x074d, 0x074d, 0x05f2, 0x05f2, 0x065c, 0x065c,
+};
+
+static const word16 L_mlkem_aarch64_zetas_qinv[] = {
+    0xffed, 0x7b0b, 0x399a, 0x0314, 0x34d5, 0xcf8e, 0x6e1f, 0xbeca,
+    0xae56, 0x6c6e, 0xf129, 0xc2b6, 0x29c2, 0x054f, 0xd43f, 0x79bc,
+    0xe93d, 0x43d4, 0x9908, 0x8e7f, 0x15c4, 0xfbb2, 0x53bf, 0x997f,
+    0x9258, 0x5ef9, 0xd6dc, 0x2260, 0x47fb, 0x229b, 0x6834, 0xc0de,
+    0xe9c7, 0xe9c7, 0xe9c7, 0xe9c7, 0xe68c, 0xe68c, 0xe68c, 0xe68c,
+    0x05d9, 0x05d9, 0x05d9, 0x05d9, 0x78f7, 0x78f7, 0x78f7, 0x78f7,
+    0xa3f4, 0xa3f4, 0xa3f4, 0xa3f4, 0x4ed3, 0x4ed3, 0x4ed3, 0x4ed3,
+    0x50e7, 0x50e7, 0x50e7, 0x50e7, 0x61f9, 0x61f9, 0x61f9, 0x61f9,
+    0xce04, 0xce04, 0xce04, 0xce04, 0x67f9, 0x67f9, 0x67f9, 0x67f9,
+    0x3ec1, 0x3ec1, 0x3ec1, 0x3ec1, 0xcf67, 0xcf67, 0xcf67, 0xcf67,
+    0x23af, 0x23af, 0x23af, 0x23af, 0xfd77, 0xfd77, 0xfd77, 0xfd77,
+    0x9a7e, 0x9a7e, 0x9a7e, 0x9a7e, 0x6cbd, 0x6cbd, 0x6cbd, 0x6cbd,
+    0x4dac, 0x4dac, 0x4dac, 0x4dac, 0x91a7, 0x91a7, 0x91a7, 0x91a7,
+    0xc1f2, 0xc1f2, 0xc1f2, 0xc1f2, 0xdd3e, 0xdd3e, 0xdd3e, 0xdd3e,
+    0x916b, 0x916b, 0x916b, 0x916b, 0x2374, 0x2374, 0x2374, 0x2374,
+    0x8a0a, 0x8a0a, 0x8a0a, 0x8a0a, 0x474a, 0x474a, 0x474a, 0x474a,
+    0x3473, 0x3473, 0x3473, 0x3473, 0x36c1, 0x36c1, 0x36c1, 0x36c1,
+    0x8e1d, 0x8e1d, 0x8e1d, 0x8e1d, 0xce2c, 0xce2c, 0xce2c, 0xce2c,
+    0x41c0, 0x41c0, 0x41c0, 0x41c0, 0x10d8, 0x10d8, 0x10d8, 0x10d8,
+    0xa1a5, 0xa1a5, 0xa1a5, 0xa1a5, 0xba06, 0xba06, 0xba06, 0xba06,
+    0xfeb2, 0xfeb2, 0x2bae, 0x2bae, 0xd32b, 0xd32b, 0x344b, 0x344b,
+    0x821e, 0x821e, 0xc867, 0xc867, 0x500e, 0x500e, 0xab69, 0xab69,
+    0x93a6, 0x93a6, 0x334b, 0x334b, 0x03b1, 0x03b1, 0xee16, 0xee16,
+    0xc5de, 0xc5de, 0x5a35, 0x5a35, 0x1826, 0x1826, 0x1575, 0x1575,
+    0x7d0b, 0x7d0b, 0x810a, 0x810a, 0x2987, 0x2987, 0x766e, 0x766e,
+    0x71f8, 0x71f8, 0xb6cb, 0xb6cb, 0x8fa7, 0x8fa7, 0x315f, 0x315f,
+    0xb7cb, 0xb7cb, 0x4e84, 0x4e84, 0x4499, 0x4499, 0x485d, 0x485d,
+    0xc7a2, 0xc7a2, 0x4c49, 0x4c49, 0xeb65, 0xeb65, 0xceb6, 0xceb6,
+    0x8631, 0x8631, 0x4f49, 0x4f49, 0x635b, 0x635b, 0x0862, 0x0862,
+    0xe32a, 0xe32a, 0x3bfc, 0x3bfc, 0x5f48, 0x5f48, 0x8180, 0x8180,
+    0xae42, 0xae42, 0xe779, 0xe779, 0x2ac2, 0x2ac2, 0xc5ca, 0xc5ca,
+    0x5e97, 0x5e97, 0xd4dc, 0xd4dc, 0x425e, 0x425e, 0x3886, 0x3886,
+    0x2860, 0x2860, 0xac07, 0xac07, 0xe103, 0xe103, 0xb11a, 0xb11a,
+    0xa81b, 0xa81b, 0x5aab, 0x5aab, 0x2a9b, 0x2a9b, 0xbbde, 0xbbde,
+    0x7b95, 0x7b95, 0xa2cd, 0xa2cd, 0x6fe4, 0x6fe4, 0xb0df, 0xb0df,
+    0x5dbe, 0x5dbe, 0x1e4d, 0x1e4d, 0xbbf2, 0xbbf2, 0x5a5c, 0x5a5c,
+};
+
+void mlkem_ntt(sword16* r)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_mlkem_aarch64_zetas]\n\t"
+        "add  x2, x2, :lo12:%[L_mlkem_aarch64_zetas]\n\t"
+#else
+        "adrp x2, %[L_mlkem_aarch64_zetas]@PAGE\n\t"
+        "add  x2, x2, %[L_mlkem_aarch64_zetas]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_mlkem_aarch64_zetas_qinv]\n\t"
+        "add  x3, x3, :lo12:%[L_mlkem_aarch64_zetas_qinv]\n\t"
+#else
+        "adrp x3, %[L_mlkem_aarch64_zetas_qinv]@PAGE\n\t"
+        "add  x3, x3, %[L_mlkem_aarch64_zetas_qinv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_mlkem_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_mlkem_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_mlkem_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_mlkem_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "add	x1, %x[r], #0x100\n\t"
+        "ldr	q4, [x4]\n\t"
+        "ldr	q5, [%x[r]]\n\t"
+        "ldr	q6, [%x[r], #32]\n\t"
+        "ldr	q7, [%x[r], #64]\n\t"
+        "ldr	q8, [%x[r], #96]\n\t"
+        "ldr	q9, [%x[r], #128]\n\t"
+        "ldr	q10, [%x[r], #160]\n\t"
+        "ldr	q11, [%x[r], #192]\n\t"
+        "ldr	q12, [%x[r], #224]\n\t"
+        "ldr	q13, [x1]\n\t"
+        "ldr	q14, [x1, #32]\n\t"
+        "ldr	q15, [x1, #64]\n\t"
+        "ldr	q16, [x1, #96]\n\t"
+        "ldr	q17, [x1, #128]\n\t"
+        "ldr	q18, [x1, #160]\n\t"
+        "ldr	q19, [x1, #192]\n\t"
+        "ldr	q20, [x1, #224]\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "mul	v29.8h, v13.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v14.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v13.8h, v0.h[1]\n\t"
+        "sqrdmulh	v22.8h, v14.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[1]\n\t"
+        "sqrdmulh	v23.8h, v15.8h, v0.h[1]\n\t"
+        "sqrdmulh	v24.8h, v16.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[1]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[1]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[1]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[1]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v13.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v14.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v15.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v16.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v9.8h, v25.8h\n\t"
+        "add	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v18.8h, v10.8h, v26.8h\n\t"
+        "add	v10.8h, v10.8h, v26.8h\n\t"
+        "sub	v19.8h, v11.8h, v27.8h\n\t"
+        "add	v11.8h, v11.8h, v27.8h\n\t"
+        "sub	v20.8h, v12.8h, v28.8h\n\t"
+        "add	v12.8h, v12.8h, v28.8h\n\t"
+        "mul	v29.8h, v9.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v10.8h, v1.h[2]\n\t"
+        "sqrdmulh	v21.8h, v9.8h, v0.h[2]\n\t"
+        "sqrdmulh	v22.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[2]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[2]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[3]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[3]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[3]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[3]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v9.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v10.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v12.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v18.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v15.8h, v27.8h\n\t"
+        "add	v15.8h, v15.8h, v27.8h\n\t"
+        "sub	v20.8h, v16.8h, v28.8h\n\t"
+        "add	v16.8h, v16.8h, v28.8h\n\t"
+        "mul	v29.8h, v7.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[4]\n\t"
+        "sqrdmulh	v21.8h, v7.8h, v0.h[4]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[5]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[5]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[5]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[5]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[6]\n\t"
+        "sqrdmulh	v25.8h, v15.8h, v0.h[6]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[6]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[7]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[7]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v7.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v10.8h, v24.8h\n\t"
+        "add	v10.8h, v10.8h, v24.8h\n\t"
+        "sub	v15.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v18.8h, v28.8h\n\t"
+        "add	v18.8h, v18.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #16]\n\t"
+        "ldr	q1, [x3, #16]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "str	q5, [%x[r]]\n\t"
+        "str	q6, [%x[r], #32]\n\t"
+        "str	q7, [%x[r], #64]\n\t"
+        "str	q8, [%x[r], #96]\n\t"
+        "str	q9, [%x[r], #128]\n\t"
+        "str	q10, [%x[r], #160]\n\t"
+        "str	q11, [%x[r], #192]\n\t"
+        "str	q12, [%x[r], #224]\n\t"
+        "str	q13, [x1]\n\t"
+        "str	q14, [x1, #32]\n\t"
+        "str	q15, [x1, #64]\n\t"
+        "str	q16, [x1, #96]\n\t"
+        "str	q17, [x1, #128]\n\t"
+        "str	q18, [x1, #160]\n\t"
+        "str	q19, [x1, #192]\n\t"
+        "str	q20, [x1, #224]\n\t"
+        "ldr	q5, [%x[r], #16]\n\t"
+        "ldr	q6, [%x[r], #48]\n\t"
+        "ldr	q7, [%x[r], #80]\n\t"
+        "ldr	q8, [%x[r], #112]\n\t"
+        "ldr	q9, [%x[r], #144]\n\t"
+        "ldr	q10, [%x[r], #176]\n\t"
+        "ldr	q11, [%x[r], #208]\n\t"
+        "ldr	q12, [%x[r], #240]\n\t"
+        "ldr	q13, [x1, #16]\n\t"
+        "ldr	q14, [x1, #48]\n\t"
+        "ldr	q15, [x1, #80]\n\t"
+        "ldr	q16, [x1, #112]\n\t"
+        "ldr	q17, [x1, #144]\n\t"
+        "ldr	q18, [x1, #176]\n\t"
+        "ldr	q19, [x1, #208]\n\t"
+        "ldr	q20, [x1, #240]\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "mul	v29.8h, v13.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v14.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v13.8h, v0.h[1]\n\t"
+        "sqrdmulh	v22.8h, v14.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[1]\n\t"
+        "sqrdmulh	v23.8h, v15.8h, v0.h[1]\n\t"
+        "sqrdmulh	v24.8h, v16.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[1]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[1]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[1]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[1]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v13.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v14.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v15.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v16.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v9.8h, v25.8h\n\t"
+        "add	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v18.8h, v10.8h, v26.8h\n\t"
+        "add	v10.8h, v10.8h, v26.8h\n\t"
+        "sub	v19.8h, v11.8h, v27.8h\n\t"
+        "add	v11.8h, v11.8h, v27.8h\n\t"
+        "sub	v20.8h, v12.8h, v28.8h\n\t"
+        "add	v12.8h, v12.8h, v28.8h\n\t"
+        "mul	v29.8h, v9.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v10.8h, v1.h[2]\n\t"
+        "sqrdmulh	v21.8h, v9.8h, v0.h[2]\n\t"
+        "sqrdmulh	v22.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[2]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[2]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[3]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[3]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[3]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[3]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v9.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v10.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v12.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v18.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v15.8h, v27.8h\n\t"
+        "add	v15.8h, v15.8h, v27.8h\n\t"
+        "sub	v20.8h, v16.8h, v28.8h\n\t"
+        "add	v16.8h, v16.8h, v28.8h\n\t"
+        "mul	v29.8h, v7.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[4]\n\t"
+        "sqrdmulh	v21.8h, v7.8h, v0.h[4]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[5]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[5]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[5]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[5]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[6]\n\t"
+        "sqrdmulh	v25.8h, v15.8h, v0.h[6]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[6]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[7]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[7]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v7.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v10.8h, v24.8h\n\t"
+        "add	v10.8h, v10.8h, v24.8h\n\t"
+        "sub	v15.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v18.8h, v28.8h\n\t"
+        "add	v18.8h, v18.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #16]\n\t"
+        "ldr	q1, [x3, #16]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "str	q5, [%x[r], #16]\n\t"
+        "str	q6, [%x[r], #48]\n\t"
+        "str	q7, [%x[r], #80]\n\t"
+        "str	q8, [%x[r], #112]\n\t"
+        "str	q9, [%x[r], #144]\n\t"
+        "str	q10, [%x[r], #176]\n\t"
+        "str	q11, [%x[r], #208]\n\t"
+        "str	q12, [%x[r], #240]\n\t"
+        "str	q13, [x1, #16]\n\t"
+        "str	q14, [x1, #48]\n\t"
+        "str	q15, [x1, #80]\n\t"
+        "str	q16, [x1, #112]\n\t"
+        "str	q17, [x1, #144]\n\t"
+        "str	q18, [x1, #176]\n\t"
+        "str	q19, [x1, #208]\n\t"
+        "str	q20, [x1, #240]\n\t"
+        "ldp	q5, q6, [%x[r]]\n\t"
+        "ldp	q7, q8, [%x[r], #32]\n\t"
+        "ldp	q9, q10, [%x[r], #64]\n\t"
+        "ldp	q11, q12, [%x[r], #96]\n\t"
+        "ldp	q13, q14, [%x[r], #128]\n\t"
+        "ldp	q15, q16, [%x[r], #160]\n\t"
+        "ldp	q17, q18, [%x[r], #192]\n\t"
+        "ldp	q19, q20, [%x[r], #224]\n\t"
+        "ldr	q0, [x2, #32]\n\t"
+        "ldr	q1, [x3, #32]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #64]\n\t"
+        "ldr	q2, [x2, #80]\n\t"
+        "ldr	q1, [x3, #64]\n\t"
+        "ldr	q3, [x3, #80]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "trn2	v8.2d, v30.2d, v8.2d\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #96]\n\t"
+        "ldr	q2, [x2, #112]\n\t"
+        "ldr	q1, [x3, #96]\n\t"
+        "ldr	q3, [x3, #112]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "trn2	v12.2d, v30.2d, v12.2d\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #128]\n\t"
+        "ldr	q2, [x2, #144]\n\t"
+        "ldr	q1, [x3, #128]\n\t"
+        "ldr	q3, [x3, #144]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "trn2	v16.2d, v30.2d, v16.2d\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #160]\n\t"
+        "ldr	q2, [x2, #176]\n\t"
+        "ldr	q1, [x3, #160]\n\t"
+        "ldr	q3, [x3, #176]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "trn2	v20.2d, v30.2d, v20.2d\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #320]\n\t"
+        "ldr	q2, [x2, #336]\n\t"
+        "ldr	q1, [x3, #320]\n\t"
+        "ldr	q3, [x3, #336]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "trn2	v8.4s, v30.4s, v8.4s\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #352]\n\t"
+        "ldr	q2, [x2, #368]\n\t"
+        "ldr	q1, [x3, #352]\n\t"
+        "ldr	q3, [x3, #368]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "trn2	v12.4s, v30.4s, v12.4s\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #384]\n\t"
+        "ldr	q2, [x2, #400]\n\t"
+        "ldr	q1, [x3, #384]\n\t"
+        "ldr	q3, [x3, #400]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "trn2	v16.4s, v30.4s, v16.4s\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #416]\n\t"
+        "ldr	q2, [x2, #432]\n\t"
+        "ldr	q1, [x3, #416]\n\t"
+        "ldr	q3, [x3, #432]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "trn2	v20.4s, v30.4s, v20.4s\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "sqdmulh	v21.8h, v5.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v6.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v5.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v6.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v7.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v8.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v7.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v8.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v9.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v10.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v9.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v10.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v11.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v12.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v11.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v12.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v13.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v14.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v13.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v14.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v15.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v16.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v15.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v16.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v17.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v18.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v17.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v18.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v19.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v20.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v19.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v20.8h, v22.8h, v4.h[0]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v8.4s, v29.4s, v8.4s\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v8.2d, v29.2d, v8.2d\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v29.4s, v12.4s\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v29.2d, v12.2d\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v29.4s, v16.4s\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v29.2d, v16.2d\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v29.4s, v20.4s\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v29.2d, v20.2d\n\t"
+        "stp	q5, q6, [%x[r]]\n\t"
+        "stp	q7, q8, [%x[r], #32]\n\t"
+        "stp	q9, q10, [%x[r], #64]\n\t"
+        "stp	q11, q12, [%x[r], #96]\n\t"
+        "stp	q13, q14, [%x[r], #128]\n\t"
+        "stp	q15, q16, [%x[r], #160]\n\t"
+        "stp	q17, q18, [%x[r], #192]\n\t"
+        "stp	q19, q20, [%x[r], #224]\n\t"
+        "ldp	q5, q6, [x1]\n\t"
+        "ldp	q7, q8, [x1, #32]\n\t"
+        "ldp	q9, q10, [x1, #64]\n\t"
+        "ldp	q11, q12, [x1, #96]\n\t"
+        "ldp	q13, q14, [x1, #128]\n\t"
+        "ldp	q15, q16, [x1, #160]\n\t"
+        "ldp	q17, q18, [x1, #192]\n\t"
+        "ldp	q19, q20, [x1, #224]\n\t"
+        "ldr	q0, [x2, #48]\n\t"
+        "ldr	q1, [x3, #48]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #192]\n\t"
+        "ldr	q2, [x2, #208]\n\t"
+        "ldr	q1, [x3, #192]\n\t"
+        "ldr	q3, [x3, #208]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "trn2	v8.2d, v30.2d, v8.2d\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #224]\n\t"
+        "ldr	q2, [x2, #240]\n\t"
+        "ldr	q1, [x3, #224]\n\t"
+        "ldr	q3, [x3, #240]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "trn2	v12.2d, v30.2d, v12.2d\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #256]\n\t"
+        "ldr	q2, [x2, #272]\n\t"
+        "ldr	q1, [x3, #256]\n\t"
+        "ldr	q3, [x3, #272]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "trn2	v16.2d, v30.2d, v16.2d\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #288]\n\t"
+        "ldr	q2, [x2, #304]\n\t"
+        "ldr	q1, [x3, #288]\n\t"
+        "ldr	q3, [x3, #304]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "trn2	v20.2d, v30.2d, v20.2d\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #448]\n\t"
+        "ldr	q2, [x2, #464]\n\t"
+        "ldr	q1, [x3, #448]\n\t"
+        "ldr	q3, [x3, #464]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "trn2	v8.4s, v30.4s, v8.4s\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v29.8h\n\t"
+        "sub	v22.8h, v22.8h, v30.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #480]\n\t"
+        "ldr	q2, [x2, #496]\n\t"
+        "ldr	q1, [x3, #480]\n\t"
+        "ldr	q3, [x3, #496]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "trn2	v12.4s, v30.4s, v12.4s\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v29.8h\n\t"
+        "sub	v24.8h, v24.8h, v30.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #512]\n\t"
+        "ldr	q2, [x2, #528]\n\t"
+        "ldr	q1, [x3, #512]\n\t"
+        "ldr	q3, [x3, #528]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "trn2	v16.4s, v30.4s, v16.4s\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v25.8h, v25.8h, v29.8h\n\t"
+        "sub	v26.8h, v26.8h, v30.8h\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #544]\n\t"
+        "ldr	q2, [x2, #560]\n\t"
+        "ldr	q1, [x3, #544]\n\t"
+        "ldr	q3, [x3, #560]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "trn2	v20.4s, v30.4s, v20.4s\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmulh	v29.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmulh	v30.8h, v30.8h, v4.h[0]\n\t"
+        "sub	v27.8h, v27.8h, v29.8h\n\t"
+        "sub	v28.8h, v28.8h, v30.8h\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "sqdmulh	v21.8h, v5.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v6.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v5.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v6.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v7.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v8.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v7.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v8.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v9.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v10.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v9.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v10.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v11.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v12.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v11.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v12.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v13.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v14.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v13.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v14.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v15.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v16.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v15.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v16.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v17.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v18.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v17.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v18.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v19.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v20.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v19.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v20.8h, v22.8h, v4.h[0]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v8.4s, v29.4s, v8.4s\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v8.2d, v29.2d, v8.2d\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v29.4s, v12.4s\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v29.2d, v12.2d\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v29.4s, v16.4s\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v29.2d, v16.2d\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v29.4s, v20.4s\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v29.2d, v20.2d\n\t"
+        "stp	q5, q6, [x1]\n\t"
+        "stp	q7, q8, [x1, #32]\n\t"
+        "stp	q9, q10, [x1, #64]\n\t"
+        "stp	q11, q12, [x1, #96]\n\t"
+        "stp	q13, q14, [x1, #128]\n\t"
+        "stp	q15, q16, [x1, #160]\n\t"
+        "stp	q17, q18, [x1, #192]\n\t"
+        "stp	q19, q20, [x1, #224]\n\t"
+        : [r] "+r" (r)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv)
+        : "memory", "cc", "x1", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4",
+            "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14",
+            "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+            "v24", "v25", "v26", "v27", "v28", "v29", "v30"
+    );
+}
+
+static const word16 L_mlkem_aarch64_zetas_inv[] = {
+    0x06a5, 0x06a5, 0x070f, 0x070f, 0x05b4, 0x05b4, 0x0943, 0x0943,
+    0x0922, 0x0922, 0x091d, 0x091d, 0x0134, 0x0134, 0x006c, 0x006c,
+    0x0b23, 0x0b23, 0x0366, 0x0366, 0x0356, 0x0356, 0x05e6, 0x05e6,
+    0x09e7, 0x09e7, 0x04fe, 0x04fe, 0x05fa, 0x05fa, 0x04a1, 0x04a1,
+    0x067b, 0x067b, 0x04a3, 0x04a3, 0x0c25, 0x0c25, 0x036a, 0x036a,
+    0x0537, 0x0537, 0x083f, 0x083f, 0x0088, 0x0088, 0x04bf, 0x04bf,
+    0x0b81, 0x0b81, 0x05b9, 0x05b9, 0x0505, 0x0505, 0x07d7, 0x07d7,
+    0x0a9f, 0x0a9f, 0x0aa6, 0x0aa6, 0x08b8, 0x08b8, 0x09d0, 0x09d0,
+    0x004b, 0x004b, 0x009c, 0x009c, 0x0bb8, 0x0bb8, 0x0b5f, 0x0b5f,
+    0x0ba4, 0x0ba4, 0x0368, 0x0368, 0x0a7d, 0x0a7d, 0x0636, 0x0636,
+    0x08a2, 0x08a2, 0x025a, 0x025a, 0x0736, 0x0736, 0x0309, 0x0309,
+    0x0093, 0x0093, 0x087a, 0x087a, 0x09f7, 0x09f7, 0x00f6, 0x00f6,
+    0x068c, 0x068c, 0x06db, 0x06db, 0x01cc, 0x01cc, 0x0123, 0x0123,
+    0x00eb, 0x00eb, 0x0c50, 0x0c50, 0x0ab6, 0x0ab6, 0x0b5b, 0x0b5b,
+    0x0c98, 0x0c98, 0x06f3, 0x06f3, 0x099a, 0x099a, 0x04e3, 0x04e3,
+    0x09b6, 0x09b6, 0x0ad6, 0x0ad6, 0x0b53, 0x0b53, 0x044f, 0x044f,
+    0x04fb, 0x04fb, 0x04fb, 0x04fb, 0x0a5c, 0x0a5c, 0x0a5c, 0x0a5c,
+    0x0429, 0x0429, 0x0429, 0x0429, 0x0b41, 0x0b41, 0x0b41, 0x0b41,
+    0x02d5, 0x02d5, 0x02d5, 0x02d5, 0x05e4, 0x05e4, 0x05e4, 0x05e4,
+    0x0940, 0x0940, 0x0940, 0x0940, 0x018e, 0x018e, 0x018e, 0x018e,
+    0x03b7, 0x03b7, 0x03b7, 0x03b7, 0x00f7, 0x00f7, 0x00f7, 0x00f7,
+    0x058d, 0x058d, 0x058d, 0x058d, 0x0c96, 0x0c96, 0x0c96, 0x0c96,
+    0x09c3, 0x09c3, 0x09c3, 0x09c3, 0x010f, 0x010f, 0x010f, 0x010f,
+    0x005a, 0x005a, 0x005a, 0x005a, 0x0355, 0x0355, 0x0355, 0x0355,
+    0x0744, 0x0744, 0x0744, 0x0744, 0x0c83, 0x0c83, 0x0c83, 0x0c83,
+    0x048a, 0x048a, 0x048a, 0x048a, 0x0652, 0x0652, 0x0652, 0x0652,
+    0x029a, 0x029a, 0x029a, 0x029a, 0x0140, 0x0140, 0x0140, 0x0140,
+    0x0008, 0x0008, 0x0008, 0x0008, 0x0afd, 0x0afd, 0x0afd, 0x0afd,
+    0x0608, 0x0608, 0x0608, 0x0608, 0x011a, 0x011a, 0x011a, 0x011a,
+    0x072e, 0x072e, 0x072e, 0x072e, 0x050d, 0x050d, 0x050d, 0x050d,
+    0x090a, 0x090a, 0x090a, 0x090a, 0x0228, 0x0228, 0x0228, 0x0228,
+    0x0a75, 0x0a75, 0x0a75, 0x0a75, 0x083a, 0x083a, 0x083a, 0x083a,
+    0x0623, 0x00cd, 0x0b66, 0x0606, 0x0aa1, 0x0a25, 0x0908, 0x02a9,
+    0x0082, 0x0642, 0x074f, 0x033d, 0x0b82, 0x0bf9, 0x052d, 0x0ac4,
+    0x0745, 0x05c2, 0x04b2, 0x093f, 0x0c4b, 0x06d8, 0x0a93, 0x00ab,
+    0x0c37, 0x0be2, 0x0773, 0x072c, 0x05ed, 0x0167, 0x02f6, 0x05a1,
+};
+
+static const word16 L_mlkem_aarch64_zetas_inv_qinv[] = {
+    0xa5a5, 0xa5a5, 0x440f, 0x440f, 0xe1b4, 0xe1b4, 0xa243, 0xa243,
+    0x4f22, 0x4f22, 0x901d, 0x901d, 0x5d34, 0x5d34, 0x846c, 0x846c,
+    0x4423, 0x4423, 0xd566, 0xd566, 0xa556, 0xa556, 0x57e6, 0x57e6,
+    0x4ee7, 0x4ee7, 0x1efe, 0x1efe, 0x53fa, 0x53fa, 0xd7a1, 0xd7a1,
+    0xc77b, 0xc77b, 0xbda3, 0xbda3, 0x2b25, 0x2b25, 0xa16a, 0xa16a,
+    0x3a37, 0x3a37, 0xd53f, 0xd53f, 0x1888, 0x1888, 0x51bf, 0x51bf,
+    0x7e81, 0x7e81, 0xa0b9, 0xa0b9, 0xc405, 0xc405, 0x1cd7, 0x1cd7,
+    0xf79f, 0xf79f, 0x9ca6, 0x9ca6, 0xb0b8, 0xb0b8, 0x79d0, 0x79d0,
+    0x314b, 0x314b, 0x149c, 0x149c, 0xb3b8, 0xb3b8, 0x385f, 0x385f,
+    0xb7a4, 0xb7a4, 0xbb68, 0xbb68, 0xb17d, 0xb17d, 0x4836, 0x4836,
+    0xcea2, 0xcea2, 0x705a, 0x705a, 0x4936, 0x4936, 0x8e09, 0x8e09,
+    0x8993, 0x8993, 0xd67a, 0xd67a, 0x7ef7, 0x7ef7, 0x82f6, 0x82f6,
+    0xea8c, 0xea8c, 0xe7db, 0xe7db, 0xa5cc, 0xa5cc, 0x3a23, 0x3a23,
+    0x11eb, 0x11eb, 0xfc50, 0xfc50, 0xccb6, 0xccb6, 0x6c5b, 0x6c5b,
+    0x5498, 0x5498, 0xaff3, 0xaff3, 0x379a, 0x379a, 0x7de3, 0x7de3,
+    0xcbb6, 0xcbb6, 0x2cd6, 0x2cd6, 0xd453, 0xd453, 0x014f, 0x014f,
+    0x45fb, 0x45fb, 0x45fb, 0x45fb, 0x5e5c, 0x5e5c, 0x5e5c, 0x5e5c,
+    0xef29, 0xef29, 0xef29, 0xef29, 0xbe41, 0xbe41, 0xbe41, 0xbe41,
+    0x31d5, 0x31d5, 0x31d5, 0x31d5, 0x71e4, 0x71e4, 0x71e4, 0x71e4,
+    0xc940, 0xc940, 0xc940, 0xc940, 0xcb8e, 0xcb8e, 0xcb8e, 0xcb8e,
+    0xb8b7, 0xb8b7, 0xb8b7, 0xb8b7, 0x75f7, 0x75f7, 0x75f7, 0x75f7,
+    0xdc8d, 0xdc8d, 0xdc8d, 0xdc8d, 0x6e96, 0x6e96, 0x6e96, 0x6e96,
+    0x22c3, 0x22c3, 0x22c3, 0x22c3, 0x3e0f, 0x3e0f, 0x3e0f, 0x3e0f,
+    0x6e5a, 0x6e5a, 0x6e5a, 0x6e5a, 0xb255, 0xb255, 0xb255, 0xb255,
+    0x9344, 0x9344, 0x9344, 0x9344, 0x6583, 0x6583, 0x6583, 0x6583,
+    0x028a, 0x028a, 0x028a, 0x028a, 0xdc52, 0xdc52, 0xdc52, 0xdc52,
+    0x309a, 0x309a, 0x309a, 0x309a, 0xc140, 0xc140, 0xc140, 0xc140,
+    0x9808, 0x9808, 0x9808, 0x9808, 0x31fd, 0x31fd, 0x31fd, 0x31fd,
+    0x9e08, 0x9e08, 0x9e08, 0x9e08, 0xaf1a, 0xaf1a, 0xaf1a, 0xaf1a,
+    0xb12e, 0xb12e, 0xb12e, 0xb12e, 0x5c0d, 0x5c0d, 0x5c0d, 0x5c0d,
+    0x870a, 0x870a, 0x870a, 0x870a, 0xfa28, 0xfa28, 0xfa28, 0xfa28,
+    0x1975, 0x1975, 0x1975, 0x1975, 0x163a, 0x163a, 0x163a, 0x163a,
+    0x3f23, 0x97cd, 0xdd66, 0xb806, 0xdda1, 0x2925, 0xa108, 0x6da9,
+    0x6682, 0xac42, 0x044f, 0xea3d, 0x7182, 0x66f9, 0xbc2d, 0x16c4,
+    0x8645, 0x2bc2, 0xfab2, 0xd63f, 0x3d4b, 0x0ed8, 0x9393, 0x51ab,
+    0x4137, 0x91e2, 0x3073, 0xcb2c, 0xfced, 0xc667, 0x84f6, 0xd8a1,
+};
+
+void mlkem_invntt(sword16* r)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_mlkem_aarch64_zetas_inv]\n\t"
+        "add  x2, x2, :lo12:%[L_mlkem_aarch64_zetas_inv]\n\t"
+#else
+        "adrp x2, %[L_mlkem_aarch64_zetas_inv]@PAGE\n\t"
+        "add  x2, x2, %[L_mlkem_aarch64_zetas_inv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_mlkem_aarch64_zetas_inv_qinv]\n\t"
+        "add  x3, x3, :lo12:%[L_mlkem_aarch64_zetas_inv_qinv]\n\t"
+#else
+        "adrp x3, %[L_mlkem_aarch64_zetas_inv_qinv]@PAGE\n\t"
+        "add  x3, x3, %[L_mlkem_aarch64_zetas_inv_qinv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_mlkem_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_mlkem_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_mlkem_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_mlkem_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "add	x1, %x[r], #0x100\n\t"
+        "ldr	q8, [x4]\n\t"
+        "ldp	q9, q10, [%x[r]]\n\t"
+        "ldp	q11, q12, [%x[r], #32]\n\t"
+        "ldp	q13, q14, [%x[r], #64]\n\t"
+        "ldp	q15, q16, [%x[r], #96]\n\t"
+        "ldp	q17, q18, [%x[r], #128]\n\t"
+        "ldp	q19, q20, [%x[r], #160]\n\t"
+        "ldp	q21, q22, [%x[r], #192]\n\t"
+        "ldp	q23, q24, [%x[r], #224]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v25.2d, v12.2d\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v25.4s, v12.4s\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v25.2d, v16.2d\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v25.4s, v16.4s\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v25.2d, v20.2d\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v25.4s, v20.4s\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v24.2d, v25.2d, v24.2d\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v24.4s, v25.4s, v24.4s\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x2, #16]\n\t"
+        "ldr	q2, [x3]\n\t"
+        "ldr	q3, [x3, #16]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #32]\n\t"
+        "ldr	q1, [x2, #48]\n\t"
+        "ldr	q2, [x3, #32]\n\t"
+        "ldr	q3, [x3, #48]\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #64]\n\t"
+        "ldr	q1, [x2, #80]\n\t"
+        "ldr	q2, [x3, #64]\n\t"
+        "ldr	q3, [x3, #80]\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #96]\n\t"
+        "ldr	q1, [x2, #112]\n\t"
+        "ldr	q2, [x3, #96]\n\t"
+        "ldr	q3, [x3, #112]\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #256]\n\t"
+        "ldr	q1, [x2, #272]\n\t"
+        "ldr	q2, [x3, #256]\n\t"
+        "ldr	q3, [x3, #272]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "trn2	v12.4s, v26.4s, v12.4s\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #288]\n\t"
+        "ldr	q1, [x2, #304]\n\t"
+        "ldr	q2, [x3, #288]\n\t"
+        "ldr	q3, [x3, #304]\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "trn2	v16.4s, v26.4s, v16.4s\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #320]\n\t"
+        "ldr	q1, [x2, #336]\n\t"
+        "ldr	q2, [x3, #320]\n\t"
+        "ldr	q3, [x3, #336]\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "trn2	v20.4s, v26.4s, v20.4s\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #352]\n\t"
+        "ldr	q1, [x2, #368]\n\t"
+        "ldr	q2, [x3, #352]\n\t"
+        "ldr	q3, [x3, #368]\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "trn2	v24.4s, v26.4s, v24.4s\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #512]\n\t"
+        "ldr	q2, [x3, #512]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "trn2	v12.2d, v26.2d, v12.2d\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v0.h[1]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "trn2	v16.2d, v26.2d, v16.2d\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v0.h[3]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "trn2	v20.2d, v26.2d, v20.2d\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v0.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "trn2	v24.2d, v26.2d, v24.2d\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v0.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v11.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v11.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v13.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v15.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v13.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v15.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v19.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v19.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v21.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v23.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v21.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v23.8h, v26.8h, v8.h[0]\n\t"
+        "stp	q9, q10, [%x[r]]\n\t"
+        "stp	q11, q12, [%x[r], #32]\n\t"
+        "stp	q13, q14, [%x[r], #64]\n\t"
+        "stp	q15, q16, [%x[r], #96]\n\t"
+        "stp	q17, q18, [%x[r], #128]\n\t"
+        "stp	q19, q20, [%x[r], #160]\n\t"
+        "stp	q21, q22, [%x[r], #192]\n\t"
+        "stp	q23, q24, [%x[r], #224]\n\t"
+        "ldp	q9, q10, [x1]\n\t"
+        "ldp	q11, q12, [x1, #32]\n\t"
+        "ldp	q13, q14, [x1, #64]\n\t"
+        "ldp	q15, q16, [x1, #96]\n\t"
+        "ldp	q17, q18, [x1, #128]\n\t"
+        "ldp	q19, q20, [x1, #160]\n\t"
+        "ldp	q21, q22, [x1, #192]\n\t"
+        "ldp	q23, q24, [x1, #224]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v25.2d, v12.2d\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v25.4s, v12.4s\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v25.2d, v16.2d\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v25.4s, v16.4s\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v25.2d, v20.2d\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v25.4s, v20.4s\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v24.2d, v25.2d, v24.2d\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v24.4s, v25.4s, v24.4s\n\t"
+        "ldr	q0, [x2, #128]\n\t"
+        "ldr	q1, [x2, #144]\n\t"
+        "ldr	q2, [x3, #128]\n\t"
+        "ldr	q3, [x3, #144]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #160]\n\t"
+        "ldr	q1, [x2, #176]\n\t"
+        "ldr	q2, [x3, #160]\n\t"
+        "ldr	q3, [x3, #176]\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #192]\n\t"
+        "ldr	q1, [x2, #208]\n\t"
+        "ldr	q2, [x3, #192]\n\t"
+        "ldr	q3, [x3, #208]\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #224]\n\t"
+        "ldr	q1, [x2, #240]\n\t"
+        "ldr	q2, [x3, #224]\n\t"
+        "ldr	q3, [x3, #240]\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #384]\n\t"
+        "ldr	q1, [x2, #400]\n\t"
+        "ldr	q2, [x3, #384]\n\t"
+        "ldr	q3, [x3, #400]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "trn2	v12.4s, v26.4s, v12.4s\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #416]\n\t"
+        "ldr	q1, [x2, #432]\n\t"
+        "ldr	q2, [x3, #416]\n\t"
+        "ldr	q3, [x3, #432]\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "trn2	v16.4s, v26.4s, v16.4s\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #448]\n\t"
+        "ldr	q1, [x2, #464]\n\t"
+        "ldr	q2, [x3, #448]\n\t"
+        "ldr	q3, [x3, #464]\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "trn2	v20.4s, v26.4s, v20.4s\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #480]\n\t"
+        "ldr	q1, [x2, #496]\n\t"
+        "ldr	q2, [x3, #480]\n\t"
+        "ldr	q3, [x3, #496]\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "trn2	v24.4s, v26.4s, v24.4s\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #528]\n\t"
+        "ldr	q2, [x3, #528]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "trn2	v12.2d, v26.2d, v12.2d\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v0.h[1]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "trn2	v16.2d, v26.2d, v16.2d\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v0.h[3]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "trn2	v20.2d, v26.2d, v20.2d\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v0.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "trn2	v24.2d, v26.2d, v24.2d\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v0.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v11.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v11.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v13.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v15.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v13.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v15.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v19.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v19.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v21.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v23.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v21.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v23.8h, v26.8h, v8.h[0]\n\t"
+        "stp	q9, q10, [x1]\n\t"
+        "stp	q11, q12, [x1, #32]\n\t"
+        "stp	q13, q14, [x1, #64]\n\t"
+        "stp	q15, q16, [x1, #96]\n\t"
+        "stp	q17, q18, [x1, #128]\n\t"
+        "stp	q19, q20, [x1, #160]\n\t"
+        "stp	q21, q22, [x1, #192]\n\t"
+        "stp	q23, q24, [x1, #224]\n\t"
+        "ldr	q4, [x2, #544]\n\t"
+        "ldr	q5, [x2, #560]\n\t"
+        "ldr	q6, [x3, #544]\n\t"
+        "ldr	q7, [x3, #560]\n\t"
+        "ldr	q9, [%x[r]]\n\t"
+        "ldr	q10, [%x[r], #32]\n\t"
+        "ldr	q11, [%x[r], #64]\n\t"
+        "ldr	q12, [%x[r], #96]\n\t"
+        "ldr	q13, [%x[r], #128]\n\t"
+        "ldr	q14, [%x[r], #160]\n\t"
+        "ldr	q15, [%x[r], #192]\n\t"
+        "ldr	q16, [%x[r], #224]\n\t"
+        "ldr	q17, [x1]\n\t"
+        "ldr	q18, [x1, #32]\n\t"
+        "ldr	q19, [x1, #64]\n\t"
+        "ldr	q20, [x1, #96]\n\t"
+        "ldr	q21, [x1, #128]\n\t"
+        "ldr	q22, [x1, #160]\n\t"
+        "ldr	q23, [x1, #192]\n\t"
+        "ldr	q24, [x1, #224]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v4.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v4.h[1]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v4.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v4.h[3]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v4.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v4.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v4.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v4.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v11.8h\n\t"
+        "sub	v28.8h, v10.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v11.8h\n\t"
+        "add	v10.8h, v10.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[0]\n\t"
+        "sqrdmulh	v11.8h, v26.8h, v5.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v5.h[0]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v15.8h\n\t"
+        "sub	v28.8h, v14.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v15.8h\n\t"
+        "add	v14.8h, v14.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[1]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[1]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[1]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[1]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v19.8h\n\t"
+        "sub	v28.8h, v18.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v19.8h\n\t"
+        "add	v18.8h, v18.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[2]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[2]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[2]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v23.8h\n\t"
+        "sub	v28.8h, v22.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v23.8h\n\t"
+        "add	v22.8h, v22.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[3]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[3]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[3]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[3]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v13.8h\n\t"
+        "sub	v28.8h, v10.8h, v14.8h\n\t"
+        "add	v9.8h, v9.8h, v13.8h\n\t"
+        "add	v10.8h, v10.8h, v14.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v13.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v14.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v14.8h, v14.8h, v27.8h\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v15.8h\n\t"
+        "sub	v28.8h, v12.8h, v16.8h\n\t"
+        "add	v11.8h, v11.8h, v15.8h\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v21.8h\n\t"
+        "sub	v28.8h, v18.8h, v22.8h\n\t"
+        "add	v17.8h, v17.8h, v21.8h\n\t"
+        "add	v18.8h, v18.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v27.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v19.8h, v23.8h\n\t"
+        "sub	v28.8h, v20.8h, v24.8h\n\t"
+        "add	v19.8h, v19.8h, v23.8h\n\t"
+        "add	v20.8h, v20.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v10.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v11.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v12.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v11.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v18.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v19.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v20.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v19.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v26.8h, v9.8h, v17.8h\n\t"
+        "sub	v28.8h, v10.8h, v18.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v17.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v18.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v17.8h, v17.8h, v25.8h\n\t"
+        "sub	v18.8h, v18.8h, v27.8h\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v19.8h\n\t"
+        "sub	v28.8h, v12.8h, v20.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "add	v12.8h, v12.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v21.8h\n\t"
+        "sub	v28.8h, v14.8h, v22.8h\n\t"
+        "add	v13.8h, v13.8h, v21.8h\n\t"
+        "add	v14.8h, v14.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v27.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v15.8h, v23.8h\n\t"
+        "sub	v28.8h, v16.8h, v24.8h\n\t"
+        "add	v15.8h, v15.8h, v23.8h\n\t"
+        "add	v16.8h, v16.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v25.8h, v9.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v10.8h, v7.h[7]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v5.h[7]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v10.8h, v10.8h, v26.8h\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v25.8h, v11.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v12.8h, v7.h[7]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v5.h[7]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v26.8h\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v25.8h, v13.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v14.8h, v7.h[7]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v5.h[7]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v14.8h, v14.8h, v26.8h\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v25.8h, v15.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v16.8h, v7.h[7]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v5.h[7]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v26.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mul	v25.8h, v17.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v18.8h, v7.h[7]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v5.h[7]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v17.8h, v17.8h, v25.8h\n\t"
+        "sub	v18.8h, v18.8h, v26.8h\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "mul	v25.8h, v19.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v20.8h, v7.h[7]\n\t"
+        "sqrdmulh	v19.8h, v19.8h, v5.h[7]\n\t"
+        "sqrdmulh	v20.8h, v20.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v26.8h\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mul	v25.8h, v21.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v22.8h, v7.h[7]\n\t"
+        "sqrdmulh	v21.8h, v21.8h, v5.h[7]\n\t"
+        "sqrdmulh	v22.8h, v22.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v26.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v25.8h, v23.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v24.8h, v7.h[7]\n\t"
+        "sqrdmulh	v23.8h, v23.8h, v5.h[7]\n\t"
+        "sqrdmulh	v24.8h, v24.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v26.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "str	q9, [%x[r]]\n\t"
+        "str	q10, [%x[r], #32]\n\t"
+        "str	q11, [%x[r], #64]\n\t"
+        "str	q12, [%x[r], #96]\n\t"
+        "str	q13, [%x[r], #128]\n\t"
+        "str	q14, [%x[r], #160]\n\t"
+        "str	q15, [%x[r], #192]\n\t"
+        "str	q16, [%x[r], #224]\n\t"
+        "str	q17, [x1]\n\t"
+        "str	q18, [x1, #32]\n\t"
+        "str	q19, [x1, #64]\n\t"
+        "str	q20, [x1, #96]\n\t"
+        "str	q21, [x1, #128]\n\t"
+        "str	q22, [x1, #160]\n\t"
+        "str	q23, [x1, #192]\n\t"
+        "str	q24, [x1, #224]\n\t"
+        "ldr	q9, [%x[r], #16]\n\t"
+        "ldr	q10, [%x[r], #48]\n\t"
+        "ldr	q11, [%x[r], #80]\n\t"
+        "ldr	q12, [%x[r], #112]\n\t"
+        "ldr	q13, [%x[r], #144]\n\t"
+        "ldr	q14, [%x[r], #176]\n\t"
+        "ldr	q15, [%x[r], #208]\n\t"
+        "ldr	q16, [%x[r], #240]\n\t"
+        "ldr	q17, [x1, #16]\n\t"
+        "ldr	q18, [x1, #48]\n\t"
+        "ldr	q19, [x1, #80]\n\t"
+        "ldr	q20, [x1, #112]\n\t"
+        "ldr	q21, [x1, #144]\n\t"
+        "ldr	q22, [x1, #176]\n\t"
+        "ldr	q23, [x1, #208]\n\t"
+        "ldr	q24, [x1, #240]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v4.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v4.h[1]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v10.8h, v10.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v4.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v4.h[3]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v14.8h, v14.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v4.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v4.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v18.8h, v18.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v4.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v4.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v22.8h, v22.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v11.8h\n\t"
+        "sub	v28.8h, v10.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v11.8h\n\t"
+        "add	v10.8h, v10.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[0]\n\t"
+        "sqrdmulh	v11.8h, v26.8h, v5.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v5.h[0]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v27.8h\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v15.8h\n\t"
+        "sub	v28.8h, v14.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v15.8h\n\t"
+        "add	v14.8h, v14.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[1]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[1]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[1]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[1]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v19.8h\n\t"
+        "sub	v28.8h, v18.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v19.8h\n\t"
+        "add	v18.8h, v18.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[2]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[2]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[2]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v23.8h\n\t"
+        "sub	v28.8h, v22.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v23.8h\n\t"
+        "add	v22.8h, v22.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[3]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[3]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[3]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[3]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v13.8h\n\t"
+        "sub	v28.8h, v10.8h, v14.8h\n\t"
+        "add	v9.8h, v9.8h, v13.8h\n\t"
+        "add	v10.8h, v10.8h, v14.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v13.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v14.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v14.8h, v14.8h, v27.8h\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v15.8h\n\t"
+        "sub	v28.8h, v12.8h, v16.8h\n\t"
+        "add	v11.8h, v11.8h, v15.8h\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v27.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v21.8h\n\t"
+        "sub	v28.8h, v18.8h, v22.8h\n\t"
+        "add	v17.8h, v17.8h, v21.8h\n\t"
+        "add	v18.8h, v18.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v27.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v19.8h, v23.8h\n\t"
+        "sub	v28.8h, v20.8h, v24.8h\n\t"
+        "add	v19.8h, v19.8h, v23.8h\n\t"
+        "add	v20.8h, v20.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v10.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v11.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v12.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v11.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v18.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v19.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v20.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v19.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v26.8h, v9.8h, v17.8h\n\t"
+        "sub	v28.8h, v10.8h, v18.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v17.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v18.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v17.8h, v17.8h, v25.8h\n\t"
+        "sub	v18.8h, v18.8h, v27.8h\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v19.8h\n\t"
+        "sub	v28.8h, v12.8h, v20.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "add	v12.8h, v12.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v27.8h\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v21.8h\n\t"
+        "sub	v28.8h, v14.8h, v22.8h\n\t"
+        "add	v13.8h, v13.8h, v21.8h\n\t"
+        "add	v14.8h, v14.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v27.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v15.8h, v23.8h\n\t"
+        "sub	v28.8h, v16.8h, v24.8h\n\t"
+        "add	v15.8h, v15.8h, v23.8h\n\t"
+        "add	v16.8h, v16.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v27.8h, v27.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v27.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v25.8h, v9.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v10.8h, v7.h[7]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v5.h[7]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v10.8h, v10.8h, v26.8h\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v25.8h, v11.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v12.8h, v7.h[7]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v5.h[7]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v25.8h\n\t"
+        "sub	v12.8h, v12.8h, v26.8h\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v25.8h, v13.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v14.8h, v7.h[7]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v5.h[7]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v14.8h, v14.8h, v26.8h\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v25.8h, v15.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v16.8h, v7.h[7]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v5.h[7]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v25.8h\n\t"
+        "sub	v16.8h, v16.8h, v26.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mul	v25.8h, v17.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v18.8h, v7.h[7]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v5.h[7]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v17.8h, v17.8h, v25.8h\n\t"
+        "sub	v18.8h, v18.8h, v26.8h\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "mul	v25.8h, v19.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v20.8h, v7.h[7]\n\t"
+        "sqrdmulh	v19.8h, v19.8h, v5.h[7]\n\t"
+        "sqrdmulh	v20.8h, v20.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v19.8h, v19.8h, v25.8h\n\t"
+        "sub	v20.8h, v20.8h, v26.8h\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mul	v25.8h, v21.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v22.8h, v7.h[7]\n\t"
+        "sqrdmulh	v21.8h, v21.8h, v5.h[7]\n\t"
+        "sqrdmulh	v22.8h, v22.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v21.8h, v21.8h, v25.8h\n\t"
+        "sub	v22.8h, v22.8h, v26.8h\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v25.8h, v23.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v24.8h, v7.h[7]\n\t"
+        "sqrdmulh	v23.8h, v23.8h, v5.h[7]\n\t"
+        "sqrdmulh	v24.8h, v24.8h, v5.h[7]\n\t"
+        "sqrdmulh	v25.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmulh	v26.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v23.8h, v23.8h, v25.8h\n\t"
+        "sub	v24.8h, v24.8h, v26.8h\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "str	q9, [%x[r], #16]\n\t"
+        "str	q10, [%x[r], #48]\n\t"
+        "str	q11, [%x[r], #80]\n\t"
+        "str	q12, [%x[r], #112]\n\t"
+        "str	q13, [%x[r], #144]\n\t"
+        "str	q14, [%x[r], #176]\n\t"
+        "str	q15, [%x[r], #208]\n\t"
+        "str	q16, [%x[r], #240]\n\t"
+        "str	q17, [x1, #16]\n\t"
+        "str	q18, [x1, #48]\n\t"
+        "str	q19, [x1, #80]\n\t"
+        "str	q20, [x1, #112]\n\t"
+        "str	q21, [x1, #144]\n\t"
+        "str	q22, [x1, #176]\n\t"
+        "str	q23, [x1, #208]\n\t"
+        "str	q24, [x1, #240]\n\t"
+        : [r] "+r" (r)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv)
+        : "memory", "cc", "x1", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4",
+            "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14",
+            "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+            "v24", "v25", "v26", "v27", "v28"
+    );
+}
+
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+void mlkem_ntt_sqrdmlsh(sword16* r)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_mlkem_aarch64_zetas]\n\t"
+        "add  x2, x2, :lo12:%[L_mlkem_aarch64_zetas]\n\t"
+#else
+        "adrp x2, %[L_mlkem_aarch64_zetas]@PAGE\n\t"
+        "add  x2, x2, %[L_mlkem_aarch64_zetas]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_mlkem_aarch64_zetas_qinv]\n\t"
+        "add  x3, x3, :lo12:%[L_mlkem_aarch64_zetas_qinv]\n\t"
+#else
+        "adrp x3, %[L_mlkem_aarch64_zetas_qinv]@PAGE\n\t"
+        "add  x3, x3, %[L_mlkem_aarch64_zetas_qinv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_mlkem_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_mlkem_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_mlkem_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_mlkem_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "add	x1, %x[r], #0x100\n\t"
+        "ldr	q4, [x4]\n\t"
+        "ldr	q5, [%x[r]]\n\t"
+        "ldr	q6, [%x[r], #32]\n\t"
+        "ldr	q7, [%x[r], #64]\n\t"
+        "ldr	q8, [%x[r], #96]\n\t"
+        "ldr	q9, [%x[r], #128]\n\t"
+        "ldr	q10, [%x[r], #160]\n\t"
+        "ldr	q11, [%x[r], #192]\n\t"
+        "ldr	q12, [%x[r], #224]\n\t"
+        "ldr	q13, [x1]\n\t"
+        "ldr	q14, [x1, #32]\n\t"
+        "ldr	q15, [x1, #64]\n\t"
+        "ldr	q16, [x1, #96]\n\t"
+        "ldr	q17, [x1, #128]\n\t"
+        "ldr	q18, [x1, #160]\n\t"
+        "ldr	q19, [x1, #192]\n\t"
+        "ldr	q20, [x1, #224]\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "mul	v29.8h, v13.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v14.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v13.8h, v0.h[1]\n\t"
+        "sqrdmulh	v22.8h, v14.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[1]\n\t"
+        "sqrdmulh	v23.8h, v15.8h, v0.h[1]\n\t"
+        "sqrdmulh	v24.8h, v16.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[1]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[1]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[1]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[1]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v13.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v14.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v15.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v16.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v9.8h, v25.8h\n\t"
+        "add	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v18.8h, v10.8h, v26.8h\n\t"
+        "add	v10.8h, v10.8h, v26.8h\n\t"
+        "sub	v19.8h, v11.8h, v27.8h\n\t"
+        "add	v11.8h, v11.8h, v27.8h\n\t"
+        "sub	v20.8h, v12.8h, v28.8h\n\t"
+        "add	v12.8h, v12.8h, v28.8h\n\t"
+        "mul	v29.8h, v9.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v10.8h, v1.h[2]\n\t"
+        "sqrdmulh	v21.8h, v9.8h, v0.h[2]\n\t"
+        "sqrdmulh	v22.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[2]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[2]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[3]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[3]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[3]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[3]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v9.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v10.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v12.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v18.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v15.8h, v27.8h\n\t"
+        "add	v15.8h, v15.8h, v27.8h\n\t"
+        "sub	v20.8h, v16.8h, v28.8h\n\t"
+        "add	v16.8h, v16.8h, v28.8h\n\t"
+        "mul	v29.8h, v7.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[4]\n\t"
+        "sqrdmulh	v21.8h, v7.8h, v0.h[4]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[5]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[5]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[5]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[6]\n\t"
+        "sqrdmulh	v25.8h, v15.8h, v0.h[6]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[6]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[7]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[7]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v7.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v10.8h, v24.8h\n\t"
+        "add	v10.8h, v10.8h, v24.8h\n\t"
+        "sub	v15.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v18.8h, v28.8h\n\t"
+        "add	v18.8h, v18.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #16]\n\t"
+        "ldr	q1, [x3, #16]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "str	q5, [%x[r]]\n\t"
+        "str	q6, [%x[r], #32]\n\t"
+        "str	q7, [%x[r], #64]\n\t"
+        "str	q8, [%x[r], #96]\n\t"
+        "str	q9, [%x[r], #128]\n\t"
+        "str	q10, [%x[r], #160]\n\t"
+        "str	q11, [%x[r], #192]\n\t"
+        "str	q12, [%x[r], #224]\n\t"
+        "str	q13, [x1]\n\t"
+        "str	q14, [x1, #32]\n\t"
+        "str	q15, [x1, #64]\n\t"
+        "str	q16, [x1, #96]\n\t"
+        "str	q17, [x1, #128]\n\t"
+        "str	q18, [x1, #160]\n\t"
+        "str	q19, [x1, #192]\n\t"
+        "str	q20, [x1, #224]\n\t"
+        "ldr	q5, [%x[r], #16]\n\t"
+        "ldr	q6, [%x[r], #48]\n\t"
+        "ldr	q7, [%x[r], #80]\n\t"
+        "ldr	q8, [%x[r], #112]\n\t"
+        "ldr	q9, [%x[r], #144]\n\t"
+        "ldr	q10, [%x[r], #176]\n\t"
+        "ldr	q11, [%x[r], #208]\n\t"
+        "ldr	q12, [%x[r], #240]\n\t"
+        "ldr	q13, [x1, #16]\n\t"
+        "ldr	q14, [x1, #48]\n\t"
+        "ldr	q15, [x1, #80]\n\t"
+        "ldr	q16, [x1, #112]\n\t"
+        "ldr	q17, [x1, #144]\n\t"
+        "ldr	q18, [x1, #176]\n\t"
+        "ldr	q19, [x1, #208]\n\t"
+        "ldr	q20, [x1, #240]\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "mul	v29.8h, v13.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v14.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v13.8h, v0.h[1]\n\t"
+        "sqrdmulh	v22.8h, v14.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[1]\n\t"
+        "sqrdmulh	v23.8h, v15.8h, v0.h[1]\n\t"
+        "sqrdmulh	v24.8h, v16.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[1]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[1]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[1]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[1]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[1]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v13.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v14.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v15.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v16.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v9.8h, v25.8h\n\t"
+        "add	v9.8h, v9.8h, v25.8h\n\t"
+        "sub	v18.8h, v10.8h, v26.8h\n\t"
+        "add	v10.8h, v10.8h, v26.8h\n\t"
+        "sub	v19.8h, v11.8h, v27.8h\n\t"
+        "add	v11.8h, v11.8h, v27.8h\n\t"
+        "sub	v20.8h, v12.8h, v28.8h\n\t"
+        "add	v12.8h, v12.8h, v28.8h\n\t"
+        "mul	v29.8h, v9.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v10.8h, v1.h[2]\n\t"
+        "sqrdmulh	v21.8h, v9.8h, v0.h[2]\n\t"
+        "sqrdmulh	v22.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[2]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[2]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v17.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v18.8h, v1.h[3]\n\t"
+        "sqrdmulh	v25.8h, v17.8h, v0.h[3]\n\t"
+        "sqrdmulh	v26.8h, v18.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[3]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[3]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[3]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v9.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v10.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v7.8h, v23.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "sub	v12.8h, v8.8h, v24.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sub	v17.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v18.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v15.8h, v27.8h\n\t"
+        "add	v15.8h, v15.8h, v27.8h\n\t"
+        "sub	v20.8h, v16.8h, v28.8h\n\t"
+        "add	v16.8h, v16.8h, v28.8h\n\t"
+        "mul	v29.8h, v7.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[4]\n\t"
+        "sqrdmulh	v21.8h, v7.8h, v0.h[4]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v11.8h, v1.h[5]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[5]\n\t"
+        "sqrdmulh	v23.8h, v11.8h, v0.h[5]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v15.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[6]\n\t"
+        "sqrdmulh	v25.8h, v15.8h, v0.h[6]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[6]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v19.8h, v1.h[7]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v19.8h, v0.h[7]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v7.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v6.8h, v22.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "sub	v11.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v10.8h, v24.8h\n\t"
+        "add	v10.8h, v10.8h, v24.8h\n\t"
+        "sub	v15.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v14.8h, v26.8h\n\t"
+        "add	v14.8h, v14.8h, v26.8h\n\t"
+        "sub	v19.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v18.8h, v28.8h\n\t"
+        "add	v18.8h, v18.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #16]\n\t"
+        "ldr	q1, [x3, #16]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "str	q5, [%x[r], #16]\n\t"
+        "str	q6, [%x[r], #48]\n\t"
+        "str	q7, [%x[r], #80]\n\t"
+        "str	q8, [%x[r], #112]\n\t"
+        "str	q9, [%x[r], #144]\n\t"
+        "str	q10, [%x[r], #176]\n\t"
+        "str	q11, [%x[r], #208]\n\t"
+        "str	q12, [%x[r], #240]\n\t"
+        "str	q13, [x1, #16]\n\t"
+        "str	q14, [x1, #48]\n\t"
+        "str	q15, [x1, #80]\n\t"
+        "str	q16, [x1, #112]\n\t"
+        "str	q17, [x1, #144]\n\t"
+        "str	q18, [x1, #176]\n\t"
+        "str	q19, [x1, #208]\n\t"
+        "str	q20, [x1, #240]\n\t"
+        "ldp	q5, q6, [%x[r]]\n\t"
+        "ldp	q7, q8, [%x[r], #32]\n\t"
+        "ldp	q9, q10, [%x[r], #64]\n\t"
+        "ldp	q11, q12, [%x[r], #96]\n\t"
+        "ldp	q13, q14, [%x[r], #128]\n\t"
+        "ldp	q15, q16, [%x[r], #160]\n\t"
+        "ldp	q17, q18, [%x[r], #192]\n\t"
+        "ldp	q19, q20, [%x[r], #224]\n\t"
+        "ldr	q0, [x2, #32]\n\t"
+        "ldr	q1, [x3, #32]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #64]\n\t"
+        "ldr	q2, [x2, #80]\n\t"
+        "ldr	q1, [x3, #64]\n\t"
+        "ldr	q3, [x3, #80]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "trn2	v8.2d, v30.2d, v8.2d\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #96]\n\t"
+        "ldr	q2, [x2, #112]\n\t"
+        "ldr	q1, [x3, #96]\n\t"
+        "ldr	q3, [x3, #112]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "trn2	v12.2d, v30.2d, v12.2d\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #128]\n\t"
+        "ldr	q2, [x2, #144]\n\t"
+        "ldr	q1, [x3, #128]\n\t"
+        "ldr	q3, [x3, #144]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "trn2	v16.2d, v30.2d, v16.2d\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #160]\n\t"
+        "ldr	q2, [x2, #176]\n\t"
+        "ldr	q1, [x3, #160]\n\t"
+        "ldr	q3, [x3, #176]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "trn2	v20.2d, v30.2d, v20.2d\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #320]\n\t"
+        "ldr	q2, [x2, #336]\n\t"
+        "ldr	q1, [x3, #320]\n\t"
+        "ldr	q3, [x3, #336]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "trn2	v8.4s, v30.4s, v8.4s\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #352]\n\t"
+        "ldr	q2, [x2, #368]\n\t"
+        "ldr	q1, [x3, #352]\n\t"
+        "ldr	q3, [x3, #368]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "trn2	v12.4s, v30.4s, v12.4s\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #384]\n\t"
+        "ldr	q2, [x2, #400]\n\t"
+        "ldr	q1, [x3, #384]\n\t"
+        "ldr	q3, [x3, #400]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "trn2	v16.4s, v30.4s, v16.4s\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #416]\n\t"
+        "ldr	q2, [x2, #432]\n\t"
+        "ldr	q1, [x3, #416]\n\t"
+        "ldr	q3, [x3, #432]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "trn2	v20.4s, v30.4s, v20.4s\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "sqdmulh	v21.8h, v5.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v6.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v5.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v6.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v7.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v8.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v7.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v8.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v9.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v10.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v9.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v10.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v11.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v12.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v11.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v12.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v13.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v14.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v13.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v14.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v15.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v16.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v15.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v16.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v17.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v18.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v17.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v18.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v19.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v20.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v19.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v20.8h, v22.8h, v4.h[0]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v8.4s, v29.4s, v8.4s\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v8.2d, v29.2d, v8.2d\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v29.4s, v12.4s\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v29.2d, v12.2d\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v29.4s, v16.4s\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v29.2d, v16.2d\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v29.4s, v20.4s\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v29.2d, v20.2d\n\t"
+        "stp	q5, q6, [%x[r]]\n\t"
+        "stp	q7, q8, [%x[r], #32]\n\t"
+        "stp	q9, q10, [%x[r], #64]\n\t"
+        "stp	q11, q12, [%x[r], #96]\n\t"
+        "stp	q13, q14, [%x[r], #128]\n\t"
+        "stp	q15, q16, [%x[r], #160]\n\t"
+        "stp	q17, q18, [%x[r], #192]\n\t"
+        "stp	q19, q20, [%x[r], #224]\n\t"
+        "ldp	q5, q6, [x1]\n\t"
+        "ldp	q7, q8, [x1, #32]\n\t"
+        "ldp	q9, q10, [x1, #64]\n\t"
+        "ldp	q11, q12, [x1, #96]\n\t"
+        "ldp	q13, q14, [x1, #128]\n\t"
+        "ldp	q15, q16, [x1, #160]\n\t"
+        "ldp	q17, q18, [x1, #192]\n\t"
+        "ldp	q19, q20, [x1, #224]\n\t"
+        "ldr	q0, [x2, #48]\n\t"
+        "ldr	q1, [x3, #48]\n\t"
+        "mul	v29.8h, v6.8h, v1.h[0]\n\t"
+        "mul	v30.8h, v8.8h, v1.h[1]\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.h[0]\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v29.8h, v10.8h, v1.h[2]\n\t"
+        "mul	v30.8h, v12.8h, v1.h[3]\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.h[2]\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v29.8h, v14.8h, v1.h[4]\n\t"
+        "mul	v30.8h, v16.8h, v1.h[5]\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "mul	v29.8h, v18.8h, v1.h[6]\n\t"
+        "mul	v30.8h, v20.8h, v1.h[7]\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.h[6]\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #192]\n\t"
+        "ldr	q2, [x2, #208]\n\t"
+        "ldr	q1, [x3, #192]\n\t"
+        "ldr	q3, [x3, #208]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "trn2	v8.2d, v30.2d, v8.2d\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #224]\n\t"
+        "ldr	q2, [x2, #240]\n\t"
+        "ldr	q1, [x3, #224]\n\t"
+        "ldr	q3, [x3, #240]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "trn2	v12.2d, v30.2d, v12.2d\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #256]\n\t"
+        "ldr	q2, [x2, #272]\n\t"
+        "ldr	q1, [x3, #256]\n\t"
+        "ldr	q3, [x3, #272]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "trn2	v16.2d, v30.2d, v16.2d\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #288]\n\t"
+        "ldr	q2, [x2, #304]\n\t"
+        "ldr	q1, [x3, #288]\n\t"
+        "ldr	q3, [x3, #304]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "trn2	v20.2d, v30.2d, v20.2d\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "ldr	q0, [x2, #448]\n\t"
+        "ldr	q2, [x2, #464]\n\t"
+        "ldr	q1, [x3, #448]\n\t"
+        "ldr	q3, [x3, #464]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "mov	v30.16b, v7.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "trn2	v8.4s, v30.4s, v8.4s\n\t"
+        "mul	v29.8h, v6.8h, v1.8h\n\t"
+        "mul	v30.8h, v8.8h, v3.8h\n\t"
+        "sqrdmulh	v21.8h, v6.8h, v0.8h\n\t"
+        "sqrdmulh	v22.8h, v8.8h, v2.8h\n\t"
+        "sqrdmlsh	v21.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "ldr	q0, [x2, #480]\n\t"
+        "ldr	q2, [x2, #496]\n\t"
+        "ldr	q1, [x3, #480]\n\t"
+        "ldr	q3, [x3, #496]\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "mov	v30.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "trn2	v12.4s, v30.4s, v12.4s\n\t"
+        "mul	v29.8h, v10.8h, v1.8h\n\t"
+        "mul	v30.8h, v12.8h, v3.8h\n\t"
+        "sqrdmulh	v23.8h, v10.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v12.8h, v2.8h\n\t"
+        "sqrdmlsh	v23.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #512]\n\t"
+        "ldr	q2, [x2, #528]\n\t"
+        "ldr	q1, [x3, #512]\n\t"
+        "ldr	q3, [x3, #528]\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "mov	v30.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "trn2	v16.4s, v30.4s, v16.4s\n\t"
+        "mul	v29.8h, v14.8h, v1.8h\n\t"
+        "mul	v30.8h, v16.8h, v3.8h\n\t"
+        "sqrdmulh	v25.8h, v14.8h, v0.8h\n\t"
+        "sqrdmulh	v26.8h, v16.8h, v2.8h\n\t"
+        "sqrdmlsh	v25.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v26.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v25.8h, v25.8h, #1\n\t"
+        "sshr	v26.8h, v26.8h, #1\n\t"
+        "ldr	q0, [x2, #544]\n\t"
+        "ldr	q2, [x2, #560]\n\t"
+        "ldr	q1, [x3, #544]\n\t"
+        "ldr	q3, [x3, #560]\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "mov	v30.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "trn2	v20.4s, v30.4s, v20.4s\n\t"
+        "mul	v29.8h, v18.8h, v1.8h\n\t"
+        "mul	v30.8h, v20.8h, v3.8h\n\t"
+        "sqrdmulh	v27.8h, v18.8h, v0.8h\n\t"
+        "sqrdmulh	v28.8h, v20.8h, v2.8h\n\t"
+        "sqrdmlsh	v27.8h, v29.8h, v4.h[0]\n\t"
+        "sqrdmlsh	v28.8h, v30.8h, v4.h[0]\n\t"
+        "sshr	v27.8h, v27.8h, #1\n\t"
+        "sshr	v28.8h, v28.8h, #1\n\t"
+        "sub	v6.8h, v5.8h, v21.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "sub	v8.8h, v7.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v22.8h\n\t"
+        "sub	v10.8h, v9.8h, v23.8h\n\t"
+        "add	v9.8h, v9.8h, v23.8h\n\t"
+        "sub	v12.8h, v11.8h, v24.8h\n\t"
+        "add	v11.8h, v11.8h, v24.8h\n\t"
+        "sub	v14.8h, v13.8h, v25.8h\n\t"
+        "add	v13.8h, v13.8h, v25.8h\n\t"
+        "sub	v16.8h, v15.8h, v26.8h\n\t"
+        "add	v15.8h, v15.8h, v26.8h\n\t"
+        "sub	v18.8h, v17.8h, v27.8h\n\t"
+        "add	v17.8h, v17.8h, v27.8h\n\t"
+        "sub	v20.8h, v19.8h, v28.8h\n\t"
+        "add	v19.8h, v19.8h, v28.8h\n\t"
+        "sqdmulh	v21.8h, v5.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v6.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v5.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v6.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v7.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v8.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v7.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v8.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v9.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v10.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v9.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v10.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v11.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v12.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v11.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v12.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v13.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v14.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v13.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v14.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v15.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v16.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v15.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v16.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v17.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v18.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v17.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v18.8h, v22.8h, v4.h[0]\n\t"
+        "sqdmulh	v21.8h, v19.8h, v4.h[2]\n\t"
+        "sqdmulh	v22.8h, v20.8h, v4.h[2]\n\t"
+        "sshr	v21.8h, v21.8h, #11\n\t"
+        "sshr	v22.8h, v22.8h, #11\n\t"
+        "mls	v19.8h, v21.8h, v4.h[0]\n\t"
+        "mls	v20.8h, v22.8h, v4.h[0]\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.4s, v5.4s, v6.4s\n\t"
+        "trn2	v6.4s, v29.4s, v6.4s\n\t"
+        "mov	v29.16b, v5.16b\n\t"
+        "trn1	v5.2d, v5.2d, v6.2d\n\t"
+        "trn2	v6.2d, v29.2d, v6.2d\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.4s, v7.4s, v8.4s\n\t"
+        "trn2	v8.4s, v29.4s, v8.4s\n\t"
+        "mov	v29.16b, v7.16b\n\t"
+        "trn1	v7.2d, v7.2d, v8.2d\n\t"
+        "trn2	v8.2d, v29.2d, v8.2d\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v29.4s, v10.4s\n\t"
+        "mov	v29.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v29.2d, v10.2d\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v29.4s, v12.4s\n\t"
+        "mov	v29.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v29.2d, v12.2d\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v29.4s, v14.4s\n\t"
+        "mov	v29.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v29.2d, v14.2d\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v29.4s, v16.4s\n\t"
+        "mov	v29.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v29.2d, v16.2d\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v29.4s, v18.4s\n\t"
+        "mov	v29.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v29.2d, v18.2d\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v29.4s, v20.4s\n\t"
+        "mov	v29.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v29.2d, v20.2d\n\t"
+        "stp	q5, q6, [x1]\n\t"
+        "stp	q7, q8, [x1, #32]\n\t"
+        "stp	q9, q10, [x1, #64]\n\t"
+        "stp	q11, q12, [x1, #96]\n\t"
+        "stp	q13, q14, [x1, #128]\n\t"
+        "stp	q15, q16, [x1, #160]\n\t"
+        "stp	q17, q18, [x1, #192]\n\t"
+        "stp	q19, q20, [x1, #224]\n\t"
+        : [r] "+r" (r)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv)
+        : "memory", "cc", "x1", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4",
+            "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14",
+            "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+            "v24", "v25", "v26", "v27", "v28", "v29", "v30"
+    );
+}
+
+void mlkem_invntt_sqrdmlsh(sword16* r)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_mlkem_aarch64_zetas_inv]\n\t"
+        "add  x2, x2, :lo12:%[L_mlkem_aarch64_zetas_inv]\n\t"
+#else
+        "adrp x2, %[L_mlkem_aarch64_zetas_inv]@PAGE\n\t"
+        "add  x2, x2, %[L_mlkem_aarch64_zetas_inv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_mlkem_aarch64_zetas_inv_qinv]\n\t"
+        "add  x3, x3, :lo12:%[L_mlkem_aarch64_zetas_inv_qinv]\n\t"
+#else
+        "adrp x3, %[L_mlkem_aarch64_zetas_inv_qinv]@PAGE\n\t"
+        "add  x3, x3, %[L_mlkem_aarch64_zetas_inv_qinv]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_mlkem_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_mlkem_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_mlkem_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_mlkem_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "add	x1, %x[r], #0x100\n\t"
+        "ldr	q8, [x4]\n\t"
+        "ldp	q9, q10, [%x[r]]\n\t"
+        "ldp	q11, q12, [%x[r], #32]\n\t"
+        "ldp	q13, q14, [%x[r], #64]\n\t"
+        "ldp	q15, q16, [%x[r], #96]\n\t"
+        "ldp	q17, q18, [%x[r], #128]\n\t"
+        "ldp	q19, q20, [%x[r], #160]\n\t"
+        "ldp	q21, q22, [%x[r], #192]\n\t"
+        "ldp	q23, q24, [%x[r], #224]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v25.2d, v12.2d\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v25.4s, v12.4s\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v25.2d, v16.2d\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v25.4s, v16.4s\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v25.2d, v20.2d\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v25.4s, v20.4s\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v24.2d, v25.2d, v24.2d\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v24.4s, v25.4s, v24.4s\n\t"
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x2, #16]\n\t"
+        "ldr	q2, [x3]\n\t"
+        "ldr	q3, [x3, #16]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #32]\n\t"
+        "ldr	q1, [x2, #48]\n\t"
+        "ldr	q2, [x3, #32]\n\t"
+        "ldr	q3, [x3, #48]\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #64]\n\t"
+        "ldr	q1, [x2, #80]\n\t"
+        "ldr	q2, [x3, #64]\n\t"
+        "ldr	q3, [x3, #80]\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #96]\n\t"
+        "ldr	q1, [x2, #112]\n\t"
+        "ldr	q2, [x3, #96]\n\t"
+        "ldr	q3, [x3, #112]\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #256]\n\t"
+        "ldr	q1, [x2, #272]\n\t"
+        "ldr	q2, [x3, #256]\n\t"
+        "ldr	q3, [x3, #272]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "trn2	v12.4s, v26.4s, v12.4s\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #288]\n\t"
+        "ldr	q1, [x2, #304]\n\t"
+        "ldr	q2, [x3, #288]\n\t"
+        "ldr	q3, [x3, #304]\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "trn2	v16.4s, v26.4s, v16.4s\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #320]\n\t"
+        "ldr	q1, [x2, #336]\n\t"
+        "ldr	q2, [x3, #320]\n\t"
+        "ldr	q3, [x3, #336]\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "trn2	v20.4s, v26.4s, v20.4s\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #352]\n\t"
+        "ldr	q1, [x2, #368]\n\t"
+        "ldr	q2, [x3, #352]\n\t"
+        "ldr	q3, [x3, #368]\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "trn2	v24.4s, v26.4s, v24.4s\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #512]\n\t"
+        "ldr	q2, [x3, #512]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "trn2	v12.2d, v26.2d, v12.2d\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "trn2	v16.2d, v26.2d, v16.2d\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "trn2	v20.2d, v26.2d, v20.2d\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "trn2	v24.2d, v26.2d, v24.2d\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v11.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v11.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v13.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v15.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v13.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v15.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v19.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v19.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v21.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v23.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v21.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v23.8h, v26.8h, v8.h[0]\n\t"
+        "stp	q9, q10, [%x[r]]\n\t"
+        "stp	q11, q12, [%x[r], #32]\n\t"
+        "stp	q13, q14, [%x[r], #64]\n\t"
+        "stp	q15, q16, [%x[r], #96]\n\t"
+        "stp	q17, q18, [%x[r], #128]\n\t"
+        "stp	q19, q20, [%x[r], #160]\n\t"
+        "stp	q21, q22, [%x[r], #192]\n\t"
+        "stp	q23, q24, [%x[r], #224]\n\t"
+        "ldp	q9, q10, [x1]\n\t"
+        "ldp	q11, q12, [x1, #32]\n\t"
+        "ldp	q13, q14, [x1, #64]\n\t"
+        "ldp	q15, q16, [x1, #96]\n\t"
+        "ldp	q17, q18, [x1, #128]\n\t"
+        "ldp	q19, q20, [x1, #160]\n\t"
+        "ldp	q21, q22, [x1, #192]\n\t"
+        "ldp	q23, q24, [x1, #224]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v12.2d, v25.2d, v12.2d\n\t"
+        "mov	v25.16b, v11.16b\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v12.4s, v25.4s, v12.4s\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v16.2d, v25.2d, v16.2d\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v16.4s, v25.4s, v16.4s\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v20.2d, v25.2d, v20.2d\n\t"
+        "mov	v25.16b, v19.16b\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v20.4s, v25.4s, v20.4s\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v24.2d, v25.2d, v24.2d\n\t"
+        "mov	v25.16b, v23.16b\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v24.4s, v25.4s, v24.4s\n\t"
+        "ldr	q0, [x2, #128]\n\t"
+        "ldr	q1, [x2, #144]\n\t"
+        "ldr	q2, [x3, #128]\n\t"
+        "ldr	q3, [x3, #144]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #160]\n\t"
+        "ldr	q1, [x2, #176]\n\t"
+        "ldr	q2, [x3, #160]\n\t"
+        "ldr	q3, [x3, #176]\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #192]\n\t"
+        "ldr	q1, [x2, #208]\n\t"
+        "ldr	q2, [x3, #192]\n\t"
+        "ldr	q3, [x3, #208]\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #224]\n\t"
+        "ldr	q1, [x2, #240]\n\t"
+        "ldr	q2, [x3, #224]\n\t"
+        "ldr	q3, [x3, #240]\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #384]\n\t"
+        "ldr	q1, [x2, #400]\n\t"
+        "ldr	q2, [x3, #384]\n\t"
+        "ldr	q3, [x3, #400]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.4s, v9.4s, v10.4s\n\t"
+        "trn1	v11.4s, v11.4s, v12.4s\n\t"
+        "trn2	v10.4s, v25.4s, v10.4s\n\t"
+        "trn2	v12.4s, v26.4s, v12.4s\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "ldr	q0, [x2, #416]\n\t"
+        "ldr	q1, [x2, #432]\n\t"
+        "ldr	q2, [x3, #416]\n\t"
+        "ldr	q3, [x3, #432]\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.4s, v13.4s, v14.4s\n\t"
+        "trn1	v15.4s, v15.4s, v16.4s\n\t"
+        "trn2	v14.4s, v25.4s, v14.4s\n\t"
+        "trn2	v16.4s, v26.4s, v16.4s\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "ldr	q0, [x2, #448]\n\t"
+        "ldr	q1, [x2, #464]\n\t"
+        "ldr	q2, [x3, #448]\n\t"
+        "ldr	q3, [x3, #464]\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.4s, v17.4s, v18.4s\n\t"
+        "trn1	v19.4s, v19.4s, v20.4s\n\t"
+        "trn2	v18.4s, v25.4s, v18.4s\n\t"
+        "trn2	v20.4s, v26.4s, v20.4s\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "ldr	q0, [x2, #480]\n\t"
+        "ldr	q1, [x2, #496]\n\t"
+        "ldr	q2, [x3, #480]\n\t"
+        "ldr	q3, [x3, #496]\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.4s, v21.4s, v22.4s\n\t"
+        "trn1	v23.4s, v23.4s, v24.4s\n\t"
+        "trn2	v22.4s, v25.4s, v22.4s\n\t"
+        "trn2	v24.4s, v26.4s, v24.4s\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.8h\n\t"
+        "mul	v27.8h, v28.8h, v3.8h\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.8h\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v1.8h\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "ldr	q0, [x2, #528]\n\t"
+        "ldr	q2, [x3, #528]\n\t"
+        "mov	v25.16b, v9.16b\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "trn1	v9.2d, v9.2d, v10.2d\n\t"
+        "trn1	v11.2d, v11.2d, v12.2d\n\t"
+        "trn2	v10.2d, v25.2d, v10.2d\n\t"
+        "trn2	v12.2d, v26.2d, v12.2d\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v0.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v0.h[1]\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mov	v25.16b, v13.16b\n\t"
+        "mov	v26.16b, v15.16b\n\t"
+        "trn1	v13.2d, v13.2d, v14.2d\n\t"
+        "trn1	v15.2d, v15.2d, v16.2d\n\t"
+        "trn2	v14.2d, v25.2d, v14.2d\n\t"
+        "trn2	v16.2d, v26.2d, v16.2d\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v0.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mov	v25.16b, v17.16b\n\t"
+        "mov	v26.16b, v19.16b\n\t"
+        "trn1	v17.2d, v17.2d, v18.2d\n\t"
+        "trn1	v19.2d, v19.2d, v20.2d\n\t"
+        "trn2	v18.2d, v25.2d, v18.2d\n\t"
+        "trn2	v20.2d, v26.2d, v20.2d\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v0.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v0.h[5]\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mov	v25.16b, v21.16b\n\t"
+        "mov	v26.16b, v23.16b\n\t"
+        "trn1	v21.2d, v21.2d, v22.2d\n\t"
+        "trn1	v23.2d, v23.2d, v24.2d\n\t"
+        "trn2	v22.2d, v25.2d, v22.2d\n\t"
+        "trn2	v24.2d, v26.2d, v24.2d\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v2.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v2.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v0.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v0.h[7]\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v11.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v11.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v13.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v15.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v13.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v15.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v19.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v19.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v21.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v23.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v21.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v23.8h, v26.8h, v8.h[0]\n\t"
+        "stp	q9, q10, [x1]\n\t"
+        "stp	q11, q12, [x1, #32]\n\t"
+        "stp	q13, q14, [x1, #64]\n\t"
+        "stp	q15, q16, [x1, #96]\n\t"
+        "stp	q17, q18, [x1, #128]\n\t"
+        "stp	q19, q20, [x1, #160]\n\t"
+        "stp	q21, q22, [x1, #192]\n\t"
+        "stp	q23, q24, [x1, #224]\n\t"
+        "ldr	q4, [x2, #544]\n\t"
+        "ldr	q5, [x2, #560]\n\t"
+        "ldr	q6, [x3, #544]\n\t"
+        "ldr	q7, [x3, #560]\n\t"
+        "ldr	q9, [%x[r]]\n\t"
+        "ldr	q10, [%x[r], #32]\n\t"
+        "ldr	q11, [%x[r], #64]\n\t"
+        "ldr	q12, [%x[r], #96]\n\t"
+        "ldr	q13, [%x[r], #128]\n\t"
+        "ldr	q14, [%x[r], #160]\n\t"
+        "ldr	q15, [%x[r], #192]\n\t"
+        "ldr	q16, [%x[r], #224]\n\t"
+        "ldr	q17, [x1]\n\t"
+        "ldr	q18, [x1, #32]\n\t"
+        "ldr	q19, [x1, #64]\n\t"
+        "ldr	q20, [x1, #96]\n\t"
+        "ldr	q21, [x1, #128]\n\t"
+        "ldr	q22, [x1, #160]\n\t"
+        "ldr	q23, [x1, #192]\n\t"
+        "ldr	q24, [x1, #224]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v4.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v4.h[1]\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v4.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v4.h[3]\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v4.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v4.h[5]\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v4.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v4.h[7]\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v11.8h\n\t"
+        "sub	v28.8h, v10.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v11.8h\n\t"
+        "add	v10.8h, v10.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[0]\n\t"
+        "sqrdmulh	v11.8h, v26.8h, v5.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v5.h[0]\n\t"
+        "sqrdmlsh	v11.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v15.8h\n\t"
+        "sub	v28.8h, v14.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v15.8h\n\t"
+        "add	v14.8h, v14.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[1]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[1]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[1]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[1]\n\t"
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v19.8h\n\t"
+        "sub	v28.8h, v18.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v19.8h\n\t"
+        "add	v18.8h, v18.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[2]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[2]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[2]\n\t"
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v23.8h\n\t"
+        "sub	v28.8h, v22.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v23.8h\n\t"
+        "add	v22.8h, v22.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[3]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[3]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[3]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[3]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v13.8h\n\t"
+        "sub	v28.8h, v10.8h, v14.8h\n\t"
+        "add	v9.8h, v9.8h, v13.8h\n\t"
+        "add	v10.8h, v10.8h, v14.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v13.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v14.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmlsh	v13.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v15.8h\n\t"
+        "sub	v28.8h, v12.8h, v16.8h\n\t"
+        "add	v11.8h, v11.8h, v15.8h\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v21.8h\n\t"
+        "sub	v28.8h, v18.8h, v22.8h\n\t"
+        "add	v17.8h, v17.8h, v21.8h\n\t"
+        "add	v18.8h, v18.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v19.8h, v23.8h\n\t"
+        "sub	v28.8h, v20.8h, v24.8h\n\t"
+        "add	v19.8h, v19.8h, v23.8h\n\t"
+        "add	v20.8h, v20.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v10.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v11.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v12.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v11.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v18.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v19.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v20.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v19.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v26.8h, v9.8h, v17.8h\n\t"
+        "sub	v28.8h, v10.8h, v18.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v17.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v18.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v17.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v18.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v19.8h\n\t"
+        "sub	v28.8h, v12.8h, v20.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "add	v12.8h, v12.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v21.8h\n\t"
+        "sub	v28.8h, v14.8h, v22.8h\n\t"
+        "add	v13.8h, v13.8h, v21.8h\n\t"
+        "add	v14.8h, v14.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v15.8h, v23.8h\n\t"
+        "sub	v28.8h, v16.8h, v24.8h\n\t"
+        "add	v15.8h, v15.8h, v23.8h\n\t"
+        "add	v16.8h, v16.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v25.8h, v9.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v10.8h, v7.h[7]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v5.h[7]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v9.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v25.8h, v11.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v12.8h, v7.h[7]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v5.h[7]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v11.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v25.8h, v13.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v14.8h, v7.h[7]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v5.h[7]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v13.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v25.8h, v15.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v16.8h, v7.h[7]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v5.h[7]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mul	v25.8h, v17.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v18.8h, v7.h[7]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v5.h[7]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v17.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "mul	v25.8h, v19.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v20.8h, v7.h[7]\n\t"
+        "sqrdmulh	v19.8h, v19.8h, v5.h[7]\n\t"
+        "sqrdmulh	v20.8h, v20.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mul	v25.8h, v21.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v22.8h, v7.h[7]\n\t"
+        "sqrdmulh	v21.8h, v21.8h, v5.h[7]\n\t"
+        "sqrdmulh	v22.8h, v22.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v25.8h, v23.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v24.8h, v7.h[7]\n\t"
+        "sqrdmulh	v23.8h, v23.8h, v5.h[7]\n\t"
+        "sqrdmulh	v24.8h, v24.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "str	q9, [%x[r]]\n\t"
+        "str	q10, [%x[r], #32]\n\t"
+        "str	q11, [%x[r], #64]\n\t"
+        "str	q12, [%x[r], #96]\n\t"
+        "str	q13, [%x[r], #128]\n\t"
+        "str	q14, [%x[r], #160]\n\t"
+        "str	q15, [%x[r], #192]\n\t"
+        "str	q16, [%x[r], #224]\n\t"
+        "str	q17, [x1]\n\t"
+        "str	q18, [x1, #32]\n\t"
+        "str	q19, [x1, #64]\n\t"
+        "str	q20, [x1, #96]\n\t"
+        "str	q21, [x1, #128]\n\t"
+        "str	q22, [x1, #160]\n\t"
+        "str	q23, [x1, #192]\n\t"
+        "str	q24, [x1, #224]\n\t"
+        "ldr	q9, [%x[r], #16]\n\t"
+        "ldr	q10, [%x[r], #48]\n\t"
+        "ldr	q11, [%x[r], #80]\n\t"
+        "ldr	q12, [%x[r], #112]\n\t"
+        "ldr	q13, [%x[r], #144]\n\t"
+        "ldr	q14, [%x[r], #176]\n\t"
+        "ldr	q15, [%x[r], #208]\n\t"
+        "ldr	q16, [%x[r], #240]\n\t"
+        "ldr	q17, [x1, #16]\n\t"
+        "ldr	q18, [x1, #48]\n\t"
+        "ldr	q19, [x1, #80]\n\t"
+        "ldr	q20, [x1, #112]\n\t"
+        "ldr	q21, [x1, #144]\n\t"
+        "ldr	q22, [x1, #176]\n\t"
+        "ldr	q23, [x1, #208]\n\t"
+        "ldr	q24, [x1, #240]\n\t"
+        "sub	v26.8h, v9.8h, v10.8h\n\t"
+        "sub	v28.8h, v11.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v10.8h\n\t"
+        "add	v11.8h, v11.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[1]\n\t"
+        "sqrdmulh	v10.8h, v26.8h, v4.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v4.h[1]\n\t"
+        "sqrdmlsh	v10.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v14.8h\n\t"
+        "sub	v28.8h, v15.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v14.8h\n\t"
+        "add	v15.8h, v15.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[3]\n\t"
+        "sqrdmulh	v14.8h, v26.8h, v4.h[2]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v4.h[3]\n\t"
+        "sqrdmlsh	v14.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v18.8h\n\t"
+        "sub	v28.8h, v19.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v18.8h\n\t"
+        "add	v19.8h, v19.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[5]\n\t"
+        "sqrdmulh	v18.8h, v26.8h, v4.h[4]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v4.h[5]\n\t"
+        "sqrdmlsh	v18.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v22.8h\n\t"
+        "sub	v28.8h, v23.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v22.8h\n\t"
+        "add	v23.8h, v23.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v6.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v6.h[7]\n\t"
+        "sqrdmulh	v22.8h, v26.8h, v4.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v4.h[7]\n\t"
+        "sqrdmlsh	v22.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v11.8h\n\t"
+        "sub	v28.8h, v10.8h, v12.8h\n\t"
+        "add	v9.8h, v9.8h, v11.8h\n\t"
+        "add	v10.8h, v10.8h, v12.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[0]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[0]\n\t"
+        "sqrdmulh	v11.8h, v26.8h, v5.h[0]\n\t"
+        "sqrdmulh	v12.8h, v28.8h, v5.h[0]\n\t"
+        "sqrdmlsh	v11.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v15.8h\n\t"
+        "sub	v28.8h, v14.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v15.8h\n\t"
+        "add	v14.8h, v14.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[1]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[1]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[1]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[1]\n\t"
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v19.8h\n\t"
+        "sub	v28.8h, v18.8h, v20.8h\n\t"
+        "add	v17.8h, v17.8h, v19.8h\n\t"
+        "add	v18.8h, v18.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[2]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[2]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[2]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[2]\n\t"
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v21.8h, v23.8h\n\t"
+        "sub	v28.8h, v22.8h, v24.8h\n\t"
+        "add	v21.8h, v21.8h, v23.8h\n\t"
+        "add	v22.8h, v22.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[3]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[3]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[3]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[3]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sub	v26.8h, v9.8h, v13.8h\n\t"
+        "sub	v28.8h, v10.8h, v14.8h\n\t"
+        "add	v9.8h, v9.8h, v13.8h\n\t"
+        "add	v10.8h, v10.8h, v14.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v13.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v14.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmlsh	v13.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v15.8h\n\t"
+        "sub	v28.8h, v12.8h, v16.8h\n\t"
+        "add	v11.8h, v11.8h, v15.8h\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[4]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[4]\n\t"
+        "sqrdmulh	v15.8h, v26.8h, v5.h[4]\n\t"
+        "sqrdmulh	v16.8h, v28.8h, v5.h[4]\n\t"
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "sub	v26.8h, v17.8h, v21.8h\n\t"
+        "sub	v28.8h, v18.8h, v22.8h\n\t"
+        "add	v17.8h, v17.8h, v21.8h\n\t"
+        "add	v18.8h, v18.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v19.8h, v23.8h\n\t"
+        "sub	v28.8h, v20.8h, v24.8h\n\t"
+        "add	v19.8h, v19.8h, v23.8h\n\t"
+        "add	v20.8h, v20.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[5]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[5]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[5]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[5]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "sqdmulh	v25.8h, v9.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v10.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v9.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v11.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v12.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v11.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v17.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v18.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v17.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sqdmulh	v25.8h, v19.8h, v8.h[2]\n\t"
+        "sqdmulh	v26.8h, v20.8h, v8.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v19.8h, v25.8h, v8.h[0]\n\t"
+        "mls	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sub	v26.8h, v9.8h, v17.8h\n\t"
+        "sub	v28.8h, v10.8h, v18.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v17.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v18.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v17.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v18.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "sub	v26.8h, v11.8h, v19.8h\n\t"
+        "sub	v28.8h, v12.8h, v20.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "add	v12.8h, v12.8h, v20.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v19.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v20.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "sub	v26.8h, v13.8h, v21.8h\n\t"
+        "sub	v28.8h, v14.8h, v22.8h\n\t"
+        "add	v13.8h, v13.8h, v21.8h\n\t"
+        "add	v14.8h, v14.8h, v22.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v21.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v22.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "sub	v26.8h, v15.8h, v23.8h\n\t"
+        "sub	v28.8h, v16.8h, v24.8h\n\t"
+        "add	v15.8h, v15.8h, v23.8h\n\t"
+        "add	v16.8h, v16.8h, v24.8h\n\t"
+        "mul	v25.8h, v26.8h, v7.h[6]\n\t"
+        "mul	v27.8h, v28.8h, v7.h[6]\n\t"
+        "sqrdmulh	v23.8h, v26.8h, v5.h[6]\n\t"
+        "sqrdmulh	v24.8h, v28.8h, v5.h[6]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v27.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "mul	v25.8h, v9.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v10.8h, v7.h[7]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v5.h[7]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v9.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v10.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v25.8h, v11.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v12.8h, v7.h[7]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v5.h[7]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v11.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v25.8h, v13.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v14.8h, v7.h[7]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v5.h[7]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v13.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v25.8h, v15.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v16.8h, v7.h[7]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v5.h[7]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v15.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "mul	v25.8h, v17.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v18.8h, v7.h[7]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v5.h[7]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v17.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v18.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v17.8h, v17.8h, #1\n\t"
+        "sshr	v18.8h, v18.8h, #1\n\t"
+        "mul	v25.8h, v19.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v20.8h, v7.h[7]\n\t"
+        "sqrdmulh	v19.8h, v19.8h, v5.h[7]\n\t"
+        "sqrdmulh	v20.8h, v20.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v19.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v20.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v19.8h, v19.8h, #1\n\t"
+        "sshr	v20.8h, v20.8h, #1\n\t"
+        "mul	v25.8h, v21.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v22.8h, v7.h[7]\n\t"
+        "sqrdmulh	v21.8h, v21.8h, v5.h[7]\n\t"
+        "sqrdmulh	v22.8h, v22.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v21.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v22.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v21.8h, v21.8h, #1\n\t"
+        "sshr	v22.8h, v22.8h, #1\n\t"
+        "mul	v25.8h, v23.8h, v7.h[7]\n\t"
+        "mul	v26.8h, v24.8h, v7.h[7]\n\t"
+        "sqrdmulh	v23.8h, v23.8h, v5.h[7]\n\t"
+        "sqrdmulh	v24.8h, v24.8h, v5.h[7]\n\t"
+        "sqrdmlsh	v23.8h, v25.8h, v8.h[0]\n\t"
+        "sqrdmlsh	v24.8h, v26.8h, v8.h[0]\n\t"
+        "sshr	v23.8h, v23.8h, #1\n\t"
+        "sshr	v24.8h, v24.8h, #1\n\t"
+        "str	q9, [%x[r], #16]\n\t"
+        "str	q10, [%x[r], #48]\n\t"
+        "str	q11, [%x[r], #80]\n\t"
+        "str	q12, [%x[r], #112]\n\t"
+        "str	q13, [%x[r], #144]\n\t"
+        "str	q14, [%x[r], #176]\n\t"
+        "str	q15, [%x[r], #208]\n\t"
+        "str	q16, [%x[r], #240]\n\t"
+        "str	q17, [x1, #16]\n\t"
+        "str	q18, [x1, #48]\n\t"
+        "str	q19, [x1, #80]\n\t"
+        "str	q20, [x1, #112]\n\t"
+        "str	q21, [x1, #144]\n\t"
+        "str	q22, [x1, #176]\n\t"
+        "str	q23, [x1, #208]\n\t"
+        "str	q24, [x1, #240]\n\t"
+        : [r] "+r" (r)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv)
+        : "memory", "cc", "x1", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4",
+            "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14",
+            "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+            "v24", "v25", "v26", "v27", "v28"
+    );
+}
+
+#endif /* WOLFSSL_AARCH64_NO_SQRDMLSH */
+static const word16 L_mlkem_aarch64_zetas_mul[] = {
+    0x08b2, 0xf74e, 0x01ae, 0xfe52, 0x022b, 0xfdd5, 0x034b, 0xfcb5,
+    0x081e, 0xf7e2, 0x0367, 0xfc99, 0x060e, 0xf9f2, 0x0069, 0xff97,
+    0x01a6, 0xfe5a, 0x024b, 0xfdb5, 0x00b1, 0xff4f, 0x0c16, 0xf3ea,
+    0x0bde, 0xf422, 0x0b35, 0xf4cb, 0x0626, 0xf9da, 0x0675, 0xf98b,
+    0x0c0b, 0xf3f5, 0x030a, 0xfcf6, 0x0487, 0xfb79, 0x0c6e, 0xf392,
+    0x09f8, 0xf608, 0x05cb, 0xfa35, 0x0aa7, 0xf559, 0x045f, 0xfba1,
+    0x06cb, 0xf935, 0x0284, 0xfd7c, 0x0999, 0xf667, 0x015d, 0xfea3,
+    0x01a2, 0xfe5e, 0x0149, 0xfeb7, 0x0c65, 0xf39b, 0x0cb6, 0xf34a,
+    0x0331, 0xfccf, 0x0449, 0xfbb7, 0x025b, 0xfda5, 0x0262, 0xfd9e,
+    0x052a, 0xfad6, 0x07fc, 0xf804, 0x0748, 0xf8b8, 0x0180, 0xfe80,
+    0x0842, 0xf7be, 0x0c79, 0xf387, 0x04c2, 0xfb3e, 0x07ca, 0xf836,
+    0x0997, 0xf669, 0x00dc, 0xff24, 0x085e, 0xf7a2, 0x0686, 0xf97a,
+    0x0860, 0xf7a0, 0x0707, 0xf8f9, 0x0803, 0xf7fd, 0x031a, 0xfce6,
+    0x071b, 0xf8e5, 0x09ab, 0xf655, 0x099b, 0xf665, 0x01de, 0xfe22,
+    0x0c95, 0xf36b, 0x0bcd, 0xf433, 0x03e4, 0xfc1c, 0x03df, 0xfc21,
+    0x03be, 0xfc42, 0x074d, 0xf8b3, 0x05f2, 0xfa0e, 0x065c, 0xf9a4,
+};
+
+void mlkem_basemul_mont(sword16* r, const sword16* a, const sword16* b)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x3, %[L_mlkem_aarch64_zetas_mul]\n\t"
+        "add  x3, x3, :lo12:%[L_mlkem_aarch64_zetas_mul]\n\t"
+#else
+        "adrp x3, %[L_mlkem_aarch64_zetas_mul]@PAGE\n\t"
+        "add  x3, x3, %[L_mlkem_aarch64_zetas_mul]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_mlkem_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_mlkem_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_mlkem_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_mlkem_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q1, [x4]\n\t"
+        "ldp	q2, q3, [%x[a]]\n\t"
+        "ldp	q4, q5, [%x[a], #32]\n\t"
+        "ldp	q6, q7, [%x[a], #64]\n\t"
+        "ldp	q8, q9, [%x[a], #96]\n\t"
+        "ldp	q10, q11, [%x[b]]\n\t"
+        "ldp	q12, q13, [%x[b], #32]\n\t"
+        "ldp	q14, q15, [%x[b], #64]\n\t"
+        "ldp	q16, q17, [%x[b], #96]\n\t"
+        "ldr	q0, [x3]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r]]\n\t"
+        "ldr	q0, [x3, #16]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #32]\n\t"
+        "ldr	q0, [x3, #32]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #64]\n\t"
+        "ldr	q0, [x3, #48]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #96]\n\t"
+        "ldp	q2, q3, [%x[a], #128]\n\t"
+        "ldp	q4, q5, [%x[a], #160]\n\t"
+        "ldp	q6, q7, [%x[a], #192]\n\t"
+        "ldp	q8, q9, [%x[a], #224]\n\t"
+        "ldp	q10, q11, [%x[b], #128]\n\t"
+        "ldp	q12, q13, [%x[b], #160]\n\t"
+        "ldp	q14, q15, [%x[b], #192]\n\t"
+        "ldp	q16, q17, [%x[b], #224]\n\t"
+        "ldr	q0, [x3, #64]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #128]\n\t"
+        "ldr	q0, [x3, #80]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #160]\n\t"
+        "ldr	q0, [x3, #96]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #192]\n\t"
+        "ldr	q0, [x3, #112]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #224]\n\t"
+        "ldp	q2, q3, [%x[a], #256]\n\t"
+        "ldp	q4, q5, [%x[a], #288]\n\t"
+        "ldp	q6, q7, [%x[a], #320]\n\t"
+        "ldp	q8, q9, [%x[a], #352]\n\t"
+        "ldp	q10, q11, [%x[b], #256]\n\t"
+        "ldp	q12, q13, [%x[b], #288]\n\t"
+        "ldp	q14, q15, [%x[b], #320]\n\t"
+        "ldp	q16, q17, [%x[b], #352]\n\t"
+        "ldr	q0, [x3, #128]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #256]\n\t"
+        "ldr	q0, [x3, #144]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #288]\n\t"
+        "ldr	q0, [x3, #160]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #320]\n\t"
+        "ldr	q0, [x3, #176]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #352]\n\t"
+        "ldp	q2, q3, [%x[a], #384]\n\t"
+        "ldp	q4, q5, [%x[a], #416]\n\t"
+        "ldp	q6, q7, [%x[a], #448]\n\t"
+        "ldp	q8, q9, [%x[a], #480]\n\t"
+        "ldp	q10, q11, [%x[b], #384]\n\t"
+        "ldp	q12, q13, [%x[b], #416]\n\t"
+        "ldp	q14, q15, [%x[b], #448]\n\t"
+        "ldp	q16, q17, [%x[b], #480]\n\t"
+        "ldr	q0, [x3, #192]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #384]\n\t"
+        "ldr	q0, [x3, #208]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #416]\n\t"
+        "ldr	q0, [x3, #224]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #448]\n\t"
+        "ldr	q0, [x3, #240]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "stp	q24, q25, [%x[r], #480]\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul)
+        : "memory", "cc", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6",
+            "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16",
+            "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25",
+            "v26", "v27"
+    );
+}
+
+void mlkem_basemul_mont_add(sword16* r, const sword16* a, const sword16* b)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x3, %[L_mlkem_aarch64_zetas_mul]\n\t"
+        "add  x3, x3, :lo12:%[L_mlkem_aarch64_zetas_mul]\n\t"
+#else
+        "adrp x3, %[L_mlkem_aarch64_zetas_mul]@PAGE\n\t"
+        "add  x3, x3, %[L_mlkem_aarch64_zetas_mul]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_mlkem_aarch64_consts]\n\t"
+        "add  x4, x4, :lo12:%[L_mlkem_aarch64_consts]\n\t"
+#else
+        "adrp x4, %[L_mlkem_aarch64_consts]@PAGE\n\t"
+        "add  x4, x4, %[L_mlkem_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q1, [x4]\n\t"
+        "ldp	q2, q3, [%x[a]]\n\t"
+        "ldp	q4, q5, [%x[a], #32]\n\t"
+        "ldp	q6, q7, [%x[a], #64]\n\t"
+        "ldp	q8, q9, [%x[a], #96]\n\t"
+        "ldp	q10, q11, [%x[b]]\n\t"
+        "ldp	q12, q13, [%x[b], #32]\n\t"
+        "ldp	q14, q15, [%x[b], #64]\n\t"
+        "ldp	q16, q17, [%x[b], #96]\n\t"
+        "ldp	q28, q29, [%x[r]]\n\t"
+        "ldr	q0, [x3]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r]]\n\t"
+        "ldp	q28, q29, [%x[r], #32]\n\t"
+        "ldr	q0, [x3, #16]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #32]\n\t"
+        "ldp	q28, q29, [%x[r], #64]\n\t"
+        "ldr	q0, [x3, #32]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #64]\n\t"
+        "ldp	q28, q29, [%x[r], #96]\n\t"
+        "ldr	q0, [x3, #48]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #96]\n\t"
+        "ldp	q2, q3, [%x[a], #128]\n\t"
+        "ldp	q4, q5, [%x[a], #160]\n\t"
+        "ldp	q6, q7, [%x[a], #192]\n\t"
+        "ldp	q8, q9, [%x[a], #224]\n\t"
+        "ldp	q10, q11, [%x[b], #128]\n\t"
+        "ldp	q12, q13, [%x[b], #160]\n\t"
+        "ldp	q14, q15, [%x[b], #192]\n\t"
+        "ldp	q16, q17, [%x[b], #224]\n\t"
+        "ldp	q28, q29, [%x[r], #128]\n\t"
+        "ldr	q0, [x3, #64]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #128]\n\t"
+        "ldp	q28, q29, [%x[r], #160]\n\t"
+        "ldr	q0, [x3, #80]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #160]\n\t"
+        "ldp	q28, q29, [%x[r], #192]\n\t"
+        "ldr	q0, [x3, #96]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #192]\n\t"
+        "ldp	q28, q29, [%x[r], #224]\n\t"
+        "ldr	q0, [x3, #112]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #224]\n\t"
+        "ldp	q2, q3, [%x[a], #256]\n\t"
+        "ldp	q4, q5, [%x[a], #288]\n\t"
+        "ldp	q6, q7, [%x[a], #320]\n\t"
+        "ldp	q8, q9, [%x[a], #352]\n\t"
+        "ldp	q10, q11, [%x[b], #256]\n\t"
+        "ldp	q12, q13, [%x[b], #288]\n\t"
+        "ldp	q14, q15, [%x[b], #320]\n\t"
+        "ldp	q16, q17, [%x[b], #352]\n\t"
+        "ldp	q28, q29, [%x[r], #256]\n\t"
+        "ldr	q0, [x3, #128]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #256]\n\t"
+        "ldp	q28, q29, [%x[r], #288]\n\t"
+        "ldr	q0, [x3, #144]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #288]\n\t"
+        "ldp	q28, q29, [%x[r], #320]\n\t"
+        "ldr	q0, [x3, #160]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #320]\n\t"
+        "ldp	q28, q29, [%x[r], #352]\n\t"
+        "ldr	q0, [x3, #176]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #352]\n\t"
+        "ldp	q2, q3, [%x[a], #384]\n\t"
+        "ldp	q4, q5, [%x[a], #416]\n\t"
+        "ldp	q6, q7, [%x[a], #448]\n\t"
+        "ldp	q8, q9, [%x[a], #480]\n\t"
+        "ldp	q10, q11, [%x[b], #384]\n\t"
+        "ldp	q12, q13, [%x[b], #416]\n\t"
+        "ldp	q14, q15, [%x[b], #448]\n\t"
+        "ldp	q16, q17, [%x[b], #480]\n\t"
+        "ldp	q28, q29, [%x[r], #384]\n\t"
+        "ldr	q0, [x3, #192]\n\t"
+        "uzp1	v18.8h, v2.8h, v3.8h\n\t"
+        "uzp2	v19.8h, v2.8h, v3.8h\n\t"
+        "uzp1	v20.8h, v10.8h, v11.8h\n\t"
+        "uzp2	v21.8h, v10.8h, v11.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #384]\n\t"
+        "ldp	q28, q29, [%x[r], #416]\n\t"
+        "ldr	q0, [x3, #208]\n\t"
+        "uzp1	v18.8h, v4.8h, v5.8h\n\t"
+        "uzp2	v19.8h, v4.8h, v5.8h\n\t"
+        "uzp1	v20.8h, v12.8h, v13.8h\n\t"
+        "uzp2	v21.8h, v12.8h, v13.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #416]\n\t"
+        "ldp	q28, q29, [%x[r], #448]\n\t"
+        "ldr	q0, [x3, #224]\n\t"
+        "uzp1	v18.8h, v6.8h, v7.8h\n\t"
+        "uzp2	v19.8h, v6.8h, v7.8h\n\t"
+        "uzp1	v20.8h, v14.8h, v15.8h\n\t"
+        "uzp2	v21.8h, v14.8h, v15.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #448]\n\t"
+        "ldp	q28, q29, [%x[r], #480]\n\t"
+        "ldr	q0, [x3, #240]\n\t"
+        "uzp1	v18.8h, v8.8h, v9.8h\n\t"
+        "uzp2	v19.8h, v8.8h, v9.8h\n\t"
+        "uzp1	v20.8h, v16.8h, v17.8h\n\t"
+        "uzp2	v21.8h, v16.8h, v17.8h\n\t"
+        "smull	v26.4s, v18.4h, v20.4h\n\t"
+        "smull2	v27.4s, v18.8h, v20.8h\n\t"
+        "smull	v23.4s, v19.4h, v21.4h\n\t"
+        "smull2	v24.4s, v19.8h, v21.8h\n\t"
+        "xtn	v25.4h, v23.4s\n\t"
+        "xtn2	v25.8h, v24.4s\n\t"
+        "mul	v25.8h, v25.8h, v1.h[1]\n\t"
+        "smlsl	v23.4s, v25.4h, v1.h[0]\n\t"
+        "smlsl2	v24.4s, v25.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v23.4s, #16\n\t"
+        "shrn2	v22.8h, v24.4s, #16\n\t"
+        "smlal	v26.4s, v22.4h, v0.4h\n\t"
+        "smlal2	v27.4s, v22.8h, v0.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v22.4h, v26.4s, #16\n\t"
+        "shrn2	v22.8h, v27.4s, #16\n\t"
+        "smull	v26.4s, v18.4h, v21.4h\n\t"
+        "smull2	v27.4s, v18.8h, v21.8h\n\t"
+        "smlal	v26.4s, v19.4h, v20.4h\n\t"
+        "smlal2	v27.4s, v19.8h, v20.8h\n\t"
+        "xtn	v24.4h, v26.4s\n\t"
+        "xtn2	v24.8h, v27.4s\n\t"
+        "mul	v24.8h, v24.8h, v1.h[1]\n\t"
+        "smlsl	v26.4s, v24.4h, v1.h[0]\n\t"
+        "smlsl2	v27.4s, v24.8h, v1.h[0]\n\t"
+        "shrn	v23.4h, v26.4s, #16\n\t"
+        "shrn2	v23.8h, v27.4s, #16\n\t"
+        "zip1	v24.8h, v22.8h, v23.8h\n\t"
+        "zip2	v25.8h, v22.8h, v23.8h\n\t"
+        "add	v28.8h, v28.8h, v24.8h\n\t"
+        "add	v29.8h, v29.8h, v25.8h\n\t"
+        "stp	q28, q29, [%x[r], #480]\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul)
+        : "memory", "cc", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6",
+            "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16",
+            "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25",
+            "v26", "v27", "v28", "v29"
+    );
+}
+
+void mlkem_csubq_neon(sword16* p)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x1, %[L_mlkem_aarch64_q]\n\t"
+        "add  x1, x1, :lo12:%[L_mlkem_aarch64_q]\n\t"
+#else
+        "adrp x1, %[L_mlkem_aarch64_q]@PAGE\n\t"
+        "add  x1, x1, %[L_mlkem_aarch64_q]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q20, [x1]\n\t"
+        "ld4	{v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "sub	v0.8h, v0.8h, v20.8h\n\t"
+        "sub	v1.8h, v1.8h, v20.8h\n\t"
+        "sub	v2.8h, v2.8h, v20.8h\n\t"
+        "sub	v3.8h, v3.8h, v20.8h\n\t"
+        "sub	v4.8h, v4.8h, v20.8h\n\t"
+        "sub	v5.8h, v5.8h, v20.8h\n\t"
+        "sub	v6.8h, v6.8h, v20.8h\n\t"
+        "sub	v7.8h, v7.8h, v20.8h\n\t"
+        "sub	v8.8h, v8.8h, v20.8h\n\t"
+        "sub	v9.8h, v9.8h, v20.8h\n\t"
+        "sub	v10.8h, v10.8h, v20.8h\n\t"
+        "sub	v11.8h, v11.8h, v20.8h\n\t"
+        "sub	v12.8h, v12.8h, v20.8h\n\t"
+        "sub	v13.8h, v13.8h, v20.8h\n\t"
+        "sub	v14.8h, v14.8h, v20.8h\n\t"
+        "sub	v15.8h, v15.8h, v20.8h\n\t"
+        "sshr	v16.8h, v0.8h, #15\n\t"
+        "sshr	v17.8h, v1.8h, #15\n\t"
+        "sshr	v18.8h, v2.8h, #15\n\t"
+        "sshr	v19.8h, v3.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v0.8h, v0.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "sshr	v16.8h, v4.8h, #15\n\t"
+        "sshr	v17.8h, v5.8h, #15\n\t"
+        "sshr	v18.8h, v6.8h, #15\n\t"
+        "sshr	v19.8h, v7.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v4.8h, v4.8h, v16.8h\n\t"
+        "add	v5.8h, v5.8h, v17.8h\n\t"
+        "add	v6.8h, v6.8h, v18.8h\n\t"
+        "add	v7.8h, v7.8h, v19.8h\n\t"
+        "sshr	v16.8h, v8.8h, #15\n\t"
+        "sshr	v17.8h, v9.8h, #15\n\t"
+        "sshr	v18.8h, v10.8h, #15\n\t"
+        "sshr	v19.8h, v11.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "sshr	v16.8h, v12.8h, #15\n\t"
+        "sshr	v17.8h, v13.8h, #15\n\t"
+        "sshr	v18.8h, v14.8h, #15\n\t"
+        "sshr	v19.8h, v15.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v17.8h\n\t"
+        "add	v14.8h, v14.8h, v18.8h\n\t"
+        "add	v15.8h, v15.8h, v19.8h\n\t"
+        "st4	{v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "sub	v0.8h, v0.8h, v20.8h\n\t"
+        "sub	v1.8h, v1.8h, v20.8h\n\t"
+        "sub	v2.8h, v2.8h, v20.8h\n\t"
+        "sub	v3.8h, v3.8h, v20.8h\n\t"
+        "sub	v4.8h, v4.8h, v20.8h\n\t"
+        "sub	v5.8h, v5.8h, v20.8h\n\t"
+        "sub	v6.8h, v6.8h, v20.8h\n\t"
+        "sub	v7.8h, v7.8h, v20.8h\n\t"
+        "sub	v8.8h, v8.8h, v20.8h\n\t"
+        "sub	v9.8h, v9.8h, v20.8h\n\t"
+        "sub	v10.8h, v10.8h, v20.8h\n\t"
+        "sub	v11.8h, v11.8h, v20.8h\n\t"
+        "sub	v12.8h, v12.8h, v20.8h\n\t"
+        "sub	v13.8h, v13.8h, v20.8h\n\t"
+        "sub	v14.8h, v14.8h, v20.8h\n\t"
+        "sub	v15.8h, v15.8h, v20.8h\n\t"
+        "sshr	v16.8h, v0.8h, #15\n\t"
+        "sshr	v17.8h, v1.8h, #15\n\t"
+        "sshr	v18.8h, v2.8h, #15\n\t"
+        "sshr	v19.8h, v3.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v0.8h, v0.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "sshr	v16.8h, v4.8h, #15\n\t"
+        "sshr	v17.8h, v5.8h, #15\n\t"
+        "sshr	v18.8h, v6.8h, #15\n\t"
+        "sshr	v19.8h, v7.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v4.8h, v4.8h, v16.8h\n\t"
+        "add	v5.8h, v5.8h, v17.8h\n\t"
+        "add	v6.8h, v6.8h, v18.8h\n\t"
+        "add	v7.8h, v7.8h, v19.8h\n\t"
+        "sshr	v16.8h, v8.8h, #15\n\t"
+        "sshr	v17.8h, v9.8h, #15\n\t"
+        "sshr	v18.8h, v10.8h, #15\n\t"
+        "sshr	v19.8h, v11.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v9.8h, v9.8h, v17.8h\n\t"
+        "add	v10.8h, v10.8h, v18.8h\n\t"
+        "add	v11.8h, v11.8h, v19.8h\n\t"
+        "sshr	v16.8h, v12.8h, #15\n\t"
+        "sshr	v17.8h, v13.8h, #15\n\t"
+        "sshr	v18.8h, v14.8h, #15\n\t"
+        "sshr	v19.8h, v15.8h, #15\n\t"
+        "and	v16.16b, v16.16b, v20.16b\n\t"
+        "and	v17.16b, v17.16b, v20.16b\n\t"
+        "and	v18.16b, v18.16b, v20.16b\n\t"
+        "and	v19.16b, v19.16b, v20.16b\n\t"
+        "add	v12.8h, v12.8h, v16.8h\n\t"
+        "add	v13.8h, v13.8h, v17.8h\n\t"
+        "add	v14.8h, v14.8h, v18.8h\n\t"
+        "add	v15.8h, v15.8h, v19.8h\n\t"
+        "st4	{v0.8h, v1.8h, v2.8h, v3.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v8.8h, v9.8h, v10.8h, v11.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v12.8h, v13.8h, v14.8h, v15.8h}, [%x[p]], #0x40\n\t"
+        : [p] "+r" (p)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul)
+        : "memory", "cc", "x1", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+            "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17",
+            "v18", "v19", "v20"
+    );
+}
+
+void mlkem_add_reduce(sword16* r, const sword16* a)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_mlkem_aarch64_consts]\n\t"
+        "add  x2, x2, :lo12:%[L_mlkem_aarch64_consts]\n\t"
+#else
+        "adrp x2, %[L_mlkem_aarch64_consts]@PAGE\n\t"
+        "add  x2, x2, %[L_mlkem_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x2]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        : [r] "+r" (r), [a] "+r" (a)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul)
+        : "memory", "cc", "x2", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+            "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17",
+            "v18"
+    );
+}
+
+void mlkem_add3_reduce(sword16* r, const sword16* a, const sword16* b)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x3, %[L_mlkem_aarch64_consts]\n\t"
+        "add  x3, x3, :lo12:%[L_mlkem_aarch64_consts]\n\t"
+#else
+        "adrp x3, %[L_mlkem_aarch64_consts]@PAGE\n\t"
+        "add  x3, x3, %[L_mlkem_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x3]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t"
+        "ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "add	v4.8h, v4.8h, v20.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sqdmulh	v25.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v1.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v3.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v5.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v7.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v26.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t"
+        "ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "add	v4.8h, v4.8h, v20.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sqdmulh	v25.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v1.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v3.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v5.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v7.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v26.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t"
+        "ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "add	v4.8h, v4.8h, v20.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sqdmulh	v25.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v1.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v3.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v5.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v7.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v26.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v17.8h, v18.8h, v19.8h, v20.8h}, [%x[b]], #0x40\n\t"
+        "ld4	{v21.8h, v22.8h, v23.8h, v24.8h}, [%x[b]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "add	v1.8h, v1.8h, v9.8h\n\t"
+        "add	v2.8h, v2.8h, v10.8h\n\t"
+        "add	v3.8h, v3.8h, v11.8h\n\t"
+        "add	v4.8h, v4.8h, v12.8h\n\t"
+        "add	v5.8h, v5.8h, v13.8h\n\t"
+        "add	v6.8h, v6.8h, v14.8h\n\t"
+        "add	v7.8h, v7.8h, v15.8h\n\t"
+        "add	v8.8h, v8.8h, v16.8h\n\t"
+        "add	v1.8h, v1.8h, v17.8h\n\t"
+        "add	v2.8h, v2.8h, v18.8h\n\t"
+        "add	v3.8h, v3.8h, v19.8h\n\t"
+        "add	v4.8h, v4.8h, v20.8h\n\t"
+        "add	v5.8h, v5.8h, v21.8h\n\t"
+        "add	v6.8h, v6.8h, v22.8h\n\t"
+        "add	v7.8h, v7.8h, v23.8h\n\t"
+        "add	v8.8h, v8.8h, v24.8h\n\t"
+        "sqdmulh	v25.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v1.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v3.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v5.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v26.8h, v0.h[0]\n\t"
+        "sqdmulh	v25.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v26.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v25.8h, v25.8h, #11\n\t"
+        "sshr	v26.8h, v26.8h, #11\n\t"
+        "mls	v7.8h, v25.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v26.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul)
+        : "memory", "cc", "x3", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+            "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17",
+            "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26"
+    );
+}
+
+void mlkem_rsub_reduce(sword16* r, const sword16* a)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_mlkem_aarch64_consts]\n\t"
+        "add  x2, x2, :lo12:%[L_mlkem_aarch64_consts]\n\t"
+#else
+        "adrp x2, %[L_mlkem_aarch64_consts]@PAGE\n\t"
+        "add  x2, x2, %[L_mlkem_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x2]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "sub	v1.8h, v9.8h, v1.8h\n\t"
+        "sub	v2.8h, v10.8h, v2.8h\n\t"
+        "sub	v3.8h, v11.8h, v3.8h\n\t"
+        "sub	v4.8h, v12.8h, v4.8h\n\t"
+        "sub	v5.8h, v13.8h, v5.8h\n\t"
+        "sub	v6.8h, v14.8h, v6.8h\n\t"
+        "sub	v7.8h, v15.8h, v7.8h\n\t"
+        "sub	v8.8h, v16.8h, v8.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "sub	v1.8h, v9.8h, v1.8h\n\t"
+        "sub	v2.8h, v10.8h, v2.8h\n\t"
+        "sub	v3.8h, v11.8h, v3.8h\n\t"
+        "sub	v4.8h, v12.8h, v4.8h\n\t"
+        "sub	v5.8h, v13.8h, v5.8h\n\t"
+        "sub	v6.8h, v14.8h, v6.8h\n\t"
+        "sub	v7.8h, v15.8h, v7.8h\n\t"
+        "sub	v8.8h, v16.8h, v8.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "sub	v1.8h, v9.8h, v1.8h\n\t"
+        "sub	v2.8h, v10.8h, v2.8h\n\t"
+        "sub	v3.8h, v11.8h, v3.8h\n\t"
+        "sub	v4.8h, v12.8h, v4.8h\n\t"
+        "sub	v5.8h, v13.8h, v5.8h\n\t"
+        "sub	v6.8h, v14.8h, v6.8h\n\t"
+        "sub	v7.8h, v15.8h, v7.8h\n\t"
+        "sub	v8.8h, v16.8h, v8.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[a]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[a]], #0x40\n\t"
+        "sub	%x[r], %x[r], #0x80\n\t"
+        "sub	v1.8h, v9.8h, v1.8h\n\t"
+        "sub	v2.8h, v10.8h, v2.8h\n\t"
+        "sub	v3.8h, v11.8h, v3.8h\n\t"
+        "sub	v4.8h, v12.8h, v4.8h\n\t"
+        "sub	v5.8h, v13.8h, v5.8h\n\t"
+        "sub	v6.8h, v14.8h, v6.8h\n\t"
+        "sub	v7.8h, v15.8h, v7.8h\n\t"
+        "sub	v8.8h, v16.8h, v8.8h\n\t"
+        "sqdmulh	v17.8h, v1.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v2.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v1.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v3.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v4.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v3.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v5.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v6.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v5.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sqdmulh	v17.8h, v7.8h, v0.h[2]\n\t"
+        "sqdmulh	v18.8h, v8.8h, v0.h[2]\n\t"
+        "sshr	v17.8h, v17.8h, #11\n\t"
+        "sshr	v18.8h, v18.8h, #11\n\t"
+        "mls	v7.8h, v17.8h, v0.h[0]\n\t"
+        "mls	v8.8h, v18.8h, v0.h[0]\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[r]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[r]], #0x40\n\t"
+        : [r] "+r" (r), [a] "+r" (a)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul)
+        : "memory", "cc", "x2", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+            "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17",
+            "v18"
+    );
+}
+
+void mlkem_to_mont(sword16* p)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x1, %[L_mlkem_aarch64_consts]\n\t"
+        "add  x1, x1, :lo12:%[L_mlkem_aarch64_consts]\n\t"
+#else
+        "adrp x1, %[L_mlkem_aarch64_consts]@PAGE\n\t"
+        "add  x1, x1, %[L_mlkem_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x1]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "mul	v17.8h, v1.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v2.8h, v0.h[4]\n\t"
+        "sqrdmulh	v1.8h, v1.8h, v0.h[3]\n\t"
+        "sqrdmulh	v2.8h, v2.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v1.8h, v1.8h, v17.8h\n\t"
+        "sub	v2.8h, v2.8h, v18.8h\n\t"
+        "sshr	v1.8h, v1.8h, #1\n\t"
+        "sshr	v2.8h, v2.8h, #1\n\t"
+        "mul	v17.8h, v3.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v4.8h, v0.h[4]\n\t"
+        "sqrdmulh	v3.8h, v3.8h, v0.h[3]\n\t"
+        "sqrdmulh	v4.8h, v4.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v3.8h, v3.8h, v17.8h\n\t"
+        "sub	v4.8h, v4.8h, v18.8h\n\t"
+        "sshr	v3.8h, v3.8h, #1\n\t"
+        "sshr	v4.8h, v4.8h, #1\n\t"
+        "mul	v17.8h, v5.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v6.8h, v0.h[4]\n\t"
+        "sqrdmulh	v5.8h, v5.8h, v0.h[3]\n\t"
+        "sqrdmulh	v6.8h, v6.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v5.8h, v5.8h, v17.8h\n\t"
+        "sub	v6.8h, v6.8h, v18.8h\n\t"
+        "sshr	v5.8h, v5.8h, #1\n\t"
+        "sshr	v6.8h, v6.8h, #1\n\t"
+        "mul	v17.8h, v7.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v7.8h, v7.8h, v0.h[3]\n\t"
+        "sqrdmulh	v8.8h, v8.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v7.8h, v7.8h, v17.8h\n\t"
+        "sub	v8.8h, v8.8h, v18.8h\n\t"
+        "sshr	v7.8h, v7.8h, #1\n\t"
+        "sshr	v8.8h, v8.8h, #1\n\t"
+        "mul	v17.8h, v9.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v10.8h, v0.h[4]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v0.h[3]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v9.8h, v9.8h, v17.8h\n\t"
+        "sub	v10.8h, v10.8h, v18.8h\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v17.8h, v11.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v12.8h, v0.h[4]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v0.h[3]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v17.8h\n\t"
+        "sub	v12.8h, v12.8h, v18.8h\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v17.8h, v13.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v0.h[3]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v17.8h\n\t"
+        "sub	v14.8h, v14.8h, v18.8h\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v17.8h, v15.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v16.8h, v0.h[4]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v0.h[3]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v17.8h\n\t"
+        "sub	v16.8h, v16.8h, v18.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "mul	v17.8h, v1.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v2.8h, v0.h[4]\n\t"
+        "sqrdmulh	v1.8h, v1.8h, v0.h[3]\n\t"
+        "sqrdmulh	v2.8h, v2.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v1.8h, v1.8h, v17.8h\n\t"
+        "sub	v2.8h, v2.8h, v18.8h\n\t"
+        "sshr	v1.8h, v1.8h, #1\n\t"
+        "sshr	v2.8h, v2.8h, #1\n\t"
+        "mul	v17.8h, v3.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v4.8h, v0.h[4]\n\t"
+        "sqrdmulh	v3.8h, v3.8h, v0.h[3]\n\t"
+        "sqrdmulh	v4.8h, v4.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v3.8h, v3.8h, v17.8h\n\t"
+        "sub	v4.8h, v4.8h, v18.8h\n\t"
+        "sshr	v3.8h, v3.8h, #1\n\t"
+        "sshr	v4.8h, v4.8h, #1\n\t"
+        "mul	v17.8h, v5.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v6.8h, v0.h[4]\n\t"
+        "sqrdmulh	v5.8h, v5.8h, v0.h[3]\n\t"
+        "sqrdmulh	v6.8h, v6.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v5.8h, v5.8h, v17.8h\n\t"
+        "sub	v6.8h, v6.8h, v18.8h\n\t"
+        "sshr	v5.8h, v5.8h, #1\n\t"
+        "sshr	v6.8h, v6.8h, #1\n\t"
+        "mul	v17.8h, v7.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v7.8h, v7.8h, v0.h[3]\n\t"
+        "sqrdmulh	v8.8h, v8.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v7.8h, v7.8h, v17.8h\n\t"
+        "sub	v8.8h, v8.8h, v18.8h\n\t"
+        "sshr	v7.8h, v7.8h, #1\n\t"
+        "sshr	v8.8h, v8.8h, #1\n\t"
+        "mul	v17.8h, v9.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v10.8h, v0.h[4]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v0.h[3]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v9.8h, v9.8h, v17.8h\n\t"
+        "sub	v10.8h, v10.8h, v18.8h\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v17.8h, v11.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v12.8h, v0.h[4]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v0.h[3]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v11.8h, v11.8h, v17.8h\n\t"
+        "sub	v12.8h, v12.8h, v18.8h\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v17.8h, v13.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v0.h[3]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v13.8h, v13.8h, v17.8h\n\t"
+        "sub	v14.8h, v14.8h, v18.8h\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v17.8h, v15.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v16.8h, v0.h[4]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v0.h[3]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v0.h[3]\n\t"
+        "sqrdmulh	v17.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmulh	v18.8h, v18.8h, v0.h[0]\n\t"
+        "sub	v15.8h, v15.8h, v17.8h\n\t"
+        "sub	v16.8h, v16.8h, v18.8h\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        : [p] "+r" (p)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul)
+        : "memory", "cc", "x1", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+            "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17",
+            "v18"
+    );
+}
+
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+void mlkem_to_mont_sqrdmlsh(sword16* p)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x1, %[L_mlkem_aarch64_consts]\n\t"
+        "add  x1, x1, :lo12:%[L_mlkem_aarch64_consts]\n\t"
+#else
+        "adrp x1, %[L_mlkem_aarch64_consts]@PAGE\n\t"
+        "add  x1, x1, %[L_mlkem_aarch64_consts]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x1]\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "mul	v17.8h, v1.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v2.8h, v0.h[4]\n\t"
+        "sqrdmulh	v1.8h, v1.8h, v0.h[3]\n\t"
+        "sqrdmulh	v2.8h, v2.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v1.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v1.8h, v1.8h, #1\n\t"
+        "sshr	v2.8h, v2.8h, #1\n\t"
+        "mul	v17.8h, v3.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v4.8h, v0.h[4]\n\t"
+        "sqrdmulh	v3.8h, v3.8h, v0.h[3]\n\t"
+        "sqrdmulh	v4.8h, v4.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v3.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v3.8h, v3.8h, #1\n\t"
+        "sshr	v4.8h, v4.8h, #1\n\t"
+        "mul	v17.8h, v5.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v6.8h, v0.h[4]\n\t"
+        "sqrdmulh	v5.8h, v5.8h, v0.h[3]\n\t"
+        "sqrdmulh	v6.8h, v6.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v5.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v5.8h, v5.8h, #1\n\t"
+        "sshr	v6.8h, v6.8h, #1\n\t"
+        "mul	v17.8h, v7.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v7.8h, v7.8h, v0.h[3]\n\t"
+        "sqrdmulh	v8.8h, v8.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v7.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v8.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v7.8h, v7.8h, #1\n\t"
+        "sshr	v8.8h, v8.8h, #1\n\t"
+        "mul	v17.8h, v9.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v10.8h, v0.h[4]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v0.h[3]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v9.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v10.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v17.8h, v11.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v12.8h, v0.h[4]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v0.h[3]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v11.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v17.8h, v13.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v0.h[3]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v13.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v17.8h, v15.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v16.8h, v0.h[4]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v0.h[3]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v15.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "ld4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        "sub	%x[p], %x[p], #0x100\n\t"
+        "mul	v17.8h, v1.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v2.8h, v0.h[4]\n\t"
+        "sqrdmulh	v1.8h, v1.8h, v0.h[3]\n\t"
+        "sqrdmulh	v2.8h, v2.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v1.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v2.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v1.8h, v1.8h, #1\n\t"
+        "sshr	v2.8h, v2.8h, #1\n\t"
+        "mul	v17.8h, v3.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v4.8h, v0.h[4]\n\t"
+        "sqrdmulh	v3.8h, v3.8h, v0.h[3]\n\t"
+        "sqrdmulh	v4.8h, v4.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v3.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v4.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v3.8h, v3.8h, #1\n\t"
+        "sshr	v4.8h, v4.8h, #1\n\t"
+        "mul	v17.8h, v5.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v6.8h, v0.h[4]\n\t"
+        "sqrdmulh	v5.8h, v5.8h, v0.h[3]\n\t"
+        "sqrdmulh	v6.8h, v6.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v5.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v6.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v5.8h, v5.8h, #1\n\t"
+        "sshr	v6.8h, v6.8h, #1\n\t"
+        "mul	v17.8h, v7.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v8.8h, v0.h[4]\n\t"
+        "sqrdmulh	v7.8h, v7.8h, v0.h[3]\n\t"
+        "sqrdmulh	v8.8h, v8.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v7.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v8.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v7.8h, v7.8h, #1\n\t"
+        "sshr	v8.8h, v8.8h, #1\n\t"
+        "mul	v17.8h, v9.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v10.8h, v0.h[4]\n\t"
+        "sqrdmulh	v9.8h, v9.8h, v0.h[3]\n\t"
+        "sqrdmulh	v10.8h, v10.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v9.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v10.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v9.8h, v9.8h, #1\n\t"
+        "sshr	v10.8h, v10.8h, #1\n\t"
+        "mul	v17.8h, v11.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v12.8h, v0.h[4]\n\t"
+        "sqrdmulh	v11.8h, v11.8h, v0.h[3]\n\t"
+        "sqrdmulh	v12.8h, v12.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v11.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v12.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v11.8h, v11.8h, #1\n\t"
+        "sshr	v12.8h, v12.8h, #1\n\t"
+        "mul	v17.8h, v13.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v14.8h, v0.h[4]\n\t"
+        "sqrdmulh	v13.8h, v13.8h, v0.h[3]\n\t"
+        "sqrdmulh	v14.8h, v14.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v13.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v14.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v13.8h, v13.8h, #1\n\t"
+        "sshr	v14.8h, v14.8h, #1\n\t"
+        "mul	v17.8h, v15.8h, v0.h[4]\n\t"
+        "mul	v18.8h, v16.8h, v0.h[4]\n\t"
+        "sqrdmulh	v15.8h, v15.8h, v0.h[3]\n\t"
+        "sqrdmulh	v16.8h, v16.8h, v0.h[3]\n\t"
+        "sqrdmlsh	v15.8h, v17.8h, v0.h[0]\n\t"
+        "sqrdmlsh	v16.8h, v18.8h, v0.h[0]\n\t"
+        "sshr	v15.8h, v15.8h, #1\n\t"
+        "sshr	v16.8h, v16.8h, #1\n\t"
+        "st4	{v1.8h, v2.8h, v3.8h, v4.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v5.8h, v6.8h, v7.8h, v8.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v9.8h, v10.8h, v11.8h, v12.8h}, [%x[p]], #0x40\n\t"
+        "st4	{v13.8h, v14.8h, v15.8h, v16.8h}, [%x[p]], #0x40\n\t"
+        : [p] "+r" (p)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul)
+        : "memory", "cc", "x1", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+            "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17",
+            "v18"
+    );
+}
+
+#endif /* WOLFSSL_AARCH64_NO_SQRDMLSH */
+static const word16 L_mlkem_to_msg_low[] = {
+    0x0373, 0x0373, 0x0373, 0x0373, 0x0373, 0x0373, 0x0373, 0x0373,
+};
+
+static const word16 L_mlkem_to_msg_high[] = {
+    0x09c0, 0x09c0, 0x09c0, 0x09c0, 0x09c0, 0x09c0, 0x09c0, 0x09c0,
+};
+
+static const word16 L_mlkem_to_msg_bits[] = {
+    0x0001, 0x0002, 0x0004, 0x0008, 0x0010, 0x0020, 0x0040, 0x0080,
+};
+
+void mlkem_to_msg_neon(byte* msg, sword16* p)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_mlkem_to_msg_low]\n\t"
+        "add  x2, x2, :lo12:%[L_mlkem_to_msg_low]\n\t"
+#else
+        "adrp x2, %[L_mlkem_to_msg_low]@PAGE\n\t"
+        "add  x2, x2, %[L_mlkem_to_msg_low]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_mlkem_to_msg_high]\n\t"
+        "add  x3, x3, :lo12:%[L_mlkem_to_msg_high]\n\t"
+#else
+        "adrp x3, %[L_mlkem_to_msg_high]@PAGE\n\t"
+        "add  x3, x3, %[L_mlkem_to_msg_high]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x4, %[L_mlkem_to_msg_bits]\n\t"
+        "add  x4, x4, :lo12:%[L_mlkem_to_msg_bits]\n\t"
+#else
+        "adrp x4, %[L_mlkem_to_msg_bits]@PAGE\n\t"
+        "add  x4, x4, %[L_mlkem_to_msg_bits]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldr	q0, [x2]\n\t"
+        "ldr	q1, [x3]\n\t"
+        "ldr	q26, [x4]\n\t"
+        "ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t"
+        "ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t"
+        "cmge	v10.8h, v2.8h, v0.8h\n\t"
+        "cmge	v18.8h, v1.8h, v2.8h\n\t"
+        "cmge	v11.8h, v3.8h, v0.8h\n\t"
+        "cmge	v19.8h, v1.8h, v3.8h\n\t"
+        "cmge	v12.8h, v4.8h, v0.8h\n\t"
+        "cmge	v20.8h, v1.8h, v4.8h\n\t"
+        "cmge	v13.8h, v5.8h, v0.8h\n\t"
+        "cmge	v21.8h, v1.8h, v5.8h\n\t"
+        "cmge	v14.8h, v6.8h, v0.8h\n\t"
+        "cmge	v22.8h, v1.8h, v6.8h\n\t"
+        "cmge	v15.8h, v7.8h, v0.8h\n\t"
+        "cmge	v23.8h, v1.8h, v7.8h\n\t"
+        "cmge	v16.8h, v8.8h, v0.8h\n\t"
+        "cmge	v24.8h, v1.8h, v8.8h\n\t"
+        "cmge	v17.8h, v9.8h, v0.8h\n\t"
+        "cmge	v25.8h, v1.8h, v9.8h\n\t"
+        "and	v18.16b, v18.16b, v10.16b\n\t"
+        "and	v19.16b, v19.16b, v11.16b\n\t"
+        "and	v20.16b, v20.16b, v12.16b\n\t"
+        "and	v21.16b, v21.16b, v13.16b\n\t"
+        "and	v22.16b, v22.16b, v14.16b\n\t"
+        "and	v23.16b, v23.16b, v15.16b\n\t"
+        "and	v24.16b, v24.16b, v16.16b\n\t"
+        "and	v25.16b, v25.16b, v17.16b\n\t"
+        "and	v18.16b, v18.16b, v26.16b\n\t"
+        "and	v19.16b, v19.16b, v26.16b\n\t"
+        "and	v20.16b, v20.16b, v26.16b\n\t"
+        "and	v21.16b, v21.16b, v26.16b\n\t"
+        "and	v22.16b, v22.16b, v26.16b\n\t"
+        "and	v23.16b, v23.16b, v26.16b\n\t"
+        "and	v24.16b, v24.16b, v26.16b\n\t"
+        "and	v25.16b, v25.16b, v26.16b\n\t"
+        "addv	h18, v18.8h\n\t"
+        "addv	h19, v19.8h\n\t"
+        "addv	h20, v20.8h\n\t"
+        "addv	h21, v21.8h\n\t"
+        "addv	h22, v22.8h\n\t"
+        "addv	h23, v23.8h\n\t"
+        "addv	h24, v24.8h\n\t"
+        "addv	h25, v25.8h\n\t"
+        "ins	v18.b[1], v19.b[0]\n\t"
+        "ins	v18.b[2], v20.b[0]\n\t"
+        "ins	v18.b[3], v21.b[0]\n\t"
+        "ins	v18.b[4], v22.b[0]\n\t"
+        "ins	v18.b[5], v23.b[0]\n\t"
+        "ins	v18.b[6], v24.b[0]\n\t"
+        "ins	v18.b[7], v25.b[0]\n\t"
+        "st1	{v18.8b}, [%x[msg]], #8\n\t"
+        "ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t"
+        "ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t"
+        "cmge	v10.8h, v2.8h, v0.8h\n\t"
+        "cmge	v18.8h, v1.8h, v2.8h\n\t"
+        "cmge	v11.8h, v3.8h, v0.8h\n\t"
+        "cmge	v19.8h, v1.8h, v3.8h\n\t"
+        "cmge	v12.8h, v4.8h, v0.8h\n\t"
+        "cmge	v20.8h, v1.8h, v4.8h\n\t"
+        "cmge	v13.8h, v5.8h, v0.8h\n\t"
+        "cmge	v21.8h, v1.8h, v5.8h\n\t"
+        "cmge	v14.8h, v6.8h, v0.8h\n\t"
+        "cmge	v22.8h, v1.8h, v6.8h\n\t"
+        "cmge	v15.8h, v7.8h, v0.8h\n\t"
+        "cmge	v23.8h, v1.8h, v7.8h\n\t"
+        "cmge	v16.8h, v8.8h, v0.8h\n\t"
+        "cmge	v24.8h, v1.8h, v8.8h\n\t"
+        "cmge	v17.8h, v9.8h, v0.8h\n\t"
+        "cmge	v25.8h, v1.8h, v9.8h\n\t"
+        "and	v18.16b, v18.16b, v10.16b\n\t"
+        "and	v19.16b, v19.16b, v11.16b\n\t"
+        "and	v20.16b, v20.16b, v12.16b\n\t"
+        "and	v21.16b, v21.16b, v13.16b\n\t"
+        "and	v22.16b, v22.16b, v14.16b\n\t"
+        "and	v23.16b, v23.16b, v15.16b\n\t"
+        "and	v24.16b, v24.16b, v16.16b\n\t"
+        "and	v25.16b, v25.16b, v17.16b\n\t"
+        "and	v18.16b, v18.16b, v26.16b\n\t"
+        "and	v19.16b, v19.16b, v26.16b\n\t"
+        "and	v20.16b, v20.16b, v26.16b\n\t"
+        "and	v21.16b, v21.16b, v26.16b\n\t"
+        "and	v22.16b, v22.16b, v26.16b\n\t"
+        "and	v23.16b, v23.16b, v26.16b\n\t"
+        "and	v24.16b, v24.16b, v26.16b\n\t"
+        "and	v25.16b, v25.16b, v26.16b\n\t"
+        "addv	h18, v18.8h\n\t"
+        "addv	h19, v19.8h\n\t"
+        "addv	h20, v20.8h\n\t"
+        "addv	h21, v21.8h\n\t"
+        "addv	h22, v22.8h\n\t"
+        "addv	h23, v23.8h\n\t"
+        "addv	h24, v24.8h\n\t"
+        "addv	h25, v25.8h\n\t"
+        "ins	v18.b[1], v19.b[0]\n\t"
+        "ins	v18.b[2], v20.b[0]\n\t"
+        "ins	v18.b[3], v21.b[0]\n\t"
+        "ins	v18.b[4], v22.b[0]\n\t"
+        "ins	v18.b[5], v23.b[0]\n\t"
+        "ins	v18.b[6], v24.b[0]\n\t"
+        "ins	v18.b[7], v25.b[0]\n\t"
+        "st1	{v18.8b}, [%x[msg]], #8\n\t"
+        "ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t"
+        "ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t"
+        "cmge	v10.8h, v2.8h, v0.8h\n\t"
+        "cmge	v18.8h, v1.8h, v2.8h\n\t"
+        "cmge	v11.8h, v3.8h, v0.8h\n\t"
+        "cmge	v19.8h, v1.8h, v3.8h\n\t"
+        "cmge	v12.8h, v4.8h, v0.8h\n\t"
+        "cmge	v20.8h, v1.8h, v4.8h\n\t"
+        "cmge	v13.8h, v5.8h, v0.8h\n\t"
+        "cmge	v21.8h, v1.8h, v5.8h\n\t"
+        "cmge	v14.8h, v6.8h, v0.8h\n\t"
+        "cmge	v22.8h, v1.8h, v6.8h\n\t"
+        "cmge	v15.8h, v7.8h, v0.8h\n\t"
+        "cmge	v23.8h, v1.8h, v7.8h\n\t"
+        "cmge	v16.8h, v8.8h, v0.8h\n\t"
+        "cmge	v24.8h, v1.8h, v8.8h\n\t"
+        "cmge	v17.8h, v9.8h, v0.8h\n\t"
+        "cmge	v25.8h, v1.8h, v9.8h\n\t"
+        "and	v18.16b, v18.16b, v10.16b\n\t"
+        "and	v19.16b, v19.16b, v11.16b\n\t"
+        "and	v20.16b, v20.16b, v12.16b\n\t"
+        "and	v21.16b, v21.16b, v13.16b\n\t"
+        "and	v22.16b, v22.16b, v14.16b\n\t"
+        "and	v23.16b, v23.16b, v15.16b\n\t"
+        "and	v24.16b, v24.16b, v16.16b\n\t"
+        "and	v25.16b, v25.16b, v17.16b\n\t"
+        "and	v18.16b, v18.16b, v26.16b\n\t"
+        "and	v19.16b, v19.16b, v26.16b\n\t"
+        "and	v20.16b, v20.16b, v26.16b\n\t"
+        "and	v21.16b, v21.16b, v26.16b\n\t"
+        "and	v22.16b, v22.16b, v26.16b\n\t"
+        "and	v23.16b, v23.16b, v26.16b\n\t"
+        "and	v24.16b, v24.16b, v26.16b\n\t"
+        "and	v25.16b, v25.16b, v26.16b\n\t"
+        "addv	h18, v18.8h\n\t"
+        "addv	h19, v19.8h\n\t"
+        "addv	h20, v20.8h\n\t"
+        "addv	h21, v21.8h\n\t"
+        "addv	h22, v22.8h\n\t"
+        "addv	h23, v23.8h\n\t"
+        "addv	h24, v24.8h\n\t"
+        "addv	h25, v25.8h\n\t"
+        "ins	v18.b[1], v19.b[0]\n\t"
+        "ins	v18.b[2], v20.b[0]\n\t"
+        "ins	v18.b[3], v21.b[0]\n\t"
+        "ins	v18.b[4], v22.b[0]\n\t"
+        "ins	v18.b[5], v23.b[0]\n\t"
+        "ins	v18.b[6], v24.b[0]\n\t"
+        "ins	v18.b[7], v25.b[0]\n\t"
+        "st1	{v18.8b}, [%x[msg]], #8\n\t"
+        "ld1	{v2.8h, v3.8h, v4.8h, v5.8h}, [%x[p]], #0x40\n\t"
+        "ld1	{v6.8h, v7.8h, v8.8h, v9.8h}, [%x[p]], #0x40\n\t"
+        "cmge	v10.8h, v2.8h, v0.8h\n\t"
+        "cmge	v18.8h, v1.8h, v2.8h\n\t"
+        "cmge	v11.8h, v3.8h, v0.8h\n\t"
+        "cmge	v19.8h, v1.8h, v3.8h\n\t"
+        "cmge	v12.8h, v4.8h, v0.8h\n\t"
+        "cmge	v20.8h, v1.8h, v4.8h\n\t"
+        "cmge	v13.8h, v5.8h, v0.8h\n\t"
+        "cmge	v21.8h, v1.8h, v5.8h\n\t"
+        "cmge	v14.8h, v6.8h, v0.8h\n\t"
+        "cmge	v22.8h, v1.8h, v6.8h\n\t"
+        "cmge	v15.8h, v7.8h, v0.8h\n\t"
+        "cmge	v23.8h, v1.8h, v7.8h\n\t"
+        "cmge	v16.8h, v8.8h, v0.8h\n\t"
+        "cmge	v24.8h, v1.8h, v8.8h\n\t"
+        "cmge	v17.8h, v9.8h, v0.8h\n\t"
+        "cmge	v25.8h, v1.8h, v9.8h\n\t"
+        "and	v18.16b, v18.16b, v10.16b\n\t"
+        "and	v19.16b, v19.16b, v11.16b\n\t"
+        "and	v20.16b, v20.16b, v12.16b\n\t"
+        "and	v21.16b, v21.16b, v13.16b\n\t"
+        "and	v22.16b, v22.16b, v14.16b\n\t"
+        "and	v23.16b, v23.16b, v15.16b\n\t"
+        "and	v24.16b, v24.16b, v16.16b\n\t"
+        "and	v25.16b, v25.16b, v17.16b\n\t"
+        "and	v18.16b, v18.16b, v26.16b\n\t"
+        "and	v19.16b, v19.16b, v26.16b\n\t"
+        "and	v20.16b, v20.16b, v26.16b\n\t"
+        "and	v21.16b, v21.16b, v26.16b\n\t"
+        "and	v22.16b, v22.16b, v26.16b\n\t"
+        "and	v23.16b, v23.16b, v26.16b\n\t"
+        "and	v24.16b, v24.16b, v26.16b\n\t"
+        "and	v25.16b, v25.16b, v26.16b\n\t"
+        "addv	h18, v18.8h\n\t"
+        "addv	h19, v19.8h\n\t"
+        "addv	h20, v20.8h\n\t"
+        "addv	h21, v21.8h\n\t"
+        "addv	h22, v22.8h\n\t"
+        "addv	h23, v23.8h\n\t"
+        "addv	h24, v24.8h\n\t"
+        "addv	h25, v25.8h\n\t"
+        "ins	v18.b[1], v19.b[0]\n\t"
+        "ins	v18.b[2], v20.b[0]\n\t"
+        "ins	v18.b[3], v21.b[0]\n\t"
+        "ins	v18.b[4], v22.b[0]\n\t"
+        "ins	v18.b[5], v23.b[0]\n\t"
+        "ins	v18.b[6], v24.b[0]\n\t"
+        "ins	v18.b[7], v25.b[0]\n\t"
+        "st1	{v18.8b}, [%x[msg]], #8\n\t"
+        : [msg] "+r" (msg), [p] "+r" (p)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul),
+          [L_mlkem_to_msg_low] "S" (L_mlkem_to_msg_low),
+          [L_mlkem_to_msg_high] "S" (L_mlkem_to_msg_high),
+          [L_mlkem_to_msg_bits] "S" (L_mlkem_to_msg_bits)
+        : "memory", "cc", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5",
+            "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+            "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24",
+            "v25", "v26"
+    );
+}
+
+static const word16 L_mlkem_from_msg_q1half[] = {
+    0x0681, 0x0681, 0x0681, 0x0681, 0x0681, 0x0681, 0x0681, 0x0681,
+};
+
+static const word8 L_mlkem_from_msg_bits[] = {
+    0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
+    0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
+};
+
+void mlkem_from_msg_neon(sword16* p, const byte* msg)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x2, %[L_mlkem_from_msg_q1half]\n\t"
+        "add  x2, x2, :lo12:%[L_mlkem_from_msg_q1half]\n\t"
+#else
+        "adrp x2, %[L_mlkem_from_msg_q1half]@PAGE\n\t"
+        "add  x2, x2, %[L_mlkem_from_msg_q1half]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x3, %[L_mlkem_from_msg_bits]\n\t"
+        "add  x3, x3, :lo12:%[L_mlkem_from_msg_bits]\n\t"
+#else
+        "adrp x3, %[L_mlkem_from_msg_bits]@PAGE\n\t"
+        "add  x3, x3, %[L_mlkem_from_msg_bits]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ld1	{v2.16b, v3.16b}, [%x[msg]]\n\t"
+        "ldr	q1, [x2]\n\t"
+        "ldr	q0, [x3]\n\t"
+        "dup	v4.8b, v2.b[0]\n\t"
+        "dup	v5.8b, v2.b[1]\n\t"
+        "dup	v6.8b, v2.b[2]\n\t"
+        "dup	v7.8b, v2.b[3]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v2.b[4]\n\t"
+        "dup	v5.8b, v2.b[5]\n\t"
+        "dup	v6.8b, v2.b[6]\n\t"
+        "dup	v7.8b, v2.b[7]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v2.b[8]\n\t"
+        "dup	v5.8b, v2.b[9]\n\t"
+        "dup	v6.8b, v2.b[10]\n\t"
+        "dup	v7.8b, v2.b[11]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v2.b[12]\n\t"
+        "dup	v5.8b, v2.b[13]\n\t"
+        "dup	v6.8b, v2.b[14]\n\t"
+        "dup	v7.8b, v2.b[15]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v3.b[0]\n\t"
+        "dup	v5.8b, v3.b[1]\n\t"
+        "dup	v6.8b, v3.b[2]\n\t"
+        "dup	v7.8b, v3.b[3]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v3.b[4]\n\t"
+        "dup	v5.8b, v3.b[5]\n\t"
+        "dup	v6.8b, v3.b[6]\n\t"
+        "dup	v7.8b, v3.b[7]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v3.b[8]\n\t"
+        "dup	v5.8b, v3.b[9]\n\t"
+        "dup	v6.8b, v3.b[10]\n\t"
+        "dup	v7.8b, v3.b[11]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        "dup	v4.8b, v3.b[12]\n\t"
+        "dup	v5.8b, v3.b[13]\n\t"
+        "dup	v6.8b, v3.b[14]\n\t"
+        "dup	v7.8b, v3.b[15]\n\t"
+        "cmtst	v4.8b, v4.8b, v0.8b\n\t"
+        "cmtst	v5.8b, v5.8b, v0.8b\n\t"
+        "cmtst	v6.8b, v6.8b, v0.8b\n\t"
+        "cmtst	v7.8b, v7.8b, v0.8b\n\t"
+        "zip1	v4.16b, v4.16b, v4.16b\n\t"
+        "zip1	v5.16b, v5.16b, v5.16b\n\t"
+        "zip1	v6.16b, v6.16b, v6.16b\n\t"
+        "zip1	v7.16b, v7.16b, v7.16b\n\t"
+        "and	v4.16b, v4.16b, v1.16b\n\t"
+        "and	v5.16b, v5.16b, v1.16b\n\t"
+        "and	v6.16b, v6.16b, v1.16b\n\t"
+        "and	v7.16b, v7.16b, v1.16b\n\t"
+        "st1	{v4.8h, v5.8h, v6.8h, v7.8h}, [%x[p]], #0x40\n\t"
+        : [p] "+r" (p), [msg] "+r" (msg)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul),
+          [L_mlkem_to_msg_low] "S" (L_mlkem_to_msg_low),
+          [L_mlkem_to_msg_high] "S" (L_mlkem_to_msg_high),
+          [L_mlkem_to_msg_bits] "S" (L_mlkem_to_msg_bits),
+          [L_mlkem_from_msg_q1half] "S" (L_mlkem_from_msg_q1half),
+          [L_mlkem_from_msg_bits] "S" (L_mlkem_from_msg_bits)
+        : "memory", "cc", "x2", "x3", "v0", "v1", "v2", "v3", "v4", "v5", "v6",
+            "v7", "v8", "v9", "v10", "v11"
+    );
+}
+
+int mlkem_cmp_neon(const byte* a, const byte* b, int sz)
+{
+    __asm__ __volatile__ (
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v8.16b, v0.16b, v4.16b\n\t"
+        "eor	v9.16b, v1.16b, v5.16b\n\t"
+        "eor	v10.16b, v2.16b, v6.16b\n\t"
+        "eor	v11.16b, v3.16b, v7.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "subs	%w[sz], %w[sz], #0x300\n\t"
+        "beq	L_mlkem_aarch64_cmp_neon_done_%=\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "subs	%w[sz], %w[sz], #0x140\n\t"
+        "beq	L_mlkem_aarch64_cmp_neon_done_%=\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld4	{v0.16b, v1.16b, v2.16b, v3.16b}, [%x[a]], #0x40\n\t"
+        "ld4	{v4.16b, v5.16b, v6.16b, v7.16b}, [%x[b]], #0x40\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "eor	v2.16b, v2.16b, v6.16b\n\t"
+        "eor	v3.16b, v3.16b, v7.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "orr	v10.16b, v10.16b, v2.16b\n\t"
+        "orr	v11.16b, v11.16b, v3.16b\n\t"
+        "ld2	{v0.16b, v1.16b}, [%x[a]]\n\t"
+        "ld2	{v4.16b, v5.16b}, [%x[b]]\n\t"
+        "eor	v0.16b, v0.16b, v4.16b\n\t"
+        "eor	v1.16b, v1.16b, v5.16b\n\t"
+        "orr	v8.16b, v8.16b, v0.16b\n\t"
+        "orr	v9.16b, v9.16b, v1.16b\n\t"
+        "\n"
+    "L_mlkem_aarch64_cmp_neon_done_%=: \n\t"
+        "orr	v8.16b, v8.16b, v9.16b\n\t"
+        "orr	v10.16b, v10.16b, v11.16b\n\t"
+        "orr	v8.16b, v8.16b, v10.16b\n\t"
+        "ins	v9.b[0], v8.b[1]\n\t"
+        "orr	v8.16b, v8.16b, v9.16b\n\t"
+        "mov	x0, v8.d[0]\n\t"
+        "subs	x0, x0, xzr\n\t"
+        "csetm	w0, ne\n\t"
+        : [a] "+r" (a), [b] "+r" (b), [sz] "+r" (sz)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul),
+          [L_mlkem_to_msg_low] "S" (L_mlkem_to_msg_low),
+          [L_mlkem_to_msg_high] "S" (L_mlkem_to_msg_high),
+          [L_mlkem_to_msg_bits] "S" (L_mlkem_to_msg_bits),
+          [L_mlkem_from_msg_q1half] "S" (L_mlkem_from_msg_q1half),
+          [L_mlkem_from_msg_bits] "S" (L_mlkem_from_msg_bits)
+        : "memory", "cc", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8",
+            "v9", "v10", "v11"
+    );
+    return (word32)(size_t)a;
+}
+
+static const word16 L_mlkem_rej_uniform_mask[] = {
+    0x0fff, 0x0fff, 0x0fff, 0x0fff, 0x0fff, 0x0fff, 0x0fff, 0x0fff,
+};
+
+static const word16 L_mlkem_rej_uniform_bits[] = {
+    0x0001, 0x0002, 0x0004, 0x0008, 0x0010, 0x0020, 0x0040, 0x0080,
+};
+
+static const word8 L_mlkem_rej_uniform_indices[] = {
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0xff, 0xff,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0e, 0x0f, 0xff, 0xff,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x08, 0x09, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
+    0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x02, 0x03, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff,
+    0x00, 0x01, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+};
+
+unsigned int mlkem_rej_uniform_neon(sword16* p, unsigned int len, const byte* r,
+    unsigned int rLen)
+{
+    __asm__ __volatile__ (
+#ifndef __APPLE__
+        "adrp x4, %[L_mlkem_rej_uniform_mask]\n\t"
+        "add  x4, x4, :lo12:%[L_mlkem_rej_uniform_mask]\n\t"
+#else
+        "adrp x4, %[L_mlkem_rej_uniform_mask]@PAGE\n\t"
+        "add  x4, x4, %[L_mlkem_rej_uniform_mask]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x5, %[L_mlkem_aarch64_q]\n\t"
+        "add  x5, x5, :lo12:%[L_mlkem_aarch64_q]\n\t"
+#else
+        "adrp x5, %[L_mlkem_aarch64_q]@PAGE\n\t"
+        "add  x5, x5, %[L_mlkem_aarch64_q]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x6, %[L_mlkem_rej_uniform_bits]\n\t"
+        "add  x6, x6, :lo12:%[L_mlkem_rej_uniform_bits]\n\t"
+#else
+        "adrp x6, %[L_mlkem_rej_uniform_bits]@PAGE\n\t"
+        "add  x6, x6, %[L_mlkem_rej_uniform_bits]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+        "adrp x7, %[L_mlkem_rej_uniform_indices]\n\t"
+        "add  x7, x7, :lo12:%[L_mlkem_rej_uniform_indices]\n\t"
+#else
+        "adrp x7, %[L_mlkem_rej_uniform_indices]@PAGE\n\t"
+        "add  x7, x7, %[L_mlkem_rej_uniform_indices]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "eor	v1.16b, v1.16b, v1.16b\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "mov	x13, #0xd01\n\t"
+        "ldr	q0, [x4]\n\t"
+        "ldr	q3, [x5]\n\t"
+        "ldr	q2, [x6]\n\t"
+        "subs	wzr, %w[len], #0\n\t"
+        "beq	L_mlkem_rej_uniform_done_%=\n\t"
+        "subs	wzr, %w[len], #16\n\t"
+        "blt	L_mlkem_rej_uniform_loop_4_%=\n\t"
+        "\n"
+    "L_mlkem_rej_uniform_loop_16_%=: \n\t"
+        "ld3	{v4.8b, v5.8b, v6.8b}, [%x[r]], #24\n\t"
+        "zip1	v4.16b, v4.16b, v1.16b\n\t"
+        "zip1	v5.16b, v5.16b, v1.16b\n\t"
+        "zip1	v6.16b, v6.16b, v1.16b\n\t"
+        "shl	v7.8h, v5.8h, #8\n\t"
+        "ushr	v8.8h, v5.8h, #4\n\t"
+        "shl	v6.8h, v6.8h, #4\n\t"
+        "orr	v4.16b, v4.16b, v7.16b\n\t"
+        "orr	v5.16b, v8.16b, v6.16b\n\t"
+        "and	v7.16b, v4.16b, v0.16b\n\t"
+        "and	v8.16b, v5.16b, v0.16b\n\t"
+        "zip1	v4.8h, v7.8h, v8.8h\n\t"
+        "zip2	v5.8h, v7.8h, v8.8h\n\t"
+        "cmgt	v7.8h, v3.8h, v4.8h\n\t"
+        "cmgt	v8.8h, v3.8h, v5.8h\n\t"
+        "ushr	v12.8h, v7.8h, #15\n\t"
+        "ushr	v13.8h, v8.8h, #15\n\t"
+        "addv	h12, v12.8h\n\t"
+        "addv	h13, v13.8h\n\t"
+        "mov	x10, v12.d[0]\n\t"
+        "mov	x11, v13.d[0]\n\t"
+        "and	v10.16b, v7.16b, v2.16b\n\t"
+        "and	v11.16b, v8.16b, v2.16b\n\t"
+        "addv	h10, v10.8h\n\t"
+        "addv	h11, v11.8h\n\t"
+        "mov	w8, v10.s[0]\n\t"
+        "mov	w9, v11.s[0]\n\t"
+        "lsl	w8, w8, #4\n\t"
+        "lsl	w9, w9, #4\n\t"
+        "ldr	q10, [x7, x8]\n\t"
+        "ldr	q11, [x7, x9]\n\t"
+        "tbl	v7.16b, {v4.16b}, v10.16b\n\t"
+        "tbl	v8.16b, {v5.16b}, v11.16b\n\t"
+        "str	q7, [%x[p]]\n\t"
+        "add	%x[p], %x[p], x10, lsl 1\n\t"
+        "add	x12, x12, x10\n\t"
+        "str	q8, [%x[p]]\n\t"
+        "add	%x[p], %x[p], x11, lsl 1\n\t"
+        "add	x12, x12, x11\n\t"
+        "subs	%w[rLen], %w[rLen], #24\n\t"
+        "beq	L_mlkem_rej_uniform_done_%=\n\t"
+        "sub	w10, %w[len], w12\n\t"
+        "subs	x10, x10, #16\n\t"
+        "blt	L_mlkem_rej_uniform_loop_4_%=\n\t"
+        "b	L_mlkem_rej_uniform_loop_16_%=\n\t"
+        "\n"
+    "L_mlkem_rej_uniform_loop_4_%=: \n\t"
+        "subs	w10, %w[len], w12\n\t"
+        "beq	L_mlkem_rej_uniform_done_%=\n\t"
+        "subs	x10, x10, #4\n\t"
+        "blt	L_mlkem_rej_uniform_loop_lt_4_%=\n\t"
+        "ldr	x4, [%x[r]], #6\n\t"
+        "lsr	x5, x4, #12\n\t"
+        "lsr	x6, x4, #24\n\t"
+        "lsr	x7, x4, #36\n\t"
+        "and	x4, x4, #0xfff\n\t"
+        "and	x5, x5, #0xfff\n\t"
+        "and	x6, x6, #0xfff\n\t"
+        "and	x7, x7, #0xfff\n\t"
+        "strh	w4, [%x[p]]\n\t"
+        "subs	xzr, x4, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "strh	w5, [%x[p]]\n\t"
+        "subs	xzr, x5, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "strh	w6, [%x[p]]\n\t"
+        "subs	xzr, x6, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "strh	w7, [%x[p]]\n\t"
+        "subs	xzr, x7, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	%w[rLen], %w[rLen], #6\n\t"
+        "beq	L_mlkem_rej_uniform_done_%=\n\t"
+        "b	L_mlkem_rej_uniform_loop_4_%=\n\t"
+        "\n"
+    "L_mlkem_rej_uniform_loop_lt_4_%=: \n\t"
+        "ldr	x4, [%x[r]], #6\n\t"
+        "lsr	x5, x4, #12\n\t"
+        "lsr	x6, x4, #24\n\t"
+        "lsr	x7, x4, #36\n\t"
+        "and	x4, x4, #0xfff\n\t"
+        "and	x5, x5, #0xfff\n\t"
+        "and	x6, x6, #0xfff\n\t"
+        "and	x7, x7, #0xfff\n\t"
+        "strh	w4, [%x[p]]\n\t"
+        "subs	xzr, x4, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	wzr, %w[len], w12\n\t"
+        "beq	L_mlkem_rej_uniform_done_%=\n\t"
+        "strh	w5, [%x[p]]\n\t"
+        "subs	xzr, x5, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	wzr, %w[len], w12\n\t"
+        "beq	L_mlkem_rej_uniform_done_%=\n\t"
+        "strh	w6, [%x[p]]\n\t"
+        "subs	xzr, x6, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	wzr, %w[len], w12\n\t"
+        "beq	L_mlkem_rej_uniform_done_%=\n\t"
+        "strh	w7, [%x[p]]\n\t"
+        "subs	xzr, x7, x13\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	%x[p], %x[p], lt\n\t"
+        "cinc	x12, x12, lt\n\t"
+        "subs	wzr, %w[len], w12\n\t"
+        "beq	L_mlkem_rej_uniform_done_%=\n\t"
+        "subs	%w[rLen], %w[rLen], #6\n\t"
+        "beq	L_mlkem_rej_uniform_done_%=\n\t"
+        "b	L_mlkem_rej_uniform_loop_lt_4_%=\n\t"
+        "\n"
+    "L_mlkem_rej_uniform_done_%=: \n\t"
+        "mov	x0, x12\n\t"
+        : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul),
+          [L_mlkem_to_msg_low] "S" (L_mlkem_to_msg_low),
+          [L_mlkem_to_msg_high] "S" (L_mlkem_to_msg_high),
+          [L_mlkem_to_msg_bits] "S" (L_mlkem_to_msg_bits),
+          [L_mlkem_from_msg_q1half] "S" (L_mlkem_from_msg_q1half),
+          [L_mlkem_from_msg_bits] "S" (L_mlkem_from_msg_bits),
+          [L_mlkem_rej_uniform_mask] "S" (L_mlkem_rej_uniform_mask),
+          [L_mlkem_rej_uniform_bits] "S" (L_mlkem_rej_uniform_bits),
+          [L_mlkem_rej_uniform_indices] "S" (L_mlkem_rej_uniform_indices)
+        : "memory", "cc", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11",
+            "x12", "x13", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8",
+            "v9", "v10", "v11", "v12", "v13"
+    );
+    return (word32)(size_t)p;
+}
+
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+void mlkem_sha3_blocksx3_neon(word64* state)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x27, %[L_sha3_aarch64_r]\n\t"
+        "add  x27, x27, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x27, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x27, x27, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "ld4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "ld1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "ld4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "ld1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "ldp	x1, x2, [%x[state]]\n\t"
+        "ldp	x3, x4, [%x[state], #16]\n\t"
+        "ldp	x5, x6, [%x[state], #32]\n\t"
+        "ldp	x7, x8, [%x[state], #48]\n\t"
+        "ldp	x9, x10, [%x[state], #64]\n\t"
+        "ldp	x11, x12, [%x[state], #80]\n\t"
+        "ldp	x13, x14, [%x[state], #96]\n\t"
+        "ldp	x15, x16, [%x[state], #112]\n\t"
+        "ldp	x17, x19, [%x[state], #128]\n\t"
+        "ldp	x20, x21, [%x[state], #144]\n\t"
+        "ldp	x22, x23, [%x[state], #160]\n\t"
+        "ldp	x24, x25, [%x[state], #176]\n\t"
+        "ldr	x26, [%x[state], #192]\n\t"
+        "mov	x28, #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_transform_blocksx3_neon_begin_%=: \n\t"
+        "stp	x27, x28, [x29, #48]\n\t"
+        /* Col Mix */
+        "eor3	v31.16b, v0.16b, v5.16b, v10.16b\n\t"
+        "eor	%x[state], x5, x10\n\t"
+        "eor3	v27.16b, v1.16b, v6.16b, v11.16b\n\t"
+        "eor	x30, x1, x6\n\t"
+        "eor3	v28.16b, v2.16b, v7.16b, v12.16b\n\t"
+        "eor	x28, x3, x8\n\t"
+        "eor3	v29.16b, v3.16b, v8.16b, v13.16b\n\t"
+        "eor	%x[state], %x[state], x15\n\t"
+        "eor3	v30.16b, v4.16b, v9.16b, v14.16b\n\t"
+        "eor	x30, x30, x11\n\t"
+        "eor3	v31.16b, v31.16b, v15.16b, v20.16b\n\t"
+        "eor	x28, x28, x13\n\t"
+        "eor3	v27.16b, v27.16b, v16.16b, v21.16b\n\t"
+        "eor	%x[state], %x[state], x21\n\t"
+        "eor3	v28.16b, v28.16b, v17.16b, v22.16b\n\t"
+        "eor	x30, x30, x16\n\t"
+        "eor3	v29.16b, v29.16b, v18.16b, v23.16b\n\t"
+        "eor	x28, x28, x19\n\t"
+        "eor3	v30.16b, v30.16b, v19.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x26\n\t"
+        "rax1	v25.2d, v30.2d, v27.2d\n\t"
+        "eor	x30, x30, x22\n\t"
+        "rax1	v26.2d, v31.2d, v28.2d\n\t"
+        "eor	x28, x28, x24\n\t"
+        "rax1	v27.2d, v27.2d, v29.2d\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "rax1	v28.2d, v28.2d, v30.2d\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "rax1	v29.2d, v29.2d, v31.2d\n\t"
+        "eor	x27, x2, x7\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "xar	v30.2d, v1.2d, v26.2d, #63\n\t"
+        "eor	x28, x4, x9\n\t"
+        "xar	v1.2d, v6.2d, v26.2d, #20\n\t"
+        "eor	x27, x27, x12\n\t"
+        "xar	v6.2d, v9.2d, v29.2d, #44\n\t"
+        "eor	x28, x28, x14\n\t"
+        "xar	v9.2d, v22.2d, v27.2d, #3\n\t"
+        "eor	x27, x27, x17\n\t"
+        "xar	v22.2d, v14.2d, v29.2d, #25\n\t"
+        "eor	x28, x28, x20\n\t"
+        "xar	v14.2d, v20.2d, v25.2d, #46\n\t"
+        "eor	x27, x27, x23\n\t"
+        "xar	v20.2d, v2.2d, v27.2d, #2\n\t"
+        "eor	x28, x28, x25\n\t"
+        "xar	v2.2d, v12.2d, v27.2d, #21\n\t"
+        "eor	%x[state], %x[state], x27, ror 63\n\t"
+        "xar	v12.2d, v13.2d, v28.2d, #39\n\t"
+        "eor	x27, x27, x28, ror 63\n\t"
+        "xar	v13.2d, v19.2d, v29.2d, #56\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "xar	v19.2d, v23.2d, v28.2d, #8\n\t"
+        "eor	x6, x6, %x[state]\n\t"
+        "xar	v23.2d, v15.2d, v25.2d, #23\n\t"
+        "eor	x11, x11, %x[state]\n\t"
+        "xar	v15.2d, v4.2d, v29.2d, #37\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "xar	v4.2d, v24.2d, v29.2d, #50\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "xar	v24.2d, v21.2d, v26.2d, #62\n\t"
+        "eor	x3, x3, x27\n\t"
+        "xar	v21.2d, v8.2d, v28.2d, #9\n\t"
+        "eor	x8, x8, x27\n\t"
+        "xar	v8.2d, v16.2d, v26.2d, #19\n\t"
+        "eor	x13, x13, x27\n\t"
+        "xar	v16.2d, v5.2d, v25.2d, #28\n\t"
+        "eor	x19, x19, x27\n\t"
+        "xar	v5.2d, v3.2d, v28.2d, #36\n\t"
+        "eor	x24, x24, x27\n\t"
+        "xar	v3.2d, v18.2d, v28.2d, #43\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        "xar	v18.2d, v17.2d, v27.2d, #49\n\t"
+        "ldr	x27, [x29, #24]\n\t"
+        "xar	v17.2d, v11.2d, v26.2d, #54\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "xar	v11.2d, v7.2d, v27.2d, #58\n\t"
+        "eor	x30, x30, x27, ror 63\n\t"
+        "xar	v7.2d, v10.2d, v25.2d, #61\n\t"
+        "eor	x27, x27, %x[state], ror 63\n\t"
+        /* Row Mix */
+        "mov	v25.16b, v0.16b\n\t"
+        "eor	x5, x5, x28\n\t"
+        "mov	v26.16b, v1.16b\n\t"
+        "eor	x10, x10, x28\n\t"
+        "bcax	v0.16b, v25.16b, v2.16b, v26.16b\n\t"
+        "eor	x15, x15, x28\n\t"
+        "bcax	v1.16b, v26.16b, v3.16b, v2.16b\n\t"
+        "eor	x21, x21, x28\n\t"
+        "bcax	v2.16b, v2.16b, v4.16b, v3.16b\n\t"
+        "eor	x26, x26, x28\n\t"
+        "bcax	v3.16b, v3.16b, v25.16b, v4.16b\n\t"
+        "eor	x2, x2, x30\n\t"
+        "bcax	v4.16b, v4.16b, v26.16b, v25.16b\n\t"
+        "eor	x7, x7, x30\n\t"
+        "mov	v25.16b, v5.16b\n\t"
+        "eor	x12, x12, x30\n\t"
+        "mov	v26.16b, v6.16b\n\t"
+        "eor	x17, x17, x30\n\t"
+        "bcax	v5.16b, v25.16b, v7.16b, v26.16b\n\t"
+        "eor	x23, x23, x30\n\t"
+        "bcax	v6.16b, v26.16b, v8.16b, v7.16b\n\t"
+        "eor	x4, x4, x27\n\t"
+        "bcax	v7.16b, v7.16b, v9.16b, v8.16b\n\t"
+        "eor	x9, x9, x27\n\t"
+        "bcax	v8.16b, v8.16b, v25.16b, v9.16b\n\t"
+        "eor	x14, x14, x27\n\t"
+        "bcax	v9.16b, v9.16b, v26.16b, v25.16b\n\t"
+        "eor	x20, x20, x27\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "eor	x25, x25, x27\n\t"
+        /* Swap Rotate Base */
+        "bcax	v10.16b, v30.16b, v12.16b, v26.16b\n\t"
+        "ror	%x[state], x2, #63\n\t"
+        "bcax	v11.16b, v26.16b, v13.16b, v12.16b\n\t"
+        "ror	x2, x7, #20\n\t"
+        "bcax	v12.16b, v12.16b, v14.16b, v13.16b\n\t"
+        "ror	x7, x10, #44\n\t"
+        "bcax	v13.16b, v13.16b, v30.16b, v14.16b\n\t"
+        "ror	x10, x24, #3\n\t"
+        "bcax	v14.16b, v14.16b, v26.16b, v30.16b\n\t"
+        "ror	x24, x15, #25\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "ror	x15, x22, #46\n\t"
+        "mov	v26.16b, v16.16b\n\t"
+        "ror	x22, x3, #2\n\t"
+        "bcax	v15.16b, v25.16b, v17.16b, v26.16b\n\t"
+        "ror	x3, x13, #21\n\t"
+        "bcax	v16.16b, v26.16b, v18.16b, v17.16b\n\t"
+        "ror	x13, x14, #39\n\t"
+        "bcax	v17.16b, v17.16b, v19.16b, v18.16b\n\t"
+        "ror	x14, x21, #56\n\t"
+        "bcax	v18.16b, v18.16b, v25.16b, v19.16b\n\t"
+        "ror	x21, x25, #8\n\t"
+        "bcax	v19.16b, v19.16b, v26.16b, v25.16b\n\t"
+        "ror	x25, x16, #23\n\t"
+        "mov	v25.16b, v20.16b\n\t"
+        "ror	x16, x5, #37\n\t"
+        "mov	v26.16b, v21.16b\n\t"
+        "ror	x5, x26, #50\n\t"
+        "bcax	v20.16b, v25.16b, v22.16b, v26.16b\n\t"
+        "ror	x26, x23, #62\n\t"
+        "bcax	v21.16b, v26.16b, v23.16b, v22.16b\n\t"
+        "ror	x23, x9, #9\n\t"
+        "bcax	v22.16b, v22.16b, v24.16b, v23.16b\n\t"
+        "ror	x9, x17, #19\n\t"
+        "bcax	v23.16b, v23.16b, v25.16b, v24.16b\n\t"
+        "ror	x17, x6, #28\n\t"
+        "bcax	v24.16b, v24.16b, v26.16b, v25.16b\n\t"
+        "ror	x6, x4, #36\n\t"
+        "ror	x4, x20, #43\n\t"
+        "ror	x20, x19, #49\n\t"
+        "ror	x19, x12, #54\n\t"
+        "ror	x12, x8, #58\n\t"
+        "ror	x8, x11, #61\n\t"
+        /* Row Mix Base */
+        "bic	x11, x3, x2\n\t"
+        "bic	x27, x4, x3\n\t"
+        "bic	x28, x1, x5\n\t"
+        "bic	x30, x2, x1\n\t"
+        "eor	x1, x1, x11\n\t"
+        "eor	x2, x2, x27\n\t"
+        "bic	x11, x5, x4\n\t"
+        "eor	x4, x4, x28\n\t"
+        "eor	x3, x3, x11\n\t"
+        "eor	x5, x5, x30\n\t"
+        "bic	x11, x8, x7\n\t"
+        "bic	x27, x9, x8\n\t"
+        "bic	x28, x6, x10\n\t"
+        "bic	x30, x7, x6\n\t"
+        "eor	x6, x6, x11\n\t"
+        "eor	x7, x7, x27\n\t"
+        "bic	x11, x10, x9\n\t"
+        "eor	x9, x9, x28\n\t"
+        "eor	x8, x8, x11\n\t"
+        "eor	x10, x10, x30\n\t"
+        "bic	x11, x13, x12\n\t"
+        "bic	x27, x14, x13\n\t"
+        "bic	x28, %x[state], x15\n\t"
+        "bic	x30, x12, %x[state]\n\t"
+        "eor	x11, %x[state], x11\n\t"
+        "eor	x12, x12, x27\n\t"
+        "bic	%x[state], x15, x14\n\t"
+        "eor	x14, x14, x28\n\t"
+        "eor	x13, x13, %x[state]\n\t"
+        "eor	x15, x15, x30\n\t"
+        "bic	%x[state], x19, x17\n\t"
+        "bic	x27, x20, x19\n\t"
+        "bic	x28, x16, x21\n\t"
+        "bic	x30, x17, x16\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	x17, x17, x27\n\t"
+        "bic	%x[state], x21, x20\n\t"
+        "eor	x20, x20, x28\n\t"
+        "eor	x19, x19, %x[state]\n\t"
+        "eor	x21, x21, x30\n\t"
+        "bic	%x[state], x24, x23\n\t"
+        "bic	x27, x25, x24\n\t"
+        "bic	x28, x22, x26\n\t"
+        "bic	x30, x23, x22\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "eor	x23, x23, x27\n\t"
+        "bic	%x[state], x26, x25\n\t"
+        "eor	x25, x25, x28\n\t"
+        "eor	x24, x24, %x[state]\n\t"
+        "eor	x26, x26, x30\n\t"
+        /* Done transforming */
+        "ldp	x27, x28, [x29, #48]\n\t"
+        "ldr	%x[state], [x27], #8\n\t"
+        "subs	x28, x28, #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_transform_blocksx3_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x1, x2, [%x[state]]\n\t"
+        "stp	x3, x4, [%x[state], #16]\n\t"
+        "stp	x5, x6, [%x[state], #32]\n\t"
+        "stp	x7, x8, [%x[state], #48]\n\t"
+        "stp	x9, x10, [%x[state], #64]\n\t"
+        "stp	x11, x12, [%x[state], #80]\n\t"
+        "stp	x13, x14, [%x[state], #96]\n\t"
+        "stp	x15, x16, [%x[state], #112]\n\t"
+        "stp	x17, x19, [%x[state], #128]\n\t"
+        "stp	x20, x21, [%x[state], #144]\n\t"
+        "stp	x22, x23, [%x[state], #160]\n\t"
+        "stp	x24, x25, [%x[state], #176]\n\t"
+        "str	x26, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul),
+          [L_mlkem_to_msg_low] "S" (L_mlkem_to_msg_low),
+          [L_mlkem_to_msg_high] "S" (L_mlkem_to_msg_high),
+          [L_mlkem_to_msg_bits] "S" (L_mlkem_to_msg_bits),
+          [L_mlkem_from_msg_q1half] "S" (L_mlkem_from_msg_q1half),
+          [L_mlkem_from_msg_bits] "S" (L_mlkem_from_msg_bits),
+          [L_mlkem_rej_uniform_mask] "S" (L_mlkem_rej_uniform_mask),
+          [L_mlkem_rej_uniform_bits] "S" (L_mlkem_rej_uniform_bits),
+          [L_mlkem_rej_uniform_indices] "S" (L_mlkem_rej_uniform_indices)
+        : "memory", "cc", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9",
+            "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19",
+            "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0",
+            "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11",
+            "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20",
+            "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29",
+            "v30", "v31"
+    );
+}
+
+void mlkem_shake128_blocksx3_seed_neon(word64* state, byte* seed)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x28, %[L_sha3_aarch64_r]\n\t"
+        "add  x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "add	%x[state], %x[state], #32\n\t"
+        "ld1	{v4.d}[0], [%x[state]]\n\t"
+        "ldp	x2, x3, [%x[seed]], #16\n\t"
+        "add	%x[state], %x[state], #0xc8\n\t"
+        "ld1	{v4.d}[1], [%x[state]]\n\t"
+        "ldp	x4, x5, [%x[seed]], #16\n\t"
+        "ldr	x6, [%x[state], #200]\n\t"
+        "eor	v5.16b, v5.16b, v5.16b\n\t"
+        "eor	x7, x7, x7\n\t"
+        "eor	v6.16b, v6.16b, v6.16b\n\t"
+        "eor	x8, x8, x8\n\t"
+        "eor	v7.16b, v7.16b, v7.16b\n\t"
+        "eor	x9, x9, x9\n\t"
+        "eor	v8.16b, v8.16b, v8.16b\n\t"
+        "eor	x10, x10, x10\n\t"
+        "eor	v9.16b, v9.16b, v9.16b\n\t"
+        "eor	x11, x11, x11\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "eor	x13, x13, x13\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	x14, x14, x14\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x15, x15, x15\n\t"
+        "eor	v14.16b, v14.16b, v14.16b\n\t"
+        "eor	x16, x16, x16\n\t"
+        "eor	v15.16b, v15.16b, v15.16b\n\t"
+        "eor	x17, x17, x17\n\t"
+        "eor	v16.16b, v16.16b, v16.16b\n\t"
+        "eor	x19, x19, x19\n\t"
+        "eor	v17.16b, v17.16b, v17.16b\n\t"
+        "eor	x20, x20, x20\n\t"
+        "eor	v18.16b, v18.16b, v18.16b\n\t"
+        "eor	x21, x21, x21\n\t"
+        "eor	v19.16b, v19.16b, v19.16b\n\t"
+        "eor	x22, x22, x22\n\t"
+        "movz	x23, #0x8000, lsl 48\n\t"
+        "eor	v21.16b, v21.16b, v21.16b\n\t"
+        "eor	x24, x24, x24\n\t"
+        "eor	v22.16b, v22.16b, v22.16b\n\t"
+        "eor	x25, x25, x25\n\t"
+        "eor	v23.16b, v23.16b, v23.16b\n\t"
+        "eor	x26, x26, x26\n\t"
+        "eor	v24.16b, v24.16b, v24.16b\n\t"
+        "eor	x27, x27, x27\n\t"
+        "dup	v0.2d, x2\n\t"
+        "dup	v1.2d, x3\n\t"
+        "dup	v2.2d, x4\n\t"
+        "dup	v3.2d, x5\n\t"
+        "dup	v20.2d, x23\n\t"
+        "mov	%x[seed], #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_shake128_blocksx3_seed_neon_begin_%=: \n\t"
+        "stp	x28, %x[seed], [x29, #48]\n\t"
+        /* Col Mix */
+        "eor3	v31.16b, v0.16b, v5.16b, v10.16b\n\t"
+        "eor	%x[state], x6, x11\n\t"
+        "eor3	v27.16b, v1.16b, v6.16b, v11.16b\n\t"
+        "eor	x30, x2, x7\n\t"
+        "eor3	v28.16b, v2.16b, v7.16b, v12.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor3	v29.16b, v3.16b, v8.16b, v13.16b\n\t"
+        "eor	%x[state], %x[state], x16\n\t"
+        "eor3	v30.16b, v4.16b, v9.16b, v14.16b\n\t"
+        "eor	x30, x30, x12\n\t"
+        "eor3	v31.16b, v31.16b, v15.16b, v20.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor3	v27.16b, v27.16b, v16.16b, v21.16b\n\t"
+        "eor	%x[state], %x[state], x22\n\t"
+        "eor3	v28.16b, v28.16b, v17.16b, v22.16b\n\t"
+        "eor	x30, x30, x17\n\t"
+        "eor3	v29.16b, v29.16b, v18.16b, v23.16b\n\t"
+        "eor	x28, x28, x20\n\t"
+        "eor3	v30.16b, v30.16b, v19.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x27\n\t"
+        "rax1	v25.2d, v30.2d, v27.2d\n\t"
+        "eor	x30, x30, x23\n\t"
+        "rax1	v26.2d, v31.2d, v28.2d\n\t"
+        "eor	x28, x28, x25\n\t"
+        "rax1	v27.2d, v27.2d, v29.2d\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "rax1	v28.2d, v28.2d, v30.2d\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "rax1	v29.2d, v29.2d, v31.2d\n\t"
+        "eor	%x[seed], x3, x8\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "xar	v30.2d, v1.2d, v26.2d, #63\n\t"
+        "eor	x28, x5, x10\n\t"
+        "xar	v1.2d, v6.2d, v26.2d, #20\n\t"
+        "eor	%x[seed], %x[seed], x13\n\t"
+        "xar	v6.2d, v9.2d, v29.2d, #44\n\t"
+        "eor	x28, x28, x15\n\t"
+        "xar	v9.2d, v22.2d, v27.2d, #3\n\t"
+        "eor	%x[seed], %x[seed], x19\n\t"
+        "xar	v22.2d, v14.2d, v29.2d, #25\n\t"
+        "eor	x28, x28, x21\n\t"
+        "xar	v14.2d, v20.2d, v25.2d, #46\n\t"
+        "eor	%x[seed], %x[seed], x24\n\t"
+        "xar	v20.2d, v2.2d, v27.2d, #2\n\t"
+        "eor	x28, x28, x26\n\t"
+        "xar	v2.2d, v12.2d, v27.2d, #21\n\t"
+        "eor	%x[state], %x[state], %x[seed], ror 63\n\t"
+        "xar	v12.2d, v13.2d, v28.2d, #39\n\t"
+        "eor	%x[seed], %x[seed], x28, ror 63\n\t"
+        "xar	v13.2d, v19.2d, v29.2d, #56\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "xar	v19.2d, v23.2d, v28.2d, #8\n\t"
+        "eor	x7, x7, %x[state]\n\t"
+        "xar	v23.2d, v15.2d, v25.2d, #23\n\t"
+        "eor	x12, x12, %x[state]\n\t"
+        "xar	v15.2d, v4.2d, v29.2d, #37\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "xar	v4.2d, v24.2d, v29.2d, #50\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "xar	v24.2d, v21.2d, v26.2d, #62\n\t"
+        "eor	x4, x4, %x[seed]\n\t"
+        "xar	v21.2d, v8.2d, v28.2d, #9\n\t"
+        "eor	x9, x9, %x[seed]\n\t"
+        "xar	v8.2d, v16.2d, v26.2d, #19\n\t"
+        "eor	x14, x14, %x[seed]\n\t"
+        "xar	v16.2d, v5.2d, v25.2d, #28\n\t"
+        "eor	x20, x20, %x[seed]\n\t"
+        "xar	v5.2d, v3.2d, v28.2d, #36\n\t"
+        "eor	x25, x25, %x[seed]\n\t"
+        "xar	v3.2d, v18.2d, v28.2d, #43\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        "xar	v18.2d, v17.2d, v27.2d, #49\n\t"
+        "ldr	%x[seed], [x29, #24]\n\t"
+        "xar	v17.2d, v11.2d, v26.2d, #54\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "xar	v11.2d, v7.2d, v27.2d, #58\n\t"
+        "eor	x30, x30, %x[seed], ror 63\n\t"
+        "xar	v7.2d, v10.2d, v25.2d, #61\n\t"
+        "eor	%x[seed], %x[seed], %x[state], ror 63\n\t"
+        /* Row Mix */
+        "mov	v25.16b, v0.16b\n\t"
+        "eor	x6, x6, x28\n\t"
+        "mov	v26.16b, v1.16b\n\t"
+        "eor	x11, x11, x28\n\t"
+        "bcax	v0.16b, v25.16b, v2.16b, v26.16b\n\t"
+        "eor	x16, x16, x28\n\t"
+        "bcax	v1.16b, v26.16b, v3.16b, v2.16b\n\t"
+        "eor	x22, x22, x28\n\t"
+        "bcax	v2.16b, v2.16b, v4.16b, v3.16b\n\t"
+        "eor	x27, x27, x28\n\t"
+        "bcax	v3.16b, v3.16b, v25.16b, v4.16b\n\t"
+        "eor	x3, x3, x30\n\t"
+        "bcax	v4.16b, v4.16b, v26.16b, v25.16b\n\t"
+        "eor	x8, x8, x30\n\t"
+        "mov	v25.16b, v5.16b\n\t"
+        "eor	x13, x13, x30\n\t"
+        "mov	v26.16b, v6.16b\n\t"
+        "eor	x19, x19, x30\n\t"
+        "bcax	v5.16b, v25.16b, v7.16b, v26.16b\n\t"
+        "eor	x24, x24, x30\n\t"
+        "bcax	v6.16b, v26.16b, v8.16b, v7.16b\n\t"
+        "eor	x5, x5, %x[seed]\n\t"
+        "bcax	v7.16b, v7.16b, v9.16b, v8.16b\n\t"
+        "eor	x10, x10, %x[seed]\n\t"
+        "bcax	v8.16b, v8.16b, v25.16b, v9.16b\n\t"
+        "eor	x15, x15, %x[seed]\n\t"
+        "bcax	v9.16b, v9.16b, v26.16b, v25.16b\n\t"
+        "eor	x21, x21, %x[seed]\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "eor	x26, x26, %x[seed]\n\t"
+        /* Swap Rotate Base */
+        "bcax	v10.16b, v30.16b, v12.16b, v26.16b\n\t"
+        "ror	%x[state], x3, #63\n\t"
+        "bcax	v11.16b, v26.16b, v13.16b, v12.16b\n\t"
+        "ror	x3, x8, #20\n\t"
+        "bcax	v12.16b, v12.16b, v14.16b, v13.16b\n\t"
+        "ror	x8, x11, #44\n\t"
+        "bcax	v13.16b, v13.16b, v30.16b, v14.16b\n\t"
+        "ror	x11, x25, #3\n\t"
+        "bcax	v14.16b, v14.16b, v26.16b, v30.16b\n\t"
+        "ror	x25, x16, #25\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "ror	x16, x23, #46\n\t"
+        "mov	v26.16b, v16.16b\n\t"
+        "ror	x23, x4, #2\n\t"
+        "bcax	v15.16b, v25.16b, v17.16b, v26.16b\n\t"
+        "ror	x4, x14, #21\n\t"
+        "bcax	v16.16b, v26.16b, v18.16b, v17.16b\n\t"
+        "ror	x14, x15, #39\n\t"
+        "bcax	v17.16b, v17.16b, v19.16b, v18.16b\n\t"
+        "ror	x15, x22, #56\n\t"
+        "bcax	v18.16b, v18.16b, v25.16b, v19.16b\n\t"
+        "ror	x22, x26, #8\n\t"
+        "bcax	v19.16b, v19.16b, v26.16b, v25.16b\n\t"
+        "ror	x26, x17, #23\n\t"
+        "mov	v25.16b, v20.16b\n\t"
+        "ror	x17, x6, #37\n\t"
+        "mov	v26.16b, v21.16b\n\t"
+        "ror	x6, x27, #50\n\t"
+        "bcax	v20.16b, v25.16b, v22.16b, v26.16b\n\t"
+        "ror	x27, x24, #62\n\t"
+        "bcax	v21.16b, v26.16b, v23.16b, v22.16b\n\t"
+        "ror	x24, x10, #9\n\t"
+        "bcax	v22.16b, v22.16b, v24.16b, v23.16b\n\t"
+        "ror	x10, x19, #19\n\t"
+        "bcax	v23.16b, v23.16b, v25.16b, v24.16b\n\t"
+        "ror	x19, x7, #28\n\t"
+        "bcax	v24.16b, v24.16b, v26.16b, v25.16b\n\t"
+        "ror	x7, x5, #36\n\t"
+        "ror	x5, x21, #43\n\t"
+        "ror	x21, x20, #49\n\t"
+        "ror	x20, x13, #54\n\t"
+        "ror	x13, x9, #58\n\t"
+        "ror	x9, x12, #61\n\t"
+        /* Row Mix Base */
+        "bic	x12, x4, x3\n\t"
+        "bic	%x[seed], x5, x4\n\t"
+        "bic	x28, x2, x6\n\t"
+        "bic	x30, x3, x2\n\t"
+        "eor	x2, x2, x12\n\t"
+        "eor	x3, x3, %x[seed]\n\t"
+        "bic	x12, x6, x5\n\t"
+        "eor	x5, x5, x28\n\t"
+        "eor	x4, x4, x12\n\t"
+        "eor	x6, x6, x30\n\t"
+        "bic	x12, x9, x8\n\t"
+        "bic	%x[seed], x10, x9\n\t"
+        "bic	x28, x7, x11\n\t"
+        "bic	x30, x8, x7\n\t"
+        "eor	x7, x7, x12\n\t"
+        "eor	x8, x8, %x[seed]\n\t"
+        "bic	x12, x11, x10\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	x9, x9, x12\n\t"
+        "eor	x11, x11, x30\n\t"
+        "bic	x12, x14, x13\n\t"
+        "bic	%x[seed], x15, x14\n\t"
+        "bic	x28, %x[state], x16\n\t"
+        "bic	x30, x13, %x[state]\n\t"
+        "eor	x12, %x[state], x12\n\t"
+        "eor	x13, x13, %x[seed]\n\t"
+        "bic	%x[state], x16, x15\n\t"
+        "eor	x15, x15, x28\n\t"
+        "eor	x14, x14, %x[state]\n\t"
+        "eor	x16, x16, x30\n\t"
+        "bic	%x[state], x20, x19\n\t"
+        "bic	%x[seed], x21, x20\n\t"
+        "bic	x28, x17, x22\n\t"
+        "bic	x30, x19, x17\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	x19, x19, %x[seed]\n\t"
+        "bic	%x[state], x22, x21\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	x20, x20, %x[state]\n\t"
+        "eor	x22, x22, x30\n\t"
+        "bic	%x[state], x25, x24\n\t"
+        "bic	%x[seed], x26, x25\n\t"
+        "bic	x28, x23, x27\n\t"
+        "bic	x30, x24, x23\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "eor	x24, x24, %x[seed]\n\t"
+        "bic	%x[state], x27, x26\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	x25, x25, %x[state]\n\t"
+        "eor	x27, x27, x30\n\t"
+        /* Done transforming */
+        "ldp	x28, %x[seed], [x29, #48]\n\t"
+        "ldr	%x[state], [x28], #8\n\t"
+        "subs	%x[seed], %x[seed], #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_shake128_blocksx3_seed_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x2, x3, [%x[state]]\n\t"
+        "stp	x4, x5, [%x[state], #16]\n\t"
+        "stp	x6, x7, [%x[state], #32]\n\t"
+        "stp	x8, x9, [%x[state], #48]\n\t"
+        "stp	x10, x11, [%x[state], #64]\n\t"
+        "stp	x12, x13, [%x[state], #80]\n\t"
+        "stp	x14, x15, [%x[state], #96]\n\t"
+        "stp	x16, x17, [%x[state], #112]\n\t"
+        "stp	x19, x20, [%x[state], #128]\n\t"
+        "stp	x21, x22, [%x[state], #144]\n\t"
+        "stp	x23, x24, [%x[state], #160]\n\t"
+        "stp	x25, x26, [%x[state], #176]\n\t"
+        "str	x27, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state), [seed] "+r" (seed)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul),
+          [L_mlkem_to_msg_low] "S" (L_mlkem_to_msg_low),
+          [L_mlkem_to_msg_high] "S" (L_mlkem_to_msg_high),
+          [L_mlkem_to_msg_bits] "S" (L_mlkem_to_msg_bits),
+          [L_mlkem_from_msg_q1half] "S" (L_mlkem_from_msg_q1half),
+          [L_mlkem_from_msg_bits] "S" (L_mlkem_from_msg_bits),
+          [L_mlkem_rej_uniform_mask] "S" (L_mlkem_rej_uniform_mask),
+          [L_mlkem_rej_uniform_bits] "S" (L_mlkem_rej_uniform_bits),
+          [L_mlkem_rej_uniform_indices] "S" (L_mlkem_rej_uniform_indices)
+        : "memory", "cc", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1",
+            "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12",
+            "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21",
+            "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30",
+            "v31"
+    );
+}
+
+void mlkem_shake256_blocksx3_seed_neon(word64* state, byte* seed)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x28, %[L_sha3_aarch64_r]\n\t"
+        "add  x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "add	%x[state], %x[state], #32\n\t"
+        "ld1	{v4.d}[0], [%x[state]]\n\t"
+        "ldp	x2, x3, [%x[seed]], #16\n\t"
+        "add	%x[state], %x[state], #0xc8\n\t"
+        "ld1	{v4.d}[1], [%x[state]]\n\t"
+        "ldp	x4, x5, [%x[seed]], #16\n\t"
+        "ldr	x6, [%x[state], #200]\n\t"
+        "eor	v5.16b, v5.16b, v5.16b\n\t"
+        "eor	x7, x7, x7\n\t"
+        "eor	v6.16b, v6.16b, v6.16b\n\t"
+        "eor	x8, x8, x8\n\t"
+        "eor	v7.16b, v7.16b, v7.16b\n\t"
+        "eor	x9, x9, x9\n\t"
+        "eor	v8.16b, v8.16b, v8.16b\n\t"
+        "eor	x10, x10, x10\n\t"
+        "eor	v9.16b, v9.16b, v9.16b\n\t"
+        "eor	x11, x11, x11\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "eor	x13, x13, x13\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	x14, x14, x14\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x15, x15, x15\n\t"
+        "eor	v14.16b, v14.16b, v14.16b\n\t"
+        "eor	x16, x16, x16\n\t"
+        "eor	v15.16b, v15.16b, v15.16b\n\t"
+        "eor	x17, x17, x17\n\t"
+        "movz	x19, #0x8000, lsl 48\n\t"
+        "eor	v17.16b, v17.16b, v17.16b\n\t"
+        "eor	x20, x20, x20\n\t"
+        "eor	v18.16b, v18.16b, v18.16b\n\t"
+        "eor	x21, x21, x21\n\t"
+        "eor	v19.16b, v19.16b, v19.16b\n\t"
+        "eor	x22, x22, x22\n\t"
+        "eor	v20.16b, v20.16b, v20.16b\n\t"
+        "eor	x23, x23, x23\n\t"
+        "eor	v21.16b, v21.16b, v21.16b\n\t"
+        "eor	x24, x24, x24\n\t"
+        "eor	v22.16b, v22.16b, v22.16b\n\t"
+        "eor	x25, x25, x25\n\t"
+        "eor	v23.16b, v23.16b, v23.16b\n\t"
+        "eor	x26, x26, x26\n\t"
+        "eor	v24.16b, v24.16b, v24.16b\n\t"
+        "eor	x27, x27, x27\n\t"
+        "dup	v0.2d, x2\n\t"
+        "dup	v1.2d, x3\n\t"
+        "dup	v2.2d, x4\n\t"
+        "dup	v3.2d, x5\n\t"
+        "dup	v16.2d, x19\n\t"
+        "mov	%x[seed], #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_shake256_blocksx3_seed_neon_begin_%=: \n\t"
+        "stp	x28, %x[seed], [x29, #48]\n\t"
+        /* Col Mix */
+        "eor3	v31.16b, v0.16b, v5.16b, v10.16b\n\t"
+        "eor	%x[state], x6, x11\n\t"
+        "eor3	v27.16b, v1.16b, v6.16b, v11.16b\n\t"
+        "eor	x30, x2, x7\n\t"
+        "eor3	v28.16b, v2.16b, v7.16b, v12.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor3	v29.16b, v3.16b, v8.16b, v13.16b\n\t"
+        "eor	%x[state], %x[state], x16\n\t"
+        "eor3	v30.16b, v4.16b, v9.16b, v14.16b\n\t"
+        "eor	x30, x30, x12\n\t"
+        "eor3	v31.16b, v31.16b, v15.16b, v20.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor3	v27.16b, v27.16b, v16.16b, v21.16b\n\t"
+        "eor	%x[state], %x[state], x22\n\t"
+        "eor3	v28.16b, v28.16b, v17.16b, v22.16b\n\t"
+        "eor	x30, x30, x17\n\t"
+        "eor3	v29.16b, v29.16b, v18.16b, v23.16b\n\t"
+        "eor	x28, x28, x20\n\t"
+        "eor3	v30.16b, v30.16b, v19.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x27\n\t"
+        "rax1	v25.2d, v30.2d, v27.2d\n\t"
+        "eor	x30, x30, x23\n\t"
+        "rax1	v26.2d, v31.2d, v28.2d\n\t"
+        "eor	x28, x28, x25\n\t"
+        "rax1	v27.2d, v27.2d, v29.2d\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "rax1	v28.2d, v28.2d, v30.2d\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "rax1	v29.2d, v29.2d, v31.2d\n\t"
+        "eor	%x[seed], x3, x8\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "xar	v30.2d, v1.2d, v26.2d, #63\n\t"
+        "eor	x28, x5, x10\n\t"
+        "xar	v1.2d, v6.2d, v26.2d, #20\n\t"
+        "eor	%x[seed], %x[seed], x13\n\t"
+        "xar	v6.2d, v9.2d, v29.2d, #44\n\t"
+        "eor	x28, x28, x15\n\t"
+        "xar	v9.2d, v22.2d, v27.2d, #3\n\t"
+        "eor	%x[seed], %x[seed], x19\n\t"
+        "xar	v22.2d, v14.2d, v29.2d, #25\n\t"
+        "eor	x28, x28, x21\n\t"
+        "xar	v14.2d, v20.2d, v25.2d, #46\n\t"
+        "eor	%x[seed], %x[seed], x24\n\t"
+        "xar	v20.2d, v2.2d, v27.2d, #2\n\t"
+        "eor	x28, x28, x26\n\t"
+        "xar	v2.2d, v12.2d, v27.2d, #21\n\t"
+        "eor	%x[state], %x[state], %x[seed], ror 63\n\t"
+        "xar	v12.2d, v13.2d, v28.2d, #39\n\t"
+        "eor	%x[seed], %x[seed], x28, ror 63\n\t"
+        "xar	v13.2d, v19.2d, v29.2d, #56\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "xar	v19.2d, v23.2d, v28.2d, #8\n\t"
+        "eor	x7, x7, %x[state]\n\t"
+        "xar	v23.2d, v15.2d, v25.2d, #23\n\t"
+        "eor	x12, x12, %x[state]\n\t"
+        "xar	v15.2d, v4.2d, v29.2d, #37\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "xar	v4.2d, v24.2d, v29.2d, #50\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "xar	v24.2d, v21.2d, v26.2d, #62\n\t"
+        "eor	x4, x4, %x[seed]\n\t"
+        "xar	v21.2d, v8.2d, v28.2d, #9\n\t"
+        "eor	x9, x9, %x[seed]\n\t"
+        "xar	v8.2d, v16.2d, v26.2d, #19\n\t"
+        "eor	x14, x14, %x[seed]\n\t"
+        "xar	v16.2d, v5.2d, v25.2d, #28\n\t"
+        "eor	x20, x20, %x[seed]\n\t"
+        "xar	v5.2d, v3.2d, v28.2d, #36\n\t"
+        "eor	x25, x25, %x[seed]\n\t"
+        "xar	v3.2d, v18.2d, v28.2d, #43\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        "xar	v18.2d, v17.2d, v27.2d, #49\n\t"
+        "ldr	%x[seed], [x29, #24]\n\t"
+        "xar	v17.2d, v11.2d, v26.2d, #54\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "xar	v11.2d, v7.2d, v27.2d, #58\n\t"
+        "eor	x30, x30, %x[seed], ror 63\n\t"
+        "xar	v7.2d, v10.2d, v25.2d, #61\n\t"
+        "eor	%x[seed], %x[seed], %x[state], ror 63\n\t"
+        /* Row Mix */
+        "mov	v25.16b, v0.16b\n\t"
+        "eor	x6, x6, x28\n\t"
+        "mov	v26.16b, v1.16b\n\t"
+        "eor	x11, x11, x28\n\t"
+        "bcax	v0.16b, v25.16b, v2.16b, v26.16b\n\t"
+        "eor	x16, x16, x28\n\t"
+        "bcax	v1.16b, v26.16b, v3.16b, v2.16b\n\t"
+        "eor	x22, x22, x28\n\t"
+        "bcax	v2.16b, v2.16b, v4.16b, v3.16b\n\t"
+        "eor	x27, x27, x28\n\t"
+        "bcax	v3.16b, v3.16b, v25.16b, v4.16b\n\t"
+        "eor	x3, x3, x30\n\t"
+        "bcax	v4.16b, v4.16b, v26.16b, v25.16b\n\t"
+        "eor	x8, x8, x30\n\t"
+        "mov	v25.16b, v5.16b\n\t"
+        "eor	x13, x13, x30\n\t"
+        "mov	v26.16b, v6.16b\n\t"
+        "eor	x19, x19, x30\n\t"
+        "bcax	v5.16b, v25.16b, v7.16b, v26.16b\n\t"
+        "eor	x24, x24, x30\n\t"
+        "bcax	v6.16b, v26.16b, v8.16b, v7.16b\n\t"
+        "eor	x5, x5, %x[seed]\n\t"
+        "bcax	v7.16b, v7.16b, v9.16b, v8.16b\n\t"
+        "eor	x10, x10, %x[seed]\n\t"
+        "bcax	v8.16b, v8.16b, v25.16b, v9.16b\n\t"
+        "eor	x15, x15, %x[seed]\n\t"
+        "bcax	v9.16b, v9.16b, v26.16b, v25.16b\n\t"
+        "eor	x21, x21, %x[seed]\n\t"
+        "mov	v26.16b, v11.16b\n\t"
+        "eor	x26, x26, %x[seed]\n\t"
+        /* Swap Rotate Base */
+        "bcax	v10.16b, v30.16b, v12.16b, v26.16b\n\t"
+        "ror	%x[state], x3, #63\n\t"
+        "bcax	v11.16b, v26.16b, v13.16b, v12.16b\n\t"
+        "ror	x3, x8, #20\n\t"
+        "bcax	v12.16b, v12.16b, v14.16b, v13.16b\n\t"
+        "ror	x8, x11, #44\n\t"
+        "bcax	v13.16b, v13.16b, v30.16b, v14.16b\n\t"
+        "ror	x11, x25, #3\n\t"
+        "bcax	v14.16b, v14.16b, v26.16b, v30.16b\n\t"
+        "ror	x25, x16, #25\n\t"
+        "mov	v25.16b, v15.16b\n\t"
+        "ror	x16, x23, #46\n\t"
+        "mov	v26.16b, v16.16b\n\t"
+        "ror	x23, x4, #2\n\t"
+        "bcax	v15.16b, v25.16b, v17.16b, v26.16b\n\t"
+        "ror	x4, x14, #21\n\t"
+        "bcax	v16.16b, v26.16b, v18.16b, v17.16b\n\t"
+        "ror	x14, x15, #39\n\t"
+        "bcax	v17.16b, v17.16b, v19.16b, v18.16b\n\t"
+        "ror	x15, x22, #56\n\t"
+        "bcax	v18.16b, v18.16b, v25.16b, v19.16b\n\t"
+        "ror	x22, x26, #8\n\t"
+        "bcax	v19.16b, v19.16b, v26.16b, v25.16b\n\t"
+        "ror	x26, x17, #23\n\t"
+        "mov	v25.16b, v20.16b\n\t"
+        "ror	x17, x6, #37\n\t"
+        "mov	v26.16b, v21.16b\n\t"
+        "ror	x6, x27, #50\n\t"
+        "bcax	v20.16b, v25.16b, v22.16b, v26.16b\n\t"
+        "ror	x27, x24, #62\n\t"
+        "bcax	v21.16b, v26.16b, v23.16b, v22.16b\n\t"
+        "ror	x24, x10, #9\n\t"
+        "bcax	v22.16b, v22.16b, v24.16b, v23.16b\n\t"
+        "ror	x10, x19, #19\n\t"
+        "bcax	v23.16b, v23.16b, v25.16b, v24.16b\n\t"
+        "ror	x19, x7, #28\n\t"
+        "bcax	v24.16b, v24.16b, v26.16b, v25.16b\n\t"
+        "ror	x7, x5, #36\n\t"
+        "ror	x5, x21, #43\n\t"
+        "ror	x21, x20, #49\n\t"
+        "ror	x20, x13, #54\n\t"
+        "ror	x13, x9, #58\n\t"
+        "ror	x9, x12, #61\n\t"
+        /* Row Mix Base */
+        "bic	x12, x4, x3\n\t"
+        "bic	%x[seed], x5, x4\n\t"
+        "bic	x28, x2, x6\n\t"
+        "bic	x30, x3, x2\n\t"
+        "eor	x2, x2, x12\n\t"
+        "eor	x3, x3, %x[seed]\n\t"
+        "bic	x12, x6, x5\n\t"
+        "eor	x5, x5, x28\n\t"
+        "eor	x4, x4, x12\n\t"
+        "eor	x6, x6, x30\n\t"
+        "bic	x12, x9, x8\n\t"
+        "bic	%x[seed], x10, x9\n\t"
+        "bic	x28, x7, x11\n\t"
+        "bic	x30, x8, x7\n\t"
+        "eor	x7, x7, x12\n\t"
+        "eor	x8, x8, %x[seed]\n\t"
+        "bic	x12, x11, x10\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	x9, x9, x12\n\t"
+        "eor	x11, x11, x30\n\t"
+        "bic	x12, x14, x13\n\t"
+        "bic	%x[seed], x15, x14\n\t"
+        "bic	x28, %x[state], x16\n\t"
+        "bic	x30, x13, %x[state]\n\t"
+        "eor	x12, %x[state], x12\n\t"
+        "eor	x13, x13, %x[seed]\n\t"
+        "bic	%x[state], x16, x15\n\t"
+        "eor	x15, x15, x28\n\t"
+        "eor	x14, x14, %x[state]\n\t"
+        "eor	x16, x16, x30\n\t"
+        "bic	%x[state], x20, x19\n\t"
+        "bic	%x[seed], x21, x20\n\t"
+        "bic	x28, x17, x22\n\t"
+        "bic	x30, x19, x17\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	x19, x19, %x[seed]\n\t"
+        "bic	%x[state], x22, x21\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	x20, x20, %x[state]\n\t"
+        "eor	x22, x22, x30\n\t"
+        "bic	%x[state], x25, x24\n\t"
+        "bic	%x[seed], x26, x25\n\t"
+        "bic	x28, x23, x27\n\t"
+        "bic	x30, x24, x23\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "eor	x24, x24, %x[seed]\n\t"
+        "bic	%x[state], x27, x26\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	x25, x25, %x[state]\n\t"
+        "eor	x27, x27, x30\n\t"
+        /* Done transforming */
+        "ldp	x28, %x[seed], [x29, #48]\n\t"
+        "ldr	%x[state], [x28], #8\n\t"
+        "subs	%x[seed], %x[seed], #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_shake256_blocksx3_seed_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x2, x3, [%x[state]]\n\t"
+        "stp	x4, x5, [%x[state], #16]\n\t"
+        "stp	x6, x7, [%x[state], #32]\n\t"
+        "stp	x8, x9, [%x[state], #48]\n\t"
+        "stp	x10, x11, [%x[state], #64]\n\t"
+        "stp	x12, x13, [%x[state], #80]\n\t"
+        "stp	x14, x15, [%x[state], #96]\n\t"
+        "stp	x16, x17, [%x[state], #112]\n\t"
+        "stp	x19, x20, [%x[state], #128]\n\t"
+        "stp	x21, x22, [%x[state], #144]\n\t"
+        "stp	x23, x24, [%x[state], #160]\n\t"
+        "stp	x25, x26, [%x[state], #176]\n\t"
+        "str	x27, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state), [seed] "+r" (seed)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul),
+          [L_mlkem_to_msg_low] "S" (L_mlkem_to_msg_low),
+          [L_mlkem_to_msg_high] "S" (L_mlkem_to_msg_high),
+          [L_mlkem_to_msg_bits] "S" (L_mlkem_to_msg_bits),
+          [L_mlkem_from_msg_q1half] "S" (L_mlkem_from_msg_q1half),
+          [L_mlkem_from_msg_bits] "S" (L_mlkem_from_msg_bits),
+          [L_mlkem_rej_uniform_mask] "S" (L_mlkem_rej_uniform_mask),
+          [L_mlkem_rej_uniform_bits] "S" (L_mlkem_rej_uniform_bits),
+          [L_mlkem_rej_uniform_indices] "S" (L_mlkem_rej_uniform_indices)
+        : "memory", "cc", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1",
+            "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12",
+            "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21",
+            "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30",
+            "v31"
+    );
+}
+
+#else
+void mlkem_sha3_blocksx3_neon(word64* state)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x27, %[L_sha3_aarch64_r]\n\t"
+        "add  x27, x27, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x27, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x27, x27, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "ld4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "ld4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "ld1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "ld4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "ld4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "ld1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "ldp	x1, x2, [%x[state]]\n\t"
+        "ldp	x3, x4, [%x[state], #16]\n\t"
+        "ldp	x5, x6, [%x[state], #32]\n\t"
+        "ldp	x7, x8, [%x[state], #48]\n\t"
+        "ldp	x9, x10, [%x[state], #64]\n\t"
+        "ldp	x11, x12, [%x[state], #80]\n\t"
+        "ldp	x13, x14, [%x[state], #96]\n\t"
+        "ldp	x15, x16, [%x[state], #112]\n\t"
+        "ldp	x17, x19, [%x[state], #128]\n\t"
+        "ldp	x20, x21, [%x[state], #144]\n\t"
+        "ldp	x22, x23, [%x[state], #160]\n\t"
+        "ldp	x24, x25, [%x[state], #176]\n\t"
+        "ldr	x26, [%x[state], #192]\n\t"
+        "mov	x28, #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_transform_blocksx3_neon_begin_%=: \n\t"
+        "stp	x27, x28, [x29, #48]\n\t"
+        /* Col Mix NEON */
+        "eor	v30.16b, v4.16b, v9.16b\n\t"
+        "eor	%x[state], x5, x10\n\t"
+        "eor	v27.16b, v1.16b, v6.16b\n\t"
+        "eor	x30, x1, x6\n\t"
+        "eor	v30.16b, v30.16b, v14.16b\n\t"
+        "eor	x28, x3, x8\n\t"
+        "eor	v27.16b, v27.16b, v11.16b\n\t"
+        "eor	%x[state], %x[state], x15\n\t"
+        "eor	v30.16b, v30.16b, v19.16b\n\t"
+        "eor	x30, x30, x11\n\t"
+        "eor	v27.16b, v27.16b, v16.16b\n\t"
+        "eor	x28, x28, x13\n\t"
+        "eor	v30.16b, v30.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x21\n\t"
+        "eor	v27.16b, v27.16b, v21.16b\n\t"
+        "eor	x30, x30, x16\n\t"
+        "ushr	v25.2d, v27.2d, #63\n\t"
+        "eor	x28, x28, x19\n\t"
+        "sli	v25.2d, v27.2d, #1\n\t"
+        "eor	%x[state], %x[state], x26\n\t"
+        "eor	v25.16b, v25.16b, v30.16b\n\t"
+        "eor	x30, x30, x22\n\t"
+        "eor	v31.16b, v0.16b, v5.16b\n\t"
+        "eor	x28, x28, x24\n\t"
+        "eor	v28.16b, v2.16b, v7.16b\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "eor	v31.16b, v31.16b, v10.16b\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "eor	v28.16b, v28.16b, v12.16b\n\t"
+        "eor	x27, x2, x7\n\t"
+        "eor	v31.16b, v31.16b, v15.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor	v28.16b, v28.16b, v17.16b\n\t"
+        "eor	x27, x27, x12\n\t"
+        "eor	v31.16b, v31.16b, v20.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor	v28.16b, v28.16b, v22.16b\n\t"
+        "eor	x27, x27, x17\n\t"
+        "ushr	v29.2d, v30.2d, #63\n\t"
+        "eor	x28, x28, x20\n\t"
+        "ushr	v26.2d, v28.2d, #63\n\t"
+        "eor	x27, x27, x23\n\t"
+        "sli	v29.2d, v30.2d, #1\n\t"
+        "eor	x28, x28, x25\n\t"
+        "sli	v26.2d, v28.2d, #1\n\t"
+        "eor	%x[state], %x[state], x27, ror 63\n\t"
+        "eor	v28.16b, v28.16b, v29.16b\n\t"
+        "eor	x27, x27, x28, ror 63\n\t"
+        "eor	v29.16b, v3.16b, v8.16b\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "eor	v26.16b, v26.16b, v31.16b\n\t"
+        "eor	x6, x6, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v13.16b\n\t"
+        "eor	x11, x11, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v18.16b\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v23.16b\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "ushr	v30.2d, v29.2d, #63\n\t"
+        "eor	x3, x3, x27\n\t"
+        "sli	v30.2d, v29.2d, #1\n\t"
+        "eor	x8, x8, x27\n\t"
+        "eor	v27.16b, v27.16b, v30.16b\n\t"
+        "eor	x13, x13, x27\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x19, x19, x27\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x24, x24, x27\n\t"
+        "eor	v29.16b, v29.16b, v30.16b\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        /* Swap Rotate NEON */
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	v31.16b, v1.16b, v26.16b\n\t"
+        "ldr	x27, [x29, #24]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x30, x30, x27, ror 63\n\t"
+        "ushr	v1.2d, v6.2d, #20\n\t"
+        "eor	x27, x27, %x[state], ror 63\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x5, x5, x28\n\t"
+        "sli	v1.2d, v6.2d, #44\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	v31.16b, v9.16b, v29.16b\n\t"
+        "eor	x15, x15, x28\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	x21, x21, x28\n\t"
+        "ushr	v6.2d, v31.2d, #44\n\t"
+        "eor	x26, x26, x28\n\t"
+        "ushr	v9.2d, v22.2d, #3\n\t"
+        "eor	x2, x2, x30\n\t"
+        "sli	v6.2d, v31.2d, #20\n\t"
+        "eor	x7, x7, x30\n\t"
+        "sli	v9.2d, v22.2d, #61\n\t"
+        "eor	x12, x12, x30\n\t"
+        "eor	v31.16b, v14.16b, v29.16b\n\t"
+        "eor	x17, x17, x30\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	x23, x23, x30\n\t"
+        "ushr	v22.2d, v31.2d, #25\n\t"
+        "eor	x4, x4, x27\n\t"
+        "ushr	v14.2d, v20.2d, #46\n\t"
+        "eor	x9, x9, x27\n\t"
+        "sli	v22.2d, v31.2d, #39\n\t"
+        "eor	x14, x14, x27\n\t"
+        "sli	v14.2d, v20.2d, #18\n\t"
+        "eor	x20, x20, x27\n\t"
+        "eor	v31.16b, v2.16b, v27.16b\n\t"
+        "eor	x25, x25, x27\n\t"
+        /* Swap Rotate Base */
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "ror	%x[state], x2, #63\n\t"
+        "ushr	v20.2d, v31.2d, #2\n\t"
+        "ror	x2, x7, #20\n\t"
+        "ushr	v2.2d, v12.2d, #21\n\t"
+        "ror	x7, x10, #44\n\t"
+        "sli	v20.2d, v31.2d, #62\n\t"
+        "ror	x10, x24, #3\n\t"
+        "sli	v2.2d, v12.2d, #43\n\t"
+        "ror	x24, x15, #25\n\t"
+        "eor	v31.16b, v13.16b, v28.16b\n\t"
+        "ror	x15, x22, #46\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "ror	x22, x3, #2\n\t"
+        "ushr	v12.2d, v31.2d, #39\n\t"
+        "ror	x3, x13, #21\n\t"
+        "ushr	v13.2d, v19.2d, #56\n\t"
+        "ror	x13, x14, #39\n\t"
+        "sli	v12.2d, v31.2d, #25\n\t"
+        "ror	x14, x21, #56\n\t"
+        "sli	v13.2d, v19.2d, #8\n\t"
+        "ror	x21, x25, #8\n\t"
+        "eor	v31.16b, v23.16b, v28.16b\n\t"
+        "ror	x25, x16, #23\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "ror	x16, x5, #37\n\t"
+        "ushr	v19.2d, v31.2d, #8\n\t"
+        "ror	x5, x26, #50\n\t"
+        "ushr	v23.2d, v15.2d, #23\n\t"
+        "ror	x26, x23, #62\n\t"
+        "sli	v19.2d, v31.2d, #56\n\t"
+        "ror	x23, x9, #9\n\t"
+        "sli	v23.2d, v15.2d, #41\n\t"
+        "ror	x9, x17, #19\n\t"
+        "eor	v31.16b, v4.16b, v29.16b\n\t"
+        "ror	x17, x6, #28\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        "ror	x6, x4, #36\n\t"
+        "ushr	v15.2d, v31.2d, #37\n\t"
+        "ror	x4, x20, #43\n\t"
+        "ushr	v4.2d, v24.2d, #50\n\t"
+        "ror	x20, x19, #49\n\t"
+        "sli	v15.2d, v31.2d, #27\n\t"
+        "ror	x19, x12, #54\n\t"
+        "sli	v4.2d, v24.2d, #14\n\t"
+        "ror	x12, x8, #58\n\t"
+        "eor	v31.16b, v21.16b, v26.16b\n\t"
+        "ror	x8, x11, #61\n\t"
+        /* Row Mix Base */
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "bic	x11, x3, x2\n\t"
+        "ushr	v24.2d, v31.2d, #62\n\t"
+        "bic	x27, x4, x3\n\t"
+        "ushr	v21.2d, v8.2d, #9\n\t"
+        "bic	x28, x1, x5\n\t"
+        "sli	v24.2d, v31.2d, #2\n\t"
+        "bic	x30, x2, x1\n\t"
+        "sli	v21.2d, v8.2d, #55\n\t"
+        "eor	x1, x1, x11\n\t"
+        "eor	v31.16b, v16.16b, v26.16b\n\t"
+        "eor	x2, x2, x27\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "bic	x11, x5, x4\n\t"
+        "ushr	v8.2d, v31.2d, #19\n\t"
+        "eor	x4, x4, x28\n\t"
+        "ushr	v16.2d, v5.2d, #28\n\t"
+        "eor	x3, x3, x11\n\t"
+        "sli	v8.2d, v31.2d, #45\n\t"
+        "eor	x5, x5, x30\n\t"
+        "sli	v16.2d, v5.2d, #36\n\t"
+        "bic	x11, x8, x7\n\t"
+        "eor	v31.16b, v3.16b, v28.16b\n\t"
+        "bic	x27, x9, x8\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "bic	x28, x6, x10\n\t"
+        "ushr	v5.2d, v31.2d, #36\n\t"
+        "bic	x30, x7, x6\n\t"
+        "ushr	v3.2d, v18.2d, #43\n\t"
+        "eor	x6, x6, x11\n\t"
+        "sli	v5.2d, v31.2d, #28\n\t"
+        "eor	x7, x7, x27\n\t"
+        "sli	v3.2d, v18.2d, #21\n\t"
+        "bic	x11, x10, x9\n\t"
+        "eor	v31.16b, v17.16b, v27.16b\n\t"
+        "eor	x9, x9, x28\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	x8, x8, x11\n\t"
+        "ushr	v18.2d, v31.2d, #49\n\t"
+        "eor	x10, x10, x30\n\t"
+        "ushr	v17.2d, v11.2d, #54\n\t"
+        "bic	x11, x13, x12\n\t"
+        "sli	v18.2d, v31.2d, #15\n\t"
+        "bic	x27, x14, x13\n\t"
+        "sli	v17.2d, v11.2d, #10\n\t"
+        "bic	x28, %x[state], x15\n\t"
+        "eor	v31.16b, v7.16b, v27.16b\n\t"
+        "bic	x30, x12, %x[state]\n\t"
+        "eor	v10.16b, v10.16b, v25.16b\n\t"
+        "eor	x11, %x[state], x11\n\t"
+        "ushr	v11.2d, v31.2d, #58\n\t"
+        "eor	x12, x12, x27\n\t"
+        "ushr	v7.2d, v10.2d, #61\n\t"
+        "bic	%x[state], x15, x14\n\t"
+        "sli	v11.2d, v31.2d, #6\n\t"
+        "eor	x14, x14, x28\n\t"
+        "sli	v7.2d, v10.2d, #3\n\t"
+        "eor	x13, x13, %x[state]\n\t"
+        /* Row Mix NEON */
+        "bic	v25.16b, v2.16b, v1.16b\n\t"
+        "eor	x15, x15, x30\n\t"
+        "bic	v26.16b, v3.16b, v2.16b\n\t"
+        "bic	%x[state], x19, x17\n\t"
+        "bic	v27.16b, v4.16b, v3.16b\n\t"
+        "bic	x27, x20, x19\n\t"
+        "bic	v28.16b, v0.16b, v4.16b\n\t"
+        "bic	x28, x16, x21\n\t"
+        "bic	v29.16b, v1.16b, v0.16b\n\t"
+        "bic	x30, x17, x16\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	v1.16b, v1.16b, v26.16b\n\t"
+        "eor	x17, x17, x27\n\t"
+        "eor	v2.16b, v2.16b, v27.16b\n\t"
+        "bic	%x[state], x21, x20\n\t"
+        "eor	v3.16b, v3.16b, v28.16b\n\t"
+        "eor	x20, x20, x28\n\t"
+        "eor	v4.16b, v4.16b, v29.16b\n\t"
+        "eor	x19, x19, %x[state]\n\t"
+        "bic	v25.16b, v7.16b, v6.16b\n\t"
+        "eor	x21, x21, x30\n\t"
+        "bic	v26.16b, v8.16b, v7.16b\n\t"
+        "bic	%x[state], x24, x23\n\t"
+        "bic	v27.16b, v9.16b, v8.16b\n\t"
+        "bic	x27, x25, x24\n\t"
+        "bic	v28.16b, v5.16b, v9.16b\n\t"
+        "bic	x28, x22, x26\n\t"
+        "bic	v29.16b, v6.16b, v5.16b\n\t"
+        "bic	x30, x23, x22\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x23, x23, x27\n\t"
+        "eor	v7.16b, v7.16b, v27.16b\n\t"
+        "bic	%x[state], x26, x25\n\t"
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "eor	x25, x25, x28\n\t"
+        "eor	v9.16b, v9.16b, v29.16b\n\t"
+        "eor	x24, x24, %x[state]\n\t"
+        "bic	v25.16b, v12.16b, v11.16b\n\t"
+        "eor	x26, x26, x30\n\t"
+        "bic	v26.16b, v13.16b, v12.16b\n\t"
+        "bic	v27.16b, v14.16b, v13.16b\n\t"
+        "bic	v28.16b, v30.16b, v14.16b\n\t"
+        "bic	v29.16b, v11.16b, v30.16b\n\t"
+        "eor	v10.16b, v30.16b, v25.16b\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "eor	v13.16b, v13.16b, v28.16b\n\t"
+        "eor	v14.16b, v14.16b, v29.16b\n\t"
+        "bic	v25.16b, v17.16b, v16.16b\n\t"
+        "bic	v26.16b, v18.16b, v17.16b\n\t"
+        "bic	v27.16b, v19.16b, v18.16b\n\t"
+        "bic	v28.16b, v15.16b, v19.16b\n\t"
+        "bic	v29.16b, v16.16b, v15.16b\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "eor	v16.16b, v16.16b, v26.16b\n\t"
+        "eor	v17.16b, v17.16b, v27.16b\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "bic	v25.16b, v22.16b, v21.16b\n\t"
+        "bic	v26.16b, v23.16b, v22.16b\n\t"
+        "bic	v27.16b, v24.16b, v23.16b\n\t"
+        "bic	v28.16b, v20.16b, v24.16b\n\t"
+        "bic	v29.16b, v21.16b, v20.16b\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	v21.16b, v21.16b, v26.16b\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	v23.16b, v23.16b, v28.16b\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        /* Done transforming */
+        "ldp	x27, x28, [x29, #48]\n\t"
+        "ldr	%x[state], [x27], #8\n\t"
+        "subs	x28, x28, #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_transform_blocksx3_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x1, x2, [%x[state]]\n\t"
+        "stp	x3, x4, [%x[state], #16]\n\t"
+        "stp	x5, x6, [%x[state], #32]\n\t"
+        "stp	x7, x8, [%x[state], #48]\n\t"
+        "stp	x9, x10, [%x[state], #64]\n\t"
+        "stp	x11, x12, [%x[state], #80]\n\t"
+        "stp	x13, x14, [%x[state], #96]\n\t"
+        "stp	x15, x16, [%x[state], #112]\n\t"
+        "stp	x17, x19, [%x[state], #128]\n\t"
+        "stp	x20, x21, [%x[state], #144]\n\t"
+        "stp	x22, x23, [%x[state], #160]\n\t"
+        "stp	x24, x25, [%x[state], #176]\n\t"
+        "str	x26, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul),
+          [L_mlkem_to_msg_low] "S" (L_mlkem_to_msg_low),
+          [L_mlkem_to_msg_high] "S" (L_mlkem_to_msg_high),
+          [L_mlkem_to_msg_bits] "S" (L_mlkem_to_msg_bits),
+          [L_mlkem_from_msg_q1half] "S" (L_mlkem_from_msg_q1half),
+          [L_mlkem_from_msg_bits] "S" (L_mlkem_from_msg_bits),
+          [L_mlkem_rej_uniform_mask] "S" (L_mlkem_rej_uniform_mask),
+          [L_mlkem_rej_uniform_bits] "S" (L_mlkem_rej_uniform_bits),
+          [L_mlkem_rej_uniform_indices] "S" (L_mlkem_rej_uniform_indices)
+        : "memory", "cc", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9",
+            "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19",
+            "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0",
+            "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11",
+            "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20",
+            "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29",
+            "v30", "v31"
+    );
+}
+
+void mlkem_shake128_blocksx3_seed_neon(word64* state, byte* seed)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x28, %[L_sha3_aarch64_r]\n\t"
+        "add  x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "add	%x[state], %x[state], #32\n\t"
+        "ld1	{v4.d}[0], [%x[state]]\n\t"
+        "ldp	x2, x3, [%x[seed]], #16\n\t"
+        "add	%x[state], %x[state], #0xc8\n\t"
+        "ld1	{v4.d}[1], [%x[state]]\n\t"
+        "ldp	x4, x5, [%x[seed]], #16\n\t"
+        "ldr	x6, [%x[state], #200]\n\t"
+        "eor	v5.16b, v5.16b, v5.16b\n\t"
+        "eor	x7, x7, x7\n\t"
+        "eor	v6.16b, v6.16b, v6.16b\n\t"
+        "eor	x8, x8, x8\n\t"
+        "eor	v7.16b, v7.16b, v7.16b\n\t"
+        "eor	x9, x9, x9\n\t"
+        "eor	v8.16b, v8.16b, v8.16b\n\t"
+        "eor	x10, x10, x10\n\t"
+        "eor	v9.16b, v9.16b, v9.16b\n\t"
+        "eor	x11, x11, x11\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "eor	x13, x13, x13\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	x14, x14, x14\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x15, x15, x15\n\t"
+        "eor	v14.16b, v14.16b, v14.16b\n\t"
+        "eor	x16, x16, x16\n\t"
+        "eor	v15.16b, v15.16b, v15.16b\n\t"
+        "eor	x17, x17, x17\n\t"
+        "eor	v16.16b, v16.16b, v16.16b\n\t"
+        "eor	x19, x19, x19\n\t"
+        "eor	v17.16b, v17.16b, v17.16b\n\t"
+        "eor	x20, x20, x20\n\t"
+        "eor	v18.16b, v18.16b, v18.16b\n\t"
+        "eor	x21, x21, x21\n\t"
+        "eor	v19.16b, v19.16b, v19.16b\n\t"
+        "eor	x22, x22, x22\n\t"
+        "movz	x23, #0x8000, lsl 48\n\t"
+        "eor	v21.16b, v21.16b, v21.16b\n\t"
+        "eor	x24, x24, x24\n\t"
+        "eor	v22.16b, v22.16b, v22.16b\n\t"
+        "eor	x25, x25, x25\n\t"
+        "eor	v23.16b, v23.16b, v23.16b\n\t"
+        "eor	x26, x26, x26\n\t"
+        "eor	v24.16b, v24.16b, v24.16b\n\t"
+        "eor	x27, x27, x27\n\t"
+        "dup	v0.2d, x2\n\t"
+        "dup	v1.2d, x3\n\t"
+        "dup	v2.2d, x4\n\t"
+        "dup	v3.2d, x5\n\t"
+        "dup	v20.2d, x23\n\t"
+        "mov	%x[seed], #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_shake128_blocksx3_seed_neon_begin_%=: \n\t"
+        "stp	x28, %x[seed], [x29, #48]\n\t"
+        /* Col Mix NEON */
+        "eor	v30.16b, v4.16b, v9.16b\n\t"
+        "eor	%x[state], x6, x11\n\t"
+        "eor	v27.16b, v1.16b, v6.16b\n\t"
+        "eor	x30, x2, x7\n\t"
+        "eor	v30.16b, v30.16b, v14.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor	v27.16b, v27.16b, v11.16b\n\t"
+        "eor	%x[state], %x[state], x16\n\t"
+        "eor	v30.16b, v30.16b, v19.16b\n\t"
+        "eor	x30, x30, x12\n\t"
+        "eor	v27.16b, v27.16b, v16.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor	v30.16b, v30.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x22\n\t"
+        "eor	v27.16b, v27.16b, v21.16b\n\t"
+        "eor	x30, x30, x17\n\t"
+        "ushr	v25.2d, v27.2d, #63\n\t"
+        "eor	x28, x28, x20\n\t"
+        "sli	v25.2d, v27.2d, #1\n\t"
+        "eor	%x[state], %x[state], x27\n\t"
+        "eor	v25.16b, v25.16b, v30.16b\n\t"
+        "eor	x30, x30, x23\n\t"
+        "eor	v31.16b, v0.16b, v5.16b\n\t"
+        "eor	x28, x28, x25\n\t"
+        "eor	v28.16b, v2.16b, v7.16b\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "eor	v31.16b, v31.16b, v10.16b\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "eor	v28.16b, v28.16b, v12.16b\n\t"
+        "eor	%x[seed], x3, x8\n\t"
+        "eor	v31.16b, v31.16b, v15.16b\n\t"
+        "eor	x28, x5, x10\n\t"
+        "eor	v28.16b, v28.16b, v17.16b\n\t"
+        "eor	%x[seed], %x[seed], x13\n\t"
+        "eor	v31.16b, v31.16b, v20.16b\n\t"
+        "eor	x28, x28, x15\n\t"
+        "eor	v28.16b, v28.16b, v22.16b\n\t"
+        "eor	%x[seed], %x[seed], x19\n\t"
+        "ushr	v29.2d, v30.2d, #63\n\t"
+        "eor	x28, x28, x21\n\t"
+        "ushr	v26.2d, v28.2d, #63\n\t"
+        "eor	%x[seed], %x[seed], x24\n\t"
+        "sli	v29.2d, v30.2d, #1\n\t"
+        "eor	x28, x28, x26\n\t"
+        "sli	v26.2d, v28.2d, #1\n\t"
+        "eor	%x[state], %x[state], %x[seed], ror 63\n\t"
+        "eor	v28.16b, v28.16b, v29.16b\n\t"
+        "eor	%x[seed], %x[seed], x28, ror 63\n\t"
+        "eor	v29.16b, v3.16b, v8.16b\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v26.16b, v26.16b, v31.16b\n\t"
+        "eor	x7, x7, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v13.16b\n\t"
+        "eor	x12, x12, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v18.16b\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v23.16b\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "ushr	v30.2d, v29.2d, #63\n\t"
+        "eor	x4, x4, %x[seed]\n\t"
+        "sli	v30.2d, v29.2d, #1\n\t"
+        "eor	x9, x9, %x[seed]\n\t"
+        "eor	v27.16b, v27.16b, v30.16b\n\t"
+        "eor	x14, x14, %x[seed]\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x20, x20, %x[seed]\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x25, x25, %x[seed]\n\t"
+        "eor	v29.16b, v29.16b, v30.16b\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        /* Swap Rotate NEON */
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	v31.16b, v1.16b, v26.16b\n\t"
+        "ldr	%x[seed], [x29, #24]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x30, x30, %x[seed], ror 63\n\t"
+        "ushr	v1.2d, v6.2d, #20\n\t"
+        "eor	%x[seed], %x[seed], %x[state], ror 63\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x6, x6, x28\n\t"
+        "sli	v1.2d, v6.2d, #44\n\t"
+        "eor	x11, x11, x28\n\t"
+        "eor	v31.16b, v9.16b, v29.16b\n\t"
+        "eor	x16, x16, x28\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	x22, x22, x28\n\t"
+        "ushr	v6.2d, v31.2d, #44\n\t"
+        "eor	x27, x27, x28\n\t"
+        "ushr	v9.2d, v22.2d, #3\n\t"
+        "eor	x3, x3, x30\n\t"
+        "sli	v6.2d, v31.2d, #20\n\t"
+        "eor	x8, x8, x30\n\t"
+        "sli	v9.2d, v22.2d, #61\n\t"
+        "eor	x13, x13, x30\n\t"
+        "eor	v31.16b, v14.16b, v29.16b\n\t"
+        "eor	x19, x19, x30\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	x24, x24, x30\n\t"
+        "ushr	v22.2d, v31.2d, #25\n\t"
+        "eor	x5, x5, %x[seed]\n\t"
+        "ushr	v14.2d, v20.2d, #46\n\t"
+        "eor	x10, x10, %x[seed]\n\t"
+        "sli	v22.2d, v31.2d, #39\n\t"
+        "eor	x15, x15, %x[seed]\n\t"
+        "sli	v14.2d, v20.2d, #18\n\t"
+        "eor	x21, x21, %x[seed]\n\t"
+        "eor	v31.16b, v2.16b, v27.16b\n\t"
+        "eor	x26, x26, %x[seed]\n\t"
+        /* Swap Rotate Base */
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "ror	%x[state], x3, #63\n\t"
+        "ushr	v20.2d, v31.2d, #2\n\t"
+        "ror	x3, x8, #20\n\t"
+        "ushr	v2.2d, v12.2d, #21\n\t"
+        "ror	x8, x11, #44\n\t"
+        "sli	v20.2d, v31.2d, #62\n\t"
+        "ror	x11, x25, #3\n\t"
+        "sli	v2.2d, v12.2d, #43\n\t"
+        "ror	x25, x16, #25\n\t"
+        "eor	v31.16b, v13.16b, v28.16b\n\t"
+        "ror	x16, x23, #46\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "ror	x23, x4, #2\n\t"
+        "ushr	v12.2d, v31.2d, #39\n\t"
+        "ror	x4, x14, #21\n\t"
+        "ushr	v13.2d, v19.2d, #56\n\t"
+        "ror	x14, x15, #39\n\t"
+        "sli	v12.2d, v31.2d, #25\n\t"
+        "ror	x15, x22, #56\n\t"
+        "sli	v13.2d, v19.2d, #8\n\t"
+        "ror	x22, x26, #8\n\t"
+        "eor	v31.16b, v23.16b, v28.16b\n\t"
+        "ror	x26, x17, #23\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "ror	x17, x6, #37\n\t"
+        "ushr	v19.2d, v31.2d, #8\n\t"
+        "ror	x6, x27, #50\n\t"
+        "ushr	v23.2d, v15.2d, #23\n\t"
+        "ror	x27, x24, #62\n\t"
+        "sli	v19.2d, v31.2d, #56\n\t"
+        "ror	x24, x10, #9\n\t"
+        "sli	v23.2d, v15.2d, #41\n\t"
+        "ror	x10, x19, #19\n\t"
+        "eor	v31.16b, v4.16b, v29.16b\n\t"
+        "ror	x19, x7, #28\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        "ror	x7, x5, #36\n\t"
+        "ushr	v15.2d, v31.2d, #37\n\t"
+        "ror	x5, x21, #43\n\t"
+        "ushr	v4.2d, v24.2d, #50\n\t"
+        "ror	x21, x20, #49\n\t"
+        "sli	v15.2d, v31.2d, #27\n\t"
+        "ror	x20, x13, #54\n\t"
+        "sli	v4.2d, v24.2d, #14\n\t"
+        "ror	x13, x9, #58\n\t"
+        "eor	v31.16b, v21.16b, v26.16b\n\t"
+        "ror	x9, x12, #61\n\t"
+        /* Row Mix Base */
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "bic	x12, x4, x3\n\t"
+        "ushr	v24.2d, v31.2d, #62\n\t"
+        "bic	%x[seed], x5, x4\n\t"
+        "ushr	v21.2d, v8.2d, #9\n\t"
+        "bic	x28, x2, x6\n\t"
+        "sli	v24.2d, v31.2d, #2\n\t"
+        "bic	x30, x3, x2\n\t"
+        "sli	v21.2d, v8.2d, #55\n\t"
+        "eor	x2, x2, x12\n\t"
+        "eor	v31.16b, v16.16b, v26.16b\n\t"
+        "eor	x3, x3, %x[seed]\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "bic	x12, x6, x5\n\t"
+        "ushr	v8.2d, v31.2d, #19\n\t"
+        "eor	x5, x5, x28\n\t"
+        "ushr	v16.2d, v5.2d, #28\n\t"
+        "eor	x4, x4, x12\n\t"
+        "sli	v8.2d, v31.2d, #45\n\t"
+        "eor	x6, x6, x30\n\t"
+        "sli	v16.2d, v5.2d, #36\n\t"
+        "bic	x12, x9, x8\n\t"
+        "eor	v31.16b, v3.16b, v28.16b\n\t"
+        "bic	%x[seed], x10, x9\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "bic	x28, x7, x11\n\t"
+        "ushr	v5.2d, v31.2d, #36\n\t"
+        "bic	x30, x8, x7\n\t"
+        "ushr	v3.2d, v18.2d, #43\n\t"
+        "eor	x7, x7, x12\n\t"
+        "sli	v5.2d, v31.2d, #28\n\t"
+        "eor	x8, x8, %x[seed]\n\t"
+        "sli	v3.2d, v18.2d, #21\n\t"
+        "bic	x12, x11, x10\n\t"
+        "eor	v31.16b, v17.16b, v27.16b\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	x9, x9, x12\n\t"
+        "ushr	v18.2d, v31.2d, #49\n\t"
+        "eor	x11, x11, x30\n\t"
+        "ushr	v17.2d, v11.2d, #54\n\t"
+        "bic	x12, x14, x13\n\t"
+        "sli	v18.2d, v31.2d, #15\n\t"
+        "bic	%x[seed], x15, x14\n\t"
+        "sli	v17.2d, v11.2d, #10\n\t"
+        "bic	x28, %x[state], x16\n\t"
+        "eor	v31.16b, v7.16b, v27.16b\n\t"
+        "bic	x30, x13, %x[state]\n\t"
+        "eor	v10.16b, v10.16b, v25.16b\n\t"
+        "eor	x12, %x[state], x12\n\t"
+        "ushr	v11.2d, v31.2d, #58\n\t"
+        "eor	x13, x13, %x[seed]\n\t"
+        "ushr	v7.2d, v10.2d, #61\n\t"
+        "bic	%x[state], x16, x15\n\t"
+        "sli	v11.2d, v31.2d, #6\n\t"
+        "eor	x15, x15, x28\n\t"
+        "sli	v7.2d, v10.2d, #3\n\t"
+        "eor	x14, x14, %x[state]\n\t"
+        /* Row Mix NEON */
+        "bic	v25.16b, v2.16b, v1.16b\n\t"
+        "eor	x16, x16, x30\n\t"
+        "bic	v26.16b, v3.16b, v2.16b\n\t"
+        "bic	%x[state], x20, x19\n\t"
+        "bic	v27.16b, v4.16b, v3.16b\n\t"
+        "bic	%x[seed], x21, x20\n\t"
+        "bic	v28.16b, v0.16b, v4.16b\n\t"
+        "bic	x28, x17, x22\n\t"
+        "bic	v29.16b, v1.16b, v0.16b\n\t"
+        "bic	x30, x19, x17\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	v1.16b, v1.16b, v26.16b\n\t"
+        "eor	x19, x19, %x[seed]\n\t"
+        "eor	v2.16b, v2.16b, v27.16b\n\t"
+        "bic	%x[state], x22, x21\n\t"
+        "eor	v3.16b, v3.16b, v28.16b\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	v4.16b, v4.16b, v29.16b\n\t"
+        "eor	x20, x20, %x[state]\n\t"
+        "bic	v25.16b, v7.16b, v6.16b\n\t"
+        "eor	x22, x22, x30\n\t"
+        "bic	v26.16b, v8.16b, v7.16b\n\t"
+        "bic	%x[state], x25, x24\n\t"
+        "bic	v27.16b, v9.16b, v8.16b\n\t"
+        "bic	%x[seed], x26, x25\n\t"
+        "bic	v28.16b, v5.16b, v9.16b\n\t"
+        "bic	x28, x23, x27\n\t"
+        "bic	v29.16b, v6.16b, v5.16b\n\t"
+        "bic	x30, x24, x23\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x24, x24, %x[seed]\n\t"
+        "eor	v7.16b, v7.16b, v27.16b\n\t"
+        "bic	%x[state], x27, x26\n\t"
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	v9.16b, v9.16b, v29.16b\n\t"
+        "eor	x25, x25, %x[state]\n\t"
+        "bic	v25.16b, v12.16b, v11.16b\n\t"
+        "eor	x27, x27, x30\n\t"
+        "bic	v26.16b, v13.16b, v12.16b\n\t"
+        "bic	v27.16b, v14.16b, v13.16b\n\t"
+        "bic	v28.16b, v30.16b, v14.16b\n\t"
+        "bic	v29.16b, v11.16b, v30.16b\n\t"
+        "eor	v10.16b, v30.16b, v25.16b\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "eor	v13.16b, v13.16b, v28.16b\n\t"
+        "eor	v14.16b, v14.16b, v29.16b\n\t"
+        "bic	v25.16b, v17.16b, v16.16b\n\t"
+        "bic	v26.16b, v18.16b, v17.16b\n\t"
+        "bic	v27.16b, v19.16b, v18.16b\n\t"
+        "bic	v28.16b, v15.16b, v19.16b\n\t"
+        "bic	v29.16b, v16.16b, v15.16b\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "eor	v16.16b, v16.16b, v26.16b\n\t"
+        "eor	v17.16b, v17.16b, v27.16b\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "bic	v25.16b, v22.16b, v21.16b\n\t"
+        "bic	v26.16b, v23.16b, v22.16b\n\t"
+        "bic	v27.16b, v24.16b, v23.16b\n\t"
+        "bic	v28.16b, v20.16b, v24.16b\n\t"
+        "bic	v29.16b, v21.16b, v20.16b\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	v21.16b, v21.16b, v26.16b\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	v23.16b, v23.16b, v28.16b\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        /* Done transforming */
+        "ldp	x28, %x[seed], [x29, #48]\n\t"
+        "ldr	%x[state], [x28], #8\n\t"
+        "subs	%x[seed], %x[seed], #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_shake128_blocksx3_seed_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x2, x3, [%x[state]]\n\t"
+        "stp	x4, x5, [%x[state], #16]\n\t"
+        "stp	x6, x7, [%x[state], #32]\n\t"
+        "stp	x8, x9, [%x[state], #48]\n\t"
+        "stp	x10, x11, [%x[state], #64]\n\t"
+        "stp	x12, x13, [%x[state], #80]\n\t"
+        "stp	x14, x15, [%x[state], #96]\n\t"
+        "stp	x16, x17, [%x[state], #112]\n\t"
+        "stp	x19, x20, [%x[state], #128]\n\t"
+        "stp	x21, x22, [%x[state], #144]\n\t"
+        "stp	x23, x24, [%x[state], #160]\n\t"
+        "stp	x25, x26, [%x[state], #176]\n\t"
+        "str	x27, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state), [seed] "+r" (seed)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul),
+          [L_mlkem_to_msg_low] "S" (L_mlkem_to_msg_low),
+          [L_mlkem_to_msg_high] "S" (L_mlkem_to_msg_high),
+          [L_mlkem_to_msg_bits] "S" (L_mlkem_to_msg_bits),
+          [L_mlkem_from_msg_q1half] "S" (L_mlkem_from_msg_q1half),
+          [L_mlkem_from_msg_bits] "S" (L_mlkem_from_msg_bits),
+          [L_mlkem_rej_uniform_mask] "S" (L_mlkem_rej_uniform_mask),
+          [L_mlkem_rej_uniform_bits] "S" (L_mlkem_rej_uniform_bits),
+          [L_mlkem_rej_uniform_indices] "S" (L_mlkem_rej_uniform_indices)
+        : "memory", "cc", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1",
+            "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12",
+            "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21",
+            "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30",
+            "v31"
+    );
+}
+
+void mlkem_shake256_blocksx3_seed_neon(word64* state, byte* seed)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x28, %[L_sha3_aarch64_r]\n\t"
+        "add  x28, x28, :lo12:%[L_sha3_aarch64_r]\n\t"
+#else
+        "adrp x28, %[L_sha3_aarch64_r]@PAGE\n\t"
+        "add  x28, x28, %[L_sha3_aarch64_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "str	%x[state], [x29, #40]\n\t"
+        "add	%x[state], %x[state], #32\n\t"
+        "ld1	{v4.d}[0], [%x[state]]\n\t"
+        "ldp	x2, x3, [%x[seed]], #16\n\t"
+        "add	%x[state], %x[state], #0xc8\n\t"
+        "ld1	{v4.d}[1], [%x[state]]\n\t"
+        "ldp	x4, x5, [%x[seed]], #16\n\t"
+        "ldr	x6, [%x[state], #200]\n\t"
+        "eor	v5.16b, v5.16b, v5.16b\n\t"
+        "eor	x7, x7, x7\n\t"
+        "eor	v6.16b, v6.16b, v6.16b\n\t"
+        "eor	x8, x8, x8\n\t"
+        "eor	v7.16b, v7.16b, v7.16b\n\t"
+        "eor	x9, x9, x9\n\t"
+        "eor	v8.16b, v8.16b, v8.16b\n\t"
+        "eor	x10, x10, x10\n\t"
+        "eor	v9.16b, v9.16b, v9.16b\n\t"
+        "eor	x11, x11, x11\n\t"
+        "eor	v10.16b, v10.16b, v10.16b\n\t"
+        "eor	x12, x12, x12\n\t"
+        "eor	v11.16b, v11.16b, v11.16b\n\t"
+        "eor	x13, x13, x13\n\t"
+        "eor	v12.16b, v12.16b, v12.16b\n\t"
+        "eor	x14, x14, x14\n\t"
+        "eor	v13.16b, v13.16b, v13.16b\n\t"
+        "eor	x15, x15, x15\n\t"
+        "eor	v14.16b, v14.16b, v14.16b\n\t"
+        "eor	x16, x16, x16\n\t"
+        "eor	v15.16b, v15.16b, v15.16b\n\t"
+        "eor	x17, x17, x17\n\t"
+        "movz	x19, #0x8000, lsl 48\n\t"
+        "eor	v17.16b, v17.16b, v17.16b\n\t"
+        "eor	x20, x20, x20\n\t"
+        "eor	v18.16b, v18.16b, v18.16b\n\t"
+        "eor	x21, x21, x21\n\t"
+        "eor	v19.16b, v19.16b, v19.16b\n\t"
+        "eor	x22, x22, x22\n\t"
+        "eor	v20.16b, v20.16b, v20.16b\n\t"
+        "eor	x23, x23, x23\n\t"
+        "eor	v21.16b, v21.16b, v21.16b\n\t"
+        "eor	x24, x24, x24\n\t"
+        "eor	v22.16b, v22.16b, v22.16b\n\t"
+        "eor	x25, x25, x25\n\t"
+        "eor	v23.16b, v23.16b, v23.16b\n\t"
+        "eor	x26, x26, x26\n\t"
+        "eor	v24.16b, v24.16b, v24.16b\n\t"
+        "eor	x27, x27, x27\n\t"
+        "dup	v0.2d, x2\n\t"
+        "dup	v1.2d, x3\n\t"
+        "dup	v2.2d, x4\n\t"
+        "dup	v3.2d, x5\n\t"
+        "dup	v16.2d, x19\n\t"
+        "mov	%x[seed], #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_shake256_blocksx3_seed_neon_begin_%=: \n\t"
+        "stp	x28, %x[seed], [x29, #48]\n\t"
+        /* Col Mix NEON */
+        "eor	v30.16b, v4.16b, v9.16b\n\t"
+        "eor	%x[state], x6, x11\n\t"
+        "eor	v27.16b, v1.16b, v6.16b\n\t"
+        "eor	x30, x2, x7\n\t"
+        "eor	v30.16b, v30.16b, v14.16b\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor	v27.16b, v27.16b, v11.16b\n\t"
+        "eor	%x[state], %x[state], x16\n\t"
+        "eor	v30.16b, v30.16b, v19.16b\n\t"
+        "eor	x30, x30, x12\n\t"
+        "eor	v27.16b, v27.16b, v16.16b\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor	v30.16b, v30.16b, v24.16b\n\t"
+        "eor	%x[state], %x[state], x22\n\t"
+        "eor	v27.16b, v27.16b, v21.16b\n\t"
+        "eor	x30, x30, x17\n\t"
+        "ushr	v25.2d, v27.2d, #63\n\t"
+        "eor	x28, x28, x20\n\t"
+        "sli	v25.2d, v27.2d, #1\n\t"
+        "eor	%x[state], %x[state], x27\n\t"
+        "eor	v25.16b, v25.16b, v30.16b\n\t"
+        "eor	x30, x30, x23\n\t"
+        "eor	v31.16b, v0.16b, v5.16b\n\t"
+        "eor	x28, x28, x25\n\t"
+        "eor	v28.16b, v2.16b, v7.16b\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "eor	v31.16b, v31.16b, v10.16b\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "eor	v28.16b, v28.16b, v12.16b\n\t"
+        "eor	%x[seed], x3, x8\n\t"
+        "eor	v31.16b, v31.16b, v15.16b\n\t"
+        "eor	x28, x5, x10\n\t"
+        "eor	v28.16b, v28.16b, v17.16b\n\t"
+        "eor	%x[seed], %x[seed], x13\n\t"
+        "eor	v31.16b, v31.16b, v20.16b\n\t"
+        "eor	x28, x28, x15\n\t"
+        "eor	v28.16b, v28.16b, v22.16b\n\t"
+        "eor	%x[seed], %x[seed], x19\n\t"
+        "ushr	v29.2d, v30.2d, #63\n\t"
+        "eor	x28, x28, x21\n\t"
+        "ushr	v26.2d, v28.2d, #63\n\t"
+        "eor	%x[seed], %x[seed], x24\n\t"
+        "sli	v29.2d, v30.2d, #1\n\t"
+        "eor	x28, x28, x26\n\t"
+        "sli	v26.2d, v28.2d, #1\n\t"
+        "eor	%x[state], %x[state], %x[seed], ror 63\n\t"
+        "eor	v28.16b, v28.16b, v29.16b\n\t"
+        "eor	%x[seed], %x[seed], x28, ror 63\n\t"
+        "eor	v29.16b, v3.16b, v8.16b\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v26.16b, v26.16b, v31.16b\n\t"
+        "eor	x7, x7, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v13.16b\n\t"
+        "eor	x12, x12, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v18.16b\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	v29.16b, v29.16b, v23.16b\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "ushr	v30.2d, v29.2d, #63\n\t"
+        "eor	x4, x4, %x[seed]\n\t"
+        "sli	v30.2d, v29.2d, #1\n\t"
+        "eor	x9, x9, %x[seed]\n\t"
+        "eor	v27.16b, v27.16b, v30.16b\n\t"
+        "eor	x14, x14, %x[seed]\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x20, x20, %x[seed]\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x25, x25, %x[seed]\n\t"
+        "eor	v29.16b, v29.16b, v30.16b\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        /* Swap Rotate NEON */
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	v31.16b, v1.16b, v26.16b\n\t"
+        "ldr	%x[seed], [x29, #24]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "ushr	v30.2d, v31.2d, #63\n\t"
+        "eor	x30, x30, %x[seed], ror 63\n\t"
+        "ushr	v1.2d, v6.2d, #20\n\t"
+        "eor	%x[seed], %x[seed], %x[state], ror 63\n\t"
+        "sli	v30.2d, v31.2d, #1\n\t"
+        "eor	x6, x6, x28\n\t"
+        "sli	v1.2d, v6.2d, #44\n\t"
+        "eor	x11, x11, x28\n\t"
+        "eor	v31.16b, v9.16b, v29.16b\n\t"
+        "eor	x16, x16, x28\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	x22, x22, x28\n\t"
+        "ushr	v6.2d, v31.2d, #44\n\t"
+        "eor	x27, x27, x28\n\t"
+        "ushr	v9.2d, v22.2d, #3\n\t"
+        "eor	x3, x3, x30\n\t"
+        "sli	v6.2d, v31.2d, #20\n\t"
+        "eor	x8, x8, x30\n\t"
+        "sli	v9.2d, v22.2d, #61\n\t"
+        "eor	x13, x13, x30\n\t"
+        "eor	v31.16b, v14.16b, v29.16b\n\t"
+        "eor	x19, x19, x30\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	x24, x24, x30\n\t"
+        "ushr	v22.2d, v31.2d, #25\n\t"
+        "eor	x5, x5, %x[seed]\n\t"
+        "ushr	v14.2d, v20.2d, #46\n\t"
+        "eor	x10, x10, %x[seed]\n\t"
+        "sli	v22.2d, v31.2d, #39\n\t"
+        "eor	x15, x15, %x[seed]\n\t"
+        "sli	v14.2d, v20.2d, #18\n\t"
+        "eor	x21, x21, %x[seed]\n\t"
+        "eor	v31.16b, v2.16b, v27.16b\n\t"
+        "eor	x26, x26, %x[seed]\n\t"
+        /* Swap Rotate Base */
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "ror	%x[state], x3, #63\n\t"
+        "ushr	v20.2d, v31.2d, #2\n\t"
+        "ror	x3, x8, #20\n\t"
+        "ushr	v2.2d, v12.2d, #21\n\t"
+        "ror	x8, x11, #44\n\t"
+        "sli	v20.2d, v31.2d, #62\n\t"
+        "ror	x11, x25, #3\n\t"
+        "sli	v2.2d, v12.2d, #43\n\t"
+        "ror	x25, x16, #25\n\t"
+        "eor	v31.16b, v13.16b, v28.16b\n\t"
+        "ror	x16, x23, #46\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "ror	x23, x4, #2\n\t"
+        "ushr	v12.2d, v31.2d, #39\n\t"
+        "ror	x4, x14, #21\n\t"
+        "ushr	v13.2d, v19.2d, #56\n\t"
+        "ror	x14, x15, #39\n\t"
+        "sli	v12.2d, v31.2d, #25\n\t"
+        "ror	x15, x22, #56\n\t"
+        "sli	v13.2d, v19.2d, #8\n\t"
+        "ror	x22, x26, #8\n\t"
+        "eor	v31.16b, v23.16b, v28.16b\n\t"
+        "ror	x26, x17, #23\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "ror	x17, x6, #37\n\t"
+        "ushr	v19.2d, v31.2d, #8\n\t"
+        "ror	x6, x27, #50\n\t"
+        "ushr	v23.2d, v15.2d, #23\n\t"
+        "ror	x27, x24, #62\n\t"
+        "sli	v19.2d, v31.2d, #56\n\t"
+        "ror	x24, x10, #9\n\t"
+        "sli	v23.2d, v15.2d, #41\n\t"
+        "ror	x10, x19, #19\n\t"
+        "eor	v31.16b, v4.16b, v29.16b\n\t"
+        "ror	x19, x7, #28\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        "ror	x7, x5, #36\n\t"
+        "ushr	v15.2d, v31.2d, #37\n\t"
+        "ror	x5, x21, #43\n\t"
+        "ushr	v4.2d, v24.2d, #50\n\t"
+        "ror	x21, x20, #49\n\t"
+        "sli	v15.2d, v31.2d, #27\n\t"
+        "ror	x20, x13, #54\n\t"
+        "sli	v4.2d, v24.2d, #14\n\t"
+        "ror	x13, x9, #58\n\t"
+        "eor	v31.16b, v21.16b, v26.16b\n\t"
+        "ror	x9, x12, #61\n\t"
+        /* Row Mix Base */
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "bic	x12, x4, x3\n\t"
+        "ushr	v24.2d, v31.2d, #62\n\t"
+        "bic	%x[seed], x5, x4\n\t"
+        "ushr	v21.2d, v8.2d, #9\n\t"
+        "bic	x28, x2, x6\n\t"
+        "sli	v24.2d, v31.2d, #2\n\t"
+        "bic	x30, x3, x2\n\t"
+        "sli	v21.2d, v8.2d, #55\n\t"
+        "eor	x2, x2, x12\n\t"
+        "eor	v31.16b, v16.16b, v26.16b\n\t"
+        "eor	x3, x3, %x[seed]\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "bic	x12, x6, x5\n\t"
+        "ushr	v8.2d, v31.2d, #19\n\t"
+        "eor	x5, x5, x28\n\t"
+        "ushr	v16.2d, v5.2d, #28\n\t"
+        "eor	x4, x4, x12\n\t"
+        "sli	v8.2d, v31.2d, #45\n\t"
+        "eor	x6, x6, x30\n\t"
+        "sli	v16.2d, v5.2d, #36\n\t"
+        "bic	x12, x9, x8\n\t"
+        "eor	v31.16b, v3.16b, v28.16b\n\t"
+        "bic	%x[seed], x10, x9\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "bic	x28, x7, x11\n\t"
+        "ushr	v5.2d, v31.2d, #36\n\t"
+        "bic	x30, x8, x7\n\t"
+        "ushr	v3.2d, v18.2d, #43\n\t"
+        "eor	x7, x7, x12\n\t"
+        "sli	v5.2d, v31.2d, #28\n\t"
+        "eor	x8, x8, %x[seed]\n\t"
+        "sli	v3.2d, v18.2d, #21\n\t"
+        "bic	x12, x11, x10\n\t"
+        "eor	v31.16b, v17.16b, v27.16b\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	x9, x9, x12\n\t"
+        "ushr	v18.2d, v31.2d, #49\n\t"
+        "eor	x11, x11, x30\n\t"
+        "ushr	v17.2d, v11.2d, #54\n\t"
+        "bic	x12, x14, x13\n\t"
+        "sli	v18.2d, v31.2d, #15\n\t"
+        "bic	%x[seed], x15, x14\n\t"
+        "sli	v17.2d, v11.2d, #10\n\t"
+        "bic	x28, %x[state], x16\n\t"
+        "eor	v31.16b, v7.16b, v27.16b\n\t"
+        "bic	x30, x13, %x[state]\n\t"
+        "eor	v10.16b, v10.16b, v25.16b\n\t"
+        "eor	x12, %x[state], x12\n\t"
+        "ushr	v11.2d, v31.2d, #58\n\t"
+        "eor	x13, x13, %x[seed]\n\t"
+        "ushr	v7.2d, v10.2d, #61\n\t"
+        "bic	%x[state], x16, x15\n\t"
+        "sli	v11.2d, v31.2d, #6\n\t"
+        "eor	x15, x15, x28\n\t"
+        "sli	v7.2d, v10.2d, #3\n\t"
+        "eor	x14, x14, %x[state]\n\t"
+        /* Row Mix NEON */
+        "bic	v25.16b, v2.16b, v1.16b\n\t"
+        "eor	x16, x16, x30\n\t"
+        "bic	v26.16b, v3.16b, v2.16b\n\t"
+        "bic	%x[state], x20, x19\n\t"
+        "bic	v27.16b, v4.16b, v3.16b\n\t"
+        "bic	%x[seed], x21, x20\n\t"
+        "bic	v28.16b, v0.16b, v4.16b\n\t"
+        "bic	x28, x17, x22\n\t"
+        "bic	v29.16b, v1.16b, v0.16b\n\t"
+        "bic	x30, x19, x17\n\t"
+        "eor	v0.16b, v0.16b, v25.16b\n\t"
+        "eor	x17, x17, %x[state]\n\t"
+        "eor	v1.16b, v1.16b, v26.16b\n\t"
+        "eor	x19, x19, %x[seed]\n\t"
+        "eor	v2.16b, v2.16b, v27.16b\n\t"
+        "bic	%x[state], x22, x21\n\t"
+        "eor	v3.16b, v3.16b, v28.16b\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	v4.16b, v4.16b, v29.16b\n\t"
+        "eor	x20, x20, %x[state]\n\t"
+        "bic	v25.16b, v7.16b, v6.16b\n\t"
+        "eor	x22, x22, x30\n\t"
+        "bic	v26.16b, v8.16b, v7.16b\n\t"
+        "bic	%x[state], x25, x24\n\t"
+        "bic	v27.16b, v9.16b, v8.16b\n\t"
+        "bic	%x[seed], x26, x25\n\t"
+        "bic	v28.16b, v5.16b, v9.16b\n\t"
+        "bic	x28, x23, x27\n\t"
+        "bic	v29.16b, v6.16b, v5.16b\n\t"
+        "bic	x30, x24, x23\n\t"
+        "eor	v5.16b, v5.16b, v25.16b\n\t"
+        "eor	x23, x23, %x[state]\n\t"
+        "eor	v6.16b, v6.16b, v26.16b\n\t"
+        "eor	x24, x24, %x[seed]\n\t"
+        "eor	v7.16b, v7.16b, v27.16b\n\t"
+        "bic	%x[state], x27, x26\n\t"
+        "eor	v8.16b, v8.16b, v28.16b\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	v9.16b, v9.16b, v29.16b\n\t"
+        "eor	x25, x25, %x[state]\n\t"
+        "bic	v25.16b, v12.16b, v11.16b\n\t"
+        "eor	x27, x27, x30\n\t"
+        "bic	v26.16b, v13.16b, v12.16b\n\t"
+        "bic	v27.16b, v14.16b, v13.16b\n\t"
+        "bic	v28.16b, v30.16b, v14.16b\n\t"
+        "bic	v29.16b, v11.16b, v30.16b\n\t"
+        "eor	v10.16b, v30.16b, v25.16b\n\t"
+        "eor	v11.16b, v11.16b, v26.16b\n\t"
+        "eor	v12.16b, v12.16b, v27.16b\n\t"
+        "eor	v13.16b, v13.16b, v28.16b\n\t"
+        "eor	v14.16b, v14.16b, v29.16b\n\t"
+        "bic	v25.16b, v17.16b, v16.16b\n\t"
+        "bic	v26.16b, v18.16b, v17.16b\n\t"
+        "bic	v27.16b, v19.16b, v18.16b\n\t"
+        "bic	v28.16b, v15.16b, v19.16b\n\t"
+        "bic	v29.16b, v16.16b, v15.16b\n\t"
+        "eor	v15.16b, v15.16b, v25.16b\n\t"
+        "eor	v16.16b, v16.16b, v26.16b\n\t"
+        "eor	v17.16b, v17.16b, v27.16b\n\t"
+        "eor	v18.16b, v18.16b, v28.16b\n\t"
+        "eor	v19.16b, v19.16b, v29.16b\n\t"
+        "bic	v25.16b, v22.16b, v21.16b\n\t"
+        "bic	v26.16b, v23.16b, v22.16b\n\t"
+        "bic	v27.16b, v24.16b, v23.16b\n\t"
+        "bic	v28.16b, v20.16b, v24.16b\n\t"
+        "bic	v29.16b, v21.16b, v20.16b\n\t"
+        "eor	v20.16b, v20.16b, v25.16b\n\t"
+        "eor	v21.16b, v21.16b, v26.16b\n\t"
+        "eor	v22.16b, v22.16b, v27.16b\n\t"
+        "eor	v23.16b, v23.16b, v28.16b\n\t"
+        "eor	v24.16b, v24.16b, v29.16b\n\t"
+        /* Done transforming */
+        "ldp	x28, %x[seed], [x29, #48]\n\t"
+        "ldr	%x[state], [x28], #8\n\t"
+        "subs	%x[seed], %x[seed], #1\n\t"
+        "mov	v30.d[0], %x[state]\n\t"
+        "mov	v30.d[1], %x[state]\n\t"
+        "eor	x2, x2, %x[state]\n\t"
+        "eor	v0.16b, v0.16b, v30.16b\n\t"
+        "bne	L_SHA3_shake256_blocksx3_seed_neon_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[0], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[0], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[0], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[0], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[0], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[0], [%x[state]], #32\n\t"
+        "st1	{v24.d}[0], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "st4	{v0.d, v1.d, v2.d, v3.d}[1], [%x[state]], #32\n\t"
+        "st4	{v4.d, v5.d, v6.d, v7.d}[1], [%x[state]], #32\n\t"
+        "st4	{v8.d, v9.d, v10.d, v11.d}[1], [%x[state]], #32\n\t"
+        "st4	{v12.d, v13.d, v14.d, v15.d}[1], [%x[state]], #32\n\t"
+        "st4	{v16.d, v17.d, v18.d, v19.d}[1], [%x[state]], #32\n\t"
+        "st4	{v20.d, v21.d, v22.d, v23.d}[1], [%x[state]], #32\n\t"
+        "st1	{v24.d}[1], [%x[state]]\n\t"
+        "add	%x[state], %x[state], #8\n\t"
+        "stp	x2, x3, [%x[state]]\n\t"
+        "stp	x4, x5, [%x[state], #16]\n\t"
+        "stp	x6, x7, [%x[state], #32]\n\t"
+        "stp	x8, x9, [%x[state], #48]\n\t"
+        "stp	x10, x11, [%x[state], #64]\n\t"
+        "stp	x12, x13, [%x[state], #80]\n\t"
+        "stp	x14, x15, [%x[state], #96]\n\t"
+        "stp	x16, x17, [%x[state], #112]\n\t"
+        "stp	x19, x20, [%x[state], #128]\n\t"
+        "stp	x21, x22, [%x[state], #144]\n\t"
+        "stp	x23, x24, [%x[state], #160]\n\t"
+        "stp	x25, x26, [%x[state], #176]\n\t"
+        "str	x27, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state), [seed] "+r" (seed)
+        : [L_mlkem_aarch64_q] "S" (L_mlkem_aarch64_q),
+          [L_mlkem_aarch64_consts] "S" (L_mlkem_aarch64_consts),
+          [L_sha3_aarch64_r] "S" (L_sha3_aarch64_r),
+          [L_mlkem_aarch64_zetas] "S" (L_mlkem_aarch64_zetas),
+          [L_mlkem_aarch64_zetas_qinv] "S" (L_mlkem_aarch64_zetas_qinv),
+          [L_mlkem_aarch64_zetas_inv] "S" (L_mlkem_aarch64_zetas_inv),
+          [L_mlkem_aarch64_zetas_inv_qinv] "S" (L_mlkem_aarch64_zetas_inv_qinv),
+          [L_mlkem_aarch64_zetas_mul] "S" (L_mlkem_aarch64_zetas_mul),
+          [L_mlkem_to_msg_low] "S" (L_mlkem_to_msg_low),
+          [L_mlkem_to_msg_high] "S" (L_mlkem_to_msg_high),
+          [L_mlkem_to_msg_bits] "S" (L_mlkem_to_msg_bits),
+          [L_mlkem_from_msg_q1half] "S" (L_mlkem_from_msg_q1half),
+          [L_mlkem_from_msg_bits] "S" (L_mlkem_from_msg_bits),
+          [L_mlkem_rej_uniform_mask] "S" (L_mlkem_rej_uniform_mask),
+          [L_mlkem_rej_uniform_bits] "S" (L_mlkem_rej_uniform_bits),
+          [L_mlkem_rej_uniform_indices] "S" (L_mlkem_rej_uniform_indices)
+        : "memory", "cc", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28", "v0", "v1",
+            "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12",
+            "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21",
+            "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30",
+            "v31"
+    );
+}
+
+#endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#endif /* WOLFSSL_WC_MLKEM */
+#endif /* __aarch64__ */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-poly1305.c b/wolfcrypt/src/port/arm/armv8-poly1305.c
index 4d838c703..f2e9e83aa 100644
--- a/wolfcrypt/src/port/arm/armv8-poly1305.c
+++ b/wolfcrypt/src/port/arm/armv8-poly1305.c
@@ -1,6 +1,6 @@
 /* armv8-poly1305.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,25 +19,17 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
 /*
- * Based off the public domain implementations by Andrew Moon
+ * Based on the public domain implementations by Andrew Moon
  * and Daniel J. Bernstein
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/types.h>
-
 #ifdef WOLFSSL_ARMASM
-#ifdef __aarch64__
 
 #ifdef HAVE_POLY1305
 #include <wolfssl/wolfcrypt/poly1305.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -49,6 +41,8 @@
     #include <stdio.h>
 #endif
 
+#ifdef __aarch64__
+
 static WC_INLINE void poly1305_blocks_aarch64_16(Poly1305* ctx,
     const unsigned char *m, size_t bytes)
 {
@@ -145,7 +139,6 @@ static WC_INLINE void poly1305_blocks_aarch64_16(Poly1305* ctx,
         "AND        x5, x10, x4, LSR #26\n\t"
         "AND        x4, x4, x10\n\t"
         "AND        x6, x6, x10\n\t"
-        "AND        x8, x8, x10\n\t"
         "STP        w4, w5, [%[ctx_h], #0]   \n\t"
         "STP        w6, w7, [%[ctx_h], #8]   \n\t"
         "STR        w8, [%[ctx_h], #16]   \n\t"
@@ -1118,6 +1111,141 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac)
     return 0;
 }
 
-#endif /* HAVE_POLY1305 */
+#else
+#ifdef WOLFSSL_ARMASM_THUMB2
+/* Process 16 bytes of message at a time.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ * @param [in] bytes  Length of message in bytes.
+ */
+void poly1305_blocks_thumb2(Poly1305* ctx, const unsigned char* m,
+    size_t bytes)
+{
+    poly1305_blocks_thumb2_16(ctx, m, bytes, 1);
+}
+
+/* Process 16 bytes of message.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ */
+void poly1305_block_thumb2(Poly1305* ctx, const unsigned char* m)
+{
+    poly1305_blocks_thumb2_16(ctx, m, POLY1305_BLOCK_SIZE, 1);
+}
+#else
+/* Process 16 bytes of message at a time.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ * @param [in] bytes  Length of message in bytes.
+ */
+void poly1305_blocks_arm32(Poly1305* ctx, const unsigned char* m, size_t bytes)
+{
+#ifndef WOLFSSL_ARMASM_NO_NEON
+    poly1305_arm32_blocks(ctx, m, bytes);
+#else
+    poly1305_arm32_blocks_16(ctx, m, bytes, 1);
+#endif
+}
+
+/* Process 16 bytes of message.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ */
+void poly1305_block_arm32(Poly1305* ctx, const unsigned char* m)
+{
+    poly1305_arm32_blocks_16(ctx, m, POLY1305_BLOCK_SIZE, 1);
+}
+#endif
+
+/* Set the key for the Poly1305 operation.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] key    Key data to use.
+ * @param [in] keySz  Size of key in bytes. Must be 32.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or key is NULL or keySz is not 32.
+ */
+int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
+{
+    int ret = 0;
+
+#ifdef CHACHA_AEAD_TEST
+    word32 k;
+    printf("Poly key used:\n");
+    if (key != NULL) {
+        for (k = 0; k < keySz; k++) {
+            printf("%02x", key[k]);
+            if ((k+1) % 8 == 0)
+                printf("\n");
+        }
+    }
+    printf("\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (key == NULL) || (keySz != 32)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        poly1305_set_key(ctx, key);
+    }
+
+    return ret;
+}
+
+/* Finalize the Poly1305 operation calculating the MAC.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] mac    Buffer to hold the MAC. Myst be at least 16 bytes long.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or mac is NULL.
+ */
+int wc_Poly1305Final(Poly1305* ctx, byte* mac)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (mac == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Process the remaining partial block - last block. */
+    if (ret == 0) {
+    #if !defined(WOLFSSL_ARMASM_THUMB2) && !defined(WOLFSSL_ARMASM_NO_NEON)
+        if (ctx->leftover >= POLY1305_BLOCK_SIZE) {
+             size_t len = ctx->leftover & (~(POLY1305_BLOCK_SIZE - 1));
+             poly1305_arm32_blocks(ctx, ctx->buffer, len);
+             ctx->leftover -= len;
+             if (ctx->leftover) {
+                 XMEMCPY(ctx->buffer, ctx->buffer + len, ctx->leftover);
+             }
+        }
+    #endif
+        if (ctx->leftover) {
+             size_t i = ctx->leftover;
+             ctx->buffer[i++] = 1;
+             for (; i < POLY1305_BLOCK_SIZE; i++) {
+                 ctx->buffer[i] = 0;
+             }
+        #ifdef WOLFSSL_ARMASM_THUMB2
+             poly1305_blocks_thumb2_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE,
+                 0);
+        #else
+             poly1305_arm32_blocks_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE, 0);
+        #endif
+        }
+
+        poly1305_final(ctx, mac);
+    }
+
+    return ret;
+}
+
 #endif /* __aarch64__ */
+#endif /* HAVE_POLY1305 */
 #endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/armv8-sha256.c b/wolfcrypt/src/port/arm/armv8-sha256.c
index 45d4292a5..5b1818de8 100644
--- a/wolfcrypt/src/port/arm/armv8-sha256.c
+++ b/wolfcrypt/src/port/arm/armv8-sha256.c
@@ -1,6 +1,6 @@
 /* armv8-sha256.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_ARMASM
 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA224)
@@ -47,8 +42,7 @@
         return 0;
     }
 #endif
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -57,6 +51,10 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/cryptocb.h>
+#endif
+
 #if defined(FREESCALE_MMCAU_SHA)
     #ifdef FREESCALE_MMCAU_CLASSIC_SHA
         #include "cau_api.h"
@@ -65,8 +63,8 @@
     #endif
 #endif
 
-#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
-static const ALIGN32 word32 K[64] = {
+#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+static const FLASH_QUALIFIER ALIGN32 word32 K[64] = {
     0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
     0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
     0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
@@ -84,6 +82,202 @@ static const ALIGN32 word32 K[64] = {
 #endif
 
 
+#if defined(__aarch64__)
+/* Both versions of Ch and Maj are logically the same, but with the second set
+    the compilers can recognize them better for optimization */
+#ifdef WOLFSSL_SHA256_BY_SPEC
+    /* SHA256 math based on specification */
+    #define Ch(x,y,z)       ((z) ^ ((x) & ((y) ^ (z))))
+    #define Maj(x,y,z)      ((((x) | (y)) & (z)) | ((x) & (y)))
+#else
+    /* SHA256 math reworked for easier compiler optimization */
+    #define Ch(x,y,z)       ((((y) ^ (z)) & (x)) ^ (z))
+    #define Maj(x,y,z)      ((((x) ^ (y)) & ((y) ^ (z))) ^ (y))
+#endif
+    #define R(x, n)         (((x) & 0xFFFFFFFFU) >> (n))
+
+    #define S(x, n)         rotrFixed(x, n)
+    #define Sigma0(x)       (S(x, 2)  ^ S(x, 13) ^ S(x, 22))
+    #define Sigma1(x)       (S(x, 6)  ^ S(x, 11) ^ S(x, 25))
+    #define Gamma0(x)       (S(x, 7)  ^ S(x, 18) ^ R(x, 3))
+    #define Gamma1(x)       (S(x, 17) ^ S(x, 19) ^ R(x, 10))
+
+    #define a(i) S[(0-(i)) & 7]
+    #define b(i) S[(1-(i)) & 7]
+    #define c(i) S[(2-(i)) & 7]
+    #define d(i) S[(3-(i)) & 7]
+    #define e(i) S[(4-(i)) & 7]
+    #define f(i) S[(5-(i)) & 7]
+    #define g(i) S[(6-(i)) & 7]
+    #define h(i) S[(7-(i)) & 7]
+
+    #ifndef XTRANSFORM
+         #define XTRANSFORM(S, D)         Transform_Sha256((S),(D))
+    #endif
+
+#ifndef SHA256_MANY_REGISTERS
+    #define RND(j) \
+         t0 = h(j) + Sigma1(e(j)) + Ch(e(j), f(j), g(j)) + K[i+(j)] + \
+              W[i+(j)]; \
+         t1 = Sigma0(a(j)) + Maj(a(j), b(j), c(j)); \
+         d(j) += t0; \
+         h(j)  = t0 + t1
+
+    static void Transform_Sha256(wc_Sha256* sha256, const byte* data)
+    {
+        word32 S[8], t0, t1;
+        int i;
+
+    #ifdef WOLFSSL_SMALL_STACK_CACHE
+        word32* W = sha256->W;
+        if (W == NULL) {
+            W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
+                                                           DYNAMIC_TYPE_DIGEST);
+            if (W == NULL)
+                return;
+            sha256->W = W;
+        }
+    #elif defined(WOLFSSL_SMALL_STACK)
+        word32* W;
+        W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+        if (W == NULL)
+            return;
+    #else
+        word32 W[WC_SHA256_BLOCK_SIZE];
+    #endif
+
+        /* Copy context->state[] to working vars */
+        for (i = 0; i < 8; i++)
+            S[i] = sha256->digest[i];
+
+        for (i = 0; i < 16; i++)
+            W[i] = *((const word32*)&data[i*(int)sizeof(word32)]);
+
+        for (i = 16; i < WC_SHA256_BLOCK_SIZE; i++)
+           W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16];
+
+    #ifdef USE_SLOW_SHA256
+        /* not unrolled - ~2k smaller and ~25% slower */
+        for (i = 0; i < WC_SHA256_BLOCK_SIZE; i += 8) {
+            int j;
+            for (j = 0; j < 8; j++) { /* braces needed here for macros {} */
+                RND(j);
+            }
+        }
+    #else
+        /* partially loop unrolled */
+        for (i = 0; i < WC_SHA256_BLOCK_SIZE; i += 8) {
+            RND(0); RND(1); RND(2); RND(3);
+            RND(4); RND(5); RND(6); RND(7);
+        }
+    #endif /* USE_SLOW_SHA256 */
+
+        /* Add the working vars back into digest state[] */
+        for (i = 0; i < 8; i++) {
+            sha256->digest[i] += S[i];
+        }
+
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
+        ForceZero(W, sizeof(word32) * WC_SHA256_BLOCK_SIZE);
+        XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+    }
+#else
+    /* SHA256 version that keeps all data in registers */
+    #define SCHED1(j) (W[j] = *((word32*)&data[j*sizeof(word32)]))
+    #define SCHED(j) (               \
+                   W[ j     & 15] += \
+            Gamma1(W[(j-2)  & 15])+  \
+                   W[(j-7)  & 15] +  \
+            Gamma0(W[(j-15) & 15])   \
+        )
+
+    #define RND1(j) \
+         t0 = h(j) + Sigma1(e(j)) + Ch(e(j), f(j), g(j)) + K[i+j] + SCHED1(j); \
+         t1 = Sigma0(a(j)) + Maj(a(j), b(j), c(j)); \
+         d(j) += t0; \
+         h(j)  = t0 + t1
+    #define RNDN(j) \
+         t0 = h(j) + Sigma1(e(j)) + Ch(e(j), f(j), g(j)) + K[i+j] + SCHED(j); \
+         t1 = Sigma0(a(j)) + Maj(a(j), b(j), c(j)); \
+         d(j) += t0; \
+         h(j)  = t0 + t1
+
+    static void Transform_Sha256(wc_Sha256* sha256, const byte* data)
+    {
+        word32 S[8], t0, t1;
+        int i;
+    #ifdef USE_SLOW_SHA256
+        int j;
+    #endif
+        word32 W[WC_SHA256_BLOCK_SIZE/sizeof(word32)];
+
+        /* Copy digest to working vars */
+        S[0] = sha256->digest[0];
+        S[1] = sha256->digest[1];
+        S[2] = sha256->digest[2];
+        S[3] = sha256->digest[3];
+        S[4] = sha256->digest[4];
+        S[5] = sha256->digest[5];
+        S[6] = sha256->digest[6];
+        S[7] = sha256->digest[7];
+
+        i = 0;
+    #ifdef USE_SLOW_SHA256
+        for (j = 0; j < 16; j++) {
+            RND1(j);
+        }
+        for (i = 16; i < 64; i += 16) {
+            for (j = 0; j < 16; j++) {
+                RNDN(j);
+            }
+        }
+    #else
+        RND1( 0); RND1( 1); RND1( 2); RND1( 3);
+        RND1( 4); RND1( 5); RND1( 6); RND1( 7);
+        RND1( 8); RND1( 9); RND1(10); RND1(11);
+        RND1(12); RND1(13); RND1(14); RND1(15);
+        /* 64 operations, partially loop unrolled */
+        for (i = 16; i < 64; i += 16) {
+            RNDN( 0); RNDN( 1); RNDN( 2); RNDN( 3);
+            RNDN( 4); RNDN( 5); RNDN( 6); RNDN( 7);
+            RNDN( 8); RNDN( 9); RNDN(10); RNDN(11);
+            RNDN(12); RNDN(13); RNDN(14); RNDN(15);
+        }
+    #endif
+
+        /* Add the working vars back into digest */
+        sha256->digest[0] += S[0];
+        sha256->digest[1] += S[1];
+        sha256->digest[2] += S[2];
+        sha256->digest[3] += S[3];
+        sha256->digest[4] += S[4];
+        sha256->digest[5] += S[5];
+        sha256->digest[6] += S[6];
+        sha256->digest[7] += S[7];
+    }
+#endif /* SHA256_MANY_REGISTERS */
+
+static void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
+    word32 len)
+{
+    while (len > 0) {
+        byte tmp[WC_SHA256_BLOCK_SIZE];
+        ByteReverseWords((word32*)tmp, (const word32*)data,
+            WC_SHA256_BLOCK_SIZE);
+        Transform_Sha256(sha256, tmp);
+        data += WC_SHA256_BLOCK_SIZE;
+        len  -= WC_SHA256_BLOCK_SIZE;
+    }
+}
+#endif
+
+#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+static word32 cpuid_flags = 0;
+static int cpuid_flags_set = 0;
+#endif
+
 static int InitSha256(wc_Sha256* sha256)
 {
     int ret = 0;
@@ -329,23 +523,37 @@ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data,
         AddLength(sha256, len);
 
         if (sha256->buffLen > 0) {
-             /* fill leftover buffer with data */
-             add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
-             XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
-             sha256->buffLen += add;
-             data            += add;
-             len             -= add;
-             if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) {
-                 Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+            /* fill leftover buffer with data */
+            add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+            XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
+            sha256->buffLen += add;
+            data            += add;
+            len             -= add;
+            if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) {
+                if (IS_AARCH64_SHA256(cpuid_flags)) {
+                    Sha256Transform(sha256, (byte*)sha256->buffer, 1);
+                }
+                else {
+                    ByteReverseWords(sha256->buffer, sha256->buffer,
+                        WC_SHA256_BLOCK_SIZE);
+                    Transform_Sha256(sha256, (const byte*)sha256->buffer);
+                }
+
                  sha256->buffLen = 0;
-             }
+            }
         }
 
         /* number of blocks in a row to complete */
-        numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE;
+        numBlocks = (len + sha256->buffLen) / WC_SHA256_BLOCK_SIZE;
 
         if (numBlocks > 0) {
-            Sha256Transform(sha256, data, numBlocks);
+            if (IS_AARCH64_SHA256(cpuid_flags)) {
+                Sha256Transform(sha256, data, numBlocks);
+            }
+            else {
+                Transform_Sha256_Len(sha256, data,
+                    numBlocks * WC_SHA256_BLOCK_SIZE);
+            }
             data += numBlocks * WC_SHA256_BLOCK_SIZE;
             len  -= numBlocks * WC_SHA256_BLOCK_SIZE;
         }
@@ -375,158 +583,166 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
 
     /* pad with zeros */
     if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
-
-        XMEMSET(&local[sha256->buffLen], 0, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+        XMEMSET(&local[sha256->buffLen], 0, WC_SHA256_BLOCK_SIZE -
+                                                               sha256->buffLen);
         sha256->buffLen += WC_SHA256_BLOCK_SIZE - sha256->buffLen;
-        k = K;
-        __asm__ volatile (
-            "LD1 {v4.2d-v7.2d}, %[buffer]          \n"
-            "MOV v0.16b, v4.16b                    \n"
-            "MOV v1.16b, v5.16b                    \n"
-            "REV32 v0.16b, v0.16b                  \n"
-            "REV32 v1.16b, v1.16b                  \n"
-            "MOV v2.16b, v6.16b                    \n"
-            "MOV v3.16b, v7.16b                    \n"
-            "REV32 v2.16b, v2.16b                  \n"
-            "REV32 v3.16b, v3.16b                  \n"
-            "MOV v4.16b, v0.16b                    \n"
-            "MOV v5.16b, v1.16b                    \n"
-            "LD1 {v20.2d-v21.2d}, %[digest]        \n"
+        if (IS_AARCH64_SHA256(cpuid_flags)) {
+            k = K;
+            __asm__ volatile (
+                "LD1 {v4.2d-v7.2d}, %[buffer]          \n"
+                "MOV v0.16b, v4.16b                    \n"
+                "MOV v1.16b, v5.16b                    \n"
+                "REV32 v0.16b, v0.16b                  \n"
+                "REV32 v1.16b, v1.16b                  \n"
+                "MOV v2.16b, v6.16b                    \n"
+                "MOV v3.16b, v7.16b                    \n"
+                "REV32 v2.16b, v2.16b                  \n"
+                "REV32 v3.16b, v3.16b                  \n"
+                "MOV v4.16b, v0.16b                    \n"
+                "MOV v5.16b, v1.16b                    \n"
+                "LD1 {v20.2d-v21.2d}, %[digest]        \n"
 
-            "#SHA256 operation on updated message  \n"
-            "MOV v16.16b, v20.16b \n"
-            "MOV v17.16b, v21.16b \n"
+                "#SHA256 operation on updated message  \n"
+                "MOV v16.16b, v20.16b \n"
+                "MOV v17.16b, v21.16b \n"
 
-            "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
-            "SHA256SU0 v4.4s, v1.4s        \n"
-            "ADD v0.4s, v0.4s, v22.4s      \n"
-            "MOV v6.16b, v2.16b            \n"
-            "MOV v18.16b, v16.16b          \n"
-            "SHA256SU1 v4.4s, v2.4s, v3.4s \n"
-            "SHA256H q16, q17, v0.4s       \n"
-            "SHA256H2 q17, q18, v0.4s      \n"
+                "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
+                "SHA256SU0 v4.4s, v1.4s        \n"
+                "ADD v0.4s, v0.4s, v22.4s      \n"
+                "MOV v6.16b, v2.16b            \n"
+                "MOV v18.16b, v16.16b          \n"
+                "SHA256SU1 v4.4s, v2.4s, v3.4s \n"
+                "SHA256H q16, q17, v0.4s       \n"
+                "SHA256H2 q17, q18, v0.4s      \n"
 
-            "SHA256SU0 v5.4s, v2.4s        \n"
-            "ADD v1.4s, v1.4s, v23.4s      \n"
-            "MOV v18.16b, v16.16b          \n"
-            "MOV v7.16b, v3.16b            \n"
-            "SHA256SU1 v5.4s, v3.4s, v4.4s \n"
-            "SHA256H q16, q17, v1.4s       \n"
-            "SHA256H2 q17, q18, v1.4s      \n"
+                "SHA256SU0 v5.4s, v2.4s        \n"
+                "ADD v1.4s, v1.4s, v23.4s      \n"
+                "MOV v18.16b, v16.16b          \n"
+                "MOV v7.16b, v3.16b            \n"
+                "SHA256SU1 v5.4s, v3.4s, v4.4s \n"
+                "SHA256H q16, q17, v1.4s       \n"
+                "SHA256H2 q17, q18, v1.4s      \n"
 
-            "SHA256SU0 v6.4s, v3.4s        \n"
-            "ADD v2.4s, v2.4s, v24.4s      \n"
-            "MOV v18.16b, v16.16b          \n"
-            "MOV v8.16b, v4.16b            \n"
-            "SHA256SU1 v6.4s, v4.4s, v5.4s \n"
-            "SHA256H q16, q17, v2.4s       \n"
-            "SHA256H2 q17, q18, v2.4s      \n"
+                "SHA256SU0 v6.4s, v3.4s        \n"
+                "ADD v2.4s, v2.4s, v24.4s      \n"
+                "MOV v18.16b, v16.16b          \n"
+                "MOV v8.16b, v4.16b            \n"
+                "SHA256SU1 v6.4s, v4.4s, v5.4s \n"
+                "SHA256H q16, q17, v2.4s       \n"
+                "SHA256H2 q17, q18, v2.4s      \n"
 
-            "SHA256SU0 v7.4s, v4.4s        \n"
-            "ADD v3.4s, v3.4s, v25.4s      \n"
-            "MOV v18.16b, v16.16b          \n"
-            "MOV v9.16b, v5.16b            \n"
-            "SHA256SU1 v7.4s, v5.4s, v6.4s \n"
-            "SHA256H q16, q17, v3.4s       \n"
-            "SHA256H2 q17, q18, v3.4s      \n"
+                "SHA256SU0 v7.4s, v4.4s        \n"
+                "ADD v3.4s, v3.4s, v25.4s      \n"
+                "MOV v18.16b, v16.16b          \n"
+                "MOV v9.16b, v5.16b            \n"
+                "SHA256SU1 v7.4s, v5.4s, v6.4s \n"
+                "SHA256H q16, q17, v3.4s       \n"
+                "SHA256H2 q17, q18, v3.4s      \n"
 
-            "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
-            "SHA256SU0 v8.4s, v5.4s        \n"
-            "ADD v4.4s, v4.4s, v22.4s      \n"
-            "MOV v18.16b, v16.16b          \n"
-            "MOV v10.16b, v6.16b           \n"
-            "SHA256SU1 v8.4s, v6.4s, v7.4s \n"
-            "SHA256H q16, q17, v4.4s       \n"
-            "SHA256H2 q17, q18, v4.4s      \n"
+                "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
+                "SHA256SU0 v8.4s, v5.4s        \n"
+                "ADD v4.4s, v4.4s, v22.4s      \n"
+                "MOV v18.16b, v16.16b          \n"
+                "MOV v10.16b, v6.16b           \n"
+                "SHA256SU1 v8.4s, v6.4s, v7.4s \n"
+                "SHA256H q16, q17, v4.4s       \n"
+                "SHA256H2 q17, q18, v4.4s      \n"
 
-            "SHA256SU0 v9.4s, v6.4s        \n"
-            "ADD v5.4s, v5.4s, v23.4s      \n"
-            "MOV v18.16b, v16.16b          \n"
-            "MOV v11.16b, v7.16b           \n"
-            "SHA256SU1 v9.4s, v7.4s, v8.4s \n"
-            "SHA256H q16, q17, v5.4s       \n"
-            "SHA256H2 q17, q18, v5.4s      \n"
+                "SHA256SU0 v9.4s, v6.4s        \n"
+                "ADD v5.4s, v5.4s, v23.4s      \n"
+                "MOV v18.16b, v16.16b          \n"
+                "MOV v11.16b, v7.16b           \n"
+                "SHA256SU1 v9.4s, v7.4s, v8.4s \n"
+                "SHA256H q16, q17, v5.4s       \n"
+                "SHA256H2 q17, q18, v5.4s      \n"
 
-            "SHA256SU0 v10.4s, v7.4s        \n"
-            "ADD v6.4s, v6.4s, v24.4s       \n"
-            "MOV v18.16b, v16.16b           \n"
-            "MOV v12.16b, v8.16b            \n"
-            "SHA256SU1 v10.4s, v8.4s, v9.4s \n"
-            "SHA256H q16, q17, v6.4s        \n"
-            "SHA256H2 q17, q18, v6.4s       \n"
+                "SHA256SU0 v10.4s, v7.4s        \n"
+                "ADD v6.4s, v6.4s, v24.4s       \n"
+                "MOV v18.16b, v16.16b           \n"
+                "MOV v12.16b, v8.16b            \n"
+                "SHA256SU1 v10.4s, v8.4s, v9.4s \n"
+                "SHA256H q16, q17, v6.4s        \n"
+                "SHA256H2 q17, q18, v6.4s       \n"
 
-            "SHA256SU0 v11.4s, v8.4s         \n"
-            "ADD v7.4s, v7.4s, v25.4s        \n"
-            "MOV v18.16b, v16.16b            \n"
-            "MOV v13.16b, v9.16b             \n"
-            "SHA256SU1 v11.4s, v9.4s, v10.4s \n"
-            "SHA256H q16, q17, v7.4s         \n"
-            "SHA256H2 q17, q18, v7.4s        \n"
+                "SHA256SU0 v11.4s, v8.4s         \n"
+                "ADD v7.4s, v7.4s, v25.4s        \n"
+                "MOV v18.16b, v16.16b            \n"
+                "MOV v13.16b, v9.16b             \n"
+                "SHA256SU1 v11.4s, v9.4s, v10.4s \n"
+                "SHA256H q16, q17, v7.4s         \n"
+                "SHA256H2 q17, q18, v7.4s        \n"
 
-            "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
-            "SHA256SU0 v12.4s, v9.4s            \n"
-            "ADD v8.4s, v8.4s, v22.4s           \n"
-            "MOV v18.16b, v16.16b               \n"
-            "MOV v14.16b, v10.16b               \n"
-            "SHA256SU1 v12.4s, v10.4s, v11.4s   \n"
-            "SHA256H q16, q17, v8.4s            \n"
-            "SHA256H2 q17, q18, v8.4s           \n"
+                "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
+                "SHA256SU0 v12.4s, v9.4s            \n"
+                "ADD v8.4s, v8.4s, v22.4s           \n"
+                "MOV v18.16b, v16.16b               \n"
+                "MOV v14.16b, v10.16b               \n"
+                "SHA256SU1 v12.4s, v10.4s, v11.4s   \n"
+                "SHA256H q16, q17, v8.4s            \n"
+                "SHA256H2 q17, q18, v8.4s           \n"
 
-            "SHA256SU0 v13.4s, v10.4s           \n"
-            "ADD v9.4s, v9.4s, v23.4s           \n"
-            "MOV v18.16b, v16.16b               \n"
-            "MOV v15.16b, v11.16b               \n"
-            "SHA256SU1 v13.4s, v11.4s, v12.4s   \n"
-            "SHA256H q16, q17, v9.4s            \n"
-            "SHA256H2 q17, q18, v9.4s           \n"
+                "SHA256SU0 v13.4s, v10.4s           \n"
+                "ADD v9.4s, v9.4s, v23.4s           \n"
+                "MOV v18.16b, v16.16b               \n"
+                "MOV v15.16b, v11.16b               \n"
+                "SHA256SU1 v13.4s, v11.4s, v12.4s   \n"
+                "SHA256H q16, q17, v9.4s            \n"
+                "SHA256H2 q17, q18, v9.4s           \n"
 
-            "SHA256SU0 v14.4s, v11.4s           \n"
-            "ADD v10.4s, v10.4s, v24.4s         \n"
-            "MOV v18.16b, v16.16b               \n"
-            "SHA256SU1 v14.4s, v12.4s, v13.4s   \n"
-            "SHA256H q16, q17, v10.4s           \n"
-            "SHA256H2 q17, q18, v10.4s          \n"
+                "SHA256SU0 v14.4s, v11.4s           \n"
+                "ADD v10.4s, v10.4s, v24.4s         \n"
+                "MOV v18.16b, v16.16b               \n"
+                "SHA256SU1 v14.4s, v12.4s, v13.4s   \n"
+                "SHA256H q16, q17, v10.4s           \n"
+                "SHA256H2 q17, q18, v10.4s          \n"
 
-            "SHA256SU0 v15.4s, v12.4s           \n"
-            "ADD v11.4s, v11.4s, v25.4s         \n"
-            "MOV v18.16b, v16.16b               \n"
-            "SHA256SU1 v15.4s, v13.4s, v14.4s   \n"
-            "SHA256H q16, q17, v11.4s           \n"
-            "SHA256H2 q17, q18, v11.4s          \n"
+                "SHA256SU0 v15.4s, v12.4s           \n"
+                "ADD v11.4s, v11.4s, v25.4s         \n"
+                "MOV v18.16b, v16.16b               \n"
+                "SHA256SU1 v15.4s, v13.4s, v14.4s   \n"
+                "SHA256H q16, q17, v11.4s           \n"
+                "SHA256H2 q17, q18, v11.4s          \n"
 
-            "LD1 {v22.4s-v25.4s}, [%[k]] \n"
-            "ADD v12.4s, v12.4s, v22.4s    \n"
-            "MOV v18.16b, v16.16b          \n"
-            "SHA256H q16, q17, v12.4s      \n"
-            "SHA256H2 q17, q18, v12.4s     \n"
+                "LD1 {v22.4s-v25.4s}, [%[k]] \n"
+                "ADD v12.4s, v12.4s, v22.4s    \n"
+                "MOV v18.16b, v16.16b          \n"
+                "SHA256H q16, q17, v12.4s      \n"
+                "SHA256H2 q17, q18, v12.4s     \n"
 
-            "ADD v13.4s, v13.4s, v23.4s    \n"
-            "MOV v18.16b, v16.16b          \n"
-            "SHA256H q16, q17, v13.4s      \n"
-            "SHA256H2 q17, q18, v13.4s     \n"
+                "ADD v13.4s, v13.4s, v23.4s    \n"
+                "MOV v18.16b, v16.16b          \n"
+                "SHA256H q16, q17, v13.4s      \n"
+                "SHA256H2 q17, q18, v13.4s     \n"
 
-            "ADD v14.4s, v14.4s, v24.4s  \n"
-            "MOV v18.16b, v16.16b        \n"
-            "SHA256H q16, q17, v14.4s    \n"
-            "SHA256H2 q17, q18, v14.4s   \n"
+                "ADD v14.4s, v14.4s, v24.4s  \n"
+                "MOV v18.16b, v16.16b        \n"
+                "SHA256H q16, q17, v14.4s    \n"
+                "SHA256H2 q17, q18, v14.4s   \n"
 
-            "ADD v15.4s, v15.4s, v25.4s  \n"
-            "MOV v18.16b, v16.16b        \n"
-            "SHA256H q16, q17, v15.4s    \n"
-            "SHA256H2 q17, q18, v15.4s   \n"
+                "ADD v15.4s, v15.4s, v25.4s  \n"
+                "MOV v18.16b, v16.16b        \n"
+                "SHA256H q16, q17, v15.4s    \n"
+                "SHA256H2 q17, q18, v15.4s   \n"
 
-            "#Add working vars back into digest state \n"
-            "ADD v16.4s, v16.4s, v20.4s \n"
-            "ADD v17.4s, v17.4s, v21.4s \n"
-            "ST1 {v16.2d-v17.2d}, %[out]        \n"
+                "#Add working vars back into digest state \n"
+                "ADD v16.4s, v16.4s, v20.4s \n"
+                "ADD v17.4s, v17.4s, v21.4s \n"
+                "ST1 {v16.2d-v17.2d}, %[out]        \n"
 
-            : [out] "=m" (sha256->digest), [k] "+r" (k)
-            : [digest] "m" (sha256->digest),
-              [buffer] "m" (sha256->buffer)
-            : "cc", "memory", "v0", "v1", "v2", "v3", "v8",  "v9",  "v10", "v11"
-                            , "v12", "v13", "v14", "v15", "v16", "v17", "v18"
-                            , "v19", "v20", "v21", "v22", "v23", "v24", "v25"
-        );
+                : [out] "=m" (sha256->digest), [k] "+r" (k)
+                : [digest] "m" (sha256->digest),
+                  [buffer] "m" (sha256->buffer)
+                : "cc", "memory", "v0", "v1", "v2", "v3", "v8",  "v9",  "v10"
+                                , "v11" , "v12", "v13", "v14", "v15", "v16"
+                                , "v17", "v18" , "v19", "v20", "v21", "v22"
+                                , "v23", "v24", "v25"
+            );
+        }
+        else {
+            ByteReverseWords(sha256->buffer, sha256->buffer,
+                WC_SHA256_BLOCK_SIZE);
+            Transform_Sha256(sha256, (const byte*)sha256->buffer);
+        }
 
         sha256->buffLen = 0;
     }
@@ -552,162 +768,173 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
         );
     #endif
     /* ! length ordering dependent on digest endian type ! */
-    XMEMCPY(&local[WC_SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
-    XMEMCPY(&local[WC_SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
-            sizeof(word32));
+        XMEMCPY(&local[WC_SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
+        XMEMCPY(&local[WC_SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
+                sizeof(word32));
 
-    k = K;
-    __asm__ volatile (
-        "#load in message and schedule updates \n"
-        "LD1 {v4.2d-v7.2d}, %[buffer]        \n"
-        "MOV v0.16b, v4.16b \n"
-        "MOV v1.16b, v5.16b \n"
-        "MOV v2.16b, v6.16b \n"
-        "MOV v3.16b, v7.16b \n"
-        "LD1 {v20.2d-v21.2d}, %[digest] \n"
+    if (IS_AARCH64_SHA256(cpuid_flags)) {
+        k = K;
+        __asm__ volatile (
+            "#load in message and schedule updates \n"
+            "LD1 {v4.2d-v7.2d}, %[buffer]        \n"
+            "MOV v0.16b, v4.16b \n"
+            "MOV v1.16b, v5.16b \n"
+            "MOV v2.16b, v6.16b \n"
+            "MOV v3.16b, v7.16b \n"
+            "LD1 {v20.2d-v21.2d}, %[digest] \n"
 
-        "MOV v16.16b, v20.16b      \n"
-        "MOV v17.16b, v21.16b      \n"
-        "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
-        "SHA256SU0 v4.4s, v1.4s          \n"
-        "ADD v0.4s, v0.4s, v22.4s        \n"
-        "MOV v6.16b, v2.16b              \n"
-        "MOV v18.16b, v16.16b            \n"
-        "SHA256SU1 v4.4s, v2.4s, v3.4s   \n"
-        "SHA256H q16, q17, v0.4s         \n"
-        "SHA256H2 q17, q18, v0.4s        \n"
+            "MOV v16.16b, v20.16b      \n"
+            "MOV v17.16b, v21.16b      \n"
+            "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
+            "SHA256SU0 v4.4s, v1.4s          \n"
+            "ADD v0.4s, v0.4s, v22.4s        \n"
+            "MOV v6.16b, v2.16b              \n"
+            "MOV v18.16b, v16.16b            \n"
+            "SHA256SU1 v4.4s, v2.4s, v3.4s   \n"
+            "SHA256H q16, q17, v0.4s         \n"
+            "SHA256H2 q17, q18, v0.4s        \n"
 
-        "SHA256SU0 v5.4s, v2.4s          \n"
-        "ADD v1.4s, v1.4s, v23.4s        \n"
-        "MOV v7.16b, v3.16b              \n"
-        "MOV v18.16b, v16.16b            \n"
-        "SHA256SU1 v5.4s, v3.4s, v4.4s   \n"
-        "SHA256H q16, q17, v1.4s         \n"
-        "SHA256H2 q17, q18, v1.4s        \n"
+            "SHA256SU0 v5.4s, v2.4s          \n"
+            "ADD v1.4s, v1.4s, v23.4s        \n"
+            "MOV v7.16b, v3.16b              \n"
+            "MOV v18.16b, v16.16b            \n"
+            "SHA256SU1 v5.4s, v3.4s, v4.4s   \n"
+            "SHA256H q16, q17, v1.4s         \n"
+            "SHA256H2 q17, q18, v1.4s        \n"
 
-        "SHA256SU0 v6.4s, v3.4s          \n"
-        "ADD v2.4s, v2.4s, v24.4s        \n"
-        "MOV v18.16b, v16.16b            \n"
-        "MOV v8.16b, v4.16b              \n"
-        "SHA256SU1 v6.4s, v4.4s, v5.4s   \n"
-        "SHA256H q16, q17, v2.4s         \n"
-        "SHA256H2 q17, q18, v2.4s        \n"
+            "SHA256SU0 v6.4s, v3.4s          \n"
+            "ADD v2.4s, v2.4s, v24.4s        \n"
+            "MOV v18.16b, v16.16b            \n"
+            "MOV v8.16b, v4.16b              \n"
+            "SHA256SU1 v6.4s, v4.4s, v5.4s   \n"
+            "SHA256H q16, q17, v2.4s         \n"
+            "SHA256H2 q17, q18, v2.4s        \n"
 
-        "SHA256SU0 v7.4s, v4.4s          \n"
-        "ADD v3.4s, v3.4s, v25.4s        \n"
-        "MOV v18.16b, v16.16b            \n"
-        "MOV v9.16b, v5.16b              \n"
-        "SHA256SU1 v7.4s, v5.4s, v6.4s   \n"
-        "SHA256H q16, q17, v3.4s         \n"
-        "SHA256H2 q17, q18, v3.4s        \n"
+            "SHA256SU0 v7.4s, v4.4s          \n"
+            "ADD v3.4s, v3.4s, v25.4s        \n"
+            "MOV v18.16b, v16.16b            \n"
+            "MOV v9.16b, v5.16b              \n"
+            "SHA256SU1 v7.4s, v5.4s, v6.4s   \n"
+            "SHA256H q16, q17, v3.4s         \n"
+            "SHA256H2 q17, q18, v3.4s        \n"
 
-        "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
-        "SHA256SU0 v8.4s, v5.4s          \n"
-        "ADD v4.4s, v4.4s, v22.4s        \n"
-        "MOV v18.16b, v16.16b            \n"
-        "MOV v10.16b, v6.16b             \n"
-        "SHA256SU1 v8.4s, v6.4s, v7.4s   \n"
-        "SHA256H q16, q17, v4.4s         \n"
-        "SHA256H2 q17, q18, v4.4s        \n"
+            "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
+            "SHA256SU0 v8.4s, v5.4s          \n"
+            "ADD v4.4s, v4.4s, v22.4s        \n"
+            "MOV v18.16b, v16.16b            \n"
+            "MOV v10.16b, v6.16b             \n"
+            "SHA256SU1 v8.4s, v6.4s, v7.4s   \n"
+            "SHA256H q16, q17, v4.4s         \n"
+            "SHA256H2 q17, q18, v4.4s        \n"
 
-        "SHA256SU0 v9.4s, v6.4s          \n"
-        "ADD v5.4s, v5.4s, v23.4s        \n"
-        "MOV v18.16b, v16.16b            \n"
-        "MOV v11.16b, v7.16b             \n"
-        "SHA256SU1 v9.4s, v7.4s, v8.4s   \n"
-        "SHA256H q16, q17, v5.4s         \n"
-        "SHA256H2 q17, q18, v5.4s        \n"
+            "SHA256SU0 v9.4s, v6.4s          \n"
+            "ADD v5.4s, v5.4s, v23.4s        \n"
+            "MOV v18.16b, v16.16b            \n"
+            "MOV v11.16b, v7.16b             \n"
+            "SHA256SU1 v9.4s, v7.4s, v8.4s   \n"
+            "SHA256H q16, q17, v5.4s         \n"
+            "SHA256H2 q17, q18, v5.4s        \n"
 
-        "SHA256SU0 v10.4s, v7.4s         \n"
-        "ADD v6.4s, v6.4s, v24.4s        \n"
-        "MOV v18.16b, v16.16b            \n"
-        "MOV v12.16b, v8.16b             \n"
-        "SHA256SU1 v10.4s, v8.4s, v9.4s  \n"
-        "SHA256H q16, q17, v6.4s         \n"
-        "SHA256H2 q17, q18, v6.4s        \n"
+            "SHA256SU0 v10.4s, v7.4s         \n"
+            "ADD v6.4s, v6.4s, v24.4s        \n"
+            "MOV v18.16b, v16.16b            \n"
+            "MOV v12.16b, v8.16b             \n"
+            "SHA256SU1 v10.4s, v8.4s, v9.4s  \n"
+            "SHA256H q16, q17, v6.4s         \n"
+            "SHA256H2 q17, q18, v6.4s        \n"
 
-        "SHA256SU0 v11.4s, v8.4s         \n"
-        "ADD v7.4s, v7.4s, v25.4s        \n"
-        "MOV v18.16b, v16.16b            \n"
-        "MOV v13.16b, v9.16b             \n"
-        "SHA256SU1 v11.4s, v9.4s, v10.4s \n"
-        "SHA256H q16, q17, v7.4s         \n"
-        "SHA256H2 q17, q18, v7.4s        \n"
+            "SHA256SU0 v11.4s, v8.4s         \n"
+            "ADD v7.4s, v7.4s, v25.4s        \n"
+            "MOV v18.16b, v16.16b            \n"
+            "MOV v13.16b, v9.16b             \n"
+            "SHA256SU1 v11.4s, v9.4s, v10.4s \n"
+            "SHA256H q16, q17, v7.4s         \n"
+            "SHA256H2 q17, q18, v7.4s        \n"
 
-        "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
-        "SHA256SU0 v12.4s, v9.4s          \n"
-        "ADD v8.4s, v8.4s, v22.4s         \n"
-        "MOV v18.16b, v16.16b             \n"
-        "MOV v14.16b, v10.16b             \n"
-        "SHA256SU1 v12.4s, v10.4s, v11.4s \n"
-        "SHA256H q16, q17, v8.4s          \n"
-        "SHA256H2 q17, q18, v8.4s         \n"
+            "LD1 {v22.4s-v25.4s}, [%[k]], #64 \n"
+            "SHA256SU0 v12.4s, v9.4s          \n"
+            "ADD v8.4s, v8.4s, v22.4s         \n"
+            "MOV v18.16b, v16.16b             \n"
+            "MOV v14.16b, v10.16b             \n"
+            "SHA256SU1 v12.4s, v10.4s, v11.4s \n"
+            "SHA256H q16, q17, v8.4s          \n"
+            "SHA256H2 q17, q18, v8.4s         \n"
 
-        "SHA256SU0 v13.4s, v10.4s         \n"
-        "ADD v9.4s, v9.4s, v23.4s         \n"
-        "MOV v18.16b, v16.16b             \n"
-        "MOV v15.16b, v11.16b             \n"
-        "SHA256SU1 v13.4s, v11.4s, v12.4s \n"
-        "SHA256H q16, q17, v9.4s          \n"
-        "SHA256H2 q17, q18, v9.4s         \n"
+            "SHA256SU0 v13.4s, v10.4s         \n"
+            "ADD v9.4s, v9.4s, v23.4s         \n"
+            "MOV v18.16b, v16.16b             \n"
+            "MOV v15.16b, v11.16b             \n"
+            "SHA256SU1 v13.4s, v11.4s, v12.4s \n"
+            "SHA256H q16, q17, v9.4s          \n"
+            "SHA256H2 q17, q18, v9.4s         \n"
 
-        "SHA256SU0 v14.4s, v11.4s         \n"
-        "ADD v10.4s, v10.4s, v24.4s       \n"
-        "MOV v18.16b, v16.16b             \n"
-        "SHA256SU1 v14.4s, v12.4s, v13.4s \n"
-        "SHA256H q16, q17, v10.4s         \n"
-        "SHA256H2 q17, q18, v10.4s        \n"
+            "SHA256SU0 v14.4s, v11.4s         \n"
+            "ADD v10.4s, v10.4s, v24.4s       \n"
+            "MOV v18.16b, v16.16b             \n"
+            "SHA256SU1 v14.4s, v12.4s, v13.4s \n"
+            "SHA256H q16, q17, v10.4s         \n"
+            "SHA256H2 q17, q18, v10.4s        \n"
 
-        "SHA256SU0 v15.4s, v12.4s         \n"
-        "ADD v11.4s, v11.4s, v25.4s       \n"
-        "MOV v18.16b, v16.16b             \n"
-        "SHA256SU1 v15.4s, v13.4s, v14.4s \n"
-        "SHA256H q16, q17, v11.4s         \n"
-        "SHA256H2 q17, q18, v11.4s        \n"
+            "SHA256SU0 v15.4s, v12.4s         \n"
+            "ADD v11.4s, v11.4s, v25.4s       \n"
+            "MOV v18.16b, v16.16b             \n"
+            "SHA256SU1 v15.4s, v13.4s, v14.4s \n"
+            "SHA256H q16, q17, v11.4s         \n"
+            "SHA256H2 q17, q18, v11.4s        \n"
 
-        "LD1 {v22.4s-v25.4s}, [%[k]] \n"
-        "ADD v12.4s, v12.4s, v22.4s    \n"
-        "MOV v18.16b, v16.16b          \n"
-        "SHA256H q16, q17, v12.4s      \n"
-        "SHA256H2 q17, q18, v12.4s     \n"
+            "LD1 {v22.4s-v25.4s}, [%[k]] \n"
+            "ADD v12.4s, v12.4s, v22.4s    \n"
+            "MOV v18.16b, v16.16b          \n"
+            "SHA256H q16, q17, v12.4s      \n"
+            "SHA256H2 q17, q18, v12.4s     \n"
 
-        "ADD v13.4s, v13.4s, v23.4s \n"
-        "MOV v18.16b, v16.16b       \n"
-        "SHA256H q16, q17, v13.4s   \n"
-        "SHA256H2 q17, q18, v13.4s  \n"
+            "ADD v13.4s, v13.4s, v23.4s \n"
+            "MOV v18.16b, v16.16b       \n"
+            "SHA256H q16, q17, v13.4s   \n"
+            "SHA256H2 q17, q18, v13.4s  \n"
 
-        "ADD v14.4s, v14.4s, v24.4s \n"
-        "MOV v18.16b, v16.16b       \n"
-        "SHA256H q16, q17, v14.4s   \n"
-        "SHA256H2 q17, q18, v14.4s  \n"
+            "ADD v14.4s, v14.4s, v24.4s \n"
+            "MOV v18.16b, v16.16b       \n"
+            "SHA256H q16, q17, v14.4s   \n"
+            "SHA256H2 q17, q18, v14.4s  \n"
 
-        "ADD v15.4s, v15.4s, v25.4s \n"
-        "MOV v18.16b, v16.16b       \n"
-        "SHA256H q16, q17, v15.4s   \n"
-        "SHA256H2 q17, q18, v15.4s  \n"
+            "ADD v15.4s, v15.4s, v25.4s \n"
+            "MOV v18.16b, v16.16b       \n"
+            "SHA256H q16, q17, v15.4s   \n"
+            "SHA256H2 q17, q18, v15.4s  \n"
 
-        "#Add working vars back into digest state \n"
-        "ADD v16.4s, v16.4s, v20.4s \n"
-        "ADD v17.4s, v17.4s, v21.4s \n"
+            "#Add working vars back into digest state \n"
+            "ADD v16.4s, v16.4s, v20.4s \n"
+            "ADD v17.4s, v17.4s, v21.4s \n"
 
-        "#Store value as hash output \n"
-    #if defined(LITTLE_ENDIAN_ORDER)
-        "REV32 v16.16b, v16.16b \n"
+            "#Store value as hash output \n"
+        #if defined(LITTLE_ENDIAN_ORDER)
+            "REV32 v16.16b, v16.16b \n"
+        #endif
+            "ST1 {v16.16b}, [%[hashOut]], #16 \n"
+        #if defined(LITTLE_ENDIAN_ORDER)
+            "REV32 v17.16b, v17.16b \n"
+        #endif
+            "ST1 {v17.16b}, [%[hashOut]] \n"
+            : [hashOut] "=r" (hash), [k] "+r" (k)
+            : [digest] "m" (sha256->digest),
+              [buffer] "m" (sha256->buffer),
+              "0" (hash)
+                : "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+                            "v8",  "v9",  "v10", "v11", "v12", "v13", "v14",
+                            "v15", "v16", "v17", "v18", "v19", "v20", "v21",
+                            "v22", "v23", "v24", "v25", "cc"
+        );
+    }
+    else {
+        Transform_Sha256(sha256, (const byte*)sha256->buffer);
+
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords((word32*)hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
+    #else
+        XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
     #endif
-        "ST1 {v16.16b}, [%[hashOut]], #16 \n"
-    #if defined(LITTLE_ENDIAN_ORDER)
-        "REV32 v17.16b, v17.16b \n"
-    #endif
-        "ST1 {v17.16b}, [%[hashOut]] \n"
-        : [hashOut] "=r" (hash), [k] "+r" (k)
-        : [digest] "m" (sha256->digest),
-          [buffer] "m" (sha256->buffer),
-          "0" (hash)
-            : "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
-                              "v8",  "v9",  "v10", "v11", "v12", "v13", "v14",
-                              "v15", "v16", "v17", "v18", "v19", "v20", "v21",
-                              "v22", "v23", "v24", "v25"
-    );
+    }
 
     return 0;
 }
@@ -972,7 +1199,8 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
     if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
         word32* bufPt = sha256->buffer;
         word32* digPt = sha256->digest;
-        XMEMSET(&local[sha256->buffLen], 0, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+        XMEMSET(&local[sha256->buffLen], 0,
+            WC_SHA256_BLOCK_SIZE - sha256->buffLen);
         sha256->buffLen += WC_SHA256_BLOCK_SIZE - sha256->buffLen;
         __asm__ volatile (
         "#load leftover data\n"
@@ -1403,7 +1631,7 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
         return ret;
     }
 
-#else /* */
+#elif !defined(__aarch64__)
 
 extern void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
     word32 len);
@@ -1411,7 +1639,8 @@ extern void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
 #endif
 
 /* ARMv8 hardware acceleration Aarch32 and Thumb2 */
-static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
+static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data,
+    word32 len)
 {
     int ret = 0;
     /* do block size increments */
@@ -1513,25 +1742,53 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
 
 int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
 {
+    int ret = 0;
     if (sha256 == NULL)
         return BAD_FUNC_ARG;
+    ret = InitSha256(sha256);
+    if (ret != 0)
+        return ret;
 
     sha256->heap = heap;
 #ifdef WOLF_CRYPTO_CB
     sha256->devId = devId;
+    sha256->devCtx = NULL;
 #endif
+
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
+#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    if (!cpuid_flags_set) {
+        cpuid_flags = cpuid_get_flags();
+        cpuid_flags_set = 1;
+    }
+#endif
+
     (void)devId;
 
-    return InitSha256(sha256);
+    return ret;
 }
 
 int wc_InitSha256(wc_Sha256* sha256)
 {
-    return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
+    int devId = INVALID_DEVID;
+
+#ifdef WOLF_CRYPTO_CB
+    devId = wc_CryptoCb_DefaultDevID();
+#endif
+    return wc_InitSha256_ex(sha256, NULL, devId);
 }
 
 void wc_Sha256Free(wc_Sha256* sha256)
 {
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx));
+#endif
     (void)sha256;
 }
 
@@ -1541,6 +1798,18 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha256->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret = wc_CryptoCb_Sha256Hash(sha256, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     return Sha256Update(sha256, data, len);
 }
 
@@ -1573,6 +1842,18 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha256->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_Sha256Hash(sha256, NULL, 0, hash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     ret = Sha256Final(sha256, hash);
     if (ret != 0)
         return ret;
@@ -1621,6 +1902,17 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
 
     XMEMCPY(dst, src, sizeof(wc_Sha256));
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
+#ifdef WOLFSSL_HASH_FLAGS
+    dst->flags |= WC_HASH_FLAG_ISCOPY;
+#endif
+
     return ret;
 }
 
@@ -1754,6 +2046,14 @@ int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data,
             return BAD_FUNC_ARG;
 
         sha224->heap = heap;
+
+    #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+        if (!cpuid_flags_set) {
+            cpuid_flags = cpuid_get_flags();
+            cpuid_flags_set = 1;
+        }
+    #endif
+
         (void)devId;
 
         return InitSha224(sha224);
@@ -1842,6 +2142,10 @@ int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data,
 
         XMEMCPY(dst, src, sizeof(wc_Sha224));
 
+    #ifdef WOLFSSL_HASH_FLAGS
+        dst->flags |= WC_HASH_FLAG_ISCOPY;
+    #endif
+
         return ret;
     }
 
diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-sha3-asm.S
index 1652f41b4..8ab1ddc79 100644
--- a/wolfcrypt/src/port/arm/armv8-sha3-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-sha3-asm.S
@@ -1,6 +1,6 @@
 /* armv8-sha3-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,14 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha3/sha3.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm.S
+ *   ruby ./sha3/sha3.rb arm64 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm.S
  */
 #ifdef WOLFSSL_ARMASM
 #ifdef __aarch64__
@@ -47,41 +45,41 @@
 	.p2align	3
 #endif /* __APPLE__ */
 L_SHA3_transform_crypto_r:
-	.xword	0x1
-	.xword	0x8082
+	.xword	0x0000000000000001
+	.xword	0x0000000000008082
 	.xword	0x800000000000808a
 	.xword	0x8000000080008000
-	.xword	0x808b
-	.xword	0x80000001
+	.xword	0x000000000000808b
+	.xword	0x0000000080000001
 	.xword	0x8000000080008081
 	.xword	0x8000000000008009
-	.xword	0x8a
-	.xword	0x88
-	.xword	0x80008009
-	.xword	0x8000000a
-	.xword	0x8000808b
+	.xword	0x000000000000008a
+	.xword	0x0000000000000088
+	.xword	0x0000000080008009
+	.xword	0x000000008000000a
+	.xword	0x000000008000808b
 	.xword	0x800000000000008b
 	.xword	0x8000000000008089
 	.xword	0x8000000000008003
 	.xword	0x8000000000008002
 	.xword	0x8000000000000080
-	.xword	0x800a
+	.xword	0x000000000000800a
 	.xword	0x800000008000000a
 	.xword	0x8000000080008081
 	.xword	0x8000000000008080
-	.xword	0x80000001
+	.xword	0x0000000080000001
 	.xword	0x8000000080008008
 #ifndef __APPLE__
 .text
-.globl	BlockSha3
-.type	BlockSha3,@function
+.globl	BlockSha3_crypto
+.type	BlockSha3_crypto,@function
 .align	2
-BlockSha3:
+BlockSha3_crypto:
 #else
 .section	__TEXT,__text
-.globl	_BlockSha3
+.globl	_BlockSha3_crypto
 .p2align	2
-_BlockSha3:
+_BlockSha3_crypto:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-80]!
 	add	x29, sp, #0
@@ -204,9 +202,253 @@ L_sha3_crypto_begin:
 	ldp	x29, x30, [sp], #0x50
 	ret
 #ifndef __APPLE__
-	.size	BlockSha3,.-BlockSha3
+	.size	BlockSha3_crypto,.-BlockSha3_crypto
 #endif /* __APPLE__ */
 #endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+#ifndef __APPLE__
+	.text
+	.type	L_SHA3_transform_base_r, %object
+	.section	.rodata
+	.size	L_SHA3_transform_base_r, 192
+#else
+	.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+	.align	3
+#else
+	.p2align	3
+#endif /* __APPLE__ */
+L_SHA3_transform_base_r:
+	.xword	0x0000000000000001
+	.xword	0x0000000000008082
+	.xword	0x800000000000808a
+	.xword	0x8000000080008000
+	.xword	0x000000000000808b
+	.xword	0x0000000080000001
+	.xword	0x8000000080008081
+	.xword	0x8000000000008009
+	.xword	0x000000000000008a
+	.xword	0x0000000000000088
+	.xword	0x0000000080008009
+	.xword	0x000000008000000a
+	.xword	0x000000008000808b
+	.xword	0x800000000000008b
+	.xword	0x8000000000008089
+	.xword	0x8000000000008003
+	.xword	0x8000000000008002
+	.xword	0x8000000000000080
+	.xword	0x000000000000800a
+	.xword	0x800000008000000a
+	.xword	0x8000000080008081
+	.xword	0x8000000000008080
+	.xword	0x0000000080000001
+	.xword	0x8000000080008008
+#ifndef __APPLE__
+.text
+.globl	BlockSha3_base
+.type	BlockSha3_base,@function
+.align	2
+BlockSha3_base:
+#else
+.section	__TEXT,__text
+.globl	_BlockSha3_base
+.p2align	2
+_BlockSha3_base:
+#endif /* __APPLE__ */
+	stp	x29, x30, [sp, #-160]!
+	add	x29, sp, #0
+	stp	x17, x19, [x29, #72]
+	stp	x20, x21, [x29, #88]
+	stp	x22, x23, [x29, #104]
+	stp	x24, x25, [x29, #120]
+	stp	x26, x27, [x29, #136]
+	str	x28, [x29, #152]
+#ifndef __APPLE__
+	adrp x27, L_SHA3_transform_base_r
+	add  x27, x27, :lo12:L_SHA3_transform_base_r
+#else
+	adrp x27, L_SHA3_transform_base_r@PAGE
+	add  x27, x27, :lo12:L_SHA3_transform_base_r@PAGEOFF
+#endif /* __APPLE__ */
+	ldp	x1, x2, [x0]
+	ldp	x3, x4, [x0, #16]
+	ldp	x5, x6, [x0, #32]
+	ldp	x7, x8, [x0, #48]
+	ldp	x9, x10, [x0, #64]
+	ldp	x11, x12, [x0, #80]
+	ldp	x13, x14, [x0, #96]
+	ldp	x15, x16, [x0, #112]
+	ldp	x17, x19, [x0, #128]
+	ldp	x20, x21, [x0, #144]
+	ldp	x22, x23, [x0, #160]
+	ldp	x24, x25, [x0, #176]
+	ldr	x26, [x0, #192]
+	str	x0, [x29, #40]
+	mov	x28, #24
+	# Start of 24 rounds
+L_SHA3_transform_base_begin:
+	stp	x27, x28, [x29, #48]
+	eor	x0, x5, x10
+	eor	x30, x1, x6
+	eor	x28, x3, x8
+	eor	x0, x0, x15
+	eor	x30, x30, x11
+	eor	x28, x28, x13
+	eor	x0, x0, x21
+	eor	x30, x30, x16
+	eor	x28, x28, x19
+	eor	x0, x0, x26
+	eor	x30, x30, x22
+	eor	x28, x28, x24
+	str	x0, [x29, #32]
+	str	x28, [x29, #24]
+	eor	x27, x2, x7
+	eor	x28, x4, x9
+	eor	x27, x27, x12
+	eor	x28, x28, x14
+	eor	x27, x27, x17
+	eor	x28, x28, x20
+	eor	x27, x27, x23
+	eor	x28, x28, x25
+	eor	x0, x0, x27, ror 63
+	eor	x27, x27, x28, ror 63
+	eor	x1, x1, x0
+	eor	x6, x6, x0
+	eor	x11, x11, x0
+	eor	x16, x16, x0
+	eor	x22, x22, x0
+	eor	x3, x3, x27
+	eor	x8, x8, x27
+	eor	x13, x13, x27
+	eor	x19, x19, x27
+	eor	x24, x24, x27
+	ldr	x0, [x29, #32]
+	ldr	x27, [x29, #24]
+	eor	x28, x28, x30, ror 63
+	eor	x30, x30, x27, ror 63
+	eor	x27, x27, x0, ror 63
+	eor	x5, x5, x28
+	eor	x10, x10, x28
+	eor	x15, x15, x28
+	eor	x21, x21, x28
+	eor	x26, x26, x28
+	eor	x2, x2, x30
+	eor	x7, x7, x30
+	eor	x12, x12, x30
+	eor	x17, x17, x30
+	eor	x23, x23, x30
+	eor	x4, x4, x27
+	eor	x9, x9, x27
+	eor	x14, x14, x27
+	eor	x20, x20, x27
+	eor	x25, x25, x27
+	# Swap Rotate
+	ror	x0, x2, #63
+	ror	x2, x7, #20
+	ror	x7, x10, #44
+	ror	x10, x24, #3
+	ror	x24, x15, #25
+	ror	x15, x22, #46
+	ror	x22, x3, #2
+	ror	x3, x13, #21
+	ror	x13, x14, #39
+	ror	x14, x21, #56
+	ror	x21, x25, #8
+	ror	x25, x16, #23
+	ror	x16, x5, #37
+	ror	x5, x26, #50
+	ror	x26, x23, #62
+	ror	x23, x9, #9
+	ror	x9, x17, #19
+	ror	x17, x6, #28
+	ror	x6, x4, #36
+	ror	x4, x20, #43
+	ror	x20, x19, #49
+	ror	x19, x12, #54
+	ror	x12, x8, #58
+	ror	x8, x11, #61
+	# Row Mix
+	bic	x11, x3, x2
+	bic	x27, x4, x3
+	bic	x28, x1, x5
+	bic	x30, x2, x1
+	eor	x1, x1, x11
+	eor	x2, x2, x27
+	bic	x11, x5, x4
+	eor	x4, x4, x28
+	eor	x3, x3, x11
+	eor	x5, x5, x30
+	bic	x11, x8, x7
+	bic	x27, x9, x8
+	bic	x28, x6, x10
+	bic	x30, x7, x6
+	eor	x6, x6, x11
+	eor	x7, x7, x27
+	bic	x11, x10, x9
+	eor	x9, x9, x28
+	eor	x8, x8, x11
+	eor	x10, x10, x30
+	bic	x11, x13, x12
+	bic	x27, x14, x13
+	bic	x28, x0, x15
+	bic	x30, x12, x0
+	eor	x11, x0, x11
+	eor	x12, x12, x27
+	bic	x0, x15, x14
+	eor	x14, x14, x28
+	eor	x13, x13, x0
+	eor	x15, x15, x30
+	bic	x0, x19, x17
+	bic	x27, x20, x19
+	bic	x28, x16, x21
+	bic	x30, x17, x16
+	eor	x16, x16, x0
+	eor	x17, x17, x27
+	bic	x0, x21, x20
+	eor	x20, x20, x28
+	eor	x19, x19, x0
+	eor	x21, x21, x30
+	bic	x0, x24, x23
+	bic	x27, x25, x24
+	bic	x28, x22, x26
+	bic	x30, x23, x22
+	eor	x22, x22, x0
+	eor	x23, x23, x27
+	bic	x0, x26, x25
+	eor	x25, x25, x28
+	eor	x24, x24, x0
+	eor	x26, x26, x30
+	# Done transforming
+	ldp	x27, x28, [x29, #48]
+	ldr	x0, [x27], #8
+	subs	x28, x28, #1
+	eor	x1, x1, x0
+	bne	L_SHA3_transform_base_begin
+	ldr	x0, [x29, #40]
+	stp	x1, x2, [x0]
+	stp	x3, x4, [x0, #16]
+	stp	x5, x6, [x0, #32]
+	stp	x7, x8, [x0, #48]
+	stp	x9, x10, [x0, #64]
+	stp	x11, x12, [x0, #80]
+	stp	x13, x14, [x0, #96]
+	stp	x15, x16, [x0, #112]
+	stp	x17, x19, [x0, #128]
+	stp	x20, x21, [x0, #144]
+	stp	x22, x23, [x0, #160]
+	stp	x24, x25, [x0, #176]
+	str	x26, [x0, #192]
+	ldp	x17, x19, [x29, #72]
+	ldp	x20, x21, [x29, #88]
+	ldp	x22, x23, [x29, #104]
+	ldp	x24, x25, [x29, #120]
+	ldp	x26, x27, [x29, #136]
+	ldr	x28, [x29, #152]
+	ldp	x29, x30, [sp], #0xa0
+	ret
+#ifndef __APPLE__
+	.size	BlockSha3_base,.-BlockSha3_base
+#endif /* __APPLE__ */
 #endif /* WOLFSSL_SHA3 */
 #endif /* __aarch64__ */
 #endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
index bb4114d42..5dd5196e1 100644
--- a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-sha3-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,15 +19,13 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha3/sha3.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm.c
+ *   ruby ./sha3/sha3.rb arm64 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm.c
  */
 #ifdef WOLFSSL_ARMASM
 #ifdef __aarch64__
@@ -36,34 +34,22 @@
 
 #ifdef WOLFSSL_SHA3
 #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-static const uint64_t L_SHA3_transform_crypto_r[] = {
-    0x1UL,
-    0x8082UL,
-    0x800000000000808aUL,
-    0x8000000080008000UL,
-    0x808bUL,
-    0x80000001UL,
-    0x8000000080008081UL,
-    0x8000000000008009UL,
-    0x8aUL,
-    0x88UL,
-    0x80008009UL,
-    0x8000000aUL,
-    0x8000808bUL,
-    0x800000000000008bUL,
-    0x8000000000008089UL,
-    0x8000000000008003UL,
-    0x8000000000008002UL,
-    0x8000000000000080UL,
-    0x800aUL,
-    0x800000008000000aUL,
-    0x8000000080008081UL,
-    0x8000000000008080UL,
-    0x80000001UL,
-    0x8000000080008008UL,
+static const word64 L_SHA3_transform_crypto_r[] = {
+    0x0000000000000001, 0x0000000000008082,
+    0x800000000000808a, 0x8000000080008000,
+    0x000000000000808b, 0x0000000080000001,
+    0x8000000080008081, 0x8000000000008009,
+    0x000000000000008a, 0x0000000000000088,
+    0x0000000080008009, 0x000000008000000a,
+    0x000000008000808b, 0x800000000000008b,
+    0x8000000000008089, 0x8000000000008003,
+    0x8000000000008002, 0x8000000000000080,
+    0x000000000000800a, 0x800000008000000a,
+    0x8000000080008081, 0x8000000000008080,
+    0x0000000080000001, 0x8000000080008008,
 };
 
-void BlockSha3(unsigned long* state)
+void BlockSha3_crypto(word64* state)
 {
     __asm__ __volatile__ (
 #ifdef __APPLE__
@@ -177,11 +163,219 @@ void BlockSha3(unsigned long* state)
         "st1	{v24.1d}, [%x[state]]\n\t"
         : [state] "+r" (state)
         : [L_SHA3_transform_crypto_r] "S" (L_SHA3_transform_crypto_r)
-        : "memory", "x1", "x2", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+        : "memory", "cc", "x1", "x2", "v0", "v1", "v2", "v3", "v4", "v5", "v6",
+            "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16",
+            "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25",
+            "v26", "v27", "v28", "v29", "v30", "v31"
     );
 }
 
 #endif /* WOLFSSL_ARMASM_CRYPTO_SHA3 */
+static const word64 L_SHA3_transform_base_r[] = {
+    0x0000000000000001, 0x0000000000008082,
+    0x800000000000808a, 0x8000000080008000,
+    0x000000000000808b, 0x0000000080000001,
+    0x8000000080008081, 0x8000000000008009,
+    0x000000000000008a, 0x0000000000000088,
+    0x0000000080008009, 0x000000008000000a,
+    0x000000008000808b, 0x800000000000008b,
+    0x8000000000008089, 0x8000000000008003,
+    0x8000000000008002, 0x8000000000000080,
+    0x000000000000800a, 0x800000008000000a,
+    0x8000000080008081, 0x8000000000008080,
+    0x0000000080000001, 0x8000000080008008,
+};
+
+void BlockSha3_base(word64* state)
+{
+    __asm__ __volatile__ (
+        "stp	x29, x30, [sp, #-64]!\n\t"
+        "add	x29, sp, #0\n\t"
+#ifndef __APPLE__
+        "adrp x27, %[L_SHA3_transform_base_r]\n\t"
+        "add  x27, x27, :lo12:%[L_SHA3_transform_base_r]\n\t"
+#else
+        "adrp x27, %[L_SHA3_transform_base_r]@PAGE\n\t"
+        "add  x27, x27, %[L_SHA3_transform_base_r]@PAGEOFF\n\t"
+#endif /* __APPLE__ */
+        "ldp	x1, x2, [%x[state]]\n\t"
+        "ldp	x3, x4, [%x[state], #16]\n\t"
+        "ldp	x5, x6, [%x[state], #32]\n\t"
+        "ldp	x7, x8, [%x[state], #48]\n\t"
+        "ldp	x9, x10, [%x[state], #64]\n\t"
+        "ldp	x11, x12, [%x[state], #80]\n\t"
+        "ldp	x13, x14, [%x[state], #96]\n\t"
+        "ldp	x15, x16, [%x[state], #112]\n\t"
+        "ldp	x17, x19, [%x[state], #128]\n\t"
+        "ldp	x20, x21, [%x[state], #144]\n\t"
+        "ldp	x22, x23, [%x[state], #160]\n\t"
+        "ldp	x24, x25, [%x[state], #176]\n\t"
+        "ldr	x26, [%x[state], #192]\n\t"
+        "str	%x[state], [x29, #40]\n\t"
+        "mov	x28, #24\n\t"
+        /* Start of 24 rounds */
+        "\n"
+    "L_SHA3_transform_base_begin_%=: \n\t"
+        "stp	x27, x28, [x29, #48]\n\t"
+        "eor	%x[state], x5, x10\n\t"
+        "eor	x30, x1, x6\n\t"
+        "eor	x28, x3, x8\n\t"
+        "eor	%x[state], %x[state], x15\n\t"
+        "eor	x30, x30, x11\n\t"
+        "eor	x28, x28, x13\n\t"
+        "eor	%x[state], %x[state], x21\n\t"
+        "eor	x30, x30, x16\n\t"
+        "eor	x28, x28, x19\n\t"
+        "eor	%x[state], %x[state], x26\n\t"
+        "eor	x30, x30, x22\n\t"
+        "eor	x28, x28, x24\n\t"
+        "str	%x[state], [x29, #32]\n\t"
+        "str	x28, [x29, #24]\n\t"
+        "eor	x27, x2, x7\n\t"
+        "eor	x28, x4, x9\n\t"
+        "eor	x27, x27, x12\n\t"
+        "eor	x28, x28, x14\n\t"
+        "eor	x27, x27, x17\n\t"
+        "eor	x28, x28, x20\n\t"
+        "eor	x27, x27, x23\n\t"
+        "eor	x28, x28, x25\n\t"
+        "eor	%x[state], %x[state], x27, ror 63\n\t"
+        "eor	x27, x27, x28, ror 63\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "eor	x6, x6, %x[state]\n\t"
+        "eor	x11, x11, %x[state]\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "eor	x3, x3, x27\n\t"
+        "eor	x8, x8, x27\n\t"
+        "eor	x13, x13, x27\n\t"
+        "eor	x19, x19, x27\n\t"
+        "eor	x24, x24, x27\n\t"
+        "ldr	%x[state], [x29, #32]\n\t"
+        "ldr	x27, [x29, #24]\n\t"
+        "eor	x28, x28, x30, ror 63\n\t"
+        "eor	x30, x30, x27, ror 63\n\t"
+        "eor	x27, x27, %x[state], ror 63\n\t"
+        "eor	x5, x5, x28\n\t"
+        "eor	x10, x10, x28\n\t"
+        "eor	x15, x15, x28\n\t"
+        "eor	x21, x21, x28\n\t"
+        "eor	x26, x26, x28\n\t"
+        "eor	x2, x2, x30\n\t"
+        "eor	x7, x7, x30\n\t"
+        "eor	x12, x12, x30\n\t"
+        "eor	x17, x17, x30\n\t"
+        "eor	x23, x23, x30\n\t"
+        "eor	x4, x4, x27\n\t"
+        "eor	x9, x9, x27\n\t"
+        "eor	x14, x14, x27\n\t"
+        "eor	x20, x20, x27\n\t"
+        "eor	x25, x25, x27\n\t"
+        /* Swap Rotate */
+        "ror	%x[state], x2, #63\n\t"
+        "ror	x2, x7, #20\n\t"
+        "ror	x7, x10, #44\n\t"
+        "ror	x10, x24, #3\n\t"
+        "ror	x24, x15, #25\n\t"
+        "ror	x15, x22, #46\n\t"
+        "ror	x22, x3, #2\n\t"
+        "ror	x3, x13, #21\n\t"
+        "ror	x13, x14, #39\n\t"
+        "ror	x14, x21, #56\n\t"
+        "ror	x21, x25, #8\n\t"
+        "ror	x25, x16, #23\n\t"
+        "ror	x16, x5, #37\n\t"
+        "ror	x5, x26, #50\n\t"
+        "ror	x26, x23, #62\n\t"
+        "ror	x23, x9, #9\n\t"
+        "ror	x9, x17, #19\n\t"
+        "ror	x17, x6, #28\n\t"
+        "ror	x6, x4, #36\n\t"
+        "ror	x4, x20, #43\n\t"
+        "ror	x20, x19, #49\n\t"
+        "ror	x19, x12, #54\n\t"
+        "ror	x12, x8, #58\n\t"
+        "ror	x8, x11, #61\n\t"
+        /* Row Mix */
+        "bic	x11, x3, x2\n\t"
+        "bic	x27, x4, x3\n\t"
+        "bic	x28, x1, x5\n\t"
+        "bic	x30, x2, x1\n\t"
+        "eor	x1, x1, x11\n\t"
+        "eor	x2, x2, x27\n\t"
+        "bic	x11, x5, x4\n\t"
+        "eor	x4, x4, x28\n\t"
+        "eor	x3, x3, x11\n\t"
+        "eor	x5, x5, x30\n\t"
+        "bic	x11, x8, x7\n\t"
+        "bic	x27, x9, x8\n\t"
+        "bic	x28, x6, x10\n\t"
+        "bic	x30, x7, x6\n\t"
+        "eor	x6, x6, x11\n\t"
+        "eor	x7, x7, x27\n\t"
+        "bic	x11, x10, x9\n\t"
+        "eor	x9, x9, x28\n\t"
+        "eor	x8, x8, x11\n\t"
+        "eor	x10, x10, x30\n\t"
+        "bic	x11, x13, x12\n\t"
+        "bic	x27, x14, x13\n\t"
+        "bic	x28, %x[state], x15\n\t"
+        "bic	x30, x12, %x[state]\n\t"
+        "eor	x11, %x[state], x11\n\t"
+        "eor	x12, x12, x27\n\t"
+        "bic	%x[state], x15, x14\n\t"
+        "eor	x14, x14, x28\n\t"
+        "eor	x13, x13, %x[state]\n\t"
+        "eor	x15, x15, x30\n\t"
+        "bic	%x[state], x19, x17\n\t"
+        "bic	x27, x20, x19\n\t"
+        "bic	x28, x16, x21\n\t"
+        "bic	x30, x17, x16\n\t"
+        "eor	x16, x16, %x[state]\n\t"
+        "eor	x17, x17, x27\n\t"
+        "bic	%x[state], x21, x20\n\t"
+        "eor	x20, x20, x28\n\t"
+        "eor	x19, x19, %x[state]\n\t"
+        "eor	x21, x21, x30\n\t"
+        "bic	%x[state], x24, x23\n\t"
+        "bic	x27, x25, x24\n\t"
+        "bic	x28, x22, x26\n\t"
+        "bic	x30, x23, x22\n\t"
+        "eor	x22, x22, %x[state]\n\t"
+        "eor	x23, x23, x27\n\t"
+        "bic	%x[state], x26, x25\n\t"
+        "eor	x25, x25, x28\n\t"
+        "eor	x24, x24, %x[state]\n\t"
+        "eor	x26, x26, x30\n\t"
+        /* Done transforming */
+        "ldp	x27, x28, [x29, #48]\n\t"
+        "ldr	%x[state], [x27], #8\n\t"
+        "subs	x28, x28, #1\n\t"
+        "eor	x1, x1, %x[state]\n\t"
+        "bne	L_SHA3_transform_base_begin_%=\n\t"
+        "ldr	%x[state], [x29, #40]\n\t"
+        "stp	x1, x2, [%x[state]]\n\t"
+        "stp	x3, x4, [%x[state], #16]\n\t"
+        "stp	x5, x6, [%x[state], #32]\n\t"
+        "stp	x7, x8, [%x[state], #48]\n\t"
+        "stp	x9, x10, [%x[state], #64]\n\t"
+        "stp	x11, x12, [%x[state], #80]\n\t"
+        "stp	x13, x14, [%x[state], #96]\n\t"
+        "stp	x15, x16, [%x[state], #112]\n\t"
+        "stp	x17, x19, [%x[state], #128]\n\t"
+        "stp	x20, x21, [%x[state], #144]\n\t"
+        "stp	x22, x23, [%x[state], #160]\n\t"
+        "stp	x24, x25, [%x[state], #176]\n\t"
+        "str	x26, [%x[state], #192]\n\t"
+        "ldp	x29, x30, [sp], #0x40\n\t"
+        : [state] "+r" (state)
+        : [L_SHA3_transform_base_r] "S" (L_SHA3_transform_base_r)
+        : "memory", "cc", "x1", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9",
+            "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19",
+            "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28"
+    );
+}
+
 #endif /* WOLFSSL_SHA3 */
 #endif /* __aarch64__ */
 #endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-sha512-asm.S
index 5ff72c37b..dae600b5b 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-sha512-asm.S
@@ -1,6 +1,6 @@
 /* armv8-sha512-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,20 +19,17 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha512.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.S
+ *   ruby ./sha2/sha512.rb arm64 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.S
  */
 #ifdef WOLFSSL_ARMASM
 #ifdef __aarch64__
 #ifndef WOLFSSL_ARMASM_INLINE
-#ifdef WOLFSSL_SHA512
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA512
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 #ifndef __APPLE__
 	.text
 	.type	L_SHA512_transform_neon_len_k, %object
@@ -65,7 +62,7 @@ L_SHA512_transform_neon_len_k:
 	.xword	0xc19bf174cf692694
 	.xword	0xe49b69c19ef14ad2
 	.xword	0xefbe4786384f25e3
-	.xword	0xfc19dc68b8cd5b5
+	.xword	0x0fc19dc68b8cd5b5
 	.xword	0x240ca1cc77ac9c65
 	.xword	0x2de92c6f592b0275
 	.xword	0x4a7484aa6ea6e483
@@ -77,7 +74,7 @@ L_SHA512_transform_neon_len_k:
 	.xword	0xbf597fc7beef0ee4
 	.xword	0xc6e00bf33da88fc2
 	.xword	0xd5a79147930aa725
-	.xword	0x6ca6351e003826f
+	.xword	0x06ca6351e003826f
 	.xword	0x142929670a0e6e70
 	.xword	0x27b70a8546d22ffc
 	.xword	0x2e1b21385c26c926
@@ -115,8 +112,8 @@ L_SHA512_transform_neon_len_k:
 	.xword	0xd186b8c721c0c207
 	.xword	0xeada7dd6cde0eb1e
 	.xword	0xf57d4f7fee6ed178
-	.xword	0x6f067aa72176fba
-	.xword	0xa637dc5a2c898a6
+	.xword	0x06f067aa72176fba
+	.xword	0x0a637dc5a2c898a6
 	.xword	0x113f9804bef90dae
 	.xword	0x1b710b35131c471b
 	.xword	0x28db77f523047d84
@@ -129,9 +126,9 @@ L_SHA512_transform_neon_len_k:
 	.xword	0x6c44198c4a475817
 #ifndef __APPLE__
 	.text
-	.type	L_SHA512_transform_neon_len_ror8, %object
+	.type	L_SHA512_transform_neon_len_r8, %object
 	.section	.rodata
-	.size	L_SHA512_transform_neon_len_ror8, 16
+	.size	L_SHA512_transform_neon_len_r8, 16
 #else
 	.section	__DATA,__data
 #endif /* __APPLE__ */
@@ -140,7 +137,7 @@ L_SHA512_transform_neon_len_k:
 #else
 	.p2align	4
 #endif /* __APPLE__ */
-L_SHA512_transform_neon_len_ror8:
+L_SHA512_transform_neon_len_r8:
 	.xword	0x7060504030201, 0x80f0e0d0c0b0a09
 #ifndef __APPLE__
 .text
@@ -156,8 +153,7 @@ _Transform_Sha512_Len_neon:
 #endif /* __APPLE__ */
 	stp	x29, x30, [sp, #-128]!
 	add	x29, sp, #0
-	str	x17, [x29, #16]
-	str	x19, [x29, #24]
+	stp	x17, x19, [x29, #16]
 	stp	x20, x21, [x29, #32]
 	stp	x22, x23, [x29, #48]
 	stp	x24, x25, [x29, #64]
@@ -172,11 +168,11 @@ _Transform_Sha512_Len_neon:
 	add  x3, x3, :lo12:L_SHA512_transform_neon_len_k@PAGEOFF
 #endif /* __APPLE__ */
 #ifndef __APPLE__
-	adrp x27, L_SHA512_transform_neon_len_ror8
-	add  x27, x27, :lo12:L_SHA512_transform_neon_len_ror8
+	adrp x27, L_SHA512_transform_neon_len_r8
+	add  x27, x27, :lo12:L_SHA512_transform_neon_len_r8
 #else
-	adrp x27, L_SHA512_transform_neon_len_ror8@PAGE
-	add  x27, x27, :lo12:L_SHA512_transform_neon_len_ror8@PAGEOFF
+	adrp x27, L_SHA512_transform_neon_len_r8@PAGE
+	add  x27, x27, :lo12:L_SHA512_transform_neon_len_r8@PAGEOFF
 #endif /* __APPLE__ */
 	ld1	{v11.16b}, [x27]
 	# Load digest into working vars
@@ -1082,8 +1078,7 @@ L_sha512_len_neon_start:
 	stp	x6, x7, [x0, #16]
 	stp	x8, x9, [x0, #32]
 	stp	x10, x11, [x0, #48]
-	ldr	x17, [x29, #16]
-	ldr	x19, [x29, #24]
+	ldp	x17, x19, [x29, #16]
 	ldp	x20, x21, [x29, #32]
 	ldp	x22, x23, [x29, #48]
 	ldp	x24, x25, [x29, #64]
@@ -1095,12 +1090,12 @@ L_sha512_len_neon_start:
 #ifndef __APPLE__
 	.size	Transform_Sha512_Len_neon,.-Transform_Sha512_Len_neon
 #endif /* __APPLE__ */
-#else
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
 #ifndef __APPLE__
 	.text
-	.type	L_SHA512_transform_crypto_len_k, %object
+	.type	L_SHA512_trans_crypto_len_k, %object
 	.section	.rodata
-	.size	L_SHA512_transform_crypto_len_k, 640
+	.size	L_SHA512_trans_crypto_len_k, 640
 #else
 	.section	__DATA,__data
 #endif /* __APPLE__ */
@@ -1109,7 +1104,7 @@ L_sha512_len_neon_start:
 #else
 	.p2align	3
 #endif /* __APPLE__ */
-L_SHA512_transform_crypto_len_k:
+L_SHA512_trans_crypto_len_k:
 	.xword	0x428a2f98d728ae22
 	.xword	0x7137449123ef65cd
 	.xword	0xb5c0fbcfec4d3b2f
@@ -1128,7 +1123,7 @@ L_SHA512_transform_crypto_len_k:
 	.xword	0xc19bf174cf692694
 	.xword	0xe49b69c19ef14ad2
 	.xword	0xefbe4786384f25e3
-	.xword	0xfc19dc68b8cd5b5
+	.xword	0x0fc19dc68b8cd5b5
 	.xword	0x240ca1cc77ac9c65
 	.xword	0x2de92c6f592b0275
 	.xword	0x4a7484aa6ea6e483
@@ -1140,7 +1135,7 @@ L_SHA512_transform_crypto_len_k:
 	.xword	0xbf597fc7beef0ee4
 	.xword	0xc6e00bf33da88fc2
 	.xword	0xd5a79147930aa725
-	.xword	0x6ca6351e003826f
+	.xword	0x06ca6351e003826f
 	.xword	0x142929670a0e6e70
 	.xword	0x27b70a8546d22ffc
 	.xword	0x2e1b21385c26c926
@@ -1178,8 +1173,8 @@ L_SHA512_transform_crypto_len_k:
 	.xword	0xd186b8c721c0c207
 	.xword	0xeada7dd6cde0eb1e
 	.xword	0xf57d4f7fee6ed178
-	.xword	0x6f067aa72176fba
-	.xword	0xa637dc5a2c898a6
+	.xword	0x06f067aa72176fba
+	.xword	0x0a637dc5a2c898a6
 	.xword	0x113f9804bef90dae
 	.xword	0x1b710b35131c471b
 	.xword	0x28db77f523047d84
@@ -1212,11 +1207,11 @@ _Transform_Sha512_Len_crypto:
 .arch_extension sha3
 #endif /* __APPLE__ */
 #ifndef __APPLE__
-	adrp x4, L_SHA512_transform_crypto_len_k
-	add  x4, x4, :lo12:L_SHA512_transform_crypto_len_k
+	adrp x4, L_SHA512_trans_crypto_len_k
+	add  x4, x4, :lo12:L_SHA512_trans_crypto_len_k
 #else
-	adrp x4, L_SHA512_transform_crypto_len_k@PAGE
-	add  x4, x4, :lo12:L_SHA512_transform_crypto_len_k@PAGEOFF
+	adrp x4, L_SHA512_trans_crypto_len_k@PAGE
+	add  x4, x4, :lo12:L_SHA512_trans_crypto_len_k@PAGEOFF
 #endif /* __APPLE__ */
 	# Load first 16 64-bit words of K permanently
 	ld1	{v8.2d, v9.2d, v10.2d, v11.2d}, [x4], #0x40
@@ -1733,7 +1728,7 @@ L_sha512_len_crypto_begin:
 	.size	Transform_Sha512_Len_crypto,.-Transform_Sha512_Len_crypto
 #endif /* __APPLE__ */
 #endif /* WOLFSSL_ARMASM_CRYPTO_SHA512 */
-#endif /* WOLFSSL_SHA512 */
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
 #endif /* __aarch64__ */
 #endif /* WOLFSSL_ARMASM */
 
diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
index ba7dc82e0..0697763e6 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
@@ -1,6 +1,6 @@
 /* armv8-sha512-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,109 +19,65 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha512.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.c
+ *   ruby ./sha2/sha512.rb arm64 \
+ *       ../wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.c
  */
 #ifdef WOLFSSL_ARMASM
 #ifdef __aarch64__
 #ifdef WOLFSSL_ARMASM_INLINE
 #include <wolfssl/wolfcrypt/sha512.h>
 
-#ifdef WOLFSSL_SHA512
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA512
-static const uint64_t L_SHA512_transform_neon_len_k[] = {
-    0x428a2f98d728ae22UL,
-    0x7137449123ef65cdUL,
-    0xb5c0fbcfec4d3b2fUL,
-    0xe9b5dba58189dbbcUL,
-    0x3956c25bf348b538UL,
-    0x59f111f1b605d019UL,
-    0x923f82a4af194f9bUL,
-    0xab1c5ed5da6d8118UL,
-    0xd807aa98a3030242UL,
-    0x12835b0145706fbeUL,
-    0x243185be4ee4b28cUL,
-    0x550c7dc3d5ffb4e2UL,
-    0x72be5d74f27b896fUL,
-    0x80deb1fe3b1696b1UL,
-    0x9bdc06a725c71235UL,
-    0xc19bf174cf692694UL,
-    0xe49b69c19ef14ad2UL,
-    0xefbe4786384f25e3UL,
-    0xfc19dc68b8cd5b5UL,
-    0x240ca1cc77ac9c65UL,
-    0x2de92c6f592b0275UL,
-    0x4a7484aa6ea6e483UL,
-    0x5cb0a9dcbd41fbd4UL,
-    0x76f988da831153b5UL,
-    0x983e5152ee66dfabUL,
-    0xa831c66d2db43210UL,
-    0xb00327c898fb213fUL,
-    0xbf597fc7beef0ee4UL,
-    0xc6e00bf33da88fc2UL,
-    0xd5a79147930aa725UL,
-    0x6ca6351e003826fUL,
-    0x142929670a0e6e70UL,
-    0x27b70a8546d22ffcUL,
-    0x2e1b21385c26c926UL,
-    0x4d2c6dfc5ac42aedUL,
-    0x53380d139d95b3dfUL,
-    0x650a73548baf63deUL,
-    0x766a0abb3c77b2a8UL,
-    0x81c2c92e47edaee6UL,
-    0x92722c851482353bUL,
-    0xa2bfe8a14cf10364UL,
-    0xa81a664bbc423001UL,
-    0xc24b8b70d0f89791UL,
-    0xc76c51a30654be30UL,
-    0xd192e819d6ef5218UL,
-    0xd69906245565a910UL,
-    0xf40e35855771202aUL,
-    0x106aa07032bbd1b8UL,
-    0x19a4c116b8d2d0c8UL,
-    0x1e376c085141ab53UL,
-    0x2748774cdf8eeb99UL,
-    0x34b0bcb5e19b48a8UL,
-    0x391c0cb3c5c95a63UL,
-    0x4ed8aa4ae3418acbUL,
-    0x5b9cca4f7763e373UL,
-    0x682e6ff3d6b2b8a3UL,
-    0x748f82ee5defb2fcUL,
-    0x78a5636f43172f60UL,
-    0x84c87814a1f0ab72UL,
-    0x8cc702081a6439ecUL,
-    0x90befffa23631e28UL,
-    0xa4506cebde82bde9UL,
-    0xbef9a3f7b2c67915UL,
-    0xc67178f2e372532bUL,
-    0xca273eceea26619cUL,
-    0xd186b8c721c0c207UL,
-    0xeada7dd6cde0eb1eUL,
-    0xf57d4f7fee6ed178UL,
-    0x6f067aa72176fbaUL,
-    0xa637dc5a2c898a6UL,
-    0x113f9804bef90daeUL,
-    0x1b710b35131c471bUL,
-    0x28db77f523047d84UL,
-    0x32caab7b40c72493UL,
-    0x3c9ebe0a15c9bebcUL,
-    0x431d67c49c100d4cUL,
-    0x4cc5d4becb3e42b6UL,
-    0x597f299cfc657e2aUL,
-    0x5fcb6fab3ad6faecUL,
-    0x6c44198c4a475817UL,
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
+static const word64 L_SHA512_transform_neon_len_k[] = {
+    0x428a2f98d728ae22, 0x7137449123ef65cd,
+    0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,
+    0x3956c25bf348b538, 0x59f111f1b605d019,
+    0x923f82a4af194f9b, 0xab1c5ed5da6d8118,
+    0xd807aa98a3030242, 0x12835b0145706fbe,
+    0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
+    0x72be5d74f27b896f, 0x80deb1fe3b1696b1,
+    0x9bdc06a725c71235, 0xc19bf174cf692694,
+    0xe49b69c19ef14ad2, 0xefbe4786384f25e3,
+    0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
+    0x2de92c6f592b0275, 0x4a7484aa6ea6e483,
+    0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
+    0x983e5152ee66dfab, 0xa831c66d2db43210,
+    0xb00327c898fb213f, 0xbf597fc7beef0ee4,
+    0xc6e00bf33da88fc2, 0xd5a79147930aa725,
+    0x06ca6351e003826f, 0x142929670a0e6e70,
+    0x27b70a8546d22ffc, 0x2e1b21385c26c926,
+    0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
+    0x650a73548baf63de, 0x766a0abb3c77b2a8,
+    0x81c2c92e47edaee6, 0x92722c851482353b,
+    0xa2bfe8a14cf10364, 0xa81a664bbc423001,
+    0xc24b8b70d0f89791, 0xc76c51a30654be30,
+    0xd192e819d6ef5218, 0xd69906245565a910,
+    0xf40e35855771202a, 0x106aa07032bbd1b8,
+    0x19a4c116b8d2d0c8, 0x1e376c085141ab53,
+    0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8,
+    0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb,
+    0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3,
+    0x748f82ee5defb2fc, 0x78a5636f43172f60,
+    0x84c87814a1f0ab72, 0x8cc702081a6439ec,
+    0x90befffa23631e28, 0xa4506cebde82bde9,
+    0xbef9a3f7b2c67915, 0xc67178f2e372532b,
+    0xca273eceea26619c, 0xd186b8c721c0c207,
+    0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178,
+    0x06f067aa72176fba, 0x0a637dc5a2c898a6,
+    0x113f9804bef90dae, 0x1b710b35131c471b,
+    0x28db77f523047d84, 0x32caab7b40c72493,
+    0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c,
+    0x4cc5d4becb3e42b6, 0x597f299cfc657e2a,
+    0x5fcb6fab3ad6faec, 0x6c44198c4a475817,
 };
 
-static const uint64_t L_SHA512_transform_neon_len_ror8[] = {
-    0x7060504030201UL,
-    0x80f0e0d0c0b0a09UL,
+static const word64 L_SHA512_transform_neon_len_r8[] = {
+    0x0007060504030201, 0x080f0e0d0c0b0a09,
 };
 
 void Transform_Sha512_Len_neon(wc_Sha512* sha512, const byte* data, word32 len)
@@ -135,11 +91,11 @@ void Transform_Sha512_Len_neon(wc_Sha512* sha512, const byte* data, word32 len)
         "add  x3, x3, %[L_SHA512_transform_neon_len_k]@PAGEOFF\n\t"
 #endif /* __APPLE__ */
 #ifndef __APPLE__
-        "adrp x27, %[L_SHA512_transform_neon_len_ror8]\n\t"
-        "add  x27, x27, :lo12:%[L_SHA512_transform_neon_len_ror8]\n\t"
+        "adrp x27, %[L_SHA512_transform_neon_len_r8]\n\t"
+        "add  x27, x27, :lo12:%[L_SHA512_transform_neon_len_r8]\n\t"
 #else
-        "adrp x27, %[L_SHA512_transform_neon_len_ror8]@PAGE\n\t"
-        "add  x27, x27, %[L_SHA512_transform_neon_len_ror8]@PAGEOFF\n\t"
+        "adrp x27, %[L_SHA512_transform_neon_len_r8]@PAGE\n\t"
+        "add  x27, x27, %[L_SHA512_transform_neon_len_r8]@PAGEOFF\n\t"
 #endif /* __APPLE__ */
         "ld1	{v11.16b}, [x27]\n\t"
         /* Load digest into working vars */
@@ -1048,108 +1004,74 @@ void Transform_Sha512_Len_neon(wc_Sha512* sha512, const byte* data, word32 len)
         "stp	x8, x9, [%x[sha512], #32]\n\t"
         "stp	x10, x11, [%x[sha512], #48]\n\t"
         : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len)
-        : [L_SHA512_transform_neon_len_k] "S" (L_SHA512_transform_neon_len_k), [L_SHA512_transform_neon_len_ror8] "S" (L_SHA512_transform_neon_len_ror8)
-        : "memory", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "cc"
+        : [L_SHA512_transform_neon_len_k] "S" (L_SHA512_transform_neon_len_k),
+          [L_SHA512_transform_neon_len_r8] "S" (L_SHA512_transform_neon_len_r8)
+        : "memory", "cc", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10",
+            "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20",
+            "x21", "x22", "x23", "x24", "x25", "x26", "x27", "v0", "v1", "v2",
+            "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11"
     );
 }
 
-#else
-static const uint64_t L_SHA512_transform_crypto_len_k[] = {
-    0x428a2f98d728ae22UL,
-    0x7137449123ef65cdUL,
-    0xb5c0fbcfec4d3b2fUL,
-    0xe9b5dba58189dbbcUL,
-    0x3956c25bf348b538UL,
-    0x59f111f1b605d019UL,
-    0x923f82a4af194f9bUL,
-    0xab1c5ed5da6d8118UL,
-    0xd807aa98a3030242UL,
-    0x12835b0145706fbeUL,
-    0x243185be4ee4b28cUL,
-    0x550c7dc3d5ffb4e2UL,
-    0x72be5d74f27b896fUL,
-    0x80deb1fe3b1696b1UL,
-    0x9bdc06a725c71235UL,
-    0xc19bf174cf692694UL,
-    0xe49b69c19ef14ad2UL,
-    0xefbe4786384f25e3UL,
-    0xfc19dc68b8cd5b5UL,
-    0x240ca1cc77ac9c65UL,
-    0x2de92c6f592b0275UL,
-    0x4a7484aa6ea6e483UL,
-    0x5cb0a9dcbd41fbd4UL,
-    0x76f988da831153b5UL,
-    0x983e5152ee66dfabUL,
-    0xa831c66d2db43210UL,
-    0xb00327c898fb213fUL,
-    0xbf597fc7beef0ee4UL,
-    0xc6e00bf33da88fc2UL,
-    0xd5a79147930aa725UL,
-    0x6ca6351e003826fUL,
-    0x142929670a0e6e70UL,
-    0x27b70a8546d22ffcUL,
-    0x2e1b21385c26c926UL,
-    0x4d2c6dfc5ac42aedUL,
-    0x53380d139d95b3dfUL,
-    0x650a73548baf63deUL,
-    0x766a0abb3c77b2a8UL,
-    0x81c2c92e47edaee6UL,
-    0x92722c851482353bUL,
-    0xa2bfe8a14cf10364UL,
-    0xa81a664bbc423001UL,
-    0xc24b8b70d0f89791UL,
-    0xc76c51a30654be30UL,
-    0xd192e819d6ef5218UL,
-    0xd69906245565a910UL,
-    0xf40e35855771202aUL,
-    0x106aa07032bbd1b8UL,
-    0x19a4c116b8d2d0c8UL,
-    0x1e376c085141ab53UL,
-    0x2748774cdf8eeb99UL,
-    0x34b0bcb5e19b48a8UL,
-    0x391c0cb3c5c95a63UL,
-    0x4ed8aa4ae3418acbUL,
-    0x5b9cca4f7763e373UL,
-    0x682e6ff3d6b2b8a3UL,
-    0x748f82ee5defb2fcUL,
-    0x78a5636f43172f60UL,
-    0x84c87814a1f0ab72UL,
-    0x8cc702081a6439ecUL,
-    0x90befffa23631e28UL,
-    0xa4506cebde82bde9UL,
-    0xbef9a3f7b2c67915UL,
-    0xc67178f2e372532bUL,
-    0xca273eceea26619cUL,
-    0xd186b8c721c0c207UL,
-    0xeada7dd6cde0eb1eUL,
-    0xf57d4f7fee6ed178UL,
-    0x6f067aa72176fbaUL,
-    0xa637dc5a2c898a6UL,
-    0x113f9804bef90daeUL,
-    0x1b710b35131c471bUL,
-    0x28db77f523047d84UL,
-    0x32caab7b40c72493UL,
-    0x3c9ebe0a15c9bebcUL,
-    0x431d67c49c100d4cUL,
-    0x4cc5d4becb3e42b6UL,
-    0x597f299cfc657e2aUL,
-    0x5fcb6fab3ad6faecUL,
-    0x6c44198c4a475817UL,
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
+static const word64 L_SHA512_trans_crypto_len_k[] = {
+    0x428a2f98d728ae22, 0x7137449123ef65cd,
+    0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,
+    0x3956c25bf348b538, 0x59f111f1b605d019,
+    0x923f82a4af194f9b, 0xab1c5ed5da6d8118,
+    0xd807aa98a3030242, 0x12835b0145706fbe,
+    0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
+    0x72be5d74f27b896f, 0x80deb1fe3b1696b1,
+    0x9bdc06a725c71235, 0xc19bf174cf692694,
+    0xe49b69c19ef14ad2, 0xefbe4786384f25e3,
+    0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
+    0x2de92c6f592b0275, 0x4a7484aa6ea6e483,
+    0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
+    0x983e5152ee66dfab, 0xa831c66d2db43210,
+    0xb00327c898fb213f, 0xbf597fc7beef0ee4,
+    0xc6e00bf33da88fc2, 0xd5a79147930aa725,
+    0x06ca6351e003826f, 0x142929670a0e6e70,
+    0x27b70a8546d22ffc, 0x2e1b21385c26c926,
+    0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
+    0x650a73548baf63de, 0x766a0abb3c77b2a8,
+    0x81c2c92e47edaee6, 0x92722c851482353b,
+    0xa2bfe8a14cf10364, 0xa81a664bbc423001,
+    0xc24b8b70d0f89791, 0xc76c51a30654be30,
+    0xd192e819d6ef5218, 0xd69906245565a910,
+    0xf40e35855771202a, 0x106aa07032bbd1b8,
+    0x19a4c116b8d2d0c8, 0x1e376c085141ab53,
+    0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8,
+    0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb,
+    0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3,
+    0x748f82ee5defb2fc, 0x78a5636f43172f60,
+    0x84c87814a1f0ab72, 0x8cc702081a6439ec,
+    0x90befffa23631e28, 0xa4506cebde82bde9,
+    0xbef9a3f7b2c67915, 0xc67178f2e372532b,
+    0xca273eceea26619c, 0xd186b8c721c0c207,
+    0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178,
+    0x06f067aa72176fba, 0x0a637dc5a2c898a6,
+    0x113f9804bef90dae, 0x1b710b35131c471b,
+    0x28db77f523047d84, 0x32caab7b40c72493,
+    0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c,
+    0x4cc5d4becb3e42b6, 0x597f299cfc657e2a,
+    0x5fcb6fab3ad6faec, 0x6c44198c4a475817,
 };
 
-void Transform_Sha512_Len_crypto(wc_Sha512* sha512, const byte* data, word32 len);
-void Transform_Sha512_Len_crypto(wc_Sha512* sha512, const byte* data, word32 len)
+void Transform_Sha512_Len_crypto(wc_Sha512* sha512, const byte* data,
+    word32 len);
+void Transform_Sha512_Len_crypto(wc_Sha512* sha512, const byte* data,
+    word32 len)
 {
     __asm__ __volatile__ (
 #ifdef __APPLE__
     ".arch_extension sha3\n\t"
 #endif /* __APPLE__ */
 #ifndef __APPLE__
-        "adrp x4, %[L_SHA512_transform_crypto_len_k]\n\t"
-        "add  x4, x4, :lo12:%[L_SHA512_transform_crypto_len_k]\n\t"
+        "adrp x4, %[L_SHA512_trans_crypto_len_k]\n\t"
+        "add  x4, x4, :lo12:%[L_SHA512_trans_crypto_len_k]\n\t"
 #else
-        "adrp x4, %[L_SHA512_transform_crypto_len_k]@PAGE\n\t"
-        "add  x4, x4, %[L_SHA512_transform_crypto_len_k]@PAGEOFF\n\t"
+        "adrp x4, %[L_SHA512_trans_crypto_len_k]@PAGE\n\t"
+        "add  x4, x4, %[L_SHA512_trans_crypto_len_k]@PAGEOFF\n\t"
 #endif /* __APPLE__ */
         /* Load first 16 64-bit words of K permanently */
         "ld1	{v8.2d, v9.2d, v10.2d, v11.2d}, [x4], #0x40\n\t"
@@ -1658,13 +1580,16 @@ void Transform_Sha512_Len_crypto(wc_Sha512* sha512, const byte* data, word32 len
         /* Store digest back */
         "st1	{v24.2d, v25.2d, v26.2d, v27.2d}, [%x[sha512]]\n\t"
         : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len)
-        : [L_SHA512_transform_crypto_len_k] "S" (L_SHA512_transform_crypto_len_k)
-        : "memory", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31", "cc"
+        : [L_SHA512_trans_crypto_len_k] "S" (L_SHA512_trans_crypto_len_k)
+        : "memory", "cc", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", "v6",
+            "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16",
+            "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25",
+            "v26", "v27", "v28", "v29", "v30", "v31"
     );
 }
 
 #endif /* WOLFSSL_ARMASM_CRYPTO_SHA512 */
-#endif /* WOLFSSL_SHA512 */
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
 #endif /* __aarch64__ */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/armv8-sha512.c b/wolfcrypt/src/port/arm/armv8-sha512.c
index 145f6b5eb..dfc679df0 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512.c
+++ b/wolfcrypt/src/port/arm/armv8-sha512.c
@@ -1,6 +1,6 @@
 /* sha512.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_ARMASM
 #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
@@ -47,11 +43,9 @@
         return 0;
     }
 #endif
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
 #include <wolfssl/wolfcrypt/hash.h>
 
-#include <wolfssl/wolfcrypt/logging.h>
-
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -62,6 +56,11 @@
 #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
 
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM_CRYPTO_SHA512)
+static word32 cpuid_flags = 0;
+static int cpuid_flags_set = 0;
+#endif
+
 #ifdef WOLFSSL_SHA512
 
 static int InitSha512(wc_Sha512* sha512)
@@ -172,6 +171,10 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     sha512->W = NULL;
 #endif
+#ifdef WOLF_CRYPTO_CB
+    sha512->devId = devId;
+    sha512->devCtx = NULL;
+#endif
 
     if (type == WC_HASH_TYPE_SHA512) {
         ret = InitSha512(sha512);
@@ -194,6 +197,13 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
     if (ret != 0)
         return ret;
 
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM_CRYPTO_SHA512)
+    if (!cpuid_flags_set) {
+        cpuid_flags = cpuid_get_flags();
+        cpuid_flags_set = 1;
+    }
+#endif
+
     (void)devId;
 
     return ret;
@@ -201,6 +211,12 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
 
 int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
 {
+#ifdef MAX3266X_SHA_CB
+    if (wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)) != 0) {
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     return InitSha512_Family(sha512, heap, devId, WC_HASH_TYPE_SHA512);
 }
 
@@ -353,7 +369,8 @@ static void Transform_Sha512(wc_Sha512* sha512)
 #undef DATA
 
 #define DATA    ((word64*)data)
-static void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
+static void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data,
+    word32 len)
 {
     const word64* K = K512;
     word32 j;
@@ -422,6 +439,22 @@ static void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len
 }
 #undef DATA
 
+#elif defined(__aarch64__)
+
+static WC_INLINE void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data,
+    word32 len)
+{
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
+    if (IS_AARCH64_SHA512(cpuid_flags)) {
+        Transform_Sha512_Len_crypto(sha512, data, len);
+    }
+    else
+#endif
+    {
+        Transform_Sha512_Len_neon(sha512, data, len);
+    }
+}
+
 #endif
 
 
@@ -432,7 +465,8 @@ static WC_INLINE void AddLength(wc_Sha512* sha512, word32 len)
         sha512->hiLen++;                       /* carry low to high */
 }
 
-static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
+static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data,
+    word32 len)
 {
     int ret = 0;
     /* do block size increments */
@@ -508,6 +542,18 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha512->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     return Sha512Update(sha512, data, len);
 }
 
@@ -570,7 +616,7 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
 
 #ifdef WOLFSSL_SHA512
 
-int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
+static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz)
 {
 #ifdef LITTLE_ENDIAN_ORDER
     word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
@@ -582,15 +628,20 @@ int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
 
 #ifdef LITTLE_ENDIAN_ORDER
     ByteReverseWords64((word64*)digest, (word64*)sha512->digest,
-                                                         WC_SHA512_DIGEST_SIZE);
-    XMEMCPY(hash, digest, WC_SHA512_DIGEST_SIZE);
+        WC_SHA512_DIGEST_SIZE);
+    XMEMCPY(hash, digest, digestSz);
 #else
-    XMEMCPY(hash, sha512->digest, WC_SHA512_DIGEST_SIZE);
+    XMEMCPY(hash, sha512->digest, digestSz);
 #endif
 
     return 0;
 }
 
+int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
+{
+    return Sha512FinalRaw(sha512, hash, WC_SHA512_DIGEST_SIZE);
+}
+
 static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash,
                                                     enum wc_HashType type)
 {
@@ -626,13 +677,20 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash,
         return BAD_FUNC_ARG;
 
 #ifdef WOLF_CRYPTO_CB
-    if (sha512->devId != INVALID_DEVID) {
-        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash);
-        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha512->devId != INVALID_DEVID)
+    #endif
+    {
+        byte localHash[WC_SHA512_DIGEST_SIZE];
+        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, localHash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            XMEMCPY(hash, localHash, digestSz);
             return ret;
+        }
         /* fall-through when unavailable */
     }
 #endif
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
     if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
     #if defined(HAVE_INTEL_QA)
@@ -661,7 +719,12 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
 
 int wc_InitSha512(wc_Sha512* sha512)
 {
-    return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID);
+    int devId = INVALID_DEVID;
+
+#ifdef WOLF_CRYPTO_CB
+    devId = wc_CryptoCb_DefaultDevID();
+#endif
+    return wc_InitSha512_ex(sha512, NULL, devId);
 }
 
 void wc_Sha512Free(wc_Sha512* sha512)
@@ -673,6 +736,11 @@ void wc_Sha512Free(wc_Sha512* sha512)
     XFREE(sha512->W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     sha512->W = NULL;
 #endif
+
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx));
+#endif
+
 }
 
 #ifdef OPENSSL_EXTRA
@@ -724,6 +792,18 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha384->devId != INVALID_DEVID)
+    #endif
+    {
+        int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     return Sha512Update((wc_Sha512*)sha384, data, len);
 }
 
@@ -757,6 +837,18 @@ int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    #ifndef WOLF_CRYPTO_CB_FIND
+    if (sha384->devId != INVALID_DEVID)
+    #endif
+    {
+        ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     ret = Sha512Final((wc_Sha512*)sha384);
     if (ret != 0)
         return ret;
@@ -782,6 +874,23 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     sha384->W = NULL;
 #endif
+#ifdef WOLF_CRYPTO_CB
+    sha384->devId = devId;
+    sha384->devCtx = NULL;
+#endif
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM_CRYPTO_SHA512)
+    if (!cpuid_flags_set) {
+        cpuid_flags = cpuid_get_flags();
+        cpuid_flags_set = 1;
+    }
+#endif
 
     (void)devId;
 
@@ -790,7 +899,12 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 
 int wc_InitSha384(wc_Sha384* sha384)
 {
-    return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID);
+    int devId = INVALID_DEVID;
+
+#ifdef WOLF_CRYPTO_CB
+    devId = wc_CryptoCb_DefaultDevID();
+#endif
+    return wc_InitSha384_ex(sha384, NULL, devId);
 }
 
 void wc_Sha384Free(wc_Sha384* sha384)
@@ -802,6 +916,11 @@ void wc_Sha384Free(wc_Sha384* sha384)
     XFREE(sha384->W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     sha384->W = NULL;
 #endif
+
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx));
+#endif
+
 }
 
 #endif /* WOLFSSL_SHA384 */
@@ -880,6 +999,13 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
      dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
@@ -913,7 +1039,7 @@ int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
 }
 int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash)
 {
-    return wc_Sha512FinalRaw(sha, hash);
+    return Sha512FinalRaw(sha, hash, WC_SHA512_224_DIGEST_SIZE);
 }
 int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash)
 {
@@ -963,7 +1089,7 @@ int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
 }
 int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash)
 {
-    return wc_Sha512FinalRaw(sha, hash);
+    return Sha512FinalRaw(sha, hash, WC_SHA512_256_DIGEST_SIZE);
 }
 int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash)
 {
@@ -1037,6 +1163,13 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
      dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/port/arm/cryptoCell.c b/wolfcrypt/src/port/arm/cryptoCell.c
index 0a9a7cdde..c2e191f4c 100644
--- a/wolfcrypt/src/port/arm/cryptoCell.c
+++ b/wolfcrypt/src/port/arm/cryptoCell.c
@@ -1,6 +1,6 @@
 /* cryptoCell.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /* This source is included in wc_port.c */
 /* WOLFSSL_CRYPTOCELL_C is defined by wc_port.c in case compile tries to
@@ -32,8 +28,6 @@
 
 #ifdef WOLFSSL_CRYPTOCELL
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/ecc.h>
 #include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
 
diff --git a/wolfcrypt/src/port/arm/cryptoCellHash.c b/wolfcrypt/src/port/arm/cryptoCellHash.c
index bbcd208b0..2944be9a1 100644
--- a/wolfcrypt/src/port/arm/cryptoCellHash.c
+++ b/wolfcrypt/src/port/arm/cryptoCellHash.c
@@ -1,6 +1,6 @@
 /* cryptoCellHash.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /* This source is included in wc_port.c */
 /* WOLFSSL_CRYPTOCELL_HASH_C is defined by wc_port.c in case compile tries
@@ -31,8 +27,6 @@
 #ifdef WOLFSSL_CRYPTOCELL_HASH_C
 #if !defined(NO_SHA256) && defined(WOLFSSL_CRYPTOCELL)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/sha256.h>
 #include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
 
diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm.S b/wolfcrypt/src/port/arm/thumb2-aes-asm.S
index 34f860884..ce76f2ac7 100644
--- a/wolfcrypt/src/port/arm/thumb2-aes-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-aes-asm.S
@@ -1,6 +1,6 @@
 /* thumb2-aes-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,14 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./aes/aes.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.S
+ *   ruby ./aes/aes.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.S
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -298,7 +296,9 @@ L_AES_Thumb2_td_data:
 	.word	0x74486c5c
 	.word	0x42d0b857
 #endif /* HAVE_AES_DECRYPT */
-#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \
+    defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
 	.text
 	.type	L_AES_Thumb2_te_data, %object
 	.size	L_AES_Thumb2_te_data, 1024
@@ -560,7 +560,8 @@ L_AES_Thumb2_te_data:
 	.word	0xfca85454
 	.word	0xd66dbbbb
 	.word	0x3a2c1616
-#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM ||
+        * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
 	.text
 	.type	L_AES_Thumb2_td, %object
@@ -569,14 +570,17 @@ L_AES_Thumb2_te_data:
 L_AES_Thumb2_td:
 	.word	L_AES_Thumb2_td_data
 #endif /* HAVE_AES_DECRYPT */
-#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \
+    defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
 	.text
 	.type	L_AES_Thumb2_te, %object
 	.size	L_AES_Thumb2_te, 12
 	.align	4
 L_AES_Thumb2_te:
 	.word	L_AES_Thumb2_te_data
-#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM ||
+        * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
 	.text
 	.align	4
@@ -1134,15 +1138,18 @@ L_AES_encrypt_block_nr:
 	POP	{pc}
 	/* Cycle Count = 285 */
 	.size	AES_encrypt_block,.-AES_encrypt_block
-#if defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+#if defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
 	.text
 	.type	L_AES_Thumb2_te_ecb, %object
 	.size	L_AES_Thumb2_te_ecb, 12
 	.align	4
 L_AES_Thumb2_te_ecb:
 	.word	L_AES_Thumb2_te_data
-#endif /* HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
-#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+#endif /* HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT ||
+        * WOLFSSL_AES_COUNTER */
+#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
 	.text
 	.align	4
 	.globl	AES_ECB_encrypt
@@ -1290,7 +1297,8 @@ L_AES_ECB_encrypt_end:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 212 */
 	.size	AES_ECB_encrypt,.-AES_ECB_encrypt
-#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT ||
+        * WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_CBC
 	.text
 	.align	4
@@ -1641,7 +1649,8 @@ L_AES_CTR_encrypt_end:
 	.size	AES_CTR_encrypt,.-AES_CTR_encrypt
 #endif /* WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CBC)
+    #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \
+        defined(HAVE_AES_CBC)
 	.text
 	.align	4
 	.globl	AES_decrypt_block
@@ -2278,12 +2287,12 @@ L_AES_ECB_decrypt_end:
 	.type	AES_CBC_decrypt, %function
 AES_CBC_decrypt:
 	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
-	LDR	r8, [sp, #36]
-	LDR	r4, [sp, #40]
 	MOV	lr, r0
 	LDR	r0, L_AES_Thumb2_td_ecb
 	MOV	r12, r2
 	ADR	r2, L_AES_Thumb2_td4
+	LDR	r8, [sp, #36]
+	LDR	r4, [sp, #40]
 	PUSH	{r3, r4}
 	CMP	r8, #0xa
 #if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
@@ -3360,7 +3369,7 @@ L_AES_GCM_encrypt_end:
 	.size	AES_GCM_encrypt,.-AES_GCM_encrypt
 #endif /* HAVE_AESGCM */
 #endif /* !NO_AES */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
index ddf9d1141..0be20757e 100644
--- a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c
@@ -1,6 +1,6 @@
 /* thumb2-aes-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,17 +21,15 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./aes/aes.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.c
+ *   ruby ./aes/aes.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.c
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
 #ifdef __IAR_SYSTEMS_ICC__
@@ -47,7 +45,7 @@
 #include <wolfssl/wolfcrypt/aes.h>
 
 #ifdef HAVE_AES_DECRYPT
-XALIGNED(16) static const uint32_t L_AES_Thumb2_td_data[] = {
+XALIGNED(16) static const word32 L_AES_Thumb2_td_data[] = {
     0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
     0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
     0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
@@ -115,8 +113,10 @@ XALIGNED(16) static const uint32_t L_AES_Thumb2_td_data[] = {
 };
 
 #endif /* HAVE_AES_DECRYPT */
-#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-XALIGNED(16) static const uint32_t L_AES_Thumb2_te_data[] = {
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \
+    defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+XALIGNED(16) static const word32 L_AES_Thumb2_te_data[] = {
     0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
     0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
     0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b,
@@ -183,13 +183,17 @@ XALIGNED(16) static const uint32_t L_AES_Thumb2_te_data[] = {
     0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616,
 };
 
-#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM ||
+        * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-static const uint32_t* L_AES_Thumb2_td = L_AES_Thumb2_td_data;
+static const word32* L_AES_Thumb2_td = L_AES_Thumb2_td_data;
 #endif /* HAVE_AES_DECRYPT */
-#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t* L_AES_Thumb2_te = L_AES_Thumb2_te_data;
-#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \
+    defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+static const word32* L_AES_Thumb2_te = L_AES_Thumb2_te_data;
+#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM ||
+        * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
 void AES_invert_key(unsigned char* ks, word32 rounds);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -201,8 +205,17 @@ void AES_invert_key(unsigned char* ks, word32 rounds)
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register unsigned char* ks __asm__ ("r0") = (unsigned char*)ks_p;
     register word32 rounds __asm__ ("r1") = (word32)rounds_p;
-    register uint32_t* L_AES_Thumb2_te_c __asm__ ("r2") = (uint32_t*)L_AES_Thumb2_te;
-    register uint32_t* L_AES_Thumb2_td_c __asm__ ("r3") = (uint32_t*)L_AES_Thumb2_td;
+    register word32* L_AES_Thumb2_te_c __asm__ ("r2") =
+        (word32*)L_AES_Thumb2_te;
+
+    register word32* L_AES_Thumb2_td_c __asm__ ("r3") =
+        (word32*)L_AES_Thumb2_td;
+
+#else
+    register word32* L_AES_Thumb2_te_c = (word32*)L_AES_Thumb2_te;
+
+    register word32* L_AES_Thumb2_td_c = (word32*)L_AES_Thumb2_td;
+
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -216,8 +229,8 @@ void AES_invert_key(unsigned char* ks, word32 rounds)
 #else
     "L_AES_invert_key_loop_%=:\n\t"
 #endif
-        "LDM	%[ks], {r2, r3, r4, r5}\n\t"
-        "LDM	r10, {r6, r7, r8, r9}\n\t"
+        "ldm   %[ks], {r2, r3, r4, r5}\n\t"
+        "ldm   r10, {r6, r7, r8, r9}\n\t"
         "STM	r10, {r2, r3, r4, r5}\n\t"
         "STM	%[ks]!, {r6, r7, r8, r9}\n\t"
         "SUBS	r11, r11, #0x2\n\t"
@@ -238,7 +251,7 @@ void AES_invert_key(unsigned char* ks, word32 rounds)
 #else
     "L_AES_invert_key_mix_loop_%=:\n\t"
 #endif
-        "LDM	%[ks], {r2, r3, r4, r5}\n\t"
+        "ldm   %[ks], {r2, r3, r4, r5}\n\t"
         "UBFX	r6, r2, #0, #8\n\t"
         "UBFX	r7, r2, #8, #8\n\t"
         "UBFX	r8, r2, #16, #8\n\t"
@@ -311,21 +324,17 @@ void AES_invert_key(unsigned char* ks, word32 rounds)
 #else
         "BNE.W	L_AES_invert_key_mix_loop_%=\n\t"
 #endif
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [ks] "+r" (ks), [rounds] "+r" (rounds),
-          [L_AES_Thumb2_te] "+r" (L_AES_Thumb2_te_c), [L_AES_Thumb2_td] "+r" (L_AES_Thumb2_td_c)
+          [L_AES_Thumb2_te] "+r" (L_AES_Thumb2_te_c),
+          [L_AES_Thumb2_td] "+r" (L_AES_Thumb2_td_c)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
-#else
-        : [ks] "+r" (ks), [rounds] "+r" (rounds)
-        : [L_AES_Thumb2_te] "r" (L_AES_Thumb2_te), [L_AES_Thumb2_td] "r" (L_AES_Thumb2_td)
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
 }
 
 #endif /* HAVE_AES_DECRYPT */
-XALIGNED(16) static const uint32_t L_AES_Thumb2_rcon[] = {
+XALIGNED(16) static const word32 L_AES_Thumb2_rcon[] = {
     0x01000000, 0x02000000, 0x04000000, 0x08000000,
     0x10000000, 0x20000000, 0x40000000, 0x80000000,
     0x1b000000, 0x36000000
@@ -334,17 +343,29 @@ XALIGNED(16) static const uint32_t L_AES_Thumb2_rcon[] = {
 void AES_set_encrypt_key(const unsigned char* key, word32 len,
         unsigned char* ks);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, unsigned char* ks_p)
+void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p,
+    unsigned char* ks_p)
 #else
-void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks)
+void AES_set_encrypt_key(const unsigned char* key, word32 len,
+    unsigned char* ks)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const unsigned char* key __asm__ ("r0") = (const unsigned char*)key_p;
+    register const unsigned char* key __asm__ ("r0") =
+        (const unsigned char*)key_p;
     register word32 len __asm__ ("r1") = (word32)len_p;
     register unsigned char* ks __asm__ ("r2") = (unsigned char*)ks_p;
-    register uint32_t* L_AES_Thumb2_te_c __asm__ ("r3") = (uint32_t*)L_AES_Thumb2_te;
-    register uint32_t* L_AES_Thumb2_rcon_c __asm__ ("r4") = (uint32_t*)&L_AES_Thumb2_rcon;
+    register word32* L_AES_Thumb2_te_c __asm__ ("r3") =
+        (word32*)L_AES_Thumb2_te;
+
+    register word32* L_AES_Thumb2_rcon_c __asm__ ("r4") =
+        (word32*)&L_AES_Thumb2_rcon;
+
+#else
+    register word32* L_AES_Thumb2_te_c = (word32*)L_AES_Thumb2_te;
+
+    register word32* L_AES_Thumb2_rcon_c = (word32*)&L_AES_Thumb2_rcon;
+
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -403,9 +424,9 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "EOR	r3, r7, r4, LSL #8\n\t"
         "EOR	r3, r3, r5, LSL #16\n\t"
         "EOR	r3, r3, r6, LSL #24\n\t"
-        "LDM	%[ks]!, {r4, r5, r6, r7}\n\t"
+        "ldm   %[ks]!, {r4, r5, r6, r7}\n\t"
         "EOR	r4, r4, r3\n\t"
-        "LDM	lr!, {r3}\n\t"
+        "ldm   lr!, {r3}\n\t"
         "EOR	r4, r4, r3\n\t"
         "EOR	r5, r5, r4\n\t"
         "EOR	r6, r6, r5\n\t"
@@ -425,7 +446,7 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "EOR	r3, r3, r4, LSL #8\n\t"
         "EOR	r3, r3, r5, LSL #16\n\t"
         "EOR	r3, r3, r6, LSL #24\n\t"
-        "LDM	%[ks]!, {r4, r5, r6, r7}\n\t"
+        "ldm   %[ks]!, {r4, r5, r6, r7}\n\t"
         "EOR	r4, r4, r3\n\t"
         "EOR	r5, r5, r4\n\t"
         "EOR	r6, r6, r5\n\t"
@@ -452,9 +473,9 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "EOR	r3, r7, r4, LSL #8\n\t"
         "EOR	r3, r3, r5, LSL #16\n\t"
         "EOR	r3, r3, r6, LSL #24\n\t"
-        "LDM	%[ks]!, {r4, r5, r6, r7}\n\t"
+        "ldm   %[ks]!, {r4, r5, r6, r7}\n\t"
         "EOR	r4, r4, r3\n\t"
-        "LDM	lr!, {r3}\n\t"
+        "ldm   lr!, {r3}\n\t"
         "EOR	r4, r4, r3\n\t"
         "EOR	r5, r5, r4\n\t"
         "EOR	r6, r6, r5\n\t"
@@ -508,9 +529,9 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "EOR	r3, r9, r4, LSL #8\n\t"
         "EOR	r3, r3, r5, LSL #16\n\t"
         "EOR	r3, r3, r6, LSL #24\n\t"
-        "LDM	%[ks]!, {r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   %[ks]!, {r4, r5, r6, r7, r8, r9}\n\t"
         "EOR	r4, r4, r3\n\t"
-        "LDM	lr!, {r3}\n\t"
+        "ldm   lr!, {r3}\n\t"
         "EOR	r4, r4, r3\n\t"
         "EOR	r5, r5, r4\n\t"
         "EOR	r6, r6, r5\n\t"
@@ -537,9 +558,9 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "EOR	r3, r9, r4, LSL #8\n\t"
         "EOR	r3, r3, r5, LSL #16\n\t"
         "EOR	r3, r3, r6, LSL #24\n\t"
-        "LDM	%[ks]!, {r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   %[ks]!, {r4, r5, r6, r7, r8, r9}\n\t"
         "EOR	r4, r4, r3\n\t"
-        "LDM	lr!, {r3}\n\t"
+        "ldm   lr!, {r3}\n\t"
         "EOR	r4, r4, r3\n\t"
         "EOR	r5, r5, r4\n\t"
         "EOR	r6, r6, r5\n\t"
@@ -585,9 +606,9 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
         "EOR	r3, r7, r4, LSL #8\n\t"
         "EOR	r3, r3, r5, LSL #16\n\t"
         "EOR	r3, r3, r6, LSL #24\n\t"
-        "LDM	%[ks]!, {r4, r5, r6, r7}\n\t"
+        "ldm   %[ks]!, {r4, r5, r6, r7}\n\t"
         "EOR	r4, r4, r3\n\t"
-        "LDM	lr!, {r3}\n\t"
+        "ldm   lr!, {r3}\n\t"
         "EOR	r4, r4, r3\n\t"
         "EOR	r5, r5, r4\n\t"
         "EOR	r6, r6, r5\n\t"
@@ -607,31 +628,27 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks
 #else
     "L_AES_set_encrypt_key_end_%=:\n\t"
 #endif
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks),
-          [L_AES_Thumb2_te] "+r" (L_AES_Thumb2_te_c), [L_AES_Thumb2_rcon] "+r" (L_AES_Thumb2_rcon_c)
+          [L_AES_Thumb2_te] "+r" (L_AES_Thumb2_te_c),
+          [L_AES_Thumb2_rcon] "+r" (L_AES_Thumb2_rcon_c)
         :
-        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
-#else
-        : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks)
-        : [L_AES_Thumb2_te] "r" (L_AES_Thumb2_te), [L_AES_Thumb2_rcon] "r" (L_AES_Thumb2_rcon)
-        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10"
     );
 }
 
-void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks);
+void AES_encrypt_block(const word32* te, int nr, int len, const word32* ks);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t* ks_p)
+void AES_encrypt_block(const word32* te_p, int nr_p, int len_p,
+    const word32* ks_p)
 #else
-void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
+void AES_encrypt_block(const word32* te, int nr, int len, const word32* ks)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const uint32_t* te __asm__ ("r0") = (const uint32_t*)te_p;
+    register const word32* te __asm__ ("r0") = (const word32*)te_p;
     register int nr __asm__ ("r1") = (int)nr_p;
     register int len __asm__ ("r2") = (int)len_p;
-    register const uint32_t* ks __asm__ ("r3") = (const uint32_t*)ks_p;
+    register const word32* ks __asm__ ("r3") = (const word32*)ks_p;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -683,7 +700,7 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
         "LDR	r11, [%[te], r11, LSL #2]\n\t"
         "LDR	r2, [%[te], r2, LSL #2]\n\t"
         "EOR	lr, lr, r6, ROR #24\n\t"
-        "LDM	%[ks]!, {r4, r5, r6, r7}\n\t"
+        "ldm   %[ks]!, {r4, r5, r6, r7}\n\t"
         "EOR	r11, r11, lr, ROR #24\n\t"
         "EOR	r11, r11, r2, ROR #8\n\t"
         /*   XOR in Key Schedule */
@@ -733,7 +750,7 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
         "LDR	r7, [%[te], r7, LSL #2]\n\t"
         "LDR	r2, [%[te], r2, LSL #2]\n\t"
         "EOR	lr, lr, r10, ROR #24\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "EOR	r7, r7, lr, ROR #24\n\t"
         "EOR	r7, r7, r2, ROR #8\n\t"
         /*   XOR in Key Schedule */
@@ -791,7 +808,7 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
         "LDR	r11, [%[te], r11, LSL #2]\n\t"
         "LDR	r2, [%[te], r2, LSL #2]\n\t"
         "EOR	lr, lr, r6, ROR #24\n\t"
-        "LDM	%[ks]!, {r4, r5, r6, r7}\n\t"
+        "ldm   %[ks]!, {r4, r5, r6, r7}\n\t"
         "EOR	r11, r11, lr, ROR #24\n\t"
         "EOR	r11, r11, r2, ROR #8\n\t"
         /*   XOR in Key Schedule */
@@ -841,7 +858,7 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
         "LDRB	lr, [%[te], lr, LSL #2]\n\t"
         "LDRB	r2, [%[te], r2, LSL #2]\n\t"
         "EOR	lr, lr, r11, LSL #16\n\t"
-        "LDM	%[ks], {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks], {r8, r9, r10, r11}\n\t"
         "EOR	r7, r7, lr, LSL #8\n\t"
         "EOR	r7, r7, r2, LSL #16\n\t"
         /*   XOR in Key Schedule */
@@ -851,29 +868,41 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks)
         "EOR	r7, r7, r11\n\t"
         : [te] "+r" (te), [nr] "+r" (nr), [len] "+r" (len), [ks] "+r" (ks)
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
-#if defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
-static const uint32_t* L_AES_Thumb2_te_ecb = L_AES_Thumb2_te_data;
-#endif /* HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
-#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+#if defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
+static const word32* L_AES_Thumb2_te_ecb = L_AES_Thumb2_te_data;
+#endif /* HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT ||
+        * WOLFSSL_AES_COUNTER */
+#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \
+    defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER)
 void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
         unsigned long len, const unsigned char* ks, int nr);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p)
+void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p)
 #else
-void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr)
+void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const unsigned char* in __asm__ ("r0") = (const unsigned char*)in_p;
+    register const unsigned char* in __asm__ ("r0") =
+        (const unsigned char*)in_p;
     register unsigned char* out __asm__ ("r1") = (unsigned char*)out_p;
     register unsigned long len __asm__ ("r2") = (unsigned long)len_p;
-    register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
+    register const unsigned char* ks __asm__ ("r3") =
+        (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
-    register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r5") = (uint32_t*)L_AES_Thumb2_te_ecb;
+    register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r5") =
+        (word32*)L_AES_Thumb2_te_ecb;
+
+#else
+    register word32* L_AES_Thumb2_te_ecb_c = (word32*)L_AES_Thumb2_te_ecb;
+
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -882,7 +911,7 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "MOV	r12, r4\n\t"
 #else
-        "LDR	r12, [sp, #36]\n\t"
+        "MOV	r12, %[nr]\n\t"
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "PUSH	{%[ks]}\n\t"
         "CMP	r12, #0xa\n\t"
@@ -916,7 +945,7 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
         "PUSH	{r1, %[len], lr}\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         /* Round: 0 - XOR in key schedule */
         "EOR	r4, r4, r8\n\t"
         "EOR	r5, r5, r9\n\t"
@@ -972,7 +1001,7 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
         "PUSH	{r1, %[len], lr}\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         /* Round: 0 - XOR in key schedule */
         "EOR	r4, r4, r8\n\t"
         "EOR	r5, r5, r9\n\t"
@@ -1028,7 +1057,7 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
         "PUSH	{r1, %[len], lr}\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         /* Round: 0 - XOR in key schedule */
         "EOR	r4, r4, r8\n\t"
         "EOR	r5, r5, r9\n\t"
@@ -1063,56 +1092,58 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long
     "L_AES_ECB_encrypt_end_%=:\n\t"
 #endif
         "POP	{%[ks]}\n\t"
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr),
-          [L_AES_Thumb2_te_ecb] "+r" (L_AES_Thumb2_te_ecb_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [L_AES_Thumb2_te_ecb] "+r" (L_AES_Thumb2_te_ecb_c)
         :
-        : "memory", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
-#else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
-        : [L_AES_Thumb2_te_ecb] "r" (L_AES_Thumb2_te_ecb)
-        : "memory", "r12", "lr", "r4", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11"
     );
-#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
-    (void)nr;
-#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
-#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
+#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT ||
+        * WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_CBC
 void AES_CBC_encrypt(const unsigned char* in, unsigned char* out,
         unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p)
+void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p)
 #else
-void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* iv)
+void AES_CBC_encrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr, unsigned char* iv)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const unsigned char* in __asm__ ("r0") = (const unsigned char*)in_p;
+    register const unsigned char* in __asm__ ("r0") =
+        (const unsigned char*)in_p;
     register unsigned char* out __asm__ ("r1") = (unsigned char*)out_p;
     register unsigned long len __asm__ ("r2") = (unsigned long)len_p;
-    register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
+    register const unsigned char* ks __asm__ ("r3") =
+        (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
     register unsigned char* iv __asm__ ("r5") = (unsigned char*)iv_p;
-    register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_ecb;
+    register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r6") =
+        (word32*)L_AES_Thumb2_te_ecb;
+
+#else
+    register word32* L_AES_Thumb2_te_ecb_c = (word32*)L_AES_Thumb2_te_ecb;
+
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "MOV	r8, r4\n\t"
 #else
-        "LDR	r8, [sp, #36]\n\t"
+        "MOV	r8, %[nr]\n\t"
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "MOV	r9, r5\n\t"
 #else
-        "LDR	r9, [sp, #40]\n\t"
+        "MOV	r9, %[iv]\n\t"
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "MOV	lr, %[in]\n\t"
         "MOV	r0, %[L_AES_Thumb2_te_ecb]\n\t"
-        "LDM	r9, {r4, r5, r6, r7}\n\t"
+        "ldm   r9, {r4, r5, r6, r7}\n\t"
         "PUSH	{%[ks], r9}\n\t"
         "CMP	r8, #0xa\n\t"
 #if defined(__GNUC__)
@@ -1145,7 +1176,7 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "EOR	r6, r6, r10\n\t"
         "EOR	r7, r7, r11\n\t"
         "PUSH	{r1, %[len], lr}\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -1205,7 +1236,7 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "EOR	r6, r6, r10\n\t"
         "EOR	r7, r7, r11\n\t"
         "PUSH	{r1, %[len], lr}\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -1265,7 +1296,7 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "EOR	r6, r6, r10\n\t"
         "EOR	r7, r7, r11\n\t"
         "PUSH	{r1, %[len], lr}\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -1305,23 +1336,12 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
 #endif
         "POP	{%[ks], r9}\n\t"
         "STM	r9, {r4, r5, r6, r7}\n\t"
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv),
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [iv] "+r" (iv),
           [L_AES_Thumb2_te_ecb] "+r" (L_AES_Thumb2_te_ecb_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
-#else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
-        : [L_AES_Thumb2_te_ecb] "r" (L_AES_Thumb2_te_ecb)
-        : "memory", "r12", "lr", "r4", "r5", "r7", "r8", "r9", "r10", "r11", "cc"
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
-#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
-    (void)nr;
-#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
-#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
-    (void)iv;
-#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* HAVE_AES_CBC */
@@ -1329,35 +1349,45 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long
 void AES_CTR_encrypt(const unsigned char* in, unsigned char* out,
         unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p)
+void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p)
 #else
-void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr)
+void AES_CTR_encrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const unsigned char* in __asm__ ("r0") = (const unsigned char*)in_p;
+    register const unsigned char* in __asm__ ("r0") =
+        (const unsigned char*)in_p;
     register unsigned char* out __asm__ ("r1") = (unsigned char*)out_p;
     register unsigned long len __asm__ ("r2") = (unsigned long)len_p;
-    register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
+    register const unsigned char* ks __asm__ ("r3") =
+        (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
     register unsigned char* ctr __asm__ ("r5") = (unsigned char*)ctr_p;
-    register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_ecb;
+    register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r6") =
+        (word32*)L_AES_Thumb2_te_ecb;
+
+#else
+    register word32* L_AES_Thumb2_te_ecb_c = (word32*)L_AES_Thumb2_te_ecb;
+
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "MOV	r12, r4\n\t"
 #else
-        "LDR	r12, [sp, #36]\n\t"
+        "MOV	r12, %[nr]\n\t"
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "MOV	r8, r5\n\t"
 #else
-        "LDR	r8, [sp, #40]\n\t"
+        "MOV	r8, %[ctr]\n\t"
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "MOV	lr, %[in]\n\t"
         "MOV	r0, %[L_AES_Thumb2_te_ecb]\n\t"
-        "LDM	r8, {r4, r5, r6, r7}\n\t"
+        "ldm   r8, {r4, r5, r6, r7}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -1393,7 +1423,7 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "ADCS	r9, r5, #0x0\n\t"
         "ADC	r8, r4, #0x0\n\t"
         "STM	lr, {r8, r9, r10, r11}\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         /* Round: 0 - XOR in key schedule */
         "EOR	r4, r4, r8\n\t"
         "EOR	r5, r5, r9\n\t"
@@ -1420,7 +1450,7 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "STR	r5, [%[out], #4]\n\t"
         "STR	r6, [%[out], #8]\n\t"
         "STR	r7, [%[out], #12]\n\t"
-        "LDM	r8, {r4, r5, r6, r7}\n\t"
+        "ldm   r8, {r4, r5, r6, r7}\n\t"
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
@@ -1457,7 +1487,7 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "ADCS	r9, r5, #0x0\n\t"
         "ADC	r8, r4, #0x0\n\t"
         "STM	lr, {r8, r9, r10, r11}\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         /* Round: 0 - XOR in key schedule */
         "EOR	r4, r4, r8\n\t"
         "EOR	r5, r5, r9\n\t"
@@ -1484,7 +1514,7 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "STR	r5, [%[out], #4]\n\t"
         "STR	r6, [%[out], #8]\n\t"
         "STR	r7, [%[out], #12]\n\t"
-        "LDM	r8, {r4, r5, r6, r7}\n\t"
+        "ldm   r8, {r4, r5, r6, r7}\n\t"
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
@@ -1521,7 +1551,7 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "ADCS	r9, r5, #0x0\n\t"
         "ADC	r8, r4, #0x0\n\t"
         "STM	lr, {r8, r9, r10, r11}\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         /* Round: 0 - XOR in key schedule */
         "EOR	r4, r4, r8\n\t"
         "EOR	r5, r5, r9\n\t"
@@ -1548,7 +1578,7 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "STR	r5, [%[out], #4]\n\t"
         "STR	r6, [%[out], #8]\n\t"
         "STR	r7, [%[out], #12]\n\t"
-        "LDM	r8, {r4, r5, r6, r7}\n\t"
+        "ldm   r8, {r4, r5, r6, r7}\n\t"
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
@@ -1571,39 +1601,29 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
         "STM	r8, {r4, r5, r6, r7}\n\t"
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr),
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [ctr] "+r" (ctr),
           [L_AES_Thumb2_te_ecb] "+r" (L_AES_Thumb2_te_ecb_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
-#else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
-        : [L_AES_Thumb2_te_ecb] "r" (L_AES_Thumb2_te_ecb)
-        : "memory", "r12", "lr", "r4", "r5", "r7", "r8", "r9", "r10", "r11", "cc"
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
-#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
-    (void)nr;
-#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
-#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
-    (void)ctr;
-#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CBC)
-void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4);
+    #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \
+        defined(HAVE_AES_CBC)
+void AES_decrypt_block(const word32* td, int nr, const byte* td4);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p)
+void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p)
 #else
-void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
+void AES_decrypt_block(const word32* td, int nr, const byte* td4)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const uint32_t* td __asm__ ("r0") = (const uint32_t*)td_p;
+    register const word32* td __asm__ ("r0") = (const word32*)td_p;
     register int nr __asm__ ("r1") = (int)nr_p;
-    register const uint8_t* td4 __asm__ ("r2") = (const uint8_t*)td4_p;
+    register const byte* td4 __asm__ ("r2") = (const byte*)td4_p;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1655,7 +1675,7 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
         "LDR	r11, [%[td], r11, LSL #2]\n\t"
         "LDR	lr, [%[td], lr, LSL #2]\n\t"
         "EOR	r12, r12, r4, ROR #24\n\t"
-        "LDM	r3!, {r4, r5, r6, r7}\n\t"
+        "ldm   r3!, {r4, r5, r6, r7}\n\t"
         "EOR	r11, r11, lr, ROR #8\n\t"
         "EOR	r11, r11, r12, ROR #24\n\t"
         /*   XOR in Key Schedule */
@@ -1705,7 +1725,7 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
         "LDR	r7, [%[td], r7, LSL #2]\n\t"
         "LDR	lr, [%[td], lr, LSL #2]\n\t"
         "EOR	r12, r12, r8, ROR #24\n\t"
-        "LDM	r3!, {r8, r9, r10, r11}\n\t"
+        "ldm   r3!, {r8, r9, r10, r11}\n\t"
         "EOR	r7, r7, lr, ROR #8\n\t"
         "EOR	r7, r7, r12, ROR #24\n\t"
         /*   XOR in Key Schedule */
@@ -1763,7 +1783,7 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
         "LDR	r11, [%[td], r11, LSL #2]\n\t"
         "LDR	lr, [%[td], lr, LSL #2]\n\t"
         "EOR	r12, r12, r4, ROR #24\n\t"
-        "LDM	r3!, {r4, r5, r6, r7}\n\t"
+        "ldm   r3!, {r4, r5, r6, r7}\n\t"
         "EOR	r11, r11, lr, ROR #8\n\t"
         "EOR	r11, r11, r12, ROR #24\n\t"
         /*   XOR in Key Schedule */
@@ -1813,7 +1833,7 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
         "LDRB	r7, [%[td4], r7]\n\t"
         "LDRB	lr, [%[td4], lr]\n\t"
         "EOR	r12, r12, r11, LSL #16\n\t"
-        "LDM	r3, {r8, r9, r10, r11}\n\t"
+        "ldm   r3, {r8, r9, r10, r11}\n\t"
         "EOR	r7, r7, r12, LSL #8\n\t"
         "EOR	r7, r7, lr, LSL #16\n\t"
         /*   XOR in Key Schedule */
@@ -1823,12 +1843,12 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4)
         "EOR	r7, r7, r11\n\t"
         : [td] "+r" (td), [nr] "+r" (nr), [td4] "+r" (td4)
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
-static const uint32_t* L_AES_Thumb2_td_ecb = L_AES_Thumb2_td_data;
-static const unsigned char L_AES_Thumb2_td4[] = {
+static const word32* L_AES_Thumb2_td_ecb = L_AES_Thumb2_td_data;
+static const byte L_AES_Thumb2_td4[] = {
     0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
     0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
     0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
@@ -1867,26 +1887,39 @@ static const unsigned char L_AES_Thumb2_td4[] = {
 void AES_ECB_decrypt(const unsigned char* in, unsigned char* out,
         unsigned long len, const unsigned char* ks, int nr);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p)
+void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p)
 #else
-void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr)
+void AES_ECB_decrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const unsigned char* in __asm__ ("r0") = (const unsigned char*)in_p;
+    register const unsigned char* in __asm__ ("r0") =
+        (const unsigned char*)in_p;
     register unsigned char* out __asm__ ("r1") = (unsigned char*)out_p;
     register unsigned long len __asm__ ("r2") = (unsigned long)len_p;
-    register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
+    register const unsigned char* ks __asm__ ("r3") =
+        (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
-    register uint32_t* L_AES_Thumb2_td_ecb_c __asm__ ("r5") = (uint32_t*)L_AES_Thumb2_td_ecb;
-    register unsigned char* L_AES_Thumb2_td4_c __asm__ ("r6") = (unsigned char*)&L_AES_Thumb2_td4;
+    register word32* L_AES_Thumb2_td_ecb_c __asm__ ("r5") =
+        (word32*)L_AES_Thumb2_td_ecb;
+
+    register byte* L_AES_Thumb2_td4_c __asm__ ("r6") =
+        (byte*)&L_AES_Thumb2_td4;
+
+#else
+    register word32* L_AES_Thumb2_td_ecb_c = (word32*)L_AES_Thumb2_td_ecb;
+
+    register byte* L_AES_Thumb2_td4_c = (byte*)&L_AES_Thumb2_td4;
+
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "MOV	r8, r4\n\t"
 #else
-        "LDR	r8, [sp, #36]\n\t"
+        "MOV	r8, %[nr]\n\t"
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "MOV	lr, %[in]\n\t"
         "MOV	r0, %[L_AES_Thumb2_td_ecb]\n\t"
@@ -1923,7 +1956,7 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
         "PUSH	{r1, %[ks], r12, lr}\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         /* Round: 0 - XOR in key schedule */
         "EOR	r4, r4, r8\n\t"
         "EOR	r5, r5, r9\n\t"
@@ -1978,7 +2011,7 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
         "PUSH	{r1, %[ks], r12, lr}\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         /* Round: 0 - XOR in key schedule */
         "EOR	r4, r4, r8\n\t"
         "EOR	r5, r5, r9\n\t"
@@ -2033,7 +2066,7 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
         "PUSH	{r1, %[ks], r12, lr}\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         /* Round: 0 - XOR in key schedule */
         "EOR	r4, r4, r8\n\t"
         "EOR	r5, r5, r9\n\t"
@@ -2066,20 +2099,12 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
 #else
     "L_AES_ECB_decrypt_end_%=:\n\t"
 #endif
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr),
-          [L_AES_Thumb2_td_ecb] "+r" (L_AES_Thumb2_td_ecb_c), [L_AES_Thumb2_td4] "+r" (L_AES_Thumb2_td4_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [L_AES_Thumb2_td_ecb] "+r" (L_AES_Thumb2_td_ecb_c),
+          [L_AES_Thumb2_td4] "+r" (L_AES_Thumb2_td4_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
-#else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
-        : [L_AES_Thumb2_td_ecb] "r" (L_AES_Thumb2_td_ecb), [L_AES_Thumb2_td4] "r" (L_AES_Thumb2_td4)
-        : "memory", "r12", "lr", "r4", "r7", "r8", "r9", "r10", "r11", "cc"
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
-#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
-    (void)nr;
-#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */
@@ -2087,37 +2112,51 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long
 void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
         unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p)
+void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* iv_p)
 #else
-void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* iv)
+void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr, unsigned char* iv)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const unsigned char* in __asm__ ("r0") = (const unsigned char*)in_p;
+    register const unsigned char* in __asm__ ("r0") =
+        (const unsigned char*)in_p;
     register unsigned char* out __asm__ ("r1") = (unsigned char*)out_p;
     register unsigned long len __asm__ ("r2") = (unsigned long)len_p;
-    register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
+    register const unsigned char* ks __asm__ ("r3") =
+        (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
     register unsigned char* iv __asm__ ("r5") = (unsigned char*)iv_p;
-    register uint32_t* L_AES_Thumb2_td_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_td_ecb;
-    register unsigned char* L_AES_Thumb2_td4_c __asm__ ("r7") = (unsigned char*)&L_AES_Thumb2_td4;
+    register word32* L_AES_Thumb2_td_ecb_c __asm__ ("r6") =
+        (word32*)L_AES_Thumb2_td_ecb;
+
+    register byte* L_AES_Thumb2_td4_c __asm__ ("r7") =
+        (byte*)&L_AES_Thumb2_td4;
+
+#else
+    register word32* L_AES_Thumb2_td_ecb_c = (word32*)L_AES_Thumb2_td_ecb;
+
+    register byte* L_AES_Thumb2_td4_c = (byte*)&L_AES_Thumb2_td4;
+
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-        "MOV	r8, r4\n\t"
-#else
-        "LDR	r8, [sp, #36]\n\t"
-#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-        "MOV	r4, r5\n\t"
-#else
-        "LDR	r4, [sp, #40]\n\t"
-#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "MOV	lr, %[in]\n\t"
         "MOV	r0, %[L_AES_Thumb2_td_ecb]\n\t"
         "MOV	r12, %[len]\n\t"
         "MOV	r2, %[L_AES_Thumb2_td4]\n\t"
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        "MOV	r8, r4\n\t"
+#else
+        "MOV	r8, %[nr]\n\t"
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+        "MOV	r4, r5\n\t"
+#else
+        "MOV	r4, %[iv]\n\t"
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "PUSH	{%[ks], r4}\n\t"
         "CMP	r8, #0xa\n\t"
 #if defined(__GNUC__)
@@ -2149,7 +2188,7 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "LDR	lr, [sp, #16]\n\t"
         "STRD	r4, r5, [lr, #16]\n\t"
         "STRD	r6, r7, [lr, #24]\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -2166,7 +2205,7 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
-        "LDM	lr, {r8, r9, r10, r11}\n\t"
+        "ldm   lr, {r8, r9, r10, r11}\n\t"
         "POP	{r1, r12, lr}\n\t"
         "LDR	%[ks], [sp]\n\t"
         "EOR	r4, r4, r8\n\t"
@@ -2195,7 +2234,7 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "LDR	lr, [sp, #16]\n\t"
         "STRD	r4, r5, [lr]\n\t"
         "STRD	r6, r7, [lr, #8]\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -2255,7 +2294,7 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "LDR	lr, [sp, #16]\n\t"
         "STRD	r4, r5, [lr, #16]\n\t"
         "STRD	r6, r7, [lr, #24]\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -2272,7 +2311,7 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
-        "LDM	lr, {r8, r9, r10, r11}\n\t"
+        "ldm   lr, {r8, r9, r10, r11}\n\t"
         "POP	{r1, r12, lr}\n\t"
         "LDR	%[ks], [sp]\n\t"
         "EOR	r4, r4, r8\n\t"
@@ -2301,7 +2340,7 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "LDR	lr, [sp, #16]\n\t"
         "STRD	r4, r5, [lr]\n\t"
         "STRD	r6, r7, [lr, #8]\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -2361,7 +2400,7 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "LDR	lr, [sp, #16]\n\t"
         "STRD	r4, r5, [lr, #16]\n\t"
         "STRD	r6, r7, [lr, #24]\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -2378,7 +2417,7 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
-        "LDM	lr, {r8, r9, r10, r11}\n\t"
+        "ldm   lr, {r8, r9, r10, r11}\n\t"
         "POP	{r1, r12, lr}\n\t"
         "LDR	%[ks], [sp]\n\t"
         "EOR	r4, r4, r8\n\t"
@@ -2407,7 +2446,7 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
         "LDR	lr, [sp, #16]\n\t"
         "STRD	r4, r5, [lr]\n\t"
         "STRD	r6, r7, [lr, #8]\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -2471,30 +2510,20 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long
     "L_AES_CBC_decrypt_end_%=:\n\t"
 #endif
         "POP	{%[ks], r4}\n\t"
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv),
-          [L_AES_Thumb2_td_ecb] "+r" (L_AES_Thumb2_td_ecb_c), [L_AES_Thumb2_td4] "+r" (L_AES_Thumb2_td4_c)
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [iv] "+r" (iv),
+          [L_AES_Thumb2_td_ecb] "+r" (L_AES_Thumb2_td_ecb_c),
+          [L_AES_Thumb2_td4] "+r" (L_AES_Thumb2_td4_c)
         :
-        : "memory", "r12", "lr", "r8", "r9", "r10", "r11", "cc"
-#else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
-        : [L_AES_Thumb2_td_ecb] "r" (L_AES_Thumb2_td_ecb), [L_AES_Thumb2_td4] "r" (L_AES_Thumb2_td4)
-        : "memory", "r12", "lr", "r4", "r5", "r8", "r9", "r10", "r11", "cc"
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r8", "r9", "r10", "r11"
     );
-#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
-    (void)nr;
-#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
-#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
-    (void)iv;
-#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* HAVE_AES_CBC */
 #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC */
 #endif /* HAVE_AES_DECRYPT */
 #ifdef HAVE_AESGCM
-XALIGNED(16) static const uint32_t L_GCM_gmult_len_r[] = {
+XALIGNED(16) static const word32 L_GCM_gmult_len_r[] = {
     0x00000000, 0x1c200000, 0x38400000, 0x24600000,
     0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000,
     0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000,
@@ -2504,17 +2533,26 @@ XALIGNED(16) static const uint32_t L_GCM_gmult_len_r[] = {
 void GCM_gmult_len(unsigned char* x, const unsigned char** m,
         const unsigned char* data, unsigned long len);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, const unsigned char* data_p, unsigned long len_p)
+void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p,
+    const unsigned char* data_p, unsigned long len_p)
 #else
-void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned char* data, unsigned long len)
+void GCM_gmult_len(unsigned char* x, const unsigned char** m,
+    const unsigned char* data, unsigned long len)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register unsigned char* x __asm__ ("r0") = (unsigned char*)x_p;
-    register const unsigned char** m __asm__ ("r1") = (const unsigned char**)m_p;
-    register const unsigned char* data __asm__ ("r2") = (const unsigned char*)data_p;
+    register const unsigned char** m __asm__ ("r1") =
+        (const unsigned char**)m_p;
+    register const unsigned char* data __asm__ ("r2") =
+        (const unsigned char*)data_p;
     register unsigned long len __asm__ ("r3") = (unsigned long)len_p;
-    register uint32_t* L_GCM_gmult_len_r_c __asm__ ("r4") = (uint32_t*)&L_GCM_gmult_len_r;
+    register word32* L_GCM_gmult_len_r_c __asm__ ("r4") =
+        (word32*)&L_GCM_gmult_len_r;
+
+#else
+    register word32* L_GCM_gmult_len_r_c = (word32*)&L_GCM_gmult_len_r;
+
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -2532,7 +2570,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "LSR	%[len], r12, #24\n\t"
         "AND	%[len], %[len], #0xf\n\t"
         "ADD	%[len], %[m], %[len], LSL #4\n\t"
-        "LDM	%[len], {r8, r9, r10, r11}\n\t"
+        "ldm   %[len], {r8, r9, r10, r11}\n\t"
         "LSR	r6, r10, #4\n\t"
         "AND	%[len], r11, #0xf\n\t"
         "LSR	r11, r11, #4\n\t"
@@ -2542,7 +2580,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2559,7 +2597,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2576,7 +2614,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2593,7 +2631,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2610,7 +2648,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2626,7 +2664,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2643,7 +2681,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2665,7 +2703,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "LSR	%[len], r12, #24\n\t"
         "AND	%[len], %[len], #0xf\n\t"
         "ADD	%[len], %[m], %[len], LSL #4\n\t"
-        "LDM	%[len], {r4, r5, r6, r7}\n\t"
+        "ldm   %[len], {r4, r5, r6, r7}\n\t"
         "EOR	r8, r8, r4\n\t"
         "EOR	r9, r9, r5\n\t"
         "EOR	r10, r10, r6\n\t"
@@ -2679,7 +2717,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2696,7 +2734,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2713,7 +2751,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2730,7 +2768,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2747,7 +2785,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2763,7 +2801,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2780,7 +2818,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2802,7 +2840,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "LSR	%[len], r12, #24\n\t"
         "AND	%[len], %[len], #0xf\n\t"
         "ADD	%[len], %[m], %[len], LSL #4\n\t"
-        "LDM	%[len], {r4, r5, r6, r7}\n\t"
+        "ldm   %[len], {r4, r5, r6, r7}\n\t"
         "EOR	r8, r8, r4\n\t"
         "EOR	r9, r9, r5\n\t"
         "EOR	r10, r10, r6\n\t"
@@ -2816,7 +2854,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2833,7 +2871,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2850,7 +2888,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2867,7 +2905,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2884,7 +2922,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2900,7 +2938,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2917,7 +2955,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2939,7 +2977,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "LSR	%[len], r12, #24\n\t"
         "AND	%[len], %[len], #0xf\n\t"
         "ADD	%[len], %[m], %[len], LSL #4\n\t"
-        "LDM	%[len], {r4, r5, r6, r7}\n\t"
+        "ldm   %[len], {r4, r5, r6, r7}\n\t"
         "EOR	r8, r8, r4\n\t"
         "EOR	r9, r9, r5\n\t"
         "EOR	r10, r10, r6\n\t"
@@ -2953,7 +2991,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2970,7 +3008,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -2987,7 +3025,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -3004,7 +3042,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -3021,7 +3059,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -3037,7 +3075,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -3054,7 +3092,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
         "ADD	r4, %[m], r4, LSL #4\n\t"
         "EOR	r10, r6, r9, LSL #28\n\t"
         "LSR	r9, r9, #4\n\t"
-        "LDM	r4, {r4, r5, r6, r7}\n\t"
+        "ldm   r4, {r4, r5, r6, r7}\n\t"
         "EOR	r9, r9, r8, LSL #28\n\t"
         "EOR	r8, %[len], r8, LSR #4\n\t"
         "EOR	r8, r8, r4\n\t"
@@ -3076,52 +3114,57 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha
 #else
         "BNE.W	L_GCM_gmult_len_start_block_%=\n\t"
 #endif
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len),
           [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c)
         :
-        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
-#else
-        : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len)
-        : [L_GCM_gmult_len_r] "r" (L_GCM_gmult_len_r)
-        : "memory", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11"
     );
 }
 
-static const uint32_t* L_AES_Thumb2_te_gcm = L_AES_Thumb2_te_data;
+static const word32* L_AES_Thumb2_te_gcm = L_AES_Thumb2_te_data;
 void AES_GCM_encrypt(const unsigned char* in, unsigned char* out,
         unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p)
+void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p,
+    unsigned long len_p, const unsigned char* ks_p, int nr_p,
+    unsigned char* ctr_p)
 #else
-void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr)
+void AES_GCM_encrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-    register const unsigned char* in __asm__ ("r0") = (const unsigned char*)in_p;
+    register const unsigned char* in __asm__ ("r0") =
+        (const unsigned char*)in_p;
     register unsigned char* out __asm__ ("r1") = (unsigned char*)out_p;
     register unsigned long len __asm__ ("r2") = (unsigned long)len_p;
-    register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p;
+    register const unsigned char* ks __asm__ ("r3") =
+        (const unsigned char*)ks_p;
     register int nr __asm__ ("r4") = (int)nr_p;
     register unsigned char* ctr __asm__ ("r5") = (unsigned char*)ctr_p;
-    register uint32_t* L_AES_Thumb2_te_gcm_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_gcm;
+    register word32* L_AES_Thumb2_te_gcm_c __asm__ ("r6") =
+        (word32*)L_AES_Thumb2_te_gcm;
+
+#else
+    register word32* L_AES_Thumb2_te_gcm_c = (word32*)L_AES_Thumb2_te_gcm;
+
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "MOV	r12, r4\n\t"
 #else
-        "LDR	r12, [sp, #36]\n\t"
+        "MOV	r12, %[nr]\n\t"
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         "MOV	r8, r5\n\t"
 #else
-        "LDR	r8, [sp, #40]\n\t"
+        "MOV	r8, %[ctr]\n\t"
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
         "MOV	lr, %[in]\n\t"
         "MOV	r0, %[L_AES_Thumb2_te_gcm]\n\t"
-        "LDM	r8, {r4, r5, r6, r7}\n\t"
+        "ldm   r8, {r4, r5, r6, r7}\n\t"
         "REV	r4, r4\n\t"
         "REV	r5, r5\n\t"
         "REV	r6, r6\n\t"
@@ -3153,7 +3196,7 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADD	r7, r7, #0x1\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "STR	r7, [lr, #12]\n\t"
         /* Round: 0 - XOR in key schedule */
         "EOR	r4, r4, r8\n\t"
@@ -3181,7 +3224,7 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "STR	r5, [%[out], #4]\n\t"
         "STR	r6, [%[out], #8]\n\t"
         "STR	r7, [%[out], #12]\n\t"
-        "LDM	r8, {r4, r5, r6, r7}\n\t"
+        "ldm   r8, {r4, r5, r6, r7}\n\t"
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
@@ -3214,7 +3257,7 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADD	r7, r7, #0x1\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "STR	r7, [lr, #12]\n\t"
         /* Round: 0 - XOR in key schedule */
         "EOR	r4, r4, r8\n\t"
@@ -3242,7 +3285,7 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "STR	r5, [%[out], #4]\n\t"
         "STR	r6, [%[out], #8]\n\t"
         "STR	r7, [%[out], #12]\n\t"
-        "LDM	r8, {r4, r5, r6, r7}\n\t"
+        "ldm   r8, {r4, r5, r6, r7}\n\t"
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
@@ -3275,7 +3318,7 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "PUSH	{r1, %[len], lr}\n\t"
         "LDR	lr, [sp, #16]\n\t"
         "ADD	r7, r7, #0x1\n\t"
-        "LDM	%[ks]!, {r8, r9, r10, r11}\n\t"
+        "ldm   %[ks]!, {r8, r9, r10, r11}\n\t"
         "STR	r7, [lr, #12]\n\t"
         /* Round: 0 - XOR in key schedule */
         "EOR	r4, r4, r8\n\t"
@@ -3303,7 +3346,7 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "STR	r5, [%[out], #4]\n\t"
         "STR	r6, [%[out], #8]\n\t"
         "STR	r7, [%[out], #12]\n\t"
-        "LDM	r8, {r4, r5, r6, r7}\n\t"
+        "ldm   r8, {r4, r5, r6, r7}\n\t"
         "SUBS	%[len], %[len], #0x10\n\t"
         "ADD	lr, lr, #0x10\n\t"
         "ADD	%[out], %[out], #0x10\n\t"
@@ -3326,27 +3369,16 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long
         "REV	r6, r6\n\t"
         "REV	r7, r7\n\t"
         "STM	r8, {r4, r5, r6, r7}\n\t"
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr),
+        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks),
+          [nr] "+r" (nr), [ctr] "+r" (ctr),
           [L_AES_Thumb2_te_gcm] "+r" (L_AES_Thumb2_te_gcm_c)
         :
-        : "memory", "r12", "lr", "r7", "r8", "r9", "r10", "r11", "cc"
-#else
-        : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks)
-        : [L_AES_Thumb2_te_gcm] "r" (L_AES_Thumb2_te_gcm)
-        : "memory", "r12", "lr", "r4", "r5", "r7", "r8", "r9", "r10", "r11", "cc"
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11"
     );
-#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
-    (void)nr;
-#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
-#ifdef WOLFSSL_NO_VAR_ASSIGN_REG
-    (void)ctr;
-#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 }
 
 #endif /* HAVE_AESGCM */
 #endif /* !NO_AES */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm.S b/wolfcrypt/src/port/arm/thumb2-chacha-asm.S
new file mode 100644
index 000000000..467db2ecf
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm.S
@@ -0,0 +1,573 @@
+/* thumb2-chacha-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./chacha/chacha.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm.S
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifndef WOLFSSL_ARMASM_INLINE
+	.thumb
+	.syntax unified
+#ifdef HAVE_CHACHA
+	.text
+	.align	4
+	.globl	wc_chacha_setiv
+	.type	wc_chacha_setiv, %function
+wc_chacha_setiv:
+	PUSH	{r4, r5, r6, lr}
+	ADD	r3, r0, #0x34
+	LDR	r4, [r1]
+	LDR	r5, [r1, #4]
+	LDR	r6, [r1, #8]
+	STR	r2, [r0, #48]
+#ifdef BIG_ENDIAN_ORDER
+	REV	r4, r4
+	REV	r5, r5
+	REV	r6, r6
+#endif /* BIG_ENDIAN_ORDER */
+	STM	r3, {r4, r5, r6}
+	POP	{r4, r5, r6, pc}
+	/* Cycle Count = 26 */
+	.size	wc_chacha_setiv,.-wc_chacha_setiv
+	.text
+	.type	L_chacha_thumb2_constants, %object
+	.size	L_chacha_thumb2_constants, 32
+	.align	4
+L_chacha_thumb2_constants:
+	.word	0x61707865
+	.word	0x3120646e
+	.word	0x79622d36
+	.word	0x6b206574
+	.word	0x61707865
+	.word	0x3320646e
+	.word	0x79622d32
+	.word	0x6b206574
+	.text
+	.align	4
+	.globl	wc_chacha_setkey
+	.type	wc_chacha_setkey, %function
+wc_chacha_setkey:
+	PUSH	{r4, r5, r6, r7, lr}
+	ADR	r7, L_chacha_thumb2_constants
+	SUBS	r2, r2, #0x10
+	ADD	r7, r7, r2
+	/* Start state with constants */
+	LDM	r7, {r3, r4, r5, r6}
+	STM	r0!, {r3, r4, r5, r6}
+	/* Next is first 16 bytes of key. */
+	LDR	r3, [r1]
+	LDR	r4, [r1, #4]
+	LDR	r5, [r1, #8]
+	LDR	r6, [r1, #12]
+#ifdef BIG_ENDIAN_ORDER
+	REV	r3, r3
+	REV	r4, r4
+	REV	r5, r5
+	REV	r6, r6
+#endif /* BIG_ENDIAN_ORDER */
+	STM	r0!, {r3, r4, r5, r6}
+	/* Next 16 bytes of key. */
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_setkey_same_keyb_ytes
+#else
+	BEQ.N	L_chacha_thumb2_setkey_same_keyb_ytes
+#endif
+	/* Update key pointer for next 16 bytes. */
+	ADD	r1, r1, r2
+	LDR	r3, [r1]
+	LDR	r4, [r1, #4]
+	LDR	r5, [r1, #8]
+	LDR	r6, [r1, #12]
+L_chacha_thumb2_setkey_same_keyb_ytes:
+	STM	r0, {r3, r4, r5, r6}
+	POP	{r4, r5, r6, r7, pc}
+	/* Cycle Count = 60 */
+	.size	wc_chacha_setkey,.-wc_chacha_setkey
+	.text
+	.align	4
+	.globl	wc_chacha_crypt_bytes
+	.type	wc_chacha_crypt_bytes, %function
+wc_chacha_crypt_bytes:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0x34
+	MOV	lr, r0
+	STRD	r0, r1, [sp, #32]
+	STRD	r2, r3, [sp, #40]
+L_chacha_thumb2_crypt_block:
+	/* Put x[12]..x[15] onto stack. */
+	LDRD	r4, r5, [lr, #48]
+	LDRD	r6, r7, [lr, #56]
+	STRD	r4, r5, [sp, #16]
+	STRD	r6, r7, [sp, #24]
+	/* Load x[0]..x[12] into registers. */
+	LDM	lr, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12}
+	/* 10x 2 full rounds to perform. */
+	MOV	lr, #0xa
+	STR	lr, [sp, #48]
+L_chacha_thumb2_crypt_loop:
+	/* 0, 4,  8, 12 */
+	/* 1, 5,  9, 13 */
+	LDR	lr, [sp, #20]
+	ADD	r0, r0, r4
+	ADD	r1, r1, r5
+	EOR	r12, r12, r0
+	EOR	lr, lr, r1
+	ROR	r12, r12, #16
+	ROR	lr, lr, #16
+	ADD	r8, r8, r12
+	ADD	r9, r9, lr
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	ROR	r4, r4, #20
+	ROR	r5, r5, #20
+	ADD	r0, r0, r4
+	ADD	r1, r1, r5
+	EOR	r12, r12, r0
+	EOR	lr, lr, r1
+	ROR	r12, r12, #24
+	ROR	lr, lr, #24
+	ADD	r8, r8, r12
+	ADD	r9, r9, lr
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	ROR	r4, r4, #25
+	ROR	r5, r5, #25
+	STR	r12, [sp, #16]
+	STR	lr, [sp, #20]
+	/* 2, 6, 10, 14 */
+	/* 3, 7, 11, 15 */
+	LDR	r12, [sp, #24]
+	LDR	lr, [sp, #28]
+	ADD	r2, r2, r6
+	ADD	r3, r3, r7
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	ROR	r12, r12, #16
+	ROR	lr, lr, #16
+	ADD	r10, r10, r12
+	ADD	r11, r11, lr
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	ROR	r6, r6, #20
+	ROR	r7, r7, #20
+	ADD	r2, r2, r6
+	ADD	r3, r3, r7
+	EOR	r12, r12, r2
+	EOR	lr, lr, r3
+	ROR	r12, r12, #24
+	ROR	lr, lr, #24
+	ADD	r10, r10, r12
+	ADD	r11, r11, lr
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	ROR	r6, r6, #25
+	ROR	r7, r7, #25
+	/* 3, 4,  9, 14 */
+	/* 0, 5, 10, 15 */
+	ADD	r3, r3, r4
+	ADD	r0, r0, r5
+	EOR	r12, r12, r3
+	EOR	lr, lr, r0
+	ROR	r12, r12, #16
+	ROR	lr, lr, #16
+	ADD	r9, r9, r12
+	ADD	r10, r10, lr
+	EOR	r4, r4, r9
+	EOR	r5, r5, r10
+	ROR	r4, r4, #20
+	ROR	r5, r5, #20
+	ADD	r3, r3, r4
+	ADD	r0, r0, r5
+	EOR	r12, r12, r3
+	EOR	lr, lr, r0
+	ROR	r12, r12, #24
+	ROR	lr, lr, #24
+	ADD	r9, r9, r12
+	ADD	r10, r10, lr
+	EOR	r4, r4, r9
+	EOR	r5, r5, r10
+	ROR	r4, r4, #25
+	ROR	r5, r5, #25
+	STR	r12, [sp, #24]
+	STR	lr, [sp, #28]
+	LDR	r12, [sp, #16]
+	LDR	lr, [sp, #20]
+	/* 1, 6, 11, 12 */
+	/* 2, 7,  8, 13 */
+	ADD	r1, r1, r6
+	ADD	r2, r2, r7
+	EOR	r12, r12, r1
+	EOR	lr, lr, r2
+	ROR	r12, r12, #16
+	ROR	lr, lr, #16
+	ADD	r11, r11, r12
+	ADD	r8, r8, lr
+	EOR	r6, r6, r11
+	EOR	r7, r7, r8
+	ROR	r6, r6, #20
+	ROR	r7, r7, #20
+	ADD	r1, r1, r6
+	ADD	r2, r2, r7
+	EOR	r12, r12, r1
+	EOR	lr, lr, r2
+	ROR	r12, r12, #24
+	ROR	lr, lr, #24
+	ADD	r11, r11, r12
+	ADD	r8, r8, lr
+	EOR	r6, r6, r11
+	EOR	r7, r7, r8
+	ROR	r6, r6, #25
+	ROR	r7, r7, #25
+	STR	lr, [sp, #20]
+	/* Check if we have done enough rounds. */
+	LDR	lr, [sp, #48]
+	SUBS	lr, lr, #0x1
+	STR	lr, [sp, #48]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGT	L_chacha_thumb2_crypt_loop
+#else
+	BGT.N	L_chacha_thumb2_crypt_loop
+#endif
+	STM	sp, {r8, r9, r10, r11, r12}
+	LDR	lr, [sp, #32]
+	MOV	r12, sp
+	/* Add in original state */
+	LDM	lr!, {r8, r9, r10, r11}
+	ADD	r0, r0, r8
+	ADD	r1, r1, r9
+	ADD	r2, r2, r10
+	ADD	r3, r3, r11
+	LDM	lr!, {r8, r9, r10, r11}
+	ADD	r4, r4, r8
+	ADD	r5, r5, r9
+	ADD	r6, r6, r10
+	ADD	r7, r7, r11
+	LDM	r12, {r8, r9}
+	LDM	lr!, {r10, r11}
+	ADD	r8, r8, r10
+	ADD	r9, r9, r11
+	STM	r12!, {r8, r9}
+	LDM	r12, {r8, r9}
+	LDM	lr!, {r10, r11}
+	ADD	r8, r8, r10
+	ADD	r9, r9, r11
+	STM	r12!, {r8, r9}
+	LDM	r12, {r8, r9}
+	LDM	lr!, {r10, r11}
+	ADD	r8, r8, r10
+	ADD	r9, r9, r11
+	ADD	r10, r10, #0x1
+	STM	r12!, {r8, r9}
+	STR	r10, [lr, #-8]
+	LDM	r12, {r8, r9}
+	LDM	lr, {r10, r11}
+	ADD	r8, r8, r10
+	ADD	r9, r9, r11
+	STM	r12, {r8, r9}
+	LDR	r12, [sp, #44]
+	CMP	r12, #0x40
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_crypt_lt_block
+#else
+	BLT.N	L_chacha_thumb2_crypt_lt_block
+#endif
+	LDR	r12, [sp, #40]
+	LDR	lr, [sp, #36]
+	/* XOR state into 64 bytes. */
+	LDR	r8, [r12]
+	LDR	r9, [r12, #4]
+	LDR	r10, [r12, #8]
+	LDR	r11, [r12, #12]
+	EOR	r0, r0, r8
+	EOR	r1, r1, r9
+	EOR	r2, r2, r10
+	EOR	r3, r3, r11
+	STR	r0, [lr]
+	STR	r1, [lr, #4]
+	STR	r2, [lr, #8]
+	STR	r3, [lr, #12]
+	LDR	r8, [r12, #16]
+	LDR	r9, [r12, #20]
+	LDR	r10, [r12, #24]
+	LDR	r11, [r12, #28]
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	STR	r4, [lr, #16]
+	STR	r5, [lr, #20]
+	STR	r6, [lr, #24]
+	STR	r7, [lr, #28]
+	LDR	r4, [sp]
+	LDR	r5, [sp, #4]
+	LDR	r6, [sp, #8]
+	LDR	r7, [sp, #12]
+	LDR	r8, [r12, #32]
+	LDR	r9, [r12, #36]
+	LDR	r10, [r12, #40]
+	LDR	r11, [r12, #44]
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	STR	r4, [lr, #32]
+	STR	r5, [lr, #36]
+	STR	r6, [lr, #40]
+	STR	r7, [lr, #44]
+	LDR	r4, [sp, #16]
+	LDR	r5, [sp, #20]
+	LDR	r6, [sp, #24]
+	LDR	r7, [sp, #28]
+	LDR	r8, [r12, #48]
+	LDR	r9, [r12, #52]
+	LDR	r10, [r12, #56]
+	LDR	r11, [r12, #60]
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	STR	r4, [lr, #48]
+	STR	r5, [lr, #52]
+	STR	r6, [lr, #56]
+	STR	r7, [lr, #60]
+	LDR	r3, [sp, #44]
+	ADD	r12, r12, #0x40
+	ADD	lr, lr, #0x40
+	STR	r12, [sp, #40]
+	STR	lr, [sp, #36]
+	SUBS	r3, r3, #0x40
+	LDR	lr, [sp, #32]
+	STR	r3, [sp, #44]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_chacha_thumb2_crypt_block
+#else
+	BNE.N	L_chacha_thumb2_crypt_block
+#endif
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_crypt_done
+#else
+	B.N	L_chacha_thumb2_crypt_done
+#endif
+L_chacha_thumb2_crypt_lt_block:
+	/* Store in over field of ChaCha. */
+	LDR	lr, [sp, #32]
+	ADD	r12, lr, #0x44
+	STM	r12!, {r0, r1, r2, r3, r4, r5, r6, r7}
+	LDM	sp, {r0, r1, r2, r3, r4, r5, r6, r7}
+	STM	r12, {r0, r1, r2, r3, r4, r5, r6, r7}
+	LDRD	r2, r3, [sp, #40]
+	LDR	r1, [sp, #36]
+	RSB	r12, r3, #0x40
+	STR	r12, [lr, #64]
+	ADD	lr, lr, #0x44
+L_chacha_thumb2_crypt_16byte_loop:
+	CMP	r3, #0x10
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_crypt_word_loop
+#else
+	BLT.N	L_chacha_thumb2_crypt_word_loop
+#endif
+	/* 16 bytes of state XORed into message. */
+	LDM	lr!, {r4, r5, r6, r7}
+	LDR	r8, [r2]
+	LDR	r9, [r2, #4]
+	LDR	r10, [r2, #8]
+	LDR	r11, [r2, #12]
+	EOR	r8, r8, r4
+	EOR	r9, r9, r5
+	EOR	r10, r10, r6
+	EOR	r11, r11, r7
+	SUBS	r3, r3, #0x10
+	STR	r8, [r1]
+	STR	r9, [r1, #4]
+	STR	r10, [r1, #8]
+	STR	r11, [r1, #12]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_crypt_done
+#else
+	BEQ.N	L_chacha_thumb2_crypt_done
+#endif
+	ADD	r2, r2, #0x10
+	ADD	r1, r1, #0x10
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_crypt_16byte_loop
+#else
+	B.N	L_chacha_thumb2_crypt_16byte_loop
+#endif
+L_chacha_thumb2_crypt_word_loop:
+	CMP	r3, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_crypt_byte_start
+#else
+	BLT.N	L_chacha_thumb2_crypt_byte_start
+#endif
+	/* 4 bytes of state XORed into message. */
+	LDR	r4, [lr]
+	LDR	r8, [r2]
+	EOR	r8, r8, r4
+	SUBS	r3, r3, #0x4
+	STR	r8, [r1]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_crypt_done
+#else
+	BEQ.N	L_chacha_thumb2_crypt_done
+#endif
+	ADD	lr, lr, #0x4
+	ADD	r2, r2, #0x4
+	ADD	r1, r1, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_crypt_word_loop
+#else
+	B.N	L_chacha_thumb2_crypt_word_loop
+#endif
+L_chacha_thumb2_crypt_byte_start:
+	LDR	r4, [lr]
+L_chacha_thumb2_crypt_byte_loop:
+	LDRB	r8, [r2]
+	EOR	r8, r8, r4
+	SUBS	r3, r3, #0x1
+	STRB	r8, [r1]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_crypt_done
+#else
+	BEQ.N	L_chacha_thumb2_crypt_done
+#endif
+	LSR	r4, r4, #8
+	ADD	r2, r2, #0x1
+	ADD	r1, r1, #0x1
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_crypt_byte_loop
+#else
+	B.N	L_chacha_thumb2_crypt_byte_loop
+#endif
+L_chacha_thumb2_crypt_done:
+	ADD	sp, sp, #0x34
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 508 */
+	.size	wc_chacha_crypt_bytes,.-wc_chacha_crypt_bytes
+	.text
+	.align	4
+	.globl	wc_chacha_use_over
+	.type	wc_chacha_use_over, %function
+wc_chacha_use_over:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+L_chacha_thumb2_over_16byte_loop:
+	CMP	r3, #0x10
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_over_word_loop
+#else
+	BLT.N	L_chacha_thumb2_over_word_loop
+#endif
+	/* 16 bytes of state XORed into message. */
+	LDR	r4, [r0]
+	LDR	r5, [r0, #4]
+	LDR	r6, [r0, #8]
+	LDR	r7, [r0, #12]
+	LDR	r8, [r2]
+	LDR	r9, [r2, #4]
+	LDR	r10, [r2, #8]
+	LDR	r11, [r2, #12]
+	EOR	r4, r4, r8
+	EOR	r5, r5, r9
+	EOR	r6, r6, r10
+	EOR	r7, r7, r11
+	SUBS	r3, r3, #0x10
+	STR	r4, [r1]
+	STR	r5, [r1, #4]
+	STR	r6, [r1, #8]
+	STR	r7, [r1, #12]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_over_done
+#else
+	BEQ.N	L_chacha_thumb2_over_done
+#endif
+	ADD	r0, r0, #0x10
+	ADD	r2, r2, #0x10
+	ADD	r1, r1, #0x10
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_over_16byte_loop
+#else
+	B.N	L_chacha_thumb2_over_16byte_loop
+#endif
+L_chacha_thumb2_over_word_loop:
+	CMP	r3, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_chacha_thumb2_over_byte_loop
+#else
+	BLT.N	L_chacha_thumb2_over_byte_loop
+#endif
+	/* 4 bytes of state XORed into message. */
+	LDR	r4, [r0]
+	LDR	r8, [r2]
+	EOR	r4, r4, r8
+	SUBS	r3, r3, #0x4
+	STR	r4, [r1]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_over_done
+#else
+	BEQ.N	L_chacha_thumb2_over_done
+#endif
+	ADD	r0, r0, #0x4
+	ADD	r2, r2, #0x4
+	ADD	r1, r1, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_over_word_loop
+#else
+	B.N	L_chacha_thumb2_over_word_loop
+#endif
+L_chacha_thumb2_over_byte_loop:
+	/* 4 bytes of state XORed into message. */
+	LDRB	r4, [r0]
+	LDRB	r8, [r2]
+	EOR	r4, r4, r8
+	SUBS	r3, r3, #0x1
+	STRB	r4, [r1]
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_chacha_thumb2_over_done
+#else
+	BEQ.N	L_chacha_thumb2_over_done
+#endif
+	ADD	r0, r0, #0x1
+	ADD	r2, r2, #0x1
+	ADD	r1, r1, #0x1
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_chacha_thumb2_over_byte_loop
+#else
+	B.N	L_chacha_thumb2_over_byte_loop
+#endif
+L_chacha_thumb2_over_done:
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 108 */
+	.size	wc_chacha_use_over,.-wc_chacha_use_over
+#endif /* HAVE_CHACHA */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section        .note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
new file mode 100644
index 000000000..fd10ca42f
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c
@@ -0,0 +1,733 @@
+/* thumb2-chacha-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./chacha/chacha.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm.c
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef HAVE_CHACHA
+#include <wolfssl/wolfcrypt/chacha.h>
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_setiv(word32* x_p, const byte* iv_p, word32 counter_p)
+#else
+void wc_chacha_setiv(word32* x, const byte* iv, word32 counter)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register word32* x __asm__ ("r0") = (word32*)x_p;
+    register const byte* iv __asm__ ("r1") = (const byte*)iv_p;
+    register word32 counter __asm__ ("r2") = (word32)counter_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "ADD	r3, %[x], #0x34\n\t"
+        "LDR	r4, [%[iv]]\n\t"
+        "LDR	r5, [%[iv], #4]\n\t"
+        "LDR	r6, [%[iv], #8]\n\t"
+        "STR	%[counter], [%[x], #48]\n\t"
+#ifdef BIG_ENDIAN_ORDER
+        "REV	r4, r4\n\t"
+        "REV	r5, r5\n\t"
+        "REV	r6, r6\n\t"
+#endif /* BIG_ENDIAN_ORDER */
+        "STM	r3, {r4, r5, r6}\n\t"
+        : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter)
+        :
+        : "memory", "cc", "r3", "r4", "r5", "r6"
+    );
+}
+
+XALIGNED(16) static const word32 L_chacha_thumb2_constants[] = {
+    0x61707865, 0x3120646e, 0x79622d36, 0x6b206574,
+    0x61707865, 0x3320646e, 0x79622d32, 0x6b206574,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p)
+#else
+void wc_chacha_setkey(word32* x, const byte* key, word32 keySz)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register word32* x __asm__ ("r0") = (word32*)x_p;
+    register const byte* key __asm__ ("r1") = (const byte*)key_p;
+    register word32 keySz __asm__ ("r2") = (word32)keySz_p;
+    register word32* L_chacha_thumb2_constants_c __asm__ ("r3") =
+        (word32*)&L_chacha_thumb2_constants;
+
+#else
+    register word32* L_chacha_thumb2_constants_c =
+        (word32*)&L_chacha_thumb2_constants;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r7, %[L_chacha_thumb2_constants]\n\t"
+        "SUBS	%[keySz], %[keySz], #0x10\n\t"
+        "ADD	r7, r7, %[keySz]\n\t"
+        /* Start state with constants */
+        "ldm   r7, {r3, r4, r5, r6}\n\t"
+        "STM	%[x]!, {r3, r4, r5, r6}\n\t"
+        /* Next is first 16 bytes of key. */
+        "LDR	r3, [%[key]]\n\t"
+        "LDR	r4, [%[key], #4]\n\t"
+        "LDR	r5, [%[key], #8]\n\t"
+        "LDR	r6, [%[key], #12]\n\t"
+#ifdef BIG_ENDIAN_ORDER
+        "REV	r3, r3\n\t"
+        "REV	r4, r4\n\t"
+        "REV	r5, r5\n\t"
+        "REV	r6, r6\n\t"
+#endif /* BIG_ENDIAN_ORDER */
+        "STM	%[x]!, {r3, r4, r5, r6}\n\t"
+        /* Next 16 bytes of key. */
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_setkey_same_keyb_ytes_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_setkey_same_keyb_ytes\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_setkey_same_keyb_ytes_%=\n\t"
+#endif
+        /* Update key pointer for next 16 bytes. */
+        "ADD	%[key], %[key], %[keySz]\n\t"
+        "LDR	r3, [%[key]]\n\t"
+        "LDR	r4, [%[key], #4]\n\t"
+        "LDR	r5, [%[key], #8]\n\t"
+        "LDR	r6, [%[key], #12]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_setkey_same_keyb_ytes:\n\t"
+#else
+    "L_chacha_thumb2_setkey_same_keyb_ytes_%=:\n\t"
+#endif
+        "STM	%[x], {r3, r4, r5, r6}\n\t"
+        : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz),
+          [L_chacha_thumb2_constants] "+r" (L_chacha_thumb2_constants_c)
+        :
+        : "memory", "cc", "r4", "r5", "r6", "r7"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p,
+    word32 len_p)
+#else
+void wc_chacha_crypt_bytes(ChaCha* ctx, byte* c, const byte* m, word32 len)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register ChaCha* ctx __asm__ ("r0") = (ChaCha*)ctx_p;
+    register byte* c __asm__ ("r1") = (byte*)c_p;
+    register const byte* m __asm__ ("r2") = (const byte*)m_p;
+    register word32 len __asm__ ("r3") = (word32)len_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0x34\n\t"
+        "MOV	lr, %[ctx]\n\t"
+        "STRD	%[ctx], %[c], [sp, #32]\n\t"
+        "STRD	%[m], %[len], [sp, #40]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_block:\n\t"
+#else
+    "L_chacha_thumb2_crypt_block_%=:\n\t"
+#endif
+        /* Put x[12]..x[15] onto stack. */
+        "LDRD	r4, r5, [lr, #48]\n\t"
+        "LDRD	r6, r7, [lr, #56]\n\t"
+        "STRD	r4, r5, [sp, #16]\n\t"
+        "STRD	r6, r7, [sp, #24]\n\t"
+        /* Load x[0]..x[12] into registers. */
+        "ldm   lr, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
+        /* 10x 2 full rounds to perform. */
+        "MOV	lr, #0xa\n\t"
+        "STR	lr, [sp, #48]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_loop:\n\t"
+#else
+    "L_chacha_thumb2_crypt_loop_%=:\n\t"
+#endif
+        /* 0, 4,  8, 12 */
+        /* 1, 5,  9, 13 */
+        "LDR	lr, [sp, #20]\n\t"
+        "ADD	%[ctx], %[ctx], r4\n\t"
+        "ADD	%[c], %[c], r5\n\t"
+        "EOR	r12, r12, %[ctx]\n\t"
+        "EOR	lr, lr, %[c]\n\t"
+        "ROR	r12, r12, #16\n\t"
+        "ROR	lr, lr, #16\n\t"
+        "ADD	r8, r8, r12\n\t"
+        "ADD	r9, r9, lr\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "ROR	r4, r4, #20\n\t"
+        "ROR	r5, r5, #20\n\t"
+        "ADD	%[ctx], %[ctx], r4\n\t"
+        "ADD	%[c], %[c], r5\n\t"
+        "EOR	r12, r12, %[ctx]\n\t"
+        "EOR	lr, lr, %[c]\n\t"
+        "ROR	r12, r12, #24\n\t"
+        "ROR	lr, lr, #24\n\t"
+        "ADD	r8, r8, r12\n\t"
+        "ADD	r9, r9, lr\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "ROR	r4, r4, #25\n\t"
+        "ROR	r5, r5, #25\n\t"
+        "STR	r12, [sp, #16]\n\t"
+        "STR	lr, [sp, #20]\n\t"
+        /* 2, 6, 10, 14 */
+        /* 3, 7, 11, 15 */
+        "LDR	r12, [sp, #24]\n\t"
+        "LDR	lr, [sp, #28]\n\t"
+        "ADD	%[m], %[m], r6\n\t"
+        "ADD	%[len], %[len], r7\n\t"
+        "EOR	r12, r12, %[m]\n\t"
+        "EOR	lr, lr, %[len]\n\t"
+        "ROR	r12, r12, #16\n\t"
+        "ROR	lr, lr, #16\n\t"
+        "ADD	r10, r10, r12\n\t"
+        "ADD	r11, r11, lr\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "ROR	r6, r6, #20\n\t"
+        "ROR	r7, r7, #20\n\t"
+        "ADD	%[m], %[m], r6\n\t"
+        "ADD	%[len], %[len], r7\n\t"
+        "EOR	r12, r12, %[m]\n\t"
+        "EOR	lr, lr, %[len]\n\t"
+        "ROR	r12, r12, #24\n\t"
+        "ROR	lr, lr, #24\n\t"
+        "ADD	r10, r10, r12\n\t"
+        "ADD	r11, r11, lr\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "ROR	r6, r6, #25\n\t"
+        "ROR	r7, r7, #25\n\t"
+        /* 3, 4,  9, 14 */
+        /* 0, 5, 10, 15 */
+        "ADD	%[len], %[len], r4\n\t"
+        "ADD	%[ctx], %[ctx], r5\n\t"
+        "EOR	r12, r12, %[len]\n\t"
+        "EOR	lr, lr, %[ctx]\n\t"
+        "ROR	r12, r12, #16\n\t"
+        "ROR	lr, lr, #16\n\t"
+        "ADD	r9, r9, r12\n\t"
+        "ADD	r10, r10, lr\n\t"
+        "EOR	r4, r4, r9\n\t"
+        "EOR	r5, r5, r10\n\t"
+        "ROR	r4, r4, #20\n\t"
+        "ROR	r5, r5, #20\n\t"
+        "ADD	%[len], %[len], r4\n\t"
+        "ADD	%[ctx], %[ctx], r5\n\t"
+        "EOR	r12, r12, %[len]\n\t"
+        "EOR	lr, lr, %[ctx]\n\t"
+        "ROR	r12, r12, #24\n\t"
+        "ROR	lr, lr, #24\n\t"
+        "ADD	r9, r9, r12\n\t"
+        "ADD	r10, r10, lr\n\t"
+        "EOR	r4, r4, r9\n\t"
+        "EOR	r5, r5, r10\n\t"
+        "ROR	r4, r4, #25\n\t"
+        "ROR	r5, r5, #25\n\t"
+        "STR	r12, [sp, #24]\n\t"
+        "STR	lr, [sp, #28]\n\t"
+        "LDR	r12, [sp, #16]\n\t"
+        "LDR	lr, [sp, #20]\n\t"
+        /* 1, 6, 11, 12 */
+        /* 2, 7,  8, 13 */
+        "ADD	%[c], %[c], r6\n\t"
+        "ADD	%[m], %[m], r7\n\t"
+        "EOR	r12, r12, %[c]\n\t"
+        "EOR	lr, lr, %[m]\n\t"
+        "ROR	r12, r12, #16\n\t"
+        "ROR	lr, lr, #16\n\t"
+        "ADD	r11, r11, r12\n\t"
+        "ADD	r8, r8, lr\n\t"
+        "EOR	r6, r6, r11\n\t"
+        "EOR	r7, r7, r8\n\t"
+        "ROR	r6, r6, #20\n\t"
+        "ROR	r7, r7, #20\n\t"
+        "ADD	%[c], %[c], r6\n\t"
+        "ADD	%[m], %[m], r7\n\t"
+        "EOR	r12, r12, %[c]\n\t"
+        "EOR	lr, lr, %[m]\n\t"
+        "ROR	r12, r12, #24\n\t"
+        "ROR	lr, lr, #24\n\t"
+        "ADD	r11, r11, r12\n\t"
+        "ADD	r8, r8, lr\n\t"
+        "EOR	r6, r6, r11\n\t"
+        "EOR	r7, r7, r8\n\t"
+        "ROR	r6, r6, #25\n\t"
+        "ROR	r7, r7, #25\n\t"
+        "STR	lr, [sp, #20]\n\t"
+        /* Check if we have done enough rounds. */
+        "LDR	lr, [sp, #48]\n\t"
+        "SUBS	lr, lr, #0x1\n\t"
+        "STR	lr, [sp, #48]\n\t"
+#if defined(__GNUC__)
+        "BGT	L_chacha_thumb2_crypt_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_chacha_thumb2_crypt_loop\n\t"
+#else
+        "BGT.N	L_chacha_thumb2_crypt_loop_%=\n\t"
+#endif
+        "STM	sp, {r8, r9, r10, r11, r12}\n\t"
+        "LDR	lr, [sp, #32]\n\t"
+        "MOV	r12, sp\n\t"
+        /* Add in original state */
+        "ldm   lr!, {r8, r9, r10, r11}\n\t"
+        "ADD	%[ctx], %[ctx], r8\n\t"
+        "ADD	%[c], %[c], r9\n\t"
+        "ADD	%[m], %[m], r10\n\t"
+        "ADD	%[len], %[len], r11\n\t"
+        "ldm   lr!, {r8, r9, r10, r11}\n\t"
+        "ADD	r4, r4, r8\n\t"
+        "ADD	r5, r5, r9\n\t"
+        "ADD	r6, r6, r10\n\t"
+        "ADD	r7, r7, r11\n\t"
+        "ldm   r12, {r8, r9}\n\t"
+        "ldm   lr!, {r10, r11}\n\t"
+        "ADD	r8, r8, r10\n\t"
+        "ADD	r9, r9, r11\n\t"
+        "STM	r12!, {r8, r9}\n\t"
+        "ldm   r12, {r8, r9}\n\t"
+        "ldm   lr!, {r10, r11}\n\t"
+        "ADD	r8, r8, r10\n\t"
+        "ADD	r9, r9, r11\n\t"
+        "STM	r12!, {r8, r9}\n\t"
+        "ldm   r12, {r8, r9}\n\t"
+        "ldm   lr!, {r10, r11}\n\t"
+        "ADD	r8, r8, r10\n\t"
+        "ADD	r9, r9, r11\n\t"
+        "ADD	r10, r10, #0x1\n\t"
+        "STM	r12!, {r8, r9}\n\t"
+        "STR	r10, [lr, #-8]\n\t"
+        "ldm   r12, {r8, r9}\n\t"
+        "ldm   lr, {r10, r11}\n\t"
+        "ADD	r8, r8, r10\n\t"
+        "ADD	r9, r9, r11\n\t"
+        "STM	r12, {r8, r9}\n\t"
+        "LDR	r12, [sp, #44]\n\t"
+        "CMP	r12, #0x40\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_crypt_lt_block_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_crypt_lt_block\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_crypt_lt_block_%=\n\t"
+#endif
+        "LDR	r12, [sp, #40]\n\t"
+        "LDR	lr, [sp, #36]\n\t"
+        /* XOR state into 64 bytes. */
+        "LDR	r8, [r12]\n\t"
+        "LDR	r9, [r12, #4]\n\t"
+        "LDR	r10, [r12, #8]\n\t"
+        "LDR	r11, [r12, #12]\n\t"
+        "EOR	%[ctx], %[ctx], r8\n\t"
+        "EOR	%[c], %[c], r9\n\t"
+        "EOR	%[m], %[m], r10\n\t"
+        "EOR	%[len], %[len], r11\n\t"
+        "STR	%[ctx], [lr]\n\t"
+        "STR	%[c], [lr, #4]\n\t"
+        "STR	%[m], [lr, #8]\n\t"
+        "STR	%[len], [lr, #12]\n\t"
+        "LDR	r8, [r12, #16]\n\t"
+        "LDR	r9, [r12, #20]\n\t"
+        "LDR	r10, [r12, #24]\n\t"
+        "LDR	r11, [r12, #28]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "STR	r4, [lr, #16]\n\t"
+        "STR	r5, [lr, #20]\n\t"
+        "STR	r6, [lr, #24]\n\t"
+        "STR	r7, [lr, #28]\n\t"
+        "LDR	r4, [sp]\n\t"
+        "LDR	r5, [sp, #4]\n\t"
+        "LDR	r6, [sp, #8]\n\t"
+        "LDR	r7, [sp, #12]\n\t"
+        "LDR	r8, [r12, #32]\n\t"
+        "LDR	r9, [r12, #36]\n\t"
+        "LDR	r10, [r12, #40]\n\t"
+        "LDR	r11, [r12, #44]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "STR	r4, [lr, #32]\n\t"
+        "STR	r5, [lr, #36]\n\t"
+        "STR	r6, [lr, #40]\n\t"
+        "STR	r7, [lr, #44]\n\t"
+        "LDR	r4, [sp, #16]\n\t"
+        "LDR	r5, [sp, #20]\n\t"
+        "LDR	r6, [sp, #24]\n\t"
+        "LDR	r7, [sp, #28]\n\t"
+        "LDR	r8, [r12, #48]\n\t"
+        "LDR	r9, [r12, #52]\n\t"
+        "LDR	r10, [r12, #56]\n\t"
+        "LDR	r11, [r12, #60]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "STR	r4, [lr, #48]\n\t"
+        "STR	r5, [lr, #52]\n\t"
+        "STR	r6, [lr, #56]\n\t"
+        "STR	r7, [lr, #60]\n\t"
+        "LDR	%[len], [sp, #44]\n\t"
+        "ADD	r12, r12, #0x40\n\t"
+        "ADD	lr, lr, #0x40\n\t"
+        "STR	r12, [sp, #40]\n\t"
+        "STR	lr, [sp, #36]\n\t"
+        "SUBS	%[len], %[len], #0x40\n\t"
+        "LDR	lr, [sp, #32]\n\t"
+        "STR	%[len], [sp, #44]\n\t"
+#if defined(__GNUC__)
+        "BNE	L_chacha_thumb2_crypt_block_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_chacha_thumb2_crypt_block\n\t"
+#else
+        "BNE.N	L_chacha_thumb2_crypt_block_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_crypt_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_crypt_done\n\t"
+#else
+        "B.N	L_chacha_thumb2_crypt_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_lt_block:\n\t"
+#else
+    "L_chacha_thumb2_crypt_lt_block_%=:\n\t"
+#endif
+        /* Store in over field of ChaCha. */
+        "LDR	lr, [sp, #32]\n\t"
+        "ADD	r12, lr, #0x44\n\t"
+        "STM	r12!, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t"
+        "ldm   sp, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+        "STM	r12, {%[ctx], %[c], %[m], %[len], r4, r5, r6, r7}\n\t"
+        "LDRD	%[m], %[len], [sp, #40]\n\t"
+        "LDR	%[c], [sp, #36]\n\t"
+        "RSB	r12, %[len], #0x40\n\t"
+        "STR	r12, [lr, #64]\n\t"
+        "ADD	lr, lr, #0x44\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_16byte_loop:\n\t"
+#else
+    "L_chacha_thumb2_crypt_16byte_loop_%=:\n\t"
+#endif
+        "CMP	%[len], #0x10\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_crypt_word_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_crypt_word_loop\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_crypt_word_loop_%=\n\t"
+#endif
+        /* 16 bytes of state XORed into message. */
+        "ldm   lr!, {r4, r5, r6, r7}\n\t"
+        "LDR	r8, [%[m]]\n\t"
+        "LDR	r9, [%[m], #4]\n\t"
+        "LDR	r10, [%[m], #8]\n\t"
+        "LDR	r11, [%[m], #12]\n\t"
+        "EOR	r8, r8, r4\n\t"
+        "EOR	r9, r9, r5\n\t"
+        "EOR	r10, r10, r6\n\t"
+        "EOR	r11, r11, r7\n\t"
+        "SUBS	%[len], %[len], #0x10\n\t"
+        "STR	r8, [%[c]]\n\t"
+        "STR	r9, [%[c], #4]\n\t"
+        "STR	r10, [%[c], #8]\n\t"
+        "STR	r11, [%[c], #12]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_crypt_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_crypt_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_crypt_done_%=\n\t"
+#endif
+        "ADD	%[m], %[m], #0x10\n\t"
+        "ADD	%[c], %[c], #0x10\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_crypt_16byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_crypt_16byte_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_crypt_16byte_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_word_loop:\n\t"
+#else
+    "L_chacha_thumb2_crypt_word_loop_%=:\n\t"
+#endif
+        "CMP	%[len], #0x4\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_crypt_byte_start_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_crypt_byte_start\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_crypt_byte_start_%=\n\t"
+#endif
+        /* 4 bytes of state XORed into message. */
+        "LDR	r4, [lr]\n\t"
+        "LDR	r8, [%[m]]\n\t"
+        "EOR	r8, r8, r4\n\t"
+        "SUBS	%[len], %[len], #0x4\n\t"
+        "STR	r8, [%[c]]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_crypt_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_crypt_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_crypt_done_%=\n\t"
+#endif
+        "ADD	lr, lr, #0x4\n\t"
+        "ADD	%[m], %[m], #0x4\n\t"
+        "ADD	%[c], %[c], #0x4\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_crypt_word_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_crypt_word_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_crypt_word_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_byte_start:\n\t"
+#else
+    "L_chacha_thumb2_crypt_byte_start_%=:\n\t"
+#endif
+        "LDR	r4, [lr]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_byte_loop:\n\t"
+#else
+    "L_chacha_thumb2_crypt_byte_loop_%=:\n\t"
+#endif
+        "LDRB	r8, [%[m]]\n\t"
+        "EOR	r8, r8, r4\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "STRB	r8, [%[c]]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_crypt_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_crypt_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_crypt_done_%=\n\t"
+#endif
+        "LSR	r4, r4, #8\n\t"
+        "ADD	%[m], %[m], #0x1\n\t"
+        "ADD	%[c], %[c], #0x1\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_crypt_byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_crypt_byte_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_crypt_byte_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_crypt_done:\n\t"
+#else
+    "L_chacha_thumb2_crypt_done_%=:\n\t"
+#endif
+        "ADD	sp, sp, #0x34\n\t"
+        : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len)
+        :
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12", "lr"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p,
+    word32 len_p)
+#else
+void wc_chacha_use_over(byte* over, byte* output, const byte* input, word32 len)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register byte* over __asm__ ("r0") = (byte*)over_p;
+    register byte* output __asm__ ("r1") = (byte*)output_p;
+    register const byte* input __asm__ ("r2") = (const byte*)input_p;
+    register word32 len __asm__ ("r3") = (word32)len_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_over_16byte_loop:\n\t"
+#else
+    "L_chacha_thumb2_over_16byte_loop_%=:\n\t"
+#endif
+        "CMP	%[len], #0x10\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_over_word_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_over_word_loop\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_over_word_loop_%=\n\t"
+#endif
+        /* 16 bytes of state XORed into message. */
+        "LDR	r4, [%[over]]\n\t"
+        "LDR	r5, [%[over], #4]\n\t"
+        "LDR	r6, [%[over], #8]\n\t"
+        "LDR	r7, [%[over], #12]\n\t"
+        "LDR	r8, [%[input]]\n\t"
+        "LDR	r9, [%[input], #4]\n\t"
+        "LDR	r10, [%[input], #8]\n\t"
+        "LDR	r11, [%[input], #12]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "EOR	r5, r5, r9\n\t"
+        "EOR	r6, r6, r10\n\t"
+        "EOR	r7, r7, r11\n\t"
+        "SUBS	%[len], %[len], #0x10\n\t"
+        "STR	r4, [%[output]]\n\t"
+        "STR	r5, [%[output], #4]\n\t"
+        "STR	r6, [%[output], #8]\n\t"
+        "STR	r7, [%[output], #12]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_over_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_over_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_over_done_%=\n\t"
+#endif
+        "ADD	%[over], %[over], #0x10\n\t"
+        "ADD	%[input], %[input], #0x10\n\t"
+        "ADD	%[output], %[output], #0x10\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_over_16byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_over_16byte_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_over_16byte_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_over_word_loop:\n\t"
+#else
+    "L_chacha_thumb2_over_word_loop_%=:\n\t"
+#endif
+        "CMP	%[len], #0x4\n\t"
+#if defined(__GNUC__)
+        "BLT	L_chacha_thumb2_over_byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_chacha_thumb2_over_byte_loop\n\t"
+#else
+        "BLT.N	L_chacha_thumb2_over_byte_loop_%=\n\t"
+#endif
+        /* 4 bytes of state XORed into message. */
+        "LDR	r4, [%[over]]\n\t"
+        "LDR	r8, [%[input]]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "SUBS	%[len], %[len], #0x4\n\t"
+        "STR	r4, [%[output]]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_over_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_over_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_over_done_%=\n\t"
+#endif
+        "ADD	%[over], %[over], #0x4\n\t"
+        "ADD	%[input], %[input], #0x4\n\t"
+        "ADD	%[output], %[output], #0x4\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_over_word_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_over_word_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_over_word_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_over_byte_loop:\n\t"
+#else
+    "L_chacha_thumb2_over_byte_loop_%=:\n\t"
+#endif
+        /* 4 bytes of state XORed into message. */
+        "LDRB	r4, [%[over]]\n\t"
+        "LDRB	r8, [%[input]]\n\t"
+        "EOR	r4, r4, r8\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "STRB	r4, [%[output]]\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_chacha_thumb2_over_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_chacha_thumb2_over_done\n\t"
+#else
+        "BEQ.N	L_chacha_thumb2_over_done_%=\n\t"
+#endif
+        "ADD	%[over], %[over], #0x1\n\t"
+        "ADD	%[input], %[input], #0x1\n\t"
+        "ADD	%[output], %[output], #0x1\n\t"
+#if defined(__GNUC__)
+        "B	L_chacha_thumb2_over_byte_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_chacha_thumb2_over_byte_loop\n\t"
+#else
+        "B.N	L_chacha_thumb2_over_byte_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_chacha_thumb2_over_done:\n\t"
+#else
+    "L_chacha_thumb2_over_done_%=:\n\t"
+#endif
+        : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input),
+          [len] "+r" (len)
+        :
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
+    );
+}
+
+#endif /* HAVE_CHACHA */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-chacha.c b/wolfcrypt/src/port/arm/thumb2-chacha.c
new file mode 100644
index 000000000..21f6b6594
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-chacha.c
@@ -0,0 +1,171 @@
+/* thumb2-chacha.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
+#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_ARMASM_THUMB2)
+#ifdef HAVE_CHACHA
+
+#include <wolfssl/wolfcrypt/chacha.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef CHACHA_AEAD_TEST
+    #include <stdio.h>
+#endif
+
+#ifdef CHACHA_TEST
+    #include <stdio.h>
+#endif
+
+
+/* Set the Initialization Vector (IV) and counter into ChaCha context.
+ *
+ * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
+ * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
+ *
+ * @param [in] ctx      ChaCha context.
+ * @param [in] iv       IV to set.
+ * @param [in] counter  Starting value of counter.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or IV is NULL.
+ */
+int wc_Chacha_SetIV(ChaCha* ctx, const byte* iv, word32 counter)
+{
+    int ret = 0;
+#ifdef CHACHA_AEAD_TEST
+    word32 i;
+
+    printf("NONCE : ");
+    if (iv != NULL) {
+        for (i = 0; i < CHACHA_IV_BYTES; i++) {
+            printf("%02x", iv[i]);
+        }
+    }
+    printf("\n\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (iv == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* No unused bytes to XOR into input. */
+        ctx->left = 0;
+
+        /* Set counter and IV into state. */
+        wc_chacha_setiv(ctx->X, iv, counter);
+    }
+
+    return ret;
+}
+
+/* Set the key into the ChaCha context.
+ *
+ * Key setup. 8 word iv (nonce)
+ *
+ * @param [in] ctx    ChaCha context.
+ * @param [in] key    Key to set.
+ * @param [in] keySz  Length of key in bytes. Valid values:
+ *                        CHACHA_MAX_KEY_SZ and (CHACHA_MAX_KEY_SZ / 2)
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or key is NULL.
+ * @return  BAD_FUNC_ARG when keySz is invalid.
+ */
+int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
+{
+    int ret = 0;
+
+#ifdef CHACHA_AEAD_TEST
+    printf("ChaCha key used :\n");
+    if (key != NULL) {
+        word32 i;
+        for (i = 0; i < keySz; i++) {
+            printf("%02x", key[i]);
+            if ((i % 8) == 7)
+               printf("\n");
+        }
+    }
+    printf("\n\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (key == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    else if ((keySz != (CHACHA_MAX_KEY_SZ / 2)) &&
+             (keySz !=  CHACHA_MAX_KEY_SZ     )) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        ctx->left = 0;
+
+        wc_chacha_setkey(ctx->X, key, keySz);
+    }
+
+    return ret;
+}
+
+/* API to encrypt/decrypt a message of any size.
+ *
+ * @param [in]  ctx     ChaCha context.
+ * @param [out] output  Enciphered output.
+ * @param [in]  input   Input to encipher.
+ * @param [in]  len     Length of input in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx, output or input is NULL.
+ */
+int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input, word32 len)
+{
+    int ret = 0;
+
+    if ((ctx == NULL) || (output == NULL) || (input == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Handle left over bytes from last block. */
+    if ((ret == 0) && (len > 0) && (ctx->left > 0)) {
+        byte* over = ((byte*)ctx->over) + CHACHA_CHUNK_BYTES - ctx->left;
+        word32 l = min(len, ctx->left);
+
+        wc_chacha_use_over(over, output, input, l);
+
+        ctx->left -= l;
+        input += l;
+        output += l;
+        len -= l;
+    }
+
+    if ((ret == 0) && (len != 0)) {
+        wc_chacha_crypt_bytes(ctx, output, input, len);
+    }
+
+    return ret;
+}
+
+#endif /* HAVE_CHACHA */
+#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */
diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519.S b/wolfcrypt/src/port/arm/thumb2-curve25519.S
index 42da2f45f..1b43df55c 100644
--- a/wolfcrypt/src/port/arm/thumb2-curve25519.S
+++ b/wolfcrypt/src/port/arm/thumb2-curve25519.S
@@ -1,6 +1,6 @@
 /* thumb2-curve25519
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,14 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./x25519/x25519.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519.S
+ *   ruby ./x25519/x25519.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519.S
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -1511,7 +1509,7 @@ fe_cmov_table:
 #endif /* WC_NO_CACHE_RESISTANT */
 #endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	fe_mul_op
@@ -2023,7 +2021,7 @@ fe_mul_op:
 	POP	{pc}
 	/* Cycle Count = 239 */
 	.size	fe_mul_op,.-fe_mul_op
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 	.text
 	.align	4
 	.globl	fe_mul
@@ -2034,7 +2032,7 @@ fe_mul:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 24 */
 	.size	fe_mul,.-fe_mul
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	fe_sq_op
@@ -2425,7 +2423,7 @@ fe_sq_op:
 	POP	{pc}
 	/* Cycle Count = 179 */
 	.size	fe_sq_op,.-fe_sq_op
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 	.text
 	.align	4
 	.globl	fe_sq
@@ -2437,7 +2435,7 @@ fe_sq:
 	/* Cycle Count = 24 */
 	.size	fe_sq,.-fe_sq
 #ifdef HAVE_CURVE25519
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	fe_mul121666
@@ -2524,7 +2522,7 @@ fe_mul121666:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 69 */
 	.size	fe_mul121666,.-fe_mul121666
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WC_NO_CACHE_RESISTANT
 	.text
 	.align	4
@@ -3466,7 +3464,7 @@ L_fe_invert8:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 292 */
 	.size	fe_invert,.-fe_invert
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	fe_sq2
@@ -3925,7 +3923,7 @@ fe_sq2:
 	POP	{pc}
 	/* Cycle Count = 213 */
 	.size	fe_sq2,.-fe_sq2
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 	.text
 	.align	4
 	.globl	fe_pow22523
@@ -4535,7 +4533,7 @@ ge_sub:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 138 */
 	.size	ge_sub,.-ge_sub
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	sc_reduce
@@ -5258,9 +5256,9 @@ sc_reduce:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 502 */
 	.size	sc_reduce,.-sc_reduce
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifdef HAVE_ED25519_SIGN
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 	.text
 	.align	4
 	.globl	sc_muladd
@@ -6470,13 +6468,13 @@ sc_muladd:
 	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
 	/* Cycle Count = 752 */
 	.size	sc_muladd,.-sc_muladd
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #endif /* HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c
index 21ad67bac..5c96b91a2 100644
--- a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c
@@ -1,6 +1,6 @@
 /* thumb2-curve25519
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,17 +21,15 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./x25519/x25519.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519.c
+ *   ruby ./x25519/x25519.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519.c
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
 #ifdef __IAR_SYSTEMS_ICC__
@@ -155,7 +153,7 @@ void fe_add_sub_op()
         /*   Add -modulus on underflow */
         "MOV	lr, #0x13\n\t"
         "AND	lr, lr, r11, ASR #31\n\t"
-        "LDM	r1, {r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   r1, {r4, r5, r6, r7, r8, r9}\n\t"
         "SUBS	r4, r4, lr\n\t"
         "SBCS	r5, r5, #0x0\n\t"
         "SBCS	r6, r6, #0x0\n\t"
@@ -169,7 +167,7 @@ void fe_add_sub_op()
         /* Done Add-Sub */
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -184,13 +182,13 @@ void fe_sub_op()
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
     __asm__ __volatile__ (
         /* Sub */
-        "LDM	r2!, {r6, r7, r8, r9, r10, r11, r12, lr}\n\t"
-        "LDM	r1!, {r2, r3, r4, r5}\n\t"
+        "ldm   r2!, {r6, r7, r8, r9, r10, r11, r12, lr}\n\t"
+        "ldm   r1!, {r2, r3, r4, r5}\n\t"
         "SUBS	r6, r2, r6\n\t"
         "SBCS	r7, r3, r7\n\t"
         "SBCS	r8, r4, r8\n\t"
         "SBCS	r9, r5, r9\n\t"
-        "LDM	r1!, {r2, r3, r4, r5}\n\t"
+        "ldm   r1!, {r2, r3, r4, r5}\n\t"
         "SBCS	r10, r2, r10\n\t"
         "SBCS	r11, r3, r11\n\t"
         "SBCS	r12, r4, r12\n\t"
@@ -210,7 +208,7 @@ void fe_sub_op()
         /* Done Sub */
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -230,7 +228,8 @@ void fe_sub(fe r, const fe a, const fe b)
         "BL	fe_sub_op\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -245,13 +244,13 @@ void fe_add_op()
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
     __asm__ __volatile__ (
         /* Add */
-        "LDM	r2!, {r6, r7, r8, r9, r10, r11, r12, lr}\n\t"
-        "LDM	r1!, {r2, r3, r4, r5}\n\t"
+        "ldm   r2!, {r6, r7, r8, r9, r10, r11, r12, lr}\n\t"
+        "ldm   r1!, {r2, r3, r4, r5}\n\t"
         "ADDS	r6, r2, r6\n\t"
         "ADCS	r7, r3, r7\n\t"
         "ADCS	r8, r4, r8\n\t"
         "ADCS	r9, r5, r9\n\t"
-        "LDM	r1!, {r2, r3, r4, r5}\n\t"
+        "ldm   r1!, {r2, r3, r4, r5}\n\t"
         "ADCS	r10, r2, r10\n\t"
         "ADCS	r11, r3, r11\n\t"
         "ADCS	r12, r4, r12\n\t"
@@ -271,7 +270,7 @@ void fe_add_op()
         /* Done Add */
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -291,7 +290,8 @@ void fe_add(fe r, const fe a, const fe b)
         "BL	fe_add_op\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -304,7 +304,8 @@ void fe_frombytes(fe out, const unsigned char* in)
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register sword32* out __asm__ ("r0") = (sword32*)out_p;
-    register const unsigned char* in __asm__ ("r1") = (const unsigned char*)in_p;
+    register const unsigned char* in __asm__ ("r1") =
+        (const unsigned char*)in_p;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -327,7 +328,7 @@ void fe_frombytes(fe out, const unsigned char* in)
         "STR	r9, [%[out], #28]\n\t"
         : [out] "+r" (out), [in] "+r" (in)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -343,7 +344,7 @@ void fe_tobytes(unsigned char* out, const fe n)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
-        "LDM	%[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   %[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "ADDS	r10, r2, #0x13\n\t"
         "ADCS	r10, r3, #0x0\n\t"
         "ADCS	r10, r4, #0x0\n\t"
@@ -373,7 +374,7 @@ void fe_tobytes(unsigned char* out, const fe n)
         "STR	r9, [%[out], #28]\n\t"
         : [out] "+r" (out), [n] "+r" (n)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
 }
 
@@ -400,7 +401,7 @@ void fe_1(fe n)
         "STM	%[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         : [n] "+r" (n)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -427,7 +428,7 @@ void fe_0(fe n)
         "STM	%[n], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         : [n] "+r" (n)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -454,7 +455,7 @@ void fe_copy(fe r, const fe a)
         "STRD	r4, r5, [%[r], #24]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5"
     );
 }
 
@@ -472,14 +473,14 @@ void fe_neg(fe r, const fe a)
     __asm__ __volatile__ (
         "MVN	r7, #0x0\n\t"
         "MVN	r6, #0x12\n\t"
-        "LDM	%[a]!, {r2, r3, r4, r5}\n\t"
+        "ldm   %[a]!, {r2, r3, r4, r5}\n\t"
         "SUBS	r2, r6, r2\n\t"
         "SBCS	r3, r7, r3\n\t"
         "SBCS	r4, r7, r4\n\t"
         "SBCS	r5, r7, r5\n\t"
         "STM	%[r]!, {r2, r3, r4, r5}\n\t"
         "MVN	r6, #0x80000000\n\t"
-        "LDM	%[a]!, {r2, r3, r4, r5}\n\t"
+        "ldm   %[a]!, {r2, r3, r4, r5}\n\t"
         "SBCS	r2, r7, r2\n\t"
         "SBCS	r3, r7, r3\n\t"
         "SBCS	r4, r7, r4\n\t"
@@ -487,7 +488,7 @@ void fe_neg(fe r, const fe a)
         "STM	%[r]!, {r2, r3, r4, r5}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7"
     );
 }
 
@@ -502,7 +503,7 @@ int fe_isnonzero(const fe a)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
-        "LDM	%[a], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   %[a], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "ADDS	r1, r2, #0x13\n\t"
         "ADCS	r1, r3, #0x0\n\t"
         "ADCS	r1, r4, #0x0\n\t"
@@ -531,9 +532,10 @@ int fe_isnonzero(const fe a)
         "ORR	%[a], r2, r4\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -547,12 +549,12 @@ int fe_isnegative(const fe a)
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
-        "LDM	%[a]!, {r2, r3, r4, r5}\n\t"
+        "ldm   %[a]!, {r2, r3, r4, r5}\n\t"
         "ADDS	r1, r2, #0x13\n\t"
         "ADCS	r1, r3, #0x0\n\t"
         "ADCS	r1, r4, #0x0\n\t"
         "ADCS	r1, r5, #0x0\n\t"
-        "LDM	%[a], {r2, r3, r4, r5}\n\t"
+        "ldm   %[a], {r2, r3, r4, r5}\n\t"
         "ADCS	r1, r2, #0x0\n\t"
         "ADCS	r1, r3, #0x0\n\t"
         "ADCS	r1, r4, #0x0\n\t"
@@ -563,9 +565,9 @@ int fe_isnegative(const fe a)
         "EOR	%[a], %[a], r1\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN)
@@ -1548,7 +1550,8 @@ void fe_cmov_table(fe* r, fe* base, signed char b)
         "STRD	r8, r9, [%[r], #88]\n\t"
         : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r3", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r3", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -1578,7 +1581,7 @@ void fe_cmov_table(fe* r, fe* base, signed char b)
         "MOV	r12, #0x60\n\t"
         "MUL	%[b], %[b], r12\n\t"
         "ADD	%[base], %[base], %[b]\n\t"
-        "LDM	%[base]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
+        "ldm   %[base]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "AND	r4, r4, lr\n\t"
         "AND	r5, r5, lr\n\t"
         "AND	r6, r6, lr\n\t"
@@ -1594,7 +1597,7 @@ void fe_cmov_table(fe* r, fe* base, signed char b)
         "ADD	%[r], %[r], r12\n\t"
         "STM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "SUB	%[r], %[r], r12\n\t"
-        "LDM	%[base]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
+        "ldm   %[base]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "AND	r4, r4, lr\n\t"
         "AND	r5, r5, lr\n\t"
         "AND	r6, r6, lr\n\t"
@@ -1611,7 +1614,7 @@ void fe_cmov_table(fe* r, fe* base, signed char b)
         "STM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "SUB	%[r], %[r], r12\n\t"
         "ADD	%[r], %[r], #0x40\n\t"
-        "LDM	%[base]!, {r4, r5, r6, r7}\n\t"
+        "ldm   %[base]!, {r4, r5, r6, r7}\n\t"
         "MVN	r12, #0x12\n\t"
         "SUBS	r8, r12, r4\n\t"
         "SBCS	r9, r3, r5\n\t"
@@ -1634,7 +1637,7 @@ void fe_cmov_table(fe* r, fe* base, signed char b)
         "AND	r6, r6, lr\n\t"
         "AND	r7, r7, lr\n\t"
         "STM	%[r]!, {r4, r5, r6, r7}\n\t"
-        "LDM	%[base]!, {r4, r5, r6, r7}\n\t"
+        "ldm   %[base]!, {r4, r5, r6, r7}\n\t"
         "MVN	r12, #0x80000000\n\t"
         "SBCS	r8, r3, r4\n\t"
         "SBCS	r9, r3, r5\n\t"
@@ -1660,14 +1663,15 @@ void fe_cmov_table(fe* r, fe* base, signed char b)
         "SUB	%[base], %[base], %[b]\n\t"
         : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
 #endif /* WC_NO_CACHE_RESISTANT */
 #endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 void fe_mul_op(void);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul_op()
@@ -2015,7 +2019,7 @@ void fe_mul_op()
         "LSL	r11, r11, #1\n\t"
         "ORR	r11, r11, r10, LSR #31\n\t"
         "MUL	r11, r11, r12\n\t"
-        "LDM	lr!, {r1, r2}\n\t"
+        "ldm   lr!, {r1, r2}\n\t"
         "MOV	r12, #0x26\n\t"
         "ADDS	r1, r1, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
@@ -2023,21 +2027,21 @@ void fe_mul_op()
         "ADDS	r2, r2, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r2, r11, r4, r12\n\t"
-        "LDM	lr!, {r3, r4}\n\t"
+        "ldm   lr!, {r3, r4}\n\t"
         "ADDS	r3, r3, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r3, r11, r5, r12\n\t"
         "ADDS	r4, r4, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r4, r11, r6, r12\n\t"
-        "LDM	lr!, {r5, r6}\n\t"
+        "ldm   lr!, {r5, r6}\n\t"
         "ADDS	r5, r5, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r5, r11, r7, r12\n\t"
         "ADDS	r6, r6, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r6, r11, r8, r12\n\t"
-        "LDM	lr!, {r7, r8}\n\t"
+        "ldm   lr!, {r7, r8}\n\t"
         "ADDS	r7, r7, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r7, r11, r9, r12\n\t"
@@ -2049,7 +2053,7 @@ void fe_mul_op()
         "ADD	sp, sp, #0x28\n\t"
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -2067,8 +2071,8 @@ void fe_mul_op()
         "SUB	sp, sp, #0x2c\n\t"
         "STRD	r0, r1, [sp, #36]\n\t"
         "MOV	lr, r2\n\t"
-        "LDM	r1, {r0, r1, r2, r3}\n\t"
-        "LDM	lr!, {r4, r5, r6}\n\t"
+        "ldm   r1, {r0, r1, r2, r3}\n\t"
+        "ldm   lr!, {r4, r5, r6}\n\t"
         "UMULL	r10, r11, r0, r4\n\t"
         "UMULL	r12, r7, r1, r4\n\t"
         "UMAAL	r11, r12, r0, r5\n\t"
@@ -2078,7 +2082,7 @@ void fe_mul_op()
         "UMAAL	r8, r9, r3, r4\n\t"
         "STM	sp, {r10, r11, r12}\n\t"
         "UMAAL	r7, r8, r2, r5\n\t"
-        "LDM	lr!, {r4}\n\t"
+        "ldm   lr!, {r4}\n\t"
         "UMULL	r10, r11, r1, r6\n\t"
         "UMAAL	r8, r9, r2, r6\n\t"
         "UMAAL	r7, r10, r0, r4\n\t"
@@ -2088,7 +2092,7 @@ void fe_mul_op()
         "UMAAL	r9, r11, r3, r6\n\t"
         "UMAAL	r9, r10, r2, r4\n\t"
         "UMAAL	r10, r11, r3, r4\n\t"
-        "LDM	lr, {r4, r5, r6, r7}\n\t"
+        "ldm   lr, {r4, r5, r6, r7}\n\t"
         "MOV	r12, #0x0\n\t"
         "UMLAL	r8, r12, r0, r4\n\t"
         "UMAAL	r9, r12, r1, r4\n\t"
@@ -2112,48 +2116,48 @@ void fe_mul_op()
         "UMAAL	r4, r6, r2, r7\n\t"
         "SUB	lr, lr, #0x10\n\t"
         "UMAAL	r5, r6, r3, r7\n\t"
-        "LDM	r0, {r0, r1, r2, r3}\n\t"
+        "ldm   r0, {r0, r1, r2, r3}\n\t"
         "STR	r6, [sp, #32]\n\t"
-        "LDM	lr!, {r6}\n\t"
+        "ldm   lr!, {r6}\n\t"
         "MOV	r7, #0x0\n\t"
         "UMLAL	r8, r7, r0, r6\n\t"
         "UMAAL	r9, r7, r1, r6\n\t"
         "STR	r8, [sp, #16]\n\t"
         "UMAAL	r10, r7, r2, r6\n\t"
         "UMAAL	r11, r7, r3, r6\n\t"
-        "LDM	lr!, {r6}\n\t"
+        "ldm   lr!, {r6}\n\t"
         "MOV	r8, #0x0\n\t"
         "UMLAL	r9, r8, r0, r6\n\t"
         "UMAAL	r10, r8, r1, r6\n\t"
         "STR	r9, [sp, #20]\n\t"
         "UMAAL	r11, r8, r2, r6\n\t"
         "UMAAL	r12, r8, r3, r6\n\t"
-        "LDM	lr!, {r6}\n\t"
+        "ldm   lr!, {r6}\n\t"
         "MOV	r9, #0x0\n\t"
         "UMLAL	r10, r9, r0, r6\n\t"
         "UMAAL	r11, r9, r1, r6\n\t"
         "STR	r10, [sp, #24]\n\t"
         "UMAAL	r12, r9, r2, r6\n\t"
         "UMAAL	r4, r9, r3, r6\n\t"
-        "LDM	lr!, {r6}\n\t"
+        "ldm   lr!, {r6}\n\t"
         "MOV	r10, #0x0\n\t"
         "UMLAL	r11, r10, r0, r6\n\t"
         "UMAAL	r12, r10, r1, r6\n\t"
         "STR	r11, [sp, #28]\n\t"
         "UMAAL	r4, r10, r2, r6\n\t"
         "UMAAL	r5, r10, r3, r6\n\t"
-        "LDM	lr!, {r11}\n\t"
+        "ldm   lr!, {r11}\n\t"
         "UMAAL	r12, r7, r0, r11\n\t"
         "UMAAL	r4, r7, r1, r11\n\t"
         "LDR	r6, [sp, #32]\n\t"
         "UMAAL	r5, r7, r2, r11\n\t"
         "UMAAL	r6, r7, r3, r11\n\t"
-        "LDM	lr!, {r11}\n\t"
+        "ldm   lr!, {r11}\n\t"
         "UMAAL	r4, r8, r0, r11\n\t"
         "UMAAL	r5, r8, r1, r11\n\t"
         "UMAAL	r6, r8, r2, r11\n\t"
         "UMAAL	r7, r8, r3, r11\n\t"
-        "LDM	lr, {r11, lr}\n\t"
+        "ldm   lr, {r11, lr}\n\t"
         "UMAAL	r5, r9, r0, r11\n\t"
         "UMAAL	r6, r10, r0, lr\n\t"
         "UMAAL	r6, r9, r1, r11\n\t"
@@ -2189,11 +2193,11 @@ void fe_mul_op()
         "ADD	sp, sp, #0x10\n\t"
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul(fe r_p, const fe a_p, const fe b_p)
 #else
@@ -2210,11 +2214,12 @@ void fe_mul(fe r, const fe a, const fe b)
         "BL	fe_mul_op\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 void fe_sq_op(void);
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq_op()
@@ -2375,7 +2380,7 @@ void fe_sq_op()
         "ADD	lr, sp, #0x20\n\t"
         "STM	lr, {r3, r4, r5, r6, r7, r8, r9}\n\t"
         "ADD	lr, sp, #0x4\n\t"
-        "LDM	lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
+        "ldm   lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
         "ADDS	r4, r4, r4\n\t"
         "ADCS	r5, r5, r5\n\t"
         "ADCS	r6, r6, r6\n\t"
@@ -2384,7 +2389,7 @@ void fe_sq_op()
         "ADCS	r9, r9, r9\n\t"
         "ADCS	r10, r10, r10\n\t"
         "STM	lr!, {r4, r5, r6, r7, r8, r9, r10}\n\t"
-        "LDM	lr, {r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   lr, {r3, r4, r5, r6, r7, r8, r9}\n\t"
         "ADCS	r3, r3, r3\n\t"
         "ADCS	r4, r4, r4\n\t"
         "ADCS	r5, r5, r5\n\t"
@@ -2395,7 +2400,7 @@ void fe_sq_op()
         "ADC	r10, r0, #0x0\n\t"
         "STM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
         "ADD	lr, sp, #0x4\n\t"
-        "LDM	lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
+        "ldm   lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
         "MOV	lr, sp\n\t"
         /* A[0] * A[0] */
         "LDR	r12, [r1]\n\t"
@@ -2420,7 +2425,7 @@ void fe_sq_op()
         "UMLAL	r9, r11, r12, r12\n\t"
         "ADDS	r10, r10, r11\n\t"
         "STM	lr!, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
-        "LDM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
+        "ldm   lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
         /* A[4] * A[4] */
         "LDR	r12, [r1, #16]\n\t"
         "ADCS	r3, r3, #0x0\n\t"
@@ -2455,7 +2460,7 @@ void fe_sq_op()
         "LSL	r11, r11, #1\n\t"
         "ORR	r11, r11, r10, LSR #31\n\t"
         "MUL	r11, r11, r12\n\t"
-        "LDM	lr!, {r1, r2}\n\t"
+        "ldm   lr!, {r1, r2}\n\t"
         "MOV	r12, #0x26\n\t"
         "ADDS	r1, r1, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
@@ -2463,21 +2468,21 @@ void fe_sq_op()
         "ADDS	r2, r2, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r2, r11, r4, r12\n\t"
-        "LDM	lr!, {r3, r4}\n\t"
+        "ldm   lr!, {r3, r4}\n\t"
         "ADDS	r3, r3, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r3, r11, r5, r12\n\t"
         "ADDS	r4, r4, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r4, r11, r6, r12\n\t"
-        "LDM	lr!, {r5, r6}\n\t"
+        "ldm   lr!, {r5, r6}\n\t"
         "ADDS	r5, r5, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r5, r11, r7, r12\n\t"
         "ADDS	r6, r6, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r6, r11, r8, r12\n\t"
-        "LDM	lr!, {r7, r8}\n\t"
+        "ldm   lr!, {r7, r8}\n\t"
         "ADDS	r7, r7, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r7, r11, r9, r12\n\t"
@@ -2489,7 +2494,7 @@ void fe_sq_op()
         "ADD	sp, sp, #0x44\n\t"
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -2506,7 +2511,7 @@ void fe_sq_op()
     __asm__ __volatile__ (
         "SUB	sp, sp, #0x20\n\t"
         "STR	r0, [sp, #28]\n\t"
-        "LDM	r1, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm   r1, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         /* Square */
         "UMULL	r9, r10, r0, r0\n\t"
         "UMULL	r11, r12, r0, r1\n\t"
@@ -2615,11 +2620,11 @@ void fe_sq_op()
         "STM	lr, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         :
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq(fe r_p, const fe a_p)
 #else
@@ -2635,12 +2640,13 @@ void fe_sq(fe r, const fe a)
         "BL	fe_sq_op\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
 #ifdef HAVE_CURVE25519
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_mul121666(fe r_p, fe a_p)
 #else
@@ -2654,7 +2660,7 @@ void fe_mul121666(fe r, fe a)
 
     __asm__ __volatile__ (
         /* Multiply by 121666 */
-        "LDM	%[a], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   %[a], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "MOV	r12, #0xdb42\n\t"
         "MOVT	r12, #0x1\n\t"
         "UMULL	r2, r10, r2, r12\n\t"
@@ -2695,7 +2701,8 @@ void fe_mul121666(fe r, fe a)
         "STM	%[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12"
     );
 }
 
@@ -2713,7 +2720,7 @@ void fe_mul121666(fe r, fe a)
 
     __asm__ __volatile__ (
         /* Multiply by 121666 */
-        "LDM	%[a], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   %[a], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "MOV	r11, #0xdb42\n\t"
         "MOVT	r11, #0x1\n\t"
         "UMULL	r2, r12, r2, r11\n\t"
@@ -2741,11 +2748,12 @@ void fe_mul121666(fe r, fe a)
         "STM	%[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12"
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WC_NO_CACHE_RESISTANT
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 int curve25519(byte* r_p, const byte* n_p, const byte* a_p)
@@ -2782,7 +2790,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "STM	r3, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "ADD	r3, sp, #0x40\n\t"
         /* Copy */
-        "LDM	r2, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
+        "ldm   r2, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	r3, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "MOV	%[n], #0x1e\n\t"
         "STR	%[n], [sp, #180]\n\t"
@@ -2814,8 +2822,8 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "RSB	%[n], %[n], #0x0\n\t"
         "MOV	r3, r0\n\t"
         "ADD	r12, sp, #0x40\n\t"
-        "LDM	r3, {r4, r5}\n\t"
-        "LDM	r12, {r6, r7}\n\t"
+        "ldm   r3, {r4, r5}\n\t"
+        "ldm   r12, {r6, r7}\n\t"
         "EOR	r8, r4, r6\n\t"
         "EOR	r9, r5, r7\n\t"
         "AND	r8, r8, %[n]\n\t"
@@ -2826,8 +2834,8 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "EOR	r7, r7, r9\n\t"
         "STM	r3!, {r4, r5}\n\t"
         "STM	r12!, {r6, r7}\n\t"
-        "LDM	r3, {r4, r5}\n\t"
-        "LDM	r12, {r6, r7}\n\t"
+        "ldm   r3, {r4, r5}\n\t"
+        "ldm   r12, {r6, r7}\n\t"
         "EOR	r8, r4, r6\n\t"
         "EOR	r9, r5, r7\n\t"
         "AND	r8, r8, %[n]\n\t"
@@ -2838,8 +2846,8 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "EOR	r7, r7, r9\n\t"
         "STM	r3!, {r4, r5}\n\t"
         "STM	r12!, {r6, r7}\n\t"
-        "LDM	r3, {r4, r5}\n\t"
-        "LDM	r12, {r6, r7}\n\t"
+        "ldm   r3, {r4, r5}\n\t"
+        "ldm   r12, {r6, r7}\n\t"
         "EOR	r8, r4, r6\n\t"
         "EOR	r9, r5, r7\n\t"
         "AND	r8, r8, %[n]\n\t"
@@ -2850,8 +2858,8 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "EOR	r7, r7, r9\n\t"
         "STM	r3!, {r4, r5}\n\t"
         "STM	r12!, {r6, r7}\n\t"
-        "LDM	r3, {r4, r5}\n\t"
-        "LDM	r12, {r6, r7}\n\t"
+        "ldm   r3, {r4, r5}\n\t"
+        "ldm   r12, {r6, r7}\n\t"
         "EOR	r8, r4, r6\n\t"
         "EOR	r9, r5, r7\n\t"
         "AND	r8, r8, %[n]\n\t"
@@ -2867,8 +2875,8 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "RSB	%[n], %[n], #0x0\n\t"
         "MOV	r3, sp\n\t"
         "ADD	r12, sp, #0x20\n\t"
-        "LDM	r3, {r4, r5}\n\t"
-        "LDM	r12, {r6, r7}\n\t"
+        "ldm   r3, {r4, r5}\n\t"
+        "ldm   r12, {r6, r7}\n\t"
         "EOR	r8, r4, r6\n\t"
         "EOR	r9, r5, r7\n\t"
         "AND	r8, r8, %[n]\n\t"
@@ -2879,8 +2887,8 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "EOR	r7, r7, r9\n\t"
         "STM	r3!, {r4, r5}\n\t"
         "STM	r12!, {r6, r7}\n\t"
-        "LDM	r3, {r4, r5}\n\t"
-        "LDM	r12, {r6, r7}\n\t"
+        "ldm   r3, {r4, r5}\n\t"
+        "ldm   r12, {r6, r7}\n\t"
         "EOR	r8, r4, r6\n\t"
         "EOR	r9, r5, r7\n\t"
         "AND	r8, r8, %[n]\n\t"
@@ -2891,8 +2899,8 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "EOR	r7, r7, r9\n\t"
         "STM	r3!, {r4, r5}\n\t"
         "STM	r12!, {r6, r7}\n\t"
-        "LDM	r3, {r4, r5}\n\t"
-        "LDM	r12, {r6, r7}\n\t"
+        "ldm   r3, {r4, r5}\n\t"
+        "ldm   r12, {r6, r7}\n\t"
         "EOR	r8, r4, r6\n\t"
         "EOR	r9, r5, r7\n\t"
         "AND	r8, r8, %[n]\n\t"
@@ -2903,8 +2911,8 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "EOR	r7, r7, r9\n\t"
         "STM	r3!, {r4, r5}\n\t"
         "STM	r12!, {r6, r7}\n\t"
-        "LDM	r3, {r4, r5}\n\t"
-        "LDM	r12, {r6, r7}\n\t"
+        "ldm   r3, {r4, r5}\n\t"
+        "ldm   r12, {r6, r7}\n\t"
         "EOR	r8, r4, r6\n\t"
         "EOR	r9, r5, r7\n\t"
         "AND	r8, r8, %[n]\n\t"
@@ -3237,9 +3245,10 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "ADD	sp, sp, #0xbc\n\t"
         : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -3283,7 +3292,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "STM	r3, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "ADD	r3, sp, #0x40\n\t"
         /* Copy */
-        "LDM	r2, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
+        "ldm   r2, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	r3, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "MOV	%[a], #0xfe\n\t"
         "\n"
@@ -3305,7 +3314,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "STR	%[a], [sp, #164]\n\t"
         /* Conditional Swap */
         "ADD	r11, sp, #0xb0\n\t"
-        "LDM	r11, {r4, r5, r6, r7}\n\t"
+        "ldm   r11, {r4, r5, r6, r7}\n\t"
         "EOR	r8, r4, r5\n\t"
         "EOR	r9, r6, r7\n\t"
         "AND	r8, r8, %[n]\n\t"
@@ -3383,10 +3392,10 @@ int curve25519(byte* r, const byte* n, const byte* a)
 #else
         "BGE.N	L_curve25519_bits_%=\n\t"
 #endif
-        /*   Cycle Count: 171 */
+        /*   Cycle Count: 166 */
         "LDR	%[n], [sp, #184]\n\t"
         /* Copy */
-        "LDM	r1, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
+        "ldm   r1, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "STM	sp, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         /* Invert */
         "ADD	r1, sp, #0x0\n\t"
@@ -3626,7 +3635,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "BL	fe_mul_op\n\t"
         /* Ensure result is less than modulus */
         "LDR	%[r], [sp, #176]\n\t"
-        "LDM	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
+        "ldm   %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "MOV	%[a], #0x13\n\t"
         "AND	%[a], %[a], r11, ASR #31\n\t"
         "ADDS	r4, r4, %[a]\n\t"
@@ -3643,9 +3652,10 @@ int curve25519(byte* r, const byte* n, const byte* a)
         "ADD	sp, sp, #0xc0\n\t"
         : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WC_NO_CACHE_RESISTANT */
@@ -3903,11 +3913,12 @@ void fe_invert(fe r, const fe a)
         "ADD	sp, sp, #0x88\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_sq2(fe r_p, const fe a_p)
 #else
@@ -4070,7 +4081,7 @@ void fe_sq2(fe r, const fe a)
         "ADD	lr, sp, #0x20\n\t"
         "STM	lr, {r3, r4, r5, r6, r7, r8, r9}\n\t"
         "ADD	lr, sp, #0x4\n\t"
-        "LDM	lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
+        "ldm   lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
         "ADDS	r4, r4, r4\n\t"
         "ADCS	r5, r5, r5\n\t"
         "ADCS	r6, r6, r6\n\t"
@@ -4079,7 +4090,7 @@ void fe_sq2(fe r, const fe a)
         "ADCS	r9, r9, r9\n\t"
         "ADCS	r10, r10, r10\n\t"
         "STM	lr!, {r4, r5, r6, r7, r8, r9, r10}\n\t"
-        "LDM	lr, {r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   lr, {r3, r4, r5, r6, r7, r8, r9}\n\t"
         "ADCS	r3, r3, r3\n\t"
         "ADCS	r4, r4, r4\n\t"
         "ADCS	r5, r5, r5\n\t"
@@ -4090,7 +4101,7 @@ void fe_sq2(fe r, const fe a)
         "ADC	r10, r0, #0x0\n\t"
         "STM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
         "ADD	lr, sp, #0x4\n\t"
-        "LDM	lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
+        "ldm   lr, {r4, r5, r6, r7, r8, r9, r10}\n\t"
         "MOV	lr, sp\n\t"
         /* A[0] * A[0] */
         "LDR	r12, [r1]\n\t"
@@ -4115,7 +4126,7 @@ void fe_sq2(fe r, const fe a)
         "UMLAL	r9, r11, r12, r12\n\t"
         "ADDS	r10, r10, r11\n\t"
         "STM	lr!, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
-        "LDM	lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
+        "ldm   lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t"
         /* A[4] * A[4] */
         "LDR	r12, [r1, #16]\n\t"
         "ADCS	r3, r3, #0x0\n\t"
@@ -4150,7 +4161,7 @@ void fe_sq2(fe r, const fe a)
         "LSL	r11, r11, #1\n\t"
         "ORR	r11, r11, r10, LSR #31\n\t"
         "MUL	r11, r11, r12\n\t"
-        "LDM	lr!, {r1, r2}\n\t"
+        "ldm   lr!, {r1, r2}\n\t"
         "MOV	r12, #0x26\n\t"
         "ADDS	r1, r1, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
@@ -4158,21 +4169,21 @@ void fe_sq2(fe r, const fe a)
         "ADDS	r2, r2, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r2, r11, r4, r12\n\t"
-        "LDM	lr!, {r3, r4}\n\t"
+        "ldm   lr!, {r3, r4}\n\t"
         "ADDS	r3, r3, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r3, r11, r5, r12\n\t"
         "ADDS	r4, r4, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r4, r11, r6, r12\n\t"
-        "LDM	lr!, {r5, r6}\n\t"
+        "ldm   lr!, {r5, r6}\n\t"
         "ADDS	r5, r5, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r5, r11, r7, r12\n\t"
         "ADDS	r6, r6, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r6, r11, r8, r12\n\t"
-        "LDM	lr!, {r7, r8}\n\t"
+        "ldm   lr!, {r7, r8}\n\t"
         "ADDS	r7, r7, r11\n\t"
         "ADC	r11, r0, #0x0\n\t"
         "UMLAL	r7, r11, r9, r12\n\t"
@@ -4217,7 +4228,7 @@ void fe_sq2(fe r, const fe a)
         "ADD	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
@@ -4236,7 +4247,7 @@ void fe_sq2(fe r, const fe a)
     __asm__ __volatile__ (
         "SUB	sp, sp, #0x24\n\t"
         "STRD	r0, r1, [sp, #28]\n\t"
-        "LDM	r1, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm   r1, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         /* Square * 2 */
         "UMULL	r9, r10, r0, r0\n\t"
         "UMULL	r11, r12, r0, r1\n\t"
@@ -4380,11 +4391,11 @@ void fe_sq2(fe r, const fe a)
         "MOV	r1, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "cc"
+        : "memory", "cc", "lr"
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void fe_pow22523(fe r_p, const fe a_p)
 #else
@@ -4637,7 +4648,8 @@ void fe_pow22523(fe r, const fe a)
         "ADD	sp, sp, #0x68\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8",
+            "r9", "r10", "r11"
     );
 }
 
@@ -4673,7 +4685,8 @@ void ge_p1p1_to_p2(ge_p2 * r, const ge_p1p1 * p)
         "ADD	sp, sp, #0x8\n\t"
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "lr", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "lr", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12"
     );
 }
 
@@ -4714,7 +4727,8 @@ void ge_p1p1_to_p3(ge_p3 * r, const ge_p1p1 * p)
         "ADD	sp, sp, #0x8\n\t"
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "lr", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "lr", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12"
     );
 }
 
@@ -4767,7 +4781,8 @@ void ge_p2_dbl(ge_p1p1 * r, const ge_p2 * p)
         "ADD	sp, sp, #0x8\n\t"
         : [r] "+r" (r), [p] "+r" (p)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -4823,7 +4838,7 @@ void ge_madd(ge_p1p1 * r, const ge_p3 * p, const ge_precomp * q)
         "ADD	r1, r1, #0x40\n\t"
         "ADD	r0, r0, #0x20\n\t"
         /* Double */
-        "LDM	r1, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
+        "ldm   r1, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "ADDS	r4, r4, r4\n\t"
         "ADCS	r5, r5, r5\n\t"
         "ADCS	r6, r6, r6\n\t"
@@ -4855,7 +4870,8 @@ void ge_madd(ge_p1p1 * r, const ge_p3 * p, const ge_precomp * q)
         "ADD	sp, sp, #0xc\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -4911,7 +4927,7 @@ void ge_msub(ge_p1p1 * r, const ge_p3 * p, const ge_precomp * q)
         "ADD	r1, r1, #0x40\n\t"
         "ADD	r0, r0, #0x20\n\t"
         /* Double */
-        "LDM	r1, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
+        "ldm   r1, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "ADDS	r4, r4, r4\n\t"
         "ADCS	r5, r5, r5\n\t"
         "ADCS	r6, r6, r6\n\t"
@@ -4944,7 +4960,8 @@ void ge_msub(ge_p1p1 * r, const ge_p3 * p, const ge_precomp * q)
         "ADD	sp, sp, #0xc\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -4995,7 +5012,7 @@ void ge_add(ge_p1p1 * r, const ge_p3 * p, const ge_cached* q)
         "LDR	r1, [sp]\n\t"
         "ADD	r0, sp, #0xc\n\t"
         /* Double */
-        "LDM	r1, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
+        "ldm   r1, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "ADDS	r4, r4, r4\n\t"
         "ADCS	r5, r5, r5\n\t"
         "ADCS	r6, r6, r6\n\t"
@@ -5033,7 +5050,8 @@ void ge_add(ge_p1p1 * r, const ge_p3 * p, const ge_cached* q)
         "ADD	sp, sp, #0x2c\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5084,7 +5102,7 @@ void ge_sub(ge_p1p1 * r, const ge_p3 * p, const ge_cached* q)
         "LDR	r1, [sp]\n\t"
         "ADD	r0, sp, #0xc\n\t"
         /* Double */
-        "LDM	r1, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
+        "ldm   r1, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         "ADDS	r4, r4, r4\n\t"
         "ADCS	r5, r5, r5\n\t"
         "ADCS	r6, r6, r6\n\t"
@@ -5122,11 +5140,12 @@ void ge_sub(ge_p1p1 * r, const ge_p3 * p, const ge_cached* q)
         "ADD	sp, sp, #0x2c\n\t"
         : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void sc_reduce(byte* s_p)
 #else
@@ -5142,7 +5161,7 @@ void sc_reduce(byte* s)
         "STR	%[s], [sp, #52]\n\t"
         /* Load bits 252-511 */
         "ADD	%[s], %[s], #0x1c\n\t"
-        "LDM	%[s], {r1, r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r1, r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "LSR	lr, r9, #24\n\t"
         "LSL	r9, r9, #4\n\t"
         "ORR	r9, r9, r8, LSR #28\n\t"
@@ -5198,14 +5217,14 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x2c13\n\t"
         "MOVT	r1, #0xa30a\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "UMLAL	r10, lr, r2, r1\n\t"
         "ADDS	r11, r11, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r3, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -5215,7 +5234,7 @@ void sc_reduce(byte* s)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r5, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -5225,7 +5244,7 @@ void sc_reduce(byte* s)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r7, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -5241,14 +5260,14 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x9ce5\n\t"
         "MOVT	r1, #0xa7ed\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMLAL	r10, lr, r2, r1\n\t"
         "ADDS	r11, r11, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r3, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -5258,7 +5277,7 @@ void sc_reduce(byte* s)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r5, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -5268,7 +5287,7 @@ void sc_reduce(byte* s)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r7, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -5282,14 +5301,14 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x6329\n\t"
         "MOVT	r1, #0x5d08\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMLAL	r10, lr, r2, r1\n\t"
         "ADDS	r11, r11, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r3, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -5299,7 +5318,7 @@ void sc_reduce(byte* s)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r5, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -5309,7 +5328,7 @@ void sc_reduce(byte* s)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r7, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -5323,14 +5342,14 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x621\n\t"
         "MOVT	r1, #0xeb21\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMLAL	r10, lr, r2, r1\n\t"
         "ADDS	r11, r11, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r3, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -5340,7 +5359,7 @@ void sc_reduce(byte* s)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r5, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -5350,7 +5369,7 @@ void sc_reduce(byte* s)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r7, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -5362,19 +5381,19 @@ void sc_reduce(byte* s)
         "STM	r12!, {r10, r11, lr}\n\t"
         "SUB	r12, r12, #0x20\n\t"
         /* Subtract at 4 * 32 */
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SUBS	r10, r10, r2\n\t"
         "SBCS	r11, r11, r3\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SBCS	r10, r10, r4\n\t"
         "SBCS	r11, r11, r5\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SBCS	r10, r10, r6\n\t"
         "SBCS	r11, r11, r7\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SBCS	r10, r10, r8\n\t"
         "SBC	r11, r11, r9\n\t"
         "STM	r12!, {r10, r11}\n\t"
@@ -5397,30 +5416,30 @@ void sc_reduce(byte* s)
         "AND	r4, r4, lr\n\t"
         "AND	r5, r5, lr\n\t"
         "AND	r9, r9, lr\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, r1\n\t"
         "ADCS	r11, r11, r2\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADCS	r10, r10, r3\n\t"
         "ADCS	r11, r11, r4\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADCS	r10, r10, r5\n\t"
         "ADCS	r11, r11, #0x0\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADCS	r10, r10, #0x0\n\t"
         "ADCS	r11, r11, #0x0\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10}\n\t"
+        "ldm   r12, {r10}\n\t"
         "ADCS	r10, r10, #0x0\n\t"
         "STM	r12!, {r10}\n\t"
         "SUB	%[s], %[s], #0x10\n\t"
         "MOV	r12, sp\n\t"
         /* Load bits 252-376 */
         "ADD	r12, r12, #0x1c\n\t"
-        "LDM	r12, {r1, r2, r3, r4, r5}\n\t"
+        "ldm   r12, {r1, r2, r3, r4, r5}\n\t"
         "LSL	r5, r5, #4\n\t"
         "ORR	r5, r5, r4, LSR #28\n\t"
         "LSL	r4, r4, #4\n\t"
@@ -5437,7 +5456,7 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x2c13\n\t"
         "MOVT	r1, #0xa30a\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, lr, r2, r1\n\t"
         "ADDS	r7, r7, lr\n\t"
         "MOV	lr, #0x0\n\t"
@@ -5457,7 +5476,7 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x9ce5\n\t"
         "MOVT	r1, #0xa7ed\n\t"
         "MOV	r10, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, r10, r2, r1\n\t"
         "ADDS	r7, r7, r10\n\t"
         "MOV	r10, #0x0\n\t"
@@ -5477,7 +5496,7 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x6329\n\t"
         "MOVT	r1, #0x5d08\n\t"
         "MOV	r11, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, r11, r2, r1\n\t"
         "ADDS	r7, r7, r11\n\t"
         "MOV	r11, #0x0\n\t"
@@ -5497,7 +5516,7 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x621\n\t"
         "MOVT	r1, #0xeb21\n\t"
         "MOV	r12, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, r12, r2, r1\n\t"
         "ADDS	r7, r7, r12\n\t"
         "MOV	r12, #0x0\n\t"
@@ -5514,7 +5533,7 @@ void sc_reduce(byte* s)
         "STM	%[s], {r6, r7, r8, r9}\n\t"
         "ADD	%[s], %[s], #0x4\n\t"
         /* Add overflows at 4 * 32 */
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "BFC	r9, #28, #4\n\t"
         "ADDS	r6, r6, lr\n\t"
         "ADCS	r7, r7, r10\n\t"
@@ -5527,7 +5546,7 @@ void sc_reduce(byte* s)
         "SBCS	r9, r9, r5\n\t"
         "SBC	r1, r1, r1\n\t"
         "SUB	%[s], %[s], #0x10\n\t"
-        "LDM	%[s], {r2, r3, r4, r5}\n\t"
+        "ldm   %[s], {r2, r3, r4, r5}\n\t"
         "MOV	r10, #0xd3ed\n\t"
         "MOVT	r10, #0x5cf5\n\t"
         "MOV	r11, #0x631a\n\t"
@@ -5556,7 +5575,8 @@ void sc_reduce(byte* s)
         "ADD	sp, sp, #0x38\n\t"
         : [s] "+r" (s)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
 }
 
@@ -5576,7 +5596,7 @@ void sc_reduce(byte* s)
         "STR	%[s], [sp, #52]\n\t"
         /* Load bits 252-511 */
         "ADD	%[s], %[s], #0x1c\n\t"
-        "LDM	%[s], {r1, r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r1, r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "LSR	lr, r9, #24\n\t"
         "LSL	r9, r9, #4\n\t"
         "ORR	r9, r9, r8, LSR #28\n\t"
@@ -5623,19 +5643,19 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x2c13\n\t"
         "MOVT	r1, #0xa30a\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "UMLAL	r10, lr, r2, r1\n\t"
         "UMAAL	r11, lr, r3, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "UMAAL	r10, lr, r4, r1\n\t"
         "UMAAL	r11, lr, r5, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "UMAAL	r10, lr, r6, r1\n\t"
         "UMAAL	r11, lr, r7, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "UMAAL	r10, lr, r8, r1\n\t"
         "BFC	r11, #28, #4\n\t"
         "UMAAL	r11, lr, r9, r1\n\t"
@@ -5645,19 +5665,19 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x9ce5\n\t"
         "MOVT	r1, #0xa7ed\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMLAL	r10, lr, r2, r1\n\t"
         "UMAAL	r11, lr, r3, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r4, r1\n\t"
         "UMAAL	r11, lr, r5, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r6, r1\n\t"
         "UMAAL	r11, lr, r7, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r8, r1\n\t"
         "UMAAL	r11, lr, r9, r1\n\t"
         "STM	r12!, {r10, r11, lr}\n\t"
@@ -5665,19 +5685,19 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x6329\n\t"
         "MOVT	r1, #0x5d08\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMLAL	r10, lr, r2, r1\n\t"
         "UMAAL	r11, lr, r3, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r4, r1\n\t"
         "UMAAL	r11, lr, r5, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r6, r1\n\t"
         "UMAAL	r11, lr, r7, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r8, r1\n\t"
         "UMAAL	r11, lr, r9, r1\n\t"
         "STM	r12!, {r10, r11, lr}\n\t"
@@ -5685,37 +5705,37 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x621\n\t"
         "MOVT	r1, #0xeb21\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMLAL	r10, lr, r2, r1\n\t"
         "UMAAL	r11, lr, r3, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r4, r1\n\t"
         "UMAAL	r11, lr, r5, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r6, r1\n\t"
         "UMAAL	r11, lr, r7, r1\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r8, r1\n\t"
         "UMAAL	r11, lr, r9, r1\n\t"
         "STM	r12!, {r10, r11, lr}\n\t"
         "SUB	r12, r12, #0x20\n\t"
         /* Subtract at 4 * 32 */
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SUBS	r10, r10, r2\n\t"
         "SBCS	r11, r11, r3\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SBCS	r10, r10, r4\n\t"
         "SBCS	r11, r11, r5\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SBCS	r10, r10, r6\n\t"
         "SBCS	r11, r11, r7\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SBCS	r10, r10, r8\n\t"
         "SBC	r11, r11, r9\n\t"
         "STM	r12!, {r10, r11}\n\t"
@@ -5738,30 +5758,30 @@ void sc_reduce(byte* s)
         "AND	r4, r4, lr\n\t"
         "AND	r5, r5, lr\n\t"
         "AND	r9, r9, lr\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, r1\n\t"
         "ADCS	r11, r11, r2\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADCS	r10, r10, r3\n\t"
         "ADCS	r11, r11, r4\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADCS	r10, r10, r5\n\t"
         "ADCS	r11, r11, #0x0\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADCS	r10, r10, #0x0\n\t"
         "ADCS	r11, r11, #0x0\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10}\n\t"
+        "ldm   r12, {r10}\n\t"
         "ADCS	r10, r10, #0x0\n\t"
         "STM	r12!, {r10}\n\t"
         "SUB	%[s], %[s], #0x10\n\t"
         "MOV	r12, sp\n\t"
         /* Load bits 252-376 */
         "ADD	r12, r12, #0x1c\n\t"
-        "LDM	r12, {r1, r2, r3, r4, r5}\n\t"
+        "ldm   r12, {r1, r2, r3, r4, r5}\n\t"
         "LSL	r5, r5, #4\n\t"
         "ORR	r5, r5, r4, LSR #28\n\t"
         "LSL	r4, r4, #4\n\t"
@@ -5778,7 +5798,7 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x2c13\n\t"
         "MOVT	r1, #0xa30a\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, lr, r2, r1\n\t"
         "UMAAL	r7, lr, r3, r1\n\t"
         "UMAAL	r8, lr, r4, r1\n\t"
@@ -5789,7 +5809,7 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x9ce5\n\t"
         "MOVT	r1, #0xa7ed\n\t"
         "MOV	r10, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, r10, r2, r1\n\t"
         "UMAAL	r7, r10, r3, r1\n\t"
         "UMAAL	r8, r10, r4, r1\n\t"
@@ -5800,7 +5820,7 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x6329\n\t"
         "MOVT	r1, #0x5d08\n\t"
         "MOV	r11, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, r11, r2, r1\n\t"
         "UMAAL	r7, r11, r3, r1\n\t"
         "UMAAL	r8, r11, r4, r1\n\t"
@@ -5811,7 +5831,7 @@ void sc_reduce(byte* s)
         "MOV	r1, #0x621\n\t"
         "MOVT	r1, #0xeb21\n\t"
         "MOV	r12, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, r12, r2, r1\n\t"
         "UMAAL	r7, r12, r3, r1\n\t"
         "UMAAL	r8, r12, r4, r1\n\t"
@@ -5819,7 +5839,7 @@ void sc_reduce(byte* s)
         "STM	%[s], {r6, r7, r8, r9}\n\t"
         "ADD	%[s], %[s], #0x4\n\t"
         /* Add overflows at 4 * 32 */
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "BFC	r9, #28, #4\n\t"
         "ADDS	r6, r6, lr\n\t"
         "ADCS	r7, r7, r10\n\t"
@@ -5832,7 +5852,7 @@ void sc_reduce(byte* s)
         "SBCS	r9, r9, r5\n\t"
         "SBC	r1, r1, r1\n\t"
         "SUB	%[s], %[s], #0x10\n\t"
-        "LDM	%[s], {r2, r3, r4, r5}\n\t"
+        "ldm   %[s], {r2, r3, r4, r5}\n\t"
         "MOV	r10, #0xd3ed\n\t"
         "MOVT	r10, #0x5cf5\n\t"
         "MOV	r11, #0x631a\n\t"
@@ -5861,13 +5881,14 @@ void sc_reduce(byte* s)
         "ADD	sp, sp, #0x38\n\t"
         : [s] "+r" (s)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #ifdef HAVE_ED25519_SIGN
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
 void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p)
 #else
@@ -6214,20 +6235,20 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[s], sp\n\t"
         /* Add c to a * b */
         "LDR	lr, [sp, #76]\n\t"
-        "LDM	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "LDM	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm   %[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   lr!, {r1, r10, r11, r12}\n\t"
         "ADDS	%[b], %[b], %[a]\n\t"
         "ADCS	%[c], %[c], r10\n\t"
         "ADCS	r4, r4, r11\n\t"
         "ADCS	r5, r5, r12\n\t"
-        "LDM	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm   lr!, {r1, r10, r11, r12}\n\t"
         "ADCS	r6, r6, %[a]\n\t"
         "ADCS	r7, r7, r10\n\t"
         "ADCS	r8, r8, r11\n\t"
         "ADCS	r9, r9, r12\n\t"
         "MOV	%[a], r9\n\t"
         "STM	%[s]!, {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "LDM	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "ADCS	%[b], %[b], #0x0\n\t"
         "ADCS	%[c], %[c], #0x0\n\t"
         "ADCS	r4, r4, #0x0\n\t"
@@ -6292,14 +6313,14 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x2c13\n\t"
         "MOVT	%[a], #0xa30a\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "UMLAL	r10, lr, %[b], %[a]\n\t"
         "ADDS	r11, r11, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, %[c], %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -6309,7 +6330,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r5, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -6319,7 +6340,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r7, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -6335,14 +6356,14 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x9ce5\n\t"
         "MOVT	%[a], #0xa7ed\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMLAL	r10, lr, %[b], %[a]\n\t"
         "ADDS	r11, r11, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, %[c], %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -6352,7 +6373,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r5, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -6362,7 +6383,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r7, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -6376,14 +6397,14 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x6329\n\t"
         "MOVT	%[a], #0x5d08\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMLAL	r10, lr, %[b], %[a]\n\t"
         "ADDS	r11, r11, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, %[c], %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -6393,7 +6414,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r5, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -6403,7 +6424,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r7, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -6417,14 +6438,14 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x621\n\t"
         "MOVT	%[a], #0xeb21\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMLAL	r10, lr, %[b], %[a]\n\t"
         "ADDS	r11, r11, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, %[c], %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -6434,7 +6455,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r5, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -6444,7 +6465,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "ADC	lr, lr, #0x0\n\t"
         "UMLAL	r11, lr, r7, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, lr\n\t"
         "MOV	lr, #0x0\n\t"
         "ADC	lr, lr, #0x0\n\t"
@@ -6456,19 +6477,19 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "STM	r12!, {r10, r11, lr}\n\t"
         "SUB	r12, r12, #0x20\n\t"
         /* Subtract at 4 * 32 */
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SUBS	r10, r10, %[b]\n\t"
         "SBCS	r11, r11, %[c]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SBCS	r10, r10, r4\n\t"
         "SBCS	r11, r11, r5\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SBCS	r10, r10, r6\n\t"
         "SBCS	r11, r11, r7\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SBCS	r10, r10, r8\n\t"
         "SBC	r11, r11, r9\n\t"
         "STM	r12!, {r10, r11}\n\t"
@@ -6491,30 +6512,30 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "AND	r4, r4, lr\n\t"
         "AND	r5, r5, lr\n\t"
         "AND	r9, r9, lr\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, %[a]\n\t"
         "ADCS	r11, r11, %[b]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADCS	r10, r10, %[c]\n\t"
         "ADCS	r11, r11, r4\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADCS	r10, r10, r5\n\t"
         "ADCS	r11, r11, #0x0\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADCS	r10, r10, #0x0\n\t"
         "ADCS	r11, r11, #0x0\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10}\n\t"
+        "ldm   r12, {r10}\n\t"
         "ADCS	r10, r10, #0x0\n\t"
         "STM	r12!, {r10}\n\t"
         "SUB	%[s], %[s], #0x10\n\t"
         "MOV	r12, sp\n\t"
         /* Load bits 252-376 */
         "ADD	r12, r12, #0x1c\n\t"
-        "LDM	r12, {%[a], %[b], %[c], r4, r5}\n\t"
+        "ldm   r12, {r1, r2, r3, r4, r5}\n\t"
         "LSL	r5, r5, #4\n\t"
         "ORR	r5, r5, r4, LSR #28\n\t"
         "LSL	r4, r4, #4\n\t"
@@ -6531,7 +6552,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x2c13\n\t"
         "MOVT	%[a], #0xa30a\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, lr, %[b], %[a]\n\t"
         "ADDS	r7, r7, lr\n\t"
         "MOV	lr, #0x0\n\t"
@@ -6551,7 +6572,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x9ce5\n\t"
         "MOVT	%[a], #0xa7ed\n\t"
         "MOV	r10, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, r10, %[b], %[a]\n\t"
         "ADDS	r7, r7, r10\n\t"
         "MOV	r10, #0x0\n\t"
@@ -6571,7 +6592,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x6329\n\t"
         "MOVT	%[a], #0x5d08\n\t"
         "MOV	r11, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, r11, %[b], %[a]\n\t"
         "ADDS	r7, r7, r11\n\t"
         "MOV	r11, #0x0\n\t"
@@ -6591,7 +6612,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x621\n\t"
         "MOVT	%[a], #0xeb21\n\t"
         "MOV	r12, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, r12, %[b], %[a]\n\t"
         "ADDS	r7, r7, r12\n\t"
         "MOV	r12, #0x0\n\t"
@@ -6608,7 +6629,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "STM	%[s], {r6, r7, r8, r9}\n\t"
         "ADD	%[s], %[s], #0x4\n\t"
         /* Add overflows at 4 * 32 */
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "BFC	r9, #28, #4\n\t"
         "ADDS	r6, r6, lr\n\t"
         "ADCS	r7, r7, r10\n\t"
@@ -6621,7 +6642,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "SBCS	r9, r9, r5\n\t"
         "SBC	%[a], %[a], %[a]\n\t"
         "SUB	%[s], %[s], #0x10\n\t"
-        "LDM	%[s], {%[b], %[c], r4, r5}\n\t"
+        "ldm   %[s], {r2, r3, r4, r5}\n\t"
         "MOV	r10, #0xd3ed\n\t"
         "MOVT	r10, #0x5cf5\n\t"
         "MOV	r11, #0x631a\n\t"
@@ -6657,7 +6678,8 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "ADD	sp, sp, #0x50\n\t"
         : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12", "lr"
     );
 }
 
@@ -6680,8 +6702,8 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "ADD	lr, sp, #0x44\n\t"
         "STM	lr, {%[s], %[a], %[c]}\n\t"
         "MOV	lr, %[b]\n\t"
-        "LDM	%[a], {%[s], %[a], %[b], %[c]}\n\t"
-        "LDM	lr!, {r4, r5, r6}\n\t"
+        "ldm   %[a], {r0, r1, r2, r3}\n\t"
+        "ldm   lr!, {r4, r5, r6}\n\t"
         "UMULL	r10, r11, %[s], r4\n\t"
         "UMULL	r12, r7, %[a], r4\n\t"
         "UMAAL	r11, r12, %[s], r5\n\t"
@@ -6691,7 +6713,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "UMAAL	r8, r9, %[c], r4\n\t"
         "STM	sp, {r10, r11, r12}\n\t"
         "UMAAL	r7, r8, %[b], r5\n\t"
-        "LDM	lr!, {r4}\n\t"
+        "ldm   lr!, {r4}\n\t"
         "UMULL	r10, r11, %[a], r6\n\t"
         "UMAAL	r8, r9, %[b], r6\n\t"
         "UMAAL	r7, r10, %[s], r4\n\t"
@@ -6701,7 +6723,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "UMAAL	r9, r11, %[c], r6\n\t"
         "UMAAL	r9, r10, %[b], r4\n\t"
         "UMAAL	r10, r11, %[c], r4\n\t"
-        "LDM	lr, {r4, r5, r6, r7}\n\t"
+        "ldm   lr, {r4, r5, r6, r7}\n\t"
         "MOV	r12, #0x0\n\t"
         "UMLAL	r8, r12, %[s], r4\n\t"
         "UMAAL	r9, r12, %[a], r4\n\t"
@@ -6725,48 +6747,48 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "UMAAL	r4, r6, %[b], r7\n\t"
         "SUB	lr, lr, #0x10\n\t"
         "UMAAL	r5, r6, %[c], r7\n\t"
-        "LDM	%[s], {%[s], %[a], %[b], %[c]}\n\t"
+        "ldm   %[s], {r0, r1, r2, r3}\n\t"
         "STR	r6, [sp, #64]\n\t"
-        "LDM	lr!, {r6}\n\t"
+        "ldm   lr!, {r6}\n\t"
         "MOV	r7, #0x0\n\t"
         "UMLAL	r8, r7, %[s], r6\n\t"
         "UMAAL	r9, r7, %[a], r6\n\t"
         "STR	r8, [sp, #16]\n\t"
         "UMAAL	r10, r7, %[b], r6\n\t"
         "UMAAL	r11, r7, %[c], r6\n\t"
-        "LDM	lr!, {r6}\n\t"
+        "ldm   lr!, {r6}\n\t"
         "MOV	r8, #0x0\n\t"
         "UMLAL	r9, r8, %[s], r6\n\t"
         "UMAAL	r10, r8, %[a], r6\n\t"
         "STR	r9, [sp, #20]\n\t"
         "UMAAL	r11, r8, %[b], r6\n\t"
         "UMAAL	r12, r8, %[c], r6\n\t"
-        "LDM	lr!, {r6}\n\t"
+        "ldm   lr!, {r6}\n\t"
         "MOV	r9, #0x0\n\t"
         "UMLAL	r10, r9, %[s], r6\n\t"
         "UMAAL	r11, r9, %[a], r6\n\t"
         "STR	r10, [sp, #24]\n\t"
         "UMAAL	r12, r9, %[b], r6\n\t"
         "UMAAL	r4, r9, %[c], r6\n\t"
-        "LDM	lr!, {r6}\n\t"
+        "ldm   lr!, {r6}\n\t"
         "MOV	r10, #0x0\n\t"
         "UMLAL	r11, r10, %[s], r6\n\t"
         "UMAAL	r12, r10, %[a], r6\n\t"
         "STR	r11, [sp, #28]\n\t"
         "UMAAL	r4, r10, %[b], r6\n\t"
         "UMAAL	r5, r10, %[c], r6\n\t"
-        "LDM	lr!, {r11}\n\t"
+        "ldm   lr!, {r11}\n\t"
         "UMAAL	r12, r7, %[s], r11\n\t"
         "UMAAL	r4, r7, %[a], r11\n\t"
         "LDR	r6, [sp, #64]\n\t"
         "UMAAL	r5, r7, %[b], r11\n\t"
         "UMAAL	r6, r7, %[c], r11\n\t"
-        "LDM	lr!, {r11}\n\t"
+        "ldm   lr!, {r11}\n\t"
         "UMAAL	r4, r8, %[s], r11\n\t"
         "UMAAL	r5, r8, %[a], r11\n\t"
         "UMAAL	r6, r8, %[b], r11\n\t"
         "UMAAL	r7, r8, %[c], r11\n\t"
-        "LDM	lr, {r11, lr}\n\t"
+        "ldm   lr, {r11, lr}\n\t"
         "UMAAL	r5, r9, %[s], r11\n\t"
         "UMAAL	r6, r10, %[s], lr\n\t"
         "UMAAL	r6, r9, %[a], r11\n\t"
@@ -6781,20 +6803,20 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[s], sp\n\t"
         /* Add c to a * b */
         "LDR	lr, [sp, #76]\n\t"
-        "LDM	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "LDM	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm   %[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   lr!, {r1, r10, r11, r12}\n\t"
         "ADDS	%[b], %[b], %[a]\n\t"
         "ADCS	%[c], %[c], r10\n\t"
         "ADCS	r4, r4, r11\n\t"
         "ADCS	r5, r5, r12\n\t"
-        "LDM	lr!, {%[a], r10, r11, r12}\n\t"
+        "ldm   lr!, {r1, r10, r11, r12}\n\t"
         "ADCS	r6, r6, %[a]\n\t"
         "ADCS	r7, r7, r10\n\t"
         "ADCS	r8, r8, r11\n\t"
         "ADCS	r9, r9, r12\n\t"
         "MOV	%[a], r9\n\t"
         "STM	%[s]!, {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
-        "LDM	%[s], {%[b], %[c], r4, r5, r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t"
         "ADCS	%[b], %[b], #0x0\n\t"
         "ADCS	%[c], %[c], #0x0\n\t"
         "ADCS	r4, r4, #0x0\n\t"
@@ -6850,19 +6872,19 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x2c13\n\t"
         "MOVT	%[a], #0xa30a\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "UMLAL	r10, lr, %[b], %[a]\n\t"
         "UMAAL	r11, lr, %[c], %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "UMAAL	r10, lr, r4, %[a]\n\t"
         "UMAAL	r11, lr, r5, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "UMAAL	r10, lr, r6, %[a]\n\t"
         "UMAAL	r11, lr, r7, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	%[s]!, {r10, r11}\n\t"
+        "ldm   %[s]!, {r10, r11}\n\t"
         "UMAAL	r10, lr, r8, %[a]\n\t"
         "BFC	r11, #28, #4\n\t"
         "UMAAL	r11, lr, r9, %[a]\n\t"
@@ -6872,19 +6894,19 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x9ce5\n\t"
         "MOVT	%[a], #0xa7ed\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMLAL	r10, lr, %[b], %[a]\n\t"
         "UMAAL	r11, lr, %[c], %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r4, %[a]\n\t"
         "UMAAL	r11, lr, r5, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r6, %[a]\n\t"
         "UMAAL	r11, lr, r7, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r8, %[a]\n\t"
         "UMAAL	r11, lr, r9, %[a]\n\t"
         "STM	r12!, {r10, r11, lr}\n\t"
@@ -6892,19 +6914,19 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x6329\n\t"
         "MOVT	%[a], #0x5d08\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMLAL	r10, lr, %[b], %[a]\n\t"
         "UMAAL	r11, lr, %[c], %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r4, %[a]\n\t"
         "UMAAL	r11, lr, r5, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r6, %[a]\n\t"
         "UMAAL	r11, lr, r7, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r8, %[a]\n\t"
         "UMAAL	r11, lr, r9, %[a]\n\t"
         "STM	r12!, {r10, r11, lr}\n\t"
@@ -6912,37 +6934,37 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x621\n\t"
         "MOVT	%[a], #0xeb21\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMLAL	r10, lr, %[b], %[a]\n\t"
         "UMAAL	r11, lr, %[c], %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r4, %[a]\n\t"
         "UMAAL	r11, lr, r5, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r6, %[a]\n\t"
         "UMAAL	r11, lr, r7, %[a]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "UMAAL	r10, lr, r8, %[a]\n\t"
         "UMAAL	r11, lr, r9, %[a]\n\t"
         "STM	r12!, {r10, r11, lr}\n\t"
         "SUB	r12, r12, #0x20\n\t"
         /* Subtract at 4 * 32 */
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SUBS	r10, r10, %[b]\n\t"
         "SBCS	r11, r11, %[c]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SBCS	r10, r10, r4\n\t"
         "SBCS	r11, r11, r5\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SBCS	r10, r10, r6\n\t"
         "SBCS	r11, r11, r7\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "SBCS	r10, r10, r8\n\t"
         "SBC	r11, r11, r9\n\t"
         "STM	r12!, {r10, r11}\n\t"
@@ -6965,30 +6987,30 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "AND	r4, r4, lr\n\t"
         "AND	r5, r5, lr\n\t"
         "AND	r9, r9, lr\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADDS	r10, r10, %[a]\n\t"
         "ADCS	r11, r11, %[b]\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADCS	r10, r10, %[c]\n\t"
         "ADCS	r11, r11, r4\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADCS	r10, r10, r5\n\t"
         "ADCS	r11, r11, #0x0\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10, r11}\n\t"
+        "ldm   r12, {r10, r11}\n\t"
         "ADCS	r10, r10, #0x0\n\t"
         "ADCS	r11, r11, #0x0\n\t"
         "STM	r12!, {r10, r11}\n\t"
-        "LDM	r12, {r10}\n\t"
+        "ldm   r12, {r10}\n\t"
         "ADCS	r10, r10, #0x0\n\t"
         "STM	r12!, {r10}\n\t"
         "SUB	%[s], %[s], #0x10\n\t"
         "MOV	r12, sp\n\t"
         /* Load bits 252-376 */
         "ADD	r12, r12, #0x1c\n\t"
-        "LDM	r12, {%[a], %[b], %[c], r4, r5}\n\t"
+        "ldm   r12, {r1, r2, r3, r4, r5}\n\t"
         "LSL	r5, r5, #4\n\t"
         "ORR	r5, r5, r4, LSR #28\n\t"
         "LSL	r4, r4, #4\n\t"
@@ -7005,7 +7027,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x2c13\n\t"
         "MOVT	%[a], #0xa30a\n\t"
         "MOV	lr, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, lr, %[b], %[a]\n\t"
         "UMAAL	r7, lr, %[c], %[a]\n\t"
         "UMAAL	r8, lr, r4, %[a]\n\t"
@@ -7016,7 +7038,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x9ce5\n\t"
         "MOVT	%[a], #0xa7ed\n\t"
         "MOV	r10, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, r10, %[b], %[a]\n\t"
         "UMAAL	r7, r10, %[c], %[a]\n\t"
         "UMAAL	r8, r10, r4, %[a]\n\t"
@@ -7027,7 +7049,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x6329\n\t"
         "MOVT	%[a], #0x5d08\n\t"
         "MOV	r11, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, r11, %[b], %[a]\n\t"
         "UMAAL	r7, r11, %[c], %[a]\n\t"
         "UMAAL	r8, r11, r4, %[a]\n\t"
@@ -7038,7 +7060,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "MOV	%[a], #0x621\n\t"
         "MOVT	%[a], #0xeb21\n\t"
         "MOV	r12, #0x0\n\t"
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "UMLAL	r6, r12, %[b], %[a]\n\t"
         "UMAAL	r7, r12, %[c], %[a]\n\t"
         "UMAAL	r8, r12, r4, %[a]\n\t"
@@ -7046,7 +7068,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "STM	%[s], {r6, r7, r8, r9}\n\t"
         "ADD	%[s], %[s], #0x4\n\t"
         /* Add overflows at 4 * 32 */
-        "LDM	%[s], {r6, r7, r8, r9}\n\t"
+        "ldm   %[s], {r6, r7, r8, r9}\n\t"
         "BFC	r9, #28, #4\n\t"
         "ADDS	r6, r6, lr\n\t"
         "ADCS	r7, r7, r10\n\t"
@@ -7059,7 +7081,7 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "SBCS	r9, r9, r5\n\t"
         "SBC	%[a], %[a], %[a]\n\t"
         "SUB	%[s], %[s], #0x10\n\t"
-        "LDM	%[s], {%[b], %[c], r4, r5}\n\t"
+        "ldm   %[s], {r2, r3, r4, r5}\n\t"
         "MOV	r10, #0xd3ed\n\t"
         "MOVT	r10, #0x5cf5\n\t"
         "MOV	r11, #0x631a\n\t"
@@ -7095,16 +7117,17 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
         "ADD	sp, sp, #0x50\n\t"
         : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12", "lr"
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #endif /* HAVE_ED25519_SIGN */
 #endif /* HAVE_ED25519 */
 
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-mlkem-asm.S b/wolfcrypt/src/port/arm/thumb2-mlkem-asm.S
new file mode 100644
index 000000000..6a7b54319
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-mlkem-asm.S
@@ -0,0 +1,3901 @@
+/* thumb2-mlkem-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-mlkem-asm.S
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifndef WOLFSSL_ARMASM_INLINE
+	.thumb
+	.syntax unified
+#ifdef WOLFSSL_WC_MLKEM
+	.text
+	.type	L_mlkem_thumb2_ntt_zetas, %object
+	.size	L_mlkem_thumb2_ntt_zetas, 256
+	.align	4
+L_mlkem_thumb2_ntt_zetas:
+	.short	0x8ed
+	.short	0xa0b
+	.short	0xb9a
+	.short	0x714
+	.short	0x5d5
+	.short	0x58e
+	.short	0x11f
+	.short	0xca
+	.short	0xc56
+	.short	0x26e
+	.short	0x629
+	.short	0xb6
+	.short	0x3c2
+	.short	0x84f
+	.short	0x73f
+	.short	0x5bc
+	.short	0x23d
+	.short	0x7d4
+	.short	0x108
+	.short	0x17f
+	.short	0x9c4
+	.short	0x5b2
+	.short	0x6bf
+	.short	0xc7f
+	.short	0xa58
+	.short	0x3f9
+	.short	0x2dc
+	.short	0x260
+	.short	0x6fb
+	.short	0x19b
+	.short	0xc34
+	.short	0x6de
+	.short	0x4c7
+	.short	0x28c
+	.short	0xad9
+	.short	0x3f7
+	.short	0x7f4
+	.short	0x5d3
+	.short	0xbe7
+	.short	0x6f9
+	.short	0x204
+	.short	0xcf9
+	.short	0xbc1
+	.short	0xa67
+	.short	0x6af
+	.short	0x877
+	.short	0x7e
+	.short	0x5bd
+	.short	0x9ac
+	.short	0xca7
+	.short	0xbf2
+	.short	0x33e
+	.short	0x6b
+	.short	0x774
+	.short	0xc0a
+	.short	0x94a
+	.short	0xb73
+	.short	0x3c1
+	.short	0x71d
+	.short	0xa2c
+	.short	0x1c0
+	.short	0x8d8
+	.short	0x2a5
+	.short	0x806
+	.short	0x8b2
+	.short	0x1ae
+	.short	0x22b
+	.short	0x34b
+	.short	0x81e
+	.short	0x367
+	.short	0x60e
+	.short	0x69
+	.short	0x1a6
+	.short	0x24b
+	.short	0xb1
+	.short	0xc16
+	.short	0xbde
+	.short	0xb35
+	.short	0x626
+	.short	0x675
+	.short	0xc0b
+	.short	0x30a
+	.short	0x487
+	.short	0xc6e
+	.short	0x9f8
+	.short	0x5cb
+	.short	0xaa7
+	.short	0x45f
+	.short	0x6cb
+	.short	0x284
+	.short	0x999
+	.short	0x15d
+	.short	0x1a2
+	.short	0x149
+	.short	0xc65
+	.short	0xcb6
+	.short	0x331
+	.short	0x449
+	.short	0x25b
+	.short	0x262
+	.short	0x52a
+	.short	0x7fc
+	.short	0x748
+	.short	0x180
+	.short	0x842
+	.short	0xc79
+	.short	0x4c2
+	.short	0x7ca
+	.short	0x997
+	.short	0xdc
+	.short	0x85e
+	.short	0x686
+	.short	0x860
+	.short	0x707
+	.short	0x803
+	.short	0x31a
+	.short	0x71b
+	.short	0x9ab
+	.short	0x99b
+	.short	0x1de
+	.short	0xc95
+	.short	0xbcd
+	.short	0x3e4
+	.short	0x3df
+	.short	0x3be
+	.short	0x74d
+	.short	0x5f2
+	.short	0x65c
+	.text
+	.align	4
+	.globl	mlkem_thumb2_ntt
+	.type	mlkem_thumb2_ntt, %function
+mlkem_thumb2_ntt:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0x8
+	ADR	r1, L_mlkem_thumb2_ntt_zetas
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	r2, #0x10
+L_mlkem_thumb2_ntt_loop_123:
+	STR	r2, [sp]
+	LDRH	lr, [r1, #2]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #64]
+	LDR	r4, [r0, #128]
+	LDR	r5, [r0, #192]
+	LDR	r6, [r0, #256]
+	LDR	r7, [r0, #320]
+	LDR	r8, [r0, #384]
+	LDR	r9, [r0, #448]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r6
+	SMULBT	r6, lr, r6
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r11, r12, r11, r6
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r6, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r6, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r6, r6, #16
+	MUL	r10, r11, r10
+	MUL	r6, r11, r6
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r6
+	SUB	r6, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r6, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r11, r12, r11, r7
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r7, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r7, r7, #16
+	MUL	r10, r11, r10
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r7
+	SUB	r7, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r7, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r8
+	SMULBT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r4, r10
+	SADD16	r4, r4, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r4, r11
+	ADD	r4, r4, r11
+	SUB	r11, r4, r10, LSR #16
+	ADD	r10, r4, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r9
+	SMULBT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r5, r10
+	SADD16	r5, r5, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r5, r11
+	ADD	r5, r5, r11
+	SUB	r11, r5, r10, LSR #16
+	ADD	r10, r5, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #4]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r4
+	SMULBT	r4, lr, r4
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r11, r12, r11, r4
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r4, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r4, r4, #16
+	MUL	r10, r11, r10
+	MUL	r4, r11, r4
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r4
+	SUB	r4, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r4, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r5
+	SMULBT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r8
+	SMULTT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r7, r10
+	SADD16	r7, r7, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r7, r11
+	ADD	r7, r7, r11
+	SUB	r11, r7, r10, LSR #16
+	ADD	r10, r7, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #8]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r3
+	SMULBT	r3, lr, r3
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r11, r12, r11, r3
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r3, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r3, r3, #16
+	MUL	r10, r11, r10
+	MUL	r3, r11, r3
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r3
+	SUB	r3, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r3, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r5
+	SMULTT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r4, r10
+	SADD16	r4, r4, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r4, r11
+	ADD	r4, r4, r11
+	SUB	r11, r4, r10, LSR #16
+	ADD	r10, r4, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #12]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r11, r12, r11, r7
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r7, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r7, r7, #16
+	MUL	r10, r11, r10
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r7
+	SUB	r7, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r7, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r8, r10
+	SADD16	r8, r8, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r8, r11
+	ADD	r8, r8, r11
+	SUB	r11, r8, r10, LSR #16
+	ADD	r10, r8, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #64]
+	STR	r4, [r0, #128]
+	STR	r5, [r0, #192]
+	STR	r6, [r0, #256]
+	STR	r7, [r0, #320]
+	STR	r8, [r0, #384]
+	STR	r9, [r0, #448]
+	LDR	r2, [sp]
+	SUBS	r2, r2, #0x1
+	ADD	r0, r0, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_mlkem_thumb2_ntt_loop_123
+#else
+	BNE.N	L_mlkem_thumb2_ntt_loop_123
+#endif
+	SUB	r0, r0, #0x40
+	MOV	r3, #0x0
+L_mlkem_thumb2_ntt_loop_4_j:
+	STR	r3, [sp, #4]
+	ADD	lr, r1, r3, LSR #4
+	MOV	r2, #0x4
+	LDR	lr, [lr, #16]
+L_mlkem_thumb2_ntt_loop_4_i:
+	STR	r2, [sp]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #16]
+	LDR	r4, [r0, #32]
+	LDR	r5, [r0, #48]
+	LDR	r6, [r0, #64]
+	LDR	r7, [r0, #80]
+	LDR	r8, [r0, #96]
+	LDR	r9, [r0, #112]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r4
+	SMULBT	r4, lr, r4
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r11, r12, r11, r4
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r4, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r4, r4, #16
+	MUL	r10, r11, r10
+	MUL	r4, r11, r4
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r4
+	SUB	r4, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r4, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r5
+	SMULBT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r8
+	SMULTT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r7, r10
+	SADD16	r7, r7, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r7, r11
+	ADD	r7, r7, r11
+	SUB	r11, r7, r10, LSR #16
+	ADD	r10, r7, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #16]
+	STR	r4, [r0, #32]
+	STR	r5, [r0, #48]
+	STR	r6, [r0, #64]
+	STR	r7, [r0, #80]
+	STR	r8, [r0, #96]
+	STR	r9, [r0, #112]
+	LDRD	r2, r3, [sp]
+	SUBS	r2, r2, #0x1
+	ADD	r0, r0, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_mlkem_thumb2_ntt_loop_4_i
+#else
+	BNE.N	L_mlkem_thumb2_ntt_loop_4_i
+#endif
+	ADD	r3, r3, #0x40
+	RSBS	r10, r3, #0x100
+	ADD	r0, r0, #0x70
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_mlkem_thumb2_ntt_loop_4_j
+#else
+	BNE.N	L_mlkem_thumb2_ntt_loop_4_j
+#endif
+	SUB	r0, r0, #0x200
+	MOV	r3, #0x0
+L_mlkem_thumb2_ntt_loop_567:
+	ADD	lr, r1, r3, LSR #3
+	STR	r3, [sp, #4]
+	LDRH	lr, [lr, #32]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #4]
+	LDR	r4, [r0, #8]
+	LDR	r5, [r0, #12]
+	LDR	r6, [r0, #16]
+	LDR	r7, [r0, #20]
+	LDR	r8, [r0, #24]
+	LDR	r9, [r0, #28]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r6
+	SMULBT	r6, lr, r6
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r11, r12, r11, r6
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r6, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r6, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r6, r6, #16
+	MUL	r10, r11, r10
+	MUL	r6, r11, r6
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r6
+	SUB	r6, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r6, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r11, r12, r11, r7
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r7, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r7, r7, #16
+	MUL	r10, r11, r10
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r7
+	SUB	r7, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r7, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r8
+	SMULBT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r4, r10
+	SADD16	r4, r4, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r4, r11
+	ADD	r4, r4, r11
+	SUB	r11, r4, r10, LSR #16
+	ADD	r10, r4, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r9
+	SMULBT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r5, r10
+	SADD16	r5, r5, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r5, r11
+	ADD	r5, r5, r11
+	SUB	r11, r5, r10, LSR #16
+	ADD	r10, r5, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #2
+	LDR	lr, [lr, #64]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r4
+	SMULBT	r4, lr, r4
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r11, r12, r11, r4
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r4, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r4, r4, #16
+	MUL	r10, r11, r10
+	MUL	r4, r11, r4
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r4
+	SUB	r4, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r4, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r5
+	SMULBT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r3, r10
+	SADD16	r3, r3, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r3, r11
+	ADD	r3, r3, r11
+	SUB	r11, r3, r10, LSR #16
+	ADD	r10, r3, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r8
+	SMULTT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r11, r12, r11, r8
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r8, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r8, r8, #16
+	MUL	r10, r11, r10
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r8
+	SUB	r8, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r8, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r7, r10
+	SADD16	r7, r7, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r7, r11
+	ADD	r7, r7, r11
+	SUB	r11, r7, r10, LSR #16
+	ADD	r10, r7, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #1
+	LDR	lr, [lr, #128]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r3
+	SMULBT	r3, lr, r3
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r11, r12, r11, r3
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r3, r2, r10
+	SADD16	r2, r2, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r3, r3, #16
+	MUL	r10, r11, r10
+	MUL	r3, r11, r3
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r3
+	SUB	r3, r2, r11
+	ADD	r2, r2, r11
+	SUB	r11, r2, r10, LSR #16
+	ADD	r10, r2, r10, LSR #16
+	BFI	r3, r11, #0, #16
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r5
+	SMULTT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r11, r12, r11, r5
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r5, r4, r10
+	SADD16	r4, r4, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r5, r5, #16
+	MUL	r10, r11, r10
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r5
+	SUB	r5, r4, r11
+	ADD	r4, r4, r11
+	SUB	r11, r4, r10, LSR #16
+	ADD	r10, r4, r10, LSR #16
+	BFI	r5, r11, #0, #16
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #1
+	LDR	lr, [lr, #132]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r11, r12, r11, r7
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r7, r6, r10
+	SADD16	r6, r6, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r7, r7, #16
+	MUL	r10, r11, r10
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r7
+	SUB	r7, r6, r11
+	ADD	r6, r6, r11
+	SUB	r11, r6, r10, LSR #16
+	ADD	r10, r6, r10, LSR #16
+	BFI	r7, r11, #0, #16
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTB	r10, lr, r9
+	SMULTT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r11, r12, r11, r9
+	PKHTB	r10, r11, r10, ASR #16
+	SSUB16	r9, r8, r10
+	SADD16	r8, r8, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r9, r9, #16
+	MUL	r10, r11, r10
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r11, r12, r11, r9
+	SUB	r9, r8, r11
+	ADD	r8, r8, r11
+	SUB	r11, r8, r10, LSR #16
+	ADD	r10, r8, r10, LSR #16
+	BFI	r9, r11, #0, #16
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	lr, #0xafc0
+	MOVT	lr, #0x13
+#else
+	MOV	lr, #0x4ebf
+	MOV	r12, #0xd01
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r2
+	SMULWT	r11, lr, r2
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r2, r2, r10
+#else
+	SBFX	r10, r2, #0, #16
+	SBFX	r11, r2, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r2, r11, LSL #16
+	SUB	r2, r2, r10
+	LSR	r11, r11, #16
+	BFI	r2, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r3
+	SMULWT	r11, lr, r3
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r3, r3, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, r3, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r3, r11, LSL #16
+	SUB	r3, r3, r10
+	LSR	r11, r11, #16
+	BFI	r3, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r4
+	SMULWT	r11, lr, r4
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r4, r4, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, r4, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r4, r11, LSL #16
+	SUB	r4, r4, r10
+	LSR	r11, r11, #16
+	BFI	r4, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r5
+	SMULWT	r11, lr, r5
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r5, r5, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, r5, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r5, r11, LSL #16
+	SUB	r5, r5, r10
+	LSR	r11, r11, #16
+	BFI	r5, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r6
+	SMULWT	r11, lr, r6
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r6, r6, r10
+#else
+	SBFX	r10, r6, #0, #16
+	SBFX	r11, r6, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r6, r11, LSL #16
+	SUB	r6, r6, r10
+	LSR	r11, r11, #16
+	BFI	r6, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r7
+	SMULWT	r11, lr, r7
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r7, r7, r10
+#else
+	SBFX	r10, r7, #0, #16
+	SBFX	r11, r7, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r7, r11, LSL #16
+	SUB	r7, r7, r10
+	LSR	r11, r11, #16
+	BFI	r7, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r8
+	SMULWT	r11, lr, r8
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r8, r8, r10
+#else
+	SBFX	r10, r8, #0, #16
+	SBFX	r11, r8, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r8, r11, LSL #16
+	SUB	r8, r8, r10
+	LSR	r11, r11, #16
+	BFI	r8, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r9
+	SMULWT	r11, lr, r9
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r9, r9, r10
+#else
+	SBFX	r10, r9, #0, #16
+	SBFX	r11, r9, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r9, r11, LSL #16
+	SUB	r9, r9, r10
+	LSR	r11, r11, #16
+	BFI	r9, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #4]
+	STR	r4, [r0, #8]
+	STR	r5, [r0, #12]
+	STR	r6, [r0, #16]
+	STR	r7, [r0, #20]
+	STR	r8, [r0, #24]
+	STR	r9, [r0, #28]
+	LDR	r3, [sp, #4]
+	ADD	r3, r3, #0x10
+	RSBS	r10, r3, #0x100
+	ADD	r0, r0, #0x20
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_mlkem_thumb2_ntt_loop_567
+#else
+	BNE.N	L_mlkem_thumb2_ntt_loop_567
+#endif
+	ADD	sp, sp, #0x8
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 1270 */
+	.size	mlkem_thumb2_ntt,.-mlkem_thumb2_ntt
+	.text
+	.type	L_mlkem_invntt_zetas_inv, %object
+	.size	L_mlkem_invntt_zetas_inv, 256
+	.align	4
+L_mlkem_invntt_zetas_inv:
+	.short	0x6a5
+	.short	0x70f
+	.short	0x5b4
+	.short	0x943
+	.short	0x922
+	.short	0x91d
+	.short	0x134
+	.short	0x6c
+	.short	0xb23
+	.short	0x366
+	.short	0x356
+	.short	0x5e6
+	.short	0x9e7
+	.short	0x4fe
+	.short	0x5fa
+	.short	0x4a1
+	.short	0x67b
+	.short	0x4a3
+	.short	0xc25
+	.short	0x36a
+	.short	0x537
+	.short	0x83f
+	.short	0x88
+	.short	0x4bf
+	.short	0xb81
+	.short	0x5b9
+	.short	0x505
+	.short	0x7d7
+	.short	0xa9f
+	.short	0xaa6
+	.short	0x8b8
+	.short	0x9d0
+	.short	0x4b
+	.short	0x9c
+	.short	0xbb8
+	.short	0xb5f
+	.short	0xba4
+	.short	0x368
+	.short	0xa7d
+	.short	0x636
+	.short	0x8a2
+	.short	0x25a
+	.short	0x736
+	.short	0x309
+	.short	0x93
+	.short	0x87a
+	.short	0x9f7
+	.short	0xf6
+	.short	0x68c
+	.short	0x6db
+	.short	0x1cc
+	.short	0x123
+	.short	0xeb
+	.short	0xc50
+	.short	0xab6
+	.short	0xb5b
+	.short	0xc98
+	.short	0x6f3
+	.short	0x99a
+	.short	0x4e3
+	.short	0x9b6
+	.short	0xad6
+	.short	0xb53
+	.short	0x44f
+	.short	0x4fb
+	.short	0xa5c
+	.short	0x429
+	.short	0xb41
+	.short	0x2d5
+	.short	0x5e4
+	.short	0x940
+	.short	0x18e
+	.short	0x3b7
+	.short	0xf7
+	.short	0x58d
+	.short	0xc96
+	.short	0x9c3
+	.short	0x10f
+	.short	0x5a
+	.short	0x355
+	.short	0x744
+	.short	0xc83
+	.short	0x48a
+	.short	0x652
+	.short	0x29a
+	.short	0x140
+	.short	0x8
+	.short	0xafd
+	.short	0x608
+	.short	0x11a
+	.short	0x72e
+	.short	0x50d
+	.short	0x90a
+	.short	0x228
+	.short	0xa75
+	.short	0x83a
+	.short	0x623
+	.short	0xcd
+	.short	0xb66
+	.short	0x606
+	.short	0xaa1
+	.short	0xa25
+	.short	0x908
+	.short	0x2a9
+	.short	0x82
+	.short	0x642
+	.short	0x74f
+	.short	0x33d
+	.short	0xb82
+	.short	0xbf9
+	.short	0x52d
+	.short	0xac4
+	.short	0x745
+	.short	0x5c2
+	.short	0x4b2
+	.short	0x93f
+	.short	0xc4b
+	.short	0x6d8
+	.short	0xa93
+	.short	0xab
+	.short	0xc37
+	.short	0xbe2
+	.short	0x773
+	.short	0x72c
+	.short	0x5ed
+	.short	0x167
+	.short	0x2f6
+	.short	0x5a1
+	.text
+	.align	4
+	.globl	mlkem_thumb2_invntt
+	.type	mlkem_thumb2_invntt, %function
+mlkem_thumb2_invntt:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0x8
+	ADR	r1, L_mlkem_invntt_zetas_inv
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	r3, #0x0
+L_mlkem_invntt_loop_765:
+	ADD	lr, r1, r3, LSR #1
+	STR	r3, [sp, #4]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #4]
+	LDR	r4, [r0, #8]
+	LDR	r5, [r0, #12]
+	LDR	r6, [r0, #16]
+	LDR	r7, [r0, #20]
+	LDR	r8, [r0, #24]
+	LDR	r9, [r0, #28]
+	LDR	lr, [lr]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r3
+	SADD16	r2, r2, r3
+	SMULBT	r3, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r3, r12, r11, r3
+	PKHTB	r3, r3, r10, ASR #16
+#else
+	SUB	r11, r2, r3
+	ADD	r12, r2, r3
+	BFC	r3, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r3
+	ADD	r2, r2, r3
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r3, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r3, r12, r11, r3
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r4, r5
+	SADD16	r4, r4, r5
+	SMULTT	r5, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r4, r5
+	ADD	r12, r4, r5
+	BFC	r5, #0, #16
+	BFC	r4, #0, #16
+	SUB	r10, r4, r5
+	ADD	r4, r4, r5
+	BFI	r10, r11, #0, #16
+	BFI	r4, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #1
+	LDR	lr, [lr, #4]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r7
+	SADD16	r6, r6, r7
+	SMULBT	r7, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SUB	r11, r6, r7
+	ADD	r12, r6, r7
+	BFC	r7, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r7
+	ADD	r6, r6, r7
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r7, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r8, r9
+	SADD16	r8, r8, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r8, r9
+	ADD	r12, r8, r9
+	BFC	r9, #0, #16
+	BFC	r8, #0, #16
+	SUB	r10, r8, r9
+	ADD	r8, r8, r9
+	BFI	r10, r11, #0, #16
+	BFI	r8, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #2
+	LDR	lr, [lr, #128]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r4
+	SADD16	r2, r2, r4
+	SMULBT	r4, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r4, r12, r11, r4
+	PKHTB	r4, r4, r10, ASR #16
+#else
+	SUB	r11, r2, r4
+	ADD	r12, r2, r4
+	BFC	r4, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r4
+	ADD	r2, r2, r4
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r4, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r4, r12, r11, r4
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r5
+	SADD16	r3, r3, r5
+	SMULBT	r5, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r3, r5
+	ADD	r12, r3, r5
+	BFC	r5, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r5
+	ADD	r3, r3, r5
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r8
+	SADD16	r6, r6, r8
+	SMULTT	r8, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r6, r8
+	ADD	r12, r6, r8
+	BFC	r8, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r8
+	ADD	r6, r6, r8
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r7, r9
+	SADD16	r7, r7, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r7, r9
+	ADD	r12, r7, r9
+	BFC	r9, #0, #16
+	BFC	r7, #0, #16
+	SUB	r10, r7, r9
+	ADD	r7, r7, r9
+	BFI	r10, r11, #0, #16
+	BFI	r7, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [sp, #4]
+	ADD	lr, r1, lr, LSR #3
+	LDR	lr, [lr, #192]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r6
+	SADD16	r2, r2, r6
+	SMULBT	r6, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r6, r12, r11, r6
+	PKHTB	r6, r6, r10, ASR #16
+#else
+	SUB	r11, r2, r6
+	ADD	r12, r2, r6
+	BFC	r6, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r6
+	ADD	r2, r2, r6
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r6, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r6, r12, r11, r6
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r7
+	SADD16	r3, r3, r7
+	SMULBT	r7, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SUB	r11, r3, r7
+	ADD	r12, r3, r7
+	BFC	r7, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r7
+	ADD	r3, r3, r7
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r7, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r4, r8
+	SADD16	r4, r4, r8
+	SMULBT	r8, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r4, r8
+	ADD	r12, r4, r8
+	BFC	r8, #0, #16
+	BFC	r4, #0, #16
+	SUB	r10, r4, r8
+	ADD	r4, r4, r8
+	BFI	r10, r11, #0, #16
+	BFI	r4, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r5, r9
+	SADD16	r5, r5, r9
+	SMULBT	r9, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r5, r9
+	ADD	r12, r5, r9
+	BFC	r9, #0, #16
+	BFC	r5, #0, #16
+	SUB	r10, r5, r9
+	ADD	r5, r5, r9
+	BFI	r10, r11, #0, #16
+	BFI	r5, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	lr, #0xafc0
+	MOVT	lr, #0x13
+#else
+	MOV	lr, #0x4ebf
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r2
+	SMULWT	r11, lr, r2
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r2, r2, r10
+#else
+	SBFX	r10, r2, #0, #16
+	SBFX	r11, r2, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r2, r11, LSL #16
+	SUB	r2, r2, r10
+	LSR	r11, r11, #16
+	BFI	r2, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r3
+	SMULWT	r11, lr, r3
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r3, r3, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, r3, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r3, r11, LSL #16
+	SUB	r3, r3, r10
+	LSR	r11, r11, #16
+	BFI	r3, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r4
+	SMULWT	r11, lr, r4
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r4, r4, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, r4, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r4, r11, LSL #16
+	SUB	r4, r4, r10
+	LSR	r11, r11, #16
+	BFI	r4, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r5
+	SMULWT	r11, lr, r5
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r5, r5, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, r5, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r5, r11, LSL #16
+	SUB	r5, r5, r10
+	LSR	r11, r11, #16
+	BFI	r5, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #4]
+	STR	r4, [r0, #8]
+	STR	r5, [r0, #12]
+	STR	r6, [r0, #16]
+	STR	r7, [r0, #20]
+	STR	r8, [r0, #24]
+	STR	r9, [r0, #28]
+	LDR	r3, [sp, #4]
+	ADD	r3, r3, #0x10
+	RSBS	r10, r3, #0x100
+	ADD	r0, r0, #0x20
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_mlkem_invntt_loop_765
+#else
+	BNE.N	L_mlkem_invntt_loop_765
+#endif
+	SUB	r0, r0, #0x200
+	MOV	r3, #0x0
+L_mlkem_invntt_loop_4_j:
+	STR	r3, [sp, #4]
+	ADD	lr, r1, r3, LSR #4
+	MOV	r2, #0x4
+	LDR	lr, [lr, #224]
+L_mlkem_invntt_loop_4_i:
+	STR	r2, [sp]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #16]
+	LDR	r4, [r0, #32]
+	LDR	r5, [r0, #48]
+	LDR	r6, [r0, #64]
+	LDR	r7, [r0, #80]
+	LDR	r8, [r0, #96]
+	LDR	r9, [r0, #112]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r4
+	SADD16	r2, r2, r4
+	SMULBT	r4, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r4, r12, r11, r4
+	PKHTB	r4, r4, r10, ASR #16
+#else
+	SUB	r11, r2, r4
+	ADD	r12, r2, r4
+	BFC	r4, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r4
+	ADD	r2, r2, r4
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r4, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r4, r12, r11, r4
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r5
+	SADD16	r3, r3, r5
+	SMULBT	r5, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r3, r5
+	ADD	r12, r3, r5
+	BFC	r5, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r5
+	ADD	r3, r3, r5
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r8
+	SADD16	r6, r6, r8
+	SMULTT	r8, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r6, r8
+	ADD	r12, r6, r8
+	BFC	r8, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r8
+	ADD	r6, r6, r8
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r7, r9
+	SADD16	r7, r7, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r7, r9
+	ADD	r12, r7, r9
+	BFC	r9, #0, #16
+	BFC	r7, #0, #16
+	SUB	r10, r7, r9
+	ADD	r7, r7, r9
+	BFI	r10, r11, #0, #16
+	BFI	r7, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #16]
+	STR	r4, [r0, #32]
+	STR	r5, [r0, #48]
+	STR	r6, [r0, #64]
+	STR	r7, [r0, #80]
+	STR	r8, [r0, #96]
+	STR	r9, [r0, #112]
+	LDRD	r2, r3, [sp]
+	SUBS	r2, r2, #0x1
+	ADD	r0, r0, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_mlkem_invntt_loop_4_i
+#else
+	BNE.N	L_mlkem_invntt_loop_4_i
+#endif
+	ADD	r3, r3, #0x40
+	RSBS	r10, r3, #0x100
+	ADD	r0, r0, #0x70
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_mlkem_invntt_loop_4_j
+#else
+	BNE.N	L_mlkem_invntt_loop_4_j
+#endif
+	SUB	r0, r0, #0x200
+	MOV	r2, #0x10
+L_mlkem_invntt_loop_321:
+	STR	r2, [sp]
+	LDRH	lr, [r1, #2]
+	LDR	r2, [r0]
+	LDR	r3, [r0, #64]
+	LDR	r4, [r0, #128]
+	LDR	r5, [r0, #192]
+	LDR	r6, [r0, #256]
+	LDR	r7, [r0, #320]
+	LDR	r8, [r0, #384]
+	LDR	r9, [r0, #448]
+	LDR	lr, [r1, #240]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r3
+	SADD16	r2, r2, r3
+	SMULBT	r3, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r3, r12, r11, r3
+	PKHTB	r3, r3, r10, ASR #16
+#else
+	SUB	r11, r2, r3
+	ADD	r12, r2, r3
+	BFC	r3, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r3
+	ADD	r2, r2, r3
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r3, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r3, r12, r11, r3
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r4, r5
+	SADD16	r4, r4, r5
+	SMULTT	r5, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r4, r5
+	ADD	r12, r4, r5
+	BFC	r5, #0, #16
+	BFC	r4, #0, #16
+	SUB	r10, r4, r5
+	ADD	r4, r4, r5
+	BFI	r10, r11, #0, #16
+	BFI	r4, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #244]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r7
+	SADD16	r6, r6, r7
+	SMULBT	r7, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SUB	r11, r6, r7
+	ADD	r12, r6, r7
+	BFC	r7, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r7
+	ADD	r6, r6, r7
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r7, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r8, r9
+	SADD16	r8, r8, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r8, r9
+	ADD	r12, r8, r9
+	BFC	r9, #0, #16
+	BFC	r8, #0, #16
+	SUB	r10, r8, r9
+	ADD	r8, r8, r9
+	BFI	r10, r11, #0, #16
+	BFI	r8, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #248]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r4
+	SADD16	r2, r2, r4
+	SMULBT	r4, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r4, r12, r11, r4
+	PKHTB	r4, r4, r10, ASR #16
+#else
+	SUB	r11, r2, r4
+	ADD	r12, r2, r4
+	BFC	r4, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r4
+	ADD	r2, r2, r4
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r4, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r4, r12, r11, r4
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r5
+	SADD16	r3, r3, r5
+	SMULBT	r5, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SUB	r11, r3, r5
+	ADD	r12, r3, r5
+	BFC	r5, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r5
+	ADD	r3, r3, r5
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r5, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r6, r8
+	SADD16	r6, r6, r8
+	SMULTT	r8, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r6, r8
+	ADD	r12, r6, r8
+	BFC	r8, #0, #16
+	BFC	r6, #0, #16
+	SUB	r10, r6, r8
+	ADD	r6, r6, r8
+	BFI	r10, r11, #0, #16
+	BFI	r6, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r7, r9
+	SADD16	r7, r7, r9
+	SMULTT	r9, lr, r10
+	SMULTB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r7, r9
+	ADD	r12, r7, r9
+	BFC	r9, #0, #16
+	BFC	r7, #0, #16
+	SUB	r10, r7, r9
+	ADD	r7, r7, r9
+	BFI	r10, r11, #0, #16
+	BFI	r7, r12, #0, #16
+	SBFX	r11, lr, #16, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	lr, #0xafc0
+	MOVT	lr, #0x13
+#else
+	MOV	lr, #0x4ebf
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r2
+	SMULWT	r11, lr, r2
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r2, r2, r10
+#else
+	SBFX	r10, r2, #0, #16
+	SBFX	r11, r2, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r2, r11, LSL #16
+	SUB	r2, r2, r10
+	LSR	r11, r11, #16
+	BFI	r2, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r3
+	SMULWT	r11, lr, r3
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r3, r3, r10
+#else
+	SBFX	r10, r3, #0, #16
+	SBFX	r11, r3, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r3, r11, LSL #16
+	SUB	r3, r3, r10
+	LSR	r11, r11, #16
+	BFI	r3, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r4
+	SMULWT	r11, lr, r4
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r4, r4, r10
+#else
+	SBFX	r10, r4, #0, #16
+	SBFX	r11, r4, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r4, r11, LSL #16
+	SUB	r4, r4, r10
+	LSR	r11, r11, #16
+	BFI	r4, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULWB	r10, lr, r5
+	SMULWT	r11, lr, r5
+	SMULBT	r10, r12, r10
+	SMULBT	r11, r12, r11
+	PKHBT	r10, r10, r11, LSL #16
+	SSUB16	r5, r5, r10
+#else
+	SBFX	r10, r5, #0, #16
+	SBFX	r11, r5, #16, #16
+	MUL	r10, lr, r10
+	MUL	r11, lr, r11
+	ASR	r10, r10, #26
+	ASR	r11, r11, #26
+	MUL	r10, r12, r10
+	MUL	r11, r12, r11
+	SUB	r11, r5, r11, LSL #16
+	SUB	r5, r5, r10
+	LSR	r11, r11, #16
+	BFI	r5, r11, #16, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #252]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r2, r6
+	SADD16	r2, r2, r6
+	SMULBT	r6, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r6, r12, r11, r6
+	PKHTB	r6, r6, r10, ASR #16
+#else
+	SUB	r11, r2, r6
+	ADD	r12, r2, r6
+	BFC	r6, #0, #16
+	BFC	r2, #0, #16
+	SUB	r10, r2, r6
+	ADD	r2, r2, r6
+	BFI	r10, r11, #0, #16
+	BFI	r2, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r6, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r6, r12, r11, r6
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r3, r7
+	SADD16	r3, r3, r7
+	SMULBT	r7, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SUB	r11, r3, r7
+	ADD	r12, r3, r7
+	BFC	r7, #0, #16
+	BFC	r3, #0, #16
+	SUB	r10, r3, r7
+	ADD	r3, r3, r7
+	BFI	r10, r11, #0, #16
+	BFI	r3, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r7, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r4, r8
+	SADD16	r4, r4, r8
+	SMULBT	r8, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SUB	r11, r4, r8
+	ADD	r12, r4, r8
+	BFC	r8, #0, #16
+	BFC	r4, #0, #16
+	SUB	r10, r4, r8
+	ADD	r4, r4, r8
+	BFI	r10, r11, #0, #16
+	BFI	r4, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r8, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r10, r5, r9
+	SADD16	r5, r5, r9
+	SMULBT	r9, lr, r10
+	SMULBB	r10, lr, r10
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SUB	r11, r5, r9
+	ADD	r12, r5, r9
+	BFC	r9, #0, #16
+	BFC	r5, #0, #16
+	SUB	r10, r5, r9
+	ADD	r5, r5, r9
+	BFI	r10, r11, #0, #16
+	BFI	r5, r12, #0, #16
+	SBFX	r11, lr, #0, #16
+	ASR	r12, r10, #16
+	MUL	r9, r11, r12
+	SBFX	r10, r10, #0, #16
+	MUL	r10, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r10, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	LDR	lr, [r1, #254]
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r2
+	SMULBT	r2, lr, r2
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r2
+	SMLABB	r2, r12, r11, r2
+	PKHTB	r2, r2, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r2, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r2, r2, #16, #16
+	MUL	r2, r11, r2
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r2, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r2, r12, r11, r2
+	BFI	r2, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r3
+	SMULBT	r3, lr, r3
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r3
+	SMLABB	r3, r12, r11, r3
+	PKHTB	r3, r3, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r3, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r3, r3, #16, #16
+	MUL	r3, r11, r3
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r3, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r3, r12, r11, r3
+	BFI	r3, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r4
+	SMULBT	r4, lr, r4
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r4
+	SMLABB	r4, r12, r11, r4
+	PKHTB	r4, r4, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r4, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r4, r4, #16, #16
+	MUL	r4, r11, r4
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r4, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r4, r12, r11, r4
+	BFI	r4, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r5
+	SMULBT	r5, lr, r5
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r5
+	SMLABB	r5, r12, r11, r5
+	PKHTB	r5, r5, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r5, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r5, r5, #16, #16
+	MUL	r5, r11, r5
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r5, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r5, r12, r11, r5
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r6
+	SMULBT	r6, lr, r6
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r6
+	SMLABB	r6, r12, r11, r6
+	PKHTB	r6, r6, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r6, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r6, r6, #16, #16
+	MUL	r6, r11, r6
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r6, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r6, r12, r11, r6
+	BFI	r6, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r7
+	SMULBT	r7, lr, r7
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r7
+	SMLABB	r7, r12, r11, r7
+	PKHTB	r7, r7, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r7, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r7, r7, #16, #16
+	MUL	r7, r11, r7
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r7, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r7, r12, r11, r7
+	BFI	r7, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r8
+	SMULBT	r8, lr, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r8
+	SMLABB	r8, r12, r11, r8
+	PKHTB	r8, r8, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r8, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r8, r8, #16, #16
+	MUL	r8, r11, r8
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r8, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r8, r12, r11, r8
+	BFI	r8, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULBB	r10, lr, r9
+	SMULBT	r9, lr, r9
+	SMULTB	r11, r12, r10
+	SMLABB	r10, r12, r11, r10
+	SMULTB	r11, r12, r9
+	SMLABB	r9, r12, r11, r9
+	PKHTB	r9, r9, r10, ASR #16
+#else
+	SBFX	r11, lr, #0, #16
+	SBFX	r10, r9, #0, #16
+	MUL	r10, r11, r10
+	SBFX	r9, r9, #16, #16
+	MUL	r9, r11, r9
+	MOV	r12, #0xcff
+	MUL	r11, r12, r10
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	MLA	r10, r12, r11, r10
+	MOV	r12, #0xcff
+	SBFX	r11, r9, #0, #16
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r11, r11, #0, #16
+	LSR	r10, r10, #16
+	MLA	r9, r12, r11, r9
+	BFI	r9, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STR	r2, [r0]
+	STR	r3, [r0, #64]
+	STR	r4, [r0, #128]
+	STR	r5, [r0, #192]
+	STR	r6, [r0, #256]
+	STR	r7, [r0, #320]
+	STR	r8, [r0, #384]
+	STR	r9, [r0, #448]
+	LDR	r2, [sp]
+	SUBS	r2, r2, #0x1
+	ADD	r0, r0, #0x4
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_mlkem_invntt_loop_321
+#else
+	BNE.N	L_mlkem_invntt_loop_321
+#endif
+	ADD	sp, sp, #0x8
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 1629 */
+	.size	mlkem_thumb2_invntt,.-mlkem_thumb2_invntt
+	.text
+	.type	L_mlkem_basemul_mont_zetas, %object
+	.size	L_mlkem_basemul_mont_zetas, 256
+	.align	4
+L_mlkem_basemul_mont_zetas:
+	.short	0x8ed
+	.short	0xa0b
+	.short	0xb9a
+	.short	0x714
+	.short	0x5d5
+	.short	0x58e
+	.short	0x11f
+	.short	0xca
+	.short	0xc56
+	.short	0x26e
+	.short	0x629
+	.short	0xb6
+	.short	0x3c2
+	.short	0x84f
+	.short	0x73f
+	.short	0x5bc
+	.short	0x23d
+	.short	0x7d4
+	.short	0x108
+	.short	0x17f
+	.short	0x9c4
+	.short	0x5b2
+	.short	0x6bf
+	.short	0xc7f
+	.short	0xa58
+	.short	0x3f9
+	.short	0x2dc
+	.short	0x260
+	.short	0x6fb
+	.short	0x19b
+	.short	0xc34
+	.short	0x6de
+	.short	0x4c7
+	.short	0x28c
+	.short	0xad9
+	.short	0x3f7
+	.short	0x7f4
+	.short	0x5d3
+	.short	0xbe7
+	.short	0x6f9
+	.short	0x204
+	.short	0xcf9
+	.short	0xbc1
+	.short	0xa67
+	.short	0x6af
+	.short	0x877
+	.short	0x7e
+	.short	0x5bd
+	.short	0x9ac
+	.short	0xca7
+	.short	0xbf2
+	.short	0x33e
+	.short	0x6b
+	.short	0x774
+	.short	0xc0a
+	.short	0x94a
+	.short	0xb73
+	.short	0x3c1
+	.short	0x71d
+	.short	0xa2c
+	.short	0x1c0
+	.short	0x8d8
+	.short	0x2a5
+	.short	0x806
+	.short	0x8b2
+	.short	0x1ae
+	.short	0x22b
+	.short	0x34b
+	.short	0x81e
+	.short	0x367
+	.short	0x60e
+	.short	0x69
+	.short	0x1a6
+	.short	0x24b
+	.short	0xb1
+	.short	0xc16
+	.short	0xbde
+	.short	0xb35
+	.short	0x626
+	.short	0x675
+	.short	0xc0b
+	.short	0x30a
+	.short	0x487
+	.short	0xc6e
+	.short	0x9f8
+	.short	0x5cb
+	.short	0xaa7
+	.short	0x45f
+	.short	0x6cb
+	.short	0x284
+	.short	0x999
+	.short	0x15d
+	.short	0x1a2
+	.short	0x149
+	.short	0xc65
+	.short	0xcb6
+	.short	0x331
+	.short	0x449
+	.short	0x25b
+	.short	0x262
+	.short	0x52a
+	.short	0x7fc
+	.short	0x748
+	.short	0x180
+	.short	0x842
+	.short	0xc79
+	.short	0x4c2
+	.short	0x7ca
+	.short	0x997
+	.short	0xdc
+	.short	0x85e
+	.short	0x686
+	.short	0x860
+	.short	0x707
+	.short	0x803
+	.short	0x31a
+	.short	0x71b
+	.short	0x9ab
+	.short	0x99b
+	.short	0x1de
+	.short	0xc95
+	.short	0xbcd
+	.short	0x3e4
+	.short	0x3df
+	.short	0x3be
+	.short	0x74d
+	.short	0x5f2
+	.short	0x65c
+	.text
+	.align	4
+	.globl	mlkem_thumb2_basemul_mont
+	.type	mlkem_thumb2_basemul_mont, %function
+mlkem_thumb2_basemul_mont:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	ADR	r3, L_mlkem_basemul_mont_zetas
+	ADD	r3, r3, #0x80
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	r8, #0x0
+L_mlkem_basemul_mont_loop:
+	LDM	r1!, {r4, r5}
+	LDM	r2!, {r6, r7}
+	LDR	lr, [r3, r8]
+	ADD	r8, r8, #0x2
+	PUSH	{r8}
+	CMP	r8, #0x80
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTT	r8, r4, r6
+	SMULTT	r10, r5, r7
+	SMULTB	r9, r12, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r8, r12, r9, r8
+	SMLABB	r10, r12, r11, r10
+	RSB	r11, lr, #0x0
+	SMULBT	r8, lr, r8
+	SMULBT	r10, r11, r10
+	SMLABB	r8, r4, r6, r8
+	SMLABB	r10, r5, r7, r10
+	SMULTB	r9, r12, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r8, r12, r9, r8
+	SMLABB	r10, r12, r11, r10
+	SMULBT	r9, r4, r6
+	SMULBT	r11, r5, r7
+	SMLATB	r9, r4, r6, r9
+	SMLATB	r11, r5, r7, r11
+	SMULTB	r6, r12, r9
+	SMULTB	r7, r12, r11
+	SMLABB	r9, r12, r6, r9
+	SMLABB	r11, r12, r7, r11
+	PKHTB	r4, r9, r8, ASR #16
+	PKHTB	r5, r11, r10, ASR #16
+#else
+	ASR	r8, r4, #16
+	ASR	r10, r5, #16
+	ASR	r9, r6, #16
+	ASR	r11, r7, #16
+	MUL	r8, r8, r9
+	MUL	r10, r10, r11
+	MOV	r12, #0xcff
+	SBFX	r9, r8, #0, #16
+	SBFX	r11, r10, #0, #16
+	MUL	r9, r12, r8
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r9, r9, #0, #16
+	SBFX	r11, r11, #0, #16
+	MLA	r8, r12, r9, r8
+	MLA	r10, r12, r11, r10
+	RSB	r11, lr, #0x0
+	SBFX	r9, lr, #0, #16
+	SBFX	r11, r11, #0, #16
+	ASR	r8, r8, #16
+	ASR	r10, r10, #16
+	MUL	r8, r9, r8
+	MUL	r10, r11, r10
+	SBFX	r9, r4, #0, #16
+	SBFX	r11, r5, #0, #16
+	SBFX	r12, r6, #0, #16
+	MLA	r8, r9, r12, r8
+	SBFX	r12, r7, #0, #16
+	MLA	r10, r11, r12, r10
+	MOV	r12, #0xcff
+	SBFX	r9, r8, #0, #16
+	SBFX	r11, r10, #0, #16
+	MUL	r9, r12, r9
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r9, r9, #0, #16
+	SBFX	r11, r11, #0, #16
+	MLA	r8, r12, r9, r8
+	MLA	r10, r12, r11, r10
+	SBFX	r9, r4, #0, #16
+	SBFX	r11, r5, #0, #16
+	ASR	r12, r6, #16
+	MUL	r9, r9, r12
+	ASR	r12, r7, #16
+	MUL	r11, r11, r12
+	ASR	r4, r4, #16
+	ASR	r5, r5, #16
+	SBFX	r12, r6, #0, #16
+	MLA	r9, r4, r12, r9
+	SBFX	r12, r7, #0, #16
+	MLA	r11, r5, r12, r11
+	MOV	r12, #0xcff
+	SBFX	r6, r9, #0, #16
+	SBFX	r7, r11, #0, #16
+	MUL	r6, r12, r6
+	MUL	r7, r12, r7
+	MOV	r12, #0xd01
+	SBFX	r4, r6, #0, #16
+	SBFX	r5, r7, #0, #16
+	MLA	r9, r12, r4, r9
+	MLA	r11, r12, r5, r11
+	BFC	r9, #0, #16
+	BFC	r11, #0, #16
+	ORR	r4, r9, r8, LSR #16
+	ORR	r5, r11, r10, LSR #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STM	r0!, {r4, r5}
+	POP	{r8}
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_mlkem_basemul_mont_loop
+#else
+	BNE.N	L_mlkem_basemul_mont_loop
+#endif
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 146 */
+	.size	mlkem_thumb2_basemul_mont,.-mlkem_thumb2_basemul_mont
+	.text
+	.align	4
+	.globl	mlkem_thumb2_basemul_mont_add
+	.type	mlkem_thumb2_basemul_mont_add, %function
+mlkem_thumb2_basemul_mont_add:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	ADR	r3, L_mlkem_basemul_mont_zetas
+	ADD	r3, r3, #0x80
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOV	r12, #0xd01
+	MOVT	r12, #0xcff
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	r8, #0x0
+L_mlkem_thumb2_basemul_mont_add_loop:
+	LDM	r1!, {r4, r5}
+	LDM	r2!, {r6, r7}
+	LDR	lr, [r3, r8]
+	ADD	r8, r8, #0x2
+	PUSH	{r8}
+	CMP	r8, #0x80
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SMULTT	r8, r4, r6
+	SMULTT	r10, r5, r7
+	SMULTB	r9, r12, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r8, r12, r9, r8
+	SMLABB	r10, r12, r11, r10
+	RSB	r11, lr, #0x0
+	SMULBT	r8, lr, r8
+	SMULBT	r10, r11, r10
+	SMLABB	r8, r4, r6, r8
+	SMLABB	r10, r5, r7, r10
+	SMULTB	r9, r12, r8
+	SMULTB	r11, r12, r10
+	SMLABB	r8, r12, r9, r8
+	SMLABB	r10, r12, r11, r10
+	SMULBT	r9, r4, r6
+	SMULBT	r11, r5, r7
+	SMLATB	r9, r4, r6, r9
+	SMLATB	r11, r5, r7, r11
+	SMULTB	r6, r12, r9
+	SMULTB	r7, r12, r11
+	SMLABB	r9, r12, r6, r9
+	SMLABB	r11, r12, r7, r11
+	LDM	r0, {r4, r5}
+	PKHTB	r9, r9, r8, ASR #16
+	PKHTB	r11, r11, r10, ASR #16
+	SADD16	r4, r4, r9
+	SADD16	r5, r5, r11
+#else
+	ASR	r8, r4, #16
+	ASR	r10, r5, #16
+	ASR	r9, r6, #16
+	ASR	r11, r7, #16
+	MUL	r8, r8, r9
+	MUL	r10, r10, r11
+	MOV	r12, #0xcff
+	SBFX	r9, r8, #0, #16
+	SBFX	r11, r10, #0, #16
+	MUL	r9, r12, r8
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r9, r9, #0, #16
+	SBFX	r11, r11, #0, #16
+	MLA	r8, r12, r9, r8
+	MLA	r10, r12, r11, r10
+	RSB	r11, lr, #0x0
+	SBFX	r9, lr, #0, #16
+	SBFX	r11, r11, #0, #16
+	ASR	r8, r8, #16
+	ASR	r10, r10, #16
+	MUL	r8, r9, r8
+	MUL	r10, r11, r10
+	SBFX	r9, r4, #0, #16
+	SBFX	r11, r5, #0, #16
+	SBFX	r12, r6, #0, #16
+	MLA	r8, r9, r12, r8
+	SBFX	r12, r7, #0, #16
+	MLA	r10, r11, r12, r10
+	MOV	r12, #0xcff
+	SBFX	r9, r8, #0, #16
+	SBFX	r11, r10, #0, #16
+	MUL	r9, r12, r9
+	MUL	r11, r12, r11
+	MOV	r12, #0xd01
+	SBFX	r9, r9, #0, #16
+	SBFX	r11, r11, #0, #16
+	MLA	r8, r12, r9, r8
+	MLA	r10, r12, r11, r10
+	SBFX	r9, r4, #0, #16
+	SBFX	r11, r5, #0, #16
+	ASR	r12, r6, #16
+	MUL	r9, r9, r12
+	ASR	r12, r7, #16
+	MUL	r11, r11, r12
+	ASR	r4, r4, #16
+	ASR	r5, r5, #16
+	SBFX	r12, r6, #0, #16
+	MLA	r9, r4, r12, r9
+	SBFX	r12, r7, #0, #16
+	MLA	r11, r5, r12, r11
+	MOV	r12, #0xcff
+	SBFX	r6, r9, #0, #16
+	SBFX	r7, r11, #0, #16
+	MUL	r6, r12, r6
+	MUL	r7, r12, r7
+	MOV	r12, #0xd01
+	SBFX	r4, r6, #0, #16
+	SBFX	r5, r7, #0, #16
+	MLA	r9, r12, r4, r9
+	MLA	r11, r12, r5, r11
+	LDM	r0, {r4, r5}
+	BFC	r9, #0, #16
+	BFC	r11, #0, #16
+	ORR	r9, r9, r8, LSR #16
+	ORR	r11, r11, r10, LSR #16
+	ADD	r8, r4, r9
+	ADD	r10, r5, r11
+	BFC	r9, #0, #16
+	BFC	r11, #0, #16
+	ADD	r4, r4, r9
+	ADD	r5, r5, r11
+	BFI	r4, r8, #0, #16
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STM	r0!, {r4, r5}
+	POP	{r8}
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_mlkem_thumb2_basemul_mont_add_loop
+#else
+	BNE.N	L_mlkem_thumb2_basemul_mont_add_loop
+#endif
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 162 */
+	.size	mlkem_thumb2_basemul_mont_add,.-mlkem_thumb2_basemul_mont_add
+	.text
+	.align	4
+	.globl	mlkem_thumb2_csubq
+	.type	mlkem_thumb2_csubq, %function
+mlkem_thumb2_csubq:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	MOV	r11, #0xd01
+	MOV	r12, #0xd01
+#ifndef WOLFSSL_ARM_ARCH_7M
+	MOVT	r12, #0xd01
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	MOV	lr, #0x8000
+	MOVT	lr, #0x8000
+	MOV	r1, #0x100
+L_mlkem_thumb2_csubq_loop:
+	LDM	r0, {r2, r3, r4, r5}
+#ifndef WOLFSSL_ARM_ARCH_7M
+	SSUB16	r2, r2, r12
+	SSUB16	r3, r3, r12
+	SSUB16	r4, r4, r12
+	SSUB16	r5, r5, r12
+	AND	r6, r2, lr
+	AND	r7, r3, lr
+	AND	r8, r4, lr
+	AND	r9, r5, lr
+	LSR	r6, r6, #15
+	LSR	r7, r7, #15
+	LSR	r8, r8, #15
+	LSR	r9, r9, #15
+	MUL	r6, r6, r11
+	MUL	r7, r7, r11
+	MUL	r8, r8, r11
+	MUL	r9, r9, r11
+	SADD16	r2, r2, r6
+	SADD16	r3, r3, r7
+	SADD16	r4, r4, r8
+	SADD16	r5, r5, r9
+#else
+	SUB	r6, r2, r12
+	SUB	r2, r2, r12, LSL #16
+	BFI	r2, r6, #0, #16
+	SUB	r7, r3, r12
+	SUB	r3, r3, r12, LSL #16
+	BFI	r3, r7, #0, #16
+	SUB	r8, r4, r12
+	SUB	r4, r4, r12, LSL #16
+	BFI	r4, r8, #0, #16
+	SUB	r9, r5, r12
+	SUB	r5, r5, r12, LSL #16
+	BFI	r5, r9, #0, #16
+	AND	r6, r2, lr
+	AND	r7, r3, lr
+	AND	r8, r4, lr
+	AND	r9, r5, lr
+	LSR	r6, r6, #15
+	LSR	r7, r7, #15
+	LSR	r8, r8, #15
+	LSR	r9, r9, #15
+	MUL	r6, r6, r11
+	MUL	r7, r7, r11
+	MUL	r8, r8, r11
+	MUL	r9, r9, r11
+	ADD	r10, r2, r6
+	BFC	r6, #0, #16
+	ADD	r2, r2, r6
+	BFI	r2, r10, #0, #16
+	ADD	r10, r3, r7
+	BFC	r7, #0, #16
+	ADD	r3, r3, r7
+	BFI	r3, r10, #0, #16
+	ADD	r10, r4, r8
+	BFC	r8, #0, #16
+	ADD	r4, r4, r8
+	BFI	r4, r10, #0, #16
+	ADD	r10, r5, r9
+	BFC	r9, #0, #16
+	ADD	r5, r5, r9
+	BFI	r5, r10, #0, #16
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+	STM	r0!, {r2, r3, r4, r5}
+	SUBS	r1, r1, #0x8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_mlkem_thumb2_csubq_loop
+#else
+	BNE.N	L_mlkem_thumb2_csubq_loop
+#endif
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 101 */
+	.size	mlkem_thumb2_csubq,.-mlkem_thumb2_csubq
+	.text
+	.align	4
+	.globl	mlkem_thumb2_rej_uniform
+	.type	mlkem_thumb2_rej_uniform, %function
+mlkem_thumb2_rej_uniform:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, lr}
+	MOV	r8, #0xd01
+	MOV	r9, #0x0
+L_mlkem_thumb2_rej_uniform_loop_no_fail:
+	CMP	r1, #0x8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BLT	L_mlkem_thumb2_rej_uniform_done_no_fail
+#else
+	BLT.N	L_mlkem_thumb2_rej_uniform_done_no_fail
+#endif
+	LDM	r2!, {r4, r5, r6}
+	UBFX	r7, r4, #0, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r4, #12, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r4, #24, #8
+	BFI	r7, r5, #8, #4
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r5, #4, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r5, #16, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r5, #28, #4
+	BFI	r7, r6, #4, #8
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r6, #8, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	UBFX	r7, r6, #20, #12
+	STRH	r7, [r0, r9]
+	SUB	r10, r7, r8
+	LSR	r10, r10, #31
+	SUB	r1, r1, r10
+	ADD	r9, r9, r10, LSL #1
+	SUBS	r3, r3, #0xc
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BNE	L_mlkem_thumb2_rej_uniform_loop_no_fail
+#else
+	BNE.N	L_mlkem_thumb2_rej_uniform_loop_no_fail
+#endif
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	B	L_mlkem_thumb2_rej_uniform_done
+#else
+	B.N	L_mlkem_thumb2_rej_uniform_done
+#endif
+L_mlkem_thumb2_rej_uniform_done_no_fail:
+	CMP	r1, #0x0
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_mlkem_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_mlkem_thumb2_rej_uniform_done
+#endif
+L_mlkem_thumb2_rej_uniform_loop:
+	LDM	r2!, {r4, r5, r6}
+	UBFX	r7, r4, #0, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_mlkem_thumb2_rej_uniform_fail_0
+#else
+	BGE.N	L_mlkem_thumb2_rej_uniform_fail_0
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_mlkem_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_mlkem_thumb2_rej_uniform_done
+#endif
+L_mlkem_thumb2_rej_uniform_fail_0:
+	UBFX	r7, r4, #12, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_mlkem_thumb2_rej_uniform_fail_1
+#else
+	BGE.N	L_mlkem_thumb2_rej_uniform_fail_1
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_mlkem_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_mlkem_thumb2_rej_uniform_done
+#endif
+L_mlkem_thumb2_rej_uniform_fail_1:
+	UBFX	r7, r4, #24, #8
+	BFI	r7, r5, #8, #4
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_mlkem_thumb2_rej_uniform_fail_2
+#else
+	BGE.N	L_mlkem_thumb2_rej_uniform_fail_2
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_mlkem_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_mlkem_thumb2_rej_uniform_done
+#endif
+L_mlkem_thumb2_rej_uniform_fail_2:
+	UBFX	r7, r5, #4, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_mlkem_thumb2_rej_uniform_fail_3
+#else
+	BGE.N	L_mlkem_thumb2_rej_uniform_fail_3
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_mlkem_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_mlkem_thumb2_rej_uniform_done
+#endif
+L_mlkem_thumb2_rej_uniform_fail_3:
+	UBFX	r7, r5, #16, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_mlkem_thumb2_rej_uniform_fail_4
+#else
+	BGE.N	L_mlkem_thumb2_rej_uniform_fail_4
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_mlkem_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_mlkem_thumb2_rej_uniform_done
+#endif
+L_mlkem_thumb2_rej_uniform_fail_4:
+	UBFX	r7, r5, #28, #4
+	BFI	r7, r6, #4, #8
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_mlkem_thumb2_rej_uniform_fail_5
+#else
+	BGE.N	L_mlkem_thumb2_rej_uniform_fail_5
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_mlkem_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_mlkem_thumb2_rej_uniform_done
+#endif
+L_mlkem_thumb2_rej_uniform_fail_5:
+	UBFX	r7, r6, #8, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_mlkem_thumb2_rej_uniform_fail_6
+#else
+	BGE.N	L_mlkem_thumb2_rej_uniform_fail_6
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_mlkem_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_mlkem_thumb2_rej_uniform_done
+#endif
+L_mlkem_thumb2_rej_uniform_fail_6:
+	UBFX	r7, r6, #20, #12
+	CMP	r7, r8
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGE	L_mlkem_thumb2_rej_uniform_fail_7
+#else
+	BGE.N	L_mlkem_thumb2_rej_uniform_fail_7
+#endif
+	STRH	r7, [r0, r9]
+	SUBS	r1, r1, #0x1
+	ADD	r9, r9, #0x2
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_mlkem_thumb2_rej_uniform_done
+#else
+	BEQ.N	L_mlkem_thumb2_rej_uniform_done
+#endif
+L_mlkem_thumb2_rej_uniform_fail_7:
+	SUBS	r3, r3, #0xc
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGT	L_mlkem_thumb2_rej_uniform_loop
+#else
+	BGT.N	L_mlkem_thumb2_rej_uniform_loop
+#endif
+L_mlkem_thumb2_rej_uniform_done:
+	LSR	r0, r9, #1
+	POP	{r4, r5, r6, r7, r8, r9, r10, pc}
+	/* Cycle Count = 225 */
+	.size	mlkem_thumb2_rej_uniform,.-mlkem_thumb2_rej_uniform
+#endif /* WOLFSSL_WC_MLKEM */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section        .note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-mlkem-asm_c.c b/wolfcrypt/src/port/arm/thumb2-mlkem-asm_c.c
new file mode 100644
index 000000000..02f6daccb
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-mlkem-asm_c.c
@@ -0,0 +1,3859 @@
+/* thumb2-mlkem-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./kyber/kyber.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-mlkem-asm.c
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#include <wolfssl/wolfcrypt/wc_mlkem.h>
+
+#ifdef WOLFSSL_WC_MLKEM
+XALIGNED(16) static const word16 L_mlkem_thumb2_ntt_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260, 0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x028c, 0x0ad9, 0x03f7, 0x07f4, 0x05d3, 0x0be7, 0x06f9,
+    0x0204, 0x0cf9, 0x0bc1, 0x0a67, 0x06af, 0x0877, 0x007e, 0x05bd,
+    0x09ac, 0x0ca7, 0x0bf2, 0x033e, 0x006b, 0x0774, 0x0c0a, 0x094a,
+    0x0b73, 0x03c1, 0x071d, 0x0a2c, 0x01c0, 0x08d8, 0x02a5, 0x0806,
+    0x08b2, 0x01ae, 0x022b, 0x034b, 0x081e, 0x0367, 0x060e, 0x0069,
+    0x01a6, 0x024b, 0x00b1, 0x0c16, 0x0bde, 0x0b35, 0x0626, 0x0675,
+    0x0c0b, 0x030a, 0x0487, 0x0c6e, 0x09f8, 0x05cb, 0x0aa7, 0x045f,
+    0x06cb, 0x0284, 0x0999, 0x015d, 0x01a2, 0x0149, 0x0c65, 0x0cb6,
+    0x0331, 0x0449, 0x025b, 0x0262, 0x052a, 0x07fc, 0x0748, 0x0180,
+    0x0842, 0x0c79, 0x04c2, 0x07ca, 0x0997, 0x00dc, 0x085e, 0x0686,
+    0x0860, 0x0707, 0x0803, 0x031a, 0x071b, 0x09ab, 0x099b, 0x01de,
+    0x0c95, 0x0bcd, 0x03e4, 0x03df, 0x03be, 0x074d, 0x05f2, 0x065c,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void mlkem_thumb2_ntt(sword16* r_p)
+#else
+void mlkem_thumb2_ntt(sword16* r)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r __asm__ ("r0") = (sword16*)r_p;
+    register word16* L_mlkem_thumb2_ntt_zetas_c __asm__ ("r1") =
+        (word16*)&L_mlkem_thumb2_ntt_zetas;
+
+#else
+    register word16* L_mlkem_thumb2_ntt_zetas_c =
+        (word16*)&L_mlkem_thumb2_ntt_zetas;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0x8\n\t"
+        "MOV	r1, %[L_mlkem_thumb2_ntt_zetas]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	r2, #0x10\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_ntt_loop_123:\n\t"
+#else
+    "L_mlkem_thumb2_ntt_loop_123_%=:\n\t"
+#endif
+        "STR	r2, [sp]\n\t"
+        "LDRH	lr, [r1, #2]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #64]\n\t"
+        "LDR	r4, [%[r], #128]\n\t"
+        "LDR	r5, [%[r], #192]\n\t"
+        "LDR	r6, [%[r], #256]\n\t"
+        "LDR	r7, [%[r], #320]\n\t"
+        "LDR	r8, [%[r], #384]\n\t"
+        "LDR	r9, [%[r], #448]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r6\n\t"
+        "SMULBT	r6, lr, r6\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r11, r12, r11, r6\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r6, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r6, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r6, r6, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r6, r11, r6\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r6\n\t"
+        "SUB	r6, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r6, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r11, r12, r11, r7\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r7, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r7, r7, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r7\n\t"
+        "SUB	r7, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r7, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r8\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r4, r10\n\t"
+        "SADD16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r4, r11\n\t"
+        "ADD	r4, r4, r11\n\t"
+        "SUB	r11, r4, r10, LSR #16\n\t"
+        "ADD	r10, r4, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r9\n\t"
+        "SMULBT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r5, r10\n\t"
+        "SADD16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r5, r11\n\t"
+        "ADD	r5, r5, r11\n\t"
+        "SUB	r11, r5, r10, LSR #16\n\t"
+        "ADD	r10, r5, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #4]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r4\n\t"
+        "SMULBT	r4, lr, r4\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r11, r12, r11, r4\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r4, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r4, r11, r4\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r4\n\t"
+        "SUB	r4, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r4, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r5\n\t"
+        "SMULBT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r8\n\t"
+        "SMULTT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r7, r10\n\t"
+        "SADD16	r7, r7, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r7, r11\n\t"
+        "ADD	r7, r7, r11\n\t"
+        "SUB	r11, r7, r10, LSR #16\n\t"
+        "ADD	r10, r7, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #8]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r3\n\t"
+        "SMULBT	r3, lr, r3\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r11, r12, r11, r3\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r3, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r3, r3, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r3, r11, r3\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r3\n\t"
+        "SUB	r3, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r3, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r5\n\t"
+        "SMULTT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r4, r10\n\t"
+        "SADD16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r4, r11\n\t"
+        "ADD	r4, r4, r11\n\t"
+        "SUB	r11, r4, r10, LSR #16\n\t"
+        "ADD	r10, r4, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #12]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r11, r12, r11, r7\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r7, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r7, r7, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r7\n\t"
+        "SUB	r7, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r7, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r8, r10\n\t"
+        "SADD16	r8, r8, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r8, r11\n\t"
+        "ADD	r8, r8, r11\n\t"
+        "SUB	r11, r8, r10, LSR #16\n\t"
+        "ADD	r10, r8, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #64]\n\t"
+        "STR	r4, [%[r], #128]\n\t"
+        "STR	r5, [%[r], #192]\n\t"
+        "STR	r6, [%[r], #256]\n\t"
+        "STR	r7, [%[r], #320]\n\t"
+        "STR	r8, [%[r], #384]\n\t"
+        "STR	r9, [%[r], #448]\n\t"
+        "LDR	r2, [sp]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+        "ADD	%[r], %[r], #0x4\n\t"
+#if defined(__GNUC__)
+        "BNE	L_mlkem_thumb2_ntt_loop_123_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_mlkem_thumb2_ntt_loop_123\n\t"
+#else
+        "BNE.N	L_mlkem_thumb2_ntt_loop_123_%=\n\t"
+#endif
+        "SUB	%[r], %[r], #0x40\n\t"
+        "MOV	r3, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_ntt_loop_4_j:\n\t"
+#else
+    "L_mlkem_thumb2_ntt_loop_4_j_%=:\n\t"
+#endif
+        "STR	r3, [sp, #4]\n\t"
+        "ADD	lr, r1, r3, LSR #4\n\t"
+        "MOV	r2, #0x4\n\t"
+        "LDR	lr, [lr, #16]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_ntt_loop_4_i:\n\t"
+#else
+    "L_mlkem_thumb2_ntt_loop_4_i_%=:\n\t"
+#endif
+        "STR	r2, [sp]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #16]\n\t"
+        "LDR	r4, [%[r], #32]\n\t"
+        "LDR	r5, [%[r], #48]\n\t"
+        "LDR	r6, [%[r], #64]\n\t"
+        "LDR	r7, [%[r], #80]\n\t"
+        "LDR	r8, [%[r], #96]\n\t"
+        "LDR	r9, [%[r], #112]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r4\n\t"
+        "SMULBT	r4, lr, r4\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r11, r12, r11, r4\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r4, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r4, r11, r4\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r4\n\t"
+        "SUB	r4, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r4, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r5\n\t"
+        "SMULBT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r8\n\t"
+        "SMULTT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r7, r10\n\t"
+        "SADD16	r7, r7, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r7, r11\n\t"
+        "ADD	r7, r7, r11\n\t"
+        "SUB	r11, r7, r10, LSR #16\n\t"
+        "ADD	r10, r7, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #16]\n\t"
+        "STR	r4, [%[r], #32]\n\t"
+        "STR	r5, [%[r], #48]\n\t"
+        "STR	r6, [%[r], #64]\n\t"
+        "STR	r7, [%[r], #80]\n\t"
+        "STR	r8, [%[r], #96]\n\t"
+        "STR	r9, [%[r], #112]\n\t"
+        "LDRD	r2, r3, [sp]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+        "ADD	%[r], %[r], #0x4\n\t"
+#if defined(__GNUC__)
+        "BNE	L_mlkem_thumb2_ntt_loop_4_i_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_mlkem_thumb2_ntt_loop_4_i\n\t"
+#else
+        "BNE.N	L_mlkem_thumb2_ntt_loop_4_i_%=\n\t"
+#endif
+        "ADD	r3, r3, #0x40\n\t"
+        "RSBS	r10, r3, #0x100\n\t"
+        "ADD	%[r], %[r], #0x70\n\t"
+#if defined(__GNUC__)
+        "BNE	L_mlkem_thumb2_ntt_loop_4_j_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_mlkem_thumb2_ntt_loop_4_j\n\t"
+#else
+        "BNE.N	L_mlkem_thumb2_ntt_loop_4_j_%=\n\t"
+#endif
+        "SUB	%[r], %[r], #0x200\n\t"
+        "MOV	r3, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_ntt_loop_567:\n\t"
+#else
+    "L_mlkem_thumb2_ntt_loop_567_%=:\n\t"
+#endif
+        "ADD	lr, r1, r3, LSR #3\n\t"
+        "STR	r3, [sp, #4]\n\t"
+        "LDRH	lr, [lr, #32]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #4]\n\t"
+        "LDR	r4, [%[r], #8]\n\t"
+        "LDR	r5, [%[r], #12]\n\t"
+        "LDR	r6, [%[r], #16]\n\t"
+        "LDR	r7, [%[r], #20]\n\t"
+        "LDR	r8, [%[r], #24]\n\t"
+        "LDR	r9, [%[r], #28]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r6\n\t"
+        "SMULBT	r6, lr, r6\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r11, r12, r11, r6\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r6, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r6, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r6, r6, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r6, r11, r6\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r6\n\t"
+        "SUB	r6, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r6, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r11, r12, r11, r7\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r7, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r7, r7, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r7\n\t"
+        "SUB	r7, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r7, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r8\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r4, r10\n\t"
+        "SADD16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r4, r11\n\t"
+        "ADD	r4, r4, r11\n\t"
+        "SUB	r11, r4, r10, LSR #16\n\t"
+        "ADD	r10, r4, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r9\n\t"
+        "SMULBT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r5, r10\n\t"
+        "SADD16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r5, r11\n\t"
+        "ADD	r5, r5, r11\n\t"
+        "SUB	r11, r5, r10, LSR #16\n\t"
+        "ADD	r10, r5, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #2\n\t"
+        "LDR	lr, [lr, #64]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r4\n\t"
+        "SMULBT	r4, lr, r4\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r11, r12, r11, r4\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r4, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r4, r11, r4\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r4\n\t"
+        "SUB	r4, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r4, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r5\n\t"
+        "SMULBT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r3, r10\n\t"
+        "SADD16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r3, r11\n\t"
+        "ADD	r3, r3, r11\n\t"
+        "SUB	r11, r3, r10, LSR #16\n\t"
+        "ADD	r10, r3, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r8\n\t"
+        "SMULTT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r11, r12, r11, r8\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r8, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r8\n\t"
+        "SUB	r8, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r8, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r7, r10\n\t"
+        "SADD16	r7, r7, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r7, r11\n\t"
+        "ADD	r7, r7, r11\n\t"
+        "SUB	r11, r7, r10, LSR #16\n\t"
+        "ADD	r10, r7, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #1\n\t"
+        "LDR	lr, [lr, #128]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r3\n\t"
+        "SMULBT	r3, lr, r3\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r11, r12, r11, r3\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r3, r2, r10\n\t"
+        "SADD16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r3, r3, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r3, r11, r3\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r3\n\t"
+        "SUB	r3, r2, r11\n\t"
+        "ADD	r2, r2, r11\n\t"
+        "SUB	r11, r2, r10, LSR #16\n\t"
+        "ADD	r10, r2, r10, LSR #16\n\t"
+        "BFI	r3, r11, #0, #16\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r5\n\t"
+        "SMULTT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r11, r12, r11, r5\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r5, r4, r10\n\t"
+        "SADD16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r5\n\t"
+        "SUB	r5, r4, r11\n\t"
+        "ADD	r4, r4, r11\n\t"
+        "SUB	r11, r4, r10, LSR #16\n\t"
+        "ADD	r10, r4, r10, LSR #16\n\t"
+        "BFI	r5, r11, #0, #16\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #1\n\t"
+        "LDR	lr, [lr, #132]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r11, r12, r11, r7\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r7, r6, r10\n\t"
+        "SADD16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r7, r7, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r7\n\t"
+        "SUB	r7, r6, r11\n\t"
+        "ADD	r6, r6, r11\n\t"
+        "SUB	r11, r6, r10, LSR #16\n\t"
+        "ADD	r10, r6, r10, LSR #16\n\t"
+        "BFI	r7, r11, #0, #16\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTB	r10, lr, r9\n\t"
+        "SMULTT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r11, r12, r11, r9\n\t"
+        "PKHTB	r10, r11, r10, ASR #16\n\t"
+        "SSUB16	r9, r8, r10\n\t"
+        "SADD16	r8, r8, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r9, r9, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r11, r12, r11, r9\n\t"
+        "SUB	r9, r8, r11\n\t"
+        "ADD	r8, r8, r11\n\t"
+        "SUB	r11, r8, r10, LSR #16\n\t"
+        "ADD	r10, r8, r10, LSR #16\n\t"
+        "BFI	r9, r11, #0, #16\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	lr, #0xafc0\n\t"
+        "MOVT	lr, #0x13\n\t"
+#else
+        "MOV	lr, #0x4ebf\n\t"
+        "MOV	r12, #0xd01\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r2\n\t"
+        "SMULWT	r11, lr, r2\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r2, #0, #16\n\t"
+        "SBFX	r11, r2, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r2, r11, LSL #16\n\t"
+        "SUB	r2, r2, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r2, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r3\n\t"
+        "SMULWT	r11, lr, r3\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, r3, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r3, r11, LSL #16\n\t"
+        "SUB	r3, r3, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r3, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r4\n\t"
+        "SMULWT	r11, lr, r4\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, r4, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r4, r11, LSL #16\n\t"
+        "SUB	r4, r4, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r4, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r5\n\t"
+        "SMULWT	r11, lr, r5\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, r5, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r5, r11, LSL #16\n\t"
+        "SUB	r5, r5, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r5, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r6\n\t"
+        "SMULWT	r11, lr, r6\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r6, r6, r10\n\t"
+#else
+        "SBFX	r10, r6, #0, #16\n\t"
+        "SBFX	r11, r6, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r6, r11, LSL #16\n\t"
+        "SUB	r6, r6, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r6, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r7\n\t"
+        "SMULWT	r11, lr, r7\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r7, r7, r10\n\t"
+#else
+        "SBFX	r10, r7, #0, #16\n\t"
+        "SBFX	r11, r7, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r7, r11, LSL #16\n\t"
+        "SUB	r7, r7, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r7, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r8\n\t"
+        "SMULWT	r11, lr, r8\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r8, r8, r10\n\t"
+#else
+        "SBFX	r10, r8, #0, #16\n\t"
+        "SBFX	r11, r8, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r8, r11, LSL #16\n\t"
+        "SUB	r8, r8, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r8, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r9\n\t"
+        "SMULWT	r11, lr, r9\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r9, r9, r10\n\t"
+#else
+        "SBFX	r10, r9, #0, #16\n\t"
+        "SBFX	r11, r9, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r9, r11, LSL #16\n\t"
+        "SUB	r9, r9, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r9, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #4]\n\t"
+        "STR	r4, [%[r], #8]\n\t"
+        "STR	r5, [%[r], #12]\n\t"
+        "STR	r6, [%[r], #16]\n\t"
+        "STR	r7, [%[r], #20]\n\t"
+        "STR	r8, [%[r], #24]\n\t"
+        "STR	r9, [%[r], #28]\n\t"
+        "LDR	r3, [sp, #4]\n\t"
+        "ADD	r3, r3, #0x10\n\t"
+        "RSBS	r10, r3, #0x100\n\t"
+        "ADD	%[r], %[r], #0x20\n\t"
+#if defined(__GNUC__)
+        "BNE	L_mlkem_thumb2_ntt_loop_567_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_mlkem_thumb2_ntt_loop_567\n\t"
+#else
+        "BNE.N	L_mlkem_thumb2_ntt_loop_567_%=\n\t"
+#endif
+        "ADD	sp, sp, #0x8\n\t"
+        : [r] "+r" (r),
+          [L_mlkem_thumb2_ntt_zetas] "+r" (L_mlkem_thumb2_ntt_zetas_c)
+        :
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
+    );
+}
+
+XALIGNED(16) static const word16 L_mlkem_invntt_zetas_inv[] = {
+    0x06a5, 0x070f, 0x05b4, 0x0943, 0x0922, 0x091d, 0x0134, 0x006c,
+    0x0b23, 0x0366, 0x0356, 0x05e6, 0x09e7, 0x04fe, 0x05fa, 0x04a1,
+    0x067b, 0x04a3, 0x0c25, 0x036a, 0x0537, 0x083f, 0x0088, 0x04bf,
+    0x0b81, 0x05b9, 0x0505, 0x07d7, 0x0a9f, 0x0aa6, 0x08b8, 0x09d0,
+    0x004b, 0x009c, 0x0bb8, 0x0b5f, 0x0ba4, 0x0368, 0x0a7d, 0x0636,
+    0x08a2, 0x025a, 0x0736, 0x0309, 0x0093, 0x087a, 0x09f7, 0x00f6,
+    0x068c, 0x06db, 0x01cc, 0x0123, 0x00eb, 0x0c50, 0x0ab6, 0x0b5b,
+    0x0c98, 0x06f3, 0x099a, 0x04e3, 0x09b6, 0x0ad6, 0x0b53, 0x044f,
+    0x04fb, 0x0a5c, 0x0429, 0x0b41, 0x02d5, 0x05e4, 0x0940, 0x018e,
+    0x03b7, 0x00f7, 0x058d, 0x0c96, 0x09c3, 0x010f, 0x005a, 0x0355,
+    0x0744, 0x0c83, 0x048a, 0x0652, 0x029a, 0x0140, 0x0008, 0x0afd,
+    0x0608, 0x011a, 0x072e, 0x050d, 0x090a, 0x0228, 0x0a75, 0x083a,
+    0x0623, 0x00cd, 0x0b66, 0x0606, 0x0aa1, 0x0a25, 0x0908, 0x02a9,
+    0x0082, 0x0642, 0x074f, 0x033d, 0x0b82, 0x0bf9, 0x052d, 0x0ac4,
+    0x0745, 0x05c2, 0x04b2, 0x093f, 0x0c4b, 0x06d8, 0x0a93, 0x00ab,
+    0x0c37, 0x0be2, 0x0773, 0x072c, 0x05ed, 0x0167, 0x02f6, 0x05a1,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void mlkem_thumb2_invntt(sword16* r_p)
+#else
+void mlkem_thumb2_invntt(sword16* r)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r __asm__ ("r0") = (sword16*)r_p;
+    register word16* L_mlkem_invntt_zetas_inv_c __asm__ ("r1") =
+        (word16*)&L_mlkem_invntt_zetas_inv;
+
+#else
+    register word16* L_mlkem_invntt_zetas_inv_c =
+        (word16*)&L_mlkem_invntt_zetas_inv;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0x8\n\t"
+        "MOV	r1, %[L_mlkem_invntt_zetas_inv]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	r3, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_invntt_loop_765:\n\t"
+#else
+    "L_mlkem_invntt_loop_765_%=:\n\t"
+#endif
+        "ADD	lr, r1, r3, LSR #1\n\t"
+        "STR	r3, [sp, #4]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #4]\n\t"
+        "LDR	r4, [%[r], #8]\n\t"
+        "LDR	r5, [%[r], #12]\n\t"
+        "LDR	r6, [%[r], #16]\n\t"
+        "LDR	r7, [%[r], #20]\n\t"
+        "LDR	r8, [%[r], #24]\n\t"
+        "LDR	r9, [%[r], #28]\n\t"
+        "LDR	lr, [lr]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r3\n\t"
+        "SADD16	r2, r2, r3\n\t"
+        "SMULBT	r3, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r3, r12, r11, r3\n\t"
+        "PKHTB	r3, r3, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r3\n\t"
+        "ADD	r12, r2, r3\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r3\n\t"
+        "ADD	r2, r2, r3\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r3, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r3, r12, r11, r3\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r4, r5\n\t"
+        "SADD16	r4, r4, r5\n\t"
+        "SMULTT	r5, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r4, r5\n\t"
+        "ADD	r12, r4, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "SUB	r10, r4, r5\n\t"
+        "ADD	r4, r4, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r4, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #1\n\t"
+        "LDR	lr, [lr, #4]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r7\n\t"
+        "SADD16	r6, r6, r7\n\t"
+        "SMULBT	r7, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r7\n\t"
+        "ADD	r12, r6, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r7\n\t"
+        "ADD	r6, r6, r7\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r7, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r8, r9\n\t"
+        "SADD16	r8, r8, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r8, r9\n\t"
+        "ADD	r12, r8, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "SUB	r10, r8, r9\n\t"
+        "ADD	r8, r8, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r8, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #2\n\t"
+        "LDR	lr, [lr, #128]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r4\n\t"
+        "SADD16	r2, r2, r4\n\t"
+        "SMULBT	r4, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r4, r12, r11, r4\n\t"
+        "PKHTB	r4, r4, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r4\n\t"
+        "ADD	r12, r2, r4\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r4\n\t"
+        "ADD	r2, r2, r4\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r4, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r4, r12, r11, r4\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r5\n\t"
+        "SADD16	r3, r3, r5\n\t"
+        "SMULBT	r5, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r5\n\t"
+        "ADD	r12, r3, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r5\n\t"
+        "ADD	r3, r3, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r8\n\t"
+        "SADD16	r6, r6, r8\n\t"
+        "SMULTT	r8, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r8\n\t"
+        "ADD	r12, r6, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r8\n\t"
+        "ADD	r6, r6, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r7, r9\n\t"
+        "SADD16	r7, r7, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r7, r9\n\t"
+        "ADD	r12, r7, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "SUB	r10, r7, r9\n\t"
+        "ADD	r7, r7, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r7, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [sp, #4]\n\t"
+        "ADD	lr, r1, lr, LSR #3\n\t"
+        "LDR	lr, [lr, #192]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r6\n\t"
+        "SADD16	r2, r2, r6\n\t"
+        "SMULBT	r6, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r6, r12, r11, r6\n\t"
+        "PKHTB	r6, r6, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r6\n\t"
+        "ADD	r12, r2, r6\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r6\n\t"
+        "ADD	r2, r2, r6\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r6, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r6, r12, r11, r6\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r7\n\t"
+        "SADD16	r3, r3, r7\n\t"
+        "SMULBT	r7, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r7\n\t"
+        "ADD	r12, r3, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r7\n\t"
+        "ADD	r3, r3, r7\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r7, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r4, r8\n\t"
+        "SADD16	r4, r4, r8\n\t"
+        "SMULBT	r8, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r4, r8\n\t"
+        "ADD	r12, r4, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "SUB	r10, r4, r8\n\t"
+        "ADD	r4, r4, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r4, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r5, r9\n\t"
+        "SADD16	r5, r5, r9\n\t"
+        "SMULBT	r9, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r5, r9\n\t"
+        "ADD	r12, r5, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "SUB	r10, r5, r9\n\t"
+        "ADD	r5, r5, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r5, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	lr, #0xafc0\n\t"
+        "MOVT	lr, #0x13\n\t"
+#else
+        "MOV	lr, #0x4ebf\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r2\n\t"
+        "SMULWT	r11, lr, r2\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r2, #0, #16\n\t"
+        "SBFX	r11, r2, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r2, r11, LSL #16\n\t"
+        "SUB	r2, r2, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r2, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r3\n\t"
+        "SMULWT	r11, lr, r3\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, r3, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r3, r11, LSL #16\n\t"
+        "SUB	r3, r3, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r3, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r4\n\t"
+        "SMULWT	r11, lr, r4\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, r4, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r4, r11, LSL #16\n\t"
+        "SUB	r4, r4, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r4, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r5\n\t"
+        "SMULWT	r11, lr, r5\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, r5, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r5, r11, LSL #16\n\t"
+        "SUB	r5, r5, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r5, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #4]\n\t"
+        "STR	r4, [%[r], #8]\n\t"
+        "STR	r5, [%[r], #12]\n\t"
+        "STR	r6, [%[r], #16]\n\t"
+        "STR	r7, [%[r], #20]\n\t"
+        "STR	r8, [%[r], #24]\n\t"
+        "STR	r9, [%[r], #28]\n\t"
+        "LDR	r3, [sp, #4]\n\t"
+        "ADD	r3, r3, #0x10\n\t"
+        "RSBS	r10, r3, #0x100\n\t"
+        "ADD	%[r], %[r], #0x20\n\t"
+#if defined(__GNUC__)
+        "BNE	L_mlkem_invntt_loop_765_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_mlkem_invntt_loop_765\n\t"
+#else
+        "BNE.N	L_mlkem_invntt_loop_765_%=\n\t"
+#endif
+        "SUB	%[r], %[r], #0x200\n\t"
+        "MOV	r3, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_invntt_loop_4_j:\n\t"
+#else
+    "L_mlkem_invntt_loop_4_j_%=:\n\t"
+#endif
+        "STR	r3, [sp, #4]\n\t"
+        "ADD	lr, r1, r3, LSR #4\n\t"
+        "MOV	r2, #0x4\n\t"
+        "LDR	lr, [lr, #224]\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_invntt_loop_4_i:\n\t"
+#else
+    "L_mlkem_invntt_loop_4_i_%=:\n\t"
+#endif
+        "STR	r2, [sp]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #16]\n\t"
+        "LDR	r4, [%[r], #32]\n\t"
+        "LDR	r5, [%[r], #48]\n\t"
+        "LDR	r6, [%[r], #64]\n\t"
+        "LDR	r7, [%[r], #80]\n\t"
+        "LDR	r8, [%[r], #96]\n\t"
+        "LDR	r9, [%[r], #112]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r4\n\t"
+        "SADD16	r2, r2, r4\n\t"
+        "SMULBT	r4, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r4, r12, r11, r4\n\t"
+        "PKHTB	r4, r4, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r4\n\t"
+        "ADD	r12, r2, r4\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r4\n\t"
+        "ADD	r2, r2, r4\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r4, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r4, r12, r11, r4\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r5\n\t"
+        "SADD16	r3, r3, r5\n\t"
+        "SMULBT	r5, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r5\n\t"
+        "ADD	r12, r3, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r5\n\t"
+        "ADD	r3, r3, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r8\n\t"
+        "SADD16	r6, r6, r8\n\t"
+        "SMULTT	r8, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r8\n\t"
+        "ADD	r12, r6, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r8\n\t"
+        "ADD	r6, r6, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r7, r9\n\t"
+        "SADD16	r7, r7, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r7, r9\n\t"
+        "ADD	r12, r7, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "SUB	r10, r7, r9\n\t"
+        "ADD	r7, r7, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r7, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #16]\n\t"
+        "STR	r4, [%[r], #32]\n\t"
+        "STR	r5, [%[r], #48]\n\t"
+        "STR	r6, [%[r], #64]\n\t"
+        "STR	r7, [%[r], #80]\n\t"
+        "STR	r8, [%[r], #96]\n\t"
+        "STR	r9, [%[r], #112]\n\t"
+        "LDRD	r2, r3, [sp]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+        "ADD	%[r], %[r], #0x4\n\t"
+#if defined(__GNUC__)
+        "BNE	L_mlkem_invntt_loop_4_i_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_mlkem_invntt_loop_4_i\n\t"
+#else
+        "BNE.N	L_mlkem_invntt_loop_4_i_%=\n\t"
+#endif
+        "ADD	r3, r3, #0x40\n\t"
+        "RSBS	r10, r3, #0x100\n\t"
+        "ADD	%[r], %[r], #0x70\n\t"
+#if defined(__GNUC__)
+        "BNE	L_mlkem_invntt_loop_4_j_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_mlkem_invntt_loop_4_j\n\t"
+#else
+        "BNE.N	L_mlkem_invntt_loop_4_j_%=\n\t"
+#endif
+        "SUB	%[r], %[r], #0x200\n\t"
+        "MOV	r2, #0x10\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_invntt_loop_321:\n\t"
+#else
+    "L_mlkem_invntt_loop_321_%=:\n\t"
+#endif
+        "STR	r2, [sp]\n\t"
+        "LDRH	lr, [r1, #2]\n\t"
+        "LDR	r2, [%[r]]\n\t"
+        "LDR	r3, [%[r], #64]\n\t"
+        "LDR	r4, [%[r], #128]\n\t"
+        "LDR	r5, [%[r], #192]\n\t"
+        "LDR	r6, [%[r], #256]\n\t"
+        "LDR	r7, [%[r], #320]\n\t"
+        "LDR	r8, [%[r], #384]\n\t"
+        "LDR	r9, [%[r], #448]\n\t"
+        "LDR	lr, [r1, #240]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r3\n\t"
+        "SADD16	r2, r2, r3\n\t"
+        "SMULBT	r3, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r3, r12, r11, r3\n\t"
+        "PKHTB	r3, r3, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r3\n\t"
+        "ADD	r12, r2, r3\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r3\n\t"
+        "ADD	r2, r2, r3\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r3, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r3, r12, r11, r3\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r4, r5\n\t"
+        "SADD16	r4, r4, r5\n\t"
+        "SMULTT	r5, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r4, r5\n\t"
+        "ADD	r12, r4, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "SUB	r10, r4, r5\n\t"
+        "ADD	r4, r4, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r4, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #244]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r7\n\t"
+        "SADD16	r6, r6, r7\n\t"
+        "SMULBT	r7, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r7\n\t"
+        "ADD	r12, r6, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r7\n\t"
+        "ADD	r6, r6, r7\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r7, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r8, r9\n\t"
+        "SADD16	r8, r8, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r8, r9\n\t"
+        "ADD	r12, r8, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "SUB	r10, r8, r9\n\t"
+        "ADD	r8, r8, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r8, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #248]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r4\n\t"
+        "SADD16	r2, r2, r4\n\t"
+        "SMULBT	r4, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r4, r12, r11, r4\n\t"
+        "PKHTB	r4, r4, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r4\n\t"
+        "ADD	r12, r2, r4\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r4\n\t"
+        "ADD	r2, r2, r4\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r4, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r4, r12, r11, r4\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r5\n\t"
+        "SADD16	r3, r3, r5\n\t"
+        "SMULBT	r5, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r5\n\t"
+        "ADD	r12, r3, r5\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r5\n\t"
+        "ADD	r3, r3, r5\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r5, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r6, r8\n\t"
+        "SADD16	r6, r6, r8\n\t"
+        "SMULTT	r8, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r6, r8\n\t"
+        "ADD	r12, r6, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "SUB	r10, r6, r8\n\t"
+        "ADD	r6, r6, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r6, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r7, r9\n\t"
+        "SADD16	r7, r7, r9\n\t"
+        "SMULTT	r9, lr, r10\n\t"
+        "SMULTB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r7, r9\n\t"
+        "ADD	r12, r7, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "SUB	r10, r7, r9\n\t"
+        "ADD	r7, r7, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r7, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #16, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	lr, #0xafc0\n\t"
+        "MOVT	lr, #0x13\n\t"
+#else
+        "MOV	lr, #0x4ebf\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r2\n\t"
+        "SMULWT	r11, lr, r2\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r2, r2, r10\n\t"
+#else
+        "SBFX	r10, r2, #0, #16\n\t"
+        "SBFX	r11, r2, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r2, r11, LSL #16\n\t"
+        "SUB	r2, r2, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r2, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r3\n\t"
+        "SMULWT	r11, lr, r3\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r3, r3, r10\n\t"
+#else
+        "SBFX	r10, r3, #0, #16\n\t"
+        "SBFX	r11, r3, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r3, r11, LSL #16\n\t"
+        "SUB	r3, r3, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r3, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r4\n\t"
+        "SMULWT	r11, lr, r4\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r4, r4, r10\n\t"
+#else
+        "SBFX	r10, r4, #0, #16\n\t"
+        "SBFX	r11, r4, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r4, r11, LSL #16\n\t"
+        "SUB	r4, r4, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r4, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULWB	r10, lr, r5\n\t"
+        "SMULWT	r11, lr, r5\n\t"
+        "SMULBT	r10, r12, r10\n\t"
+        "SMULBT	r11, r12, r11\n\t"
+        "PKHBT	r10, r10, r11, LSL #16\n\t"
+        "SSUB16	r5, r5, r10\n\t"
+#else
+        "SBFX	r10, r5, #0, #16\n\t"
+        "SBFX	r11, r5, #16, #16\n\t"
+        "MUL	r10, lr, r10\n\t"
+        "MUL	r11, lr, r11\n\t"
+        "ASR	r10, r10, #26\n\t"
+        "ASR	r11, r11, #26\n\t"
+        "MUL	r10, r12, r10\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "SUB	r11, r5, r11, LSL #16\n\t"
+        "SUB	r5, r5, r10\n\t"
+        "LSR	r11, r11, #16\n\t"
+        "BFI	r5, r11, #16, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #252]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r2, r6\n\t"
+        "SADD16	r2, r2, r6\n\t"
+        "SMULBT	r6, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r6, r12, r11, r6\n\t"
+        "PKHTB	r6, r6, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r2, r6\n\t"
+        "ADD	r12, r2, r6\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "BFC	r2, #0, #16\n\t"
+        "SUB	r10, r2, r6\n\t"
+        "ADD	r2, r2, r6\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r2, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r6, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r6, r12, r11, r6\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r3, r7\n\t"
+        "SADD16	r3, r3, r7\n\t"
+        "SMULBT	r7, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r3, r7\n\t"
+        "ADD	r12, r3, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "BFC	r3, #0, #16\n\t"
+        "SUB	r10, r3, r7\n\t"
+        "ADD	r3, r3, r7\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r3, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r7, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r4, r8\n\t"
+        "SADD16	r4, r4, r8\n\t"
+        "SMULBT	r8, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r4, r8\n\t"
+        "ADD	r12, r4, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "BFC	r4, #0, #16\n\t"
+        "SUB	r10, r4, r8\n\t"
+        "ADD	r4, r4, r8\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r4, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r8, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r10, r5, r9\n\t"
+        "SADD16	r5, r5, r9\n\t"
+        "SMULBT	r9, lr, r10\n\t"
+        "SMULBB	r10, lr, r10\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SUB	r11, r5, r9\n\t"
+        "ADD	r12, r5, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r5, #0, #16\n\t"
+        "SUB	r10, r5, r9\n\t"
+        "ADD	r5, r5, r9\n\t"
+        "BFI	r10, r11, #0, #16\n\t"
+        "BFI	r5, r12, #0, #16\n\t"
+        "SBFX	r11, lr, #0, #16\n\t"
+        "ASR	r12, r10, #16\n\t"
+        "MUL	r9, r11, r12\n\t"
+        "SBFX	r10, r10, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "LDR	lr, [r1, #254]\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r2\n\t"
+        "SMULBT	r2, lr, r2\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r2\n\t"
+        "SMLABB	r2, r12, r11, r2\n\t"
+        "PKHTB	r2, r2, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r2, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r2, r2, #16, #16\n\t"
+        "MUL	r2, r11, r2\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r2, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r2, r12, r11, r2\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r3\n\t"
+        "SMULBT	r3, lr, r3\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r3\n\t"
+        "SMLABB	r3, r12, r11, r3\n\t"
+        "PKHTB	r3, r3, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r3, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r3, r3, #16, #16\n\t"
+        "MUL	r3, r11, r3\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r3, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r3, r12, r11, r3\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r4\n\t"
+        "SMULBT	r4, lr, r4\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r4\n\t"
+        "SMLABB	r4, r12, r11, r4\n\t"
+        "PKHTB	r4, r4, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r4, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r4, r4, #16, #16\n\t"
+        "MUL	r4, r11, r4\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r4, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r4, r12, r11, r4\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r5\n\t"
+        "SMULBT	r5, lr, r5\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r5\n\t"
+        "SMLABB	r5, r12, r11, r5\n\t"
+        "PKHTB	r5, r5, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r5, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r5, r5, #16, #16\n\t"
+        "MUL	r5, r11, r5\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r5, r12, r11, r5\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r6\n\t"
+        "SMULBT	r6, lr, r6\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r6\n\t"
+        "SMLABB	r6, r12, r11, r6\n\t"
+        "PKHTB	r6, r6, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r6, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r6, r6, #16, #16\n\t"
+        "MUL	r6, r11, r6\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r6, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r6, r12, r11, r6\n\t"
+        "BFI	r6, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r7\n\t"
+        "SMULBT	r7, lr, r7\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r7\n\t"
+        "SMLABB	r7, r12, r11, r7\n\t"
+        "PKHTB	r7, r7, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r7, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r7, r7, #16, #16\n\t"
+        "MUL	r7, r11, r7\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r7, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r7, r12, r11, r7\n\t"
+        "BFI	r7, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r8\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r8\n\t"
+        "SMLABB	r8, r12, r11, r8\n\t"
+        "PKHTB	r8, r8, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r8, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r8, r8, #16, #16\n\t"
+        "MUL	r8, r11, r8\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r8, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r8, r12, r11, r8\n\t"
+        "BFI	r8, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULBB	r10, lr, r9\n\t"
+        "SMULBT	r9, lr, r9\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULTB	r11, r12, r9\n\t"
+        "SMLABB	r9, r12, r11, r9\n\t"
+        "PKHTB	r9, r9, r10, ASR #16\n\t"
+#else
+        "SBFX	r11, lr, #0, #16\n\t"
+        "SBFX	r10, r9, #0, #16\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r9, r9, #16, #16\n\t"
+        "MUL	r9, r11, r9\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "MUL	r11, r12, r10\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r11, r9, #0, #16\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "LSR	r10, r10, #16\n\t"
+        "MLA	r9, r12, r11, r9\n\t"
+        "BFI	r9, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STR	r2, [%[r]]\n\t"
+        "STR	r3, [%[r], #64]\n\t"
+        "STR	r4, [%[r], #128]\n\t"
+        "STR	r5, [%[r], #192]\n\t"
+        "STR	r6, [%[r], #256]\n\t"
+        "STR	r7, [%[r], #320]\n\t"
+        "STR	r8, [%[r], #384]\n\t"
+        "STR	r9, [%[r], #448]\n\t"
+        "LDR	r2, [sp]\n\t"
+        "SUBS	r2, r2, #0x1\n\t"
+        "ADD	%[r], %[r], #0x4\n\t"
+#if defined(__GNUC__)
+        "BNE	L_mlkem_invntt_loop_321_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_mlkem_invntt_loop_321\n\t"
+#else
+        "BNE.N	L_mlkem_invntt_loop_321_%=\n\t"
+#endif
+        "ADD	sp, sp, #0x8\n\t"
+        : [r] "+r" (r),
+          [L_mlkem_invntt_zetas_inv] "+r" (L_mlkem_invntt_zetas_inv_c)
+        :
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
+    );
+}
+
+XALIGNED(16) static const word16 L_mlkem_basemul_mont_zetas[] = {
+    0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca,
+    0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc,
+    0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f,
+    0x0a58, 0x03f9, 0x02dc, 0x0260, 0x06fb, 0x019b, 0x0c34, 0x06de,
+    0x04c7, 0x028c, 0x0ad9, 0x03f7, 0x07f4, 0x05d3, 0x0be7, 0x06f9,
+    0x0204, 0x0cf9, 0x0bc1, 0x0a67, 0x06af, 0x0877, 0x007e, 0x05bd,
+    0x09ac, 0x0ca7, 0x0bf2, 0x033e, 0x006b, 0x0774, 0x0c0a, 0x094a,
+    0x0b73, 0x03c1, 0x071d, 0x0a2c, 0x01c0, 0x08d8, 0x02a5, 0x0806,
+    0x08b2, 0x01ae, 0x022b, 0x034b, 0x081e, 0x0367, 0x060e, 0x0069,
+    0x01a6, 0x024b, 0x00b1, 0x0c16, 0x0bde, 0x0b35, 0x0626, 0x0675,
+    0x0c0b, 0x030a, 0x0487, 0x0c6e, 0x09f8, 0x05cb, 0x0aa7, 0x045f,
+    0x06cb, 0x0284, 0x0999, 0x015d, 0x01a2, 0x0149, 0x0c65, 0x0cb6,
+    0x0331, 0x0449, 0x025b, 0x0262, 0x052a, 0x07fc, 0x0748, 0x0180,
+    0x0842, 0x0c79, 0x04c2, 0x07ca, 0x0997, 0x00dc, 0x085e, 0x0686,
+    0x0860, 0x0707, 0x0803, 0x031a, 0x071b, 0x09ab, 0x099b, 0x01de,
+    0x0c95, 0x0bcd, 0x03e4, 0x03df, 0x03be, 0x074d, 0x05f2, 0x065c,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void mlkem_thumb2_basemul_mont(sword16* r_p, const sword16* a_p,
+    const sword16* b_p)
+#else
+void mlkem_thumb2_basemul_mont(sword16* r, const sword16* a, const sword16* b)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r __asm__ ("r0") = (sword16*)r_p;
+    register const sword16* a __asm__ ("r1") = (const sword16*)a_p;
+    register const sword16* b __asm__ ("r2") = (const sword16*)b_p;
+    register word16* L_mlkem_basemul_mont_zetas_c __asm__ ("r3") =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+
+#else
+    register word16* L_mlkem_basemul_mont_zetas_c =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r3, %[L_mlkem_basemul_mont_zetas]\n\t"
+        "ADD	r3, r3, #0x80\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	r8, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_basemul_mont_loop:\n\t"
+#else
+    "L_mlkem_basemul_mont_loop_%=:\n\t"
+#endif
+        "ldm   %[a]!, {r4, r5}\n\t"
+        "ldm   %[b]!, {r6, r7}\n\t"
+        "LDR	lr, [r3, r8]\n\t"
+        "ADD	r8, r8, #0x2\n\t"
+        "PUSH	{r8}\n\t"
+        "CMP	r8, #0x80\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTT	r8, r4, r6\n\t"
+        "SMULTT	r10, r5, r7\n\t"
+        "SMULTB	r9, r12, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r8, r12, r9, r8\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "RSB	r11, lr, #0x0\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULBT	r10, r11, r10\n\t"
+        "SMLABB	r8, r4, r6, r8\n\t"
+        "SMLABB	r10, r5, r7, r10\n\t"
+        "SMULTB	r9, r12, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r8, r12, r9, r8\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULBT	r9, r4, r6\n\t"
+        "SMULBT	r11, r5, r7\n\t"
+        "SMLATB	r9, r4, r6, r9\n\t"
+        "SMLATB	r11, r5, r7, r11\n\t"
+        "SMULTB	r6, r12, r9\n\t"
+        "SMULTB	r7, r12, r11\n\t"
+        "SMLABB	r9, r12, r6, r9\n\t"
+        "SMLABB	r11, r12, r7, r11\n\t"
+        "PKHTB	r4, r9, r8, ASR #16\n\t"
+        "PKHTB	r5, r11, r10, ASR #16\n\t"
+#else
+        "ASR	r8, r4, #16\n\t"
+        "ASR	r10, r5, #16\n\t"
+        "ASR	r9, r6, #16\n\t"
+        "ASR	r11, r7, #16\n\t"
+        "MUL	r8, r8, r9\n\t"
+        "MUL	r10, r10, r11\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r9, r8, #0, #16\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r9, r12, r8\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r9, r9, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r8, r12, r9, r8\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "RSB	r11, lr, #0x0\n\t"
+        "SBFX	r9, lr, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "ASR	r10, r10, #16\n\t"
+        "MUL	r8, r9, r8\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r9, r4, #0, #16\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "SBFX	r12, r6, #0, #16\n\t"
+        "MLA	r8, r9, r12, r8\n\t"
+        "SBFX	r12, r7, #0, #16\n\t"
+        "MLA	r10, r11, r12, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r9, r8, #0, #16\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r9, r12, r9\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r9, r9, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r8, r12, r9, r8\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "SBFX	r9, r4, #0, #16\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "ASR	r12, r6, #16\n\t"
+        "MUL	r9, r9, r12\n\t"
+        "ASR	r12, r7, #16\n\t"
+        "MUL	r11, r11, r12\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "SBFX	r12, r6, #0, #16\n\t"
+        "MLA	r9, r4, r12, r9\n\t"
+        "SBFX	r12, r7, #0, #16\n\t"
+        "MLA	r11, r5, r12, r11\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r6, r9, #0, #16\n\t"
+        "SBFX	r7, r11, #0, #16\n\t"
+        "MUL	r6, r12, r6\n\t"
+        "MUL	r7, r12, r7\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r4, r6, #0, #16\n\t"
+        "SBFX	r5, r7, #0, #16\n\t"
+        "MLA	r9, r12, r4, r9\n\t"
+        "MLA	r11, r12, r5, r11\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r11, #0, #16\n\t"
+        "ORR	r4, r9, r8, LSR #16\n\t"
+        "ORR	r5, r11, r10, LSR #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STM	%[r]!, {r4, r5}\n\t"
+        "POP	{r8}\n\t"
+#if defined(__GNUC__)
+        "BNE	L_mlkem_basemul_mont_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_mlkem_basemul_mont_loop\n\t"
+#else
+        "BNE.N	L_mlkem_basemul_mont_loop_%=\n\t"
+#endif
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b),
+          [L_mlkem_basemul_mont_zetas] "+r" (L_mlkem_basemul_mont_zetas_c)
+        :
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12", "lr"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void mlkem_thumb2_basemul_mont_add(sword16* r_p, const sword16* a_p,
+    const sword16* b_p)
+#else
+void mlkem_thumb2_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* r __asm__ ("r0") = (sword16*)r_p;
+    register const sword16* a __asm__ ("r1") = (const sword16*)a_p;
+    register const sword16* b __asm__ ("r2") = (const sword16*)b_p;
+    register word16* L_mlkem_basemul_mont_zetas_c __asm__ ("r3") =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+
+#else
+    register word16* L_mlkem_basemul_mont_zetas_c =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r3, %[L_mlkem_basemul_mont_zetas]\n\t"
+        "ADD	r3, r3, #0x80\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOV	r12, #0xd01\n\t"
+        "MOVT	r12, #0xcff\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	r8, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_basemul_mont_add_loop:\n\t"
+#else
+    "L_mlkem_thumb2_basemul_mont_add_loop_%=:\n\t"
+#endif
+        "ldm   %[a]!, {r4, r5}\n\t"
+        "ldm   %[b]!, {r6, r7}\n\t"
+        "LDR	lr, [r3, r8]\n\t"
+        "ADD	r8, r8, #0x2\n\t"
+        "PUSH	{r8}\n\t"
+        "CMP	r8, #0x80\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SMULTT	r8, r4, r6\n\t"
+        "SMULTT	r10, r5, r7\n\t"
+        "SMULTB	r9, r12, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r8, r12, r9, r8\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "RSB	r11, lr, #0x0\n\t"
+        "SMULBT	r8, lr, r8\n\t"
+        "SMULBT	r10, r11, r10\n\t"
+        "SMLABB	r8, r4, r6, r8\n\t"
+        "SMLABB	r10, r5, r7, r10\n\t"
+        "SMULTB	r9, r12, r8\n\t"
+        "SMULTB	r11, r12, r10\n\t"
+        "SMLABB	r8, r12, r9, r8\n\t"
+        "SMLABB	r10, r12, r11, r10\n\t"
+        "SMULBT	r9, r4, r6\n\t"
+        "SMULBT	r11, r5, r7\n\t"
+        "SMLATB	r9, r4, r6, r9\n\t"
+        "SMLATB	r11, r5, r7, r11\n\t"
+        "SMULTB	r6, r12, r9\n\t"
+        "SMULTB	r7, r12, r11\n\t"
+        "SMLABB	r9, r12, r6, r9\n\t"
+        "SMLABB	r11, r12, r7, r11\n\t"
+        "ldm   %[r], {r4, r5}\n\t"
+        "PKHTB	r9, r9, r8, ASR #16\n\t"
+        "PKHTB	r11, r11, r10, ASR #16\n\t"
+        "SADD16	r4, r4, r9\n\t"
+        "SADD16	r5, r5, r11\n\t"
+#else
+        "ASR	r8, r4, #16\n\t"
+        "ASR	r10, r5, #16\n\t"
+        "ASR	r9, r6, #16\n\t"
+        "ASR	r11, r7, #16\n\t"
+        "MUL	r8, r8, r9\n\t"
+        "MUL	r10, r10, r11\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r9, r8, #0, #16\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r9, r12, r8\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r9, r9, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r8, r12, r9, r8\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "RSB	r11, lr, #0x0\n\t"
+        "SBFX	r9, lr, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "ASR	r8, r8, #16\n\t"
+        "ASR	r10, r10, #16\n\t"
+        "MUL	r8, r9, r8\n\t"
+        "MUL	r10, r11, r10\n\t"
+        "SBFX	r9, r4, #0, #16\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "SBFX	r12, r6, #0, #16\n\t"
+        "MLA	r8, r9, r12, r8\n\t"
+        "SBFX	r12, r7, #0, #16\n\t"
+        "MLA	r10, r11, r12, r10\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r9, r8, #0, #16\n\t"
+        "SBFX	r11, r10, #0, #16\n\t"
+        "MUL	r9, r12, r9\n\t"
+        "MUL	r11, r12, r11\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r9, r9, #0, #16\n\t"
+        "SBFX	r11, r11, #0, #16\n\t"
+        "MLA	r8, r12, r9, r8\n\t"
+        "MLA	r10, r12, r11, r10\n\t"
+        "SBFX	r9, r4, #0, #16\n\t"
+        "SBFX	r11, r5, #0, #16\n\t"
+        "ASR	r12, r6, #16\n\t"
+        "MUL	r9, r9, r12\n\t"
+        "ASR	r12, r7, #16\n\t"
+        "MUL	r11, r11, r12\n\t"
+        "ASR	r4, r4, #16\n\t"
+        "ASR	r5, r5, #16\n\t"
+        "SBFX	r12, r6, #0, #16\n\t"
+        "MLA	r9, r4, r12, r9\n\t"
+        "SBFX	r12, r7, #0, #16\n\t"
+        "MLA	r11, r5, r12, r11\n\t"
+        "MOV	r12, #0xcff\n\t"
+        "SBFX	r6, r9, #0, #16\n\t"
+        "SBFX	r7, r11, #0, #16\n\t"
+        "MUL	r6, r12, r6\n\t"
+        "MUL	r7, r12, r7\n\t"
+        "MOV	r12, #0xd01\n\t"
+        "SBFX	r4, r6, #0, #16\n\t"
+        "SBFX	r5, r7, #0, #16\n\t"
+        "MLA	r9, r12, r4, r9\n\t"
+        "MLA	r11, r12, r5, r11\n\t"
+        "ldm   %[r], {r4, r5}\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r11, #0, #16\n\t"
+        "ORR	r9, r9, r8, LSR #16\n\t"
+        "ORR	r11, r11, r10, LSR #16\n\t"
+        "ADD	r8, r4, r9\n\t"
+        "ADD	r10, r5, r11\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "BFC	r11, #0, #16\n\t"
+        "ADD	r4, r4, r9\n\t"
+        "ADD	r5, r5, r11\n\t"
+        "BFI	r4, r8, #0, #16\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STM	%[r]!, {r4, r5}\n\t"
+        "POP	{r8}\n\t"
+#if defined(__GNUC__)
+        "BNE	L_mlkem_thumb2_basemul_mont_add_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_mlkem_thumb2_basemul_mont_add_loop\n\t"
+#else
+        "BNE.N	L_mlkem_thumb2_basemul_mont_add_loop_%=\n\t"
+#endif
+        : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b),
+          [L_mlkem_basemul_mont_zetas] "+r" (L_mlkem_basemul_mont_zetas_c)
+        :
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12", "lr"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void mlkem_thumb2_csubq(sword16* p_p)
+#else
+void mlkem_thumb2_csubq(sword16* p)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* p __asm__ ("r0") = (sword16*)p_p;
+    register word16* L_mlkem_basemul_mont_zetas_c __asm__ ("r1") =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+
+#else
+    register word16* L_mlkem_basemul_mont_zetas_c =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r11, #0xd01\n\t"
+        "MOV	r12, #0xd01\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "MOVT	r12, #0xd01\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "MOV	lr, #0x8000\n\t"
+        "MOVT	lr, #0x8000\n\t"
+        "MOV	r1, #0x100\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_csubq_loop:\n\t"
+#else
+    "L_mlkem_thumb2_csubq_loop_%=:\n\t"
+#endif
+        "ldm   %[p], {r2, r3, r4, r5}\n\t"
+#ifndef WOLFSSL_ARM_ARCH_7M
+        "SSUB16	r2, r2, r12\n\t"
+        "SSUB16	r3, r3, r12\n\t"
+        "SSUB16	r4, r4, r12\n\t"
+        "SSUB16	r5, r5, r12\n\t"
+        "AND	r6, r2, lr\n\t"
+        "AND	r7, r3, lr\n\t"
+        "AND	r8, r4, lr\n\t"
+        "AND	r9, r5, lr\n\t"
+        "LSR	r6, r6, #15\n\t"
+        "LSR	r7, r7, #15\n\t"
+        "LSR	r8, r8, #15\n\t"
+        "LSR	r9, r9, #15\n\t"
+        "MUL	r6, r6, r11\n\t"
+        "MUL	r7, r7, r11\n\t"
+        "MUL	r8, r8, r11\n\t"
+        "MUL	r9, r9, r11\n\t"
+        "SADD16	r2, r2, r6\n\t"
+        "SADD16	r3, r3, r7\n\t"
+        "SADD16	r4, r4, r8\n\t"
+        "SADD16	r5, r5, r9\n\t"
+#else
+        "SUB	r6, r2, r12\n\t"
+        "SUB	r2, r2, r12, LSL #16\n\t"
+        "BFI	r2, r6, #0, #16\n\t"
+        "SUB	r7, r3, r12\n\t"
+        "SUB	r3, r3, r12, LSL #16\n\t"
+        "BFI	r3, r7, #0, #16\n\t"
+        "SUB	r8, r4, r12\n\t"
+        "SUB	r4, r4, r12, LSL #16\n\t"
+        "BFI	r4, r8, #0, #16\n\t"
+        "SUB	r9, r5, r12\n\t"
+        "SUB	r5, r5, r12, LSL #16\n\t"
+        "BFI	r5, r9, #0, #16\n\t"
+        "AND	r6, r2, lr\n\t"
+        "AND	r7, r3, lr\n\t"
+        "AND	r8, r4, lr\n\t"
+        "AND	r9, r5, lr\n\t"
+        "LSR	r6, r6, #15\n\t"
+        "LSR	r7, r7, #15\n\t"
+        "LSR	r8, r8, #15\n\t"
+        "LSR	r9, r9, #15\n\t"
+        "MUL	r6, r6, r11\n\t"
+        "MUL	r7, r7, r11\n\t"
+        "MUL	r8, r8, r11\n\t"
+        "MUL	r9, r9, r11\n\t"
+        "ADD	r10, r2, r6\n\t"
+        "BFC	r6, #0, #16\n\t"
+        "ADD	r2, r2, r6\n\t"
+        "BFI	r2, r10, #0, #16\n\t"
+        "ADD	r10, r3, r7\n\t"
+        "BFC	r7, #0, #16\n\t"
+        "ADD	r3, r3, r7\n\t"
+        "BFI	r3, r10, #0, #16\n\t"
+        "ADD	r10, r4, r8\n\t"
+        "BFC	r8, #0, #16\n\t"
+        "ADD	r4, r4, r8\n\t"
+        "BFI	r4, r10, #0, #16\n\t"
+        "ADD	r10, r5, r9\n\t"
+        "BFC	r9, #0, #16\n\t"
+        "ADD	r5, r5, r9\n\t"
+        "BFI	r5, r10, #0, #16\n\t"
+#endif /* !WOLFSSL_ARM_ARCH_7M */
+        "STM	%[p]!, {r2, r3, r4, r5}\n\t"
+        "SUBS	r1, r1, #0x8\n\t"
+#if defined(__GNUC__)
+        "BNE	L_mlkem_thumb2_csubq_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_mlkem_thumb2_csubq_loop\n\t"
+#else
+        "BNE.N	L_mlkem_thumb2_csubq_loop_%=\n\t"
+#endif
+        : [p] "+r" (p),
+          [L_mlkem_basemul_mont_zetas] "+r" (L_mlkem_basemul_mont_zetas_c)
+        :
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+unsigned int mlkem_thumb2_rej_uniform(sword16* p_p, unsigned int len_p,
+    const byte* r_p, unsigned int rLen_p)
+#else
+unsigned int mlkem_thumb2_rej_uniform(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register sword16* p __asm__ ("r0") = (sword16*)p_p;
+    register unsigned int len __asm__ ("r1") = (unsigned int)len_p;
+    register const byte* r __asm__ ("r2") = (const byte*)r_p;
+    register unsigned int rLen __asm__ ("r3") = (unsigned int)rLen_p;
+    register word16* L_mlkem_basemul_mont_zetas_c __asm__ ("r4") =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+
+#else
+    register word16* L_mlkem_basemul_mont_zetas_c =
+        (word16*)&L_mlkem_basemul_mont_zetas;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "MOV	r8, #0xd01\n\t"
+        "MOV	r9, #0x0\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_rej_uniform_loop_no_fail:\n\t"
+#else
+    "L_mlkem_thumb2_rej_uniform_loop_no_fail_%=:\n\t"
+#endif
+        "CMP	%[len], #0x8\n\t"
+#if defined(__GNUC__)
+        "BLT	L_mlkem_thumb2_rej_uniform_done_no_fail_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BLT.N	L_mlkem_thumb2_rej_uniform_done_no_fail\n\t"
+#else
+        "BLT.N	L_mlkem_thumb2_rej_uniform_done_no_fail_%=\n\t"
+#endif
+        "ldm   %[r]!, {r4, r5, r6}\n\t"
+        "UBFX	r7, r4, #0, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r4, #12, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r4, #24, #8\n\t"
+        "BFI	r7, r5, #8, #4\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r5, #4, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r5, #16, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r5, #28, #4\n\t"
+        "BFI	r7, r6, #4, #8\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r6, #8, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "UBFX	r7, r6, #20, #12\n\t"
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUB	r10, r7, r8\n\t"
+        "LSR	r10, r10, #31\n\t"
+        "SUB	%[len], %[len], r10\n\t"
+        "ADD	r9, r9, r10, LSL #1\n\t"
+        "SUBS	%[rLen], %[rLen], #0xc\n\t"
+#if defined(__GNUC__)
+        "BNE	L_mlkem_thumb2_rej_uniform_loop_no_fail_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BNE.N	L_mlkem_thumb2_rej_uniform_loop_no_fail\n\t"
+#else
+        "BNE.N	L_mlkem_thumb2_rej_uniform_loop_no_fail_%=\n\t"
+#endif
+#if defined(__GNUC__)
+        "B	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "B.N	L_mlkem_thumb2_rej_uniform_done\n\t"
+#else
+        "B.N	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_rej_uniform_done_no_fail:\n\t"
+#else
+    "L_mlkem_thumb2_rej_uniform_done_no_fail_%=:\n\t"
+#endif
+        "CMP	%[len], #0x0\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_rej_uniform_loop:\n\t"
+#else
+    "L_mlkem_thumb2_rej_uniform_loop_%=:\n\t"
+#endif
+        "ldm   %[r]!, {r4, r5, r6}\n\t"
+        "UBFX	r7, r4, #0, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_mlkem_thumb2_rej_uniform_fail_0_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_0\n\t"
+#else
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_0_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_rej_uniform_fail_0:\n\t"
+#else
+    "L_mlkem_thumb2_rej_uniform_fail_0_%=:\n\t"
+#endif
+        "UBFX	r7, r4, #12, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_mlkem_thumb2_rej_uniform_fail_1_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_1\n\t"
+#else
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_1_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_rej_uniform_fail_1:\n\t"
+#else
+    "L_mlkem_thumb2_rej_uniform_fail_1_%=:\n\t"
+#endif
+        "UBFX	r7, r4, #24, #8\n\t"
+        "BFI	r7, r5, #8, #4\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_mlkem_thumb2_rej_uniform_fail_2_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_2\n\t"
+#else
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_2_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_rej_uniform_fail_2:\n\t"
+#else
+    "L_mlkem_thumb2_rej_uniform_fail_2_%=:\n\t"
+#endif
+        "UBFX	r7, r5, #4, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_mlkem_thumb2_rej_uniform_fail_3_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_3\n\t"
+#else
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_3_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_rej_uniform_fail_3:\n\t"
+#else
+    "L_mlkem_thumb2_rej_uniform_fail_3_%=:\n\t"
+#endif
+        "UBFX	r7, r5, #16, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_mlkem_thumb2_rej_uniform_fail_4_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_4\n\t"
+#else
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_4_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_rej_uniform_fail_4:\n\t"
+#else
+    "L_mlkem_thumb2_rej_uniform_fail_4_%=:\n\t"
+#endif
+        "UBFX	r7, r5, #28, #4\n\t"
+        "BFI	r7, r6, #4, #8\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_mlkem_thumb2_rej_uniform_fail_5_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_5\n\t"
+#else
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_5_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_rej_uniform_fail_5:\n\t"
+#else
+    "L_mlkem_thumb2_rej_uniform_fail_5_%=:\n\t"
+#endif
+        "UBFX	r7, r6, #8, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_mlkem_thumb2_rej_uniform_fail_6_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_6\n\t"
+#else
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_6_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_rej_uniform_fail_6:\n\t"
+#else
+    "L_mlkem_thumb2_rej_uniform_fail_6_%=:\n\t"
+#endif
+        "UBFX	r7, r6, #20, #12\n\t"
+        "CMP	r7, r8\n\t"
+#if defined(__GNUC__)
+        "BGE	L_mlkem_thumb2_rej_uniform_fail_7_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_7\n\t"
+#else
+        "BGE.N	L_mlkem_thumb2_rej_uniform_fail_7_%=\n\t"
+#endif
+        "STRH	r7, [%[p], r9]\n\t"
+        "SUBS	%[len], %[len], #0x1\n\t"
+        "ADD	r9, r9, #0x2\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done\n\t"
+#else
+        "BEQ.N	L_mlkem_thumb2_rej_uniform_done_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_rej_uniform_fail_7:\n\t"
+#else
+    "L_mlkem_thumb2_rej_uniform_fail_7_%=:\n\t"
+#endif
+        "SUBS	%[rLen], %[rLen], #0xc\n\t"
+#if defined(__GNUC__)
+        "BGT	L_mlkem_thumb2_rej_uniform_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_mlkem_thumb2_rej_uniform_loop\n\t"
+#else
+        "BGT.N	L_mlkem_thumb2_rej_uniform_loop_%=\n\t"
+#endif
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_mlkem_thumb2_rej_uniform_done:\n\t"
+#else
+    "L_mlkem_thumb2_rej_uniform_done_%=:\n\t"
+#endif
+        "LSR	r0, r9, #1\n\t"
+        : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen),
+          [L_mlkem_basemul_mont_zetas] "+r" (L_mlkem_basemul_mont_zetas_c)
+        :
+        : "memory", "cc", "r5", "r6", "r7", "r8", "r9", "r10"
+    );
+    return (word32)(size_t)p;
+}
+
+#endif /* WOLFSSL_WC_MLKEM */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
new file mode 100644
index 000000000..788426b7a
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
@@ -0,0 +1,367 @@
+/* thumb2-poly1305-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./poly1305/poly1305.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifndef WOLFSSL_ARMASM_INLINE
+	.thumb
+	.syntax unified
+#ifdef HAVE_POLY1305
+	.text
+	.align	4
+	.globl	poly1305_blocks_thumb2_16
+	.type	poly1305_blocks_thumb2_16, %function
+poly1305_blocks_thumb2_16:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	SUB	sp, sp, #0x1c
+	CMP	r2, #0x0
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BEQ	L_poly1305_thumb2_16_done
+#else
+	BEQ.N	L_poly1305_thumb2_16_done
+#endif
+	ADD	lr, sp, #0xc
+	STM	lr, {r0, r1, r2, r3}
+	/* Get h pointer */
+	ADD	lr, r0, #0x10
+	LDM	lr, {r4, r5, r6, r7, r8}
+L_poly1305_thumb2_16_loop:
+	/* Add m to h */
+	LDR	r1, [sp, #16]
+	LDR	r2, [r1]
+	LDR	r3, [r1, #4]
+	LDR	r9, [r1, #8]
+	LDR	r10, [r1, #12]
+	LDR	r11, [sp, #24]
+	ADDS	r4, r4, r2
+	ADCS	r5, r5, r3
+	ADCS	r6, r6, r9
+	ADCS	r7, r7, r10
+	ADD	r1, r1, #0x10
+	ADC	r8, r8, r11
+#ifdef WOLFSSL_ARM_ARCH_7M
+	STM	lr, {r4, r5, r6, r7, r8}
+#else
+	/* h[0]-h[2] in r4-r6 for multiplication. */
+	STR	r7, [lr, #12]
+	STR	r8, [lr, #16]
+#endif /* WOLFSSL_ARM_ARCH_7M */
+	STR	r1, [sp, #16]
+	LDR	r1, [sp, #12]
+	/* Multiply h by r */
+#ifdef WOLFSSL_ARM_ARCH_7M
+	/* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+	LDR	r3, [r1]
+	EOR	r0, r0, r0
+	/* r[0] * h[0] */
+	/* h[0] in r4 */
+	UMULL	r4, r5, r3, r4
+	/* r[0] * h[2] */
+	/* h[2] in r6 */
+	UMULL	r6, r7, r3, r6
+	/* r[0] * h[4] */
+	/* h[4] in r8 */
+	MUL	r8, r3, r8
+	/* r[0] * h[1] */
+	LDR	r2, [lr, #4]
+	MOV	r12, r0
+	UMLAL	r5, r12, r3, r2
+	/* r[0] * h[3] */
+	LDR	r2, [lr, #12]
+	ADDS	r6, r6, r12
+	ADC	r7, r7, r0
+	UMLAL	r7, r8, r3, r2
+	/* r[1] * h[0] */
+	LDR	r3, [r1, #4]
+	LDR	r2, [lr]
+	MOV	r12, r0
+	UMLAL	r5, r12, r3, r2
+	/* r[1] * h[1] */
+	LDR	r2, [lr, #4]
+	ADDS	r6, r6, r12
+	ADC	r12, r0, r0
+	UMLAL	r6, r12, r3, r2
+	/* r[1] * h[2] */
+	LDR	r2, [lr, #8]
+	ADDS	r7, r7, r12
+	ADC	r12, r0, r0
+	UMLAL	r7, r12, r3, r2
+	/* r[1] * h[3] */
+	LDR	r2, [lr, #12]
+	ADDS	r8, r8, r12
+	ADC	r9, r0, r0
+	UMLAL	r8, r9, r3, r2
+	/* r[1] * h[4] */
+	LDR	r2, [lr, #16]
+	MLA	r9, r3, r2, r9
+	/* r[2] * h[0] */
+	LDR	r3, [r1, #8]
+	LDR	r2, [lr]
+	MOV	r12, r0
+	UMLAL	r6, r12, r3, r2
+	/* r[2] * h[1] */
+	LDR	r2, [lr, #4]
+	ADDS	r7, r7, r12
+	ADC	r12, r0, r0
+	UMLAL	r7, r12, r3, r2
+	/* r[2] * h[2] */
+	LDR	r2, [lr, #8]
+	ADDS	r8, r8, r12
+	ADC	r12, r0, r0
+	UMLAL	r8, r12, r3, r2
+	/* r[2] * h[3] */
+	LDR	r2, [lr, #12]
+	ADDS	r9, r9, r12
+	ADC	r10, r0, r0
+	UMLAL	r9, r10, r3, r2
+	/* r[2] * h[4] */
+	LDR	r2, [lr, #16]
+	MLA	r10, r3, r2, r10
+	/* r[3] * h[0] */
+	LDR	r3, [r1, #12]
+	LDR	r2, [lr]
+	MOV	r12, r0
+	UMLAL	r7, r12, r3, r2
+	/* r[3] * h[1] */
+	LDR	r2, [lr, #4]
+	ADDS	r8, r8, r12
+	ADC	r12, r0, r0
+	UMLAL	r8, r12, r3, r2
+	/* r[3] * h[2] */
+	LDR	r2, [lr, #8]
+	ADDS	r9, r9, r12
+	ADC	r10, r10, r0
+	UMLAL	r9, r10, r3, r2
+	/* r[3] * h[3] */
+	LDR	r2, [lr, #12]
+	MOV	r11, r0
+	UMLAL	r10, r11, r3, r2
+	/* r[3] * h[4] */
+	LDR	r2, [lr, #16]
+	MOV	r12, r0
+	MLA	r11, r3, r2, r11
+#else
+	LDM	r1, {r0, r1, r2, r3}
+	/* r[0] * h[0] */
+	UMULL	r10, r11, r0, r4
+	/* r[1] * h[0] */
+	UMULL	r12, r7, r1, r4
+	/* r[0] * h[1] */
+	UMAAL	r11, r12, r0, r5
+	/* r[2] * h[0] */
+	UMULL	r8, r9, r2, r4
+	/* r[1] * h[1] */
+	UMAAL	r12, r8, r1, r5
+	/* r[0] * h[2] */
+	UMAAL	r12, r7, r0, r6
+	/* r[3] * h[0] */
+	UMAAL	r8, r9, r3, r4
+	STM	sp, {r10, r11, r12}
+	/* r[2] * h[1] */
+	UMAAL	r7, r8, r2, r5
+	/* Replace h[0] with h[3] */
+	LDR	r4, [lr, #12]
+	/* r[1] * h[2] */
+	UMULL	r10, r11, r1, r6
+	/* r[2] * h[2] */
+	UMAAL	r8, r9, r2, r6
+	/* r[0] * h[3] */
+	UMAAL	r7, r10, r0, r4
+	/* r[3] * h[1] */
+	UMAAL	r8, r11, r3, r5
+	/* r[1] * h[3] */
+	UMAAL	r8, r10, r1, r4
+	/* r[3] * h[2] */
+	UMAAL	r9, r11, r3, r6
+	/* r[2] * h[3] */
+	UMAAL	r9, r10, r2, r4
+	/* Replace h[1] with h[4] */
+	LDR	r5, [lr, #16]
+	/* r[3] * h[3] */
+	UMAAL	r10, r11, r3, r4
+	MOV	r12, #0x0
+	/* r[0] * h[4] */
+	UMAAL	r8, r12, r0, r5
+	/* r[1] * h[4] */
+	UMAAL	r9, r12, r1, r5
+	/* r[2] * h[4] */
+	UMAAL	r10, r12, r2, r5
+	/* r[3] * h[4] */
+	UMAAL	r11, r12, r3, r5
+	/* DONE */
+	LDM	sp, {r4, r5, r6}
+#endif /* WOLFSSL_ARM_ARCH_7M */
+	/* r12 will be zero because r is masked. */
+	/* Load length */
+	LDR	r2, [sp, #20]
+	/* Reduce mod 2^130 - 5 */
+	BIC	r3, r8, #0x3
+	AND	r8, r8, #0x3
+	ADDS	r4, r4, r3
+	LSR	r3, r3, #2
+	ADCS	r5, r5, r9
+	ORR	r3, r3, r9, LSL #30
+	ADCS	r6, r6, r10
+	LSR	r9, r9, #2
+	ADCS	r7, r7, r11
+	ORR	r9, r9, r10, LSL #30
+	ADC	r8, r8, r12
+	LSR	r10, r10, #2
+	ADDS	r4, r4, r3
+	ORR	r10, r10, r11, LSL #30
+	ADCS	r5, r5, r9
+	LSR	r11, r11, #2
+	ADCS	r6, r6, r10
+	ADCS	r7, r7, r11
+	ADC	r8, r8, r12
+	/* Sub 16 from length. */
+	SUBS	r2, r2, #0x10
+	/* Store length. */
+	STR	r2, [sp, #20]
+	/* Loop again if more message to do. */
+#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
+	BGT	L_poly1305_thumb2_16_loop
+#else
+	BGT.N	L_poly1305_thumb2_16_loop
+#endif
+	STM	lr, {r4, r5, r6, r7, r8}
+L_poly1305_thumb2_16_done:
+	ADD	sp, sp, #0x1c
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 250 */
+	.size	poly1305_blocks_thumb2_16,.-poly1305_blocks_thumb2_16
+	.text
+	.type	L_poly1305_thumb2_clamp, %object
+	.size	L_poly1305_thumb2_clamp, 16
+	.align	4
+L_poly1305_thumb2_clamp:
+	.word	0xfffffff
+	.word	0xffffffc
+	.word	0xffffffc
+	.word	0xffffffc
+	.text
+	.align	4
+	.globl	poly1305_set_key
+	.type	poly1305_set_key, %function
+poly1305_set_key:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, lr}
+	/* Load mask. */
+	ADR	r10, L_poly1305_thumb2_clamp
+	LDM	r10, {r6, r7, r8, r9}
+	/* Load and cache padding. */
+	LDR	r2, [r1, #16]
+	LDR	r3, [r1, #20]
+	LDR	r4, [r1, #24]
+	LDR	r5, [r1, #28]
+	ADD	r10, r0, #0x24
+	STM	r10, {r2, r3, r4, r5}
+	/* Load, mask and store r. */
+	LDR	r2, [r1]
+	LDR	r3, [r1, #4]
+	LDR	r4, [r1, #8]
+	LDR	r5, [r1, #12]
+	AND	r2, r2, r6
+	AND	r3, r3, r7
+	AND	r4, r4, r8
+	AND	r5, r5, r9
+	ADD	r10, r0, #0x0
+	STM	r10, {r2, r3, r4, r5}
+	/* h (accumulator) = 0 */
+	EOR	r6, r6, r6
+	EOR	r7, r7, r7
+	EOR	r8, r8, r8
+	EOR	r9, r9, r9
+	ADD	r10, r0, #0x10
+	EOR	r5, r5, r5
+	STM	r10, {r5, r6, r7, r8, r9}
+	/* Zero leftover */
+	STR	r5, [r0, #52]
+	POP	{r4, r5, r6, r7, r8, r9, r10, pc}
+	/* Cycle Count = 70 */
+	.size	poly1305_set_key,.-poly1305_set_key
+	.text
+	.align	4
+	.globl	poly1305_final
+	.type	poly1305_final, %function
+poly1305_final:
+	PUSH	{r4, r5, r6, r7, r8, r9, r10, r11, lr}
+	ADD	r11, r0, #0x10
+	LDM	r11, {r2, r3, r4, r5, r6}
+	/* Add 5 and check for h larger than p. */
+	ADDS	r7, r2, #0x5
+	ADCS	r7, r3, #0x0
+	ADCS	r7, r4, #0x0
+	ADCS	r7, r5, #0x0
+	ADC	r7, r6, #0x0
+	SUB	r7, r7, #0x4
+	LSR	r7, r7, #31
+	SUB	r7, r7, #0x1
+	AND	r7, r7, #0x5
+	/* Add 0/5 to h. */
+	ADDS	r2, r2, r7
+	ADCS	r3, r3, #0x0
+	ADCS	r4, r4, #0x0
+	ADC	r5, r5, #0x0
+	/* Add padding */
+	ADD	r11, r0, #0x24
+	LDM	r11, {r7, r8, r9, r10}
+	ADDS	r2, r2, r7
+	ADCS	r3, r3, r8
+	ADCS	r4, r4, r9
+	ADC	r5, r5, r10
+	/* Store MAC */
+	STR	r2, [r1]
+	STR	r3, [r1, #4]
+	STR	r4, [r1, #8]
+	STR	r5, [r1, #12]
+	/* Zero out h. */
+	EOR	r2, r2, r2
+	EOR	r3, r3, r3
+	EOR	r4, r4, r4
+	EOR	r5, r5, r5
+	EOR	r6, r6, r6
+	ADD	r11, r0, #0x10
+	STM	r11, {r2, r3, r4, r5, r6}
+	/* Zero out r. */
+	ADD	r11, r0, #0x0
+	STM	r11, {r2, r3, r4, r5}
+	/* Zero out padding. */
+	ADD	r11, r0, #0x24
+	STM	r11, {r2, r3, r4, r5}
+	POP	{r4, r5, r6, r7, r8, r9, r10, r11, pc}
+	/* Cycle Count = 82 */
+	.size	poly1305_final,.-poly1305_final
+#endif /* HAVE_POLY1305 */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section        .note.GNU-stack,"",%progbits
+#endif
+#endif /* !WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
new file mode 100644
index 000000000..0e3911c0a
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c
@@ -0,0 +1,425 @@
+/* thumb2-poly1305-asm
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Generated using (from wolfssl):
+ *   cd ../scripts
+ *   ruby ./poly1305/poly1305.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm.c
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+#ifdef WOLFSSL_ARMASM_INLINE
+
+#ifdef __IAR_SYSTEMS_ICC__
+#define __asm__        asm
+#define __volatile__   volatile
+#define WOLFSSL_NO_VAR_ASSIGN_REG
+#endif /* __IAR_SYSTEMS_ICC__ */
+#ifdef __KEIL__
+#define __asm__        __asm
+#define __volatile__   volatile
+#endif /* __KEIL__ */
+#ifdef HAVE_POLY1305
+#include <wolfssl/wolfcrypt/poly1305.h>
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_blocks_thumb2_16(Poly1305* ctx_p, const byte* m_p, word32 len_p,
+    int notLast_p)
+#else
+void poly1305_blocks_thumb2_16(Poly1305* ctx, const byte* m, word32 len,
+    int notLast)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx __asm__ ("r0") = (Poly1305*)ctx_p;
+    register const byte* m __asm__ ("r1") = (const byte*)m_p;
+    register word32 len __asm__ ("r2") = (word32)len_p;
+    register int notLast __asm__ ("r3") = (int)notLast_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "SUB	sp, sp, #0x1c\n\t"
+        "CMP	%[len], #0x0\n\t"
+#if defined(__GNUC__)
+        "BEQ	L_poly1305_thumb2_16_done_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BEQ.N	L_poly1305_thumb2_16_done\n\t"
+#else
+        "BEQ.N	L_poly1305_thumb2_16_done_%=\n\t"
+#endif
+        "ADD	lr, sp, #0xc\n\t"
+        "STM	lr, {%[ctx], %[m], %[len], %[notLast]}\n\t"
+        /* Get h pointer */
+        "ADD	lr, %[ctx], #0x10\n\t"
+        "ldm   lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_poly1305_thumb2_16_loop:\n\t"
+#else
+    "L_poly1305_thumb2_16_loop_%=:\n\t"
+#endif
+        /* Add m to h */
+        "LDR	%[m], [sp, #16]\n\t"
+        "LDR	%[len], [%[m]]\n\t"
+        "LDR	%[notLast], [%[m], #4]\n\t"
+        "LDR	r9, [%[m], #8]\n\t"
+        "LDR	r10, [%[m], #12]\n\t"
+        "LDR	r11, [sp, #24]\n\t"
+        "ADDS	r4, r4, %[len]\n\t"
+        "ADCS	r5, r5, %[notLast]\n\t"
+        "ADCS	r6, r6, r9\n\t"
+        "ADCS	r7, r7, r10\n\t"
+        "ADD	%[m], %[m], #0x10\n\t"
+        "ADC	r8, r8, r11\n\t"
+#ifdef WOLFSSL_ARM_ARCH_7M
+        "STM	lr, {r4, r5, r6, r7, r8}\n\t"
+#else
+        /* h[0]-h[2] in r4-r6 for multiplication. */
+        "STR	r7, [lr, #12]\n\t"
+        "STR	r8, [lr, #16]\n\t"
+#endif /* WOLFSSL_ARM_ARCH_7M */
+        "STR	%[m], [sp, #16]\n\t"
+        "LDR	%[m], [sp, #12]\n\t"
+        /* Multiply h by r */
+#ifdef WOLFSSL_ARM_ARCH_7M
+        /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */
+        "LDR	%[notLast], [%[m]]\n\t"
+        "EOR	%[ctx], %[ctx], %[ctx]\n\t"
+        /* r[0] * h[0] */
+        /* h[0] in r4 */
+        "UMULL	r4, r5, %[notLast], r4\n\t"
+        /* r[0] * h[2] */
+        /* h[2] in r6 */
+        "UMULL	r6, r7, %[notLast], r6\n\t"
+        /* r[0] * h[4] */
+        /* h[4] in r8 */
+        "MUL	r8, %[notLast], r8\n\t"
+        /* r[0] * h[1] */
+        "LDR	%[len], [lr, #4]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "UMLAL	r5, r12, %[notLast], %[len]\n\t"
+        /* r[0] * h[3] */
+        "LDR	%[len], [lr, #12]\n\t"
+        "ADDS	r6, r6, r12\n\t"
+        "ADC	r7, r7, %[ctx]\n\t"
+        "UMLAL	r7, r8, %[notLast], %[len]\n\t"
+        /* r[1] * h[0] */
+        "LDR	%[notLast], [%[m], #4]\n\t"
+        "LDR	%[len], [lr]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "UMLAL	r5, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[1] */
+        "LDR	%[len], [lr, #4]\n\t"
+        "ADDS	r6, r6, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r6, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[2] */
+        "LDR	%[len], [lr, #8]\n\t"
+        "ADDS	r7, r7, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r7, r12, %[notLast], %[len]\n\t"
+        /* r[1] * h[3] */
+        "LDR	%[len], [lr, #12]\n\t"
+        "ADDS	r8, r8, r12\n\t"
+        "ADC	r9, %[ctx], %[ctx]\n\t"
+        "UMLAL	r8, r9, %[notLast], %[len]\n\t"
+        /* r[1] * h[4] */
+        "LDR	%[len], [lr, #16]\n\t"
+        "MLA	r9, %[notLast], %[len], r9\n\t"
+        /* r[2] * h[0] */
+        "LDR	%[notLast], [%[m], #8]\n\t"
+        "LDR	%[len], [lr]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "UMLAL	r6, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[1] */
+        "LDR	%[len], [lr, #4]\n\t"
+        "ADDS	r7, r7, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r7, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[2] */
+        "LDR	%[len], [lr, #8]\n\t"
+        "ADDS	r8, r8, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r8, r12, %[notLast], %[len]\n\t"
+        /* r[2] * h[3] */
+        "LDR	%[len], [lr, #12]\n\t"
+        "ADDS	r9, r9, r12\n\t"
+        "ADC	r10, %[ctx], %[ctx]\n\t"
+        "UMLAL	r9, r10, %[notLast], %[len]\n\t"
+        /* r[2] * h[4] */
+        "LDR	%[len], [lr, #16]\n\t"
+        "MLA	r10, %[notLast], %[len], r10\n\t"
+        /* r[3] * h[0] */
+        "LDR	%[notLast], [%[m], #12]\n\t"
+        "LDR	%[len], [lr]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "UMLAL	r7, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[1] */
+        "LDR	%[len], [lr, #4]\n\t"
+        "ADDS	r8, r8, r12\n\t"
+        "ADC	r12, %[ctx], %[ctx]\n\t"
+        "UMLAL	r8, r12, %[notLast], %[len]\n\t"
+        /* r[3] * h[2] */
+        "LDR	%[len], [lr, #8]\n\t"
+        "ADDS	r9, r9, r12\n\t"
+        "ADC	r10, r10, %[ctx]\n\t"
+        "UMLAL	r9, r10, %[notLast], %[len]\n\t"
+        /* r[3] * h[3] */
+        "LDR	%[len], [lr, #12]\n\t"
+        "MOV	r11, %[ctx]\n\t"
+        "UMLAL	r10, r11, %[notLast], %[len]\n\t"
+        /* r[3] * h[4] */
+        "LDR	%[len], [lr, #16]\n\t"
+        "MOV	r12, %[ctx]\n\t"
+        "MLA	r11, %[notLast], %[len], r11\n\t"
+#else
+        "ldm   %[m], {r0, r1, r2, r3}\n\t"
+        /* r[0] * h[0] */
+        "UMULL	r10, r11, %[ctx], r4\n\t"
+        /* r[1] * h[0] */
+        "UMULL	r12, r7, %[m], r4\n\t"
+        /* r[0] * h[1] */
+        "UMAAL	r11, r12, %[ctx], r5\n\t"
+        /* r[2] * h[0] */
+        "UMULL	r8, r9, %[len], r4\n\t"
+        /* r[1] * h[1] */
+        "UMAAL	r12, r8, %[m], r5\n\t"
+        /* r[0] * h[2] */
+        "UMAAL	r12, r7, %[ctx], r6\n\t"
+        /* r[3] * h[0] */
+        "UMAAL	r8, r9, %[notLast], r4\n\t"
+        "STM	sp, {r10, r11, r12}\n\t"
+        /* r[2] * h[1] */
+        "UMAAL	r7, r8, %[len], r5\n\t"
+        /* Replace h[0] with h[3] */
+        "LDR	r4, [lr, #12]\n\t"
+        /* r[1] * h[2] */
+        "UMULL	r10, r11, %[m], r6\n\t"
+        /* r[2] * h[2] */
+        "UMAAL	r8, r9, %[len], r6\n\t"
+        /* r[0] * h[3] */
+        "UMAAL	r7, r10, %[ctx], r4\n\t"
+        /* r[3] * h[1] */
+        "UMAAL	r8, r11, %[notLast], r5\n\t"
+        /* r[1] * h[3] */
+        "UMAAL	r8, r10, %[m], r4\n\t"
+        /* r[3] * h[2] */
+        "UMAAL	r9, r11, %[notLast], r6\n\t"
+        /* r[2] * h[3] */
+        "UMAAL	r9, r10, %[len], r4\n\t"
+        /* Replace h[1] with h[4] */
+        "LDR	r5, [lr, #16]\n\t"
+        /* r[3] * h[3] */
+        "UMAAL	r10, r11, %[notLast], r4\n\t"
+        "MOV	r12, #0x0\n\t"
+        /* r[0] * h[4] */
+        "UMAAL	r8, r12, %[ctx], r5\n\t"
+        /* r[1] * h[4] */
+        "UMAAL	r9, r12, %[m], r5\n\t"
+        /* r[2] * h[4] */
+        "UMAAL	r10, r12, %[len], r5\n\t"
+        /* r[3] * h[4] */
+        "UMAAL	r11, r12, %[notLast], r5\n\t"
+        /* DONE */
+        "ldm   sp, {r4, r5, r6}\n\t"
+#endif /* WOLFSSL_ARM_ARCH_7M */
+        /* r12 will be zero because r is masked. */
+        /* Load length */
+        "LDR	%[len], [sp, #20]\n\t"
+        /* Reduce mod 2^130 - 5 */
+        "BIC	%[notLast], r8, #0x3\n\t"
+        "AND	r8, r8, #0x3\n\t"
+        "ADDS	r4, r4, %[notLast]\n\t"
+        "LSR	%[notLast], %[notLast], #2\n\t"
+        "ADCS	r5, r5, r9\n\t"
+        "ORR	%[notLast], %[notLast], r9, LSL #30\n\t"
+        "ADCS	r6, r6, r10\n\t"
+        "LSR	r9, r9, #2\n\t"
+        "ADCS	r7, r7, r11\n\t"
+        "ORR	r9, r9, r10, LSL #30\n\t"
+        "ADC	r8, r8, r12\n\t"
+        "LSR	r10, r10, #2\n\t"
+        "ADDS	r4, r4, %[notLast]\n\t"
+        "ORR	r10, r10, r11, LSL #30\n\t"
+        "ADCS	r5, r5, r9\n\t"
+        "LSR	r11, r11, #2\n\t"
+        "ADCS	r6, r6, r10\n\t"
+        "ADCS	r7, r7, r11\n\t"
+        "ADC	r8, r8, r12\n\t"
+        /* Sub 16 from length. */
+        "SUBS	%[len], %[len], #0x10\n\t"
+        /* Store length. */
+        "STR	%[len], [sp, #20]\n\t"
+        /* Loop again if more message to do. */
+#if defined(__GNUC__)
+        "BGT	L_poly1305_thumb2_16_loop_%=\n\t"
+#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+        "BGT.N	L_poly1305_thumb2_16_loop\n\t"
+#else
+        "BGT.N	L_poly1305_thumb2_16_loop_%=\n\t"
+#endif
+        "STM	lr, {r4, r5, r6, r7, r8}\n\t"
+        "\n"
+#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000)
+    "L_poly1305_thumb2_16_done:\n\t"
+#else
+    "L_poly1305_thumb2_16_done_%=:\n\t"
+#endif
+        "ADD	sp, sp, #0x1c\n\t"
+        : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len),
+          [notLast] "+r" (notLast)
+        :
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12", "lr"
+    );
+}
+
+XALIGNED(16) static const word32 L_poly1305_thumb2_clamp[] = {
+    0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc,
+};
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_set_key(Poly1305* ctx_p, const byte* key_p)
+#else
+void poly1305_set_key(Poly1305* ctx, const byte* key)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx __asm__ ("r0") = (Poly1305*)ctx_p;
+    register const byte* key __asm__ ("r1") = (const byte*)key_p;
+    register word32* L_poly1305_thumb2_clamp_c __asm__ ("r2") =
+        (word32*)&L_poly1305_thumb2_clamp;
+
+#else
+    register word32* L_poly1305_thumb2_clamp_c =
+        (word32*)&L_poly1305_thumb2_clamp;
+
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        /* Load mask. */
+        "MOV	r10, %[L_poly1305_thumb2_clamp]\n\t"
+        "ldm   r10, {r6, r7, r8, r9}\n\t"
+        /* Load and cache padding. */
+        "LDR	r2, [%[key], #16]\n\t"
+        "LDR	r3, [%[key], #20]\n\t"
+        "LDR	r4, [%[key], #24]\n\t"
+        "LDR	r5, [%[key], #28]\n\t"
+        "ADD	r10, %[ctx], #0x24\n\t"
+        "STM	r10, {r2, r3, r4, r5}\n\t"
+        /* Load, mask and store r. */
+        "LDR	r2, [%[key]]\n\t"
+        "LDR	r3, [%[key], #4]\n\t"
+        "LDR	r4, [%[key], #8]\n\t"
+        "LDR	r5, [%[key], #12]\n\t"
+        "AND	r2, r2, r6\n\t"
+        "AND	r3, r3, r7\n\t"
+        "AND	r4, r4, r8\n\t"
+        "AND	r5, r5, r9\n\t"
+        "ADD	r10, %[ctx], #0x0\n\t"
+        "STM	r10, {r2, r3, r4, r5}\n\t"
+        /* h (accumulator) = 0 */
+        "EOR	r6, r6, r6\n\t"
+        "EOR	r7, r7, r7\n\t"
+        "EOR	r8, r8, r8\n\t"
+        "EOR	r9, r9, r9\n\t"
+        "ADD	r10, %[ctx], #0x10\n\t"
+        "EOR	r5, r5, r5\n\t"
+        "STM	r10, {r5, r6, r7, r8, r9}\n\t"
+        /* Zero leftover */
+        "STR	r5, [%[ctx], #52]\n\t"
+        : [ctx] "+r" (ctx), [key] "+r" (key),
+          [L_poly1305_thumb2_clamp] "+r" (L_poly1305_thumb2_clamp_c)
+        :
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
+    );
+}
+
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+void poly1305_final(Poly1305* ctx_p, byte* mac_p)
+#else
+void poly1305_final(Poly1305* ctx, byte* mac)
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+{
+#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+    register Poly1305* ctx __asm__ ("r0") = (Poly1305*)ctx_p;
+    register byte* mac __asm__ ("r1") = (byte*)mac_p;
+#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
+
+    __asm__ __volatile__ (
+        "ADD	r11, %[ctx], #0x10\n\t"
+        "ldm   r11, {r2, r3, r4, r5, r6}\n\t"
+        /* Add 5 and check for h larger than p. */
+        "ADDS	r7, r2, #0x5\n\t"
+        "ADCS	r7, r3, #0x0\n\t"
+        "ADCS	r7, r4, #0x0\n\t"
+        "ADCS	r7, r5, #0x0\n\t"
+        "ADC	r7, r6, #0x0\n\t"
+        "SUB	r7, r7, #0x4\n\t"
+        "LSR	r7, r7, #31\n\t"
+        "SUB	r7, r7, #0x1\n\t"
+        "AND	r7, r7, #0x5\n\t"
+        /* Add 0/5 to h. */
+        "ADDS	r2, r2, r7\n\t"
+        "ADCS	r3, r3, #0x0\n\t"
+        "ADCS	r4, r4, #0x0\n\t"
+        "ADC	r5, r5, #0x0\n\t"
+        /* Add padding */
+        "ADD	r11, %[ctx], #0x24\n\t"
+        "ldm   r11, {r7, r8, r9, r10}\n\t"
+        "ADDS	r2, r2, r7\n\t"
+        "ADCS	r3, r3, r8\n\t"
+        "ADCS	r4, r4, r9\n\t"
+        "ADC	r5, r5, r10\n\t"
+        /* Store MAC */
+        "STR	r2, [%[mac]]\n\t"
+        "STR	r3, [%[mac], #4]\n\t"
+        "STR	r4, [%[mac], #8]\n\t"
+        "STR	r5, [%[mac], #12]\n\t"
+        /* Zero out h. */
+        "EOR	r2, r2, r2\n\t"
+        "EOR	r3, r3, r3\n\t"
+        "EOR	r4, r4, r4\n\t"
+        "EOR	r5, r5, r5\n\t"
+        "EOR	r6, r6, r6\n\t"
+        "ADD	r11, %[ctx], #0x10\n\t"
+        "STM	r11, {r2, r3, r4, r5, r6}\n\t"
+        /* Zero out r. */
+        "ADD	r11, %[ctx], #0x0\n\t"
+        "STM	r11, {r2, r3, r4, r5}\n\t"
+        /* Zero out padding. */
+        "ADD	r11, %[ctx], #0x24\n\t"
+        "STM	r11, {r2, r3, r4, r5}\n\t"
+        : [ctx] "+r" (ctx), [mac] "+r" (mac)
+        :
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11"
+    );
+}
+
+#endif /* HAVE_POLY1305 */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305.c b/wolfcrypt/src/port/arm/thumb2-poly1305.c
new file mode 100644
index 000000000..e473ea445
--- /dev/null
+++ b/wolfcrypt/src/port/arm/thumb2-poly1305.c
@@ -0,0 +1,135 @@
+/* armv8-poly1305.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
+#ifdef WOLFSSL_ARMASM
+#ifdef WOLFSSL_ARMASM_THUMB2
+
+#ifdef HAVE_POLY1305
+#include <wolfssl/wolfcrypt/poly1305.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+#ifdef CHACHA_AEAD_TEST
+    #include <stdio.h>
+#endif
+
+/* Process 16 bytes of message at a time.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ * @param [in] bytes  Length of message in bytes.
+ */
+void poly1305_blocks_thumb2(Poly1305* ctx, const unsigned char* m,
+    size_t bytes)
+{
+    poly1305_blocks_thumb2_16(ctx, m, bytes, 1);
+}
+
+/* Process 16 bytes of message.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] m      Message to process.
+ */
+void poly1305_block_thumb2(Poly1305* ctx, const unsigned char* m)
+{
+    poly1305_blocks_thumb2_16(ctx, m, POLY1305_BLOCK_SIZE, 1);
+}
+
+/* Set the key for the Poly1305 operation.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] key    Key data to use.
+ * @param [in] keySz  Size of key in bytes. Must be 32.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or key is NULL or keySz is not 32.
+ */
+int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
+{
+    int ret = 0;
+
+#ifdef CHACHA_AEAD_TEST
+    word32 k;
+    printf("Poly key used:\n");
+    if (key != NULL) {
+        for (k = 0; k < keySz; k++) {
+            printf("%02x", key[k]);
+            if ((k+1) % 8 == 0)
+                printf("\n");
+        }
+    }
+    printf("\n");
+#endif
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (key == NULL) || (keySz != 32)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        poly1305_set_key(ctx, key);
+    }
+
+    return ret;
+}
+
+/* Finalize the Poly1305 operation calculating the MAC.
+ *
+ * @param [in] ctx    Poly1305 context.
+ * @param [in] mac    Buffer to hold the MAC. Myst be at least 16 bytes long.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when ctx or mac is NULL.
+ */
+int wc_Poly1305Final(Poly1305* ctx, byte* mac)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (mac == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    /* Process the remaining partial block - last block. */
+    if (ret == 0) {
+        if (ctx->leftover) {
+             size_t i = ctx->leftover;
+             ctx->buffer[i++] = 1;
+             for (; i < POLY1305_BLOCK_SIZE; i++) {
+                 ctx->buffer[i] = 0;
+             }
+             poly1305_blocks_thumb2_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE,
+                 0);
+        }
+
+        poly1305_final(ctx, mac);
+    }
+
+    return ret;
+}
+
+#endif /* HAVE_POLY1305 */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
+#endif /* WOLFSSL_ARMASM */
diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
index 4809afbc7..03cd66822 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
@@ -1,6 +1,6 @@
 /* thumb2-sha256-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,14 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha256.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
+ *   ruby ./sha2/sha256.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -1481,7 +1479,7 @@ L_SHA256_transform_len_start:
 	.size	Transform_Sha256_Len,.-Transform_Sha256_Len
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
index 903b58e3d..b7763d8f9 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c
@@ -1,6 +1,6 @@
 /* thumb2-sha256-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,17 +21,15 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha256.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm.c
+ *   ruby ./sha2/sha256.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm.c
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
 #ifdef __IAR_SYSTEMS_ICC__
@@ -47,7 +45,7 @@
 #include <wolfssl/wolfcrypt/sha256.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-XALIGNED(16) static const uint32_t L_SHA256_transform_len_k[] = {
+XALIGNED(16) static const word32 L_SHA256_transform_len_k[] = {
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
@@ -77,7 +75,13 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
     register wc_Sha256* sha256 __asm__ ("r0") = (wc_Sha256*)sha256_p;
     register const byte* data __asm__ ("r1") = (const byte*)data_p;
     register word32 len __asm__ ("r2") = (word32)len_p;
-    register uint32_t* L_SHA256_transform_len_k_c __asm__ ("r3") = (uint32_t*)&L_SHA256_transform_len_k;
+    register word32* L_SHA256_transform_len_k_c __asm__ ("r3") =
+        (word32*)&L_SHA256_transform_len_k;
+
+#else
+    register word32* L_SHA256_transform_len_k_c =
+        (word32*)&L_SHA256_transform_len_k;
+
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1460,21 +1464,16 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len)
         "BNE.W	L_SHA256_transform_len_begin_%=\n\t"
 #endif
         "ADD	sp, sp, #0xc0\n\t"
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len),
           [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
-#else
-        : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len)
-        : [L_SHA256_transform_len_k] "r" (L_SHA256_transform_len_k)
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
 #endif /* !NO_SHA256 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
index de12f723c..2ac261e2f 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
@@ -1,6 +1,6 @@
 /* thumb2-sha3-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,14 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha3/sha3.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
+ *   ruby ./sha3/sha3.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.S
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
@@ -1167,7 +1165,7 @@ L_sha3_thumb2_begin:
 	/* Cycle Count = 1505 */
 	.size	BlockSha3,.-BlockSha3
 #endif /* WOLFSSL_SHA3 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
index a22b9acc5..cacf79fb5 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c
@@ -1,6 +1,6 @@
 /* thumb2-sha3-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,17 +21,15 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha3/sha3.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.c
+ *   ruby ./sha3/sha3.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.c
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
 #ifdef __IAR_SYSTEMS_ICC__
@@ -44,7 +42,7 @@
 #define __volatile__   volatile
 #endif /* __KEIL__ */
 #ifdef WOLFSSL_SHA3
-static const uint64_t L_sha3_thumb2_rt[] = {
+static const word64 L_sha3_thumb2_rt[] = {
     0x0000000000000001UL, 0x0000000000008082UL,
     0x800000000000808aUL, 0x8000000080008000UL,
     0x000000000000808bUL, 0x0000000080000001UL,
@@ -69,7 +67,12 @@ void BlockSha3(word64* state)
 {
 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG
     register word64* state __asm__ ("r0") = (word64*)state_p;
-    register uint64_t* L_sha3_thumb2_rt_c __asm__ ("r1") = (uint64_t*)&L_sha3_thumb2_rt;
+    register word64* L_sha3_thumb2_rt_c __asm__ ("r1") =
+        (word64*)&L_sha3_thumb2_rt;
+
+#else
+    register word64* L_sha3_thumb2_rt_c = (word64*)&L_sha3_thumb2_rt;
+
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -1149,20 +1152,14 @@ void BlockSha3(word64* state)
         "BNE.W	L_sha3_thumb2_begin_%=\n\t"
 #endif
         "ADD	sp, sp, #0xcc\n\t"
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
-        : [state] "+r" (state),
-          [L_sha3_thumb2_rt] "+r" (L_sha3_thumb2_rt_c)
+        : [state] "+r" (state), [L_sha3_thumb2_rt] "+r" (L_sha3_thumb2_rt_c)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
-#else
-        : [state] "+r" (state)
-        : [L_sha3_thumb2_rt] "r" (L_sha3_thumb2_rt)
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
 #endif /* WOLFSSL_SHA3 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
index 9170e9457..266cf7b91 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
@@ -1,6 +1,6 @@
 /* thumb2-sha512-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,20 +21,18 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha512.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
+ *   ruby ./sha2/sha512.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm.S
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifndef WOLFSSL_ARMASM_INLINE
 	.thumb
 	.syntax unified
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 #ifdef WOLFSSL_ARMASM_NO_NEON
 	.text
 	.type	L_SHA512_transform_len_k, %object
@@ -3667,8 +3665,8 @@ L_SHA512_transform_len_start:
 	/* Cycle Count = 5021 */
 	.size	Transform_Sha512_Len,.-Transform_Sha512_Len
 #endif /* WOLFSSL_ARMASM_NO_NEON */
-#endif /* WOLFSSL_SHA512 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
index bd998025a..bcea309c8 100644
--- a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
+++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c
@@ -1,6 +1,6 @@
 /* thumb2-sha512-asm
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,17 +21,15 @@
 
 /* Generated using (from wolfssl):
  *   cd ../scripts
- *   ruby ./sha2/sha512.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm.c
+ *   ruby ./sha2/sha512.rb \
+ *       thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm.c
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif /* HAVE_CONFIG_H */
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef WOLFSSL_ARMASM
-#if !defined(__aarch64__) && defined(__thumb__)
+#ifdef WOLFSSL_ARMASM_THUMB2
 #ifdef WOLFSSL_ARMASM_INLINE
 
 #ifdef __IAR_SYSTEMS_ICC__
@@ -43,11 +41,11 @@
 #define __asm__        __asm
 #define __volatile__   volatile
 #endif /* __KEIL__ */
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 #include <wolfssl/wolfcrypt/sha512.h>
 
 #ifdef WOLFSSL_ARMASM_NO_NEON
-static const uint64_t L_SHA512_transform_len_k[] = {
+static const word64 L_SHA512_transform_len_k[] = {
     0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
     0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
     0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
@@ -101,7 +99,13 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
     register wc_Sha512* sha512 __asm__ ("r0") = (wc_Sha512*)sha512_p;
     register const byte* data __asm__ ("r1") = (const byte*)data_p;
     register word32 len __asm__ ("r2") = (word32)len_p;
-    register uint64_t* L_SHA512_transform_len_k_c __asm__ ("r3") = (uint64_t*)&L_SHA512_transform_len_k;
+    register word64* L_SHA512_transform_len_k_c __asm__ ("r3") =
+        (word64*)&L_SHA512_transform_len_k;
+
+#else
+    register word64* L_SHA512_transform_len_k_c =
+        (word64*)&L_SHA512_transform_len_k;
+
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
 
     __asm__ __volatile__ (
@@ -3575,21 +3579,16 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
 #endif
         "EOR	r0, r0, r0\n\t"
         "ADD	sp, sp, #0xc0\n\t"
-#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
         : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len),
           [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
-#else
-        : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len)
-        : [L_SHA512_transform_len_k] "r" (L_SHA512_transform_len_k)
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
-#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
 #endif /* WOLFSSL_ARMASM_NO_NEON */
-#endif /* WOLFSSL_SHA512 */
-#endif /* !__aarch64__ && __thumb__ */
+#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
+#endif /* WOLFSSL_ARMASM_THUMB2 */
 #endif /* WOLFSSL_ARMASM */
 #endif /* WOLFSSL_ARMASM_INLINE */
diff --git a/wolfcrypt/src/port/atmel/README.md b/wolfcrypt/src/port/atmel/README.md
index 1a7664394..01b11a040 100644
--- a/wolfcrypt/src/port/atmel/README.md
+++ b/wolfcrypt/src/port/atmel/README.md
@@ -24,7 +24,7 @@ Requires the Microchip CryptoAuthLib library. The examples in `wolfcrypt/src/por
 * `WOLFSSL_ATECC_TFLXTLS`: Enable support for Microchip TrustFLEX with custom PKI module configuration
 * `WOLFSSL_ATECC_DEBUG`: Enable wolfSSL ATECC debug messages.
 * `WOLFSSL_ATMEL`: Enables ASF hooks seeding random data using the `atmel_get_random_number` function.
-* `WOLFSSL_ATMEL_TIME`: Enables the built-in `atmel_get_curr_time_and_date` function get getting time from ASF RTC. 
+* `WOLFSSL_ATMEL_TIME`: Enables the built-in `atmel_get_curr_time_and_date` function get getting time from ASF RTC.
 * `ATECC_GET_ENC_KEY`: Macro to define your own function for getting the encryption key.
 * `ATECC_SLOT_I2C_ENC`: Macro for the default encryption key slot. Can also get via the slot callback with `ATMEL_SLOT_ENCKEY`.
 * `ATECC_MAX_SLOT`: Macro for the maximum dynamically allocated slots.
@@ -35,7 +35,7 @@ Requires the Microchip CryptoAuthLib library. The examples in `wolfcrypt/src/por
 `#define HAVE_PK_CALLBACKS`
 `#define WOLFSSL_ATECC_PKCB`
 
-or 
+or
 
 `./configure CFLAGS="-DWOLFSSL_ATECC608A"`
 `#define WOLFSSL_ATECC608A`
diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c
index 31ad98fb4..6aabe5dba 100644
--- a/wolfcrypt/src/port/atmel/atmel.c
+++ b/wolfcrypt/src/port/atmel/atmel.c
@@ -1,6 +1,6 @@
 /* atmel.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/autosar/README.md b/wolfcrypt/src/port/autosar/README.md
index 004989ae9..39fd501fa 100644
--- a/wolfcrypt/src/port/autosar/README.md
+++ b/wolfcrypt/src/port/autosar/README.md
@@ -31,15 +31,15 @@ There is an example test case located at wolfcrypt/src/port/autsar/example.c. Af
 
 ## 4.0 API Implemented
 
-- Std_ReturnType Csm_Decrypt(uint32 jobId,                            
-         Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength, 
-         uint8* resultPtr, uint32* resultLengthPtr);                             
-- Std_ReturnType Csm_Encrypt(uint32 jobId,                            
-         Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength, 
-         uint8* resultPtr, uint32* resultLengthPtr);                             
-- Std_ReturnType Csm_KeyElementSet(uint32 keyId, uint32 keyElementId, 
-         const uint8* keyPtr, uint32 keyLength);                                 
-- Std_ReturnType Csm_RandomGenerate( uint32 jobId, uint8* resultPtr,  
+- Std_ReturnType Csm_Decrypt(uint32 jobId,
+         Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength,
+         uint8* resultPtr, uint32* resultLengthPtr);
+- Std_ReturnType Csm_Encrypt(uint32 jobId,
+         Crypto_OperationModeType mode, const uint8* dataPtr, uint32 dataLength,
+         uint8* resultPtr, uint32* resultLengthPtr);
+- Std_ReturnType Csm_KeyElementSet(uint32 keyId, uint32 keyElementId,
+         const uint8* keyPtr, uint32 keyLength);
+- Std_ReturnType Csm_RandomGenerate( uint32 jobId, uint8* resultPtr,
          uint32* resultLengthPtr);
 
-Along with the structures necessary for these API.
\ No newline at end of file
+Along with the structures necessary for these API.
diff --git a/wolfcrypt/src/port/autosar/cryif.c b/wolfcrypt/src/port/autosar/cryif.c
index 6fd9cc1a2..5909b3a2c 100644
--- a/wolfcrypt/src/port/autosar/cryif.c
+++ b/wolfcrypt/src/port/autosar/cryif.c
@@ -1,6 +1,6 @@
 /* cryif.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/autosar/crypto.c b/wolfcrypt/src/port/autosar/crypto.c
index d5a7509f6..2f20aa5ba 100644
--- a/wolfcrypt/src/port/autosar/crypto.c
+++ b/wolfcrypt/src/port/autosar/crypto.c
@@ -1,6 +1,6 @@
 /* crypto.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -250,7 +250,7 @@ Std_ReturnType wolfSSL_Crypto_CBC(Crypto_JobType* job)
             return E_NOT_OK;
         }
 
-        if (iv != NULL && ivSz < AES_BLOCK_SIZE) {
+        if (iv != NULL && ivSz < WC_AES_BLOCK_SIZE) {
             WOLFSSL_MSG("Error IV is too small");
             return E_NOT_OK;
         }
diff --git a/wolfcrypt/src/port/autosar/csm.c b/wolfcrypt/src/port/autosar/csm.c
index 8fa6063a7..156121e42 100644
--- a/wolfcrypt/src/port/autosar/csm.c
+++ b/wolfcrypt/src/port/autosar/csm.c
@@ -1,6 +1,6 @@
 /* csm.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/autosar/test.c b/wolfcrypt/src/port/autosar/test.c
index 29cd8fc3e..ecbb678c0 100644
--- a/wolfcrypt/src/port/autosar/test.c
+++ b/wolfcrypt/src/port/autosar/test.c
@@ -1,6 +1,6 @@
 /* test.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/caam_aes.c b/wolfcrypt/src/port/caam/caam_aes.c
index b744c1244..70a1ad80c 100644
--- a/wolfcrypt/src/port/caam/caam_aes.c
+++ b/wolfcrypt/src/port/caam/caam_aes.c
@@ -1,6 +1,6 @@
 /* caam_aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -93,7 +93,8 @@ int  wc_AesSetKey(Aes* aes, const byte* key, word32 len,
         return ret;
     }
 
-#ifdef WOLFSSL_AES_COUNTER
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
 #endif
 
@@ -111,7 +112,7 @@ int  wc_AesCbcEncrypt(Aes* aes, byte* out,
         return BAD_FUNC_ARG;
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
 
     if (blocks > 0) {
         Buffer buf[4];
@@ -130,19 +131,19 @@ int  wc_AesCbcEncrypt(Aes* aes, byte* out,
 
         buf[1].BufferType = DataBuffer;
         buf[1].TheAddress = (Address)aes->reg;
-        buf[1].Length     = AES_BLOCK_SIZE;
+        buf[1].Length     = WC_AES_BLOCK_SIZE;
 
         buf[2].BufferType = DataBuffer;
         buf[2].TheAddress = (Address)in;
-        buf[2].Length     = blocks * AES_BLOCK_SIZE;
+        buf[2].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         buf[3].BufferType = DataBuffer | LastBuffer;
         buf[3].TheAddress = (Address)out;
-        buf[3].Length     = blocks * AES_BLOCK_SIZE;
+        buf[3].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         arg[0] = CAAM_ENC;
         arg[1] = keySz;
-        arg[2] = blocks * AES_BLOCK_SIZE;
+        arg[2] = blocks * WC_AES_BLOCK_SIZE;
 
         if ((ret = wc_caamAddAndWait(buf, 4, arg, CAAM_AESCBC)) != 0) {
             WOLFSSL_MSG("Error with CAAM AES CBC encrypt");
@@ -164,7 +165,7 @@ int  wc_AesCbcDecrypt(Aes* aes, byte* out,
         return BAD_FUNC_ARG;
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
 
     if (blocks > 0) {
         Buffer buf[4];
@@ -183,19 +184,19 @@ int  wc_AesCbcDecrypt(Aes* aes, byte* out,
 
         buf[1].BufferType = DataBuffer;
         buf[1].TheAddress = (Address)aes->reg;
-        buf[1].Length     = AES_BLOCK_SIZE;
+        buf[1].Length     = WC_AES_BLOCK_SIZE;
 
         buf[2].BufferType = DataBuffer;
         buf[2].TheAddress = (Address)in;
-        buf[2].Length     = blocks * AES_BLOCK_SIZE;
+        buf[2].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         buf[3].BufferType = DataBuffer | LastBuffer;
         buf[3].TheAddress = (Address)out;
-        buf[3].Length     = blocks * AES_BLOCK_SIZE;
+        buf[3].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         arg[0] = CAAM_DEC;
         arg[1] = keySz;
-        arg[2] = blocks * AES_BLOCK_SIZE;
+        arg[2] = blocks * WC_AES_BLOCK_SIZE;
 
         if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESCBC)) != 0) {
             WOLFSSL_MSG("Error with CAAM AES CBC decrypt");
@@ -207,7 +208,7 @@ int  wc_AesCbcDecrypt(Aes* aes, byte* out,
 }
 
 #if defined(HAVE_AES_ECB)
-/* is assumed that input size is a multiple of AES_BLOCK_SIZE */
+/* is assumed that input size is a multiple of WC_AES_BLOCK_SIZE */
 int wc_AesEcbEncrypt(Aes* aes, byte* out,
                                   const byte* in, word32 sz)
 {
@@ -221,7 +222,7 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out,
         return BAD_FUNC_ARG;
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
 
     if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
         return ret;
@@ -234,15 +235,15 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out,
 
     buf[1].BufferType = DataBuffer;
     buf[1].TheAddress = (Address)in;
-    buf[1].Length     = blocks * AES_BLOCK_SIZE;
+    buf[1].Length     = blocks * WC_AES_BLOCK_SIZE;
 
     buf[2].BufferType = DataBuffer | LastBuffer;
     buf[2].TheAddress = (Address)out;
-    buf[2].Length     = blocks * AES_BLOCK_SIZE;
+    buf[2].Length     = blocks * WC_AES_BLOCK_SIZE;
 
     arg[0] = CAAM_ENC;
     arg[1] = keySz;
-    arg[2] = blocks * AES_BLOCK_SIZE;
+    arg[2] = blocks * WC_AES_BLOCK_SIZE;
 
     if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESECB)) != 0) {
         WOLFSSL_MSG("Error with CAAM AES ECB encrypt");
@@ -266,7 +267,7 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out,
         return BAD_FUNC_ARG;
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
 
     if ((ret = wc_AesGetKeySize(aes, &keySz)) != 0) {
         return ret;
@@ -279,15 +280,15 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out,
 
     buf[1].BufferType = DataBuffer;
     buf[1].TheAddress = (Address)in;
-    buf[1].Length     = blocks * AES_BLOCK_SIZE;
+    buf[1].Length     = blocks * WC_AES_BLOCK_SIZE;
 
     buf[2].BufferType = DataBuffer | LastBuffer;
     buf[2].TheAddress = (Address)out;
-    buf[2].Length     = blocks * AES_BLOCK_SIZE;
+    buf[2].Length     = blocks * WC_AES_BLOCK_SIZE;
 
     arg[0] = CAAM_DEC;
     arg[1] = keySz;
-    arg[2] = blocks * AES_BLOCK_SIZE;
+    arg[2] = blocks * WC_AES_BLOCK_SIZE;
 
     if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESECB)) != 0) {
         WOLFSSL_MSG("Error with CAAM AES ECB decrypt");
@@ -305,7 +306,7 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
 {
     /* in network byte order so start at end and work back */
     int i;
-    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
         if (++inOutCtr[i])  /* we're done unless we overflow */
             return;
     }
@@ -330,7 +331,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out,
     }
 
     /* consume any unused bytes left in aes->tmp */
-    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+    tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
     while (aes->left && sz) {
         *(out++) = *(in++) ^ *(tmp++);
         aes->left--;
@@ -338,7 +339,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out,
     }
 
     /* do full blocks to then get potential left over amount */
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
     if (blocks > 0) {
         /* Set buffers for key, cipher text, and plain text */
         buf[0].BufferType = DataBuffer;
@@ -347,28 +348,28 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out,
 
         buf[1].BufferType = DataBuffer;
         buf[1].TheAddress = (Address)aes->reg;
-        buf[1].Length     = AES_BLOCK_SIZE;
+        buf[1].Length     = WC_AES_BLOCK_SIZE;
 
         buf[2].BufferType = DataBuffer;
         buf[2].TheAddress = (Address)in;
-        buf[2].Length     = blocks * AES_BLOCK_SIZE;
+        buf[2].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         buf[3].BufferType = DataBuffer | LastBuffer;
         buf[3].TheAddress = (Address)out;
-        buf[3].Length     = blocks * AES_BLOCK_SIZE;
+        buf[3].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         arg[0] = CAAM_ENC;
         arg[1] = keySz;
-        arg[2] = blocks * AES_BLOCK_SIZE;
+        arg[2] = blocks * WC_AES_BLOCK_SIZE;
 
         if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESCTR)) != 0) {
             WOLFSSL_MSG("Error with CAAM AES CTR encrypt");
             return ret;
         }
 
-        out += blocks * AES_BLOCK_SIZE;
-        in  += blocks * AES_BLOCK_SIZE;
-        sz  -= blocks * AES_BLOCK_SIZE;
+        out += blocks * WC_AES_BLOCK_SIZE;
+        in  += blocks * WC_AES_BLOCK_SIZE;
+        sz  -= blocks * WC_AES_BLOCK_SIZE;
     }
 
     if (sz) {
@@ -376,7 +377,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out,
             return ret;
         IncrementAesCounter((byte*)aes->reg);
 
-        aes->left = AES_BLOCK_SIZE;
+        aes->left = WC_AES_BLOCK_SIZE;
         tmp = (byte*)aes->tmp;
 
         while (sz--) {
@@ -414,15 +415,15 @@ int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
 
      buf[1].BufferType = DataBuffer;
      buf[1].TheAddress = (Address)in;
-     buf[1].Length     = AES_BLOCK_SIZE;
+     buf[1].Length     = WC_AES_BLOCK_SIZE;
 
      buf[2].BufferType = DataBuffer | LastBuffer;
      buf[2].TheAddress = (Address)out;
-     buf[2].Length     = AES_BLOCK_SIZE;
+     buf[2].Length     = WC_AES_BLOCK_SIZE;
 
      arg[0] = CAAM_ENC;
      arg[1] = keySz;
-     arg[2] = AES_BLOCK_SIZE;
+     arg[2] = WC_AES_BLOCK_SIZE;
 
      if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESECB)) != 0) {
          WOLFSSL_MSG("Error with CAAM AES direct encrypt");
@@ -455,15 +456,15 @@ int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
 
      buf[1].BufferType = DataBuffer;
      buf[1].TheAddress = (Address)in;
-     buf[1].Length     = AES_BLOCK_SIZE;
+     buf[1].Length     = WC_AES_BLOCK_SIZE;
 
      buf[2].BufferType = DataBuffer | LastBuffer;
      buf[2].TheAddress = (Address)out;
-     buf[2].Length     = AES_BLOCK_SIZE;
+     buf[2].Length     = WC_AES_BLOCK_SIZE;
 
      arg[0] = CAAM_DEC;
      arg[1] = keySz;
-     arg[2] = AES_BLOCK_SIZE;
+     arg[2] = WC_AES_BLOCK_SIZE;
 
      if ((ret = wc_caamAddAndWait(buf, arg, CAAM_AESECB)) != 0) {
          WOLFSSL_MSG("Error with CAAM AES direct decrypt");
@@ -492,7 +493,7 @@ int  wc_AesCcmEncrypt(Aes* aes, byte* out,
     word32 arg[4];
     word32 keySz;
     word32 i;
-    byte B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
+    byte B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
     int lenSz;
     byte mask = 0xFF;
     const word32 wordSz = (word32)sizeof(word32);
@@ -501,7 +502,7 @@ int  wc_AesCcmEncrypt(Aes* aes, byte* out,
     /* sanity check on arguments */
     if (aes == NULL || out == NULL || in == NULL || nonce == NULL
             || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
-        authTagSz > AES_BLOCK_SIZE)
+        authTagSz > WC_AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
     if ((ret = wc_AesCcmCheckTagSize(authTagSz)) != 0) {
@@ -514,18 +515,18 @@ int  wc_AesCcmEncrypt(Aes* aes, byte* out,
 
     /* set up B0 and CTR0 similar to how wolfcrypt/src/aes.c does */
     XMEMCPY(B0Ctr0+1, nonce, nonceSz);
-    XMEMCPY(B0Ctr0+AES_BLOCK_SIZE+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    XMEMCPY(B0Ctr0+WC_AES_BLOCK_SIZE+1, nonce, nonceSz);
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B0Ctr0[0] = (authInSz > 0 ? 64 : 0)
          + (8 * (((byte)authTagSz - 2) / 2))
          + (lenSz - 1);
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B0Ctr0[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
-        B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE - 1 - i] = 0;
+        B0Ctr0[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE - 1 - i] = 0;
     }
-    B0Ctr0[AES_BLOCK_SIZE] = lenSz - 1;
+    B0Ctr0[WC_AES_BLOCK_SIZE] = lenSz - 1;
 
     /* Set buffers for key, cipher text, and plain text */
     buf[0].BufferType = DataBuffer;
@@ -534,7 +535,7 @@ int  wc_AesCcmEncrypt(Aes* aes, byte* out,
 
     buf[1].BufferType = DataBuffer;
     buf[1].TheAddress = (Address)B0Ctr0;
-    buf[1].Length     = AES_BLOCK_SIZE + AES_BLOCK_SIZE;
+    buf[1].Length     = WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE;
 
     buf[2].BufferType = DataBuffer;
     buf[2].TheAddress = (Address)authIn;
@@ -574,8 +575,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
     word32 arg[4];
     word32 keySz;
     word32 i;
-    byte B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
-    byte tag[AES_BLOCK_SIZE];
+    byte B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
+    byte tag[WC_AES_BLOCK_SIZE];
     int lenSz;
     byte mask = 0xFF;
     const word32 wordSz = (word32)sizeof(word32);
@@ -584,7 +585,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
     /* sanity check on arguments */
     if (aes == NULL || out == NULL || in == NULL || nonce == NULL
             || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
-        authTagSz > AES_BLOCK_SIZE)
+        authTagSz > WC_AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
     if ((ret = wc_AesCcmCheckTagSize(authTagSz)) != 0) {
@@ -597,19 +598,19 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
 
     /* set up B0 and CTR0 similar to how wolfcrypt/src/aes.c does */
     XMEMCPY(B0Ctr0+1, nonce, nonceSz);
-    XMEMCPY(B0Ctr0+AES_BLOCK_SIZE+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    XMEMCPY(B0Ctr0+WC_AES_BLOCK_SIZE+1, nonce, nonceSz);
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B0Ctr0[0] = (authInSz > 0 ? 64 : 0)
          + (8 * (((byte)authTagSz - 2) / 2))
          + (lenSz - 1);
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B0Ctr0[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
-        B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE - 1 - i] = 0;
+        B0Ctr0[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE - 1 - i] = 0;
     }
-    B0Ctr0[AES_BLOCK_SIZE] = lenSz - 1;
-    if ((ret = wc_AesEncryptDirect(aes, tag, B0Ctr0 + AES_BLOCK_SIZE)) != 0)
+    B0Ctr0[WC_AES_BLOCK_SIZE] = lenSz - 1;
+    if ((ret = wc_AesEncryptDirect(aes, tag, B0Ctr0 + WC_AES_BLOCK_SIZE)) != 0)
         return ret;
 
     /* Set buffers for key, cipher text, and plain text */
@@ -619,7 +620,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
 
     buf[1].BufferType = DataBuffer;
     buf[1].TheAddress = (Address)B0Ctr0;
-    buf[1].Length     = AES_BLOCK_SIZE + AES_BLOCK_SIZE;
+    buf[1].Length     = WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE;
 
     buf[2].BufferType = DataBuffer;
     buf[2].TheAddress = (Address)authIn;
@@ -652,8 +653,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
         ret = AES_CCM_AUTH_E;
     }
 
-    ForceZero(tag, AES_BLOCK_SIZE);
-    ForceZero(B0Ctr0, AES_BLOCK_SIZE * 2);
+    ForceZero(tag, WC_AES_BLOCK_SIZE);
+    ForceZero(B0Ctr0, WC_AES_BLOCK_SIZE * 2);
 
     return ret;
 
diff --git a/wolfcrypt/src/port/caam/caam_driver.c b/wolfcrypt/src/port/caam/caam_driver.c
index d98574f68..ccc7f29a9 100644
--- a/wolfcrypt/src/port/caam/caam_driver.c
+++ b/wolfcrypt/src/port/caam/caam_driver.c
@@ -1,6 +1,6 @@
 /* caam_driver.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/caam_error.c b/wolfcrypt/src/port/caam/caam_error.c
index ba52aa577..0e0da2874 100644
--- a/wolfcrypt/src/port/caam/caam_error.c
+++ b/wolfcrypt/src/port/caam/caam_error.c
@@ -1,6 +1,6 @@
 /* caam_error.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/caam_integrity.c b/wolfcrypt/src/port/caam/caam_integrity.c
index bbe4dcef9..abdb7d381 100644
--- a/wolfcrypt/src/port/caam/caam_integrity.c
+++ b/wolfcrypt/src/port/caam/caam_integrity.c
@@ -1,6 +1,6 @@
 /* caam_integrity.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/caam_qnx.c b/wolfcrypt/src/port/caam/caam_qnx.c
index 0c5e407a6..f74a0c86c 100644
--- a/wolfcrypt/src/port/caam/caam_qnx.c
+++ b/wolfcrypt/src/port/caam/caam_qnx.c
@@ -1,6 +1,6 @@
 /* caam_qnx.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/caam_sha.c b/wolfcrypt/src/port/caam/caam_sha.c
index 6964a3c4c..a39484d59 100644
--- a/wolfcrypt/src/port/caam/caam_sha.c
+++ b/wolfcrypt/src/port/caam/caam_sha.c
@@ -1,6 +1,6 @@
 /* caam_sha.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_aes.c b/wolfcrypt/src/port/caam/wolfcaam_aes.c
index 02930c64b..794ce09d5 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_aes.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_aes.c
@@ -1,6 +1,6 @@
 /* wolfcaam_aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -122,8 +122,8 @@ static word32 CreateB0CTR(byte* B0Ctr0, const byte* nonce, word32 nonceSz,
 
     /* set up B0 and CTR0 similar to how wolfcrypt/src/aes.c does */
     XMEMCPY(B0Ctr0+1, nonce, nonceSz);
-    XMEMCPY(B0Ctr0+AES_BLOCK_SIZE+1, nonce, nonceSz);
-    lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+    XMEMCPY(B0Ctr0+WC_AES_BLOCK_SIZE+1, nonce, nonceSz);
+    lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
     B0Ctr0[0] = 0;
     if (authInSz > 0) {
         B0Ctr0[0] |= 0x40; /* set aad bit */
@@ -139,10 +139,10 @@ static word32 CreateB0CTR(byte* B0Ctr0, const byte* nonce, word32 nonceSz,
     for (i = 0; i < lenSz; i++) {
         if (mask && i >= wordSz)
             mask = 0x00;
-        B0Ctr0[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
-        B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE - 1 - i] = 0;
+        B0Ctr0[WC_AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask;
+        B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE - 1 - i] = 0;
     }
-    B0Ctr0[AES_BLOCK_SIZE] = lenSz - 1;
+    B0Ctr0[WC_AES_BLOCK_SIZE] = lenSz - 1;
 
     return 0;
 }
@@ -157,12 +157,12 @@ int wc_CAAM_AesCcmEncrypt(Aes* aes, const byte* in, byte* out, word32 sz,
         const byte* authIn, word32 authInSz)
 {
 #ifndef WOLFSSL_SECO_CAAM
-    byte B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
+    byte B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
 #endif
 
     if (aes == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
         nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
-            authTagSz > AES_BLOCK_SIZE)
+            authTagSz > WC_AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
     /* sanity check on tag size */
@@ -172,7 +172,7 @@ int wc_CAAM_AesCcmEncrypt(Aes* aes, const byte* in, byte* out, word32 sz,
 
 #ifndef WOLFSSL_SECO_CAAM
     CreateB0CTR(B0Ctr0, nonce, nonceSz, authInSz, authTagSz, sz);
-    return wc_CAAM_AesAeadCommon(aes, in, out, sz, B0Ctr0, 2*AES_BLOCK_SIZE,
+    return wc_CAAM_AesAeadCommon(aes, in, out, sz, B0Ctr0, 2*WC_AES_BLOCK_SIZE,
         authTag, authTagSz, authIn, authInSz, CAAM_ENC, CAAM_AESCCM);
 #else
     return wc_CAAM_AesAeadCommon(aes, in, out, sz, nonce, nonceSz,
@@ -190,13 +190,13 @@ int wc_CAAM_AesCcmDecrypt(Aes* aes, const byte* in, byte* out, word32 sz,
 {
     int ret;
 #ifndef WOLFSSL_SECO_CAAM
-    byte B0Ctr0[AES_BLOCK_SIZE + AES_BLOCK_SIZE];
+    byte B0Ctr0[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
 #endif
 
     /* sanity check on arguments */
     if (aes == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
         nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
-        authTagSz > AES_BLOCK_SIZE)
+        authTagSz > WC_AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
     /* sanity check on tag size */
@@ -206,7 +206,7 @@ int wc_CAAM_AesCcmDecrypt(Aes* aes, const byte* in, byte* out, word32 sz,
 
 #ifndef WOLFSSL_SECO_CAAM
     CreateB0CTR(B0Ctr0, nonce, nonceSz, authInSz, authTagSz, sz);
-    ret = wc_CAAM_AesAeadCommon(aes, in, out, sz, B0Ctr0, 2*AES_BLOCK_SIZE,
+    ret = wc_CAAM_AesAeadCommon(aes, in, out, sz, B0Ctr0, 2*WC_AES_BLOCK_SIZE,
             (byte*)authTag, authTagSz, authIn, authInSz, CAAM_DEC, CAAM_AESCCM);
 #else
     ret = wc_CAAM_AesAeadCommon(aes, in, out, sz, nonce, nonceSz,
@@ -260,7 +260,7 @@ static int wc_CAAM_AesCbcCtrCommon(Aes* aes, byte* out, const byte* in,
         return BAD_FUNC_ARG;
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
 
     if (blocks > 0) {
         CAAM_BUFFER buf[5];
@@ -279,24 +279,24 @@ static int wc_CAAM_AesCbcCtrCommon(Aes* aes, byte* out, const byte* in,
 
         buf[1].BufferType = DataBuffer;
         buf[1].TheAddress = (CAAM_ADDRESS)aes->reg;
-        buf[1].Length     = AES_BLOCK_SIZE;
+        buf[1].Length     = WC_AES_BLOCK_SIZE;
 
         buf[2].BufferType = DataBuffer;
         buf[2].TheAddress = (CAAM_ADDRESS)in;
-        buf[2].Length     = blocks * AES_BLOCK_SIZE;
+        buf[2].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         buf[3].BufferType = DataBuffer | LastBuffer;
         buf[3].TheAddress = (CAAM_ADDRESS)out;
-        buf[3].Length     = blocks * AES_BLOCK_SIZE;
+        buf[3].Length     = blocks * WC_AES_BLOCK_SIZE;
 
         /* buffer for updated IV */
         buf[4].BufferType = DataBuffer;
         buf[4].TheAddress = (CAAM_ADDRESS)aes->reg;
-        buf[4].Length     = AES_BLOCK_SIZE;
+        buf[4].Length     = WC_AES_BLOCK_SIZE;
 
         arg[0] = dir;
         arg[1] = keySz;
-        arg[2] = blocks * AES_BLOCK_SIZE;
+        arg[2] = blocks * WC_AES_BLOCK_SIZE;
         arg[3] = aes->blackKey;
 
         if ((ret = wc_caamAddAndWait(buf, 5, arg, mode)) != 0) {
@@ -314,7 +314,7 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
 {
     /* in network byte order so start at end and work back */
     int i;
-    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
         if (++inOutCtr[i])  /* we're done unless we overflow */
             return;
     }
@@ -335,7 +335,7 @@ int wc_CAAM_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* consume any unused bytes left in aes->tmp */
-    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+    tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
     while (aes->left && sz) {
         *(out++) = *(in++) ^ *(tmp++);
         aes->left--;
@@ -343,14 +343,14 @@ int wc_CAAM_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* do full blocks to then get potential left over amount */
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
     if (blocks > 0) {
-        ret = wc_CAAM_AesCbcCtrCommon(aes, out, in, blocks * AES_BLOCK_SIZE,
+        ret = wc_CAAM_AesCbcCtrCommon(aes, out, in, blocks * WC_AES_BLOCK_SIZE,
             CAAM_ENC, CAAM_AESCTR);
 
-        out += blocks * AES_BLOCK_SIZE;
-        in  += blocks * AES_BLOCK_SIZE;
-        sz  -= blocks * AES_BLOCK_SIZE;
+        out += blocks * WC_AES_BLOCK_SIZE;
+        in  += blocks * WC_AES_BLOCK_SIZE;
+        sz  -= blocks * WC_AES_BLOCK_SIZE;
     }
 
     if (sz) {
@@ -360,7 +360,7 @@ int wc_CAAM_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         }
         IncrementAesCounter((byte*)aes->reg);
 
-        aes->left = AES_BLOCK_SIZE;
+        aes->left = WC_AES_BLOCK_SIZE;
         tmp = (byte*)aes->tmp;
 
         while (sz--) {
@@ -399,7 +399,7 @@ static int wc_CAAM_AesEcbCommon(Aes* aes, byte* out, const byte* in, word32 sz,
         return BAD_FUNC_ARG;
     }
 
-    blocks = sz / AES_BLOCK_SIZE;
+    blocks = sz / WC_AES_BLOCK_SIZE;
 
     if (wc_AesGetKeySize(aes, &keySz) != 0 && aes->blackKey == 0) {
         return BAD_FUNC_ARG;
@@ -413,17 +413,17 @@ static int wc_CAAM_AesEcbCommon(Aes* aes, byte* out, const byte* in, word32 sz,
 
     buf[idx].BufferType = DataBuffer;
     buf[idx].TheAddress = (CAAM_ADDRESS)in;
-    buf[idx].Length     = blocks * AES_BLOCK_SIZE;
+    buf[idx].Length     = blocks * WC_AES_BLOCK_SIZE;
     idx++;
 
     buf[idx].BufferType = DataBuffer | LastBuffer;
     buf[idx].TheAddress = (CAAM_ADDRESS)out;
-    buf[idx].Length     = blocks * AES_BLOCK_SIZE;
+    buf[idx].Length     = blocks * WC_AES_BLOCK_SIZE;
     idx++;
 
     arg[0] = dir;
     arg[1] = keySz;
-    arg[2] = blocks * AES_BLOCK_SIZE;
+    arg[2] = blocks * WC_AES_BLOCK_SIZE;
     arg[3] = aes->blackKey;
 
     if ((ret = wc_caamAddAndWait(buf, idx, arg, CAAM_AESECB)) != 0) {
@@ -435,7 +435,7 @@ static int wc_CAAM_AesEcbCommon(Aes* aes, byte* out, const byte* in, word32 sz,
 }
 
 
-/* is assumed that input size is a multiple of AES_BLOCK_SIZE */
+/* is assumed that input size is a multiple of WC_AES_BLOCK_SIZE */
 int wc_CAAM_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     return wc_CAAM_AesEcbCommon(aes, out, in, sz, CAAM_ENC);
diff --git a/wolfcrypt/src/port/caam/wolfcaam_cmac.c b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
index 28a7e9821..7d041401d 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_cmac.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
@@ -1,6 +1,6 @@
 /* wolfcaam_cmac.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -39,7 +39,7 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
     word32 args[4] = {0};
     CAAM_BUFFER buf[9];
     word32 idx = 0;
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     int ret;
     int blocks = 0;
 
@@ -70,7 +70,7 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
         cmac->keylen = keySz;
         cmac->initialized = 0;
         cmac->bufferSz = 0;
-        XMEMSET(cmac->buffer, 0, AES_BLOCK_SIZE);
+        XMEMSET(cmac->buffer, 0, WC_AES_BLOCK_SIZE);
         return 0;
     }
 
@@ -95,12 +95,12 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
         if (cmac->bufferSz > 0) {
             word32 add;
 
-            if (cmac->bufferSz > AES_BLOCK_SIZE) {
+            if (cmac->bufferSz > WC_AES_BLOCK_SIZE) {
                 WOLFSSL_MSG("Error with CMAC buffer size");
                 return -1;
             }
-            add = (sz < ((int)(AES_BLOCK_SIZE - cmac->bufferSz))) ? sz :
-                   (int)(AES_BLOCK_SIZE - cmac->bufferSz);
+            add = (sz < ((int)(WC_AES_BLOCK_SIZE - cmac->bufferSz))) ? sz :
+                   (int)(WC_AES_BLOCK_SIZE - cmac->bufferSz);
             XMEMCPY(&cmac->buffer[cmac->bufferSz], pt, add);
 
             cmac->bufferSz += add;
@@ -110,33 +110,33 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
 
         /* flash out temporary storage for block size if full and more data
          * is coming, otherwise hold it until final operation */
-        if (cmac->bufferSz == AES_BLOCK_SIZE && (sz > 0)) {
+        if (cmac->bufferSz == WC_AES_BLOCK_SIZE && (sz > 0)) {
             buf[idx].TheAddress = (CAAM_ADDRESS)scratch;
             buf[idx].Length = cmac->bufferSz;
             idx++;
             blocks++;
             cmac->bufferSz = 0;
-            XMEMCPY(scratch, (byte*)cmac->buffer, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, (byte*)cmac->buffer, WC_AES_BLOCK_SIZE);
         }
 
         /* In order to trigger read of CTX state there needs to be some data
          * saved until final call */
-        if ((sz >= AES_BLOCK_SIZE) && (sz % AES_BLOCK_SIZE == 0)) {
+        if ((sz >= WC_AES_BLOCK_SIZE) && (sz % WC_AES_BLOCK_SIZE == 0)) {
 
             if (cmac->bufferSz > 0) {
                 /* this case should never be hit */
                 return BAD_FUNC_ARG;
             }
 
-            XMEMCPY(&cmac->buffer[0], pt + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-            cmac->bufferSz = AES_BLOCK_SIZE;
-            sz -= AES_BLOCK_SIZE;
+            XMEMCPY(&cmac->buffer[0], pt + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+            cmac->bufferSz = WC_AES_BLOCK_SIZE;
+            sz -= WC_AES_BLOCK_SIZE;
         }
 
-        if (sz >= AES_BLOCK_SIZE) {
+        if (sz >= WC_AES_BLOCK_SIZE) {
             buf[idx].TheAddress = (CAAM_ADDRESS)pt;
-            buf[idx].Length = sz - (sz % AES_BLOCK_SIZE);
-            blocks += sz / AES_BLOCK_SIZE;
+            buf[idx].Length = sz - (sz % WC_AES_BLOCK_SIZE);
+            blocks += sz / WC_AES_BLOCK_SIZE;
             sz -= buf[idx].Length;
             pt += buf[idx].Length;
             idx++;
@@ -186,9 +186,9 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
 
     /* store leftovers */
     if (sz > 0) {
-        word32 add = (sz < (int)(AES_BLOCK_SIZE - cmac->bufferSz))?
+        word32 add = (sz < (int)(WC_AES_BLOCK_SIZE - cmac->bufferSz))?
                                               (word32)sz :
-                                              (AES_BLOCK_SIZE - cmac->bufferSz);
+                                              (WC_AES_BLOCK_SIZE - cmac->bufferSz);
 
         if (pt == NULL) {
             return MEMORY_E;
diff --git a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
index e9f55f21e..75d90c526 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
@@ -1,6 +1,6 @@
 /* wolfcaam_ecdsa.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
index b0bf50d72..d31aa2767 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
@@ -1,6 +1,6 @@
 /* wolfcaam_fsl_nxp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -271,8 +271,8 @@ static int DoAesCBC(unsigned int args[4], CAAM_BUFFER *buf, int sz)
 
         /* store updated CBC state */
         XMEMCPY((byte*)buf[4].TheAddress,
-                (byte*)buf[2].TheAddress + buf[2].Length - AES_BLOCK_SIZE,
-                AES_BLOCK_SIZE);
+                (byte*)buf[2].TheAddress + buf[2].Length - WC_AES_BLOCK_SIZE,
+                WC_AES_BLOCK_SIZE);
     }
     else {
         status = CAAM_AES_EncryptCbc(CAAM, &hndl,
@@ -282,8 +282,8 @@ static int DoAesCBC(unsigned int args[4], CAAM_BUFFER *buf, int sz)
 
         /* store updated CBC state */
         XMEMCPY((byte*)buf[4].TheAddress,
-            (byte*)buf[3].TheAddress + buf[3].Length - AES_BLOCK_SIZE,
-            AES_BLOCK_SIZE);
+            (byte*)buf[3].TheAddress + buf[3].Length - WC_AES_BLOCK_SIZE,
+            WC_AES_BLOCK_SIZE);
     }
 
     if (status != kStatus_Success) {
diff --git a/wolfcrypt/src/port/caam/wolfcaam_hash.c b/wolfcrypt/src/port/caam/wolfcaam_hash.c
index c05b40b99..722446e86 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_hash.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_hash.c
@@ -1,6 +1,6 @@
 /* wolfcaam_hash.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_hmac.c b/wolfcrypt/src/port/caam/wolfcaam_hmac.c
index 95d6a04ea..afdea0c02 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_hmac.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_hmac.c
@@ -1,6 +1,6 @@
 /* wolfcaam_hmac.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_init.c b/wolfcrypt/src/port/caam/wolfcaam_init.c
index 3abb4d922..81ae64ce0 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_init.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_init.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_qnx.c b/wolfcrypt/src/port/caam/wolfcaam_qnx.c
index a6bebbc6e..ee65d9067 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_qnx.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_qnx.c
@@ -1,6 +1,6 @@
 /* wolfcaam_qnx.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_rsa.c b/wolfcrypt/src/port/caam/wolfcaam_rsa.c
index ac824ecec..80d11ce13 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_rsa.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_rsa.c
@@ -1,6 +1,6 @@
 /* wolfcaam_rsa.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/caam/wolfcaam_seco.c b/wolfcrypt/src/port/caam/wolfcaam_seco.c
index d7abc55da..7e57ef140 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_seco.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_seco.c
@@ -1,6 +1,6 @@
 /* wolfcaam_seco.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -829,8 +829,8 @@ static hsm_err_t wc_SECO_CMAC(unsigned int args[4], CAAM_BUFFER* buf, int sz)
         mac_args.payload_size = buf[2].Length;
 
         mac_args.mac      = (uint8_t*)buf[1].TheAddress;
-        mac_args.mac_size = (buf[1].Length < AES_BLOCK_SIZE)? buf[1].Length:
-                                                              AES_BLOCK_SIZE;
+        mac_args.mac_size = (buf[1].Length < WC_AES_BLOCK_SIZE)? buf[1].Length:
+                                                              WC_AES_BLOCK_SIZE;
     #ifdef DEBUG_SECO
         printf("CMAC arguments used:\n");
         printf("\tkey id       = %d\n", mac_args.key_identifier);
@@ -1105,7 +1105,7 @@ word32 wc_SECO_WrapKey(word32 keyId, byte* in, word32 inSz, byte* iv,
     }
 
     /* iv + key + tag */
-    wrappedKeySz = GCM_NONCE_MID_SZ + inSz + AES_BLOCK_SIZE;
+    wrappedKeySz = GCM_NONCE_MID_SZ + inSz + WC_AES_BLOCK_SIZE;
     wrappedKey = (byte*)XMALLOC(wrappedKeySz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (wrappedKey == NULL) {
         WOLFSSL_MSG("Error malloc'ing buffer for wrapped key");
@@ -1155,7 +1155,7 @@ word32 wc_SECO_WrapKey(word32 keyId, byte* in, word32 inSz, byte* iv,
 
     if (ret == 0) {
         ret = wc_AesGcmEncrypt(&aes, wrappedKey + ivSz, in, inSz,
-                wrappedKey, ivSz, wrappedKey + ivSz + inSz, AES_BLOCK_SIZE,
+                wrappedKey, ivSz, wrappedKey + ivSz + inSz, WC_AES_BLOCK_SIZE,
                 NULL, 0);
         if (ret != 0) {
             WOLFSSL_MSG("error with AES-GCM encrypt when wrapping key");
diff --git a/wolfcrypt/src/port/caam/wolfcaam_x25519.c b/wolfcrypt/src/port/caam/wolfcaam_x25519.c
index 9ead7b409..61f22668d 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_x25519.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_x25519.c
@@ -1,6 +1,6 @@
 /* wolfcaam_x25519.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/cavium/cavium_octeon_sync.c b/wolfcrypt/src/port/cavium/cavium_octeon_sync.c
index d16768796..4b65111ed 100644
--- a/wolfcrypt/src/port/cavium/cavium_octeon_sync.c
+++ b/wolfcrypt/src/port/cavium/cavium_octeon_sync.c
@@ -1,6 +1,6 @@
 /* cavium_octeon_sync.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -506,12 +506,12 @@ static NOOPT int Octeon_AesGcm_SetIV(Aes* aes, byte* iv, word32 ivSz)
         }
         else {
             int blocks, remainder, i;
-            byte aesBlock[AES_BLOCK_SIZE];
+            byte aesBlock[WC_AES_BLOCK_SIZE];
 
-            blocks = ivSz / AES_BLOCK_SIZE;
-            remainder = ivSz % AES_BLOCK_SIZE;
+            blocks = ivSz / WC_AES_BLOCK_SIZE;
+            remainder = ivSz % WC_AES_BLOCK_SIZE;
 
-            for (i = 0; i < blocks; i++, iv += AES_BLOCK_SIZE)
+            for (i = 0; i < blocks; i++, iv += WC_AES_BLOCK_SIZE)
                 Octeon_GHASH_Update(iv);
 
             XMEMSET(aesBlock, 0, sizeof(aesBlock));
@@ -535,7 +535,7 @@ static NOOPT int Octeon_AesGcm_SetIV(Aes* aes, byte* iv, word32 ivSz)
 static NOOPT int Octeon_AesGcm_SetAAD(Aes* aes, byte* aad, word32 aadSz)
 {
     word64* p;
-    ALIGN16 byte aesBlock[AES_BLOCK_SIZE];
+    ALIGN16 byte aesBlock[WC_AES_BLOCK_SIZE];
     int blocks, remainder, i;
 
     if (aes == NULL || (aadSz != 0 && aad == NULL))
@@ -544,14 +544,14 @@ static NOOPT int Octeon_AesGcm_SetAAD(Aes* aes, byte* aad, word32 aadSz)
     if (aadSz == 0)
         return 0;
 
-    blocks = aadSz / AES_BLOCK_SIZE;
-    remainder = aadSz % AES_BLOCK_SIZE;
+    blocks = aadSz / WC_AES_BLOCK_SIZE;
+    remainder = aadSz % WC_AES_BLOCK_SIZE;
 
     Octeon_GHASH_Restore(0xe100, aes->H);
 
     p = (word64*)aesBlock;
 
-    for (i = 0; i < blocks; i++, aad += AES_BLOCK_SIZE) {
+    for (i = 0; i < blocks; i++, aad += WC_AES_BLOCK_SIZE) {
         CVMX_LOADUNA_INT64(p[0], aad, 0);
         CVMX_LOADUNA_INT64(p[1], aad, 8);
         CVMX_MT_GFM_XOR0(p[0]);
@@ -574,8 +574,8 @@ static int Octeon_AesGcm_SetEncrypt(Aes* aes, byte* in, byte* out, word32 inSz,
         int encrypt)
 {
     word32 i, blocks, remainder;
-    ALIGN16 byte aesBlockIn[AES_BLOCK_SIZE];
-    ALIGN16 byte aesBlockOut[AES_BLOCK_SIZE];
+    ALIGN16 byte aesBlockIn[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte aesBlockOut[WC_AES_BLOCK_SIZE];
     word64* pIn;
     word64* pOut;
     word64* pIv;
@@ -592,11 +592,11 @@ static int Octeon_AesGcm_SetEncrypt(Aes* aes, byte* in, byte* out, word32 inSz,
     CVMX_MT_AES_ENC0(pIv[0]);
     CVMX_MT_AES_ENC1(pIv[1]);
 
-    blocks = inSz / AES_BLOCK_SIZE;
-    remainder = inSz % AES_BLOCK_SIZE;
+    blocks = inSz / WC_AES_BLOCK_SIZE;
+    remainder = inSz % WC_AES_BLOCK_SIZE;
 
     for (i = 0; i < blocks;
-            i++, in += AES_BLOCK_SIZE, out += AES_BLOCK_SIZE) {
+            i++, in += WC_AES_BLOCK_SIZE, out += WC_AES_BLOCK_SIZE) {
         CVMX_PREFETCH128(in);
         aes->reg[3]++;
 
@@ -623,7 +623,7 @@ static int Octeon_AesGcm_SetEncrypt(Aes* aes, byte* in, byte* out, word32 inSz,
     }
 
     if (remainder > 0) {
-        ALIGN16 byte aesBlockMask[AES_BLOCK_SIZE];
+        ALIGN16 byte aesBlockMask[WC_AES_BLOCK_SIZE];
         word64* pMask = (word64*)aesBlockMask;
 
         XMEMSET(aesBlockOut, 0, sizeof(aesBlockOut));
@@ -676,8 +676,8 @@ static NOOPT int Octeon_AesGcm_Finalize(Aes* aes, word32 inSz, word32 aadSz,
     word64* pIn;
     word64* pOut;
     uint32_t countSave;
-    ALIGN16 byte aesBlockIn[AES_BLOCK_SIZE];
-    ALIGN16 byte aesBlockOut[AES_BLOCK_SIZE];
+    ALIGN16 byte aesBlockIn[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte aesBlockOut[WC_AES_BLOCK_SIZE];
 
     countSave = aes->reg[3];
     aes->reg[3] = aes->y0;
diff --git a/wolfcrypt/src/port/cuda/aes-cuda.cu b/wolfcrypt/src/port/cuda/aes-cuda.cu
index 1fc462188..cec4c287d 100644
--- a/wolfcrypt/src/port/cuda/aes-cuda.cu
+++ b/wolfcrypt/src/port/cuda/aes-cuda.cu
@@ -1,6 +1,6 @@
 /* aes.cu
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -957,18 +957,18 @@ void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
 #endif
 
     if ( ret == cudaSuccess )
-        ret = cudaMalloc(&inBlock_GPU, AES_BLOCK_SIZE);
+        ret = cudaMalloc(&inBlock_GPU, WC_AES_BLOCK_SIZE);
     if ( ret == cudaSuccess )
-        ret = cudaMemcpy(inBlock_GPU, inBlock, AES_BLOCK_SIZE, cudaMemcpyDefault);
+        ret = cudaMemcpy(inBlock_GPU, inBlock, WC_AES_BLOCK_SIZE, cudaMemcpyDefault);
 
     if ( ret == cudaSuccess )
-        ret = cudaMalloc(&outBlock_GPU, AES_BLOCK_SIZE);
+        ret = cudaMalloc(&outBlock_GPU, WC_AES_BLOCK_SIZE);
 
     if ( ret == cudaSuccess )
         AesEncrypt_C_CUDA<<<1,1>>>(rk_GPU, inBlock_GPU, outBlock_GPU, r, 1);
 
     if ( ret == cudaSuccess )
-        ret = cudaMemcpy(outBlock, outBlock_GPU, AES_BLOCK_SIZE, cudaMemcpyDefault);
+        ret = cudaMemcpy(outBlock, outBlock_GPU, WC_AES_BLOCK_SIZE, cudaMemcpyDefault);
 
     cudaFree(inBlock_GPU);
     cudaFree(outBlock_GPU);
@@ -1013,8 +1013,8 @@ void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 
     if ( ret == cudaSuccess ) {
         int blockSize = 256;
-        int numBlocks = (sz / AES_BLOCK_SIZE + blockSize - 1) / blockSize;
-        AesEncrypt_C_CUDA<<<numBlocks,blockSize>>>(rk_GPU, in_GPU, out_GPU, aes->rounds >> 1, sz / AES_BLOCK_SIZE);
+        int numBlocks = (sz / WC_AES_BLOCK_SIZE + blockSize - 1) / blockSize;
+        AesEncrypt_C_CUDA<<<numBlocks,blockSize>>>(rk_GPU, in_GPU, out_GPU, aes->rounds >> 1, sz / WC_AES_BLOCK_SIZE);
     }
 
     if ( ret == cudaSuccess )
@@ -1043,12 +1043,12 @@ void AesEncrypt_C_CUDA(Aes* aes, const byte* inBlock, byte* outBlock,
 
     (void)r;
 
-    XMEMCPY(state, inBlock, AES_BLOCK_SIZE);
-    XMEMSET(((byte*)state) + AES_BLOCK_SIZE, 0, sizeof(state) - AES_BLOCK_SIZE);
+    XMEMCPY(state, inBlock, WC_AES_BLOCK_SIZE);
+    XMEMSET(((byte*)state) + WC_AES_BLOCK_SIZE, 0, sizeof(state) - WC_AES_BLOCK_SIZE);
 
     bs_encrypt(state, aes->bs_key, aes->rounds);
 
-    XMEMCPY(outBlock, state, AES_BLOCK_SIZE);
+    XMEMCPY(outBlock, state, WC_AES_BLOCK_SIZE);
 }
 
 void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock,
diff --git a/wolfcrypt/src/port/cypress/psoc6_crypto.c b/wolfcrypt/src/port/cypress/psoc6_crypto.c
index d9fc62030..c41513f8d 100644
--- a/wolfcrypt/src/port/cypress/psoc6_crypto.c
+++ b/wolfcrypt/src/port/cypress/psoc6_crypto.c
@@ -1,6 +1,6 @@
 /* psoc6_crypto.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
index ba12d2583..500e8a6f9 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
@@ -1,6 +1,6 @@
 /* devcrypto_aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,18 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if !defined(NO_AES) && defined(WOLFSSL_DEVCRYPTO)
 
 #include <wolfssl/wolfcrypt/aes.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
 
 #ifdef NO_INLINE
@@ -52,7 +45,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* encrypt only up to AES block size of date */
-    sz = sz - (sz % AES_BLOCK_SIZE);
+    sz = sz - (sz % WC_AES_BLOCK_SIZE);
     if (aes->ctx.cfd == -1) {
             ret = wc_DevCryptoCreate(&aes->ctx, CRYPTO_AES_CBC,
                     (byte*)aes->devKey, aes->keylen);
@@ -67,7 +60,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* store iv for next call */
-    XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -78,11 +71,11 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     struct crypt_op crt;
     int ret;
 
-    if (aes == NULL || out == NULL || in == NULL || sz % AES_BLOCK_SIZE != 0) {
+    if (aes == NULL || out == NULL || in == NULL || sz % WC_AES_BLOCK_SIZE != 0) {
         return BAD_FUNC_ARG;
     }
 
-    XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
     if (aes->ctx.cfd == -1) {
         ret = wc_DevCryptoCreate(&aes->ctx, CRYPTO_AES_CBC,
                     (byte*)aes->devKey, aes->keylen);
@@ -96,7 +89,7 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         return WC_DEVCRYPTO_E;
     }
 
-    XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+    XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
     return 0;
 }
 #endif /* HAVE_AES_DECRYPT */
@@ -125,7 +118,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     aes->keylen = keylen;
     aes->rounds = keylen/4 + 6;
 
-#ifdef WOLFSSL_AES_COUNTER
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
 #endif
     aes->ctx.cfd = -1;
@@ -171,13 +165,13 @@ static int wc_DevCrypto_AesDirect(Aes* aes, byte* out, const byte* in,
 #if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM)
 int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_ENCRYPT);
+    return wc_DevCrypto_AesDirect(aes, out, in, WC_AES_BLOCK_SIZE, COP_ENCRYPT);
 }
 
 
 int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_DECRYPT);
+    return wc_DevCrypto_AesDirect(aes, out, in, WC_AES_BLOCK_SIZE, COP_DECRYPT);
 }
 
 
@@ -197,7 +191,7 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
 {
     /* in network byte order so start at end and work back */
     int i;
-    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
         if (++inOutCtr[i])  /* we're done unless we overflow */
             return;
     }
@@ -214,7 +208,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 
     /* consume any unused bytes left in aes->tmp */
-    tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
+    tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left;
     while (aes->left && sz) {
         *(out++) = *(in++) ^ *(tmp++);
         aes->left--;
@@ -231,7 +225,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     if (sz > 0) {
         /* clear previously leftover data */
         tmp = (byte*)aes->tmp;
-        XMEMSET(tmp, 0, AES_BLOCK_SIZE);
+        XMEMSET(tmp, 0, WC_AES_BLOCK_SIZE);
 
         /* update IV */
         wc_SetupCryptSym(&crt, &aes->ctx, (byte*)in, sz, out, (byte*)aes->reg,
@@ -242,11 +236,11 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         }
 
         /* adjust counter after call to hardware */
-        while (sz >= AES_BLOCK_SIZE) {
+        while (sz >= WC_AES_BLOCK_SIZE) {
             IncrementAesCounter((byte*)aes->reg);
-            sz  -= AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
-            in  += AES_BLOCK_SIZE;
+            sz  -= WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
+            in  += WC_AES_BLOCK_SIZE;
         }
     }
 
@@ -262,7 +256,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         wc_AesFree(&tmpAes);
         IncrementAesCounter((byte*)aes->reg);
 
-        aes->left = AES_BLOCK_SIZE - (sz % AES_BLOCK_SIZE);
+        aes->left = WC_AES_BLOCK_SIZE - (sz % WC_AES_BLOCK_SIZE);
     }
 
     return 0;
@@ -288,10 +282,10 @@ static int wc_DevCrypto_AesGcm(Aes* aes, byte* out, byte* in, word32 sz,
 {
     struct crypt_auth_op crt = {0};
     int ret;
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
 
     /* argument checks */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE) {
         return BAD_FUNC_ARG;
     }
 
@@ -302,7 +296,7 @@ static int wc_DevCrypto_AesGcm(Aes* aes, byte* out, byte* in, word32 sz,
     if (in == NULL)
         in = scratch;
 
-    XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+    XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
     if (aes->ctx.cfd == -1) {
         ret = wc_DevCryptoCreate(&aes->ctx, CRYPTO_AES_GCM, (byte*)aes->devKey,
                 aes->keylen);
@@ -317,12 +311,17 @@ static int wc_DevCrypto_AesGcm(Aes* aes, byte* out, byte* in, word32 sz,
     }
     else{
         /* get full tag from hardware */
-        authTagSz = AES_BLOCK_SIZE;
+        authTagSz = WC_AES_BLOCK_SIZE;
     }
     wc_SetupCryptAead(&crt, &aes->ctx, (byte*)in, sz, out, (byte*)iv, ivSz,
                       dir, (byte*)authIn, authInSz, authTag, authTagSz);
     ret = ioctl(aes->ctx.cfd, CIOCAUTHCRYPT, &crt);
     if (ret != 0) {
+        #ifdef WOLFSSL_DEBUG
+        if (authInSz > sysconf(_SC_PAGESIZE)) {
+            WOLFSSL_MSG("authIn Buffer greater than System Page Size");
+        }
+        #endif
         if (dir == COP_DECRYPT) {
             return AES_GCM_AUTH_E;
         }
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c b/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c
index b2c07a2dd..bee443bec 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c
@@ -1,6 +1,6 @@
 /* devcrypto_ecdsa.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,18 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_DEVCRYPTO_ECDSA)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/ecc.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
 
 
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_hash.c b/wolfcrypt/src/port/devcrypto/devcrypto_hash.c
index 6b8f5a86f..18a7a6c7c 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_hash.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_hash.c
@@ -1,6 +1,6 @@
 /* devcrypto_hash.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,17 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_DEVCRYPTO_HASH)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
 
 #if !defined(NO_SHA256)
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c b/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c
index e1044372e..0c9ae3cbd 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c
@@ -1,6 +1,6 @@
 /* devcrypto_hmac.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,18 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_DEVCRYPTO_HMAC)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/hmac.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
 
 static int InternalTypeToDevcrypto(int t)
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c b/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c
index 0949c74a0..eb29d9420 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c
@@ -1,6 +1,6 @@
 /* devcrypto_rsa.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,18 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_DEVCRYPTO_RSA)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/rsa.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
 
 static void wc_SetupRsaPublic(struct crypt_kop* kop, WC_CRYPTODEV* dev,
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c b/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c
index 3e2a52564..031a73922 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c
@@ -1,6 +1,6 @@
 /* devcrypto_x25519.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,18 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_DEVCRYPTO_CURVE25519)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/curve25519.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
 
 const unsigned char qle[] = {
diff --git a/wolfcrypt/src/port/devcrypto/wc_devcrypto.c b/wolfcrypt/src/port/devcrypto/wc_devcrypto.c
index 950e6c26c..6f1b9042a 100644
--- a/wolfcrypt/src/port/devcrypto/wc_devcrypto.c
+++ b/wolfcrypt/src/port/devcrypto/wc_devcrypto.c
@@ -1,6 +1,6 @@
 /* wc_devcrypto.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,19 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_DEVCRYPTO)
 
 static volatile int fd;
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
 
 int wc_DevCryptoInit(void)
@@ -175,8 +168,13 @@ int wc_DevCryptoCreate(WC_CRYPTODEV* ctx, int type, byte* key, word32 keySz)
         WOLFSSL_MSG("Error getting session info");
         return WC_DEVCRYPTO_E;
     }
-    printf("Using %s with driver %s\n", sesInfo.hash_info.cra_name,
-        sesInfo.hash_info.cra_driver_name);
+    if (ctx->sess.cipher == 0) {
+        printf("Using %s with driver %s\n", sesInfo.hash_info.cra_name,
+            sesInfo.hash_info.cra_driver_name);
+    } else {
+        printf("Using %s with driver %s\n", sesInfo.cipher_info.cra_name,
+            sesInfo.cipher_info.cra_driver_name);
+    }
 #endif
     (void)key;
     (void)keySz;
diff --git a/wolfcrypt/src/port/intel/quickassist_sync.c b/wolfcrypt/src/port/intel/quickassist_sync.c
index e92dde632..130549a3d 100644
--- a/wolfcrypt/src/port/intel/quickassist_sync.c
+++ b/wolfcrypt/src/port/intel/quickassist_sync.c
@@ -1,6 +1,6 @@
 /* quickassist_sync.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -970,7 +970,7 @@ static int IntelQaSymCipher(IntelQaDev* dev, byte* out, const byte* in,
     metaBuf = XMALLOC(metaSize, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
     dataBuf = XMALLOC(dataLen, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
     XMEMCPY(dataBuf, in, inOutSz);
-    ivBuf = XMALLOC(AES_BLOCK_SIZE, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
+    ivBuf = XMALLOC(WC_AES_BLOCK_SIZE, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
     XMEMCPY(ivBuf, iv, ivSz);
     authTagBuf = XMALLOC(authTagSz, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA);
 
@@ -983,9 +983,9 @@ static int IntelQaSymCipher(IntelQaDev* dev, byte* out, const byte* in,
     /* AAD */
     if (authIn && authInSz > 0) {
         /* make sure AAD is block aligned */
-        if (authInSzAligned % AES_BLOCK_SIZE) {
-            authInSzAligned += AES_BLOCK_SIZE -
-                (authInSzAligned % AES_BLOCK_SIZE);
+        if (authInSzAligned % WC_AES_BLOCK_SIZE) {
+            authInSzAligned += WC_AES_BLOCK_SIZE -
+                (authInSzAligned % WC_AES_BLOCK_SIZE);
         }
 
         authInBuf = XMALLOC(authInSzAligned, dev->heap,
@@ -1125,7 +1125,7 @@ int IntelQaSymAesCbcEncrypt(IntelQaDev* dev,
         CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT,
         CPA_CY_SYM_HASH_NONE, NULL, 0, NULL, 0);
 
-    XMEMCPY((byte*)iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    XMEMCPY((byte*)iv, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
     return ret;
 }
 
@@ -1135,17 +1135,17 @@ int IntelQaSymAesCbcDecrypt(IntelQaDev* dev,
             const byte* key, word32 keySz,
             const byte* iv, word32 ivSz)
 {
-    byte nextIv[AES_BLOCK_SIZE];
+    byte nextIv[WC_AES_BLOCK_SIZE];
     int ret;
 
-    XMEMCPY(nextIv, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    XMEMCPY(nextIv, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
     ret = IntelQaSymCipher(dev, out, in, sz,
         key, keySz, iv, ivSz,
         CPA_CY_SYM_OP_CIPHER, CPA_CY_SYM_CIPHER_AES_CBC,
         CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT,
         CPA_CY_SYM_HASH_NONE, NULL, 0, NULL, 0);
 
-    XMEMCPY((byte*)iv, nextIv, AES_BLOCK_SIZE);
+    XMEMCPY((byte*)iv, nextIv, WC_AES_BLOCK_SIZE);
     return ret;
 }
 #endif /* HAVE_AES_DECRYPT */
@@ -1241,7 +1241,7 @@ int IntelQaSymSync_CryptoDevCb(int devId, struct wc_CryptoInfo* info, void* ctx)
                         info->cipher.aescbc.in,
                         info->cipher.aescbc.sz,
                         (byte*)aes->devKey, aes->keylen,
-                        (byte*)aes->reg, AES_BLOCK_SIZE);
+                        (byte*)aes->reg, WC_AES_BLOCK_SIZE);
             }
             else {
                 rc = IntelQaSymAesCbcDecrypt(dev,
@@ -1249,7 +1249,7 @@ int IntelQaSymSync_CryptoDevCb(int devId, struct wc_CryptoInfo* info, void* ctx)
                         info->cipher.aescbc.in,
                         info->cipher.aescbc.sz,
                         (byte*)aes->devKey, aes->keylen,
-                        (byte*)aes->reg, AES_BLOCK_SIZE);
+                        (byte*)aes->reg, WC_AES_BLOCK_SIZE);
             }
         }
         #endif /* !NO_AES */
diff --git a/wolfcrypt/src/port/iotsafe/iotsafe.c b/wolfcrypt/src/port/iotsafe/iotsafe.c
index 19879cff4..60ae3d756 100644
--- a/wolfcrypt/src/port/iotsafe/iotsafe.c
+++ b/wolfcrypt/src/port/iotsafe/iotsafe.c
@@ -1,6 +1,6 @@
 /* iotsafe.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/kcapi/README.md b/wolfcrypt/src/port/kcapi/README.md
index 459b0ec87..a325fe37b 100644
--- a/wolfcrypt/src/port/kcapi/README.md
+++ b/wolfcrypt/src/port/kcapi/README.md
@@ -27,7 +27,7 @@ cd libkcapi
 
 autoreconf -i
 
-./configure	--enable-kcapi-test \
+./configure --enable-kcapi-test \
     --enable-kcapi-speed \
     --enable-kcapi-hasher \
     --enable-kcapi-rngapp \
diff --git a/wolfcrypt/src/port/kcapi/kcapi_aes.c b/wolfcrypt/src/port/kcapi/kcapi_aes.c
index 4ed6f9e3b..d6c7875c9 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_aes.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_aes.c
@@ -1,6 +1,6 @@
 /* kcapi_aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,19 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <errno.h>
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if !defined(NO_AES) && defined(WOLFSSL_KCAPI_AES)
 
+#include <errno.h>
+
 #if defined(HAVE_FIPS) && \
     defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
 
@@ -45,7 +38,6 @@
 #endif
 
 #include <wolfssl/wolfcrypt/aes.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h>
 
 #ifdef NO_INLINE
@@ -123,7 +115,7 @@
         struct iovec iov;
 
         if (aes == NULL || out == NULL || in == NULL || \
-                                                     sz % AES_BLOCK_SIZE != 0) {
+                                                     sz % WC_AES_BLOCK_SIZE != 0) {
             ret = BAD_FUNC_ARG;
         }
 
@@ -243,7 +235,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     /* argument checks */
     if ((aes == NULL) || ((sz != 0 && (in == NULL || out == NULL))) ||
         (iv == NULL) || ((authTag == NULL) && (authTagSz > 0)) ||
-        (authTagSz > AES_BLOCK_SIZE) || ((authIn == NULL) && (authInSz > 0))) {
+        (authTagSz > WC_AES_BLOCK_SIZE) || ((authIn == NULL) && (authInSz > 0))) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -356,7 +348,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     /* argument checks */
     if ((aes == NULL) || ((sz != 0 && (in == NULL || out == NULL))) ||
         (iv == NULL) || ((authTag == NULL) && (authTagSz > 0)) ||
-        (authTagSz > AES_BLOCK_SIZE) || ((authIn == NULL) && (authInSz > 0))) {
+        (authTagSz > WC_AES_BLOCK_SIZE) || ((authIn == NULL) && (authInSz > 0))) {
         ret = BAD_FUNC_ARG;
     }
 
diff --git a/wolfcrypt/src/port/kcapi/kcapi_dh.c b/wolfcrypt/src/port/kcapi/kcapi_dh.c
index 9b69abc19..b596e3327 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_dh.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_dh.c
@@ -1,6 +1,6 @@
 /* kcapi_dh.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,17 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_KCAPI_DH) && !defined(NO_DH)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h>
 #include <wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h>
 #include <wolfssl/wolfcrypt/dh.h>
diff --git a/wolfcrypt/src/port/kcapi/kcapi_ecc.c b/wolfcrypt/src/port/kcapi/kcapi_ecc.c
index 3be5b76bb..a42b27125 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_ecc.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_ecc.c
@@ -1,6 +1,6 @@
 /* kcapi_ecc.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,17 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_KCAPI_ECC) && defined(HAVE_ECC)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h>
 #include <wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h>
 #include <wolfssl/wolfcrypt/ecc.h>
diff --git a/wolfcrypt/src/port/kcapi/kcapi_hash.c b/wolfcrypt/src/port/kcapi/kcapi_hash.c
index c6fca932a..4bd34f86e 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_hash.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_hash.c
@@ -1,6 +1,6 @@
 /* kcapi_hash.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
 /*
  * KCAPI hash options:
  *
@@ -26,18 +28,10 @@
  *     Needed to get the current hash and continue with more data.
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
 #if defined(WOLFSSL_KCAPI_HASH)
 
 #define FIPS_NO_WRAPPERS
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h>
 #include <wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h>
 
diff --git a/wolfcrypt/src/port/kcapi/kcapi_hmac.c b/wolfcrypt/src/port/kcapi/kcapi_hmac.c
index 7cdba8254..d811b46f3 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_hmac.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_hmac.c
@@ -1,6 +1,6 @@
 /* kcapi_hmac.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,19 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_KCAPI_HMAC) && !defined(NO_HMAC)
 
 #define FIPS_NO_WRAPPERS
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h>
 #include <wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h>
 #include <wolfssl/wolfcrypt/hmac.h>
diff --git a/wolfcrypt/src/port/kcapi/kcapi_rsa.c b/wolfcrypt/src/port/kcapi/kcapi_rsa.c
index a98914135..8fa7d190c 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_rsa.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_rsa.c
@@ -1,6 +1,6 @@
 /* kcapi_rsa.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,17 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_KCAPI_RSA) && !defined(NO_RSA)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h>
 #include <wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h>
 #include <wolfssl/wolfcrypt/rsa.h>
diff --git a/wolfcrypt/src/port/liboqs/liboqs.c b/wolfcrypt/src/port/liboqs/liboqs.c
index 2b2de8773..90d3dbbd4 100644
--- a/wolfcrypt/src/port/liboqs/liboqs.c
+++ b/wolfcrypt/src/port/liboqs/liboqs.c
@@ -1,6 +1,6 @@
 /* liboqs.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,6 +19,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
 /*
 
 DESCRIPTION
@@ -27,15 +29,6 @@ implementations for Post-Quantum cryptography algorithms.
 
 */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
 #include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
 
 #if defined(HAVE_LIBOQS)
diff --git a/wolfcrypt/src/port/maxim/README.md b/wolfcrypt/src/port/maxim/README.md
index 55cb2a04c..3919ffd0f 100644
--- a/wolfcrypt/src/port/maxim/README.md
+++ b/wolfcrypt/src/port/maxim/README.md
@@ -1,14 +1,144 @@
-wolfSSL using Analog Devices MAXQ1065 or MAX1080
+wolfSSL using Analog Devices MAXQ1065, MAX1080, MAX32665 or MAX32666
 ================================================
 
 ## Overview
 
 wolfSSL can be configured to use the MAXQ1065 or MAX1080 cryptographic
-controllers. Product datasheets, user guides and other resources can be found at
+controllers. wolfSSL can also be configure to utilize the TPU
+(crypto accelerator), MAA (math accelerator), and TRNG available on select
+MAX32665 and MAX32666 microcontroller.
+
+Product datasheets, user guides and other resources can be found at
 Analog Devices website:
 
 https://www.analog.com
 
+# MAX32665/MAX32666
+## Build and Usage
+
+wolfSSL supports the [Maxim SDK](https://github.com/analogdevicesinc/msdk), to
+utilize the TPU and MAA located on the devices.
+
+Building is supported by adding `#define WOLFSSL_MAX3266X` to `user_settings.h`.
+wolfSSL supports the usage of the older style API Maxim provides with the
+`#define WOLFSSL_MAX3266X_OLD` to `user_settings.h`.
+
+When using `WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD` you will also need to
+add `#define WOLFSSL_SP_MATH_ALL` to `user_settings.h`.
+
+If you want to be more specific on what hardware acceleration you want to use,
+this can be done by adding any combination of these defines:
+```
+#define MAX3266X_RNG    - Allows usage of TRNG device
+#define MAX3266X_AES    - Allows usage of TPU for AES Acceleration
+#define MAX3266X_SHA    - Allows usage of TPU for Hash Acceleration
+#define MAX3266X_MATH   - Allows usage of MAA for MOD based Math Acceleration
+```
+For this you will still need to use `#define WOLFSSL_MAX3266X` or `#define WOLFSSL_MAX3266X_OLD`.
+When you use a specific hardware define like `#define MAX3266X_RNG` this will
+mean only the TRNG device is being used, and all other operations will use the
+default software implementations.
+
+The other prerequisite is that a change needs to be made to the Maxim SDK. This
+is to use the MAA Math Accelerator, this change only needs to be made if you are
+using `#define WOLFSSL_MAX3266X` or `define WOLFSSL_MAX3266X_OLD` by themselves
+or you are specifying `#define MAX3266X_MATH`. This is only needed if you are
+not using the latest Maxim SDK.
+
+In the SDK you will need to find the underlying function that
+`MXC_TPU_MAA_Compute()` from `tpu.h` compute calls in the newer SDK. In the
+older SDK this function is called `MAA_Compute()` in `maa.h`. In the underlying
+function you will need to this:
+
+```
+MXC_SETFIELD(tpu->maa_ctrl, MXC_F_TPU_REVA_MAA_CTRL_CLC, clc);
+```
+to
+```
+MXC_SETFIELD(tpu->maa_ctrl, MXC_F_TPU_REVA_MAA_CTRL_CLC,
+                clc << MXC_F_TPU_REVA_MAA_CTRL_CLC_POS);
+```
+
+This bug has been reported to Analog Devices and a PR has been made
+[here](https://github.com/analogdevicesinc/msdk/pull/1104)
+if you want to know more details on the issue, or use a patch.
+
+
+## Supported Algos
+Using these defines will replace software implementations with a call to the
+hardware.
+
+`#define MAX3266X_RNG`
+- Uses entropy from TRNG to seed HASHDRBG
+
+`#define MAX3266X_AES`:
+
+- AES-CBC: 128, 192, 256
+- AES-ECB: 128, 192, 256
+
+`#define MAX3266X_SHA`:
+
+- SHA-1
+- SHA-224
+- SHA-256
+- SHA-384
+- SHA-512
+
+Please note that when using `MAX3266X_SHA` there will be a limitation when
+attempting to do a larger sized hash as the SDK for the hardware currently
+expects a the whole msg buffer to be given.
+
+`#define MAX3266X_MATH` (Replaces math operation calls for algos
+like RSA and ECC key generation):
+
+- mod:      `a mod m = r`
+- addmod:   `(a+b)mod m = r`
+- submod:   `(a-b)mod m = r`
+- mulmod:   `(a*b)mod m = r`
+- sqrmod:   `(b^2)mod m = r`
+- exptmod:  `(b^e)mod m = r`
+
+## Crypto Callback Support
+This port also supports using the Crypto Callback functionality in wolfSSL.
+When `WOLF_CRYPTO_CB` is defined in `user_settings.h` along with
+`WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD` it will build the library to allow
+the ability to switch between hardware and software implementations.
+
+Crypto Callbacks only support using the hardware for these Algorithms:
+
+- AES ECB: 128, 192, 256
+- AES CBC: 128, 192, 256
+- SHA-1
+- SHA-256
+- SHA-384
+- SHA-512
+
+When using `WOLF_CRYPTO_CB` and `WOLFSSL_MAX3266X` or `WOLFSSL_MAX3266X_OLD`,
+`MAX3266X_MATH` is turned off and is is currently not supported to use with
+`WOLF_CRYPTO_CB`.
+
+The Hardware of the port will be used by default when no devId is set.
+To use software versions of the support Callback Algorithms the devId will need
+to be set to `INVALID_DEVID`.
+
+For more information about Crypto Callbacks and how to use them please refer to
+the [wolfSSL manual](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter06.html).
+
+## Extra Information
+For more Verbose info you can use `#define DEBUG_WOLFSSL` in combination with
+`#define MAX3266X_VERBOSE` to see if errors are occurring during the hardware
+setup/
+
+To reproduce benchmark numbers you can use `#define MAX3266X_RTC`.
+Do note that this will only work with `#define WOLFSSL_MAX3266X` and not
+`#define WOLFSSL_MAX3266X_OLD`. This is only meant for benchmark reproduction
+and not for any other application. Please implement your own rtc/time code for
+anything else.
+
+For more information about the TPU, MAA, and TRNG please refer to the
+[MAX32665/MAX32666 User Guide: UG6971](https://www.analog.com/media/en/technical-documentation/user-guides/max32665max32666-user-guide.pdf)
+
+# MAXQ1065/MAX1080
 ## Build and Usage
 
 Please use the appropriate SDK or Evkit to build wolfSSL.
diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c
new file mode 100644
index 000000000..f47886fd1
--- /dev/null
+++ b/wolfcrypt/src/port/maxim/max3266x.c
@@ -0,0 +1,1552 @@
+/* max3266x.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+
+#include <stdint.h>
+#include <stdarg.h>
+
+#include <wolfssl/wolfcrypt/wolfmath.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+#endif
+
+#if defined(USE_FAST_MATH) || defined(USE_INTEGER_HEAP_MATH)
+    #error  MXC Not Compatible with Fast Math or Heap Math
+    #include <wolfssl/wolfcrypt/tfm.h>
+    #define MXC_WORD_SIZE               DIGIT_BIT
+#elif defined(WOLFSSL_SP_MATH_ALL)
+    #include <wolfssl/wolfcrypt/sp_int.h>
+    #define MXC_WORD_SIZE               SP_WORD_SIZE
+#else
+    #error MXC HW port needs #define WOLFSSL_SP_MATH_ALL
+#endif
+
+/* Max size MAA can handle */
+#define MXC_MAA_MAX_SIZE (2048 / MXC_WORD_SIZE)
+
+int wc_MXC_TPU_Init(void)
+{
+    /* Initialize the TPU device */
+    if (MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) {
+        MAX3266X_MSG("Device did not initialize");
+        return RNG_FAILURE_E;
+    }
+    return 0;
+}
+
+int wc_MXC_TPU_Shutdown(void)
+{
+    /* Shutdown the TPU device */
+#if defined(WOLFSSL_MAX3266X_OLD)
+    MXC_TPU_Shutdown(); /* Is a void return in older SDK */
+#else
+    if (MXC_TPU_Shutdown(MXC_SYS_PERIPH_CLOCK_TRNG) != 0) {
+        MAX3266X_MSG("Device did not shutdown");
+        return RNG_FAILURE_E;
+    }
+#endif
+    MAX3266X_MSG("TPU Hardware Shutdown");
+    return 0;
+}
+
+
+#ifdef WOLF_CRYPTO_CB
+int wc_MxcAesCryptoCb(wc_CryptoInfo* info)
+{
+    switch (info->cipher.type) {
+#ifdef HAVE_AES_CBC
+        case WC_CIPHER_AES_CBC:
+            if (info->cipher.enc == 1) {
+                return wc_MxcCb_AesCbcEncrypt(info->cipher.aescbc.aes,
+                                                info->cipher.aescbc.out,
+                                                info->cipher.aescbc.in,
+                                                info->cipher.aescbc.sz);
+            }
+            #ifdef HAVE_AES_DECRYPT
+            else if (info->cipher.enc == 0) {
+                return wc_MxcCb_AesCbcDecrypt(info->cipher.aescbc.aes,
+                                                info->cipher.aescbc.out,
+                                                info->cipher.aescbc.in,
+                                                info->cipher.aescbc.sz);
+                }
+            #endif
+            break; /* Break out and return error */
+#endif
+#ifdef HAVE_AES_ECB
+        case WC_CIPHER_AES_ECB:
+            if (info->cipher.enc == 1) {
+                return wc_MxcCb_AesEcbEncrypt(info->cipher.aesecb.aes,
+                                                info->cipher.aesecb.out,
+                                                info->cipher.aesecb.in,
+                                                info->cipher.aesecb.sz);
+            }
+            #ifdef HAVE_AES_DECRYPT
+            else if (info->cipher.enc == 0) {
+                return wc_MxcCb_AesEcbDecrypt(info->cipher.aesecb.aes,
+                                                info->cipher.aesecb.out,
+                                                info->cipher.aesecb.in,
+                                                info->cipher.aesecb.sz);
+                }
+            #endif
+            break; /* Break out and return error */
+#endif
+        default:
+            /* Is not ECB/CBC/GCM */
+            return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    }
+    /* Just in case code breaks of switch statement return error */
+    return BAD_FUNC_ARG;
+}
+
+#ifdef MAX3266X_SHA_CB
+
+int wc_MxcShaCryptoCb(wc_CryptoInfo* info)
+{
+    switch (info->hash.type) {
+    #ifndef NO_SHA
+        case WC_HASH_TYPE_SHA:
+            MAX3266X_MSG("SHA-1 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha1->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 1 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha1->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA1);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifdef WOLFSSL_SHA224
+        case WC_HASH_TYPE_SHA224:
+            MAX3266X_MSG("SHA-224 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha224->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 256 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha224->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA224);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifndef NO_SHA256
+        case WC_HASH_TYPE_SHA256:
+            MAX3266X_MSG("SHA-256 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha256->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 256 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha256->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA256);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifdef WOLFSSL_SHA384
+        case WC_HASH_TYPE_SHA384:
+            MAX3266X_MSG("SHA-384 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha384->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 384 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha384->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA384);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+    #ifdef WOLFSSL_SHA512
+        case WC_HASH_TYPE_SHA512:
+            MAX3266X_MSG("SHA-512 CB:");
+            /* Update Case */
+            if (info->hash.in != NULL && info->hash.digest == NULL) {
+                MAX3266X_MSG("Update CB");
+                return wc_MXC_TPU_SHA_Update(&(info->hash.sha512->mxcCtx),
+                                            info->hash.in, info->hash.inSz);
+            }
+            /* Sha 512 Final Case */
+            if (info->hash.in == NULL && info->hash.digest != NULL) {
+                MAX3266X_MSG("Final CB");
+                return wc_MXC_TPU_SHA_Final(&(info->hash.sha512->mxcCtx),
+                                                info->hash.digest,
+                                                MXC_TPU_HASH_SHA512);
+            }
+            break; /* Break Out and Return Error */
+    #endif
+        default:
+            /* Hash type not supported */
+            return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    }
+    if (info->hash.inSz == 0) {
+        return 0; /* Dont need to Update when Size is Zero */
+    }
+    return BAD_FUNC_ARG;
+}
+#endif /* MAX3266X_SHA_CB */
+
+/* Determines AES Type for Callback */
+/* General Callback Function to determine ALGO Type */
+int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
+{
+    int ret;
+    (void)ctx;
+
+    if (info == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef DEBUG_CRYPTOCB
+    wc_CryptoCb_InfoString(info);
+#endif
+
+    switch (info->algo_type) {
+        case WC_ALGO_TYPE_CIPHER:
+            MAX3266X_MSG("Using MXC AES HW Callback:");
+            ret = wc_MxcAesCryptoCb(info); /* Determine AES HW or SW */
+            break;
+#ifdef MAX3266X_SHA_CB
+        case WC_ALGO_TYPE_HASH:
+            MAX3266X_MSG("Using MXC SHA HW Callback:");
+            ret = wc_MxcShaCryptoCb(info); /* Determine SHA HW or SW */
+            break;
+#endif /* MAX3266X_SHA_CB */
+        default:
+            MAX3266X_MSG("Callback not support with MXC, using SW");
+            /* return this to bypass HW and use SW */
+            ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    }
+
+    return ret;
+}
+#endif
+
+/* Convert Error Codes Correctly and Report HW error when */
+/* using #define MAX3266X_VERBOSE */
+int wc_MXC_error(int *ret)
+{
+    if (ret == NULL) {
+        /* In case somehow pointer to the return code is NULL */
+        return BAD_FUNC_ARG;
+    }
+    switch (*ret) {
+        case E_SUCCESS:
+            return 0;
+
+        case E_INVALID: /* Process Failed */
+            MAX3266X_MSG("HW Reported: E_INVALID Error");
+            *ret = WC_HW_E;
+            break;
+
+        case E_NULL_PTR:
+            MAX3266X_MSG("HW Reported: E_NULL_PTR Error");
+            *ret = BAD_FUNC_ARG;
+            break;
+
+        case E_BAD_PARAM:
+            MAX3266X_MSG("HW Reported: E_BAD_PARAM Error");
+            *ret = BAD_FUNC_ARG;
+            break;
+
+        case E_BAD_STATE:
+            MAX3266X_MSG("HW Reported: E_BAD_STATE Error");
+            *ret = WC_HW_E;
+            break;
+
+        default:
+            MAX3266X_MSG("HW Reported an Unknown Error");
+            *ret = WC_HW_E; /* If something else return HW Error */
+            break;
+    }
+    return *ret;
+}
+
+
+#if defined(MAX3266X_RNG)
+/* Simple call to SDK's TRNG HW */
+int wc_MXC_TRNG_Random(unsigned char* output, unsigned int sz)
+{
+    int status;
+    if (output == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wolfSSL_HwRngMutexLock(); /* Lock Mutex needed since */
+                                         /* calling TPU init */
+    if (status != 0) {
+        return status;
+    }
+    status = MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TRNG);
+    if (status == 0) {
+        /* void return function */
+        MXC_TPU_TRNG_Read(MXC_TRNG, output, sz);
+        MAX3266X_MSG("TRNG Hardware Used");
+    }
+    else {
+        MAX3266X_MSG("TRNG Device did not initialize");
+        status = RNG_FAILURE_E;
+    }
+    wolfSSL_HwRngMutexUnLock(); /* Unlock Mutex no matter status value */
+    return status;
+}
+#endif /* MAX3266X_RNG */
+
+#if defined(MAX3266X_AES)
+/* Generic call to the SDK's AES 1 shot Encrypt based on inputs given */
+int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv,
+                            const unsigned char* enc_key,
+                            MXC_TPU_MODE_TYPE mode, unsigned int data_size,
+                            unsigned char* out, unsigned int keySize)
+{
+    int status;
+    if (in == NULL || iv == NULL || enc_key == NULL || out == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wolfSSL_HwAesMutexLock();
+    MAX3266X_MSG("AES HW Encryption");
+    if (status != 0) {
+        MAX3266X_MSG("Hardware Mutex Failure");
+        return status;
+    }
+    switch (keySize) {
+        case MXC_AES_KEY_128_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES128);
+            status = MXC_TPU_Cipher_AES_Encrypt((const char*)in,
+                        (const char*)iv, (const char*)enc_key,
+                        MXC_TPU_CIPHER_AES128, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 128 Bit");
+            break;
+        case MXC_AES_KEY_192_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES192);
+            status = MXC_TPU_Cipher_AES_Encrypt((const char*)in,
+                        (const char*)iv, (const char*)enc_key,
+                        MXC_TPU_CIPHER_AES192, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 192 Bit");
+            break;
+        case MXC_AES_KEY_256_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES256);
+            status = MXC_TPU_Cipher_AES_Encrypt((const char*)in,
+                        (const char*)iv, (const char*)enc_key,
+                        MXC_TPU_CIPHER_AES256, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 256 Bit");
+            break;
+        default:
+            MAX3266X_MSG("AES HW ERROR: Length Not Supported");
+            wolfSSL_HwAesMutexUnLock();
+            return BAD_FUNC_ARG;
+    }
+    wolfSSL_HwAesMutexUnLock();
+    if (status != 0) {
+        MAX3266X_MSG("AES HW Acceleration Error Occurred");
+        return WC_HW_E;
+    }
+    return status;
+}
+
+
+/* Encrypt AES Crypto Callbacks*/
+#if defined(WOLF_CRYPTO_CB)
+
+#ifdef HAVE_AES_ECB
+int wc_MxcCb_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->devKey,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+#endif /* HAVE_AES_ECB */
+
+#ifdef HAVE_AES_CBC
+int wc_MxcCb_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    word32 keySize;
+    int status;
+    byte *iv;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Always enforce a length check */
+    if (sz % WC_AES_BLOCK_SIZE) {
+    #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        return BAD_LENGTH_E;
+    #else
+        return BAD_FUNC_ARG;
+    #endif
+    }
+    if (sz == 0) {
+        return 0;
+    }
+
+    iv = (byte*)aes->reg;
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->devKey,
+                                    MXC_TPU_MODE_CBC, sz, out,
+                                    (unsigned int)keySize);
+    /* store iv for next call */
+    if (status == 0) {
+        XMEMCPY(iv, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+    }
+    return (status == 0) ? 0 : -1;
+}
+#endif /* HAVE_AES_CBC */
+#endif /* WOLF_CRYPTO_CB */
+
+#ifdef HAVE_AES_DECRYPT
+/* Generic call to the SDK's AES 1 shot decrypt based on inputs given */
+int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv,
+                            const unsigned char* dec_key,
+                            MXC_TPU_MODE_TYPE mode, unsigned int data_size,
+                            unsigned char* out, unsigned int keySize)
+{
+    int status;
+    if (in == NULL || iv == NULL || dec_key == NULL || out == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wolfSSL_HwAesMutexLock();
+    if (status != 0) {
+        return status;
+    }
+    switch (keySize) {
+        case MXC_AES_KEY_128_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES128);
+            status = MXC_TPU_Cipher_AES_Decrypt((const char*)in,
+                        (const char*)iv, (const char*)dec_key,
+                        MXC_TPU_CIPHER_AES128, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 128 Bit");
+            break;
+        case MXC_AES_KEY_192_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES192);
+            status = MXC_TPU_Cipher_AES_Decrypt((const char*)in,
+                        (const char*)iv, (const char*)dec_key,
+                        MXC_TPU_CIPHER_AES192, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 192 Bit");
+            break;
+        case MXC_AES_KEY_256_LEN:
+            MXC_TPU_Cipher_Config(mode, MXC_TPU_CIPHER_AES256);
+            status = MXC_TPU_Cipher_AES_Decrypt((const char*)in,
+                        (const char*)iv, (const char*)dec_key,
+                        MXC_TPU_CIPHER_AES256, mode, data_size, (char*)out);
+            MAX3266X_MSG("AES HW Acceleration Used: 256 Bit");
+            break;
+        default:
+            MAX3266X_MSG("AES HW ERROR: Length Not Supported");
+            wolfSSL_HwAesMutexUnLock();
+            return BAD_FUNC_ARG;
+    }
+    wolfSSL_HwAesMutexUnLock();
+    if (status != 0) {
+        MAX3266X_MSG("AES HW Acceleration Error Occurred");
+        return WC_HW_E;
+    }
+    return status;
+}
+
+/* Decrypt Aes Crypto Callbacks*/
+#if defined(WOLF_CRYPTO_CB)
+
+#ifdef HAVE_AES_ECB
+int wc_MxcCb_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int status;
+    word32 keySize;
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->devKey,
+                                        MXC_TPU_MODE_ECB, sz, out, keySize);
+
+    return status;
+}
+#endif /* HAVE_AES_ECB */
+
+#ifdef HAVE_AES_CBC
+int wc_MxcCb_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    word32 keySize;
+    int status;
+    byte *iv;
+    byte temp_block[WC_AES_BLOCK_SIZE];
+
+    if ((in == NULL) || (out == NULL) || (aes == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Always enforce a length check */
+    if (sz % WC_AES_BLOCK_SIZE) {
+    #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        return BAD_LENGTH_E;
+    #else
+        return BAD_FUNC_ARG;
+    #endif
+    }
+    if (sz == 0) {
+        return 0;
+    }
+
+    iv = (byte*)aes->reg;
+    status = wc_AesGetKeySize(aes, &keySize);
+    if (status != 0) {
+        return status;
+    }
+
+    /* get IV for next call */
+    XMEMCPY(temp_block, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+    status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->devKey,
+                                    MXC_TPU_MODE_CBC, sz, out,
+                                    keySize);
+
+    /* store iv for next call */
+    if (status == 0) {
+        XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE);
+    }
+    return (status == 0) ? 0 : -1;
+}
+#endif /* HAVE_AES_CBC */
+#endif /* WOLF_CRYPTO_CB */
+#endif /* HAVE_AES_DECRYPT */
+#endif /* MAX3266X_AES */
+
+#if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB)
+
+int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash)
+{
+    if (hash == NULL) {
+        return BAD_FUNC_ARG; /* Appropriate error handling for null argument */
+    }
+    hash->msg = NULL;
+    hash->used = 0;
+    hash->size = 0;
+    return 0;
+}
+
+/* Used to update the msg. Currently the SDK only supports 1 shots, so the */
+/* hash->msg buffer needs to be updated and resized. hash->msg will keep the */
+/* unhashed msg and produce a digest when wc_MXC_TPU_SHA_Final or */
+/* wc_MXC_TPU_SHA_GetHash is called */
+int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash, const unsigned char* data,
+                            unsigned int size)
+{
+    void *p;
+    /* Only update if size is not 0 */
+    if (size == 0) {
+        return 0;
+    }
+    /* Check for NULL pointers After Size Check */
+    if (hash == NULL || data == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (hash->size < hash->used+size) {
+        if (hash->msg == NULL) {
+            p = XMALLOC(hash->used+size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+        else {
+            #ifdef WOLFSSL_NO_REALLOC
+            p = XMALLOC(hash->used + size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (p != NULL) {
+                XMEMCPY(p, hash->msg, hash->used);
+                XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            }
+            #else
+            p = XREALLOC(hash->msg, hash->used+size, NULL,
+                            DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
+        }
+        if (p == NULL) {
+            return MEMORY_E;
+        }
+        hash->msg = p;
+        hash->size = hash->used+size;
+    }
+    XMEMCPY(hash->msg+hash->used, data, size);
+    hash->used += size;
+    if (hash->msg == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    return 0;
+}
+
+int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest,
+                                MXC_TPU_HASH_TYPE algo)
+{
+    int status;
+    if (hash == NULL || digest == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wc_MXC_TPU_SHA_GetDigest(hash, digest, algo);
+    /* True Case that msg is an empty string */
+    if (status == 1) {
+        /* Hardware cannot handle the case of an empty string */
+        /* so in the case of this we will provide the hash via software */
+        return 0;
+    }
+    /* False Case where msg needs to be processed */
+    else if (status == 0) {
+        status = wolfSSL_HwHashMutexLock(); /* Set Mutex */
+        if (status != 0) { /* Mutex Call Check */
+            return status;
+        }
+        MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TPU);
+        MXC_TPU_Hash_Config(algo);
+        status = MXC_TPU_Hash_SHA((const char *)hash->msg, algo, hash->size,
+                                         (char *)digest);
+        MAX3266X_MSG("SHA HW Acceleration Used");
+        wolfSSL_HwHashMutexUnLock(); /* Release Mutex */
+        if (wc_MXC_error(&status) != 0) {
+            MAX3266X_MSG("SHA HW Error Occurred");
+            return status;
+        }
+    }
+    /* Error Occurred */
+    return status;
+}
+
+/* Calls GetHash to determine the digest and then reinitialize the hash */
+/* struct */
+int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash, unsigned char* digest,
+                                    MXC_TPU_HASH_TYPE algo)
+{
+    int status;
+    if (hash == NULL || digest == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    status = wc_MXC_TPU_SHA_GetHash(hash, digest, algo);
+    /* Free hash->msg no matter result */
+    XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (status != 0) {
+        return status;
+    }
+    status = wc_MXC_TPU_SHA_Init(hash);
+    if (status != 0) {
+        return status;
+    }
+    return status;
+}
+
+/* Copies Struct values from SRC struct to DST struct */
+int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst)
+{
+    if (src == NULL || dst == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    dst->used = src->used;
+    dst->size = src->size;
+    if (dst->msg == src->msg && src->msg != 0) {
+        /* Allocate new memory for dst->msg if it points to the same location */
+        /* as src->msg */
+        dst->msg = (unsigned char*)XMALLOC(src->size, NULL,
+                                            DYNAMIC_TYPE_TMP_BUFFER);
+        if (dst->msg == NULL) {
+            return MEMORY_E; /* Handle memory allocation failure */
+        }
+    }
+    XMEMCPY(dst->msg, src->msg, src->size);
+    return 0;
+}
+
+/* Free the given struct's msg buffer and then reinitialize the struct to 0 */
+/* returns void to match other wc_Sha*Free api */
+void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash)
+{
+    if (hash == NULL) {
+        return; /* Hash Struct is Null already, dont edit potentially */
+                /* undefined memory */
+    }
+    XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    wc_MXC_TPU_SHA_Init(hash); /* sets hash->msg to null + zero's attributes */
+    return;
+}
+
+/* Acts as a True/False if true it will provide the stored digest */
+/* for the edge case of an empty string */
+int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, unsigned char* digest,
+                                        MXC_TPU_HASH_TYPE algo)
+{
+    if (hash == NULL || digest == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (hash->msg == 0 && hash->size == 0) {
+        switch (algo) {
+            #ifndef NO_SHA
+            case MXC_TPU_HASH_SHA1:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA1, WC_SHA_DIGEST_SIZE);
+                break;
+            #endif /* NO_SHA */
+            #ifdef WOLFSSL_SHA224
+            case MXC_TPU_HASH_SHA224:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA224, WC_SHA224_DIGEST_SIZE);
+                break;
+            #endif /* WOLFSSL_SHA224 */
+            #ifndef NO_SHA256
+            case MXC_TPU_HASH_SHA256:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA256, WC_SHA256_DIGEST_SIZE);
+                break;
+            #endif /* NO_SHA256 */
+            #ifdef WOLFSSL_SHA384
+            case MXC_TPU_HASH_SHA384:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA384, WC_SHA384_DIGEST_SIZE);
+                break;
+            #endif /* WOLFSSL_SHA384 */
+            #ifdef WOLFSSL_SHA512
+            case MXC_TPU_HASH_SHA512:
+                XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA512, WC_SHA512_DIGEST_SIZE);
+                break;
+            #endif /* WOLFSSL_SHA512 */
+            default:
+                return BAD_FUNC_ARG;
+        }
+        return 1; /* True */
+    }
+    return 0; /* False */
+}
+
+#ifndef MAX3266X_SHA_CB
+#if !defined(NO_SHA)
+
+WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
+{
+    if (sha == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha->mxcCtx));
+}
+
+WOLFSSL_API int wc_ShaUpdate(wc_Sha* sha, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_ShaFinal(wc_Sha* sha, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA1);
+}
+
+WOLFSSL_API int wc_ShaGetHash(wc_Sha* sha, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA1);
+}
+
+WOLFSSL_API int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_ShaFree(wc_Sha* sha)
+{
+    wc_MXC_TPU_SHA_Free(&(sha->mxcCtx));
+    return;
+}
+
+#endif /* NO_SHA */
+
+#if defined(WOLFSSL_SHA224)
+
+WOLFSSL_API int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId)
+{
+    if (sha224 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha224->mxcCtx));
+}
+
+WOLFSSL_API int wc_InitSha224(wc_Sha224* sha224)
+{
+    return wc_InitSha224_ex(sha224, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha224Update(wc_Sha224* sha224, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha224->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_Sha224Final(wc_Sha224* sha224, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha224->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA224);
+}
+
+WOLFSSL_API int wc_Sha224GetHash(wc_Sha224* sha224, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha224->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA224);
+}
+
+WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_Sha224Free(wc_Sha224* sha224)
+{
+    wc_MXC_TPU_SHA_Free(&(sha224->mxcCtx));
+    return;
+}
+
+#endif /* WOLFSSL_SHA224 */
+
+#if !defined(NO_SHA256)
+
+WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
+{
+    if (sha256 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx));
+}
+
+WOLFSSL_API int wc_InitSha256(wc_Sha256* sha256)
+{
+    return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha256, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha256->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha256->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA256);
+}
+
+WOLFSSL_API int wc_Sha256GetHash(wc_Sha256* sha256, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha256->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA256);
+}
+
+WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256)
+{
+    wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx));
+    return;
+}
+
+#endif /* NO_SHA256 */
+
+#if defined(WOLFSSL_SHA384)
+
+WOLFSSL_API int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
+{
+    if (sha384 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx));
+}
+
+WOLFSSL_API int wc_InitSha384(wc_Sha384* sha384)
+{
+    return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha384Update(wc_Sha384* sha384, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha384->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_Sha384Final(wc_Sha384* sha384, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha384->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA384);
+}
+
+WOLFSSL_API int wc_Sha384GetHash(wc_Sha384* sha384, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha384->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA384);
+}
+
+WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_Sha384Free(wc_Sha384* sha384)
+{
+    wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx));
+    return;
+}
+
+#endif /* WOLFSSL_SHA384 */
+
+#if defined(WOLFSSL_SHA512)
+
+WOLFSSL_API int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
+{
+    if (sha512 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    (void)heap;
+    (void)devId;
+    return wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx));
+}
+
+WOLFSSL_API int wc_InitSha512(wc_Sha512* sha512)
+{
+    return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID);
+}
+
+WOLFSSL_API int wc_Sha512Update(wc_Sha512* sha512, const unsigned char* data,
+                                        unsigned int len)
+{
+    return wc_MXC_TPU_SHA_Update(&(sha512->mxcCtx), data, len);
+}
+
+WOLFSSL_API int wc_Sha512Final(wc_Sha512* sha512, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_Final(&(sha512->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA512);
+}
+
+WOLFSSL_API int wc_Sha512GetHash(wc_Sha512* sha512, unsigned char* hash)
+{
+    return wc_MXC_TPU_SHA_GetHash(&(sha512->mxcCtx), hash,
+                                        MXC_TPU_HASH_SHA512);
+}
+
+WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
+{
+    return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+}
+
+WOLFSSL_API void wc_Sha512Free(wc_Sha512* sha512)
+{
+    wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx));
+    return;
+}
+
+#endif /* WOLFSSL_SHA512 */
+#endif /* !MAX3266X_SHA_CB*/
+#endif /* MAX3266X_SHA || MAX3266X_SHA_CB */
+
+#if defined(MAX3266X_MATH)
+
+/* Sets mutex and initializes hardware according to needed operation size */
+int wc_MXC_MAA_init(unsigned int len)
+{
+    int status;
+    MAX3266X_MSG("Setting Hardware Mutex and Starting MAA");
+    status = wolfSSL_HwPkMutexLock();
+    if (status == 0) {
+        status = MXC_TPU_MAA_Init(len);
+    }
+    return wc_MXC_error(&status); /* Return Status of Init */
+}
+
+/* Unlocks mutex and performs graceful shutdown of hardware */
+int wc_MXC_MAA_Shutdown(void)
+{
+    int status;
+    MAX3266X_MSG("Unlocking Hardware Mutex and Shutting Down MAA");
+    status = MXC_TPU_MAA_Shutdown();
+    if (status == E_BAD_PARAM) { /* Miss leading, Send WC_HW_ERROR */
+                                /* This is returned when MAA cannot stop */
+        status = WC_HW_E;
+    }
+    wolfSSL_HwPkMutexUnLock(); /* Always call Unlock in shutdown */
+    return wc_MXC_error(&status);
+}
+
+/* Update used number for mp_int struct for results */
+int wc_MXC_MAA_adjustUsed(unsigned int *array, unsigned int length)
+{
+    int i, lastNonZeroIndex;
+    lastNonZeroIndex = -1; /* Track the last non-zero index */
+    for (i = 0; i < length; i++) {
+        if (array[i] != 0) {
+            lastNonZeroIndex = i;
+        }
+    }
+    return (lastNonZeroIndex + 1);
+}
+
+/* Determines the size of operation that needs to happen */
+unsigned int wc_MXC_MAA_Largest(unsigned int count, ...)
+{
+    va_list args;
+    int i;
+    unsigned int largest, num;
+    va_start(args, count);
+    largest = va_arg(args, unsigned int);
+    for (i = 1; i < count; i++) {
+        num = va_arg(args, unsigned int);
+        if (num > largest) {
+            largest = num;
+        }
+    }
+    va_end(args);
+    return largest;
+}
+
+/* Determines if we need to fallback to Software */
+int wc_MXC_MAA_Fallback(unsigned int count, ...)
+{
+    va_list args;
+    int num, i;
+    va_start(args, count);
+    for (i = 0; i < count; i++) {
+        num = va_arg(args, unsigned int);
+        if (num > MXC_MAA_MAX_SIZE) {
+            MAX3266X_MSG("HW Falling Back to Software");
+            return 1;
+        }
+    }
+    va_end(args);
+    MAX3266X_MSG("HW Can Handle Input");
+    return 0;
+}
+
+/* Have to zero pad the entire data array up to 256 bytes(2048 bits) */
+/* If length > 256 bytes then error */
+int wc_MXC_MAA_zeroPad(mp_int* multiplier, mp_int* multiplicand,
+                            mp_int* exp, mp_int* mod, mp_int* result,
+                            MXC_TPU_MAA_TYPE clc, unsigned int length)
+{
+    mp_digit* zero_tmp;
+    MAX3266X_MSG("Zero Padding Buffers for Hardware");
+    if (length > MXC_MAA_MAX_SIZE) {
+        MAX3266X_MSG("Hardware cannot exceed 2048 bit input");
+        return BAD_FUNC_ARG;
+    }
+    if ((result == NULL) || (multiplier == NULL) || (multiplicand == NULL) ||
+            ((exp == NULL) && (clc == MXC_TPU_MAA_EXP)) || (mod == NULL)) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Create an array to compare values to to check edge for error edge case */
+    zero_tmp = (mp_digit*)XMALLOC(multiplier->size*sizeof(mp_digit), NULL,
+                                    DYNAMIC_TYPE_TMP_BUFFER);
+    if (zero_tmp == NULL) {
+        MAX3266X_MSG("NULL pointer found after XMALLOC call");
+        return MEMORY_E;
+    }
+    XMEMSET(zero_tmp, 0x00, multiplier->size*sizeof(mp_digit));
+
+    /* Check for invalid arguments before padding */
+    switch ((char)clc) {
+        case MXC_TPU_MAA_EXP:
+            /* Cannot be 0 for a^e mod m operation */
+            if (XMEMCMP(zero_tmp, exp, (exp->used*sizeof(mp_digit))) == 0) {
+                XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                MAX3266X_MSG("Cannot use Value 0 for Exp");
+                return BAD_FUNC_ARG;
+            }
+
+            /* Pad out rest of data if used != length to ensure no */
+            /* garbage is used in calculation */
+            if ((exp != NULL) && (clc == MXC_TPU_MAA_EXP)) {
+                if ((exp->dp != NULL) && (exp->used < length)) {
+                    MAX3266X_MSG("Zero Padding Exp Buffer");
+                    XMEMSET(exp->dp + exp->used, 0x00,
+                            sizeof(int) *(length - exp->used));
+                }
+            }
+
+        /* Fall through to check mod is not 0 */
+        case MXC_TPU_MAA_SQ:
+        case MXC_TPU_MAA_MUL:
+        case MXC_TPU_MAA_SQMUL:
+        case MXC_TPU_MAA_ADD:
+        case MXC_TPU_MAA_SUB:
+            /* Cannot be 0 for mod m value */
+            if (XMEMCMP(zero_tmp, mod, (exp->used*sizeof(mp_digit))) == 0) {
+                XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                MAX3266X_MSG("Cannot use Value 0 for Exp");
+                return BAD_FUNC_ARG;
+            }
+
+            /* Pad out rest of data if used != length to ensure no */
+            /* garbage is used in calculation */
+            if ((multiplier->dp != NULL) && (multiplier->used < length)) {
+                MAX3266X_MSG("Zero Padding Multiplier Buffer");
+                XMEMSET(multiplier->dp + multiplier->used, 0x00,
+                    sizeof(int) * (length - multiplier->used));
+            }
+            if ((multiplicand->dp != NULL) && (multiplicand->used < length)) {
+                MAX3266X_MSG("Zero Padding Multiplicand Buffer");
+                XMEMSET(multiplicand->dp + multiplicand->used, 0x00,
+                    sizeof(int) * (length - multiplicand->used));
+            }
+            if ((mod->dp != NULL) && (mod->used < length)) {
+                MAX3266X_MSG("Zero Padding Mod Buffer");
+                XMEMSET(mod->dp + mod->used, 0x00,
+                            sizeof(int) *(length - mod->used));
+            }
+            break;
+        default:
+            /* Free the zero array used to check values */
+            XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return BAD_FUNC_ARG; /* Invalid clc given */
+    }
+    /* Free the zero array used to check values */
+    XFREE(zero_tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    /* Make sure result is 0 padded */
+    if (result->dp != NULL) {
+        ForceZero(result->dp, sizeof(int)*(length));
+        result->used = length;
+    }
+    else if (result == NULL) {
+        return BAD_FUNC_ARG; /* Cannot be null */
+    }
+    return 0;
+}
+
+
+
+/* General Control Over MAA Hardware to handle all needed Cases */
+int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp,
+                                mp_int* mod, mp_int* result,
+                                MXC_TPU_MAA_TYPE clc)
+{
+    int ret;
+    int length;
+    mp_int* result_tmp_ptr;
+    mp_int result_tmp;
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            (exp == NULL && clc == MXC_TPU_MAA_EXP) || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Check if result shares struct pointer */
+    if ((multiplier == result) || (multiplicand == result) || (exp == result) ||
+            (mod == result)) {
+            MAX3266X_MSG("Creating Temp Result Buffer for Hardware");
+            result_tmp_ptr = &result_tmp; /* Assign point to temp struct */
+    }
+    else {
+        result_tmp_ptr = result; /* No Shared Point to directly assign */
+    }
+    if (result_tmp_ptr == NULL) {
+        MAX3266X_MSG("tmp ptr is null");
+        return MP_VAL;
+    }
+
+    if (clc == MXC_TPU_MAA_EXP) {
+        length = wc_MXC_MAA_Largest(5, multiplier->used, multiplicand->used,
+                                           exp->used, mod->used, result->used);
+    }
+    else {
+        length = wc_MXC_MAA_Largest(4, multiplier->used, multiplicand->used,
+                                        mod->used, result->used);
+    }
+
+    /* Zero Pad everything if needed */
+    ret = wc_MXC_MAA_zeroPad(multiplier, multiplicand, exp, mod, result_tmp_ptr,
+                                clc, length);
+    if (ret != 0) {
+        MAX3266X_MSG("Zero Padding Failed");
+        return ret;
+    }
+
+    /* Init MAA HW */
+    ret = wc_MXC_MAA_init(length*sizeof(mp_digit)*8);
+    if (ret != 0) {
+        MAX3266X_MSG("HW Init Failed");
+        wolfSSL_HwPkMutexUnLock();
+        return ret;
+    }
+
+    /* Start Math And Cast to expect types for SDK */
+    MAX3266X_MSG("Starting Computation in MAA");
+    ret = MXC_TPU_MAA_Compute(clc, (char *)(multiplier->dp),
+                                    (char *)(multiplicand->dp),
+                                    (char *)(exp->dp), (char *)(mod->dp),
+                                    (int *)(result_tmp_ptr->dp),
+                                    (length*sizeof(mp_digit)));
+    MAX3266X_MSG("MAA Finished Computation");
+    if (wc_MXC_error(&ret) != 0) {
+        MAX3266X_MSG("HW Computation Error");
+        wolfSSL_HwPkMutexUnLock();
+        return ret;
+    }
+
+    ret = wc_MXC_MAA_Shutdown();
+    if (ret != 0) {
+        MAX3266X_MSG("HW Shutdown Failure");
+        /* Shutdown will always call wolfSSL_HwPkMutexUnLock(); */
+        /* before returning */
+        return ret;
+    }
+
+    /* Copy tmp result if needed */
+    if ((multiplier == result) || (multiplicand == result) || (exp == result) ||
+            (mod == result)) {
+        mp_copy(result_tmp_ptr, result);
+        ForceZero(result_tmp_ptr, sizeof(result_tmp_ptr)); /* force zero */
+    }
+
+    result->used = wc_MXC_MAA_adjustUsed(result->dp, length);
+    return ret;
+}
+
+
+
+int wc_MXC_MAA_expmod(mp_int* base, mp_int* exp, mp_int* mod,
+                            mp_int* result)
+{
+    mp_int multiplicand;
+    if (base == NULL || exp == NULL || mod == NULL || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    XMEMSET(&multiplicand, 0, sizeof(mp_int));
+    multiplicand.dp[0] = 0x01;
+    multiplicand.used = mod->used;
+    MAX3266X_MSG("Preparing exptmod MAA HW Call");
+    return wc_MXC_MAA_math(base, &multiplicand, exp, mod, result,
+                            MXC_TPU_MAA_EXP);
+}
+
+int wc_MXC_MAA_sqrmod(mp_int* multiplier, mp_int* mod, mp_int* result)
+{
+    mp_int multiplicand;
+    if (multiplier == NULL || mod == NULL || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    XMEMSET(&multiplicand, 0, sizeof(mp_int));
+    multiplicand.dp[0] = 0x01;
+    multiplicand.used = mod->used;
+    MAX3266X_MSG("Preparing sqrmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, &multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_SQ);
+}
+
+int wc_MXC_MAA_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                            mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing mulmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_MUL);
+}
+
+int wc_MXC_MAA_sqrmulmod(mp_int* multiplier, mp_int* multiplicand,
+                            mp_int* exp, mp_int* mod, mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || exp == NULL ||
+            mod == NULL || result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing sqrmulmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_SQMUL);
+}
+
+int wc_MXC_MAA_addmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                            mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing addmod MAA HW Call");
+    return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                            MXC_TPU_MAA_ADD);
+}
+
+int wc_MXC_MAA_submod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                            mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    MAX3266X_MSG("Preparing submod MAA HW Call");
+    if ((mod->used < multiplier->used) || (mod->used < multiplicand->used)) {
+            MAX3266X_MSG("HW Limitation: Defaulting back to software");
+            return mxc_submod(multiplier, multiplicand, mod, result);
+    }
+    else {
+        return wc_MXC_MAA_math(multiplier, multiplicand, NULL, mod, result,
+                             MXC_TPU_MAA_SUB);
+    }
+}
+
+/* General Function to call hardware control */
+int hw_mulmod(mp_int* multiplier, mp_int* multiplicand, mp_int* mod,
+                    mp_int* result)
+{
+    if (multiplier == NULL || multiplicand == NULL || mod == NULL ||
+            result == NULL) {
+        return MP_VAL;
+    }
+    if ((multiplier->used == 0) || (multiplicand->used == 0)) {
+        mp_zero(result);
+        return 0;
+    }
+    else {
+        if (wc_MXC_MAA_Fallback(3, multiplier->used, mod->used,
+                                multiplicand->used) != 0) {
+                return mxc_mulmod(multiplier, multiplicand, mod, result);
+        }
+        else {
+            return wc_MXC_MAA_mulmod(multiplier, multiplicand, mod, result);
+        }
+    }
+}
+
+int hw_addmod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result)
+{
+    int err = MP_OKAY;
+    /* Validate parameters. */
+    if ((a == NULL) || (b == NULL) || (mod == NULL) || (result == NULL)) {
+        err = MP_VAL;
+    }
+    if (err == MP_OKAY) {
+        if (wc_MXC_MAA_Fallback(3, a->used, b->used, mod->used) != 0) {
+            err = mxc_addmod(a, b, mod, result);
+        }
+        else {
+            err = wc_MXC_MAA_addmod(a, b, mod, result);
+        }
+    }
+    return err;
+}
+
+
+int hw_submod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result)
+{
+    int err = MP_OKAY;
+    /* Validate parameters. */
+    if ((a == NULL) || (b == NULL) || (mod == NULL) || (result == NULL)) {
+        err = MP_VAL;
+    }
+    if (err == MP_OKAY) {
+        if (wc_MXC_MAA_Fallback(3, a->used, b->used, mod->used) != 0) {
+            err = mxc_submod(a, b, mod, result);
+        }
+        else{
+            err = wc_MXC_MAA_submod(a, b, mod, result);
+        }
+    }
+    return err;
+}
+
+int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod, mp_int* result)
+{
+    int err = MP_OKAY;
+    /* Validate parameters. */
+    if ((base == NULL) || (exp == NULL) || (mod == NULL) || (result == NULL)) {
+        err = MP_VAL;
+    }
+    if (err == MP_OKAY) {
+        if ((mod->used < exp->used) || (mod->used < base->used)) {
+            err = mxc_exptmod(base, exp, mod, result);
+        }
+        else if (wc_MXC_MAA_Fallback(3, base->used, exp->used, mod->used)
+                    != 0) {
+            return mxc_exptmod(base, exp, mod, result);
+        }
+        else{
+            err = wc_MXC_MAA_expmod(base, exp, mod, result);
+        }
+    }
+    return err;
+}
+
+
+/* No mod function available with hardware, however perform a submod    */
+/* (a - 0) mod m will essentially perform the same operation as a mod m */
+int hw_mod(mp_int* a, mp_int* mod, mp_int* result)
+{
+    mp_int b;
+    if (a == NULL || mod == NULL || result == NULL) {
+        return MP_VAL;
+    }
+    if (wc_MXC_MAA_Fallback(2, a->used, mod->used) != 0) {
+        return mxc_mod(a, mod, result);
+    }
+    XMEMSET(&b, 0, sizeof(mp_int));
+    b.used = mod->used; /* assume mod is determining size */
+    return hw_submod(a, &b, mod, result);
+}
+
+int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result)
+{
+    if (base == NULL || mod == NULL || result == NULL) {
+        return MP_VAL;
+    }
+    if (base->used == 0) {
+        mp_zero(result);
+        return 0;
+    }
+    return wc_MXC_MAA_sqrmod(base, mod, result);
+}
+
+#endif /* MAX3266X_MATH */
+
+#if defined(MAX3266X_RTC)
+/* Initialize the RTC */
+int wc_MXC_RTC_Init(void)
+{
+    /* RTC Init for benchmark */
+    if (MXC_RTC_Init(0, 0) != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    /* Disable the Interrupt */
+    if (MXC_RTC_DisableInt(MXC_RTC_INT_EN_LONG) == E_BUSY) {
+        return WC_HW_E;
+    }
+    /* Start Clock for RTC */
+    if (MXC_RTC_SquareWaveStart(MXC_RTC_F_512HZ) == E_BUSY) {
+        return E_BUSY;
+    }
+    /* Begin RTC count */
+    if (MXC_RTC_Start() != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    return 0;
+}
+
+/* Reset the RTC */
+int wc_MXC_RTC_Reset(void)
+{
+    /* Stops Counts */
+    if (MXC_RTC_Stop() != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    /* Restart RTC via Init */
+    if (wc_MXC_RTC_Init() != E_NO_ERROR) {
+        return WC_HW_E;
+    }
+    return 0;
+}
+
+/* Function to handle RTC read retries */
+void wc_MXC_RTC_GetRTCValue(int32_t (*rtcGetFunction)(uint32_t*),
+                                uint32_t* outValue, int32_t* err)
+{
+    *err = rtcGetFunction(outValue);  /* Initial attempt to get the value */
+    while (*err != E_NO_ERROR) {
+        *err = rtcGetFunction(outValue);  /* Retry if the error persists */
+    }
+}
+
+/* Function to provide the current time as a double */
+/* Returns seconds and millisecond */
+double wc_MXC_RTC_Time(void)
+{
+    int32_t err;
+    uint32_t rtc_seconds, rtc_subseconds;
+
+    /* Retrieve sub-seconds from RTC */
+    wc_MXC_RTC_GetRTCValue((int32_t (*)(uint32_t*))MXC_RTC_GetSubSeconds,
+                                    &rtc_subseconds, &err);
+    if (err != E_NO_ERROR) {
+        return (double)err;
+    }
+    /* Retrieve seconds from RTC */
+    wc_MXC_RTC_GetRTCValue((int32_t (*)(uint32_t*))MXC_RTC_GetSeconds,
+                                &rtc_seconds, &err);
+    if (err != E_NO_ERROR) {
+        return (double)err;
+    }
+    /* Per the device documentation, subsecond register holds up to 1 second */
+    /* subsecond register is size 2^12, so divide by 4096 to get milliseconds */
+    return ((double)rtc_seconds + ((double)rtc_subseconds / 4096));
+}
+
+#endif /* MAX3266X_RTC */
+
+#endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */
diff --git a/wolfcrypt/src/port/maxim/maxq10xx.c b/wolfcrypt/src/port/maxim/maxq10xx.c
index 370a170a8..bd491676f 100644
--- a/wolfcrypt/src/port/maxim/maxq10xx.c
+++ b/wolfcrypt/src/port/maxim/maxq10xx.c
@@ -1,6 +1,6 @@
 /* maxq10xx.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -97,7 +97,9 @@ void dbg_dumphex(const char *identifier, const uint8_t* pdata, uint32_t plen);
 #define MAX_SIGNKEY_DATASIZE   96
 #define MAX_SIG_DATASIZE       64
 #define ECC_KEYCOMPLEN         32
-
+#define ESTABLISH_OUT_MAX      128
+#define FIXED_INFO_LEN         32
+#define FIXED_INFO_VALUE       0xaa
 #ifdef WOLFSSL_MAXQ108X
 
 #define PSK_KID (0x1235)
@@ -600,6 +602,9 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen)
         goto end_AesSetKey;
     }
 
+    /* Delete object if one already exists. Ignore error in case it doesn't
+     * exist. */
+    (void)MXQ_DeleteObject(obj_id);
     mxq_rc = MXQ_CreateObject(obj_id, keylen, MXQ_OBJTYPE_SECRETKEY,
                               OBJPROP_PERSISTENT,
                               (char *)"ahs=rwdgx:ahs=rwdgx:ahs=rwdgx");
@@ -626,13 +631,26 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen)
     LoadDefaultImportKey(sign_key, &sign_key_len, &sign_key_curve,
                          &sign_key_type);
 
+    /* Unlock because signing operation will need to use the RNG. */
+    #if defined(MAXQ10XX_MUTEX)
+    wolfSSL_CryptHwMutexUnLock();
+    #endif
+
     rc = ECDSA_sign(signature, &signature_len, sign_key, key_buff, key_buff_len,
                     sign_key_curve);
     if (rc) {
         WOLFSSL_ERROR_MSG("MAXQ: ECDSA_sign() failed");
-        goto end_AesSetKey;
+        goto end_AesSetKey_noUnlock;
     }
 
+    #if defined(MAXQ10XX_MUTEX)
+    rc = maxq_CryptHwMutexTryLock();
+    if (rc != 0) {
+        WOLFSSL_ERROR_MSG("MAXQ: aes_set_key() lock could not be acquired");
+        rc = NOT_COMPILED_IN;
+        goto end_AesSetKey_noUnlock;
+    }
+    #endif
     mxq_rc = MXQ_ImportKey(obj_id, getSignAlgoFromCurve(sign_key_curve),
                            PUBKEY_IMPORT_OBJID, key_buff, key_buff_len,
                            signature, signature_len);
@@ -647,6 +665,7 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen)
 
 end_AesSetKey:
     wolfSSL_CryptHwMutexUnLock();
+end_AesSetKey_noUnlock:
     return rc;
 }
 #endif /* MAXQ_AESGCM */
@@ -680,12 +699,14 @@ void wc_MAXQ10XX_AesFree(Aes* aes)
 }
 
 #ifdef MAXQ_ECC
-static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
+static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen,
+                       int for_ecdh)
 {
     mxq_err_t mxq_rc;
     int rc;
     word32 keylen;
     int objtype;
+    mxq_keyuse_t key_use;
     mxq_u1 key_buff[MAX_KEY_DATASIZE];
     mxq_length key_buff_len = sizeof(key_buff);
     unsigned char sign_key[MAX_SIGNKEY_DATASIZE];
@@ -708,6 +729,13 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
         objtype = MXQ_OBJTYPE_KEYPAIR;
     }
 
+    if (for_ecdh) {
+        key_use = MXQ_KEYUSE_KEY_EXCHAGE;
+    }
+    else {
+        key_use = MXQ_KEYUSE_DATASIGNATURE;
+    }
+
     #if defined(MAXQ10XX_MUTEX)
     rc = maxq_CryptHwMutexTryLock();
     if (rc != 0) {
@@ -728,6 +756,9 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
         goto end_EccSetKey;
     }
 
+    /* Delete object if one already exists. Ignore error in case it doesn't
+     * exist. */
+    (void)MXQ_DeleteObject(obj_id);
     mxq_rc = MXQ_CreateObject(obj_id, keylen, objtype, OBJPROP_PERSISTENT,
                               (char *)"ahs=rwdgx:ahs=rwdgx:ahs=rwdgx");
     if (mxq_rc) {
@@ -741,7 +772,7 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
 
     mxq_rc = MXQ_BuildKey(key_buff, &key_buff_len, MXQ_KEYTYPE_ECC,
                           MXQ_KEYPARAM_EC_P256R1, keycomplen, keylen,
-                          MXQ_KEYUSE_DATASIGNATURE, ALGO_ECDSA_SHA_256,
+                          key_use, ALGO_ECDSA_SHA_256,
                           MXQ_KEYUSE_NONE, ALGO_NONE, (mxq_u1 *)userKey);
     if (mxq_rc) {
         WOLFSSL_ERROR_MSG("MAXQ: MXQ_BuildKey() failed");
@@ -752,13 +783,27 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
     LoadDefaultImportKey(sign_key, &sign_key_len, &sign_key_curve,
                          &sign_key_type);
 
+    /* Unlock because signing operation will need to use the RNG. */
+    #if defined(MAXQ10XX_MUTEX)
+    wolfSSL_CryptHwMutexUnLock();
+    #endif
+
     rc = ECDSA_sign(signature, &signature_len, sign_key, key_buff, key_buff_len,
                     sign_key_curve);
     if (rc) {
         WOLFSSL_ERROR_MSG("MAXQ: ECDSA_sign() failed");
-        goto end_EccSetKey;
+        goto end_EccSetKey_noUnlock;
     }
 
+    #if defined(MAXQ10XX_MUTEX)
+    rc = maxq_CryptHwMutexTryLock();
+    if (rc != 0) {
+        WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired");
+        rc = NOT_COMPILED_IN;
+        goto end_EccSetKey_noUnlock;
+    }
+    #endif
+
     mxq_rc = MXQ_ImportKey(obj_id, getSignAlgoFromCurve(sign_key_curve),
                            PUBKEY_IMPORT_OBJID, key_buff, key_buff_len,
                            signature, signature_len);
@@ -772,9 +817,207 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen)
     key->maxq_ctx.key_pending = 0;
 
 end_EccSetKey:
+    #if defined(MAXQ10XX_MUTEX)
     wolfSSL_CryptHwMutexUnLock();
+    #endif
+end_EccSetKey_noUnlock:
     return rc;
 }
+
+static int ecc_gen_key(ecc_key* key, word32 keycomplen)
+{
+    mxq_err_t mxq_rc;
+    int rc;
+    word32 keylen;
+    int objtype;
+    mxq_u1 key_buff[MAX_KEY_DATASIZE];
+    mxq_length key_buff_len = sizeof(key_buff);
+    unsigned char sign_key[MAX_SIGNKEY_DATASIZE];
+    int sign_key_len, sign_key_curve, sign_key_type;
+    mxq_u1 signature[MAX_SIG_DATASIZE];
+    int signature_len = (int)sizeof(signature);
+
+
+    if ((key->type != 0) && (key->type != ECC_PRIVATEKEY)
+        && (key->type != ECC_PRIVATEKEY_ONLY)) {
+        return BAD_FUNC_ARG;
+    }
+
+    key->type = ECC_PRIVATEKEY;
+    keylen = keycomplen * 3;
+    objtype = MXQ_OBJTYPE_KEYPAIR;
+
+    #if defined(MAXQ10XX_MUTEX)
+    rc = maxq_CryptHwMutexTryLock();
+    if (rc != 0) {
+        WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired");
+        rc = NOT_COMPILED_IN;
+        return rc;
+    }
+    #endif
+
+    if (key->maxq_ctx.key_obj_id) {
+        wc_MAXQ10XX_EccFree(key);
+    }
+
+    int obj_id = alloc_ecc_key_id();
+    if (!obj_id) {
+        WOLFSSL_ERROR_MSG("MAXQ: alloc_ecc_key_id() failed");
+        rc = NOT_COMPILED_IN;
+        goto end_EccGenKey;
+    }
+
+    /* Delete object if one already exists. Ignore error in case it doesn't
+     * exist. */
+    (void)MXQ_DeleteObject(obj_id);
+    mxq_rc = MXQ_CreateObject(obj_id, keylen, objtype, OBJPROP_PERSISTENT,
+                              (char *)"ahs=rwdgx:ahs=rwdgx:ahs=rwdgx");
+    if (mxq_rc) {
+        WOLFSSL_ERROR_MSG("MAXQ: MXQ_CreateObject() failed");
+        rc = NOT_COMPILED_IN;
+        goto end_EccGenKey;
+    }
+
+    /* store the object id in the context */
+    key->maxq_ctx.key_obj_id = obj_id;
+
+    /* Note that total_keylen is 0 and psrc is NULL. This ensures that when
+     * MXQ_ImportKey() is called, it does a keygen; not import. */
+    mxq_rc = MXQ_BuildKey(key_buff, &key_buff_len, MXQ_KEYTYPE_ECC,
+                          MXQ_KEYPARAM_EC_P256R1, keycomplen, 0,
+                          MXQ_KEYUSE_KEY_EXCHAGE, ALGO_ECDSA_SHA_256,
+                          MXQ_KEYUSE_NONE, ALGO_NONE, NULL);
+    if (mxq_rc) {
+        WOLFSSL_ERROR_MSG("MAXQ: MXQ_BuildKey() failed");
+        rc = WC_HW_E;
+        goto end_EccGenKey;
+    }
+
+    LoadDefaultImportKey(sign_key, &sign_key_len, &sign_key_curve,
+                         &sign_key_type);
+
+    /* Unlock because signing operation will need to use the RNG. */
+    #if defined(MAXQ10XX_MUTEX)
+    wolfSSL_CryptHwMutexUnLock();
+    #endif
+
+    rc = ECDSA_sign(signature, &signature_len, sign_key, key_buff, key_buff_len,
+                    sign_key_curve);
+    if (rc) {
+        WOLFSSL_ERROR_MSG("MAXQ: ECDSA_sign() failed");
+        goto end_EccGenKey_noUnlock;
+    }
+
+    #if defined(MAXQ10XX_MUTEX)
+    rc = maxq_CryptHwMutexTryLock();
+    if (rc != 0) {
+        WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired");
+        rc = NOT_COMPILED_IN;
+        goto end_EccGenKey_noUnlock;
+    }
+    #endif
+
+    mxq_rc = MXQ_ImportKey(obj_id, getSignAlgoFromCurve(sign_key_curve),
+                           PUBKEY_IMPORT_OBJID, key_buff, key_buff_len,
+                           signature, signature_len);
+    if (mxq_rc) {
+        WOLFSSL_ERROR_MSG("MAXQ: MXQ_ImportKey() failed");
+        rc = WC_HW_E;
+        goto end_EccGenKey;
+    }
+
+    key->maxq_ctx.hw_ecc = 1;
+
+end_EccGenKey:
+    #if defined(MAXQ10XX_MUTEX)
+    wolfSSL_CryptHwMutexUnLock();
+    #endif
+end_EccGenKey_noUnlock:
+    return rc;
+}
+
+static int ecc_establish(ecc_key* key, ecc_key* peer, byte *ss, word32 *ss_len)
+{
+    mxq_err_t mxq_rc;
+    int rc = 0;
+    byte fixed_info_len = FIXED_INFO_LEN;
+    byte fixed_info[FIXED_INFO_LEN];
+    mxq_length output_len = ESTABLISH_OUT_MAX;
+    byte output[ESTABLISH_OUT_MAX];
+
+    word32 peerKeySz = peer->dp->size;
+    uint8_t  peerKeyBuf[MAX_EC_KEY_SIZE];
+    uint8_t* peerKey = peerKeyBuf;
+    uint8_t* qx = peerKey;
+    uint8_t* qy = &peerKey[peerKeySz];
+    word32 qxLen = peerKeySz;
+    word32 qyLen = peerKeySz;
+
+    /* ECC P256 shared secret is 32 bytes. */
+    if (*ss_len != 32) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (peer == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (key == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (key->maxq_ctx.hw_ecc != 1) {
+        /* The key was not generated. Lets import it. */
+        if (key->maxq_ctx.hw_ecc == 0) {
+            rc = wc_MAXQ10XX_EccSetKey(key, key->dp->size);
+            if (rc != 0) {
+                return rc;
+            }
+        }
+
+        if (key->maxq_ctx.hw_ecc == -1) {
+            return CRYPTOCB_UNAVAILABLE;
+        }
+
+        rc = ecc_set_key(key, key->maxq_ctx.ecc_key, key->dp->size, 1);
+    }
+
+    if (rc != 0) {
+        return rc;
+    }
+
+    if (key->maxq_ctx.key_obj_id == 0) {
+        return WC_HW_E;
+    }
+
+    wc_ecc_export_public_raw(peer, qx, &qxLen, qy, &qyLen);
+    if (rc != 0) {
+        return rc;
+    }
+
+    /* This follows what is done in other MAXQ10xx examples. */
+    XMEMSET(fixed_info, FIXED_INFO_VALUE, fixed_info_len);
+
+    /* 0xFFFF indicates that the peer's public key will be in the buffer; not
+     * referenced via key ID. */
+    mxq_rc = MXQ_EstablishKey(SHARE_SECRET, MXQ_KEYPARAM_EC_P256R1,
+                              key->maxq_ctx.key_obj_id, 0xFFFF, peerKey,
+                              0, NULL, 0, 0, 0, 0, fixed_info_len, fixed_info,
+                              0, 0, NULL, output, &output_len);
+
+    if (mxq_rc) {
+        WOLFSSL_ERROR_MSG("MAXQ: MXQ_EstablishKey() failed");
+        rc = WC_HW_E;
+    }
+
+    /* Output contains the public key and shared secret concatenated. The public
+     * key is (0x04 || X || Y) which means its 65 bytes. The shared secret is
+     * in the 32 bytes after that. */
+    XMEMCPY(ss, &output[1 + ECC256_KEYSIZE + ECC256_KEYSIZE], *ss_len);
+
+    return rc;
+}
+
 #endif /* MAXQ_ECC */
 
 void wc_MAXQ10XX_EccFree(ecc_key* key)
@@ -894,12 +1137,14 @@ static int maxq10xx_cipher_do(mxq_algo_id_t algo_id, mxq_u1 encrypt,
     cparams.p_aad        = p_aad;
     cparams.aad_length   = aad_len;
 
-    if (encrypt) {
-        cparams.aead_tag_len = tag_len;
-    }
-    else {
-        XMEMCPY(cparams.aead_tag, p_tag, tag_len);
-        cparams.aead_tag_len = tag_len;
+    if ((algo_id == ALGO_CIPHER_AES_GCM) || (algo_id == ALGO_CIPHER_AES_CCM)) {
+        if (encrypt) {
+            cparams.aead_tag_len = tag_len;
+        }
+        else {
+            XMEMCPY(cparams.aead_tag, p_tag, tag_len);
+            cparams.aead_tag_len = tag_len;
+        }
     }
 
     mxq_rc = MXQ_Cipher_Init(encrypt, algo_id, key_id, &cparams, 0);
@@ -1222,6 +1467,173 @@ static int do_aesgcm(wc_CryptoInfo* info)
 }
 #endif /* !NO_AES && HAVE_AESGCM && MAXQ_AESGCM */
 
+static int do_aescbc(wc_CryptoInfo* info)
+{
+    int rc;
+    byte *out = info->cipher.aescbc.out;
+    const byte *in = info->cipher.aescbc.in;
+
+    if (info->cipher.aescbc.sz == 0) {
+        return CRYPTOCB_UNAVAILABLE;
+     }
+
+    if (info->cipher.aescbc.aes->reg == NULL) {
+        return CRYPTOCB_UNAVAILABLE;
+    }
+
+    /* Cannot do in place decryption because we get the incoming IV and that
+     * would already get over written. */
+    if (in == out) {
+        return CRYPTOCB_UNAVAILABLE;
+    }
+
+    if (info->cipher.aescbc.aes->maxq_ctx.key_pending) {
+        rc = aes_set_key(
+            info->cipher.aescbc.aes,
+            (const byte *)info->cipher.aescbc.aes->maxq_ctx.key,
+            info->cipher.aescbc.aes->keylen);
+        if (rc != 0) {
+            return rc;
+        }
+    }
+
+    rc = wolfSSL_CryptHwMutexLock();
+    if (rc != 0) {
+        return rc;
+    }
+
+    rc = maxq10xx_cipher_do(
+        ALGO_CIPHER_AES_CBC,
+        info->cipher.enc,
+        info->cipher.aescbc.aes->maxq_ctx.key_obj_id,
+        (byte *)info->cipher.aescbc.in,
+        (byte *)info->cipher.aescbc.out,
+        info->cipher.aescbc.sz,
+        (byte *)info->cipher.aescbc.aes->reg, WC_AES_BLOCK_SIZE,
+        NULL, 0,
+        NULL, 0);
+
+    wolfSSL_CryptHwMutexUnLock();
+
+    /* Take the last 16 bytes and throw them into reg. Then it will be ready in
+     * case Update() is called. For both encryption and decryption, we get it
+     * from the ciphertext. (Note in and out usage) */
+    if (info->cipher.enc) {
+        XMEMCPY(info->cipher.aescbc.aes->reg,
+               &out[info->cipher.aescbc.sz - WC_AES_BLOCK_SIZE],
+               WC_AES_BLOCK_SIZE);
+    }
+    else {
+        XMEMCPY(info->cipher.aescbc.aes->reg,
+               &in[info->cipher.aescbc.sz - WC_AES_BLOCK_SIZE],
+               WC_AES_BLOCK_SIZE);
+    }
+    /* done */
+    return rc;
+}
+
+#ifdef HAVE_AES_ECB
+static int do_aesecb(wc_CryptoInfo* info)
+{
+    int rc;
+
+    if (info->cipher.aesecb.sz == 0) {
+        return CRYPTOCB_UNAVAILABLE;
+     }
+
+    if (info->cipher.aesecb.aes->reg == NULL) {
+        return CRYPTOCB_UNAVAILABLE;
+    }
+
+    if (info->cipher.aesecb.aes->maxq_ctx.key_pending) {
+        rc = aes_set_key(
+            info->cipher.aesecb.aes,
+            (const byte *)info->cipher.aesecb.aes->maxq_ctx.key,
+            info->cipher.aesecb.aes->keylen);
+        if (rc != 0) {
+            return rc;
+        }
+    }
+
+    rc = wolfSSL_CryptHwMutexLock();
+    if (rc != 0) {
+        return rc;
+    }
+
+    rc = maxq10xx_cipher_do(
+        ALGO_CIPHER_AES_ECB,
+        info->cipher.enc,
+        info->cipher.aesecb.aes->maxq_ctx.key_obj_id,
+        (byte *)info->cipher.aesecb.in,
+        (byte *)info->cipher.aesecb.out,
+        info->cipher.aesecb.sz,
+        NULL, 0,
+        NULL, 0,
+        NULL, 0);
+
+    wolfSSL_CryptHwMutexUnLock();
+
+    /* done */
+    return rc;
+}
+#endif /* HAVE_AES_ECB */
+
+#ifdef HAVE_AESCCM
+static int do_aesccm(wc_CryptoInfo* info)
+{
+    int rc;
+    wc_CryptoCb_AesAuthEnc *aesccm = (info->cipher.enc) ?
+        (wc_CryptoCb_AesAuthEnc*)&info->cipher.aesccm_enc :
+        /* dec->enc cast is okay */
+        (wc_CryptoCb_AesAuthEnc*)&info->cipher.aesccm_dec;
+
+    if (aesccm->sz == 0) {
+        return CRYPTOCB_UNAVAILABLE;
+     }
+
+    if (aesccm->aes->reg == NULL) {
+        return CRYPTOCB_UNAVAILABLE;
+    }
+
+    /* Cannot do in place decryption because we get the incoming IV and that
+     * would already get over written. */
+    if (aesccm->in == aesccm->out) {
+        return CRYPTOCB_UNAVAILABLE;
+    }
+
+    if (aesccm->aes->maxq_ctx.key_pending) {
+        rc = aes_set_key(
+            aesccm->aes,
+            (const byte *)aesccm->aes->maxq_ctx.key,
+            aesccm->aes->keylen);
+        if (rc != 0) {
+            return rc;
+        }
+    }
+
+    rc = wolfSSL_CryptHwMutexLock();
+    if (rc != 0) {
+        return rc;
+    }
+
+    rc = maxq10xx_cipher_do(
+        ALGO_CIPHER_AES_CCM,
+        info->cipher.enc,
+        aesccm->aes->maxq_ctx.key_obj_id,
+        (byte *)aesccm->in,
+        (byte *)aesccm->out,
+        aesccm->sz,
+        (byte *)aesccm->nonce, aesccm->nonceSz,
+        (byte *)aesccm->authIn, aesccm->authInSz,
+        (byte *)aesccm->authTag, aesccm->authTagSz);
+
+    wolfSSL_CryptHwMutexUnLock();
+
+    /* done */
+    return rc;
+}
+#endif /* HAVE_AESCCM */
+
 #if !defined(NO_SHA) && !defined(NO_SHA256) && defined(MAXQ_SHA256)
 static int do_sha256(wc_CryptoInfo* info)
 {
@@ -1296,10 +1708,11 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
     (void)devId;
     (void)ctx;
 
+    /* In the case of MAXQ1065, this callback is always enabled. */
 #if defined(WOLFSSL_MAXQ108X)
     if (!tls13active)
-#endif
         return CRYPTOCB_UNAVAILABLE;
+#endif
 
     if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
 #if !defined(NO_AES) || !defined(NO_DES3)
@@ -1310,10 +1723,19 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
     #endif /* HAVE_AESGCM && MAXQ_AESGCM */
     #ifdef HAVE_AES_CBC
         if (info->cipher.type == WC_CIPHER_AES_CBC) {
-            /* TODO */
-            return CRYPTOCB_UNAVAILABLE;
+            rc = do_aescbc(info);
         }
     #endif /* HAVE_AES_CBC */
+    #ifdef HAVE_AESCCM
+        if (info->cipher.type == WC_CIPHER_AES_CCM) {
+            rc = do_aesccm(info);
+        }
+    #endif /* HAVE_AESCCM */
+    #ifdef HAVE_AES_ECB
+        if (info->cipher.type == WC_CIPHER_AES_ECB) {
+            rc = do_aesecb(info);
+        }
+    #endif /* HAVE_AES_ECB */
 #endif /* !NO_AES || !NO_DES3 */
     }
 #if !defined(NO_SHA) || !defined(NO_SHA256)
@@ -1343,12 +1765,22 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
     else if (info->algo_type == WC_ALGO_TYPE_PK) {
     #if defined(HAVE_ECC) && defined(MAXQ_ECC)
         if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
-            /* TODO */
-            return CRYPTOCB_UNAVAILABLE;
+            if (info->pk.eckg.key->maxq_ctx.hw_ecc == -1) {
+                return CRYPTOCB_UNAVAILABLE;
+            }
+
+            rc = ecc_gen_key(info->pk.eckg.key, info->pk.eckg.key->dp->size);
+            if (rc != 0) {
+                return rc;
+            }
         }
         else if (info->pk.type == WC_PK_TYPE_ECDH) {
-            /* TODO */
-            return CRYPTOCB_UNAVAILABLE;
+            rc = ecc_establish(info->pk.ecdh.private_key,
+                               info->pk.ecdh.public_key,
+                               info->pk.ecdh.out, info->pk.ecdh.outlen);
+            if (rc != 0) {
+                return rc;
+            }
         }
         else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
             if (info->pk.eccsign.key->maxq_ctx.hw_ecc == 0) {
@@ -1363,22 +1795,32 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                 return CRYPTOCB_UNAVAILABLE;
             }
 
+#if defined(WOLFSSL_MAXQ108X)
+            /* This is not done for MAXQ1065 because we want to use the pre-
+             * provisioned key in the case of PKCS11. */
             if (info->pk.eccsign.key->maxq_ctx.key_pending) {
                 rc = ecc_set_key(info->pk.eccsign.key,
                                  info->pk.eccsign.key->maxq_ctx.ecc_key,
-                                 info->pk.eccsign.key->dp->size);
+                                 info->pk.eccsign.key->dp->size, 0);
                 if (rc != 0) {
                     return rc;
                 }
             }
+#endif
 
             rc = wolfSSL_CryptHwMutexLock();
             if (rc != 0) {
                 return rc;
             }
 
+            /* Note that we are using the DEVICE_KEY_PAIR_OBJ_ID; its the pre-
+             * provisioned key in the case of MAXQ1065. */
             rc = maxq10xx_ecc_sign_local(
+#if defined(WOLFSSL_MAXQ108X)
                      info->pk.eccsign.key->maxq_ctx.key_obj_id,
+#else
+                     DEVICE_KEY_PAIR_OBJ_ID,
+#endif
                      (byte *)info->pk.eccsign.in, info->pk.eccsign.inlen,
                      info->pk.eccsign.out, info->pk.eccsign.outlen,
                      info->pk.eccsign.key->dp->size);
@@ -1412,7 +1854,7 @@ int wolfSSL_MAXQ10XX_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
             if (info->pk.eccverify.key->maxq_ctx.key_pending) {
                 rc = ecc_set_key(info->pk.eccverify.key,
                                  info->pk.eccverify.key->maxq_ctx.ecc_key,
-                                 info->pk.eccverify.key->dp->size);
+                                 info->pk.eccverify.key->dp->size, 0);
                 if (rc != 0) {
                     return rc;
                 }
diff --git a/wolfcrypt/src/port/mynewt/mynewt_port.c b/wolfcrypt/src/port/mynewt/mynewt_port.c
index 736098df6..f70e6390c 100644
--- a/wolfcrypt/src/port/mynewt/mynewt_port.c
+++ b/wolfcrypt/src/port/mynewt/mynewt_port.c
@@ -1,6 +1,6 @@
 /* mynewt_port.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/nrf51.c b/wolfcrypt/src/port/nrf51.c
index 04da17558..854265e0c 100644
--- a/wolfcrypt/src/port/nrf51.c
+++ b/wolfcrypt/src/port/nrf51.c
@@ -1,6 +1,6 @@
 /* nrf51.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/nxp/README_SE050.md b/wolfcrypt/src/port/nxp/README_SE050.md
index 5d5434bf1..ee94f5a49 100644
--- a/wolfcrypt/src/port/nxp/README_SE050.md
+++ b/wolfcrypt/src/port/nxp/README_SE050.md
@@ -34,21 +34,24 @@ Raspberry Pi, [here](https://www.nxp.com/docs/en/application-note/AN12570.pdf).
 
 Summarizing the build steps for Raspberry Pi:
 
+In `raspi-config` go to "Interface Options" and enable I2C.
+
 ```sh
+$ sudo apt update
+$ sudo apt install cmake libssl-dev cmake-curses-gui git
 $ cd ~
 $ mkdir se_mw
 $ unzip SE-PLUG-TRUST-MW.zip -d se_mw
-$ cd se_mw/simw-top/scripts
+$ cd se_mw/se05x_mw_v04.05.01/simw-top/scripts
 $ python create_cmake_projects.py rpi
-$ cd ~/se_mw/simw-top_build/raspbian_native_se050_t1oi2c
+$ cd ~/se_mw/se05x_mw_v04.05.01/simw-top_build/raspbian_native_se050_t1oi2c
 $ ccmake .
 # Make sure the following are set:
-#    `Host OS` to `Raspbian`
-#    `Host Crypto` to `None` (see HostCrypto section below)
+#    `PTMW_Host` to `Raspbian`
+#    `PTMW_HostCrypto` to `User` (see HostCrypto section below)
 #    `SMCOM` to `T1oI2C`
 $ c # to configure
-$ g # to generate
-$ q
+$ g # to generate, this will exit upon completion
 $ cmake --build .
 $ sudo make install
 ```
@@ -56,7 +59,7 @@ $ sudo make install
 This will also compile several demo apps which can be run if wanted, ie:
 
 ```sh
-$ cd ~/se_mw/simw-top_build/raspbian_native_se050_t1oi2c/bin
+$ cd ~/se_mw/se05x_mw_v04.05.01/simw-top_build/raspbian_native_se050_t1oi2c/bin
 $ ./ex_ecc  # (or, ./se05x_GetInfo, etc)
 ```
 
@@ -202,6 +205,10 @@ value based on an incrementing counter past the value defined by this define.
 
 If not defined, this value will default to **100**.
 
+**`WOLFSSL_SE050_AUTO_ERASE`**
+
+Automatically erases the key from the SE050 when `wc_*_free()` is called.
+
 **`WOLFSSL_SE050_FACTORY_RESET`**
 
 When defined, calls to `wolfSSL_Init()` or `wolfCrypt_Init()` will factory
@@ -234,6 +241,11 @@ a Raspberry Pi with SE05x EdgeLock dev kit. If `WOLFSSL_SE050_NO_TRNG` is
 defined, wolfCrypt will instead fall back to using `/dev/random` and
 `/dev/urandom` on the Raspberry Pi.
 
+**`WOLFSSL_SE050_NO_RSA`**
+
+Disables using the SE050 for RSA, useful for the SE050E which does not have
+RSA support.
+
 ## wolfSSL HostCrypto Support
 
 The NXP SE05x Plug & Trust Middleware by default can use either OpenSSL or
diff --git a/wolfcrypt/src/port/nxp/dcp_port.c b/wolfcrypt/src/port/nxp/dcp_port.c
index ac4554ff7..a3799b0a7 100644
--- a/wolfcrypt/src/port/nxp/dcp_port.c
+++ b/wolfcrypt/src/port/nxp/dcp_port.c
@@ -1,6 +1,6 @@
 /* dcp_port.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -255,7 +255,7 @@ int  DCPAesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     if (ret)
         ret = WC_HW_E;
     else
-        XMEMCPY(aes->reg, out, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, out, WC_AES_BLOCK_SIZE);
     dcp_unlock();
     return ret;
 }
@@ -270,7 +270,7 @@ int  DCPAesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     if (ret)
         ret = WC_HW_E;
     else
-        XMEMCPY(aes->reg, in, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, in, WC_AES_BLOCK_SIZE);
     dcp_unlock();
     return ret;
 }
diff --git a/wolfcrypt/src/port/nxp/ksdk_port.c b/wolfcrypt/src/port/nxp/ksdk_port.c
index f8460488d..e265c5d3f 100644
--- a/wolfcrypt/src/port/nxp/ksdk_port.c
+++ b/wolfcrypt/src/port/nxp/ksdk_port.c
@@ -1,6 +1,6 @@
 /* ksdk_port.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c
index a514ecce7..697d2c8df 100644
--- a/wolfcrypt/src/port/nxp/se050_port.c
+++ b/wolfcrypt/src/port/nxp/se050_port.c
@@ -1,6 +1,6 @@
 /* se050_port.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -54,7 +54,7 @@
     #define SE050_ECC_DER_MAX 256
     #endif
 #endif
-#ifndef NO_RSA
+#if !defined(NO_RSA) && !defined(WOLFSSL_SE050_NO_RSA)
     #include <wolfssl/wolfcrypt/rsa.h>
     struct RsaKey;
 #endif
@@ -633,7 +633,7 @@ int wc_se050_get_binary_object(word32 keyId, byte* out, word32* outSz)
         else {
             if (out == NULL) {
                 *outSz = ret;
-                return LENGTH_ONLY_E;
+                return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
             }
             if ((word32)ret > *outSz) {
                 WOLFSSL_MSG("Output buffer not large enough for object");
@@ -659,7 +659,7 @@ int wc_se050_get_binary_object(word32 keyId, byte* out, word32* outSz)
     return ret;
 }
 
-#ifndef NO_RSA
+#if !defined(NO_RSA) && !defined(WOLFSSL_SE050_NO_RSA)
 
 /**
  * Use specified SE050 key ID with this RsaKey struct.
@@ -2332,6 +2332,7 @@ void se050_ecc_free_key(struct ecc_key* key)
     if (status == kStatus_SSS_Success) {
         status = sss_key_object_get_handle(&keyObject, key->keyId);
     }
+
     if (status == kStatus_SSS_Success) {
         sss_key_object_free(&keyObject);
         key->keyId = 0;
@@ -2532,8 +2533,8 @@ int se050_ecc_create_key(struct ecc_key* key, int curve_id, int keySize)
     wolfSSL_CryptHwMutexUnLock();
 
 #ifdef SE050_DEBUG
-    printf("se050_ecc_create_key: key %p, ret %d, keyId %d\n",
-        key, ret, key->keyId);
+    printf("se050_ecc_create_key: key %p, ret %d, status %d, keyId %d\n",
+        key, ret, status, key->keyId);
 #endif
 
     return ret;
@@ -2688,7 +2689,8 @@ int se050_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key,
     wolfSSL_CryptHwMutexUnLock();
 
 #ifdef SE050_DEBUG
-    printf("se050_ecc_shared_secret: ret %d, outlen %d\n", ret, *outlen);
+    printf("se050_ecc_shared_secret: ret %d, status %d, outlen %d\n", ret,
+            status, *outlen);
 #endif
 
     return ret;
diff --git a/wolfcrypt/src/port/pic32/pic32mz-crypt.c b/wolfcrypt/src/port/pic32/pic32mz-crypt.c
index b9cdb7c55..aa887580c 100644
--- a/wolfcrypt/src/port/pic32/pic32mz-crypt.c
+++ b/wolfcrypt/src/port/pic32/pic32mz-crypt.c
@@ -1,6 +1,6 @@
 /* pic32mz-crypt.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/psa/psa.c b/wolfcrypt/src/port/psa/psa.c
index 737083f6a..907427a85 100644
--- a/wolfcrypt/src/port/psa/psa.c
+++ b/wolfcrypt/src/port/psa/psa.c
@@ -1,6 +1,6 @@
 /* psa.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/psa/psa_aes.c b/wolfcrypt/src/port/psa/psa_aes.c
index 37f9952e8..6f0873ade 100644
--- a/wolfcrypt/src/port/psa/psa_aes.c
+++ b/wolfcrypt/src/port/psa/psa_aes.c
@@ -1,6 +1,6 @@
 /* psa_aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -293,7 +293,7 @@ int wc_psa_aes_free(Aes *aes)
 int wc_AesEncrypt(Aes *aes, const byte *inBlock, byte *outBlock)
 {
     return wc_psa_aes_encrypt_decrypt(aes, inBlock, outBlock,
-                                      AES_BLOCK_SIZE, PSA_ALG_ECB_NO_PADDING,
+                                      WC_AES_BLOCK_SIZE, PSA_ALG_ECB_NO_PADDING,
                                       AES_ENCRYPTION);
 }
 
@@ -301,7 +301,7 @@ int wc_AesEncrypt(Aes *aes, const byte *inBlock, byte *outBlock)
 int wc_AesDecrypt(Aes *aes, const byte *inBlock, byte *outBlock)
 {
     return wc_psa_aes_encrypt_decrypt(aes, inBlock, outBlock,
-                                      AES_BLOCK_SIZE, PSA_ALG_ECB_NO_PADDING,
+                                      WC_AES_BLOCK_SIZE, PSA_ALG_ECB_NO_PADDING,
                                       AES_DECRYPTION);
 }
 #endif
@@ -319,7 +319,7 @@ int wc_AesCtrEncrypt(Aes *aes, byte *out, const byte *in, word32 sz)
 int wc_AesCbcEncrypt(Aes *aes, byte *out, const byte *in, word32 sz)
 {
 
-    if (sz % AES_BLOCK_SIZE != 0)
+    if (sz % WC_AES_BLOCK_SIZE != 0)
 #if defined (WOLFSSL_AES_CBC_LENGTH_CHECKS)
         return BAD_LENGTH_E;
 #else
@@ -334,7 +334,7 @@ int wc_AesCbcEncrypt(Aes *aes, byte *out, const byte *in, word32 sz)
 int wc_AesCbcDecrypt(Aes *aes, byte *out, const byte *in, word32 sz)
 {
 
-    if (sz % AES_BLOCK_SIZE != 0)
+    if (sz % WC_AES_BLOCK_SIZE != 0)
 #if defined (WOLFSSL_AES_CBC_LENGTH_CHECKS)
         return BAD_LENGTH_E;
 #else
diff --git a/wolfcrypt/src/port/psa/psa_hash.c b/wolfcrypt/src/port/psa/psa_hash.c
index c45ccda28..df8bd1197 100644
--- a/wolfcrypt/src/port/psa/psa_hash.c
+++ b/wolfcrypt/src/port/psa/psa_hash.c
@@ -1,6 +1,6 @@
 /* psa_hash.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/psa/psa_pkcbs.c b/wolfcrypt/src/port/psa/psa_pkcbs.c
index a634b52a0..4c9edec74 100644
--- a/wolfcrypt/src/port/psa/psa_pkcbs.c
+++ b/wolfcrypt/src/port/psa/psa_pkcbs.c
@@ -1,6 +1,6 @@
 /* psa_pkcbs.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/riscv/riscv-64-aes.c b/wolfcrypt/src/port/riscv/riscv-64-aes.c
index 292c854d1..39969ccb8 100644
--- a/wolfcrypt/src/port/riscv/riscv-64-aes.c
+++ b/wolfcrypt/src/port/riscv/riscv-64-aes.c
@@ -1,6 +1,6 @@
 /* riscv-64-aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,20 +19,14 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #if !defined(NO_AES)
 
 #include <wolfssl/wolfcrypt/aes.h>
 
-#include <wolfssl/wolfcrypt/logging.h>
-
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -498,8 +492,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
     if (ret == 0) {
         /* Finish setting the AES object. */
         aes->keylen = keyLen;
-#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-    defined(WOLFSSL_AES_OFB)
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
 #endif
     }
@@ -679,12 +673,12 @@ static void wc_AesDecrypt(Aes* aes, const byte* in, byte* out)
  * @param pin]  sz   Number of bytes to encrypt.
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when aes, out or in is NULL.
- * @return  BAD_LENGTH_E when sz is not a multiple of AES_BLOCK_SIZE.
+ * @return  BAD_LENGTH_E when sz is not a multiple of WC_AES_BLOCK_SIZE.
  */
 int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     int ret = 0;
-    word32 blocks = sz / AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
 
     /* Validate parameters. */
     if ((aes == NULL) || (out == NULL) || (in == NULL)) {
@@ -692,7 +686,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
     /* Ensure a multiple of blocks is to be encrypted.  */
-    if ((ret == 0) && (sz % AES_BLOCK_SIZE)) {
+    if ((ret == 0) && (sz % WC_AES_BLOCK_SIZE)) {
         ret = BAD_LENGTH_E;
     }
 #endif
@@ -890,20 +884,20 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
  * @param pin]  sz   Number of bytes to decrypt.
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when aes, out or in is NULL.
- * @return  BAD_FUNC_ARG when sz is not a multiple of AES_BLOCK_SIZE.
- * @return  BAD_LENGTH_E when sz is not a multiple of AES_BLOCK_SIZE.
+ * @return  BAD_FUNC_ARG when sz is not a multiple of WC_AES_BLOCK_SIZE.
+ * @return  BAD_LENGTH_E when sz is not a multiple of WC_AES_BLOCK_SIZE.
  */
 int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     int ret = 0;
-    word32 blocks = sz / AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
 
     /* Validate parameters. */
     if ((aes == NULL) || (out == NULL) || (in == NULL)) {
         ret = BAD_FUNC_ARG;
     }
     /* Ensure a multiple of blocks is being decrypted.  */
-    if ((ret == 0) && (sz % AES_BLOCK_SIZE)) {
+    if ((ret == 0) && (sz % WC_AES_BLOCK_SIZE)) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
         ret = BAD_LENGTH_E;
 #else
@@ -1377,7 +1371,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         processed = min(aes->left, sz);
         if (processed > 0) {
             /* XOR in encrypted counter.  */
-            xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left,
+            xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left,
                 processed);
             out += processed;
             in += processed;
@@ -1386,12 +1380,12 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         }
 
         /* Do whole blocks of data. */
-        while (sz >= AES_BLOCK_SIZE) {
-            word32 blocks = sz / AES_BLOCK_SIZE;
+        while (sz >= WC_AES_BLOCK_SIZE) {
+            word32 blocks = sz / WC_AES_BLOCK_SIZE;
 
             wc_aes_ctr_encrypt_asm(aes, out, in, blocks);
 
-            processed = blocks * AES_BLOCK_SIZE;
+            processed = blocks * WC_AES_BLOCK_SIZE;
             out += processed;
             in  += processed;
             sz  -= processed;
@@ -1402,14 +1396,14 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             /* Encrypt counter and store in aes->tmp.
              * Use up aes->tmp to encrypt data less than a block.
              */
-            static const byte zeros[AES_BLOCK_SIZE] = {
+            static const byte zeros[WC_AES_BLOCK_SIZE] = {
                 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
             };
 
             wc_aes_ctr_encrypt_asm(aes, (byte*)aes->tmp, zeros, 1);
             /* XOR in encrypted counter. */
             xorbufout(out, in, aes->tmp, sz);
-            aes->left = AES_BLOCK_SIZE - sz;
+            aes->left = WC_AES_BLOCK_SIZE - sz;
         }
     }
 
@@ -1770,8 +1764,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
     if (ret == 0) {
         /* Finish setting the AES object. */
         aes->keylen = keyLen;
-#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-    defined(WOLFSSL_AES_OFB)
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
 #endif
     }
@@ -2978,8 +2972,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv,
 
     if (ret == 0) {
         /* Initialize fields. */
-    #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \
-        defined(WOLFSSL_AES_OFB)
+    #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+        defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
         aes->left = 0;
     #endif
         aes->keylen = (int)keyLen;
@@ -3861,12 +3855,12 @@ static WC_INLINE void xorbufout16(byte* out, const byte* a, const byte* b)
  * @param pin]  sz   Number of bytes to encrypt.
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when aes, out or in is NULL.
- * @return  BAD_LENGTH_E when sz is not a multiple of AES_BLOCK_SIZE.
+ * @return  BAD_LENGTH_E when sz is not a multiple of WC_AES_BLOCK_SIZE.
  */
 int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     int ret = 0;
-    word32 blocks = sz / AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
 
     /* Validate parameters. */
     if ((aes == NULL) || (out == NULL) || (in == NULL)) {
@@ -3874,7 +3868,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     }
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
     /* Ensure a multiple of blocks is to be encrypted.  */
-    if ((ret == 0) && (sz % AES_BLOCK_SIZE)) {
+    if ((ret == 0) && (sz % WC_AES_BLOCK_SIZE)) {
         ret = BAD_LENGTH_E;
     }
 #endif
@@ -3884,17 +3878,17 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             /* Encrypt first block with IV. */
             xorbufout16(out, (byte*)aes->reg, in);
             wc_AesEncrypt(aes, out, out);
-            in += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
             for (blocks--; blocks > 0; blocks--) {
                 /* Encrypt a block with previous output block as IV. */
-                xorbufout16(out, out - AES_BLOCK_SIZE, in);
+                xorbufout16(out, out - WC_AES_BLOCK_SIZE, in);
                 wc_AesEncrypt(aes, out, out);
-                in += AES_BLOCK_SIZE;
-                out += AES_BLOCK_SIZE;
+                in += WC_AES_BLOCK_SIZE;
+                out += WC_AES_BLOCK_SIZE;
             }
             /* Copy last output block into AES object as next IV. */
-            memcpy16((byte*)aes->reg, out - AES_BLOCK_SIZE);
+            memcpy16((byte*)aes->reg, out - WC_AES_BLOCK_SIZE);
         }
         /* in and out are same buffer. */
         else {
@@ -3902,15 +3896,15 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             /* Encrypt first block with IV. */
             xorbuf16(data, (byte*)aes->reg);
             wc_AesEncrypt(aes, data, data);
-            data += AES_BLOCK_SIZE;
+            data += WC_AES_BLOCK_SIZE;
             for (blocks--; blocks > 0; blocks--) {
                 /* Encrypt a block with previous output block as IV. */
-                xorbuf16(data, data - AES_BLOCK_SIZE);
+                xorbuf16(data, data - WC_AES_BLOCK_SIZE);
                 wc_AesEncrypt(aes, data, data);
-                data += AES_BLOCK_SIZE;
+                data += WC_AES_BLOCK_SIZE;
             }
             /* Copy last output block into AES object as next IV. */
-            memcpy16((byte*)aes->reg, data - AES_BLOCK_SIZE);
+            memcpy16((byte*)aes->reg, data - WC_AES_BLOCK_SIZE);
         }
     }
 
@@ -3928,20 +3922,20 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
  * @param pin]  sz   Number of bytes to decrypt.
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when aes, out or in is NULL.
- * @return  BAD_FUNC_ARG when sz is not a multiple of AES_BLOCK_SIZE.
- * @return  BAD_LENGTH_E when sz is not a multiple of AES_BLOCK_SIZE.
+ * @return  BAD_FUNC_ARG when sz is not a multiple of WC_AES_BLOCK_SIZE.
+ * @return  BAD_LENGTH_E when sz is not a multiple of WC_AES_BLOCK_SIZE.
  */
 int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     int ret = 0;
-    word32 blocks = sz / AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
 
     /* Validate parameters. */
     if ((aes == NULL) || (out == NULL) || (in == NULL)) {
         ret = BAD_FUNC_ARG;
     }
     /* Ensure a multiple of blocks is being decrypted.  */
-    if ((ret == 0) && (sz % AES_BLOCK_SIZE)) {
+    if ((ret == 0) && (sz % WC_AES_BLOCK_SIZE)) {
 #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
         ret = BAD_LENGTH_E;
 #else
@@ -3954,17 +3948,17 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             /* Decrypt first block with the IV. */
             wc_AesDecrypt(aes, in, out);
             xorbuf16(out, (byte*)aes->reg);
-            in += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
             for (blocks--; blocks > 0; blocks--) {
                 /* Decrypt a block with previous input block as IV. */
                 wc_AesDecrypt(aes, in, out);
-                xorbuf16(out, in - AES_BLOCK_SIZE);
-                in += AES_BLOCK_SIZE;
-                out += AES_BLOCK_SIZE;
+                xorbuf16(out, in - WC_AES_BLOCK_SIZE);
+                in += WC_AES_BLOCK_SIZE;
+                out += WC_AES_BLOCK_SIZE;
             }
             /* Copy last output block into AES object as next IV. */
-            memcpy16((byte*)aes->reg, in - AES_BLOCK_SIZE);
+            memcpy16((byte*)aes->reg, in - WC_AES_BLOCK_SIZE);
         }
         /* in and out are same buffer. */
         else {
@@ -3978,12 +3972,12 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
                     memcpy16((byte*)aes->reg, (byte*)aes->tmp);
                     break;
                 }
-                data += AES_BLOCK_SIZE;
+                data += WC_AES_BLOCK_SIZE;
                 /* Decrypt block with the IV in aes->tmp. */
                 memcpy16((byte*)aes->reg, data);
                 wc_AesDecrypt(aes, data, data);
                 xorbuf16(data, (byte*)aes->tmp);
-                data += AES_BLOCK_SIZE;
+                data += WC_AES_BLOCK_SIZE;
             }
         }
     }
@@ -4003,7 +3997,7 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
  * @param pin]  sz   Number of bytes to encrypt.
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when aes, out or in is NULL.
- * @return  BAD_LENGTH_E when sz is not a multiple of AES_BLOCK_SIZE.
+ * @return  BAD_LENGTH_E when sz is not a multiple of WC_AES_BLOCK_SIZE.
  */
 int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
@@ -4014,7 +4008,7 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         ret = BAD_FUNC_ARG;
     }
     /* Ensure a multiple of blocks is to be encrypted.  */
-    if ((ret == 0) && ((sz % AES_BLOCK_SIZE) != 0)) {
+    if ((ret == 0) && ((sz % WC_AES_BLOCK_SIZE) != 0)) {
         ret = BAD_LENGTH_E;
     }
 
@@ -4022,9 +4016,9 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         /* Encrypt block by block. */
         while (sz > 0) {
             wc_AesEncrypt(aes, in, out);
-            out += AES_BLOCK_SIZE;
-            in += AES_BLOCK_SIZE;
-            sz -= AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            sz -= WC_AES_BLOCK_SIZE;
         }
     }
 
@@ -4040,7 +4034,7 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
  * @param pin]  sz   Number of bytes to encrypt.
  * @return  0 on success.
  * @return  BAD_FUNC_ARG when aes, out or in is NULL.
- * @return  BAD_LENGTH_E when sz is not a multiple of AES_BLOCK_SIZE.
+ * @return  BAD_LENGTH_E when sz is not a multiple of WC_AES_BLOCK_SIZE.
  */
 int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
@@ -4051,7 +4045,7 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         ret = BAD_FUNC_ARG;
     }
     /* Ensure a multiple of blocks is to be decrypted.  */
-    if ((ret == 0) && ((sz % AES_BLOCK_SIZE) != 0)) {
+    if ((ret == 0) && ((sz % WC_AES_BLOCK_SIZE) != 0)) {
         ret = BAD_LENGTH_E;
     }
 
@@ -4059,9 +4053,9 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         /* Decrypt block by block. */
         while (sz > 0) {
             wc_AesDecrypt(aes, in, out);
-            out += AES_BLOCK_SIZE;
-            in += AES_BLOCK_SIZE;
-            sz -= AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            sz -= WC_AES_BLOCK_SIZE;
         }
     }
 
@@ -4082,8 +4076,8 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
 {
     int i;
 
-    /* Big-endian aray - start at last element and move back. */
-    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+    /* Big-endian array - start at last element and move back. */
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
         /* Result not zero means no carry. */
         if ((++inOutCtr[i]) != 0) {
             return;
@@ -4093,7 +4087,7 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
 
 /* Encrypt blocks of data using AES-CTR.
  *
- * Implemenation uses wc_AesEncrypt().
+ * Implementation uses wc_AesEncrypt().
  *
  * @param [in]  aes  AES object.
  * @param [out] out  Encrypted blocks.
@@ -4105,7 +4099,7 @@ static WC_INLINE void IncrementAesCounter(byte* inOutCtr)
  */
 int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
-    byte scratch[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     word32 processed;
     int ret = 0;
 
@@ -4137,7 +4131,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         processed = min(aes->left, sz);
         if (processed > 0) {
             /* XOR in encrypted counter.  */
-            xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left,
+            xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left,
                 processed);
             out += processed;
             in += processed;
@@ -4146,18 +4140,18 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         }
 
         /* Do whole blocks of data. */
-        while (sz >= AES_BLOCK_SIZE) {
+        while (sz >= WC_AES_BLOCK_SIZE) {
             wc_AesEncrypt(aes, (byte*)aes->reg, scratch);
             xorbuf16(scratch, in);
             memcpy16(out, scratch);
             IncrementAesCounter((byte*)aes->reg);
 
-            out += AES_BLOCK_SIZE;
-            in  += AES_BLOCK_SIZE;
-            sz  -= AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
+            in  += WC_AES_BLOCK_SIZE;
+            sz  -= WC_AES_BLOCK_SIZE;
             aes->left = 0;
         }
-        ForceZero(scratch, AES_BLOCK_SIZE);
+        ForceZero(scratch, WC_AES_BLOCK_SIZE);
 
         if (sz > 0) {
             /* Encrypt counter and store in aes->tmp.
@@ -4165,7 +4159,7 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
              */
             wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp);
             IncrementAesCounter((byte*)aes->reg);
-            aes->left = AES_BLOCK_SIZE - sz;
+            aes->left = WC_AES_BLOCK_SIZE - sz;
             /* XOR in encrypted counter. */
             xorbufout(out, in, aes->tmp, sz);
         }
@@ -4214,7 +4208,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         memcpy16((byte*)aes->reg, iv);
     }
     else {
-        XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
+        XMEMSET(aes->reg,  0, WC_AES_BLOCK_SIZE);
     }
 
     return ret;
@@ -4308,7 +4302,7 @@ static WC_INLINE void RIGHTSHIFTX(byte* x)
     int carryIn = 0;
     byte borrow = (0x00 - (x[15] & 0x01)) & 0xE1;
 
-    for (i = 0; i < AES_BLOCK_SIZE; i++) {
+    for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
         int carryOut = (x[i] & 0x01) << 7;
         x[i] = (byte) ((x[i] >> 1) | carryIn);
         carryIn = carryOut;
@@ -4336,10 +4330,10 @@ static WC_INLINE void Shift4_M0(byte *r8, byte *z8)
 void GenerateM0(Gcm* gcm)
 {
     int i;
-    byte (*m)[AES_BLOCK_SIZE] = gcm->M0;
+    byte (*m)[WC_AES_BLOCK_SIZE] = gcm->M0;
 
     /* 0 times -> 0x0 */
-    XMEMSET(m[0x0], 0, AES_BLOCK_SIZE);
+    XMEMSET(m[0x0], 0, WC_AES_BLOCK_SIZE);
     /* 1 times -> 0x8 */
     memcpy16(m[0x8], gcm->H);
     /* 2 times -> 0x4 */
@@ -4398,7 +4392,7 @@ void GenerateM0(Gcm* gcm)
 int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 {
     int  ret = 0;
-    byte iv[AES_BLOCK_SIZE];
+    byte iv[WC_AES_BLOCK_SIZE];
 
     if (aes == NULL) {
         ret = BAD_FUNC_ARG;
@@ -4408,7 +4402,7 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
     }
 
     if (ret == 0) {
-        XMEMSET(iv, 0, AES_BLOCK_SIZE);
+        XMEMSET(iv, 0, WC_AES_BLOCK_SIZE);
         ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
     }
     if (ret == 0) {
@@ -4555,8 +4549,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
     byte* s, word32 sSz)
 {
     if (gcm != NULL) {
-        byte x[AES_BLOCK_SIZE];
-        byte scratch[AES_BLOCK_SIZE];
+        byte x[WC_AES_BLOCK_SIZE];
+        byte scratch[WC_AES_BLOCK_SIZE];
         byte* h = gcm->H;
 
         __asm__ __volatile__ (
@@ -4888,8 +4882,8 @@ static void GMULT(byte* x, byte* y)
 void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
     byte* s, word32 sSz)
 {
-    byte x[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte x[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     word32 blocks, partial;
     byte* h;
 
@@ -4898,19 +4892,19 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
     }
 
     h = gcm->H;
-    XMEMSET(x, 0, AES_BLOCK_SIZE);
+    XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
     /* Hash in A, the Additional Authentication Data */
     if (aSz != 0 && a != NULL) {
-        blocks = aSz / AES_BLOCK_SIZE;
-        partial = aSz % AES_BLOCK_SIZE;
+        blocks = aSz / WC_AES_BLOCK_SIZE;
+        partial = aSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
             xorbuf16(x, a);
             GMULT(x, h);
-            a += AES_BLOCK_SIZE;
+            a += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, a, partial);
             xorbuf16(x, scratch);
             GMULT(x, h);
@@ -4919,15 +4913,15 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
 
     /* Hash in C, the Ciphertext */
     if (cSz != 0 && c != NULL) {
-        blocks = cSz / AES_BLOCK_SIZE;
-        partial = cSz % AES_BLOCK_SIZE;
+        blocks = cSz / WC_AES_BLOCK_SIZE;
+        partial = cSz % WC_AES_BLOCK_SIZE;
         while (blocks--) {
             xorbuf16(x, c);
             GMULT(x, h);
-            c += AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
         if (partial != 0) {
-            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
             XMEMCPY(scratch, c, partial);
             xorbuf16(x, scratch);
             GMULT(x, h);
@@ -5299,23 +5293,23 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
     byte* s, word32 sSz)
 {
     if (gcm != NULL) {
-        byte x[AES_BLOCK_SIZE];
-        byte scratch[AES_BLOCK_SIZE];
+        byte x[WC_AES_BLOCK_SIZE];
+        byte scratch[WC_AES_BLOCK_SIZE];
         word32 blocks, partial;
         byte* h = gcm->H;
 
-        XMEMSET(x, 0, AES_BLOCK_SIZE);
+        XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
         /* Hash in A, the Additional Authentication Data */
         if (aSz != 0 && a != NULL) {
-            blocks = aSz / AES_BLOCK_SIZE;
-            partial = aSz % AES_BLOCK_SIZE;
+            blocks = aSz / WC_AES_BLOCK_SIZE;
+            partial = aSz % WC_AES_BLOCK_SIZE;
             if (blocks > 0) {
                 ghash_blocks(x, h, a, blocks);
-                a += blocks * AES_BLOCK_SIZE;
+                a += blocks * WC_AES_BLOCK_SIZE;
             }
             if (partial != 0) {
-                XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+                XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
                 XMEMCPY(scratch, a, partial);
                 xorbuf16(x, scratch);
                 GMULT(x, h);
@@ -5324,14 +5318,14 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
 
         /* Hash in C, the Ciphertext */
         if (cSz != 0 && c != NULL) {
-            blocks = cSz / AES_BLOCK_SIZE;
-            partial = cSz % AES_BLOCK_SIZE;
+            blocks = cSz / WC_AES_BLOCK_SIZE;
+            partial = cSz % WC_AES_BLOCK_SIZE;
             if (blocks > 0) {
                 ghash_blocks(x, h, c, blocks);
-                c += blocks * AES_BLOCK_SIZE;
+                c += blocks * WC_AES_BLOCK_SIZE;
             }
             if (partial != 0) {
-                XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+                XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
                 XMEMCPY(scratch, c, partial);
                 xorbuf16(x, scratch);
                 GMULT(x, h);
@@ -5380,8 +5374,8 @@ static void Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
     const byte* aad, word32 aadSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     /* Noticed different optimization levels treated head of array different.
      * Some cases was stack pointer plus offset others was a register containing
      * address. To make uniform for passing in to inline assembly code am using
@@ -5390,17 +5384,17 @@ static void Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     byte* ctr  = counter;
     byte* key = (byte*)aes->key;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (nonceSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
 #ifdef OPENSSL_EXTRA
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
 #endif
-        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
 #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
 #endif
@@ -5878,8 +5872,8 @@ static void Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
     const byte* aad, word32 aadSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     /* Noticed different optimization levels treated head of array different.
      * Some cases was stack pointer plus offset others was a register containing
      * address. To make uniform for passing in to inline assembly code am using
@@ -5888,17 +5882,17 @@ static void Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     byte* ctr  = counter;
     byte* key = (byte*)aes->key;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (nonceSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
 #ifdef OPENSSL_EXTRA
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
 #endif
-        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
 #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
 #endif
@@ -6390,8 +6384,8 @@ static void Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* nonce, word32 nonceSz, byte* tag, word32 tagSz,
     const byte* aad, word32 aadSz)
 {
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     /* Noticed different optimization levels treated head of array different.
      * Some cases was stack pointer plus offset others was a register containing
      * address. To make uniform for passing in to inline assembly code am using
@@ -6400,17 +6394,17 @@ static void Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     byte* ctr  = counter;
     byte* key = (byte*)aes->key;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (nonceSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
 #ifdef OPENSSL_EXTRA
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
 #endif
-        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
 #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
 #endif
@@ -6918,7 +6912,7 @@ static void Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  * @return  BAD_FUNC_ARG when nonceSz is zero.
  * @return  BAD_FUNC_ARG when aad is NULL but aadSz is not zero.
  * @return  BAD_FUNC_ARG when tagSz is less than WOLFSSL_MIN_AUTH_TAG_SZ or
- *          greater than AES_BLOCK_SIZE.
+ *          greater than WC_AES_BLOCK_SIZE.
  * @return  BAD_FUNC_ARG when sz is not zero but in or out is NULL.
  */
 int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
@@ -6936,7 +6930,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     }
 
     if ((ret == 0) && ((tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) ||
-            (tagSz > AES_BLOCK_SIZE))) {
+            (tagSz > WC_AES_BLOCK_SIZE))) {
         WOLFSSL_MSG("GcmEncrypt tagSz error");
         ret = BAD_FUNC_ARG;
     }
@@ -6995,8 +6989,8 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* aad, word32 aadSz)
 {
     int ret = 0;
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     /* Noticed different optimization levels treated head of array different.
      * Some cases was stack pointer plus offset others was a register containing
      * address. To make uniform for passing in to inline assembly code am using
@@ -7005,17 +6999,17 @@ static int Aes128GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     byte* ctr  = counter;
     byte* key = (byte*)aes->key;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (nonceSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
 #ifdef OPENSSL_EXTRA
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
 #endif
-        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
 #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
 #endif
@@ -7504,8 +7498,8 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* aad, word32 aadSz)
 {
     int ret = 0;
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     /* Noticed different optimization levels treated head of array different.
      * Some cases was stack pointer plus offset others was a register containing
      * address. To make uniform for passing in to inline assembly code am using
@@ -7514,17 +7508,17 @@ static int Aes192GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     byte* ctr  = counter;
     byte* key = (byte*)aes->key;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (nonceSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
 #ifdef OPENSSL_EXTRA
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
 #endif
-        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
 #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
 #endif
@@ -8027,8 +8021,8 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* aad, word32 aadSz)
 {
     int ret = 0;
-    byte counter[AES_BLOCK_SIZE];
-    byte scratch[AES_BLOCK_SIZE];
+    byte counter[WC_AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
     /* Noticed different optimization levels treated head of array different.
      * Some cases was stack pointer plus offset others was a register containing
      * address. To make uniform for passing in to inline assembly code am using
@@ -8037,17 +8031,17 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     byte* ctr  = counter;
     byte* key = (byte*)aes->key;
 
-    XMEMSET(counter, 0, AES_BLOCK_SIZE);
+    XMEMSET(counter, 0, WC_AES_BLOCK_SIZE);
     if (nonceSz == GCM_NONCE_MID_SZ) {
         XMEMCPY(counter, nonce, GCM_NONCE_MID_SZ);
-        counter[AES_BLOCK_SIZE - 1] = 1;
+        counter[WC_AES_BLOCK_SIZE - 1] = 1;
     }
     else {
 #ifdef OPENSSL_EXTRA
         word32 aadTemp = aes->gcm.aadLen;
         aes->gcm.aadLen = 0;
 #endif
-        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE);
+        GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
 #ifdef OPENSSL_EXTRA
         aes->gcm.aadLen = aadTemp;
 #endif
@@ -8562,7 +8556,7 @@ static int Aes256GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  * @return  BAD_FUNC_ARG when nonceSz is zero.
  * @return  BAD_FUNC_ARG when aad is NULL but aadSz is not zero.
  * @return  BAD_FUNC_ARG when tagSz is less than WOLFSSL_MIN_AUTH_TAG_SZ or
- *          greater than AES_BLOCK_SIZE.
+ *          greater than WC_AES_BLOCK_SIZE.
  * @return  BAD_FUNC_ARG when sz is not zero but in or out is NULL.
  * @return  AES_GCM_AUTH_E when authentication tag computed doesn't match
  *          tag passed in.
@@ -8575,7 +8569,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
     /* sanity checks */
     if ((aes == NULL) || (nonce == NULL) || (tag == NULL) ||
-            (tagSz > AES_BLOCK_SIZE) || (tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) ||
+            (tagSz > WC_AES_BLOCK_SIZE) || (tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) ||
             ((aad == NULL) && (aadSz > 0)) || (nonceSz == 0) ||
             ((sz != 0) && ((in == NULL) || (out == NULL)))) {
         WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
@@ -8643,7 +8637,7 @@ static const word16 R[32] = {
  *                      On out, result of GMULT.
  * @param [in]       y  Value to GMULT.
  */
-static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE])
+static WC_INLINE void GMULT(byte *x, byte m[32][WC_AES_BLOCK_SIZE])
 {
     int i;
     word64 z8[2] = {0, 0};
@@ -8725,23 +8719,23 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
     byte* s, word32 sSz)
 {
     if (gcm != NULL) {
-        byte x[AES_BLOCK_SIZE];
-        byte scratch[AES_BLOCK_SIZE];
+        byte x[WC_AES_BLOCK_SIZE];
+        byte scratch[WC_AES_BLOCK_SIZE];
         word32 blocks, partial;
 
-        XMEMSET(x, 0, AES_BLOCK_SIZE);
+        XMEMSET(x, 0, WC_AES_BLOCK_SIZE);
 
         /* Hash in A, the Additional Authentication Data */
         if (aSz != 0 && a != NULL) {
-            blocks = aSz / AES_BLOCK_SIZE;
-            partial = aSz % AES_BLOCK_SIZE;
+            blocks = aSz / WC_AES_BLOCK_SIZE;
+            partial = aSz % WC_AES_BLOCK_SIZE;
             while (blocks--) {
                 xorbuf16(x, a);
                 GMULT(x, gcm->M0);
-                a += AES_BLOCK_SIZE;
+                a += WC_AES_BLOCK_SIZE;
             }
             if (partial != 0) {
-                XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+                XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
                 XMEMCPY(scratch, a, partial);
                 xorbuf16(x, scratch);
                 GMULT(x, gcm->M0);
@@ -8750,15 +8744,15 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz,
 
         /* Hash in C, the Ciphertext */
         if (cSz != 0 && c != NULL) {
-            blocks = cSz / AES_BLOCK_SIZE;
-            partial = cSz % AES_BLOCK_SIZE;
+            blocks = cSz / WC_AES_BLOCK_SIZE;
+            partial = cSz % WC_AES_BLOCK_SIZE;
             while (blocks--) {
                 xorbuf16(x, c);
                 GMULT(x, gcm->M0);
-                c += AES_BLOCK_SIZE;
+                c += WC_AES_BLOCK_SIZE;
             }
             if (partial != 0) {
-                XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+                XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE);
                 XMEMCPY(scratch, c, partial);
                 xorbuf16(x, scratch);
                 GMULT(x, gcm->M0);
@@ -8788,8 +8782,8 @@ static WC_INLINE void IncrementGcmCounter(byte* inOutCtr)
 {
     int i;
 
-    /* Big-endian aray - start at last element and move back. */
-    for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
+    /* Big-endian array - start at last element and move back. */
+    for (i = WC_AES_BLOCK_SIZE - 1; i >= WC_AES_BLOCK_SIZE - CTR_SZ; i--) {
         /* Result not zero means no carry. */
         if ((++inOutCtr[i]) != 0) {
             return;
@@ -8814,7 +8808,7 @@ static WC_INLINE void IncrementGcmCounter(byte* inOutCtr)
  * @return  BAD_FUNC_ARG when nonceSz is zero.
  * @return  BAD_FUNC_ARG when aad is NULL but aadSz is not zero.
  * @return  BAD_FUNC_ARG when tagSz is less than WOLFSSL_MIN_AUTH_TAG_SZ or
- *          greater than AES_BLOCK_SIZE.
+ *          greater than WC_AES_BLOCK_SIZE.
  * @return  BAD_FUNC_ARG when sz is not zero but in or out is NULL.
  */
 int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
@@ -8822,13 +8816,13 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* aad, word32 aadSz)
 {
     int ret = 0;
-    word32 blocks = sz / AES_BLOCK_SIZE;
-    word32 partial = sz % AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
     const byte* p = in;
     byte* c = out;
-    ALIGN16 byte counter[AES_BLOCK_SIZE];
-    ALIGN16 byte initialCounter[AES_BLOCK_SIZE];
-    ALIGN16 byte scratch[AES_BLOCK_SIZE];
+    ALIGN16 byte counter[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte initialCounter[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
 
     /* Validate parameters. */
     if ((aes == NULL) || (nonce == NULL) || (nonceSz == 0) || (tag == NULL) ||
@@ -8839,7 +8833,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     }
 
     if ((ret == 0) && ((tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) ||
-            (tagSz > AES_BLOCK_SIZE))) {
+            (tagSz > WC_AES_BLOCK_SIZE))) {
         WOLFSSL_MSG("GcmEncrypt tagSz error");
         ret = BAD_FUNC_ARG;
     }
@@ -8850,8 +8844,8 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
             /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
             XMEMCPY(counter, nonce, nonceSz);
             XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
-                AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
-            counter[AES_BLOCK_SIZE - 1] = 1;
+                WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+            counter[WC_AES_BLOCK_SIZE - 1] = 1;
         }
         else {
             /* Counter is GHASH of IV. */
@@ -8859,7 +8853,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
             word32 aadTemp = aes->gcm.aadLen;
             aes->gcm.aadLen = 0;
         #endif
-            GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE);
+            GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
         #ifdef OPENSSL_EXTRA
             aes->gcm.aadLen = aadTemp;
         #endif
@@ -8870,8 +8864,8 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
             IncrementGcmCounter(counter);
             wc_AesEncrypt(aes, counter, scratch);
             xorbufout16(c, scratch, p);
-            p += AES_BLOCK_SIZE;
-            c += AES_BLOCK_SIZE;
+            p += WC_AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
 
         if (partial != 0) {
@@ -8912,7 +8906,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
  * @return  BAD_FUNC_ARG when nonceSz is zero.
  * @return  BAD_FUNC_ARG when aad is NULL but aadSz is not zero.
  * @return  BAD_FUNC_ARG when tagSz is less than WOLFSSL_MIN_AUTH_TAG_SZ or
- *          greater than AES_BLOCK_SIZE.
+ *          greater than WC_AES_BLOCK_SIZE.
  * @return  BAD_FUNC_ARG when sz is not zero but in or out is NULL.
  * @return  AES_GCM_AUTH_E when authentication tag computed doesn't match
  *          tag passed in.
@@ -8922,19 +8916,19 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     const byte* aad, word32 aadSz)
 {
     int ret = 0;
-    word32 blocks = sz / AES_BLOCK_SIZE;
-    word32 partial = sz % AES_BLOCK_SIZE;
+    word32 blocks = sz / WC_AES_BLOCK_SIZE;
+    word32 partial = sz % WC_AES_BLOCK_SIZE;
     const byte* c = in;
     byte* p = out;
-    ALIGN16 byte counter[AES_BLOCK_SIZE];
-    ALIGN16 byte scratch[AES_BLOCK_SIZE];
-    ALIGN16 byte Tprime[AES_BLOCK_SIZE];
-    ALIGN16 byte EKY0[AES_BLOCK_SIZE];
+    ALIGN16 byte counter[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte Tprime[WC_AES_BLOCK_SIZE];
+    ALIGN16 byte EKY0[WC_AES_BLOCK_SIZE];
     sword32 res;
 
     /* Validate parameters. */
     if ((aes == NULL) || (nonce == NULL) || (tag == NULL) ||
-            (tagSz > AES_BLOCK_SIZE) || (tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) ||
+            (tagSz > WC_AES_BLOCK_SIZE) || (tagSz < WOLFSSL_MIN_AUTH_TAG_SZ) ||
             ((aad == NULL) && (aadSz > 0)) || (nonceSz == 0) ||
             ((sz != 0) && ((in == NULL) || (out == NULL)))) {
         WOLFSSL_MSG("a NULL parameter passed in when size is larger than 0");
@@ -8946,8 +8940,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
             /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
             XMEMCPY(counter, nonce, nonceSz);
             XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
-                AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
-            counter[AES_BLOCK_SIZE - 1] = 1;
+                WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+            counter[WC_AES_BLOCK_SIZE - 1] = 1;
         }
         else {
             /* Counter is GHASH of IV. */
@@ -8955,7 +8949,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
             word32 aadTemp = aes->gcm.aadLen;
             aes->gcm.aadLen = 0;
         #endif
-            GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, AES_BLOCK_SIZE);
+            GHASH(&aes->gcm, NULL, 0, nonce, nonceSz, counter, WC_AES_BLOCK_SIZE);
         #ifdef OPENSSL_EXTRA
             aes->gcm.aadLen = aadTemp;
         #endif
@@ -8991,8 +8985,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
             IncrementGcmCounter(counter);
             wc_AesEncrypt(aes, counter, scratch);
             xorbufout16(p, scratch, c);
-            p += AES_BLOCK_SIZE;
-            c += AES_BLOCK_SIZE;
+            p += WC_AES_BLOCK_SIZE;
+            c += WC_AES_BLOCK_SIZE;
         }
 
         if (partial != 0) {
@@ -9030,10 +9024,10 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out)
 {
     /* process the bulk of the data */
-    while (inSz >= AES_BLOCK_SIZE) {
+    while (inSz >= WC_AES_BLOCK_SIZE) {
         xorbuf16(out, in);
-        in += AES_BLOCK_SIZE;
-        inSz -= AES_BLOCK_SIZE;
+        in += WC_AES_BLOCK_SIZE;
+        inSz -= WC_AES_BLOCK_SIZE;
 
         wc_AesEncrypt(aes, out, out);
     }
@@ -9070,7 +9064,7 @@ static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out)
      */
 
     /* start fill out the rest of the first block */
-    remainder = AES_BLOCK_SIZE - authLenSz;
+    remainder = WC_AES_BLOCK_SIZE - authLenSz;
     if (inSz >= remainder) {
         /* plenty of bulk data to fill the remainder of this block */
         xorbuf(out + authLenSz, in, remainder);
@@ -9094,7 +9088,7 @@ static WC_INLINE void AesCcmCtrInc(byte* B, word32 lenSz)
     word32 i;
 
     for (i = 0; i < lenSz; i++) {
-        if (++B[AES_BLOCK_SIZE - 1 - i] != 0) return;
+        if (++B[WC_AES_BLOCK_SIZE - 1 - i] != 0) return;
     }
 }
 
@@ -9118,21 +9112,21 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     }
 
     if (ret == 0) {
-        byte A[AES_BLOCK_SIZE];
-        byte B[AES_BLOCK_SIZE];
+        byte A[WC_AES_BLOCK_SIZE];
+        byte B[WC_AES_BLOCK_SIZE];
         byte lenSz;
         byte i;
 
         XMEMCPY(B+1, nonce, nonceSz);
-        lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+        lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
         B[0] = (authInSz > 0 ? 64 : 0)
              + (8 * (((byte)authTagSz - 2) / 2))
              + (lenSz - 1);
         for (i = 0; (i < lenSz) && (i < (byte)sizeof(word32)); i++) {
-            B[AES_BLOCK_SIZE - 1 - i] = inSz >> (8 * i);
+            B[WC_AES_BLOCK_SIZE - 1 - i] = inSz >> (8 * i);
         }
         for (; i < lenSz; i++) {
-            B[AES_BLOCK_SIZE - 1 - i] = 0;
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
         }
 
         wc_AesEncrypt(aes, B, A);
@@ -9147,21 +9141,21 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
         B[0] = lenSz - 1;
         for (i = 0; i < lenSz; i++) {
-            B[AES_BLOCK_SIZE - 1 - i] = 0;
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
         }
         wc_AesEncrypt(aes, B, A);
         xorbuf(authTag, A, authTagSz);
 
         B[15] = 1;
-        while (inSz >= AES_BLOCK_SIZE) {
+        while (inSz >= WC_AES_BLOCK_SIZE) {
             wc_AesEncrypt(aes, B, A);
             xorbuf16(A, in);
             memcpy16(out, A);
 
             AesCcmCtrInc(B, lenSz);
-            inSz -= AES_BLOCK_SIZE;
-            in += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
+            inSz -= WC_AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            out += WC_AES_BLOCK_SIZE;
         }
         if (inSz > 0) {
             wc_AesEncrypt(aes, B, A);
@@ -9169,8 +9163,8 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
             XMEMCPY(out, A, inSz);
         }
 
-        ForceZero(A, AES_BLOCK_SIZE);
-        ForceZero(B, AES_BLOCK_SIZE);
+        ForceZero(A, WC_AES_BLOCK_SIZE);
+        ForceZero(B, WC_AES_BLOCK_SIZE);
     }
 
     return ret;
@@ -9196,31 +9190,31 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     }
 
     if (ret == 0) {
-        byte A[AES_BLOCK_SIZE];
-        byte B[AES_BLOCK_SIZE];
+        byte A[WC_AES_BLOCK_SIZE];
+        byte B[WC_AES_BLOCK_SIZE];
         byte lenSz;
         byte i;
         byte* o = out;
         word32 oSz = inSz;
 
         XMEMCPY(B+1, nonce, nonceSz);
-        lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
+        lenSz = WC_AES_BLOCK_SIZE - 1 - (byte)nonceSz;
 
         B[0] = lenSz - 1;
         for (i = 0; i < lenSz; i++) {
-            B[AES_BLOCK_SIZE - 1 - i] = 0;
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
         }
         B[15] = 1;
 
-        while (oSz >= AES_BLOCK_SIZE) {
+        while (oSz >= WC_AES_BLOCK_SIZE) {
             wc_AesEncrypt(aes, B, A);
             xorbuf16(A, in);
             memcpy16(o, A);
 
             AesCcmCtrInc(B, lenSz);
-            oSz -= AES_BLOCK_SIZE;
-            in += AES_BLOCK_SIZE;
-            o += AES_BLOCK_SIZE;
+            oSz -= WC_AES_BLOCK_SIZE;
+            in += WC_AES_BLOCK_SIZE;
+            o += WC_AES_BLOCK_SIZE;
         }
         if (inSz > 0) {
             wc_AesEncrypt(aes, B, A);
@@ -9229,7 +9223,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         }
 
         for (i = 0; i < lenSz; i++) {
-            B[AES_BLOCK_SIZE - 1 - i] = 0;
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
         }
         wc_AesEncrypt(aes, B, A);
 
@@ -9237,10 +9231,10 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
              + (8 * (((byte)authTagSz - 2) / 2))
              + (lenSz - 1);
         for (i = 0; (i < lenSz) && (i < (byte)sizeof(word32)); i++) {
-            B[AES_BLOCK_SIZE - 1 - i] = inSz >> (8 * i);
+            B[WC_AES_BLOCK_SIZE - 1 - i] = inSz >> (8 * i);
         }
         for (; i < lenSz; i++) {
-            B[AES_BLOCK_SIZE - 1 - i] = 0;
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
         }
 
         wc_AesEncrypt(aes, B, A);
@@ -9254,7 +9248,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
         B[0] = lenSz - 1;
         for (i = 0; i < lenSz; i++) {
-            B[AES_BLOCK_SIZE - 1 - i] = 0;
+            B[WC_AES_BLOCK_SIZE - 1 - i] = 0;
         }
         wc_AesEncrypt(aes, B, B);
         xorbuf(A, B, authTagSz);
@@ -9267,8 +9261,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
             ret = AES_CCM_AUTH_E;
         }
 
-        ForceZero(A, AES_BLOCK_SIZE);
-        ForceZero(B, AES_BLOCK_SIZE);
+        ForceZero(A, WC_AES_BLOCK_SIZE);
+        ForceZero(B, WC_AES_BLOCK_SIZE);
         o = NULL;
     }
 
diff --git a/wolfcrypt/src/port/riscv/riscv-64-chacha.c b/wolfcrypt/src/port/riscv/riscv-64-chacha.c
index a1195713d..776b1b620 100644
--- a/wolfcrypt/src/port/riscv/riscv-64-chacha.c
+++ b/wolfcrypt/src/port/riscv/riscv-64-chacha.c
@@ -1,6 +1,6 @@
 /* riscv-64-chacha.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,24 +19,19 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
 /* The paper NEON crypto by Daniel J. Bernstein and Peter Schwabe was used to
  * optimize for ARM:
  *   https://cryptojedi.org/papers/veccrypto-20120320.pdf
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
 
 #ifdef WOLFSSL_RISCV_ASM
 #ifdef HAVE_CHACHA
 
 #include <wolfssl/wolfcrypt/chacha.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -698,7 +693,7 @@ static WC_INLINE void wc_chacha_encrypt_384(const word32* input, const byte* m,
          * v12-v15 - fourth block
          * v16-v19 - fifth block
          * v20-v24 - temp/message
-         * v25-v27 - indeces for rotating words in vector
+         * v25-v27 - indices for rotating words in vector
          * v28-v31 - input
          *
          * v0  0  1  2  3
@@ -1342,7 +1337,7 @@ static WC_INLINE int wc_chacha_encrypt_256(const word32* input, const byte* m,
          * v12-v15 - message
          * v16-v19 - input
          * v20-v22 - temp
-         * v23-v25 - indeces for rotating words in vector
+         * v23-v25 - indices for rotating words in vector
          *
          * v0  0  1  2  3
          * v1  4  5  6  7
@@ -1588,7 +1583,7 @@ static WC_INLINE int wc_chacha_encrypt_128(const word32* input, const byte* m,
          * v12-v15 - message
          * v16-v19 - input
          * v20-v22 - temp
-         * v23-v25 - indeces for rotating words in vector
+         * v23-v25 - indices for rotating words in vector
          *
          * v0  0  1  2  3
          * v1  4  5  6  7
diff --git a/wolfcrypt/src/port/riscv/riscv-64-poly1305.c b/wolfcrypt/src/port/riscv/riscv-64-poly1305.c
index a0b880b8a..3d5a8bd1a 100644
--- a/wolfcrypt/src/port/riscv/riscv-64-poly1305.c
+++ b/wolfcrypt/src/port/riscv/riscv-64-poly1305.c
@@ -1,6 +1,6 @@
 /* riscv-64-poly1305.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,25 +19,19 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
 /*
- * Based off the public domain implementations by Andrew Moon
+ * Based on the public domain implementations by Andrew Moon
  * and Daniel J. Bernstein
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
 
 #ifdef WOLFSSL_RISCV_ASM
 
 #ifdef HAVE_POLY1305
 #include <wolfssl/wolfcrypt/poly1305.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -252,10 +246,9 @@ static WC_INLINE void poly1305_blocks_riscv64_16(Poly1305* ctx,
 #ifdef WOLFSSL_RISCV_VECTOR
 
 #define MUL_RES_REDIS(l, h, t)  \
-        VSRL_VI(t, l, 26)       \
-        VAND_VX(l, l, REG_A6)   \
-        VSRL_VI(t, t, 26)       \
+        VSRL_VX(t, l, REG_A7)   \
         VSLL_VI(h, h, 12)       \
+        VAND_VX(l, l, REG_A6)   \
         VOR_VV(h, h, t)
 
 #endif
@@ -273,6 +266,7 @@ void poly1305_blocks_riscv64(Poly1305* ctx, const unsigned char *m,
         "li     a4, 0xffffffc000000\n\t"
         "li     a5, 0x3ffffff\n\t"
         "li     a6, 0xfffffffffffff\n\t"
+        "li     a7, 52\n\t"
 
         /* Load r and r^2 */
         "mv     t0, %[r2]\n\t"
@@ -430,7 +424,7 @@ void poly1305_blocks_riscv64(Poly1305* ctx, const unsigned char *m,
         : [bytes] "+r" (bytes), [m] "+r" (m)
         : [r2] "r" (ctx->r2), [h] "r" (ctx->h)
         : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
-          "s3", "s4", "s5", "a4", "a5", "a6"
+          "s3", "s4", "s5", "a4", "a5", "a6", "a7"
     );
 #endif
     poly1305_blocks_riscv64_16(ctx, m, bytes, 1);
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha256.c b/wolfcrypt/src/port/riscv/riscv-64-sha256.c
index 00fbc1ee5..9eb6d4e12 100644
--- a/wolfcrypt/src/port/riscv/riscv-64-sha256.c
+++ b/wolfcrypt/src/port/riscv/riscv-64-sha256.c
@@ -1,6 +1,6 @@
 /* riscv-sha256.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_RISCV_ASM
 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA224)
@@ -47,8 +42,6 @@
         return 0;
     }
 #endif
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
 
@@ -76,7 +69,7 @@ static const FLASH_QUALIFIER ALIGN32 word32 K[64] = {
     0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
 };
 
-/* Initialze SHA-256 object for hashing.
+/* Initialize SHA-256 object for hashing.
  *
  * @param [in, out] sha256  SHA-256 object.
  */
@@ -1192,7 +1185,7 @@ int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data,
 
 #ifdef WOLFSSL_SHA224
 
-/* Initialze SHA-224 object for hashing.
+/* Initialize SHA-224 object for hashing.
  *
  * @param [in, out] sha224  SHA-224 object.
  */
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha3.c b/wolfcrypt/src/port/riscv/riscv-64-sha3.c
new file mode 100644
index 000000000..ad8650a1b
--- /dev/null
+++ b/wolfcrypt/src/port/riscv/riscv-64-sha3.c
@@ -0,0 +1,859 @@
+/* riscv-64-sha3.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
+#include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
+
+#ifdef WOLFSSL_RISCV_ASM
+#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
+    !defined(WOLFSSL_AFALG_XILINX_SHA3)
+
+#if FIPS_VERSION3_GE(2,0,0)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+    #define FIPS_NO_WRAPPERS
+
+    #ifdef USE_WINDOWS_API
+        #pragma code_seg(".fipsA$n")
+        #pragma const_seg(".fipsB$n")
+    #endif
+#endif
+
+#include <wolfssl/wolfcrypt/sha3.h>
+
+static const word64 hash_keccak_r[24] =
+{
+    0x0000000000000001UL, 0x0000000000008082UL,
+    0x800000000000808aUL, 0x8000000080008000UL,
+    0x000000000000808bUL, 0x0000000080000001UL,
+    0x8000000080008081UL, 0x8000000000008009UL,
+    0x000000000000008aUL, 0x0000000000000088UL,
+    0x0000000080008009UL, 0x000000008000000aUL,
+    0x000000008000808bUL, 0x800000000000008bUL,
+    0x8000000000008089UL, 0x8000000000008003UL,
+    0x8000000000008002UL, 0x8000000000000080UL,
+    0x000000000000800aUL, 0x800000008000000aUL,
+    0x8000000080008081UL, 0x8000000000008080UL,
+    0x0000000080000001UL, 0x8000000080008008UL
+};
+
+#ifndef WOLFSSL_RISCV_VECTOR
+
+#define S0_0     "a1"
+#define S0_1     "a2"
+#define S0_2     "a3"
+#define S0_3     "a4"
+#define S0_4     "a5"
+#define S1_0     "s1"
+#define S1_1     "s2"
+#define S1_2     "s3"
+#define S1_3     "s4"
+#define S1_4     "s5"
+#define S2_0     "s6"
+#define S2_1     "s7"
+#define S2_2     "s8"
+#define S2_3     "s9"
+#define S2_4     "s10"
+#define S3_0     "t0"
+#define S3_1     "t1"
+#define S3_2     "t2"
+#define S3_3     "t3"
+#define S3_4     "t4"
+
+#define T_0      "a6"
+#define T_1      "a7"
+#define T_2      "t5"
+#define T_3      "t6"
+#define T_4      "s11"
+
+#define SR0_0    REG_A1
+#define SR0_1    REG_A2
+#define SR0_2    REG_A3
+#define SR0_3    REG_A4
+#define SR0_4    REG_A5
+#define SR1_0    REG_S1
+#define SR1_1    REG_S2
+#define SR1_2    REG_S3
+#define SR1_3    REG_S4
+#define SR1_4    REG_S5
+#define SR2_0    REG_S6
+#define SR2_1    REG_S7
+#define SR2_2    REG_S8
+#define SR2_3    REG_S9
+#define SR2_4    REG_S10
+#define SR3_0    REG_T0
+#define SR3_1    REG_T1
+#define SR3_2    REG_T2
+#define SR3_3    REG_T3
+#define SR3_4    REG_T4
+
+#define TR_0     REG_A6
+#define TR_1     REG_A7
+#define TR_2     REG_T5
+#define TR_3     REG_T6
+#define TR_4     REG_S11
+
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+
+#define SWAP_ROTL(t0, tr0, t1, s, sr, rr, rl)       \
+        "mv    " t1 ", " s  "\n\t"                  \
+        "srli  " s  ", " t0 ", " #rr "\n\t"         \
+        "slli  " t0 ", " t0 ", " #rl "\n\t"         \
+        "or    " s  ", " s  ", " t0 "\n\t"
+
+#define SWAP_ROTL_MEM(t0, tr0, t1, t2, s, rr, rl)   \
+        "ld    " t1 ", " #s "(%[s])\n\t"            \
+        "srli  " t2 ", " t0 ", " #rr "\n\t"         \
+        "slli  " t0 ", " t0 ", " #rl "\n\t"         \
+        "or    " t0 ", " t0 ", " t2 "\n\t"          \
+        "sd    " t0 ", " #s "(%[s])\n\t"
+
+#else
+
+#define SWAP_ROTL(t0, tr0, t1, s, sr, rr, rl)       \
+        "mv    " t1 ", " s "\n\t"                   \
+        RORI(sr, tr0, rr)
+
+#define SWAP_ROTL_MEM(t0, tr0, t1, t2, s, rr, rl)   \
+        "ld    " t1 ", " #s "(%[s])\n\t"            \
+        RORI(tr0, tr0, rr)                          \
+        "sd    " t0 ", " #s "(%[s])\n\t"
+
+#endif
+
+void BlockSha3(word64* s)
+{
+    const word64* r = hash_keccak_r;
+
+    __asm__ __volatile__ (
+        "addi   sp, sp, -24\n\t"
+        "li     " T_4 ", 24\n\t"
+        "ld     " S0_0 ", 0(%[s])\n\t"
+        "ld     " S0_1 ", 8(%[s])\n\t"
+        "ld     " S0_2 ", 16(%[s])\n\t"
+        "ld     " S0_3 ", 24(%[s])\n\t"
+        "ld     " S0_4 ", 32(%[s])\n\t"
+        "ld     " S1_0 ", 40(%[s])\n\t"
+        "ld     " S1_1 ", 48(%[s])\n\t"
+        "ld     " S1_2 ", 56(%[s])\n\t"
+        "ld     " S1_3 ", 64(%[s])\n\t"
+        "ld     " S1_4 ", 72(%[s])\n\t"
+        "ld     " S2_0 ", 80(%[s])\n\t"
+        "ld     " S2_1 ", 88(%[s])\n\t"
+        "ld     " S2_2 ", 96(%[s])\n\t"
+        "ld     " S2_3 ", 104(%[s])\n\t"
+        "ld     " S2_4 ", 112(%[s])\n\t"
+        "ld     " S3_0 ", 120(%[s])\n\t"
+        "ld     " S3_1 ", 128(%[s])\n\t"
+        "ld     " S3_2 ", 136(%[s])\n\t"
+        "ld     " S3_3 ", 144(%[s])\n\t"
+        "ld     " S3_4 ", 152(%[s])\n\t"
+        "ld     " T_0 ", 160(%[s])\n\t"
+        "ld     " T_1 ", 168(%[s])\n\t"
+        "ld     " T_2 ", 176(%[s])\n\t"
+        "\n"
+    "L_riscv_64_block_sha3_loop:\n\t"
+        "sd     " T_4 ", 16(sp)\n\t"
+
+        /* COLUMN MIX */
+        /* Calc b[0], b[1], b[2], b[3], b[4] */
+        "ld     " T_3 ", 184(%[s])\n\t"
+        "ld     " T_4 ", 192(%[s])\n\t"
+        "xor    " T_0 ", " T_0 ", " S0_0 "\n\t"
+        "xor    " T_1 ", " T_1 ", " S0_1 "\n\t"
+        "xor    " T_2 ", " T_2 ", " S0_2 "\n\t"
+        "xor    " T_3 ", " T_3 ", " S0_3 "\n\t"
+        "xor    " T_4 ", " T_4 ", " S0_4 "\n\t"
+        "xor    " T_0 ", " T_0 ", " S1_0 "\n\t"
+        "xor    " T_1 ", " T_1 ", " S1_1 "\n\t"
+        "xor    " T_2 ", " T_2 ", " S1_2 "\n\t"
+        "xor    " T_3 ", " T_3 ", " S1_3 "\n\t"
+        "xor    " T_4 ", " T_4 ", " S1_4 "\n\t"
+        "xor    " T_0 ", " T_0 ", " S2_0 "\n\t"
+        "xor    " T_1 ", " T_1 ", " S2_1 "\n\t"
+        "xor    " T_2 ", " T_2 ", " S2_2 "\n\t"
+        "xor    " T_3 ", " T_3 ", " S2_3 "\n\t"
+        "xor    " T_4 ", " T_4 ", " S2_4 "\n\t"
+        "xor    " T_0 ", " T_0 ", " S3_0 "\n\t"
+        "xor    " T_1 ", " T_1 ", " S3_1 "\n\t"
+        "xor    " T_2 ", " T_2 ", " S3_2 "\n\t"
+        "xor    " T_3 ", " T_3 ", " S3_3 "\n\t"
+        "xor    " T_4 ", " T_4 ", " S3_4 "\n\t"
+        "sd     " T_1 ", 0(sp)\n\t"
+        "sd     " T_3 ", 8(sp)\n\t"
+        /* T_0, T_1, T_2, T_3, T_4 */
+
+        /* s[0],s[5],s[10],s[15],s[20] ^= b[4] ^ ROTL(b[1], 1) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_3 ", " T_1 ", 63\n\t"
+        "slli   " T_1 ", " T_1 ", 1\n\t"
+        "or     " T_1 ", " T_1 ", " T_3 "\n\t"
+#else
+        RORI(TR_1, TR_1, 63)
+#endif
+        "ld     " T_3 ", 160(%[s])\n\t"
+        "xor    " T_1 ", " T_1 ", " T_4 "\n\t"
+        "xor    " S0_0 ", " S0_0 ", " T_1 "\n\t"
+        "xor    " S1_0 ", " S1_0 ", " T_1 "\n\t"
+        "xor    " T_3 ", " T_3 ", " T_1 "\n\t"
+        "xor    " S2_0 ", " S2_0 ", " T_1 "\n\t"
+        "xor    " S3_0 ", " S3_0 ", " T_1 "\n\t"
+        "sd     " T_3 ", 160(%[s])\n\t"
+        /* T_0, T_2, T_4 */
+
+        /* s[1],s[6],s[11],s[16],s[21] ^= b[0] ^ ROTL(b[2], 1)*/
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_3 ", " T_2 ", 63\n\t"
+        "slli   " T_1 ", " T_2 ", 1\n\t"
+        "or     " T_1 ", " T_1 ", " T_3 "\n\t"
+#else
+        RORI(TR_1, TR_2, 63)
+#endif
+        "ld     " T_3 ", 168(%[s])\n\t"
+        "xor    " T_1 ", " T_1 ", " T_0 "\n\t"
+        "xor    " S0_1 ", " S0_1 ", " T_1 "\n\t"
+        "xor    " S1_1 ", " S1_1 ", " T_1 "\n\t"
+        "xor    " T_3 ", " T_3 ", " T_1 "\n\t"
+        "xor    " S2_1 ", " S2_1 ", " T_1 "\n\t"
+        "xor    " S3_1 ", " S3_1 ", " T_1 "\n\t"
+        "sd     " T_3 ", 168(%[s])\n\t"
+        /* T_0, T_2, T_4 */
+
+        /* s[3],s[8],s[13],s[18],s[23] ^= b[2] ^ ROTL(b[4], 1) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_3 ", " T_4 ", 63\n\t"
+        "slli   " T_4 ", " T_4 ", 1\n\t"
+        "or     " T_4 ", " T_4 ", " T_3 "\n\t"
+#else
+        RORI(TR_4, TR_4, 63)
+#endif
+        "ld     " T_3 ", 184(%[s])\n\t"
+        "xor    " T_4 ", " T_4 ", " T_2 "\n\t"
+        "xor    " S0_3 ", " S0_3 ", " T_4 "\n\t"
+        "xor    " S1_3 ", " S1_3 ", " T_4 "\n\t"
+        "xor    " T_3 ", " T_3 ", " T_4 "\n\t"
+        "xor    " S2_3 ", " S2_3 ", " T_4 "\n\t"
+        "xor    " S3_3 ", " S3_3 ", " T_4 "\n\t"
+        "sd     " T_3 ", 184(%[s])\n\t"
+        /* T_0, T_2 */
+
+        "ld     " T_3 ", 8(sp)\n\t"
+        /* s[4],s[9],s[14],s[19],s[24] ^= b[3] ^ ROTL(b[0], 1) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_2 ", " T_0 ", 63\n\t"
+        "slli   " T_0 ", " T_0 ", 1\n\t"
+        "or     " T_0 ", " T_0 ", " T_2 "\n\t"
+#else
+        RORI(TR_0, TR_0, 63)
+#endif
+        "ld     " T_4 ", 192(%[s])\n\t"
+        "xor    " T_0 ", " T_0 ", " T_3 "\n\t"
+        "xor    " S0_4 ", " S0_4 ", " T_0 "\n\t"
+        "xor    " S1_4 ", " S1_4 ", " T_0 "\n\t"
+        "xor    " T_4 ", " T_4 ", " T_0 "\n\t"
+        "xor    " S2_4 ", " S2_4 ", " T_0 "\n\t"
+        "xor    " S3_4 ", " S3_4 ", " T_0 "\n\t"
+        /* T_3 */
+
+        "ld     " T_1 ", 0(sp)\n\t"
+        /* s[2],s[7],s[12],s[17],s[22] ^= b[1] ^ ROTL(b[3], 1) */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli   " T_2 ", " T_3 ", 63\n\t"
+        "slli   " T_3 ", " T_3 ", 1\n\t"
+        "or     " T_3 ", " T_3 ", " T_2 "\n\t"
+#else
+        RORI(TR_3, TR_3, 63)
+#endif
+        "ld     " T_2 ", 176(%[s])\n\t"
+        "xor    " T_3 ", " T_3 ", " T_1 "\n\t"
+        "xor    " S0_2 ", " S0_2 ", " T_3 "\n\t"
+        "xor    " S1_2 ", " S1_2 ", " T_3 "\n\t"
+        "xor    " T_2 ", " T_2 ", " T_3 "\n\t"
+        "xor    " S2_2 ", " S2_2 ", " T_3 "\n\t"
+        "xor    " S3_2 ", " S3_2 ", " T_3 "\n\t"
+
+        /* SWAP ROTL */
+        /* t0 = s[10], s[10] = s[1] >>> 63 */
+        "mv    " T_0 ", " S2_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli  " T_1 ", " S0_1 ", 63\n\t"
+        "slli  " S2_0 ", " S0_1 ", 1\n\t"
+        "or    " S2_0 ", " S2_0 ", " T_1 "\n\t"
+#else
+        RORI(SR2_0, SR0_1, 63)
+#endif
+        /* t1 = s[ 7], s[ 7] = t0 >>> 61 */
+        SWAP_ROTL(T_0, TR_0, T_1, S1_2, SR1_2, 61, 3)
+        /* t0 = s[11], s[11] = t1 >>> 58 */
+        SWAP_ROTL(T_1, TR_1, T_0, S2_1, SR2_1, 58, 6)
+        /* t1 = s[17], s[17] = t0 >>> 54 */
+        SWAP_ROTL(T_0, TR_0, T_1, S3_2, SR3_2, 54, 10)
+        /* t0 = s[18], s[18] = t1 >>> 49 */
+        SWAP_ROTL(T_1, TR_1, T_0, S3_3, SR3_3, 49, 15)
+        /* t1 = s[ 3], s[ 3] = t0 >>> 43 */
+        SWAP_ROTL(T_0, TR_0, T_1, S0_3, SR0_3, 43, 21)
+        /* t0 = s[ 5], s[ 5] = t1 >>> 36 */
+        SWAP_ROTL(T_1, TR_1, T_0, S1_0, SR1_0, 36, 28)
+        /* t1 = s[16], s[16] = t0 >>> 28 */
+        SWAP_ROTL(T_0, TR_0, T_1, S3_1, SR3_1, 28, 36)
+        /* t0 = s[ 8], s[ 8] = t1 >>> 19 */
+        SWAP_ROTL(T_1, TR_1, T_0, S1_3, SR1_3, 19, 45)
+        /* t1 = s[21], s[21] = t0 >>>  9 */
+        SWAP_ROTL_MEM(T_0, TR_0, T_1, T_3, 168,  9, 55)
+        /* t0 = s[24], s[24] = t1 >>> 62 */
+        SWAP_ROTL(T_1, TR_1, T_0, T_4, TR_4, 62,  2)
+        /* t1 = s[ 4], s[ 4] = t0 >>> 50 */
+        SWAP_ROTL(T_0, TR_0, T_1, S0_4, SR0_4, 50, 14)
+        /* t0 = s[15], s[15] = t1 >>> 37 */
+        SWAP_ROTL(T_1, TR_1, T_0, S3_0, SR3_0, 37, 27)
+        /* t1 = s[23], s[23] = t0 >>> 23 */
+        SWAP_ROTL_MEM(T_0, TR_0, T_1, T_3, 184, 23, 41)
+        /* t0 = s[19], s[19] = t1 >>>  8 */
+        SWAP_ROTL(T_1, TR_1, T_0, S3_4, SR3_4,  8, 56)
+        /* t1 = s[13], s[13] = t0 >>> 56 */
+        SWAP_ROTL(T_0, TR_0, T_1, S2_3, SR2_3, 56,  8)
+        /* t0 = s[12], s[12] = t1 >>> 39 */
+        SWAP_ROTL(T_1, TR_1, T_0, S2_2, SR2_2, 39, 25)
+        /* t1 = s[ 2], s[ 2] = t0 >>> 21 */
+        SWAP_ROTL(T_0, TR_0, T_1, S0_2, SR0_2, 21, 43)
+        /* t0 = s[20], s[20] = t1 >>>  2 */
+        SWAP_ROTL_MEM(T_1, TR_1, T_0, T_3, 160,  2, 62)
+        /* t1 = s[14], s[14] = t0 >>> 46 */
+        SWAP_ROTL(T_0, TR_0, T_1, S2_4, SR2_4, 46, 18)
+        /* t0 = s[22], s[22] = t1 >>> 25 */
+        SWAP_ROTL(T_1, TR_1, T_0, T_2, TR_2, 25, 39)
+        /* t1 = s[ 9], s[ 9] = t0 >>> 3 */
+        SWAP_ROTL(T_0, TR_0, T_1, S1_4, SR1_4,  3, 61)
+        /* t0 = s[ 6], s[ 6] = t1 >>> 44 */
+        SWAP_ROTL(T_1, TR_1, T_0, S1_1, SR1_1, 44, 20)
+        /*             s[ 1] = t0 >>> 20 */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "srli  " S0_1 ", " T_0 ", 20\n\t"
+        "slli  " T_0 ", " T_0 ", 44\n\t"
+        "or    " S0_1 ", " S0_1 ", " T_0 "\n\t"
+#else
+        RORI(SR0_1, TR_0, 20)
+#endif
+
+        /* ROW MIX */
+        /* s[0] */
+        "mv     " T_0 ", " S0_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S0_1 "\n\t"
+        "and    " T_3 ", " T_3 ", " S0_2 "\n\t"
+#else
+        ANDN(TR_3, SR0_2, SR0_1)
+#endif
+        "xor    " S0_0 ", " S0_0 ", " T_3 "\n\t"
+        /* s[1] */
+        "mv     " T_1 ", " S0_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S0_2 "\n\t"
+        "and    " T_3 ", " T_3 ", " S0_3 "\n\t"
+#else
+        ANDN(TR_3, SR0_3, SR0_2)
+#endif
+        "xor    " S0_1 ", " S0_1 ", " T_3 "\n\t"
+        /* s[2] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S0_3 "\n\t"
+        "and    " T_3 ", " T_3 ", " S0_4 "\n\t"
+#else
+        ANDN(TR_3, SR0_4, SR0_3)
+#endif
+        "xor    " S0_2 ", " S0_2 ", " T_3 "\n\t"
+        /* s[3] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S0_4 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_0 "\n\t"
+#else
+        ANDN(TR_3, TR_0, SR0_4)
+#endif
+        "xor    " S0_3 ", " S0_3 ", " T_3 "\n\t"
+        /* s[4] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " T_0 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_1 "\n\t"
+#else
+        ANDN(TR_3, TR_1, TR_0)
+#endif
+        "xor    " S0_4 ", " S0_4 ", " T_3 "\n\t"
+
+        /* s[5] */
+        "mv     " T_0 ", " S1_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S1_1 "\n\t"
+        "and    " T_3 ", " T_3 ", " S1_2 "\n\t"
+#else
+        ANDN(TR_3, SR1_2, SR1_1)
+#endif
+        "xor    " S1_0 ", " S1_0 ", " T_3 "\n\t"
+        /* s[6] */
+        "mv     " T_1 ", " S1_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S1_2 "\n\t"
+        "and    " T_3 ", " T_3 ", " S1_3 "\n\t"
+#else
+        ANDN(TR_3, SR1_3, SR1_2)
+#endif
+        "xor    " S1_1 ", " S1_1 ", " T_3 "\n\t"
+        /* s[7] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S1_3 "\n\t"
+        "and    " T_3 ", " T_3 ", " S1_4 "\n\t"
+#else
+        ANDN(TR_3, SR1_4, SR1_3)
+#endif
+        "xor    " S1_2 ", " S1_2 ", " T_3 "\n\t"
+        /* s[8] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S1_4 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_0 "\n\t"
+#else
+        ANDN(TR_3, TR_0, SR1_4)
+#endif
+        "xor    " S1_3 ", " S1_3 ", " T_3 "\n\t"
+        /* s[9] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " T_0 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_1 "\n\t"
+#else
+        ANDN(TR_3, TR_1, TR_0)
+#endif
+        "xor    " S1_4 ", " S1_4 ", " T_3 "\n\t"
+
+        /* s[10] */
+        "mv     " T_0 ", " S2_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S2_1 "\n\t"
+        "and    " T_3 ", " T_3 ", " S2_2 "\n\t"
+#else
+        ANDN(TR_3, SR2_2, SR2_1)
+#endif
+        "xor    " S2_0 ", " S2_0 ", " T_3 "\n\t"
+        /* s[11] */
+        "mv     " T_1 ", " S2_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S2_2 "\n\t"
+        "and    " T_3 ", " T_3 ", " S2_3 "\n\t"
+#else
+        ANDN(TR_3, SR2_3, SR2_2)
+#endif
+        "xor    " S2_1 ", " S2_1 ", " T_3 "\n\t"
+        /* s[12] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S2_3 "\n\t"
+        "and    " T_3 ", " T_3 ", " S2_4 "\n\t"
+#else
+        ANDN(TR_3, SR2_4, SR2_3)
+#endif
+        "xor    " S2_2 ", " S2_2 ", " T_3 "\n\t"
+        /* s[13] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S2_4 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_0 "\n\t"
+#else
+        ANDN(TR_3, TR_0, SR2_4)
+#endif
+        "xor    " S2_3 ", " S2_3 ", " T_3 "\n\t"
+        /* s[14] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " T_0 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_1 "\n\t"
+#else
+        ANDN(TR_3, TR_1, TR_0)
+#endif
+        "xor    " S2_4 ", " S2_4 ", " T_3 "\n\t"
+
+        /* s[15] */
+        "mv     " T_0 ", " S3_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S3_1 "\n\t"
+        "and    " T_3 ", " T_3 ", " S3_2 "\n\t"
+#else
+        ANDN(TR_3, SR3_2, SR3_1)
+#endif
+        "xor    " S3_0 ", " S3_0 ", " T_3 "\n\t"
+        /* s[16] */
+        "mv     " T_1 ", " S3_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S3_2 "\n\t"
+        "and    " T_3 ", " T_3 ", " S3_3 "\n\t"
+#else
+        ANDN(TR_3, SR3_3, SR3_2)
+#endif
+        "xor    " S3_1 ", " S3_1 ", " T_3 "\n\t"
+        /* s[17] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S3_3 "\n\t"
+        "and    " T_3 ", " T_3 ", " S3_4 "\n\t"
+#else
+        ANDN(TR_3, SR3_4, SR3_3)
+#endif
+        "xor    " S3_2 ", " S3_2 ", " T_3 "\n\t"
+        /* s[18] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " S3_4 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_0 "\n\t"
+#else
+        ANDN(TR_3, TR_0, SR3_4)
+#endif
+        "xor    " S3_3 ", " S3_3 ", " T_3 "\n\t"
+        /* s[19] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " T_3 ", " T_0 "\n\t"
+        "and    " T_3 ", " T_3 ", " T_1 "\n\t"
+#else
+        ANDN(TR_3, TR_1, TR_0)
+#endif
+        "xor    " S3_4 ", " S3_4 ", " T_3 "\n\t"
+
+        "sd     " S3_0 ", 120(%[s])\n\t"
+        "sd     " S3_1 ", 128(%[s])\n\t"
+        "sd     " S3_2 ", 136(%[s])\n\t"
+        "ld     " T_0 ", 160(%[s])\n\t"
+        "ld     " T_1 ", 168(%[s])\n\t"
+        "ld     " T_3 ", 184(%[s])\n\t"
+
+        /* s[20] */
+        "mv     " S3_0 ", " T_0 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " T_1 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " T_2 "\n\t"
+#else
+        ANDN(SR3_2, TR_2, TR_1)
+#endif
+        "xor    " T_0 ", " T_0 ", " S3_2 "\n\t"
+        /* s[21] */
+        "mv     " S3_1 ", " T_1 "\n\t"
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " T_2 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " T_3 "\n\t"
+#else
+        ANDN(SR3_2, TR_3, TR_2)
+#endif
+        "xor    " T_1 ", " T_1 ", " S3_2 "\n\t"
+        /* s[22] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " T_3 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " T_4 "\n\t"
+#else
+        ANDN(SR3_2, TR_4, TR_3)
+#endif
+        "xor    " T_2 ", " T_2 ", " S3_2 "\n\t"
+        /* s[23] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " T_4 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " S3_0 "\n\t"
+#else
+        ANDN(SR3_2, SR3_0, TR_4)
+#endif
+        "xor    " T_3 ", " T_3 ", " S3_2 "\n\t"
+        /* s[24] */
+#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+        "not    " S3_2 ", " S3_0 "\n\t"
+        "and    " S3_2 ", " S3_2 ", " S3_1 "\n\t"
+#else
+        ANDN(SR3_2, SR3_1, SR3_0)
+#endif
+        "xor    " T_4 ", " T_4 ", " S3_2 "\n\t"
+
+        "ld     " S3_0 ", 120(%[s])\n\t"
+        "ld     " S3_1 ", 128(%[s])\n\t"
+        "ld     " S3_2 ", 136(%[s])\n\t"
+        "sd     " T_0 ", 160(%[s])\n\t"
+        "sd     " T_1 ", 168(%[s])\n\t"
+        "sd     " T_2 ", 176(%[s])\n\t"
+        "sd     " T_3 ", 184(%[s])\n\t"
+        "sd     " T_4 ", 192(%[s])\n\t"
+
+        "ld     " T_4 ", 16(sp)\n\t"
+        "ld     " T_3 ", 0(%[r])\n\t"
+        "addi   %[r], %[r], 8\n\t"
+        "addi   " T_4 ", " T_4 ", -1\n\t"
+        "xor    " S0_0 ", " S0_0 ", " T_3 "\n\t"
+        "bnez   " T_4 ", L_riscv_64_block_sha3_loop\n\t"
+
+        "sd     " S0_0 ", 0(%[s])\n\t"
+        "sd     " S0_1 ", 8(%[s])\n\t"
+        "sd     " S0_2 ", 16(%[s])\n\t"
+        "sd     " S0_3 ", 24(%[s])\n\t"
+        "sd     " S0_4 ", 32(%[s])\n\t"
+        "sd     " S1_0 ", 40(%[s])\n\t"
+        "sd     " S1_1 ", 48(%[s])\n\t"
+        "sd     " S1_2 ", 56(%[s])\n\t"
+        "sd     " S1_3 ", 64(%[s])\n\t"
+        "sd     " S1_4 ", 72(%[s])\n\t"
+        "sd     " S2_0 ", 80(%[s])\n\t"
+        "sd     " S2_1 ", 88(%[s])\n\t"
+        "sd     " S2_2 ", 96(%[s])\n\t"
+        "sd     " S2_3 ", 104(%[s])\n\t"
+        "sd     " S2_4 ", 112(%[s])\n\t"
+        "sd     " S3_0 ", 120(%[s])\n\t"
+        "sd     " S3_1 ", 128(%[s])\n\t"
+        "sd     " S3_2 ", 136(%[s])\n\t"
+        "sd     " S3_3 ", 144(%[s])\n\t"
+        "sd     " S3_4 ", 152(%[s])\n\t"
+
+        "addi   sp, sp, 24\n\t"
+
+        : [r] "+r" (r)
+        : [s] "r" (s)
+        : "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6",
+           "a1", "a2", "a3", "a4", "a5", "a6", "a7",
+           "s1", "s2", "s3", "s4", "s5", "s6", "s7", "s8", "s9", "s10", "s11"
+    );
+}
+
+#else
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+
+#define COL_MIX(r, b1, b4)                      \
+        VSLL_VI(REG_V31, b1, 1)                 \
+        VSRL_VX(REG_V30, b1, REG_T1)            \
+        VXOR_VV(REG_V31, REG_V31, b4)           \
+        VXOR_VV(REG_V31, REG_V31, REG_V30)      \
+        VXOR_VV((r +  0), (r +  0), REG_V31)    \
+        VXOR_VV((r +  5), (r +  5), REG_V31)    \
+        VXOR_VV((r + 10), (r + 10), REG_V31)    \
+        VXOR_VV((r + 15), (r + 15), REG_V31)    \
+        VXOR_VV((r + 20), (r + 20), REG_V31)
+
+#define SWAP_ROTL_LO(vr, vt0, vt1, sl)          \
+        VMV_V_V(vt0, vr)                        \
+        "li     t1, 64 - " #sl "\n\t"           \
+        VSLL_VI(vr, vt1, sl)                    \
+        VSRL_VX(vt1, vt1, REG_T1)               \
+        VOR_VV(vr, vr, vt1)
+
+#define SWAP_ROTL_HI(vr, vt0, vt1, sl)          \
+        VMV_V_V(vt0, vr)                        \
+        "li     t1, " #sl "\n\t"                \
+        VSRL_VI(vr, vt1, (64 - sl))             \
+        VSLL_VX(vt1, vt1, REG_T1)               \
+        VOR_VV(vr, vr, vt1)
+
+#define ROW_MIX(r)                              \
+        VMV_V_V(REG_V25, (r + 0))               \
+        VMV_V_V(REG_V26, (r + 1))               \
+        VNOT_V(REG_V30, (r + 1))                \
+        VNOT_V(REG_V31, (r + 2))                \
+        VAND_VV(REG_V30, REG_V30, (r + 2))      \
+        VAND_VV(REG_V31, REG_V31, (r + 3))      \
+        VXOR_VV((r + 0), REG_V30, (r + 0))      \
+        VXOR_VV((r + 1), REG_V31, (r + 1))      \
+        VNOT_V(REG_V30, (r + 3))                \
+        VNOT_V(REG_V31, (r + 4))                \
+        VAND_VV(REG_V30, REG_V30, (r + 4))      \
+        VAND_VV(REG_V31, REG_V31, REG_V25)      \
+        VNOT_V(REG_V25, REG_V25)                \
+        VXOR_VV((r + 2), REG_V30, (r + 2))      \
+        VAND_VV(REG_V25, REG_V25, REG_V26)      \
+        VXOR_VV((r + 3), REG_V31, (r + 3))      \
+        VXOR_VV((r + 4), REG_V25, (r + 4))
+
+#else
+
+#define COL_MIX(r, t)                           \
+        VXOR_VV((r +  0), (r +  0), t)          \
+        VXOR_VV((r +  5), (r +  5), t)          \
+        VXOR_VV((r + 10), (r + 10), t)          \
+        VXOR_VV((r + 15), (r + 15), t)          \
+        VXOR_VV((r + 20), (r + 20), t)
+
+#define SWAP_ROTL(vr, vt0, vt1, sl)             \
+        VMV_V_V(vt0, vr)                        \
+        VROR_VI(vr, (64 - sl), vt1)
+
+#define SWAP_ROTL_LO    SWAP_ROTL
+#define SWAP_ROTL_HI    SWAP_ROTL
+
+#define ROW_MIX(r)                              \
+        VMV_V_V(REG_V25, (r + 0))               \
+        VMV_V_V(REG_V26, (r + 1))               \
+        VANDN_VV(REG_V30, (r + 1), (r + 2))     \
+        VANDN_VV(REG_V31, (r + 2), (r + 3))     \
+        VXOR_VV((r + 0), REG_V30, (r + 0))      \
+        VXOR_VV((r + 1), REG_V31, (r + 1))      \
+        VANDN_VV(REG_V30, (r + 3), (r + 4))     \
+        VANDN_VV(REG_V31, (r + 4), REG_V25)     \
+        VANDN_VV(REG_V25, REG_V25, REG_V26)     \
+        VXOR_VV((r + 2), REG_V30, (r + 2))      \
+        VXOR_VV((r + 3), REG_V31, (r + 3))      \
+        VXOR_VV((r + 4), REG_V25, (r + 4))
+
+#endif
+
+
+void BlockSha3(word64* s)
+{
+    __asm__ __volatile__ (
+        /* 1 x 64-bit */
+        VSETIVLI(REG_X0, 1, 0, 1, 0b011, 0b000)
+
+        "li     t2, 24\n\t"
+        "mv     t0, %[r]\n\t"
+        "mv     t1, %[s]\n\t"
+        VLSEG8E64_V(REG_V0, REG_T1)
+        "addi   t1, %[s], 64\n\t"
+        VLSEG8E64_V(REG_V8, REG_T1)
+        "addi   t1, %[s], 128\n\t"
+        VLSEG8E64_V(REG_V16, REG_T1)
+        "addi   t1, %[s], 192\n\t"
+        VLSEG1E64_V(REG_V24, REG_T1)
+
+        "\n"
+    "L_riscv_64_block_sha3_loop:\n\t"
+
+        /* COLUMN MIX */
+        VXOR_VV(REG_V25, REG_V0, REG_V5)
+        VXOR_VV(REG_V26, REG_V1, REG_V6)
+        VXOR_VV(REG_V27, REG_V2, REG_V7)
+        VXOR_VV(REG_V28, REG_V3, REG_V8)
+        VXOR_VV(REG_V29, REG_V4, REG_V9)
+        VXOR_VV(REG_V25, REG_V25, REG_V10)
+        VXOR_VV(REG_V26, REG_V26, REG_V11)
+        VXOR_VV(REG_V27, REG_V27, REG_V12)
+        VXOR_VV(REG_V28, REG_V28, REG_V13)
+        VXOR_VV(REG_V29, REG_V29, REG_V14)
+        VXOR_VV(REG_V25, REG_V25, REG_V15)
+        VXOR_VV(REG_V26, REG_V26, REG_V16)
+        VXOR_VV(REG_V27, REG_V27, REG_V17)
+        VXOR_VV(REG_V28, REG_V28, REG_V18)
+        VXOR_VV(REG_V29, REG_V29, REG_V19)
+        VXOR_VV(REG_V25, REG_V25, REG_V20)
+        VXOR_VV(REG_V26, REG_V26, REG_V21)
+        VXOR_VV(REG_V27, REG_V27, REG_V22)
+        VXOR_VV(REG_V28, REG_V28, REG_V23)
+        VXOR_VV(REG_V29, REG_V29, REG_V24)
+
+#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+        "li     t1, 63\n\t"
+        COL_MIX(REG_V0, REG_V26, REG_V29)
+        COL_MIX(REG_V1, REG_V27, REG_V25)
+        COL_MIX(REG_V2, REG_V28, REG_V26)
+        COL_MIX(REG_V3, REG_V29, REG_V27)
+        COL_MIX(REG_V4, REG_V25, REG_V28)
+#else
+        VROR_VI(REG_V30, 63, REG_V26)
+        VROR_VI(REG_V31, 63, REG_V27)
+        VXOR_VV(REG_V30, REG_V30, REG_V29)
+        VXOR_VV(REG_V31, REG_V31, REG_V25)
+        COL_MIX(REG_V0, REG_V30)
+        COL_MIX(REG_V1, REG_V31)
+
+        VROR_VI(REG_V30, 63, REG_V28)
+        VROR_VI(REG_V31, 63, REG_V29)
+        VROR_VI(REG_V25, 63, REG_V25)
+        VXOR_VV(REG_V30, REG_V30, REG_V26)
+        VXOR_VV(REG_V31, REG_V31, REG_V27)
+        VXOR_VV(REG_V25, REG_V25, REG_V28)
+        COL_MIX(REG_V2, REG_V30)
+        COL_MIX(REG_V3, REG_V31)
+        COL_MIX(REG_V4, REG_V25)
+#endif
+        /* SWAP ROTL */
+        /* t1 = s[ 1]                   */
+        VMV_V_V(REG_V26, REG_V1)
+        /* t0 = s[10], s[10] = t1 <<< 1 */
+        SWAP_ROTL_LO(REG_V10, REG_V25, REG_V26, 1)
+        /* t1 = s[ 7], s[ 7] = t0 <<< 3 */
+        SWAP_ROTL_LO(REG_V7 , REG_V26, REG_V25, 3)
+        /* t0 = s[11], s[11] = t1 <<< 6 */
+        SWAP_ROTL_LO(REG_V11, REG_V25, REG_V26, 6)
+        /* t1 = s[17], s[17] = t0 <<< 10 */
+        SWAP_ROTL_LO(REG_V17, REG_V26, REG_V25, 10)
+        /* t0 = s[18], s[18] = t1 <<< 15 */
+        SWAP_ROTL_LO(REG_V18, REG_V25, REG_V26, 15)
+        /* t1 = s[ 3], s[ 3] = t0 <<< 21 */
+        SWAP_ROTL_LO(REG_V3 , REG_V26, REG_V25, 21)
+        /* t0 = s[ 5], s[ 5] = t1 <<< 28 */
+        SWAP_ROTL_LO(REG_V5 , REG_V25, REG_V26, 28)
+        /* t1 = s[16], s[16] = t0 <<< 36 */
+        SWAP_ROTL_HI(REG_V16, REG_V26, REG_V25, 36)
+        /* t0 = s[ 8], s[ 8] = t1 <<< 45 */
+        SWAP_ROTL_HI(REG_V8 , REG_V25, REG_V26, 45)
+        /* t1 = s[21], s[21] = t0 <<< 55 */
+        SWAP_ROTL_HI(REG_V21, REG_V26, REG_V25, 55)
+        /* t0 = s[24], s[24] = t1 <<< 2 */
+        SWAP_ROTL_LO(REG_V24, REG_V25, REG_V26,  2)
+        /* t1 = s[ 4], s[ 4] = t0 <<< 14 */
+        SWAP_ROTL_LO(REG_V4 , REG_V26, REG_V25, 14)
+        /* t0 = s[15], s[15] = t1 <<< 27 */
+        SWAP_ROTL_LO(REG_V15, REG_V25, REG_V26, 27)
+        /* t1 = s[23], s[23] = t0 <<< 41 */
+        SWAP_ROTL_HI(REG_V23, REG_V26, REG_V25, 41)
+        /* t0 = s[19], s[19] = t1 <<< 56 */
+        SWAP_ROTL_HI(REG_V19, REG_V25, REG_V26, 56)
+        /* t1 = s[13], s[13] = t0 <<< 8 */
+        SWAP_ROTL_LO(REG_V13, REG_V26, REG_V25,  8)
+        /* t0 = s[12], s[12] = t1 <<< 25 */
+        SWAP_ROTL_LO(REG_V12, REG_V25, REG_V26, 25)
+        /* t1 = s[ 2], s[ 2] = t0 <<< 43 */
+        SWAP_ROTL_HI(REG_V2 , REG_V26, REG_V25, 43)
+        /* t0 = s[20], s[20] = t1 <<< 62 */
+        SWAP_ROTL_HI(REG_V20, REG_V25, REG_V26, 62)
+        /* t1 = s[14], s[14] = t0 <<< 18 */
+        SWAP_ROTL_LO(REG_V14, REG_V26, REG_V25, 18)
+        /* t0 = s[22], s[22] = t1 <<< 39 */
+        SWAP_ROTL_HI(REG_V22, REG_V25, REG_V26, 39)
+        /* t1 = s[ 9], s[ 9] = t0 <<< 61 */
+        SWAP_ROTL_HI(REG_V9 , REG_V26, REG_V25, 61)
+        /* t0 = s[ 6], s[ 6] = t1 <<< 20 */
+        SWAP_ROTL_LO(REG_V6 , REG_V25, REG_V26, 20)
+        /*             s[ 1] = t0 <<< 44 */
+        "li     t1, 44\n\t"
+        VSRL_VI(REG_V1, REG_V25, (64 - 44))
+        VSLL_VX(REG_V25, REG_V25, REG_T1)
+        VOR_VV(REG_V1, REG_V1, REG_V25)
+
+        /* ROW MIX */
+        ROW_MIX(REG_V0)
+        ROW_MIX(REG_V5)
+        ROW_MIX(REG_V10)
+        ROW_MIX(REG_V15)
+        ROW_MIX(REG_V20)
+
+        VL1RE64_V(REG_V25, REG_T0)
+        "addi   t0, t0, 8\n\t"
+        "addi   t2, t2, -1\n\t"
+        VXOR_VV(REG_V0, REG_V0, REG_V25)
+        "bnez   t2, L_riscv_64_block_sha3_loop\n\t"
+
+        "mv     t1, %[s]\n\t"
+        VSSEG8E64_V(REG_V0, REG_T1)
+        "addi   t1, %[s], 64\n\t"
+        VSSEG8E64_V(REG_V8, REG_T1)
+        "addi   t1, %[s], 128\n\t"
+        VSSEG8E64_V(REG_V16, REG_T1)
+        "addi   t1, %[s], 192\n\t"
+        VSSEG1E64_V(REG_V24, REG_T1)
+
+        :
+        : [s] "r" (s), [r] "r" (hash_keccak_r)
+        : "memory", "t0", "t1", "t2"
+    );
+}
+
+#endif /* WOLFSSL_RISCV_VECTOR */
+#endif /* WOLFSSL_SHA3 && !XILINX */
+#endif /* WOLFSSL_RISCV_ASM */
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha512.c b/wolfcrypt/src/port/riscv/riscv-64-sha512.c
index b5b7f213d..3922617ef 100644
--- a/wolfcrypt/src/port/riscv/riscv-64-sha512.c
+++ b/wolfcrypt/src/port/riscv/riscv-64-sha512.c
@@ -1,6 +1,6 @@
 /* riscv-sha512.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_RISCV_ASM
 #if !defined(NO_SHA512) || defined(WOLFSSL_SHA384)
@@ -47,8 +42,6 @@
         return 0;
     }
 #endif
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #include <wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h>
 
@@ -129,7 +122,7 @@ static int InitSha512(wc_Sha512* sha512, void* heap, int devId)
     return ret;
 }
 
-/* Initialze SHA-512 object for hashing.
+/* Initialize SHA-512 object for hashing.
  *
  * @param [in, out] sha512  SHA-512 object.
  */
@@ -1216,7 +1209,7 @@ int wc_Sha512Transform(wc_Sha512* sha512, const unsigned char* data)
         ret = BAD_FUNC_ARG;
     }
     else {
-        ByteReverseWords(sha512->buffer, (word32*)data, WC_SHA512_BLOCK_SIZE);
+        ByteReverseWords((word32*)sha512->buffer, (word32*)data, WC_SHA512_BLOCK_SIZE);
         Sha512Transform(sha512, (byte*)sha512->buffer, 1);
     }
 
@@ -1493,7 +1486,7 @@ int wc_Sha512_256Transform(wc_Sha512* sha512, const unsigned char* data)
 
 #ifdef WOLFSSL_SHA384
 
-/* Initialze SHA-384 object for hashing.
+/* Initialize SHA-384 object for hashing.
  *
  * @param [in, out] sha384  SHA-384 object.
  */
diff --git a/wolfcrypt/src/port/rpi_pico/README.md b/wolfcrypt/src/port/rpi_pico/README.md
new file mode 100644
index 000000000..240cc9782
--- /dev/null
+++ b/wolfcrypt/src/port/rpi_pico/README.md
@@ -0,0 +1,72 @@
+# wolfSSL Raspberry Pi Pico Acceleration
+
+wolfSSL supports RNG acceleration on the Raspberry Pi RP2040 and RP2350
+microcontrollers. Everything here assumes you are using the standard [Raspberry
+Pi Pico SDK](https://github.com/raspberrypi/pico-sdk).
+
+It has only been tested with the ARM cores of the RP2350, not the RISC-V cores.
+
+## RNG Acceleration
+
+The Pico SDK has RNG functions for both the RP2040 and RP2350. In the RP2040
+this is an optimised PRNG method, in the RP2350 it uses a built-in TRNG. The
+same API is used for both.
+
+## Compiling wolfSSL
+
+In your `user_settings.h`, you should set the following to add support in
+wolfSSL:
+
+```c
+#define WOLFSSL_RPIPICO
+```
+
+Then for an RP2040, enable the ARM Thumb instructions:
+
+```c
+#define WOLFSSL_SP_ARM_THUMB_ASM
+```
+
+or for an RP2350, the Cortex-M instructions should be used:
+
+```c
+#define WOLFSSL_SP_ARM_CORTEX_M_ASM
+```
+
+To enable the RNG acceleration add the following:
+
+```c
+#define WC_NO_HASHDRBG
+#define CUSTOM_RAND_GENERATE_BLOCK wc_pico_rng_gen_block
+```
+
+In CMake you should add the following linking to both wolfSSL and the end
+application:
+
+```cmake
+target_link_libraries(wolfssl
+    pico_stdlib
+    pico_rand
+)
+```
+
+A full example can be found in the
+[`RPi-Pico`](https://github.com/wolfSSL/wolfssl-examples/tree/master/RPi-Pico)
+directory of the
+[`wolfssl-examples`](https://github.com/wolfSSL/wolfssl-examples) GitHub
+repository.
+
+## Note on RP2350 SHA256
+
+Although RP2350 has SHA256 acceleration, we cannot use this. It is because
+we need to get an intermediate result using `wc_Sha256GetHash()`. The hardware
+will only deal with 64byte packets of data, so to get a result we need to do
+SHA padding. Once the SHA padding is done, it is not in a state to add more
+data.
+The only real workaround would be to cache everything being sent into the
+hardware and replay it as a new instance when trying to get an intermediate
+result. This would not very efficient for an embedded device.
+
+## Support
+
+For questions please email support@wolfssl.com
diff --git a/wolfcrypt/src/port/rpi_pico/pico.c b/wolfcrypt/src/port/rpi_pico/pico.c
new file mode 100644
index 000000000..bac5dc0f5
--- /dev/null
+++ b/wolfcrypt/src/port/rpi_pico/pico.c
@@ -0,0 +1,59 @@
+/* pico.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+
+
+#include <inttypes.h>
+#include <string.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+#if defined(WOLFSSL_RPIPICO)
+#include "pico/rand.h"
+
+
+/* On RP2040 this uses an optimized PRNG, on RP2350 this uses a hardware TRNG.
+ * There is a 128bit function, but internally this is just 2x 64bit calls.
+ * Likewise the 32bit call is just a truncated 64bit call, so just stick with
+ * the 64bit calls.
+ */
+
+int wc_pico_rng_gen_block(unsigned char *output, unsigned int sz)
+{
+    uint32_t i = 0;
+
+    while (i < sz)
+    {
+        uint64_t rnd = get_rand_64();
+        if (i + 8 < sz)
+        {
+            XMEMCPY(output + i, &rnd, 8);
+            i += 8;
+        } else {
+            XMEMCPY(output + i, &rnd, sz - i);
+            i = sz;
+        }
+    }
+
+    return 0;
+}
+#endif
diff --git a/wolfcrypt/src/port/silabs/silabs_aes.c b/wolfcrypt/src/port/silabs/silabs_aes.c
index db4f0701e..c1b1ebbd5 100644
--- a/wolfcrypt/src/port/silabs/silabs_aes.c
+++ b/wolfcrypt/src/port/silabs/silabs_aes.c
@@ -1,6 +1,6 @@
 /* silabs_aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/silabs/silabs_ecc.c b/wolfcrypt/src/port/silabs/silabs_ecc.c
index 2c59137ce..00acd2b43 100644
--- a/wolfcrypt/src/port/silabs/silabs_ecc.c
+++ b/wolfcrypt/src/port/silabs/silabs_ecc.c
@@ -1,6 +1,6 @@
 /* silabs_ecc.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/silabs/silabs_hash.c b/wolfcrypt/src/port/silabs/silabs_hash.c
index 093bae9bb..024e7799d 100644
--- a/wolfcrypt/src/port/silabs/silabs_hash.c
+++ b/wolfcrypt/src/port/silabs/silabs_hash.c
@@ -1,6 +1,6 @@
 /* silabs_hash.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/silabs/silabs_random.c b/wolfcrypt/src/port/silabs/silabs_random.c
index 26bfad6e7..1b9f65bd4 100644
--- a/wolfcrypt/src/port/silabs/silabs_random.c
+++ b/wolfcrypt/src/port/silabs/silabs_random.c
@@ -1,6 +1,6 @@
 /* silabs_random.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/st/README.md b/wolfcrypt/src/port/st/README.md
index af7c8b66a..62d976ad4 100644
--- a/wolfcrypt/src/port/st/README.md
+++ b/wolfcrypt/src/port/st/README.md
@@ -1,10 +1,12 @@
 # ST Ports
 
-Support for the STM32 L4, F1, F2, F4 and F7 on-board crypto hardware acceleration:
+Support for the STM32 L4, F1, F2, F4, F7 and MP13 on-board crypto hardware
+acceleration:
  - symmetric AES (ECB/CBC/CTR/GCM)
- - MD5/SHA1/SHA224/SHA256
+ - MD5/SHA1/SHA224/SHA256 (MP13 does not have MD5 acceleration)
 
-Support for the STM32 PKA on WB55, H7 and other devices with on-board public-key acceleration:
+Support for the STM32 PKA on WB55, H7, MP13 and other devices with on-board
+public-key acceleration:
  - ECC192/ECC224/ECC256/ECC384
 
 Support for the STSAFE-A100 crypto hardware accelerator co-processor via I2C for ECC supporting NIST or Brainpool 256-bit and 384-bit curves. It requires the ST-Safe SDK including wolf stsafe_interface.c/.h files. Please contact ST for these.
@@ -73,7 +75,7 @@ At the wolfCrypt level we also support ECC native API's for `wc_ecc_*` using the
 
 `./configure --enable-pkcallbacks CFLAGS="-DWOLFSSL_STSAFEA100"`
 
-or 
+or
 
 `#define HAVE_PK_CALLBACKS`
 `#define WOLFSSL_STSAFEA100`
diff --git a/wolfcrypt/src/port/st/STM32MP13.md b/wolfcrypt/src/port/st/STM32MP13.md
new file mode 100644
index 000000000..c02ef223e
--- /dev/null
+++ b/wolfcrypt/src/port/st/STM32MP13.md
@@ -0,0 +1,246 @@
+# STM32MP13 Port
+
+The STM32MP13 is unique in that it is an MPU instead of an MCU. The HAL also
+behaves a little differently. This document outlines how to use it in bare
+metal mode. For Linux, this should be used as a normal ARM Linux device.
+
+## Linux
+
+To cross-compile from a Linux host to the STM32MP13 OpenSTLinux, you need to
+install the [SDK](https://www.st.com/en/embedded-software/stm32mp1dev.html#get-software).
+In this example, I have extracted it to `/opt/st`.
+
+Your build environment is configured by running:
+
+```sh
+source /opt/st/stm32mp1/4.2.4-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/environment-setup-cortexa7t2hf-neon-vfpv4-ostl-linux-gnueabi
+```
+
+If you wish to compile with support for `/dev/crypto` then you will also need to
+do the following so that the headers are found by the compiler:
+
+```sh
+export CFLAGS="$CFLAGS -I /opt/st/stm32mp1/4.2.4-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sysroots/cortexa7t2hf-neon-vfpv4-ostl-linux-gnueabi/usr/src/debug/cryptodev-module/1.12-r0/"
+```
+
+When running `./configure`, make sure you add `--host=arm-linux-gnueabi` to the
+configure options.
+
+## Bare metal
+
+To develop in bare metal, the board needs to be started in "engineering mode".
+In this mode, there is 128KB of SRAM and 512MB of DDR RAM, but the DDR RAM is
+not initialized. On the STM32MP135-DK board, there is no flash storage.
+
+There is a catch-22 here, a wolfSSL project will likely need more than 128KB of
+storage and RAM. But it cannot be loaded into the DDR RAM until the DDR has been
+initialized. To work around this, before running the wolfSSL project, an
+example project called `DDR_Init` needs to be run first. This sets up the clocks
+and initializes the DDR RAM. The wolfSSL project can then be loaded into the DDR
+RAM, where it is executed.
+
+The DDR RAM section below shows how to obtain the `DDR_Init` project.
+
+### Setting up
+
+The board itself has dip switches to set the boot mode. These should be set to
+off-off-on-off to set the board into "engineering mode". The MPU's SRAM can
+then be flashed via the ST-Link.
+
+#### Device Configuration Tool
+
+In the configuration tool, enable and activate the following:
+
+```
+CRYP1
+HASH1
+PKA
+RNG1
+RTC
+```
+
+#### DDR RAM
+
+As mentioned above, the DDR RAM needs to be initialized before the wolfSSL
+project can be executed.
+
+You need to obtain the [STM32MP13 MPU Firmware Package](https://github.com/STMicroelectronics/STM32CubeMP13),
+which contains many examples of how to use the board in bare metal mode. One
+of the examples is the [DDR Init](https://github.com/STMicroelectronics/STM32CubeMP13/tree/main/Projects/STM32MP135C-DK/Examples/DDR/DDR_Init),
+which you will need to use all the features of wolfSSL. This is because the SRAM
+is only 128KB, but the DDR RAM is 512MB. This example initializes the DDR RAM,
+it also sets the MPU to 650MHz.
+
+#### MMU & Cache
+
+The MMU and cache will increase performance around 50x, so it is highly
+recommended. It may, however, make debugging more difficult.
+
+To enable them, in the preprocessor settings, change:
+
+```
+NO_MMU_USE
+NO_CACHE_USE
+```
+
+to:
+
+```
+MMU_USE
+CACHE_USE
+```
+
+Note that the Cube IDE may break this if you make any changes to the Device
+Configuration Tool.
+
+#### printf()
+
+If you are using an STM32MP135F-DK board and want to use the ST-Link UART for
+`printf()`, then you need to set PD6 and PD8 as the UART 4 RX/TX pins. You can
+then enable UART4 and set it to "Asynchronous" mode.
+
+In the code 0 section of `main.c` add:
+
+```c
+#ifdef __GNUC__
+int __io_putchar(int ch)
+#else
+int fputc(int ch, FILE *f)
+#endif
+{
+    HAL_UART_Transmit(&huart4, (uint8_t *)&ch, 1, 0xFFFF);
+
+    return ch;
+}
+#ifdef __GNUC__
+int _write(int file,char *ptr, int len)
+{
+    int DataIdx;
+    for (DataIdx= 0; DataIdx< len; DataIdx++) {
+        __io_putchar(*ptr++);
+    }
+    return len;
+}
+#endif
+```
+
+UART4 will now be used for `printf()`.
+
+
+
+### wolfSSL in your project
+
+There are a few things you need to do to get wolfSSL to run in your project. The
+first is setting compile option, these additional ones are needed. The first
+allows ARM ASM optimizations to compile, the second stops alignment issues from
+crashing the board:
+
+```
+-fomit-frame-pointer
+-mno-unaligned-access
+```
+
+The first of these should also be a flag for the assembler as well.
+
+Then the code needs to be set to use the DDR RAM instead of SRAM. To do this,
+edit `STM32MP135FAFX_RAM.ld` and change:
+
+```c
+REGION_ALIAS("RAM", SYSRAM_BASE);
+```
+
+To this:
+
+```c
+REGION_ALIAS("RAM", DDR_BASE);
+```
+
+In the Run Configuration menu, make sure that the debugger's startup has the
+"monitor reset" command removed. Otherwise the DDR initialization will be reset.
+
+In the `main.c` make sure that `SystemClock_Config();` is not executed. The DDR
+Init code will do this, and changing it will likely crash the board. It can
+be done like this:
+
+```c
+  /* USER CODE BEGIN Init */
+#if 0
+  /* USER CODE END Init */
+
+  /* Configure the system clock */
+  SystemClock_Config();
+
+  /* USER CODE BEGIN SysInit */
+#endif
+  /* USER CODE END SysInit */
+```
+
+### Benchmark
+
+To use the wolfCrypt benchmark, add this to your `main.c`:
+
+```c
+double current_time(void)
+{
+    RTC_TimeTypeDef time;
+    RTC_DateTypeDef date;
+    uint32_t subsec = 0;
+
+    /* must get time and date here due to STM32 HW bug */
+    HAL_RTC_GetTime(&hrtc, &time, RTC_FORMAT_BIN);
+    HAL_RTC_GetDate(&hrtc, &date, RTC_FORMAT_BIN);
+    /* Not all STM32 RTCs have subseconds in the struct */
+#ifdef RTC_ALARMSUBSECONDMASK_ALL
+    subsec = (255 - time.SubSeconds) * 1000 / 255;
+#endif
+
+    (void) date;
+
+    /* return seconds.milliseconds */
+    return ((double) time.Hours * 24) + ((double) time.Minutes * 60)
+            + (double) time.Seconds + ((double) subsec / 1000);
+}
+```
+
+Then in the user code 2 block, you can add:
+
+```c
+  uint32_t mpuss_clock = HAL_RCC_GetMPUSSFreq() / 1000000;
+
+  printf("System clock: %ld MHz, rng clock: %ld MHz\n\n", mpuss_clock);
+
+  int ret;
+  ret = benchmark_test(NULL);
+  printf("End: %d\n", ret);
+```
+
+### Testing
+
+To use the wolfCrypt test suite,
+
+### Compiling wolfSSL
+
+In your `user_settings.h` you should include:
+
+```c
+#define WOLFSSL_STM32MP13
+#define WOLFSSL_STM32_CUBEMX
+#define WOLFSSL_USER_CURRTIME
+```
+
+If you want ECDSA acceleration, you should also add:
+
+```c
+#define WOLFSSL_STM32_PKA
+#define WOLFSSL_STM32_PKA_V2
+```
+
+### Running
+
+Once you have compiled everything, to run your project, you will first need to
+run the DDR Init project. This will initialize the DDR RAM and the blue LED on
+the board will flash.
+
+You can then run the wolfSSL based project. If the board loses power, the
+DDR Init project will need to be run again before you are able to run the
+wolfSSL project.
diff --git a/wolfcrypt/src/port/st/STM32MP25.md b/wolfcrypt/src/port/st/STM32MP25.md
new file mode 100644
index 000000000..0ca61fe69
--- /dev/null
+++ b/wolfcrypt/src/port/st/STM32MP25.md
@@ -0,0 +1,164 @@
+# wolfSSL STM32MP25
+
+The board will boot in Linux as default when you put in the supplied SD card. If you plug in an Ethernet cable, it will get a DHCP and you can ssh as `root` with no password.
+
+These instructions discuss how to cross-compile for the STM32MP25 when it is running OpenSTLinux.
+
+## SDK
+
+You can download the OpenSTLinux compiler / SDK from here:
+
+https://www.st.com/en/embedded-software/stm32mp2dev.html#get-software
+
+Note that the x86 package is a gzip of a `.tar.gz`.
+
+Once extracted, run the `.sh` file as root, it will install in `/opt/st`.
+
+## Compiling wolfSSL for ARM ASM
+
+The following sets up the build environment (CC, CFLAGS, etc...):
+
+```sh
+source /opt/st/stm32mp2/5.0.3-openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06/environment-setup-cortexa35-ostl-linux
+```
+
+Then this configure command will enable support for the ARM optimized assembly:
+
+```sh
+./configure --host=aarch64-linux-gnueabi --enable-sp-asm  --enable-armasm  --enable-all-asm
+```
+
+## Compiling wolfSSL for cryptodev
+
+As before, setup build environment:
+
+```sh
+source /opt/st/stm32mp2/5.0.3-openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06/environment-setup-cortexa35-ostl-linux
+```
+
+The include path for cryptodev doesn't get added automatically, so this needs adding manually:
+
+```sh
+export CFLAGS="$CFLAGS -I /opt/st/stm32mp2/5.0.3-openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06/sysroots/cortexa35-ostl-linux/usr/src/debug/cryptodev-module/1.13+git/"
+```
+
+Then configure:
+
+```sh
+./configure --host=aarch64-linux-gnueabi --enable-sp-asm --enable-devcrypto
+```
+
+On the STM32, run `modprobe cryptodev` before executing.
+
+## Benchmarks
+
+### Software
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.6
+------------------------------------------------------------------------------
+Math:   Multi-Precision: Wolf(SP) word-size=64 bits=4096 sp_int.c
+        Single Precision: ecc 256 384 521 rsa/dh 2048 3072 4096 asm sp_arm64.c
+wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each)
+RNG                         20 MiB took 1.272 seconds,   15.718 MiB/s
+AES-128-CBC-enc             30 MiB took 1.043 seconds,   28.760 MiB/s
+AES-128-CBC-dec             30 MiB took 1.032 seconds,   29.078 MiB/s
+AES-192-CBC-enc             25 MiB took 1.011 seconds,   24.740 MiB/s
+AES-192-CBC-dec             30 MiB took 1.194 seconds,   25.130 MiB/s
+AES-256-CBC-enc             25 MiB took 1.151 seconds,   21.730 MiB/s
+AES-256-CBC-dec             25 MiB took 1.131 seconds,   22.110 MiB/s
+AES-128-GCM-enc             20 MiB took 1.167 seconds,   17.132 MiB/s
+AES-128-GCM-dec             20 MiB took 1.167 seconds,   17.137 MiB/s
+AES-192-GCM-enc             20 MiB took 1.277 seconds,   15.662 MiB/s
+AES-192-GCM-dec             20 MiB took 1.277 seconds,   15.659 MiB/s
+AES-256-GCM-enc             15 MiB took 1.039 seconds,   14.439 MiB/s
+AES-256-GCM-dec             15 MiB took 1.039 seconds,   14.439 MiB/s
+GMAC Table 4-bit            42 MiB took 1.003 seconds,   41.876 MiB/s
+CHACHA                     130 MiB took 1.015 seconds,  128.047 MiB/s
+CHA-POLY                    95 MiB took 1.013 seconds,   93.815 MiB/s
+MD5                        130 MiB took 1.013 seconds,  128.367 MiB/s
+POLY1305                   355 MiB took 1.011 seconds,  351.276 MiB/s
+SHA                         80 MiB took 1.044 seconds,   76.622 MiB/s
+SHA-224                     40 MiB took 1.130 seconds,   35.390 MiB/s
+SHA-256                     40 MiB took 1.130 seconds,   35.406 MiB/s
+SHA-384                     65 MiB took 1.032 seconds,   62.985 MiB/s
+SHA-512                     65 MiB took 1.032 seconds,   63.008 MiB/s
+SHA-512/224                 65 MiB took 1.032 seconds,   62.995 MiB/s
+SHA-512/256                 65 MiB took 1.032 seconds,   63.007 MiB/s
+SHA3-224                    55 MiB took 1.025 seconds,   53.643 MiB/s
+SHA3-256                    55 MiB took 1.074 seconds,   51.195 MiB/s
+SHA3-384                    45 MiB took 1.122 seconds,   40.122 MiB/s
+SHA3-512                    30 MiB took 1.053 seconds,   28.493 MiB/s
+HMAC-MD5                   130 MiB took 1.018 seconds,  127.760 MiB/s
+HMAC-SHA                    80 MiB took 1.044 seconds,   76.632 MiB/s
+HMAC-SHA224                 40 MiB took 1.130 seconds,   35.392 MiB/s
+HMAC-SHA256                 40 MiB took 1.130 seconds,   35.407 MiB/s
+HMAC-SHA384                 65 MiB took 1.036 seconds,   62.720 MiB/s
+HMAC-SHA512                 65 MiB took 1.032 seconds,   62.996 MiB/s
+PBKDF2                       4 KiB took 1.002 seconds,    4.242 KiB/s
+RSA     2048   public      3900 ops took 1.012 sec, avg 0.259 ms, 3855.639 ops/sec
+RSA     2048  private       200 ops took 1.720 sec, avg 8.598 ms, 116.307 ops/sec
+DH      2048  key gen       226 ops took 1.001 sec, avg 4.431 ms, 225.666 ops/sec
+DH      2048    agree       300 ops took 1.328 sec, avg 4.427 ms, 225.890 ops/sec
+ECC   [      SECP256R1]   256  key gen      6800 ops took 1.000 sec, avg 0.147 ms, 6797.480 ops/sec
+ECDHE [      SECP256R1]   256    agree      1900 ops took 1.018 sec, avg 0.536 ms, 1867.187 ops/sec
+ECDSA [      SECP256R1]   256     sign      4700 ops took 1.018 sec, avg 0.217 ms, 4615.200 ops/sec
+ECDSA [      SECP256R1]   256   verify      1800 ops took 1.028 sec, avg 0.571 ms, 1750.500 ops/sec
+Benchmark complete
+```
+
+### Hardware (devcrypto)
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.6
+------------------------------------------------------------------------------
+Math:   Multi-Precision: Wolf(SP) word-size=64 bits=4096 sp_int.c
+        Single Precision: ecc 256 384 521 rsa/dh 2048 3072 4096 asm sp_arm64.c
+wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each)
+RNG                          5 MiB took 6.168 seconds,    0.811 MiB/s
+AES-128-CBC-enc             75 MiB took 1.053 seconds,   71.205 MiB/s
+AES-128-CBC-dec             75 MiB took 1.055 seconds,   71.063 MiB/s
+AES-192-CBC-enc             75 MiB took 1.051 seconds,   71.370 MiB/s
+AES-192-CBC-dec             75 MiB took 1.050 seconds,   71.405 MiB/s
+AES-256-CBC-enc             75 MiB took 1.049 seconds,   71.472 MiB/s
+AES-256-CBC-dec             75 MiB took 1.051 seconds,   71.332 MiB/s
+AES-128-GCM-enc             10 MiB took 1.828 seconds,    5.469 MiB/s
+AES-128-GCM-dec             10 MiB took 1.829 seconds,    5.468 MiB/s
+AES-192-GCM-enc             10 MiB took 1.828 seconds,    5.470 MiB/s
+AES-192-GCM-dec             10 MiB took 1.829 seconds,    5.468 MiB/s
+AES-256-GCM-enc             10 MiB took 1.827 seconds,    5.475 MiB/s
+AES-256-GCM-dec             10 MiB took 1.829 seconds,    5.468 MiB/s
+GMAC Table 4-bit            44 MiB took 1.000 seconds,   43.707 MiB/s
+CHACHA                      75 MiB took 1.051 seconds,   71.348 MiB/s
+CHA-POLY                    55 MiB took 1.035 seconds,   53.139 MiB/s
+MD5                        135 MiB took 1.016 seconds,  132.876 MiB/s
+POLY1305                   225 MiB took 1.010 seconds,  222.817 MiB/s
+SHA                         85 MiB took 1.019 seconds,   83.452 MiB/s
+SHA-256                     40 MiB took 1.108 seconds,   36.086 MiB/s
+SHA-384                     65 MiB took 1.011 seconds,   64.305 MiB/s
+SHA-512                     65 MiB took 1.011 seconds,   64.282 MiB/s
+SHA-512/224                 65 MiB took 1.011 seconds,   64.317 MiB/s
+SHA-512/256                 65 MiB took 1.013 seconds,   64.193 MiB/s
+SHA3-224                    50 MiB took 1.065 seconds,   46.929 MiB/s
+SHA3-256                    45 MiB took 1.014 seconds,   44.375 MiB/s
+SHA3-384                    35 MiB took 1.023 seconds,   34.225 MiB/s
+SHA3-512                    25 MiB took 1.051 seconds,   23.782 MiB/s
+HMAC-MD5                   135 MiB took 1.011 seconds,  133.567 MiB/s
+HMAC-SHA                    85 MiB took 1.017 seconds,   83.575 MiB/s
+HMAC-SHA256                 40 MiB took 1.085 seconds,   36.882 MiB/s
+HMAC-SHA384                 65 MiB took 1.014 seconds,   64.118 MiB/s
+HMAC-SHA512                 65 MiB took 1.009 seconds,   64.413 MiB/s
+PBKDF2                     576 bytes took 1.003 seconds,  574.070 bytes/s
+RSA     2048   public      1800 ops took 1.058 sec, avg 0.588 ms, 1701.863 ops/sec
+RSA     2048  private       200 ops took 1.721 sec, avg 8.604 ms, 116.218 ops/sec
+DH      2048  key gen       222 ops took 1.003 sec, avg 4.517 ms, 221.370 ops/sec
+DH      2048    agree       300 ops took 1.326 sec, avg 4.422 ms, 226.160 ops/sec
+ECC   [      SECP256R1]   256  key gen      4400 ops took 1.000 sec, avg 0.227 ms, 4398.670 ops/sec
+ECDHE [      SECP256R1]   256    agree      1900 ops took 1.018 sec, avg 0.536 ms, 1866.172 ops/sec
+ECDSA [      SECP256R1]   256     sign      3400 ops took 1.017 sec, avg 0.299 ms, 3344.432 ops/sec
+ECDSA [      SECP256R1]   256   verify      1800 ops took 1.027 sec, avg 0.571 ms, 1752.662 ops/sec
+Benchmark complete
+```
+
diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c
index 343e3a7f3..80f441232 100644
--- a/wolfcrypt/src/port/st/stm32.c
+++ b/wolfcrypt/src/port/st/stm32.c
@@ -1,6 +1,6 @@
 /* stm32.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,6 +58,15 @@
 #elif defined(WOLFSSL_STM32WL)
 #include <stm32wlxx_hal_conf.h>
 #include <stm32wlxx_hal_pka.h>
+#elif defined(WOLFSSL_STM32MP13)
+#include <stm32mp13xx_hal_conf.h>
+#include <stm32mp13xx_hal_pka.h>
+#elif defined(WOLFSSL_STM32H7S)
+#include <stm32h7rsxx_hal_conf.h>
+#include <stm32h7rsxx_hal_pka.h>
+#elif defined(WOLFSSL_STM32WBA)
+#include <stm32wbaxx_hal_conf.h>
+#include <stm32wbaxx_hal_pka.h>
 #else
 #error Please add the hal_pk.h include
 #endif
@@ -134,6 +143,9 @@ static void wc_Stm32_Hash_SaveContext(STM32_HASH_Context* ctx)
     ctx->HASH_IMR = HASH->IMR;
     ctx->HASH_STR = HASH->STR;
     ctx->HASH_CR  = HASH->CR;
+#ifdef STM32_HASH_SHA3
+    ctx->SHA3CFGR  = HASH->SHA3CFGR;
+#endif
     for (i=0; i<HASH_CR_SIZE; i++) {
         ctx->HASH_CSR[i] = HASH->CSR[i];
     }
@@ -181,6 +193,9 @@ static void wc_Stm32_Hash_RestoreContext(STM32_HASH_Context* ctx, int algo)
         HASH->IMR = ctx->HASH_IMR;
         HASH->STR = ctx->HASH_STR;
         HASH->CR = ctx->HASH_CR;
+#ifdef STM32_HASH_SHA3
+        HASH->SHA3CFGR = ctx->SHA3CFGR;
+#endif
 
         /* Initialize the hash processor */
         HASH->CR |= HASH_CR_INIT;
@@ -326,11 +341,11 @@ int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo,
     while (len) {
         word32 add;
 
-        /* fill the FIFO plus one additional to flush the block */
-        chunkSz = ((STM32_HASH_FIFO_SIZE + 1) * STM32_HASH_REG_SIZE);
-        /* account for extra bytes in the FIFO (use mask 0x3F to get remain) */
-        chunkSz -= (stmCtx->fifoBytes &
-            ((STM32_HASH_FIFO_SIZE * STM32_HASH_REG_SIZE)-1));
+        chunkSz = blockSize;
+        /* fill the FIFO plus one additional to flush the first block */
+        if (!stmCtx->fifoBytes) {
+            chunkSz += STM32_HASH_REG_SIZE;
+        }
 
         add = min(len, chunkSz - stmCtx->buffLen);
         XMEMCPY(&local[stmCtx->buffLen], data, add);
@@ -442,8 +457,11 @@ int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp)
     hcryp->Init.pKey = (STM_CRYPT_TYPE*)aes->key;
 #ifdef STM32_HAL_V2
     hcryp->Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
-    #ifdef CRYP_HEADERWIDTHUNIT_BYTE
-    hcryp->Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_BYTE;
+    #ifdef STM_CRYPT_HEADER_WIDTH
+    hcryp->Init.HeaderWidthUnit =
+            (STM_CRYPT_HEADER_WIDTH == 4) ?
+                CRYP_HEADERWIDTHUNIT_WORD :
+                CRYP_HEADERWIDTHUNIT_BYTE;
     #endif
 #endif
 
@@ -684,7 +702,6 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
     PKA_ECCMulInTypeDef pka_mul;
     PKA_ECCMulOutTypeDef pka_mul_res;
     int szModulus;
-    int szkbin;
     int status;
     int res;
     uint8_t Gxbin[STM32_MAX_ECC_SIZE];
@@ -712,9 +729,8 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
     }
 
     szModulus = mp_unsigned_bin_size(modulus);
-    szkbin = mp_unsigned_bin_size(k);
 
-    res = stm32_get_from_mp_int(kbin, k, szkbin);
+    res = stm32_get_from_mp_int(kbin, k, szModulus);
     if (res == MP_OKAY)
         res = stm32_get_from_mp_int(Gxbin, G->x, szModulus);
     if (res == MP_OKAY)
@@ -749,7 +765,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
     pka_mul.modulus = prime;
     pka_mul.pointX = Gxbin;
     pka_mul.pointY = Gybin;
-    pka_mul.scalarMulSize = szkbin;
+    pka_mul.scalarMulSize = szModulus;
     pka_mul.scalarMul = kbin;
 #ifdef WOLFSSL_STM32_PKA_V2
     pka_mul.coefB = coefB;
@@ -807,14 +823,12 @@ int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 {
     PKA_ECDSAVerifInTypeDef pka_ecc;
     int size;
-    int szrbin;
     int status;
     uint8_t Rbin[STM32_MAX_ECC_SIZE];
     uint8_t Sbin[STM32_MAX_ECC_SIZE];
     uint8_t Qxbin[STM32_MAX_ECC_SIZE];
     uint8_t Qybin[STM32_MAX_ECC_SIZE];
     uint8_t Hashbin[STM32_MAX_ECC_SIZE];
-    uint8_t privKeybin[STM32_MAX_ECC_SIZE];
     uint8_t prime[STM32_MAX_ECC_SIZE];
     uint8_t coefA[STM32_MAX_ECC_SIZE];
     uint8_t gen_x[STM32_MAX_ECC_SIZE];
@@ -828,21 +842,17 @@ int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
             key->dp == NULL) {
         return ECC_BAD_ARG_E;
     }
-    *res = 0;
+    *res = 0; /* default to failure */
+    size = wc_ecc_size(key); /* get key size in bytes */
 
-    szrbin = mp_unsigned_bin_size(r);
-    size = wc_ecc_size(key);
-
-    status = stm32_get_from_mp_int(Rbin, r, szrbin);
+    /* load R/S and public X/Y using key size */
+    status = stm32_get_from_mp_int(Rbin, r, size);
     if (status == MP_OKAY)
-        status = stm32_get_from_mp_int(Sbin, s, szrbin);
+        status = stm32_get_from_mp_int(Sbin, s, size);
     if (status == MP_OKAY)
         status = stm32_get_from_mp_int(Qxbin, key->pubkey.x, size);
     if (status == MP_OKAY)
         status = stm32_get_from_mp_int(Qybin, key->pubkey.y, size);
-    if (status == MP_OKAY)
-        status = stm32_get_from_mp_int(privKeybin, wc_ecc_key_get_priv(key),
-            size);
     if (status != MP_OKAY)
         return status;
 
diff --git a/wolfcrypt/src/port/st/stsafe.c b/wolfcrypt/src/port/st/stsafe.c
index be291f036..aa1cdb743 100644
--- a/wolfcrypt/src/port/st/stsafe.c
+++ b/wolfcrypt/src/port/st/stsafe.c
@@ -1,6 +1,6 @@
 /* stsafe.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c
index 8dcd10abc..9753508bf 100644
--- a/wolfcrypt/src/port/ti/ti-aes.c
+++ b/wolfcrypt/src/port/ti/ti-aes.c
@@ -1,6 +1,6 @@
 /* port/ti/ti-aes.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -63,9 +63,9 @@ static int AesSetIV(Aes* aes, const byte* iv)
         return BAD_FUNC_ARG;
 
     if (iv)
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE);
     else
-        XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
+        XMEMSET(aes->reg,  0, WC_AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -99,7 +99,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir)
     aes->rounds = len / 4 + 6;
 
     XMEMCPY(aes->key, key, len);
-#ifdef WOLFSSL_AES_COUNTER
+#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \
+    defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS)
     aes->left = 0;
 #endif
     return AesSetIV(aes, iv);
@@ -149,7 +150,7 @@ static int AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz,
     ROM_AESKey1Set(AES_BASE, (uint32_t *)aes->key, aes->keylen-8);
     if (dir == AES_CFG_DIR_DECRYPT && mode == AES_CFG_MODE_CBC) {
         /* if input and output same will overwrite input iv */
-        XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
     }
     ROM_AESDataProcess(AES_BASE, (uint32_t *)in, (uint32_t *)out, sz);
     wolfSSL_TI_unlockCCM();
@@ -157,19 +158,19 @@ static int AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz,
     /* store iv for next call */
     if (mode == AES_CFG_MODE_CBC) {
         if (dir == AES_CFG_DIR_ENCRYPT)
-            XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         else
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
     }
 
     if (mode == AES_CFG_MODE_CTR) {
         do {
             int i;
-            for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+            for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
                  if (++((byte*)aes->reg)[i])
                      break;
             }
-            sz -= AES_BLOCK_SIZE;
+            sz -= WC_AES_BLOCK_SIZE;
         } while ((int)sz > 0);
     }
 
@@ -185,7 +186,7 @@ static int AesProcess(Aes* aes, byte* out, const byte* in, word32 sz,
 
     if ((aes == NULL) || (in == NULL) || (out == NULL))
         return BAD_FUNC_ARG;
-    if (sz % AES_BLOCK_SIZE)
+    if (sz % WC_AES_BLOCK_SIZE)
         return BAD_FUNC_ARG;
 
     while (sz > 0) {
@@ -224,7 +225,7 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #ifdef WOLFSSL_AES_COUNTER
 int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
-    char out_block[AES_BLOCK_SIZE];
+    char out_block[WC_AES_BLOCK_SIZE];
     int odd;
     int even;
     char *tmp; /* (char *)aes->tmp, for short */
@@ -232,28 +233,28 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     tmp = (char *)aes->tmp;
     if (aes->left) {
-        if ((aes->left + sz) >= AES_BLOCK_SIZE) {
-            odd = AES_BLOCK_SIZE - aes->left;
+        if ((aes->left + sz) >= WC_AES_BLOCK_SIZE) {
+            odd = WC_AES_BLOCK_SIZE - aes->left;
         } else {
             odd = sz;
         }
         XMEMCPY(tmp+aes->left, in, odd);
-        if ((odd+aes->left) == AES_BLOCK_SIZE) {
-            ret = AesProcess(aes, (byte*)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
+        if ((odd+aes->left) == WC_AES_BLOCK_SIZE) {
+            ret = AesProcess(aes, (byte*)out_block, (byte const *)tmp, WC_AES_BLOCK_SIZE,
                         AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
             if (ret != 0)
                 return ret;
             XMEMCPY(out, out_block+aes->left, odd);
             aes->left = 0;
-            XMEMSET(tmp, 0x0, AES_BLOCK_SIZE);
+            XMEMSET(tmp, 0x0, WC_AES_BLOCK_SIZE);
         }
         in += odd;
         out+= odd;
         sz -= odd;
     }
-    odd = sz % AES_BLOCK_SIZE;  /* if there is tail fragment */
-    if (sz / AES_BLOCK_SIZE) {
-        even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE;
+    odd = sz % WC_AES_BLOCK_SIZE;  /* if there is tail fragment */
+    if (sz / WC_AES_BLOCK_SIZE) {
+        even = (sz/WC_AES_BLOCK_SIZE)*WC_AES_BLOCK_SIZE;
         ret = AesProcess(aes, out, in, even, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
         if (ret != 0)
             return ret;
@@ -261,9 +262,9 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         in  += even;
     }
     if (odd) {
-        XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left);
+        XMEMSET(tmp+aes->left, 0x0, WC_AES_BLOCK_SIZE - aes->left);
         XMEMCPY(tmp+aes->left, in, odd);
-        ret = AesProcess(aes, (byte*)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
+        ret = AesProcess(aes, (byte*)out_block, (byte const *)tmp, WC_AES_BLOCK_SIZE,
                     AES_CFG_DIR_ENCRYPT,
                     AES_CFG_MODE_CTR_NOCTR /* Counter mode without counting IV */
                     );
@@ -280,12 +281,12 @@ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #if defined(WOLFSSL_AES_DIRECT)
 int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT,
+    return AesProcess(aes, out, in, WC_AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT,
         AES_CFG_MODE_CBC);
 }
 int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT,
+    return AesProcess(aes, out, in, WC_AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT,
         AES_CFG_MODE_CBC);
 }
 int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, const byte* iv,
@@ -311,7 +312,7 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
 
 static int AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)
 {
-    byte nonce[AES_BLOCK_SIZE];
+    byte nonce[WC_AES_BLOCK_SIZE];
 
     if ((aes == NULL) || (key == NULL))
         return BAD_FUNC_ARG;
@@ -405,16 +406,16 @@ static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L,
             byte *b = (byte*)aes->reg;
             if (nonce != NULL)
                 XMEMCPY(aes->reg, nonce, len);
-            b[AES_BLOCK_SIZE-4] = 0;
-            b[AES_BLOCK_SIZE-3] = 0;
-            b[AES_BLOCK_SIZE-2] = 0;
-            b[AES_BLOCK_SIZE-1] = 1;
+            b[WC_AES_BLOCK_SIZE-4] = 0;
+            b[WC_AES_BLOCK_SIZE-3] = 0;
+            b[WC_AES_BLOCK_SIZE-2] = 0;
+            b[WC_AES_BLOCK_SIZE-1] = 1;
 
         }
         else {
-            word32 zeros[AES_BLOCK_SIZE/sizeof(word32)];
-            word32 subkey[AES_BLOCK_SIZE/sizeof(word32)];
-            word32 nonce_padded[AES_BLOCK_SIZE/sizeof(word32)];
+            word32 zeros[WC_AES_BLOCK_SIZE/sizeof(word32)];
+            word32 subkey[WC_AES_BLOCK_SIZE/sizeof(word32)];
+            word32 nonce_padded[WC_AES_BLOCK_SIZE/sizeof(word32)];
             word32 i;
 
             XMEMSET(zeros, 0, sizeof(zeros)); /* init to zero */
@@ -436,10 +437,10 @@ static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L,
             ROM_AESAuthLengthSet(AES_BASE, 0);
 
             /* copy nonce */
-            for (i = 0; i < len; i += AES_BLOCK_SIZE) {
+            for (i = 0; i < len; i += WC_AES_BLOCK_SIZE) {
                 word32 nonceSz = len - i;
-                if (nonceSz > AES_BLOCK_SIZE)
-                    nonceSz = AES_BLOCK_SIZE;
+                if (nonceSz > WC_AES_BLOCK_SIZE)
+                    nonceSz = WC_AES_BLOCK_SIZE;
                 XMEMSET(nonce_padded, 0, sizeof(nonce_padded));
                 XMEMCPY(nonce_padded, (word32*)(nonce + i), nonceSz);
                 ROM_AESDataWrite(AES_BASE, nonce_padded);
@@ -461,7 +462,7 @@ static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     byte *in_a,     *in_save = NULL;
     byte *out_a,    *out_save = NULL;
     byte *authIn_a, *authIn_save = NULL;
-    word32 tmpTag[AES_BLOCK_SIZE/sizeof(word32)];
+    word32 tmpTag[WC_AES_BLOCK_SIZE/sizeof(word32)];
 
     ret = AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag,
         authTagSz, &M, &L);
@@ -479,7 +480,7 @@ static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         ROM_AESReset(AES_BASE);
         ROM_AESConfigSet(AES_BASE, (aes->keylen-8) | AES_CFG_DIR_ENCRYPT | AES_CFG_MODE_ECB);
         ROM_AESKey1Set(AES_BASE, aes->key, (aes->keylen-8));
-        ROM_AESDataProcess(AES_BASE, aes->reg, tmpTag, AES_BLOCK_SIZE);
+        ROM_AESDataProcess(AES_BASE, aes->reg, tmpTag, WC_AES_BLOCK_SIZE);
         wolfSSL_TI_unlockCCM();
         XMEMCPY(authTag, tmpTag, authTagSz);
         return 0;
@@ -561,7 +562,7 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     byte *in_a,     *in_save = NULL;
     byte *out_a,    *out_save = NULL;
     byte *authIn_a, *authIn_save = NULL;
-    word32 tmpTag[AES_BLOCK_SIZE/sizeof(word32)];
+    word32 tmpTag[WC_AES_BLOCK_SIZE/sizeof(word32)];
 
     ret = AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag,
         authTagSz, &M, &L);
@@ -579,7 +580,7 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         ROM_AESReset(AES_BASE);
         ROM_AESConfigSet(AES_BASE, (aes->keylen-8) | AES_CFG_DIR_ENCRYPT | AES_CFG_MODE_ECB);
         ROM_AESKey1Set(AES_BASE, aes->key, (aes->keylen-8));
-        ROM_AESDataProcess(AES_BASE, aes->reg, tmpTag, AES_BLOCK_SIZE);
+        ROM_AESDataProcess(AES_BASE, aes->reg, tmpTag, WC_AES_BLOCK_SIZE);
         wolfSSL_TI_unlockCCM();
 
         if (XMEMCMP(authTag, tmpTag, authTagSz) != 0) {
@@ -830,7 +831,7 @@ int wc_GmacVerify(const byte* key, word32 keySz,
 #endif
 
     if (key == NULL || iv == NULL || (authIn == NULL && authInSz != 0) ||
-        authTag == NULL || authTagSz == 0 || authTagSz > AES_BLOCK_SIZE) {
+        authTag == NULL || authTagSz == 0 || authTagSz > WC_AES_BLOCK_SIZE) {
 
         return BAD_FUNC_ARG;
     }
diff --git a/wolfcrypt/src/port/ti/ti-ccm.c b/wolfcrypt/src/port/ti/ti-ccm.c
index a8692e86f..d43c733f8 100644
--- a/wolfcrypt/src/port/ti/ti-ccm.c
+++ b/wolfcrypt/src/port/ti/ti-ccm.c
@@ -1,6 +1,6 @@
 /* port/ti/ti_ccm.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/ti/ti-des3.c b/wolfcrypt/src/port/ti/ti-des3.c
index de343ebce..8e6c71c9b 100644
--- a/wolfcrypt/src/port/ti/ti-des3.c
+++ b/wolfcrypt/src/port/ti/ti-des3.c
@@ -1,6 +1,6 @@
 /* port/ti/ti-des.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
index 16be73638..3aeac3072 100644
--- a/wolfcrypt/src/port/ti/ti-hash.c
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -1,6 +1,6 @@
 /* port/ti/ti-hash.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/xilinx/xil-aesgcm.c b/wolfcrypt/src/port/xilinx/xil-aesgcm.c
index 6fdea3545..b50042eaf 100644
--- a/wolfcrypt/src/port/xilinx/xil-aesgcm.c
+++ b/wolfcrypt/src/port/xilinx/xil-aesgcm.c
@@ -1,6 +1,6 @@
 /* xil-aesgcm.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -219,10 +219,10 @@ static WC_INLINE int handle_aad(       Aes* aes,
                                       byte* authTag,
                                 const byte* authIn, word32 authInSz) {
     int ret;
-    byte scratch[AES_BLOCK_SIZE];
-    byte initalCounter[AES_BLOCK_SIZE] = { 0 };
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte initalCounter[WC_AES_BLOCK_SIZE] = { 0 };
     XMEMCPY(initalCounter, iv, AEAD_NONCE_SZ);
-    initalCounter[AES_BLOCK_SIZE - 1] = 1;
+    initalCounter[WC_AES_BLOCK_SIZE - 1] = 1;
     GHASH(&aes->gcm, authIn, authInSz, data, sz, authTag, AES_GCM_AUTH_SZ);
     ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
     if (ret == 0)
@@ -524,8 +524,8 @@ int  wc_AesGcmEncrypt(Aes* aes, byte* out,
                                    const byte* authIn, word32 authInSz)
 {
     byte* tmp;
-    byte scratch[AES_BLOCK_SIZE];
-    byte initalCounter[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte initalCounter[WC_AES_BLOCK_SIZE];
     int ret;
 
     if ((in == NULL && sz > 0) || iv == NULL || authTag == NULL ||
@@ -572,9 +572,9 @@ int  wc_AesGcmEncrypt(Aes* aes, byte* out,
     /* handle completing tag with any additional data */
     if (authIn != NULL) {
         /* @TODO avoid hashing out again since Xilinx call already does */
-        XMEMSET(initalCounter, 0, AES_BLOCK_SIZE);
+        XMEMSET(initalCounter, 0, WC_AES_BLOCK_SIZE);
         XMEMCPY(initalCounter, iv, ivSz);
-        initalCounter[AES_BLOCK_SIZE - 1] = 1;
+        initalCounter[WC_AES_BLOCK_SIZE - 1] = 1;
         GHASH(&aes->gcm, authIn, authInSz, out, sz, authTag, authTagSz);
         ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
         if (ret < 0)
@@ -594,8 +594,8 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out,
 {
     byte* tag;
     byte buf[AES_GCM_AUTH_SZ];
-    byte scratch[AES_BLOCK_SIZE];
-    byte initalCounter[AES_BLOCK_SIZE];
+    byte scratch[WC_AES_BLOCK_SIZE];
+    byte initalCounter[WC_AES_BLOCK_SIZE];
     int ret;
 
     if (in == NULL || iv == NULL || authTag == NULL ||
@@ -610,9 +610,9 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out,
 
     /* account for additional data */
     if (authIn != NULL && authInSz > 0) {
-        XMEMSET(initalCounter, 0, AES_BLOCK_SIZE);
+        XMEMSET(initalCounter, 0, WC_AES_BLOCK_SIZE);
         XMEMCPY(initalCounter, iv, ivSz);
-        initalCounter[AES_BLOCK_SIZE - 1] = 1;
+        initalCounter[WC_AES_BLOCK_SIZE - 1] = 1;
         tag = buf;
         GHASH(&aes->gcm, NULL, 0, in, sz, tag, AES_GCM_AUTH_SZ);
         ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
diff --git a/wolfcrypt/src/port/xilinx/xil-sha3.c b/wolfcrypt/src/port/xilinx/xil-sha3.c
index 8c9bbb921..01134b99d 100644
--- a/wolfcrypt/src/port/xilinx/xil-sha3.c
+++ b/wolfcrypt/src/port/xilinx/xil-sha3.c
@@ -1,6 +1,6 @@
 /* xil-sha3.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/xilinx/xil-versal-glue.c b/wolfcrypt/src/port/xilinx/xil-versal-glue.c
index 3ee87e174..e2e41834e 100644
--- a/wolfcrypt/src/port/xilinx/xil-versal-glue.c
+++ b/wolfcrypt/src/port/xilinx/xil-versal-glue.c
@@ -1,6 +1,6 @@
 /* xil-versal-glue.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/port/xilinx/xil-versal-trng.c b/wolfcrypt/src/port/xilinx/xil-versal-trng.c
index 9aac5bcd8..07e683562 100644
--- a/wolfcrypt/src/port/xilinx/xil-versal-trng.c
+++ b/wolfcrypt/src/port/xilinx/xil-versal-trng.c
@@ -1,6 +1,6 @@
 /* xil-versal-trng.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c
index fb06dcef6..c60db6ae5 100644
--- a/wolfcrypt/src/pwdbased.c
+++ b/wolfcrypt/src/pwdbased.c
@@ -1,6 +1,6 @@
 /* pwdbased.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef NO_PWDBASED
 
@@ -42,7 +37,6 @@
 #include <wolfssl/wolfcrypt/hmac.h>
 #include <wolfssl/wolfcrypt/hash.h>
 #include <wolfssl/wolfcrypt/wolfmath.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -52,9 +46,6 @@
 #endif
 
 #if FIPS_VERSION3_GE(6,0,0)
-    #ifdef DEBUG_WOLFSSL
-        #include <wolfssl/wolfcrypt/logging.h>
-    #endif
     const unsigned int wolfCrypt_FIPS_pbkdf_ro_sanity[2] =
                                                      { 0x1a2b3c4d, 0x00000010 };
     int wolfCrypt_FIPS_PBKDF_sanity(void)
@@ -826,7 +817,7 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
         goto end;
     }
     /* Temporary for scryptROMix. */
-    v = (byte*)XMALLOC((size_t)((1 << cost) * bSz), NULL,
+    v = (byte*)XMALLOC((size_t)((1U << cost) * bSz), NULL,
                        DYNAMIC_TYPE_TMP_BUFFER);
     if (v == NULL) {
         ret = MEMORY_E;
@@ -840,6 +831,8 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
         goto end;
     }
 
+    XMEMSET(y, 0, (size_t)(blockSize * 128));
+
     /* Step 1. */
     ret = wc_PBKDF2(blocks, passwd, passLen, salt, saltLen, 1, (int)blocksSz,
                     WC_SHA256);
@@ -848,7 +841,7 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
 
     /* Step 2. */
     for (i = 0; i < parallel; i++)
-        scryptROMix(blocks + i * (int)bSz, v, y, (int)blockSize, 1 << cost);
+        scryptROMix(blocks + i * (int)bSz, v, y, (int)blockSize, 1U << cost);
 
     /* Step 3. */
     ret = wc_PBKDF2(output, passwd, passLen, blocks, (int)blocksSz, 1, dkLen,
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 822f069f7..42c7964d3 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1,6 +1,6 @@
 /* random.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,15 +25,8 @@ DESCRIPTION
 This library contains implementation for the random number generator.
 
 */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
 
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#if defined(DEBUG_WOLFSSL)
-    #include <wolfssl/wolfcrypt/logging.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /* on HPUX 11 you may need to install /dev/random see
    http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
@@ -87,11 +80,12 @@ This library contains implementation for the random number generator.
     #ifndef _WIN32_WINNT
         #define _WIN32_WINNT 0x0400
     #endif
+    #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
     #include <windows.h>
     #include <wincrypt.h>
+    #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
 #elif defined(HAVE_WNR)
     #include <wnr.h>
-    #include <wolfssl/wolfcrypt/logging.h>
     wolfSSL_Mutex wnr_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wnr_mutex);    /* global netRandom mutex */
     int wnr_timeout     = 0;    /* entropy timeout, milliseconds */
     #ifndef WOLFSSL_MUTEX_INITIALIZER
@@ -111,6 +105,8 @@ This library contains implementation for the random number generator.
     #include <random.h>
 #elif defined(WOLFSSL_XILINX_CRYPT_VERSAL)
     #include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h"
+#elif defined(WOLFSSL_RPIPICO)
+    #include "wolfssl/wolfcrypt/port/rpi_pico/pico.h"
 #elif defined(NO_DEV_RANDOM)
 #elif defined(CUSTOM_RAND_GENERATE)
 #elif defined(CUSTOM_RAND_GENERATE_BLOCK)
@@ -136,6 +132,8 @@ This library contains implementation for the random number generator.
 #elif defined(WOLFSSL_GETRANDOM)
     #include <errno.h>
     #include <sys/random.h>
+#elif defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include "wolfssl/wolfcrypt/port/maxim/max3266x.h"
 #else
     /* include headers that may be needed to get good seed */
     #include <fcntl.h>
@@ -594,14 +592,14 @@ static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen
 
         dIdx = (int)dLen - 1;
         for (sIdx = (int)sLen - 1; sIdx >= 0; sIdx--) {
-            carry += (word16)((word16)d[dIdx] + (word16)s[sIdx]);
+            carry = (word16)(carry + d[dIdx] + s[sIdx]);
             d[dIdx] = (byte)carry;
             carry >>= 8;
             dIdx--;
         }
 
         for (; dIdx >= 0; dIdx--) {
-            carry += (word16)d[dIdx];
+            carry = (word16)(carry + d[dIdx]);
             d[dIdx] = (byte)carry;
             carry >>= 8;
         }
@@ -814,7 +812,7 @@ static WC_INLINE word64 Entropy_TimeHiRes(void)
  */
 static WC_INLINE word64 Entropy_TimeHiRes(void)
 {
-    return mach_absolute_time();
+    return clock_gettime_nsec_np(CLOCK_MONOTONIC_RAW);
 }
 #elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__aarch64__)
 /* Get the high resolution time counter.
@@ -909,7 +907,8 @@ static WC_INLINE word64 Entropy_TimeHiRes(void)
  * @param [in,out] args  Entropy data including: counter and stop flag.
  * @return  NULL always.
  */
-static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN Entropy_IncCounter(void* args)
+static THREAD_RETURN_NOJOIN WOLFSSL_THREAD_NO_JOIN
+    Entropy_IncCounter(void* args)
 {
     (void)args;
 
@@ -922,8 +921,9 @@ static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN Entropy_IncCounter(void* args)
 #ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE
     fprintf(stderr, "EXITING ENTROPY COUNTER THREAD\n");
 #endif
+
     /* Exit from thread. */
-    WOLFSSL_RETURN_FROM_THREAD(0);
+    RETURN_FROM_THREAD_NOJOIN(0);
 }
 
 /* Start a thread that increments counter if not one already.
@@ -1700,7 +1700,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
 
         if (ret != 0) {
 #if defined(DEBUG_WOLFSSL)
-            WOLFSSL_MSG_EX("_InitRng failed. err = ", ret);
+            WOLFSSL_MSG_EX("_InitRng failed. err = %d", ret);
 #endif
         }
         else {
@@ -1717,16 +1717,21 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
 #else
             ret = wc_GenerateSeed(&rng->seed, seed, seedSz);
 #endif /* WC_RNG_SEED_CB */
-            if (ret == 0)
-                ret = wc_RNG_TestSeed(seed, seedSz);
-            else {
+            if (ret != 0) {
     #if defined(DEBUG_WOLFSSL)
-                WOLFSSL_MSG_EX("wc_RNG_TestSeed failed... %d", ret);
+                WOLFSSL_MSG_EX("Seed generation failed... %d", ret);
     #endif
                 ret = DRBG_FAILURE;
                 rng->status = DRBG_FAILED;
             }
 
+            if (ret == 0)
+                ret = wc_RNG_TestSeed(seed, seedSz);
+    #if defined(DEBUG_WOLFSSL)
+            if (ret != 0) {
+                WOLFSSL_MSG_EX("wc_RNG_TestSeed failed... %d", ret);
+            }
+    #endif
             if (ret == DRBG_SUCCESS)
                 ret = Hash_DRBG_Instantiate((DRBG_internal *)rng->drbg,
                             seed + SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ,
@@ -2180,7 +2185,7 @@ static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
 #endif
 
 #ifdef WOLFSSL_SMALL_STACK
-    check = (byte*)XMALLOC(RNG_HEALTH_TEST_CHECK_SIZE, NULL,
+    check = (byte*)XMALLOC(RNG_HEALTH_TEST_CHECK_SIZE, heap,
                            DYNAMIC_TYPE_TMP_BUFFER);
     if (check == NULL) {
         return MEMORY_E;
@@ -2300,7 +2305,7 @@ static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(check, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(check, heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -2762,7 +2767,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         return ret;
     }
 
-#elif defined(MICROCHIP_PIC32)
+#elif defined(MICROCHIP_PIC32) || defined(MICROCHIP_MPLAB_HARMONY)
 
     #ifdef MICROCHIP_MPLAB_HARMONY
         #ifdef MICROCHIP_MPLAB_HARMONY_3
@@ -2966,7 +2971,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         }
         return RAN_BLOCK_E;
     }
-
 #elif !defined(WOLFSSL_CAAM) && \
     (defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) || \
      defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS))
@@ -3815,7 +3819,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         return ret;
     }
 
-#elif defined(DOLPHIN_EMULATOR)
+#elif defined(DOLPHIN_EMULATOR) || defined (WOLFSSL_NDS)
 
         int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         {
@@ -3834,6 +3838,38 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
         return maxq10xx_random(output, sz);
     }
+#elif defined(MAX3266X_RNG)
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        #ifdef WOLFSSL_MAX3266X
+        int status;
+        #endif /* WOLFSSL_MAX3266X */
+        static int initDone = 0;
+        (void)os;
+        if (initDone == 0) {
+            #ifdef WOLFSSL_MAX3266X
+            status = wolfSSL_HwRngMutexLock();
+            if (status != 0) {
+                return status;
+            }
+            #endif /* WOLFSSL_MAX3266X */
+            if(MXC_TRNG_HealthTest() != 0) {
+                #ifdef DEBUG_WOLFSSL
+                WOLFSSL_MSG("TRNG HW Health Test Failed");
+                #endif /* DEBUG_WOLFSSL */
+                #ifdef WOLFSSL_MAX3266X
+                wolfSSL_HwRngMutexUnLock();
+                #endif /* WOLFSSL_MAX3266X */
+                return WC_HW_E;
+            }
+            #ifdef WOLFSSL_MAX3266X
+            wolfSSL_HwRngMutexUnLock();
+            #endif /* WOLFSSL_MAX3266X */
+            initDone = 1;
+        }
+        return wc_MXC_TRNG_Random(output, sz);
+    }
+
 #elif defined(WOLFSSL_GETRANDOM)
 
     /* getrandom() was added to the Linux kernel in version 3.17.
@@ -4055,7 +4091,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     {
         word32 i;
         for (i = 0; i < sz; i++ )
-            output[i] = i;
+            output[i] = (byte)i;
 
         (void)os;
 
diff --git a/wolfcrypt/src/rc2.c b/wolfcrypt/src/rc2.c
index 67dc7d68f..33d2bd2d5 100644
--- a/wolfcrypt/src/rc2.c
+++ b/wolfcrypt/src/rc2.c
@@ -1,6 +1,6 @@
 /* rc2.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,17 +19,14 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
 /*
 
 DESCRIPTION
 This library provides the interface to the RC2 encryption algorithm (RFC 2268)
 
 */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
 
 #ifdef WC_RC2
 
@@ -41,7 +38,6 @@ This library provides the interface to the RC2 encryption algorithm (RFC 2268)
 #endif
 
 #include <wolfssl/wolfcrypt/rc2.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 
 /* Table based on value of PI, defined in RFC 2268 */
 static const byte pitable[256] = {
diff --git a/wolfcrypt/src/ripemd.c b/wolfcrypt/src/ripemd.c
index 36cca1b3e..7f3b6d81d 100644
--- a/wolfcrypt/src/ripemd.c
+++ b/wolfcrypt/src/ripemd.c
@@ -1,6 +1,6 @@
 /* ripemd.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_RIPEMD
 
@@ -37,8 +31,6 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
 int wc_InitRipeMd(RipeMd* ripemd)
 {
     if (ripemd == NULL) {
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 4c7d3a0e8..802883444 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -1,6 +1,6 @@
 /* rsa.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,12 +26,8 @@ This library provides the interface to the RSA.
 RSA keys can be used to encrypt, decrypt, sign and verify data.
 
 */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
 
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifndef NO_RSA
 
@@ -53,7 +49,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
 #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
 #include <xsecure_rsaclient.h>
 #endif
-#ifdef WOLFSSL_SE050
+#if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
 #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
 #endif
 #ifdef WOLFSSL_HAVE_SP_RSA
@@ -63,7 +59,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
@@ -95,7 +91,6 @@ RSA Key Size Configuration:
 
 
 #include <wolfssl/wolfcrypt/random.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #ifdef WOLF_CRYPTO_CB
     #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
@@ -154,9 +149,43 @@ static void wc_RsaCleanup(RsaKey* key)
 #endif
 }
 
+#ifndef WC_NO_CONSTRUCTORS
+RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code)
+{
+    int ret;
+    RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA);
+    if (key == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_InitRsaKey_ex(key, heap, devId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_RSA);
+            key = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return key;
+}
+
+int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_FreeRsaKey(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_RSA);
+    if (key_p != NULL)
+        *key_p = NULL;
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
 int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
 {
-    int ret      = 0;
+    int ret = 0;
 
     if (key == NULL) {
         return BAD_FUNC_ARG;
@@ -243,7 +272,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
     key->handle = NULL;
 #endif
 
-
 #if defined(WOLFSSL_RENESAS_FSPSM)
     key->ctx.wrapped_pri1024_key = NULL;
     key->ctx.wrapped_pub1024_key = NULL;
@@ -251,6 +279,7 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
     key->ctx.wrapped_pub2048_key = NULL;
     key->ctx.keySz = 0;
 #endif
+
     return ret;
 }
 
@@ -264,7 +293,7 @@ int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap,
                      int devId)
 {
     int ret = 0;
-#ifdef WOLFSSL_SE050
+#if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
     /* SE050 TLS users store a word32 at id, need to cast back */
     word32* keyPtr = NULL;
 #endif
@@ -278,7 +307,7 @@ int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap,
     if (ret == 0 && id != NULL && len != 0) {
         XMEMCPY(key->id, id, (size_t)len);
         key->idLen = len;
-    #ifdef WOLFSSL_SE050
+    #if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
         /* Set SE050 ID from word32, populate RsaKey with public from SE050 */
         if (len == (int)sizeof(word32)) {
             keyPtr = (word32*)key->id;
@@ -487,7 +516,7 @@ static int cc310_RSA_GenerateKeyPair(RsaKey* key, int size, long e)
 }
 #endif /* WOLFSSL_CRYPTOCELL */
 
-#ifdef WOLFSSL_SE050
+#if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
 /* Use specified hardware key ID with RsaKey operations. Unlike devId,
  * keyId is a word32 so can handle key IDs larger than an int.
  *
@@ -612,6 +641,8 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng)
     ret = wc_RsaEncryptSize(key);
     if (ret < 0)
         return ret;
+    else if (ret == 0)
+        return BAD_FUNC_ARG;
     sigLen = (word32)ret;
 
     WOLFSSL_MSG("Doing RSA consistency test");
@@ -1722,6 +1753,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
     if (tmp == NULL) {
         return MEMORY_E;
     }
+    XMEMSET(tmp, 0, (size_t)maskLen);
 #endif
 
     if ((ret = RsaMGF(mgf, pkcsBlock + maskLen, (word32)hLen, tmp, (word32)maskLen,
@@ -2392,7 +2424,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out,
     #endif
     #ifndef RSA_LOW_MEM
             if ((mp_count_bits(&key->p) == 1024) &&
-                                             (mp_count_bits(&key->q) == 1024)) {
+                    (mp_count_bits(&key->q) == 1024) &&
+                    (mp_count_bits(&key->dP) > 0) &&
+                    (mp_count_bits(&key->dQ) > 0) &&
+                    (mp_count_bits(&key->u) > 0)) {
                 return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q,
                                           &key->dP, &key->dQ, &key->u, &key->n,
                                           out, outLen);
@@ -2423,7 +2458,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out,
     #endif
     #ifndef RSA_LOW_MEM
             if ((mp_count_bits(&key->p) == 1536) &&
-                                             (mp_count_bits(&key->q) == 1536)) {
+                    (mp_count_bits(&key->q) == 1536) &&
+                    (mp_count_bits(&key->dP) > 0) &&
+                    (mp_count_bits(&key->dQ) > 0) &&
+                    (mp_count_bits(&key->u) > 0)) {
                 return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q,
                                           &key->dP, &key->dQ, &key->u, &key->n,
                                           out, outLen);
@@ -2454,7 +2492,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out,
     #endif
     #ifndef RSA_LOW_MEM
             if ((mp_count_bits(&key->p) == 2048) &&
-                                             (mp_count_bits(&key->q) == 2048)) {
+                    (mp_count_bits(&key->q) == 2048) &&
+                    (mp_count_bits(&key->dP) > 0) &&
+                    (mp_count_bits(&key->dQ) > 0) &&
+                    (mp_count_bits(&key->u) > 0)) {
                 return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q,
                                           &key->dP, &key->dQ, &key->u, &key->n,
                                           out, outLen);
@@ -2551,7 +2592,13 @@ static int RsaFunctionPrivate(mp_int* tmp, RsaKey* key, WC_RNG* rng)
         }
     }
 #else
-    if (ret == 0) {
+    if (ret == 0 && (mp_iszero(&key->p) || mp_iszero(&key->q) ||
+            mp_iszero(&key->dP) || mp_iszero(&key->dQ))) {
+        if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) {
+            ret = MP_EXPTMOD_E;
+        }
+    }
+    else if (ret == 0) {
         mp_int* tmpa = tmp;
 #if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG)
         mp_int* tmpb = rnd;
@@ -2752,7 +2799,9 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
 
     ret = wc_RsaEncryptSize(key);
     if (ret < 0) {
+#ifdef DEBUG_WOLFSSL
         WOLFSSL_MSG_EX("wc_RsaEncryptSize failed err = %d", ret);
+#endif
         return ret;
     }
     keyLen = (word32)ret;
@@ -2875,7 +2924,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
 }
 #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */
 
-#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)
+#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 /* Performs direct RSA computation without padding. The input and output must
  * match the key size (ex: 2048-bits = 256 bytes). Returns the size of the
  * output on success or negative value on failure. */
@@ -2911,7 +2960,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
 
     if (out == NULL) {
         *outSz = inLen;
-        return LENGTH_ONLY_E;
+        return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     switch (key->state) {
@@ -2948,7 +2997,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
     }
 
     /* if async pending then skip cleanup*/
-    if (ret == WC_PENDING_E
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)
     #ifdef WC_RSA_NONBLOCK
         || ret == FP_WOULDBLOCK
     #endif
@@ -2961,7 +3010,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
 
     return ret;
 }
-#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING */
+#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #if defined(WOLFSSL_CRYPTOCELL)
 static int cc310_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
@@ -3059,7 +3108,8 @@ int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig,
 #endif /* WOLFSSL_CRYPTOCELL */
 
 #ifndef WOLF_CRYPTO_CB_ONLY_RSA
-#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) &&     !defined(NO_RSA_BOUNDS_CHECK)
+#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) && \
+    !defined(NO_RSA_BOUNDS_CHECK)
 /* Check that 1 < in < n-1. (Requirement of 800-56B.) */
 int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key,
     int checkSmallCt)
@@ -3110,6 +3160,10 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
                              int checkSmallCt)
 {
     int ret = 0;
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+    RsaPadding padding;
+#endif
+
     (void)rng;
     (void)checkSmallCt;
 
@@ -3123,7 +3177,18 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
     if (key->devId != INVALID_DEVID)
     #endif
     {
+    #if defined(WOLF_CRYPTO_CB_RSA_PAD)
+        /* If we are here, either the RSA PAD callback was already called
+         * and returned that it could not implement for that padding scheme,
+         * or this is a public verify operation. Either way indicate to the
+         * callback that this should be a raw RSA operation with no padding.*/
+        XMEMSET(&padding, 0, sizeof(RsaPadding));
+        padding.pad_type = WC_RSA_NO_PAD;
+        ret = wc_CryptoCb_RsaPad(in, inLen, out,
+                            outLen, type, key, rng, &padding);
+    #else
         ret = wc_CryptoCb_Rsa(in, inLen, out, outLen, type, key, rng);
+    #endif
         #ifndef WOLF_CRYPTO_CB_ONLY_RSA
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
             return ret;
@@ -3177,7 +3242,7 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
     RESTORE_VECTOR_REGISTERS();
 
     /* handle error */
-    if (ret < 0 && ret != WC_PENDING_E
+    if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PENDING_E)
     #ifdef WC_RSA_NONBLOCK
         && ret != FP_WOULDBLOCK
     #endif
@@ -3231,6 +3296,9 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
     int ret = 0;
     int sz;
     int state;
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+    RsaPadding padding;
+#endif
 
     if (in == NULL || inLen == 0 || out == NULL || key == NULL) {
         return BAD_FUNC_ARG;
@@ -3296,7 +3364,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
             return cc310_RsaSSL_Sign(in, inLen, out, outLen, key,
                                   cc310_hashModeRSA(hash, 0));
         }
-    #elif defined(WOLFSSL_SE050)
+    #elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
         if (rsa_type == RSA_PUBLIC_ENCRYPT && pad_value == RSA_BLOCK_TYPE_2) {
             return se050_rsa_public_encrypt(in, inLen, out, outLen, key,
                                             rsa_type, pad_value, pad_type, hash,
@@ -3308,25 +3376,31 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
                                   pad_value, pad_type, hash, mgf, label,
                                   labelSz, sz);
         }
-    #elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
-          (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
-            defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
-           /* SCE needs wrapped key which is passed via
-            * user ctx object of crypt-call back.
-            */
-       #ifdef WOLF_CRYPTO_CB
-            if (key->devId != INVALID_DEVID) {
-                /* SCE supports 1024 and 2048 bits */
-                ret = wc_CryptoCb_Rsa(in, inLen, out,
-                                    &outLen, rsa_type, key, rng);
-                if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
-                    return ret;
-                /* fall-through when unavailable */
-                ret = 0; /* reset error code and try using software */
-            }
-       #endif
-    #endif /* WOLFSSL_SE050 */
+    #endif /* RSA CRYPTO HW */
 
+    #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+        if (key->devId != INVALID_DEVID) {
+            XMEMSET(&padding, 0, sizeof(RsaPadding));
+            padding.pad_value = pad_value;
+            padding.pad_type = pad_type;
+            padding.hash = hash;
+            padding.mgf = mgf;
+            padding.label = label;
+            padding.labelSz = labelSz;
+            padding.saltLen = saltLen;
+            ret = wc_CryptoCb_RsaPad(in, inLen, out, &outLen, rsa_type, key, rng,
+                                     &padding);
+
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+                if (ret < 0) {
+                    break;
+                }
+
+                ret = outLen;
+                break;
+            }
+        }
+    #endif
         key->state = RSA_STATE_ENCRYPT_PAD;
         ret = wc_RsaPad_ex(in, inLen, out, (word32)sz, pad_value, rng, pad_type,
                            hash, mgf, label, labelSz, saltLen,
@@ -3363,7 +3437,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
     }
 
     /* if async pending then return and skip done cleanup below */
-    if (ret == WC_PENDING_E
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)
     #ifdef WC_RSA_NONBLOCK
         || ret == FP_WOULDBLOCK
     #endif
@@ -3406,6 +3480,9 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
 {
     int ret = WC_NO_ERR_TRACE(RSA_WRONG_TYPE_E);
     byte* pad = NULL;
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+    RsaPadding padding;
+#endif
 
     if (in == NULL || inLen == 0 || out == NULL || key == NULL) {
         return BAD_FUNC_ARG;
@@ -3449,7 +3526,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
             return cc310_RsaSSL_Verify(in, inLen, out, key,
                                        cc310_hashModeRSA(hash, 0));
         }
-    #elif defined(WOLFSSL_SE050)
+    #elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
         if (rsa_type == RSA_PRIVATE_DECRYPT && pad_value == RSA_BLOCK_TYPE_2) {
             ret = se050_rsa_private_decrypt(in, inLen, out, outLen, key,
                                             rsa_type, pad_value, pad_type, hash,
@@ -3469,21 +3546,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
             }
             return ret;
         }
-    #elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
-          (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
-            defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY))
-           #ifdef WOLF_CRYPTO_CB
-                if (key->devId != INVALID_DEVID) {
-                    ret = wc_CryptoCb_Rsa(in, inLen, out,
-                                        &outLen, rsa_type, key, rng);
-                    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
-                      return ret;
-                    /* fall-through when unavailable */
-                    ret = 0; /* reset error code and try using software */
-                }
-           #endif
-
-    #endif /* WOLFSSL_CRYPTOCELL */
+    #endif /* RSA CRYPTO HW */
 
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
@@ -3516,6 +3579,33 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
         FALL_THROUGH;
 
     case RSA_STATE_DECRYPT_EXPTMOD:
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+    if ((key->devId != INVALID_DEVID)
+    #if !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
+        !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+    && (rsa_type != RSA_PUBLIC_DECRYPT)
+    #endif
+    ) {
+        /* Everything except verify goes to crypto cb if
+         * WOLF_CRYPTO_CB_RSA_PAD defined */
+        XMEMSET(&padding, 0, sizeof(RsaPadding));
+        padding.pad_value = pad_value;
+        padding.pad_type = pad_type;
+        padding.hash = hash;
+        padding.mgf = mgf;
+        padding.label = label;
+        padding.labelSz = labelSz;
+        padding.saltLen = saltLen;
+        ret = wc_CryptoCb_RsaPad(in, inLen, out,
+                            &outLen, rsa_type, key, rng, &padding);
+        if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            if (ret == 0) {
+                ret = (int)outLen;
+            }
+            break;
+        }
+    }
+#endif
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
     !defined(WOLFSSL_NO_MALLOC)
         ret = wc_RsaFunction_ex(key->data, inLen, key->data, &key->dataLen,
@@ -3579,9 +3669,11 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
             }
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
-            ret = ctMaskSelInt(ctMaskLTE(ret, (int)outLen), ret, RSA_BUFFER_E);
+            ret = ctMaskSelInt(ctMaskLTE(ret, (int)outLen), ret,
+                               WC_NO_ERR_TRACE(RSA_BUFFER_E));
     #ifndef WOLFSSL_RSA_DECRYPT_TO_0_LEN
-            ret = ctMaskSelInt(ctMaskNotEq(ret, 0), ret, RSA_BUFFER_E);
+            ret = ctMaskSelInt(ctMaskNotEq(ret, 0), ret,
+                               WC_NO_ERR_TRACE(RSA_BUFFER_E));
     #endif
 #else
             if (outLen < (word32)ret)
@@ -3616,7 +3708,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
     }
 
     /* if async pending then return and skip done cleanup below */
-    if (ret == WC_PENDING_E
+    if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)
     #ifdef WC_RSA_NONBLOCK
         || ret == FP_WOULDBLOCK
     #endif
@@ -4690,7 +4782,8 @@ int wc_CheckProbablePrime(const byte* pRaw, word32 pRawSz,
 int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 {
 #ifndef WC_NO_RNG
-#if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
+#if !defined(WOLFSSL_CRYPTOCELL) && \
+    (!defined(WOLFSSL_SE050) || defined(WOLFSSL_SE050_NO_RSA))
 #ifdef WOLFSSL_SMALL_STACK
     mp_int *p = NULL;
     mp_int *q = NULL;
@@ -4733,7 +4826,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 #if defined(WOLFSSL_CRYPTOCELL)
     err = cc310_RSA_GenerateKeyPair(key, size, e);
     goto out;
-#elif defined(WOLFSSL_SE050)
+#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA)
     err = se050_rsa_create_key(key, size, e);
     goto out;
 #else
@@ -4769,17 +4862,17 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     #endif
     {
         err = wc_CryptoCb_MakeRsaKey(key, size, e, rng);
-        #ifndef WOLF_CRYPTO_CB_ONLY_RSA
-        if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
-            goto out;
-        /* fall-through when unavailable */
-        #endif
-        #ifdef WOLF_CRYPTO_CB_ONLY_RSA
-        if (err == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+    #ifdef WOLF_CRYPTO_CB_ONLY_RSA
+        if (err == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
             err = NO_VALID_DEVID;
             goto out;
         }
-        #endif
+    #else
+        if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            goto out;
+        }
+        /* fall-through when unavailable */
+    #endif
     }
 #endif
 
@@ -5243,7 +5336,7 @@ int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz,
     if (err == MP_OKAY) {
         key->type = RSA_PRIVATE;
     }
-    else {
+    else if (key != NULL) {
         mp_clear(&key->n);
         mp_clear(&key->e);
         mp_clear(&key->d);
diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c
index a3407ed73..d428c5927 100644
--- a/wolfcrypt/src/sakke.c
+++ b/wolfcrypt/src/sakke.c
@@ -1,6 +1,6 @@
 /* sakke.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -40,14 +34,13 @@
 
 #ifdef WOLFCRYPT_HAVE_SAKKE
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/sakke.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
 
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
@@ -622,7 +615,7 @@ int wc_ExportSakkeKey(SakkeKey* key, byte* data, word32* sz)
 
     if ((err == 0) && (data == NULL)) {
         *sz = (word32)(3 * key->ecc.dp->size);
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err >= 0) && (*sz < (word32)(3 * key->ecc.dp->size))) {
         err = BUFFER_E;
@@ -731,7 +724,7 @@ int wc_ExportSakkePrivateKey(SakkeKey* key, byte* data, word32* sz)
 
     if ((err == 0) && (data == NULL)) {
         *sz = (word32)key->ecc.dp->size;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err >= 0) && (*sz < (word32)key->ecc.dp->size)) {
         err = BUFFER_E;
@@ -848,7 +841,7 @@ static int sakke_encode_point(ecc_point* point, word32 size, byte* data,
 
     if (data == NULL) {
         *sz = size * 2 + !raw;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*sz < size * 2 + !raw)) {
         err = BUFFER_E;
@@ -1419,7 +1412,7 @@ int wc_GenerateSakkeRskTable(const SakkeKey* key, const ecc_point* rsk,
     }
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -6421,7 +6414,7 @@ int wc_GetSakkePointI(SakkeKey* key, byte* data, word32* sz)
 
     if ((err == 0) && (data == NULL)) {
         *sz = (word32)(key->ecc.dp->size * 2);
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*sz < (word32)key->ecc.dp->size * 2)) {
         err = BUFFER_E;
@@ -6531,7 +6524,7 @@ int wc_GenerateSakkePointITable(SakkeKey* key, byte* table, word32* len)
 #else
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         *len = 0;
@@ -6729,7 +6722,7 @@ int wc_MakeSakkeEncapsulatedSSV(SakkeKey* key, enum wc_HashType hashType,
         *authSz = outSz;
 
         if (auth == NULL) {
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
     }
 
@@ -6824,7 +6817,7 @@ int wc_GenerateSakkeSSV(SakkeKey* key, WC_RNG* rng, byte* ssv, word16* ssvSz)
         /* Return length only if an output buffer is NULL. */
         if (ssv == NULL) {
             *ssvSz = (word16) (n / 8);
-            err = LENGTH_ONLY_E;
+            err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
         }
         else {
             n = *ssvSz;
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index 44db74822..887541a27 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -1,6 +1,6 @@
 /* sha.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,18 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef DEBUG_WOLFSSL_VERBOSE
     #if defined(WOLFSSL_ESPIDF)
         #include <esp_log.h>
-    #else
-        #include <wolfssl/wolfcrypt/logging.h>
     #endif
 #endif
 
@@ -47,7 +40,6 @@
 #endif
 
 #include <wolfssl/wolfcrypt/sha.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/hash.h>
 
 #ifdef WOLF_CRYPTO_CB
@@ -110,7 +102,6 @@
 
 #else
 
-#include <wolfssl/wolfcrypt/logging.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -308,6 +299,10 @@
     !defined(WOLFSSL_QNX_CAAM)
     /* wolfcrypt/src/port/caam/caam_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Already brought in by sha.h */
+    /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
+
 #elif defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) || \
       defined(WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW)
 
@@ -560,6 +555,13 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
     sha->devCtx = NULL;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #ifdef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
     if (sha->ctx.mode != ESP32_SHA_INIT) {
         /* it may be interesting to see old values during debugging */
@@ -1035,6 +1037,8 @@ int wc_InitSha(wc_Sha* sha)
 
 #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)
 
+#ifndef MAX3266X_SHA
+
 void wc_ShaFree(wc_Sha* sha)
 {
     if (sha == NULL)
@@ -1051,6 +1055,9 @@ void wc_ShaFree(wc_Sha* sha)
 #ifdef WOLFSSL_PIC32MZ_HASH
     wc_ShaPic32Free(sha);
 #endif
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha->mxcCtx));
+#endif
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     se050_hash_free(&sha->se050Ctx);
 #endif
@@ -1066,6 +1073,7 @@ void wc_ShaFree(wc_Sha* sha)
 #endif
 }
 
+#endif /* !MAX3266X_SHA */
 #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
 #endif /* !WOLFSSL_TI_HASH */
 
@@ -1080,6 +1088,8 @@ void wc_ShaFree(wc_Sha* sha)
 
 #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)
 
+#ifndef MAX3266X_SHA
+
 /* wc_ShaGetHash get hash value */
 int wc_ShaGetHash(wc_Sha* sha, byte* hash)
 {
@@ -1144,12 +1154,20 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
     esp_sha_ctx_copy(src, dst);
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #ifdef WOLFSSL_HASH_FLAGS
     dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
     return ret;
 }
 #endif /* WOLFSSL_RENESAS_RX64_HASH */
+#endif /* !MAX3266X_SHA */
 #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
 #endif /* !defined(WOLFSSL_RENESAS_TSIP_TLS) && \
           !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) ||
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 2ba9ca62d..5b990a200 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -1,6 +1,6 @@
 /* sha256.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -38,12 +38,7 @@ on the specific device platform.
 
 */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /*
  * SHA256 Build Options:
@@ -77,7 +72,6 @@ on the specific device platform.
 #endif
 
 #include <wolfssl/wolfcrypt/sha256.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #include <wolfssl/wolfcrypt/hash.h>
 
@@ -122,11 +116,11 @@ on the specific device platform.
 
 #elif defined(WOLFSSL_PSOC6_CRYPTO)
 
-
+#elif defined(MAX3266X_SHA)
+    /* Already brought in by sha256.h */
+    /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
 #else
 
-#include <wolfssl/wolfcrypt/logging.h>
-
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -207,7 +201,8 @@ on the specific device platform.
         #define SHA256_UPDATE_REV_BYTES(ctx) (sha256->sha_method == SHA256_C)
     #else
         #define SHA256_UPDATE_REV_BYTES(ctx) \
-            (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
+            (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags) && \
+             !IS_INTEL_SHA(intel_flags))
     #endif
 #elif defined(FREESCALE_MMCAU_SHA)
     #define SHA256_UPDATE_REV_BYTES(ctx)    0 /* reverse not needed on update */
@@ -277,10 +272,6 @@ static int InitSha256(wc_Sha256* sha256)
 #endif
 #endif
 
-#ifdef WOLF_CRYPTO_CB
-    sha256->devId = wc_CryptoCb_DefaultDevID();
-#endif
-
 #ifdef WOLFSSL_MAXQ10XX_CRYPTO
     XMEMSET(&sha256->maxq_ctx, 0, sizeof(sha256->maxq_ctx));
 #endif
@@ -1094,6 +1085,12 @@ static int InitSha256(wc_Sha256* sha256)
         sha256->devId = devId;
         sha256->devCtx = NULL;
     #endif
+    #ifdef MAX3266X_SHA_CB
+        ret = wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx));
+        if (ret != 0) {
+            return ret;
+        }
+    #endif
     #ifdef WOLFSSL_SMALL_STACK_CACHE
         sha256->W = NULL;
     #endif
@@ -1255,6 +1252,9 @@ static int InitSha256(wc_Sha256* sha256)
     {
         word32 S[8], t0, t1;
         int i;
+    #ifdef USE_SLOW_SHA256
+        int j;
+    #endif
         word32 W[WC_SHA256_BLOCK_SIZE/sizeof(word32)];
 
         /* Copy digest to working vars */
@@ -1268,6 +1268,16 @@ static int InitSha256(wc_Sha256* sha256)
         S[7] = sha256->digest[7];
 
         i = 0;
+    #ifdef USE_SLOW_SHA256
+        for (j = 0; j < 16; j++) {
+            RND1(j);
+        }
+        for (i = 16; i < 64; i += 16) {
+            for (j = 0; j < 16; j++) {
+                RNDN(j);
+            }
+        }
+    #else
         RND1( 0); RND1( 1); RND1( 2); RND1( 3);
         RND1( 4); RND1( 5); RND1( 6); RND1( 7);
         RND1( 8); RND1( 9); RND1(10); RND1(11);
@@ -1279,6 +1289,7 @@ static int InitSha256(wc_Sha256* sha256)
             RNDN( 8); RNDN( 9); RNDN(10); RNDN(11);
             RNDN(12); RNDN(13); RNDN(14); RNDN(15);
         }
+    #endif
 
         /* Add the working vars back into digest */
         sha256->digest[0] += S[0];
@@ -1634,7 +1645,8 @@ static int InitSha256(wc_Sha256* sha256)
         #ifdef WC_C_DYNAMIC_FALLBACK
         if (sha256->sha_method != SHA256_C)
         #else
-        if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags))
+        if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags) ||
+            IS_INTEL_SHA(intel_flags))
         #endif
         #endif
         {
@@ -1949,6 +1961,9 @@ static int InitSha256(wc_Sha256* sha256)
 #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
     /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
 
+#elif defined(MAX3266X_SHA)
+    /* implemented in wolfcrypt/src/port/maxim/max3266x.c */
+
 #elif defined(WOLFSSL_RENESAS_RX64_HASH)
 
 /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */
@@ -2227,6 +2242,10 @@ void wc_Sha256Free(wc_Sha256* sha256)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx));
+#endif
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
     wolfAsync_DevCtxFree(&sha256->asyncDev, WOLFSSL_ASYNC_MARKER_SHA256);
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -2339,6 +2358,9 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
 #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
     /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
 
+#elif defined(MAX3266X_SHA)
+    /* implemented in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
     int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash)
@@ -2473,7 +2495,8 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
     /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
 #elif defined(WOLFSSL_RENESAS_RX64_HASH)
     /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */
-
+#elif defined(MAX3266X_SHA)
+    /* Implemented in wolfcrypt/src/port/maxim/max3266x.c */
 #else
 
 int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
@@ -2524,6 +2547,13 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
     wc_MAXQ10XX_Sha256Copy(src);
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     dst->W = NULL;
 #endif
@@ -2554,7 +2584,7 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
 #endif
 
 #ifdef WOLFSSL_HASH_FLAGS
-     dst->flags |= WC_HASH_FLAG_ISCOPY;
+    dst->flags |= WC_HASH_FLAG_ISCOPY;
 #endif
 
 #if defined(WOLFSSL_HASH_KEEP)
diff --git a/wolfcrypt/src/sha256_asm.S b/wolfcrypt/src/sha256_asm.S
index 2f2bfde57..7fdc6a33c 100644
--- a/wolfcrypt/src/sha256_asm.S
+++ b/wolfcrypt/src/sha256_asm.S
@@ -1,6 +1,6 @@
 /* sha256_asm.S */
 /*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,7 +42,9 @@
 #define HAVE_INTEL_AVX1
 #endif /* HAVE_INTEL_AVX1 */
 #ifndef NO_AVX2_SUPPORT
+#ifndef HAVE_INTEL_AVX2
 #define HAVE_INTEL_AVX2
+#endif /* HAVE_INTEL_AVX2 */
 #endif /* NO_AVX2_SUPPORT */
 
 #ifdef WOLFSSL_X86_64_BUILD
@@ -273,7 +275,6 @@ _Transform_Sha256_SSE2_Sha:
         movhpd	%xmm1, 16(%rdi)
         movhpd	%xmm2, 24(%rdi)
         xorq	%rax, %rax
-        vzeroupper
         repz retq
 #ifndef __APPLE__
 .size	Transform_Sha256_SSE2_Sha,.-Transform_Sha256_SSE2_Sha
@@ -476,7 +477,6 @@ L_sha256_sha_len_sse2_start:
         movhpd	%xmm1, 16(%rdi)
         movhpd	%xmm2, 24(%rdi)
         xorq	%rax, %rax
-        vzeroupper
         repz retq
 #ifndef __APPLE__
 .size	Transform_Sha256_SSE2_Sha_Len,.-Transform_Sha256_SSE2_Sha_Len
@@ -2920,7 +2920,6 @@ _Transform_Sha256_AVX1:
         addl	%r14d, 24(%rdi)
         addl	%r15d, 28(%rdi)
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x40, %rsp
         popq	%rbp
         popq	%r15
@@ -5327,7 +5326,6 @@ L_sha256_len_avx1_start:
         movl	%r15d, 28(%rdi)
         jnz	L_sha256_len_avx1_start
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x44, %rsp
         popq	%rbp
         popq	%r15
@@ -7735,7 +7733,6 @@ _Transform_Sha256_AVX1_RORX:
         addl	%r14d, 24(%rdi)
         addl	%r15d, 28(%rdi)
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x40, %rsp
         popq	%rbp
         popq	%r15
@@ -10101,7 +10098,6 @@ L_sha256_len_avx1_len_rorx_start:
         movl	%r15d, 28(%rdi)
         jnz	L_sha256_len_avx1_len_rorx_start
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x44, %rsp
         popq	%rbp
         popq	%r15
@@ -10312,7 +10308,6 @@ _Transform_Sha256_AVX1_Sha:
         vmovhpd	%xmm1, 16(%rdi)
         vmovhpd	%xmm2, 24(%rdi)
         xorq	%rax, %rax
-        vzeroupper
         repz retq
 #ifndef __APPLE__
 .size	Transform_Sha256_AVX1_Sha,.-Transform_Sha256_AVX1_Sha
@@ -10487,7 +10482,6 @@ L_sha256_sha_len_avx1_start:
         vmovhpd	%xmm1, 16(%rdi)
         vmovhpd	%xmm2, 24(%rdi)
         xorq	%rax, %rax
-        vzeroupper
         repz retq
 #ifndef __APPLE__
 .size	Transform_Sha256_AVX1_Sha_Len,.-Transform_Sha256_AVX1_Sha_Len
diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c
index 634617319..a9795ff9a 100644
--- a/wolfcrypt/src/sha3.c
+++ b/wolfcrypt/src/sha3.c
@@ -1,6 +1,6 @@
 /* sha3.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
    !defined(WOLFSSL_AFALG_XILINX_SHA3)
@@ -40,7 +35,6 @@
 #endif
 
 #include <wolfssl/wolfcrypt/sha3.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/hash.h>
 
 #ifdef WOLF_CRYPTO_CB
@@ -62,10 +56,9 @@
     }
 #endif
 
-#if !defined(WOLFSSL_ARMASM) || (!defined(__arm__) && \
-    !defined(WOLFSSL_ARMASM_CRYPTO_SHA3))
 
-#ifdef USE_INTEL_SPEEDUP
+#if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \
+        defined(WOLFSSL_ARMASM))
     #include <wolfssl/wolfcrypt/cpuid.h>
 
     word32 cpuid_flags;
@@ -82,6 +75,8 @@
 #endif
 #endif
 
+#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM)
+
 #ifdef WOLFSSL_SHA3_SMALL
 /* Rotate a 64-bit value left.
  *
@@ -250,7 +245,7 @@ while (0)
 #ifndef USE_INTEL_SPEEDUP
 static
 #endif
-void BlockSha3(word64 *s)
+void BlockSha3(word64* s)
 {
     byte i, x, y;
     word64 t0, t1;
@@ -300,7 +295,7 @@ void BlockSha3(word64 *s)
  */
 #define ROTL64(a, n)    (((a)<<(n))|((a)>>(64-(n))))
 
-
+#if !defined(STM32_HASH_SHA3)
 /* An array of values to XOR for block operation. */
 static const word64 hash_keccak_r[24] =
 {
@@ -317,6 +312,7 @@ static const word64 hash_keccak_r[24] =
     W64LIT(0x8000000080008081), W64LIT(0x8000000000008080),
     W64LIT(0x0000000080000001), W64LIT(0x8000000080008008)
 };
+#endif
 
 /* Indices used in swap and rotate operation. */
 #define KI_0     6
@@ -534,6 +530,7 @@ do {                                                      \
 while (0)
 #endif /* SHA3_BY_SPEC */
 
+#if !defined(STM32_HASH_SHA3)
 /* The block operation performed on the state.
  *
  * s  The state.
@@ -541,7 +538,7 @@ while (0)
 #ifndef USE_INTEL_SPEEDUP
 static
 #endif
-void BlockSha3(word64 *s)
+void BlockSha3(word64* s)
 {
     word64 n[25];
     word64 b[5];
@@ -549,7 +546,7 @@ void BlockSha3(word64 *s)
 #ifndef SHA3_BY_SPEC
     word64 t1;
 #endif
-    byte i;
+    word32 i;
 
     for (i = 0; i < 24; i += 2)
     {
@@ -563,8 +560,10 @@ void BlockSha3(word64 *s)
     }
 }
 #endif /* WOLFSSL_SHA3_SMALL */
-#endif /* !WOLFSSL_ARMASM */
+#endif /* STM32_HASH_SHA3 */
+#endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
 
+#if !defined(STM32_HASH_SHA3)
 static WC_INLINE word64 Load64Unaligned(const unsigned char *a)
 {
     return ((word64)a[0] <<  0) |
@@ -618,6 +617,7 @@ static word64 Load64BitBigEndian(const byte* a)
  * sha3   wc_Sha3 object holding state.
  * returns 0 on success.
  */
+
 static int InitSha3(wc_Sha3* sha3)
 {
     int i;
@@ -655,11 +655,37 @@ static int InitSha3(wc_Sha3* sha3)
             SHA3_BLOCK_N = NULL;
         }
     }
+#define SHA3_FUNC_PTR
+#endif
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+    if (!cpuid_flags_set) {
+        cpuid_flags = cpuid_get_flags();
+        cpuid_flags_set = 1;
+    #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+        if (IS_AARCH64_SHA3(cpuid_flags)) {
+            SHA3_BLOCK = BlockSha3_crypto;
+            SHA3_BLOCK_N = NULL;
+        }
+        else
+    #endif
+        {
+            SHA3_BLOCK = BlockSha3_base;
+            SHA3_BLOCK_N = NULL;
+        }
+    }
+#define SHA3_FUNC_PTR
 #endif
 
     return 0;
 }
 
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+void BlockSha3(word64* s)
+{
+    (*SHA3_BLOCK)(s);
+}
+#endif
+
 /* Update the SHA-3 hash state with message data.
  *
  * sha3  wc_Sha3 object holding state.
@@ -690,13 +716,13 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
         }
         data += i;
         len -= i;
-        sha3->i += (byte) i;
+        sha3->i = (byte)(sha3->i + i);
 
         if (sha3->i == p * 8) {
             for (i = 0; i < p; i++) {
                 sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
             }
-        #ifdef USE_INTEL_SPEEDUP
+        #ifdef SHA3_FUNC_PTR
             (*SHA3_BLOCK)(sha3->s);
         #else
             BlockSha3(sha3->s);
@@ -704,12 +730,12 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
             sha3->i = 0;
         }
     }
-    blocks = len / (p * 8);
-    #ifdef USE_INTEL_SPEEDUP
+    blocks = len / (p * 8U);
+    #ifdef SHA3_FUNC_PTR
     if ((SHA3_BLOCK_N != NULL) && (blocks > 0)) {
-        (*SHA3_BLOCK_N)(sha3->s, data, blocks, p * 8);
-        len -= blocks * (p * 8);
-        data += blocks * (p * 8);
+        (*SHA3_BLOCK_N)(sha3->s, data, blocks, p * 8U);
+        len -= blocks * (p * 8U);
+        data += blocks * (p * 8U);
         blocks = 0;
     }
     #endif
@@ -717,20 +743,22 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
         for (i = 0; i < p; i++) {
             sha3->s[i] ^= Load64Unaligned(data + 8 * i);
         }
-    #ifdef USE_INTEL_SPEEDUP
+    #ifdef SHA3_FUNC_PTR
         (*SHA3_BLOCK)(sha3->s);
     #else
         BlockSha3(sha3->s);
     #endif
-        len -= p * 8;
-        data += p * 8;
+        len -= p * 8U;
+        data += p * 8U;
     }
 #if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
     if (SHA3_BLOCK == sha3_block_avx2)
         RESTORE_VECTOR_REGISTERS();
 #endif
-    XMEMCPY(sha3->t, data, len);
-    sha3->i += (byte)len;
+    if (len > 0) {
+        XMEMCPY(sha3->t, data, len);
+    }
+    sha3->i = (byte)(sha3->i + len);
 
     return 0;
 }
@@ -745,7 +773,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
  */
 static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
 {
-    word32 rate = p * 8;
+    word32 rate = p * 8U;
     word32 j;
     word32 i;
 
@@ -757,7 +785,7 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
     sha3->t[sha3->i ]  = padChar;
     sha3->t[rate - 1] |= 0x80;
     if (rate - 1 > (word32)sha3->i + 1) {
-        XMEMSET(sha3->t + sha3->i + 1, 0, rate - 1 - (sha3->i + 1));
+        XMEMSET(sha3->t + sha3->i + 1, 0, rate - 1U - (sha3->i + 1U));
     }
     for (i = 0; i < p; i++) {
         sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
@@ -769,7 +797,7 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
 #endif
 
     for (j = 0; l - j >= rate; j += rate) {
-    #ifdef USE_INTEL_SPEEDUP
+    #ifdef SHA3_FUNC_PTR
         (*SHA3_BLOCK)(sha3->s);
     #else
         BlockSha3(sha3->s);
@@ -781,7 +809,7 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
     #endif
     }
     if (j != l) {
-    #ifdef USE_INTEL_SPEEDUP
+    #ifdef SHA3_FUNC_PTR
         (*SHA3_BLOCK)(sha3->s);
     #else
         BlockSha3(sha3->s);
@@ -798,6 +826,84 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
 
     return 0;
 }
+#endif
+#if defined(STM32_HASH_SHA3)
+
+    /* Supports CubeMX HAL or Standard Peripheral Library */
+
+    static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId)
+    {
+        if (sha3 == NULL)
+            return BAD_FUNC_ARG;
+
+        (void)devId;
+        (void)heap;
+
+        XMEMSET(sha3, 0, sizeof(wc_Sha3));
+        wc_Stm32_Hash_Init(&sha3->stmCtx);
+        return 0;
+    }
+
+    static int Stm32GetAlgo(byte p)
+    {
+        switch(p) {
+            case WC_SHA3_224_COUNT:
+                return HASH_ALGOSELECTION_SHA3_224;
+            case WC_SHA3_256_COUNT:
+                return HASH_ALGOSELECTION_SHA3_256;
+            case WC_SHA3_384_COUNT:
+                return HASH_ALGOSELECTION_SHA3_384;
+            case WC_SHA3_512_COUNT:
+                return HASH_ALGOSELECTION_SHA3_512;
+        }
+        /* Should never get here */
+        return WC_SHA3_224_COUNT;
+    }
+
+    static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
+    {
+        int ret = 0;
+
+        if (sha3 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Update(&sha3->stmCtx,
+                Stm32GetAlgo(p), data, len, p * 8);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+        return ret;
+    }
+
+    static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
+    {
+        int ret = 0;
+
+        if (sha3 == NULL || hash == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Final(&sha3->stmCtx,
+                Stm32GetAlgo(p), hash, len);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+
+        (void)wc_InitSha3(sha3, NULL, 0); /* reset state */
+
+        return ret;
+    }
+#else
 
 /* Initialize the state for a SHA-3 hash operation.
  *
@@ -821,10 +927,10 @@ static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId)
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3)
     ret = wolfAsync_DevCtxInit(&sha3->asyncDev,
                         WOLFSSL_ASYNC_MARKER_SHA3, sha3->heap, devId);
-#elif defined(WOLF_CRYPTO_CB)
+#endif
+#if defined(WOLF_CRYPTO_CB)
     sha3->devId = devId;
-#endif /* WOLFSSL_ASYNC_CRYPT */
-
+#endif
     (void)devId;
 
     return ret;
@@ -945,7 +1051,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
 
     return InitSha3(sha3);  /* reset state */
 }
-
+#endif
 /* Dispose of any dynamically allocated data from the SHA3-384 operation.
  * (Required for async ops.)
  *
@@ -1389,6 +1495,10 @@ int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len)
 {
     int ret;
 
+    if ((shake == NULL) || (data == NULL && len != 0)) {
+        return BAD_FUNC_ARG;
+    }
+
     ret = Sha3Update(shake, data, len, WC_SHA3_128_COUNT);
     if (ret == 0) {
         byte hash[1];
@@ -1416,12 +1526,15 @@ int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len)
  */
 int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
 {
+    if ((shake == NULL) || (out == NULL && blockCnt != 0)) {
+        return BAD_FUNC_ARG;
+    }
 #if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
     if (SHA3_BLOCK == sha3_block_avx2)
         SAVE_VECTOR_REGISTERS(return _svr_ret;);
 #endif
     for (; (blockCnt > 0); blockCnt--) {
-    #ifdef USE_INTEL_SPEEDUP
+    #ifdef SHA3_FUNC_PTR
         (*SHA3_BLOCK)(shake->s);
     #else
         BlockSha3(shake->s);
@@ -1534,6 +1647,10 @@ int wc_Shake256_Absorb(wc_Shake* shake, const byte* data, word32 len)
 {
     int ret;
 
+    if ((shake == NULL) || (data == NULL && len != 0)) {
+        return BAD_FUNC_ARG;
+    }
+
     ret = Sha3Update(shake, data, len, WC_SHA3_256_COUNT);
     if (ret == 0) {
         byte hash[1];
@@ -1554,12 +1671,15 @@ int wc_Shake256_Absorb(wc_Shake* shake, const byte* data, word32 len)
  */
 int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
 {
+    if ((shake == NULL) || (out == NULL && blockCnt != 0)) {
+        return BAD_FUNC_ARG;
+    }
 #if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
     if (SHA3_BLOCK == sha3_block_avx2)
         SAVE_VECTOR_REGISTERS(return _svr_ret;);
 #endif
     for (; (blockCnt > 0); blockCnt--) {
-    #ifdef USE_INTEL_SPEEDUP
+    #ifdef SHA3_FUNC_PTR
         (*SHA3_BLOCK)(shake->s);
     #else
         BlockSha3(shake->s);
diff --git a/wolfcrypt/src/sha3_asm.S b/wolfcrypt/src/sha3_asm.S
index a67002073..9bfadf02e 100644
--- a/wolfcrypt/src/sha3_asm.S
+++ b/wolfcrypt/src/sha3_asm.S
@@ -1,6 +1,6 @@
 /* sha3_asm.S */
 /*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,7 +42,9 @@
 #define HAVE_INTEL_AVX1
 #endif /* HAVE_INTEL_AVX1 */
 #ifndef NO_AVX2_SUPPORT
+#ifndef HAVE_INTEL_AVX2
 #define HAVE_INTEL_AVX2
+#endif /* HAVE_INTEL_AVX2 */
 #endif /* NO_AVX2_SUPPORT */
 
 #ifndef __APPLE__
@@ -244,11 +246,11 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, 48(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, 96(%rdi)
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, 96(%rdi)
         # XOR in constant
         xorq	$0x01, %rsi
         # Row 1
@@ -277,11 +279,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 32(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 80(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -72(%rdi)
+        movq	%r13, -72(%rdi)
         # Row 2
         movq	-88(%rdi), %r10
         movq	-40(%rdi), %r11
@@ -308,11 +310,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 56(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 64(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -88(%rdi)
+        movq	%r13, -88(%rdi)
         # Row 3
         movq	-64(%rdi), %r10
         movq	-56(%rdi), %r11
@@ -339,11 +341,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 40(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 88(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -64(%rdi)
+        movq	%r13, -64(%rdi)
         # Row 4
         xorq	-80(%rdi), %rcx
         xorq	-32(%rdi), %r8
@@ -427,11 +429,11 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, 40(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, 72(%rdi)
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, 72(%rdi)
         # XOR in constant
         xorq	$0x8082, %rsi
         # Row 1
@@ -460,11 +462,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -56(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 16(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 48(%rdi)
+        movq	%r13, 48(%rdi)
         # Row 2
         movq	-48(%rdi), %r10
         movq	-16(%rdi), %r11
@@ -491,11 +493,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 88(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -80(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -48(%rdi)
+        movq	%r13, -48(%rdi)
         # Row 3
         movq	96(%rdi), %r10
         movq	-72(%rdi), %r11
@@ -522,11 +524,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -8(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 24(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 96(%rdi)
+        movq	%r13, 96(%rdi)
         # Row 4
         xorq	(%rdi), %rcx
         xorq	32(%rdi), %r8
@@ -610,13 +612,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, -8(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, -32(%rdi)
-        movq	$0x800000000000808a, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, -32(%rdi)
         # XOR in constant
+        movq	$0x800000000000808a, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	40(%rdi), %r10
@@ -644,11 +646,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -72(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 64(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 40(%rdi)
+        movq	%r13, 40(%rdi)
         # Row 2
         movq	-24(%rdi), %r10
         movq	-88(%rdi), %r11
@@ -675,11 +677,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 24(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, (%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -24(%rdi)
+        movq	%r13, -24(%rdi)
         # Row 3
         movq	72(%rdi), %r10
         movq	48(%rdi), %r11
@@ -706,11 +708,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -40(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -64(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 72(%rdi)
+        movq	%r13, 72(%rdi)
         # Row 4
         xorq	8(%rdi), %rcx
         xorq	-56(%rdi), %r8
@@ -794,13 +796,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, -40(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, 32(%rdi)
-        movq	$0x8000000080008000, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, 32(%rdi)
         # XOR in constant
+        movq	$0x8000000080008000, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	-8(%rdi), %r10
@@ -828,11 +830,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 48(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -80(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -8(%rdi)
+        movq	%r13, -8(%rdi)
         # Row 2
         movq	80(%rdi), %r10
         movq	-48(%rdi), %r11
@@ -859,11 +861,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -64(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 8(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 80(%rdi)
+        movq	%r13, 80(%rdi)
         # Row 3
         movq	-32(%rdi), %r10
         movq	40(%rdi), %r11
@@ -890,11 +892,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -16(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 96(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -32(%rdi)
+        movq	%r13, -32(%rdi)
         # Row 4
         xorq	56(%rdi), %rcx
         xorq	-72(%rdi), %r8
@@ -978,11 +980,11 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, -16(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, -56(%rdi)
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, -56(%rdi)
         # XOR in constant
         xorq	$0x808b, %rsi
         # Row 1
@@ -1011,11 +1013,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 40(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, (%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -40(%rdi)
+        movq	%r13, -40(%rdi)
         # Row 2
         movq	16(%rdi), %r10
         movq	-24(%rdi), %r11
@@ -1042,11 +1044,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 96(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 56(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 16(%rdi)
+        movq	%r13, 16(%rdi)
         # Row 3
         movq	32(%rdi), %r10
         movq	-8(%rdi), %r11
@@ -1073,11 +1075,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -88(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 72(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 32(%rdi)
+        movq	%r13, 32(%rdi)
         # Row 4
         xorq	88(%rdi), %rcx
         xorq	48(%rdi), %r8
@@ -1161,13 +1163,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, -88(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, -72(%rdi)
-        movq	$0x80000001, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, -72(%rdi)
         # XOR in constant
+        movq	$0x80000001, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	-16(%rdi), %r10
@@ -1195,11 +1197,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -8(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 8(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -16(%rdi)
+        movq	%r13, -16(%rdi)
         # Row 2
         movq	64(%rdi), %r10
         movq	80(%rdi), %r11
@@ -1226,11 +1228,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 72(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 88(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 64(%rdi)
+        movq	%r13, 64(%rdi)
         # Row 3
         movq	-56(%rdi), %r10
         movq	-40(%rdi), %r11
@@ -1257,11 +1259,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -48(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -32(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -56(%rdi)
+        movq	%r13, -56(%rdi)
         # Row 4
         xorq	24(%rdi), %rcx
         xorq	40(%rdi), %r8
@@ -1345,13 +1347,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, -48(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, 48(%rdi)
-        movq	$0x8000000080008081, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, 48(%rdi)
         # XOR in constant
+        movq	$0x8000000080008081, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	-88(%rdi), %r10
@@ -1379,11 +1381,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -40(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 56(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -88(%rdi)
+        movq	%r13, -88(%rdi)
         # Row 2
         movq	-80(%rdi), %r10
         movq	16(%rdi), %r11
@@ -1410,11 +1412,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -32(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 24(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -80(%rdi)
+        movq	%r13, -80(%rdi)
         # Row 3
         movq	-72(%rdi), %r10
         movq	-16(%rdi), %r11
@@ -1441,11 +1443,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -24(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 32(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -72(%rdi)
+        movq	%r13, -72(%rdi)
         # Row 4
         xorq	-64(%rdi), %rcx
         xorq	-8(%rdi), %r8
@@ -1529,13 +1531,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, -24(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, 40(%rdi)
-        movq	$0x8000000000008009, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, 40(%rdi)
         # XOR in constant
+        movq	$0x8000000000008009, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	-48(%rdi), %r10
@@ -1563,11 +1565,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -16(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 88(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -48(%rdi)
+        movq	%r13, -48(%rdi)
         # Row 2
         movq	(%rdi), %r10
         movq	64(%rdi), %r11
@@ -1594,11 +1596,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 32(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -64(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, (%rdi)
+        movq	%r13, (%rdi)
         # Row 3
         movq	48(%rdi), %r10
         movq	-88(%rdi), %r11
@@ -1625,11 +1627,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 80(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -56(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 48(%rdi)
+        movq	%r13, 48(%rdi)
         # Row 4
         xorq	96(%rdi), %rcx
         xorq	-40(%rdi), %r8
@@ -1713,11 +1715,11 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, 80(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, -8(%rdi)
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, -8(%rdi)
         # XOR in constant
         xorq	$0x8a, %rsi
         # Row 1
@@ -1746,11 +1748,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -88(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 24(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -24(%rdi)
+        movq	%r13, -24(%rdi)
         # Row 2
         movq	8(%rdi), %r10
         movq	-80(%rdi), %r11
@@ -1777,11 +1779,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -56(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 96(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 8(%rdi)
+        movq	%r13, 8(%rdi)
         # Row 3
         movq	40(%rdi), %r10
         movq	-48(%rdi), %r11
@@ -1808,11 +1810,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 16(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -72(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 40(%rdi)
+        movq	%r13, 40(%rdi)
         # Row 4
         xorq	72(%rdi), %rcx
         xorq	-16(%rdi), %r8
@@ -1896,11 +1898,11 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, 16(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, -40(%rdi)
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, -40(%rdi)
         # XOR in constant
         xorq	$0x88, %rsi
         # Row 1
@@ -1929,11 +1931,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -48(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -64(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 80(%rdi)
+        movq	%r13, 80(%rdi)
         # Row 2
         movq	56(%rdi), %r10
         movq	(%rdi), %r11
@@ -1960,11 +1962,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -72(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 72(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 56(%rdi)
+        movq	%r13, 56(%rdi)
         # Row 3
         movq	-8(%rdi), %r10
         movq	-24(%rdi), %r11
@@ -1991,11 +1993,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 64(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 48(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -8(%rdi)
+        movq	%r13, -8(%rdi)
         # Row 4
         xorq	-32(%rdi), %rcx
         xorq	-88(%rdi), %r8
@@ -2079,13 +2081,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, 64(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, -16(%rdi)
-        movq	$0x80008009, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, -16(%rdi)
         # XOR in constant
+        movq	$0x80008009, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	16(%rdi), %r10
@@ -2113,11 +2115,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -24(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 96(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 16(%rdi)
+        movq	%r13, 16(%rdi)
         # Row 2
         movq	88(%rdi), %r10
         movq	8(%rdi), %r11
@@ -2144,11 +2146,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 48(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -32(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 88(%rdi)
+        movq	%r13, 88(%rdi)
         # Row 3
         movq	-40(%rdi), %r10
         movq	80(%rdi), %r11
@@ -2175,11 +2177,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -80(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 40(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -40(%rdi)
+        movq	%r13, -40(%rdi)
         # Row 4
         xorq	32(%rdi), %rcx
         xorq	-48(%rdi), %r8
@@ -2263,13 +2265,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, -80(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, -88(%rdi)
-        movq	$0x8000000a, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, -88(%rdi)
         # XOR in constant
+        movq	$0x8000000a, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	64(%rdi), %r10
@@ -2297,11 +2299,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 80(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 72(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 64(%rdi)
+        movq	%r13, 64(%rdi)
         # Row 2
         movq	24(%rdi), %r10
         movq	56(%rdi), %r11
@@ -2328,11 +2330,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 40(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 32(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 24(%rdi)
+        movq	%r13, 24(%rdi)
         # Row 3
         movq	-16(%rdi), %r10
         movq	16(%rdi), %r11
@@ -2359,11 +2361,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, (%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -8(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -16(%rdi)
+        movq	%r13, -16(%rdi)
         # Row 4
         xorq	-56(%rdi), %rcx
         xorq	-24(%rdi), %r8
@@ -2447,13 +2449,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, (%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, -48(%rdi)
-        movq	$0x8000808b, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, -48(%rdi)
         # XOR in constant
+        movq	$0x8000808b, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	-80(%rdi), %r10
@@ -2481,11 +2483,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 16(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -32(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -80(%rdi)
+        movq	%r13, -80(%rdi)
         # Row 2
         movq	-64(%rdi), %r10
         movq	88(%rdi), %r11
@@ -2512,11 +2514,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -8(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -56(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -64(%rdi)
+        movq	%r13, -64(%rdi)
         # Row 3
         movq	-88(%rdi), %r10
         movq	64(%rdi), %r11
@@ -2543,11 +2545,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 8(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -40(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -88(%rdi)
+        movq	%r13, -88(%rdi)
         # Row 4
         xorq	-72(%rdi), %rcx
         xorq	80(%rdi), %r8
@@ -2631,13 +2633,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, 8(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, -24(%rdi)
-        movq	$0x800000000000008b, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, -24(%rdi)
         # XOR in constant
+        movq	$0x800000000000008b, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	(%rdi), %r10
@@ -2665,11 +2667,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 64(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 32(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, (%rdi)
+        movq	%r13, (%rdi)
         # Row 2
         movq	96(%rdi), %r10
         movq	24(%rdi), %r11
@@ -2696,11 +2698,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -40(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -72(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 96(%rdi)
+        movq	%r13, 96(%rdi)
         # Row 3
         movq	-48(%rdi), %r10
         movq	-80(%rdi), %r11
@@ -2727,11 +2729,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 56(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -16(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -48(%rdi)
+        movq	%r13, -48(%rdi)
         # Row 4
         xorq	48(%rdi), %rcx
         xorq	16(%rdi), %r8
@@ -2815,13 +2817,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, 56(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, 80(%rdi)
-        movq	$0x8000000000008089, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, 80(%rdi)
         # XOR in constant
+        movq	$0x8000000000008089, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	8(%rdi), %r10
@@ -2849,11 +2851,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -80(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -56(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 8(%rdi)
+        movq	%r13, 8(%rdi)
         # Row 2
         movq	72(%rdi), %r10
         movq	-64(%rdi), %r11
@@ -2880,11 +2882,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -16(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 48(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 72(%rdi)
+        movq	%r13, 72(%rdi)
         # Row 3
         movq	-24(%rdi), %r10
         movq	(%rdi), %r11
@@ -2911,11 +2913,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 88(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -88(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -24(%rdi)
+        movq	%r13, -24(%rdi)
         # Row 4
         xorq	40(%rdi), %rcx
         xorq	64(%rdi), %r8
@@ -2999,13 +3001,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, 88(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, 16(%rdi)
-        movq	$0x8000000000008003, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, 16(%rdi)
         # XOR in constant
+        movq	$0x8000000000008003, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	56(%rdi), %r10
@@ -3033,11 +3035,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, (%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -72(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 56(%rdi)
+        movq	%r13, 56(%rdi)
         # Row 2
         movq	-32(%rdi), %r10
         movq	96(%rdi), %r11
@@ -3064,11 +3066,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -88(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 40(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -32(%rdi)
+        movq	%r13, -32(%rdi)
         # Row 3
         movq	80(%rdi), %r10
         movq	8(%rdi), %r11
@@ -3095,11 +3097,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 24(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -48(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 80(%rdi)
+        movq	%r13, 80(%rdi)
         # Row 4
         xorq	-8(%rdi), %rcx
         xorq	-80(%rdi), %r8
@@ -3183,13 +3185,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, 24(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, 64(%rdi)
-        movq	$0x8000000000008002, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, 64(%rdi)
         # XOR in constant
+        movq	$0x8000000000008002, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	88(%rdi), %r10
@@ -3217,11 +3219,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 8(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 48(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 88(%rdi)
+        movq	%r13, 88(%rdi)
         # Row 2
         movq	32(%rdi), %r10
         movq	72(%rdi), %r11
@@ -3248,11 +3250,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -48(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -8(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 32(%rdi)
+        movq	%r13, 32(%rdi)
         # Row 3
         movq	16(%rdi), %r10
         movq	56(%rdi), %r11
@@ -3279,11 +3281,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -64(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -24(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 16(%rdi)
+        movq	%r13, 16(%rdi)
         # Row 4
         xorq	-40(%rdi), %rcx
         xorq	(%rdi), %r8
@@ -3367,13 +3369,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, -64(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, -80(%rdi)
-        movq	$0x8000000000000080, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, -80(%rdi)
         # XOR in constant
+        movq	$0x8000000000000080, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	24(%rdi), %r10
@@ -3401,11 +3403,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 56(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 40(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 24(%rdi)
+        movq	%r13, 24(%rdi)
         # Row 2
         movq	-56(%rdi), %r10
         movq	-32(%rdi), %r11
@@ -3432,11 +3434,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -24(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -40(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -56(%rdi)
+        movq	%r13, -56(%rdi)
         # Row 3
         movq	64(%rdi), %r10
         movq	88(%rdi), %r11
@@ -3463,11 +3465,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 96(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 80(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 64(%rdi)
+        movq	%r13, 64(%rdi)
         # Row 4
         xorq	-16(%rdi), %rcx
         xorq	8(%rdi), %r8
@@ -3551,11 +3553,11 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, 96(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, (%rdi)
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, (%rdi)
         # XOR in constant
         xorq	$0x800a, %rsi
         # Row 1
@@ -3584,11 +3586,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 88(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -8(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -64(%rdi)
+        movq	%r13, -64(%rdi)
         # Row 2
         movq	-72(%rdi), %r10
         movq	32(%rdi), %r11
@@ -3615,11 +3617,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 80(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -16(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -72(%rdi)
+        movq	%r13, -72(%rdi)
         # Row 3
         movq	-80(%rdi), %r10
         movq	24(%rdi), %r11
@@ -3646,11 +3648,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 72(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 16(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -80(%rdi)
+        movq	%r13, -80(%rdi)
         # Row 4
         xorq	-88(%rdi), %rcx
         xorq	56(%rdi), %r8
@@ -3734,13 +3736,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, 72(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, 8(%rdi)
-        movq	$0x800000008000000a, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, 8(%rdi)
         # XOR in constant
+        movq	$0x800000008000000a, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	96(%rdi), %r10
@@ -3768,11 +3770,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 24(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -40(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 96(%rdi)
+        movq	%r13, 96(%rdi)
         # Row 2
         movq	48(%rdi), %r10
         movq	-56(%rdi), %r11
@@ -3799,11 +3801,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 16(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -88(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 48(%rdi)
+        movq	%r13, 48(%rdi)
         # Row 3
         movq	(%rdi), %r10
         movq	-64(%rdi), %r11
@@ -3830,11 +3832,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -32(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 64(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, (%rdi)
+        movq	%r13, (%rdi)
         # Row 4
         xorq	-48(%rdi), %rcx
         xorq	88(%rdi), %r8
@@ -3918,13 +3920,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, -32(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, 56(%rdi)
-        movq	$0x8000000080008081, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, 56(%rdi)
         # XOR in constant
+        movq	$0x8000000080008081, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	72(%rdi), %r10
@@ -3952,11 +3954,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -64(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -16(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 72(%rdi)
+        movq	%r13, 72(%rdi)
         # Row 2
         movq	40(%rdi), %r10
         movq	-72(%rdi), %r11
@@ -3983,11 +3985,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 64(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -48(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 40(%rdi)
+        movq	%r13, 40(%rdi)
         # Row 3
         movq	8(%rdi), %r10
         movq	96(%rdi), %r11
@@ -4014,11 +4016,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 32(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -80(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 8(%rdi)
+        movq	%r13, 8(%rdi)
         # Row 4
         xorq	-24(%rdi), %rcx
         xorq	24(%rdi), %r8
@@ -4102,13 +4104,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, 32(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, 88(%rdi)
-        movq	$0x8000000000008080, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, 88(%rdi)
         # XOR in constant
+        movq	$0x8000000000008080, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	-32(%rdi), %r10
@@ -4136,11 +4138,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 96(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -88(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -32(%rdi)
+        movq	%r13, -32(%rdi)
         # Row 2
         movq	-8(%rdi), %r10
         movq	48(%rdi), %r11
@@ -4167,11 +4169,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -80(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -24(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -8(%rdi)
+        movq	%r13, -8(%rdi)
         # Row 3
         movq	56(%rdi), %r10
         movq	72(%rdi), %r11
@@ -4198,11 +4200,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -56(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, (%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 56(%rdi)
+        movq	%r13, 56(%rdi)
         # Row 4
         xorq	80(%rdi), %rcx
         xorq	-64(%rdi), %r8
@@ -4286,13 +4288,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, -56(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, 24(%rdi)
-        movq	$0x80000001, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, 24(%rdi)
         # XOR in constant
+        movq	$0x80000001, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	32(%rdi), %r10
@@ -4320,11 +4322,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 72(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -48(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 32(%rdi)
+        movq	%r13, 32(%rdi)
         # Row 2
         movq	-40(%rdi), %r10
         movq	40(%rdi), %r11
@@ -4351,11 +4353,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, (%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 80(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -40(%rdi)
+        movq	%r13, -40(%rdi)
         # Row 3
         movq	88(%rdi), %r10
         movq	-32(%rdi), %r11
@@ -4382,11 +4384,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -72(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 8(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 88(%rdi)
+        movq	%r13, 88(%rdi)
         # Row 4
         xorq	16(%rdi), %rcx
         xorq	96(%rdi), %r8
@@ -4470,13 +4472,13 @@ _sha3_block_bmi2:
         andnq	%r10, %r14, %r15
         xorq	%r13, %r15
         movq	%r15, -72(%rdi)
-        andnq	%r11, %r10, %r15
-        xorq	%r14, %r15
-        movq	%r15, -64(%rdi)
-        movq	$0x8000000080008008, %r14
+        andnq	%r11, %r10, %r13
         andnq	%r12, %r11, %rsi
+        xorq	%r14, %r13
         xorq	%r10, %rsi
+        movq	%r13, -64(%rdi)
         # XOR in constant
+        movq	$0x8000000080008008, %r14
         xorq	%r14, %rsi
         # Row 1
         movq	-56(%rdi), %r10
@@ -4504,11 +4506,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, -32(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, -24(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -56(%rdi)
+        movq	%r13, -56(%rdi)
         # Row 2
         movq	-16(%rdi), %r10
         movq	-8(%rdi), %r11
@@ -4535,11 +4537,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 8(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 16(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, -16(%rdi)
+        movq	%r13, -16(%rdi)
         # Row 3
         movq	24(%rdi), %r10
         movq	32(%rdi), %r11
@@ -4566,11 +4568,11 @@ _sha3_block_bmi2:
         xorq	%r13, %r15
         movq	%r15, 48(%rdi)
         andnq	%r11, %r10, %r15
+        andnq	%r12, %r11, %r13
         xorq	%r14, %r15
+        xorq	%r10, %r13
         movq	%r15, 56(%rdi)
-        andnq	%r12, %r11, %r15
-        xorq	%r10, %r15
-        movq	%r15, 24(%rdi)
+        movq	%r13, 24(%rdi)
         # Row 4
         xorq	64(%rdi), %rcx
         xorq	72(%rdi), %r8
@@ -4937,11 +4939,11 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, 48(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, 96(%rdi)
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, 96(%rdi)
         # XOR in constant
         xorq	$0x01, %rcx
         # Row 1
@@ -4970,11 +4972,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 32(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 80(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -72(%rdi)
+        movq	%r15, -72(%rdi)
         # Row 2
         movq	-88(%rdi), %r12
         movq	-40(%rdi), %r13
@@ -5001,11 +5003,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 56(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 64(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -88(%rdi)
+        movq	%r15, -88(%rdi)
         # Row 3
         movq	-64(%rdi), %r12
         movq	-56(%rdi), %r13
@@ -5032,11 +5034,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 40(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 88(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -64(%rdi)
+        movq	%r15, -64(%rdi)
         # Row 4
         xorq	-80(%rdi), %r9
         xorq	-32(%rdi), %r10
@@ -5120,11 +5122,11 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, 40(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, 72(%rdi)
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, 72(%rdi)
         # XOR in constant
         xorq	$0x8082, %rcx
         # Row 1
@@ -5153,11 +5155,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -56(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 16(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 48(%rdi)
+        movq	%r15, 48(%rdi)
         # Row 2
         movq	-48(%rdi), %r12
         movq	-16(%rdi), %r13
@@ -5184,11 +5186,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 88(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -80(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -48(%rdi)
+        movq	%r15, -48(%rdi)
         # Row 3
         movq	96(%rdi), %r12
         movq	-72(%rdi), %r13
@@ -5215,11 +5217,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -8(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 24(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 96(%rdi)
+        movq	%r15, 96(%rdi)
         # Row 4
         xorq	(%rdi), %r9
         xorq	32(%rdi), %r10
@@ -5303,13 +5305,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, -8(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, -32(%rdi)
-        movq	$0x800000000000808a, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, -32(%rdi)
         # XOR in constant
+        movq	$0x800000000000808a, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	40(%rdi), %r12
@@ -5337,11 +5339,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -72(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 64(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 40(%rdi)
+        movq	%r15, 40(%rdi)
         # Row 2
         movq	-24(%rdi), %r12
         movq	-88(%rdi), %r13
@@ -5368,11 +5370,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 24(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, (%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -24(%rdi)
+        movq	%r15, -24(%rdi)
         # Row 3
         movq	72(%rdi), %r12
         movq	48(%rdi), %r13
@@ -5399,11 +5401,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -40(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -64(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 72(%rdi)
+        movq	%r15, 72(%rdi)
         # Row 4
         xorq	8(%rdi), %r9
         xorq	-56(%rdi), %r10
@@ -5487,13 +5489,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, -40(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, 32(%rdi)
-        movq	$0x8000000080008000, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, 32(%rdi)
         # XOR in constant
+        movq	$0x8000000080008000, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	-8(%rdi), %r12
@@ -5521,11 +5523,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 48(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -80(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -8(%rdi)
+        movq	%r15, -8(%rdi)
         # Row 2
         movq	80(%rdi), %r12
         movq	-48(%rdi), %r13
@@ -5552,11 +5554,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -64(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 8(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 80(%rdi)
+        movq	%r15, 80(%rdi)
         # Row 3
         movq	-32(%rdi), %r12
         movq	40(%rdi), %r13
@@ -5583,11 +5585,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -16(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 96(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -32(%rdi)
+        movq	%r15, -32(%rdi)
         # Row 4
         xorq	56(%rdi), %r9
         xorq	-72(%rdi), %r10
@@ -5671,11 +5673,11 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, -16(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, -56(%rdi)
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, -56(%rdi)
         # XOR in constant
         xorq	$0x808b, %rcx
         # Row 1
@@ -5704,11 +5706,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 40(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, (%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -40(%rdi)
+        movq	%r15, -40(%rdi)
         # Row 2
         movq	16(%rdi), %r12
         movq	-24(%rdi), %r13
@@ -5735,11 +5737,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 96(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 56(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 16(%rdi)
+        movq	%r15, 16(%rdi)
         # Row 3
         movq	32(%rdi), %r12
         movq	-8(%rdi), %r13
@@ -5766,11 +5768,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -88(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 72(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 32(%rdi)
+        movq	%r15, 32(%rdi)
         # Row 4
         xorq	88(%rdi), %r9
         xorq	48(%rdi), %r10
@@ -5854,13 +5856,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, -88(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, -72(%rdi)
-        movq	$0x80000001, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, -72(%rdi)
         # XOR in constant
+        movq	$0x80000001, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	-16(%rdi), %r12
@@ -5888,11 +5890,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -8(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 8(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -16(%rdi)
+        movq	%r15, -16(%rdi)
         # Row 2
         movq	64(%rdi), %r12
         movq	80(%rdi), %r13
@@ -5919,11 +5921,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 72(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 88(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 64(%rdi)
+        movq	%r15, 64(%rdi)
         # Row 3
         movq	-56(%rdi), %r12
         movq	-40(%rdi), %r13
@@ -5950,11 +5952,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -48(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -32(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -56(%rdi)
+        movq	%r15, -56(%rdi)
         # Row 4
         xorq	24(%rdi), %r9
         xorq	40(%rdi), %r10
@@ -6038,13 +6040,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, -48(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, 48(%rdi)
-        movq	$0x8000000080008081, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, 48(%rdi)
         # XOR in constant
+        movq	$0x8000000080008081, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	-88(%rdi), %r12
@@ -6072,11 +6074,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -40(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 56(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -88(%rdi)
+        movq	%r15, -88(%rdi)
         # Row 2
         movq	-80(%rdi), %r12
         movq	16(%rdi), %r13
@@ -6103,11 +6105,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -32(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 24(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -80(%rdi)
+        movq	%r15, -80(%rdi)
         # Row 3
         movq	-72(%rdi), %r12
         movq	-16(%rdi), %r13
@@ -6134,11 +6136,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -24(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 32(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -72(%rdi)
+        movq	%r15, -72(%rdi)
         # Row 4
         xorq	-64(%rdi), %r9
         xorq	-8(%rdi), %r10
@@ -6222,13 +6224,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, -24(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, 40(%rdi)
-        movq	$0x8000000000008009, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, 40(%rdi)
         # XOR in constant
+        movq	$0x8000000000008009, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	-48(%rdi), %r12
@@ -6256,11 +6258,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -16(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 88(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -48(%rdi)
+        movq	%r15, -48(%rdi)
         # Row 2
         movq	(%rdi), %r12
         movq	64(%rdi), %r13
@@ -6287,11 +6289,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 32(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -64(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, (%rdi)
+        movq	%r15, (%rdi)
         # Row 3
         movq	48(%rdi), %r12
         movq	-88(%rdi), %r13
@@ -6318,11 +6320,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 80(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -56(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 48(%rdi)
+        movq	%r15, 48(%rdi)
         # Row 4
         xorq	96(%rdi), %r9
         xorq	-40(%rdi), %r10
@@ -6406,11 +6408,11 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, 80(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, -8(%rdi)
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, -8(%rdi)
         # XOR in constant
         xorq	$0x8a, %rcx
         # Row 1
@@ -6439,11 +6441,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -88(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 24(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -24(%rdi)
+        movq	%r15, -24(%rdi)
         # Row 2
         movq	8(%rdi), %r12
         movq	-80(%rdi), %r13
@@ -6470,11 +6472,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -56(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 96(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 8(%rdi)
+        movq	%r15, 8(%rdi)
         # Row 3
         movq	40(%rdi), %r12
         movq	-48(%rdi), %r13
@@ -6501,11 +6503,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 16(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -72(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 40(%rdi)
+        movq	%r15, 40(%rdi)
         # Row 4
         xorq	72(%rdi), %r9
         xorq	-16(%rdi), %r10
@@ -6589,11 +6591,11 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, 16(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, -40(%rdi)
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, -40(%rdi)
         # XOR in constant
         xorq	$0x88, %rcx
         # Row 1
@@ -6622,11 +6624,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -48(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -64(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 80(%rdi)
+        movq	%r15, 80(%rdi)
         # Row 2
         movq	56(%rdi), %r12
         movq	(%rdi), %r13
@@ -6653,11 +6655,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -72(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 72(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 56(%rdi)
+        movq	%r15, 56(%rdi)
         # Row 3
         movq	-8(%rdi), %r12
         movq	-24(%rdi), %r13
@@ -6684,11 +6686,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 64(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 48(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -8(%rdi)
+        movq	%r15, -8(%rdi)
         # Row 4
         xorq	-32(%rdi), %r9
         xorq	-88(%rdi), %r10
@@ -6772,13 +6774,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, 64(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, -16(%rdi)
-        movq	$0x80008009, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, -16(%rdi)
         # XOR in constant
+        movq	$0x80008009, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	16(%rdi), %r12
@@ -6806,11 +6808,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -24(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 96(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 16(%rdi)
+        movq	%r15, 16(%rdi)
         # Row 2
         movq	88(%rdi), %r12
         movq	8(%rdi), %r13
@@ -6837,11 +6839,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 48(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -32(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 88(%rdi)
+        movq	%r15, 88(%rdi)
         # Row 3
         movq	-40(%rdi), %r12
         movq	80(%rdi), %r13
@@ -6868,11 +6870,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -80(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 40(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -40(%rdi)
+        movq	%r15, -40(%rdi)
         # Row 4
         xorq	32(%rdi), %r9
         xorq	-48(%rdi), %r10
@@ -6956,13 +6958,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, -80(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, -88(%rdi)
-        movq	$0x8000000a, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, -88(%rdi)
         # XOR in constant
+        movq	$0x8000000a, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	64(%rdi), %r12
@@ -6990,11 +6992,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 80(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 72(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 64(%rdi)
+        movq	%r15, 64(%rdi)
         # Row 2
         movq	24(%rdi), %r12
         movq	56(%rdi), %r13
@@ -7021,11 +7023,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 40(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 32(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 24(%rdi)
+        movq	%r15, 24(%rdi)
         # Row 3
         movq	-16(%rdi), %r12
         movq	16(%rdi), %r13
@@ -7052,11 +7054,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, (%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -8(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -16(%rdi)
+        movq	%r15, -16(%rdi)
         # Row 4
         xorq	-56(%rdi), %r9
         xorq	-24(%rdi), %r10
@@ -7140,13 +7142,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, (%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, -48(%rdi)
-        movq	$0x8000808b, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, -48(%rdi)
         # XOR in constant
+        movq	$0x8000808b, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	-80(%rdi), %r12
@@ -7174,11 +7176,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 16(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -32(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -80(%rdi)
+        movq	%r15, -80(%rdi)
         # Row 2
         movq	-64(%rdi), %r12
         movq	88(%rdi), %r13
@@ -7205,11 +7207,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -8(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -56(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -64(%rdi)
+        movq	%r15, -64(%rdi)
         # Row 3
         movq	-88(%rdi), %r12
         movq	64(%rdi), %r13
@@ -7236,11 +7238,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 8(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -40(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -88(%rdi)
+        movq	%r15, -88(%rdi)
         # Row 4
         xorq	-72(%rdi), %r9
         xorq	80(%rdi), %r10
@@ -7324,13 +7326,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, 8(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, -24(%rdi)
-        movq	$0x800000000000008b, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, -24(%rdi)
         # XOR in constant
+        movq	$0x800000000000008b, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	(%rdi), %r12
@@ -7358,11 +7360,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 64(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 32(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, (%rdi)
+        movq	%r15, (%rdi)
         # Row 2
         movq	96(%rdi), %r12
         movq	24(%rdi), %r13
@@ -7389,11 +7391,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -40(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -72(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 96(%rdi)
+        movq	%r15, 96(%rdi)
         # Row 3
         movq	-48(%rdi), %r12
         movq	-80(%rdi), %r13
@@ -7420,11 +7422,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 56(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -16(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -48(%rdi)
+        movq	%r15, -48(%rdi)
         # Row 4
         xorq	48(%rdi), %r9
         xorq	16(%rdi), %r10
@@ -7508,13 +7510,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, 56(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, 80(%rdi)
-        movq	$0x8000000000008089, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, 80(%rdi)
         # XOR in constant
+        movq	$0x8000000000008089, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	8(%rdi), %r12
@@ -7542,11 +7544,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -80(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -56(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 8(%rdi)
+        movq	%r15, 8(%rdi)
         # Row 2
         movq	72(%rdi), %r12
         movq	-64(%rdi), %r13
@@ -7573,11 +7575,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -16(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 48(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 72(%rdi)
+        movq	%r15, 72(%rdi)
         # Row 3
         movq	-24(%rdi), %r12
         movq	(%rdi), %r13
@@ -7604,11 +7606,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 88(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -88(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -24(%rdi)
+        movq	%r15, -24(%rdi)
         # Row 4
         xorq	40(%rdi), %r9
         xorq	64(%rdi), %r10
@@ -7692,13 +7694,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, 88(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, 16(%rdi)
-        movq	$0x8000000000008003, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, 16(%rdi)
         # XOR in constant
+        movq	$0x8000000000008003, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	56(%rdi), %r12
@@ -7726,11 +7728,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, (%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -72(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 56(%rdi)
+        movq	%r15, 56(%rdi)
         # Row 2
         movq	-32(%rdi), %r12
         movq	96(%rdi), %r13
@@ -7757,11 +7759,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -88(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 40(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -32(%rdi)
+        movq	%r15, -32(%rdi)
         # Row 3
         movq	80(%rdi), %r12
         movq	8(%rdi), %r13
@@ -7788,11 +7790,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 24(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -48(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 80(%rdi)
+        movq	%r15, 80(%rdi)
         # Row 4
         xorq	-8(%rdi), %r9
         xorq	-80(%rdi), %r10
@@ -7876,13 +7878,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, 24(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, 64(%rdi)
-        movq	$0x8000000000008002, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, 64(%rdi)
         # XOR in constant
+        movq	$0x8000000000008002, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	88(%rdi), %r12
@@ -7910,11 +7912,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 8(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 48(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 88(%rdi)
+        movq	%r15, 88(%rdi)
         # Row 2
         movq	32(%rdi), %r12
         movq	72(%rdi), %r13
@@ -7941,11 +7943,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -48(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -8(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 32(%rdi)
+        movq	%r15, 32(%rdi)
         # Row 3
         movq	16(%rdi), %r12
         movq	56(%rdi), %r13
@@ -7972,11 +7974,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -64(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -24(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 16(%rdi)
+        movq	%r15, 16(%rdi)
         # Row 4
         xorq	-40(%rdi), %r9
         xorq	(%rdi), %r10
@@ -8060,13 +8062,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, -64(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, -80(%rdi)
-        movq	$0x8000000000000080, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, -80(%rdi)
         # XOR in constant
+        movq	$0x8000000000000080, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	24(%rdi), %r12
@@ -8094,11 +8096,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 56(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 40(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 24(%rdi)
+        movq	%r15, 24(%rdi)
         # Row 2
         movq	-56(%rdi), %r12
         movq	-32(%rdi), %r13
@@ -8125,11 +8127,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -24(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -40(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -56(%rdi)
+        movq	%r15, -56(%rdi)
         # Row 3
         movq	64(%rdi), %r12
         movq	88(%rdi), %r13
@@ -8156,11 +8158,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 96(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 80(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 64(%rdi)
+        movq	%r15, 64(%rdi)
         # Row 4
         xorq	-16(%rdi), %r9
         xorq	8(%rdi), %r10
@@ -8244,11 +8246,11 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, 96(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, (%rdi)
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, (%rdi)
         # XOR in constant
         xorq	$0x800a, %rcx
         # Row 1
@@ -8277,11 +8279,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 88(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -8(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -64(%rdi)
+        movq	%r15, -64(%rdi)
         # Row 2
         movq	-72(%rdi), %r12
         movq	32(%rdi), %r13
@@ -8308,11 +8310,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 80(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -16(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -72(%rdi)
+        movq	%r15, -72(%rdi)
         # Row 3
         movq	-80(%rdi), %r12
         movq	24(%rdi), %r13
@@ -8339,11 +8341,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 72(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 16(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -80(%rdi)
+        movq	%r15, -80(%rdi)
         # Row 4
         xorq	-88(%rdi), %r9
         xorq	56(%rdi), %r10
@@ -8427,13 +8429,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, 72(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, 8(%rdi)
-        movq	$0x800000008000000a, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, 8(%rdi)
         # XOR in constant
+        movq	$0x800000008000000a, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	96(%rdi), %r12
@@ -8461,11 +8463,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 24(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -40(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 96(%rdi)
+        movq	%r15, 96(%rdi)
         # Row 2
         movq	48(%rdi), %r12
         movq	-56(%rdi), %r13
@@ -8492,11 +8494,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 16(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -88(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 48(%rdi)
+        movq	%r15, 48(%rdi)
         # Row 3
         movq	(%rdi), %r12
         movq	-64(%rdi), %r13
@@ -8523,11 +8525,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -32(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 64(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, (%rdi)
+        movq	%r15, (%rdi)
         # Row 4
         xorq	-48(%rdi), %r9
         xorq	88(%rdi), %r10
@@ -8611,13 +8613,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, -32(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, 56(%rdi)
-        movq	$0x8000000080008081, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, 56(%rdi)
         # XOR in constant
+        movq	$0x8000000080008081, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	72(%rdi), %r12
@@ -8645,11 +8647,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -64(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -16(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 72(%rdi)
+        movq	%r15, 72(%rdi)
         # Row 2
         movq	40(%rdi), %r12
         movq	-72(%rdi), %r13
@@ -8676,11 +8678,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 64(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -48(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 40(%rdi)
+        movq	%r15, 40(%rdi)
         # Row 3
         movq	8(%rdi), %r12
         movq	96(%rdi), %r13
@@ -8707,11 +8709,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 32(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -80(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 8(%rdi)
+        movq	%r15, 8(%rdi)
         # Row 4
         xorq	-24(%rdi), %r9
         xorq	24(%rdi), %r10
@@ -8795,13 +8797,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, 32(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, 88(%rdi)
-        movq	$0x8000000000008080, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, 88(%rdi)
         # XOR in constant
+        movq	$0x8000000000008080, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	-32(%rdi), %r12
@@ -8829,11 +8831,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 96(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -88(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -32(%rdi)
+        movq	%r15, -32(%rdi)
         # Row 2
         movq	-8(%rdi), %r12
         movq	48(%rdi), %r13
@@ -8860,11 +8862,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -80(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -24(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -8(%rdi)
+        movq	%r15, -8(%rdi)
         # Row 3
         movq	56(%rdi), %r12
         movq	72(%rdi), %r13
@@ -8891,11 +8893,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -56(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, (%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 56(%rdi)
+        movq	%r15, 56(%rdi)
         # Row 4
         xorq	80(%rdi), %r9
         xorq	-64(%rdi), %r10
@@ -8979,13 +8981,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, -56(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, 24(%rdi)
-        movq	$0x80000001, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, 24(%rdi)
         # XOR in constant
+        movq	$0x80000001, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	32(%rdi), %r12
@@ -9013,11 +9015,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 72(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -48(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 32(%rdi)
+        movq	%r15, 32(%rdi)
         # Row 2
         movq	-40(%rdi), %r12
         movq	40(%rdi), %r13
@@ -9044,11 +9046,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, (%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 80(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -40(%rdi)
+        movq	%r15, -40(%rdi)
         # Row 3
         movq	88(%rdi), %r12
         movq	-32(%rdi), %r13
@@ -9075,11 +9077,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -72(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 8(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 88(%rdi)
+        movq	%r15, 88(%rdi)
         # Row 4
         xorq	16(%rdi), %r9
         xorq	96(%rdi), %r10
@@ -9163,13 +9165,13 @@ L_sha3_block_n_bmi2_rounds:
         andnq	%r12, %rbx, %rbp
         xorq	%r15, %rbp
         movq	%rbp, -72(%rdi)
-        andnq	%r13, %r12, %rbp
-        xorq	%rbx, %rbp
-        movq	%rbp, -64(%rdi)
-        movq	$0x8000000080008008, %rbx
+        andnq	%r13, %r12, %r15
         andnq	%r14, %r13, %rcx
+        xorq	%rbx, %r15
         xorq	%r12, %rcx
+        movq	%r15, -64(%rdi)
         # XOR in constant
+        movq	$0x8000000080008008, %rbx
         xorq	%rbx, %rcx
         # Row 1
         movq	-56(%rdi), %r12
@@ -9197,11 +9199,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, -32(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, -24(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -56(%rdi)
+        movq	%r15, -56(%rdi)
         # Row 2
         movq	-16(%rdi), %r12
         movq	-8(%rdi), %r13
@@ -9228,11 +9230,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 8(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 16(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, -16(%rdi)
+        movq	%r15, -16(%rdi)
         # Row 3
         movq	24(%rdi), %r12
         movq	32(%rdi), %r13
@@ -9259,11 +9261,11 @@ L_sha3_block_n_bmi2_rounds:
         xorq	%r15, %rbp
         movq	%rbp, 48(%rdi)
         andnq	%r13, %r12, %rbp
+        andnq	%r14, %r13, %r15
         xorq	%rbx, %rbp
+        xorq	%r12, %r15
         movq	%rbp, 56(%rdi)
-        andnq	%r14, %r13, %rbp
-        xorq	%r12, %rbp
-        movq	%rbp, 24(%rdi)
+        movq	%r15, 24(%rdi)
         # Row 4
         xorq	64(%rdi), %r9
         xorq	72(%rdi), %r10
@@ -9520,15 +9522,15 @@ L_sha3_block_avx2_start:
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .text
-.globl	kyber_sha3_blocksx4_avx2
-.type	kyber_sha3_blocksx4_avx2,@function
+.globl	sha3_blocksx4_avx2
+.type	sha3_blocksx4_avx2,@function
 .align	16
-kyber_sha3_blocksx4_avx2:
+sha3_blocksx4_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_sha3_blocksx4_avx2
+.globl	_sha3_blocksx4_avx2
 .p2align	4
-_kyber_sha3_blocksx4_avx2:
+_sha3_blocksx4_avx2:
 #endif /* __APPLE__ */
         leaq	L_sha3_x4_avx2_r(%rip), %rdx
         vmovdqu	(%rdi), %ymm15
@@ -14874,7 +14876,7 @@ _kyber_sha3_blocksx4_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_sha3_blocksx4_avx2,.-kyber_sha3_blocksx4_avx2
+.size	sha3_blocksx4_avx2,.-sha3_blocksx4_avx2
 #endif /* __APPLE__ */
 #endif /* HAVE_INTEL_AVX2 */
 
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index 77313f7a2..73ef41246 100644
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -1,6 +1,6 @@
 /* sha512.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,12 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && \
     (!defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)) && \
@@ -56,7 +51,6 @@
 #endif
 
 #include <wolfssl/wolfcrypt/sha512.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #include <wolfssl/wolfcrypt/hash.h>
 
@@ -73,8 +67,6 @@
     #define USE_SLOW_SHA512
 #endif
 
-#include <wolfssl/wolfcrypt/logging.h>
-
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -96,6 +88,11 @@
     #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
 #endif
 
+#if defined(MAX3266X_SHA)
+    /* Already brought in by sha512.h */
+    /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
+#endif
+
 #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
     #if defined(__GNUC__) && ((__GNUC__ < 4) || \
                               (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
@@ -149,6 +146,9 @@
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     int wc_InitSha512(wc_Sha512* sha512)
     {
@@ -211,6 +211,66 @@
     {
         se050_hash_free(&sha512->se050Ctx);
     }
+#elif defined(STM32_HASH_SHA512)
+
+    /* Supports CubeMX HAL or Standard Peripheral Library */
+
+    int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
+    {
+        if (sha512 == NULL)
+            return BAD_FUNC_ARG;
+
+        (void)devId;
+        (void)heap;
+
+        XMEMSET(sha512, 0, sizeof(wc_Sha512));
+        wc_Stm32_Hash_Init(&sha512->stmCtx);
+        return 0;
+    }
+
+    int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
+    {
+        int ret = 0;
+
+        if (sha512 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Update(&sha512->stmCtx,
+                HASH_ALGOSELECTION_SHA512, data, len, WC_SHA512_BLOCK_SIZE);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+        return ret;
+    }
+
+    int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
+    {
+        int ret = 0;
+
+        if (sha512 == NULL || hash == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Final(&sha512->stmCtx,
+                HASH_ALGOSELECTION_SHA512, hash, WC_SHA512_DIGEST_SIZE);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+
+        (void)wc_InitSha512(sha512); /* reset state */
+
+        return ret;
+    }
 
 #else
 
@@ -765,6 +825,12 @@ int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
     sha512->ctx.mode = ESP32_SHA_INIT;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    if (wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)) != 0){
+        return BAD_FUNC_ARG;
+    }
+#endif
+
     return InitSha512_Family(sha512, heap, devId, InitSha512);
 }
 
@@ -1158,6 +1224,9 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
     /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+#elif defined(STM32_HASH_SHA512)
 #else
 
 static WC_INLINE int Sha512Final(wc_Sha512* sha512)
@@ -1318,26 +1387,23 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+#elif defined(STM32_HASH_SHA512)
 #else
 
 static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz)
 {
-#ifdef LITTLE_ENDIAN_ORDER
-    word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
-#endif
-
     if (sha512 == NULL || hash == NULL) {
         return BAD_FUNC_ARG;
     }
 
 #ifdef LITTLE_ENDIAN_ORDER
-    ByteReverseWords64((word64*)digest, (word64*)sha512->digest,
-                                                         WC_SHA512_DIGEST_SIZE);
-    XMEMCPY(hash, digest, digestSz);
-#else
-    XMEMCPY(hash, sha512->digest, digestSz);
+    ByteReverseWords64(sha512->digest, sha512->digest, WC_SHA512_DIGEST_SIZE);
 #endif
 
+    XMEMCPY(hash, sha512->digest, digestSz);
+
     return 0;
 }
 
@@ -1387,13 +1453,19 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, size_t digestSz,
     return initfp(sha512);
 }
 
+#ifndef STM32_HASH_SHA512
 int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
 {
     return Sha512_Family_Final(sha512, hash, WC_SHA512_DIGEST_SIZE, InitSha512);
 }
+#endif
 
 #endif /* WOLFSSL_KCAPI_HASH */
 
+#if defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
+#else
 #if !defined(WOLFSSL_SE050) || !defined(WOLFSSL_SE050_HASH)
 int wc_InitSha512(wc_Sha512* sha512)
 {
@@ -1436,12 +1508,18 @@ void wc_Sha512Free(wc_Sha512* sha512)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx));
+#endif
+
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
     wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512);
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
     ForceZero(sha512, sizeof(*sha512));
 }
+#endif
+
 #if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) \
     && !defined(WOLFSSL_KCAPI_HASH)
 /* Apply SHA512 transformation to the data                */
@@ -1560,6 +1638,67 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+#elif defined(STM32_HASH_SHA384)
+
+    int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
+    {
+        if (sha384 == NULL)
+            return BAD_FUNC_ARG;
+
+        (void)devId;
+        (void)heap;
+
+        XMEMSET(sha384, 0, sizeof(wc_Sha384));
+        wc_Stm32_Hash_Init(&sha384->stmCtx);
+        return 0;
+    }
+
+    int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
+    {
+        int ret = 0;
+
+        if (sha384 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Update(&sha384->stmCtx,
+                HASH_ALGOSELECTION_SHA384, data, len, WC_SHA384_BLOCK_SIZE);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+        return ret;
+    }
+
+    int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
+    {
+        int ret = 0;
+
+        if (sha384 == NULL || hash == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Final(&sha384->stmCtx,
+                HASH_ALGOSELECTION_SHA384, hash, WC_SHA384_DIGEST_SIZE);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+
+        (void)wc_InitSha384(sha384); /* reset state */
+
+        return ret;
+    }
+
 #else
 
 static int InitSha384(wc_Sha384* sha384)
@@ -1654,22 +1793,16 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
 
 int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash)
 {
-#ifdef LITTLE_ENDIAN_ORDER
-    word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)];
-#endif
-
     if (sha384 == NULL || hash == NULL) {
         return BAD_FUNC_ARG;
     }
 
 #ifdef LITTLE_ENDIAN_ORDER
-    ByteReverseWords64((word64*)digest, (word64*)sha384->digest,
-                                                         WC_SHA384_DIGEST_SIZE);
-    XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE);
-#else
-    XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE);
+    ByteReverseWords64(sha384->digest, sha384->digest, WC_SHA384_DIGEST_SIZE);
 #endif
 
+    XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE);
+
     return 0;
 }
 
@@ -1736,6 +1869,13 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
     sha384->ctx.mode = ESP32_SHA_INIT;
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     ret = InitSha384(sha384);
     if (ret != 0) {
         return ret;
@@ -1755,6 +1895,10 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 
 #endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA512 || WOLFSSL_KCAPI_HASH */
 
+#if defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
+#else
 int wc_InitSha384(wc_Sha384* sha384)
 {
     int devId = INVALID_DEVID;
@@ -1810,9 +1954,14 @@ void wc_Sha384Free(wc_Sha384* sha384)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx));
+#endif
+
     ForceZero(sha384, sizeof(*sha384));
 }
 
+#endif
 #endif /* WOLFSSL_SHA384 */
 
 #ifdef WOLFSSL_SHA512
@@ -1824,6 +1973,9 @@ void wc_Sha384Free(wc_Sha384* sha384)
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
 static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash,
@@ -1927,6 +2079,13 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
@@ -1952,17 +2111,75 @@ int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags)
 #if !defined(WOLFSSL_NOSHA512_224) && \
    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
 
+#if defined(STM32_HASH_SHA512_224)
 
+int wc_InitSha512_224_ex(wc_Sha512* sha512, void* heap, int devId)
+{
+    if (sha512 == NULL)
+        return BAD_FUNC_ARG;
+
+    (void)devId;
+    (void)heap;
+
+    XMEMSET(sha512, 0, sizeof(wc_Sha512));
+    wc_Stm32_Hash_Init(&sha512->stmCtx);
+    return 0;
+}
+
+int wc_Sha512_224Update(wc_Sha512* sha512, const byte* data, word32 len)
+{
+    int ret = 0;
+
+    if (sha512 == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    if (data == NULL && len == 0) {
+        /* valid, but do nothing */
+        return 0;
+    }
+    if (data == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    ret = wolfSSL_CryptHwMutexLock();
+    if (ret == 0) {
+        ret = wc_Stm32_Hash_Update(&sha512->stmCtx,
+            HASH_ALGOSELECTION_SHA512_224, data, len, WC_SHA512_224_BLOCK_SIZE);
+        wolfSSL_CryptHwMutexUnLock();
+    }
+    return ret;
+}
+
+int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash)
+{
+    int ret = 0;
+
+    if (sha512 == NULL || hash == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    ret = wolfSSL_CryptHwMutexLock();
+    if (ret == 0) {
+        ret = wc_Stm32_Hash_Final(&sha512->stmCtx,
+            HASH_ALGOSELECTION_SHA512_224, hash, WC_SHA512_224_DIGEST_SIZE);
+        wolfSSL_CryptHwMutexUnLock();
+    }
+
+    (void)wc_InitSha512_224(sha512); /* reset state */
+
+    return ret;
+}
+#endif
 int wc_InitSha512_224(wc_Sha512* sha)
 {
     return wc_InitSha512_224_ex(sha, NULL, INVALID_DEVID);
 }
-
+#if !defined(STM32_HASH_SHA512_224)
 int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
 {
     return wc_Sha512Update(sha, data, len);
 }
-
+#endif
 #if defined(WOLFSSL_KCAPI_HASH)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
 #elif defined(WOLFSSL_RENESAS_RSIP) && \
@@ -1970,6 +2187,7 @@ int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
+#elif defined(STM32_HASH_SHA512_224)
 
 #else
 int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash)
@@ -2032,16 +2250,75 @@ int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data)
 
 #if !defined(WOLFSSL_NOSHA512_256) && \
    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+#if defined(STM32_HASH_SHA512_256)
 
+    int wc_InitSha512_256_ex(wc_Sha512* sha512, void* heap, int devId)
+    {
+        if (sha512 == NULL)
+            return BAD_FUNC_ARG;
+
+        (void)devId;
+        (void)heap;
+
+        XMEMSET(sha512, 0, sizeof(wc_Sha512));
+        wc_Stm32_Hash_Init(&sha512->stmCtx);
+        return 0;
+    }
+
+    int wc_Sha512_256Update(wc_Sha512* sha512, const byte* data, word32 len)
+    {
+        int ret = 0;
+
+        if (sha512 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Update(&sha512->stmCtx,
+                HASH_ALGOSELECTION_SHA512_256, data, len, WC_SHA512_256_BLOCK_SIZE);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+        return ret;
+    }
+
+    int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash)
+    {
+        int ret = 0;
+
+        if (sha512 == NULL || hash == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Final(&sha512->stmCtx,
+                HASH_ALGOSELECTION_SHA512_256, hash, WC_SHA512_256_DIGEST_SIZE);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+
+        (void)wc_InitSha512_256(sha512); /* reset state */
+
+        return ret;
+    }
+#endif
 int wc_InitSha512_256(wc_Sha512* sha)
 {
     return wc_InitSha512_256_ex(sha, NULL, INVALID_DEVID);
 }
-
+#if !defined(STM32_HASH_SHA512_256)
 int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
 {
     return wc_Sha512Update(sha, data, len);
 }
+#endif
 #if defined(WOLFSSL_KCAPI_HASH)
     /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
 #elif defined(WOLFSSL_RENESAS_RSIP) && \
@@ -2049,7 +2326,7 @@ int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
     /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
 
 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
-
+#elif defined(STM32_HASH_SHA512_256)
 #else
 int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash)
 {
@@ -2115,6 +2392,9 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
 #elif defined(WOLFSSL_RENESAS_RSIP) && \
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
     /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */
+#elif defined(MAX3266X_SHA)
+    /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
+
 #else
 
 int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
@@ -2214,6 +2494,13 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
     }
 #endif
 
+#ifdef MAX3266X_SHA_CB
+    ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx));
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
     return ret;
 }
 
diff --git a/wolfcrypt/src/sha512_asm.S b/wolfcrypt/src/sha512_asm.S
index 2c6a06b97..c3ea27b10 100644
--- a/wolfcrypt/src/sha512_asm.S
+++ b/wolfcrypt/src/sha512_asm.S
@@ -1,6 +1,6 @@
 /* sha512_asm.S */
 /*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,7 +42,9 @@
 #define HAVE_INTEL_AVX1
 #endif /* HAVE_INTEL_AVX1 */
 #ifndef NO_AVX2_SUPPORT
+#ifndef HAVE_INTEL_AVX2
 #define HAVE_INTEL_AVX2
+#endif /* HAVE_INTEL_AVX2 */
 #endif /* NO_AVX2_SUPPORT */
 
 #ifdef HAVE_INTEL_AVX1
@@ -159,7 +161,7 @@ _Transform_Sha512_AVX1:
         movq	%r12, %rax
         xorq	%r10, %rbx
         # Start of 16 rounds
-L_sha256_len_avx1_start:
+L_transform_sha512_avx1_start:
         vpaddq	(%rsi), %xmm0, %xmm8
         vpaddq	16(%rsi), %xmm1, %xmm9
         vmovdqu	%xmm8, (%rsp)
@@ -906,7 +908,7 @@ L_sha256_len_avx1_start:
         vpaddq	%xmm7, %xmm8, %xmm7
         # msg_sched done: 14-17
         subl	$0x01, 128(%rsp)
-        jne	L_sha256_len_avx1_start
+        jne	L_transform_sha512_avx1_start
         vpaddq	(%rsi), %xmm0, %xmm8
         vpaddq	16(%rsi), %xmm1, %xmm9
         vmovdqu	%xmm8, (%rsp)
@@ -1372,7 +1374,6 @@ L_sha256_len_avx1_start:
         addq	%r14, 48(%rdi)
         addq	%r15, 56(%rdi)
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x88, %rsp
         popq	%r15
         popq	%r14
@@ -2664,7 +2665,6 @@ L_sha512_len_avx1_start:
         movq	%r15, 56(%rdi)
         jnz	L_sha512_len_avx1_begin
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x90, %rsp
         popq	%rbp
         popq	%r15
@@ -2805,7 +2805,7 @@ _Transform_Sha512_AVX1_RORX:
         vmovdqu	%xmm8, 96(%rsp)
         vmovdqu	%xmm9, 112(%rsp)
         # Start of 16 rounds
-L_sha256_len_avx1_rorx_start:
+L_transform_sha512_avx1_rorx_start:
         addq	$0x80, %rsi
         # msg_sched: 0-1
         # rnd_0: 0 - 0
@@ -3512,7 +3512,7 @@ L_sha256_len_avx1_rorx_start:
         vmovdqu	%xmm8, 96(%rsp)
         vmovdqu	%xmm9, 112(%rsp)
         subl	$0x01, 128(%rsp)
-        jne	L_sha256_len_avx1_rorx_start
+        jne	L_transform_sha512_avx1_rorx_start
         # rnd_all_2: 0-1
         # rnd_0: 0 - 7
         rorxq	$14, %r12, %rax
@@ -3931,7 +3931,6 @@ L_sha256_len_avx1_rorx_start:
         addq	%r14, 48(%rdi)
         addq	%r15, 56(%rdi)
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x88, %rsp
         popq	%r15
         popq	%r14
@@ -5168,7 +5167,6 @@ L_sha512_len_avx1_rorx_start:
         movq	%r15, 56(%rdi)
         jnz	L_sha512_len_avx1_rorx_begin
         xorq	%rax, %rax
-        vzeroupper
         addq	$0x90, %rsp
         popq	%rbp
         popq	%r15
diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c
index 4c4f47ee8..5576e2e22 100644
--- a/wolfcrypt/src/signature.c
+++ b/wolfcrypt/src/signature.c
@@ -1,6 +1,6 @@
 /* signature.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,15 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/signature.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #ifndef NO_ASN
 #include <wolfssl/wolfcrypt/asn.h>
 #endif
@@ -48,6 +42,16 @@
 /* Signature wrapper disabled check */
 #ifndef NO_SIG_WRAPPER
 
+#if !defined(NO_RSA) && defined(NO_ASN)
+    #ifndef MAX_DER_DIGEST_ASN_SZ
+        #define MAX_DER_DIGEST_ASN_SZ 36
+    #endif
+    #ifndef MAX_ENCODED_SIG_SZ
+        #define MAX_ENCODED_SIG_SZ 1024 /* Supports 8192 bit keys */
+    #endif
+#endif
+
+
 #if !defined(NO_RSA) && defined(WOLFSSL_CRYPTOCELL)
     extern int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig,
                                 RsaKey* key, CRYS_RSA_HASH_OpMode_t mode);
@@ -80,7 +84,7 @@ static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte* hash_data,
 int wc_SignatureGetSize(enum wc_SignatureType sig_type,
     const void* key, word32 key_len)
 {
-    int sig_len = BAD_FUNC_ARG;
+    int sig_len = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
 
     /* Suppress possible unused args if all signature types are disabled */
     (void)key;
@@ -225,7 +229,8 @@ int wc_SignatureVerifyHash(
                         WC_ASYNC_FLAG_CALL_AGAIN);
                 #endif
                 if (ret >= 0)
-                        ret = wc_RsaSSL_VerifyInline(plain_data, sig_len, &plain_ptr, (RsaKey*)key);
+                        ret = wc_RsaSSL_VerifyInline(plain_data, sig_len,
+                            &plain_ptr, (RsaKey*)key);
                 } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
                 if (ret >= 0 && plain_ptr) {
                     if ((word32)ret == hash_len &&
diff --git a/wolfcrypt/src/siphash.c b/wolfcrypt/src/siphash.c
index 4a219f08c..05c269087 100644
--- a/wolfcrypt/src/siphash.c
+++ b/wolfcrypt/src/siphash.c
@@ -1,6 +1,6 @@
 /* siphash.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,16 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #include <wolfssl/wolfcrypt/siphash.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -69,14 +62,14 @@
  * @param [in] a  Little-endian byte array.
  * @return 64-bit number.
  */
-#define GET_U64(a)      (*(word64*)(a))
+#define GET_U64(a)      readUnalignedWord64(a)
 /**
  * Decode little-endian byte array to 32-bit number.
  *
  * @param [in] a  Little-endian byte array.
  * @return 32-bit number.
  */
-#define GET_U32(a)      (*(word32*)(a))
+#define GET_U32(a)      readUnalignedWord32(a)
 /**
  * Decode little-endian byte array to 16-bit number.
  *
@@ -90,7 +83,7 @@
  * @param [out] a  Byte array to write into.
  * @param [in]  n  Number to encode.
  */
-#define SET_U64(a, n)   ((*(word64*)(a)) = (n))
+#define SET_U64(a, n)   writeUnalignedWord64(a, n)
 #else
 /**
  * Decode little-endian byte array to 64-bit number.
@@ -112,7 +105,7 @@
  * @param [in] a  Little-endian byte array.
  * @return 32-bit number.
  */
-#define GET_U32(a)      (((word64)((a)[3]) << 24) |     \
+#define GET_U32(a)      (((word32)((a)[3]) << 24) |     \
                          ((word32)((a)[2]) << 16) |     \
                          ((word32)((a)[1]) <<  8) |     \
                          ((word32)((a)[0])      ))
@@ -256,14 +249,14 @@ int wc_SipHashUpdate(SipHash* sipHash, const unsigned char* in, word32 inSz)
     if ((ret == 0) && (inSz > 0)) {
         /* Add to cache if already started. */
         if (sipHash->cacheCnt > 0) {
-            byte len = SIPHASH_BLOCK_SIZE - sipHash->cacheCnt;
+            byte len = (byte)(SIPHASH_BLOCK_SIZE - sipHash->cacheCnt);
             if (len > inSz) {
                 len = (byte)inSz;
             }
             XMEMCPY(sipHash->cache + sipHash->cacheCnt, in, len);
             in += len;
             inSz -= len;
-            sipHash->cacheCnt += len;
+            sipHash->cacheCnt = (byte)(sipHash->cacheCnt + len);
 
             if (sipHash->cacheCnt == SIPHASH_BLOCK_SIZE) {
                 /* Compress the block from the cache. */
@@ -331,7 +324,7 @@ int wc_SipHashFinal(SipHash* sipHash, unsigned char* out, unsigned char outSz)
 
     if (ret == 0) {
         /* Put in remaining cached message bytes. */
-        XMEMSET(sipHash->cache + sipHash->cacheCnt, 0, 7 - sipHash->cacheCnt);
+        XMEMSET(sipHash->cache + sipHash->cacheCnt, 0, 7U - sipHash->cacheCnt);
         sipHash->cache[7] = (byte)(sipHash->inCnt + sipHash->cacheCnt);
 
         SipHashCompress(sipHash, sipHash->cache);
@@ -582,7 +575,7 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
     return 0;
 }
 
-#elif !defined(WOLFSSL_NO_ASM) && defined(__GNUC__) && defined(__aarch64__) && \
+#elif defined(WOLFSSL_ARMASM) && defined(__GNUC__) && defined(__aarch64__) && \
     (WOLFSSL_SIPHASH_CROUNDS == 1 || WOLFSSL_SIPHASH_CROUNDS == 2) && \
     (WOLFSSL_SIPHASH_DROUNDS == 2 || WOLFSSL_SIPHASH_DROUNDS == 4)
 
@@ -805,29 +798,29 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
 #else
 
 #define SipRoundV(v0, v1, v2, v3)   \
-    v0 += v1;                       \
-    v2 += v3;                       \
-    v1 = rotlFixed64(v1, 13);       \
-    v3 = rotlFixed64(v3, 16);       \
-    v1 ^= v0;                       \
-    v3 ^= v2;                       \
-    v0 = rotlFixed64(v0, 32);       \
-    v2 += v1;                       \
-    v0 += v3;                       \
-    v1 = rotlFixed64(v1, 17);       \
-    v3 = rotlFixed64(v3, 21);       \
-    v1 ^= v2;                       \
-    v3 ^= v0;                       \
-    v2 = rotlFixed64(v2, 32);
+    (v0) += (v1);                   \
+    (v2) += (v3);                   \
+    (v1) = rotlFixed64(v1, 13);     \
+    (v3) = rotlFixed64(v3, 16);     \
+    (v1) ^= (v0);                   \
+    (v3) ^= (v2);                   \
+    (v0) = rotlFixed64(v0, 32);     \
+    (v2) += (v1);                   \
+    (v0) += (v3);                   \
+    (v1) = rotlFixed64(v1, 17);     \
+    (v3) = rotlFixed64(v3, 21);     \
+    (v1) ^= (v2);                   \
+    (v3) ^= (v0);                   \
+    (v2) = rotlFixed64(v2, 32);
 
 #define SipHashCompressV(v0, v1, v2, v3, m)             \
     do {                                                \
         int i;                                          \
-        v3 ^= m;                                        \
+        (v3) ^= (m);                                    \
         for (i = 0; i < WOLFSSL_SIPHASH_CROUNDS; i++) { \
             SipRoundV(v0, v1, v2, v3);                  \
         }                                               \
-        v0 ^= m;                                        \
+        (v0) ^= (m);                                    \
     }                                                   \
     while (0)
 
@@ -839,7 +832,7 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
         for (i = 0; i < WOLFSSL_SIPHASH_DROUNDS; i++) { \
             SipRoundV(v0, v1, v2, v3);                  \
         }                                               \
-        n = v0 ^ v1 ^ v2 ^ v3;                          \
+        n = (v0) ^ (v1) ^ (v2) ^ (v3);                  \
         SET_U64(out, n);                                \
     }                                                   \
     while (0)
diff --git a/wolfcrypt/src/sm2.c b/wolfcrypt/src/sm2.c
index 24b8df96f..b8665224f 100644
--- a/wolfcrypt/src/sm2.c
+++ b/wolfcrypt/src/sm2.c
@@ -1,6 +1,6 @@
 /* sm2.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_SM2
 
diff --git a/wolfcrypt/src/sm3.c b/wolfcrypt/src/sm3.c
index dfbef2ec9..b4723d889 100644
--- a/wolfcrypt/src/sm3.c
+++ b/wolfcrypt/src/sm3.c
@@ -1,6 +1,6 @@
 /* sm3.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_SM3
 
diff --git a/wolfcrypt/src/sm3_asm.S b/wolfcrypt/src/sm3_asm.S
index 7c53a6fa6..ade826c8b 100644
--- a/wolfcrypt/src/sm3_asm.S
+++ b/wolfcrypt/src/sm3_asm.S
@@ -1,6 +1,6 @@
 /* sm3_asm.S
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 #ifdef WOLFSSL_SM3
 
diff --git a/wolfcrypt/src/sm4.c b/wolfcrypt/src/sm4.c
index c29cc2bd2..4da6f0b52 100644
--- a/wolfcrypt/src/sm4.c
+++ b/wolfcrypt/src/sm4.c
@@ -1,6 +1,6 @@
 /* sm4.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_SM4
 
diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c
index 34e771b6e..8974314d4 100644
--- a/wolfcrypt/src/sp_arm32.c
+++ b/wolfcrypt/src/sp_arm32.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,11 @@
 
 /* Implementation by Sean Parkinson. */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(WOLFSSL_HAVE_SP_ECC)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -67,7 +62,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 31) / 32) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -93,7 +88,8 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -104,12 +100,20 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -2231,7 +2235,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -2584,7 +2589,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "add	sp, sp, #36\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -2610,7 +2616,7 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "strd	%[r], %[a], [sp, #36]\n\t"
 #endif
         "mov	lr, %[b]\n\t"
-        "ldm	%[a], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3}\n\t"
         "ldm	lr!, {r4, r5, r6}\n\t"
         "umull	r10, r11, %[r], r4\n\t"
         "umull	r12, r7, %[a], r4\n\t"
@@ -2655,7 +2661,7 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "umaal	r4, r6, %[b], r7\n\t"
         "sub	lr, lr, #16\n\t"
         "umaal	r5, r6, r3, r7\n\t"
-        "ldm	%[r], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[r], {r0, r1, r2, r3}\n\t"
         "str	r6, [sp, #32]\n\t"
         "ldm	lr!, {r6}\n\t"
         "mov	r7, #0\n\t"
@@ -2715,7 +2721,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "add	sp, sp, #44\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7",
+            "r8", "r9", "lr"
     );
 }
 
@@ -2751,9 +2758,9 @@ static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -2798,9 +2805,9 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -2848,9 +2855,9 @@ static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -2988,9 +2995,9 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -3066,9 +3073,9 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -3266,9 +3273,9 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -3400,9 +3407,9 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -4680,7 +4687,8 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -4923,7 +4931,8 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -4941,7 +4950,7 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
     __asm__ __volatile__ (
         "sub	sp, sp, #32\n\t"
         "str	%[r], [sp, #28]\n\t"
-        "ldm	%[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         "umull	r9, r10, %[r], %[r]\n\t"
         "umull	r11, r12, %[r], %[a]\n\t"
         "adds	r11, r11, r11\n\t"
@@ -5028,18 +5037,19 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         /* R[15] = r7 */
         "ldr	lr, [sp, #28]\n\t"
         "add	lr, lr, #28\n\t"
-        "stm	lr!, {%[r], r12}\n\t"
+        "stm	lr!, {r0, r12}\n\t"
         "stm	lr!, {r11}\n\t"
         "stm	lr!, {r10}\n\t"
         "stm	lr!, {r3, r4, r8, r9}\n\t"
         "stm	lr!, {r7}\n\t"
         "sub	lr, lr, #0x40\n\t"
-        "ldm	sp, {%[r], %[a], r2, r3, r4, r5, r6}\n\t"
-        "stm	lr, {%[r], %[a], r2, r3, r4, r5, r6}\n\t"
+        "ldm	sp, {r0, r1, r2, r3, r4, r5, r6}\n\t"
+        "stm	lr, {r0, r1, r2, r3, r4, r5, r6}\n\t"
         "add	sp, sp, #32\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -5074,9 +5084,9 @@ static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -5159,9 +5169,9 @@ static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -5272,9 +5282,9 @@ static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -5347,9 +5357,10 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -5383,9 +5394,10 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -5585,7 +5597,8 @@ static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_2048_mul_64_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -5742,7 +5755,8 @@ static void sp_2048_sqr_64(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_2048_sqr_64_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -5798,9 +5812,10 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -5834,9 +5849,10 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -6036,7 +6052,8 @@ static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_2048_mul_32_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -6193,7 +6210,8 @@ static void sp_2048_sqr_32(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_2048_sqr_32_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -6314,7 +6332,7 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #256]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -8379,7 +8397,7 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r4, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -8408,7 +8426,8 @@ static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -8434,9 +8453,9 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -8448,7 +8467,8 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -8572,9 +8592,9 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -9553,7 +9573,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
 }
@@ -9848,7 +9869,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
 }
@@ -10053,7 +10075,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp);
 }
@@ -10183,7 +10206,7 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #128]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -11224,7 +11247,7 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -11283,9 +11306,9 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -11421,9 +11444,9 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -11820,9 +11843,9 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -12022,7 +12045,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
@@ -12190,7 +12213,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
@@ -12229,7 +12252,8 @@ static void sp_2048_mont_norm_64(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -12255,9 +12279,9 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -12269,7 +12293,8 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -12505,9 +12530,9 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -14414,7 +14439,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
 }
@@ -14965,7 +14991,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
 }
@@ -15330,7 +15357,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp);
 }
@@ -15398,9 +15426,10 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -15532,9 +15561,9 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -15592,9 +15621,9 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -15730,9 +15759,9 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -16585,9 +16614,9 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -16781,7 +16810,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
@@ -16932,7 +16961,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
@@ -17116,7 +17145,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -17142,9 +17172,9 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -17156,7 +17186,8 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -17280,9 +17311,9 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -17994,7 +18025,7 @@ static void sp_2048_lshift_64(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r6, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -18112,7 +18143,7 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
@@ -18260,7 +18291,8 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -18271,12 +18303,20 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -23899,7 +23939,8 @@ static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -23941,9 +23982,9 @@ static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -24002,9 +24043,9 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -24066,9 +24107,9 @@ static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -24238,9 +24279,9 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -24344,9 +24385,9 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -24600,9 +24641,9 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -24790,9 +24831,9 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -27922,7 +27963,8 @@ static void sp_3072_sqr_12(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -27963,9 +28005,9 @@ static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -28062,9 +28104,9 @@ static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -28203,9 +28245,9 @@ static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -28278,9 +28320,10 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28314,9 +28357,10 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28516,7 +28560,8 @@ static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_3072_mul_96_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -28673,7 +28718,8 @@ static void sp_3072_sqr_96(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_3072_sqr_96_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -28729,9 +28775,10 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28765,9 +28812,10 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28967,7 +29015,8 @@ static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_3072_mul_48_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -29124,7 +29173,8 @@ static void sp_3072_sqr_48(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_3072_sqr_48_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -29245,7 +29295,7 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #384]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -32334,7 +32384,7 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -32363,7 +32413,8 @@ static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -32389,9 +32440,9 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -32403,7 +32454,8 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -32583,9 +32635,9 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -34028,7 +34080,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
 }
@@ -34451,7 +34504,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
 }
@@ -34736,7 +34790,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp);
 }
@@ -34866,7 +34921,7 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #192]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -36419,7 +36474,7 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -36478,9 +36533,9 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -36616,9 +36671,9 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -37191,9 +37246,9 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -37393,7 +37448,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
@@ -37561,7 +37616,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
@@ -37600,7 +37655,8 @@ static void sp_3072_mont_norm_96(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -37626,9 +37682,9 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -37640,7 +37696,8 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -37988,9 +38045,9 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -40825,7 +40882,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
 }
@@ -41632,7 +41690,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
 }
@@ -42157,7 +42216,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp);
 }
@@ -42225,9 +42285,10 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -42415,9 +42476,9 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -42475,9 +42536,9 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -42613,9 +42674,9 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -42742,9 +42803,8 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p)
         "mov	r3, #-1\n\t"
 #ifdef WOLFSSL_SP_SMALL
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0x1\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "add	r4, r4, #0x7c\n\t"
+        "mov	r4, #0x7c\n\t"
+        "orr	r4, r4, #0x100\n\t"
 #else
         "mov	r4, #0x17c\n\t"
 #endif
@@ -43826,9 +43886,9 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -44022,7 +44082,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
@@ -44173,7 +44233,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
@@ -44357,7 +44417,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -44383,9 +44444,9 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -44397,7 +44458,8 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -44577,9 +44639,9 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -45483,7 +45545,7 @@ static void sp_3072_lshift_96(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r4, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -45601,7 +45663,7 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
@@ -45749,7 +45811,8 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -45760,12 +45823,20 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -46134,9 +46205,9 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -46145,7 +46216,8 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p)
  * a  A single precision integer.
  * b  A single precision integer.
  */
-static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
+static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -46380,9 +46452,9 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Multiply a and b into r. (r = a * b)
@@ -46468,7 +46540,8 @@ SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
  * a  A single precision integer.
  * b  A single precision integer.
  */
-static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
+static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -46494,9 +46567,10 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -46530,9 +46604,10 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -46732,7 +46807,8 @@ static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "bgt	L_sp_4096_mul_128_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -46889,7 +46965,8 @@ static void sp_4096_sqr_128(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_4096_sqr_128_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -47008,7 +47085,7 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #512]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -51121,7 +51198,7 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -51151,7 +51228,8 @@ static void sp_4096_mont_norm_128(sp_digit* r, const sp_digit* m)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -51177,9 +51255,9 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -51191,7 +51269,8 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -51651,9 +51730,9 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -55416,7 +55495,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
 }
@@ -56479,7 +56559,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
 }
@@ -57164,7 +57245,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp);
 }
@@ -57207,7 +57289,8 @@ SP_NOINLINE static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a,
  * a  A single precision integer.
  * b  A single precision integer.
  */
-static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
+static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -57232,9 +57315,10 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -57244,7 +57328,8 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * a  A single precision integer.
  * b  A single precision integer.
  */
-static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p)
+static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -57478,9 +57563,9 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -57538,9 +57623,9 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -57676,9 +57761,9 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -57805,9 +57890,8 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p)
         "mov	r3, #-1\n\t"
 #ifdef WOLFSSL_SP_SMALL
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r4, #0x1\n\t"
-        "lsl	r4, r4, #8\n\t"
-        "add	r4, r4, #0xfc\n\t"
+        "mov	r4, #0xfc\n\t"
+        "orr	r4, r4, #0x100\n\t"
 #else
         "mov	r4, #0x1fc\n\t"
 #endif
@@ -59241,9 +59325,9 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -59437,7 +59521,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
@@ -59588,7 +59672,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
@@ -59772,7 +59856,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -59798,9 +59883,9 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -59812,7 +59897,8 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -60048,9 +60134,9 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -61146,7 +61232,7 @@ static void sp_4096_lshift_128(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r5, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -61264,7 +61350,7 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
@@ -61627,7 +61713,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "bgt	L_sp_256_mul_8_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -63623,7 +63710,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -63976,7 +64064,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "add	sp, sp, #36\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -64002,7 +64091,7 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "strd	%[r], %[a], [sp, #36]\n\t"
 #endif
         "mov	lr, %[b]\n\t"
-        "ldm	%[a], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3}\n\t"
         "ldm	lr!, {r4, r5, r6}\n\t"
         "umull	r10, r11, %[r], r4\n\t"
         "umull	r12, r7, %[a], r4\n\t"
@@ -64047,7 +64136,7 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "umaal	r4, r6, %[b], r7\n\t"
         "sub	lr, lr, #16\n\t"
         "umaal	r5, r6, r3, r7\n\t"
-        "ldm	%[r], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[r], {r0, r1, r2, r3}\n\t"
         "str	r6, [sp, #32]\n\t"
         "ldm	lr!, {r6}\n\t"
         "mov	r7, #0\n\t"
@@ -64107,7 +64196,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p
         "add	sp, sp, #44\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7",
+            "r8", "r9", "lr"
     );
 }
 
@@ -64267,7 +64357,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_256_sqr_8_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -65478,7 +65569,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -65721,7 +65813,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -65739,7 +65832,7 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
     __asm__ __volatile__ (
         "sub	sp, sp, #32\n\t"
         "str	%[r], [sp, #28]\n\t"
-        "ldm	%[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         "umull	r9, r10, %[r], %[r]\n\t"
         "umull	r11, r12, %[r], %[a]\n\t"
         "adds	r11, r11, r11\n\t"
@@ -65826,18 +65919,19 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p)
         /* R[15] = r7 */
         "ldr	lr, [sp, #28]\n\t"
         "add	lr, lr, #28\n\t"
-        "stm	lr!, {%[r], r12}\n\t"
+        "stm	lr!, {r0, r12}\n\t"
         "stm	lr!, {r11}\n\t"
         "stm	lr!, {r10}\n\t"
         "stm	lr!, {r3, r4, r8, r9}\n\t"
         "stm	lr!, {r7}\n\t"
         "sub	lr, lr, #0x40\n\t"
-        "ldm	sp, {%[r], %[a], r2, r3, r4, r5, r6}\n\t"
-        "stm	lr, {%[r], %[a], r2, r3, r4, r5, r6}\n\t"
+        "ldm	sp, {r0, r1, r2, r3, r4, r5, r6}\n\t"
+        "stm	lr, {r0, r1, r2, r3, r4, r5, r6}\n\t"
         "add	sp, sp, #32\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
 }
 
@@ -65876,9 +65970,10 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -65913,9 +66008,9 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -65925,7 +66020,8 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
  * a  The number to convert.
  * m  The modulus (prime).
  */
-static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
+static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -66149,10 +66245,11 @@ static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_di
         "add	sp, sp, #24\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10"
     );
     (void)m_p;
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Convert an mp_int to an array of sp_digit.
@@ -66360,7 +66457,8 @@ static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm)
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p, sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -68464,7 +68562,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r12"
     );
     (void)m_p;
     (void)mp_p;
@@ -68480,7 +68579,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p, sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -68941,7 +69041,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -68957,7 +69058,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p, sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -68972,7 +69074,7 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "strd	%[r], %[a], [sp, #68]\n\t"
 #endif
         "mov	lr, %[b]\n\t"
-        "ldm	%[a], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3}\n\t"
         "ldm	lr!, {r4, r5, r6}\n\t"
         "umull	r10, r11, %[r], r4\n\t"
         "umull	r12, r7, %[a], r4\n\t"
@@ -69017,7 +69119,7 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "umaal	r4, r6, %[b], r7\n\t"
         "sub	lr, lr, #16\n\t"
         "umaal	r5, r6, r3, r7\n\t"
-        "ldm	%[r], {%[r], %[a], %[b], r3}\n\t"
+        "ldm	%[r], {r0, r1, r2, r3}\n\t"
         "str	r6, [sp, #64]\n\t"
         "ldm	lr!, {r6}\n\t"
         "mov	r7, #0\n\t"
@@ -69196,7 +69298,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x4c\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7",
+            "r8", "r9", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -69211,7 +69314,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -70394,7 +70498,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9", "r10", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9",
+            "r10", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -70408,7 +70513,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -70760,7 +70866,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -70774,7 +70881,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
  * m   Modulus (prime).
  * mp  Montgomery multiplier.
  */
-static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -70782,7 +70890,7 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
     __asm__ __volatile__ (
         "sub	sp, sp, #0x44\n\t"
         "str	%[r], [sp, #64]\n\t"
-        "ldm	%[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t"
+        "ldm	%[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t"
         "umull	r9, r10, %[r], %[r]\n\t"
         "umull	r11, r12, %[r], %[a]\n\t"
         "adds	r11, r11, r11\n\t"
@@ -70869,7 +70977,7 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
         /* R[15] = r7 */
         "mov	lr, sp\n\t"
         "add	lr, lr, #28\n\t"
-        "stm	lr!, {%[r], r12}\n\t"
+        "stm	lr!, {r0, r12}\n\t"
         "stm	lr!, {r11}\n\t"
         "stm	lr!, {r10}\n\t"
         "stm	lr!, {r3, r4, r8, r9}\n\t"
@@ -71000,7 +71108,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co
         "add	sp, sp, #0x44\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -71028,7 +71137,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_minus_2[8] = {
+static const word32 p256_mod_minus_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -71232,9 +71341,9 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -71252,7 +71361,8 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -71278,9 +71388,9 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -71292,7 +71402,8 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -71332,9 +71443,9 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -71620,7 +71731,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -71723,7 +71835,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -71808,7 +71921,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -71959,7 +72073,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
         "add	sp, sp, #0x44\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -71972,7 +72087,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p,
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -72244,7 +72360,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -72256,7 +72373,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -72347,7 +72465,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -72359,7 +72478,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -72432,7 +72552,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp);
 }
@@ -72463,7 +72584,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_8(r->x, p256_mod);
-    sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->x, r->x, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->x);
 
     /* y /= z^3 */
@@ -72472,7 +72593,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_8(r->y, p256_mod);
-    sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->y, r->y, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -72486,7 +72607,8 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
  * b   Second number to add in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -72530,7 +72652,8 @@ static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
 }
@@ -72580,7 +72703,8 @@ static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r2"
     );
     (void)m_p;
 }
@@ -72662,7 +72786,8 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r2", "r3", "r12"
     );
     (void)m_p;
 }
@@ -72674,7 +72799,8 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
  * b   Number to subtract with in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -72716,7 +72842,8 @@ static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r11", "r12", "lr"
     );
     (void)m_p;
 }
@@ -72793,7 +72920,8 @@ static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r], {r8, r9, r10, r11}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3"
     );
 }
 
@@ -73088,8 +73216,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
         sp_256_mont_sub_8(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73106,7 +73234,7 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -73280,8 +73408,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73298,7 +73426,7 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -73353,7 +73481,7 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
     r->z[6] = 0;
     r->z[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -73751,8 +73879,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
         sp_256_mont_sub_8(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73769,7 +73897,7 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -73896,7 +74024,7 @@ static void sp_256_get_entry_16_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -74044,7 +74172,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -74072,7 +74200,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -74317,7 +74445,7 @@ static void sp_256_get_entry_256_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -74465,7 +74593,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -74493,7 +74621,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -76318,7 +76446,7 @@ static void sp_256_add_one_8(sp_digit* a_p)
         "stm	%[a]!, {r1, r2, r3, r4}\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4"
     );
 }
 
@@ -76335,7 +76463,8 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -76346,12 +76475,20 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -76722,9 +76859,10 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -76756,9 +76894,9 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -76856,7 +76994,7 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #32]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -77129,7 +77267,7 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -77188,9 +77326,9 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -77326,9 +77464,9 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -77431,7 +77569,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_minus_2[8] = {
+static const word32 p256_order_minus_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
@@ -78010,9 +78148,10 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -78046,9 +78185,9 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit*
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -78093,8 +78232,7 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p)
         "strd	r8, r9, [%[r], #24]\n\t"
 #endif
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r2, [%[a]]\n\t"
-        "ldr	r3, [%[a], #4]\n\t"
+        "ldm	r1, {r2, r3}\n\t"
 #else
         "ldrd	r2, r3, [%[a]]\n\t"
 #endif
@@ -78113,8 +78251,7 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p)
         "orr	r8, r8, r5, lsl #31\n\t"
         "orr	r9, r9, r12, lsl #31\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "str	r6, [%[r]]\n\t"
-        "str	r7, [%[r], #4]\n\t"
+        "stm	r0, {r6, r7}\n\t"
 #else
         "strd	r6, r7, [%[r]]\n\t"
 #endif
@@ -78126,7 +78263,8 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p)
 #endif
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr", "r10"
     );
 }
 
@@ -78212,12 +78350,13 @@ static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "stm	%[r], {r8, r9, r10, r11}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
 }
 
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-static const unsigned char L_sp_256_num_bits_8_table[] = {
+static const byte L_sp_256_num_bits_8_table[] = {
     0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03,
     0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
     0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05,
@@ -78255,7 +78394,8 @@ static const unsigned char L_sp_256_num_bits_8_table[] = {
 static int sp_256_num_bits_8(const sp_digit* a_p)
 {
     register const sp_digit* a asm ("r0") = (const sp_digit*)a_p;
-    register unsigned char* L_sp_256_num_bits_8_table_c asm ("r1") = (unsigned char*)&L_sp_256_num_bits_8_table;
+    register byte* L_sp_256_num_bits_8_table_c asm ("r1") =
+        (byte*)&L_sp_256_num_bits_8_table;
 
     __asm__ __volatile__ (
         "mov	lr, %[L_sp_256_num_bits_8_table]\n\t"
@@ -78567,11 +78707,12 @@ static int sp_256_num_bits_8(const sp_digit* a_p)
         "\n"
     "L_sp_256_num_bits_8_9_%=: \n\t"
         "mov	%[a], r12\n\t"
-        : [a] "+r" (a), [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c)
+        : [a] "+r" (a),
+          [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c)
         :
-        : "memory", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -78583,13 +78724,7 @@ static int sp_256_num_bits_8(const sp_digit* a_p)
         "ldr	r1, [%[a], #28]\n\t"
         "cmp	r1, #0\n\t"
         "beq	L_sp_256_num_bits_8_7_%=\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x100\n\t"
-#endif
         "clz	r12, r1\n\t"
         "sub	r12, r2, r12\n\t"
         "b	L_sp_256_num_bits_8_9_%=\n\t"
@@ -78658,9 +78793,9 @@ static int sp_256_num_bits_8(const sp_digit* a_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_ARM_ARCH && (WOLFSSL_ARM_ARCH < 7) */
@@ -79931,7 +80066,8 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "bgt	L_sp_384_mul_12_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -85428,7 +85564,8 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -85587,7 +85724,8 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_384_sqr_12_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -88650,7 +88788,8 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -88688,9 +88827,10 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -88732,9 +88872,9 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -88818,18 +88958,18 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = t[0];
-        r[1] = t[1];
-        r[2] = t[2];
-        r[3] = t[3];
-        r[4] = t[4];
-        r[5] = t[5];
-        r[6] = t[6];
-        r[7] = t[7];
-        r[8] = t[8];
-        r[9] = t[9];
-        r[10] = t[10];
-        r[11] = t[11];
+        r[0] = (sp_digit)t[0];
+        r[1] = (sp_digit)t[1];
+        r[2] = (sp_digit)t[2];
+        r[3] = (sp_digit)t[3];
+        r[4] = (sp_digit)t[4];
+        r[5] = (sp_digit)t[5];
+        r[6] = (sp_digit)t[6];
+        r[7] = (sp_digit)t[7];
+        r[8] = (sp_digit)t[8];
+        r[9] = (sp_digit)t[9];
+        r[10] = (sp_digit)t[10];
+        r[11] = (sp_digit)t[11];
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -89043,7 +89183,8 @@ static int sp_384_point_to_ecc_point_12(const sp_point_384* p, ecc_point* pm)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -89069,9 +89210,9 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -89083,7 +89224,8 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -89137,9 +89279,9 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -89540,7 +89682,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp);
 }
@@ -89675,7 +89818,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp);
 }
@@ -89780,7 +89924,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp);
 }
@@ -89837,7 +89982,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint32_t p384_mod_minus_2[12] = {
+static const word32 p384_mod_minus_2[12] = {
     0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
@@ -90101,9 +90246,9 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -90136,7 +90281,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_12(r->x, p384_mod);
-    sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->x, r->x, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->x);
 
     /* y /= z^3 */
@@ -90145,7 +90290,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_12(r->y, p384_mod);
-    sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->y, r->y, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -90159,7 +90304,8 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
  * b   Second number to add in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -90242,9 +90388,10 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -90285,9 +90432,9 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -90300,7 +90447,8 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -90326,9 +90474,9 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -90340,7 +90488,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -90394,9 +90543,9 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -90407,7 +90556,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_
  * b   Number to subtract with in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -90477,7 +90627,7 @@ static void sp_384_rshift1_12(sp_digit* r_p, const sp_digit* a_p)
         "str	r4, [%[r], #44]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r2", "r3", "r4"
     );
 }
 
@@ -90789,8 +90939,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
         sp_384_mont_sub_12(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -90807,7 +90957,7 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -90981,8 +91131,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -90999,7 +91149,7 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -91066,7 +91216,7 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
     r->z[10] = 0;
     r->z[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -91476,8 +91626,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
         sp_384_mont_sub_12(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -91494,7 +91644,7 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -91629,7 +91779,7 @@ static void sp_384_get_entry_16_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -91785,7 +91935,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -91813,7 +91963,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -92066,7 +92216,7 @@ static void sp_384_get_entry_256_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -92222,7 +92372,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -92250,7 +92400,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -94081,7 +94231,7 @@ static void sp_384_add_one_12(sp_digit* a_p)
         "stm	%[a]!, {r1, r2, r3, r4}\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4"
     );
 }
 
@@ -94098,7 +94248,8 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -94109,12 +94260,20 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -94485,9 +94644,10 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -94526,9 +94686,9 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -94626,7 +94786,7 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #48]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -95027,7 +95187,7 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -95086,9 +95246,9 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -95224,9 +95384,9 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -95333,13 +95493,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint32_t p384_order_minus_2[12] = {
+static const word32 p384_order_minus_2[12] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint32_t p384_order_low[6] = {
+static const word32 p384_order_low[6] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -95899,8 +96059,7 @@ static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi
     "L_sp_384_div2_mod_12_div2_%=: \n\t"
         "sub	%[r], %[r], #48\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[r]]\n\t"
-        "ldr	r9, [%[r], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[r]]\n\t"
 #endif
@@ -95952,12 +96111,13 @@ static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "str	r10, [%[r], #44]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
 }
 
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-static const unsigned char L_sp_384_num_bits_12_table[] = {
+static const byte L_sp_384_num_bits_12_table[] = {
     0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03,
     0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
     0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05,
@@ -95995,7 +96155,8 @@ static const unsigned char L_sp_384_num_bits_12_table[] = {
 static int sp_384_num_bits_12(const sp_digit* a_p)
 {
     register const sp_digit* a asm ("r0") = (const sp_digit*)a_p;
-    register unsigned char* L_sp_384_num_bits_12_table_c asm ("r1") = (unsigned char*)&L_sp_384_num_bits_12_table;
+    register byte* L_sp_384_num_bits_12_table_c asm ("r1") =
+        (byte*)&L_sp_384_num_bits_12_table;
 
     __asm__ __volatile__ (
         "mov	lr, %[L_sp_384_num_bits_12_table]\n\t"
@@ -96006,9 +96167,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_11_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x78\n\t"
+        "mov	r2, #0x78\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x178\n\t"
 #endif
@@ -96022,9 +96182,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_11_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x70\n\t"
+        "mov	r2, #0x70\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x170\n\t"
 #endif
@@ -96038,9 +96197,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_11_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x68\n\t"
+        "mov	r2, #0x68\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x168\n\t"
 #endif
@@ -96051,9 +96209,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
     "L_sp_384_num_bits_12_11_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x60\n\t"
+        "mov	r2, #0x60\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x160\n\t"
 #endif
@@ -96069,9 +96226,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_10_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x58\n\t"
+        "mov	r2, #0x58\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x158\n\t"
 #endif
@@ -96085,9 +96241,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_10_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x50\n\t"
+        "mov	r2, #0x50\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x150\n\t"
 #endif
@@ -96101,9 +96256,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_10_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x48\n\t"
+        "mov	r2, #0x48\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x148\n\t"
 #endif
@@ -96114,9 +96268,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
     "L_sp_384_num_bits_12_10_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x40\n\t"
+        "mov	r2, #0x40\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x140\n\t"
 #endif
@@ -96132,9 +96285,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_9_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x38\n\t"
+        "mov	r2, #0x38\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x138\n\t"
 #endif
@@ -96148,9 +96300,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_9_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x30\n\t"
+        "mov	r2, #0x30\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x130\n\t"
 #endif
@@ -96164,9 +96315,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_9_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x28\n\t"
+        "mov	r2, #0x28\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x128\n\t"
 #endif
@@ -96177,9 +96327,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
     "L_sp_384_num_bits_12_9_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x20\n\t"
+        "mov	r2, #0x20\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x120\n\t"
 #endif
@@ -96195,9 +96344,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_8_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x18\n\t"
+        "mov	r2, #0x18\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x118\n\t"
 #endif
@@ -96211,9 +96359,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_8_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x10\n\t"
+        "mov	r2, #0x10\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x110\n\t"
 #endif
@@ -96227,9 +96374,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_384_num_bits_12_8_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x8\n\t"
+        "mov	r2, #0x8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x108\n\t"
 #endif
@@ -96239,13 +96385,7 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "\n"
     "L_sp_384_num_bits_12_8_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x100\n\t"
-#endif
         "ldrb	r12, [lr, r3]\n\t"
         "add	r12, r2, r12\n\t"
         "b	L_sp_384_num_bits_12_13_%=\n\t"
@@ -96559,11 +96699,12 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "\n"
     "L_sp_384_num_bits_12_13_%=: \n\t"
         "mov	%[a], r12\n\t"
-        : [a] "+r" (a), [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c)
+        : [a] "+r" (a),
+          [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c)
         :
-        : "memory", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -96576,9 +96717,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_384_num_bits_12_11_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x80\n\t"
+        "mov	r2, #0x80\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x180\n\t"
 #endif
@@ -96591,9 +96731,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_384_num_bits_12_10_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x60\n\t"
+        "mov	r2, #0x60\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x160\n\t"
 #endif
@@ -96606,9 +96745,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_384_num_bits_12_9_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x40\n\t"
+        "mov	r2, #0x40\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x140\n\t"
 #endif
@@ -96621,9 +96759,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_384_num_bits_12_8_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x20\n\t"
+        "mov	r2, #0x20\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x120\n\t"
 #endif
@@ -96635,13 +96772,7 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "ldr	r1, [%[a], #28]\n\t"
         "cmp	r1, #0\n\t"
         "beq	L_sp_384_num_bits_12_7_%=\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x100\n\t"
-#endif
         "clz	r12, r1\n\t"
         "sub	r12, r2, r12\n\t"
         "b	L_sp_384_num_bits_12_13_%=\n\t"
@@ -96710,9 +96841,9 @@ static int sp_384_num_bits_12(const sp_digit* a_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_ARM_ARCH && (WOLFSSL_ARM_ARCH < 7) */
@@ -98032,7 +98163,8 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "bgt	L_sp_521_mul_17_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -109048,7 +109180,8 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_
         "stm	%[r]!, {r3}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -109210,7 +109343,8 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_521_sqr_17_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -115082,7 +115216,8 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -115126,9 +115261,10 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "adc	%[r], r4, #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -115181,9 +115317,9 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -115409,7 +115545,8 @@ static int sp_521_point_to_ecc_point_17(const sp_point_521* p, ecc_point* pm)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -115435,9 +115572,9 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -115449,7 +115586,8 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -115522,9 +115660,9 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -115608,9 +115746,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p
         "ldm	%[a], {r1, r2, r3, r4, r5}\n\t"
         "ldm	sp!, {r7, r8, r9, r10, r11}\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	lr, #0x1\n\t"
-        "lsl	lr, lr, #8\n\t"
-        "add	lr, lr, #0xff\n\t"
+        "mov	lr, #0xff\n\t"
+        "orr	lr, lr, #0x100\n\t"
 #else
         "mov	lr, #0x1ff\n\t"
 #endif
@@ -115650,7 +115787,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p
         "stm	%[a]!, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11", "r12", "lr"
     );
     (void)m_p;
     (void)mp_p;
@@ -115663,7 +115801,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -115685,9 +115824,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "cmp	r9, #0x40\n\t"
         "bne	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r7, #0x1\n\t"
-        "lsl	r7, r7, #8\n\t"
-        "add	r7, r7, #0xff\n\t"
+        "mov	r7, #0xff\n\t"
+        "orr	r7, r7, #0x100\n\t"
 #else
         "mov	r7, #0x1ff\n\t"
 #endif
@@ -116279,7 +116417,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp);
 }
@@ -116291,7 +116430,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -116311,9 +116451,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "cmp	r9, #0x40\n\t"
         "bne	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r7, #0x1\n\t"
-        "lsl	r7, r7, #8\n\t"
-        "add	r7, r7, #0xff\n\t"
+        "mov	r7, #0xff\n\t"
+        "orr	r7, r7, #0x100\n\t"
 #else
         "mov	r7, #0x1ff\n\t"
 #endif
@@ -116537,7 +116676,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp);
 }
@@ -116549,7 +116689,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
  * m   The single precision number representing the modulus.
  * mp  The digit representing the negative inverse of m mod 2^n.
  */
-static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p)
+static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p,
+    sp_digit mp_p)
 {
     register sp_digit* a asm ("r0") = (sp_digit*)a_p;
     register const sp_digit* m asm ("r1") = (const sp_digit*)m_p;
@@ -116571,9 +116712,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "cmp	r12, #0x40\n\t"
         "bne	L_sp_521_mont_reduce_order_17_nomask_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r10, #0x1\n\t"
-        "lsl	r10, r10, #8\n\t"
-        "add	r10, r10, #0xff\n\t"
+        "mov	r10, #0xff\n\t"
+        "orr	r10, r10, #0x100\n\t"
 #else
         "mov	r10, #0x1ff\n\t"
 #endif
@@ -116750,7 +116890,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp);
 }
@@ -116807,7 +116948,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint32_t p521_mod_minus_2[17] = {
+static const word32 p521_mod_minus_2[17] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
@@ -117123,9 +117264,9 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -117158,7 +117299,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_17(r->x, p521_mod);
-    sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->x, r->x, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->x);
 
     /* y /= z^3 */
@@ -117167,7 +117308,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_17(r->y, p521_mod);
-    sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->y, r->y, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -117181,7 +117322,8 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
  * b   Second number to add in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -117221,9 +117363,8 @@ static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "ldm	%[b]!, {r4}\n\t"
         "adcs	r8, r8, r4\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0x1\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "add	r12, r12, #0xff\n\t"
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0x100\n\t"
 #else
         "mov	r12, #0x1ff\n\t"
 #endif
@@ -117256,7 +117397,8 @@ static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r]!, {r4}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
     (void)m_p;
 }
@@ -117297,9 +117439,8 @@ static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "ldm	%[a]!, {r4}\n\t"
         "adcs	r4, r4, r4\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x1\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0xff\n\t"
+        "mov	r3, #0xff\n\t"
+        "orr	r3, r3, #0x100\n\t"
 #else
         "mov	r3, #0x1ff\n\t"
 #endif
@@ -117332,7 +117473,8 @@ static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r]!, {r4}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r2", "r3"
     );
     (void)m_p;
 }
@@ -117407,9 +117549,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "ldm	%[a]!, {r8}\n\t"
         "adcs	r4, r4, r8\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r3, #0x1\n\t"
-        "lsl	r3, r3, #8\n\t"
-        "add	r3, r3, #0xff\n\t"
+        "mov	r3, #0xff\n\t"
+        "orr	r3, r3, #0x100\n\t"
 #else
         "mov	r3, #0x1ff\n\t"
 #endif
@@ -117428,7 +117569,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r]!, {r4}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r2", "r3"
     );
     (void)m_p;
 }
@@ -117440,7 +117582,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
  * b   Number to subtract with in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -117480,9 +117623,8 @@ static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "ldm	%[b]!, {r4}\n\t"
         "sbcs	r8, r8, r4\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r12, #0x1\n\t"
-        "lsl	r12, r12, #8\n\t"
-        "add	r12, r12, #0xff\n\t"
+        "mov	r12, #0xff\n\t"
+        "orr	r12, r12, #0x100\n\t"
 #else
         "mov	r12, #0x1ff\n\t"
 #endif
@@ -117516,7 +117658,8 @@ static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "stm	%[r]!, {r4}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
     (void)m_p;
 }
@@ -117595,7 +117738,7 @@ static void sp_521_rshift1_17(sp_digit* r_p, const sp_digit* a_p)
         "str	r3, [%[r], #64]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r2", "r3", "r4"
     );
 }
 
@@ -117911,8 +118054,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
         sp_521_mont_sub_17(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -117929,7 +118072,7 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -118103,8 +118246,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -118121,7 +118264,7 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -118203,7 +118346,7 @@ static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table,
     r->z[15] = 0;
     r->z[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -118632,8 +118775,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
         sp_521_mont_sub_17(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -118650,7 +118793,7 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -118795,7 +118938,7 @@ static void sp_521_get_entry_16_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -118961,7 +119104,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -118989,7 +119132,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -119252,7 +119395,7 @@ static void sp_521_get_entry_256_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -119418,7 +119561,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -119446,7 +119589,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -121830,7 +121973,7 @@ static void sp_521_add_one_17(sp_digit* a_p)
         "stm	%[a]!, {r1}\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r4"
     );
 }
 
@@ -121847,7 +121990,8 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -121858,12 +122002,20 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -122212,8 +122364,7 @@ static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p)
     __asm__ __volatile__ (
         "rsb	r12, %[n], #32\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r4, [%[a]]\n\t"
-        "ldr	r5, [%[a], #4]\n\t"
+        "ldm	r1, {r4, r5}\n\t"
 #else
         "ldrd	r4, r5, [%[a]]\n\t"
 #endif
@@ -122304,7 +122455,7 @@ static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p)
 #endif
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -122424,7 +122575,7 @@ static void sp_521_lshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r5, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -122642,7 +122793,7 @@ static void sp_521_lshift_34(sp_digit* r_p, const sp_digit* a_p, byte n_p)
         "str	r6, [%[r], #4]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n)
         :
-        : "memory", "r4", "r5", "r6", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r3", "r12"
     );
 }
 
@@ -122681,9 +122832,10 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], %[a], %[a]\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -122733,9 +122885,9 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -122833,7 +122985,7 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #68]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -123394,7 +123546,7 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -123453,9 +123605,9 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -123591,9 +123743,9 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -123707,14 +123859,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint32_t p521_order_minus_2[17] = {
+static const word32 p521_order_minus_2[17] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint32_t p521_order_low[9] = {
+static const word32 p521_order_low[9] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU
 };
@@ -124281,9 +124433,10 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12", "lr"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -124335,9 +124488,9 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -124408,8 +124561,7 @@ static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
     "L_sp_521_div2_mod_17_div2_%=: \n\t"
         "sub	%[r], %[r], #0x44\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "ldr	r8, [%[r]]\n\t"
-        "ldr	r9, [%[r], #4]\n\t"
+        "ldm	r0, {r8, r9}\n\t"
 #else
         "ldrd	r8, r9, [%[r]]\n\t"
 #endif
@@ -124481,12 +124633,13 @@ static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "str	r9, [%[r], #64]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
 }
 
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-static const unsigned char L_sp_521_num_bits_17_table[] = {
+static const byte L_sp_521_num_bits_17_table[] = {
     0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03,
     0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
     0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05,
@@ -124524,7 +124677,8 @@ static const unsigned char L_sp_521_num_bits_17_table[] = {
 static int sp_521_num_bits_17(const sp_digit* a_p)
 {
     register const sp_digit* a asm ("r0") = (const sp_digit*)a_p;
-    register unsigned char* L_sp_521_num_bits_17_table_c asm ("r1") = (unsigned char*)&L_sp_521_num_bits_17_table;
+    register byte* L_sp_521_num_bits_17_table_c asm ("r1") =
+        (byte*)&L_sp_521_num_bits_17_table;
 
     __asm__ __volatile__ (
         "mov	lr, %[L_sp_521_num_bits_17_table]\n\t"
@@ -124535,9 +124689,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_16_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x2\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x18\n\t"
+        "mov	r2, #0x18\n\t"
+        "orr	r2, r2, #0x200\n\t"
 #else
         "mov	r2, #0x218\n\t"
 #endif
@@ -124551,9 +124704,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_16_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x2\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x10\n\t"
+        "mov	r2, #0x10\n\t"
+        "orr	r2, r2, #0x200\n\t"
 #else
         "mov	r2, #0x210\n\t"
 #endif
@@ -124567,9 +124719,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_16_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x2\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x8\n\t"
+        "mov	r2, #0x8\n\t"
+        "orr	r2, r2, #0x200\n\t"
 #else
         "mov	r2, #0x208\n\t"
 #endif
@@ -124579,13 +124730,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "\n"
     "L_sp_521_num_bits_17_16_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x2\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x200\n\t"
-#endif
         "ldrb	r12, [lr, r3]\n\t"
         "add	r12, r2, r12\n\t"
         "b	L_sp_521_num_bits_17_18_%=\n\t"
@@ -124598,9 +124743,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_15_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xf8\n\t"
+        "mov	r2, #0xf8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1f8\n\t"
 #endif
@@ -124614,9 +124758,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_15_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xf0\n\t"
+        "mov	r2, #0xf0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1f0\n\t"
 #endif
@@ -124630,9 +124773,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_15_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xe8\n\t"
+        "mov	r2, #0xe8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1e8\n\t"
 #endif
@@ -124643,9 +124785,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_15_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xe0\n\t"
+        "mov	r2, #0xe0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1e0\n\t"
 #endif
@@ -124661,9 +124802,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_14_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xd8\n\t"
+        "mov	r2, #0xd8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1d8\n\t"
 #endif
@@ -124677,9 +124817,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_14_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xd0\n\t"
+        "mov	r2, #0xd0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1d0\n\t"
 #endif
@@ -124693,9 +124832,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_14_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xc8\n\t"
+        "mov	r2, #0xc8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1c8\n\t"
 #endif
@@ -124706,9 +124844,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_14_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xc0\n\t"
+        "mov	r2, #0xc0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1c0\n\t"
 #endif
@@ -124724,9 +124861,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_13_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xb8\n\t"
+        "mov	r2, #0xb8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1b8\n\t"
 #endif
@@ -124740,9 +124876,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_13_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xb0\n\t"
+        "mov	r2, #0xb0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1b0\n\t"
 #endif
@@ -124756,9 +124891,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_13_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xa8\n\t"
+        "mov	r2, #0xa8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1a8\n\t"
 #endif
@@ -124769,9 +124903,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_13_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xa0\n\t"
+        "mov	r2, #0xa0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1a0\n\t"
 #endif
@@ -124787,9 +124920,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_12_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x98\n\t"
+        "mov	r2, #0x98\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x198\n\t"
 #endif
@@ -124803,9 +124935,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_12_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x90\n\t"
+        "mov	r2, #0x90\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x190\n\t"
 #endif
@@ -124819,9 +124950,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_12_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x88\n\t"
+        "mov	r2, #0x88\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x188\n\t"
 #endif
@@ -124832,9 +124962,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_12_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x80\n\t"
+        "mov	r2, #0x80\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x180\n\t"
 #endif
@@ -124850,9 +124979,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_11_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x78\n\t"
+        "mov	r2, #0x78\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x178\n\t"
 #endif
@@ -124866,9 +124994,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_11_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x70\n\t"
+        "mov	r2, #0x70\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x170\n\t"
 #endif
@@ -124882,9 +125009,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_11_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x68\n\t"
+        "mov	r2, #0x68\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x168\n\t"
 #endif
@@ -124895,9 +125021,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_11_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x60\n\t"
+        "mov	r2, #0x60\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x160\n\t"
 #endif
@@ -124913,9 +125038,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_10_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x58\n\t"
+        "mov	r2, #0x58\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x158\n\t"
 #endif
@@ -124929,9 +125053,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_10_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x50\n\t"
+        "mov	r2, #0x50\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x150\n\t"
 #endif
@@ -124945,9 +125068,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_10_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x48\n\t"
+        "mov	r2, #0x48\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x148\n\t"
 #endif
@@ -124958,9 +125080,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_10_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x40\n\t"
+        "mov	r2, #0x40\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x140\n\t"
 #endif
@@ -124976,9 +125097,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_9_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x38\n\t"
+        "mov	r2, #0x38\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x138\n\t"
 #endif
@@ -124992,9 +125112,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_9_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x30\n\t"
+        "mov	r2, #0x30\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x130\n\t"
 #endif
@@ -125008,9 +125127,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_9_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x28\n\t"
+        "mov	r2, #0x28\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x128\n\t"
 #endif
@@ -125021,9 +125139,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
     "L_sp_521_num_bits_17_9_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x20\n\t"
+        "mov	r2, #0x20\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x120\n\t"
 #endif
@@ -125039,9 +125156,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_8_3_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x18\n\t"
+        "mov	r2, #0x18\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x118\n\t"
 #endif
@@ -125055,9 +125171,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_8_2_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x10\n\t"
+        "mov	r2, #0x10\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x110\n\t"
 #endif
@@ -125071,9 +125186,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r3, #0\n\t"
         "beq	L_sp_521_num_bits_17_8_1_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x8\n\t"
+        "mov	r2, #0x8\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x108\n\t"
 #endif
@@ -125083,13 +125197,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "\n"
     "L_sp_521_num_bits_17_8_1_%=: \n\t"
         "and	r3, r1, #0xff\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x100\n\t"
-#endif
         "ldrb	r12, [lr, r3]\n\t"
         "add	r12, r2, r12\n\t"
         "b	L_sp_521_num_bits_17_18_%=\n\t"
@@ -125403,11 +125511,12 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "\n"
     "L_sp_521_num_bits_17_18_%=: \n\t"
         "mov	%[a], r12\n\t"
-        : [a] "+r" (a), [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c)
+        : [a] "+r" (a),
+          [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c)
         :
-        : "memory", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -125420,9 +125529,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_16_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x2\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x20\n\t"
+        "mov	r2, #0x20\n\t"
+        "orr	r2, r2, #0x200\n\t"
 #else
         "mov	r2, #0x220\n\t"
 #endif
@@ -125434,13 +125542,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "ldr	r1, [%[a], #60]\n\t"
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_15_%=\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x2\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x200\n\t"
-#endif
         "clz	r12, r1\n\t"
         "sub	r12, r2, r12\n\t"
         "b	L_sp_521_num_bits_17_18_%=\n\t"
@@ -125450,9 +125552,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_14_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xe0\n\t"
+        "mov	r2, #0xe0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1e0\n\t"
 #endif
@@ -125465,9 +125566,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_13_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xc0\n\t"
+        "mov	r2, #0xc0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1c0\n\t"
 #endif
@@ -125480,9 +125580,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_12_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0xa0\n\t"
+        "mov	r2, #0xa0\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x1a0\n\t"
 #endif
@@ -125495,9 +125594,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_11_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x80\n\t"
+        "mov	r2, #0x80\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x180\n\t"
 #endif
@@ -125510,9 +125608,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_10_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x60\n\t"
+        "mov	r2, #0x60\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x160\n\t"
 #endif
@@ -125525,9 +125622,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_9_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x40\n\t"
+        "mov	r2, #0x40\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x140\n\t"
 #endif
@@ -125540,9 +125636,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_8_%=\n\t"
 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x20\n\t"
+        "mov	r2, #0x20\n\t"
+        "orr	r2, r2, #0x100\n\t"
 #else
         "mov	r2, #0x120\n\t"
 #endif
@@ -125554,13 +125649,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "ldr	r1, [%[a], #28]\n\t"
         "cmp	r1, #0\n\t"
         "beq	L_sp_521_num_bits_17_7_%=\n\t"
-#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7)
-        "mov	r2, #0x1\n\t"
-        "lsl	r2, r2, #8\n\t"
-        "add	r2, r2, #0x0\n\t"
-#else
         "mov	r2, #0x100\n\t"
-#endif
         "clz	r12, r1\n\t"
         "sub	r12, r2, r12\n\t"
         "b	L_sp_521_num_bits_17_18_%=\n\t"
@@ -125629,9 +125718,9 @@ static int sp_521_num_bits_17(const sp_digit* a_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a)
         :
-        : "memory", "r1", "r2", "r3", "r12", "lr", "cc"
+        : "memory", "cc", "r1", "r2", "r3", "r12", "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_ARM_ARCH && (WOLFSSL_ARM_ARCH < 7) */
@@ -126506,7 +126595,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint32_t p521_sqrt_power[17] = {
+static const word32 p521_sqrt_power[17] = {
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000080
@@ -136390,7 +136479,8 @@ static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "stm	%[r]!, {r3, r4, r5, r6}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11",
+            "r12"
     );
 }
 
@@ -141622,7 +141712,8 @@ static void sp_1024_sqr_16(sp_digit* r_p, const sp_digit* a_p)
         "stm	%[r]!, {r2, r3, r4, r8}\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10",
+            "r12"
     );
 }
 
@@ -141671,9 +141762,9 @@ static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -141746,9 +141837,9 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
         "sbc	%[a], r9, r9\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -141824,9 +141915,9 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "adc	%[r], %[r], #0\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -141942,9 +142033,9 @@ static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "sbc	%[r], r6, r6\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -142179,7 +142270,8 @@ static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b
         "bgt	L_sp_1024_mul_32_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -142336,7 +142428,8 @@ static void sp_1024_sqr_32(sp_digit* r_p, const sp_digit* a_p)
         "bgt	L_sp_1024_sqr_32_store_%=\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr",
+            "r11"
     );
 }
 
@@ -142456,9 +142549,10 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r12\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc"
+        : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12",
+            "lr"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -142471,7 +142565,8 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p)
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -142497,9 +142592,9 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], r12\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -142511,7 +142606,8 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to subtract.
  * m  Mask value to apply.
  */
-static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -142635,9 +142731,9 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "sbc	%[r], lr, lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -142674,9 +142770,10 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi
         "mov	%[r], r3\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r3", "r12"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -142774,7 +142871,7 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r3, [%[r], #128]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
     );
 }
 
@@ -143815,7 +143912,7 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p)
         "str	r5, [%[r]]\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8"
     );
 }
 
@@ -143874,9 +143971,9 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "add	%[d1], r4, r3\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -144012,9 +144109,9 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p)
         "sub	%[d1], r3, r6\n\t"
         : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -144441,9 +144538,9 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, const sp_digit* b_p)
         "mov	%[a], r2\n\t"
         : [a] "+r" (a), [b] "+r" (b)
         :
-        : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -145755,7 +145852,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_1024_cond_sub_32(a - 32, a, m, mp);
 }
@@ -146055,7 +146153,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], r3\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_1024_cond_sub_32(a - 32, a, m, mp);
 }
@@ -146265,7 +146364,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_
         "mov	%[mp], lr\n\t"
         : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp)
         :
-        : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
+        : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9",
+            "r10", "r11"
     );
     sp_1024_cond_sub_32(a - 32, a, m, mp);
 }
@@ -146302,7 +146402,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -146392,7 +146492,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_32(r->x, p1024_mod);
-    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->x);
 
     /* y /= z^3 */
@@ -146401,7 +146501,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_32(r->y, p1024_mod);
-    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -146415,7 +146515,8 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
  * b   Second number to add in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -146577,7 +146678,8 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
@@ -146587,7 +146689,8 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * a   Number to double in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
+static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -146732,7 +146835,8 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc"
+        : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7",
+            "r12"
     );
 }
 
@@ -146742,7 +146846,8 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * a   Number to triple in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p)
+static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -147042,7 +147147,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m)
         :
-        : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc"
+        : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7",
+            "r12"
     );
 }
 
@@ -147053,7 +147159,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * b   Number to subtract with in Montgomery form.
  * m   Modulus (prime).
  */
-static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p)
+static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, const sp_digit* m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -147209,7 +147316,8 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
         "stm	%[r]!, {r4, r5, r6, r7}\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
+        : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11",
+            "r12"
     );
 }
 
@@ -147222,7 +147330,8 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -147248,9 +147357,9 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "mov	%[r], lr\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -147262,7 +147371,8 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
  * b  A single precision number to add.
  * m  Mask value to apply.
  */
-static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p)
+static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p,
+    const sp_digit* b_p, sp_digit m_p)
 {
     register sp_digit* r asm ("r0") = (sp_digit*)r_p;
     register const sp_digit* a asm ("r1") = (const sp_digit*)a_p;
@@ -147386,9 +147496,9 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp
         "adc	%[r], r8, r8\n\t"
         : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m)
         :
-        : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc"
+        : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -147526,7 +147636,7 @@ static void sp_1024_rshift1_32(sp_digit* r_p, const sp_digit* a_p)
         "str	r3, [%[r], #124]\n\t"
         : [r] "+r" (r), [a] "+r" (a)
         :
-        : "memory", "r2", "r3", "r4", "cc"
+        : "memory", "cc", "r2", "r3", "r4"
     );
 }
 
@@ -147847,8 +147957,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -147865,7 +147975,7 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -148039,8 +148149,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -148057,7 +148167,7 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -148398,8 +148508,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -148416,7 +148526,7 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -148626,7 +148736,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -148654,7 +148764,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -148982,7 +149092,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -149010,7 +149120,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -152927,7 +153037,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -152985,7 +153095,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -155919,7 +156029,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -156148,7 +156258,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -156471,7 +156581,8 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -156482,12 +156593,20 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -156541,7 +156660,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_32(t1, p1024_mod);
-        sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
+        sp_1024_cond_sub_32(t1, t1, p1024_mod, (sp_digit)~(n >> 31));
         sp_1024_norm_32(t1);
         if (!sp_1024_iszero_32(t1)) {
             err = MP_VAL;
diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c
index 196146c16..3b9bc251d 100644
--- a/wolfcrypt/src/sp_arm64.c
+++ b/wolfcrypt/src/sp_arm64.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,11 @@
 
 /* Implementation by Sean Parkinson. */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(WOLFSSL_HAVE_SP_ECC)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -67,7 +62,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 63) / 64) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 63) / 64) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -4164,7 +4159,7 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[16], 0, sizeof(sp_digit) * 16U);
         sp_2048_mont_reduce_16(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_16(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0);
         sp_2048_cond_sub_16(r, r, m, mask);
     }
 
@@ -4332,7 +4327,7 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[16], 0, sizeof(sp_digit) * 16U);
         sp_2048_mont_reduce_16(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_16(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0);
         sp_2048_cond_sub_16(r, r, m, mask);
     }
 
@@ -5788,7 +5783,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
@@ -5989,7 +5984,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
@@ -6832,7 +6827,7 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
@@ -13349,7 +13344,7 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[24], 0, sizeof(sp_digit) * 24U);
         sp_3072_mont_reduce_24(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_24(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0);
         sp_3072_cond_sub_24(r, r, m, mask);
     }
 
@@ -13517,7 +13512,7 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[24], 0, sizeof(sp_digit) * 24U);
         sp_3072_mont_reduce_24(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_24(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0);
         sp_3072_cond_sub_24(r, r, m, mask);
     }
 
@@ -15339,7 +15334,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
@@ -15490,7 +15485,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
@@ -16429,7 +16424,7 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
@@ -20446,7 +20441,7 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
@@ -20597,7 +20592,7 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
@@ -21632,7 +21627,7 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
@@ -22103,14 +22098,14 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit*
 
     (void)m;
 
-    a32[0] = a[0] & 0xffffffff;
-    a32[1] = a[0] >> 32;
-    a32[2] = a[1] & 0xffffffff;
-    a32[3] = a[1] >> 32;
-    a32[4] = a[2] & 0xffffffff;
-    a32[5] = a[2] >> 32;
-    a32[6] = a[3] & 0xffffffff;
-    a32[7] = a[3] >> 32;
+    a32[0] = (int64_t)(a[0] & 0xffffffff);
+    a32[1] = (int64_t)(a[0] >> 32);
+    a32[2] = (int64_t)(a[1] & 0xffffffff);
+    a32[3] = (int64_t)(a[1] >> 32);
+    a32[4] = (int64_t)(a[2] & 0xffffffff);
+    a32[5] = (int64_t)(a[2] >> 32);
+    a32[6] = (int64_t)(a[3] & 0xffffffff);
+    a32[7] = (int64_t)(a[3] >> 32);
 
     /*  1  1  0 -1 -1 -1 -1  0 */
     t[0] = 0 + a32[0] + a32[1] - a32[3] - a32[4] - a32[5] - a32[6];
@@ -22160,10 +22155,10 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit*
     t[5] += t[4] >> 32; t[4] &= 0xffffffff;
     t[6] += t[5] >> 32; t[5] &= 0xffffffff;
     t[7] += t[6] >> 32; t[6] &= 0xffffffff;
-    r[0] = (t[1] << 32) | t[0];
-    r[1] = (t[3] << 32) | t[2];
-    r[2] = (t[5] << 32) | t[4];
-    r[3] = (t[7] << 32) | t[6];
+    r[0] = (sp_digit)((t[1] << 32) | t[0]);
+    r[1] = (sp_digit)((t[3] << 32) | t[2]);
+    r[2] = (sp_digit)((t[5] << 32) | t[4]);
+    r[3] = (sp_digit)((t[7] << 32) | t[6]);
 
     return MP_OKAY;
 }
@@ -22738,7 +22733,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_4(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint64_t p256_mod_minus_2[4] = {
+static const word64 p256_mod_minus_2[4] = {
     0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U,
     0xffffffff00000001U
 };
@@ -23044,7 +23039,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_4(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_4(r->x, p256_mod);
-    sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->x, r->x, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->x);
 
     /* y /= z^3 */
@@ -23053,7 +23048,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_4(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_4(r->y, p256_mod);
-    sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->y, r->y, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -24197,13 +24192,13 @@ static void sp_256_proj_point_add_sub_4(sp_point_256* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_256 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_256;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_4_6[66] = {
+static const word8 recode_index_4_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -24212,7 +24207,7 @@ static const uint8_t recode_index_4_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_4_6[66] = {
+static const word8 recode_neg_4_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -24230,7 +24225,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -24239,7 +24234,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -24253,12 +24248,12 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 4) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_4_6[y];
         v[i].neg = recode_neg_4_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -24905,7 +24900,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -24933,7 +24928,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -25335,7 +25330,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -25363,7 +25358,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -27278,7 +27273,7 @@ static int sp_256_ecc_mulmod_base_4(sp_point_256* r, const sp_digit* k,
 #endif /* WC_NO_CACHE_RESISTANT */
 #else
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_4_7[130] = {
+static const word8 recode_index_4_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -27291,7 +27286,7 @@ static const uint8_t recode_index_4_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_4_7[130] = {
+static const word8 recode_neg_4_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -27313,7 +27308,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -27322,7 +27317,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<37; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -27336,12 +27331,12 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 4) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_4_7[y];
         v[i].neg = recode_neg_4_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -39445,7 +39440,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
             p->infinity = !v[i].i;
             sp_256_sub_4(negy, p256_mod, p->y);
             sp_256_norm_4(negy);
-            sp_256_cond_copy_4(p->y, negy, 0 - v[i].neg);
+            sp_256_cond_copy_4(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_256_proj_point_add_qz1_4(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -40519,7 +40514,7 @@ SP_NOINLINE static void sp_256_mont_mul_order_4(sp_digit* r,
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint64_t p256_order_minus_2[4] = {
+static const word64 p256_order_minus_2[4] = {
     0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU,
     0xffffffff00000000U
 };
@@ -43344,18 +43339,18 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
     if (err == MP_OKAY) {
         a32 = t + 12;
 
-        a32[0] = a[0] & 0xffffffff;
-        a32[1] = a[0] >> 32;
-        a32[2] = a[1] & 0xffffffff;
-        a32[3] = a[1] >> 32;
-        a32[4] = a[2] & 0xffffffff;
-        a32[5] = a[2] >> 32;
-        a32[6] = a[3] & 0xffffffff;
-        a32[7] = a[3] >> 32;
-        a32[8] = a[4] & 0xffffffff;
-        a32[9] = a[4] >> 32;
-        a32[10] = a[5] & 0xffffffff;
-        a32[11] = a[5] >> 32;
+        a32[0] = (int64_t)(a[0] & 0xffffffff);
+        a32[1] = (int64_t)(a[0] >> 32);
+        a32[2] = (int64_t)(a[1] & 0xffffffff);
+        a32[3] = (int64_t)(a[1] >> 32);
+        a32[4] = (int64_t)(a[2] & 0xffffffff);
+        a32[5] = (int64_t)(a[2] >> 32);
+        a32[6] = (int64_t)(a[3] & 0xffffffff);
+        a32[7] = (int64_t)(a[3] >> 32);
+        a32[8] = (int64_t)(a[4] & 0xffffffff);
+        a32[9] = (int64_t)(a[4] >> 32);
+        a32[10] = (int64_t)(a[5] & 0xffffffff);
+        a32[11] = (int64_t)(a[5] >> 32);
 
         /*  1  0  0  0  0  0  0  0  1  1  0 -1 */
         t[0] = 0 + a32[0] + a32[8] + a32[9] - a32[11];
@@ -43410,12 +43405,12 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = (t[1] << 32) | t[0];
-        r[1] = (t[3] << 32) | t[2];
-        r[2] = (t[5] << 32) | t[4];
-        r[3] = (t[7] << 32) | t[6];
-        r[4] = (t[9] << 32) | t[8];
-        r[5] = (t[11] << 32) | t[10];
+        r[0] = (sp_digit)((t[1] << 32) | t[0]);
+        r[1] = (sp_digit)((t[3] << 32) | t[2]);
+        r[2] = (sp_digit)((t[5] << 32) | t[4]);
+        r[3] = (sp_digit)((t[7] << 32) | t[6]);
+        r[4] = (sp_digit)((t[9] << 32) | t[8]);
+        r[5] = (sp_digit)((t[11] << 32) | t[10]);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -43944,7 +43939,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_6(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint64_t p384_mod_minus_2[6] = {
+static const word64 p384_mod_minus_2[6] = {
     0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
@@ -44198,7 +44193,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_6(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_6(r->x, p384_mod);
-    sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->x, r->x, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->x);
 
     /* y /= z^3 */
@@ -44207,7 +44202,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_6(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_6(r->y, p384_mod);
-    sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->y, r->y, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -44777,8 +44772,8 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
         sp_384_mont_sub_6(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -44795,7 +44790,7 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -44969,8 +44964,8 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -44987,7 +44982,7 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -45159,13 +45154,13 @@ static void sp_384_proj_point_add_sub_6(sp_point_384* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_384 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_384;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_6_6[66] = {
+static const word8 recode_index_6_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -45174,7 +45169,7 @@ static const uint8_t recode_index_6_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_6_6[66] = {
+static const word8 recode_neg_6_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -45192,7 +45187,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -45201,7 +45196,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -45215,12 +45210,12 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 6) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_6_6[y];
         v[i].neg = recode_neg_6_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -45507,8 +45502,8 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r,
         sp_384_mont_sub_6(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45525,7 +45520,7 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -45831,7 +45826,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -45859,7 +45854,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -46261,7 +46256,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -46289,7 +46284,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -48204,7 +48199,7 @@ static int sp_384_ecc_mulmod_base_6(sp_point_384* r, const sp_digit* k,
 #endif /* WC_NO_CACHE_RESISTANT */
 #else
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_6_7[130] = {
+static const word8 recode_index_6_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -48217,7 +48212,7 @@ static const uint8_t recode_index_6_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_6_7[130] = {
+static const word8 recode_neg_6_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -48239,7 +48234,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -48248,7 +48243,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<55; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -48262,12 +48257,12 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 6) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_6_7[y];
         v[i].neg = recode_neg_6_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -66185,7 +66180,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
             p->infinity = !v[i].i;
             sp_384_sub_6(negy, p384_mod, p->y);
             sp_384_norm_6(negy);
-            sp_384_cond_copy_6(p->y, negy, 0 - v[i].neg);
+            sp_384_cond_copy_6(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_384_proj_point_add_qz1_6(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -67122,13 +67117,13 @@ static void sp_384_mont_mul_order_6(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint64_t p384_order_minus_2[6] = {
+static const word64 p384_order_minus_2[6] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint64_t p384_order_low[3] = {
+static const word64 p384_order_low[3] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -72112,7 +72107,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint64_t p521_mod_minus_2[9] = {
+static const word64 p521_mod_minus_2[9] = {
     0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
@@ -72377,7 +72372,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_9(r->x, p521_mod);
-    sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->x);
 
     /* y /= z^3 */
@@ -72386,7 +72381,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_9(r->y, p521_mod);
-    sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -73134,8 +73129,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
         sp_521_mont_sub_9(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73152,7 +73147,7 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -73326,8 +73321,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73344,7 +73339,7 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -73516,13 +73511,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_521 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_521;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_6[66] = {
+static const word8 recode_index_9_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -73531,7 +73526,7 @@ static const uint8_t recode_index_9_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_6[66] = {
+static const word8 recode_neg_9_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -73549,7 +73544,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -73558,7 +73553,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -73572,12 +73567,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_9_6[y];
         v[i].neg = recode_neg_9_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -73891,8 +73886,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
         sp_521_mont_sub_9(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73909,7 +73904,7 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -74233,7 +74228,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -74261,7 +74256,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -74681,7 +74676,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -74709,7 +74704,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -77260,7 +77255,7 @@ static int sp_521_ecc_mulmod_base_9(sp_point_521* r, const sp_digit* k,
 #endif /* WC_NO_CACHE_RESISTANT */
 #else
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_7[130] = {
+static const word8 recode_index_9_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -77273,7 +77268,7 @@ static const uint8_t recode_index_9_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_7[130] = {
+static const word8 recode_neg_9_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -77295,7 +77290,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -77304,7 +77299,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<75; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -77318,12 +77313,12 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_9_7[y];
         v[i].neg = recode_neg_9_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -111319,7 +111314,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g,
             p->infinity = !v[i].i;
             sp_521_sub_9(negy, p521_mod, p->y);
             sp_521_norm_9(negy);
-            sp_521_cond_copy_9(p->y, negy, 0 - v[i].neg);
+            sp_521_cond_copy_9(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_521_proj_point_add_qz1_9(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -111996,14 +111991,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint64_t p521_order_minus_2[9] = {
+static const word64 p521_order_minus_2[9] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint64_t p521_order_low[5] = {
+static const word64 p521_order_low[5] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU
 };
@@ -113493,7 +113488,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint64_t p521_sqrt_power[9] = {
+static const word64 p521_sqrt_power[9] = {
     0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000080
@@ -116078,7 +116073,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_16(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -116168,7 +116163,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_16(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_16(r->x, p1024_mod);
-    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->x);
 
     /* y /= z^3 */
@@ -116177,7 +116172,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_16(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_16(r->y, p1024_mod);
-    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -117213,8 +117208,8 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
         sp_1024_mont_sub_16(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -117231,7 +117226,7 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -117405,8 +117400,8 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -117423,7 +117418,7 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -117595,13 +117590,13 @@ static void sp_1024_proj_point_add_sub_16(sp_point_1024* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_1024 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_1024;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_16_7[130] = {
+static const word8 recode_index_16_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -117614,7 +117609,7 @@ static const uint8_t recode_index_16_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_16_7[130] = {
+static const word8 recode_neg_16_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -117636,7 +117631,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -117645,7 +117640,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -117659,12 +117654,12 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
         }
         else if (++j < 16) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_16_7[y];
         v[i].neg = recode_neg_16_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -117884,8 +117879,8 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r,
         sp_1024_mont_sub_16(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -117902,7 +117897,7 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -118133,7 +118128,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -118161,7 +118156,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -121840,7 +121835,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -121898,7 +121893,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -124576,7 +124571,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -124805,7 +124800,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -125273,7 +125268,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_16(t1, p1024_mod);
-        sp_1024_cond_sub_16(t1, t1, p1024_mod, ~(n >> 63));
+        sp_1024_cond_sub_16(t1, t1, p1024_mod, (sp_digit)~(n >> 63));
         sp_1024_norm_16(t1);
         if (!sp_1024_iszero_16(t1)) {
             err = MP_VAL;
diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c
index 48831471d..c9471fcb7 100644
--- a/wolfcrypt/src/sp_armthumb.c
+++ b/wolfcrypt/src/sp_armthumb.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,11 @@
 
 /* Implementation by Sean Parkinson. */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(WOLFSSL_HAVE_SP_ECC)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -67,7 +62,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 31) / 32) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -93,7 +88,8 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -104,12 +100,20 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -9528,7 +9532,7 @@ SP_NOINLINE static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -9616,7 +9620,7 @@ SP_NOINLINE static sp_digit sp_2048_add_word_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -9781,7 +9785,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_16(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -9940,7 +9944,7 @@ SP_NOINLINE static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -10155,7 +10159,7 @@ SP_NOINLINE static sp_digit sp_2048_add_word_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -10464,7 +10468,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_32(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -10759,7 +10763,7 @@ SP_NOINLINE static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -11106,7 +11110,7 @@ SP_NOINLINE static sp_digit sp_2048_add_word_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -11703,7 +11707,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_64(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -12270,7 +12274,7 @@ SP_NOINLINE static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -19367,7 +19371,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -19560,7 +19564,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -19889,7 +19893,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -20005,7 +20009,7 @@ SP_NOINLINE static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -20084,7 +20088,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_64(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -20881,7 +20885,7 @@ SP_NOINLINE static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -20954,7 +20958,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_32(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -21925,7 +21929,7 @@ SP_NOINLINE static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_2048_mont_reduce_order_64   sp_2048_mont_reduce_64
@@ -23824,7 +23828,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Compare a with b in constant time.
@@ -23933,7 +23937,7 @@ SP_NOINLINE static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -24134,7 +24138,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
@@ -24302,7 +24306,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
@@ -24397,7 +24401,7 @@ SP_NOINLINE static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_2048_mont_reduce_order_64   sp_2048_mont_reduce_64
@@ -26122,7 +26126,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -26689,7 +26693,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -27306,7 +27310,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -27519,7 +27523,7 @@ SP_NOINLINE static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -27713,7 +27717,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
@@ -27864,7 +27868,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
@@ -28105,7 +28109,7 @@ SP_NOINLINE static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* RSA private key operation.
@@ -30127,7 +30131,7 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
@@ -30275,7 +30279,8 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -30286,12 +30291,20 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -50970,7 +50983,7 @@ SP_NOINLINE static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -51090,7 +51103,7 @@ SP_NOINLINE static sp_digit sp_3072_add_word_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -51327,7 +51340,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_24(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -51554,7 +51567,7 @@ SP_NOINLINE static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -51837,7 +51850,7 @@ SP_NOINLINE static sp_digit sp_3072_add_word_24(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -52290,7 +52303,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_48(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -52721,7 +52734,7 @@ SP_NOINLINE static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -53196,7 +53209,7 @@ SP_NOINLINE static sp_digit sp_3072_add_word_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -54081,7 +54094,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_96(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -54920,7 +54933,7 @@ SP_NOINLINE static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -70307,7 +70320,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -70568,7 +70581,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -71033,7 +71046,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -71149,7 +71162,7 @@ SP_NOINLINE static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -71228,7 +71241,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_96(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -72050,7 +72063,7 @@ SP_NOINLINE static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -72123,7 +72136,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_48(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -73109,7 +73122,7 @@ SP_NOINLINE static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_3072_mont_reduce_order_96   sp_3072_mont_reduce_96
@@ -75280,7 +75293,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Compare a with b in constant time.
@@ -75389,7 +75402,7 @@ SP_NOINLINE static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -75590,7 +75603,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
@@ -75758,7 +75771,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
@@ -75853,7 +75866,7 @@ SP_NOINLINE static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_3072_mont_reduce_order_96   sp_3072_mont_reduce_96
@@ -78132,7 +78145,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -78971,7 +78984,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -79588,7 +79601,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -79806,7 +79819,7 @@ SP_NOINLINE static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -80000,7 +80013,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
@@ -80151,7 +80164,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
@@ -80392,7 +80405,7 @@ SP_NOINLINE static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* RSA private key operation.
@@ -83212,7 +83225,7 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
@@ -83360,7 +83373,8 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -83371,12 +83385,20 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -84040,7 +84062,7 @@ SP_NOINLINE static sp_digit sp_4096_add_word_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -85213,7 +85235,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_in_place_128(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -86324,7 +86346,7 @@ SP_NOINLINE static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Multiply a and b into r. (r = a * b)
@@ -86477,7 +86499,7 @@ SP_NOINLINE static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -86556,7 +86578,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_in_place_128(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -87581,7 +87603,7 @@ SP_NOINLINE static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_4096_mont_reduce_order_128   sp_4096_mont_reduce_128
@@ -90404,7 +90426,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -91515,7 +91537,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -92132,7 +92154,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -92351,7 +92373,7 @@ SP_NOINLINE static sp_int32 sp_4096_cmp_128(const sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -92545,7 +92567,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
@@ -92696,7 +92718,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
@@ -92942,7 +92964,7 @@ SP_NOINLINE static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* RSA private key operation.
@@ -96550,7 +96572,7 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
@@ -97455,7 +97477,7 @@ SP_NOINLINE static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -97547,7 +97569,7 @@ SP_NOINLINE static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -98858,7 +98880,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_minus_2[8] = {
+static const word32 p256_mod_minus_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -99039,7 +99061,7 @@ SP_NOINLINE static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -99108,7 +99130,7 @@ SP_NOINLINE static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Map the Montgomery form projective coordinate point to an affine point.
@@ -99135,7 +99157,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_8(r->x, p256_mod);
-    sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->x, r->x, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->x);
 
     /* y /= z^3 */
@@ -99144,7 +99166,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_8(r->y, p256_mod);
-    sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->y, r->y, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -100590,8 +100612,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
         sp_256_mont_sub_8(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -100608,7 +100630,7 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -100782,8 +100804,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -100800,7 +100822,7 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -100855,7 +100877,7 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
     r->z[6] = 0;
     r->z[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -101253,8 +101275,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
         sp_256_mont_sub_8(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -101271,7 +101293,7 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -101398,7 +101420,7 @@ static void sp_256_get_entry_16_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -101546,7 +101568,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -101574,7 +101596,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -101819,7 +101841,7 @@ static void sp_256_get_entry_256_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -101967,7 +101989,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -101995,7 +102017,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -103895,7 +103917,8 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -103906,12 +103929,20 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -104321,7 +104352,7 @@ SP_NOINLINE static sp_digit sp_256_sub_in_place_8(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -104415,7 +104446,7 @@ SP_NOINLINE static sp_digit sp_256_sub_in_place_8(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -105218,7 +105249,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* AND m into each word of a and store in r.
@@ -105321,7 +105352,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_minus_2[8] = {
+static const word32 p256_order_minus_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
@@ -105933,7 +105964,7 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -106024,7 +106055,7 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -107206,7 +107237,7 @@ static int sp_256_num_bits_8(sp_digit* a)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -109018,7 +109049,7 @@ SP_NOINLINE static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -109144,7 +109175,7 @@ SP_NOINLINE static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -109228,18 +109259,18 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = t[0];
-        r[1] = t[1];
-        r[2] = t[2];
-        r[3] = t[3];
-        r[4] = t[4];
-        r[5] = t[5];
-        r[6] = t[6];
-        r[7] = t[7];
-        r[8] = t[8];
-        r[9] = t[9];
-        r[10] = t[10];
-        r[11] = t[11];
+        r[0] = (sp_digit)t[0];
+        r[1] = (sp_digit)t[1];
+        r[2] = (sp_digit)t[2];
+        r[3] = (sp_digit)t[3];
+        r[4] = (sp_digit)t[4];
+        r[5] = (sp_digit)t[5];
+        r[6] = (sp_digit)t[6];
+        r[7] = (sp_digit)t[7];
+        r[8] = (sp_digit)t[8];
+        r[9] = (sp_digit)t[9];
+        r[10] = (sp_digit)t[10];
+        r[11] = (sp_digit)t[11];
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -109504,7 +109535,7 @@ SP_NOINLINE static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #define sp_384_mont_reduce_order_12   sp_384_mont_reduce_12
@@ -110286,7 +110317,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint32_t p384_mod_minus_2[12] = {
+static const word32 p384_mod_minus_2[12] = {
     0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
@@ -110483,7 +110514,7 @@ SP_NOINLINE static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -110516,7 +110547,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_12(r->x, p384_mod);
-    sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->x, r->x, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->x);
 
     /* y /= z^3 */
@@ -110525,7 +110556,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_12(r->y, p384_mod);
-    sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->y, r->y, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -110645,7 +110676,7 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -110770,7 +110801,7 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -110840,7 +110871,7 @@ SP_NOINLINE static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Subtract two Montgomery form numbers (r = a - b % m).
@@ -111398,8 +111429,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
         sp_384_mont_sub_12(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -111416,7 +111447,7 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -111590,8 +111621,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -111608,7 +111639,7 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -111675,7 +111706,7 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
     r->z[10] = 0;
     r->z[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -112085,8 +112116,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
         sp_384_mont_sub_12(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -112103,7 +112134,7 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -112238,7 +112269,7 @@ static void sp_384_get_entry_16_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -112394,7 +112425,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -112422,7 +112453,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -112675,7 +112706,7 @@ static void sp_384_get_entry_256_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -112831,7 +112862,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -112859,7 +112890,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -114795,7 +114826,8 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -114806,12 +114838,20 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -115221,7 +115261,7 @@ SP_NOINLINE static sp_digit sp_384_sub_in_place_12(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -115351,7 +115391,7 @@ SP_NOINLINE static sp_digit sp_384_sub_in_place_12(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -116154,7 +116194,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* AND m into each word of a and store in r.
@@ -116261,13 +116301,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint32_t p384_order_minus_2[12] = {
+static const word32 p384_order_minus_2[12] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint32_t p384_order_low[6] = {
+static const word32 p384_order_low[6] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -118378,7 +118418,7 @@ static int sp_384_num_bits_12(sp_digit* a)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -120236,7 +120276,7 @@ SP_NOINLINE static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -120406,7 +120446,7 @@ SP_NOINLINE static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -120683,7 +120723,7 @@ SP_NOINLINE static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Reduce the number back to 521 bits using Montgomery reduction.
@@ -122551,7 +122591,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint32_t p521_mod_minus_2[17] = {
+static const word32 p521_mod_minus_2[17] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
@@ -122745,7 +122785,7 @@ SP_NOINLINE static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -122778,7 +122818,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_17(r->x, p521_mod);
-    sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->x, r->x, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->x);
 
     /* y /= z^3 */
@@ -122787,7 +122827,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_17(r->y, p521_mod);
-    sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->y, r->y, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -124328,7 +124368,7 @@ SP_NOINLINE static sp_digit sp_521_cond_add_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Right shift a by 1 bit into r. (r = a >> 1)
@@ -124968,8 +125008,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
         sp_521_mont_sub_17(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -124986,7 +125026,7 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -125160,8 +125200,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -125178,7 +125218,7 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -125260,7 +125300,7 @@ static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table,
     r->z[15] = 0;
     r->z[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -125689,8 +125729,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
         sp_521_mont_sub_17(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -125707,7 +125747,7 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -125852,7 +125892,7 @@ static void sp_521_get_entry_16_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -126018,7 +126058,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -126046,7 +126086,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -126309,7 +126349,7 @@ static void sp_521_get_entry_256_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -126475,7 +126515,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -126503,7 +126543,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -129028,7 +129068,8 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -129039,12 +129080,20 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -131093,7 +131142,7 @@ SP_NOINLINE static sp_digit sp_521_sub_in_place_17(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -131269,7 +131318,7 @@ SP_NOINLINE static sp_digit sp_521_sub_in_place_17(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -132072,7 +132121,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* AND m into each word of a and store in r.
@@ -132186,14 +132235,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint32_t p521_order_minus_2[17] = {
+static const word32 p521_order_minus_2[17] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint32_t p521_order_low[9] = {
+static const word32 p521_order_low[9] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU
 };
@@ -132788,7 +132837,7 @@ SP_NOINLINE static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -132957,7 +133006,7 @@ SP_NOINLINE static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -135289,7 +135338,7 @@ static int sp_521_num_bits_17(sp_digit* a)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -136163,7 +136212,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint32_t p521_sqrt_power[17] = {
+static const word32 p521_sqrt_power[17] = {
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000080
@@ -199361,7 +199410,7 @@ SP_NOINLINE static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -199513,7 +199562,7 @@ SP_NOINLINE static sp_digit sp_1024_add_word_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -199822,7 +199871,7 @@ SP_NOINLINE static sp_digit sp_1024_sub_in_place_32(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -200117,7 +200166,7 @@ SP_NOINLINE static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -200342,7 +200391,7 @@ SP_NOINLINE static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -201213,7 +201262,7 @@ SP_NOINLINE static sp_digit sp_1024_sub_in_place_32(sp_digit* a,
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -201277,7 +201326,7 @@ SP_NOINLINE static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #ifdef WOLFSSL_SP_SMALL
@@ -201351,7 +201400,7 @@ SP_NOINLINE static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -202154,7 +202203,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0,
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 /* AND m into each word of a and store in r.
@@ -202293,7 +202342,7 @@ SP_NOINLINE static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -203744,7 +203793,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -203834,7 +203883,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_32(r->x, p1024_mod);
-    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->x);
 
     /* y /= z^3 */
@@ -203843,7 +203892,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_32(r->y, p1024_mod);
-    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -208907,7 +208956,7 @@ SP_NOINLINE static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a,
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Right shift a by 1 bit into r. (r = a >> 1)
@@ -209838,8 +209887,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -209856,7 +209905,7 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -210030,8 +210079,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -210048,7 +210097,7 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -210389,8 +210438,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -210407,7 +210456,7 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -210617,7 +210666,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -210645,7 +210694,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -210973,7 +211022,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -211001,7 +211050,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -214918,7 +214967,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -214976,7 +215025,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -217910,7 +217959,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -218139,7 +218188,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -218462,7 +218511,8 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -218473,12 +218523,20 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -218532,7 +218590,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_32(t1, p1024_mod);
-        sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
+        sp_1024_cond_sub_32(t1, t1, p1024_mod, (sp_digit)~(n >> 31));
         sp_1024_norm_32(t1);
         if (!sp_1024_iszero_32(t1)) {
             err = MP_VAL;
diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c
index 557ded06d..10d646a81 100644
--- a/wolfcrypt/src/sp_c32.c
+++ b/wolfcrypt/src/sp_c32.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,11 @@
 
 /* Implementation by Sean Parkinson. */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(WOLFSSL_HAVE_SP_ECC)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -71,13 +66,13 @@
 #define SP_PRINT_NUM(var, name, total, words, bits)   \
     do {                                              \
         int ii;                                       \
-        byte nb[(bits + 7) / 8];                      \
+        byte nb[((bits) + 7) / 8];                    \
         sp_digit _s[words];                           \
         XMEMCPY(_s, var, sizeof(_s));                 \
         sp_##total##_norm_##words(_s);                \
         sp_##total##_to_bin_##words(_s, nb);          \
         fprintf(stderr, name "=0x");                  \
-        for (ii=0; ii<(bits + 7) / 8; ii++)           \
+        for (ii=0; ii<((bits) + 7) / 8; ii++)         \
             fprintf(stderr, "%02x", nb[ii]);          \
         fprintf(stderr, "\n");                        \
     } while (0)
@@ -357,29 +352,29 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint64)a[ 0]) * b[ 0];
     t1 = ((sp_uint64)a[ 0]) * b[ 1]
        + ((sp_uint64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[ 2]
        + ((sp_uint64)a[ 1]) * b[ 1]
        + ((sp_uint64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[ 3]
        + ((sp_uint64)a[ 1]) * b[ 2]
        + ((sp_uint64)a[ 2]) * b[ 1]
        + ((sp_uint64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[ 4]
        + ((sp_uint64)a[ 1]) * b[ 3]
        + ((sp_uint64)a[ 2]) * b[ 2]
        + ((sp_uint64)a[ 3]) * b[ 1]
        + ((sp_uint64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[ 5]
        + ((sp_uint64)a[ 1]) * b[ 4]
        + ((sp_uint64)a[ 2]) * b[ 3]
        + ((sp_uint64)a[ 3]) * b[ 2]
        + ((sp_uint64)a[ 4]) * b[ 1]
        + ((sp_uint64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[ 6]
        + ((sp_uint64)a[ 1]) * b[ 5]
        + ((sp_uint64)a[ 2]) * b[ 4]
@@ -387,7 +382,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 4]) * b[ 2]
        + ((sp_uint64)a[ 5]) * b[ 1]
        + ((sp_uint64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[ 7]
        + ((sp_uint64)a[ 1]) * b[ 6]
        + ((sp_uint64)a[ 2]) * b[ 5]
@@ -396,7 +391,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 5]) * b[ 2]
        + ((sp_uint64)a[ 6]) * b[ 1]
        + ((sp_uint64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[ 8]
        + ((sp_uint64)a[ 1]) * b[ 7]
        + ((sp_uint64)a[ 2]) * b[ 6]
@@ -406,7 +401,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 2]
        + ((sp_uint64)a[ 7]) * b[ 1]
        + ((sp_uint64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[ 9]
        + ((sp_uint64)a[ 1]) * b[ 8]
        + ((sp_uint64)a[ 2]) * b[ 7]
@@ -417,7 +412,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 7]) * b[ 2]
        + ((sp_uint64)a[ 8]) * b[ 1]
        + ((sp_uint64)a[ 9]) * b[ 0];
-    t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 0]) * b[10]
        + ((sp_uint64)a[ 1]) * b[ 9]
        + ((sp_uint64)a[ 2]) * b[ 8]
@@ -429,7 +424,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 8]) * b[ 2]
        + ((sp_uint64)a[ 9]) * b[ 1]
        + ((sp_uint64)a[10]) * b[ 0];
-    t[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 0]) * b[11]
        + ((sp_uint64)a[ 1]) * b[10]
        + ((sp_uint64)a[ 2]) * b[ 9]
@@ -442,7 +437,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 2]
        + ((sp_uint64)a[10]) * b[ 1]
        + ((sp_uint64)a[11]) * b[ 0];
-    t[10] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 1]) * b[11]
        + ((sp_uint64)a[ 2]) * b[10]
        + ((sp_uint64)a[ 3]) * b[ 9]
@@ -454,7 +449,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 3]
        + ((sp_uint64)a[10]) * b[ 2]
        + ((sp_uint64)a[11]) * b[ 1];
-    t[11] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 2]) * b[11]
        + ((sp_uint64)a[ 3]) * b[10]
        + ((sp_uint64)a[ 4]) * b[ 9]
@@ -465,7 +460,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 4]
        + ((sp_uint64)a[10]) * b[ 3]
        + ((sp_uint64)a[11]) * b[ 2];
-    r[12] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 3]) * b[11]
        + ((sp_uint64)a[ 4]) * b[10]
        + ((sp_uint64)a[ 5]) * b[ 9]
@@ -475,7 +470,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 5]
        + ((sp_uint64)a[10]) * b[ 4]
        + ((sp_uint64)a[11]) * b[ 3];
-    r[13] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 4]) * b[11]
        + ((sp_uint64)a[ 5]) * b[10]
        + ((sp_uint64)a[ 6]) * b[ 9]
@@ -484,7 +479,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 6]
        + ((sp_uint64)a[10]) * b[ 5]
        + ((sp_uint64)a[11]) * b[ 4];
-    r[14] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 5]) * b[11]
        + ((sp_uint64)a[ 6]) * b[10]
        + ((sp_uint64)a[ 7]) * b[ 9]
@@ -492,35 +487,35 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 7]
        + ((sp_uint64)a[10]) * b[ 6]
        + ((sp_uint64)a[11]) * b[ 5];
-    r[15] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 6]) * b[11]
        + ((sp_uint64)a[ 7]) * b[10]
        + ((sp_uint64)a[ 8]) * b[ 9]
        + ((sp_uint64)a[ 9]) * b[ 8]
        + ((sp_uint64)a[10]) * b[ 7]
        + ((sp_uint64)a[11]) * b[ 6];
-    r[16] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[16] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 7]) * b[11]
        + ((sp_uint64)a[ 8]) * b[10]
        + ((sp_uint64)a[ 9]) * b[ 9]
        + ((sp_uint64)a[10]) * b[ 8]
        + ((sp_uint64)a[11]) * b[ 7];
-    r[17] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[17] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[ 8]) * b[11]
        + ((sp_uint64)a[ 9]) * b[10]
        + ((sp_uint64)a[10]) * b[ 9]
        + ((sp_uint64)a[11]) * b[ 8];
-    r[18] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[18] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[ 9]) * b[11]
        + ((sp_uint64)a[10]) * b[10]
        + ((sp_uint64)a[11]) * b[ 9];
-    r[19] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[19] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_uint64)a[10]) * b[11]
        + ((sp_uint64)a[11]) * b[10];
-    r[20] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[20] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_uint64)a[11]) * b[11];
-    r[21] = t1 & 0x1fffffff; t0 += t1 >> 29;
-    r[22] = t0 & 0x1fffffff;
+    r[21] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
+    r[22] = (sp_digit)(t0 & 0x1fffffff);
     r[23] = (sp_digit)(t0 >> 29);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -874,105 +869,105 @@ SP_NOINLINE static void sp_2048_sqr_12(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint64)a[ 0]) * a[ 0];
     t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[ 3]
        +  ((sp_uint64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[ 4]
        +  ((sp_uint64)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[ 5]
        +  ((sp_uint64)a[ 1]) * a[ 4]
        +  ((sp_uint64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[ 6]
        +  ((sp_uint64)a[ 1]) * a[ 5]
        +  ((sp_uint64)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[ 7]
        +  ((sp_uint64)a[ 1]) * a[ 6]
        +  ((sp_uint64)a[ 2]) * a[ 5]
        +  ((sp_uint64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[ 8]
        +  ((sp_uint64)a[ 1]) * a[ 7]
        +  ((sp_uint64)a[ 2]) * a[ 6]
        +  ((sp_uint64)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[ 9]
        +  ((sp_uint64)a[ 1]) * a[ 8]
        +  ((sp_uint64)a[ 2]) * a[ 7]
        +  ((sp_uint64)a[ 3]) * a[ 6]
        +  ((sp_uint64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 0]) * a[10]
        +  ((sp_uint64)a[ 1]) * a[ 9]
        +  ((sp_uint64)a[ 2]) * a[ 8]
        +  ((sp_uint64)a[ 3]) * a[ 7]
        +  ((sp_uint64)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint64)a[ 5]) * a[ 5];
-    t[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 0]) * a[11]
        +  ((sp_uint64)a[ 1]) * a[10]
        +  ((sp_uint64)a[ 2]) * a[ 9]
        +  ((sp_uint64)a[ 3]) * a[ 8]
        +  ((sp_uint64)a[ 4]) * a[ 7]
        +  ((sp_uint64)a[ 5]) * a[ 6]) * 2;
-    t[10] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 1]) * a[11]
        +  ((sp_uint64)a[ 2]) * a[10]
        +  ((sp_uint64)a[ 3]) * a[ 9]
        +  ((sp_uint64)a[ 4]) * a[ 8]
        +  ((sp_uint64)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint64)a[ 6]) * a[ 6];
-    t[11] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 2]) * a[11]
        +  ((sp_uint64)a[ 3]) * a[10]
        +  ((sp_uint64)a[ 4]) * a[ 9]
        +  ((sp_uint64)a[ 5]) * a[ 8]
        +  ((sp_uint64)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 3]) * a[11]
        +  ((sp_uint64)a[ 4]) * a[10]
        +  ((sp_uint64)a[ 5]) * a[ 9]
        +  ((sp_uint64)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint64)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 4]) * a[11]
        +  ((sp_uint64)a[ 5]) * a[10]
        +  ((sp_uint64)a[ 6]) * a[ 9]
        +  ((sp_uint64)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 5]) * a[11]
        +  ((sp_uint64)a[ 6]) * a[10]
        +  ((sp_uint64)a[ 7]) * a[ 9]) * 2
        +  ((sp_uint64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 6]) * a[11]
        +  ((sp_uint64)a[ 7]) * a[10]
        +  ((sp_uint64)a[ 8]) * a[ 9]) * 2;
-    r[16] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[16] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 7]) * a[11]
        +  ((sp_uint64)a[ 8]) * a[10]) * 2
        +  ((sp_uint64)a[ 9]) * a[ 9];
-    r[17] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[17] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[ 8]) * a[11]
        +  ((sp_uint64)a[ 9]) * a[10]) * 2;
-    r[18] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[18] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_uint64)a[ 9]) * a[11]) * 2
        +  ((sp_uint64)a[10]) * a[10];
-    r[19] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[19] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_uint64)a[10]) * a[11]) * 2;
-    r[20] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[20] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 =  ((sp_uint64)a[11]) * a[11];
-    r[21] = t1 & 0x1fffffff; t0 += t1 >> 29;
-    r[22] = t0 & 0x1fffffff;
+    r[21] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
+    r[22] = (sp_digit)(t0 & 0x1fffffff);
     r[23] = (sp_digit)(t0 >> 29);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -1626,26 +1621,26 @@ SP_NOINLINE static void sp_2048_mul_add_36(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[32]) + r[32];
     t[1]  = (tb * a[33]) + r[33];
     t[2]  = (tb * a[34]) + r[34];
     t[3]  = (tb * a[35]) + r[35];
-    r[32] = t[0] & 0x1fffffff;
+    r[32] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[33] = t[1] & 0x1fffffff;
+    r[33] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[34] = t[2] & 0x1fffffff;
+    r[34] = (sp_digit)(t[2] & 0x1fffffff);
     t[3] += t[2] >> 29;
-    r[35] = t[3] & 0x1fffffff;
+    r[35] = (sp_digit)(t[3] & 0x1fffffff);
     r[36] +=  (sp_digit)(t[3] >> 29);
 #else
     sp_int64 tb = b;
@@ -1662,34 +1657,34 @@ SP_NOINLINE static void sp_2048_mul_add_36(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[4] += t[3] >> 29;
-        r[i+4] = t[4] & 0x1fffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x1fffffff);
         t[5] += t[4] >> 29;
-        r[i+5] = t[5] & 0x1fffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x1fffffff);
         t[6] += t[5] >> 29;
-        r[i+6] = t[6] & 0x1fffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x1fffffff);
         t[7] += t[6] >> 29;
-        r[i+7] = t[7] & 0x1fffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x1fffffff);
         t[0]  = t[7] >> 29;
     }
     t[0] += (tb * a[32]) + r[32];
     t[1]  = (tb * a[33]) + r[33];
     t[2]  = (tb * a[34]) + r[34];
     t[3]  = (tb * a[35]) + r[35];
-    r[32] = t[0] & 0x1fffffff;
+    r[32] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[33] = t[1] & 0x1fffffff;
+    r[33] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[34] = t[2] & 0x1fffffff;
+    r[34] = (sp_digit)(t[2] & 0x1fffffff);
     t[3] += t[2] >> 29;
-    r[35] = t[3] & 0x1fffffff;
+    r[35] = (sp_digit)(t[3] & 0x1fffffff);
     r[36] +=  (sp_digit)(t[3] >> 29);
 #endif /* WOLFSSL_SP_SMALL */
 #endif /* !WOLFSSL_SP_LARGE_CODE */
@@ -1708,7 +1703,7 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[36]) << 20;
 
     for (i = 0; i < 35; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[37 + i]) << 20;
     }
@@ -1718,26 +1713,26 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[35] >> 9;
     n += ((sp_int64)a[36]) << 20;
     for (i = 0; i < 32; i += 8) {
-        r[i + 0] = n & 0x1fffffff;
+        r[i + 0] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 37]) << 20;
-        r[i + 1] = n & 0x1fffffff;
+        r[i + 1] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 38]) << 20;
-        r[i + 2] = n & 0x1fffffff;
+        r[i + 2] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 39]) << 20;
-        r[i + 3] = n & 0x1fffffff;
+        r[i + 3] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 40]) << 20;
-        r[i + 4] = n & 0x1fffffff;
+        r[i + 4] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 41]) << 20;
-        r[i + 5] = n & 0x1fffffff;
+        r[i + 5] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 42]) << 20;
-        r[i + 6] = n & 0x1fffffff;
+        r[i + 6] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 43]) << 20;
-        r[i + 7] = n & 0x1fffffff;
+        r[i + 7] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 44]) << 20;
     }
-    r[32] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[69]) << 20;
-    r[33] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[70]) << 20;
-    r[34] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[71]) << 20;
+    r[32] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[69]) << 20;
+    r[33] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[70]) << 20;
+    r[34] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[71]) << 20;
     r[35] = (sp_digit)n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[36], 0, sizeof(*r) * 36U);
@@ -1758,11 +1753,11 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_2048_norm_36(a + 36);
 
     for (i=0; i<35; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_2048_mul_add_36(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffL);
     sp_2048_mul_add_36(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -1913,22 +1908,22 @@ SP_NOINLINE static void sp_2048_rshift_36(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<35; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
 #else
     for (i=0; i<32; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff);
     }
-    r[32] = (a[32] >> n) | ((a[33] << (29 - n)) & 0x1fffffff);
-    r[33] = (a[33] >> n) | ((a[34] << (29 - n)) & 0x1fffffff);
-    r[34] = (a[34] >> n) | ((a[35] << (29 - n)) & 0x1fffffff);
+    r[32] = (a[32] >> n) | (sp_digit)((a[33] << (29 - n)) & 0x1fffffff);
+    r[33] = (a[33] >> n) | (sp_digit)((a[34] << (29 - n)) & 0x1fffffff);
+    r[34] = (a[34] >> n) | (sp_digit)((a[35] << (29 - n)) & 0x1fffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[35] = a[35] >> n;
 }
@@ -2217,7 +2212,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(t[0], m, mp);
         n = sp_2048_cmp_36(t[0], m);
-        sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 31));
+        sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
 
     }
@@ -2307,7 +2302,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(t[0], m, mp);
         n = sp_2048_cmp_36(t[0], m);
-        sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 31));
+        sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
     }
 
@@ -2452,7 +2447,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(rt, m, mp);
         n = sp_2048_cmp_36(rt, m);
-        sp_2048_cond_sub_36(rt, rt, m, ~(n >> 31));
+        sp_2048_cond_sub_36(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 72);
     }
 
@@ -2611,26 +2606,26 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[68]) + r[68];
     t[1]  = (tb * a[69]) + r[69];
     t[2]  = (tb * a[70]) + r[70];
     t[3]  = (tb * a[71]) + r[71];
-    r[68] = t[0] & 0x1fffffff;
+    r[68] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[69] = t[1] & 0x1fffffff;
+    r[69] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[70] = t[2] & 0x1fffffff;
+    r[70] = (sp_digit)(t[2] & 0x1fffffff);
     t[3] += t[2] >> 29;
-    r[71] = t[3] & 0x1fffffff;
+    r[71] = (sp_digit)(t[3] & 0x1fffffff);
     r[72] +=  (sp_digit)(t[3] >> 29);
 #else
     sp_int64 tb = b;
@@ -2647,21 +2642,21 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[4] += t[3] >> 29;
-        r[i+4] = t[4] & 0x1fffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x1fffffff);
         t[5] += t[4] >> 29;
-        r[i+5] = t[5] & 0x1fffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x1fffffff);
         t[6] += t[5] >> 29;
-        r[i+6] = t[6] & 0x1fffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x1fffffff);
         t[7] += t[6] >> 29;
-        r[i+7] = t[7] & 0x1fffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x1fffffff);
         t[0]  = t[7] >> 29;
     }
     t[0] += (tb * a[64]) + r[64];
@@ -2672,21 +2667,21 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a,
     t[5]  = (tb * a[69]) + r[69];
     t[6]  = (tb * a[70]) + r[70];
     t[7]  = (tb * a[71]) + r[71];
-    r[64] = t[0] & 0x1fffffff;
+    r[64] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[65] = t[1] & 0x1fffffff;
+    r[65] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[66] = t[2] & 0x1fffffff;
+    r[66] = (sp_digit)(t[2] & 0x1fffffff);
     t[3] += t[2] >> 29;
-    r[67] = t[3] & 0x1fffffff;
+    r[67] = (sp_digit)(t[3] & 0x1fffffff);
     t[4] += t[3] >> 29;
-    r[68] = t[4] & 0x1fffffff;
+    r[68] = (sp_digit)(t[4] & 0x1fffffff);
     t[5] += t[4] >> 29;
-    r[69] = t[5] & 0x1fffffff;
+    r[69] = (sp_digit)(t[5] & 0x1fffffff);
     t[6] += t[5] >> 29;
-    r[70] = t[6] & 0x1fffffff;
+    r[70] = (sp_digit)(t[6] & 0x1fffffff);
     t[7] += t[6] >> 29;
-    r[71] = t[7] & 0x1fffffff;
+    r[71] = (sp_digit)(t[7] & 0x1fffffff);
     r[72] +=  (sp_digit)(t[7] >> 29);
 #endif /* WOLFSSL_SP_SMALL */
 #endif /* !WOLFSSL_SP_LARGE_CODE */
@@ -2705,7 +2700,7 @@ static void sp_2048_mont_shift_72(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[71]) << 11;
 
     for (i = 0; i < 70; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[72 + i]) << 11;
     }
@@ -2715,29 +2710,29 @@ static void sp_2048_mont_shift_72(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[70] >> 18;
     n += ((sp_int64)a[71]) << 11;
     for (i = 0; i < 64; i += 8) {
-        r[i + 0] = n & 0x1fffffff;
+        r[i + 0] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 72]) << 11;
-        r[i + 1] = n & 0x1fffffff;
+        r[i + 1] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 73]) << 11;
-        r[i + 2] = n & 0x1fffffff;
+        r[i + 2] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 74]) << 11;
-        r[i + 3] = n & 0x1fffffff;
+        r[i + 3] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 75]) << 11;
-        r[i + 4] = n & 0x1fffffff;
+        r[i + 4] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 76]) << 11;
-        r[i + 5] = n & 0x1fffffff;
+        r[i + 5] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 77]) << 11;
-        r[i + 6] = n & 0x1fffffff;
+        r[i + 6] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 78]) << 11;
-        r[i + 7] = n & 0x1fffffff;
+        r[i + 7] = (sp_digit)(n & 0x1fffffff);
         n >>= 29; n += ((sp_int64)a[i + 79]) << 11;
     }
-    r[64] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[136]) << 11;
-    r[65] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[137]) << 11;
-    r[66] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[138]) << 11;
-    r[67] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[139]) << 11;
-    r[68] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[140]) << 11;
-    r[69] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[141]) << 11;
+    r[64] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[136]) << 11;
+    r[65] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[137]) << 11;
+    r[66] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[138]) << 11;
+    r[67] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[139]) << 11;
+    r[68] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[140]) << 11;
+    r[69] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[141]) << 11;
     r[70] = (sp_digit)n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[71], 0, sizeof(*r) * 71U);
@@ -2760,33 +2755,33 @@ static void sp_2048_mont_reduce_72(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<70; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
             sp_2048_mul_add_72(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL);
         sp_2048_mul_add_72(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
     else {
         for (i=0; i<70; i++) {
-            mu = a[i] & 0x1fffffff;
+            mu = (sp_digit)(a[i] & 0x1fffffff);
             sp_2048_mul_add_72(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = a[i] & 0x3ffffL;
+        mu = (sp_digit)(a[i] & 0x3ffffL);
         sp_2048_mul_add_72(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
 #else
     for (i=0; i<70; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_2048_mul_add_72(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL);
     sp_2048_mul_add_72(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -2967,26 +2962,26 @@ SP_NOINLINE static void sp_2048_rshift_72(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<71; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
 #else
     for (i=0; i<64; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff);
     }
-    r[64] = (a[64] >> n) | ((a[65] << (29 - n)) & 0x1fffffff);
-    r[65] = (a[65] >> n) | ((a[66] << (29 - n)) & 0x1fffffff);
-    r[66] = (a[66] >> n) | ((a[67] << (29 - n)) & 0x1fffffff);
-    r[67] = (a[67] >> n) | ((a[68] << (29 - n)) & 0x1fffffff);
-    r[68] = (a[68] >> n) | ((a[69] << (29 - n)) & 0x1fffffff);
-    r[69] = (a[69] >> n) | ((a[70] << (29 - n)) & 0x1fffffff);
-    r[70] = (a[70] >> n) | ((a[71] << (29 - n)) & 0x1fffffff);
+    r[64] = (a[64] >> n) | (sp_digit)((a[65] << (29 - n)) & 0x1fffffff);
+    r[65] = (a[65] >> n) | (sp_digit)((a[66] << (29 - n)) & 0x1fffffff);
+    r[66] = (a[66] >> n) | (sp_digit)((a[67] << (29 - n)) & 0x1fffffff);
+    r[67] = (a[67] >> n) | (sp_digit)((a[68] << (29 - n)) & 0x1fffffff);
+    r[68] = (a[68] >> n) | (sp_digit)((a[69] << (29 - n)) & 0x1fffffff);
+    r[69] = (a[69] >> n) | (sp_digit)((a[70] << (29 - n)) & 0x1fffffff);
+    r[70] = (a[70] >> n) | (sp_digit)((a[71] << (29 - n)) & 0x1fffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[71] = a[71] >> n;
 }
@@ -3278,7 +3273,7 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_72(t[0], m, mp);
         n = sp_2048_cmp_72(t[0], m);
-        sp_2048_cond_sub_72(t[0], t[0], m, ~(n >> 31));
+        sp_2048_cond_sub_72(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 72 * 2);
 
     }
@@ -3368,7 +3363,7 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_72(t[0], m, mp);
         n = sp_2048_cmp_72(t[0], m);
-        sp_2048_cond_sub_72(t[0], t[0], m, ~(n >> 31));
+        sp_2048_cond_sub_72(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 72 * 2);
     }
 
@@ -3496,7 +3491,7 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_72(rt, m, mp);
         n = sp_2048_cmp_72(rt, m);
-        sp_2048_cond_sub_72(rt, rt, m, ~(n >> 31));
+        sp_2048_cond_sub_72(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 144);
     }
 
@@ -4340,7 +4335,7 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a,
 
     r[72] = a[71] >> (29 - n);
     for (i=71; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff);
     }
 #else
     sp_int_digit s;
@@ -4349,149 +4344,149 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[71];
     r[72] = s >> (29U - n);
     s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]);
-    r[71] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[71] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]);
-    r[70] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[70] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]);
-    r[69] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[69] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]);
-    r[68] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[68] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]);
-    r[67] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[67] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]);
-    r[66] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[66] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]);
-    r[65] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[65] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]);
-    r[64] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[64] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]);
-    r[63] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[63] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]);
-    r[62] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[62] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]);
-    r[61] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[61] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]);
-    r[60] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[60] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]);
-    r[59] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[59] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]);
-    r[58] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[58] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]);
-    r[57] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[57] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]);
-    r[56] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[56] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]);
-    r[55] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[55] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]);
-    r[54] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[54] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[53] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[52] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[51] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[50] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[49] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[48] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[47] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[46] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[45] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[44] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[43] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[42] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[41] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[40] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[39] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[38] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[37] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[36] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[35] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[34] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[33] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[32] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[31] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[30] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x1fffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -4601,7 +4596,7 @@ static int sp_2048_mod_exp_2_72(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_2048_mont_reduce_72(r, m, mp);
         n = sp_2048_cmp_72(r, m);
-        sp_2048_cond_sub_72(r, r, m, ~(n >> 31));
+        sp_2048_cond_sub_72(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -5324,17 +5319,17 @@ SP_NOINLINE static void sp_3072_mul_add_53(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[52]) + r[52];
-    r[52] = t[0] & 0x1fffffff;
+    r[52] = (sp_digit)(t[0] & 0x1fffffff);
     r[53] +=  (sp_digit)(t[0] >> 29);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -5351,7 +5346,7 @@ static void sp_3072_mont_shift_53(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[53]) << 1;
 
     for (i = 0; i < 52; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[54 + i]) << 1;
     }
@@ -5374,11 +5369,11 @@ static void sp_3072_mont_reduce_53(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_3072_norm_53(a + 53);
 
     for (i=0; i<52; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_3072_mul_add_53(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffffL);
     sp_3072_mul_add_53(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -5602,7 +5597,7 @@ SP_NOINLINE static void sp_3072_rshift_53(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<52; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
     r[52] = a[52] >> n;
 }
@@ -5891,7 +5886,7 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_53(t[0], m, mp);
         n = sp_3072_cmp_53(t[0], m);
-        sp_3072_cond_sub_53(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_53(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 53 * 2);
 
     }
@@ -5981,7 +5976,7 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_53(t[0], m, mp);
         n = sp_3072_cmp_53(t[0], m);
-        sp_3072_cond_sub_53(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_53(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 53 * 2);
     }
 
@@ -6126,7 +6121,7 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_53(rt, m, mp);
         n = sp_3072_cmp_53(rt, m);
-        sp_3072_cond_sub_53(rt, rt, m, ~(n >> 31));
+        sp_3072_cond_sub_53(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 106);
     }
 
@@ -6250,20 +6245,20 @@ SP_NOINLINE static void sp_3072_mul_add_106(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[104]) + r[104];
     t[1]  = (tb * a[105]) + r[105];
-    r[104] = t[0] & 0x1fffffff;
+    r[104] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[105] = t[1] & 0x1fffffff;
+    r[105] = (sp_digit)(t[1] & 0x1fffffff);
     r[106] +=  (sp_digit)(t[1] >> 29);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -6280,7 +6275,7 @@ static void sp_3072_mont_shift_106(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[106]) << 2;
 
     for (i = 0; i < 105; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[107 + i]) << 2;
     }
@@ -6305,33 +6300,33 @@ static void sp_3072_mont_reduce_106(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<105; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
             sp_3072_mul_add_106(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL);
         sp_3072_mul_add_106(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
     else {
         for (i=0; i<105; i++) {
-            mu = a[i] & 0x1fffffff;
+            mu = (sp_digit)(a[i] & 0x1fffffff);
             sp_3072_mul_add_106(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = a[i] & 0x7ffffffL;
+        mu = (sp_digit)(a[i] & 0x7ffffffL);
         sp_3072_mul_add_106(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
 #else
     for (i=0; i<105; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_3072_mul_add_106(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL);
     sp_3072_mul_add_106(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -6437,7 +6432,7 @@ SP_NOINLINE static void sp_3072_rshift_106(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<105; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
     r[105] = a[105] >> n;
 }
@@ -6727,7 +6722,7 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_106(t[0], m, mp);
         n = sp_3072_cmp_106(t[0], m);
-        sp_3072_cond_sub_106(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_106(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 106 * 2);
 
     }
@@ -6817,7 +6812,7 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_106(t[0], m, mp);
         n = sp_3072_cmp_106(t[0], m);
-        sp_3072_cond_sub_106(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_106(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 106 * 2);
     }
 
@@ -6945,7 +6940,7 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_106(rt, m, mp);
         n = sp_3072_cmp_106(rt, m);
-        sp_3072_cond_sub_106(rt, rt, m, ~(n >> 31));
+        sp_3072_cond_sub_106(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 212);
     }
 
@@ -7786,9 +7781,9 @@ SP_NOINLINE static void sp_3072_lshift_106(sp_digit* r, const sp_digit* a,
 
     r[106] = a[105] >> (29 - n);
     for (i=105; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff);
     }
-    r[0] = (a[0] << n) & 0x1fffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -7898,7 +7893,7 @@ static int sp_3072_mod_exp_2_106(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_3072_mont_reduce_106(r, m, mp);
         n = sp_3072_cmp_106(r, m);
-        sp_3072_cond_sub_106(r, r, m, ~(n >> 31));
+        sp_3072_cond_sub_106(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -8438,29 +8433,29 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint64)a[ 0]) * b[ 0];
     t1 = ((sp_uint64)a[ 0]) * b[ 1]
        + ((sp_uint64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 0] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[ 2]
        + ((sp_uint64)a[ 1]) * b[ 1]
        + ((sp_uint64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 1] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[ 3]
        + ((sp_uint64)a[ 1]) * b[ 2]
        + ((sp_uint64)a[ 2]) * b[ 1]
        + ((sp_uint64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 2] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[ 4]
        + ((sp_uint64)a[ 1]) * b[ 3]
        + ((sp_uint64)a[ 2]) * b[ 2]
        + ((sp_uint64)a[ 3]) * b[ 1]
        + ((sp_uint64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 3] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[ 5]
        + ((sp_uint64)a[ 1]) * b[ 4]
        + ((sp_uint64)a[ 2]) * b[ 3]
        + ((sp_uint64)a[ 3]) * b[ 2]
        + ((sp_uint64)a[ 4]) * b[ 1]
        + ((sp_uint64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 4] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[ 6]
        + ((sp_uint64)a[ 1]) * b[ 5]
        + ((sp_uint64)a[ 2]) * b[ 4]
@@ -8468,7 +8463,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 4]) * b[ 2]
        + ((sp_uint64)a[ 5]) * b[ 1]
        + ((sp_uint64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 5] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[ 7]
        + ((sp_uint64)a[ 1]) * b[ 6]
        + ((sp_uint64)a[ 2]) * b[ 5]
@@ -8477,7 +8472,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 5]) * b[ 2]
        + ((sp_uint64)a[ 6]) * b[ 1]
        + ((sp_uint64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 6] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[ 8]
        + ((sp_uint64)a[ 1]) * b[ 7]
        + ((sp_uint64)a[ 2]) * b[ 6]
@@ -8487,7 +8482,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 2]
        + ((sp_uint64)a[ 7]) * b[ 1]
        + ((sp_uint64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 7] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[ 9]
        + ((sp_uint64)a[ 1]) * b[ 8]
        + ((sp_uint64)a[ 2]) * b[ 7]
@@ -8498,7 +8493,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 7]) * b[ 2]
        + ((sp_uint64)a[ 8]) * b[ 1]
        + ((sp_uint64)a[ 9]) * b[ 0];
-    t[ 8] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 8] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[10]
        + ((sp_uint64)a[ 1]) * b[ 9]
        + ((sp_uint64)a[ 2]) * b[ 8]
@@ -8510,7 +8505,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 8]) * b[ 2]
        + ((sp_uint64)a[ 9]) * b[ 1]
        + ((sp_uint64)a[10]) * b[ 0];
-    t[ 9] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 9] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[11]
        + ((sp_uint64)a[ 1]) * b[10]
        + ((sp_uint64)a[ 2]) * b[ 9]
@@ -8523,7 +8518,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 9]) * b[ 2]
        + ((sp_uint64)a[10]) * b[ 1]
        + ((sp_uint64)a[11]) * b[ 0];
-    t[10] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[10] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 0]) * b[12]
        + ((sp_uint64)a[ 1]) * b[11]
        + ((sp_uint64)a[ 2]) * b[10]
@@ -8537,7 +8532,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[10]) * b[ 2]
        + ((sp_uint64)a[11]) * b[ 1]
        + ((sp_uint64)a[12]) * b[ 0];
-    t[11] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[11] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 0]) * b[13]
        + ((sp_uint64)a[ 1]) * b[12]
        + ((sp_uint64)a[ 2]) * b[11]
@@ -8552,7 +8547,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 2]
        + ((sp_uint64)a[12]) * b[ 1]
        + ((sp_uint64)a[13]) * b[ 0];
-    t[12] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[12] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 1]) * b[13]
        + ((sp_uint64)a[ 2]) * b[12]
        + ((sp_uint64)a[ 3]) * b[11]
@@ -8566,7 +8561,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 3]
        + ((sp_uint64)a[12]) * b[ 2]
        + ((sp_uint64)a[13]) * b[ 1];
-    t[13] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[13] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 2]) * b[13]
        + ((sp_uint64)a[ 3]) * b[12]
        + ((sp_uint64)a[ 4]) * b[11]
@@ -8579,7 +8574,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 4]
        + ((sp_uint64)a[12]) * b[ 3]
        + ((sp_uint64)a[13]) * b[ 2];
-    r[14] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[14] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 3]) * b[13]
        + ((sp_uint64)a[ 4]) * b[12]
        + ((sp_uint64)a[ 5]) * b[11]
@@ -8591,7 +8586,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 5]
        + ((sp_uint64)a[12]) * b[ 4]
        + ((sp_uint64)a[13]) * b[ 3];
-    r[15] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[15] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 4]) * b[13]
        + ((sp_uint64)a[ 5]) * b[12]
        + ((sp_uint64)a[ 6]) * b[11]
@@ -8602,7 +8597,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 6]
        + ((sp_uint64)a[12]) * b[ 5]
        + ((sp_uint64)a[13]) * b[ 4];
-    r[16] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[16] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 5]) * b[13]
        + ((sp_uint64)a[ 6]) * b[12]
        + ((sp_uint64)a[ 7]) * b[11]
@@ -8612,7 +8607,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 7]
        + ((sp_uint64)a[12]) * b[ 6]
        + ((sp_uint64)a[13]) * b[ 5];
-    r[17] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[17] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 6]) * b[13]
        + ((sp_uint64)a[ 7]) * b[12]
        + ((sp_uint64)a[ 8]) * b[11]
@@ -8621,7 +8616,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 8]
        + ((sp_uint64)a[12]) * b[ 7]
        + ((sp_uint64)a[13]) * b[ 6];
-    r[18] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[18] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 7]) * b[13]
        + ((sp_uint64)a[ 8]) * b[12]
        + ((sp_uint64)a[ 9]) * b[11]
@@ -8629,35 +8624,35 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[11]) * b[ 9]
        + ((sp_uint64)a[12]) * b[ 8]
        + ((sp_uint64)a[13]) * b[ 7];
-    r[19] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[19] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[ 8]) * b[13]
        + ((sp_uint64)a[ 9]) * b[12]
        + ((sp_uint64)a[10]) * b[11]
        + ((sp_uint64)a[11]) * b[10]
        + ((sp_uint64)a[12]) * b[ 9]
        + ((sp_uint64)a[13]) * b[ 8];
-    r[20] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[20] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[ 9]) * b[13]
        + ((sp_uint64)a[10]) * b[12]
        + ((sp_uint64)a[11]) * b[11]
        + ((sp_uint64)a[12]) * b[10]
        + ((sp_uint64)a[13]) * b[ 9];
-    r[21] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[21] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[10]) * b[13]
        + ((sp_uint64)a[11]) * b[12]
        + ((sp_uint64)a[12]) * b[11]
        + ((sp_uint64)a[13]) * b[10];
-    r[22] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[22] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[11]) * b[13]
        + ((sp_uint64)a[12]) * b[12]
        + ((sp_uint64)a[13]) * b[11];
-    r[23] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[23] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = ((sp_uint64)a[12]) * b[13]
        + ((sp_uint64)a[13]) * b[12];
-    r[24] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[24] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = ((sp_uint64)a[13]) * b[13];
-    r[25] = t1 & 0xfffffff; t0 += t1 >> 28;
-    r[26] = t0 & 0xfffffff;
+    r[25] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
+    r[26] = (sp_digit)(t0 & 0xfffffff);
     r[27] = (sp_digit)(t0 >> 28);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -9010,57 +9005,57 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint64)a[ 0]) * a[ 0];
     t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 0] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 1] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[ 3]
        +  ((sp_uint64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 2] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[ 4]
        +  ((sp_uint64)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 3] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[ 5]
        +  ((sp_uint64)a[ 1]) * a[ 4]
        +  ((sp_uint64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 4] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[ 6]
        +  ((sp_uint64)a[ 1]) * a[ 5]
        +  ((sp_uint64)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 5] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[ 7]
        +  ((sp_uint64)a[ 1]) * a[ 6]
        +  ((sp_uint64)a[ 2]) * a[ 5]
        +  ((sp_uint64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 6] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[ 8]
        +  ((sp_uint64)a[ 1]) * a[ 7]
        +  ((sp_uint64)a[ 2]) * a[ 6]
        +  ((sp_uint64)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 7] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[ 9]
        +  ((sp_uint64)a[ 1]) * a[ 8]
        +  ((sp_uint64)a[ 2]) * a[ 7]
        +  ((sp_uint64)a[ 3]) * a[ 6]
        +  ((sp_uint64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[ 8] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[10]
        +  ((sp_uint64)a[ 1]) * a[ 9]
        +  ((sp_uint64)a[ 2]) * a[ 8]
        +  ((sp_uint64)a[ 3]) * a[ 7]
        +  ((sp_uint64)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint64)a[ 5]) * a[ 5];
-    t[ 9] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[ 9] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[11]
        +  ((sp_uint64)a[ 1]) * a[10]
        +  ((sp_uint64)a[ 2]) * a[ 9]
        +  ((sp_uint64)a[ 3]) * a[ 8]
        +  ((sp_uint64)a[ 4]) * a[ 7]
        +  ((sp_uint64)a[ 5]) * a[ 6]) * 2;
-    t[10] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[10] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 0]) * a[12]
        +  ((sp_uint64)a[ 1]) * a[11]
        +  ((sp_uint64)a[ 2]) * a[10]
@@ -9068,7 +9063,7 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a)
        +  ((sp_uint64)a[ 4]) * a[ 8]
        +  ((sp_uint64)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint64)a[ 6]) * a[ 6];
-    t[11] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[11] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 0]) * a[13]
        +  ((sp_uint64)a[ 1]) * a[12]
        +  ((sp_uint64)a[ 2]) * a[11]
@@ -9076,7 +9071,7 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a)
        +  ((sp_uint64)a[ 4]) * a[ 9]
        +  ((sp_uint64)a[ 5]) * a[ 8]
        +  ((sp_uint64)a[ 6]) * a[ 7]) * 2;
-    t[12] = t0 & 0xfffffff; t1 += t0 >> 28;
+    t[12] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 1]) * a[13]
        +  ((sp_uint64)a[ 2]) * a[12]
        +  ((sp_uint64)a[ 3]) * a[11]
@@ -9084,62 +9079,62 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a)
        +  ((sp_uint64)a[ 5]) * a[ 9]
        +  ((sp_uint64)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint64)a[ 7]) * a[ 7];
-    t[13] = t1 & 0xfffffff; t0 += t1 >> 28;
+    t[13] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 2]) * a[13]
        +  ((sp_uint64)a[ 3]) * a[12]
        +  ((sp_uint64)a[ 4]) * a[11]
        +  ((sp_uint64)a[ 5]) * a[10]
        +  ((sp_uint64)a[ 6]) * a[ 9]
        +  ((sp_uint64)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[14] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 3]) * a[13]
        +  ((sp_uint64)a[ 4]) * a[12]
        +  ((sp_uint64)a[ 5]) * a[11]
        +  ((sp_uint64)a[ 6]) * a[10]
        +  ((sp_uint64)a[ 7]) * a[ 9]) * 2
        +  ((sp_uint64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[15] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 4]) * a[13]
        +  ((sp_uint64)a[ 5]) * a[12]
        +  ((sp_uint64)a[ 6]) * a[11]
        +  ((sp_uint64)a[ 7]) * a[10]
        +  ((sp_uint64)a[ 8]) * a[ 9]) * 2;
-    r[16] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[16] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 5]) * a[13]
        +  ((sp_uint64)a[ 6]) * a[12]
        +  ((sp_uint64)a[ 7]) * a[11]
        +  ((sp_uint64)a[ 8]) * a[10]) * 2
        +  ((sp_uint64)a[ 9]) * a[ 9];
-    r[17] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[17] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 6]) * a[13]
        +  ((sp_uint64)a[ 7]) * a[12]
        +  ((sp_uint64)a[ 8]) * a[11]
        +  ((sp_uint64)a[ 9]) * a[10]) * 2;
-    r[18] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[18] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 7]) * a[13]
        +  ((sp_uint64)a[ 8]) * a[12]
        +  ((sp_uint64)a[ 9]) * a[11]) * 2
        +  ((sp_uint64)a[10]) * a[10];
-    r[19] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[19] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[ 8]) * a[13]
        +  ((sp_uint64)a[ 9]) * a[12]
        +  ((sp_uint64)a[10]) * a[11]) * 2;
-    r[20] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[20] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[ 9]) * a[13]
        +  ((sp_uint64)a[10]) * a[12]) * 2
        +  ((sp_uint64)a[11]) * a[11];
-    r[21] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[21] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[10]) * a[13]
        +  ((sp_uint64)a[11]) * a[12]) * 2;
-    r[22] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[22] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 = (((sp_uint64)a[11]) * a[13]) * 2
        +  ((sp_uint64)a[12]) * a[12];
-    r[23] = t1 & 0xfffffff; t0 += t1 >> 28;
+    r[23] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
     t1 = (((sp_uint64)a[12]) * a[13]) * 2;
-    r[24] = t0 & 0xfffffff; t1 += t0 >> 28;
+    r[24] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28;
     t0 =  ((sp_uint64)a[13]) * a[13];
-    r[25] = t1 & 0xfffffff; t0 += t1 >> 28;
-    r[26] = t0 & 0xfffffff;
+    r[25] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28;
+    r[26] = (sp_digit)(t0 & 0xfffffff);
     r[27] = (sp_digit)(t0 >> 28);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -9397,21 +9392,21 @@ SP_NOINLINE static void sp_3072_mul_add_56(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0xfffffff;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffff);
         t[1] += t[0] >> 28;
-        r[i+1] = t[1] & 0xfffffff;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffff);
         t[2] += t[1] >> 28;
-        r[i+2] = t[2] & 0xfffffff;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffff);
         t[3] += t[2] >> 28;
-        r[i+3] = t[3] & 0xfffffff;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffff);
         t[4] += t[3] >> 28;
-        r[i+4] = t[4] & 0xfffffff;
+        r[i+4] = (sp_digit)(t[4] & 0xfffffff);
         t[5] += t[4] >> 28;
-        r[i+5] = t[5] & 0xfffffff;
+        r[i+5] = (sp_digit)(t[5] & 0xfffffff);
         t[6] += t[5] >> 28;
-        r[i+6] = t[6] & 0xfffffff;
+        r[i+6] = (sp_digit)(t[6] & 0xfffffff);
         t[7] += t[6] >> 28;
-        r[i+7] = t[7] & 0xfffffff;
+        r[i+7] = (sp_digit)(t[7] & 0xfffffff);
         t[0]  = t[7] >> 28;
     }
     t[0] += (tb * a[48]) + r[48];
@@ -9422,21 +9417,21 @@ SP_NOINLINE static void sp_3072_mul_add_56(sp_digit* r, const sp_digit* a,
     t[5]  = (tb * a[53]) + r[53];
     t[6]  = (tb * a[54]) + r[54];
     t[7]  = (tb * a[55]) + r[55];
-    r[48] = t[0] & 0xfffffff;
+    r[48] = (sp_digit)(t[0] & 0xfffffff);
     t[1] += t[0] >> 28;
-    r[49] = t[1] & 0xfffffff;
+    r[49] = (sp_digit)(t[1] & 0xfffffff);
     t[2] += t[1] >> 28;
-    r[50] = t[2] & 0xfffffff;
+    r[50] = (sp_digit)(t[2] & 0xfffffff);
     t[3] += t[2] >> 28;
-    r[51] = t[3] & 0xfffffff;
+    r[51] = (sp_digit)(t[3] & 0xfffffff);
     t[4] += t[3] >> 28;
-    r[52] = t[4] & 0xfffffff;
+    r[52] = (sp_digit)(t[4] & 0xfffffff);
     t[5] += t[4] >> 28;
-    r[53] = t[5] & 0xfffffff;
+    r[53] = (sp_digit)(t[5] & 0xfffffff);
     t[6] += t[5] >> 28;
-    r[54] = t[6] & 0xfffffff;
+    r[54] = (sp_digit)(t[6] & 0xfffffff);
     t[7] += t[6] >> 28;
-    r[55] = t[7] & 0xfffffff;
+    r[55] = (sp_digit)(t[7] & 0xfffffff);
     r[56] +=  (sp_digit)(t[7] >> 28);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -9452,29 +9447,29 @@ static void sp_3072_mont_shift_56(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[54] >> 24;
     n += ((sp_int64)a[55]) << 4;
     for (i = 0; i < 48; i += 8) {
-        r[i + 0] = n & 0xfffffff;
+        r[i + 0] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 56]) << 4;
-        r[i + 1] = n & 0xfffffff;
+        r[i + 1] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 57]) << 4;
-        r[i + 2] = n & 0xfffffff;
+        r[i + 2] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 58]) << 4;
-        r[i + 3] = n & 0xfffffff;
+        r[i + 3] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 59]) << 4;
-        r[i + 4] = n & 0xfffffff;
+        r[i + 4] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 60]) << 4;
-        r[i + 5] = n & 0xfffffff;
+        r[i + 5] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 61]) << 4;
-        r[i + 6] = n & 0xfffffff;
+        r[i + 6] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 62]) << 4;
-        r[i + 7] = n & 0xfffffff;
+        r[i + 7] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 63]) << 4;
     }
-    r[48] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[104]) << 4;
-    r[49] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[105]) << 4;
-    r[50] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[106]) << 4;
-    r[51] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[107]) << 4;
-    r[52] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[108]) << 4;
-    r[53] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[109]) << 4;
+    r[48] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[104]) << 4;
+    r[49] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[105]) << 4;
+    r[50] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[106]) << 4;
+    r[51] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[107]) << 4;
+    r[52] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[108]) << 4;
+    r[53] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[109]) << 4;
     r[54] = (sp_digit)n;
     XMEMSET(&r[55], 0, sizeof(*r) * 55U);
 }
@@ -9494,11 +9489,11 @@ static void sp_3072_mont_reduce_56(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_3072_norm_56(a + 55);
 
     for (i=0; i<54; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff);
         sp_3072_mul_add_56(a+i, m, mu);
         a[i+1] += a[i] >> 28;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL);
     sp_3072_mul_add_56(a+i, m, mu);
     a[i+1] += a[i] >> 28;
     a[i] &= 0xfffffff;
@@ -9611,22 +9606,22 @@ SP_NOINLINE static void sp_3072_rshift_56(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<48; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (28 - n)) & 0xfffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (28 - n)) & 0xfffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (28 - n)) & 0xfffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (28 - n)) & 0xfffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (28 - n)) & 0xfffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (28 - n)) & 0xfffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (28 - n)) & 0xfffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (28 - n)) & 0xfffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (28 - n)) & 0xfffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (28 - n)) & 0xfffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (28 - n)) & 0xfffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (28 - n)) & 0xfffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (28 - n)) & 0xfffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (28 - n)) & 0xfffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (28 - n)) & 0xfffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (28 - n)) & 0xfffffff);
     }
-    r[48] = (a[48] >> n) | ((a[49] << (28 - n)) & 0xfffffff);
-    r[49] = (a[49] >> n) | ((a[50] << (28 - n)) & 0xfffffff);
-    r[50] = (a[50] >> n) | ((a[51] << (28 - n)) & 0xfffffff);
-    r[51] = (a[51] >> n) | ((a[52] << (28 - n)) & 0xfffffff);
-    r[52] = (a[52] >> n) | ((a[53] << (28 - n)) & 0xfffffff);
-    r[53] = (a[53] >> n) | ((a[54] << (28 - n)) & 0xfffffff);
-    r[54] = (a[54] >> n) | ((a[55] << (28 - n)) & 0xfffffff);
+    r[48] = (a[48] >> n) | (sp_digit)((a[49] << (28 - n)) & 0xfffffff);
+    r[49] = (a[49] >> n) | (sp_digit)((a[50] << (28 - n)) & 0xfffffff);
+    r[50] = (a[50] >> n) | (sp_digit)((a[51] << (28 - n)) & 0xfffffff);
+    r[51] = (a[51] >> n) | (sp_digit)((a[52] << (28 - n)) & 0xfffffff);
+    r[52] = (a[52] >> n) | (sp_digit)((a[53] << (28 - n)) & 0xfffffff);
+    r[53] = (a[53] >> n) | (sp_digit)((a[54] << (28 - n)) & 0xfffffff);
+    r[54] = (a[54] >> n) | (sp_digit)((a[55] << (28 - n)) & 0xfffffff);
     r[55] = a[55] >> n;
 }
 
@@ -9914,7 +9909,7 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_56(t[0], m, mp);
         n = sp_3072_cmp_56(t[0], m);
-        sp_3072_cond_sub_56(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_56(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 56 * 2);
 
     }
@@ -10004,7 +9999,7 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_56(t[0], m, mp);
         n = sp_3072_cmp_56(t[0], m);
-        sp_3072_cond_sub_56(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_56(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 56 * 2);
     }
 
@@ -10149,7 +10144,7 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_56(rt, m, mp);
         n = sp_3072_cmp_56(rt, m);
-        sp_3072_cond_sub_56(rt, rt, m, ~(n >> 31));
+        sp_3072_cond_sub_56(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 112);
     }
 
@@ -10287,21 +10282,21 @@ SP_NOINLINE static void sp_3072_mul_add_112(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0xfffffff;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffff);
         t[1] += t[0] >> 28;
-        r[i+1] = t[1] & 0xfffffff;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffff);
         t[2] += t[1] >> 28;
-        r[i+2] = t[2] & 0xfffffff;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffff);
         t[3] += t[2] >> 28;
-        r[i+3] = t[3] & 0xfffffff;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffff);
         t[4] += t[3] >> 28;
-        r[i+4] = t[4] & 0xfffffff;
+        r[i+4] = (sp_digit)(t[4] & 0xfffffff);
         t[5] += t[4] >> 28;
-        r[i+5] = t[5] & 0xfffffff;
+        r[i+5] = (sp_digit)(t[5] & 0xfffffff);
         t[6] += t[5] >> 28;
-        r[i+6] = t[6] & 0xfffffff;
+        r[i+6] = (sp_digit)(t[6] & 0xfffffff);
         t[7] += t[6] >> 28;
-        r[i+7] = t[7] & 0xfffffff;
+        r[i+7] = (sp_digit)(t[7] & 0xfffffff);
         t[0]  = t[7] >> 28;
     }
     t[0] += (tb * a[104]) + r[104];
@@ -10312,21 +10307,21 @@ SP_NOINLINE static void sp_3072_mul_add_112(sp_digit* r, const sp_digit* a,
     t[5]  = (tb * a[109]) + r[109];
     t[6]  = (tb * a[110]) + r[110];
     t[7]  = (tb * a[111]) + r[111];
-    r[104] = t[0] & 0xfffffff;
+    r[104] = (sp_digit)(t[0] & 0xfffffff);
     t[1] += t[0] >> 28;
-    r[105] = t[1] & 0xfffffff;
+    r[105] = (sp_digit)(t[1] & 0xfffffff);
     t[2] += t[1] >> 28;
-    r[106] = t[2] & 0xfffffff;
+    r[106] = (sp_digit)(t[2] & 0xfffffff);
     t[3] += t[2] >> 28;
-    r[107] = t[3] & 0xfffffff;
+    r[107] = (sp_digit)(t[3] & 0xfffffff);
     t[4] += t[3] >> 28;
-    r[108] = t[4] & 0xfffffff;
+    r[108] = (sp_digit)(t[4] & 0xfffffff);
     t[5] += t[4] >> 28;
-    r[109] = t[5] & 0xfffffff;
+    r[109] = (sp_digit)(t[5] & 0xfffffff);
     t[6] += t[5] >> 28;
-    r[110] = t[6] & 0xfffffff;
+    r[110] = (sp_digit)(t[6] & 0xfffffff);
     t[7] += t[6] >> 28;
-    r[111] = t[7] & 0xfffffff;
+    r[111] = (sp_digit)(t[7] & 0xfffffff);
     r[112] +=  (sp_digit)(t[7] >> 28);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -10342,28 +10337,28 @@ static void sp_3072_mont_shift_112(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[109] >> 20;
     n += ((sp_int64)a[110]) << 8;
     for (i = 0; i < 104; i += 8) {
-        r[i + 0] = n & 0xfffffff;
+        r[i + 0] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 111]) << 8;
-        r[i + 1] = n & 0xfffffff;
+        r[i + 1] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 112]) << 8;
-        r[i + 2] = n & 0xfffffff;
+        r[i + 2] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 113]) << 8;
-        r[i + 3] = n & 0xfffffff;
+        r[i + 3] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 114]) << 8;
-        r[i + 4] = n & 0xfffffff;
+        r[i + 4] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 115]) << 8;
-        r[i + 5] = n & 0xfffffff;
+        r[i + 5] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 116]) << 8;
-        r[i + 6] = n & 0xfffffff;
+        r[i + 6] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 117]) << 8;
-        r[i + 7] = n & 0xfffffff;
+        r[i + 7] = (sp_digit)(n & 0xfffffff);
         n >>= 28; n += ((sp_int64)a[i + 118]) << 8;
     }
-    r[104] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[215]) << 8;
-    r[105] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[216]) << 8;
-    r[106] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[217]) << 8;
-    r[107] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[218]) << 8;
-    r[108] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[219]) << 8;
+    r[104] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[215]) << 8;
+    r[105] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[216]) << 8;
+    r[106] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[217]) << 8;
+    r[107] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[218]) << 8;
+    r[108] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[219]) << 8;
     r[109] = (sp_digit)n;
     XMEMSET(&r[110], 0, sizeof(*r) * 110U);
 }
@@ -10385,33 +10380,33 @@ static void sp_3072_mont_reduce_112(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<109; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff);
             sp_3072_mul_add_112(a+i, m, mu);
             a[i+1] += a[i] >> 28;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL);
         sp_3072_mul_add_112(a+i, m, mu);
         a[i+1] += a[i] >> 28;
         a[i] &= 0xfffffff;
     }
     else {
         for (i=0; i<109; i++) {
-            mu = a[i] & 0xfffffff;
+            mu = (sp_digit)(a[i] & 0xfffffff);
             sp_3072_mul_add_112(a+i, m, mu);
             a[i+1] += a[i] >> 28;
         }
-        mu = a[i] & 0xfffffL;
+        mu = (sp_digit)(a[i] & 0xfffffL);
         sp_3072_mul_add_112(a+i, m, mu);
         a[i+1] += a[i] >> 28;
         a[i] &= 0xfffffff;
     }
 #else
     for (i=0; i<109; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff);
         sp_3072_mul_add_112(a+i, m, mu);
         a[i+1] += a[i] >> 28;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL);
     sp_3072_mul_add_112(a+i, m, mu);
     a[i+1] += a[i] >> 28;
     a[i] &= 0xfffffff;
@@ -10525,22 +10520,22 @@ SP_NOINLINE static void sp_3072_rshift_112(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<104; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (28 - n)) & 0xfffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (28 - n)) & 0xfffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (28 - n)) & 0xfffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (28 - n)) & 0xfffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (28 - n)) & 0xfffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (28 - n)) & 0xfffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (28 - n)) & 0xfffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (28 - n)) & 0xfffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (28 - n)) & 0xfffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (28 - n)) & 0xfffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (28 - n)) & 0xfffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (28 - n)) & 0xfffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (28 - n)) & 0xfffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (28 - n)) & 0xfffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (28 - n)) & 0xfffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (28 - n)) & 0xfffffff);
     }
-    r[104] = (a[104] >> n) | ((a[105] << (28 - n)) & 0xfffffff);
-    r[105] = (a[105] >> n) | ((a[106] << (28 - n)) & 0xfffffff);
-    r[106] = (a[106] >> n) | ((a[107] << (28 - n)) & 0xfffffff);
-    r[107] = (a[107] >> n) | ((a[108] << (28 - n)) & 0xfffffff);
-    r[108] = (a[108] >> n) | ((a[109] << (28 - n)) & 0xfffffff);
-    r[109] = (a[109] >> n) | ((a[110] << (28 - n)) & 0xfffffff);
-    r[110] = (a[110] >> n) | ((a[111] << (28 - n)) & 0xfffffff);
+    r[104] = (a[104] >> n) | (sp_digit)((a[105] << (28 - n)) & 0xfffffff);
+    r[105] = (a[105] >> n) | (sp_digit)((a[106] << (28 - n)) & 0xfffffff);
+    r[106] = (a[106] >> n) | (sp_digit)((a[107] << (28 - n)) & 0xfffffff);
+    r[107] = (a[107] >> n) | (sp_digit)((a[108] << (28 - n)) & 0xfffffff);
+    r[108] = (a[108] >> n) | (sp_digit)((a[109] << (28 - n)) & 0xfffffff);
+    r[109] = (a[109] >> n) | (sp_digit)((a[110] << (28 - n)) & 0xfffffff);
+    r[110] = (a[110] >> n) | (sp_digit)((a[111] << (28 - n)) & 0xfffffff);
     r[111] = a[111] >> n;
 }
 
@@ -10832,7 +10827,7 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_112(t[0], m, mp);
         n = sp_3072_cmp_112(t[0], m);
-        sp_3072_cond_sub_112(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_112(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 112 * 2);
 
     }
@@ -10922,7 +10917,7 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_112(t[0], m, mp);
         n = sp_3072_cmp_112(t[0], m);
-        sp_3072_cond_sub_112(t[0], t[0], m, ~(n >> 31));
+        sp_3072_cond_sub_112(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 112 * 2);
     }
 
@@ -11050,7 +11045,7 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_3072_mont_reduce_112(rt, m, mp);
         n = sp_3072_cmp_112(rt, m);
-        sp_3072_cond_sub_112(rt, rt, m, ~(n >> 31));
+        sp_3072_cond_sub_112(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 224);
     }
 
@@ -11895,228 +11890,228 @@ SP_NOINLINE static void sp_3072_lshift_112(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[111];
     r[112] = s >> (28U - n);
     s = (sp_int_digit)(a[111]); t = (sp_int_digit)(a[110]);
-    r[111] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[111] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[110]); t = (sp_int_digit)(a[109]);
-    r[110] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[110] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[109]); t = (sp_int_digit)(a[108]);
-    r[109] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[109] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[108]); t = (sp_int_digit)(a[107]);
-    r[108] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[108] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[107]); t = (sp_int_digit)(a[106]);
-    r[107] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[107] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[106]); t = (sp_int_digit)(a[105]);
-    r[106] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[106] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[105]); t = (sp_int_digit)(a[104]);
-    r[105] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[105] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[104]); t = (sp_int_digit)(a[103]);
-    r[104] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[104] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[103]); t = (sp_int_digit)(a[102]);
-    r[103] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[103] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[102]); t = (sp_int_digit)(a[101]);
-    r[102] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[102] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[101]); t = (sp_int_digit)(a[100]);
-    r[101] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[101] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[100]); t = (sp_int_digit)(a[99]);
-    r[100] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[100] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[99]); t = (sp_int_digit)(a[98]);
-    r[99] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[99] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[98]); t = (sp_int_digit)(a[97]);
-    r[98] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[98] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[97]); t = (sp_int_digit)(a[96]);
-    r[97] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[97] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[96]); t = (sp_int_digit)(a[95]);
-    r[96] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[96] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[95]); t = (sp_int_digit)(a[94]);
-    r[95] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[95] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[94]); t = (sp_int_digit)(a[93]);
-    r[94] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[94] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[93]); t = (sp_int_digit)(a[92]);
-    r[93] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[93] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[92]); t = (sp_int_digit)(a[91]);
-    r[92] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[92] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[91]); t = (sp_int_digit)(a[90]);
-    r[91] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[91] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[90]); t = (sp_int_digit)(a[89]);
-    r[90] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[90] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[89]); t = (sp_int_digit)(a[88]);
-    r[89] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[89] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[88]); t = (sp_int_digit)(a[87]);
-    r[88] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[88] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[87]); t = (sp_int_digit)(a[86]);
-    r[87] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[87] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[86]); t = (sp_int_digit)(a[85]);
-    r[86] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[86] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[85]); t = (sp_int_digit)(a[84]);
-    r[85] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[85] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[84]); t = (sp_int_digit)(a[83]);
-    r[84] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[84] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[83]); t = (sp_int_digit)(a[82]);
-    r[83] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[83] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[82]); t = (sp_int_digit)(a[81]);
-    r[82] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[82] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[81]); t = (sp_int_digit)(a[80]);
-    r[81] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[81] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[80]); t = (sp_int_digit)(a[79]);
-    r[80] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[80] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[79]); t = (sp_int_digit)(a[78]);
-    r[79] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[79] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[78]); t = (sp_int_digit)(a[77]);
-    r[78] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[78] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]);
-    r[77] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[77] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]);
-    r[76] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[76] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]);
-    r[75] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[75] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]);
-    r[74] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[74] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]);
-    r[73] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[73] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]);
-    r[72] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[72] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]);
-    r[71] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[71] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]);
-    r[70] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[70] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]);
-    r[69] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[69] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]);
-    r[68] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[68] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]);
-    r[67] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[67] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]);
-    r[66] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[66] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]);
-    r[65] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[65] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]);
-    r[64] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[64] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]);
-    r[63] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[63] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]);
-    r[62] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[62] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]);
-    r[61] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[61] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]);
-    r[60] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[60] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]);
-    r[59] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[59] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]);
-    r[58] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[58] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]);
-    r[57] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[57] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]);
-    r[56] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[56] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]);
-    r[55] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[55] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]);
-    r[54] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[54] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[53] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[52] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[51] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[50] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[49] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[48] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[47] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[46] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[45] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[44] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[43] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[42] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[41] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[40] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[39] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[38] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[37] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[36] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[35] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[34] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[33] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[32] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[31] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[30] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (28U - n))) & 0xfffffff;
-    r[0] = (a[0] << n) & 0xfffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff);
+    r[0] = (sp_digit)((a[0] << n) & 0xfffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -12226,7 +12221,7 @@ static int sp_3072_mod_exp_2_112(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_3072_mont_reduce_112(r, m, mp);
         n = sp_3072_cmp_112(r, m);
-        sp_3072_cond_sub_112(r, r, m, ~(n >> 31));
+        sp_3072_cond_sub_112(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -12953,23 +12948,23 @@ SP_NOINLINE static void sp_4096_mul_add_71(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[68]) + r[68];
     t[1]  = (tb * a[69]) + r[69];
     t[2]  = (tb * a[70]) + r[70];
-    r[68] = t[0] & 0x1fffffff;
+    r[68] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[69] = t[1] & 0x1fffffff;
+    r[69] = (sp_digit)(t[1] & 0x1fffffff);
     t[2] += t[1] >> 29;
-    r[70] = t[2] & 0x1fffffff;
+    r[70] = (sp_digit)(t[2] & 0x1fffffff);
     r[71] +=  (sp_digit)(t[2] >> 29);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -12986,7 +12981,7 @@ static void sp_4096_mont_shift_71(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[71]) << 11;
 
     for (i = 0; i < 70; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[72 + i]) << 11;
     }
@@ -13009,11 +13004,11 @@ static void sp_4096_mont_reduce_71(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_4096_norm_71(a + 71);
 
     for (i=0; i<70; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_4096_mul_add_71(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL);
     sp_4096_mul_add_71(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -13237,7 +13232,7 @@ SP_NOINLINE static void sp_4096_rshift_71(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<70; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
     r[70] = a[70] >> n;
 }
@@ -13526,7 +13521,7 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_71(t[0], m, mp);
         n = sp_4096_cmp_71(t[0], m);
-        sp_4096_cond_sub_71(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_71(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 71 * 2);
 
     }
@@ -13616,7 +13611,7 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_71(t[0], m, mp);
         n = sp_4096_cmp_71(t[0], m);
-        sp_4096_cond_sub_71(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_71(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 71 * 2);
     }
 
@@ -13761,7 +13756,7 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_71(rt, m, mp);
         n = sp_4096_cmp_71(rt, m);
-        sp_4096_cond_sub_71(rt, rt, m, ~(n >> 31));
+        sp_4096_cond_sub_71(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 142);
     }
 
@@ -13886,20 +13881,20 @@ SP_NOINLINE static void sp_4096_mul_add_142(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[140]) + r[140];
     t[1]  = (tb * a[141]) + r[141];
-    r[140] = t[0] & 0x1fffffff;
+    r[140] = (sp_digit)(t[0] & 0x1fffffff);
     t[1] += t[0] >> 29;
-    r[141] = t[1] & 0x1fffffff;
+    r[141] = (sp_digit)(t[1] & 0x1fffffff);
     r[142] +=  (sp_digit)(t[1] >> 29);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -13916,7 +13911,7 @@ static void sp_4096_mont_shift_142(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[142]) << 22;
 
     for (i = 0; i < 141; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[143 + i]) << 22;
     }
@@ -13941,33 +13936,33 @@ static void sp_4096_mont_reduce_142(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<141; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
             sp_4096_mul_add_142(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL);
         sp_4096_mul_add_142(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
     else {
         for (i=0; i<141; i++) {
-            mu = a[i] & 0x1fffffff;
+            mu = (sp_digit)(a[i] & 0x1fffffff);
             sp_4096_mul_add_142(a+i, m, mu);
             a[i+1] += a[i] >> 29;
         }
-        mu = a[i] & 0x7fL;
+        mu = (sp_digit)(a[i] & 0x7fL);
         sp_4096_mul_add_142(a+i, m, mu);
         a[i+1] += a[i] >> 29;
         a[i] &= 0x1fffffff;
     }
 #else
     for (i=0; i<141; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_4096_mul_add_142(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL);
     sp_4096_mul_add_142(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -14073,7 +14068,7 @@ SP_NOINLINE static void sp_4096_rshift_142(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<141; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
     r[141] = a[141] >> n;
 }
@@ -14363,7 +14358,7 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_142(t[0], m, mp);
         n = sp_4096_cmp_142(t[0], m);
-        sp_4096_cond_sub_142(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_142(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 142 * 2);
 
     }
@@ -14453,7 +14448,7 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_142(t[0], m, mp);
         n = sp_4096_cmp_142(t[0], m);
-        sp_4096_cond_sub_142(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_142(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 142 * 2);
     }
 
@@ -14581,7 +14576,7 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_142(rt, m, mp);
         n = sp_4096_cmp_142(rt, m);
-        sp_4096_cond_sub_142(rt, rt, m, ~(n >> 31));
+        sp_4096_cond_sub_142(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 284);
     }
 
@@ -15422,9 +15417,9 @@ SP_NOINLINE static void sp_4096_lshift_142(sp_digit* r, const sp_digit* a,
 
     r[142] = a[141] >> (29 - n);
     for (i=141; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff);
     }
-    r[0] = (a[0] << n) & 0x1fffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -15534,7 +15529,7 @@ static int sp_4096_mod_exp_2_142(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_4096_mont_reduce_142(r, m, mp);
         n = sp_4096_cmp_142(r, m);
-        sp_4096_cond_sub_142(r, r, m, ~(n >> 31));
+        sp_4096_cond_sub_142(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -15921,29 +15916,29 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint64)a[ 0]) * b[ 0];
     t1 = ((sp_uint64)a[ 0]) * b[ 1]
        + ((sp_uint64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 0]) * b[ 2]
        + ((sp_uint64)a[ 1]) * b[ 1]
        + ((sp_uint64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 0]) * b[ 3]
        + ((sp_uint64)a[ 1]) * b[ 2]
        + ((sp_uint64)a[ 2]) * b[ 1]
        + ((sp_uint64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 0]) * b[ 4]
        + ((sp_uint64)a[ 1]) * b[ 3]
        + ((sp_uint64)a[ 2]) * b[ 2]
        + ((sp_uint64)a[ 3]) * b[ 1]
        + ((sp_uint64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 0]) * b[ 5]
        + ((sp_uint64)a[ 1]) * b[ 4]
        + ((sp_uint64)a[ 2]) * b[ 3]
        + ((sp_uint64)a[ 3]) * b[ 2]
        + ((sp_uint64)a[ 4]) * b[ 1]
        + ((sp_uint64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 0]) * b[ 6]
        + ((sp_uint64)a[ 1]) * b[ 5]
        + ((sp_uint64)a[ 2]) * b[ 4]
@@ -15951,7 +15946,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 4]) * b[ 2]
        + ((sp_uint64)a[ 5]) * b[ 1]
        + ((sp_uint64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 0]) * b[ 7]
        + ((sp_uint64)a[ 1]) * b[ 6]
        + ((sp_uint64)a[ 2]) * b[ 5]
@@ -15960,7 +15955,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 5]) * b[ 2]
        + ((sp_uint64)a[ 6]) * b[ 1]
        + ((sp_uint64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 0]) * b[ 8]
        + ((sp_uint64)a[ 1]) * b[ 7]
        + ((sp_uint64)a[ 2]) * b[ 6]
@@ -15970,7 +15965,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 2]
        + ((sp_uint64)a[ 7]) * b[ 1]
        + ((sp_uint64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 1]) * b[ 8]
        + ((sp_uint64)a[ 2]) * b[ 7]
        + ((sp_uint64)a[ 3]) * b[ 6]
@@ -15979,7 +15974,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 3]
        + ((sp_uint64)a[ 7]) * b[ 2]
        + ((sp_uint64)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 2]) * b[ 8]
        + ((sp_uint64)a[ 3]) * b[ 7]
        + ((sp_uint64)a[ 4]) * b[ 6]
@@ -15987,35 +15982,35 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint64)a[ 6]) * b[ 4]
        + ((sp_uint64)a[ 7]) * b[ 3]
        + ((sp_uint64)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 3]) * b[ 8]
        + ((sp_uint64)a[ 4]) * b[ 7]
        + ((sp_uint64)a[ 5]) * b[ 6]
        + ((sp_uint64)a[ 6]) * b[ 5]
        + ((sp_uint64)a[ 7]) * b[ 4]
        + ((sp_uint64)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 4]) * b[ 8]
        + ((sp_uint64)a[ 5]) * b[ 7]
        + ((sp_uint64)a[ 6]) * b[ 6]
        + ((sp_uint64)a[ 7]) * b[ 5]
        + ((sp_uint64)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 5]) * b[ 8]
        + ((sp_uint64)a[ 6]) * b[ 7]
        + ((sp_uint64)a[ 7]) * b[ 6]
        + ((sp_uint64)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 6]) * b[ 8]
        + ((sp_uint64)a[ 7]) * b[ 7]
        + ((sp_uint64)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_uint64)a[ 7]) * b[ 8]
        + ((sp_uint64)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_uint64)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x3ffffff; t0 += t1 >> 26;
-    r[16] = t0 & 0x3ffffff;
+    r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
+    r[16] = (sp_digit)(t0 & 0x3ffffff);
     r[17] = (sp_digit)(t0 >> 26);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -16529,66 +16524,66 @@ SP_NOINLINE static void sp_4096_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint64)a[ 0]) * a[ 0];
     t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 0]) * a[ 3]
        +  ((sp_uint64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 0]) * a[ 4]
        +  ((sp_uint64)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 0]) * a[ 5]
        +  ((sp_uint64)a[ 1]) * a[ 4]
        +  ((sp_uint64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 0]) * a[ 6]
        +  ((sp_uint64)a[ 1]) * a[ 5]
        +  ((sp_uint64)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 0]) * a[ 7]
        +  ((sp_uint64)a[ 1]) * a[ 6]
        +  ((sp_uint64)a[ 2]) * a[ 5]
        +  ((sp_uint64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 0]) * a[ 8]
        +  ((sp_uint64)a[ 1]) * a[ 7]
        +  ((sp_uint64)a[ 2]) * a[ 6]
        +  ((sp_uint64)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 1]) * a[ 8]
        +  ((sp_uint64)a[ 2]) * a[ 7]
        +  ((sp_uint64)a[ 3]) * a[ 6]
        +  ((sp_uint64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 2]) * a[ 8]
        +  ((sp_uint64)a[ 3]) * a[ 7]
        +  ((sp_uint64)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint64)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 3]) * a[ 8]
        +  ((sp_uint64)a[ 4]) * a[ 7]
        +  ((sp_uint64)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 4]) * a[ 8]
        +  ((sp_uint64)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint64)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 5]) * a[ 8]
        +  ((sp_uint64)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_uint64)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint64)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_uint64)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 =  ((sp_uint64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x3ffffff; t0 += t1 >> 26;
-    r[16] = t0 & 0x3ffffff;
+    r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
+    r[16] = (sp_digit)(t0 & 0x3ffffff);
     r[17] = (sp_digit)(t0 >> 26);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -16936,25 +16931,25 @@ SP_NOINLINE static void sp_4096_mul_add_81(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x3ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x3ffffff);
         t[1] += t[0] >> 26;
-        r[i+1] = t[1] & 0x3ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x3ffffff);
         t[2] += t[1] >> 26;
-        r[i+2] = t[2] & 0x3ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x3ffffff);
         t[3] += t[2] >> 26;
-        r[i+3] = t[3] & 0x3ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x3ffffff);
         t[4] += t[3] >> 26;
-        r[i+4] = t[4] & 0x3ffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x3ffffff);
         t[5] += t[4] >> 26;
-        r[i+5] = t[5] & 0x3ffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x3ffffff);
         t[6] += t[5] >> 26;
-        r[i+6] = t[6] & 0x3ffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x3ffffff);
         t[7] += t[6] >> 26;
-        r[i+7] = t[7] & 0x3ffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x3ffffff);
         t[0]  = t[7] >> 26;
     }
     t[0] += (tb * a[80]) + r[80];
-    r[80] = t[0] & 0x3ffffff;
+    r[80] = (sp_digit)(t[0] & 0x3ffffff);
     r[81] +=  (sp_digit)(t[0] >> 26);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -16970,29 +16965,29 @@ static void sp_4096_mont_shift_81(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[78] >> 20;
     n += ((sp_int64)a[79]) << 6;
     for (i = 0; i < 72; i += 8) {
-        r[i + 0] = n & 0x3ffffff;
+        r[i + 0] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 80]) << 6;
-        r[i + 1] = n & 0x3ffffff;
+        r[i + 1] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 81]) << 6;
-        r[i + 2] = n & 0x3ffffff;
+        r[i + 2] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 82]) << 6;
-        r[i + 3] = n & 0x3ffffff;
+        r[i + 3] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 83]) << 6;
-        r[i + 4] = n & 0x3ffffff;
+        r[i + 4] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 84]) << 6;
-        r[i + 5] = n & 0x3ffffff;
+        r[i + 5] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 85]) << 6;
-        r[i + 6] = n & 0x3ffffff;
+        r[i + 6] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 86]) << 6;
-        r[i + 7] = n & 0x3ffffff;
+        r[i + 7] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 87]) << 6;
     }
-    r[72] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[152]) << 6;
-    r[73] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[153]) << 6;
-    r[74] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[154]) << 6;
-    r[75] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[155]) << 6;
-    r[76] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[156]) << 6;
-    r[77] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[157]) << 6;
+    r[72] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[152]) << 6;
+    r[73] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[153]) << 6;
+    r[74] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[154]) << 6;
+    r[75] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[155]) << 6;
+    r[76] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[156]) << 6;
+    r[77] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[157]) << 6;
     r[78] = (sp_digit)n;
     XMEMSET(&r[79], 0, sizeof(*r) * 79U);
 }
@@ -17012,11 +17007,11 @@ static void sp_4096_mont_reduce_81(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_4096_norm_81(a + 79);
 
     for (i=0; i<78; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff);
         sp_4096_mul_add_81(a+i, m, mu);
         a[i+1] += a[i] >> 26;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL);
     sp_4096_mul_add_81(a+i, m, mu);
     a[i+1] += a[i] >> 26;
     a[i] &= 0x3ffffff;
@@ -17133,14 +17128,14 @@ SP_NOINLINE static void sp_4096_rshift_81(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<80; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff);
     }
     r[80] = a[80] >> n;
 }
@@ -17430,7 +17425,7 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_81(t[0], m, mp);
         n = sp_4096_cmp_81(t[0], m);
-        sp_4096_cond_sub_81(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_81(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 81 * 2);
 
     }
@@ -17520,7 +17515,7 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_81(t[0], m, mp);
         n = sp_4096_cmp_81(t[0], m);
-        sp_4096_cond_sub_81(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_81(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 81 * 2);
     }
 
@@ -17665,7 +17660,7 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_81(rt, m, mp);
         n = sp_4096_cmp_81(rt, m);
-        sp_4096_cond_sub_81(rt, rt, m, ~(n >> 31));
+        sp_4096_cond_sub_81(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 162);
     }
 
@@ -17810,28 +17805,28 @@ SP_NOINLINE static void sp_4096_mul_add_162(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x3ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x3ffffff);
         t[1] += t[0] >> 26;
-        r[i+1] = t[1] & 0x3ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x3ffffff);
         t[2] += t[1] >> 26;
-        r[i+2] = t[2] & 0x3ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x3ffffff);
         t[3] += t[2] >> 26;
-        r[i+3] = t[3] & 0x3ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x3ffffff);
         t[4] += t[3] >> 26;
-        r[i+4] = t[4] & 0x3ffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x3ffffff);
         t[5] += t[4] >> 26;
-        r[i+5] = t[5] & 0x3ffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x3ffffff);
         t[6] += t[5] >> 26;
-        r[i+6] = t[6] & 0x3ffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x3ffffff);
         t[7] += t[6] >> 26;
-        r[i+7] = t[7] & 0x3ffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x3ffffff);
         t[0]  = t[7] >> 26;
     }
     t[0] += (tb * a[160]) + r[160];
     t[1]  = (tb * a[161]) + r[161];
-    r[160] = t[0] & 0x3ffffff;
+    r[160] = (sp_digit)(t[0] & 0x3ffffff);
     t[1] += t[0] >> 26;
-    r[161] = t[1] & 0x3ffffff;
+    r[161] = (sp_digit)(t[1] & 0x3ffffff);
     r[162] +=  (sp_digit)(t[1] >> 26);
 #endif /* !WOLFSSL_SP_LARGE_CODE */
 }
@@ -17847,28 +17842,28 @@ static void sp_4096_mont_shift_162(sp_digit* r, const sp_digit* a)
     sp_int64 n = a[157] >> 14;
     n += ((sp_int64)a[158]) << 12;
     for (i = 0; i < 152; i += 8) {
-        r[i + 0] = n & 0x3ffffff;
+        r[i + 0] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 159]) << 12;
-        r[i + 1] = n & 0x3ffffff;
+        r[i + 1] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 160]) << 12;
-        r[i + 2] = n & 0x3ffffff;
+        r[i + 2] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 161]) << 12;
-        r[i + 3] = n & 0x3ffffff;
+        r[i + 3] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 162]) << 12;
-        r[i + 4] = n & 0x3ffffff;
+        r[i + 4] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 163]) << 12;
-        r[i + 5] = n & 0x3ffffff;
+        r[i + 5] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 164]) << 12;
-        r[i + 6] = n & 0x3ffffff;
+        r[i + 6] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 165]) << 12;
-        r[i + 7] = n & 0x3ffffff;
+        r[i + 7] = (sp_digit)(n & 0x3ffffff);
         n >>= 26; n += ((sp_int64)a[i + 166]) << 12;
     }
-    r[152] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[311]) << 12;
-    r[153] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[312]) << 12;
-    r[154] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[313]) << 12;
-    r[155] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[314]) << 12;
-    r[156] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[315]) << 12;
+    r[152] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[311]) << 12;
+    r[153] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[312]) << 12;
+    r[154] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[313]) << 12;
+    r[155] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[314]) << 12;
+    r[156] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[315]) << 12;
     r[157] = (sp_digit)n;
     XMEMSET(&r[158], 0, sizeof(*r) * 158U);
 }
@@ -17890,33 +17885,33 @@ static void sp_4096_mont_reduce_162(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<157; i++) {
-            mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff;
+            mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff);
             sp_4096_mul_add_162(a+i, m, mu);
             a[i+1] += a[i] >> 26;
         }
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL);
         sp_4096_mul_add_162(a+i, m, mu);
         a[i+1] += a[i] >> 26;
         a[i] &= 0x3ffffff;
     }
     else {
         for (i=0; i<157; i++) {
-            mu = a[i] & 0x3ffffff;
+            mu = (sp_digit)(a[i] & 0x3ffffff);
             sp_4096_mul_add_162(a+i, m, mu);
             a[i+1] += a[i] >> 26;
         }
-        mu = a[i] & 0x3fffL;
+        mu = (sp_digit)(a[i] & 0x3fffL);
         sp_4096_mul_add_162(a+i, m, mu);
         a[i+1] += a[i] >> 26;
         a[i] &= 0x3ffffff;
     }
 #else
     for (i=0; i<157; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff);
         sp_4096_mul_add_162(a+i, m, mu);
         a[i+1] += a[i] >> 26;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL);
     sp_4096_mul_add_162(a+i, m, mu);
     a[i+1] += a[i] >> 26;
     a[i] &= 0x3ffffff;
@@ -18032,16 +18027,16 @@ SP_NOINLINE static void sp_4096_rshift_162(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<160; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff);
     }
-    r[160] = (a[160] >> n) | ((a[161] << (26 - n)) & 0x3ffffff);
+    r[160] = (a[160] >> n) | (sp_digit)((a[161] << (26 - n)) & 0x3ffffff);
     r[161] = a[161] >> n;
 }
 
@@ -18335,7 +18330,7 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_162(t[0], m, mp);
         n = sp_4096_cmp_162(t[0], m);
-        sp_4096_cond_sub_162(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_162(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 162 * 2);
 
     }
@@ -18425,7 +18420,7 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_162(t[0], m, mp);
         n = sp_4096_cmp_162(t[0], m);
-        sp_4096_cond_sub_162(t[0], t[0], m, ~(n >> 31));
+        sp_4096_cond_sub_162(t[0], t[0], m, (sp_digit)~(n >> 31));
         XMEMCPY(r, t[0], sizeof(*r) * 162 * 2);
     }
 
@@ -18553,7 +18548,7 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e
 
         sp_4096_mont_reduce_162(rt, m, mp);
         n = sp_4096_cmp_162(rt, m);
-        sp_4096_cond_sub_162(rt, rt, m, ~(n >> 31));
+        sp_4096_cond_sub_162(rt, rt, m, (sp_digit)~(n >> 31));
         XMEMCPY(r, rt, sizeof(sp_digit) * 324);
     }
 
@@ -19398,328 +19393,328 @@ SP_NOINLINE static void sp_4096_lshift_162(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[161];
     r[162] = s >> (26U - n);
     s = (sp_int_digit)(a[161]); t = (sp_int_digit)(a[160]);
-    r[161] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[161] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[160]); t = (sp_int_digit)(a[159]);
-    r[160] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[160] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[159]); t = (sp_int_digit)(a[158]);
-    r[159] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[159] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[158]); t = (sp_int_digit)(a[157]);
-    r[158] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[158] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[157]); t = (sp_int_digit)(a[156]);
-    r[157] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[157] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[156]); t = (sp_int_digit)(a[155]);
-    r[156] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[156] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[155]); t = (sp_int_digit)(a[154]);
-    r[155] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[155] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[154]); t = (sp_int_digit)(a[153]);
-    r[154] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[154] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[153]); t = (sp_int_digit)(a[152]);
-    r[153] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[153] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[152]); t = (sp_int_digit)(a[151]);
-    r[152] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[152] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[151]); t = (sp_int_digit)(a[150]);
-    r[151] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[151] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[150]); t = (sp_int_digit)(a[149]);
-    r[150] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[150] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[149]); t = (sp_int_digit)(a[148]);
-    r[149] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[149] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[148]); t = (sp_int_digit)(a[147]);
-    r[148] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[148] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[147]); t = (sp_int_digit)(a[146]);
-    r[147] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[147] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[146]); t = (sp_int_digit)(a[145]);
-    r[146] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[146] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[145]); t = (sp_int_digit)(a[144]);
-    r[145] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[145] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[144]); t = (sp_int_digit)(a[143]);
-    r[144] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[144] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[143]); t = (sp_int_digit)(a[142]);
-    r[143] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[143] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[142]); t = (sp_int_digit)(a[141]);
-    r[142] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[142] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[141]); t = (sp_int_digit)(a[140]);
-    r[141] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[141] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[140]); t = (sp_int_digit)(a[139]);
-    r[140] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[140] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[139]); t = (sp_int_digit)(a[138]);
-    r[139] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[139] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[138]); t = (sp_int_digit)(a[137]);
-    r[138] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[138] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[137]); t = (sp_int_digit)(a[136]);
-    r[137] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[137] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[136]); t = (sp_int_digit)(a[135]);
-    r[136] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[136] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[135]); t = (sp_int_digit)(a[134]);
-    r[135] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[135] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[134]); t = (sp_int_digit)(a[133]);
-    r[134] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[134] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[133]); t = (sp_int_digit)(a[132]);
-    r[133] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[133] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[132]); t = (sp_int_digit)(a[131]);
-    r[132] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[132] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[131]); t = (sp_int_digit)(a[130]);
-    r[131] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[131] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[130]); t = (sp_int_digit)(a[129]);
-    r[130] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[130] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[129]); t = (sp_int_digit)(a[128]);
-    r[129] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[129] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[128]); t = (sp_int_digit)(a[127]);
-    r[128] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[128] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[127]); t = (sp_int_digit)(a[126]);
-    r[127] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[127] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[126]); t = (sp_int_digit)(a[125]);
-    r[126] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[126] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[125]); t = (sp_int_digit)(a[124]);
-    r[125] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[125] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[124]); t = (sp_int_digit)(a[123]);
-    r[124] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[124] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[123]); t = (sp_int_digit)(a[122]);
-    r[123] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[123] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[122]); t = (sp_int_digit)(a[121]);
-    r[122] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[122] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[121]); t = (sp_int_digit)(a[120]);
-    r[121] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[121] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[120]); t = (sp_int_digit)(a[119]);
-    r[120] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[120] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[119]); t = (sp_int_digit)(a[118]);
-    r[119] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[119] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[118]); t = (sp_int_digit)(a[117]);
-    r[118] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[118] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[117]); t = (sp_int_digit)(a[116]);
-    r[117] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[117] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[116]); t = (sp_int_digit)(a[115]);
-    r[116] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[116] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[115]); t = (sp_int_digit)(a[114]);
-    r[115] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[115] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[114]); t = (sp_int_digit)(a[113]);
-    r[114] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[114] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[113]); t = (sp_int_digit)(a[112]);
-    r[113] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[113] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[112]); t = (sp_int_digit)(a[111]);
-    r[112] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[112] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[111]); t = (sp_int_digit)(a[110]);
-    r[111] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[111] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[110]); t = (sp_int_digit)(a[109]);
-    r[110] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[110] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[109]); t = (sp_int_digit)(a[108]);
-    r[109] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[109] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[108]); t = (sp_int_digit)(a[107]);
-    r[108] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[108] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[107]); t = (sp_int_digit)(a[106]);
-    r[107] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[107] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[106]); t = (sp_int_digit)(a[105]);
-    r[106] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[106] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[105]); t = (sp_int_digit)(a[104]);
-    r[105] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[105] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[104]); t = (sp_int_digit)(a[103]);
-    r[104] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[104] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[103]); t = (sp_int_digit)(a[102]);
-    r[103] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[103] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[102]); t = (sp_int_digit)(a[101]);
-    r[102] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[102] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[101]); t = (sp_int_digit)(a[100]);
-    r[101] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[101] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[100]); t = (sp_int_digit)(a[99]);
-    r[100] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[100] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[99]); t = (sp_int_digit)(a[98]);
-    r[99] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[99] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[98]); t = (sp_int_digit)(a[97]);
-    r[98] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[98] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[97]); t = (sp_int_digit)(a[96]);
-    r[97] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[97] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[96]); t = (sp_int_digit)(a[95]);
-    r[96] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[96] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[95]); t = (sp_int_digit)(a[94]);
-    r[95] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[95] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[94]); t = (sp_int_digit)(a[93]);
-    r[94] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[94] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[93]); t = (sp_int_digit)(a[92]);
-    r[93] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[93] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[92]); t = (sp_int_digit)(a[91]);
-    r[92] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[92] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[91]); t = (sp_int_digit)(a[90]);
-    r[91] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[91] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[90]); t = (sp_int_digit)(a[89]);
-    r[90] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[90] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[89]); t = (sp_int_digit)(a[88]);
-    r[89] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[89] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[88]); t = (sp_int_digit)(a[87]);
-    r[88] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[88] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[87]); t = (sp_int_digit)(a[86]);
-    r[87] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[87] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[86]); t = (sp_int_digit)(a[85]);
-    r[86] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[86] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[85]); t = (sp_int_digit)(a[84]);
-    r[85] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[85] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[84]); t = (sp_int_digit)(a[83]);
-    r[84] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[84] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[83]); t = (sp_int_digit)(a[82]);
-    r[83] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[83] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[82]); t = (sp_int_digit)(a[81]);
-    r[82] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[82] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[81]); t = (sp_int_digit)(a[80]);
-    r[81] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[81] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[80]); t = (sp_int_digit)(a[79]);
-    r[80] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[80] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[79]); t = (sp_int_digit)(a[78]);
-    r[79] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[79] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[78]); t = (sp_int_digit)(a[77]);
-    r[78] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[78] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]);
-    r[77] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[77] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]);
-    r[76] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[76] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]);
-    r[75] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[75] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]);
-    r[74] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[74] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]);
-    r[73] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[73] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]);
-    r[72] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[72] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]);
-    r[71] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[71] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]);
-    r[70] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[70] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]);
-    r[69] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[69] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]);
-    r[68] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[68] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]);
-    r[67] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[67] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]);
-    r[66] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[66] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]);
-    r[65] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[65] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]);
-    r[64] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[64] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]);
-    r[63] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[63] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]);
-    r[62] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[62] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]);
-    r[61] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[61] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]);
-    r[60] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[60] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]);
-    r[59] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[59] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]);
-    r[58] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[58] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]);
-    r[57] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[57] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]);
-    r[56] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[56] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]);
-    r[55] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[55] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]);
-    r[54] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[54] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[53] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[52] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[51] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[50] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[49] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[48] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[47] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[46] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[45] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[44] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[43] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[42] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[41] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[40] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[39] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[38] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[37] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[36] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[35] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[34] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[33] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[32] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[31] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[30] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
-    r[0] = (a[0] << n) & 0x3ffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
+    r[0] = (sp_digit)((a[0] << n) & 0x3ffffff);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -19829,7 +19824,7 @@ static int sp_4096_mod_exp_2_162(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_4096_mont_reduce_162(r, m, mp);
         n = sp_4096_cmp_162(r, m);
-        sp_4096_cond_sub_162(r, r, m, ~(n >> 31));
+        sp_4096_cond_sub_162(r, r, m, (sp_digit)~(n >> 31));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -20084,29 +20079,29 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_int64)a[ 0]) * b[ 0];
     t1 = ((sp_int64)a[ 0]) * b[ 1]
        + ((sp_int64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 0]) * b[ 2]
        + ((sp_int64)a[ 1]) * b[ 1]
        + ((sp_int64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 0]) * b[ 3]
        + ((sp_int64)a[ 1]) * b[ 2]
        + ((sp_int64)a[ 2]) * b[ 1]
        + ((sp_int64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 0]) * b[ 4]
        + ((sp_int64)a[ 1]) * b[ 3]
        + ((sp_int64)a[ 2]) * b[ 2]
        + ((sp_int64)a[ 3]) * b[ 1]
        + ((sp_int64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 0]) * b[ 5]
        + ((sp_int64)a[ 1]) * b[ 4]
        + ((sp_int64)a[ 2]) * b[ 3]
        + ((sp_int64)a[ 3]) * b[ 2]
        + ((sp_int64)a[ 4]) * b[ 1]
        + ((sp_int64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 0]) * b[ 6]
        + ((sp_int64)a[ 1]) * b[ 5]
        + ((sp_int64)a[ 2]) * b[ 4]
@@ -20114,7 +20109,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 4]) * b[ 2]
        + ((sp_int64)a[ 5]) * b[ 1]
        + ((sp_int64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 0]) * b[ 7]
        + ((sp_int64)a[ 1]) * b[ 6]
        + ((sp_int64)a[ 2]) * b[ 5]
@@ -20123,7 +20118,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 5]) * b[ 2]
        + ((sp_int64)a[ 6]) * b[ 1]
        + ((sp_int64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 0]) * b[ 8]
        + ((sp_int64)a[ 1]) * b[ 7]
        + ((sp_int64)a[ 2]) * b[ 6]
@@ -20133,7 +20128,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 6]) * b[ 2]
        + ((sp_int64)a[ 7]) * b[ 1]
        + ((sp_int64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 1]) * b[ 8]
        + ((sp_int64)a[ 2]) * b[ 7]
        + ((sp_int64)a[ 3]) * b[ 6]
@@ -20142,7 +20137,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 6]) * b[ 3]
        + ((sp_int64)a[ 7]) * b[ 2]
        + ((sp_int64)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 2]) * b[ 8]
        + ((sp_int64)a[ 3]) * b[ 7]
        + ((sp_int64)a[ 4]) * b[ 6]
@@ -20150,35 +20145,35 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 6]) * b[ 4]
        + ((sp_int64)a[ 7]) * b[ 3]
        + ((sp_int64)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 3]) * b[ 8]
        + ((sp_int64)a[ 4]) * b[ 7]
        + ((sp_int64)a[ 5]) * b[ 6]
        + ((sp_int64)a[ 6]) * b[ 5]
        + ((sp_int64)a[ 7]) * b[ 4]
        + ((sp_int64)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 4]) * b[ 8]
        + ((sp_int64)a[ 5]) * b[ 7]
        + ((sp_int64)a[ 6]) * b[ 6]
        + ((sp_int64)a[ 7]) * b[ 5]
        + ((sp_int64)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 5]) * b[ 8]
        + ((sp_int64)a[ 6]) * b[ 7]
        + ((sp_int64)a[ 7]) * b[ 6]
        + ((sp_int64)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 6]) * b[ 8]
        + ((sp_int64)a[ 7]) * b[ 7]
        + ((sp_int64)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = ((sp_int64)a[ 7]) * b[ 8]
        + ((sp_int64)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = ((sp_int64)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x1fffffff; t0 += t1 >> 29;
-    r[16] = t0 & 0x1fffffff;
+    r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
+    r[16] = (sp_digit)(t0 & 0x1fffffff);
     r[17] = (sp_digit)(t0 >> 29);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -20240,66 +20235,66 @@ SP_NOINLINE static void sp_256_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_int64)a[ 0]) * a[ 0];
     t1 = (((sp_int64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 0]) * a[ 2]) * 2
        +  ((sp_int64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 0]) * a[ 3]
        +  ((sp_int64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 0]) * a[ 4]
        +  ((sp_int64)a[ 1]) * a[ 3]) * 2
        +  ((sp_int64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 0]) * a[ 5]
        +  ((sp_int64)a[ 1]) * a[ 4]
        +  ((sp_int64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 0]) * a[ 6]
        +  ((sp_int64)a[ 1]) * a[ 5]
        +  ((sp_int64)a[ 2]) * a[ 4]) * 2
        +  ((sp_int64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 0]) * a[ 7]
        +  ((sp_int64)a[ 1]) * a[ 6]
        +  ((sp_int64)a[ 2]) * a[ 5]
        +  ((sp_int64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 0]) * a[ 8]
        +  ((sp_int64)a[ 1]) * a[ 7]
        +  ((sp_int64)a[ 2]) * a[ 6]
        +  ((sp_int64)a[ 3]) * a[ 5]) * 2
        +  ((sp_int64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 1]) * a[ 8]
        +  ((sp_int64)a[ 2]) * a[ 7]
        +  ((sp_int64)a[ 3]) * a[ 6]
        +  ((sp_int64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 2]) * a[ 8]
        +  ((sp_int64)a[ 3]) * a[ 7]
        +  ((sp_int64)a[ 4]) * a[ 6]) * 2
        +  ((sp_int64)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 3]) * a[ 8]
        +  ((sp_int64)a[ 4]) * a[ 7]
        +  ((sp_int64)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 4]) * a[ 8]
        +  ((sp_int64)a[ 5]) * a[ 7]) * 2
        +  ((sp_int64)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 5]) * a[ 8]
        +  ((sp_int64)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 = (((sp_int64)a[ 6]) * a[ 8]) * 2
        +  ((sp_int64)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1fffffff; t0 += t1 >> 29;
+    r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
     t1 = (((sp_int64)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1fffffff; t1 += t0 >> 29;
+    r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29;
     t0 =  ((sp_int64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1fffffff; t0 += t1 >> 29;
-    r[16] = t0 & 0x1fffffff;
+    r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29;
+    r[16] = (sp_digit)(t0 & 0x1fffffff);
     r[17] = (sp_digit)(t0 >> 29);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -20679,17 +20674,17 @@ SP_NOINLINE static void sp_256_mul_add_9(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[0]  = t[3] >> 29;
     }
     t[0] += (tb * a[8]) + r[8];
-    r[8] = t[0] & 0x1fffffff;
+    r[8] = (sp_digit)(t[0] & 0x1fffffff);
     r[9] +=  (sp_digit)(t[0] >> 29);
 #else
     sp_int64 tb = b;
@@ -20706,25 +20701,25 @@ SP_NOINLINE static void sp_256_mul_add_9(sp_digit* r, const sp_digit* a,
         t[5]  = (tb * a[i+5]) + r[i+5];
         t[6]  = (tb * a[i+6]) + r[i+6];
         t[7]  = (tb * a[i+7]) + r[i+7];
-        r[i+0] = t[0] & 0x1fffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffff);
         t[1] += t[0] >> 29;
-        r[i+1] = t[1] & 0x1fffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffff);
         t[2] += t[1] >> 29;
-        r[i+2] = t[2] & 0x1fffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffff);
         t[3] += t[2] >> 29;
-        r[i+3] = t[3] & 0x1fffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffff);
         t[4] += t[3] >> 29;
-        r[i+4] = t[4] & 0x1fffffff;
+        r[i+4] = (sp_digit)(t[4] & 0x1fffffff);
         t[5] += t[4] >> 29;
-        r[i+5] = t[5] & 0x1fffffff;
+        r[i+5] = (sp_digit)(t[5] & 0x1fffffff);
         t[6] += t[5] >> 29;
-        r[i+6] = t[6] & 0x1fffffff;
+        r[i+6] = (sp_digit)(t[6] & 0x1fffffff);
         t[7] += t[6] >> 29;
-        r[i+7] = t[7] & 0x1fffffff;
+        r[i+7] = (sp_digit)(t[7] & 0x1fffffff);
         t[0]  = t[7] >> 29;
     }
     t[0] += (tb * a[8]) + r[8];
-    r[8] = t[0] & 0x1fffffff;
+    r[8] = (sp_digit)(t[0] & 0x1fffffff);
     r[9] +=  (sp_digit)(t[0] >> 29);
 #endif /* WOLFSSL_SP_SMALL */
 #endif /* !WOLFSSL_SP_LARGE_CODE */
@@ -20767,7 +20762,7 @@ static void sp_256_mont_shift_9(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[9]) << 5;
 
     for (i = 0; i < 8; i++) {
-        r[i] = n & 0x1fffffff;
+        r[i] = (sp_digit)(n & 0x1fffffff);
         n >>= 29;
         n += ((sp_int64)a[10 + i]) << 5;
     }
@@ -20775,14 +20770,14 @@ static void sp_256_mont_shift_9(sp_digit* r, const sp_digit* a)
 #else
     sp_int64 n = a[8] >> 24;
     n += ((sp_int64)a[9]) << 5;
-    r[ 0] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[10]) << 5;
-    r[ 1] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[11]) << 5;
-    r[ 2] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[12]) << 5;
-    r[ 3] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[13]) << 5;
-    r[ 4] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[14]) << 5;
-    r[ 5] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[15]) << 5;
-    r[ 6] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[16]) << 5;
-    r[ 7] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[17]) << 5;
+    r[ 0] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[10]) << 5;
+    r[ 1] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[11]) << 5;
+    r[ 2] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[12]) << 5;
+    r[ 3] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[13]) << 5;
+    r[ 4] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[14]) << 5;
+    r[ 5] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[15]) << 5;
+    r[ 6] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[16]) << 5;
+    r[ 7] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[17]) << 5;
     r[8] = (sp_digit)n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[9], 0, sizeof(*r) * 9U);
@@ -20803,11 +20798,11 @@ static void sp_256_mont_reduce_order_9(sp_digit* a, const sp_digit* m, sp_digit
     sp_256_norm_9(a + 9);
 
     for (i=0; i<8; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff);
         sp_256_mul_add_9(a+i, m, mu);
         a[i+1] += a[i] >> 29;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL);
     sp_256_mul_add_9(a+i, m, mu);
     a[i+1] += a[i] >> 29;
     a[i] &= 0x1fffffff;
@@ -20832,32 +20827,32 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 8; i++) {
-        am = a[i] & 0x1fffffff;
-        a[i + 3] += (am << 9) & 0x1fffffff;
+        am = (sp_digit)(a[i] & 0x1fffffff);
+        a[i + 3] += (sp_digit)((am << 9) & 0x1fffffff);
         a[i + 4] += am >> 20;
-        a[i + 6] += (am << 18) & 0x1fffffff;
-        a[i + 7] += (am >> 11) - ((am << 21) & 0x1fffffff);
-        a[i + 8] += -(am >> 8) + ((am << 24) & 0x1fffffff);
+        a[i + 6] += (sp_digit)((am << 18) & 0x1fffffff);
+        a[i + 7] += (am >> 11) - (sp_digit)((am << 21) & 0x1fffffff);
+        a[i + 8] += -(am >> 8) + (sp_digit)((am << 24) & 0x1fffffff);
         a[i + 9] += am >> 5;
 
         a[i + 1] += a[i] >> 29;
     }
-    am = a[8] & 0xffffff;
-    a[8 + 3] += (am << 9) & 0x1fffffff;
+    am = (sp_digit)(a[8] & 0xffffff);
+    a[8 + 3] += (sp_digit)((am << 9) & 0x1fffffff);
     a[8 + 4] += am >> 20;
-    a[8 + 6] += (am << 18) & 0x1fffffff;
-    a[8 + 7] += (am >> 11) - ((am << 21) & 0x1fffffff);
-    a[8 + 8] += -(am >> 8) + ((am << 24) & 0x1fffffff);
+    a[8 + 6] += (sp_digit)((am << 18) & 0x1fffffff);
+    a[8 + 7] += (am >> 11) - (sp_digit)((am << 21) & 0x1fffffff);
+    a[8 + 8] += -(am >> 8) + (sp_digit)((am << 24) & 0x1fffffff);
     a[8 + 9] += am >> 5;
 
-    a[0] = (a[ 8] >> 24) + ((a[ 9] << 5) & 0x1fffffff);
-    a[1] = (a[ 9] >> 24) + ((a[10] << 5) & 0x1fffffff);
-    a[2] = (a[10] >> 24) + ((a[11] << 5) & 0x1fffffff);
-    a[3] = (a[11] >> 24) + ((a[12] << 5) & 0x1fffffff);
-    a[4] = (a[12] >> 24) + ((a[13] << 5) & 0x1fffffff);
-    a[5] = (a[13] >> 24) + ((a[14] << 5) & 0x1fffffff);
-    a[6] = (a[14] >> 24) + ((a[15] << 5) & 0x1fffffff);
-    a[7] = (a[15] >> 24) + ((a[16] << 5) & 0x1fffffff);
+    a[0] = (a[ 8] >> 24) + (sp_digit)((a[ 9] << 5) & 0x1fffffff);
+    a[1] = (a[ 9] >> 24) + (sp_digit)((a[10] << 5) & 0x1fffffff);
+    a[2] = (a[10] >> 24) + (sp_digit)((a[11] << 5) & 0x1fffffff);
+    a[3] = (a[11] >> 24) + (sp_digit)((a[12] << 5) & 0x1fffffff);
+    a[4] = (a[12] >> 24) + (sp_digit)((a[13] << 5) & 0x1fffffff);
+    a[5] = (a[13] >> 24) + (sp_digit)((a[14] << 5) & 0x1fffffff);
+    a[6] = (a[14] >> 24) + (sp_digit)((a[15] << 5) & 0x1fffffff);
+    a[7] = (a[15] >> 24) + (sp_digit)((a[16] << 5) & 0x1fffffff);
     a[8] = (a[16] >> 24) +  (a[17] << 5);
 
     a[1] += a[0] >> 29; a[0] &= 0x1fffffff;
@@ -20874,15 +20869,15 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp)
     /* Create mask. */
     am = 0 - am;
 
-    a[0] -= 0x1fffffff & am;
-    a[1] -= 0x1fffffff & am;
-    a[2] -= 0x1fffffff & am;
-    a[3] -= 0x000001ff & am;
+    a[0] -= (sp_digit)(0x1fffffff & am);
+    a[1] -= (sp_digit)(0x1fffffff & am);
+    a[2] -= (sp_digit)(0x1fffffff & am);
+    a[3] -= (sp_digit)(0x000001ff & am);
     /* p256_mod[4] is zero */
     /* p256_mod[5] is zero */
-    a[6] -= 0x00040000 & am;
-    a[7] -= 0x1fe00000 & am;
-    a[8] -= 0x00ffffff & am;
+    a[6] -= (sp_digit)(0x00040000 & am);
+    a[7] -= (sp_digit)(0x1fe00000 & am);
+    a[8] -= (sp_digit)(0x00ffffff & am);
 
     a[1] += a[0] >> 29; a[0] &= 0x1fffffff;
     a[2] += a[1] >> 29; a[1] &= 0x1fffffff;
@@ -20945,7 +20940,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_9(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_minus_2[8] = {
+static const word32 p256_mod_minus_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -21044,7 +21039,7 @@ static void sp_256_map_9(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_9(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_9(r->x, p256_mod);
-    sp_256_cond_sub_9(r->x, r->x, p256_mod, ~(n >> 28));
+    sp_256_cond_sub_9(r->x, r->x, p256_mod, (sp_digit)~(n >> 28));
     sp_256_norm_9(r->x);
 
     /* y /= z^3 */
@@ -21053,7 +21048,7 @@ static void sp_256_map_9(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_9(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_9(r->y, p256_mod);
-    sp_256_cond_sub_9(r->y, r->y, p256_mod, ~(n >> 28));
+    sp_256_cond_sub_9(r->y, r->y, p256_mod, (sp_digit)~(n >> 28));
     sp_256_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -21187,17 +21182,17 @@ SP_NOINLINE static void sp_256_rshift1_9(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<8; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 28) & 0x1fffffff);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 28) & 0x1fffffff);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 28) & 0x1fffffff);
-    r[1] = (a[1] >> 1) + ((a[2] << 28) & 0x1fffffff);
-    r[2] = (a[2] >> 1) + ((a[3] << 28) & 0x1fffffff);
-    r[3] = (a[3] >> 1) + ((a[4] << 28) & 0x1fffffff);
-    r[4] = (a[4] >> 1) + ((a[5] << 28) & 0x1fffffff);
-    r[5] = (a[5] >> 1) + ((a[6] << 28) & 0x1fffffff);
-    r[6] = (a[6] >> 1) + ((a[7] << 28) & 0x1fffffff);
-    r[7] = (a[7] >> 1) + ((a[8] << 28) & 0x1fffffff);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 28) & 0x1fffffff);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 28) & 0x1fffffff);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 28) & 0x1fffffff);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 28) & 0x1fffffff);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 28) & 0x1fffffff);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 28) & 0x1fffffff);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 28) & 0x1fffffff);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 28) & 0x1fffffff);
 #endif
     r[8] = a[8] >> 1;
 }
@@ -21508,8 +21503,8 @@ static void sp_256_proj_point_add_9(sp_point_256* r,
         sp_256_mont_sub_9(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -21526,7 +21521,7 @@ static void sp_256_proj_point_add_9(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -21700,8 +21695,8 @@ static int sp_256_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -21718,7 +21713,7 @@ static int sp_256_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -22385,13 +22380,13 @@ static void sp_256_proj_point_add_sub_9(sp_point_256* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_256 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_256;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_6[66] = {
+static const word8 recode_index_9_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -22400,7 +22395,7 @@ static const uint8_t recode_index_9_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_6[66] = {
+static const word8 recode_neg_9_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -22418,7 +22413,7 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -22427,7 +22422,7 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 29) {
             y &= 0x3f;
             n >>= 6;
@@ -22441,12 +22436,12 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (29 - o)) & 0x3f);
+            y |= (word8)((n << (29 - o)) & 0x3f);
             o -= 23;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_9_6[y];
         v[i].neg = recode_neg_9_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -22494,7 +22489,7 @@ static void sp_256_get_point_33_9(sp_point_256* r, const sp_point_256* table,
     r->z[7] = 0;
     r->z[8] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -22728,8 +22723,8 @@ static void sp_256_proj_point_add_qz1_9(sp_point_256* r,
         sp_256_mont_sub_9(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -22746,7 +22741,7 @@ static void sp_256_proj_point_add_qz1_9(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -22896,7 +22891,7 @@ static void sp_256_get_entry_256_9(sp_point_256* r,
     r->y[7] = 0;
     r->y[8] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -23046,7 +23041,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -23074,7 +23069,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -25203,18 +25198,18 @@ SP_NOINLINE static void sp_256_rshift_9(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<8; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff);
     }
 #else
     for (i=0; i<8; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff);
     }
 #endif /* WOLFSSL_SP_SMALL */
     r[8] = a[8] >> n;
@@ -25274,7 +25269,7 @@ SP_NOINLINE static void sp_256_lshift_18(sp_digit* r, const sp_digit* a,
 
     r[18] = a[17] >> (29 - n);
     for (i=17; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff);
     }
 #else
     sp_int_digit s;
@@ -25283,41 +25278,41 @@ SP_NOINLINE static void sp_256_lshift_18(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[17];
     r[18] = s >> (29U - n);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (29U - n))) & 0x1fffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x1fffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffff);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -25416,7 +25411,7 @@ static void sp_256_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_minus_2[8] = {
+static const word32 p256_order_minus_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
@@ -25976,7 +25971,7 @@ static int sp_256_num_bits_29_9(sp_digit v)
     v |= v >> 4;
     v |= v >> 8;
     v |= v >> 16;
-    return sp_256_tab32_9[(uint32_t)(v*0x07C4ACDD) >> 27];
+    return sp_256_tab32_9[(word32)(v*0x07C4ACDD) >> 27];
 }
 
 static int sp_256_num_bits_9(const sp_digit* a)
@@ -27168,29 +27163,29 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
     t0 = ((sp_int64)a[ 0]) * b[ 0];
     t1 = ((sp_int64)a[ 0]) * b[ 1]
        + ((sp_int64)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[ 2]
        + ((sp_int64)a[ 1]) * b[ 1]
        + ((sp_int64)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[ 3]
        + ((sp_int64)a[ 1]) * b[ 2]
        + ((sp_int64)a[ 2]) * b[ 1]
        + ((sp_int64)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[ 4]
        + ((sp_int64)a[ 1]) * b[ 3]
        + ((sp_int64)a[ 2]) * b[ 2]
        + ((sp_int64)a[ 3]) * b[ 1]
        + ((sp_int64)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[ 5]
        + ((sp_int64)a[ 1]) * b[ 4]
        + ((sp_int64)a[ 2]) * b[ 3]
        + ((sp_int64)a[ 3]) * b[ 2]
        + ((sp_int64)a[ 4]) * b[ 1]
        + ((sp_int64)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[ 6]
        + ((sp_int64)a[ 1]) * b[ 5]
        + ((sp_int64)a[ 2]) * b[ 4]
@@ -27198,7 +27193,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 4]) * b[ 2]
        + ((sp_int64)a[ 5]) * b[ 1]
        + ((sp_int64)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[ 7]
        + ((sp_int64)a[ 1]) * b[ 6]
        + ((sp_int64)a[ 2]) * b[ 5]
@@ -27207,7 +27202,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 5]) * b[ 2]
        + ((sp_int64)a[ 6]) * b[ 1]
        + ((sp_int64)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[ 8]
        + ((sp_int64)a[ 1]) * b[ 7]
        + ((sp_int64)a[ 2]) * b[ 6]
@@ -27217,7 +27212,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 6]) * b[ 2]
        + ((sp_int64)a[ 7]) * b[ 1]
        + ((sp_int64)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[ 9]
        + ((sp_int64)a[ 1]) * b[ 8]
        + ((sp_int64)a[ 2]) * b[ 7]
@@ -27228,7 +27223,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 7]) * b[ 2]
        + ((sp_int64)a[ 8]) * b[ 1]
        + ((sp_int64)a[ 9]) * b[ 0];
-    t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[10]
        + ((sp_int64)a[ 1]) * b[ 9]
        + ((sp_int64)a[ 2]) * b[ 8]
@@ -27240,7 +27235,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 8]) * b[ 2]
        + ((sp_int64)a[ 9]) * b[ 1]
        + ((sp_int64)a[10]) * b[ 0];
-    t[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[11]
        + ((sp_int64)a[ 1]) * b[10]
        + ((sp_int64)a[ 2]) * b[ 9]
@@ -27253,7 +27248,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[ 9]) * b[ 2]
        + ((sp_int64)a[10]) * b[ 1]
        + ((sp_int64)a[11]) * b[ 0];
-    t[10] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[12]
        + ((sp_int64)a[ 1]) * b[11]
        + ((sp_int64)a[ 2]) * b[10]
@@ -27267,7 +27262,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[10]) * b[ 2]
        + ((sp_int64)a[11]) * b[ 1]
        + ((sp_int64)a[12]) * b[ 0];
-    t[11] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 0]) * b[13]
        + ((sp_int64)a[ 1]) * b[12]
        + ((sp_int64)a[ 2]) * b[11]
@@ -27282,7 +27277,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[11]) * b[ 2]
        + ((sp_int64)a[12]) * b[ 1]
        + ((sp_int64)a[13]) * b[ 0];
-    t[12] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 0]) * b[14]
        + ((sp_int64)a[ 1]) * b[13]
        + ((sp_int64)a[ 2]) * b[12]
@@ -27298,7 +27293,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 2]
        + ((sp_int64)a[13]) * b[ 1]
        + ((sp_int64)a[14]) * b[ 0];
-    t[13] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 1]) * b[14]
        + ((sp_int64)a[ 2]) * b[13]
        + ((sp_int64)a[ 3]) * b[12]
@@ -27313,7 +27308,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 3]
        + ((sp_int64)a[13]) * b[ 2]
        + ((sp_int64)a[14]) * b[ 1];
-    t[14] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 2]) * b[14]
        + ((sp_int64)a[ 3]) * b[13]
        + ((sp_int64)a[ 4]) * b[12]
@@ -27327,7 +27322,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 4]
        + ((sp_int64)a[13]) * b[ 3]
        + ((sp_int64)a[14]) * b[ 2];
-    r[15] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 3]) * b[14]
        + ((sp_int64)a[ 4]) * b[13]
        + ((sp_int64)a[ 5]) * b[12]
@@ -27340,7 +27335,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 5]
        + ((sp_int64)a[13]) * b[ 4]
        + ((sp_int64)a[14]) * b[ 3];
-    r[16] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[16] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 4]) * b[14]
        + ((sp_int64)a[ 5]) * b[13]
        + ((sp_int64)a[ 6]) * b[12]
@@ -27352,7 +27347,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 6]
        + ((sp_int64)a[13]) * b[ 5]
        + ((sp_int64)a[14]) * b[ 4];
-    r[17] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[17] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 5]) * b[14]
        + ((sp_int64)a[ 6]) * b[13]
        + ((sp_int64)a[ 7]) * b[12]
@@ -27363,7 +27358,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 7]
        + ((sp_int64)a[13]) * b[ 6]
        + ((sp_int64)a[14]) * b[ 5];
-    r[18] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[18] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 6]) * b[14]
        + ((sp_int64)a[ 7]) * b[13]
        + ((sp_int64)a[ 8]) * b[12]
@@ -27373,7 +27368,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 8]
        + ((sp_int64)a[13]) * b[ 7]
        + ((sp_int64)a[14]) * b[ 6];
-    r[19] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[19] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 7]) * b[14]
        + ((sp_int64)a[ 8]) * b[13]
        + ((sp_int64)a[ 9]) * b[12]
@@ -27382,7 +27377,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[ 9]
        + ((sp_int64)a[13]) * b[ 8]
        + ((sp_int64)a[14]) * b[ 7];
-    r[20] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[20] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[ 8]) * b[14]
        + ((sp_int64)a[ 9]) * b[13]
        + ((sp_int64)a[10]) * b[12]
@@ -27390,35 +27385,35 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a,
        + ((sp_int64)a[12]) * b[10]
        + ((sp_int64)a[13]) * b[ 9]
        + ((sp_int64)a[14]) * b[ 8];
-    r[21] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[21] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[ 9]) * b[14]
        + ((sp_int64)a[10]) * b[13]
        + ((sp_int64)a[11]) * b[12]
        + ((sp_int64)a[12]) * b[11]
        + ((sp_int64)a[13]) * b[10]
        + ((sp_int64)a[14]) * b[ 9];
-    r[22] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[22] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[10]) * b[14]
        + ((sp_int64)a[11]) * b[13]
        + ((sp_int64)a[12]) * b[12]
        + ((sp_int64)a[13]) * b[11]
        + ((sp_int64)a[14]) * b[10];
-    r[23] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[23] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[11]) * b[14]
        + ((sp_int64)a[12]) * b[13]
        + ((sp_int64)a[13]) * b[12]
        + ((sp_int64)a[14]) * b[11];
-    r[24] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[24] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[12]) * b[14]
        + ((sp_int64)a[13]) * b[13]
        + ((sp_int64)a[14]) * b[12];
-    r[25] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[25] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = ((sp_int64)a[13]) * b[14]
        + ((sp_int64)a[14]) * b[13];
-    r[26] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[26] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = ((sp_int64)a[14]) * b[14];
-    r[27] = t1 & 0x3ffffff; t0 += t1 >> 26;
-    r[28] = t0 & 0x3ffffff;
+    r[27] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
+    r[28] = (sp_digit)(t0 & 0x3ffffff);
     r[29] = (sp_digit)(t0 >> 26);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -27480,57 +27475,57 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_int64)a[ 0]) * a[ 0];
     t1 = (((sp_int64)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[ 2]) * 2
        +  ((sp_int64)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[ 3]
        +  ((sp_int64)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[ 4]
        +  ((sp_int64)a[ 1]) * a[ 3]) * 2
        +  ((sp_int64)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[ 5]
        +  ((sp_int64)a[ 1]) * a[ 4]
        +  ((sp_int64)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[ 6]
        +  ((sp_int64)a[ 1]) * a[ 5]
        +  ((sp_int64)a[ 2]) * a[ 4]) * 2
        +  ((sp_int64)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[ 7]
        +  ((sp_int64)a[ 1]) * a[ 6]
        +  ((sp_int64)a[ 2]) * a[ 5]
        +  ((sp_int64)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[ 8]
        +  ((sp_int64)a[ 1]) * a[ 7]
        +  ((sp_int64)a[ 2]) * a[ 6]
        +  ((sp_int64)a[ 3]) * a[ 5]) * 2
        +  ((sp_int64)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[ 9]
        +  ((sp_int64)a[ 1]) * a[ 8]
        +  ((sp_int64)a[ 2]) * a[ 7]
        +  ((sp_int64)a[ 3]) * a[ 6]
        +  ((sp_int64)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[10]
        +  ((sp_int64)a[ 1]) * a[ 9]
        +  ((sp_int64)a[ 2]) * a[ 8]
        +  ((sp_int64)a[ 3]) * a[ 7]
        +  ((sp_int64)a[ 4]) * a[ 6]) * 2
        +  ((sp_int64)a[ 5]) * a[ 5];
-    t[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[11]
        +  ((sp_int64)a[ 1]) * a[10]
        +  ((sp_int64)a[ 2]) * a[ 9]
        +  ((sp_int64)a[ 3]) * a[ 8]
        +  ((sp_int64)a[ 4]) * a[ 7]
        +  ((sp_int64)a[ 5]) * a[ 6]) * 2;
-    t[10] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[12]
        +  ((sp_int64)a[ 1]) * a[11]
        +  ((sp_int64)a[ 2]) * a[10]
@@ -27538,7 +27533,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 4]) * a[ 8]
        +  ((sp_int64)a[ 5]) * a[ 7]) * 2
        +  ((sp_int64)a[ 6]) * a[ 6];
-    t[11] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 0]) * a[13]
        +  ((sp_int64)a[ 1]) * a[12]
        +  ((sp_int64)a[ 2]) * a[11]
@@ -27546,7 +27541,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 4]) * a[ 9]
        +  ((sp_int64)a[ 5]) * a[ 8]
        +  ((sp_int64)a[ 6]) * a[ 7]) * 2;
-    t[12] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 0]) * a[14]
        +  ((sp_int64)a[ 1]) * a[13]
        +  ((sp_int64)a[ 2]) * a[12]
@@ -27555,7 +27550,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 5]) * a[ 9]
        +  ((sp_int64)a[ 6]) * a[ 8]) * 2
        +  ((sp_int64)a[ 7]) * a[ 7];
-    t[13] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    t[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 1]) * a[14]
        +  ((sp_int64)a[ 2]) * a[13]
        +  ((sp_int64)a[ 3]) * a[12]
@@ -27563,7 +27558,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 5]) * a[10]
        +  ((sp_int64)a[ 6]) * a[ 9]
        +  ((sp_int64)a[ 7]) * a[ 8]) * 2;
-    t[14] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    t[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 2]) * a[14]
        +  ((sp_int64)a[ 3]) * a[13]
        +  ((sp_int64)a[ 4]) * a[12]
@@ -27571,62 +27566,62 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a)
        +  ((sp_int64)a[ 6]) * a[10]
        +  ((sp_int64)a[ 7]) * a[ 9]) * 2
        +  ((sp_int64)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 3]) * a[14]
        +  ((sp_int64)a[ 4]) * a[13]
        +  ((sp_int64)a[ 5]) * a[12]
        +  ((sp_int64)a[ 6]) * a[11]
        +  ((sp_int64)a[ 7]) * a[10]
        +  ((sp_int64)a[ 8]) * a[ 9]) * 2;
-    r[16] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[16] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 4]) * a[14]
        +  ((sp_int64)a[ 5]) * a[13]
        +  ((sp_int64)a[ 6]) * a[12]
        +  ((sp_int64)a[ 7]) * a[11]
        +  ((sp_int64)a[ 8]) * a[10]) * 2
        +  ((sp_int64)a[ 9]) * a[ 9];
-    r[17] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[17] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 5]) * a[14]
        +  ((sp_int64)a[ 6]) * a[13]
        +  ((sp_int64)a[ 7]) * a[12]
        +  ((sp_int64)a[ 8]) * a[11]
        +  ((sp_int64)a[ 9]) * a[10]) * 2;
-    r[18] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[18] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 6]) * a[14]
        +  ((sp_int64)a[ 7]) * a[13]
        +  ((sp_int64)a[ 8]) * a[12]
        +  ((sp_int64)a[ 9]) * a[11]) * 2
        +  ((sp_int64)a[10]) * a[10];
-    r[19] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[19] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 7]) * a[14]
        +  ((sp_int64)a[ 8]) * a[13]
        +  ((sp_int64)a[ 9]) * a[12]
        +  ((sp_int64)a[10]) * a[11]) * 2;
-    r[20] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[20] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[ 8]) * a[14]
        +  ((sp_int64)a[ 9]) * a[13]
        +  ((sp_int64)a[10]) * a[12]) * 2
        +  ((sp_int64)a[11]) * a[11];
-    r[21] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[21] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[ 9]) * a[14]
        +  ((sp_int64)a[10]) * a[13]
        +  ((sp_int64)a[11]) * a[12]) * 2;
-    r[22] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[22] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[10]) * a[14]
        +  ((sp_int64)a[11]) * a[13]) * 2
        +  ((sp_int64)a[12]) * a[12];
-    r[23] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[23] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[11]) * a[14]
        +  ((sp_int64)a[12]) * a[13]) * 2;
-    r[24] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[24] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 = (((sp_int64)a[12]) * a[14]) * 2
        +  ((sp_int64)a[13]) * a[13];
-    r[25] = t1 & 0x3ffffff; t0 += t1 >> 26;
+    r[25] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
     t1 = (((sp_int64)a[13]) * a[14]) * 2;
-    r[26] = t0 & 0x3ffffff; t1 += t0 >> 26;
+    r[26] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26;
     t0 =  ((sp_int64)a[14]) * a[14];
-    r[27] = t1 & 0x3ffffff; t0 += t1 >> 26;
-    r[28] = t0 & 0x3ffffff;
+    r[27] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26;
+    r[28] = (sp_digit)(t0 & 0x3ffffff);
     r[29] = (sp_digit)(t0 >> 26);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -28017,23 +28012,23 @@ SP_NOINLINE static void sp_384_mul_add_15(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x3ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x3ffffff);
         t[1] += t[0] >> 26;
-        r[i+1] = t[1] & 0x3ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x3ffffff);
         t[2] += t[1] >> 26;
-        r[i+2] = t[2] & 0x3ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x3ffffff);
         t[3] += t[2] >> 26;
-        r[i+3] = t[3] & 0x3ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x3ffffff);
         t[0]  = t[3] >> 26;
     }
     t[0] += (tb * a[12]) + r[12];
     t[1]  = (tb * a[13]) + r[13];
     t[2]  = (tb * a[14]) + r[14];
-    r[12] = t[0] & 0x3ffffff;
+    r[12] = (sp_digit)(t[0] & 0x3ffffff);
     t[1] += t[0] >> 26;
-    r[13] = t[1] & 0x3ffffff;
+    r[13] = (sp_digit)(t[1] & 0x3ffffff);
     t[2] += t[1] >> 26;
-    r[14] = t[2] & 0x3ffffff;
+    r[14] = (sp_digit)(t[2] & 0x3ffffff);
     r[15] +=  (sp_digit)(t[2] >> 26);
 #else
     sp_int64 tb = b;
@@ -28116,7 +28111,7 @@ static void sp_384_mont_shift_15(sp_digit* r, const sp_digit* a)
     n += ((sp_int64)a[15]) << 6;
 
     for (i = 0; i < 14; i++) {
-        r[i] = n & 0x3ffffff;
+        r[i] = (sp_digit)(n & 0x3ffffff);
         n >>= 26;
         n += ((sp_int64)a[16 + i]) << 6;
     }
@@ -28124,20 +28119,20 @@ static void sp_384_mont_shift_15(sp_digit* r, const sp_digit* a)
 #else
     sp_int64 n = a[14] >> 20;
     n += ((sp_int64)a[15]) << 6;
-    r[ 0] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[16]) << 6;
-    r[ 1] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[17]) << 6;
-    r[ 2] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[18]) << 6;
-    r[ 3] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[19]) << 6;
-    r[ 4] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[20]) << 6;
-    r[ 5] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[21]) << 6;
-    r[ 6] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[22]) << 6;
-    r[ 7] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[23]) << 6;
-    r[ 8] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[24]) << 6;
-    r[ 9] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[25]) << 6;
-    r[10] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[26]) << 6;
-    r[11] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[27]) << 6;
-    r[12] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[28]) << 6;
-    r[13] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[29]) << 6;
+    r[ 0] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[16]) << 6;
+    r[ 1] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[17]) << 6;
+    r[ 2] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[18]) << 6;
+    r[ 3] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[19]) << 6;
+    r[ 4] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[20]) << 6;
+    r[ 5] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[21]) << 6;
+    r[ 6] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[22]) << 6;
+    r[ 7] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[23]) << 6;
+    r[ 8] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[24]) << 6;
+    r[ 9] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[25]) << 6;
+    r[10] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[26]) << 6;
+    r[11] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[27]) << 6;
+    r[12] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[28]) << 6;
+    r[13] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[29]) << 6;
     r[14] = (sp_digit)n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[15], 0, sizeof(*r) * 15U);
@@ -28158,11 +28153,11 @@ static void sp_384_mont_reduce_order_15(sp_digit* a, const sp_digit* m, sp_digit
     sp_384_norm_15(a + 15);
 
     for (i=0; i<14; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff);
         sp_384_mul_add_15(a+i, m, mu);
         a[i+1] += a[i] >> 26;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL);
     sp_384_mul_add_15(a+i, m, mu);
     a[i+1] += a[i] >> 26;
     a[i] &= 0x3ffffff;
@@ -28187,42 +28182,42 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 14; i++) {
-        am = (a[i] * 0x1) & 0x3ffffff;
-        a[i +  1] += (am << 6) & 0x3ffffff;
+        am = (sp_digit)((a[i] * 0x1) & 0x3ffffff);
+        a[i +  1] += (sp_digit)((am << 6) & 0x3ffffff);
         a[i +  2] += am >> 20;
-        a[i +  3] -= (am << 18) & 0x3ffffff;
+        a[i +  3] -= (sp_digit)((am << 18) & 0x3ffffff);
         a[i +  4] -= am >> 8;
-        a[i +  4] -= (am << 24) & 0x3ffffff;
+        a[i +  4] -= (sp_digit)((am << 24) & 0x3ffffff);
         a[i +  5] -= am >> 2;
-        a[i + 14] += (am << 20) & 0x3ffffff;
+        a[i + 14] += (sp_digit)((am << 20) & 0x3ffffff);
         a[i + 15] += am >> 6;
 
         a[i +  1] += a[i] >> 26;
     }
-    am = (a[14] * 0x1) & 0xfffff;
-    a[14 +  1] += (am << 6) & 0x3ffffff;
+    am = (sp_digit)((a[14] * 0x1) & 0xfffff);
+    a[14 +  1] += (sp_digit)((am << 6) & 0x3ffffff);
     a[14 +  2] += am >> 20;
-    a[14 +  3] -= (am << 18) & 0x3ffffff;
+    a[14 +  3] -= (sp_digit)((am << 18) & 0x3ffffff);
     a[14 +  4] -= am >> 8;
-    a[14 +  4] -= (am << 24) & 0x3ffffff;
+    a[14 +  4] -= (sp_digit)((am << 24) & 0x3ffffff);
     a[14 +  5] -= am >> 2;
-    a[14 + 14] += (am << 20) & 0x3ffffff;
+    a[14 + 14] += (sp_digit)((am << 20) & 0x3ffffff);
     a[14 + 15] += am >> 6;
 
-    a[0] = (a[14] >> 20) + ((a[15] << 6) & 0x3ffffff);
-    a[1] = (a[15] >> 20) + ((a[16] << 6) & 0x3ffffff);
-    a[2] = (a[16] >> 20) + ((a[17] << 6) & 0x3ffffff);
-    a[3] = (a[17] >> 20) + ((a[18] << 6) & 0x3ffffff);
-    a[4] = (a[18] >> 20) + ((a[19] << 6) & 0x3ffffff);
-    a[5] = (a[19] >> 20) + ((a[20] << 6) & 0x3ffffff);
-    a[6] = (a[20] >> 20) + ((a[21] << 6) & 0x3ffffff);
-    a[7] = (a[21] >> 20) + ((a[22] << 6) & 0x3ffffff);
-    a[8] = (a[22] >> 20) + ((a[23] << 6) & 0x3ffffff);
-    a[9] = (a[23] >> 20) + ((a[24] << 6) & 0x3ffffff);
-    a[10] = (a[24] >> 20) + ((a[25] << 6) & 0x3ffffff);
-    a[11] = (a[25] >> 20) + ((a[26] << 6) & 0x3ffffff);
-    a[12] = (a[26] >> 20) + ((a[27] << 6) & 0x3ffffff);
-    a[13] = (a[27] >> 20) + ((a[28] << 6) & 0x3ffffff);
+    a[0] = (a[14] >> 20) + (sp_digit)((a[15] << 6) & 0x3ffffff);
+    a[1] = (a[15] >> 20) + (sp_digit)((a[16] << 6) & 0x3ffffff);
+    a[2] = (a[16] >> 20) + (sp_digit)((a[17] << 6) & 0x3ffffff);
+    a[3] = (a[17] >> 20) + (sp_digit)((a[18] << 6) & 0x3ffffff);
+    a[4] = (a[18] >> 20) + (sp_digit)((a[19] << 6) & 0x3ffffff);
+    a[5] = (a[19] >> 20) + (sp_digit)((a[20] << 6) & 0x3ffffff);
+    a[6] = (a[20] >> 20) + (sp_digit)((a[21] << 6) & 0x3ffffff);
+    a[7] = (a[21] >> 20) + (sp_digit)((a[22] << 6) & 0x3ffffff);
+    a[8] = (a[22] >> 20) + (sp_digit)((a[23] << 6) & 0x3ffffff);
+    a[9] = (a[23] >> 20) + (sp_digit)((a[24] << 6) & 0x3ffffff);
+    a[10] = (a[24] >> 20) + (sp_digit)((a[25] << 6) & 0x3ffffff);
+    a[11] = (a[25] >> 20) + (sp_digit)((a[26] << 6) & 0x3ffffff);
+    a[12] = (a[26] >> 20) + (sp_digit)((a[27] << 6) & 0x3ffffff);
+    a[13] = (a[27] >> 20) + (sp_digit)((a[28] << 6) & 0x3ffffff);
     a[14] = (a[14 + 14] >> 20) +  (a[29] << 6);
 
     a[1] += a[0] >> 26; a[0] &= 0x3ffffff;
@@ -28245,21 +28240,21 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp)
     /* Create mask. */
     am = 0 - am;
 
-    a[0] -= 0x03ffffff & am;
-    a[1] -= 0x0000003f & am;
+    a[0] -= (sp_digit)(0x03ffffff & am);
+    a[1] -= (sp_digit)(0x0000003f & am);
     /* p384_mod[2] is zero */
-    a[3] -= 0x03fc0000 & am;
-    a[4] -= 0x02ffffff & am;
-    a[5] -= 0x03ffffff & am;
-    a[6] -= 0x03ffffff & am;
-    a[7] -= 0x03ffffff & am;
-    a[8] -= 0x03ffffff & am;
-    a[9] -= 0x03ffffff & am;
-    a[10] -= 0x03ffffff & am;
-    a[11] -= 0x03ffffff & am;
-    a[12] -= 0x03ffffff & am;
-    a[13] -= 0x03ffffff & am;
-    a[14] -= 0x000fffff & am;
+    a[3] -= (sp_digit)(0x03fc0000 & am);
+    a[4] -= (sp_digit)(0x02ffffff & am);
+    a[5] -= (sp_digit)(0x03ffffff & am);
+    a[6] -= (sp_digit)(0x03ffffff & am);
+    a[7] -= (sp_digit)(0x03ffffff & am);
+    a[8] -= (sp_digit)(0x03ffffff & am);
+    a[9] -= (sp_digit)(0x03ffffff & am);
+    a[10] -= (sp_digit)(0x03ffffff & am);
+    a[11] -= (sp_digit)(0x03ffffff & am);
+    a[12] -= (sp_digit)(0x03ffffff & am);
+    a[13] -= (sp_digit)(0x03ffffff & am);
+    a[14] -= (sp_digit)(0x000fffff & am);
 
     a[1] += a[0] >> 26; a[0] &= 0x3ffffff;
     a[2] += a[1] >> 26; a[1] &= 0x3ffffff;
@@ -28328,7 +28323,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_15(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint32_t p384_mod_minus_2[12] = {
+static const word32 p384_mod_minus_2[12] = {
     0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
@@ -28443,7 +28438,7 @@ static void sp_384_map_15(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_15(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_15(r->x, p384_mod);
-    sp_384_cond_sub_15(r->x, r->x, p384_mod, ~(n >> 25));
+    sp_384_cond_sub_15(r->x, r->x, p384_mod, (sp_digit)~(n >> 25));
     sp_384_norm_15(r->x);
 
     /* y /= z^3 */
@@ -28452,7 +28447,7 @@ static void sp_384_map_15(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_15(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_15(r->y, p384_mod);
-    sp_384_cond_sub_15(r->y, r->y, p384_mod, ~(n >> 25));
+    sp_384_cond_sub_15(r->y, r->y, p384_mod, (sp_digit)~(n >> 25));
     sp_384_norm_15(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -28592,23 +28587,23 @@ SP_NOINLINE static void sp_384_rshift1_15(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<14; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 25) & 0x3ffffff);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 25) & 0x3ffffff);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 25) & 0x3ffffff);
-    r[1] = (a[1] >> 1) + ((a[2] << 25) & 0x3ffffff);
-    r[2] = (a[2] >> 1) + ((a[3] << 25) & 0x3ffffff);
-    r[3] = (a[3] >> 1) + ((a[4] << 25) & 0x3ffffff);
-    r[4] = (a[4] >> 1) + ((a[5] << 25) & 0x3ffffff);
-    r[5] = (a[5] >> 1) + ((a[6] << 25) & 0x3ffffff);
-    r[6] = (a[6] >> 1) + ((a[7] << 25) & 0x3ffffff);
-    r[7] = (a[7] >> 1) + ((a[8] << 25) & 0x3ffffff);
-    r[8] = (a[8] >> 1) + ((a[9] << 25) & 0x3ffffff);
-    r[9] = (a[9] >> 1) + ((a[10] << 25) & 0x3ffffff);
-    r[10] = (a[10] >> 1) + ((a[11] << 25) & 0x3ffffff);
-    r[11] = (a[11] >> 1) + ((a[12] << 25) & 0x3ffffff);
-    r[12] = (a[12] >> 1) + ((a[13] << 25) & 0x3ffffff);
-    r[13] = (a[13] >> 1) + ((a[14] << 25) & 0x3ffffff);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 25) & 0x3ffffff);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 25) & 0x3ffffff);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 25) & 0x3ffffff);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 25) & 0x3ffffff);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 25) & 0x3ffffff);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 25) & 0x3ffffff);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 25) & 0x3ffffff);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 25) & 0x3ffffff);
+    r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 25) & 0x3ffffff);
+    r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 25) & 0x3ffffff);
+    r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 25) & 0x3ffffff);
+    r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 25) & 0x3ffffff);
+    r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 25) & 0x3ffffff);
+    r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 25) & 0x3ffffff);
 #endif
     r[14] = a[14] >> 1;
 }
@@ -28921,8 +28916,8 @@ static void sp_384_proj_point_add_15(sp_point_384* r,
         sp_384_mont_sub_15(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -28939,7 +28934,7 @@ static void sp_384_proj_point_add_15(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -29113,8 +29108,8 @@ static int sp_384_proj_point_add_15_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29131,7 +29126,7 @@ static int sp_384_proj_point_add_15_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -29854,13 +29849,13 @@ static void sp_384_proj_point_add_sub_15(sp_point_384* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_384 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_384;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_15_6[66] = {
+static const word8 recode_index_15_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -29869,7 +29864,7 @@ static const uint8_t recode_index_15_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_15_6[66] = {
+static const word8 recode_neg_15_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -29887,7 +29882,7 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -29896,7 +29891,7 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 26) {
             y &= 0x3f;
             n >>= 6;
@@ -29910,12 +29905,12 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 15) {
             n = k[j];
-            y |= (uint8_t)((n << (26 - o)) & 0x3f);
+            y |= (word8)((n << (26 - o)) & 0x3f);
             o -= 20;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_15_6[y];
         v[i].neg = recode_neg_15_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -29981,7 +29976,7 @@ static void sp_384_get_point_33_15(sp_point_384* r, const sp_point_384* table,
     r->z[13] = 0;
     r->z[14] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -30233,8 +30228,8 @@ static void sp_384_proj_point_add_qz1_15(sp_point_384* r,
         sp_384_mont_sub_15(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -30251,7 +30246,7 @@ static void sp_384_proj_point_add_qz1_15(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -30413,7 +30408,7 @@ static void sp_384_get_entry_256_15(sp_point_384* r,
     r->y[13] = 0;
     r->y[14] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -30575,7 +30570,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -30603,7 +30598,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -33244,25 +33239,25 @@ SP_NOINLINE static void sp_384_rshift_15(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<14; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (26 - n))) & 0x3ffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (26 - n))) & 0x3ffffff);
     }
 #else
     for (i=0; i<8; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff);
     }
-    r[8] = (a[8] >> n) | ((a[9] << (26 - n)) & 0x3ffffff);
-    r[9] = (a[9] >> n) | ((a[10] << (26 - n)) & 0x3ffffff);
-    r[10] = (a[10] >> n) | ((a[11] << (26 - n)) & 0x3ffffff);
-    r[11] = (a[11] >> n) | ((a[12] << (26 - n)) & 0x3ffffff);
-    r[12] = (a[12] >> n) | ((a[13] << (26 - n)) & 0x3ffffff);
-    r[13] = (a[13] >> n) | ((a[14] << (26 - n)) & 0x3ffffff);
+    r[8] = (a[8] >> n) | (sp_digit)((a[9] << (26 - n)) & 0x3ffffff);
+    r[9] = (a[9] >> n) | (sp_digit)((a[10] << (26 - n)) & 0x3ffffff);
+    r[10] = (a[10] >> n) | (sp_digit)((a[11] << (26 - n)) & 0x3ffffff);
+    r[11] = (a[11] >> n) | (sp_digit)((a[12] << (26 - n)) & 0x3ffffff);
+    r[12] = (a[12] >> n) | (sp_digit)((a[13] << (26 - n)) & 0x3ffffff);
+    r[13] = (a[13] >> n) | (sp_digit)((a[14] << (26 - n)) & 0x3ffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[14] = a[14] >> n;
 }
@@ -33333,7 +33328,7 @@ SP_NOINLINE static void sp_384_lshift_30(sp_digit* r, const sp_digit* a,
 
     r[30] = a[29] >> (26 - n);
     for (i=29; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (26 - n))) & 0x3ffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (26 - n))) & 0x3ffffff);
     }
 #else
     sp_int_digit s;
@@ -33342,65 +33337,65 @@ SP_NOINLINE static void sp_384_lshift_30(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[29];
     r[30] = s >> (26U - n);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (26U - n))) & 0x3ffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x3ffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x3ffffff);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -33499,13 +33494,13 @@ static void sp_384_mont_mul_order_15(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint32_t p384_order_minus_2[12] = {
+static const word32 p384_order_minus_2[12] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint32_t p384_order_low[6] = {
+static const word32 p384_order_low[6] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -34026,7 +34021,7 @@ static int sp_384_num_bits_26_15(sp_digit v)
     v |= v >> 4;
     v |= v >> 8;
     v |= v >> 16;
-    return sp_384_tab32_15[(uint32_t)(v*0x07C4ACDD) >> 27];
+    return sp_384_tab32_15[(word32)(v*0x07C4ACDD) >> 27];
 }
 
 static int sp_384_num_bits_15(const sp_digit* a)
@@ -35264,7 +35259,7 @@ SP_NOINLINE static void sp_521_mul_21(sp_digit* r, const sp_digit* a,
         }
     }
     for (i=0; i<41; i++) {
-        r[i] = t[i] & 0x1ffffff;
+        r[i] = (sp_digit)(t[i] & 0x1ffffff);
         t[i+1] += t[i] >> 25;
     }
     r[41] = (sp_digit)t[41];
@@ -35333,7 +35328,7 @@ SP_NOINLINE static void sp_521_sqr_21(sp_digit* r, const sp_digit* a)
         t[i+i] += ((sp_int64)a[i]) * a[i];
     }
     for (i=0; i<41; i++) {
-        r[i] = t[i] & 0x1ffffff;
+        r[i] = (sp_digit)(t[i] & 0x1ffffff);
         t[i+1] += t[i] >> 25;
     }
     r[41] = (sp_digit)t[41];
@@ -35681,10 +35676,10 @@ static void sp_521_mont_reduce_21(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 20; i++) {
-        a[i] += ((a[20 + i] >> 21) + (a[20 + i + 1] << 4)) & 0x1ffffff;
+        a[i] += (sp_digit)(((a[20 + i] >> 21) + (a[20 + i + 1] << 4)) & 0x1ffffff);
     }
     a[20] &= 0x1fffff;
-    a[20] += ((a[40] >> 21) + (a[41] << 4)) & 0x1ffffff;
+    a[20] += (sp_digit)(((a[40] >> 21) + (a[41] << 4)) & 0x1ffffff);
 
     sp_521_norm_21(a);
 
@@ -35789,17 +35784,17 @@ SP_NOINLINE static void sp_521_mul_add_21(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1ffffff);
         t[1] += t[0] >> 25;
-        r[i+1] = t[1] & 0x1ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1ffffff);
         t[2] += t[1] >> 25;
-        r[i+2] = t[2] & 0x1ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1ffffff);
         t[3] += t[2] >> 25;
-        r[i+3] = t[3] & 0x1ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1ffffff);
         t[0]  = t[3] >> 25;
     }
     t[0] += (tb * a[20]) + r[20];
-    r[20] = t[0] & 0x1ffffff;
+    r[20] = (sp_digit)(t[0] & 0x1ffffff);
     r[21] +=  (sp_digit)(t[0] >> 25);
 #else
     sp_int64 tb = b;
@@ -35852,8 +35847,8 @@ static void sp_521_mont_shift_21(sp_digit* r, const sp_digit* a)
     s = a[21];
     n = a[20] >> 21;
     for (i = 0; i < 20; i++) {
-        n += (s & 0x1ffffff) << 4;
-        r[i] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4);
+        r[i] = (sp_digit)(n & 0x1ffffff);
         n >>= 25;
         s = a[22 + i] + (s >> 25);
     }
@@ -35866,30 +35861,30 @@ static void sp_521_mont_shift_21(sp_digit* r, const sp_digit* a)
 
     s = a[21]; n = a[20] >> 21;
     for (i = 0; i < 16; i += 8) {
-        n += (s & 0x1ffffff) << 4; r[i+0] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+0] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+22] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+1] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+1] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+23] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+2] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+2] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+24] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+3] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+3] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+25] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+4] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+4] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+26] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+5] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+5] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+27] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+6] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+6] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+28] + (s >> 25);
-        n += (s & 0x1ffffff) << 4; r[i+7] = n & 0x1ffffff;
+        n += (sp_digit)((s & 0x1ffffff) << 4); r[i+7] = (sp_digit)(n & 0x1ffffff);
         n >>= 25; s = a[i+29] + (s >> 25);
     }
-    n += (s & 0x1ffffff) << 4; r[16] = n & 0x1ffffff;
+    n += (sp_digit)((s & 0x1ffffff) << 4); r[16] = (sp_digit)(n & 0x1ffffff);
     n >>= 25; s = a[38] + (s >> 25);
-    n += (s & 0x1ffffff) << 4; r[17] = n & 0x1ffffff;
+    n += (sp_digit)((s & 0x1ffffff) << 4); r[17] = (sp_digit)(n & 0x1ffffff);
     n >>= 25; s = a[39] + (s >> 25);
-    n += (s & 0x1ffffff) << 4; r[18] = n & 0x1ffffff;
+    n += (sp_digit)((s & 0x1ffffff) << 4); r[18] = (sp_digit)(n & 0x1ffffff);
     n >>= 25; s = a[40] + (s >> 25);
-    n += (s & 0x1ffffff) << 4; r[19] = n & 0x1ffffff;
+    n += (sp_digit)((s & 0x1ffffff) << 4); r[19] = (sp_digit)(n & 0x1ffffff);
     n >>= 25; s = a[41] + (s >> 25);
     n += s << 4;              r[20] = n;
 #endif /* WOLFSSL_SP_SMALL */
@@ -35911,11 +35906,11 @@ static void sp_521_mont_reduce_order_21(sp_digit* a, const sp_digit* m, sp_digit
     sp_521_norm_21(a + 21);
 
     for (i=0; i<20; i++) {
-        mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffffff;
+        mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffffff);
         sp_521_mul_add_21(a+i, m, mu);
         a[i+1] += a[i] >> 25;
     }
-    mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffL;
+    mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffL);
     sp_521_mul_add_21(a+i, m, mu);
     a[i+1] += a[i] >> 25;
     a[i] &= 0x1ffffff;
@@ -35976,7 +35971,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_21(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint32_t p521_mod_minus_2[17] = {
+static const word32 p521_mod_minus_2[17] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
@@ -36088,7 +36083,7 @@ static void sp_521_map_21(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_21(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_21(r->x, p521_mod);
-    sp_521_cond_sub_21(r->x, r->x, p521_mod, ~(n >> 24));
+    sp_521_cond_sub_21(r->x, r->x, p521_mod, (sp_digit)~(n >> 24));
     sp_521_norm_21(r->x);
 
     /* y /= z^3 */
@@ -36097,7 +36092,7 @@ static void sp_521_map_21(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_21(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_21(r->y, p521_mod);
-    sp_521_cond_sub_21(r->y, r->y, p521_mod, ~(n >> 24));
+    sp_521_cond_sub_21(r->y, r->y, p521_mod, (sp_digit)~(n >> 24));
     sp_521_norm_21(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -36239,29 +36234,29 @@ SP_NOINLINE static void sp_521_rshift1_21(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<20; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 24) & 0x1ffffff);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 24) & 0x1ffffff);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 24) & 0x1ffffff);
-    r[1] = (a[1] >> 1) + ((a[2] << 24) & 0x1ffffff);
-    r[2] = (a[2] >> 1) + ((a[3] << 24) & 0x1ffffff);
-    r[3] = (a[3] >> 1) + ((a[4] << 24) & 0x1ffffff);
-    r[4] = (a[4] >> 1) + ((a[5] << 24) & 0x1ffffff);
-    r[5] = (a[5] >> 1) + ((a[6] << 24) & 0x1ffffff);
-    r[6] = (a[6] >> 1) + ((a[7] << 24) & 0x1ffffff);
-    r[7] = (a[7] >> 1) + ((a[8] << 24) & 0x1ffffff);
-    r[8] = (a[8] >> 1) + ((a[9] << 24) & 0x1ffffff);
-    r[9] = (a[9] >> 1) + ((a[10] << 24) & 0x1ffffff);
-    r[10] = (a[10] >> 1) + ((a[11] << 24) & 0x1ffffff);
-    r[11] = (a[11] >> 1) + ((a[12] << 24) & 0x1ffffff);
-    r[12] = (a[12] >> 1) + ((a[13] << 24) & 0x1ffffff);
-    r[13] = (a[13] >> 1) + ((a[14] << 24) & 0x1ffffff);
-    r[14] = (a[14] >> 1) + ((a[15] << 24) & 0x1ffffff);
-    r[15] = (a[15] >> 1) + ((a[16] << 24) & 0x1ffffff);
-    r[16] = (a[16] >> 1) + ((a[17] << 24) & 0x1ffffff);
-    r[17] = (a[17] >> 1) + ((a[18] << 24) & 0x1ffffff);
-    r[18] = (a[18] >> 1) + ((a[19] << 24) & 0x1ffffff);
-    r[19] = (a[19] >> 1) + ((a[20] << 24) & 0x1ffffff);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 24) & 0x1ffffff);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 24) & 0x1ffffff);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 24) & 0x1ffffff);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 24) & 0x1ffffff);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 24) & 0x1ffffff);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 24) & 0x1ffffff);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 24) & 0x1ffffff);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 24) & 0x1ffffff);
+    r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 24) & 0x1ffffff);
+    r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 24) & 0x1ffffff);
+    r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 24) & 0x1ffffff);
+    r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 24) & 0x1ffffff);
+    r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 24) & 0x1ffffff);
+    r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 24) & 0x1ffffff);
+    r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 24) & 0x1ffffff);
+    r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 24) & 0x1ffffff);
+    r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 24) & 0x1ffffff);
+    r[17] = (a[17] >> 1) + (sp_digit)((a[18] << 24) & 0x1ffffff);
+    r[18] = (a[18] >> 1) + (sp_digit)((a[19] << 24) & 0x1ffffff);
+    r[19] = (a[19] >> 1) + (sp_digit)((a[20] << 24) & 0x1ffffff);
 #endif
     r[20] = a[20] >> 1;
 }
@@ -36577,8 +36572,8 @@ static void sp_521_proj_point_add_21(sp_point_521* r,
         sp_521_mont_sub_21(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -36595,7 +36590,7 @@ static void sp_521_proj_point_add_21(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -36769,8 +36764,8 @@ static int sp_521_proj_point_add_21_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -36787,7 +36782,7 @@ static int sp_521_proj_point_add_21_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -37373,13 +37368,13 @@ static void sp_521_proj_point_add_sub_21(sp_point_521* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_521 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_521;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_21_6[66] = {
+static const word8 recode_index_21_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -37388,7 +37383,7 @@ static const uint8_t recode_index_21_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_21_6[66] = {
+static const word8 recode_neg_21_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -37406,7 +37401,7 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -37415,7 +37410,7 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 25) {
             y &= 0x3f;
             n >>= 6;
@@ -37429,12 +37424,12 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 21) {
             n = k[j];
-            y |= (uint8_t)((n << (25 - o)) & 0x3f);
+            y |= (word8)((n << (25 - o)) & 0x3f);
             o -= 19;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_21_6[y];
         v[i].neg = recode_neg_21_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -37518,7 +37513,7 @@ static void sp_521_get_point_33_21(sp_point_521* r, const sp_point_521* table,
     r->z[19] = 0;
     r->z[20] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -37788,8 +37783,8 @@ static void sp_521_proj_point_add_qz1_21(sp_point_521* r,
         sp_521_mont_sub_21(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -37806,7 +37801,7 @@ static void sp_521_proj_point_add_qz1_21(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -37980,7 +37975,7 @@ static void sp_521_get_entry_256_21(sp_point_521* r,
     r->y[19] = 0;
     r->y[20] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -38154,7 +38149,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -38182,7 +38177,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -41332,23 +41327,23 @@ SP_NOINLINE static void sp_521_rshift_21(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<20; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff);
     }
 #else
     for (i=0; i<16; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (25 - n)) & 0x1ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (25 - n)) & 0x1ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (25 - n)) & 0x1ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (25 - n)) & 0x1ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (25 - n)) & 0x1ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (25 - n)) & 0x1ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (25 - n)) & 0x1ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (25 - n)) & 0x1ffffff);
     }
-    r[16] = (a[16] >> n) | ((a[17] << (25 - n)) & 0x1ffffff);
-    r[17] = (a[17] >> n) | ((a[18] << (25 - n)) & 0x1ffffff);
-    r[18] = (a[18] >> n) | ((a[19] << (25 - n)) & 0x1ffffff);
-    r[19] = (a[19] >> n) | ((a[20] << (25 - n)) & 0x1ffffff);
+    r[16] = (a[16] >> n) | (sp_digit)((a[17] << (25 - n)) & 0x1ffffff);
+    r[17] = (a[17] >> n) | (sp_digit)((a[18] << (25 - n)) & 0x1ffffff);
+    r[18] = (a[18] >> n) | (sp_digit)((a[19] << (25 - n)) & 0x1ffffff);
+    r[19] = (a[19] >> n) | (sp_digit)((a[20] << (25 - n)) & 0x1ffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[20] = a[20] >> n;
 }
@@ -41419,7 +41414,7 @@ SP_NOINLINE static void sp_521_lshift_42(sp_digit* r, const sp_digit* a,
 
     r[42] = a[41] >> (25 - n);
     for (i=41; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (25 - n))) & 0x1ffffff;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (25 - n))) & 0x1ffffff);
     }
 #else
     sp_int_digit s;
@@ -41428,89 +41423,89 @@ SP_NOINLINE static void sp_521_lshift_42(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[41];
     r[42] = s >> (25U - n);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[41] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[40] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[39] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[38] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[37] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[36] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[35] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[34] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[33] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[32] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[31] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[30] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[29] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[28] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[27] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[26] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[25] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[24] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[23] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[22] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[21] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[20] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[19] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[18] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[17] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[16] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[15] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[14] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[13] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[12] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[11] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[10] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[9] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[8] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[7] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[6] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[5] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[4] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[3] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[2] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (25U - n))) & 0x1ffffff;
+    r[1] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x1ffffff;
+    r[0] = (sp_digit)((a[0] << n) & 0x1ffffff);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -41609,14 +41604,14 @@ static void sp_521_mont_mul_order_21(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint32_t p521_order_minus_2[17] = {
+static const word32 p521_order_minus_2[17] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint32_t p521_order_low[9] = {
+static const word32 p521_order_low[9] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU
 };
@@ -42161,7 +42156,7 @@ static int sp_521_num_bits_25_21(sp_digit v)
     v |= v >> 4;
     v |= v >> 8;
     v |= v >> 16;
-    return sp_521_tab32_21[(uint32_t)(v*0x07C4ACDD) >> 27];
+    return sp_521_tab32_21[(word32)(v*0x07C4ACDD) >> 27];
 }
 
 static int sp_521_num_bits_21(const sp_digit* a)
@@ -43092,7 +43087,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint32_t p521_sqrt_power[17] = {
+static const word32 p521_sqrt_power[17] = {
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000080
@@ -43281,20 +43276,20 @@ SP_NOINLINE static void sp_1024_mul_7(sp_digit* r, const sp_digit* a,
                  + ((sp_int64)a[ 6]) * b[ 5];
     sp_int64 t12  = ((sp_int64)a[ 6]) * b[ 6];
 
-    t1   += t0  >> 25; r[ 0] = t0  & 0x1ffffff;
-    t2   += t1  >> 25; r[ 1] = t1  & 0x1ffffff;
-    t3   += t2  >> 25; r[ 2] = t2  & 0x1ffffff;
-    t4   += t3  >> 25; r[ 3] = t3  & 0x1ffffff;
-    t5   += t4  >> 25; r[ 4] = t4  & 0x1ffffff;
-    t6   += t5  >> 25; r[ 5] = t5  & 0x1ffffff;
-    t7   += t6  >> 25; r[ 6] = t6  & 0x1ffffff;
-    t8   += t7  >> 25; r[ 7] = t7  & 0x1ffffff;
-    t9   += t8  >> 25; r[ 8] = t8  & 0x1ffffff;
-    t10  += t9  >> 25; r[ 9] = t9  & 0x1ffffff;
-    t11  += t10 >> 25; r[10] = t10 & 0x1ffffff;
-    t12  += t11 >> 25; r[11] = t11 & 0x1ffffff;
+    t1   += t0  >> 25; r[ 0] = (sp_digit)(t0  & 0x1ffffff);
+    t2   += t1  >> 25; r[ 1] = (sp_digit)(t1  & 0x1ffffff);
+    t3   += t2  >> 25; r[ 2] = (sp_digit)(t2  & 0x1ffffff);
+    t4   += t3  >> 25; r[ 3] = (sp_digit)(t3  & 0x1ffffff);
+    t5   += t4  >> 25; r[ 4] = (sp_digit)(t4  & 0x1ffffff);
+    t6   += t5  >> 25; r[ 5] = (sp_digit)(t5  & 0x1ffffff);
+    t7   += t6  >> 25; r[ 6] = (sp_digit)(t6  & 0x1ffffff);
+    t8   += t7  >> 25; r[ 7] = (sp_digit)(t7  & 0x1ffffff);
+    t9   += t8  >> 25; r[ 8] = (sp_digit)(t8  & 0x1ffffff);
+    t10  += t9  >> 25; r[ 9] = (sp_digit)(t9  & 0x1ffffff);
+    t11  += t10 >> 25; r[10] = (sp_digit)(t10 & 0x1ffffff);
+    t12  += t11 >> 25; r[11] = (sp_digit)(t11 & 0x1ffffff);
     r[13] = (sp_digit)(t12 >> 25);
-                       r[12] = t12 & 0x1ffffff;
+                       r[12] = (sp_digit)(t12 & 0x1ffffff);
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -43333,20 +43328,20 @@ SP_NOINLINE static void sp_1024_sqr_7(sp_digit* r, const sp_digit* a)
     sp_int64 t11  = (((sp_int64)a[ 5]) * a[ 6]) * 2;
     sp_int64 t12  =  ((sp_int64)a[ 6]) * a[ 6];
 
-    t1   += t0  >> 25; r[ 0] = t0  & 0x1ffffff;
-    t2   += t1  >> 25; r[ 1] = t1  & 0x1ffffff;
-    t3   += t2  >> 25; r[ 2] = t2  & 0x1ffffff;
-    t4   += t3  >> 25; r[ 3] = t3  & 0x1ffffff;
-    t5   += t4  >> 25; r[ 4] = t4  & 0x1ffffff;
-    t6   += t5  >> 25; r[ 5] = t5  & 0x1ffffff;
-    t7   += t6  >> 25; r[ 6] = t6  & 0x1ffffff;
-    t8   += t7  >> 25; r[ 7] = t7  & 0x1ffffff;
-    t9   += t8  >> 25; r[ 8] = t8  & 0x1ffffff;
-    t10  += t9  >> 25; r[ 9] = t9  & 0x1ffffff;
-    t11  += t10 >> 25; r[10] = t10 & 0x1ffffff;
-    t12  += t11 >> 25; r[11] = t11 & 0x1ffffff;
+    t1   += t0  >> 25; r[ 0] = (sp_digit)(t0  & 0x1ffffff);
+    t2   += t1  >> 25; r[ 1] = (sp_digit)(t1  & 0x1ffffff);
+    t3   += t2  >> 25; r[ 2] = (sp_digit)(t2  & 0x1ffffff);
+    t4   += t3  >> 25; r[ 3] = (sp_digit)(t3  & 0x1ffffff);
+    t5   += t4  >> 25; r[ 4] = (sp_digit)(t4  & 0x1ffffff);
+    t6   += t5  >> 25; r[ 5] = (sp_digit)(t5  & 0x1ffffff);
+    t7   += t6  >> 25; r[ 6] = (sp_digit)(t6  & 0x1ffffff);
+    t8   += t7  >> 25; r[ 7] = (sp_digit)(t7  & 0x1ffffff);
+    t9   += t8  >> 25; r[ 8] = (sp_digit)(t8  & 0x1ffffff);
+    t10  += t9  >> 25; r[ 9] = (sp_digit)(t9  & 0x1ffffff);
+    t11  += t10 >> 25; r[10] = (sp_digit)(t10 & 0x1ffffff);
+    t12  += t11 >> 25; r[11] = (sp_digit)(t11 & 0x1ffffff);
     r[13] = (sp_digit)(t12 >> 25);
-                       r[12] = t12 & 0x1ffffff;
+                       r[12] = (sp_digit)(t12 & 0x1ffffff);
 }
 
 /* Add b to a into r. (r = a + b)
@@ -44051,20 +44046,20 @@ SP_NOINLINE static void sp_1024_rshift_42(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<41; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff);
     }
 #else
     for (i=0; i<40; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (25 - n)) & 0x1ffffff);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (25 - n)) & 0x1ffffff);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (25 - n)) & 0x1ffffff);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (25 - n)) & 0x1ffffff);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (25 - n)) & 0x1ffffff);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (25 - n)) & 0x1ffffff);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (25 - n)) & 0x1ffffff);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (25 - n)) & 0x1ffffff);
     }
-    r[40] = (a[40] >> n) | ((a[41] << (25 - n)) & 0x1ffffff);
+    r[40] = (a[40] >> n) | (sp_digit)((a[41] << (25 - n)) & 0x1ffffff);
 #endif /* WOLFSSL_SP_SMALL */
     r[41] = a[41] >> n;
 }
@@ -44623,20 +44618,20 @@ SP_NOINLINE static void sp_1024_mul_add_42(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1ffffff;
+        r[i+0] = (sp_digit)(t[0] & 0x1ffffff);
         t[1] += t[0] >> 25;
-        r[i+1] = t[1] & 0x1ffffff;
+        r[i+1] = (sp_digit)(t[1] & 0x1ffffff);
         t[2] += t[1] >> 25;
-        r[i+2] = t[2] & 0x1ffffff;
+        r[i+2] = (sp_digit)(t[2] & 0x1ffffff);
         t[3] += t[2] >> 25;
-        r[i+3] = t[3] & 0x1ffffff;
+        r[i+3] = (sp_digit)(t[3] & 0x1ffffff);
         t[0]  = t[3] >> 25;
     }
     t[0] += (tb * a[40]) + r[40];
     t[1]  = (tb * a[41]) + r[41];
-    r[40] = t[0] & 0x1ffffff;
+    r[40] = (sp_digit)(t[0] & 0x1ffffff);
     t[1] += t[0] >> 25;
-    r[41] = t[1] & 0x1ffffff;
+    r[41] = (sp_digit)(t[1] & 0x1ffffff);
     r[42] +=  (sp_digit)(t[1] >> 25);
 #else
     sp_int64 tb = b;
@@ -44710,7 +44705,7 @@ static void sp_1024_mont_shift_42(sp_digit* r, const sp_digit* a)
     n = a[40] >> 24;
     for (i = 0; i < 40; i++) {
         n += (sp_uint32)a[41 + i] << 1;
-        r[i] = n & 0x1ffffff;
+        r[i] = (sp_digit)(n & 0x1ffffff);
         n >>= 25;
     }
     n += (sp_uint32)a[81] << 1;
@@ -44722,14 +44717,14 @@ static void sp_1024_mont_shift_42(sp_digit* r, const sp_digit* a)
     n  = (sp_uint32)a[40];
     n  = n >> 24U;
     for (i = 0; i < 40; i += 8) {
-        n += (sp_uint32)a[i+41] << 1U; r[i+0] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+42] << 1U; r[i+1] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+43] << 1U; r[i+2] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+44] << 1U; r[i+3] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+45] << 1U; r[i+4] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+46] << 1U; r[i+5] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+47] << 1U; r[i+6] = n & 0x1ffffff; n >>= 25U;
-        n += (sp_uint32)a[i+48] << 1U; r[i+7] = n & 0x1ffffff; n >>= 25U;
+        n += (sp_uint32)a[i+41] << 1U; r[i+0] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+42] << 1U; r[i+1] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+43] << 1U; r[i+2] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+44] << 1U; r[i+3] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+45] << 1U; r[i+4] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+46] << 1U; r[i+5] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+47] << 1U; r[i+6] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
+        n += (sp_uint32)a[i+48] << 1U; r[i+7] = (sp_digit)(n & 0x1ffffff); n >>= 25U;
     }
     n += (sp_uint32)a[81] << 1U; r[40] = n;
 #endif /* WOLFSSL_SP_SMALL */
@@ -44752,22 +44747,22 @@ static void sp_1024_mont_reduce_42(sp_digit* a, const sp_digit* m, sp_digit mp)
 
     if (mp != 1) {
         for (i=0; i<40; i++) {
-            mu = (a[i] * mp) & 0x1ffffff;
+            mu = (sp_digit)((a[i] * mp) & 0x1ffffff);
             sp_1024_mul_add_42(a+i, m, mu);
             a[i+1] += a[i] >> 25;
         }
-        mu = (a[i] * mp) & 0xffffffL;
+        mu = (sp_digit)((a[i] * mp) & 0xffffffL);
         sp_1024_mul_add_42(a+i, m, mu);
         a[i+1] += a[i] >> 25;
         a[i] &= 0x1ffffff;
     }
     else {
         for (i=0; i<40; i++) {
-            mu = a[i] & 0x1ffffff;
+            mu = (sp_digit)(a[i] & 0x1ffffff);
             sp_1024_mul_add_42(a+i, m, mu);
             a[i+1] += a[i] >> 25;
         }
-        mu = a[i] & 0xffffffL;
+        mu = (sp_digit)(a[i] & 0xffffffL);
         sp_1024_mul_add_42(a+i, m, mu);
         a[i+1] += a[i] >> 25;
         a[i] &= 0x1ffffff;
@@ -44810,7 +44805,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_42(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -44894,7 +44889,7 @@ static void sp_1024_map_42(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_42(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_42(r->x, p1024_mod);
-    sp_1024_cond_sub_42(r->x, r->x, p1024_mod, ~(n >> 24));
+    sp_1024_cond_sub_42(r->x, r->x, p1024_mod, (sp_digit)~(n >> 24));
     sp_1024_norm_42(r->x);
 
     /* y /= z^3 */
@@ -44903,7 +44898,7 @@ static void sp_1024_map_42(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_42(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_42(r->y, p1024_mod);
-    sp_1024_cond_sub_42(r->y, r->y, p1024_mod, ~(n >> 24));
+    sp_1024_cond_sub_42(r->y, r->y, p1024_mod, (sp_digit)~(n >> 24));
     sp_1024_norm_42(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -44993,50 +44988,50 @@ SP_NOINLINE static void sp_1024_rshift1_42(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<41; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 24) & 0x1ffffff);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 24) & 0x1ffffff);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 24) & 0x1ffffff);
-    r[1] = (a[1] >> 1) + ((a[2] << 24) & 0x1ffffff);
-    r[2] = (a[2] >> 1) + ((a[3] << 24) & 0x1ffffff);
-    r[3] = (a[3] >> 1) + ((a[4] << 24) & 0x1ffffff);
-    r[4] = (a[4] >> 1) + ((a[5] << 24) & 0x1ffffff);
-    r[5] = (a[5] >> 1) + ((a[6] << 24) & 0x1ffffff);
-    r[6] = (a[6] >> 1) + ((a[7] << 24) & 0x1ffffff);
-    r[7] = (a[7] >> 1) + ((a[8] << 24) & 0x1ffffff);
-    r[8] = (a[8] >> 1) + ((a[9] << 24) & 0x1ffffff);
-    r[9] = (a[9] >> 1) + ((a[10] << 24) & 0x1ffffff);
-    r[10] = (a[10] >> 1) + ((a[11] << 24) & 0x1ffffff);
-    r[11] = (a[11] >> 1) + ((a[12] << 24) & 0x1ffffff);
-    r[12] = (a[12] >> 1) + ((a[13] << 24) & 0x1ffffff);
-    r[13] = (a[13] >> 1) + ((a[14] << 24) & 0x1ffffff);
-    r[14] = (a[14] >> 1) + ((a[15] << 24) & 0x1ffffff);
-    r[15] = (a[15] >> 1) + ((a[16] << 24) & 0x1ffffff);
-    r[16] = (a[16] >> 1) + ((a[17] << 24) & 0x1ffffff);
-    r[17] = (a[17] >> 1) + ((a[18] << 24) & 0x1ffffff);
-    r[18] = (a[18] >> 1) + ((a[19] << 24) & 0x1ffffff);
-    r[19] = (a[19] >> 1) + ((a[20] << 24) & 0x1ffffff);
-    r[20] = (a[20] >> 1) + ((a[21] << 24) & 0x1ffffff);
-    r[21] = (a[21] >> 1) + ((a[22] << 24) & 0x1ffffff);
-    r[22] = (a[22] >> 1) + ((a[23] << 24) & 0x1ffffff);
-    r[23] = (a[23] >> 1) + ((a[24] << 24) & 0x1ffffff);
-    r[24] = (a[24] >> 1) + ((a[25] << 24) & 0x1ffffff);
-    r[25] = (a[25] >> 1) + ((a[26] << 24) & 0x1ffffff);
-    r[26] = (a[26] >> 1) + ((a[27] << 24) & 0x1ffffff);
-    r[27] = (a[27] >> 1) + ((a[28] << 24) & 0x1ffffff);
-    r[28] = (a[28] >> 1) + ((a[29] << 24) & 0x1ffffff);
-    r[29] = (a[29] >> 1) + ((a[30] << 24) & 0x1ffffff);
-    r[30] = (a[30] >> 1) + ((a[31] << 24) & 0x1ffffff);
-    r[31] = (a[31] >> 1) + ((a[32] << 24) & 0x1ffffff);
-    r[32] = (a[32] >> 1) + ((a[33] << 24) & 0x1ffffff);
-    r[33] = (a[33] >> 1) + ((a[34] << 24) & 0x1ffffff);
-    r[34] = (a[34] >> 1) + ((a[35] << 24) & 0x1ffffff);
-    r[35] = (a[35] >> 1) + ((a[36] << 24) & 0x1ffffff);
-    r[36] = (a[36] >> 1) + ((a[37] << 24) & 0x1ffffff);
-    r[37] = (a[37] >> 1) + ((a[38] << 24) & 0x1ffffff);
-    r[38] = (a[38] >> 1) + ((a[39] << 24) & 0x1ffffff);
-    r[39] = (a[39] >> 1) + ((a[40] << 24) & 0x1ffffff);
-    r[40] = (a[40] >> 1) + ((a[41] << 24) & 0x1ffffff);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 24) & 0x1ffffff);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 24) & 0x1ffffff);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 24) & 0x1ffffff);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 24) & 0x1ffffff);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 24) & 0x1ffffff);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 24) & 0x1ffffff);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 24) & 0x1ffffff);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 24) & 0x1ffffff);
+    r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 24) & 0x1ffffff);
+    r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 24) & 0x1ffffff);
+    r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 24) & 0x1ffffff);
+    r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 24) & 0x1ffffff);
+    r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 24) & 0x1ffffff);
+    r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 24) & 0x1ffffff);
+    r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 24) & 0x1ffffff);
+    r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 24) & 0x1ffffff);
+    r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 24) & 0x1ffffff);
+    r[17] = (a[17] >> 1) + (sp_digit)((a[18] << 24) & 0x1ffffff);
+    r[18] = (a[18] >> 1) + (sp_digit)((a[19] << 24) & 0x1ffffff);
+    r[19] = (a[19] >> 1) + (sp_digit)((a[20] << 24) & 0x1ffffff);
+    r[20] = (a[20] >> 1) + (sp_digit)((a[21] << 24) & 0x1ffffff);
+    r[21] = (a[21] >> 1) + (sp_digit)((a[22] << 24) & 0x1ffffff);
+    r[22] = (a[22] >> 1) + (sp_digit)((a[23] << 24) & 0x1ffffff);
+    r[23] = (a[23] >> 1) + (sp_digit)((a[24] << 24) & 0x1ffffff);
+    r[24] = (a[24] >> 1) + (sp_digit)((a[25] << 24) & 0x1ffffff);
+    r[25] = (a[25] >> 1) + (sp_digit)((a[26] << 24) & 0x1ffffff);
+    r[26] = (a[26] >> 1) + (sp_digit)((a[27] << 24) & 0x1ffffff);
+    r[27] = (a[27] >> 1) + (sp_digit)((a[28] << 24) & 0x1ffffff);
+    r[28] = (a[28] >> 1) + (sp_digit)((a[29] << 24) & 0x1ffffff);
+    r[29] = (a[29] >> 1) + (sp_digit)((a[30] << 24) & 0x1ffffff);
+    r[30] = (a[30] >> 1) + (sp_digit)((a[31] << 24) & 0x1ffffff);
+    r[31] = (a[31] >> 1) + (sp_digit)((a[32] << 24) & 0x1ffffff);
+    r[32] = (a[32] >> 1) + (sp_digit)((a[33] << 24) & 0x1ffffff);
+    r[33] = (a[33] >> 1) + (sp_digit)((a[34] << 24) & 0x1ffffff);
+    r[34] = (a[34] >> 1) + (sp_digit)((a[35] << 24) & 0x1ffffff);
+    r[35] = (a[35] >> 1) + (sp_digit)((a[36] << 24) & 0x1ffffff);
+    r[36] = (a[36] >> 1) + (sp_digit)((a[37] << 24) & 0x1ffffff);
+    r[37] = (a[37] >> 1) + (sp_digit)((a[38] << 24) & 0x1ffffff);
+    r[38] = (a[38] >> 1) + (sp_digit)((a[39] << 24) & 0x1ffffff);
+    r[39] = (a[39] >> 1) + (sp_digit)((a[40] << 24) & 0x1ffffff);
+    r[40] = (a[40] >> 1) + (sp_digit)((a[41] << 24) & 0x1ffffff);
 #endif
     r[41] = a[41] >> 1;
 }
@@ -45362,8 +45357,8 @@ static void sp_1024_proj_point_add_42(sp_point_1024* r,
         sp_1024_mont_sub_42(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45380,7 +45375,7 @@ static void sp_1024_proj_point_add_42(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -45554,8 +45549,8 @@ static int sp_1024_proj_point_add_42_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45572,7 +45567,7 @@ static int sp_1024_proj_point_add_42_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -46182,13 +46177,13 @@ static void sp_1024_proj_point_add_sub_42(sp_point_1024* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_1024 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_1024;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_42_7[130] = {
+static const word8 recode_index_42_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -46201,7 +46196,7 @@ static const uint8_t recode_index_42_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_42_7[130] = {
+static const word8 recode_neg_42_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -46223,7 +46218,7 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -46232,7 +46227,7 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 25) {
             y &= 0x7f;
             n >>= 7;
@@ -46246,12 +46241,12 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v)
         }
         else if (++j < 42) {
             n = k[j];
-            y |= (uint8_t)((n << (25 - o)) & 0x7f);
+            y |= (word8)((n << (25 - o)) & 0x7f);
             o -= 18;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_42_7[y];
         v[i].neg = recode_neg_42_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -46465,8 +46460,8 @@ static void sp_1024_proj_point_add_qz1_42(sp_point_1024* r,
         sp_1024_mont_sub_42(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -46483,7 +46478,7 @@ static void sp_1024_proj_point_add_qz1_42(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -46714,7 +46709,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -46742,7 +46737,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -50966,7 +50961,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -51024,7 +51019,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -53958,7 +53953,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -54187,7 +54182,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -54577,7 +54572,7 @@ static int sp_1024_ecc_is_point_42(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_42(t1, p1024_mod);
-        sp_1024_cond_sub_42(t1, t1, p1024_mod, ~(n >> 24));
+        sp_1024_cond_sub_42(t1, t1, p1024_mod, (sp_digit)~(n >> 24));
         sp_1024_norm_42(t1);
         if (!sp_1024_iszero_42(t1)) {
             err = MP_VAL;
diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c
index cd55ca3ae..06dc0bd69 100644
--- a/wolfcrypt/src/sp_c64.c
+++ b/wolfcrypt/src/sp_c64.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,11 @@
 
 /* Implementation by Sean Parkinson. */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(WOLFSSL_HAVE_SP_ECC)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -71,13 +66,13 @@
 #define SP_PRINT_NUM(var, name, total, words, bits)   \
     do {                                              \
         int ii;                                       \
-        byte nb[(bits + 7) / 8];                      \
+        byte nb[((bits) + 7) / 8];                    \
         sp_digit _s[words];                           \
         XMEMCPY(_s, var, sizeof(_s));                 \
         sp_##total##_norm_##words(_s);                \
         sp_##total##_to_bin_##words(_s, nb);          \
         fprintf(stderr, name "=0x");                  \
-        for (ii=0; ii<(bits + 7) / 8; ii++)           \
+        for (ii=0; ii<((bits) + 7) / 8; ii++)         \
             fprintf(stderr, "%02x", nb[ii]);          \
         fprintf(stderr, "\n");                        \
     } while (0)
@@ -563,17 +558,17 @@ SP_NOINLINE static void sp_2048_mul_add_17(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffffffffffffL);
         t[1] += t[0] >> 61;
-        r[i+1] = t[1] & 0x1fffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffffffffffffL);
         t[2] += t[1] >> 61;
-        r[i+2] = t[2] & 0x1fffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffffffffffffL);
         t[3] += t[2] >> 61;
-        r[i+3] = t[3] & 0x1fffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffffffffffffL);
         t[0]  = t[3] >> 61;
     }
     t[0] += (tb * a[16]) + r[16];
-    r[16] = t[0] & 0x1fffffffffffffffL;
+    r[16] = (sp_digit)(t[0] & 0x1fffffffffffffffL);
     r[17] +=  (sp_digit)(t[0] >> 61);
 }
 
@@ -589,7 +584,7 @@ static void sp_2048_mont_shift_17(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[17]) << 13;
 
     for (i = 0; i < 16; i++) {
-        r[i] = n & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x1fffffffffffffffL);
         n >>= 61;
         n += ((sp_int128)a[18 + i]) << 13;
     }
@@ -612,11 +607,11 @@ static void sp_2048_mont_reduce_17(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_2048_norm_17(a + 17);
 
     for (i=0; i<16; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL);
         sp_2048_mul_add_17(a+i, m, mu);
         a[i+1] += a[i] >> 61;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL);
     sp_2048_mul_add_17(a+i, m, mu);
     a[i+1] += a[i] >> 61;
     a[i] &= 0x1fffffffffffffffL;
@@ -840,7 +835,7 @@ SP_NOINLINE static void sp_2048_rshift_17(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<16; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL);
     }
     r[16] = a[16] >> n;
 }
@@ -1129,7 +1124,7 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_17(t[0], m, mp);
         n = sp_2048_cmp_17(t[0], m);
-        sp_2048_cond_sub_17(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_17(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 17 * 2);
 
     }
@@ -1219,7 +1214,7 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_17(t[0], m, mp);
         n = sp_2048_cmp_17(t[0], m);
-        sp_2048_cond_sub_17(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_17(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 17 * 2);
     }
 
@@ -1364,7 +1359,7 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_17(rt, m, mp);
         n = sp_2048_cmp_17(rt, m);
-        sp_2048_cond_sub_17(rt, rt, m, ~(n >> 63));
+        sp_2048_cond_sub_17(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 34);
     }
 
@@ -1475,20 +1470,20 @@ SP_NOINLINE static void sp_2048_mul_add_34(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1fffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x1fffffffffffffffL);
         t[1] += t[0] >> 61;
-        r[i+1] = t[1] & 0x1fffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x1fffffffffffffffL);
         t[2] += t[1] >> 61;
-        r[i+2] = t[2] & 0x1fffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x1fffffffffffffffL);
         t[3] += t[2] >> 61;
-        r[i+3] = t[3] & 0x1fffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x1fffffffffffffffL);
         t[0]  = t[3] >> 61;
     }
     t[0] += (tb * a[32]) + r[32];
     t[1]  = (tb * a[33]) + r[33];
-    r[32] = t[0] & 0x1fffffffffffffffL;
+    r[32] = (sp_digit)(t[0] & 0x1fffffffffffffffL);
     t[1] += t[0] >> 61;
-    r[33] = t[1] & 0x1fffffffffffffffL;
+    r[33] = (sp_digit)(t[1] & 0x1fffffffffffffffL);
     r[34] +=  (sp_digit)(t[1] >> 61);
 }
 
@@ -1504,7 +1499,7 @@ static void sp_2048_mont_shift_34(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[34]) << 26;
 
     for (i = 0; i < 33; i++) {
-        r[i] = n & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x1fffffffffffffffL);
         n >>= 61;
         n += ((sp_int128)a[35 + i]) << 26;
     }
@@ -1529,33 +1524,33 @@ static void sp_2048_mont_reduce_34(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<33; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL);
             sp_2048_mul_add_34(a+i, m, mu);
             a[i+1] += a[i] >> 61;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL);
         sp_2048_mul_add_34(a+i, m, mu);
         a[i+1] += a[i] >> 61;
         a[i] &= 0x1fffffffffffffffL;
     }
     else {
         for (i=0; i<33; i++) {
-            mu = a[i] & 0x1fffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1fffffffffffffffL);
             sp_2048_mul_add_34(a+i, m, mu);
             a[i+1] += a[i] >> 61;
         }
-        mu = a[i] & 0x7ffffffffL;
+        mu = (sp_digit)(a[i] & 0x7ffffffffL);
         sp_2048_mul_add_34(a+i, m, mu);
         a[i+1] += a[i] >> 61;
         a[i] &= 0x1fffffffffffffffL;
     }
 #else
     for (i=0; i<33; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL);
         sp_2048_mul_add_34(a+i, m, mu);
         a[i+1] += a[i] >> 61;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL);
     sp_2048_mul_add_34(a+i, m, mu);
     a[i+1] += a[i] >> 61;
     a[i] &= 0x1fffffffffffffffL;
@@ -1661,7 +1656,7 @@ SP_NOINLINE static void sp_2048_rshift_34(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<33; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL);
     }
     r[33] = a[33] >> n;
 }
@@ -1951,7 +1946,7 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_34(t[0], m, mp);
         n = sp_2048_cmp_34(t[0], m);
-        sp_2048_cond_sub_34(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_34(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 34 * 2);
 
     }
@@ -2041,7 +2036,7 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_34(t[0], m, mp);
         n = sp_2048_cmp_34(t[0], m);
-        sp_2048_cond_sub_34(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_34(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 34 * 2);
     }
 
@@ -2169,7 +2164,7 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_34(rt, m, mp);
         n = sp_2048_cmp_34(rt, m);
-        sp_2048_cond_sub_34(rt, rt, m, ~(n >> 63));
+        sp_2048_cond_sub_34(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 68);
     }
 
@@ -3010,9 +3005,9 @@ SP_NOINLINE static void sp_2048_lshift_34(sp_digit* r, const sp_digit* a,
 
     r[34] = a[33] >> (61 - n);
     for (i=33; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (61 - n))) & 0x1fffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (61 - n))) & 0x1fffffffffffffffL);
     }
-    r[0] = (a[0] << n) & 0x1fffffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -3123,7 +3118,7 @@ static int sp_2048_mod_exp_2_34(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_2048_mont_reduce_34(r, m, mp);
         n = sp_2048_cmp_34(r, m);
-        sp_2048_cond_sub_34(r, r, m, ~(n >> 63));
+        sp_2048_cond_sub_34(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -3604,29 +3599,29 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint128)a[ 0]) * b[ 0];
     t1 = ((sp_uint128)a[ 0]) * b[ 1]
        + ((sp_uint128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 2]
        + ((sp_uint128)a[ 1]) * b[ 1]
        + ((sp_uint128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 3]
        + ((sp_uint128)a[ 1]) * b[ 2]
        + ((sp_uint128)a[ 2]) * b[ 1]
        + ((sp_uint128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 4]
        + ((sp_uint128)a[ 1]) * b[ 3]
        + ((sp_uint128)a[ 2]) * b[ 2]
        + ((sp_uint128)a[ 3]) * b[ 1]
        + ((sp_uint128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 5]
        + ((sp_uint128)a[ 1]) * b[ 4]
        + ((sp_uint128)a[ 2]) * b[ 3]
        + ((sp_uint128)a[ 3]) * b[ 2]
        + ((sp_uint128)a[ 4]) * b[ 1]
        + ((sp_uint128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 6]
        + ((sp_uint128)a[ 1]) * b[ 5]
        + ((sp_uint128)a[ 2]) * b[ 4]
@@ -3634,7 +3629,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 4]) * b[ 2]
        + ((sp_uint128)a[ 5]) * b[ 1]
        + ((sp_uint128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 7]
        + ((sp_uint128)a[ 1]) * b[ 6]
        + ((sp_uint128)a[ 2]) * b[ 5]
@@ -3643,7 +3638,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 5]) * b[ 2]
        + ((sp_uint128)a[ 6]) * b[ 1]
        + ((sp_uint128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 8]
        + ((sp_uint128)a[ 1]) * b[ 7]
        + ((sp_uint128)a[ 2]) * b[ 6]
@@ -3653,7 +3648,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 2]
        + ((sp_uint128)a[ 7]) * b[ 1]
        + ((sp_uint128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 1]) * b[ 8]
        + ((sp_uint128)a[ 2]) * b[ 7]
        + ((sp_uint128)a[ 3]) * b[ 6]
@@ -3662,7 +3657,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 3]
        + ((sp_uint128)a[ 7]) * b[ 2]
        + ((sp_uint128)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 2]) * b[ 8]
        + ((sp_uint128)a[ 3]) * b[ 7]
        + ((sp_uint128)a[ 4]) * b[ 6]
@@ -3670,35 +3665,35 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 4]
        + ((sp_uint128)a[ 7]) * b[ 3]
        + ((sp_uint128)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 3]) * b[ 8]
        + ((sp_uint128)a[ 4]) * b[ 7]
        + ((sp_uint128)a[ 5]) * b[ 6]
        + ((sp_uint128)a[ 6]) * b[ 5]
        + ((sp_uint128)a[ 7]) * b[ 4]
        + ((sp_uint128)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 4]) * b[ 8]
        + ((sp_uint128)a[ 5]) * b[ 7]
        + ((sp_uint128)a[ 6]) * b[ 6]
        + ((sp_uint128)a[ 7]) * b[ 5]
        + ((sp_uint128)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 5]) * b[ 8]
        + ((sp_uint128)a[ 6]) * b[ 7]
        + ((sp_uint128)a[ 7]) * b[ 6]
        + ((sp_uint128)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 6]) * b[ 8]
        + ((sp_uint128)a[ 7]) * b[ 7]
        + ((sp_uint128)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 7]) * b[ 8]
        + ((sp_uint128)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -3898,66 +3893,66 @@ SP_NOINLINE static void sp_2048_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint128)a[ 0]) * a[ 0];
     t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 3]
        +  ((sp_uint128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 4]
        +  ((sp_uint128)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 5]
        +  ((sp_uint128)a[ 1]) * a[ 4]
        +  ((sp_uint128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 6]
        +  ((sp_uint128)a[ 1]) * a[ 5]
        +  ((sp_uint128)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 7]
        +  ((sp_uint128)a[ 1]) * a[ 6]
        +  ((sp_uint128)a[ 2]) * a[ 5]
        +  ((sp_uint128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 8]
        +  ((sp_uint128)a[ 1]) * a[ 7]
        +  ((sp_uint128)a[ 2]) * a[ 6]
        +  ((sp_uint128)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 1]) * a[ 8]
        +  ((sp_uint128)a[ 2]) * a[ 7]
        +  ((sp_uint128)a[ 3]) * a[ 6]
        +  ((sp_uint128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 2]) * a[ 8]
        +  ((sp_uint128)a[ 3]) * a[ 7]
        +  ((sp_uint128)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint128)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 3]) * a[ 8]
        +  ((sp_uint128)a[ 4]) * a[ 7]
        +  ((sp_uint128)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 4]) * a[ 8]
        +  ((sp_uint128)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint128)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 5]) * a[ 8]
        +  ((sp_uint128)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 =  ((sp_uint128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -4202,16 +4197,16 @@ static void sp_2048_mont_shift_18(sp_digit* r, const sp_digit* a)
     n  = (sp_uint64)a[17];
     n  = n >> 55U;
     for (i = 0; i < 16; i += 8) {
-        n += (sp_uint64)a[i+18] << 2U; r[i+0] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+19] << 2U; r[i+1] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+20] << 2U; r[i+2] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+21] << 2U; r[i+3] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+22] << 2U; r[i+4] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+23] << 2U; r[i+5] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+24] << 2U; r[i+6] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+25] << 2U; r[i+7] = n & 0x1ffffffffffffffUL; n >>= 57U;
+        n += (sp_uint64)a[i+18] << 2U; r[i+0] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+19] << 2U; r[i+1] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+20] << 2U; r[i+2] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+21] << 2U; r[i+3] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+22] << 2U; r[i+4] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+23] << 2U; r[i+5] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+24] << 2U; r[i+6] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+25] << 2U; r[i+7] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
     }
-    n += (sp_uint64)a[34] << 2U; r[16] = n & 0x1ffffffffffffffUL; n >>= 57U;
+    n += (sp_uint64)a[34] << 2U; r[16] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
     n += (sp_uint64)a[35] << 2U; r[17] = n;
     XMEMSET(&r[18], 0, sizeof(*r) * 18U);
 }
@@ -4231,11 +4226,11 @@ static void sp_2048_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_2048_norm_18(a + 18);
 
     for (i=0; i<17; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
         sp_2048_mul_add_18(a+i, m, mu);
         a[i+1] += a[i] >> 57;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL);
     sp_2048_mul_add_18(a+i, m, mu);
     a[i+1] += a[i] >> 57;
     a[i] &= 0x1ffffffffffffffL;
@@ -4356,16 +4351,16 @@ SP_NOINLINE static void sp_2048_rshift_18(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<16; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[16] = (a[16] >> n) | ((a[17] << (57 - n)) & 0x1ffffffffffffffL);
+    r[16] = (a[16] >> n) | (sp_digit)((a[17] << (57 - n)) & 0x1ffffffffffffffL);
     r[17] = a[17] >> n;
 }
 
@@ -4653,7 +4648,7 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_18(t[0], m, mp);
         n = sp_2048_cmp_18(t[0], m);
-        sp_2048_cond_sub_18(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_18(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 18 * 2);
 
     }
@@ -4743,7 +4738,7 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_18(t[0], m, mp);
         n = sp_2048_cmp_18(t[0], m);
-        sp_2048_cond_sub_18(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_18(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 18 * 2);
     }
 
@@ -4888,7 +4883,7 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_18(rt, m, mp);
         n = sp_2048_cmp_18(rt, m);
-        sp_2048_cond_sub_18(rt, rt, m, ~(n >> 63));
+        sp_2048_cond_sub_18(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 36);
     }
 
@@ -5048,28 +5043,28 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a)
 
     s = a[36]; n = a[35] >> 53;
     for (i = 0; i < 32; i += 8) {
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+0] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+0] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+37] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+1] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+1] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+38] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+2] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+2] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+39] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+3] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+3] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+40] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+4] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+4] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+41] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+5] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+5] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+42] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+6] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+6] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+43] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 4; r[i+7] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+7] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+44] + (s >> 57);
     }
-    n += (s & 0x1ffffffffffffffL) << 4; r[32] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[32] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[69] + (s >> 57);
-    n += (s & 0x1ffffffffffffffL) << 4; r[33] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[33] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[70] + (s >> 57);
-    n += (s & 0x1ffffffffffffffL) << 4; r[34] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[34] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[71] + (s >> 57);
     n += s << 4;              r[35] = n;
     XMEMSET(&r[36], 0, sizeof(*r) * 36U);
@@ -5092,33 +5087,33 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<35; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
             sp_2048_mul_add_36(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
         sp_2048_mul_add_36(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
     else {
         for (i=0; i<35; i++) {
-            mu = a[i] & 0x1ffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1ffffffffffffffL);
             sp_2048_mul_add_36(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = a[i] & 0x1fffffffffffffL;
+        mu = (sp_digit)(a[i] & 0x1fffffffffffffL);
         sp_2048_mul_add_36(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
 #else
     for (i=0; i<35; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
         sp_2048_mul_add_36(a+i, m, mu);
         a[i+1] += a[i] >> 57;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
     sp_2048_mul_add_36(a+i, m, mu);
     a[i+1] += a[i] >> 57;
     a[i] &= 0x1ffffffffffffffL;
@@ -5236,18 +5231,18 @@ SP_NOINLINE static void sp_2048_rshift_36(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<32; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[32] = (a[32] >> n) | ((a[33] << (57 - n)) & 0x1ffffffffffffffL);
-    r[33] = (a[33] >> n) | ((a[34] << (57 - n)) & 0x1ffffffffffffffL);
-    r[34] = (a[34] >> n) | ((a[35] << (57 - n)) & 0x1ffffffffffffffL);
+    r[32] = (a[32] >> n) | (sp_digit)((a[33] << (57 - n)) & 0x1ffffffffffffffL);
+    r[33] = (a[33] >> n) | (sp_digit)((a[34] << (57 - n)) & 0x1ffffffffffffffL);
+    r[34] = (a[34] >> n) | (sp_digit)((a[35] << (57 - n)) & 0x1ffffffffffffffL);
     r[35] = a[35] >> n;
 }
 
@@ -5538,7 +5533,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(t[0], m, mp);
         n = sp_2048_cmp_36(t[0], m);
-        sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
 
     }
@@ -5628,7 +5623,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(t[0], m, mp);
         n = sp_2048_cmp_36(t[0], m);
-        sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 63));
+        sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
     }
 
@@ -5756,7 +5751,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_2048_mont_reduce_36(rt, m, mp);
         n = sp_2048_cmp_36(rt, m);
-        sp_2048_cond_sub_36(rt, rt, m, ~(n >> 63));
+        sp_2048_cond_sub_36(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 72);
     }
 
@@ -6601,76 +6596,76 @@ SP_NOINLINE static void sp_2048_lshift_36(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[35];
     r[36] = s >> (57U - n);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[35] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[34] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[33] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[32] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[31] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[30] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[29] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[28] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[27] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[26] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[25] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[24] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[23] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[22] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[21] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[20] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[19] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[18] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[17] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[16] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[15] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[14] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
-    r[0] = (a[0] << n) & 0x1ffffffffffffffL;
+    r[1] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
+    r[0] = (sp_digit)((a[0] << n) & 0x1ffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -6781,7 +6776,7 @@ static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_2048_mont_reduce_36(r, m, mp);
         n = sp_2048_cmp_36(r, m);
-        sp_2048_cond_sub_36(r, r, m, ~(n >> 63));
+        sp_2048_cond_sub_36(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -7454,20 +7449,20 @@ SP_NOINLINE static void sp_3072_mul_add_26(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0xfffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffffL);
         t[1] += t[0] >> 60;
-        r[i+1] = t[1] & 0xfffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffffL);
         t[2] += t[1] >> 60;
-        r[i+2] = t[2] & 0xfffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffffL);
         t[3] += t[2] >> 60;
-        r[i+3] = t[3] & 0xfffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffffL);
         t[0]  = t[3] >> 60;
     }
     t[0] += (tb * a[24]) + r[24];
     t[1]  = (tb * a[25]) + r[25];
-    r[24] = t[0] & 0xfffffffffffffffL;
+    r[24] = (sp_digit)(t[0] & 0xfffffffffffffffL);
     t[1] += t[0] >> 60;
-    r[25] = t[1] & 0xfffffffffffffffL;
+    r[25] = (sp_digit)(t[1] & 0xfffffffffffffffL);
     r[26] +=  (sp_digit)(t[1] >> 60);
 }
 
@@ -7483,7 +7478,7 @@ static void sp_3072_mont_shift_26(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[26]) << 24;
 
     for (i = 0; i < 25; i++) {
-        r[i] = n & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(n & 0xfffffffffffffffL);
         n >>= 60;
         n += ((sp_int128)a[27 + i]) << 24;
     }
@@ -7506,11 +7501,11 @@ static void sp_3072_mont_reduce_26(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_3072_norm_26(a + 26);
 
     for (i=0; i<25; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL);
         sp_3072_mul_add_26(a+i, m, mu);
         a[i+1] += a[i] >> 60;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffL);
     sp_3072_mul_add_26(a+i, m, mu);
     a[i+1] += a[i] >> 60;
     a[i] &= 0xfffffffffffffffL;
@@ -7695,7 +7690,7 @@ SP_NOINLINE static void sp_3072_rshift_26(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<25; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL);
     }
     r[25] = a[25] >> n;
 }
@@ -7984,7 +7979,7 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_26(t[0], m, mp);
         n = sp_3072_cmp_26(t[0], m);
-        sp_3072_cond_sub_26(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_26(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 26 * 2);
 
     }
@@ -8074,7 +8069,7 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_26(t[0], m, mp);
         n = sp_3072_cmp_26(t[0], m);
-        sp_3072_cond_sub_26(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_26(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 26 * 2);
     }
 
@@ -8219,7 +8214,7 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_26(rt, m, mp);
         n = sp_3072_cmp_26(rt, m);
-        sp_3072_cond_sub_26(rt, rt, m, ~(n >> 63));
+        sp_3072_cond_sub_26(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 52);
     }
 
@@ -8330,26 +8325,26 @@ SP_NOINLINE static void sp_3072_mul_add_52(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0xfffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffffL);
         t[1] += t[0] >> 60;
-        r[i+1] = t[1] & 0xfffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffffL);
         t[2] += t[1] >> 60;
-        r[i+2] = t[2] & 0xfffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffffL);
         t[3] += t[2] >> 60;
-        r[i+3] = t[3] & 0xfffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffffL);
         t[0]  = t[3] >> 60;
     }
     t[0] += (tb * a[48]) + r[48];
     t[1]  = (tb * a[49]) + r[49];
     t[2]  = (tb * a[50]) + r[50];
     t[3]  = (tb * a[51]) + r[51];
-    r[48] = t[0] & 0xfffffffffffffffL;
+    r[48] = (sp_digit)(t[0] & 0xfffffffffffffffL);
     t[1] += t[0] >> 60;
-    r[49] = t[1] & 0xfffffffffffffffL;
+    r[49] = (sp_digit)(t[1] & 0xfffffffffffffffL);
     t[2] += t[1] >> 60;
-    r[50] = t[2] & 0xfffffffffffffffL;
+    r[50] = (sp_digit)(t[2] & 0xfffffffffffffffL);
     t[3] += t[2] >> 60;
-    r[51] = t[3] & 0xfffffffffffffffL;
+    r[51] = (sp_digit)(t[3] & 0xfffffffffffffffL);
     r[52] +=  (sp_digit)(t[3] >> 60);
 }
 
@@ -8365,7 +8360,7 @@ static void sp_3072_mont_shift_52(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[52]) << 48;
 
     for (i = 0; i < 51; i++) {
-        r[i] = n & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(n & 0xfffffffffffffffL);
         n >>= 60;
         n += ((sp_int128)a[53 + i]) << 48;
     }
@@ -8390,33 +8385,33 @@ static void sp_3072_mont_reduce_52(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<51; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL);
             sp_3072_mul_add_52(a+i, m, mu);
             a[i+1] += a[i] >> 60;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL);
         sp_3072_mul_add_52(a+i, m, mu);
         a[i+1] += a[i] >> 60;
         a[i] &= 0xfffffffffffffffL;
     }
     else {
         for (i=0; i<51; i++) {
-            mu = a[i] & 0xfffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0xfffffffffffffffL);
             sp_3072_mul_add_52(a+i, m, mu);
             a[i+1] += a[i] >> 60;
         }
-        mu = a[i] & 0xfffL;
+        mu = (sp_digit)(a[i] & 0xfffL);
         sp_3072_mul_add_52(a+i, m, mu);
         a[i+1] += a[i] >> 60;
         a[i] &= 0xfffffffffffffffL;
     }
 #else
     for (i=0; i<51; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL);
         sp_3072_mul_add_52(a+i, m, mu);
         a[i+1] += a[i] >> 60;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL);
     sp_3072_mul_add_52(a+i, m, mu);
     a[i+1] += a[i] >> 60;
     a[i] &= 0xfffffffffffffffL;
@@ -8522,7 +8517,7 @@ SP_NOINLINE static void sp_3072_rshift_52(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<51; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL);
     }
     r[51] = a[51] >> n;
 }
@@ -8812,7 +8807,7 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_52(t[0], m, mp);
         n = sp_3072_cmp_52(t[0], m);
-        sp_3072_cond_sub_52(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_52(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 52 * 2);
 
     }
@@ -8902,7 +8897,7 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_52(t[0], m, mp);
         n = sp_3072_cmp_52(t[0], m);
-        sp_3072_cond_sub_52(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_52(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 52 * 2);
     }
 
@@ -9030,7 +9025,7 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_52(rt, m, mp);
         n = sp_3072_cmp_52(rt, m);
-        sp_3072_cond_sub_52(rt, rt, m, ~(n >> 63));
+        sp_3072_cond_sub_52(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 104);
     }
 
@@ -9871,9 +9866,9 @@ SP_NOINLINE static void sp_3072_lshift_52(sp_digit* r, const sp_digit* a,
 
     r[52] = a[51] >> (60 - n);
     for (i=51; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (60 - n))) & 0xfffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (60 - n))) & 0xfffffffffffffffL);
     }
-    r[0] = (a[0] << n) & 0xfffffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0xfffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -9984,7 +9979,7 @@ static int sp_3072_mod_exp_2_52(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_3072_mont_reduce_52(r, m, mp);
         n = sp_3072_cmp_52(r, m);
-        sp_3072_cond_sub_52(r, r, m, ~(n >> 63));
+        sp_3072_cond_sub_52(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -10468,29 +10463,29 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint128)a[ 0]) * b[ 0];
     t1 = ((sp_uint128)a[ 0]) * b[ 1]
        + ((sp_uint128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 2]
        + ((sp_uint128)a[ 1]) * b[ 1]
        + ((sp_uint128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 3]
        + ((sp_uint128)a[ 1]) * b[ 2]
        + ((sp_uint128)a[ 2]) * b[ 1]
        + ((sp_uint128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 4]
        + ((sp_uint128)a[ 1]) * b[ 3]
        + ((sp_uint128)a[ 2]) * b[ 2]
        + ((sp_uint128)a[ 3]) * b[ 1]
        + ((sp_uint128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 5]
        + ((sp_uint128)a[ 1]) * b[ 4]
        + ((sp_uint128)a[ 2]) * b[ 3]
        + ((sp_uint128)a[ 3]) * b[ 2]
        + ((sp_uint128)a[ 4]) * b[ 1]
        + ((sp_uint128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 6]
        + ((sp_uint128)a[ 1]) * b[ 5]
        + ((sp_uint128)a[ 2]) * b[ 4]
@@ -10498,7 +10493,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 4]) * b[ 2]
        + ((sp_uint128)a[ 5]) * b[ 1]
        + ((sp_uint128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 0]) * b[ 7]
        + ((sp_uint128)a[ 1]) * b[ 6]
        + ((sp_uint128)a[ 2]) * b[ 5]
@@ -10507,7 +10502,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 5]) * b[ 2]
        + ((sp_uint128)a[ 6]) * b[ 1]
        + ((sp_uint128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 0]) * b[ 8]
        + ((sp_uint128)a[ 1]) * b[ 7]
        + ((sp_uint128)a[ 2]) * b[ 6]
@@ -10517,7 +10512,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 2]
        + ((sp_uint128)a[ 7]) * b[ 1]
        + ((sp_uint128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 1]) * b[ 8]
        + ((sp_uint128)a[ 2]) * b[ 7]
        + ((sp_uint128)a[ 3]) * b[ 6]
@@ -10526,7 +10521,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 3]
        + ((sp_uint128)a[ 7]) * b[ 2]
        + ((sp_uint128)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 2]) * b[ 8]
        + ((sp_uint128)a[ 3]) * b[ 7]
        + ((sp_uint128)a[ 4]) * b[ 6]
@@ -10534,35 +10529,35 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 4]
        + ((sp_uint128)a[ 7]) * b[ 3]
        + ((sp_uint128)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 3]) * b[ 8]
        + ((sp_uint128)a[ 4]) * b[ 7]
        + ((sp_uint128)a[ 5]) * b[ 6]
        + ((sp_uint128)a[ 6]) * b[ 5]
        + ((sp_uint128)a[ 7]) * b[ 4]
        + ((sp_uint128)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 4]) * b[ 8]
        + ((sp_uint128)a[ 5]) * b[ 7]
        + ((sp_uint128)a[ 6]) * b[ 6]
        + ((sp_uint128)a[ 7]) * b[ 5]
        + ((sp_uint128)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 5]) * b[ 8]
        + ((sp_uint128)a[ 6]) * b[ 7]
        + ((sp_uint128)a[ 7]) * b[ 6]
        + ((sp_uint128)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 6]) * b[ 8]
        + ((sp_uint128)a[ 7]) * b[ 7]
        + ((sp_uint128)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_uint128)a[ 7]) * b[ 8]
        + ((sp_uint128)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_uint128)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -10820,66 +10815,66 @@ SP_NOINLINE static void sp_3072_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint128)a[ 0]) * a[ 0];
     t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 3]
        +  ((sp_uint128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 4]
        +  ((sp_uint128)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 5]
        +  ((sp_uint128)a[ 1]) * a[ 4]
        +  ((sp_uint128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 6]
        +  ((sp_uint128)a[ 1]) * a[ 5]
        +  ((sp_uint128)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 0]) * a[ 7]
        +  ((sp_uint128)a[ 1]) * a[ 6]
        +  ((sp_uint128)a[ 2]) * a[ 5]
        +  ((sp_uint128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 0]) * a[ 8]
        +  ((sp_uint128)a[ 1]) * a[ 7]
        +  ((sp_uint128)a[ 2]) * a[ 6]
        +  ((sp_uint128)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 1]) * a[ 8]
        +  ((sp_uint128)a[ 2]) * a[ 7]
        +  ((sp_uint128)a[ 3]) * a[ 6]
        +  ((sp_uint128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 2]) * a[ 8]
        +  ((sp_uint128)a[ 3]) * a[ 7]
        +  ((sp_uint128)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint128)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 3]) * a[ 8]
        +  ((sp_uint128)a[ 4]) * a[ 7]
        +  ((sp_uint128)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 4]) * a[ 8]
        +  ((sp_uint128)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint128)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 5]) * a[ 8]
        +  ((sp_uint128)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_uint128)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_uint128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 =  ((sp_uint128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -11185,26 +11180,26 @@ static void sp_3072_mont_shift_27(sp_digit* r, const sp_digit* a)
 
     s = a[27]; n = a[26] >> 54;
     for (i = 0; i < 24; i += 8) {
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+0] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+0] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+28] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+1] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+1] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+29] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+2] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+2] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+30] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+3] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+3] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+31] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+4] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+4] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+32] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+5] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+5] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+33] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+6] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+6] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+34] + (s >> 57);
-        n += (s & 0x1ffffffffffffffL) << 3; r[i+7] = n & 0x1ffffffffffffffL;
+        n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+7] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; s = a[i+35] + (s >> 57);
     }
-    n += (s & 0x1ffffffffffffffL) << 3; r[24] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[24] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[52] + (s >> 57);
-    n += (s & 0x1ffffffffffffffL) << 3; r[25] = n & 0x1ffffffffffffffL;
+    n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[25] = (sp_digit)(n & 0x1ffffffffffffffL);
     n >>= 57; s = a[53] + (s >> 57);
     n += s << 3;              r[26] = n;
     XMEMSET(&r[27], 0, sizeof(*r) * 27U);
@@ -11225,11 +11220,11 @@ static void sp_3072_mont_reduce_27(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_3072_norm_27(a + 27);
 
     for (i=0; i<26; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
         sp_3072_mul_add_27(a+i, m, mu);
         a[i+1] += a[i] >> 57;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL);
     sp_3072_mul_add_27(a+i, m, mu);
     a[i+1] += a[i] >> 57;
     a[i] &= 0x1ffffffffffffffL;
@@ -11354,17 +11349,17 @@ SP_NOINLINE static void sp_3072_rshift_27(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<24; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[24] = (a[24] >> n) | ((a[25] << (57 - n)) & 0x1ffffffffffffffL);
-    r[25] = (a[25] >> n) | ((a[26] << (57 - n)) & 0x1ffffffffffffffL);
+    r[24] = (a[24] >> n) | (sp_digit)((a[25] << (57 - n)) & 0x1ffffffffffffffL);
+    r[25] = (a[25] >> n) | (sp_digit)((a[26] << (57 - n)) & 0x1ffffffffffffffL);
     r[26] = a[26] >> n;
 }
 
@@ -11652,7 +11647,7 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_27(t[0], m, mp);
         n = sp_3072_cmp_27(t[0], m);
-        sp_3072_cond_sub_27(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_27(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 27 * 2);
 
     }
@@ -11742,7 +11737,7 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_27(t[0], m, mp);
         n = sp_3072_cmp_27(t[0], m);
-        sp_3072_cond_sub_27(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_27(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 27 * 2);
     }
 
@@ -11887,7 +11882,7 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_27(rt, m, mp);
         n = sp_3072_cmp_27(rt, m);
-        sp_3072_cond_sub_27(rt, rt, m, ~(n >> 63));
+        sp_3072_cond_sub_27(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 54);
     }
 
@@ -12055,28 +12050,28 @@ static void sp_3072_mont_shift_54(sp_digit* r, const sp_digit* a)
     sp_int128 n = a[53] >> 51;
     n += ((sp_int128)a[54]) << 6;
     for (i = 0; i < 48; i += 8) {
-        r[i + 0] = n & 0x1ffffffffffffffL;
+        r[i + 0] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 55]) << 6;
-        r[i + 1] = n & 0x1ffffffffffffffL;
+        r[i + 1] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 56]) << 6;
-        r[i + 2] = n & 0x1ffffffffffffffL;
+        r[i + 2] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 57]) << 6;
-        r[i + 3] = n & 0x1ffffffffffffffL;
+        r[i + 3] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 58]) << 6;
-        r[i + 4] = n & 0x1ffffffffffffffL;
+        r[i + 4] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 59]) << 6;
-        r[i + 5] = n & 0x1ffffffffffffffL;
+        r[i + 5] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 60]) << 6;
-        r[i + 6] = n & 0x1ffffffffffffffL;
+        r[i + 6] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 61]) << 6;
-        r[i + 7] = n & 0x1ffffffffffffffL;
+        r[i + 7] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57; n += ((sp_int128)a[i + 62]) << 6;
     }
-    r[48] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[103]) << 6;
-    r[49] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[104]) << 6;
-    r[50] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[105]) << 6;
-    r[51] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[106]) << 6;
-    r[52] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[107]) << 6;
+    r[48] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[103]) << 6;
+    r[49] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[104]) << 6;
+    r[50] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[105]) << 6;
+    r[51] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[106]) << 6;
+    r[52] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[107]) << 6;
     r[53] = (sp_digit)n;
     XMEMSET(&r[54], 0, sizeof(*r) * 54U);
 }
@@ -12098,33 +12093,33 @@ static void sp_3072_mont_reduce_54(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<53; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
             sp_3072_mul_add_54(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL);
         sp_3072_mul_add_54(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
     else {
         for (i=0; i<53; i++) {
-            mu = a[i] & 0x1ffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1ffffffffffffffL);
             sp_3072_mul_add_54(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = a[i] & 0x7ffffffffffffL;
+        mu = (sp_digit)(a[i] & 0x7ffffffffffffL);
         sp_3072_mul_add_54(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
 #else
     for (i=0; i<53; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
         sp_3072_mul_add_54(a+i, m, mu);
         a[i+1] += a[i] >> 57;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL);
     sp_3072_mul_add_54(a+i, m, mu);
     a[i+1] += a[i] >> 57;
     a[i] &= 0x1ffffffffffffffL;
@@ -12244,20 +12239,20 @@ SP_NOINLINE static void sp_3072_rshift_54(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<48; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[48] = (a[48] >> n) | ((a[49] << (57 - n)) & 0x1ffffffffffffffL);
-    r[49] = (a[49] >> n) | ((a[50] << (57 - n)) & 0x1ffffffffffffffL);
-    r[50] = (a[50] >> n) | ((a[51] << (57 - n)) & 0x1ffffffffffffffL);
-    r[51] = (a[51] >> n) | ((a[52] << (57 - n)) & 0x1ffffffffffffffL);
-    r[52] = (a[52] >> n) | ((a[53] << (57 - n)) & 0x1ffffffffffffffL);
+    r[48] = (a[48] >> n) | (sp_digit)((a[49] << (57 - n)) & 0x1ffffffffffffffL);
+    r[49] = (a[49] >> n) | (sp_digit)((a[50] << (57 - n)) & 0x1ffffffffffffffL);
+    r[50] = (a[50] >> n) | (sp_digit)((a[51] << (57 - n)) & 0x1ffffffffffffffL);
+    r[51] = (a[51] >> n) | (sp_digit)((a[52] << (57 - n)) & 0x1ffffffffffffffL);
+    r[52] = (a[52] >> n) | (sp_digit)((a[53] << (57 - n)) & 0x1ffffffffffffffL);
     r[53] = a[53] >> n;
 }
 
@@ -12548,7 +12543,7 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_54(t[0], m, mp);
         n = sp_3072_cmp_54(t[0], m);
-        sp_3072_cond_sub_54(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_54(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 54 * 2);
 
     }
@@ -12638,7 +12633,7 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_54(t[0], m, mp);
         n = sp_3072_cmp_54(t[0], m);
-        sp_3072_cond_sub_54(t[0], t[0], m, ~(n >> 63));
+        sp_3072_cond_sub_54(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 54 * 2);
     }
 
@@ -12766,7 +12761,7 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_3072_mont_reduce_54(rt, m, mp);
         n = sp_3072_cmp_54(rt, m);
-        sp_3072_cond_sub_54(rt, rt, m, ~(n >> 63));
+        sp_3072_cond_sub_54(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 108);
     }
 
@@ -13611,112 +13606,112 @@ SP_NOINLINE static void sp_3072_lshift_54(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[53];
     r[54] = s >> (57U - n);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[53] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[52] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[51] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[50] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[49] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[48] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[47] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[46] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[45] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[44] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[43] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[42] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[41] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[40] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[39] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[38] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[37] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[36] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[35] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[34] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[33] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[32] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[31] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[30] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[29] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[28] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[27] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[26] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[25] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[24] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[23] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[22] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[21] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[20] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[19] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[18] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[17] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[16] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[15] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[14] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL;
-    r[0] = (a[0] << n) & 0x1ffffffffffffffL;
+    r[1] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL);
+    r[0] = (sp_digit)((a[0] << n) & 0x1ffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -13827,7 +13822,7 @@ static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_3072_mont_reduce_54(r, m, mp);
         n = sp_3072_cmp_54(r, m);
-        sp_3072_cond_sub_54(r, r, m, ~(n >> 63));
+        sp_3072_cond_sub_54(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -14503,23 +14498,23 @@ SP_NOINLINE static void sp_4096_mul_add_35(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x7ffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x7ffffffffffffffL);
         t[1] += t[0] >> 59;
-        r[i+1] = t[1] & 0x7ffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x7ffffffffffffffL);
         t[2] += t[1] >> 59;
-        r[i+2] = t[2] & 0x7ffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x7ffffffffffffffL);
         t[3] += t[2] >> 59;
-        r[i+3] = t[3] & 0x7ffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x7ffffffffffffffL);
         t[0]  = t[3] >> 59;
     }
     t[0] += (tb * a[32]) + r[32];
     t[1]  = (tb * a[33]) + r[33];
     t[2]  = (tb * a[34]) + r[34];
-    r[32] = t[0] & 0x7ffffffffffffffL;
+    r[32] = (sp_digit)(t[0] & 0x7ffffffffffffffL);
     t[1] += t[0] >> 59;
-    r[33] = t[1] & 0x7ffffffffffffffL;
+    r[33] = (sp_digit)(t[1] & 0x7ffffffffffffffL);
     t[2] += t[1] >> 59;
-    r[34] = t[2] & 0x7ffffffffffffffL;
+    r[34] = (sp_digit)(t[2] & 0x7ffffffffffffffL);
     r[35] +=  (sp_digit)(t[2] >> 59);
 }
 
@@ -14535,7 +14530,7 @@ static void sp_4096_mont_shift_35(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[35]) << 17;
 
     for (i = 0; i < 34; i++) {
-        r[i] = n & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x7ffffffffffffffL);
         n >>= 59;
         n += ((sp_int128)a[36 + i]) << 17;
     }
@@ -14558,11 +14553,11 @@ static void sp_4096_mont_reduce_35(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_4096_norm_35(a + 35);
 
     for (i=0; i<34; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL);
         sp_4096_mul_add_35(a+i, m, mu);
         a[i+1] += a[i] >> 59;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffL);
     sp_4096_mul_add_35(a+i, m, mu);
     a[i+1] += a[i] >> 59;
     a[i] &= 0x7ffffffffffffffL;
@@ -14747,7 +14742,7 @@ SP_NOINLINE static void sp_4096_rshift_35(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<34; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL);
     }
     r[34] = a[34] >> n;
 }
@@ -15036,7 +15031,7 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_35(t[0], m, mp);
         n = sp_4096_cmp_35(t[0], m);
-        sp_4096_cond_sub_35(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_35(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 35 * 2);
 
     }
@@ -15126,7 +15121,7 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_35(t[0], m, mp);
         n = sp_4096_cmp_35(t[0], m);
-        sp_4096_cond_sub_35(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_35(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 35 * 2);
     }
 
@@ -15271,7 +15266,7 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_35(rt, m, mp);
         n = sp_4096_cmp_35(rt, m);
-        sp_4096_cond_sub_35(rt, rt, m, ~(n >> 63));
+        sp_4096_cond_sub_35(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 70);
     }
 
@@ -15383,20 +15378,20 @@ SP_NOINLINE static void sp_4096_mul_add_70(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x7ffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x7ffffffffffffffL);
         t[1] += t[0] >> 59;
-        r[i+1] = t[1] & 0x7ffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x7ffffffffffffffL);
         t[2] += t[1] >> 59;
-        r[i+2] = t[2] & 0x7ffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x7ffffffffffffffL);
         t[3] += t[2] >> 59;
-        r[i+3] = t[3] & 0x7ffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x7ffffffffffffffL);
         t[0]  = t[3] >> 59;
     }
     t[0] += (tb * a[68]) + r[68];
     t[1]  = (tb * a[69]) + r[69];
-    r[68] = t[0] & 0x7ffffffffffffffL;
+    r[68] = (sp_digit)(t[0] & 0x7ffffffffffffffL);
     t[1] += t[0] >> 59;
-    r[69] = t[1] & 0x7ffffffffffffffL;
+    r[69] = (sp_digit)(t[1] & 0x7ffffffffffffffL);
     r[70] +=  (sp_digit)(t[1] >> 59);
 }
 
@@ -15412,7 +15407,7 @@ static void sp_4096_mont_shift_70(sp_digit* r, const sp_digit* a)
     n += ((sp_int128)a[70]) << 34;
 
     for (i = 0; i < 69; i++) {
-        r[i] = n & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x7ffffffffffffffL);
         n >>= 59;
         n += ((sp_int128)a[71 + i]) << 34;
     }
@@ -15437,33 +15432,33 @@ static void sp_4096_mont_reduce_70(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<69; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL);
             sp_4096_mul_add_70(a+i, m, mu);
             a[i+1] += a[i] >> 59;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL);
         sp_4096_mul_add_70(a+i, m, mu);
         a[i+1] += a[i] >> 59;
         a[i] &= 0x7ffffffffffffffL;
     }
     else {
         for (i=0; i<69; i++) {
-            mu = a[i] & 0x7ffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x7ffffffffffffffL);
             sp_4096_mul_add_70(a+i, m, mu);
             a[i+1] += a[i] >> 59;
         }
-        mu = a[i] & 0x1ffffffL;
+        mu = (sp_digit)(a[i] & 0x1ffffffL);
         sp_4096_mul_add_70(a+i, m, mu);
         a[i+1] += a[i] >> 59;
         a[i] &= 0x7ffffffffffffffL;
     }
 #else
     for (i=0; i<69; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL);
         sp_4096_mul_add_70(a+i, m, mu);
         a[i+1] += a[i] >> 59;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL);
     sp_4096_mul_add_70(a+i, m, mu);
     a[i+1] += a[i] >> 59;
     a[i] &= 0x7ffffffffffffffL;
@@ -15569,7 +15564,7 @@ SP_NOINLINE static void sp_4096_rshift_70(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<69; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL);
     }
     r[69] = a[69] >> n;
 }
@@ -15859,7 +15854,7 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_70(t[0], m, mp);
         n = sp_4096_cmp_70(t[0], m);
-        sp_4096_cond_sub_70(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_70(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 70 * 2);
 
     }
@@ -15949,7 +15944,7 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_70(t[0], m, mp);
         n = sp_4096_cmp_70(t[0], m);
-        sp_4096_cond_sub_70(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_70(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 70 * 2);
     }
 
@@ -16077,7 +16072,7 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_70(rt, m, mp);
         n = sp_4096_cmp_70(rt, m);
-        sp_4096_cond_sub_70(rt, rt, m, ~(n >> 63));
+        sp_4096_cond_sub_70(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 140);
     }
 
@@ -16918,9 +16913,9 @@ SP_NOINLINE static void sp_4096_lshift_70(sp_digit* r, const sp_digit* a,
 
     r[70] = a[69] >> (59 - n);
     for (i=69; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (59 - n))) & 0x7ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (59 - n))) & 0x7ffffffffffffffL);
     }
-    r[0] = (a[0] << n) & 0x7ffffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0x7ffffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -17031,7 +17026,7 @@ static int sp_4096_mod_exp_2_70(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_4096_mont_reduce_70(r, m, mp);
         n = sp_4096_cmp_70(r, m);
-        sp_4096_cond_sub_70(r, r, m, ~(n >> 63));
+        sp_4096_cond_sub_70(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -17379,29 +17374,29 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
     t0 = ((sp_uint128)a[ 0]) * b[ 0];
     t1 = ((sp_uint128)a[ 0]) * b[ 1]
        + ((sp_uint128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[ 2]
        + ((sp_uint128)a[ 1]) * b[ 1]
        + ((sp_uint128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[ 3]
        + ((sp_uint128)a[ 1]) * b[ 2]
        + ((sp_uint128)a[ 2]) * b[ 1]
        + ((sp_uint128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[ 4]
        + ((sp_uint128)a[ 1]) * b[ 3]
        + ((sp_uint128)a[ 2]) * b[ 2]
        + ((sp_uint128)a[ 3]) * b[ 1]
        + ((sp_uint128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[ 5]
        + ((sp_uint128)a[ 1]) * b[ 4]
        + ((sp_uint128)a[ 2]) * b[ 3]
        + ((sp_uint128)a[ 3]) * b[ 2]
        + ((sp_uint128)a[ 4]) * b[ 1]
        + ((sp_uint128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[ 6]
        + ((sp_uint128)a[ 1]) * b[ 5]
        + ((sp_uint128)a[ 2]) * b[ 4]
@@ -17409,7 +17404,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 4]) * b[ 2]
        + ((sp_uint128)a[ 5]) * b[ 1]
        + ((sp_uint128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[ 7]
        + ((sp_uint128)a[ 1]) * b[ 6]
        + ((sp_uint128)a[ 2]) * b[ 5]
@@ -17418,7 +17413,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 5]) * b[ 2]
        + ((sp_uint128)a[ 6]) * b[ 1]
        + ((sp_uint128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[ 8]
        + ((sp_uint128)a[ 1]) * b[ 7]
        + ((sp_uint128)a[ 2]) * b[ 6]
@@ -17428,7 +17423,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 6]) * b[ 2]
        + ((sp_uint128)a[ 7]) * b[ 1]
        + ((sp_uint128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[ 9]
        + ((sp_uint128)a[ 1]) * b[ 8]
        + ((sp_uint128)a[ 2]) * b[ 7]
@@ -17439,7 +17434,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 7]) * b[ 2]
        + ((sp_uint128)a[ 8]) * b[ 1]
        + ((sp_uint128)a[ 9]) * b[ 0];
-    t[ 8] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[10]
        + ((sp_uint128)a[ 1]) * b[ 9]
        + ((sp_uint128)a[ 2]) * b[ 8]
@@ -17451,7 +17446,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 8]) * b[ 2]
        + ((sp_uint128)a[ 9]) * b[ 1]
        + ((sp_uint128)a[10]) * b[ 0];
-    t[ 9] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 9] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 0]) * b[11]
        + ((sp_uint128)a[ 1]) * b[10]
        + ((sp_uint128)a[ 2]) * b[ 9]
@@ -17464,7 +17459,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[ 9]) * b[ 2]
        + ((sp_uint128)a[10]) * b[ 1]
        + ((sp_uint128)a[11]) * b[ 0];
-    t[10] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[10] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 0]) * b[12]
        + ((sp_uint128)a[ 1]) * b[11]
        + ((sp_uint128)a[ 2]) * b[10]
@@ -17478,7 +17473,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 2]
        + ((sp_uint128)a[11]) * b[ 1]
        + ((sp_uint128)a[12]) * b[ 0];
-    t[11] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[11] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 1]) * b[12]
        + ((sp_uint128)a[ 2]) * b[11]
        + ((sp_uint128)a[ 3]) * b[10]
@@ -17491,7 +17486,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 3]
        + ((sp_uint128)a[11]) * b[ 2]
        + ((sp_uint128)a[12]) * b[ 1];
-    t[12] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[12] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 2]) * b[12]
        + ((sp_uint128)a[ 3]) * b[11]
        + ((sp_uint128)a[ 4]) * b[10]
@@ -17503,7 +17498,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 4]
        + ((sp_uint128)a[11]) * b[ 3]
        + ((sp_uint128)a[12]) * b[ 2];
-    r[13] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[13] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 3]) * b[12]
        + ((sp_uint128)a[ 4]) * b[11]
        + ((sp_uint128)a[ 5]) * b[10]
@@ -17514,7 +17509,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 5]
        + ((sp_uint128)a[11]) * b[ 4]
        + ((sp_uint128)a[12]) * b[ 3];
-    r[14] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[14] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 4]) * b[12]
        + ((sp_uint128)a[ 5]) * b[11]
        + ((sp_uint128)a[ 6]) * b[10]
@@ -17524,7 +17519,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 6]
        + ((sp_uint128)a[11]) * b[ 5]
        + ((sp_uint128)a[12]) * b[ 4];
-    r[15] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[15] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 5]) * b[12]
        + ((sp_uint128)a[ 6]) * b[11]
        + ((sp_uint128)a[ 7]) * b[10]
@@ -17533,7 +17528,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 7]
        + ((sp_uint128)a[11]) * b[ 6]
        + ((sp_uint128)a[12]) * b[ 5];
-    r[16] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[16] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 6]) * b[12]
        + ((sp_uint128)a[ 7]) * b[11]
        + ((sp_uint128)a[ 8]) * b[10]
@@ -17541,35 +17536,35 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a,
        + ((sp_uint128)a[10]) * b[ 8]
        + ((sp_uint128)a[11]) * b[ 7]
        + ((sp_uint128)a[12]) * b[ 6];
-    r[17] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[17] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 7]) * b[12]
        + ((sp_uint128)a[ 8]) * b[11]
        + ((sp_uint128)a[ 9]) * b[10]
        + ((sp_uint128)a[10]) * b[ 9]
        + ((sp_uint128)a[11]) * b[ 8]
        + ((sp_uint128)a[12]) * b[ 7];
-    r[18] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[18] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[ 8]) * b[12]
        + ((sp_uint128)a[ 9]) * b[11]
        + ((sp_uint128)a[10]) * b[10]
        + ((sp_uint128)a[11]) * b[ 9]
        + ((sp_uint128)a[12]) * b[ 8];
-    r[19] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[19] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[ 9]) * b[12]
        + ((sp_uint128)a[10]) * b[11]
        + ((sp_uint128)a[11]) * b[10]
        + ((sp_uint128)a[12]) * b[ 9];
-    r[20] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[20] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[10]) * b[12]
        + ((sp_uint128)a[11]) * b[11]
        + ((sp_uint128)a[12]) * b[10];
-    r[21] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[21] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = ((sp_uint128)a[11]) * b[12]
        + ((sp_uint128)a[12]) * b[11];
-    r[22] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[22] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = ((sp_uint128)a[12]) * b[12];
-    r[23] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
-    r[24] = t0 & 0x1fffffffffffffL;
+    r[23] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
+    r[24] = (sp_digit)(t0 & 0x1fffffffffffffL);
     r[25] = (sp_digit)(t0 >> 53);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -17835,57 +17830,57 @@ SP_NOINLINE static void sp_4096_sqr_13(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_uint128)a[ 0]) * a[ 0];
     t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 0] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2
        +  ((sp_uint128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 1] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[ 3]
        +  ((sp_uint128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 2] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[ 4]
        +  ((sp_uint128)a[ 1]) * a[ 3]) * 2
        +  ((sp_uint128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 3] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[ 5]
        +  ((sp_uint128)a[ 1]) * a[ 4]
        +  ((sp_uint128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 4] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[ 6]
        +  ((sp_uint128)a[ 1]) * a[ 5]
        +  ((sp_uint128)a[ 2]) * a[ 4]) * 2
        +  ((sp_uint128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 5] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[ 7]
        +  ((sp_uint128)a[ 1]) * a[ 6]
        +  ((sp_uint128)a[ 2]) * a[ 5]
        +  ((sp_uint128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 6] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[ 8]
        +  ((sp_uint128)a[ 1]) * a[ 7]
        +  ((sp_uint128)a[ 2]) * a[ 6]
        +  ((sp_uint128)a[ 3]) * a[ 5]) * 2
        +  ((sp_uint128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 7] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[ 9]
        +  ((sp_uint128)a[ 1]) * a[ 8]
        +  ((sp_uint128)a[ 2]) * a[ 7]
        +  ((sp_uint128)a[ 3]) * a[ 6]
        +  ((sp_uint128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[ 8] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[10]
        +  ((sp_uint128)a[ 1]) * a[ 9]
        +  ((sp_uint128)a[ 2]) * a[ 8]
        +  ((sp_uint128)a[ 3]) * a[ 7]
        +  ((sp_uint128)a[ 4]) * a[ 6]) * 2
        +  ((sp_uint128)a[ 5]) * a[ 5];
-    t[ 9] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[ 9] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 0]) * a[11]
        +  ((sp_uint128)a[ 1]) * a[10]
        +  ((sp_uint128)a[ 2]) * a[ 9]
        +  ((sp_uint128)a[ 3]) * a[ 8]
        +  ((sp_uint128)a[ 4]) * a[ 7]
        +  ((sp_uint128)a[ 5]) * a[ 6]) * 2;
-    t[10] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[10] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 0]) * a[12]
        +  ((sp_uint128)a[ 1]) * a[11]
        +  ((sp_uint128)a[ 2]) * a[10]
@@ -17893,62 +17888,62 @@ SP_NOINLINE static void sp_4096_sqr_13(sp_digit* r, const sp_digit* a)
        +  ((sp_uint128)a[ 4]) * a[ 8]
        +  ((sp_uint128)a[ 5]) * a[ 7]) * 2
        +  ((sp_uint128)a[ 6]) * a[ 6];
-    t[11] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    t[11] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 1]) * a[12]
        +  ((sp_uint128)a[ 2]) * a[11]
        +  ((sp_uint128)a[ 3]) * a[10]
        +  ((sp_uint128)a[ 4]) * a[ 9]
        +  ((sp_uint128)a[ 5]) * a[ 8]
        +  ((sp_uint128)a[ 6]) * a[ 7]) * 2;
-    t[12] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    t[12] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 2]) * a[12]
        +  ((sp_uint128)a[ 3]) * a[11]
        +  ((sp_uint128)a[ 4]) * a[10]
        +  ((sp_uint128)a[ 5]) * a[ 9]
        +  ((sp_uint128)a[ 6]) * a[ 8]) * 2
        +  ((sp_uint128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[13] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 3]) * a[12]
        +  ((sp_uint128)a[ 4]) * a[11]
        +  ((sp_uint128)a[ 5]) * a[10]
        +  ((sp_uint128)a[ 6]) * a[ 9]
        +  ((sp_uint128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[14] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 4]) * a[12]
        +  ((sp_uint128)a[ 5]) * a[11]
        +  ((sp_uint128)a[ 6]) * a[10]
        +  ((sp_uint128)a[ 7]) * a[ 9]) * 2
        +  ((sp_uint128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[15] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 5]) * a[12]
        +  ((sp_uint128)a[ 6]) * a[11]
        +  ((sp_uint128)a[ 7]) * a[10]
        +  ((sp_uint128)a[ 8]) * a[ 9]) * 2;
-    r[16] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[16] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 6]) * a[12]
        +  ((sp_uint128)a[ 7]) * a[11]
        +  ((sp_uint128)a[ 8]) * a[10]) * 2
        +  ((sp_uint128)a[ 9]) * a[ 9];
-    r[17] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[17] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 7]) * a[12]
        +  ((sp_uint128)a[ 8]) * a[11]
        +  ((sp_uint128)a[ 9]) * a[10]) * 2;
-    r[18] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[18] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[ 8]) * a[12]
        +  ((sp_uint128)a[ 9]) * a[11]) * 2
        +  ((sp_uint128)a[10]) * a[10];
-    r[19] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[19] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[ 9]) * a[12]
        +  ((sp_uint128)a[10]) * a[11]) * 2;
-    r[20] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[20] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 = (((sp_uint128)a[10]) * a[12]) * 2
        +  ((sp_uint128)a[11]) * a[11];
-    r[21] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
+    r[21] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
     t1 = (((sp_uint128)a[11]) * a[12]) * 2;
-    r[22] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53;
+    r[22] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53;
     t0 =  ((sp_uint128)a[12]) * a[12];
-    r[23] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53;
-    r[24] = t0 & 0x1fffffffffffffL;
+    r[23] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53;
+    r[24] = (sp_digit)(t0 & 0x1fffffffffffffL);
     r[25] = (sp_digit)(t0 >> 53);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -18277,29 +18272,29 @@ static void sp_4096_mont_shift_39(sp_digit* r, const sp_digit* a)
     sp_int128 n = a[38] >> 34;
     n += ((sp_int128)a[39]) << 19;
     for (i = 0; i < 32; i += 8) {
-        r[i + 0] = n & 0x1fffffffffffffL;
+        r[i + 0] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 40]) << 19;
-        r[i + 1] = n & 0x1fffffffffffffL;
+        r[i + 1] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 41]) << 19;
-        r[i + 2] = n & 0x1fffffffffffffL;
+        r[i + 2] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 42]) << 19;
-        r[i + 3] = n & 0x1fffffffffffffL;
+        r[i + 3] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 43]) << 19;
-        r[i + 4] = n & 0x1fffffffffffffL;
+        r[i + 4] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 44]) << 19;
-        r[i + 5] = n & 0x1fffffffffffffL;
+        r[i + 5] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 45]) << 19;
-        r[i + 6] = n & 0x1fffffffffffffL;
+        r[i + 6] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 46]) << 19;
-        r[i + 7] = n & 0x1fffffffffffffL;
+        r[i + 7] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 47]) << 19;
     }
-    r[32] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[72]) << 19;
-    r[33] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[73]) << 19;
-    r[34] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[74]) << 19;
-    r[35] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[75]) << 19;
-    r[36] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[76]) << 19;
-    r[37] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[77]) << 19;
+    r[32] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[72]) << 19;
+    r[33] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[73]) << 19;
+    r[34] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[74]) << 19;
+    r[35] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[75]) << 19;
+    r[36] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[76]) << 19;
+    r[37] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[77]) << 19;
     r[38] = (sp_digit)n;
     XMEMSET(&r[39], 0, sizeof(*r) * 39U);
 }
@@ -18319,11 +18314,11 @@ static void sp_4096_mont_reduce_39(sp_digit* a, const sp_digit* m, sp_digit mp)
     sp_4096_norm_39(a + 39);
 
     for (i=0; i<38; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
         sp_4096_mul_add_39(a+i, m, mu);
         a[i+1] += a[i] >> 53;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffL);
     sp_4096_mul_add_39(a+i, m, mu);
     a[i+1] += a[i] >> 53;
     a[i] &= 0x1fffffffffffffL;
@@ -18452,21 +18447,21 @@ SP_NOINLINE static void sp_4096_rshift_39(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<32; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (53 - n)) & 0x1fffffffffffffL);
     }
-    r[32] = (a[32] >> n) | ((a[33] << (53 - n)) & 0x1fffffffffffffL);
-    r[33] = (a[33] >> n) | ((a[34] << (53 - n)) & 0x1fffffffffffffL);
-    r[34] = (a[34] >> n) | ((a[35] << (53 - n)) & 0x1fffffffffffffL);
-    r[35] = (a[35] >> n) | ((a[36] << (53 - n)) & 0x1fffffffffffffL);
-    r[36] = (a[36] >> n) | ((a[37] << (53 - n)) & 0x1fffffffffffffL);
-    r[37] = (a[37] >> n) | ((a[38] << (53 - n)) & 0x1fffffffffffffL);
+    r[32] = (a[32] >> n) | (sp_digit)((a[33] << (53 - n)) & 0x1fffffffffffffL);
+    r[33] = (a[33] >> n) | (sp_digit)((a[34] << (53 - n)) & 0x1fffffffffffffL);
+    r[34] = (a[34] >> n) | (sp_digit)((a[35] << (53 - n)) & 0x1fffffffffffffL);
+    r[35] = (a[35] >> n) | (sp_digit)((a[36] << (53 - n)) & 0x1fffffffffffffL);
+    r[36] = (a[36] >> n) | (sp_digit)((a[37] << (53 - n)) & 0x1fffffffffffffL);
+    r[37] = (a[37] >> n) | (sp_digit)((a[38] << (53 - n)) & 0x1fffffffffffffL);
     r[38] = a[38] >> n;
 }
 
@@ -18754,7 +18749,7 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_39(t[0], m, mp);
         n = sp_4096_cmp_39(t[0], m);
-        sp_4096_cond_sub_39(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_39(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 39 * 2);
 
     }
@@ -18844,7 +18839,7 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_39(t[0], m, mp);
         n = sp_4096_cmp_39(t[0], m);
-        sp_4096_cond_sub_39(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_39(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 39 * 2);
     }
 
@@ -18989,7 +18984,7 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_39(rt, m, mp);
         n = sp_4096_cmp_39(rt, m);
-        sp_4096_cond_sub_39(rt, rt, m, ~(n >> 63));
+        sp_4096_cond_sub_39(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 78);
     }
 
@@ -19158,28 +19153,28 @@ static void sp_4096_mont_shift_78(sp_digit* r, const sp_digit* a)
     sp_int128 n = a[77] >> 15;
     n += ((sp_int128)a[78]) << 38;
     for (i = 0; i < 72; i += 8) {
-        r[i + 0] = n & 0x1fffffffffffffL;
+        r[i + 0] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 79]) << 38;
-        r[i + 1] = n & 0x1fffffffffffffL;
+        r[i + 1] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 80]) << 38;
-        r[i + 2] = n & 0x1fffffffffffffL;
+        r[i + 2] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 81]) << 38;
-        r[i + 3] = n & 0x1fffffffffffffL;
+        r[i + 3] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 82]) << 38;
-        r[i + 4] = n & 0x1fffffffffffffL;
+        r[i + 4] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 83]) << 38;
-        r[i + 5] = n & 0x1fffffffffffffL;
+        r[i + 5] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 84]) << 38;
-        r[i + 6] = n & 0x1fffffffffffffL;
+        r[i + 6] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 85]) << 38;
-        r[i + 7] = n & 0x1fffffffffffffL;
+        r[i + 7] = (sp_digit)(n & 0x1fffffffffffffL);
         n >>= 53; n += ((sp_int128)a[i + 86]) << 38;
     }
-    r[72] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[151]) << 38;
-    r[73] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[152]) << 38;
-    r[74] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[153]) << 38;
-    r[75] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[154]) << 38;
-    r[76] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[155]) << 38;
+    r[72] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[151]) << 38;
+    r[73] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[152]) << 38;
+    r[74] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[153]) << 38;
+    r[75] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[154]) << 38;
+    r[76] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[155]) << 38;
     r[77] = (sp_digit)n;
     XMEMSET(&r[78], 0, sizeof(*r) * 78U);
 }
@@ -19201,33 +19196,33 @@ static void sp_4096_mont_reduce_78(sp_digit* a, const sp_digit* m, sp_digit mp)
 #ifdef WOLFSSL_SP_DH
     if (mp != 1) {
         for (i=0; i<77; i++) {
-            mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+            mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
             sp_4096_mul_add_78(a+i, m, mu);
             a[i+1] += a[i] >> 53;
         }
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL);
         sp_4096_mul_add_78(a+i, m, mu);
         a[i+1] += a[i] >> 53;
         a[i] &= 0x1fffffffffffffL;
     }
     else {
         for (i=0; i<77; i++) {
-            mu = a[i] & 0x1fffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1fffffffffffffL);
             sp_4096_mul_add_78(a+i, m, mu);
             a[i+1] += a[i] >> 53;
         }
-        mu = a[i] & 0x7fffL;
+        mu = (sp_digit)(a[i] & 0x7fffL);
         sp_4096_mul_add_78(a+i, m, mu);
         a[i+1] += a[i] >> 53;
         a[i] &= 0x1fffffffffffffL;
     }
 #else
     for (i=0; i<77; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL);
         sp_4096_mul_add_78(a+i, m, mu);
         a[i+1] += a[i] >> 53;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL);
     sp_4096_mul_add_78(a+i, m, mu);
     a[i+1] += a[i] >> 53;
     a[i] &= 0x1fffffffffffffL;
@@ -19347,20 +19342,20 @@ SP_NOINLINE static void sp_4096_rshift_78(sp_digit* r, const sp_digit* a,
     int i;
 
     for (i=0; i<72; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (53 - n)) & 0x1fffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (53 - n)) & 0x1fffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (53 - n)) & 0x1fffffffffffffL);
     }
-    r[72] = (a[72] >> n) | ((a[73] << (53 - n)) & 0x1fffffffffffffL);
-    r[73] = (a[73] >> n) | ((a[74] << (53 - n)) & 0x1fffffffffffffL);
-    r[74] = (a[74] >> n) | ((a[75] << (53 - n)) & 0x1fffffffffffffL);
-    r[75] = (a[75] >> n) | ((a[76] << (53 - n)) & 0x1fffffffffffffL);
-    r[76] = (a[76] >> n) | ((a[77] << (53 - n)) & 0x1fffffffffffffL);
+    r[72] = (a[72] >> n) | (sp_digit)((a[73] << (53 - n)) & 0x1fffffffffffffL);
+    r[73] = (a[73] >> n) | (sp_digit)((a[74] << (53 - n)) & 0x1fffffffffffffL);
+    r[74] = (a[74] >> n) | (sp_digit)((a[75] << (53 - n)) & 0x1fffffffffffffL);
+    r[75] = (a[75] >> n) | (sp_digit)((a[76] << (53 - n)) & 0x1fffffffffffffL);
+    r[76] = (a[76] >> n) | (sp_digit)((a[77] << (53 - n)) & 0x1fffffffffffffL);
     r[77] = a[77] >> n;
 }
 
@@ -19651,7 +19646,7 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_78(t[0], m, mp);
         n = sp_4096_cmp_78(t[0], m);
-        sp_4096_cond_sub_78(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_78(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 78 * 2);
 
     }
@@ -19741,7 +19736,7 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_78(t[0], m, mp);
         n = sp_4096_cmp_78(t[0], m);
-        sp_4096_cond_sub_78(t[0], t[0], m, ~(n >> 63));
+        sp_4096_cond_sub_78(t[0], t[0], m, (sp_digit)~(n >> 63));
         XMEMCPY(r, t[0], sizeof(*r) * 78 * 2);
     }
 
@@ -19869,7 +19864,7 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
 
         sp_4096_mont_reduce_78(rt, m, mp);
         n = sp_4096_cmp_78(rt, m);
-        sp_4096_cond_sub_78(rt, rt, m, ~(n >> 63));
+        sp_4096_cond_sub_78(rt, rt, m, (sp_digit)~(n >> 63));
         XMEMCPY(r, rt, sizeof(sp_digit) * 156);
     }
 
@@ -20714,160 +20709,160 @@ SP_NOINLINE static void sp_4096_lshift_78(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[77];
     r[78] = s >> (53U - n);
     s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]);
-    r[77] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[77] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]);
-    r[76] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[76] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]);
-    r[75] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[75] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]);
-    r[74] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[74] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]);
-    r[73] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[73] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]);
-    r[72] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[72] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]);
-    r[71] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[71] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]);
-    r[70] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[70] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]);
-    r[69] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[69] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]);
-    r[68] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[68] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]);
-    r[67] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[67] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]);
-    r[66] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[66] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]);
-    r[65] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[65] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]);
-    r[64] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[64] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]);
-    r[63] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[63] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]);
-    r[62] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[62] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]);
-    r[61] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[61] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]);
-    r[60] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[60] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]);
-    r[59] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[59] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]);
-    r[58] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[58] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]);
-    r[57] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[57] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]);
-    r[56] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[56] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]);
-    r[55] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[55] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]);
-    r[54] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[54] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]);
-    r[53] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[53] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]);
-    r[52] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[52] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]);
-    r[51] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[51] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]);
-    r[50] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[50] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]);
-    r[49] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[49] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]);
-    r[48] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[48] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]);
-    r[47] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[47] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]);
-    r[46] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[46] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]);
-    r[45] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[45] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]);
-    r[44] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[44] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]);
-    r[43] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[43] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]);
-    r[42] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[42] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]);
-    r[41] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[41] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]);
-    r[40] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[40] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]);
-    r[39] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[39] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]);
-    r[38] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[38] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]);
-    r[37] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[37] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]);
-    r[36] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[36] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]);
-    r[35] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[35] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]);
-    r[34] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[34] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]);
-    r[33] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[33] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]);
-    r[32] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[32] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]);
-    r[31] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[31] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]);
-    r[30] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[30] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]);
-    r[29] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[29] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]);
-    r[28] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[28] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]);
-    r[27] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[27] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]);
-    r[26] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[26] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]);
-    r[25] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[25] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]);
-    r[24] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[24] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]);
-    r[23] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[23] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]);
-    r[22] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[22] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]);
-    r[21] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[21] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]);
-    r[20] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[20] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]);
-    r[19] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[19] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]);
-    r[18] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[18] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[17] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[16] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[15] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[14] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL;
-    r[0] = (a[0] << n) & 0x1fffffffffffffL;
+    r[1] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL);
+    r[0] = (sp_digit)((a[0] << n) & 0x1fffffffffffffL);
 }
 
 /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
@@ -20978,7 +20973,7 @@ static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const
 
         sp_4096_mont_reduce_78(r, m, mp);
         n = sp_4096_cmp_78(r, m);
-        sp_4096_cond_sub_78(r, r, m, ~(n >> 63));
+        sp_4096_cond_sub_78(r, r, m, (sp_digit)~(n >> 63));
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -21249,16 +21244,16 @@ SP_NOINLINE static void sp_256_mul_5(sp_digit* r, const sp_digit* a,
                  + ((sp_int128)a[ 4]) * b[ 3];
     sp_int128 t8   = ((sp_int128)a[ 4]) * b[ 4];
 
-    t1   += t0  >> 52; r[ 0] = t0  & 0xfffffffffffffL;
-    t2   += t1  >> 52; r[ 1] = t1  & 0xfffffffffffffL;
-    t3   += t2  >> 52; r[ 2] = t2  & 0xfffffffffffffL;
-    t4   += t3  >> 52; r[ 3] = t3  & 0xfffffffffffffL;
-    t5   += t4  >> 52; r[ 4] = t4  & 0xfffffffffffffL;
-    t6   += t5  >> 52; r[ 5] = t5  & 0xfffffffffffffL;
-    t7   += t6  >> 52; r[ 6] = t6  & 0xfffffffffffffL;
-    t8   += t7  >> 52; r[ 7] = t7  & 0xfffffffffffffL;
+    t1   += t0  >> 52; r[ 0] = (sp_digit)(t0  & 0xfffffffffffffL);
+    t2   += t1  >> 52; r[ 1] = (sp_digit)(t1  & 0xfffffffffffffL);
+    t3   += t2  >> 52; r[ 2] = (sp_digit)(t2  & 0xfffffffffffffL);
+    t4   += t3  >> 52; r[ 3] = (sp_digit)(t3  & 0xfffffffffffffL);
+    t5   += t4  >> 52; r[ 4] = (sp_digit)(t4  & 0xfffffffffffffL);
+    t6   += t5  >> 52; r[ 5] = (sp_digit)(t5  & 0xfffffffffffffL);
+    t7   += t6  >> 52; r[ 6] = (sp_digit)(t6  & 0xfffffffffffffL);
+    t8   += t7  >> 52; r[ 7] = (sp_digit)(t7  & 0xfffffffffffffL);
     r[9] = (sp_digit)(t8 >> 52);
-                       r[8] = t8 & 0xfffffffffffffL;
+                       r[8] = (sp_digit)(t8 & 0xfffffffffffffL);
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -21328,16 +21323,16 @@ SP_NOINLINE static void sp_256_sqr_5(sp_digit* r, const sp_digit* a)
     sp_int128 t7   = (((sp_int128)a[ 3]) * a[ 4]) * 2;
     sp_int128 t8   =  ((sp_int128)a[ 4]) * a[ 4];
 
-    t1   += t0  >> 52; r[ 0] = t0  & 0xfffffffffffffL;
-    t2   += t1  >> 52; r[ 1] = t1  & 0xfffffffffffffL;
-    t3   += t2  >> 52; r[ 2] = t2  & 0xfffffffffffffL;
-    t4   += t3  >> 52; r[ 3] = t3  & 0xfffffffffffffL;
-    t5   += t4  >> 52; r[ 4] = t4  & 0xfffffffffffffL;
-    t6   += t5  >> 52; r[ 5] = t5  & 0xfffffffffffffL;
-    t7   += t6  >> 52; r[ 6] = t6  & 0xfffffffffffffL;
-    t8   += t7  >> 52; r[ 7] = t7  & 0xfffffffffffffL;
+    t1   += t0  >> 52; r[ 0] = (sp_digit)(t0  & 0xfffffffffffffL);
+    t2   += t1  >> 52; r[ 1] = (sp_digit)(t1  & 0xfffffffffffffL);
+    t3   += t2  >> 52; r[ 2] = (sp_digit)(t2  & 0xfffffffffffffL);
+    t4   += t3  >> 52; r[ 3] = (sp_digit)(t3  & 0xfffffffffffffL);
+    t5   += t4  >> 52; r[ 4] = (sp_digit)(t4  & 0xfffffffffffffL);
+    t6   += t5  >> 52; r[ 5] = (sp_digit)(t5  & 0xfffffffffffffL);
+    t7   += t6  >> 52; r[ 6] = (sp_digit)(t6  & 0xfffffffffffffL);
+    t8   += t7  >> 52; r[ 7] = (sp_digit)(t7  & 0xfffffffffffffL);
     r[9] = (sp_digit)(t8 >> 52);
-                       r[8] = t8 & 0xfffffffffffffL;
+                       r[8] = (sp_digit)(t8 & 0xfffffffffffffL);
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -21686,17 +21681,17 @@ SP_NOINLINE static void sp_256_mul_add_5(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0xfffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffL);
         t[1] += t[0] >> 52;
-        r[i+1] = t[1] & 0xfffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffL);
         t[2] += t[1] >> 52;
-        r[i+2] = t[2] & 0xfffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffL);
         t[3] += t[2] >> 52;
-        r[i+3] = t[3] & 0xfffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffL);
         t[0]  = t[3] >> 52;
     }
     t[0] += (tb * a[4]) + r[4];
-    r[4] = t[0] & 0xfffffffffffffL;
+    r[4] = (sp_digit)(t[0] & 0xfffffffffffffL);
     r[5] +=  (sp_digit)(t[0] >> 52);
 #else
     sp_int128 tb = b;
@@ -21750,7 +21745,7 @@ static void sp_256_mont_shift_5(sp_digit* r, const sp_digit* a)
     n = a[4] >> 48;
     for (i = 0; i < 4; i++) {
         n += (sp_uint64)a[5 + i] << 4;
-        r[i] = n & 0xfffffffffffffL;
+        r[i] = (sp_digit)(n & 0xfffffffffffffL);
         n >>= 52;
     }
     n += (sp_uint64)a[9] << 4;
@@ -21759,10 +21754,10 @@ static void sp_256_mont_shift_5(sp_digit* r, const sp_digit* a)
     sp_uint64 n;
 
     n  = a[4] >> 48;
-    n += (sp_uint64)a[ 5] << 4U; r[ 0] = n & 0xfffffffffffffUL; n >>= 52U;
-    n += (sp_uint64)a[ 6] << 4U; r[ 1] = n & 0xfffffffffffffUL; n >>= 52U;
-    n += (sp_uint64)a[ 7] << 4U; r[ 2] = n & 0xfffffffffffffUL; n >>= 52U;
-    n += (sp_uint64)a[ 8] << 4U; r[ 3] = n & 0xfffffffffffffUL; n >>= 52U;
+    n += (sp_uint64)a[ 5] << 4U; r[ 0] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U;
+    n += (sp_uint64)a[ 6] << 4U; r[ 1] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U;
+    n += (sp_uint64)a[ 7] << 4U; r[ 2] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U;
+    n += (sp_uint64)a[ 8] << 4U; r[ 3] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U;
     n += (sp_uint64)a[ 9] << 4U; r[ 4] = n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[5], 0, sizeof(*r) * 5U);
@@ -21783,11 +21778,11 @@ static void sp_256_mont_reduce_order_5(sp_digit* a, const sp_digit* m, sp_digit
     sp_256_norm_5(a + 5);
 
     for (i=0; i<4; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffL);
         sp_256_mul_add_5(a+i, m, mu);
         a[i+1] += a[i] >> 52;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL);
     sp_256_mul_add_5(a+i, m, mu);
     a[i+1] += a[i] >> 52;
     a[i] &= 0xfffffffffffffL;
@@ -21813,32 +21808,32 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 4; i++) {
-        am = a[i] & 0xfffffffffffffL;
+        am = (sp_digit)(a[i] & 0xfffffffffffffL);
         /* Fifth word of modulus word */
         t = am; t *= 0x0ffffffff0000L;
 
-        a[i + 1] += (am << 44) & 0xfffffffffffffL;
+        a[i + 1] += (sp_digit)((am << 44) & 0xfffffffffffffL);
         a[i + 2] += am >> 8;
-        a[i + 3] += (am << 36) & 0xfffffffffffffL;
-        a[i + 4] += (am >> 16) + (t & 0xfffffffffffffL);
+        a[i + 3] += (sp_digit)((am << 36) & 0xfffffffffffffL);
+        a[i + 4] += (am >> 16) + (sp_digit)(t & 0xfffffffffffffL);
         a[i + 5] +=  t >> 52;
 
         a[i + 1] += a[i] >> 52;
     }
-    am = a[4] & 0xffffffffffff;
+    am = (sp_digit)(a[4] & 0xffffffffffff);
     /* Fifth word of modulus word */
     t = am; t *= 0x0ffffffff0000L;
 
-    a[4 + 1] += (am << 44) & 0xfffffffffffffL;
+    a[4 + 1] += (sp_digit)((am << 44) & 0xfffffffffffffL);
     a[4 + 2] += am >> 8;
-    a[4 + 3] += (am << 36) & 0xfffffffffffffL;
-    a[4 + 4] += (am >> 16) + (t & 0xfffffffffffffL);
+    a[4 + 3] += (sp_digit)((am << 36) & 0xfffffffffffffL);
+    a[4 + 4] += (am >> 16) + (sp_digit)(t & 0xfffffffffffffL);
     a[4 + 5] +=  t >> 52;
 
-    a[0] = (a[4] >> 48) + ((a[5] << 4) & 0xfffffffffffffL);
-    a[1] = (a[5] >> 48) + ((a[6] << 4) & 0xfffffffffffffL);
-    a[2] = (a[6] >> 48) + ((a[7] << 4) & 0xfffffffffffffL);
-    a[3] = (a[7] >> 48) + ((a[8] << 4) & 0xfffffffffffffL);
+    a[0] = (a[4] >> 48) + (sp_digit)((a[5] << 4) & 0xfffffffffffffL);
+    a[1] = (a[5] >> 48) + (sp_digit)((a[6] << 4) & 0xfffffffffffffL);
+    a[2] = (a[6] >> 48) + (sp_digit)((a[7] << 4) & 0xfffffffffffffL);
+    a[3] = (a[7] >> 48) + (sp_digit)((a[8] << 4) & 0xfffffffffffffL);
     a[4] = (a[8] >> 48) +  (a[9] << 4);
 
     a[1] += a[0] >> 52; a[0] &= 0xfffffffffffffL;
@@ -21851,11 +21846,11 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp)
     /* Create mask. */
     am = 0 - am;
 
-    a[0] -= 0x000fffffffffffffL & am;
-    a[1] -= 0x00000fffffffffffL & am;
+    a[0] -= (sp_digit)(0x000fffffffffffffL & am);
+    a[1] -= (sp_digit)(0x00000fffffffffffL & am);
     /* p256_mod[2] is zero */
-    a[3] -= 0x0000001000000000L & am;
-    a[4] -= 0x0000ffffffff0000L & am;
+    a[3] -= (sp_digit)(0x0000001000000000L & am);
+    a[4] -= (sp_digit)(0x0000ffffffff0000L & am);
 
     a[1] += a[0] >> 52; a[0] &= 0xfffffffffffffL;
     a[2] += a[1] >> 52; a[1] &= 0xfffffffffffffL;
@@ -21914,7 +21909,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_5(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint64_t p256_mod_minus_2[4] = {
+static const word64 p256_mod_minus_2[4] = {
     0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U,
     0xffffffff00000001U
 };
@@ -22013,7 +22008,7 @@ static void sp_256_map_5(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_5(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_5(r->x, p256_mod);
-    sp_256_cond_sub_5(r->x, r->x, p256_mod, ~(n >> 51));
+    sp_256_cond_sub_5(r->x, r->x, p256_mod, (sp_digit)~(n >> 51));
     sp_256_norm_5(r->x);
 
     /* y /= z^3 */
@@ -22022,7 +22017,7 @@ static void sp_256_map_5(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_5(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_5(r->y, p256_mod);
-    sp_256_cond_sub_5(r->y, r->y, p256_mod, ~(n >> 51));
+    sp_256_cond_sub_5(r->y, r->y, p256_mod, (sp_digit)~(n >> 51));
     sp_256_norm_5(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -22152,13 +22147,13 @@ SP_NOINLINE static void sp_256_rshift1_5(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<4; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 51) & 0xfffffffffffffL);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 51) & 0xfffffffffffffL);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 51) & 0xfffffffffffffL);
-    r[1] = (a[1] >> 1) + ((a[2] << 51) & 0xfffffffffffffL);
-    r[2] = (a[2] >> 1) + ((a[3] << 51) & 0xfffffffffffffL);
-    r[3] = (a[3] >> 1) + ((a[4] << 51) & 0xfffffffffffffL);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 51) & 0xfffffffffffffL);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 51) & 0xfffffffffffffL);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 51) & 0xfffffffffffffL);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 51) & 0xfffffffffffffL);
 #endif
     r[4] = a[4] >> 1;
 }
@@ -22467,8 +22462,8 @@ static void sp_256_proj_point_add_5(sp_point_256* r,
         sp_256_mont_sub_5(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -22485,7 +22480,7 @@ static void sp_256_proj_point_add_5(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -22659,8 +22654,8 @@ static int sp_256_proj_point_add_5_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -22677,7 +22672,7 @@ static int sp_256_proj_point_add_5_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -23321,13 +23316,13 @@ static void sp_256_proj_point_add_sub_5(sp_point_256* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_256 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_256;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_5_6[66] = {
+static const word8 recode_index_5_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -23336,7 +23331,7 @@ static const uint8_t recode_index_5_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_5_6[66] = {
+static const word8 recode_neg_5_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -23354,7 +23349,7 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -23363,7 +23358,7 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 52) {
             y &= 0x3f;
             n >>= 6;
@@ -23377,12 +23372,12 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 5) {
             n = k[j];
-            y |= (uint8_t)((n << (52 - o)) & 0x3f);
+            y |= (word8)((n << (52 - o)) & 0x3f);
             o -= 46;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_5_6[y];
         v[i].neg = recode_neg_5_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -23418,7 +23413,7 @@ static void sp_256_get_point_33_5(sp_point_256* r, const sp_point_256* table,
     r->z[3] = 0;
     r->z[4] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -23640,8 +23635,8 @@ static void sp_256_proj_point_add_qz1_5(sp_point_256* r,
         sp_256_mont_sub_5(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -23658,7 +23653,7 @@ static void sp_256_proj_point_add_qz1_5(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -23800,7 +23795,7 @@ static void sp_256_get_entry_256_5(sp_point_256* r,
     r->y[3] = 0;
     r->y[4] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -23942,7 +23937,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -23970,7 +23965,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -26099,23 +26094,23 @@ SP_NOINLINE static void sp_256_rshift_5(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<4; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (52 - n))) & 0xfffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (52 - n))) & 0xfffffffffffffL);
     }
 #else
     for (i=0; i<0; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (52 - n)) & 0xfffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (52 - n)) & 0xfffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (52 - n)) & 0xfffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (52 - n)) & 0xfffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (52 - n)) & 0xfffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (52 - n)) & 0xfffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (52 - n)) & 0xfffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (52 - n)) & 0xfffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (52 - n)) & 0xfffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (52 - n)) & 0xfffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (52 - n)) & 0xfffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (52 - n)) & 0xfffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (52 - n)) & 0xfffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (52 - n)) & 0xfffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (52 - n)) & 0xfffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (52 - n)) & 0xfffffffffffffL);
     }
-    r[0] = (a[0] >> n) | ((a[1] << (52 - n)) & 0xfffffffffffffL);
-    r[1] = (a[1] >> n) | ((a[2] << (52 - n)) & 0xfffffffffffffL);
-    r[2] = (a[2] >> n) | ((a[3] << (52 - n)) & 0xfffffffffffffL);
-    r[3] = (a[3] >> n) | ((a[4] << (52 - n)) & 0xfffffffffffffL);
+    r[0] = (a[0] >> n) | (sp_digit)((a[1] << (52 - n)) & 0xfffffffffffffL);
+    r[1] = (a[1] >> n) | (sp_digit)((a[2] << (52 - n)) & 0xfffffffffffffL);
+    r[2] = (a[2] >> n) | (sp_digit)((a[3] << (52 - n)) & 0xfffffffffffffL);
+    r[3] = (a[3] >> n) | (sp_digit)((a[4] << (52 - n)) & 0xfffffffffffffL);
 #endif /* WOLFSSL_SP_SMALL */
     r[4] = a[4] >> n;
 }
@@ -26166,7 +26161,7 @@ SP_NOINLINE static void sp_256_lshift_10(sp_digit* r, const sp_digit* a,
 
     r[10] = a[9] >> (52 - n);
     for (i=9; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (52 - n))) & 0xfffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (52 - n))) & 0xfffffffffffffL);
     }
 #else
     sp_int_digit s;
@@ -26175,25 +26170,25 @@ SP_NOINLINE static void sp_256_lshift_10(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[9];
     r[10] = s >> (52U - n);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL;
+    r[1] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0xfffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0xfffffffffffffL);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -26298,7 +26293,7 @@ static void sp_256_mont_mul_order_5(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint64_t p256_order_minus_2[4] = {
+static const word64 p256_order_minus_2[4] = {
     0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU,
     0xffffffff00000000U
 };
@@ -26863,7 +26858,7 @@ static int sp_256_num_bits_52_5(sp_digit v)
     v |= v >> 8;
     v |= v >> 16;
     v |= v >> 32;
-    return sp_256_tab64_5[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
+    return sp_256_tab64_5[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
 }
 
 static int sp_256_num_bits_5(const sp_digit* a)
@@ -28082,20 +28077,20 @@ SP_NOINLINE static void sp_384_mul_7(sp_digit* r, const sp_digit* a,
                  + ((sp_int128)a[ 6]) * b[ 5];
     sp_int128 t12  = ((sp_int128)a[ 6]) * b[ 6];
 
-    t1   += t0  >> 55; r[ 0] = t0  & 0x7fffffffffffffL;
-    t2   += t1  >> 55; r[ 1] = t1  & 0x7fffffffffffffL;
-    t3   += t2  >> 55; r[ 2] = t2  & 0x7fffffffffffffL;
-    t4   += t3  >> 55; r[ 3] = t3  & 0x7fffffffffffffL;
-    t5   += t4  >> 55; r[ 4] = t4  & 0x7fffffffffffffL;
-    t6   += t5  >> 55; r[ 5] = t5  & 0x7fffffffffffffL;
-    t7   += t6  >> 55; r[ 6] = t6  & 0x7fffffffffffffL;
-    t8   += t7  >> 55; r[ 7] = t7  & 0x7fffffffffffffL;
-    t9   += t8  >> 55; r[ 8] = t8  & 0x7fffffffffffffL;
-    t10  += t9  >> 55; r[ 9] = t9  & 0x7fffffffffffffL;
-    t11  += t10 >> 55; r[10] = t10 & 0x7fffffffffffffL;
-    t12  += t11 >> 55; r[11] = t11 & 0x7fffffffffffffL;
+    t1   += t0  >> 55; r[ 0] = (sp_digit)(t0  & 0x7fffffffffffffL);
+    t2   += t1  >> 55; r[ 1] = (sp_digit)(t1  & 0x7fffffffffffffL);
+    t3   += t2  >> 55; r[ 2] = (sp_digit)(t2  & 0x7fffffffffffffL);
+    t4   += t3  >> 55; r[ 3] = (sp_digit)(t3  & 0x7fffffffffffffL);
+    t5   += t4  >> 55; r[ 4] = (sp_digit)(t4  & 0x7fffffffffffffL);
+    t6   += t5  >> 55; r[ 5] = (sp_digit)(t5  & 0x7fffffffffffffL);
+    t7   += t6  >> 55; r[ 6] = (sp_digit)(t6  & 0x7fffffffffffffL);
+    t8   += t7  >> 55; r[ 7] = (sp_digit)(t7  & 0x7fffffffffffffL);
+    t9   += t8  >> 55; r[ 8] = (sp_digit)(t8  & 0x7fffffffffffffL);
+    t10  += t9  >> 55; r[ 9] = (sp_digit)(t9  & 0x7fffffffffffffL);
+    t11  += t10 >> 55; r[10] = (sp_digit)(t10 & 0x7fffffffffffffL);
+    t12  += t11 >> 55; r[11] = (sp_digit)(t11 & 0x7fffffffffffffL);
     r[13] = (sp_digit)(t12 >> 55);
-                       r[12] = t12 & 0x7fffffffffffffL;
+                       r[12] = (sp_digit)(t12 & 0x7fffffffffffffL);
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28178,20 +28173,20 @@ SP_NOINLINE static void sp_384_sqr_7(sp_digit* r, const sp_digit* a)
     sp_int128 t11  = (((sp_int128)a[ 5]) * a[ 6]) * 2;
     sp_int128 t12  =  ((sp_int128)a[ 6]) * a[ 6];
 
-    t1   += t0  >> 55; r[ 0] = t0  & 0x7fffffffffffffL;
-    t2   += t1  >> 55; r[ 1] = t1  & 0x7fffffffffffffL;
-    t3   += t2  >> 55; r[ 2] = t2  & 0x7fffffffffffffL;
-    t4   += t3  >> 55; r[ 3] = t3  & 0x7fffffffffffffL;
-    t5   += t4  >> 55; r[ 4] = t4  & 0x7fffffffffffffL;
-    t6   += t5  >> 55; r[ 5] = t5  & 0x7fffffffffffffL;
-    t7   += t6  >> 55; r[ 6] = t6  & 0x7fffffffffffffL;
-    t8   += t7  >> 55; r[ 7] = t7  & 0x7fffffffffffffL;
-    t9   += t8  >> 55; r[ 8] = t8  & 0x7fffffffffffffL;
-    t10  += t9  >> 55; r[ 9] = t9  & 0x7fffffffffffffL;
-    t11  += t10 >> 55; r[10] = t10 & 0x7fffffffffffffL;
-    t12  += t11 >> 55; r[11] = t11 & 0x7fffffffffffffL;
+    t1   += t0  >> 55; r[ 0] = (sp_digit)(t0  & 0x7fffffffffffffL);
+    t2   += t1  >> 55; r[ 1] = (sp_digit)(t1  & 0x7fffffffffffffL);
+    t3   += t2  >> 55; r[ 2] = (sp_digit)(t2  & 0x7fffffffffffffL);
+    t4   += t3  >> 55; r[ 3] = (sp_digit)(t3  & 0x7fffffffffffffL);
+    t5   += t4  >> 55; r[ 4] = (sp_digit)(t4  & 0x7fffffffffffffL);
+    t6   += t5  >> 55; r[ 5] = (sp_digit)(t5  & 0x7fffffffffffffL);
+    t7   += t6  >> 55; r[ 6] = (sp_digit)(t6  & 0x7fffffffffffffL);
+    t8   += t7  >> 55; r[ 7] = (sp_digit)(t7  & 0x7fffffffffffffL);
+    t9   += t8  >> 55; r[ 8] = (sp_digit)(t8  & 0x7fffffffffffffL);
+    t10  += t9  >> 55; r[ 9] = (sp_digit)(t9  & 0x7fffffffffffffL);
+    t11  += t10 >> 55; r[10] = (sp_digit)(t10 & 0x7fffffffffffffL);
+    t12  += t11 >> 55; r[11] = (sp_digit)(t11 & 0x7fffffffffffffL);
     r[13] = (sp_digit)(t12 >> 55);
-                       r[12] = t12 & 0x7fffffffffffffL;
+                       r[12] = (sp_digit)(t12 & 0x7fffffffffffffL);
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -28548,23 +28543,23 @@ SP_NOINLINE static void sp_384_mul_add_7(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x7fffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x7fffffffffffffL);
         t[1] += t[0] >> 55;
-        r[i+1] = t[1] & 0x7fffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x7fffffffffffffL);
         t[2] += t[1] >> 55;
-        r[i+2] = t[2] & 0x7fffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x7fffffffffffffL);
         t[3] += t[2] >> 55;
-        r[i+3] = t[3] & 0x7fffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x7fffffffffffffL);
         t[0]  = t[3] >> 55;
     }
     t[0] += (tb * a[4]) + r[4];
     t[1]  = (tb * a[5]) + r[5];
     t[2]  = (tb * a[6]) + r[6];
-    r[4] = t[0] & 0x7fffffffffffffL;
+    r[4] = (sp_digit)(t[0] & 0x7fffffffffffffL);
     t[1] += t[0] >> 55;
-    r[5] = t[1] & 0x7fffffffffffffL;
+    r[5] = (sp_digit)(t[1] & 0x7fffffffffffffL);
     t[2] += t[1] >> 55;
-    r[6] = t[2] & 0x7fffffffffffffL;
+    r[6] = (sp_digit)(t[2] & 0x7fffffffffffffL);
     r[7] +=  (sp_digit)(t[2] >> 55);
 #else
     sp_int128 tb = b;
@@ -28624,7 +28619,7 @@ static void sp_384_mont_shift_7(sp_digit* r, const sp_digit* a)
     n = a[6] >> 54;
     for (i = 0; i < 6; i++) {
         n += (sp_uint64)a[7 + i] << 1;
-        r[i] = n & 0x7fffffffffffffL;
+        r[i] = (sp_digit)(n & 0x7fffffffffffffL);
         n >>= 55;
     }
     n += (sp_uint64)a[13] << 1;
@@ -28633,12 +28628,12 @@ static void sp_384_mont_shift_7(sp_digit* r, const sp_digit* a)
     sp_uint64 n;
 
     n  = a[6] >> 54;
-    n += (sp_uint64)a[ 7] << 1U; r[ 0] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[ 8] << 1U; r[ 1] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[ 9] << 1U; r[ 2] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[10] << 1U; r[ 3] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[11] << 1U; r[ 4] = n & 0x7fffffffffffffUL; n >>= 55U;
-    n += (sp_uint64)a[12] << 1U; r[ 5] = n & 0x7fffffffffffffUL; n >>= 55U;
+    n += (sp_uint64)a[ 7] << 1U; r[ 0] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[ 8] << 1U; r[ 1] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[ 9] << 1U; r[ 2] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[10] << 1U; r[ 3] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[11] << 1U; r[ 4] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
+    n += (sp_uint64)a[12] << 1U; r[ 5] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U;
     n += (sp_uint64)a[13] << 1U; r[ 6] = n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[7], 0, sizeof(*r) * 7U);
@@ -28659,11 +28654,11 @@ static void sp_384_mont_reduce_order_7(sp_digit* a, const sp_digit* m, sp_digit
     sp_384_norm_7(a + 7);
 
     for (i=0; i<6; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL);
         sp_384_mul_add_7(a+i, m, mu);
         a[i+1] += a[i] >> 55;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL);
     sp_384_mul_add_7(a+i, m, mu);
     a[i+1] += a[i] >> 55;
     a[i] &= 0x7fffffffffffffL;
@@ -28688,30 +28683,30 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 6; i++) {
-        am = (a[i] * 0x100000001) & 0x7fffffffffffffL;
-        a[i + 0] += (am << 32) & 0x7fffffffffffffL;
-        a[i + 1] += (am >> 23) - ((am << 41) & 0x7fffffffffffffL);
-        a[i + 2] += -(am >> 14) - ((am << 18) & 0x7fffffffffffffL);
+        am = (sp_digit)((a[i] * 0x100000001) & 0x7fffffffffffffL);
+        a[i + 0] += (sp_digit)((am << 32) & 0x7fffffffffffffL);
+        a[i + 1] += (am >> 23) - (sp_digit)((am << 41) & 0x7fffffffffffffL);
+        a[i + 2] += -(am >> 14) - ((sp_digit)(am << 18) & 0x7fffffffffffffL);
         a[i + 3] += -(am >> 37);
-        a[i + 6] += (am << 54) & 0x7fffffffffffffL;
+        a[i + 6] += ((sp_digit)(am << 54) & 0x7fffffffffffffL);
         a[i + 7] += am >> 1;
 
         a[i + 1] += a[i] >> 55;
     }
-    am = (a[6] * 0x100000001) & 0x3fffffffffffff;
-    a[6 + 0] += (am << 32) & 0x7fffffffffffffL;
-    a[6 + 1] += (am >> 23) - ((am << 41) & 0x7fffffffffffffL);
-    a[6 + 2] += -(am >> 14) - ((am << 18) & 0x7fffffffffffffL);
+    am = (sp_digit)((a[6] * 0x100000001) & 0x3fffffffffffff);
+    a[6 + 0] += (sp_digit)((am << 32) & 0x7fffffffffffffL);
+    a[6 + 1] += (am >> 23) - (sp_digit)((am << 41) & 0x7fffffffffffffL);
+    a[6 + 2] += -(am >> 14) - (sp_digit)((am << 18) & 0x7fffffffffffffL);
     a[6 + 3] += -(am >> 37);
-    a[6 + 6] += (am << 54) & 0x7fffffffffffffL;
+    a[6 + 6] += (sp_digit)((am << 54) & 0x7fffffffffffffL);
     a[6 + 7] += am >> 1;
 
-    a[0] = (a[6] >> 54) + ((a[7] << 1) & 0x7fffffffffffffL);
-    a[1] = (a[7] >> 54) + ((a[8] << 1) & 0x7fffffffffffffL);
-    a[2] = (a[8] >> 54) + ((a[9] << 1) & 0x7fffffffffffffL);
-    a[3] = (a[9] >> 54) + ((a[10] << 1) & 0x7fffffffffffffL);
-    a[4] = (a[10] >> 54) + ((a[11] << 1) & 0x7fffffffffffffL);
-    a[5] = (a[11] >> 54) + ((a[12] << 1) & 0x7fffffffffffffL);
+    a[0] = (a[6] >> 54) + (sp_digit)((a[7] << 1) & 0x7fffffffffffffL);
+    a[1] = (a[7] >> 54) + (sp_digit)((a[8] << 1) & 0x7fffffffffffffL);
+    a[2] = (a[8] >> 54) + (sp_digit)((a[9] << 1) & 0x7fffffffffffffL);
+    a[3] = (a[9] >> 54) + (sp_digit)((a[10] << 1) & 0x7fffffffffffffL);
+    a[4] = (a[10] >> 54) + (sp_digit)((a[11] << 1) & 0x7fffffffffffffL);
+    a[5] = (a[11] >> 54) + (sp_digit)((a[12] << 1) & 0x7fffffffffffffL);
     a[6] = (a[12] >> 54) +  (a[13] << 1);
 
     a[1] += a[0] >> 55; a[0] &= 0x7fffffffffffffL;
@@ -28726,13 +28721,13 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp)
     /* Create mask. */
     am = 0 - am;
 
-    a[0] -= 0x00000000ffffffffL & am;
-    a[1] -= 0x007ffe0000000000L & am;
-    a[2] -= 0x007ffffffffbffffL & am;
-    a[3] -= 0x007fffffffffffffL & am;
-    a[4] -= 0x007fffffffffffffL & am;
-    a[5] -= 0x007fffffffffffffL & am;
-    a[6] -= 0x003fffffffffffffL & am;
+    a[0] -= (sp_digit)(0x00000000ffffffffL & am);
+    a[1] -= (sp_digit)(0x007ffe0000000000L & am);
+    a[2] -= (sp_digit)(0x007ffffffffbffffL & am);
+    a[3] -= (sp_digit)(0x007fffffffffffffL & am);
+    a[4] -= (sp_digit)(0x007fffffffffffffL & am);
+    a[5] -= (sp_digit)(0x007fffffffffffffL & am);
+    a[6] -= (sp_digit)(0x003fffffffffffffL & am);
 
     a[1] += a[0] >> 55; a[0] &= 0x7fffffffffffffL;
     a[2] += a[1] >> 55; a[1] &= 0x7fffffffffffffL;
@@ -28793,7 +28788,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_7(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint64_t p384_mod_minus_2[6] = {
+static const word64 p384_mod_minus_2[6] = {
     0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
@@ -28908,7 +28903,7 @@ static void sp_384_map_7(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_7(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_7(r->x, p384_mod);
-    sp_384_cond_sub_7(r->x, r->x, p384_mod, ~(n >> 54));
+    sp_384_cond_sub_7(r->x, r->x, p384_mod, (sp_digit)~(n >> 54));
     sp_384_norm_7(r->x);
 
     /* y /= z^3 */
@@ -28917,7 +28912,7 @@ static void sp_384_map_7(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_7(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_7(r->y, p384_mod);
-    sp_384_cond_sub_7(r->y, r->y, p384_mod, ~(n >> 54));
+    sp_384_cond_sub_7(r->y, r->y, p384_mod, (sp_digit)~(n >> 54));
     sp_384_norm_7(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -29049,15 +29044,15 @@ SP_NOINLINE static void sp_384_rshift1_7(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<6; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 54) & 0x7fffffffffffffL);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 54) & 0x7fffffffffffffL);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 54) & 0x7fffffffffffffL);
-    r[1] = (a[1] >> 1) + ((a[2] << 54) & 0x7fffffffffffffL);
-    r[2] = (a[2] >> 1) + ((a[3] << 54) & 0x7fffffffffffffL);
-    r[3] = (a[3] >> 1) + ((a[4] << 54) & 0x7fffffffffffffL);
-    r[4] = (a[4] >> 1) + ((a[5] << 54) & 0x7fffffffffffffL);
-    r[5] = (a[5] >> 1) + ((a[6] << 54) & 0x7fffffffffffffL);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 54) & 0x7fffffffffffffL);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 54) & 0x7fffffffffffffL);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 54) & 0x7fffffffffffffL);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 54) & 0x7fffffffffffffL);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 54) & 0x7fffffffffffffL);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 54) & 0x7fffffffffffffL);
 #endif
     r[6] = a[6] >> 1;
 }
@@ -29367,8 +29362,8 @@ static void sp_384_proj_point_add_7(sp_point_384* r,
         sp_384_mont_sub_7(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29385,7 +29380,7 @@ static void sp_384_proj_point_add_7(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -29559,8 +29554,8 @@ static int sp_384_proj_point_add_7_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29577,7 +29572,7 @@ static int sp_384_proj_point_add_7_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -30257,13 +30252,13 @@ static void sp_384_proj_point_add_sub_7(sp_point_384* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_384 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_384;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_7_6[66] = {
+static const word8 recode_index_7_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -30272,7 +30267,7 @@ static const uint8_t recode_index_7_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_7_6[66] = {
+static const word8 recode_neg_7_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -30290,7 +30285,7 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -30299,7 +30294,7 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 55) {
             y &= 0x3f;
             n >>= 6;
@@ -30313,12 +30308,12 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 7) {
             n = k[j];
-            y |= (uint8_t)((n << (55 - o)) & 0x3f);
+            y |= (word8)((n << (55 - o)) & 0x3f);
             o -= 49;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_7_6[y];
         v[i].neg = recode_neg_7_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -30360,7 +30355,7 @@ static void sp_384_get_point_33_7(sp_point_384* r, const sp_point_384* table,
     r->z[5] = 0;
     r->z[6] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -30588,8 +30583,8 @@ static void sp_384_proj_point_add_qz1_7(sp_point_384* r,
         sp_384_mont_sub_7(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -30606,7 +30601,7 @@ static void sp_384_proj_point_add_qz1_7(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -30752,7 +30747,7 @@ static void sp_384_get_entry_256_7(sp_point_384* r,
     r->y[5] = 0;
     r->y[6] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -30898,7 +30893,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -30926,7 +30921,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -33565,25 +33560,25 @@ SP_NOINLINE static void sp_384_rshift_7(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<6; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (55 - n))) & 0x7fffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (55 - n))) & 0x7fffffffffffffL);
     }
 #else
     for (i=0; i<0; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (55 - n)) & 0x7fffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (55 - n)) & 0x7fffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (55 - n)) & 0x7fffffffffffffL);
     }
-    r[0] = (a[0] >> n) | ((a[1] << (55 - n)) & 0x7fffffffffffffL);
-    r[1] = (a[1] >> n) | ((a[2] << (55 - n)) & 0x7fffffffffffffL);
-    r[2] = (a[2] >> n) | ((a[3] << (55 - n)) & 0x7fffffffffffffL);
-    r[3] = (a[3] >> n) | ((a[4] << (55 - n)) & 0x7fffffffffffffL);
-    r[4] = (a[4] >> n) | ((a[5] << (55 - n)) & 0x7fffffffffffffL);
-    r[5] = (a[5] >> n) | ((a[6] << (55 - n)) & 0x7fffffffffffffL);
+    r[0] = (a[0] >> n) | (sp_digit)((a[1] << (55 - n)) & 0x7fffffffffffffL);
+    r[1] = (a[1] >> n) | (sp_digit)((a[2] << (55 - n)) & 0x7fffffffffffffL);
+    r[2] = (a[2] >> n) | (sp_digit)((a[3] << (55 - n)) & 0x7fffffffffffffL);
+    r[3] = (a[3] >> n) | (sp_digit)((a[4] << (55 - n)) & 0x7fffffffffffffL);
+    r[4] = (a[4] >> n) | (sp_digit)((a[5] << (55 - n)) & 0x7fffffffffffffL);
+    r[5] = (a[5] >> n) | (sp_digit)((a[6] << (55 - n)) & 0x7fffffffffffffL);
 #endif /* WOLFSSL_SP_SMALL */
     r[6] = a[6] >> n;
 }
@@ -33638,7 +33633,7 @@ SP_NOINLINE static void sp_384_lshift_14(sp_digit* r, const sp_digit* a,
 
     r[14] = a[13] >> (55 - n);
     for (i=13; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (55 - n))) & 0x7fffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (55 - n))) & 0x7fffffffffffffL);
     }
 #else
     sp_int_digit s;
@@ -33647,33 +33642,33 @@ SP_NOINLINE static void sp_384_lshift_14(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[13];
     r[14] = s >> (55U - n);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL;
+    r[1] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x7fffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0x7fffffffffffffL);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -33772,13 +33767,13 @@ static void sp_384_mont_mul_order_7(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint64_t p384_order_minus_2[6] = {
+static const word64 p384_order_minus_2[6] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint64_t p384_order_low[3] = {
+static const word64 p384_order_low[3] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -34304,7 +34299,7 @@ static int sp_384_num_bits_55_7(sp_digit v)
     v |= v >> 8;
     v |= v >> 16;
     v |= v >> 32;
-    return sp_384_tab64_7[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
+    return sp_384_tab64_7[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
 }
 
 static int sp_384_num_bits_7(const sp_digit* a)
@@ -35521,29 +35516,29 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_int128)a[ 0]) * b[ 0];
     t1 = ((sp_int128)a[ 0]) * b[ 1]
        + ((sp_int128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 0]) * b[ 2]
        + ((sp_int128)a[ 1]) * b[ 1]
        + ((sp_int128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 0]) * b[ 3]
        + ((sp_int128)a[ 1]) * b[ 2]
        + ((sp_int128)a[ 2]) * b[ 1]
        + ((sp_int128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 0]) * b[ 4]
        + ((sp_int128)a[ 1]) * b[ 3]
        + ((sp_int128)a[ 2]) * b[ 2]
        + ((sp_int128)a[ 3]) * b[ 1]
        + ((sp_int128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 0]) * b[ 5]
        + ((sp_int128)a[ 1]) * b[ 4]
        + ((sp_int128)a[ 2]) * b[ 3]
        + ((sp_int128)a[ 3]) * b[ 2]
        + ((sp_int128)a[ 4]) * b[ 1]
        + ((sp_int128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 0]) * b[ 6]
        + ((sp_int128)a[ 1]) * b[ 5]
        + ((sp_int128)a[ 2]) * b[ 4]
@@ -35551,7 +35546,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 4]) * b[ 2]
        + ((sp_int128)a[ 5]) * b[ 1]
        + ((sp_int128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 0]) * b[ 7]
        + ((sp_int128)a[ 1]) * b[ 6]
        + ((sp_int128)a[ 2]) * b[ 5]
@@ -35560,7 +35555,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 5]) * b[ 2]
        + ((sp_int128)a[ 6]) * b[ 1]
        + ((sp_int128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 0]) * b[ 8]
        + ((sp_int128)a[ 1]) * b[ 7]
        + ((sp_int128)a[ 2]) * b[ 6]
@@ -35570,7 +35565,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 2]
        + ((sp_int128)a[ 7]) * b[ 1]
        + ((sp_int128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 1]) * b[ 8]
        + ((sp_int128)a[ 2]) * b[ 7]
        + ((sp_int128)a[ 3]) * b[ 6]
@@ -35579,7 +35574,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 3]
        + ((sp_int128)a[ 7]) * b[ 2]
        + ((sp_int128)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 2]) * b[ 8]
        + ((sp_int128)a[ 3]) * b[ 7]
        + ((sp_int128)a[ 4]) * b[ 6]
@@ -35587,35 +35582,35 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 4]
        + ((sp_int128)a[ 7]) * b[ 3]
        + ((sp_int128)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[ 9] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 3]) * b[ 8]
        + ((sp_int128)a[ 4]) * b[ 7]
        + ((sp_int128)a[ 5]) * b[ 6]
        + ((sp_int128)a[ 6]) * b[ 5]
        + ((sp_int128)a[ 7]) * b[ 4]
        + ((sp_int128)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[10] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 4]) * b[ 8]
        + ((sp_int128)a[ 5]) * b[ 7]
        + ((sp_int128)a[ 6]) * b[ 6]
        + ((sp_int128)a[ 7]) * b[ 5]
        + ((sp_int128)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[11] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 5]) * b[ 8]
        + ((sp_int128)a[ 6]) * b[ 7]
        + ((sp_int128)a[ 7]) * b[ 6]
        + ((sp_int128)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[12] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 6]) * b[ 8]
        + ((sp_int128)a[ 7]) * b[ 7]
        + ((sp_int128)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[13] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = ((sp_int128)a[ 7]) * b[ 8]
        + ((sp_int128)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[14] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = ((sp_int128)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
-    r[16] = t0 & 0x3ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
+    r[16] = (sp_digit)(t0 & 0x3ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 58);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -35677,66 +35672,66 @@ SP_NOINLINE static void sp_521_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_int128)a[ 0]) * a[ 0];
     t1 = (((sp_int128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 0] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 0]) * a[ 2]) * 2
        +  ((sp_int128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 1] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 0]) * a[ 3]
        +  ((sp_int128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 2] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 0]) * a[ 4]
        +  ((sp_int128)a[ 1]) * a[ 3]) * 2
        +  ((sp_int128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 3] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 0]) * a[ 5]
        +  ((sp_int128)a[ 1]) * a[ 4]
        +  ((sp_int128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 4] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 0]) * a[ 6]
        +  ((sp_int128)a[ 1]) * a[ 5]
        +  ((sp_int128)a[ 2]) * a[ 4]) * 2
        +  ((sp_int128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 5] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 0]) * a[ 7]
        +  ((sp_int128)a[ 1]) * a[ 6]
        +  ((sp_int128)a[ 2]) * a[ 5]
        +  ((sp_int128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 6] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 0]) * a[ 8]
        +  ((sp_int128)a[ 1]) * a[ 7]
        +  ((sp_int128)a[ 2]) * a[ 6]
        +  ((sp_int128)a[ 3]) * a[ 5]) * 2
        +  ((sp_int128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    t[ 7] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 1]) * a[ 8]
        +  ((sp_int128)a[ 2]) * a[ 7]
        +  ((sp_int128)a[ 3]) * a[ 6]
        +  ((sp_int128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    t[ 8] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 2]) * a[ 8]
        +  ((sp_int128)a[ 3]) * a[ 7]
        +  ((sp_int128)a[ 4]) * a[ 6]) * 2
        +  ((sp_int128)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[ 9] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 3]) * a[ 8]
        +  ((sp_int128)a[ 4]) * a[ 7]
        +  ((sp_int128)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[10] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 4]) * a[ 8]
        +  ((sp_int128)a[ 5]) * a[ 7]) * 2
        +  ((sp_int128)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[11] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 5]) * a[ 8]
        +  ((sp_int128)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[12] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 = (((sp_int128)a[ 6]) * a[ 8]) * 2
        +  ((sp_int128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
+    r[13] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
     t1 = (((sp_int128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58;
+    r[14] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58;
     t0 =  ((sp_int128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58;
-    r[16] = t0 & 0x3ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58;
+    r[16] = (sp_digit)(t0 & 0x3ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 58);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -36060,10 +36055,10 @@ static void sp_521_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp)
     (void)mp;
 
     for (i = 0; i < 8; i++) {
-        a[i] += ((a[8 + i] >> 57) + (a[8 + i + 1] << 1)) & 0x3ffffffffffffffL;
+        a[i] += (sp_digit)(((a[8 + i] >> 57) + (a[8 + i + 1] << 1)) & 0x3ffffffffffffffL);
     }
     a[8] &= 0x1ffffffffffffff;
-    a[8] += ((a[16] >> 57) + (a[17] << 1)) & 0x3ffffffffffffffL;
+    a[8] += (sp_digit)(((a[16] >> 57) + (a[17] << 1)) & 0x3ffffffffffffffL);
 
     sp_521_norm_9(a);
 
@@ -36152,17 +36147,17 @@ SP_NOINLINE static void sp_521_mul_add_9(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x3ffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x3ffffffffffffffL);
         t[1] += t[0] >> 58;
-        r[i+1] = t[1] & 0x3ffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x3ffffffffffffffL);
         t[2] += t[1] >> 58;
-        r[i+2] = t[2] & 0x3ffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x3ffffffffffffffL);
         t[3] += t[2] >> 58;
-        r[i+3] = t[3] & 0x3ffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x3ffffffffffffffL);
         t[0]  = t[3] >> 58;
     }
     t[0] += (tb * a[8]) + r[8];
-    r[8] = t[0] & 0x3ffffffffffffffL;
+    r[8] = (sp_digit)(t[0] & 0x3ffffffffffffffL);
     r[9] +=  (sp_digit)(t[0] >> 58);
 #else
     sp_int128 tb = b;
@@ -36204,7 +36199,7 @@ static void sp_521_mont_shift_9(sp_digit* r, const sp_digit* a)
     n = a[8] >> 57;
     for (i = 0; i < 8; i++) {
         n += (sp_uint64)a[9 + i] << 1;
-        r[i] = n & 0x3ffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x3ffffffffffffffL);
         n >>= 58;
     }
     n += (sp_uint64)a[17] << 1;
@@ -36213,14 +36208,14 @@ static void sp_521_mont_shift_9(sp_digit* r, const sp_digit* a)
     sp_uint64 n;
 
     n  = a[8] >> 57;
-    n += (sp_uint64)a[ 9] << 1U; r[ 0] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[10] << 1U; r[ 1] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[11] << 1U; r[ 2] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[12] << 1U; r[ 3] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[13] << 1U; r[ 4] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[14] << 1U; r[ 5] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[15] << 1U; r[ 6] = n & 0x3ffffffffffffffUL; n >>= 58U;
-    n += (sp_uint64)a[16] << 1U; r[ 7] = n & 0x3ffffffffffffffUL; n >>= 58U;
+    n += (sp_uint64)a[ 9] << 1U; r[ 0] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[10] << 1U; r[ 1] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[11] << 1U; r[ 2] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[12] << 1U; r[ 3] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[13] << 1U; r[ 4] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[14] << 1U; r[ 5] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[15] << 1U; r[ 6] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
+    n += (sp_uint64)a[16] << 1U; r[ 7] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U;
     n += (sp_uint64)a[17] << 1U; r[ 8] = n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[9], 0, sizeof(*r) * 9U);
@@ -36241,11 +36236,11 @@ static void sp_521_mont_reduce_order_9(sp_digit* a, const sp_digit* m, sp_digit
     sp_521_norm_9(a + 9);
 
     for (i=0; i<8; i++) {
-        mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffffffL;
+        mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffffffL);
         sp_521_mul_add_9(a+i, m, mu);
         a[i+1] += a[i] >> 58;
     }
-    mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL;
+    mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL);
     sp_521_mul_add_9(a+i, m, mu);
     a[i+1] += a[i] >> 58;
     a[i] &= 0x3ffffffffffffffL;
@@ -36306,7 +36301,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint64_t p521_mod_minus_2[9] = {
+static const word64 p521_mod_minus_2[9] = {
     0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
@@ -36418,7 +36413,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_9(r->x, p521_mod);
-    sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 57));
+    sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 57));
     sp_521_norm_9(r->x);
 
     /* y /= z^3 */
@@ -36427,7 +36422,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_9(r->y, p521_mod);
-    sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 57));
+    sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 57));
     sp_521_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -36561,17 +36556,17 @@ SP_NOINLINE static void sp_521_rshift1_9(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<8; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 57) & 0x3ffffffffffffffL);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 57) & 0x3ffffffffffffffL);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 57) & 0x3ffffffffffffffL);
-    r[1] = (a[1] >> 1) + ((a[2] << 57) & 0x3ffffffffffffffL);
-    r[2] = (a[2] >> 1) + ((a[3] << 57) & 0x3ffffffffffffffL);
-    r[3] = (a[3] >> 1) + ((a[4] << 57) & 0x3ffffffffffffffL);
-    r[4] = (a[4] >> 1) + ((a[5] << 57) & 0x3ffffffffffffffL);
-    r[5] = (a[5] >> 1) + ((a[6] << 57) & 0x3ffffffffffffffL);
-    r[6] = (a[6] >> 1) + ((a[7] << 57) & 0x3ffffffffffffffL);
-    r[7] = (a[7] >> 1) + ((a[8] << 57) & 0x3ffffffffffffffL);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 57) & 0x3ffffffffffffffL);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 57) & 0x3ffffffffffffffL);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 57) & 0x3ffffffffffffffL);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 57) & 0x3ffffffffffffffL);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 57) & 0x3ffffffffffffffL);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 57) & 0x3ffffffffffffffL);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 57) & 0x3ffffffffffffffL);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 57) & 0x3ffffffffffffffL);
 #endif
     r[8] = a[8] >> 1;
 }
@@ -36882,8 +36877,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
         sp_521_mont_sub_9(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -36900,7 +36895,7 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -37074,8 +37069,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -37092,7 +37087,7 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -37654,13 +37649,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_521 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_521;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_6[66] = {
+static const word8 recode_index_9_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -37669,7 +37664,7 @@ static const uint8_t recode_index_9_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_6[66] = {
+static const word8 recode_neg_9_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -37687,7 +37682,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -37696,7 +37691,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 58) {
             y &= 0x3f;
             n >>= 6;
@@ -37710,12 +37705,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (58 - o)) & 0x3f);
+            y |= (word8)((n << (58 - o)) & 0x3f);
             o -= 52;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_9_6[y];
         v[i].neg = recode_neg_9_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -37763,7 +37758,7 @@ static void sp_521_get_point_33_9(sp_point_521* r, const sp_point_521* table,
     r->z[7] = 0;
     r->z[8] = 0;
     for (i = 1; i < 33; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -37997,8 +37992,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
         sp_521_mont_sub_9(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -38015,7 +38010,7 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -38165,7 +38160,7 @@ static void sp_521_get_entry_256_9(sp_point_521* r,
     r->y[7] = 0;
     r->y[8] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -38315,7 +38310,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -38343,7 +38338,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -40981,18 +40976,18 @@ SP_NOINLINE static void sp_521_rshift_9(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<8; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL);
     }
 #else
     for (i=0; i<8; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (58 - n)) & 0x3ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (58 - n)) & 0x3ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (58 - n)) & 0x3ffffffffffffffL);
     }
 #endif /* WOLFSSL_SP_SMALL */
     r[8] = a[8] >> n;
@@ -41054,7 +41049,7 @@ SP_NOINLINE static void sp_521_lshift_18(sp_digit* r, const sp_digit* a,
 
     r[18] = a[17] >> (58 - n);
     for (i=17; i>0; i--) {
-        r[i] = ((a[i] << n) | (a[i-1] >> (58 - n))) & 0x3ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (58 - n))) & 0x3ffffffffffffffL);
     }
 #else
     sp_int_digit s;
@@ -41063,41 +41058,41 @@ SP_NOINLINE static void sp_521_lshift_18(sp_digit* r, const sp_digit* a,
     s = (sp_int_digit)a[17];
     r[18] = s >> (58U - n);
     s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]);
-    r[17] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[17] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]);
-    r[16] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[16] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]);
-    r[15] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[15] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]);
-    r[14] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[14] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]);
-    r[13] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[13] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]);
-    r[12] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[12] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]);
-    r[11] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[11] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]);
-    r[10] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[10] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]);
-    r[9] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[9] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]);
-    r[8] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[8] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]);
-    r[7] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[7] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]);
-    r[6] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[6] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]);
-    r[5] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[5] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]);
-    r[4] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[4] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]);
-    r[3] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[3] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]);
-    r[2] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[2] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
     s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]);
-    r[1] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL;
+    r[1] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL);
 #endif /* WOLFSSL_SP_SMALL */
-    r[0] = (a[0] << n) & 0x3ffffffffffffffL;
+    r[0] = (sp_digit)((a[0] << n) & 0x3ffffffffffffffL);
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -41196,14 +41191,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint64_t p521_order_minus_2[9] = {
+static const word64 p521_order_minus_2[9] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint64_t p521_order_low[5] = {
+static const word64 p521_order_low[5] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU
 };
@@ -41753,7 +41748,7 @@ static int sp_521_num_bits_58_9(sp_digit v)
     v |= v >> 8;
     v |= v >> 16;
     v |= v >> 32;
-    return sp_521_tab64_9[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
+    return sp_521_tab64_9[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58];
 }
 
 static int sp_521_num_bits_9(const sp_digit* a)
@@ -42672,7 +42667,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint64_t p521_sqrt_power[9] = {
+static const word64 p521_sqrt_power[9] = {
     0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000080
@@ -42818,29 +42813,29 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
     t0 = ((sp_int128)a[ 0]) * b[ 0];
     t1 = ((sp_int128)a[ 0]) * b[ 1]
        + ((sp_int128)a[ 1]) * b[ 0];
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 0]) * b[ 2]
        + ((sp_int128)a[ 1]) * b[ 1]
        + ((sp_int128)a[ 2]) * b[ 0];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 0]) * b[ 3]
        + ((sp_int128)a[ 1]) * b[ 2]
        + ((sp_int128)a[ 2]) * b[ 1]
        + ((sp_int128)a[ 3]) * b[ 0];
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 0]) * b[ 4]
        + ((sp_int128)a[ 1]) * b[ 3]
        + ((sp_int128)a[ 2]) * b[ 2]
        + ((sp_int128)a[ 3]) * b[ 1]
        + ((sp_int128)a[ 4]) * b[ 0];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 0]) * b[ 5]
        + ((sp_int128)a[ 1]) * b[ 4]
        + ((sp_int128)a[ 2]) * b[ 3]
        + ((sp_int128)a[ 3]) * b[ 2]
        + ((sp_int128)a[ 4]) * b[ 1]
        + ((sp_int128)a[ 5]) * b[ 0];
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 0]) * b[ 6]
        + ((sp_int128)a[ 1]) * b[ 5]
        + ((sp_int128)a[ 2]) * b[ 4]
@@ -42848,7 +42843,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 4]) * b[ 2]
        + ((sp_int128)a[ 5]) * b[ 1]
        + ((sp_int128)a[ 6]) * b[ 0];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 0]) * b[ 7]
        + ((sp_int128)a[ 1]) * b[ 6]
        + ((sp_int128)a[ 2]) * b[ 5]
@@ -42857,7 +42852,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 5]) * b[ 2]
        + ((sp_int128)a[ 6]) * b[ 1]
        + ((sp_int128)a[ 7]) * b[ 0];
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 0]) * b[ 8]
        + ((sp_int128)a[ 1]) * b[ 7]
        + ((sp_int128)a[ 2]) * b[ 6]
@@ -42867,7 +42862,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 2]
        + ((sp_int128)a[ 7]) * b[ 1]
        + ((sp_int128)a[ 8]) * b[ 0];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 1]) * b[ 8]
        + ((sp_int128)a[ 2]) * b[ 7]
        + ((sp_int128)a[ 3]) * b[ 6]
@@ -42876,7 +42871,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 3]
        + ((sp_int128)a[ 7]) * b[ 2]
        + ((sp_int128)a[ 8]) * b[ 1];
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 2]) * b[ 8]
        + ((sp_int128)a[ 3]) * b[ 7]
        + ((sp_int128)a[ 4]) * b[ 6]
@@ -42884,35 +42879,35 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a,
        + ((sp_int128)a[ 6]) * b[ 4]
        + ((sp_int128)a[ 7]) * b[ 3]
        + ((sp_int128)a[ 8]) * b[ 2];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 3]) * b[ 8]
        + ((sp_int128)a[ 4]) * b[ 7]
        + ((sp_int128)a[ 5]) * b[ 6]
        + ((sp_int128)a[ 6]) * b[ 5]
        + ((sp_int128)a[ 7]) * b[ 4]
        + ((sp_int128)a[ 8]) * b[ 3];
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 4]) * b[ 8]
        + ((sp_int128)a[ 5]) * b[ 7]
        + ((sp_int128)a[ 6]) * b[ 6]
        + ((sp_int128)a[ 7]) * b[ 5]
        + ((sp_int128)a[ 8]) * b[ 4];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 5]) * b[ 8]
        + ((sp_int128)a[ 6]) * b[ 7]
        + ((sp_int128)a[ 7]) * b[ 6]
        + ((sp_int128)a[ 8]) * b[ 5];
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 6]) * b[ 8]
        + ((sp_int128)a[ 7]) * b[ 7]
        + ((sp_int128)a[ 8]) * b[ 6];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = ((sp_int128)a[ 7]) * b[ 8]
        + ((sp_int128)a[ 8]) * b[ 7];
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = ((sp_int128)a[ 8]) * b[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -42930,66 +42925,66 @@ SP_NOINLINE static void sp_1024_sqr_9(sp_digit* r, const sp_digit* a)
 
     t0 =  ((sp_int128)a[ 0]) * a[ 0];
     t1 = (((sp_int128)a[ 0]) * a[ 1]) * 2;
-    t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 0]) * a[ 2]) * 2
        +  ((sp_int128)a[ 1]) * a[ 1];
-    t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 0]) * a[ 3]
        +  ((sp_int128)a[ 1]) * a[ 2]) * 2;
-    t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 0]) * a[ 4]
        +  ((sp_int128)a[ 1]) * a[ 3]) * 2
        +  ((sp_int128)a[ 2]) * a[ 2];
-    t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 0]) * a[ 5]
        +  ((sp_int128)a[ 1]) * a[ 4]
        +  ((sp_int128)a[ 2]) * a[ 3]) * 2;
-    t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 0]) * a[ 6]
        +  ((sp_int128)a[ 1]) * a[ 5]
        +  ((sp_int128)a[ 2]) * a[ 4]) * 2
        +  ((sp_int128)a[ 3]) * a[ 3];
-    t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 0]) * a[ 7]
        +  ((sp_int128)a[ 1]) * a[ 6]
        +  ((sp_int128)a[ 2]) * a[ 5]
        +  ((sp_int128)a[ 3]) * a[ 4]) * 2;
-    t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 0]) * a[ 8]
        +  ((sp_int128)a[ 1]) * a[ 7]
        +  ((sp_int128)a[ 2]) * a[ 6]
        +  ((sp_int128)a[ 3]) * a[ 5]) * 2
        +  ((sp_int128)a[ 4]) * a[ 4];
-    t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 1]) * a[ 8]
        +  ((sp_int128)a[ 2]) * a[ 7]
        +  ((sp_int128)a[ 3]) * a[ 6]
        +  ((sp_int128)a[ 4]) * a[ 5]) * 2;
-    t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 2]) * a[ 8]
        +  ((sp_int128)a[ 3]) * a[ 7]
        +  ((sp_int128)a[ 4]) * a[ 6]) * 2
        +  ((sp_int128)a[ 5]) * a[ 5];
-    r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 3]) * a[ 8]
        +  ((sp_int128)a[ 4]) * a[ 7]
        +  ((sp_int128)a[ 5]) * a[ 6]) * 2;
-    r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 4]) * a[ 8]
        +  ((sp_int128)a[ 5]) * a[ 7]) * 2
        +  ((sp_int128)a[ 6]) * a[ 6];
-    r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 5]) * a[ 8]
        +  ((sp_int128)a[ 6]) * a[ 7]) * 2;
-    r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 = (((sp_int128)a[ 6]) * a[ 8]) * 2
        +  ((sp_int128)a[ 7]) * a[ 7];
-    r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
+    r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
     t1 = (((sp_int128)a[ 7]) * a[ 8]) * 2;
-    r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57;
+    r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57;
     t0 =  ((sp_int128)a[ 8]) * a[ 8];
-    r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57;
-    r[16] = t0 & 0x1ffffffffffffffL;
+    r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57;
+    r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL);
     r[17] = (sp_digit)(t0 >> 57);
     XMEMCPY(r, t, sizeof(t));
 }
@@ -43505,20 +43500,20 @@ SP_NOINLINE static void sp_1024_rshift_18(sp_digit* r, const sp_digit* a,
 
 #ifdef WOLFSSL_SP_SMALL
     for (i=0; i<17; i++) {
-        r[i] = ((a[i] >> n) | (a[i + 1] << (57 - n))) & 0x1ffffffffffffffL;
+        r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (57 - n))) & 0x1ffffffffffffffL);
     }
 #else
     for (i=0; i<16; i += 8) {
-        r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
-        r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL);
+        r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL);
     }
-    r[16] = (a[16] >> n) | ((a[17] << (57 - n)) & 0x1ffffffffffffffL);
+    r[16] = (a[16] >> n) | (sp_digit)((a[17] << (57 - n)) & 0x1ffffffffffffffL);
 #endif /* WOLFSSL_SP_SMALL */
     r[17] = a[17] >> n;
 }
@@ -44077,20 +44072,20 @@ SP_NOINLINE static void sp_1024_mul_add_18(sp_digit* r, const sp_digit* a,
         t[1]  = (tb * a[i+1]) + r[i+1];
         t[2]  = (tb * a[i+2]) + r[i+2];
         t[3]  = (tb * a[i+3]) + r[i+3];
-        r[i+0] = t[0] & 0x1ffffffffffffffL;
+        r[i+0] = (sp_digit)(t[0] & 0x1ffffffffffffffL);
         t[1] += t[0] >> 57;
-        r[i+1] = t[1] & 0x1ffffffffffffffL;
+        r[i+1] = (sp_digit)(t[1] & 0x1ffffffffffffffL);
         t[2] += t[1] >> 57;
-        r[i+2] = t[2] & 0x1ffffffffffffffL;
+        r[i+2] = (sp_digit)(t[2] & 0x1ffffffffffffffL);
         t[3] += t[2] >> 57;
-        r[i+3] = t[3] & 0x1ffffffffffffffL;
+        r[i+3] = (sp_digit)(t[3] & 0x1ffffffffffffffL);
         t[0]  = t[3] >> 57;
     }
     t[0] += (tb * a[16]) + r[16];
     t[1]  = (tb * a[17]) + r[17];
-    r[16] = t[0] & 0x1ffffffffffffffL;
+    r[16] = (sp_digit)(t[0] & 0x1ffffffffffffffL);
     t[1] += t[0] >> 57;
-    r[17] = t[1] & 0x1ffffffffffffffL;
+    r[17] = (sp_digit)(t[1] & 0x1ffffffffffffffL);
     r[18] +=  (sp_digit)(t[1] >> 57);
 #else
     sp_int128 tb = b;
@@ -44136,7 +44131,7 @@ static void sp_1024_mont_shift_18(sp_digit* r, const sp_digit* a)
     n = a[17] >> 55;
     for (i = 0; i < 17; i++) {
         n += (sp_uint64)a[18 + i] << 2;
-        r[i] = n & 0x1ffffffffffffffL;
+        r[i] = (sp_digit)(n & 0x1ffffffffffffffL);
         n >>= 57;
     }
     n += (sp_uint64)a[35] << 2;
@@ -44148,16 +44143,16 @@ static void sp_1024_mont_shift_18(sp_digit* r, const sp_digit* a)
     n  = (sp_uint64)a[17];
     n  = n >> 55U;
     for (i = 0; i < 16; i += 8) {
-        n += (sp_uint64)a[i+18] << 2U; r[i+0] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+19] << 2U; r[i+1] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+20] << 2U; r[i+2] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+21] << 2U; r[i+3] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+22] << 2U; r[i+4] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+23] << 2U; r[i+5] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+24] << 2U; r[i+6] = n & 0x1ffffffffffffffUL; n >>= 57U;
-        n += (sp_uint64)a[i+25] << 2U; r[i+7] = n & 0x1ffffffffffffffUL; n >>= 57U;
+        n += (sp_uint64)a[i+18] << 2U; r[i+0] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+19] << 2U; r[i+1] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+20] << 2U; r[i+2] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+21] << 2U; r[i+3] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+22] << 2U; r[i+4] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+23] << 2U; r[i+5] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+24] << 2U; r[i+6] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
+        n += (sp_uint64)a[i+25] << 2U; r[i+7] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
     }
-    n += (sp_uint64)a[34] << 2U; r[16] = n & 0x1ffffffffffffffUL; n >>= 57U;
+    n += (sp_uint64)a[34] << 2U; r[16] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U;
     n += (sp_uint64)a[35] << 2U; r[17] = n;
 #endif /* WOLFSSL_SP_SMALL */
     XMEMSET(&r[18], 0, sizeof(*r) * 18U);
@@ -44179,22 +44174,22 @@ static void sp_1024_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp)
 
     if (mp != 1) {
         for (i=0; i<17; i++) {
-            mu = (a[i] * mp) & 0x1ffffffffffffffL;
+            mu = (sp_digit)((a[i] * mp) & 0x1ffffffffffffffL);
             sp_1024_mul_add_18(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = (a[i] * mp) & 0x7fffffffffffffL;
+        mu = (sp_digit)((a[i] * mp) & 0x7fffffffffffffL);
         sp_1024_mul_add_18(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
     }
     else {
         for (i=0; i<17; i++) {
-            mu = a[i] & 0x1ffffffffffffffL;
+            mu = (sp_digit)(a[i] & 0x1ffffffffffffffL);
             sp_1024_mul_add_18(a+i, m, mu);
             a[i+1] += a[i] >> 57;
         }
-        mu = a[i] & 0x7fffffffffffffL;
+        mu = (sp_digit)(a[i] & 0x7fffffffffffffL);
         sp_1024_mul_add_18(a+i, m, mu);
         a[i+1] += a[i] >> 57;
         a[i] &= 0x1ffffffffffffffL;
@@ -44236,7 +44231,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_18(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -44320,7 +44315,7 @@ static void sp_1024_map_18(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_18(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_18(r->x, p1024_mod);
-    sp_1024_cond_sub_18(r->x, r->x, p1024_mod, ~(n >> 56));
+    sp_1024_cond_sub_18(r->x, r->x, p1024_mod, (sp_digit)~(n >> 56));
     sp_1024_norm_18(r->x);
 
     /* y /= z^3 */
@@ -44329,7 +44324,7 @@ static void sp_1024_map_18(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_18(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_18(r->y, p1024_mod);
-    sp_1024_cond_sub_18(r->y, r->y, p1024_mod, ~(n >> 56));
+    sp_1024_cond_sub_18(r->y, r->y, p1024_mod, (sp_digit)~(n >> 56));
     sp_1024_norm_18(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -44419,26 +44414,26 @@ SP_NOINLINE static void sp_1024_rshift1_18(sp_digit* r, const sp_digit* a)
     int i;
 
     for (i=0; i<17; i++) {
-        r[i] = (a[i] >> 1) + ((a[i + 1] << 56) & 0x1ffffffffffffffL);
+        r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 56) & 0x1ffffffffffffffL);
     }
 #else
-    r[0] = (a[0] >> 1) + ((a[1] << 56) & 0x1ffffffffffffffL);
-    r[1] = (a[1] >> 1) + ((a[2] << 56) & 0x1ffffffffffffffL);
-    r[2] = (a[2] >> 1) + ((a[3] << 56) & 0x1ffffffffffffffL);
-    r[3] = (a[3] >> 1) + ((a[4] << 56) & 0x1ffffffffffffffL);
-    r[4] = (a[4] >> 1) + ((a[5] << 56) & 0x1ffffffffffffffL);
-    r[5] = (a[5] >> 1) + ((a[6] << 56) & 0x1ffffffffffffffL);
-    r[6] = (a[6] >> 1) + ((a[7] << 56) & 0x1ffffffffffffffL);
-    r[7] = (a[7] >> 1) + ((a[8] << 56) & 0x1ffffffffffffffL);
-    r[8] = (a[8] >> 1) + ((a[9] << 56) & 0x1ffffffffffffffL);
-    r[9] = (a[9] >> 1) + ((a[10] << 56) & 0x1ffffffffffffffL);
-    r[10] = (a[10] >> 1) + ((a[11] << 56) & 0x1ffffffffffffffL);
-    r[11] = (a[11] >> 1) + ((a[12] << 56) & 0x1ffffffffffffffL);
-    r[12] = (a[12] >> 1) + ((a[13] << 56) & 0x1ffffffffffffffL);
-    r[13] = (a[13] >> 1) + ((a[14] << 56) & 0x1ffffffffffffffL);
-    r[14] = (a[14] >> 1) + ((a[15] << 56) & 0x1ffffffffffffffL);
-    r[15] = (a[15] >> 1) + ((a[16] << 56) & 0x1ffffffffffffffL);
-    r[16] = (a[16] >> 1) + ((a[17] << 56) & 0x1ffffffffffffffL);
+    r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 56) & 0x1ffffffffffffffL);
+    r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 56) & 0x1ffffffffffffffL);
+    r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 56) & 0x1ffffffffffffffL);
+    r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 56) & 0x1ffffffffffffffL);
+    r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 56) & 0x1ffffffffffffffL);
+    r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 56) & 0x1ffffffffffffffL);
+    r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 56) & 0x1ffffffffffffffL);
+    r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 56) & 0x1ffffffffffffffL);
+    r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 56) & 0x1ffffffffffffffL);
+    r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 56) & 0x1ffffffffffffffL);
+    r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 56) & 0x1ffffffffffffffL);
+    r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 56) & 0x1ffffffffffffffL);
+    r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 56) & 0x1ffffffffffffffL);
+    r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 56) & 0x1ffffffffffffffL);
+    r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 56) & 0x1ffffffffffffffL);
+    r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 56) & 0x1ffffffffffffffL);
+    r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 56) & 0x1ffffffffffffffL);
 #endif
     r[17] = a[17] >> 1;
 }
@@ -44753,8 +44748,8 @@ static void sp_1024_proj_point_add_18(sp_point_1024* r,
         sp_1024_mont_sub_18(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -44771,7 +44766,7 @@ static void sp_1024_proj_point_add_18(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -44945,8 +44940,8 @@ static int sp_1024_proj_point_add_18_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -44963,7 +44958,7 @@ static int sp_1024_proj_point_add_18_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -45525,13 +45520,13 @@ static void sp_1024_proj_point_add_sub_18(sp_point_1024* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_1024 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_1024;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_18_7[130] = {
+static const word8 recode_index_18_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -45544,7 +45539,7 @@ static const uint8_t recode_index_18_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_18_7[130] = {
+static const word8 recode_neg_18_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -45566,7 +45561,7 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -45575,7 +45570,7 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 57) {
             y &= 0x7f;
             n >>= 7;
@@ -45589,12 +45584,12 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v)
         }
         else if (++j < 18) {
             n = k[j];
-            y |= (uint8_t)((n << (57 - o)) & 0x7f);
+            y |= (word8)((n << (57 - o)) & 0x7f);
             o -= 50;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_18_7[y];
         v[i].neg = recode_neg_18_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -45808,8 +45803,8 @@ static void sp_1024_proj_point_add_qz1_18(sp_point_1024* r,
         sp_1024_mont_sub_18(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -45826,7 +45821,7 @@ static void sp_1024_proj_point_add_qz1_18(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -46057,7 +46052,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -46085,7 +46080,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -49795,7 +49790,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -49853,7 +49848,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -52531,7 +52526,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -52760,7 +52755,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -53150,7 +53145,7 @@ static int sp_1024_ecc_is_point_18(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_18(t1, p1024_mod);
-        sp_1024_cond_sub_18(t1, t1, p1024_mod, ~(n >> 56));
+        sp_1024_cond_sub_18(t1, t1, p1024_mod, (sp_digit)~(n >> 56));
         sp_1024_norm_18(t1);
         if (!sp_1024_iszero_18(t1)) {
             err = MP_VAL;
diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c
index f664cf2d3..b4d3b8e7e 100644
--- a/wolfcrypt/src/sp_cortexm.c
+++ b/wolfcrypt/src/sp_cortexm.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,11 @@
 
 /* Implementation by Sean Parkinson. */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(WOLFSSL_HAVE_SP_ECC)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -67,7 +62,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 31) / 32) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -93,7 +88,8 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -104,12 +100,20 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -240,7 +244,7 @@ static void sp_2048_to_bin_64(sp_digit* r, byte* a)
 #define sp_2048_norm_64(a)
 
 #ifndef WOLFSSL_SP_SMALL
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 /* Multiply a and b into r. (r = a * b)
  *
  * r  A single precision integer.
@@ -736,7 +740,7 @@ SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_d
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 /* Add b to a into r. (r = a + b)
  *
  * r  A single precision integer.
@@ -776,7 +780,7 @@ static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -829,7 +833,7 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -885,7 +889,7 @@ static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -1031,7 +1035,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -1115,7 +1119,7 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -1321,7 +1325,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -1461,7 +1465,7 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -1533,7 +1537,7 @@ SP_NOINLINE static void sp_2048_mul_64(sp_digit* r, const sp_digit* a,
     (void)sp_2048_add_32(r + 96, r + 96, a1);
 }
 
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 /* Square a and put result in r. (r = a * a)
  *
  * r  A single precision integer.
@@ -1899,7 +1903,7 @@ SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 /* Sub b from a into r. (r = a - b)
  *
  * r  A single precision integer.
@@ -1938,7 +1942,7 @@ static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -2029,7 +2033,7 @@ static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -2148,7 +2152,7 @@ static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -2239,7 +2243,7 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -2291,7 +2295,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -2608,7 +2612,7 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -2660,7 +2664,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -3404,7 +3408,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -3548,7 +3552,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -4651,7 +4655,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -4733,7 +4737,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -5146,7 +5150,7 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -5345,7 +5349,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
@@ -5513,7 +5517,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
@@ -5596,7 +5600,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -5852,7 +5856,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -7113,7 +7117,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -7253,7 +7257,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -7319,7 +7323,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -7401,7 +7405,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -8269,7 +8273,7 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -8462,7 +8466,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
@@ -8613,7 +8617,7 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
@@ -8841,7 +8845,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -8985,7 +8989,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -9821,7 +9825,7 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
         sp_2048_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0);
         sp_2048_cond_sub_64(r, r, m, mask);
     }
 
@@ -9969,7 +9973,8 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -9980,12 +9985,20 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -11189,7 +11202,7 @@ static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -11256,7 +11269,7 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -11326,7 +11339,7 @@ static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -11504,7 +11517,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -11616,7 +11629,7 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -11878,7 +11891,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -12074,7 +12087,7 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -12891,7 +12904,7 @@ static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -12996,7 +13009,7 @@ static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -13143,7 +13156,7 @@ static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -13234,7 +13247,7 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -13286,7 +13299,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -13603,7 +13616,7 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -13655,7 +13668,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -14559,7 +14572,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -14759,7 +14772,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -16150,7 +16163,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -16232,7 +16245,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -16821,7 +16834,7 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -17020,7 +17033,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
@@ -17188,7 +17201,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
@@ -17271,7 +17284,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -17639,7 +17652,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -19316,7 +19329,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -19512,7 +19525,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -19578,7 +19591,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -19660,7 +19673,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -20880,7 +20893,7 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -21073,7 +21086,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
@@ -21224,7 +21237,7 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
@@ -21452,7 +21465,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -21652,7 +21665,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -22680,7 +22693,7 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
         sp_3072_mont_reduce_96(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0);
         sp_3072_cond_sub_96(r, r, m, mask);
     }
 
@@ -22828,7 +22841,8 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -22839,12 +22853,20 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -23221,7 +23243,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -23473,7 +23495,7 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit*
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Multiply a and b into r. (r = a * b)
@@ -23603,7 +23625,7 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit*
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -23655,7 +23677,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -24718,7 +24740,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -25198,7 +25220,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -27291,7 +27313,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit*
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -27543,7 +27565,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit*
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -27609,7 +27631,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -27691,7 +27713,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -29263,7 +29285,7 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -29456,7 +29478,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
@@ -29607,7 +29629,7 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
@@ -29835,7 +29857,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -30091,7 +30113,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -31311,7 +31333,7 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
         sp_4096_mont_reduce_128(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0);
         sp_4096_cond_sub_128(r, r, m, mask);
     }
 
@@ -31605,7 +31627,7 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
 }
 
 #else
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 /* Multiply a and b into r. (r = a * b)
  *
  * r  A single precision integer.
@@ -32101,7 +32123,7 @@ SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_di
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Square a and put result in r. (r = a * a)
@@ -32222,7 +32244,7 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
 }
 
 #else
-#ifdef WOLFSSL_SP_NO_UMAAL
+#ifdef WOLFSSL_ARM_ARCH_7M
 /* Square a and put result in r. (r = a * a)
  *
  * r  A single precision integer.
@@ -32588,7 +32610,7 @@ SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
     );
 }
 
-#endif /* WOLFSSL_SP_NO_UMAAL */
+#endif /* WOLFSSL_ARM_ARCH_7M */
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Add b to a into r. (r = a + b)
@@ -32641,7 +32663,7 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -32684,7 +32706,7 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -32931,7 +32953,7 @@ static int sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a, const sp_digit*
 #else
     (void)m;
 #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Convert an mp_int to an array of sp_digit.
@@ -34541,7 +34563,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_minus_2[8] = {
+static const word32 p256_mod_minus_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -34761,7 +34783,7 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -34823,7 +34845,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -34883,7 +34905,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -35522,7 +35544,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_8(r->x, p256_mod);
-    sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->x, r->x, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->x);
 
     /* y /= z^3 */
@@ -35531,7 +35553,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_8(r->y, p256_mod);
-    sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31));
+    sp_256_cond_sub_8(r->y, r->y, p256_mod, (sp_digit)~(n >> 31));
     sp_256_norm_8(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -36173,8 +36195,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
         sp_256_mont_sub_8(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -36191,7 +36213,7 @@ static void sp_256_proj_point_add_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -36365,8 +36387,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -36383,7 +36405,7 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -36438,7 +36460,7 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
     r->z[6] = 0;
     r->z[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -36836,8 +36858,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
         sp_256_mont_sub_8(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -36854,7 +36876,7 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -36981,7 +37003,7 @@ static void sp_256_get_entry_16_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -37129,7 +37151,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -37157,7 +37179,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -37402,7 +37424,7 @@ static void sp_256_get_entry_256_8(sp_point_256* r,
     r->y[6] = 0;
     r->y[7] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -37550,7 +37572,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -37578,7 +37600,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -39426,7 +39448,8 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -39437,12 +39460,20 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -39831,7 +39862,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -39871,7 +39902,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -40063,7 +40094,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -40145,7 +40176,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -40247,7 +40278,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_minus_2[8] = {
+static const word32 p256_order_minus_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
@@ -40844,7 +40875,7 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -40886,7 +40917,7 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -41227,7 +41258,7 @@ static int sp_256_num_bits_8(const sp_digit* a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -44327,7 +44358,7 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -44377,7 +44408,7 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -44461,18 +44492,18 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = t[0];
-        r[1] = t[1];
-        r[2] = t[2];
-        r[3] = t[3];
-        r[4] = t[4];
-        r[5] = t[5];
-        r[6] = t[6];
-        r[7] = t[7];
-        r[8] = t[8];
-        r[9] = t[9];
-        r[10] = t[10];
-        r[11] = t[11];
+        r[0] = (sp_digit)t[0];
+        r[1] = (sp_digit)t[1];
+        r[2] = (sp_digit)t[2];
+        r[3] = (sp_digit)t[3];
+        r[4] = (sp_digit)t[4];
+        r[5] = (sp_digit)t[5];
+        r[6] = (sp_digit)t[6];
+        r[7] = (sp_digit)t[7];
+        r[8] = (sp_digit)t[8];
+        r[9] = (sp_digit)t[9];
+        r[10] = (sp_digit)t[10];
+        r[11] = (sp_digit)t[11];
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -44730,7 +44761,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -44804,7 +44835,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -45134,7 +45165,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint32_t p384_mod_minus_2[12] = {
+static const word32 p384_mod_minus_2[12] = {
     0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
@@ -45414,7 +45445,7 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -45447,7 +45478,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_12(r->x, p384_mod);
-    sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->x, r->x, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->x);
 
     /* y /= z^3 */
@@ -45456,7 +45487,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_12(r->y, p384_mod);
-    sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31));
+    sp_384_cond_sub_12(r->y, r->y, p384_mod, (sp_digit)~(n >> 31));
     sp_384_norm_12(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -45589,7 +45620,7 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -45638,7 +45669,7 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -45695,7 +45726,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -45769,7 +45800,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -46174,8 +46205,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
         sp_384_mont_sub_12(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -46192,7 +46223,7 @@ static void sp_384_proj_point_add_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -46366,8 +46397,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -46384,7 +46415,7 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -46451,7 +46482,7 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
     r->z[10] = 0;
     r->z[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -46861,8 +46892,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
         sp_384_mont_sub_12(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -46879,7 +46910,7 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -47014,7 +47045,7 @@ static void sp_384_get_entry_16_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -47170,7 +47201,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -47198,7 +47229,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -47451,7 +47482,7 @@ static void sp_384_get_entry_256_12(sp_point_384* r,
     r->y[10] = 0;
     r->y[11] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -47607,7 +47638,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -47635,7 +47666,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -49489,7 +49520,8 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -49500,12 +49532,20 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -49894,7 +49934,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -49941,7 +49981,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -50153,7 +50193,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -50235,7 +50275,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -50341,13 +50381,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint32_t p384_order_minus_2[12] = {
+static const word32 p384_order_minus_2[12] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint32_t p384_order_low[6] = {
+static const word32 p384_order_low[6] = {
     0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -51286,7 +51326,7 @@ static int sp_384_num_bits_12(const sp_digit* a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -56042,7 +56082,7 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -56103,7 +56143,7 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -56373,7 +56413,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -56466,7 +56506,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -57169,7 +57209,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint32_t p521_mod_minus_2[17] = {
+static const word32 p521_mod_minus_2[17] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
@@ -57501,7 +57541,7 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Normalize the values in each word to 32.
@@ -57534,7 +57574,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_17(r->x, p521_mod);
-    sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->x, r->x, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->x);
 
     /* y /= z^3 */
@@ -57543,7 +57583,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_17(r->y, p521_mod);
-    sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31));
+    sp_521_cond_sub_17(r->y, r->y, p521_mod, (sp_digit)~(n >> 31));
     sp_521_norm_17(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -58309,8 +58349,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
         sp_521_mont_sub_17(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -58327,7 +58367,7 @@ static void sp_521_proj_point_add_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -58501,8 +58541,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -58519,7 +58559,7 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -58601,7 +58641,7 @@ static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table,
     r->z[15] = 0;
     r->z[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -59030,8 +59070,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
         sp_521_mont_sub_17(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -59048,7 +59088,7 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -59193,7 +59233,7 @@ static void sp_521_get_entry_16_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 16; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -59359,7 +59399,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -59387,7 +59427,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -59650,7 +59690,7 @@ static void sp_521_get_entry_256_17(sp_point_521* r,
     r->y[15] = 0;
     r->y[16] = 0;
     for (i = 1; i < 256; i++) {
-        mask = 0 - (i == idx);
+        mask = (sp_digit)0 - (i == idx);
         r->x[0] |= mask & table[i].x[0];
         r->x[1] |= mask & table[i].x[1];
         r->x[2] |= mask & table[i].x[2];
@@ -59816,7 +59856,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -59844,7 +59884,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -62251,7 +62291,8 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -62262,12 +62303,20 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -63111,7 +63160,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #else
@@ -63169,7 +63218,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -63406,7 +63455,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -63488,7 +63537,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -63601,14 +63650,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint32_t p521_order_minus_2[17] = {
+static const word32 p521_order_minus_2[17] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU,
     0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint32_t p521_order_low[9] = {
+static const word32 p521_order_low[9] = {
     0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U,
     0xbf2f966bU,0x51868783U,0xfffffffaU
 };
@@ -64193,7 +64242,7 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -64253,7 +64302,7 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -64848,7 +64897,7 @@ static int sp_521_num_bits_17(const sp_digit* a)
         :
         : "memory", "r1", "r2", "r3", "r4", "r5", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Non-constant time modular inversion.
@@ -65722,7 +65771,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint32_t p521_sqrt_power[17] = {
+static const word32 p521_sqrt_power[17] = {
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
     0x00000000,0x00000000,0x00000080
@@ -68866,7 +68915,7 @@ static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Sub b from a into a. (a -= b)
@@ -68947,7 +68996,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Add b to a into r. (r = a + b)
@@ -69031,7 +69080,7 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* AND m into each word of a and store in r.
@@ -69155,7 +69204,7 @@ static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 /* Square a and put result in r. (r = a * a)
@@ -69571,7 +69620,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -69628,7 +69677,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -69772,7 +69821,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -69827,7 +69876,7 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -70139,7 +70188,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #else
@@ -70221,7 +70270,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit
         :
         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)d1;
+    return (word32)(size_t)d1;
 }
 
 #endif
@@ -70664,7 +70713,7 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b)
         :
         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)a;
+    return (word32)(size_t)a;
 }
 
 /* Divide d in a and put remainder into r (m*d + r = a)
@@ -71569,7 +71618,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -71659,7 +71708,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_32(r->x, p1024_mod);
-    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->x, r->x, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->x);
 
     /* y /= z^3 */
@@ -71668,7 +71717,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_32(r->y, p1024_mod);
-    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31));
+    sp_1024_cond_sub_32(r->y, r->y, p1024_mod, (sp_digit)~(n >> 31));
     sp_1024_norm_32(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -72557,7 +72606,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #else
@@ -72701,7 +72750,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig
         :
         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc"
     );
-    return (uint32_t)(size_t)r;
+    return (word32)(size_t)r;
 }
 
 #endif /* WOLFSSL_SP_SMALL */
@@ -73166,8 +73215,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73184,7 +73233,7 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -73358,8 +73407,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73376,7 +73425,7 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -73717,8 +73766,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
         sp_1024_mont_sub_32(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -73735,7 +73784,7 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -73945,7 +73994,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[16];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -73973,7 +74022,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -74301,7 +74350,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -74329,7 +74378,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -78246,7 +78295,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -78304,7 +78353,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -81238,7 +81287,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -81467,7 +81516,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -81790,7 +81839,8 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
     int j;
     byte* d;
 
-    for (i = n - 1,j = 0; i >= 3; i -= 4) {
+    j = 0;
+    for (i = n - 1; i >= 3; i -= 4) {
         r[j]  = ((sp_digit)a[i - 0] <<  0) |
                 ((sp_digit)a[i - 1] <<  8) |
                 ((sp_digit)a[i - 2] << 16) |
@@ -81801,12 +81851,20 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
     if (i >= 0) {
         r[j] = 0;
 
-        d = (byte*)r;
+        d = (byte*)(r + j);
+#ifdef BIG_ENDIAN_ORDER
         switch (i) {
-            case 2: d[n - 1 - 2] = a[2]; //fallthrough
-            case 1: d[n - 1 - 1] = a[1]; //fallthrough
-            case 0: d[n - 1 - 0] = a[0]; //fallthrough
+            case 2: d[1] = *(a++); //fallthrough
+            case 1: d[2] = *(a++); //fallthrough
+            case 0: d[3] = *a    ; //fallthrough
         }
+#else
+        switch (i) {
+            case 2: d[2] = a[2]; //fallthrough
+            case 1: d[1] = a[1]; //fallthrough
+            case 0: d[0] = a[0]; //fallthrough
+        }
+#endif
         j++;
     }
 
@@ -81860,7 +81918,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_32(t1, p1024_mod);
-        sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31));
+        sp_1024_cond_sub_32(t1, t1, p1024_mod, (sp_digit)~(n >> 31));
         sp_1024_norm_32(t1);
         if (!sp_1024_iszero_32(t1)) {
             err = MP_VAL;
diff --git a/wolfcrypt/src/sp_dsp32.c b/wolfcrypt/src/sp_dsp32.c
index f14e1ab37..f218860ed 100644
--- a/wolfcrypt/src/sp_dsp32.c
+++ b/wolfcrypt/src/sp_dsp32.c
@@ -1,6 +1,6 @@
 /* sp_cdsp_signed.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,14 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
 /* from wolfcrypt/src/sp_c32.c */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -1309,7 +1305,7 @@ static void sp_256_mont_sqr_n_10(sp_digit* r, const sp_digit* a, int n,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint32_t p256_mod_2[8] = {
+static const word32 p256_mod_2[8] = {
     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
     0x00000001U,0xffffffffU
 };
@@ -1390,10 +1386,10 @@ static void sp_256_mont_inv_10(sp_digit* r, const sp_digit* a, sp_digit* td)
 }
 
 
-/* Map the Montgomery form projective co-ordinate point to an affine point.
+/* Map the Montgomery form projective coordinate point to an affine point.
  *
- * r  Resulting affine co-ordinate point.
- * p  Montgomery form projective co-ordinate point.
+ * r  Resulting affine coordinate point.
+ * p  Montgomery form projective coordinate point.
  * t  Temporary ordinate data.
  */
 static void sp_256_map_10(sp_point* r, const sp_point* p, sp_digit* t)
@@ -1910,7 +1906,7 @@ static void sp_256_proj_point_add_10(sp_point* r, const sp_point* p, const sp_po
 
 #ifdef WOLFSSL_SP_SMALL
 /* Multiply the point by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * g     Point to multiply.
@@ -2006,7 +2002,7 @@ static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
 
 #elif !defined(WC_NO_CACHE_RESISTANT)
 /* Multiply the point by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * g     Point to multiply.
@@ -2119,7 +2115,7 @@ typedef struct sp_table_entry {
 } sp_table_entry;
 
 /* Multiply the point by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * g     Point to multiply.
@@ -2517,7 +2513,7 @@ static int sp_256_gen_stripe_table_10(const sp_point* a,
 
 #endif /* FP_ECC */
 /* Multiply the point by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * k     Scalar to multiply by.
@@ -2607,7 +2603,7 @@ typedef struct sp_cache_t {
     sp_digit x[10] __attribute__((aligned(128)));
     sp_digit y[10] __attribute__((aligned(128)));
     sp_table_entry table[256] __attribute__((aligned(128)));
-    uint32_t cnt;
+    word32 cnt;
     int set;
 } sp_cache_t;
 
@@ -2625,7 +2621,7 @@ static THREAD_LS_T int sp_cache_inited = 0;
 static void sp_ecc_get_cache(const sp_point* g, sp_cache_t** cache)
 {
     int i, j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -2679,7 +2675,7 @@ static void sp_ecc_get_cache(const sp_point* g, sp_cache_t** cache)
 #endif /* FP_ECC */
 
 /* Multiply the base point of P256 by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * g     Point to multiply.
@@ -2735,7 +2731,7 @@ static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
 
 #ifdef WOLFSSL_SP_SMALL
 /* Multiply the base point of P256 by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * k     Scalar to multiply by.
@@ -4033,7 +4029,7 @@ static const sp_table_entry p256_table[256] = {
 };
 
 /* Multiply the base point of P256 by the scalar and return the result.
- * If map is true then convert result to affine co-ordinates.
+ * If map is true then convert result to affine coordinates.
  *
  * r     Resulting point.
  * k     Scalar to multiply by.
@@ -4251,13 +4247,13 @@ static int sp_256_mod_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
 #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint32_t p256_order_2[8] = {
+static const word32 p256_order_2[8] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
     0x00000000U,0xffffffffU
 };
 #else
 /* The low half of the order-2 of the P256 curve. */
-static const uint32_t p256_order_low[4] = {
+static const word32 p256_order_low[4] = {
     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -4538,21 +4534,21 @@ void wc_ecc_fp_free(void)
 }
 
 
-AEEResult wolfSSL_open(const char *uri, remote_handle64 *handle) 
+AEEResult wolfSSL_open(const char *uri, remote_handle64 *handle)
 {
   /* can be any value or ignored, rpc layer doesn't care
    * also ok
    * *handle = 0;
    * *handle = 0xdeadc0de;
    */
-   *handle = (remote_handle64)malloc(1);
+   *handle = (remote_handle64)XMALLOC(1, NULL, DYNAMIC_TYPE_ECC);
    return 0;
 }
 
-AEEResult wolfSSL_close(remote_handle64 handle) 
+AEEResult wolfSSL_close(remote_handle64 handle)
 {
    if (handle)
-      free((void*)handle);
+      XFREE((void*)handle, NULL, DYNAMIC_TYPE_ECC);
    return 0;
 }
 #endif /* HAVE_ECC_VERIFY */
diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index a25ddab4a..1769840e7 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -1,6 +1,6 @@
 /* sp_int.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,11 +26,8 @@ DESCRIPTION
 This library provides single precision (SP) integer math functions.
 
 */
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
 
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
 
@@ -38,12 +35,12 @@ This library provides single precision (SP) integer math functions.
     defined(WOLFSSL_SP_NO_MALLOC)
 #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
     !defined(WOLFSSL_SP_NO_DYN_STACK)
-#pragma GCC diagnostic push
+PRAGMA_GCC_DIAG_PUSH
 /* We are statically declaring a variable smaller than sp_int.
  * We track available memory in the 'size' field.
  * Disable warnings of sp_int being partly outside array bounds of variable.
  */
-#pragma GCC diagnostic ignored "-Warray-bounds"
+PRAGMA_GCC("GCC diagnostic ignored \"-Warray-bounds\"")
 #endif
 #endif
 
@@ -118,7 +115,7 @@ This library provides single precision (SP) integer math functions.
 #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #undef RESTORE_VECTOR_REGISTERS
     #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
@@ -167,7 +164,7 @@ This library provides single precision (SP) integer math functions.
     do {                                                                       \
         ALLOC_SP_INT(n, s, err, h);                                            \
         if ((err) == MP_OKAY) {                                                \
-            (n)->size = (s);                                                   \
+            (n)->size = (sp_size_t)(s);                                        \
         }                                                                      \
     }                                                                          \
     while (0)
@@ -175,7 +172,7 @@ This library provides single precision (SP) integer math functions.
     /* Array declared on stack - check size is valid. */
     #define ALLOC_SP_INT(n, s, err, h)                                         \
     do {                                                                       \
-        if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                     \
+        if (((err) == MP_OKAY) && ((s) > (int)SP_INT_DIGITS)) {                \
             (err) = MP_VAL;                                                    \
         }                                                                      \
     }                                                                          \
@@ -186,7 +183,7 @@ This library provides single precision (SP) integer math functions.
     do {                                                                       \
         ALLOC_SP_INT(n, s, err, h);                                            \
         if ((err) == MP_OKAY) {                                                \
-            (n)->size = (unsigned int)(s);                                     \
+            (n)->size = (sp_size_t)(s);                                        \
         }                                                                      \
     }                                                                          \
     while (0)
@@ -221,19 +218,17 @@ This library provides single precision (SP) integer math functions.
     /* Declare a variable that will be assigned a value on XMALLOC. */
     #define DECL_SP_INT_ARRAY(n, s, c)  \
         DECL_DYN_SP_INT_ARRAY(n, s, c)
-#else
-    #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
         !defined(WOLFSSL_SP_NO_DYN_STACK)
-        /* Declare a variable on the stack with the required data size. */
-        #define DECL_SP_INT_ARRAY(n, s, c)          \
-            byte    n##d[MP_INT_SIZEOF(s) * (c)];   \
-            sp_int* (n)[c] = { NULL, }
-    #else
-        /* Declare a variable on the stack. */
-        #define DECL_SP_INT_ARRAY(n, s, c)      \
-            sp_int n##d[c];                     \
-            sp_int* (n)[c]
-    #endif
+    /* Declare a variable on the stack with the required data size. */
+    #define DECL_SP_INT_ARRAY(n, s, c)          \
+        byte    n##d[MP_INT_SIZEOF(s) * (c)];   \
+        sp_int* (n)[c] = { NULL, }
+#else
+    /* Declare a variable on the stack. */
+    #define DECL_SP_INT_ARRAY(n, s, c)      \
+        sp_int n##d[c];                     \
+        sp_int* (n)[c]
 #endif
 
 /* Dynamically allocate just enough data to support multiple sp_ints of the
@@ -254,10 +249,10 @@ do {                                                                           \
         else {                                                                 \
             int n##ii;                                                         \
             (n)[0] = n##d;                                                     \
-            (n)[0]->size = (s);                                                \
+            (n)[0]->size = (sp_size_t)(s);                                     \
             for (n##ii = 1; n##ii < (int)(c); n##ii++) {                       \
                 (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s);                     \
-                (n)[n##ii]->size = (s);                                        \
+                (n)[n##ii]->size = (sp_size_t)(s);                             \
             }                                                                  \
         }                                                                      \
     }                                                                          \
@@ -269,47 +264,45 @@ while (0)
     !defined(WOLFSSL_SP_NO_MALLOC)
     #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \
         ALLOC_DYN_SP_INT_ARRAY(n, s, c, err, h)
-#else
-    #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
         !defined(WOLFSSL_SP_NO_DYN_STACK)
-        /* Data declared on stack that supports multiple sp_ints of the
-         * required size. Use pointers into data to make up array and set sizes.
-         */
-        #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                            \
-        do {                                                                   \
-            if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                 \
-                (err) = MP_VAL;                                                \
-            }                                                                  \
-            if ((err) == MP_OKAY) {                                            \
-                int n##ii;                                                     \
-                (n)[0] = (sp_int*)n##d;                                        \
-                ((sp_int_minimal*)(n)[0])->size = (s);                         \
-                for (n##ii = 1; n##ii < (int)(c); n##ii++) {                   \
-                    (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s);                 \
-                    ((sp_int_minimal*)(n)[n##ii])->size = (s);                 \
-                }                                                              \
+    /* Data declared on stack that supports multiple sp_ints of the
+     * required size. Use pointers into data to make up array and set sizes.
+     */
+    #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                                \
+    do {                                                                       \
+        if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                     \
+            (err) = MP_VAL;                                                    \
+        }                                                                      \
+        if ((err) == MP_OKAY) {                                                \
+            int n##ii;                                                         \
+            (n)[0] = (sp_int*)n##d;                                            \
+            ((sp_int_minimal*)(n)[0])->size = (sp_size_t)(s);                  \
+            for (n##ii = 1; n##ii < (int)(c); n##ii++) {                       \
+                (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s);                     \
+                ((sp_int_minimal*)(n)[n##ii])->size = (sp_size_t)(s);          \
             }                                                                  \
         }                                                                      \
-        while (0)
-    #else
-        /* Data declared on stack that supports multiple sp_ints of the
-         * required size. Set into array and set sizes.
-         */
-        #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                            \
-        do {                                                                   \
-            if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                 \
-                (err) = MP_VAL;                                                \
-            }                                                                  \
-            if ((err) == MP_OKAY) {                                            \
-                int n##ii;                                                     \
-                for (n##ii = 0; n##ii < (int)(c); n##ii++) {                   \
-                    (n)[n##ii] = &n##d[n##ii];                                 \
-                    (n)[n##ii]->size = (s);                                    \
-                }                                                              \
+    }                                                                          \
+    while (0)
+#else
+    /* Data declared on stack that supports multiple sp_ints of the
+     * required size. Set into array and set sizes.
+     */
+    #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                                \
+    do {                                                                       \
+        if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) {                     \
+            (err) = MP_VAL;                                                    \
+        }                                                                      \
+        if ((err) == MP_OKAY) {                                                \
+            int n##ii;                                                         \
+            for (n##ii = 0; n##ii < (int)(c); n##ii++) {                       \
+                (n)[n##ii] = &n##d[n##ii];                                     \
+                (n)[n##ii]->size = (sp_size_t)(s);                             \
             }                                                                  \
         }                                                                      \
-        while (0)
-    #endif
+    }                                                                          \
+    while (0)
 #endif
 
 /* Free data variable that was dynamically allocated. */
@@ -356,8 +349,8 @@ while (0)
         "movq	%%rax, %[l]	\n\t"                    \
         "movq	%%rdx, %[h]	\n\t"                    \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
-        : [a] "m" (va), [b] "m" (vb)                     \
-        : "memory", "%rax", "%rdx", "cc"                 \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
+        : "%rax", "%rdx", "cc"                           \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -380,7 +373,7 @@ while (0)
         "adcq	%%rdx, %[h]	\n\t"                    \
         "adcq	$0   , %[o]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
-        : [a] "m" (va), [b] "m" (vb)                     \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "%rax", "%rdx", "cc"                           \
     )
 /* Multiply va by vb and add double size result into: vh | vl */
@@ -391,7 +384,7 @@ while (0)
         "addq	%%rax, %[l]	\n\t"                    \
         "adcq	%%rdx, %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va), [b] "m" (vb)                     \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "%rax", "%rdx", "cc"                           \
     )
 /* Multiply va by vb and add double size result twice into: vo | vh | vl */
@@ -406,7 +399,7 @@ while (0)
         "adcq	%%rdx, %[h]	\n\t"                    \
         "adcq	$0   , %[o]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
-        : [a] "m" (va), [b] "m" (vb)                     \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "%rax", "%rdx", "cc"                           \
     )
 /* Multiply va by vb and add double size result twice into: vo | vh | vl
@@ -422,7 +415,7 @@ while (0)
         "adcq	%%rdx, %[h]	\n\t"                    \
         "adcq	$0   , %[o]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
-        : [a] "m" (va), [b] "m" (vb)                     \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "%rax", "%rdx", "cc"                           \
     )
 /* Square va and store double size result in: vh | vl */
@@ -433,8 +426,8 @@ while (0)
         "movq	%%rax, %[l]	\n\t"                    \
         "movq	%%rdx, %[h]	\n\t"                    \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
-        : [a] "m" (va)                                   \
-        : "memory", "%rax", "%rdx", "cc"                 \
+        : [a] "rm" (va)                                  \
+        : "%rax", "%rdx", "cc"                           \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -445,7 +438,7 @@ while (0)
         "adcq	%%rdx, %[h]	\n\t"                    \
         "adcq	$0   , %[o]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "%rax", "%rdx", "cc"                           \
     )
 /* Square va and add double size result into: vh | vl */
@@ -456,7 +449,7 @@ while (0)
         "addq	%%rax, %[l]	\n\t"                    \
         "adcq	%%rdx, %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "%rax", "%rdx", "cc"                           \
     )
 /* Add va into: vh | vl */
@@ -465,10 +458,9 @@ while (0)
         "addq	%[a], %[l]	\n\t"                    \
         "adcq	$0  , %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "cc"                                           \
     )
-/* Add va, variable in a register, into: vh | vl */
 #define SP_ASM_ADDC_REG(vl, vh, va)                      \
     __asm__ __volatile__ (                               \
         "addq	%[a], %[l]	\n\t"                    \
@@ -483,7 +475,7 @@ while (0)
         "subq	%[a], %[l]	\n\t"                    \
         "sbbq	$0  , %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "cc"                                           \
     )
 /* Sub va from: vh | vl */
@@ -706,8 +698,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "movl	%%eax, %[l]	\n\t"                    \
         "movl	%%edx, %[h]	\n\t"                    \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
-        : [a] "m" (va), [b] "m" (vb)                     \
-        : "memory", "eax", "edx", "cc"                   \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
+        : "eax", "edx", "cc"                             \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -729,8 +721,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "addl	%%eax, %[l]	\n\t"                    \
         "adcl	%%edx, %[h]	\n\t"                    \
         "adcl	$0   , %[o]	\n\t"                    \
-        : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
-        : [a] "r" (va), [b] "r" (vb)                     \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "eax", "edx", "cc"                             \
     )
 /* Multiply va by vb and add double size result into: vh | vl */
@@ -741,7 +733,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "addl	%%eax, %[l]	\n\t"                    \
         "adcl	%%edx, %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va), [b] "m" (vb)                     \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "eax", "edx", "cc"                             \
     )
 /* Multiply va by vb and add double size result twice into: vo | vh | vl */
@@ -755,8 +747,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "addl	%%eax, %[l]	\n\t"                    \
         "adcl	%%edx, %[h]	\n\t"                    \
         "adcl	$0   , %[o]	\n\t"                    \
-        : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
-        : [a] "r" (va), [b] "r" (vb)                     \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "eax", "edx", "cc"                             \
     )
 /* Multiply va by vb and add double size result twice into: vo | vh | vl
@@ -772,7 +764,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "adcl	%%edx, %[h]	\n\t"                    \
         "adcl	$0   , %[o]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
-        : [a] "m" (va), [b] "m" (vb)                     \
+        : [a] "rm" (va), [b] "rm" (vb)                   \
         : "eax", "edx", "cc"                             \
     )
 /* Square va and store double size result in: vh | vl */
@@ -783,8 +775,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "movl	%%eax, %[l]	\n\t"                    \
         "movl	%%edx, %[h]	\n\t"                    \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
-        : [a] "m" (va)                                   \
-        : "memory", "eax", "edx", "cc"                   \
+        : [a] "rm" (va)                                  \
+        : "eax", "edx", "cc"                             \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -794,8 +786,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "addl	%%eax, %[l]	\n\t"                    \
         "adcl	%%edx, %[h]	\n\t"                    \
         "adcl	$0   , %[o]	\n\t"                    \
-        : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
-        : [a] "m" (va)                                   \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "rm" (va)                                  \
         : "eax", "edx", "cc"                             \
     )
 /* Square va and add double size result into: vh | vl */
@@ -806,7 +798,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "addl	%%eax, %[l]	\n\t"                    \
         "adcl	%%edx, %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "eax", "edx", "cc"                             \
     )
 /* Add va into: vh | vl */
@@ -815,10 +807,9 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "addl	%[a], %[l]	\n\t"                    \
         "adcl	$0  , %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "cc"                                           \
     )
-/* Add va, variable in a register, into: vh | vl */
 #define SP_ASM_ADDC_REG(vl, vh, va)                      \
     __asm__ __volatile__ (                               \
         "addl	%[a], %[l]	\n\t"                    \
@@ -833,7 +824,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "subl	%[a], %[l]	\n\t"                    \
         "sbbl	$0  , %[h]	\n\t"                    \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
-        : [a] "m" (va)                                   \
+        : [a] "rm" (va)                                  \
         : "cc"                                           \
     )
 /* Sub va from: vh | vl */
@@ -907,7 +898,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "umulh	%[h], %[a], %[b]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory", "cc"                                 \
+        : "cc"                                           \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -918,7 +909,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mov	%[o], xzr		\n\t"            \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "x8"                                           \
+        : "x8", "cc"                                     \
     )
 /* Multiply va by vb and add double size result into: vo | vh | vl */
 #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \
@@ -981,7 +972,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "umulh	%[h], %[a], %[a]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory"                                       \
+        : "cc"                                           \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -1138,7 +1129,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "umull	%[l], %[h], %[a], %[b]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory"                                       \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -1147,7 +1137,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mov	%[o], #0		\n\t"            \
         : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \
         : [a] "r" (va), [b] "r" (vb)                     \
-        :                                                \
     )
 /* Multiply va by vb and add double size result into: vo | vh | vl */
 #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \
@@ -1166,7 +1155,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "umlal	%[l], %[h], %[a], %[b]	\n\t"            \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        :                                                \
     )
 /* Multiply va by vb and add double size result twice into: vo | vh | vl */
 #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb)              \
@@ -1203,7 +1191,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "umull	%[l], %[h], %[a], %[a]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory"                                       \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -1262,7 +1249,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "clz	%[n], %[a]	\n\t"                    \
         : [n] "=r" (vn)                                  \
         : [a] "r" (va)                                   \
-        :                                                \
     )
 #endif
 
@@ -3461,7 +3447,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         :
         : "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc"
     );
-    return (uint32_t)(size_t)hi;
+    return (sp_uint32)(size_t)hi;
 }
 
 #define SP_ASM_DIV_WORD
@@ -3476,6 +3462,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
  * CPU: PPC64
  */
 
+    #ifdef __APPLE__
+
 /* Multiply va by vb and store double size result in: vh | vl */
 #define SP_ASM_MUL(vl, vh, va, vb)                       \
     __asm__ __volatile__ (                               \
@@ -3483,7 +3471,155 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhdu	%[h], %[a], %[b]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory"                                       \
+        :                                                \
+    )
+/* Multiply va by vb and store double size result in: vo | vh | vl */
+#define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
+    __asm__ __volatile__ (                               \
+        "mulhdu	%[h], %[a], %[b]	\n\t"            \
+        "mulld	%[l], %[a], %[b]	\n\t"            \
+        "li	%[o], 0			\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        :                                                \
+    )
+/* Multiply va by vb and add double size result into: vo | vh | vl */
+#define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[b]		\n\t"            \
+        "mulhdu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result into: vh | vl */
+#define SP_ASM_MUL_ADD_NO(vl, vh, va, vb)                \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[b]		\n\t"            \
+        "mulhdu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result twice into: vo | vh | vl */
+#define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb)              \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[b]		\n\t"            \
+        "mulhdu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result twice into: vo | vh | vl
+ * Assumes first add will not overflow vh | vl
+ */
+#define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb)           \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[b]		\n\t"            \
+        "mulhdu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Square va and store double size result in: vh | vl */
+#define SP_ASM_SQR(vl, vh, va)                           \
+    __asm__ __volatile__ (                               \
+        "mulld	%[l], %[a], %[a]	\n\t"            \
+        "mulhdu	%[h], %[a], %[a]	\n\t"            \
+        : [h] "+r" (vh), [l] "+r" (vl)                   \
+        : [a] "r" (va)                                   \
+        :                                                \
+    )
+/* Square va and add double size result into: vo | vh | vl */
+#define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[a]		\n\t"            \
+        "mulhdu	r17, %[a], %[a]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va)                                   \
+        : "r16", "r17", "cc"                             \
+    )
+/* Square va and add double size result into: vh | vl */
+#define SP_ASM_SQR_ADD_NO(vl, vh, va)                    \
+    __asm__ __volatile__ (                               \
+        "mulld	r16, %[a], %[a]		\n\t"            \
+        "mulhdu	r17, %[a], %[a]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "r16", "r17", "cc"                             \
+    )
+/* Add va into: vh | vl */
+#define SP_ASM_ADDC(vl, vh, va)                          \
+    __asm__ __volatile__ (                               \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "addze	%[h], %[h]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "cc"                                           \
+    )
+/* Sub va from: vh | vl */
+#define SP_ASM_SUBB(vl, vh, va)                          \
+    __asm__ __volatile__ (                               \
+        "subfc	%[l], %[a], %[l]	\n\t"            \
+        "li    r16, 0			\n\t"            \
+        "subfe %[h], r16, %[h]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "r16", "cc"                                    \
+    )
+/* Add two times vc | vb | va into vo | vh | vl */
+#define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc)         \
+    __asm__ __volatile__ (                               \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "adde	%[h], %[h], %[b]	\n\t"            \
+        "adde	%[o], %[o], %[c]	\n\t"            \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "adde	%[h], %[h], %[b]	\n\t"            \
+        "adde	%[o], %[o], %[c]	\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb), [c] "r" (vc)       \
+        : "cc"                                           \
+    )
+/* Count leading zeros. */
+#define SP_ASM_LZCNT(va, vn)                             \
+    __asm__ __volatile__ (                               \
+        "cntlzd	%[n], %[a]	\n\t"                    \
+        : [n] "=r" (vn)                                  \
+        : [a] "r" (va)                                   \
+        :                                                \
+    )
+
+    #else  /* !defined(__APPLE__) */
+
+/* Multiply va by vb and store double size result in: vh | vl */
+#define SP_ASM_MUL(vl, vh, va, vb)                       \
+    __asm__ __volatile__ (                               \
+        "mulld	%[l], %[a], %[b]	\n\t"            \
+        "mulhdu	%[h], %[a], %[b]	\n\t"            \
+        : [h] "+r" (vh), [l] "+r" (vl)                   \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        :                                                \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -3556,7 +3692,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhdu	%[h], %[a], %[a]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory"                                       \
+        :                                                \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -3622,6 +3758,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         :                                                \
     )
 
+    #endif /* !defined(__APPLE__) */
+
 #define SP_INT_ASM_AVAILABLE
 
     #endif /* WOLFSSL_SP_PPC64 && SP_WORD_SIZE == 64 */
@@ -3631,6 +3769,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
  * CPU: PPC 32-bit
  */
 
+    #ifdef __APPLE__
+
 /* Multiply va by vb and store double size result in: vh | vl */
 #define SP_ASM_MUL(vl, vh, va, vb)                       \
     __asm__ __volatile__ (                               \
@@ -3638,7 +3778,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhwu	%[h], %[a], %[b]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory"                                       \
+        :                                                \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -3650,6 +3790,152 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         : [a] "r" (va), [b] "r" (vb)                     \
     )
 /* Multiply va by vb and add double size result into: vo | vh | vl */
+#define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[b]		\n\t"            \
+        "mulhwu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result into: vh | vl */
+#define SP_ASM_MUL_ADD_NO(vl, vh, va, vb)                \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[b]		\n\t"            \
+        "mulhwu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result twice into: vo | vh | vl */
+#define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb)              \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[b]		\n\t"            \
+        "mulhwu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Multiply va by vb and add double size result twice into: vo | vh | vl
+ * Assumes first add will not overflow vh | vl
+ */
+#define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb)           \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[b]		\n\t"            \
+        "mulhwu	r17, %[a], %[b]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        : "r16", "r17", "cc"                             \
+    )
+/* Square va and store double size result in: vh | vl */
+#define SP_ASM_SQR(vl, vh, va)                           \
+    __asm__ __volatile__ (                               \
+        "mullw	%[l], %[a], %[a]	\n\t"            \
+        "mulhwu	%[h], %[a], %[a]	\n\t"            \
+        : [h] "+r" (vh), [l] "+r" (vl)                   \
+        : [a] "r" (va)                                   \
+        :                                                \
+    )
+/* Square va and add double size result into: vo | vh | vl */
+#define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[a]		\n\t"            \
+        "mulhwu	r17, %[a], %[a]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        "addze	%[o], %[o]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va)                                   \
+        : "r16", "r17", "cc"                             \
+    )
+/* Square va and add double size result into: vh | vl */
+#define SP_ASM_SQR_ADD_NO(vl, vh, va)                    \
+    __asm__ __volatile__ (                               \
+        "mullw	r16, %[a], %[a]		\n\t"            \
+        "mulhwu	r17, %[a], %[a]		\n\t"            \
+        "addc	%[l], %[l], r16		\n\t"            \
+        "adde	%[h], %[h], r17		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "r16", "r17", "cc"                             \
+    )
+/* Add va into: vh | vl */
+#define SP_ASM_ADDC(vl, vh, va)                          \
+    __asm__ __volatile__ (                               \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "addze	%[h], %[h]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "cc"                                           \
+    )
+/* Sub va from: vh | vl */
+#define SP_ASM_SUBB(vl, vh, va)                          \
+    __asm__ __volatile__ (                               \
+        "subfc	%[l], %[a], %[l]	\n\t"            \
+        "li	r16, 0			\n\t"            \
+        "subfe	%[h], r16, %[h]		\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh)                   \
+        : [a] "r" (va)                                   \
+        : "r16", "cc"                                    \
+    )
+/* Add two times vc | vb | va into vo | vh | vl */
+#define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc)         \
+    __asm__ __volatile__ (                               \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "adde	%[h], %[h], %[b]	\n\t"            \
+        "adde	%[o], %[o], %[c]	\n\t"            \
+        "addc	%[l], %[l], %[a]	\n\t"            \
+        "adde	%[h], %[h], %[b]	\n\t"            \
+        "adde	%[o], %[o], %[c]	\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb), [c] "r" (vc)       \
+        : "cc"                                           \
+    )
+/* Count leading zeros. */
+#define SP_ASM_LZCNT(va, vn)                             \
+    __asm__ __volatile__ (                               \
+        "cntlzw	%[n], %[a]	\n\t"                    \
+        : [n] "=r" (vn)                                  \
+        : [a] "r" (va)                                   \
+    )
+
+    #else /* !defined(__APPLE__) */
+
+/* Multiply va by vb and store double size result in: vh | vl */
+#define SP_ASM_MUL(vl, vh, va, vb)                       \
+    __asm__ __volatile__ (                               \
+        "mullw	%[l], %[a], %[b]	\n\t"            \
+        "mulhwu	%[h], %[a], %[b]	\n\t"            \
+        : [h] "+r" (vh), [l] "+r" (vl)                   \
+        : [a] "r" (va), [b] "r" (vb)                     \
+        :                                                \
+    )
+/* Multiply va by vb and store double size result in: vo | vh | vl */
+#define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
+    __asm__ __volatile__ (                               \
+        "mulhwu	%[h], %[a], %[b]	\n\t"            \
+        "mullw	%[l], %[a], %[b]	\n\t"            \
+        "xor	%[o], %[o], %[o]	\n\t"            \
+        : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \
+        : [a] "r" (va), [b] "r" (vb)                     \
+    )
+/* Multiply va by vb and add double size result into: vo | vh | vl */
 #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \
     __asm__ __volatile__ (                               \
         "mullw	16, %[a], %[b]		\n\t"            \
@@ -3710,7 +3996,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhwu	%[h], %[a], %[a]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory"                                       \
+        :                                                \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -3748,7 +4034,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
 #define SP_ASM_SUBB(vl, vh, va)                          \
     __asm__ __volatile__ (                               \
         "subfc	%[l], %[a], %[l]	\n\t"            \
-        "li	16, 0			\n\t"            \
+        "xor	16, 16, 16		\n\t"            \
         "subfe	%[h], 16, %[h]		\n\t"            \
         : [l] "+r" (vl), [h] "+r" (vh)                   \
         : [a] "r" (va)                                   \
@@ -3775,6 +4061,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         : [a] "r" (va)                                   \
     )
 
+    #endif /* !defined(__APPLE__) */
+
 #define SP_INT_ASM_AVAILABLE
 
     #endif /* WOLFSSL_SP_PPC && SP_WORD_SIZE == 64 */
@@ -3792,7 +4080,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mfhi	%[h]			\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory", "$lo", "$hi"                         \
+        : "$lo", "$hi"                                   \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -3895,7 +4183,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mfhi	%[h]			\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory", "$lo", "$hi"                         \
+        : "$lo", "$hi"                                   \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -3993,7 +4281,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mfhi	%[h]			\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory", "%lo", "%hi"                         \
+        : "%lo", "%hi"                                   \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -4096,7 +4384,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mfhi	%[h]			\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory", "%lo", "%hi"                         \
+        : "%lo", "%hi"                                   \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -4193,7 +4481,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhu	%[h], %[a], %[b]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory"                                       \
+        :                                                \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -4290,7 +4578,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhu	%[h], %[a], %[a]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory"                                       \
+        :                                                \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -4385,7 +4673,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhu	%[h], %[a], %[b]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory"                                       \
+        :                                                \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -4482,7 +4770,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "mulhu	%[h], %[a], %[a]	\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory"                                       \
+        :                                                \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -4579,7 +4867,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "lgr	%[h], %%r0		\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va), [b] "r" (vb)                     \
-        : "memory", "r0", "r1"                           \
+        : "r0", "r1"                                     \
     )
 /* Multiply va by vb and store double size result in: vo | vh | vl */
 #define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \
@@ -4659,7 +4947,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
         "lgr	%[h], %%r0		\n\t"            \
         : [h] "+r" (vh), [l] "+r" (vl)                   \
         : [a] "r" (va)                                   \
-        : "memory", "r0", "r1"                           \
+        : "r0", "r1"                                     \
     )
 /* Square va and add double size result into: vo | vh | vl */
 #define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \
@@ -4788,46 +5076,6 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct);
 static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho);
 #endif
 
-/* Determine when mp_add_d is required. */
-#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
-    !defined(NO_DSA) || defined(HAVE_ECC) || \
-    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    defined(OPENSSL_EXTRA)
-#define WOLFSSL_SP_ADD_D
-#endif
-/* Determine when mp_sub_d is required. */
-#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
-#define WOLFSSL_SP_SUB_D
-#endif
-/* Determine when mp_read_radix with a radix of 10 is required. */
-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
-    !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || \
-    !defined(NO_DSA) || defined(OPENSSL_EXTRA)
-#define WOLFSSL_SP_READ_RADIX_16
-#endif
-/* Determine when mp_read_radix with a radix of 10 is required. */
-#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
-    !defined(WOLFSSL_RSA_VERIFY_ONLY)
-#define WOLFSSL_SP_READ_RADIX_10
-#endif
-/* Determine when mp_invmod is required. */
-#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
-    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
-#define WOLFSSL_SP_INVMOD
-#endif
-/* Determine when mp_invmod_mont_ct is required. */
-#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
-#define WOLFSSL_SP_INVMOD_MONT_CT
-#endif
-
-/* Determine when mp_prime_gen is required. */
-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-    !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \
-    (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
-#define WOLFSSL_SP_PRIME_GEN
-#endif
 
 /* Set the multi-precision number to zero.
  *
@@ -4861,7 +5109,7 @@ static void _sp_init_size(sp_int* a, unsigned int size)
 #endif
     _sp_zero((sp_int*)am);
 
-    a->size = size;
+    a->size = (sp_size_t)size;
 }
 
 /* Initialize the multi-precision number to be zero with a given max size.
@@ -4877,7 +5125,7 @@ int sp_init_size(sp_int* a, unsigned int size)
     int err = MP_OKAY;
 
     /* Validate parameters. Don't use size more than max compiled. */
-    if ((a == NULL) || ((size <= 0) || (size > SP_INT_DIGITS))) {
+    if ((a == NULL) || ((size == 0) || (size > SP_INT_DIGITS))) {
         err = MP_VAL;
     }
 
@@ -5020,6 +5268,9 @@ void sp_zero(sp_int* a)
  */
 void sp_clear(sp_int* a)
 {
+#ifdef HAVE_FIPS
+    sp_forcezero(a);
+#else
     /* Clear when valid pointer passed in. */
     if (a != NULL) {
         unsigned int i;
@@ -5032,6 +5283,7 @@ void sp_clear(sp_int* a)
         _sp_zero(a);
         sp_free(a);
     }
+#endif
 }
 
 #if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC) || \
@@ -5047,7 +5299,7 @@ void sp_forcezero(sp_int* a)
     /* Zeroize when a vald pointer passed in. */
     if (a != NULL) {
         /* Ensure all data zeroized - data not zeroed when used decreases. */
-        ForceZero(a->dp, a->size * SP_WORD_SIZEOF);
+        ForceZero(a->dp, a->size * (word32)SP_WORD_SIZEOF);
         /* Set back to zero. */
     #ifdef HAVE_WOLF_BIGINT
         /* Zeroize the raw data as well. */
@@ -5074,7 +5326,7 @@ static void _sp_copy(const sp_int* a, sp_int* r)
         r->dp[0] = 0;
     }
     else {
-        XMEMCPY(r->dp, a->dp, a->used * SP_WORD_SIZEOF);
+        XMEMCPY(r->dp, a->dp, a->used * (word32)SP_WORD_SIZEOF);
     }
     /* Set number of used words in result. */
     r->used = a->used;
@@ -5216,8 +5468,8 @@ int sp_exch(sp_int* a, sp_int* b)
         ALLOC_SP_INT(t, a->used, err, NULL);
         if (err == MP_OKAY) {
             /* Cache allocated size of a and b. */
-            unsigned int asize = a->size;
-            unsigned int bsize = b->size;
+            sp_size_t asize = a->size;
+            sp_size_t bsize = b->size;
             /* Copy all of SP int: t <- a, a <- b, b <- t. */
             XMEMCPY(t, a, MP_INT_SIZEOF(a->used));
             XMEMCPY(a, b, MP_INT_SIZEOF(b->used));
@@ -5253,9 +5505,9 @@ int sp_cond_swap_ct_ex(sp_int* a, sp_int* b, int cnt, int swap, sp_int* t)
     sp_int_digit mask = (sp_int_digit)0 - (sp_int_digit)swap;
 
     /* XOR other fields in sp_int into temp - mask set when swapping. */
-    t->used = (a->used ^ b->used) & (unsigned int)mask;
+    t->used = (a->used ^ b->used) & (sp_size_t)mask;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    t->sign = (a->sign ^ b->sign) & (unsigned int)mask;
+    t->sign = (a->sign ^ b->sign) & (sp_uint8)mask;
 #endif
 
     /* XOR requested words into temp - mask set when swapping. */
@@ -5721,7 +5973,7 @@ int sp_cnt_lsb(const sp_int* a)
         unsigned int j;
 
         /* Count least significant words that are zero. */
-        for (i = 0; i < a->used && a->dp[i] == 0; i++, bc += SP_WORD_SIZE) {
+        for (i = 0; (i < a->used) && (a->dp[i] == 0); i++, bc += SP_WORD_SIZE) {
         }
 
         /* Use 4-bit table to get count. */
@@ -5792,7 +6044,7 @@ int sp_set_bit(sp_int* a, int i)
 {
     int err = MP_OKAY;
     /* Get index of word to set. */
-    unsigned int w = (unsigned int)(i >> SP_WORD_SHIFT);
+    sp_size_t w = (sp_size_t)(i >> SP_WORD_SHIFT);
 
     /* Check for valid number and and space for bit. */
     if ((a == NULL) || (i < 0) || (w >= a->size)) {
@@ -5813,7 +6065,7 @@ int sp_set_bit(sp_int* a, int i)
         a->dp[w] |= (sp_int_digit)1 << s;
         /* Update used if necessary */
         if (a->used <= w) {
-            a->used = w + 1;
+            a->used = (sp_size_t)(w + 1U);
         }
     }
 
@@ -6254,7 +6506,8 @@ int sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r)
     !defined(NO_DH) || defined(HAVE_ECC) || \
     (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
      !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \
-    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
+    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
+    defined(WOLFSSL_SP_MUL_D)
 /* Multiply a by digit n and put result into r shifting up o digits.
  *   r = (a * n) << (o * SP_WORD_SIZE)
  *
@@ -6328,7 +6581,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o)
         }
     }
     /* Update number of words in result. */
-    r->used = o;
+    r->used = (sp_size_t)o;
     /* In case n is zero. */
     sp_clamp(r);
 
@@ -6337,8 +6590,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o)
 #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
         *  WOLFSSL_SP_SMALL || (WOLFSSL_KEY_GEN && !NO_RSA) */
 
-#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
-    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
+#ifdef WOLFSSL_SP_MUL_D
 /* Multiply a by digit n and put result into r. r = a * n
  *
  * @param  [in]   a  SP integer to multiply.
@@ -6376,8 +6628,7 @@ int sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r)
 
     return err;
 }
-#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
-        * (WOLFSSL_KEY_GEN && !NO_RSA) */
+#endif /* WOLFSSL_SP_MUL_D */
 
 /* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */
 #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
@@ -7059,7 +7310,7 @@ static void _sp_div_2(const sp_int* a, sp_int* r)
     /* Last word only needs to be shifted down. */
     r->dp[i] = a->dp[i] >> 1;
     /* Set used to be all words seen. */
-    r->used = (unsigned int)i + 1;
+    r->used = (sp_size_t)(i + 1);
     /* Remove leading zeros. */
     sp_clamp(r);
 #ifdef WOLFSSL_SP_INT_NEGATIVE
@@ -7135,7 +7386,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r)
     #endif
         /* Mask to apply to modulus. */
         sp_int_digit mask = (sp_int_digit)0 - (a->dp[0] & 1);
-        unsigned int i;
+        sp_size_t i;
 
     #if 0
         sp_print(a, "a");
@@ -7180,7 +7431,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r)
         r->dp[i] = l;
     #endif
         /* Used includes carry - set or not. */
-        r->used = i + 1;
+        r->used = (sp_size_t)(i + 1);
     #ifdef WOLFSSL_SP_INT_NEGATIVE
         r->sign = MP_ZPOS;
     #endif
@@ -7210,7 +7461,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r)
  */
 static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o)
 {
-    unsigned int i = 0;
+    sp_size_t i = 0;
 #ifndef SQR_MUL_ASM
     sp_int_word t = 0;
 #else
@@ -7331,10 +7582,10 @@ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o)
     /* Put in carry. */
 #ifndef SQR_MUL_ASM
     r->dp[i] = (sp_int_digit)t;
-    r->used += (t != 0);
+    r->used = (sp_size_t)(r->used + (sp_size_t)(t != 0));
 #else
     r->dp[i] = l;
-    r->used += (l != 0);
+    r->used = (sp_size_t)(r->used + (sp_size_t)(l != 0));
 #endif
 
     /* Remove leading zeros. */
@@ -7358,8 +7609,8 @@ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o)
 static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r,
     unsigned int o)
 {
-    unsigned int i = 0;
-    unsigned int j;
+    sp_size_t i = 0;
+    sp_size_t j;
 #ifndef SQR_MUL_ASM
     sp_int_sword t = 0;
 #else
@@ -7374,7 +7625,7 @@ static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r,
         }
     }
     else {
-        i = o;
+        i = (sp_size_t)o;
     }
     /* Index to add at is the offset now. */
 
@@ -7568,7 +7819,7 @@ static int _sp_addmod(const sp_int* a, const sp_int* b, const sp_int* m,
 {
     int err = MP_OKAY;
     /* Calculate used based on digits used in a and b. */
-    unsigned int used = ((a->used >= b->used) ? a->used + 1 : b->used + 1);
+    sp_size_t used = (sp_size_t)(((a->used >= b->used) ? a->used + 1U : b->used + 1U));
     DECL_SP_INT(t, used);
 
     /* Allocate a temporary SP int to hold sum. */
@@ -7656,8 +7907,8 @@ static int _sp_submod(const sp_int* a, const sp_int* b, const sp_int* m,
     int err = MP_OKAY;
 #ifndef WOLFSSL_SP_INT_NEGATIVE
     unsigned int used = ((a->used >= m->used) ?
-        ((a->used >= b->used) ? (a->used + 1) : (b->used + 1)) :
-        ((b->used >= m->used)) ? (b->used + 1) : (m->used + 1));
+        ((a->used >= b->used) ? (a->used + 1U) : (b->used + 1U)) :
+        ((b->used >= m->used)) ? (b->used + 1U) : (m->used + 1U));
     DECL_SP_INT_ARRAY(t, used, 2);
 
     ALLOC_SP_INT_ARRAY(t, used, 2, err, NULL);
@@ -7689,7 +7940,7 @@ static int _sp_submod(const sp_int* a, const sp_int* b, const sp_int* m,
 
     FREE_SP_INT_ARRAY(t, NULL);
 #else /* WOLFSSL_SP_INT_NEGATIVE */
-    unsigned int used = ((a->used >= b->used) ? a->used + 1 : b->used + 1);
+    sp_size_t used = ((a->used >= b->used) ? a->used + 1 : b->used + 1);
     DECL_SP_INT(t, used);
 
     ALLOC_SP_INT_SIZE(t, used, err, NULL);
@@ -7758,19 +8009,31 @@ int sp_submod(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
 }
 #endif /* WOLFSSL_SP_MATH_ALL */
 
-/* Constant time clamping/
+/* Constant time clamping.
  *
  * @param [in, out] a  SP integer to clamp.
  */
 static void sp_clamp_ct(sp_int* a)
 {
     int i;
-    unsigned int used = a->used;
-    unsigned int mask = (unsigned int)-1;
+    sp_size_t used = a->used;
+    sp_size_t mask = (sp_size_t)-1;
 
     for (i = (int)a->used - 1; i >= 0; i--) {
-        used -= ((unsigned int)(a->dp[i] == 0)) & mask;
-        mask &= (unsigned int)0 - (a->dp[i] == 0);
+#if ((SP_WORD_SIZE == 64) && \
+     (defined(_WIN64) || !defined(WOLFSSL_UINT128_T_DEFINED))) || \
+    ((SP_WORD_SIZE == 32) && defined(NO_64BIT))
+        sp_int_digit negVal = ~a->dp[i];
+        sp_int_digit minusOne = a->dp[i] - 1;
+        sp_int_digit zeroMask =
+            (sp_int_digit)((sp_int_sdigit)(negVal & minusOne) >>
+                           (SP_WORD_SIZE - 1));
+#else
+        sp_int_digit zeroMask =
+            (sp_int_digit)((((sp_int_sword)a->dp[i]) - 1) >> SP_WORD_SIZE);
+#endif
+        mask &= (sp_size_t)zeroMask;
+        used = (sp_size_t)(used + mask);
     }
     a->used = used;
 }
@@ -7806,7 +8069,7 @@ int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
     sp_int_digit mask;
     sp_int_digit mask_a = (sp_int_digit)-1;
     sp_int_digit mask_b = (sp_int_digit)-1;
-    unsigned int i;
+    sp_size_t i;
 
     /* Check result is as big as modulus. */
     if (m->used > r->size) {
@@ -7958,7 +8221,7 @@ int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
  * @return  MP_OKAY on success.
  */
 static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m,
-    unsigned int max, sp_int* r)
+    unsigned int max_size, sp_int* r)
 {
 #ifndef SQR_MUL_ASM
     sp_int_sword w;
@@ -7979,7 +8242,7 @@ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m,
     l = 0;
     h = 0;
 #endif
-    for (i = 0; i < max; i++) {
+    for (i = 0; i < max_size; i++) {
         /* Values past 'used' are not initialized. */
         mask_a += (i == a->used);
         mask_b += (i == b->used);
@@ -8043,7 +8306,7 @@ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m,
     }
     /* Result will always have digits equal to or less than those in
      * modulus. */
-    r->used = i;
+    r->used = (sp_size_t)i;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
     r->sign = MP_ZPOS;
 #endif /* WOLFSSL_SP_INT_NEGATIVE */
@@ -8148,11 +8411,11 @@ int sp_lshd(sp_int* a, int s)
     }
     if (err == MP_OKAY) {
         /* Move up digits. */
-        XMEMMOVE(a->dp + s, a->dp, a->used * SP_WORD_SIZEOF);
+        XMEMMOVE(a->dp + s, a->dp, a->used * (word32)SP_WORD_SIZEOF);
         /* Back fill with zeros. */
         XMEMSET(a->dp, 0, (size_t)s * SP_WORD_SIZEOF);
         /* Update used. */
-        a->used += (unsigned int)s;
+        a->used = (sp_size_t)(a->used + s);
         /* Remove leading zeros. */
         sp_clamp(a);
     }
@@ -8181,7 +8444,7 @@ static int sp_lshb(sp_int* a, int n)
 
     if (a->used != 0) {
         /* Calculate number of digits to shift. */
-        unsigned int s = (unsigned int)n >> SP_WORD_SHIFT;
+        sp_size_t s = (sp_size_t)n >> SP_WORD_SHIFT;
 
         /* Ensure number has enough digits for result. */
         if (a->used + s >= a->size) {
@@ -8189,7 +8452,7 @@ static int sp_lshb(sp_int* a, int n)
         }
         if (err == MP_OKAY) {
             /* Get count of bits to move in digit. */
-            n &= SP_WORD_MASK;
+            n &= (int)SP_WORD_MASK;
             /* Check whether this is a complicated case. */
             if (n != 0) {
                 unsigned int i;
@@ -8198,7 +8461,7 @@ static int sp_lshb(sp_int* a, int n)
                 /* Get new most significant digit. */
                 sp_int_digit v = a->dp[a->used - 1] >> (SP_WORD_SIZE - n);
                 /* Shift up each digit. */
-                for (i = a->used - 1; i >= 1; i--) {
+                for (i = a->used - 1U; i >= 1U; i--) {
                     a->dp[i + s] = (a->dp[i] << n) |
                                    (a->dp[i - 1] >> (SP_WORD_SIZE - n));
                 }
@@ -8213,13 +8476,13 @@ static int sp_lshb(sp_int* a, int n)
             /* Only digits to move and ensure not zero. */
             else if (s > 0) {
                 /* Move up digits. */
-                XMEMMOVE(a->dp + s, a->dp, a->used * SP_WORD_SIZEOF);
+                XMEMMOVE(a->dp + s, a->dp, a->used * (word32)SP_WORD_SIZEOF);
             }
 
             /* Update used digit count. */
-            a->used += s;
+            a->used = (sp_size_t)(a->used + s);
             /* Back fill with zeros. */
-            XMEMSET(a->dp, 0, SP_WORD_SIZEOF * s);
+            XMEMSET(a->dp, 0, (word32)SP_WORD_SIZEOF * s);
         }
     }
 
@@ -8239,14 +8502,14 @@ void sp_rshd(sp_int* a, int c)
     /* Do shift if we have an SP int. */
     if ((a != NULL) && (c > 0)) {
         /* Make zero if shift removes all digits. */
-        if ((unsigned int)c >= a->used) {
+        if ((sp_size_t)c >= a->used) {
             _sp_zero(a);
         }
         else {
-            unsigned int i;
+            sp_size_t i;
 
             /* Update used digits count. */
-            a->used -= (unsigned int)c;
+            a->used = (sp_size_t)(a->used - c);
             /* Move digits down. */
             for (i = 0; i < a->used; i++, c++) {
                 a->dp[i] = a->dp[c];
@@ -8269,13 +8532,13 @@ int sp_rshb(const sp_int* a, int n, sp_int* r)
 {
     int err = MP_OKAY;
     /* Number of digits to shift down. */
-    unsigned int i = (unsigned int)(n >> SP_WORD_SHIFT);
+    sp_size_t i;
 
     if ((a == NULL) || (n < 0)) {
         err = MP_VAL;
     }
     /* Handle case where shifting out all digits. */
-    if ((err == MP_OKAY) && (i >= a->used)) {
+    else if ((i = (sp_size_t)(n >> SP_WORD_SHIFT)) >= a->used) {
         _sp_zero(r);
     }
     /* Change callers when more error cases returned. */
@@ -8283,30 +8546,30 @@ int sp_rshb(const sp_int* a, int n, sp_int* r)
         err = MP_VAL;
     }
     else if (err == MP_OKAY) {
-        unsigned int j;
+        sp_size_t j;
 
         /* Number of bits to shift in digits. */
         n &= SP_WORD_SIZE - 1;
         /* Handle simple case. */
         if (n == 0) {
             /* Set the count of used digits. */
-            r->used = a->used - i;
+            r->used = (sp_size_t)(a->used - i);
             /* Move digits down. */
             if (r == a) {
-                XMEMMOVE(r->dp, r->dp + i, SP_WORD_SIZEOF * r->used);
+                XMEMMOVE(r->dp, r->dp + i, (word32)SP_WORD_SIZEOF * r->used);
             }
             else {
-                XMEMCPY(r->dp, a->dp + i, SP_WORD_SIZEOF * r->used);
+                XMEMCPY(r->dp, a->dp + i, (word32)SP_WORD_SIZEOF * r->used);
             }
         }
         else {
             /* Move the bits down starting at least significant digit. */
-            for (j = 0; i < a->used-1; i++, j++)
+            for (j = 0; i < a->used - 1; i++, j++)
                 r->dp[j] = (a->dp[i] >> n) | (a->dp[i+1] << (SP_WORD_SIZE - n));
             /* Most significant digit has no higher digit to pull from. */
             r->dp[j] = a->dp[i] >> n;
             /* Set the count of used digits. */
-            r->used = j + (r->dp[j] > 0);
+            r->used = (sp_size_t)(j + (r->dp[j] > 0));
         }
 #ifdef WOLFSSL_SP_INT_NEGATIVE
         if (sp_iszero(r)) {
@@ -8330,10 +8593,10 @@ int sp_rshb(const sp_int* a, int n, sp_int* r)
      !defined(WOLFSSL_RSA_PUBLIC_ONLY))
 static void _sp_div_same_size(sp_int* a, const sp_int* d, sp_int* r)
 {
-    unsigned int i;
+    sp_size_t i;
 
     /* Compare top digits of dividend with those of divisor up to last. */
-    for (i = d->used - 1; i > 0; i--) {
+    for (i = (sp_size_t)(d->used - 1U); i > 0; i--) {
         /* Break if top divisor is not equal to dividend. */
         if (a->dp[a->used - d->used + i] != d->dp[i]) {
             break;
@@ -8346,7 +8609,7 @@ static void _sp_div_same_size(sp_int* a, const sp_int* d, sp_int* r)
         /* Get 'used' to restore - ensure zeros put into quotient. */
         i = a->used;
         /* Subtract d from top of a. */
-        _sp_sub_off(a, d, a, a->used - d->used);
+        _sp_sub_off(a, d, a, (sp_size_t)(a->used - d->used));
         /* Restore 'used' on remainder. */
         a->used = i;
     }
@@ -8368,12 +8631,12 @@ static void _sp_div_same_size(sp_int* a, const sp_int* d, sp_int* r)
 static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
 #ifdef WOLFSSL_SP_SMALL
     int c;
 #else
-    unsigned int j;
-    unsigned int o;
+    sp_size_t j;
+    sp_size_t o;
     #ifndef SQR_MUL_ASM
     sp_int_sword sw;
     #else
@@ -8386,7 +8649,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
     sp_int_digit dt;
 
     /* Set result size to clear. */
-    r->used = a->used - d->used + 1;
+    r->used = (sp_size_t)(a->used - d->used + 1);
     /* Set all potentially used digits to zero. */
     for (i = 0; i < r->used; i++) {
         r->dp[i] = 0;
@@ -8403,7 +8666,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
     /* Keep subtracting multiples of d as long as the digit count of a is
      * greater than equal to d.
      */
-    for (i = a->used - 1; i >= d->used; i--) {
+    for (i = (sp_size_t)(a->used - 1U); i >= d->used; i--) {
         /* When top digits equal, guestimate maximum multiplier.
          * Worst case, multiplier is actually SP_DIGIT_MAX - 1.
          * That is, for w (word size in bits) > 1, n > 1, let:
@@ -8457,7 +8720,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
         }
 #else
         /* Index of lowest digit trial is subtracted from. */
-        o = i - d->used;
+        o = (sp_size_t)(i - d->used);
         do {
         #ifndef SQR_MUL_ASM
             sp_int_word tw = 0;
@@ -8526,7 +8789,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial)
 #endif /* WOLFSSL_SP_SMALL */
     }
     /* Update used. */
-    a->used = i + 1;
+    a->used = (sp_size_t)(i + 1U);
     if (a->used == d->used) {
         /* Finish div now that length of dividend is same as divisor. */
         _sp_div_same_size(a, d, r);
@@ -8559,8 +8822,8 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem,
     sp_int* tr = NULL;
     sp_int* trial = NULL;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    unsigned int signA = MP_ZPOS;
-    unsigned int signD = MP_ZPOS;
+    sp_uint8 signA = MP_ZPOS;
+    sp_uint8 signD = MP_ZPOS;
 #endif /* WOLFSSL_SP_INT_NEGATIVE */
     /* Intermediates will always be less than or equal to dividend. */
     DECL_SP_INT_ARRAY(td, used, 4);
@@ -8618,7 +8881,7 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem,
     if ((!done) && (err == MP_OKAY)) {
     #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
         !defined(WOLFSSL_SP_NO_MALLOC)
-        int cnt = 4;
+        unsigned int cnt = 4;
         /* Reuse remainder sp_int where possible. */
         if ((rem != NULL) && (rem != d) && (rem->size > a->used)) {
             sa = rem;
@@ -8647,25 +8910,25 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem,
         }
         if (tr == NULL) {
             tr = td[i];
-            _sp_init_size(tr, a->used - d->used + 2);
+            _sp_init_size(tr, (unsigned int)(a->used - d->used + 2));
         }
     #else
         sa    = td[2];
         tr    = td[3];
 
         _sp_init_size(sa, used);
-        _sp_init_size(tr, a->used - d->used + 2);
+        _sp_init_size(tr, (unsigned int)(a->used - d->used + 2));
     #endif
         sd    = td[0];
         trial = td[1];
 
         /* Initialize sizes to minimal values. */
-        _sp_init_size(sd, d->used + 1);
+        _sp_init_size(sd, (sp_size_t)(d->used + 1U));
         _sp_init_size(trial, used);
 
         /* Move divisor to top of word. Adjust dividend as well. */
         s = sp_count_bits(d);
-        s = SP_WORD_SIZE - (s & SP_WORD_MASK);
+        s = SP_WORD_SIZE - (s & (int)SP_WORD_MASK);
         _sp_copy(a, sa);
         /* Only shift if top bit of divisor no set. */
         if (s != SP_WORD_SIZE) {
@@ -8754,7 +9017,7 @@ int sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem)
             /* May need to shift number being divided left into a new word. */
             int bits = SP_WORD_SIZE - (sp_count_bits(d) % SP_WORD_SIZE);
             if ((bits != SP_WORD_SIZE) &&
-                    (sp_count_bits(a) + bits > SP_INT_DIGITS * SP_WORD_SIZE)) {
+                    (sp_count_bits(a) + bits > (int)(SP_INT_DIGITS * SP_WORD_SIZE))) {
                 err = MP_VAL;
             }
             else {
@@ -8762,7 +9025,7 @@ int sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem)
             }
         }
         else {
-            used = a->used + 1;
+            used = (sp_size_t)(a->used + 1U);
         }
     }
 
@@ -8935,7 +9198,7 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r)
         t[0] = h;
         h = 0;
         o = 0;
-        for (k = 1; k <= a->used - 1; k++) {
+        for (k = 1; k <= (unsigned int)a->used - 1; k++) {
             j = (int)k;
             dp = a->dp;
             for (; j >= 0; dp++, j--) {
@@ -8946,8 +9209,8 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r)
             h = o;
             o = 0;
         }
-        for (; k <= (a->used - 1) * 2; k++) {
-            i = k - (b->used - 1);
+        for (; k <= ((unsigned int)a->used - 1) * 2; k++) {
+            i = k - (sp_size_t)(b->used - 1);
             dp = &b->dp[b->used - 1];
             for (; i < a->used; i++, dp--) {
                 SP_ASM_MUL_ADD(l, h, o, a->dp[i], dp[0]);
@@ -8959,7 +9222,7 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r)
         }
         r->dp[k] = l;
         XMEMCPY(r->dp, t, a->used * sizeof(sp_int_digit));
-        r->used = k + 1;
+        r->used = (sp_size_t)(k + 1);
         sp_clamp(r);
     }
 
@@ -8981,9 +9244,9 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r)
 static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
     int j;
-    unsigned int k;
+    sp_size_t k;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     sp_int_digit* t = NULL;
 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
@@ -8994,8 +9257,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used + b->used), NULL,
-        DYNAMIC_TYPE_BIGINT);
+    t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) *
+                               (size_t)(a->used + b->used), NULL,
+                               DYNAMIC_TYPE_BIGINT);
     if (t == NULL) {
         err = MP_MEM;
     }
@@ -9011,7 +9275,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
         t[0] = h;
         h = 0;
         o = 0;
-        for (k = 1; k <= b->used - 1; k++) {
+        for (k = 1; k <= (sp_size_t)(b->used - 1); k++) {
             i = 0;
             j = (int)k;
             for (; (i < a->used) && (j >= 0); i++, j--) {
@@ -9022,9 +9286,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
             h = o;
             o = 0;
         }
-        for (; k <= (a->used - 1) + (b->used - 1); k++) {
+        for (; k <= (sp_size_t)((a->used - 1) + (b->used - 1)); k++) {
             j = (int)(b->used - 1);
-            i = k - (unsigned int)j;
+            i = (sp_size_t)(k - (sp_size_t)j);
             for (; (i < a->used) && (j >= 0); i++, j--) {
                 SP_ASM_MUL_ADD(l, h, o, a->dp[i], b->dp[j]);
             }
@@ -9034,7 +9298,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
             o = 0;
         }
         t[k] = l;
-        r->used = k + 1;
+        r->used = (sp_size_t)(k + 1);
         XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
         sp_clamp(r);
     }
@@ -9057,9 +9321,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
     int j;
-    unsigned int k;
+    sp_size_t k;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     sp_int_digit* t = NULL;
 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
@@ -9070,8 +9334,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used + b->used), NULL,
-        DYNAMIC_TYPE_BIGINT);
+    t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) *
+                               (size_t)(a->used + b->used), NULL,
+                               DYNAMIC_TYPE_BIGINT);
     if (t == NULL) {
         err = MP_MEM;
     }
@@ -9091,9 +9356,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
     #ifdef SP_WORD_OVERFLOW
         o = 0;
     #endif
-        for (k = 1; k <= (a->used - 1) + (b->used - 1); k++) {
-            i = k - (b->used - 1);
-            i &= (((unsigned int)i >> (sizeof(i) * 8 - 1)) - 1U);
+        for (k = 1; (int)k <= ((int)a->used - 1) + ((int)b->used - 1); k++) {
+            i = (sp_size_t)(k - (b->used - 1));
+            i &= (sp_size_t)(((unsigned int)i >> (sizeof(i) * 8 - 1)) - 1U);
             j = (int)(k - i);
             for (; (i < a->used) && (j >= 0); i++, j--) {
                 w = (sp_int_word)a->dp[i] * b->dp[j];
@@ -9116,7 +9381,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
         #endif
         }
         t[k] = (sp_int_digit)l;
-        r->used = k + 1;
+        r->used = (sp_size_t)(k + 1);
         XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
         sp_clamp(r);
     }
@@ -11737,7 +12002,7 @@ int sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
 {
     int err = MP_OKAY;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    unsigned int sign = MP_ZPOS;
+    sp_uint8 sign = MP_ZPOS;
 #endif
 
     if ((a == NULL) || (b == NULL) || (r == NULL)) {
@@ -11745,9 +12010,14 @@ int sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
     }
 
     /* Need extra digit during calculation. */
+    /* NOLINTBEGIN(clang-analyzer-core.UndefinedBinaryOperatorResult) */
+    /* clang-tidy falsely believes that r->size was corrupted by the _sp_copy()
+     * to "Copy base into working variable" in _sp_exptmod_ex().
+     */
     if ((err == MP_OKAY) && (a->used + b->used > r->size)) {
         err = MP_VAL;
     }
+    /* NOLINTEND(clang-analyzer-core.UndefinedBinaryOperatorResult) */
 
 #if 0
     if (err == MP_OKAY) {
@@ -11894,7 +12164,7 @@ static int _sp_mulmod_tmp(const sp_int* a, const sp_int* b, const sp_int* m,
 
     ALLOC_SP_INT(t, a->used + b->used, err, NULL);
     if (err == MP_OKAY) {
-        err = sp_init_size(t, a->used + b->used);
+        err = sp_init_size(t, (sp_size_t)(a->used + b->used));
     }
 
     /* Multiply and reduce. */
@@ -12130,8 +12400,10 @@ static int _sp_invmod_div(const sp_int* a, const sp_int* m, sp_int* x,
 
     ALLOC_SP_INT(d, m->used + 1, err, NULL);
     if (err == MP_OKAY) {
-        mp_init(d);
+        err = sp_init_size(d, (sp_size_t)(m->used + 1U));
+    }
 
+    if (err == MP_OKAY) {
         /* 1. x = m, y = a, b = 1, c = 0 */
         if (a != y) {
             _sp_copy(a, y);
@@ -12272,7 +12544,7 @@ static int _sp_invmod(const sp_int* a, const sp_int* m, sp_int* r)
      *  - x3 one word larger than modulus
      *  - x1 one word longer than twice modulus used
      */
-    ALLOC_SP_INT_ARRAY(t, m->used + 1, 3, err, NULL);
+    ALLOC_SP_INT_ARRAY(t, m->used + 1U, 3, err, NULL);
     ALLOC_SP_INT(c, 2 * m->used + 1, err, NULL);
     if (err == MP_OKAY) {
         u = t[0];
@@ -12283,16 +12555,16 @@ static int _sp_invmod(const sp_int* a, const sp_int* m, sp_int* r)
 
     /* Initialize intermediate values with minimal sizes. */
     if (err == MP_OKAY) {
-        err = sp_init_size(u, m->used + 1);
+        err = sp_init_size(u, (sp_size_t)(m->used + 1U));
     }
     if (err == MP_OKAY) {
-        err = sp_init_size(v, m->used + 1);
+        err = sp_init_size(v, (sp_size_t)(m->used + 1U));
     }
     if (err == MP_OKAY) {
-        err = sp_init_size(b, m->used + 1);
+        err = sp_init_size(b, (sp_size_t)(m->used + 1U));
     }
     if (err == MP_OKAY) {
-        err = sp_init_size(c, 2 * m->used + 1);
+        err = sp_init_size(c, (sp_size_t)(2U * m->used + 1U));
     }
 
     if (err == MP_OKAY) {
@@ -12487,21 +12759,21 @@ static int _sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r,
 #endif
 
 #ifndef WOLFSSL_SP_NO_MALLOC
-    ALLOC_DYN_SP_INT_ARRAY(pre, m->used * 2 + 1, CT_INV_MOD_PRE_CNT + 2, err,
+    ALLOC_DYN_SP_INT_ARRAY(pre, m->used * 2U + 1U, CT_INV_MOD_PRE_CNT + 2, err,
         NULL);
 #else
-    ALLOC_SP_INT_ARRAY(pre, m->used * 2 + 1, CT_INV_MOD_PRE_CNT + 2, err, NULL);
+    ALLOC_SP_INT_ARRAY(pre, m->used * 2U + 1U, CT_INV_MOD_PRE_CNT + 2, err, NULL);
 #endif
     if (err == MP_OKAY) {
         t = pre[CT_INV_MOD_PRE_CNT + 0];
         e = pre[CT_INV_MOD_PRE_CNT + 1];
         /* Space for sqr and mul result. */
-        _sp_init_size(t, m->used * 2 + 1);
+        _sp_init_size(t, (sp_size_t)(m->used * 2 + 1));
         /* e = mod - 2 */
-        _sp_init_size(e, m->used + 1);
+        _sp_init_size(e, (sp_size_t)(m->used + 1));
 
         /* Create pre-computation results: ((2^(1..8))-1).a. */
-        _sp_init_size(pre[0], m->used * 2 + 1);
+        _sp_init_size(pre[0], (sp_size_t)(m->used * 2 + 1));
         /* 1. pre[0] = 2^0 * a mod m
          *    Start with 1.a = a.
          */
@@ -12512,7 +12784,7 @@ static int _sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r,
         for (i = 1; (err == MP_OKAY) && (i < CT_INV_MOD_PRE_CNT); i++) {
             /* 2.1 pre[i-1] = ((pre[i-1] ^ 2) * a) mod m */
             /* Previous value ..1 -> ..10 */
-            _sp_init_size(pre[i], m->used * 2 + 1);
+            _sp_init_size(pre[i], (sp_size_t)(m->used * 2 + 1));
             err = sp_sqr(pre[i-1], pre[i]);
             if (err == MP_OKAY) {
                 err = _sp_mont_red(pre[i], m, mp, 0);
@@ -12734,14 +13006,14 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits,
     ALLOC_SP_INT_ARRAY(t, 2 * m->used + 1, 2, err, NULL);
 #else
     /* Working SP int needed when cache resistant. */
-    ALLOC_SP_INT_ARRAY(t, 2 * m->used + 1, 3, err, NULL);
+    ALLOC_SP_INT_ARRAY(t, 2U * m->used + 1U, 3, err, NULL);
 #endif
     if (err == MP_OKAY) {
         /* Initialize temporaries. */
-        _sp_init_size(t[0], 2 * m->used + 1);
-        _sp_init_size(t[1], 2 * m->used + 1);
+        _sp_init_size(t[0], (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(t[1], (sp_size_t)(m->used * 2 + 1));
     #ifndef WC_NO_CACHE_RESISTANT
-        _sp_init_size(t[2], 2 * m->used + 1);
+        _sp_init_size(t[2], (sp_size_t)(m->used * 2 + 1));
     #endif
 
         /* 2. t[0] = b mod m
@@ -12794,7 +13066,7 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits,
 
             if (err == MP_OKAY) {
                 /* 4.2. y = e[i] */
-                int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1);
+                int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & (int)SP_WORD_MASK)) & 1);
                 /* 4.3. j = y & s */
                 int j = y & s;
                 /* 4.4  s = s | y */
@@ -12966,13 +13238,13 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
     DECL_SP_INT_ARRAY(t, m->used * 2 + 1, 4);
 
     /* Allocate temporaries. */
-    ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, 4, err, NULL);
+    ALLOC_SP_INT_ARRAY(t, m->used * 2U + 1U, 4, err, NULL);
     if (err == MP_OKAY) {
         /* Initialize temporaries. */
-        _sp_init_size(t[0], m->used * 2 + 1);
-        _sp_init_size(t[1], m->used * 2 + 1);
-        _sp_init_size(t[2], m->used * 2 + 1);
-        _sp_init_size(t[3], m->used * 2 + 1);
+        _sp_init_size(t[0], (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(t[1], (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(t[2], (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(t[3], (sp_size_t)(m->used * 2 + 1));
 
         /* 1. Ensure base is less than modulus. */
         if (_sp_cmp_abs(b, m) != MP_LT) {
@@ -13006,7 +13278,7 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
         }
         if (err == MP_OKAY) {
             /* t[0] = t[0] mod m, temporary size has to be bigger than t[0]. */
-            err = _sp_div(t[0], m, NULL, t[0], t[0]->used + 1);
+            err = _sp_div(t[0], m, NULL, t[0], t[0]->used + 1U);
         }
         if (err == MP_OKAY) {
             /* 4. t[1] = t[0]
@@ -13033,7 +13305,7 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits,
 
             if (err == MP_OKAY) {
                 /* 6.2. y = e[i] */
-                int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1);
+                int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & (int)SP_WORD_MASK)) & 1);
                 /* 6.3  j = y & s */
                 int j = y & s;
                 /* 6.4  s = s | y */
@@ -13501,19 +13773,19 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m,
      *  - constant time add value for mod operation
      *  - temporary result
      */
-    ALLOC_SP_INT_ARRAY(d, m->used * 2 + 1, 2, err, NULL);
+    ALLOC_SP_INT_ARRAY(d, m->used * 2U + 1U, 2, err, NULL);
 #else
     /* Allocate sp_int for temporary result. */
-    ALLOC_SP_INT(tr, m->used * 2 + 1, err, NULL);
+    ALLOC_SP_INT(tr, m->used * 2U + 1U, err, NULL);
 #endif
     if (err == MP_OKAY) {
     #ifndef WC_NO_HARDEN
         a  = d[0];
         tr = d[1];
 
-        _sp_init_size(a, m->used * 2 + 1);
+        _sp_init_size(a, (sp_size_t)(m->used * 2 + 1));
     #endif
-        _sp_init_size(tr, m->used * 2 + 1);
+        _sp_init_size(tr, (sp_size_t)(m->used * 2 + 1));
 
     }
 
@@ -13654,7 +13926,7 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m,
 #ifndef WC_NO_HARDEN
     FREE_SP_INT_ARRAY(d, NULL);
 #else
-    FREE_SP_INT(tr, m->used * 2 + 1);
+    FREE_SP_INT(tr, NULL);
 #endif
     return err;
 }
@@ -13752,7 +14024,8 @@ int sp_exptmod_ex(const sp_int* b, const sp_int* e, int digits, const sp_int* m,
     if ((!done) && (err == MP_OKAY)) {
         /* Use code optimized for specific sizes if possible */
 #if (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
-    (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH))
+    ((defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
+        defined(WOLFSSL_HAVE_SP_DH))
     #ifndef WOLFSSL_SP_NO_2048
         if ((mBits == 1024) && sp_isodd(m) && (bBits <= 1024) &&
                 (eBits <= 1024)) {
@@ -13962,9 +14235,9 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m,
      *  - Montgomery form of base
      */
 #ifndef WOLFSSL_SP_NO_MALLOC
-    ALLOC_DYN_SP_INT_ARRAY(t, m->used * 2 + 1, (size_t)preCnt + 2, err, NULL);
+    ALLOC_DYN_SP_INT_ARRAY(t, m->used * 2U + 1U, (size_t)preCnt + 2, err, NULL);
 #else
-    ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, (size_t)preCnt + 2, err, NULL);
+    ALLOC_SP_INT_ARRAY(t, m->used * 2U + 1U, (size_t)preCnt + 2, err, NULL);
 #endif
     if (err == MP_OKAY) {
         /* Set variables to use allocate memory. */
@@ -13973,10 +14246,10 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m,
 
         /* Initialize all allocated  */
         for (i = 0; i < preCnt; i++) {
-            _sp_init_size(t[i], m->used * 2 + 1);
+            _sp_init_size(t[i], (sp_size_t)(m->used * 2 + 1));
         }
-        _sp_init_size(tr, m->used * 2 + 1);
-        _sp_init_size(bm, m->used * 2 + 1);
+        _sp_init_size(tr, (sp_size_t)(m->used * 2 + 1));
+        _sp_init_size(bm, (sp_size_t)(m->used * 2 + 1));
 
         /* 1. Ensure base is less than modulus. */
         if (_sp_cmp_abs(b, m) != MP_LT) {
@@ -14008,7 +14281,7 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m,
         }
         if (err == MP_OKAY) {
             /* bm = bm mod m, temporary size has to be bigger than bm->used. */
-            err = _sp_div(bm, m, NULL, bm, bm->used + 1);
+            err = _sp_div(bm, m, NULL, bm, bm->used + 1U);
         }
         if (err == MP_OKAY) {
             /* Copy Montgomery form of base into first element of table. */
@@ -14431,8 +14704,8 @@ int sp_div_2d(const sp_int* a, int e, sp_int* r, sp_int* rem)
             }
             if ((err == MP_OKAY) && (rem != NULL)) {
                 /* Set used and mask off top digit of remainder. */
-                rem->used = ((unsigned int)e + SP_WORD_SIZE - 1) >>
-                    SP_WORD_SHIFT;
+                rem->used = (sp_size_t)((e + SP_WORD_SIZE - 1) >>
+                                        SP_WORD_SHIFT);
                 e &= SP_WORD_MASK;
                 if (e > 0) {
                     rem->dp[rem->used - 1] &= ((sp_int_digit)1 << e) - 1;
@@ -14466,7 +14739,7 @@ int sp_div_2d(const sp_int* a, int e, sp_int* r, sp_int* rem)
 int sp_mod_2d(const sp_int* a, int e, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int digits = ((unsigned int)e + SP_WORD_SIZE - 1) >> SP_WORD_SHIFT;
+    sp_size_t digits = (sp_size_t)((e + SP_WORD_SIZE - 1) >> SP_WORD_SHIFT);
 
     if ((a == NULL) || (r == NULL) || (e < 0)) {
         err = MP_VAL;
@@ -14478,7 +14751,7 @@ int sp_mod_2d(const sp_int* a, int e, sp_int* r)
     if (err == MP_OKAY) {
         /* Copy a into r if not same pointer. */
         if (a != r) {
-            XMEMCPY(r->dp, a->dp, digits * SP_WORD_SIZEOF);
+            XMEMCPY(r->dp, a->dp, digits * (word32)SP_WORD_SIZEOF);
             r->used = a->used;
         #ifdef WOLFSSL_SP_INT_NEGATIVE
             r->sign = a->sign;
@@ -14547,7 +14820,8 @@ int sp_mul_2d(const sp_int* a, int e, sp_int* r)
 
     /* Ensure result has enough allocated digits for result. */
     if ((err == MP_OKAY) &&
-            ((unsigned int)(sp_count_bits(a) + e) > r->size * SP_WORD_SIZE)) {
+            ((unsigned int)(sp_count_bits(a) + e) >
+             (unsigned int)r->size * SP_WORD_SIZE)) {
         err = MP_VAL;
     }
 
@@ -14597,9 +14871,9 @@ int sp_mul_2d(const sp_int* a, int e, sp_int* r)
 static int _sp_sqr(const sp_int* a, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
     int j;
-    unsigned int k;
+    sp_size_t k;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     sp_int_digit* t = NULL;
 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
@@ -14611,7 +14885,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     t = (sp_int_digit*)XMALLOC(
-        sizeof(sp_int_digit) * (((a->used + 1) / 2) * 2 + 1), NULL,
+        sizeof(sp_int_digit) * (size_t)(((a->used + 1) / 2) * 2 + 1), NULL,
         DYNAMIC_TYPE_BIGINT);
     if (t == NULL) {
         err = MP_MEM;
@@ -14639,7 +14913,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
         t[0] = h;
         h = 0;
         o = 0;
-        for (k = 1; k < (a->used + 1) / 2; k++) {
+        for (k = 1; k < (sp_size_t)((a->used + 1) / 2); k++) {
             i = k;
             j = (int)(k - 1);
             for (; (j >= 0); i++, j--) {
@@ -14651,7 +14925,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
             o = 0;
 
             SP_ASM_SQR_ADD(l, h, o, a->dp[k]);
-            i = k + 1;
+            i = (sp_size_t)(k + 1);
             j = (int)(k - 1);
             for (; (j >= 0); i++, j--) {
                 SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
@@ -14673,7 +14947,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
             o = 0;
 
             SP_ASM_SQR_ADD(l, h, o, a->dp[k]);
-            i = k + 1;
+            i = (sp_size_t)(k + 1);
             j = (int)(k - 1);
             for (; (i < a->used); i++, j--) {
                 SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
@@ -14686,11 +14960,12 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
             p = r->dp;
         }
         r->dp[k * 2 - 1] = l;
-        XMEMCPY(r->dp, t, (((a->used + 1) / 2) * 2 + 1) * sizeof(sp_int_digit));
+        XMEMCPY(r->dp, t, (size_t)(((a->used + 1) / 2) * 2 + 1) *
+            sizeof(sp_int_digit));
     }
 
     if (err == MP_OKAY) {
-        r->used = a->used * 2;
+        r->used = (sp_size_t)(a->used * 2U);
         sp_clamp(r);
     }
 
@@ -14711,9 +14986,9 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
 static int _sp_sqr(const sp_int* a, sp_int* r)
 {
     int err = MP_OKAY;
-    unsigned int i;
+    sp_size_t i;
     int j;
-    unsigned int k;
+    sp_size_t k;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
     sp_int_digit* t = NULL;
 #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
@@ -14724,8 +14999,9 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
-    t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used * 2), NULL,
-        DYNAMIC_TYPE_BIGINT);
+    t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) *
+                               (size_t)(a->used * 2), NULL,
+                               DYNAMIC_TYPE_BIGINT);
     if (t == NULL) {
         err = MP_MEM;
     }
@@ -14751,7 +15027,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
     #ifdef SP_WORD_OVERFLOW
         o = 0;
     #endif
-        for (k = 1; k <= (a->used - 1) * 2; k++) {
+        for (k = 1; k <= (sp_size_t)((a->used - 1) * 2); k++) {
             i = k / 2;
             j = (int)(k - i);
             if (i == (unsigned int)j) {
@@ -14794,7 +15070,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r)
         #endif
         }
         t[k] = (sp_int_digit)l;
-        r->used = k + 1;
+        r->used = (sp_size_t)(k + 1);
         XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
         sp_clamp(r);
     }
@@ -17033,7 +17309,7 @@ static int _sp_sqrmod(const sp_int* a, const sp_int* m, sp_int* r)
 
     ALLOC_SP_INT(t, a->used * 2, err, NULL);
     if (err == MP_OKAY) {
-        err = sp_init_size(t, a->used * 2);
+        err = sp_init_size(t, a->used * 2U);
     }
 
     /* Square and reduce. */
@@ -17147,7 +17423,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
     /* Adding numbers into m->used * 2 digits - zero out unused digits. */
 #ifndef WOLFSSL_NO_CT_OPS
     if (ct) {
-        for (i = 0; i < m->used * 2; i++) {
+        for (i = 0; i < (unsigned int)m->used * 2; i++) {
             a->dp[i] &=
                 (sp_int_digit)
                 (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i);
@@ -17156,7 +17432,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
     else
 #endif /* !WOLFSSL_NO_CT_OPS */
     {
-        for (i = a->used; i < m->used * 2; i++) {
+        for (i = a->used; i < (unsigned int)m->used * 2; i++) {
             a->dp[i] = 0;
         }
     }
@@ -17194,7 +17470,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             /* 2.1. mu = (mp * DigitMask(a, i)) & WORD_MASK */
             mu = mp * a->dp[i];
             /* 2.2. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */
-            if ((i == m->used - 1) && (mask != 0)) {
+            if ((i == (unsigned int)m->used - 1) && (mask != 0)) {
                 mu &= mask;
             }
 
@@ -17204,7 +17480,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             a->dp[i] = (sp_int_digit)w;
             w >>= SP_WORD_SIZE;
             /* 2.4. For j = 1 up to NumDigits(m)-2 */
-            for (j = 1; j < m->used - 1; j++) {
+            for (j = 1; j < (unsigned int)m->used - 1; j++) {
                 /* 2.4.1 a += mu * DigitMask(m, j) */
                 w += a->dp[i + j];
                 w += (sp_int_word)mu * m->dp[j];
@@ -17226,7 +17502,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
         a->dp[m->used * 2 - 1] = (sp_int_digit)o;
         o >>= SP_WORD_SIZE;
         a->dp[m->used * 2] = (sp_int_digit)o;
-        a->used = m->used * 2 + 1;
+        a->used = (sp_size_t)(m->used * 2 + 1);
     }
 
     if (!ct) {
@@ -17248,7 +17524,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
         /* 4. a = a mod m
          * Always subtract but at a too high offset if a is less than m.
          */
-        _sp_submod_ct(a, m, m, m->used + 1, a);
+        _sp_submod_ct(a, m, m, m->used + 1U, a);
     }
 
 
@@ -17275,7 +17551,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
 
 #ifndef WOLFSSL_NO_CT_OPS
     if (ct) {
-        for (i = 0; i < m->used * 2; i++) {
+        for (i = 0; i < (unsigned int)m->used * 2; i++) {
             a->dp[i] &=
                 (sp_int_digit)
                 (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i);
@@ -17284,7 +17560,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
     else
 #endif
     {
-        for (i = a->used; i < m->used * 2; i++) {
+        for (i = a->used; i < (unsigned int)m->used * 2; i++) {
             a->dp[i] = 0;
         }
     }
@@ -17305,7 +17581,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
         SP_ASM_ADDC(l, h, a->dp[1]);
         a->dp[1] = l;
         a->dp[2] = h;
-        a->used = m->used * 2 + 1;
+        a->used = (sp_size_t)(m->used * 2 + 1);
         /* mp is SP_WORD_SIZE */
         bits = SP_WORD_SIZE;
     }
@@ -17350,10 +17626,9 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             h = 0;
         }
         /* Handle overflow. */
-        h = o2;
-        SP_ASM_ADDC(l, h, a->dp[7]);
+        SP_ASM_ADDC(l, o2, a->dp[7]);
         a->dp[3] = l;
-        a->dp[4] = h;
+        a->dp[4] = o2;
         a->used = 5;
 
         /* Remove leading zeros. */
@@ -17416,10 +17691,9 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             h = 0;
         }
         /* Handle overflow. */
-        h = o2;
-        SP_ASM_ADDC(l, h, a->dp[11]);
+        SP_ASM_ADDC(l, o2, a->dp[11]);
         a->dp[5] = l;
-        a->dp[6] = h;
+        a->dp[6] = o2;
         a->used = 7;
 
         /* Remove leading zeros. */
@@ -17455,7 +17729,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             h = 0;
             SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
             l = h;
-            for (j = 1; j + 1 < m->used - 1; j += 2) {
+            for (j = 1; j < (unsigned int)m->used - 2; j += 2) {
                 h = 0;
                 SP_ASM_ADDC(l, h, ad[j]);
                 SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
@@ -17465,7 +17739,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
                 SP_ASM_MUL_ADD_NO(h, l, mu, *(md++));
                 ad[j] = h;
             }
-            for (; j < m->used - 1; j++) {
+            for (; j < (unsigned int)m->used - 1; j++) {
                 h = 0;
                 SP_ASM_ADDC(l, h, ad[j]);
                 SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
@@ -17481,11 +17755,9 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             o = h;
         }
         /* Handle overflow. */
-        l = o;
-        h = o2;
-        SP_ASM_ADDC(l, h, a->dp[m->used * 2 - 1]);
-        a->dp[m->used  - 1] = l;
-        a->dp[m->used] = h;
+        SP_ASM_ADDC(o, o2, a->dp[m->used * 2 - 1]);
+        a->dp[m->used  - 1] = o;
+        a->dp[m->used] = o2;
         a->used = m->used + 1;
 
         /* Remove leading zeros. */
@@ -17516,7 +17788,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             /* 2.1. mu = (mp * DigitMask(a, i)) & WORD_MASK */
             mu = mp * ad[0];
             /* 2.2. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */
-            if ((i == m->used - 1) && (mask != 0)) {
+            if ((i == (unsigned int)m->used - 1) && (mask != 0)) {
                 mu &= mask;
             }
 
@@ -17526,8 +17798,8 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
             ad[0] = l;
             l = h;
-            /* 2.4. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */
-            for (j = 1; j + 1 < m->used - 1; j += 2) {
+            /* 2.4. For j = 1 up to NumDigits(m)-2 */
+            for (j = 1; j < (unsigned int)m->used - 2; j += 2) {
                 h = 0;
                 /* 2.4.1. a += mu * DigitMask(m, j) */
                 SP_ASM_ADDC(l, h, ad[j + 0]);
@@ -17539,7 +17811,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
                 SP_ASM_MUL_ADD_NO(h, l, mu, *(md++));
                 ad[j + 1] = h;
             }
-            for (; j < m->used - 1; j++) {
+            for (; j < (unsigned int)m->used - 1; j++) {
                 h = 0;
                 /* 2.4.1. a += mu * DigitMask(m, j) */
                 SP_ASM_ADDC(l, h, ad[j]);
@@ -17557,12 +17829,10 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
             o = h;
         }
         /* Handle overflow. */
-        l = o;
-        h = o2;
-        SP_ASM_ADDC(l, h, a->dp[m->used * 2 - 1]);
-        a->dp[m->used * 2 - 1] = l;
-        a->dp[m->used * 2] = h;
-        a->used = m->used * 2 + 1;
+        SP_ASM_ADDC(o, o2, a->dp[m->used * 2 - 1]);
+        a->dp[m->used * 2 - 1] = o;
+        a->dp[m->used * 2] = o2;
+        a->used = (sp_size_t)(m->used * 2 + 1);
     }
 
     if (!ct) {
@@ -17579,7 +17849,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
         /* Constant time clamping. */
         sp_clamp_ct(a);
 
-        _sp_submod_ct(a, m, m, m->used + 1, a);
+        _sp_submod_ct(a, m, m, m->used + 1U, a);
     }
 
 #if 0
@@ -17633,7 +17903,7 @@ int sp_mont_red_ex(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
  *
  * Used when performing Montgomery Reduction.
  * m must be odd.
- * Jeffrey Hurchalla’s method.
+ * Jeffrey Hurchalla's method.
  *   https://arxiv.org/pdf/2204.04342.pdf
  *
  * @param  [in]   m   SP integer that is the modulus.
@@ -17714,9 +17984,14 @@ int sp_mont_norm(sp_int* norm, const sp_int* m)
     if (err == MP_OKAY) {
         /* Find top bit and ensure norm has enough space. */
         bits = (unsigned int)sp_count_bits(m);
-        if (bits >= norm->size * SP_WORD_SIZE) {
+        /* NOLINTBEGIN(clang-analyzer-core.UndefinedBinaryOperatorResult) */
+        /* clang-tidy falsely believes that norm->size was corrupted by the
+         * _sp_copy() to "Set real working value to base." in _sp_exptmod_ex().
+         */
+        if (bits >= (unsigned int)norm->size * SP_WORD_SIZE) {
             err = MP_VAL;
         }
+        /* NOLINTEND(clang-analyzer-core.UndefinedBinaryOperatorResult) */
     }
     if (err == MP_OKAY) {
         /* Round up for case when m is less than a word - no advantage in using
@@ -17801,7 +18076,7 @@ int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz)
         int i;
         int j = 0;
 
-        a->used = (inSz + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF;
+        a->used = (sp_size_t)((inSz + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF);
 
     #if defined(BIG_ENDIAN_ORDER) && !defined(WOLFSSL_SP_INT_DIGIT_ALIGN)
         /* Data endian matches representation of number.
@@ -17929,7 +18204,7 @@ int sp_to_unsigned_bin_len(const sp_int* a, byte* out, int outSz)
                     d >>= 8;
                     /* Stop if the output buffer is filled. */
                     if (j < 0) {
-                        if ((i < a->used - 1) || (d > 0)) {
+                        if ((i < (unsigned int)a->used - 1) || (d > 0)) {
                             err = MP_VAL;
                         }
                         break;
@@ -17996,14 +18271,14 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz)
         /* Put each digit in. */
         i = 0;
         for (j = outSz - 1; j >= 0; ) {
-            int b;
+            unsigned int b;
             d = a->dp[i];
             /* Place each byte of a digit into the buffer. */
             for (b = 0; (j >= 0) && (b < SP_WORD_SIZEOF); b++) {
                 out[j--] = (byte)(d & mask);
                 d >>= 8;
             }
-            mask &= (sp_int_digit)0 - (i < a->used - 1);
+            mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1);
             i += (unsigned int)(1 & mask);
         }
     }
@@ -18019,7 +18294,7 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz)
         i = 0;
         for (j = outSz - 1; j >= 0; j--) {
             out[j] = a->dp[i] & mask;
-            mask &= (sp_int_digit)0 - (i < a->used - 1);
+            mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1);
             i += (unsigned int)(1 & mask);
         }
     }
@@ -18075,7 +18350,7 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
     int err = MP_OKAY;
     int i;
     unsigned int s = 0;
-    unsigned int j = 0;
+    sp_size_t j = 0;
     sp_int_digit d;
     /* Skip whitespace at end of line */
     int eol_done = 0;
@@ -18123,7 +18398,7 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
             a->dp[j] = d;
         }
         /* Update used count. */
-        a->used = j + 1;
+        a->used = (sp_size_t)(j + 1U);
         /* Remove leading zeros. */
         sp_clamp(a);
     }
@@ -18161,7 +18436,7 @@ static int _sp_read_radix_10(sp_int* a, const char* in)
         /* Check character is valid. */
         if ((ch >= '0') && (ch <= '9')) {
             /* Assume '0'..'9' are continuous values as characters. */
-            ch -= '0';
+            ch = (char)(ch - '0');
         }
         else {
             if (CharIsWhiteSpace(ch))
@@ -18205,7 +18480,7 @@ int sp_read_radix(sp_int* a, const char* in, int radix)
 {
     int err = MP_OKAY;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    unsigned int sign = MP_ZPOS;
+    sp_uint8 sign = MP_ZPOS;
 #endif
 
     if ((a == NULL) || (in == NULL)) {
@@ -18682,7 +18957,7 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
         r->sign = MP_ZPOS;
     #endif /* WOLFSSL_SP_INT_NEGATIVE */
         /* Set number of digits that will be used. */
-        r->used = digits;
+        r->used = (sp_size_t)digits;
     #if defined(WOLFSSL_SP_MATH_ALL) || defined(BIG_ENDIAN_ORDER)
         /* Calculate number of bits in last digit. */
         bits = (len * 8) & SP_WORD_MASK;
@@ -19017,9 +19292,9 @@ static int _sp_prime_trials(const sp_int* a, int trials, int* result)
         n1 = t[0];
         r  = t[1];
 
-        _sp_init_size(n1, a->used + 1);
-        _sp_init_size(r, a->used + 1);
-        _sp_init_size(b, a->used * 2 + 1);
+        _sp_init_size(n1, a->used + 1U);
+        _sp_init_size(r, a->used + 1U);
+        _sp_init_size(b, (sp_size_t)(a->used * 2U + 1U));
 
         /* Do requested number of trials of Miller-Rabin test. */
         for (i = 0; i < trials; i++) {
@@ -19141,10 +19416,10 @@ static int _sp_prime_random_trials(const sp_int* a, int trials, int* result,
         sp_int* b  = d[0];
         sp_int* r  = d[1];
 
-        _sp_init_size(c , a->used + 1);
-        _sp_init_size(n1, a->used + 1);
-        _sp_init_size(b , a->used * 2 + 1);
-        _sp_init_size(r , a->used * 2 + 1);
+        _sp_init_size(c , a->used + 1U);
+        _sp_init_size(n1, a->used + 1U);
+        _sp_init_size(b , (sp_size_t)(a->used * 2U + 1U));
+        _sp_init_size(r , (sp_size_t)(a->used * 2U + 1U));
 
         _sp_sub_d(a, 2, c);
 
@@ -19311,7 +19586,7 @@ static WC_INLINE int _sp_gcd(const sp_int* a, const sp_int* b, sp_int* r)
     /* Used for swapping sp_ints. */
     sp_int* s;
     /* Determine maximum digit length numbers will reach. */
-    unsigned int used = (a->used >= b->used) ? a->used + 1 : b->used + 1;
+    unsigned int used = (a->used >= b->used) ? a->used + 1U : b->used + 1U;
     DECL_SP_INT_ARRAY(d, used, 3);
 
     SAVE_VECTOR_REGISTERS(err = _svr_ret;);
@@ -19617,7 +19892,7 @@ void sp_memzero_check(sp_int* sp)
     defined(WOLFSSL_SP_NO_MALLOC)
 #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
     !defined(WOLFSSL_SP_NO_DYN_STACK)
-#pragma GCC diagnostic pop
+PRAGMA_GCC_DIAG_POP
 #endif
 #endif
 
diff --git a/wolfcrypt/src/sp_sm2_arm32.c b/wolfcrypt/src/sp_sm2_arm32.c
index 4dc537750..0a458bd91 100644
--- a/wolfcrypt/src/sp_sm2_arm32.c
+++ b/wolfcrypt/src/sp_sm2_arm32.c
@@ -1,6 +1,6 @@
 /* sp_sm2_arm32.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_SM2
 
diff --git a/wolfcrypt/src/sp_sm2_arm64.c b/wolfcrypt/src/sp_sm2_arm64.c
index 8f8771190..db6789866 100644
--- a/wolfcrypt/src/sp_sm2_arm64.c
+++ b/wolfcrypt/src/sp_sm2_arm64.c
@@ -1,6 +1,6 @@
 /* sp_sm2_arm64.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_SM2
 
diff --git a/wolfcrypt/src/sp_sm2_armthumb.c b/wolfcrypt/src/sp_sm2_armthumb.c
index 0be668572..21e49dc7a 100644
--- a/wolfcrypt/src/sp_sm2_armthumb.c
+++ b/wolfcrypt/src/sp_sm2_armthumb.c
@@ -1,6 +1,6 @@
 /* sp_sm2_armthumb.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_SM2
 
diff --git a/wolfcrypt/src/sp_sm2_c32.c b/wolfcrypt/src/sp_sm2_c32.c
index 754b80a56..5aae8d231 100644
--- a/wolfcrypt/src/sp_sm2_c32.c
+++ b/wolfcrypt/src/sp_sm2_c32.c
@@ -1,6 +1,6 @@
 /* sp_sm2_c32.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_SM2
 
diff --git a/wolfcrypt/src/sp_sm2_c64.c b/wolfcrypt/src/sp_sm2_c64.c
index 861bfe3ed..d848104df 100644
--- a/wolfcrypt/src/sp_sm2_c64.c
+++ b/wolfcrypt/src/sp_sm2_c64.c
@@ -1,6 +1,6 @@
 /* sp_sm2_c64.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_SM2
 
diff --git a/wolfcrypt/src/sp_sm2_cortexm.c b/wolfcrypt/src/sp_sm2_cortexm.c
index 4b1083fc8..4ea4b8f4b 100644
--- a/wolfcrypt/src/sp_sm2_cortexm.c
+++ b/wolfcrypt/src/sp_sm2_cortexm.c
@@ -1,6 +1,6 @@
 /* sp_sm2_cortexm.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_SM2
 
diff --git a/wolfcrypt/src/sp_sm2_x86_64.c b/wolfcrypt/src/sp_sm2_x86_64.c
index 24a5b9e58..fd6f0d29f 100644
--- a/wolfcrypt/src/sp_sm2_x86_64.c
+++ b/wolfcrypt/src/sp_sm2_x86_64.c
@@ -1,6 +1,6 @@
 /* sp_sm2_x86_64.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_SM2
 
diff --git a/wolfcrypt/src/sp_sm2_x86_64_asm.S b/wolfcrypt/src/sp_sm2_x86_64_asm.S
index a725c8ef8..6e7c17e4b 100644
--- a/wolfcrypt/src/sp_sm2_x86_64_asm.S
+++ b/wolfcrypt/src/sp_sm2_x86_64_asm.S
@@ -1,6 +1,6 @@
 /* sp_sm2_x86_64_asm.S
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
 
 #ifdef WOLFSSL_SM2
 
diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c
index cef7ffb54..298ec47a9 100644
--- a/wolfcrypt/src/sp_x86_64.c
+++ b/wolfcrypt/src/sp_x86_64.c
@@ -1,6 +1,6 @@
 /* sp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,16 +21,11 @@
 
 /* Implementation by Sean Parkinson. */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(WOLFSSL_HAVE_SP_ECC)
 
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -67,7 +62,7 @@
     do {                                                    \
         int ii;                                             \
         fprintf(stderr, name "=0x");                        \
-        for (ii = ((bits + 63) / 64) - 1; ii >= 0; ii--)    \
+        for (ii = (((bits) + 63) / 64) - 1; ii >= 0; ii--)  \
             fprintf(stderr, SP_PRINT_FMT, (var)[ii]);       \
         fprintf(stderr, "\n");                              \
     } while (0)
@@ -492,8 +487,8 @@ static WC_INLINE sp_digit div_2048_word_16(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_2048_word_16(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -575,7 +570,7 @@ static WC_INLINE int sp_2048_div_16(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_2048_cond_sub_16(&t1[16], &t1[16], d, (sp_digit)0 - r1);
     for (i = 15; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[16 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[16 + i] == div);
         sp_digit hi = t1[16 + i] + mask;
         r1 = div_2048_word_16(hi, t1[16 + i - 1], div);
         r1 |= mask;
@@ -806,7 +801,7 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[16], 0, sizeof(sp_digit) * 16);
         sp_2048_mont_reduce_16(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_16(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0);
         sp_2048_cond_sub_16(r, r, m, mask);
     }
 
@@ -1046,7 +1041,7 @@ static int sp_2048_mod_exp_avx2_16(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[16], 0, sizeof(sp_digit) * 16);
         sp_2048_mont_reduce_avx2_16(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_16(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0);
         sp_2048_cond_sub_avx2_16(r, r, m, mask);
     }
 
@@ -1174,8 +1169,8 @@ static WC_INLINE sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -1350,7 +1345,7 @@ static WC_INLINE int sp_2048_div_32(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_2048_cond_sub_32(&t1[32], &t1[32], d, (sp_digit)0 - r1);
     for (i = 31; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[32 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[32 + i] == div);
         sp_digit hi = t1[32 + i] + mask;
         r1 = div_2048_word_32(hi, t1[32 + i - 1], div);
         r1 |= mask;
@@ -1616,7 +1611,7 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
@@ -1891,7 +1886,7 @@ static int sp_2048_mod_exp_avx2_32(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32);
         sp_2048_mont_reduce_avx2_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_avx2_32(r, r, m, mask);
     }
 
@@ -1961,7 +1956,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
         m = r + 32 * 2;
         ah = a + 32;
 
-        sp_2048_from_bin(ah, 32, in, inLen);
+        sp_2048_from_bin(ah, 32, in, (int)inLen);
 #if DIGIT_BIT >= 64
         e = em->dp[0];
 #else
@@ -1989,7 +1984,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
             if (err == MP_OKAY) {
                 /* r = a ^ 0x10000 => r = a squared 16 times */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i = 15; i >= 0; i--) {
                         sp_2048_mont_sqr_avx2_32(r, r, m, mp);
                     }
@@ -2020,7 +2016,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
         }
         else if (e == 0x3) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 if (err == MP_OKAY) {
                     sp_2048_sqr_avx2_32(r, ah);
                     err = sp_2048_mod_32_cond(r, r, m);
@@ -2062,7 +2059,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
 
                 XMEMCPY(r, a, sizeof(sp_digit) * 32);
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i--; i>=0; i--) {
                         sp_2048_mont_sqr_avx2_32(r, r, m, mp);
                         if (((e >> i) & 1) == 1) {
@@ -2182,7 +2180,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
 
         r = a;
 
-        sp_2048_from_bin(a, 32, in, inLen);
+        sp_2048_from_bin(a, 32, in, (int)inLen);
         sp_2048_from_mp(d, 32, dm);
         sp_2048_from_mp(m, 32, mm);
         err = sp_2048_mod_exp_32(r, a, d, 2048, m, 0);
@@ -2300,14 +2298,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
         tmpb = tmpa + 32;
         r = a + 32;
 
-        sp_2048_from_bin(a, 32, in, inLen);
+        sp_2048_from_bin(a, 32, in, (int)inLen);
         sp_2048_from_mp(p, 16, pm);
         sp_2048_from_mp(q, 16, qm);
         sp_2048_from_mp(dp, 16, dpm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_16(tmpa, a, dp, 1024, p, 1);
+        }
         else
 #endif
             err = sp_2048_mod_exp_16(tmpa, a, dp, 1024, p, 1);
@@ -2315,8 +2315,10 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         sp_2048_from_mp(dq, 16, dqm);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_16(tmpb, a, dq, 1024, q, 1);
+       }
        else
 #endif
             err = sp_2048_mod_exp_16(tmpb, a, dq, 1024, q, 1);
@@ -2325,7 +2327,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         c = sp_2048_sub_in_place_16(tmpa, tmpb);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             c += sp_2048_cond_add_avx2_16(tmpa, tmpa, p, c);
             sp_2048_cond_add_avx2_16(tmpa, tmpa, p, c);
         }
@@ -2338,7 +2341,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
 
         sp_2048_from_mp(qi, 16, qim);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_2048_mul_avx2_16(tmpa, tmpa, qi);
         }
         else
@@ -2351,7 +2355,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
 
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_2048_mul_avx2_16(tmpa, q, tmpa);
         }
         else
@@ -2514,8 +2519,10 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_2048_from_mp(m, 32, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_32(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_2048_mod_exp_32(r, b, e, expBits, m, 0);
@@ -2675,7 +2682,7 @@ static int sp_2048_mod_exp_2_avx2_32(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32);
         sp_2048_mont_reduce_avx2_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_avx2_32(r, r, m, mask);
     }
 
@@ -2813,7 +2820,7 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32);
         sp_2048_mont_reduce_32(r, m, mp);
 
-        mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0);
         sp_2048_cond_sub_32(r, r, m, mask);
     }
 
@@ -2888,27 +2895,31 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
 
     if (err == MP_OKAY) {
         sp_2048_from_mp(b, 32, base);
-        sp_2048_from_bin(e, 32, exp, expLen);
+        sp_2048_from_bin(e, 32, exp, (int)expLen);
         sp_2048_from_mp(m, 32, mod);
 
     #ifdef HAVE_FFDHE_2048
         if (base->used == 1 && base->dp[0] == 2 && m[31] == (sp_digit)-1) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_2048_mod_exp_2_avx2_32(r, e, expLen * 8, m);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_2048_mod_exp_2_avx2_32(r, e, (int)expLen * 8, m);
+            }
             else
 #endif
-                err = sp_2048_mod_exp_2_32(r, e, expLen * 8, m);
+                err = sp_2048_mod_exp_2_32(r, e, (int)expLen * 8, m);
         }
         else
     #endif
         {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_2048_mod_exp_avx2_32(r, b, e, expLen * 8, m, 0);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_2048_mod_exp_avx2_32(r, b, e, (int)expLen * 8, m, 0);
+            }
             else
 #endif
-                err = sp_2048_mod_exp_32(r, b, e, expLen * 8, m, 0);
+                err = sp_2048_mod_exp_32(r, b, e, (int)expLen * 8, m, 0);
         }
     }
 
@@ -2999,8 +3010,10 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_2048_from_mp(m, 16, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_16(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_2048_mod_exp_16(r, b, e, expBits, m, 0);
@@ -3481,8 +3494,8 @@ static WC_INLINE sp_digit div_3072_word_24(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_3072_word_24(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -3564,7 +3577,7 @@ static WC_INLINE int sp_3072_div_24(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_3072_cond_sub_24(&t1[24], &t1[24], d, (sp_digit)0 - r1);
     for (i = 23; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[24 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[24 + i] == div);
         sp_digit hi = t1[24 + i] + mask;
         r1 = div_3072_word_24(hi, t1[24 + i - 1], div);
         r1 |= mask;
@@ -3795,7 +3808,7 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[24], 0, sizeof(sp_digit) * 24);
         sp_3072_mont_reduce_24(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_24(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0);
         sp_3072_cond_sub_24(r, r, m, mask);
     }
 
@@ -4035,7 +4048,7 @@ static int sp_3072_mod_exp_avx2_24(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[24], 0, sizeof(sp_digit) * 24);
         sp_3072_mont_reduce_avx2_24(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_24(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0);
         sp_3072_cond_sub_avx2_24(r, r, m, mask);
     }
 
@@ -4163,8 +4176,8 @@ static WC_INLINE sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -4339,7 +4352,7 @@ static WC_INLINE int sp_3072_div_48(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_3072_cond_sub_48(&t1[48], &t1[48], d, (sp_digit)0 - r1);
     for (i = 47; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[48 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[48 + i] == div);
         sp_digit hi = t1[48 + i] + mask;
         r1 = div_3072_word_48(hi, t1[48 + i - 1], div);
         r1 |= mask;
@@ -4553,7 +4566,7 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
@@ -4776,7 +4789,7 @@ static int sp_3072_mod_exp_avx2_48(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48);
         sp_3072_mont_reduce_avx2_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_avx2_48(r, r, m, mask);
     }
 
@@ -4846,7 +4859,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
         m = r + 48 * 2;
         ah = a + 48;
 
-        sp_3072_from_bin(ah, 48, in, inLen);
+        sp_3072_from_bin(ah, 48, in, (int)inLen);
 #if DIGIT_BIT >= 64
         e = em->dp[0];
 #else
@@ -4874,7 +4887,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
             if (err == MP_OKAY) {
                 /* r = a ^ 0x10000 => r = a squared 16 times */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i = 15; i >= 0; i--) {
                         sp_3072_mont_sqr_avx2_48(r, r, m, mp);
                     }
@@ -4905,7 +4919,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
         }
         else if (e == 0x3) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 if (err == MP_OKAY) {
                     sp_3072_sqr_avx2_48(r, ah);
                     err = sp_3072_mod_48_cond(r, r, m);
@@ -4947,7 +4962,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
 
                 XMEMCPY(r, a, sizeof(sp_digit) * 48);
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i--; i>=0; i--) {
                         sp_3072_mont_sqr_avx2_48(r, r, m, mp);
                         if (((e >> i) & 1) == 1) {
@@ -5067,7 +5083,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
 
         r = a;
 
-        sp_3072_from_bin(a, 48, in, inLen);
+        sp_3072_from_bin(a, 48, in, (int)inLen);
         sp_3072_from_mp(d, 48, dm);
         sp_3072_from_mp(m, 48, mm);
         err = sp_3072_mod_exp_48(r, a, d, 3072, m, 0);
@@ -5185,14 +5201,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
         tmpb = tmpa + 48;
         r = a + 48;
 
-        sp_3072_from_bin(a, 48, in, inLen);
+        sp_3072_from_bin(a, 48, in, (int)inLen);
         sp_3072_from_mp(p, 24, pm);
         sp_3072_from_mp(q, 24, qm);
         sp_3072_from_mp(dp, 24, dpm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_3072_mod_exp_avx2_24(tmpa, a, dp, 1536, p, 1);
+        }
         else
 #endif
             err = sp_3072_mod_exp_24(tmpa, a, dp, 1536, p, 1);
@@ -5200,8 +5218,10 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         sp_3072_from_mp(dq, 24, dqm);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_3072_mod_exp_avx2_24(tmpb, a, dq, 1536, q, 1);
+       }
        else
 #endif
             err = sp_3072_mod_exp_24(tmpb, a, dq, 1536, q, 1);
@@ -5210,7 +5230,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         c = sp_3072_sub_in_place_24(tmpa, tmpb);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             c += sp_3072_cond_add_avx2_24(tmpa, tmpa, p, c);
             sp_3072_cond_add_avx2_24(tmpa, tmpa, p, c);
         }
@@ -5223,7 +5244,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
 
         sp_3072_from_mp(qi, 24, qim);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_3072_mul_avx2_24(tmpa, tmpa, qi);
         }
         else
@@ -5236,7 +5258,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
 
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_3072_mul_avx2_24(tmpa, q, tmpa);
         }
         else
@@ -5399,8 +5422,10 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_3072_from_mp(m, 48, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_3072_mod_exp_avx2_48(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_3072_mod_exp_48(r, b, e, expBits, m, 0);
@@ -5560,7 +5585,7 @@ static int sp_3072_mod_exp_2_avx2_48(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48);
         sp_3072_mont_reduce_avx2_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_avx2_48(r, r, m, mask);
     }
 
@@ -5698,7 +5723,7 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48);
         sp_3072_mont_reduce_48(r, m, mp);
 
-        mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0);
         sp_3072_cond_sub_48(r, r, m, mask);
     }
 
@@ -5773,27 +5798,31 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
 
     if (err == MP_OKAY) {
         sp_3072_from_mp(b, 48, base);
-        sp_3072_from_bin(e, 48, exp, expLen);
+        sp_3072_from_bin(e, 48, exp, (int)expLen);
         sp_3072_from_mp(m, 48, mod);
 
     #ifdef HAVE_FFDHE_3072
         if (base->used == 1 && base->dp[0] == 2 && m[47] == (sp_digit)-1) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_3072_mod_exp_2_avx2_48(r, e, expLen * 8, m);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_3072_mod_exp_2_avx2_48(r, e, (int)expLen * 8, m);
+            }
             else
 #endif
-                err = sp_3072_mod_exp_2_48(r, e, expLen * 8, m);
+                err = sp_3072_mod_exp_2_48(r, e, (int)expLen * 8, m);
         }
         else
     #endif
         {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_3072_mod_exp_avx2_48(r, b, e, expLen * 8, m, 0);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_3072_mod_exp_avx2_48(r, b, e, (int)expLen * 8, m, 0);
+            }
             else
 #endif
-                err = sp_3072_mod_exp_48(r, b, e, expLen * 8, m, 0);
+                err = sp_3072_mod_exp_48(r, b, e, (int)expLen * 8, m, 0);
         }
     }
 
@@ -5884,8 +5913,10 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_3072_from_mp(m, 24, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_3072_mod_exp_avx2_24(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_3072_mod_exp_24(r, b, e, expBits, m, 0);
@@ -6276,8 +6307,8 @@ static WC_INLINE sp_digit div_4096_word_64(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_4096_word_64(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -6452,7 +6483,7 @@ static WC_INLINE int sp_4096_div_64(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_4096_cond_sub_64(&t1[64], &t1[64], d, (sp_digit)0 - r1);
     for (i = 63; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[64 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[64 + i] == div);
         sp_digit hi = t1[64 + i] + mask;
         r1 = div_4096_word_64(hi, t1[64 + i - 1], div);
         r1 |= mask;
@@ -6666,7 +6697,7 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
@@ -6889,7 +6920,7 @@ static int sp_4096_mod_exp_avx2_64(sp_digit* r, const sp_digit* a, const sp_digi
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
         sp_4096_mont_reduce_avx2_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_avx2_64(r, r, m, mask);
     }
 
@@ -6959,7 +6990,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
         m = r + 64 * 2;
         ah = a + 64;
 
-        sp_4096_from_bin(ah, 64, in, inLen);
+        sp_4096_from_bin(ah, 64, in, (int)inLen);
 #if DIGIT_BIT >= 64
         e = em->dp[0];
 #else
@@ -6987,7 +7018,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
             if (err == MP_OKAY) {
                 /* r = a ^ 0x10000 => r = a squared 16 times */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i = 15; i >= 0; i--) {
                         sp_4096_mont_sqr_avx2_64(r, r, m, mp);
                     }
@@ -7018,7 +7050,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
         }
         else if (e == 0x3) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 if (err == MP_OKAY) {
                     sp_4096_sqr_avx2_64(r, ah);
                     err = sp_4096_mod_64_cond(r, r, m);
@@ -7060,7 +7093,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
 
                 XMEMCPY(r, a, sizeof(sp_digit) * 64);
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     for (i--; i>=0; i--) {
                         sp_4096_mont_sqr_avx2_64(r, r, m, mp);
                         if (((e >> i) & 1) == 1) {
@@ -7180,7 +7214,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
 
         r = a;
 
-        sp_4096_from_bin(a, 64, in, inLen);
+        sp_4096_from_bin(a, 64, in, (int)inLen);
         sp_4096_from_mp(d, 64, dm);
         sp_4096_from_mp(m, 64, mm);
         err = sp_4096_mod_exp_64(r, a, d, 4096, m, 0);
@@ -7298,14 +7332,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
         tmpb = tmpa + 64;
         r = a + 64;
 
-        sp_4096_from_bin(a, 64, in, inLen);
+        sp_4096_from_bin(a, 64, in, (int)inLen);
         sp_4096_from_mp(p, 32, pm);
         sp_4096_from_mp(q, 32, qm);
         sp_4096_from_mp(dp, 32, dpm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_32(tmpa, a, dp, 2048, p, 1);
+        }
         else
 #endif
             err = sp_2048_mod_exp_32(tmpa, a, dp, 2048, p, 1);
@@ -7313,8 +7349,10 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         sp_4096_from_mp(dq, 32, dqm);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_2048_mod_exp_avx2_32(tmpb, a, dq, 2048, q, 1);
+       }
        else
 #endif
             err = sp_2048_mod_exp_32(tmpb, a, dq, 2048, q, 1);
@@ -7323,7 +7361,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
     if (err == MP_OKAY) {
         c = sp_2048_sub_in_place_32(tmpa, tmpb);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             c += sp_4096_cond_add_avx2_32(tmpa, tmpa, p, c);
             sp_4096_cond_add_avx2_32(tmpa, tmpa, p, c);
         }
@@ -7336,7 +7375,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
 
         sp_2048_from_mp(qi, 32, qim);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_2048_mul_avx2_32(tmpa, tmpa, qi);
         }
         else
@@ -7349,7 +7389,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
 
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_2048_mul_avx2_32(tmpa, q, tmpa);
         }
         else
@@ -7512,8 +7553,10 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
         sp_4096_from_mp(m, 64, mod);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_4096_mod_exp_avx2_64(r, b, e, expBits, m, 0);
+        }
         else
 #endif
             err = sp_4096_mod_exp_64(r, b, e, expBits, m, 0);
@@ -7673,7 +7716,7 @@ static int sp_4096_mod_exp_2_avx2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
         sp_4096_mont_reduce_avx2_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_avx2_64(r, r, m, mask);
     }
 
@@ -7811,7 +7854,7 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
         sp_4096_mont_reduce_64(r, m, mp);
 
-        mask = 0 - (sp_4096_cmp_64(r, m) >= 0);
+        mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0);
         sp_4096_cond_sub_64(r, r, m, mask);
     }
 
@@ -7886,27 +7929,31 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
 
     if (err == MP_OKAY) {
         sp_4096_from_mp(b, 64, base);
-        sp_4096_from_bin(e, 64, exp, expLen);
+        sp_4096_from_bin(e, 64, exp, (int)expLen);
         sp_4096_from_mp(m, 64, mod);
 
     #ifdef HAVE_FFDHE_4096
         if (base->used == 1 && base->dp[0] == 2 && m[63] == (sp_digit)-1) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_4096_mod_exp_2_avx2_64(r, e, expLen * 8, m);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_4096_mod_exp_2_avx2_64(r, e, (int)expLen * 8, m);
+            }
             else
 #endif
-                err = sp_4096_mod_exp_2_64(r, e, expLen * 8, m);
+                err = sp_4096_mod_exp_2_64(r, e, (int)expLen * 8, m);
         }
         else
     #endif
         {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
-                err = sp_4096_mod_exp_avx2_64(r, b, e, expLen * 8, m, 0);
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
+                err = sp_4096_mod_exp_avx2_64(r, b, e, (int)expLen * 8, m, 0);
+            }
             else
 #endif
-                err = sp_4096_mod_exp_64(r, b, e, expLen * 8, m, 0);
+                err = sp_4096_mod_exp_64(r, b, e, (int)expLen * 8, m, 0);
         }
     }
 
@@ -8084,14 +8131,14 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit*
 
     (void)m;
 
-    a32[0] = a[0] & 0xffffffff;
-    a32[1] = a[0] >> 32;
-    a32[2] = a[1] & 0xffffffff;
-    a32[3] = a[1] >> 32;
-    a32[4] = a[2] & 0xffffffff;
-    a32[5] = a[2] >> 32;
-    a32[6] = a[3] & 0xffffffff;
-    a32[7] = a[3] >> 32;
+    a32[0] = (int64_t)(a[0] & 0xffffffff);
+    a32[1] = (int64_t)(a[0] >> 32);
+    a32[2] = (int64_t)(a[1] & 0xffffffff);
+    a32[3] = (int64_t)(a[1] >> 32);
+    a32[4] = (int64_t)(a[2] & 0xffffffff);
+    a32[5] = (int64_t)(a[2] >> 32);
+    a32[6] = (int64_t)(a[3] & 0xffffffff);
+    a32[7] = (int64_t)(a[3] >> 32);
 
     /*  1  1  0 -1 -1 -1 -1  0 */
     t[0] = 0 + a32[0] + a32[1] - a32[3] - a32[4] - a32[5] - a32[6];
@@ -8141,10 +8188,10 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit*
     t[5] += t[4] >> 32; t[4] &= 0xffffffff;
     t[6] += t[5] >> 32; t[5] &= 0xffffffff;
     t[7] += t[6] >> 32; t[6] &= 0xffffffff;
-    r[0] = (t[1] << 32) | t[0];
-    r[1] = (t[3] << 32) | t[2];
-    r[2] = (t[5] << 32) | t[4];
-    r[3] = (t[7] << 32) | t[6];
+    r[0] = (sp_digit)((t[1] << 32) | t[0]);
+    r[1] = (sp_digit)((t[3] << 32) | t[2]);
+    r[2] = (sp_digit)((t[5] << 32) | t[4]);
+    r[3] = (sp_digit)((t[7] << 32) | t[6]);
 
     return MP_OKAY;
 }
@@ -8386,7 +8433,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_4(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P256 curve. */
-static const uint64_t p256_mod_minus_2[4] = {
+static const word64 p256_mod_minus_2[4] = {
     0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U,
     0xffffffff00000001U
 };
@@ -8519,7 +8566,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_4(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_4(r->x, p256_mod);
-    sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->x, r->x, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->x);
 
     /* y /= z^3 */
@@ -8528,7 +8575,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_4(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_4(r->y, p256_mod);
-    sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->y, r->y, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -8945,8 +8992,8 @@ static void sp_256_proj_point_add_4(sp_point_256* r,
         sp_256_mont_sub_4(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -8963,7 +9010,7 @@ static void sp_256_proj_point_add_4(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -9135,8 +9182,8 @@ static int sp_256_proj_point_add_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -9153,7 +9200,7 @@ static int sp_256_proj_point_add_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -9322,13 +9369,13 @@ static void sp_256_proj_point_add_sub_4(sp_point_256* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_256 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_256;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_4_6[66] = {
+static const word8 recode_index_4_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -9337,7 +9384,7 @@ static const uint8_t recode_index_4_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_4_6[66] = {
+static const word8 recode_neg_4_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -9355,7 +9402,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -9364,7 +9411,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<43; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -9378,12 +9425,12 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 4) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_4_6[y];
         v[i].neg = recode_neg_4_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -9691,7 +9738,7 @@ static void sp_256_map_avx2_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_avx2_4(r->x, p256_mod, p256_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_256_cmp_4(r->x, p256_mod);
-    sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->x, r->x, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->x);
 
     /* y /= z^3 */
@@ -9700,7 +9747,7 @@ static void sp_256_map_avx2_4(sp_point_256* r, const sp_point_256* p,
     sp_256_mont_reduce_avx2_4(r->y, p256_mod, p256_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_256_cmp_4(r->y, p256_mod);
-    sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63));
+    sp_256_cond_sub_4(r->y, r->y, p256_mod, (sp_digit)~(n >> 63));
     sp_256_norm_4(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -10063,8 +10110,8 @@ static void sp_256_proj_point_add_avx2_4(sp_point_256* r,
         sp_256_mont_sub_avx2_4(y, y, t5, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -10081,7 +10128,7 @@ static void sp_256_proj_point_add_avx2_4(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -10253,8 +10300,8 @@ static int sp_256_proj_point_add_avx2_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -10271,7 +10318,7 @@ static int sp_256_proj_point_add_avx2_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -10644,8 +10691,8 @@ static void sp_256_proj_point_add_qz1_4(sp_point_256* r,
         sp_256_mont_sub_4(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -10662,7 +10709,7 @@ static void sp_256_proj_point_add_qz1_4(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -10924,7 +10971,7 @@ typedef struct sp_cache_256_t {
     /* Precomputation table for point. */
     sp_table_entry_256 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_256_t;
@@ -10952,7 +10999,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_256_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -11133,8 +11180,8 @@ static void sp_256_proj_point_add_qz1_avx2_4(sp_point_256* r,
         sp_256_mont_sub_avx2_4(y, t3, t1, p256_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -11151,7 +11198,7 @@ static void sp_256_proj_point_add_qz1_avx2_4(sp_point_256* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -11499,8 +11546,10 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
         sp_256_point_from_ecc_point_4(point, gm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(point, point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(point, point, k, map, 1, heap);
@@ -11579,24 +11628,30 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(point, point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(point, point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_proj_point_add_avx2_4(point, point, addP, tmp);
+        }
         else
 #endif
             sp_256_proj_point_add_4(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_256_map_avx2_4(point, point, tmp);
+            }
             else
 #endif
                 sp_256_map_4(point, point, tmp);
@@ -11987,7 +12042,7 @@ static int sp_256_ecc_mulmod_base_avx2_4(sp_point_256* r, const sp_digit* k,
 #endif /* HAVE_INTEL_AVX2 */
 #else /* WOLFSSL_SP_SMALL */
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_4_7[130] = {
+static const word8 recode_index_4_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -12000,7 +12055,7 @@ static const uint8_t recode_index_4_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_4_7[130] = {
+static const word8 recode_neg_4_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -12022,7 +12077,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -12031,7 +12086,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
     n = k[j];
     o = 0;
     for (i=0; i<37; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -12045,12 +12100,12 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v)
         }
         else if (++j < 4) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_4_7[y];
         v[i].neg = recode_neg_4_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -24113,7 +24168,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
             p->infinity = !v[i].i;
             sp_256_sub_4(negy, p256_mod, p->y);
             sp_256_norm_4(negy);
-            sp_256_cond_copy_4(p->y, negy, 0 - v[i].neg);
+            sp_256_cond_copy_4(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_256_proj_point_add_qz1_4(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -24246,7 +24301,7 @@ static int sp_256_ecc_mulmod_add_only_avx2_4(sp_point_256* r, const sp_point_256
             p->infinity = !v[i].i;
             sp_256_sub_4(negy, p256_mod, p->y);
             sp_256_norm_4(negy);
-            sp_256_cond_copy_4(p->y, negy, 0 - v[i].neg);
+            sp_256_cond_copy_4(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_256_proj_point_add_qz1_avx2_4(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -24332,8 +24387,10 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
         sp_256_from_mp(k, 4, km);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_base_4(point, k, map, 1, heap);
@@ -24410,24 +24467,30 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_base_4(point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_proj_point_add_avx2_4(point, point, addP, tmp);
+        }
         else
 #endif
             sp_256_proj_point_add_4(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_256_map_avx2_4(point, point, tmp);
+            }
             else
 #endif
                 sp_256_map_4(point, point, tmp);
@@ -24581,8 +24644,10 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(point, k, 1, 1, NULL);
+       }
         else
 #endif
             err = sp_256_ecc_mulmod_base_4(point, k, 1, 1, NULL);
@@ -24591,7 +24656,8 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(infinity, point, p256_order, 1, 1,
                                                                           NULL);
         }
@@ -24786,8 +24852,10 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
         sp_256_from_mp(k, 4, priv);
         sp_256_point_from_ecc_point_4(point, pub);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(point, point, k, 1, 1, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(point, point, k, 1, 1, heap);
@@ -24918,8 +24986,8 @@ static WC_INLINE sp_digit div_256_word_4(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_256_word_4(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -24986,7 +25054,7 @@ static WC_INLINE int sp_256_div_4(const sp_digit* a, const sp_digit* d, sp_digit
 #endif
         sp_256_cond_sub_4(&t1[4], &t1[4], d, (sp_digit)0 - r1);
     for (i = 3; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[4 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[4 + i] == div);
         sp_digit hi = t1[4 + i] + mask;
         r1 = div_256_word_4(hi, t1[4 + i - 1], div);
         r1 |= mask;
@@ -25048,13 +25116,13 @@ static void sp_256_mont_mul_order_4(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P256 curve. */
-static const uint64_t p256_order_minus_2[4] = {
+static const word64 p256_order_minus_2[4] = {
     0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU,
     0xffffffff00000000U
 };
 #else
 /* The low half of the order-2 of the P256 curve. */
-static const uint64_t p256_order_low[2] = {
+static const word64 p256_order_low[2] = {
     0xf3b9cac2fc63254fU,0xbce6faada7179e84U
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -25532,8 +25600,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k,
 
     /* Conv k to Montgomery form (mod order) */
 #ifdef HAVE_INTEL_AVX2
-     if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_256_mul_avx2_4(k, k, p256_norm_order);
+    }
     else
 #endif
         sp_256_mul_4(k, k, p256_norm_order);
@@ -25543,8 +25613,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* kInv = 1/k mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_inv_order_avx2_4(kInv, k, tmp);
+        }
         else
 #endif
             sp_256_mont_inv_order_4(kInv, k, tmp);
@@ -25552,8 +25624,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = r * x + e */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mul_avx2_4(x, x, r);
+        }
         else
 #endif
             sp_256_mul_4(x, x, r);
@@ -25571,8 +25645,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = s * k^-1 mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_mul_order_avx2_4(s, s, kInv);
+        }
         else
 #endif
             sp_256_mont_mul_order_4(s, s, kInv);
@@ -25660,8 +25736,10 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
         }
         if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_256_ecc_mulmod_base_avx2_4(point, k, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_256_ecc_mulmod_base_4(point, k, 1, 1, heap);
@@ -25923,7 +26001,8 @@ static void sp_256_add_points_4(sp_point_256* p1, const sp_point_256* p2,
 #endif
 
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_256_proj_point_add_avx2_4(p1, p1, p2, tmp);
     }
     else
@@ -25932,7 +26011,8 @@ static void sp_256_add_points_4(sp_point_256* p1, const sp_point_256* p2,
     if (sp_256_iszero_4(p1->z)) {
         if (sp_256_iszero_4(p1->x) && sp_256_iszero_4(p1->y)) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_256_proj_point_dbl_avx2_4(p1, p2, tmp);
             }
             else
@@ -25970,7 +26050,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
 
 #ifndef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_256_mod_inv_avx2_4(s, s, p256_order);
     }
     else
@@ -25981,7 +26062,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
 #endif /* !WOLFSSL_SP_SMALL */
     {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mul_avx2_4(s, s, p256_norm_order);
         }
         else
@@ -25995,7 +26077,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
         sp_256_norm_4(s);
 #ifdef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_inv_order_avx2_4(s, s, tmp);
             sp_256_mont_mul_order_avx2_4(u1, u1, s);
             sp_256_mont_mul_order_avx2_4(u2, u2, s);
@@ -26009,7 +26092,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
         }
 #else
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_mul_order_avx2_4(u1, u1, s);
             sp_256_mont_mul_order_avx2_4(u2, u2, s);
         }
@@ -26021,7 +26105,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
         }
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(p1, u1, 0, 0, heap);
         }
         else
@@ -26035,8 +26120,10 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(p2, p2, u2, 0, 0, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(p2, p2, u2, 0, 0, heap);
@@ -26138,14 +26225,18 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
     if (err == MP_OKAY) {
         /* u1 = r.z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_sqr_avx2_4(p1->z, p1->z, p256_mod, p256_mp_mod);
+        }
         else
 #endif
             sp_256_mont_sqr_4(p1->z, p1->z, p256_mod, p256_mp_mod);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_mul_avx2_4(u1, u2, p1->z, p256_mod, p256_mp_mod);
+        }
         else
 #endif
             sp_256_mont_mul_4(u1, u2, p1->z, p256_mod, p256_mp_mod);
@@ -26168,7 +26259,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
             if (err == MP_OKAY) {
                 /* u1 = (r + 1*order).z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     sp_256_mont_mul_avx2_4(u1, u2, p1->z, p256_mod,
                         p256_mp_mod);
                 }
@@ -26520,8 +26612,10 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
     if (err == MP_OKAY) {
         /* Point * order = infinity */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_256_ecc_mulmod_avx2_4(p, pub, p256_order, 1, 1, heap);
+        }
         else
 #endif
             err = sp_256_ecc_mulmod_4(p, pub, p256_order, 1, 1, heap);
@@ -26536,8 +26630,10 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
         if (err == MP_OKAY) {
             /* Base * private = point */
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_256_ecc_mulmod_base_avx2_4(p, priv, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_256_ecc_mulmod_base_4(p, priv, 1, 1, heap);
@@ -26621,8 +26717,10 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_256_iszero_4(q->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_proj_point_add_avx2_4(p, p, q, tmp);
+        }
         else
 #endif
             sp_256_proj_point_add_4(p, p, q, tmp);
@@ -26695,8 +26793,10 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_256_iszero_4(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_proj_point_dbl_avx2_4(p, p, tmp);
+        }
         else
 #endif
             sp_256_proj_point_dbl_4(p, p, tmp);
@@ -26765,8 +26865,10 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
                       sp_256_iszero_4(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_map_avx2_4(p, p, tmp);
+        }
         else
 #endif
             sp_256_map_4(p, p, tmp);
@@ -26820,7 +26922,8 @@ static int sp_256_mont_sqrt_4(sp_digit* y)
         t2 = t1 + 2 * 4;
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             /* t2 = y ^ 0x2 */
             sp_256_mont_sqr_avx2_4(t2, y, p256_mod, p256_mp_mod);
             /* t1 = y ^ 0x3 */
@@ -26929,7 +27032,8 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
     if (err == MP_OKAY) {
         /* y = x^3 */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_256_mont_sqr_avx2_4(y, x, p256_mod, p256_mp_mod);
             sp_256_mont_mul_avx2_4(y, y, x, p256_mod, p256_mp_mod);
         }
@@ -27129,18 +27233,18 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
     if (err == MP_OKAY) {
         a32 = t + 12;
 
-        a32[0] = a[0] & 0xffffffff;
-        a32[1] = a[0] >> 32;
-        a32[2] = a[1] & 0xffffffff;
-        a32[3] = a[1] >> 32;
-        a32[4] = a[2] & 0xffffffff;
-        a32[5] = a[2] >> 32;
-        a32[6] = a[3] & 0xffffffff;
-        a32[7] = a[3] >> 32;
-        a32[8] = a[4] & 0xffffffff;
-        a32[9] = a[4] >> 32;
-        a32[10] = a[5] & 0xffffffff;
-        a32[11] = a[5] >> 32;
+        a32[0] = (int64_t)(a[0] & 0xffffffff);
+        a32[1] = (int64_t)(a[0] >> 32);
+        a32[2] = (int64_t)(a[1] & 0xffffffff);
+        a32[3] = (int64_t)(a[1] >> 32);
+        a32[4] = (int64_t)(a[2] & 0xffffffff);
+        a32[5] = (int64_t)(a[2] >> 32);
+        a32[6] = (int64_t)(a[3] & 0xffffffff);
+        a32[7] = (int64_t)(a[3] >> 32);
+        a32[8] = (int64_t)(a[4] & 0xffffffff);
+        a32[9] = (int64_t)(a[4] >> 32);
+        a32[10] = (int64_t)(a[5] & 0xffffffff);
+        a32[11] = (int64_t)(a[5] >> 32);
 
         /*  1  0  0  0  0  0  0  0  1  1  0 -1 */
         t[0] = 0 + a32[0] + a32[8] + a32[9] - a32[11];
@@ -27195,12 +27299,12 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
         t[10] += t[9] >> 32; t[9] &= 0xffffffff;
         t[11] += t[10] >> 32; t[10] &= 0xffffffff;
 
-        r[0] = (t[1] << 32) | t[0];
-        r[1] = (t[3] << 32) | t[2];
-        r[2] = (t[5] << 32) | t[4];
-        r[3] = (t[7] << 32) | t[6];
-        r[4] = (t[9] << 32) | t[8];
-        r[5] = (t[11] << 32) | t[10];
+        r[0] = (sp_digit)((t[1] << 32) | t[0]);
+        r[1] = (sp_digit)((t[3] << 32) | t[2]);
+        r[2] = (sp_digit)((t[5] << 32) | t[4]);
+        r[3] = (sp_digit)((t[7] << 32) | t[6]);
+        r[4] = (sp_digit)((t[9] << 32) | t[8]);
+        r[5] = (sp_digit)((t[11] << 32) | t[10]);
     }
 
 #ifdef WOLFSSL_SP_SMALL_STACK
@@ -27484,7 +27588,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_6(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P384 curve. */
-static const uint64_t p384_mod_minus_2[6] = {
+static const word64 p384_mod_minus_2[6] = {
     0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
@@ -27612,7 +27716,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_6(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_6(r->x, p384_mod);
-    sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->x, r->x, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->x);
 
     /* y /= z^3 */
@@ -27621,7 +27725,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_6(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_6(r->y, p384_mod);
-    sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->y, r->y, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -28044,8 +28148,8 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
         sp_384_mont_sub_6(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -28062,7 +28166,7 @@ static void sp_384_proj_point_add_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -28236,8 +28340,8 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -28254,7 +28358,7 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -28426,13 +28530,13 @@ static void sp_384_proj_point_add_sub_6(sp_point_384* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_384 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_384;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_6_6[66] = {
+static const word8 recode_index_6_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -28441,7 +28545,7 @@ static const uint8_t recode_index_6_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_6_6[66] = {
+static const word8 recode_neg_6_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -28459,7 +28563,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -28468,7 +28572,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<65; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -28482,12 +28586,12 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 6) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_6_6[y];
         v[i].neg = recode_neg_6_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -28831,7 +28935,7 @@ static void sp_384_map_avx2_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_avx2_6(r->x, p384_mod, p384_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_384_cmp_6(r->x, p384_mod);
-    sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->x, r->x, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->x);
 
     /* y /= z^3 */
@@ -28840,7 +28944,7 @@ static void sp_384_map_avx2_6(sp_point_384* r, const sp_point_384* p,
     sp_384_mont_reduce_avx2_6(r->y, p384_mod, p384_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_384_cmp_6(r->y, p384_mod);
-    sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63));
+    sp_384_cond_sub_6(r->y, r->y, p384_mod, (sp_digit)~(n >> 63));
     sp_384_norm_6(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -29215,8 +29319,8 @@ static void sp_384_proj_point_add_avx2_6(sp_point_384* r,
         sp_384_mont_sub_avx2_6(y, y, t5, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29233,7 +29337,7 @@ static void sp_384_proj_point_add_avx2_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -29407,8 +29511,8 @@ static int sp_384_proj_point_add_avx2_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29425,7 +29529,7 @@ static int sp_384_proj_point_add_avx2_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -29804,8 +29908,8 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r,
         sp_384_mont_sub_6(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -29822,7 +29926,7 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -30084,7 +30188,7 @@ typedef struct sp_cache_384_t {
     /* Precomputation table for point. */
     sp_table_entry_384 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_384_t;
@@ -30112,7 +30216,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_384_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -30296,8 +30400,8 @@ static void sp_384_proj_point_add_qz1_avx2_6(sp_point_384* r,
         sp_384_mont_sub_avx2_6(y, t3, t1, p384_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -30314,7 +30418,7 @@ static void sp_384_proj_point_add_qz1_avx2_6(sp_point_384* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -30662,8 +30766,10 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
         sp_384_point_from_ecc_point_6(point, gm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(point, point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(point, point, k, map, 1, heap);
@@ -30742,24 +30848,30 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(point, point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(point, point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_proj_point_add_avx2_6(point, point, addP, tmp);
+        }
         else
 #endif
             sp_384_proj_point_add_6(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_384_map_avx2_6(point, point, tmp);
+            }
             else
 #endif
                 sp_384_map_6(point, point, tmp);
@@ -31150,7 +31262,7 @@ static int sp_384_ecc_mulmod_base_avx2_6(sp_point_384* r, const sp_digit* k,
 #endif /* HAVE_INTEL_AVX2 */
 #else /* WOLFSSL_SP_SMALL */
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_6_7[130] = {
+static const word8 recode_index_6_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -31163,7 +31275,7 @@ static const uint8_t recode_index_6_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_6_7[130] = {
+static const word8 recode_neg_6_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -31185,7 +31297,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -31194,7 +31306,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
     n = k[j];
     o = 0;
     for (i=0; i<55; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -31208,12 +31320,12 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v)
         }
         else if (++j < 6) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_6_7[y];
         v[i].neg = recode_neg_6_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -49090,7 +49202,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
             p->infinity = !v[i].i;
             sp_384_sub_6(negy, p384_mod, p->y);
             sp_384_norm_6(negy);
-            sp_384_cond_copy_6(p->y, negy, 0 - v[i].neg);
+            sp_384_cond_copy_6(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_384_proj_point_add_qz1_6(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -49223,7 +49335,7 @@ static int sp_384_ecc_mulmod_add_only_avx2_6(sp_point_384* r, const sp_point_384
             p->infinity = !v[i].i;
             sp_384_sub_6(negy, p384_mod, p->y);
             sp_384_norm_6(negy);
-            sp_384_cond_copy_6(p->y, negy, 0 - v[i].neg);
+            sp_384_cond_copy_6(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_384_proj_point_add_qz1_avx2_6(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -49309,8 +49421,10 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
         sp_384_from_mp(k, 6, km);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_base_6(point, k, map, 1, heap);
@@ -49387,24 +49501,30 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_base_6(point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_proj_point_add_avx2_6(point, point, addP, tmp);
+        }
         else
 #endif
             sp_384_proj_point_add_6(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_384_map_avx2_6(point, point, tmp);
+            }
             else
 #endif
                 sp_384_map_6(point, point, tmp);
@@ -49558,8 +49678,10 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(point, k, 1, 1, NULL);
+       }
         else
 #endif
             err = sp_384_ecc_mulmod_base_6(point, k, 1, 1, NULL);
@@ -49568,7 +49690,8 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(infinity, point, p384_order, 1, 1,
                                                                           NULL);
         }
@@ -49763,8 +49886,10 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
         sp_384_from_mp(k, 6, priv);
         sp_384_point_from_ecc_point_6(point, pub);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(point, point, k, 1, 1, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(point, point, k, 1, 1, heap);
@@ -49895,8 +50020,8 @@ static WC_INLINE sp_digit div_384_word_6(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_384_word_6(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -49965,7 +50090,7 @@ static WC_INLINE int sp_384_div_6(const sp_digit* a, const sp_digit* d, sp_digit
 #endif
         sp_384_cond_sub_6(&t1[6], &t1[6], d, (sp_digit)0 - r1);
     for (i = 5; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[6 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[6 + i] == div);
         sp_digit hi = t1[6 + i] + mask;
         r1 = div_384_word_6(hi, t1[6 + i - 1], div);
         r1 |= mask;
@@ -50026,13 +50151,13 @@ static void sp_384_mont_mul_order_6(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P384 curve. */
-static const uint64_t p384_order_minus_2[6] = {
+static const word64 p384_order_minus_2[6] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU
 };
 #else
 /* The low half of the order-2 of the P384 curve. */
-static const uint64_t p384_order_low[3] = {
+static const word64 p384_order_low[3] = {
     0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU
 };
 #endif /* WOLFSSL_SP_SMALL */
@@ -50367,8 +50492,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k,
 
     /* Conv k to Montgomery form (mod order) */
 #ifdef HAVE_INTEL_AVX2
-     if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_384_mul_avx2_6(k, k, p384_norm_order);
+    }
     else
 #endif
         sp_384_mul_6(k, k, p384_norm_order);
@@ -50378,8 +50505,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* kInv = 1/k mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_inv_order_avx2_6(kInv, k, tmp);
+        }
         else
 #endif
             sp_384_mont_inv_order_6(kInv, k, tmp);
@@ -50387,8 +50516,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = r * x + e */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mul_avx2_6(x, x, r);
+        }
         else
 #endif
             sp_384_mul_6(x, x, r);
@@ -50406,8 +50537,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = s * k^-1 mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_mul_order_avx2_6(s, s, kInv);
+        }
         else
 #endif
             sp_384_mont_mul_order_6(s, s, kInv);
@@ -50495,8 +50628,10 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
         }
         if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_384_ecc_mulmod_base_avx2_6(point, k, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_384_ecc_mulmod_base_6(point, k, 1, 1, heap);
@@ -50847,7 +50982,8 @@ static void sp_384_add_points_6(sp_point_384* p1, const sp_point_384* p2,
 #endif
 
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_384_proj_point_add_avx2_6(p1, p1, p2, tmp);
     }
     else
@@ -50856,7 +50992,8 @@ static void sp_384_add_points_6(sp_point_384* p1, const sp_point_384* p2,
     if (sp_384_iszero_6(p1->z)) {
         if (sp_384_iszero_6(p1->x) && sp_384_iszero_6(p1->y)) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_384_proj_point_dbl_avx2_6(p1, p2, tmp);
             }
             else
@@ -50900,7 +51037,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
 #endif /* !WOLFSSL_SP_SMALL */
     {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mul_avx2_6(s, s, p384_norm_order);
         }
         else
@@ -50914,7 +51052,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
         sp_384_norm_6(s);
 #ifdef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_inv_order_avx2_6(s, s, tmp);
             sp_384_mont_mul_order_avx2_6(u1, u1, s);
             sp_384_mont_mul_order_avx2_6(u2, u2, s);
@@ -50928,7 +51067,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
         }
 #else
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_mul_order_avx2_6(u1, u1, s);
             sp_384_mont_mul_order_avx2_6(u2, u2, s);
         }
@@ -50940,7 +51080,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
         }
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(p1, u1, 0, 0, heap);
         }
         else
@@ -50954,8 +51095,10 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(p2, p2, u2, 0, 0, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(p2, p2, u2, 0, 0, heap);
@@ -51057,14 +51200,18 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
     if (err == MP_OKAY) {
         /* u1 = r.z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_sqr_avx2_6(p1->z, p1->z, p384_mod, p384_mp_mod);
+        }
         else
 #endif
             sp_384_mont_sqr_6(p1->z, p1->z, p384_mod, p384_mp_mod);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_mul_avx2_6(u1, u2, p1->z, p384_mod, p384_mp_mod);
+        }
         else
 #endif
             sp_384_mont_mul_6(u1, u2, p1->z, p384_mod, p384_mp_mod);
@@ -51087,7 +51234,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
             if (err == MP_OKAY) {
                 /* u1 = (r + 1*order).z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     sp_384_mont_mul_avx2_6(u1, u2, p1->z, p384_mod,
                         p384_mp_mod);
                 }
@@ -51439,8 +51587,10 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
     if (err == MP_OKAY) {
         /* Point * order = infinity */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_384_ecc_mulmod_avx2_6(p, pub, p384_order, 1, 1, heap);
+        }
         else
 #endif
             err = sp_384_ecc_mulmod_6(p, pub, p384_order, 1, 1, heap);
@@ -51455,8 +51605,10 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
         if (err == MP_OKAY) {
             /* Base * private = point */
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_384_ecc_mulmod_base_avx2_6(p, priv, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_384_ecc_mulmod_base_6(p, priv, 1, 1, heap);
@@ -51540,8 +51692,10 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_384_iszero_6(q->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_proj_point_add_avx2_6(p, p, q, tmp);
+        }
         else
 #endif
             sp_384_proj_point_add_6(p, p, q, tmp);
@@ -51614,8 +51768,10 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_384_iszero_6(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_proj_point_dbl_avx2_6(p, p, tmp);
+        }
         else
 #endif
             sp_384_proj_point_dbl_6(p, p, tmp);
@@ -51684,8 +51840,10 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
                       sp_384_iszero_6(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_map_avx2_6(p, p, tmp);
+        }
         else
 #endif
             sp_384_map_6(p, p, tmp);
@@ -51744,7 +51902,8 @@ static int sp_384_mont_sqrt_6(sp_digit* y)
         t5 = t1 + 8 * 6;
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             /* t2 = y ^ 0x2 */
             sp_384_mont_sqr_avx2_6(t2, y, p384_mod, p384_mp_mod);
             /* t1 = y ^ 0x3 */
@@ -51903,7 +52062,8 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
     if (err == MP_OKAY) {
         /* y = x^3 */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_384_mont_sqr_avx2_6(y, x, p384_mod, p384_mp_mod);
             sp_384_mont_mul_avx2_6(y, y, x, p384_mod, p384_mp_mod);
         }
@@ -52338,7 +52498,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r,
 #endif /* !WOLFSSL_SP_SMALL */
 #ifdef WOLFSSL_SP_SMALL
 /* Mod-2 for the P521 curve. */
-static const uint64_t p521_mod_minus_2[9] = {
+static const word64 p521_mod_minus_2[9] = {
     0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
@@ -52484,7 +52644,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_9(r->x, p521_mod);
-    sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->x);
 
     /* y /= z^3 */
@@ -52493,7 +52653,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_9(r->y, p521_mod);
-    sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -52918,8 +53078,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
         sp_521_mont_sub_9(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -52936,7 +53096,7 @@ static void sp_521_proj_point_add_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -53110,8 +53270,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -53128,7 +53288,7 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -53300,13 +53460,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_521 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_521;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_6[66] = {
+static const word8 recode_index_9_6[66] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
@@ -53315,7 +53475,7 @@ static const uint8_t recode_index_9_6[66] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_6[66] = {
+static const word8 recode_neg_9_6[66] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
@@ -53333,7 +53493,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -53342,7 +53502,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<87; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 6 < 64) {
             y &= 0x3f;
             n >>= 6;
@@ -53356,12 +53516,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x3f);
+            y |= (word8)((n << (64 - o)) & 0x3f);
             o -= 58;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_9_6[y];
         v[i].neg = recode_neg_9_6[y];
         carry = (y >> 6) + v[i].neg;
@@ -53682,7 +53842,7 @@ static void sp_521_map_avx2_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_avx2_9(r->x, p521_mod, p521_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_521_cmp_9(r->x, p521_mod);
-    sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->x);
 
     /* y /= z^3 */
@@ -53691,7 +53851,7 @@ static void sp_521_map_avx2_9(sp_point_521* r, const sp_point_521* p,
     sp_521_mont_reduce_avx2_9(r->y, p521_mod, p521_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_521_cmp_9(r->y, p521_mod);
-    sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63));
+    sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 63));
     sp_521_norm_9(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -54066,8 +54226,8 @@ static void sp_521_proj_point_add_avx2_9(sp_point_521* r,
         sp_521_mont_sub_avx2_9(y, y, t5, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -54084,7 +54244,7 @@ static void sp_521_proj_point_add_avx2_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -54258,8 +54418,8 @@ static int sp_521_proj_point_add_avx2_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -54276,7 +54436,7 @@ static int sp_521_proj_point_add_avx2_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -54655,8 +54815,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
         sp_521_mont_sub_9(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -54673,7 +54833,7 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -54935,7 +55095,7 @@ typedef struct sp_cache_521_t {
     /* Precomputation table for point. */
     sp_table_entry_521 table[64];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_521_t;
@@ -54963,7 +55123,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache)
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_521_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -55147,8 +55307,8 @@ static void sp_521_proj_point_add_qz1_avx2_9(sp_point_521* r,
         sp_521_mont_sub_avx2_9(y, t3, t1, p521_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -55165,7 +55325,7 @@ static void sp_521_proj_point_add_qz1_avx2_9(sp_point_521* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -55513,8 +55673,10 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r,
         sp_521_point_from_ecc_point_9(point, gm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(point, point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(point, point, k, map, 1, heap);
@@ -55593,24 +55755,30 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(point, point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(point, point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_proj_point_add_avx2_9(point, point, addP, tmp);
+        }
         else
 #endif
             sp_521_proj_point_add_9(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_521_map_avx2_9(point, point, tmp);
+            }
             else
 #endif
                 sp_521_map_9(point, point, tmp);
@@ -56127,7 +56295,7 @@ static int sp_521_ecc_mulmod_base_avx2_9(sp_point_521* r, const sp_digit* k,
 #endif /* HAVE_INTEL_AVX2 */
 #else /* WOLFSSL_SP_SMALL */
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_9_7[130] = {
+static const word8 recode_index_9_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -56140,7 +56308,7 @@ static const uint8_t recode_index_9_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_9_7[130] = {
+static const word8 recode_neg_9_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -56162,7 +56330,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -56171,7 +56339,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
     n = k[j];
     o = 0;
     for (i=0; i<75; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -56185,12 +56353,12 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v)
         }
         else if (++j < 9) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_9_7[y];
         v[i].neg = recode_neg_9_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -90127,7 +90295,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g,
             p->infinity = !v[i].i;
             sp_521_sub_9(negy, p521_mod, p->y);
             sp_521_norm_9(negy);
-            sp_521_cond_copy_9(p->y, negy, 0 - v[i].neg);
+            sp_521_cond_copy_9(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_521_proj_point_add_qz1_9(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -90260,7 +90428,7 @@ static int sp_521_ecc_mulmod_add_only_avx2_9(sp_point_521* r, const sp_point_521
             p->infinity = !v[i].i;
             sp_521_sub_9(negy, p521_mod, p->y);
             sp_521_norm_9(negy);
-            sp_521_cond_copy_9(p->y, negy, 0 - v[i].neg);
+            sp_521_cond_copy_9(p->y, negy, (sp_digit)(0 - v[i].neg));
             sp_521_proj_point_add_qz1_avx2_9(rt, rt, p, tmp);
         }
         if (map != 0) {
@@ -90346,8 +90514,10 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap)
         sp_521_from_mp(k, 9, km);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_base_avx2_9(point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_base_9(point, k, map, 1, heap);
@@ -90424,24 +90594,30 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_base_avx2_9(point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_base_9(point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_proj_point_add_avx2_9(point, point, addP, tmp);
+        }
         else
 #endif
             sp_521_proj_point_add_9(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_521_map_avx2_9(point, point, tmp);
+            }
             else
 #endif
                 sp_521_map_9(point, point, tmp);
@@ -90596,8 +90772,10 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_base_avx2_9(point, k, 1, 1, NULL);
+       }
         else
 #endif
             err = sp_521_ecc_mulmod_base_9(point, k, 1, 1, NULL);
@@ -90606,7 +90784,8 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(infinity, point, p521_order, 1, 1,
                                                                           NULL);
         }
@@ -90801,8 +90980,10 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
         sp_521_from_mp(k, 9, priv);
         sp_521_point_from_ecc_point_9(point, pub);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(point, point, k, 1, 1, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(point, point, k, 1, 1, heap);
@@ -90954,8 +91135,8 @@ static WC_INLINE sp_digit div_521_word_9(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_521_word_9(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -91091,14 +91272,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig
 #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL))
 #ifdef WOLFSSL_SP_SMALL
 /* Order-2 for the P521 curve. */
-static const uint64_t p521_order_minus_2[9] = {
+static const word64 p521_order_minus_2[9] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU,
     0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU
 };
 #else
 /* The low half of the order-2 of the P521 curve. */
-static const uint64_t p521_order_low[5] = {
+static const word64 p521_order_low[5] = {
     0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U,
     0x51868783bf2f966bU,0xfffffffffffffffaU
 };
@@ -91460,8 +91641,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k,
 
     /* Conv k to Montgomery form (mod order) */
 #ifdef HAVE_INTEL_AVX2
-     if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_521_mul_avx2_9(k, k, p521_norm_order);
+    }
     else
 #endif
         sp_521_mul_9(k, k, p521_norm_order);
@@ -91471,8 +91654,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* kInv = 1/k mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_inv_order_avx2_9(kInv, k, tmp);
+        }
         else
 #endif
             sp_521_mont_inv_order_9(kInv, k, tmp);
@@ -91480,8 +91665,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = r * x + e */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mul_avx2_9(x, x, r);
+        }
         else
 #endif
             sp_521_mul_9(x, x, r);
@@ -91499,8 +91686,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k,
 
         /* s = s * k^-1 mod order */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_mul_order_avx2_9(s, s, kInv);
+        }
         else
 #endif
             sp_521_mont_mul_order_9(s, s, kInv);
@@ -91588,8 +91777,10 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
         }
         if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_521_ecc_mulmod_base_avx2_9(point, k, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_521_ecc_mulmod_base_9(point, k, 1, 1, heap);
@@ -91948,7 +92139,8 @@ static void sp_521_add_points_9(sp_point_521* p1, const sp_point_521* p2,
 #endif
 
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+            IS_INTEL_AVX2(cpuid_flags)) {
         sp_521_proj_point_add_avx2_9(p1, p1, p2, tmp);
     }
     else
@@ -91957,7 +92149,8 @@ static void sp_521_add_points_9(sp_point_521* p1, const sp_point_521* p2,
     if (sp_521_iszero_9(p1->z)) {
         if (sp_521_iszero_9(p1->x) && sp_521_iszero_9(p1->y)) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_521_proj_point_dbl_avx2_9(p1, p2, tmp);
             }
             else
@@ -92004,7 +92197,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
 #endif /* !WOLFSSL_SP_SMALL */
     {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mul_avx2_9(s, s, p521_norm_order);
         }
         else
@@ -92018,7 +92212,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
         sp_521_norm_9(s);
 #ifdef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_inv_order_avx2_9(s, s, tmp);
             sp_521_mont_mul_order_avx2_9(u1, u1, s);
             sp_521_mont_mul_order_avx2_9(u2, u2, s);
@@ -92032,7 +92227,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
         }
 #else
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_mul_order_avx2_9(u1, u1, s);
             sp_521_mont_mul_order_avx2_9(u2, u2, s);
         }
@@ -92044,7 +92240,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
         }
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_base_avx2_9(p1, u1, 0, 0, heap);
         }
         else
@@ -92058,8 +92255,10 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(p2, p2, u2, 0, 0, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(p2, p2, u2, 0, 0, heap);
@@ -92165,14 +92364,18 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
     if (err == MP_OKAY) {
         /* u1 = r.z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_sqr_avx2_9(p1->z, p1->z, p521_mod, p521_mp_mod);
+        }
         else
 #endif
             sp_521_mont_sqr_9(p1->z, p1->z, p521_mod, p521_mp_mod);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_mul_avx2_9(u1, u2, p1->z, p521_mod, p521_mp_mod);
+        }
         else
 #endif
             sp_521_mont_mul_9(u1, u2, p1->z, p521_mod, p521_mp_mod);
@@ -92195,7 +92398,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
             if (err == MP_OKAY) {
                 /* u1 = (r + 1*order).z'.z' mod prime */
 #ifdef HAVE_INTEL_AVX2
-                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+                if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                        IS_INTEL_AVX2(cpuid_flags)) {
                     sp_521_mont_mul_avx2_9(u1, u2, p1->z, p521_mod,
                         p521_mp_mod);
                 }
@@ -92550,8 +92754,10 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
     if (err == MP_OKAY) {
         /* Point * order = infinity */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_521_ecc_mulmod_avx2_9(p, pub, p521_order, 1, 1, heap);
+        }
         else
 #endif
             err = sp_521_ecc_mulmod_9(p, pub, p521_order, 1, 1, heap);
@@ -92566,8 +92772,10 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY,
         if (err == MP_OKAY) {
             /* Base * private = point */
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_521_ecc_mulmod_base_avx2_9(p, priv, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_521_ecc_mulmod_base_9(p, priv, 1, 1, heap);
@@ -92651,8 +92859,10 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_521_iszero_9(q->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_proj_point_add_avx2_9(p, p, q, tmp);
+        }
         else
 #endif
             sp_521_proj_point_add_9(p, p, q, tmp);
@@ -92725,8 +92935,10 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ,
                       sp_521_iszero_9(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_proj_point_dbl_avx2_9(p, p, tmp);
+        }
         else
 #endif
             sp_521_proj_point_dbl_9(p, p, tmp);
@@ -92795,8 +93007,10 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
                       sp_521_iszero_9(p->y);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_map_avx2_9(p, p, tmp);
+        }
         else
 #endif
             sp_521_map_9(p, p, tmp);
@@ -92822,7 +93036,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ)
 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
 #ifdef HAVE_COMP_KEY
 /* Square root power for the P521 curve. */
-static const uint64_t p521_sqrt_power[9] = {
+static const word64 p521_sqrt_power[9] = {
     0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,
     0x0000000000000080
@@ -92854,7 +93068,8 @@ static int sp_521_mont_sqrt_9(sp_digit* y)
     if (err == MP_OKAY) {
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             int i;
 
             XMEMCPY(t, y, sizeof(sp_digit) * 9);
@@ -92923,7 +93138,8 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym)
     if (err == MP_OKAY) {
         /* y = x^3 */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_521_mont_sqr_avx2_9(y, x, p521_mod, p521_mp_mod);
             sp_521_mont_mul_avx2_9(y, y, x, p521_mod, p521_mp_mod);
         }
@@ -93162,8 +93378,8 @@ static WC_INLINE sp_digit div_1024_word_16(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_1024_word_16(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    ASSERT_SAVED_VECTOR_REGISTERS();
     register sp_digit r asm("rax");
+    ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
         : "=a" (r)
@@ -93245,7 +93461,7 @@ static WC_INLINE int sp_1024_div_16(const sp_digit* a, const sp_digit* d, sp_dig
 #endif
         sp_1024_cond_sub_16(&t1[16], &t1[16], d, (sp_digit)0 - r1);
     for (i = 15; i >= 0; i--) {
-        sp_digit mask = 0 - (t1[16 + i] == div);
+        sp_digit mask = (sp_digit)0 - (t1[16 + i] == div);
         sp_digit hi = t1[16 + i] + mask;
         r1 = div_1024_word_16(hi, t1[16 + i - 1], div);
         r1 |= mask;
@@ -93621,7 +93837,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_16(sp_digit* r, const sp_digit* a,
 }
 
 /* Mod-2 for the P1024 curve. */
-static const uint8_t p1024_mod_minus_2[] = {
+static const word8 p1024_mod_minus_2[] = {
      6,0x06,  7,0x0f,  7,0x0b,  6,0x0c,  7,0x1e,  9,0x09,  7,0x0c,  7,0x1f,
      6,0x16,  6,0x06,  7,0x0e,  8,0x10,  6,0x03,  8,0x11,  6,0x0d,  7,0x14,
      9,0x12,  6,0x0f,  7,0x04,  9,0x0d,  6,0x00,  7,0x13,  6,0x01,  6,0x07,
@@ -93711,7 +93927,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_16(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_16(r->x, p1024_mod);
-    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->x);
 
     /* y /= z^3 */
@@ -93720,7 +93936,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_16(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_16(r->y, p1024_mod);
-    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -94148,8 +94364,8 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
         sp_1024_mont_sub_16(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -94166,7 +94382,7 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -94340,8 +94556,8 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -94358,7 +94574,7 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -94530,13 +94746,13 @@ static void sp_1024_proj_point_add_sub_16(sp_point_1024* ra,
 /* Structure used to describe recoding of scalar multiplication. */
 typedef struct ecc_recode_1024 {
     /* Index into pre-computation table. */
-    uint8_t i;
+    word8 i;
     /* Use the negative of the point. */
-    uint8_t neg;
+    word8 neg;
 } ecc_recode_1024;
 
 /* The index into pre-computation table to use. */
-static const uint8_t recode_index_16_7[130] = {
+static const word8 recode_index_16_7[130] = {
      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
@@ -94549,7 +94765,7 @@ static const uint8_t recode_index_16_7[130] = {
 };
 
 /* Whether to negate y-ordinate. */
-static const uint8_t recode_neg_16_7[130] = {
+static const word8 recode_neg_16_7[130] = {
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
      0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
@@ -94571,7 +94787,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
 {
     int i;
     int j;
-    uint8_t y;
+    word8 y;
     int carry = 0;
     int o;
     sp_digit n;
@@ -94580,7 +94796,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
     n = k[j];
     o = 0;
     for (i=0; i<147; i++) {
-        y = (int8_t)n;
+        y = (word8)(int8_t)n;
         if (o + 7 < 64) {
             y &= 0x7f;
             n >>= 7;
@@ -94594,12 +94810,12 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
         }
         else if (++j < 16) {
             n = k[j];
-            y |= (uint8_t)((n << (64 - o)) & 0x7f);
+            y |= (word8)((n << (64 - o)) & 0x7f);
             o -= 57;
             n >>= o;
         }
 
-        y += (uint8_t)carry;
+        y = (word8)(y + carry);
         v[i].i = recode_index_16_7[y];
         v[i].neg = recode_neg_16_7[y];
         carry = (y >> 7) + v[i].neg;
@@ -94858,7 +95074,7 @@ static void sp_1024_map_avx2_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_avx2_16(r->x, p1024_mod, p1024_mp_mod);
     /* Reduce x to less than modulus */
     n = sp_1024_cmp_16(r->x, p1024_mod);
-    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->x, r->x, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->x);
 
     /* y /= z^3 */
@@ -94867,7 +95083,7 @@ static void sp_1024_map_avx2_16(sp_point_1024* r, const sp_point_1024* p,
     sp_1024_mont_reduce_avx2_16(r->y, p1024_mod, p1024_mp_mod);
     /* Reduce y to less than modulus */
     n = sp_1024_cmp_16(r->y, p1024_mod);
-    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63));
+    sp_1024_cond_sub_16(r->y, r->y, p1024_mod, (sp_digit)~(n >> 63));
     sp_1024_norm_16(r->y);
 
     XMEMSET(r->z, 0, sizeof(r->z) / 2);
@@ -95266,8 +95482,8 @@ static void sp_1024_proj_point_add_avx2_16(sp_point_1024* r,
         sp_1024_mont_sub_avx2_16(y, y, t5, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -95284,7 +95500,7 @@ static void sp_1024_proj_point_add_avx2_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -95458,8 +95674,8 @@ static int sp_1024_proj_point_add_avx2_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024
     {
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -95476,7 +95692,7 @@ static int sp_1024_proj_point_add_avx2_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024
                           (ctx->z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
         ctx->state = 25;
         break;
@@ -95859,8 +96075,8 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r,
         sp_1024_mont_sub_16(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -95877,7 +96093,7 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -96108,7 +96324,7 @@ typedef struct sp_cache_1024_t {
     /* Precomputation table for point. */
     sp_table_entry_1024 table[256];
     /* Count of entries in table. */
-    uint32_t cnt;
+    word32 cnt;
     /* Point and table set in entry. */
     int set;
 } sp_cache_1024_t;
@@ -96136,7 +96352,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach
 {
     int i;
     int j;
-    uint32_t least;
+    word32 least;
 
     if (sp_cache_1024_inited == 0) {
         for (i=0; i<FP_ENTRIES; i++) {
@@ -96320,8 +96536,8 @@ static void sp_1024_proj_point_add_qz1_avx2_16(sp_point_1024* r,
         sp_1024_mont_sub_avx2_16(y, t3, t1, p1024_mod);
         {
             int i;
-            sp_digit maskp = 0 - (q->infinity & (!p->infinity));
-            sp_digit maskq = 0 - (p->infinity & (!q->infinity));
+            sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity)));
+            sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity)));
             sp_digit maskt = ~(maskp | maskq);
             sp_digit inf = (sp_digit)(p->infinity & q->infinity);
 
@@ -96338,7 +96554,7 @@ static void sp_1024_proj_point_add_qz1_avx2_16(sp_point_1024* r,
                           (z[i] & maskt);
             }
             r->z[0] |= inf;
-            r->infinity = (word32)inf;
+            r->infinity = (int)inf;
         }
     }
 }
@@ -96669,8 +96885,10 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
         sp_1024_point_from_ecc_point_16(point, gm);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_avx2_16(point, point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_16(point, point, k, map, 1, heap);
@@ -100100,8 +100318,10 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
         sp_1024_from_mp(k, 16, km);
 
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_base_avx2_16(point, k, map, 1, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_base_16(point, k, map, 1, heap);
@@ -100178,24 +100398,30 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_base_avx2_16(point, k, 0, 0, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_base_16(point, k, 0, 0, heap);
     }
     if (err == MP_OKAY) {
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             sp_1024_proj_point_add_avx2_16(point, point, addP, tmp);
+        }
         else
 #endif
             sp_1024_proj_point_add_16(point, point, addP, tmp);
 
         if (map) {
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 sp_1024_map_avx2_16(point, point, tmp);
+            }
             else
 #endif
                 sp_1024_map_16(point, point, tmp);
@@ -100243,7 +100469,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == MP_OKAY) && (table == NULL)) {
         *len = sizeof(sp_table_entry_1024) * 256;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
         err = BUFFER_E;
@@ -100267,9 +100493,11 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
     if (err == MP_OKAY) {
         sp_1024_point_from_ecc_point_16(point, gm);
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_gen_stripe_table_avx2_16(point,
                 (sp_table_entry_1024*)table, t, heap);
+        }
         else
 #endif
             err = sp_1024_gen_stripe_table_16(point,
@@ -100307,7 +100535,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
 
     if ((err == 0) && (table == NULL)) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     if ((err == 0) && (*len != 0)) {
         err = BUFFER_E;
@@ -100366,9 +100594,11 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
 
 #ifndef WOLFSSL_SP_SMALL
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_stripe_avx2_16(point, point,
                 (const sp_table_entry_1024*)table, k, map, 0, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_stripe_16(point, point,
@@ -104076,7 +104306,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -104305,7 +104535,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -104636,7 +104866,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = 0;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
     else if (*len != 0) {
         err = BUFFER_E;
@@ -104838,7 +105068,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table,
 
     if (table == NULL) {
         *len = sizeof(sp_table_entry_1024) * 1167;
-        err = LENGTH_ONLY_E;
+        err = WC_NO_ERR_TRACE(LENGTH_ONLY_E);
     }
 
     if ((err == MP_OKAY) &&
@@ -105298,7 +105528,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
 
 
         n = sp_1024_cmp_16(t1, p1024_mod);
-        sp_1024_cond_sub_16(t1, t1, p1024_mod, ~(n >> 63));
+        sp_1024_cond_sub_16(t1, t1, p1024_mod, (sp_digit)~(n >> 63));
         sp_1024_norm_16(t1);
         if (!sp_1024_iszero_16(t1)) {
             err = MP_VAL;
@@ -105435,8 +105665,10 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
     if (err == MP_OKAY) {
         /* Point * order = infinity */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                IS_INTEL_AVX2(cpuid_flags)) {
             err = sp_1024_ecc_mulmod_avx2_16(p, pub, p1024_order, 1, 1, heap);
+        }
         else
 #endif
             err = sp_1024_ecc_mulmod_16(p, pub, p1024_order, 1, 1, heap);
@@ -105451,8 +105683,10 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
         if (err == MP_OKAY) {
             /* Base * private = point */
 #ifdef HAVE_INTEL_AVX2
-            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+            if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) &&
+                    IS_INTEL_AVX2(cpuid_flags)) {
                 err = sp_1024_ecc_mulmod_base_avx2_16(p, priv, 1, 1, heap);
+            }
             else
 #endif
                 err = sp_1024_ecc_mulmod_base_16(p, priv, 1, 1, heap);
diff --git a/wolfcrypt/src/sp_x86_64_asm.S b/wolfcrypt/src/sp_x86_64_asm.S
index d5ebdba63..8e36f071b 100644
--- a/wolfcrypt/src/sp_x86_64_asm.S
+++ b/wolfcrypt/src/sp_x86_64_asm.S
@@ -1,6 +1,6 @@
 /* sp_x86_64_asm.S */
 /*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,7 +42,9 @@
 #define HAVE_INTEL_AVX1
 #endif /* HAVE_INTEL_AVX1 */
 #ifndef NO_AVX2_SUPPORT
+#ifndef HAVE_INTEL_AVX2
 #define HAVE_INTEL_AVX2
+#endif /* HAVE_INTEL_AVX2 */
 #endif /* NO_AVX2_SUPPORT */
 
 #ifdef WOLFSSL_SP_X86_64_ASM
diff --git a/wolfcrypt/src/sp_x86_64_asm.asm b/wolfcrypt/src/sp_x86_64_asm.asm
index 784bf9c5f..4df93a976 100644
--- a/wolfcrypt/src/sp_x86_64_asm.asm
+++ b/wolfcrypt/src/sp_x86_64_asm.asm
@@ -1,6 +1,6 @@
 ; /* sp_x86_64_asm.asm */
 ; /*
-;  * Copyright (C) 2006-2024 wolfSSL Inc.
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
diff --git a/wolfcrypt/src/sphincs.c b/wolfcrypt/src/sphincs.c
index 5fc054d88..94be4ac03 100644
--- a/wolfcrypt/src/sphincs.c
+++ b/wolfcrypt/src/sphincs.c
@@ -1,6 +1,6 @@
 /* sphincs.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,15 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
 /* Based on dilithium.c and Reworked for Sphincs by Anthony Hu. */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-/* in case user set HAVE_PQC there */
-#include <wolfssl/wolfcrypt/settings.h>
-
 #include <wolfssl/wolfcrypt/asn.h>
 
 #if defined(HAVE_PQC) && defined(HAVE_SPHINCS)
@@ -37,7 +32,6 @@
 #endif
 
 #include <wolfssl/wolfcrypt/sphincs.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 717a93822..c7f5986d9 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -1,6 +1,6 @@
 /* srp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,18 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFCRYPT_HAVE_SRP
 
 #include <wolfssl/wolfcrypt/srp.h>
 #include <wolfssl/wolfcrypt/random.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -152,39 +146,39 @@ static int SrpHashFinal(SrpHash* hash, byte* digest)
     }
 }
 
-static word32 SrpHashSize(SrpType type)
+static int SrpHashSize(SrpType type)
 {
     switch (type) {
         case SRP_TYPE_SHA:
             #ifndef NO_SHA
                 return WC_SHA_DIGEST_SIZE;
             #else
-                return 0;
+                return ALGO_ID_E;
             #endif
 
         case SRP_TYPE_SHA256:
             #ifndef NO_SHA256
                 return WC_SHA256_DIGEST_SIZE;
             #else
-                return 0;
+                return ALGO_ID_E;
             #endif
 
         case SRP_TYPE_SHA384:
             #ifdef WOLFSSL_SHA384
                 return WC_SHA384_DIGEST_SIZE;
             #else
-                return 0;
+                return ALGO_ID_E;
             #endif
 
         case SRP_TYPE_SHA512:
             #ifdef WOLFSSL_SHA512
                 return WC_SHA512_DIGEST_SIZE;
             #else
-                return 0;
+                return ALGO_ID_E;
             #endif
 
         default:
-            return 0;
+            return ALGO_ID_E;
     }
 }
 
@@ -353,7 +347,8 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     byte digest2[SRP_MAX_DIGEST_SIZE];
     byte pad = 0;
     int r;
-    word32 i, j = 0;
+    word32 i;
+    int hashSize = 0;
 
     if (!srp || !N || !g || !salt || nSz < gSz)
         return BAD_FUNC_ARG;
@@ -361,6 +356,10 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     if (!srp->user)
         return SRP_CALL_ORDER_E;
 
+    hashSize = SrpHashSize(srp->type);
+    if (hashSize < 0)
+        return hashSize;
+
     /* Set N */
     if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY)
         return MP_READ_E;
@@ -389,7 +388,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     srp->saltSz = saltSz;
 
     /* Set k = H(N, g) */
-            r = SrpHashInit(&hash, srp->type, srp->heap);
+    r = SrpHashInit(&hash, srp->type, srp->heap);
     if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
     for (i = 0; (word32)i < nSz - gSz; i++) {
         if (!r) r = SrpHashUpdate(&hash, &pad, 1);
@@ -414,7 +413,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
 
     /* digest1 = H(N) ^ H(g) */
     if (r == 0) {
-        for (i = 0, j = SrpHashSize(srp->type); i < j; i++)
+        for (i = 0; i < (word32)hashSize; i++)
             digest1[i] ^= digest2[i];
     }
 
@@ -425,8 +424,8 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     SrpHashFree(&hash);
 
     /* client proof = H( H(N) ^ H(g) | H(user) | salt) */
-    if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, j);
-    if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, j);
+    if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, (word32)hashSize);
+    if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, (word32)hashSize);
     if (!r) r = SrpHashUpdate(&srp->client_proof, salt, saltSz);
 
     return r;
@@ -436,7 +435,7 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
 {
     SrpHash hash;
     byte digest[SRP_MAX_DIGEST_SIZE];
-    word32 digestSz;
+    int digestSz;
     int r;
 
     if (!srp || !password || srp->side != SRP_CLIENT_SIDE)
@@ -446,6 +445,8 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
         return SRP_CALL_ORDER_E;
 
     digestSz = SrpHashSize(srp->type);
+    if (digestSz < 0)
+        return digestSz;
 
     /* digest = H(username | ':' | password) */
             r = SrpHashInit(&hash, srp->type, srp->heap);
@@ -458,12 +459,12 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
     /* digest = H(salt | H(username | ':' | password)) */
     if (!r) r = SrpHashInit(&hash, srp->type, srp->heap);
     if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz);
-    if (!r) r = SrpHashUpdate(&hash, digest, digestSz);
+    if (!r) r = SrpHashUpdate(&hash, digest, (word32)digestSz);
     if (!r) r = SrpHashFinal(&hash, digest);
     SrpHashFree(&hash);
 
     /* Set x (private key) */
-    if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, digestSz);
+    if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, (word32)digestSz);
 
     ForceZero(digest, SRP_MAX_DIGEST_SIZE);
 
@@ -572,10 +573,15 @@ int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size)
 #endif
     word32 modulusSz;
     int r;
+    int hashSize;
 
     if (!srp || !pub || !size)
         return BAD_FUNC_ARG;
 
+    hashSize = SrpHashSize(srp->type);
+    if (hashSize < 0)
+        return hashSize;
+
     if (mp_iszero(&srp->auth) == MP_YES)
         return SRP_CALL_ORDER_E;
 
@@ -616,7 +622,7 @@ int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size)
             {
                 r = mp_init_multi(i, j, 0, 0, 0, 0);
             }
-            if (!r) r = mp_read_unsigned_bin(i, srp->k,SrpHashSize(srp->type));
+            if (!r) r = mp_read_unsigned_bin(i, srp->k, (word32)hashSize);
             if (!r) r = mp_iszero(i) == MP_YES ? SRP_BAD_KEY_E : 0;
             if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, pubkey);
             if (!r) r = mp_mulmod(i, &srp->auth, &srp->N, j);
@@ -654,17 +660,22 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
 {
     SrpHash hash;
     byte digest[SRP_MAX_DIGEST_SIZE];
-    word32 i, j, digestSz = SrpHashSize(srp->type);
+    word32 i, j;
+    int digestSz;
     byte counter[4];
-    int r = BAD_FUNC_ARG;
+    int r = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
+
+    digestSz = SrpHashSize(srp->type);
+    if (digestSz < 0)
+        return digestSz;
 
     XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE);
 
-    srp->key = (byte*)XMALLOC(2 * digestSz, srp->heap, DYNAMIC_TYPE_SRP);
+    srp->key = (byte*)XMALLOC(2 * (word32)digestSz, srp->heap, DYNAMIC_TYPE_SRP);
     if (srp->key == NULL)
         return MEMORY_E;
 
-    srp->keySz = 2 * digestSz;
+    srp->keySz = 2 * (word32)digestSz;
 
     for (i = j = 0; j < srp->keySz; i++) {
         counter[0] = (byte)(i >> 24);
@@ -677,7 +688,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
         if (!r) r = SrpHashUpdate(&hash, counter, 4);
 
         if (!r) {
-            if (j + digestSz > srp->keySz) {
+            if (j + (word32)digestSz > srp->keySz) {
                 r = SrpHashFinal(&hash, digest);
                 XMEMCPY(srp->key + j, digest, srp->keySz - j);
                 j = srp->keySz;
@@ -685,7 +696,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
             else
             {
                 r = SrpHashFinal(&hash, srp->key + j);
-                j += digestSz;
+                j += (word32)digestSz;
             }
         }
         SrpHashFree(&hash);
@@ -715,7 +726,8 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
     mp_int u[1], s[1], temp1[1], temp2[1];
 #endif
     byte *secret = NULL;
-    word32 i, secretSz, digestSz;
+    word32 i, secretSz;
+    int digestSz;
     byte pad = 0;
     int r;
 
@@ -761,6 +773,11 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
         goto out;
 
     digestSz = SrpHashSize(srp->type);
+    if (digestSz < 0) {
+        r = digestSz;
+        goto out;
+    }
+
     secretSz = (word32)mp_unsigned_bin_size(&srp->N);
 
     if ((secretSz < clientPubKeySz) || (secretSz < serverPubKeySz)) {
@@ -795,7 +812,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
     /* set u */
     if ((r = SrpHashFinal(hash, digest)))
         goto out;
-    if ((r = mp_read_unsigned_bin(u, digest, SrpHashSize(srp->type))))
+    if ((r = mp_read_unsigned_bin(u, digest, (word32)digestSz)))
         goto out;
     SrpHashFree(hash);
 
@@ -804,7 +821,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
     if (srp->side == SRP_CLIENT_SIDE) {
 
         /* temp1 = B - k * v; rejects k == 0, B == 0 and B >= N. */
-        if ((r = mp_read_unsigned_bin(temp1, srp->k, digestSz)))
+        if ((r = mp_read_unsigned_bin(temp1, srp->k, (word32)digestSz)))
             goto out;
         if (mp_iszero(temp1) == MP_YES) {
             r = SRP_BAD_KEY_E;
@@ -940,11 +957,16 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
 int wc_SrpGetProof(Srp* srp, byte* proof, word32* size)
 {
     int r;
+    int hashSize;
 
     if (!srp || !proof || !size)
         return BAD_FUNC_ARG;
 
-    if (*size < SrpHashSize(srp->type))
+    hashSize = SrpHashSize(srp->type);
+    if (hashSize < 0)
+        return ALGO_ID_E;
+
+    if (*size < (word32)hashSize)
         return BUFFER_E;
 
     if ((r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE
@@ -952,7 +974,7 @@ int wc_SrpGetProof(Srp* srp, byte* proof, word32* size)
                           : &srp->server_proof, proof)) != 0)
         return r;
 
-    *size = SrpHashSize(srp->type);
+    *size = (word32)hashSize;
 
     if (srp->side == SRP_CLIENT_SIDE) {
         /* server proof = H( A | client proof | K) */
@@ -967,11 +989,16 @@ int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size)
 {
     byte digest[SRP_MAX_DIGEST_SIZE];
     int r;
+    int hashSize;
 
     if (!srp || !proof)
         return BAD_FUNC_ARG;
 
-    if (size != SrpHashSize(srp->type))
+    hashSize = SrpHashSize(srp->type);
+    if (hashSize < 0)
+        return ALGO_ID_E;
+
+    if (size != (word32)hashSize)
         return BUFFER_E;
 
     r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE ? &srp->server_proof
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index ccf15a5f4..5bd732860 100644
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -1,6 +1,6 @@
 /* tfm.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,7 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 /*
  * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca,
@@ -31,13 +31,6 @@
  *  to fit wolfSSL's needs.
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-/* in case user set USE_FAST_MATH there */
-#include <wolfssl/wolfcrypt/settings.h>
-
 #ifdef USE_FAST_MATH
 
 #ifdef NO_INLINE
@@ -321,7 +314,7 @@ int fp_mul(fp_int *A, fp_int *B, fp_int *C)
                 goto clean; /* success */
                 break;
 
-            case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+            case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
             case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
             case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
                 /* fall back to software, below */
@@ -989,9 +982,9 @@ int fp_div_2_mod_ct(fp_int *a, fp_int *b, fp_int *c)
   fp_digit mask;
   int i;
 
-  mask = 0 - (a->dp[0] & 1);
+  mask = (fp_digit)0 - (a->dp[0] & 1);
   for (i = 0; i < b->used; i++) {
-      fp_digit mask_a = 0 - (i < a->used);
+      fp_digit mask_a = (fp_digit)0 - (i < a->used);
 
       w         += b->dp[i] & mask;
       w         += a->dp[i] & mask_a;
@@ -3125,9 +3118,9 @@ int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
             return retHW;
             break;
 
-         case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+         case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
          case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
-         case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
+         case WC_NO_ERR_TRACE(MP_HW_VALIDATION_ACTIVE): /* use SW to compare to HW */
             /* use software calc */
             break;
 
@@ -3227,7 +3220,7 @@ int fp_exptmod_ex(fp_int * G, fp_int * X, int digits, fp_int * P, fp_int * Y)
          return retHW;
          break;
 
-      case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+      case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
       case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
       case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
          /* use software calc */
@@ -3328,7 +3321,7 @@ int fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
          return retHW;
          break;
 
-      case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+      case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
       case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
       case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
          /* use software calc */
@@ -3440,7 +3433,7 @@ int fp_sqr(fp_int *A, fp_int *B)
                 goto clean; /* success */
                 break;
 
-            case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+            case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
             case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
             case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
                 /* fall back to software, below */
@@ -4575,6 +4568,9 @@ void fp_zero(fp_int *a)
 
 void fp_clear(fp_int *a)
 {
+#ifdef HAVE_FIPS
+    fp_forcezero(a);
+#else
     int size;
     a->used = 0;
     a->sign = FP_ZPOS;
@@ -4585,6 +4581,7 @@ void fp_clear(fp_int *a)
 #endif
     XMEMSET(a->dp, 0, size * sizeof(fp_digit));
     fp_free(a);
+#endif
 }
 
 void fp_forcezero (mp_int * a)
@@ -4698,7 +4695,7 @@ int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
          /* successfully computed in HW */
          break;
 
-      case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */
+      case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */
       case MP_HW_FALLBACK:    /* forced fallback from HW to SW */
       case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */
          /* use software calc */
@@ -5685,9 +5682,9 @@ int mp_rand_prime(mp_int* a, int len, WC_RNG* rng, void* heap)
 
     err = fp_randprime(a, len, rng, heap);
     switch(err) {
-        case FP_VAL:
+        case WC_NO_ERR_TRACE(MP_VAL):
             return MP_VAL;
-        case FP_MEM:
+        case WC_NO_ERR_TRACE(MP_MEM):
             return MP_MEM;
         default:
             break;
diff --git a/wolfcrypt/src/wc_dsp.c b/wolfcrypt/src/wc_dsp.c
index c6c76c28c..09c7ea179 100644
--- a/wolfcrypt/src/wc_dsp.c
+++ b/wolfcrypt/src/wc_dsp.c
@@ -1,6 +1,6 @@
 /* wc_dsp.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c
index 9393a6974..b1e8b8229 100644
--- a/wolfcrypt/src/wc_encrypt.c
+++ b/wolfcrypt/src/wc_encrypt.c
@@ -1,6 +1,6 @@
 /* wc_encrypt.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,23 +19,17 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/aes.h>
 #include <wolfssl/wolfcrypt/des3.h>
 #include <wolfssl/wolfcrypt/hash.h>
 #include <wolfssl/wolfcrypt/rc2.h>
 #include <wolfssl/wolfcrypt/arc4.h>
 #include <wolfssl/wolfcrypt/wc_encrypt.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/coding.h>
 #include <wolfssl/wolfcrypt/pwdbased.h>
-#include <wolfssl/wolfcrypt/logging.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -455,10 +449,12 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
     #if defined(WOLFSSL_AES_256)
         case PBE_AES256_CBC:
             switch(shaOid) {
+            #ifndef NO_SHA256
                 case HMAC_SHA256_OID:
                     typeH = WC_SHA256;
                     derivedLen = 32;
                     break;
+            #endif
             #ifndef NO_SHA
                 default:
                     typeH = WC_SHA;
@@ -471,10 +467,12 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
     #if defined(WOLFSSL_AES_128)
         case PBE_AES128_CBC:
             switch(shaOid) {
+            #ifndef NO_SHA256
                 case HMAC_SHA256_OID:
                     typeH = WC_SHA256;
                     derivedLen = 16;
                     break;
+            #endif
             #ifndef NO_SHA
                 default:
                     typeH = WC_SHA;
diff --git a/wolfcrypt/src/wc_kyber.c b/wolfcrypt/src/wc_kyber.c
deleted file mode 100644
index 4ce8c3faf..000000000
--- a/wolfcrypt/src/wc_kyber.c
+++ /dev/null
@@ -1,1327 +0,0 @@
-/* wc_kyber.c
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-/* Implementation based on NIST 3rd Round submission package.
- * See link at:
- *   https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions
- */
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/kyber.h>
-#include <wolfssl/wolfcrypt/wc_kyber.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/hash.h>
-#include <wolfssl/wolfcrypt/memory.h>
-
-#ifdef NO_INLINE
-    #include <wolfssl/wolfcrypt/misc.h>
-#else
-    #define WOLFSSL_MISC_INCLUDED
-    #include <wolfcrypt/src/misc.c>
-#endif
-
-#ifdef WOLFSSL_WC_KYBER
-
-/******************************************************************************/
-
-/* Use SHA3-256 to generate 32-bytes of hash. */
-#define KYBER_HASH_H            wc_Sha3_256Hash
-/* Use SHA3-512 to generate 64-bytes of hash. */
-#define KYBER_HASH_G            wc_Sha3_512Hash
-/* Use SHAKE-256 as a key derivation function (KDF). */
-#ifdef USE_INTEL_SPEEDUP
-#define KYBER_KDF               kyber_kdf
-#else
-#define KYBER_KDF               wc_Shake256Hash
-#endif
-
-/******************************************************************************/
-
-/* Declare variable to make compiler not optimize code in kyber_from_msg(). */
-volatile sword16 kyber_opt_blocker = 0;
-
-/******************************************************************************/
-
-/**
- * Initialize the Kyber key.
- *
- * @param  [in]   type   Type of key: KYBER512, KYBER768, KYBER1024.
- * @param  [out]  key    Kyber key object to initialize.
- * @param  [in]   heap   Dynamic memory hint.
- * @param  [in]   devId  Device Id.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key is NULL or type is unrecognized.
- * @return  NOT_COMPILED_IN when key type is not supported.
- */
-int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
-{
-    int ret = 0;
-
-    /* Validate key. */
-    if (key == NULL) {
-        ret = BAD_FUNC_ARG;
-    }
-    if (ret == 0) {
-        /* Validate type. */
-        switch (type) {
-        case KYBER512:
-        #ifndef WOLFSSL_KYBER512
-            /* Code not compiled in for Kyber-512. */
-            ret = NOT_COMPILED_IN;
-        #endif
-            break;
-        case KYBER768:
-        #ifndef WOLFSSL_KYBER768
-            /* Code not compiled in for Kyber-768. */
-            ret = NOT_COMPILED_IN;
-        #endif
-            break;
-        case KYBER1024:
-        #ifndef WOLFSSL_KYBER1024
-            /* Code not compiled in for Kyber-1024. */
-            ret = NOT_COMPILED_IN;
-        #endif
-            break;
-        default:
-            /* No other values supported. */
-            ret = BAD_FUNC_ARG;
-            break;
-        }
-    }
-    if (ret == 0) {
-        /* Zero out all data. */
-        XMEMSET(key, 0, sizeof(*key));
-
-        /* Keep type for parameters. */
-        key->type = type;
-        /* Cache heap pointer. */
-        key->heap = heap;
-    #ifdef WOLF_CRYPTO_CB
-        /* Cache device id - not used in for this algorithm yet. */
-        key->devId = devId;
-    #endif
-
-        /* Initialize the PRF algorithm object. */
-        ret = kyber_prf_new(&key->prf, heap, devId);
-    }
-    if (ret == 0) {
-        kyber_init();
-    }
-
-    (void)devId;
-
-    return ret;
-}
-
-/**
- * Free the Kyber key object.
- *
- * @param  [in, out]  key   Kyber key object to dispose of.
- */
-void wc_KyberKey_Free(KyberKey* key)
-{
-    if (key != NULL) {
-        /* Dispose of PRF object. */
-        kyber_prf_free(&key->prf);
-        /* Ensure all private data is zeroed. */
-        ForceZero(key, sizeof(*key));
-    }
-}
-
-/******************************************************************************/
-
-/**
- * Make a Kyber key object using a random number generator.
- *
- * @param  [in, out]  key   Kyber key object.
- * @param  [in]       rng   Random number generator.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key or rng is NULL.
- * @return  MEMORY_E when dynamic memory allocation failed.
- */
-int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng)
-{
-    int ret = 0;
-    unsigned char rand[KYBER_MAKEKEY_RAND_SZ];
-
-    /* Validate parameters. */
-    if ((key == NULL) || (rng == NULL)) {
-        ret = BAD_FUNC_ARG;
-    }
-
-    if (ret == 0) {
-        /* Generate random to with PRFs. */
-        ret = wc_RNG_GenerateBlock(rng, rand, KYBER_SYM_SZ);
-    }
-    if (ret == 0) {
-        /* Generate random to with PRFs. */
-        ret = wc_RNG_GenerateBlock(rng, rand + KYBER_SYM_SZ, KYBER_SYM_SZ);
-    }
-    if (ret == 0) {
-        /* Make a key pair from the random. */
-        ret = wc_KyberKey_MakeKeyWithRandom(key, rand, sizeof(rand));
-    }
-
-    /* Ensure seeds are zeroized. */
-    ForceZero((void*)rand, (word32)sizeof(rand));
-
-    return ret;
-}
-
-/**
- * Make a Kyber key object using random data.
- *
- * @param  [in, out]  key   Kyber key ovject.
- * @param  [in]       rng   Random number generator.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key or rand is NULL.
- * @return  BUFFER_E when length is not KYBER_MAKEKEY_RAND_SZ.
- * @return  NOT_COMPILED_IN when key type is not supported.
- * @return  MEMORY_E when dynamic memory allocation failed.
- */
-int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
-    int len)
-{
-    byte buf[2 * KYBER_SYM_SZ + 1];
-    byte* pubSeed = buf;
-    byte* noiseSeed = buf + KYBER_SYM_SZ;
-    sword16* a = NULL;
-    sword16* e = NULL;
-    int ret = 0;
-    int kp = 0;
-
-    /* Validate parameters. */
-    if ((key == NULL) || (rand == NULL)) {
-        ret = BAD_FUNC_ARG;
-    }
-    if ((ret == 0) && (len != KYBER_MAKEKEY_RAND_SZ)) {
-        ret = BUFFER_E;
-    }
-
-    if (ret == 0) {
-        /* Establish parameters based on key type. */
-        switch (key->type) {
-    #ifdef WOLFSSL_KYBER512
-        case KYBER512:
-            kp = KYBER512_K;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER768
-        case KYBER768:
-            kp = KYBER768_K;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER1024
-        case KYBER1024:
-            kp = KYBER1024_K;
-            break;
-    #endif
-        default:
-            /* No other values supported. */
-            ret = NOT_COMPILED_IN;
-            break;
-        }
-    }
-
-    if (ret == 0) {
-        /* Allocate dynamic memory for matrix and error vector. */
-        a = (sword16*)XMALLOC((kp + 1) * kp * KYBER_N * sizeof(sword16),
-            key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (a == NULL) {
-            ret = MEMORY_E;
-        }
-    }
-    if (ret == 0) {
-        /* Error vector allocated at end of a. */
-        e = a + (kp * kp * KYBER_N);
-
-        /* Expand 16 bytes of random to 32. */
-        ret = KYBER_HASH_G(rand, KYBER_SYM_SZ, buf);
-    }
-    if (ret == 0) {
-        /* Cache the public seed for use in encapsulation and encoding public
-         * key. */
-        XMEMCPY(key->pubSeed, pubSeed, KYBER_SYM_SZ);
-        /* Cache the z value for decapsulation and encoding private key. */
-        XMEMCPY(key->z, rand + KYBER_SYM_SZ, sizeof(key->z));
-
-        /* Generate the matrix A. */
-        ret = kyber_gen_matrix(&key->prf, a, kp, pubSeed, 0);
-    }
-
-    if (ret == 0) {
-        /* Initialize PRF for use in noise generation. */
-        kyber_prf_init(&key->prf);
-        /* Generate noise using PRF. */
-        ret = kyber_get_noise(&key->prf, kp, key->priv, e, NULL, noiseSeed);
-    }
-    if (ret == 0) {
-        /* Generate key pair from random data. */
-        kyber_keygen(key->priv, key->pub, e, a, kp);
-
-        /* Private and public key are set/available. */
-        key->flags |= KYBER_FLAG_PRIV_SET | KYBER_FLAG_PUB_SET;
-    }
-
-    /* Free dynamic memory allocated in function. */
-    if (key != NULL) {
-        XFREE(a, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-
-    return ret;
-}
-
-/******************************************************************************/
-
-/**
- * Get the size in bytes of cipher text for key.
- *
- * @param  [in]   key  Kyber key object.
- * @param  [out]  len  Length of cipher text in bytes.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key or len is NULL.
- * @return  NOT_COMPILED_IN when key type is not supported.
- */
-int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
-{
-    int ret = 0;
-
-    /* Validate parameters. */
-    if ((key == NULL) || (len == NULL)) {
-        ret = BAD_FUNC_ARG;
-    }
-
-    if (ret == 0) {
-        /* Return in 'len' size of the cipher text for the type of this key. */
-        switch (key->type) {
-    #ifdef WOLFSSL_KYBER512
-        case KYBER512:
-            *len = KYBER512_CIPHER_TEXT_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER768
-        case KYBER768:
-            *len = KYBER768_CIPHER_TEXT_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER1024
-        case KYBER1024:
-            *len = KYBER1024_CIPHER_TEXT_SIZE;
-            break;
-    #endif
-        default:
-            /* No other values supported. */
-            ret = NOT_COMPILED_IN;
-            break;
-        }
-    }
-
-    return ret;
-}
-
-/**
- * Size of a shared secret in bytes. Always KYBER_SS_SZ.
- *
- * @param  [in]   key  Kyber key object. Not used.
- * @param  [out]  Size of the shared secret created with a Kyber key.
- * @return  0 on success.
- * @return  0 to indicate success.
- */
-int wc_KyberKey_SharedSecretSize(KyberKey* key, word32* len)
-{
-    (void)key;
-
-    *len = KYBER_SS_SZ;
-
-    return 0;
-}
-
-/* Encapsulate data and derive secret.
- *
- * @param  [in]  key    Kyber key object.
- * @param  [in]  msg    Message to encapsulate.
- * @param  [in]  coins  Coins (seed) to feed to PRF.
- * @param  [in]  ct     Calculated cipher text.
- * @return  0 on success.
- * @return  NOT_COMPILED_IN when key type is not supported.
- */
-static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins,
-    unsigned char* ct)
-{
-    int ret = 0;
-    sword16* sp = NULL;
-    sword16* ep = NULL;
-    sword16* k = NULL;
-    sword16* epp = NULL;
-    unsigned int kp = 0;
-    unsigned int compVecSz = 0;
-    sword16* at = NULL;
-
-    /* Establish parameters based on key type. */
-    switch (key->type) {
-#ifdef WOLFSSL_KYBER512
-    case KYBER512:
-        kp = KYBER512_K;
-        compVecSz = KYBER512_POLY_VEC_COMPRESSED_SZ;
-        break;
-#endif
-#ifdef WOLFSSL_KYBER768
-    case KYBER768:
-        kp = KYBER768_K;
-        compVecSz = KYBER768_POLY_VEC_COMPRESSED_SZ;
-        break;
-#endif
-#ifdef WOLFSSL_KYBER1024
-    case KYBER1024:
-        kp = KYBER1024_K;
-        compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ;
-        break;
-#endif
-    default:
-        /* No other values supported. */
-        ret = NOT_COMPILED_IN;
-        break;
-    }
-
-    if (ret == 0) {
-        /* Allocate dynamic memory for all matrices, vectors and polynomials. */
-        at = (sword16*)XMALLOC(((kp + 3) * kp + 3) * KYBER_N * sizeof(sword16),
-            key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (at == NULL) {
-            ret = MEMORY_E;
-        }
-    }
-
-    if (ret == 0) {
-        /* Assign allocated dynamic memory to pointers.
-         * at (m) | k (p) | sp (v) | sp (v) | epp (v) | bp (p) | v (v) */
-        k   = at  + KYBER_N * kp * kp;
-        sp  = k   + KYBER_N;
-        ep  = sp  + KYBER_N * kp;
-        epp = ep  + KYBER_N * kp;
-
-        /* Convert msg to a polynomial. */
-        kyber_from_msg(k, msg);
-
-        /* Generate the transposed matrix. */
-        ret = kyber_gen_matrix(&key->prf, at, kp, key->pubSeed, 1);
-    }
-    if (ret == 0) {
-        /* Initialize the PRF for use in the noise generation. */
-        kyber_prf_init(&key->prf);
-        /* Generate noise using PRF. */
-        ret = kyber_get_noise(&key->prf, kp, sp, ep, epp, coins);
-    }
-    if (ret == 0) {
-        sword16* bp;
-        sword16* v;
-
-        /* Assign remaining allocated dynamic memory to pointers.
-         * at (m) | k (p) | sp (v) | sp (v) | epp (v) | bp (p) | v (v)*/
-        bp  = epp + KYBER_N;
-        v   = bp  + KYBER_N * kp;
-
-        /* Perform encapsulation maths. */
-        kyber_encapsulate(key->pub, bp, v, at, sp, ep, epp, k, kp);
-
-    #ifdef WOLFSSL_KYBER512
-        if (kp == KYBER512_K) {
-            kyber_vec_compress_10(ct, bp, kp);
-            kyber_compress_4(ct + compVecSz, v);
-        }
-    #endif
-    #ifdef WOLFSSL_KYBER768
-        if (kp == KYBER768_K) {
-            kyber_vec_compress_10(ct, bp, kp);
-            kyber_compress_4(ct + compVecSz, v);
-        }
-    #endif
-    #ifdef WOLFSSL_KYBER1024
-        if (kp == KYBER1024_K) {
-            kyber_vec_compress_11(ct, bp);
-            kyber_compress_5(ct + compVecSz, v);
-        }
-    #endif
-    }
-
-    /* Dispose of dynamic memory allocated in function. */
-    XFREE(at, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-
-    return ret;
-}
-
-/**
- * Encapsulate with random number generator and derive secret.
- *
- * @param  [in]   key  Kyber key object.
- * @param  [out]  ct   Cipher text.
- * @param  [out]  ss   Shared secret generated.
- * @param  [in]   rng  Random number generator.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key, ct, ss or RNG is NULL.
- * @return  NOT_COMPILED_IN when key type is not supported.
- * @return  MEMORY_E when dynamic memory allocation failed.
- */
-int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
-    WC_RNG* rng)
-{
-    int ret = 0;
-    unsigned char rand[KYBER_ENC_RAND_SZ];
-
-    /* Validate parameters. */
-    if ((key == NULL) || (ct == NULL) || (ss == NULL) || (rng == NULL)) {
-        ret = BAD_FUNC_ARG;
-    }
-
-    if (ret == 0) {
-        /* Generate seed for use with PRFs. */
-        ret = wc_RNG_GenerateBlock(rng, rand, sizeof(rand));
-    }
-    if (ret == 0) {
-        /* Encapsulate with the random. */
-        ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, rand,
-            sizeof(rand));
-    }
-
-    return ret;
-}
-
-/**
- * Encapsulate with random data and derive secret.
- *
- * @param  [out]  ct    Cipher text.
- * @param  [out]  ss    Shared secret generated.
- * @param  [in]   rand  Random data.
- * @param  [in]   len   Random data.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key, ct, ss or RNG is NULL.
- * @return  BUFFER_E when len is not KYBER_ENC_RAND_SZ.
- * @return  NOT_COMPILED_IN when key type is not supported.
- * @return  MEMORY_E when dynamic memory allocation failed.
- */
-int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
-    unsigned char* ss, const unsigned char* rand, int len)
-{
-    byte msg[2 * KYBER_SYM_SZ];
-    byte kr[2 * KYBER_SYM_SZ + 1];
-    int ret = 0;
-#ifndef WOLFSSL_ML_KEM
-    unsigned int ctSz = 0;
-#endif
-
-    /* Validate parameters. */
-    if ((key == NULL) || (ct == NULL) || (ss == NULL) || (rand == NULL)) {
-        ret = BAD_FUNC_ARG;
-    }
-    if ((ret == 0) && (len != KYBER_ENC_RAND_SZ)) {
-        ret = BUFFER_E;
-    }
-
-#ifndef WOLFSSL_ML_KEM
-    if (ret == 0) {
-        /* Establish parameters based on key type. */
-        switch (key->type) {
-    #ifdef WOLFSSL_KYBER512
-        case KYBER512:
-            ctSz = KYBER512_CIPHER_TEXT_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER768
-        case KYBER768:
-            ctSz = KYBER768_CIPHER_TEXT_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER1024
-        case KYBER1024:
-            ctSz = KYBER1024_CIPHER_TEXT_SIZE;
-            break;
-    #endif
-        default:
-            /* No other values supported. */
-            ret = NOT_COMPILED_IN;
-            break;
-        }
-    }
-#endif
-
-    /* If public hash (h) is not stored against key, calculate it. */
-    if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) {
-        byte* pubKey = NULL;
-        word32 pubKeyLen;
-
-        /* Determine how big an encoded public key will be. */
-        ret = wc_KyberKey_PublicKeySize(key, &pubKeyLen);
-        if (ret == 0) {
-            /* Allocate dynamic memory for encoded public key. */
-            pubKey = (byte*)XMALLOC(pubKeyLen, key->heap,
-                DYNAMIC_TYPE_TMP_BUFFER);
-            if (pubKey == NULL) {
-                ret = MEMORY_E;
-            }
-        }
-        if (ret == 0) {
-            /* Encode public key - h is hash of encoded public key. */
-            ret = wc_KyberKey_EncodePublicKey(key, pubKey, pubKeyLen);
-        }
-        /* Dispose of encoded public key. */
-        XFREE(pubKey, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-    if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) {
-        /* Implementation issue if h not cached and flag set. */
-        ret = BAD_STATE_E;
-    }
-
-    if (ret == 0) {
-#ifndef WOLFSSL_ML_KEM
-        /* Hash random to anonymize as seed data. */
-        ret = KYBER_HASH_H(rand, KYBER_SYM_SZ, msg);
-#else
-        XMEMCPY(msg, rand, KYBER_SYM_SZ);
-#endif
-    }
-    if (ret == 0) {
-        /* Copy the hash of the public key into msg. */
-        XMEMCPY(msg + KYBER_SYM_SZ, key->h, KYBER_SYM_SZ);
-
-        /* Hash message into seed buffer. */
-        ret = KYBER_HASH_G(msg, 2 * KYBER_SYM_SZ, kr);
-    }
-
-    if (ret == 0) {
-        /* Encapsulate the message using the key and the seed (coins). */
-        ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct);
-    }
-
-#ifndef WOLFSSL_ML_KEM
-    if (ret == 0) {
-        /* Hash the cipher text after the seed. */
-        ret = KYBER_HASH_H(ct, ctSz, kr + KYBER_SYM_SZ);
-    }
-    if (ret == 0) {
-        /* Derive the secret from the seed and hash of cipher text. */
-        ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ);
-    }
-#else
-    if (ret == 0) {
-        XMEMCPY(ss, kr, KYBER_SS_SZ);
-    }
-#endif
-
-    return ret;
-}
-
-/******************************************************************************/
-
-/* Decapsulate cipher text to the message using key.
- *
- * @param  [in]   Kyber key object.
- * @param  [out]  Message than was encapsulated.
- * @param  [in]   Cipher text.
- * @return  0 on success.
- * @return  NOT_COMPILED_IN when key type is not supported.
- * @return  MEMORY_E when dynamic memory allocation failed.
- */
-static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key,
-    unsigned char* msg, const unsigned char* ct)
-{
-    int ret = 0;
-    sword16* v;
-    sword16* mp;
-    unsigned int kp = 0;
-    unsigned int compVecSz;
-#ifndef USE_INTEL_SPEEDUP
-    sword16* bp = NULL;
-#else
-    sword16 bp[(KYBER_MAX_K + 2) * KYBER_N];
-#endif
-
-    /* Establish parameters based on key type. */
-    switch (key->type) {
-#ifdef WOLFSSL_KYBER512
-    case KYBER512:
-        kp = KYBER512_K;
-        compVecSz = KYBER512_POLY_VEC_COMPRESSED_SZ;
-        break;
-#endif
-#ifdef WOLFSSL_KYBER768
-    case KYBER768:
-        kp = KYBER768_K;
-        compVecSz = KYBER768_POLY_VEC_COMPRESSED_SZ;
-        break;
-#endif
-#ifdef WOLFSSL_KYBER1024
-    case KYBER1024:
-        kp = KYBER1024_K;
-        compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ;
-        break;
-#endif
-    default:
-        /* No other values supported. */
-        ret = NOT_COMPILED_IN;
-        break;
-    }
-
-#ifndef USE_INTEL_SPEEDUP
-    if (ret == 0) {
-        /* Allocate dynamic memory for a vector and two polynomials. */
-        bp = (sword16*)XMALLOC((kp + 2) * KYBER_N * sizeof(sword16), key->heap,
-            DYNAMIC_TYPE_TMP_BUFFER);
-        if (bp == NULL) {
-            ret = MEMORY_E;
-        }
-    }
-#endif
-    if (ret == 0) {
-        /* Assign allocated dynamic memory to pointers.
-         * bp (v) | v (p) | mp (p) */
-        v = bp + kp * KYBER_N;
-        mp = v + KYBER_N;
-
-    #ifdef WOLFSSL_KYBER512
-        if (kp == KYBER512_K) {
-            kyber_vec_decompress_10(bp, ct, kp);
-            kyber_decompress_4(v, ct + compVecSz);
-        }
-    #endif
-    #ifdef WOLFSSL_KYBER768
-        if (kp == KYBER768_K) {
-            kyber_vec_decompress_10(bp, ct, kp);
-            kyber_decompress_4(v, ct + compVecSz);
-        }
-    #endif
-    #ifdef WOLFSSL_KYBER1024
-        if (kp == KYBER1024_K) {
-            kyber_vec_decompress_11(bp, ct);
-            kyber_decompress_5(v, ct + compVecSz);
-        }
-    #endif
-
-        /* Decapsulate the cipher text into polynomial. */
-        kyber_decapsulate(key->priv, mp, bp, v, kp);
-
-        /* Convert the polynomial into a array of bytes (message). */
-        kyber_to_msg(msg, mp);
-    }
-
-#ifndef USE_INTEL_SPEEDUP
-    /* Dispose of dynamically memory allocated in function. */
-    XFREE(bp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
-
-#ifdef WOLFSSL_ML_KEM
-/* Derive the secret from z and cipher text.
- *
- * @param [in]  z     Implicit rejection value.
- * @param [in]  ct    Cipher text.
- * @param [in]  ctSz  Length of cipher text in bytes.
- * @param [out] ss    Shared secret.
- * @return  0 on success.
- * @return  MEMORY_E when dynamic memory allocation failed.
- * @return  Other negative when a hash error occurred.
- */
-static int kyber_derive_secret(const byte* z, const byte* ct, word32 ctSz,
-    byte* ss)
-{
-    int ret;
-    wc_Shake shake;
-
-    ret = wc_InitShake256(&shake, NULL, INVALID_DEVID);
-    if (ret == 0) {
-        ret = wc_Shake256_Update(&shake, z, KYBER_SYM_SZ);
-        if (ret == 0) {
-            ret = wc_Shake256_Update(&shake, ct, ctSz);
-        }
-        if (ret == 0) {
-            ret = wc_Shake256_Final(&shake, ss, KYBER_SS_SZ);
-        }
-        wc_Shake256_Free(&shake);
-    }
-
-    return ret;
-}
-#endif
-
-/**
- * Decapsulate the cipher text to calculate the shared secret.
- *
- * Validates the cipher text by encapsulating and comparing with data passed in.
- *
- * @param  [in]   key  Kyber key object.
- * @param  [out]  ss   Shared secret.
- * @param  [in]   ct   Cipher text.
- * @param  [in]   len  Length of cipher text.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key, ss or cr are NULL.
- * @return  NOT_COMPILED_IN when key type is not supported.
- * @return  BUFFER_E when len is not the length of cipher text for the key type.
- * @return  MEMORY_E when dynamic memory allocation failed.
- */
-int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
-    const unsigned char* ct, word32 len)
-{
-    byte msg[2 * KYBER_SYM_SZ];
-    byte kr[2 * KYBER_SYM_SZ + 1];
-    int ret = 0;
-    unsigned int ctSz = 0;
-    unsigned int i = 0;
-    int fail = 0;
-#ifndef USE_INTEL_SPEEDUP
-    byte* cmp = NULL;
-#else
-    byte cmp[KYBER_MAX_CIPHER_TEXT_SIZE];
-#endif
-
-    /* Validate parameters. */
-    if ((key == NULL) || (ss == NULL) || (ct == NULL)) {
-        ret = BAD_FUNC_ARG;
-    }
-
-    if (ret == 0) {
-        /* Establish cipher text size based on key type. */
-        switch (key->type) {
-    #ifdef WOLFSSL_KYBER512
-        case KYBER512:
-            ctSz = KYBER512_CIPHER_TEXT_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER768
-        case KYBER768:
-            ctSz = KYBER768_CIPHER_TEXT_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER1024
-        case KYBER1024:
-            ctSz = KYBER1024_CIPHER_TEXT_SIZE;
-            break;
-    #endif
-        default:
-            /* No other values supported. */
-            ret = NOT_COMPILED_IN;
-            break;
-        }
-    }
-
-    /* Ensure the cipher text passed in is the correct size. */
-    if ((ret == 0) && (len != ctSz)) {
-        ret = BUFFER_E;
-    }
-
-#ifndef USE_INTEL_SPEEDUP
-    if (ret == 0) {
-        /* Allocate memory for cipher text that is generated. */
-        cmp = (byte*)XMALLOC(ctSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (cmp == NULL) {
-            ret = MEMORY_E;
-        }
-    }
-#endif
-
-    if (ret == 0) {
-        /* Decapsulate the cipher text. */
-        ret = kyberkey_decapsulate(key, msg, ct);
-    }
-    if (ret == 0) {
-        /* Copy public hash over after the seed. */
-        XMEMCPY(msg + KYBER_SYM_SZ, key->h, KYBER_SYM_SZ);
-        /* Hash message into seed buffer. */
-        ret = KYBER_HASH_G(msg, 2 * KYBER_SYM_SZ, kr);
-    }
-    if (ret == 0) {
-        /* Encapsulate the message. */
-        ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, cmp);
-    }
-    if (ret == 0) {
-        /* Compare generated cipher text with that passed in. */
-        fail = kyber_cmp(ct, cmp, ctSz);
-
-#ifndef WOLFSSL_ML_KEM
-        /* Hash the cipher text after the seed. */
-        ret = KYBER_HASH_H(ct, ctSz, kr + KYBER_SYM_SZ);
-    }
-    if (ret == 0) {
-        /* Change seed to z on comparison failure. */
-        for (i = 0; i < KYBER_SYM_SZ; i++) {
-            kr[i] ^= (kr[i] ^ key->z[i]) & fail;
-        }
-
-        /* Derive the secret from the seed and hash of cipher text. */
-        ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ);
-#else
-        ret = kyber_derive_secret(key->z, ct, ctSz, msg);
-     }
-     if (ret == 0) {
-        /* Change seed to z on comparison failure. */
-        for (i = 0; i < KYBER_SYM_SZ; i++) {
-            ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail);
-        }
-#endif
-    }
-
-#ifndef USE_INTEL_SPEEDUP
-    /* Dispose of dynamic memory allocated in function. */
-    if (key != NULL) {
-        XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-#endif
-
-    return ret;
-}
-
-/******************************************************************************/
-
-/**
- * Decode the private key.
- *
- * Private Vector | Public Key | Public Hash | Randomizer
- *
- * @param  [in, out]  key  Kyber key object.
- * @param  [in]       in   Buffer holding encoded key.
- * @param  [in]       len  Length of data in buffer.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key or in is NULL.
- * @return  NOT_COMPILED_IN when key type is not supported.
- * @return  BUFFER_E when len is not the correct size.
- */
-int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in,
-    word32 len)
-{
-    int ret = 0;
-    word32 privLen = 0;
-    word32 pubLen = 0;
-    unsigned int k = 0;
-    const unsigned char* p = in;
-
-    /* Validate parameters. */
-    if ((key == NULL) || (in == NULL)) {
-        ret = BAD_FUNC_ARG;
-    }
-
-    if (ret == 0) {
-        /* Establish parameters based on key type. */
-        switch (key->type) {
-    #ifdef WOLFSSL_KYBER512
-        case KYBER512:
-            k = KYBER512_K;
-            privLen = KYBER512_PRIVATE_KEY_SIZE;
-            pubLen = KYBER512_PUBLIC_KEY_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER768
-        case KYBER768:
-            k = KYBER768_K;
-            privLen = KYBER768_PRIVATE_KEY_SIZE;
-            pubLen = KYBER768_PUBLIC_KEY_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER1024
-        case KYBER1024:
-            k = KYBER1024_K;
-            privLen = KYBER1024_PRIVATE_KEY_SIZE;
-            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
-            break;
-    #endif
-        default:
-            /* No other values supported. */
-            ret = NOT_COMPILED_IN;
-            break;
-        }
-    }
-    /* Ensure the data is the correct length for the key type. */
-    if ((ret == 0) && (len != privLen)) {
-        ret = BUFFER_E;
-    }
-
-    if (ret == 0) {
-        /* Decode private key that is vector of polynomials. */
-        kyber_from_bytes(key->priv, p, k);
-        p += k * KYBER_POLY_SIZE;
-
-        /* Decode the public key that is after the private key. */
-        ret = wc_KyberKey_DecodePublicKey(key, p, pubLen);
-    }
-    if (ret == 0) {
-        /* Skip over public key. */
-        p += pubLen;
-        /* Copy the hash of the encoded public key that is after public key. */
-        XMEMCPY(key->h, p, sizeof(key->h));
-        p += KYBER_SYM_SZ;
-        /* Copy the z (randomizer) that is after hash. */
-        XMEMCPY(key->z, p, sizeof(key->z));
-        /* Set that private and public keys, and public hash are set. */
-        key->flags |= KYBER_FLAG_H_SET | KYBER_FLAG_BOTH_SET;
-    }
-
-    return ret;
-}
-
-/**
- * Decode public key.
- *
- * Public vector | Public Seed
- *
- * @param  [in, out]  key  Kyber key object.
- * @param  [in]       in   Buffer holding encoded key.
- * @param  [in]       len  Length of data in buffer.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key or in is NULL.
- * @return  NOT_COMPILED_IN when key type is not supported.
- * @return  BUFFER_E when len is not the correct size.
- */
-int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in,
-    word32 len)
-{
-    int ret = 0;
-    word32 pubLen = 0;
-    unsigned int k = 0;
-    const unsigned char* p = in;
-
-    if ((key == NULL) || (in == NULL)) {
-        ret = BAD_FUNC_ARG;
-    }
-
-    if (ret == 0) {
-        /* Establish parameters based on key type. */
-        switch (key->type) {
-    #ifdef WOLFSSL_KYBER512
-        case KYBER512:
-            k = KYBER512_K;
-            pubLen = KYBER512_PUBLIC_KEY_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER768
-        case KYBER768:
-            k = KYBER768_K;
-            pubLen = KYBER768_PUBLIC_KEY_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER1024
-        case KYBER1024:
-            k = KYBER1024_K;
-            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
-            break;
-    #endif
-        default:
-            /* No other values supported. */
-            ret = NOT_COMPILED_IN;
-            break;
-        }
-    }
-    /* Ensure the data is the correct length for the key type. */
-    if ((ret == 0) && (len != pubLen)) {
-        ret = BUFFER_E;
-    }
-
-    if (ret == 0) {
-        unsigned int i;
-
-        /* Decode public key that is vector of polynomials. */
-        kyber_from_bytes(key->pub, p, k);
-        p += k * KYBER_POLY_SIZE;
-
-        /* Read public key seed. */
-        for (i = 0; i < KYBER_SYM_SZ; i++) {
-            key->pubSeed[i] = p[i];
-        }
-        /* Calculate public hash. */
-        ret = KYBER_HASH_H(in, len, key->h);
-    }
-    if (ret == 0) {
-        /* Record public key and public hash set. */
-        key->flags |= KYBER_FLAG_PUB_SET | KYBER_FLAG_H_SET;
-    }
-
-    return ret;
-}
-
-/**
- * Get the size in bytes of encoded private key for the key.
- *
- * @param  [in]   key  Kyber key object.
- * @param  [out]  len  Length of encoded private key in bytes.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key or len is NULL.
- * @return  NOT_COMPILED_IN when key type is not supported.
- */
-int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len)
-{
-    int ret = 0;
-
-    /* Validate parameters. */
-    if ((key == NULL) || (len == NULL)) {
-        ret = BAD_FUNC_ARG;
-    }
-
-    if (ret == 0) {
-        /* Return in 'len' size of the encoded private key for the type of this
-         * key. */
-        switch (key->type) {
-    #ifdef WOLFSSL_KYBER512
-        case KYBER512:
-            *len = KYBER512_PRIVATE_KEY_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER768
-        case KYBER768:
-            *len = KYBER768_PRIVATE_KEY_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER1024
-        case KYBER1024:
-            *len = KYBER1024_PRIVATE_KEY_SIZE;
-            break;
-    #endif
-        default:
-            /* No other values supported. */
-            ret = NOT_COMPILED_IN;
-            break;
-        }
-    }
-
-    return ret;
-}
-
-/**
- * Get the size in bytes of encoded public key for the key.
- *
- * @param  [in]   key  Kyber key object.
- * @param  [out]  len  Length of encoded public key in bytes.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key or len is NULL.
- * @return  NOT_COMPILED_IN when key type is not supported.
- */
-int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len)
-{
-    int ret = 0;
-
-    /* Validate parameters. */
-    if ((key == NULL) || (len == NULL)) {
-        ret = BAD_FUNC_ARG;
-    }
-
-    if (ret == 0) {
-        /* Return in 'len' size of the encoded public key for the type of this
-         * key. */
-        switch (key->type) {
-    #ifdef WOLFSSL_KYBER512
-        case KYBER512:
-            *len = KYBER512_PUBLIC_KEY_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER768
-        case KYBER768:
-            *len = KYBER768_PUBLIC_KEY_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER1024
-        case KYBER1024:
-            *len = KYBER1024_PUBLIC_KEY_SIZE;
-            break;
-    #endif
-        default:
-            /* No other values supported. */
-            ret = NOT_COMPILED_IN;
-            break;
-        }
-    }
-
-    return ret;
-}
-
-/**
- * Encode the private key.
- *
- * Private Vector | Public Key | Public Hash | Randomizer
- *
- * @param  [in]   key  Kyber key object.
- * @param  [out]  out  Buffer to hold data.
- * @param  [in]   len  Size of buffer in bytes.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key or out is NULL or private/public key not
- * available.
- * @return  NOT_COMPILED_IN when key type is not supported.
- */
-int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len)
-{
-    int ret = 0;
-    unsigned int k = 0;
-    unsigned int pubLen = 0;
-    unsigned int privLen = 0;
-    unsigned char* p = out;
-
-    if ((key == NULL) || (out == NULL)) {
-        ret = BAD_FUNC_ARG;
-    }
-    if ((ret == 0) &&
-            ((key->flags & KYBER_FLAG_BOTH_SET) != KYBER_FLAG_BOTH_SET)) {
-        ret = BAD_FUNC_ARG;
-    }
-
-    if (ret == 0) {
-        switch (key->type) {
-    #ifdef WOLFSSL_KYBER512
-        case KYBER512:
-            k = KYBER512_K;
-            pubLen = KYBER512_PUBLIC_KEY_SIZE;
-            privLen = KYBER512_PRIVATE_KEY_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER768
-        case KYBER768:
-            k = KYBER768_K;
-            pubLen = KYBER768_PUBLIC_KEY_SIZE;
-            privLen = KYBER768_PRIVATE_KEY_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER1024
-        case KYBER1024:
-            k = KYBER1024_K;
-            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
-            privLen = KYBER1024_PRIVATE_KEY_SIZE;
-            break;
-    #endif
-        default:
-            /* No other values supported. */
-            ret = NOT_COMPILED_IN;
-            break;
-        }
-    }
-    /* Check buffer is big enough for encoding. */
-    if ((ret == 0) && (len != privLen)) {
-        ret = BUFFER_E;
-    }
-
-    if (ret == 0) {
-        /* Encode private key that is vector of polynomials. */
-        kyber_to_bytes(p, key->priv, k);
-        p += KYBER_POLY_SIZE * k;
-
-        /* Encode public key. */
-        ret = wc_KyberKey_EncodePublicKey(key, p, pubLen);
-        p += pubLen;
-    }
-    /* Ensure hash of public key is available. */
-    if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) {
-        ret = KYBER_HASH_H(p - pubLen, pubLen, key->h);
-    }
-    if (ret == 0) {
-        /* Public hash is available. */
-        key->flags |= KYBER_FLAG_H_SET;
-        /* Append public hash. */
-        XMEMCPY(p, key->h, sizeof(key->h));
-        p += KYBER_SYM_SZ;
-        /* Append z (randomizer). */
-        XMEMCPY(p, key->z, sizeof(key->z));
-    }
-
-    return ret;
-}
-
-/**
- * Encode the public key.
- *
- * Public vector | Public Seed
- *
- * @param  [in]   key  Kyber key object.
- * @param  [out]  out  Buffer to hold data.
- * @param  [in]   len  Size of buffer in bytes.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when key or out is NULL or public key not available.
- * @return  NOT_COMPILED_IN when key type is not supported.
- */
-int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
-{
-    int ret = 0;
-    unsigned int k = 0;
-    unsigned int pubLen = 0;
-    unsigned char* p = out;
-
-    if ((key == NULL) || (out == NULL)) {
-        ret = BAD_FUNC_ARG;
-    }
-    if ((ret == 0) &&
-            ((key->flags & KYBER_FLAG_PUB_SET) != KYBER_FLAG_PUB_SET)) {
-        ret = BAD_FUNC_ARG;
-    }
-
-    if (ret == 0) {
-        switch (key->type) {
-    #ifdef WOLFSSL_KYBER512
-        case KYBER512:
-            k = KYBER512_K;
-            pubLen = KYBER512_PUBLIC_KEY_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER768
-        case KYBER768:
-            k = KYBER768_K;
-            pubLen = KYBER768_PUBLIC_KEY_SIZE;
-            break;
-    #endif
-    #ifdef WOLFSSL_KYBER1024
-        case KYBER1024:
-            k = KYBER1024_K;
-            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
-            break;
-    #endif
-        default:
-            /* No other values supported. */
-            ret = NOT_COMPILED_IN;
-            break;
-        }
-    }
-    /* Check buffer is big enough for encoding. */
-    if ((ret == 0) && (len != pubLen)) {
-        ret = BUFFER_E;
-    }
-
-    if (ret == 0) {
-        int i;
-
-        /* Encode public key polynomial by polynomial. */
-        kyber_to_bytes(p, key->pub, k);
-        p += k * KYBER_POLY_SIZE;
-
-        /* Append public seed. */
-        for (i = 0; i < KYBER_SYM_SZ; i++) {
-            p[i] = key->pubSeed[i];
-        }
-
-        /* Make sure public hash is set. */
-        if ((key->flags & KYBER_FLAG_H_SET) == 0) {
-            ret = KYBER_HASH_H(out, len, key->h);
-        }
-    }
-    if (ret == 0) {
-        /* Public hash is set. */
-        key->flags |= KYBER_FLAG_H_SET;
-    }
-
-    return ret;
-}
-
-#endif /* WOLFSSL_WC_KYBER */
diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c
deleted file mode 100644
index 911c5ac3e..000000000
--- a/wolfcrypt/src/wc_kyber_poly.c
+++ /dev/null
@@ -1,3733 +0,0 @@
-/* wc_kyber_poly.c
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-/* Implementation based on NIST 3rd Round submission package.
- * See link at:
- *   https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions
- */
-
-/* Implementation of the functions that operate on polynomials or vectors of
- * polynomials.
- */
-
-/* Possible Kyber options:
- *
- * WOLFSSL_WC_KYBER                                           Default: OFF
- *   Enables this code, wolfSSL implementation, to be built.
- *
- * WOLFSSL_KYBER512                                           Default: OFF
- *   Enables the KYBER512 parameter implementations.
- * WOLFSSL_KYBER768                                           Default: OFF
- *   Enables the KYBER768 parameter implementations.
- * WOLFSSL_KYBER1024                                          Default: OFF
- *   Enables the KYBER1024 parameter implementations.
- *
- * USE_INTEL_SPEEDUP                                          Default: OFF
- *   Compiles in Intel x64 specific implementations that are faster.
- * WOLFSSL_KYBER_NO_LARGE_CODE                                Default: OFF
- *   Compiles smaller, fast code size with a speed trade-off.
- * WOLFSSL_KYBER_SMALL                                        Default: OFF
- *   Compiles to small code size with a speed trade-off.
- * WOLFSSL_SMALL_STACK                                        Default: OFF
- *   Use less stack by dynamically allocating local variables.
- *
- * WOLFSSL_KYBER_NTT_UNROLL                                   Defualt: OFF
- *   Enable an alternative NTT implementation that may be faster on some
- *   platforms and is smaller in code size.
- * WOLFSSL_KYBER_INVNTT_UNROLL                                Default: OFF
- *   Enables an alternative inverse NTT implementation that may be faster on
- *   some platforms and is smaller in code size.
- */
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/wc_kyber.h>
-#include <wolfssl/wolfcrypt/cpuid.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef WOLFSSL_WC_KYBER
-
-/* Declared in wc_kyber.c to stop compiler optimizer from simplifying. */
-extern volatile sword16 kyber_opt_blocker;
-
-#ifdef USE_INTEL_SPEEDUP
-static word32 cpuid_flags = 0;
-#endif
-
-/* Half of Q plus one. Converted message bit value of 1. */
-#define KYBER_Q_1_HALF      ((KYBER_Q + 1) / 2)
-/* Half of Q */
-#define KYBER_Q_HALF        (KYBER_Q / 2)
-
-
-/* q^-1 mod 2^16 (inverse of 3329 mod 16384) */
-#define KYBER_QINV       62209
-
-/* Used in Barrett Reduction:
- *    r = a mod q
- * => r = a - ((V * a) >> 26) * q), as V based on 2^26
- * V is the multiplier that gets the quotient after shifting.
- */
-#define KYBER_V          (((1U << 26) + (KYBER_Q / 2)) / KYBER_Q)
-
-/* Used in converting to Montgomery form.
- * f is the normalizer = 2^k % m.
- * 16-bit value cast to sword32 in use.
- */
-#define KYBER_F          ((1ULL << 32) % KYBER_Q)
-
-/* Number of bytes in an output block of SHA-3-128 */
-#define SHA3_128_BYTES   (WC_SHA3_128_COUNT * 8)
-/* Number of bytes in an output block of SHA-3-256 */
-#define SHA3_256_BYTES   (WC_SHA3_256_COUNT * 8)
-
-/* Number of blocks to generate for matrix. */
-#define GEN_MATRIX_NBLOCKS \
-    ((12 * KYBER_N / 8 * (1 << 12) / KYBER_Q + XOF_BLOCK_SIZE) / XOF_BLOCK_SIZE)
-/* Number of bytes to generate for matrix. */
-#define GEN_MATRIX_SIZE     GEN_MATRIX_NBLOCKS * XOF_BLOCK_SIZE
-
-
-/* Number of random bytes to generate for ETA3. */
-#define ETA3_RAND_SIZE     ((3 * KYBER_N) / 4)
-/* Number of random bytes to generate for ETA2. */
-#define ETA2_RAND_SIZE     ((2 * KYBER_N) / 4)
-
-
-/* Montgomery reduce a.
- *
- * @param  [in]  a  32-bit value to be reduced.
- * @return  Montgomery reduction result.
- */
-#define KYBER_MONT_RED(a) \
-    (sword16)(((a) - (sword32)(((sword16)((sword16)(a) * \
-                                (sword16)KYBER_QINV)) * \
-                               (sword32)KYBER_Q)) >> 16)
-
-/* Barrett reduce a. r = a mod q.
- *
- * Converted division to multiplication.
- *
- * @param  [in]  a  16-bit value to be reduced to range of q.
- * @return  Modulo result.
- */
-#define KYBER_BARRETT_RED(a) \
-    (sword16)((sword16)(a) - (sword16)((sword16)( \
-        ((sword32)((sword32)KYBER_V * (sword16)(a))) >> 26) * (word16)KYBER_Q))
-
-
-/* Zetas for NTT. */
-const sword16 zetas[KYBER_N / 2] = {
-    2285, 2571, 2970, 1812, 1493, 1422,  287,  202, 3158,  622, 1577,  182,
-     962, 2127, 1855, 1468,  573, 2004,  264,  383, 2500, 1458, 1727, 3199,
-    2648, 1017,  732,  608, 1787,  411, 3124, 1758, 1223,  652, 2777, 1015,
-    2036, 1491, 3047, 1785,  516, 3321, 3009, 2663, 1711, 2167,  126, 1469,
-    2476, 3239, 3058,  830,  107, 1908, 3082, 2378, 2931,  961, 1821, 2604,
-     448, 2264,  677, 2054, 2226,  430,  555,  843, 2078,  871, 1550,  105,
-     422,  587,  177, 3094, 3038, 2869, 1574, 1653, 3083,  778, 1159, 3182,
-    2552, 1483, 2727, 1119, 1739,  644, 2457,  349,  418,  329, 3173, 3254,
-     817, 1097,  603,  610, 1322, 2044, 1864,  384, 2114, 3193, 1218, 1994,
-    2455,  220, 2142, 1670, 2144, 1799, 2051,  794, 1819, 2475, 2459,  478,
-     3221, 3021,  996,  991,  958, 1869, 1522, 1628
-};
-
-/* Zetas for inverse NTT. */
-const sword16 zetas_inv[KYBER_N / 2] = {
-    1701, 1807, 1460, 2371, 2338, 2333,  308,  108, 2851,  870,  854, 1510,
-    2535, 1278, 1530, 1185, 1659, 1187, 3109,  874, 1335, 2111,  136, 1215,
-    2945, 1465, 1285, 2007, 2719, 2726, 2232, 2512,   75,  156, 3000, 2911,
-    2980,  872, 2685, 1590, 2210,  602, 1846,  777,  147, 2170, 2551,  246,
-    1676, 1755,  460,  291,  235, 3152, 2742, 2907, 3224, 1779, 2458, 1251,
-    2486, 2774, 2899, 1103, 1275, 2652, 1065, 2881,  725, 1508, 2368,  398,
-     951,  247, 1421, 3222, 2499,  271,   90,  853, 1860, 3203, 1162, 1618,
-     666,  320,    8, 2813, 1544,  282, 1838, 1293, 2314,  552, 2677, 2106,
-    1571,  205, 2918, 1542, 2721, 2597, 2312,  681,  130, 1602, 1871,  829,
-    2946, 3065, 1325, 2756, 1861, 1474, 1202, 2367, 3147, 1752, 2707,  171,
-    3127, 3042, 1907, 1836, 1517,  359,  758, 1441
-};
-
-
-/* Number-Theoretic Transform.
- *
- * @param  [in, out]  r  Polynomial to transform.
- */
-static void kyber_ntt(sword16* r)
-{
-#ifdef WOLFSSL_KYBER_SMALL
-    unsigned int len;
-    unsigned int k;
-    unsigned int j;
-
-    k = 1;
-    for (len = KYBER_N / 2; len >= 2; len >>= 1) {
-        unsigned int start;
-        for (start = 0; start < KYBER_N; start = j + len) {
-            sword16 zeta = zetas[k++];
-            for (j = start; j < start + len; ++j) {
-                sword32 p = (sword32)zeta * r[j + len];
-                sword16 t = KYBER_MONT_RED(p);
-                sword16 rj = r[j];
-                r[j + len] = rj - t;
-                r[j] = rj + t;
-            }
-        }
-    }
-
-    /* Reduce coefficients with quick algorithm. */
-    for (j = 0; j < KYBER_N; ++j) {
-        r[j] = KYBER_BARRETT_RED(r[j]);
-    }
-#elif defined(WOLFSSL_KYBER_NO_LARGE_CODE)
-    unsigned int len;
-    unsigned int k = 1;
-    unsigned int j;
-    unsigned int start;
-    sword16 zeta = zetas[k++];
-
-    for (j = 0; j < KYBER_N / 2; ++j) {
-        sword32 p = (sword32)zeta * r[j + KYBER_N / 2];
-        sword16 t = KYBER_MONT_RED(p);
-        sword16 rj = r[j];
-        r[j + KYBER_N / 2] = rj - t;
-        r[j] = rj + t;
-    }
-    for (len = KYBER_N / 4; len >= 2; len >>= 1) {
-        for (start = 0; start < KYBER_N; start = j + len) {
-            zeta = zetas[k++];
-            for (j = start; j < start + len; ++j) {
-                sword32 p = (sword32)zeta * r[j + len];
-                sword16 t = KYBER_MONT_RED(p);
-                sword16 rj = r[j];
-                r[j + len] = rj - t;
-                r[j] = rj + t;
-            }
-        }
-    }
-
-    /* Reduce coefficients with quick algorithm. */
-    for (j = 0; j < KYBER_N; ++j) {
-        r[j] = KYBER_BARRETT_RED(r[j]);
-    }
-#elif defined(WOLFSSL_KYBER_NTT_UNROLL)
-    unsigned int k = 1;
-    unsigned int j;
-    unsigned int start;
-    sword16 zeta = zetas[k++];
-
-    for (j = 0; j < KYBER_N / 2; ++j) {
-        sword32 p = (sword32)zeta * r[j + KYBER_N / 2];
-        sword16 t = KYBER_MONT_RED(p);
-        sword16 rj = r[j];
-        r[j + KYBER_N / 2] = rj - t;
-        r[j] = rj + t;
-    }
-    for (start = 0; start < KYBER_N; start += 2 * 64) {
-        zeta = zetas[k++];
-        for (j = 0; j < 64; ++j) {
-            sword32 p = (sword32)zeta * r[start + j + 64];
-            sword16 t = KYBER_MONT_RED(p);
-            sword16 rj = r[start + j];
-            r[start + j + 64] = rj - t;
-            r[start + j] = rj + t;
-        }
-    }
-    for (start = 0; start < KYBER_N; start += 2 * 32) {
-        zeta = zetas[k++];
-        for (j = 0; j < 32; ++j) {
-            sword32 p = (sword32)zeta * r[start + j + 32];
-            sword16 t = KYBER_MONT_RED(p);
-            sword16 rj = r[start + j];
-            r[start + j + 32] = rj - t;
-            r[start + j] = rj + t;
-        }
-    }
-    for (start = 0; start < KYBER_N; start += 2 * 16) {
-        zeta = zetas[k++];
-        for (j = 0; j < 16; ++j) {
-            sword32 p = (sword32)zeta * r[start + j + 16];
-            sword16 t = KYBER_MONT_RED(p);
-            sword16 rj = r[start + j];
-            r[start + j + 16] = rj - t;
-            r[start + j] = rj + t;
-        }
-    }
-    for (start = 0; start < KYBER_N; start += 2 * 8) {
-        zeta = zetas[k++];
-        for (j = 0; j < 8; ++j) {
-            sword32 p = (sword32)zeta * r[start + j + 8];
-            sword16 t = KYBER_MONT_RED(p);
-            sword16 rj = r[start + j];
-            r[start + j + 8] = rj - t;
-            r[start + j] = rj + t;
-        }
-    }
-    for (start = 0; start < KYBER_N; start += 2 * 4) {
-        zeta = zetas[k++];
-        for (j = 0; j < 4; ++j) {
-            sword32 p = (sword32)zeta * r[start + j + 4];
-            sword16 t = KYBER_MONT_RED(p);
-            sword16 rj = r[start + j];
-            r[start + j + 4] = rj - t;
-            r[start + j] = rj + t;
-        }
-    }
-    for (start = 0; start < KYBER_N; start += 2 * 2) {
-        zeta = zetas[k++];
-        for (j = 0; j < 2; ++j) {
-            sword32 p = (sword32)zeta * r[start + j + 2];
-            sword16 t = KYBER_MONT_RED(p);
-            sword16 rj = r[start + j];
-            r[start + j + 2] = rj - t;
-            r[start + j] = rj + t;
-        }
-    }
-    /* Reduce coefficients with quick algorithm. */
-    for (j = 0; j < KYBER_N; ++j) {
-        r[j] = KYBER_BARRETT_RED(r[j]);
-    }
-#else
-    unsigned int j;
-    sword16 t0;
-    sword16 t1;
-    sword16 t2;
-    sword16 t3;
-
-    sword16 zeta128 = zetas[1];
-    sword16 zeta64_0 = zetas[2];
-    sword16 zeta64_1 = zetas[3];
-    for (j = 0; j < KYBER_N / 8; j++) {
-        sword16 r0 = r[j +   0];
-        sword16 r1 = r[j +  32];
-        sword16 r2 = r[j +  64];
-        sword16 r3 = r[j +  96];
-        sword16 r4 = r[j + 128];
-        sword16 r5 = r[j + 160];
-        sword16 r6 = r[j + 192];
-        sword16 r7 = r[j + 224];
-
-        t0 = KYBER_MONT_RED((sword32)zeta128 * r4);
-        t1 = KYBER_MONT_RED((sword32)zeta128 * r5);
-        t2 = KYBER_MONT_RED((sword32)zeta128 * r6);
-        t3 = KYBER_MONT_RED((sword32)zeta128 * r7);
-        r4 = r0 - t0;
-        r5 = r1 - t1;
-        r6 = r2 - t2;
-        r7 = r3 - t3;
-        r0 += t0;
-        r1 += t1;
-        r2 += t2;
-        r3 += t3;
-
-        t0 = KYBER_MONT_RED((sword32)zeta64_0 * r2);
-        t1 = KYBER_MONT_RED((sword32)zeta64_0 * r3);
-        t2 = KYBER_MONT_RED((sword32)zeta64_1 * r6);
-        t3 = KYBER_MONT_RED((sword32)zeta64_1 * r7);
-        r2 = r0 - t0;
-        r3 = r1 - t1;
-        r6 = r4 - t2;
-        r7 = r5 - t3;
-        r0 += t0;
-        r1 += t1;
-        r4 += t2;
-        r5 += t3;
-
-        r[j +   0] = r0;
-        r[j +  32] = r1;
-        r[j +  64] = r2;
-        r[j +  96] = r3;
-        r[j + 128] = r4;
-        r[j + 160] = r5;
-        r[j + 192] = r6;
-        r[j + 224] = r7;
-    }
-
-    for (j = 0; j < KYBER_N; j += 64) {
-        int i;
-        sword16 zeta32   = zetas[ 4 + j / 64 + 0];
-        sword16 zeta16_0 = zetas[ 8 + j / 32 + 0];
-        sword16 zeta16_1 = zetas[ 8 + j / 32 + 1];
-        sword16 zeta8_0  = zetas[16 + j / 16 + 0];
-        sword16 zeta8_1  = zetas[16 + j / 16 + 1];
-        sword16 zeta8_2  = zetas[16 + j / 16 + 2];
-        sword16 zeta8_3  = zetas[16 + j / 16 + 3];
-        for (i = 0; i < 8; i++) {
-            sword16 r0 = r[j + i +  0];
-            sword16 r1 = r[j + i +  8];
-            sword16 r2 = r[j + i + 16];
-            sword16 r3 = r[j + i + 24];
-            sword16 r4 = r[j + i + 32];
-            sword16 r5 = r[j + i + 40];
-            sword16 r6 = r[j + i + 48];
-            sword16 r7 = r[j + i + 56];
-
-            t0 = KYBER_MONT_RED((sword32)zeta32 * r4);
-            t1 = KYBER_MONT_RED((sword32)zeta32 * r5);
-            t2 = KYBER_MONT_RED((sword32)zeta32 * r6);
-            t3 = KYBER_MONT_RED((sword32)zeta32 * r7);
-            r4 = r0 - t0;
-            r5 = r1 - t1;
-            r6 = r2 - t2;
-            r7 = r3 - t3;
-            r0 += t0;
-            r1 += t1;
-            r2 += t2;
-            r3 += t3;
-
-            t0 = KYBER_MONT_RED((sword32)zeta16_0 * r2);
-            t1 = KYBER_MONT_RED((sword32)zeta16_0 * r3);
-            t2 = KYBER_MONT_RED((sword32)zeta16_1 * r6);
-            t3 = KYBER_MONT_RED((sword32)zeta16_1 * r7);
-            r2 = r0 - t0;
-            r3 = r1 - t1;
-            r6 = r4 - t2;
-            r7 = r5 - t3;
-            r0 += t0;
-            r1 += t1;
-            r4 += t2;
-            r5 += t3;
-
-            t0 = KYBER_MONT_RED((sword32)zeta8_0 * r1);
-            t1 = KYBER_MONT_RED((sword32)zeta8_1 * r3);
-            t2 = KYBER_MONT_RED((sword32)zeta8_2 * r5);
-            t3 = KYBER_MONT_RED((sword32)zeta8_3 * r7);
-            r1 = r0 - t0;
-            r3 = r2 - t1;
-            r5 = r4 - t2;
-            r7 = r6 - t3;
-            r0 += t0;
-            r2 += t1;
-            r4 += t2;
-            r6 += t3;
-
-            r[j + i +  0] = r0;
-            r[j + i +  8] = r1;
-            r[j + i + 16] = r2;
-            r[j + i + 24] = r3;
-            r[j + i + 32] = r4;
-            r[j + i + 40] = r5;
-            r[j + i + 48] = r6;
-            r[j + i + 56] = r7;
-        }
-    }
-
-    for (j = 0; j < KYBER_N; j += 8) {
-        sword16 zeta4  = zetas[32 + j / 8 + 0];
-        sword16 zeta2_0 = zetas[64 + j / 4 + 0];
-        sword16 zeta2_1 = zetas[64 + j / 4 + 1];
-        sword16 r0 = r[j + 0];
-        sword16 r1 = r[j + 1];
-        sword16 r2 = r[j + 2];
-        sword16 r3 = r[j + 3];
-        sword16 r4 = r[j + 4];
-        sword16 r5 = r[j + 5];
-        sword16 r6 = r[j + 6];
-        sword16 r7 = r[j + 7];
-
-        t0 = KYBER_MONT_RED((sword32)zeta4 * r4);
-        t1 = KYBER_MONT_RED((sword32)zeta4 * r5);
-        t2 = KYBER_MONT_RED((sword32)zeta4 * r6);
-        t3 = KYBER_MONT_RED((sword32)zeta4 * r7);
-        r4 = r0 - t0;
-        r5 = r1 - t1;
-        r6 = r2 - t2;
-        r7 = r3 - t3;
-        r0 += t0;
-        r1 += t1;
-        r2 += t2;
-        r3 += t3;
-
-        t0 = KYBER_MONT_RED((sword32)zeta2_0 * r2);
-        t1 = KYBER_MONT_RED((sword32)zeta2_0 * r3);
-        t2 = KYBER_MONT_RED((sword32)zeta2_1 * r6);
-        t3 = KYBER_MONT_RED((sword32)zeta2_1 * r7);
-        r2 = r0 - t0;
-        r3 = r1 - t1;
-        r6 = r4 - t2;
-        r7 = r5 - t3;
-        r0 += t0;
-        r1 += t1;
-        r4 += t2;
-        r5 += t3;
-
-        r[j + 0] = KYBER_BARRETT_RED(r0);
-        r[j + 1] = KYBER_BARRETT_RED(r1);
-        r[j + 2] = KYBER_BARRETT_RED(r2);
-        r[j + 3] = KYBER_BARRETT_RED(r3);
-        r[j + 4] = KYBER_BARRETT_RED(r4);
-        r[j + 5] = KYBER_BARRETT_RED(r5);
-        r[j + 6] = KYBER_BARRETT_RED(r6);
-        r[j + 7] = KYBER_BARRETT_RED(r7);
-    }
-#endif
-}
-
-/* Inverse Number-Theoretic Transform.
- *
- * @param  [in, out]  r  Polynomial to transform.
- */
-static void kyber_invntt(sword16* r)
-{
-#ifdef WOLFSSL_KYBER_SMALL
-    unsigned int len;
-    unsigned int k;
-    unsigned int j;
-    sword16 zeta;
-
-    k = 0;
-    for (len = 2; len <= KYBER_N / 2; len <<= 1) {
-        unsigned int start;
-        for (start = 0; start < KYBER_N; start = j + len) {
-            zeta = zetas_inv[k++];
-            for (j = start; j < start + len; ++j) {
-                sword32 p;
-                sword16 rj = r[j];
-                sword16 rjl = r[j + len];
-                sword16 t = rj + rjl;
-                r[j] = KYBER_BARRETT_RED(t);
-                rjl = rj - rjl;
-                p = (sword32)zeta * rjl;
-                r[j + len] = KYBER_MONT_RED(p);
-            }
-        }
-    }
-
-    zeta = zetas_inv[127];
-    for (j = 0; j < KYBER_N; ++j) {
-        sword32 p = (sword32)zeta * r[j];
-        r[j] = KYBER_MONT_RED(p);
-    }
-#elif defined(WOLFSSL_KYBER_NO_LARGE_CODE)
-    unsigned int len;
-    unsigned int k;
-    unsigned int j;
-    sword16 zeta;
-    sword16 zeta2;
-
-    k = 0;
-    for (len = 2; len <= KYBER_N / 4; len <<= 1) {
-        unsigned int start;
-        for (start = 0; start < KYBER_N; start = j + len) {
-            zeta = zetas_inv[k++];
-            for (j = start; j < start + len; ++j) {
-                sword32 p;
-                sword16 rj = r[j];
-                sword16 rjl = r[j + len];
-                sword16 t = rj + rjl;
-                r[j] = KYBER_BARRETT_RED(t);
-                rjl = rj - rjl;
-                p = (sword32)zeta * rjl;
-                r[j + len] = KYBER_MONT_RED(p);
-            }
-        }
-    }
-
-    zeta = zetas_inv[126];
-    zeta2 = zetas_inv[127];
-    for (j = 0; j < KYBER_N / 2; ++j) {
-        sword32 p;
-        sword16 rj = r[j];
-        sword16 rjl = r[j + KYBER_N / 2];
-        sword16 t = rj + rjl;
-        rjl = rj - rjl;
-        p = (sword32)zeta * rjl;
-        r[j] = t;
-        r[j + KYBER_N / 2] = KYBER_MONT_RED(p);
-
-        p = (sword32)zeta2 * r[j];
-        r[j] = KYBER_MONT_RED(p);
-        p = (sword32)zeta2 * r[j + KYBER_N / 2];
-        r[j + KYBER_N / 2] = KYBER_MONT_RED(p);
-    }
-#elif defined(WOLFSSL_KYBER_INVNTT_UNROLL)
-    unsigned int k;
-    unsigned int j;
-    unsigned int start;
-    sword16 zeta;
-    sword16 zeta2;
-
-    k = 0;
-    for (start = 0; start < KYBER_N; start += 2 * 2) {
-        zeta = zetas_inv[k++];
-        for (j = 0; j < 2; ++j) {
-            sword32 p;
-            sword16 rj = r[start + j];
-            sword16 rjl = r[start + j + 2];
-            sword16 t = rj + rjl;
-            r[start + j] = t;
-            rjl = rj - rjl;
-            p = (sword32)zeta * rjl;
-            r[start + j + 2] = KYBER_MONT_RED(p);
-        }
-    }
-    for (start = 0; start < KYBER_N; start += 2 * 4) {
-        zeta = zetas_inv[k++];
-        for (j = 0; j < 4; ++j) {
-            sword32 p;
-            sword16 rj = r[start + j];
-            sword16 rjl = r[start + j + 4];
-            sword16 t = rj + rjl;
-            r[start + j] = t;
-            rjl = rj - rjl;
-            p = (sword32)zeta * rjl;
-            r[start + j + 4] = KYBER_MONT_RED(p);
-        }
-    }
-    for (start = 0; start < KYBER_N; start += 2 * 8) {
-        zeta = zetas_inv[k++];
-        for (j = 0; j < 8; ++j) {
-            sword32 p;
-            sword16 rj = r[start + j];
-            sword16 rjl = r[start + j + 8];
-            sword16 t = rj + rjl;
-            /* Reduce. */
-            r[start + j] = KYBER_BARRETT_RED(t);
-            rjl = rj - rjl;
-            p = (sword32)zeta * rjl;
-            r[start + j + 8] = KYBER_MONT_RED(p);
-        }
-    }
-    for (start = 0; start < KYBER_N; start += 2 * 16) {
-        zeta = zetas_inv[k++];
-        for (j = 0; j < 16; ++j) {
-            sword32 p;
-            sword16 rj = r[start + j];
-            sword16 rjl = r[start + j + 16];
-            sword16 t = rj + rjl;
-            r[start + j] = t;
-            rjl = rj - rjl;
-            p = (sword32)zeta * rjl;
-            r[start + j + 16] = KYBER_MONT_RED(p);
-        }
-    }
-    for (start = 0; start < KYBER_N; start += 2 * 32) {
-        zeta = zetas_inv[k++];
-        for (j = 0; j < 32; ++j) {
-            sword32 p;
-            sword16 rj = r[start + j];
-            sword16 rjl = r[start + j + 32];
-            sword16 t = rj + rjl;
-            r[start + j] = t;
-            rjl = rj - rjl;
-            p = (sword32)zeta * rjl;
-            r[start + j + 32] = KYBER_MONT_RED(p);
-        }
-    }
-    for (start = 0; start < KYBER_N; start += 2 * 64) {
-        zeta = zetas_inv[k++];
-        for (j = 0; j < 64; ++j) {
-            sword32 p;
-            sword16 rj = r[start + j];
-            sword16 rjl = r[start + j + 64];
-            sword16 t = rj + rjl;
-            /* Reduce. */
-            r[start + j] = KYBER_BARRETT_RED(t);
-            rjl = rj - rjl;
-            p = (sword32)zeta * rjl;
-            r[start + j + 64] = KYBER_MONT_RED(p);
-        }
-    }
-    zeta = zetas_inv[126];
-    zeta2 = zetas_inv[127];
-    for (j = 0; j < KYBER_N / 2; ++j) {
-        sword32 p;
-        sword16 rj = r[j];
-        sword16 rjl = r[j + KYBER_N / 2];
-        sword16 t = rj + rjl;
-        rjl = rj - rjl;
-        p = (sword32)zeta * rjl;
-        r[j] = t;
-        r[j + KYBER_N / 2] = KYBER_MONT_RED(p);
-
-        p = (sword32)zeta2 * r[j];
-        r[j] = KYBER_MONT_RED(p);
-        p = (sword32)zeta2 * r[j + KYBER_N / 2];
-        r[j + KYBER_N / 2] = KYBER_MONT_RED(p);
-    }
-#else
-    unsigned int j;
-    sword16 t0;
-    sword16 t1;
-    sword16 t2;
-    sword16 t3;
-    sword16 zeta64_0;
-    sword16 zeta64_1;
-    sword16 zeta128;
-    sword16 zeta256;
-    sword32 p;
-
-    for (j = 0; j < KYBER_N; j += 8) {
-        sword16 zeta2_0 = zetas_inv[ 0 + j / 4 + 0];
-        sword16 zeta2_1 = zetas_inv[ 0 + j / 4 + 1];
-        sword16 zeta4   = zetas_inv[64 + j / 8 + 0];
-        sword16 r0 = r[j + 0];
-        sword16 r1 = r[j + 1];
-        sword16 r2 = r[j + 2];
-        sword16 r3 = r[j + 3];
-        sword16 r4 = r[j + 4];
-        sword16 r5 = r[j + 5];
-        sword16 r6 = r[j + 6];
-        sword16 r7 = r[j + 7];
-
-        p = (sword32)zeta2_0 * (sword16)(r0 - r2);
-        t0 = KYBER_MONT_RED(p);
-        p = (sword32)zeta2_0 * (sword16)(r1 - r3);
-        t1 = KYBER_MONT_RED(p);
-        p = (sword32)zeta2_1 * (sword16)(r4 - r6);
-        t2 = KYBER_MONT_RED(p);
-        p = (sword32)zeta2_1 * (sword16)(r5 - r7);
-        t3 = KYBER_MONT_RED(p);
-        r0 += r2;
-        r1 += r3;
-        r4 += r6;
-        r5 += r7;
-        r2 = t0;
-        r3 = t1;
-        r6 = t2;
-        r7 = t3;
-
-        p = (sword32)zeta4 * (sword16)(r0 - r4);
-        t0 = KYBER_MONT_RED(p);
-        p = (sword32)zeta4 * (sword16)(r1 - r5);
-        t1 = KYBER_MONT_RED(p);
-        p = (sword32)zeta4 * (sword16)(r2 - r6);
-        t2 = KYBER_MONT_RED(p);
-        p = (sword32)zeta4 * (sword16)(r3 - r7);
-        t3 = KYBER_MONT_RED(p);
-        r0 += r4;
-        r1 += r5;
-        r2 += r6;
-        r3 += r7;
-        r4 = t0;
-        r5 = t1;
-        r6 = t2;
-        r7 = t3;
-
-        r[j + 0] = r0;
-        r[j + 1] = r1;
-        r[j + 2] = r2;
-        r[j + 3] = r3;
-        r[j + 4] = r4;
-        r[j + 5] = r5;
-        r[j + 6] = r6;
-        r[j + 7] = r7;
-    }
-
-    for (j = 0; j < KYBER_N; j += 64) {
-        int i;
-        sword16 zeta8_0  = zetas_inv[ 96 + j / 16 + 0];
-        sword16 zeta8_1  = zetas_inv[ 96 + j / 16 + 1];
-        sword16 zeta8_2  = zetas_inv[ 96 + j / 16 + 2];
-        sword16 zeta8_3  = zetas_inv[ 96 + j / 16 + 3];
-        sword16 zeta16_0 = zetas_inv[112 + j / 32 + 0];
-        sword16 zeta16_1 = zetas_inv[112 + j / 32 + 1];
-        sword16 zeta32   = zetas_inv[120 + j / 64 + 0];
-        for (i = 0; i < 8; i++) {
-            sword16 r0 = r[j + i +  0];
-            sword16 r1 = r[j + i +  8];
-            sword16 r2 = r[j + i + 16];
-            sword16 r3 = r[j + i + 24];
-            sword16 r4 = r[j + i + 32];
-            sword16 r5 = r[j + i + 40];
-            sword16 r6 = r[j + i + 48];
-            sword16 r7 = r[j + i + 56];
-
-            p = (sword32)zeta8_0 * (sword16)(r0 - r1);
-            t0 = KYBER_MONT_RED(p);
-            p = (sword32)zeta8_1 * (sword16)(r2 - r3);
-            t1 = KYBER_MONT_RED(p);
-            p = (sword32)zeta8_2 * (sword16)(r4 - r5);
-            t2 = KYBER_MONT_RED(p);
-            p = (sword32)zeta8_3 * (sword16)(r6 - r7);
-            t3 = KYBER_MONT_RED(p);
-            r0 = KYBER_BARRETT_RED(r0 + r1);
-            r2 = KYBER_BARRETT_RED(r2 + r3);
-            r4 = KYBER_BARRETT_RED(r4 + r5);
-            r6 = KYBER_BARRETT_RED(r6 + r7);
-            r1 = t0;
-            r3 = t1;
-            r5 = t2;
-            r7 = t3;
-
-            p = (sword32)zeta16_0 * (sword16)(r0 - r2);
-            t0 = KYBER_MONT_RED(p);
-            p = (sword32)zeta16_0 * (sword16)(r1 - r3);
-            t1 = KYBER_MONT_RED(p);
-            p = (sword32)zeta16_1 * (sword16)(r4 - r6);
-            t2 = KYBER_MONT_RED(p);
-            p = (sword32)zeta16_1 * (sword16)(r5 - r7);
-            t3 = KYBER_MONT_RED(p);
-            r0 += r2;
-            r1 += r3;
-            r4 += r6;
-            r5 += r7;
-            r2 = t0;
-            r3 = t1;
-            r6 = t2;
-            r7 = t3;
-
-            p = (sword32)zeta32 * (sword16)(r0 - r4);
-            t0 = KYBER_MONT_RED(p);
-            p = (sword32)zeta32 * (sword16)(r1 - r5);
-            t1 = KYBER_MONT_RED(p);
-            p = (sword32)zeta32 * (sword16)(r2 - r6);
-            t2 = KYBER_MONT_RED(p);
-            p = (sword32)zeta32 * (sword16)(r3 - r7);
-            t3 = KYBER_MONT_RED(p);
-            r0 += r4;
-            r1 += r5;
-            r2 += r6;
-            r3 += r7;
-            r4 = t0;
-            r5 = t1;
-            r6 = t2;
-            r7 = t3;
-
-            r[j + i +  0] = r0;
-            r[j + i +  8] = r1;
-            r[j + i + 16] = r2;
-            r[j + i + 24] = r3;
-            r[j + i + 32] = r4;
-            r[j + i + 40] = r5;
-            r[j + i + 48] = r6;
-            r[j + i + 56] = r7;
-        }
-    }
-
-    zeta64_0 = zetas_inv[124];
-    zeta64_1 = zetas_inv[125];
-    zeta128  = zetas_inv[126];
-    zeta256  = zetas_inv[127];
-    for (j = 0; j < KYBER_N / 8; j++) {
-        sword16 r0 = r[j +   0];
-        sword16 r1 = r[j +  32];
-        sword16 r2 = r[j +  64];
-        sword16 r3 = r[j +  96];
-        sword16 r4 = r[j + 128];
-        sword16 r5 = r[j + 160];
-        sword16 r6 = r[j + 192];
-        sword16 r7 = r[j + 224];
-
-        p = (sword32)zeta64_0 * (sword16)(r0 - r2);
-        t0 = KYBER_MONT_RED(p);
-        p = (sword32)zeta64_0 * (sword16)(r1 - r3);
-        t1 = KYBER_MONT_RED(p);
-        p = (sword32)zeta64_1 * (sword16)(r4 - r6);
-        t2 = KYBER_MONT_RED(p);
-        p = (sword32)zeta64_1 * (sword16)(r5 - r7);
-        t3 = KYBER_MONT_RED(p);
-        r0 = KYBER_BARRETT_RED(r0 + r2);
-        r1 = KYBER_BARRETT_RED(r1 + r3);
-        r4 = KYBER_BARRETT_RED(r4 + r6);
-        r5 = KYBER_BARRETT_RED(r5 + r7);
-        r2 = t0;
-        r3 = t1;
-        r6 = t2;
-        r7 = t3;
-
-        p = (sword32)zeta128 * (sword16)(r0 - r4);
-        t0 = KYBER_MONT_RED(p);
-        p = (sword32)zeta128 * (sword16)(r1 - r5);
-        t1 = KYBER_MONT_RED(p);
-        p = (sword32)zeta128 * (sword16)(r2 - r6);
-        t2 = KYBER_MONT_RED(p);
-        p = (sword32)zeta128 * (sword16)(r3 - r7);
-        t3 = KYBER_MONT_RED(p);
-        r0 += r4;
-        r1 += r5;
-        r2 += r6;
-        r3 += r7;
-        r4 = t0;
-        r5 = t1;
-        r6 = t2;
-        r7 = t3;
-
-        p = (sword32)zeta256 * r0;
-        r0 = KYBER_MONT_RED(p);
-        p = (sword32)zeta256 * r1;
-        r1 = KYBER_MONT_RED(p);
-        p = (sword32)zeta256 * r2;
-        r2 = KYBER_MONT_RED(p);
-        p = (sword32)zeta256 * r3;
-        r3 = KYBER_MONT_RED(p);
-        p = (sword32)zeta256 * r4;
-        r4 = KYBER_MONT_RED(p);
-        p = (sword32)zeta256 * r5;
-        r5 = KYBER_MONT_RED(p);
-        p = (sword32)zeta256 * r6;
-        r6 = KYBER_MONT_RED(p);
-        p = (sword32)zeta256 * r7;
-        r7 = KYBER_MONT_RED(p);
-
-        r[j +   0] = r0;
-        r[j +  32] = r1;
-        r[j +  64] = r2;
-        r[j +  96] = r3;
-        r[j + 128] = r4;
-        r[j + 160] = r5;
-        r[j + 192] = r6;
-        r[j + 224] = r7;
-    }
-#endif
-}
-
-/* Multiplication of polynomials in Zq[X]/(X^2-zeta).
- *
- * Used for multiplication of elements in Rq in NTT domain.
- *
- * @param  [out]  r     Result polynomial.
- * @param  [in]   a     First factor.
- * @param  [in]   b     Second factor.
- * @param  [in]   zeta  Integer defining the reduction polynomial.
- */
-static void kyber_basemul(sword16* r, const sword16* a, const sword16* b,
-    sword16 zeta)
-{
-    sword16 r0;
-    sword16 a0 = a[0];
-    sword16 a1 = a[1];
-    sword16 b0 = b[0];
-    sword16 b1 = b[1];
-    sword32 p1;
-    sword32 p2;
-
-    p1   = (sword32)a1 * b1;
-    p2   = (sword32)a0 * b0;
-    r0   = KYBER_MONT_RED(p1);
-    p1   = (sword32)zeta * r0;
-    p1  += p2;
-    r[0] = KYBER_MONT_RED(p1);
-
-    p1   = (sword32)a0 * b1;
-    p2   = (sword32)a1 * b0;
-    p1  += p2;
-    r[1] = KYBER_MONT_RED(p1);
-}
-
-/* Multiply two polynomials in NTT domain. r = a * b.
- *
- * @param  [out]  r  Result polynomial.
- * @param  [in]   a  First polynomial multiplier.
- * @param  [in]   b  Second polynomial multiplier.
- */
-static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b)
-{
-    unsigned int i;
-    const sword16* zeta = zetas + 64;
-
-#ifdef WOLFSSL_KYBER_SMALL
-    for (i = 0; i < KYBER_N; i += 4, zeta++) {
-        kyber_basemul(r + i + 0, a + i + 0, b + i + 0,  zeta[0]);
-        kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]);
-    }
-#elif defined(WOLFSSL_KYBER_NO_LARGE_CODE)
-    for (i = 0; i < KYBER_N; i += 8, zeta += 2) {
-        kyber_basemul(r + i + 0, a + i + 0, b + i + 0,  zeta[0]);
-        kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]);
-        kyber_basemul(r + i + 4, a + i + 4, b + i + 4,  zeta[1]);
-        kyber_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]);
-    }
-#else
-    for (i = 0; i < KYBER_N; i += 16, zeta += 4) {
-        kyber_basemul(r + i +  0, a + i +  0, b + i +  0,  zeta[0]);
-        kyber_basemul(r + i +  2, a + i +  2, b + i +  2, -zeta[0]);
-        kyber_basemul(r + i +  4, a + i +  4, b + i +  4,  zeta[1]);
-        kyber_basemul(r + i +  6, a + i +  6, b + i +  6, -zeta[1]);
-        kyber_basemul(r + i +  8, a + i +  8, b + i +  8,  zeta[2]);
-        kyber_basemul(r + i + 10, a + i + 10, b + i + 10, -zeta[2]);
-        kyber_basemul(r + i + 12, a + i + 12, b + i + 12,  zeta[3]);
-        kyber_basemul(r + i + 14, a + i + 14, b + i + 14, -zeta[3]);
-    }
-#endif
-}
-
-/* Multiply two polynomials in NTT domain and add to result. r += a * b.
- *
- * @param  [in, out]  r  Result polynomial.
- * @param  [in]       a  First polynomial multiplier.
- * @param  [in]       b  Second polynomial multiplier.
- */
-static void kyber_basemul_mont_add(sword16* r, const sword16* a,
-    const sword16* b)
-{
-    unsigned int i;
-    const sword16* zeta = zetas + 64;
-
-#ifdef WOLFSSL_KYBER_SMALL
-    for (i = 0; i < KYBER_N; i += 4, zeta++) {
-        sword16 t0[2];
-        sword16 t2[2];
-
-        kyber_basemul(t0, a + i + 0, b + i + 0,  zeta[0]);
-        kyber_basemul(t2, a + i + 2, b + i + 2, -zeta[0]);
-
-        r[i + 0] += t0[0];
-        r[i + 1] += t0[1];
-        r[i + 2] += t2[0];
-        r[i + 3] += t2[1];
-    }
-#elif defined(WOLFSSL_KYBER_NO_LARGE_CODE)
-    for (i = 0; i < KYBER_N; i += 8, zeta += 2) {
-        sword16 t0[2];
-        sword16 t2[2];
-        sword16 t4[2];
-        sword16 t6[2];
-
-        kyber_basemul(t0, a + i + 0, b + i + 0,  zeta[0]);
-        kyber_basemul(t2, a + i + 2, b + i + 2, -zeta[0]);
-        kyber_basemul(t4, a + i + 4, b + i + 4,  zeta[1]);
-        kyber_basemul(t6, a + i + 6, b + i + 6, -zeta[1]);
-
-        r[i + 0] += t0[0];
-        r[i + 1] += t0[1];
-        r[i + 2] += t2[0];
-        r[i + 3] += t2[1];
-        r[i + 4] += t4[0];
-        r[i + 5] += t4[1];
-        r[i + 6] += t6[0];
-        r[i + 7] += t6[1];
-    }
-#else
-    for (i = 0; i < KYBER_N; i += 16, zeta += 4) {
-        sword16 t0[2];
-        sword16 t2[2];
-        sword16 t4[2];
-        sword16 t6[2];
-        sword16 t8[2];
-        sword16 t10[2];
-        sword16 t12[2];
-        sword16 t14[2];
-
-        kyber_basemul(t0, a + i + 0, b + i + 0,  zeta[0]);
-        kyber_basemul(t2, a + i + 2, b + i + 2, -zeta[0]);
-        kyber_basemul(t4, a + i + 4, b + i + 4,  zeta[1]);
-        kyber_basemul(t6, a + i + 6, b + i + 6, -zeta[1]);
-        kyber_basemul(t8, a + i + 8, b + i + 8,  zeta[2]);
-        kyber_basemul(t10, a + i + 10, b + i + 10, -zeta[2]);
-        kyber_basemul(t12, a + i + 12, b + i + 12,  zeta[3]);
-        kyber_basemul(t14, a + i + 14, b + i + 14, -zeta[3]);
-
-        r[i + 0] += t0[0];
-        r[i + 1] += t0[1];
-        r[i + 2] += t2[0];
-        r[i + 3] += t2[1];
-        r[i + 4] += t4[0];
-        r[i + 5] += t4[1];
-        r[i + 6] += t6[0];
-        r[i + 7] += t6[1];
-        r[i + 8] += t8[0];
-        r[i + 9] += t8[1];
-        r[i + 10] += t10[0];
-        r[i + 11] += t10[1];
-        r[i + 12] += t12[0];
-        r[i + 13] += t12[1];
-        r[i + 14] += t14[0];
-        r[i + 15] += t14[1];
-    }
-#endif
-}
-
-/* Pointwise multiply elements of a and b, into r, and multiply by 2^-16.
- *
- * @param  [out]  r   Result polynomial.
- * @param  [in]   a   First vector polynomial to multiply with.
- * @param  [in]   b   Second vector polynomial to multiply with.
- * @param  [in]   kp  Number of polynomials in vector.
- */
-static void kyber_pointwise_acc_mont(sword16* r, const sword16* a,
-    const sword16* b, unsigned int kp)
-{
-    unsigned int i;
-
-    kyber_basemul_mont(r, a, b);
-    for (i = 1; i < kp - 1; ++i) {
-        kyber_basemul_mont_add(r, a + i * KYBER_N, b + i * KYBER_N);
-    }
-    kyber_basemul_mont_add(r, a + (kp - 1) * KYBER_N, b + (kp - 1) * KYBER_N);
-}
-
-/******************************************************************************/
-
-/* Initialize Kyber implementation.
- */
-void kyber_init(void)
-{
-#ifdef USE_INTEL_SPEEDUP
-    cpuid_flags = cpuid_get_flags();
-#endif
-}
-
-/******************************************************************************/
-
-/* Generate a public-private key pair from randomly generated data.
- *
- * @param  [in, out]  priv  Private key vector of polynomials.
- * @param  [out]      pub   Public key vector of polynomials.
- * @param  [in]       e     Error values as a vector of polynomials. Modified.
- * @param  [in]       a     Random values in an array of vectors of polynomials.
- * @param  [in]       kp    Number of polynomials in vector.
- */
-static void kyber_keygen_c(sword16* priv, sword16* pub, sword16* e,
-    const sword16* a, int kp)
-{
-    int i;
-
-    /* Transform private key. All of result used in public key calculation */
-    for (i = 0; i < kp; ++i) {
-        kyber_ntt(priv + i * KYBER_N);
-    }
-
-    /* For each polynomial in the vectors. */
-    for (i = 0; i < kp; ++i) {
-        unsigned int j;
-
-        /* Multiply a by private into public polynomial. */
-        kyber_pointwise_acc_mont(pub + i * KYBER_N, a + i * kp * KYBER_N, priv,
-            kp);
-        /* Convert public polynomial to Montgomery form. */
-        for (j = 0; j < KYBER_N; ++j) {
-            sword32 t = pub[i * KYBER_N + j] * (sword32)KYBER_F;
-            pub[i * KYBER_N + j] = KYBER_MONT_RED(t);
-        }
-        /* Transform error values polynomial. */
-        kyber_ntt(e + i * KYBER_N);
-        /* Add errors to public key and reduce. */
-        for (j = 0; j < KYBER_N; ++j) {
-            sword16 t = pub[i * KYBER_N + j] + e[i * KYBER_N + j];
-            pub[i * KYBER_N + j] = KYBER_BARRETT_RED(t);
-        }
-    }
-}
-
-/* Generate a public-private key pair from randomly generated data.
- *
- * @param  [in, out]  priv  Private key vector of polynomials.
- * @param  [out]      pub   Public key vector of polynomials.
- * @param  [in]       e     Error values as a vector of polynomials. Modified.
- * @param  [in]       a     Random values in an array of vectors of polynomials.
- * @param  [in]       kp    Number of polynomials in vector.
- */
-void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a,
-    int kp)
-{
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        kyber_keygen_avx2(priv, pub, e, a, kp);
-    }
-    else
-#endif
-    {
-        kyber_keygen_c(priv, pub, e, a, kp);
-    }
-}
-
-/* Encapsuluate message.
- *
- * @param  [in]   pub  Public key vector of polynomials.
- * @param  [out]  bp   Vector of polynomials.
- * @param  [out]  v    Polynomial.
- * @param  [in]   at   Array of vector of polynomials.
- * @param  [in]   sp   Vector of polynomials.
- * @param  [in]   ep   Error Vector of polynomials.
- * @param  [in]   epp  Error polynomial.
- * @param  [in]   m    Message polynomial.
- * @param  [in]   kp   Number of polynomials in vector.
- */
-static void kyber_encapsulate_c(const sword16* pub, sword16* bp, sword16* v,
-    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
-    const sword16* m, int kp)
-{
-    int i;
-
-    /* Transform sp. All of result used in calculation of bp and v. */
-    for (i = 0; i < kp; ++i) {
-        kyber_ntt(sp + i * KYBER_N);
-    }
-
-    /* For each polynomial in the vectors. */
-    for (i = 0; i < kp; ++i) {
-        unsigned int j;
-
-        /* Multiply at by sp into bp polynomial. */
-        kyber_pointwise_acc_mont(bp + i * KYBER_N, at +  i * kp * KYBER_N, sp,
-            kp);
-        /* Inverse transform bp polynomial. */
-        kyber_invntt(bp + i * KYBER_N);
-        /* Add errors to bp and reduce. */
-        for (j = 0; j < KYBER_N; ++j) {
-            sword16 t = bp[i * KYBER_N + j] + ep[i * KYBER_N + j];
-            bp[i * KYBER_N + j] = KYBER_BARRETT_RED(t);
-        }
-    }
-
-    /* Multiply public key by sp into v polynomial. */
-    kyber_pointwise_acc_mont(v, pub, sp, kp);
-    /* Inverse transform v. */
-    kyber_invntt(v);
-    /* Add errors and message to v and reduce. */
-    for (i = 0; i < KYBER_N; ++i) {
-        sword16 t = v[i] + epp[i] + m[i];
-        v[i] = KYBER_BARRETT_RED(t);
-    }
-}
-
-
-/* Encapsulate message.
- *
- * @param  [in]   pub  Public key vector of polynomials.
- * @param  [out]  bp   Vector of polynomials.
- * @param  [out]  v    Polynomial.
- * @param  [in]   at   Array of vector of polynomials.
- * @param  [in]   sp   Vector of polynomials.
- * @param  [in]   ep   Error Vector of polynomials.
- * @param  [in]   epp  Error polynomial.
- * @param  [in]   m    Message polynomial.
- * @param  [in]   kp   Number of polynomials in vector.
- */
-void kyber_encapsulate(const sword16* pub, sword16* bp, sword16* v,
-    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
-    const sword16* m, int kp)
-{
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        kyber_encapsulate_avx2(pub, bp, v, at, sp, ep, epp, m, kp);
-    }
-    else
-#endif
-    {
-        kyber_encapsulate_c(pub, bp, v, at, sp, ep, epp, m, kp);
-    }
-}
-
-/* Decapsulate message.
- *
- * @param  [in]   priv  Private key vector of polynomials.
- * @param  [out]  mp    Message polynomial.
- * @param  [in]   bp    Vector of polynomials containing error.
- * @param  [in]   v     Encapsulated message polynomial.
- * @param  [in]   kp    Number of polynomials in vector.
- */
-static void kyber_decapsulate_c(const sword16* priv, sword16* mp, sword16* bp,
-    const sword16* v, int kp)
-{
-    int i;
-
-    /* Transform bp. All of result used in calculation of mp. */
-    for (i = 0; i < kp; ++i) {
-        kyber_ntt(bp + i * KYBER_N);
-    }
-
-    /* Multiply private key by bp into mp polynomial. */
-    kyber_pointwise_acc_mont(mp, priv, bp, kp);
-    /* Inverse transform mp. */
-    kyber_invntt(mp);
-    /* Subtract errors (mp) out of v and reduce into mp. */
-    for (i = 0; i < KYBER_N; ++i) {
-        sword16 t = v[i] - mp[i];
-        mp[i] = KYBER_BARRETT_RED(t);
-    }
-}
-
-/* Decapsulate message.
- *
- * @param  [in]   priv  Private key vector of polynomials.
- * @param  [out]  mp    Message polynomial.
- * @param  [in]   bp    Vector of polynomials containing error.
- * @param  [in]   v     Encapsulated message polynomial.
- * @param  [in]   kp    Number of polynomials in vector.
- */
-void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp,
-    const sword16* v, int kp)
-{
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        kyber_decapsulate_avx2(priv, mp, bp, v, kp);
-    }
-    else
-#endif
-    {
-        kyber_decapsulate_c(priv, mp, bp, v, kp);
-    }
-}
-
-/******************************************************************************/
-
-#ifdef USE_INTEL_SPEEDUP
-#ifdef WOLFSSL_KYBER512
-/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
- *
- * Seed used with XOF to generate random bytes.
- *
- * @param  [out]  a           Matrix of uniform integers.
- * @param  [in]   seed        Bytes to seed XOF generation.
- * @param  [in]   transposed  Whether A or A^T is generated.
- * @return  0 on success.
- * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
- * WOLFSSL_SMALL_STACK is defined.
- */
-static int kyber_gen_matrix_k2_avx2(sword16* a, byte* seed, int transposed)
-{
-    int i;
-    byte rand[4 * GEN_MATRIX_SIZE + 2];
-    word64 state[25 * 4];
-    unsigned int ctr0;
-    unsigned int ctr1;
-    unsigned int ctr2;
-    unsigned int ctr3;
-    byte* p;
-
-    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
-    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
-    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
-
-    if (!transposed) {
-        state[4*4 + 0] = 0x1f0000 + 0x000;
-        state[4*4 + 1] = 0x1f0000 + 0x001;
-        state[4*4 + 2] = 0x1f0000 + 0x100;
-        state[4*4 + 3] = 0x1f0000 + 0x101;
-    }
-    else {
-        state[4*4 + 0] = 0x1f0000 + 0x000;
-        state[4*4 + 1] = 0x1f0000 + 0x100;
-        state[4*4 + 2] = 0x1f0000 + 0x001;
-        state[4*4 + 3] = 0x1f0000 + 0x101;
-    }
-
-    kyber_sha3_128_blocksx4_seed_avx2(state, seed);
-    kyber_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
-        rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
-        rand + 3 * GEN_MATRIX_SIZE);
-    for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
-        kyber_sha3_blocksx4_avx2(state);
-        kyber_redistribute_21_rand_avx2(state, rand + i + 0 * GEN_MATRIX_SIZE,
-            rand + i + 1 * GEN_MATRIX_SIZE, rand + i + 2 * GEN_MATRIX_SIZE,
-            rand + i + 3 * GEN_MATRIX_SIZE);
-    }
-
-    /* Sample random bytes to create a polynomial. */
-    p = rand;
-    ctr0 = kyber_rej_uniform_n_avx2(a + 0 * KYBER_N, KYBER_N, p,
-        GEN_MATRIX_SIZE);
-    p += GEN_MATRIX_SIZE;
-    ctr1 = kyber_rej_uniform_n_avx2(a + 1 * KYBER_N, KYBER_N, p,
-        GEN_MATRIX_SIZE);
-    p += GEN_MATRIX_SIZE;
-    ctr2 = kyber_rej_uniform_n_avx2(a + 2 * KYBER_N, KYBER_N, p,
-        GEN_MATRIX_SIZE);
-    p += GEN_MATRIX_SIZE;
-    ctr3 = kyber_rej_uniform_n_avx2(a + 3 * KYBER_N, KYBER_N, p,
-        GEN_MATRIX_SIZE);
-    /* Create more blocks if too many rejected. */
-    while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N) ||
-           (ctr3 < KYBER_N)) {
-        kyber_sha3_blocksx4_avx2(state);
-        kyber_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
-            rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
-            rand + 3 * GEN_MATRIX_SIZE);
-
-        p = rand;
-        ctr0 += kyber_rej_uniform_avx2(a + 0 * KYBER_N + ctr0, KYBER_N - ctr0,
-            p, XOF_BLOCK_SIZE);
-        p += GEN_MATRIX_SIZE;
-        ctr1 += kyber_rej_uniform_avx2(a + 1 * KYBER_N + ctr1, KYBER_N - ctr1,
-            p, XOF_BLOCK_SIZE);
-        p += GEN_MATRIX_SIZE;
-        ctr2 += kyber_rej_uniform_avx2(a + 2 * KYBER_N + ctr2, KYBER_N - ctr2,
-            p, XOF_BLOCK_SIZE);
-        p += GEN_MATRIX_SIZE;
-        ctr3 += kyber_rej_uniform_avx2(a + 3 * KYBER_N + ctr3, KYBER_N - ctr3,
-            p, XOF_BLOCK_SIZE);
-    }
-
-    return 0;
-}
-#endif
-
-#ifdef WOLFSSL_KYBER768
-/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
- *
- * Seed used with XOF to generate random bytes.
- *
- * @param  [out]  a           Matrix of uniform integers.
- * @param  [in]   seed        Bytes to seed XOF generation.
- * @param  [in]   transposed  Whether A or A^T is generated.
- * @return  0 on success.
- * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
- * WOLFSSL_SMALL_STACK is defined.
- */
-static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed)
-{
-    int i;
-    int k;
-    byte rand[4 * GEN_MATRIX_SIZE + 2];
-    word64 state[25 * 4];
-    unsigned int ctr0;
-    unsigned int ctr1;
-    unsigned int ctr2;
-    unsigned int ctr3;
-    byte* p;
-
-    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
-    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
-    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
-
-    for (k = 0; k < 2; k++) {
-        for (i = 0; i < 4; i++) {
-            if (!transposed) {
-                state[4*4 + i] = 0x1f0000 + (((k*4+i)/3) << 8) + ((k*4+i)%3);
-            }
-            else {
-                state[4*4 + i] = 0x1f0000 + (((k*4+i)%3) << 8) + ((k*4+i)/3);
-            }
-        }
-
-        kyber_sha3_128_blocksx4_seed_avx2(state, seed);
-        kyber_redistribute_21_rand_avx2(state,
-            rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
-            rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
-        for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
-            kyber_sha3_blocksx4_avx2(state);
-            kyber_redistribute_21_rand_avx2(state,
-                rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE,
-                rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE);
-        }
-
-        /* Sample random bytes to create a polynomial. */
-        p = rand;
-        ctr0 = kyber_rej_uniform_n_avx2(a + 0 * KYBER_N, KYBER_N, p,
-            GEN_MATRIX_SIZE);
-        p += GEN_MATRIX_SIZE;
-        ctr1 = kyber_rej_uniform_n_avx2(a + 1 * KYBER_N, KYBER_N, p,
-            GEN_MATRIX_SIZE);
-        p += GEN_MATRIX_SIZE;
-        ctr2 = kyber_rej_uniform_n_avx2(a + 2 * KYBER_N, KYBER_N, p,
-            GEN_MATRIX_SIZE);
-        p += GEN_MATRIX_SIZE;
-        ctr3 = kyber_rej_uniform_n_avx2(a + 3 * KYBER_N, KYBER_N, p,
-            GEN_MATRIX_SIZE);
-        /* Create more blocks if too many rejected. */
-        while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N) ||
-               (ctr3 < KYBER_N)) {
-            kyber_sha3_blocksx4_avx2(state);
-            kyber_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
-                rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
-                rand + 3 * GEN_MATRIX_SIZE);
-
-            p = rand;
-            ctr0 += kyber_rej_uniform_avx2(a + 0 * KYBER_N + ctr0,
-                KYBER_N - ctr0, p, XOF_BLOCK_SIZE);
-            p += GEN_MATRIX_SIZE;
-            ctr1 += kyber_rej_uniform_avx2(a + 1 * KYBER_N + ctr1,
-                KYBER_N - ctr1, p, XOF_BLOCK_SIZE);
-            p += GEN_MATRIX_SIZE;
-            ctr2 += kyber_rej_uniform_avx2(a + 2 * KYBER_N + ctr2,
-                KYBER_N - ctr2, p, XOF_BLOCK_SIZE);
-            p += GEN_MATRIX_SIZE;
-            ctr3 += kyber_rej_uniform_avx2(a + 3 * KYBER_N + ctr3,
-                KYBER_N - ctr3, p, XOF_BLOCK_SIZE);
-        }
-
-        a += 4 * KYBER_N;
-    }
-
-    state[0] = ((word64*)seed)[0];
-    state[1] = ((word64*)seed)[1];
-    state[2] = ((word64*)seed)[2];
-    state[3] = ((word64*)seed)[3];
-    /* Transposed value same as not. */
-    state[4] = 0x1f0000 + (2 << 8) + 2;
-    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
-    state[20] = 0x8000000000000000UL;
-    for (i = 0; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
-        if (IS_INTEL_BMI2(cpuid_flags)) {
-            sha3_block_bmi2(state);
-        }
-        else if (IS_INTEL_AVX2(cpuid_flags)) {
-            sha3_block_avx2(state);
-        }
-        else {
-            BlockSha3(state);
-        }
-        XMEMCPY(rand + i, state, SHA3_128_BYTES);
-    }
-    ctr0 = kyber_rej_uniform_n_avx2(a, KYBER_N, rand, GEN_MATRIX_SIZE);
-    while (ctr0 < KYBER_N) {
-        if (IS_INTEL_BMI2(cpuid_flags)) {
-            sha3_block_bmi2(state);
-        }
-        else if (IS_INTEL_AVX2(cpuid_flags)) {
-            sha3_block_avx2(state);
-        }
-        else {
-            BlockSha3(state);
-        }
-        XMEMCPY(rand, state, SHA3_128_BYTES);
-        ctr0 += kyber_rej_uniform_avx2(a + ctr0, KYBER_N - ctr0, rand,
-            XOF_BLOCK_SIZE);
-    }
-
-    return 0;
-}
-#endif
-#ifdef WOLFSSL_KYBER1024
-/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
- *
- * Seed used with XOF to generate random bytes.
- *
- * @param  [out]  a           Matrix of uniform integers.
- * @param  [in]   seed        Bytes to seed XOF generation.
- * @param  [in]   transposed  Whether A or A^T is generated.
- * @return  0 on success.
- * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
- * WOLFSSL_SMALL_STACK is defined.
- */
-static int kyber_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed)
-{
-    int i;
-    int k;
-    byte rand[4 * GEN_MATRIX_SIZE + 2];
-    word64 state[25 * 4];
-    unsigned int ctr0;
-    unsigned int ctr1;
-    unsigned int ctr2;
-    unsigned int ctr3;
-    byte* p;
-
-    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
-    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
-    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
-
-    for (k = 0; k < 4; k++) {
-        for (i = 0; i < 4; i++) {
-            if (!transposed) {
-                state[4*4 + i] = 0x1f0000 + (k << 8) + i;
-            }
-            else {
-                state[4*4 + i] = 0x1f0000 + (i << 8) + k;
-            }
-        }
-
-        kyber_sha3_128_blocksx4_seed_avx2(state, seed);
-        kyber_redistribute_21_rand_avx2(state,
-            rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
-            rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
-        for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
-            kyber_sha3_blocksx4_avx2(state);
-            kyber_redistribute_21_rand_avx2(state,
-                rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE,
-                rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE);
-        }
-
-        /* Sample random bytes to create a polynomial. */
-        p = rand;
-        ctr0 = kyber_rej_uniform_n_avx2(a + 0 * KYBER_N, KYBER_N, p,
-            GEN_MATRIX_SIZE);
-        p += GEN_MATRIX_SIZE;
-        ctr1 = kyber_rej_uniform_n_avx2(a + 1 * KYBER_N, KYBER_N, p,
-            GEN_MATRIX_SIZE);
-        p += GEN_MATRIX_SIZE;
-        ctr2 = kyber_rej_uniform_n_avx2(a + 2 * KYBER_N, KYBER_N, p,
-            GEN_MATRIX_SIZE);
-        p += GEN_MATRIX_SIZE;
-        ctr3 = kyber_rej_uniform_n_avx2(a + 3 * KYBER_N, KYBER_N, p,
-            GEN_MATRIX_SIZE);
-        /* Create more blocks if too many rejected. */
-        while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N) ||
-               (ctr3 < KYBER_N)) {
-            kyber_sha3_blocksx4_avx2(state);
-            kyber_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
-                rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
-                rand + 3 * GEN_MATRIX_SIZE);
-
-            p = rand;
-            ctr0 += kyber_rej_uniform_avx2(a + 0 * KYBER_N + ctr0,
-                KYBER_N - ctr0, p, XOF_BLOCK_SIZE);
-            p += GEN_MATRIX_SIZE;
-            ctr1 += kyber_rej_uniform_avx2(a + 1 * KYBER_N + ctr1,
-                KYBER_N - ctr1, p, XOF_BLOCK_SIZE);
-            p += GEN_MATRIX_SIZE;
-            ctr2 += kyber_rej_uniform_avx2(a + 2 * KYBER_N + ctr2,
-                KYBER_N - ctr2, p, XOF_BLOCK_SIZE);
-            p += GEN_MATRIX_SIZE;
-            ctr3 += kyber_rej_uniform_avx2(a + 3 * KYBER_N + ctr3,
-                KYBER_N - ctr3, p, XOF_BLOCK_SIZE);
-        }
-
-        a += 4 * KYBER_N;
-    }
-
-    return 0;
-}
-#endif /* KYBER1024 */
-#endif /* USE_INTEL_SPEEDUP */
-
-/* Absorb the seed data for squeezing out pseudo-random data.
- *
- * @param  [in, out]  shake128  SHAKE-128 object.
- * @param  [in]       seed      Data to absorb.
- * @param  [in]       len       Length of data to absorb in bytes.
- * @return  0 on success always.
- */
-static int kyber_xof_absorb(wc_Shake* shake128, byte* seed, int len)
-{
-    int ret;
-
-    ret = wc_InitShake128(shake128, NULL, INVALID_DEVID);
-    if (ret == 0) {
-        ret = wc_Shake128_Absorb(shake128, seed, len);
-    }
-
-    return ret;
-}
-
-/* Squeeze the state to produce pseudo-random data.
- *
- * @param  [in, out]  shake128  SHAKE-128 object.
- * @param  [out]      out       Buffer to write to.
- * @param  [in]       blocks    Number of blocks to write.
- * @return  0 on success always.
- */
-static int kyber_xof_squeezeblocks(wc_Shake* shake128, byte* out, int blocks)
-{
-    return wc_Shake128_SqueezeBlocks(shake128, out, blocks);
-}
-
-/* Initialize SHAKE-256 object.
- *
- * @param  [in, out]  shake256  SHAKE-256 object.
- */
-void kyber_prf_init(wc_Shake* prf)
-{
-    XMEMSET(prf->s, 0, sizeof(prf->s));
-}
-
-/* New/Initialize SHAKE-256 object.
- *
- * @param  [in, out]  shake256  SHAKE-256 object.
- * @param  [in]       heap      Dynamic memory allocator hint.
- * @param  [in]       devId     Device id.
- * @return  0 on success always.
- */
-int kyber_prf_new(wc_Shake* prf, void* heap, int devId)
-{
-    return wc_InitShake256(prf, heap, devId);
-}
-
-/* Free SHAKE-256 object.
- *
- * @param  [in, out]  shake256  SHAKE-256 object.
- */
-void kyber_prf_free(wc_Shake* prf)
-{
-    wc_Shake256_Free(prf);
-}
-
-/* Create pseudo-random data from the key using SHAKE-256.
- *
- * @param  [in, out]  shake256  SHAKE-256 object.
- * @param  [out]      out       Buffer to write to.
- * @param  [in]       outLen    Number of bytes to write.
- * @param  [in]       key       Data to derive from. Must be KYBER_SYM_SZ + 1
- *                              bytes in length.
- * @return  0 on success always.
- */
-static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen,
-    const byte* key)
-{
-#ifdef USE_INTEL_SPEEDUP
-    int i;
-    word64 state[25];
-
-    (void)shake256;
-
-    for (i = 0; i < KYBER_SYM_SZ / 8; i++) {
-        state[i] = ((word64*)key)[i];
-    }
-    state[KYBER_SYM_SZ / 8] = 0x1f00 | key[KYBER_SYM_SZ];
-    XMEMSET(state + KYBER_SYM_SZ / 8 + 1, 0,
-        (25 - KYBER_SYM_SZ / 8 - 1) * sizeof(word64));
-    state[WC_SHA3_256_COUNT - 1] = 0x8000000000000000UL;
-
-    if (IS_INTEL_BMI2(cpuid_flags)) {
-        sha3_block_bmi2(state);
-    }
-    else if (IS_INTEL_AVX2(cpuid_flags)) {
-        sha3_block_avx2(state);
-    }
-    else {
-        BlockSha3(state);
-    }
-    XMEMCPY(out, state, outLen);
-
-    return 0;
-#else
-    int ret;
-
-    ret = wc_Shake256_Update(shake256, key, KYBER_SYM_SZ + 1);
-    if (ret == 0) {
-        ret = wc_Shake256_Final(shake256, out, outLen);
-    }
-
-    return ret;
-#endif
-}
-
-#ifdef USE_INTEL_SPEEDUP
-/* Create pseudo-random key from the seed using SHAKE-256.
- *
- * @param  [in]  seed      Data to derive from.
- * @param  [in]  seedLen   Length of data to derive from in bytes.
- * @param  [out] out       Buffer to write to.
- * @param  [in]  outLen    Number of bytes to derive.
- * @return  0 on success always.
- */
-int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen)
-{
-    word64 state[25];
-    int i;
-    int len64 = seedLen / 8;
-
-    for (i = 0; i < len64; i++) {
-        state[i] = ((word64*)seed)[i];
-    }
-    state[len64] = 0x1f;
-    XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64));
-    state[WC_SHA3_256_COUNT - 1] = 0x8000000000000000UL;
-
-    if (IS_INTEL_BMI2(cpuid_flags)) {
-        sha3_block_bmi2(state);
-    }
-    else if (IS_INTEL_AVX2(cpuid_flags)) {
-        sha3_block_avx2(state);
-    }
-    else {
-        BlockSha3(state);
-    }
-    XMEMCPY(out, state, outLen);
-
-    return 0;
-}
-#endif
-
-/* Rejection sampling on uniform random bytes to generate uniform random
- * integers mod q.
- *
- * @param  [out]  p     Uniform random integers mod q.
- * @param  [in]   len   Maximum number of integers.
- * @param  [in]   r     Uniform random bytes buffer.
- * @param  [in]   rLen  Length of random data in buffer.
- * @return  Number of integers sampled.
- */
-static unsigned int kyber_rej_uniform_c(sword16* p, unsigned int len,
-    const byte* r, unsigned int rLen)
-{
-    unsigned int i;
-    unsigned int j;
-
-    /* Keep sampling until maximum number of integers reached or buffer used up.
-     */
-    for (i = 0, j = 0; (i < len) && (j <= rLen - 3); j += 3) {
-        /* Use 24 bits (3 bytes) as two 12 bits integers. */
-        sword16 v0 = ((r[0] >> 0) | ((word16)r[1] << 8)) & 0xFFF;
-        sword16 v1 = ((r[1] >> 4) | ((word16)r[2] << 4)) & 0xFFF;
-
-        /* Reject first 12-bit integer if greater than or equal to q. */
-        if (v0 < KYBER_Q) {
-            p[i++] = v0;
-        }
-        /* Check second if we don't have enough integers yet.
-         * Reject second 12-bit integer if greater than or equal to q. */
-        if ((i < len) && (v1 < KYBER_Q)) {
-            p[i++] = v1;
-        }
-
-        /* Move over used bytes. */
-        r += 3;
-    }
-
-    return i;
-}
-
-/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
- *
- * Seed used with XOF to generate random bytes.
- *
- * @param  [in]   prf         XOF object.
- * @param  [out]  a           Matrix of uniform integers.
- * @param  [in]   kp          Number of dimensions. kp x kp polynomials.
- * @param  [in]   seed        Bytes to seed XOF generation.
- * @param  [in]   transposed  Whether A or A^T is generated.
- * @return  0 on success.
- * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
- * WOLFSSL_SMALL_STACK is defined.
- */
-static int kyber_gen_matrix_c(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
-    int transposed)
-{
-#ifdef WOLFSSL_SMALL_STACK
-    byte* rand;
-#else
-    byte rand[GEN_MATRIX_SIZE + 2];
-#endif
-    byte extSeed[KYBER_SYM_SZ + 2];
-    int ret = 0;
-    int i;
-
-    XMEMCPY(extSeed, seed, KYBER_SYM_SZ);
-
-#ifdef WOLFSSL_SMALL_STACK
-    /* Allocate large amount of memory to hold random bytes to be samples. */
-    rand = (byte*)XMALLOC(GEN_MATRIX_SIZE + 2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (rand == NULL) {
-        ret = MEMORY_E;
-    }
-#endif
-
-    /* Generate each vector of polynomials. */
-    for (i = 0; (ret == 0) && (i < kp); i++, a += kp * KYBER_N) {
-        int j;
-        /* Generate each polynomial in vector from seed with indices. */
-        for (j = 0; (ret == 0) && (j < kp); j++) {
-            if (transposed) {
-                extSeed[KYBER_SYM_SZ + 0] = i;
-                extSeed[KYBER_SYM_SZ + 1] = j;
-            }
-            else {
-                extSeed[KYBER_SYM_SZ + 0] = j;
-                extSeed[KYBER_SYM_SZ + 1] = i;
-            }
-            /* Absorb the index specific seed. */
-            ret = kyber_xof_absorb(prf, extSeed, sizeof(extSeed));
-            if (ret == 0) {
-                /* Create out based on the seed. */
-                ret = kyber_xof_squeezeblocks(prf, rand, GEN_MATRIX_NBLOCKS);
-            }
-            if (ret == 0) {
-            #if (GEN_MATRIX_SIZE % 3) != 0
-                unsigned int randLen;
-            #endif
-                unsigned int ctr;
-
-                /* Sample random bytes to create a polynomial. */
-                ctr = kyber_rej_uniform_c(a + j * KYBER_N, KYBER_N, rand,
-                    GEN_MATRIX_SIZE);
-                /* Create more blocks if too many rejected. */
-            #if (GEN_MATRIX_SIZE % 3) != 0
-                randLen = GEN_MATRIX_SIZE;
-                while (ctr < KYBER_N) {
-                    int off = randLen % 3;
-                    int k;
-                    for (k = 0; k < off; k++) {
-                        rand[k] = rand[randLen - off + k];
-                    }
-                    kyber_xof_squeezeblocks(prf, rand + off, 1);
-                    randLen = off + XOF_BLOCK_SIZE;
-                    ctr += kyber_rej_uniform_c(a + j * KYBER_N + ctr,
-                        KYBER_N - ctr, rand, randLen);
-                }
-            #else
-                while (ctr < KYBER_N) {
-                    kyber_xof_squeezeblocks(prf, rand, 1);
-                    ctr += kyber_rej_uniform_c(a + j * KYBER_N + ctr,
-                        KYBER_N - ctr, rand, XOF_BLOCK_SIZE);
-                }
-            #endif
-            }
-        }
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    /* Dispose of temporary buffer. */
-    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
-
-/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
- *
- * Seed used with XOF to generate random bytes.
- *
- * @param  [in]   prf         XOF object.
- * @param  [out]  a           Matrix of uniform integers.
- * @param  [in]   kp          Number of dimensions. kp x kp polynomials.
- * @param  [in]   seed        Bytes to seed XOF generation.
- * @param  [in]   transposed  Whether A or A^T is generated.
- * @return  0 on success.
- * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
- * WOLFSSL_SMALL_STACK is defined.
- */
-int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
-    int transposed)
-{
-    int ret;
-
-#ifdef WOLFSSL_KYBER512
-    if (kp == KYBER512_K) {
-    #ifdef USE_INTEL_SPEEDUP
-        if (IS_INTEL_AVX2(cpuid_flags)) {
-            ret = kyber_gen_matrix_k2_avx2(a, seed, transposed);
-        }
-        else
-    #endif
-        {
-            ret = kyber_gen_matrix_c(prf, a, KYBER512_K, seed, transposed);
-        }
-    }
-    else
-#endif
-#ifdef WOLFSSL_KYBER768
-    if (kp == KYBER768_K) {
-    #ifdef USE_INTEL_SPEEDUP
-        if (IS_INTEL_AVX2(cpuid_flags)) {
-            ret = kyber_gen_matrix_k3_avx2(a, seed, transposed);
-        }
-        else
-    #endif
-        {
-            ret = kyber_gen_matrix_c(prf, a, KYBER768_K, seed, transposed);
-        }
-    }
-    else
-#endif
-#ifdef WOLFSSL_KYBER1024
-    if (kp == KYBER1024_K) {
-    #ifdef USE_INTEL_SPEEDUP
-        if (IS_INTEL_AVX2(cpuid_flags)) {
-            ret = kyber_gen_matrix_k4_avx2(a, seed, transposed);
-        }
-        else
-    #endif
-        {
-            ret = kyber_gen_matrix_c(prf, a, KYBER1024_K, seed, transposed);
-        }
-    }
-    else
-#endif
-    {
-        ret = BAD_STATE_E;
-    }
-
-    return ret;
-}
-
-/******************************************************************************/
-
-/* Subtract one 2 bit value from another out of a larger number.
- *
- * @param  [in]  d  Value containing sequential 2 bit values.
- * @param  [in]  i  Start index of the two values in 2 bits each.
- * @return  Difference of the two values with range 0..2.
- */
-#define ETA2_SUB(d, i) \
-    (((sword16)(((d) >> ((i) * 4 + 0)) & 0x3)) - \
-     ((sword16)(((d) >> ((i) * 4 + 2)) & 0x3)))
-
-/* Compute polynomial with coefficients distributed according to a centered
- * binomial distribution with parameter eta2 from uniform random bytes.
- *
- * @param [out]  p  Polynomial computed.
- * @param [in]   r  Random bytes.
- */
-static void kyber_cbd_eta2(sword16* p, const byte* r)
-{
-    unsigned int i;
-
-#ifndef WORD64_AVAILABLE
-    /* Calculate eight integer coefficients at a time. */
-    for (i = 0; i < KYBER_N; i += 8) {
-    #ifdef WOLFSSL_KYBER_SMALL
-        unsigned int j;
-    #endif
-        /* Take the next 4 bytes, little endian, as a 32 bit value. */
-    #ifdef BIG_ENDIAN_ORDER
-        word32 t = ByteReverseWord32(*(word32*)r);
-    #else
-        word32 t = *(word32*)r;
-    #endif
-        word32 d;
-        /* Add second bits to first. */
-        d  = (t >> 0) & 0x55555555;
-        d += (t >> 1) & 0x55555555;
-        /* Values 0, 1 or 2 in consecutive 2 bits.
-         * 0 - 1/4, 1 - 2/4, 2 - 1/4. */
-
-    #ifdef WOLFSSL_KYBER_SMALL
-        for (j = 0; j < 8; j++) {
-            p[i + j] = ETA2_SUB(d, j);
-        }
-    #else
-        p[i + 0] = ETA2_SUB(d, 0);
-        p[i + 1] = ETA2_SUB(d, 1);
-        p[i + 2] = ETA2_SUB(d, 2);
-        p[i + 3] = ETA2_SUB(d, 3);
-        p[i + 4] = ETA2_SUB(d, 4);
-        p[i + 5] = ETA2_SUB(d, 5);
-        p[i + 6] = ETA2_SUB(d, 6);
-        p[i + 7] = ETA2_SUB(d, 7);
-    #endif
-        /* -2 - 1/16, -1 - 4/16, 0 - 6/16, 1 - 4/16, 2 - 1/16  */
-
-        /* Move over used bytes. */
-        r += 4;
-    }
-#else
-    /* Calculate sixteen integer coefficients at a time. */
-    for (i = 0; i < KYBER_N; i += 16) {
-    #ifdef WOLFSSL_KYBER_SMALL
-        unsigned int j;
-    #endif
-        /* Take the next 8 bytes, little endian, as a 64 bit value. */
-    #ifdef BIG_ENDIAN_ORDER
-        word64 t = ByteReverseWord64(*(word64*)r);
-    #else
-        word64 t = *(word64*)r;
-    #endif
-        word64 d;
-        /* Add second bits to first. */
-        d  = (t >> 0) & 0x5555555555555555L;
-        d += (t >> 1) & 0x5555555555555555L;
-        /* Values 0, 1 or 2 in consecutive 2 bits.
-         * 0 - 1/4, 1 - 2/4, 2 - 1/4. */
-
-    #ifdef WOLFSSL_KYBER_SMALL
-        for (j = 0; j < 16; j++) {
-            p[i + j] = ETA2_SUB(d, j);
-        }
-    #else
-        p[i +  0] = ETA2_SUB(d,  0);
-        p[i +  1] = ETA2_SUB(d,  1);
-        p[i +  2] = ETA2_SUB(d,  2);
-        p[i +  3] = ETA2_SUB(d,  3);
-        p[i +  4] = ETA2_SUB(d,  4);
-        p[i +  5] = ETA2_SUB(d,  5);
-        p[i +  6] = ETA2_SUB(d,  6);
-        p[i +  7] = ETA2_SUB(d,  7);
-        p[i +  8] = ETA2_SUB(d,  8);
-        p[i +  9] = ETA2_SUB(d,  9);
-        p[i + 10] = ETA2_SUB(d, 10);
-        p[i + 11] = ETA2_SUB(d, 11);
-        p[i + 12] = ETA2_SUB(d, 12);
-        p[i + 13] = ETA2_SUB(d, 13);
-        p[i + 14] = ETA2_SUB(d, 14);
-        p[i + 15] = ETA2_SUB(d, 15);
-    #endif
-        /* -2 - 1/16, -1 - 4/16, 0 - 6/16, 1 - 4/16, 2 - 1/16  */
-
-        /* Move over used bytes. */
-        r += 8;
-    }
-#endif
-}
-
-#ifdef WOLFSSL_KYBER512
-/* Subtract one 3 bit value from another out of a larger number.
- *
- * @param  [in]  d  Value containing sequential 3 bit values.
- * @param  [in]  i  Start index of the two values in 3 bits each.
- * @return  Difference of the two values with range 0..3.
- */
-#define ETA3_SUB(d, i) \
-    (((sword16)(((d) >> ((i) * 6 + 0)) & 0x7)) - \
-     ((sword16)(((d) >> ((i) * 6 + 3)) & 0x7)))
-
-/* Compute polynomial with coefficients distributed according to a centered
- * binomial distribution with parameter eta3 from uniform random bytes.
- *
- * @param [out]  p  Polynomial computed.
- * @param [in]   r  Random bytes.
- */
-static void kyber_cbd_eta3(sword16* p, const byte* r)
-{
-    unsigned int i;
-
-#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_KYBER_NO_LARGE_CODE) || \
-    defined(BIG_ENDIAN_ORDER)
-#ifndef WORD64_AVAILABLE
-    /* Calculate four integer coefficients at a time. */
-    for (i = 0; i < KYBER_N; i += 4) {
-    #ifdef WOLFSSL_KYBER_SMALL
-        unsigned int j;
-    #endif
-        /* Take the next 3 bytes, little endian, as a 24 bit value. */
-        word32 t = (((word32)(r[0])) <<  0) |
-                   (((word32)(r[1])) <<  8) |
-                   (((word32)(r[2])) << 16);
-        word32 d;
-        /* Add second and third bits to first. */
-        d  = (t >> 0) & 0x00249249;
-        d += (t >> 1) & 0x00249249;
-        d += (t >> 2) & 0x00249249;
-        /* Values 0, 1, 2 or 3 in consecutive 3 bits.
-         * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */
-
-    #ifdef WOLFSSL_KYBER_SMALL
-        for (j = 0; j < 4; j++) {
-            p[i + j] = ETA3_SUB(d, j);
-        }
-    #else
-        p[i + 0] = ETA3_SUB(d, 0);
-        p[i + 1] = ETA3_SUB(d, 1);
-        p[i + 2] = ETA3_SUB(d, 2);
-        p[i + 3] = ETA3_SUB(d, 3);
-    #endif
-        /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */
-
-        /* Move over used bytes. */
-        r += 3;
-    }
-#else
-    /* Calculate eight integer coefficients at a time. */
-    for (i = 0; i < KYBER_N; i += 8) {
-    #ifdef WOLFSSL_KYBER_SMALL
-        unsigned int j;
-    #endif
-        /* Take the next 6 bytes, little endian, as a 48 bit value. */
-        word64 t = (((word64)(r[0])) <<  0) |
-                   (((word64)(r[1])) <<  8) |
-                   (((word64)(r[2])) << 16) |
-                   (((word64)(r[3])) << 24) |
-                   (((word64)(r[4])) << 32) |
-                   (((word64)(r[5])) << 40);
-        word64 d;
-        /* Add second and third bits to first. */
-        d  = (t >> 0) & 0x0000249249249249L;
-        d += (t >> 1) & 0x0000249249249249L;
-        d += (t >> 2) & 0x0000249249249249L;
-        /* Values 0, 1, 2 or 3 in consecutive 3 bits.
-         * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */
-
-    #ifdef WOLFSSL_KYBER_SMALL
-        for (j = 0; j < 8; j++) {
-            p[i + j] = ETA3_SUB(d, j);
-        }
-    #else
-        p[i + 0] = ETA3_SUB(d, 0);
-        p[i + 1] = ETA3_SUB(d, 1);
-        p[i + 2] = ETA3_SUB(d, 2);
-        p[i + 3] = ETA3_SUB(d, 3);
-        p[i + 4] = ETA3_SUB(d, 4);
-        p[i + 5] = ETA3_SUB(d, 5);
-        p[i + 6] = ETA3_SUB(d, 6);
-        p[i + 7] = ETA3_SUB(d, 7);
-    #endif
-        /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */
-
-        /* Move over used bytes. */
-        r += 6;
-    }
-#endif /* WORD64_AVAILABLE */
-#else
-    /* Calculate eight integer coefficients at a time. */
-    for (i = 0; i < KYBER_N; i += 16) {
-        const word32* r32 = (const word32*)r;
-        /* Take the next 12 bytes, little endian, as 24 bit values. */
-        word32 t0 =   r32[0]                          & 0xffffff;
-        word32 t1 = ((r32[0] >> 24) | (r32[1] <<  8)) & 0xffffff;
-        word32 t2 = ((r32[1] >> 16) | (r32[2] << 16)) & 0xffffff;
-        word32 t3 =   r32[2] >>  8                              ;
-        word32 d0;
-        word32 d1;
-        word32 d2;
-        word32 d3;
-
-        /* Add second and third bits to first. */
-        d0  = (t0 >> 0) & 0x00249249;
-        d0 += (t0 >> 1) & 0x00249249;
-        d0 += (t0 >> 2) & 0x00249249;
-        d1  = (t1 >> 0) & 0x00249249;
-        d1 += (t1 >> 1) & 0x00249249;
-        d1 += (t1 >> 2) & 0x00249249;
-        d2  = (t2 >> 0) & 0x00249249;
-        d2 += (t2 >> 1) & 0x00249249;
-        d2 += (t2 >> 2) & 0x00249249;
-        d3  = (t3 >> 0) & 0x00249249;
-        d3 += (t3 >> 1) & 0x00249249;
-        d3 += (t3 >> 2) & 0x00249249;
-        /* Values 0, 1, 2 or 3 in consecutive 3 bits.
-         * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */
-
-        p[i +  0] = ETA3_SUB(d0, 0);
-        p[i +  1] = ETA3_SUB(d0, 1);
-        p[i +  2] = ETA3_SUB(d0, 2);
-        p[i +  3] = ETA3_SUB(d0, 3);
-        p[i +  4] = ETA3_SUB(d1, 0);
-        p[i +  5] = ETA3_SUB(d1, 1);
-        p[i +  6] = ETA3_SUB(d1, 2);
-        p[i +  7] = ETA3_SUB(d1, 3);
-        p[i +  8] = ETA3_SUB(d2, 0);
-        p[i +  9] = ETA3_SUB(d2, 1);
-        p[i + 10] = ETA3_SUB(d2, 2);
-        p[i + 11] = ETA3_SUB(d2, 3);
-        p[i + 12] = ETA3_SUB(d3, 0);
-        p[i + 13] = ETA3_SUB(d3, 1);
-        p[i + 14] = ETA3_SUB(d3, 2);
-        p[i + 15] = ETA3_SUB(d3, 3);
-        /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */
-
-        /* Move over used bytes. */
-        r += 12;
-    }
-#endif /* WOLFSSL_SMALL_STACK || WOLFSSL_KYBER_NO_LARGE_CODE || BIG_ENDIAN_ORDER        */
-}
-#endif
-
-/* Get noise/error by calculating random bytes and sampling to a binomial
- * distribution.
- *
- * @param  [in, out]  prf   Psuedo-random function object.
- * @param  [out]      p     Polynomial.
- * @param  [in]       seed  Seed to use when calculating random.
- * @param  [in]       eta1  Size of noise/error integers.
- * @return  0 on success.
- */
-static int kyber_get_noise_eta1_c(KYBER_PRF_T* prf, sword16* p,
-    const byte* seed, byte eta1)
-{
-    int ret;
-
-    (void)eta1;
-
-#ifdef WOLFSSL_KYBER512
-    if (eta1 == KYBER_CBD_ETA3) {
-        byte rand[ETA3_RAND_SIZE];
-
-        /* Calculate random bytes from seed with PRF. */
-        ret = kyber_prf(prf, rand, sizeof(rand), seed);
-        if (ret == 0) {
-            /* Sample for values in range -3..3 from 3 bits of random. */
-            kyber_cbd_eta3(p, rand);
-         }
-    }
-    else
-#endif
-    {
-        byte rand[ETA2_RAND_SIZE];
-
-        /* Calculate random bytes from seed with PRF. */
-        ret = kyber_prf(prf, rand, sizeof(rand), seed);
-        if (ret == 0) {
-            /* Sample for values in range -2..2 from 2 bits of random. */
-            kyber_cbd_eta2(p, rand);
-        }
-    }
-
-    return ret;
-}
-
-/* Get noise/error by calculating random bytes and sampling to a binomial
- * distribution. Values -2..2
- *
- * @param  [in, out]  prf   Psuedo-random function object.
- * @param  [out]      p     Polynomial.
- * @param  [in]       seed  Seed to use when calculating random.
- * @return  0 on success.
- */
-static int kyber_get_noise_eta2_c(KYBER_PRF_T* prf, sword16* p,
-    const byte* seed)
-{
-    int ret;
-    byte rand[ETA2_RAND_SIZE];
-
-    /* Calculate random bytes from seed with PRF. */
-    ret = kyber_prf(prf, rand, sizeof(rand), seed);
-    if (ret == 0) {
-        kyber_cbd_eta2(p, rand);
-    }
-
-    return ret;
-}
-
-#ifdef USE_INTEL_SPEEDUP
-#define PRF_RAND_SZ   (2 * SHA3_256_BYTES)
-
-#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_KYBER1024)
-/* Get the noise/error by calculating random bytes.
- *
- * @param  [out]  rand  Random number byte array.
- * @param  [in]   seed  Seed to generate random from.
- * @param  [in]   o     Offset of seed count.
- */
-static void kyber_get_noise_x4_eta2_avx2(byte* rand, byte* seed, byte o)
-{
-    int i;
-    word64 state[25 * 4];
-
-    for (i = 0; i < 4; i++) {
-        state[4*4 + i] = 0x1f00 + i + o;
-    }
-
-    kyber_sha3_256_blocksx4_seed_avx2(state, seed);
-    kyber_redistribute_16_rand_avx2(state, rand + 0 * ETA2_RAND_SIZE,
-        rand + 1 * ETA2_RAND_SIZE, rand + 2 * ETA2_RAND_SIZE,
-        rand + 3 * ETA2_RAND_SIZE);
-}
-#endif
-
-#ifdef WOLFSSL_KYBER512
-/* Get the noise/error by calculating random bytes.
- *
- * @param  [out]  rand  Random number byte array.
- * @param  [in]   seed  Seed to generate random from.
- * @param  [in]   o     Offset of seed count.
- */
-static void kyber_get_noise_x4_eta3_avx2(byte* rand, byte* seed)
-{
-    word64 state[25 * 4];
-    int i;
-
-    state[4*4 + 0] = 0x1f00 + 0;
-    state[4*4 + 1] = 0x1f00 + 1;
-    state[4*4 + 2] = 0x1f00 + 2;
-    state[4*4 + 3] = 0x1f00 + 3;
-
-    kyber_sha3_256_blocksx4_seed_avx2(state, seed);
-    kyber_redistribute_17_rand_avx2(state, rand + 0 * PRF_RAND_SZ,
-        rand + 1 * PRF_RAND_SZ, rand + 2 * PRF_RAND_SZ,
-        rand + 3 * PRF_RAND_SZ);
-    i = SHA3_256_BYTES;
-    kyber_sha3_blocksx4_avx2(state);
-    kyber_redistribute_8_rand_avx2(state, rand + i + 0 * PRF_RAND_SZ,
-        rand + i + 1 * PRF_RAND_SZ, rand + i + 2 * PRF_RAND_SZ,
-        rand + i + 3 * PRF_RAND_SZ);
-}
-
-/* Get noise/error by calculating random bytes and sampling to a binomial
- * distribution. Values -2..2
- *
- * @param  [in, out]  prf   Psuedo-random function object.
- * @param  [out]      p     Polynomial.
- * @param  [in]       seed  Seed to use when calculating random.
- * @return  0 on success.
- */
-static int kyber_get_noise_eta2_avx2(KYBER_PRF_T* prf, sword16* p,
-    const byte* seed)
-{
-    int ret;
-    byte rand[ETA2_RAND_SIZE];
-
-    /* Calculate random bytes from seed with PRF. */
-    ret = kyber_prf(prf, rand, sizeof(rand), seed);
-    if (ret == 0) {
-        kyber_cbd_eta2_avx2(p, rand);
-    }
-
-    return ret;
-}
-
-/* Get the noise/error by calculating random bytes and sampling to a binomial
- * distribution.
- *
- * @param  [in, out]  prf   Psuedo-random function object.
- * @param  [out]      vec1  First Vector of polynomials.
- * @param  [out]      vec2  Second Vector of polynomials.
- * @param  [out]      poly  Polynomial.
- * @param  [in]       seed  Seed to use when calculating random.
- * @return  0 on success.
- */
-static int kyber_get_noise_k2_avx2(KYBER_PRF_T* prf, sword16* vec1,
-    sword16* vec2, sword16* poly, byte* seed)
-{
-    int ret = 0;
-    byte rand[4 * PRF_RAND_SZ];
-
-    kyber_get_noise_x4_eta3_avx2(rand, seed);
-    kyber_cbd_eta3_avx2(vec1          , rand + 0 * PRF_RAND_SZ);
-    kyber_cbd_eta3_avx2(vec1 + KYBER_N, rand + 1 * PRF_RAND_SZ);
-    if (poly == NULL) {
-        kyber_cbd_eta3_avx2(vec2          , rand + 2 * PRF_RAND_SZ);
-        kyber_cbd_eta3_avx2(vec2 + KYBER_N, rand + 3 * PRF_RAND_SZ);
-    }
-    else {
-        kyber_cbd_eta2_avx2(vec2          , rand + 2 * PRF_RAND_SZ);
-        kyber_cbd_eta2_avx2(vec2 + KYBER_N, rand + 3 * PRF_RAND_SZ);
-
-        seed[KYBER_SYM_SZ] = 4;
-        ret = kyber_get_noise_eta2_avx2(prf, poly, seed);
-    }
-
-    return ret;
-}
-#endif
-
-#ifdef WOLFSSL_KYBER768
-/* Get the noise/error by calculating random bytes and sampling to a binomial
- * distribution.
- *
- * @param  [out]      vec1  First Vector of polynomials.
- * @param  [out]      vec2  Second Vector of polynomials.
- * @param  [out]      poly  Polynomial.
- * @param  [in]       seed  Seed to use when calculating random.
- * @return  0 on success.
- */
-static int kyber_get_noise_k3_avx2(sword16* vec1, sword16* vec2, sword16* poly,
-    byte* seed)
-{
-    byte rand[4 * ETA2_RAND_SIZE];
-
-    kyber_get_noise_x4_eta2_avx2(rand, seed, 0);
-    kyber_cbd_eta2_avx2(vec1              , rand + 0 * ETA2_RAND_SIZE);
-    kyber_cbd_eta2_avx2(vec1 + 1 * KYBER_N, rand + 1 * ETA2_RAND_SIZE);
-    kyber_cbd_eta2_avx2(vec1 + 2 * KYBER_N, rand + 2 * ETA2_RAND_SIZE);
-    kyber_cbd_eta2_avx2(vec2              , rand + 3 * ETA2_RAND_SIZE);
-    kyber_get_noise_x4_eta2_avx2(rand, seed, 4);
-    kyber_cbd_eta2_avx2(vec2 + 1 * KYBER_N, rand + 0 * ETA2_RAND_SIZE);
-    kyber_cbd_eta2_avx2(vec2 + 2 * KYBER_N, rand + 1 * ETA2_RAND_SIZE);
-    if (poly != NULL) {
-        kyber_cbd_eta2_avx2(poly, rand + 2 * ETA2_RAND_SIZE);
-    }
-
-    return 0;
-}
-#endif
-
-#ifdef WOLFSSL_KYBER1024
-/* Get the noise/error by calculating random bytes and sampling to a binomial
- * distribution.
- *
- * @param  [in, out]  prf   Psuedo-random function object.
- * @param  [out]      vec1  First Vector of polynomials.
- * @param  [out]      vec2  Second Vector of polynomials.
- * @param  [out]      poly  Polynomial.
- * @param  [in]       seed  Seed to use when calculating random.
- * @return  0 on success.
- */
-static int kyber_get_noise_k4_avx2(KYBER_PRF_T* prf, sword16* vec1,
-    sword16* vec2, sword16* poly, byte* seed)
-{
-    int ret = 0;
-    byte rand[4 * ETA2_RAND_SIZE];
-
-    (void)prf;
-
-    kyber_get_noise_x4_eta2_avx2(rand, seed, 0);
-    kyber_cbd_eta2_avx2(vec1              , rand + 0 * ETA2_RAND_SIZE);
-    kyber_cbd_eta2_avx2(vec1 + 1 * KYBER_N, rand + 1 * ETA2_RAND_SIZE);
-    kyber_cbd_eta2_avx2(vec1 + 2 * KYBER_N, rand + 2 * ETA2_RAND_SIZE);
-    kyber_cbd_eta2_avx2(vec1 + 3 * KYBER_N, rand + 3 * ETA2_RAND_SIZE);
-    kyber_get_noise_x4_eta2_avx2(rand, seed, 4);
-    kyber_cbd_eta2_avx2(vec2              , rand + 0 * ETA2_RAND_SIZE);
-    kyber_cbd_eta2_avx2(vec2 + 1 * KYBER_N, rand + 1 * ETA2_RAND_SIZE);
-    kyber_cbd_eta2_avx2(vec2 + 2 * KYBER_N, rand + 2 * ETA2_RAND_SIZE);
-    kyber_cbd_eta2_avx2(vec2 + 3 * KYBER_N, rand + 3 * ETA2_RAND_SIZE);
-    if (poly != NULL) {
-        seed[KYBER_SYM_SZ] = 8;
-        ret = kyber_get_noise_eta2_c(prf, poly, seed);
-    }
-
-    return ret;
-}
-#endif
-#endif /* USE_INTEL_SPEEDUP */
-
-/* Get the noise/error by calculating random bytes and sampling to a binomial
- * distribution.
- *
- * @param  [in, out]  prf   Psuedo-random function object.
- * @param  [in]       kp    Number of polynomials in vector.
- * @param  [out]      vec1  First Vector of polynomials.
- * @param  [in]       eta1  Size of noise/error integers with first vector.
- * @param  [out]      vec2  Second Vector of polynomials.
- * @param  [in]       eta2  Size of noise/error integers with second vector.
- * @param  [out]      poly  Polynomial.
- * @param  [in]       seed  Seed to use when calculating random.
- * @return  0 on success.
- */
-static int kyber_get_noise_c(KYBER_PRF_T* prf, int kp, sword16* vec1, int eta1,
-    sword16* vec2, int eta2, sword16* poly, byte* seed)
-{
-    int ret = 0;
-    int i;
-
-    /* First noise generation has a seed with 0x00 appended. */
-    seed[KYBER_SYM_SZ] = 0;
-    /* Generate noise as private key. */
-    for (i = 0; (ret == 0) && (i < kp); i++) {
-        /* Generate noise for each dimension of vector. */
-        ret = kyber_get_noise_eta1_c(prf, vec1 + i * KYBER_N, seed, eta1);
-        /* Increment value of appended byte. */
-        seed[KYBER_SYM_SZ]++;
-    }
-    /* Generate noise for error. */
-    for (i = 0; (ret == 0) && (i < kp); i++) {
-        /* Generate noise for each dimension of vector. */
-        ret = kyber_get_noise_eta1_c(prf, vec2 + i * KYBER_N, seed, eta2);
-        /* Increment value of appended byte. */
-        seed[KYBER_SYM_SZ]++;
-    }
-    if ((ret == 0) && (poly != NULL)) {
-        /* Generating random error polynomial. */
-        ret = kyber_get_noise_eta2_c(prf, poly, seed);
-    }
-
-    return ret;
-}
-
-/* Get the noise/error by calculating random bytes and sampling to a binomial
- * distribution.
- *
- * @param  [in, out]  prf   Psuedo-random function object.
- * @param  [in]       kp    Number of polynomials in vector.
- * @param  [out]      vec1  First Vector of polynomials.
- * @param  [out]      vec2  Second Vector of polynomials.
- * @param  [out]      poly  Polynomial.
- * @param  [in]       seed  Seed to use when calculating random.
- * @return  0 on success.
- */
-int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1,
-    sword16* vec2, sword16* poly, byte* seed)
-{
-    int ret;
-
-#ifdef WOLFSSL_KYBER512
-    if (kp == KYBER512_K) {
-    #ifdef USE_INTEL_SPEEDUP
-        if (IS_INTEL_AVX2(cpuid_flags)) {
-            ret = kyber_get_noise_k2_avx2(prf, vec1, vec2, poly, seed);
-        }
-        else
-    #endif
-        if (poly == NULL) {
-            ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA3, vec2,
-                KYBER_CBD_ETA3, NULL, seed);
-        }
-        else {
-            ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA3, vec2,
-                KYBER_CBD_ETA2, poly, seed);
-        }
-    }
-    else
-#endif
-#ifdef WOLFSSL_KYBER768
-    if (kp == KYBER768_K) {
-    #ifdef USE_INTEL_SPEEDUP
-        if (IS_INTEL_AVX2(cpuid_flags)) {
-            ret = kyber_get_noise_k3_avx2(vec1, vec2, poly, seed);
-        }
-        else
-    #endif
-        {
-            ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA2, vec2,
-                KYBER_CBD_ETA2, poly, seed);
-        }
-    }
-    else
-#endif
-#ifdef WOLFSSL_KYBER1024
-    if (kp == KYBER1024_K) {
-    #ifdef USE_INTEL_SPEEDUP
-        if (IS_INTEL_AVX2(cpuid_flags)) {
-            ret = kyber_get_noise_k4_avx2(prf, vec1, vec2, poly, seed);
-        }
-        else
-    #endif
-        {
-            ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA2, vec2,
-                KYBER_CBD_ETA2, poly, seed);
-        }
-    }
-    else
-#endif
-    {
-        ret = BAD_STATE_E;
-    }
-
-    return ret;
-}
-
-/******************************************************************************/
-
-/* Compare two byte arrays of equal size.
- *
- * @param [in]  a   First array to compare.
- * @param [in]  b   Second array to compare.
- * @param [in]  sz  Size of arrays in bytes.
- * @return  0 on success.
- * @return  -1 on failure.
- */
-static int kyber_cmp_c(const byte* a, const byte* b, int sz)
-{
-    int i;
-    byte r = 0;
-
-    /* Constant time comparison of the encapsulated message and cipher text. */
-    for (i = 0; i < sz; i++) {
-        r |= a[i] ^ b[i];
-    }
-    return 0 - ((-(word32)r) >> 31);
-}
-
-/* Compare two byte arrays of equal size.
- *
- * @param [in]  a   First array to compare.
- * @param [in]  b   Second array to compare.
- * @param [in]  sz  Size of arrays in bytes.
- * @return  0 on success.
- * @return  -1 on failure.
- */
-int kyber_cmp(const byte* a, const byte* b, int sz)
-{
-    int fail;
-
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        fail = kyber_cmp_avx2(a, b, sz);
-    }
-    else
-#endif
-    {
-        fail = kyber_cmp_c(a, b, sz);
-    }
-
-    return fail;
-}
-
-/******************************************************************************/
-
-/* Conditional subtraction of q to each coefficient of a polynomial.
- *
- * @param  [in, out]  p  Polynomial.
- */
-static KYBER_NOINLINE void kyber_csubq_c(sword16* p)
-{
-    unsigned int i;
-
-    for (i = 0; i < KYBER_N; ++i) {
-        sword16 t = p[i] - KYBER_Q;
-        /* When top bit set, -ve number - need to add q back. */
-        p[i] = ((t >> 15) & KYBER_Q) + t;
-    }
-}
-
-/******************************************************************************/
-
-#if defined(CONV_WITH_DIV) || !defined(WORD64_AVAILABLE)
-
-/* Compress value.
- *
- * Uses div operator that may be slow.
- *
- * @param  [in]  v  Vector of polynomials.
- * @param  [in]  i  Index of polynomial in vector.
- * @param  [in]  j  Index into polynomial.
- * @param  [in]  k  Offset from indices.
- * @param  [in]  s  Shift amount to apply to value being compressed.
- * @param  [in]  m  Mask to apply get the require number of bits.
- * @return  Compressed value.
- */
-#define TO_COMP_WORD_VEC(v, i, j, k, s, m) \
-    ((((word32)v[i * KYBER_N + j + k] << s) + KYBER_Q_HALF) / KYBER_Q) & m
-
-/* Compress value to 10 bits.
- *
- * Uses mul instead of div.
- *
- * @param  [in]  v  Vector of polynomials.
- * @param  [in]  i  Index of polynomial in vector.
- * @param  [in]  j  Index into polynomial.
- * @param  [in]  k  Offset from indices.
- * @return  Compressed value.
- */
-#define TO_COMP_WORD_10(v, i, j, k) \
-    TO_COMP_WORD_VEC(v, i, j, k, 10, 0x3ff)
-
-/* Compress value to 11 bits.
- *
- * Uses mul instead of div.
- *
- * @param  [in]  v  Vector of polynomials.
- * @param  [in]  i  Index of polynomial in vector.
- * @param  [in]  j  Index into polynomial.
- * @param  [in]  k  Offset from indices.
- * @return  Compressed value.
- */
-#define TO_COMP_WORD_11(v, i, j, k) \
-    TO_COMP_WORD_VEC(v, i, j, k, 11, 0x7ff)
-
-#else
-
-/* Multiplier that does div q.
- * ((1 << 53) + KYBER_Q_HALF) / KYBER_Q
- */
-#define KYBER_V53         0x275f6ed0176UL
-/* Multiplier times half of q.
- * KYBER_V53 * (KYBER_Q_HALF + 1)
- */
-#define KYBER_V53_HALF    0x10013afb768076UL
-
-/* Multiplier that does div q.
- * ((1 << 54) + KYBER_Q_HALF) / KYBER_Q
- */
-#define KYBER_V54         0x4ebedda02ecUL
-/* Multiplier times half of q.
- * KYBER_V54 * (KYBER_Q_HALF + 1)
- */
-#define KYBER_V54_HALF    0x200275f6ed00ecUL
-
-/* Compress value to 10 bits.
- *
- * Uses mul instead of div.
- *
- * @param  [in]  v  Vector of polynomials.
- * @param  [in]  i  Index of polynomial in vector.
- * @param  [in]  j  Index into polynomial.
- * @param  [in]  k  Offset from indices.
- * @return  Compressed value.
- */
-#define TO_COMP_WORD_10(v, i, j, k) \
-    ((((KYBER_V54 << 10) * (v)[(i) * KYBER_N + (j) + (k)]) + KYBER_V54_HALF) >> 54)
-
-/* Compress value to 11 bits.
- *
- * Uses mul instead of div.
- * Only works for values in range: 0..3228
- *
- * @param  [in]  v  Vector of polynomials.
- * @param  [in]  i  Index of polynomial in vector.
- * @param  [in]  j  Index into polynomial.
- * @param  [in]  k  Offset from indices.
- * @return  Compressed value.
- */
-#define TO_COMP_WORD_11(v, i, j, k) \
-    ((((KYBER_V53 << 11) * (v)[(i) * KYBER_N + (j) + (k)]) + KYBER_V53_HALF) >> 53)
-
-#endif /* CONV_WITH_DIV */
-
-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
-/* Compress the vector of polynomials into a byte array with 10 bits each.
- *
- * @param  [out]  b       Array of bytes.
- * @param  [in]   v       Vector of polynomials.
- * @param  [in]   kp      Number of polynomials in vector.
- */
-static void kyber_vec_compress_10_c(byte* r, sword16* v, unsigned int kp)
-{
-    unsigned int i;
-    unsigned int j;
-
-    for (i = 0; i < kp; i++) {
-        /* Reduce each coefficient to mod q. */
-        kyber_csubq_c(v + i * KYBER_N);
-        /* All values are now positive. */
-    }
-
-    /* Each polynomial. */
-    for (i = 0; i < kp; i++) {
-#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_KYBER_NO_LARGE_CODE) || \
-    defined(BIG_ENDIAN_ORDER)
-        /* Each 4 polynomial coefficients. */
-        for (j = 0; j < KYBER_N; j += 4) {
-        #ifdef WOLFSSL_KYBER_SMALL
-            unsigned int k;
-            sword16 t[4];
-            /* Compress four polynomial values to 10 bits each. */
-            for (k = 0; k < 4; k++) {
-                t[k] = TO_COMP_WORD_10(v, i, j, k);
-            }
-
-            /* Pack four 10-bit values into byte array. */
-            r[ 0] = (t[0] >> 0);
-            r[ 1] = (t[0] >> 8) | (t[1] << 2);
-            r[ 2] = (t[1] >> 6) | (t[2] << 4);
-            r[ 3] = (t[2] >> 4) | (t[3] << 6);
-            r[ 4] = (t[3] >> 2);
-        #else
-            /* Compress four polynomial values to 10 bits each. */
-            sword16 t0 = TO_COMP_WORD_10(v, i, j, 0);
-            sword16 t1 = TO_COMP_WORD_10(v, i, j, 1);
-            sword16 t2 = TO_COMP_WORD_10(v, i, j, 2);
-            sword16 t3 = TO_COMP_WORD_10(v, i, j, 3);
-
-            /* Pack four 10-bit values into byte array. */
-            r[ 0] = (t0 >> 0);
-            r[ 1] = (t0 >> 8) | (t1 << 2);
-            r[ 2] = (t1 >> 6) | (t2 << 4);
-            r[ 3] = (t2 >> 4) | (t3 << 6);
-            r[ 4] = (t3 >> 2);
-        #endif
-
-            /* Move over set bytes. */
-            r += 5;
-        }
-#else
-        /* Each 16 polynomial coefficients. */
-        for (j = 0; j < KYBER_N; j += 16) {
-            /* Compress four polynomial values to 10 bits each. */
-            sword16 t0  = TO_COMP_WORD_10(v, i, j, 0);
-            sword16 t1  = TO_COMP_WORD_10(v, i, j, 1);
-            sword16 t2  = TO_COMP_WORD_10(v, i, j, 2);
-            sword16 t3  = TO_COMP_WORD_10(v, i, j, 3);
-            sword16 t4  = TO_COMP_WORD_10(v, i, j, 4);
-            sword16 t5  = TO_COMP_WORD_10(v, i, j, 5);
-            sword16 t6  = TO_COMP_WORD_10(v, i, j, 6);
-            sword16 t7  = TO_COMP_WORD_10(v, i, j, 7);
-            sword16 t8  = TO_COMP_WORD_10(v, i, j, 8);
-            sword16 t9  = TO_COMP_WORD_10(v, i, j, 9);
-            sword16 t10 = TO_COMP_WORD_10(v, i, j, 10);
-            sword16 t11 = TO_COMP_WORD_10(v, i, j, 11);
-            sword16 t12 = TO_COMP_WORD_10(v, i, j, 12);
-            sword16 t13 = TO_COMP_WORD_10(v, i, j, 13);
-            sword16 t14 = TO_COMP_WORD_10(v, i, j, 14);
-            sword16 t15 = TO_COMP_WORD_10(v, i, j, 15);
-
-            word32* r32 = (word32*)r;
-            /* Pack sixteen 10-bit values into byte array. */
-            r32[0] =  t0        | ((word32)t1  << 10) | ((word32)t2  << 20) |
-                                  ((word32)t3  << 30);
-            r32[1] = (t3  >> 2) | ((word32)t4  <<  8) | ((word32)t5  << 18) |
-                                  ((word32)t6  << 28);
-            r32[2] = (t6  >> 4) | ((word32)t7  <<  6) | ((word32)t8  << 16) |
-                                  ((word32)t9  << 26);
-            r32[3] = (t9  >> 6) | ((word32)t10 <<  4) | ((word32)t11 << 14) |
-                                  ((word32)t12 << 24);
-            r32[4] = (t12 >> 8) | ((word32)t13 <<  2) | ((word32)t14 << 12) |
-                                  ((word32)t15 << 22);
-
-            /* Move over set bytes. */
-            r += 20;
-        }
-#endif
-    }
-}
-
-/* Compress the vector of polynomials into a byte array with 10 bits each.
- *
- * @param  [out]  b       Array of bytes.
- * @param  [in]   v       Vector of polynomials.
- * @param  [in]   kp      Number of polynomials in vector.
- */
-void kyber_vec_compress_10(byte* r, sword16* v, unsigned int kp)
-{
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        kyber_compress_10_avx2(r, v, kp);
-    }
-    else
-#endif
-    {
-        kyber_vec_compress_10_c(r, v, kp);
-    }
-}
-#endif
-
-#ifdef WOLFSSL_KYBER1024
-/* Compress the vector of polynomials into a byte array with 11 bits each.
- *
- * @param  [out]  b       Array of bytes.
- * @param  [in]   v       Vector of polynomials.
- */
-static void kyber_vec_compress_11_c(byte* r, sword16* v)
-{
-    unsigned int i;
-    unsigned int j;
-#ifdef WOLFSSL_KYBER_SMALL
-    unsigned int k;
-#endif
-
-    for (i = 0; i < 4; i++) {
-        /* Reduce each coefficient to mod q. */
-        kyber_csubq_c(v + i * KYBER_N);
-        /* All values are now positive. */
-    }
-
-    /* Each polynomial. */
-    for (i = 0; i < 4; i++) {
-        /* Each 8 polynomial coefficients. */
-        for (j = 0; j < KYBER_N; j += 8) {
-        #ifdef WOLFSSL_KYBER_SMALL
-            sword16 t[8];
-            /* Compress eight polynomial values to 11 bits each. */
-            for (k = 0; k < 8; k++) {
-                t[k] = TO_COMP_WORD_11(v, i, j, k);
-            }
-
-            /* Pack eight 11-bit values into byte array. */
-            r[ 0] = (t[0] >>  0);
-            r[ 1] = (t[0] >>  8) | (t[1] << 3);
-            r[ 2] = (t[1] >>  5) | (t[2] << 6);
-            r[ 3] = (t[2] >>  2);
-            r[ 4] = (t[2] >> 10) | (t[3] << 1);
-            r[ 5] = (t[3] >>  7) | (t[4] << 4);
-            r[ 6] = (t[4] >>  4) | (t[5] << 7);
-            r[ 7] = (t[5] >>  1);
-            r[ 8] = (t[5] >>  9) | (t[6] << 2);
-            r[ 9] = (t[6] >>  6) | (t[7] << 5);
-            r[10] = (t[7] >>  3);
-        #else
-            /* Compress eight polynomial values to 11 bits each. */
-            sword16 t0 = TO_COMP_WORD_11(v, i, j, 0);
-            sword16 t1 = TO_COMP_WORD_11(v, i, j, 1);
-            sword16 t2 = TO_COMP_WORD_11(v, i, j, 2);
-            sword16 t3 = TO_COMP_WORD_11(v, i, j, 3);
-            sword16 t4 = TO_COMP_WORD_11(v, i, j, 4);
-            sword16 t5 = TO_COMP_WORD_11(v, i, j, 5);
-            sword16 t6 = TO_COMP_WORD_11(v, i, j, 6);
-            sword16 t7 = TO_COMP_WORD_11(v, i, j, 7);
-
-            /* Pack eight 11-bit values into byte array. */
-            r[ 0] = (t0 >>  0);
-            r[ 1] = (t0 >>  8) | (t1 << 3);
-            r[ 2] = (t1 >>  5) | (t2 << 6);
-            r[ 3] = (t2 >>  2);
-            r[ 4] = (t2 >> 10) | (t3 << 1);
-            r[ 5] = (t3 >>  7) | (t4 << 4);
-            r[ 6] = (t4 >>  4) | (t5 << 7);
-            r[ 7] = (t5 >>  1);
-            r[ 8] = (t5 >>  9) | (t6 << 2);
-            r[ 9] = (t6 >>  6) | (t7 << 5);
-            r[10] = (t7 >>  3);
-        #endif
-
-            /* Move over set bytes. */
-            r += 11;
-        }
-    }
-}
-
-/* Compress the vector of polynomials into a byte array with 11 bits each.
- *
- * @param  [out]  b       Array of bytes.
- * @param  [in]   v       Vector of polynomials.
- */
-void kyber_vec_compress_11(byte* r, sword16* v)
-{
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        kyber_compress_11_avx2(r, v, 4);
-    }
-    else
-#endif
-    {
-        kyber_vec_compress_11_c(r, v);
-    }
-}
-#endif
-
-/* Decompress a 10 bit value.
- *
- * @param  [in]  v  Vector of polynomials.
- * @param  [in]  i  Index of polynomial in vector.
- * @param  [in]  j  Index into polynomial.
- * @param  [in]  k  Offset from indices.
- * @param  [in]  t  Value to decompress.
- * @return  Decompressed value.
- */
-#define DECOMP_10(v, i, j, k, t) \
-    v[(i) * KYBER_N + 4 * (j) + (k)] = \
-        (word16)((((word32)((t) & 0x3ff) * KYBER_Q) + 512) >> 10)
-
-/* Decompress an 11 bit value.
- *
- * @param  [in]  v  Vector of polynomials.
- * @param  [in]  i  Index of polynomial in vector.
- * @param  [in]  j  Index into polynomial.
- * @param  [in]  k  Offset from indices.
- * @param  [in]  t  Value to decompress.
- * @return  Decompressed value.
- */
-#define DECOMP_11(v, i, j, k, t) \
-    v[(i) * KYBER_N + 8 * (j) + (k)] = \
-        (word16)((((word32)((t) & 0x7ff) * KYBER_Q) + 1024) >> 11)
-
-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
-/* Decompress the byte array of packed 10 bits into vector of polynomials.
- *
- * @param  [out]  v       Vector of polynomials.
- * @param  [in]   b       Array of bytes.
- * @param  [in]   kp      Number of polynomials in vector.
- */
-static void kyber_vec_decompress_10_c(sword16* v, const unsigned char* b,
-    unsigned int kp)
-{
-    unsigned int i;
-    unsigned int j;
-#ifdef WOLFSSL_KYBER_SMALL
-    unsigned int k;
-#endif
-
-    /* Each polynomial. */
-    for (i = 0; i < kp; i++) {
-        /* Each 4 polynomial coefficients. */
-        for (j = 0; j < KYBER_N / 4; j++) {
-        #ifdef WOLFSSL_KYBER_SMALL
-            word16 t[4];
-            /* Extract out 4 values of 10 bits each. */
-            t[0] = (b[0] >> 0) | ((word16)b[ 1] << 8);
-            t[1] = (b[1] >> 2) | ((word16)b[ 2] << 6);
-            t[2] = (b[2] >> 4) | ((word16)b[ 3] << 4);
-            t[3] = (b[3] >> 6) | ((word16)b[ 4] << 2);
-            b += 5;
-
-            /* Decompress 4 values. */
-            for (k = 0; k < 4; k++) {
-                DECOMP_10(v, i, j, k, t[k]);
-            }
-        #else
-            /* Extract out 4 values of 10 bits each. */
-            sword16 t0 = (b[0] >> 0) | ((word16)b[ 1] << 8);
-            sword16 t1 = (b[1] >> 2) | ((word16)b[ 2] << 6);
-            sword16 t2 = (b[2] >> 4) | ((word16)b[ 3] << 4);
-            sword16 t3 = (b[3] >> 6) | ((word16)b[ 4] << 2);
-            b += 5;
-
-            /* Decompress 4 values. */
-            DECOMP_10(v, i, j, 0, t0);
-            DECOMP_10(v, i, j, 1, t1);
-            DECOMP_10(v, i, j, 2, t2);
-            DECOMP_10(v, i, j, 3, t3);
-        #endif
-        }
-    }
-}
-
-/* Decompress the byte array of packed 10 bits into vector of polynomials.
- *
- * @param  [out]  v       Vector of polynomials.
- * @param  [in]   b       Array of bytes.
- * @param  [in]   kp      Number of polynomials in vector.
- */
-void kyber_vec_decompress_10(sword16* v, const unsigned char* b,
-    unsigned int kp)
-{
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        kyber_decompress_10_avx2(v, b, kp);
-    }
-    else
-#endif
-    {
-        kyber_vec_decompress_10_c(v, b, kp);
-    }
-}
-#endif
-#ifdef WOLFSSL_KYBER1024
-/* Decompress the byte array of packed 11 bits into vector of polynomials.
- *
- * @param  [out]  v       Vector of polynomials.
- * @param  [in]   b       Array of bytes.
- */
-static void kyber_vec_decompress_11_c(sword16* v, const unsigned char* b)
-{
-    unsigned int i;
-    unsigned int j;
-#ifdef WOLFSSL_KYBER_SMALL
-    unsigned int k;
-#endif
-
-    /* Each polynomial. */
-    for (i = 0; i < 4; i++) {
-        /* Each 8 polynomial coefficients. */
-        for (j = 0; j < KYBER_N / 8; j++) {
-        #ifdef WOLFSSL_KYBER_SMALL
-            word16 t[8];
-            /* Extract out 8 values of 11 bits each. */
-            t[0] = (b[0] >> 0) | ((word16)b[ 1] << 8);
-            t[1] = (b[1] >> 3) | ((word16)b[ 2] << 5);
-            t[2] = (b[2] >> 6) | ((word16)b[ 3] << 2) |
-                   ((word16)b[4] << 10);
-            t[3] = (b[4] >> 1) | ((word16)b[ 5] << 7);
-            t[4] = (b[5] >> 4) | ((word16)b[ 6] << 4);
-            t[5] = (b[6] >> 7) | ((word16)b[ 7] << 1) |
-                   ((word16)b[8] <<  9);
-            t[6] = (b[8] >> 2) | ((word16)b[ 9] << 6);
-            t[7] = (b[9] >> 5) | ((word16)b[10] << 3);
-            b += 11;
-
-            /* Decompress 8 values. */
-            for (k = 0; k < 8; k++) {
-                DECOMP_11(v, i, j, k, t[k]);
-            }
-        #else
-            /* Extract out 8 values of 11 bits each. */
-            sword16 t0 = (b[0] >> 0) | ((word16)b[ 1] << 8);
-            sword16 t1 = (b[1] >> 3) | ((word16)b[ 2] << 5);
-            sword16 t2 = (b[2] >> 6) | ((word16)b[ 3] << 2) |
-                   ((word16)b[4] << 10);
-            sword16 t3 = (b[4] >> 1) | ((word16)b[ 5] << 7);
-            sword16 t4 = (b[5] >> 4) | ((word16)b[ 6] << 4);
-            sword16 t5 = (b[6] >> 7) | ((word16)b[ 7] << 1) |
-                   ((word16)b[8] <<  9);
-            sword16 t6 = (b[8] >> 2) | ((word16)b[ 9] << 6);
-            sword16 t7 = (b[9] >> 5) | ((word16)b[10] << 3);
-            b += 11;
-
-            /* Decompress 8 values. */
-            DECOMP_11(v, i, j, 0, t0);
-            DECOMP_11(v, i, j, 1, t1);
-            DECOMP_11(v, i, j, 2, t2);
-            DECOMP_11(v, i, j, 3, t3);
-            DECOMP_11(v, i, j, 4, t4);
-            DECOMP_11(v, i, j, 5, t5);
-            DECOMP_11(v, i, j, 6, t6);
-            DECOMP_11(v, i, j, 7, t7);
-        #endif
-        }
-    }
-}
-
-/* Decompress the byte array of packed 11 bits into vector of polynomials.
- *
- * @param  [out]  v       Vector of polynomials.
- * @param  [in]   b       Array of bytes.
- */
-void kyber_vec_decompress_11(sword16* v, const unsigned char* b)
-{
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        kyber_decompress_11_avx2(v, b, 4);
-    }
-    else
-#endif
-    {
-        kyber_vec_decompress_11_c(v, b);
-    }
-}
-#endif
-
-#ifdef CONV_WITH_DIV
-
-/* Compress value.
- *
- * Uses div operator that may be slow.
- *
- * @param  [in]  v  Vector of polynomials.
- * @param  [in]  i  Index into polynomial.
- * @param  [in]  j  Offset from indices.
- * @param  [in]  s  Shift amount to apply to value being compressed.
- * @param  [in]  m  Mask to apply get the require number of bits.
- * @return  Compressed value.
- */
-#define TO_COMP_WORD(v, i, j, s, m) \
-    ((((word32)v[i + j] << s) + KYBER_Q_HALF) / KYBER_Q) & m
-
-/* Compress value to 4 bits.
- *
- * Uses mul instead of div.
- *
- * @param  [in]  p  Polynomial.
- * @param  [in]  i  Index into polynomial.
- * @param  [in]  j  Offset from indices.
- * @return  Compressed value.
- */
-#define TO_COMP_WORD_4(p, i, j) \
-    TO_COMP_WORD(p, i, j, 4, 0xf)
-
-/* Compress value to 5 bits.
- *
- * Uses mul instead of div.
- *
- * @param  [in]  p  Polynomial.
- * @param  [in]  i  Index into polynomial.
- * @param  [in]  j  Offset from indices.
- * @return  Compressed value.
- */
-#define TO_COMP_WORD_5(p, i, j) \
-    TO_COMP_WORD(p, i, j, 5, 0x1f)
-
-#else
-
-/* Multiplier that does div q. */
-#define KYBER_V28         ((word32)(((1U << 28) + KYBER_Q_HALF)) / KYBER_Q)
-/* Multiplier times half of q. */
-#define KYBER_V28_HALF    ((word32)(KYBER_V28 * (KYBER_Q_HALF + 1)))
-
-/* Multiplier that does div q. */
-#define KYBER_V27         ((word32)(((1U << 27) + KYBER_Q_HALF)) / KYBER_Q)
-/* Multiplier times half of q. */
-#define KYBER_V27_HALF    ((word32)(KYBER_V27 * KYBER_Q_HALF))
-
-/* Compress value to 4 bits.
- *
- * Uses mul instead of div.
- *
- * @param  [in]  p  Polynomial.
- * @param  [in]  i  Index into polynomial.
- * @param  [in]  j  Offset from indices.
- * @return  Compressed value.
- */
-#define TO_COMP_WORD_4(p, i, j) \
-    ((((KYBER_V28 << 4) * (p)[(i) + (j)]) + KYBER_V28_HALF) >> 28)
-
-/* Compress value to 5 bits.
- *
- * Uses mul instead of div.
- *
- * @param  [in]  p  Polynomial.
- * @param  [in]  i  Index into polynomial.
- * @param  [in]  j  Offset from indices.
- * @return  Compressed value.
- */
-#define TO_COMP_WORD_5(p, i, j) \
-    ((((KYBER_V27 << 5) * (p)[(i) + (j)]) + KYBER_V27_HALF) >> 27)
-
-#endif /* CONV_WITH_DIV */
-
-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
-/* Compress a polynomial into byte array - on coefficients into 4 bits.
- *
- * @param  [out]  b       Array of bytes.
- * @param  [in]   p       Polynomial.
- */
-static void kyber_compress_4_c(byte* b, sword16* p)
-{
-    unsigned int i;
-#ifdef WOLFSSL_KYBER_SMALL
-    unsigned int j;
-    byte t[8];
-#endif
-
-    /* Reduce each coefficients to mod q. */
-    kyber_csubq_c(p);
-    /* All values are now positive. */
-
-    /* Each 8 polynomial coefficients. */
-    for (i = 0; i < KYBER_N; i += 8) {
-    #ifdef WOLFSSL_KYBER_SMALL
-        /* Compress eight polynomial values to 4 bits each. */
-        for (j = 0; j < 8; j++) {
-            t[j] = TO_COMP_WORD_4(p, i, j);
-        }
-
-        b[0] = t[0] | (t[1] << 4);
-        b[1] = t[2] | (t[3] << 4);
-        b[2] = t[4] | (t[5] << 4);
-        b[3] = t[6] | (t[7] << 4);
-    #else
-        /* Compress eight polynomial values to 4 bits each. */
-        byte t0 = TO_COMP_WORD_4(p, i, 0);
-        byte t1 = TO_COMP_WORD_4(p, i, 1);
-        byte t2 = TO_COMP_WORD_4(p, i, 2);
-        byte t3 = TO_COMP_WORD_4(p, i, 3);
-        byte t4 = TO_COMP_WORD_4(p, i, 4);
-        byte t5 = TO_COMP_WORD_4(p, i, 5);
-        byte t6 = TO_COMP_WORD_4(p, i, 6);
-        byte t7 = TO_COMP_WORD_4(p, i, 7);
-
-        /* Pack eight 4-bit values into byte array. */
-        b[0] = t0 | (t1 << 4);
-        b[1] = t2 | (t3 << 4);
-        b[2] = t4 | (t5 << 4);
-        b[3] = t6 | (t7 << 4);
-    #endif
-
-        /* Move over set bytes. */
-        b += 4;
-    }
-}
-
-/* Compress a polynomial into byte array - on coefficients into 4 bits.
- *
- * @param  [out]  b       Array of bytes.
- * @param  [in]   p       Polynomial.
- */
-void kyber_compress_4(byte* b, sword16* p)
-{
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        kyber_compress_4_avx2(b, p);
-    }
-    else
-#endif
-    {
-        kyber_compress_4_c(b, p);
-    }
-}
-#endif
-#ifdef WOLFSSL_KYBER1024
-/* Compress a polynomial into byte array - on coefficients into 5 bits.
- *
- * @param  [out]  b       Array of bytes.
- * @param  [in]   p       Polynomial.
- */
-static void kyber_compress_5_c(byte* b, sword16* p)
-{
-    unsigned int i;
-#ifdef WOLFSSL_KYBER_SMALL
-    unsigned int j;
-    byte t[8];
-#endif
-
-    /* Reduce each coefficients to mod q. */
-    kyber_csubq_c(p);
-    /* All values are now positive. */
-
-    for (i = 0; i < KYBER_N; i += 8) {
-    #ifdef WOLFSSL_KYBER_SMALL
-        /* Compress eight polynomial values to 5 bits each. */
-        for (j = 0; j < 8; j++) {
-            t[j] = TO_COMP_WORD_5(p, i, j);
-        }
-
-        /* Pack 5 bits into byte array. */
-        b[0] = (t[0] >> 0) | (t[1] << 5);
-        b[1] = (t[1] >> 3) | (t[2] << 2) | (t[3] << 7);
-        b[2] = (t[3] >> 1) | (t[4] << 4);
-        b[3] = (t[4] >> 4) | (t[5] << 1) | (t[6] << 6);
-        b[4] = (t[6] >> 2) | (t[7] << 3);
-    #else
-        /* Compress eight polynomial values to 5 bits each. */
-        byte t0 = TO_COMP_WORD_5(p, i, 0);
-        byte t1 = TO_COMP_WORD_5(p, i, 1);
-        byte t2 = TO_COMP_WORD_5(p, i, 2);
-        byte t3 = TO_COMP_WORD_5(p, i, 3);
-        byte t4 = TO_COMP_WORD_5(p, i, 4);
-        byte t5 = TO_COMP_WORD_5(p, i, 5);
-        byte t6 = TO_COMP_WORD_5(p, i, 6);
-        byte t7 = TO_COMP_WORD_5(p, i, 7);
-
-        /* Pack eight 5-bit values into byte array. */
-        b[0] = (t0 >> 0) | (t1 << 5);
-        b[1] = (t1 >> 3) | (t2 << 2) | (t3 << 7);
-        b[2] = (t3 >> 1) | (t4 << 4);
-        b[3] = (t4 >> 4) | (t5 << 1) | (t6 << 6);
-        b[4] = (t6 >> 2) | (t7 << 3);
-    #endif
-
-        /* Move over set bytes. */
-        b += 5;
-    }
-}
-
-/* Compress a polynomial into byte array - on coefficients into 5 bits.
- *
- * @param  [out]  b       Array of bytes.
- * @param  [in]   p       Polynomial.
- */
-void kyber_compress_5(byte* b, sword16* p)
-{
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        kyber_compress_5_avx2(b, p);
-    }
-    else
-#endif
-    {
-        kyber_compress_5_c(b, p);
-    }
-}
-#endif
-
-/* Decompress a 4 bit value.
- *
- * @param  [in]  p  Polynomial.
- * @param  [in]  i  Index into polynomial.
- * @param  [in]  j  Offset from indices.
- * @param  [in]  t  Value to decompress.
- * @return  Decompressed value.
- */
-#define DECOMP_4(p, i, j, t) \
-    p[(i) + (j)] = ((word16)((t) * KYBER_Q) + 8) >> 4
-
-/* Decompress a 5 bit value.
- *
- * @param  [in]  p  Polynomial.
- * @param  [in]  i  Index into polynomial.
- * @param  [in]  j  Offset from indices.
- * @param  [in]  t  Value to decompress.
- * @return  Decompressed value.
- */
-#define DECOMP_5(p, i, j, t) \
-    p[(i) + (j)] = (((word32)((t) & 0x1f) * KYBER_Q) + 16) >> 5
-
-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768)
-/* Decompress the byte array of packed 4 bits into polynomial.
- *
- * @param  [out]  p       Polynomial.
- * @param  [in]   b       Array of bytes.
- */
-static void kyber_decompress_4_c(sword16* p, const unsigned char* b)
-{
-    unsigned int i;
-
-    /* 2 coefficients at a time. */
-    for (i = 0; i < KYBER_N; i += 2) {
-        /* 2 coefficients decompressed from one byte. */
-        DECOMP_4(p, i, 0, b[0] & 0xf);
-        DECOMP_4(p, i, 1, b[0] >>  4);
-        b += 1;
-    }
-}
-
-/* Decompress the byte array of packed 4 bits into polynomial.
- *
- * @param  [out]  p       Polynomial.
- * @param  [in]   b       Array of bytes.
- */
-void kyber_decompress_4(sword16* p, const unsigned char* b)
-{
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        kyber_decompress_4_avx2(p, b);
-    }
-    else
-#endif
-    {
-        kyber_decompress_4_c(p, b);
-    }
-}
-#endif
-#ifdef WOLFSSL_KYBER1024
-/* Decompress the byte array of packed 5 bits into polynomial.
- *
- * @param  [out]  p       Polynomial.
- * @param  [in]   b       Array of bytes.
- */
-static void kyber_decompress_5_c(sword16* p, const unsigned char* b)
-{
-    unsigned int i;
-
-    /* Each 8 polynomial coefficients. */
-    for (i = 0; i < KYBER_N; i += 8) {
-    #ifdef WOLFSSL_KYBER_SMALL
-        unsigned int j;
-        byte t[8];
-
-        /* Extract out 8 values of 5 bits each. */
-        t[0] = (b[0] >> 0);
-        t[1] = (b[0] >> 5) | (b[1] << 3);
-        t[2] = (b[1] >> 2);
-        t[3] = (b[1] >> 7) | (b[2] << 1);
-        t[4] = (b[2] >> 4) | (b[3] << 4);
-        t[5] = (b[3] >> 1);
-        t[6] = (b[3] >> 6) | (b[4] << 2);
-        t[7] = (b[4] >> 3);
-        b += 5;
-
-        /* Decompress 8 values. */
-        for (j = 0; j < 8; j++) {
-            DECOMP_5(p, i, j, t[j]);
-        }
-    #else
-        /* Extract out 8 values of 5 bits each. */
-        byte t0 = (b[0] >> 0);
-        byte t1 = (b[0] >> 5) | (b[1] << 3);
-        byte t2 = (b[1] >> 2);
-        byte t3 = (b[1] >> 7) | (b[2] << 1);
-        byte t4 = (b[2] >> 4) | (b[3] << 4);
-        byte t5 = (b[3] >> 1);
-        byte t6 = (b[3] >> 6) | (b[4] << 2);
-        byte t7 = (b[4] >> 3);
-        b += 5;
-
-        /* Decompress 8 values. */
-        DECOMP_5(p, i, 0, t0);
-        DECOMP_5(p, i, 1, t1);
-        DECOMP_5(p, i, 2, t2);
-        DECOMP_5(p, i, 3, t3);
-        DECOMP_5(p, i, 4, t4);
-        DECOMP_5(p, i, 5, t5);
-        DECOMP_5(p, i, 6, t6);
-        DECOMP_5(p, i, 7, t7);
-    #endif
-    }
-}
-
-/* Decompress the byte array of packed 5 bits into polynomial.
- *
- * @param  [out]  p       Polynomial.
- * @param  [in]   b       Array of bytes.
- */
-void kyber_decompress_5(sword16* p, const unsigned char* b)
-{
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        kyber_decompress_5_avx2(p, b);
-    }
-    else
-#endif
-    {
-        kyber_decompress_5_c(p, b);
-    }
-}
-#endif
-
-/******************************************************************************/
-
-/* Convert bit from byte to 0 or (KYBER_Q + 1) / 2.
- *
- * Constant time implementation.
- * XOR in kyber_opt_blocker to ensure optimizer doesn't know what will be ANDed
- * with KYBER_Q_1_HALF and can't optimize to non-constant time code.
- *
- * @param  [out]  p    Polynomial to hold converted value.
- * @param  [in]   msg  Message to get bit from byte from.
- * @param  [in]   i    Index of byte from message.
- * @param  [in]   j    Index of bit in byte.
- */
-#define FROM_MSG_BIT(p, msg, i, j) \
-    ((p)[8 * (i) + (j)] = (((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) ^ \
-                          kyber_opt_blocker) & KYBER_Q_1_HALF)
-
-/* Convert message to polynomial.
- *
- * @param  [out]  p    Polynomial.
- * @param  [in]   msg  Message as a byte array.
- */
-static void kyber_from_msg_c(sword16* p, const byte* msg)
-{
-    unsigned int i;
-
-    /* For each byte of the message. */
-    for (i = 0; i < KYBER_N / 8; i++) {
-    #ifdef WOLFSSL_KYBER_SMALL
-        unsigned int j;
-        /* For each bit of the message. */
-        for (j = 0; j < 8; j++) {
-            FROM_MSG_BIT(p, msg, i, j);
-        }
-    #else
-        FROM_MSG_BIT(p, msg, i, 0);
-        FROM_MSG_BIT(p, msg, i, 1);
-        FROM_MSG_BIT(p, msg, i, 2);
-        FROM_MSG_BIT(p, msg, i, 3);
-        FROM_MSG_BIT(p, msg, i, 4);
-        FROM_MSG_BIT(p, msg, i, 5);
-        FROM_MSG_BIT(p, msg, i, 6);
-        FROM_MSG_BIT(p, msg, i, 7);
-    #endif
-    }
-}
-
-/* Convert message to polynomial.
- *
- * @param  [out]  p    Polynomial.
- * @param  [in]   msg  Message as a byte array.
- */
-void kyber_from_msg(sword16* p, const byte* msg)
-{
-#ifdef USE_INTEL_SPEEDUP
-    if (IS_INTEL_AVX2(cpuid_flags)) {
-        kyber_from_msg_avx2(p, msg);
-    }
-    else
-#endif
-    {
-        kyber_from_msg_c(p, msg);
-    }
-}
-
-#ifdef CONV_WITH_DIV
-
-/* Convert to value to bit.
- *
- * Uses div operator that may be slow.
- *
- * @param  [out]  m   Message.
- * @param  [in]   p   Polynomial.
- * @param  [in]   i   Index of byte in message.
- * @param  [in]   j   Index of bit in byte.
- */
-#define TO_MSG_BIT(m, p, i, j) \
-    m[i] |= (((((sword16)p[8 * i + j] << 1) + KYBER_Q_HALF) / KYBER_Q) & 1) << j
-
-#else
-
-/* Multiplier that does div q. */
-#define KYBER_V31       (((1U << 31) + (KYBER_Q / 2)) / KYBER_Q)
-/* 2 * multiplier that does div q. Only need bit 32 of result. */
-#define KYBER_V31_2     ((word32)(KYBER_V31 * 2))
-/* Multiplier times half of q. */
-#define KYBER_V31_HALF    ((word32)(KYBER_V31 * KYBER_Q_HALF))
-
-/* Convert to value to bit.
- *
- * Uses mul instead of div.
- *
- * @param  [out]  m   Message.
- * @param  [in]   p   Polynomial.
- * @param  [in]   i   Index of byte in message.
- * @param  [in]   j   Index of bit in byte.
- */
-#define TO_MSG_BIT(m, p, i, j) \
-    (m)[i] |= ((word32)((KYBER_V31_2 * (p)[8 * (i) + (j)]) + KYBER_V31_HALF) >> 31) << (j)
-
-#endif /* CONV_WITH_DIV */
-
-/* Convert polynomial to message.
- *
- * @param  [out]  msg  Message as a byte array.
- * @param  [in]   p    Polynomial.
- */
-static void kyber_to_msg_c(byte* msg, sword16* p)
-{
-    unsigned int i;
-
-    /* Reduce each coefficient to mod q. */
-    kyber_csubq_c(p);
-    /* All values are now positive. */
-
-    for (i = 0; i < KYBER_N / 8; i++) {
-    #ifdef WOLFSSL_KYBER_SMALL
-        unsigned int j;
-        msg[i] = 0;
-        for (j = 0; j < 8; j++) {
-            TO_MSG_BIT(msg, p, i, j);
-        }
-    #else
-        msg[i] = 0;
-        TO_MSG_BIT(msg, p, i, 0);
-        TO_MSG_BIT(msg, p, i, 1);
-        TO_MSG_BIT(msg, p, i, 2);
-        TO_MSG_BIT(msg, p, i, 3);
-        TO_MSG_BIT(msg, p, i, 4);
-        TO_MSG_BIT(msg, p, i, 5);
-        TO_MSG_BIT(msg, p, i, 6);
-        TO_MSG_BIT(msg, p, i, 7);
-    #endif
-    }
-}
-
-/* Convert polynomial to message.
- *
- * @param  [out]  msg  Message as a byte array.
- * @param  [in]   p    Polynomial.
- */
-void kyber_to_msg(byte* msg, sword16* p)
-{
-#ifdef USE_INTEL_SPEEDUP
-     if (IS_INTEL_AVX2(cpuid_flags)) {
-        /* Convert the polynomial into a array of bytes (message). */
-        kyber_to_msg_avx2(msg, p);
-    }
-    else
-#endif
-    {
-        kyber_to_msg_c(msg, p);
-    }
-}
-
-/******************************************************************************/
-
-/* Convert bytes to polynomial.
- *
- * Consecutive 12 bits hold each coefficient of polynomial.
- * Used in decoding private and public keys.
- *
- * @param  [out]  p  Vector of polynomials.
- * @param  [in]   b  Array of bytes.
- * @param  [in]   k  Number of polynomials in vector.
- */
-static void kyber_from_bytes_c(sword16* p, const byte* b, int k)
-{
-    int i;
-    int j;
-
-    for (j = 0; j < k; j++) {
-        for (i = 0; i < KYBER_N / 2; i++) {
-            p[2 * i + 0] = ((b[3 * i + 0] >> 0) |
-                            ((word16)b[3 * i + 1] << 8)) & 0xfff;
-            p[2 * i + 1] = ((b[3 * i + 1] >> 4) |
-                            ((word16)b[3 * i + 2] << 4)) & 0xfff;
-        }
-        p += KYBER_N;
-        b += KYBER_POLY_SIZE;
-    }
-}
-
-/* Convert bytes to polynomial.
- *
- * Consecutive 12 bits hold each coefficient of polynomial.
- * Used in decoding private and public keys.
- *
- * @param  [out]  p  Vector of polynomials.
- * @param  [in]   b  Array of bytes.
- * @param  [in]   k  Number of polynomials in vector.
- */
-void kyber_from_bytes(sword16* p, const byte* b, int k)
-{
-#ifdef USE_INTEL_SPEEDUP
-     if (IS_INTEL_AVX2(cpuid_flags)) {
-        int i;
-
-        for (i = 0; i < k; i++) {
-            kyber_from_bytes_avx2(p, b);
-            p += KYBER_N;
-            b += KYBER_POLY_SIZE;
-        }
-    }
-    else
-#endif
-    {
-        kyber_from_bytes_c(p, b, k);
-    }
-}
-
-/* Convert polynomial to bytes.
- *
- * Consecutive 12 bits hold each coefficient of polynomial.
- * Used in encoding private and public keys.
- *
- * @param  [out]  b  Array of bytes.
- * @param  [in]   p  Polynomial.
- * @param  [in]   k  Number of polynomials in vector.
- */
-static void kyber_to_bytes_c(byte* b, sword16* p, int k)
-{
-    int i;
-    int j;
-
-    /* Reduce each coefficient to mod q. */
-    kyber_csubq_c(p);
-    /* All values are now positive. */
-
-    for (j = 0; j < k; j++) {
-        for (i = 0; i < KYBER_N / 2; i++) {
-            word16 t0 = p[2 * i];
-            word16 t1 = p[2 * i + 1];
-            b[3 * i + 0] = (t0 >> 0);
-            b[3 * i + 1] = (t0 >> 8) | t1 << 4;
-            b[3 * i + 2] = (t1 >> 4);
-        }
-        p += KYBER_N;
-        b += KYBER_POLY_SIZE;
-    }
-}
-
-/* Convert polynomial to bytes.
- *
- * Consecutive 12 bits hold each coefficient of polynomial.
- * Used in encoding private and public keys.
- *
- * @param  [out]  b  Array of bytes.
- * @param  [in]   p  Polynomial.
- * @param  [in]   k  Number of polynomials in vector.
- */
-void kyber_to_bytes(byte* b, sword16* p, int k)
-{
-#ifdef USE_INTEL_SPEEDUP
-     if (IS_INTEL_AVX2(cpuid_flags)) {
-        int i;
-
-        for (i = 0; i < k; i++) {
-            kyber_to_bytes_avx2(b, p);
-            p += KYBER_N;
-            b += KYBER_POLY_SIZE;
-        }
-    }
-    else
-#endif
-    {
-        kyber_to_bytes_c(b, p, k);
-    }
-}
-
-#endif /* WOLFSSL_WC_KYBER */
diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c
index cbe9d1f7b..f8b2c105b 100644
--- a/wolfcrypt/src/wc_lms.c
+++ b/wolfcrypt/src/wc_lms.c
@@ -1,6 +1,6 @@
 /* wc_lms.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS)
 #include <wolfssl/wolfcrypt/wc_lms.h>
@@ -42,8 +36,8 @@
  *
  * @param [in] w  Winternitz width.
  */
-#define LMS_U(w)                    \
-    (8 * WC_SHA256_DIGEST_SIZE / (w))
+#define LMS_U(w, hLen)              \
+    (8 * (hLen) / (w))
 /* Calculate u. Appendix B. Works for w of 1, 2, 4, or 8.
  *
  * @param [in] w   Winternitz width.
@@ -63,17 +57,17 @@
  * @param [in] w   Winternitz width.
  * @param [in] wb  Winternitz width length in bits.
  */
-#define LMS_P(w, wb)                \
-    (LMS_U(w) + LMS_V(w, wb))
+#define LMS_P(w, wb, hLen)          \
+    (LMS_U(w, hLen) + LMS_V(w, wb))
 /* Calculate signature length.
  *
  * @param [in] l  Number of levels.
  * @param [in] h  Height of the trees.
  * @param [in] p  Number of n-byte string elements in signature for a tree.
  */
-#define LMS_PARAMS_SIG_LEN(l, h, p)                                     \
-    (4 + (l) * (4 + 4 + 4 + WC_SHA256_DIGEST_SIZE * (1 + (p) + (h))) +  \
-     ((l) - 1) * LMS_PUBKEY_LEN)
+#define LMS_PARAMS_SIG_LEN(l, h, p, hLen)               \
+    (4 + (l) * (4 + 4 + 4 + (hLen) * (1 + (p) + (h))) + \
+     ((l) - 1) * LMS_PUBKEY_LEN(hLen))
 
 #ifndef WOLFSSL_WC_LMS_SMALL
     /* Root levels and leaf cache bits. */
@@ -94,9 +88,10 @@
  * @param [in] t   LMS type.
  * @param [in] t2  LM-OTS type.
  */
-#define LMS_PARAMS(l, h, w, wb, t, t2)                              \
-    { l, h, w, LMS_LS(w, wb), LMS_P(w, wb), t, t2,                  \
-      LMS_PARAMS_SIG_LEN(l, h, LMS_P(w, wb)), LMS_PARAMS_CACHE(h) }
+#define LMS_PARAMS(l, h, w, wb, t, t2, hLen)                \
+    { l, h, w, LMS_LS(w, wb), LMS_P(w, wb, hLen), t, t2,    \
+      LMS_PARAMS_SIG_LEN(l, h, LMS_P(w, wb, hLen), hLen),   \
+      (hLen), LMS_PARAMS_CACHE(h) }
 
 
 /* Initialize the working state for LMS operations.
@@ -138,112 +133,230 @@ static void wc_lmskey_state_free(LmsState* state)
 
 /* Supported LMS parameters. */
 static const wc_LmsParamsMap wc_lms_map[] = {
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 #if LMS_MAX_HEIGHT >= 15
     { WC_LMS_PARM_NONE     , "LMS_NONE"         ,
-      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H15_W2, "LMS/HSS L1_H15_W2",
-      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H15_W4, "LMS/HSS L1_H15_W4",
-      LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #if LMS_MAX_LEVELS >= 2
 #if LMS_MAX_HEIGHT >= 10
     { WC_LMS_PARM_L2_H10_W2, "LMS/HSS L2_H10_W2",
-      LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H10_W4, "LMS/HSS L2_H10_W4",
-      LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H10_W8, "LMS/HSS L2_H10_W8",
-      LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #endif
 #if LMS_MAX_LEVELS >= 3
     { WC_LMS_PARM_L3_H5_W2 , "LMS/HSS L3_H5_W2" ,
-      LMS_PARAMS(3,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(3,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L3_H5_W4 , "LMS/HSS L3_H5_W4" ,
-      LMS_PARAMS(3,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(3,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L3_H5_W8 , "LMS/HSS L3_H5_W8" ,
-      LMS_PARAMS(3,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(3,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #if LMS_MAX_HEIGHT >= 10
     { WC_LMS_PARM_L3_H10_W4, "LMS/HSS L3_H10_W4",
-      LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #endif
 #if LMS_MAX_LEVELS >= 4
     { WC_LMS_PARM_L4_H5_W8 , "LMS/HSS L4_H5_W8" ,
-      LMS_PARAMS(4,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(4,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 
     /* For when user sets L, H, W explicitly. */
     { WC_LMS_PARM_L1_H5_W1 , "LMS/HSS_L1_H5_W1" ,
-      LMS_PARAMS(1,  5, 1, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W1) },
+      LMS_PARAMS(1,  5, 1, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W1,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H5_W2 , "LMS/HSS_L1_H5_W2" ,
-      LMS_PARAMS(1,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(1,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H5_W4 , "LMS/HSS_L1_H5_W4" ,
-      LMS_PARAMS(1,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(1,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H5_W8 , "LMS/HSS_L1_H5_W8" ,
-      LMS_PARAMS(1,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(1,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #if LMS_MAX_HEIGHT >= 10
     { WC_LMS_PARM_L1_H10_W2 , "LMS/HSS_L1_H10_W2",
-      LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H10_W4 , "LMS/HSS_L1_H10_W4",
-      LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H10_W8 , "LMS/HSS_L1_H10_W8",
-      LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #if LMS_MAX_HEIGHT >= 15
     { WC_LMS_PARM_L1_H15_W8 , "LMS/HSS L1_H15_W8",
-      LMS_PARAMS(1, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(1, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #if LMS_MAX_HEIGHT >= 20
     { WC_LMS_PARM_L1_H20_W2 , "LMS/HSS_L1_H20_W2",
-      LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H20_W4 , "LMS/HSS_L1_H20_W4",
-      LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L1_H20_W8 , "LMS/HSS_L1_H20_W8",
-      LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #if LMS_MAX_LEVELS >= 2
     { WC_LMS_PARM_L2_H5_W2 , "LMS/HSS_L2_H5_W2" ,
-      LMS_PARAMS(2,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(2,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H5_W4 , "LMS/HSS_L2_H5_W4" ,
-      LMS_PARAMS(2,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(2,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H5_W8 , "LMS/HSS_L2_H5_W8" ,
-      LMS_PARAMS(2,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(2,  5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #if LMS_MAX_HEIGHT >= 15
     { WC_LMS_PARM_L2_H15_W2 , "LMS/HSS_L2_H15_W2",
-      LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H15_W4 , "LMS/HSS_L2_H15_W4",
-      LMS_PARAMS(2, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(2, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H15_W8 , "LMS/HSS_L2_H15_W8",
-      LMS_PARAMS(2, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(2, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #if LMS_MAX_HEIGHT >= 20
     { WC_LMS_PARM_L2_H20_W2 , "LMS/HSS_L2_H20_W2",
-      LMS_PARAMS(2, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(2, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H20_W4 , "LMS/HSS_L2_H20_W4",
-      LMS_PARAMS(2, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(2, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L2_H20_W8 , "LMS/HSS_L2_H20_W8",
-      LMS_PARAMS(2, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(2, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #endif
 #if LMS_MAX_LEVELS >= 3
 #if LMS_MAX_HEIGHT >= 10
     { WC_LMS_PARM_L3_H10_W8 , "LMS/HSS L3_H10_W8",
-      LMS_PARAMS(3, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(3, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #endif
 #if LMS_MAX_LEVELS >= 4
     { WC_LMS_PARM_L4_H5_W2 , "LMS/HSS L4_H5_W2" ,
-      LMS_PARAMS(4,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) },
+      LMS_PARAMS(4,  5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L4_H5_W4 , "LMS/HSS L4_H5_W4" ,
-      LMS_PARAMS(4,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(4,  5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
 #if LMS_MAX_HEIGHT >= 10
     { WC_LMS_PARM_L4_H10_W4 , "LMS/HSS L4_H10_W4",
-      LMS_PARAMS(4, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) },
+      LMS_PARAMS(4, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4,
+                 WC_SHA256_DIGEST_SIZE) },
     { WC_LMS_PARM_L4_H10_W8 , "LMS/HSS L4_H10_W8",
-      LMS_PARAMS(4, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) },
+      LMS_PARAMS(4, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8,
+                 WC_SHA256_DIGEST_SIZE) },
 #endif
 #endif
+#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
+
+#ifdef WOLFSSL_LMS_SHA256_192
+#if LMS_MAX_HEIGHT >= 15
+    { WC_LMS_PARM_SHA256_192_L1_H15_W2, "LMS/HSS_SHA256/192 L1_H15_W2",
+      LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H15_W4, "LMS/HSS_SHA256/192 L1_H15_W4",
+      LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#if LMS_MAX_LEVELS >= 2
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_SHA256_192_L2_H10_W2, "LMS/HSS SHA256/192 L2_H10_W2",
+      LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L2_H10_W4, "LMS/HSS SHA256/192 L2_H10_W4",
+      LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L2_H10_W8, "LMS/HSS SHA256/192 L2_H10_W8",
+      LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#endif
+#if LMS_MAX_LEVELS >= 3
+    { WC_LMS_PARM_SHA256_192_L3_H5_W2 , "LMS/HSS_SHA256/192 L3_H5_W2" ,
+      LMS_PARAMS(3,  5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L3_H5_W4 , "LMS/HSS_SHA256/192 L3_H5_W4" ,
+      LMS_PARAMS(3,  5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L3_H5_W8 , "LMS/HSS_SHA256/192 L3_H5_W8" ,
+      LMS_PARAMS(3,  5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_SHA256_192_L3_H10_W4, "LMS/HSS_SHA256/192 L3_H10_W4",
+      LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#endif
+#if LMS_MAX_LEVELS >= 4
+    { WC_LMS_PARM_SHA256_192_L4_H5_W8 , "LMS/HSS_SHA256/192 L4_H5_W8" ,
+      LMS_PARAMS(4,  5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+
+    { WC_LMS_PARM_SHA256_192_L1_H5_W1 , "LMS/HSS_SHA256/192_L1_H5_W1" ,
+      LMS_PARAMS(1,  5, 1, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W1,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H5_W2 , "LMS/HSS_SHA256/192_L1_H5_W2" ,
+      LMS_PARAMS(1,  5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H5_W4 , "LMS/HSS_SHA256/192_L1_H5_W4" ,
+      LMS_PARAMS(1,  5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H5_W8 , "LMS/HSS_SHA256/192_L1_H5_W8" ,
+      LMS_PARAMS(1,  5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#if LMS_MAX_HEIGHT >= 10
+    { WC_LMS_PARM_SHA256_192_L1_H10_W2 , "LMS/HSS_SHA256/192_L1_H10_W2",
+      LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H10_W4 , "LMS/HSS_SHA256/192_L1_H10_W4",
+      LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H10_W8 , "LMS/HSS_SHA256/192_L1_H10_W8",
+      LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#if LMS_MAX_HEIGHT >= 20
+    { WC_LMS_PARM_SHA256_192_L1_H20_W2 , "LMS/HSS_SHA256/192_L1_H20_W2",
+      LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W2,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H20_W4 , "LMS/HSS_SHA256/192_L1_H20_W4",
+      LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W4,
+                 WC_SHA256_192_DIGEST_SIZE) },
+    { WC_LMS_PARM_SHA256_192_L1_H20_W8 , "LMS/HSS_SHA256/192_L1_H20_W8",
+      LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W8,
+                 WC_SHA256_192_DIGEST_SIZE) },
+#endif
+#endif /* WOLFSSL_LMS_SHA256_192 */
 };
 /* Number of parameter sets supported. */
 #define WC_LMS_MAP_LEN      ((int)(sizeof(wc_lms_map) / sizeof(*wc_lms_map)))
@@ -476,7 +589,7 @@ void wc_LmsKey_Free(LmsKey* key)
 
             ForceZero(key->priv_data, LMS_PRIV_DATA_LEN(params->levels,
                 params->height, params->p, params->rootLevels,
-                params->cacheBits));
+                params->cacheBits, params->hash_len));
 
             XFREE(key->priv_data, key->heap, DYNAMIC_TYPE_LMS);
         }
@@ -630,8 +743,8 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
 
         /* Allocate memory for the private key data. */
         key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels,
-            params->height, params->p, params->rootLevels, params->cacheBits),
-            key->heap, DYNAMIC_TYPE_LMS);
+            params->height, params->p, params->rootLevels, params->cacheBits,
+            params->hash_len), key->heap, DYNAMIC_TYPE_LMS);
         /* Check pointer is valid. */
         if (key->priv_data == NULL) {
             ret = MEMORY_E;
@@ -646,7 +759,7 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
 
     #ifdef WOLFSSL_SMALL_STACK
         /* Allocate memory for working state. */
-        state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (state == NULL) {
             ret = MEMORY_E;
         }
@@ -669,8 +782,8 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
     }
     if (ret == 0) {
         /* Write private key to storage. */
-        int rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN,
-            key->context);
+        int rv = key->write_private_key(key->priv_raw,
+            HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context);
         if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) {
             ret = IO_FAILED_E;
         }
@@ -729,8 +842,8 @@ int wc_LmsKey_Reload(LmsKey* key)
 
         /* Allocate memory for the private key data. */
         key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels,
-            params->height, params->p, params->rootLevels, params->cacheBits),
-            key->heap, DYNAMIC_TYPE_LMS);
+            params->height, params->p, params->rootLevels, params->cacheBits,
+            params->hash_len), key->heap, DYNAMIC_TYPE_LMS);
         /* Check pointer is valid. */
         if (key->priv_data == NULL) {
             ret = MEMORY_E;
@@ -738,8 +851,8 @@ int wc_LmsKey_Reload(LmsKey* key)
     }
     if (ret == 0) {
         /* Load private key. */
-        int rv = key->read_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN,
-            key->context);
+        int rv = key->read_private_key(key->priv_raw,
+            HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context);
         if (rv != WC_LMS_RC_READ_TO_MEMORY) {
             ret = IO_FAILED_E;
         }
@@ -761,7 +874,7 @@ int wc_LmsKey_Reload(LmsKey* key)
 
     #ifdef WOLFSSL_SMALL_STACK
         /* Allocate memory for working state. */
-        state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (state == NULL) {
             ret = MEMORY_E;
         }
@@ -808,7 +921,7 @@ int wc_LmsKey_GetPrivLen(const LmsKey* key, word32* len)
 
     if (ret == 0) {
         /* Return private key length from parameter set. */
-        *len = HSS_PRIVATE_KEY_LEN;
+        *len = HSS_PRIVATE_KEY_LEN(key->params->hash_len);
     }
 
     return ret;
@@ -859,7 +972,7 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg,
 
     #ifdef WOLFSSL_SMALL_STACK
         /* Allocate memory for working state. */
-        state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (state == NULL) {
             ret = MEMORY_E;
         }
@@ -885,8 +998,8 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg,
     }
     if (ret == 0) {
         /* Write private key to storage. */
-        int rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN,
-            key->context);
+        int rv = key->write_private_key(key->priv_raw,
+            HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context);
         if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) {
             ret = IO_FAILED_E;
         }
@@ -933,7 +1046,7 @@ int wc_LmsKey_GetPubLen(const LmsKey* key, word32* len)
     }
 
     if (ret == 0) {
-        *len = HSS_PUBLIC_KEY_LEN;
+        *len = HSS_PUBLIC_KEY_LEN(key->params->hash_len);
     }
 
     return ret;
@@ -996,14 +1109,15 @@ int wc_LmsKey_ExportPubRaw(const LmsKey* key, byte* out, word32* outLen)
         ret = BAD_FUNC_ARG;
     }
     /* Check size of out is sufficient. */
-    if ((ret == 0) && (*outLen < HSS_PUBLIC_KEY_LEN)) {
+    if ((ret == 0) &&
+            (*outLen < (word32)HSS_PUBLIC_KEY_LEN(key->params->hash_len))) {
         ret = BUFFER_E;
     }
 
     if (ret == 0) {
         /* Return encoded public key. */
-        XMEMCPY(out, key->pub, HSS_PUBLIC_KEY_LEN);
-        *outLen = HSS_PUBLIC_KEY_LEN;
+        XMEMCPY(out, key->pub, HSS_PUBLIC_KEY_LEN(key->params->hash_len));
+        *outLen = HSS_PUBLIC_KEY_LEN(key->params->hash_len);
     }
 
     return ret;
@@ -1032,7 +1146,8 @@ int wc_LmsKey_ImportPubRaw(LmsKey* key, const byte* in, word32 inLen)
     if ((key == NULL) || (in == NULL)) {
         ret = BAD_FUNC_ARG;
     }
-    if ((ret == 0) && (inLen != HSS_PUBLIC_KEY_LEN)) {
+    if ((ret == 0) &&
+            (inLen != (word32)HSS_PUBLIC_KEY_LEN(key->params->hash_len))) {
         /* Something inconsistent. Parameters weren't set, or input
          * pub key is wrong.*/
         return BUFFER_E;
@@ -1041,7 +1156,8 @@ int wc_LmsKey_ImportPubRaw(LmsKey* key, const byte* in, word32 inLen)
     if (ret == 0) {
         XMEMCPY(key->pub, in, inLen);
 
-        key->state = WC_LMS_STATE_VERIFYONLY;
+        if (key->state != WC_LMS_STATE_OK)
+            key->state = WC_LMS_STATE_VERIFYONLY;
     }
 
     return ret;
@@ -1118,7 +1234,7 @@ int wc_LmsKey_Verify(LmsKey* key, const byte* sig, word32 sigSz,
 
     #ifdef WOLFSSL_SMALL_STACK
         /* Allocate memory for working state. */
-        state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (state == NULL) {
             ret = MEMORY_E;
         }
diff --git a/wolfcrypt/src/wc_lms_impl.c b/wolfcrypt/src/wc_lms_impl.c
index 86037d464..57158ba92 100644
--- a/wolfcrypt/src/wc_lms_impl.c
+++ b/wolfcrypt/src/wc_lms_impl.c
@@ -1,6 +1,6 @@
 /* wc_lms_impl.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,12 +37,9 @@
  *   Enable when memory is limited.
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #include <wolfssl/wolfcrypt/wc_lms.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -79,24 +76,19 @@
 #define LMS_D_CHILD_I       0xffff
 
 /* Length of data to hash when computing seed:
- *   16 + 4 + 2 + 32 = 54 */
-#define LMS_SEED_HASH_LEN  \
-    (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + LMS_MAX_NODE_LEN)
+ *   16 + 4 + 2 + 32/24 = 54/46 */
+#define LMS_SEED_HASH_LEN(hLen)     \
+    (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + (hLen))
 
 /* Length of data to hash when computing a node:
- *   16 + 4 + 2 + 32 + 32 = 86 */
-#define LMS_NODE_HASH_LEN   \
-    (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + 2 * LMS_MAX_NODE_LEN)
+ *   16 + 4 + 2 + 32/24 + 32/24 = 86/70 */
+#define LMS_NODE_HASH_LEN(hLen)     \
+    (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + 2 * (hLen))
 
 /* Length of data to hash when computing most results:
- *   16 + 4 + 2 + 1 + 32 = 55 */
-#define LMS_HASH_BUFFER_LEN \
-    (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + LMS_MAX_NODE_LEN)
-
-/* Length of data to hash when computing Q:
- *   16 + 4 + 2 + 32 = 54 */
-#define LMS_Q_BUFFER_LEN    \
-    (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_MAX_NODE_LEN)
+ *   16 + 4 + 2 + 1 + 32/24 = 55/47 */
+#define LMS_HASH_BUFFER_LEN(hLen)   \
+    (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + (hLen))
 
 /* Length of preliminary data to hash when computing K:
  *   16 + 4 + 2 = 22 */
@@ -108,7 +100,7 @@
 
 
 #ifdef WC_LMS_DEBUG_PRINT_DATA
-/* Print data when dubgging implementation.
+/* Print data when debugging implementation.
  *
  * @param [in] name  String to print before data.
  * @param [in] data  Array of bytes.
@@ -226,6 +218,7 @@ do {                                    \
     (buffer)[63] = 0xb8;                \
 } while (0)
 
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 #ifndef WC_LMS_FULL_HASH
 /* Hash one full block of data and compute result.
  *
@@ -290,6 +283,7 @@ static WC_INLINE int wc_lms_hash(wc_Sha256* sha256, byte* data, word32 len,
 
     return ret;
 }
+#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
 
 /* Update hash with first data.
  *
@@ -361,6 +355,7 @@ static WC_INLINE int wc_lms_hash_update(wc_Sha256* sha256, const byte* data,
     return ret;
 }
 
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 /* Finalize hash.
  *
  * @param [in]  sha256  SHA-256 hash object.
@@ -403,6 +398,201 @@ static WC_INLINE int wc_lms_hash_final(wc_Sha256* sha256, byte* hash)
     return wc_Sha256Final(sha256, hash);
 #endif
 }
+#endif /* !WOLFSSL_NO_LMS_SHA256_256 */
+
+#ifdef WOLFSSL_LMS_SHA256_192
+/* Set the length of 46 bytes in buffer as per SHA-256 final operation.
+ *
+ * @param [in, out] buffer  Hash data buffer to add length to.
+ */
+#define LMS_SHA256_SET_LEN_46(buffer)   \
+do {                                    \
+    (buffer)[46] = 0x80;                \
+    (buffer)[47] = 0x00;                \
+    (buffer)[48] = 0x00;                \
+    (buffer)[49] = 0x00;                \
+    (buffer)[50] = 0x00;                \
+    (buffer)[51] = 0x00;                \
+    (buffer)[52] = 0x00;                \
+    (buffer)[53] = 0x00;                \
+    (buffer)[54] = 0x00;                \
+    (buffer)[55] = 0x00;                \
+    (buffer)[56] = 0x00;                \
+    (buffer)[57] = 0x00;                \
+    (buffer)[58] = 0x00;                \
+    (buffer)[59] = 0x00;                \
+    (buffer)[60] = 0x00;                \
+    (buffer)[61] = 0x00;                \
+    (buffer)[62] = 0x01;                \
+    (buffer)[63] = 0x70;                \
+} while (0)
+
+/* Set the length of 47 bytes in buffer as per SHA-256 final operation.
+ *
+ * @param [in, out] buffer  Hash data buffer to add length to.
+ */
+#define LMS_SHA256_SET_LEN_47(buffer)   \
+do {                                    \
+    (buffer)[47] = 0x80;                \
+    (buffer)[48] = 0x00;                \
+    (buffer)[49] = 0x00;                \
+    (buffer)[50] = 0x00;                \
+    (buffer)[51] = 0x00;                \
+    (buffer)[52] = 0x00;                \
+    (buffer)[53] = 0x00;                \
+    (buffer)[54] = 0x00;                \
+    (buffer)[55] = 0x00;                \
+    (buffer)[56] = 0x00;                \
+    (buffer)[57] = 0x00;                \
+    (buffer)[58] = 0x00;                \
+    (buffer)[59] = 0x00;                \
+    (buffer)[60] = 0x00;                \
+    (buffer)[61] = 0x00;                \
+    (buffer)[62] = 0x01;                \
+    (buffer)[63] = 0x78;                \
+} while (0)
+
+#ifndef WC_LMS_FULL_HASH
+/* Hash one full block of data and compute result.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [in]  data    Data to hash.
+ * @param [out] hash    Hash output.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_sha256_192_hash_block(wc_Sha256* sha256,
+    const byte* data, byte* hash)
+{
+    int ret;
+    unsigned char output[WC_SHA256_DIGEST_SIZE];
+
+    /* Hash the block and reset SHA-256 state. */
+    ret = wc_Sha256HashBlock(sha256, data, output);
+    if (ret == 0) {
+        XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+    }
+
+    return ret;
+}
+#endif /* !WC_LMS_FULL_HASH */
+
+/* Hash data and compute result.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [in]  data    Data to hash.
+ * @param [in]  len     Length of data to hash.
+ * @param [out] hash    Hash output.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_hash_sha256_192(wc_Sha256* sha256, byte* data,
+    word32 len, byte* hash)
+{
+    int ret;
+    unsigned char output[WC_SHA256_DIGEST_SIZE];
+
+#ifndef WC_LMS_FULL_HASH
+    if (len < WC_SHA256_BLOCK_SIZE) {
+        /* Store data into SHA-256 object's buffer. */
+        LMS_SHA256_SET_DATA(sha256, data, len);
+        ret = wc_Sha256Final(sha256, output);
+        if (ret == 0) {
+            XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+        }
+    }
+    else if (len < WC_SHA256_BLOCK_SIZE + WC_SHA256_PAD_SIZE) {
+        ret = wc_Sha256HashBlock(sha256, data, NULL);
+        if (ret == 0) {
+            byte* buffer = (byte*)sha256->buffer;
+            int rem = len - WC_SHA256_BLOCK_SIZE;
+
+            XMEMCPY(buffer, data + WC_SHA256_BLOCK_SIZE, rem);
+            buffer[rem++] = 0x80;
+            XMEMSET(buffer + rem, 0, WC_SHA256_BLOCK_SIZE - 2 - rem);
+            buffer[WC_SHA256_BLOCK_SIZE - 2] = (byte)(len >> 5);
+            buffer[WC_SHA256_BLOCK_SIZE - 1] = (byte)(len << 3);
+            ret = wc_Sha256HashBlock(sha256, buffer, output);
+            if (ret == 0) {
+                XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+            }
+        }
+    }
+    else {
+        ret = wc_Sha256Update(sha256, data, len);
+        if (ret == 0) {
+            ret = wc_Sha256Final(sha256, output);
+            if (ret == 0) {
+                XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+            }
+        }
+    }
+#else
+    ret = wc_Sha256Update(sha256, data, len);
+    if (ret == 0) {
+        ret = wc_Sha256Final(sha256, output);
+        if (ret == 0) {
+            XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+        }
+    }
+#endif /* !WC_LMS_FULL_HASH */
+
+    return ret;
+}
+
+/* Finalize hash.
+ *
+ * @param [in]  sha256  SHA-256 hash object.
+ * @param [out] hash    Hash output.
+ * @return  0 on success.
+ */
+static WC_INLINE int wc_lms_hash_sha256_192_final(wc_Sha256* sha256, byte* hash)
+{
+#ifndef WC_LMS_FULL_HASH
+    int ret = 0;
+    byte* buffer = (byte*)sha256->buffer;
+    unsigned char output[WC_SHA256_DIGEST_SIZE];
+
+    buffer[sha256->buffLen++] = 0x80;
+    if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
+        XMEMSET(buffer + sha256->buffLen, 0,
+            WC_SHA256_BLOCK_SIZE - sha256->buffLen);
+        ret = wc_Sha256HashBlock(sha256, buffer, NULL);
+        sha256->buffLen = 0;
+    }
+    if (ret == 0) {
+        XMEMSET(buffer + sha256->buffLen, 0,
+            WC_SHA256_BLOCK_SIZE - 8 - sha256->buffLen);
+        sha256->hiLen = (sha256->hiLen << 3) + (sha256->loLen >> 29);
+        sha256->loLen = sha256->loLen << 3;
+    #ifdef LITTLE_ENDIAN_ORDER
+        sha256->buffer[14] = ByteReverseWord32(sha256->hiLen);
+        sha256->buffer[15] = ByteReverseWord32(sha256->loLen);
+    #else
+        sha256->buffer[14] = sha256->hiLen;
+        sha256->buffer[15] = sha256->loLen;
+    #endif
+        ret = wc_Sha256HashBlock(sha256, buffer, output);
+        if (ret == 0) {
+            XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+        }
+        sha256->buffLen = 0;
+        sha256->hiLen = 0;
+        sha256->loLen = 0;
+    }
+
+    return ret;
+#else
+    int ret;
+    unsigned char output[WC_SHA256_DIGEST_SIZE];
+
+    ret = wc_Sha256Final(sha256, output);
+    if (ret == 0) {
+        XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE);
+    }
+
+    return ret;
+#endif
+}
+#endif /* WOLFSSL_LMS_SHA256_192 */
 
 /***************************************
  * LM-OTS APIs
@@ -619,16 +809,30 @@ static int wc_lmots_msg_hash(LmsState* state, const byte* msg, word32 msgSz,
     ret = wc_lms_hash_first(&state->hash, buffer, LMS_MSG_PRE_LEN);
     if (ret == 0) {
         /* H(... || C || ...) */
-        ret = wc_lms_hash_update(&state->hash, c, LMS_MAX_NODE_LEN);
+        ret = wc_lms_hash_update(&state->hash, c, state->params->hash_len);
     }
     if (ret == 0) {
         /* H(... || message) */
         ret = wc_lms_hash_update(&state->hash, msg, msgSz);
     }
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((ret == 0) &&
+            ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) {
+        /* Q = H(...) */
+        ret = wc_lms_hash_sha256_192_final(&state->hash, q);
+    }
+    else
+#endif
+#ifndef WOLFSSL_NO_LMS_SHA256_256
     if (ret == 0) {
         /* Q = H(...) */
         ret = wc_lms_hash_final(&state->hash, q);
     }
+    else
+#endif
+    {
+        ret = NOT_COMPILED_IN;
+    }
 
     return ret;
 }
@@ -651,7 +855,7 @@ static int wc_lmots_msg_hash(LmsState* state, const byte* msg, word32 msgSz,
  *        }
  *        y[i] = tmp
  *      }
- * x[i] can be calculated on the fly using psueodo key generation in Appendix A.
+ * x[i] can be calculated on the fly using pseudo key generation in Appendix A.
  * Appendix A, The elements of the LM-OTS private keys are computed as:
  *   x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED).
  *
@@ -667,7 +871,7 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed,
     const byte* msg, word32 msgSz, const byte* c, byte* y)
 {
     const LmsParams* params = state->params;
-    int ret = 0;
+    int ret;
     word16 i;
     byte q[LMS_MAX_NODE_LEN + LMS_CKSM_LEN];
 #ifdef WOLFSSL_SMALL_STACK
@@ -684,15 +888,26 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed,
     ret = wc_lmots_msg_hash(state, msg, msgSz, c, q);
     if (ret == 0) {
         /* Calculate checksum list all coefficients. */
-        ret = wc_lmots_q_expand(q, LMS_MAX_NODE_LEN, params->width, params->ls,
-             a);
+        ret = wc_lmots_q_expand(q, (word8)params->hash_len, params->width,
+            params->ls, a);
     }
-    #ifndef WC_LMS_FULL_HASH
+#ifndef WC_LMS_FULL_HASH
     if (ret == 0) {
-        /* Put in padding for final block. */
-        LMS_SHA256_SET_LEN_55(buffer);
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            /* Put in padding for final block. */
+            LMS_SHA256_SET_LEN_47(buffer);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            /* Put in padding for final block. */
+            LMS_SHA256_SET_LEN_55(buffer);
+        #endif
+        }
     }
-    #endif /* !WC_LMS_FULL_HASH */
+#endif /* !WC_LMS_FULL_HASH */
 
     /* Compute y for each coefficient. */
     for (i = 0; (ret == 0) && (i < params->p); i++) {
@@ -702,29 +917,84 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed,
          *     = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */
         c16toa(i, ip);
         *jp = LMS_D_FIXED;
-        XMEMCPY(tmp, seed, LMS_SEED_LEN);
-    #ifndef WC_LMS_FULL_HASH
-        ret = wc_lms_hash_block(&state->hash, buffer, tmp);
-    #else
-        ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp);
-    #endif /* !WC_LMS_FULL_HASH */
+#ifndef WC_LMS_FULL_HASH
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+            ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#else
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+            ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+            ret = wc_lms_hash(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#endif /* !WC_LMS_FULL_HASH */
 
         /* Apply the hash function coefficient number of times. */
         for (j = 0; (ret == 0) && (j < a[i]); j++) {
             /* I || u32str(q) || u16str(i) || u8str(j) || tmp */
             *jp = j;
             /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */
-        #ifndef WC_LMS_FULL_HASH
-            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
-        #else
-            ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp);
-        #endif /* !WC_LMS_FULL_HASH */
+    #ifndef WC_LMS_FULL_HASH
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #else
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #endif /* !WC_LMS_FULL_HASH */
         }
 
         if (ret == 0) {
             /* y[i] = tmp */
-            XMEMCPY(y, tmp, LMS_MAX_NODE_LEN);
-            y += LMS_MAX_NODE_LEN;
+            XMEMCPY(y, tmp, params->hash_len);
+            y += params->hash_len;
         }
     }
 
@@ -789,15 +1059,26 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg,
     }
     if (ret == 0) {
         /* Calculate checksum list all coefficients. */
-        ret = wc_lmots_q_expand(q, LMS_MAX_NODE_LEN, params->width, params->ls,
-            a);
+        ret = wc_lmots_q_expand(q, (word8)params->hash_len, params->width,
+            params->ls, a);
     }
-    #ifndef WC_LMS_FULL_HASH
+#ifndef WC_LMS_FULL_HASH
     if (ret == 0) {
-        /* Put in padding for final block. */
-        LMS_SHA256_SET_LEN_55(buffer);
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            /* Put in padding for final block. */
+            LMS_SHA256_SET_LEN_47(buffer);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            /* Put in padding for final block. */
+            LMS_SHA256_SET_LEN_55(buffer);
+        #endif
+        }
     }
-    #endif /* !WC_LMS_FULL_HASH */
+#endif /* !WC_LMS_FULL_HASH */
 
     /* Compute z for each coefficient. */
     for (i = 0; (ret == 0) && (i < params->p); i++) {
@@ -808,30 +1089,69 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg,
 
         /* tmp = y[i].
          * I || u32(str) || u16str(i) || ... || tmp */
-        XMEMCPY(tmp, sig_y, LMS_MAX_NODE_LEN);
-        sig_y += LMS_MAX_NODE_LEN;
+        XMEMCPY(tmp, sig_y, params->hash_len);
+        sig_y += params->hash_len;
 
         /* Finish iterations of hash from coefficient to max. */
         for (j = a[i]; (ret == 0) && (j < max); j++) {
             /* I || u32str(q) || u16str(i) || u8str(j) || tmp */
             *jp = (word8)j;
             /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */
-        #ifndef WC_LMS_FULL_HASH
-            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
-        #else
-            ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp);
-        #endif /* !WC_LMS_FULL_HASH */
+    #ifndef WC_LMS_FULL_HASH
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+            /* Apply the hash function coefficient number of times. */
+    #else
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #endif /* !WC_LMS_FULL_HASH */
         }
 
         if (ret == 0) {
             /* H(... || z[i] || ...) (for calculating Kc). */
-            ret = wc_lms_hash_update(&state->hash_k, tmp, LMS_MAX_NODE_LEN);
+            ret = wc_lms_hash_update(&state->hash_k, tmp, params->hash_len);
         }
     }
 
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((ret == 0) &&
+            ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) {
+        /* Kc = H(...) */
+        ret = wc_lms_hash_sha256_192_final(&state->hash_k, kc);
+    }
+    else
+#endif
     if (ret == 0) {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
         /* Kc = H(...) */
         ret = wc_lms_hash_final(&state->hash_k, kc);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
     }
 
     return ret;
@@ -854,7 +1174,7 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg,
  *      }
  *      K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1])
  *   ...
- * x[i] can be calculated on the fly using psueodo key generation in Appendix A.
+ * x[i] can be calculated on the fly using pseudo key generation in Appendix A.
  * Appendix A, The elements of the LM-OTS private keys are computed as:
  *   x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED).
  *
@@ -879,8 +1199,19 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k)
     ret = wc_lms_hash_first(&state->hash_k, buffer, LMS_K_PRE_LEN);
 
 #ifndef WC_LMS_FULL_HASH
-    /* Put in padding for final block. */
-    LMS_SHA256_SET_LEN_55(buffer);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_47(buffer);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_55(buffer);
+    #endif
+    }
 #endif /* !WC_LMS_FULL_HASH */
 
     for (i = 0; (ret == 0) && (i < params->p); i++) {
@@ -890,31 +1221,97 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k)
          *     = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */
         c16toa(i, ip);
         *jp = LMS_D_FIXED;
-        XMEMCPY(tmp, seed, LMS_SEED_LEN);
-    #ifndef WC_LMS_FULL_HASH
-        ret = wc_lms_hash_block(&state->hash, buffer, tmp);
-    #else
-        ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp);
-    #endif /* !WC_LMS_FULL_HASH */
+#ifndef WC_LMS_FULL_HASH
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+            ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#else
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+            ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+            ret = wc_lms_hash(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#endif /* !WC_LMS_FULL_HASH */
         /* Do all iterations to calculate y. */
         for (j = 0; (ret == 0) && (j < max); j++) {
             /* I || u32str(q) || u16str(i) || u8str(j) || tmp */
             *jp = (word8)j;
             /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */
-        #ifndef WC_LMS_FULL_HASH
-            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
-        #else
-            ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp);
-        #endif /* !WC_LMS_FULL_HASH */
+    #ifndef WC_LMS_FULL_HASH
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #else
+        #ifdef WOLFSSL_LMS_SHA256_192
+            if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+            }
+            else
+        #endif
+            {
+            #ifndef WOLFSSL_NO_LMS_SHA256_256
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
+            }
+    #endif /* !WC_LMS_FULL_HASH */
         }
         if (ret == 0) {
             /* K = H(... || y[i] || ...) */
-            ret = wc_lms_hash_update(&state->hash_k, tmp, LMS_MAX_NODE_LEN);
+            ret = wc_lms_hash_update(&state->hash_k, tmp, params->hash_len);
         }
     }
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((ret == 0) && ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) {
+        /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */
+        ret = wc_lms_hash_sha256_192_final(&state->hash_k, k);
+    }
+    else
+#endif
     if (ret == 0) {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
         /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */
         ret = wc_lms_hash_final(&state->hash_k, k);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
     }
 
     return ret;
@@ -935,13 +1332,13 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k)
 static void wc_lmots_public_key_encode(const LmsParams* params,
     const byte* priv, byte* pub)
 {
-    const byte* priv_i = priv + LMS_Q_LEN + LMS_SEED_LEN;
+    const byte* priv_i = priv + LMS_Q_LEN + params->hash_len;
 
     /* u32str(type) || ... || T(1) */
-    c32toa(params->lmsType, pub);
+    c32toa(params->lmsType & LMS_H_W_MASK, pub);
     pub += 4;
     /* u32str(type) || u32str(otstype) || ... || T(1) */
-    c32toa(params->lmOtsType, pub);
+    c32toa(params->lmOtsType & LMS_H_W_MASK, pub);
     pub += 4;
     /* u32str(type) || u32str(otstype) || I || T(1) */
     XMEMCPY(pub, priv_i, LMS_I_LEN);
@@ -964,14 +1361,14 @@ static int wc_lmots_public_key_check(const LmsParams* params, const byte* pub)
     ato32(pub, &type);
     pub += 4;
     /* Compare with parameters. */
-    if (type != params->lmsType) {
+    if (type != (params->lmsType & LMS_H_W_MASK)) {
         ret = PUBLIC_KEY_E;
     }
     if (ret == 0) {
         /* Get node hash and Winternitz width type. */
         ato32(pub, &type);
         /* Compare with parameters. */
-        if (type != params->lmOtsType) {
+        if (type != (params->lmOtsType & LMS_H_W_MASK)) {
             ret = PUBLIC_KEY_E;
         }
     }
@@ -1016,7 +1413,7 @@ static int wc_lmots_calc_kc(LmsState* state, const byte* pub, const byte* msg,
         /* Get C or randomizer value from signature. */
         const byte* c = sig + LMS_TYPE_LEN;
         /* Get array y from signature. */
-        const byte* y = c + LMS_MAX_NODE_LEN;
+        const byte* y = c + state->params->hash_len;
 
         /* Compute the public key candidate Kc from the signature. */
         ret = wc_lmots_compute_kc_from_sig(state, msg, msgSz, c, y, kc);
@@ -1032,12 +1429,13 @@ static int wc_lmots_calc_kc(LmsState* state, const byte* pub, const byte* msg,
  * But use Appendix A to generate x on the fly.
  *   PRIV = SEED | I
  *
- * @param [in]  rng     Random number generator.
- * @param [out] priv    Private key data.
+ * @param [in]  rng       Random number generator.
+ * @param [in]  seed_len  Length of seed to generate.
+ * @param [out] priv      Private key data.
  */
-static int wc_lmots_make_private_key(WC_RNG* rng, byte* priv)
+static int wc_lmots_make_private_key(WC_RNG* rng, word16 seed_len, byte* priv)
 {
-    return wc_RNG_GenerateBlock(rng, priv, LMS_SEED_LEN + LMS_I_LEN);
+    return wc_RNG_GenerateBlock(rng, priv, seed_len + LMS_I_LEN);
 }
 
 /* Generate LM-OTS signature.
@@ -1071,20 +1469,60 @@ static int wc_lmots_sign(LmsState* state, const byte* seed, const byte* msg,
     c16toa(LMS_D_C, ip);
     /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || ... */
     *jp = LMS_D_FIXED;
-    /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
-    XMEMCPY(tmp, seed, LMS_SEED_LEN);
-    /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
-     * sig = u32str(type) || C || ... */
 #ifndef WC_LMS_FULL_HASH
-    /* Put in padding for final block. */
-    LMS_SHA256_SET_LEN_55(buffer);
-    ret = wc_lms_hash_block(&state->hash, buffer, sig_c);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
+        XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+        /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
+         * sig = u32str(type) || C || ... */
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_47(buffer);
+        ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, sig_c);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
+        XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+        /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
+         * sig = u32str(type) || C || ... */
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_55(buffer);
+        ret = wc_lms_hash_block(&state->hash, buffer, sig_c);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
 #else
-    ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, sig_c);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
+        XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE);
+        /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
+         * sig = u32str(type) || C || ... */
+        ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+            LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), sig_c);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */
+        XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE);
+        /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED)
+         * sig = u32str(type) || C || ... */
+        ret = wc_lms_hash(&state->hash, buffer,
+            LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), sig_c);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
 #endif /* !WC_LMS_FULL_HASH */
 
     if (ret == 0) {
-        byte* sig_y = sig_c + LMS_MAX_NODE_LEN;
+        byte* sig_y = sig_c + state->params->hash_len;
 
         /* Compute array y.
          * sig = u32str(type) || C || y[0] || ... || y[p-1] */
@@ -1113,21 +1551,21 @@ static void wc_lms_priv_state_load(const LmsParams* params, LmsPrivState* state,
 {
     /* Authentication path data. */
     state->auth_path = priv_data;
-    priv_data += params->height * LMS_MAX_NODE_LEN;
+    priv_data += params->height * params->hash_len;
 
     /* Stack of nodes. */
     state->stack.stack = priv_data;
-    priv_data += (params->height + 1) * LMS_MAX_NODE_LEN;
+    priv_data += (params->height + 1) * params->hash_len;
     ato32(priv_data, &state->stack.offset);
     priv_data += 4;
 
     /* Cached root nodes. */
     state->root = priv_data;
-    priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels);
+    priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels, params->hash_len);
 
     /* Cached leaf nodes. */
     state->leaf.cache = priv_data;
-    priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits);
+    priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits, params->hash_len);
     ato32(priv_data, &state->leaf.idx);
     priv_data += 4;
     ato32(priv_data, &state->leaf.offset);
@@ -1144,18 +1582,18 @@ static void wc_lms_priv_state_store(const LmsParams* params,
     LmsPrivState* state, byte* priv_data)
 {
     /* Authentication path data. */
-    priv_data += params->height * LMS_MAX_NODE_LEN;
+    priv_data += params->height * params->hash_len;
 
     /* Stack of nodes. */
-    priv_data += (params->height + 1) * LMS_MAX_NODE_LEN;
+    priv_data += (params->height + 1) * params->hash_len;
     c32toa(state->stack.offset, priv_data);
     priv_data += 4;
 
     /* Cached root nodes. */
-    priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels);
+    priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels, params->hash_len);
 
     /* Cached leaf nodes. */
-    priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits);
+    priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits, params->hash_len);
     c32toa(state->leaf.idx, priv_data);
     priv_data += 4;
     c32toa(state->leaf.offset, priv_data);
@@ -1173,7 +1611,7 @@ static void wc_lms_priv_state_copy(const LmsParams* params,
     LmsPrivState* dst, const LmsPrivState* src)
 {
     XMEMCPY(dst->auth_path, src->auth_path, LMS_PRIV_STATE_LEN(params->height,
-        params->rootLevels, params->cacheBits));
+        params->rootLevels, params->cacheBits, params->hash_len));
     dst->stack.offset = src->stack.offset;
     dst->leaf.idx = src->leaf.idx;
     dst->leaf.offset = src->leaf.offset;
@@ -1229,13 +1667,40 @@ static int wc_lms_leaf_hash(LmsState* state, const byte* seed, word32 i,
         /* I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i] */
         c16toa(LMS_D_LEAF, dp);
         /* temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i]) */
-    #ifndef WC_LMS_FULL_HASH
+#ifndef WC_LMS_FULL_HASH
         /* Put in padding for final block. */
-        LMS_SHA256_SET_LEN_54(buffer);
-        ret = wc_lms_hash_block(&state->hash, buffer, leaf);
-    #else
-        ret = wc_lms_hash(&state->hash, buffer, LMS_SEED_HASH_LEN, leaf);
-    #endif /* !WC_LMS_FULL_HASH */
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            LMS_SHA256_SET_LEN_46(buffer);
+            ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, leaf);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            LMS_SHA256_SET_LEN_54(buffer);
+            ret = wc_lms_hash_block(&state->hash, buffer, leaf);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#else
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                LMS_SEED_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), leaf);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            ret = wc_lms_hash(&state->hash, buffer,
+                LMS_SEED_HASH_LEN(WC_SHA256_DIGEST_SIZE), leaf);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#endif /* !WC_LMS_FULL_HASH */
     }
 
     return ret;
@@ -1259,17 +1724,38 @@ static int wc_lms_leaf_hash(LmsState* state, const byte* seed, word32 i,
 static int wc_lms_interior_hash(LmsState* state, byte* sp, word32 r,
     byte* node)
 {
+    int ret;
     byte* buffer = state->buffer;
     byte* rp = buffer + LMS_I_LEN;
     byte* left = rp + LMS_R_LEN + LMS_D_LEN;
 
     /* I || u32str(r) || u16str(D_INTR) || ... || temp */
     c32toa(r, rp);
-    /* left_side = pop(data stack)
-     * I || u32str(r) || u16str(D_INTR) || left_side || temp */
-    XMEMCPY(left, sp, LMS_MAX_NODE_LEN);
-    /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */
-    return wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, node);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* left_side = pop(data stack)
+         * I || u32str(r) || u16str(D_INTR) || left_side || temp */
+        XMEMCPY(left, sp, WC_SHA256_192_DIGEST_SIZE);
+        /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */
+        ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+            LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), node);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* left_side = pop(data stack)
+         * I || u32str(r) || u16str(D_INTR) || left_side || temp */
+        XMEMCPY(left, sp, WC_SHA256_DIGEST_SIZE);
+        /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */
+        ret = wc_lms_hash(&state->hash, buffer,
+            LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), node);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
+
+    return ret;
 }
 
 #ifdef WOLFSSL_WC_LMS_SMALL
@@ -1310,7 +1796,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed,
     byte* rp = buffer + LMS_I_LEN;
     byte* dp = rp + LMS_R_LEN;
     byte* left = dp + LMS_D_LEN;
-    byte* temp = left + LMS_MAX_NODE_LEN;
+    byte* temp = left + params->hash_len;
 #ifdef WOLFSSL_SMALL_STACK
     byte* stack = NULL;
 #else
@@ -1324,7 +1810,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed,
 
 #ifdef WOLFSSL_SMALL_STACK
     /* Allocate stack of left side hashes. */
-    stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL,
+    stack = XMALLOC((params->height + 1) * params->hash_len, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     if (stack == NULL) {
         ret = MEMORY_E;
@@ -1344,7 +1830,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed,
 
         /* Store the node if on the authentication path. */
         if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) {
-            XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN);
+            XMEMCPY(auth_path, temp, params->hash_len);
         }
 
         /* I || ... || u16str(D_INTR) || ... || temp */
@@ -1359,23 +1845,23 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed,
             /* Calculate interior node hash.
              * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp)
              */
-            sp -= LMS_MAX_NODE_LEN;
+            sp -= params->hash_len;
             ret = wc_lms_interior_hash(state, sp, r, temp);
 
             /* Copy out node to authentication path if on path. */
             if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) {
-                XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp,
-                    LMS_MAX_NODE_LEN);
+                XMEMCPY(auth_path + h * params->hash_len, temp,
+                    params->hash_len);
             }
         }
         /* Push temp onto the data stack. */
-        XMEMCPY(sp, temp, LMS_MAX_NODE_LEN);
-        sp += LMS_MAX_NODE_LEN;
+        XMEMCPY(sp, temp, params->hash_len);
+        sp += params->hash_len;
     }
 
     if ((ret == 0) && (pub != NULL)) {
         /* Public key, root node, is top of data stack. */
-        XMEMCPY(pub, stack, LMS_MAX_NODE_LEN);
+        XMEMCPY(pub, stack, params->hash_len);
     }
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(stack, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1449,7 +1935,7 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState,
     byte* rp = buffer + LMS_I_LEN;
     byte* dp = rp + LMS_R_LEN;
     byte* left = dp + LMS_D_LEN;
-    byte* temp = left + LMS_MAX_NODE_LEN;
+    byte* temp = left + params->hash_len;
 #ifdef WOLFSSL_SMALL_STACK
     byte* stack = NULL;
 #else
@@ -1473,7 +1959,7 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState,
 
 #ifdef WOLFSSL_SMALL_STACK
     /* Allocate stack of left side hashes. */
-    stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL,
+    stack = (byte*)XMALLOC((params->height + 1) * params->hash_len, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     if (stack == NULL) {
         ret = MEMORY_E;
@@ -1492,12 +1978,12 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState,
 
         /* Cache leaf node if in range. */
         if ((ret == 0) && (i >= leaf->idx) && (i < leaf->idx + max_cb)) {
-            XMEMCPY(leaf->cache + i * LMS_MAX_NODE_LEN, temp, LMS_MAX_NODE_LEN);
+            XMEMCPY(leaf->cache + i * params->hash_len, temp, params->hash_len);
         }
 
         /* Store the node if on the authentication path. */
         if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) {
-            XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN);
+            XMEMCPY(auth_path, temp, params->hash_len);
         }
 
         /* I || ... || u16str(D_INTR) || ... || temp */
@@ -1512,25 +1998,25 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState,
             /* Calculate interior node hash.
              * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp)
              */
-            spi -= LMS_MAX_NODE_LEN;
+            spi -= params->hash_len;
             ret = wc_lms_interior_hash(state, stack + spi, r, temp);
 
             /* Copy out top root nodes. */
             if ((h > params->height - params->rootLevels) &&
                     ((i >> (h-1)) != ((i + 1) >> (h - 1)))) {
                 int off = (1 << (params->height - h)) + (i >> h) - 1;
-                XMEMCPY(root + off * LMS_MAX_NODE_LEN, temp, LMS_MAX_NODE_LEN);
+                XMEMCPY(root + off * params->hash_len, temp, params->hash_len);
             }
 
             /* Copy out node to authentication path if on path. */
             if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) {
-                XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp,
-                    LMS_MAX_NODE_LEN);
+                XMEMCPY(auth_path + h * params->hash_len, temp,
+                    params->hash_len);
             }
         }
         /* Push temp onto the data stack. */
-        XMEMCPY(stack + spi, temp, LMS_MAX_NODE_LEN);
-        spi += LMS_MAX_NODE_LEN;
+        XMEMCPY(stack + spi, temp, params->hash_len);
+        spi += params->hash_len;
 
         if (i == q - 1) {
             XMEMCPY(privState->stack.stack, stack, spi);
@@ -1584,7 +2070,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
     byte* rp = buffer + LMS_I_LEN;
     byte* dp = rp + LMS_R_LEN;
     byte* left = dp + LMS_D_LEN;
-    byte* temp = left + LMS_MAX_NODE_LEN;
+    byte* temp = left + params->hash_len;
 #ifdef WOLFSSL_SMALL_STACK
     byte* stack = NULL;
 #else
@@ -1599,7 +2085,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
 
 #ifdef WOLFSSL_SMALL_STACK
     /* Allocate stack of left side hashes. */
-    stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL,
+    stack = (byte*)XMALLOC((params->height + 1) * params->hash_len, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     if (stack == NULL) {
         ret = MEMORY_E;
@@ -1607,8 +2093,10 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
 #endif /* WOLFSSL_SMALL_STACK */
 
     /* Public key, root node, is top of data stack. */
-    XMEMCPY(stack, stackCache->stack, params->height * LMS_MAX_NODE_LEN);
-    sp = stack + stackCache->offset;
+    if (ret == 0) {
+        XMEMCPY(stack, stackCache->stack, params->height * params->hash_len);
+        sp = stack + stackCache->offset;
+    }
 
     /* Compute all nodes requested. */
     for (i = min_idx; (ret == 0) && (i <= max_idx); i++) {
@@ -1620,9 +2108,9 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
         if ((i >= leaf->idx) && (i < leaf->idx + max_cb)) {
             /* Calculate offset of node in cache. */
             word32 off = ((i - (leaf->idx + max_cb) + leaf->offset) % max_cb) *
-                LMS_MAX_NODE_LEN;
+                params->hash_len;
             /* Copy cached node into working buffer. */
-            XMEMCPY(temp, leaf->cache + off, LMS_MAX_NODE_LEN);
+            XMEMCPY(temp, leaf->cache + off, params->hash_len);
             /* I || u32str(i) || ... */
             c32toa(i, rp);
         }
@@ -1634,8 +2122,8 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
              * the number of leaf nodes. */
             if ((i == leaf->idx + max_cb) && (i < (q + max_cb))) {
                 /* Copy working node into cache over old first node. */
-                XMEMCPY(leaf->cache + leaf->offset * LMS_MAX_NODE_LEN, temp,
-                    LMS_MAX_NODE_LEN);
+                XMEMCPY(leaf->cache + leaf->offset * params->hash_len, temp,
+                    params->hash_len);
                 /* Increase start index as first node replaced. */
                 leaf->idx++;
                 /* Update offset of first leaf node. */
@@ -1645,7 +2133,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
 
         /* Store the node if on the authentication path. */
         if ((ret == 0) && ((q ^ 0x1) == i)) {
-            XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN);
+            XMEMCPY(auth_path, temp, params->hash_len);
         }
 
         /* I || ... || u16str(D_INTR) || ... || temp */
@@ -1657,14 +2145,14 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
             j >>= 1;
             h++;
 
-            sp -= LMS_MAX_NODE_LEN;
+            sp -= params->hash_len;
             if (useRoot && (h > params->height - params->rootLevels) &&
                     (h <= params->height)) {
                 /* Calculate offset of cached root node. */
                 word32 off = ((word32)1U << (params->height - h)) +
                     (i >> h) - 1;
-                XMEMCPY(temp, privState->root + (off * LMS_MAX_NODE_LEN),
-                    LMS_MAX_NODE_LEN);
+                XMEMCPY(temp, privState->root + (off * params->hash_len),
+                    params->hash_len);
             }
             else {
                 /* Calculate interior node hash.
@@ -1679,20 +2167,20 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
                     (h > params->height - params->rootLevels) &&
                     ((i >> (h-1)) != ((i + 1) >> (h - 1)))) {
                 int off = (1 << (params->height - h)) + (i >> h) - 1;
-                XMEMCPY(privState->root + off * LMS_MAX_NODE_LEN, temp,
-                    LMS_MAX_NODE_LEN);
+                XMEMCPY(privState->root + off * params->hash_len, temp,
+                    params->hash_len);
             }
 
             /* Copy out node to authentication path if on path. */
             if ((ret == 0) && (((q >> h) ^ 0x1) == j)) {
-                XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp,
-                    LMS_MAX_NODE_LEN);
+                XMEMCPY(auth_path + h * params->hash_len, temp,
+                    params->hash_len);
             }
         }
         if (ret == 0) {
             /* Push temp onto the data stack. */
-            XMEMCPY(sp, temp, LMS_MAX_NODE_LEN);
-            sp += LMS_MAX_NODE_LEN;
+            XMEMCPY(sp, temp, params->hash_len);
+            sp += params->hash_len;
 
             /* Save stack after updating first node. */
             if (i == min_idx) {
@@ -1703,9 +2191,9 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState,
         }
     }
 
-    if (!useRoot) {
+    if (!useRoot && (ret == 0)) {
         /* Copy stack back. */
-        XMEMCPY(stackCache->stack, stack, params->height * LMS_MAX_NODE_LEN);
+        XMEMCPY(stackCache->stack, stack, params->height * params->hash_len);
         stackCache->offset = (word32)((size_t)sp - (size_t)stack);
     }
 
@@ -1746,7 +2234,7 @@ static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg,
     byte* s = sig;
     const byte* priv_q = priv;
     const byte* priv_seed = priv_q + LMS_Q_LEN;
-    const byte* priv_i = priv_seed + LMS_SEED_LEN;
+    const byte* priv_i = priv_seed + params->hash_len;
 
     /* Setup for hashing: I || Q */
     XMEMCPY(buffer, priv_i, LMS_I_LEN);
@@ -1758,16 +2246,16 @@ static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg,
     s += LMS_Q_LEN;
 
     /* ots_signature = sig = u32str(type) || ... */
-    c32toa(state->params->lmOtsType, s);
+    c32toa(state->params->lmOtsType & LMS_H_W_MASK, s);
     s += LMS_TYPE_LEN;
     /* Sign this level.
      * S = u32str(q) || ots_signature || ... */
     ret = wc_lmots_sign(state, priv_seed, msg, msgSz, s);
     if (ret == 0) {
         /* Skip over ots_signature. */
-        s += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN;
+        s += params->hash_len + params->p * params->hash_len;
         /* S = u32str(q) || ots_signature || u32str(type) || ... */
-        c32toa(params->lmsType, s);
+        c32toa(params->lmsType & LMS_H_W_MASK, s);
     }
 
     return ret;
@@ -1788,13 +2276,13 @@ static void wc_lms_sig_copy(const LmsParams* params, const byte* y,
     XMEMCPY(sig, priv, LMS_Q_LEN);
     sig += LMS_Q_LEN;
     /* S = u32str(q) || ... */
-    c32toa(params->lmOtsType, sig);
+    c32toa(params->lmOtsType & LMS_H_W_MASK, sig);
     sig += LMS_TYPE_LEN;
     /* S = u32str(q) || ots_signature || ... */
-    XMEMCPY(sig, y, LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN);
-    sig += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN;
+    XMEMCPY(sig, y, params->hash_len + params->p * params->hash_len);
+    sig += params->hash_len + params->p * params->hash_len;
     /* S = u32str(q) || ots_signature || u32str(type) || ... */
-    c32toa(params->lmsType, sig);
+    c32toa(params->lmsType & LMS_H_W_MASK, sig);
 }
 #endif /* !WOLFSSL_WC_LMS_SMALL && !WOLFSSL_LMS_NO_SIG_CACHE */
 #endif /* !WOLFSSL_LMS_VERIFY_ONLY */
@@ -1835,22 +2323,64 @@ static int wc_lms_compute_root(LmsState* state, word32 q, const byte* kc,
     byte* rp = buffer + LMS_I_LEN;
     byte* ip = rp + LMS_Q_LEN;
     byte* node = ip + LMS_P_LEN;
-    byte* b[2][2] = { { node,                    node + LMS_MAX_NODE_LEN },
-                      { node + LMS_MAX_NODE_LEN, node                    } };
+    byte* b[2][2];
     /* node_num = 2^h + q */
     word32 r = (1 << params->height) + q;
 
     /* tmp = H(I || u32str(node_num) || u16str(D_LEAF) || Kc) */
     c32toa(r, rp);
     c16toa(LMS_D_LEAF, ip);
-    XMEMCPY(node, kc, LMS_MAX_NODE_LEN);
+    XMEMCPY(node, kc, params->hash_len);
     /* Put tmp into offset required for first iteration. */
 #ifndef WC_LMS_FULL_HASH
     /* Put in padding for final block. */
-    LMS_SHA256_SET_LEN_54(buffer);
-    ret = wc_lms_hash_block(&state->hash, buffer, b[r & 1][0]);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        b[0][0] = node;
+        b[0][1] = node + WC_SHA256_192_DIGEST_SIZE;
+        b[1][0] = node + WC_SHA256_192_DIGEST_SIZE;
+        b[1][1] = node;
+        LMS_SHA256_SET_LEN_46(buffer);
+        ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, b[r & 1][0]);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        b[0][0] = node;
+        b[0][1] = node + WC_SHA256_DIGEST_SIZE;
+        b[1][0] = node + WC_SHA256_DIGEST_SIZE;
+        b[1][1] = node;
+        LMS_SHA256_SET_LEN_54(buffer);
+        ret = wc_lms_hash_block(&state->hash, buffer, b[r & 1][0]);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
 #else
-    ret = wc_lms_hash(&state->hash, buffer, LMS_SEED_HASH_LEN, b[r & 1][0]);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        b[0][0] = node;
+        b[0][1] = node + WC_SHA256_192_DIGEST_SIZE;
+        b[1][0] = node + WC_SHA256_192_DIGEST_SIZE;
+        b[1][1] = node;
+        ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+            LMS_SEED_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), b[r & 1][0]);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        b[0][0] = node;
+        b[0][1] = node + WC_SHA256_DIGEST_SIZE;
+        b[1][0] = node + WC_SHA256_DIGEST_SIZE;
+        b[1][1] = node;
+        ret = wc_lms_hash(&state->hash, buffer,
+            LMS_SEED_HASH_LEN(WC_SHA256_DIGEST_SIZE), b[r & 1][0]);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
 #endif /* !WC_LMS_FULL_HASH */
 
     if (ret == 0) {
@@ -1860,33 +2390,78 @@ static int wc_lms_compute_root(LmsState* state, word32 q, const byte* kc,
         c16toa(LMS_D_INTR, ip);
 
         /* Do all but last height. */
-        for (i = 0; (ret == 0) && (i < params->height - 1); i++) {
-            /* Put path into offset required. */
-            XMEMCPY(b[r & 1][1], path, LMS_MAX_NODE_LEN);
-            path += LMS_MAX_NODE_LEN;
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            for (i = 0; (ret == 0) && (i < params->height - 1); i++) {
+                /* Put path into offset required. */
+                XMEMCPY(b[r & 1][1], path, WC_SHA256_192_DIGEST_SIZE);
+                path += WC_SHA256_192_DIGEST_SIZE;
 
-            /* node_num = node_num / 2 */
-            r >>= 1;
-            /*  H(...||u32str(node_num/2)||..) */
-            c32toa(r, rp);
-            /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) or
-             * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
-             * Put tmp result into offset required for next iteration. */
-            ret = wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN,
-                b[r & 1][0]);
+                /* node_num = node_num / 2 */
+                r >>= 1;
+                /*  H(...||u32str(node_num/2)||..) */
+                c32toa(r, rp);
+                /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+                 * or
+                 * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+                 * Put tmp result into offset required for next iteration. */
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), b[r & 1][0]);
+            }
+            if (ret == 0) {
+                /* Last height. */
+                /* Put path into offset required. */
+                XMEMCPY(b[r & 1][1], path, WC_SHA256_192_DIGEST_SIZE);
+                /* node_num = node_num / 2 */
+                r >>= 1;
+                /*  H(...||u32str(node_num/2)||..) */
+                c32toa(r, rp);
+                /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+                 * or
+                 * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+                 * Put tmp result into Tc.*/
+                ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                    LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), tc);
+            }
         }
-        if (ret == 0) {
-            /* Last height. */
-            /* Put path into offset required. */
-            XMEMCPY(b[r & 1][1], path, LMS_MAX_NODE_LEN);
-            /* node_num = node_num / 2 */
-            r >>= 1;
-            /*  H(...||u32str(node_num/2)||..) */
-            c32toa(r, rp);
-            /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) or
-             * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
-             * Put tmp result into Tc.*/
-            ret = wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, tc);
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            for (i = 0; (ret == 0) && (i < params->height - 1); i++) {
+                /* Put path into offset required. */
+                XMEMCPY(b[r & 1][1], path, WC_SHA256_DIGEST_SIZE);
+                path += WC_SHA256_DIGEST_SIZE;
+
+                /* node_num = node_num / 2 */
+                r >>= 1;
+                /*  H(...||u32str(node_num/2)||..) */
+                c32toa(r, rp);
+                /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+                 * or
+                 * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+                 * Put tmp result into offset required for next iteration. */
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), b[r & 1][0]);
+            }
+            if (ret == 0) {
+                /* Last height. */
+                /* Put path into offset required. */
+                XMEMCPY(b[r & 1][1], path, WC_SHA256_DIGEST_SIZE);
+                /* node_num = node_num / 2 */
+                r >>= 1;
+                /*  H(...||u32str(node_num/2)||..) */
+                c32toa(r, rp);
+                /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp)
+                 * or
+                 * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i])
+                 * Put tmp result into Tc.*/
+                ret = wc_lms_hash(&state->hash, buffer,
+                    LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), tc);
+            }
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
         }
     }
 
@@ -1959,7 +2534,7 @@ static int wc_lms_verify(LmsState* state, const byte* pub, const byte* msg,
     if (ret == 0) {
         /* Algorithm 6a. Step 2.j. */
         const byte* sig_path = sig + LMS_Q_LEN + LMS_TYPE_LEN +
-            LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN;
+            params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN;
         word32 q;
 
         /* Algorithm 6a. Step 2.a. */
@@ -1969,7 +2544,7 @@ static int wc_lms_verify(LmsState* state, const byte* pub, const byte* msg,
         ret = wc_lms_compute_root(state, q, kc, sig_path, tc);
     }
     /* Algorithm 6. Step 4. */
-    if ((ret == 0) && (XMEMCMP(pub_k, tc, LMS_MAX_NODE_LEN) != 0)) {
+    if ((ret == 0) && (XMEMCMP(pub_k, tc, params->hash_len) != 0)) {
         ret = SIG_VERIFY_E;
     }
 
@@ -2010,26 +2585,85 @@ static int wc_hss_derive_seed_i(LmsState* state, const byte* id,
     /* parent's I || q || D_CHILD_SEED || D_FIXED || ... */
     *jp = LMS_D_FIXED;
     /* parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED */
-    XMEMCPY(tmp, seed, LMS_SEED_LEN);
+    XMEMCPY(tmp, seed, state->params->hash_len);
     /* SEED = H(parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED) */
 #ifndef WC_LMS_FULL_HASH
-    /* Put in padding for final block. */
-    LMS_SHA256_SET_LEN_55(buffer);
-    ret = wc_lms_hash_block(&state->hash, buffer, seed_i);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_47(buffer);
+        ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, seed_i);
+        if (ret == 0) {
+            seed_i += WC_SHA256_192_DIGEST_SIZE;
+        }
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        /* Put in padding for final block. */
+        LMS_SHA256_SET_LEN_55(buffer);
+        ret = wc_lms_hash_block(&state->hash, buffer, seed_i);
+        if (ret == 0) {
+            seed_i += WC_SHA256_DIGEST_SIZE;
+        }
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
 #else
-    ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, seed_i);
+#ifdef WOLFSSL_LMS_SHA256_192
+    if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+        ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+            LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), seed_i);
+    }
+    else
+#endif
+    {
+    #ifndef WOLFSSL_NO_LMS_SHA256_256
+        ret = wc_lms_hash(&state->hash, buffer,
+            LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), seed_i);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
+    }
 #endif /* !WC_LMS_FULL_HASH */
 
     if (ret == 0) {
-        seed_i += LMS_SEED_LEN;
         /* parent's I || q || D_CHILD_I || D_FIXED || parent's SEED */
         c16toa(LMS_D_CHILD_I, ip);
         /* I = H(parent's I || q || D_CHILD_I || D_FIXED || parent's SEED) */
-    #ifndef WC_LMS_FULL_HASH
-        ret = wc_lms_hash_block(&state->hash, buffer, tmp);
-    #else
-        ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp);
-    #endif /* !WC_LMS_FULL_HASH */
+#ifndef WC_LMS_FULL_HASH
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            ret = wc_lms_hash_block(&state->hash, buffer, tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#else
+    #ifdef WOLFSSL_LMS_SHA256_192
+        if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) {
+            ret = wc_lms_hash_sha256_192(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp);
+        }
+        else
+    #endif
+        {
+        #ifndef WOLFSSL_NO_LMS_SHA256_256
+            ret = wc_lms_hash(&state->hash, buffer,
+                LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp);
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+#endif /* !WC_LMS_FULL_HASH */
         /* Copy part of hash as new I into private key. */
         XMEMCPY(seed_i, tmp, LMS_I_LEN);
     }
@@ -2080,7 +2714,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv,
     }
     else {
         /* Copy out SEED and I into private key. */
-        XMEMCPY(priv + LMS_Q_LEN, priv_raw, LMS_SEED_I_LEN);
+        XMEMCPY(priv + LMS_Q_LEN, priv_raw, params->hash_len + LMS_I_LEN);
     }
 
     /* Compute SEED and I for rest of levels. */
@@ -2104,7 +2738,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv,
         priv_q = priv;
         priv += LMS_Q_LEN;
         priv_seed_i = priv;
-        priv += LMS_SEED_I_LEN;
+        priv += params->hash_len + LMS_I_LEN;
 
         /* Get q for level from 64-bit composite. */
         q32 = w64GetLow32(w64ShiftRight(q, (params->levels - 1 - i) *
@@ -2114,7 +2748,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv,
 
         if (!skip) {
             /* Derive SEED and I into private key. */
-            ret = wc_hss_derive_seed_i(state, priv_seed_i + LMS_SEED_LEN,
+            ret = wc_hss_derive_seed_i(state, priv_seed_i + params->hash_len,
                 priv_seed_i, priv_q, priv + LMS_Q_LEN);
         }
     }
@@ -2146,8 +2780,8 @@ static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState,
     priv_q = priv;
     priv += LMS_Q_LEN;
     priv_seed = curr + LMS_Q_LEN;
-    priv += LMS_SEED_LEN;
-    priv_i = curr + LMS_Q_LEN + LMS_SEED_LEN;
+    priv += params->hash_len;
+    priv_i = curr + LMS_Q_LEN + params->hash_len;
     priv += LMS_I_LEN;
 
     ato32(curr, &pq);
@@ -2164,7 +2798,7 @@ static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState,
     if (ret == 0) {
         /* Update treehash for first leaf. */
         ret = wc_lms_treehash_update(state, privState,
-            priv + LMS_Q_LEN + LMS_SEED_LEN, priv + LMS_Q_LEN, 0, q, 0, 0);
+            priv + LMS_Q_LEN + params->hash_len, priv + LMS_Q_LEN, 0, q, 0, 0);
     }
 
     return ret;
@@ -2186,7 +2820,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key,
     byte* priv = priv_key->next_priv;
     int i;
     w64wrapper p64 = q64;
-    byte tmp_priv[LMS_PRIV_LEN];
+    byte tmp_priv[LMS_PRIV_LEN(LMS_MAX_NODE_LEN)];
     int use_tmp = 0;
     int lastQMax = 0;
     w64wrapper p64_hi;
@@ -2206,7 +2840,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key,
         cp64_hi = w64ShiftRight(p64, (params->levels - i - 1) * params->height);
         cq64_hi = w64ShiftRight(q64, (params->levels - i - 1) * params->height);
         /* Get the q for the child. */
-        ato32(curr + LMS_PRIV_LEN, &qc);
+        ato32(curr + LMS_PRIV_LEN(params->hash_len), &qc);
 
         /* Compare index of parent node with previous value. */
         if (w64LT(p64_hi, q64_hi)) {
@@ -2225,25 +2859,25 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key,
             if (lastQMax) {
                 /* Calculate new SEED and I based on new subtree. */
                 ret = wc_hss_derive_seed_i(state,
-                    priv + LMS_Q_LEN + LMS_SEED_LEN, priv + LMS_Q_LEN, tmp_priv,
-                    tmp_priv + LMS_Q_LEN);
+                    priv + LMS_Q_LEN + params->hash_len, priv + LMS_Q_LEN,
+                    tmp_priv, tmp_priv + LMS_Q_LEN);
             }
             else {
                 /* Calculate new SEED and I based on parent. */
                 ret = wc_hss_derive_seed_i(state,
-                    curr + LMS_Q_LEN + LMS_SEED_LEN, curr + LMS_Q_LEN, priv,
+                    curr + LMS_Q_LEN + params->hash_len, curr + LMS_Q_LEN, priv,
                     tmp_priv + LMS_Q_LEN);
             }
             /* Values not stored so note that they are in temporary. */
             use_tmp = 1;
 
             /* Set the the q. */
-            XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN, LMS_Q_LEN);
+            XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN(params->hash_len), LMS_Q_LEN);
         }
 
         lastQMax = (qc == ((word32)1 << params->height) - 1);
-        curr += LMS_PRIV_LEN;
-        priv += LMS_PRIV_LEN;
+        curr += LMS_PRIV_LEN(params->hash_len);
+        priv += LMS_PRIV_LEN(params->hash_len);
         p64_hi = cp64_hi;
         q64_hi = cq64_hi;
     }
@@ -2265,18 +2899,18 @@ static int wc_hss_next_subtrees_init(LmsState* state, HssPrivKey* priv_key)
     byte* priv = priv_key->next_priv;
     int i;
 
-    XMEMCPY(priv, curr, LMS_PRIV_LEN);
+    XMEMCPY(priv, curr, LMS_PRIV_LEN(params->hash_len));
     wc_lms_idx_inc(priv, LMS_Q_LEN);
 
     for (i = 1; (ret == 0) && (i < params->levels); i++) {
         word32 q;
 
-        ato32(curr + LMS_PRIV_LEN, &q);
+        ato32(curr + LMS_PRIV_LEN(params->hash_len), &q);
         ret = wc_lms_next_subtree_init(state, &priv_key->next_state[i - 1],
             curr, priv, q);
 
-        curr += LMS_PRIV_LEN;
-        priv += LMS_PRIV_LEN;
+        curr += LMS_PRIV_LEN(params->hash_len);
+        priv += LMS_PRIV_LEN(params->hash_len);
     }
 
     return ret;
@@ -2296,14 +2930,15 @@ static int wc_hss_init_auth_path(LmsState* state, HssPrivKey* priv_key,
 {
     int ret = 0;
     int levels = state->params->levels;
-    byte* priv = priv_key->priv + LMS_PRIV_LEN * (levels - 1);
+    byte* priv = priv_key->priv +
+        LMS_PRIV_LEN(state->params->hash_len) * (levels - 1);
     int l;
 
     for (l = levels - 1; (ret == 0) && (l >= 0); l--) {
         word32 q;
         const byte* priv_q = priv;
         const byte* priv_seed = priv_q + LMS_Q_LEN;
-        const byte* priv_i = priv_seed + LMS_SEED_LEN;
+        const byte* priv_i = priv_seed + state->params->hash_len;
 
         /* Get current q for tree at level. */
         ato32(priv_q, &q);
@@ -2312,11 +2947,11 @@ static int wc_hss_init_auth_path(LmsState* state, HssPrivKey* priv_key,
              priv_seed, q);
 
         /* Move onto next level's data. */
-        priv -= LMS_PRIV_LEN;
+        priv -= LMS_PRIV_LEN(state->params->hash_len);
     }
 
     if ((ret == 0) && (pub_root != NULL)) {
-        XMEMCPY(pub_root, priv_key->state[0].root, LMS_MAX_NODE_LEN);
+        XMEMCPY(pub_root, priv_key->state[0].root, state->params->hash_len);
     }
 
     return ret;
@@ -2343,7 +2978,7 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key,
 {
     const LmsParams* params = state->params;
     int ret = 0;
-    byte* priv = priv_key->priv + LMS_PRIV_LEN * (levels - 1);
+    byte* priv = priv_key->priv + LMS_PRIV_LEN(params->hash_len) * (levels - 1);
     int i;
 #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
     w64wrapper q64;
@@ -2358,13 +2993,12 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key,
         word32 q;
         const byte* priv_q = priv;
         const byte* priv_seed = priv_q + LMS_Q_LEN;
-        const byte* priv_i = priv_seed + LMS_SEED_LEN;
+        const byte* priv_i = priv_seed + params->hash_len;
         LmsPrivState* privState = &priv_key->state[i];
 
         /* Get q for tree at level. */
         ato32(priv_q, &q);
     #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
-
         if ((levels > 1) && (i == levels - 1) && (q == 0)) {
             /* New sub-tree. */
             ret = wc_hss_next_subtree_inc(state, priv_key, q64);
@@ -2399,9 +3033,9 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key,
                 /* If different then copy in cached hash. */
                 if ((qa != qm1a) && (qa > maxq)) {
                     int off = (1 << (params->height - h)) + (qa >> h) - 1;
-                    XMEMCPY(privState->auth_path + h * LMS_MAX_NODE_LEN,
-                        privState->root + off * LMS_MAX_NODE_LEN,
-                        LMS_MAX_NODE_LEN);
+                    XMEMCPY(privState->auth_path + h * params->hash_len,
+                        privState->root + off * params->hash_len,
+                        params->hash_len);
                 }
             }
             /* Update the treehash and calculate the extra indices for
@@ -2415,9 +3049,9 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key,
                 w64Increment(&tmp64);
                 tmp64 = w64ShiftLeft(tmp64, 64 - (i * params->height));
                 if (!w64IsZero(tmp64)) {
-                    priv_seed = priv_key->next_priv + i * LMS_PRIV_LEN +
-                        LMS_Q_LEN;
-                    priv_i = priv_seed + LMS_SEED_LEN;
+                    priv_seed = priv_key->next_priv +
+                        i * LMS_PRIV_LEN(params->hash_len) + LMS_Q_LEN;
+                    priv_i = priv_seed + params->hash_len;
                     privState = &priv_key->next_state[i - 1];
 
                     ret = wc_lms_treehash_update(state, privState, priv_i,
@@ -2429,7 +3063,7 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key,
         }
 
         /* Move onto next level's data. */
-        priv -= LMS_PRIV_LEN;
+        priv -= LMS_PRIV_LEN(params->hash_len);
     }
 
     return ret;
@@ -2446,21 +3080,21 @@ static int wc_hss_presign(LmsState* state, HssPrivKey* priv_key)
     int ret = 0;
     const LmsParams* params = state->params;
     byte* buffer = state->buffer;
-    byte pub[LMS_PUBKEY_LEN];
-    byte* root = pub + LMS_PUBKEY_LEN - LMS_MAX_NODE_LEN;
+    byte pub[LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN)];
+    byte* root = pub + LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN) - params->hash_len;
     byte* priv = priv_key->priv;
     int i;
 
     for (i = params->levels - 2; i >= 0; i--) {
-        const byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN);
+        const byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN);
         const byte* priv_q = p;
         const byte* priv_seed = priv_q + LMS_Q_LEN;
-        const byte* priv_i = priv_seed + LMS_SEED_LEN;
+        const byte* priv_i = priv_seed + params->hash_len;
 
         /* ... || T(1) */
-        XMEMCPY(root, priv_key->state[i + 1].root, LMS_MAX_NODE_LEN);
+        XMEMCPY(root, priv_key->state[i + 1].root, params->hash_len);
         /* u32str(type) || u32str(otstype) || I || T(1) */
-        p = priv + (i + 1) * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN);
+        p = priv + (i + 1) * (LMS_Q_LEN + params->hash_len + LMS_I_LEN);
         wc_lmots_public_key_encode(params, p, pub);
 
         /* Setup for hashing: I || Q || ... */
@@ -2468,8 +3102,9 @@ static int wc_hss_presign(LmsState* state, HssPrivKey* priv_key)
         XMEMCPY(buffer + LMS_I_LEN, priv_q, LMS_Q_LEN);
 
         /* LM-OTS Sign this level. */
-        ret = wc_lmots_sign(state, priv_seed, pub, LMS_PUBKEY_LEN,
-            priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p));
+        ret = wc_lmots_sign(state, priv_seed, pub,
+            LMS_PUBKEY_LEN(params->hash_len),
+            priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len));
     }
 
     return ret;
@@ -2492,25 +3127,25 @@ static void wc_hss_priv_data_load(const LmsParams* params, HssPrivKey* key,
 
     /* Expanded private keys. */
     key->priv = priv_data;
-    priv_data += LMS_PRIV_KEY_LEN(params->levels);
+    priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len);
 
 #ifndef WOLFSSL_WC_LMS_SMALL
     for (l = 0; l < params->levels; l++) {
         /* Caches for subtree. */
         wc_lms_priv_state_load(params, &key->state[l], priv_data);
         priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels,
-            params->cacheBits);
+            params->cacheBits, params->hash_len);
     }
 
 #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
     /* Next subtree's expanded private keys. */
     key->next_priv = priv_data;
-    priv_data += LMS_PRIV_KEY_LEN(params->levels);
+    priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len);
     for (l = 0; l < params->levels - 1; l++) {
         /* Next subtree's caches. */
         wc_lms_priv_state_load(params, &key->next_state[l], priv_data);
         priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels,
-            params->cacheBits);
+            params->cacheBits, params->hash_len);
     }
 #endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */
 
@@ -2536,22 +3171,22 @@ static void wc_hss_priv_data_store(const LmsParams* params, HssPrivKey* key,
     (void)key;
 
     /* Expanded private keys. */
-    priv_data += LMS_PRIV_KEY_LEN(params->levels);
+    priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len);
 
     for (l = 0; l < params->levels; l++) {
         /* Caches for subtrees. */
         wc_lms_priv_state_store(params, &key->state[l], priv_data);
         priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels,
-            params->cacheBits);
+            params->cacheBits, params->hash_len);
     }
 #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
     /* Next subtree's expanded private keys. */
-    priv_data += LMS_PRIV_KEY_LEN(params->levels);
+    priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len);
     for (l = 0; l < params->levels - 1; l++) {
         /* Next subtree's caches. */
         wc_lms_priv_state_store(params, &key->next_state[l], priv_data);
         priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels,
-            params->cacheBits);
+            params->cacheBits, params->hash_len);
     }
 #endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */
 
@@ -2632,7 +3267,8 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw,
 
     /* Set the LMS and LM-OTS types for each level. */
     for (i = 0; i < params->levels; i++) {
-        p[i] = (params->lmsType << 4) + params->lmOtsType;
+        p[i] = ((params->lmsType & LMS_H_W_MASK) << 4) +
+               (params->lmOtsType & LMS_H_W_MASK);
     }
     /* Set rest of levels to an invalid value. */
     for (; i < HSS_MAX_LEVELS; i++) {
@@ -2641,7 +3277,7 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw,
     p += HSS_PRIV_KEY_PARAM_SET_LEN;
 
     /* Make the private key. */
-    ret = wc_lmots_make_private_key(rng, p);
+    ret = wc_lmots_make_private_key(rng, params->hash_len, p);
 
     if (ret == 0) {
         /* Set the levels into the public key data. */
@@ -2653,7 +3289,7 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw,
     #ifdef WOLFSSL_WC_LMS_SMALL
     if (ret == 0) {
         byte* priv_seed = priv_key->priv + LMS_Q_LEN;
-        byte* priv_i = priv_seed + LMS_SEED_LEN;
+        byte* priv_i = priv_seed + params->hash_len;
 
         /* Compute the root of the highest tree to get the root for public key.
          */
@@ -2742,24 +3378,24 @@ int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key,
 
         /* Build from bottom up. */
         for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) {
-            byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN);
+            byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN);
             byte* root = NULL;
 
             /* Move to start of next signature at this level. */
-            sig -= LMS_SIG_LEN(params->height, params->p);
+            sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len);
             if (i != 0) {
                 /* Put root node into signature at this index. */
-                root = sig - LMS_MAX_NODE_LEN;
+                root = sig - params->hash_len;
             }
 
             /* Sign using LMS for this level. */
             ret = wc_lms_sign(state, p, msg, msgSz, sig);
             if (ret == 0) {
-                byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN + LMS_MAX_NODE_LEN +
-                    params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN;
+                byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN + params->hash_len +
+                    params->p * params->hash_len + LMS_TYPE_LEN;
                 byte* priv_q = p;
                 byte* priv_seed = priv_q + LMS_Q_LEN;
-                byte* priv_i = priv_seed + LMS_SEED_LEN;
+                byte* priv_i = priv_seed + params->hash_len;
                 word32 q32;
 
                 /* Get Q from private key as a number. */
@@ -2769,9 +3405,9 @@ int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key,
             }
             if ((ret == 0) && (i != 0)) {
                 /* Create public data for this level if there is another. */
-                sig -= LMS_PUBKEY_LEN;
+                sig -= LMS_PUBKEY_LEN(params->hash_len);
                 msg = sig;
-                msgSz = LMS_PUBKEY_LEN;
+                msgSz = LMS_PUBKEY_LEN(params->hash_len);
                 wc_lmots_public_key_encode(params, p, sig);
             }
         }
@@ -2839,7 +3475,7 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw,
 
     /* Build from bottom up. */
     for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) {
-        byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN);
+        byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN);
         byte* root = NULL;
     #ifndef WOLFSSL_LMS_NO_SIG_CACHE
         int store_p = 0;
@@ -2850,10 +3486,10 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw,
     #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
 
         /* Move to start of next signature at this level. */
-        sig -= LMS_SIG_LEN(params->height, params->p);
+        sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len);
         if (i != 0) {
             /* Put root node into signature at this index. */
-            root = sig - LMS_MAX_NODE_LEN;
+            root = sig - params->hash_len;
         }
 
     #ifndef WOLFSSL_LMS_NO_SIG_CACHE
@@ -2861,7 +3497,7 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw,
          * can reuse. */
         if ((i < params->levels - 1) && (q_32 == qm1_32)) {
             wc_lms_sig_copy(params, priv_key->y +
-                i * LMS_PRIV_Y_TREE_LEN(params->p), p, sig);
+                i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len), p, sig);
         }
         else
     #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
@@ -2879,26 +3515,27 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw,
             /* Check if we computed new C and p hashes. */
             if (store_p) {
                 /* Cache the C and p hashes. */
-                XMEMCPY(priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p), s,
-                    LMS_PRIV_Y_TREE_LEN(params->p));
+                XMEMCPY(priv_key->y +
+                    i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len), s,
+                    LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len));
             }
         #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
-            s += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN +
+            s += params->hash_len + params->p * params->hash_len +
                 LMS_TYPE_LEN;
 
             /* Copy the authentication path out of the private key. */
             XMEMCPY(s, priv_key->state[i].auth_path,
-                params->height * LMS_MAX_NODE_LEN);
+                params->height * params->hash_len);
             /* Copy the root node into signature unless at top. */
             if (i != 0) {
-                XMEMCPY(root, priv_key->state[i].root, LMS_MAX_NODE_LEN);
+                XMEMCPY(root, priv_key->state[i].root, params->hash_len);
             }
         }
         if ((ret == 0) && (i != 0)) {
             /* Create public data for this level if there is another. */
-            sig -= LMS_PUBKEY_LEN;
+            sig -= LMS_PUBKEY_LEN(params->hash_len);
             msg = sig;
-            msgSz = LMS_PUBKEY_LEN;
+            msgSz = LMS_PUBKEY_LEN(params->hash_len);
             wc_lmots_public_key_encode(params, p, sig);
         }
     }
@@ -3040,11 +3677,11 @@ int wc_hss_sigsleft(const LmsParams* params, const byte* priv_raw)
  *
  * @param [in, out] state  LMS state.
  * @param [in]      pub    HSS public key.
- * @param [in]      msg    Message to rifyn.
+ * @param [in]      msg    Message to verify.
  * @param [in]      msgSz  Length of message in bytes.
  * @param [in]      sig    Signature of message.
  * @return  0 on success.
- * @return  SIG_VERFIY_E on failure.
+ * @return  SIG_VERIFY_E on failure.
  */
 int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg,
     word32 msgSz, const byte* sig)
@@ -3074,14 +3711,15 @@ int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg,
         for (i = 0; (ret == 0) && (i < nspk); i++) {
             /* Line 7: Get start of public key in signature. */
             const byte* pubList = sig + LMS_Q_LEN + LMS_TYPE_LEN +
-                LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN +
-                params->height * LMS_MAX_NODE_LEN;
+                params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN +
+                params->height * params->hash_len;
             /* Line 8: Verify the LMS signature with public key as message. */
-            ret = wc_lms_verify(state, key, pubList, LMS_PUBKEY_LEN, sig);
+            ret = wc_lms_verify(state, key, pubList,
+                LMS_PUBKEY_LEN(params->hash_len), sig);
             /* Line 10: Next key is from signature. */
             key = pubList;
             /* Line 6: Move to start of next signature. */
-            sig = pubList + LMS_PUBKEY_LEN;
+            sig = pubList + LMS_PUBKEY_LEN(params->hash_len);
         }
     }
     if (ret == 0) {
diff --git a/wolfcrypt/src/wc_mlkem.c b/wolfcrypt/src/wc_mlkem.c
new file mode 100644
index 000000000..a3702796e
--- /dev/null
+++ b/wolfcrypt/src/wc_mlkem.c
@@ -0,0 +1,2070 @@
+/* wc_mlkem.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Implementation based on FIPS 203:
+ *   https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf
+ *
+ * Original implementation based on NIST 3rd Round submission package.
+ * See link at:
+ *   https://csrc.nist.gov/Projects/post-quantum-cryptography/
+ *   post-quantum-cryptography-standardization/round-3-submissions
+ */
+
+/* Possible Kyber options:
+ *
+ * WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM                                  Default: OFF
+ *   Uses less dynamic memory to perform key generation.
+ *   Has a small performance trade-off.
+ *   Only usable with C implementation.
+ *
+ * WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM                              Default: OFF
+ *   Uses less dynamic memory to perform encapsulation.
+ *   Affects decapsulation too as encapsulation called.
+ *   Has a small performance trade-off.
+ *   Only usable with C implementation.
+ *
+ * WOLFSSL_MLKEM_NO_MAKE_KEY                                        Default: OFF
+ *   Disable the make key or key generation API.
+ *   Reduces the code size.
+ *   Turn on when only doing encapsulation.
+ *
+ * WOLFSSL_MLKEM_NO_ENCAPSULATE                                     Default: OFF
+ *   Disable the encapsulation API.
+ *   Reduces the code size.
+ *   Turn on when doing make key/decapsulation.
+ *
+ * WOLFSSL_MLKEM_NO_DECAPSULATE                                     Default: OFF
+ *   Disable the decapsulation API.
+ *   Reduces the code size.
+ *   Turn on when only doing encapsulation.
+ *
+ * WOLFSSL_MLKEM_CACHE_A                                           Default: OFF
+ *   Stores the matrix A during key generation for use in encapsulation when
+ *   performing decapsulation.
+ *   KyberKey is 8KB larger but decapsulation is significantly faster.
+ *   Turn on when performing make key and decapsualtion with same object.
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
+#include <wolfssl/wolfcrypt/mlkem.h>
+#include <wolfssl/wolfcrypt/wc_mlkem.h>
+#include <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/memory.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#if defined(USE_INTEL_SPEEDUP) || \
+    (defined(__aarch64__) && defined(WOLFSSL_ARMASM))
+    #if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \
+        defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM)
+        #error "Can't use small memory with assembly optimized code"
+    #endif
+#endif
+#if defined(WOLFSSL_MLKEM_CACHE_A)
+    #if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \
+        defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM)
+        #error "Can't cache A with small memory code"
+    #endif
+#endif
+
+#if defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
+    defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
+    defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+    #error "No ML-KEM operations to be built."
+#endif
+
+#ifdef WOLFSSL_WC_MLKEM
+
+/******************************************************************************/
+
+/* Use SHA3-256 to generate 32-bytes of hash. */
+#define MLKEM_HASH_H            mlkem_hash256
+/* Use SHA3-512 to generate 64-bytes of hash. */
+#define MLKEM_HASH_G            mlkem_hash512
+/* Use SHAKE-256 as a key derivation function (KDF). */
+#if defined(USE_INTEL_SPEEDUP) || \
+        (defined(WOLFSSL_ARMASM) && defined(__aarch64__))
+    #define MLKEM_KDF               mlkem_kdf
+#else
+    #define MLKEM_KDF               wc_Shake256Hash
+#endif
+
+/******************************************************************************/
+
+/* Declare variable to make compiler not optimize code in mlkem_from_msg(). */
+volatile sword16 mlkem_opt_blocker = 0;
+
+/******************************************************************************/
+
+/**
+ * Initialize the Kyber key.
+ *
+ * @param  [in]   type   Type of key:
+ *                         WC_ML_KEM_512, WC_ML_KEM_768, WC_ML_KEM_1024,
+ *                         KYBER512, KYBER768, KYBER1024.
+ * @param  [out]  key    Kyber key object to initialize.
+ * @param  [in]   heap   Dynamic memory hint.
+ * @param  [in]   devId  Device Id.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key is NULL or type is unrecognized.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_MlKemKey_Init(MlKemKey* key, int type, void* heap, int devId)
+{
+    int ret = 0;
+
+    /* Validate key. */
+    if (key == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    if (ret == 0) {
+        /* Validate type. */
+        switch (type) {
+    #ifndef WOLFSSL_NO_ML_KEM
+        case WC_ML_KEM_512:
+        #ifndef WOLFSSL_WC_ML_KEM_512
+            /* Code not compiled in for Kyber-512. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        case WC_ML_KEM_768:
+        #ifndef WOLFSSL_WC_ML_KEM_768
+            /* Code not compiled in for Kyber-768. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        case WC_ML_KEM_1024:
+        #ifndef WOLFSSL_WC_ML_KEM_1024
+            /* Code not compiled in for Kyber-1024. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+    #endif
+    #ifdef WOLFSSL_MLKEM_KYBER
+        case KYBER512:
+        #ifndef WOLFSSL_KYBER512
+            /* Code not compiled in for Kyber-512. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        case KYBER768:
+        #ifndef WOLFSSL_KYBER768
+            /* Code not compiled in for Kyber-768. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+        case KYBER1024:
+        #ifndef WOLFSSL_KYBER1024
+            /* Code not compiled in for Kyber-1024. */
+            ret = NOT_COMPILED_IN;
+        #endif
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = BAD_FUNC_ARG;
+            break;
+        }
+    }
+    if (ret == 0) {
+        /* Keep type for parameters. */
+        key->type = type;
+        /* Cache heap pointer. */
+        key->heap = heap;
+    #ifdef WOLF_CRYPTO_CB
+        /* Cache device id - not used in for this algorithm yet. */
+        key->devId = devId;
+    #endif
+        key->flags = 0;
+
+        /* Zero out all data. */
+        XMEMSET(&key->prf, 0, sizeof(key->prf));
+
+        /* Initialize the hash algorithm object. */
+        ret = mlkem_hash_new(&key->hash, heap, devId);
+    }
+    if (ret == 0) {
+        /* Initialize the PRF algorithm object. */
+        ret = mlkem_prf_new(&key->prf, heap, devId);
+    }
+    if (ret == 0) {
+        mlkem_init();
+    }
+
+    (void)devId;
+
+    return ret;
+}
+
+/**
+ * Free the Kyber key object.
+ *
+ * @param  [in, out]  key   Kyber key object to dispose of.
+ * @return  0 on success.
+ */
+int wc_MlKemKey_Free(MlKemKey* key)
+{
+    if (key != NULL) {
+        /* Dispose of PRF object. */
+        mlkem_prf_free(&key->prf);
+        /* Dispose of hash object. */
+        mlkem_hash_free(&key->hash);
+        /* Ensure all private data is zeroed. */
+        ForceZero(&key->hash, sizeof(key->hash));
+        ForceZero(&key->prf, sizeof(key->prf));
+        ForceZero(key->priv, sizeof(key->priv));
+        ForceZero(key->z, sizeof(key->z));
+    }
+
+    return 0;
+}
+
+/******************************************************************************/
+
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+/**
+ * Make a Kyber key object using a random number generator.
+ *
+ * FIPS 203 - Algorithm 19: ML-KEM.KeyGen()
+ * Generates an encapsulation key and a corresponding decapsulation key.
+ *   1: d <- B_32                                        >  d is 32 random bytes
+ *   2: z <- B_32                                        >  z is 32 random bytes
+ *   3: if d == NULL or z == NULL then
+ *   4:   return falsum
+ *                  > return an error indication if random bit generation failed
+ *   5: end if
+ *   6: (ek,dk) <- ML-KEM.KeyGen_Interal(d, z)
+ *                                       > run internal key generation algorithm
+ *   &: return (ek,dk)
+ *
+ * @param  [in, out]  key   Kyber key object.
+ * @param  [in]       rng   Random number generator.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or rng is NULL.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ * @return  RNG_FAILURE_E when  generating random numbers failed.
+ * @return  DRBG_CONT_FAILURE when random number generator health check fails.
+ */
+int wc_MlKemKey_MakeKey(MlKemKey* key, WC_RNG* rng)
+{
+    int ret = 0;
+    unsigned char rand[WC_ML_KEM_MAKEKEY_RAND_SZ];
+
+    /* Validate parameters. */
+    if ((key == NULL) || (rng == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Generate random to use with PRFs.
+         * Step 1: d is 32 random bytes
+         * Step 2: z is 32 random bytes
+         */
+        ret = wc_RNG_GenerateBlock(rng, rand, WC_ML_KEM_SYM_SZ * 2);
+        /* Step 3: ret is not zero when d == NULL or z == NULL. */
+    }
+    if (ret == 0) {
+        /* Make a key pair from the random.
+         * Step 6. run internal key generation algorithm
+         * Step 7. public and private key are stored in key
+         */
+        ret = wc_KyberKey_MakeKeyWithRandom(key, rand, sizeof(rand));
+    }
+
+    /* Ensure seeds are zeroized. */
+    ForceZero((void*)rand, (word32)sizeof(rand));
+
+    /* Step 4: return ret != 0 on falsum or internal key generation failure. */
+    return ret;
+}
+
+/**
+ * Make a Kyber key object using random data.
+ *
+ * FIPS 203 - Algorithm 16: ML-KEM.KeyGen_internal(d,z)
+ * Uses randomness to generate an encapsulation key and a corresponding
+ * decapsulation key.
+ *   1: (ek_PKE,dk_PKE) < K-PKE.KeyGen(d)         > run key generation for K-PKE
+ *   ...
+ *
+ * FIPS 203 - Algorithm 13: K-PKE.KeyGen(d)
+ * Uses randomness to generate an encryption key and a corresponding decryption
+ * key.
+ *   1: (rho,sigma) <- G(d||k)A
+ *                         > expand 32+1 bytes to two pseudorandom 32-byte seeds
+ *   2: N <- 0
+ *   3-7: generate matrix A_hat
+ *   8-11: generate s
+ *   12-15: generate e
+ *   16-18: calculate t_hat from A_hat, s and e
+ *   ...
+ *
+ * @param  [in, out]  key   Kyber key ovject.
+ * @param  [in]       rand  Random data.
+ * @param  [in]       len   Length of random data in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or rand is NULL.
+ * @return  BUFFER_E when length is not WC_ML_KEM_MAKEKEY_RAND_SZ.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_MlKemKey_MakeKeyWithRandom(MlKemKey* key, const unsigned char* rand,
+    int len)
+{
+    byte buf[2 * WC_ML_KEM_SYM_SZ + 1];
+    byte* rho = buf;
+    byte* sigma = buf + WC_ML_KEM_SYM_SZ;
+#ifndef WOLFSSL_NO_MALLOC
+    sword16* e = NULL;
+#else
+#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+#ifndef WOLFSSL_MLKEM_CACHE_A
+    sword16 e[(WC_ML_KEM_MAX_K + 1) * WC_ML_KEM_MAX_K * MLKEM_N];
+#else
+    sword16 e[WC_ML_KEM_MAX_K * MLKEM_N];
+#endif
+#else
+    sword16 e[WC_ML_KEM_MAX_K * MLKEM_N];
+#endif
+#endif
+#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+    sword16* a = NULL;
+#endif
+    sword16* s = NULL;
+    sword16* t = NULL;
+    int ret = 0;
+    int k = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (rand == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (len != WC_ML_KEM_MAKEKEY_RAND_SZ)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        key->flags = 0;
+
+        /* Establish parameters based on key type. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+#ifndef WOLFSSL_NO_MALLOC
+    if (ret == 0) {
+        /* Allocate dynamic memory for matrix and error vector. */
+#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+#ifndef WOLFSSL_MLKEM_CACHE_A
+        /* e (v) | a (m) */
+        e = (sword16*)XMALLOC((k + 1) * k * MLKEM_N * sizeof(sword16),
+            key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#else
+        /* e (v) */
+        e = (sword16*)XMALLOC(k * MLKEM_N * sizeof(sword16),
+            key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#else
+        /* e (v) */
+        e = (sword16*)XMALLOC(k * MLKEM_N * sizeof(sword16),
+            key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+        if (e == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+    if (ret == 0) {
+        const byte* d = rand;
+
+#ifdef WOLFSSL_MLKEM_CACHE_A
+        a = key->a;
+#elif !defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM)
+        /* Matrix A allocated at end of error vector. */
+        a = e + (k * MLKEM_N);
+#endif
+
+#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM)
+        if (key->type & MLKEM_KYBER)
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+        {
+            /* Expand 32 bytes of random to 32. */
+            ret = MLKEM_HASH_G(&key->hash, d, WC_ML_KEM_SYM_SZ, NULL, 0, buf);
+        }
+#endif
+#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM)
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+        {
+            buf[0] = k;
+            /* Expand 33 bytes of random to 32.
+             * Alg 13: Step 1: (rho,sigma) <- G(d||k)
+             */
+            ret = MLKEM_HASH_G(&key->hash, d, WC_ML_KEM_SYM_SZ, buf, 1, buf);
+        }
+#endif
+    }
+    if (ret == 0) {
+        const byte* z = rand + WC_ML_KEM_SYM_SZ;
+        s = key->priv;
+        t = key->pub;
+
+        /* Cache the public seed for use in encapsulation and encoding public
+         * key. */
+        XMEMCPY(key->pubSeed, rho, WC_ML_KEM_SYM_SZ);
+        /* Cache the z value for decapsulation and encoding private key. */
+        XMEMCPY(key->z, z, sizeof(key->z));
+
+        /* Initialize PRF for use in noise generation. */
+        mlkem_prf_init(&key->prf);
+#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+        /* Generate noise using PRF.
+         * Alg 13: Steps 8-15: generate s and e
+         */
+        ret = mlkem_get_noise(&key->prf, k, s, e, NULL, sigma);
+    }
+    if (ret == 0) {
+        /* Generate the matrix A.
+         * Alg 13: Steps 3-7
+         */
+        ret = mlkem_gen_matrix(&key->prf, a, k, rho, 0);
+    }
+    if (ret == 0) {
+        /* Generate key pair from random data.
+         * Alg 13: Steps 16-18.
+         */
+        mlkem_keygen(s, t, e, a, k);
+#else
+        /* Generate noise using PRF.
+         * Alg 13: Steps 8-11: generate s
+         */
+        ret = mlkem_get_noise(&key->prf, k, s, NULL, NULL, sigma);
+    }
+    if (ret == 0) {
+        /* Generate key pair from private vector and seeds.
+         * Alg 13: Steps 3-7: generate matrix A_hat
+         * Alg 13: 12-15: generate e
+         * Alg 13: 16-18: calculate t_hat from A_hat, s and e
+         */
+        ret = mlkem_keygen_seeds(s, t, &key->prf, e, k, rho, sigma);
+    }
+    if (ret == 0) {
+#endif
+        /* Private and public key are set/available. */
+        key->flags |= MLKEM_FLAG_PRIV_SET | MLKEM_FLAG_PUB_SET;
+#ifdef WOLFSSL_MLKEM_CACHE_A
+        key->flags |= MLKEM_FLAG_A_SET;
+#endif
+    }
+
+#ifndef WOLFSSL_NO_MALLOC
+    /* Free dynamic memory allocated in function. */
+    if (key != NULL) {
+        XFREE(e, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+#endif
+
+    return ret;
+}
+#endif /* !WOLFSSL_MLKEM_NO_MAKE_KEY */
+
+/******************************************************************************/
+
+/**
+ * Get the size in bytes of cipher text for key.
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  len  Length of cipher text in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or len is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_MlKemKey_CipherTextSize(MlKemKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Return in 'len' size of the cipher text for the type of this key. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            *len = WC_ML_KEM_512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            *len = WC_ML_KEM_768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            *len = WC_ML_KEM_1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            *len = KYBER512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            *len = KYBER768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            *len = KYBER1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    return ret;
+}
+
+/**
+ * Size of a shared secret in bytes. Always KYBER_SS_SZ.
+ *
+ * @param  [in]   key  Kyber key object. Not used.
+ * @param  [out]  Size of the shared secret created with a Kyber key.
+ * @return  0 on success.
+ * @return  0 to indicate success.
+ */
+int wc_MlKemKey_SharedSecretSize(MlKemKey* key, word32* len)
+{
+    (void)key;
+
+    *len = WC_ML_KEM_SS_SZ;
+
+    return 0;
+}
+
+#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+/* Encapsulate data and derive secret.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE, m, r)
+ * Uses the encryption key to encrypt a plaintext message using the randomness
+ * r.
+ *   1: N <- 0
+ *   2: t_hat <- ByteDecode_12(ek_PKE[0:384k])
+ *                                   > run ByteDecode_12 k times to decode t_hat
+ *   3: rho <- ek_PKE[384k : 384K + 32]
+ *                                            > extract 32-byte seed from ek_PKE
+ *   4-8: generate matrix A_hat
+ *   9-12: generate y
+ *   13-16: generate e_1
+ *   17: generate e_2
+ *   18-19: calculate u
+ *   20: mu <- Decompress_1(ByteDecode_1(m))
+ *   21: calculate v
+ *   22: c_1 <- ByteEncode_d_u(Compress_d_u(u))
+ *                                 > run ByteEncode_d_u and Compress_d_u k times
+ *   23: c_2 <- ByteEncode_d_v(Compress_d_v(v))
+ *   24: return c <- (c_1||c_2)
+ *
+ * @param  [in]  key  Kyber key object.
+ * @param  [in]  m    Random bytes.
+ * @param  [in]  r    Seed to feed to PRF when generating y, e1 and e2.
+ * @param  [out] c    Calculated cipher text.
+ * @return  0 on success.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
+{
+    int ret = 0;
+    sword16* a = NULL;
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+    sword16* mu = NULL;
+    sword16* e1 = NULL;
+    sword16* e2 = NULL;
+#endif
+    unsigned int k = 0;
+    unsigned int compVecSz = 0;
+#ifndef WOLFSSL_NO_MALLOC
+    sword16* y = NULL;
+#else
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+    sword16 y[((WC_ML_KEM_MAX_K + 3) * WC_ML_KEM_MAX_K + 3) * MLKEM_N];
+#else
+    sword16 y[3 * WC_ML_KEM_MAX_K * MLKEM_N];
+#endif
+#endif
+    sword16* u;
+    sword16* v;
+
+    /* Establish parameters based on key type. */
+    switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_ML_KEM_512
+    case WC_ML_KEM_512:
+        k = WC_ML_KEM_512_K;
+        compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_768
+    case WC_ML_KEM_768:
+        k = WC_ML_KEM_768_K;
+        compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_1024
+    case WC_ML_KEM_1024:
+        k = WC_ML_KEM_1024_K;
+        compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+#ifdef WOLFSSL_KYBER512
+    case KYBER512:
+        k = KYBER512_K;
+        compVecSz = KYBER512_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_KYBER768
+    case KYBER768:
+        k = KYBER768_K;
+        compVecSz = KYBER768_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_KYBER1024
+    case KYBER1024:
+        k = KYBER1024_K;
+        compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#endif
+    default:
+        /* No other values supported. */
+        ret = NOT_COMPILED_IN;
+        break;
+    }
+
+#ifndef WOLFSSL_NO_MALLOC
+    if (ret == 0) {
+        /* Allocate dynamic memory for all matrices, vectors and polynomials. */
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+        y = (sword16*)XMALLOC(((k + 3) * k + 3) * MLKEM_N * sizeof(sword16),
+            key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#else
+        y = (sword16*)XMALLOC(3 * k * MLKEM_N * sizeof(sword16), key->heap,
+            DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+        if (y == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+    if (ret == 0) {
+        /* Assign allocated dynamic memory to pointers.
+         * y (b) | a (m) | mu (p) | e1 (p) | e2 (v) | u (v) | v (p) */
+        a  = y  + MLKEM_N * k;
+        mu = a  + MLKEM_N * k * k;
+        e1 = mu + MLKEM_N;
+        e2 = e1 + MLKEM_N * k;
+
+        /* Convert msg to a polynomial.
+         * Step 20: mu <- Decompress_1(ByteDecode_1(m)) */
+        mlkem_from_msg(mu, m);
+
+        /* Initialize the PRF for use in the noise generation. */
+        mlkem_prf_init(&key->prf);
+        /* Generate noise using PRF.
+         * Steps 9-17: generate y, e_1, e_2
+         */
+        ret = mlkem_get_noise(&key->prf, k, y, e1, e2, r);
+    }
+    #ifdef WOLFSSL_MLKEM_CACHE_A
+    if ((ret == 0) && ((key->flags & MLKEM_FLAG_A_SET) != 0)) {
+        unsigned int i;
+        /* Transpose matrix.
+         *   Steps 4-8: generate matrix A_hat (from original) */
+        for (i = 0; i < k; i++) {
+            unsigned int j;
+            for (j = 0; j < k; j++) {
+                XMEMCPY(&a[(i * k + j) * MLKEM_N],
+                        &key->a[(j * k + i) * MLKEM_N],
+                        MLKEM_N * 2);
+            }
+        }
+    }
+    else
+    #endif /* WOLFSSL_MLKEM_CACHE_A */
+    if (ret == 0) {
+        /* Generate the transposed matrix.
+         *   Step 4-8: generate matrix A_hat */
+        ret = mlkem_gen_matrix(&key->prf, a, k, key->pubSeed, 1);
+    }
+    if (ret == 0) {
+        /* Assign remaining allocated dynamic memory to pointers.
+         * y (v) | a (m) | mu (p) | e1 (p) | r2 (v) | u (v) | v (p)*/
+        u  = e2 + MLKEM_N;
+        v  = u  + MLKEM_N * k;
+
+        /* Perform encapsulation maths.
+         *   Steps 18-19, 21: calculate u and v */
+        mlkem_encapsulate(key->pub, u, v, a, y, e1, e2, mu, k);
+    }
+#else /* WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM */
+    if (ret == 0) {
+        /* Assign allocated dynamic memory to pointers.
+         * y (v) | a (v) | u (v) */
+        a = y + MLKEM_N * k;
+
+        /* Initialize the PRF for use in the noise generation. */
+        mlkem_prf_init(&key->prf);
+        /* Generate noise using PRF.
+         * Steps 9-12: generate y */
+        ret = mlkem_get_noise(&key->prf, k, y, NULL, NULL, r);
+    }
+    if (ret == 0) {
+        /* Assign remaining allocated dynamic memory to pointers.
+         * y (v) | at (v) | u (v) */
+        u  = a + MLKEM_N * k;
+        v  = a;
+
+        /* Perform encapsulation maths.
+         *   Steps 13-17: generate e_1 and e_2
+         *   Steps 18-19, 21: calculate u and v */
+        ret = mlkem_encapsulate_seeds(key->pub, &key->prf, u, a, y, k, m,
+            key->pubSeed, r);
+    }
+#endif /* WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM */
+
+    if (ret == 0) {
+        byte* c1 = c;
+        byte* c2 = c + compVecSz;
+
+    #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+        if (k == WC_ML_KEM_512_K) {
+            /* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */
+            mlkem_vec_compress_10(c1, u, k);
+            /* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */
+            mlkem_compress_4(c2, v);
+            /* Step 24: return c <- (c_1||c_2) */
+        }
+    #endif
+    #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+        if (k == WC_ML_KEM_768_K) {
+            /* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */
+            mlkem_vec_compress_10(c1, u, k);
+            /* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */
+            mlkem_compress_4(c2, v);
+            /* Step 24: return c <- (c_1||c_2) */
+        }
+    #endif
+    #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+        if (k == WC_ML_KEM_1024_K) {
+            /* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */
+            mlkem_vec_compress_11(c1, u);
+            /* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */
+            mlkem_compress_5(c2, v);
+            /* Step 24: return c <- (c_1||c_2) */
+        }
+    #endif
+    }
+
+#ifndef WOLFSSL_NO_MALLOC
+    /* Dispose of dynamic memory allocated in function. */
+    XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+#endif
+
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
+/**
+ * Encapsulate with random number generator and derive secret.
+ *
+ * FIPS 203, Algorithm 20: ML-KEM.Encaps(ek)
+ * Uses the encapsulation key to generate a shared secret key and an associated
+ * ciphertext.
+ *   1: m <- B_32                                         > m is 32 random bytes
+ *   2: if m == NULL then
+ *   3:     return falsum
+ *   4: end if
+ *   5: (K,c) <- ML-KEM.Encaps_internal(ek,m)
+ *                                        > run internal encapsulation algorithm
+ *   6: return (K,c)
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  c    Cipher text.
+ * @param  [out]  k    Shared secret generated.
+ * @param  [in]   rng  Random number generator.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key, ct, ss or RNG is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_MlKemKey_Encapsulate(MlKemKey* key, unsigned char* c, unsigned char* k,
+    WC_RNG* rng)
+{
+    int ret = 0;
+    unsigned char m[WC_ML_KEM_ENC_RAND_SZ];
+
+    /* Validate parameters. */
+    if ((key == NULL) || (c == NULL) || (k == NULL) || (rng == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Generate seed for use with PRFs.
+         * Step 1: m is 32 random bytes
+         */
+        ret = wc_RNG_GenerateBlock(rng, m, sizeof(m));
+        /* Step 2: ret is not zero when m == NULL. */
+    }
+    if (ret == 0) {
+        /* Encapsulate with the random.
+         * Step 5: run internal encapsulation algorithm
+         */
+        ret = wc_KyberKey_EncapsulateWithRandom(key, c, k, m, sizeof(m));
+    }
+
+    /* Step 3: return ret != 0 on falsum or internal key generation failure. */
+    return ret;
+}
+
+/**
+ * Encapsulate with random data and derive secret.
+ *
+ * FIPS 203, Algorithm 17: ML-KEM.Encaps_internal(ek, m)
+ * Uses the encapsulation key and randomness to generate a key and an associated
+ * ciphertext.
+ *   Step 1: (K,r) <- G(m||H(ek))
+ *                                 > derive shared secret key K and randomness r
+ *   Step 2: c <- K-PPKE.Encrypt(ek, m, r)
+ *                                     > encrypt m using K-PKE with randomness r
+ *   Step 3: return (K,c)
+ *
+ * @param  [out]  c    Cipher text.
+ * @param  [out]  k    Shared secret generated.
+ * @param  [in]   m    Random bytes.
+ * @param  [in]   len  Length of random bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key, c, k or RNG is NULL.
+ * @return  BUFFER_E when len is not WC_ML_KEM_ENC_RAND_SZ.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_MlKemKey_EncapsulateWithRandom(MlKemKey* key, unsigned char* c,
+    unsigned char* k, const unsigned char* m, int len)
+{
+#ifdef WOLFSSL_MLKEM_KYBER
+    byte msg[KYBER_SYM_SZ];
+#endif
+    byte kr[2 * KYBER_SYM_SZ + 1];
+    int ret = 0;
+#ifdef WOLFSSL_MLKEM_KYBER
+    unsigned int cSz = 0;
+#endif
+
+    /* Validate parameters. */
+    if ((key == NULL) || (c == NULL) || (k == NULL) || (m == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) && (len != WC_ML_KEM_ENC_RAND_SZ)) {
+        ret = BUFFER_E;
+    }
+
+#ifdef WOLFSSL_MLKEM_KYBER
+    if (ret == 0) {
+        /* Establish parameters based on key type. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+    #endif
+            break;
+#endif
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            cSz = KYBER512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            cSz = KYBER768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            cSz = KYBER1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+#endif
+
+    /* If public hash (h) is not stored against key, calculate it
+     * (fields set explicitly instead of using decode).
+     * Step 1: ... H(ek)...
+     */
+    if ((ret == 0) && ((key->flags & MLKEM_FLAG_H_SET) == 0)) {
+    #ifndef WOLFSSL_NO_MALLOC
+        byte* pubKey = NULL;
+        word32 pubKeyLen;
+    #else
+        byte pubKey[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE];
+        word32 pubKeyLen = WC_ML_KEM_MAX_PUBLIC_KEY_SIZE;
+    #endif
+
+    #ifndef WOLFSSL_NO_MALLOC
+        /* Determine how big an encoded public key will be. */
+        ret = wc_KyberKey_PublicKeySize(key, &pubKeyLen);
+        if (ret == 0) {
+            /* Allocate dynamic memory for encoded public key. */
+            pubKey = (byte*)XMALLOC(pubKeyLen, key->heap,
+                DYNAMIC_TYPE_TMP_BUFFER);
+            if (pubKey == NULL) {
+                ret = MEMORY_E;
+            }
+        }
+        if (ret == 0) {
+    #endif
+            /* Encode public key - h is hash of encoded public key. */
+            ret = wc_KyberKey_EncodePublicKey(key, pubKey, pubKeyLen);
+    #ifndef WOLFSSL_NO_MALLOC
+        }
+        /* Dispose of encoded public key. */
+        XFREE(pubKey, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+     #endif
+    }
+    if ((ret == 0) && ((key->flags & MLKEM_FLAG_H_SET) == 0)) {
+        /* Implementation issue if h not cached and flag set. */
+        ret = BAD_STATE_E;
+    }
+
+#ifdef WOLFSSL_MLKEM_KYBER
+    if (ret == 0) {
+#ifndef WOLFSSL_NO_ML_KEM
+        if (key->type & MLKEM_KYBER)
+#endif
+        {
+            /* Hash random to anonymize as seed data. */
+            ret = MLKEM_HASH_H(&key->hash, m, WC_ML_KEM_SYM_SZ, msg);
+        }
+    }
+#endif
+    if (ret == 0) {
+        /* Hash message into seed buffer. */
+#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM)
+        if (key->type & MLKEM_KYBER)
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+        {
+            ret = MLKEM_HASH_G(&key->hash, msg, WC_ML_KEM_SYM_SZ, key->h,
+                WC_ML_KEM_SYM_SZ, kr);
+        }
+#endif
+#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM)
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+        {
+            /* Step 1: (K,r) <- G(m||H(ek)) */
+            ret = MLKEM_HASH_G(&key->hash, m, WC_ML_KEM_SYM_SZ, key->h,
+                WC_ML_KEM_SYM_SZ, kr);
+        }
+#endif
+    }
+
+    if (ret == 0) {
+        /* Encapsulate the message using the key and the seed. */
+#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM)
+        if (key->type & MLKEM_KYBER)
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+        {
+            ret = mlkemkey_encapsulate(key, msg, kr + WC_ML_KEM_SYM_SZ, c);
+        }
+#endif
+#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM)
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+        {
+            /* Step 2: c <- K-PKE.Encrypt(ek,m,r) */
+            ret = mlkemkey_encapsulate(key, m, kr + WC_ML_KEM_SYM_SZ, c);
+        }
+#endif
+    }
+
+#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM)
+    if (key->type & MLKEM_KYBER)
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+    {
+        if (ret == 0) {
+            /* Hash the cipher text after the seed. */
+            ret = MLKEM_HASH_H(&key->hash, c, cSz, kr + WC_ML_KEM_SYM_SZ);
+        }
+        if (ret == 0) {
+            /* Derive the secret from the seed and hash of cipher text. */
+            ret = MLKEM_KDF(kr, 2 * WC_ML_KEM_SYM_SZ, k, WC_ML_KEM_SS_SZ);
+        }
+    }
+#endif
+#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM)
+    else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    {
+        if (ret == 0) {
+            /* return (K,c) */
+            XMEMCPY(k, kr, WC_ML_KEM_SS_SZ);
+        }
+    }
+#endif
+
+    return ret;
+}
+#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE */
+
+/******************************************************************************/
+
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+/* Decapsulate cipher text to the message using key.
+ *
+ * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c)
+ * Uses the decryption key to decrypt a ciphertext.
+ *   1: c1 <- c[0 : 32.d_u.k]
+ *   2: c2 <= c[32.d_u.k : 32(d_u.k + d_v)]
+ *   3: u' <= Decompress_d_u(ByteDecode_d_u(c1))
+ *   4: v' <= Decompress_d_v(ByteDecode_d_v(c2))
+ *   ...
+ *   6: w <- v' - InvNTT(s_hat_trans o NTT(u'))
+ *   7: m <- ByteEncode_1(Compress_1(w))
+ *   8: return m
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  m    Message than was encapsulated.
+ * @param  [in]   c    Cipher text.
+ * @return  0 on success.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+static MLKEM_NOINLINE int mlkemkey_decapsulate(MlKemKey* key, byte* m,
+    const byte* c)
+{
+    int ret = 0;
+    sword16* v;
+    sword16* w;
+    unsigned int k = 0;
+    unsigned int compVecSz;
+#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)
+    sword16* u = NULL;
+#else
+    sword16 u[(WC_ML_KEM_MAX_K + 1) * MLKEM_N];
+#endif
+
+    /* Establish parameters based on key type. */
+    switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+#ifdef WOLFSSL_WC_ML_KEM_512
+    case WC_ML_KEM_512:
+        k = WC_ML_KEM_512_K;
+        compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_768
+    case WC_ML_KEM_768:
+        k = WC_ML_KEM_768_K;
+        compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_WC_ML_KEM_1024
+    case WC_ML_KEM_1024:
+        k = WC_ML_KEM_1024_K;
+        compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+#ifdef WOLFSSL_KYBER512
+    case KYBER512:
+        k = KYBER512_K;
+        compVecSz = KYBER512_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_KYBER768
+    case KYBER768:
+        k = KYBER768_K;
+        compVecSz = KYBER768_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#ifdef WOLFSSL_KYBER1024
+    case KYBER1024:
+        k = KYBER1024_K;
+        compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ;
+        break;
+#endif
+#endif
+    default:
+        /* No other values supported. */
+        ret = NOT_COMPILED_IN;
+        break;
+    }
+
+#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)
+    if (ret == 0) {
+        /* Allocate dynamic memory for a vector and a polynomial. */
+        u = (sword16*)XMALLOC((k + 1) * MLKEM_N * sizeof(sword16), key->heap,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (u == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+    if (ret == 0) {
+        /* Step 1: c1 <- c[0 : 32.d_u.k] */
+        const byte* c1 = c;
+        /* Step 2: c2 <= c[32.d_u.k : 32(d_u.k + d_v)] */
+        const byte* c2 = c + compVecSz;
+
+        /* Assign allocated dynamic memory to pointers.
+         * u (v) | v (p) */
+        v = u + k * MLKEM_N;
+        w = u;
+
+    #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+        if (k == WC_ML_KEM_512_K) {
+            /* Step 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) */
+            mlkem_vec_decompress_10(u, c1, k);
+            /* Step 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) */
+            mlkem_decompress_4(v, c2);
+        }
+    #endif
+    #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+        if (k == WC_ML_KEM_768_K) {
+            /* Step 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) */
+            mlkem_vec_decompress_10(u, c1, k);
+            /* Step 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) */
+            mlkem_decompress_4(v, c2);
+        }
+    #endif
+    #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+        if (k == WC_ML_KEM_1024_K) {
+            /* Step 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) */
+            mlkem_vec_decompress_11(u, c1);
+            /* Step 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) */
+            mlkem_decompress_5(v, c2);
+        }
+    #endif
+
+        /* Decapsulate the cipher text into polynomial.
+         * Step 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) */
+        mlkem_decapsulate(key->priv, w, u, v, k);
+
+        /* Convert the polynomial into a array of bytes (message).
+         * Step 7: m <- ByteEncode_1(Compress_1(w)) */
+        mlkem_to_msg(m, w);
+        /* Step 8: return m */
+    }
+
+#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)
+    /* Dispose of dynamically memory allocated in function. */
+    XFREE(u, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+/**
+ * Decapsulate the cipher text to calculate the shared secret.
+ *
+ * Validates the cipher text by encapsulating and comparing with data passed in.
+ *
+ * FIPS 203, Algorithm 21: ML-KEM.Decaps(dk, c)
+ * Uses the decapsulation key to produce a shared secret key from a ciphertext.
+ *   1: K' <- ML-KEM.Decaps_internal(dk,c)
+ *                                        > run internal decapsulation algorithm
+ *   2: return K'
+ *
+ * FIPS 203, Algorithm 18: ML-KEM.Decaps_internal(dk, c)
+ * Uses the decapsulation key to produce a shared secret key from a ciphertext.
+ *   ...
+ *   1: dk_PKE <- dk[0 : 384k]
+ *                        > extract (from KEM decaps key) the PKE decryption key
+ *   2: ek_PKE <- dk[384k : 768l + 32]
+ *                                                  > extract PKE encryption key
+ *   3: h <- dk[768K + 32 : 768k + 64]
+ *                                          > extract hash of PKE encryption key
+ *   4: z <- dk[768K + 64 : 768k + 96]
+ *                                            > extract implicit rejection value
+ *   5: m' <- K-PKE.Decrypt(dk_PKE, c)                      > decrypt ciphertext
+ *   6: (K', r') <- G(m'||h)
+ *   7: K_bar <- J(z||c)
+ *   8: c' <- K-PKE.Encrypt(ek_PKE, m', r')
+ *                                  > re-encrypt using the derived randomness r'
+ *   9: if c != c' then
+ *  10:      K' <= K_bar
+ *                            > if ciphertexts do not match, "implicitly reject"
+ *  11: end if
+ *  12: return K'
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  ss   Shared secret.
+ * @param  [in]   ct   Cipher text.
+ * @param  [in]   len  Length of cipher text.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key, ss or cr are NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  BUFFER_E when len is not the length of cipher text for the key type.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ */
+int wc_MlKemKey_Decapsulate(MlKemKey* key, unsigned char* ss,
+    const unsigned char* ct, word32 len)
+{
+    byte msg[WC_ML_KEM_SYM_SZ];
+    byte kr[2 * WC_ML_KEM_SYM_SZ + 1];
+    int ret = 0;
+    unsigned int ctSz = 0;
+    unsigned int i = 0;
+    int fail = 0;
+#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)
+    byte* cmp = NULL;
+#else
+    byte cmp[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE];
+#endif
+
+    /* Validate parameters. */
+    if ((key == NULL) || (ss == NULL) || (ct == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Establish cipher text size based on key type. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            ctSz = WC_ML_KEM_512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            ctSz = WC_ML_KEM_768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            ctSz = WC_ML_KEM_1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            ctSz = KYBER512_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            ctSz = KYBER768_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            ctSz = KYBER1024_CIPHER_TEXT_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    /* Ensure the cipher text passed in is the correct size. */
+    if ((ret == 0) && (len != ctSz)) {
+        ret = BUFFER_E;
+    }
+
+#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)
+    if (ret == 0) {
+        /* Allocate memory for cipher text that is generated. */
+        cmp = (byte*)XMALLOC(ctSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (cmp == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+
+    if (ret == 0) {
+        /* Decapsulate the cipher text. */
+        ret = mlkemkey_decapsulate(key, msg, ct);
+    }
+    if (ret == 0) {
+        /* Hash message into seed buffer. */
+        ret = MLKEM_HASH_G(&key->hash, msg, WC_ML_KEM_SYM_SZ, key->h,
+            WC_ML_KEM_SYM_SZ, kr);
+    }
+    if (ret == 0) {
+        /* Encapsulate the message. */
+        ret = mlkemkey_encapsulate(key, msg, kr + WC_ML_KEM_SYM_SZ, cmp);
+    }
+    if (ret == 0) {
+        /* Compare generated cipher text with that passed in. */
+        fail = mlkem_cmp(ct, cmp, ctSz);
+
+#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM)
+        if (key->type & MLKEM_KYBER)
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+        {
+            /* Hash the cipher text after the seed. */
+            ret = MLKEM_HASH_H(&key->hash, ct, ctSz, kr + WC_ML_KEM_SYM_SZ);
+            if (ret == 0) {
+                /* Change seed to z on comparison failure. */
+                for (i = 0; i < WC_ML_KEM_SYM_SZ; i++) {
+                    kr[i] ^= (kr[i] ^ key->z[i]) & fail;
+                }
+
+                /* Derive the secret from the seed and hash of cipher text. */
+                ret = MLKEM_KDF(kr, 2 * WC_ML_KEM_SYM_SZ, ss, WC_ML_KEM_SS_SZ);
+            }
+        }
+#endif
+#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM)
+        else
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+        {
+            ret = mlkem_derive_secret(&key->prf, key->z, ct, ctSz, msg);
+            if (ret == 0) {
+               /* Set secret to kr or fake secret on comparison failure. */
+               for (i = 0; i < WC_ML_KEM_SYM_SZ; i++) {
+                   ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail);
+               }
+            }
+        }
+#endif
+    }
+
+#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)
+    /* Dispose of dynamic memory allocated in function. */
+    if (key != NULL) {
+        XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+#endif
+
+    return ret;
+}
+#endif /* WOLFSSL_MLKEM_NO_DECAPSULATE */
+
+/******************************************************************************/
+
+/**
+ * Get the public key and public seed from bytes.
+ *
+ * FIPS 203, Algorithm 14 K-PKE.Encrypt(ek_PKE, m, r)
+ *   ...
+ *   2: t <- ByteDecode_12(ek_PKE[0 : 384k])
+ *   3: rho <- ek_PKE[384k :  384k + 32]
+ *   ...
+ *
+ * @param [out] pub      Public key - vector.
+ * @param [out] pubSeed  Public seed.
+ * @param [in]  p        Public key data.
+ * @param [in]  k        Number of polynomials in vector.
+ */
+static void mlkemkey_decode_public(sword16* pub, byte* pubSeed, const byte* p,
+    unsigned int k)
+{
+    unsigned int i;
+
+    /* Decode public key that is vector of polynomials.
+     * Step 2: t <- ByteDecode_12(ek_PKE[0 : 384k]) */
+    mlkem_from_bytes(pub, p, k);
+    p += k * WC_ML_KEM_POLY_SIZE;
+
+    /* Read public key seed.
+     * Step 3: rho <- ek_PKE[384k :  384k + 32] */
+    for (i = 0; i < WC_ML_KEM_SYM_SZ; i++) {
+        pubSeed[i] = p[i];
+    }
+}
+
+/**
+ * Decode the private key.
+ *
+ * Private Vector | Public Key | Public Hash | Randomizer
+ *
+ * FIPS 203, Algorithm 18: ML-KEM.Decaps_internal(dk, c)
+ *   1: dk_PKE <- dk[0 : 384k]
+ *                        > extract (from KEM decaps key) the PKE decryption key
+ *   2: ek_PKE <- dk[384k : 768l + 32]
+ *                                                  > extract PKE encryption key
+ *   3: h <- dk[768K + 32 : 768k + 64]
+ *                                          > extract hash of PKE encryption key
+ *   4: z <- dk[768K + 64 : 768k + 96]
+ *                                            > extract implicit rejection value
+ *
+ * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE, c)
+ *   ...
+ *   5: s_hat <= ByteDecode_12(dk_PKE)
+ *   ...
+ *
+ * @param  [in, out]  key  Kyber key object.
+ * @param  [in]       in   Buffer holding encoded key.
+ * @param  [in]       len  Length of data in buffer.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or in is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  BUFFER_E when len is not the correct size.
+ */
+int wc_MlKemKey_DecodePrivateKey(MlKemKey* key, const unsigned char* in,
+    word32 len)
+{
+    int ret = 0;
+    word32 privLen = 0;
+    word32 pubLen = 0;
+    unsigned int k = 0;
+    const unsigned char* p = in;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Establish parameters based on key type. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE;
+            pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE;
+            pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE;
+            pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            privLen = KYBER512_PRIVATE_KEY_SIZE;
+            pubLen = KYBER512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            privLen = KYBER768_PRIVATE_KEY_SIZE;
+            pubLen = KYBER768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            privLen = KYBER1024_PRIVATE_KEY_SIZE;
+            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+    /* Ensure the data is the correct length for the key type. */
+    if ((ret == 0) && (len != privLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        /* Decode private key that is vector of polynomials.
+         * Alg 18 Step 1: dk_PKE <- dk[0 : 384k]
+         * Alg 15 Step 5: s_hat <- ByteDecode_12(dk_PKE) */
+        mlkem_from_bytes(key->priv, p, k);
+        p += k * WC_ML_KEM_POLY_SIZE;
+
+        /* Decode the public key that is after the private key. */
+        mlkemkey_decode_public(key->pub, key->pubSeed, p, k);
+        p += pubLen;
+
+        /* Copy the hash of the encoded public key that is after public key. */
+        XMEMCPY(key->h, p, sizeof(key->h));
+        p += WC_ML_KEM_SYM_SZ;
+        /* Copy the z (randomizer) that is after hash. */
+        XMEMCPY(key->z, p, sizeof(key->z));
+
+        /* Set flags */
+        key->flags |= MLKEM_FLAG_H_SET | MLKEM_FLAG_BOTH_SET;
+    }
+
+    return ret;
+}
+
+/**
+ * Decode public key.
+ *
+ * Public vector | Public Seed
+ *
+ * @param  [in, out]  key  Kyber key object.
+ * @param  [in]       in   Buffer holding encoded key.
+ * @param  [in]       len  Length of data in buffer.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or in is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ * @return  BUFFER_E when len is not the correct size.
+ */
+int wc_MlKemKey_DecodePublicKey(MlKemKey* key, const unsigned char* in,
+    word32 len)
+{
+    int ret = 0;
+    word32 pubLen = 0;
+    unsigned int k = 0;
+    const unsigned char* p = in;
+
+    if ((key == NULL) || (in == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Establish parameters based on key type. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            pubLen = KYBER512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            pubLen = KYBER768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+    /* Ensure the data is the correct length for the key type. */
+    if ((ret == 0) && (len != pubLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        mlkemkey_decode_public(key->pub, key->pubSeed, p, k);
+
+        /* Calculate public hash. */
+        ret = MLKEM_HASH_H(&key->hash, in, len, key->h);
+    }
+    if (ret == 0) {
+        /* Record public key and public hash set. */
+        key->flags |= MLKEM_FLAG_PUB_SET | MLKEM_FLAG_H_SET;
+    }
+
+    return ret;
+}
+
+/**
+ * Get the size in bytes of encoded private key for the key.
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  len  Length of encoded private key in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or len is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_MlKemKey_PrivateKeySize(MlKemKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Return in 'len' size of the encoded private key for the type of this
+         * key. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            *len = WC_ML_KEM_512_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            *len = WC_ML_KEM_768_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            *len = WC_ML_KEM_1024_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            *len = KYBER512_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            *len = KYBER768_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            *len = KYBER1024_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    return ret;
+}
+
+/**
+ * Get the size in bytes of encoded public key for the key.
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  len  Length of encoded public key in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or len is NULL.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_MlKemKey_PublicKeySize(MlKemKey* key, word32* len)
+{
+    int ret = 0;
+
+    /* Validate parameters. */
+    if ((key == NULL) || (len == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        /* Return in 'len' size of the encoded public key for the type of this
+         * key. */
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            *len = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            *len = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            *len = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            *len = KYBER512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            *len = KYBER768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            *len = KYBER1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+
+    return ret;
+}
+
+/**
+ * Encode the private key.
+ *
+ * Private Vector | Public Key | Public Hash | Randomizer
+ *
+ * FIPS 203, Algorithm 16: ML-KEM.KeyGen_internal(d,z)
+ *   ...
+ *   3: dk <- (dk_PKE||ek||H(ek)||z)
+ *   ...
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   20: dk_PKE  <- ByteEncode_12(s_hat)
+ *   ...
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  out  Buffer to hold data.
+ * @param  [in]   len  Size of buffer in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or out is NULL or private/public key not
+ * available.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_MlKemKey_EncodePrivateKey(MlKemKey* key, unsigned char* out, word32 len)
+{
+    int ret = 0;
+    unsigned int k = 0;
+    unsigned int pubLen = 0;
+    unsigned int privLen = 0;
+    unsigned char* p = out;
+
+    if ((key == NULL) || (out == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) &&
+            ((key->flags & MLKEM_FLAG_BOTH_SET) != MLKEM_FLAG_BOTH_SET)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            pubLen = KYBER512_PUBLIC_KEY_SIZE;
+            privLen = KYBER512_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            pubLen = KYBER768_PUBLIC_KEY_SIZE;
+            privLen = KYBER768_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
+            privLen = KYBER1024_PRIVATE_KEY_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+    /* Check buffer is big enough for encoding. */
+    if ((ret == 0) && (len != privLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        /* Encode private key that is vector of polynomials. */
+        mlkem_to_bytes(p, key->priv, k);
+        p += WC_ML_KEM_POLY_SIZE * k;
+
+        /* Encode public key. */
+        ret = wc_KyberKey_EncodePublicKey(key, p, pubLen);
+        p += pubLen;
+    }
+    /* Ensure hash of public key is available. */
+    if ((ret == 0) && ((key->flags & MLKEM_FLAG_H_SET) == 0)) {
+        ret = MLKEM_HASH_H(&key->hash, p - pubLen, pubLen, key->h);
+    }
+    if (ret == 0) {
+        /* Public hash is available. */
+        key->flags |= MLKEM_FLAG_H_SET;
+        /* Append public hash. */
+        XMEMCPY(p, key->h, sizeof(key->h));
+        p += WC_ML_KEM_SYM_SZ;
+        /* Append z (randomizer). */
+        XMEMCPY(p, key->z, sizeof(key->z));
+    }
+
+    return ret;
+}
+
+/**
+ * Encode the public key.
+ *
+ * Public vector | Public Seed
+ *
+ * FIPS 203, Algorithm 16: ML-KEM.KeyGen_internal(d,z)
+ *   ...
+ *   2: ek <- ek_PKE
+ *   ...
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   19: ek_PKE  <- ByteEncode_12(t_hat)||rho
+ *   ...
+ *
+ * @param  [in]   key  Kyber key object.
+ * @param  [out]  out  Buffer to hold data.
+ * @param  [in]   len  Size of buffer in bytes.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key or out is NULL or public key not available.
+ * @return  NOT_COMPILED_IN when key type is not supported.
+ */
+int wc_MlKemKey_EncodePublicKey(MlKemKey* key, unsigned char* out, word32 len)
+{
+    int ret = 0;
+    unsigned int k = 0;
+    unsigned int pubLen = 0;
+    unsigned char* p = out;
+
+    if ((key == NULL) || (out == NULL)) {
+        ret = BAD_FUNC_ARG;
+    }
+    if ((ret == 0) &&
+            ((key->flags & MLKEM_FLAG_PUB_SET) != MLKEM_FLAG_PUB_SET)) {
+        ret = BAD_FUNC_ARG;
+    }
+
+    if (ret == 0) {
+        switch (key->type) {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        case WC_ML_KEM_512:
+            k = WC_ML_KEM_512_K;
+            pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        case WC_ML_KEM_768:
+            k = WC_ML_KEM_768_K;
+            pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        case WC_ML_KEM_1024:
+            k = WC_ML_KEM_1024_K;
+            pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifdef WOLFSSL_KYBER512
+        case KYBER512:
+            k = KYBER512_K;
+            pubLen = KYBER512_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER768
+        case KYBER768:
+            k = KYBER768_K;
+            pubLen = KYBER768_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_KYBER1024
+        case KYBER1024:
+            k = KYBER1024_K;
+            pubLen = KYBER1024_PUBLIC_KEY_SIZE;
+            break;
+    #endif
+#endif
+        default:
+            /* No other values supported. */
+            ret = NOT_COMPILED_IN;
+            break;
+        }
+    }
+    /* Check buffer is big enough for encoding. */
+    if ((ret == 0) && (len != pubLen)) {
+        ret = BUFFER_E;
+    }
+
+    if (ret == 0) {
+        int i;
+
+        /* Encode public key polynomial by polynomial. */
+        mlkem_to_bytes(p, key->pub, k);
+        p += k * WC_ML_KEM_POLY_SIZE;
+
+        /* Append public seed. */
+        for (i = 0; i < WC_ML_KEM_SYM_SZ; i++) {
+            p[i] = key->pubSeed[i];
+        }
+
+        /* Make sure public hash is set. */
+        if ((key->flags & MLKEM_FLAG_H_SET) == 0) {
+            ret = MLKEM_HASH_H(&key->hash, out, len, key->h);
+        }
+    }
+    if (ret == 0) {
+        /* Public hash is set. */
+        key->flags |= MLKEM_FLAG_H_SET;
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_WC_MLKEM */
diff --git a/wolfcrypt/src/wc_kyber_asm.S b/wolfcrypt/src/wc_mlkem_asm.S
similarity index 94%
rename from wolfcrypt/src/wc_kyber_asm.S
rename to wolfcrypt/src/wc_mlkem_asm.S
index 9dff0f7bd..6790996da 100644
--- a/wolfcrypt/src/wc_kyber_asm.S
+++ b/wolfcrypt/src/wc_mlkem_asm.S
@@ -1,6 +1,6 @@
-/* wc_kyber_asm.S */
+/* wc_mlkem_asm.S */
 /*
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,10 +42,12 @@
 #define HAVE_INTEL_AVX1
 #endif /* HAVE_INTEL_AVX1 */
 #ifndef NO_AVX2_SUPPORT
+#ifndef HAVE_INTEL_AVX2
 #define HAVE_INTEL_AVX2
+#endif /* HAVE_INTEL_AVX2 */
 #endif /* NO_AVX2_SUPPORT */
 
-#ifdef WOLFSSL_WC_KYBER
+#ifdef WOLFSSL_WC_MLKEM
 #ifdef HAVE_INTEL_AVX2
 #ifndef __APPLE__
 .data
@@ -57,7 +59,7 @@
 #else
 .p2align	4
 #endif /* __APPLE__ */
-kyber_q:
+mlkem_q:
 .value	0xd01,0xd01
 .value	0xd01,0xd01
 .value	0xd01,0xd01
@@ -76,7 +78,7 @@ kyber_q:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-kyber_qinv:
+mlkem_qinv:
 .value	0xf301,0xf301
 .value	0xf301,0xf301
 .value	0xf301,0xf301
@@ -95,7 +97,7 @@ kyber_qinv:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-kyber_f:
+mlkem_f:
 .value	0x549,0x549
 .value	0x549,0x549
 .value	0x549,0x549
@@ -114,7 +116,7 @@ kyber_f:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-kyber_f_qinv:
+mlkem_f_qinv:
 .value	0x5049,0x5049
 .value	0x5049,0x5049
 .value	0x5049,0x5049
@@ -133,7 +135,7 @@ kyber_f_qinv:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-kyber_v:
+mlkem_v:
 .value	0x4ebf,0x4ebf
 .value	0x4ebf,0x4ebf
 .value	0x4ebf,0x4ebf
@@ -152,7 +154,7 @@ kyber_v:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_avx2_zetas:
+L_mlkem_avx2_zetas:
 .value	0xa0b,0xa0b
 .value	0xa0b,0xa0b
 .value	0xa0b,0xa0b
@@ -787,7 +789,7 @@ L_kyber_avx2_zetas:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_avx2_zetas_basemul:
+L_mlkem_avx2_zetas_basemul:
 .value	0x8b2,0x81e
 .value	0xf74e,0xf7e2
 .value	0x1ae,0x367
@@ -926,7 +928,7 @@ L_kyber_avx2_zetas_basemul:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_avx2_zetas_inv:
+L_mlkem_avx2_zetas_inv:
 .value	0x6a5,0x6a5
 .value	0x5b4,0x5b4
 .value	0x70f,0x70f
@@ -1569,25 +1571,27 @@ L_kyber_avx2_zetas_inv:
 .value	0xd8a1,0xd8a1
 #ifndef __APPLE__
 .text
-.globl	kyber_keygen_avx2
-.type	kyber_keygen_avx2,@function
+.globl	mlkem_keygen_avx2
+.type	mlkem_keygen_avx2,@function
 .align	16
-kyber_keygen_avx2:
+mlkem_keygen_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_keygen_avx2
+.globl	_mlkem_keygen_avx2
 .p2align	4
-_kyber_keygen_avx2:
+_mlkem_keygen_avx2:
 #endif /* __APPLE__ */
-        vmovdqu	kyber_q(%rip), %ymm14
-        vmovdqu	kyber_v(%rip), %ymm15
-        movq	%r8, %r9
+        pushq	%r12
+        vmovdqu	mlkem_q(%rip), %ymm14
+        vmovdqu	mlkem_v(%rip), %ymm15
+        movq	%rdi, %r11
+        movslq	%r8d, %r9
         movq	%rdi, %r10
-L_kyber_keygen_avx2_priv:
+L_mlkem_keygen_avx2_priv:
         # ntt
-        leaq	L_kyber_avx2_zetas(%rip), %r11
-        vmovdqu	(%r11), %ymm10
-        vmovdqu	32(%r11), %ymm12
+        leaq	L_mlkem_avx2_zetas(%rip), %r12
+        vmovdqu	(%r12), %ymm10
+        vmovdqu	32(%r12), %ymm12
         vmovdqu	128(%r10), %ymm0
         vmovdqu	160(%r10), %ymm1
         vmovdqu	192(%r10), %ymm2
@@ -1669,8 +1673,8 @@ L_kyber_keygen_avx2_priv:
         vmovdqu	192(%r10), %ymm6
         vmovdqu	224(%r10), %ymm7
         # 64: 0/3
-        vmovdqu	64(%r11), %ymm10
-        vmovdqu	96(%r11), %ymm12
+        vmovdqu	64(%r12), %ymm10
+        vmovdqu	96(%r12), %ymm12
         vpmullw	%ymm12, %ymm4, %ymm8
         vpmullw	%ymm12, %ymm5, %ymm9
         vpmulhw	%ymm10, %ymm4, %ymm4
@@ -1696,8 +1700,8 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm8, %ymm2, %ymm2
         vpaddw	%ymm9, %ymm3, %ymm3
         # 32: 0/3
-        vmovdqu	128(%r11), %ymm10
-        vmovdqu	160(%r11), %ymm12
+        vmovdqu	128(%r12), %ymm10
+        vmovdqu	160(%r12), %ymm12
         vpmullw	%ymm12, %ymm2, %ymm8
         vpmullw	%ymm12, %ymm3, %ymm9
         vpmulhw	%ymm10, %ymm2, %ymm2
@@ -1711,8 +1715,8 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm1, %ymm1
         # 32: 0/3
-        vmovdqu	192(%r11), %ymm10
-        vmovdqu	224(%r11), %ymm12
+        vmovdqu	192(%r12), %ymm10
+        vmovdqu	224(%r12), %ymm12
         vpmullw	%ymm12, %ymm6, %ymm8
         vpmullw	%ymm12, %ymm7, %ymm9
         vpmulhw	%ymm10, %ymm6, %ymm6
@@ -1726,10 +1730,10 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm8, %ymm4, %ymm4
         vpaddw	%ymm9, %ymm5, %ymm5
         # 16: 0/3
-        vmovdqu	256(%r11), %ymm10
-        vmovdqu	288(%r11), %ymm12
-        vmovdqu	320(%r11), %ymm11
-        vmovdqu	352(%r11), %ymm13
+        vmovdqu	256(%r12), %ymm10
+        vmovdqu	288(%r12), %ymm12
+        vmovdqu	320(%r12), %ymm11
+        vmovdqu	352(%r12), %ymm13
         vpmullw	%ymm12, %ymm1, %ymm8
         vpmullw	%ymm13, %ymm3, %ymm9
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -1743,10 +1747,10 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm2, %ymm2
         # 16: 0/3
-        vmovdqu	384(%r11), %ymm10
-        vmovdqu	416(%r11), %ymm12
-        vmovdqu	448(%r11), %ymm11
-        vmovdqu	480(%r11), %ymm13
+        vmovdqu	384(%r12), %ymm10
+        vmovdqu	416(%r12), %ymm12
+        vmovdqu	448(%r12), %ymm11
+        vmovdqu	480(%r12), %ymm13
         vpmullw	%ymm12, %ymm5, %ymm8
         vpmullw	%ymm13, %ymm7, %ymm9
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -1761,13 +1765,13 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm9, %ymm6, %ymm6
         # 8: 0/3
         vperm2i128	$32, %ymm1, %ymm0, %ymm8
-        vmovdqu	512(%r11), %ymm10
+        vmovdqu	512(%r12), %ymm10
         vperm2i128	$49, %ymm1, %ymm0, %ymm1
-        vmovdqu	544(%r11), %ymm12
+        vmovdqu	544(%r12), %ymm12
         vperm2i128	$32, %ymm3, %ymm2, %ymm9
-        vmovdqu	576(%r11), %ymm11
+        vmovdqu	576(%r12), %ymm11
         vperm2i128	$49, %ymm3, %ymm2, %ymm3
-        vmovdqu	608(%r11), %ymm13
+        vmovdqu	608(%r12), %ymm13
         vpmullw	%ymm12, %ymm1, %ymm0
         vpmullw	%ymm13, %ymm3, %ymm2
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -1781,10 +1785,10 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm0, %ymm8, %ymm8
         vpaddw	%ymm2, %ymm9, %ymm9
         # 4: 0/3
-        vmovdqu	640(%r11), %ymm10
-        vmovdqu	672(%r11), %ymm12
-        vmovdqu	704(%r11), %ymm11
-        vmovdqu	736(%r11), %ymm13
+        vmovdqu	640(%r12), %ymm10
+        vmovdqu	672(%r12), %ymm12
+        vmovdqu	704(%r12), %ymm11
+        vmovdqu	736(%r12), %ymm13
         vpunpcklqdq	%ymm1, %ymm8, %ymm0
         vpunpckhqdq	%ymm1, %ymm8, %ymm1
         vpunpcklqdq	%ymm3, %ymm9, %ymm2
@@ -1803,13 +1807,13 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm9, %ymm2, %ymm2
         # 8: 0/3
         vperm2i128	$32, %ymm5, %ymm4, %ymm8
-        vmovdqu	768(%r11), %ymm10
+        vmovdqu	768(%r12), %ymm10
         vperm2i128	$49, %ymm5, %ymm4, %ymm5
-        vmovdqu	800(%r11), %ymm12
+        vmovdqu	800(%r12), %ymm12
         vperm2i128	$32, %ymm7, %ymm6, %ymm9
-        vmovdqu	832(%r11), %ymm11
+        vmovdqu	832(%r12), %ymm11
         vperm2i128	$49, %ymm7, %ymm6, %ymm7
-        vmovdqu	864(%r11), %ymm13
+        vmovdqu	864(%r12), %ymm13
         vpmullw	%ymm12, %ymm5, %ymm4
         vpmullw	%ymm13, %ymm7, %ymm6
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -1823,10 +1827,10 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm4, %ymm8, %ymm8
         vpaddw	%ymm6, %ymm9, %ymm9
         # 4: 0/3
-        vmovdqu	896(%r11), %ymm10
-        vmovdqu	928(%r11), %ymm12
-        vmovdqu	960(%r11), %ymm11
-        vmovdqu	992(%r11), %ymm13
+        vmovdqu	896(%r12), %ymm10
+        vmovdqu	928(%r12), %ymm12
+        vmovdqu	960(%r12), %ymm11
+        vmovdqu	992(%r12), %ymm13
         vpunpcklqdq	%ymm5, %ymm8, %ymm4
         vpunpckhqdq	%ymm5, %ymm8, %ymm5
         vpunpcklqdq	%ymm7, %ymm9, %ymm6
@@ -1844,10 +1848,10 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm8, %ymm4, %ymm4
         vpaddw	%ymm9, %ymm6, %ymm6
         # 2: 0/3
-        vmovdqu	1024(%r11), %ymm10
-        vmovdqu	1056(%r11), %ymm12
-        vmovdqu	1088(%r11), %ymm11
-        vmovdqu	1120(%r11), %ymm13
+        vmovdqu	1024(%r12), %ymm10
+        vmovdqu	1056(%r12), %ymm12
+        vmovdqu	1088(%r12), %ymm11
+        vmovdqu	1120(%r12), %ymm13
         vpsllq	$32, %ymm1, %ymm8
         vpsrlq	$32, %ymm0, %ymm9
         vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
@@ -1869,10 +1873,10 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm2, %ymm2
         # 2: 0/3
-        vmovdqu	1152(%r11), %ymm10
-        vmovdqu	1184(%r11), %ymm12
-        vmovdqu	1216(%r11), %ymm11
-        vmovdqu	1248(%r11), %ymm13
+        vmovdqu	1152(%r12), %ymm10
+        vmovdqu	1184(%r12), %ymm12
+        vmovdqu	1216(%r12), %ymm11
+        vmovdqu	1248(%r12), %ymm13
         vpsllq	$32, %ymm5, %ymm8
         vpsrlq	$32, %ymm4, %ymm9
         vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
@@ -1958,8 +1962,8 @@ L_kyber_keygen_avx2_priv:
         vmovdqu	448(%r10), %ymm6
         vmovdqu	480(%r10), %ymm7
         # 64: 1/3
-        vmovdqu	1280(%r11), %ymm10
-        vmovdqu	1312(%r11), %ymm12
+        vmovdqu	1280(%r12), %ymm10
+        vmovdqu	1312(%r12), %ymm12
         vpmullw	%ymm12, %ymm4, %ymm8
         vpmullw	%ymm12, %ymm5, %ymm9
         vpmulhw	%ymm10, %ymm4, %ymm4
@@ -1985,8 +1989,8 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm8, %ymm2, %ymm2
         vpaddw	%ymm9, %ymm3, %ymm3
         # 32: 1/3
-        vmovdqu	1344(%r11), %ymm10
-        vmovdqu	1376(%r11), %ymm12
+        vmovdqu	1344(%r12), %ymm10
+        vmovdqu	1376(%r12), %ymm12
         vpmullw	%ymm12, %ymm2, %ymm8
         vpmullw	%ymm12, %ymm3, %ymm9
         vpmulhw	%ymm10, %ymm2, %ymm2
@@ -2000,8 +2004,8 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm1, %ymm1
         # 32: 1/3
-        vmovdqu	1408(%r11), %ymm10
-        vmovdqu	1440(%r11), %ymm12
+        vmovdqu	1408(%r12), %ymm10
+        vmovdqu	1440(%r12), %ymm12
         vpmullw	%ymm12, %ymm6, %ymm8
         vpmullw	%ymm12, %ymm7, %ymm9
         vpmulhw	%ymm10, %ymm6, %ymm6
@@ -2015,10 +2019,10 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm8, %ymm4, %ymm4
         vpaddw	%ymm9, %ymm5, %ymm5
         # 16: 1/3
-        vmovdqu	1472(%r11), %ymm10
-        vmovdqu	1504(%r11), %ymm12
-        vmovdqu	1536(%r11), %ymm11
-        vmovdqu	1568(%r11), %ymm13
+        vmovdqu	1472(%r12), %ymm10
+        vmovdqu	1504(%r12), %ymm12
+        vmovdqu	1536(%r12), %ymm11
+        vmovdqu	1568(%r12), %ymm13
         vpmullw	%ymm12, %ymm1, %ymm8
         vpmullw	%ymm13, %ymm3, %ymm9
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -2032,10 +2036,10 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm2, %ymm2
         # 16: 1/3
-        vmovdqu	1600(%r11), %ymm10
-        vmovdqu	1632(%r11), %ymm12
-        vmovdqu	1664(%r11), %ymm11
-        vmovdqu	1696(%r11), %ymm13
+        vmovdqu	1600(%r12), %ymm10
+        vmovdqu	1632(%r12), %ymm12
+        vmovdqu	1664(%r12), %ymm11
+        vmovdqu	1696(%r12), %ymm13
         vpmullw	%ymm12, %ymm5, %ymm8
         vpmullw	%ymm13, %ymm7, %ymm9
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -2050,13 +2054,13 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm9, %ymm6, %ymm6
         # 8: 1/3
         vperm2i128	$32, %ymm1, %ymm0, %ymm8
-        vmovdqu	1728(%r11), %ymm10
+        vmovdqu	1728(%r12), %ymm10
         vperm2i128	$49, %ymm1, %ymm0, %ymm1
-        vmovdqu	1760(%r11), %ymm12
+        vmovdqu	1760(%r12), %ymm12
         vperm2i128	$32, %ymm3, %ymm2, %ymm9
-        vmovdqu	1792(%r11), %ymm11
+        vmovdqu	1792(%r12), %ymm11
         vperm2i128	$49, %ymm3, %ymm2, %ymm3
-        vmovdqu	1824(%r11), %ymm13
+        vmovdqu	1824(%r12), %ymm13
         vpmullw	%ymm12, %ymm1, %ymm0
         vpmullw	%ymm13, %ymm3, %ymm2
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -2070,10 +2074,10 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm0, %ymm8, %ymm8
         vpaddw	%ymm2, %ymm9, %ymm9
         # 4: 1/3
-        vmovdqu	1856(%r11), %ymm10
-        vmovdqu	1888(%r11), %ymm12
-        vmovdqu	1920(%r11), %ymm11
-        vmovdqu	1952(%r11), %ymm13
+        vmovdqu	1856(%r12), %ymm10
+        vmovdqu	1888(%r12), %ymm12
+        vmovdqu	1920(%r12), %ymm11
+        vmovdqu	1952(%r12), %ymm13
         vpunpcklqdq	%ymm1, %ymm8, %ymm0
         vpunpckhqdq	%ymm1, %ymm8, %ymm1
         vpunpcklqdq	%ymm3, %ymm9, %ymm2
@@ -2092,13 +2096,13 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm9, %ymm2, %ymm2
         # 8: 1/3
         vperm2i128	$32, %ymm5, %ymm4, %ymm8
-        vmovdqu	1984(%r11), %ymm10
+        vmovdqu	1984(%r12), %ymm10
         vperm2i128	$49, %ymm5, %ymm4, %ymm5
-        vmovdqu	2016(%r11), %ymm12
+        vmovdqu	2016(%r12), %ymm12
         vperm2i128	$32, %ymm7, %ymm6, %ymm9
-        vmovdqu	2048(%r11), %ymm11
+        vmovdqu	2048(%r12), %ymm11
         vperm2i128	$49, %ymm7, %ymm6, %ymm7
-        vmovdqu	2080(%r11), %ymm13
+        vmovdqu	2080(%r12), %ymm13
         vpmullw	%ymm12, %ymm5, %ymm4
         vpmullw	%ymm13, %ymm7, %ymm6
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -2112,10 +2116,10 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm4, %ymm8, %ymm8
         vpaddw	%ymm6, %ymm9, %ymm9
         # 4: 1/3
-        vmovdqu	2112(%r11), %ymm10
-        vmovdqu	2144(%r11), %ymm12
-        vmovdqu	2176(%r11), %ymm11
-        vmovdqu	2208(%r11), %ymm13
+        vmovdqu	2112(%r12), %ymm10
+        vmovdqu	2144(%r12), %ymm12
+        vmovdqu	2176(%r12), %ymm11
+        vmovdqu	2208(%r12), %ymm13
         vpunpcklqdq	%ymm5, %ymm8, %ymm4
         vpunpckhqdq	%ymm5, %ymm8, %ymm5
         vpunpcklqdq	%ymm7, %ymm9, %ymm6
@@ -2133,10 +2137,10 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm8, %ymm4, %ymm4
         vpaddw	%ymm9, %ymm6, %ymm6
         # 2: 1/3
-        vmovdqu	2240(%r11), %ymm10
-        vmovdqu	2272(%r11), %ymm12
-        vmovdqu	2304(%r11), %ymm11
-        vmovdqu	2336(%r11), %ymm13
+        vmovdqu	2240(%r12), %ymm10
+        vmovdqu	2272(%r12), %ymm12
+        vmovdqu	2304(%r12), %ymm11
+        vmovdqu	2336(%r12), %ymm13
         vpsllq	$32, %ymm1, %ymm8
         vpsrlq	$32, %ymm0, %ymm9
         vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
@@ -2158,10 +2162,10 @@ L_kyber_keygen_avx2_priv:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm2, %ymm2
         # 2: 1/3
-        vmovdqu	2368(%r11), %ymm10
-        vmovdqu	2400(%r11), %ymm12
-        vmovdqu	2432(%r11), %ymm11
-        vmovdqu	2464(%r11), %ymm13
+        vmovdqu	2368(%r12), %ymm10
+        vmovdqu	2400(%r12), %ymm12
+        vmovdqu	2432(%r12), %ymm11
+        vmovdqu	2464(%r12), %ymm13
         vpsllq	$32, %ymm5, %ymm8
         vpsrlq	$32, %ymm4, %ymm9
         vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
@@ -2240,15 +2244,15 @@ L_kyber_keygen_avx2_priv:
         vmovdqu	%ymm9, 480(%r10)
         addq	$0x200, %r10
         subq	$0x01, %r9
-        jg	L_kyber_keygen_avx2_priv
-        vmovdqu	kyber_qinv(%rip), %ymm13
-        movq	%r8, %rax
+        jg	L_mlkem_keygen_avx2_priv
+        vmovdqu	mlkem_qinv(%rip), %ymm13
+        movslq	%r8d, %rax
         movq	%rsi, %r10
-L_kyber_keygen_avx2_acc:
+L_mlkem_keygen_avx2_acc:
         # Pointwise acc mont
-        movq	%r8, %r9
+        movslq	%r8d, %r9
         # Base mul mont
-        leaq	L_kyber_avx2_zetas_basemul(%rip), %r11
+        leaq	L_mlkem_avx2_zetas_basemul(%rip), %r12
         vmovdqu	(%rcx), %ymm2
         vmovdqu	32(%rcx), %ymm3
         vpslld	$16, %ymm3, %ymm6
@@ -2261,8 +2265,8 @@ L_kyber_keygen_avx2_acc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	(%r11), %ymm10
-        vmovdqu	32(%r11), %ymm11
+        vmovdqu	(%r12), %ymm10
+        vmovdqu	32(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2305,8 +2309,8 @@ L_kyber_keygen_avx2_acc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	64(%r11), %ymm10
-        vmovdqu	96(%r11), %ymm11
+        vmovdqu	64(%r12), %ymm10
+        vmovdqu	96(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2349,8 +2353,8 @@ L_kyber_keygen_avx2_acc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	128(%r11), %ymm10
-        vmovdqu	160(%r11), %ymm11
+        vmovdqu	128(%r12), %ymm10
+        vmovdqu	160(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2393,8 +2397,8 @@ L_kyber_keygen_avx2_acc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	192(%r11), %ymm10
-        vmovdqu	224(%r11), %ymm11
+        vmovdqu	192(%r12), %ymm10
+        vmovdqu	224(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2437,8 +2441,8 @@ L_kyber_keygen_avx2_acc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	256(%r11), %ymm10
-        vmovdqu	288(%r11), %ymm11
+        vmovdqu	256(%r12), %ymm10
+        vmovdqu	288(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2481,8 +2485,8 @@ L_kyber_keygen_avx2_acc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	320(%r11), %ymm10
-        vmovdqu	352(%r11), %ymm11
+        vmovdqu	320(%r12), %ymm10
+        vmovdqu	352(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2525,8 +2529,8 @@ L_kyber_keygen_avx2_acc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	384(%r11), %ymm10
-        vmovdqu	416(%r11), %ymm11
+        vmovdqu	384(%r12), %ymm10
+        vmovdqu	416(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2569,8 +2573,8 @@ L_kyber_keygen_avx2_acc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	448(%r11), %ymm10
-        vmovdqu	480(%r11), %ymm11
+        vmovdqu	448(%r12), %ymm10
+        vmovdqu	480(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2607,7 +2611,7 @@ L_kyber_keygen_avx2_acc:
         jz	L_pointwise_acc_mont_end_keygen
 L_pointwise_acc_mont_start_keygen:
         # Base mul mont add
-        leaq	L_kyber_avx2_zetas_basemul(%rip), %r11
+        leaq	L_mlkem_avx2_zetas_basemul(%rip), %r12
         vmovdqu	(%rcx), %ymm2
         vmovdqu	32(%rcx), %ymm3
         vpslld	$16, %ymm3, %ymm6
@@ -2620,8 +2624,8 @@ L_pointwise_acc_mont_start_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	(%r11), %ymm10
-        vmovdqu	32(%r11), %ymm11
+        vmovdqu	(%r12), %ymm10
+        vmovdqu	32(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2668,8 +2672,8 @@ L_pointwise_acc_mont_start_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	64(%r11), %ymm10
-        vmovdqu	96(%r11), %ymm11
+        vmovdqu	64(%r12), %ymm10
+        vmovdqu	96(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2716,8 +2720,8 @@ L_pointwise_acc_mont_start_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	128(%r11), %ymm10
-        vmovdqu	160(%r11), %ymm11
+        vmovdqu	128(%r12), %ymm10
+        vmovdqu	160(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2764,8 +2768,8 @@ L_pointwise_acc_mont_start_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	192(%r11), %ymm10
-        vmovdqu	224(%r11), %ymm11
+        vmovdqu	192(%r12), %ymm10
+        vmovdqu	224(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2812,8 +2816,8 @@ L_pointwise_acc_mont_start_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	256(%r11), %ymm10
-        vmovdqu	288(%r11), %ymm11
+        vmovdqu	256(%r12), %ymm10
+        vmovdqu	288(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2860,8 +2864,8 @@ L_pointwise_acc_mont_start_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	320(%r11), %ymm10
-        vmovdqu	352(%r11), %ymm11
+        vmovdqu	320(%r12), %ymm10
+        vmovdqu	352(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2908,8 +2912,8 @@ L_pointwise_acc_mont_start_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	384(%r11), %ymm10
-        vmovdqu	416(%r11), %ymm11
+        vmovdqu	384(%r12), %ymm10
+        vmovdqu	416(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2956,8 +2960,8 @@ L_pointwise_acc_mont_start_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	448(%r11), %ymm10
-        vmovdqu	480(%r11), %ymm11
+        vmovdqu	448(%r12), %ymm10
+        vmovdqu	480(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -2998,7 +3002,7 @@ L_pointwise_acc_mont_start_keygen:
         jg	L_pointwise_acc_mont_start_keygen
 L_pointwise_acc_mont_end_keygen:
         # Base mul mont add
-        leaq	L_kyber_avx2_zetas_basemul(%rip), %r11
+        leaq	L_mlkem_avx2_zetas_basemul(%rip), %r12
         vmovdqu	(%rcx), %ymm2
         vmovdqu	32(%rcx), %ymm3
         vpslld	$16, %ymm3, %ymm6
@@ -3011,8 +3015,8 @@ L_pointwise_acc_mont_end_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	(%r11), %ymm10
-        vmovdqu	32(%r11), %ymm11
+        vmovdqu	(%r12), %ymm10
+        vmovdqu	32(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -3063,8 +3067,8 @@ L_pointwise_acc_mont_end_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	64(%r11), %ymm10
-        vmovdqu	96(%r11), %ymm11
+        vmovdqu	64(%r12), %ymm10
+        vmovdqu	96(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -3115,8 +3119,8 @@ L_pointwise_acc_mont_end_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	128(%r11), %ymm10
-        vmovdqu	160(%r11), %ymm11
+        vmovdqu	128(%r12), %ymm10
+        vmovdqu	160(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -3167,8 +3171,8 @@ L_pointwise_acc_mont_end_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	192(%r11), %ymm10
-        vmovdqu	224(%r11), %ymm11
+        vmovdqu	192(%r12), %ymm10
+        vmovdqu	224(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -3219,8 +3223,8 @@ L_pointwise_acc_mont_end_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	256(%r11), %ymm10
-        vmovdqu	288(%r11), %ymm11
+        vmovdqu	256(%r12), %ymm10
+        vmovdqu	288(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -3271,8 +3275,8 @@ L_pointwise_acc_mont_end_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	320(%r11), %ymm10
-        vmovdqu	352(%r11), %ymm11
+        vmovdqu	320(%r12), %ymm10
+        vmovdqu	352(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -3323,8 +3327,8 @@ L_pointwise_acc_mont_end_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	384(%r11), %ymm10
-        vmovdqu	416(%r11), %ymm11
+        vmovdqu	384(%r12), %ymm10
+        vmovdqu	416(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -3375,8 +3379,8 @@ L_pointwise_acc_mont_end_keygen:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	448(%r11), %ymm10
-        vmovdqu	480(%r11), %ymm11
+        vmovdqu	448(%r12), %ymm10
+        vmovdqu	480(%r12), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -3416,19 +3420,16 @@ L_pointwise_acc_mont_end_keygen:
         vmovdqu	%ymm0, 448(%r10)
         vmovdqu	%ymm1, 480(%r10)
         addq	$0x200, %rcx
-        addq	$0x200, %rdi
-        movq	%r8, %r9
-        shl	$9, %r9d
-        subq	%r9, %rdi
+        movq	%r11, %rdi
         addq	$0x200, %r10
         subq	$0x01, %rax
-        jg	L_kyber_keygen_avx2_acc
-        movq	%r8, %rax
-        vmovdqu	kyber_f(%rip), %ymm12
-        vmovdqu	kyber_f_qinv(%rip), %ymm13
-        movq	%r8, %rax
+        jg	L_mlkem_keygen_avx2_acc
+        movslq	%r8d, %rax
+        vmovdqu	mlkem_f(%rip), %ymm12
+        vmovdqu	mlkem_f_qinv(%rip), %ymm13
+        movslq	%r8d, %rax
         movq	%rsi, %r10
-L_kyber_keygen_avx2_to_mont:
+L_mlkem_keygen_avx2_to_mont:
         # To Mont
         vmovdqu	(%r10), %ymm0
         vmovdqu	32(%r10), %ymm1
@@ -3528,13 +3529,13 @@ L_kyber_keygen_avx2_to_mont:
         vmovdqu	%ymm3, 480(%r10)
         addq	$0x200, %r10
         subq	$0x01, %rax
-        jg	L_kyber_keygen_avx2_to_mont
-        movq	%r8, %rax
-L_kyber_keygen_avx2_to_mont_ntt_err:
+        jg	L_mlkem_keygen_avx2_to_mont
+        movslq	%r8d, %rax
+L_mlkem_keygen_avx2_to_mont_ntt_err:
         # ntt
-        leaq	L_kyber_avx2_zetas(%rip), %r11
-        vmovdqu	(%r11), %ymm10
-        vmovdqu	32(%r11), %ymm12
+        leaq	L_mlkem_avx2_zetas(%rip), %r12
+        vmovdqu	(%r12), %ymm10
+        vmovdqu	32(%r12), %ymm12
         vmovdqu	128(%rdx), %ymm0
         vmovdqu	160(%rdx), %ymm1
         vmovdqu	192(%rdx), %ymm2
@@ -3616,8 +3617,8 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vmovdqu	192(%rdx), %ymm6
         vmovdqu	224(%rdx), %ymm7
         # 64: 0/3
-        vmovdqu	64(%r11), %ymm10
-        vmovdqu	96(%r11), %ymm12
+        vmovdqu	64(%r12), %ymm10
+        vmovdqu	96(%r12), %ymm12
         vpmullw	%ymm12, %ymm4, %ymm8
         vpmullw	%ymm12, %ymm5, %ymm9
         vpmulhw	%ymm10, %ymm4, %ymm4
@@ -3643,8 +3644,8 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm8, %ymm2, %ymm2
         vpaddw	%ymm9, %ymm3, %ymm3
         # 32: 0/3
-        vmovdqu	128(%r11), %ymm10
-        vmovdqu	160(%r11), %ymm12
+        vmovdqu	128(%r12), %ymm10
+        vmovdqu	160(%r12), %ymm12
         vpmullw	%ymm12, %ymm2, %ymm8
         vpmullw	%ymm12, %ymm3, %ymm9
         vpmulhw	%ymm10, %ymm2, %ymm2
@@ -3658,8 +3659,8 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm1, %ymm1
         # 32: 0/3
-        vmovdqu	192(%r11), %ymm10
-        vmovdqu	224(%r11), %ymm12
+        vmovdqu	192(%r12), %ymm10
+        vmovdqu	224(%r12), %ymm12
         vpmullw	%ymm12, %ymm6, %ymm8
         vpmullw	%ymm12, %ymm7, %ymm9
         vpmulhw	%ymm10, %ymm6, %ymm6
@@ -3673,10 +3674,10 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm8, %ymm4, %ymm4
         vpaddw	%ymm9, %ymm5, %ymm5
         # 16: 0/3
-        vmovdqu	256(%r11), %ymm10
-        vmovdqu	288(%r11), %ymm12
-        vmovdqu	320(%r11), %ymm11
-        vmovdqu	352(%r11), %ymm13
+        vmovdqu	256(%r12), %ymm10
+        vmovdqu	288(%r12), %ymm12
+        vmovdqu	320(%r12), %ymm11
+        vmovdqu	352(%r12), %ymm13
         vpmullw	%ymm12, %ymm1, %ymm8
         vpmullw	%ymm13, %ymm3, %ymm9
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -3690,10 +3691,10 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm2, %ymm2
         # 16: 0/3
-        vmovdqu	384(%r11), %ymm10
-        vmovdqu	416(%r11), %ymm12
-        vmovdqu	448(%r11), %ymm11
-        vmovdqu	480(%r11), %ymm13
+        vmovdqu	384(%r12), %ymm10
+        vmovdqu	416(%r12), %ymm12
+        vmovdqu	448(%r12), %ymm11
+        vmovdqu	480(%r12), %ymm13
         vpmullw	%ymm12, %ymm5, %ymm8
         vpmullw	%ymm13, %ymm7, %ymm9
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -3708,13 +3709,13 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm9, %ymm6, %ymm6
         # 8: 0/3
         vperm2i128	$32, %ymm1, %ymm0, %ymm8
-        vmovdqu	512(%r11), %ymm10
+        vmovdqu	512(%r12), %ymm10
         vperm2i128	$49, %ymm1, %ymm0, %ymm1
-        vmovdqu	544(%r11), %ymm12
+        vmovdqu	544(%r12), %ymm12
         vperm2i128	$32, %ymm3, %ymm2, %ymm9
-        vmovdqu	576(%r11), %ymm11
+        vmovdqu	576(%r12), %ymm11
         vperm2i128	$49, %ymm3, %ymm2, %ymm3
-        vmovdqu	608(%r11), %ymm13
+        vmovdqu	608(%r12), %ymm13
         vpmullw	%ymm12, %ymm1, %ymm0
         vpmullw	%ymm13, %ymm3, %ymm2
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -3728,10 +3729,10 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm0, %ymm8, %ymm8
         vpaddw	%ymm2, %ymm9, %ymm9
         # 4: 0/3
-        vmovdqu	640(%r11), %ymm10
-        vmovdqu	672(%r11), %ymm12
-        vmovdqu	704(%r11), %ymm11
-        vmovdqu	736(%r11), %ymm13
+        vmovdqu	640(%r12), %ymm10
+        vmovdqu	672(%r12), %ymm12
+        vmovdqu	704(%r12), %ymm11
+        vmovdqu	736(%r12), %ymm13
         vpunpcklqdq	%ymm1, %ymm8, %ymm0
         vpunpckhqdq	%ymm1, %ymm8, %ymm1
         vpunpcklqdq	%ymm3, %ymm9, %ymm2
@@ -3750,13 +3751,13 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm9, %ymm2, %ymm2
         # 8: 0/3
         vperm2i128	$32, %ymm5, %ymm4, %ymm8
-        vmovdqu	768(%r11), %ymm10
+        vmovdqu	768(%r12), %ymm10
         vperm2i128	$49, %ymm5, %ymm4, %ymm5
-        vmovdqu	800(%r11), %ymm12
+        vmovdqu	800(%r12), %ymm12
         vperm2i128	$32, %ymm7, %ymm6, %ymm9
-        vmovdqu	832(%r11), %ymm11
+        vmovdqu	832(%r12), %ymm11
         vperm2i128	$49, %ymm7, %ymm6, %ymm7
-        vmovdqu	864(%r11), %ymm13
+        vmovdqu	864(%r12), %ymm13
         vpmullw	%ymm12, %ymm5, %ymm4
         vpmullw	%ymm13, %ymm7, %ymm6
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -3770,10 +3771,10 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm4, %ymm8, %ymm8
         vpaddw	%ymm6, %ymm9, %ymm9
         # 4: 0/3
-        vmovdqu	896(%r11), %ymm10
-        vmovdqu	928(%r11), %ymm12
-        vmovdqu	960(%r11), %ymm11
-        vmovdqu	992(%r11), %ymm13
+        vmovdqu	896(%r12), %ymm10
+        vmovdqu	928(%r12), %ymm12
+        vmovdqu	960(%r12), %ymm11
+        vmovdqu	992(%r12), %ymm13
         vpunpcklqdq	%ymm5, %ymm8, %ymm4
         vpunpckhqdq	%ymm5, %ymm8, %ymm5
         vpunpcklqdq	%ymm7, %ymm9, %ymm6
@@ -3791,10 +3792,10 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm8, %ymm4, %ymm4
         vpaddw	%ymm9, %ymm6, %ymm6
         # 2: 0/3
-        vmovdqu	1024(%r11), %ymm10
-        vmovdqu	1056(%r11), %ymm12
-        vmovdqu	1088(%r11), %ymm11
-        vmovdqu	1120(%r11), %ymm13
+        vmovdqu	1024(%r12), %ymm10
+        vmovdqu	1056(%r12), %ymm12
+        vmovdqu	1088(%r12), %ymm11
+        vmovdqu	1120(%r12), %ymm13
         vpsllq	$32, %ymm1, %ymm8
         vpsrlq	$32, %ymm0, %ymm9
         vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
@@ -3816,10 +3817,10 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm2, %ymm2
         # 2: 0/3
-        vmovdqu	1152(%r11), %ymm10
-        vmovdqu	1184(%r11), %ymm12
-        vmovdqu	1216(%r11), %ymm11
-        vmovdqu	1248(%r11), %ymm13
+        vmovdqu	1152(%r12), %ymm10
+        vmovdqu	1184(%r12), %ymm12
+        vmovdqu	1216(%r12), %ymm11
+        vmovdqu	1248(%r12), %ymm13
         vpsllq	$32, %ymm5, %ymm8
         vpsrlq	$32, %ymm4, %ymm9
         vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
@@ -3856,14 +3857,62 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpunpckhdq	%ymm7, %ymm6, %ymm9
         vperm2i128	$32, %ymm9, %ymm8, %ymm6
         vperm2i128	$49, %ymm9, %ymm8, %ymm7
-        vmovdqu	%ymm0, (%rdx)
-        vmovdqu	%ymm1, 32(%rdx)
-        vmovdqu	%ymm2, 64(%rdx)
-        vmovdqu	%ymm3, 96(%rdx)
-        vmovdqu	%ymm4, 128(%rdx)
-        vmovdqu	%ymm5, 160(%rdx)
-        vmovdqu	%ymm6, 192(%rdx)
-        vmovdqu	%ymm7, 224(%rdx)
+        vmovdqu	(%rsi), %ymm8
+        vmovdqu	32(%rsi), %ymm9
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmulhw	%ymm15, %ymm0, %ymm8
+        vpmulhw	%ymm15, %ymm1, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm8
+        vpsubw	%ymm9, %ymm1, %ymm9
+        vmovdqu	%ymm8, (%rsi)
+        vmovdqu	%ymm9, 32(%rsi)
+        vmovdqu	64(%rsi), %ymm8
+        vmovdqu	96(%rsi), %ymm9
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vpmulhw	%ymm15, %ymm2, %ymm8
+        vpmulhw	%ymm15, %ymm3, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vmovdqu	%ymm8, 64(%rsi)
+        vmovdqu	%ymm9, 96(%rsi)
+        vmovdqu	128(%rsi), %ymm8
+        vmovdqu	160(%rsi), %ymm9
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm8
+        vpmulhw	%ymm15, %ymm5, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vmovdqu	%ymm8, 128(%rsi)
+        vmovdqu	%ymm9, 160(%rsi)
+        vmovdqu	192(%rsi), %ymm8
+        vmovdqu	224(%rsi), %ymm9
+        vpaddw	%ymm8, %ymm6, %ymm6
+        vpaddw	%ymm9, %ymm7, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm8
+        vpmulhw	%ymm15, %ymm7, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vmovdqu	%ymm8, 192(%rsi)
+        vmovdqu	%ymm9, 224(%rsi)
         vmovdqu	256(%rdx), %ymm0
         vmovdqu	288(%rdx), %ymm1
         vmovdqu	320(%rdx), %ymm2
@@ -3873,8 +3922,8 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vmovdqu	448(%rdx), %ymm6
         vmovdqu	480(%rdx), %ymm7
         # 64: 1/3
-        vmovdqu	1280(%r11), %ymm10
-        vmovdqu	1312(%r11), %ymm12
+        vmovdqu	1280(%r12), %ymm10
+        vmovdqu	1312(%r12), %ymm12
         vpmullw	%ymm12, %ymm4, %ymm8
         vpmullw	%ymm12, %ymm5, %ymm9
         vpmulhw	%ymm10, %ymm4, %ymm4
@@ -3900,8 +3949,8 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm8, %ymm2, %ymm2
         vpaddw	%ymm9, %ymm3, %ymm3
         # 32: 1/3
-        vmovdqu	1344(%r11), %ymm10
-        vmovdqu	1376(%r11), %ymm12
+        vmovdqu	1344(%r12), %ymm10
+        vmovdqu	1376(%r12), %ymm12
         vpmullw	%ymm12, %ymm2, %ymm8
         vpmullw	%ymm12, %ymm3, %ymm9
         vpmulhw	%ymm10, %ymm2, %ymm2
@@ -3915,8 +3964,8 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm1, %ymm1
         # 32: 1/3
-        vmovdqu	1408(%r11), %ymm10
-        vmovdqu	1440(%r11), %ymm12
+        vmovdqu	1408(%r12), %ymm10
+        vmovdqu	1440(%r12), %ymm12
         vpmullw	%ymm12, %ymm6, %ymm8
         vpmullw	%ymm12, %ymm7, %ymm9
         vpmulhw	%ymm10, %ymm6, %ymm6
@@ -3930,10 +3979,10 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm8, %ymm4, %ymm4
         vpaddw	%ymm9, %ymm5, %ymm5
         # 16: 1/3
-        vmovdqu	1472(%r11), %ymm10
-        vmovdqu	1504(%r11), %ymm12
-        vmovdqu	1536(%r11), %ymm11
-        vmovdqu	1568(%r11), %ymm13
+        vmovdqu	1472(%r12), %ymm10
+        vmovdqu	1504(%r12), %ymm12
+        vmovdqu	1536(%r12), %ymm11
+        vmovdqu	1568(%r12), %ymm13
         vpmullw	%ymm12, %ymm1, %ymm8
         vpmullw	%ymm13, %ymm3, %ymm9
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -3947,10 +3996,10 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm2, %ymm2
         # 16: 1/3
-        vmovdqu	1600(%r11), %ymm10
-        vmovdqu	1632(%r11), %ymm12
-        vmovdqu	1664(%r11), %ymm11
-        vmovdqu	1696(%r11), %ymm13
+        vmovdqu	1600(%r12), %ymm10
+        vmovdqu	1632(%r12), %ymm12
+        vmovdqu	1664(%r12), %ymm11
+        vmovdqu	1696(%r12), %ymm13
         vpmullw	%ymm12, %ymm5, %ymm8
         vpmullw	%ymm13, %ymm7, %ymm9
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -3965,13 +4014,13 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm9, %ymm6, %ymm6
         # 8: 1/3
         vperm2i128	$32, %ymm1, %ymm0, %ymm8
-        vmovdqu	1728(%r11), %ymm10
+        vmovdqu	1728(%r12), %ymm10
         vperm2i128	$49, %ymm1, %ymm0, %ymm1
-        vmovdqu	1760(%r11), %ymm12
+        vmovdqu	1760(%r12), %ymm12
         vperm2i128	$32, %ymm3, %ymm2, %ymm9
-        vmovdqu	1792(%r11), %ymm11
+        vmovdqu	1792(%r12), %ymm11
         vperm2i128	$49, %ymm3, %ymm2, %ymm3
-        vmovdqu	1824(%r11), %ymm13
+        vmovdqu	1824(%r12), %ymm13
         vpmullw	%ymm12, %ymm1, %ymm0
         vpmullw	%ymm13, %ymm3, %ymm2
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -3985,10 +4034,10 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm0, %ymm8, %ymm8
         vpaddw	%ymm2, %ymm9, %ymm9
         # 4: 1/3
-        vmovdqu	1856(%r11), %ymm10
-        vmovdqu	1888(%r11), %ymm12
-        vmovdqu	1920(%r11), %ymm11
-        vmovdqu	1952(%r11), %ymm13
+        vmovdqu	1856(%r12), %ymm10
+        vmovdqu	1888(%r12), %ymm12
+        vmovdqu	1920(%r12), %ymm11
+        vmovdqu	1952(%r12), %ymm13
         vpunpcklqdq	%ymm1, %ymm8, %ymm0
         vpunpckhqdq	%ymm1, %ymm8, %ymm1
         vpunpcklqdq	%ymm3, %ymm9, %ymm2
@@ -4007,13 +4056,13 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm9, %ymm2, %ymm2
         # 8: 1/3
         vperm2i128	$32, %ymm5, %ymm4, %ymm8
-        vmovdqu	1984(%r11), %ymm10
+        vmovdqu	1984(%r12), %ymm10
         vperm2i128	$49, %ymm5, %ymm4, %ymm5
-        vmovdqu	2016(%r11), %ymm12
+        vmovdqu	2016(%r12), %ymm12
         vperm2i128	$32, %ymm7, %ymm6, %ymm9
-        vmovdqu	2048(%r11), %ymm11
+        vmovdqu	2048(%r12), %ymm11
         vperm2i128	$49, %ymm7, %ymm6, %ymm7
-        vmovdqu	2080(%r11), %ymm13
+        vmovdqu	2080(%r12), %ymm13
         vpmullw	%ymm12, %ymm5, %ymm4
         vpmullw	%ymm13, %ymm7, %ymm6
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -4027,10 +4076,10 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm4, %ymm8, %ymm8
         vpaddw	%ymm6, %ymm9, %ymm9
         # 4: 1/3
-        vmovdqu	2112(%r11), %ymm10
-        vmovdqu	2144(%r11), %ymm12
-        vmovdqu	2176(%r11), %ymm11
-        vmovdqu	2208(%r11), %ymm13
+        vmovdqu	2112(%r12), %ymm10
+        vmovdqu	2144(%r12), %ymm12
+        vmovdqu	2176(%r12), %ymm11
+        vmovdqu	2208(%r12), %ymm13
         vpunpcklqdq	%ymm5, %ymm8, %ymm4
         vpunpckhqdq	%ymm5, %ymm8, %ymm5
         vpunpcklqdq	%ymm7, %ymm9, %ymm6
@@ -4048,10 +4097,10 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm8, %ymm4, %ymm4
         vpaddw	%ymm9, %ymm6, %ymm6
         # 2: 1/3
-        vmovdqu	2240(%r11), %ymm10
-        vmovdqu	2272(%r11), %ymm12
-        vmovdqu	2304(%r11), %ymm11
-        vmovdqu	2336(%r11), %ymm13
+        vmovdqu	2240(%r12), %ymm10
+        vmovdqu	2272(%r12), %ymm12
+        vmovdqu	2304(%r12), %ymm11
+        vmovdqu	2336(%r12), %ymm13
         vpsllq	$32, %ymm1, %ymm8
         vpsrlq	$32, %ymm0, %ymm9
         vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
@@ -4073,10 +4122,10 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm2, %ymm2
         # 2: 1/3
-        vmovdqu	2368(%r11), %ymm10
-        vmovdqu	2400(%r11), %ymm12
-        vmovdqu	2432(%r11), %ymm11
-        vmovdqu	2464(%r11), %ymm13
+        vmovdqu	2368(%r12), %ymm10
+        vmovdqu	2400(%r12), %ymm12
+        vmovdqu	2432(%r12), %ymm11
+        vmovdqu	2464(%r12), %ymm13
         vpsllq	$32, %ymm5, %ymm8
         vpsrlq	$32, %ymm4, %ymm9
         vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
@@ -4113,181 +4162,103 @@ L_kyber_keygen_avx2_to_mont_ntt_err:
         vpunpckhdq	%ymm7, %ymm6, %ymm9
         vperm2i128	$32, %ymm9, %ymm8, %ymm6
         vperm2i128	$49, %ymm9, %ymm8, %ymm7
-        vmovdqu	%ymm0, 256(%rdx)
-        vmovdqu	%ymm1, 288(%rdx)
-        vmovdqu	%ymm2, 320(%rdx)
-        vmovdqu	%ymm3, 352(%rdx)
-        vmovdqu	%ymm4, 384(%rdx)
-        vmovdqu	%ymm5, 416(%rdx)
-        vmovdqu	%ymm6, 448(%rdx)
-        vmovdqu	%ymm7, 480(%rdx)
-        # Add Errors
-        vmovdqu	(%rsi), %ymm0
-        vmovdqu	32(%rsi), %ymm1
-        vmovdqu	64(%rsi), %ymm2
-        vmovdqu	96(%rsi), %ymm3
-        vmovdqu	(%rdx), %ymm4
-        vmovdqu	32(%rdx), %ymm5
-        vmovdqu	64(%rdx), %ymm6
-        vmovdqu	96(%rdx), %ymm7
-        vpaddw	%ymm4, %ymm0, %ymm4
-        vpaddw	%ymm5, %ymm1, %ymm5
-        vpmulhw	%ymm15, %ymm4, %ymm0
-        vpmulhw	%ymm15, %ymm5, %ymm1
-        vpsraw	$10, %ymm0, %ymm0
-        vpsraw	$10, %ymm1, %ymm1
-        vpmullw	%ymm14, %ymm0, %ymm0
-        vpmullw	%ymm14, %ymm1, %ymm1
-        vpsubw	%ymm0, %ymm4, %ymm0
-        vpsubw	%ymm1, %ymm5, %ymm1
-        vpaddw	%ymm6, %ymm2, %ymm6
-        vpaddw	%ymm7, %ymm3, %ymm7
-        vpmulhw	%ymm15, %ymm6, %ymm2
-        vpmulhw	%ymm15, %ymm7, %ymm3
-        vpsraw	$10, %ymm2, %ymm2
-        vpsraw	$10, %ymm3, %ymm3
-        vpmullw	%ymm14, %ymm2, %ymm2
-        vpmullw	%ymm14, %ymm3, %ymm3
-        vpsubw	%ymm2, %ymm6, %ymm2
-        vpsubw	%ymm3, %ymm7, %ymm3
-        vmovdqu	%ymm0, (%rsi)
-        vmovdqu	%ymm1, 32(%rsi)
-        vmovdqu	%ymm2, 64(%rsi)
-        vmovdqu	%ymm3, 96(%rsi)
-        vmovdqu	128(%rsi), %ymm0
-        vmovdqu	160(%rsi), %ymm1
-        vmovdqu	192(%rsi), %ymm2
-        vmovdqu	224(%rsi), %ymm3
-        vmovdqu	128(%rdx), %ymm4
-        vmovdqu	160(%rdx), %ymm5
-        vmovdqu	192(%rdx), %ymm6
-        vmovdqu	224(%rdx), %ymm7
-        vpaddw	%ymm4, %ymm0, %ymm4
-        vpaddw	%ymm5, %ymm1, %ymm5
-        vpmulhw	%ymm15, %ymm4, %ymm0
-        vpmulhw	%ymm15, %ymm5, %ymm1
-        vpsraw	$10, %ymm0, %ymm0
-        vpsraw	$10, %ymm1, %ymm1
-        vpmullw	%ymm14, %ymm0, %ymm0
-        vpmullw	%ymm14, %ymm1, %ymm1
-        vpsubw	%ymm0, %ymm4, %ymm0
-        vpsubw	%ymm1, %ymm5, %ymm1
-        vpaddw	%ymm6, %ymm2, %ymm6
-        vpaddw	%ymm7, %ymm3, %ymm7
-        vpmulhw	%ymm15, %ymm6, %ymm2
-        vpmulhw	%ymm15, %ymm7, %ymm3
-        vpsraw	$10, %ymm2, %ymm2
-        vpsraw	$10, %ymm3, %ymm3
-        vpmullw	%ymm14, %ymm2, %ymm2
-        vpmullw	%ymm14, %ymm3, %ymm3
-        vpsubw	%ymm2, %ymm6, %ymm2
-        vpsubw	%ymm3, %ymm7, %ymm3
-        vmovdqu	%ymm0, 128(%rsi)
-        vmovdqu	%ymm1, 160(%rsi)
-        vmovdqu	%ymm2, 192(%rsi)
-        vmovdqu	%ymm3, 224(%rsi)
-        vmovdqu	256(%rsi), %ymm0
-        vmovdqu	288(%rsi), %ymm1
-        vmovdqu	320(%rsi), %ymm2
-        vmovdqu	352(%rsi), %ymm3
-        vmovdqu	256(%rdx), %ymm4
-        vmovdqu	288(%rdx), %ymm5
-        vmovdqu	320(%rdx), %ymm6
-        vmovdqu	352(%rdx), %ymm7
-        vpaddw	%ymm4, %ymm0, %ymm4
-        vpaddw	%ymm5, %ymm1, %ymm5
-        vpmulhw	%ymm15, %ymm4, %ymm0
-        vpmulhw	%ymm15, %ymm5, %ymm1
-        vpsraw	$10, %ymm0, %ymm0
-        vpsraw	$10, %ymm1, %ymm1
-        vpmullw	%ymm14, %ymm0, %ymm0
-        vpmullw	%ymm14, %ymm1, %ymm1
-        vpsubw	%ymm0, %ymm4, %ymm0
-        vpsubw	%ymm1, %ymm5, %ymm1
-        vpaddw	%ymm6, %ymm2, %ymm6
-        vpaddw	%ymm7, %ymm3, %ymm7
-        vpmulhw	%ymm15, %ymm6, %ymm2
-        vpmulhw	%ymm15, %ymm7, %ymm3
-        vpsraw	$10, %ymm2, %ymm2
-        vpsraw	$10, %ymm3, %ymm3
-        vpmullw	%ymm14, %ymm2, %ymm2
-        vpmullw	%ymm14, %ymm3, %ymm3
-        vpsubw	%ymm2, %ymm6, %ymm2
-        vpsubw	%ymm3, %ymm7, %ymm3
-        vmovdqu	%ymm0, 256(%rsi)
-        vmovdqu	%ymm1, 288(%rsi)
-        vmovdqu	%ymm2, 320(%rsi)
-        vmovdqu	%ymm3, 352(%rsi)
-        vmovdqu	384(%rsi), %ymm0
-        vmovdqu	416(%rsi), %ymm1
-        vmovdqu	448(%rsi), %ymm2
-        vmovdqu	480(%rsi), %ymm3
-        vmovdqu	384(%rdx), %ymm4
-        vmovdqu	416(%rdx), %ymm5
-        vmovdqu	448(%rdx), %ymm6
-        vmovdqu	480(%rdx), %ymm7
-        vpaddw	%ymm4, %ymm0, %ymm4
-        vpaddw	%ymm5, %ymm1, %ymm5
-        vpmulhw	%ymm15, %ymm4, %ymm0
-        vpmulhw	%ymm15, %ymm5, %ymm1
-        vpsraw	$10, %ymm0, %ymm0
-        vpsraw	$10, %ymm1, %ymm1
-        vpmullw	%ymm14, %ymm0, %ymm0
-        vpmullw	%ymm14, %ymm1, %ymm1
-        vpsubw	%ymm0, %ymm4, %ymm0
-        vpsubw	%ymm1, %ymm5, %ymm1
-        vpaddw	%ymm6, %ymm2, %ymm6
-        vpaddw	%ymm7, %ymm3, %ymm7
-        vpmulhw	%ymm15, %ymm6, %ymm2
-        vpmulhw	%ymm15, %ymm7, %ymm3
-        vpsraw	$10, %ymm2, %ymm2
-        vpsraw	$10, %ymm3, %ymm3
-        vpmullw	%ymm14, %ymm2, %ymm2
-        vpmullw	%ymm14, %ymm3, %ymm3
-        vpsubw	%ymm2, %ymm6, %ymm2
-        vpsubw	%ymm3, %ymm7, %ymm3
-        vmovdqu	%ymm0, 384(%rsi)
-        vmovdqu	%ymm1, 416(%rsi)
-        vmovdqu	%ymm2, 448(%rsi)
-        vmovdqu	%ymm3, 480(%rsi)
+        vmovdqu	256(%rsi), %ymm8
+        vmovdqu	288(%rsi), %ymm9
+        vpaddw	%ymm8, %ymm0, %ymm0
+        vpaddw	%ymm9, %ymm1, %ymm1
+        vpmulhw	%ymm15, %ymm0, %ymm8
+        vpmulhw	%ymm15, %ymm1, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm0, %ymm8
+        vpsubw	%ymm9, %ymm1, %ymm9
+        vmovdqu	%ymm8, 256(%rsi)
+        vmovdqu	%ymm9, 288(%rsi)
+        vmovdqu	320(%rsi), %ymm8
+        vmovdqu	352(%rsi), %ymm9
+        vpaddw	%ymm8, %ymm2, %ymm2
+        vpaddw	%ymm9, %ymm3, %ymm3
+        vpmulhw	%ymm15, %ymm2, %ymm8
+        vpmulhw	%ymm15, %ymm3, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm2, %ymm8
+        vpsubw	%ymm9, %ymm3, %ymm9
+        vmovdqu	%ymm8, 320(%rsi)
+        vmovdqu	%ymm9, 352(%rsi)
+        vmovdqu	384(%rsi), %ymm8
+        vmovdqu	416(%rsi), %ymm9
+        vpaddw	%ymm8, %ymm4, %ymm4
+        vpaddw	%ymm9, %ymm5, %ymm5
+        vpmulhw	%ymm15, %ymm4, %ymm8
+        vpmulhw	%ymm15, %ymm5, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm4, %ymm8
+        vpsubw	%ymm9, %ymm5, %ymm9
+        vmovdqu	%ymm8, 384(%rsi)
+        vmovdqu	%ymm9, 416(%rsi)
+        vmovdqu	448(%rsi), %ymm8
+        vmovdqu	480(%rsi), %ymm9
+        vpaddw	%ymm8, %ymm6, %ymm6
+        vpaddw	%ymm9, %ymm7, %ymm7
+        vpmulhw	%ymm15, %ymm6, %ymm8
+        vpmulhw	%ymm15, %ymm7, %ymm9
+        vpsraw	$10, %ymm8, %ymm8
+        vpsraw	$10, %ymm9, %ymm9
+        vpmullw	%ymm14, %ymm8, %ymm8
+        vpmullw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm8
+        vpsubw	%ymm9, %ymm7, %ymm9
+        vmovdqu	%ymm8, 448(%rsi)
+        vmovdqu	%ymm9, 480(%rsi)
         addq	$0x200, %rdx
         addq	$0x200, %rsi
         subq	$0x01, %rax
-        jg	L_kyber_keygen_avx2_to_mont_ntt_err
+        jg	L_mlkem_keygen_avx2_to_mont_ntt_err
         vzeroupper
+        popq	%r12
         repz retq
 #ifndef __APPLE__
-.size	kyber_keygen_avx2,.-kyber_keygen_avx2
+.size	mlkem_keygen_avx2,.-mlkem_keygen_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .text
-.globl	kyber_encapsulate_avx2
-.type	kyber_encapsulate_avx2,@function
+.globl	mlkem_encapsulate_avx2
+.type	mlkem_encapsulate_avx2,@function
 .align	16
-kyber_encapsulate_avx2:
+mlkem_encapsulate_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_encapsulate_avx2
+.globl	_mlkem_encapsulate_avx2
 .p2align	4
-_kyber_encapsulate_avx2:
+_mlkem_encapsulate_avx2:
 #endif /* __APPLE__ */
         pushq	%r12
         pushq	%r13
         pushq	%r14
         pushq	%r15
-        movq	40(%rsp), %rax
-        movq	48(%rsp), %r10
-        movq	56(%rsp), %r11
+        pushq	%rbx
+        movq	48(%rsp), %rax
+        movq	56(%rsp), %r10
+        movq	64(%rsp), %r11
         subq	$48, %rsp
-        vmovdqu	kyber_q(%rip), %ymm14
-        vmovdqu	kyber_v(%rip), %ymm15
-        movq	%r11, %r13
+        vmovdqu	mlkem_q(%rip), %ymm14
+        vmovdqu	mlkem_v(%rip), %ymm15
+        movq	%r8, %r15
+        movslq	%r11d, %r13
         movq	%r8, %r14
-L_kyber_encapsulate_avx2_trans:
+L_mlkem_encapsulate_avx2_trans:
         # ntt
-        leaq	L_kyber_avx2_zetas(%rip), %r15
-        vmovdqu	(%r15), %ymm10
-        vmovdqu	32(%r15), %ymm12
+        leaq	L_mlkem_avx2_zetas(%rip), %rbx
+        vmovdqu	(%rbx), %ymm10
+        vmovdqu	32(%rbx), %ymm12
         vmovdqu	128(%r14), %ymm0
         vmovdqu	160(%r14), %ymm1
         vmovdqu	192(%r14), %ymm2
@@ -4369,8 +4340,8 @@ L_kyber_encapsulate_avx2_trans:
         vmovdqu	192(%r14), %ymm6
         vmovdqu	224(%r14), %ymm7
         # 64: 0/3
-        vmovdqu	64(%r15), %ymm10
-        vmovdqu	96(%r15), %ymm12
+        vmovdqu	64(%rbx), %ymm10
+        vmovdqu	96(%rbx), %ymm12
         vpmullw	%ymm12, %ymm4, %ymm8
         vpmullw	%ymm12, %ymm5, %ymm9
         vpmulhw	%ymm10, %ymm4, %ymm4
@@ -4396,8 +4367,8 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm8, %ymm2, %ymm2
         vpaddw	%ymm9, %ymm3, %ymm3
         # 32: 0/3
-        vmovdqu	128(%r15), %ymm10
-        vmovdqu	160(%r15), %ymm12
+        vmovdqu	128(%rbx), %ymm10
+        vmovdqu	160(%rbx), %ymm12
         vpmullw	%ymm12, %ymm2, %ymm8
         vpmullw	%ymm12, %ymm3, %ymm9
         vpmulhw	%ymm10, %ymm2, %ymm2
@@ -4411,8 +4382,8 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm1, %ymm1
         # 32: 0/3
-        vmovdqu	192(%r15), %ymm10
-        vmovdqu	224(%r15), %ymm12
+        vmovdqu	192(%rbx), %ymm10
+        vmovdqu	224(%rbx), %ymm12
         vpmullw	%ymm12, %ymm6, %ymm8
         vpmullw	%ymm12, %ymm7, %ymm9
         vpmulhw	%ymm10, %ymm6, %ymm6
@@ -4426,10 +4397,10 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm8, %ymm4, %ymm4
         vpaddw	%ymm9, %ymm5, %ymm5
         # 16: 0/3
-        vmovdqu	256(%r15), %ymm10
-        vmovdqu	288(%r15), %ymm12
-        vmovdqu	320(%r15), %ymm11
-        vmovdqu	352(%r15), %ymm13
+        vmovdqu	256(%rbx), %ymm10
+        vmovdqu	288(%rbx), %ymm12
+        vmovdqu	320(%rbx), %ymm11
+        vmovdqu	352(%rbx), %ymm13
         vpmullw	%ymm12, %ymm1, %ymm8
         vpmullw	%ymm13, %ymm3, %ymm9
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -4443,10 +4414,10 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm2, %ymm2
         # 16: 0/3
-        vmovdqu	384(%r15), %ymm10
-        vmovdqu	416(%r15), %ymm12
-        vmovdqu	448(%r15), %ymm11
-        vmovdqu	480(%r15), %ymm13
+        vmovdqu	384(%rbx), %ymm10
+        vmovdqu	416(%rbx), %ymm12
+        vmovdqu	448(%rbx), %ymm11
+        vmovdqu	480(%rbx), %ymm13
         vpmullw	%ymm12, %ymm5, %ymm8
         vpmullw	%ymm13, %ymm7, %ymm9
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -4461,13 +4432,13 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm9, %ymm6, %ymm6
         # 8: 0/3
         vperm2i128	$32, %ymm1, %ymm0, %ymm8
-        vmovdqu	512(%r15), %ymm10
+        vmovdqu	512(%rbx), %ymm10
         vperm2i128	$49, %ymm1, %ymm0, %ymm1
-        vmovdqu	544(%r15), %ymm12
+        vmovdqu	544(%rbx), %ymm12
         vperm2i128	$32, %ymm3, %ymm2, %ymm9
-        vmovdqu	576(%r15), %ymm11
+        vmovdqu	576(%rbx), %ymm11
         vperm2i128	$49, %ymm3, %ymm2, %ymm3
-        vmovdqu	608(%r15), %ymm13
+        vmovdqu	608(%rbx), %ymm13
         vpmullw	%ymm12, %ymm1, %ymm0
         vpmullw	%ymm13, %ymm3, %ymm2
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -4481,10 +4452,10 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm0, %ymm8, %ymm8
         vpaddw	%ymm2, %ymm9, %ymm9
         # 4: 0/3
-        vmovdqu	640(%r15), %ymm10
-        vmovdqu	672(%r15), %ymm12
-        vmovdqu	704(%r15), %ymm11
-        vmovdqu	736(%r15), %ymm13
+        vmovdqu	640(%rbx), %ymm10
+        vmovdqu	672(%rbx), %ymm12
+        vmovdqu	704(%rbx), %ymm11
+        vmovdqu	736(%rbx), %ymm13
         vpunpcklqdq	%ymm1, %ymm8, %ymm0
         vpunpckhqdq	%ymm1, %ymm8, %ymm1
         vpunpcklqdq	%ymm3, %ymm9, %ymm2
@@ -4503,13 +4474,13 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm9, %ymm2, %ymm2
         # 8: 0/3
         vperm2i128	$32, %ymm5, %ymm4, %ymm8
-        vmovdqu	768(%r15), %ymm10
+        vmovdqu	768(%rbx), %ymm10
         vperm2i128	$49, %ymm5, %ymm4, %ymm5
-        vmovdqu	800(%r15), %ymm12
+        vmovdqu	800(%rbx), %ymm12
         vperm2i128	$32, %ymm7, %ymm6, %ymm9
-        vmovdqu	832(%r15), %ymm11
+        vmovdqu	832(%rbx), %ymm11
         vperm2i128	$49, %ymm7, %ymm6, %ymm7
-        vmovdqu	864(%r15), %ymm13
+        vmovdqu	864(%rbx), %ymm13
         vpmullw	%ymm12, %ymm5, %ymm4
         vpmullw	%ymm13, %ymm7, %ymm6
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -4523,10 +4494,10 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm4, %ymm8, %ymm8
         vpaddw	%ymm6, %ymm9, %ymm9
         # 4: 0/3
-        vmovdqu	896(%r15), %ymm10
-        vmovdqu	928(%r15), %ymm12
-        vmovdqu	960(%r15), %ymm11
-        vmovdqu	992(%r15), %ymm13
+        vmovdqu	896(%rbx), %ymm10
+        vmovdqu	928(%rbx), %ymm12
+        vmovdqu	960(%rbx), %ymm11
+        vmovdqu	992(%rbx), %ymm13
         vpunpcklqdq	%ymm5, %ymm8, %ymm4
         vpunpckhqdq	%ymm5, %ymm8, %ymm5
         vpunpcklqdq	%ymm7, %ymm9, %ymm6
@@ -4544,10 +4515,10 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm8, %ymm4, %ymm4
         vpaddw	%ymm9, %ymm6, %ymm6
         # 2: 0/3
-        vmovdqu	1024(%r15), %ymm10
-        vmovdqu	1056(%r15), %ymm12
-        vmovdqu	1088(%r15), %ymm11
-        vmovdqu	1120(%r15), %ymm13
+        vmovdqu	1024(%rbx), %ymm10
+        vmovdqu	1056(%rbx), %ymm12
+        vmovdqu	1088(%rbx), %ymm11
+        vmovdqu	1120(%rbx), %ymm13
         vpsllq	$32, %ymm1, %ymm8
         vpsrlq	$32, %ymm0, %ymm9
         vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
@@ -4569,10 +4540,10 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm2, %ymm2
         # 2: 0/3
-        vmovdqu	1152(%r15), %ymm10
-        vmovdqu	1184(%r15), %ymm12
-        vmovdqu	1216(%r15), %ymm11
-        vmovdqu	1248(%r15), %ymm13
+        vmovdqu	1152(%rbx), %ymm10
+        vmovdqu	1184(%rbx), %ymm12
+        vmovdqu	1216(%rbx), %ymm11
+        vmovdqu	1248(%rbx), %ymm13
         vpsllq	$32, %ymm5, %ymm8
         vpsrlq	$32, %ymm4, %ymm9
         vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
@@ -4626,8 +4597,8 @@ L_kyber_encapsulate_avx2_trans:
         vmovdqu	448(%r14), %ymm6
         vmovdqu	480(%r14), %ymm7
         # 64: 1/3
-        vmovdqu	1280(%r15), %ymm10
-        vmovdqu	1312(%r15), %ymm12
+        vmovdqu	1280(%rbx), %ymm10
+        vmovdqu	1312(%rbx), %ymm12
         vpmullw	%ymm12, %ymm4, %ymm8
         vpmullw	%ymm12, %ymm5, %ymm9
         vpmulhw	%ymm10, %ymm4, %ymm4
@@ -4653,8 +4624,8 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm8, %ymm2, %ymm2
         vpaddw	%ymm9, %ymm3, %ymm3
         # 32: 1/3
-        vmovdqu	1344(%r15), %ymm10
-        vmovdqu	1376(%r15), %ymm12
+        vmovdqu	1344(%rbx), %ymm10
+        vmovdqu	1376(%rbx), %ymm12
         vpmullw	%ymm12, %ymm2, %ymm8
         vpmullw	%ymm12, %ymm3, %ymm9
         vpmulhw	%ymm10, %ymm2, %ymm2
@@ -4668,8 +4639,8 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm1, %ymm1
         # 32: 1/3
-        vmovdqu	1408(%r15), %ymm10
-        vmovdqu	1440(%r15), %ymm12
+        vmovdqu	1408(%rbx), %ymm10
+        vmovdqu	1440(%rbx), %ymm12
         vpmullw	%ymm12, %ymm6, %ymm8
         vpmullw	%ymm12, %ymm7, %ymm9
         vpmulhw	%ymm10, %ymm6, %ymm6
@@ -4683,10 +4654,10 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm8, %ymm4, %ymm4
         vpaddw	%ymm9, %ymm5, %ymm5
         # 16: 1/3
-        vmovdqu	1472(%r15), %ymm10
-        vmovdqu	1504(%r15), %ymm12
-        vmovdqu	1536(%r15), %ymm11
-        vmovdqu	1568(%r15), %ymm13
+        vmovdqu	1472(%rbx), %ymm10
+        vmovdqu	1504(%rbx), %ymm12
+        vmovdqu	1536(%rbx), %ymm11
+        vmovdqu	1568(%rbx), %ymm13
         vpmullw	%ymm12, %ymm1, %ymm8
         vpmullw	%ymm13, %ymm3, %ymm9
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -4700,10 +4671,10 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm2, %ymm2
         # 16: 1/3
-        vmovdqu	1600(%r15), %ymm10
-        vmovdqu	1632(%r15), %ymm12
-        vmovdqu	1664(%r15), %ymm11
-        vmovdqu	1696(%r15), %ymm13
+        vmovdqu	1600(%rbx), %ymm10
+        vmovdqu	1632(%rbx), %ymm12
+        vmovdqu	1664(%rbx), %ymm11
+        vmovdqu	1696(%rbx), %ymm13
         vpmullw	%ymm12, %ymm5, %ymm8
         vpmullw	%ymm13, %ymm7, %ymm9
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -4718,13 +4689,13 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm9, %ymm6, %ymm6
         # 8: 1/3
         vperm2i128	$32, %ymm1, %ymm0, %ymm8
-        vmovdqu	1728(%r15), %ymm10
+        vmovdqu	1728(%rbx), %ymm10
         vperm2i128	$49, %ymm1, %ymm0, %ymm1
-        vmovdqu	1760(%r15), %ymm12
+        vmovdqu	1760(%rbx), %ymm12
         vperm2i128	$32, %ymm3, %ymm2, %ymm9
-        vmovdqu	1792(%r15), %ymm11
+        vmovdqu	1792(%rbx), %ymm11
         vperm2i128	$49, %ymm3, %ymm2, %ymm3
-        vmovdqu	1824(%r15), %ymm13
+        vmovdqu	1824(%rbx), %ymm13
         vpmullw	%ymm12, %ymm1, %ymm0
         vpmullw	%ymm13, %ymm3, %ymm2
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -4738,10 +4709,10 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm0, %ymm8, %ymm8
         vpaddw	%ymm2, %ymm9, %ymm9
         # 4: 1/3
-        vmovdqu	1856(%r15), %ymm10
-        vmovdqu	1888(%r15), %ymm12
-        vmovdqu	1920(%r15), %ymm11
-        vmovdqu	1952(%r15), %ymm13
+        vmovdqu	1856(%rbx), %ymm10
+        vmovdqu	1888(%rbx), %ymm12
+        vmovdqu	1920(%rbx), %ymm11
+        vmovdqu	1952(%rbx), %ymm13
         vpunpcklqdq	%ymm1, %ymm8, %ymm0
         vpunpckhqdq	%ymm1, %ymm8, %ymm1
         vpunpcklqdq	%ymm3, %ymm9, %ymm2
@@ -4760,13 +4731,13 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm9, %ymm2, %ymm2
         # 8: 1/3
         vperm2i128	$32, %ymm5, %ymm4, %ymm8
-        vmovdqu	1984(%r15), %ymm10
+        vmovdqu	1984(%rbx), %ymm10
         vperm2i128	$49, %ymm5, %ymm4, %ymm5
-        vmovdqu	2016(%r15), %ymm12
+        vmovdqu	2016(%rbx), %ymm12
         vperm2i128	$32, %ymm7, %ymm6, %ymm9
-        vmovdqu	2048(%r15), %ymm11
+        vmovdqu	2048(%rbx), %ymm11
         vperm2i128	$49, %ymm7, %ymm6, %ymm7
-        vmovdqu	2080(%r15), %ymm13
+        vmovdqu	2080(%rbx), %ymm13
         vpmullw	%ymm12, %ymm5, %ymm4
         vpmullw	%ymm13, %ymm7, %ymm6
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -4780,10 +4751,10 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm4, %ymm8, %ymm8
         vpaddw	%ymm6, %ymm9, %ymm9
         # 4: 1/3
-        vmovdqu	2112(%r15), %ymm10
-        vmovdqu	2144(%r15), %ymm12
-        vmovdqu	2176(%r15), %ymm11
-        vmovdqu	2208(%r15), %ymm13
+        vmovdqu	2112(%rbx), %ymm10
+        vmovdqu	2144(%rbx), %ymm12
+        vmovdqu	2176(%rbx), %ymm11
+        vmovdqu	2208(%rbx), %ymm13
         vpunpcklqdq	%ymm5, %ymm8, %ymm4
         vpunpckhqdq	%ymm5, %ymm8, %ymm5
         vpunpcklqdq	%ymm7, %ymm9, %ymm6
@@ -4801,10 +4772,10 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm8, %ymm4, %ymm4
         vpaddw	%ymm9, %ymm6, %ymm6
         # 2: 1/3
-        vmovdqu	2240(%r15), %ymm10
-        vmovdqu	2272(%r15), %ymm12
-        vmovdqu	2304(%r15), %ymm11
-        vmovdqu	2336(%r15), %ymm13
+        vmovdqu	2240(%rbx), %ymm10
+        vmovdqu	2272(%rbx), %ymm12
+        vmovdqu	2304(%rbx), %ymm11
+        vmovdqu	2336(%rbx), %ymm13
         vpsllq	$32, %ymm1, %ymm8
         vpsrlq	$32, %ymm0, %ymm9
         vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
@@ -4826,10 +4797,10 @@ L_kyber_encapsulate_avx2_trans:
         vpaddw	%ymm8, %ymm0, %ymm0
         vpaddw	%ymm9, %ymm2, %ymm2
         # 2: 1/3
-        vmovdqu	2368(%r15), %ymm10
-        vmovdqu	2400(%r15), %ymm12
-        vmovdqu	2432(%r15), %ymm11
-        vmovdqu	2464(%r15), %ymm13
+        vmovdqu	2368(%rbx), %ymm10
+        vmovdqu	2400(%rbx), %ymm12
+        vmovdqu	2432(%rbx), %ymm11
+        vmovdqu	2464(%rbx), %ymm13
         vpsllq	$32, %ymm5, %ymm8
         vpsrlq	$32, %ymm4, %ymm9
         vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
@@ -4876,14 +4847,14 @@ L_kyber_encapsulate_avx2_trans:
         vmovdqu	%ymm7, 480(%r14)
         addq	$0x200, %r14
         subq	$0x01, %r13
-        jg	L_kyber_encapsulate_avx2_trans
-        movq	%r11, %r12
-L_kyber_encapsulate_avx2_calc:
-        vmovdqu	kyber_qinv(%rip), %ymm12
+        jg	L_mlkem_encapsulate_avx2_trans
+        movslq	%r11d, %r12
+L_mlkem_encapsulate_avx2_calc:
+        vmovdqu	mlkem_qinv(%rip), %ymm12
         # Pointwise acc mont
-        movq	%r11, %r13
+        movslq	%r11d, %r13
         # Base mul mont
-        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        leaq	L_mlkem_avx2_zetas_basemul(%rip), %rbx
         vmovdqu	(%rcx), %ymm2
         vmovdqu	32(%rcx), %ymm3
         vpslld	$16, %ymm3, %ymm6
@@ -4896,8 +4867,8 @@ L_kyber_encapsulate_avx2_calc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	(%r15), %ymm10
-        vmovdqu	32(%r15), %ymm11
+        vmovdqu	(%rbx), %ymm10
+        vmovdqu	32(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -4940,8 +4911,8 @@ L_kyber_encapsulate_avx2_calc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	64(%r15), %ymm10
-        vmovdqu	96(%r15), %ymm11
+        vmovdqu	64(%rbx), %ymm10
+        vmovdqu	96(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -4984,8 +4955,8 @@ L_kyber_encapsulate_avx2_calc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	128(%r15), %ymm10
-        vmovdqu	160(%r15), %ymm11
+        vmovdqu	128(%rbx), %ymm10
+        vmovdqu	160(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5028,8 +4999,8 @@ L_kyber_encapsulate_avx2_calc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	192(%r15), %ymm10
-        vmovdqu	224(%r15), %ymm11
+        vmovdqu	192(%rbx), %ymm10
+        vmovdqu	224(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5072,8 +5043,8 @@ L_kyber_encapsulate_avx2_calc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	256(%r15), %ymm10
-        vmovdqu	288(%r15), %ymm11
+        vmovdqu	256(%rbx), %ymm10
+        vmovdqu	288(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5116,8 +5087,8 @@ L_kyber_encapsulate_avx2_calc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	320(%r15), %ymm10
-        vmovdqu	352(%r15), %ymm11
+        vmovdqu	320(%rbx), %ymm10
+        vmovdqu	352(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5160,8 +5131,8 @@ L_kyber_encapsulate_avx2_calc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	384(%r15), %ymm10
-        vmovdqu	416(%r15), %ymm11
+        vmovdqu	384(%rbx), %ymm10
+        vmovdqu	416(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5204,8 +5175,8 @@ L_kyber_encapsulate_avx2_calc:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	448(%r15), %ymm10
-        vmovdqu	480(%r15), %ymm11
+        vmovdqu	448(%rbx), %ymm10
+        vmovdqu	480(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5242,7 +5213,7 @@ L_kyber_encapsulate_avx2_calc:
         jz	L_pointwise_acc_mont_end_encap_bp
 L_pointwise_acc_mont_start_encap_bp:
         # Base mul mont add
-        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        leaq	L_mlkem_avx2_zetas_basemul(%rip), %rbx
         vmovdqu	(%rcx), %ymm2
         vmovdqu	32(%rcx), %ymm3
         vpslld	$16, %ymm3, %ymm6
@@ -5255,8 +5226,8 @@ L_pointwise_acc_mont_start_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	(%r15), %ymm10
-        vmovdqu	32(%r15), %ymm11
+        vmovdqu	(%rbx), %ymm10
+        vmovdqu	32(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5303,8 +5274,8 @@ L_pointwise_acc_mont_start_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	64(%r15), %ymm10
-        vmovdqu	96(%r15), %ymm11
+        vmovdqu	64(%rbx), %ymm10
+        vmovdqu	96(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5351,8 +5322,8 @@ L_pointwise_acc_mont_start_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	128(%r15), %ymm10
-        vmovdqu	160(%r15), %ymm11
+        vmovdqu	128(%rbx), %ymm10
+        vmovdqu	160(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5399,8 +5370,8 @@ L_pointwise_acc_mont_start_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	192(%r15), %ymm10
-        vmovdqu	224(%r15), %ymm11
+        vmovdqu	192(%rbx), %ymm10
+        vmovdqu	224(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5447,8 +5418,8 @@ L_pointwise_acc_mont_start_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	256(%r15), %ymm10
-        vmovdqu	288(%r15), %ymm11
+        vmovdqu	256(%rbx), %ymm10
+        vmovdqu	288(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5495,8 +5466,8 @@ L_pointwise_acc_mont_start_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	320(%r15), %ymm10
-        vmovdqu	352(%r15), %ymm11
+        vmovdqu	320(%rbx), %ymm10
+        vmovdqu	352(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5543,8 +5514,8 @@ L_pointwise_acc_mont_start_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	384(%r15), %ymm10
-        vmovdqu	416(%r15), %ymm11
+        vmovdqu	384(%rbx), %ymm10
+        vmovdqu	416(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5591,8 +5562,8 @@ L_pointwise_acc_mont_start_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	448(%r15), %ymm10
-        vmovdqu	480(%r15), %ymm11
+        vmovdqu	448(%rbx), %ymm10
+        vmovdqu	480(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5633,7 +5604,7 @@ L_pointwise_acc_mont_start_encap_bp:
         jg	L_pointwise_acc_mont_start_encap_bp
 L_pointwise_acc_mont_end_encap_bp:
         # Base mul mont add
-        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        leaq	L_mlkem_avx2_zetas_basemul(%rip), %rbx
         vmovdqu	(%rcx), %ymm2
         vmovdqu	32(%rcx), %ymm3
         vpslld	$16, %ymm3, %ymm6
@@ -5646,8 +5617,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	(%r15), %ymm10
-        vmovdqu	32(%r15), %ymm11
+        vmovdqu	(%rbx), %ymm10
+        vmovdqu	32(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5698,8 +5669,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	64(%r15), %ymm10
-        vmovdqu	96(%r15), %ymm11
+        vmovdqu	64(%rbx), %ymm10
+        vmovdqu	96(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5750,8 +5721,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	128(%r15), %ymm10
-        vmovdqu	160(%r15), %ymm11
+        vmovdqu	128(%rbx), %ymm10
+        vmovdqu	160(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5802,8 +5773,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	192(%r15), %ymm10
-        vmovdqu	224(%r15), %ymm11
+        vmovdqu	192(%rbx), %ymm10
+        vmovdqu	224(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5854,8 +5825,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	256(%r15), %ymm10
-        vmovdqu	288(%r15), %ymm11
+        vmovdqu	256(%rbx), %ymm10
+        vmovdqu	288(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5906,8 +5877,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	320(%r15), %ymm10
-        vmovdqu	352(%r15), %ymm11
+        vmovdqu	320(%rbx), %ymm10
+        vmovdqu	352(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -5958,8 +5929,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	384(%r15), %ymm10
-        vmovdqu	416(%r15), %ymm11
+        vmovdqu	384(%rbx), %ymm10
+        vmovdqu	416(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -6010,8 +5981,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	448(%r15), %ymm10
-        vmovdqu	480(%r15), %ymm11
+        vmovdqu	448(%rbx), %ymm10
+        vmovdqu	480(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -6051,12 +6022,9 @@ L_pointwise_acc_mont_end_encap_bp:
         vmovdqu	%ymm0, 448(%rsi)
         vmovdqu	%ymm1, 480(%rsi)
         addq	$0x200, %rcx
-        addq	$0x200, %r8
-        movq	%r11, %r13
-        shl	$9, %r13d
-        subq	%r13, %r8
+        movq	%r15, %r8
         # invntt
-        leaq	L_kyber_avx2_zetas_inv(%rip), %r15
+        leaq	L_mlkem_avx2_zetas_inv(%rip), %rbx
         vmovdqu	(%rsi), %ymm0
         vmovdqu	32(%rsi), %ymm1
         vmovdqu	64(%rsi), %ymm2
@@ -6067,17 +6035,17 @@ L_pointwise_acc_mont_end_encap_bp:
         vmovdqu	224(%rsi), %ymm7
         # 2: 1/2
         vperm2i128	$32, %ymm1, %ymm0, %ymm8
-        vmovdqu	(%r15), %ymm10
+        vmovdqu	(%rbx), %ymm10
         vperm2i128	$49, %ymm1, %ymm0, %ymm9
-        vmovdqu	32(%r15), %ymm12
+        vmovdqu	32(%rbx), %ymm12
         vpsllq	$32, %ymm9, %ymm0
         vpsrlq	$32, %ymm8, %ymm1
         vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
         vpblendd	$0x55, %ymm1, %ymm9, %ymm1
         vperm2i128	$32, %ymm3, %ymm2, %ymm8
-        vmovdqu	64(%r15), %ymm11
+        vmovdqu	64(%rbx), %ymm11
         vperm2i128	$49, %ymm3, %ymm2, %ymm9
-        vmovdqu	96(%r15), %ymm13
+        vmovdqu	96(%rbx), %ymm13
         vpsllq	$32, %ymm9, %ymm2
         vpsrlq	$32, %ymm8, %ymm3
         vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
@@ -6086,27 +6054,6 @@ L_pointwise_acc_mont_end_encap_bp:
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
         vpsubw	%ymm3, %ymm2, %ymm3
-        vpmullw	%ymm12, %ymm1, %ymm0
-        vpmullw	%ymm13, %ymm3, %ymm2
-        vpmulhw	%ymm10, %ymm1, %ymm1
-        vpmulhw	%ymm11, %ymm3, %ymm3
-        vpmulhw	%ymm14, %ymm0, %ymm0
-        vpmulhw	%ymm14, %ymm2, %ymm2
-        vpsubw	%ymm0, %ymm1, %ymm1
-        vpsubw	%ymm2, %ymm3, %ymm3
-        # 4: 1/2
-        vmovdqu	128(%r15), %ymm10
-        vmovdqu	160(%r15), %ymm12
-        vmovdqu	192(%r15), %ymm11
-        vmovdqu	224(%r15), %ymm13
-        vpunpckldq	%ymm1, %ymm8, %ymm0
-        vpunpckhdq	%ymm1, %ymm8, %ymm1
-        vpunpckldq	%ymm3, %ymm9, %ymm2
-        vpunpckhdq	%ymm3, %ymm9, %ymm3
-        vpaddw	%ymm1, %ymm0, %ymm8
-        vpaddw	%ymm3, %ymm2, %ymm9
-        vpsubw	%ymm1, %ymm0, %ymm1
-        vpsubw	%ymm3, %ymm2, %ymm3
         vpmulhw	%ymm15, %ymm8, %ymm0
         vpmulhw	%ymm15, %ymm9, %ymm2
         vpsraw	$10, %ymm0, %ymm0
@@ -6123,15 +6070,15 @@ L_pointwise_acc_mont_end_encap_bp:
         vpmulhw	%ymm14, %ymm2, %ymm2
         vpsubw	%ymm0, %ymm1, %ymm1
         vpsubw	%ymm2, %ymm3, %ymm3
-        # 8: 1/2
-        vmovdqu	256(%r15), %ymm10
-        vmovdqu	288(%r15), %ymm12
-        vmovdqu	320(%r15), %ymm11
-        vmovdqu	352(%r15), %ymm13
-        vpunpcklqdq	%ymm1, %ymm8, %ymm0
-        vpunpckhqdq	%ymm1, %ymm8, %ymm1
-        vpunpcklqdq	%ymm3, %ymm9, %ymm2
-        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        # 4: 1/2
+        vmovdqu	128(%rbx), %ymm10
+        vmovdqu	160(%rbx), %ymm12
+        vmovdqu	192(%rbx), %ymm11
+        vmovdqu	224(%rbx), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
         vpaddw	%ymm1, %ymm0, %ymm8
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
@@ -6144,15 +6091,44 @@ L_pointwise_acc_mont_end_encap_bp:
         vpmulhw	%ymm14, %ymm2, %ymm2
         vpsubw	%ymm0, %ymm1, %ymm1
         vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 1/2
+        vmovdqu	256(%rbx), %ymm10
+        vmovdqu	288(%rbx), %ymm12
+        vmovdqu	320(%rbx), %ymm11
+        vmovdqu	352(%rbx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
         # 16: 1/2
         vperm2i128	$32, %ymm1, %ymm8, %ymm0
-        vmovdqu	384(%r15), %ymm10
+        vmovdqu	384(%rbx), %ymm10
         vperm2i128	$49, %ymm1, %ymm8, %ymm1
-        vmovdqu	416(%r15), %ymm12
+        vmovdqu	416(%rbx), %ymm12
         vperm2i128	$32, %ymm3, %ymm9, %ymm2
-        vmovdqu	448(%r15), %ymm11
+        vmovdqu	448(%rbx), %ymm11
         vperm2i128	$49, %ymm3, %ymm9, %ymm3
-        vmovdqu	480(%r15), %ymm13
+        vmovdqu	480(%rbx), %ymm13
         vpsubw	%ymm1, %ymm0, %ymm8
         vpsubw	%ymm3, %ymm2, %ymm9
         vpaddw	%ymm1, %ymm0, %ymm0
@@ -6166,8 +6142,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsubw	%ymm1, %ymm8, %ymm1
         vpsubw	%ymm3, %ymm9, %ymm3
         # 32: 1/2
-        vmovdqu	512(%r15), %ymm10
-        vmovdqu	544(%r15), %ymm12
+        vmovdqu	512(%rbx), %ymm10
+        vmovdqu	544(%rbx), %ymm12
         vpaddw	%ymm2, %ymm0, %ymm8
         vpaddw	%ymm3, %ymm1, %ymm9
         vpsubw	%ymm2, %ymm0, %ymm2
@@ -6190,17 +6166,17 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsubw	%ymm9, %ymm3, %ymm3
         # 2: 1/2
         vperm2i128	$32, %ymm5, %ymm4, %ymm8
-        vmovdqu	576(%r15), %ymm10
+        vmovdqu	576(%rbx), %ymm10
         vperm2i128	$49, %ymm5, %ymm4, %ymm9
-        vmovdqu	608(%r15), %ymm12
+        vmovdqu	608(%rbx), %ymm12
         vpsllq	$32, %ymm9, %ymm4
         vpsrlq	$32, %ymm8, %ymm5
         vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
         vpblendd	$0x55, %ymm5, %ymm9, %ymm5
         vperm2i128	$32, %ymm7, %ymm6, %ymm8
-        vmovdqu	640(%r15), %ymm11
+        vmovdqu	640(%rbx), %ymm11
         vperm2i128	$49, %ymm7, %ymm6, %ymm9
-        vmovdqu	672(%r15), %ymm13
+        vmovdqu	672(%rbx), %ymm13
         vpsllq	$32, %ymm9, %ymm6
         vpsrlq	$32, %ymm8, %ymm7
         vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
@@ -6209,27 +6185,6 @@ L_pointwise_acc_mont_end_encap_bp:
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
         vpsubw	%ymm7, %ymm6, %ymm7
-        vpmullw	%ymm12, %ymm5, %ymm4
-        vpmullw	%ymm13, %ymm7, %ymm6
-        vpmulhw	%ymm10, %ymm5, %ymm5
-        vpmulhw	%ymm11, %ymm7, %ymm7
-        vpmulhw	%ymm14, %ymm4, %ymm4
-        vpmulhw	%ymm14, %ymm6, %ymm6
-        vpsubw	%ymm4, %ymm5, %ymm5
-        vpsubw	%ymm6, %ymm7, %ymm7
-        # 4: 1/2
-        vmovdqu	704(%r15), %ymm10
-        vmovdqu	736(%r15), %ymm12
-        vmovdqu	768(%r15), %ymm11
-        vmovdqu	800(%r15), %ymm13
-        vpunpckldq	%ymm5, %ymm8, %ymm4
-        vpunpckhdq	%ymm5, %ymm8, %ymm5
-        vpunpckldq	%ymm7, %ymm9, %ymm6
-        vpunpckhdq	%ymm7, %ymm9, %ymm7
-        vpaddw	%ymm5, %ymm4, %ymm8
-        vpaddw	%ymm7, %ymm6, %ymm9
-        vpsubw	%ymm5, %ymm4, %ymm5
-        vpsubw	%ymm7, %ymm6, %ymm7
         vpmulhw	%ymm15, %ymm8, %ymm4
         vpmulhw	%ymm15, %ymm9, %ymm6
         vpsraw	$10, %ymm4, %ymm4
@@ -6246,15 +6201,15 @@ L_pointwise_acc_mont_end_encap_bp:
         vpmulhw	%ymm14, %ymm6, %ymm6
         vpsubw	%ymm4, %ymm5, %ymm5
         vpsubw	%ymm6, %ymm7, %ymm7
-        # 8: 1/2
-        vmovdqu	832(%r15), %ymm10
-        vmovdqu	864(%r15), %ymm12
-        vmovdqu	896(%r15), %ymm11
-        vmovdqu	928(%r15), %ymm13
-        vpunpcklqdq	%ymm5, %ymm8, %ymm4
-        vpunpckhqdq	%ymm5, %ymm8, %ymm5
-        vpunpcklqdq	%ymm7, %ymm9, %ymm6
-        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        # 4: 1/2
+        vmovdqu	704(%rbx), %ymm10
+        vmovdqu	736(%rbx), %ymm12
+        vmovdqu	768(%rbx), %ymm11
+        vmovdqu	800(%rbx), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
         vpaddw	%ymm5, %ymm4, %ymm8
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
@@ -6267,15 +6222,44 @@ L_pointwise_acc_mont_end_encap_bp:
         vpmulhw	%ymm14, %ymm6, %ymm6
         vpsubw	%ymm4, %ymm5, %ymm5
         vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 1/2
+        vmovdqu	832(%rbx), %ymm10
+        vmovdqu	864(%rbx), %ymm12
+        vmovdqu	896(%rbx), %ymm11
+        vmovdqu	928(%rbx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
         # 16: 1/2
         vperm2i128	$32, %ymm5, %ymm8, %ymm4
-        vmovdqu	960(%r15), %ymm10
+        vmovdqu	960(%rbx), %ymm10
         vperm2i128	$49, %ymm5, %ymm8, %ymm5
-        vmovdqu	992(%r15), %ymm12
+        vmovdqu	992(%rbx), %ymm12
         vperm2i128	$32, %ymm7, %ymm9, %ymm6
-        vmovdqu	1024(%r15), %ymm11
+        vmovdqu	1024(%rbx), %ymm11
         vperm2i128	$49, %ymm7, %ymm9, %ymm7
-        vmovdqu	1056(%r15), %ymm13
+        vmovdqu	1056(%rbx), %ymm13
         vpsubw	%ymm5, %ymm4, %ymm8
         vpsubw	%ymm7, %ymm6, %ymm9
         vpaddw	%ymm5, %ymm4, %ymm4
@@ -6289,8 +6273,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsubw	%ymm5, %ymm8, %ymm5
         vpsubw	%ymm7, %ymm9, %ymm7
         # 32: 1/2
-        vmovdqu	1088(%r15), %ymm10
-        vmovdqu	1120(%r15), %ymm12
+        vmovdqu	1088(%rbx), %ymm10
+        vmovdqu	1120(%rbx), %ymm12
         vpaddw	%ymm6, %ymm4, %ymm8
         vpaddw	%ymm7, %ymm5, %ymm9
         vpsubw	%ymm6, %ymm4, %ymm6
@@ -6312,8 +6296,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsubw	%ymm8, %ymm6, %ymm6
         vpsubw	%ymm9, %ymm7, %ymm7
         # 64: 1/2
-        vmovdqu	1152(%r15), %ymm10
-        vmovdqu	1184(%r15), %ymm12
+        vmovdqu	1152(%rbx), %ymm10
+        vmovdqu	1184(%rbx), %ymm12
         vpsubw	%ymm4, %ymm0, %ymm8
         vpsubw	%ymm5, %ymm1, %ymm9
         vpaddw	%ymm4, %ymm0, %ymm0
@@ -6356,17 +6340,17 @@ L_pointwise_acc_mont_end_encap_bp:
         vmovdqu	480(%rsi), %ymm7
         # 2: 2/2
         vperm2i128	$32, %ymm1, %ymm0, %ymm8
-        vmovdqu	1216(%r15), %ymm10
+        vmovdqu	1216(%rbx), %ymm10
         vperm2i128	$49, %ymm1, %ymm0, %ymm9
-        vmovdqu	1248(%r15), %ymm12
+        vmovdqu	1248(%rbx), %ymm12
         vpsllq	$32, %ymm9, %ymm0
         vpsrlq	$32, %ymm8, %ymm1
         vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
         vpblendd	$0x55, %ymm1, %ymm9, %ymm1
         vperm2i128	$32, %ymm3, %ymm2, %ymm8
-        vmovdqu	1280(%r15), %ymm11
+        vmovdqu	1280(%rbx), %ymm11
         vperm2i128	$49, %ymm3, %ymm2, %ymm9
-        vmovdqu	1312(%r15), %ymm13
+        vmovdqu	1312(%rbx), %ymm13
         vpsllq	$32, %ymm9, %ymm2
         vpsrlq	$32, %ymm8, %ymm3
         vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
@@ -6375,27 +6359,6 @@ L_pointwise_acc_mont_end_encap_bp:
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
         vpsubw	%ymm3, %ymm2, %ymm3
-        vpmullw	%ymm12, %ymm1, %ymm0
-        vpmullw	%ymm13, %ymm3, %ymm2
-        vpmulhw	%ymm10, %ymm1, %ymm1
-        vpmulhw	%ymm11, %ymm3, %ymm3
-        vpmulhw	%ymm14, %ymm0, %ymm0
-        vpmulhw	%ymm14, %ymm2, %ymm2
-        vpsubw	%ymm0, %ymm1, %ymm1
-        vpsubw	%ymm2, %ymm3, %ymm3
-        # 4: 2/2
-        vmovdqu	1344(%r15), %ymm10
-        vmovdqu	1376(%r15), %ymm12
-        vmovdqu	1408(%r15), %ymm11
-        vmovdqu	1440(%r15), %ymm13
-        vpunpckldq	%ymm1, %ymm8, %ymm0
-        vpunpckhdq	%ymm1, %ymm8, %ymm1
-        vpunpckldq	%ymm3, %ymm9, %ymm2
-        vpunpckhdq	%ymm3, %ymm9, %ymm3
-        vpaddw	%ymm1, %ymm0, %ymm8
-        vpaddw	%ymm3, %ymm2, %ymm9
-        vpsubw	%ymm1, %ymm0, %ymm1
-        vpsubw	%ymm3, %ymm2, %ymm3
         vpmulhw	%ymm15, %ymm8, %ymm0
         vpmulhw	%ymm15, %ymm9, %ymm2
         vpsraw	$10, %ymm0, %ymm0
@@ -6412,15 +6375,15 @@ L_pointwise_acc_mont_end_encap_bp:
         vpmulhw	%ymm14, %ymm2, %ymm2
         vpsubw	%ymm0, %ymm1, %ymm1
         vpsubw	%ymm2, %ymm3, %ymm3
-        # 8: 2/2
-        vmovdqu	1472(%r15), %ymm10
-        vmovdqu	1504(%r15), %ymm12
-        vmovdqu	1536(%r15), %ymm11
-        vmovdqu	1568(%r15), %ymm13
-        vpunpcklqdq	%ymm1, %ymm8, %ymm0
-        vpunpckhqdq	%ymm1, %ymm8, %ymm1
-        vpunpcklqdq	%ymm3, %ymm9, %ymm2
-        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        # 4: 2/2
+        vmovdqu	1344(%rbx), %ymm10
+        vmovdqu	1376(%rbx), %ymm12
+        vmovdqu	1408(%rbx), %ymm11
+        vmovdqu	1440(%rbx), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
         vpaddw	%ymm1, %ymm0, %ymm8
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
@@ -6433,15 +6396,44 @@ L_pointwise_acc_mont_end_encap_bp:
         vpmulhw	%ymm14, %ymm2, %ymm2
         vpsubw	%ymm0, %ymm1, %ymm1
         vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 2/2
+        vmovdqu	1472(%rbx), %ymm10
+        vmovdqu	1504(%rbx), %ymm12
+        vmovdqu	1536(%rbx), %ymm11
+        vmovdqu	1568(%rbx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
         # 16: 2/2
         vperm2i128	$32, %ymm1, %ymm8, %ymm0
-        vmovdqu	1600(%r15), %ymm10
+        vmovdqu	1600(%rbx), %ymm10
         vperm2i128	$49, %ymm1, %ymm8, %ymm1
-        vmovdqu	1632(%r15), %ymm12
+        vmovdqu	1632(%rbx), %ymm12
         vperm2i128	$32, %ymm3, %ymm9, %ymm2
-        vmovdqu	1664(%r15), %ymm11
+        vmovdqu	1664(%rbx), %ymm11
         vperm2i128	$49, %ymm3, %ymm9, %ymm3
-        vmovdqu	1696(%r15), %ymm13
+        vmovdqu	1696(%rbx), %ymm13
         vpsubw	%ymm1, %ymm0, %ymm8
         vpsubw	%ymm3, %ymm2, %ymm9
         vpaddw	%ymm1, %ymm0, %ymm0
@@ -6455,8 +6447,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsubw	%ymm1, %ymm8, %ymm1
         vpsubw	%ymm3, %ymm9, %ymm3
         # 32: 2/2
-        vmovdqu	1728(%r15), %ymm10
-        vmovdqu	1760(%r15), %ymm12
+        vmovdqu	1728(%rbx), %ymm10
+        vmovdqu	1760(%rbx), %ymm12
         vpaddw	%ymm2, %ymm0, %ymm8
         vpaddw	%ymm3, %ymm1, %ymm9
         vpsubw	%ymm2, %ymm0, %ymm2
@@ -6479,17 +6471,17 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsubw	%ymm9, %ymm3, %ymm3
         # 2: 2/2
         vperm2i128	$32, %ymm5, %ymm4, %ymm8
-        vmovdqu	1792(%r15), %ymm10
+        vmovdqu	1792(%rbx), %ymm10
         vperm2i128	$49, %ymm5, %ymm4, %ymm9
-        vmovdqu	1824(%r15), %ymm12
+        vmovdqu	1824(%rbx), %ymm12
         vpsllq	$32, %ymm9, %ymm4
         vpsrlq	$32, %ymm8, %ymm5
         vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
         vpblendd	$0x55, %ymm5, %ymm9, %ymm5
         vperm2i128	$32, %ymm7, %ymm6, %ymm8
-        vmovdqu	1856(%r15), %ymm11
+        vmovdqu	1856(%rbx), %ymm11
         vperm2i128	$49, %ymm7, %ymm6, %ymm9
-        vmovdqu	1888(%r15), %ymm13
+        vmovdqu	1888(%rbx), %ymm13
         vpsllq	$32, %ymm9, %ymm6
         vpsrlq	$32, %ymm8, %ymm7
         vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
@@ -6498,27 +6490,6 @@ L_pointwise_acc_mont_end_encap_bp:
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
         vpsubw	%ymm7, %ymm6, %ymm7
-        vpmullw	%ymm12, %ymm5, %ymm4
-        vpmullw	%ymm13, %ymm7, %ymm6
-        vpmulhw	%ymm10, %ymm5, %ymm5
-        vpmulhw	%ymm11, %ymm7, %ymm7
-        vpmulhw	%ymm14, %ymm4, %ymm4
-        vpmulhw	%ymm14, %ymm6, %ymm6
-        vpsubw	%ymm4, %ymm5, %ymm5
-        vpsubw	%ymm6, %ymm7, %ymm7
-        # 4: 2/2
-        vmovdqu	1920(%r15), %ymm10
-        vmovdqu	1952(%r15), %ymm12
-        vmovdqu	1984(%r15), %ymm11
-        vmovdqu	2016(%r15), %ymm13
-        vpunpckldq	%ymm5, %ymm8, %ymm4
-        vpunpckhdq	%ymm5, %ymm8, %ymm5
-        vpunpckldq	%ymm7, %ymm9, %ymm6
-        vpunpckhdq	%ymm7, %ymm9, %ymm7
-        vpaddw	%ymm5, %ymm4, %ymm8
-        vpaddw	%ymm7, %ymm6, %ymm9
-        vpsubw	%ymm5, %ymm4, %ymm5
-        vpsubw	%ymm7, %ymm6, %ymm7
         vpmulhw	%ymm15, %ymm8, %ymm4
         vpmulhw	%ymm15, %ymm9, %ymm6
         vpsraw	$10, %ymm4, %ymm4
@@ -6535,15 +6506,15 @@ L_pointwise_acc_mont_end_encap_bp:
         vpmulhw	%ymm14, %ymm6, %ymm6
         vpsubw	%ymm4, %ymm5, %ymm5
         vpsubw	%ymm6, %ymm7, %ymm7
-        # 8: 2/2
-        vmovdqu	2048(%r15), %ymm10
-        vmovdqu	2080(%r15), %ymm12
-        vmovdqu	2112(%r15), %ymm11
-        vmovdqu	2144(%r15), %ymm13
-        vpunpcklqdq	%ymm5, %ymm8, %ymm4
-        vpunpckhqdq	%ymm5, %ymm8, %ymm5
-        vpunpcklqdq	%ymm7, %ymm9, %ymm6
-        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        # 4: 2/2
+        vmovdqu	1920(%rbx), %ymm10
+        vmovdqu	1952(%rbx), %ymm12
+        vmovdqu	1984(%rbx), %ymm11
+        vmovdqu	2016(%rbx), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
         vpaddw	%ymm5, %ymm4, %ymm8
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
@@ -6556,15 +6527,44 @@ L_pointwise_acc_mont_end_encap_bp:
         vpmulhw	%ymm14, %ymm6, %ymm6
         vpsubw	%ymm4, %ymm5, %ymm5
         vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 2/2
+        vmovdqu	2048(%rbx), %ymm10
+        vmovdqu	2080(%rbx), %ymm12
+        vmovdqu	2112(%rbx), %ymm11
+        vmovdqu	2144(%rbx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
         # 16: 2/2
         vperm2i128	$32, %ymm5, %ymm8, %ymm4
-        vmovdqu	2176(%r15), %ymm10
+        vmovdqu	2176(%rbx), %ymm10
         vperm2i128	$49, %ymm5, %ymm8, %ymm5
-        vmovdqu	2208(%r15), %ymm12
+        vmovdqu	2208(%rbx), %ymm12
         vperm2i128	$32, %ymm7, %ymm9, %ymm6
-        vmovdqu	2240(%r15), %ymm11
+        vmovdqu	2240(%rbx), %ymm11
         vperm2i128	$49, %ymm7, %ymm9, %ymm7
-        vmovdqu	2272(%r15), %ymm13
+        vmovdqu	2272(%rbx), %ymm13
         vpsubw	%ymm5, %ymm4, %ymm8
         vpsubw	%ymm7, %ymm6, %ymm9
         vpaddw	%ymm5, %ymm4, %ymm4
@@ -6578,8 +6578,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsubw	%ymm5, %ymm8, %ymm5
         vpsubw	%ymm7, %ymm9, %ymm7
         # 32: 2/2
-        vmovdqu	2304(%r15), %ymm10
-        vmovdqu	2336(%r15), %ymm12
+        vmovdqu	2304(%rbx), %ymm10
+        vmovdqu	2336(%rbx), %ymm12
         vpaddw	%ymm6, %ymm4, %ymm8
         vpaddw	%ymm7, %ymm5, %ymm9
         vpsubw	%ymm6, %ymm4, %ymm6
@@ -6601,8 +6601,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsubw	%ymm8, %ymm6, %ymm6
         vpsubw	%ymm9, %ymm7, %ymm7
         # 64: 2/2
-        vmovdqu	2368(%r15), %ymm10
-        vmovdqu	2400(%r15), %ymm12
+        vmovdqu	2368(%rbx), %ymm10
+        vmovdqu	2400(%rbx), %ymm12
         vpsubw	%ymm4, %ymm0, %ymm8
         vpsubw	%ymm5, %ymm1, %ymm9
         vpaddw	%ymm4, %ymm0, %ymm0
@@ -6632,10 +6632,10 @@ L_pointwise_acc_mont_end_encap_bp:
         vmovdqu	%ymm2, 320(%rsi)
         vmovdqu	%ymm3, 352(%rsi)
         # 128
-        vmovdqu	2432(%r15), %ymm10
-        vmovdqu	2464(%r15), %ymm12
-        vmovdqu	2496(%r15), %ymm11
-        vmovdqu	2528(%r15), %ymm13
+        vmovdqu	2432(%rbx), %ymm10
+        vmovdqu	2464(%rbx), %ymm12
+        vmovdqu	2496(%rbx), %ymm11
+        vmovdqu	2528(%rbx), %ymm13
         vmovdqu	128(%rsi), %ymm0
         vmovdqu	160(%rsi), %ymm1
         vmovdqu	192(%rsi), %ymm2
@@ -6652,18 +6652,26 @@ L_pointwise_acc_mont_end_encap_bp:
         vpmulhw	%ymm14, %ymm5, %ymm5
         vpsubw	%ymm4, %ymm8, %ymm4
         vpsubw	%ymm5, %ymm9, %ymm5
-        vpsubw	%ymm6, %ymm2, %ymm8
-        vpsubw	%ymm7, %ymm3, %ymm9
-        vpaddw	%ymm6, %ymm2, %ymm2
-        vpaddw	%ymm7, %ymm3, %ymm3
-        vpmullw	%ymm12, %ymm8, %ymm6
-        vpmullw	%ymm12, %ymm9, %ymm7
-        vpmulhw	%ymm10, %ymm8, %ymm8
-        vpmulhw	%ymm10, %ymm9, %ymm9
-        vpmulhw	%ymm14, %ymm6, %ymm6
-        vpmulhw	%ymm14, %ymm7, %ymm7
-        vpsubw	%ymm6, %ymm8, %ymm6
-        vpsubw	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm7, %ymm3, %ymm9
+        vpsubw	%ymm6, %ymm2, %ymm6
+        vpsubw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm2
+        vpmulhw	%ymm15, %ymm9, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm8, %ymm2
+        vpsubw	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
         vpmullw	%ymm13, %ymm0, %ymm8
         vpmullw	%ymm13, %ymm1, %ymm9
         vpmulhw	%ymm11, %ymm0, %ymm0
@@ -6724,18 +6732,26 @@ L_pointwise_acc_mont_end_encap_bp:
         vpmulhw	%ymm14, %ymm5, %ymm5
         vpsubw	%ymm4, %ymm8, %ymm4
         vpsubw	%ymm5, %ymm9, %ymm5
-        vpsubw	%ymm6, %ymm2, %ymm8
-        vpsubw	%ymm7, %ymm3, %ymm9
-        vpaddw	%ymm6, %ymm2, %ymm2
-        vpaddw	%ymm7, %ymm3, %ymm3
-        vpmullw	%ymm12, %ymm8, %ymm6
-        vpmullw	%ymm12, %ymm9, %ymm7
-        vpmulhw	%ymm10, %ymm8, %ymm8
-        vpmulhw	%ymm10, %ymm9, %ymm9
-        vpmulhw	%ymm14, %ymm6, %ymm6
-        vpmulhw	%ymm14, %ymm7, %ymm7
-        vpsubw	%ymm6, %ymm8, %ymm6
-        vpsubw	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm7, %ymm3, %ymm9
+        vpsubw	%ymm6, %ymm2, %ymm6
+        vpsubw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm2
+        vpmulhw	%ymm15, %ymm9, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm8, %ymm2
+        vpsubw	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
         vpmullw	%ymm13, %ymm0, %ymm8
         vpmullw	%ymm13, %ymm1, %ymm9
         vpmulhw	%ymm11, %ymm0, %ymm0
@@ -6908,12 +6924,12 @@ L_pointwise_acc_mont_end_encap_bp:
         addq	$0x200, %r9
         addq	$0x200, %rsi
         subq	$0x01, %r12
-        jg	L_kyber_encapsulate_avx2_calc
-        vmovdqu	kyber_qinv(%rip), %ymm12
+        jg	L_mlkem_encapsulate_avx2_calc
+        vmovdqu	mlkem_qinv(%rip), %ymm12
         # Pointwise acc mont
-        movq	%r11, %r13
+        movslq	%r11d, %r13
         # Base mul mont
-        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        leaq	L_mlkem_avx2_zetas_basemul(%rip), %rbx
         vmovdqu	(%rdi), %ymm2
         vmovdqu	32(%rdi), %ymm3
         vpslld	$16, %ymm3, %ymm6
@@ -6926,8 +6942,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	(%r15), %ymm10
-        vmovdqu	32(%r15), %ymm11
+        vmovdqu	(%rbx), %ymm10
+        vmovdqu	32(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -6970,8 +6986,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	64(%r15), %ymm10
-        vmovdqu	96(%r15), %ymm11
+        vmovdqu	64(%rbx), %ymm10
+        vmovdqu	96(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7014,8 +7030,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	128(%r15), %ymm10
-        vmovdqu	160(%r15), %ymm11
+        vmovdqu	128(%rbx), %ymm10
+        vmovdqu	160(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7058,8 +7074,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	192(%r15), %ymm10
-        vmovdqu	224(%r15), %ymm11
+        vmovdqu	192(%rbx), %ymm10
+        vmovdqu	224(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7102,8 +7118,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	256(%r15), %ymm10
-        vmovdqu	288(%r15), %ymm11
+        vmovdqu	256(%rbx), %ymm10
+        vmovdqu	288(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7146,8 +7162,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	320(%r15), %ymm10
-        vmovdqu	352(%r15), %ymm11
+        vmovdqu	320(%rbx), %ymm10
+        vmovdqu	352(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7190,8 +7206,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	384(%r15), %ymm10
-        vmovdqu	416(%r15), %ymm11
+        vmovdqu	384(%rbx), %ymm10
+        vmovdqu	416(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7234,8 +7250,8 @@ L_pointwise_acc_mont_end_encap_bp:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	448(%r15), %ymm10
-        vmovdqu	480(%r15), %ymm11
+        vmovdqu	448(%rbx), %ymm10
+        vmovdqu	480(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7272,7 +7288,7 @@ L_pointwise_acc_mont_end_encap_bp:
         jz	L_pointwise_acc_mont_end_encap_v
 L_pointwise_acc_mont_start_encap_v:
         # Base mul mont add
-        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        leaq	L_mlkem_avx2_zetas_basemul(%rip), %rbx
         vmovdqu	(%rdi), %ymm2
         vmovdqu	32(%rdi), %ymm3
         vpslld	$16, %ymm3, %ymm6
@@ -7285,8 +7301,8 @@ L_pointwise_acc_mont_start_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	(%r15), %ymm10
-        vmovdqu	32(%r15), %ymm11
+        vmovdqu	(%rbx), %ymm10
+        vmovdqu	32(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7333,8 +7349,8 @@ L_pointwise_acc_mont_start_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	64(%r15), %ymm10
-        vmovdqu	96(%r15), %ymm11
+        vmovdqu	64(%rbx), %ymm10
+        vmovdqu	96(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7381,8 +7397,8 @@ L_pointwise_acc_mont_start_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	128(%r15), %ymm10
-        vmovdqu	160(%r15), %ymm11
+        vmovdqu	128(%rbx), %ymm10
+        vmovdqu	160(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7429,8 +7445,8 @@ L_pointwise_acc_mont_start_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	192(%r15), %ymm10
-        vmovdqu	224(%r15), %ymm11
+        vmovdqu	192(%rbx), %ymm10
+        vmovdqu	224(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7477,8 +7493,8 @@ L_pointwise_acc_mont_start_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	256(%r15), %ymm10
-        vmovdqu	288(%r15), %ymm11
+        vmovdqu	256(%rbx), %ymm10
+        vmovdqu	288(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7525,8 +7541,8 @@ L_pointwise_acc_mont_start_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	320(%r15), %ymm10
-        vmovdqu	352(%r15), %ymm11
+        vmovdqu	320(%rbx), %ymm10
+        vmovdqu	352(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7573,8 +7589,8 @@ L_pointwise_acc_mont_start_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	384(%r15), %ymm10
-        vmovdqu	416(%r15), %ymm11
+        vmovdqu	384(%rbx), %ymm10
+        vmovdqu	416(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7621,8 +7637,8 @@ L_pointwise_acc_mont_start_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	448(%r15), %ymm10
-        vmovdqu	480(%r15), %ymm11
+        vmovdqu	448(%rbx), %ymm10
+        vmovdqu	480(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7663,7 +7679,7 @@ L_pointwise_acc_mont_start_encap_v:
         jg	L_pointwise_acc_mont_start_encap_v
 L_pointwise_acc_mont_end_encap_v:
         # Base mul mont add
-        leaq	L_kyber_avx2_zetas_basemul(%rip), %r15
+        leaq	L_mlkem_avx2_zetas_basemul(%rip), %rbx
         vmovdqu	(%rdi), %ymm2
         vmovdqu	32(%rdi), %ymm3
         vpslld	$16, %ymm3, %ymm6
@@ -7676,8 +7692,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	(%r15), %ymm10
-        vmovdqu	32(%r15), %ymm11
+        vmovdqu	(%rbx), %ymm10
+        vmovdqu	32(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7728,8 +7744,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	64(%r15), %ymm10
-        vmovdqu	96(%r15), %ymm11
+        vmovdqu	64(%rbx), %ymm10
+        vmovdqu	96(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7780,8 +7796,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	128(%r15), %ymm10
-        vmovdqu	160(%r15), %ymm11
+        vmovdqu	128(%rbx), %ymm10
+        vmovdqu	160(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7832,8 +7848,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	192(%r15), %ymm10
-        vmovdqu	224(%r15), %ymm11
+        vmovdqu	192(%rbx), %ymm10
+        vmovdqu	224(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7884,8 +7900,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	256(%r15), %ymm10
-        vmovdqu	288(%r15), %ymm11
+        vmovdqu	256(%rbx), %ymm10
+        vmovdqu	288(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7936,8 +7952,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	320(%r15), %ymm10
-        vmovdqu	352(%r15), %ymm11
+        vmovdqu	320(%rbx), %ymm10
+        vmovdqu	352(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -7988,8 +8004,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	384(%r15), %ymm10
-        vmovdqu	416(%r15), %ymm11
+        vmovdqu	384(%rbx), %ymm10
+        vmovdqu	416(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -8040,8 +8056,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsrld	$16, %ymm4, %ymm7
         vpblendw	$0xaa, %ymm6, %ymm4, %ymm4
         vpblendw	$0x55, %ymm7, %ymm5, %ymm5
-        vmovdqu	448(%r15), %ymm10
-        vmovdqu	480(%r15), %ymm11
+        vmovdqu	448(%rbx), %ymm10
+        vmovdqu	480(%rbx), %ymm11
         vpmullw	%ymm5, %ymm3, %ymm0
         vpmulhw	%ymm5, %ymm3, %ymm6
         vpmullw	%ymm4, %ymm2, %ymm1
@@ -8081,12 +8097,8 @@ L_pointwise_acc_mont_end_encap_v:
         vmovdqu	%ymm0, 448(%rdx)
         vmovdqu	%ymm1, 480(%rdx)
         addq	$0x200, %rdi
-        addq	$0x200, %r8
-        movq	%r11, %r13
-        shl	$9, %r13d
-        subq	%r13, %r8
         # invntt
-        leaq	L_kyber_avx2_zetas_inv(%rip), %r15
+        leaq	L_mlkem_avx2_zetas_inv(%rip), %rbx
         vmovdqu	(%rdx), %ymm0
         vmovdqu	32(%rdx), %ymm1
         vmovdqu	64(%rdx), %ymm2
@@ -8097,17 +8109,17 @@ L_pointwise_acc_mont_end_encap_v:
         vmovdqu	224(%rdx), %ymm7
         # 2: 1/2
         vperm2i128	$32, %ymm1, %ymm0, %ymm8
-        vmovdqu	(%r15), %ymm10
+        vmovdqu	(%rbx), %ymm10
         vperm2i128	$49, %ymm1, %ymm0, %ymm9
-        vmovdqu	32(%r15), %ymm12
+        vmovdqu	32(%rbx), %ymm12
         vpsllq	$32, %ymm9, %ymm0
         vpsrlq	$32, %ymm8, %ymm1
         vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
         vpblendd	$0x55, %ymm1, %ymm9, %ymm1
         vperm2i128	$32, %ymm3, %ymm2, %ymm8
-        vmovdqu	64(%r15), %ymm11
+        vmovdqu	64(%rbx), %ymm11
         vperm2i128	$49, %ymm3, %ymm2, %ymm9
-        vmovdqu	96(%r15), %ymm13
+        vmovdqu	96(%rbx), %ymm13
         vpsllq	$32, %ymm9, %ymm2
         vpsrlq	$32, %ymm8, %ymm3
         vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
@@ -8116,27 +8128,6 @@ L_pointwise_acc_mont_end_encap_v:
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
         vpsubw	%ymm3, %ymm2, %ymm3
-        vpmullw	%ymm12, %ymm1, %ymm0
-        vpmullw	%ymm13, %ymm3, %ymm2
-        vpmulhw	%ymm10, %ymm1, %ymm1
-        vpmulhw	%ymm11, %ymm3, %ymm3
-        vpmulhw	%ymm14, %ymm0, %ymm0
-        vpmulhw	%ymm14, %ymm2, %ymm2
-        vpsubw	%ymm0, %ymm1, %ymm1
-        vpsubw	%ymm2, %ymm3, %ymm3
-        # 4: 1/2
-        vmovdqu	128(%r15), %ymm10
-        vmovdqu	160(%r15), %ymm12
-        vmovdqu	192(%r15), %ymm11
-        vmovdqu	224(%r15), %ymm13
-        vpunpckldq	%ymm1, %ymm8, %ymm0
-        vpunpckhdq	%ymm1, %ymm8, %ymm1
-        vpunpckldq	%ymm3, %ymm9, %ymm2
-        vpunpckhdq	%ymm3, %ymm9, %ymm3
-        vpaddw	%ymm1, %ymm0, %ymm8
-        vpaddw	%ymm3, %ymm2, %ymm9
-        vpsubw	%ymm1, %ymm0, %ymm1
-        vpsubw	%ymm3, %ymm2, %ymm3
         vpmulhw	%ymm15, %ymm8, %ymm0
         vpmulhw	%ymm15, %ymm9, %ymm2
         vpsraw	$10, %ymm0, %ymm0
@@ -8153,15 +8144,15 @@ L_pointwise_acc_mont_end_encap_v:
         vpmulhw	%ymm14, %ymm2, %ymm2
         vpsubw	%ymm0, %ymm1, %ymm1
         vpsubw	%ymm2, %ymm3, %ymm3
-        # 8: 1/2
-        vmovdqu	256(%r15), %ymm10
-        vmovdqu	288(%r15), %ymm12
-        vmovdqu	320(%r15), %ymm11
-        vmovdqu	352(%r15), %ymm13
-        vpunpcklqdq	%ymm1, %ymm8, %ymm0
-        vpunpckhqdq	%ymm1, %ymm8, %ymm1
-        vpunpcklqdq	%ymm3, %ymm9, %ymm2
-        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        # 4: 1/2
+        vmovdqu	128(%rbx), %ymm10
+        vmovdqu	160(%rbx), %ymm12
+        vmovdqu	192(%rbx), %ymm11
+        vmovdqu	224(%rbx), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
         vpaddw	%ymm1, %ymm0, %ymm8
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
@@ -8174,15 +8165,44 @@ L_pointwise_acc_mont_end_encap_v:
         vpmulhw	%ymm14, %ymm2, %ymm2
         vpsubw	%ymm0, %ymm1, %ymm1
         vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 1/2
+        vmovdqu	256(%rbx), %ymm10
+        vmovdqu	288(%rbx), %ymm12
+        vmovdqu	320(%rbx), %ymm11
+        vmovdqu	352(%rbx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
         # 16: 1/2
         vperm2i128	$32, %ymm1, %ymm8, %ymm0
-        vmovdqu	384(%r15), %ymm10
+        vmovdqu	384(%rbx), %ymm10
         vperm2i128	$49, %ymm1, %ymm8, %ymm1
-        vmovdqu	416(%r15), %ymm12
+        vmovdqu	416(%rbx), %ymm12
         vperm2i128	$32, %ymm3, %ymm9, %ymm2
-        vmovdqu	448(%r15), %ymm11
+        vmovdqu	448(%rbx), %ymm11
         vperm2i128	$49, %ymm3, %ymm9, %ymm3
-        vmovdqu	480(%r15), %ymm13
+        vmovdqu	480(%rbx), %ymm13
         vpsubw	%ymm1, %ymm0, %ymm8
         vpsubw	%ymm3, %ymm2, %ymm9
         vpaddw	%ymm1, %ymm0, %ymm0
@@ -8196,8 +8216,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsubw	%ymm1, %ymm8, %ymm1
         vpsubw	%ymm3, %ymm9, %ymm3
         # 32: 1/2
-        vmovdqu	512(%r15), %ymm10
-        vmovdqu	544(%r15), %ymm12
+        vmovdqu	512(%rbx), %ymm10
+        vmovdqu	544(%rbx), %ymm12
         vpaddw	%ymm2, %ymm0, %ymm8
         vpaddw	%ymm3, %ymm1, %ymm9
         vpsubw	%ymm2, %ymm0, %ymm2
@@ -8220,17 +8240,17 @@ L_pointwise_acc_mont_end_encap_v:
         vpsubw	%ymm9, %ymm3, %ymm3
         # 2: 1/2
         vperm2i128	$32, %ymm5, %ymm4, %ymm8
-        vmovdqu	576(%r15), %ymm10
+        vmovdqu	576(%rbx), %ymm10
         vperm2i128	$49, %ymm5, %ymm4, %ymm9
-        vmovdqu	608(%r15), %ymm12
+        vmovdqu	608(%rbx), %ymm12
         vpsllq	$32, %ymm9, %ymm4
         vpsrlq	$32, %ymm8, %ymm5
         vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
         vpblendd	$0x55, %ymm5, %ymm9, %ymm5
         vperm2i128	$32, %ymm7, %ymm6, %ymm8
-        vmovdqu	640(%r15), %ymm11
+        vmovdqu	640(%rbx), %ymm11
         vperm2i128	$49, %ymm7, %ymm6, %ymm9
-        vmovdqu	672(%r15), %ymm13
+        vmovdqu	672(%rbx), %ymm13
         vpsllq	$32, %ymm9, %ymm6
         vpsrlq	$32, %ymm8, %ymm7
         vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
@@ -8239,27 +8259,6 @@ L_pointwise_acc_mont_end_encap_v:
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
         vpsubw	%ymm7, %ymm6, %ymm7
-        vpmullw	%ymm12, %ymm5, %ymm4
-        vpmullw	%ymm13, %ymm7, %ymm6
-        vpmulhw	%ymm10, %ymm5, %ymm5
-        vpmulhw	%ymm11, %ymm7, %ymm7
-        vpmulhw	%ymm14, %ymm4, %ymm4
-        vpmulhw	%ymm14, %ymm6, %ymm6
-        vpsubw	%ymm4, %ymm5, %ymm5
-        vpsubw	%ymm6, %ymm7, %ymm7
-        # 4: 1/2
-        vmovdqu	704(%r15), %ymm10
-        vmovdqu	736(%r15), %ymm12
-        vmovdqu	768(%r15), %ymm11
-        vmovdqu	800(%r15), %ymm13
-        vpunpckldq	%ymm5, %ymm8, %ymm4
-        vpunpckhdq	%ymm5, %ymm8, %ymm5
-        vpunpckldq	%ymm7, %ymm9, %ymm6
-        vpunpckhdq	%ymm7, %ymm9, %ymm7
-        vpaddw	%ymm5, %ymm4, %ymm8
-        vpaddw	%ymm7, %ymm6, %ymm9
-        vpsubw	%ymm5, %ymm4, %ymm5
-        vpsubw	%ymm7, %ymm6, %ymm7
         vpmulhw	%ymm15, %ymm8, %ymm4
         vpmulhw	%ymm15, %ymm9, %ymm6
         vpsraw	$10, %ymm4, %ymm4
@@ -8276,15 +8275,15 @@ L_pointwise_acc_mont_end_encap_v:
         vpmulhw	%ymm14, %ymm6, %ymm6
         vpsubw	%ymm4, %ymm5, %ymm5
         vpsubw	%ymm6, %ymm7, %ymm7
-        # 8: 1/2
-        vmovdqu	832(%r15), %ymm10
-        vmovdqu	864(%r15), %ymm12
-        vmovdqu	896(%r15), %ymm11
-        vmovdqu	928(%r15), %ymm13
-        vpunpcklqdq	%ymm5, %ymm8, %ymm4
-        vpunpckhqdq	%ymm5, %ymm8, %ymm5
-        vpunpcklqdq	%ymm7, %ymm9, %ymm6
-        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        # 4: 1/2
+        vmovdqu	704(%rbx), %ymm10
+        vmovdqu	736(%rbx), %ymm12
+        vmovdqu	768(%rbx), %ymm11
+        vmovdqu	800(%rbx), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
         vpaddw	%ymm5, %ymm4, %ymm8
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
@@ -8297,15 +8296,44 @@ L_pointwise_acc_mont_end_encap_v:
         vpmulhw	%ymm14, %ymm6, %ymm6
         vpsubw	%ymm4, %ymm5, %ymm5
         vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 1/2
+        vmovdqu	832(%rbx), %ymm10
+        vmovdqu	864(%rbx), %ymm12
+        vmovdqu	896(%rbx), %ymm11
+        vmovdqu	928(%rbx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
         # 16: 1/2
         vperm2i128	$32, %ymm5, %ymm8, %ymm4
-        vmovdqu	960(%r15), %ymm10
+        vmovdqu	960(%rbx), %ymm10
         vperm2i128	$49, %ymm5, %ymm8, %ymm5
-        vmovdqu	992(%r15), %ymm12
+        vmovdqu	992(%rbx), %ymm12
         vperm2i128	$32, %ymm7, %ymm9, %ymm6
-        vmovdqu	1024(%r15), %ymm11
+        vmovdqu	1024(%rbx), %ymm11
         vperm2i128	$49, %ymm7, %ymm9, %ymm7
-        vmovdqu	1056(%r15), %ymm13
+        vmovdqu	1056(%rbx), %ymm13
         vpsubw	%ymm5, %ymm4, %ymm8
         vpsubw	%ymm7, %ymm6, %ymm9
         vpaddw	%ymm5, %ymm4, %ymm4
@@ -8319,8 +8347,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsubw	%ymm5, %ymm8, %ymm5
         vpsubw	%ymm7, %ymm9, %ymm7
         # 32: 1/2
-        vmovdqu	1088(%r15), %ymm10
-        vmovdqu	1120(%r15), %ymm12
+        vmovdqu	1088(%rbx), %ymm10
+        vmovdqu	1120(%rbx), %ymm12
         vpaddw	%ymm6, %ymm4, %ymm8
         vpaddw	%ymm7, %ymm5, %ymm9
         vpsubw	%ymm6, %ymm4, %ymm6
@@ -8342,8 +8370,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsubw	%ymm8, %ymm6, %ymm6
         vpsubw	%ymm9, %ymm7, %ymm7
         # 64: 1/2
-        vmovdqu	1152(%r15), %ymm10
-        vmovdqu	1184(%r15), %ymm12
+        vmovdqu	1152(%rbx), %ymm10
+        vmovdqu	1184(%rbx), %ymm12
         vpsubw	%ymm4, %ymm0, %ymm8
         vpsubw	%ymm5, %ymm1, %ymm9
         vpaddw	%ymm4, %ymm0, %ymm0
@@ -8386,17 +8414,17 @@ L_pointwise_acc_mont_end_encap_v:
         vmovdqu	480(%rdx), %ymm7
         # 2: 2/2
         vperm2i128	$32, %ymm1, %ymm0, %ymm8
-        vmovdqu	1216(%r15), %ymm10
+        vmovdqu	1216(%rbx), %ymm10
         vperm2i128	$49, %ymm1, %ymm0, %ymm9
-        vmovdqu	1248(%r15), %ymm12
+        vmovdqu	1248(%rbx), %ymm12
         vpsllq	$32, %ymm9, %ymm0
         vpsrlq	$32, %ymm8, %ymm1
         vpblendd	$0xaa, %ymm0, %ymm8, %ymm0
         vpblendd	$0x55, %ymm1, %ymm9, %ymm1
         vperm2i128	$32, %ymm3, %ymm2, %ymm8
-        vmovdqu	1280(%r15), %ymm11
+        vmovdqu	1280(%rbx), %ymm11
         vperm2i128	$49, %ymm3, %ymm2, %ymm9
-        vmovdqu	1312(%r15), %ymm13
+        vmovdqu	1312(%rbx), %ymm13
         vpsllq	$32, %ymm9, %ymm2
         vpsrlq	$32, %ymm8, %ymm3
         vpblendd	$0xaa, %ymm2, %ymm8, %ymm2
@@ -8405,27 +8433,6 @@ L_pointwise_acc_mont_end_encap_v:
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
         vpsubw	%ymm3, %ymm2, %ymm3
-        vpmullw	%ymm12, %ymm1, %ymm0
-        vpmullw	%ymm13, %ymm3, %ymm2
-        vpmulhw	%ymm10, %ymm1, %ymm1
-        vpmulhw	%ymm11, %ymm3, %ymm3
-        vpmulhw	%ymm14, %ymm0, %ymm0
-        vpmulhw	%ymm14, %ymm2, %ymm2
-        vpsubw	%ymm0, %ymm1, %ymm1
-        vpsubw	%ymm2, %ymm3, %ymm3
-        # 4: 2/2
-        vmovdqu	1344(%r15), %ymm10
-        vmovdqu	1376(%r15), %ymm12
-        vmovdqu	1408(%r15), %ymm11
-        vmovdqu	1440(%r15), %ymm13
-        vpunpckldq	%ymm1, %ymm8, %ymm0
-        vpunpckhdq	%ymm1, %ymm8, %ymm1
-        vpunpckldq	%ymm3, %ymm9, %ymm2
-        vpunpckhdq	%ymm3, %ymm9, %ymm3
-        vpaddw	%ymm1, %ymm0, %ymm8
-        vpaddw	%ymm3, %ymm2, %ymm9
-        vpsubw	%ymm1, %ymm0, %ymm1
-        vpsubw	%ymm3, %ymm2, %ymm3
         vpmulhw	%ymm15, %ymm8, %ymm0
         vpmulhw	%ymm15, %ymm9, %ymm2
         vpsraw	$10, %ymm0, %ymm0
@@ -8442,15 +8449,15 @@ L_pointwise_acc_mont_end_encap_v:
         vpmulhw	%ymm14, %ymm2, %ymm2
         vpsubw	%ymm0, %ymm1, %ymm1
         vpsubw	%ymm2, %ymm3, %ymm3
-        # 8: 2/2
-        vmovdqu	1472(%r15), %ymm10
-        vmovdqu	1504(%r15), %ymm12
-        vmovdqu	1536(%r15), %ymm11
-        vmovdqu	1568(%r15), %ymm13
-        vpunpcklqdq	%ymm1, %ymm8, %ymm0
-        vpunpckhqdq	%ymm1, %ymm8, %ymm1
-        vpunpcklqdq	%ymm3, %ymm9, %ymm2
-        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        # 4: 2/2
+        vmovdqu	1344(%rbx), %ymm10
+        vmovdqu	1376(%rbx), %ymm12
+        vmovdqu	1408(%rbx), %ymm11
+        vmovdqu	1440(%rbx), %ymm13
+        vpunpckldq	%ymm1, %ymm8, %ymm0
+        vpunpckhdq	%ymm1, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm9, %ymm2
+        vpunpckhdq	%ymm3, %ymm9, %ymm3
         vpaddw	%ymm1, %ymm0, %ymm8
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
@@ -8463,15 +8470,44 @@ L_pointwise_acc_mont_end_encap_v:
         vpmulhw	%ymm14, %ymm2, %ymm2
         vpsubw	%ymm0, %ymm1, %ymm1
         vpsubw	%ymm2, %ymm3, %ymm3
+        # 8: 2/2
+        vmovdqu	1472(%rbx), %ymm10
+        vmovdqu	1504(%rbx), %ymm12
+        vmovdqu	1536(%rbx), %ymm11
+        vmovdqu	1568(%rbx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpaddw	%ymm1, %ymm0, %ymm8
+        vpaddw	%ymm3, %ymm2, %ymm9
+        vpsubw	%ymm1, %ymm0, %ymm1
+        vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm1, %ymm0
+        vpmullw	%ymm13, %ymm3, %ymm2
+        vpmulhw	%ymm10, %ymm1, %ymm1
+        vpmulhw	%ymm11, %ymm3, %ymm3
+        vpmulhw	%ymm14, %ymm0, %ymm0
+        vpmulhw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm1, %ymm1
+        vpsubw	%ymm2, %ymm3, %ymm3
         # 16: 2/2
         vperm2i128	$32, %ymm1, %ymm8, %ymm0
-        vmovdqu	1600(%r15), %ymm10
+        vmovdqu	1600(%rbx), %ymm10
         vperm2i128	$49, %ymm1, %ymm8, %ymm1
-        vmovdqu	1632(%r15), %ymm12
+        vmovdqu	1632(%rbx), %ymm12
         vperm2i128	$32, %ymm3, %ymm9, %ymm2
-        vmovdqu	1664(%r15), %ymm11
+        vmovdqu	1664(%rbx), %ymm11
         vperm2i128	$49, %ymm3, %ymm9, %ymm3
-        vmovdqu	1696(%r15), %ymm13
+        vmovdqu	1696(%rbx), %ymm13
         vpsubw	%ymm1, %ymm0, %ymm8
         vpsubw	%ymm3, %ymm2, %ymm9
         vpaddw	%ymm1, %ymm0, %ymm0
@@ -8485,8 +8521,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsubw	%ymm1, %ymm8, %ymm1
         vpsubw	%ymm3, %ymm9, %ymm3
         # 32: 2/2
-        vmovdqu	1728(%r15), %ymm10
-        vmovdqu	1760(%r15), %ymm12
+        vmovdqu	1728(%rbx), %ymm10
+        vmovdqu	1760(%rbx), %ymm12
         vpaddw	%ymm2, %ymm0, %ymm8
         vpaddw	%ymm3, %ymm1, %ymm9
         vpsubw	%ymm2, %ymm0, %ymm2
@@ -8509,17 +8545,17 @@ L_pointwise_acc_mont_end_encap_v:
         vpsubw	%ymm9, %ymm3, %ymm3
         # 2: 2/2
         vperm2i128	$32, %ymm5, %ymm4, %ymm8
-        vmovdqu	1792(%r15), %ymm10
+        vmovdqu	1792(%rbx), %ymm10
         vperm2i128	$49, %ymm5, %ymm4, %ymm9
-        vmovdqu	1824(%r15), %ymm12
+        vmovdqu	1824(%rbx), %ymm12
         vpsllq	$32, %ymm9, %ymm4
         vpsrlq	$32, %ymm8, %ymm5
         vpblendd	$0xaa, %ymm4, %ymm8, %ymm4
         vpblendd	$0x55, %ymm5, %ymm9, %ymm5
         vperm2i128	$32, %ymm7, %ymm6, %ymm8
-        vmovdqu	1856(%r15), %ymm11
+        vmovdqu	1856(%rbx), %ymm11
         vperm2i128	$49, %ymm7, %ymm6, %ymm9
-        vmovdqu	1888(%r15), %ymm13
+        vmovdqu	1888(%rbx), %ymm13
         vpsllq	$32, %ymm9, %ymm6
         vpsrlq	$32, %ymm8, %ymm7
         vpblendd	$0xaa, %ymm6, %ymm8, %ymm6
@@ -8528,27 +8564,6 @@ L_pointwise_acc_mont_end_encap_v:
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
         vpsubw	%ymm7, %ymm6, %ymm7
-        vpmullw	%ymm12, %ymm5, %ymm4
-        vpmullw	%ymm13, %ymm7, %ymm6
-        vpmulhw	%ymm10, %ymm5, %ymm5
-        vpmulhw	%ymm11, %ymm7, %ymm7
-        vpmulhw	%ymm14, %ymm4, %ymm4
-        vpmulhw	%ymm14, %ymm6, %ymm6
-        vpsubw	%ymm4, %ymm5, %ymm5
-        vpsubw	%ymm6, %ymm7, %ymm7
-        # 4: 2/2
-        vmovdqu	1920(%r15), %ymm10
-        vmovdqu	1952(%r15), %ymm12
-        vmovdqu	1984(%r15), %ymm11
-        vmovdqu	2016(%r15), %ymm13
-        vpunpckldq	%ymm5, %ymm8, %ymm4
-        vpunpckhdq	%ymm5, %ymm8, %ymm5
-        vpunpckldq	%ymm7, %ymm9, %ymm6
-        vpunpckhdq	%ymm7, %ymm9, %ymm7
-        vpaddw	%ymm5, %ymm4, %ymm8
-        vpaddw	%ymm7, %ymm6, %ymm9
-        vpsubw	%ymm5, %ymm4, %ymm5
-        vpsubw	%ymm7, %ymm6, %ymm7
         vpmulhw	%ymm15, %ymm8, %ymm4
         vpmulhw	%ymm15, %ymm9, %ymm6
         vpsraw	$10, %ymm4, %ymm4
@@ -8565,15 +8580,15 @@ L_pointwise_acc_mont_end_encap_v:
         vpmulhw	%ymm14, %ymm6, %ymm6
         vpsubw	%ymm4, %ymm5, %ymm5
         vpsubw	%ymm6, %ymm7, %ymm7
-        # 8: 2/2
-        vmovdqu	2048(%r15), %ymm10
-        vmovdqu	2080(%r15), %ymm12
-        vmovdqu	2112(%r15), %ymm11
-        vmovdqu	2144(%r15), %ymm13
-        vpunpcklqdq	%ymm5, %ymm8, %ymm4
-        vpunpckhqdq	%ymm5, %ymm8, %ymm5
-        vpunpcklqdq	%ymm7, %ymm9, %ymm6
-        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        # 4: 2/2
+        vmovdqu	1920(%rbx), %ymm10
+        vmovdqu	1952(%rbx), %ymm12
+        vmovdqu	1984(%rbx), %ymm11
+        vmovdqu	2016(%rbx), %ymm13
+        vpunpckldq	%ymm5, %ymm8, %ymm4
+        vpunpckhdq	%ymm5, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm9, %ymm6
+        vpunpckhdq	%ymm7, %ymm9, %ymm7
         vpaddw	%ymm5, %ymm4, %ymm8
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
@@ -8586,15 +8601,44 @@ L_pointwise_acc_mont_end_encap_v:
         vpmulhw	%ymm14, %ymm6, %ymm6
         vpsubw	%ymm4, %ymm5, %ymm5
         vpsubw	%ymm6, %ymm7, %ymm7
+        # 8: 2/2
+        vmovdqu	2048(%rbx), %ymm10
+        vmovdqu	2080(%rbx), %ymm12
+        vmovdqu	2112(%rbx), %ymm11
+        vmovdqu	2144(%rbx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm5, %ymm4, %ymm8
+        vpaddw	%ymm7, %ymm6, %ymm9
+        vpsubw	%ymm5, %ymm4, %ymm5
+        vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
+        vpmullw	%ymm12, %ymm5, %ymm4
+        vpmullw	%ymm13, %ymm7, %ymm6
+        vpmulhw	%ymm10, %ymm5, %ymm5
+        vpmulhw	%ymm11, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm4, %ymm4
+        vpmulhw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm5, %ymm5
+        vpsubw	%ymm6, %ymm7, %ymm7
         # 16: 2/2
         vperm2i128	$32, %ymm5, %ymm8, %ymm4
-        vmovdqu	2176(%r15), %ymm10
+        vmovdqu	2176(%rbx), %ymm10
         vperm2i128	$49, %ymm5, %ymm8, %ymm5
-        vmovdqu	2208(%r15), %ymm12
+        vmovdqu	2208(%rbx), %ymm12
         vperm2i128	$32, %ymm7, %ymm9, %ymm6
-        vmovdqu	2240(%r15), %ymm11
+        vmovdqu	2240(%rbx), %ymm11
         vperm2i128	$49, %ymm7, %ymm9, %ymm7
-        vmovdqu	2272(%r15), %ymm13
+        vmovdqu	2272(%rbx), %ymm13
         vpsubw	%ymm5, %ymm4, %ymm8
         vpsubw	%ymm7, %ymm6, %ymm9
         vpaddw	%ymm5, %ymm4, %ymm4
@@ -8608,8 +8652,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsubw	%ymm5, %ymm8, %ymm5
         vpsubw	%ymm7, %ymm9, %ymm7
         # 32: 2/2
-        vmovdqu	2304(%r15), %ymm10
-        vmovdqu	2336(%r15), %ymm12
+        vmovdqu	2304(%rbx), %ymm10
+        vmovdqu	2336(%rbx), %ymm12
         vpaddw	%ymm6, %ymm4, %ymm8
         vpaddw	%ymm7, %ymm5, %ymm9
         vpsubw	%ymm6, %ymm4, %ymm6
@@ -8631,8 +8675,8 @@ L_pointwise_acc_mont_end_encap_v:
         vpsubw	%ymm8, %ymm6, %ymm6
         vpsubw	%ymm9, %ymm7, %ymm7
         # 64: 2/2
-        vmovdqu	2368(%r15), %ymm10
-        vmovdqu	2400(%r15), %ymm12
+        vmovdqu	2368(%rbx), %ymm10
+        vmovdqu	2400(%rbx), %ymm12
         vpsubw	%ymm4, %ymm0, %ymm8
         vpsubw	%ymm5, %ymm1, %ymm9
         vpaddw	%ymm4, %ymm0, %ymm0
@@ -8662,10 +8706,10 @@ L_pointwise_acc_mont_end_encap_v:
         vmovdqu	%ymm2, 320(%rdx)
         vmovdqu	%ymm3, 352(%rdx)
         # 128
-        vmovdqu	2432(%r15), %ymm10
-        vmovdqu	2464(%r15), %ymm12
-        vmovdqu	2496(%r15), %ymm11
-        vmovdqu	2528(%r15), %ymm13
+        vmovdqu	2432(%rbx), %ymm10
+        vmovdqu	2464(%rbx), %ymm12
+        vmovdqu	2496(%rbx), %ymm11
+        vmovdqu	2528(%rbx), %ymm13
         vmovdqu	128(%rdx), %ymm0
         vmovdqu	160(%rdx), %ymm1
         vmovdqu	192(%rdx), %ymm2
@@ -8682,18 +8726,26 @@ L_pointwise_acc_mont_end_encap_v:
         vpmulhw	%ymm14, %ymm5, %ymm5
         vpsubw	%ymm4, %ymm8, %ymm4
         vpsubw	%ymm5, %ymm9, %ymm5
-        vpsubw	%ymm6, %ymm2, %ymm8
-        vpsubw	%ymm7, %ymm3, %ymm9
-        vpaddw	%ymm6, %ymm2, %ymm2
-        vpaddw	%ymm7, %ymm3, %ymm3
-        vpmullw	%ymm12, %ymm8, %ymm6
-        vpmullw	%ymm12, %ymm9, %ymm7
-        vpmulhw	%ymm10, %ymm8, %ymm8
-        vpmulhw	%ymm10, %ymm9, %ymm9
-        vpmulhw	%ymm14, %ymm6, %ymm6
-        vpmulhw	%ymm14, %ymm7, %ymm7
-        vpsubw	%ymm6, %ymm8, %ymm6
-        vpsubw	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm7, %ymm3, %ymm9
+        vpsubw	%ymm6, %ymm2, %ymm6
+        vpsubw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm2
+        vpmulhw	%ymm15, %ymm9, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm8, %ymm2
+        vpsubw	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
         vpmullw	%ymm13, %ymm0, %ymm8
         vpmullw	%ymm13, %ymm1, %ymm9
         vpmulhw	%ymm11, %ymm0, %ymm0
@@ -8754,18 +8806,26 @@ L_pointwise_acc_mont_end_encap_v:
         vpmulhw	%ymm14, %ymm5, %ymm5
         vpsubw	%ymm4, %ymm8, %ymm4
         vpsubw	%ymm5, %ymm9, %ymm5
-        vpsubw	%ymm6, %ymm2, %ymm8
-        vpsubw	%ymm7, %ymm3, %ymm9
-        vpaddw	%ymm6, %ymm2, %ymm2
-        vpaddw	%ymm7, %ymm3, %ymm3
-        vpmullw	%ymm12, %ymm8, %ymm6
-        vpmullw	%ymm12, %ymm9, %ymm7
-        vpmulhw	%ymm10, %ymm8, %ymm8
-        vpmulhw	%ymm10, %ymm9, %ymm9
-        vpmulhw	%ymm14, %ymm6, %ymm6
-        vpmulhw	%ymm14, %ymm7, %ymm7
-        vpsubw	%ymm6, %ymm8, %ymm6
-        vpsubw	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm7, %ymm3, %ymm9
+        vpsubw	%ymm6, %ymm2, %ymm6
+        vpsubw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm2
+        vpmulhw	%ymm15, %ymm9, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm8, %ymm2
+        vpsubw	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
         vpmullw	%ymm13, %ymm0, %ymm8
         vpmullw	%ymm13, %ymm1, %ymm9
         vpmulhw	%ymm11, %ymm0, %ymm0
@@ -8807,79 +8867,22 @@ L_pointwise_acc_mont_end_encap_v:
         vmovdqu	%ymm6, 320(%rdx)
         vmovdqu	%ymm7, 352(%rdx)
         # Add Errors
-        vmovdqu	(%rdx), %ymm0
-        vmovdqu	32(%rdx), %ymm1
-        vmovdqu	64(%rdx), %ymm2
-        vmovdqu	96(%rdx), %ymm3
+        vmovdqu	(%r10), %ymm0
+        vmovdqu	32(%r10), %ymm1
+        vmovdqu	64(%r10), %ymm2
+        vmovdqu	96(%r10), %ymm3
         vmovdqu	(%rax), %ymm4
         vmovdqu	32(%rax), %ymm5
         vmovdqu	64(%rax), %ymm6
         vmovdqu	96(%rax), %ymm7
-        vpaddw	%ymm4, %ymm0, %ymm0
-        vpaddw	%ymm5, %ymm1, %ymm1
-        vpaddw	%ymm6, %ymm2, %ymm2
-        vpaddw	%ymm7, %ymm3, %ymm3
-        vmovdqu	%ymm0, (%rdx)
-        vmovdqu	%ymm1, 32(%rdx)
-        vmovdqu	%ymm2, 64(%rdx)
-        vmovdqu	%ymm3, 96(%rdx)
-        vmovdqu	128(%rdx), %ymm0
-        vmovdqu	160(%rdx), %ymm1
-        vmovdqu	192(%rdx), %ymm2
-        vmovdqu	224(%rdx), %ymm3
-        vmovdqu	128(%rax), %ymm4
-        vmovdqu	160(%rax), %ymm5
-        vmovdqu	192(%rax), %ymm6
-        vmovdqu	224(%rax), %ymm7
-        vpaddw	%ymm4, %ymm0, %ymm0
-        vpaddw	%ymm5, %ymm1, %ymm1
-        vpaddw	%ymm6, %ymm2, %ymm2
-        vpaddw	%ymm7, %ymm3, %ymm3
-        vmovdqu	%ymm0, 128(%rdx)
-        vmovdqu	%ymm1, 160(%rdx)
-        vmovdqu	%ymm2, 192(%rdx)
-        vmovdqu	%ymm3, 224(%rdx)
-        vmovdqu	256(%rdx), %ymm0
-        vmovdqu	288(%rdx), %ymm1
-        vmovdqu	320(%rdx), %ymm2
-        vmovdqu	352(%rdx), %ymm3
-        vmovdqu	256(%rax), %ymm4
-        vmovdqu	288(%rax), %ymm5
-        vmovdqu	320(%rax), %ymm6
-        vmovdqu	352(%rax), %ymm7
-        vpaddw	%ymm4, %ymm0, %ymm0
-        vpaddw	%ymm5, %ymm1, %ymm1
-        vpaddw	%ymm6, %ymm2, %ymm2
-        vpaddw	%ymm7, %ymm3, %ymm3
-        vmovdqu	%ymm0, 256(%rdx)
-        vmovdqu	%ymm1, 288(%rdx)
-        vmovdqu	%ymm2, 320(%rdx)
-        vmovdqu	%ymm3, 352(%rdx)
-        vmovdqu	384(%rdx), %ymm0
-        vmovdqu	416(%rdx), %ymm1
-        vmovdqu	448(%rdx), %ymm2
-        vmovdqu	480(%rdx), %ymm3
-        vmovdqu	384(%rax), %ymm4
-        vmovdqu	416(%rax), %ymm5
-        vmovdqu	448(%rax), %ymm6
-        vmovdqu	480(%rax), %ymm7
-        vpaddw	%ymm4, %ymm0, %ymm0
-        vpaddw	%ymm5, %ymm1, %ymm1
-        vpaddw	%ymm6, %ymm2, %ymm2
-        vpaddw	%ymm7, %ymm3, %ymm3
-        vmovdqu	%ymm0, 384(%rdx)
-        vmovdqu	%ymm1, 416(%rdx)
-        vmovdqu	%ymm2, 448(%rdx)
-        vmovdqu	%ymm3, 480(%rdx)
-        # Add Errors
+        vpaddw	%ymm0, %ymm4, %ymm4
+        vpaddw	%ymm1, %ymm5, %ymm5
+        vpaddw	%ymm2, %ymm6, %ymm6
+        vpaddw	%ymm3, %ymm7, %ymm7
         vmovdqu	(%rdx), %ymm0
         vmovdqu	32(%rdx), %ymm1
         vmovdqu	64(%rdx), %ymm2
         vmovdqu	96(%rdx), %ymm3
-        vmovdqu	(%r10), %ymm4
-        vmovdqu	32(%r10), %ymm5
-        vmovdqu	64(%r10), %ymm6
-        vmovdqu	96(%r10), %ymm7
         vpaddw	%ymm4, %ymm0, %ymm4
         vpaddw	%ymm5, %ymm1, %ymm5
         vpmulhw	%ymm15, %ymm4, %ymm0
@@ -8904,14 +8907,22 @@ L_pointwise_acc_mont_end_encap_v:
         vmovdqu	%ymm1, 32(%rdx)
         vmovdqu	%ymm2, 64(%rdx)
         vmovdqu	%ymm3, 96(%rdx)
+        vmovdqu	128(%r10), %ymm0
+        vmovdqu	160(%r10), %ymm1
+        vmovdqu	192(%r10), %ymm2
+        vmovdqu	224(%r10), %ymm3
+        vmovdqu	128(%rax), %ymm4
+        vmovdqu	160(%rax), %ymm5
+        vmovdqu	192(%rax), %ymm6
+        vmovdqu	224(%rax), %ymm7
+        vpaddw	%ymm0, %ymm4, %ymm4
+        vpaddw	%ymm1, %ymm5, %ymm5
+        vpaddw	%ymm2, %ymm6, %ymm6
+        vpaddw	%ymm3, %ymm7, %ymm7
         vmovdqu	128(%rdx), %ymm0
         vmovdqu	160(%rdx), %ymm1
         vmovdqu	192(%rdx), %ymm2
         vmovdqu	224(%rdx), %ymm3
-        vmovdqu	128(%r10), %ymm4
-        vmovdqu	160(%r10), %ymm5
-        vmovdqu	192(%r10), %ymm6
-        vmovdqu	224(%r10), %ymm7
         vpaddw	%ymm4, %ymm0, %ymm4
         vpaddw	%ymm5, %ymm1, %ymm5
         vpmulhw	%ymm15, %ymm4, %ymm0
@@ -8936,14 +8947,22 @@ L_pointwise_acc_mont_end_encap_v:
         vmovdqu	%ymm1, 160(%rdx)
         vmovdqu	%ymm2, 192(%rdx)
         vmovdqu	%ymm3, 224(%rdx)
+        vmovdqu	256(%r10), %ymm0
+        vmovdqu	288(%r10), %ymm1
+        vmovdqu	320(%r10), %ymm2
+        vmovdqu	352(%r10), %ymm3
+        vmovdqu	256(%rax), %ymm4
+        vmovdqu	288(%rax), %ymm5
+        vmovdqu	320(%rax), %ymm6
+        vmovdqu	352(%rax), %ymm7
+        vpaddw	%ymm0, %ymm4, %ymm4
+        vpaddw	%ymm1, %ymm5, %ymm5
+        vpaddw	%ymm2, %ymm6, %ymm6
+        vpaddw	%ymm3, %ymm7, %ymm7
         vmovdqu	256(%rdx), %ymm0
         vmovdqu	288(%rdx), %ymm1
         vmovdqu	320(%rdx), %ymm2
         vmovdqu	352(%rdx), %ymm3
-        vmovdqu	256(%r10), %ymm4
-        vmovdqu	288(%r10), %ymm5
-        vmovdqu	320(%r10), %ymm6
-        vmovdqu	352(%r10), %ymm7
         vpaddw	%ymm4, %ymm0, %ymm4
         vpaddw	%ymm5, %ymm1, %ymm5
         vpmulhw	%ymm15, %ymm4, %ymm0
@@ -8968,14 +8987,22 @@ L_pointwise_acc_mont_end_encap_v:
         vmovdqu	%ymm1, 288(%rdx)
         vmovdqu	%ymm2, 320(%rdx)
         vmovdqu	%ymm3, 352(%rdx)
+        vmovdqu	384(%r10), %ymm0
+        vmovdqu	416(%r10), %ymm1
+        vmovdqu	448(%r10), %ymm2
+        vmovdqu	480(%r10), %ymm3
+        vmovdqu	384(%rax), %ymm4
+        vmovdqu	416(%rax), %ymm5
+        vmovdqu	448(%rax), %ymm6
+        vmovdqu	480(%rax), %ymm7
+        vpaddw	%ymm0, %ymm4, %ymm4
+        vpaddw	%ymm1, %ymm5, %ymm5
+        vpaddw	%ymm2, %ymm6, %ymm6
+        vpaddw	%ymm3, %ymm7, %ymm7
         vmovdqu	384(%rdx), %ymm0
         vmovdqu	416(%rdx), %ymm1
         vmovdqu	448(%rdx), %ymm2
         vmovdqu	480(%rdx), %ymm3
-        vmovdqu	384(%r10), %ymm4
-        vmovdqu	416(%r10), %ymm5
-        vmovdqu	448(%r10), %ymm6
-        vmovdqu	480(%r10), %ymm7
         vpaddw	%ymm4, %ymm0, %ymm4
         vpaddw	%ymm5, %ymm1, %ymm5
         vpmulhw	%ymm15, %ymm4, %ymm0
@@ -9002,33 +9029,34 @@ L_pointwise_acc_mont_end_encap_v:
         vmovdqu	%ymm3, 480(%rdx)
         vzeroupper
         addq	$48, %rsp
+        popq	%rbx
         popq	%r15
         popq	%r14
         popq	%r13
         popq	%r12
         repz retq
 #ifndef __APPLE__
-.size	kyber_encapsulate_avx2,.-kyber_encapsulate_avx2
+.size	mlkem_encapsulate_avx2,.-mlkem_encapsulate_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .text
-.globl	kyber_decapsulate_avx2
-.type	kyber_decapsulate_avx2,@function
+.globl	mlkem_decapsulate_avx2
+.type	mlkem_decapsulate_avx2,@function
 .align	16
-kyber_decapsulate_avx2:
+mlkem_decapsulate_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_decapsulate_avx2
+.globl	_mlkem_decapsulate_avx2
 .p2align	4
-_kyber_decapsulate_avx2:
+_mlkem_decapsulate_avx2:
 #endif /* __APPLE__ */
-        vmovdqu	kyber_q(%rip), %ymm14
-        vmovdqu	kyber_v(%rip), %ymm15
-        movq	%r8, %rax
+        vmovdqu	mlkem_q(%rip), %ymm14
+        vmovdqu	mlkem_v(%rip), %ymm15
+        movslq	%r8d, %rax
         movq	%rdx, %r9
-L_kyber_decapsulate_avx2_trans:
+L_mlkem_decapsulate_avx2_trans:
         # ntt
-        leaq	L_kyber_avx2_zetas(%rip), %r10
+        leaq	L_mlkem_avx2_zetas(%rip), %r10
         vmovdqu	(%r10), %ymm10
         vmovdqu	32(%r10), %ymm12
         vmovdqu	128(%r9), %ymm0
@@ -9683,12 +9711,12 @@ L_kyber_decapsulate_avx2_trans:
         vmovdqu	%ymm9, 480(%r9)
         addq	$0x200, %r9
         subq	$0x01, %rax
-        jg	L_kyber_decapsulate_avx2_trans
-        vmovdqu	kyber_qinv(%rip), %ymm12
+        jg	L_mlkem_decapsulate_avx2_trans
+        vmovdqu	mlkem_qinv(%rip), %ymm12
         # Pointwise acc mont
-        movq	%r8, %rax
+        movslq	%r8d, %rax
         # Base mul mont
-        leaq	L_kyber_avx2_zetas_basemul(%rip), %r10
+        leaq	L_mlkem_avx2_zetas_basemul(%rip), %r10
         vmovdqu	(%rdi), %ymm2
         vmovdqu	32(%rdi), %ymm3
         vpslld	$16, %ymm3, %ymm6
@@ -10047,7 +10075,7 @@ L_kyber_decapsulate_avx2_trans:
         jz	L_pointwise_acc_mont_end_decap
 L_pointwise_acc_mont_start_decap:
         # Base mul mont add
-        leaq	L_kyber_avx2_zetas_basemul(%rip), %r10
+        leaq	L_mlkem_avx2_zetas_basemul(%rip), %r10
         vmovdqu	(%rdi), %ymm2
         vmovdqu	32(%rdi), %ymm3
         vpslld	$16, %ymm3, %ymm6
@@ -10438,7 +10466,7 @@ L_pointwise_acc_mont_start_decap:
         jg	L_pointwise_acc_mont_start_decap
 L_pointwise_acc_mont_end_decap:
         # Base mul mont add
-        leaq	L_kyber_avx2_zetas_basemul(%rip), %r10
+        leaq	L_mlkem_avx2_zetas_basemul(%rip), %r10
         vmovdqu	(%rdi), %ymm2
         vmovdqu	32(%rdi), %ymm3
         vpslld	$16, %ymm3, %ymm6
@@ -10856,12 +10884,8 @@ L_pointwise_acc_mont_end_decap:
         vmovdqu	%ymm0, 448(%rsi)
         vmovdqu	%ymm1, 480(%rsi)
         addq	$0x200, %rdi
-        addq	$0x200, %rdx
-        movq	%r8, %rax
-        shl	$9, %eax
-        subq	%rax, %rdx
         # invntt
-        leaq	L_kyber_avx2_zetas_inv(%rip), %r10
+        leaq	L_mlkem_avx2_zetas_inv(%rip), %r10
         vmovdqu	(%rsi), %ymm0
         vmovdqu	32(%rsi), %ymm1
         vmovdqu	64(%rsi), %ymm2
@@ -10891,6 +10915,14 @@ L_pointwise_acc_mont_end_decap:
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
         vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
         vpmullw	%ymm12, %ymm1, %ymm0
         vpmullw	%ymm13, %ymm3, %ymm2
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -10912,14 +10944,6 @@ L_pointwise_acc_mont_end_decap:
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
         vpsubw	%ymm3, %ymm2, %ymm3
-        vpmulhw	%ymm15, %ymm8, %ymm0
-        vpmulhw	%ymm15, %ymm9, %ymm2
-        vpsraw	$10, %ymm0, %ymm0
-        vpsraw	$10, %ymm2, %ymm2
-        vpmullw	%ymm14, %ymm0, %ymm0
-        vpmullw	%ymm14, %ymm2, %ymm2
-        vpsubw	%ymm0, %ymm8, %ymm8
-        vpsubw	%ymm2, %ymm9, %ymm9
         vpmullw	%ymm12, %ymm1, %ymm0
         vpmullw	%ymm13, %ymm3, %ymm2
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -10941,6 +10965,14 @@ L_pointwise_acc_mont_end_decap:
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
         vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
         vpmullw	%ymm12, %ymm1, %ymm0
         vpmullw	%ymm13, %ymm3, %ymm2
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -11014,6 +11046,14 @@ L_pointwise_acc_mont_end_decap:
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
         vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
         vpmullw	%ymm12, %ymm5, %ymm4
         vpmullw	%ymm13, %ymm7, %ymm6
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -11035,14 +11075,6 @@ L_pointwise_acc_mont_end_decap:
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
         vpsubw	%ymm7, %ymm6, %ymm7
-        vpmulhw	%ymm15, %ymm8, %ymm4
-        vpmulhw	%ymm15, %ymm9, %ymm6
-        vpsraw	$10, %ymm4, %ymm4
-        vpsraw	$10, %ymm6, %ymm6
-        vpmullw	%ymm14, %ymm4, %ymm4
-        vpmullw	%ymm14, %ymm6, %ymm6
-        vpsubw	%ymm4, %ymm8, %ymm8
-        vpsubw	%ymm6, %ymm9, %ymm9
         vpmullw	%ymm12, %ymm5, %ymm4
         vpmullw	%ymm13, %ymm7, %ymm6
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -11064,6 +11096,14 @@ L_pointwise_acc_mont_end_decap:
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
         vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
         vpmullw	%ymm12, %ymm5, %ymm4
         vpmullw	%ymm13, %ymm7, %ymm6
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -11180,6 +11220,14 @@ L_pointwise_acc_mont_end_decap:
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
         vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
         vpmullw	%ymm12, %ymm1, %ymm0
         vpmullw	%ymm13, %ymm3, %ymm2
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -11201,14 +11249,6 @@ L_pointwise_acc_mont_end_decap:
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
         vpsubw	%ymm3, %ymm2, %ymm3
-        vpmulhw	%ymm15, %ymm8, %ymm0
-        vpmulhw	%ymm15, %ymm9, %ymm2
-        vpsraw	$10, %ymm0, %ymm0
-        vpsraw	$10, %ymm2, %ymm2
-        vpmullw	%ymm14, %ymm0, %ymm0
-        vpmullw	%ymm14, %ymm2, %ymm2
-        vpsubw	%ymm0, %ymm8, %ymm8
-        vpsubw	%ymm2, %ymm9, %ymm9
         vpmullw	%ymm12, %ymm1, %ymm0
         vpmullw	%ymm13, %ymm3, %ymm2
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -11230,6 +11270,14 @@ L_pointwise_acc_mont_end_decap:
         vpaddw	%ymm3, %ymm2, %ymm9
         vpsubw	%ymm1, %ymm0, %ymm1
         vpsubw	%ymm3, %ymm2, %ymm3
+        vpmulhw	%ymm15, %ymm8, %ymm0
+        vpmulhw	%ymm15, %ymm9, %ymm2
+        vpsraw	$10, %ymm0, %ymm0
+        vpsraw	$10, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm0, %ymm0
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm8, %ymm8
+        vpsubw	%ymm2, %ymm9, %ymm9
         vpmullw	%ymm12, %ymm1, %ymm0
         vpmullw	%ymm13, %ymm3, %ymm2
         vpmulhw	%ymm10, %ymm1, %ymm1
@@ -11303,6 +11351,14 @@ L_pointwise_acc_mont_end_decap:
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
         vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
         vpmullw	%ymm12, %ymm5, %ymm4
         vpmullw	%ymm13, %ymm7, %ymm6
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -11324,14 +11380,6 @@ L_pointwise_acc_mont_end_decap:
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
         vpsubw	%ymm7, %ymm6, %ymm7
-        vpmulhw	%ymm15, %ymm8, %ymm4
-        vpmulhw	%ymm15, %ymm9, %ymm6
-        vpsraw	$10, %ymm4, %ymm4
-        vpsraw	$10, %ymm6, %ymm6
-        vpmullw	%ymm14, %ymm4, %ymm4
-        vpmullw	%ymm14, %ymm6, %ymm6
-        vpsubw	%ymm4, %ymm8, %ymm8
-        vpsubw	%ymm6, %ymm9, %ymm9
         vpmullw	%ymm12, %ymm5, %ymm4
         vpmullw	%ymm13, %ymm7, %ymm6
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -11353,6 +11401,14 @@ L_pointwise_acc_mont_end_decap:
         vpaddw	%ymm7, %ymm6, %ymm9
         vpsubw	%ymm5, %ymm4, %ymm5
         vpsubw	%ymm7, %ymm6, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm4
+        vpmulhw	%ymm15, %ymm9, %ymm6
+        vpsraw	$10, %ymm4, %ymm4
+        vpsraw	$10, %ymm6, %ymm6
+        vpmullw	%ymm14, %ymm4, %ymm4
+        vpmullw	%ymm14, %ymm6, %ymm6
+        vpsubw	%ymm4, %ymm8, %ymm8
+        vpsubw	%ymm6, %ymm9, %ymm9
         vpmullw	%ymm12, %ymm5, %ymm4
         vpmullw	%ymm13, %ymm7, %ymm6
         vpmulhw	%ymm10, %ymm5, %ymm5
@@ -11457,18 +11513,26 @@ L_pointwise_acc_mont_end_decap:
         vpmulhw	%ymm14, %ymm5, %ymm5
         vpsubw	%ymm4, %ymm8, %ymm4
         vpsubw	%ymm5, %ymm9, %ymm5
-        vpsubw	%ymm6, %ymm2, %ymm8
-        vpsubw	%ymm7, %ymm3, %ymm9
-        vpaddw	%ymm6, %ymm2, %ymm2
-        vpaddw	%ymm7, %ymm3, %ymm3
-        vpmullw	%ymm12, %ymm8, %ymm6
-        vpmullw	%ymm12, %ymm9, %ymm7
-        vpmulhw	%ymm10, %ymm8, %ymm8
-        vpmulhw	%ymm10, %ymm9, %ymm9
-        vpmulhw	%ymm14, %ymm6, %ymm6
-        vpmulhw	%ymm14, %ymm7, %ymm7
-        vpsubw	%ymm6, %ymm8, %ymm6
-        vpsubw	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm7, %ymm3, %ymm9
+        vpsubw	%ymm6, %ymm2, %ymm6
+        vpsubw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm2
+        vpmulhw	%ymm15, %ymm9, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm8, %ymm2
+        vpsubw	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
         vpmullw	%ymm13, %ymm0, %ymm8
         vpmullw	%ymm13, %ymm1, %ymm9
         vpmulhw	%ymm11, %ymm0, %ymm0
@@ -11529,18 +11593,26 @@ L_pointwise_acc_mont_end_decap:
         vpmulhw	%ymm14, %ymm5, %ymm5
         vpsubw	%ymm4, %ymm8, %ymm4
         vpsubw	%ymm5, %ymm9, %ymm5
-        vpsubw	%ymm6, %ymm2, %ymm8
-        vpsubw	%ymm7, %ymm3, %ymm9
-        vpaddw	%ymm6, %ymm2, %ymm2
-        vpaddw	%ymm7, %ymm3, %ymm3
-        vpmullw	%ymm12, %ymm8, %ymm6
-        vpmullw	%ymm12, %ymm9, %ymm7
-        vpmulhw	%ymm10, %ymm8, %ymm8
-        vpmulhw	%ymm10, %ymm9, %ymm9
-        vpmulhw	%ymm14, %ymm6, %ymm6
-        vpmulhw	%ymm14, %ymm7, %ymm7
-        vpsubw	%ymm6, %ymm8, %ymm6
-        vpsubw	%ymm7, %ymm9, %ymm7
+        vpaddw	%ymm6, %ymm2, %ymm8
+        vpaddw	%ymm7, %ymm3, %ymm9
+        vpsubw	%ymm6, %ymm2, %ymm6
+        vpsubw	%ymm7, %ymm3, %ymm7
+        vpmulhw	%ymm15, %ymm8, %ymm2
+        vpmulhw	%ymm15, %ymm9, %ymm3
+        vpsraw	$10, %ymm2, %ymm2
+        vpsraw	$10, %ymm3, %ymm3
+        vpmullw	%ymm14, %ymm2, %ymm2
+        vpmullw	%ymm14, %ymm3, %ymm3
+        vpsubw	%ymm2, %ymm8, %ymm2
+        vpsubw	%ymm3, %ymm9, %ymm3
+        vpmullw	%ymm12, %ymm6, %ymm8
+        vpmullw	%ymm12, %ymm7, %ymm9
+        vpmulhw	%ymm10, %ymm6, %ymm6
+        vpmulhw	%ymm10, %ymm7, %ymm7
+        vpmulhw	%ymm14, %ymm8, %ymm8
+        vpmulhw	%ymm14, %ymm9, %ymm9
+        vpsubw	%ymm8, %ymm6, %ymm6
+        vpsubw	%ymm9, %ymm7, %ymm7
         vpmullw	%ymm13, %ymm0, %ymm8
         vpmullw	%ymm13, %ymm1, %ymm9
         vpmulhw	%ymm11, %ymm0, %ymm0
@@ -11713,21 +11785,21 @@ L_pointwise_acc_mont_end_decap:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_decapsulate_avx2,.-kyber_decapsulate_avx2
+.size	mlkem_decapsulate_avx2,.-mlkem_decapsulate_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .text
-.globl	kyber_csubq_avx2
-.type	kyber_csubq_avx2,@function
+.globl	mlkem_csubq_avx2
+.type	mlkem_csubq_avx2,@function
 .align	16
-kyber_csubq_avx2:
+mlkem_csubq_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_csubq_avx2
+.globl	_mlkem_csubq_avx2
 .p2align	4
-_kyber_csubq_avx2:
+_mlkem_csubq_avx2:
 #endif /* __APPLE__ */
-        vmovdqu	kyber_q(%rip), %ymm12
+        vmovdqu	mlkem_q(%rip), %ymm12
         vmovdqu	(%rdi), %ymm0
         vmovdqu	32(%rdi), %ymm1
         vmovdqu	64(%rdi), %ymm2
@@ -11827,7 +11899,7 @@ _kyber_csubq_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_csubq_avx2,.-kyber_csubq_avx2
+.size	mlkem_csubq_avx2,.-mlkem_csubq_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -11839,7 +11911,7 @@ _kyber_csubq_avx2:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_rej_idx:
+L_mlkem_rej_idx:
 .quad	0xffffffffffffffff,0xffffffffffffff00
 .quad	0xffffffffffffff02,0xffffffffffff0200
 .quad	0xffffffffffffff04,0xffffffffffff0400
@@ -11978,7 +12050,7 @@ L_kyber_rej_idx:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_rej_q:
+L_mlkem_rej_q:
 .quad	0xd010d010d010d01, 0xd010d010d010d01
 .quad	0xd010d010d010d01, 0xd010d010d010d01
 #ifndef __APPLE__
@@ -11991,7 +12063,7 @@ L_kyber_rej_q:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_rej_ones:
+L_mlkem_rej_ones:
 .quad	0x101010101010101, 0x101010101010101
 .quad	0x101010101010101, 0x101010101010101
 #ifndef __APPLE__
@@ -12004,7 +12076,7 @@ L_kyber_rej_ones:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_rej_mask:
+L_mlkem_rej_mask:
 .quad	0xfff0fff0fff0fff, 0xfff0fff0fff0fff
 .quad	0xfff0fff0fff0fff, 0xfff0fff0fff0fff
 #ifndef __APPLE__
@@ -12017,20 +12089,20 @@ L_kyber_rej_mask:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_rej_shuffle:
+L_mlkem_rej_shuffle:
 .quad	0x504040302010100, 0xb0a0a0908070706
 .quad	0x908080706050504, 0xf0e0e0d0c0b0b0a
 #ifndef __APPLE__
 .text
-.globl	kyber_rej_uniform_n_avx2
-.type	kyber_rej_uniform_n_avx2,@function
+.globl	mlkem_rej_uniform_n_avx2
+.type	mlkem_rej_uniform_n_avx2,@function
 .align	16
-kyber_rej_uniform_n_avx2:
+mlkem_rej_uniform_n_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_rej_uniform_n_avx2
+.globl	_mlkem_rej_uniform_n_avx2
 .p2align	4
-_kyber_rej_uniform_n_avx2:
+_mlkem_rej_uniform_n_avx2:
 #endif /* __APPLE__ */
         pushq	%rbx
         pushq	%r12
@@ -12040,11 +12112,11 @@ _kyber_rej_uniform_n_avx2:
         pushq	%rbp
         movq	%rcx, %r8
         movl	%esi, %eax
-        vmovdqu	L_kyber_rej_q(%rip), %ymm6
-        vmovdqu	L_kyber_rej_ones(%rip), %ymm7
-        vmovdqu	L_kyber_rej_mask(%rip), %ymm8
-        vmovdqu	L_kyber_rej_shuffle(%rip), %ymm9
-        leaq	L_kyber_rej_idx(%rip), %r9
+        vmovdqu	L_mlkem_rej_q(%rip), %ymm6
+        vmovdqu	L_mlkem_rej_ones(%rip), %ymm7
+        vmovdqu	L_mlkem_rej_mask(%rip), %ymm8
+        vmovdqu	L_mlkem_rej_shuffle(%rip), %ymm9
+        leaq	L_mlkem_rej_idx(%rip), %r9
         movq	$0x1111111111111111, %r14
         movq	$0xe0c0a0806040200, %rbp
         movq	$0x101010101010101, %r13
@@ -12477,7 +12549,7 @@ _kyber_rej_uniform_n_avx2:
         subl	%r12d, %esi
         addq	$0x150, %rdx
         subl	$0x150, %r8d
-L_kyber_rej_uniform_n_avx2_start_256:
+L_mlkem_rej_uniform_n_avx2_start_256:
         vpermq	$0x94, (%rdx), %ymm0
         vpermq	$0x94, 24(%rdx), %ymm1
         vpshufb	%ymm9, %ymm0, %ymm0
@@ -12542,15 +12614,15 @@ L_kyber_rej_uniform_n_avx2_start_256:
         addq	$48, %rdx
         subl	$48, %r8d
         cmpl	$48, %r8d
-        jl	L_kyber_rej_uniform_n_avx2_done_256
+        jl	L_mlkem_rej_uniform_n_avx2_done_256
         cmpl	$32, %esi
-        jge	L_kyber_rej_uniform_n_avx2_start_256
-L_kyber_rej_uniform_n_avx2_done_256:
+        jge	L_mlkem_rej_uniform_n_avx2_start_256
+L_mlkem_rej_uniform_n_avx2_done_256:
         cmpl	$8, %esi
-        jl	L_kyber_rej_uniform_n_avx2_done_128
+        jl	L_mlkem_rej_uniform_n_avx2_done_128
         cmpl	$12, %r8d
-        jl	L_kyber_rej_uniform_n_avx2_done_128
-L_kyber_rej_uniform_n_avx2_start_128:
+        jl	L_mlkem_rej_uniform_n_avx2_done_128
+L_mlkem_rej_uniform_n_avx2_start_128:
         vmovdqu	(%rdx), %xmm0
         vpshufb	%xmm9, %xmm0, %xmm0
         vpsrlw	$4, %xmm0, %xmm2
@@ -12571,58 +12643,58 @@ L_kyber_rej_uniform_n_avx2_start_128:
         addq	$12, %rdx
         subl	$12, %r8d
         cmpl	$12, %r8d
-        jl	L_kyber_rej_uniform_n_avx2_done_128
+        jl	L_mlkem_rej_uniform_n_avx2_done_128
         cmpl	$8, %esi
-        jge	L_kyber_rej_uniform_n_avx2_start_128
-L_kyber_rej_uniform_n_avx2_done_128:
+        jge	L_mlkem_rej_uniform_n_avx2_start_128
+L_mlkem_rej_uniform_n_avx2_done_128:
         cmpl	$0x00, %r8d
-        je	L_kyber_rej_uniform_n_avx2_done_64
+        je	L_mlkem_rej_uniform_n_avx2_done_64
         cmpl	$0x00, %esi
-        je	L_kyber_rej_uniform_n_avx2_done_64
+        je	L_mlkem_rej_uniform_n_avx2_done_64
         movq	$0xfff0fff0fff0fff, %r15
         movq	$0x2000200020002000, %r10
         movq	$0xd010d010d010d01, %r11
         movq	$0x1000100010001000, %r12
-L_kyber_rej_uniform_n_avx2_start_64:
+L_mlkem_rej_uniform_n_avx2_start_64:
         movq	(%rdx), %rcx
         pdepq	%r15, %rcx, %rcx
         cmpw	$0xd01, %cx
-        jge	L_kyber_rej_uniform_0_avx2_rej_large_0
+        jge	L_mlkem_rej_uniform_0_avx2_rej_large_0
         movw	%cx, (%rdi)
         addq	$2, %rdi
         subl	$0x01, %esi
-        je	L_kyber_rej_uniform_n_avx2_done_64
-L_kyber_rej_uniform_0_avx2_rej_large_0:
+        je	L_mlkem_rej_uniform_n_avx2_done_64
+L_mlkem_rej_uniform_0_avx2_rej_large_0:
         shrq	$16, %rcx
         cmpw	$0xd01, %cx
-        jge	L_kyber_rej_uniform_0_avx2_rej_large_1
+        jge	L_mlkem_rej_uniform_0_avx2_rej_large_1
         movw	%cx, (%rdi)
         addq	$2, %rdi
         subl	$0x01, %esi
-        je	L_kyber_rej_uniform_n_avx2_done_64
-L_kyber_rej_uniform_0_avx2_rej_large_1:
+        je	L_mlkem_rej_uniform_n_avx2_done_64
+L_mlkem_rej_uniform_0_avx2_rej_large_1:
         shrq	$16, %rcx
         cmpw	$0xd01, %cx
-        jge	L_kyber_rej_uniform_0_avx2_rej_large_2
+        jge	L_mlkem_rej_uniform_0_avx2_rej_large_2
         movw	%cx, (%rdi)
         addq	$2, %rdi
         subl	$0x01, %esi
-        je	L_kyber_rej_uniform_n_avx2_done_64
-L_kyber_rej_uniform_0_avx2_rej_large_2:
+        je	L_mlkem_rej_uniform_n_avx2_done_64
+L_mlkem_rej_uniform_0_avx2_rej_large_2:
         shrq	$16, %rcx
         cmpw	$0xd01, %cx
-        jge	L_kyber_rej_uniform_0_avx2_rej_large_3
+        jge	L_mlkem_rej_uniform_0_avx2_rej_large_3
         movw	%cx, (%rdi)
         addq	$2, %rdi
         subl	$0x01, %esi
-        je	L_kyber_rej_uniform_n_avx2_done_64
-L_kyber_rej_uniform_0_avx2_rej_large_3:
+        je	L_mlkem_rej_uniform_n_avx2_done_64
+L_mlkem_rej_uniform_0_avx2_rej_large_3:
         addq	$6, %rdx
         subl	$6, %r8d
-        jle	L_kyber_rej_uniform_n_avx2_done_64
+        jle	L_mlkem_rej_uniform_n_avx2_done_64
         cmpl	$0x00, %esi
-        jg	L_kyber_rej_uniform_n_avx2_start_64
-L_kyber_rej_uniform_n_avx2_done_64:
+        jg	L_mlkem_rej_uniform_n_avx2_start_64
+L_mlkem_rej_uniform_n_avx2_done_64:
         vzeroupper
         subl	%esi, %eax
         popq	%rbp
@@ -12633,19 +12705,19 @@ L_kyber_rej_uniform_n_avx2_done_64:
         popq	%rbx
         repz retq
 #ifndef __APPLE__
-.size	kyber_rej_uniform_n_avx2,.-kyber_rej_uniform_n_avx2
+.size	mlkem_rej_uniform_n_avx2,.-mlkem_rej_uniform_n_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .text
-.globl	kyber_rej_uniform_avx2
-.type	kyber_rej_uniform_avx2,@function
+.globl	mlkem_rej_uniform_avx2
+.type	mlkem_rej_uniform_avx2,@function
 .align	16
-kyber_rej_uniform_avx2:
+mlkem_rej_uniform_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_rej_uniform_avx2
+.globl	_mlkem_rej_uniform_avx2
 .p2align	4
-_kyber_rej_uniform_avx2:
+_mlkem_rej_uniform_avx2:
 #endif /* __APPLE__ */
         pushq	%rbx
         pushq	%r12
@@ -12656,19 +12728,19 @@ _kyber_rej_uniform_avx2:
         movq	%rcx, %r8
         movl	%esi, %eax
         cmpl	$0x00, %esi
-        je	L_kyber_rej_uniform_avx2_done_64
+        je	L_mlkem_rej_uniform_avx2_done_64
         cmpl	$8, %esi
-        jl	L_kyber_rej_uniform_avx2_done_128
-        vmovdqu	L_kyber_rej_q(%rip), %ymm6
-        vmovdqu	L_kyber_rej_ones(%rip), %ymm7
-        vmovdqu	L_kyber_rej_mask(%rip), %ymm8
-        vmovdqu	L_kyber_rej_shuffle(%rip), %ymm9
-        leaq	L_kyber_rej_idx(%rip), %r9
+        jl	L_mlkem_rej_uniform_avx2_done_128
+        vmovdqu	L_mlkem_rej_q(%rip), %ymm6
+        vmovdqu	L_mlkem_rej_ones(%rip), %ymm7
+        vmovdqu	L_mlkem_rej_mask(%rip), %ymm8
+        vmovdqu	L_mlkem_rej_shuffle(%rip), %ymm9
+        leaq	L_mlkem_rej_idx(%rip), %r9
         movq	$0x1111111111111111, %r14
         movq	$0xe0c0a0806040200, %rbp
         movq	$0x101010101010101, %r13
         cmpl	$32, %esi
-        jl	L_kyber_rej_uniform_avx2_done_256
+        jl	L_mlkem_rej_uniform_avx2_done_256
         vpermq	$0x94, (%rdx), %ymm0
         vpermq	$0x94, 24(%rdx), %ymm1
         vpshufb	%ymm9, %ymm0, %ymm0
@@ -12733,7 +12805,7 @@ _kyber_rej_uniform_avx2:
         addq	$48, %rdx
         subl	$48, %r8d
         cmpl	$32, %esi
-        jl	L_kyber_rej_uniform_avx2_done_256
+        jl	L_mlkem_rej_uniform_avx2_done_256
         vpermq	$0x94, (%rdx), %ymm0
         vpermq	$0x94, 24(%rdx), %ymm1
         vpshufb	%ymm9, %ymm0, %ymm0
@@ -12798,8 +12870,8 @@ _kyber_rej_uniform_avx2:
         addq	$48, %rdx
         subl	$48, %r8d
         cmpl	$32, %esi
-        jl	L_kyber_rej_uniform_avx2_done_256
-L_kyber_rej_uniform_avx2_start_256:
+        jl	L_mlkem_rej_uniform_avx2_done_256
+L_mlkem_rej_uniform_avx2_start_256:
         vpermq	$0x94, (%rdx), %ymm0
         vpermq	$0x94, 24(%rdx), %ymm1
         vpshufb	%ymm9, %ymm0, %ymm0
@@ -12864,15 +12936,15 @@ L_kyber_rej_uniform_avx2_start_256:
         addq	$48, %rdx
         subl	$48, %r8d
         cmpl	$48, %r8d
-        jl	L_kyber_rej_uniform_avx2_done_256
+        jl	L_mlkem_rej_uniform_avx2_done_256
         cmpl	$32, %esi
-        jge	L_kyber_rej_uniform_avx2_start_256
-L_kyber_rej_uniform_avx2_done_256:
+        jge	L_mlkem_rej_uniform_avx2_start_256
+L_mlkem_rej_uniform_avx2_done_256:
         cmpl	$8, %esi
-        jl	L_kyber_rej_uniform_avx2_done_128
+        jl	L_mlkem_rej_uniform_avx2_done_128
         cmpl	$12, %r8d
-        jl	L_kyber_rej_uniform_avx2_done_128
-L_kyber_rej_uniform_avx2_start_128:
+        jl	L_mlkem_rej_uniform_avx2_done_128
+L_mlkem_rej_uniform_avx2_start_128:
         vmovdqu	(%rdx), %xmm0
         vpshufb	%xmm9, %xmm0, %xmm0
         vpsrlw	$4, %xmm0, %xmm2
@@ -12893,58 +12965,58 @@ L_kyber_rej_uniform_avx2_start_128:
         addq	$12, %rdx
         subl	$12, %r8d
         cmpl	$12, %r8d
-        jl	L_kyber_rej_uniform_avx2_done_128
+        jl	L_mlkem_rej_uniform_avx2_done_128
         cmpl	$8, %esi
-        jge	L_kyber_rej_uniform_avx2_start_128
-L_kyber_rej_uniform_avx2_done_128:
+        jge	L_mlkem_rej_uniform_avx2_start_128
+L_mlkem_rej_uniform_avx2_done_128:
         cmpl	$0x00, %r8d
-        je	L_kyber_rej_uniform_avx2_done_64
+        je	L_mlkem_rej_uniform_avx2_done_64
         cmpl	$0x00, %esi
-        je	L_kyber_rej_uniform_avx2_done_64
+        je	L_mlkem_rej_uniform_avx2_done_64
         movq	$0xfff0fff0fff0fff, %r15
         movq	$0x2000200020002000, %r10
         movq	$0xd010d010d010d01, %r11
         movq	$0x1000100010001000, %r12
-L_kyber_rej_uniform_avx2_start_64:
+L_mlkem_rej_uniform_avx2_start_64:
         movq	(%rdx), %rcx
         pdepq	%r15, %rcx, %rcx
         cmpw	$0xd01, %cx
-        jge	L_kyber_rej_uniform_avx2_rej_large_0
+        jge	L_mlkem_rej_uniform_avx2_rej_large_0
         movw	%cx, (%rdi)
         addq	$2, %rdi
         subl	$0x01, %esi
-        je	L_kyber_rej_uniform_avx2_done_64
-L_kyber_rej_uniform_avx2_rej_large_0:
+        je	L_mlkem_rej_uniform_avx2_done_64
+L_mlkem_rej_uniform_avx2_rej_large_0:
         shrq	$16, %rcx
         cmpw	$0xd01, %cx
-        jge	L_kyber_rej_uniform_avx2_rej_large_1
+        jge	L_mlkem_rej_uniform_avx2_rej_large_1
         movw	%cx, (%rdi)
         addq	$2, %rdi
         subl	$0x01, %esi
-        je	L_kyber_rej_uniform_avx2_done_64
-L_kyber_rej_uniform_avx2_rej_large_1:
+        je	L_mlkem_rej_uniform_avx2_done_64
+L_mlkem_rej_uniform_avx2_rej_large_1:
         shrq	$16, %rcx
         cmpw	$0xd01, %cx
-        jge	L_kyber_rej_uniform_avx2_rej_large_2
+        jge	L_mlkem_rej_uniform_avx2_rej_large_2
         movw	%cx, (%rdi)
         addq	$2, %rdi
         subl	$0x01, %esi
-        je	L_kyber_rej_uniform_avx2_done_64
-L_kyber_rej_uniform_avx2_rej_large_2:
+        je	L_mlkem_rej_uniform_avx2_done_64
+L_mlkem_rej_uniform_avx2_rej_large_2:
         shrq	$16, %rcx
         cmpw	$0xd01, %cx
-        jge	L_kyber_rej_uniform_avx2_rej_large_3
+        jge	L_mlkem_rej_uniform_avx2_rej_large_3
         movw	%cx, (%rdi)
         addq	$2, %rdi
         subl	$0x01, %esi
-        je	L_kyber_rej_uniform_avx2_done_64
-L_kyber_rej_uniform_avx2_rej_large_3:
+        je	L_mlkem_rej_uniform_avx2_done_64
+L_mlkem_rej_uniform_avx2_rej_large_3:
         addq	$6, %rdx
         subl	$6, %r8d
-        jle	L_kyber_rej_uniform_avx2_done_64
+        jle	L_mlkem_rej_uniform_avx2_done_64
         cmpl	$0x00, %esi
-        jg	L_kyber_rej_uniform_avx2_start_64
-L_kyber_rej_uniform_avx2_done_64:
+        jg	L_mlkem_rej_uniform_avx2_start_64
+L_mlkem_rej_uniform_avx2_done_64:
         vzeroupper
         subl	%esi, %eax
         popq	%rbp
@@ -12955,7 +13027,7 @@ L_kyber_rej_uniform_avx2_done_64:
         popq	%rbx
         repz retq
 #ifndef __APPLE__
-.size	kyber_rej_uniform_avx2,.-kyber_rej_uniform_avx2
+.size	mlkem_rej_uniform_avx2,.-mlkem_rej_uniform_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -12967,7 +13039,7 @@ L_kyber_rej_uniform_avx2_done_64:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_mask_249:
+L_mlkem_mask_249:
 .quad	0x24924900249249, 0x24924900249249
 .quad	0x24924900249249, 0x24924900249249
 #ifndef __APPLE__
@@ -12980,7 +13052,7 @@ L_kyber_mask_249:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_mask_6db:
+L_mlkem_mask_6db:
 .quad	0x6db6db006db6db, 0x6db6db006db6db
 .quad	0x6db6db006db6db, 0x6db6db006db6db
 #ifndef __APPLE__
@@ -12993,7 +13065,7 @@ L_kyber_mask_6db:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_mask_07:
+L_mlkem_mask_07:
 .quad	0x700000007, 0x700000007
 .quad	0x700000007, 0x700000007
 #ifndef __APPLE__
@@ -13006,7 +13078,7 @@ L_kyber_mask_07:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_mask_70:
+L_mlkem_mask_70:
 .quad	0x7000000070000, 0x7000000070000
 .quad	0x7000000070000, 0x7000000070000
 #ifndef __APPLE__
@@ -13019,7 +13091,7 @@ L_kyber_mask_70:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_mask_3:
+L_mlkem_mask_3:
 .quad	0x3000300030003, 0x3000300030003
 .quad	0x3000300030003, 0x3000300030003
 #ifndef __APPLE__
@@ -13032,27 +13104,27 @@ L_kyber_mask_3:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_shuff:
+L_mlkem_shuff:
 .quad	0xff050403ff020100, 0xff0b0a09ff080706
 .quad	0xff090807ff060504, 0xff0f0e0dff0c0b0a
 #ifndef __APPLE__
 .text
-.globl	kyber_cbd_eta3_avx2
-.type	kyber_cbd_eta3_avx2,@function
+.globl	mlkem_cbd_eta3_avx2
+.type	mlkem_cbd_eta3_avx2,@function
 .align	16
-kyber_cbd_eta3_avx2:
+mlkem_cbd_eta3_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_cbd_eta3_avx2
+.globl	_mlkem_cbd_eta3_avx2
 .p2align	4
-_kyber_cbd_eta3_avx2:
+_mlkem_cbd_eta3_avx2:
 #endif /* __APPLE__ */
-        vmovdqu	L_kyber_mask_249(%rip), %ymm8
-        vmovdqu	L_kyber_mask_6db(%rip), %ymm9
-        vmovdqu	L_kyber_mask_07(%rip), %ymm10
-        vmovdqu	L_kyber_mask_70(%rip), %ymm11
-        vmovdqu	L_kyber_mask_3(%rip), %ymm12
-        vmovdqu	L_kyber_shuff(%rip), %ymm13
+        vmovdqu	L_mlkem_mask_249(%rip), %ymm8
+        vmovdqu	L_mlkem_mask_6db(%rip), %ymm9
+        vmovdqu	L_mlkem_mask_07(%rip), %ymm10
+        vmovdqu	L_mlkem_mask_70(%rip), %ymm11
+        vmovdqu	L_mlkem_mask_3(%rip), %ymm12
+        vmovdqu	L_mlkem_shuff(%rip), %ymm13
         vmovdqu	(%rsi), %ymm0
         vmovdqu	24(%rsi), %ymm1
         vpermq	$0x94, %ymm0, %ymm0
@@ -13296,7 +13368,7 @@ _kyber_cbd_eta3_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_cbd_eta3_avx2,.-kyber_cbd_eta3_avx2
+.size	mlkem_cbd_eta3_avx2,.-mlkem_cbd_eta3_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -13308,7 +13380,7 @@ _kyber_cbd_eta3_avx2:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_mask_55:
+L_mlkem_mask_55:
 .quad	0x5555555555555555, 0x5555555555555555
 .quad	0x5555555555555555, 0x5555555555555555
 #ifndef __APPLE__
@@ -13321,7 +13393,7 @@ L_kyber_mask_55:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_mask_33:
+L_mlkem_mask_33:
 .quad	0x3333333333333333, 0x3333333333333333
 .quad	0x3333333333333333, 0x3333333333333333
 #ifndef __APPLE__
@@ -13334,7 +13406,7 @@ L_kyber_mask_33:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_mask_03:
+L_mlkem_mask_03:
 .quad	0x303030303030303, 0x303030303030303
 .quad	0x303030303030303, 0x303030303030303
 #ifndef __APPLE__
@@ -13347,25 +13419,25 @@ L_kyber_mask_03:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_mask_0f:
+L_mlkem_mask_0f:
 .quad	0xf0f0f0f0f0f0f0f, 0xf0f0f0f0f0f0f0f
 .quad	0xf0f0f0f0f0f0f0f, 0xf0f0f0f0f0f0f0f
 #ifndef __APPLE__
 .text
-.globl	kyber_cbd_eta2_avx2
-.type	kyber_cbd_eta2_avx2,@function
+.globl	mlkem_cbd_eta2_avx2
+.type	mlkem_cbd_eta2_avx2,@function
 .align	16
-kyber_cbd_eta2_avx2:
+mlkem_cbd_eta2_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_cbd_eta2_avx2
+.globl	_mlkem_cbd_eta2_avx2
 .p2align	4
-_kyber_cbd_eta2_avx2:
+_mlkem_cbd_eta2_avx2:
 #endif /* __APPLE__ */
-        vmovdqu	L_kyber_mask_55(%rip), %ymm8
-        vmovdqu	L_kyber_mask_33(%rip), %ymm9
-        vmovdqu	L_kyber_mask_03(%rip), %ymm10
-        vmovdqu	L_kyber_mask_0f(%rip), %ymm11
+        vmovdqu	L_mlkem_mask_55(%rip), %ymm8
+        vmovdqu	L_mlkem_mask_33(%rip), %ymm9
+        vmovdqu	L_mlkem_mask_03(%rip), %ymm10
+        vmovdqu	L_mlkem_mask_0f(%rip), %ymm11
         vmovdqu	(%rsi), %ymm0
         vmovdqu	32(%rsi), %ymm1
         vpsrlw	$0x01, %ymm0, %ymm2
@@ -13477,7 +13549,7 @@ _kyber_cbd_eta2_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_cbd_eta2_avx2,.-kyber_cbd_eta2_avx2
+.size	mlkem_cbd_eta2_avx2,.-mlkem_cbd_eta2_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -13489,7 +13561,7 @@ _kyber_cbd_eta2_avx2:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_10_avx2_mask:
+L_mlkem_compress_10_avx2_mask:
 .value	0x3ff,0x3ff
 .value	0x3ff,0x3ff
 .value	0x3ff,0x3ff
@@ -13508,7 +13580,7 @@ L_kyber_compress_10_avx2_mask:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_compress_10_avx2_shift:
+L_mlkem_compress_10_avx2_shift:
 .quad	0x400000104000001, 0x400000104000001
 .quad	0x400000104000001, 0x400000104000001
 #ifndef __APPLE__
@@ -13521,7 +13593,7 @@ L_kyber_compress_10_avx2_shift:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_compress_10_avx2_shlv:
+L_mlkem_compress_10_avx2_shlv:
 .quad	0xc, 0xc
 .quad	0xc, 0xc
 #ifndef __APPLE__
@@ -13534,7 +13606,7 @@ L_kyber_compress_10_avx2_shlv:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_10_avx2_shuf:
+L_mlkem_compress_10_avx2_shuf:
 .value	0x100,0x302
 .value	0x804,0xa09
 .value	0xc0b,0xffff
@@ -13553,7 +13625,7 @@ L_kyber_compress_10_avx2_shuf:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_10_avx2_v:
+L_mlkem_compress_10_avx2_v:
 .value	0x4ebf,0x4ebf
 .value	0x4ebf,0x4ebf
 .value	0x4ebf,0x4ebf
@@ -13572,7 +13644,7 @@ L_kyber_compress_10_avx2_v:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_10_avx2_offset:
+L_mlkem_compress_10_avx2_offset:
 .value	0xf,0xf
 .value	0xf,0xf
 .value	0xf,0xf
@@ -13591,7 +13663,7 @@ L_kyber_compress_10_avx2_offset:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_10_avx2_shift12:
+L_mlkem_compress_10_avx2_shift12:
 .value	0x1000,0x1000
 .value	0x1000,0x1000
 .value	0x1000,0x1000
@@ -13602,26 +13674,26 @@ L_kyber_compress_10_avx2_shift12:
 .value	0x1000,0x1000
 #ifndef __APPLE__
 .text
-.globl	kyber_compress_10_avx2
-.type	kyber_compress_10_avx2,@function
+.globl	mlkem_compress_10_avx2
+.type	mlkem_compress_10_avx2,@function
 .align	16
-kyber_compress_10_avx2:
+mlkem_compress_10_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_compress_10_avx2
+.globl	_mlkem_compress_10_avx2
 .p2align	4
-_kyber_compress_10_avx2:
+_mlkem_compress_10_avx2:
 #endif /* __APPLE__ */
         vmovdqu	(%rsi), %ymm0
-        vmovdqu	L_kyber_compress_10_avx2_mask(%rip), %ymm9
-        vmovdqu	L_kyber_compress_10_avx2_shift(%rip), %ymm8
-        vmovdqu	L_kyber_compress_10_avx2_shlv(%rip), %ymm10
-        vmovdqu	L_kyber_compress_10_avx2_shuf(%rip), %ymm11
-        vmovdqu	L_kyber_compress_10_avx2_v(%rip), %ymm6
-        vmovdqu	L_kyber_compress_10_avx2_offset(%rip), %ymm12
-        vmovdqu	L_kyber_compress_10_avx2_shift12(%rip), %ymm13
+        vmovdqu	L_mlkem_compress_10_avx2_mask(%rip), %ymm9
+        vmovdqu	L_mlkem_compress_10_avx2_shift(%rip), %ymm8
+        vmovdqu	L_mlkem_compress_10_avx2_shlv(%rip), %ymm10
+        vmovdqu	L_mlkem_compress_10_avx2_shuf(%rip), %ymm11
+        vmovdqu	L_mlkem_compress_10_avx2_v(%rip), %ymm6
+        vmovdqu	L_mlkem_compress_10_avx2_offset(%rip), %ymm12
+        vmovdqu	L_mlkem_compress_10_avx2_shift12(%rip), %ymm13
         vpsllw	$3, %ymm6, %ymm7
-L_kyber_compress_10_avx2_start:
+L_mlkem_compress_10_avx2_start:
         vmovdqu	(%rsi), %ymm0
         vmovdqu	32(%rsi), %ymm1
         vpmullw	%ymm7, %ymm0, %ymm2
@@ -13929,18 +14001,18 @@ L_kyber_compress_10_avx2_start:
         addq	$0x140, %rdi
         addq	$0x200, %rsi
         subl	$0x01, %edx
-        jg	L_kyber_compress_10_avx2_start
+        jg	L_mlkem_compress_10_avx2_start
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_compress_10_avx2,.-kyber_compress_10_avx2
+.size	mlkem_compress_10_avx2,.-mlkem_compress_10_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
-L_kyber_decompress_10_avx2_mask:
+L_mlkem_decompress_10_avx2_mask:
 .long	0x7fe01ff8,0x7fe01ff8,0x7fe01ff8,0x7fe01ff8
 .long	0x7fe01ff8,0x7fe01ff8,0x7fe01ff8,0x7fe01ff8
 #ifndef __APPLE__
@@ -13953,7 +14025,7 @@ L_kyber_decompress_10_avx2_mask:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_decompress_10_avx2_sllv:
+L_mlkem_decompress_10_avx2_sllv:
 .quad	0x4, 0x4
 .quad	0x4, 0x4
 #ifndef __APPLE__
@@ -13961,7 +14033,7 @@ L_kyber_decompress_10_avx2_sllv:
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
-L_kyber_decompress_10_avx2_q:
+L_mlkem_decompress_10_avx2_q:
 .long	0xd013404,0xd013404,0xd013404,0xd013404
 .long	0xd013404,0xd013404,0xd013404,0xd013404
 #ifndef __APPLE__
@@ -13974,7 +14046,7 @@ L_kyber_decompress_10_avx2_q:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_decompress_10_avx2_shuf:
+L_mlkem_decompress_10_avx2_shuf:
 .value	0x100,0x201
 .value	0x302,0x403
 .value	0x605,0x706
@@ -13985,21 +14057,21 @@ L_kyber_decompress_10_avx2_shuf:
 .value	0xa09,0xb0a
 #ifndef __APPLE__
 .text
-.globl	kyber_decompress_10_avx2
-.type	kyber_decompress_10_avx2,@function
+.globl	mlkem_decompress_10_avx2
+.type	mlkem_decompress_10_avx2,@function
 .align	16
-kyber_decompress_10_avx2:
+mlkem_decompress_10_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_decompress_10_avx2
+.globl	_mlkem_decompress_10_avx2
 .p2align	4
-_kyber_decompress_10_avx2:
+_mlkem_decompress_10_avx2:
 #endif /* __APPLE__ */
-        vmovdqu	L_kyber_decompress_10_avx2_mask(%rip), %ymm4
-        vmovdqu	L_kyber_decompress_10_avx2_q(%rip), %ymm5
-        vmovdqu	L_kyber_decompress_10_avx2_shuf(%rip), %ymm6
-        vmovdqu	L_kyber_decompress_10_avx2_sllv(%rip), %ymm7
-L_kyber_decompress_10_avx2_start:
+        vmovdqu	L_mlkem_decompress_10_avx2_mask(%rip), %ymm4
+        vmovdqu	L_mlkem_decompress_10_avx2_q(%rip), %ymm5
+        vmovdqu	L_mlkem_decompress_10_avx2_shuf(%rip), %ymm6
+        vmovdqu	L_mlkem_decompress_10_avx2_sllv(%rip), %ymm7
+L_mlkem_decompress_10_avx2_start:
         vpermq	$0x94, (%rsi), %ymm0
         vpermq	$0x94, 20(%rsi), %ymm1
         vpermq	$0x94, 40(%rsi), %ymm2
@@ -14115,11 +14187,11 @@ L_kyber_decompress_10_avx2_start:
         addq	$0x140, %rsi
         addq	$0x200, %rdi
         subl	$0x01, %edx
-        jg	L_kyber_decompress_10_avx2_start
+        jg	L_mlkem_decompress_10_avx2_start
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_decompress_10_avx2,.-kyber_decompress_10_avx2
+.size	mlkem_decompress_10_avx2,.-mlkem_decompress_10_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -14131,7 +14203,7 @@ L_kyber_decompress_10_avx2_start:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_11_avx2_v:
+L_mlkem_compress_11_avx2_v:
 .value	0x4ebf,0x4ebf
 .value	0x4ebf,0x4ebf
 .value	0x4ebf,0x4ebf
@@ -14150,7 +14222,7 @@ L_kyber_compress_11_avx2_v:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_11_avx2_off:
+L_mlkem_compress_11_avx2_off:
 .value	0x24,0x24
 .value	0x24,0x24
 .value	0x24,0x24
@@ -14169,7 +14241,7 @@ L_kyber_compress_11_avx2_off:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_11_avx2_shift13:
+L_mlkem_compress_11_avx2_shift13:
 .value	0x2000,0x2000
 .value	0x2000,0x2000
 .value	0x2000,0x2000
@@ -14188,7 +14260,7 @@ L_kyber_compress_11_avx2_shift13:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_11_avx2_mask:
+L_mlkem_compress_11_avx2_mask:
 .value	0x7ff,0x7ff
 .value	0x7ff,0x7ff
 .value	0x7ff,0x7ff
@@ -14207,7 +14279,7 @@ L_kyber_compress_11_avx2_mask:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_compress_11_avx2_shift:
+L_mlkem_compress_11_avx2_shift:
 .quad	0x800000108000001, 0x800000108000001
 .quad	0x800000108000001, 0x800000108000001
 #ifndef __APPLE__
@@ -14215,7 +14287,7 @@ L_kyber_compress_11_avx2_shift:
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
-L_kyber_compress_11_avx2_sllvd:
+L_mlkem_compress_11_avx2_sllvd:
 .long	0xa,0x0,0xa,0x0
 .long	0xa,0x0,0xa,0x0
 #ifndef __APPLE__
@@ -14228,7 +14300,7 @@ L_kyber_compress_11_avx2_sllvd:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_compress_11_avx2_srlvq:
+L_mlkem_compress_11_avx2_srlvq:
 .quad	0xa, 0x1e
 .quad	0xa, 0x1e
 #ifndef __APPLE__
@@ -14241,7 +14313,7 @@ L_kyber_compress_11_avx2_srlvq:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_11_avx2_shuf:
+L_mlkem_compress_11_avx2_shuf:
 .value	0x100,0x302
 .value	0x504,0x706
 .value	0x908,0xff0a
@@ -14252,27 +14324,27 @@ L_kyber_compress_11_avx2_shuf:
 .value	0x201,0x403
 #ifndef __APPLE__
 .text
-.globl	kyber_compress_11_avx2
-.type	kyber_compress_11_avx2,@function
+.globl	mlkem_compress_11_avx2
+.type	mlkem_compress_11_avx2,@function
 .align	16
-kyber_compress_11_avx2:
+mlkem_compress_11_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_compress_11_avx2
+.globl	_mlkem_compress_11_avx2
 .p2align	4
-_kyber_compress_11_avx2:
+_mlkem_compress_11_avx2:
 #endif /* __APPLE__ */
         vmovdqu	(%rsi), %ymm0
-        vmovdqu	L_kyber_compress_11_avx2_v(%rip), %ymm7
-        vmovdqu	L_kyber_compress_11_avx2_off(%rip), %ymm8
-        vmovdqu	L_kyber_compress_11_avx2_shift13(%rip), %ymm9
-        vmovdqu	L_kyber_compress_11_avx2_mask(%rip), %ymm10
-        vmovdqu	L_kyber_compress_11_avx2_shift(%rip), %ymm11
-        vmovdqu	L_kyber_compress_11_avx2_sllvd(%rip), %ymm12
-        vmovdqu	L_kyber_compress_11_avx2_srlvq(%rip), %ymm13
-        vmovdqu	L_kyber_compress_11_avx2_shuf(%rip), %ymm14
+        vmovdqu	L_mlkem_compress_11_avx2_v(%rip), %ymm7
+        vmovdqu	L_mlkem_compress_11_avx2_off(%rip), %ymm8
+        vmovdqu	L_mlkem_compress_11_avx2_shift13(%rip), %ymm9
+        vmovdqu	L_mlkem_compress_11_avx2_mask(%rip), %ymm10
+        vmovdqu	L_mlkem_compress_11_avx2_shift(%rip), %ymm11
+        vmovdqu	L_mlkem_compress_11_avx2_sllvd(%rip), %ymm12
+        vmovdqu	L_mlkem_compress_11_avx2_srlvq(%rip), %ymm13
+        vmovdqu	L_mlkem_compress_11_avx2_shuf(%rip), %ymm14
         vpsllw	$3, %ymm7, %ymm6
-L_kyber_compress_11_avx2_start:
+L_mlkem_compress_11_avx2_start:
         vmovdqu	(%rsi), %ymm0
         vmovdqu	32(%rsi), %ymm3
         vpmullw	%ymm6, %ymm0, %ymm1
@@ -14628,11 +14700,11 @@ L_kyber_compress_11_avx2_start:
         addq	$0x160, %rdi
         addq	$0x200, %rsi
         subl	$0x01, %edx
-        jg	L_kyber_compress_11_avx2_start
+        jg	L_mlkem_compress_11_avx2_start
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_compress_11_avx2,.-kyber_compress_11_avx2
+.size	mlkem_compress_11_avx2,.-mlkem_compress_11_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -14644,7 +14716,7 @@ L_kyber_compress_11_avx2_start:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_decompress_11_avx2_q:
+L_mlkem_decompress_11_avx2_q:
 .value	0xd01,0xd01
 .value	0xd01,0xd01
 .value	0xd01,0xd01
@@ -14663,7 +14735,7 @@ L_kyber_decompress_11_avx2_q:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_decompress_11_avx2_shuf:
+L_mlkem_decompress_11_avx2_shuf:
 .value	0x100,0x201
 .value	0x302,0x504
 .value	0x605,0x706
@@ -14677,7 +14749,7 @@ L_kyber_decompress_11_avx2_shuf:
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
-L_kyber_decompress_11_avx2_sllv:
+L_mlkem_decompress_11_avx2_sllv:
 .long	0x0,0x1,0x0,0x0
 .long	0x0,0x1,0x0,0x0
 #ifndef __APPLE__
@@ -14690,7 +14762,7 @@ L_kyber_decompress_11_avx2_sllv:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_decompress_11_avx2_srlv:
+L_mlkem_decompress_11_avx2_srlv:
 .quad	0x0, 0x2
 .quad	0x0, 0x2
 #ifndef __APPLE__
@@ -14703,7 +14775,7 @@ L_kyber_decompress_11_avx2_srlv:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_decompress_11_avx2_shift:
+L_mlkem_decompress_11_avx2_shift:
 .value	0x20,0x4
 .value	0x1,0x20
 .value	0x8,0x1
@@ -14722,7 +14794,7 @@ L_kyber_decompress_11_avx2_shift:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_decompress_11_avx2_mask:
+L_mlkem_decompress_11_avx2_mask:
 .value	0x7ff0,0x7ff0
 .value	0x7ff0,0x7ff0
 .value	0x7ff0,0x7ff0
@@ -14733,23 +14805,23 @@ L_kyber_decompress_11_avx2_mask:
 .value	0x7ff0,0x7ff0
 #ifndef __APPLE__
 .text
-.globl	kyber_decompress_11_avx2
-.type	kyber_decompress_11_avx2,@function
+.globl	mlkem_decompress_11_avx2
+.type	mlkem_decompress_11_avx2,@function
 .align	16
-kyber_decompress_11_avx2:
+mlkem_decompress_11_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_decompress_11_avx2
+.globl	_mlkem_decompress_11_avx2
 .p2align	4
-_kyber_decompress_11_avx2:
+_mlkem_decompress_11_avx2:
 #endif /* __APPLE__ */
-        vmovdqu	L_kyber_decompress_11_avx2_q(%rip), %ymm4
-        vmovdqu	L_kyber_decompress_11_avx2_shuf(%rip), %ymm5
-        vmovdqu	L_kyber_decompress_11_avx2_sllv(%rip), %ymm6
-        vmovdqu	L_kyber_decompress_11_avx2_srlv(%rip), %ymm7
-        vmovdqu	L_kyber_decompress_11_avx2_shift(%rip), %ymm8
-        vmovdqu	L_kyber_decompress_11_avx2_mask(%rip), %ymm9
-L_kyber_decompress_11_avx2_start:
+        vmovdqu	L_mlkem_decompress_11_avx2_q(%rip), %ymm4
+        vmovdqu	L_mlkem_decompress_11_avx2_shuf(%rip), %ymm5
+        vmovdqu	L_mlkem_decompress_11_avx2_sllv(%rip), %ymm6
+        vmovdqu	L_mlkem_decompress_11_avx2_srlv(%rip), %ymm7
+        vmovdqu	L_mlkem_decompress_11_avx2_shift(%rip), %ymm8
+        vmovdqu	L_mlkem_decompress_11_avx2_mask(%rip), %ymm9
+L_mlkem_decompress_11_avx2_start:
         vpermq	$0x94, (%rsi), %ymm0
         vpermq	$0x94, 22(%rsi), %ymm1
         vpermq	$0x94, 44(%rsi), %ymm2
@@ -14897,11 +14969,11 @@ L_kyber_decompress_11_avx2_start:
         addq	$0x160, %rsi
         addq	$0x200, %rdi
         subl	$0x01, %edx
-        jg	L_kyber_decompress_11_avx2_start
+        jg	L_mlkem_decompress_11_avx2_start
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_decompress_11_avx2,.-kyber_decompress_11_avx2
+.size	mlkem_decompress_11_avx2,.-mlkem_decompress_11_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -14913,7 +14985,7 @@ L_kyber_decompress_11_avx2_start:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_4_avx2_mask:
+L_mlkem_compress_4_avx2_mask:
 .value	0xf,0xf
 .value	0xf,0xf
 .value	0xf,0xf
@@ -14932,7 +15004,7 @@ L_kyber_compress_4_avx2_mask:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_4_avx2_shift:
+L_mlkem_compress_4_avx2_shift:
 .value	0x200,0x200
 .value	0x200,0x200
 .value	0x200,0x200
@@ -14946,7 +15018,7 @@ L_kyber_compress_4_avx2_shift:
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
-L_kyber_compress_4_avx2_perm:
+L_mlkem_compress_4_avx2_perm:
 .long	0x0,0x4,0x1,0x5
 .long	0x2,0x6,0x3,0x7
 #ifndef __APPLE__
@@ -14959,7 +15031,7 @@ L_kyber_compress_4_avx2_perm:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_4_avx2_v:
+L_mlkem_compress_4_avx2_v:
 .value	0x4ebf,0x4ebf
 .value	0x4ebf,0x4ebf
 .value	0x4ebf,0x4ebf
@@ -14978,7 +15050,7 @@ L_kyber_compress_4_avx2_v:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_4_avx2_shift12:
+L_mlkem_compress_4_avx2_shift12:
 .value	0x1001,0x1001
 .value	0x1001,0x1001
 .value	0x1001,0x1001
@@ -14989,21 +15061,21 @@ L_kyber_compress_4_avx2_shift12:
 .value	0x1001,0x1001
 #ifndef __APPLE__
 .text
-.globl	kyber_compress_4_avx2
-.type	kyber_compress_4_avx2,@function
+.globl	mlkem_compress_4_avx2
+.type	mlkem_compress_4_avx2,@function
 .align	16
-kyber_compress_4_avx2:
+mlkem_compress_4_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_compress_4_avx2
+.globl	_mlkem_compress_4_avx2
 .p2align	4
-_kyber_compress_4_avx2:
+_mlkem_compress_4_avx2:
 #endif /* __APPLE__ */
-        vmovdqu	L_kyber_compress_4_avx2_mask(%rip), %ymm8
-        vmovdqu	L_kyber_compress_4_avx2_shift(%rip), %ymm9
-        vmovdqu	L_kyber_compress_4_avx2_perm(%rip), %ymm10
-        vmovdqu	L_kyber_compress_4_avx2_v(%rip), %ymm11
-        vmovdqu	L_kyber_compress_4_avx2_shift12(%rip), %ymm12
+        vmovdqu	L_mlkem_compress_4_avx2_mask(%rip), %ymm8
+        vmovdqu	L_mlkem_compress_4_avx2_shift(%rip), %ymm9
+        vmovdqu	L_mlkem_compress_4_avx2_perm(%rip), %ymm10
+        vmovdqu	L_mlkem_compress_4_avx2_v(%rip), %ymm11
+        vmovdqu	L_mlkem_compress_4_avx2_shift12(%rip), %ymm12
         vpmulhw	(%rsi), %ymm11, %ymm0
         vpmulhw	32(%rsi), %ymm11, %ymm1
         vpmulhw	64(%rsi), %ymm11, %ymm2
@@ -15083,14 +15155,14 @@ _kyber_compress_4_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_compress_4_avx2,.-kyber_compress_4_avx2
+.size	mlkem_compress_4_avx2,.-mlkem_compress_4_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
-L_kyber_decompress_4_avx2_mask:
+L_mlkem_decompress_4_avx2_mask:
 .long	0xf0000f,0xf0000f,0xf0000f,0xf0000f
 .long	0xf0000f,0xf0000f,0xf0000f,0xf0000f
 #ifndef __APPLE__
@@ -15098,7 +15170,7 @@ L_kyber_decompress_4_avx2_mask:
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
-L_kyber_decompress_4_avx2_shift:
+L_mlkem_decompress_4_avx2_shift:
 .long	0x800800,0x800800,0x800800,0x800800
 .long	0x800800,0x800800,0x800800,0x800800
 #ifndef __APPLE__
@@ -15111,7 +15183,7 @@ L_kyber_decompress_4_avx2_shift:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_decompress_4_avx2_q:
+L_mlkem_decompress_4_avx2_q:
 .value	0xd01,0xd01
 .value	0xd01,0xd01
 .value	0xd01,0xd01
@@ -15130,7 +15202,7 @@ L_kyber_decompress_4_avx2_q:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_decompress_4_avx2_shuf:
+L_mlkem_decompress_4_avx2_shuf:
 .value	0x0,0x0
 .value	0x101,0x101
 .value	0x202,0x202
@@ -15141,20 +15213,20 @@ L_kyber_decompress_4_avx2_shuf:
 .value	0x707,0x707
 #ifndef __APPLE__
 .text
-.globl	kyber_decompress_4_avx2
-.type	kyber_decompress_4_avx2,@function
+.globl	mlkem_decompress_4_avx2
+.type	mlkem_decompress_4_avx2,@function
 .align	16
-kyber_decompress_4_avx2:
+mlkem_decompress_4_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_decompress_4_avx2
+.globl	_mlkem_decompress_4_avx2
 .p2align	4
-_kyber_decompress_4_avx2:
+_mlkem_decompress_4_avx2:
 #endif /* __APPLE__ */
-        vmovdqu	L_kyber_decompress_4_avx2_mask(%rip), %ymm4
-        vmovdqu	L_kyber_decompress_4_avx2_shift(%rip), %ymm5
-        vmovdqu	L_kyber_decompress_4_avx2_shuf(%rip), %ymm6
-        vmovdqu	L_kyber_decompress_4_avx2_q(%rip), %ymm7
+        vmovdqu	L_mlkem_decompress_4_avx2_mask(%rip), %ymm4
+        vmovdqu	L_mlkem_decompress_4_avx2_shift(%rip), %ymm5
+        vmovdqu	L_mlkem_decompress_4_avx2_shuf(%rip), %ymm6
+        vmovdqu	L_mlkem_decompress_4_avx2_q(%rip), %ymm7
         vpbroadcastq	(%rsi), %ymm0
         vpbroadcastq	8(%rsi), %ymm1
         vpbroadcastq	16(%rsi), %ymm2
@@ -15254,7 +15326,7 @@ _kyber_decompress_4_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_decompress_4_avx2,.-kyber_decompress_4_avx2
+.size	mlkem_decompress_4_avx2,.-mlkem_decompress_4_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -15266,7 +15338,7 @@ _kyber_decompress_4_avx2:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_5_avx2_v:
+L_mlkem_compress_5_avx2_v:
 .value	0x4ebf,0x4ebf
 .value	0x4ebf,0x4ebf
 .value	0x4ebf,0x4ebf
@@ -15285,7 +15357,7 @@ L_kyber_compress_5_avx2_v:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_5_avx2_shift:
+L_mlkem_compress_5_avx2_shift:
 .value	0x400,0x400
 .value	0x400,0x400
 .value	0x400,0x400
@@ -15304,7 +15376,7 @@ L_kyber_compress_5_avx2_shift:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_5_avx2_mask:
+L_mlkem_compress_5_avx2_mask:
 .value	0x1f,0x1f
 .value	0x1f,0x1f
 .value	0x1f,0x1f
@@ -15323,7 +15395,7 @@ L_kyber_compress_5_avx2_mask:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_5_avx2_shift1:
+L_mlkem_compress_5_avx2_shift1:
 .value	0x2001,0x2001
 .value	0x2001,0x2001
 .value	0x2001,0x2001
@@ -15337,7 +15409,7 @@ L_kyber_compress_5_avx2_shift1:
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
-L_kyber_compress_5_avx2_shift2:
+L_mlkem_compress_5_avx2_shift2:
 .long	0x4000001,0x4000001,0x4000001,0x4000001
 .long	0x4000001,0x4000001,0x4000001,0x4000001
 #ifndef __APPLE__
@@ -15350,7 +15422,7 @@ L_kyber_compress_5_avx2_shift2:
 #else
 .p2align	5
 #endif /* __APPLE__ */
-L_kyber_compress_5_avx2_shlv:
+L_mlkem_compress_5_avx2_shlv:
 .quad	0xc, 0xc
 .quad	0xc, 0xc
 #ifndef __APPLE__
@@ -15363,7 +15435,7 @@ L_kyber_compress_5_avx2_shlv:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_compress_5_avx2_shuffle:
+L_mlkem_compress_5_avx2_shuffle:
 .value	0x100,0x302
 .value	0xff04,0xffff
 .value	0xffff,0x908
@@ -15374,24 +15446,24 @@ L_kyber_compress_5_avx2_shuffle:
 .value	0xffff,0x8ff
 #ifndef __APPLE__
 .text
-.globl	kyber_compress_5_avx2
-.type	kyber_compress_5_avx2,@function
+.globl	mlkem_compress_5_avx2
+.type	mlkem_compress_5_avx2,@function
 .align	16
-kyber_compress_5_avx2:
+mlkem_compress_5_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_compress_5_avx2
+.globl	_mlkem_compress_5_avx2
 .p2align	4
-_kyber_compress_5_avx2:
+_mlkem_compress_5_avx2:
 #endif /* __APPLE__ */
         vmovdqu	(%rsi), %ymm0
-        vmovdqu	L_kyber_compress_5_avx2_v(%rip), %ymm2
-        vmovdqu	L_kyber_compress_5_avx2_shift(%rip), %ymm3
-        vmovdqu	L_kyber_compress_5_avx2_mask(%rip), %ymm4
-        vmovdqu	L_kyber_compress_5_avx2_shift1(%rip), %ymm5
-        vmovdqu	L_kyber_compress_5_avx2_shift2(%rip), %ymm6
-        vmovdqu	L_kyber_compress_5_avx2_shlv(%rip), %ymm7
-        vmovdqu	L_kyber_compress_5_avx2_shuffle(%rip), %ymm8
+        vmovdqu	L_mlkem_compress_5_avx2_v(%rip), %ymm2
+        vmovdqu	L_mlkem_compress_5_avx2_shift(%rip), %ymm3
+        vmovdqu	L_mlkem_compress_5_avx2_mask(%rip), %ymm4
+        vmovdqu	L_mlkem_compress_5_avx2_shift1(%rip), %ymm5
+        vmovdqu	L_mlkem_compress_5_avx2_shift2(%rip), %ymm6
+        vmovdqu	L_mlkem_compress_5_avx2_shlv(%rip), %ymm7
+        vmovdqu	L_mlkem_compress_5_avx2_shuffle(%rip), %ymm8
         vpmulhw	(%rsi), %ymm2, %ymm0
         vpmulhw	32(%rsi), %ymm2, %ymm1
         vpmulhrsw	%ymm3, %ymm0, %ymm0
@@ -15523,7 +15595,7 @@ _kyber_compress_5_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_compress_5_avx2,.-kyber_compress_5_avx2
+.size	mlkem_compress_5_avx2,.-mlkem_compress_5_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -15535,7 +15607,7 @@ _kyber_compress_5_avx2:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_decompress_5_avx2_q:
+L_mlkem_decompress_5_avx2_q:
 .value	0xd01,0xd01
 .value	0xd01,0xd01
 .value	0xd01,0xd01
@@ -15554,7 +15626,7 @@ L_kyber_decompress_5_avx2_q:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_decompress_5_avx2_shuf:
+L_mlkem_decompress_5_avx2_shuf:
 .value	0x0,0x100
 .value	0x101,0x201
 .value	0x302,0x303
@@ -15573,7 +15645,7 @@ L_kyber_decompress_5_avx2_shuf:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_decompress_5_avx2_mask:
+L_mlkem_decompress_5_avx2_mask:
 .value	0x1f,0x3e0
 .value	0x7c,0xf80
 .value	0x1f0,0x3e
@@ -15592,7 +15664,7 @@ L_kyber_decompress_5_avx2_mask:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_decompress_5_avx2_shift:
+L_mlkem_decompress_5_avx2_shift:
 .value	0x400,0x20
 .value	0x100,0x8
 .value	0x40,0x200
@@ -15603,20 +15675,20 @@ L_kyber_decompress_5_avx2_shift:
 .value	0x10,0x80
 #ifndef __APPLE__
 .text
-.globl	kyber_decompress_5_avx2
-.type	kyber_decompress_5_avx2,@function
+.globl	mlkem_decompress_5_avx2
+.type	mlkem_decompress_5_avx2,@function
 .align	16
-kyber_decompress_5_avx2:
+mlkem_decompress_5_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_decompress_5_avx2
+.globl	_mlkem_decompress_5_avx2
 .p2align	4
-_kyber_decompress_5_avx2:
+_mlkem_decompress_5_avx2:
 #endif /* __APPLE__ */
-        vmovdqu	L_kyber_decompress_5_avx2_q(%rip), %ymm1
-        vmovdqu	L_kyber_decompress_5_avx2_shuf(%rip), %ymm2
-        vmovdqu	L_kyber_decompress_5_avx2_mask(%rip), %ymm3
-        vmovdqu	L_kyber_decompress_5_avx2_shift(%rip), %ymm4
+        vmovdqu	L_mlkem_decompress_5_avx2_q(%rip), %ymm1
+        vmovdqu	L_mlkem_decompress_5_avx2_shuf(%rip), %ymm2
+        vmovdqu	L_mlkem_decompress_5_avx2_mask(%rip), %ymm3
+        vmovdqu	L_mlkem_decompress_5_avx2_shift(%rip), %ymm4
         vbroadcasti128	(%rsi), %ymm0
         vpshufb	%ymm2, %ymm0, %ymm0
         vpand	%ymm3, %ymm0, %ymm0
@@ -15716,14 +15788,14 @@ _kyber_decompress_5_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_decompress_5_avx2,.-kyber_decompress_5_avx2
+.size	mlkem_decompress_5_avx2,.-mlkem_decompress_5_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
-L_kyber_from_msg_avx2_shift:
+L_mlkem_from_msg_avx2_shift:
 .long	0x3,0x2,0x1,0x0
 .long	0x3,0x2,0x1,0x0
 #ifndef __APPLE__
@@ -15736,7 +15808,7 @@ L_kyber_from_msg_avx2_shift:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_from_msg_avx2_shuf:
+L_mlkem_from_msg_avx2_shuf:
 .value	0x100,0x504
 .value	0x908,0xd0c
 .value	0x302,0x706
@@ -15755,7 +15827,7 @@ L_kyber_from_msg_avx2_shuf:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_from_msg_avx2_hqs:
+L_mlkem_from_msg_avx2_hqs:
 .value	0x681,0x681
 .value	0x681,0x681
 .value	0x681,0x681
@@ -15766,20 +15838,20 @@ L_kyber_from_msg_avx2_hqs:
 .value	0x681,0x681
 #ifndef __APPLE__
 .text
-.globl	kyber_from_msg_avx2
-.type	kyber_from_msg_avx2,@function
+.globl	mlkem_from_msg_avx2
+.type	mlkem_from_msg_avx2,@function
 .align	16
-kyber_from_msg_avx2:
+mlkem_from_msg_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_from_msg_avx2
+.globl	_mlkem_from_msg_avx2
 .p2align	4
-_kyber_from_msg_avx2:
+_mlkem_from_msg_avx2:
 #endif /* __APPLE__ */
         vmovdqu	(%rsi), %ymm0
-        vmovdqu	L_kyber_from_msg_avx2_shift(%rip), %ymm9
-        vmovdqu	L_kyber_from_msg_avx2_shuf(%rip), %ymm10
-        vmovdqu	L_kyber_from_msg_avx2_hqs(%rip), %ymm11
+        vmovdqu	L_mlkem_from_msg_avx2_shift(%rip), %ymm9
+        vmovdqu	L_mlkem_from_msg_avx2_shuf(%rip), %ymm10
+        vmovdqu	L_mlkem_from_msg_avx2_hqs(%rip), %ymm11
         vpshufd	$0x00, %ymm0, %ymm4
         vpsllvd	%ymm9, %ymm4, %ymm4
         vpshufb	%ymm10, %ymm4, %ymm4
@@ -15887,7 +15959,7 @@ _kyber_from_msg_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_from_msg_avx2,.-kyber_from_msg_avx2
+.size	mlkem_from_msg_avx2,.-mlkem_from_msg_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -15899,7 +15971,7 @@ _kyber_from_msg_avx2:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_to_msg_avx2_hqs:
+L_mlkem_to_msg_avx2_hqs:
 .value	0x680,0x680
 .value	0x680,0x680
 .value	0x680,0x680
@@ -15918,7 +15990,7 @@ L_kyber_to_msg_avx2_hqs:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_to_msg_avx2_hhqs:
+L_mlkem_to_msg_avx2_hhqs:
 .value	0xfcc1,0xfcc1
 .value	0xfcc1,0xfcc1
 .value	0xfcc1,0xfcc1
@@ -15929,18 +16001,18 @@ L_kyber_to_msg_avx2_hhqs:
 .value	0xfcc1,0xfcc1
 #ifndef __APPLE__
 .text
-.globl	kyber_to_msg_avx2
-.type	kyber_to_msg_avx2,@function
+.globl	mlkem_to_msg_avx2
+.type	mlkem_to_msg_avx2,@function
 .align	16
-kyber_to_msg_avx2:
+mlkem_to_msg_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_to_msg_avx2
+.globl	_mlkem_to_msg_avx2
 .p2align	4
-_kyber_to_msg_avx2:
+_mlkem_to_msg_avx2:
 #endif /* __APPLE__ */
-        vmovdqu	L_kyber_to_msg_avx2_hqs(%rip), %ymm8
-        vmovdqu	L_kyber_to_msg_avx2_hhqs(%rip), %ymm9
+        vmovdqu	L_mlkem_to_msg_avx2_hqs(%rip), %ymm8
+        vmovdqu	L_mlkem_to_msg_avx2_hhqs(%rip), %ymm9
         vpsubw	(%rsi), %ymm8, %ymm0
         vpsubw	32(%rsi), %ymm8, %ymm1
         vpsubw	64(%rsi), %ymm8, %ymm2
@@ -16040,7 +16112,7 @@ _kyber_to_msg_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_to_msg_avx2,.-kyber_to_msg_avx2
+.size	mlkem_to_msg_avx2,.-mlkem_to_msg_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -16052,7 +16124,7 @@ _kyber_to_msg_avx2:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_from_bytes_avx2_shuf:
+L_mlkem_from_bytes_avx2_shuf:
 .value	0x100,0xff02
 .value	0x403,0xff05
 .value	0x706,0xff08
@@ -16066,24 +16138,24 @@ L_kyber_from_bytes_avx2_shuf:
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
-L_kyber_from_bytes_avx2_mask:
+L_mlkem_from_bytes_avx2_mask:
 .long	0xfff,0xfff,0xfff,0xfff
 .long	0xfff,0xfff,0xfff,0xfff
 #ifndef __APPLE__
 .text
-.globl	kyber_from_bytes_avx2
-.type	kyber_from_bytes_avx2,@function
+.globl	mlkem_from_bytes_avx2
+.type	mlkem_from_bytes_avx2,@function
 .align	16
-kyber_from_bytes_avx2:
+mlkem_from_bytes_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_from_bytes_avx2
+.globl	_mlkem_from_bytes_avx2
 .p2align	4
-_kyber_from_bytes_avx2:
+_mlkem_from_bytes_avx2:
 #endif /* __APPLE__ */
         vmovdqu	(%rsi), %ymm0
-        vmovdqu	L_kyber_from_bytes_avx2_shuf(%rip), %ymm12
-        vmovdqu	L_kyber_from_bytes_avx2_mask(%rip), %ymm13
+        vmovdqu	L_mlkem_from_bytes_avx2_shuf(%rip), %ymm12
+        vmovdqu	L_mlkem_from_bytes_avx2_mask(%rip), %ymm13
         vmovdqu	(%rsi), %ymm0
         vmovdqu	32(%rsi), %ymm1
         vmovdqu	64(%rsi), %ymm2
@@ -16227,14 +16299,14 @@ _kyber_from_bytes_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_from_bytes_avx2,.-kyber_from_bytes_avx2
+.size	mlkem_from_bytes_avx2,.-mlkem_from_bytes_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
-L_kyber_to_bytes_avx2_mask:
+L_mlkem_to_bytes_avx2_mask:
 .long	0xfff,0xfff,0xfff,0xfff
 .long	0xfff,0xfff,0xfff,0xfff
 #ifndef __APPLE__
@@ -16247,7 +16319,7 @@ L_kyber_to_bytes_avx2_mask:
 #else
 .p2align	4
 #endif /* __APPLE__ */
-L_kyber_to_bytes_avx2_shuf:
+L_mlkem_to_bytes_avx2_shuf:
 .value	0x100,0x402
 .value	0x605,0x908
 .value	0xc0a,0xe0d
@@ -16261,25 +16333,25 @@ L_kyber_to_bytes_avx2_shuf:
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
-L_kyber_to_bytes_avx2_perm:
+L_mlkem_to_bytes_avx2_perm:
 .long	0x0,0x1,0x2,0x7
 .long	0x4,0x5,0x3,0x6
 #ifndef __APPLE__
 .text
-.globl	kyber_to_bytes_avx2
-.type	kyber_to_bytes_avx2,@function
+.globl	mlkem_to_bytes_avx2
+.type	mlkem_to_bytes_avx2,@function
 .align	16
-kyber_to_bytes_avx2:
+mlkem_to_bytes_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_to_bytes_avx2
+.globl	_mlkem_to_bytes_avx2
 .p2align	4
-_kyber_to_bytes_avx2:
+_mlkem_to_bytes_avx2:
 #endif /* __APPLE__ */
-        vmovdqu	kyber_q(%rip), %ymm12
-        vmovdqu	L_kyber_to_bytes_avx2_mask(%rip), %ymm13
-        vmovdqu	L_kyber_to_bytes_avx2_shuf(%rip), %ymm14
-        vmovdqu	L_kyber_to_bytes_avx2_perm(%rip), %ymm15
+        vmovdqu	mlkem_q(%rip), %ymm12
+        vmovdqu	L_mlkem_to_bytes_avx2_mask(%rip), %ymm13
+        vmovdqu	L_mlkem_to_bytes_avx2_shuf(%rip), %ymm14
+        vmovdqu	L_mlkem_to_bytes_avx2_perm(%rip), %ymm15
         vmovdqu	(%rsi), %ymm0
         vmovdqu	32(%rsi), %ymm1
         vmovdqu	64(%rsi), %ymm2
@@ -16503,19 +16575,19 @@ _kyber_to_bytes_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_to_bytes_avx2,.-kyber_to_bytes_avx2
+.size	mlkem_to_bytes_avx2,.-mlkem_to_bytes_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .text
-.globl	kyber_cmp_avx2
-.type	kyber_cmp_avx2,@function
+.globl	mlkem_cmp_avx2
+.type	mlkem_cmp_avx2,@function
 .align	16
-kyber_cmp_avx2:
+mlkem_cmp_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_cmp_avx2
+.globl	_mlkem_cmp_avx2
 .p2align	4
-_kyber_cmp_avx2:
+_mlkem_cmp_avx2:
 #endif /* __APPLE__ */
         vpxor	%ymm2, %ymm2, %ymm2
         vpxor	%ymm3, %ymm3, %ymm3
@@ -16594,7 +16666,7 @@ _kyber_cmp_avx2:
         vpor	%ymm0, %ymm2, %ymm2
         vpor	%ymm1, %ymm3, %ymm3
         subl	$0x300, %edx
-        jz	L_kyber_cmp_avx2_done
+        jz	L_mlkem_cmp_avx2_done
         vmovdqu	768(%rdi), %ymm0
         vmovdqu	800(%rdi), %ymm1
         vpxor	768(%rsi), %ymm0, %ymm0
@@ -16626,7 +16698,7 @@ _kyber_cmp_avx2:
         vpor	%ymm0, %ymm2, %ymm2
         vpor	%ymm1, %ymm3, %ymm3
         subl	$0x140, %edx
-        jz	L_kyber_cmp_avx2_done
+        jz	L_mlkem_cmp_avx2_done
         vmovdqu	1088(%rdi), %ymm0
         vmovdqu	1120(%rdi), %ymm1
         vpxor	1088(%rsi), %ymm0, %ymm0
@@ -16669,7 +16741,7 @@ _kyber_cmp_avx2:
         vpxor	1504(%rsi), %ymm1, %ymm1
         vpor	%ymm0, %ymm2, %ymm2
         vpor	%ymm1, %ymm3, %ymm3
-L_kyber_cmp_avx2_done:
+L_mlkem_cmp_avx2_done:
         vpor	%ymm3, %ymm2, %ymm2
         vptest	%ymm2, %ymm2
         cmovzl	%ecx, %eax
@@ -16677,19 +16749,19 @@ L_kyber_cmp_avx2_done:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_cmp_avx2,.-kyber_cmp_avx2
+.size	mlkem_cmp_avx2,.-mlkem_cmp_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .text
-.globl	kyber_redistribute_21_rand_avx2
-.type	kyber_redistribute_21_rand_avx2,@function
+.globl	mlkem_redistribute_21_rand_avx2
+.type	mlkem_redistribute_21_rand_avx2,@function
 .align	16
-kyber_redistribute_21_rand_avx2:
+mlkem_redistribute_21_rand_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_redistribute_21_rand_avx2
+.globl	_mlkem_redistribute_21_rand_avx2
 .p2align	4
-_kyber_redistribute_21_rand_avx2:
+_mlkem_redistribute_21_rand_avx2:
 #endif /* __APPLE__ */
         vmovdqu	(%rdi), %ymm0
         vmovdqu	32(%rdi), %ymm1
@@ -16782,19 +16854,19 @@ _kyber_redistribute_21_rand_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_redistribute_21_rand_avx2,.-kyber_redistribute_21_rand_avx2
+.size	mlkem_redistribute_21_rand_avx2,.-mlkem_redistribute_21_rand_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .text
-.globl	kyber_redistribute_17_rand_avx2
-.type	kyber_redistribute_17_rand_avx2,@function
+.globl	mlkem_redistribute_17_rand_avx2
+.type	mlkem_redistribute_17_rand_avx2,@function
 .align	16
-kyber_redistribute_17_rand_avx2:
+mlkem_redistribute_17_rand_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_redistribute_17_rand_avx2
+.globl	_mlkem_redistribute_17_rand_avx2
 .p2align	4
-_kyber_redistribute_17_rand_avx2:
+_mlkem_redistribute_17_rand_avx2:
 #endif /* __APPLE__ */
         vmovdqu	(%rdi), %ymm0
         vmovdqu	32(%rdi), %ymm1
@@ -16871,19 +16943,19 @@ _kyber_redistribute_17_rand_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_redistribute_17_rand_avx2,.-kyber_redistribute_17_rand_avx2
+.size	mlkem_redistribute_17_rand_avx2,.-mlkem_redistribute_17_rand_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .text
-.globl	kyber_redistribute_16_rand_avx2
-.type	kyber_redistribute_16_rand_avx2,@function
+.globl	mlkem_redistribute_16_rand_avx2
+.type	mlkem_redistribute_16_rand_avx2,@function
 .align	16
-kyber_redistribute_16_rand_avx2:
+mlkem_redistribute_16_rand_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_redistribute_16_rand_avx2
+.globl	_mlkem_redistribute_16_rand_avx2
 .p2align	4
-_kyber_redistribute_16_rand_avx2:
+_mlkem_redistribute_16_rand_avx2:
 #endif /* __APPLE__ */
         vmovdqu	(%rdi), %ymm0
         vmovdqu	32(%rdi), %ymm1
@@ -16952,19 +17024,19 @@ _kyber_redistribute_16_rand_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_redistribute_16_rand_avx2,.-kyber_redistribute_16_rand_avx2
+.size	mlkem_redistribute_16_rand_avx2,.-mlkem_redistribute_16_rand_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .text
-.globl	kyber_redistribute_8_rand_avx2
-.type	kyber_redistribute_8_rand_avx2,@function
+.globl	mlkem_redistribute_8_rand_avx2
+.type	mlkem_redistribute_8_rand_avx2,@function
 .align	16
-kyber_redistribute_8_rand_avx2:
+mlkem_redistribute_8_rand_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_redistribute_8_rand_avx2
+.globl	_mlkem_redistribute_8_rand_avx2
 .p2align	4
-_kyber_redistribute_8_rand_avx2:
+_mlkem_redistribute_8_rand_avx2:
 #endif /* __APPLE__ */
         vmovdqu	(%rdi), %ymm0
         vmovdqu	32(%rdi), %ymm1
@@ -17001,7 +17073,7 @@ _kyber_redistribute_8_rand_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_redistribute_8_rand_avx2,.-kyber_redistribute_8_rand_avx2
+.size	mlkem_redistribute_8_rand_avx2,.-mlkem_redistribute_8_rand_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -17077,15 +17149,15 @@ L_sha3_128_blockx4_seed_avx2_end_mark:
 .quad	0x8000000000000000, 0x8000000000000000
 #ifndef __APPLE__
 .text
-.globl	kyber_sha3_128_blocksx4_seed_avx2
-.type	kyber_sha3_128_blocksx4_seed_avx2,@function
+.globl	mlkem_sha3_128_blocksx4_seed_avx2
+.type	mlkem_sha3_128_blocksx4_seed_avx2,@function
 .align	16
-kyber_sha3_128_blocksx4_seed_avx2:
+mlkem_sha3_128_blocksx4_seed_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_sha3_128_blocksx4_seed_avx2
+.globl	_mlkem_sha3_128_blocksx4_seed_avx2
 .p2align	4
-_kyber_sha3_128_blocksx4_seed_avx2:
+_mlkem_sha3_128_blocksx4_seed_avx2:
 #endif /* __APPLE__ */
         leaq	L_sha3_parallel_4_r(%rip), %rdx
         movq	%rdi, %rax
@@ -22437,7 +22509,7 @@ _kyber_sha3_128_blocksx4_seed_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_sha3_128_blocksx4_seed_avx2,.-kyber_sha3_128_blocksx4_seed_avx2
+.size	mlkem_sha3_128_blocksx4_seed_avx2,.-mlkem_sha3_128_blocksx4_seed_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
 .data
@@ -22454,15 +22526,15 @@ L_sha3_256_blockx4_seed_avx2_end_mark:
 .quad	0x8000000000000000, 0x8000000000000000
 #ifndef __APPLE__
 .text
-.globl	kyber_sha3_256_blocksx4_seed_avx2
-.type	kyber_sha3_256_blocksx4_seed_avx2,@function
+.globl	mlkem_sha3_256_blocksx4_seed_avx2
+.type	mlkem_sha3_256_blocksx4_seed_avx2,@function
 .align	16
-kyber_sha3_256_blocksx4_seed_avx2:
+mlkem_sha3_256_blocksx4_seed_avx2:
 #else
 .section	__TEXT,__text
-.globl	_kyber_sha3_256_blocksx4_seed_avx2
+.globl	_mlkem_sha3_256_blocksx4_seed_avx2
 .p2align	4
-_kyber_sha3_256_blocksx4_seed_avx2:
+_mlkem_sha3_256_blocksx4_seed_avx2:
 #endif /* __APPLE__ */
         leaq	L_sha3_parallel_4_r(%rip), %rdx
         movq	%rdi, %rax
@@ -27815,10 +27887,10 @@ _kyber_sha3_256_blocksx4_seed_avx2:
         vzeroupper
         repz retq
 #ifndef __APPLE__
-.size	kyber_sha3_256_blocksx4_seed_avx2,.-kyber_sha3_256_blocksx4_seed_avx2
+.size	mlkem_sha3_256_blocksx4_seed_avx2,.-mlkem_sha3_256_blocksx4_seed_avx2
 #endif /* __APPLE__ */
 #endif /* HAVE_INTEL_AVX2 */
-#endif /* WOLFSSL_WC_KYBER */
+#endif /* WOLFSSL_WC_MLKEM */
 
 #if defined(__linux__) && defined(__ELF__)
 .section	.note.GNU-stack,"",%progbits
diff --git a/wolfcrypt/src/wc_mlkem_poly.c b/wolfcrypt/src/wc_mlkem_poly.c
new file mode 100644
index 000000000..e5f4a182f
--- /dev/null
+++ b/wolfcrypt/src/wc_mlkem_poly.c
@@ -0,0 +1,5986 @@
+/* wc_mlkem_poly.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Implementation based on FIPS 203:
+ *   https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf
+ *
+ * Original implementation based on NIST 3rd Round submission package.
+ * See link at:
+ *   https://csrc.nist.gov/Projects/post-quantum-cryptography/
+ *   post-quantum-cryptography-standardization/round-3-submissions
+ */
+
+/* Implementation of the functions that operate on polynomials or vectors of
+ * polynomials.
+ */
+
+/* Possible Kyber options:
+ *
+ * WOLFSSL_WC_MLKEM                                           Default: OFF
+ *   Enables this code, wolfSSL implementation, to be built.
+ *
+ * WOLFSSL_WC_ML_KEM_512                                      Default: OFF
+ *   Enables the ML-KEM 512 parameter implementations.
+ * WOLFSSL_WC_ML_KEM_768                                      Default: OFF
+ *   Enables the ML-KEM 768 parameter implementations.
+ * WOLFSSL_WC_ML_KEM_1024                                     Default: OFF
+ *   Enables the ML-KEM 1024 parameter implementations.
+ * WOLFSSL_KYBER512                                           Default: OFF
+ *   Enables the KYBER512 parameter implementations.
+ * WOLFSSL_KYBER768                                           Default: OFF
+ *   Enables the KYBER768 parameter implementations.
+ * WOLFSSL_KYBER1024                                          Default: OFF
+ *   Enables the KYBER1024 parameter implementations.
+ *
+ * USE_INTEL_SPEEDUP                                          Default: OFF
+ *   Compiles in Intel x64 specific implementations that are faster.
+ * WOLFSSL_MLKEM_NO_LARGE_CODE                                Default: OFF
+ *   Compiles smaller, fast code size with a speed trade-off.
+ * WOLFSSL_MLKEM_SMALL                                        Default: OFF
+ *   Compiles to small code size with a speed trade-off.
+ * WOLFSSL_SMALL_STACK                                        Default: OFF
+ *   Use less stack by dynamically allocating local variables.
+ *
+ * WOLFSSL_MLKEM_NTT_UNROLL                                   Default: OFF
+ *   Enable an alternative NTT implementation that may be faster on some
+ *   platforms and is smaller in code size.
+ * WOLFSSL_MLKEM_INVNTT_UNROLL                                Default: OFF
+ *   Enables an alternative inverse NTT implementation that may be faster on
+ *   some platforms and is smaller in code size.
+ */
+
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+
+#include <wolfssl/wolfcrypt/wc_mlkem.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+
+#ifdef WOLFSSL_WC_MLKEM
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \
+    defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM)
+static int mlkem_gen_matrix_i(MLKEM_PRF_T* prf, sword16* a, int k, byte* seed,
+    int i, int transposed);
+static int mlkem_get_noise_i(MLKEM_PRF_T* prf, int k, sword16* vec2,
+    byte* seed, int i, int make);
+static int mlkem_get_noise_eta2_c(MLKEM_PRF_T* prf, sword16* p,
+    const byte* seed);
+#endif
+
+/* Declared in wc_mlkem.c to stop compiler optimizer from simplifying. */
+extern volatile sword16 mlkem_opt_blocker;
+
+#if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \
+    defined(WOLFSSL_ARMASM))
+static word32 cpuid_flags = 0;
+#endif
+
+/* Half of Q plus one. Converted message bit value of 1. */
+#define MLKEM_Q_1_HALF      ((MLKEM_Q + 1) / 2)
+/* Half of Q */
+#define MLKEM_Q_HALF        (MLKEM_Q / 2)
+
+
+/* q^-1 mod 2^16 (inverse of 3329 mod 16384) */
+#define MLKEM_QINV       62209
+
+/* Used in Barrett Reduction:
+ *    r = a mod q
+ * => r = a - ((V * a) >> 26) * q), as V based on 2^26
+ * V is the multiplier that gets the quotient after shifting.
+ */
+#define MLKEM_V          (((1U << 26) + (MLKEM_Q / 2)) / MLKEM_Q)
+
+/* Used in converting to Montgomery form.
+ * f is the normalizer = 2^k % m.
+ * 16-bit value cast to sword32 in use.
+ */
+#define MLKEM_F          ((1ULL << 32) % MLKEM_Q)
+
+/* Number of bytes in an output block of SHA-3-128 */
+#define SHA3_128_BYTES   (WC_SHA3_128_COUNT * 8)
+/* Number of bytes in an output block of SHA-3-256 */
+#define SHA3_256_BYTES   (WC_SHA3_256_COUNT * 8)
+
+/* Number of blocks to generate for matrix. */
+#define GEN_MATRIX_NBLOCKS \
+    ((12 * MLKEM_N / 8 * (1 << 12) / MLKEM_Q + XOF_BLOCK_SIZE) / XOF_BLOCK_SIZE)
+/* Number of bytes to generate for matrix. */
+#define GEN_MATRIX_SIZE     GEN_MATRIX_NBLOCKS * XOF_BLOCK_SIZE
+
+
+/* Number of random bytes to generate for ETA3. */
+#define ETA3_RAND_SIZE     ((3 * MLKEM_N) / 4)
+/* Number of random bytes to generate for ETA2. */
+#define ETA2_RAND_SIZE     ((2 * MLKEM_N) / 4)
+
+
+/* Montgomery reduce a.
+ *
+ * @param  [in]  a  32-bit value to be reduced.
+ * @return  Montgomery reduction result.
+ */
+#define MLKEM_MONT_RED(a) \
+    (sword16)(((a) - (sword32)(((sword16)((sword16)(a) * \
+                                (sword16)MLKEM_QINV)) * \
+                               (sword32)MLKEM_Q)) >> 16)
+
+/* Barrett reduce a. r = a mod q.
+ *
+ * Converted division to multiplication.
+ *
+ * @param  [in]  a  16-bit value to be reduced to range of q.
+ * @return  Modulo result.
+ */
+#define MLKEM_BARRETT_RED(a) \
+    (sword16)((sword16)(a) - (sword16)((sword16)( \
+        ((sword32)((sword32)MLKEM_V * (sword16)(a))) >> 26) * (word16)MLKEM_Q))
+
+
+/* Zetas for NTT. */
+const sword16 zetas[MLKEM_N / 2] = {
+    2285, 2571, 2970, 1812, 1493, 1422,  287,  202,
+    3158,  622, 1577,  182,  962, 2127, 1855, 1468,
+     573, 2004,  264,  383, 2500, 1458, 1727, 3199,
+    2648, 1017,  732,  608, 1787,  411, 3124, 1758,
+    1223,  652, 2777, 1015, 2036, 1491, 3047, 1785,
+     516, 3321, 3009, 2663, 1711, 2167,  126, 1469,
+    2476, 3239, 3058,  830,  107, 1908, 3082, 2378,
+    2931,  961, 1821, 2604,  448, 2264,  677, 2054,
+    2226,  430,  555,  843, 2078,  871, 1550,  105,
+     422,  587,  177, 3094, 3038, 2869, 1574, 1653,
+    3083,  778, 1159, 3182, 2552, 1483, 2727, 1119,
+    1739,  644, 2457,  349,  418,  329, 3173, 3254,
+     817, 1097,  603,  610, 1322, 2044, 1864,  384,
+    2114, 3193, 1218, 1994, 2455,  220, 2142, 1670,
+    2144, 1799, 2051,  794, 1819, 2475, 2459,  478,
+    3221, 3021,  996,  991,  958, 1869, 1522, 1628
+};
+
+
+#if !defined(WOLFSSL_ARMASM)
+/* Number-Theoretic Transform.
+ *
+ * FIPS 203, Algorithm 9: NTT(f)
+ * Computes the NTT representation f_hat of the given polynomial f element of
+ * R_q.
+ *   1: f_hat <- f
+ *   2: i <- 1
+ *   3: for (len <- 128; len >= 2; len <- len/2)
+ *   4:     for (start <- 0; start < 256; start <- start + 2.len)
+ *   5:         zeta <- zetas^BitRev_7(i) mod q
+ *   6:         i <- i + 1
+ *   7:         for (j <- start; j < start + len; j++)
+ *   8:             t <- zeta.f[j+len]
+ *   9:             f_hat[j+len] <- f_hat[j] - t
+ *  10:             f_hat[j] <- f_hat[j] - t
+ *  11:         end for
+ *  12:     end for
+ *  13: end for
+ *  14: return f_hat
+ *
+ * @param  [in, out]  r  Polynomial to transform.
+ */
+static void mlkem_ntt(sword16* r)
+{
+#ifdef WOLFSSL_MLKEM_SMALL
+    unsigned int len;
+    unsigned int k;
+    unsigned int j;
+
+    /* Step 2 */
+    k = 1;
+    /* Step 3 */
+    for (len = MLKEM_N / 2; len >= 2; len >>= 1) {
+        unsigned int start;
+        /* Step 4 */
+        for (start = 0; start < MLKEM_N; start = j + len) {
+            /* Step 5, 6*/
+            sword16 zeta = zetas[k++];
+            /* Step 7 */
+            for (j = start; j < start + len; ++j) {
+                /* Step 8 */
+                sword32 p = (sword32)zeta * r[j + len];
+                sword16 t = MLKEM_MONT_RED(p);
+                sword16 rj = r[j];
+                /* Step 9 */
+                r[j + len] = rj - t;
+                /* Step 10 */
+                r[j] = rj + t;
+            }
+        }
+    }
+
+    /* Reduce coefficients with quick algorithm. */
+    for (j = 0; j < MLKEM_N; ++j) {
+        r[j] = MLKEM_BARRETT_RED(r[j]);
+    }
+#elif defined(WOLFSSL_MLKEM_NO_LARGE_CODE)
+    /* Take out the first iteration. */
+    unsigned int len;
+    unsigned int k = 1;
+    unsigned int j;
+    unsigned int start;
+    sword16 zeta = zetas[k++];
+
+    for (j = 0; j < MLKEM_N / 2; ++j) {
+        sword32 p = (sword32)zeta * r[j + MLKEM_N / 2];
+        sword16 t = MLKEM_MONT_RED(p);
+        sword16 rj = r[j];
+        r[j + MLKEM_N / 2] = rj - t;
+        r[j] = rj + t;
+    }
+    for (len = MLKEM_N / 4; len >= 2; len >>= 1) {
+        for (start = 0; start < MLKEM_N; start = j + len) {
+            zeta = zetas[k++];
+            for (j = start; j < start + len; ++j) {
+                sword32 p = (sword32)zeta * r[j + len];
+                sword16 t = MLKEM_MONT_RED(p);
+                sword16 rj = r[j];
+                r[j + len] = rj - t;
+                r[j] = rj + t;
+            }
+        }
+    }
+
+    /* Reduce coefficients with quick algorithm. */
+    for (j = 0; j < MLKEM_N; ++j) {
+        r[j] = MLKEM_BARRETT_RED(r[j]);
+    }
+#elif defined(WOLFSSL_MLKEM_NTT_UNROLL)
+    /* Unroll len loop (Step 3). */
+    unsigned int k = 1;
+    unsigned int j;
+    unsigned int start;
+    sword16 zeta = zetas[k++];
+
+    /* len = 128 */
+    for (j = 0; j < MLKEM_N / 2; ++j) {
+        sword32 p = (sword32)zeta * r[j + MLKEM_N / 2];
+        sword16 t = MLKEM_MONT_RED(p);
+        sword16 rj = r[j];
+        r[j + MLKEM_N / 2] = rj - t;
+        r[j] = rj + t;
+    }
+    /* len = 64 */
+    for (start = 0; start < MLKEM_N; start += 2 * 64) {
+        zeta = zetas[k++];
+        for (j = 0; j < 64; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 64];
+            sword16 t = MLKEM_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 64] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 32 */
+    for (start = 0; start < MLKEM_N; start += 2 * 32) {
+        zeta = zetas[k++];
+        for (j = 0; j < 32; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 32];
+            sword16 t = MLKEM_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 32] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 16 */
+    for (start = 0; start < MLKEM_N; start += 2 * 16) {
+        zeta = zetas[k++];
+        for (j = 0; j < 16; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 16];
+            sword16 t = MLKEM_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 16] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 8 */
+    for (start = 0; start < MLKEM_N; start += 2 * 8) {
+        zeta = zetas[k++];
+        for (j = 0; j < 8; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 8];
+            sword16 t = MLKEM_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 8] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 4 */
+    for (start = 0; start < MLKEM_N; start += 2 * 4) {
+        zeta = zetas[k++];
+        for (j = 0; j < 4; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 4];
+            sword16 t = MLKEM_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 4] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 2 */
+    for (start = 0; start < MLKEM_N; start += 2 * 2) {
+        zeta = zetas[k++];
+        for (j = 0; j < 2; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 2];
+            sword16 t = MLKEM_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 2] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* Reduce coefficients with quick algorithm. */
+    for (j = 0; j < MLKEM_N; ++j) {
+        r[j] = MLKEM_BARRETT_RED(r[j]);
+    }
+#else
+    /* Unroll len (2, 3, 2) and start loops. */
+    unsigned int j;
+    sword16 t0;
+    sword16 t1;
+    sword16 t2;
+    sword16 t3;
+
+    /* len = 128,64 */
+    sword16 zeta128 = zetas[1];
+    sword16 zeta64_0 = zetas[2];
+    sword16 zeta64_1 = zetas[3];
+    for (j = 0; j < MLKEM_N / 8; j++) {
+        sword16 r0 = r[j +   0];
+        sword16 r1 = r[j +  32];
+        sword16 r2 = r[j +  64];
+        sword16 r3 = r[j +  96];
+        sword16 r4 = r[j + 128];
+        sword16 r5 = r[j + 160];
+        sword16 r6 = r[j + 192];
+        sword16 r7 = r[j + 224];
+
+        t0 = MLKEM_MONT_RED((sword32)zeta128 * r4);
+        t1 = MLKEM_MONT_RED((sword32)zeta128 * r5);
+        t2 = MLKEM_MONT_RED((sword32)zeta128 * r6);
+        t3 = MLKEM_MONT_RED((sword32)zeta128 * r7);
+        r4 = r0 - t0;
+        r5 = r1 - t1;
+        r6 = r2 - t2;
+        r7 = r3 - t3;
+        r0 += t0;
+        r1 += t1;
+        r2 += t2;
+        r3 += t3;
+
+        t0 = MLKEM_MONT_RED((sword32)zeta64_0 * r2);
+        t1 = MLKEM_MONT_RED((sword32)zeta64_0 * r3);
+        t2 = MLKEM_MONT_RED((sword32)zeta64_1 * r6);
+        t3 = MLKEM_MONT_RED((sword32)zeta64_1 * r7);
+        r2 = r0 - t0;
+        r3 = r1 - t1;
+        r6 = r4 - t2;
+        r7 = r5 - t3;
+        r0 += t0;
+        r1 += t1;
+        r4 += t2;
+        r5 += t3;
+
+        r[j +   0] = r0;
+        r[j +  32] = r1;
+        r[j +  64] = r2;
+        r[j +  96] = r3;
+        r[j + 128] = r4;
+        r[j + 160] = r5;
+        r[j + 192] = r6;
+        r[j + 224] = r7;
+    }
+
+    /* len = 32,16,8 */
+    for (j = 0; j < MLKEM_N; j += 64) {
+        int i;
+        sword16 zeta32   = zetas[ 4 + j / 64 + 0];
+        sword16 zeta16_0 = zetas[ 8 + j / 32 + 0];
+        sword16 zeta16_1 = zetas[ 8 + j / 32 + 1];
+        sword16 zeta8_0  = zetas[16 + j / 16 + 0];
+        sword16 zeta8_1  = zetas[16 + j / 16 + 1];
+        sword16 zeta8_2  = zetas[16 + j / 16 + 2];
+        sword16 zeta8_3  = zetas[16 + j / 16 + 3];
+        for (i = 0; i < 8; i++) {
+            sword16 r0 = r[j + i +  0];
+            sword16 r1 = r[j + i +  8];
+            sword16 r2 = r[j + i + 16];
+            sword16 r3 = r[j + i + 24];
+            sword16 r4 = r[j + i + 32];
+            sword16 r5 = r[j + i + 40];
+            sword16 r6 = r[j + i + 48];
+            sword16 r7 = r[j + i + 56];
+
+            t0 = MLKEM_MONT_RED((sword32)zeta32 * r4);
+            t1 = MLKEM_MONT_RED((sword32)zeta32 * r5);
+            t2 = MLKEM_MONT_RED((sword32)zeta32 * r6);
+            t3 = MLKEM_MONT_RED((sword32)zeta32 * r7);
+            r4 = r0 - t0;
+            r5 = r1 - t1;
+            r6 = r2 - t2;
+            r7 = r3 - t3;
+            r0 += t0;
+            r1 += t1;
+            r2 += t2;
+            r3 += t3;
+
+            t0 = MLKEM_MONT_RED((sword32)zeta16_0 * r2);
+            t1 = MLKEM_MONT_RED((sword32)zeta16_0 * r3);
+            t2 = MLKEM_MONT_RED((sword32)zeta16_1 * r6);
+            t3 = MLKEM_MONT_RED((sword32)zeta16_1 * r7);
+            r2 = r0 - t0;
+            r3 = r1 - t1;
+            r6 = r4 - t2;
+            r7 = r5 - t3;
+            r0 += t0;
+            r1 += t1;
+            r4 += t2;
+            r5 += t3;
+
+            t0 = MLKEM_MONT_RED((sword32)zeta8_0 * r1);
+            t1 = MLKEM_MONT_RED((sword32)zeta8_1 * r3);
+            t2 = MLKEM_MONT_RED((sword32)zeta8_2 * r5);
+            t3 = MLKEM_MONT_RED((sword32)zeta8_3 * r7);
+            r1 = r0 - t0;
+            r3 = r2 - t1;
+            r5 = r4 - t2;
+            r7 = r6 - t3;
+            r0 += t0;
+            r2 += t1;
+            r4 += t2;
+            r6 += t3;
+
+            r[j + i +  0] = r0;
+            r[j + i +  8] = r1;
+            r[j + i + 16] = r2;
+            r[j + i + 24] = r3;
+            r[j + i + 32] = r4;
+            r[j + i + 40] = r5;
+            r[j + i + 48] = r6;
+            r[j + i + 56] = r7;
+        }
+    }
+
+    /* len = 4,2 and Final reduction */
+    for (j = 0; j < MLKEM_N; j += 8) {
+        sword16 zeta4  = zetas[32 + j / 8 + 0];
+        sword16 zeta2_0 = zetas[64 + j / 4 + 0];
+        sword16 zeta2_1 = zetas[64 + j / 4 + 1];
+        sword16 r0 = r[j + 0];
+        sword16 r1 = r[j + 1];
+        sword16 r2 = r[j + 2];
+        sword16 r3 = r[j + 3];
+        sword16 r4 = r[j + 4];
+        sword16 r5 = r[j + 5];
+        sword16 r6 = r[j + 6];
+        sword16 r7 = r[j + 7];
+
+        t0 = MLKEM_MONT_RED((sword32)zeta4 * r4);
+        t1 = MLKEM_MONT_RED((sword32)zeta4 * r5);
+        t2 = MLKEM_MONT_RED((sword32)zeta4 * r6);
+        t3 = MLKEM_MONT_RED((sword32)zeta4 * r7);
+        r4 = r0 - t0;
+        r5 = r1 - t1;
+        r6 = r2 - t2;
+        r7 = r3 - t3;
+        r0 += t0;
+        r1 += t1;
+        r2 += t2;
+        r3 += t3;
+
+        t0 = MLKEM_MONT_RED((sword32)zeta2_0 * r2);
+        t1 = MLKEM_MONT_RED((sword32)zeta2_0 * r3);
+        t2 = MLKEM_MONT_RED((sword32)zeta2_1 * r6);
+        t3 = MLKEM_MONT_RED((sword32)zeta2_1 * r7);
+        r2 = r0 - t0;
+        r3 = r1 - t1;
+        r6 = r4 - t2;
+        r7 = r5 - t3;
+        r0 += t0;
+        r1 += t1;
+        r4 += t2;
+        r5 += t3;
+
+        r[j + 0] = MLKEM_BARRETT_RED(r0);
+        r[j + 1] = MLKEM_BARRETT_RED(r1);
+        r[j + 2] = MLKEM_BARRETT_RED(r2);
+        r[j + 3] = MLKEM_BARRETT_RED(r3);
+        r[j + 4] = MLKEM_BARRETT_RED(r4);
+        r[j + 5] = MLKEM_BARRETT_RED(r5);
+        r[j + 6] = MLKEM_BARRETT_RED(r6);
+        r[j + 7] = MLKEM_BARRETT_RED(r7);
+    }
+#endif
+}
+
+#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+/* Zetas for inverse NTT. */
+const sword16 zetas_inv[MLKEM_N / 2] = {
+    1701, 1807, 1460, 2371, 2338, 2333,  308,  108,
+    2851,  870,  854, 1510, 2535, 1278, 1530, 1185,
+    1659, 1187, 3109,  874, 1335, 2111,  136, 1215,
+    2945, 1465, 1285, 2007, 2719, 2726, 2232, 2512,
+      75,  156, 3000, 2911, 2980,  872, 2685, 1590,
+    2210,  602, 1846,  777,  147, 2170, 2551,  246,
+    1676, 1755,  460,  291,  235, 3152, 2742, 2907,
+    3224, 1779, 2458, 1251, 2486, 2774, 2899, 1103,
+    1275, 2652, 1065, 2881,  725, 1508, 2368,  398,
+     951,  247, 1421, 3222, 2499,  271,   90,  853,
+    1860, 3203, 1162, 1618,  666,  320,    8, 2813,
+    1544,  282, 1838, 1293, 2314,  552, 2677, 2106,
+    1571,  205, 2918, 1542, 2721, 2597, 2312,  681,
+     130, 1602, 1871,  829, 2946, 3065, 1325, 2756,
+    1861, 1474, 1202, 2367, 3147, 1752, 2707,  171,
+    3127, 3042, 1907, 1836, 1517,  359,  758, 1441
+};
+
+/* Inverse Number-Theoretic Transform.
+ *
+ * FIPS 203, Algorithm 10: NTT^-1(f_hat)
+ * Computes the polynomial f element of R_q that corresponds to the given NTT
+ * representation f element of T_q.
+ *   1: f <- f_hat
+ *   2: i <- 127
+ *   3: for (len <- 2; len <= 128 ; len <- 2.len)
+ *   4:     for (start <- 0; start < 256; start <- start + 2.len)
+ *   5:         zeta <- zetas^BitRev_7(i) mod q
+ *   6:         i <- i - 1
+ *   7:         for (j <- start; j < start + len; j++)
+ *   8:             t <- f[j]
+ *   9:             f[j] < t + f[j + len]
+ *  10:             f[j + len] <- zeta.(f[j+len] - t)
+ *  11:         end for
+ *  12:     end for
+ *  13: end for
+ *  14: f <- f.3303 mod q
+ *  15: return f
+ *
+ * @param  [in, out]  r  Polynomial to transform.
+ */
+static void mlkem_invntt(sword16* r)
+{
+#ifdef WOLFSSL_MLKEM_SMALL
+    unsigned int len;
+    unsigned int k;
+    unsigned int j;
+    sword16 zeta;
+
+    /* Step 2 - table reversed */
+    k = 0;
+    /* Step 3 */
+    for (len = 2; len <= MLKEM_N / 2; len <<= 1) {
+        unsigned int start;
+        /* Step 4 */
+        for (start = 0; start < MLKEM_N; start = j + len) {
+            /* Step 5, 6 */
+            zeta = zetas_inv[k++];
+            /* Step 7 */
+            for (j = start; j < start + len; ++j) {
+                sword32 p;
+                /* Step 8 */
+                sword16 rj = r[j];
+                sword16 rjl = r[j + len];
+                /* Step 9 */
+                sword16 t = rj + rjl;
+                r[j] = MLKEM_BARRETT_RED(t);
+                /* Step 10 */
+                rjl = rj - rjl;
+                p = (sword32)zeta * rjl;
+                r[j + len] = MLKEM_MONT_RED(p);
+            }
+        }
+    }
+
+    /* Step 14 */
+    zeta = zetas_inv[127];
+    for (j = 0; j < MLKEM_N; ++j) {
+        sword32 p = (sword32)zeta * r[j];
+        r[j] = MLKEM_MONT_RED(p);
+    }
+#elif defined(WOLFSSL_MLKEM_NO_LARGE_CODE)
+    /* Take out last iteration. */
+    unsigned int len;
+    unsigned int k;
+    unsigned int j;
+    sword16 zeta;
+    sword16 zeta2;
+
+    k = 0;
+    for (len = 2; len <= MLKEM_N / 4; len <<= 1) {
+        unsigned int start;
+        for (start = 0; start < MLKEM_N; start = j + len) {
+            zeta = zetas_inv[k++];
+            for (j = start; j < start + len; ++j) {
+                sword32 p;
+                sword16 rj = r[j];
+                sword16 rjl = r[j + len];
+                sword16 t = rj + rjl;
+                r[j] = MLKEM_BARRETT_RED(t);
+                rjl = rj - rjl;
+                p = (sword32)zeta * rjl;
+                r[j + len] = MLKEM_MONT_RED(p);
+            }
+        }
+    }
+
+    zeta = zetas_inv[126];
+    zeta2 = zetas_inv[127];
+    for (j = 0; j < MLKEM_N / 2; ++j) {
+        sword32 p;
+        sword16 rj = r[j];
+        sword16 rjl = r[j + MLKEM_N / 2];
+        sword16 t = rj + rjl;
+        rjl = rj - rjl;
+        p = (sword32)zeta * rjl;
+        r[j] = t;
+        r[j + MLKEM_N / 2] = MLKEM_MONT_RED(p);
+
+        p = (sword32)zeta2 * r[j];
+        r[j] = MLKEM_MONT_RED(p);
+        p = (sword32)zeta2 * r[j + MLKEM_N / 2];
+        r[j + MLKEM_N / 2] = MLKEM_MONT_RED(p);
+    }
+#elif defined(WOLFSSL_MLKEM_INVNTT_UNROLL)
+    /* Unroll len loop (Step 3). */
+    unsigned int k;
+    unsigned int j;
+    unsigned int start;
+    sword16 zeta;
+    sword16 zeta2;
+
+    k = 0;
+    /* len = 2 */
+    for (start = 0; start < MLKEM_N; start += 2 * 2) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 2; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 2];
+            sword16 t = rj + rjl;
+            r[start + j] = t;
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 2] = MLKEM_MONT_RED(p);
+        }
+    }
+    /* len = 4 */
+    for (start = 0; start < MLKEM_N; start += 2 * 4) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 4; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 4];
+            sword16 t = rj + rjl;
+            r[start + j] = t;
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 4] = MLKEM_MONT_RED(p);
+        }
+    }
+    /* len = 8 */
+    for (start = 0; start < MLKEM_N; start += 2 * 8) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 8; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 8];
+            sword16 t = rj + rjl;
+            /* Reduce. */
+            r[start + j] = MLKEM_BARRETT_RED(t);
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 8] = MLKEM_MONT_RED(p);
+        }
+    }
+    /* len = 16 */
+    for (start = 0; start < MLKEM_N; start += 2 * 16) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 16; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 16];
+            sword16 t = rj + rjl;
+            r[start + j] = t;
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 16] = MLKEM_MONT_RED(p);
+        }
+    }
+    /* len = 32 */
+    for (start = 0; start < MLKEM_N; start += 2 * 32) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 32; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 32];
+            sword16 t = rj + rjl;
+            r[start + j] = t;
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 32] = MLKEM_MONT_RED(p);
+        }
+    }
+    /* len = 64 */
+    for (start = 0; start < MLKEM_N; start += 2 * 64) {
+        zeta = zetas_inv[k++];
+        for (j = 0; j < 64; ++j) {
+            sword32 p;
+            sword16 rj = r[start + j];
+            sword16 rjl = r[start + j + 64];
+            sword16 t = rj + rjl;
+            /* Reduce. */
+            r[start + j] = MLKEM_BARRETT_RED(t);
+            rjl = rj - rjl;
+            p = (sword32)zeta * rjl;
+            r[start + j + 64] = MLKEM_MONT_RED(p);
+        }
+    }
+    /* len = 128, 256 */
+    zeta = zetas_inv[126];
+    zeta2 = zetas_inv[127];
+    for (j = 0; j < MLKEM_N / 2; ++j) {
+        sword32 p;
+        sword16 rj = r[j];
+        sword16 rjl = r[j + MLKEM_N / 2];
+        sword16 t = rj + rjl;
+        rjl = rj - rjl;
+        p = (sword32)zeta * rjl;
+        r[j] = t;
+        r[j + MLKEM_N / 2] = MLKEM_MONT_RED(p);
+
+        p = (sword32)zeta2 * r[j];
+        r[j] = MLKEM_MONT_RED(p);
+        p = (sword32)zeta2 * r[j + MLKEM_N / 2];
+        r[j + MLKEM_N / 2] = MLKEM_MONT_RED(p);
+    }
+#else
+    /* Unroll len (2, 3, 3) and start loops. */
+    unsigned int j;
+    sword16 t0;
+    sword16 t1;
+    sword16 t2;
+    sword16 t3;
+    sword16 zeta64_0;
+    sword16 zeta64_1;
+    sword16 zeta128;
+    sword16 zeta256;
+    sword32 p;
+
+    for (j = 0; j < MLKEM_N; j += 8) {
+        sword16 zeta2_0 = zetas_inv[ 0 + j / 4 + 0];
+        sword16 zeta2_1 = zetas_inv[ 0 + j / 4 + 1];
+        sword16 zeta4   = zetas_inv[64 + j / 8 + 0];
+        sword16 r0 = r[j + 0];
+        sword16 r1 = r[j + 1];
+        sword16 r2 = r[j + 2];
+        sword16 r3 = r[j + 3];
+        sword16 r4 = r[j + 4];
+        sword16 r5 = r[j + 5];
+        sword16 r6 = r[j + 6];
+        sword16 r7 = r[j + 7];
+
+        p = (sword32)zeta2_0 * (sword16)(r0 - r2);
+        t0 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta2_0 * (sword16)(r1 - r3);
+        t1 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta2_1 * (sword16)(r4 - r6);
+        t2 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta2_1 * (sword16)(r5 - r7);
+        t3 = MLKEM_MONT_RED(p);
+        r0 += r2;
+        r1 += r3;
+        r4 += r6;
+        r5 += r7;
+        r2 = t0;
+        r3 = t1;
+        r6 = t2;
+        r7 = t3;
+
+        p = (sword32)zeta4 * (sword16)(r0 - r4);
+        t0 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta4 * (sword16)(r1 - r5);
+        t1 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta4 * (sword16)(r2 - r6);
+        t2 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta4 * (sword16)(r3 - r7);
+        t3 = MLKEM_MONT_RED(p);
+        r0 += r4;
+        r1 += r5;
+        r2 += r6;
+        r3 += r7;
+        r4 = t0;
+        r5 = t1;
+        r6 = t2;
+        r7 = t3;
+
+        r[j + 0] = r0;
+        r[j + 1] = r1;
+        r[j + 2] = r2;
+        r[j + 3] = r3;
+        r[j + 4] = r4;
+        r[j + 5] = r5;
+        r[j + 6] = r6;
+        r[j + 7] = r7;
+    }
+
+    for (j = 0; j < MLKEM_N; j += 64) {
+        int i;
+        sword16 zeta8_0  = zetas_inv[ 96 + j / 16 + 0];
+        sword16 zeta8_1  = zetas_inv[ 96 + j / 16 + 1];
+        sword16 zeta8_2  = zetas_inv[ 96 + j / 16 + 2];
+        sword16 zeta8_3  = zetas_inv[ 96 + j / 16 + 3];
+        sword16 zeta16_0 = zetas_inv[112 + j / 32 + 0];
+        sword16 zeta16_1 = zetas_inv[112 + j / 32 + 1];
+        sword16 zeta32   = zetas_inv[120 + j / 64 + 0];
+        for (i = 0; i < 8; i++) {
+            sword16 r0 = r[j + i +  0];
+            sword16 r1 = r[j + i +  8];
+            sword16 r2 = r[j + i + 16];
+            sword16 r3 = r[j + i + 24];
+            sword16 r4 = r[j + i + 32];
+            sword16 r5 = r[j + i + 40];
+            sword16 r6 = r[j + i + 48];
+            sword16 r7 = r[j + i + 56];
+
+            p = (sword32)zeta8_0 * (sword16)(r0 - r1);
+            t0 = MLKEM_MONT_RED(p);
+            p = (sword32)zeta8_1 * (sword16)(r2 - r3);
+            t1 = MLKEM_MONT_RED(p);
+            p = (sword32)zeta8_2 * (sword16)(r4 - r5);
+            t2 = MLKEM_MONT_RED(p);
+            p = (sword32)zeta8_3 * (sword16)(r6 - r7);
+            t3 = MLKEM_MONT_RED(p);
+            r0 = MLKEM_BARRETT_RED(r0 + r1);
+            r2 = MLKEM_BARRETT_RED(r2 + r3);
+            r4 = MLKEM_BARRETT_RED(r4 + r5);
+            r6 = MLKEM_BARRETT_RED(r6 + r7);
+            r1 = t0;
+            r3 = t1;
+            r5 = t2;
+            r7 = t3;
+
+            p = (sword32)zeta16_0 * (sword16)(r0 - r2);
+            t0 = MLKEM_MONT_RED(p);
+            p = (sword32)zeta16_0 * (sword16)(r1 - r3);
+            t1 = MLKEM_MONT_RED(p);
+            p = (sword32)zeta16_1 * (sword16)(r4 - r6);
+            t2 = MLKEM_MONT_RED(p);
+            p = (sword32)zeta16_1 * (sword16)(r5 - r7);
+            t3 = MLKEM_MONT_RED(p);
+            r0 += r2;
+            r1 += r3;
+            r4 += r6;
+            r5 += r7;
+            r2 = t0;
+            r3 = t1;
+            r6 = t2;
+            r7 = t3;
+
+            p = (sword32)zeta32 * (sword16)(r0 - r4);
+            t0 = MLKEM_MONT_RED(p);
+            p = (sword32)zeta32 * (sword16)(r1 - r5);
+            t1 = MLKEM_MONT_RED(p);
+            p = (sword32)zeta32 * (sword16)(r2 - r6);
+            t2 = MLKEM_MONT_RED(p);
+            p = (sword32)zeta32 * (sword16)(r3 - r7);
+            t3 = MLKEM_MONT_RED(p);
+            r0 += r4;
+            r1 += r5;
+            r2 += r6;
+            r3 += r7;
+            r4 = t0;
+            r5 = t1;
+            r6 = t2;
+            r7 = t3;
+
+            r[j + i +  0] = r0;
+            r[j + i +  8] = r1;
+            r[j + i + 16] = r2;
+            r[j + i + 24] = r3;
+            r[j + i + 32] = r4;
+            r[j + i + 40] = r5;
+            r[j + i + 48] = r6;
+            r[j + i + 56] = r7;
+        }
+    }
+
+    zeta64_0 = zetas_inv[124];
+    zeta64_1 = zetas_inv[125];
+    zeta128  = zetas_inv[126];
+    zeta256  = zetas_inv[127];
+    for (j = 0; j < MLKEM_N / 8; j++) {
+        sword16 r0 = r[j +   0];
+        sword16 r1 = r[j +  32];
+        sword16 r2 = r[j +  64];
+        sword16 r3 = r[j +  96];
+        sword16 r4 = r[j + 128];
+        sword16 r5 = r[j + 160];
+        sword16 r6 = r[j + 192];
+        sword16 r7 = r[j + 224];
+
+        p = (sword32)zeta64_0 * (sword16)(r0 - r2);
+        t0 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta64_0 * (sword16)(r1 - r3);
+        t1 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta64_1 * (sword16)(r4 - r6);
+        t2 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta64_1 * (sword16)(r5 - r7);
+        t3 = MLKEM_MONT_RED(p);
+        r0 = MLKEM_BARRETT_RED(r0 + r2);
+        r1 = MLKEM_BARRETT_RED(r1 + r3);
+        r4 = MLKEM_BARRETT_RED(r4 + r6);
+        r5 = MLKEM_BARRETT_RED(r5 + r7);
+        r2 = t0;
+        r3 = t1;
+        r6 = t2;
+        r7 = t3;
+
+        p = (sword32)zeta128 * (sword16)(r0 - r4);
+        t0 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta128 * (sword16)(r1 - r5);
+        t1 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta128 * (sword16)(r2 - r6);
+        t2 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta128 * (sword16)(r3 - r7);
+        t3 = MLKEM_MONT_RED(p);
+        r0 += r4;
+        r1 += r5;
+        r2 += r6;
+        r3 += r7;
+        r4 = t0;
+        r5 = t1;
+        r6 = t2;
+        r7 = t3;
+
+        p = (sword32)zeta256 * r0;
+        r0 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta256 * r1;
+        r1 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta256 * r2;
+        r2 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta256 * r3;
+        r3 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta256 * r4;
+        r4 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta256 * r5;
+        r5 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta256 * r6;
+        r6 = MLKEM_MONT_RED(p);
+        p = (sword32)zeta256 * r7;
+        r7 = MLKEM_MONT_RED(p);
+
+        r[j +   0] = r0;
+        r[j +  32] = r1;
+        r[j +  64] = r2;
+        r[j +  96] = r3;
+        r[j + 128] = r4;
+        r[j + 160] = r5;
+        r[j + 192] = r6;
+        r[j + 224] = r7;
+    }
+#endif
+}
+#endif
+
+/* Multiplication of polynomials in Zq[X]/(X^2-zeta).
+ *
+ * Used for multiplication of elements in Rq in NTT domain.
+ *
+ * FIPS 203, Algorithm 12: BaseCaseMultiply(a0, a1, b0, b1, zeta)
+ * Computes the product of two degree-one polynomials with respect to a
+ * quadratic modulus.
+ *   1: c0 <- a0.b0 + a1.b1.zeta
+ *   2: c1 <- a0.b1 + a1.b0
+ *   3: return (c0, c1)
+ *
+ * @param  [out]  r     Result polynomial.
+ * @param  [in]   a     First factor.
+ * @param  [in]   b     Second factor.
+ * @param  [in]   zeta  Integer defining the reduction polynomial.
+ */
+static void mlkem_basemul(sword16* r, const sword16* a, const sword16* b,
+    sword16 zeta)
+{
+    sword16 r0;
+    sword16 a0 = a[0];
+    sword16 a1 = a[1];
+    sword16 b0 = b[0];
+    sword16 b1 = b[1];
+    sword32 p1;
+    sword32 p2;
+
+    /* Step 1 */
+    p1   = (sword32)a0 * b0;
+    p2   = (sword32)a1 * b1;
+    r0   = MLKEM_MONT_RED(p2);
+    p2   = (sword32)zeta * r0;
+    p2  += p1;
+    r[0] = MLKEM_MONT_RED(p2);
+
+    /* Step 2 */
+    p1   = (sword32)a0 * b1;
+    p2   = (sword32)a1 * b0;
+    p1  += p2;
+    r[1] = MLKEM_MONT_RED(p1);
+}
+
+/* Multiply two polynomials in NTT domain. r = a * b.
+ *
+ * FIPS 203, Algorithm 11: MultiplyNTTs(f_hat, g_hat)
+ * Computes the product (in the ring T_q) of two NTT representations.
+ *   1: for (i <- 0; i < 128; i++)
+ *   2:     (h_hat[2i],h_hat[2i+1]) <-
+ *              BaseCaseMultiply(f_hat[2i],f_hat[2i+1],g_hat[2i],g_hat[2i+1],
+ *                               zetas^(BitRev_7(i)+1)
+ *   3: end for
+ *   4: return h_hat
+ *
+ * @param  [out]  r  Result polynomial.
+ * @param  [in]   a  First polynomial multiplier.
+ * @param  [in]   b  Second polynomial multiplier.
+ */
+static void mlkem_basemul_mont(sword16* r, const sword16* a, const sword16* b)
+{
+    const sword16* zeta = zetas + 64;
+
+#if defined(WOLFSSL_MLKEM_SMALL)
+    /* Two multiplications per loop. */
+    unsigned int i;
+    /* Step 1 */
+    for (i = 0; i < MLKEM_N; i += 4, zeta++) {
+        /* Step 2 */
+        mlkem_basemul(r + i + 0, a + i + 0, b + i + 0,  zeta[0]);
+        mlkem_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]);
+    }
+#elif defined(WOLFSSL_MLKEM_NO_LARGE_CODE)
+    /* Four multiplications per loop. */
+    unsigned int i;
+    for (i = 0; i < MLKEM_N; i += 8, zeta += 2) {
+        mlkem_basemul(r + i + 0, a + i + 0, b + i + 0,  zeta[0]);
+        mlkem_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]);
+        mlkem_basemul(r + i + 4, a + i + 4, b + i + 4,  zeta[1]);
+        mlkem_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]);
+    }
+#else
+    /* Eight multiplications per loop. */
+    unsigned int i;
+    for (i = 0; i < MLKEM_N; i += 16, zeta += 4) {
+        mlkem_basemul(r + i +  0, a + i +  0, b + i +  0,  zeta[0]);
+        mlkem_basemul(r + i +  2, a + i +  2, b + i +  2, -zeta[0]);
+        mlkem_basemul(r + i +  4, a + i +  4, b + i +  4,  zeta[1]);
+        mlkem_basemul(r + i +  6, a + i +  6, b + i +  6, -zeta[1]);
+        mlkem_basemul(r + i +  8, a + i +  8, b + i +  8,  zeta[2]);
+        mlkem_basemul(r + i + 10, a + i + 10, b + i + 10, -zeta[2]);
+        mlkem_basemul(r + i + 12, a + i + 12, b + i + 12,  zeta[3]);
+        mlkem_basemul(r + i + 14, a + i + 14, b + i + 14, -zeta[3]);
+    }
+#endif
+}
+
+/* Multiply two polynomials in NTT domain and add to result. r += a * b.
+ *
+ * FIPS 203, Algorithm 11: MultiplyNTTs(f_hat, g_hat)
+ * Computes the product (in the ring T_q) of two NTT representations.
+ *   1: for (i <- 0; i < 128; i++)
+ *   2:     (h_hat[2i],h_hat[2i+1]) <-
+ *              BaseCaseMultiply(f_hat[2i],f_hat[2i+1],g_hat[2i],g_hat[2i+1],
+ *                               zetas^(BitRev_7(i)+1)
+ *   3: end for
+ *   4: return h_hat
+ * Add h_hat to r.
+ *
+ * @param  [in, out]  r  Result polynomial.
+ * @param  [in]       a  First polynomial multiplier.
+ * @param  [in]       b  Second polynomial multiplier.
+ */
+static void mlkem_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b)
+{
+    const sword16* zeta = zetas + 64;
+
+#if defined(WOLFSSL_MLKEM_SMALL)
+    /* Two multiplications per loop. */
+    unsigned int i;
+    for (i = 0; i < MLKEM_N; i += 4, zeta++) {
+        sword16 t0[2];
+        sword16 t2[2];
+
+        mlkem_basemul(t0, a + i + 0, b + i + 0,  zeta[0]);
+        mlkem_basemul(t2, a + i + 2, b + i + 2, -zeta[0]);
+
+        r[i + 0] += t0[0];
+        r[i + 1] += t0[1];
+        r[i + 2] += t2[0];
+        r[i + 3] += t2[1];
+    }
+#elif defined(WOLFSSL_MLKEM_NO_LARGE_CODE)
+    /* Four multiplications per loop. */
+    unsigned int i;
+    for (i = 0; i < MLKEM_N; i += 8, zeta += 2) {
+        sword16 t0[2];
+        sword16 t2[2];
+        sword16 t4[2];
+        sword16 t6[2];
+
+        mlkem_basemul(t0, a + i + 0, b + i + 0,  zeta[0]);
+        mlkem_basemul(t2, a + i + 2, b + i + 2, -zeta[0]);
+        mlkem_basemul(t4, a + i + 4, b + i + 4,  zeta[1]);
+        mlkem_basemul(t6, a + i + 6, b + i + 6, -zeta[1]);
+
+        r[i + 0] += t0[0];
+        r[i + 1] += t0[1];
+        r[i + 2] += t2[0];
+        r[i + 3] += t2[1];
+        r[i + 4] += t4[0];
+        r[i + 5] += t4[1];
+        r[i + 6] += t6[0];
+        r[i + 7] += t6[1];
+    }
+#else
+    /* Eight multiplications per loop. */
+    unsigned int i;
+    for (i = 0; i < MLKEM_N; i += 16, zeta += 4) {
+        sword16 t0[2];
+        sword16 t2[2];
+        sword16 t4[2];
+        sword16 t6[2];
+        sword16 t8[2];
+        sword16 t10[2];
+        sword16 t12[2];
+        sword16 t14[2];
+
+        mlkem_basemul(t0, a + i + 0, b + i + 0,  zeta[0]);
+        mlkem_basemul(t2, a + i + 2, b + i + 2, -zeta[0]);
+        mlkem_basemul(t4, a + i + 4, b + i + 4,  zeta[1]);
+        mlkem_basemul(t6, a + i + 6, b + i + 6, -zeta[1]);
+        mlkem_basemul(t8, a + i + 8, b + i + 8,  zeta[2]);
+        mlkem_basemul(t10, a + i + 10, b + i + 10, -zeta[2]);
+        mlkem_basemul(t12, a + i + 12, b + i + 12,  zeta[3]);
+        mlkem_basemul(t14, a + i + 14, b + i + 14, -zeta[3]);
+
+        r[i + 0] += t0[0];
+        r[i + 1] += t0[1];
+        r[i + 2] += t2[0];
+        r[i + 3] += t2[1];
+        r[i + 4] += t4[0];
+        r[i + 5] += t4[1];
+        r[i + 6] += t6[0];
+        r[i + 7] += t6[1];
+        r[i + 8] += t8[0];
+        r[i + 9] += t8[1];
+        r[i + 10] += t10[0];
+        r[i + 11] += t10[1];
+        r[i + 12] += t12[0];
+        r[i + 13] += t12[1];
+        r[i + 14] += t14[0];
+        r[i + 15] += t14[1];
+    }
+#endif
+}
+#endif
+
+/* Pointwise multiply elements of a and b, into r, and multiply by 2^-16.
+ *
+ * @param  [out]  r  Result polynomial.
+ * @param  [in]   a  First vector polynomial to multiply with.
+ * @param  [in]   b  Second vector polynomial to multiply with.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void mlkem_pointwise_acc_mont(sword16* r, const sword16* a,
+    const sword16* b, unsigned int k)
+{
+    unsigned int i;
+
+    mlkem_basemul_mont(r, a, b);
+#ifdef WOLFSSL_MLKEM_SMALL
+    for (i = 1; i < k; ++i) {
+        mlkem_basemul_mont_add(r, a + i * MLKEM_N, b + i * MLKEM_N);
+    }
+#else
+    for (i = 1; i < k - 1; ++i) {
+        mlkem_basemul_mont_add(r, a + i * MLKEM_N, b + i * MLKEM_N);
+    }
+    mlkem_basemul_mont_add(r, a + (k - 1) * MLKEM_N, b + (k - 1) * MLKEM_N);
+#endif
+}
+
+/******************************************************************************/
+
+/* Initialize Kyber implementation.
+ */
+void mlkem_init(void)
+{
+#if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \
+    defined(WOLFSSL_ARMASM))
+    cpuid_flags = cpuid_get_flags();
+#endif
+}
+
+/******************************************************************************/
+
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+/* Generate a public-private key pair from randomly generated data.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   16: s_hat <- NTT(s)
+ *   17: e_hat <- NTT(e)
+ *   18: t^hat <- A_hat o s_hat + e_hat
+ *   ...
+ *
+ * @param  [in, out]  s  Private key vector of polynomials.
+ * @param  [out]      t  Public key vector of polynomials.
+ * @param  [in]       e  Error values as a vector of polynomials. Modified.
+ * @param  [in]       a  Random values in an array of vectors of polynomials.
+ * @param  [in]       k  Number of polynomials in vector.
+ */
+void mlkem_keygen(sword16* s, sword16* t, sword16* e, const sword16* a, int k)
+{
+    int i;
+
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+    if (IS_AARCH64_RDM(cpuid_flags)) {
+        /* Transform private key. All of result used in public key calculation.
+         * Step 16: s_hat = NTT(s) */
+        for (i = 0; i < k; ++i) {
+            mlkem_ntt_sqrdmlsh(s + i * MLKEM_N);
+        }
+
+        /* For each polynomial in the vectors.
+         * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */
+        for (i = 0; i < k; ++i) {
+            /* Multiply a by private into public polynomial.
+             * Step 18: ... A_hat o s_hat ... */
+            mlkem_pointwise_acc_mont(t + i * MLKEM_N, a + i * k * MLKEM_N, s,
+                k);
+            /* Convert public polynomial to Montgomery form.
+             * Step 18: ... MontRed(A_hat o s_hat) ... */
+            mlkem_to_mont_sqrdmlsh(t + i * MLKEM_N);
+            /* Transform error values polynomial.
+             * Step 17: e_hat = NTT(e) */
+            mlkem_ntt_sqrdmlsh(e + i * MLKEM_N);
+            /* Add errors to public key and reduce.
+             * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */
+            mlkem_add_reduce(t + i * MLKEM_N, e + i * MLKEM_N);
+        }
+    }
+    else
+#endif
+    {
+        /* Transform private key. All of result used in public key calculation.
+         * Step 16: s_hat = NTT(s) */
+        for (i = 0; i < k; ++i) {
+            mlkem_ntt(s + i * MLKEM_N);
+        }
+
+        /* For each polynomial in the vectors.
+         * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */
+        for (i = 0; i < k; ++i) {
+            /* Multiply a by private into public polynomial.
+             * Step 18: ... A_hat o s_hat ... */
+            mlkem_pointwise_acc_mont(t + i * MLKEM_N, a + i * k * MLKEM_N, s,
+                k);
+            /* Convert public polynomial to Montgomery form.
+             * Step 18: ... MontRed(A_hat o s_hat) ... */
+            mlkem_to_mont(t + i * MLKEM_N);
+            /* Transform error values polynomial.
+             * Step 17: e_hat = NTT(e) */
+            mlkem_ntt(e + i * MLKEM_N);
+            /* Add errors to public key and reduce.
+             * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */
+            mlkem_add_reduce(t + i * MLKEM_N, e + i * MLKEM_N);
+        }
+    }
+}
+#endif /* WOLFSSL_MLKEM_NO_MAKE_KEY */
+
+#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+/* Encapsulate message.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE, m, r)
+ *   ...
+ *   Step 18: y_hat <- NTT(y)
+ *   Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1)
+ *   ...
+ *   Step 21: v <- InvNTT(t_hat_trans o y_hat) + e_2 + mu)
+ *   ...
+ *
+ * @param  [in]   t   Public key vector of polynomials.
+ * @param  [out]  u   Vector of polynomials.
+ * @param  [out]  v   Polynomial.
+ * @param  [in]   a   Array of vector of polynomials.
+ * @param  [in]   y   Vector of polynomials.
+ * @param  [in]   e1  Error Vector of polynomials.
+ * @param  [in]   e2  Error polynomial.
+ * @param  [in]   m   Message polynomial.
+ * @param  [in]   k   Number of polynomials in vector.
+ * @return  0 on success.
+ *
+ */
+void mlkem_encapsulate(const sword16* t, sword16* u , sword16* v,
+    const sword16* a, sword16* y, const sword16* e1, const sword16* e2,
+    const sword16* m, int k)
+{
+    int i;
+
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+    if (IS_AARCH64_RDM(cpuid_flags)) {
+        /* Transform y. All of result used in calculation of u and v.
+         * Step 18: y_hat <- NTT(y) */
+        for (i = 0; i < k; ++i) {
+            mlkem_ntt_sqrdmlsh(y + i * MLKEM_N);
+        }
+
+        /* For each polynomial in the vectors.
+         * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */
+        for (i = 0; i < k; ++i) {
+            /* Multiply at by y into u polynomial.
+             * Step 19: ... A_hat_trans o y_hat ... */
+            mlkem_pointwise_acc_mont(u + i * MLKEM_N, a + i * k * MLKEM_N, y,
+                k);
+            /* Inverse transform u  polynomial.
+             * Step 19: ... InvNTT(A_hat_trans o y_hat) ... */
+            mlkem_invntt_sqrdmlsh(u  + i * MLKEM_N);
+            /* Add errors to u  and reduce.
+             * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */
+            mlkem_add_reduce(u  + i * MLKEM_N, e1 + i * MLKEM_N);
+        }
+
+        /* Multiply public key by y into v polynomial.
+         * Step 21: ... t_hat_trans o y_hat ... */
+        mlkem_pointwise_acc_mont(v, t, y, k);
+        /* Inverse transform v.
+         * Step 22: ... InvNTT(t_hat_trans o y_hat) ... */
+        mlkem_invntt_sqrdmlsh(v);
+    }
+    else
+#endif
+    {
+        /* Transform y. All of result used in calculation of u and v.
+         * Step 18: y_hat <- NTT(y) */
+        for (i = 0; i < k; ++i) {
+            mlkem_ntt(y + i * MLKEM_N);
+        }
+
+        /* For each polynomial in the vectors.
+         * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */
+        for (i = 0; i < k; ++i) {
+            /* Multiply at by y into u polynomial.
+             * Step 19: ... A_hat_trans o y_hat ... */
+            mlkem_pointwise_acc_mont(u + i * MLKEM_N, a + i * k * MLKEM_N, y,
+                k);
+            /* Inverse transform u  polynomial.
+             * Step 19: ... InvNTT(A_hat_trans o y_hat) ... */
+            mlkem_invntt(u + i * MLKEM_N);
+            /* Add errors to u and reduce.
+             * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */
+            mlkem_add_reduce(u + i * MLKEM_N, e1 + i * MLKEM_N);
+        }
+
+        /* Multiply public key by y into v polynomial.
+         * Step 21: ... t_hat_trans o y_hat ... */
+        mlkem_pointwise_acc_mont(v, t, y, k);
+        /* Inverse transform v.
+         * Step 22: ... InvNTT(t_hat_trans o y_hat) ... */
+        mlkem_invntt(v);
+    }
+    /* Add errors and message to v and reduce.
+     * Step 21: v <- InvNTT(t_hat_trans o y_hat) + e_2 + mu) */
+    mlkem_add3_reduce(v, e2, m);
+}
+#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE || !WOLFSSL_MLKEM_NO_DECAPSULATE */
+
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+/* Decapsulate message.
+ *
+ * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c)
+ * Uses the decryption key to decrypt a ciphertext.
+ *   ...
+ *   6: w <- v' - InvNTT(s_hat_trans o NTT(u'))
+ *   ...
+ *
+ * @param  [in]   s  Decryption key as vector of polynomials.
+ * @param  [out]  w  Message polynomial.
+ * @param  [in]   u  Vector of polynomials containing error.
+ * @param  [in]   v  Encapsulated message polynomial.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+void mlkem_decapsulate(const sword16* s, sword16* w, sword16* u,
+    const sword16* v, int k)
+{
+    int i;
+
+#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
+    if (IS_AARCH64_RDM(cpuid_flags)) {
+        /* Transform u. All of result used in calculation of w.
+         * Step 6: ... NTT(u') */
+        for (i = 0; i < k; ++i) {
+            mlkem_ntt_sqrdmlsh(u + i * MLKEM_N);
+        }
+
+        /* Multiply private key by u into w polynomial.
+         * Step 6: ... s_hat_trans o NTT(u') */
+        mlkem_pointwise_acc_mont(w, s, u, k);
+        /* Inverse transform w.
+         * Step 6: ... InvNTT(s_hat_trans o NTT(u')) */
+        mlkem_invntt_sqrdmlsh(w);
+    }
+    else
+#endif
+    {
+        /* Transform u. All of result used in calculation of w.
+         * Step 6: ... NTT(u') */
+        for (i = 0; i < k; ++i) {
+            mlkem_ntt(u + i * MLKEM_N);
+        }
+
+        /* Multiply private key by u into w polynomial.
+         * Step 6: ... s_hat_trans o NTT(u') */
+        mlkem_pointwise_acc_mont(w, s, u, k);
+        /* Inverse transform w.
+         * Step 6: ... InvNTT(s_hat_trans o NTT(u')) */
+        mlkem_invntt(w);
+    }
+    /* Subtract errors (in w) out of v and reduce into w.
+     * Step 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) */
+    mlkem_rsub_reduce(w, v);
+}
+#endif /* !WOLFSSL_MLKEM_NO_DECAPSULATE */
+
+#else
+
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+
+#if !defined(WOLFSSL_MLKEM_SMALL) && !defined(WOLFSSL_MLKEM_NO_LARGE_CODE)
+/* Number-Theoretic Transform.
+ *
+ * FIPS 203, Algorithm 9: NTT(f)
+ * Computes the NTT representation f_hat of the given polynomial f element of
+ * R_q.
+ *   1: f_hat <- f
+ *   2: i <- 1
+ *   3: for (len <- 128; len >= 2; len <- len/2)
+ *   4:     for (start <- 0; start < 256; start <- start + 2.len)
+ *   5:         zeta <- zetas^BitRev_7(i) mod q
+ *   6:         i <- i + 1
+ *   7:         for (j <- start; j < start + len; j++)
+ *   8:             t <- zeta.f[j+len]
+ *   9:             f_hat[j+len] <- f_hat[j] - t
+ *  10:             f_hat[j] <- f_hat[j] - t
+ *  11:         end for
+ *  12:     end for
+ *  13: end for
+ *  14: return f_hat
+ *
+ * @param  [in, out]  r  Polynomial to transform.
+ */
+static void mlkem_ntt_add_to(sword16* r, sword16* a)
+{
+#if defined(WOLFSSL_MLKEM_NTT_UNROLL)
+    /* Unroll len loop (Step 3). */
+    unsigned int k = 1;
+    unsigned int j;
+    unsigned int start;
+    sword16 zeta = zetas[k++];
+
+    /* len = 128 */
+    for (j = 0; j < MLKEM_N / 2; ++j) {
+        sword32 p = (sword32)zeta * r[j + MLKEM_N / 2];
+        sword16 t = MLKEM_MONT_RED(p);
+        sword16 rj = r[j];
+        r[j + MLKEM_N / 2] = rj - t;
+        r[j] = rj + t;
+    }
+    /* len = 64 */
+    for (start = 0; start < MLKEM_N; start += 2 * 64) {
+        zeta = zetas[k++];
+        for (j = 0; j < 64; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 64];
+            sword16 t = MLKEM_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 64] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 32 */
+    for (start = 0; start < MLKEM_N; start += 2 * 32) {
+        zeta = zetas[k++];
+        for (j = 0; j < 32; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 32];
+            sword16 t = MLKEM_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 32] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 16 */
+    for (start = 0; start < MLKEM_N; start += 2 * 16) {
+        zeta = zetas[k++];
+        for (j = 0; j < 16; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 16];
+            sword16 t = MLKEM_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 16] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 8 */
+    for (start = 0; start < MLKEM_N; start += 2 * 8) {
+        zeta = zetas[k++];
+        for (j = 0; j < 8; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 8];
+            sword16 t = MLKEM_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 8] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 4 */
+    for (start = 0; start < MLKEM_N; start += 2 * 4) {
+        zeta = zetas[k++];
+        for (j = 0; j < 4; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 4];
+            sword16 t = MLKEM_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 4] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* len = 2 */
+    for (start = 0; start < MLKEM_N; start += 2 * 2) {
+        zeta = zetas[k++];
+        for (j = 0; j < 2; ++j) {
+            sword32 p = (sword32)zeta * r[start + j + 2];
+            sword16 t = MLKEM_MONT_RED(p);
+            sword16 rj = r[start + j];
+            r[start + j + 2] = rj - t;
+            r[start + j] = rj + t;
+        }
+    }
+    /* Reduce coefficients with quick algorithm. */
+    for (j = 0; j < MLKEM_N; ++j) {
+        sword16 t = a[j] + r[j];
+        a[j] = MLKEM_BARRETT_RED(t);
+    }
+#else /* !WOLFSSL_MLKEM_NTT_UNROLL */
+    /* Unroll len (2, 3, 2) and start loops. */
+    unsigned int j;
+    sword16 t0;
+    sword16 t1;
+    sword16 t2;
+    sword16 t3;
+
+    /* len = 128,64 */
+    sword16 zeta128 = zetas[1];
+    sword16 zeta64_0 = zetas[2];
+    sword16 zeta64_1 = zetas[3];
+    for (j = 0; j < MLKEM_N / 8; j++) {
+        sword16 r0 = r[j +   0];
+        sword16 r1 = r[j +  32];
+        sword16 r2 = r[j +  64];
+        sword16 r3 = r[j +  96];
+        sword16 r4 = r[j + 128];
+        sword16 r5 = r[j + 160];
+        sword16 r6 = r[j + 192];
+        sword16 r7 = r[j + 224];
+
+        t0 = MLKEM_MONT_RED((sword32)zeta128 * r4);
+        t1 = MLKEM_MONT_RED((sword32)zeta128 * r5);
+        t2 = MLKEM_MONT_RED((sword32)zeta128 * r6);
+        t3 = MLKEM_MONT_RED((sword32)zeta128 * r7);
+        r4 = r0 - t0;
+        r5 = r1 - t1;
+        r6 = r2 - t2;
+        r7 = r3 - t3;
+        r0 += t0;
+        r1 += t1;
+        r2 += t2;
+        r3 += t3;
+
+        t0 = MLKEM_MONT_RED((sword32)zeta64_0 * r2);
+        t1 = MLKEM_MONT_RED((sword32)zeta64_0 * r3);
+        t2 = MLKEM_MONT_RED((sword32)zeta64_1 * r6);
+        t3 = MLKEM_MONT_RED((sword32)zeta64_1 * r7);
+        r2 = r0 - t0;
+        r3 = r1 - t1;
+        r6 = r4 - t2;
+        r7 = r5 - t3;
+        r0 += t0;
+        r1 += t1;
+        r4 += t2;
+        r5 += t3;
+
+        r[j +   0] = r0;
+        r[j +  32] = r1;
+        r[j +  64] = r2;
+        r[j +  96] = r3;
+        r[j + 128] = r4;
+        r[j + 160] = r5;
+        r[j + 192] = r6;
+        r[j + 224] = r7;
+    }
+
+    /* len = 32,16,8 */
+    for (j = 0; j < MLKEM_N; j += 64) {
+        int i;
+        sword16 zeta32   = zetas[ 4 + j / 64 + 0];
+        sword16 zeta16_0 = zetas[ 8 + j / 32 + 0];
+        sword16 zeta16_1 = zetas[ 8 + j / 32 + 1];
+        sword16 zeta8_0  = zetas[16 + j / 16 + 0];
+        sword16 zeta8_1  = zetas[16 + j / 16 + 1];
+        sword16 zeta8_2  = zetas[16 + j / 16 + 2];
+        sword16 zeta8_3  = zetas[16 + j / 16 + 3];
+        for (i = 0; i < 8; i++) {
+            sword16 r0 = r[j + i +  0];
+            sword16 r1 = r[j + i +  8];
+            sword16 r2 = r[j + i + 16];
+            sword16 r3 = r[j + i + 24];
+            sword16 r4 = r[j + i + 32];
+            sword16 r5 = r[j + i + 40];
+            sword16 r6 = r[j + i + 48];
+            sword16 r7 = r[j + i + 56];
+
+            t0 = MLKEM_MONT_RED((sword32)zeta32 * r4);
+            t1 = MLKEM_MONT_RED((sword32)zeta32 * r5);
+            t2 = MLKEM_MONT_RED((sword32)zeta32 * r6);
+            t3 = MLKEM_MONT_RED((sword32)zeta32 * r7);
+            r4 = r0 - t0;
+            r5 = r1 - t1;
+            r6 = r2 - t2;
+            r7 = r3 - t3;
+            r0 += t0;
+            r1 += t1;
+            r2 += t2;
+            r3 += t3;
+
+            t0 = MLKEM_MONT_RED((sword32)zeta16_0 * r2);
+            t1 = MLKEM_MONT_RED((sword32)zeta16_0 * r3);
+            t2 = MLKEM_MONT_RED((sword32)zeta16_1 * r6);
+            t3 = MLKEM_MONT_RED((sword32)zeta16_1 * r7);
+            r2 = r0 - t0;
+            r3 = r1 - t1;
+            r6 = r4 - t2;
+            r7 = r5 - t3;
+            r0 += t0;
+            r1 += t1;
+            r4 += t2;
+            r5 += t3;
+
+            t0 = MLKEM_MONT_RED((sword32)zeta8_0 * r1);
+            t1 = MLKEM_MONT_RED((sword32)zeta8_1 * r3);
+            t2 = MLKEM_MONT_RED((sword32)zeta8_2 * r5);
+            t3 = MLKEM_MONT_RED((sword32)zeta8_3 * r7);
+            r1 = r0 - t0;
+            r3 = r2 - t1;
+            r5 = r4 - t2;
+            r7 = r6 - t3;
+            r0 += t0;
+            r2 += t1;
+            r4 += t2;
+            r6 += t3;
+
+            r[j + i +  0] = r0;
+            r[j + i +  8] = r1;
+            r[j + i + 16] = r2;
+            r[j + i + 24] = r3;
+            r[j + i + 32] = r4;
+            r[j + i + 40] = r5;
+            r[j + i + 48] = r6;
+            r[j + i + 56] = r7;
+        }
+    }
+
+    /* len = 4,2 and Final reduction */
+    for (j = 0; j < MLKEM_N; j += 8) {
+        sword16 zeta4  = zetas[32 + j / 8 + 0];
+        sword16 zeta2_0 = zetas[64 + j / 4 + 0];
+        sword16 zeta2_1 = zetas[64 + j / 4 + 1];
+        sword16 r0 = r[j + 0];
+        sword16 r1 = r[j + 1];
+        sword16 r2 = r[j + 2];
+        sword16 r3 = r[j + 3];
+        sword16 r4 = r[j + 4];
+        sword16 r5 = r[j + 5];
+        sword16 r6 = r[j + 6];
+        sword16 r7 = r[j + 7];
+
+        t0 = MLKEM_MONT_RED((sword32)zeta4 * r4);
+        t1 = MLKEM_MONT_RED((sword32)zeta4 * r5);
+        t2 = MLKEM_MONT_RED((sword32)zeta4 * r6);
+        t3 = MLKEM_MONT_RED((sword32)zeta4 * r7);
+        r4 = r0 - t0;
+        r5 = r1 - t1;
+        r6 = r2 - t2;
+        r7 = r3 - t3;
+        r0 += t0;
+        r1 += t1;
+        r2 += t2;
+        r3 += t3;
+
+        t0 = MLKEM_MONT_RED((sword32)zeta2_0 * r2);
+        t1 = MLKEM_MONT_RED((sword32)zeta2_0 * r3);
+        t2 = MLKEM_MONT_RED((sword32)zeta2_1 * r6);
+        t3 = MLKEM_MONT_RED((sword32)zeta2_1 * r7);
+        r2 = r0 - t0;
+        r3 = r1 - t1;
+        r6 = r4 - t2;
+        r7 = r5 - t3;
+        r0 += t0;
+        r1 += t1;
+        r4 += t2;
+        r5 += t3;
+
+        r0 += a[j + 0];
+        r1 += a[j + 1];
+        r2 += a[j + 2];
+        r3 += a[j + 3];
+        r4 += a[j + 4];
+        r5 += a[j + 5];
+        r6 += a[j + 6];
+        r7 += a[j + 7];
+
+        a[j + 0] = MLKEM_BARRETT_RED(r0);
+        a[j + 1] = MLKEM_BARRETT_RED(r1);
+        a[j + 2] = MLKEM_BARRETT_RED(r2);
+        a[j + 3] = MLKEM_BARRETT_RED(r3);
+        a[j + 4] = MLKEM_BARRETT_RED(r4);
+        a[j + 5] = MLKEM_BARRETT_RED(r5);
+        a[j + 6] = MLKEM_BARRETT_RED(r6);
+        a[j + 7] = MLKEM_BARRETT_RED(r7);
+    }
+#endif /* !WOLFSSL_MLKEM_NTT_UNROLL */
+}
+#endif /* !WOLFSSL_MLKEM_SMALL && !WOLFSSL_MLKEM_NO_LARGE_CODE */
+
+#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+/* Generate a public-private key pair from randomly generated data.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   16: s_hat <- NTT(s)
+ *   17: e_hat <- NTT(e)
+ *   18: t^hat <- A_hat o s_hat + e_hat
+ *   ...
+ *
+ * @param  [in, out]  s  Private key vector of polynomials.
+ * @param  [out]      t  Public key vector of polynomials.
+ * @param  [in]       e  Error values as a vector of polynomials. Modified.
+ * @param  [in]       a  Random values in an array of vectors of polynomials.
+ * @param  [in]       k  Number of polynomials in vector.
+ */
+static void mlkem_keygen_c(sword16* s, sword16* t, sword16* e, const sword16* a,
+    int k)
+{
+    int i;
+
+    /* Transform private key. All of result used in public key calculation
+     * Step 16: s_hat = NTT(s) */
+    for (i = 0; i < k; ++i) {
+        mlkem_ntt(s + i * MLKEM_N);
+    }
+
+    /* For each polynomial in the vectors.
+     * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */
+    for (i = 0; i < k; ++i) {
+        unsigned int j;
+
+        /* Multiply a by private into public polynomial.
+         * Step 18: ... A_hat o s_hat ... */
+        mlkem_pointwise_acc_mont(t + i * MLKEM_N, a + i * k * MLKEM_N, s, k);
+        /* Convert public polynomial to Montgomery form.
+         * Step 18: ... MontRed(A_hat o s_hat) ... */
+        for (j = 0; j < MLKEM_N; ++j) {
+            sword32 n = t[i * MLKEM_N + j] * (sword32)MLKEM_F;
+            t[i * MLKEM_N + j] = MLKEM_MONT_RED(n);
+        }
+        /* Transform error values polynomial.
+         * Step 17: e_hat = NTT(e) */
+#if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE)
+        mlkem_ntt(e + i * MLKEM_N);
+        /* Add errors to public key and reduce.
+         * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */
+        for (j = 0; j < MLKEM_N; ++j) {
+            sword16 n = t[i * MLKEM_N + j] + e[i * MLKEM_N + j];
+            t[i * MLKEM_N + j] = MLKEM_BARRETT_RED(n);
+        }
+#else
+        /* Add errors to public key and reduce.
+         * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */
+        mlkem_ntt_add_to(e + i * MLKEM_N, t + i * MLKEM_N);
+#endif
+    }
+}
+
+/* Generate a public-private key pair from randomly generated data.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   16: s_hat <- NTT(s)
+ *   17: e_hat <- NTT(e)
+ *   18: t^hat <- A_hat o s_hat + e_hat
+ *   ...
+ *
+ * @param  [in, out]  s  Private key vector of polynomials.
+ * @param  [out]      t  Public key vector of polynomials.
+ * @param  [in]       e  Error values as a vector of polynomials. Modified.
+ * @param  [in]       a  Random values in an array of vectors of polynomials.
+ * @param  [in]       k  Number of polynomials in vector.
+ */
+void mlkem_keygen(sword16* s, sword16* t, sword16* e, const sword16* a, int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if ((IS_INTEL_AVX2(cpuid_flags)) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        /* Alg 13: Steps 16-18 */
+        mlkem_keygen_avx2(s, t, e, a, k);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        /* Alg 13: Steps 16-18 */
+        mlkem_keygen_c(s, t, e, a, k);
+    }
+}
+
+#else /* WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM */
+
+/* Generate a public-private key pair from randomly generated data.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   3: for (i <- 0; i < k; i++)                         > generate matrix A_hat
+ *   ... (generate A[i])
+ *   7: end for
+ *   ...
+ *   9:      s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N))
+ *   ...
+ *  16: s_hat <- NTT(s)
+ *  17: e_hat <- NTT(e)
+ *  18: t^hat <- A_hat o s_hat + e_hat
+ *   ...
+ *
+ * @param  [in, out]  s      Private key vector of polynomials.
+ * @param  [out]      tv     Public key vector of polynomials.
+ * @param  [in]       prf    XOF object.
+ * @param  [in]       tv     Temporary vector of polynomials.
+ * @param  [in]       k      Number of polynomials in vector.
+ * @param  [in]       rho    Random seed to generate matrix A from.
+ * @param  [in]       sigma  Random seed to generate noise from.
+ */
+int mlkem_keygen_seeds(sword16* s, sword16* t, MLKEM_PRF_T* prf,
+    sword16* tv, int k, byte* rho, byte* sigma)
+{
+    int i;
+    int ret = 0;
+    sword16* ai = tv;
+    sword16* e = tv;
+
+    /* Transform private key. All of result used in public key calculation
+     * Step 16: s_hat = NTT(s) */
+    for (i = 0; i < k; ++i) {
+        mlkem_ntt(s + i * MLKEM_N);
+    }
+
+    /* For each polynomial in the vectors.
+     * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */
+    for (i = 0; i < k; ++i) {
+        unsigned int j;
+
+        /* Generate a vector of matrix A.
+         * Steps 4-6: generate A[i] */
+        ret = mlkem_gen_matrix_i(prf, ai, k, rho, i, 0);
+        if (ret != 0) {
+           break;
+        }
+
+        /* Multiply a by private into public polynomial.
+         * Step 18: ... A_hat o s_hat ... */
+        mlkem_pointwise_acc_mont(t + i * MLKEM_N, ai, s, k);
+        /* Convert public polynomial to Montgomery form.
+         * Step 18: ... MontRed(A_hat o s_hat) ... */
+        for (j = 0; j < MLKEM_N; ++j) {
+            sword32 n = t[i * MLKEM_N + j] * (sword32)MLKEM_F;
+            t[i * MLKEM_N + j] = MLKEM_MONT_RED(n);
+        }
+
+        /* Generate noise using PRF.
+         * Step 9: s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N)) */
+        ret = mlkem_get_noise_i(prf, k, e, sigma, i, 1);
+        if (ret != 0) {
+           break;
+        }
+        /* Transform error values polynomial.
+         * Step 17: e_hat = NTT(e) */
+#if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE)
+        mlkem_ntt(e);
+        /* Add errors to public key and reduce.
+         * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */
+        for (j = 0; j < MLKEM_N; ++j) {
+            sword16 n = t[i * MLKEM_N + j] + e[j];
+            t[i * MLKEM_N + j] = MLKEM_BARRETT_RED(n);
+        }
+#else
+        /* Add errors to public key and reduce.
+         * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */
+        mlkem_ntt_add_to(e, t + i * MLKEM_N);
+#endif
+    }
+
+    return ret;
+}
+
+#endif /* WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM */
+#endif /* !WOLFSSL_MLKEM_NO_MAKE_KEY */
+
+#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+/* Encapsulate message.
+ *
+ * @param  [in]   pub  Public key vector of polynomials.
+ * @param  [out]  u    Vector of polynomials.
+ * @param  [out]  v    Polynomial.
+ * @param  [in]   a    Array of vector of polynomials.
+ * @param  [in]   y    Vector of polynomials.
+ * @param  [in]   e1   Error Vector of polynomials.
+ * @param  [in]   e2   Error polynomial.
+ * @param  [in]   m    Message polynomial.
+ * @param  [in]   k    Number of polynomials in vector.
+ * @return  0 on success.
+ */
+static void mlkem_encapsulate_c(const sword16* pub, sword16* u, sword16* v,
+    const sword16* a, sword16* y, const sword16* e1, const sword16* e2,
+    const sword16* m, int k)
+{
+    int i;
+
+    /* Transform y. All of result used in calculation of u and v. */
+    for (i = 0; i < k; ++i) {
+        mlkem_ntt(y + i * MLKEM_N);
+    }
+
+    /* For each polynomial in the vectors. */
+    for (i = 0; i < k; ++i) {
+        unsigned int j;
+
+        /* Multiply at by y into u polynomial. */
+        mlkem_pointwise_acc_mont(u + i * MLKEM_N, a + i * k * MLKEM_N, y, k);
+        /* Inverse transform u polynomial. */
+        mlkem_invntt(u + i * MLKEM_N);
+        /* Add errors to u and reduce. */
+#if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE)
+        for (j = 0; j < MLKEM_N; ++j) {
+            sword16 t = u[i * MLKEM_N + j] + e1[i * MLKEM_N + j];
+            u[i * MLKEM_N + j] = MLKEM_BARRETT_RED(t);
+        }
+#else
+        for (j = 0; j < MLKEM_N; j += 8) {
+            sword16 t0 = u[i * MLKEM_N + j + 0] + e1[i * MLKEM_N + j + 0];
+            sword16 t1 = u[i * MLKEM_N + j + 1] + e1[i * MLKEM_N + j + 1];
+            sword16 t2 = u[i * MLKEM_N + j + 2] + e1[i * MLKEM_N + j + 2];
+            sword16 t3 = u[i * MLKEM_N + j + 3] + e1[i * MLKEM_N + j + 3];
+            sword16 t4 = u[i * MLKEM_N + j + 4] + e1[i * MLKEM_N + j + 4];
+            sword16 t5 = u[i * MLKEM_N + j + 5] + e1[i * MLKEM_N + j + 5];
+            sword16 t6 = u[i * MLKEM_N + j + 6] + e1[i * MLKEM_N + j + 6];
+            sword16 t7 = u[i * MLKEM_N + j + 7] + e1[i * MLKEM_N + j + 7];
+            u[i * MLKEM_N + j + 0] = MLKEM_BARRETT_RED(t0);
+            u[i * MLKEM_N + j + 1] = MLKEM_BARRETT_RED(t1);
+            u[i * MLKEM_N + j + 2] = MLKEM_BARRETT_RED(t2);
+            u[i * MLKEM_N + j + 3] = MLKEM_BARRETT_RED(t3);
+            u[i * MLKEM_N + j + 4] = MLKEM_BARRETT_RED(t4);
+            u[i * MLKEM_N + j + 5] = MLKEM_BARRETT_RED(t5);
+            u[i * MLKEM_N + j + 6] = MLKEM_BARRETT_RED(t6);
+            u[i * MLKEM_N + j + 7] = MLKEM_BARRETT_RED(t7);
+        }
+#endif
+    }
+
+    /* Multiply public key by y into v polynomial. */
+    mlkem_pointwise_acc_mont(v, pub, y, k);
+    /* Inverse transform v. */
+    mlkem_invntt(v);
+    /* Add errors and message to v and reduce. */
+    for (i = 0; i < MLKEM_N; ++i) {
+        sword16 t = v[i] + e2[i] + m[i];
+        v[i] = MLKEM_BARRETT_RED(t);
+    }
+}
+
+/* Encapsulate message.
+ *
+ * @param  [in]   pub  Public key vector of polynomials.
+ * @param  [out]  u    Vector of polynomials.
+ * @param  [out]  v    Polynomial.
+ * @param  [in]   a    Array of vector of polynomials.
+ * @param  [in]   y    Vector of polynomials.
+ * @param  [in]   e1   Error Vector of polynomials.
+ * @param  [in]   e2   Error polynomial.
+ * @param  [in]   m    Message polynomial.
+ * @param  [in]   k    Number of polynomials in vector.
+ * @return  0 on success.
+ */
+void mlkem_encapsulate(const sword16* pub, sword16* u, sword16* v,
+    const sword16* a, sword16* y, const sword16* e1, const sword16* e2,
+    const sword16* m, int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        mlkem_encapsulate_avx2(pub, u, v, a, y, e1, e2, m, k);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_encapsulate_c(pub, u, v, a, y, e1, e2, m, k);
+    }
+}
+
+#else
+
+/* Encapsulate message.
+ *
+ * @param  [in]       pub    Public key vector of polynomials.
+ * @param  [in]       prf    XOF object.
+ * @param  [out]      u      Vector of polynomials.
+ * @param  [in, out]  tp     Polynomial.
+ * @param  [in]       y      Vector of polynomials.
+ * @param  [in]       k      Number of polynomials in vector.
+ * @param  [in]       msg    Message to encapsulate.
+ * @param  [in]       seed   Random seed to generate matrix A from.
+ * @param  [in]       coins  Random seed to generate noise from.
+ */
+int mlkem_encapsulate_seeds(const sword16* pub, MLKEM_PRF_T* prf, sword16* u,
+    sword16* tp, sword16* y, int k, const byte* msg, byte* seed, byte* coins)
+{
+    int ret = 0;
+    int i;
+    sword16* a = tp;
+    sword16* e1 = tp;
+    sword16* v = tp;
+    sword16* e2 = tp + MLKEM_N;
+    sword16* m = y;
+
+    /* Transform y. All of result used in calculation of u and v. */
+    for (i = 0; i < k; ++i) {
+        mlkem_ntt(y + i * MLKEM_N);
+    }
+
+    /* For each polynomial in the vectors. */
+    for (i = 0; i < k; ++i) {
+        unsigned int j;
+
+        /* Generate a vector of matrix A. */
+        ret = mlkem_gen_matrix_i(prf, a, k, seed, i, 1);
+        if (ret != 0) {
+           break;
+        }
+
+        /* Multiply at by y into u polynomial. */
+        mlkem_pointwise_acc_mont(u + i * MLKEM_N, a, y, k);
+        /* Inverse transform u polynomial. */
+        mlkem_invntt(u + i * MLKEM_N);
+
+        /* Generate noise using PRF. */
+        ret = mlkem_get_noise_i(prf, k, e1, coins, i, 0);
+        if (ret != 0) {
+           break;
+        }
+        /* Add errors to u and reduce. */
+#if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE)
+        for (j = 0; j < MLKEM_N; ++j) {
+            sword16 t = u[i * MLKEM_N + j] + e1[j];
+            u[i * MLKEM_N + j] = MLKEM_BARRETT_RED(t);
+        }
+#else
+        for (j = 0; j < MLKEM_N; j += 8) {
+            sword16 t0 = u[i * MLKEM_N + j + 0] + e1[j + 0];
+            sword16 t1 = u[i * MLKEM_N + j + 1] + e1[j + 1];
+            sword16 t2 = u[i * MLKEM_N + j + 2] + e1[j + 2];
+            sword16 t3 = u[i * MLKEM_N + j + 3] + e1[j + 3];
+            sword16 t4 = u[i * MLKEM_N + j + 4] + e1[j + 4];
+            sword16 t5 = u[i * MLKEM_N + j + 5] + e1[j + 5];
+            sword16 t6 = u[i * MLKEM_N + j + 6] + e1[j + 6];
+            sword16 t7 = u[i * MLKEM_N + j + 7] + e1[j + 7];
+            u[i * MLKEM_N + j + 0] = MLKEM_BARRETT_RED(t0);
+            u[i * MLKEM_N + j + 1] = MLKEM_BARRETT_RED(t1);
+            u[i * MLKEM_N + j + 2] = MLKEM_BARRETT_RED(t2);
+            u[i * MLKEM_N + j + 3] = MLKEM_BARRETT_RED(t3);
+            u[i * MLKEM_N + j + 4] = MLKEM_BARRETT_RED(t4);
+            u[i * MLKEM_N + j + 5] = MLKEM_BARRETT_RED(t5);
+            u[i * MLKEM_N + j + 6] = MLKEM_BARRETT_RED(t6);
+            u[i * MLKEM_N + j + 7] = MLKEM_BARRETT_RED(t7);
+        }
+#endif
+    }
+
+    /* Multiply public key by y into v polynomial. */
+    mlkem_pointwise_acc_mont(v, pub, y, k);
+    /* Inverse transform v. */
+    mlkem_invntt(v);
+
+    mlkem_from_msg(m, msg);
+
+    /* Generate noise using PRF. */
+    coins[WC_ML_KEM_SYM_SZ] = 2 * k;
+    ret = mlkem_get_noise_eta2_c(prf, e2, coins);
+    if (ret == 0) {
+        /* Add errors and message to v and reduce. */
+    #if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE)
+        for (i = 0; i < MLKEM_N; ++i) {
+            sword16 t = v[i] + e2[i] + m[i];
+            v[i] = MLKEM_BARRETT_RED(t);
+        }
+    #else
+        for (i = 0; i < MLKEM_N; i += 8) {
+            sword16 t0 = v[i + 0] + e2[i + 0] + m[i + 0];
+            sword16 t1 = v[i + 1] + e2[i + 1] + m[i + 1];
+            sword16 t2 = v[i + 2] + e2[i + 2] + m[i + 2];
+            sword16 t3 = v[i + 3] + e2[i + 3] + m[i + 3];
+            sword16 t4 = v[i + 4] + e2[i + 4] + m[i + 4];
+            sword16 t5 = v[i + 5] + e2[i + 5] + m[i + 5];
+            sword16 t6 = v[i + 6] + e2[i + 6] + m[i + 6];
+            sword16 t7 = v[i + 7] + e2[i + 7] + m[i + 7];
+            v[i + 0] = MLKEM_BARRETT_RED(t0);
+            v[i + 1] = MLKEM_BARRETT_RED(t1);
+            v[i + 2] = MLKEM_BARRETT_RED(t2);
+            v[i + 3] = MLKEM_BARRETT_RED(t3);
+            v[i + 4] = MLKEM_BARRETT_RED(t4);
+            v[i + 5] = MLKEM_BARRETT_RED(t5);
+            v[i + 6] = MLKEM_BARRETT_RED(t6);
+            v[i + 7] = MLKEM_BARRETT_RED(t7);
+        }
+    #endif
+    }
+
+    return ret;
+}
+#endif
+#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE || !WOLFSSL_MLKEM_NO_DECAPSULATE */
+
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+
+/* Decapsulate message.
+ *
+ * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c)
+ * Uses the decryption key to decrypt a ciphertext.
+ *   ...
+ *   6: w <- v' - InvNTT(s_hat_trans o NTT(u'))
+ *   ...
+ *
+ * @param  [in]   s  Private key vector of polynomials.
+ * @param  [out]  w  Message polynomial.
+ * @param  [in]   u  Vector of polynomials containing error.
+ * @param  [in]   v  Encapsulated message polynomial.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void mlkem_decapsulate_c(const sword16* s, sword16* w, sword16* u,
+    const sword16* v, int k)
+{
+    int i;
+
+    /* Transform u. All of result used in calculation of w.
+     * Step 6: ... NTT(u') */
+    for (i = 0; i < k; ++i) {
+        mlkem_ntt(u + i * MLKEM_N);
+    }
+
+    /* Multiply private key by u into w polynomial.
+     * Step 6: ... s_hat_trans o NTT(u') */
+    mlkem_pointwise_acc_mont(w, s, u, k);
+    /* Inverse transform w.
+     * Step 6: ... InvNTT(s_hat_trans o NTT(u')) */
+    mlkem_invntt(w);
+    /* Subtract errors (in w) out of v and reduce into w.
+     * Step 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) */
+    for (i = 0; i < MLKEM_N; ++i) {
+        sword16 t = v[i] - w[i];
+        w[i] = MLKEM_BARRETT_RED(t);
+    }
+}
+
+/* Decapsulate message.
+ *
+ * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c)
+ * Uses the decryption key to decrypt a ciphertext.
+ *   ...
+ *   6: w <- v' - InvNTT(s_hat_trans o NTT(u'))
+ *   ...
+ *
+ * @param  [in]   s  Private key vector of polynomials.
+ * @param  [out]  w  Message polynomial.
+ * @param  [in]   u  Vector of polynomials containing error.
+ * @param  [in]   v   Encapsulated message polynomial.
+ * @param  [in]   k   Number of polynomials in vector.
+ */
+void mlkem_decapsulate(const sword16* s, sword16* w, sword16* u,
+    const sword16* v, int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        mlkem_decapsulate_avx2(s, w, u, v, k);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_decapsulate_c(s, w, u, v, k);
+    }
+}
+
+#endif /* !WOLFSSL_MLKEM_ NO_DECAPSULATE */
+#endif
+
+/******************************************************************************/
+
+#ifdef USE_INTEL_SPEEDUP
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int mlkem_gen_matrix_k2_avx2(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    byte rand[4 * GEN_MATRIX_SIZE + 2];
+    word64 state[25 * 4];
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
+    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
+
+    if (!transposed) {
+        state[4*4 + 0] = 0x1f0000 + 0x000;
+        state[4*4 + 1] = 0x1f0000 + 0x001;
+        state[4*4 + 2] = 0x1f0000 + 0x100;
+        state[4*4 + 3] = 0x1f0000 + 0x101;
+    }
+    else {
+        state[4*4 + 0] = 0x1f0000 + 0x000;
+        state[4*4 + 1] = 0x1f0000 + 0x100;
+        state[4*4 + 2] = 0x1f0000 + 0x001;
+        state[4*4 + 3] = 0x1f0000 + 0x101;
+    }
+
+    mlkem_sha3_128_blocksx4_seed_avx2(state, seed);
+    mlkem_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+        rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+        rand + 3 * GEN_MATRIX_SIZE);
+    for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+        sha3_blocksx4_avx2(state);
+        mlkem_redistribute_21_rand_avx2(state, rand + i + 0 * GEN_MATRIX_SIZE,
+            rand + i + 1 * GEN_MATRIX_SIZE, rand + i + 2 * GEN_MATRIX_SIZE,
+            rand + i + 3 * GEN_MATRIX_SIZE);
+    }
+
+    /* Sample random bytes to create a polynomial. */
+    p = rand;
+    ctr0 = mlkem_rej_uniform_n_avx2(a + 0 * MLKEM_N, MLKEM_N, p,
+        GEN_MATRIX_SIZE);
+    p += GEN_MATRIX_SIZE;
+    ctr1 = mlkem_rej_uniform_n_avx2(a + 1 * MLKEM_N, MLKEM_N, p,
+        GEN_MATRIX_SIZE);
+    p += GEN_MATRIX_SIZE;
+    ctr2 = mlkem_rej_uniform_n_avx2(a + 2 * MLKEM_N, MLKEM_N, p,
+        GEN_MATRIX_SIZE);
+    p += GEN_MATRIX_SIZE;
+    ctr3 = mlkem_rej_uniform_n_avx2(a + 3 * MLKEM_N, MLKEM_N, p,
+        GEN_MATRIX_SIZE);
+    /* Create more blocks if too many rejected. */
+    while ((ctr0 < MLKEM_N) || (ctr1 < MLKEM_N) || (ctr2 < MLKEM_N) ||
+           (ctr3 < MLKEM_N)) {
+        sha3_blocksx4_avx2(state);
+        mlkem_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+            rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+            rand + 3 * GEN_MATRIX_SIZE);
+
+        p = rand;
+        ctr0 += mlkem_rej_uniform_avx2(a + 0 * MLKEM_N + ctr0, MLKEM_N - ctr0,
+            p, XOF_BLOCK_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr1 += mlkem_rej_uniform_avx2(a + 1 * MLKEM_N + ctr1, MLKEM_N - ctr1,
+            p, XOF_BLOCK_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr2 += mlkem_rej_uniform_avx2(a + 2 * MLKEM_N + ctr2, MLKEM_N - ctr2,
+            p, XOF_BLOCK_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr3 += mlkem_rej_uniform_avx2(a + 3 * MLKEM_N + ctr3, MLKEM_N - ctr3,
+            p, XOF_BLOCK_SIZE);
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int mlkem_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    int k;
+    byte rand[4 * GEN_MATRIX_SIZE + 2];
+    word64 state[25 * 4];
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
+    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
+
+    for (k = 0; k < 2; k++) {
+        for (i = 0; i < 4; i++) {
+            if (!transposed) {
+                state[4*4 + i] = 0x1f0000 + (((k*4+i)/3) << 8) + ((k*4+i)%3);
+            }
+            else {
+                state[4*4 + i] = 0x1f0000 + (((k*4+i)%3) << 8) + ((k*4+i)/3);
+            }
+        }
+
+        mlkem_sha3_128_blocksx4_seed_avx2(state, seed);
+        mlkem_redistribute_21_rand_avx2(state,
+            rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+            rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+        for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+            sha3_blocksx4_avx2(state);
+            mlkem_redistribute_21_rand_avx2(state,
+                rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE,
+                rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE);
+        }
+
+        /* Sample random bytes to create a polynomial. */
+        p = rand;
+        ctr0 = mlkem_rej_uniform_n_avx2(a + 0 * MLKEM_N, MLKEM_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr1 = mlkem_rej_uniform_n_avx2(a + 1 * MLKEM_N, MLKEM_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr2 = mlkem_rej_uniform_n_avx2(a + 2 * MLKEM_N, MLKEM_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr3 = mlkem_rej_uniform_n_avx2(a + 3 * MLKEM_N, MLKEM_N, p,
+            GEN_MATRIX_SIZE);
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < MLKEM_N) || (ctr1 < MLKEM_N) || (ctr2 < MLKEM_N) ||
+               (ctr3 < MLKEM_N)) {
+            sha3_blocksx4_avx2(state);
+            mlkem_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+                rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+                rand + 3 * GEN_MATRIX_SIZE);
+
+            p = rand;
+            ctr0 += mlkem_rej_uniform_avx2(a + 0 * MLKEM_N + ctr0,
+                MLKEM_N - ctr0, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr1 += mlkem_rej_uniform_avx2(a + 1 * MLKEM_N + ctr1,
+                MLKEM_N - ctr1, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr2 += mlkem_rej_uniform_avx2(a + 2 * MLKEM_N + ctr2,
+                MLKEM_N - ctr2, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr3 += mlkem_rej_uniform_avx2(a + 3 * MLKEM_N + ctr3,
+                MLKEM_N - ctr3, p, XOF_BLOCK_SIZE);
+        }
+
+        a += 4 * MLKEM_N;
+    }
+
+    readUnalignedWords64(state, seed, 4);
+    /* Transposed value same as not. */
+    state[4] = 0x1f0000 + (2 << 8) + 2;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[20] = W64LIT(0x8000000000000000);
+    for (i = 0; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+        if (IS_INTEL_BMI2(cpuid_flags)) {
+            sha3_block_bmi2(state);
+        }
+        else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0))
+        {
+            sha3_block_avx2(state);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else {
+            BlockSha3(state);
+        }
+        XMEMCPY(rand + i, state, SHA3_128_BYTES);
+    }
+    ctr0 = mlkem_rej_uniform_n_avx2(a, MLKEM_N, rand, GEN_MATRIX_SIZE);
+    while (ctr0 < MLKEM_N) {
+        if (IS_INTEL_BMI2(cpuid_flags)) {
+            sha3_block_bmi2(state);
+        }
+        else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0))
+        {
+            sha3_block_avx2(state);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else {
+            BlockSha3(state);
+        }
+        XMEMCPY(rand, state, SHA3_128_BYTES);
+        ctr0 += mlkem_rej_uniform_avx2(a + ctr0, MLKEM_N - ctr0, rand,
+            XOF_BLOCK_SIZE);
+    }
+
+    return 0;
+}
+#endif
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int mlkem_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    int k;
+    byte rand[4 * GEN_MATRIX_SIZE + 2];
+    word64 state[25 * 4];
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
+    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
+
+    for (k = 0; k < 4; k++) {
+        for (i = 0; i < 4; i++) {
+            if (!transposed) {
+                state[4*4 + i] = 0x1f0000 + (k << 8) + i;
+            }
+            else {
+                state[4*4 + i] = 0x1f0000 + (i << 8) + k;
+            }
+        }
+
+        mlkem_sha3_128_blocksx4_seed_avx2(state, seed);
+        mlkem_redistribute_21_rand_avx2(state,
+            rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+            rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+        for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+            sha3_blocksx4_avx2(state);
+            mlkem_redistribute_21_rand_avx2(state,
+                rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE,
+                rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE);
+        }
+
+        /* Sample random bytes to create a polynomial. */
+        p = rand;
+        ctr0 = mlkem_rej_uniform_n_avx2(a + 0 * MLKEM_N, MLKEM_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr1 = mlkem_rej_uniform_n_avx2(a + 1 * MLKEM_N, MLKEM_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr2 = mlkem_rej_uniform_n_avx2(a + 2 * MLKEM_N, MLKEM_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr3 = mlkem_rej_uniform_n_avx2(a + 3 * MLKEM_N, MLKEM_N, p,
+            GEN_MATRIX_SIZE);
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < MLKEM_N) || (ctr1 < MLKEM_N) || (ctr2 < MLKEM_N) ||
+               (ctr3 < MLKEM_N)) {
+            sha3_blocksx4_avx2(state);
+            mlkem_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+                rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+                rand + 3 * GEN_MATRIX_SIZE);
+
+            p = rand;
+            ctr0 += mlkem_rej_uniform_avx2(a + 0 * MLKEM_N + ctr0,
+                MLKEM_N - ctr0, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr1 += mlkem_rej_uniform_avx2(a + 1 * MLKEM_N + ctr1,
+                MLKEM_N - ctr1, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr2 += mlkem_rej_uniform_avx2(a + 2 * MLKEM_N + ctr2,
+                MLKEM_N - ctr2, p, XOF_BLOCK_SIZE);
+            p += GEN_MATRIX_SIZE;
+            ctr3 += mlkem_rej_uniform_avx2(a + 3 * MLKEM_N + ctr3,
+                MLKEM_N - ctr3, p, XOF_BLOCK_SIZE);
+        }
+
+        a += 4 * MLKEM_N;
+    }
+
+    return 0;
+}
+#endif /* WOLFSSL_KYBER1024 || WOLFSSL_WC_ML_KEM_1024 */
+#elif defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int mlkem_gen_matrix_k2_aarch64(sword16* a, byte* seed, int transposed)
+{
+    word64 state[3 * 25];
+    word64* st = (word64*)state;
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    byte* p;
+
+    if (!transposed) {
+        state[0*25 + 4] = 0x1f0000 + (0 << 8) + 0;
+        state[1*25 + 4] = 0x1f0000 + (0 << 8) + 1;
+        state[2*25 + 4] = 0x1f0000 + (1 << 8) + 0;
+    }
+    else {
+        state[0*25 + 4] = 0x1f0000 + (0 << 8) + 0;
+        state[1*25 + 4] = 0x1f0000 + (1 << 8) + 0;
+        state[2*25 + 4] = 0x1f0000 + (0 << 8) + 1;
+    }
+
+    mlkem_shake128_blocksx3_seed_neon(state, seed);
+    /* Sample random bytes to create a polynomial. */
+    p = (byte*)st;
+    ctr0 = mlkem_rej_uniform_neon(a + 0 * MLKEM_N, MLKEM_N, p, XOF_BLOCK_SIZE);
+    p += 25 * 8;
+    ctr1 = mlkem_rej_uniform_neon(a + 1 * MLKEM_N, MLKEM_N, p, XOF_BLOCK_SIZE);
+    p += 25 * 8;
+    ctr2 = mlkem_rej_uniform_neon(a + 2 * MLKEM_N, MLKEM_N, p, XOF_BLOCK_SIZE);
+    while ((ctr0 < MLKEM_N) || (ctr1 < MLKEM_N) || (ctr2 < MLKEM_N)) {
+        mlkem_sha3_blocksx3_neon(st);
+
+        p = (byte*)st;
+        ctr0 += mlkem_rej_uniform_neon(a + 0 * MLKEM_N + ctr0, MLKEM_N - ctr0,
+            p, XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr1 += mlkem_rej_uniform_neon(a + 1 * MLKEM_N + ctr1, MLKEM_N - ctr1,
+            p, XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr2 += mlkem_rej_uniform_neon(a + 2 * MLKEM_N + ctr2, MLKEM_N - ctr2,
+            p, XOF_BLOCK_SIZE);
+    }
+
+    a += 3 * MLKEM_N;
+
+    readUnalignedWords64(state, seed, 4);
+    /* Transposed value same as not. */
+    state[4] = 0x1f0000 + (1 << 8) + 1;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[20] = W64LIT(0x8000000000000000);
+    BlockSha3(state);
+    p = (byte*)state;
+    ctr0 = mlkem_rej_uniform_neon(a, MLKEM_N, p, XOF_BLOCK_SIZE);
+    while (ctr0 < MLKEM_N) {
+        BlockSha3(state);
+        ctr0 += mlkem_rej_uniform_neon(a + ctr0, MLKEM_N - ctr0, p,
+            XOF_BLOCK_SIZE);
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int mlkem_gen_matrix_k3_aarch64(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    int k;
+    word64 state[3 * 25];
+    word64* st = (word64*)state;
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    byte* p;
+
+    for (k = 0; k < 3; k++) {
+        for (i = 0; i < 3; i++) {
+            if (!transposed) {
+                state[i*25 + 4] = 0x1f0000 + ((k << 8) + i);
+            }
+            else {
+                state[i*25 + 4] = 0x1f0000 + ((i << 8) + k);
+            }
+        }
+
+        mlkem_shake128_blocksx3_seed_neon(state, seed);
+        /* Sample random bytes to create a polynomial. */
+        p = (byte*)st;
+        ctr0 = mlkem_rej_uniform_neon(a + 0 * MLKEM_N, MLKEM_N, p,
+            XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr1 = mlkem_rej_uniform_neon(a + 1 * MLKEM_N, MLKEM_N, p,
+            XOF_BLOCK_SIZE);
+        p +=25 * 8;
+        ctr2 = mlkem_rej_uniform_neon(a + 2 * MLKEM_N, MLKEM_N, p,
+            XOF_BLOCK_SIZE);
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < MLKEM_N) || (ctr1 < MLKEM_N) || (ctr2 < MLKEM_N)) {
+            mlkem_sha3_blocksx3_neon(st);
+
+            p = (byte*)st;
+            ctr0 += mlkem_rej_uniform_neon(a + 0 * MLKEM_N + ctr0,
+                MLKEM_N - ctr0, p, XOF_BLOCK_SIZE);
+            p += 25 * 8;
+            ctr1 += mlkem_rej_uniform_neon(a + 1 * MLKEM_N + ctr1,
+                MLKEM_N - ctr1, p, XOF_BLOCK_SIZE);
+            p += 25 * 8;
+            ctr2 += mlkem_rej_uniform_neon(a + 2 * MLKEM_N + ctr2,
+                MLKEM_N - ctr2, p, XOF_BLOCK_SIZE);
+        }
+
+        a += 3 * MLKEM_N;
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int mlkem_gen_matrix_k4_aarch64(sword16* a, byte* seed, int transposed)
+{
+    int i;
+    int k;
+    word64 state[3 * 25];
+    word64* st = (word64*)state;
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    byte* p;
+
+    for (k = 0; k < 5; k++) {
+        for (i = 0; i < 3; i++) {
+            byte bi = ((k * 3) + i) / 4;
+            byte bj = ((k * 3) + i) % 4;
+            if (!transposed) {
+                state[i*25 + 4] = 0x1f0000 + (bi << 8) + bj;
+            }
+            else {
+                state[i*25 + 4] = 0x1f0000 + (bj << 8) + bi;
+            }
+        }
+
+        mlkem_shake128_blocksx3_seed_neon(state, seed);
+        /* Sample random bytes to create a polynomial. */
+        p = (byte*)st;
+        ctr0 = mlkem_rej_uniform_neon(a + 0 * MLKEM_N, MLKEM_N, p,
+            XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr1 = mlkem_rej_uniform_neon(a + 1 * MLKEM_N, MLKEM_N, p,
+            XOF_BLOCK_SIZE);
+        p += 25 * 8;
+        ctr2 = mlkem_rej_uniform_neon(a + 2 * MLKEM_N, MLKEM_N, p,
+            XOF_BLOCK_SIZE);
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < MLKEM_N) || (ctr1 < MLKEM_N) || (ctr2 < MLKEM_N)) {
+            mlkem_sha3_blocksx3_neon(st);
+
+            p = (byte*)st;
+            ctr0 += mlkem_rej_uniform_neon(a + 0 * MLKEM_N + ctr0,
+                MLKEM_N - ctr0, p, XOF_BLOCK_SIZE);
+            p += 25 * 8;
+            ctr1 += mlkem_rej_uniform_neon(a + 1 * MLKEM_N + ctr1,
+                MLKEM_N - ctr1, p, XOF_BLOCK_SIZE);
+            p += 25 * 8;
+            ctr2 += mlkem_rej_uniform_neon(a + 2 * MLKEM_N + ctr2,
+                MLKEM_N - ctr2, p, XOF_BLOCK_SIZE);
+        }
+
+        a += 3 * MLKEM_N;
+    }
+
+    readUnalignedWords64(state, seed, 4);
+    /* Transposed value same as not. */
+    state[4] = 0x1f0000 + (3 << 8) + 3;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[20] = W64LIT(0x8000000000000000);
+    BlockSha3(state);
+    p = (byte*)state;
+    ctr0 = mlkem_rej_uniform_neon(a, MLKEM_N, p, XOF_BLOCK_SIZE);
+    while (ctr0 < MLKEM_N) {
+        BlockSha3(state);
+        ctr0 += mlkem_rej_uniform_neon(a + ctr0, MLKEM_N - ctr0, p,
+            XOF_BLOCK_SIZE);
+    }
+
+    return 0;
+}
+#endif
+#endif /* USE_INTEL_SPEEDUP */
+
+#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__))
+/* Absorb the seed data for squeezing out pseudo-random data.
+ *
+ * FIPS 203, Section 4.1:
+ * 1. XOF.init() = SHA128.Init().
+ * 2. XOF.Absorb(ctx,str) = SHAKE128.Absorb(ctx,str).
+ *
+ * @param  [in, out]  shake128  SHAKE-128 object.
+ * @param  [in]       seed      Data to absorb.
+ * @param  [in]       len       Length of data to absorb in bytes.
+ * @return  0 on success always.
+ */
+static int mlkem_xof_absorb(wc_Shake* shake128, byte* seed, int len)
+{
+    int ret;
+
+    ret = wc_InitShake128(shake128, NULL, INVALID_DEVID);
+    if (ret == 0) {
+        ret = wc_Shake128_Absorb(shake128, seed, len);
+    }
+
+    return ret;
+}
+
+/* Squeeze the state to produce pseudo-random data.
+ *
+ * FIPS 203, Section 4.1:
+ * 3. XOF.Absorb(ctx,l) = SHAKE128.Squeeze(ctx,8.l).
+ *
+ * @param  [in, out]  shake128  SHAKE-128 object.
+ * @param  [out]      out       Buffer to write to.
+ * @param  [in]       blocks    Number of blocks to write.
+ * @return  0 on success always.
+ */
+static int mlkem_xof_squeezeblocks(wc_Shake* shake128, byte* out, int blocks)
+{
+    return wc_Shake128_SqueezeBlocks(shake128, out, blocks);
+}
+#endif
+
+/* New/Initialize SHA-3 object.
+ *
+ * FIPS 203, Section 4.1:
+ * H(s) := SHA3-256(s)
+ *
+ * @param  [in, out]  hash    SHA-3 object.
+ * @param  [in]       heap    Dynamic memory allocator hint.
+ * @param  [in]       devId   Device id.
+ * @return  0 on success always.
+ */
+int mlkem_hash_new(wc_Sha3* hash, void* heap, int devId)
+{
+    return wc_InitSha3_256(hash, heap, devId);
+}
+
+/* Free SHA-3 object.
+ *
+ * FIPS 203, Section 4.1:
+ * H(s) := SHA3-256(s)
+ *
+ * @param  [in, out]  hash  SHA-3 object.
+ */
+void mlkem_hash_free(wc_Sha3* hash)
+{
+    wc_Sha3_256_Free(hash);
+}
+
+/* Hash data using SHA3-256 with SHA-3 object.
+ *
+ * FIPS 203, Section 4.1:
+ * H(s) := SHA3-256(s)
+ *
+ * @param  [in, out]  hash     SHA-3 object.
+ * @param  [io]       data     Data to be hashed.
+ * @param  [in]       dataLen  Length of data in bytes.
+ * @param  [out]      out      Hash of data.
+ * @return  0 on success.
+ */
+int mlkem_hash256(wc_Sha3* hash, const byte* data, word32 dataLen, byte* out)
+{
+    int ret;
+
+    /* Process all data. */
+    ret = wc_Sha3_256_Update(hash, data, dataLen);
+    if (ret == 0) {
+        /* Calculate Hash of data passed in an re-initialize. */
+        ret = wc_Sha3_256_Final(hash, out);
+    }
+
+    return ret;
+}
+
+/* Hash one or two blocks of data using SHA3-512 with SHA-3 object.
+ *
+ * FIPS 203, Section 4.1:
+ * G(s) := SHA3-512(s)
+ *
+ * @param  [in, out]  hash      SHA-3 object.
+ * @param  [io]       data1     First block of data to be hashed.
+ * @param  [in]       data1Len  Length of first block of data in bytes.
+ * @param  [io]       data2     Second block of data to be hashed. May be NULL.
+ * @param  [in]       data2Len  Length of second block of data in bytes.
+ * @param  [out]      out       Hash of all data.
+ * @return  0 on success.
+ */
+int mlkem_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len,
+    const byte* data2, word32 data2Len, byte* out)
+{
+    int ret;
+
+    /* Process first block of data. */
+    ret = wc_Sha3_512_Update(hash, data1, data1Len);
+    /* Check if there is a second block of data. */
+    if ((ret == 0) && (data2Len > 0)) {
+        /* Process second block of data. */
+        ret = wc_Sha3_512_Update(hash, data2, data2Len);
+    }
+    if (ret == 0) {
+        /* Calculate Hash of data passed in an re-initialize. */
+        ret = wc_Sha3_512_Final(hash, out);
+    }
+
+    return ret;
+}
+
+/* Initialize SHAKE-256 object.
+ *
+ * @param  [in, out]  shake256  SHAKE-256 object.
+ */
+void mlkem_prf_init(wc_Shake* prf)
+{
+    XMEMSET(prf->s, 0, sizeof(prf->s));
+}
+
+/* New/Initialize SHAKE-256 object.
+ *
+ * FIPS 203, Section 4.1:
+ * PRF_eta(s,b) := SHA256(s||b,8.64.eta)
+ *
+ * @param  [in, out]  shake256  SHAKE-256 object.
+ * @param  [in]       heap      Dynamic memory allocator hint.
+ * @param  [in]       devId     Device id.
+ * @return  0 on success always.
+ */
+int mlkem_prf_new(wc_Shake* prf, void* heap, int devId)
+{
+    return wc_InitShake256(prf, heap, devId);
+}
+
+/* Free SHAKE-256 object.
+ *
+ * FIPS 203, Section 4.1:
+ * PRF_eta(s,b) := SHA256(s||b,8.64.eta)
+ *
+ * @param  [in, out]  shake256  SHAKE-256 object.
+ */
+void mlkem_prf_free(wc_Shake* prf)
+{
+    wc_Shake256_Free(prf);
+}
+
+#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__))
+/* Create pseudo-random data from the key using SHAKE-256.
+ *
+ * FIPS 203, Section 4.1:
+ * PRF_eta(s,b) := SHA256(s||b,8.64.eta)
+ *
+ * @param  [in, out]  shake256  SHAKE-256 object.
+ * @param  [out]      out       Buffer to write to.
+ * @param  [in]       outLen    Number of bytes to write.
+ * @param  [in]       key       Data to derive from. Must be:
+ *                                WC_ML_KEM_SYM_SZ + 1 bytes in length.
+ * @return  0 on success always.
+ */
+static int mlkem_prf(wc_Shake* shake256, byte* out, unsigned int outLen,
+    const byte* key)
+{
+#ifdef USE_INTEL_SPEEDUP
+    word64 state[25];
+
+    (void)shake256;
+
+    /* Put first WC_ML_KEM_SYM_SZ bytes og key into blank state. */
+    readUnalignedWords64(state, key, WC_ML_KEM_SYM_SZ / sizeof(word64));
+    /* Last byte in with end of content marker. */
+    state[WC_ML_KEM_SYM_SZ / 8] = 0x1f00 | key[WC_ML_KEM_SYM_SZ];
+    /* Set rest of state to 0. */
+    XMEMSET(state + WC_ML_KEM_SYM_SZ / 8 + 1, 0,
+        (25 - WC_ML_KEM_SYM_SZ / 8 - 1) * sizeof(word64));
+    /* ... except for rate marker. */
+    state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000);
+
+    /* Generate as much output as is required. */
+    while (outLen > 0) {
+        /* Get as much of an output block as is needed. */
+        unsigned int len = min(outLen, WC_SHA3_256_BLOCK_SIZE);
+
+        /* Perform a block operation on the state for next block of output. */
+        if (IS_INTEL_BMI2(cpuid_flags)) {
+            sha3_block_bmi2(state);
+        }
+        else if (IS_INTEL_AVX2(cpuid_flags) &&
+                 (SAVE_VECTOR_REGISTERS2() == 0)) {
+            sha3_block_avx2(state);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else {
+            BlockSha3(state);
+        }
+
+        /* Copy the state as output. */
+        XMEMCPY(out, state, len);
+        /* Update output pointer and length. */
+        out += len;
+        outLen -= len;
+    }
+
+    return 0;
+#else
+    int ret;
+
+    /* Process all data. */
+    ret = wc_Shake256_Update(shake256, key, WC_ML_KEM_SYM_SZ + 1);
+    if (ret == 0) {
+        /* Calculate Hash of data passed in an re-initialize. */
+        ret = wc_Shake256_Final(shake256, out, outLen);
+    }
+
+    return ret;
+#endif
+}
+#endif
+
+#ifdef WOLFSSL_MLKEM_KYBER
+#ifdef USE_INTEL_SPEEDUP
+/* Create pseudo-random key from the seed using SHAKE-256.
+ *
+ * @param  [in]  seed      Data to derive from.
+ * @param  [in]  seedLen   Length of data to derive from in bytes.
+ * @param  [out] out       Buffer to write to.
+ * @param  [in]  outLen    Number of bytes to derive.
+ * @return  0 on success always.
+ */
+int mlkem_kdf(byte* seed, int seedLen, byte* out, int outLen)
+{
+    word64 state[25];
+    word32 len64 = seedLen / 8;
+
+    readUnalignedWords64(state, seed, len64);
+    state[len64] = 0x1f;
+    XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64));
+    state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000);
+
+    if (IS_INTEL_BMI2(cpuid_flags)) {
+        sha3_block_bmi2(state);
+    }
+    else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        sha3_block_avx2(state);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else {
+        BlockSha3(state);
+    }
+    XMEMCPY(out, state, outLen);
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+/* Create pseudo-random key from the seed using SHAKE-256.
+ *
+ * @param  [in]  seed      Data to derive from.
+ * @param  [in]  seedLen   Length of data to derive from in bytes.
+ * @param  [out] out       Buffer to write to.
+ * @param  [in]  outLen    Number of bytes to derive.
+ * @return  0 on success always.
+ */
+int mlkem_kdf(byte* seed, int seedLen, byte* out, int outLen)
+{
+    word64 state[25];
+    word32 len64 = seedLen / 8;
+
+    readUnalignedWords64(state, seed, len64);
+    state[len64] = 0x1f;
+    XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64));
+    state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000);
+
+    BlockSha3(state);
+    XMEMCPY(out, state, outLen);
+
+    return 0;
+}
+#endif
+#endif
+
+#ifndef WOLFSSL_NO_ML_KEM
+/* Derive the secret from z and cipher text.
+ *
+ * @param [in, out]  shake256  SHAKE-256 object.
+ * @param [in]       z         Implicit rejection value.
+ * @param [in]       ct        Cipher text.
+ * @param [in]       ctSz      Length of cipher text in bytes.
+ * @param [out]      ss        Shared secret.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation failed.
+ * @return  Other negative when a hash error occurred.
+ */
+int mlkem_derive_secret(wc_Shake* shake256, const byte* z, const byte* ct,
+    word32 ctSz, byte* ss)
+{
+    int ret;
+
+#ifdef USE_INTEL_SPEEDUP
+    XMEMCPY(shake256->t, z, WC_ML_KEM_SYM_SZ);
+    XMEMCPY(shake256->t, ct, WC_SHA3_256_COUNT * 8 - WC_ML_KEM_SYM_SZ);
+    shake256->i = WC_ML_KEM_SYM_SZ;
+    ct += WC_SHA3_256_COUNT * 8 - WC_ML_KEM_SYM_SZ;
+    ctSz -= WC_SHA3_256_COUNT * 8 - WC_ML_KEM_SYM_SZ;
+    ret = wc_Shake256_Update(shake256, ct, ctSz);
+    if (ret == 0) {
+        ret = wc_Shake256_Final(shake256, ss, WC_ML_KEM_SS_SZ);
+    }
+#else
+    ret = wc_Shake256_Update(shake256, z, WC_ML_KEM_SYM_SZ);
+    if (ret == 0) {
+        ret = wc_Shake256_Update(shake256, ct, ctSz);
+    }
+    if (ret == 0) {
+        ret = wc_Shake256_Final(shake256, ss, WC_ML_KEM_SS_SZ);
+    }
+#endif
+
+    return ret;
+}
+#endif
+
+#if !defined(WOLFSSL_ARMASM)
+/* Rejection sampling on uniform random bytes to generate uniform random
+ * integers mod q.
+ *
+ * FIPS 203, Algorithm 7: SampleNTT(B)
+ * Takes a 32-byte seed and two indices as input and outputs a pseudorandom
+ * element of T_q.
+ *   ...
+ *   4: while j < 256 do
+ *   5:     (ctx,C) <- XOF.Squeeze(ctx,3)
+ *   6:     d1 <- C[0] + 256.(C[1] mod 16)
+ *   7:     d2 <- lower(C[1] / 16) + 16.C[2]
+ *   8:     if d1 < q then
+ *   9:         a_hat[j] <- d1
+ *  10:         j <- j + 1
+ *  11:     end if
+ *  12:     if d2 < q and j < 256 then
+ *  13:         a_hat[j] <- d2
+ *  14:         j <- j + 1
+ *  15:     end if
+ *  16: end while
+ *  ...
+ *
+ * @param  [out]  p     Uniform random integers mod q.
+ * @param  [in]   len   Maximum number of integers.
+ * @param  [in]   r     Uniform random bytes buffer.
+ * @param  [in]   rLen  Length of random data in buffer.
+ * @return  Number of integers sampled.
+ */
+static unsigned int mlkem_rej_uniform_c(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen)
+{
+    unsigned int i;
+    unsigned int j;
+
+#if defined(WOLFSSL_MLKEM_SMALL) || !defined(WC_64BIT_CPU) || \
+    defined(BIG_ENDIAN_ORDER)
+    /* Keep sampling until maximum number of integers reached or buffer used up.
+     * Step 4. */
+    for (i = 0, j = 0; (i < len) && (j <= rLen - 3); j += 3) {
+        /* Step 5 - caller generates and now using 3 bytes of it. */
+        /* Use 24 bits (3 bytes) as two 12 bits integers. */
+        /* Step 6. */
+        sword16 v0 = ((r[0] >> 0) | ((word16)r[1] << 8)) & 0xFFF;
+        /* Step 7. */
+        sword16 v1 = ((r[1] >> 4) | ((word16)r[2] << 4)) & 0xFFF;
+
+        /* Reject first 12-bit integer if greater than or equal to q.
+         * Step 8 */
+        if (v0 < MLKEM_Q) {
+            /* Steps 9-10 */
+            p[i++] = v0;
+        }
+        /* Check second if we don't have enough integers yet.
+         * Reject second 12-bit integer if greater than or equal to q.
+         * Step 12 */
+        if ((i < len) && (v1 < MLKEM_Q)) {
+            /* Steps 13-14 */
+            p[i++] = v1;
+        }
+
+        /* Move over used bytes. */
+        r += 3;
+    }
+#else
+    /* Unroll loops. Minimal work per loop. */
+    unsigned int minJ;
+
+    /* Calculate minimum number of 6 byte data blocks to get all required
+     * numbers assuming no rejections. */
+    minJ = len / 4 * 6;
+    if (minJ > rLen)
+        minJ = rLen;
+    i = 0;
+    for (j = 0; j < minJ; j += 6) {
+        /* Use 48 bits (6 bytes) as four 12-bit integers. */
+        word64 r_word = readUnalignedWord64(r);
+        sword16 v0 =  r_word        & 0xfff;
+        sword16 v1 = (r_word >> 12) & 0xfff;
+        sword16 v2 = (r_word >> 24) & 0xfff;
+        sword16 v3 = (r_word >> 36) & 0xfff;
+
+        p[i] = v0;
+        i += (v0 < MLKEM_Q);
+        p[i] = v1;
+        i += (v1 < MLKEM_Q);
+        p[i] = v2;
+        i += (v2 < MLKEM_Q);
+        p[i] = v3;
+        i += (v3 < MLKEM_Q);
+
+        /* Move over used bytes. */
+        r += 6;
+    }
+    /* Check whether we have all the numbers we need. */
+    if (j < rLen) {
+        /* Keep trying until we have less than 4 numbers to find or data is used
+         * up. */
+        for (; (i + 4 < len) && (j < rLen); j += 6) {
+            /* Use 48 bits (6 bytes) as four 12-bit integers. */
+            word64 r_word = readUnalignedWord64(r);
+            sword16 v0 =  r_word        & 0xfff;
+            sword16 v1 = (r_word >> 12) & 0xfff;
+            sword16 v2 = (r_word >> 24) & 0xfff;
+            sword16 v3 = (r_word >> 36) & 0xfff;
+
+            p[i] = v0;
+            i += (v0 < MLKEM_Q);
+            p[i] = v1;
+            i += (v1 < MLKEM_Q);
+            p[i] = v2;
+            i += (v2 < MLKEM_Q);
+            p[i] = v3;
+            i += (v3 < MLKEM_Q);
+
+            /* Move over used bytes. */
+            r += 6;
+        }
+        /* Keep trying until we have all the numbers we need or the data is used
+         * up. */
+        for (; (i < len) && (j < rLen); j += 6) {
+            /* Use 48 bits (6 bytes) as four 12-bit integers. */
+            word64 r_word = readUnalignedWord64(r);
+            sword16 v0 =  r_word        & 0xfff;
+            sword16 v1 = (r_word >> 12) & 0xfff;
+            sword16 v2 = (r_word >> 24) & 0xfff;
+            sword16 v3 = (r_word >> 36) & 0xfff;
+
+            /* Reject first 12-bit integer if greater than or equal to q. */
+            if (v0 < MLKEM_Q) {
+                p[i++] = v0;
+            }
+            /* Check second if we don't have enough integers yet.
+             * Reject second 12-bit integer if greater than or equal to q. */
+            if ((i < len) && (v1 < MLKEM_Q)) {
+                p[i++] = v1;
+            }
+            /* Check second if we don't have enough integers yet.
+             * Reject third 12-bit integer if greater than or equal to q. */
+            if ((i < len) && (v2 < MLKEM_Q)) {
+                p[i++] = v2;
+            }
+            /* Check second if we don't have enough integers yet.
+             * Reject fourth 12-bit integer if greater than or equal to q. */
+            if ((i < len) && (v3 < MLKEM_Q)) {
+                p[i++] = v3;
+            }
+
+            /* Move over used bytes. */
+            r += 6;
+        }
+    }
+#endif
+
+    return i;
+}
+#endif
+
+#if !defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \
+    !defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM)
+
+#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__))
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   3: for (i <- 0; i < k; i++)
+ *   4:     for (j <- 0; j < k; j++)
+ *   5:         A_hat[i,j] <- SampleNTT(rho||j||i)
+ *   6:     end for
+ *   7: end for
+ *   ...
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *   4: for (i <- 0; i < k; i++)
+ *   5:     for (j <- 0; j < k; j++)
+ *   6:         A_hat[i,j] <- SampleNTT(rho||j||i)  (Transposed is rho||i||j)
+ *   7:     end for
+ *   8: end for
+ *   ...
+ * FIPS 203, Algorithm 7: SampleNTT(B)
+ * Takes a 32-byte seed and two indices as input and outputs a pseudorandom
+ * element of T_q.
+ *   1: ctx <- XOF.init()
+ *   2: ctx <- XOF.Absorb(ctx,B)
+ *   3: j <- 0
+ *   4: while j < 256 do
+ *   5:     (ctx,C) <- XOF.Squeeze(ctx,3)
+ *   ...
+ *  16: end while
+ *  17: return a_hat
+ *
+ * @param  [in]   prf         XOF object.
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   k           Number of dimensions. k x k polynomials.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int mlkem_gen_matrix_c(MLKEM_PRF_T* prf, sword16* a, int k, byte* seed,
+    int transposed)
+{
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    byte* rand;
+#else
+    byte rand[GEN_MATRIX_SIZE + 2];
+#endif
+    byte extSeed[WC_ML_KEM_SYM_SZ + 2];
+    int ret = 0;
+    int i;
+
+    /* Copy seed into buffer than has space for i and j to be appended. */
+    XMEMCPY(extSeed, seed, WC_ML_KEM_SYM_SZ);
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    /* Allocate large amount of memory to hold random bytes to be samples. */
+    rand = (byte*)XMALLOC(GEN_MATRIX_SIZE + 2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (rand == NULL) {
+        ret = MEMORY_E;
+    }
+#endif
+
+#if !defined(WOLFSSL_MLKEM_SMALL) && defined(WC_64BIT_CPU)
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    if (ret == 0) {
+        rand[GEN_MATRIX_SIZE+0] = 0xff;
+        rand[GEN_MATRIX_SIZE+1] = 0xff;
+    }
+#endif
+
+    /* Generate each vector of polynomials.
+     * Alg 13, Step 3. Alg 14, Step 4. */
+    for (i = 0; (ret == 0) && (i < k); i++, a += k * MLKEM_N) {
+        int j;
+        /* Generate each polynomial in vector from seed with indices.
+         * Alg 13, Step 4. Alg 14, Step 5. */
+        for (j = 0; (ret == 0) && (j < k); j++) {
+            if (transposed) {
+                /* Alg 14, Step 6: .. rho||i||j ... */
+                extSeed[WC_ML_KEM_SYM_SZ + 0] = i;
+                extSeed[WC_ML_KEM_SYM_SZ + 1] = j;
+            }
+            else {
+                /* Alg 13, Step 5: .. rho||j||i ... */
+                extSeed[WC_ML_KEM_SYM_SZ + 0] = j;
+                extSeed[WC_ML_KEM_SYM_SZ + 1] = i;
+            }
+            /* Absorb the index specific seed.
+             * Alg 7, Step 1-2 */
+            ret = mlkem_xof_absorb(prf, extSeed, sizeof(extSeed));
+            if (ret == 0) {
+                /* Create data based on the seed.
+                 * Alg 7, Step 5. Generating enough to, on average, be able to
+                 * get enough valid values. */
+                ret = mlkem_xof_squeezeblocks(prf, rand, GEN_MATRIX_NBLOCKS);
+            }
+            if (ret == 0) {
+                unsigned int ctr;
+
+                /* Sample random bytes to create a polynomial.
+                 * Alg 7, Step 3 - implicitly counter is 0.
+                 * Alg 7, Step 4-16. */
+                ctr = mlkem_rej_uniform_c(a + j * MLKEM_N, MLKEM_N, rand,
+                    GEN_MATRIX_SIZE);
+                /* Create more blocks if too many rejected.
+                 * Alg 7, Step 4. */
+                while (ctr < MLKEM_N) {
+                    /* Alg 7, Step 5. */
+                    mlkem_xof_squeezeblocks(prf, rand, 1);
+                    /* Alg 7, Step 4-16. */
+                    ctr += mlkem_rej_uniform_c(a + j * MLKEM_N + ctr,
+                        MLKEM_N - ctr, rand, XOF_BLOCK_SIZE);
+                }
+            }
+        }
+    }
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    /* Dispose of temporary buffer. */
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+#endif
+
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d), Steps 3-7
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r), Steps 4-8
+ *
+ * @param  [in]   prf         XOF object.
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   k           Number of dimensions. k x k polynomials.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+int mlkem_gen_matrix(MLKEM_PRF_T* prf, sword16* a, int k, byte* seed,
+    int transposed)
+{
+    int ret;
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+    if (k == WC_ML_KEM_512_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = mlkem_gen_matrix_k2_aarch64(a, seed, transposed);
+#else
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            ret = mlkem_gen_matrix_k2_avx2(a, seed, transposed);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        {
+            ret = mlkem_gen_matrix_c(prf, a, WC_ML_KEM_512_K, seed, transposed);
+        }
+#endif
+    }
+    else
+#endif
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+    if (k == WC_ML_KEM_768_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = mlkem_gen_matrix_k3_aarch64(a, seed, transposed);
+#else
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            ret = mlkem_gen_matrix_k3_avx2(a, seed, transposed);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        {
+            ret = mlkem_gen_matrix_c(prf, a, WC_ML_KEM_768_K, seed, transposed);
+        }
+#endif
+    }
+    else
+#endif
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+    if (k == WC_ML_KEM_1024_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = mlkem_gen_matrix_k4_aarch64(a, seed, transposed);
+#else
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            ret = mlkem_gen_matrix_k4_avx2(a, seed, transposed);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        {
+            ret = mlkem_gen_matrix_c(prf, a, WC_ML_KEM_1024_K, seed,
+                transposed);
+        }
+#endif
+    }
+    else
+#endif
+    {
+        ret = BAD_STATE_E;
+    }
+
+    (void)prf;
+
+    return ret;
+}
+
+#endif
+
+#if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \
+    defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM)
+
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ * ...
+ * 4:     for (j <- 0; j < k; j++)
+ * 5:         A_hat[i,j] <- SampleNTT(rho||j||i)
+ * 6:     end for
+ * ...
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ * ...
+ * 5:     for (j <- 0; j < k; j++)
+ * 6:         A_hat[i,j] <- SampleNTT(rho||j||i)  (Transposed is rho||i||j)
+ * 7:     end for
+ * ...
+ *
+ * @param  [in]   prf         XOF object.
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   k           Number of dimensions. k x k polynomials.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @param  [in]   i           Index of vector to generate.
+ * @param  [in]   transposed  Whether A or A^T is generated.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int mlkem_gen_matrix_i(MLKEM_PRF_T* prf, sword16* a, int k, byte* seed,
+    int i, int transposed)
+{
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    byte* rand;
+#else
+    byte rand[GEN_MATRIX_SIZE + 2];
+#endif
+    byte extSeed[WC_ML_KEM_SYM_SZ + 2];
+    int ret = 0;
+    int j;
+
+    XMEMCPY(extSeed, seed, WC_ML_KEM_SYM_SZ);
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    /* Allocate large amount of memory to hold random bytes to be samples. */
+    rand = (byte*)XMALLOC(GEN_MATRIX_SIZE + 2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (rand == NULL) {
+        ret = MEMORY_E;
+    }
+#endif
+
+#if !defined(WOLFSSL_MLKEM_SMALL) && defined(WC_64BIT_CPU)
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    if (ret == 0) {
+        rand[GEN_MATRIX_SIZE+0] = 0xff;
+        rand[GEN_MATRIX_SIZE+1] = 0xff;
+    }
+#endif
+
+    /* Generate each polynomial in vector from seed with indices.
+     * Alg 13, Step 4. Alg 14, Step 5. */
+    for (j = 0; (ret == 0) && (j < k); j++) {
+        if (transposed) {
+            /* Alg 14, Step 6: .. rho||i||j ... */
+            extSeed[WC_ML_KEM_SYM_SZ + 0] = i;
+            extSeed[WC_ML_KEM_SYM_SZ + 1] = j;
+        }
+        else {
+            /* Alg 13, Step 5: .. rho||j||i ... */
+            extSeed[WC_ML_KEM_SYM_SZ + 0] = j;
+            extSeed[WC_ML_KEM_SYM_SZ + 1] = i;
+        }
+        /* Absorb the index specific seed.
+         * Alg 7, Step 1-2 */
+        ret = mlkem_xof_absorb(prf, extSeed, sizeof(extSeed));
+        if (ret == 0) {
+            /* Create out based on the seed.
+             * Alg 7, Step 5. Generating enough to, on average, be able to get
+             * enough valid values. */
+            ret = mlkem_xof_squeezeblocks(prf, rand, GEN_MATRIX_NBLOCKS);
+        }
+        if (ret == 0) {
+            unsigned int ctr;
+
+            /* Sample random bytes to create a polynomial.
+             * Alg 7, Step 3 - implicitly counter is 0.
+             * Alg 7, Step 4-16. */
+            ctr = mlkem_rej_uniform_c(a + j * MLKEM_N, MLKEM_N, rand,
+                GEN_MATRIX_SIZE);
+            /* Create more blocks if too many rejected.
+             * Alg 7, Step 4. */
+            while (ctr < MLKEM_N) {
+                /* Alg 7, Step 5. */
+                mlkem_xof_squeezeblocks(prf, rand, 1);
+                /* Alg 7, Step 4-16. */
+                ctr += mlkem_rej_uniform_c(a + j * MLKEM_N + ctr,
+                    MLKEM_N - ctr, rand, XOF_BLOCK_SIZE);
+            }
+        }
+    }
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    /* Dispose of temporary buffer. */
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+#endif
+
+
+/******************************************************************************/
+
+/* Subtract one 2 bit value from another out of a larger number.
+ *
+ * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B)
+ * Takes a seed as input and outputs a pseudorandom sample from the distribution
+ * D_eta(R_q).
+ *
+ * @param  [in]  d  Value containing sequential 2 bit values.
+ * @param  [in]  i  Start index of the two values in 2 bits each.
+ * @return  Difference of the two values with range 0..2.
+ */
+#define ETA2_SUB(d, i) \
+    (((sword16)(((d) >> ((i) * 4 + 0)) & 0x3)) - \
+     ((sword16)(((d) >> ((i) * 4 + 2)) & 0x3)))
+
+/* Compute polynomial with coefficients distributed according to a centered
+ * binomial distribution with parameter eta2 from uniform random bytes.
+ *
+ * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B)
+ * Takes a seed as input and outputs a pseudorandom sample from the distribution
+ * D_eta(R_q).
+ *
+ * @param [out]  p  Polynomial computed.
+ * @param [in]   r  Random bytes.
+ */
+static void mlkem_cbd_eta2(sword16* p, const byte* r)
+{
+    unsigned int i;
+
+#ifndef WORD64_AVAILABLE
+    /* Calculate eight integer coefficients at a time. */
+    for (i = 0; i < MLKEM_N; i += 8) {
+    #ifdef WOLFSSL_MLKEM_SMALL
+        unsigned int j;
+    #endif
+        /* Take the next 4 bytes, little endian, as a 32 bit value. */
+    #ifdef BIG_ENDIAN_ORDER
+        word32 t = ByteReverseWord32(*(word32*)r);
+    #else
+        word32 t = *(word32*)r;
+    #endif
+        word32 d;
+        /* Add second bits to first. */
+        d  = (t >> 0) & 0x55555555;
+        d += (t >> 1) & 0x55555555;
+        /* Values 0, 1 or 2 in consecutive 2 bits.
+         * 0 - 1/4, 1 - 2/4, 2 - 1/4. */
+
+    #ifdef WOLFSSL_MLKEM_SMALL
+        for (j = 0; j < 8; j++) {
+            p[i + j] = ETA2_SUB(d, j);
+        }
+    #else
+        p[i + 0] = ETA2_SUB(d, 0);
+        p[i + 1] = ETA2_SUB(d, 1);
+        p[i + 2] = ETA2_SUB(d, 2);
+        p[i + 3] = ETA2_SUB(d, 3);
+        p[i + 4] = ETA2_SUB(d, 4);
+        p[i + 5] = ETA2_SUB(d, 5);
+        p[i + 6] = ETA2_SUB(d, 6);
+        p[i + 7] = ETA2_SUB(d, 7);
+    #endif
+        /* -2 - 1/16, -1 - 4/16, 0 - 6/16, 1 - 4/16, 2 - 1/16  */
+
+        /* Move over used bytes. */
+        r += 4;
+    }
+#else
+    /* Calculate sixteen integer coefficients at a time. */
+    for (i = 0; i < MLKEM_N; i += 16) {
+    #ifdef WOLFSSL_MLKEM_SMALL
+        unsigned int j;
+    #endif
+        /* Take the next 8 bytes, little endian, as a 64 bit value. */
+    #ifdef BIG_ENDIAN_ORDER
+        word64 t = ByteReverseWord64(readUnalignedWord64(r));
+    #else
+        word64 t = readUnalignedWord64(r);
+    #endif
+        word64 d;
+        /* Add second bits to first. */
+        d  = (t >> 0) & 0x5555555555555555L;
+        d += (t >> 1) & 0x5555555555555555L;
+        /* Values 0, 1 or 2 in consecutive 2 bits.
+         * 0 - 1/4, 1 - 2/4, 2 - 1/4. */
+
+    #ifdef WOLFSSL_MLKEM_SMALL
+        for (j = 0; j < 16; j++) {
+            p[i + j] = ETA2_SUB(d, j);
+        }
+    #else
+        p[i +  0] = ETA2_SUB(d,  0);
+        p[i +  1] = ETA2_SUB(d,  1);
+        p[i +  2] = ETA2_SUB(d,  2);
+        p[i +  3] = ETA2_SUB(d,  3);
+        p[i +  4] = ETA2_SUB(d,  4);
+        p[i +  5] = ETA2_SUB(d,  5);
+        p[i +  6] = ETA2_SUB(d,  6);
+        p[i +  7] = ETA2_SUB(d,  7);
+        p[i +  8] = ETA2_SUB(d,  8);
+        p[i +  9] = ETA2_SUB(d,  9);
+        p[i + 10] = ETA2_SUB(d, 10);
+        p[i + 11] = ETA2_SUB(d, 11);
+        p[i + 12] = ETA2_SUB(d, 12);
+        p[i + 13] = ETA2_SUB(d, 13);
+        p[i + 14] = ETA2_SUB(d, 14);
+        p[i + 15] = ETA2_SUB(d, 15);
+    #endif
+        /* -2 - 1/16, -1 - 4/16, 0 - 6/16, 1 - 4/16, 2 - 1/16  */
+
+        /* Move over used bytes. */
+        r += 8;
+    }
+#endif
+}
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+/* Subtract one 3 bit value from another out of a larger number.
+ *
+ * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B)
+ * Takes a seed as input and outputs a pseudorandom sample from the distribution
+ * D_eta(R_q).
+ *
+ * @param  [in]  d  Value containing sequential 3 bit values.
+ * @param  [in]  i  Start index of the two values in 3 bits each.
+ * @return  Difference of the two values with range 0..3.
+ */
+#define ETA3_SUB(d, i) \
+    (((sword16)(((d) >> ((i) * 6 + 0)) & 0x7)) - \
+     ((sword16)(((d) >> ((i) * 6 + 3)) & 0x7)))
+
+/* Compute polynomial with coefficients distributed according to a centered
+ * binomial distribution with parameter eta3 from uniform random bytes.
+ *
+ * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B)
+ * Takes a seed as input and outputs a pseudorandom sample from the distribution
+ * D_eta(R_q).
+ *
+ * @param [out]  p  Polynomial computed.
+ * @param [in]   r  Random bytes.
+ */
+static void mlkem_cbd_eta3(sword16* p, const byte* r)
+{
+    unsigned int i;
+
+#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE) || \
+    defined(BIG_ENDIAN_ORDER)
+#ifndef WORD64_AVAILABLE
+    /* Calculate four integer coefficients at a time. */
+    for (i = 0; i < MLKEM_N; i += 4) {
+    #ifdef WOLFSSL_MLKEM_SMALL
+        unsigned int j;
+    #endif
+        /* Take the next 3 bytes, little endian, as a 24 bit value. */
+        word32 t = (((word32)(r[0])) <<  0) |
+                   (((word32)(r[1])) <<  8) |
+                   (((word32)(r[2])) << 16);
+        word32 d;
+        /* Add second and third bits to first. */
+        d  = (t >> 0) & 0x00249249;
+        d += (t >> 1) & 0x00249249;
+        d += (t >> 2) & 0x00249249;
+        /* Values 0, 1, 2 or 3 in consecutive 3 bits.
+         * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */
+
+    #ifdef WOLFSSL_MLKEM_SMALL
+        for (j = 0; j < 4; j++) {
+            p[i + j] = ETA3_SUB(d, j);
+        }
+    #else
+        p[i + 0] = ETA3_SUB(d, 0);
+        p[i + 1] = ETA3_SUB(d, 1);
+        p[i + 2] = ETA3_SUB(d, 2);
+        p[i + 3] = ETA3_SUB(d, 3);
+    #endif
+        /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */
+
+        /* Move over used bytes. */
+        r += 3;
+    }
+#else
+    /* Calculate eight integer coefficients at a time. */
+    for (i = 0; i < MLKEM_N; i += 8) {
+    #ifdef WOLFSSL_MLKEM_SMALL
+        unsigned int j;
+    #endif
+        /* Take the next 6 bytes, little endian, as a 48 bit value. */
+        word64 t = (((word64)(r[0])) <<  0) |
+                   (((word64)(r[1])) <<  8) |
+                   (((word64)(r[2])) << 16) |
+                   (((word64)(r[3])) << 24) |
+                   (((word64)(r[4])) << 32) |
+                   (((word64)(r[5])) << 40);
+        word64 d;
+        /* Add second and third bits to first. */
+        d  = (t >> 0) & 0x0000249249249249L;
+        d += (t >> 1) & 0x0000249249249249L;
+        d += (t >> 2) & 0x0000249249249249L;
+        /* Values 0, 1, 2 or 3 in consecutive 3 bits.
+         * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */
+
+    #ifdef WOLFSSL_MLKEM_SMALL
+        for (j = 0; j < 8; j++) {
+            p[i + j] = ETA3_SUB(d, j);
+        }
+    #else
+        p[i + 0] = ETA3_SUB(d, 0);
+        p[i + 1] = ETA3_SUB(d, 1);
+        p[i + 2] = ETA3_SUB(d, 2);
+        p[i + 3] = ETA3_SUB(d, 3);
+        p[i + 4] = ETA3_SUB(d, 4);
+        p[i + 5] = ETA3_SUB(d, 5);
+        p[i + 6] = ETA3_SUB(d, 6);
+        p[i + 7] = ETA3_SUB(d, 7);
+    #endif
+        /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */
+
+        /* Move over used bytes. */
+        r += 6;
+    }
+#endif /* WORD64_AVAILABLE */
+#else
+    /* Calculate eight integer coefficients at a time. */
+    for (i = 0; i < MLKEM_N; i += 16) {
+        const word32* r32 = (const word32*)r;
+        /* Take the next 12 bytes, little endian, as 24 bit values. */
+        word32 t0 =   r32[0]                          & 0xffffff;
+        word32 t1 = ((r32[0] >> 24) | (r32[1] <<  8)) & 0xffffff;
+        word32 t2 = ((r32[1] >> 16) | (r32[2] << 16)) & 0xffffff;
+        word32 t3 =   r32[2] >>  8                              ;
+        word32 d0;
+        word32 d1;
+        word32 d2;
+        word32 d3;
+
+        /* Add second and third bits to first. */
+        d0  = (t0 >> 0) & 0x00249249;
+        d0 += (t0 >> 1) & 0x00249249;
+        d0 += (t0 >> 2) & 0x00249249;
+        d1  = (t1 >> 0) & 0x00249249;
+        d1 += (t1 >> 1) & 0x00249249;
+        d1 += (t1 >> 2) & 0x00249249;
+        d2  = (t2 >> 0) & 0x00249249;
+        d2 += (t2 >> 1) & 0x00249249;
+        d2 += (t2 >> 2) & 0x00249249;
+        d3  = (t3 >> 0) & 0x00249249;
+        d3 += (t3 >> 1) & 0x00249249;
+        d3 += (t3 >> 2) & 0x00249249;
+        /* Values 0, 1, 2 or 3 in consecutive 3 bits.
+         * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */
+
+        p[i +  0] = ETA3_SUB(d0, 0);
+        p[i +  1] = ETA3_SUB(d0, 1);
+        p[i +  2] = ETA3_SUB(d0, 2);
+        p[i +  3] = ETA3_SUB(d0, 3);
+        p[i +  4] = ETA3_SUB(d1, 0);
+        p[i +  5] = ETA3_SUB(d1, 1);
+        p[i +  6] = ETA3_SUB(d1, 2);
+        p[i +  7] = ETA3_SUB(d1, 3);
+        p[i +  8] = ETA3_SUB(d2, 0);
+        p[i +  9] = ETA3_SUB(d2, 1);
+        p[i + 10] = ETA3_SUB(d2, 2);
+        p[i + 11] = ETA3_SUB(d2, 3);
+        p[i + 12] = ETA3_SUB(d3, 0);
+        p[i + 13] = ETA3_SUB(d3, 1);
+        p[i + 14] = ETA3_SUB(d3, 2);
+        p[i + 15] = ETA3_SUB(d3, 3);
+        /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */
+
+        /* Move over used bytes. */
+        r += 12;
+    }
+#endif /* WOLFSSL_SMALL_STACK || WOLFSSL_MLKEM_NO_LARGE_CODE ||
+        * BIG_ENDIAN_ORDER */
+}
+#endif
+
+#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM))
+
+/* Get noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d)
+ *   ...
+ *   9:     s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N))
+ *   ...
+ *  13:     e[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N))
+ *   ...
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  10:     y[i] <- SamplePolyCBD_eta_1(PRF_eta_1(r, N))
+ *   ...
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [out]      p     Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @param  [in]       eta1  Size of noise/error integers.
+ * @return  0 on success.
+ */
+static int mlkem_get_noise_eta1_c(MLKEM_PRF_T* prf, sword16* p,
+    const byte* seed, byte eta1)
+{
+    int ret;
+
+    (void)eta1;
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+    if (eta1 == MLKEM_CBD_ETA3) {
+        byte rand[ETA3_RAND_SIZE];
+
+        /* Calculate random bytes from seed with PRF. */
+        ret = mlkem_prf(prf, rand, sizeof(rand), seed);
+        if (ret == 0) {
+            /* Sample for values in range -3..3 from 3 bits of random. */
+            mlkem_cbd_eta3(p, rand);
+         }
+    }
+    else
+#endif
+    {
+        byte rand[ETA2_RAND_SIZE];
+
+        /* Calculate random bytes from seed with PRF. */
+        ret = mlkem_prf(prf, rand, sizeof(rand), seed);
+        if (ret == 0) {
+            /* Sample for values in range -2..2 from 2 bits of random. */
+            mlkem_cbd_eta2(p, rand);
+        }
+    }
+
+    return ret;
+}
+
+/* Get noise/error by calculating random bytes and sampling to a binomial
+ * distribution. Values -2..2
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [out]      p     Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int mlkem_get_noise_eta2_c(MLKEM_PRF_T* prf, sword16* p,
+    const byte* seed)
+{
+    int ret;
+    byte rand[ETA2_RAND_SIZE];
+
+    /* Calculate random bytes from seed with PRF. */
+    ret = mlkem_prf(prf, rand, sizeof(rand), seed);
+    if (ret == 0) {
+        mlkem_cbd_eta2(p, rand);
+    }
+
+    return ret;
+}
+
+#endif
+
+#ifdef USE_INTEL_SPEEDUP
+#define PRF_RAND_SZ   (2 * SHA3_256_BYTES)
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) || \
+    defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Get the noise/error by calculating random bytes.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ */
+static void mlkem_get_noise_x4_eta2_avx2(byte* rand, byte* seed, byte o)
+{
+    int i;
+    word64 state[25 * 4];
+
+    for (i = 0; i < 4; i++) {
+        state[4*4 + i] = 0x1f00 + i + o;
+    }
+
+    mlkem_sha3_256_blocksx4_seed_avx2(state, seed);
+    mlkem_redistribute_16_rand_avx2(state, rand + 0 * ETA2_RAND_SIZE,
+        rand + 1 * ETA2_RAND_SIZE, rand + 2 * ETA2_RAND_SIZE,
+        rand + 3 * ETA2_RAND_SIZE);
+}
+#endif
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Get noise/error by calculating random bytes and sampling to a binomial
+ * distribution. Values -2..2
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [out]      p     Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int mlkem_get_noise_eta2_avx2(MLKEM_PRF_T* prf, sword16* p,
+    const byte* seed)
+{
+    word64 state[25];
+
+    (void)prf;
+
+    /* Put first WC_ML_KEM_SYM_SZ bytes og key into blank state. */
+    readUnalignedWords64(state, seed, WC_ML_KEM_SYM_SZ / sizeof(word64));
+    /* Last byte in with end of content marker. */
+    state[WC_ML_KEM_SYM_SZ / 8] = 0x1f00 | seed[WC_ML_KEM_SYM_SZ];
+    /* Set rest of state to 0. */
+    XMEMSET(state + WC_ML_KEM_SYM_SZ / 8 + 1, 0,
+        (25 - WC_ML_KEM_SYM_SZ / 8 - 1) * sizeof(word64));
+    /* ... except for rate marker. */
+    state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000);
+
+    /* Perform a block operation on the state for next block of output. */
+    if (IS_INTEL_BMI2(cpuid_flags)) {
+        sha3_block_bmi2(state);
+    }
+    else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        sha3_block_avx2(state);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else {
+        BlockSha3(state);
+    }
+    mlkem_cbd_eta2_avx2(p, (byte*)state);
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+/* Get the noise/error by calculating random bytes.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ */
+static void mlkem_get_noise_x4_eta3_avx2(byte* rand, byte* seed)
+{
+    word64 state[25 * 4];
+    int i;
+
+    state[4*4 + 0] = 0x1f00 + 0;
+    state[4*4 + 1] = 0x1f00 + 1;
+    state[4*4 + 2] = 0x1f00 + 2;
+    state[4*4 + 3] = 0x1f00 + 3;
+
+    mlkem_sha3_256_blocksx4_seed_avx2(state, seed);
+    mlkem_redistribute_17_rand_avx2(state, rand + 0 * PRF_RAND_SZ,
+        rand + 1 * PRF_RAND_SZ, rand + 2 * PRF_RAND_SZ,
+        rand + 3 * PRF_RAND_SZ);
+    i = SHA3_256_BYTES;
+    sha3_blocksx4_avx2(state);
+    mlkem_redistribute_8_rand_avx2(state, rand + i + 0 * PRF_RAND_SZ,
+        rand + i + 1 * PRF_RAND_SZ, rand + i + 2 * PRF_RAND_SZ,
+        rand + i + 3 * PRF_RAND_SZ);
+}
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int mlkem_get_noise_k2_avx2(MLKEM_PRF_T* prf, sword16* vec1,
+    sword16* vec2, sword16* poly, byte* seed)
+{
+    int ret = 0;
+    byte rand[4 * PRF_RAND_SZ];
+
+    mlkem_get_noise_x4_eta3_avx2(rand, seed);
+    mlkem_cbd_eta3_avx2(vec1          , rand + 0 * PRF_RAND_SZ);
+    mlkem_cbd_eta3_avx2(vec1 + MLKEM_N, rand + 1 * PRF_RAND_SZ);
+    if (poly == NULL) {
+        mlkem_cbd_eta3_avx2(vec2          , rand + 2 * PRF_RAND_SZ);
+        mlkem_cbd_eta3_avx2(vec2 + MLKEM_N, rand + 3 * PRF_RAND_SZ);
+    }
+    else {
+        mlkem_cbd_eta2_avx2(vec2          , rand + 2 * PRF_RAND_SZ);
+        mlkem_cbd_eta2_avx2(vec2 + MLKEM_N, rand + 3 * PRF_RAND_SZ);
+
+        seed[WC_ML_KEM_SYM_SZ] = 4;
+        ret = mlkem_get_noise_eta2_avx2(prf, poly, seed);
+    }
+
+    return ret;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int mlkem_get_noise_k3_avx2(sword16* vec1, sword16* vec2, sword16* poly,
+    byte* seed)
+{
+    byte rand[4 * ETA2_RAND_SIZE];
+
+    mlkem_get_noise_x4_eta2_avx2(rand, seed, 0);
+    mlkem_cbd_eta2_avx2(vec1              , rand + 0 * ETA2_RAND_SIZE);
+    mlkem_cbd_eta2_avx2(vec1 + 1 * MLKEM_N, rand + 1 * ETA2_RAND_SIZE);
+    mlkem_cbd_eta2_avx2(vec1 + 2 * MLKEM_N, rand + 2 * ETA2_RAND_SIZE);
+    mlkem_cbd_eta2_avx2(vec2              , rand + 3 * ETA2_RAND_SIZE);
+    mlkem_get_noise_x4_eta2_avx2(rand, seed, 4);
+    mlkem_cbd_eta2_avx2(vec2 + 1 * MLKEM_N, rand + 0 * ETA2_RAND_SIZE);
+    mlkem_cbd_eta2_avx2(vec2 + 2 * MLKEM_N, rand + 1 * ETA2_RAND_SIZE);
+    if (poly != NULL) {
+        mlkem_cbd_eta2_avx2(poly, rand + 2 * ETA2_RAND_SIZE);
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int mlkem_get_noise_k4_avx2(MLKEM_PRF_T* prf, sword16* vec1,
+    sword16* vec2, sword16* poly, byte* seed)
+{
+    int ret = 0;
+    byte rand[4 * ETA2_RAND_SIZE];
+
+    (void)prf;
+
+    mlkem_get_noise_x4_eta2_avx2(rand, seed, 0);
+    mlkem_cbd_eta2_avx2(vec1              , rand + 0 * ETA2_RAND_SIZE);
+    mlkem_cbd_eta2_avx2(vec1 + 1 * MLKEM_N, rand + 1 * ETA2_RAND_SIZE);
+    mlkem_cbd_eta2_avx2(vec1 + 2 * MLKEM_N, rand + 2 * ETA2_RAND_SIZE);
+    mlkem_cbd_eta2_avx2(vec1 + 3 * MLKEM_N, rand + 3 * ETA2_RAND_SIZE);
+    mlkem_get_noise_x4_eta2_avx2(rand, seed, 4);
+    mlkem_cbd_eta2_avx2(vec2              , rand + 0 * ETA2_RAND_SIZE);
+    mlkem_cbd_eta2_avx2(vec2 + 1 * MLKEM_N, rand + 1 * ETA2_RAND_SIZE);
+    mlkem_cbd_eta2_avx2(vec2 + 2 * MLKEM_N, rand + 2 * ETA2_RAND_SIZE);
+    mlkem_cbd_eta2_avx2(vec2 + 3 * MLKEM_N, rand + 3 * ETA2_RAND_SIZE);
+    if (poly != NULL) {
+        seed[WC_ML_KEM_SYM_SZ] = 8;
+        ret = mlkem_get_noise_eta2_avx2(prf, poly, seed);
+    }
+
+    return ret;
+}
+#endif
+#endif /* USE_INTEL_SPEEDUP */
+
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+
+#define PRF_RAND_SZ   (2 * SHA3_256_BYTES)
+
+/* Get the noise/error by calculating random bytes.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ */
+static void mlkem_get_noise_x3_eta2_aarch64(byte* rand, byte* seed, byte o)
+{
+    word64* state = (word64*)rand;
+
+    state[0*25 + 4] = 0x1f00 + 0 + o;
+    state[1*25 + 4] = 0x1f00 + 1 + o;
+    state[2*25 + 4] = 0x1f00 + 2 + o;
+
+    mlkem_shake256_blocksx3_seed_neon(state, seed);
+}
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+/* Get the noise/error by calculating random bytes.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ */
+static void mlkem_get_noise_x3_eta3_aarch64(byte* rand, byte* seed, byte o)
+{
+    word64 state[3 * 25];
+
+    state[0*25 + 4] = 0x1f00 + 0 + o;
+    state[1*25 + 4] = 0x1f00 + 1 + o;
+    state[2*25 + 4] = 0x1f00 + 2 + o;
+
+    mlkem_shake256_blocksx3_seed_neon(state, seed);
+    XMEMCPY(rand + 0 * ETA3_RAND_SIZE, state + 0*25, SHA3_256_BYTES);
+    XMEMCPY(rand + 1 * ETA3_RAND_SIZE, state + 1*25, SHA3_256_BYTES);
+    XMEMCPY(rand + 2 * ETA3_RAND_SIZE, state + 2*25, SHA3_256_BYTES);
+    mlkem_sha3_blocksx3_neon(state);
+    rand += SHA3_256_BYTES;
+    XMEMCPY(rand + 0 * ETA3_RAND_SIZE, state + 0*25,
+        ETA3_RAND_SIZE - SHA3_256_BYTES);
+    XMEMCPY(rand + 1 * ETA3_RAND_SIZE, state + 1*25,
+        ETA3_RAND_SIZE - SHA3_256_BYTES);
+    XMEMCPY(rand + 2 * ETA3_RAND_SIZE, state + 2*25,
+        ETA3_RAND_SIZE - SHA3_256_BYTES);
+}
+
+/* Get the noise/error by calculating random bytes.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ * @return  0 on success.
+ */
+static void mlkem_get_noise_eta3_aarch64(byte* rand, byte* seed, byte o)
+{
+    word64 state[25];
+
+    state[0] = ((word64*)seed)[0];
+    state[1] = ((word64*)seed)[1];
+    state[2] = ((word64*)seed)[2];
+    state[3] = ((word64*)seed)[3];
+    state[4] = 0x1f00 + o;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[16] = W64LIT(0x8000000000000000);
+    BlockSha3(state);
+    XMEMCPY(rand                 , state, SHA3_256_BYTES);
+    BlockSha3(state);
+    XMEMCPY(rand + SHA3_256_BYTES, state, ETA3_RAND_SIZE - SHA3_256_BYTES);
+}
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int mlkem_get_noise_k2_aarch64(sword16* vec1, sword16* vec2,
+    sword16* poly, byte* seed)
+{
+    int ret = 0;
+    byte rand[3 * 25 * 8];
+
+    mlkem_get_noise_x3_eta3_aarch64(rand, seed, 0);
+    mlkem_cbd_eta3(vec1          , rand + 0 * ETA3_RAND_SIZE);
+    mlkem_cbd_eta3(vec1 + MLKEM_N, rand + 1 * ETA3_RAND_SIZE);
+    if (poly == NULL) {
+        mlkem_cbd_eta3(vec2          , rand + 2 * ETA3_RAND_SIZE);
+        mlkem_get_noise_eta3_aarch64(rand, seed, 3);
+        mlkem_cbd_eta3(vec2 + MLKEM_N, rand                     );
+    }
+    else {
+        mlkem_get_noise_x3_eta2_aarch64(rand, seed, 2);
+        mlkem_cbd_eta2(vec2          , rand + 0 * 25 * 8);
+        mlkem_cbd_eta2(vec2 + MLKEM_N, rand + 1 * 25 * 8);
+        mlkem_cbd_eta2(poly          , rand + 2 * 25 * 8);
+    }
+
+    return ret;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Get the noise/error by calculating random bytes.
+ *
+ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r)
+ *   ...
+ *  14:     e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *  17:     e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N))
+ *   ...
+ *
+ * @param  [out]  rand  Random number byte array.
+ * @param  [in]   seed  Seed to generate random from.
+ * @param  [in]   o     Offset of seed count.
+ * @return  0 on success.
+ */
+static void mlkem_get_noise_eta2_aarch64(byte* rand, byte* seed, byte o)
+{
+    word64* state = (word64*)rand;
+
+    state[0] = ((word64*)seed)[0];
+    state[1] = ((word64*)seed)[1];
+    state[2] = ((word64*)seed)[2];
+    state[3] = ((word64*)seed)[3];
+    /* Transposed value same as not. */
+    state[4] = 0x1f00 + o;
+    XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5));
+    state[16] = W64LIT(0x8000000000000000);
+    BlockSha3(state);
+}
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int mlkem_get_noise_k3_aarch64(sword16* vec1, sword16* vec2,
+     sword16* poly, byte* seed)
+{
+    byte rand[3 * 25 * 8];
+
+    mlkem_get_noise_x3_eta2_aarch64(rand, seed, 0);
+    mlkem_cbd_eta2(vec1              , rand + 0 * 25 * 8);
+    mlkem_cbd_eta2(vec1 + 1 * MLKEM_N, rand + 1 * 25 * 8);
+    mlkem_cbd_eta2(vec1 + 2 * MLKEM_N, rand + 2 * 25 * 8);
+    mlkem_get_noise_x3_eta2_aarch64(rand, seed, 3);
+    mlkem_cbd_eta2(vec2              , rand + 0 * 25 * 8);
+    mlkem_cbd_eta2(vec2 + 1 * MLKEM_N, rand + 1 * 25 * 8);
+    mlkem_cbd_eta2(vec2 + 2 * MLKEM_N, rand + 2 * 25 * 8);
+    if (poly != NULL) {
+        mlkem_get_noise_eta2_aarch64(rand, seed, 6);
+        mlkem_cbd_eta2(poly              , rand + 0 * 25 * 8);
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int mlkem_get_noise_k4_aarch64(sword16* vec1, sword16* vec2,
+    sword16* poly, byte* seed)
+{
+    int ret = 0;
+    byte rand[3 * 25 * 8];
+
+    mlkem_get_noise_x3_eta2_aarch64(rand, seed, 0);
+    mlkem_cbd_eta2(vec1              , rand + 0 * 25 * 8);
+    mlkem_cbd_eta2(vec1 + 1 * MLKEM_N, rand + 1 * 25 * 8);
+    mlkem_cbd_eta2(vec1 + 2 * MLKEM_N, rand + 2 * 25 * 8);
+    mlkem_get_noise_x3_eta2_aarch64(rand, seed, 3);
+    mlkem_cbd_eta2(vec1 + 3 * MLKEM_N, rand + 0 * 25 * 8);
+    mlkem_cbd_eta2(vec2              , rand + 1 * 25 * 8);
+    mlkem_cbd_eta2(vec2 + 1 * MLKEM_N, rand + 2 * 25 * 8);
+    mlkem_get_noise_x3_eta2_aarch64(rand, seed, 6);
+    mlkem_cbd_eta2(vec2 + 2 * MLKEM_N, rand + 0 * 25 * 8);
+    mlkem_cbd_eta2(vec2 + 3 * MLKEM_N, rand + 1 * 25 * 8);
+    if (poly != NULL) {
+        mlkem_cbd_eta2(poly,               rand + 2 * 25 * 8);
+    }
+
+    return ret;
+}
+#endif
+#endif /* __aarch64__ && WOLFSSL_ARMASM */
+
+#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM))
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [in]       k     Number of polynomials in vector.
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [in]       eta1  Size of noise/error integers with first vector.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [in]       eta2  Size of noise/error integers with second vector.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+static int mlkem_get_noise_c(MLKEM_PRF_T* prf, int k, sword16* vec1, int eta1,
+    sword16* vec2, int eta2, sword16* poly, byte* seed)
+{
+    int ret = 0;
+    int i;
+
+    /* First noise generation has a seed with 0x00 appended. */
+    seed[WC_ML_KEM_SYM_SZ] = 0;
+    /* Generate noise as private key. */
+    for (i = 0; (ret == 0) && (i < k); i++) {
+        /* Generate noise for each dimension of vector. */
+        ret = mlkem_get_noise_eta1_c(prf, vec1 + i * MLKEM_N, seed, eta1);
+        /* Increment value of appended byte. */
+        seed[WC_ML_KEM_SYM_SZ]++;
+    }
+    if ((ret == 0) && (vec2 != NULL)) {
+        /* Generate noise for error. */
+        for (i = 0; (ret == 0) && (i < k); i++) {
+            /* Generate noise for each dimension of vector. */
+            ret = mlkem_get_noise_eta1_c(prf, vec2 + i * MLKEM_N, seed, eta2);
+            /* Increment value of appended byte. */
+            seed[WC_ML_KEM_SYM_SZ]++;
+        }
+    }
+    else {
+        seed[WC_ML_KEM_SYM_SZ] = 2 * k;
+    }
+    if ((ret == 0) && (poly != NULL)) {
+        /* Generating random error polynomial. */
+        ret = mlkem_get_noise_eta2_c(prf, poly, seed);
+    }
+
+    return ret;
+}
+
+#endif /* __aarch64__ && WOLFSSL_ARMASM */
+
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [in]       k     Number of polynomials in vector.
+ * @param  [out]      vec1  First Vector of polynomials.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [out]      poly  Polynomial.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @return  0 on success.
+ */
+int mlkem_get_noise(MLKEM_PRF_T* prf, int k, sword16* vec1, sword16* vec2,
+    sword16* poly, byte* seed)
+{
+    int ret;
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+    if (k == WC_ML_KEM_512_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = mlkem_get_noise_k2_aarch64(vec1, vec2, poly, seed);
+#else
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            ret = mlkem_get_noise_k2_avx2(prf, vec1, vec2, poly, seed);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        if (poly == NULL) {
+            ret = mlkem_get_noise_c(prf, k, vec1, MLKEM_CBD_ETA3, vec2,
+                MLKEM_CBD_ETA3, NULL, seed);
+        }
+        else {
+            ret = mlkem_get_noise_c(prf, k, vec1, MLKEM_CBD_ETA3, vec2,
+                MLKEM_CBD_ETA2, poly, seed);
+        }
+#endif
+    }
+    else
+#endif
+#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+    if (k == WC_ML_KEM_768_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = mlkem_get_noise_k3_aarch64(vec1, vec2, poly, seed);
+#else
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            ret = mlkem_get_noise_k3_avx2(vec1, vec2, poly, seed);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        {
+            ret = mlkem_get_noise_c(prf, k, vec1, MLKEM_CBD_ETA2, vec2,
+                MLKEM_CBD_ETA2, poly, seed);
+        }
+#endif
+    }
+    else
+#endif
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+    if (k == WC_ML_KEM_1024_K) {
+#if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
+        ret = mlkem_get_noise_k4_aarch64(vec1, vec2, poly, seed);
+#else
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            ret = mlkem_get_noise_k4_avx2(prf, vec1, vec2, poly, seed);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        {
+            ret = mlkem_get_noise_c(prf, k, vec1, MLKEM_CBD_ETA2, vec2,
+                MLKEM_CBD_ETA2, poly, seed);
+        }
+#endif
+    }
+    else
+#endif
+    {
+        ret = BAD_STATE_E;
+    }
+
+    (void)prf;
+
+    return ret;
+}
+
+#if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \
+    defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM)
+/* Get the noise/error by calculating random bytes and sampling to a binomial
+ * distribution.
+ *
+ * @param  [in, out]  prf   Pseudo-random function object.
+ * @param  [in]       k     Number of polynomials in vector.
+ * @param  [out]      vec2  Second Vector of polynomials.
+ * @param  [in]       seed  Seed to use when calculating random.
+ * @param  [in]       i     Index of vector to generate.
+ * @param  [in]       make  Indicates generation is for making a key.
+ * @return  0 on success.
+ */
+static int mlkem_get_noise_i(MLKEM_PRF_T* prf, int k, sword16* vec2,
+    byte* seed, int i, int make)
+{
+    int ret;
+
+    /* Initialize the PRF (generating matrix A leaves it in uninitialized
+     * state). */
+    mlkem_prf_init(prf);
+
+    /* Set index of polynomial of second vector into seed. */
+    seed[WC_ML_KEM_SYM_SZ] = k + i;
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
+    if ((k == WC_ML_KEM_512_K) && make) {
+        ret = mlkem_get_noise_eta1_c(prf, vec2, seed, MLKEM_CBD_ETA3);
+    }
+    else
+#endif
+    {
+        ret = mlkem_get_noise_eta1_c(prf, vec2, seed, MLKEM_CBD_ETA2);
+    }
+
+    (void)make;
+    return ret;
+}
+#endif
+
+/******************************************************************************/
+
+#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM))
+/* Compare two byte arrays of equal size.
+ *
+ * @param [in]  a   First array to compare.
+ * @param [in]  b   Second array to compare.
+ * @param [in]  sz  Size of arrays in bytes.
+ * @return  0 on success.
+ * @return  -1 on failure.
+ */
+static int mlkem_cmp_c(const byte* a, const byte* b, int sz)
+{
+    int i;
+    byte r = 0;
+
+    /* Constant time comparison of the encapsulated message and cipher text. */
+    for (i = 0; i < sz; i++) {
+        r |= a[i] ^ b[i];
+    }
+    return 0 - ((-(word32)r) >> 31);
+}
+#endif
+
+/* Compare two byte arrays of equal size.
+ *
+ * @param [in]  a   First array to compare.
+ * @param [in]  b   Second array to compare.
+ * @param [in]  sz  Size of arrays in bytes.
+ * @return  0 on success.
+ * @return  -1 on failure.
+ */
+int mlkem_cmp(const byte* a, const byte* b, int sz)
+{
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+    return mlkem_cmp_neon(a, b, sz);
+#else
+    int fail;
+
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        fail = mlkem_cmp_avx2(a, b, sz);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        fail = mlkem_cmp_c(a, b, sz);
+    }
+
+    return fail;
+#endif
+}
+
+/******************************************************************************/
+
+#if !defined(WOLFSSL_ARMASM)
+
+/* Conditional subtraction of q to each coefficient of a polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in, out]  p  Polynomial.
+ */
+static MLKEM_NOINLINE void mlkem_csubq_c(sword16* p)
+{
+    unsigned int i;
+
+    for (i = 0; i < MLKEM_N; ++i) {
+        sword16 t = p[i] - MLKEM_Q;
+        /* When top bit set, -ve number - need to add q back. */
+        p[i] = ((t >> 15) & MLKEM_Q) + t;
+    }
+}
+
+#elif defined(__aarch64__)
+
+/* Conditional subtraction of q to each coefficient of a polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in, out]  p  Polynomial.
+ */
+#define mlkem_csubq_c   mlkem_csubq_neon
+
+#elif defined(WOLFSSL_ARMASM_THUMB2)
+
+/* Conditional subtraction of q to each coefficient of a polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in, out]  p  Polynomial.
+ */
+#define mlkem_csubq_c   mlkem_thumb2_csubq
+
+#else
+
+/* Conditional subtraction of q to each coefficient of a polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in, out]  p  Polynomial.
+ */
+#define mlkem_csubq_c   mlkem_arm32_csubq
+
+#endif
+
+/******************************************************************************/
+
+#if defined(CONV_WITH_DIV) || !defined(WORD64_AVAILABLE)
+
+/* Compress value.
+ *
+ * Uses div operator that may be slow.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @param  [in]  s  Shift amount to apply to value being compressed.
+ * @param  [in]  m  Mask to apply get the require number of bits.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_VEC(v, i, j, k, s, m) \
+    ((((word32)v[i * MLKEM_N + j + k] << s) + MLKEM_Q_HALF) / MLKEM_Q) & m
+
+/* Compress value to 10 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_10(v, i, j, k) \
+    TO_COMP_WORD_VEC(v, i, j, k, 10, 0x3ff)
+
+/* Compress value to 11 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_11(v, i, j, k) \
+    TO_COMP_WORD_VEC(v, i, j, k, 11, 0x7ff)
+
+#else
+
+/* Multiplier that does div q.
+ * ((1 << 53) + MLKEM_Q_HALF) / MLKEM_Q
+ */
+#define MLKEM_V53         0x275f6ed0176UL
+/* Multiplier times half of q.
+ * MLKEM_V53 * (MLKEM_Q_HALF + 1)
+ */
+#define MLKEM_V53_HALF    0x10013afb768076UL
+
+/* Multiplier that does div q.
+ * ((1 << 54) + MLKEM_Q_HALF) / MLKEM_Q
+ */
+#define MLKEM_V54         0x4ebedda02ecUL
+/* Multiplier times half of q.
+ * MLKEM_V54 * (MLKEM_Q_HALF + 1)
+ */
+#define MLKEM_V54_HALF    0x200275f6ed00ecUL
+
+/* Compress value to 10 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_10(v, i, j, k) \
+    ((((MLKEM_V54 << 10) * (v)[(i) * MLKEM_N + (j) + (k)]) + \
+      MLKEM_V54_HALF) >> 54)
+
+/* Compress value to 11 bits.
+ *
+ * Uses mul instead of div.
+ * Only works for values in range: 0..3228
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_11(v, i, j, k) \
+    ((((MLKEM_V53 << 11) * (v)[(i) * MLKEM_N + (j) + (k)]) + \
+      MLKEM_V53_HALF) >> 53)
+
+#endif /* CONV_WITH_DIV */
+
+#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Compress the vector of polynomials into a byte array with 10 bits each.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b  Array of bytes.
+ * @param  [in]   v  Vector of polynomials.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void mlkem_vec_compress_10_c(byte* r, sword16* v, unsigned int k)
+{
+    unsigned int i;
+    unsigned int j;
+
+    for (i = 0; i < k; i++) {
+        /* Reduce each coefficient to mod q. */
+        mlkem_csubq_c(v + i * MLKEM_N);
+        /* All values are now positive. */
+    }
+
+    /* Each polynomial. */
+    for (i = 0; i < k; i++) {
+#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE) || \
+    defined(BIG_ENDIAN_ORDER)
+        /* Each 4 polynomial coefficients. */
+        for (j = 0; j < MLKEM_N; j += 4) {
+        #ifdef WOLFSSL_MLKEM_SMALL
+            unsigned int l;
+            sword16 t[4];
+            /* Compress four polynomial values to 10 bits each. */
+            for (l = 0; l < 4; l++) {
+                t[l] = TO_COMP_WORD_10(v, i, j, l);
+            }
+
+            /* Pack four 10-bit values into byte array. */
+            r[ 0] = (t[0] >> 0);
+            r[ 1] = (t[0] >> 8) | (t[1] << 2);
+            r[ 2] = (t[1] >> 6) | (t[2] << 4);
+            r[ 3] = (t[2] >> 4) | (t[3] << 6);
+            r[ 4] = (t[3] >> 2);
+        #else
+            /* Compress four polynomial values to 10 bits each. */
+            sword16 t0 = TO_COMP_WORD_10(v, i, j, 0);
+            sword16 t1 = TO_COMP_WORD_10(v, i, j, 1);
+            sword16 t2 = TO_COMP_WORD_10(v, i, j, 2);
+            sword16 t3 = TO_COMP_WORD_10(v, i, j, 3);
+
+            /* Pack four 10-bit values into byte array. */
+            r[ 0] = (t0 >> 0);
+            r[ 1] = (t0 >> 8) | (t1 << 2);
+            r[ 2] = (t1 >> 6) | (t2 << 4);
+            r[ 3] = (t2 >> 4) | (t3 << 6);
+            r[ 4] = (t3 >> 2);
+        #endif
+
+            /* Move over set bytes. */
+            r += 5;
+        }
+#else
+        /* Each 16 polynomial coefficients. */
+        for (j = 0; j < MLKEM_N; j += 16) {
+            /* Compress four polynomial values to 10 bits each. */
+            sword16 t0  = TO_COMP_WORD_10(v, i, j, 0);
+            sword16 t1  = TO_COMP_WORD_10(v, i, j, 1);
+            sword16 t2  = TO_COMP_WORD_10(v, i, j, 2);
+            sword16 t3  = TO_COMP_WORD_10(v, i, j, 3);
+            sword16 t4  = TO_COMP_WORD_10(v, i, j, 4);
+            sword16 t5  = TO_COMP_WORD_10(v, i, j, 5);
+            sword16 t6  = TO_COMP_WORD_10(v, i, j, 6);
+            sword16 t7  = TO_COMP_WORD_10(v, i, j, 7);
+            sword16 t8  = TO_COMP_WORD_10(v, i, j, 8);
+            sword16 t9  = TO_COMP_WORD_10(v, i, j, 9);
+            sword16 t10 = TO_COMP_WORD_10(v, i, j, 10);
+            sword16 t11 = TO_COMP_WORD_10(v, i, j, 11);
+            sword16 t12 = TO_COMP_WORD_10(v, i, j, 12);
+            sword16 t13 = TO_COMP_WORD_10(v, i, j, 13);
+            sword16 t14 = TO_COMP_WORD_10(v, i, j, 14);
+            sword16 t15 = TO_COMP_WORD_10(v, i, j, 15);
+
+            word32* r32 = (word32*)r;
+            /* Pack sixteen 10-bit values into byte array. */
+            r32[0] =  t0        | ((word32)t1  << 10) | ((word32)t2  << 20) |
+                                  ((word32)t3  << 30);
+            r32[1] = (t3  >> 2) | ((word32)t4  <<  8) | ((word32)t5  << 18) |
+                                  ((word32)t6  << 28);
+            r32[2] = (t6  >> 4) | ((word32)t7  <<  6) | ((word32)t8  << 16) |
+                                  ((word32)t9  << 26);
+            r32[3] = (t9  >> 6) | ((word32)t10 <<  4) | ((word32)t11 << 14) |
+                                  ((word32)t12 << 24);
+            r32[4] = (t12 >> 8) | ((word32)t13 <<  2) | ((word32)t14 << 12) |
+                                  ((word32)t15 << 22);
+
+            /* Move over set bytes. */
+            r += 20;
+        }
+#endif
+    }
+}
+
+/* Compress the vector of polynomials into a byte array with 10 bits each.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b  Array of bytes.
+ * @param  [in]   v  Vector of polynomials.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+void mlkem_vec_compress_10(byte* r, sword16* v, unsigned int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        mlkem_compress_10_avx2(r, v, k);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_vec_compress_10_c(r, v, k);
+    }
+}
+#endif
+
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Compress the vector of polynomials into a byte array with 11 bits each.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   v       Vector of polynomials.
+ */
+static void mlkem_vec_compress_11_c(byte* r, sword16* v)
+{
+    unsigned int i;
+    unsigned int j;
+#ifdef WOLFSSL_MLKEM_SMALL
+    unsigned int k;
+#endif
+
+    for (i = 0; i < 4; i++) {
+        /* Reduce each coefficient to mod q. */
+        mlkem_csubq_c(v + i * MLKEM_N);
+        /* All values are now positive. */
+    }
+
+    /* Each polynomial. */
+    for (i = 0; i < 4; i++) {
+        /* Each 8 polynomial coefficients. */
+        for (j = 0; j < MLKEM_N; j += 8) {
+        #ifdef WOLFSSL_MLKEM_SMALL
+            sword16 t[8];
+            /* Compress eight polynomial values to 11 bits each. */
+            for (k = 0; k < 8; k++) {
+                t[k] = TO_COMP_WORD_11(v, i, j, k);
+            }
+
+            /* Pack eight 11-bit values into byte array. */
+            r[ 0] = (t[0] >>  0);
+            r[ 1] = (t[0] >>  8) | (t[1] << 3);
+            r[ 2] = (t[1] >>  5) | (t[2] << 6);
+            r[ 3] = (t[2] >>  2);
+            r[ 4] = (t[2] >> 10) | (t[3] << 1);
+            r[ 5] = (t[3] >>  7) | (t[4] << 4);
+            r[ 6] = (t[4] >>  4) | (t[5] << 7);
+            r[ 7] = (t[5] >>  1);
+            r[ 8] = (t[5] >>  9) | (t[6] << 2);
+            r[ 9] = (t[6] >>  6) | (t[7] << 5);
+            r[10] = (t[7] >>  3);
+        #else
+            /* Compress eight polynomial values to 11 bits each. */
+            sword16 t0 = TO_COMP_WORD_11(v, i, j, 0);
+            sword16 t1 = TO_COMP_WORD_11(v, i, j, 1);
+            sword16 t2 = TO_COMP_WORD_11(v, i, j, 2);
+            sword16 t3 = TO_COMP_WORD_11(v, i, j, 3);
+            sword16 t4 = TO_COMP_WORD_11(v, i, j, 4);
+            sword16 t5 = TO_COMP_WORD_11(v, i, j, 5);
+            sword16 t6 = TO_COMP_WORD_11(v, i, j, 6);
+            sword16 t7 = TO_COMP_WORD_11(v, i, j, 7);
+
+            /* Pack eight 11-bit values into byte array. */
+            r[ 0] = (t0 >>  0);
+            r[ 1] = (t0 >>  8) | (t1 << 3);
+            r[ 2] = (t1 >>  5) | (t2 << 6);
+            r[ 3] = (t2 >>  2);
+            r[ 4] = (t2 >> 10) | (t3 << 1);
+            r[ 5] = (t3 >>  7) | (t4 << 4);
+            r[ 6] = (t4 >>  4) | (t5 << 7);
+            r[ 7] = (t5 >>  1);
+            r[ 8] = (t5 >>  9) | (t6 << 2);
+            r[ 9] = (t6 >>  6) | (t7 << 5);
+            r[10] = (t7 >>  3);
+        #endif
+
+            /* Move over set bytes. */
+            r += 11;
+        }
+    }
+}
+
+/* Compress the vector of polynomials into a byte array with 11 bits each.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   v       Vector of polynomials.
+ */
+void mlkem_vec_compress_11(byte* r, sword16* v)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        mlkem_compress_11_avx2(r, v, 4);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_vec_compress_11_c(r, v);
+    }
+}
+#endif
+#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE || !WOLFSSL_MLKEM_NO_DECAPSULATE */
+
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+/* Decompress a 10 bit value.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @param  [in]  t  Value to decompress.
+ * @return  Decompressed value.
+ */
+#define DECOMP_10(v, i, j, k, t) \
+    v[(i) * MLKEM_N + 4 * (j) + (k)] = \
+        (word16)((((word32)((t) & 0x3ff) * MLKEM_Q) + 512) >> 10)
+
+/* Decompress an 11 bit value.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index of polynomial in vector.
+ * @param  [in]  j  Index into polynomial.
+ * @param  [in]  k  Offset from indices.
+ * @param  [in]  t  Value to decompress.
+ * @return  Decompressed value.
+ */
+#define DECOMP_11(v, i, j, k, t) \
+    v[(i) * MLKEM_N + 8 * (j) + (k)] = \
+        (word16)((((word32)((t) & 0x7ff) * MLKEM_Q) + 1024) >> 11)
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Decompress the byte array of packed 10 bits into vector of polynomials.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  v  Vector of polynomials.
+ * @param  [in]   b  Array of bytes.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void mlkem_vec_decompress_10_c(sword16* v, const byte* b, unsigned int k)
+{
+    unsigned int i;
+    unsigned int j;
+#ifdef WOLFSSL_MLKEM_SMALL
+    unsigned int l;
+#endif
+
+    /* Each polynomial. */
+    for (i = 0; i < k; i++) {
+        /* Each 4 polynomial coefficients. */
+        for (j = 0; j < MLKEM_N / 4; j++) {
+        #ifdef WOLFSSL_MLKEM_SMALL
+            word16 t[4];
+            /* Extract out 4 values of 10 bits each. */
+            t[0] = (b[0] >> 0) | ((word16)b[ 1] << 8);
+            t[1] = (b[1] >> 2) | ((word16)b[ 2] << 6);
+            t[2] = (b[2] >> 4) | ((word16)b[ 3] << 4);
+            t[3] = (b[3] >> 6) | ((word16)b[ 4] << 2);
+            b += 5;
+
+            /* Decompress 4 values. */
+            for (l = 0; l < 4; l++) {
+                DECOMP_10(v, i, j, l, t[l]);
+            }
+        #else
+            /* Extract out 4 values of 10 bits each. */
+            sword16 t0 = (b[0] >> 0) | ((word16)b[ 1] << 8);
+            sword16 t1 = (b[1] >> 2) | ((word16)b[ 2] << 6);
+            sword16 t2 = (b[2] >> 4) | ((word16)b[ 3] << 4);
+            sword16 t3 = (b[3] >> 6) | ((word16)b[ 4] << 2);
+            b += 5;
+
+            /* Decompress 4 values. */
+            DECOMP_10(v, i, j, 0, t0);
+            DECOMP_10(v, i, j, 1, t1);
+            DECOMP_10(v, i, j, 2, t2);
+            DECOMP_10(v, i, j, 3, t3);
+        #endif
+        }
+    }
+}
+
+/* Decompress the byte array of packed 10 bits into vector of polynomials.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  v  Vector of polynomials.
+ * @param  [in]   b  Array of bytes.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+void mlkem_vec_decompress_10(sword16* v, const byte* b, unsigned int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        mlkem_decompress_10_avx2(v, b, k);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_vec_decompress_10_c(v, b, k);
+    }
+}
+#endif
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Decompress the byte array of packed 11 bits into vector of polynomials.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  v       Vector of polynomials.
+ * @param  [in]   b       Array of bytes.
+ */
+static void mlkem_vec_decompress_11_c(sword16* v, const byte* b)
+{
+    unsigned int i;
+    unsigned int j;
+#ifdef WOLFSSL_MLKEM_SMALL
+    unsigned int l;
+#endif
+
+    /* Each polynomial. */
+    for (i = 0; i < 4; i++) {
+        /* Each 8 polynomial coefficients. */
+        for (j = 0; j < MLKEM_N / 8; j++) {
+        #ifdef WOLFSSL_MLKEM_SMALL
+            word16 t[8];
+            /* Extract out 8 values of 11 bits each. */
+            t[0] = (b[0] >> 0) | ((word16)b[ 1] << 8);
+            t[1] = (b[1] >> 3) | ((word16)b[ 2] << 5);
+            t[2] = (b[2] >> 6) | ((word16)b[ 3] << 2) |
+                   ((word16)b[4] << 10);
+            t[3] = (b[4] >> 1) | ((word16)b[ 5] << 7);
+            t[4] = (b[5] >> 4) | ((word16)b[ 6] << 4);
+            t[5] = (b[6] >> 7) | ((word16)b[ 7] << 1) |
+                   ((word16)b[8] <<  9);
+            t[6] = (b[8] >> 2) | ((word16)b[ 9] << 6);
+            t[7] = (b[9] >> 5) | ((word16)b[10] << 3);
+            b += 11;
+
+            /* Decompress 8 values. */
+            for (l = 0; l < 8; l++) {
+                DECOMP_11(v, i, j, l, t[l]);
+            }
+        #else
+            /* Extract out 8 values of 11 bits each. */
+            sword16 t0 = (b[0] >> 0) | ((word16)b[ 1] << 8);
+            sword16 t1 = (b[1] >> 3) | ((word16)b[ 2] << 5);
+            sword16 t2 = (b[2] >> 6) | ((word16)b[ 3] << 2) |
+                   ((word16)b[4] << 10);
+            sword16 t3 = (b[4] >> 1) | ((word16)b[ 5] << 7);
+            sword16 t4 = (b[5] >> 4) | ((word16)b[ 6] << 4);
+            sword16 t5 = (b[6] >> 7) | ((word16)b[ 7] << 1) |
+                   ((word16)b[8] <<  9);
+            sword16 t6 = (b[8] >> 2) | ((word16)b[ 9] << 6);
+            sword16 t7 = (b[9] >> 5) | ((word16)b[10] << 3);
+            b += 11;
+
+            /* Decompress 8 values. */
+            DECOMP_11(v, i, j, 0, t0);
+            DECOMP_11(v, i, j, 1, t1);
+            DECOMP_11(v, i, j, 2, t2);
+            DECOMP_11(v, i, j, 3, t3);
+            DECOMP_11(v, i, j, 4, t4);
+            DECOMP_11(v, i, j, 5, t5);
+            DECOMP_11(v, i, j, 6, t6);
+            DECOMP_11(v, i, j, 7, t7);
+        #endif
+        }
+    }
+}
+
+/* Decompress the byte array of packed 11 bits into vector of polynomials.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  v       Vector of polynomials.
+ * @param  [in]   b       Array of bytes.
+ */
+void mlkem_vec_decompress_11(sword16* v, const byte* b)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        mlkem_decompress_11_avx2(v, b, 4);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_vec_decompress_11_c(v, b);
+    }
+}
+#endif
+#endif /* !WOLFSSL_MLKEM_NO_DECAPSULATE */
+
+#ifdef CONV_WITH_DIV
+
+/* Compress value.
+ *
+ * Uses div operator that may be slow.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  v  Vector of polynomials.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @param  [in]  s  Shift amount to apply to value being compressed.
+ * @param  [in]  m  Mask to apply get the require number of bits.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD(v, i, j, s, m) \
+    ((((word32)v[i + j] << s) + MLKEM_Q_HALF) / MLKEM_Q) & m
+
+/* Compress value to 4 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_4(p, i, j) \
+    TO_COMP_WORD(p, i, j, 4, 0xf)
+
+/* Compress value to 5 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_5(p, i, j) \
+    TO_COMP_WORD(p, i, j, 5, 0x1f)
+
+#else
+
+/* Multiplier that does div q. */
+#define MLKEM_V28         ((word32)(((1U << 28) + MLKEM_Q_HALF)) / MLKEM_Q)
+/* Multiplier times half of q. */
+#define MLKEM_V28_HALF    ((word32)(MLKEM_V28 * (MLKEM_Q_HALF + 1)))
+
+/* Multiplier that does div q. */
+#define MLKEM_V27         ((word32)(((1U << 27) + MLKEM_Q_HALF)) / MLKEM_Q)
+/* Multiplier times half of q. */
+#define MLKEM_V27_HALF    ((word32)(MLKEM_V27 * MLKEM_Q_HALF))
+
+/* Compress value to 4 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_4(p, i, j) \
+    ((((MLKEM_V28 << 4) * (p)[(i) + (j)]) + MLKEM_V28_HALF) >> 28)
+
+/* Compress value to 5 bits.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @return  Compressed value.
+ */
+#define TO_COMP_WORD_5(p, i, j) \
+    ((((MLKEM_V27 << 5) * (p)[(i) + (j)]) + MLKEM_V27_HALF) >> 27)
+
+#endif /* CONV_WITH_DIV */
+
+#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Compress a polynomial into byte array - on coefficients into 4 bits.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   p       Polynomial.
+ */
+static void mlkem_compress_4_c(byte* b, sword16* p)
+{
+    unsigned int i;
+#ifdef WOLFSSL_MLKEM_SMALL
+    unsigned int j;
+    byte t[8];
+#endif
+
+    /* Reduce each coefficients to mod q. */
+    mlkem_csubq_c(p);
+    /* All values are now positive. */
+
+    /* Each 8 polynomial coefficients. */
+    for (i = 0; i < MLKEM_N; i += 8) {
+    #ifdef WOLFSSL_MLKEM_SMALL
+        /* Compress eight polynomial values to 4 bits each. */
+        for (j = 0; j < 8; j++) {
+            t[j] = TO_COMP_WORD_4(p, i, j);
+        }
+
+        b[0] = t[0] | (t[1] << 4);
+        b[1] = t[2] | (t[3] << 4);
+        b[2] = t[4] | (t[5] << 4);
+        b[3] = t[6] | (t[7] << 4);
+    #else
+        /* Compress eight polynomial values to 4 bits each. */
+        byte t0 = TO_COMP_WORD_4(p, i, 0);
+        byte t1 = TO_COMP_WORD_4(p, i, 1);
+        byte t2 = TO_COMP_WORD_4(p, i, 2);
+        byte t3 = TO_COMP_WORD_4(p, i, 3);
+        byte t4 = TO_COMP_WORD_4(p, i, 4);
+        byte t5 = TO_COMP_WORD_4(p, i, 5);
+        byte t6 = TO_COMP_WORD_4(p, i, 6);
+        byte t7 = TO_COMP_WORD_4(p, i, 7);
+
+        /* Pack eight 4-bit values into byte array. */
+        b[0] = t0 | (t1 << 4);
+        b[1] = t2 | (t3 << 4);
+        b[2] = t4 | (t5 << 4);
+        b[3] = t6 | (t7 << 4);
+    #endif
+
+        /* Move over set bytes. */
+        b += 4;
+    }
+}
+
+/* Compress a polynomial into byte array - on coefficients into 4 bits.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   p       Polynomial.
+ */
+void mlkem_compress_4(byte* b, sword16* p)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        mlkem_compress_4_avx2(b, p);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_compress_4_c(b, p);
+    }
+}
+#endif
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Compress a polynomial into byte array - on coefficients into 5 bits.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   p       Polynomial.
+ */
+static void mlkem_compress_5_c(byte* b, sword16* p)
+{
+    unsigned int i;
+#ifdef WOLFSSL_MLKEM_SMALL
+    unsigned int j;
+    byte t[8];
+#endif
+
+    /* Reduce each coefficients to mod q. */
+    mlkem_csubq_c(p);
+    /* All values are now positive. */
+
+    for (i = 0; i < MLKEM_N; i += 8) {
+    #ifdef WOLFSSL_MLKEM_SMALL
+        /* Compress eight polynomial values to 5 bits each. */
+        for (j = 0; j < 8; j++) {
+            t[j] = TO_COMP_WORD_5(p, i, j);
+        }
+
+        /* Pack 5 bits into byte array. */
+        b[0] = (t[0] >> 0) | (t[1] << 5);
+        b[1] = (t[1] >> 3) | (t[2] << 2) | (t[3] << 7);
+        b[2] = (t[3] >> 1) | (t[4] << 4);
+        b[3] = (t[4] >> 4) | (t[5] << 1) | (t[6] << 6);
+        b[4] = (t[6] >> 2) | (t[7] << 3);
+    #else
+        /* Compress eight polynomial values to 5 bits each. */
+        byte t0 = TO_COMP_WORD_5(p, i, 0);
+        byte t1 = TO_COMP_WORD_5(p, i, 1);
+        byte t2 = TO_COMP_WORD_5(p, i, 2);
+        byte t3 = TO_COMP_WORD_5(p, i, 3);
+        byte t4 = TO_COMP_WORD_5(p, i, 4);
+        byte t5 = TO_COMP_WORD_5(p, i, 5);
+        byte t6 = TO_COMP_WORD_5(p, i, 6);
+        byte t7 = TO_COMP_WORD_5(p, i, 7);
+
+        /* Pack eight 5-bit values into byte array. */
+        b[0] = (t0 >> 0) | (t1 << 5);
+        b[1] = (t1 >> 3) | (t2 << 2) | (t3 << 7);
+        b[2] = (t3 >> 1) | (t4 << 4);
+        b[3] = (t4 >> 4) | (t5 << 1) | (t6 << 6);
+        b[4] = (t6 >> 2) | (t7 << 3);
+    #endif
+
+        /* Move over set bytes. */
+        b += 5;
+    }
+}
+
+/* Compress a polynomial into byte array - on coefficients into 5 bits.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  b       Array of bytes.
+ * @param  [in]   p       Polynomial.
+ */
+void mlkem_compress_5(byte* b, sword16* p)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        mlkem_compress_5_avx2(b, p);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_compress_5_c(b, p);
+    }
+}
+#endif
+#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE || !WOLFSSL_MLKEM_NO_DECAPSULATE */
+
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+/* Decompress a 4 bit value.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @param  [in]  t  Value to decompress.
+ * @return  Decompressed value.
+ */
+#define DECOMP_4(p, i, j, t) \
+    p[(i) + (j)] = ((word16)((t) * MLKEM_Q) + 8) >> 4
+
+/* Decompress a 5 bit value.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [in]  p  Polynomial.
+ * @param  [in]  i  Index into polynomial.
+ * @param  [in]  j  Offset from indices.
+ * @param  [in]  t  Value to decompress.
+ * @return  Decompressed value.
+ */
+#define DECOMP_5(p, i, j, t) \
+    p[(i) + (j)] = (((word32)((t) & 0x1f) * MLKEM_Q) + 16) >> 5
+
+#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \
+    defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768)
+/* Decompress the byte array of packed 4 bits into polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  p       Polynomial.
+ * @param  [in]   b       Array of bytes.
+ */
+static void mlkem_decompress_4_c(sword16* p, const byte* b)
+{
+    unsigned int i;
+
+    /* 2 coefficients at a time. */
+    for (i = 0; i < MLKEM_N; i += 2) {
+        /* 2 coefficients decompressed from one byte. */
+        DECOMP_4(p, i, 0, b[0] & 0xf);
+        DECOMP_4(p, i, 1, b[0] >>  4);
+        b += 1;
+    }
+}
+
+/* Decompress the byte array of packed 4 bits into polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  p       Polynomial.
+ * @param  [in]   b       Array of bytes.
+ */
+void mlkem_decompress_4(sword16* p, const byte* b)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        mlkem_decompress_4_avx2(p, b);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_decompress_4_c(p, b);
+    }
+}
+#endif
+#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024)
+/* Decompress the byte array of packed 5 bits into polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  p       Polynomial.
+ * @param  [in]   b       Array of bytes.
+ */
+static void mlkem_decompress_5_c(sword16* p, const byte* b)
+{
+    unsigned int i;
+
+    /* Each 8 polynomial coefficients. */
+    for (i = 0; i < MLKEM_N; i += 8) {
+    #ifdef WOLFSSL_MLKEM_SMALL
+        unsigned int j;
+        byte t[8];
+
+        /* Extract out 8 values of 5 bits each. */
+        t[0] = (b[0] >> 0);
+        t[1] = (b[0] >> 5) | (b[1] << 3);
+        t[2] = (b[1] >> 2);
+        t[3] = (b[1] >> 7) | (b[2] << 1);
+        t[4] = (b[2] >> 4) | (b[3] << 4);
+        t[5] = (b[3] >> 1);
+        t[6] = (b[3] >> 6) | (b[4] << 2);
+        t[7] = (b[4] >> 3);
+        b += 5;
+
+        /* Decompress 8 values. */
+        for (j = 0; j < 8; j++) {
+            DECOMP_5(p, i, j, t[j]);
+        }
+    #else
+        /* Extract out 8 values of 5 bits each. */
+        byte t0 = (b[0] >> 0);
+        byte t1 = (b[0] >> 5) | (b[1] << 3);
+        byte t2 = (b[1] >> 2);
+        byte t3 = (b[1] >> 7) | (b[2] << 1);
+        byte t4 = (b[2] >> 4) | (b[3] << 4);
+        byte t5 = (b[3] >> 1);
+        byte t6 = (b[3] >> 6) | (b[4] << 2);
+        byte t7 = (b[4] >> 3);
+        b += 5;
+
+        /* Decompress 8 values. */
+        DECOMP_5(p, i, 0, t0);
+        DECOMP_5(p, i, 1, t1);
+        DECOMP_5(p, i, 2, t2);
+        DECOMP_5(p, i, 3, t3);
+        DECOMP_5(p, i, 4, t4);
+        DECOMP_5(p, i, 5, t5);
+        DECOMP_5(p, i, 6, t6);
+        DECOMP_5(p, i, 7, t7);
+    #endif
+    }
+}
+
+/* Decompress the byte array of packed 5 bits into polynomial.
+ *
+ * FIPS 203, Section 4.2.1, Compression and decompression
+ *
+ * @param  [out]  p       Polynomial.
+ * @param  [in]   b       Array of bytes.
+ */
+void mlkem_decompress_5(sword16* p, const byte* b)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        mlkem_decompress_5_avx2(p, b);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_decompress_5_c(p, b);
+    }
+}
+#endif
+#endif /* !WOLFSSL_MLKEM_NO_DECAPSULATE */
+
+/******************************************************************************/
+
+#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM))
+#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+/* Convert bit from byte to 0 or (MLKEM_Q + 1) / 2.
+ *
+ * Constant time implementation.
+ * XOR in mlkem_opt_blocker to ensure optimizer doesn't know what will be ANDed
+ * with MLKEM_Q_1_HALF and can't optimize to non-constant time code.
+ *
+ * FIPS 203, Algorithm 6: ByteDecode_d(B)
+ *
+ * @param  [out]  p    Polynomial to hold converted value.
+ * @param  [in]   msg  Message to get bit from byte from.
+ * @param  [in]   i    Index of byte from message.
+ * @param  [in]   j    Index of bit in byte.
+ */
+#define FROM_MSG_BIT(p, msg, i, j) \
+    ((p)[8 * (i) + (j)] = (((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) ^ \
+                          mlkem_opt_blocker) & MLKEM_Q_1_HALF)
+
+/* Convert message to polynomial.
+ *
+ * FIPS 203, Algorithm 6: ByteDecode_d(B)
+ *
+ * @param  [out]  p    Polynomial.
+ * @param  [in]   msg  Message as a byte array.
+ */
+static void mlkem_from_msg_c(sword16* p, const byte* msg)
+{
+    unsigned int i;
+
+    /* For each byte of the message. */
+    for (i = 0; i < MLKEM_N / 8; i++) {
+    #ifdef WOLFSSL_MLKEM_SMALL
+        unsigned int j;
+        /* For each bit of the message. */
+        for (j = 0; j < 8; j++) {
+            FROM_MSG_BIT(p, msg, i, j);
+        }
+    #else
+        FROM_MSG_BIT(p, msg, i, 0);
+        FROM_MSG_BIT(p, msg, i, 1);
+        FROM_MSG_BIT(p, msg, i, 2);
+        FROM_MSG_BIT(p, msg, i, 3);
+        FROM_MSG_BIT(p, msg, i, 4);
+        FROM_MSG_BIT(p, msg, i, 5);
+        FROM_MSG_BIT(p, msg, i, 6);
+        FROM_MSG_BIT(p, msg, i, 7);
+    #endif
+    }
+}
+
+/* Convert message to polynomial.
+ *
+ * FIPS 203, Algorithm 6: ByteDecode_d(B)
+ *
+ * @param  [out]  p    Polynomial.
+ * @param  [in]   msg  Message as a byte array.
+ */
+void mlkem_from_msg(sword16* p, const byte* msg)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        mlkem_from_msg_avx2(p, msg);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_from_msg_c(p, msg);
+    }
+}
+#endif
+
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+#ifdef CONV_WITH_DIV
+
+/* Convert to value to bit.
+ *
+ * Uses div operator that may be slow.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  m   Message.
+ * @param  [in]   p   Polynomial.
+ * @param  [in]   i   Index of byte in message.
+ * @param  [in]   j   Index of bit in byte.
+ */
+#define TO_MSG_BIT(m, p, i, j) \
+    m[i] |= (((((sword16)p[8 * i + j] << 1) + MLKEM_Q_HALF) / MLKEM_Q) & 1) << j
+
+#else
+
+/* Multiplier that does div q. */
+#define MLKEM_V31       (((1U << 31) + (MLKEM_Q / 2)) / MLKEM_Q)
+/* 2 * multiplier that does div q. Only need bit 32 of result. */
+#define MLKEM_V31_2     ((word32)(MLKEM_V31 * 2))
+/* Multiplier times half of q. */
+#define MLKEM_V31_HALF    ((word32)(MLKEM_V31 * MLKEM_Q_HALF))
+
+/* Convert to value to bit.
+ *
+ * Uses mul instead of div.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  m   Message.
+ * @param  [in]   p   Polynomial.
+ * @param  [in]   i   Index of byte in message.
+ * @param  [in]   j   Index of bit in byte.
+ */
+#define TO_MSG_BIT(m, p, i, j) \
+    (m)[i] |= ((word32)((MLKEM_V31_2 * (p)[8 * (i) + (j)]) + \
+                        MLKEM_V31_HALF) >> 31) << (j)
+
+#endif /* CONV_WITH_DIV */
+
+/* Convert polynomial to message.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  msg  Message as a byte array.
+ * @param  [in]   p    Polynomial.
+ */
+static void mlkem_to_msg_c(byte* msg, sword16* p)
+{
+    unsigned int i;
+
+    /* Reduce each coefficient to mod q. */
+    mlkem_csubq_c(p);
+    /* All values are now in range. */
+
+    for (i = 0; i < MLKEM_N / 8; i++) {
+    #ifdef WOLFSSL_MLKEM_SMALL
+        unsigned int j;
+        msg[i] = 0;
+        for (j = 0; j < 8; j++) {
+            TO_MSG_BIT(msg, p, i, j);
+        }
+    #else
+        msg[i] = 0;
+        TO_MSG_BIT(msg, p, i, 0);
+        TO_MSG_BIT(msg, p, i, 1);
+        TO_MSG_BIT(msg, p, i, 2);
+        TO_MSG_BIT(msg, p, i, 3);
+        TO_MSG_BIT(msg, p, i, 4);
+        TO_MSG_BIT(msg, p, i, 5);
+        TO_MSG_BIT(msg, p, i, 6);
+        TO_MSG_BIT(msg, p, i, 7);
+    #endif
+    }
+}
+
+/* Convert polynomial to message.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  msg  Message as a byte array.
+ * @param  [in]   p    Polynomial.
+ */
+void mlkem_to_msg(byte* msg, sword16* p)
+{
+#ifdef USE_INTEL_SPEEDUP
+     if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        /* Convert the polynomial into a array of bytes (message). */
+        mlkem_to_msg_avx2(msg, p);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_to_msg_c(msg, p);
+    }
+}
+#endif /* !WOLFSSL_MLKEM_NO_DECAPSULATE */
+#else
+#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+/* Convert message to polynomial.
+ *
+ * FIPS 203, Algorithm 6: ByteDecode_d(B)
+ *
+ * @param  [out]  p    Polynomial.
+ * @param  [in]   msg  Message as a byte array.
+ */
+void mlkem_from_msg(sword16* p, const byte* msg)
+{
+    mlkem_from_msg_neon(p, msg);
+}
+#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE || !WOLFSSL_MLKEM_NO_DECAPSULATE */
+
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+/* Convert polynomial to message.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  msg  Message as a byte array.
+ * @param  [in]   p    Polynomial.
+ */
+void mlkem_to_msg(byte* msg, sword16* p)
+{
+    mlkem_to_msg_neon(msg, p);
+}
+#endif /* WOLFSSL_MLKEM_NO_DECAPSULATE */
+#endif /* !(__aarch64__ && WOLFSSL_ARMASM) */
+
+/******************************************************************************/
+
+/* Convert bytes to polynomial.
+ *
+ * Consecutive 12 bits hold each coefficient of polynomial.
+ * Used in decoding private and public keys.
+ *
+ * FIPS 203, Algorithm 6: ByteDecode_d(B)
+ *
+ * @param  [out]  p  Vector of polynomials.
+ * @param  [in]   b  Array of bytes.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void mlkem_from_bytes_c(sword16* p, const byte* b, int k)
+{
+    int i;
+    int j;
+
+    for (j = 0; j < k; j++) {
+        for (i = 0; i < MLKEM_N / 2; i++) {
+            p[2 * i + 0] = ((b[3 * i + 0] >> 0) |
+                            ((word16)b[3 * i + 1] << 8)) & 0xfff;
+            p[2 * i + 1] = ((b[3 * i + 1] >> 4) |
+                            ((word16)b[3 * i + 2] << 4)) & 0xfff;
+        }
+        p += MLKEM_N;
+        b += WC_ML_KEM_POLY_SIZE;
+    }
+}
+
+/* Convert bytes to polynomial.
+ *
+ * Consecutive 12 bits hold each coefficient of polynomial.
+ * Used in decoding private and public keys.
+ *
+ * FIPS 203, Algorithm 6: ByteDecode_d(B)
+ *
+ * @param  [out]  p  Vector of polynomials.
+ * @param  [in]   b  Array of bytes.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+void mlkem_from_bytes(sword16* p, const byte* b, int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+     if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        int i;
+
+        for (i = 0; i < k; i++) {
+            mlkem_from_bytes_avx2(p, b);
+            p += MLKEM_N;
+            b += WC_ML_KEM_POLY_SIZE;
+        }
+
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_from_bytes_c(p, b, k);
+    }
+}
+
+/* Convert polynomial to bytes.
+ *
+ * Consecutive 12 bits hold each coefficient of polynomial.
+ * Used in encoding private and public keys.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  b  Array of bytes.
+ * @param  [in]   p  Polynomial.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+static void mlkem_to_bytes_c(byte* b, sword16* p, int k)
+{
+    int i;
+    int j;
+
+    /* Reduce each coefficient to mod q. */
+    mlkem_csubq_c(p);
+    /* All values are now positive. */
+
+    for (j = 0; j < k; j++) {
+        for (i = 0; i < MLKEM_N / 2; i++) {
+            word16 t0 = p[2 * i];
+            word16 t1 = p[2 * i + 1];
+            b[3 * i + 0] = (t0 >> 0);
+            b[3 * i + 1] = (t0 >> 8) | t1 << 4;
+            b[3 * i + 2] = (t1 >> 4);
+        }
+        p += MLKEM_N;
+        b += WC_ML_KEM_POLY_SIZE;
+    }
+}
+
+/* Convert polynomial to bytes.
+ *
+ * Consecutive 12 bits hold each coefficient of polynomial.
+ * Used in encoding private and public keys.
+ *
+ * FIPS 203, Algorithm 6: ByteEncode_d(F)
+ *
+ * @param  [out]  b  Array of bytes.
+ * @param  [in]   p  Polynomial.
+ * @param  [in]   k  Number of polynomials in vector.
+ */
+void mlkem_to_bytes(byte* b, sword16* p, int k)
+{
+#ifdef USE_INTEL_SPEEDUP
+     if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        int i;
+
+        for (i = 0; i < k; i++) {
+            mlkem_to_bytes_avx2(b, p);
+            p += MLKEM_N;
+            b += WC_ML_KEM_POLY_SIZE;
+        }
+
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        mlkem_to_bytes_c(b, p, k);
+    }
+}
+
+#endif /* WOLFSSL_WC_MLKEM */
diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c
index 78d78dc1a..efacd746f 100644
--- a/wolfcrypt/src/wc_pkcs11.c
+++ b/wolfcrypt/src/wc_pkcs11.c
@@ -1,6 +1,6 @@
 /* wc_pkcs11.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,11 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_PKCS11
 
@@ -32,9 +28,7 @@
 #endif
 
 #include <wolfssl/wolfcrypt/wc_pkcs11.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/asn.h>
-#include <wolfssl/wolfcrypt/logging.h>
 #ifndef NO_RSA
     #include <wolfssl/wolfcrypt/rsa.h>
 #endif
@@ -108,6 +102,8 @@ static CK_OBJECT_CLASS privKeyClass    = CKO_PRIVATE_KEY;
 static CK_OBJECT_CLASS secretKeyClass  = CKO_SECRET_KEY;
 #endif
 
+static CK_OBJECT_CLASS certClass  = CKO_CERTIFICATE;
+
 #ifdef WOLFSSL_DEBUG_PKCS11
 /* Enable logging of PKCS#11 calls and return value. */
 #define PKCS11_RV(op, rv)       pkcs11_rv(op, rv)
@@ -240,6 +236,10 @@ static void pkcs11_dump_template(const char* name, CK_ATTRIBUTE* templ,
                 XSNPRINTF(line, sizeof(line), "%25s: SECRET", type);
                 WOLFSSL_MSG(line);
             }
+            else if (keyClass == CKO_CERTIFICATE) {
+                XSNPRINTF(line, sizeof(line), "%25s: CERTIFICATE", type);
+                WOLFSSL_MSG(line);
+            }
             else
             {
                 XSNPRINTF(line, sizeof(line), "%25s: UNKNOWN (%p)", type,
@@ -552,7 +552,7 @@ static int Pkcs11Slot_FindByTokenName(Pkcs11Dev* dev,
             PKCS11_RV("C_GetTokenInfo", rv);
             if (rv == CKR_OK &&
                 XMEMCMP(tinfo.label, tokenName, tokenNameSz) == 0) {
-                ret =  slot[index];
+                ret =  (int)slot[index];
                 break;
             }
         }
@@ -657,7 +657,7 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
         tokenNameSz = XSTRLEN(tokenName);
     }
     ret = Pkcs11Token_Init(token, dev, slotId, tokenName, tokenNameSz);
-    if (ret == 0) {
+    if (ret == 0 && userPin != NULL) {
         token->userPin = (CK_UTF8CHAR_PTR)userPin;
         token->userPinSz = (CK_ULONG)userPinSz;
         token->userPinLogin = 1;
@@ -708,7 +708,7 @@ int wc_Pkcs11Token_InitName(Pkcs11Token* token, Pkcs11Dev* dev,
     const unsigned char* userPin, int userPinSz)
 {
     int ret = Pkcs11Token_Init(token, dev, -1, tokenName, (size_t)tokenNameSz);
-    if (ret == 0) {
+    if (ret == 0 && userPin != NULL) {
         token->userPin = (CK_UTF8CHAR_PTR)userPin;
         token->userPinSz = (CK_ULONG)userPinSz;
         token->userPinLogin = 1;
@@ -1413,7 +1413,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
     #ifdef HAVE_ECC
             case PKCS11_KEY_TYPE_EC: {
                 ecc_key* eccKey = (ecc_key*)key;
-                int      ret2 = NOT_COMPILED_IN;
+                int      ret2 = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
 
         #ifndef NO_PKCS11_ECDH
                 if ((eccKey->flags & WC_ECC_FLAG_DEC_SIGN) == 0) {
@@ -1463,7 +1463,8 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
 }
 
 #if !defined(NO_RSA) || defined(HAVE_ECC) || (!defined(NO_AES) && \
-           (defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || !defined(NO_HMAC)
+           (defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || \
+           !defined(NO_HMAC) || !defined(NO_CERTS)
 
 /**
  * Find the PKCS#11 object containing key data using template.
@@ -1809,6 +1810,84 @@ static int Pkcs11RsaPrivateKey(Pkcs11Session* session, RsaKey* rsaKey,
     return ret;
 }
 
+/**
+ * Get the hash length associated with the WolfCrypt hash type.
+ *
+ * @param  [in]   hType   Hash Type.
+ * @return  -1 if hash type not recognized.
+ * @return  hash length on success.
+ */
+int wc_hash2sz(int hType)
+{
+    switch(hType) {
+    case WC_HASH_TYPE_SHA:
+        return 20;
+    case WC_HASH_TYPE_SHA224:
+        return 24;
+    case WC_HASH_TYPE_SHA256:
+        return 32;
+    case WC_HASH_TYPE_SHA384:
+        return 48;
+    case WC_HASH_TYPE_SHA512:
+        return 64;
+    default:
+        /* unsupported WC_HASH_TYPE_XXXX */
+        return -1;
+    }
+}
+
+/**
+ * Get PKCS11 hash mechanism associated with the WolfCrypt hash type.
+ *
+ * @param  [in]   hType   Hash Type.
+ * @return  0 if hash type not recognized.
+ * @return  PKCS11 mechanism on success.
+ */
+CK_MECHANISM_TYPE wc_hash2ckm(int hType)
+{
+    switch(hType) {
+    case WC_HASH_TYPE_SHA:
+        return CKM_SHA_1;
+    case WC_HASH_TYPE_SHA224:
+        return CKM_SHA224;
+    case WC_HASH_TYPE_SHA256:
+        return CKM_SHA256;
+    case WC_HASH_TYPE_SHA384:
+        return CKM_SHA384;
+    case WC_HASH_TYPE_SHA512:
+        return CKM_SHA512;
+    default:
+        /* unsupported WC_HASH_TYPE_XXXX */
+        return 0UL;
+    }
+}
+
+/**
+ * Get PKCS11 MGF hash mechanism associated with the WolfCrypt MGF hash type.
+ *
+ * @param  [in]   mgf   MGF Type.
+ * @return  0 if MGF type not recognized.
+ * @return  PKCS11 MGF hash mechanism on success.
+ */
+CK_MECHANISM_TYPE wc_mgf2ckm(int mgf)
+{
+    switch(mgf) {
+    case WC_MGF1SHA1:
+        return CKG_MGF1_SHA1;
+    case WC_MGF1SHA224:
+        return CKG_MGF1_SHA224;
+    case WC_MGF1SHA256:
+        return CKG_MGF1_SHA256;
+    case WC_MGF1SHA384:
+        return CKG_MGF1_SHA384;
+    case WC_MGF1SHA512:
+        return CKG_MGF1_SHA512;
+    default:
+        /* unsupported WC_MGF1XXXX */
+        return 0x0UL;
+    }
+}
+
 /**
  * Exponentiate the input with the public part of the RSA key.
  * Used in public encrypt and decrypt.
@@ -1822,9 +1901,13 @@ static int Pkcs11RsaEncrypt(Pkcs11Session* session, wc_CryptoInfo* info,
                             CK_OBJECT_HANDLE key)
 {
     int              ret = 0;
+    CK_MECHANISM_TYPE mechanism = 0x0UL;
     CK_RV            rv;
     CK_MECHANISM     mech;
     CK_ULONG         outLen;
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    CK_RSA_PKCS_OAEP_PARAMS oaepParams;
+#endif
 
     WOLFSSL_MSG("PKCS#11: RSA Public Key Operation");
 
@@ -1832,12 +1915,37 @@ static int Pkcs11RsaEncrypt(Pkcs11Session* session, wc_CryptoInfo* info,
         ret = BAD_FUNC_ARG;
     }
 
+    switch(info->pk.type) {
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    case WC_PK_TYPE_RSA_PKCS:
+        mechanism = CKM_RSA_PKCS;
+        break;
+    case WC_PK_TYPE_RSA_OAEP:
+        mechanism = CKM_RSA_PKCS_OAEP;
+        break;
+#endif
+    case WC_PK_TYPE_RSA:
+        mechanism = CKM_RSA_X_509;
+        break;
+    }
+
     if (ret == 0) {
         /* Raw RSA encrypt/decrypt operation. */
-        mech.mechanism      = CKM_RSA_X_509;
+        mech.mechanism      = mechanism;
         mech.ulParameterLen = 0;
         mech.pParameter     = NULL;
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+        if (mechanism == CKM_RSA_PKCS_OAEP) {
+            XMEMSET(&oaepParams, 0, sizeof(oaepParams));
+            mech.ulParameterLen = sizeof(CK_RSA_PKCS_OAEP_PARAMS);
+            mech.pParameter = &oaepParams;
+            oaepParams.source = CKZ_DATA_SPECIFIED;
+            oaepParams.hashAlg = wc_hash2ckm(info->pk.rsa.padding->hash);
+            oaepParams.mgf = wc_mgf2ckm(info->pk.rsa.padding->mgf);
+        }
+#endif
+
         rv = session->func->C_EncryptInit(session->handle, &mech, key);
         PKCS11_RV("C_EncryptInit", rv);
         if (rv != CKR_OK) {
@@ -1875,9 +1983,13 @@ static int Pkcs11RsaDecrypt(Pkcs11Session* session, wc_CryptoInfo* info,
                             CK_OBJECT_HANDLE key)
 {
     int              ret = 0;
+    CK_MECHANISM_TYPE mechanism = 0x0UL;
     CK_RV            rv;
     CK_MECHANISM     mech;
     CK_ULONG         outLen;
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    CK_RSA_PKCS_OAEP_PARAMS oaepParams;
+#endif
 
     WOLFSSL_MSG("PKCS#11: RSA Private Key Operation");
 
@@ -1885,12 +1997,37 @@ static int Pkcs11RsaDecrypt(Pkcs11Session* session, wc_CryptoInfo* info,
         ret = BAD_FUNC_ARG;
     }
 
+    switch(info->pk.type) {
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    case WC_PK_TYPE_RSA_PKCS:
+        mechanism = CKM_RSA_PKCS;
+        break;
+    case WC_PK_TYPE_RSA_OAEP:
+        mechanism = CKM_RSA_PKCS_OAEP;
+        break;
+#endif
+    case WC_PK_TYPE_RSA:
+        mechanism = CKM_RSA_X_509;
+        break;
+    }
+
     if (ret == 0) {
         /* Raw RSA encrypt/decrypt operation. */
-        mech.mechanism      = CKM_RSA_X_509;
+        mech.mechanism      = mechanism;
         mech.ulParameterLen = 0;
         mech.pParameter     = NULL;
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+        if (mechanism == CKM_RSA_PKCS_OAEP) {
+            XMEMSET(&oaepParams, 0, sizeof(oaepParams));
+            mech.ulParameterLen = sizeof(CK_RSA_PKCS_OAEP_PARAMS);
+            mech.pParameter = &oaepParams;
+            oaepParams.source = CKZ_DATA_SPECIFIED;
+            oaepParams.hashAlg = wc_hash2ckm(info->pk.rsa.padding->hash);
+            oaepParams.mgf = wc_mgf2ckm(info->pk.rsa.padding->mgf);
+        }
+#endif
+
         rv = session->func->C_DecryptInit(session->handle, &mech, key);
         PKCS11_RV("C_DecryptInit", rv);
         if (rv != CKR_OK) {
@@ -1933,6 +2070,12 @@ static int Pkcs11RsaSign(Pkcs11Session* session, wc_CryptoInfo* info,
     CK_RV            rv;
     CK_MECHANISM     mech;
     CK_ULONG         outLen;
+    CK_MECHANISM_TYPE      mechanism;
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    CK_RSA_PKCS_PSS_PARAMS pssParams;
+    int hLen;
+    int saltLen;
+#endif
 
     WOLFSSL_MSG("PKCS#11: RSA Private Key Operation");
 
@@ -1940,12 +2083,67 @@ static int Pkcs11RsaSign(Pkcs11Session* session, wc_CryptoInfo* info,
         ret = BAD_FUNC_ARG;
     }
 
+    switch(info->pk.type) {
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+    case WC_PK_TYPE_RSA_PKCS:
+        mechanism = CKM_RSA_PKCS;
+        break;
+    case WC_PK_TYPE_RSA_PSS:
+        mechanism = CKM_RSA_PKCS_PSS;
+        break;
+#endif /* WOLF_CRYPTO_CB_RSA_PAD */
+    default:
+        mechanism = CKM_RSA_X_509;
+        break;
+    }
+
     if (ret == 0) {
         /* Raw RSA encrypt/decrypt operation. */
-        mech.mechanism      = CKM_RSA_X_509;
+        mech.mechanism      = mechanism;
         mech.ulParameterLen = 0;
         mech.pParameter     = NULL;
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+        if (mechanism == CKM_RSA_PKCS_PSS) {
+            mech.ulParameterLen = sizeof(CK_RSA_PKCS_PSS_PARAMS);
+            mech.pParameter = &pssParams;
+            pssParams.hashAlg = wc_hash2ckm(info->pk.rsa.padding->hash);
+            pssParams.mgf = wc_mgf2ckm(info->pk.rsa.padding->mgf);
+
+            saltLen = info->pk.rsa.padding->saltLen;
+            hLen = wc_hash2sz(info->pk.rsa.padding->hash);
+
+            /* Same salt length code as rsa.c */
+            if (saltLen == RSA_PSS_SALT_LEN_DEFAULT)
+                saltLen = hLen;
+#ifndef WOLFSSL_PSS_LONG_SALT
+            else if (saltLen > hLen) {
+                return PSS_SALTLEN_E;
+            }
+#endif
+#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
+            else if (saltLen < RSA_PSS_SALT_LEN_DEFAULT) {
+                return PSS_SALTLEN_E;
+            }
+#else
+            else if (saltLen == RSA_PSS_SALT_LEN_DISCOVER) {
+                saltLen = *(info->pk.rsa.outLen) - hLen - 2;
+                if (saltLen < 0) {
+                    return PSS_SALTLEN_E;
+                }
+            }
+            else if (saltLen < RSA_PSS_SALT_LEN_DISCOVER) {
+                return PSS_SALTLEN_E;
+            }
+#endif
+            if (*(info->pk.rsa.outLen) - hLen < (word32)(saltLen + 2)) {
+                return PSS_SALTLEN_E;
+            }
+
+            pssParams.sLen = saltLen;
+        }
+#endif /* WOLF_CRYPTO_CB_RSA_PAD */
+
         rv = session->func->C_SignInit(session->handle, &mech, key);
         PKCS11_RV("C_SignInit", rv);
         if (rv != CKR_OK) {
@@ -1984,13 +2182,31 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
     int               ret = 0;
     CK_RV             rv;
     CK_MECHANISM_INFO mechInfo;
+    CK_MECHANISM_TYPE mechanism = 0x0UL;
     int               sessionKey = 0;
     CK_OBJECT_HANDLE  key;
     RsaKey*           rsaKey = info->pk.rsa.key;
     int               type = info->pk.rsa.type;
 
+    switch(info->pk.type) {
+#ifndef NO_PKCS11_RSA_PKCS
+    case WC_PK_TYPE_RSA_PKCS:
+        mechanism = CKM_RSA_PKCS;
+        break;
+    case WC_PK_TYPE_RSA_PSS:
+        mechanism = CKM_RSA_PKCS_PSS;
+        break;
+    case WC_PK_TYPE_RSA_OAEP:
+        mechanism = CKM_RSA_PKCS_OAEP;
+        break;
+#endif /* !NO_PKCS11_RSA_PKCS */
+    case WC_PK_TYPE_RSA:
+        mechanism = CKM_RSA_X_509;
+        break;
+    }
+
     /* Check operation is supported. */
-    rv = session->func->C_GetMechanismInfo(session->slotId, CKM_RSA_X_509,
+    rv = session->func->C_GetMechanismInfo(session->slotId, mechanism,
                                                                      &mechInfo);
     PKCS11_RV("C_GetMechanismInfo", rv);
     if (rv != CKR_OK) {
@@ -2023,7 +2239,7 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
         }
         else if (type == RSA_PUBLIC_DECRYPT) {
             WOLFSSL_MSG("PKCS#11: Public Decrypt");
-            if ((mechInfo.flags & CKF_DECRYPT) != 0) {
+            if ((mechInfo.flags & CKF_ENCRYPT) != 0) {
                 ret = Pkcs11RsaEncrypt(session, info, key);
             }
             else {
@@ -3456,7 +3672,7 @@ static int Pkcs11AesCbcEncrypt(Pkcs11Session* session, wc_CryptoInfo* info)
 
     if (ret == 0) {
         mech.mechanism      = CKM_AES_CBC;
-        mech.ulParameterLen = AES_BLOCK_SIZE;
+        mech.ulParameterLen = WC_AES_BLOCK_SIZE;
         mech.pParameter     = (CK_BYTE_PTR)info->cipher.aescbc.aes->reg;
 
         rv = session->func->C_EncryptInit(session->handle, &mech, key);
@@ -3532,7 +3748,7 @@ static int Pkcs11AesCbcDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
 
     if (ret == 0) {
         mech.mechanism      = CKM_AES_CBC;
-        mech.ulParameterLen = AES_BLOCK_SIZE;
+        mech.ulParameterLen = WC_AES_BLOCK_SIZE;
         mech.pParameter     = (CK_BYTE_PTR)info->cipher.aescbc.aes->reg;
 
         rv = session->func->C_DecryptInit(session->handle, &mech, key);
@@ -3750,6 +3966,90 @@ static int Pkcs11RandomSeed(Pkcs11Session* session, wc_CryptoInfo* info)
 }
 #endif
 
+#ifndef NO_CERTS
+
+static int Pkcs11GetCert(Pkcs11Session* session, wc_CryptoInfo* info) {
+    int                 ret = 0;
+    CK_RV               rv  = 0;
+    CK_ULONG            count = 0;
+    CK_OBJECT_HANDLE    certHandle = CK_INVALID_HANDLE;
+    byte               *certData = NULL;
+    CK_ATTRIBUTE    certTemplate[2] = {
+        { CKA_CLASS,           &certClass, sizeof(certClass)   }
+    };
+    CK_ATTRIBUTE   tmpl[] = {
+        { CKA_VALUE,         NULL_PTR, 0 }
+    };
+    CK_ULONG        certTmplCnt = sizeof(certTemplate) / sizeof(*certTemplate);
+    CK_ULONG        tmplCnt = sizeof(tmpl) / sizeof(*tmpl);
+
+    WOLFSSL_MSG("PKCS#11: Retrieve certificate");
+    if (info->cert.labelLen > 0) {
+        certTemplate[1].type = CKA_LABEL;
+        certTemplate[1].pValue = (CK_VOID_PTR)info->cert.label;
+        certTemplate[1].ulValueLen = info->cert.labelLen;
+    }
+    else if (info->cert.idLen > 0) {
+        certTemplate[1].type = CKA_ID;
+        certTemplate[1].pValue = (CK_VOID_PTR)info->cert.id;
+        certTemplate[1].ulValueLen = info->cert.idLen;
+    }
+    else {
+        ret = BAD_FUNC_ARG;
+        goto exit;
+    }
+
+    ret = Pkcs11FindKeyByTemplate(
+        &certHandle, session, certTemplate, certTmplCnt, &count);
+    if (ret == 0 && count == 0) {
+        ret = WC_HW_E;
+        goto exit;
+    }
+
+    PKCS11_DUMP_TEMPLATE("Get Certificate Length", tmpl, tmplCnt);
+    rv = session->func->C_GetAttributeValue(
+        session->handle, certHandle, tmpl, tmplCnt);
+    PKCS11_RV("C_GetAttributeValue", rv);
+    if (rv != CKR_OK) {
+        ret = WC_HW_E;
+        goto exit;
+    }
+
+    if (tmpl[0].ulValueLen <= 0) {
+        ret = WC_HW_E;
+        goto exit;
+    }
+
+    certData = (byte *)XMALLOC(
+        (int)tmpl[0].ulValueLen, info->cert.heap, DYNAMIC_TYPE_CERT);
+    if (certData == NULL) {
+        ret = MEMORY_E;
+        goto exit;
+    }
+
+    tmpl[0].pValue = certData;
+    rv = session->func->C_GetAttributeValue(
+        session->handle, certHandle, tmpl, tmplCnt);
+    PKCS11_RV("C_GetAttributeValue", rv);
+    if (rv != CKR_OK) {
+        ret = WC_HW_E;
+        goto exit;
+    }
+
+    *info->cert.certDataOut = certData;
+    *info->cert.certSz = (word32)tmpl[0].ulValueLen;
+    if (info->cert.certFormatOut != NULL) {
+        *info->cert.certFormatOut = CTC_FILETYPE_ASN1;
+    }
+    certData = NULL;
+
+exit:
+    XFREE(certData, info->cert.heap, DYNAMIC_TYPE_CERT);
+    return ret;
+}
+
+#endif /* !NO_CERTS */
+
 /**
  * Perform a cryptographic operation using PKCS#11 device.
  *
@@ -3783,6 +4083,11 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
             switch (info->pk.type) {
     #ifndef NO_RSA
                 case WC_PK_TYPE_RSA:
+        #ifdef WOLF_CRYPTO_CB_RSA_PAD
+                case WC_PK_TYPE_RSA_PKCS:
+                case WC_PK_TYPE_RSA_PSS:
+                case WC_PK_TYPE_RSA_OAEP:
+        #endif
                     ret = Pkcs11OpenSession(token, &session, readWrite);
                     if (ret == 0) {
                         ret = Pkcs11Rsa(&session, info);
@@ -3937,6 +4242,17 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
             }
     #else
             ret = NOT_COMPILED_IN;
+    #endif
+        }
+        else if (info->algo_type == WC_ALGO_TYPE_CERT) {
+    #ifndef NO_CERTS
+            ret = Pkcs11OpenSession(token, &session, readWrite);
+            if (ret == 0) {
+                ret = Pkcs11GetCert(&session, info);
+                Pkcs11CloseSession(token, &session);
+            }
+    #else
+            ret = NOT_COMPILED_IN;
     #endif
         }
         else
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index 32571585e..37822778f 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -1,6 +1,6 @@
 /* port.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,16 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
+#ifdef __APPLE__
+    #include <AvailabilityMacros.h>
 #endif
 
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/wc_port.h>
 #ifdef HAVE_ECC
     #include <wolfssl/wolfcrypt/ecc.h>
 #endif
@@ -40,6 +36,13 @@
     #include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#ifdef WOLF_CRYPTO_CB
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+#endif
+#endif
+
 #ifdef WOLFSSL_PSOC6_CRYPTO
     #include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
 #endif
@@ -247,6 +250,22 @@ int wolfCrypt_Init(void)
         }
     #endif
 
+    /* Crypto Callbacks only works on AES for MAX32666/5 HW */
+    #if defined(MAX3266X_AES) && defined(WOLF_CRYPTO_CB)
+        ret = wc_CryptoCb_RegisterDevice(WOLFSSL_MAX3266X_DEVID, wc_MxcCryptoCb,
+                                            NULL);
+        if(ret != 0) {
+            return ret;
+        }
+    #endif
+    #if defined(MAX3266X_RTC)
+        ret = wc_MXC_RTC_Init();
+        if (ret != 0) {
+            WOLFSSL_MSG("MXC RTC Init Failed");
+            return WC_HW_E;
+        }
+    #endif
+
     #if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
         defined(WOLFSSL_ATECC608A)
         ret = atmel_init();
@@ -338,6 +357,13 @@ int wolfCrypt_Init(void)
             return ret;
         }
     #endif
+    #if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \
+            (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)))
+        if ((ret = wc_ecc_oid_cache_init()) != 0) {
+            WOLFSSL_MSG("Error creating ECC oid cache");
+            return ret;
+        }
+    #endif
 #endif
 
 #ifdef WOLFSSL_SCE
@@ -429,6 +455,10 @@ int wolfCrypt_Cleanup(void)
     #ifdef ECC_CACHE_CURVE
         wc_ecc_curve_cache_free();
     #endif
+    #if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \
+            (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)))
+        wc_ecc_oid_cache_free();
+    #endif
 #endif /* HAVE_ECC */
 
     #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
@@ -1003,6 +1033,15 @@ int z_fs_close(XFILE file)
     return ret;
 }
 
+/* Rewind the file pointer to the beginning of the file */
+/* This is not a 'rewind' is not supported in Zephyr so */
+/* use fs_seek to move the file pointer to the beginning of the file */
+/* calling it z_fs_rewind to avoid future conflicts if rewind is added */
+int z_fs_rewind(XFILE file)
+{
+    return fs_seek(file, 0, FS_SEEK_SET);
+}
+
 #endif /* !NO_FILESYSTEM && !WOLFSSL_ZEPHYR */
 
 #if !defined(WOLFSSL_USER_MUTEX)
@@ -1148,10 +1187,10 @@ int wc_strcasecmp(const char *s1, const char *s2)
     for (;;++s1, ++s2) {
         c1 = *s1;
         if ((c1 >= 'a') && (c1 <= 'z'))
-            c1 -= ('a' - 'A');
+            c1 = (char)(c1 - ('a' - 'A'));
         c2 = *s2;
         if ((c2 >= 'a') && (c2 <= 'z'))
-            c2 -= ('a' - 'A');
+            c2 = (char)(c2 - ('a' - 'A'));
         if ((c1 != c2) || (c1 == 0))
             break;
     }
@@ -1166,10 +1205,10 @@ int wc_strncasecmp(const char *s1, const char *s2, size_t n)
     for (c1 = 0, c2 = 0; n > 0; --n, ++s1, ++s2) {
         c1 = *s1;
         if ((c1 >= 'a') && (c1 <= 'z'))
-            c1 -= ('a' - 'A');
+            c1 = (char)(c1 - ('a' - 'A'));
         c2 = *s2;
         if ((c2 >= 'a') && (c2 <= 'z'))
-            c2 -= ('a' - 'A');
+            c2 = (char)(c2 - ('a' - 'A'));
         if ((c1 != c2) || (c1 == 0))
             break;
     }
@@ -1183,7 +1222,7 @@ char* wc_strdup_ex(const char *src, int memType) {
     word32 len = 0;
 
     if (src) {
-        len = (word32)XSTRLEN(src);
+        len = (word32)XSTRLEN(src) + 1; /* Add one for null terminator */
         ret = (char*)XMALLOC(len, NULL, memType);
         if (ret != NULL) {
             XMEMCPY(ret, src, len);
@@ -1194,7 +1233,7 @@ char* wc_strdup_ex(const char *src, int memType) {
 }
 #endif
 
-#ifdef WOLFSSL_ATOMIC_OPS
+#if defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED)
 
 #ifdef HAVE_C___ATOMIC
 /* Atomic ops using standard C lib */
@@ -1254,8 +1293,9 @@ int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i)
 
 #endif /* WOLFSSL_ATOMIC_OPS */
 
-#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_ATOMIC_OPS)
-void wolfSSL_RefInit(wolfSSL_Ref* ref, int* err)
+#if !defined(SINGLE_THREADED)
+
+void wolfSSL_RefWithMutexInit(wolfSSL_RefWithMutex* ref, int* err)
 {
     int ret = wc_InitMutex(&ref->mutex);
     if (ret != 0) {
@@ -1266,14 +1306,14 @@ void wolfSSL_RefInit(wolfSSL_Ref* ref, int* err)
     *err = ret;
 }
 
-void wolfSSL_RefFree(wolfSSL_Ref* ref)
+void wolfSSL_RefWithMutexFree(wolfSSL_RefWithMutex* ref)
 {
     if (wc_FreeMutex(&ref->mutex) != 0) {
         WOLFSSL_MSG("Failed to free mutex of reference counting!");
     }
 }
 
-void wolfSSL_RefInc(wolfSSL_Ref* ref, int* err)
+void wolfSSL_RefWithMutexInc(wolfSSL_RefWithMutex* ref, int* err)
 {
     int ret = wc_LockMutex(&ref->mutex);
     if (ret != 0) {
@@ -1286,7 +1326,17 @@ void wolfSSL_RefInc(wolfSSL_Ref* ref, int* err)
     *err = ret;
 }
 
-void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err)
+int wolfSSL_RefWithMutexLock(wolfSSL_RefWithMutex* ref)
+{
+    return wc_LockMutex(&ref->mutex);
+}
+
+int wolfSSL_RefWithMutexUnlock(wolfSSL_RefWithMutex* ref)
+{
+    return wc_UnLockMutex(&ref->mutex);
+}
+
+void wolfSSL_RefWithMutexDec(wolfSSL_RefWithMutex* ref, int* isZero, int* err)
 {
     int ret = wc_LockMutex(&ref->mutex);
     if (ret != 0) {
@@ -1303,7 +1353,7 @@ void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err)
     }
     *err = ret;
 }
-#endif
+#endif /* ! SINGLE_THREADED */
 
 #if WOLFSSL_CRYPT_HW_MUTEX
 /* Mutex for protection of cryptography hardware */
@@ -1346,6 +1396,196 @@ int wolfSSL_CryptHwMutexUnLock(void)
 #endif /* WOLFSSL_CRYPT_HW_MUTEX */
 
 
+#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX)
+/* Mutex for protection of cryptography hardware */
+#ifndef NO_RNG_MUTEX
+static wolfSSL_Mutex wcCryptHwRngMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwRngMutex);
+#endif /* NO_RNG_MUTEX */
+#ifndef NO_AES_MUTEX
+static wolfSSL_Mutex wcCryptHwAesMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwAesMutex);
+#endif /* NO_AES_MUTEX */
+#ifndef NO_HASH_MUTEX
+static wolfSSL_Mutex wcCryptHwHashMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwHashMutex);
+#endif /* NO_HASH_MUTEX */
+#ifndef NO_PK_MUTEX
+static wolfSSL_Mutex wcCryptHwPkMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwPkMutex);
+#endif /* NO_PK_MUTEX */
+
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+#ifndef NO_RNG_MUTEX
+static int wcCryptHwRngMutexInit = 0;
+#endif /* NO_RNG_MUTEX */
+#ifndef NO_AES_MUTEX
+static int wcCryptHwAesMutexInit = 0;
+#endif /* NO_AES_MUTEX */
+#ifndef NO_HASH_MUTEX
+static int wcCryptHwHashMutexInit = 0;
+#endif /* NO_HASH_MUTEX */
+#ifndef NO_PK_MUTEX
+static int wcCryptHwPkMutexInit = 0;
+#endif /* NO_PK_MUTEX */
+#endif /* WOLFSSL_MUTEX_INITIALIZER */
+
+
+/* Allows ability to switch to different mutex based on enum type */
+/* hw_mutex_algo, expects the dereferenced Ptrs to be set to NULL */
+static int hwAlgoPtrSet(hw_mutex_algo hwAlgo, wolfSSL_Mutex** wcHwAlgoMutexPtr,
+                                int** wcHwAlgoInitPtr)
+{
+    if (*wcHwAlgoMutexPtr != NULL || *wcHwAlgoInitPtr != NULL) {
+        return BAD_FUNC_ARG;
+    }
+    switch (hwAlgo) {
+        #ifndef NO_RNG_MUTEX
+        case rng_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwRngMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwRngMutexInit;
+            break;
+        #endif
+        #ifndef NO_AES_MUTEX
+        case aes_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwAesMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwAesMutexInit;
+            break;
+        #endif
+        #ifndef NO_HASH_MUTEX
+        case hash_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwHashMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwHashMutexInit;
+            break;
+        #endif
+        #ifndef NO_PK_MUTEX
+        case pk_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwPkMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwPkMutexInit;
+            break;
+        #endif
+        default:
+            return BAD_FUNC_ARG;
+    }
+    return 0;
+}
+
+static int hwAlgoMutexInit(hw_mutex_algo hwAlgo)
+{
+    int ret = 0;
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr);
+    if (ret != 0) {
+        return ret;
+    }
+    if (*wcHwAlgoInitPtr == 0) {
+        ret = wc_InitMutex(wcHwAlgoMutexPtr);
+        if (ret == 0) {
+            *wcHwAlgoInitPtr = 1;
+        }
+    }
+#endif
+    return ret;
+}
+
+static int hwAlgoMutexLock(hw_mutex_algo hwAlgo)
+{
+    /* Make sure HW Mutex has been initialized */
+    int ret = 0;
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr);
+    if (ret != 0) {
+        return ret;
+    }
+    ret = hwAlgoMutexInit(hwAlgo);
+    if (ret == 0) {
+        ret = wc_LockMutex(wcHwAlgoMutexPtr);
+    }
+    return ret;
+}
+
+static int hwAlgoMutexUnLock(hw_mutex_algo hwAlgo)
+{
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    if (hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr) != 0) {
+        return BAD_FUNC_ARG;
+    }
+    if (*wcHwAlgoInitPtr) {
+        return wc_UnLockMutex(wcHwAlgoMutexPtr);
+    }
+    else {
+        return BAD_MUTEX_E;
+    }
+}
+
+/* Wrap around generic hwAlgo* functions and use correct */
+/* global mutex to determine if it can be unlocked/locked */
+#ifndef NO_RNG_MUTEX
+int wolfSSL_HwRngMutexInit(void)
+{
+    return hwAlgoMutexInit(rng_mutex);
+}
+int wolfSSL_HwRngMutexLock(void)
+{
+    return hwAlgoMutexLock(rng_mutex);
+}
+int wolfSSL_HwRngMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(rng_mutex);
+}
+#endif /* NO_RNG_MUTEX */
+
+#ifndef NO_AES_MUTEX
+int wolfSSL_HwAesMutexInit(void)
+{
+    return hwAlgoMutexInit(aes_mutex);
+}
+int wolfSSL_HwAesMutexLock(void)
+{
+    return hwAlgoMutexLock(aes_mutex);
+}
+int wolfSSL_HwAesMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(aes_mutex);
+}
+#endif /* NO_AES_MUTEX */
+
+#ifndef NO_HASH_MUTEX
+int wolfSSL_HwHashMutexInit(void)
+{
+    return hwAlgoMutexInit(hash_mutex);
+}
+int wolfSSL_HwHashMutexLock(void)
+{
+    return hwAlgoMutexLock(hash_mutex);
+}
+int wolfSSL_HwHashMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(hash_mutex);
+}
+#endif /* NO_HASH_MUTEX */
+
+#ifndef NO_PK_MUTEX
+int wolfSSL_HwPkMutexInit(void)
+{
+    return hwAlgoMutexInit(pk_mutex);
+}
+int wolfSSL_HwPkMutexLock(void)
+{
+    return hwAlgoMutexLock(pk_mutex);
+}
+int wolfSSL_HwPkMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(pk_mutex);
+}
+#endif /* NO_PK_MUTEX */
+
+#endif /* WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
 /* ---------------------------------------------------------------------------*/
 /* Mutex Ports */
 /* ---------------------------------------------------------------------------*/
@@ -1418,6 +1658,99 @@ int wolfSSL_CryptHwMutexUnLock(void)
         return 0;
     }
 
+#elif defined(__WATCOMC__)
+
+    int wc_InitMutex(wolfSSL_Mutex* m)
+    {
+    #ifdef __OS2__
+        DosCreateMutexSem( NULL, m, 0, FALSE );
+    #elif defined(__NT__)
+        InitializeCriticalSection(m);
+    #elif defined(__LINUX__)
+        if (pthread_mutex_init(m, NULL) )
+            return BAD_MUTEX_E;
+    #endif
+        return 0;
+    }
+
+    int wc_FreeMutex(wolfSSL_Mutex* m)
+    {
+    #ifdef __OS2__
+        DosCloseMutexSem(*m);
+    #elif defined(__NT__)
+        DeleteCriticalSection(m);
+    #elif defined(__LINUX__)
+        if (pthread_mutex_destroy(m) )
+            return BAD_MUTEX_E;
+    #endif
+        return 0;
+    }
+
+    int wc_LockMutex(wolfSSL_Mutex* m)
+    {
+    #ifdef __OS2__
+        DosRequestMutexSem(*m, SEM_INDEFINITE_WAIT);
+    #elif defined(__NT__)
+        EnterCriticalSection(m);
+    #elif defined(__LINUX__)
+        if (pthread_mutex_lock(m) )
+            return BAD_MUTEX_E;
+    #endif
+        return 0;
+    }
+
+    int wc_UnLockMutex(wolfSSL_Mutex* m)
+    {
+    #ifdef __OS2__
+        DosReleaseMutexSem(*m);
+    #elif defined(__NT__)
+        LeaveCriticalSection(m);
+    #elif defined(__LINUX__)
+        if (pthread_mutex_unlock(m) )
+            return BAD_MUTEX_E;
+    #endif
+        return 0;
+    }
+
+    #if defined(WOLFSSL_USE_RWLOCK) && defined(__LINUX__)
+
+    int wc_InitRwLock(wolfSSL_RwLock* m)
+    {
+        if (pthread_rwlock_init(m, NULL) )
+             return BAD_MUTEX_E;
+        return 0;
+    }
+
+    int wc_FreeRwLock(wolfSSL_RwLock* m)
+    {
+        if (pthread_rwlock_destroy(m) )
+            return BAD_MUTEX_E;
+        return 0;
+    }
+
+    int wc_LockRwLock_Wr(wolfSSL_RwLock* m)
+    {
+        if (pthread_rwlock_wrlock(m) )
+            return BAD_MUTEX_E;
+        return 0;
+    }
+
+    int wc_LockRwLock_Rd(wolfSSL_RwLock* m)
+    {
+        if (pthread_rwlock_rdlock(m) )
+            return BAD_MUTEX_E;
+        return 0;
+    }
+
+    int wc_UnLockRwLock(wolfSSL_RwLock* m)
+    {
+        if (pthread_rwlock_unlock(m) == 0)
+            return BAD_MUTEX_E;
+        return 0;
+    }
+
+    #endif
+
 #elif defined(FREERTOS) || defined(FREERTOS_TCP) || \
   defined(FREESCALE_FREE_RTOS)
 
@@ -1554,7 +1887,7 @@ int wolfSSL_CryptHwMutexUnLock(void)
     static void destruct_key(void *buf)
     {
         if (buf != NULL) {
-            free(buf);
+            XFREE(buf, NULL, DYNAMIC_TYPE_OS_BUF);
         }
     }
 
@@ -1683,7 +2016,7 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
         key_ptr = pthread_getspecific(key_own_hw_mutex);
         if (key_ptr == NULL) {
-            key_ptr = malloc(sizeof(int));
+            key_ptr = XMALLOC(sizeof(int), NULL, DYNAMIC_TYPE_OS_BUF);
             if (key_ptr == NULL) {
                 return MEMORY_E;
             }
@@ -2183,6 +2516,10 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
     int wc_InitMutex(wolfSSL_Mutex* m)
     {
+    #if (defined(HAVE_FIPS) && FIPS_VERSION_EQ(5,2))
+        if (wolfCrypt_GetMode_fips() == FIPS_MODE_INIT)
+            return 0;
+    #endif
         if (_mutex_init(m, NULL) == MQX_EOK)
             return 0;
         else
@@ -2199,6 +2536,13 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
     int wc_LockMutex(wolfSSL_Mutex* m)
     {
+    #if (defined(HAVE_FIPS) && FIPS_VERSION_EQ(5,2))
+        if (m->VALID != MUTEX_VALID) {
+            if (_mutex_init(m, NULL) != MQX_EOK)
+                return BAD_MUTEX_E;
+        }
+    #endif
+
         if (_mutex_lock(m) == MQX_EOK)
             return 0;
         else
@@ -2207,6 +2551,13 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
     int wc_UnLockMutex(wolfSSL_Mutex* m)
     {
+    #if (defined(HAVE_FIPS) && FIPS_VERSION_EQ(5,2))
+        if (m->VALID != MUTEX_VALID) {
+            if (_mutex_init(m, NULL) != MQX_EOK)
+                return BAD_MUTEX_E;
+        }
+    #endif
+
         if (_mutex_unlock(m) == MQX_EOK)
             return 0;
         else
@@ -2471,7 +2822,9 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
 #elif defined(WOLFSSL_CMSIS_RTOS)
 
-    #define CMSIS_NMUTEX 10
+    #ifndef CMSIS_NMUTEX
+        #define CMSIS_NMUTEX 10
+    #endif
     osMutexDef(wolfSSL_mt0);  osMutexDef(wolfSSL_mt1);  osMutexDef(wolfSSL_mt2);
     osMutexDef(wolfSSL_mt3);  osMutexDef(wolfSSL_mt4);  osMutexDef(wolfSSL_mt5);
     osMutexDef(wolfSSL_mt6);  osMutexDef(wolfSSL_mt7);  osMutexDef(wolfSSL_mt8);
@@ -2487,6 +2840,11 @@ int wolfSSL_CryptHwMutexUnLock(void)
     int wc_InitMutex(wolfSSL_Mutex* m)
     {
         int i;
+
+        if(!osKernelRunning()) {
+            return 0;
+        }
+
         for (i=0; i<CMSIS_NMUTEX; i++) {
             if(CMSIS_mutexID[i] == 0) {
                 CMSIS_mutexID[i] = osMutexCreate(CMSIS_mutex[i]);
@@ -2500,6 +2858,11 @@ int wolfSSL_CryptHwMutexUnLock(void)
     int wc_FreeMutex(wolfSSL_Mutex* m)
     {
         int i;
+
+        if(!osKernelRunning()) {
+            return 0;
+        }
+
         osMutexDelete   (*m);
         for (i=0; i<CMSIS_NMUTEX; i++) {
             if(CMSIS_mutexID[i] == (*m)) {
@@ -2512,13 +2875,17 @@ int wolfSSL_CryptHwMutexUnLock(void)
 
     int wc_LockMutex(wolfSSL_Mutex* m)
     {
-        osMutexWait(*m, osWaitForever);
+        if(osKernelRunning()) {
+            osMutexWait(*m, osWaitForever);
+        }
         return(0);
     }
 
     int wc_UnLockMutex(wolfSSL_Mutex* m)
     {
-        osMutexRelease (*m);
+        if(osKernelRunning()) {
+            osMutexRelease (*m);
+        }
         return 0;
     }
 
@@ -3145,6 +3512,9 @@ time_t mqx_time(time_t* timer)
 
 #endif /* FREESCALE_MQX || FREESCALE_KSDK_MQX */
 
+#if defined(MAX3266X_RTC)
+    #define XTIME wc_MXC_RTC_Time
+#endif
 
 #if defined(WOLFSSL_TIRTOS) && defined(USER_TIME)
 
@@ -3373,7 +3743,8 @@ time_t stm32_hal_time(time_t *t1)
 
 #endif /* !NO_ASN_TIME */
 
-#if !defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)
+#if (!defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)) || \
+    defined(USE_WOLF_STRNSTR)
 char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 {
     unsigned int s2_len = (unsigned int)XSTRLEN(s2);
@@ -3393,6 +3764,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 }
 #endif
 
+
 /* custom memory wrappers */
 #ifdef WOLFSSL_NUCLEUS_1_2
 
@@ -3470,7 +3842,213 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 #ifndef SINGLE_THREADED
 
 /* Environment-specific multi-thread implementation check  */
-#if defined(USE_WINDOWS_API) && !defined(WOLFSSL_PTHREADS) && \
+#if defined(__WATCOMC__)
+
+    int wolfSSL_NewThread(THREAD_TYPE* thread,
+        THREAD_CB cb, void* arg)
+    {
+        if (thread == NULL || cb == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+        *thread = _beginthread(cb, NULL, 0, arg);
+        if (*thread == INVALID_THREAD_VAL) {
+            return MEMORY_E;
+        }
+    #elif defined(__NT__)
+        /* Use _beginthreadex instead of _beginthread because of:
+         *   _beginthreadex is safer to use than _beginthread. If the thread
+         *   that's generated by _beginthread exits quickly, the handle that's
+         *   returned to the caller of _beginthread might be invalid or point
+         *   to another thread. However, the handle that's returned by
+         *   _beginthreadex has to be closed by the caller of _beginthreadex,
+         *   so it's guaranteed to be a valid handle if _beginthreadex didn't
+         *   return an error.*/
+        *thread = _beginthreadex(NULL, 0, cb, arg, 0, NULL);
+        if (*thread == 0) {
+            *thread = INVALID_THREAD_VAL;
+            return MEMORY_E;
+        }
+    #elif defined(__LINUX__)
+        if (pthread_create(thread, NULL, cb, arg))
+            return MEMORY_E;
+    #endif
+        return 0;
+    }
+
+    int wolfSSL_JoinThread(THREAD_TYPE thread)
+    {
+        int ret = 0;
+
+        if (thread == INVALID_THREAD_VAL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+        DosWaitThread(&thread, DCWW_WAIT);
+    #elif defined(__NT__)
+        /* We still want to attempt to close the thread handle even on error */
+        if (WaitForSingleObject((HANDLE)thread, INFINITE) == WAIT_FAILED)
+            ret = MEMORY_E;
+        if (CloseHandle((HANDLE)thread) == 0)
+            ret = MEMORY_E;
+    #elif defined(__LINUX__)
+        if (pthread_join(thread, NULL) != 0)
+            ret = MEMORY_E;
+    #endif
+        return ret;
+    }
+
+    #if defined(WOLFSSL_THREAD_NO_JOIN)
+    int wolfSSL_NewThreadNoJoin(THREAD_CB_NOJOIN cb, void* arg)
+    {
+        THREAD_TYPE thread;
+        int ret = 0;
+
+        if (cb == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+        thread = _beginthread(cb, NULL, 0, arg);
+        if (thread == INVALID_THREAD_VAL)
+            ret = MEMORY_E;
+    #elif defined(__NT__)
+        thread = _beginthread(cb, 0, arg);
+        if (thread == -1L)
+            ret = MEMORY_E;
+    #elif defined(__LINUX__)
+        XMEMSET(&thread, 0, sizeof(thread));
+        ret = wolfSSL_NewThread(&thread, cb, arg);
+        if (ret == 0)
+            ret = pthread_detach(thread);
+    #endif
+        return ret;
+    }
+    #endif
+
+    #ifdef WOLFSSL_COND
+    int wolfSSL_CondInit(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+        DosCreateMutexSem( NULL, &cond->mutex, 0, FALSE );
+        DosCreateEventSem( NULL, &cond->cond, DCE_POSTONE, FALSE );
+    #elif defined(__NT__)
+        cond->cond = CreateEventA(NULL, FALSE, FALSE, NULL);
+        if (cond->cond == NULL)
+            return MEMORY_E;
+
+        if (wc_InitMutex(&cond->mutex) != 0) {
+            if (CloseHandle(cond->cond) == 0)
+                return MEMORY_E;
+            return MEMORY_E;
+        }
+    #elif defined(__LINUX__)
+        if (pthread_mutex_init(&cond->mutex, NULL) != 0)
+            return MEMORY_E;
+
+        if (pthread_cond_init(&cond->cond, NULL) != 0) {
+            /* Keep compilers happy that we are using the return code */
+            if (pthread_mutex_destroy(&cond->mutex) != 0)
+                return MEMORY_E;
+            return MEMORY_E;
+        }
+    #endif
+        return 0;
+    }
+
+    int wolfSSL_CondFree(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+        DosCloseMutexSem(cond->mutex);
+        DosCloseEventSem(cond->cond);
+    #elif defined(__NT__)
+        if (CloseHandle(cond->cond) == 0)
+            return MEMORY_E;
+    #elif defined(__LINUX__)
+        if (pthread_mutex_destroy(&cond->mutex) != 0)
+            return MEMORY_E;
+
+        if (pthread_cond_destroy(&cond->cond) != 0)
+            return MEMORY_E;
+    #endif
+        return 0;
+    }
+
+    int wolfSSL_CondStart(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+    #elif defined(__NT__)
+        if (wc_LockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+    #elif defined(__LINUX__)
+        if (pthread_mutex_lock(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+    #endif
+        return 0;
+    }
+
+    int wolfSSL_CondSignal(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+    #elif defined(__NT__)
+        if (wc_UnLockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+
+        if (SetEvent(cond->cond) == 0)
+            return MEMORY_E;
+
+        if (wc_LockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+    #elif defined(__LINUX__)
+        if (pthread_cond_signal(&cond->cond) != 0)
+            return MEMORY_E;
+    #endif
+        return 0;
+    }
+
+    int wolfSSL_CondWait(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+    #elif defined(__NT__)
+        if (wc_UnLockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+
+        if (WaitForSingleObject(cond->cond, INFINITE) == WAIT_FAILED)
+            return MEMORY_E;
+
+        if (wc_LockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+    #elif defined(__LINUX__)
+        if (pthread_cond_wait(&cond->cond, &cond->mutex) != 0)
+            return MEMORY_E;
+    #endif
+        return 0;
+    }
+
+    int wolfSSL_CondEnd(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+    #if defined(__OS2__)
+    #elif defined(__NT__)
+        if (wc_UnLockMutex(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+    #elif defined(__LINUX__)
+        if (pthread_mutex_unlock(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+    #endif
+        return 0;
+    }
+    #endif /* WOLFSSL_COND */
+
+
+#elif defined(USE_WINDOWS_API) && !defined(WOLFSSL_PTHREADS) && \
     !defined(_WIN32_WCE)
     int wolfSSL_NewThread(THREAD_TYPE* thread,
         THREAD_CB cb, void* arg)
@@ -3668,7 +4246,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         XMEMSET(thread, 0, sizeof(*thread));
 
         thread->threadStack = (void *)XMALLOC(WOLFSSL_NETOS_STACK_SZ, NULL,
-                DYNAMIC_TYPE_TMP_BUFFER);
+                DYNAMIC_TYPE_OS_BUF);
         if (thread->threadStack == NULL)
             return MEMORY_E;
 
@@ -3690,7 +4268,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
                            2, 2,
                            1, TX_AUTO_START);
         if (result != TX_SUCCESS) {
-            free(thread->threadStack);
+            XFREE(thread->threadStack, NULL, DYNAMIC_TYPE_OS_BUF);
             thread->threadStack = NULL;
             return MEMORY_E;
         }
@@ -3701,7 +4279,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
     int wolfSSL_JoinThread(THREAD_TYPE thread)
     {
         /* TODO: maybe have to use tx_thread_delete? */
-        free(thread.threadStack);
+        XFREE(thread.threadStack, NULL, DYNAMIC_TYPE_OS_BUF);
         thread.threadStack = NULL;
         return 0;
     }
@@ -3722,6 +4300,14 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 
         XMEMSET(thread, 0, sizeof(*thread));
 
+        thread->tid = (struct k_thread*)XMALLOC(
+                Z_KERNEL_STACK_SIZE_ADJUST(sizeof(struct k_thread)),
+                wolfsslThreadHeapHint, DYNAMIC_TYPE_TMP_BUFFER);
+        if (thread->tid == NULL) {
+            WOLFSSL_MSG("error: XMALLOC thread->tid failed");
+            return MEMORY_E;
+        }
+
         /* TODO: Use the following once k_thread_stack_alloc makes it into a
          * release.
          * thread->threadStack = k_thread_stack_alloc(WOLFSSL_ZEPHYR_STACK_SZ,
@@ -3731,14 +4317,18 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
                 Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ),
                 wolfsslThreadHeapHint, DYNAMIC_TYPE_TMP_BUFFER);
         if (thread->threadStack == NULL) {
-            WOLFSSL_MSG("error: XMALLOC failed");
+            XFREE(thread->tid, wolfsslThreadHeapHint,
+                    DYNAMIC_TYPE_TMP_BUFFER);
+            thread->tid = NULL;
+
+            WOLFSSL_MSG("error: XMALLOC thread->threadStack failed");
             return MEMORY_E;
         }
 
         /* k_thread_create does not return any error codes */
         /* Casting to k_thread_entry_t should be fine since we just ignore the
          * extra arguments being passed in */
-        k_thread_create(&thread->tid, thread->threadStack,
+        k_thread_create(thread->tid, thread->threadStack,
                 WOLFSSL_ZEPHYR_STACK_SZ, (k_thread_entry_t)cb, arg, NULL, NULL,
                 5, 0, K_NO_WAIT);
 
@@ -3750,10 +4340,14 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
         int ret = 0;
         int err;
 
-        err = k_thread_join(&thread.tid, K_FOREVER);
+        err = k_thread_join(thread.tid, K_FOREVER);
         if (err != 0)
             ret = MEMORY_E;
 
+        XFREE(thread.tid, wolfsslThreadHeapHint,
+                DYNAMIC_TYPE_TMP_BUFFER);
+        thread.tid = NULL;
+
         /* TODO: Use the following once k_thread_stack_free makes it into a
          * release.
          * err = k_thread_stack_free(thread.threadStack);
@@ -3814,86 +4408,8 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
     }
 
 #ifdef WOLFSSL_COND
-    #ifndef __MACH__
-    /* Generic POSIX conditional */
-    int wolfSSL_CondInit(COND_TYPE* cond)
-    {
-        if (cond == NULL)
-            return BAD_FUNC_ARG;
-
-        if (pthread_mutex_init(&cond->mutex, NULL) != 0)
-            return MEMORY_E;
-
-        if (pthread_cond_init(&cond->cond, NULL) != 0) {
-            /* Keep compilers happy that we are using the return code */
-            if (pthread_mutex_destroy(&cond->mutex) != 0)
-                return MEMORY_E;
-            return MEMORY_E;
-        }
-
-        return 0;
-    }
-
-    int wolfSSL_CondFree(COND_TYPE* cond)
-    {
-        int ret = 0;
-
-        if (cond == NULL)
-            return BAD_FUNC_ARG;
-
-        if (pthread_mutex_destroy(&cond->mutex) != 0)
-            ret = MEMORY_E;
-
-        if (pthread_cond_destroy(&cond->cond) != 0)
-            ret = MEMORY_E;
-
-        return ret;
-    }
-
-    int wolfSSL_CondStart(COND_TYPE* cond)
-    {
-        if (cond == NULL)
-            return BAD_FUNC_ARG;
-
-        if (pthread_mutex_lock(&cond->mutex) != 0)
-            return BAD_MUTEX_E;
-
-        return 0;
-    }
-
-    int wolfSSL_CondSignal(COND_TYPE* cond)
-    {
-        if (cond == NULL)
-            return BAD_FUNC_ARG;
-
-        if (pthread_cond_signal(&cond->cond) != 0)
-            return MEMORY_E;
-
-        return 0;
-    }
-
-    int wolfSSL_CondWait(COND_TYPE* cond)
-    {
-        if (cond == NULL)
-            return BAD_FUNC_ARG;
-
-        if (pthread_cond_wait(&cond->cond, &cond->mutex) != 0)
-            return MEMORY_E;
-
-        return 0;
-    }
-
-    int wolfSSL_CondEnd(COND_TYPE* cond)
-    {
-        if (cond == NULL)
-            return BAD_FUNC_ARG;
-
-        if (pthread_mutex_unlock(&cond->mutex) != 0)
-            return BAD_MUTEX_E;
-
-        return 0;
-    }
-    #else /* __MACH__ */
+    #if defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 \
+        && !defined(__ppc__)
     /* Apple style dispatch semaphore */
     int wolfSSL_CondInit(COND_TYPE* cond)
     {
@@ -3985,9 +4501,100 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 
         return 0;
     }
+
+    #else /* Generic POSIX conditional */
+
+    int wolfSSL_CondInit(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pthread_mutex_init(&cond->mutex, NULL) != 0)
+            return MEMORY_E;
+
+        if (pthread_cond_init(&cond->cond, NULL) != 0) {
+            /* Keep compilers happy that we are using the return code */
+            if (pthread_mutex_destroy(&cond->mutex) != 0)
+                return MEMORY_E;
+            return MEMORY_E;
+        }
+
+        return 0;
+    }
+
+    int wolfSSL_CondFree(COND_TYPE* cond)
+    {
+        int ret = 0;
+
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pthread_mutex_destroy(&cond->mutex) != 0)
+            ret = MEMORY_E;
+
+        if (pthread_cond_destroy(&cond->cond) != 0)
+            ret = MEMORY_E;
+
+        return ret;
+    }
+
+    int wolfSSL_CondStart(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pthread_mutex_lock(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+
+        return 0;
+    }
+
+    int wolfSSL_CondSignal(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pthread_cond_signal(&cond->cond) != 0)
+            return MEMORY_E;
+
+        return 0;
+    }
+
+    int wolfSSL_CondWait(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pthread_cond_wait(&cond->cond, &cond->mutex) != 0)
+            return MEMORY_E;
+
+        return 0;
+    }
+
+    int wolfSSL_CondEnd(COND_TYPE* cond)
+    {
+        if (cond == NULL)
+            return BAD_FUNC_ARG;
+
+        if (pthread_mutex_unlock(&cond->mutex) != 0)
+            return BAD_MUTEX_E;
+
+        return 0;
+    }
+
     #endif /* __MACH__ */
 #endif /* WOLFSSL_COND */
 
 #endif /* Environment check */
 
 #endif /* not SINGLE_THREADED */
+
+#if defined(WOLFSSL_LINUXKM) && defined(CONFIG_ARM64) && \
+    defined(USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE)
+noinstr void my__alt_cb_patch_nops(struct alt_instr *alt, __le32 *origptr,
+                                   __le32 *updptr, int nr_inst)
+{
+    return (wolfssl_linuxkm_get_pie_redirect_table()->
+            alt_cb_patch_nops)(alt, origptr, updptr, nr_inst);
+}
+#endif
diff --git a/wolfcrypt/src/wc_xmss.c b/wolfcrypt/src/wc_xmss.c
index 5c016dbac..51b308bea 100644
--- a/wolfcrypt/src/wc_xmss.c
+++ b/wolfcrypt/src/wc_xmss.c
@@ -1,6 +1,6 @@
 /* wc_xmss.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,13 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef WOLFSSL_HAVE_XMSS
 #include <wolfssl/wolfcrypt/wc_xmss.h>
@@ -738,7 +732,7 @@ static WC_INLINE int wc_xmsskey_signupdate(XmssKey* key, byte* sig,
     #endif
 
     #ifdef WOLFSSL_SMALL_STACK
-        state = XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        state = (XmssState*)XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (state == NULL) {
             ret = MEMORY_E;
         }
@@ -1109,7 +1103,7 @@ int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng)
     #endif
 
     #ifdef WOLFSSL_SMALL_STACK
-        state = XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        state = (XmssState*)XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (state == NULL) {
             ret = MEMORY_E;
         }
@@ -1645,7 +1639,7 @@ int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigLen,
     #endif
 
     #ifdef WOLFSSL_SMALL_STACK
-        state = XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        state = (XmssState*)XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (state == NULL) {
             ret = MEMORY_E;
         }
diff --git a/wolfcrypt/src/wc_xmss_impl.c b/wolfcrypt/src/wc_xmss_impl.c
index 80ca9672e..15b2184b2 100644
--- a/wolfcrypt/src/wc_xmss_impl.c
+++ b/wolfcrypt/src/wc_xmss_impl.c
@@ -1,6 +1,6 @@
 /* wc_xmss_impl.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,13 +29,7 @@
  *       (https://ece.engr.uvic.ca/~raltawy/SAC2021/9.pdf)
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #include <wolfssl/wolfcrypt/wc_xmss.h>
 #include <wolfssl/wolfcrypt/hash.h>
@@ -2653,6 +2647,9 @@ static int wc_xmss_bds_state_alloc(const XmssParams* params, BdsState** bds)
         if (*bds == NULL) {
             ret = MEMORY_E;
         }
+        else {
+            XMEMSET(*bds, 0, sizeof(BdsState) * cnt);
+        }
     }
 
     return ret;
@@ -2675,7 +2672,7 @@ static void wc_xmss_bds_state_free(BdsState* bds)
  * @param [out] bds        BDS states.
  * @param [out] wots_sigs  WOTS signatures when XMSS^MT.
  */
-static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
+static int wc_xmss_bds_state_load(const XmssState* state, byte* sk,
     BdsState* bds, byte** wots_sigs)
 {
     const XmssParams* params = state->params;
@@ -2689,6 +2686,9 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
     /* Skip past standard SK = idx || wots_sk || SK_PRF || root || SEED; */
     sk += params->idx_len + 4 * n;
 
+    if (2 * (int)params->d - 1 <= 0)
+        return WC_FAILURE;
+
     for (i = 0; i < 2 * (int)params->d - 1; i++) {
         /* Set pointers into SK. */
         bds[i].stack = sk;
@@ -2715,6 +2715,8 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
     if (wots_sigs != NULL) {
         *wots_sigs = sk;
     }
+
+    return 0;
 }
 
 /* Store the BDS state into the secret/private key.
@@ -2723,7 +2725,7 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
  * @param [in, out] sk      Secret/private key.
  * @param [in]      bds     BDS states.
  */
-static void wc_xmss_bds_state_store(const XmssState* state, byte* sk,
+static int wc_xmss_bds_state_store(const XmssState* state, byte* sk,
     BdsState* bds)
 {
     int i;
@@ -2743,15 +2745,20 @@ static void wc_xmss_bds_state_store(const XmssState* state, byte* sk,
     /* Ignore standard SK = idx || wots_sk || SK_PRF || root || SEED; */
     sk += params->idx_len + 4 * n;
 
+    if (2 * (int)params->d - 1 <= 0)
+        return WC_FAILURE;
+
     for (i = 0; i < 2 * (int)params->d - 1; i++) {
         /* Skip pointers into sk. */
         sk += skip;
         /* Save values - big-endian encoded. */
-        c32to24(bds[i].next, sk);
+        c32to24(bds[i].next, sk); /* NOLINT(clang-analyzer-core.CallAndMessage) */
         sk += 3;
         sk[0] = bds[i].offset;
         sk += 1;
     }
+
+    return 0;
 }
 
 /********************************************
@@ -2821,6 +2828,10 @@ static void wc_xmss_bds_next_idx(XmssState* state, BdsState* bds,
         /* HDSS, Section 4.5, 1: AUTH[h] = v[h][1], h = 0,...,H-1.
          * Cache left node if on authentication path. */
         if ((i >> h) == 1) {
+            if (bds->authPath == NULL) {
+                state->ret = WC_FAILURE;
+                return;
+            }
             XMEMCPY(bds->authPath + h * n, node, n);
         }
         /* This is a right node. */
@@ -2900,8 +2911,10 @@ static void wc_xmss_bds_treehash_initial(XmssState* state, BdsState* bds,
     bds->offset = 0;
     bds->next = 0;
     /* Reset the hash tree status. */
-    for (i = 0; i < hsk; i++) {
-        wc_xmss_bds_state_treehash_init(bds, i);
+    if (bds->treeHash != NULL) {
+        for (i = 0; i < hsk; i++) {
+            wc_xmss_bds_state_treehash_init(bds, i);
+        }
     }
 
     /* Copy hash address into local. */
@@ -3036,6 +3049,11 @@ static word8 wc_xmss_bds_treehash_updates(XmssState* state, BdsState* bds,
     const word8 hs = params->sub_h;
     const word8 hsk = params->sub_h - params->bds_k;
 
+    if (bds->treeHash == NULL) {
+        state->ret = WC_FAILURE;
+        return 0;
+    }
+
     while (updates > 0) {
         word8 minH = hs;
         word8 h = hsk;
@@ -3106,6 +3124,10 @@ static void wc_xmss_bds_update(XmssState* state, BdsState* bds,
         HashAddress addrCopy;
 
         XMSS_ADDR_OTS_SET_SUBTREE(addrCopy, addr);
+        if (bds->height == NULL) {
+            state->ret = WC_FAILURE;
+            return;
+        }
         wc_xmss_bds_next_idx(state, bds, sk_seed, pk_seed, addrCopy, bds->next,
             bds->height, &bds->offset, &sp);
         bds->offset++;
@@ -3162,6 +3184,11 @@ static void wc_xmss_bds_auth_path(XmssState* state, BdsState* bds,
     byte* node = state->encMsg;
     word8 parent;
 
+    if ((bds->keep == NULL) || (bds->authPath == NULL)) {
+        state->ret = WC_FAILURE;
+        return;
+    }
+
     /* Step 1. Find the height of first left node in authentication path. */
     tau = wc_xmss_lowest_zero_bit_index(leafIdx, hs, &parent);
     if (tau == 0) {
@@ -3297,6 +3324,10 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
     if (ret == 0)
 #endif
     {
+        /* Setup pointers into sk - assumes sk is initialized to zeros. */
+        ret = wc_xmss_bds_state_load(state, sk, bds, NULL);
+    }
+    if (ret == 0) {
         /* Offsets into seed. */
         const byte* seed_priv = seed;
         const byte* seed_pub = seed + 2 * n;
@@ -3306,9 +3337,6 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
         /* Offsets into public key. */
         byte* pk_seed = pk + n;
 
-        /* Setup pointers into sk - assumes sk is initialized to zeros. */
-        wc_xmss_bds_state_load(state, sk, bds, NULL);
-
         /* Set first index to 0 in private key. idx_len always 4. */
         *sk_idx = 0;
         /* Set private key seed and private key for PRF in to private key. */
@@ -3333,7 +3361,7 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
         XMEMCPY(sk_root, pk_root, 2 * n);
 
         /* Store BDS state back into secret/private key. */
-        wc_xmss_bds_state_store(state, sk, bds);
+        ret = wc_xmss_bds_state_store(state, sk, bds);
     }
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -3412,8 +3440,9 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
 #endif
     {
         /* Load the BDS state from secret/private key. */
-        wc_xmss_bds_state_load(state, sk, bds, NULL);
-
+        ret = wc_xmss_bds_state_load(state, sk, bds, NULL);
+    }
+    if (ret == 0) {
         /* Copy the index into the signature data: Sig = idx_sig || ... */
         *((word32*)sig) = *((word32*)sk);
         /* Read index from the secret key. */
@@ -3490,7 +3519,7 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
     }
     if (ret == 0) {
         /* Store BDS state back into secret/private key. */
-        wc_xmss_bds_state_store(state, sk, bds);
+        ret = wc_xmss_bds_state_store(state, sk, bds);
     }
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -3580,14 +3609,15 @@ int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed,
 
     /* Allocate memory for BDS states and tree hash instances. */
     ret = wc_xmss_bds_state_alloc(params, &bds);
+    if (ret == 0) {
+        /* Load the BDS state from secret/private key. */
+        ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
+    }
     if (ret == 0) {
         /* Offsets into seed. */
         const byte* seed_priv = seed;
         const byte* seed_pub  = seed + 2 * params->n;
 
-        /* Load the BDS state from secret/private key. */
-        wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
-
         /* Set first index to 0 in private key. */
         XMEMSET(sk, 0, params->idx_len);
         /* Set private key seed and private key for PRF in to private key. */
@@ -3630,7 +3660,7 @@ int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed,
         XMEMCPY(sk_root, pk_root, 2 * n);
 
         /* Store BDS state back into secret/private key. */
-        wc_xmss_bds_state_store(state, sk, bds);
+        ret = wc_xmss_bds_state_store(state, sk, bds);
     }
 
     /* Dispose of allocated data of BDS states. */
@@ -3825,10 +3855,16 @@ static int wc_xmssmt_sign_msg(XmssState* state, BdsState* bds, XmssIdx idx,
     }
     if (ret == 0) {
         word8 i;
+        byte *authPath;
 
         sig += params->wots_sig_len;
         /*   Add authentication path. */
-        XMEMCPY(sig, bds[BDS_IDX(idx, 0, hs, params->d)].authPath, hs * n);
+        authPath = bds[BDS_IDX(idx, 0, hs, params->d)].authPath;
+        if (authPath == NULL) {
+            state->ret = WC_FAILURE;
+            return state->ret;
+        }
+        XMEMCPY(sig, authPath, hs * n);
         sig += hs * n;
 
         /* Remaining iterations from storage. */
@@ -3838,7 +3874,12 @@ static int wc_xmssmt_sign_msg(XmssState* state, BdsState* bds, XmssIdx idx,
                 params->wots_sig_len);
             sig += params->wots_sig_len;
             /* Add authentication path (auth) and calc new root. */
-            XMEMCPY(sig, bds[BDS_IDX(idx, i, hs, params->d)].authPath, hs * n);
+            authPath = bds[BDS_IDX(idx, i, hs, params->d)].authPath;
+            if (authPath == NULL) {
+                state->ret = WC_FAILURE;
+                return state->ret;
+            }
+            XMEMCPY(sig, authPath, hs * n);
             sig += hs * n;
         }
         ret = state->ret;
@@ -4000,8 +4041,9 @@ int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen,
     ret = wc_xmss_bds_state_alloc(params, &bds);
     if (ret == 0) {
         /* Load the BDS state from secret/private key. */
-        wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
-
+        ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
+    }
+    if (ret == 0) {
         /* Copy the index into the signature data: Sig_MT = idx_sig. */
         XMEMCPY(sig_mt, sk, idx_len);
 
@@ -4032,7 +4074,7 @@ int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen,
 
     if (ret == 0) {
         /* Store BDS state back into secret/private key. */
-        wc_xmss_bds_state_store(state, sk, bds);
+        ret = wc_xmss_bds_state_store(state, sk, bds);
     }
 
     /* Dispose of allocated data of BDS states. */
diff --git a/wolfcrypt/src/wolfevent.c b/wolfcrypt/src/wolfevent.c
index bf155c129..34d574048 100644
--- a/wolfcrypt/src/wolfevent.c
+++ b/wolfcrypt/src/wolfevent.c
@@ -1,6 +1,6 @@
 /* wolfevent.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -19,18 +19,12 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_WOLF_EVENT
 
 #include <wolfssl/internal.h>
 #include <wolfssl/error-ssl.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #include <wolfssl/wolfcrypt/wolfevent.h>
 
diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c
index b7853dd8f..9f14d0190 100644
--- a/wolfcrypt/src/wolfmath.c
+++ b/wolfcrypt/src/wolfmath.c
@@ -1,6 +1,6 @@
 /* wolfmath.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,15 +26,9 @@
  * NO_BIG_INT: Disable support for all multi-precision math libraries
  */
 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
+#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
-/* in case user set USE_FAST_MATH there */
-#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/wolfmath.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/logging.h>
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     #include <wolfssl/wolfcrypt/async.h>
@@ -149,10 +143,10 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b)
         for (; i < b->used; i++) {
             b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;
         }
-        b->used ^= (a->used ^ b->used) & (unsigned int)mask;
+        b->used ^= (a->used ^ b->used) & (wc_mp_size_t)mask;
 #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
     defined(WOLFSSL_SP_INT_NEGATIVE)
-        b->sign ^= (a->sign ^ b->sign) & (unsigned int)mask;
+        b->sign ^= (wc_mp_sign_t)(a->sign ^ b->sign) & (wc_mp_sign_t)mask;
 #endif
     }
 
@@ -167,8 +161,6 @@ int get_rand_digit(WC_RNG* rng, mp_digit* d)
     return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit));
 }
 
-#if defined(WC_RSA_BLINDING) || defined(WOLFCRYPT_HAVE_SAKKE) || \
-    defined(WOLFSSL_ECC_BLIND_K)
 int mp_rand(mp_int* a, int digits, WC_RNG* rng)
 {
     int ret = 0;
@@ -196,7 +188,7 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng)
         ret = BAD_FUNC_ARG;
     }
     if (ret == MP_OKAY) {
-        a->used = (word32)digits;
+        a->used = (wc_mp_size_t)digits;
     }
 #endif
     /* fill the data with random bytes */
@@ -222,7 +214,6 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng)
 
     return ret;
 }
-#endif /* WC_RSA_BLINDING || WOLFCRYPT_HAVE_SAKKE || WOLFSSL_ECC_BLIND_K */
 #endif /* !WC_NO_RNG */
 
 #if defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT)
@@ -474,14 +465,16 @@ const char *wc_GetMathInfo(void)
         #elif defined(WOLFSSL_HAVE_SP_DH)
             " dh"
         #endif
-        #ifndef WOLFSSL_SP_NO_2048
-            " 2048"
-        #endif
-        #ifndef WOLFSSL_SP_NO_3072
-            " 3072"
-        #endif
-        #ifdef WOLFSSL_SP_4096
-            " 4096"
+        #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)
+            #ifndef WOLFSSL_SP_NO_2048
+                " 2048"
+            #endif
+            #ifndef WOLFSSL_SP_NO_3072
+                " 3072"
+            #endif
+            #ifdef WOLFSSL_SP_4096
+                " 4096"
+            #endif
         #endif
         #ifdef WOLFSSL_SP_ASM
             " asm"
diff --git a/wolfcrypt/test/README.md b/wolfcrypt/test/README.md
index bcf877f9a..167556644 100644
--- a/wolfcrypt/test/README.md
+++ b/wolfcrypt/test/README.md
@@ -53,7 +53,7 @@ Test complete
 
 ## Windows Visual Studio
 
-For building wolfCrypt test project in Visual Studio open the `test.sln`. For newer Visual Studio version it may prompt for a one-way upgrade. Then you may have to right-click on the solution and choose `Retarget solution` to update the project files for your Visual Studio version. 
+For building wolfCrypt test project in Visual Studio open the `test.sln`. For newer Visual Studio version it may prompt for a one-way upgrade. Then you may have to right-click on the solution and choose `Retarget solution` to update the project files for your Visual Studio version.
 
 If you see an error about `rc.exe` then you'll need to update the "Target Platform Version". You can do this by right-clicking on the test project -> General -> "Target Platform Version" and changing to 8.1 (needs to match the wolfssl library project).
 
diff --git a/wolfcrypt/test/include.am b/wolfcrypt/test/include.am
index 64d0f1a4f..4e059dfa6 100644
--- a/wolfcrypt/test/include.am
+++ b/wolfcrypt/test/include.am
@@ -26,5 +26,9 @@ endif
 
 EXTRA_DIST += wolfcrypt/test/test.sln
 EXTRA_DIST += wolfcrypt/test/test.vcproj
+EXTRA_DIST += wolfcrypt/test/test-VS2022.sln
+EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj
+EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj.user
+
 EXTRA_DIST += wolfcrypt/test/README.md
 DISTCLEANFILES+= wolfcrypt/test/.libs/testwolfcrypt
diff --git a/wolfcrypt/test/test-VS2022.sln b/wolfcrypt/test/test-VS2022.sln
new file mode 100644
index 000000000..557627482
--- /dev/null
+++ b/wolfcrypt/test/test-VS2022.sln
@@ -0,0 +1,87 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.11.35327.3
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test-VS2022", "test-VS2022.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "settings", "settings", "{0D4D8E54-F32D-4056-A415-2362A55972FD}"
+	ProjectSection(SolutionItems) = preProject
+		..\..\wolfssl\wolfcrypt\settings.h = ..\..\wolfssl\wolfcrypt\settings.h
+		..\..\IDE\WIN\user_settings.h = ..\..\IDE\WIN\user_settings.h
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-VS2022", "..\..\wolfssl-VS2022.vcxproj", "{12226DBE-7278-4DFA-A119-5A0294CF0B33}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|ARM64 = Debug|ARM64
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		DLL Debug|ARM64 = DLL Debug|ARM64
+		DLL Debug|x64 = DLL Debug|x64
+		DLL Debug|x86 = DLL Debug|x86
+		DLL Release|ARM64 = DLL Release|ARM64
+		DLL Release|x64 = DLL Release|x64
+		DLL Release|x86 = DLL Release|x86
+		Release|ARM64 = Release|ARM64
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.Build.0 = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.Build.0 = Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.Build.0 = Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.ActiveCfg = Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.Build.0 = Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.ActiveCfg = Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.Build.0 = Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.ActiveCfg = DLL Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.Build.0 = DLL Debug|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.Build.0 = DLL Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.ActiveCfg = DLL Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.Build.0 = DLL Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.ActiveCfg = Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.Build.0 = Release|ARM64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.ActiveCfg = Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.Build.0 = Release|x64
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.ActiveCfg = Release|Win32
+		{12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {667F2496-F8F1-4DBD-8AAA-78BAD16ED1BA}
+	EndGlobalSection
+EndGlobal
diff --git a/wolfcrypt/test/test-VS2022.vcxproj b/wolfcrypt/test/test-VS2022.vcxproj
new file mode 100644
index 000000000..ed79d62ef
--- /dev/null
+++ b/wolfcrypt/test/test-VS2022.vcxproj
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>17.0</VCProjectVersion>
+    <ProjectGuid>{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>17.0.35327.3</_ProjectFileVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>Debug\</OutDir>
+    <IntDir>Debug\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>Release\</OutDir>
+    <IntDir>Release\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>../..;../../IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="test.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\wolfssl-VS2022.vcxproj">
+      <Project>{12226dbe-7278-4dfa-a119-5a0294cf0b33}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/wolfcrypt/test/test-VS2022.vcxproj.user b/wolfcrypt/test/test-VS2022.vcxproj.user
new file mode 100644
index 000000000..2219efc16
--- /dev/null
+++ b/wolfcrypt/test/test-VS2022.vcxproj.user
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LocalDebuggerWorkingDirectory>$(ProjectDir)../../</LocalDebuggerWorkingDirectory>
+    <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
+  </PropertyGroup>
+</Project>
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 4a6c7fe09..05bf20bbe 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -1,6 +1,6 @@
 /* test.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,22 +28,35 @@
  * WC_USE_DEVID=0x1234
  */
 
+#define WOLFSSL_VIS_FOR_TESTS
+
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
 
-#ifndef WOLFSSL_USER_SETTINGS
+#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
     #include <wolfssl/options.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 
-#ifndef NO_CRYPT_TEST
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
+    #define WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS
+#endif
+
+#if !defined(NO_CRYPT_TEST) || defined(WC_TEST_EXPORT_SUBTESTS)
 
 #include <wolfssl/version.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/mem_track.h>
 
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
 #if defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
     #include <wolfssl/ssl.h>
     #define err_sys err_sys_remap /* remap err_sys */
@@ -79,7 +92,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #else
     static ssize_t max_relative_heap_bytes = -1;
 #endif
-#define PRINT_HEAP_CHECKPOINT() {                                            \
+
+/* Optional breadcrumb string (b), and interaction, (i) not implemented */
+#define PRINT_HEAP_CHECKPOINT(b, i) {                                        \
     const ssize_t _rha = wolfCrypt_heap_peakAllocs_checkpoint() - heap_baselineAllocs; \
     const ssize_t _rhb = wolfCrypt_heap_peakBytes_checkpoint() - heap_baselineBytes;   \
     printf("    relative heap peak usage: %ld alloc%s, %ld bytes\n",         \
@@ -96,9 +111,54 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
     heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint();              \
     }
 #else
-#define PRINT_HEAP_CHECKPOINT() WC_DO_NOTHING
+    #define PRINT_HEAP_CHECKPOINT(b, i) WC_DO_NOTHING;
+    #define PRINT_HEAP_ADDRESS(p) WC_DO_NOTHING;
 #endif /* WOLFSSL_TRACK_MEMORY_VERBOSE && !WOLFSSL_STATIC_MEMORY */
 
+#ifdef WOLFSSL_ESPIDF
+    #undef  PRINT_HEAP_CHECKPOINT
+    #undef  PRINT_HEAP_ADDRESS
+    static int esp_start_heap = 0;
+    static int esp_last_heap = 0;
+    static int esp_this_heap = 0;
+
+    #ifdef DEBUG_WOLFSSL_ESP32_HEAP
+        #define PRINT_HEAP_CHECKPOINT(b, i)                                  \
+            esp_last_heap = esp_this_heap;                                   \
+            esp_this_heap = (int)heap_caps_get_free_size(MALLOC_CAP_8BIT);   \
+            if (esp_start_heap == 0) {                                       \
+                esp_start_heap = esp_this_heap;                              \
+            }                                                                \
+            ESP_LOGI(ESPIDF_TAG, "%s #%d; Heap free: %d",                    \
+                                ((b) ? (b) : ""),  /* breadcumb string */    \
+                                ((i) ? (i) : 0),   /* index */               \
+                                 esp_this_heap);
+
+        #define PRINT_HEAP_ADDRESS(p)                                        \
+                ESP_LOGI(ESPIDF_TAG, "Allocated address: %p", (void *)(p));
+    #else
+        /* Even without verbose heap, we'll warn on anomalous values */
+        #define PRINT_HEAP_CHECKPOINT(b, i)                                  \
+            esp_last_heap = esp_this_heap;                                   \
+            esp_this_heap = (int)heap_caps_get_free_size(MALLOC_CAP_8BIT);   \
+            if (esp_start_heap == 0) {                                       \
+                esp_start_heap = esp_this_heap;                              \
+                esp_last_heap  = esp_this_heap;                              \
+            }                                                                \
+            if (esp_this_heap == esp_last_heap) {                            \
+                ESP_LOGV(ESPIDF_TAG, "Heap constant: %d", esp_this_heap);    \
+            }                                                                \
+            else {                                                           \
+                ESP_LOGI(ESPIDF_TAG, "Breadcrumb: %s", ((b) ? (b) : ""));    \
+                ESP_LOGW(ESPIDF_TAG, "Warning: this heap %d != last %d",     \
+                                     esp_this_heap, esp_last_heap);          \
+            }
+
+        #define PRINT_HEAP_ADDRESS(p) WC_DO_NOTHING;
+    #endif
+#endif /* WOLFSSL_ESPIDF */
+
+
 #ifdef USE_FLAT_TEST_H
     #ifdef HAVE_CONFIG_H
         #include "test_paths.h"
@@ -281,6 +341,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #include <wolfssl/wolfcrypt/srp.h>
 #include <wolfssl/wolfcrypt/chacha.h>
 #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
+#ifdef HAVE_ASCON
+    #include <wolfssl/wolfcrypt/ascon.h>
+#endif
 #include <wolfssl/wolfcrypt/pwdbased.h>
 #include <wolfssl/wolfcrypt/ripemd.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -305,13 +368,13 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #ifdef HAVE_ED448
     #include <wolfssl/wolfcrypt/ed448.h>
 #endif
-#ifdef WOLFSSL_HAVE_KYBER
-    #include <wolfssl/wolfcrypt/kyber.h>
-#ifdef WOLFSSL_WC_KYBER
-    #include <wolfssl/wolfcrypt/wc_kyber.h>
+#ifdef WOLFSSL_HAVE_MLKEM
+    #include <wolfssl/wolfcrypt/mlkem.h>
+#ifdef WOLFSSL_WC_MLKEM
+    #include <wolfssl/wolfcrypt/wc_mlkem.h>
 #endif
-#if defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
-    #include <wolfssl/wolfcrypt/ext_kyber.h>
+#if defined(HAVE_LIBOQS)
+    #include <wolfssl/wolfcrypt/ext_mlkem.h>
 #endif
 #endif
 #ifdef HAVE_DILITHIUM
@@ -386,6 +449,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
     #ifdef HAVE_RENESAS_SYNC
         #include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
     #endif
+    #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+        #include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
+    #endif
 #endif
 
 #ifdef _MSC_VER
@@ -422,6 +488,13 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
 #ifdef DEVKITPRO
     #include <wiiuse/wpad.h>
 #endif
+#ifdef WOLFSSL_NDS
+    #include <nds/ndstypes.h>
+    #include <nds/arm9/console.h>
+    #include <nds/arm9/input.h>
+    #include <nds/interrupts.h>
+    #include <fat.h>
+#endif
 
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
     /* FIPS build has replaced ecc.h. */
@@ -477,12 +550,16 @@ typedef struct testVector {
     size_t outLen;
 } testVector;
 
-#ifndef WOLFSSL_TEST_SUBROUTINE
-#define WOLFSSL_TEST_SUBROUTINE
+#ifdef WOLFCRYPT_TEST_LINT
+    #define WOLFSSL_TEST_SUBROUTINE static
+#else
+    PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"")
+    PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"")
 #endif
 
-PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"")
-PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"")
+#ifndef WOLFSSL_TEST_SUBROUTINE
+    #define WOLFSSL_TEST_SUBROUTINE
+#endif
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  error_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  base64_test(void);
@@ -507,7 +584,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha384_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha3_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  shake128_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  shake256_test(void);
+#ifdef WOLFSSL_SM3
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sm3_test(void);
+#endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hash_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_md5_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_sha_test(void);
@@ -541,7 +620,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sshkdf_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  tls13_kdf_test(void);
 #endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  x963kdf_test(void);
+#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hpke_test(void);
+#endif
 #ifdef WC_SRTP_KDF
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  srtpkdf_test(void);
 #endif
@@ -556,6 +637,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  XChaCha20Poly1305_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  des_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  des3_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_test(void);
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_cbc_test(void);
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_ctr_test(void);
 #if defined(WOLFSSL_AES_CFB)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_cfb_test(void);
 #endif
@@ -566,6 +649,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes192_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes256_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aesofb_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  cmac_test(void);
+#ifdef HAVE_ASCON
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ascon_hash256_test(void);
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ascon_aead128_test(void);
+#endif
 #if defined(WOLFSSL_SIPHASH)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  siphash_test(void);
 #endif
@@ -590,7 +677,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  srp_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  random_test(void);
 #endif /* WC_NO_RNG */
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  pwdbased_test(void);
+#if defined(USE_CERT_BUFFERS_2048) && \
+        defined(HAVE_PKCS12) && \
+            !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
+            !defined(NO_CERTS) && !defined(NO_DES3)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  pkcs12_test(void);
+#endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ripemd_test(void);
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openssl_test(void);   /* test mini api */
@@ -633,8 +725,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
 #ifdef HAVE_ED448
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ed448_test(void);
 #endif
-#ifdef WOLFSSL_HAVE_KYBER
-    WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  kyber_test(void);
+#ifdef WOLFSSL_HAVE_MLKEM
+    WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  mlkem_test(void);
 #endif
 #ifdef HAVE_DILITHIUM
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  dilithium_test(void);
@@ -649,8 +741,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
 #endif
 #if defined(WOLFSSL_HAVE_LMS)
     #if !defined(WOLFSSL_SMALL_STACK)
-        #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \
-             defined(HAVE_LIBLMS)
+        #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
+             !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
     WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  lms_test_verify_only(void);
         #endif
     #endif
@@ -695,7 +787,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void);
 #endif
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
-   !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  certext_test(void);
 #endif
 #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
@@ -711,7 +803,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void);
 #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void);
 #endif
-#ifdef ASN_BER_TO_DER
+#if defined(ASN_BER_TO_DER) && \
+    (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
+     defined(OPENSSL_EXTRA_X509_SMALL))
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void);
 #endif
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void);
@@ -787,7 +881,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void);
 /* Not all unexpected conditions are actually errors .*/
 #define WARNING_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
 
-static void render_error_message(const char* msg, wc_test_ret_t es)
+void wc_test_render_error_message(const char* msg, wc_test_ret_t es)
 {
     (void)msg;
     (void)es;
@@ -806,10 +900,16 @@ static void render_error_message(const char* msg, wc_test_ret_t es)
 #ifdef NO_ERROR_STRINGS
         err_sys_printf("%s error L=%d code=%d\n", msg,
                        WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es));
+#elif defined(WOLFCRYPT_ONLY) || !defined(WOLFSSL_TYPES_DEFINED)
+        err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
+                       WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
+                       wc_GetErrorString(-WC_TEST_RET_DEC_I(es))
+            );
 #else
         err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
                        WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
-                       wc_GetErrorString(-WC_TEST_RET_DEC_I(es)));
+                       wolfSSL_ERR_reason_error_string((unsigned long)-WC_TEST_RET_DEC_I(es))
+            );
 #endif
         break;
     case WC_TEST_RET_TAG_ERRNO:
@@ -821,11 +921,11 @@ static void render_error_message(const char* msg, wc_test_ret_t es)
  * stores an error string in the supplied buffer.  this is all most
  * infelicitous...
  */
-#if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) &&      \
+#if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) &&              \
     (defined(__STDC_VERSION__) && (__STDC_VERSION__ > 199901L)) &&      \
-    ((defined(__GLIBC__) && (__GLIBC__ >= 2)) ||                \
-     (defined(__USE_XOPEN2K) &&                                 \
-      defined(_POSIX_C_SOURCE) &&                               \
+    ((defined(__GLIBC__) && (__GLIBC__ >= 2) && defined(__USE_GNU)) ||  \
+     (defined(__USE_XOPEN2K) &&                                         \
+      defined(_POSIX_C_SOURCE) &&                                       \
       (_POSIX_C_SOURCE >= 200112L)))
 
         char errno_buf[64], *errno_string;
@@ -866,7 +966,7 @@ static THREAD_RETURN err_sys(const char* msg, int es)
 static wc_test_ret_t err_sys(const char* msg, wc_test_ret_t es)
 #endif
 {
-    render_error_message(msg, es);
+    wc_test_render_error_message(msg, es);
     print_fiducials();
 #ifdef WOLFSSL_LINUXKM
     EXIT_TEST(es);
@@ -891,13 +991,83 @@ static void myFipsCb(int ok, int err, const char* hash)
     printf("message = %s\n", wc_GetErrorString(err));
     printf("hash = %s\n", hash);
 
-    if (err == IN_CORE_FIPS_E) {
+    if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
         printf("In core integrity hash check failure, copy above hash\n");
         printf("into verifyCore[] in fips_test.c and rebuild\n");
     }
 }
 #endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */
 
+#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && !defined(WC_NO_CONSTRUCTORS)
+
+#if !defined(NO_AES)
+static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int thisDevId, int *result_code)
+{
+    int ret;
+    Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES);
+    if (aes == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_AesInit(aes, heap, thisDevId);
+        if (ret != 0) {
+            XFREE(aes, heap, DYNAMIC_TYPE_AES);
+            aes = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return aes;
+}
+static WC_MAYBE_UNUSED int wc_AesDelete(Aes *aes, Aes** aes_p)
+{
+    if (aes == NULL)
+        return BAD_FUNC_ARG;
+    wc_AesFree(aes);
+    XFREE(aes, aes->heap, DYNAMIC_TYPE_AES);
+    if (aes_p != NULL)
+        *aes_p = NULL;
+    return 0;
+}
+#endif /* !NO_AES */
+
+#if !defined(NO_RSA)
+static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId, int *result_code)
+{
+    int ret;
+    RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA);
+    if (key == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        ret = wc_InitRsaKey_ex(key, heap, thisDevId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_RSA);
+            key = NULL;
+        }
+    }
+
+    if (result_code != NULL)
+        *result_code = ret;
+
+    return key;
+}
+static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_FreeRsaKey(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_RSA);
+    if (key_p != NULL)
+        *key_p = NULL;
+    return 0;
+}
+#endif /* !NO_RSA */
+
+#endif /* FIPS_VERSION3_LT(6,0,0) && !WC_NO_CONSTRUCTORS */
+
 #ifdef WOLFSSL_STATIC_MEMORY
     #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ)
         static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ];
@@ -936,7 +1106,7 @@ static int wolfssl_pb_print(const char* msg, ...)
 /* Enable support for RNG with crypto callback */
 static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx)
 {
-    int rc = CRYPTOCB_UNAVAILABLE;
+    int rc = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     if (info->algo_type == WC_ALGO_TYPE_RNG) {
         rc = wc_GenerateSeed(&info->rng.rng->seed, info->rng.out, info->rng.sz);
     }
@@ -1263,11 +1433,11 @@ static WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void)
     /* negative tests */
     ret = wc_KDA_KDF_onestep(NULL, 0, (byte*)"fixed_info",
         sizeof("fixed_info"), 16, WC_HASH_TYPE_SHA256, output, 16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_NC;
     ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 1, 16,
         WC_HASH_TYPE_SHA256, output, 16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_NC;
 
     /* allow empty FixedInfo */
@@ -1292,7 +1462,7 @@ static WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void)
         va_start(args, fmt);
         STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max_relative_stack, vprintf(fmt, args));
         va_end(args);
-        PRINT_HEAP_CHECKPOINT();
+        PRINT_HEAP_CHECKPOINT("",0);
         TEST_SLEEP();
         ASSERT_RESTORED_VECTOR_REGISTERS(exit(1););
     }
@@ -1306,13 +1476,13 @@ static WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void)
             (max_relative_stack, printf(__VA_ARGS__)) < 0) {    \
             return err_sys("post-test check failed", WC_TEST_RET_ENC_NC);\
         }                                                       \
-        PRINT_HEAP_CHECKPOINT();                                \
+        PRINT_HEAP_CHECKPOINT("TEST_PASS", 0)                            \
         ASSERT_RESTORED_VECTOR_REGISTERS(exit(1););             \
     }
 #endif
 
 #ifdef TEST_ALWAYS_RUN_TO_END
-    #define TEST_FAIL(msg, retval) do { last_failed_test_ret = (retval); render_error_message(msg, retval); } while (0)
+    #define TEST_FAIL(msg, retval) do { last_failed_test_ret = (retval); wc_test_render_error_message(msg, retval); } while (0)
 #elif !defined(TEST_FAIL)
     #define TEST_FAIL(msg, retval) return err_sys(msg, retval)
 #endif
@@ -1840,6 +2010,18 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         TEST_PASS("ChaCha20-Poly1305 AEAD test passed!\n");
 #endif
 
+#ifdef HAVE_ASCON
+    if ( (ret = ascon_hash256_test()) != 0)
+        return err_sys("ASCON Hash test failed!\n", ret);
+    else
+        TEST_PASS("ASCON Hash test passed!\n");
+
+    if ( (ret = ascon_aead128_test()) != 0)
+        return err_sys("ASCON AEAD test failed!\n", ret);
+    else
+        TEST_PASS("ASCON AEAD test passed!\n");
+#endif
+
 #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
     if ( (ret = XChaCha20Poly1305_test()) != 0)
         TEST_FAIL("XChaCha20-Poly1305 AEAD test failed!\n", ret);
@@ -1862,6 +2044,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #endif
 
 #ifndef NO_AES
+    /* key sizes, ECB and Direct tests */
     if ( (ret = aes_test()) != 0)
         TEST_FAIL("AES      test failed!\n", ret);
     else
@@ -1882,6 +2065,20 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         TEST_PASS("AES256   test passed!\n");
 #endif
 
+#ifdef HAVE_AES_CBC
+    if ( (ret = aes_cbc_test()) != 0)
+        TEST_FAIL("AES-CBC  test failed!\n", ret);
+    else
+        TEST_PASS("AES-CBC  test passed!\n");
+#endif
+
+#ifdef WOLFSSL_AES_COUNTER
+    if ( (ret = aes_ctr_test()) != 0)
+        TEST_FAIL("AES-CTR  test failed!\n", ret);
+    else
+        TEST_PASS("AES-CTR  test passed!\n");
+#endif
+
 #ifdef WOLFSSL_AES_OFB
     if ( (ret = aesofb_test()) != 0)
         TEST_FAIL("AES-OFB  test failed!\n", ret);
@@ -1940,7 +2137,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     else
         TEST_PASS("AES-SIV  test passed!\n");
 #endif
-#endif
+#endif /* !NO_AES */
 
 #if defined(WOLFSSL_AES_EAX) && \
     (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
@@ -2147,11 +2344,11 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     PRIVATE_KEY_LOCK();
 #endif
 
-#ifdef WOLFSSL_HAVE_KYBER
-    if ( (ret = kyber_test()) != 0)
-        TEST_FAIL("KYBER    test failed!\n", ret);
+#ifdef WOLFSSL_HAVE_MLKEM
+    if ( (ret = mlkem_test()) != 0)
+        TEST_FAIL("MLKEM    test failed!\n", ret);
     else
-        TEST_PASS("KYBER    test passed!\n");
+        TEST_PASS("MLKEM    test passed!\n");
 #endif
 
 #ifdef HAVE_DILITHIUM
@@ -2179,8 +2376,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 
 #if defined(WOLFSSL_HAVE_LMS)
     #if !defined(WOLFSSL_SMALL_STACK)
-        #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \
-             defined(HAVE_LIBLMS)
+        #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
+             !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
     if ( (ret = lms_test_verify_only()) != 0)
         TEST_FAIL("LMS Vfy  test failed!\n", ret);
     else
@@ -2248,16 +2445,20 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     else
         TEST_PASS("PKCS7signed     test passed!\n");
 
+    PRIVATE_KEY_UNLOCK();
     if ( (ret = pkcs7enveloped_test()) != 0)
         TEST_FAIL("PKCS7enveloped  test failed!\n", ret);
     else
         TEST_PASS("PKCS7enveloped  test passed!\n");
+    PRIVATE_KEY_LOCK();
 
     #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+        PRIVATE_KEY_UNLOCK();
         if ( (ret = pkcs7authenveloped_test()) != 0)
             TEST_FAIL("PKCS7authenveloped  test failed!\n", ret);
         else
             TEST_PASS("PKCS7authenveloped  test passed!\n");
+        PRIVATE_KEY_LOCK();
     #endif
 #endif
 
@@ -2453,6 +2654,13 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         VIDEO_WaitVSync();
         if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync();
 #endif
+#ifdef WOLFSSL_NDS
+        /* Init Console output */
+        consoleDemoInit();
+
+        /* Init the Filesystem */
+        fatInitDefault();
+#endif
 
 #ifdef HAVE_WNR
         if ((ret = wc_InitNetRandom(wnrConfigFile, NULL, 5000)) != 0) {
@@ -2498,6 +2706,18 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         while (1);
 #endif
 
+#ifdef WOLFSSL_NDS
+        /* in Nintendo DS returning from main shuts down the Device without letting you see the Results. */
+        printf("args.return_code: %d\n", args.return_code);
+        printf("Testing complete. Press Start to exit the Program\n");
+        while(1) {
+            swiWaitForVBlank();
+            scanKeys();
+            int keys = keysDown();
+            if(keys & KEY_START) break;
+        }
+#endif
+
 #if defined(WOLFSSL_ESPIDF)
         /* ESP_LOGI to print takes up a lot less memory than printf */
         ESP_LOGI(ESPIDF_TAG, "Exiting main with return code: % d\n",
@@ -2549,7 +2769,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
     #ifndef WOLFSSL_NO_MALLOC
         byte* pem;
     #else
-        byte pem[1024];
+        byte pem[2048];
     #endif
         int pemSz;
 
@@ -2559,34 +2779,42 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
             return WC_TEST_RET_ENC(calling_line, 2, WC_TEST_RET_TAG_I);
         }
     #ifndef WOLFSSL_NO_MALLOC
-        pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        pem = (byte*)XMALLOC((word32)pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         if (pem == NULL) {
             return WC_TEST_RET_ENC(calling_line, 3, WC_TEST_RET_TAG_I);
         }
     #else
         if (pemSz > (int)sizeof(pem))
-            return BAD_FUNC_ARG;
+            return WC_TEST_RET_ENC_EC(BAD_FUNC_ARG);
     #endif
         /* Convert to PEM */
-        pemSz = wc_DerToPem(der, (word32)derSz, pem, pemSz, pemType);
+        pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType);
         if (pemSz < 0) {
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
             return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I);
         }
     #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
         pemFile = XFOPEN(filePem, "wb");
         if (!pemFile) {
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
             return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I);
         }
         ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile);
         XFCLOSE(pemFile);
         if (ret != pemSz) {
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
             return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I);
         }
     #endif
+        #ifndef WOLFSSL_NO_MALLOC
         XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
     }
 #endif /* WOLFSSL_DER_TO_PEM */
 
@@ -2613,8 +2841,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
      * The string is that error strings are not available.
      */
     WOLFSSL_ENTER("error_test NO_ERROR_STRINGS");
-    errStr = wc_GetErrorString(OPEN_RAN_E);
-    wc_ErrorString(OPEN_RAN_E, out);
+    errStr = wc_GetErrorString(WC_NO_ERR_TRACE(OPEN_RAN_E));
+    wc_ErrorString(WC_NO_ERR_TRACE(OPEN_RAN_E), out);
     if (XSTRCMP(errStr, unknownStr) != 0)
         return WC_TEST_RET_ENC_NC;
     if (XSTRCMP(out, unknownStr) != 0)
@@ -2623,40 +2851,55 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
     int i;
     int j = 0;
     /* Values that are not or no longer error codes. */
-    int missing[] = { -124, -166, -167, -168, -169,   0 };
+    static const struct {
+        int first;
+        int last;
+    } missing[] = {
+        { -124, -124 },
+        { -167, -169 },
+        { WC_SPAN1_LAST_E - 1, WC_SPAN2_FIRST_E + 1 },
+        { WC_SPAN2_LAST_E - 1, WC_SPAN2_MIN_CODE_E }
+    };
 
     /* Check that all errors have a string and it's the same through the two
      * APIs. Check that the values that are not errors map to the unknown
      * string.
      */
-    for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) {
+    for (i = WC_SPAN1_FIRST_E; i >= WC_SPAN2_MIN_CODE_E; i--) {
+        int this_missing = 0;
+        for (j = 0; j < (int)XELEM_CNT(missing); ++j) {
+            if ((i <= missing[j].first) && (i >= missing[j].last)) {
+                this_missing = 1;
+                break;
+            }
+        }
         errStr = wc_GetErrorString(i);
         wc_ErrorString(i, out);
 
-        if (i != missing[j]) {
+        if (! this_missing) {
             if (XSTRCMP(errStr, unknownStr) == 0) {
                 WOLFSSL_MSG("errStr unknown");
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
             }
             if (XSTRCMP(out, unknownStr) == 0) {
                 WOLFSSL_MSG("out unknown");
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
             }
             if (XSTRCMP(errStr, out) != 0) {
                 WOLFSSL_MSG("errStr does not match output");
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
             }
             if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) {
                 WOLFSSL_MSG("errStr too long");
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
             }
         }
         else {
             j++;
             if (XSTRCMP(errStr, unknownStr) != 0)
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
             if (XSTRCMP(out, unknownStr) != 0)
-                return WC_TEST_RET_ENC_NC;
+                return WC_TEST_RET_ENC_I(-i);
         }
     }
 
@@ -2677,27 +2920,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
 {
     wc_test_ret_t ret;
-    WOLFSSL_SMALL_STACK_STATIC const byte good[] = "A+Gd\0\0\0";
-    WOLFSSL_SMALL_STACK_STATIC const byte goodEnd[] = "A+Gd \r\n";
-    WOLFSSL_SMALL_STACK_STATIC const byte good_spaces[] = " A + G d \0";
+    static const byte good[] = "A+Gd\0\0\0";
+    static const byte goodEnd[] = "A+Gd \r\n";
+    static const byte good_spaces[] = " A + G d \0";
     byte       out[128];
     word32     outLen;
 #ifdef WOLFSSL_BASE64_ENCODE
     byte       data[3];
     word32     dataLen;
     byte       longData[79] = { 0 };
-    WOLFSSL_SMALL_STACK_STATIC const byte symbols[] = "+/A=";
+    static const byte symbols[] = "+/A=";
 #endif
-    WOLFSSL_SMALL_STACK_STATIC const byte badSmall[] = "AAA!Gdj=";
-    WOLFSSL_SMALL_STACK_STATIC const byte badLarge[] = "AAA~Gdj=";
-    WOLFSSL_SMALL_STACK_STATIC const byte badEOL[] = "A+Gd!AA";
-    WOLFSSL_SMALL_STACK_STATIC const byte badPadding[] = "AA=A";
-    WOLFSSL_SMALL_STACK_STATIC const byte badChar[] = ",-.:;<=>?@[\\]^_`";
-    byte goodChar[] =
+    static const byte badSmall[] = "AAA!Gdj=";
+    static const byte badLarge[] = "AAA~Gdj=";
+    static const byte badEOL[] = "A+Gd!AA";
+    static const byte badPadding[] = "AA=A";
+    static const byte badChar[] = ",-.:;<=>?@[\\]^_`";
+    static const byte goodChar[] =
         "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
         "abcdefghijklmnopqrstuvwxyz"
         "0123456789+/;";
-    byte charTest[] = "A+Gd\0\0\0";
+    static const byte charTest[] = "A+Gd\0\0\0";
     int        i;
     WOLFSSL_ENTER("base64_test");
 
@@ -2711,7 +2954,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(goodChar);
-    ret = Base64_Decode(goodChar, sizeof(goodChar), goodChar, &outLen);
+    XMEMCPY(out, goodChar, sizeof(goodChar));
+    ret = Base64_Decode(out, sizeof(goodChar), out, &outLen);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     if (outLen != 64 / 4 * 3)
@@ -2724,49 +2968,127 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
     /* Bad parameters. */
     outLen = 1;
     ret = Base64_Decode(good, sizeof(good), out, &outLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     outLen = sizeof(out);
     ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen);
-    if (ret != ASN_INPUT_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_Decode(badPadding, sizeof(badPadding), out, &outLen);
-    if (ret != ASN_INPUT_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
         return WC_TEST_RET_ENC_EC(ret);
     /* Bad character at each offset 0-3. */
     for (i = 0; i < 4; i++) {
         outLen = sizeof(out);
         ret = Base64_Decode(badSmall + i, 4, out, &outLen);
-        if (ret != ASN_INPUT_E)
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
         ret = Base64_Decode(badLarge + i, 4, out, &outLen);
-        if (ret != ASN_INPUT_E)
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
     }
     /* Invalid character less than 0x2b */
     for (i = 1; i < 0x2b; i++) {
         outLen = sizeof(out);
-        charTest[0] = (byte)i;
-        ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
-        if (ret != ASN_INPUT_E)
+        XMEMCPY(out, charTest, sizeof(charTest));
+        out[0] = (byte)i;
+        ret = Base64_Decode(out, sizeof(charTest), out, &outLen);
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
     }
     /* Bad characters in range 0x2b - 0x7a. */
     for (i = 0; i < (int)sizeof(badChar) - 1; i++) {
         outLen = sizeof(out);
-        charTest[0] = badChar[i];
-        ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
-        if (ret != ASN_INPUT_E)
+        XMEMCPY(out, charTest, sizeof(charTest));
+        out[0] = badChar[i];
+        ret = Base64_Decode(out, sizeof(charTest), out, &outLen);
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
     }
     /* Invalid character greater than 0x7a */
     for (i = 0x7b; i < 0x100; i++) {
         outLen = sizeof(out);
-        charTest[0] = (byte)i;
-        ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
-        if (ret != ASN_INPUT_E)
+        XMEMCPY(out, charTest, sizeof(charTest));
+        out[0] = (byte)i;
+        ret = Base64_Decode(out, sizeof(charTest), out, &outLen);
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
+            return WC_TEST_RET_ENC_I(i);
+    }
+
+    /* Same tests again, using Base64_Decode_nonCT() */
+
+    /* Good Base64 encodings. */
+    outLen = sizeof(out);
+    ret = Base64_Decode_nonCT(good, sizeof(good), out, &outLen);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    outLen = sizeof(out);
+    ret = Base64_Decode_nonCT(goodEnd, sizeof(goodEnd), out, &outLen);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    outLen = sizeof(goodChar);
+    XMEMCPY(out, goodChar, sizeof(goodChar));
+    ret = Base64_Decode_nonCT(out, sizeof(goodChar), out, &outLen);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    if (outLen != 64 / 4 * 3)
+        return WC_TEST_RET_ENC_NC;
+    outLen = sizeof(out);
+    ret = Base64_Decode_nonCT(good_spaces, sizeof(good_spaces), out, &outLen);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    /* Bad parameters. */
+    outLen = 1;
+    ret = Base64_Decode_nonCT(good, sizeof(good), out, &outLen);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        return WC_TEST_RET_ENC_EC(ret);
+
+    outLen = sizeof(out);
+    ret = Base64_Decode_nonCT(badEOL, sizeof(badEOL), out, &outLen);
+    if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
+        return WC_TEST_RET_ENC_EC(ret);
+    outLen = sizeof(out);
+    ret = Base64_Decode_nonCT(badPadding, sizeof(badPadding), out, &outLen);
+    if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
+        return WC_TEST_RET_ENC_EC(ret);
+    /* Bad character at each offset 0-3. */
+    for (i = 0; i < 4; i++) {
+        outLen = sizeof(out);
+        ret = Base64_Decode_nonCT(badSmall + i, 4, out, &outLen);
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
+            return WC_TEST_RET_ENC_I(i);
+        ret = Base64_Decode_nonCT(badLarge + i, 4, out, &outLen);
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
+            return WC_TEST_RET_ENC_I(i);
+    }
+    /* Invalid character less than 0x2b */
+    for (i = 1; i < 0x2b; i++) {
+        outLen = sizeof(out);
+        XMEMCPY(out, charTest, sizeof(charTest));
+        out[0] = (byte)i;
+        ret = Base64_Decode_nonCT(out, sizeof(charTest), out, &outLen);
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
+            return WC_TEST_RET_ENC_I(i);
+    }
+    /* Bad characters in range 0x2b - 0x7a. */
+    for (i = 0; i < (int)sizeof(badChar) - 1; i++) {
+        outLen = sizeof(out);
+        XMEMCPY(out, charTest, sizeof(charTest));
+        out[0] = badChar[i];
+        ret = Base64_Decode_nonCT(out, sizeof(charTest), out, &outLen);
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
+            return WC_TEST_RET_ENC_I(i);
+    }
+    /* Invalid character greater than 0x7a */
+    for (i = 0x7b; i < 0x100; i++) {
+        outLen = sizeof(out);
+        XMEMCPY(out, charTest, sizeof(charTest));
+        out[0] = (byte)i;
+        ret = Base64_Decode_nonCT(out, sizeof(charTest), out, &outLen);
+        if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
             return WC_TEST_RET_ENC_I(i);
     }
 
@@ -2779,7 +3101,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_Encode(data, dataLen, NULL, &outLen);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_Encode(data, dataLen, out, &outLen);
@@ -2787,11 +3109,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         return WC_TEST_RET_ENC_EC(ret);
     outLen = 7;
     ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     outLen = sizeof(out);
     ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
@@ -2877,6 +3199,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
     struct tm timearg;
     time_t now;
 #endif
+    int i;
+    unsigned char buf[16];
+
     WOLFSSL_ENTER("asn_test");
 
     ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format,
@@ -2886,9 +3211,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
 
 #ifndef NO_ASN_TIME
     /* Parameter Validation tests. */
-    if ((ret = wc_GetTime(NULL, sizeof(now))) != BAD_FUNC_ARG)
+    if ((ret = wc_GetTime(NULL, sizeof(now))) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
-    if ((ret = wc_GetTime(&now, 0)) != BUFFER_E)
+    if ((ret = wc_GetTime(&now, 0)) != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     now = 0;
@@ -2905,6 +3230,31 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
         return WC_TEST_RET_ENC_EC(ret);
 #endif /* !NO_ASN_TIME */
 
+    /* Test that only calculating the length works. */
+    for (i = 16; i < 32; i++) {
+        ret = wc_PkcsPad(NULL, i, 16);
+        if (ret != i + (16 - (i % 16)))
+            return WC_TEST_RET_ENC_I(i);
+    }
+
+    /* Test that adding padding works. */
+    XMEMSET(buf, 0xa5, sizeof(buf));
+    for (i = 15; i >= 0; i--) {
+        int j;
+        ret = wc_PkcsPad(buf, i, 16);
+        if (ret != 16)
+            return WC_TEST_RET_ENC_I(i);
+        /* Check padded buffer. */
+        for (j = 0; j < 16; j++) {
+            /* Check buffer bytes haven't been modified. */
+            if ((j < i) && (buf[j] != 0xa5))
+                return WC_TEST_RET_ENC_I(i);
+            /* Check padding bytes are correct. */
+            if (j >= i && (buf[j] != (16 - i)))
+                return WC_TEST_RET_ENC_I(i);
+        }
+    }
+
     return 0;
 }
 #endif /* !NO_ASN */
@@ -2913,8 +3263,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void)
 {
     wc_test_ret_t ret = 0;
-    Md2  md2;
-    byte hash[MD2_DIGEST_SIZE];
+    wc_Md2 md2;
+    byte hash[WC_MD2_DIGEST_SIZE];
 
     testVector a, b, c, d, e, f, g;
     testVector test_md2[7];
@@ -2925,45 +3275,45 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void)
     a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
                "\x27\x73";
     a.inLen  = XSTRLEN(a.input);
-    a.outLen = MD2_DIGEST_SIZE;
+    a.outLen = WC_MD2_DIGEST_SIZE;
 
     b.input  = "a";
     b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
                "\xb5\xd1";
     b.inLen  = XSTRLEN(b.input);
-    b.outLen = MD2_DIGEST_SIZE;
+    b.outLen = WC_MD2_DIGEST_SIZE;
 
     c.input  = "abc";
     c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
                "\xd6\xbb";
     c.inLen  = XSTRLEN(c.input);
-    c.outLen = MD2_DIGEST_SIZE;
+    c.outLen = WC_MD2_DIGEST_SIZE;
 
     d.input  = "message digest";
     d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
                "\x06\xb0";
     d.inLen  = XSTRLEN(d.input);
-    d.outLen = MD2_DIGEST_SIZE;
+    d.outLen = WC_MD2_DIGEST_SIZE;
 
     e.input  = "abcdefghijklmnopqrstuvwxyz";
     e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
                "\x94\x0b";
     e.inLen  = XSTRLEN(e.input);
-    e.outLen = MD2_DIGEST_SIZE;
+    e.outLen = WC_MD2_DIGEST_SIZE;
 
     f.input  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
                "6789";
     f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
                "\x38\xcd";
     f.inLen  = XSTRLEN(f.input);
-    f.outLen = MD2_DIGEST_SIZE;
+    f.outLen = WC_MD2_DIGEST_SIZE;
 
     g.input  = "1234567890123456789012345678901234567890123456789012345678"
                "9012345678901234567890";
     g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
                "\xef\xd8";
     g.inLen  = XSTRLEN(g.input);
-    g.outLen = MD2_DIGEST_SIZE;
+    g.outLen = WC_MD2_DIGEST_SIZE;
 
     test_md2[0] = a;
     test_md2[1] = b;
@@ -2979,7 +3329,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void)
         wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
         wc_Md2Final(&md2, hash);
 
-        if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
+        if (XMEMCMP(hash, test_md2[i].output, WC_MD2_DIGEST_SIZE) != 0)
             return WC_TEST_RET_ENC_I(i);
     }
 
@@ -2989,7 +3339,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void)
             return WC_TEST_RET_ENC_I(i);
         }
 
-        if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0) {
+        if (XMEMCMP(hash, test_md2[i].output, WC_MD2_DIGEST_SIZE) != 0) {
             return WC_TEST_RET_ENC_I(i);
         }
     }
@@ -3132,8 +3482,8 @@ exit:
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void)
 {
-    Md4  md4;
-    byte hash[MD4_DIGEST_SIZE];
+    wc_Md4 md4;
+    byte hash[WC_MD4_DIGEST_SIZE];
 
     testVector a, b, c, d, e, f, g;
     testVector test_md4[7];
@@ -3144,45 +3494,45 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void)
     a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
                "\xc0";
     a.inLen  = XSTRLEN(a.input);
-    a.outLen = MD4_DIGEST_SIZE;
+    a.outLen = WC_MD4_DIGEST_SIZE;
 
     b.input  = "a";
     b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
                "\x24";
     b.inLen  = XSTRLEN(b.input);
-    b.outLen = MD4_DIGEST_SIZE;
+    b.outLen = WC_MD4_DIGEST_SIZE;
 
     c.input  = "abc";
     c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
                "\x9d";
     c.inLen  = XSTRLEN(c.input);
-    c.outLen = MD4_DIGEST_SIZE;
+    c.outLen = WC_MD4_DIGEST_SIZE;
 
     d.input  = "message digest";
     d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
                "\x4b";
     d.inLen  = XSTRLEN(d.input);
-    d.outLen = MD4_DIGEST_SIZE;
+    d.outLen = WC_MD4_DIGEST_SIZE;
 
     e.input  = "abcdefghijklmnopqrstuvwxyz";
     e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
                "\xa9";
     e.inLen  = XSTRLEN(e.input);
-    e.outLen = MD4_DIGEST_SIZE;
+    e.outLen = WC_MD4_DIGEST_SIZE;
 
     f.input  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
                "6789";
     f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
                "\xe4";
     f.inLen  = XSTRLEN(f.input);
-    f.outLen = MD4_DIGEST_SIZE;
+    f.outLen = WC_MD4_DIGEST_SIZE;
 
     g.input  = "1234567890123456789012345678901234567890123456789012345678"
                "9012345678901234567890";
     g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
                "\x36";
     g.inLen  = XSTRLEN(g.input);
-    g.outLen = MD4_DIGEST_SIZE;
+    g.outLen = WC_MD4_DIGEST_SIZE;
 
     test_md4[0] = a;
     test_md4[1] = b;
@@ -3198,7 +3548,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void)
         wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
         wc_Md4Final(&md4, hash);
 
-        if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
+        if (XMEMCMP(hash, test_md4[i].output, WC_MD4_DIGEST_SIZE) != 0)
             return WC_TEST_RET_ENC_I(i);
     }
 
@@ -4075,7 +4425,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
     /* Unaligned memory access test */
     for (i = 1; i < 16; i++) {
         ret = wc_Sha512Update(&sha, (byte*)large_input + i,
-            LARGE_HASH_TEST_INPUT_SZ - i);
+            LARGE_HASH_TEST_INPUT_SZ - (word32)i);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
         ret = wc_Sha512Final(&sha, hash);
@@ -4233,7 +4583,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void)
     /* Unaligned memory access test */
     for (i = 1; i < 16; i++) {
         ret = wc_Sha512_224Update(&sha, (byte*)large_input + i,
-            (word32)sizeof(large_input) - i);
+            (word32)sizeof(large_input) - (word32)i);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
         ret = wc_Sha512_224Final(&sha, hash);
@@ -4386,7 +4736,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void)
     /* Unaligned memory access test */
     for (i = 1; i < 16; i++) {
         ret = wc_Sha512_256Update(&sha, (byte*)large_input + i,
-            (word32)sizeof(large_input) - i);
+            (word32)sizeof(large_input) - (word32)i);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
         ret = wc_Sha512_256Final(&sha, hash);
@@ -5689,12 +6039,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void)
     byte   hashGet[WC_SM3_DIGEST_SIZE];
     byte   hashCopy[WC_SM3_DIGEST_SIZE];
     wc_test_ret_t ret = 0;
-    WOLFSSL_ENTER("sm3_test");
 
     testVector a, b, c;
     testVector test_sm3[3];
     int times = sizeof(test_sm3) / sizeof(struct testVector), i;
 
+    WOLFSSL_ENTER("sm3_test");
+
     a.input  = "";
     a.output = "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f\x8e\x61\x19\x48\x31\xe8\x1a"
                "\x8f\x22\xbe\xc8\xc7\x28\xfe\xfb\x74\x7e\xd0\x35\xeb\x50\x82"
@@ -5847,7 +6198,12 @@ exit:
 #ifndef NO_HASH_WRAPPER
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 {
-    wc_HashAlg       hash;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_HashAlg      *hash = NULL;
+#else
+    wc_HashAlg       hash[1];
+#endif
+
     int              ret, exp_ret;
     int              i, j;
     int              digestSz;
@@ -5905,251 +6261,355 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
 
     WOLFSSL_ENTER("hash_test");
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    hash = wc_HashNew(WC_HASH_TYPE_SHA256, HEAP_HINT, devId, &ret);
+    if (hash == NULL) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
+    else {
+        PRINT_HEAP_ADDRESS(hash);
+    }
+#else
+    XMEMSET(hash, 0, sizeof(wc_HashAlg));
+#endif
+
     /* Parameter Validation testing. */
     ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
-    ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    ret = wc_HashUpdate(hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
-    ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL);
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    ret = wc_HashFinal(hash, WC_HASH_TYPE_SHA256, NULL);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    /* Delete the WC_HASH_TYPE_SHA256 type hash for the following tests */
+    ret = wc_HashDelete(hash, &hash);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
 
     /* Try invalid hash algorithms. */
     for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
-        ret = wc_HashInit(&hash, typesBad[i]);
-        if (ret != BAD_FUNC_ARG)
-            return WC_TEST_RET_ENC_I(i);
-        ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data));
-        if (ret != BAD_FUNC_ARG)
-            return WC_TEST_RET_ENC_I(i);
-        ret = wc_HashFinal(&hash, typesBad[i], out);
-        if (ret != BAD_FUNC_ARG)
-            return WC_TEST_RET_ENC_I(i);
-        wc_HashFree(&hash, typesBad[i]);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        hash = wc_HashNew(typesBad[i], HEAP_HINT, devId, &ret);
+#endif
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        }
+        ret = wc_HashInit(hash, typesBad[i]);
+
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        ret = wc_HashUpdate(hash, typesBad[i], data, sizeof(data));
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        ret = wc_HashFinal(hash, typesBad[i], out);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        ret = wc_HashFree(hash, typesBad[i]);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        ret = wc_HashDelete(hash, &hash);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+            WOLFSSL_MSG("ERROR: wc_HashDelete failed, expected BAD_FUNC_ARG.");
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        }
+#endif
     }
 
     /* Try valid hash algorithms. */
-    for (i = 0, j = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) {
-        exp_ret = 0;
-        if (typesGood[i] == typesNoImpl[j]) {
-            /* Recognized but no implementation compiled in. */
-            exp_ret = HASH_TYPE_E;
-            j++;
+    for (i = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) {
+        exp_ret = 0; /* For valid hash, we expect return result to be zero */
+
+        /* See if the current hash type is one of the known types that are
+         * not implemented or not compiled in (disabled): */
+        for(j = 0; j < (int)(sizeof(typesNoImpl) / sizeof(*typesNoImpl)); j++) {
+            if (typesGood[i] == typesNoImpl[j]) {
+                exp_ret = HASH_TYPE_E;
+                break; /* found one. don't keep looking.
+                        * we won't test hashes not implemented */
+            }
         }
-        ret = wc_HashInit(&hash, typesGood[i]);
+
+        /* If the expected return value is HASH_TYPE_E before we've even started
+         * it must be a hash type not implemented or disabled, so skip it. */
+        if (exp_ret == WC_NO_ERR_TRACE(HASH_TYPE_E)) {
+            continue; /* go fetch the next typesGood[i] */
+        }
+
+        /* Good type and implemented: */
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        hash = wc_HashNew(typesGood[i], HEAP_HINT, devId, &ret);
+        if (hash == NULL) {
+            WOLFSSL_MSG("ERROR: wc_HashNew failed.");
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+        }
+
+       if (ret != 0) {
+           ERROR_OUT(WC_TEST_RET_ENC_EC(BAD_FUNC_ARG), out);
+       }
+#endif
+        ret = wc_HashInit(hash, typesGood[i]);
         if (ret != exp_ret)
-            return WC_TEST_RET_ENC_I(i);
-        ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data));
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        ret = wc_HashUpdate(hash, typesGood[i], data, sizeof(data));
         if (ret != exp_ret)
-            return WC_TEST_RET_ENC_I(i);
-        ret = wc_HashFinal(&hash, typesGood[i], out);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        ret = wc_HashFinal(hash, typesGood[i], out);
         if (ret != exp_ret)
-            return WC_TEST_RET_ENC_I(i);
-        wc_HashFree(&hash, typesGood[i]);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        wc_HashFree(hash, typesGood[i]);
 
         digestSz = wc_HashGetDigestSize(typesGood[i]);
-        if (exp_ret < 0 && digestSz != exp_ret)
-            return WC_TEST_RET_ENC_I(i);
         if (exp_ret == 0 && digestSz < 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         if (exp_ret == 0) {
             ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
-                                                                  digestSz - 1);
-            if (ret != BUFFER_E)
-                return WC_TEST_RET_ENC_I(i);
+                                                        (word32)digestSz - 1);
+            if (ret != WC_NO_ERR_TRACE(BUFFER_E))
+                ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
         ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, (word32)digestSz);
         if (ret != exp_ret)
-            return WC_TEST_RET_ENC_I(i);
-        if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        if (exp_ret == 0 && XMEMCMP(out, hashOut, (word32)digestSz) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
         ret = wc_HashGetBlockSize(typesGood[i]);
-        if (exp_ret < 0 && ret != exp_ret)
-            return WC_TEST_RET_ENC_I(i);
         if (exp_ret == 0 && ret < 0)
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
 #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
         ret = wc_HashGetOID(typesGood[i]);
-        if (ret == BAD_FUNC_ARG ||
-                (exp_ret == 0 && ret == HASH_TYPE_E) ||
-                (exp_ret != 0 && ret != HASH_TYPE_E)) {
-            return WC_TEST_RET_ENC_I(i);
+        if ( (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) && (exp_ret == 0)) ||
+             (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))  ) {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
 
         hashType = wc_OidGetHash(ret);
         if (exp_ret == 0 && hashType != typesGood[i])
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
-    }
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        ret = wc_HashDelete(hash, &hash);
+        if (ret < 0) {
+            WOLFSSL_MSG("ERROR: Failed to delete hash.");
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        }
+#endif
+    } /* Valid hash functions */
+
+
+    /* non wc_HashAlg hash object tests follow: */
     for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) {
         ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out));
-        if ((ret != BAD_FUNC_ARG) && (ret != BUFFER_E) && (ret != HASH_TYPE_E))
-            return WC_TEST_RET_ENC_I(i);
+        if ((ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) &&
+            (ret != WC_NO_ERR_TRACE(BUFFER_E)) &&
+            (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)))
+        {
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+        }
     }
 
 #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
     ret = wc_HashGetOID(WC_HASH_TYPE_MD2);
 #ifdef WOLFSSL_MD2
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
 #else
-    if (ret != HASH_TYPE_E)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
     hashType = wc_OidGetHash(646); /* Md2h */
 #ifdef WOLFSSL_MD2
     if (hashType != WC_HASH_TYPE_MD2)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #else
     if (hashType != WC_HASH_TYPE_NONE)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
     ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
 #ifndef NO_MD5
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
 #else
-    if (ret != HASH_TYPE_E)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
     ret = wc_HashGetOID(WC_HASH_TYPE_MD4);
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_HashGetOID(WC_HASH_TYPE_NONE);
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     hashType = wc_OidGetHash(0);
     if (hashType != WC_HASH_TYPE_NONE)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
 
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2);
 #ifdef WOLFSSL_MD2
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
 #else
-    if (ret != HASH_TYPE_E)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
     ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2);
 #ifdef WOLFSSL_MD2
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
 #else
-    if (ret != HASH_TYPE_E)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4);
 #ifndef NO_MD4
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
 #else
-    if (ret != HASH_TYPE_E)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
     ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4);
 #ifndef NO_MD4
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
 #else
-    if (ret != HASH_TYPE_E)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA);
 #if !defined(NO_MD5) && !defined(NO_SHA)
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
 #else
-    if (ret != HASH_TYPE_E)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B);
 #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
 #else
-    if (ret != HASH_TYPE_E)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
     ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B);
 #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
-    if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
+        ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
 #else
-    if (ret != HASH_TYPE_E)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
     ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE);
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE);
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
 #if !defined(NO_CERTS) && !defined(NO_ASN)
 #if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    ret = wc_GetCTC_HashOID(MD2);
+    ret = wc_GetCTC_HashOID(WC_HASH_TYPE_MD2);
     if (ret == 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 #ifndef NO_MD5
     ret = wc_GetCTC_HashOID(WC_MD5);
     if (ret == 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 #ifndef NO_SHA
     ret = wc_GetCTC_HashOID(WC_SHA);
     if (ret == 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 #ifdef WOLFSSL_SHA224
     ret = wc_GetCTC_HashOID(WC_SHA224);
     if (ret == 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 #ifndef NO_SHA256
     ret = wc_GetCTC_HashOID(WC_SHA256);
     if (ret == 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 #ifdef WOLFSSL_SHA384
     ret = wc_GetCTC_HashOID(WC_SHA384);
     if (ret == 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 #ifdef WOLFSSL_SHA512
     ret = wc_GetCTC_HashOID(WC_SHA512);
     if (ret == 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
     ret = wc_GetCTC_HashOID(-1);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    return 0;
+    ret = 0;
+
+out:
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    (void)wc_HashDelete(hash, &hash);
+#endif
+
+    return ret;
 }
 #endif /* !NO_HASH_WRAPPER */
 
@@ -6277,6 +6737,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
 
     wc_test_ret_t ret;
     int times = sizeof(test_hmac) / sizeof(testVector), i;
+
+#if FIPS_VERSION3_GE(6,0,0)
+    int allowShortKeyWithFips = 1;
+#endif
+
     WOLFSSL_ENTER("hmac_sha_test");
 
     /* Following test vectors are from RFC 2202 section 3 */
@@ -6311,9 +6776,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
     test_hmac[1] = b;
     test_hmac[2] = c;
     test_hmac[3] = d;
-#if FIPS_VERSION3_GE(6,0,0)
-    int allowShortKeyWithFips = 1;
-#endif
 
     for (i = 0; i < times; ++i) {
 #if defined(HAVE_CAVIUM) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))
@@ -6328,7 +6790,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
             (word32)XSTRLEN(keys[i]));
 #if FIPS_VERSION3_GE(6,0,0)
         if (i == 1) {
-            if (ret != HMAC_MIN_KEYLEN_E)
+            if (ret != WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E))
                 return WC_TEST_RET_ENC_EC(ret);
             /* Now use the ex and allow short keys with FIPS option */
             ret = wc_HmacSetKey_ex(&hmac, WC_SHA, (byte*) keys[i],
@@ -6576,9 +7038,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
     if ((ret = wc_HmacSizeByType(WC_SHA256)) != WC_SHA256_DIGEST_SIZE)
         return WC_TEST_RET_ENC_EC(ret);
 #if FIPS_VERSION3_GE(6,0,0)
-    if ((ret = wc_HmacSizeByType(21)) != HMAC_KAT_FIPS_E)
+    if ((ret = wc_HmacSizeByType(21)) != WC_NO_ERR_TRACE(HMAC_KAT_FIPS_E))
 #else
-    if ((ret = wc_HmacSizeByType(21)) != BAD_FUNC_ARG)
+    if ((ret = wc_HmacSizeByType(21)) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
     {
         return WC_TEST_RET_ENC_EC(ret);
@@ -7460,17 +7922,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
     };
 
-
-    const byte* keys[] = {key1, key2, key3, key4};
-
     WOLFSSL_SMALL_STACK_STATIC const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
     WOLFSSL_SMALL_STACK_STATIC const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
     WOLFSSL_SMALL_STACK_STATIC const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00};
     WOLFSSL_SMALL_STACK_STATIC const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
 
-
-    const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4};
-
 #ifndef BENCH_EMBEDDED
     WOLFSSL_SMALL_STACK_STATIC const byte cipher_big_result[] = {
         0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d,
@@ -7589,25 +8045,37 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
     byte   plain_big[CHACHA_BIG_TEST_SIZE] = {0};
     byte   input_big[CHACHA_BIG_TEST_SIZE] = {0};
 #else
-    byte*  cipher_big;
-    byte*  plain_big;
-    byte*  input_big;
+    byte*  cipher_big = NULL;
+    byte*  plain_big = NULL;
+    byte*  input_big = NULL;
 #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
     int    block_size;
 #endif /* BENCH_EMBEDDED */
 
-    byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
-    byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
-    byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
-    byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
+    const byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
+    const byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
+    const byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
+    const byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
 
-    byte* test_chacha[4];
+    const byte* test_chacha[4];
+    const byte* keys[4];
+    const byte* ivs[4];
 
     test_chacha[0] = a;
     test_chacha[1] = b;
     test_chacha[2] = c;
     test_chacha[3] = d;
 
+    keys[0] = key1;
+    keys[1] = key2;
+    keys[2] = key3;
+    keys[3] = key4;
+
+    ivs[0] = ivs1;
+    ivs[1] = ivs2;
+    ivs[2] = ivs3;
+    ivs[3] = ivs4;
+
     WOLFSSL_ENTER("chacha_test");
 
 #ifndef BENCH_EMBEDDED
@@ -7615,17 +8083,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
     cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
     if (cipher_big == NULL) {
-        return MEMORY_E;
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
     }
     plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
     if (plain_big == NULL) {
-        return MEMORY_E;
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
     }
     input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
     if (input_big == NULL) {
-        return MEMORY_E;
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
     }
     XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE);
     XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE);
@@ -7648,24 +8116,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
         ret |= wc_Chacha_SetKey(&enc, keys[i], keySz);
         ret |= wc_Chacha_SetKey(&dec, keys[i], keySz);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         ret |= wc_Chacha_SetIV(&enc, cipher, 0);
         ret |= wc_Chacha_SetIV(&dec, cipher, 0);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         XMEMCPY(plain, input, 8);
 
         ret |= wc_Chacha_Process(&enc, cipher, plain,  (word32)8);
         ret |= wc_Chacha_Process(&dec, plain,  cipher, (word32)8);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         if (XMEMCMP(test_chacha[i], cipher, 8))
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
         if (XMEMCMP(plain, input, 8))
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
     }
 
     /* test of starting at a different counter
@@ -7678,20 +8146,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
     ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
     ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
     if (ret != 0)
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret |= wc_Chacha_SetIV(&enc, cipher, 0);
     ret |= wc_Chacha_SetIV(&dec, cipher, 1);
     if (ret != 0)
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret |= wc_Chacha_Process(&enc, cipher, plain,  sizeof(plain));
     ret |= wc_Chacha_Process(&dec, sliver,  cipher + 64, sizeof(sliver));
     if (ret != 0)
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(plain + 64, sliver, 64))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
 #ifndef BENCH_EMBEDDED
     /* test of encrypting more data */
@@ -7700,24 +8168,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
     ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
     ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
     if (ret != 0)
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
     ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
     if (ret != 0)
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE);
     ret |= wc_Chacha_Process(&dec, plain_big,  cipher_big,
                                                           CHACHA_BIG_TEST_SIZE);
     if (ret != 0)
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     for (i = 0; i < 18; ++i) {
         /* this will test all paths
@@ -7730,23 +8198,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
         ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
         ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
         ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         ret |= wc_Chacha_Process(&enc, cipher_big, plain_big , (word32)block_size);
         ret |= wc_Chacha_Process(&dec, plain_big , cipher_big, (word32)block_size);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain_big, input_big, block_size))
-            return WC_TEST_RET_ENC_I(i);
+        if (XMEMCMP(plain_big, input_big, (word32)block_size))
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        if (XMEMCMP(cipher_big, cipher_big_result, block_size))
-            return WC_TEST_RET_ENC_I(i);
+        if (XMEMCMP(cipher_big, cipher_big_result, (word32)block_size))
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
     }
 
     /* Streaming test */
@@ -7755,50 +8223,56 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
 
         ret = wc_Chacha_SetKey(&enc, keys[0], keySz);
         if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         ret = wc_Chacha_SetKey(&dec, keys[0], keySz);
         if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         ret = wc_Chacha_SetIV(&enc, ivs[2], 0);
         if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         ret = wc_Chacha_SetIV(&dec, ivs[2], 0);
         if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         for (j = 0; j < CHACHA_BIG_TEST_SIZE - i; j+= i) {
             ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, (word32)i);
             if (ret != 0)
-                return WC_TEST_RET_ENC_EC(ret);
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
             ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, (word32)i);
             if (ret != 0)
-                return WC_TEST_RET_ENC_EC(ret);
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         }
 
         rem = CHACHA_BIG_TEST_SIZE - j;
         ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, (word32)rem);
         if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, (word32)rem);
         if (ret != 0)
-            return WC_TEST_RET_ENC_EC(ret);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
         if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
         if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
     }
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+#endif /* BENCH_EMBEDDED */
+
+    ret = 0;
+
+out:
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) && \
+        !defined(BENCH_EMBEDDED)
     XFREE(cipher_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(plain_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(input_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
-#endif /* BENCH_EMBEDDED */
 
-    return 0;
+    return ret;
 }
 #endif /* HAVE_CHACHA */
 
@@ -7809,8 +8283,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
     byte     tag[16];
     Poly1305 enc;
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {
         0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
         0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
         0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
@@ -7818,22 +8291,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
         0x75,0x70
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {
         0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
         0x6c,0x64,0x21
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg4[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
         0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
         0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
         0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
@@ -7851,14 +8321,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
         0x61,0x16
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg5[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg5[] = {
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
         0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte msg6[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte msg6[] = {
         0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
         0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
         0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
@@ -7880,54 +8348,57 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
         0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
         0x61,0x16
     };
+    WOLFSSL_SMALL_STACK_STATIC const byte msg7[] = {
+        0xe8,0x8c,0x85,0x03,0x43,0xaf,0xa7,0x85,
+        0x21,0x6b,0xc3,0x45,0xc4,0x53,0x98,0xf8,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+    };
 
-    byte additional[] =
-    {
+    byte additional[] = {
         0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
         0xc4,0xc5,0xc6,0xc7
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct0[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct0[] = {
         0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
         0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct1[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct1[] = {
         0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
         0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct2[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct2[] = {
         0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
         0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct3[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct3[] = {
         0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
         0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct4[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct4[] = {
         0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a,
         0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct5[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct5[] = {
         0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
     };
 
-    WOLFSSL_SMALL_STACK_STATIC const byte correct6[] =
-    {
+    WOLFSSL_SMALL_STACK_STATIC const byte correct6[] = {
         0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
         0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
     };
+    WOLFSSL_SMALL_STACK_STATIC const byte correct7[] = {
+        0x14,0x00,0x00,0x88,0x5c,0x00,0x00,0x88,
+        0x5c,0x00,0x00,0x88,0x5c,0x00,0x00,0x88
+    };
+
 
     WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
         0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
@@ -7957,17 +8428,48 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
     };
 
-    const byte* msgs[]  = {NULL, msg1, msg2, msg3, msg5, msg6};
-    word32      szm[]   = {0, sizeof(msg1), sizeof(msg2),
-                           sizeof(msg3), sizeof(msg5), sizeof(msg6)};
-    const byte* keys[]  = {key, key, key2, key2, key5, key};
-    const byte* tests[] = {correct0, correct1, correct2, correct3, correct5,
-                           correct6};
+    WOLFSSL_SMALL_STACK_STATIC const byte key7[] = {
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+        0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
+    };
+
+    const byte* msgs[7];
+    const word32 szm[7] = {0, sizeof(msg1), sizeof(msg2),
+                           sizeof(msg3), sizeof(msg5), sizeof(msg6),
+                           sizeof(msg7)};
+    const byte* keys[7];
+    const byte* tests[7];
     int i;
     wc_test_ret_t ret = 0;
     WOLFSSL_ENTER("poly1305_test");
 
-    for (i = 0; i < 6; i++) {
+    msgs[0] = NULL;
+    msgs[1] = msg1;
+    msgs[2] = msg2;
+    msgs[3] = msg3;
+    msgs[4] = msg5;
+    msgs[5] = msg6;
+    msgs[6] = msg7;
+
+    keys[0] = key;
+    keys[1] = key;
+    keys[2] = key2;
+    keys[3] = key2;
+    keys[4] = key5;
+    keys[5] = key;
+    keys[6] = key7;
+
+    tests[0] = correct0;
+    tests[1] = correct1;
+    tests[2] = correct2;
+    tests[3] = correct3;
+    tests[4] = correct5;
+    tests[5] = correct6;
+    tests[6] = correct7;
+
+    for (i = 0; i < 7; i++) {
         ret = wc_Poly1305SetKey(&enc, keys[i], 32);
         if (ret != 0)
             return WC_TEST_RET_ENC_I(i);
@@ -7984,6 +8486,31 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
             return WC_TEST_RET_ENC_I(i);
     }
 
+    /* Testing multiple updates with various sizes works. */
+    for (i = 1; i < (int)sizeof(msg6); i++) {
+        int j;
+
+        ret = wc_Poly1305SetKey(&enc, key, 32);
+        if (ret != 0)
+            return WC_TEST_RET_ENC_I(i);
+
+        for (j = 0; j < (int)sizeof(msg6); j += i) {
+            int len = (int)sizeof(msg6) - j;
+            if (len > i)
+                len = i;
+            ret = wc_Poly1305Update(&enc, msg6 + j, len);
+            if (ret != 0)
+                return WC_TEST_RET_ENC_I(j);
+        }
+
+        ret = wc_Poly1305Final(&enc, tag);
+        if (ret != 0)
+            return WC_TEST_RET_ENC_I(i);
+
+        if (XMEMCMP(tag, correct6, sizeof(tag)))
+            return WC_TEST_RET_ENC_I(i);
+    }
+
     /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */
     XMEMSET(tag, 0, sizeof(tag));
     ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4));
@@ -8205,53 +8732,53 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
     /* Encrypt */
     err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1,
             sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1),
             plaintext1, sizeof(plaintext1), generatedCiphertext,
             generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
             sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
             sizeof(plaintext1), NULL, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
             sizeof(plaintext1), generatedCiphertext, NULL);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
             sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     /* Decrypt */
     err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2,
             sizeof(cipher2), authTag2, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2,
             sizeof(cipher2), authTag2, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
             sizeof(cipher2), authTag2, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
             sizeof(cipher2), NULL, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
             sizeof(cipher2), authTag2, NULL);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
             sizeof(cipher2), authTag2, generatedPlaintext);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
 
 
@@ -8323,39 +8850,39 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
     /* AEAD init/update/final - bad argument tests */
     err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1,
         CHACHA20_POLY1305_AEAD_DECRYPT);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1,
         CHACHA20_POLY1305_AEAD_DECRYPT);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL,
         CHACHA20_POLY1305_AEAD_DECRYPT);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext,
         generatedPlaintext, sizeof(plaintext1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL,
         sizeof(plaintext1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext,
         sizeof(plaintext1));
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
     err = wc_ChaCha20Poly1305_Final(&aead, NULL);
-    if (err != BAD_FUNC_ARG)
+    if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(err);
 
     /* AEAD init/update/final - bad state tests */
@@ -8366,24 +8893,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
     XMEMSET(&aead, 0, sizeof(aead));
     aead.state = CHACHA20_POLY1305_STATE_INIT;
     err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
     aead.state = CHACHA20_POLY1305_STATE_DATA;
     err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
     aead.state = CHACHA20_POLY1305_STATE_INIT;
     err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext,
         generatedPlaintext, sizeof(plaintext1));
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
     aead.state = CHACHA20_POLY1305_STATE_INIT;
     err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
     aead.state = CHACHA20_POLY1305_STATE_READY;
     err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
-    if (err != BAD_STATE_E)
+    if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(err);
 
     XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
@@ -8536,6 +9063,254 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
 }
 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
 
+#ifdef HAVE_ASCON
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_hash256_test(void)
+{
+    WOLFSSL_SMALL_STACK_STATIC byte msg[1024];
+    byte mdOut[ASCON_HASH256_SZ];
+
+    /* KATs taken from https://github.com/ascon/ascon-c.
+     * Testing only a subset of KATs here. The rest are tested in
+     * tests/api/ascon.c.  */
+    /* crypto_hash/asconhash256/LWC_HASH_KAT_256.txt
+     * The message is just the byte stream 00 01 02 03 ... */
+    WOLFSSL_SMALL_STACK_STATIC const byte hash_output[][32] = {
+        { 0x0B, 0x3B, 0xE5, 0x85, 0x0F, 0x2F, 0x6B, 0x98, 0xCA, 0xF2, 0x9F, 0x8F, 0xDE, 0xA8, 0x9B, 0x64, 0xA1, 0xFA, 0x70, 0xAA, 0x24, 0x9B, 0x8F, 0x83, 0x9B, 0xD5, 0x3B, 0xAA, 0x30, 0x4D, 0x92, 0xB2 },
+        { 0x07, 0x28, 0x62, 0x10, 0x35, 0xAF, 0x3E, 0xD2, 0xBC, 0xA0, 0x3B, 0xF6, 0xFD, 0xE9, 0x00, 0xF9, 0x45, 0x6F, 0x53, 0x30, 0xE4, 0xB5, 0xEE, 0x23, 0xE7, 0xF6, 0xA1, 0xE7, 0x02, 0x91, 0xBC, 0x80 },
+        { 0x61, 0x15, 0xE7, 0xC9, 0xC4, 0x08, 0x1C, 0x27, 0x97, 0xFC, 0x8F, 0xE1, 0xBC, 0x57, 0xA8, 0x36, 0xAF, 0xA1, 0xC5, 0x38, 0x1E, 0x55, 0x6D, 0xD5, 0x83, 0x86, 0x0C, 0xA2, 0xDF, 0xB4, 0x8D, 0xD2 },
+        { 0x26, 0x5A, 0xB8, 0x9A, 0x60, 0x9F, 0x5A, 0x05, 0xDC, 0xA5, 0x7E, 0x83, 0xFB, 0xBA, 0x70, 0x0F, 0x9A, 0x2D, 0x2C, 0x42, 0x11, 0xBA, 0x4C, 0xC9, 0xF0, 0xA1, 0xA3, 0x69, 0xE1, 0x7B, 0x91, 0x5C },
+        { 0xD7, 0xE4, 0xC7, 0xED, 0x9B, 0x8A, 0x32, 0x5C, 0xD0, 0x8B, 0x9E, 0xF2, 0x59, 0xF8, 0x87, 0x70, 0x54, 0xEC, 0xD8, 0x30, 0x4F, 0xE1, 0xB2, 0xD7, 0xFD, 0x84, 0x71, 0x37, 0xDF, 0x67, 0x27, 0xEE },
+    };
+
+    wc_AsconHash256 asconHash;
+    int err;
+    word32 i;
+
+    /* init msg buffer */
+    for (i = 0; i < sizeof(msg); i++)
+        msg[i] = (byte)i;
+
+    for (i = 0; i < XELEM_CNT(hash_output); i++) {
+        XMEMSET(mdOut, 0, sizeof(mdOut));
+        err = wc_AsconHash256_Init(&asconHash);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        err = wc_AsconHash256_Update(&asconHash, msg, i);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        err = wc_AsconHash256_Final(&asconHash, mdOut);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        if (XMEMCMP(mdOut, hash_output[i], ASCON_HASH256_SZ) != 0)
+            return WC_TEST_RET_ENC_NC;
+        wc_AsconHash256_Clear(&asconHash);
+    }
+
+    /* Test separated update */
+    for (i = 0; i < XELEM_CNT(hash_output); i++) {
+        word32 half_i = i / 2;
+        XMEMSET(mdOut, 0, sizeof(mdOut));
+        err = wc_AsconHash256_Init(&asconHash);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        err = wc_AsconHash256_Update(&asconHash, msg, half_i);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        err = wc_AsconHash256_Update(&asconHash, msg + half_i, i - half_i);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        err = wc_AsconHash256_Final(&asconHash, mdOut);
+        if (err != 0)
+            return WC_TEST_RET_ENC_EC(err);
+        if (XMEMCMP(mdOut, hash_output[i], ASCON_HASH256_SZ) != 0)
+            return WC_TEST_RET_ENC_NC;
+        wc_AsconHash256_Clear(&asconHash);
+    }
+
+    return 0;
+}
+
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_aead128_test(void)
+{
+    word32 i;
+    wc_AsconAEAD128 asconAEAD;
+    int err;
+
+    /* KATs taken from https://github.com/ascon/ascon-c.
+     * Testing only a subset of KATs here. The rest are tested in
+     * tests/api/ascon.c.  */
+    /* crypto_hash/asconaead128/LWC_AEAD_KAT_128_128.txt */
+    static const char *aead_kat[][5] = {
+        { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+          /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+          /* PT = */ "",
+          /* AD = */ "",
+          /* CT = */ "4427D64B8E1E1451FC445960F0839BB0", },
+        { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+          /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+          /* PT = */ "",
+          /* AD = */ "00",
+          /* CT = */ "103AB79D913A0321287715A979BB8585", },
+        { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+          /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+          /* PT = */ "",
+          /* AD = */ "0001",
+          /* CT = */ "A50E88E30F923B90A9C810181230DF10", },
+        { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+          /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+          /* PT = */ "",
+          /* AD = */ "000102",
+          /* CT = */ "AE214C9F66630658ED8DC7D31131174C", },
+        { /* Key = */ "000102030405060708090A0B0C0D0E0F",
+          /* Nonce = */ "000102030405060708090A0B0C0D0E0F",
+          /* PT = */ "",
+          /* AD = */ "00010203",
+          /* CT = */ "C6FF3CF70575B144B955820D9BC7685E", },
+    };
+
+    for (i = 0; i < XELEM_CNT(aead_kat); i++) {
+        byte key[ASCON_AEAD128_KEY_SZ];
+        byte nonce[ASCON_AEAD128_NONCE_SZ];
+        byte pt[32]; /* longest plaintext we test is 32 bytes */
+        word32 ptSz;
+        byte ad[32]; /* longest AD we test is 32 bytes */
+        word32 adSz;
+        byte ct[48]; /* longest ciphertext we test is 32 bytes + 16 bytes tag */
+        word32 ctSz;
+        word32 j;
+        byte tag[ASCON_AEAD128_TAG_SZ];
+        byte buf[32]; /* longest buffer we test is 32 bytes */
+
+        XMEMSET(key, 0, sizeof(key));
+        XMEMSET(nonce, 0, sizeof(nonce));
+        XMEMSET(pt, 0, sizeof(pt));
+        XMEMSET(ad, 0, sizeof(ad));
+        XMEMSET(ct, 0, sizeof(ct));
+        XMEMSET(tag, 0, sizeof(tag));
+
+        /* Convert HEX strings to byte stream */
+        for (j = 0; aead_kat[i][0][j] != '\0'; j += 2) {
+            key[j/2] = HexCharToByte(aead_kat[i][0][j]) << 4 |
+                       HexCharToByte(aead_kat[i][0][j+1]);
+        }
+        for (j = 0; aead_kat[i][1][j] != '\0'; j += 2) {
+            nonce[j/2] = HexCharToByte(aead_kat[i][1][j]) << 4 |
+                         HexCharToByte(aead_kat[i][1][j+1]);
+        }
+        for (j = 0; aead_kat[i][2][j] != '\0'; j += 2) {
+            pt[j/2] = HexCharToByte(aead_kat[i][2][j]) << 4 |
+                      HexCharToByte(aead_kat[i][2][j+1]);
+        }
+        ptSz = j/2;
+        for (j = 0; aead_kat[i][3][j] != '\0'; j += 2) {
+            ad[j/2] = HexCharToByte(aead_kat[i][3][j]) << 4 |
+                      HexCharToByte(aead_kat[i][3][j+1]);
+        }
+        adSz = j/2;
+        for (j = 0; aead_kat[i][4][j] != '\0'; j += 2) {
+            ct[j/2] = HexCharToByte(aead_kat[i][4][j]) << 4 |
+                      HexCharToByte(aead_kat[i][4][j+1]);
+        }
+        ctSz = j/2 - ASCON_AEAD128_TAG_SZ;
+
+        for (j = 0; j < 4; j++) {
+            err = wc_AsconAEAD128_Init(&asconAEAD);
+            if (err != 0)
+                return WC_TEST_RET_ENC_EC(err);
+
+            err = wc_AsconAEAD128_SetKey(&asconAEAD, key);
+            if (err != 0)
+                return WC_TEST_RET_ENC_EC(err);
+
+            err = wc_AsconAEAD128_SetNonce(&asconAEAD, nonce);
+            if (err != 0)
+                return WC_TEST_RET_ENC_EC(err);
+
+            err = wc_AsconAEAD128_SetAD(&asconAEAD, ad, adSz);
+            if (err != 0)
+                return WC_TEST_RET_ENC_EC(err);
+
+            if (j == 0) {
+                /* Encryption test */
+                err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, buf, pt, ptSz);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                if (XMEMCMP(buf, ct, ptSz) != 0)
+                    return WC_TEST_RET_ENC_NC;
+
+                err = wc_AsconAEAD128_EncryptFinal(&asconAEAD, tag);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                if (XMEMCMP(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ) != 0)
+                    return WC_TEST_RET_ENC_NC;
+            }
+            else if (j == 1) {
+                /* Decryption test */
+                err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, buf, ct, ctSz);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                if (XMEMCMP(buf, pt, ctSz) != 0)
+                    return WC_TEST_RET_ENC_NC;
+
+                err = wc_AsconAEAD128_DecryptFinal(&asconAEAD, ct + ctSz);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+            }
+            else if (j == 2) {
+                /* Split encryption test */
+                err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, buf, pt,
+                                                    ptSz/2);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, buf + (ptSz/2),
+                                                pt + (ptSz/2), ptSz - (ptSz/2));
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                if (XMEMCMP(buf, ct, ptSz) != 0)
+                    return WC_TEST_RET_ENC_NC;
+
+                err = wc_AsconAEAD128_EncryptFinal(&asconAEAD, tag);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                if (XMEMCMP(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ) != 0)
+                    return WC_TEST_RET_ENC_NC;
+
+            }
+            else if (j == 3) {
+                /* Split decryption test */
+                err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, buf, ct,
+                                                    ctSz/2);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, buf + (ctSz/2),
+                                                ct + (ctSz/2), ctSz - (ctSz/2));
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+                if (XMEMCMP(buf, pt, ctSz) != 0)
+                    return WC_TEST_RET_ENC_NC;
+
+                err = wc_AsconAEAD128_DecryptFinal(&asconAEAD, ct + ctSz);
+                if (err != 0)
+                    return WC_TEST_RET_ENC_EC(err);
+
+            }
+
+
+            wc_AsconAEAD128_Clear(&asconAEAD);
+        }
+    }
+
+    return 0;
+}
+#endif /* HAVE_ASCON */
 
 #ifndef NO_DES3
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
@@ -8569,6 +9344,31 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
         0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
     };
 
+    #ifdef WOLFSSL_DES_ECB
+
+    /* "Stay strong and move on!"" */
+    WOLFSSL_SMALL_STACK_STATIC const byte vector_ecb[] =
+    {
+        0x53,0x74,0x61,0x79,0x20,0x73,0x74,0x72,
+        0x6F,0x6E,0x67,0x20,0x61,0x6E,0x64,0x20,
+        0x6D,0x6F,0x76,0x65,0x20,0x6F,0x6E,0x21
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb[] =
+    {
+        0x70,0x4F,0x20,0xF6,0x72,0xB4,0xD0,0x2A,
+        0xB5,0xA9,0x94,0x9F,0x11,0xCF,0x87,0xED,
+        0x13,0x33,0x82,0xCB,0x8B,0xF1,0x82,0x56
+    };
+
+    /* "Lemmings" */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_ecb[] =
+    {
+        0x4C,0x65,0x6D,0x6D,0x69,0x6E,0x67,0x73
+    };
+
+    #endif /* WOLFSSL_DES_ECB */
+
     wc_test_ret_t ret;
     WOLFSSL_ENTER("des_test");
 
@@ -8598,6 +9398,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
+    /* Test basic ECB Process for DES*/
+#ifdef WOLFSSL_DES_ECB
+    ret = wc_Des_SetKey(&enc, key_ecb, iv, DES_ENCRYPTION);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = wc_Des_EcbEncrypt(&enc, cipher, vector_ecb, sizeof(vector));
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = wc_Des_SetKey(&dec, key_ecb, iv, DES_DECRYPTION);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = wc_Des_EcbDecrypt(&dec, plain, cipher, sizeof(cipher));
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    if (XMEMCMP(plain, vector_ecb, sizeof(plain)))
+        return WC_TEST_RET_ENC_NC;
+
+    if (XMEMCMP(cipher, verify_ecb, sizeof(cipher)))
+        return WC_TEST_RET_ENC_NC;
+
+#endif /* WOLFSSL_DES_ECB */
+
 #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
     {
         EncryptedInfo info;
@@ -8615,7 +9441,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
         /* Test invalid info ptr */
         ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key,
                 sizeof(key), WC_HASH_TYPE_SHA);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             return WC_TEST_RET_ENC_EC(ret);
 
     #ifndef NO_PWDBASED
@@ -8669,6 +9495,33 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
         0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
     };
 
+    #ifdef WOLFSSL_DES_ECB
+
+    /* Stay strong and move on! */
+    WOLFSSL_SMALL_STACK_STATIC const byte vector_ecb[] =
+    {
+        0x53,0x74,0x61,0x79,0x20,0x73,0x74,0x72,
+        0x6F,0x6E,0x67,0x20,0x61,0x6E,0x64,0x20,
+        0x6D,0x6F,0x76,0x65,0x20,0x6F,0x6E,0x21
+    };
+
+    WOLFSSL_SMALL_STACK_STATIC const byte verify3_ecb[] =
+    {
+        0x45,0x7E,0xFA,0xA1,0x05,0xDD,0x48,0x86,
+        0x4D,0xB2,0xAB,0xE4,0xF9,0x63,0xD6,0x54,
+        0x7C,0x5A,0xB3,0x67,0x32,0x25,0x67,0x3D
+    };
+
+    /* "Life is what you make it" */
+    WOLFSSL_SMALL_STACK_STATIC const byte key3_ecb[] =
+    {
+        0x4C,0x69,0x66,0x65,0x20,0x69,0x73,0x20,
+        0x77,0x68,0x61,0x74,0x20,0x79,0x6F,0x75,
+        0x20,0x6D,0x61,0x6B,0x65,0x20,0x69,0x74
+    };
+
+    #endif /* WOLFSSL_DES_ECB */
+
     wc_test_ret_t ret;
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
     size_t i;
@@ -8707,18 +9560,54 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
     if (XMEMCMP(cipher, verify3, sizeof(cipher)))
         return WC_TEST_RET_ENC_NC;
 
+/* Test basic ECB Process for DES3*/
+#ifdef WOLFSSL_DES_ECB
+    ret = wc_Des3Init(&enc, HEAP_HINT, devId);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_Des3Init(&dec, HEAP_HINT, devId);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    ret = wc_Des3_SetKey(&enc, key3_ecb, NULL, DES_ENCRYPTION);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_Des3_SetKey(&dec, key3_ecb, NULL, DES_DECRYPTION);
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_Des3_EcbEncrypt(&enc, cipher, vector_ecb, sizeof(vector_ecb));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_Des3_EcbDecrypt(&dec, plain, cipher, sizeof(cipher));
+#if defined(WOLFSSL_ASYNC_CRYPT)
+    ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
+#endif
+    if (ret != 0)
+        return WC_TEST_RET_ENC_EC(ret);
+
+    if (XMEMCMP(plain, vector_ecb, sizeof(plain)))
+        return WC_TEST_RET_ENC_NC;
+
+    if (XMEMCMP(cipher, verify3_ecb, sizeof(cipher)))
+        return WC_TEST_RET_ENC_NC;
+
+#endif /* WOLFSSL_DES_ECB */
+
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
     /* test the same vectors with using compatibility layer */
     for (i = 0; i < sizeof(vector); i += DES_BLOCK_SIZE){
-        DES_key_schedule ks1;
-        DES_key_schedule ks2;
-        DES_key_schedule ks3;
-        DES_cblock iv4;
+        WOLFSSL_DES_key_schedule ks1;
+        WOLFSSL_DES_key_schedule ks2;
+        WOLFSSL_DES_key_schedule ks3;
+        WOLFSSL_DES_cblock iv4;
         byte tmp[sizeof(vector)];
 
-        XMEMCPY(ks1, key3, sizeof(DES_key_schedule));
-        XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule));
-        XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule));
+        XMEMCPY(ks1, key3, sizeof(WOLFSSL_DES_key_schedule));
+        XMEMCPY(ks2, key3 + 8, sizeof(WOLFSSL_DES_key_schedule));
+        XMEMCPY(ks3, key3 + 16, sizeof(WOLFSSL_DES_key_schedule));
 
         XMEMSET(plain, 0, sizeof(plain));
         XMEMSET(cipher, 0, sizeof(cipher));
@@ -8727,17 +9616,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
         XMEMCPY(tmp, vector, sizeof(vector));
 
         /* Use i as the splitter */
-        XMEMCPY(iv4, iv3, sizeof(DES_cblock));
-        DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
-                &iv4, DES_ENCRYPT);
-        DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(vector) - i),
-                &ks1, &ks2, &ks3, &iv4, DES_ENCRYPT);
+        XMEMCPY(iv4, iv3, sizeof(WOLFSSL_DES_cblock));
+        wolfSSL_DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
+                &iv4, WC_DES_ENCRYPT);
+        wolfSSL_DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(vector) - i),
+                &ks1, &ks2, &ks3, &iv4, WC_DES_ENCRYPT);
         XMEMCPY(cipher, tmp, sizeof(cipher));
-        XMEMCPY(iv4, iv3, sizeof(DES_cblock));
-        DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
-                &iv4, DES_DECRYPT);
-        DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(cipher) - i),
-                &ks1, &ks2, &ks3, &iv4, DES_DECRYPT);
+        XMEMCPY(iv4, iv3, sizeof(WOLFSSL_DES_cblock));
+        wolfSSL_DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
+                &iv4, WC_DES_DECRYPT);
+        wolfSSL_DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(cipher) - i),
+                &ks1, &ks2, &ks3, &iv4, WC_DES_DECRYPT);
         XMEMCPY(plain, tmp, sizeof(plain));
 
         if (XMEMCMP(plain, vector, sizeof(plain)))
@@ -8789,9 +9678,9 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
         const byte* expected, int expectedSz)
 {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    EVP_CIPHER_CTX *ctx = NULL;
+    WOLFSSL_EVP_CIPHER_CTX *ctx = NULL;
 #else
-    EVP_CIPHER_CTX ctx[1];
+    WOLFSSL_EVP_CIPHER_CTX ctx[1];
 #endif
     int ctx_inited = 0;
     int idx, cipherSz;
@@ -8803,33 +9692,33 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
         return MEMORY_E;
 #endif
 
-    cipher = (byte*)XMALLOC(plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    cipher = (byte*)XMALLOC((size_t)plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (cipher == NULL) {
         ret = WC_TEST_RET_ENC_ERRNO;
         goto EVP_TEST_END;
     }
 
     /* test encrypt */
-    EVP_CIPHER_CTX_init(ctx);
+    wolfSSL_EVP_CIPHER_CTX_init(ctx);
     ctx_inited = 1;
-    if (EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
+    if (wolfSSL_EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
-    if (EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
+    if (wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
     cipherSz = idx;
-    if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
+    if (wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
     cipherSz += idx;
 
-    if (XMEMCMP(cipher, expected, plainSz)) {
+    if (XMEMCMP(cipher, expected, (size_t)plainSz)) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
@@ -8844,26 +9733,26 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
     }
 
     /* test decrypt */
-    EVP_CIPHER_CTX_init(ctx);
+    wolfSSL_EVP_CIPHER_CTX_init(ctx);
     ctx_inited = 1;
-    if (EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
+    if (wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
-    if (EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
+    if (wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
 
     cipherSz = idx;
-    if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
+    if (wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
     cipherSz += idx;
 
-    if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) {
+    if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, (size_t)plainSz)) {
         ret = WC_TEST_RET_ENC_NC;
         goto EVP_TEST_END;
     }
@@ -8978,54 +9867,54 @@ EVP_TEST_END:
     #else
         Aes enc[1];
     #endif
-        byte cipher[AES_BLOCK_SIZE * 4];
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
     #ifdef HAVE_AES_DECRYPT
         #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
             Aes *dec = NULL;
         #else
             Aes dec[1];
         #endif
-        byte plain [AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
     #endif
         wc_test_ret_t ret = 0;
 
     WOLFSSL_ENTER("aesofb_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(-1, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(-1, out);
-#endif
-#endif
-
-        XMEMSET(enc, 0, sizeof *enc);
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #ifdef HAVE_AES_DECRYPT
-        XMEMSET(dec, 0, sizeof *dec);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
+    ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
 #ifdef WOLFSSL_AES_128
         /* 128 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
+        ret = EVP_test(wolfSSL_EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
                 cipher2, sizeof(cipher2));
         if (ret != 0) {
             goto out;
         }
     #endif
 
-        ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-
-    #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    #endif
-
         ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -9037,19 +9926,19 @@ EVP_TEST_END:
     #endif
 
         XMEMSET(cipher, 0, sizeof(cipher));
-        ret = wc_AesOfbEncrypt(enc, cipher, plain2, AES_BLOCK_SIZE);
+        ret = wc_AesOfbEncrypt(enc, cipher, plain2, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, cipher2, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesOfbDecrypt(dec, plain, cipher2, AES_BLOCK_SIZE);
+        ret = wc_AesOfbDecrypt(dec, plain, cipher2, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, plain2, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, plain2, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_128 */
@@ -9058,7 +9947,7 @@ EVP_TEST_END:
         /* 192 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
+        ret = EVP_test(wolfSSL_EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
                 cipher3, sizeof(cipher3));
         if (ret != 0) {
             goto out;
@@ -9076,19 +9965,19 @@ EVP_TEST_END:
     #endif
 
         XMEMSET(cipher, 0, sizeof(cipher));
-        ret = wc_AesOfbEncrypt(enc, cipher, plain3, AES_BLOCK_SIZE);
+        ret = wc_AesOfbEncrypt(enc, cipher, plain3, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, cipher3, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesOfbDecrypt(dec, plain, cipher3, AES_BLOCK_SIZE);
+        ret = wc_AesOfbDecrypt(dec, plain, cipher3, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, plain3, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, plain3, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_192 */
@@ -9097,7 +9986,7 @@ EVP_TEST_END:
         /* 256 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
+        ret = EVP_test(wolfSSL_EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
                 cipher1, sizeof(cipher1));
         if (ret != 0) {
             goto out;
@@ -9115,37 +10004,37 @@ EVP_TEST_END:
     #endif
 
         XMEMSET(cipher, 0, sizeof(cipher));
-        ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE);
+        ret = wc_AesOfbEncrypt(enc, cipher, plain1, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        ret = wc_AesOfbEncrypt(enc, cipher + AES_BLOCK_SIZE,
-                plain1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        ret = wc_AesOfbEncrypt(enc, cipher + WC_AES_BLOCK_SIZE,
+                plain1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher + AES_BLOCK_SIZE, cipher1 + AES_BLOCK_SIZE,
-                    AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher + WC_AES_BLOCK_SIZE, cipher1 + WC_AES_BLOCK_SIZE,
+                    WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE);
+        ret = wc_AesOfbDecrypt(dec, plain, cipher1, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, plain1, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        ret = wc_AesOfbDecrypt(dec, plain + AES_BLOCK_SIZE,
-                cipher1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        ret = wc_AesOfbDecrypt(dec, plain + WC_AES_BLOCK_SIZE,
+                cipher1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain + AES_BLOCK_SIZE, plain1 + AES_BLOCK_SIZE,
-                    AES_BLOCK_SIZE))
+        if (XMEMCMP(plain + WC_AES_BLOCK_SIZE, plain1 + WC_AES_BLOCK_SIZE,
+                    WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 
@@ -9161,19 +10050,19 @@ EVP_TEST_END:
     #endif
 
         XMEMSET(cipher, 0, sizeof(cipher));
-        ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE * 3);
+        ret = wc_AesOfbEncrypt(enc, cipher, plain1, WC_AES_BLOCK_SIZE * 3);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 3))
+        if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 3))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE * 3);
+        ret = wc_AesOfbDecrypt(dec, plain, cipher1, WC_AES_BLOCK_SIZE * 3);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE * 3))
+        if (XMEMCMP(plain, plain1, WC_AES_BLOCK_SIZE * 3))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 
@@ -9188,20 +10077,20 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
 
-        XMEMCPY(cipher, plain1, AES_BLOCK_SIZE * 2);
-        ret = wc_AesOfbEncrypt(enc, cipher, cipher, AES_BLOCK_SIZE * 2);
+        XMEMCPY(cipher, plain1, WC_AES_BLOCK_SIZE * 2);
+        ret = wc_AesOfbEncrypt(enc, cipher, cipher, WC_AES_BLOCK_SIZE * 2);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
+        if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 2))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesOfbDecrypt(dec, cipher, cipher, AES_BLOCK_SIZE * 2);
+        ret = wc_AesOfbDecrypt(dec, cipher, cipher, WC_AES_BLOCK_SIZE * 2);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, plain1, AES_BLOCK_SIZE * 2))
+        if (XMEMCMP(cipher, plain1, WC_AES_BLOCK_SIZE * 2))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 
@@ -9224,11 +10113,11 @@ EVP_TEST_END:
         if (XMEMCMP(cipher, cipher1, 3))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, AES_BLOCK_SIZE);
+        ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher + 3, cipher1 + 3, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher + 3, cipher1 + 3, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
@@ -9239,27 +10128,29 @@ EVP_TEST_END:
         if (XMEMCMP(plain, plain1, 6))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, AES_BLOCK_SIZE);
+        ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain + 6, plain1 + 6, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain + 6, plain1 + 6, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 
-  out:
+    out:
 
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(enc, &enc);
+    #else
         wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-        wc_AesFree(dec);
-#endif
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-#ifdef HAVE_AES_DECRYPT
-    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-#endif
-#endif
+    #endif
 
+    #ifdef HAVE_AES_DECRYPT
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(dec, &dec);
+    #else
+        wc_AesFree(dec);
+    #endif
+    #endif
 #endif /* WOLFSSL_AES_256 */
 
         return ret;
@@ -9277,17 +10168,15 @@ EVP_TEST_END:
 #else
         Aes enc[1];
 #endif
-        int enc_inited = 0;
-        byte cipher[AES_BLOCK_SIZE * 4];
-    #ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+#ifdef HAVE_AES_DECRYPT
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         Aes *dec = NULL;
-#else
+    #else
         Aes dec[1];
-#endif
-        int dec_inited = 0;
-        byte plain [AES_BLOCK_SIZE * 4];
     #endif
+        byte plain [WC_AES_BLOCK_SIZE * 4];
+#endif
         wc_test_ret_t ret = 0;
 
         WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
@@ -9393,72 +10282,74 @@ EVP_TEST_END:
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
 #ifdef WOLFSSL_AES_128
         /* 128 key tests */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
+        ret = EVP_test(wolfSSL_EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
                 cipher1, sizeof(cipher1));
         if (ret != 0) {
             return ret;
         }
     #endif
 
-        ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #ifdef HAVE_AES_DECRYPT
         /* decrypt uses AES_ENCRYPTION */
-        ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(dec, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
 
         XMEMSET(cipher, 0, sizeof(cipher));
-        ret = wc_AesCfbEncrypt(enc, cipher, msg1, AES_BLOCK_SIZE * 2);
+        ret = wc_AesCfbEncrypt(enc, cipher, msg1, WC_AES_BLOCK_SIZE * 2);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
+        if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 2))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         /* test restarting encryption process */
-        ret = wc_AesCfbEncrypt(enc, cipher + (AES_BLOCK_SIZE * 2),
-                msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE);
+        ret = wc_AesCfbEncrypt(enc, cipher + (WC_AES_BLOCK_SIZE * 2),
+                msg1 + (WC_AES_BLOCK_SIZE * 2), WC_AES_BLOCK_SIZE);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2),
-                    cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher + (WC_AES_BLOCK_SIZE * 2),
+                    cipher1 + (WC_AES_BLOCK_SIZE * 2), WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 3);
+        ret = wc_AesCfbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE * 3);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3))
+        if (XMEMCMP(plain, msg1, WC_AES_BLOCK_SIZE * 3))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_128 */
@@ -9467,7 +10358,7 @@ EVP_TEST_END:
         /* 192 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
+        ret = EVP_test(wolfSSL_EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
                 cipher2, sizeof(cipher2));
         if (ret != 0) {
             return ret;
@@ -9485,19 +10376,19 @@ EVP_TEST_END:
     #endif
 
         XMEMSET(cipher, 0, sizeof(cipher));
-        ret = wc_AesCfbEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE * 4);
+        ret = wc_AesCfbEncrypt(enc, cipher, msg2, WC_AES_BLOCK_SIZE * 4);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4))
+        if (XMEMCMP(cipher, cipher2, WC_AES_BLOCK_SIZE * 4))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
-        ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 4);
+        ret = wc_AesCfbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE * 4);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4))
+        if (XMEMCMP(plain, msg2, WC_AES_BLOCK_SIZE * 4))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_192 */
@@ -9506,7 +10397,7 @@ EVP_TEST_END:
         /* 256 key size test */
     #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
         && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-        ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
+        ret = EVP_test(wolfSSL_EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
                 cipher3, sizeof(cipher3));
         if (ret != 0) {
             return ret;
@@ -9539,11 +10430,11 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         ret = wc_AesCfbEncrypt(enc, cipher + 31, msg3 + 31,
-                (AES_BLOCK_SIZE * 4) - 31);
+                (WC_AES_BLOCK_SIZE * 4) - 31);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4))
+        if (XMEMCMP(cipher, cipher3, WC_AES_BLOCK_SIZE * 4))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef HAVE_AES_DECRYPT
@@ -9566,35 +10457,34 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         ret = wc_AesCfbDecrypt(dec, plain + 31, cipher + 31,
-                (AES_BLOCK_SIZE * 4) - 31);
+                (WC_AES_BLOCK_SIZE * 4) - 31);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4))
+        if (XMEMCMP(plain, msg3, WC_AES_BLOCK_SIZE * 4))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_256 */
 
   out:
 
-    if (enc_inited)
-        wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    if (dec_inited)
-        wc_AesFree(dec);
-#endif
-
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
+#endif
 #ifdef HAVE_AES_DECRYPT
-    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
 #endif
 #endif
 
         return ret;
     }
 
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0))
+#if !defined(WOLFSSL_NO_AES_CFB_1_8)
     static wc_test_ret_t aescfb1_test(void)
     {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -9602,16 +10492,14 @@ EVP_TEST_END:
 #else
         Aes enc[1];
 #endif
-        int enc_inited = 0;
-        byte cipher[AES_BLOCK_SIZE];
+        byte cipher[WC_AES_BLOCK_SIZE];
     #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         Aes *dec = NULL;
 #else
         Aes dec[1];
 #endif
-        int dec_inited = 0;
-        byte plain [AES_BLOCK_SIZE];
+        byte plain [WC_AES_BLOCK_SIZE];
     #endif
         wc_test_ret_t ret = 0;
 
@@ -9691,35 +10579,37 @@ EVP_TEST_END:
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
-#endif
-
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
 #ifdef WOLFSSL_AES_128
         /* 128 key tests */
-        ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #ifdef HAVE_AES_DECRYPT
         /* decrypt uses AES_ENCRYPTION */
-        ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(dec, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
@@ -9751,7 +10641,7 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     #ifdef OPENSSL_EXTRA
-        ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
@@ -9761,8 +10651,8 @@ EVP_TEST_END:
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    #ifndef WOLFCRYPT_ONLY
-        ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
+    #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS)
+        ret = EVP_test(wolfSSL_EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
                 cipher, sizeof(msg1));
         if (ret != 0) {
             goto out;
@@ -9794,8 +10684,8 @@ EVP_TEST_END:
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        #ifndef WOLFCRYPT_ONLY
-        ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
+        #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS)
+        ret = EVP_test(wolfSSL_EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
                 cipher, sizeof(msg2));
         if (ret != 0) {
             goto out;
@@ -9828,8 +10718,8 @@ EVP_TEST_END:
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-        #ifndef WOLFCRYPT_ONLY
-        ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
+        #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS)
+        ret = EVP_test(wolfSSL_EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
                 cipher, sizeof(msg3));
         if (ret != 0) {
             goto out;
@@ -9840,19 +10730,18 @@ EVP_TEST_END:
 
   out:
 
-    if (enc_inited)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(enc, &enc);
+#else
         wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    if (dec_inited)
+#endif
+    #ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(dec, &dec);
+#else
         wc_AesFree(dec);
 #endif
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-#ifdef HAVE_AES_DECRYPT
-    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-#endif
-#endif
+    #endif
 
         return ret;
     }
@@ -9864,16 +10753,14 @@ EVP_TEST_END:
 #else
         Aes enc[1];
 #endif
-        int enc_inited = 0;
-        byte cipher[AES_BLOCK_SIZE];
+        byte cipher[WC_AES_BLOCK_SIZE];
     #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         Aes *dec = NULL;
 #else
         Aes dec[1];
 #endif
-        int dec_inited = 0;
-        byte plain [AES_BLOCK_SIZE];
+        byte plain [WC_AES_BLOCK_SIZE];
     #endif
         wc_test_ret_t ret = 0;
 
@@ -9950,42 +10837,45 @@ EVP_TEST_END:
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
 #ifdef WOLFSSL_AES_128
         /* 128 key tests */
-    #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
-        ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
+    #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \
+        !defined(HAVE_FIPS)
+        ret = EVP_test(wolfSSL_EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
                 cipher1, sizeof(cipher1));
         if (ret != 0) {
             return ret;
         }
     #endif
-        ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #ifdef HAVE_AES_DECRYPT
         /* decrypt uses AES_ENCRYPTION */
-        ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        ret = wc_AesSetKey(dec, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
@@ -10019,8 +10909,9 @@ EVP_TEST_END:
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
-        ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
+#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \
+        !defined(HAVE_FIPS)
+        ret = EVP_test(wolfSSL_EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
                 cipher2, sizeof(msg2));
         if (ret != 0) {
             return ret;
@@ -10042,8 +10933,9 @@ EVP_TEST_END:
         if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
-        ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
+    #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \
+        !defined(HAVE_FIPS)
+        ret = EVP_test(wolfSSL_EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
                 cipher3, sizeof(msg3));
         if (ret != 0) {
             goto out;
@@ -10053,31 +10945,30 @@ EVP_TEST_END:
 
       out:
 
-        if (enc_inited)
-            wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-        if (dec_inited)
-            wc_AesFree(dec);
-#endif
-
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-#ifdef HAVE_AES_DECRYPT
-    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+        wc_AesDelete(enc, &enc);
+#else
+        wc_AesFree(enc);
 #endif
+    #ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+        wc_AesDelete(dec, &dec);
+#else
+        wc_AesFree(dec);
 #endif
+    #endif
 
         return ret;
     }
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
 #endif /* WOLFSSL_AES_CFB */
 
-
+#ifndef HAVE_RENESAS_SYNC
 static wc_test_ret_t aes_key_size_test(void)
 {
     wc_test_ret_t ret;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes    *aes;
+    Aes    *aes = NULL;
 #else
     Aes    aes[1];
 #endif
@@ -10098,8 +10989,14 @@ static wc_test_ret_t aes_key_size_test(void)
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        return WC_TEST_RET_ENC_ERRNO;
+    aes = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (aes == NULL)
+        return WC_TEST_RET_ENC_EC(ret);
+#else
+    ret = wc_AesInit(aes, HEAP_HINT, devId);
+    /* 0 check OK for FIPSv1 */
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
 #if !defined(HAVE_FIPS) || \
@@ -10107,29 +11004,24 @@ static wc_test_ret_t aes_key_size_test(void)
     /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not
      * supported with that FIPS version */
     ret = wc_AesInit(NULL, HEAP_HINT, devId);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    ret = wc_AesInit(aes, HEAP_HINT, devId);
-    /* 0 check OK for FIPSv1 */
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-
 #ifndef HAVE_FIPS
     /* Parameter Validation testing. */
     ret = wc_AesGetKeySize(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesGetKeySize(aes, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesGetKeySize(NULL, &keySize);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     /* Crashes in FIPS */
     ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
     /* NULL IV indicates to use all zeros IV. */
@@ -10137,11 +11029,11 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifdef WOLFSSL_AES_128
     if (ret != 0)
 #else
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesSetKey(aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 /* CryptoCell handles rounds internally */
 #if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL)
@@ -10150,7 +11042,7 @@ static wc_test_ret_t aes_key_size_test(void)
     /* Force invalid rounds */
     aes->rounds = 16;
     ret = wc_AesGetKeySize(aes, &keySize);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 #endif
@@ -10159,7 +11051,7 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifdef WOLFSSL_AES_128
     if (ret != 0)
 #else
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128)
@@ -10173,7 +11065,7 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifdef WOLFSSL_AES_192
     if (ret != 0)
 #else
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192)
@@ -10186,7 +11078,7 @@ static wc_test_ret_t aes_key_size_test(void)
 #ifdef WOLFSSL_AES_256
     if (ret != 0)
 #else
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
 #endif
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
@@ -10198,13 +11090,15 @@ static wc_test_ret_t aes_key_size_test(void)
     ret = 0; /* success */
   out:
 
-    wc_AesFree(aes);
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, &aes);
+#else
+    wc_AesFree(aes);
 #endif
 
     return ret;
 }
+#endif /* !HAVE_RENESAS_SYNC */
 
 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
 
@@ -10219,8 +11113,8 @@ static wc_test_ret_t aes_xts_128_test(void)
 #endif
     int aes_inited = 0;
     wc_test_ret_t ret = 0;
-    unsigned char buf[AES_BLOCK_SIZE * 2 + 8];
-    unsigned char cipher[AES_BLOCK_SIZE * 2 + 8];
+    unsigned char buf[WC_AES_BLOCK_SIZE * 2 + 8];
+    unsigned char cipher[WC_AES_BLOCK_SIZE * 2 + 8];
 #ifdef WOLFSSL_AESXTS_STREAM
     struct XtsAesStreamData stream;
 #endif
@@ -10330,7 +11224,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
     && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
+    ret = EVP_test(wolfSSL_EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
     if (ret != 0) {
         printf("EVP_aes_128_xts failed!\n");
         goto out;
@@ -10365,14 +11259,14 @@ static wc_test_ret_t aes_xts_128_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p2 + WC_AES_BLOCK_SIZE, sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
@@ -10385,7 +11279,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -10408,7 +11302,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
 #ifdef WOLFSSL_AESXTS_STREAM
@@ -10439,7 +11333,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -10447,7 +11341,7 @@ static wc_test_ret_t aes_xts_128_test(void)
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
@@ -10490,7 +11384,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(cipher, 0, sizeof(cipher));
     ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -10542,7 +11436,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -10595,7 +11489,7 @@ static wc_test_ret_t aes_xts_128_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -10608,7 +11502,7 @@ static wc_test_ret_t aes_xts_128_test(void)
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
@@ -10670,14 +11564,14 @@ static wc_test_ret_t aes_xts_128_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsEncryptUpdate(aes, buf, p3, AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p3, WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p3 + WC_AES_BLOCK_SIZE, sizeof(p3) - WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
@@ -10712,14 +11606,14 @@ static wc_test_ret_t aes_xts_128_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsDecryptUpdate(aes, buf, c3, AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsDecryptUpdate(aes, buf, c3, WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsDecryptFinal(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsDecryptFinal(aes, buf + WC_AES_BLOCK_SIZE, c3 + WC_AES_BLOCK_SIZE, sizeof(c3) - WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
@@ -10801,17 +11695,19 @@ static wc_test_ret_t aes_xts_128_test(void)
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-            for (k = 0; k < j; k += AES_BLOCK_SIZE) {
-                if ((j - k) < AES_BLOCK_SIZE*2)
-                    ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsEncryptFinal(aes, large_input + k,
+                        large_input + k, (word32)(j - k), &stream);
                 else
-                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
+                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k,
+                        large_input + k, WC_AES_BLOCK_SIZE, &stream);
         #if defined(WOLFSSL_ASYNC_CRYPT)
                 ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
         #endif
                 if (ret != 0)
                     ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-                if ((j - k) < AES_BLOCK_SIZE*2)
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     break;
             }
 
@@ -10863,11 +11759,13 @@ static wc_test_ret_t aes_xts_128_test(void)
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-            for (k = 0; k < j; k += AES_BLOCK_SIZE) {
-                if ((j - k) < AES_BLOCK_SIZE*2)
-                    ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsDecryptFinal(aes, large_input + k,
+                        large_input + k, (word32)(j - k), &stream);
                 else
-                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
+                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k,
+                        large_input + k, WC_AES_BLOCK_SIZE, &stream);
             #if defined(WOLFSSL_ASYNC_CRYPT)
                 #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
                 ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
@@ -10878,7 +11776,7 @@ static wc_test_ret_t aes_xts_128_test(void)
             #endif
                 if (ret != 0)
                     ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-                if ((j - k) < AES_BLOCK_SIZE*2)
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     break;
             }
 
@@ -10913,6 +11811,8 @@ static wc_test_ret_t aes_xts_128_test(void)
 }
 #endif /* WOLFSSL_AES_128 */
 
+#ifndef HAVE_FIPS
+/* FIPS won't allow for XTS-384 (two 192-bit keys) */
 #ifdef WOLFSSL_AES_192
 static wc_test_ret_t aes_xts_192_test(void)
 {
@@ -10923,8 +11823,8 @@ static wc_test_ret_t aes_xts_192_test(void)
 #endif
     int aes_inited = 0;
     wc_test_ret_t ret = 0;
-    unsigned char buf[AES_BLOCK_SIZE * 2 + 8];
-    unsigned char cipher[AES_BLOCK_SIZE * 2 + 8];
+    unsigned char buf[WC_AES_BLOCK_SIZE * 2 + 8];
+    unsigned char cipher[WC_AES_BLOCK_SIZE * 2 + 8];
 #ifdef WOLFSSL_AESXTS_STREAM
     struct XtsAesStreamData stream;
 #endif
@@ -11003,7 +11903,6 @@ static wc_test_ret_t aes_xts_192_test(void)
         0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4
     };
 
-#ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
     WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
         0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
         0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
@@ -11030,7 +11929,6 @@ static wc_test_ret_t aes_xts_192_test(void)
         0xe8, 0xc5, 0x99, 0x3d, 0x58, 0x3c, 0xeb, 0xba,
         0x86, 0xea, 0x2c, 0x7e, 0x1f, 0xba, 0x81, 0xde
     };
-#endif /* HAVE_FIPS */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
@@ -11065,14 +11963,14 @@ static wc_test_ret_t aes_xts_192_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p2 + WC_AES_BLOCK_SIZE, sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
@@ -11085,7 +11983,7 @@ static wc_test_ret_t aes_xts_192_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -11108,7 +12006,7 @@ static wc_test_ret_t aes_xts_192_test(void)
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
 #ifdef WOLFSSL_AESXTS_STREAM
@@ -11139,7 +12037,7 @@ static wc_test_ret_t aes_xts_192_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -11147,7 +12045,7 @@ static wc_test_ret_t aes_xts_192_test(void)
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
@@ -11190,7 +12088,7 @@ static wc_test_ret_t aes_xts_192_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(cipher, 0, sizeof(cipher));
     ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -11242,7 +12140,7 @@ static wc_test_ret_t aes_xts_192_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -11295,7 +12193,7 @@ static wc_test_ret_t aes_xts_192_test(void)
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
         defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     XMEMSET(buf, 0, sizeof(buf));
     ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -11308,7 +12206,7 @@ static wc_test_ret_t aes_xts_192_test(void)
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
@@ -11345,8 +12243,6 @@ static wc_test_ret_t aes_xts_192_test(void)
     if (XMEMCMP(p2, buf, sizeof(p2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-#ifndef HAVE_FIPS
-
     /* Test ciphertext stealing in-place. */
     XMEMCPY(buf, p3, sizeof(p3));
     ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
@@ -11370,14 +12266,14 @@ static wc_test_ret_t aes_xts_192_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsEncryptUpdate(aes, buf, p3, AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p3, WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p3 + WC_AES_BLOCK_SIZE, sizeof(p3) - WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
@@ -11412,14 +12308,14 @@ static wc_test_ret_t aes_xts_192_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsDecryptUpdate(aes, buf, c3, AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsDecryptUpdate(aes, buf, c3, WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsDecryptFinal(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsDecryptFinal(aes, buf + WC_AES_BLOCK_SIZE, c3 + WC_AES_BLOCK_SIZE, sizeof(c3) - WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
@@ -11430,8 +12326,6 @@ static wc_test_ret_t aes_xts_192_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif /* WOLFSSL_AESXTS_STREAM */
 
-#endif /* !HAVE_FIPS */
-
 #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
     !defined(WOLFSSL_AFALG)
     {
@@ -11454,7 +12348,7 @@ static wc_test_ret_t aes_xts_192_test(void)
             ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-            ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
+            ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
                 sizeof(i1));
         #if defined(WOLFSSL_ASYNC_CRYPT)
             ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -11465,7 +12359,7 @@ static wc_test_ret_t aes_xts_192_test(void)
             ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-            ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
+            ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
                 sizeof(i1));
         #if defined(WOLFSSL_ASYNC_CRYPT)
             #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
@@ -11501,17 +12395,19 @@ static wc_test_ret_t aes_xts_192_test(void)
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-            for (k = 0; k < j; k += AES_BLOCK_SIZE) {
-                if ((j - k) < AES_BLOCK_SIZE*2)
-                    ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsEncryptFinal(aes, large_input + k,
+                        large_input + k, (word32)(j - k), &stream);
                 else
-                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
+                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k,
+                        large_input + k, WC_AES_BLOCK_SIZE, &stream);
         #if defined(WOLFSSL_ASYNC_CRYPT)
                 ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
         #endif
                 if (ret != 0)
                     ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-                if ((j - k) < AES_BLOCK_SIZE*2)
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     break;
             }
 
@@ -11563,11 +12459,13 @@ static wc_test_ret_t aes_xts_192_test(void)
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-            for (k = 0; k < j; k += AES_BLOCK_SIZE) {
-                if ((j - k) < AES_BLOCK_SIZE*2)
-                    ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
+                    ret = wc_AesXtsDecryptFinal(aes, large_input + k,
+                        large_input + k, (word32)(j - k), &stream);
                 else
-                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
+                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k,
+                        large_input + k, WC_AES_BLOCK_SIZE, &stream);
             #if defined(WOLFSSL_ASYNC_CRYPT)
                 #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
                 ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
@@ -11578,7 +12476,7 @@ static wc_test_ret_t aes_xts_192_test(void)
             #endif
                 if (ret != 0)
                     ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-                if ((j - k) < AES_BLOCK_SIZE*2)
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     break;
             }
 
@@ -11612,7 +12510,7 @@ static wc_test_ret_t aes_xts_192_test(void)
     return ret;
 }
 #endif /* WOLFSSL_AES_192 */
-
+#endif /* HAVE_FIPS */
 
 #ifdef WOLFSSL_AES_256
 static wc_test_ret_t aes_xts_256_test(void)
@@ -11624,8 +12522,8 @@ static wc_test_ret_t aes_xts_256_test(void)
 #endif
     int aes_inited = 0;
     wc_test_ret_t ret = 0;
-    unsigned char buf[AES_BLOCK_SIZE * 3];
-    unsigned char cipher[AES_BLOCK_SIZE * 3];
+    unsigned char buf[WC_AES_BLOCK_SIZE * 3];
+    unsigned char cipher[WC_AES_BLOCK_SIZE * 3];
 #ifdef WOLFSSL_AESXTS_STREAM
     struct XtsAesStreamData stream;
 #endif
@@ -11718,7 +12616,7 @@ static wc_test_ret_t aes_xts_256_test(void)
 
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
     && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-    ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
+    ret = EVP_test(wolfSSL_EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
     if (ret != 0) {
         printf("EVP_aes_256_xts failed\n");
         goto out;
@@ -11753,14 +12651,14 @@ static wc_test_ret_t aes_xts_256_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, &stream);
+    ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p2 + WC_AES_BLOCK_SIZE, sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
@@ -11781,7 +12679,7 @@ static wc_test_ret_t aes_xts_256_test(void)
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
 #ifdef WOLFSSL_AESXTS_STREAM
@@ -11910,7 +12808,7 @@ static wc_test_ret_t aes_xts_256_test(void)
             ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-            ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
+            ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
                 sizeof(i1));
         #if defined(WOLFSSL_ASYNC_CRYPT)
             ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -11921,7 +12819,7 @@ static wc_test_ret_t aes_xts_256_test(void)
             ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-            ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
+            ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
                 sizeof(i1));
         #if defined(WOLFSSL_ASYNC_CRYPT)
             #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
@@ -11957,17 +12855,17 @@ static wc_test_ret_t aes_xts_256_test(void)
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-            for (k = 0; k < j; k += AES_BLOCK_SIZE) {
-                if ((j - k) < AES_BLOCK_SIZE*2)
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
                 else
-                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
+                    ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
         #if defined(WOLFSSL_ASYNC_CRYPT)
                 ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
         #endif
                 if (ret != 0)
                     ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-                if ((j - k) < AES_BLOCK_SIZE*2)
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     break;
             }
 
@@ -12018,11 +12916,11 @@ static wc_test_ret_t aes_xts_256_test(void)
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-            for (k = 0; k < j; k += AES_BLOCK_SIZE) {
-                if ((j - k) < AES_BLOCK_SIZE*2)
+            for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
                 else
-                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
+                    ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
             #if defined(WOLFSSL_ASYNC_CRYPT)
                 #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
                 ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
@@ -12033,7 +12931,7 @@ static wc_test_ret_t aes_xts_256_test(void)
             #endif
                 if (ret != 0)
                     ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-                if ((j - k) < AES_BLOCK_SIZE*2)
+                if ((j - k) < WC_AES_BLOCK_SIZE*2)
                     break;
             }
 
@@ -12080,7 +12978,7 @@ static wc_test_ret_t aes_xts_sector_test(void)
 #endif
     int aes_inited = 0;
     wc_test_ret_t ret = 0;
-    unsigned char buf[AES_BLOCK_SIZE * 2];
+    unsigned char buf[WC_AES_BLOCK_SIZE * 2];
 
     /* 128 key tests */
     WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
@@ -12268,7 +13166,7 @@ static wc_test_ret_t aes_xts_sector_test(void)
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     /* decrypt test */
@@ -12286,7 +13184,7 @@ static wc_test_ret_t aes_xts_sector_test(void)
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
+    if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     /* 256 bit key tests */
@@ -12384,7 +13282,7 @@ static wc_test_ret_t aes_xts_args_test(void)
 #endif
     int aes_inited = 0;
     wc_test_ret_t ret;
-    unsigned char buf[AES_BLOCK_SIZE * 2];
+    unsigned char buf[WC_AES_BLOCK_SIZE * 2];
 
     /* 128 key tests */
     WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
@@ -12482,11 +13380,12 @@ static wc_test_ret_t aes_xts_args_test(void)
 #endif /* WOLFSSL_AES_128 */
 #endif /* WOLFSSL_AES_XTS && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */
 
-#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
-static wc_test_ret_t aes_cbc_test(void)
+#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
+    !defined(HAVE_RENESAS_SYNC)
+static wc_test_ret_t aes_cbc_oneshot_test(void)
 {
-    byte cipher[AES_BLOCK_SIZE];
-    byte plain[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
     wc_test_ret_t ret;
     WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
         0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
@@ -12496,29 +13395,29 @@ static wc_test_ret_t aes_cbc_test(void)
     byte key[] = "0123456789abcdef   ";  /* align */
     byte iv[]  = "1234567890abcdef   ";  /* align */
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
 
     /* Parameter Validation testing. */
-    ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL);
-    if (ret != BAD_FUNC_ARG)
+    ret = wc_AesCbcEncryptWithKey(cipher, msg, WC_AES_BLOCK_SIZE, key, 17, NULL);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 #ifdef HAVE_AES_DECRYPT
-    ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL);
-    if (ret != BAD_FUNC_ARG)
+    ret = wc_AesCbcDecryptWithKey(plain, cipher, WC_AES_BLOCK_SIZE, key, 17, NULL);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
-    ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key,
-                                  AES_BLOCK_SIZE, iv);
+    ret = wc_AesCbcEncryptWithKey(cipher, msg, WC_AES_BLOCK_SIZE, key,
+                                  WC_AES_BLOCK_SIZE, iv);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 #ifdef HAVE_AES_DECRYPT
-    ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key,
-                                  AES_BLOCK_SIZE, iv);
+    ret = wc_AesCbcDecryptWithKey(plain, cipher, WC_AES_BLOCK_SIZE, key,
+                                  WC_AES_BLOCK_SIZE, iv);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
-    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
+    if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0)
         return WC_TEST_RET_ENC_NC;
 #endif /* HAVE_AES_DECRYPT */
 
@@ -12527,181 +13426,18 @@ static wc_test_ret_t aes_cbc_test(void)
 }
 #endif
 
-#if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-static wc_test_ret_t aesecb_test(void)
+#if defined(WOLFSSL_AES_COUNTER)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void)
 {
-    wc_test_ret_t ret = 0;
-#if defined(WOLFSSL_AES_256)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    Aes *enc = NULL;
+    Aes *dec = NULL;
 #else
     Aes enc[1];
-#endif
-    int enc_inited = 0;
-    byte cipher[AES_BLOCK_SIZE * 4];
-#ifdef HAVE_AES_DECRYPT
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-#else
     Aes dec[1];
 #endif
-    int dec_inited = 0;
-    byte plain[AES_BLOCK_SIZE * 4];
-#endif /* HAVE_AES_DECRYPT */
-
-    {
-        WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
-        {
-            0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
-            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
-        };
-
-        WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
-        {
-            0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
-            0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
-        };
-
-        WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
-        {
-            0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
-            0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
-            0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
-            0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
-        };
-
-        ret = wc_AesInit(enc, HEAP_HINT, devId);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        enc_inited = 1;
-    #if defined(HAVE_AES_DECRYPT)
-        ret = wc_AesInit(dec, HEAP_HINT, devId);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        dec_inited = 1;
-    #endif
-
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
-        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
-        ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
-        ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#endif
-
-#ifdef HAVE_AES_DECRYPT
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
-        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
-        ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
-        ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#endif
-#endif /* HAVE_AES_DECRYPT */
-    }
-
-  out:
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#ifdef HAVE_AES_DECRYPT
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#endif
-#else
-    if (enc_inited)
-        wc_AesFree(enc);
-#ifdef HAVE_AES_DECRYPT
-    if (dec_inited)
-        wc_AesFree(dec);
-#endif
-#endif
-
-#endif /* WOLFSSL_AES_256 */
-
-    return ret;
-}
-#endif /* HAVE_AES_ECB */
-
-#ifdef WOLFSSL_AES_COUNTER
-static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
-{
+    byte cipher[WC_AES_BLOCK_SIZE * 4];
+    byte plain [WC_AES_BLOCK_SIZE * 4];
     wc_test_ret_t ret = 0;
 
     /* test vectors from "Recommendation for Block Cipher Modes of
@@ -13265,6 +14001,26 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
     };
     #define AES_CTR_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
 
+    WOLFSSL_ENTER("aes_ctr_test");
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    XMEMSET(dec, 0, sizeof(Aes));
+    ret = wc_AesInit(enc, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    ret = wc_AesInit(dec, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
+
     for (i = 0; i < AES_CTR_TEST_LEN; i++) {
         if (testVec[i].key != NULL) {
             ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz,
@@ -13315,13 +14071,13 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
             }
         }
 
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
         if (ret != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
         WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
         if (ret != 0) {
@@ -13340,7 +14096,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
 
     for (i = 0; i < AES_CTR_TEST_LEN; i++) {
         if (testVec[i].key != NULL) {
-            WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+            WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
             ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
                 testVec[i].iv, AES_ENCRYPTION);
             WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -13348,7 +14104,7 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
                 ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
             }
             /* Ctr only uses encrypt, even on key setup */
-            WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+            WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
             ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
                 testVec[i].iv, AES_ENCRYPTION);
             WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
@@ -13378,8 +14134,19 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
 
 #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
 
-
 out:
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
+#endif
+#ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
+#endif
+#endif
     return ret;
 }
 #endif /* WOLFSSL_AES_COUNTER */
@@ -13388,8 +14155,9 @@ out:
 static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
 {
     wc_test_ret_t ret = 0;
-
-    WOLFSSL_SMALL_STACK_STATIC const byte key_128[] = "0123456789abcdef   ";
+    /* keys padded to block size (16 bytes) */
+    WOLFSSL_SMALL_STACK_STATIC const byte key_128[] =
+        "0123456789abcdef   ";
     WOLFSSL_SMALL_STACK_STATIC const byte key_192[] =
         "0123456789abcdef01234567   ";
     WOLFSSL_SMALL_STACK_STATIC const byte key_256[] =
@@ -13399,29 +14167,46 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
         0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
         0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_128[AES_BLOCK_SIZE] = {
+    WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_128[WC_AES_BLOCK_SIZE] = {
         0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
         0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_192[AES_BLOCK_SIZE] = {
+    WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_192[WC_AES_BLOCK_SIZE] = {
         0x06, 0x57, 0xee, 0x78, 0x3f, 0x96, 0x00, 0xb1,
         0xec, 0x76, 0x94, 0x30, 0x29, 0xbe, 0x15, 0xab
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_256[AES_BLOCK_SIZE] = {
+    WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_256[WC_AES_BLOCK_SIZE] = {
         0xcd, 0xf2, 0x81, 0x3e, 0x73, 0x3e, 0xf7, 0x33,
         0x3d, 0x18, 0xfd, 0x41, 0x85, 0x37, 0x04, 0x82
     };
 
+    WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = {
+        0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
+        0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
+        0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
+        0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = {
+        0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+        0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
+    };
+    WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = {
+        0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
+        0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
+    };
+
     int i;
     struct {
         const byte* key;
         int         keySz;
-        const byte* iv;
+        const byte* iv; /* null uses 0's */
+        const byte* plain;
         const byte* verify;
     } testVec[] = {
-      { key_128, 16, iv, verify_ecb_128 },
-      { key_192, 24, iv, verify_ecb_192 },
-      { key_256, 32, iv, verify_ecb_256 },
+        { key_128, 16, iv,   msg,     verify_ecb_128 },
+        { key_192, 24, iv,   msg,     verify_ecb_192 },
+        { key_256, 32, iv,   msg,     verify_ecb_256 },
+        { niKey,   32, NULL, niPlain, niCipher }
     };
     #define AES_ECB_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
 
@@ -13437,26 +14222,26 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #endif
 
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
-        ret = wc_AesEcbEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
+        XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
+        ret = wc_AesEcbEncrypt(enc, cipher, testVec[i].plain, WC_AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(cipher, testVec[i].verify, AES_BLOCK_SIZE)) {
+        if (XMEMCMP(cipher, testVec[i].verify, WC_AES_BLOCK_SIZE)) {
             WOLFSSL_MSG("aes_test cipher vs verify_ecb mismatch!");
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
     #ifdef HAVE_AES_DECRYPT
-        XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
-        ret = wc_AesEcbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
+        XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
+        ret = wc_AesEcbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, testVec[i].plain, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
     #endif /* HAVE_AES_DECRYPT */
         (void)dec;
@@ -13466,121 +14251,193 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
 out:
     return ret;
 }
-#endif
+#endif /* HAVE_AES_ECB */
 
-WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
+#ifdef WOLFSSL_AES_DIRECT
+static wc_test_ret_t aes_direct_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
+{
+    wc_test_ret_t ret = 0;
+
+    WOLFSSL_ENTER("aes_direct_test");
+
+#if defined(WOLFSSL_AES_256)
+    {
+        WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
+        {
+            0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
+        };
+
+        WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
+        {
+            0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
+            0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
+        };
+
+        WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
+        {
+            0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
+            0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
+            0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
+            0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
+        };
+
+        XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
+        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#if !defined(HAVE_SELFTEST) && \
+    (defined(WOLFSSL_LINUXKM) || \
+     !defined(HAVE_FIPS) || \
+     (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        ret = wc_AesEncryptDirect(enc, cipher, niPlain);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+        wc_AesEncryptDirect(enc, cipher, niPlain);
+#endif
+        if (XMEMCMP(cipher, niCipher, WC_AES_BLOCK_SIZE) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+#ifdef HAVE_AES_DECRYPT
+        XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
+        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#if !defined(HAVE_SELFTEST) && \
+    (defined(WOLFSSL_LINUXKM) || \
+     !defined(HAVE_FIPS) || \
+     (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        ret = wc_AesDecryptDirect(dec, plain, niCipher);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+        wc_AesDecryptDirect(dec, plain, niCipher);
+#endif
+        if (XMEMCMP(plain, niPlain, WC_AES_BLOCK_SIZE) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif /* HAVE_AES_DECRYPT */
+    }
+out:
+#endif /* WOLFSSL_AES_256 */
+    (void)enc;
+    (void)dec;
+    (void)cipher;
+    (void)plain;
+    return ret;
+}
+#endif /* WOLFSSL_AES_DIRECT */
+
+#ifdef HAVE_AES_CBC
+
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void)
 {
-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    Aes *enc = NULL;
 #else
     Aes enc[1];
 #endif
-    int enc_inited = 0;
-    byte cipher[AES_BLOCK_SIZE * 4];
-#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
+#ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    Aes *dec = NULL;
 #else
     Aes dec[1];
 #endif
-    int dec_inited = 0;
-    byte plain [AES_BLOCK_SIZE * 4];
-#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */
-#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
+#endif
+    byte cipher[WC_AES_BLOCK_SIZE * 4];
+#ifdef HAVE_AES_DECRYPT
+    byte plain [WC_AES_BLOCK_SIZE * 4];
+#endif
     wc_test_ret_t ret = 0;
 
-#ifdef HAVE_AES_CBC
-#ifdef WOLFSSL_AES_128
-    WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
-        0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-
-    WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
-    {
-        0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
-        0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
-    };
-    #ifdef HAVE_RENESAS_SYNC
-        const byte *key =
-                (byte*)guser_PKCbInfo.wrapped_key_aes128;
-    #else
-        WOLFSSL_SMALL_STACK_STATIC const
-            byte key[] = "0123456789abcdef   ";  /* align */
-    #endif
-    WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = "1234567890abcdef   ";  /* align */
-    WOLFSSL_ENTER("aes_test");
+    WOLFSSL_ENTER("aes_cbc_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \
-    defined(WOLFSSL_AES_DIRECT)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
     if (enc == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
     if (dec == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
-#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
-
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    enc_inited = 1;
-#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
+#ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    dec_inited = 1;
 #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
-#ifdef HAVE_AES_ECB
-    ret = aes_ecb_test(enc, dec, cipher, plain);
-    if (ret != 0)
-        return ret;
-#endif
-
-    ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#ifdef HAVE_AES_DECRYPT
-    ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#endif
-
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
-    ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#ifdef HAVE_AES_DECRYPT
-    XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
-    ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
-#if defined(WOLFSSL_ASYNC_CRYPT)
-    ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
-#endif
-    if (ret != 0) {
-        WOLFSSL_MSG("failed wc_AesCbcDecrypt");
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    }
-
-    if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) {
-        WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare");
-        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-    }
-#endif /* HAVE_AES_DECRYPT */
-    /* skipped because wrapped key use in case of renesas sm */
-    #ifndef HAVE_RENESAS_SYNC
-    if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) {
-        WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare");
-        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-    }
+#ifdef WOLFSSL_AES_128
+    {
+        /* "Now is the time for all " w/o trailing 0 */
+        WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
+            0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
+            0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
+            0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+        WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
+        {
+            0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
+            0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
+        };
+    #ifdef HAVE_RENESAS_SYNC
+        const byte *key = (byte*)guser_PKCbInfo.wrapped_key_aes128;
+    #else
+        /* padded to 16-byye */
+        WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef   ";
     #endif
+        /* padded to 16-bytes */
+        WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = "1234567890abcdef   ";
+
+        ret = wc_AesSetKey(enc, key, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+        ret = wc_AesSetKey(dec, key, WC_AES_BLOCK_SIZE, iv, AES_DECRYPTION);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+
+        XMEMSET(cipher, 0, sizeof(cipher));
+        ret = wc_AesCbcEncrypt(enc, cipher, msg, WC_AES_BLOCK_SIZE);
+    #if defined(WOLFSSL_ASYNC_CRYPT)
+        ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+        XMEMSET(plain, 0, sizeof(plain));
+        ret = wc_AesCbcDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE);
+    #if defined(WOLFSSL_ASYNC_CRYPT)
+        ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
+    #endif
+        if (ret != 0) {
+            WOLFSSL_MSG("failed wc_AesCbcDecrypt");
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+        }
+
+        if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE)) {
+            WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare");
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
+    #endif /* HAVE_AES_DECRYPT */
+        /* skipped because wrapped key use in case of renesas sm */
+        #ifndef HAVE_RENESAS_SYNC
+        if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE)) {
+            WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare");
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
+        #endif
+    }
 #endif /* WOLFSSL_AES_128 */
 
 #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
@@ -13636,15 +14493,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
             0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
             0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
         };
-        WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = "0123456789abcdeffedcba9876543210";
+        WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] =
+            "0123456789abcdeffedcba9876543210";
+        /* padded to 16-bytes */
+        WOLFSSL_SMALL_STACK_STATIC const byte iv[]  = "1234567890abcdef   ";
         word32 keySz, msgSz;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER);
 
         if ((bigCipher == NULL) ||
             (bigPlain == NULL)) {
             XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         }
 #else
@@ -13652,12 +14515,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
         byte bigPlain[sizeof(bigMsg)];
 #endif
 
-        /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
-         * message by AES_BLOCK_SIZE for each size of AES key. */
+        /* Iterate from one WC_AES_BLOCK_SIZE of bigMsg through the whole
+         * message by WC_AES_BLOCK_SIZE for each size of AES key. */
         for (keySz = 16; keySz <= 32; keySz += 8) {
-            for (msgSz = AES_BLOCK_SIZE;
+            for (msgSz = WC_AES_BLOCK_SIZE;
                  msgSz <= sizeof(bigMsg);
-                 msgSz += AES_BLOCK_SIZE) {
+                 msgSz += WC_AES_BLOCK_SIZE) {
 
                 XMEMSET(bigCipher, 0, sizeof(bigMsg));
                 XMEMSET(bigPlain, 0, sizeof(bigMsg));
@@ -13700,13 +14563,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
         }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-        /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
-         * message by AES_BLOCK_SIZE for each size of AES key. */
-        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+        /* Iterate from one WC_AES_BLOCK_SIZE of bigMsg through the whole
+         * message by WC_AES_BLOCK_SIZE for each size of AES key. */
+        WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
         for (keySz = 16; keySz <= 32; keySz += 8) {
-            for (msgSz = AES_BLOCK_SIZE;
+            for (msgSz = WC_AES_BLOCK_SIZE;
                  msgSz <= sizeof(bigMsg);
-                 msgSz += AES_BLOCK_SIZE) {
+                 msgSz += WC_AES_BLOCK_SIZE) {
 
                 XMEMSET(bigCipher, 0, sizeof(bigMsg));
                 XMEMSET(bigPlain, 0, sizeof(bigMsg));
@@ -13794,124 +14657,157 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
         ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2);
-        ret = wc_AesCbcEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE);
+        XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 2);
+        ret = wc_AesCbcEncrypt(enc, cipher, msg2, WC_AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     #ifndef HAVE_RENESAS_SYNC
-        if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, verify2, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     #endif
-        ret = wc_AesCbcEncrypt(enc, cipher + AES_BLOCK_SIZE,
-                msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        ret = wc_AesCbcEncrypt(enc, cipher + WC_AES_BLOCK_SIZE,
+                msg2 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE,
-                    AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher + WC_AES_BLOCK_SIZE, verify2 + WC_AES_BLOCK_SIZE,
+                    WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         #if defined(HAVE_AES_DECRYPT)
         ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        XMEMSET(plain, 0, AES_BLOCK_SIZE * 2);
-        ret = wc_AesCbcDecrypt(dec, plain, verify2, AES_BLOCK_SIZE);
+        XMEMSET(plain, 0, WC_AES_BLOCK_SIZE * 2);
+        ret = wc_AesCbcDecrypt(dec, plain, verify2, WC_AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, msg2, WC_AES_BLOCK_SIZE))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        ret = wc_AesCbcDecrypt(dec, plain + AES_BLOCK_SIZE,
-                verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        ret = wc_AesCbcDecrypt(dec, plain + WC_AES_BLOCK_SIZE,
+                verify2 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
     #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
     #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE,
-                    AES_BLOCK_SIZE)) {
+        if (XMEMCMP(plain + WC_AES_BLOCK_SIZE, msg2 + WC_AES_BLOCK_SIZE,
+                    WC_AES_BLOCK_SIZE)) {
             WOLFSSL_MSG("wc_AesCbcDecrypt failed plain-msg2 compare");
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         }
         #endif /* HAVE_AES_DECRYPT */
+
+        aes_cbc_oneshot_test();
     }
 #endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */
+
+  out:
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
+#endif
+#ifdef HAVE_AES_DECRYPT
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
+#endif
+#endif
+
+    return ret;
+}
 #endif /* HAVE_AES_CBC */
 
-#ifdef WOLFSSL_AES_COUNTER
-    ret = aesctr_test(enc, dec, cipher, plain);
+#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)
+static wc_test_ret_t aes_ecb_direct_test(void)
+{
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    Aes *enc = NULL;
+#else
+    Aes enc[1];
+#endif
+#if !defined(HAVE_AES_DECRYPT) || \
+    (defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC))
+    Aes *dec = NULL;
+#else
+    Aes dec[1];
+#endif
+    byte cipher[WC_AES_BLOCK_SIZE];
+    byte plain [WC_AES_BLOCK_SIZE];
+    wc_test_ret_t ret = 0;
+
+    WOLFSSL_ENTER("aes_ecb/direct_test");
+
+#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
+#endif
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#else
+    ret = wc_AesInit(enc, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#ifdef HAVE_AES_DECRYPT
+    ret = wc_AesInit(dec, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
+
+#ifdef HAVE_AES_ECB
+    ret = aes_ecb_test(enc, dec, cipher, plain);
     if (ret != 0)
         return ret;
 #endif
 
-#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
-    {
-        WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
-        {
-            0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
-            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
-        };
-
-        WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
-        {
-            0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
-            0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
-        };
-
-        WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
-        {
-            0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
-            0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
-            0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
-            0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
-        };
-
-        XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#if !defined(HAVE_SELFTEST) && \
-    (defined(WOLFSSL_LINUXKM) || \
-     !defined(HAVE_FIPS) || \
-     (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-        ret = wc_AesEncryptDirect(enc, cipher, niPlain);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#else
-        wc_AesEncryptDirect(enc, cipher, niPlain);
+#ifdef WOLFSSL_AES_DIRECT
+    ret = aes_direct_test(enc, dec, cipher, plain);
+    if (ret != 0)
+        return ret;
 #endif
-        if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-#ifdef HAVE_AES_DECRYPT
-        XMEMSET(plain, 0, AES_BLOCK_SIZE);
-        ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-#if !defined(HAVE_SELFTEST) && \
-    (defined(WOLFSSL_LINUXKM) || \
-     !defined(HAVE_FIPS) || \
-     (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
-        ret = wc_AesDecryptDirect(dec, plain, niCipher);
-        if (ret != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+  out:
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(enc, &enc);
+    wc_AesDelete(dec, &dec);
 #else
-        wc_AesDecryptDirect(dec, plain, niCipher);
+    wc_AesFree(enc);
+    wc_AesFree(dec);
 #endif
-        if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
-            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#endif /* HAVE_AES_DECRYPT */
-    }
-#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
+
+    return ret;
+}
+#endif /* HAVE_AES_ECB || WOLFSSL_AES_DIRECT */
+
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
+{
+    wc_test_ret_t ret = 0;
+
+    WOLFSSL_ENTER("aes_test");
 
 #ifndef HAVE_RENESAS_SYNC
     ret = aes_key_size_test();
@@ -13919,48 +14815,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
         goto out;
 #endif
 
-#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
-    !defined(HAVE_RENESAS_SYNC)
-    ret = aes_cbc_test();
+#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)
+    ret = aes_ecb_direct_test();
     if (ret != 0)
-        goto out;
-#endif
-
-#if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-    ret = aesecb_test();
-    if (ret != 0)
-        goto out;
+        return ret;
 #endif
 
   out:
-
-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#else
-    if (enc_inited)
-        wc_AesFree(enc);
-#endif
-    (void)cipher;
-#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#else
-    if (dec_inited)
-        wc_AesFree(dec);
-#endif
-    (void)plain;
-#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */
-#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
-
     return ret;
 }
 
@@ -13973,7 +14834,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void)
     ret = aescfb_test_0();
     if (ret != 0)
         return ret;
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+#if !defined(WOLFSSL_NO_AES_CFB_1_8)
     ret = aescfb1_test();
     if (ret != 0)
         return ret;
@@ -13998,11 +14859,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void)
         return ret;
     #endif
 
+/* FIPS won't allow for XTS-384 (two 192-bit keys) */
+#ifndef HAVE_FIPS
     #ifdef WOLFSSL_AES_192
     ret = aes_xts_192_test();
     if (ret != 0)
         return ret;
     #endif
+#endif
 
     #ifdef WOLFSSL_AES_256
     ret = aes_xts_256_test();
@@ -14033,18 +14897,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
 #else
     Aes enc[1];
 #endif
-    int enc_inited = 0;
-    byte cipher[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
 #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     Aes *dec = NULL;
 #else
     Aes dec[1];
 #endif
-    byte plain[AES_BLOCK_SIZE];
-#endif
-#ifdef HAVE_AES_DECRYPT
-    int dec_inited = 0;
+    byte plain[WC_AES_BLOCK_SIZE];
 #endif
 
     /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
@@ -14073,24 +14933,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
     WOLFSSL_ENTER("aes192_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
     ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
     if (ret != 0)
@@ -14101,7 +14965,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -14112,7 +14976,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
 #ifdef HAVE_AES_DECRYPT
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -14126,25 +14990,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
 #endif
 
   out:
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#ifdef HAVE_AES_DECRYPT
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
 #endif
-#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
-    if (enc_inited)
-        wc_AesFree(enc);
 #ifdef HAVE_AES_DECRYPT
-    if (dec_inited)
-        wc_AesFree(dec);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
 #endif
 #endif
 #endif /* HAVE_AES_CBC */
@@ -14162,16 +15018,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
 #else
     Aes enc[1];
 #endif
-    int enc_inited = 0;
-    byte cipher[AES_BLOCK_SIZE];
+    byte cipher[WC_AES_BLOCK_SIZE];
 #ifdef HAVE_AES_DECRYPT
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     Aes *dec = NULL;
 #else
     Aes dec[1];
 #endif
-    int dec_inited = 0;
-    byte plain[AES_BLOCK_SIZE];
+    byte plain[WC_AES_BLOCK_SIZE];
 #endif
 #endif /* HAVE_AES_CBC */
     wc_test_ret_t ret = 0;
@@ -14209,24 +15063,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     WOLFSSL_ENTER("aes256_test");
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#ifdef HAVE_AES_DECRYPT
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-#endif
-
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #ifdef HAVE_AES_DECRYPT
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    #endif
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    #ifdef HAVE_AES_DECRYPT
+    XMEMSET(dec, 0, sizeof(Aes));
+    #endif
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    enc_inited = 1;
-#ifdef HAVE_AES_DECRYPT
+    #ifdef HAVE_AES_DECRYPT
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    dec_inited = 1;
-#endif
+    #endif
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
     ret = wc_AesSetKey(enc, key, (word32)keySz, iv, AES_ENCRYPTION);
     if (ret != 0)
@@ -14237,7 +15095,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -14245,7 +15103,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -14271,8 +15129,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -14281,8 +15139,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -14299,20 +15157,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION);
     WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    XMEMSET(cipher, 0, AES_BLOCK_SIZE);
+    XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -14320,7 +15178,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
-    XMEMSET(plain, 0, AES_BLOCK_SIZE);
+    XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
     ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
@@ -14341,26 +15199,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#ifdef HAVE_AES_DECRYPT
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
 #endif
-#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
-    if (enc_inited)
-        wc_AesFree(enc);
 #ifdef HAVE_AES_DECRYPT
-    if (dec_inited)
-        wc_AesFree(dec);
-#endif /* HAVE_AES_DECRYPT */
-#endif /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(dec);
+#endif
+#endif
 #endif /* HAVE_AES_CBC */
 
     return ret;
@@ -14376,7 +15225,6 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
                 byte* aad, int aadSz, byte* tag, int tagSz)
 {
     wc_test_ret_t ret;
-    int enc_inited = 0, dec_inited = 0;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     Aes *enc = NULL;
     Aes *dec = NULL;
@@ -14385,53 +15233,53 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
     Aes dec[1];
 #endif
 
-    byte resultT[AES_BLOCK_SIZE];
-    byte resultP[AES_BLOCK_SIZE * 3];
-    byte resultC[AES_BLOCK_SIZE * 3];
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
+    byte resultT[WC_AES_BLOCK_SIZE];
+    byte resultP[WC_AES_BLOCK_SIZE * 3];
+    byte resultC[WC_AES_BLOCK_SIZE * 3];
 
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
+    XMEMSET(dec, 0, sizeof(Aes));
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        enc_inited = 1;
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-    else
-        dec_inited = 1;
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
     ret = wc_AesGcmSetKey(enc, key, (word32)keySz);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     /* AES-GCM encrypt and decrypt both use AES encrypt internally */
-    ret = wc_AesGcmEncrypt(enc, resultC, plain, (word32)plainSz, iv, ivSz,
-                                     resultT, (word32)tagSz, aad, aadSz);
+    ret = wc_AesGcmEncrypt(enc, resultC, plain, (word32)plainSz, iv, (word32)ivSz,
+                                     resultT, (word32)tagSz, aad, (word32)aadSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (cipher != NULL) {
-        if (XMEMCMP(cipher, resultC, cipherSz))
+        if (XMEMCMP(cipher, resultC, (word32)cipherSz))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
-    if (XMEMCMP(tag, resultT, tagSz))
+    if (XMEMCMP(tag, resultT, (unsigned long)tagSz))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
                                      resultT, tagSz, aad, aadSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -14441,7 +15289,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (cipher != NULL) {
-        if (XMEMCMP(cipher, resultC, cipherSz))
+        if (XMEMCMP(cipher, resultC, (unsigned long)cipherSz))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
     if (XMEMCMP(tag, resultT, tagSz))
@@ -14454,19 +15302,19 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)cipherSz,
-                   iv, (word32)ivSz, resultT, tagSz, aad, aadSz);
+                   iv, (word32)ivSz, resultT, (word32)tagSz, aad, (word32)aadSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (plain != NULL) {
-        if (XMEMCMP(plain, resultP, plainSz))
+        if (XMEMCMP(plain, resultP, (unsigned long)plainSz))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 
 #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
-    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
+    WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
     ret = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
                    iv, ivSz, resultT, tagSz, aad, aadSz);
 #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -14476,7 +15324,7 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (plain != NULL) {
-        if (XMEMCMP(plain, resultP, plainSz))
+        if (XMEMCMP(plain, resultP, (unsigned long)plainSz))
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif
@@ -14488,21 +15336,11 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv,
   out:
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (enc) {
-        if (enc_inited)
-            wc_AesFree(enc);
-        XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-    if (dec) {
-        if (dec_inited)
-            wc_AesFree(dec);
-        XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-    }
-#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
-    if (enc_inited)
-        wc_AesFree(enc);
-    if (dec_inited)
-        wc_AesFree(dec);
+    wc_AesDelete(enc, &enc);
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(enc);
+    wc_AesFree(dec);
 #endif
 
     return ret;
@@ -14790,15 +15628,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif
 #endif
 
-    byte resultT[sizeof(t1) + AES_BLOCK_SIZE];
-    byte resultP[sizeof(p) + AES_BLOCK_SIZE];
-    byte resultC[sizeof(p) + AES_BLOCK_SIZE];
+    byte resultT[sizeof(t1) + WC_AES_BLOCK_SIZE];
+    byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
+    byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
     wc_test_ret_t ret = 0;
 
-    int  alen;
-    int  plen;
+    int  alen = 0;
+    int  plen = 0;
 #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
-    byte buf[sizeof(p) + AES_BLOCK_SIZE];
+    byte buf[sizeof(p) + WC_AES_BLOCK_SIZE];
     byte bufA[sizeof(a) + 1];
     byte *large_aad = (byte*)XMALLOC((size_t)1024 + 16, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
@@ -14810,7 +15648,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 
 #ifndef WOLFSSL_NO_MALLOC
     byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
     (void)alen;
@@ -14821,33 +15659,35 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 
 #else
     byte large_input[BENCH_AESGCM_LARGE];
-    byte large_output[BENCH_AESGCM_LARGE + AES_BLOCK_SIZE];
+    byte large_output[BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE];
     byte large_outdec[BENCH_AESGCM_LARGE];
 #endif
 
     XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);
-    XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + AES_BLOCK_SIZE);
+    XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE);
     XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
 #endif
     WOLFSSL_ENTER("aesgcm_test");
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-    if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
-#endif
-
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    dec = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesInit(dec, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
 
 #ifdef WOLFSSL_AES_256
     ret = wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
@@ -15329,7 +16169,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif
 
     /* alen is the size to pass in with each update. */
-    for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
+    for (alen = 1; alen < WC_AES_BLOCK_SIZE + 1; alen++) {
         ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -15361,7 +16201,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     }
 
 #ifdef HAVE_AES_DECRYPT
-    for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
+    for (alen = 1; alen < WC_AES_BLOCK_SIZE + 1; alen++) {
         ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -15421,9 +16261,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
 #endif /* WOLFSSL_AES_256 */
 #endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
 
-    wc_AesFree(enc);
-    wc_AesFree(dec);
-
     ret = 0;
 
   out:
@@ -15435,10 +16272,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
     XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
-
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(enc, &enc);
+    wc_AesDelete(dec, &dec);
+#else
+    wc_AesFree(enc);
+    wc_AesFree(dec);
 #endif
 
     return ret;
@@ -15554,7 +16393,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
                     badT, sizeof(badT));
-        if (ret != AES_GCM_AUTH_E)
+        if (ret != WC_NO_ERR_TRACE(AES_GCM_AUTH_E))
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         ret = wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2),
                     t2, sizeof(t2));
@@ -15595,7 +16434,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
 
 static wc_test_ret_t aesccm_256_test(void)
 {
-    wc_test_ret_t ret;
+    wc_test_ret_t ret = 0;
     /* Test vectors from NIST AES CCM 256-bit CAST Example #1 */
     WOLFSSL_SMALL_STACK_STATIC const byte in_key[32] = {
         0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
@@ -15617,15 +16456,14 @@ static wc_test_ret_t aesccm_256_test(void)
     byte atag[sizeof(exp_tag)];
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes* aes = (Aes*)XMALLOC(sizeof(Aes), HEAP_HINT, DYNAMIC_TYPE_AES);
+    Aes* aes = wc_AesNew(HEAP_HINT, devId, &ret);
     if (aes == NULL) {
-        return MEMORY_E;
+        ret = WC_TEST_RET_ENC_EC(ret);
     }
 #else
     Aes aes[1];
-#endif
-
     ret = wc_AesInit(aes, HEAP_HINT, devId);
+#endif
     if (ret == 0) {
         ret = wc_AesCcmSetKey(aes, in_key, sizeof(in_key));
     }
@@ -15658,10 +16496,10 @@ static wc_test_ret_t aesccm_256_test(void)
     }
 #endif
 
-    wc_AesFree(aes);
-
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(aes, &aes);
+#else
+    wc_AesFree(aes);
 #endif
 
     return ret;
@@ -15675,7 +16513,7 @@ static wc_test_ret_t aesccm_128_test(void)
 {
     wc_test_ret_t ret;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    Aes *enc;
+    Aes *enc = NULL;
 #else
     Aes enc[1];
 #endif
@@ -15769,19 +16607,20 @@ static wc_test_ret_t aesccm_128_test(void)
     byte tl2[sizeof(tl)];
     byte t_empty2[sizeof(t_empty)];
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
-        return WC_TEST_RET_ENC_ERRNO;
-#endif
-
-    XMEMSET(enc, 0, sizeof *enc); /* clear context */
     XMEMSET(t2, 0, sizeof(t2));
     XMEMSET(c2, 0, sizeof(c2));
     XMEMSET(p2, 0, sizeof(p2));
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    enc = wc_AesNew(HEAP_HINT, devId, &ret);
+    if (enc == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#else
+    XMEMSET(enc, 0, sizeof(Aes));
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
     ret = wc_AesCcmSetKey(enc, k, sizeof(k));
     if (ret != 0)
@@ -15818,14 +16657,13 @@ static wc_test_ret_t aesccm_128_test(void)
     if (XMEMCMP(p2, c2, sizeof(p2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
-    wc_AesFree(enc);
 
-    XMEMSET(enc, 0, sizeof(Aes)); /* clear context */
     XMEMSET(t2, 0, sizeof(t2));
     XMEMSET(c2, 0, sizeof(c2));
     XMEMSET(p2, 0, sizeof(p2));
     XMEMSET(iv2, 0, sizeof(iv2));
 
+    wc_AesFree(enc);
     ret = wc_AesInit(enc, HEAP_HINT, devId);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -15889,23 +16727,23 @@ static wc_test_ret_t aesccm_128_test(void)
     ret = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2),
                               a, sizeof(a));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesCcmEncrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2),
                               a, sizeof(a));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #ifdef HAVE_AES_DECRYPT
     ret = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
                               sizeof(a));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     ret = wc_AesCcmDecrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
                               sizeof(a));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
@@ -15915,7 +16753,7 @@ static wc_test_ret_t aesccm_128_test(void)
     ret = wc_AesCcmEncrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */,
                               iv, sizeof(iv), t_empty2, sizeof(t_empty2),
                               a, sizeof(a));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
         if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
@@ -15947,13 +16785,14 @@ static wc_test_ret_t aesccm_128_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
 
-    wc_AesFree(enc);
-
     ret = 0;
 
   out:
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    wc_AesDelete(enc, &enc);
+#else
+    wc_AesFree(enc);
 #endif
 
     return ret;
@@ -15986,15 +16825,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void)
     typedef struct {
         byte key[AES_256_KEY_SIZE];
         int key_length;
-        byte iv[AES_BLOCK_SIZE];
+        byte iv[WC_AES_BLOCK_SIZE];
         int iv_length;
-        byte aad[AES_BLOCK_SIZE * 2];
+        byte aad[WC_AES_BLOCK_SIZE * 2];
         int aad_length;
-        byte msg[AES_BLOCK_SIZE * 2];
+        byte msg[WC_AES_BLOCK_SIZE * 2];
         int msg_length;
-        byte ct[AES_BLOCK_SIZE * 2];
+        byte ct[WC_AES_BLOCK_SIZE * 2];
         int ct_length;
-        byte tag[AES_BLOCK_SIZE];
+        byte tag[WC_AES_BLOCK_SIZE];
         int tag_length;
         int valid;
     } AadVector;
@@ -16341,8 +17180,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void)
 }
 #endif /* HAVE_AES_KEYWRAP */
 
+#endif /* !NO_AES */
 
-#endif /* NO_AES */
 
 #ifdef HAVE_ARIA
 void printOutput(const char *strName, unsigned char *data, unsigned int dataSz)
@@ -16367,7 +17206,7 @@ WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID algo)
                        0x6F, 0x8A, 0x70, 0x26, 0xF7, 0x3C, 0x8D, 0xB6,
                        0xDC, 0x32, 0x76, 0x20, 0xCF, 0x05, 0x4A, 0xCF,
                        0x11, 0x86, 0xCD, 0x23, 0x5E, 0xC1, 0x6E, 0x2B };
-    byte cipher[2*TEST_STRING_SZ], plain[TEST_STRING_SZ], ad[256], authTag[AES_BLOCK_SIZE];
+    byte cipher[2*TEST_STRING_SZ], plain[TEST_STRING_SZ], ad[256], authTag[WC_AES_BLOCK_SIZE];
     word32 keySz, adSz = 256, authTagSz = sizeof(authTag);
 
     wc_Aria aria;
@@ -16547,22 +17386,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void)
         0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
     };
 
-    byte out[CAMELLIA_BLOCK_SIZE];
-    Camellia cam;
+    byte out[WC_CAMELLIA_BLOCK_SIZE];
+    wc_Camellia cam;
     WOLFSSL_SMALL_STACK_STATIC const test_vector_t testVectors[] =
     {
-        {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
-        {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
-        {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
-        {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
-        {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
-        {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
-        {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
-        {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
-        {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
-        {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
-        {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
-        {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
+        {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), 114},
+        {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), 115},
+        {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), 116},
+        {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), 117},
+        {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), 118},
+        {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), 119},
+        {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), 120},
+        {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), 121},
+        {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), 122},
+        {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), 123},
+        {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), 124},
+        {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), 125}
     };
     int i, testsSz;
     int ret;
@@ -16572,36 +17411,36 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void)
     for (i = 0; i < testsSz; i++) {
         if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
                                                         testVectors[i].iv) != 0)
-            return testVectors[i].errorCode;
+            return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
 
         switch (testVectors[i].type) {
             case CAM_ECB_ENC:
                 ret = wc_CamelliaEncryptDirect(&cam, out,
                                                 testVectors[i].plaintext);
                 if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
-                                                        CAMELLIA_BLOCK_SIZE))
-                    return testVectors[i].errorCode;
+                                                        WC_CAMELLIA_BLOCK_SIZE))
+                    return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
                 break;
             case CAM_ECB_DEC:
                 ret = wc_CamelliaDecryptDirect(&cam, out,
                                                     testVectors[i].ciphertext);
                 if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
-                                                        CAMELLIA_BLOCK_SIZE))
-                    return testVectors[i].errorCode;
+                                                        WC_CAMELLIA_BLOCK_SIZE))
+                    return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
                 break;
             case CAM_CBC_ENC:
                 ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
-                                                           CAMELLIA_BLOCK_SIZE);
+                                                           WC_CAMELLIA_BLOCK_SIZE);
                 if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
-                                                        CAMELLIA_BLOCK_SIZE))
-                    return testVectors[i].errorCode;
+                                                        WC_CAMELLIA_BLOCK_SIZE))
+                    return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
                 break;
             case CAM_CBC_DEC:
                 ret = wc_CamelliaCbcDecrypt(&cam, out,
-                                testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE);
+                                testVectors[i].ciphertext, WC_CAMELLIA_BLOCK_SIZE);
                 if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
-                                                           CAMELLIA_BLOCK_SIZE))
-                    return testVectors[i].errorCode;
+                                                           WC_CAMELLIA_BLOCK_SIZE))
+                    return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
                 break;
             default:
                 break;
@@ -16612,14 +17451,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void)
     ret = wc_CamelliaSetIV(&cam, ivc);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
-    if (XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE) != 0)
+    if (XMEMCMP(cam.reg, ivc, WC_CAMELLIA_BLOCK_SIZE) != 0)
         return WC_TEST_RET_ENC_NC;
 
     /* Setting the IV to NULL should be same as all zeros IV */
     ret = wc_CamelliaSetIV(&cam, NULL);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
-    if (XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE) != 0)
+    if (XMEMCMP(cam.reg, ive, WC_CAMELLIA_BLOCK_SIZE) != 0)
         return WC_TEST_RET_ENC_NC;
 
     /* First parameter should never be null */
@@ -17361,7 +18200,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) {
 #endif /* defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) */
 
 #ifndef WC_NO_RNG
-static wc_test_ret_t _rng_test(WC_RNG* rng, int errorOffset)
+static wc_test_ret_t _rng_test(WC_RNG* rng)
 {
     byte block[32];
     wc_test_ret_t ret;
@@ -17371,8 +18210,7 @@ static wc_test_ret_t _rng_test(WC_RNG* rng, int errorOffset)
 
     ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
     if (ret != 0) {
-        ret = 1;
-        goto exit;
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
     /* Check for 0's */
@@ -17383,49 +18221,36 @@ static wc_test_ret_t _rng_test(WC_RNG* rng, int errorOffset)
     }
     /* All zeros count check */
     if (ret >= (int)sizeof(block)) {
-        ret = 2;
-        goto exit;
+        return WC_TEST_RET_ENC_NC;
     }
 
     ret = wc_RNG_GenerateByte(rng, block);
     if (ret != 0) {
-        ret = 3;
-        goto exit;
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
     /* Parameter validation testing. */
     ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
-    if (ret != BAD_FUNC_ARG) {
-        ret = 4;
-        goto exit;
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+        return WC_TEST_RET_ENC_EC(ret);
     }
     ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block));
-    if (ret != BAD_FUNC_ARG) {
-        ret = 5;
-        goto exit;
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
     ret = wc_RNG_GenerateByte(NULL, block);
-    if (ret != BAD_FUNC_ARG) {
-        ret = 6;
-        goto exit;
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+        return WC_TEST_RET_ENC_EC(ret);
     }
     ret = wc_RNG_GenerateByte(rng, NULL);
-    if (ret != BAD_FUNC_ARG) {
-        ret = 7;
-        goto exit;
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
+        return WC_TEST_RET_ENC_EC(ret);
     }
 
-    ret = 0;
-
-exit:
-    if (ret != 0)
-        ret = errorOffset - (ret * 1000000);
-
-    return ret;
+    return 0;
 }
 
-
 static wc_test_ret_t random_rng_test(void)
 {
     WC_RNG localRng;
@@ -17442,7 +18267,7 @@ static wc_test_ret_t random_rng_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
+    ret = _rng_test(rng);
 
     /* Make sure and free RNG */
     wc_FreeRng(rng);
@@ -17459,7 +18284,7 @@ static wc_test_ret_t random_rng_test(void)
         if (rng == NULL)
             return WC_TEST_RET_ENC_ERRNO;
 
-        ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
+        ret = _rng_test(rng);
         wc_rng_free(rng);
         rng = NULL;
 
@@ -17472,7 +18297,7 @@ static wc_test_ret_t random_rng_test(void)
         if (ret != 0)
             return WC_TEST_RET_ENC_EC(ret);
 
-        ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
+        ret = _rng_test(rng);
         wc_rng_free(rng);
 
         if (ret != 0)
@@ -17685,7 +18510,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
 #endif
 
 #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
-static int simple_mem_test(int sz)
+static int simple_mem_test(size_t sz)
 {
     int ret = 0;
     byte* b;
@@ -17696,11 +18521,11 @@ static int simple_mem_test(int sz)
         return WC_TEST_RET_ENC_NC;
     }
     /* utilize memory */
-    for (i = 0; i < sz; i++) {
+    for (i = 0; i < (int)sz; i++) {
         b[i] = (byte)i;
     }
     /* read back and verify */
-    for (i = 0; i < sz; i++) {
+    for (i = 0; i < (int)sz; i++) {
         if (b[i] != (byte)i) {
             ret = WC_TEST_RET_ENC_NC;
             break;
@@ -17860,7 +18685,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 
 #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
     /* simple test */
-    ret = simple_mem_test(MEM_TEST_SZ);
+    ret = simple_mem_test((size_t)MEM_TEST_SZ);
     if (ret != 0)
         return ret;
 #endif
@@ -17868,7 +18693,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #ifdef COMPLEX_MEM_TEST
     /* test various size blocks */
     for (i = 1; i < MEM_TEST_SZ; i*=2) {
-        ret = simple_mem_test(i);
+        ret = simple_mem_test((size_t)i);
         if (ret != 0)
             return ret;
     }
@@ -17921,6 +18746,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #elif defined(_WIN32_WCE)
     #define CERT_PREFIX "\\windows\\"
     #define CERT_PATH_SEP "\\"
+#elif defined(WOLFSSL_NDS)
+    #undef CERT_PREFIX
+    #ifndef WOLFSSL_MELONDS
+        #define CERT_PREFIX "fat:/_nds/"
+    #else
+        #define CERT_PREFIX "_nds/"
+    #endif
+    #define CERT_PATH_SEP "/"
 #endif
 
 #ifndef CERT_PREFIX
@@ -17953,7 +18786,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
             #ifdef WOLFSSL_CERT_GEN
             static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem";
             #endif
-            #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
+            #if (defined(WOLFSSL_ALT_NAMES) && !defined(WOLFSSL_NO_MALLOC)) || \
+                defined(HAVE_PKCS7)
             static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der";
             #endif
             #ifdef HAVE_PKCS7
@@ -17998,7 +18832,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
             #ifndef NO_RSA
                 static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der";
             #endif
-            #ifndef NO_ASN_TIME
+            #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
                 static const char* eccCaKeyFile  = CERT_ROOT "ca-ecc-key.der";
                 static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
                 #ifdef ENABLE_ECC384_CERT_GEN_TEST
@@ -18054,7 +18888,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #ifndef NO_WRITE_TEMP_FILES
 #ifdef HAVE_ECC
     #ifndef NO_ECC_SECP
-        #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
+        #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
+            !defined(WOLFSSL_NO_MALLOC)
         static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem";
         static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der";
         #endif
@@ -18076,7 +18911,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #endif /* HAVE_ECC */
 
 #ifndef NO_RSA
-    #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
+    #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
+        !defined(WOLFSSL_NO_MALLOC)
         static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der";
         static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der";
         static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem";
@@ -18285,7 +19121,7 @@ static wc_test_ret_t cert_asn1_test(void)
     InitDecodedCert(&cert, badCert, len[0], 0);
     ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
     FreeDecodedCert(&cert);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
     XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -18422,7 +19258,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void)
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #else
-    if (ret != ASN_CRIT_EXT_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
     ret = 0;
@@ -18443,7 +19279,7 @@ done:
 #endif /* WOLFSSL_TEST_CERT */
 
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
-   !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
 {
     DecodedCert cert;
@@ -18641,7 +19477,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
     return 0;
 }
 #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT &&
-          !NO_FILESYSTEM && WOLFSSL_CERT_GEN */
+          !NO_FILESYSTEM && !NO_RSA && WOLFSSL_CERT_GEN */
 
 #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
     defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
@@ -18687,7 +19523,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetSubjectBuffer(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -18701,7 +19537,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetSubjectRaw(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -18715,7 +19551,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetIssuerBuffer(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -18729,7 +19565,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetIssuerRaw(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -18744,7 +19580,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetAltNamesBuffer(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -18758,7 +19594,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetDatesBuffer(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_EC(ret);
@@ -18773,7 +19609,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
 
     if (ret == 0) {
         ret = wc_SetAuthKeyIdFromCert(NULL, der, derSz);
-        if (ret == BAD_FUNC_ARG)
+        if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = 0;
         else
             ret = WC_TEST_RET_ENC_NC;
@@ -18806,23 +19642,23 @@ static wc_test_ret_t rsa_flatten_test(RsaKey* key)
 
     /* Parameter Validation testing. */
     ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
@@ -18831,13 +19667,13 @@ static wc_test_ret_t rsa_flatten_test(RsaKey* key)
 
     eSz = 0;
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     eSz = sizeof(e);
     nSz = 0;
     ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     return 0;
@@ -18862,54 +19698,54 @@ static wc_test_ret_t rsa_export_key_test(RsaKey* key)
     word32 zero = 0;
 
     ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero);
-    if (ret != RSA_BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
 
@@ -18921,7 +19757,7 @@ static wc_test_ret_t rsa_export_key_test(RsaKey* key)
 }
 #endif /* !HAVE_FIPS && !NO_ASN && !WOLFSSL_RSA_VERIFY_ONLY */
 
-#ifndef NO_SIG_WRAPPER
+#if !defined(NO_SIG_WRAPPER) && !defined(NO_SHA256)
 static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
 {
     wc_test_ret_t ret;
@@ -18948,36 +19784,36 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG
 
     /* Parameter Validation testing. */
     ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     sigSz = (word32)modLen;
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
                                inLen, out, &sigSz, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                0, out, &sigSz, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, NULL, &sigSz, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, NULL, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, NULL, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, key, 0, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, key, keyLen, NULL);
@@ -18987,56 +19823,56 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG
 #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
     /* async may not require RNG */
     #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
-    if (ret != NO_VALID_DEVID)
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID))
     #else
-    if (ret != 0 && ret != MISSING_RNG_E)
+    if (ret != 0 && ret != WC_NO_ERR_TRACE(MISSING_RNG_E))
     #endif
 #elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
     /* FIPS140 implementation does not do blinding */
     if (ret != 0)
 #elif defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY)
-    if (ret != SIG_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E))
 #elif defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SE050)
     /* RNG is handled by hardware */
     if (ret != 0)
 #else
-    if (ret != MISSING_RNG_E)
+    if (ret != WC_NO_ERR_TRACE(MISSING_RNG_E))
 #endif
         return WC_TEST_RET_ENC_EC(ret);
     sigSz = 0;
     ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                                inLen, out, &sigSz, key, keyLen, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
                              inLen, out, (word32)modLen, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              0, out, (word32)modLen, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              inLen, NULL, (word32)modLen, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              inLen, out, 0, key, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              inLen, out, (word32)modLen, NULL, keyLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
                              inLen, out, (word32)modLen, key, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
 #ifndef HAVE_ECC
     ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen);
-    if (ret != SIG_TYPE_E)
+    if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
@@ -19109,7 +19945,7 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG
 
     return 0;
 }
-#endif /* !NO_SIG_WRAPPER */
+#endif /* !NO_SIG_WRAPPER && !NO_SHA256 */
 
 #ifdef WC_RSA_NONBLOCK
 static wc_test_ret_t rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out,
@@ -19255,17 +20091,17 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 
     /* Parameter Validation testing. */
     ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -19273,7 +20109,7 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 #if defined(USE_INTEGER_HEAP_MATH)
     if (ret != 0)
 #else
-    if (ret != ASN_GETINT_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_GETINT_E))
 #endif
     {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -19287,7 +20123,7 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 #if defined(USE_INTEGER_HEAP_MATH)
     if (ret != 0)
 #else
-    if (ret != ASN_GETINT_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_GETINT_E))
 #endif
     {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -19312,17 +20148,17 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     /* Parameter Validation testing. */
     inSz = sizeof(good);
     ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -19331,14 +20167,14 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     inOutIdx = 2;
     inSz = sizeof(good) - inOutIdx;
     ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inOutIdx = 2;
     inSz = sizeof(goodAlgId) - inOutIdx;
     ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -19346,9 +20182,9 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     inSz = sizeof(goodAlgId);
     ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
 #ifndef WOLFSSL_NO_DECODE_EXTRA
-    if (ret != ASN_PARSE_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
 #else
-    if (ret != ASN_RSA_KEY_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E))
 #endif
     {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -19358,49 +20194,55 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     inSz = sizeof(badAlgIdNull);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_EXPECT_0_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNotBitString);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_BITSTR_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_BITSTR_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badBitStringLen);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNoSeq);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNoObj);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_PARSE_E && ret != ASN_OBJECT_ID_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badIntN);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNotIntE);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -19411,7 +20253,7 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
 #ifndef WOLFSSL_ASN_TEMPLATE
     if (ret != 0)
 #else
-    if (ret != ASN_PARSE_E)
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
 #endif
     {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -19426,7 +20268,9 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     inSz = sizeof(badBitStrNoZero);
     inOutIdx = 0;
     ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
-    if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -19576,7 +20420,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                     ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz,
                         hash[j], mgf[i], -1, key, rng);
                 }
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret <= 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
             outSz = (word32)ret;
@@ -19594,7 +20438,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                     ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j],
                         mgf[i], -1, key);
                 }
-            } while (ret == WC_PENDING_E);
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
             if (ret <= 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
             plainSz = (word32)ret;
@@ -19631,7 +20475,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz,
                                 (byte**)&plain, hash[l], mgf[k], -1, key);
                         }
-                    } while (ret == WC_PENDING_E);
+                    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
                     if (ret >= 0)
                         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
                 }
@@ -19656,7 +20500,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
                 mgf[0], 0, key, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     outSz = (word32)ret;
@@ -19671,7 +20515,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0],
                 0, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     plainSz = (word32)ret;
@@ -19695,7 +20539,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                 hash[0], 0, 0, HEAP_HINT);
 #endif
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 
@@ -19710,7 +20554,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
                 0, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     plainSz = (word32)ret;
@@ -19747,8 +20591,8 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
                 mgf[0], len, key, rng);
         }
-    } while (ret == WC_PENDING_E);
-    if (ret != PSS_SALTLEN_E)
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 
     do {
@@ -19758,10 +20602,10 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     #endif
         if (ret >= 0) {
             ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
-                mgf[0], digestSz + 1, key, rng);
+                mgf[0], (int)digestSz + 1, key, rng);
         }
-    } while (ret == WC_PENDING_E);
-    if (ret != PSS_SALTLEN_E)
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     TEST_SLEEP();
 
@@ -19774,8 +20618,8 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0],
                 mgf[0], -2, key);
         }
-    } while (ret == WC_PENDING_E);
-    if (ret != PSS_SALTLEN_E)
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     TEST_SLEEP();
 
@@ -19786,10 +20630,10 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     #endif
         if (ret >= 0) {
             ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
-                digestSz + 1, key);
+                (int)digestSz + 1, key);
         }
-    } while (ret == WC_PENDING_E);
-    if (ret != PSS_SALTLEN_E)
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
     TEST_SLEEP();
 
@@ -19809,7 +20653,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
                                     len, 0, HEAP_HINT);
 #endif
-    if (ret != PSS_SALTLEN_E)
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 #ifndef WOLFSSL_PSS_LONG_SALT
     len = (int)(digestSz + 1);
@@ -19820,17 +20664,17 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
             ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
                                          hash[0], len);
-    if (ret != PSS_SALTLEN_E)
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
             ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
                                          hash[0], len, 0);
-    if (ret != BAD_PADDING_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_PADDING_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 #else
     ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
                                     len, 0, HEAP_HINT);
-    if (ret != PSS_SALTLEN_E)
+    if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
 #endif
 
@@ -19958,7 +20802,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
             ret = wc_RsaDirect(tmp, inLen, out, &outSz, key,
                     RSA_PRIVATE_ENCRYPT, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
@@ -19978,7 +20822,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
             ret = wc_RsaDirect(out, outSz, plain, &plainSz, key,
                     RSA_PUBLIC_DECRYPT, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret <= 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
@@ -19991,7 +20835,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
 
 #ifdef WC_RSA_BLINDING
     ret = wc_RsaSetRNG(NULL, &rng);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
@@ -20011,7 +20855,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
             ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, outSz, key, &rng,
                 WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
@@ -20027,7 +20871,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
             ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, plainSz, key,
                 WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
@@ -20041,25 +20885,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
     /* test some bad arguments */
     ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, -1,
             &rng);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
     ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT,
             &rng);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
     ret = wc_RsaDirect(out, outSz, NULL, &plainSz, key, RSA_PUBLIC_DECRYPT,
             &rng);
-    if (ret != LENGTH_ONLY_E || plainSz != inLen) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) || plainSz != inLen) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
     ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, key,
             RSA_PUBLIC_DECRYPT, &rng);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
     }
 
@@ -20198,12 +21042,17 @@ static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
     outSz   = wc_RsaEncryptSize(key);
     XMEMSET(tmp, 7, plainSz);
     ret = wc_RsaSSL_Sign(tmp, inLen, out, outSz, key, rng);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
+        ret != WC_NO_ERR_TRACE(MP_INVMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
     }
 
     ret = wc_RsaSSL_Verify(out, outSz, tmp, inLen, key);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
     }
 #endif
@@ -20218,14 +21067,19 @@ static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
     /* test encrypt and decrypt using WC_RSA_NO_PAD */
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
     ret = wc_RsaPublicEncrypt(tmp, inLen, out, (int)outSz, key, rng);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
     }
 #endif /* WOLFSSL_RSA_VERIFY_ONLY */
 
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
     ret = wc_RsaPrivateDecrypt(out, outSz, plain, (int)plainSz, key);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
+        ret != WC_NO_ERR_TRACE(MP_INVMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
     }
 #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -20254,7 +21108,7 @@ exit_rsa_even_mod:
 }
 #endif /* WOLFSSL_HAVE_SP_RSA */
 
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
 static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
 {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -20366,7 +21220,7 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
         if (ret >= 0) {
             ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     }
@@ -20527,7 +21381,7 @@ static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng,
             ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF,
                       caKey, NULL, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     certSz = (int)ret;
@@ -20755,7 +21609,7 @@ static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
             ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
                               FOURK_BUF, caKey, NULL, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     certSz = (int)ret;
@@ -20823,13 +21677,14 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
 #ifndef WOLFSSL_NO_MALLOC
     byte*  der = NULL;
 #else
-    byte der[1024];
+    byte der[1280];
 #endif
 #ifndef WOLFSSL_CRYPTOCELL
     word32 idx = 0;
 #endif
     int    derSz = 0;
-#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
+#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
     int    keySz = 1024;
 #else
     int    keySz = 2048;
@@ -20837,7 +21692,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if (! genKey)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa);
 #endif
 
     XMEMSET(genKey, 0, sizeof *genKey);
@@ -20854,7 +21709,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
         ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
 #ifdef HAVE_FIPS
-        if (ret == PRIME_GEN_E)
+        if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E))
             continue;
         break;
     }
@@ -20874,8 +21729,11 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
     if (der == NULL) {
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
     }
+    derSz = FOURK_BUF;
+#else
+    derSz = sizeof(der);
 #endif
-    derSz = wc_RsaKeyToDer(genKey, der, FOURK_BUF);
+    derSz = wc_RsaKeyToDer(genKey, der, derSz);
     if (derSz < 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
     }
@@ -20959,7 +21817,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                        WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -20974,7 +21832,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                        WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -20995,7 +21853,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21010,7 +21868,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21029,7 +21887,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, key,
                 WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     if (ret != (int)inLen) {
@@ -21051,7 +21909,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21070,7 +21928,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret > 0) { /* in this case decrypt should fail */
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
     }
@@ -21088,7 +21946,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21103,7 +21961,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21124,7 +21982,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
                 ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                     WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
         TEST_SLEEP();
@@ -21142,7 +22000,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
                     WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
                     in, inLen);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret > 0) { /* should fail */
             ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
         }
@@ -21167,7 +22025,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
                 ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
         TEST_SLEEP();
@@ -21182,7 +22040,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
                 ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                   WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21204,7 +22062,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
                   WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21219,7 +22077,7 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
             ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
                   WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21250,19 +22108,24 @@ exit_rsa:
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 {
     wc_test_ret_t ret;
-    size_t bytes;
+    size_t bytes = 0;
     WC_RNG rng;
+#if !defined(WOLFSSL_NO_MALLOC)
+    byte*  der = NULL;
+#endif
+#if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
+    Cert  *req = NULL;
+#endif
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     byte*  tmp = NULL;
-    byte*  der = NULL;
-    RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    RsaKey *key = NULL;
 #else
     RsaKey key[1];
     byte tmp[FOURK_BUF];
 #endif
 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    RsaKey *keypub = (RsaKey *)XMALLOC(sizeof *keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    RsaKey *keypub = NULL;
 #else
     RsaKey keypub[1];
 #endif
@@ -21305,34 +22168,45 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
     WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
     WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
+
     WOLFSSL_ENTER("rsa_test");
 
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (in == NULL || out == NULL || plain == NULL)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa);
 #endif
 
     XMEMCPY(in, inStr, inLen);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    key = wc_NewRsaKey(HEAP_HINT, devId, &ret);
     if (key == NULL)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
+    keypub = wc_NewRsaKey(HEAP_HINT, devId, &ret);
     if (keypub == NULL)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 #endif
 #ifdef WOLFSSL_TEST_CERT
     if (cert == NULL)
-        ERROR_OUT(MEMORY_E, exit_rsa);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa);
 #endif
-#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
+
+#else /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */
+
+    ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
+#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
+    ret = wc_InitRsaKey_ex(keypub, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
+#endif
+
+#endif /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */
 
     /* initialize stack structures */
     XMEMSET(&rng, 0, sizeof(rng));
-    XMEMSET(key, 0, sizeof *key);
-#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
-    XMEMSET(keypub, 0, sizeof *keypub);
-#endif
 
 #if !defined(NO_ASN)
     ret = rsa_decode_test(key);
@@ -21428,10 +22302,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 #endif
 
 #ifndef NO_SIG_WRAPPER
+#ifndef NO_SHA256
     ret = rsa_sig_test(key, sizeof *key, modLen, &rng);
     if (ret != 0)
         goto exit_rsa;
-#endif
+#else /* NO_SHA256 */
+    (void)modLen;
+#endif /* NO_SHA256 */
+#endif /* !NO_SIG_WRAPPER */
 
 #ifdef WC_RSA_NONBLOCK
     ret = rsa_nb_test(key, in, inLen, out, outSz, plain, plainSz, &rng);
@@ -21448,7 +22326,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         if (ret >= 0) {
             ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21471,7 +22349,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         if (ret >= 0) {
             ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21487,7 +22365,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         if (ret >= 0) {
             ret = wc_RsaPrivateDecryptInline(out, idx, &res, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     if (ret != (int)inLen) {
@@ -21505,7 +22383,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         if (ret >= 0) {
             ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
     TEST_SLEEP();
@@ -21552,8 +22430,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 #endif
 
 #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
-    ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
-    defined(WOLFSSL_PUBLIC_MP))  && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
+    !defined(WOLFSSL_RSA_VERIFY_ONLY) && defined(WOLFSSL_PUBLIC_MP) && \
+    !defined(WOLF_CRYPTO_CB_ONLY_RSA)
     idx = (word32)ret;
     XMEMSET(plain, 0, plainSz);
     do {
@@ -21586,7 +22464,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
             }
 #endif
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 
@@ -21603,7 +22481,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
          && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
     ret = rsa_oaep_padding_test(key, &rng);
     if (ret != 0)
-        return ret;
+        goto exit_rsa;
 
     #endif /* !HAVE_FIPS */
     #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
@@ -21613,14 +22491,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     && !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = rsa_export_key_test(key);
     if (ret != 0)
-        return ret;
+        goto exit_rsa;
 #endif
 
 #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
                                                !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = rsa_flatten_test(key);
     if (ret != 0)
-        return ret;
+        goto exit_rsa;
 #endif
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \
@@ -21630,9 +22508,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 #endif
 
 #ifdef WOLFSSL_TEST_CERT
-#if defined(WOLFSSL_MDK_ARM)
-    #define sizeof(s) XSTRLEN((char *)(s))
-#endif
 
 #ifdef USE_CERT_BUFFERS_1024
     XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024);
@@ -21661,9 +22536,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
 #endif
 
-#ifdef sizeof
-    #undef sizeof
-#endif
     InitDecodedCert(cert, tmp, (word32)bytes, NULL);
 
     ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, NULL);
@@ -21733,7 +22605,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         goto exit_rsa;
 #endif
 
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
+    !defined(WOLFSSL_NO_MALLOC)
     /* Make Cert / Sign example for RSA cert and RSA CA */
     ret = rsa_certgen_test(key, keypub, &rng, tmp);
     if (ret != 0)
@@ -21747,11 +22620,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 
 #if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
     {
-        Cert        *req;
         int         derSz;
-#ifndef WOLFSSL_SMALL_STACK
-        byte*  der = NULL;
-#endif
 
         req = (Cert *)XMALLOC(sizeof *req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         if (! req)
@@ -21830,7 +22699,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
                 ret = wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF,
                           key, NULL, &rng);
             }
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret < 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
         derSz = (int)ret;
@@ -21854,8 +22723,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         }
 
         XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         der = NULL;
+        XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        req = NULL;
     }
 #endif /* WOLFSSL_CERT_REQ */
 #endif /* WOLFSSL_CERT_GEN */
@@ -21882,22 +22752,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 
 exit_rsa:
 
+#if !defined(WOLFSSL_NO_MALLOC)
+    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #if defined(WOLFSSL_CERT_REQ)
+    XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+#endif
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    if (key != NULL) {
-        wc_FreeRsaKey(key);
-        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    wc_DeleteRsaKey(key, &key);
     #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
-    if (keypub != NULL) {
-        wc_FreeRsaKey(keypub);
-        XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
+    wc_DeleteRsaKey(keypub, &keypub);
     #endif
     #ifdef WOLFSSL_TEST_CERT
     XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
-     XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-     XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #else
     wc_FreeRsaKey(key);
     #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
@@ -22039,22 +22908,22 @@ static wc_test_ret_t dh_fips_generate_test(WC_RNG *rng)
 
     /* Parameter Validation testing. */
     ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, NULL, priv, &privSz, pub, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, rng, NULL, &privSz, pub, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, rng, priv, NULL, pub, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, NULL, &pubSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
 
     ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
@@ -22108,7 +22977,7 @@ static wc_test_ret_t dh_fips_generate_test(WC_RNG *rng)
     /* Taint the public key so the check fails. */
     pub[0]++;
     ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
-    if (ret != MP_CMP_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_CMP_E)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
 
@@ -22186,28 +23055,28 @@ static wc_test_ret_t dh_generate_test(WC_RNG *rng)
 
     /* Parameter Validation testing. */
     ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     wc_FreeDhKey(NULL);
 
     ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, NULL, sizeof(p), g, sizeof(g));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, p, 0, g, sizeof(g));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, p, sizeof(p), NULL, sizeof(g));
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, p, sizeof(p), g, 0);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
     }
     ret = wc_DhSetKey(smallKey, p, sizeof(p), g, sizeof(g));
@@ -22296,36 +23165,42 @@ static wc_test_ret_t dh_test_check_pubvalue(void)
     WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 };
-    const dh_pubvalue_test dh_pubval_fail[] = {
-        { prime, sizeof(prime) },
-        { pubValZero, sizeof(pubValZero) },
-        { pubValZeroLong, sizeof(pubValZeroLong) },
-        { pubValOne, sizeof(pubValOne) },
-        { pubValOneLong, sizeof(pubValOneLong) },
-        { pubValPrimeMinusOne, sizeof(pubValPrimeMinusOne) },
-        { pubValPrimeLong, sizeof(pubValPrimeLong) },
-        { pubValPrimePlusOne, sizeof(pubValPrimePlusOne) },
-        { pubValTooBig0, sizeof(pubValTooBig0) },
-        { pubValTooBig1, sizeof(pubValTooBig1) },
-        { pubValTooLong, sizeof(pubValTooLong) },
-    };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValTwo[] = { 0x02 };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValGood[] = { 0x12, 0x34 };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 };
     WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 };
-    const dh_pubvalue_test dh_pubval_pass[] = {
-        { pubValTwo, sizeof(pubValTwo) },
-        { pubValTwoLong, sizeof(pubValTwoLong) },
-        { pubValGood, sizeof(pubValGood) },
-        { pubValGoodLen, sizeof(pubValGoodLen) },
-        { pubValGoodLong, sizeof(pubValGoodLong) },
-    };
+    dh_pubvalue_test dh_pubval_fail[11];
+    dh_pubvalue_test dh_pubval_pass[5];
+
+    #define INIT_PUBVAL_FAIL(i,y) dh_pubval_fail[i].data = y; dh_pubval_fail[i].len = sizeof(y)
+    #define INIT_PUBVAL_PASS(i,y) dh_pubval_pass[i].data = y; dh_pubval_pass[i].len = sizeof(y)
+
+    INIT_PUBVAL_FAIL(0, prime);
+    INIT_PUBVAL_FAIL(1, pubValZero);
+    INIT_PUBVAL_FAIL(2, pubValZeroLong);
+    INIT_PUBVAL_FAIL(3, pubValOne);
+    INIT_PUBVAL_FAIL(4, pubValOneLong);
+    INIT_PUBVAL_FAIL(5, pubValPrimeMinusOne);
+    INIT_PUBVAL_FAIL(6, pubValPrimeLong);
+    INIT_PUBVAL_FAIL(7, pubValPrimePlusOne);
+    INIT_PUBVAL_FAIL(8, pubValTooBig0);
+    INIT_PUBVAL_FAIL(9, pubValTooBig1);
+    INIT_PUBVAL_FAIL(10, pubValTooLong);
+
+    INIT_PUBVAL_PASS(0, pubValTwo);
+    INIT_PUBVAL_PASS(1, pubValTwoLong);
+    INIT_PUBVAL_PASS(2, pubValGood);
+    INIT_PUBVAL_PASS(3, pubValGoodLen);
+    INIT_PUBVAL_PASS(4, pubValGoodLong);
+
+    #undef INIT_PUBVAL_FAIL
+    #undef INIT_PUBVAL_PASS
 
     for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) {
         ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data,
                                                          dh_pubval_fail[i].len);
-        if (ret != MP_VAL)
+        if (ret != WC_NO_ERR_TRACE(MP_VAL))
             return WC_TEST_RET_ENC_I(i);
     }
 
@@ -22421,7 +23296,11 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifdef HAVE_PUBLIC_FFDHE
-    ret = wc_DhSetKey(key, params->p, params->p_len, params->g, params->g_len);
+    /* use wc_DhSetKey_ex(), not wc_DhSetKey(), so that trusted=0 is passed to
+     * _DhSetKey(), exercising the primality check on the modulus:
+     */
+    ret = wc_DhSetKey_ex(key, params->p, params->p_len, params->g,
+                         params->g_len, NULL /* q */, 0 /* qSz */);
 #else
     ret = wc_DhSetNamedKey(key, name);
 #endif
@@ -22429,8 +23308,8 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifdef HAVE_PUBLIC_FFDHE
-    ret = wc_DhSetKey(key2, params->p, params->p_len, params->g,
-                                                                 params->g_len);
+    ret = wc_DhSetKey_ex(key2, params->p, params->p_len, params->g,
+                         params->g_len, NULL /* q */, 0 /* qSz */);
 #else
     ret = wc_DhSetNamedKey(key2, name);
 #endif
@@ -22480,7 +23359,9 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
 
@@ -22488,14 +23369,20 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != ASYNC_OP_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
+        ret != WC_NO_ERR_TRACE(ASYNC_OP_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
 
 #ifndef HAVE_SELFTEST
     ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
-    if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_CMP_E &&
-            ret != ASYNC_OP_E) {
+    if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
+        ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
+        ret != WC_NO_ERR_TRACE(MP_CMP_E) &&
+        ret != WC_NO_ERR_TRACE(ASYNC_OP_E))
+    {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
 #endif
@@ -22537,7 +23424,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
 {
     wc_test_ret_t ret;
     word32 bytes;
-    word32 idx = 0, privSz, pubSz, privSz2, pubSz2;
+    word32 idx = 0;
+    word32 privSz = 0;
+    word32 pubSz = 0;
+    word32 privSz2 = 0;
+    word32 pubSz2 = 0;
 #ifndef WC_NO_RNG
     WC_RNG rng;
     int rngInit = 0;
@@ -22559,10 +23450,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
     DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     byte  *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #if !defined(NO_ASN) && (defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
+        (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))))
+    byte *tmp2 = NULL;
+    #endif
 #else
     DhKey key[1];
     DhKey key2[1];
     byte  tmp[DH_TEST_TMP_SIZE];
+    #if !defined(NO_ASN) && (defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
+        (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))))
+    byte  tmp2[DH_TEST_TMP_SIZE];
+    #endif
 #endif
 
 #ifndef WC_NO_RNG
@@ -22725,11 +23626,43 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
     if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
+
+#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \
+            !defined(HAVE_SELFTEST)
+    agreeSz = DH_TEST_BUF_SIZE;
+    agreeSz2 = DH_TEST_BUF_SIZE;
+
+    ret = wc_DhAgree_ct(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+
+    ret = wc_DhAgree_ct(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
+
+#ifdef WOLFSSL_PUBLIC_MP
+    if (agreeSz != (word32)mp_unsigned_bin_size(&key->p))
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+#endif
+
+    if (agreeSz != agreeSz2)
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+
+    if (XMEMCMP(agree, agree2, agreeSz) != 0)
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, done);
+    }
+#endif /* (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) && !HAVE_SELFTEST */
+
 #endif /* !WC_NO_RNG */
 
 #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
     ret = wc_DhCheckPrivKey(NULL, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_DhCheckPrivKey(key, priv, privSz);
@@ -22737,12 +23670,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     {
         word32 pSz, qSz, gSz;
         ret = wc_DhExportParamsRaw(key, NULL, &pSz, NULL, &qSz, NULL, &gSz);
-        if (ret != LENGTH_ONLY_E)
+        if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     }
 #endif
@@ -22759,12 +23692,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
 #ifndef NO_ASN
     {
         /* DH Private - Key Export / Import */
-    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        byte *tmp2;
-    #else
-        byte  tmp2[DH_TEST_TMP_SIZE];
-    #endif
-
     #if defined(USE_CERT_BUFFERS_2048)
         XMEMCPY(tmp, dh_ffdhe_statickey_der_2048, sizeof_dh_ffdhe_statickey_der_2048);
         bytes = sizeof_dh_ffdhe_statickey_der_2048;
@@ -22832,10 +23759,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
         if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
             ERROR_OUT(WC_TEST_RET_ENC_NC, done);
         }
-
-    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        XFREE(tmp2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    #endif
     }
 #else
     ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
@@ -22937,6 +23860,11 @@ done:
         XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     }
     XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #if !defined(NO_ASN) && (defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
+        (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))))
+    XFREE(tmp2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
     XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -23380,14 +24308,14 @@ static wc_test_ret_t openssl_aes_test(void)
         WOLFSSL_SMALL_STACK_STATIC const byte iv[]  =
             "1234567890abcdef   ";  /* align */
 
-        byte cipher[AES_BLOCK_SIZE * 4];
-        byte plain [AES_BLOCK_SIZE * 4];
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-        EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX en[1];
-        EVP_CIPHER_CTX de[1];
+        WOLFSSL_EVP_CIPHER_CTX en[1];
+        WOLFSSL_EVP_CIPHER_CTX de[1];
 #endif
         int outlen ;
         int total = 0;
@@ -23398,25 +24326,25 @@ static wc_test_ret_t openssl_aes_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                     (byte*)cbcPlain, 9) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
                     (byte*)&cbcPlain[9]  , 9) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
@@ -23424,34 +24352,34 @@ static wc_test_ret_t openssl_aes_test(void)
         if (total != 32)
             return 3408;
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                     (byte*)&cipher[6], 12) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                     (byte*)&cipher[6+12], 14) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 2)
             return WC_TEST_RET_ENC_NC;
@@ -23463,29 +24391,29 @@ static wc_test_ret_t openssl_aes_test(void)
         if (XMEMCMP(plain, cbcPlain, 18))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
         /* test with encrypting/decrypting more than 16 bytes at once */
         total = 0;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                     (byte*)cbcPlain, 17) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
                     (byte*)&cbcPlain[17]  , 1) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
@@ -23493,38 +24421,38 @@ static wc_test_ret_t openssl_aes_test(void)
         if (total != 32)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
         /* final call on non block size should fail */
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                     (byte*)&cipher[17], 1) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                     (byte*)&cipher[17+1], 14) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 2)
             return WC_TEST_RET_ENC_NC;
@@ -23537,42 +24465,42 @@ static wc_test_ret_t openssl_aes_test(void)
             return WC_TEST_RET_ENC_NC;
 
         /* test byte by byte decrypt */
-        for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
+        for (i = 0; i < WC_AES_BLOCK_SIZE * 3; i++) {
             plain[i] = i;
         }
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
         total = 0;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
-                    (byte*)plain, AES_BLOCK_SIZE * 3) == 0)
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+                    (byte*)plain, WC_AES_BLOCK_SIZE * 3) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (outlen != AES_BLOCK_SIZE * 3)
+        if (outlen != WC_AES_BLOCK_SIZE * 3)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (outlen != AES_BLOCK_SIZE)
+        if (outlen != WC_AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
         if (total != sizeof(plain))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        for (i = 0; i < AES_BLOCK_SIZE * 4; i++) {
-            if (EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
+        for (i = 0; i < WC_AES_BLOCK_SIZE * 4; i++) {
+            if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
                         (byte*)cipher + i, 1) == 0)
                 return WC_TEST_RET_ENC_NC;
 
@@ -23588,19 +24516,19 @@ static wc_test_ret_t openssl_aes_test(void)
             }
         }
 
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
-        if (total != AES_BLOCK_SIZE * 3) {
+        if (total != WC_AES_BLOCK_SIZE * 3) {
             return WC_TEST_RET_ENC_NC;
         }
-        for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
+        for (i = 0; i < WC_AES_BLOCK_SIZE * 3; i++) {
             if (plain[i] != i) {
                 return WC_TEST_RET_ENC_NC;
             }
         }
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         wolfSSL_EVP_CIPHER_CTX_free(en);
@@ -23634,11 +24562,11 @@ static wc_test_ret_t openssl_aes_test(void)
         byte plain [EVP_TEST_BUF_SZ];
         byte padded[EVP_TEST_BUF_PAD];
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-        EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX en[1];
-        EVP_CIPHER_CTX de[1];
+        WOLFSSL_EVP_CIPHER_CTX en[1];
+        WOLFSSL_EVP_CIPHER_CTX de[1];
 #endif
         int outlen ;
         int total = 0;
@@ -23648,13 +24576,13 @@ static wc_test_ret_t openssl_aes_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(en, 0) != 1)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 0) != 1)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                     (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
@@ -23662,45 +24590,45 @@ static wc_test_ret_t openssl_aes_test(void)
         total += outlen;
 
         /* should fail here */
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         /* turn padding back on and do successful encrypt */
         total = 0;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(en, 1) != 1)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 1) != 1)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)padded, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)padded, &outlen,
                     (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
         if (total != 32)
             return WC_TEST_RET_ENC_NC;
         XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ);
 
-        EVP_CIPHER_CTX_cleanup(en);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(en);
 
         /* test out of bounds read on buffers w/o padding during decryption */
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_CIPHER_CTX_set_padding(de, 0) != 1)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(de, 0) != 1)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
                     EVP_TEST_BUF_SZ) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
@@ -23708,31 +24636,31 @@ static wc_test_ret_t openssl_aes_test(void)
         total += outlen;
 
         /* should fail since not using padding */
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(de, 1) != 1)
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(de, 1) != 1)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
                     EVP_TEST_BUF_PAD) == 0)
             return WC_TEST_RET_ENC_NC;
         if (outlen != 16)
             return WC_TEST_RET_ENC_NC;
         total += outlen;
 
-        if (EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
             return WC_TEST_RET_ENC_NC;
         if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(de);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         wolfSSL_EVP_CIPHER_CTX_free(en);
@@ -23742,9 +24670,9 @@ static wc_test_ret_t openssl_aes_test(void)
 
     {  /* evp_cipher test: EVP_aes_128_cbc */
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX ctx[1];
+        WOLFSSL_EVP_CIPHER_CTX ctx[1];
 #endif
 
         WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
@@ -23764,37 +24692,37 @@ static wc_test_ret_t openssl_aes_test(void)
         WOLFSSL_SMALL_STACK_STATIC const byte iv[]  =
             "1234567890abcdef   ";  /* align */
 
-        byte cipher[AES_BLOCK_SIZE * 4];
-        byte plain [AES_BLOCK_SIZE * 4];
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         if (ctx == NULL)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(ctx);
-        if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
+        if (wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
             return WC_TEST_RET_ENC_NC;
 
-        if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
 
-        EVP_CIPHER_CTX_init(ctx);
-        if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
+        if (wolfSSL_EVP_Cipher(ctx, plain, cipher, 16) != 16)
             return WC_TEST_RET_ENC_NC;
 
-        if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         wolfSSL_EVP_CIPHER_CTX_free(ctx);
@@ -23808,9 +24736,9 @@ static wc_test_ret_t openssl_aes_test(void)
 #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
     {  /* evp_cipher test: EVP_aes_256_ecb*/
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX ctx[1];
+        WOLFSSL_EVP_CIPHER_CTX ctx[1];
 #endif
         WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
         {
@@ -23833,32 +24761,32 @@ static wc_test_ret_t openssl_aes_test(void)
         };
 
 
-        byte cipher[AES_BLOCK_SIZE * 4];
-        byte plain [AES_BLOCK_SIZE * 4];
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
         if (ctx == NULL)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(ctx);
-        if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
+        if (wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
             return WC_TEST_RET_ENC_NC;
 
-        if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_init(ctx);
-        if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
+        if (wolfSSL_EVP_Cipher(ctx, plain, cipher, 16) != 16)
             return WC_TEST_RET_ENC_NC;
 
-        if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
+        if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -23872,14 +24800,14 @@ static wc_test_ret_t openssl_aes_test(void)
     {
         /* Test: AES_encrypt/decrypt/set Key */
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+        WOLFSSL_AES_KEY *enc = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
         #ifdef HAVE_AES_DECRYPT
-        AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+        WOLFSSL_AES_KEY *dec = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
         #endif
 #else
-        AES_KEY enc[1];
+        WOLFSSL_AES_KEY enc[1];
         #ifdef HAVE_AES_DECRYPT
-        AES_KEY dec[1];
+        WOLFSSL_AES_KEY dec[1];
         #endif
 #endif
 
@@ -23915,18 +24843,18 @@ static wc_test_ret_t openssl_aes_test(void)
         #endif
 #endif
 
-        AES_set_encrypt_key(key, sizeof(key)*8, enc);
-        AES_set_decrypt_key(key,  sizeof(key)*8, dec);
+        wolfSSL_AES_set_encrypt_key(key, sizeof(key)*8, enc);
+        wolfSSL_AES_set_decrypt_key(key,  sizeof(key)*8, dec);
 
-        AES_encrypt(msg, cipher, enc);
+        wolfSSL_AES_encrypt(msg, cipher, enc);
 
         #ifdef HAVE_AES_DECRYPT
-        AES_decrypt(cipher, plain, dec);
-        if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
+        wolfSSL_AES_decrypt(cipher, plain, dec);
+        if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
         #endif /* HAVE_AES_DECRYPT */
 
-        if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
+        if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
             return WC_TEST_RET_ENC_NC;
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -24053,17 +24981,17 @@ static wc_test_ret_t openssl_aes_test(void)
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-        EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+        WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
 #else
-        EVP_CIPHER_CTX en[1];
-        EVP_CIPHER_CTX de[1];
+        WOLFSSL_EVP_CIPHER_CTX en[1];
+        WOLFSSL_EVP_CIPHER_CTX de[1];
 #endif
 #ifdef WOLFSSL_AES_128
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *p_en;
-        EVP_CIPHER_CTX *p_de;
+        WOLFSSL_EVP_CIPHER_CTX *p_en;
+        WOLFSSL_EVP_CIPHER_CTX *p_de;
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -24071,20 +24999,20 @@ static wc_test_ret_t openssl_aes_test(void)
             return MEMORY_E;
 #endif
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
                 (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
-                AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
+                WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
                 (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
-                AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+                WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
             return WC_TEST_RET_ENC_NC;
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
@@ -24092,9 +25020,9 @@ static wc_test_ret_t openssl_aes_test(void)
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
             return WC_TEST_RET_ENC_NC;
 
-        if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
+        if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4))
             return WC_TEST_RET_ENC_NC;
-        if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
+        if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4))
             return WC_TEST_RET_ENC_NC;
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -24105,18 +25033,18 @@ static wc_test_ret_t openssl_aes_test(void)
         if (p_de == NULL)
             return WC_TEST_RET_ENC_ERRNO;
 
-        if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
+        if (wolfSSL_EVP_CipherInit(p_en, wolfSSL_EVP_aes_128_ctr(),
                 (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
-                AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
+        if (wolfSSL_EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
+                WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
+        if (wolfSSL_EVP_CipherInit(p_de, wolfSSL_EVP_aes_128_ctr(),
                 (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
-                AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
+        if (wolfSSL_EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
+                WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
             return WC_TEST_RET_ENC_NC;
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
@@ -24128,24 +25056,24 @@ static wc_test_ret_t openssl_aes_test(void)
         wolfSSL_EVP_CIPHER_CTX_free(p_de);
 #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
-        if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
+        if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4))
             return WC_TEST_RET_ENC_NC;
-        if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
+        if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4))
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
             return WC_TEST_RET_ENC_NC;
 
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(plainBuff, ctrPlain, 9))
@@ -24153,9 +25081,9 @@ static wc_test_ret_t openssl_aes_test(void)
         if (XMEMCMP(cipherBuff, ctrCipher, 9))
             return WC_TEST_RET_ENC_NC;
 
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(plainBuff, ctrPlain, 9))
@@ -24170,21 +25098,21 @@ static wc_test_ret_t openssl_aes_test(void)
 #endif /* WOLFSSL_AES_128 */
 
 #ifdef WOLFSSL_AES_192
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_192_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_192_ctr(),
                 (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
-                AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
+                WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_192_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_192_ctr(),
             (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
         XMEMSET(plainBuff, 0, sizeof(plainBuff));
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
-                AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+                WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
@@ -24199,21 +25127,21 @@ static wc_test_ret_t openssl_aes_test(void)
 #endif /* WOLFSSL_AES_192 */
 
 #ifdef WOLFSSL_AES_256
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_256_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_256_ctr(),
             (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
-        if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
-                AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
+        if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
+                WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_256_ctr(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_256_ctr(),
             (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
             return WC_TEST_RET_ENC_NC;
 
         XMEMSET(plainBuff, 0, sizeof(plainBuff));
-        if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
-                AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
+        if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+                WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
             return WC_TEST_RET_ENC_NC;
 
         if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
@@ -24240,11 +25168,11 @@ static wc_test_ret_t openssl_aes_test(void)
 #if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128)
     {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-        AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+        WOLFSSL_AES_KEY *enc = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+        WOLFSSL_AES_KEY *dec = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
 #else
-        AES_KEY enc[1];
-        AES_KEY dec[1];
+        WOLFSSL_AES_KEY enc[1];
+        WOLFSSL_AES_KEY dec[1];
 #endif
 
         WOLFSSL_SMALL_STACK_STATIC const byte setIv[] = {
@@ -24274,8 +25202,8 @@ static wc_test_ret_t openssl_aes_test(void)
             0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51
         };
 
-        byte cipher[AES_BLOCK_SIZE * 2];
-        byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
+        byte cipher[WC_AES_BLOCK_SIZE * 2];
+        byte iv[WC_AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
         int  num = 0;
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -24287,20 +25215,20 @@ static wc_test_ret_t openssl_aes_test(void)
         wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, enc);
         wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, dec);
 
-        wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, enc, iv,
-                &num, AES_ENCRYPT);
+        wolfSSL_AES_cfb128_encrypt(msg, cipher, WC_AES_BLOCK_SIZE - 1, enc, iv,
+                &num, AES_ENCRYPTION);
 
-        if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1))
+        if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE - 1))
             return WC_TEST_RET_ENC_NC;
 
         if (num != 15) /* should have used 15 of the 16 bytes */
             return WC_TEST_RET_ENC_NC;
 
-        wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1,
-                cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, enc, iv,
-                &num, AES_ENCRYPT);
+        wolfSSL_AES_cfb128_encrypt(msg + WC_AES_BLOCK_SIZE - 1,
+                cipher + WC_AES_BLOCK_SIZE - 1, WC_AES_BLOCK_SIZE + 1, enc, iv,
+                &num, AES_ENCRYPTION);
 
-        if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
+        if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 2))
             return WC_TEST_RET_ENC_NC;
 
         if (num != 0)
@@ -24318,23 +25246,56 @@ static wc_test_ret_t openssl_aes_test(void)
     return 0;
 }
 
+#endif /* !NO_AES && !WOLFCRYPT_ONLY */
 
-#endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 {
     wc_test_ret_t ret;
 #ifdef WOLFSSL_SMALL_STACK
-    EVP_MD_CTX *md_ctx = (EVP_MD_CTX *)XMALLOC(sizeof(EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL);
+    WOLFSSL_EVP_MD_CTX *md_ctx = (WOLFSSL_EVP_MD_CTX *)XMALLOC(sizeof(WOLFSSL_EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL);
+    WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
+    WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
+    WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
+    WOLFSSL_EVP_CIPHER_CTX *p_en = wolfSSL_EVP_CIPHER_CTX_new();
+    WOLFSSL_EVP_CIPHER_CTX *p_de = wolfSSL_EVP_CIPHER_CTX_new();
+    #if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \
+        defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
+    WOLFSSL_AES_KEY *enc = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    #ifdef HAVE_AES_DECRYPT
+    WOLFSSL_AES_KEY *dec = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    #endif
+    #endif /* !NO_AES && !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
 #else
-    EVP_MD_CTX md_ctx[1];
+    WOLFSSL_EVP_MD_CTX md_ctx[1];
+    WOLFSSL_EVP_CIPHER_CTX ctx[1];
+    WOLFSSL_EVP_CIPHER_CTX en[1];
+    WOLFSSL_EVP_CIPHER_CTX de[1];
+    #if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \
+        defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
+    WOLFSSL_AES_KEY enc[1];
+    #ifdef HAVE_AES_DECRYPT
+    WOLFSSL_AES_KEY dec[1];
+    #endif
+    #endif /* !NO_AES */
 #endif
     testVector a, b, c, d, e, f;
     byte       hash[WC_SHA256_DIGEST_SIZE*2];  /* max size */
 
 #ifdef WOLFSSL_SMALL_STACK
-    if (md_ctx == NULL)
-        return WC_TEST_RET_ENC_EC(MEMORY_E);
+    if ((md_ctx == NULL) || (ctx == NULL) || (en == NULL) || (de == NULL) ||
+        (p_en == NULL) || (p_de == NULL)
+    #if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \
+        defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
+        || (enc == NULL)
+    #ifdef HAVE_AES_DECRYPT
+        || (dec == NULL)
+    #endif
+    #endif
+        )
+    {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
+    }
 #endif
 
     WOLFSSL_ENTER("openssl_test");
@@ -24353,13 +25314,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     {
         byte* p;
 
-        p = (byte*)CRYPTO_malloc(10, "", 0);
+        p = (byte*)wolfSSL_CRYPTO_malloc(10, "", 0);
 
         if (p == NULL) {
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        } else {
+            XMEMSET(p, 0, 10);
+            wolfSSL_CRYPTO_free(p, "", 0);
         }
-        XMEMSET(p, 0, 10);
-        CRYPTO_free(p, "", 0);
     }
 
 #ifndef NO_MD5
@@ -24370,19 +25332,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     a.inLen  = XSTRLEN(a.input);
     a.outLen = WC_MD5_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_md5());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_md5());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, a.input, (unsigned long)a.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, a.input, (unsigned long)a.inLen);
     }
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestFinal(md_ctx, hash, 0);
+        ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif /* NO_MD5 */
 
 #ifndef NO_SHA
@@ -24394,18 +25356,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     b.inLen  = XSTRLEN(b.input);
     b.outLen = WC_SHA_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha1());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha1());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, b.input, (unsigned long)b.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, b.input, (unsigned long)b.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(hash, b.output, b.outLen) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif /* NO_SHA */
 
 #ifdef WOLFSSL_SHA224
@@ -24416,16 +25378,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     e.inLen  = XSTRLEN(e.input);
     e.outLen = WC_SHA224_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha224());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha224());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* WOLFSSL_SHA224 */
 
@@ -24437,16 +25399,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     d.inLen  = XSTRLEN(d.input);
     d.outLen = WC_SHA256_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha256());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha256());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* !NO_SHA256 */
 
@@ -24460,16 +25422,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     e.inLen  = XSTRLEN(e.input);
     e.outLen = WC_SHA384_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha384());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha384());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* WOLFSSL_SHA384 */
 
@@ -24484,16 +25446,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     f.inLen  = XSTRLEN(f.input);
     f.outLen = WC_SHA512_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha512());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 
 #if !defined(WOLFSSL_NOSHA512_224) && \
@@ -24506,16 +25468,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     f.inLen  = XSTRLEN(f.input);
     f.outLen = WC_SHA512_224_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha512_224());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512_224());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
 
@@ -24529,16 +25491,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     f.inLen  = XSTRLEN(f.input);
     f.outLen = WC_SHA512_256_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha512_256());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512_256());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
 #endif /* WOLFSSL_SHA512 */
@@ -24552,16 +25514,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     e.inLen  = XSTRLEN(e.input);
     e.outLen = WC_SHA3_224_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha3_224());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_224());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* WOLFSSL_NOSHA3_224 */
 
@@ -24574,16 +25536,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     d.inLen  = XSTRLEN(d.input);
     d.outLen = WC_SHA3_256_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha3_256());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_256());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* WOLFSSL_NOSHA3_256 */
 
@@ -24596,16 +25558,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     e.inLen  = XSTRLEN(e.input);
     e.outLen = WC_SHA3_384_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha3_384());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_384());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 
 #ifndef WOLFSSL_NOSHA3_512
@@ -24619,29 +25581,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     f.inLen  = XSTRLEN(f.input);
     f.outLen = WC_SHA3_512_DIGEST_SIZE;
 
-    EVP_MD_CTX_init(md_ctx);
-    ret = EVP_DigestInit(md_ctx, EVP_sha3_512());
+    wolfSSL_EVP_MD_CTX_init(md_ctx);
+    ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_512());
     if (ret == WOLFSSL_SUCCESS) {
-        ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
+        ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_DigestFinal(md_ctx, hash, 0);
+            ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
     }
-    EVP_MD_CTX_cleanup(md_ctx);
+    wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
     if (ret != WOLFSSL_SUCCESS ||
             XMEMCMP(hash, f.output, f.outLen) != 0) {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* WOLFSSL_NOSHA3_512 */
 #endif /* WOLFSSL_SHA3 */
 
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(md_ctx, NULL, DYNAMIC_TYPE_OPENSSL);
-    md_ctx = NULL;
-#endif
-
 #ifndef WC_NO_RNG
-    if (RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif
 
 #ifndef NO_MD5
@@ -24653,15 +25610,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 
 #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)
     /* Expect failure with MD5 + HMAC when using FIPS 140-3. */
-    if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
+    if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
             hash, 0) != NULL)
 #else
-    if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
+    if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
             hash, 0) == NULL ||
         XMEMCMP(hash, c.output, c.outLen) != 0)
 #endif
     {
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* NO_MD5 */
 
@@ -24674,51 +25631,46 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     };
     byte plain[24];
     byte cipher[24];
-    const_DES_cblock key = {
+    WOLFSSL_const_DES_cblock key = {
         0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
     };
-    DES_cblock iv = {
+    WOLFSSL_DES_cblock iv = {
         0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
     };
-    DES_key_schedule sched;
+    WOLFSSL_DES_key_schedule sched;
     WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
         0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
         0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
         0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
     };
 
-    DES_key_sched(&key, &sched);
+    wolfSSL_DES_key_sched(&key, &sched);
 
-    DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
-    DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
+    wolfSSL_DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, WC_DES_ENCRYPT);
+    wolfSSL_DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, WC_DES_DECRYPT);
 
     if (XMEMCMP(plain, vector, sizeof(vector)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         /* test changing iv */
-    DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
-    DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
+    wolfSSL_DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, WC_DES_ENCRYPT);
+    wolfSSL_DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, WC_DES_ENCRYPT);
 
     if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     }  /* end des test */
 #endif /* NO_DES3 */
 
 #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
     if ((ret = openssl_aes_test()) != 0) {
-        return ret;
+        ERROR_OUT(ret, out);
     }
 #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
     {   /* evp_cipher test: EVP_aes_128_cbc */
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
-#else
-        EVP_CIPHER_CTX ctx[1];
-#endif
         int idx, cipherSz, plainSz;
         WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
             0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
@@ -24741,45 +25693,40 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
             "0123456789abcdef   ";  /* align */
         WOLFSSL_SMALL_STACK_STATIC const byte iv[]  =
             "1234567890abcdef   ";  /* align */
-        byte cipher[AES_BLOCK_SIZE * 4];
-        byte plain [AES_BLOCK_SIZE * 4];
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        if (ctx == NULL)
-            return MEMORY_E;
-#endif
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
 
         cipherSz = 0;
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1);
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
+            ret = wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
             if (ret == WOLFSSL_SUCCESS)
                 cipherSz += idx;
         }
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
+            ret = wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
             if (ret == WOLFSSL_SUCCESS)
                 cipherSz += idx;
         }
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if (cipherSz != (int)sizeof(verify) || XMEMCMP(cipher, verify, cipherSz))
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         /* check partial decrypt (not enough padding for full block) */
         plainSz = 0;
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0);
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
+            ret = wolfSSL_EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
             if (ret == WOLFSSL_SUCCESS)
                 plainSz += idx;
         }
         if (ret == WOLFSSL_SUCCESS) {
             /* this test should fail... not enough padding for full block */
-            ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
+            ret = wolfSSL_EVP_CipherFinal(ctx, plain + plainSz, &idx);
             if (plainSz == 0 && ret != WOLFSSL_SUCCESS)
                 ret = WOLFSSL_SUCCESS;
             else
@@ -24787,61 +25734,52 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         }
         else
             ret = WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != WOLFSSL_SUCCESS)
-            return ret;
+            ERROR_OUT(ret, out);
 
         plainSz = 0;
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0);
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
+            ret = wolfSSL_EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
             if (ret == WOLFSSL_SUCCESS)
                 plainSz += idx;
         }
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
+            ret = wolfSSL_EVP_CipherFinal(ctx, plain + plainSz, &idx);
             if (ret == WOLFSSL_SUCCESS)
                 plainSz += idx;
         }
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if (plainSz != (int)sizeof(msg) || XMEMCMP(plain, msg, sizeof(msg)))
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         cipherSz = 0;
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1);
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherUpdate(ctx, cipher, &idx, msg, AES_BLOCK_SIZE);
+            ret = wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, msg, WC_AES_BLOCK_SIZE);
             if (ret == WOLFSSL_SUCCESS)
                 cipherSz += idx;
         }
         if (ret == WOLFSSL_SUCCESS) {
-            ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
+            ret = wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
             if (ret == WOLFSSL_SUCCESS)
                 cipherSz += idx;
         }
-        EVP_CIPHER_CTX_cleanup(ctx);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if (cipherSz != (int)sizeof(verify2) || XMEMCMP(cipher, verify2, cipherSz))
-            return WC_TEST_RET_ENC_NC;
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        wolfSSL_EVP_CIPHER_CTX_free(ctx);
-#endif
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }  /* end evp_cipher test: EVP_aes_128_cbc*/
 #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
 
 #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
     {   /* evp_cipher test: EVP_aes_256_ecb*/
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
-#else
-        EVP_CIPHER_CTX ctx[1];
-#endif
         WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
           0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
           0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
@@ -24856,37 +25794,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
           0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
           0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
         };
-        byte cipher[AES_BLOCK_SIZE * 4];
-        byte plain [AES_BLOCK_SIZE * 4];
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        if (ctx == NULL)
-            return MEMORY_E;
-#endif
-
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_Cipher(ctx, cipher, (byte*)msg, 16);
-        EVP_CIPHER_CTX_cleanup(ctx);
+            ret = wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != 16)
-            return WC_TEST_RET_ENC_NC;
-        if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        EVP_CIPHER_CTX_init(ctx);
-        ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
+        wolfSSL_EVP_CIPHER_CTX_init(ctx);
+        ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
         if (ret == WOLFSSL_SUCCESS)
-            ret = EVP_Cipher(ctx, plain, cipher, 16);
-        EVP_CIPHER_CTX_cleanup(ctx);
+            ret = wolfSSL_EVP_Cipher(ctx, plain, cipher, 16);
+        wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
         if (ret != 16)
-            return WC_TEST_RET_ENC_NC;
-        if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
-            return WC_TEST_RET_ENC_NC;
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        wolfSSL_EVP_CIPHER_CTX_free(ctx);
-#endif
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }  /* end evp_cipher test */
 #endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */
 
@@ -24897,18 +25826,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 {
 
   /* Test: AES_encrypt/decrypt/set Key */
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-  AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-  #ifdef HAVE_AES_DECRYPT
-  AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-  #endif
-#else
-  AES_KEY enc[1];
-  #ifdef HAVE_AES_DECRYPT
-  AES_KEY dec[1];
-  #endif
-#endif
-
   WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
   {
       0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
@@ -24934,35 +25851,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
 
   printf("openSSL extra test\n") ;
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-  if (enc == NULL)
-      return MEMORY_E;
-  #ifdef HAVE_AES_DECRYPT
-  if (dec == NULL)
-      return MEMORY_E;
-  #endif
-#endif
+  wolfSSL_AES_set_encrypt_key(key, sizeof(key)*8, enc);
+  wolfSSL_AES_set_decrypt_key(key, sizeof(key)*8, dec);
 
-  AES_set_encrypt_key(key, sizeof(key)*8, enc);
-  AES_set_decrypt_key(key,  sizeof(key)*8, dec);
-
-  AES_encrypt(msg, cipher, enc);
+  wolfSSL_AES_encrypt(msg, cipher, enc);
 
 #ifdef HAVE_AES_DECRYPT
-  AES_decrypt(cipher, plain, dec);
-  if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
-      return WC_TEST_RET_ENC_NC;
+  wolfSSL_AES_decrypt(cipher, plain, dec);
+  if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
+      ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif /* HAVE_AES_DECRYPT */
 
-  if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
-      return WC_TEST_RET_ENC_NC;
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-  XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
-  #ifdef HAVE_AES_DECRYPT
-  XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
-  #endif
-#endif
+  if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
+      ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 }
 
 #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
@@ -25017,12 +25918,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
         0xc2
     };
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    EVP_CIPHER_CTX *p_en;
-    EVP_CIPHER_CTX *p_de;
-#endif
-
 #endif /* WOLFSSL_AES_128 */
 
 #ifdef WOLFSSL_AES_192
@@ -25086,168 +25981,143 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
     };
 #endif /* WOLFSSL_AES_256 */
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-    EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
-    if ((en == NULL) || (de == NULL))
-        return MEMORY_E;
-#else
-    EVP_CIPHER_CTX en[1];
-    EVP_CIPHER_CTX de[1];
-#endif
-
 #ifdef WOLFSSL_AES_128
 
-    EVP_CIPHER_CTX_init(en);
-    if (EVP_CipherInit(en, EVP_aes_128_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(en);
+    if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
-            AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
-        return WC_TEST_RET_ENC_NC;
-    EVP_CIPHER_CTX_init(de);
-    if (EVP_CipherInit(de, EVP_aes_128_ctr(),
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
+            WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    wolfSSL_EVP_CIPHER_CTX_init(de);
+    if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
-            AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+            WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
-        return WC_TEST_RET_ENC_NC;
-    if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
-        return WC_TEST_RET_ENC_NC;
+    if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_cleanup(en);
-    EVP_CIPHER_CTX_cleanup(de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    p_en = wolfSSL_EVP_CIPHER_CTX_new();
-    if (p_en == NULL)
-        return WC_TEST_RET_ENC_ERRNO;
-    p_de = wolfSSL_EVP_CIPHER_CTX_new();
-    if (p_de == NULL)
-        return WC_TEST_RET_ENC_ERRNO;
-
-    if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
+    if (wolfSSL_EVP_CipherInit(p_en, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
-            AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
+            WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_CipherInit(p_de, wolfSSL_EVP_aes_128_ctr(),
             (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
-            AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
+            WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_cleanup(p_en);
-    EVP_CIPHER_CTX_cleanup(p_de);
-
-    wolfSSL_EVP_CIPHER_CTX_free(p_en);
-    wolfSSL_EVP_CIPHER_CTX_free(p_de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(p_en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(p_de);
 #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
 
-    if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
-        return WC_TEST_RET_ENC_NC;
-    if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
-        return WC_TEST_RET_ENC_NC;
+    if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4))
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_init(en);
-    if (EVP_CipherInit(en, EVP_aes_128_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(en);
+    if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
         (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_init(de);
-    if (EVP_CipherInit(de, EVP_aes_128_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(de);
+    if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
         (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(plainBuff, ctrPlain, 9))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(cipherBuff, ctrCipher, 9))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(plainBuff, ctrPlain, 9))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(cipherBuff, oddCipher, 9))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_cleanup(en);
-    EVP_CIPHER_CTX_cleanup(de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 #endif /* WOLFSSL_AES_128 */
 
 #ifdef WOLFSSL_AES_192
-    EVP_CIPHER_CTX_init(en);
-    if (EVP_CipherInit(en, EVP_aes_192_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(en);
+    if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_192_ctr(),
             (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
-            AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
-        return WC_TEST_RET_ENC_NC;
-    EVP_CIPHER_CTX_init(de);
-    if (EVP_CipherInit(de, EVP_aes_192_ctr(),
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
+            WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    wolfSSL_EVP_CIPHER_CTX_init(de);
+    if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_192_ctr(),
         (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     XMEMSET(plainBuff, 0, sizeof(plainBuff));
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
-            AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+            WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_cleanup(en);
-    EVP_CIPHER_CTX_cleanup(de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 #endif /* WOLFSSL_AES_192 */
 
 #ifdef WOLFSSL_AES_256
-    EVP_CIPHER_CTX_init(en);
-    if (EVP_CipherInit(en, EVP_aes_256_ctr(),
+    wolfSSL_EVP_CIPHER_CTX_init(en);
+    if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_256_ctr(),
         (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
-    if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
-            AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
-        return WC_TEST_RET_ENC_NC;
-    EVP_CIPHER_CTX_init(de);
-    if (EVP_CipherInit(de, EVP_aes_256_ctr(),
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
+            WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+    wolfSSL_EVP_CIPHER_CTX_init(de);
+    if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_256_ctr(),
         (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     XMEMSET(plainBuff, 0, sizeof(plainBuff));
-    if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
-            AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
-        return WC_TEST_RET_ENC_NC;
+    if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
+            WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-    EVP_CIPHER_CTX_cleanup(en);
-    EVP_CIPHER_CTX_cleanup(de);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(en);
+    wolfSSL_EVP_CIPHER_CTX_cleanup(de);
 #endif /* WOLFSSL_AES_256 */
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    wolfSSL_EVP_CIPHER_CTX_free(en);
-    wolfSSL_EVP_CIPHER_CTX_free(de);
-#endif
 }
 #endif /* HAVE_AES_COUNTER */
 
@@ -25271,257 +26141,278 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
         byte key[] = "0123456789abcdef   ";  /* align */
         byte iv[]  = "1234567890abcdef   ";  /* align */
 
-        byte cipher[AES_BLOCK_SIZE * 4];
-        byte plain [AES_BLOCK_SIZE * 4];
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
-        EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
-#else
-        EVP_CIPHER_CTX en[1];
-        EVP_CIPHER_CTX de[1];
-#endif
+        byte cipher[WC_AES_BLOCK_SIZE * 4];
+        byte plain [WC_AES_BLOCK_SIZE * 4];
         int outlen ;
         int total = 0;
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        if ((en == NULL) || (de == NULL))
-            return MEMORY_E;
-#endif
-
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         /* openSSL compatibility, if(inlen == 0)return 1; */
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                                                     (byte*)cbcPlain, 0) != 1)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit(en, EVP_aes_128_cbc(),
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 1) == 0)
-            return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
                                                     (byte*)cbcPlain, 9) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
                                                 (byte*)&cbcPlain[9]  , 9) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 16)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 16)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
         if(total != 32)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         total = 0;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_CipherInit(de, EVP_aes_128_cbc(),
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                                                     (byte*)&cipher[6], 12) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 0)
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
                                                 (byte*)&cipher[6+12], 14) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 16)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 2)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
         if(total != 18)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (XMEMCMP(plain, cbcPlain, 18))
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         total = 0;
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_EncryptInit(en, EVP_aes_128_cbc(),
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_EncryptInit(en, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv) == 0)
-            return WC_TEST_RET_ENC_NC;
-        if (EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9]  , 9) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9]  , 9) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 16)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 16)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
-        if(total != 32)
-            return 3438;
+        if (total != 32)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         total = 0;
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_DecryptInit(de, EVP_aes_128_cbc(),
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_DecryptInit(de, wolfSSL_EVP_aes_128_cbc(),
             (unsigned char*)key, (unsigned char*)iv) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 0)
         total += outlen;
 
-        if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 16)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if (EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if(outlen != 2)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         total += outlen;
 
-        if(total != 18)
-            return 3447;
+        if (total != 18)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (XMEMCMP(plain, cbcPlain, 18))
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_key_length(NULL) != 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_Cipher_key_length(NULL) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_Cipher_key_length(wolfSSL_EVP_aes_128_cbc()) != 16)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_CTX_mode(NULL) != 0)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_CTX_mode(NULL) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_CipherInit_ex(en, EVP_aes_128_cbc(), NULL,
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_CipherInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL,
             (unsigned char*)key, (unsigned char*)iv, 0) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        if (EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        if (wolfSSL_EVP_EncryptInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL,
                 (unsigned char*)key, (unsigned char*)iv) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL)
+            != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
 
-        if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL)
+            != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(de);
-        if (EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL,
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(de);
+        if (wolfSSL_EVP_DecryptInit_ex(de, wolfSSL_EVP_aes_128_cbc(), NULL,
                 (unsigned char*)key, (unsigned char*)iv) == 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL)
+            != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
 
-        if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL)
+            != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+        {
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        }
 
-        if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_CTX_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        EVP_CIPHER_CTX_init(en);
-        EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        wolfSSL_EVP_CIPHER_CTX_init(en);
+        wolfSSL_EVP_EncryptInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL,
                 (unsigned char*)key, (unsigned char*)iv);
-        if (EVP_CIPHER_CTX_block_size(en) != en->block_size)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_CTX_block_size(en) != en->block_size)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_block_size(wolfSSL_EVP_aes_128_cbc()) != WC_AES_BLOCK_SIZE)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_flags(wolfSSL_EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
-        EVP_CIPHER_CTX_set_flags(en, 42);
+        wolfSSL_EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
+        wolfSSL_EVP_CIPHER_CTX_set_flags(en, 42);
         if (en->flags != 42)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-        if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG)
-            return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-        if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(NULL, 0) !=
+                WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+        if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
-            return WC_TEST_RET_ENC_NC;
-
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-        wolfSSL_EVP_CIPHER_CTX_free(en);
-        wolfSSL_EVP_CIPHER_CTX_free(de);
-#endif
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
     }
 #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
-#endif /* ifndef NO_AES */
-    return 0;
+#endif /* !NO_AES && !WOLFCRYPT_ONLY */
+
+    ret = 0;
+
+out:
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(md_ctx, NULL, DYNAMIC_TYPE_OPENSSL);
+    wolfSSL_EVP_CIPHER_CTX_free(ctx);
+    wolfSSL_EVP_CIPHER_CTX_free(en);
+    wolfSSL_EVP_CIPHER_CTX_free(de);
+    wolfSSL_EVP_CIPHER_CTX_free(p_en);
+    wolfSSL_EVP_CIPHER_CTX_free(p_de);
+    #if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \
+        defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
+    XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
+    #ifdef HAVE_AES_DECRYPT
+    XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
+    #endif
+    #endif
+#else
+    (void)en;
+    (void)de;
+    (void)ctx;
+#endif
+
+    return ret;
 }
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
@@ -25532,59 +26423,59 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
     WOLFSSL_EVP_MD_CTX* ctx2;
     WOLFSSL_ENTER("openSSL_evpMD_test");
 
-    ctx = EVP_MD_CTX_create();
-    ctx2 = EVP_MD_CTX_create();
+    ctx = wolfSSL_EVP_MD_CTX_new();
+    ctx2 = wolfSSL_EVP_MD_CTX_new();
 
-    ret = EVP_DigestInit(ctx, EVP_sha256());
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_DigestInit(ctx, wolfSSL_EVP_sha256());
+    if (ret != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    ret = EVP_MD_CTX_copy(ctx2, ctx);
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_MD_CTX_copy(ctx2, ctx);
+    if (ret != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
+    if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) != wolfSSL_EVP_MD_CTX_type(ctx2)) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    ret = EVP_DigestInit(ctx, EVP_sha1());
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_DigestInit(ctx, wolfSSL_EVP_sha1());
+    if (ret != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
+    if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) != wolfSSL_EVP_MD_CTX_type(ctx2)) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_MD_CTX_copy_ex(ctx2, ctx);
+    if (ret != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
+    if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) == wolfSSL_EVP_MD_CTX_type(ctx2)) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
+    if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha1()) != wolfSSL_EVP_MD_CTX_type(ctx2)) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) {
+    if (wolfSSL_EVP_DigestInit_ex(ctx, wolfSSL_EVP_sha1(), NULL) != WOLFSSL_SUCCESS) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
 
-    if (EVP_add_digest(NULL) != 0) {
+    if (wolfSSL_EVP_add_digest(NULL) != 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto openSSL_evpMD_test_done;
     }
@@ -25597,8 +26488,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
     ret = 0; /* got to success state without jumping to end with a fail */
 
 openSSL_evpMD_test_done:
-    EVP_MD_CTX_destroy(ctx);
-    EVP_MD_CTX_destroy(ctx2);
+    wolfSSL_EVP_MD_CTX_free(ctx);
+    wolfSSL_EVP_MD_CTX_free(ctx2);
 #endif /* NO_SHA256 */
 
     return ret;
@@ -25627,12 +26518,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
     byte*   pubTmp;
     int prvBytes;
     int pubBytes;
-    RSA *prvRsa = NULL;
-    RSA *pubRsa = NULL;
-    EVP_PKEY *prvPkey = NULL;
-    EVP_PKEY *pubPkey = NULL;
-    EVP_PKEY_CTX *enc = NULL;
-    EVP_PKEY_CTX *dec = NULL;
+    WOLFSSL_RSA *prvRsa = NULL;
+    WOLFSSL_RSA *pubRsa = NULL;
+    WOLFSSL_EVP_PKEY *prvPkey = NULL;
+    WOLFSSL_EVP_PKEY *pubPkey = NULL;
+    WOLFSSL_EVP_PKEY_CTX *enc = NULL;
+    WOLFSSL_EVP_PKEY_CTX *dec = NULL;
 
     byte   in[] = TEST_STRING;
     byte   out[256];
@@ -25709,19 +26600,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
         }
 
         ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
-        if(ret != SSL_SUCCESS){
+        if(ret != WOLFSSL_SUCCESS){
             printf("error with RSA_LoadDer_ex\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
         }
 
         ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
-        if(ret != SSL_SUCCESS){
+        if(ret != WOLFSSL_SUCCESS){
             printf("error with RSA_LoadDer_ex\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
         }
-        keySz = (size_t)RSA_size(pubRsa);
+        keySz = (size_t)wolfSSL_RSA_size(pubRsa);
 
         prvPkey = wolfSSL_EVP_PKEY_new();
         pubPkey = wolfSSL_EVP_PKEY_new();
@@ -25738,28 +26629,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
             goto openssl_pkey0_test_done;
         }
 
-        dec = EVP_PKEY_CTX_new(prvPkey, NULL);
-        enc = EVP_PKEY_CTX_new(pubPkey, NULL);
+        dec = wolfSSL_EVP_PKEY_CTX_new(prvPkey, NULL);
+        enc = wolfSSL_EVP_PKEY_CTX_new(pubPkey, NULL);
         if((dec == NULL)||(enc==NULL)){
             printf("error with EVP_PKEY_CTX_new\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
 
-        ret = EVP_PKEY_decrypt_init(dec);
+        ret = wolfSSL_EVP_PKEY_decrypt_init(dec);
         if (ret != 1) {
             printf("error with decrypt init\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
-        ret = EVP_PKEY_encrypt_init(enc);
+        ret = wolfSSL_EVP_PKEY_encrypt_init(enc);
         if (ret != 1) {
             printf("error with encrypt init\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
         XMEMSET(out, 0, sizeof(out));
-        ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
+        ret = wolfSSL_EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
         if (ret != 1) {
             printf("error encrypting msg\n");
             ret = WC_TEST_RET_ENC_NC;
@@ -25769,7 +26660,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
         show("encrypted msg", out, outlen);
 
         XMEMSET(plain, 0, sizeof(plain));
-        ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
+        ret = wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
         if (ret != 1) {
             printf("error decrypting msg\n");
             ret = WC_TEST_RET_ENC_NC;
@@ -25778,33 +26669,33 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
         show("decrypted msg", plain, outlen);
 
         /* RSA_PKCS1_OAEP_PADDING test */
-        ret = EVP_PKEY_decrypt_init(dec);
+        ret = wolfSSL_EVP_PKEY_decrypt_init(dec);
         if (ret != 1) {
             printf("error with decrypt init\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
-        ret = EVP_PKEY_encrypt_init(enc);
+        ret = wolfSSL_EVP_PKEY_encrypt_init(enc);
         if (ret != 1) {
             printf("error with encrypt init\n");
             ret = WC_TEST_RET_ENC_NC;
             goto openssl_pkey0_test_done;
         }
 
-        if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
+        if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_PADDING) <= 0) {
             printf("first set rsa padding error\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
         }
 
 #ifndef HAVE_FIPS
-        if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
+        if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_OAEP_PADDING) <= 0){
             printf("second set rsa padding error\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
         }
 
-        if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
+        if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(enc, WC_RSA_PKCS1_OAEP_PADDING) <= 0) {
             printf("third set rsa padding error\n");
             ret = WC_TEST_RET_ENC_EC(ret);
             goto openssl_pkey0_test_done;
@@ -25812,7 +26703,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
 #endif
 
         XMEMSET(out, 0, sizeof(out));
-        ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
+        ret = wolfSSL_EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
         if (ret != 1) {
             printf("error encrypting msg\n");
             ret = WC_TEST_RET_ENC_NC;
@@ -25822,7 +26713,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
         show("encrypted msg", out, outlen);
 
         XMEMSET(plain, 0, sizeof(plain));
-        ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
+        ret = wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
         if (ret != 1) {
             printf("error decrypting msg\n");
             ret = WC_TEST_RET_ENC_NC;
@@ -25836,10 +26727,10 @@ openssl_pkey0_test_done:
 
         wolfSSL_RSA_free(prvRsa);
         wolfSSL_RSA_free(pubRsa);
-        EVP_PKEY_free(pubPkey);
-        EVP_PKEY_free(prvPkey);
-        EVP_PKEY_CTX_free(dec);
-        EVP_PKEY_CTX_free(enc);
+        wolfSSL_EVP_PKEY_free(pubPkey);
+        wolfSSL_EVP_PKEY_free(prvPkey);
+        wolfSSL_EVP_PKEY_CTX_free(dec);
+        wolfSSL_EVP_PKEY_CTX_free(enc);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif /* NO_RSA */
@@ -25852,11 +26743,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
 {
     wc_test_ret_t ret = 0;
 #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_SHA)
-    EVP_PKEY_CTX* dec = NULL;
-    EVP_PKEY_CTX* enc = NULL;
-    EVP_PKEY* pubKey  = NULL;
-    EVP_PKEY* prvKey  = NULL;
-    X509* x509 = NULL;
+    WOLFSSL_EVP_PKEY_CTX* dec = NULL;
+    WOLFSSL_EVP_PKEY_CTX* enc = NULL;
+    WOLFSSL_EVP_PKEY* pubKey  = NULL;
+    WOLFSSL_EVP_PKEY* prvKey  = NULL;
+    WOLFSSL_X509* x509 = NULL;
 
     WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sugar slapped";
     const unsigned char* clikey;
@@ -25929,15 +26820,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
     }
 
     /* using existing wolfSSL api to get public and private key */
-    x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1);
+    x509 = wolfSSL_X509_load_certificate_file(clientCert, WOLFSSL_FILETYPE_ASN1);
 #endif /* USE_CERT_BUFFERS */
     clikey = tmp;
 
-    if ((prvKey = EVP_PKEY_new()) == NULL) {
+    if ((prvKey = wolfSSL_EVP_PKEY_new()) == NULL) {
         ret = WC_TEST_RET_ENC_ERRNO;
         goto openssl_pkey1_test_done;
     }
-    EVP_PKEY_free(prvKey);
+    wolfSSL_EVP_PKEY_free(prvKey);
     prvKey = NULL;
 
     if (x509 == NULL) {
@@ -25945,58 +26836,58 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
         goto openssl_pkey1_test_done;
     }
 
-    pubKey = X509_get_pubkey(x509);
+    pubKey = wolfSSL_X509_get_pubkey(x509);
     if (pubKey == NULL) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
+    prvKey = wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
     if (prvKey == NULL) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */
-    if (EVP_PKEY_bits(prvKey) != keyLenBits) {
+    /* phase 2 API to create WOLFSSL_EVP_PKEY_CTX and encrypt/decrypt */
+    if (wolfSSL_EVP_PKEY_bits(prvKey) != keyLenBits) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_size(prvKey) != keyLenBits/8) {
+    if (wolfSSL_EVP_PKEY_size(prvKey) != keyLenBits/8) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    dec = EVP_PKEY_CTX_new(prvKey, NULL);
-    enc = EVP_PKEY_CTX_new(pubKey, NULL);
+    dec = wolfSSL_EVP_PKEY_CTX_new(prvKey, NULL);
+    enc = wolfSSL_EVP_PKEY_CTX_new(pubKey, NULL);
     if (dec == NULL || enc == NULL) {
         ret = WC_TEST_RET_ENC_ERRNO;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_decrypt_init(dec) != 1) {
+    if (wolfSSL_EVP_PKEY_decrypt_init(dec) != 1) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_encrypt_init(enc) != 1) {
+    if (wolfSSL_EVP_PKEY_encrypt_init(enc) != 1) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
+    if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_PADDING) <= 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
 #ifndef HAVE_FIPS
-    if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
+    if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_OAEP_PADDING) <= 0){
         ret = WC_TEST_RET_ENC_EC(ret);
         goto openssl_pkey1_test_done;
     }
 
-    if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
+    if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(enc, WC_RSA_PKCS1_OAEP_PADDING) <= 0) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto openssl_pkey1_test_done;
     }
@@ -26004,32 +26895,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
 
     XMEMSET(cipher, 0, RSA_TEST_BYTES);
     outlen = (size_t)(keyLenBits/8);
-    if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
+    if (wolfSSL_EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto openssl_pkey1_test_done;
     }
 
     XMEMSET(plain, 0, RSA_TEST_BYTES);
-    if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
+    if (wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
         ret = WC_TEST_RET_ENC_NC;
         goto openssl_pkey1_test_done;
     }
 
 openssl_pkey1_test_done:
     if (pubKey != NULL) {
-        EVP_PKEY_free(pubKey);
+        wolfSSL_EVP_PKEY_free(pubKey);
     }
     if (prvKey != NULL) {
-        EVP_PKEY_free(prvKey);
+        wolfSSL_EVP_PKEY_free(prvKey);
     }
     if (dec != NULL) {
-        EVP_PKEY_CTX_free(dec);
+        wolfSSL_EVP_PKEY_CTX_free(dec);
     }
     if (enc != NULL) {
-        EVP_PKEY_CTX_free(enc);
+        wolfSSL_EVP_PKEY_CTX_free(enc);
     }
     if (x509 != NULL) {
-        X509_free(x509);
+        wolfSSL_X509_free(x509);
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -26050,13 +26941,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
     byte*   pubTmp;
     int prvBytes;
     int pubBytes;
-    RSA *prvRsa;
-    RSA *pubRsa;
-    EVP_PKEY *prvPkey;
-    EVP_PKEY *pubPkey;
+    WOLFSSL_RSA *prvRsa;
+    WOLFSSL_RSA *pubRsa;
+    WOLFSSL_EVP_PKEY *prvPkey;
+    WOLFSSL_EVP_PKEY *pubPkey;
 
-    EVP_MD_CTX* sign;
-    EVP_MD_CTX* verf;
+    WOLFSSL_EVP_MD_CTX* sign;
+    WOLFSSL_EVP_MD_CTX* verf;
     char msg[] = "see spot run";
     unsigned char sig[256];
     unsigned int sigSz;
@@ -26135,9 +27026,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
 
     ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
     ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
-    if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
-      printf("error with RSA_LoadDer_ex\n");
-      return WC_TEST_RET_ENC_NC;
+    if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){
+        XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        printf("error with RSA_LoadDer_ex\n");
+        return WC_TEST_RET_ENC_NC;
     }
 
     prvPkey = wolfSSL_EVP_PKEY_new();
@@ -26153,25 +27046,29 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
     if((ret1 != 1) || (ret2 != 1)){
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        printf("error with EVP_PKEY_set1_RSA\n");
+        printf("error with WOLFSSL_EVP_PKEY_set1_RSA\n");
         return WC_TEST_RET_ENC_NC;
     }
 
     /****************** sign and verify *******************/
-    sign = EVP_MD_CTX_create();
-    verf = EVP_MD_CTX_create();
+    sign = wolfSSL_EVP_MD_CTX_new();
+    verf = wolfSSL_EVP_MD_CTX_new();
     if((sign == NULL)||(verf == NULL)){
-        printf("error with EVP_MD_CTX_create\n");
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        printf("error with WOLFSSL_EVP_MD_CTX_create\n");
+        XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         return WC_TEST_RET_ENC_NC;
     }
 
-    ret = EVP_SignInit(sign, EVP_sha1());
-    if (ret != SSL_SUCCESS){
+    ret = wolfSSL_EVP_SignInit(sign, wolfSSL_EVP_sha1());
+    if (ret != WOLFSSL_SUCCESS){
         printf("error with EVP_SignInit\n");
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         return WC_TEST_RET_ENC_NC;
     }
 
@@ -26181,59 +27078,59 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
     /* sign */
     XMEMSET(sig, 0, sizeof(sig));
     pt = (const void*)msg;
-    ret1 = EVP_SignUpdate(sign, pt, count);
-    ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey);
-    if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
+    ret1 = wolfSSL_EVP_SignUpdate(sign, pt, count);
+    ret2 = wolfSSL_EVP_SignFinal(sign, sig, &sigSz, prvPkey);
+    if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
-        printf("error with EVP_MD_CTX_create\n");
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
+        printf("error with WOLFSSL_EVP_MD_CTX_create\n");
         return WC_TEST_RET_ENC_NC;
     }
     show("signature = ", (char *)sig, sigSz);
 
     /* verify */
     pt = (const void*)msg;
-    ret1 = EVP_VerifyInit(verf, EVP_sha1());
-    ret2 = EVP_VerifyUpdate(verf, pt, count);
-    if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
+    ret1 = wolfSSL_EVP_VerifyInit(verf, wolfSSL_EVP_sha1());
+    ret2 = wolfSSL_EVP_VerifyUpdate(verf, pt, count);
+    if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         printf("error with EVP_Verify\n");
         return WC_TEST_RET_ENC_NC;
     }
-    if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
+    if (wolfSSL_EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         printf("error with EVP_VerifyFinal\n");
         return WC_TEST_RET_ENC_NC;
     }
 
     /* expect fail without update */
-    EVP_VerifyInit(verf, EVP_sha1());
-    if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
+    wolfSSL_EVP_VerifyInit(verf, wolfSSL_EVP_sha1());
+    if (wolfSSL_EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
         XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        EVP_MD_CTX_destroy(sign);
-        EVP_MD_CTX_destroy(verf);
+        wolfSSL_EVP_MD_CTX_free(sign);
+        wolfSSL_EVP_MD_CTX_free(verf);
         printf("EVP_VerifyInit without update not detected\n");
         return WC_TEST_RET_ENC_NC;
     }
 
     XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    EVP_MD_CTX_destroy(sign);
-    EVP_MD_CTX_destroy(verf);
+    wolfSSL_EVP_MD_CTX_free(sign);
+    wolfSSL_EVP_MD_CTX_free(verf);
 
     wolfSSL_RSA_free(prvRsa);
     wolfSSL_RSA_free(pubRsa);
-    EVP_PKEY_free(pubPkey);
-    EVP_PKEY_free(prvPkey);
+    wolfSSL_EVP_PKEY_free(pubPkey);
+    wolfSSL_EVP_PKEY_free(prvPkey);
 
 #endif /* NO_RSA */
     return 0;
@@ -26321,7 +27218,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
     /* Test case with parallel overflowing */
     ret = wc_scrypt(derived, (byte*)"password", 16, (byte*)"NaCl", 16, 2, 4, 8388608,
                     sizeof(verify1));
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Don't run these test on embedded, since they use large mallocs */
@@ -26362,7 +27259,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
 }
 #endif
 
-#ifdef HAVE_PKCS12
+#if defined(HAVE_PKCS12) && !defined(NO_SHA256)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
 {
     WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
@@ -26397,7 +27294,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
     if (ret < 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(derived, verify, kLen) != 0)
+    if (XMEMCMP(derived, verify, (unsigned long)kLen) != 0)
         return WC_TEST_RET_ENC_NC;
 
     iterations = 1000;
@@ -26416,7 +27313,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
 
     return 0;
 }
-#endif /* HAVE_PKCS12 */
+#endif /* HAVE_PKCS12 && !NO_SHA256 */
 
 #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void)
@@ -26495,7 +27392,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
     if (ret != 0)
         return ret;
 #endif
-#ifdef HAVE_PKCS12
+#if defined(HAVE_PKCS12) && !defined(NO_SHA256)
     ret = pkcs12_pbkdf_test();
     if (ret != 0)
         return ret;
@@ -26546,7 +27443,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
     }
 
     ret = wc_i2d_PKCS12(pkcs12, NULL, &pkcs12derSz);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         if (ret == 0)
             ret = WC_TEST_RET_ENC_NC;
         else
@@ -26682,7 +27579,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(okm1, res1, L) != 0)
+    if (XMEMCMP(okm1, res1, (unsigned long)L) != 0)
         return WC_TEST_RET_ENC_NC;
 
 #ifndef HAVE_FIPS
@@ -26693,7 +27590,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(okm1, res2, L) != 0)
+    if (XMEMCMP(okm1, res2, (unsigned long)L) != 0)
         return WC_TEST_RET_ENC_NC;
 #endif /* HAVE_FIPS */
 #endif /* !NO_SHA */
@@ -26704,7 +27601,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(okm1, res3, L) != 0)
+    if (XMEMCMP(okm1, res3, (unsigned long)L) != 0)
         return WC_TEST_RET_ENC_NC;
 
 #ifndef HAVE_FIPS
@@ -26714,7 +27611,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    if (XMEMCMP(okm1, res4, L) != 0)
+    if (XMEMCMP(okm1, res4, (unsigned long)L) != 0)
         return WC_TEST_RET_ENC_NC;
 #endif /* HAVE_FIPS */
 #endif /* !NO_SHA256 */
@@ -26854,7 +27751,7 @@ static const SshKdfTestVector sshKdfTestVectors[] = {
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void)
 {
-    byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and AES_BLOCK_SIZE */
+    byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and WC_AES_BLOCK_SIZE */
     word32 i;
     word32 tc = sizeof(sshKdfTestVectors)/sizeof(SshKdfTestVector);
     const SshKdfTestVector* tv = NULL;
@@ -26921,7 +27818,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void)
     int lblsdL = LBSL;
     int hash_type = sha384_mac;
 
-    ret = wc_PRF(dig, (word32)digL, secret, secL, lablSd, lblsdL, hash_type,
+    ret = wc_PRF(dig, (word32)digL, secret, (word32)secL, lablSd,
+                 (word32)lblsdL, hash_type,
                  HEAP_HINT, INVALID_DEVID);
     if (ret != 0) {
         printf("Failed w/ code: %d\n", ret);
@@ -26981,7 +27879,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void)
             (const byte*)label, (word32)XSTRLEN(label), seed, seedSz,
             1, sha256_mac, NULL, INVALID_DEVID);
     if (ret != 0) {
-        if (ret == FIPS_PRIVATE_KEY_LOCKED_E) {
+        if (ret == WC_NO_ERR_TRACE(FIPS_PRIVATE_KEY_LOCKED_E)) {
             printf("    wc_PRF_TLSv12: Private key locked.\n");
         }
         return WC_TEST_RET_ENC_NC;
@@ -27566,117 +28464,123 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void)
         XMEMSET(zeroes, 0, sizeof zeroes);
 
         hashAlgSz = wc_HashGetDigestSize(tv->hashAlg);
-        if (hashAlgSz == BAD_FUNC_ARG) break;
+        if (hashAlgSz == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) break;
         ret = wc_Hash(tv->hashAlg, NULL, 0, hashZero, (word32)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Extract(secret, NULL, 0,
                 (tv->pskSz == 0) ? zeroes : (byte*)tv->psk,
-                tv->pskSz, tv->hashAlg);
+                tv->pskSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)ceTrafficLabel, (word32)XSTRLEN(ceTrafficLabel),
-                tv->hashHello1, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashHello1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->clientEarlyTrafficSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->clientEarlyTrafficSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)eExpMasterLabel, (word32)XSTRLEN(eExpMasterLabel),
-                tv->hashHello1, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashHello1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->earlyExporterMasterSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->earlyExporterMasterSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
-                hashZero, (word32)hashAlgSz, tv->hashAlg);
+                hashZero, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz,
                 (tv->dheSz == 0) ? zeroes : (byte*)tv->dhe,
-                tv->dheSz, tv->hashAlg);
+                tv->dheSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)cHsTrafficLabel, (word32)XSTRLEN(cHsTrafficLabel),
-                tv->hashHello2, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashHello2, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = XMEMCMP(tv->clientHandshakeTrafficSecret,
-                output, hashAlgSz);
+                output, (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)sHsTrafficLabel, (word32)XSTRLEN(sHsTrafficLabel),
-                tv->hashHello2, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashHello2, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
-                hashZero, (word32)hashAlgSz, tv->hashAlg);
+                hashZero, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz,
-                zeroes, (word32)(word32)hashAlgSz, tv->hashAlg);
+                zeroes, (word32)(word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)cAppTrafficLabel, (word32)XSTRLEN(cAppTrafficLabel),
-                tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->clientApplicationTrafficSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->clientApplicationTrafficSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)sAppTrafficLabel, (word32)XSTRLEN(sAppTrafficLabel),
-                tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->serverApplicationTrafficSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->serverApplicationTrafficSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)expMasterLabel, (word32)XSTRLEN(expMasterLabel),
-                tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->exporterMasterSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->exporterMasterSecret, output, (unsigned long)hashAlgSz);
         if (ret != 0) break;
 
         ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
                 secret, (word32)hashAlgSz,
                 (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
                 (byte*)resMasterLabel, (word32)XSTRLEN(resMasterLabel),
-                tv->hashFinished2, (word32)hashAlgSz, tv->hashAlg);
+                tv->hashFinished2, (word32)hashAlgSz, (int)tv->hashAlg);
         if (ret != 0) break;
 
-        ret = XMEMCMP(tv->resumptionMasterSecret, output, hashAlgSz);
+        ret = XMEMCMP(tv->resumptionMasterSecret, output,
+                (unsigned long)hashAlgSz);
         if (ret != 0) break;
     }
 
@@ -27925,7 +28829,7 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
     /* Negative test case with NULL argument */
     if (ret == 0) {
         ret = wc_HpkeGenerateKeyPair(NULL, &receiverKey, rng);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = WC_TEST_RET_ENC_EC(ret);
         else
             ret = 0;
@@ -27933,7 +28837,7 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
 
     if (ret == 0) {
         ret = wc_HpkeGenerateKeyPair(hpke, NULL, rng);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = WC_TEST_RET_ENC_EC(ret);
         else
             ret = 0;
@@ -27941,7 +28845,7 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
 
     if (ret == 0) {
         ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, NULL);
-        if (ret != BAD_FUNC_ARG)
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
             ret = WC_TEST_RET_ENC_EC(ret);
         else
             ret = 0;
@@ -27963,6 +28867,106 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
     return ret;
 }
 
+static wc_test_ret_t hpke_test_multi(Hpke* hpke)
+{
+    wc_test_ret_t ret = 0;
+    int rngRet = 0;
+    WC_RNG rng[1];
+    const char* start_text = "this is a test";
+    const char* info_text = "info";
+    const char* aad_text = "aad";
+    byte ciphertexts[2][MAX_HPKE_LABEL_SZ];
+    byte plaintext[MAX_HPKE_LABEL_SZ];
+    void* receiverKey = NULL;
+    void* ephemeralKey = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    HpkeBaseContext* context = NULL;
+    byte *pubKey = NULL; /* public key */
+    word16 pubKeySz = (word16)HPKE_Npk_MAX;
+#else
+    HpkeBaseContext context[1];
+    byte pubKey[HPKE_Npk_MAX]; /* public key */
+    word16 pubKeySz = (word16)sizeof(pubKey);
+#endif
+    rngRet = ret = wc_InitRng(rng);
+    if (ret != 0)
+        return ret;
+#ifdef WOLFSSL_SMALL_STACK
+    pubKey = (byte *)XMALLOC(pubKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (pubKey == NULL)
+        ret = MEMORY_E;
+    if (ret == 0) {
+        context = (HpkeBaseContext*)XMALLOC(sizeof(HpkeBaseContext), HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    if (context == NULL)
+        ret = MEMORY_E;
+#endif
+    /* generate the keys */
+    if (ret == 0)
+        ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng);
+    if (ret == 0)
+        ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, rng);
+    /* setup seal context */
+    if (ret == 0) {
+        ret = wc_HpkeInitSealContext(hpke, context, ephemeralKey, receiverKey,
+            (byte*)info_text, (word32)XSTRLEN(info_text));
+    }
+    /* seal message 0 */
+    if (ret == 0) {
+        ret = wc_HpkeContextSealBase(hpke, context,
+            (byte*)aad_text, (word32)XSTRLEN(aad_text),
+            (byte*)start_text, (word32)XSTRLEN(start_text),
+            ciphertexts[context->seq]);
+    }
+    /* seal message 1 */
+    if (ret == 0) {
+        ret = wc_HpkeContextSealBase(hpke, context,
+            (byte*)aad_text, (word32)XSTRLEN(aad_text),
+            (byte*)start_text, (word32)XSTRLEN(start_text),
+            ciphertexts[context->seq]);
+    }
+    /* export ephemeral key */
+    if (ret == 0)
+        ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, &pubKeySz);
+    /* setup open context */
+    if (ret == 0) {
+        ret = wc_HpkeInitOpenContext(hpke, context, receiverKey, pubKey,
+            pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
+    }
+    /* open message 0 */
+    if (ret == 0) {
+        ret = wc_HpkeContextOpenBase(hpke, context, (byte*)aad_text,
+            (word32)XSTRLEN(aad_text), ciphertexts[context->seq],
+            (word32)XSTRLEN(start_text), plaintext);
+    }
+    /* check message 0 */
+    if (ret == 0)
+        ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text));
+    /* open message 1 */
+    if (ret == 0) {
+        ret = wc_HpkeContextOpenBase(hpke, context, (byte*)aad_text,
+            (word32)XSTRLEN(aad_text), ciphertexts[context->seq],
+            (word32)XSTRLEN(start_text), plaintext);
+    }
+    /* check message 1 */
+    if (ret == 0)
+        ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text));
+    if (ephemeralKey != NULL)
+        wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap);
+    if (receiverKey != NULL)
+        wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap);
+#ifdef WOLFSSL_SMALL_STACK
+    if (pubKey != NULL)
+        XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (context != NULL)
+        XFREE(context, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    if (rngRet == 0)
+        wc_FreeRng(rng);
+    return ret;
+}
+
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
 {
     wc_test_ret_t ret = 0;
@@ -27974,14 +28978,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
     /* p256 */
     ret = wc_HpkeInit(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA256,
         HPKE_AES_128_GCM, NULL);
-
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
-
     ret = hpke_test_single(hpke);
-
     if (ret != 0)
         return ret;
+    ret = hpke_test_multi(hpke);
+    if (ret != 0)
+        return ret;
+
     #endif
 
     #if defined(WOLFSSL_SHA384) && \
@@ -27989,12 +28994,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
     /* p384 */
     ret = wc_HpkeInit(hpke, DHKEM_P384_HKDF_SHA384, HKDF_SHA384,
         HPKE_AES_128_GCM, NULL);
-
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
-
     ret = hpke_test_single(hpke);
-
+    if (ret != 0)
+        return ret;
+    ret = hpke_test_multi(hpke);
     if (ret != 0)
         return ret;
     #endif
@@ -28004,12 +29009,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
     /* p521 */
     ret = wc_HpkeInit(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA512,
         HPKE_AES_128_GCM, NULL);
-
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
-
     ret = hpke_test_single(hpke);
-
+    if (ret != 0)
+        return ret;
+    ret = hpke_test_multi(hpke);
     if (ret != 0)
         return ret;
     #endif
@@ -28018,13 +29023,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
 #if defined(HAVE_CURVE25519)
     /* test with curve25519 and aes256 */
     ret = wc_HpkeInit(hpke, DHKEM_X25519_HKDF_SHA256, HKDF_SHA256,
-            HPKE_AES_256_GCM, NULL);
-
+        HPKE_AES_256_GCM, NULL);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
-
     ret = hpke_test_single(hpke);
-
+    if (ret != 0)
+        return ret;
+    ret = hpke_test_multi(hpke);
     if (ret != 0)
         return ret;
 #endif
@@ -28037,13 +29042,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
         HPKE_AES_256_GCM, NULL);
 
     /* HPKE does not support X448 yet, so expect failure */
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = hpke_test_single(hpke);
 
     /* HPKE does not support X448 yet, so expect failure */
-    if (WC_TEST_RET_DEC_EC(ret) != BAD_FUNC_ARG)
+    if (WC_TEST_RET_DEC_EC(ret) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return ret;
     ret = 0; /* reset error code */
 #endif
@@ -28427,78 +29432,78 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
     ret = wc_SRTP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
         tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
             tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
             keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
         tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         25, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         25, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         -2, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
         -2, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
         keyS, tv[i].ksSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
@@ -28679,12 +29684,12 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
 
     ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_import_raw(userA, vector->Qx, vector->Qy,
                                                   vector->d, vector->curveName);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #if !defined(NO_ASN)
     XMEMSET(sig, 0, ECC_SIG_SIZE);
@@ -28699,7 +29704,7 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
     ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
                                                              sigRaw, &sigRawSz);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) {
         ret = WC_TEST_RET_ENC_NC;
         goto done;
@@ -28707,7 +29712,7 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
 
     ret = wc_ecc_sig_to_rs(sig, sigSz, r, &rSz, s, &sSz);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (rSz != vector->rSz || XMEMCMP(r, vector->r, rSz) != 0 ||
         sSz != vector->sSz || XMEMCMP(s, vector->s, sSz) != 0) {
         ret = WC_TEST_RET_ENC_NC;
@@ -28733,9 +29738,9 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
         if (ret == 0)
             ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg,
                                                vector->msgLen, &verify, userA);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
     if (verify != 1)
@@ -28987,7 +29992,9 @@ static wc_test_ret_t ecc_test_vector(int keySize)
         break;
 #endif /* HAVE_ECC521 */
     default:
-        return NOT_COMPILED_IN; /* Invalid key size / Not supported */
+        return WC_TEST_RET_ENC_EC(NOT_COMPILED_IN); /* Invalid key size /
+                                                     * Not supported
+                                                     */
     }; /* Switch */
 
     ret = ecc_test_vector_item(&vec);
@@ -29018,9 +30025,8 @@ static wc_test_ret_t ecdsa_test_deterministic_k_sig(ecc_key *key,
     ret = wc_Hash(hashType,
         (byte*)msg, (word32)XSTRLEN(msg),
         hash, sizeof(hash));
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     /* Sign test */
     sigSz = sizeof(sig);
@@ -29031,10 +30037,9 @@ static wc_test_ret_t ecdsa_test_deterministic_k_sig(ecc_key *key,
         if (ret == 0)
             ret = wc_ecc_sign_hash(hash, wc_HashGetDigestSize(hashType),
                 sig, &sigSz, rng, key);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
     /* Compare test vector */
@@ -29047,7 +30052,7 @@ static wc_test_ret_t ecdsa_test_deterministic_k_sig(ecc_key *key,
         goto done;
     }
 
-    /* Verificiation */
+    /* Verification */
     verify = 0;
     do {
     #if defined(WOLFSSL_ASYNC_CRYPT)
@@ -29056,10 +30061,9 @@ static wc_test_ret_t ecdsa_test_deterministic_k_sig(ecc_key *key,
         if (ret == 0)
             ret = wc_ecc_verify_hash(sig, sigSz,
                 hash, wc_HashGetDigestSize(hashType), &verify, key);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (verify != 1) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
@@ -29100,7 +30104,7 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
                 0xA8
     };
 #endif
-#ifdef WOLFSSL_SHA384
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     WOLFSSL_SMALL_STACK_STATIC const byte expSig384[] = {
         0x30, 0x44, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
             0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
@@ -29115,7 +30119,7 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
                 0x26, 0x1f, 0x13, 0xab, 0xde, 0x94, 0x09, 0x54
     };
 #endif
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     WOLFSSL_SMALL_STACK_STATIC const byte expSig512[] = {
         0x30, 0x45, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
             0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
@@ -29139,45 +30143,39 @@ static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
 #endif
 
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     key_inited = 1;
     ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_set_deterministic(key, 1);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifndef NO_SHA256
     /* Test for SHA2-256 */
     ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA256, msg, rng,
         expSig256, sizeof(expSig256));
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #endif /* !NO_SHA256 */
 
-#ifdef WOLFSSL_SHA384
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     /* Test for SHA2-384 */
     ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA384, msg, rng,
         expSig384, sizeof(expSig384));
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #endif /* WOLFSSL_SHA384 */
 
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     /* Test for SHA2-512 */
     ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA512, msg, rng,
         expSig512, sizeof(expSig512));
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #endif /* WOLFSSL_SHA512 */
 
 done:
@@ -29205,34 +30203,31 @@ static wc_test_ret_t ecdsa_test_deterministic_k_rs(ecc_key *key,
     ret = wc_Hash(hashType,
         (byte*)msg, (word32)XSTRLEN(msg),
         hash, sizeof(hash));
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_sign_hash_ex(hash, wc_HashGetDigestSize(hashType), rng, key,
         r, s);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
     if (mp_cmp(r, expR) != MP_EQ && mp_cmp(s, expS) != MP_EQ) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
 
-    /* Verificiation */
+    /* Verification */
     verify = 0;
     ret = wc_ecc_verify_hash_ex(r, s, hash, wc_HashGetDigestSize(hashType),
         &verify, key);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (verify != 1) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
@@ -29273,7 +30268,7 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
        "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB"
        "EFDC63ECCD1AC42EC0CB8668A4FA0AB0";
 #endif
-#ifdef WOLFSSL_SHA384
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 =
         "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C"
         "81A648152E44ACF96E36DD1E80FABE46";
@@ -29281,7 +30276,7 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
         "99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94F"
         "A329C145786E679E7B82C71A38628AC8";
 #endif
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 =
         "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799C"
         "FE30F35CC900056D7C99CD7882433709";
@@ -29303,31 +30298,26 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
         (expR == NULL) ||
         (expS == NULL))
     {
-        ret = MEMORY_E;
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), done);
     }
 #endif
 
     ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
-    if (ret != MP_OKAY) {
-        goto done;
-    }
+    if (ret != MP_OKAY)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     tmp_mp_ints_inited = 1;
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     key_inited = 1;
 
     ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP384R1");
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_set_deterministic(key, 1);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifndef NO_SHA256
     /* Test for SHA2-256 */
@@ -29335,31 +30325,28 @@ static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
     mp_read_radix(expS, expSstr256, MP_RADIX_HEX);
     ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng,
         r, s, expR, expS);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(ret, done);
 #endif /* NO_SHA256 */
 
-#ifdef WOLFSSL_SHA384
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     /* Test for SHA2-384 */
     mp_read_radix(expR, expRstr384, MP_RADIX_HEX);
     mp_read_radix(expS, expSstr384, MP_RADIX_HEX);
     ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng,
         r, s, expR, expS);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(ret, done);
 #endif /* WOLFSSL_SHA384 */
 
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     /* Test for SHA2-512 */
     mp_read_radix(expR, expRstr512, MP_RADIX_HEX);
     mp_read_radix(expS, expSstr512, MP_RADIX_HEX);
     ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng,
         r, s, expR, expS);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(ret, done);
 #endif /* WOLFSSL_SHA512 */
 
 done:
@@ -29420,7 +30407,7 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
         "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E"
         "CFC";
 #endif
-#ifdef WOLFSSL_SHA384
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 =
         "1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4"
         "B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67"
@@ -29430,7 +30417,7 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
         "FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65"
         "D61";
 #endif
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 =
         "0C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F1"
         "74E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E37"
@@ -29454,31 +30441,27 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
         (expR == NULL) ||
         (expS == NULL))
     {
-        ret = MEMORY_E;
+        ret = WC_TEST_RET_ENC_EC(MEMORY_E);
         goto done;
     }
 #endif
 
     ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
-    if (ret != MP_OKAY) {
-        goto done;
-    }
+    if (ret != MP_OKAY)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     tmp_mp_ints_inited = 1;
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        return WC_TEST_RET_ENC_EC(ret);
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     key_inited = 1;
 
     ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP521R1");
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_set_deterministic(key, 1);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifndef NO_SHA256
     /* Test for SHA2-256 */
@@ -29486,31 +30469,28 @@ static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
     mp_read_radix(expS, expSstr256, MP_RADIX_HEX);
     ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng,
         r, s, expR, expS);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(ret, done);
 #endif /* NO_SHA256 */
 
-#ifdef WOLFSSL_SHA384
+#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     /* Test for SHA2-384 */
     mp_read_radix(expR, expRstr384, MP_RADIX_HEX);
     mp_read_radix(expS, expSstr384, MP_RADIX_HEX);
     ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng,
         r, s, expR, expS);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(ret, done);
 #endif /* WOLFSSL_SHA384 */
 
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
     /* Test for SHA2-512 */
     mp_read_radix(expR, expRstr512, MP_RADIX_HEX);
     mp_read_radix(expS, expSstr512, MP_RADIX_HEX);
     ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng,
         r, s, expR, expS);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(ret, done);
 #endif /* WOLFSSL_SHA512 */
 
 done:
@@ -29575,24 +30555,21 @@ static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
 #endif
 
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     key_inited = 1;
 
     ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #if (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) \
     && (HAVE_FIPS_VERSION > 2)))
     wc_ecc_set_flags(key, WC_ECC_FLAG_DEC_SIGN);
 #endif
 
     ret = wc_ecc_sign_set_k(k, sizeof(k), key);
-    if (ret != 0) {
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     sigSz = sizeof(sig);
     do {
@@ -29601,10 +30578,9 @@ static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
     #endif
         if (ret == 0)
             ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
     if (sigSz != sizeof(expSig)) {
@@ -29623,10 +30599,9 @@ static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
     #endif
         if (ret == 0)
             ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
 done:
@@ -29663,7 +30638,7 @@ static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((pub_key == NULL) ||
         (priv_key == NULL)) {
-        ret = MEMORY_E;
+        ret = WC_TEST_RET_ENC_EC(MEMORY_E);
         goto done;
     }
 #endif
@@ -29674,25 +30649,25 @@ static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
     /* setup private and public keys */
     ret = wc_ecc_init_ex(pub_key, HEAP_HINT, devId);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     ret = wc_ecc_init_ex(priv_key, HEAP_HINT, devId);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     wc_ecc_set_flags(pub_key, WC_ECC_FLAG_COFACTOR);
     wc_ecc_set_flags(priv_key, WC_ECC_FLAG_COFACTOR);
     ret = wc_ecc_import_raw(pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1");
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     ret = wc_ecc_import_raw(priv_key, QIUTx, QIUTy, dIUT, "SECP256R1");
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
     !defined(HAVE_SELFTEST)
     ret = wc_ecc_set_rng(priv_key, rng);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #else
     (void)rng;
 #endif
@@ -29705,17 +30680,16 @@ static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(priv_key, pub_key, sharedA, &x);
-    } while (ret == WC_PENDING_E);
-    if (ret != 0) {
-        goto done;
-    }
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
 
     /* read in expected Z */
     z = sizeof(sharedB);
     ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z);
     if (ret != 0)
-        goto done;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     /* compare results */
     if (x != z || XMEMCMP(sharedA, sharedB, x)) {
@@ -29919,7 +30893,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
             ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp,
                 &tmpSz, rng, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -29935,7 +30909,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
             ret = wc_ecc_verify_hash(tmp, tmpSz, msg,
                 (word32)XSTRLEN((const char*)msg), &verify, key);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -30007,7 +30981,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
         if (ret == 0) {
             ret = wc_ecc_shared_secret(key, pub, exportBuf, &x);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     wc_ecc_free(pub);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
@@ -30340,12 +31314,12 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
 #endif
 #ifdef WOLF_CRYPTO_CB_ONLY_ECC
-    if (ret == NO_VALID_DEVID) {
+    if (ret == WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ret = 0;
         goto done; /* no software case */
     }
 #endif
-    if (ret == ECC_CURVE_OID_E)
+    if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E))
         goto done; /* catch case, where curve is not supported */
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
@@ -30397,7 +31371,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -30409,7 +31383,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -30432,7 +31406,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -30444,7 +31418,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -30489,7 +31463,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -30528,7 +31502,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
         #endif
             if (ret == 0)
                 ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -30548,11 +31522,8 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
 #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
     !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC))
 #ifdef HAVE_ECC_SIGN
-    /* ECC w/out Shamir has issue with all 0 digest */
-    /* WC_BIGINT doesn't have 0 len well on hardware */
-    /* Cryptocell has issues with all 0 digest */
-#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
-    !defined(WOLFSSL_CRYPTOCELL)
+    /* some hardware doesn't support sign/verify of all zero digest */
+#if !defined(WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST)
     /* test DSA sign hash with zeros */
     for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
         digest[i] = 0;
@@ -30566,7 +31537,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
         if (ret == 0)
             ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
                                                                         userA);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -30581,7 +31552,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
             if (ret == 0)
                 ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
                                                                &verify, userA);
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
         if (verify != 1)
@@ -30589,7 +31560,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
         TEST_SLEEP();
     }
 #endif /* HAVE_ECC_VERIFY */
-#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
+#endif /* !WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST */
 
     /* test DSA sign hash with sequence (0,1,2,3,4,...) */
     for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
@@ -30603,7 +31574,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
     #endif
         if (ret == 0)
             ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     TEST_SLEEP();
@@ -30617,7 +31588,7 @@ static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerif
         #endif
             if (ret == 0)
                 ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify, userA);
-        } while (ret == WC_PENDING_E);
+        } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
         if (verify != 1)
@@ -30699,7 +31670,7 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
     ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, curve_id,
         NULL);
     if (ret < 0) {
-        if (ret == ECC_CURVE_OID_E) {
+        if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
             /* ignore error for curves not found */
             /* some curve sizes are only available with:
                 HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL
@@ -30732,7 +31703,7 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
     !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
     ret = ecc_test_key_decode(rng, keySize);
     if (ret < 0) {
-        if (ret == ECC_CURVE_OID_E) {
+        if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
             /* ignore error for curves not found */
         }
         else {
@@ -30745,7 +31716,7 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
 #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
     ret = ecc_test_key_gen(rng, keySize);
     if (ret < 0) {
-        if (ret == ECC_CURVE_OID_E) {
+        if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
             /* ignore error for curves not found */
         }
         else {
@@ -30841,90 +31812,86 @@ static wc_test_ret_t ecc_point_test(void)
     /* Parameter Validation testing. */
     wc_ecc_del_point(NULL);
     ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_export_point_der(-1, point, out, &outLen);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen);
-    if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) || outLen != sizeof(out)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_export_point_der(curve_idx, point, out, NULL);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     outLen = 0;
     ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
-    if (ret != BUFFER_E) {
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_copy_point(NULL, NULL);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_copy_point(NULL, point2);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_copy_point(point, NULL);
-    if (ret != ECC_BAD_ARG_E) {
+    if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_cmp_point(NULL, NULL);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_cmp_point(NULL, point2);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_cmp_point(point, NULL);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
 
     /* Use API. */
     ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     outLen = sizeof(out);
     ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (outLen != sizeof(der)) {
         ret = WC_TEST_RET_ENC_NC;
         goto done;
@@ -30946,10 +31913,8 @@ static wc_test_ret_t ecc_point_test(void)
     }
 
     ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     ret = wc_ecc_cmp_point(point2, point);
     if (ret != MP_GT) {
         ret = WC_TEST_RET_ENC_EC(ret);
@@ -30959,16 +31924,12 @@ static wc_test_ret_t ecc_point_test(void)
 #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
     ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_cmp_point(point3, point4);
     if (ret != MP_EQ) {
@@ -30977,16 +31938,12 @@ static wc_test_ret_t ecc_point_test(void)
     }
 
     ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_cmp_point(point3, point4);
     if (ret != MP_EQ) {
@@ -31091,31 +32048,23 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
 
     privLen = sizeof(priv);
     ret = wc_ecc_export_private_only(key, priv, &privLen);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     pubLen = sizeof(pub);
     ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, keyImp);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     wc_ecc_free(keyImp);
     wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
 
     ret = wc_ecc_import_raw_ex(keyImp, qx, qy, d, ECC_SECP256R1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     wc_ecc_free(keyImp);
     wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
@@ -31129,10 +32078,8 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
     /* test import private only */
     ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, keyImp,
                                        curve_id);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     wc_ecc_free(keyImp);
     wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
@@ -31140,18 +32087,14 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
     /* test export public raw */
     pubLenX = pubLenY = 32;
     ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifndef HAVE_SELFTEST
     /* test import of public */
     ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #endif
 
     wc_ecc_free(keyImp);
@@ -31161,18 +32104,14 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
     pubLenX = pubLenY = privLen = 32;
     ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY,
         priv, &privLen);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifndef HAVE_SELFTEST
     /* test import of private and public */
     ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], priv, ECC_SECP256R1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #endif
 
 done:
@@ -31234,10 +32173,8 @@ static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
     ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
                         wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
                         1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 #ifdef WOLFSSL_PUBLIC_MP
     priv = wc_ecc_key_get_priv(key1);
@@ -31245,10 +32182,8 @@ static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
     ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
                         wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
                         1);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (!wc_ecc_point_is_at_infinity(&key3->pubkey)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
@@ -31291,16 +32226,16 @@ static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
 
     /* Parameter Validation testing. */
     ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
@@ -31321,7 +32256,7 @@ static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
     #endif
         if (ret == 0)
             ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
@@ -31353,15 +32288,13 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
 
     /* Use API */
     ret = wc_ecc_set_flags(NULL, 0);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_ecc_set_flags(key, 0);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 #ifndef WOLF_CRYPTO_CB_ONLY_ECC
 #ifndef WC_NO_RNG
     ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
@@ -31510,22 +32443,22 @@ static wc_test_ret_t ecc_decode_test(void)
 
     inSz = sizeof(good);
     ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, key, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_EccPublicKeyDecode(good, NULL, key, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, 0);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -31534,14 +32467,14 @@ static wc_test_ret_t ecc_decode_test(void)
     inOutIdx = 2;
     inSz = sizeof(good) - inOutIdx;
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inOutIdx = 4;
     inSz = sizeof(good) - inOutIdx;
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -31549,56 +32482,66 @@ static wc_test_ret_t ecc_decode_test(void)
     inSz = sizeof(badNoObjId);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
-    if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badOneObjId);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
-    if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badObjId1Len);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badObj2d1Len);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNotBitStr);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
-    if (ret != ASN_BITSTR_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_BITSTR_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badBitStrLen);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, key, inSz);
-    if (ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badNoBitStrZero);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
-    if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
     inSz = sizeof(badPoint);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
-    if (ret != ASN_ECC_KEY_E && ret != ASN_PARSE_E) {
+    if (ret != WC_NO_ERR_TRACE(ASN_ECC_KEY_E) &&
+        ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
+    {
         ret = WC_TEST_RET_ENC_EC(ret);
         goto done;
     }
@@ -31606,10 +32549,8 @@ static wc_test_ret_t ecc_decode_test(void)
     inSz = sizeof(good);
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
 done:
 
@@ -31740,10 +32681,8 @@ static wc_test_ret_t ecc_test_custom_curves(WC_RNG* rng)
 #endif
 
     ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
-    if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        goto done;
-    }
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
     inOutIdx = 0;
     ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, key,
@@ -32032,7 +32971,7 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
 
 #ifndef WC_NO_RNG
     ret = wc_ecc_sm2_make_key(rng, userA, WC_ECC_FLAG_NONE);
-    if (ret == ECC_CURVE_OID_E)
+    if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E))
         goto done; /* catch case, where curve is not supported */
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
@@ -32342,7 +33281,8 @@ static int test_sm2_verify(void)
 #endif /* WOLFSSL_SM2 */
 
 
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME)
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \
+    !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
 
 /* Make Cert / Sign example for ECC cert and ECC CA */
 static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
@@ -32537,7 +33477,7 @@ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
             ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
                               FOURK_BUF, NULL, caEccKey, rng);
         }
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
     certSz = (int)ret;
@@ -32629,6 +33569,7 @@ exit:
 /* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */
 #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_HAVE_SP_ECC) && \
     defined(WOLFSSL_PUBLIC_MP)
+#ifndef NO_ECC256
 /* ECC Private Key "d" */
 static const byte p256PrivKey[] = {
     /* SECP256R1 */
@@ -32638,6 +33579,7 @@ static const byte p256PrivKey[] = {
     0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f,
     0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8
 };
+#endif
 #ifdef HAVE_ECC384
 static const byte p384PrivKey[] = {
     /* SECP384R1 */
@@ -32667,6 +33609,7 @@ static const byte p521PrivKey[] = {
 #endif /* HAVE_ECC521 */
 
 /* ECC public key Qx/Qy */
+#ifndef NO_ECC256
 static const byte p256PubKey[] = {
     /* SECP256R1 */
     /* Qx */
@@ -32680,6 +33623,7 @@ static const byte p256PubKey[] = {
     0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb,
     0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61
 };
+#endif
 #ifdef HAVE_ECC384
 static const byte p384PubKey[] = {
     /* SECP384R1 */
@@ -32723,6 +33667,9 @@ static const byte p521PubKey[] = {
     0x40, 0x5c, 0x4f, 0xd6, 0x13, 0x73, 0x42, 0xbc,
     0x91, 0xd9
 };
+#endif
+
+#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
 
 /* perform verify of signature and hash using public key */
 /* key is public Qx + public Qy */
@@ -33059,12 +34006,14 @@ static wc_test_ret_t ecc_test_nonblock(WC_RNG* rng)
     const byte* pubKeys[3] = {NULL, NULL, NULL};
     word32 pubKeySzs[3] = {0, 0, 0};
 
+#ifndef NO_ECC256
     curveIds[0] = ECC_SECP256R1;
     curveSzs[0] = 32;
     privKeys[0] = p256PrivKey;
     privKeySzs[0] = sizeof(p256PrivKey);
     pubKeys[0] = p256PubKey;
     pubKeySzs[0] = sizeof(p256PubKey);
+#endif
 #ifdef HAVE_ECC384
     curveIds[1] = ECC_SECP384R1;
     curveSzs[1] = 48;
@@ -33379,7 +34328,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
 #elif defined(HAVE_ECC_KEY_IMPORT)
     (void)ecc_test_make_pub; /* for compiler warning */
 #endif
-#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME)
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \
+    !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
     ret = ecc_test_cert_gen(&rng);
     if (ret != 0) {
         printf("ecc_test_cert_gen failed!\n");
@@ -33414,7 +34364,12 @@ done:
 #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
     (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
 
+#if !defined(WOLFSSL_NO_MALLOC)
+
 #if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3))
+/* maximum encrypted message:
+ * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */
+#define MAX_ECIES_TEST_SZ 200
 static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
 {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -33422,9 +34377,9 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
     byte* encrypted;
     byte* decrypted;
 #else
-    byte plaintext[128];
-    byte encrypted[128];
-    byte decrypted[128];
+    byte plaintext[MAX_ECIES_TEST_SZ];
+    byte encrypted[MAX_ECIES_TEST_SZ];
+    byte decrypted[MAX_ECIES_TEST_SZ];
 #endif
     ecEncCtx* aCtx = NULL;
     ecEncCtx* bCtx = NULL;
@@ -33433,25 +34388,37 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
     wc_test_ret_t ret = 0;
     static const char message[] = "Hello wolfSSL!";
     word32 plaintextLen;
-    word32 encryptLen = 128;
-    word32 decryptLen = 128;
+    word32 encryptLen = MAX_ECIES_TEST_SZ;
+    word32 decryptLen = MAX_ECIES_TEST_SZ;
+    int    aInit = 0;
+    int    bInit = 0;
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    plaintext = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    encrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    decrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    plaintext = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    encrypted = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    decrypted = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     wc_ecc_free(a);
     wc_ecc_free(b);
 
     ret = wc_ecc_init(a);
-    if (ret != 0)
+    if (ret != 0) {
         ret = WC_TEST_RET_ENC_EC(ret);
+    }
+    else {
+        aInit = 1;
+    }
+
+
     if (ret == 0) {
         ret = wc_ecc_init(b);
-        if (ret != 0)
+        if (ret != 0) {
             ret = WC_TEST_RET_ENC_EC(ret);
+        }
+        else {
+            bInit = 1;
+        }
     }
 
     if (ret == 0)
@@ -33488,10 +34455,10 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
             ret = 10473;
     }
 
-    XMEMSET(plaintext, 0, 128);
+    XMEMSET(plaintext, 0, MAX_ECIES_TEST_SZ);
     XSTRLCPY((char *)plaintext, message, sizeof plaintext);
-    plaintextLen = (((word32)XSTRLEN(message) + AES_BLOCK_SIZE - 1) /
-                    AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
+    plaintextLen = (((word32)XSTRLEN(message) + WC_AES_BLOCK_SIZE - 1) /
+                    WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE;
 
     /* encrypt */
     if (ret == 0) {
@@ -33513,8 +34480,13 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
     if (ret == 0 && XMEMCMP(decrypted, plaintext, plaintextLen) != 0)
         ret = WC_TEST_RET_ENC_NC;
 
-    wc_ecc_free(a);
-    wc_ecc_free(b);
+    if (aInit) {
+        wc_ecc_free(a);
+    }
+
+    if (bInit) {
+        wc_ecc_free(b);
+    }
 
     wc_ecc_ctx_free(aCtx);
     wc_ecc_ctx_free(bCtx);
@@ -33529,6 +34501,8 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
 }
 #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
 
+#endif /* !WOLFSSL_NO_MALLOC */
+
 /* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in
  * wolfFIPS 5.3.
  * ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test().
@@ -33771,6 +34745,7 @@ static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng)
 }
 #endif
 
+#ifndef WOLFSSL_NO_MALLOC
 static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB,
     byte encAlgo, byte kdfAlgo, byte macAlgo)
 {
@@ -34039,6 +35014,7 @@ done:
 
     return ret;
 }
+#endif
 
 #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
 
@@ -34114,7 +35090,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
 
 #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
 
-#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC)
 #ifdef WOLFSSL_AES_128
     if (ret == 0) {
         ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
@@ -34150,7 +35126,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
     }
 #endif
 #endif
-#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
+#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && !defined(WOLFSSL_NO_MALLOC)
 #ifdef WOLFSSL_AES_128
     if (ret == 0) {
         ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CTR,
@@ -34170,7 +35146,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
     }
 #endif
 #endif /* !NO_AES && WOLFSSL_AES_COUNTER */
-#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC)
     if (ret == 0) {
         ret = ecc_ctx_kdf_salt_test(&rng, userA, userB);
     }
@@ -34313,10 +35289,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
     #endif
         if (ret == 0)
             ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, cliKey);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
-TEST_SLEEP();
+    TEST_SLEEP();
 
     XMEMSET(plain, 0, sizeof(plain));
 
@@ -34327,7 +35303,7 @@ TEST_SLEEP();
         if (ret == 0)
             ret = wc_ecc_verify_hash(out, x, in, inLen, &verify,
                 cliKey);
-    } while (ret == WC_PENDING_E);
+    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
     if (verify != 1)
@@ -34384,7 +35360,7 @@ TEST_SLEEP();
 #else
 #define X25519_TEST_CNT    1
 #endif
-static wc_test_ret_t curve25519_overflow_test(void)
+static wc_test_ret_t curve25519_overflow_test(WC_RNG* rng)
 {
     /* secret key for party a */
     byte sa[X25519_TEST_CNT][32] = {
@@ -34502,6 +35478,10 @@ static wc_test_ret_t curve25519_overflow_test(void)
     curve25519_key userA;
 
     wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
+#ifdef WOLFSSL_CURVE25519_BLINDING
+    wc_curve25519_set_rng(&userA, rng);
+#endif
+    (void)rng;
 
     for (i = 0; i < X25519_TEST_CNT; i++) {
         if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i],
@@ -34587,19 +35567,19 @@ static wc_test_ret_t curve25519_check_public_test(void)
     /* Parameter checks */
     /* NULL pointer */
     ret = wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         return WC_TEST_RET_ENC_EC(ret);
     }
     ret = wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN);
-    if (ret != BAD_FUNC_ARG) {
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
         return WC_TEST_RET_ENC_EC(ret);
     }
     /* Length of 0 treated differently to other invalid lengths for TLS */
     ret = wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Length not CURVE25519_KEYSIZE */
@@ -34607,11 +35587,11 @@ static wc_test_ret_t curve25519_check_public_test(void)
         if (i == CURVE25519_KEYSIZE)
             continue;
         if (wc_curve25519_check_public(good, (word32)i, EC25519_LITTLE_ENDIAN) !=
-                                                                ECC_BAD_ARG_E) {
+                WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
             return WC_TEST_RET_ENC_I(i);
         }
         if (wc_curve25519_check_public(good, (word32)i, EC25519_BIG_ENDIAN) !=
-                                                                ECC_BAD_ARG_E) {
+                WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
             return WC_TEST_RET_ENC_I(i);
         }
     }
@@ -34724,6 +35704,162 @@ static wc_test_ret_t curve255519_der_test(void)
         ret = WC_TEST_RET_ENC_NC;
     }
 
+
+    /* Test decode/encode of Curve25519 private key (only) using generic API */
+    if (ret == 0) {
+        /* clear key, since generic API will try to decode all fields */
+        XMEMSET(&key, 0, sizeof(key));
+
+        idx = 0;
+        ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key,
+            (word32)sizeof(kCurve25519PrivDer));
+        if (ret < 0) {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+    }
+    if (ret == 0) {
+        outputSz = (word32)sizeof(output);
+        ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1);
+        if (ret >= 0) {
+            outputSz = (word32)ret;
+            ret = 0;
+        }
+        else {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+    }
+    if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
+                    XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
+        ret = WC_TEST_RET_ENC_NC;
+    }
+
+    /* Test decode/encode of Curve25519 public key (only) using generic API */
+    if (ret == 0) {
+        /* clear key, since generic API will try to decode all fields */
+        XMEMSET(&key, 0, sizeof(key));
+        idx = 0;
+        ret = wc_Curve25519KeyDecode(kCurve25519PubDer, &idx, &key,
+            (word32)sizeof(kCurve25519PubDer));
+        if (ret < 0) {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+    }
+    if (ret == 0) {
+        outputSz = (word32)sizeof(output);
+        ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1);
+        if (ret >= 0) {
+            outputSz = (word32)ret;
+            ret = 0;
+        }
+        else {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+    }
+    if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) ||
+                    XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
+        ret = WC_TEST_RET_ENC_NC;
+    }
+
+    /* Test decode/encode key data containing both public and private fields */
+    if (ret == 0) {
+        XMEMSET(&key, 0 , sizeof(key));
+
+        /* Decode public key */
+        idx = 0;
+        ret = wc_Curve25519KeyDecode(kCurve25519PubDer, &idx, &key,
+            (word32)sizeof(kCurve25519PubDer));
+        if (ret < 0) {
+            ret = WC_TEST_RET_ENC_EC(ret);
+        }
+        if (ret == 0) {
+            /* Decode private key */
+            idx = 0;
+            ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key,
+                (word32)sizeof(kCurve25519PrivDer));
+            if (ret < 0) {
+                ret = WC_TEST_RET_ENC_EC(ret);
+            }
+        }
+        /* Both public and private flags should be set */
+        if ((ret == 0) && (!key.pubSet && !key.privSet)) {
+            ret = WC_TEST_RET_ENC_NC;
+        }
+        if (ret == 0) {
+            /* Export key to temporary DER */
+            outputSz = (word32)sizeof(output);
+            ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1);
+            if (ret >= 0) {
+                outputSz = (word32)ret;
+                ret = 0;
+            }
+            else {
+                ret = WC_TEST_RET_ENC_EC(ret);
+            }
+
+            /* Re-import temporary DER */
+            if (ret == 0) {
+                idx = 0;
+                ret = wc_Curve25519KeyDecode(output, &idx, &key, sizeof(output));
+                if (ret < 0) {
+                    ret = WC_TEST_RET_ENC_EC(ret);
+                }
+            }
+
+            /* Ensure public and private keys survived combined keypair
+             * export/import by re-exporting DER for private and public keys,
+             * individually, and re-checking output against known good vectors.
+             * This is slightly circuitous but does test the functionality
+             * without requiring the addition of new test keys */
+            if (ret == 0) {
+                idx = 0;
+                ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx,
+                                      &key, (word32)sizeof(kCurve25519PrivDer));
+                if (ret < 0)
+                    ret = WC_TEST_RET_ENC_EC(ret);
+            }
+            if (ret == 0) {
+                outputSz = (word32)sizeof(output);
+                ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz);
+                if (ret >= 0) {
+                    outputSz = (word32)ret;
+                    ret = 0;
+                }
+                else {
+                    ret = WC_TEST_RET_ENC_EC(ret);
+                }
+            }
+            if ((ret == 0) &&
+                (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
+                 XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
+                ret = WC_TEST_RET_ENC_NC;
+            }
+            if (ret == 0) {
+                idx = 0;
+                ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx,
+                                       &key, (word32)sizeof(kCurve25519PubDer));
+                if (ret < 0)
+                    ret = WC_TEST_RET_ENC_EC(ret);
+            }
+            if (ret == 0) {
+                outputSz = (word32)sizeof(output);
+                ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1);
+                if (ret >= 0) {
+                    outputSz = (word32)ret;
+                    ret = 0;
+                }
+                else {
+                    ret = WC_TEST_RET_ENC_EC(ret);
+                }
+            }
+            if ((ret == 0) &&
+                (outputSz != (word32)sizeof(kCurve25519PubDer) ||
+                 XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
+                ret = WC_TEST_RET_ENC_NC;
+            }
+        }
+
+    }
+
     wc_curve25519_free(&key);
 
     return ret;
@@ -34743,7 +35879,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     byte    exportBuf[32];
 #endif
     word32  x = 0;
-    curve25519_key userA, userB, pubKey;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    curve25519_key *userA = NULL, *userB = NULL, *pubKey = NULL;
+#else
+    curve25519_key userA[1], userB[1], pubKey[1];
+#endif
 
 #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
                                              defined(HAVE_CURVE25519_KEY_IMPORT)
@@ -34795,6 +35935,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     (void)x;
     WOLFSSL_ENTER("curve25519_test");
 
+    /* wc_FreeRng is always called on exit. Therefore wc_InitRng should be
+     * called before any exit goto's */
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
 #else
@@ -34803,52 +35945,68 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
-    wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
-    wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    userA = wc_curve25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    userB = wc_curve25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    pubKey = wc_curve25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+#else
+    wc_curve25519_init_ex(userA, HEAP_HINT, devId);
+    wc_curve25519_init_ex(userB, HEAP_HINT, devId);
+    wc_curve25519_init_ex(pubKey, HEAP_HINT, devId);
+#endif
+#ifdef WOLFSSL_CURVE25519_BLINDING
+    wc_curve25519_set_rng(userA, &rng);
+    wc_curve25519_set_rng(userB, &rng);
+#endif
 
     /* make curve25519 keys */
-    ret = wc_curve25519_make_key(&rng, 32, &userA);
+    ret = wc_curve25519_make_key(&rng, 32, userA);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
-    ret = wc_curve25519_make_key(&rng, 32, &userB);
+    ret = wc_curve25519_make_key(&rng, 32, userB);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
 #ifdef HAVE_CURVE25519_SHARED_SECRET
     /* find shared secret key */
     x = sizeof(sharedA);
-    if ((ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x)) != 0) {
+    if ((ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x)) != 0) {
         printf("wc_curve25519_shared_secret 1 failed\n");
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
     }
 
     y = sizeof(sharedB);
-    if ((ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y)) != 0) {
+    if ((ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y)) != 0) {
         printf("wc_curve25519_shared_secret 2 failed\n");
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
     }
 
     /* compare shared secret keys to test they are the same */
     if (y != x)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     if (XMEMCMP(sharedA, sharedB, x))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 #endif
 
 #ifdef HAVE_CURVE25519_KEY_EXPORT
     /* export a public key and import it for another user */
     x = sizeof(exportBuf);
-    ret = wc_curve25519_export_public(&userA, exportBuf, &x);
+    ret = wc_curve25519_export_public(userA, exportBuf, &x);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
 #ifdef HAVE_CURVE25519_KEY_IMPORT
-    ret = wc_curve25519_import_public(exportBuf, x, &pubKey);
+    ret = wc_curve25519_import_public(exportBuf, x, pubKey);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 #endif
 #endif
 
@@ -34857,97 +36015,108 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     /* test shared key after importing a public key */
     XMEMSET(sharedB, 0, sizeof(sharedB));
     y = sizeof(sharedB);
-    if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) {
-        return WC_TEST_RET_ENC_NC;
+    if (wc_curve25519_shared_secret(userB, pubKey, sharedB, &y) != 0) {
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
     }
 
     if (XMEMCMP(sharedA, sharedB, y))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     /* import RFC test vectors and compare shared key */
     ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
-                                           &userA);
+                                           userA);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     ret = wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb),
-                                           &userB);
+                                           userB);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     /* test against known test vector */
     XMEMSET(sharedB, 0, sizeof(sharedB));
     y = sizeof(sharedB);
-    ret = wc_curve25519_shared_secret(&userA, &userB, sharedB, &y);
+    ret = wc_curve25519_shared_secret(userA, userB, sharedB, &y);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     if (XMEMCMP(ss, sharedB, y))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     /* test swapping roles of keys and generating same shared key */
     XMEMSET(sharedB, 0, sizeof(sharedB));
     y = sizeof(sharedB);
-    ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
+    ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     if (XMEMCMP(ss, sharedB, y))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     /* test with 1 generated key and 1 from known test vector */
     ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
-                                           &userA);
+                                           userA);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
-    wc_curve25519_free(&userB);
-    wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
+    wc_curve25519_free(userB);
+    wc_curve25519_init_ex(userB, HEAP_HINT, devId);
+#ifdef WOLFSSL_CURVE25519_BLINDING
+    wc_curve25519_set_rng(userB, &rng);
+#endif
 
-    ret = wc_curve25519_make_key(&rng, 32, &userB);
+    ret = wc_curve25519_make_key(&rng, 32, userB);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     x = sizeof(sharedA);
-    ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x);
+    ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     y = sizeof(sharedB);
-    ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
+    ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     /* compare shared secret keys to test they are the same */
     if (y != x)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     if (XMEMCMP(sharedA, sharedB, x))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
-    ret = curve25519_overflow_test();
+    ret = curve25519_overflow_test(&rng);
     if (ret != 0)
-        return ret;
+        goto cleanup;
     ret = curve25519_check_public_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
 #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
 
 #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
     defined(HAVE_CURVE25519_KEY_IMPORT)
     ret = curve255519_der_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
 #endif
 
+cleanup:
+
     /* clean up keys when done */
-    wc_curve25519_free(&pubKey);
-    wc_curve25519_free(&userB);
-    wc_curve25519_free(&userA);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_curve25519_delete(pubKey, &pubKey);
+    wc_curve25519_delete(userB, &userB);
+    wc_curve25519_delete(userA, &userA);
+#else
+    wc_curve25519_free(pubKey);
+    wc_curve25519_free(userB);
+    wc_curve25519_free(userA);
+#endif
 
     wc_FreeRng(&rng);
 
-    return 0;
+    return ret;
 }
 #endif /* HAVE_CURVE25519 */
 
@@ -35166,14 +36335,14 @@ static wc_test_ret_t ed25519_test_check_key(void)
 
     /* Load bad public key only and perform checks. */
     ret = wc_ed25519_import_public(key_bad_y, ED25519_PUB_KEY_SIZE + 1, &key);
-    if (ret != PUBLIC_KEY_E) {
+    if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
         res = WC_TEST_RET_ENC_NC;
     }
     if (res == 0) {
         /* Load bad public key only and perform checks. */
         ret = wc_ed25519_import_public(key_bad_y_max, ED25519_PUB_KEY_SIZE + 1,
             &key);
-        if (ret != PUBLIC_KEY_E) {
+        if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
             res = WC_TEST_RET_ENC_NC;
         }
     }
@@ -35181,7 +36350,7 @@ static wc_test_ret_t ed25519_test_check_key(void)
         /* Load bad public key only and perform checks. */
         ret = wc_ed25519_import_public(key_bad_y_is_p, ED25519_PUB_KEY_SIZE + 1,
             &key);
-        if (ret != PUBLIC_KEY_E) {
+        if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
             res = WC_TEST_RET_ENC_NC;
         }
     }
@@ -35466,8 +36635,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
 #endif /* HAVE_ED25519_VERIFY */
 #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
     word32 keySz, sigSz;
-    ed25519_key key;
-    ed25519_key key2;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    ed25519_key* key = NULL;
+    ed25519_key* key2 = NULL;
+#else
+    ed25519_key  key[1];
+    ed25519_key  key2[1];
+#endif
+
 
 #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
     defined(HAVE_ED25519_KEY_IMPORT)
@@ -35848,8 +37024,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
 #endif /* NO_ASN */
 #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
 #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
-    ed25519_key key3;
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    ed25519_key* key3 = NULL;
+    #else
+    ed25519_key  key3[1];
+    #endif
 #endif
+
     WOLFSSL_ENTER("ed25519_test");
 
     /* create ed25519 keys */
@@ -35861,95 +37042,121 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
-    wc_ed25519_init_ex(&key, HEAP_HINT, devId);
-    wc_ed25519_init_ex(&key2, HEAP_HINT, devId);
-#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
-    wc_ed25519_init_ex(&key3, HEAP_HINT, devId);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    key =  wc_ed25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    key2 = wc_ed25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
+    key3 = wc_ed25519_new(HEAP_HINT, devId, &ret);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    #endif
+#else
+    ret = wc_ed25519_init_ex(key, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    ret = wc_ed25519_init_ex(key2, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
+    ret = wc_ed25519_init_ex(key3, HEAP_HINT, devId);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    #endif
 #endif
+
 #ifdef HAVE_ED25519_MAKE_KEY
-    wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
-    wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
+    ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+    ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key2);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 #endif
 
     /* helper functions for signature and key size */
-    keySz = (word32)wc_ed25519_size(&key);
-    sigSz = (word32)wc_ed25519_sig_size(&key);
+    keySz = (word32)wc_ed25519_size(key);
+    sigSz = (word32)wc_ed25519_sig_size(key);
 
-#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
+#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
         defined(HAVE_ED25519_KEY_IMPORT)
     for (i = 0; i < 6; i++) {
         outlen = sizeof(out);
         XMEMSET(out, 0, sizeof(out));
 
         if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
-                pKeySz[i], &key) != 0)
-            return WC_TEST_RET_ENC_I(i);
+                pKeySz[i], key) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
-        if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
         if (XMEMCMP(out, sigs[i], 64))
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
 #if defined(HAVE_ED25519_VERIFY)
         /* test verify on good msg */
         if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
-                    &key) != 0 || verify != 1)
-            return WC_TEST_RET_ENC_I(i);
+                    key) != 0 || verify != 1)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
 #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
         /* test verify on good msg using streaming interface directly */
         if (wc_ed25519_verify_msg_init(out, outlen,
-                                       &key, (byte)Ed25519, NULL, 0) != 0)
-            return WC_TEST_RET_ENC_I(i);
+                                       key, (byte)Ed25519, NULL, 0) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
         for (j = 0; j < msgSz[i]; j += i) {
-            if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), &key) != 0)
-                return WC_TEST_RET_ENC_I(i);
+            if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0)
+                ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
         }
         if (wc_ed25519_verify_msg_final(out, outlen, &verify,
-                                        &key) != 0 || verify != 1)
-            return WC_TEST_RET_ENC_I(i);
+                                        key) != 0 || verify != 1)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
 
         /* test verify on bad msg */
         out[outlen-1] = out[outlen-1] + 1;
         if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
-                    &key) == 0 || verify == 1)
-            return WC_TEST_RET_ENC_I(i);
+                    key) == 0 || verify == 1)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 #endif /* HAVE_ED25519_VERIFY */
 
         /* test api for import/exporting keys */
         exportPSz = sizeof(exportPKey);
         exportSSz = sizeof(exportSKey);
-        if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_export_public(key, exportPKey, &exportPSz) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
-        if (wc_ed25519_import_public_ex(exportPKey, exportPSz, &key2, 1) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_import_public_ex(exportPKey, exportPSz, key2, 1) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
-        if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_export_private_only(key, exportSKey, &exportSSz) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
         if (wc_ed25519_import_private_key(exportSKey, exportSSz,
-                                          exportPKey, exportPSz, &key2) != 0)
-            return WC_TEST_RET_ENC_I(i);
+                                          exportPKey, exportPSz, key2) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
         /* clear "out" buffer and test sign with imported keys */
         outlen = sizeof(out);
         XMEMSET(out, 0, sizeof(out));
-        if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
-            return WC_TEST_RET_ENC_I(i);
+        if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key2) != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
 #if defined(HAVE_ED25519_VERIFY)
         if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
-                                  &key2) != 0 || verify != 1)
-            return WC_TEST_RET_ENC_I(i);
+                                  key2) != 0 || verify != 1)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 
         if (XMEMCMP(out, sigs[i], 64))
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup);
 #endif /* HAVE_ED25519_VERIFY */
     }
 
+#ifdef HAVE_ED25519_VERIFY
     {
         /* Run tests for some rare code paths */
         /* sig is exactly equal to the order */
@@ -35998,106 +37205,134 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
         };
 
         ret = wc_ed25519_import_private_key(sKeys[0], ED25519_KEY_SIZE,
-                pKeys[0], pKeySz[0], &key);
+                pKeys[0], pKeySz[0], key);
         if (ret != 0)
-            return ret;
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
         ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msgs[0], msgSz[0],
-                &verify, &key);
-        if (ret != BAD_FUNC_ARG)
-            return ret;
+                &verify, key);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
         ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msgs[0], msgSz[0],
-                &verify, &key);
-        if (ret != BAD_FUNC_ARG)
-            return ret;
+                &verify, key);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
         ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msgs[0], msgSz[0],
-                &verify, &key);
-        if (ret != BAD_FUNC_ARG)
-            return ret;
+                &verify, key);
+        if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
         ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msgs[0], msgSz[0],
-                &verify, &key);
-        if (ret != SIG_VERIFY_E)
-            return ret;
+                &verify, key);
+        if (ret != WC_NO_ERR_TRACE(SIG_VERIFY_E))
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
     }
+#endif /* HAVE_ED25519_VERIFY */
 
     ret = ed25519ctx_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
 
     ret = ed25519ph_test();
     if (ret != 0)
-        return ret;
+        goto cleanup;
 
 #ifndef NO_ASN
     /* Try ASN.1 encoded private-only key and public key. */
     idx = 0;
-    ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
+    ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, key3,
                                      sizeof(privateEd25519));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     idx = 0;
-    if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, &key3,
+    if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, key3,
                                    sizeof(badPrivateEd25519)) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
-    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
-    if (ret != BAD_FUNC_ARG)
-        return WC_TEST_RET_ENC_EC(ret);
+    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3);
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     /* try with a buffer size that is too large */
     idx = 0;
-    if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, &key3,
+    if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, key3,
                                   sizeof(badPublicEd25519)) == 0)
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
     idx = 0;
-    ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
+    ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, key3,
                                     sizeof(publicEd25519));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
-    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
+    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     if (XMEMCMP(out, sigs[0], 64))
-        return WC_TEST_RET_ENC_NC;
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 
 #if defined(HAVE_ED25519_VERIFY)
     /* test verify on good msg */
-    ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3);
+    ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3);
     if (ret != 0 || verify != 1)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
 #endif /* HAVE_ED25519_VERIFY */
 
-    wc_ed25519_free(&key3);
-    wc_ed25519_init(&key3);
+    wc_ed25519_free(key3);
+    wc_ed25519_init_ex(key3, HEAP_HINT, devId);
 
     idx = 0;
-    ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
+    ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, key3,
                                      sizeof(privPubEd25519));
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
-    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
+    ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3);
     if (ret != 0)
-        return WC_TEST_RET_ENC_EC(ret);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
 
     if (XMEMCMP(out, sigs[0], 64))
-        return WC_TEST_RET_ENC_NC;
-
-    wc_ed25519_free(&key3);
+        ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup);
 #endif /* NO_ASN */
 #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
 
+#if defined(HAVE_ED25519_KEY_IMPORT)
+    ret = ed25519_test_check_key();
+    if (ret < 0)
+        goto cleanup;
+#endif
+#ifdef WOLFSSL_TEST_CERT
+    ret = ed25519_test_cert();
+    if (ret < 0)
+        goto cleanup;
+#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY)
+    ret = ed25519_test_make_cert();
+    if (ret < 0)
+        goto cleanup;
+#endif /* WOLFSSL_CERT_GEN */
+#endif /* WOLFSSL_TEST_CERT */
+
+cleanup:
+
     /* clean up keys when done */
-    wc_ed25519_free(&key);
-    wc_ed25519_free(&key2);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+    wc_ed25519_delete(key, &key);
+    wc_ed25519_delete(key2, &key2);
+#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
+    wc_ed25519_delete(key3, &key3);
+#endif
+#else
+    wc_ed25519_free(key);
+    wc_ed25519_free(key2);
+#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
+    wc_ed25519_free(key3);
+#endif
+#endif
 
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
     wc_FreeRng(&rng);
@@ -36107,21 +37342,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
     (void)keySz;
     (void)sigSz;
 
-    ret = ed25519_test_check_key();
-    if (ret < 0)
-        return ret;
-#ifdef WOLFSSL_TEST_CERT
-    ret = ed25519_test_cert();
-    if (ret < 0)
-        return ret;
-#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY)
-    ret = ed25519_test_make_cert();
-    if (ret < 0)
-        return ret;
-#endif /* WOLFSSL_CERT_GEN */
-#endif /* WOLFSSL_TEST_CERT */
-
-    return 0;
+    return ret;
 }
 #endif /* HAVE_ED25519 */
 
@@ -36192,17 +37413,17 @@ static wc_test_ret_t curve448_check_public_test(void)
     /* Parameter checks */
     /* NULL pointer */
     ret = wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* Length of 0 treated differently to other invalid lengths for TLS */
     ret = wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Length not CURVE448_KEY_SIZE */
@@ -36210,11 +37431,11 @@ static wc_test_ret_t curve448_check_public_test(void)
         if (i == CURVE448_KEY_SIZE)
             continue;
         if (wc_curve448_check_public(good, (word32)i, EC448_LITTLE_ENDIAN) !=
-                                                                ECC_BAD_ARG_E) {
+                WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
             return WC_TEST_RET_ENC_I(i);
         }
         if (wc_curve448_check_public(good, (word32)i, EC448_BIG_ENDIAN) !=
-                                                                ECC_BAD_ARG_E) {
+                WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
             return WC_TEST_RET_ENC_I(i);
         }
     }
@@ -36696,14 +37917,14 @@ static wc_test_ret_t ed448_test_check_key(void)
 
     /* Load bad public key only and perform checks. */
     ret = wc_ed448_import_public(key_bad_y, ED448_PUB_KEY_SIZE + 1, &key);
-    if (ret != PUBLIC_KEY_E) {
+    if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
         res = WC_TEST_RET_ENC_NC;
     }
     if (ret == 0) {
         /* Load bad public key only and perform checks. */
         ret = wc_ed448_import_public(key_bad_y_max, ED448_PUB_KEY_SIZE + 1,
             &key);
-        if (ret != PUBLIC_KEY_E) {
+        if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
             res = WC_TEST_RET_ENC_NC;
         }
     }
@@ -36711,7 +37932,7 @@ static wc_test_ret_t ed448_test_check_key(void)
         /* Load bad public key only and perform checks. */
         ret = wc_ed448_import_public(key_bad_y_is_p, ED448_PUB_KEY_SIZE + 1,
             &key);
-        if (ret != PUBLIC_KEY_E) {
+        if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
             res = WC_TEST_RET_ENC_NC;
         }
     }
@@ -37570,15 +38791,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
 
         /* test api for import/exporting keys */
         {
-            byte   *exportPKey = NULL;
-            byte   *exportSKey = NULL;
             word32 exportPSz = ED448_KEY_SIZE;
             word32 exportSSz = ED448_KEY_SIZE;
+#ifdef WOLFSSL_NO_MALLOC
+            byte   exportPKey[exportPSz];
+            byte   exportSKey[exportSSz];
+#else
+            byte   *exportPKey = NULL;
+            byte   *exportSKey = NULL;
 
             exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-            if ((exportPKey == NULL) || (exportSKey == NULL))
+            if ((exportPKey == NULL) || (exportSKey == NULL)) {
+                XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+                XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
                 ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+            }
+#endif
 
             ret = 0;
 
@@ -37614,8 +38843,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
                 }
             } while(0);
 
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
 
             if (ret != 0)
                 goto out;
@@ -37648,7 +38879,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     idx = 0;
@@ -37729,9 +38960,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
     (void)keySz;
     (void)sigSz;
 
+#if defined(HAVE_ED448_KEY_IMPORT)
     ret = ed448_test_check_key();
     if (ret < 0)
         return ret;
+#endif
 #ifdef WOLFSSL_TEST_CERT
     ret = ed448_test_cert();
     if (ret < 0)
@@ -37747,26 +38980,38 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
 }
 #endif /* HAVE_ED448 */
 
-#ifdef WOLFSSL_HAVE_KYBER
-#ifdef WOLFSSL_WC_KYBER /* OQS and PQM4 do not support KATs */
-#ifdef WOLFSSL_KYBER512
-static wc_test_ret_t kyber512_kat(void)
+#ifdef WOLFSSL_HAVE_MLKEM
+#ifdef WOLFSSL_WC_MLKEM /* OQS does not support KATs */
+#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512)
+static wc_test_ret_t mlkem512_kat(void)
 {
     wc_test_ret_t ret;
 #ifdef WOLFSSL_SMALL_STACK
-    KyberKey *key = NULL;
+    MlKemKey *key = NULL;
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     byte *priv = NULL;
     byte *pub = NULL;
+#endif
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     byte *ct = NULL;
     byte *ss = NULL;
+#endif
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
     byte *ss_dec = NULL;
+#endif
 #else
-    KyberKey key[1];
+    MlKemKey key[1];
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     byte priv[KYBER512_PRIVATE_KEY_SIZE];
     byte pub[KYBER512_PUBLIC_KEY_SIZE];
+#endif
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     byte ct[KYBER512_CIPHER_TEXT_SIZE];
     byte ss[KYBER_SS_SZ];
+#endif
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
     byte ss_dec[KYBER_SS_SZ];
+#endif
 #endif
     int key_inited = 0;
     WOLFSSL_SMALL_STACK_STATIC const byte kyber512_rand[] = {
@@ -37785,6 +39030,7 @@ static wc_test_ret_t kyber512_kat(void)
         0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
         0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
     };
+#ifdef WOLFSSL_MLKEM_KYBER
     WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = {
         0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB,
         0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05,
@@ -37887,6 +39133,112 @@ static wc_test_ret_t kyber512_kat(void)
         0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
         0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_pk[] = {
+        0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa,
+        0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57,
+        0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
+        0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78,
+        0x96, 0xac, 0xf1, 0x26, 0x2c, 0x81, 0x35, 0x10,
+        0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
+        0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c,
+        0x0b, 0x9b, 0x58, 0x19, 0x92, 0x63, 0x8c, 0xb7,
+        0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
+        0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9,
+        0x88, 0x72, 0x2c, 0x36, 0x35, 0x42, 0x3e, 0x27,
+        0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
+        0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c,
+        0x5c, 0x90, 0x35, 0xbb, 0x0a, 0xf2, 0xc9, 0x92,
+        0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
+        0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5,
+        0x9e, 0x91, 0x36, 0xb3, 0x9f, 0x95, 0x6c, 0x93,
+        0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
+        0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7,
+        0x6b, 0xbf, 0x92, 0xc8, 0x05, 0x45, 0x66, 0x68,
+        0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
+        0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55,
+        0x6e, 0xb9, 0x77, 0x82, 0xe2, 0x7a, 0x3c, 0x78,
+        0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
+        0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b,
+        0xa9, 0xe1, 0x59, 0x9b, 0x17, 0xb3, 0x0d, 0xcc,
+        0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
+        0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72,
+        0xc2, 0xb9, 0xc9, 0x74, 0x43, 0x94, 0xc6, 0xab,
+        0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
+        0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83,
+        0x2e, 0xe3, 0x2a, 0x07, 0x65, 0x4a, 0x07, 0x0c,
+        0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
+        0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b,
+        0x3f, 0x97, 0x51, 0x92, 0x3e, 0x44, 0x27, 0x4f,
+        0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
+        0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50,
+        0x97, 0xca, 0xd9, 0x55, 0x3f, 0x5a, 0x26, 0x3f,
+        0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
+        0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57,
+        0xa3, 0x15, 0x3c, 0x0a, 0x5e, 0x0a, 0x1c, 0xcd,
+        0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
+        0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88,
+        0x08, 0xca, 0xc3, 0x7f, 0x7d, 0xa6, 0xb1, 0x6f,
+        0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
+        0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32,
+        0x86, 0xcc, 0xc7, 0xc3, 0x74, 0x9c, 0x63, 0xc7,
+        0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
+        0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88,
+        0x1e, 0xc1, 0x41, 0x2b, 0xda, 0xe3, 0x42, 0x08,
+        0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
+        0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62,
+        0xcb, 0x2a, 0x15, 0x5a, 0x10, 0x03, 0x09, 0xd1,
+        0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
+        0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10,
+        0xc1, 0x08, 0xf8, 0x50, 0x30, 0x95, 0x04, 0xd7,
+        0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
+        0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb,
+        0x25, 0x5e, 0xe7, 0xa6, 0xa0, 0xa7, 0x53, 0xbd,
+        0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
+        0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69,
+        0x11, 0x3c, 0xc0, 0x13, 0xff, 0x74, 0x94, 0xba,
+        0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
+        0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58,
+        0x9d, 0x57, 0xe3, 0x22, 0xfe, 0xfa, 0x41, 0x00,
+        0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
+        0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8,
+        0x9c, 0xb1, 0x0b, 0x27, 0x1a, 0xa0, 0x5d, 0x99,
+        0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
+        0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0,
+        0x88, 0x3d, 0xa2, 0x06, 0x4f, 0x79, 0x5e, 0x0e,
+        0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
+        0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c,
+        0xa8, 0x01, 0xe5, 0x9f, 0xd7, 0x52, 0xca, 0x6e,
+        0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
+        0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb,
+        0x26, 0x0c, 0x92, 0x9a, 0x13, 0x44, 0xa8, 0x49,
+        0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
+        0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71,
+        0x44, 0x64, 0x03, 0x1a, 0x78, 0x43, 0x92, 0x87,
+        0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
+        0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c,
+        0xca, 0x90, 0x1b, 0x2a, 0xea, 0x12, 0x98, 0x17,
+        0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
+        0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5,
+        0x46, 0x71, 0x86, 0x2d, 0x90, 0x47, 0x0b, 0x1e,
+        0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
+        0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb,
+        0xcc, 0xe1, 0xdb, 0x77, 0x02, 0xea, 0x9d, 0xd6,
+        0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
+        0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85,
+        0x11, 0xf6, 0x6c, 0x3e, 0x0b, 0x92, 0x8d, 0xb8,
+        0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
+        0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3,
+        0xb2, 0x75, 0x91, 0xc8, 0x21, 0x92, 0x90, 0x76,
+        0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
+        0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0,
+        0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42,
+        0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
+        0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39
+    };
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = {
         0x6C, 0x89, 0x2B, 0x02, 0x97, 0xA9, 0xC7, 0x64,
         0x14, 0x93, 0xF8, 0x7D, 0xAF, 0x35, 0x33, 0xEE,
@@ -38093,8 +39445,217 @@ static wc_test_ret_t kyber512_kat(void)
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_sk[] = {
+        0x9c, 0xda, 0x16, 0x86, 0xa3, 0x39, 0x6a, 0x7c,
+        0x10, 0x9b, 0x41, 0x52, 0x89, 0xf5, 0x6a, 0x9e,
+        0xc4, 0x4c, 0xd5, 0xb9, 0xb6, 0x74, 0xc3, 0x8a,
+        0x3b, 0xba, 0xb3, 0x0a, 0x2c, 0x90, 0xf0, 0x04,
+        0x37, 0xa2, 0x64, 0xb0, 0xbe, 0x9a, 0x1e, 0x8b,
+        0xa8, 0x87, 0xd3, 0xc3, 0xb1, 0x00, 0x89, 0x80,
+        0x54, 0x27, 0x2f, 0x94, 0x1c, 0x88, 0xa1, 0xf2,
+        0x08, 0xf1, 0xc9, 0x14, 0xf9, 0x64, 0xc1, 0xaa,
+        0xd6, 0x13, 0xa6, 0xa8, 0x4f, 0x88, 0xe4, 0x2d,
+        0x35, 0x56, 0x83, 0x5f, 0xb1, 0x61, 0xfd, 0xc5,
+        0xcd, 0x15, 0xa3, 0xbc, 0x7e, 0x74, 0xb6, 0xf2,
+        0x61, 0x2f, 0xa8, 0x27, 0x1c, 0x7e, 0xa1, 0x12,
+        0xb0, 0x5c, 0x2a, 0x36, 0xcc, 0x70, 0x7c, 0xe3,
+        0x8d, 0x5d, 0x1a, 0xcc, 0x51, 0x15, 0x46, 0x2a,
+        0x8c, 0x1a, 0xab, 0xf0, 0x72, 0x76, 0xc7, 0x23,
+        0x18, 0x33, 0x7f, 0x74, 0xb5, 0xcb, 0xef, 0xea,
+        0x7a, 0x80, 0x37, 0x90, 0xbc, 0x03, 0x93, 0xf3,
+        0xa5, 0x4c, 0x72, 0x4a, 0x57, 0x65, 0xa4, 0x8f,
+        0x29, 0x6b, 0x03, 0xf4, 0x84, 0x37, 0x60, 0x23,
+        0x62, 0x69, 0x30, 0x22, 0x27, 0x04, 0xc0, 0x8f,
+        0xd3, 0xbc, 0x72, 0x93, 0x15, 0xd1, 0xfc, 0x70,
+        0xeb, 0x79, 0x75, 0xa9, 0x7b, 0x9d, 0xee, 0xd1,
+        0x62, 0xf4, 0x86, 0xbb, 0xc6, 0x4a, 0x09, 0x71,
+        0x11, 0x95, 0x2d, 0x89, 0xb5, 0x7d, 0x76, 0x5e,
+        0x8a, 0x99, 0x1a, 0x2e, 0x56, 0x42, 0x06, 0xea,
+        0x7b, 0xf5, 0xe4, 0x00, 0x7a, 0x66, 0x35, 0x88,
+        0x31, 0xca, 0x0e, 0x34, 0xb2, 0xf6, 0xa8, 0x4d,
+        0x10, 0xf7, 0x9c, 0x47, 0x7c, 0xb6, 0x6a, 0x8a,
+        0x95, 0x25, 0x69, 0x36, 0x73, 0x88, 0x13, 0x0d,
+        0x7b, 0x97, 0x4a, 0x63, 0xaa, 0x51, 0x99, 0x6c,
+        0x97, 0x70, 0x9b, 0xb8, 0xea, 0xbc, 0x94, 0xe6,
+        0xa5, 0x35, 0xd7, 0x92, 0xd2, 0x90, 0x54, 0x74,
+        0x95, 0x2d, 0x6b, 0x8c, 0x22, 0x22, 0xb2, 0xae,
+        0x56, 0xdc, 0x66, 0xfb, 0x04, 0x61, 0x19, 0x20,
+        0x66, 0xcd, 0xdb, 0x43, 0xec, 0x05, 0x98, 0x4f,
+        0xb4, 0x98, 0x26, 0x49, 0x77, 0x13, 0x97, 0xc6,
+        0xa8, 0x37, 0x9f, 0x3b, 0x56, 0x43, 0x06, 0x98,
+        0x48, 0x87, 0x59, 0x19, 0xe8, 0x9c, 0xc4, 0x39,
+        0xa3, 0xbe, 0x2f, 0x08, 0x14, 0x90, 0xf3, 0x41,
+        0xbd, 0x12, 0x40, 0xad, 0xd8, 0x0d, 0xdb, 0x8c,
+        0x99, 0x63, 0xb4, 0x7a, 0x2a, 0x09, 0x92, 0x29,
+        0x03, 0x38, 0xda, 0x9c, 0x3b, 0x72, 0x5c, 0x6d,
+        0xa4, 0x47, 0x18, 0xc0, 0x10, 0x46, 0x81, 0x25,
+        0x62, 0xaf, 0xb0, 0x84, 0x83, 0x7a, 0xcb, 0x3c,
+        0x57, 0x5e, 0x4f, 0x93, 0x93, 0x6c, 0x35, 0x2a,
+        0xc0, 0xe7, 0x0a, 0xa3, 0x84, 0x5e, 0xe4, 0x85,
+        0x29, 0x6e, 0x6b, 0x02, 0xde, 0x0b, 0x47, 0xb5,
+        0xc4, 0xc9, 0x6b, 0x0b, 0x7c, 0xf9, 0x4c, 0x4a,
+        0xbe, 0x95, 0x48, 0x61, 0x53, 0x11, 0x8e, 0x43,
+        0xc2, 0xb9, 0xc8, 0x4d, 0x9d, 0xa9, 0x1c, 0x6c,
+        0x5a, 0xcd, 0x5a, 0x57, 0x00, 0x2d, 0x05, 0x84,
+        0x97, 0x99, 0x27, 0x99, 0xe5, 0xba, 0x1c, 0xe6,
+        0xc2, 0x5e, 0xb2, 0x98, 0x44, 0xd8, 0x58, 0xba,
+        0x1c, 0x37, 0x85, 0x0c, 0x0c, 0x2f, 0x57, 0xc6,
+        0x0d, 0xe3, 0x7f, 0x77, 0xc0, 0x82, 0xec, 0x14,
+        0x49, 0x4e, 0xba, 0x28, 0x8a, 0x65, 0x91, 0x51,
+        0x16, 0xc2, 0x0a, 0x32, 0x5d, 0xe3, 0x1a, 0xaa,
+        0xdd, 0x68, 0x0d, 0xb1, 0x9c, 0x0c, 0xfc, 0xc3,
+        0x46, 0x0f, 0x0a, 0xa0, 0x1a, 0x87, 0xa6, 0xa5,
+        0x80, 0xc6, 0xca, 0x29, 0x1f, 0xae, 0xf0, 0xcc,
+        0xc4, 0x9b, 0x76, 0xa8, 0xda, 0xc4, 0xf9, 0xd4,
+        0x16, 0x40, 0x50, 0x9d, 0xbd, 0x0b, 0x40, 0x45,
+        0xc1, 0x53, 0x0e, 0xd3, 0x47, 0x55, 0xd4, 0x74,
+        0x62, 0x70, 0x0f, 0x2a, 0x8c, 0xaf, 0x96, 0x80,
+        0xa6, 0xd7, 0xe3, 0x8a, 0x7e, 0x2a, 0x63, 0xe9,
+        0x37, 0x65, 0x0a, 0x23, 0x30, 0x6d, 0x85, 0x5d,
+        0xa2, 0xa2, 0xb7, 0xef, 0x50, 0x5c, 0xa5, 0x96,
+        0xab, 0x04, 0x85, 0x01, 0x3e, 0xa9, 0x27, 0xc7,
+        0x34, 0x23, 0x43, 0x61, 0x36, 0x43, 0xba, 0x40,
+        0x07, 0xd6, 0xc8, 0x74, 0xb9, 0x80, 0xc7, 0x9c,
+        0x3a, 0xa1, 0xc7, 0x4f, 0x85, 0x81, 0xc3, 0x48,
+        0x49, 0xb3, 0x6e, 0xa7, 0x98, 0x15, 0xfb, 0xb4,
+        0xcc, 0xf9, 0x61, 0x05, 0x83, 0x08, 0x1d, 0x7c,
+        0x5b, 0x44, 0x09, 0xb8, 0xd0, 0x53, 0x1c, 0x04,
+        0xbc, 0xaf, 0x7c, 0xc7, 0x51, 0x10, 0x3a, 0x5f,
+        0xd1, 0xba, 0x44, 0x70, 0x83, 0x3e, 0x89, 0x77,
+        0x5a, 0xde, 0xd9, 0x70, 0xb5, 0x47, 0x18, 0x59,
+        0x25, 0x0f, 0xe7, 0x26, 0x71, 0x05, 0x83, 0x5f,
+        0x39, 0x00, 0x30, 0xc5, 0xe7, 0xcd, 0x3f, 0x96,
+        0x10, 0x19, 0xea, 0xae, 0xa2, 0x37, 0x77, 0xd3,
+        0x47, 0xbb, 0x2a, 0xdc, 0xb6, 0x73, 0xc0, 0x20,
+        0x34, 0xf3, 0x94, 0x34, 0x22, 0x71, 0xbc, 0xea,
+        0x64, 0x14, 0xe5, 0x46, 0xc3, 0xb2, 0x0b, 0xd5,
+        0x74, 0x81, 0xc7, 0xea, 0x14, 0xc7, 0x7c, 0x38,
+        0x8c, 0xc8, 0x62, 0x51, 0xc1, 0x25, 0x58, 0xb1,
+        0x00, 0xf8, 0xc5, 0xb3, 0xd0, 0x3c, 0xa2, 0xc7,
+        0x07, 0x13, 0x90, 0x96, 0x59, 0xc8, 0xba, 0x26,
+        0xd0, 0xd1, 0x76, 0x5e, 0x0b, 0xc8, 0x23, 0xd6,
+        0x8c, 0xa5, 0x57, 0x0d, 0xe6, 0x00, 0xcd, 0x09,
+        0x41, 0x72, 0x5d, 0x38, 0x6e, 0x14, 0xc1, 0x01,
+        0x2d, 0xf5, 0x95, 0x1b, 0xeb, 0x8d, 0x82, 0x81,
+        0xa4, 0xf6, 0x81, 0x5d, 0x37, 0x60, 0xb7, 0x64,
+        0x29, 0x5a, 0xd0, 0x40, 0x6c, 0x2b, 0xf7, 0x92,
+        0x8a, 0xd6, 0x50, 0x32, 0xb6, 0x5f, 0x14, 0xb7,
+        0x7c, 0xcb, 0x89, 0x17, 0xc9, 0x3a, 0x29, 0xd6,
+        0x28, 0x7d, 0x8a, 0x60, 0x62, 0x39, 0x9c, 0xb6,
+        0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa,
+        0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57,
+        0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
+        0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78,
+        0x96, 0xac, 0xf1, 0x26, 0x2c, 0x81, 0x35, 0x10,
+        0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
+        0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c,
+        0x0b, 0x9b, 0x58, 0x19, 0x92, 0x63, 0x8c, 0xb7,
+        0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
+        0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9,
+        0x88, 0x72, 0x2c, 0x36, 0x35, 0x42, 0x3e, 0x27,
+        0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
+        0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c,
+        0x5c, 0x90, 0x35, 0xbb, 0x0a, 0xf2, 0xc9, 0x92,
+        0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
+        0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5,
+        0x9e, 0x91, 0x36, 0xb3, 0x9f, 0x95, 0x6c, 0x93,
+        0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
+        0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7,
+        0x6b, 0xbf, 0x92, 0xc8, 0x05, 0x45, 0x66, 0x68,
+        0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
+        0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55,
+        0x6e, 0xb9, 0x77, 0x82, 0xe2, 0x7a, 0x3c, 0x78,
+        0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
+        0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b,
+        0xa9, 0xe1, 0x59, 0x9b, 0x17, 0xb3, 0x0d, 0xcc,
+        0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
+        0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72,
+        0xc2, 0xb9, 0xc9, 0x74, 0x43, 0x94, 0xc6, 0xab,
+        0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
+        0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83,
+        0x2e, 0xe3, 0x2a, 0x07, 0x65, 0x4a, 0x07, 0x0c,
+        0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
+        0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b,
+        0x3f, 0x97, 0x51, 0x92, 0x3e, 0x44, 0x27, 0x4f,
+        0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
+        0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50,
+        0x97, 0xca, 0xd9, 0x55, 0x3f, 0x5a, 0x26, 0x3f,
+        0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
+        0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57,
+        0xa3, 0x15, 0x3c, 0x0a, 0x5e, 0x0a, 0x1c, 0xcd,
+        0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
+        0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88,
+        0x08, 0xca, 0xc3, 0x7f, 0x7d, 0xa6, 0xb1, 0x6f,
+        0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
+        0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32,
+        0x86, 0xcc, 0xc7, 0xc3, 0x74, 0x9c, 0x63, 0xc7,
+        0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
+        0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88,
+        0x1e, 0xc1, 0x41, 0x2b, 0xda, 0xe3, 0x42, 0x08,
+        0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
+        0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62,
+        0xcb, 0x2a, 0x15, 0x5a, 0x10, 0x03, 0x09, 0xd1,
+        0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
+        0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10,
+        0xc1, 0x08, 0xf8, 0x50, 0x30, 0x95, 0x04, 0xd7,
+        0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
+        0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb,
+        0x25, 0x5e, 0xe7, 0xa6, 0xa0, 0xa7, 0x53, 0xbd,
+        0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
+        0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69,
+        0x11, 0x3c, 0xc0, 0x13, 0xff, 0x74, 0x94, 0xba,
+        0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
+        0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58,
+        0x9d, 0x57, 0xe3, 0x22, 0xfe, 0xfa, 0x41, 0x00,
+        0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
+        0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8,
+        0x9c, 0xb1, 0x0b, 0x27, 0x1a, 0xa0, 0x5d, 0x99,
+        0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
+        0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0,
+        0x88, 0x3d, 0xa2, 0x06, 0x4f, 0x79, 0x5e, 0x0e,
+        0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
+        0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c,
+        0xa8, 0x01, 0xe5, 0x9f, 0xd7, 0x52, 0xca, 0x6e,
+        0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
+        0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb,
+        0x26, 0x0c, 0x92, 0x9a, 0x13, 0x44, 0xa8, 0x49,
+        0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
+        0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71,
+        0x44, 0x64, 0x03, 0x1a, 0x78, 0x43, 0x92, 0x87,
+        0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
+        0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c,
+        0xca, 0x90, 0x1b, 0x2a, 0xea, 0x12, 0x98, 0x17,
+        0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
+        0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5,
+        0x46, 0x71, 0x86, 0x2d, 0x90, 0x47, 0x0b, 0x1e,
+        0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
+        0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb,
+        0xcc, 0xe1, 0xdb, 0x77, 0x02, 0xea, 0x9d, 0xd6,
+        0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
+        0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85,
+        0x11, 0xf6, 0x6c, 0x3e, 0x0b, 0x92, 0x8d, 0xb8,
+        0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
+        0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3,
+        0xb2, 0x75, 0x91, 0xc8, 0x21, 0x92, 0x90, 0x76,
+        0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
+        0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0,
+        0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42,
+        0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
+        0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39,
+        0x50, 0xc8, 0xdd, 0x15, 0x2a, 0x45, 0x31, 0xaa,
+        0xb5, 0x60, 0xd2, 0xfc, 0x7c, 0xa9, 0xa4, 0x0a,
+        0xd8, 0xaf, 0x25, 0xad, 0x1d, 0xd0, 0x8c, 0x6d,
+        0x79, 0xaf, 0xe4, 0xdd, 0x4d, 0x1e, 0xee, 0x5a,
+        0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
+        0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
+        0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
+        0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
+    };
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = {
-#ifndef WOLFSSL_ML_KEM
         0xED, 0xF2, 0x41, 0x45, 0xE4, 0x3B, 0x4F, 0x6D,
         0xC6, 0xBF, 0x83, 0x32, 0xF5, 0x4E, 0x02, 0xCA,
         0xB0, 0x2D, 0xBF, 0x3B, 0x56, 0x05, 0xDD, 0xC9,
@@ -38191,143 +39752,162 @@ static wc_test_ret_t kyber512_kat(void)
         0x80, 0x5B, 0x9C, 0xFE, 0x8F, 0xE9, 0xB1, 0x23,
         0x7C, 0x80, 0xF9, 0x67, 0x87, 0xCD, 0x92, 0x81,
         0xCC, 0xF2, 0x70, 0xC1, 0xAF, 0xC0, 0x67, 0x0D
-#else
-        0x75, 0x49, 0x99, 0x8d, 0x46, 0x9e, 0x2e, 0x47,
-        0x90, 0x02, 0x30, 0x5b, 0x09, 0xb4, 0x4d, 0xba,
-        0xdb, 0xc2, 0x45, 0x7f, 0xfd, 0x31, 0x25, 0xf6,
-        0xd3, 0x1b, 0x0f, 0x27, 0xb8, 0x03, 0xd5, 0x81,
-        0x07, 0x1c, 0x1d, 0xc6, 0x18, 0x11, 0x96, 0xfe,
-        0x76, 0xdf, 0x78, 0xde, 0x20, 0xdd, 0xa6, 0x09,
-        0xcf, 0x1b, 0x7c, 0xb7, 0xa3, 0x52, 0xc4, 0xdd,
-        0x9c, 0x2c, 0xfc, 0x18, 0x80, 0x1f, 0x03, 0x6f,
-        0xe4, 0x0f, 0x8f, 0x7e, 0x6f, 0x3d, 0xd7, 0x3f,
-        0x38, 0x71, 0x30, 0xbe, 0x38, 0x7b, 0x17, 0x13,
-        0x41, 0x8f, 0x83, 0xd9, 0x3d, 0xc7, 0xf8, 0x07,
-        0x4a, 0x03, 0x24, 0x55, 0xc4, 0x6f, 0x85, 0x7c,
-        0x6b, 0x6b, 0x35, 0x42, 0x9c, 0x79, 0x00, 0x65,
-        0x42, 0x0d, 0x74, 0x22, 0x52, 0xee, 0x53, 0xf5,
-        0x3f, 0x6e, 0x64, 0xa9, 0xb7, 0x8a, 0x49, 0xbc,
-        0x29, 0xb8, 0xce, 0x84, 0x83, 0x1a, 0x01, 0xc3,
-        0x42, 0x9e, 0x34, 0x69, 0x60, 0xdc, 0x55, 0x95,
-        0x26, 0xd9, 0x78, 0x53, 0xc3, 0x66, 0x31, 0xb4,
-        0x77, 0x32, 0x85, 0xfa, 0xfe, 0x8e, 0x3c, 0xa4,
-        0x25, 0x5a, 0x87, 0x23, 0xae, 0x4f, 0x02, 0xdd,
-        0xd8, 0x5a, 0x47, 0x81, 0xb9, 0xf4, 0x18, 0x6d,
-        0x67, 0xa8, 0x3b, 0x5d, 0x9e, 0xdd, 0xc3, 0xae,
-        0x7c, 0xd4, 0x09, 0x6c, 0x33, 0xf4, 0xd9, 0x7f,
-        0xe0, 0x20, 0x30, 0xec, 0xb6, 0xa1, 0xa8, 0xad,
-        0x9b, 0x19, 0xd3, 0xeb, 0x32, 0xf1, 0xb8, 0xf2,
-        0x71, 0xb3, 0x03, 0x53, 0xe9, 0xe1, 0x9d, 0xd1,
-        0x83, 0xf0, 0x6b, 0x54, 0xc3, 0xcb, 0x02, 0xef,
-        0x16, 0x62, 0x82, 0x75, 0x2a, 0xa1, 0x1c, 0x81,
-        0x58, 0xe4, 0x8b, 0xbc, 0x68, 0x30, 0x17, 0x1c,
-        0xa7, 0xdd, 0xb7, 0x5a, 0x35, 0xe4, 0x6c, 0x35,
-        0x32, 0x1a, 0xbe, 0x6a, 0x74, 0x20, 0x32, 0xc7,
-        0x72, 0xa1, 0x6b, 0x3d, 0x1c, 0xdd, 0xfc, 0x6f,
-        0x28, 0x01, 0xe2, 0xb8, 0x17, 0x30, 0x2d, 0xbc,
-        0x94, 0xf3, 0x33, 0xc0, 0xcb, 0x91, 0xe1, 0xce,
-        0xbd, 0x5e, 0xc6, 0x1e, 0x49, 0xfa, 0x5a, 0x14,
-        0xaa, 0xa3, 0x93, 0x75, 0x5f, 0xc3, 0xe6, 0xf4,
-        0xb8, 0xc5, 0xc4, 0xfa, 0x4b, 0xaa, 0x07, 0xa0,
-        0x8c, 0x4f, 0x33, 0x94, 0x62, 0x63, 0x58, 0xa1,
-        0x5e, 0x69, 0x0e, 0xe1, 0xe4, 0x82, 0x9b, 0x11,
-        0x1c, 0x17, 0x24, 0x1a, 0xee, 0x37, 0xd5, 0xc8,
-        0x32, 0xf4, 0x84, 0x76, 0x88, 0xfe, 0x5b, 0x5d,
-        0x1b, 0x19, 0xe8, 0xe0, 0x4d, 0x9d, 0x19, 0x37,
-        0x00, 0x19, 0x87, 0xf3, 0xb4, 0xb8, 0x35, 0x49,
-        0xc3, 0xe5, 0x30, 0xe4, 0x11, 0x9d, 0x16, 0x4b,
-        0x20, 0xef, 0x9d, 0x3a, 0x72, 0xf7, 0x4c, 0x04,
-        0x4a, 0x97, 0x45, 0x91, 0x22, 0x8b, 0x41, 0xe6,
-        0x80, 0xec, 0x56, 0x40, 0xa9, 0x72, 0x34, 0xc2,
-        0xc6, 0x01, 0x7c, 0x95, 0xe9, 0x1b, 0xe2, 0xbd,
-        0x49, 0x85, 0x47, 0xd5, 0x7a, 0x52, 0x22, 0xb8,
-        0x16, 0x2a, 0x35, 0x46, 0x65, 0x6d, 0x59, 0x98,
-        0x0d, 0x51, 0xaf, 0x59, 0x5b, 0xf5, 0xf2, 0x3a,
-        0x63, 0x2f, 0x6d, 0x85, 0x44, 0xb8, 0x10, 0x74,
-        0xae, 0xd3, 0x4c, 0x03, 0x52, 0xba, 0x56, 0x0d,
-        0xea, 0xfb, 0x07, 0x44, 0x1a, 0x55, 0xa9, 0x37,
-        0x63, 0x42, 0xe5, 0x0a, 0x0e, 0xc2, 0x53, 0x72,
-        0x28, 0x25, 0x5a, 0x4b, 0x5d, 0x03, 0xc9, 0x29,
-        0x57, 0xf4, 0xea, 0x35, 0x07, 0xb4, 0xba, 0xad,
-        0xce, 0x53, 0xcc, 0xdf, 0xb7, 0x36, 0x4f, 0xfc,
-        0x18, 0x17, 0xb5, 0x8c, 0x50, 0xef, 0x28, 0xe3,
-        0x22, 0xe1, 0xb9, 0x45, 0xe0, 0xeb, 0x9b, 0x12,
-        0x33, 0x97, 0x5c, 0x30, 0xa5, 0x54, 0x53, 0x68,
-        0x68, 0x27, 0x14, 0xbf, 0x50, 0x2b, 0x61, 0xe1,
-        0xd0, 0x45, 0x7a, 0x97, 0x53, 0xe1, 0x0d, 0xe0,
-        0xf1, 0xbf, 0x35, 0xec, 0x3a, 0x3f, 0x47, 0x0a,
-        0x3c, 0x69, 0xcc, 0xb0, 0x4d, 0x2d, 0x98, 0xfa,
-        0xb3, 0xa0, 0xb6, 0x72, 0x9a, 0x98, 0x75, 0xe1,
-        0xdb, 0x53, 0x3c, 0x96, 0xb4, 0x1e, 0x3d, 0x98,
-        0x62, 0x8a, 0x6f, 0x8c, 0xf6, 0x68, 0x40, 0x6c,
-        0x5f, 0x03, 0x8e, 0x6b, 0x7b, 0x24, 0x2f, 0xdf,
-        0x86, 0xa7, 0xf1, 0xe6, 0x97, 0xae, 0xb1, 0x36,
-        0x11, 0x41, 0x67, 0xb1, 0x3f, 0x89, 0xf2, 0x31,
-        0xbc, 0xec, 0x7a, 0x41, 0x66, 0xb3, 0x9e, 0xab,
-        0x4a, 0x37, 0x09, 0x23, 0x78, 0x22, 0x05, 0x0c,
-        0x49, 0xc9, 0x25, 0x95, 0xa2, 0x37, 0xf2, 0xeb,
-        0x48, 0x3b, 0x9e, 0x1d, 0xd6, 0x12, 0x4b, 0xed,
-        0x5e, 0xb9, 0xb7, 0xb5, 0x12, 0x12, 0x96, 0x37,
-        0x6b, 0x7d, 0x20, 0x14, 0xa7, 0x75, 0x60, 0xca,
-        0x65, 0x83, 0x3d, 0x8b, 0xeb, 0x4d, 0x6a, 0xe6,
-        0x8e, 0xfd, 0x7a, 0x11, 0xac, 0xc7, 0xde, 0x87,
-        0xd8, 0x2b, 0xe1, 0xad, 0x57, 0x3a, 0xe9, 0xf6,
-        0xf0, 0x76, 0x6f, 0xd7, 0x86, 0x38, 0x7d, 0x1a,
-        0x8c, 0x12, 0xd1, 0xc8, 0xa2, 0x96, 0xb4, 0xf7,
-        0x26, 0x34, 0xf7, 0x05, 0x77, 0x68, 0x88, 0x48,
-        0xe5, 0x76, 0x85, 0x1f, 0x13, 0xbe, 0x48, 0xdf,
-        0x33, 0x5d, 0x4a, 0xcd, 0x89, 0x79, 0x3a, 0x6c,
-        0x6c, 0x06, 0x55, 0xfc, 0x39, 0xbc, 0x9e, 0x1e,
-        0x27, 0xb4, 0xa5, 0x00, 0xf7, 0x08, 0xcd, 0x4a,
-        0x9f, 0x2e, 0xc6, 0x72, 0xba, 0x5b, 0xf8, 0xad,
-        0x23, 0x99, 0x8d, 0x4c, 0x0c, 0x95, 0x8f, 0x29,
-        0x0f, 0x2a, 0x6c, 0x4e, 0x6c, 0xd8, 0xc0, 0xcd,
-        0xc8, 0x5f, 0x57, 0x16, 0xec, 0x98, 0xa4, 0xc8,
-        0x99, 0x5d, 0x37, 0x8c, 0xc6, 0xe2, 0xa1, 0xe8,
-        0xb8, 0x28, 0x00, 0xdd, 0xf0, 0x3b, 0x32, 0x26,
-        0xa2, 0xe7, 0x81, 0x77, 0x71, 0xe5, 0x09, 0xb4,
-        0x95, 0x5e, 0xe2, 0xbe, 0xd4, 0x21, 0x7b, 0xdf,
-        0x06, 0x30, 0xb5, 0x84, 0x0f, 0x25, 0x24, 0xab
-#endif
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ct[] = {
+        0x11, 0x3d, 0xb2, 0xdd, 0x06, 0x87, 0x12, 0x35,
+        0xe7, 0xbc, 0x36, 0xc9, 0xdc, 0xaa, 0x52, 0x8f,
+        0xc2, 0x6c, 0xe5, 0xdb, 0x9e, 0xcc, 0x1d, 0xc3,
+        0x2e, 0x95, 0x7d, 0x7f, 0xfb, 0x3c, 0x74, 0x29,
+        0xd5, 0x0c, 0x3c, 0x35, 0x77, 0xa5, 0x15, 0xd3,
+        0x18, 0x3a, 0x1b, 0x9d, 0x26, 0x7b, 0x93, 0x6b,
+        0x7e, 0xb8, 0xf5, 0x43, 0xa3, 0xaf, 0xb7, 0x77,
+        0x65, 0xca, 0x79, 0x38, 0xf7, 0x8a, 0xa6, 0x43,
+        0x8c, 0xe8, 0x0a, 0x06, 0xa6, 0x96, 0x6d, 0x0d,
+        0x06, 0xaf, 0x75, 0xba, 0x3e, 0x0d, 0x4f, 0x37,
+        0xba, 0xc7, 0x33, 0x69, 0xf5, 0xa7, 0x29, 0xf7,
+        0x3e, 0x85, 0x72, 0x9e, 0xdd, 0x97, 0xc8, 0xc2,
+        0xa8, 0xcc, 0x26, 0x19, 0xe4, 0xcf, 0x7b, 0x60,
+        0x91, 0x86, 0x9e, 0x90, 0x9f, 0xd4, 0x7d, 0x97,
+        0x09, 0x14, 0x92, 0x04, 0xb0, 0x83, 0x7d, 0x8d,
+        0x6f, 0x25, 0xd2, 0x67, 0x97, 0x2b, 0xe6, 0x3b,
+        0xad, 0x34, 0xb5, 0x44, 0x52, 0x3c, 0x01, 0xc0,
+        0x9d, 0xe3, 0xb1, 0xfa, 0x1d, 0x6b, 0x7b, 0x05,
+        0x9e, 0xee, 0x9e, 0x65, 0x20, 0x62, 0xfe, 0x87,
+        0x0f, 0x68, 0xc6, 0x80, 0x05, 0x33, 0x9e, 0xa1,
+        0x81, 0xe1, 0xd0, 0x76, 0x7c, 0x15, 0x2a, 0xeb,
+        0x38, 0xfa, 0xf0, 0xf9, 0x24, 0x5a, 0xe5, 0x9d,
+        0x5c, 0xb0, 0xd2, 0xb7, 0xf2, 0x01, 0x22, 0x9e,
+        0xd9, 0x70, 0x20, 0xd0, 0x62, 0x3a, 0x46, 0x10,
+        0x0d, 0x09, 0x7b, 0x0c, 0xe1, 0x15, 0x4e, 0x02,
+        0x8a, 0xe6, 0x19, 0x4d, 0xe0, 0x5d, 0xe9, 0x7d,
+        0xd9, 0xae, 0x2e, 0x85, 0xff, 0xd2, 0x5d, 0x95,
+        0xeb, 0x22, 0xef, 0xfe, 0x5b, 0xa1, 0x9c, 0xd8,
+        0x07, 0xc5, 0x30, 0xeb, 0xaa, 0x9f, 0xe9, 0xf6,
+        0x42, 0xcc, 0xac, 0xff, 0x47, 0xed, 0x15, 0xc2,
+        0x2b, 0xfe, 0x30, 0x36, 0xeb, 0xf8, 0xad, 0x9c,
+        0x8e, 0xd2, 0x32, 0x40, 0xae, 0xeb, 0xaa, 0x24,
+        0xd1, 0x35, 0x75, 0x51, 0x00, 0xb8, 0x5e, 0xce,
+        0xe3, 0x17, 0x49, 0x06, 0xe4, 0x63, 0x12, 0x06,
+        0x2c, 0xee, 0xca, 0xc7, 0x5d, 0xe5, 0x27, 0x52,
+        0x56, 0xc2, 0xc1, 0xa6, 0x53, 0xfd, 0x69, 0x15,
+        0xb1, 0xb3, 0x0c, 0x8e, 0xcb, 0xb6, 0xfd, 0x42,
+        0x80, 0x43, 0x74, 0x53, 0x17, 0x3a, 0x96, 0x23,
+        0x8b, 0xc7, 0xd1, 0x08, 0x89, 0x23, 0x43, 0xe0,
+        0x33, 0xbc, 0xd9, 0x8e, 0x43, 0x7e, 0x78, 0x9f,
+        0xc5, 0xbe, 0xba, 0xa1, 0x2b, 0x26, 0x34, 0xb5,
+        0x1e, 0xd0, 0xd5, 0x89, 0xf1, 0x11, 0x43, 0xa0,
+        0x21, 0xd8, 0xec, 0xce, 0x59, 0x4f, 0xdd, 0x48,
+        0xda, 0xe8, 0x4c, 0x80, 0x63, 0xef, 0x35, 0x81,
+        0xbc, 0x37, 0x8a, 0x48, 0xda, 0x4e, 0x51, 0xbb,
+        0x17, 0x5b, 0x0d, 0xb4, 0x7f, 0x9d, 0xcf, 0x99,
+        0x31, 0x8c, 0x30, 0x22, 0x5c, 0xa7, 0xfa, 0x79,
+        0xc8, 0x79, 0xbf, 0x1c, 0x93, 0x97, 0xb5, 0xcc,
+        0xc5, 0xef, 0xad, 0x94, 0xc5, 0x00, 0xed, 0x7f,
+        0x9f, 0x38, 0x5d, 0x08, 0x8e, 0x34, 0x93, 0x22,
+        0x21, 0xfc, 0x0f, 0xc9, 0xaf, 0xe5, 0x1f, 0x68,
+        0x75, 0x54, 0x81, 0x31, 0x69, 0x76, 0x95, 0x47,
+        0x8a, 0xbd, 0xc8, 0x73, 0x6f, 0x10, 0x09, 0x5a,
+        0x6b, 0x92, 0xec, 0x67, 0x9f, 0xe0, 0xe2, 0xae,
+        0x5d, 0x8b, 0x33, 0x53, 0x55, 0xd5, 0x8d, 0xae,
+        0x4d, 0x4f, 0x0b, 0x17, 0xaa, 0x5d, 0x1e, 0x52,
+        0xf1, 0xd4, 0x55, 0x84, 0xa8, 0x92, 0xc3, 0x4c,
+        0xe4, 0xb0, 0x4f, 0xcd, 0x00, 0x98, 0x1d, 0x51,
+        0xca, 0xa1, 0x60, 0x64, 0xba, 0xd9, 0x2d, 0x01,
+        0x9d, 0xc3, 0xad, 0xed, 0x91, 0x96, 0x84, 0x11,
+        0x2b, 0x29, 0xda, 0xa2, 0x8b, 0x9d, 0xae, 0x09,
+        0xb8, 0x6b, 0x21, 0xa9, 0x33, 0x10, 0xd5, 0xfb,
+        0xc6, 0x52, 0x7b, 0x22, 0x4b, 0x9c, 0xe8, 0x7d,
+        0x27, 0x82, 0xbb, 0x29, 0x46, 0x73, 0xf0, 0xec,
+        0x06, 0xf2, 0x6b, 0x08, 0x76, 0x52, 0xa1, 0x8d,
+        0x6a, 0xd7, 0xb1, 0xc9, 0x33, 0x03, 0xef, 0x05,
+        0x61, 0xc0, 0xfc, 0x9c, 0xd4, 0xf6, 0x78, 0xf6,
+        0x06, 0xf1, 0x92, 0xcf, 0x5d, 0xf9, 0x2b, 0x15,
+        0x48, 0xf5, 0xdd, 0x26, 0x87, 0xed, 0xbe, 0xcc,
+        0xfc, 0x6d, 0x4e, 0x9d, 0xe4, 0xbd, 0x50, 0xd3,
+        0xc7, 0x4f, 0xb2, 0x75, 0xab, 0xd9, 0xb3, 0xe9,
+        0x02, 0x77, 0xdb, 0x4a, 0x00, 0x69, 0xc0, 0xa2,
+        0xa7, 0x13, 0x6f, 0x50, 0xce, 0xad, 0x4b, 0x2f,
+        0x19, 0x95, 0xfa, 0xaf, 0x16, 0x80, 0x40, 0xe9,
+        0xe4, 0xbe, 0xb7, 0xc5, 0x72, 0x20, 0x49, 0xd6,
+        0xda, 0x64, 0x02, 0x99, 0x2f, 0xce, 0xa4, 0x50,
+        0x97, 0xdf, 0x7c, 0x1c, 0x20, 0xfb, 0x06, 0x82,
+        0x22, 0x00, 0x05, 0x76, 0x93, 0x5a, 0x08, 0x06,
+        0x77, 0x34, 0x51, 0x92, 0x1f, 0x54, 0xc5, 0x5f,
+        0xbf, 0x59, 0x3a, 0x4f, 0x14, 0x7c, 0x1f, 0xef,
+        0x3a, 0xca, 0xf0, 0xcf, 0xa9, 0x07, 0xae, 0x48,
+        0xc8, 0xc0, 0x63, 0x12, 0xcf, 0xdf, 0x51, 0x86,
+        0x90, 0x4b, 0xec, 0x7f, 0xed, 0x4e, 0xd9, 0x33,
+        0xc9, 0x25, 0x6a, 0xb0, 0x4c, 0xbf, 0xa0, 0x3a,
+        0x96, 0x7c, 0x1f, 0x7e, 0xad, 0x4a, 0xb4, 0x0d,
+        0xf1, 0x16, 0xbe, 0x66, 0x0e, 0x27, 0xca, 0x2b,
+        0x54, 0x35, 0x26, 0xd4, 0xb9, 0x68, 0x4c, 0x31,
+        0xe1, 0xe4, 0x23, 0x83, 0xb9, 0x69, 0xf8, 0x96,
+        0x29, 0x9d, 0x71, 0x39, 0x0c, 0xc8, 0x5b, 0x70,
+        0x32, 0x02, 0xac, 0xad, 0xec, 0xfa, 0x8c, 0x40,
+        0x96, 0x5c, 0x08, 0xc5, 0x3b, 0x56, 0x71, 0xe0,
+        0xd5, 0x94, 0x55, 0xbc, 0x5a, 0x85, 0x86, 0xc6,
+        0x55, 0xdb, 0x8c, 0x2a, 0xde, 0x4b, 0xa8, 0x87,
+        0x7f, 0x19, 0xb6, 0x00, 0x0e, 0x18, 0xf8, 0xfe,
+        0xad, 0xda, 0x7e, 0xde, 0x8f, 0xe8, 0x0a, 0xa6,
+        0x62, 0xd6, 0x94, 0xc6, 0xd8, 0xc3, 0x3b, 0x52
+    };
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = {
-#ifndef WOLFSSL_ML_KEM
         0x0A, 0x69, 0x25, 0x67, 0x6F, 0x24, 0xB2, 0x2C,
         0x28, 0x6F, 0x4C, 0x81, 0xA4, 0x22, 0x4C, 0xEC,
         0x50, 0x6C, 0x9B, 0x25, 0x7D, 0x48, 0x0E, 0x02,
         0xE3, 0xB4, 0x9F, 0x44, 0xCA, 0xA3, 0x23, 0x7F
-#else
-        0xc6, 0x08, 0x77, 0x70, 0x86, 0xed, 0x9f, 0xfd,
-        0xf9, 0x2c, 0xd4, 0xf1, 0xc9, 0x99, 0xae, 0xdd,
-        0x0b, 0x42, 0xe5, 0xe8, 0xef, 0x67, 0x32, 0xf4,
-        0x11, 0x12, 0x46, 0x48, 0x1e, 0x26, 0x04, 0x63
-#endif
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ss[] = {
+        0x31, 0x98, 0x39, 0xe8, 0x2a, 0xb6, 0xb2, 0x22,
+        0xde, 0x7b, 0x61, 0x9e, 0x80, 0xda, 0x83, 0x91,
+        0x52, 0x2b, 0xbb, 0x37, 0x67, 0x70, 0x18, 0x49,
+        0x4a, 0x47, 0x42, 0xc5, 0x3f, 0x9a, 0xbf, 0xdf
+    };
+#endif
 
 #ifdef WOLFSSL_SMALL_STACK
-    key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
+    key = (MlKemKey *)XMALLOC(sizeof(MlKemKey), HEAP_HINT,
                               DYNAMIC_TYPE_TMP_BUFFER);
-    priv = (byte *)XMALLOC(KYBER512_PRIVATE_KEY_SIZE, HEAP_HINT,
+    if (key == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+    priv = (byte *)XMALLOC(WC_ML_KEM_512_PRIVATE_KEY_SIZE, HEAP_HINT,
                               DYNAMIC_TYPE_TMP_BUFFER);
-    pub = (byte *)XMALLOC(KYBER512_PUBLIC_KEY_SIZE, HEAP_HINT,
+    pub = (byte *)XMALLOC(WC_ML_KEM_512_PUBLIC_KEY_SIZE, HEAP_HINT,
                               DYNAMIC_TYPE_TMP_BUFFER);
-    ct = (byte *)XMALLOC(KYBER512_CIPHER_TEXT_SIZE, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-    ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-    ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-
-    if (! (key && priv && pub && ct && ss && ss_dec))
+    if (pub == NULL || priv == NULL)
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
+    ct = (byte *)XMALLOC(WC_ML_KEM_512_CIPHER_TEXT_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    ss = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ct == NULL || ss == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+    ss_dec = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ss_dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#endif
 
+#ifdef WOLFSSL_MLKEM_KYBER
     ret = wc_KyberKey_Init(KYBER512, key, HEAP_HINT, INVALID_DEVID);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     else
         key_inited = 1;
 
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand,
         sizeof(kyber512_rand));
     if (ret != 0)
@@ -38346,7 +39926,16 @@ static wc_test_ret_t kyber512_kat(void)
 
     if (XMEMCMP(priv, kyber512_sk, sizeof(kyber512_sk)) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber512_rand;
+    (void)kyber512_pk;
+    ret = wc_KyberKey_DecodePrivateKey(key, kyber512_sk,
+        KYBER512_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
 
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
         sizeof(kyber512enc_rand));
     if (ret != 0)
@@ -38357,50 +39946,142 @@ static wc_test_ret_t kyber512_kat(void)
 
     if (XMEMCMP(ss, kyber512_ss, sizeof(kyber512_ss)) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber512enc_rand;
+#endif
 
-    ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber512_ct));
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+    ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber512_ct,
+        sizeof(kyber512_ct));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber512_ct;
+    (void)kyber512_ss;
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    ret = wc_MlKemKey_Init(key, WC_ML_KEM_512, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        key_inited = 1;
+
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+    ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber512_rand,
+        sizeof(kyber512_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_MlKemKey_EncodePublicKey(key, pub, WC_ML_KEM_512_PUBLIC_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_MlKemKey_EncodePrivateKey(key, priv,
+        WC_ML_KEM_512_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(pub, ml_kem_512_pk, sizeof(ml_kem_512_pk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(priv, ml_kem_512_sk, sizeof(ml_kem_512_sk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber512_rand;
+    (void)ml_kem_512_pk;
+    ret = wc_MlKemKey_DecodePrivateKey(key, ml_kem_512_sk,
+        WC_ML_KEM_512_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
+    ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
+        sizeof(kyber512enc_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ct, ml_kem_512_ct, sizeof(ml_kem_512_ct)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(ss, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber512enc_rand;
+#endif
+
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+    ret = wc_MlKemKey_Decapsulate(key, ss_dec, ml_kem_512_ct,
+        sizeof(ml_kem_512_ct));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ss_dec, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)ml_kem_512_ct;
+    (void)ml_kem_512_ss;
+#endif
+#endif
 
 out:
 
     if (key_inited)
-        wc_KyberKey_Free(key);
+        wc_MlKemKey_Free(key);
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
     XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 #endif
 
     return ret;
 }
-#endif /* WOLFSSL_KYBER512 */
+#endif /* !WOLFSSL_NO_KYBER512 && !WOLFSSL_NO_ML_KEM_512 */
 
-#ifdef WOLFSSL_KYBER768
-static wc_test_ret_t kyber768_kat(void)
+#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768)
+static wc_test_ret_t mlkem768_kat(void)
 {
     wc_test_ret_t ret;
 #ifdef WOLFSSL_SMALL_STACK
-    KyberKey *key = NULL;
+    MlKemKey *key = NULL;
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     byte *priv = NULL;
     byte *pub = NULL;
+#endif
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     byte *ct = NULL;
     byte *ss = NULL;
+#endif
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
     byte *ss_dec = NULL;
+#endif
 #else
-    KyberKey key[1];
+    MlKemKey key[1];
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     byte priv[KYBER768_PRIVATE_KEY_SIZE];
     byte pub[KYBER768_PUBLIC_KEY_SIZE];
+#endif
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     byte ct[KYBER768_CIPHER_TEXT_SIZE];
     byte ss[KYBER_SS_SZ];
+#endif
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
     byte ss_dec[KYBER_SS_SZ];
+#endif
 #endif
     int key_inited = 0;
     WOLFSSL_SMALL_STACK_STATIC const byte kyber768_rand[] = {
@@ -38420,6 +40101,7 @@ static wc_test_ret_t kyber768_kat(void)
         0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
     };
 
+#ifdef WOLFSSL_MLKEM_KYBER
     WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = {
         0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8,
         0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D,
@@ -38570,6 +40252,160 @@ static wc_test_ret_t kyber768_kat(void)
         0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
         0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_pk[] = {
+        0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24,
+        0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71,
+        0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
+        0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79,
+        0x67, 0x53, 0x29, 0x13, 0xa8, 0xd5, 0x3d, 0xfd,
+        0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
+        0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72,
+        0xa3, 0xf1, 0x63, 0x25, 0xc4, 0x0c, 0x29, 0x52,
+        0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
+        0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0,
+        0xb8, 0x99, 0x42, 0xce, 0xb1, 0x95, 0x53, 0x1c,
+        0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
+        0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0,
+        0xca, 0xc5, 0x20, 0x7e, 0x53, 0x5b, 0x26, 0x0a,
+        0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
+        0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb,
+        0x68, 0xbb, 0x34, 0x56, 0xc7, 0x3a, 0x01, 0xb7,
+        0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
+        0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b,
+        0x2f, 0x56, 0x02, 0xba, 0x65, 0xf0, 0x7e, 0xa9,
+        0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
+        0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c,
+        0x8a, 0xfe, 0xcb, 0x74, 0x8e, 0xe3, 0x91, 0xe9,
+        0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
+        0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38,
+        0xc3, 0x7b, 0xc6, 0x49, 0xb8, 0x26, 0x34, 0xce,
+        0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
+        0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57,
+        0xb4, 0x5e, 0xb6, 0x74, 0x65, 0xe1, 0x6d, 0xe4,
+        0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
+        0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4,
+        0x3c, 0xea, 0x88, 0xb0, 0x2a, 0x4c, 0x03, 0xd0,
+        0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
+        0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36,
+        0x6c, 0xdc, 0x25, 0x4b, 0xa2, 0x21, 0x29, 0xf4,
+        0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
+        0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b,
+        0x2c, 0xa4, 0x80, 0xcf, 0x35, 0x04, 0x09, 0xb2,
+        0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
+        0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab,
+        0x90, 0x1e, 0xa2, 0x53, 0xc8, 0x41, 0x5b, 0xd7,
+        0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
+        0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55,
+        0xaf, 0x16, 0xd3, 0xbc, 0x69, 0xf7, 0x0c, 0x2e,
+        0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
+        0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33,
+        0x1f, 0xa0, 0x4c, 0x19, 0x17, 0xb2, 0x78, 0xc3,
+        0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
+        0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63,
+        0xb1, 0xd9, 0x64, 0x4a, 0x61, 0x29, 0x48, 0xa3,
+        0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
+        0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27,
+        0x60, 0x9c, 0x76, 0xc7, 0xea, 0x6b, 0x5d, 0xe0,
+        0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
+        0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b,
+        0xce, 0xae, 0x1b, 0xa5, 0xcc, 0x72, 0xc7, 0x4a,
+        0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
+        0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2,
+        0x6c, 0x7c, 0x61, 0x51, 0xa1, 0x9c, 0x6c, 0xd7,
+        0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
+        0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37,
+        0x9d, 0xe3, 0xda, 0xbf, 0xa6, 0x29, 0xa7, 0xc0,
+        0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
+        0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb,
+        0x2c, 0xa7, 0xa8, 0x48, 0xcd, 0x36, 0x68, 0x01,
+        0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
+        0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0,
+        0x02, 0xba, 0xe9, 0x0a, 0xf6, 0x5c, 0x48, 0x06,
+        0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
+        0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75,
+        0x35, 0x94, 0xe6, 0xa7, 0x02, 0x76, 0x1f, 0xc9,
+        0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
+        0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa,
+        0x88, 0x09, 0xd9, 0x28, 0xc7, 0xf4, 0xcb, 0xbf,
+        0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
+        0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53,
+        0x92, 0x10, 0xc7, 0x11, 0x3b, 0xc3, 0x7b, 0x3e,
+        0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
+        0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89,
+        0xcb, 0x7c, 0x70, 0xc0, 0x23, 0x36, 0x6d, 0x78,
+        0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
+        0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6,
+        0x5a, 0x94, 0x11, 0x4f, 0xfa, 0xf6, 0x0d, 0x9a,
+        0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
+        0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3,
+        0x59, 0x9e, 0x37, 0xc7, 0x68, 0xc7, 0xbc, 0x10,
+        0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
+        0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2,
+        0x90, 0xd7, 0x89, 0x2e, 0xa8, 0x54, 0x64, 0xee,
+        0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
+        0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba,
+        0x8a, 0x95, 0x9a, 0x68, 0x09, 0x65, 0x47, 0xf6,
+        0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
+        0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a,
+        0x65, 0x6c, 0x28, 0x82, 0x8b, 0xeb, 0x91, 0x26,
+        0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
+        0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb,
+        0x95, 0x07, 0x26, 0x9d, 0xda, 0xf8, 0xc9, 0x5c,
+        0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
+        0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b,
+        0x1e, 0xee, 0xb3, 0x3e, 0xcd, 0xa7, 0x6a, 0xe9,
+        0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
+        0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c,
+        0x4c, 0x2c, 0x77, 0xce, 0x87, 0xc4, 0x1f, 0x98,
+        0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
+        0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8,
+        0x8e, 0x65, 0xda, 0x4d, 0x8e, 0xe6, 0x4f, 0x68,
+        0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
+        0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a,
+        0x00, 0x43, 0x33, 0x48, 0x93, 0x93, 0xa0, 0x74,
+        0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
+        0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72,
+        0x71, 0xc0, 0xb2, 0x7b, 0x2d, 0xba, 0xa0, 0x0d,
+        0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
+        0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8,
+        0x99, 0x12, 0x2c, 0x97, 0x96, 0xb4, 0xb0, 0x18,
+        0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
+        0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0,
+        0x0b, 0xce, 0x8c, 0xac, 0x78, 0x64, 0xcb, 0xb3,
+        0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
+        0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7,
+        0xac, 0xc9, 0xc5, 0xa1, 0x88, 0x40, 0x72, 0xd8,
+        0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
+        0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65,
+        0x12, 0x61, 0xf9, 0x62, 0xb1, 0x7a, 0x72, 0x15,
+        0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
+        0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71,
+        0x95, 0xa8, 0x5b, 0x4f, 0x98, 0xa1, 0xb5, 0x74,
+        0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
+        0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37,
+        0x48, 0xd9, 0xb5, 0xcd, 0x6c, 0x17, 0xb9, 0xb3,
+        0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
+        0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15,
+        0x78, 0x2a, 0x71, 0xcd, 0xee, 0xe7, 0x92, 0xba,
+        0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
+        0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30,
+        0xad, 0x98, 0xb4, 0x63, 0x4f, 0x64, 0xab, 0xa8,
+        0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
+        0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7,
+        0xaa, 0xc4, 0x1c, 0x82, 0x88, 0x87, 0x93, 0x18,
+        0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
+        0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29,
+        0x11, 0xd8, 0x55, 0x1e, 0x54, 0x66, 0xc5, 0x76,
+        0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
+        0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d,
+        0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d,
+        0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
+        0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28
+    };
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = {
         0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
         0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
@@ -38872,8 +40708,313 @@ static wc_test_ret_t kyber768_kat(void)
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_sk[] = {
+        0xda, 0x0a, 0xc7, 0xb6, 0x60, 0x40, 0x4e, 0x61,
+        0x3a, 0xa1, 0xf9, 0x80, 0x38, 0x0c, 0xb3, 0x6d,
+        0xba, 0x18, 0xd2, 0x32, 0x56, 0xc7, 0x26, 0x7a,
+        0x00, 0xa6, 0x7b, 0xa6, 0xc2, 0xa2, 0xb1, 0x4c,
+        0x41, 0x42, 0x39, 0x66, 0x2f, 0x68, 0xbd, 0x44,
+        0x6c, 0x8e, 0xfd, 0xf3, 0x66, 0x56, 0xa0, 0x89,
+        0x1a, 0x3c, 0xc6, 0x23, 0xfc, 0x68, 0xb6, 0x57,
+        0x2f, 0x7b, 0x29, 0xa6, 0xde, 0x12, 0x80, 0x14,
+        0x41, 0x1e, 0xe4, 0x19, 0x06, 0xd0, 0x80, 0x71,
+        0xf9, 0x48, 0x56, 0xe3, 0x6a, 0x83, 0x2b, 0x40,
+        0x33, 0x8d, 0x74, 0x35, 0x16, 0x65, 0x9b, 0xd2,
+        0x58, 0x79, 0xc0, 0x07, 0xa5, 0x2b, 0xc9, 0x58,
+        0x6f, 0x79, 0x87, 0x6a, 0xfa, 0xc6, 0xc9, 0xa3,
+        0x0d, 0x8f, 0xac, 0x24, 0x3b, 0xd2, 0x24, 0x25,
+        0xd6, 0xad, 0xce, 0x42, 0xab, 0x7e, 0xd3, 0x90,
+        0x14, 0x75, 0x7a, 0x95, 0x8b, 0xc8, 0xa7, 0x45,
+        0x65, 0xf0, 0x19, 0x23, 0x4f, 0xf0, 0x4b, 0x34,
+        0x89, 0x3e, 0xd6, 0xd0, 0x55, 0x01, 0xc3, 0x72,
+        0x55, 0x23, 0x9a, 0xae, 0x2a, 0xc1, 0x9f, 0x8c,
+        0x75, 0xac, 0x59, 0x00, 0xda, 0xe8, 0x30, 0x0d,
+        0xbb, 0xa7, 0x10, 0xdc, 0x2c, 0xaa, 0xe1, 0xbc,
+        0xa3, 0xa3, 0x8c, 0x58, 0x34, 0x2b, 0x28, 0x6b,
+        0x85, 0x18, 0xf1, 0x36, 0xad, 0x15, 0xb9, 0xf7,
+        0xbc, 0xbb, 0x06, 0xa5, 0x60, 0x7d, 0xb3, 0x75,
+        0xdb, 0xe9, 0x76, 0x45, 0x7c, 0x26, 0xc6, 0x59,
+        0x82, 0x57, 0x53, 0x1b, 0x2c, 0xfb, 0x6e, 0xe7,
+        0xf5, 0x15, 0x91, 0x84, 0x08, 0x04, 0xc3, 0x83,
+        0x88, 0x37, 0x6c, 0x27, 0x14, 0x84, 0x13, 0xda,
+        0x9e, 0x92, 0x92, 0x0b, 0xfd, 0x9a, 0x06, 0x9e,
+        0x01, 0x8b, 0xd2, 0x72, 0x05, 0x3d, 0xa8, 0x77,
+        0x5c, 0x0b, 0x73, 0x9f, 0x76, 0x1d, 0xb2, 0x10,
+        0x7c, 0xf3, 0x5a, 0x43, 0x4d, 0x69, 0xb0, 0x7e,
+        0x5b, 0xcd, 0xb8, 0x74, 0x34, 0x13, 0x8b, 0x0c,
+        0xb5, 0x56, 0x76, 0x1b, 0xa5, 0x22, 0xa5, 0x74,
+        0x7b, 0x28, 0x74, 0x7d, 0x80, 0xeb, 0x9d, 0x6c,
+        0xc6, 0x73, 0xbe, 0xe5, 0x76, 0x93, 0x77, 0xb9,
+        0x96, 0xd3, 0x6c, 0xeb, 0x0c, 0x0c, 0x7e, 0xd9,
+        0xa6, 0x58, 0x53, 0x33, 0x24, 0x86, 0x9c, 0x18,
+        0xa1, 0xa3, 0x6f, 0x31, 0x47, 0x0f, 0x14, 0xc5,
+        0xae, 0x49, 0xab, 0x07, 0x05, 0x07, 0xf8, 0x24,
+        0x9c, 0xe4, 0x04, 0xb4, 0x9c, 0x0a, 0x8c, 0x3e,
+        0xe4, 0x2f, 0xea, 0x96, 0x31, 0xfa, 0x1a, 0x0d,
+        0x10, 0xd8, 0x6b, 0x93, 0xf9, 0x86, 0xe0, 0xe3,
+        0xa8, 0x2e, 0x70, 0x3b, 0x74, 0xe5, 0xae, 0x61,
+        0x01, 0x24, 0x24, 0x21, 0xa8, 0x9a, 0xa0, 0x7f,
+        0xe6, 0x85, 0x88, 0x46, 0x0b, 0xaa, 0x36, 0x87,
+        0x86, 0x48, 0x6a, 0x72, 0xe4, 0xf2, 0x4d, 0x2d,
+        0xd7, 0x6c, 0xfc, 0x03, 0xb6, 0x94, 0xa5, 0xba,
+        0x91, 0xa7, 0x55, 0xa0, 0xb9, 0x8f, 0x3b, 0xf9,
+        0x33, 0x07, 0xc0, 0xab, 0x64, 0x63, 0x9a, 0xea,
+        0x7a, 0x64, 0x98, 0xa3, 0xc3, 0xdd, 0xc5, 0x71,
+        0x14, 0x1a, 0xbc, 0xa4, 0x67, 0x8c, 0xd2, 0xe2,
+        0xb8, 0x57, 0xfb, 0x88, 0xf6, 0x00, 0xca, 0xa5,
+        0x96, 0xb4, 0x4b, 0xc4, 0x22, 0x25, 0x0b, 0x28,
+        0x19, 0xe0, 0x51, 0x5f, 0x04, 0x72, 0x39, 0x18,
+        0x53, 0x70, 0x0b, 0x01, 0xef, 0xf9, 0x45, 0x3f,
+        0xd1, 0x18, 0x76, 0xb7, 0xc7, 0x59, 0xa0, 0x7d,
+        0xd8, 0x45, 0xca, 0xba, 0x45, 0x55, 0x26, 0x4a,
+        0x82, 0x76, 0x51, 0x93, 0xfd, 0xf8, 0x1b, 0x62,
+        0x0a, 0x1e, 0x1f, 0x92, 0x3f, 0xb2, 0x44, 0x42,
+        0xcd, 0x1c, 0xbe, 0x94, 0x17, 0x50, 0x03, 0xec,
+        0x06, 0xce, 0x77, 0xa3, 0xc6, 0x44, 0x93, 0xc1,
+        0x99, 0x98, 0x7a, 0x30, 0x0c, 0x95, 0xc5, 0x3c,
+        0x00, 0x89, 0xb5, 0xd6, 0x5c, 0x92, 0xea, 0x97,
+        0x1b, 0x2f, 0xfa, 0x93, 0xb5, 0x2a, 0x46, 0x1e,
+        0xa2, 0xac, 0x8c, 0x19, 0x9c, 0x2f, 0x4c, 0x2b,
+        0x70, 0x42, 0x97, 0xce, 0x3c, 0x39, 0x49, 0xe0,
+        0x73, 0x5e, 0xa8, 0xa1, 0x4a, 0xa5, 0x9e, 0x8d,
+        0xec, 0x0c, 0x87, 0x83, 0x99, 0xff, 0x70, 0x74,
+        0x7a, 0xb2, 0x44, 0xce, 0x46, 0xb5, 0xf2, 0x23,
+        0x04, 0x73, 0x32, 0x3d, 0x25, 0xc6, 0x6f, 0xe6,
+        0xb4, 0x19, 0xb1, 0xf4, 0xa1, 0x12, 0xe5, 0x21,
+        0x40, 0x35, 0x25, 0x6b, 0xc4, 0x3f, 0xfd, 0x2b,
+        0x6b, 0x7b, 0x37, 0x87, 0x69, 0xa6, 0xb4, 0x70,
+        0x00, 0xbf, 0xb6, 0x35, 0x7d, 0x45, 0x81, 0x4b,
+        0xae, 0xf3, 0x85, 0x7d, 0x37, 0x9e, 0x2f, 0xb8,
+        0xb5, 0xe5, 0x20, 0x1a, 0xb2, 0x62, 0x74, 0xbb,
+        0x1b, 0x70, 0xad, 0x32, 0x2c, 0xd0, 0x43, 0x9b,
+        0x2d, 0xb1, 0x09, 0xcf, 0xf0, 0xa2, 0xf8, 0xe6,
+        0x00, 0x99, 0x55, 0x71, 0xff, 0xc3, 0x8c, 0x59,
+        0x0b, 0xc4, 0xc7, 0x61, 0x5c, 0x69, 0xd0, 0xc9,
+        0x8e, 0xf4, 0x30, 0xf3, 0x08, 0x61, 0xa7, 0x72,
+        0x38, 0xff, 0xc0, 0x70, 0x61, 0xe4, 0x75, 0xd6,
+        0xa3, 0x0a, 0xd1, 0xb4, 0x7f, 0xd0, 0x39, 0xc3,
+        0xa4, 0x47, 0x76, 0x2d, 0xb2, 0x21, 0x1d, 0xc3,
+        0x1d, 0x0a, 0xca, 0xcf, 0xd5, 0x58, 0x90, 0xa5,
+        0x82, 0x47, 0x98, 0xf9, 0xae, 0xad, 0x74, 0x13,
+        0xdf, 0xe0, 0x28, 0xb1, 0x01, 0x2b, 0xe8, 0xb6,
+        0xca, 0x10, 0x26, 0x66, 0x6a, 0xc6, 0xbc, 0x94,
+        0x40, 0xa4, 0x49, 0xb5, 0x1a, 0xd8, 0xbb, 0xa7,
+        0xb0, 0x92, 0x1d, 0xd4, 0xd8, 0xb4, 0xa5, 0x78,
+        0x13, 0x6d, 0x1a, 0x05, 0xdb, 0x38, 0xcc, 0x85,
+        0x84, 0x37, 0xb2, 0x51, 0x61, 0xd1, 0xc3, 0xc2,
+        0x8e, 0xe0, 0x7b, 0xbc, 0xf2, 0xb2, 0x49, 0x11,
+        0x0d, 0x22, 0x78, 0x1d, 0xc3, 0x05, 0x0d, 0x8c,
+        0xc0, 0x09, 0x00, 0x96, 0xb3, 0x8a, 0x85, 0x06,
+        0x96, 0xf8, 0x6e, 0x9e, 0x6b, 0xab, 0x32, 0x52,
+        0x71, 0xb2, 0x24, 0x86, 0x75, 0x01, 0x19, 0x68,
+        0x50, 0x28, 0x81, 0x09, 0x04, 0x97, 0xfa, 0xc0,
+        0xaf, 0x84, 0x3c, 0x1a, 0xea, 0x76, 0xdd, 0x81,
+        0xcf, 0x29, 0xc0, 0x12, 0xc6, 0x62, 0x27, 0xb7,
+        0xf0, 0x6d, 0x99, 0x61, 0x30, 0x9b, 0x02, 0x62,
+        0xf7, 0x32, 0xc9, 0xa4, 0xd0, 0xbb, 0xd0, 0x67,
+        0x27, 0xab, 0xb8, 0x37, 0x1f, 0xf2, 0xc1, 0x18,
+        0x99, 0xa0, 0x98, 0x37, 0x5c, 0x46, 0x05, 0x16,
+        0xb2, 0xcc, 0x88, 0xbc, 0xf6, 0x28, 0xed, 0xe3,
+        0x7d, 0x8f, 0x3b, 0x33, 0x42, 0xe4, 0x49, 0x0a,
+        0x85, 0x60, 0x6e, 0xc0, 0x3d, 0xa2, 0x9b, 0x02,
+        0x56, 0x27, 0x53, 0x82, 0xa3, 0x31, 0x3d, 0xc0,
+        0x41, 0x11, 0x48, 0x01, 0x03, 0x2c, 0x51, 0x9f,
+        0x35, 0x0c, 0x3e, 0x6a, 0xba, 0xc3, 0xe3, 0x3b,
+        0x93, 0xb4, 0xa1, 0x9f, 0x7c, 0x54, 0x66, 0xe5,
+        0x8c, 0xb1, 0xdc, 0x14, 0xb4, 0xa9, 0x6c, 0x47,
+        0x57, 0x29, 0xf9, 0x71, 0xbd, 0xf1, 0x73, 0xcd,
+        0xf3, 0x54, 0x82, 0x4d, 0x01, 0x94, 0x27, 0xf9,
+        0x5b, 0x3b, 0x4a, 0x4a, 0x4a, 0x95, 0x8e, 0x47,
+        0x6a, 0x6e, 0x69, 0x91, 0xce, 0x6f, 0x06, 0xcb,
+        0x5d, 0xfc, 0xa7, 0xd4, 0x38, 0x0c, 0x3d, 0x92,
+        0x0b, 0x57, 0x11, 0xac, 0x1f, 0xcb, 0xaf, 0x4b,
+        0x9a, 0xc8, 0x00, 0xb9, 0x76, 0xd1, 0xec, 0x76,
+        0x6a, 0x62, 0x6c, 0xc1, 0x90, 0x0b, 0x66, 0xb3,
+        0xa9, 0xdc, 0x62, 0xc5, 0xc1, 0x44, 0x52, 0x7a,
+        0x29, 0x6b, 0xaf, 0x70, 0x43, 0x3b, 0xf6, 0x57,
+        0xc0, 0x43, 0x7f, 0x87, 0x59, 0x7b, 0xd7, 0xc8,
+        0xbb, 0xbe, 0x9a, 0xbc, 0x37, 0x05, 0x09, 0x31,
+        0xa4, 0xa8, 0x69, 0x82, 0xa2, 0x02, 0x8a, 0x74,
+        0x45, 0x4c, 0x9b, 0x81, 0x0c, 0x88, 0xd1, 0x70,
+        0x1c, 0x8c, 0xc9, 0x8a, 0x1d, 0x4c, 0xa1, 0x07,
+        0xa6, 0xb2, 0x5e, 0x96, 0x2f, 0xe4, 0xb6, 0xb0,
+        0x3c, 0x95, 0x45, 0x32, 0x60, 0xb8, 0x07, 0x22,
+        0x86, 0x37, 0xcc, 0x9e, 0xb1, 0x2a, 0xcc, 0x09,
+        0x54, 0x95, 0x9a, 0x52, 0xae, 0x54, 0xd1, 0x97,
+        0x73, 0x00, 0xab, 0xa0, 0xba, 0x2c, 0x14, 0x60,
+        0x9b, 0xb2, 0x8c, 0x11, 0xd5, 0xfa, 0xc5, 0xca,
+        0xc8, 0x82, 0x97, 0x60, 0x32, 0x83, 0xe8, 0x67,
+        0xa3, 0x64, 0x83, 0x66, 0xc7, 0x24, 0xd9, 0x35,
+        0x4c, 0xd7, 0xa1, 0x96, 0xdb, 0xd9, 0x80, 0x2f,
+        0x7b, 0x88, 0xd3, 0xfa, 0x00, 0x1f, 0x9c, 0x97,
+        0x73, 0x22, 0x54, 0x62, 0x23, 0x5e, 0x91, 0x35,
+        0x2a, 0x20, 0x79, 0x1f, 0xd8, 0xb8, 0x7f, 0xe3,
+        0x37, 0x7e, 0xc6, 0xa3, 0x94, 0x0b, 0x11, 0x30,
+        0xa0, 0xbb, 0x04, 0xe7, 0x41, 0x0a, 0x34, 0xe2,
+        0x58, 0x0d, 0x07, 0x1d, 0x6c, 0x56, 0x20, 0x20,
+        0x86, 0x78, 0x7a, 0x65, 0x90, 0xf8, 0x43, 0x93,
+        0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24,
+        0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71,
+        0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
+        0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79,
+        0x67, 0x53, 0x29, 0x13, 0xa8, 0xd5, 0x3d, 0xfd,
+        0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
+        0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72,
+        0xa3, 0xf1, 0x63, 0x25, 0xc4, 0x0c, 0x29, 0x52,
+        0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
+        0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0,
+        0xb8, 0x99, 0x42, 0xce, 0xb1, 0x95, 0x53, 0x1c,
+        0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
+        0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0,
+        0xca, 0xc5, 0x20, 0x7e, 0x53, 0x5b, 0x26, 0x0a,
+        0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
+        0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb,
+        0x68, 0xbb, 0x34, 0x56, 0xc7, 0x3a, 0x01, 0xb7,
+        0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
+        0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b,
+        0x2f, 0x56, 0x02, 0xba, 0x65, 0xf0, 0x7e, 0xa9,
+        0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
+        0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c,
+        0x8a, 0xfe, 0xcb, 0x74, 0x8e, 0xe3, 0x91, 0xe9,
+        0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
+        0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38,
+        0xc3, 0x7b, 0xc6, 0x49, 0xb8, 0x26, 0x34, 0xce,
+        0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
+        0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57,
+        0xb4, 0x5e, 0xb6, 0x74, 0x65, 0xe1, 0x6d, 0xe4,
+        0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
+        0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4,
+        0x3c, 0xea, 0x88, 0xb0, 0x2a, 0x4c, 0x03, 0xd0,
+        0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
+        0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36,
+        0x6c, 0xdc, 0x25, 0x4b, 0xa2, 0x21, 0x29, 0xf4,
+        0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
+        0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b,
+        0x2c, 0xa4, 0x80, 0xcf, 0x35, 0x04, 0x09, 0xb2,
+        0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
+        0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab,
+        0x90, 0x1e, 0xa2, 0x53, 0xc8, 0x41, 0x5b, 0xd7,
+        0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
+        0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55,
+        0xaf, 0x16, 0xd3, 0xbc, 0x69, 0xf7, 0x0c, 0x2e,
+        0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
+        0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33,
+        0x1f, 0xa0, 0x4c, 0x19, 0x17, 0xb2, 0x78, 0xc3,
+        0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
+        0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63,
+        0xb1, 0xd9, 0x64, 0x4a, 0x61, 0x29, 0x48, 0xa3,
+        0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
+        0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27,
+        0x60, 0x9c, 0x76, 0xc7, 0xea, 0x6b, 0x5d, 0xe0,
+        0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
+        0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b,
+        0xce, 0xae, 0x1b, 0xa5, 0xcc, 0x72, 0xc7, 0x4a,
+        0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
+        0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2,
+        0x6c, 0x7c, 0x61, 0x51, 0xa1, 0x9c, 0x6c, 0xd7,
+        0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
+        0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37,
+        0x9d, 0xe3, 0xda, 0xbf, 0xa6, 0x29, 0xa7, 0xc0,
+        0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
+        0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb,
+        0x2c, 0xa7, 0xa8, 0x48, 0xcd, 0x36, 0x68, 0x01,
+        0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
+        0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0,
+        0x02, 0xba, 0xe9, 0x0a, 0xf6, 0x5c, 0x48, 0x06,
+        0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
+        0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75,
+        0x35, 0x94, 0xe6, 0xa7, 0x02, 0x76, 0x1f, 0xc9,
+        0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
+        0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa,
+        0x88, 0x09, 0xd9, 0x28, 0xc7, 0xf4, 0xcb, 0xbf,
+        0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
+        0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53,
+        0x92, 0x10, 0xc7, 0x11, 0x3b, 0xc3, 0x7b, 0x3e,
+        0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
+        0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89,
+        0xcb, 0x7c, 0x70, 0xc0, 0x23, 0x36, 0x6d, 0x78,
+        0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
+        0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6,
+        0x5a, 0x94, 0x11, 0x4f, 0xfa, 0xf6, 0x0d, 0x9a,
+        0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
+        0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3,
+        0x59, 0x9e, 0x37, 0xc7, 0x68, 0xc7, 0xbc, 0x10,
+        0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
+        0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2,
+        0x90, 0xd7, 0x89, 0x2e, 0xa8, 0x54, 0x64, 0xee,
+        0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
+        0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba,
+        0x8a, 0x95, 0x9a, 0x68, 0x09, 0x65, 0x47, 0xf6,
+        0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
+        0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a,
+        0x65, 0x6c, 0x28, 0x82, 0x8b, 0xeb, 0x91, 0x26,
+        0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
+        0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb,
+        0x95, 0x07, 0x26, 0x9d, 0xda, 0xf8, 0xc9, 0x5c,
+        0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
+        0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b,
+        0x1e, 0xee, 0xb3, 0x3e, 0xcd, 0xa7, 0x6a, 0xe9,
+        0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
+        0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c,
+        0x4c, 0x2c, 0x77, 0xce, 0x87, 0xc4, 0x1f, 0x98,
+        0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
+        0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8,
+        0x8e, 0x65, 0xda, 0x4d, 0x8e, 0xe6, 0x4f, 0x68,
+        0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
+        0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a,
+        0x00, 0x43, 0x33, 0x48, 0x93, 0x93, 0xa0, 0x74,
+        0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
+        0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72,
+        0x71, 0xc0, 0xb2, 0x7b, 0x2d, 0xba, 0xa0, 0x0d,
+        0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
+        0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8,
+        0x99, 0x12, 0x2c, 0x97, 0x96, 0xb4, 0xb0, 0x18,
+        0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
+        0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0,
+        0x0b, 0xce, 0x8c, 0xac, 0x78, 0x64, 0xcb, 0xb3,
+        0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
+        0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7,
+        0xac, 0xc9, 0xc5, 0xa1, 0x88, 0x40, 0x72, 0xd8,
+        0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
+        0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65,
+        0x12, 0x61, 0xf9, 0x62, 0xb1, 0x7a, 0x72, 0x15,
+        0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
+        0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71,
+        0x95, 0xa8, 0x5b, 0x4f, 0x98, 0xa1, 0xb5, 0x74,
+        0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
+        0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37,
+        0x48, 0xd9, 0xb5, 0xcd, 0x6c, 0x17, 0xb9, 0xb3,
+        0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
+        0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15,
+        0x78, 0x2a, 0x71, 0xcd, 0xee, 0xe7, 0x92, 0xba,
+        0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
+        0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30,
+        0xad, 0x98, 0xb4, 0x63, 0x4f, 0x64, 0xab, 0xa8,
+        0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
+        0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7,
+        0xaa, 0xc4, 0x1c, 0x82, 0x88, 0x87, 0x93, 0x18,
+        0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
+        0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29,
+        0x11, 0xd8, 0x55, 0x1e, 0x54, 0x66, 0xc5, 0x76,
+        0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
+        0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d,
+        0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d,
+        0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
+        0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28,
+        0xf5, 0x72, 0x62, 0x66, 0x13, 0x58, 0xcd, 0xe8,
+        0xd3, 0xeb, 0xf9, 0x90, 0xe5, 0xfd, 0x1d, 0x5b,
+        0x89, 0x6c, 0x99, 0x2c, 0xcf, 0xaa, 0xdb, 0x52,
+        0x56, 0xb6, 0x8b, 0xbf, 0x59, 0x43, 0xb1, 0x32,
+        0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
+        0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
+        0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
+        0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
+    };
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = {
-#ifndef WOLFSSL_ML_KEM
         0xB5, 0x2C, 0x56, 0xB9, 0x2A, 0x4B, 0x7C, 0xE9,
         0xE4, 0xCB, 0x7C, 0x5B, 0x1B, 0x16, 0x31, 0x67,
         0xA8, 0xA1, 0x67, 0x5B, 0x2F, 0xDE, 0xF8, 0x4A,
@@ -39010,183 +41151,202 @@ static wc_test_ret_t kyber768_kat(void)
         0x24, 0x62, 0xDC, 0x44, 0xD3, 0x49, 0x65, 0x10,
         0x24, 0x82, 0xA8, 0xED, 0x9E, 0x4E, 0x96, 0x4D,
         0x56, 0x83, 0xE5, 0xD4, 0x5D, 0x0C, 0x82, 0x69
-#else
-        0xa4, 0x13, 0xbe, 0x81, 0x04, 0x72, 0x59, 0x20,
-        0x24, 0x01, 0xee, 0x35, 0x98, 0x9d, 0x25, 0xa3,
-        0x85, 0x6c, 0xd1, 0xc0, 0x26, 0x0c, 0xe2, 0x39,
-        0x1d, 0xe3, 0x23, 0x73, 0x6b, 0x67, 0x8f, 0x32,
-        0x80, 0x05, 0xc8, 0x21, 0xad, 0x09, 0x21, 0x80,
-        0xb4, 0x49, 0x6f, 0x21, 0x29, 0x28, 0x0f, 0x4f,
-        0x29, 0x94, 0x04, 0x36, 0x2b, 0x9d, 0x14, 0x19,
-        0x48, 0xb6, 0xbb, 0x02, 0xac, 0xd5, 0x73, 0x65,
-        0x59, 0xfc, 0x90, 0x39, 0x01, 0x8c, 0x96, 0x1d,
-        0xdd, 0xd9, 0x4e, 0xe5, 0x59, 0x19, 0x84, 0x71,
-        0xd4, 0xa0, 0x49, 0xe5, 0x47, 0xb5, 0x63, 0x6c,
-        0xf8, 0xbb, 0xf7, 0xdb, 0x1a, 0x90, 0xc7, 0x2b,
-        0x87, 0x09, 0x23, 0xdc, 0xd5, 0x4b, 0x14, 0x8c,
-        0x60, 0xc9, 0xc8, 0xee, 0x60, 0x4d, 0x30, 0xee,
-        0xbb, 0x69, 0x01, 0xe6, 0xdf, 0x25, 0x96, 0x12,
-        0x18, 0x26, 0x05, 0x8d, 0x25, 0x02, 0x9a, 0xe3,
-        0x99, 0xc9, 0x5f, 0x6a, 0xac, 0xba, 0xaf, 0xe3,
-        0x4f, 0x11, 0x8d, 0xdb, 0xa7, 0xa6, 0x9d, 0x7c,
-        0xd8, 0x99, 0xb5, 0xf4, 0xd5, 0x8d, 0x3d, 0xf2,
-        0xa8, 0x89, 0xb0, 0x30, 0xce, 0x9a, 0x7e, 0xa6,
-        0x44, 0x6d, 0x41, 0xa6, 0x0a, 0x17, 0x5f, 0x12,
-        0x7d, 0xa9, 0x4c, 0x27, 0x6b, 0xaa, 0x1e, 0xdf,
-        0xb3, 0x57, 0xd4, 0x1b, 0x28, 0x57, 0xad, 0x46,
-        0x2c, 0x83, 0xd8, 0xff, 0x00, 0x23, 0x6d, 0x9b,
-        0xac, 0x59, 0x32, 0x5e, 0x0c, 0x3b, 0xdd, 0xcb,
-        0x37, 0xbf, 0xe0, 0xfd, 0xa4, 0xe1, 0x67, 0xfc,
-        0xf6, 0xae, 0xc1, 0x49, 0xfe, 0x5f, 0x9f, 0x63,
-        0x93, 0xfc, 0x47, 0x15, 0xc6, 0x99, 0x5d, 0x67,
-        0xf2, 0xb4, 0xdd, 0xb0, 0xc7, 0x67, 0x8e, 0xe1,
-        0x40, 0xbc, 0xfd, 0xd2, 0x36, 0x5e, 0x81, 0x22,
-        0xca, 0x92, 0xcb, 0xba, 0x1a, 0xc7, 0x03, 0x35,
-        0x7e, 0xdf, 0x15, 0x21, 0x0c, 0x68, 0x92, 0x66,
-        0x9f, 0x1a, 0x2b, 0x88, 0xd7, 0x92, 0xbe, 0x7d,
-        0x9a, 0xa5, 0x6c, 0x5e, 0x8d, 0xf7, 0x58, 0xab,
-        0xb4, 0xbb, 0xae, 0x83, 0x14, 0x1d, 0x27, 0x59,
-        0xdf, 0xc4, 0xea, 0x8f, 0x2c, 0xf0, 0x0d, 0xd8,
-        0x6a, 0x73, 0x12, 0xfb, 0xae, 0xa9, 0xcf, 0xe6,
-        0xd7, 0xfd, 0x3f, 0x13, 0xfc, 0x8c, 0xb7, 0x5d,
-        0x25, 0x2c, 0xb3, 0xec, 0x7e, 0x7b, 0x37, 0xcd,
-        0x81, 0xd8, 0x8f, 0x38, 0xae, 0x59, 0x3e, 0xde,
-        0x6f, 0x8a, 0x81, 0xd5, 0x11, 0x83, 0xd7, 0xdc,
-        0x7f, 0x57, 0xab, 0xb2, 0x1c, 0xe2, 0xc5, 0x93,
-        0xdb, 0x72, 0xf0, 0xbf, 0x77, 0x9c, 0xcc, 0xc8,
-        0x24, 0x20, 0xf5, 0x3c, 0x2f, 0xe3, 0x64, 0xb1,
-        0xfd, 0x3c, 0xd2, 0xec, 0x54, 0xb9, 0x24, 0xa6,
-        0x2a, 0xfa, 0x4c, 0x31, 0x95, 0x57, 0x8e, 0x48,
-        0xaa, 0x5f, 0x50, 0x7e, 0x79, 0x28, 0xd7, 0x52,
-        0x7d, 0x65, 0x77, 0xd3, 0xfc, 0xa8, 0x7e, 0x7b,
-        0x7b, 0x19, 0xa8, 0x9f, 0x69, 0xf0, 0x01, 0x8e,
-        0xeb, 0x36, 0x87, 0x1b, 0xaa, 0xdf, 0xcc, 0x70,
-        0x94, 0xe3, 0x44, 0xfb, 0x36, 0x48, 0x1f, 0xb1,
-        0x4a, 0x5c, 0x53, 0xc3, 0x08, 0x67, 0xcf, 0x1c,
-        0x5c, 0x02, 0xcf, 0x62, 0x27, 0xf9, 0xaa, 0xe8,
-        0xd8, 0xa1, 0x2b, 0x24, 0xc5, 0xac, 0x2b, 0x8e,
-        0xb9, 0x12, 0xb8, 0x7d, 0xe8, 0x32, 0x54, 0x09,
-        0xe4, 0x40, 0xa4, 0x7b, 0x5c, 0x74, 0x23, 0x71,
-        0x79, 0xa6, 0xce, 0x55, 0x58, 0xee, 0x09, 0x10,
-        0x1c, 0xa4, 0xe6, 0x45, 0xe2, 0x4b, 0xdc, 0x28,
-        0x77, 0x87, 0x35, 0xab, 0xf9, 0x8b, 0x06, 0x88,
-        0xf6, 0x28, 0x9d, 0x50, 0x32, 0x51, 0x58, 0x2a,
-        0xab, 0x6e, 0x81, 0xce, 0xd0, 0x17, 0x98, 0x29,
-        0xf7, 0x31, 0x17, 0x31, 0xd0, 0x61, 0x5d, 0x0a,
-        0x0d, 0x95, 0x59, 0x78, 0xaa, 0xfb, 0xf8, 0xaa,
-        0x44, 0x0a, 0x5c, 0x85, 0x87, 0x0c, 0x58, 0xb3,
-        0xe5, 0xc1, 0xff, 0x92, 0x67, 0xf0, 0x94, 0xb7,
-        0x42, 0xf5, 0x16, 0xe8, 0xe9, 0x75, 0x9d, 0x0f,
-        0x88, 0x02, 0x1d, 0x99, 0xa7, 0xfd, 0x65, 0xbb,
-        0xee, 0x80, 0x12, 0x17, 0x27, 0x66, 0x56, 0xd2,
-        0x1f, 0x37, 0x34, 0xde, 0x0a, 0x55, 0x89, 0xb3,
-        0x3f, 0xe9, 0x96, 0xec, 0xb9, 0x9c, 0x0d, 0x8a,
-        0x52, 0xd5, 0x4b, 0x39, 0xdc, 0xfe, 0x70, 0x7f,
-        0xc1, 0x1e, 0x35, 0x63, 0x8a, 0x69, 0xd9, 0x08,
-        0xcc, 0xb0, 0xed, 0xac, 0xfb, 0x2a, 0xa4, 0x35,
-        0xe3, 0xbe, 0xb9, 0x81, 0xd3, 0xfd, 0xef, 0x59,
-        0xca, 0xde, 0x6f, 0x63, 0xcd, 0xa0, 0x56, 0xc5,
-        0x26, 0xcd, 0xc5, 0x5b, 0x87, 0xa3, 0xef, 0x26,
-        0x38, 0xbc, 0xae, 0xed, 0xf4, 0x06, 0x71, 0x10,
-        0x53, 0xa0, 0x9d, 0x31, 0x06, 0x99, 0xdc, 0x8e,
-        0x3d, 0x07, 0xac, 0xc1, 0x0e, 0x1e, 0xa8, 0xec,
-        0x8d, 0x51, 0xab, 0x31, 0xc0, 0x4c, 0xa8, 0x8c,
-        0x21, 0x77, 0xa5, 0x11, 0x93, 0xb4, 0x18, 0xcc,
-        0xc4, 0xb2, 0x54, 0x8e, 0xcd, 0xa8, 0x61, 0x59,
-        0x8f, 0xfa, 0xa8, 0xb1, 0x6e, 0xaf, 0x89, 0xd5,
-        0x9c, 0x84, 0x03, 0xc3, 0x9c, 0x8d, 0x94, 0xc4,
-        0x28, 0xcf, 0x19, 0x18, 0x0e, 0x14, 0x20, 0x28,
-        0x7b, 0x45, 0x5f, 0xb6, 0xe4, 0xe5, 0xbf, 0xbd,
-        0x38, 0x3a, 0xef, 0x18, 0xca, 0x99, 0xf8, 0x10,
-        0xf6, 0xce, 0xa7, 0x03, 0xbe, 0x4b, 0x9b, 0xf0,
-        0xcb, 0x6f, 0x0c, 0x53, 0x83, 0xe8, 0x3e, 0xd3,
-        0xa7, 0x23, 0xa2, 0x7d, 0x8e, 0x39, 0x91, 0x06,
-        0x76, 0x56, 0x72, 0x69, 0x25, 0xb2, 0x0f, 0xb7,
-        0x35, 0xb1, 0x27, 0x52, 0xfa, 0xcf, 0x68, 0x4e,
-        0x5c, 0x03, 0xdc, 0x5b, 0xe7, 0xa6, 0x3a, 0xf4,
-        0xbd, 0x93, 0x07, 0x54, 0xfd, 0xb5, 0xf7, 0x49,
-        0x30, 0x6c, 0x2c, 0xfa, 0x6e, 0x39, 0x89, 0x25,
-        0xc3, 0x46, 0xd9, 0xd5, 0x72, 0x92, 0x4b, 0x15,
-        0x3b, 0x76, 0x73, 0xb7, 0xa5, 0x02, 0x21, 0x40,
-        0x26, 0x4f, 0xd5, 0xa0, 0xab, 0xe0, 0x0b, 0x5d,
-        0x85, 0xc6, 0x86, 0xf2, 0x96, 0xfb, 0xc4, 0x9d,
-        0xd3, 0x15, 0x5a, 0xd2, 0xf7, 0x48, 0x25, 0x55,
-        0x06, 0x90, 0x9b, 0x35, 0x5c, 0x70, 0x60, 0xdd,
-        0xed, 0x4d, 0xd2, 0xfa, 0x21, 0xc7, 0xbf, 0x68,
-        0x12, 0x51, 0xe7, 0xd6, 0x32, 0x89, 0xe1, 0x5f,
-        0x85, 0x85, 0x4a, 0x25, 0xb4, 0xfb, 0x08, 0x5e,
-        0xf0, 0x3a, 0x03, 0xcd, 0x05, 0x0f, 0x4f, 0x50,
-        0x21, 0xd1, 0x12, 0xf3, 0x29, 0x1a, 0x9f, 0xd6,
-        0x0a, 0xd0, 0x1e, 0x0b, 0x57, 0x97, 0xe7, 0x8d,
-        0x9b, 0x94, 0xbe, 0xfe, 0x97, 0x46, 0xd7, 0x54,
-        0xe6, 0xce, 0x41, 0xda, 0x34, 0xc5, 0x7d, 0xa3,
-        0xd7, 0xde, 0xda, 0x6b, 0x23, 0x30, 0x82, 0xc4,
-        0x13, 0x76, 0x14, 0xe9, 0x64, 0xff, 0xf0, 0xe3,
-        0x84, 0x72, 0xe3, 0x6e, 0x49, 0x5f, 0x54, 0xe2,
-        0xd2, 0x37, 0x1a, 0x75, 0x81, 0xb6, 0x94, 0xcb,
-        0x26, 0x3d, 0xdf, 0x80, 0xbd, 0xd4, 0x3f, 0x63,
-        0x83, 0x57, 0x8b, 0x5e, 0x18, 0x24, 0x4a, 0x69,
-        0xca, 0xc9, 0xcd, 0xab, 0xea, 0x3d, 0x05, 0x71,
-        0x8f, 0x5c, 0x23, 0xb1, 0xd4, 0xce, 0x66, 0x84,
-        0x45, 0x75, 0x97, 0xd0, 0x12, 0x84, 0xb3, 0x8b,
-        0x9d, 0x3e, 0xb1, 0xeb, 0xa4, 0xf5, 0xbe, 0xff,
-        0x99, 0x0b, 0xb7, 0x49, 0xf0, 0x96, 0xa3, 0x0f,
-        0x1b, 0xde, 0x72, 0x4a, 0xde, 0x37, 0x89, 0xde,
-        0x5e, 0xf1, 0x83, 0xa6, 0x01, 0x63, 0xe2, 0x8f,
-        0x15, 0x84, 0x50, 0x09, 0x84, 0xca, 0x51, 0x53,
-        0x55, 0x5c, 0x38, 0xc6, 0x16, 0x49, 0x68, 0x3a,
-        0x72, 0x79, 0x21, 0xff, 0xcc, 0xe3, 0x00, 0x7c,
-        0x26, 0x77, 0x83, 0xbd, 0xdb, 0xdb, 0x9d, 0xe4,
-        0x88, 0x80, 0xc4, 0xe8, 0x45, 0x2d, 0xab, 0x29,
-        0xe7, 0xc4, 0xf8, 0xd1, 0xd5, 0xdf, 0xd3, 0x03,
-        0xa9, 0x08, 0xb1, 0xce, 0x08, 0xbe, 0x0b, 0x9f,
-        0xae, 0x98, 0x89, 0x4d, 0xcb, 0x26, 0x92, 0xd0,
-        0xb3, 0x2f, 0xa3, 0x9d, 0xa9, 0x8b, 0xd4, 0xff,
-        0x0e, 0xa1, 0x0f, 0x0b, 0x43, 0x8a, 0x49, 0x71,
-        0xa7, 0xfc, 0x47, 0x18, 0x2f, 0xbe, 0x52, 0xd6,
-        0xde, 0x71, 0xfe, 0xe3, 0xe8, 0x24, 0xa3, 0x9f,
-        0x19, 0xc2, 0x7f, 0x51, 0xae, 0xc6, 0xd9, 0x2b,
-        0xc7, 0xf8, 0xb8, 0xf0, 0x71, 0x84, 0x7b, 0xca
-#endif
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ct[] = {
+        0xc8, 0x39, 0x10, 0x85, 0xb8, 0xd3, 0xea, 0x97,
+        0x94, 0x21, 0x25, 0x41, 0xb2, 0x91, 0x4f, 0x08,
+        0x96, 0x4d, 0x33, 0x52, 0x1d, 0x3f, 0x67, 0xad,
+        0x66, 0x09, 0x6e, 0xbf, 0xb1, 0xf7, 0x06, 0x42,
+        0x4b, 0x49, 0x55, 0x8f, 0x75, 0x5b, 0x56, 0x25,
+        0xba, 0xe2, 0x36, 0xf2, 0xe0, 0x07, 0x96, 0x01,
+        0xc7, 0x66, 0xf7, 0xd9, 0x60, 0x80, 0x8f, 0x7e,
+        0x2b, 0xb0, 0xc7, 0xa5, 0xe0, 0x66, 0xed, 0x34,
+        0x6d, 0xe6, 0x28, 0xf8, 0xc5, 0x7e, 0xeb, 0xab,
+        0xbb, 0x0c, 0x22, 0xd9, 0x11, 0x54, 0x84, 0x63,
+        0x69, 0x3e, 0xf3, 0xce, 0x52, 0xa5, 0x3f, 0x7f,
+        0xf4, 0x15, 0xf0, 0x0e, 0x65, 0x7a, 0xe1, 0xc5,
+        0xa4, 0x8f, 0xa5, 0xec, 0x6e, 0x4b, 0xe5, 0xcf,
+        0x46, 0x2d, 0xaf, 0xfc, 0x84, 0xd2, 0xf6, 0xd5,
+        0xff, 0x55, 0xdc, 0x9b, 0xbe, 0x8b, 0xb0, 0xd7,
+        0x25, 0xec, 0x64, 0xfd, 0x4c, 0xd4, 0xbd, 0x8d,
+        0xba, 0x0a, 0x84, 0x4e, 0x8b, 0x5c, 0xe4, 0xb6,
+        0xa2, 0x89, 0x34, 0xd7, 0xf7, 0xa0, 0x50, 0x99,
+        0x1f, 0xe1, 0x85, 0xb5, 0x06, 0xb4, 0x51, 0xda,
+        0xbf, 0xad, 0x52, 0xd5, 0x2c, 0xb2, 0x11, 0x4c,
+        0xa7, 0xd9, 0xa5, 0xcf, 0x98, 0x6c, 0x8f, 0xdc,
+        0x1b, 0xc1, 0x0e, 0xc0, 0xc1, 0x86, 0x9e, 0x50,
+        0xc0, 0x3c, 0x55, 0xa7, 0x61, 0x92, 0xa1, 0x04,
+        0x9a, 0xca, 0x63, 0x6b, 0xa9, 0x02, 0x0b, 0xda,
+        0xa8, 0xd0, 0xf5, 0x8c, 0x76, 0x3b, 0x0b, 0x89,
+        0x84, 0x5c, 0xa0, 0x6d, 0x4c, 0x4d, 0xdc, 0x21,
+        0x43, 0x3e, 0x16, 0xb9, 0xc6, 0x2e, 0x44, 0x87,
+        0x1f, 0xdb, 0xc0, 0x5b, 0xa2, 0x18, 0xaf, 0x87,
+        0x1f, 0xdd, 0x7d, 0xcf, 0xa4, 0x64, 0xe6, 0x0f,
+        0xaa, 0x52, 0x65, 0x26, 0x4c, 0xe1, 0x39, 0x1b,
+        0xd9, 0xa8, 0xc5, 0xfa, 0xa7, 0x62, 0x6d, 0x5f,
+        0x15, 0x9b, 0x98, 0x05, 0xb9, 0x75, 0x71, 0x0a,
+        0x35, 0x03, 0xa0, 0xb8, 0x58, 0xa1, 0x1c, 0x6a,
+        0x64, 0x7c, 0xc0, 0xe1, 0x9a, 0xc8, 0x8b, 0x1b,
+        0xe9, 0x05, 0x6c, 0x95, 0xb4, 0xd2, 0x08, 0x7d,
+        0x09, 0x51, 0xd1, 0xd2, 0xf4, 0x99, 0x24, 0x91,
+        0x11, 0x7e, 0x63, 0x47, 0x79, 0x4b, 0xa5, 0x45,
+        0x71, 0xec, 0x49, 0xbb, 0xa7, 0x1a, 0xf3, 0x41,
+        0x3d, 0x38, 0xa3, 0x0b, 0xf5, 0x87, 0x22, 0x48,
+        0xd1, 0xf6, 0xd0, 0x7c, 0x86, 0xba, 0xf7, 0x82,
+        0xe7, 0x3d, 0x26, 0x37, 0xf0, 0x43, 0xd3, 0x41,
+        0xa0, 0x09, 0x21, 0x85, 0x7d, 0x8b, 0x21, 0xdd,
+        0xf3, 0xe1, 0xd6, 0x31, 0x00, 0x36, 0xed, 0x27,
+        0xaf, 0x49, 0xe5, 0xde, 0x1b, 0x90, 0x0f, 0xe4,
+        0xde, 0x79, 0x80, 0x8f, 0xf2, 0x9f, 0x95, 0x70,
+        0x85, 0x96, 0x12, 0xb1, 0x5a, 0xdc, 0x01, 0xfb,
+        0xb2, 0x65, 0xb3, 0x05, 0xb1, 0xe3, 0xa1, 0x2a,
+        0xe4, 0x19, 0xda, 0x5b, 0x74, 0x26, 0x1f, 0xa2,
+        0x84, 0xc1, 0x01, 0xda, 0x3d, 0x8d, 0xca, 0x8b,
+        0x2e, 0x45, 0x21, 0xac, 0xa5, 0x71, 0xef, 0x44,
+        0xa0, 0x58, 0xe8, 0x44, 0xff, 0x32, 0xb1, 0x6d,
+        0x5a, 0xae, 0xa0, 0x5f, 0x7f, 0x3a, 0xf8, 0xe2,
+        0xab, 0x16, 0x22, 0x2e, 0x34, 0x76, 0x62, 0xed,
+        0xdf, 0xb8, 0x91, 0xd0, 0xec, 0xc2, 0xa5, 0x5c,
+        0x56, 0x38, 0xf9, 0xdd, 0xe9, 0x2d, 0x9a, 0x3d,
+        0x54, 0x4a, 0x5f, 0x90, 0x1a, 0xc5, 0x01, 0xac,
+        0xd1, 0xea, 0x6a, 0x01, 0x02, 0x01, 0xfc, 0xb1,
+        0x0a, 0xd7, 0x02, 0xc4, 0x25, 0xa9, 0x4b, 0xdf,
+        0x58, 0x90, 0xd5, 0x00, 0xa2, 0xa1, 0x47, 0xee,
+        0xe1, 0xd1, 0xfc, 0xba, 0x8c, 0x3a, 0xbe, 0x7c,
+        0x2d, 0xfe, 0x70, 0xf3, 0x46, 0xf0, 0x33, 0xd8,
+        0x16, 0xa0, 0xb2, 0x79, 0x1b, 0x4f, 0x0b, 0x2d,
+        0x95, 0x6d, 0x9e, 0xe5, 0x97, 0x17, 0x15, 0x39,
+        0x9a, 0x56, 0x88, 0x30, 0x24, 0x95, 0xe2, 0xe0,
+        0x7c, 0x1c, 0x8c, 0x01, 0x52, 0x71, 0x84, 0xbc,
+        0xd0, 0xc2, 0x08, 0xbc, 0x15, 0x9f, 0x2e, 0x13,
+        0x31, 0x8c, 0x0b, 0xb3, 0xdd, 0x24, 0xa6, 0xa7,
+        0xfc, 0x84, 0x9f, 0x83, 0x38, 0x5e, 0xd4, 0xdb,
+        0xa0, 0x7f, 0xe1, 0xd7, 0xbd, 0x56, 0x40, 0xcc,
+        0x9e, 0xd5, 0xcc, 0xfd, 0xd6, 0x87, 0x63, 0xcb,
+        0x0d, 0x0e, 0xdf, 0x61, 0xb2, 0x92, 0x17, 0x7f,
+        0xc1, 0xd2, 0xd3, 0xc1, 0x1d, 0xd0, 0x49, 0x50,
+        0x56, 0xbc, 0xb1, 0x25, 0x58, 0xae, 0xbc, 0xfd,
+        0xde, 0xf9, 0xfe, 0xb4, 0xae, 0xbc, 0x57, 0xaf,
+        0xd9, 0x02, 0x3c, 0x65, 0xcf, 0xe6, 0x5a, 0x24,
+        0xe3, 0x3f, 0x1b, 0x00, 0x11, 0x1e, 0x92, 0xe6,
+        0x3e, 0x01, 0x1e, 0xaf, 0x0b, 0x21, 0x2c, 0xf9,
+        0x57, 0x43, 0xcd, 0x07, 0xf5, 0x18, 0x9e, 0xce,
+        0x1f, 0x20, 0x5b, 0x7f, 0x6f, 0xcb, 0x2e, 0x6b,
+        0x19, 0x61, 0xb5, 0x40, 0x4c, 0xeb, 0xe4, 0x7c,
+        0x8c, 0xd1, 0x3b, 0x85, 0x99, 0xd5, 0xb4, 0x9e,
+        0x6d, 0x87, 0xee, 0xda, 0x36, 0xe9, 0xb8, 0xfc,
+        0x4c, 0x00, 0x63, 0x58, 0x96, 0xaa, 0x2b, 0x75,
+        0x89, 0x6e, 0x33, 0x6d, 0x1b, 0x61, 0x2e, 0xe1,
+        0x3d, 0xb8, 0x11, 0xe1, 0xf0, 0x7e, 0x61, 0x74,
+        0x8d, 0x92, 0x0f, 0x48, 0x65, 0xf3, 0xf1, 0x17,
+        0x41, 0x39, 0x9d, 0xc6, 0x16, 0x2c, 0x91, 0xca,
+        0x16, 0x8a, 0x02, 0x32, 0x9d, 0xff, 0x82, 0x1d,
+        0x58, 0x19, 0x87, 0x12, 0xdd, 0x55, 0x8a, 0xbb,
+        0x09, 0x9b, 0x3a, 0x0b, 0xaf, 0x9d, 0xa1, 0xb7,
+        0x30, 0xb2, 0xaa, 0x73, 0xbc, 0xf5, 0x8d, 0x74,
+        0xf3, 0x57, 0xb0, 0x6f, 0x72, 0x11, 0xc8, 0x04,
+        0xb6, 0xc8, 0xaf, 0x16, 0xff, 0x35, 0x09, 0xfa,
+        0xd1, 0xd3, 0x5b, 0x14, 0xbf, 0xdc, 0xed, 0x7d,
+        0xb8, 0xa6, 0xa2, 0x5c, 0x48, 0xe5, 0x95, 0x64,
+        0x80, 0x72, 0x4d, 0xaa, 0x05, 0x7c, 0xd6, 0x60,
+        0xb6, 0x7e, 0xe3, 0xe4, 0x72, 0x57, 0x41, 0x82,
+        0x67, 0x9d, 0x48, 0x58, 0x38, 0xa6, 0x47, 0x6e,
+        0xac, 0x02, 0x14, 0x10, 0x75, 0xc8, 0x12, 0xaf,
+        0x79, 0x67, 0xba, 0x7c, 0x91, 0x85, 0xcc, 0x2a,
+        0xbd, 0x2a, 0x45, 0x45, 0xb8, 0x0f, 0x3d, 0x31,
+        0x04, 0xd5, 0x8d, 0x65, 0x4a, 0x57, 0x79, 0x2d,
+        0xcf, 0xab, 0xbe, 0x9c, 0x07, 0x15, 0xe8, 0xde,
+        0x2e, 0xf8, 0x1e, 0xf4, 0x04, 0xc8, 0x16, 0x8f,
+        0xd7, 0xa4, 0x3e, 0xfa, 0xb3, 0xd4, 0x48, 0xe6,
+        0x86, 0xa0, 0x88, 0xef, 0xd2, 0x6a, 0x26, 0x15,
+        0x99, 0x48, 0x92, 0x67, 0x23, 0xd7, 0xec, 0xcc,
+        0x39, 0xe3, 0xc1, 0xb7, 0x19, 0xcf, 0x8b, 0xec,
+        0xb7, 0xbe, 0x7e, 0x96, 0x4f, 0x22, 0xcd, 0x8c,
+        0xb1, 0xb7, 0xe2, 0x5e, 0x80, 0x0e, 0xa9, 0x7d,
+        0x60, 0xa6, 0x4c, 0xc0, 0xbb, 0xd9, 0xcb, 0x40,
+        0x7a, 0x3a, 0xb9, 0xf8, 0x8f, 0x5e, 0x29, 0x16,
+        0x9e, 0xea, 0xfd, 0x4e, 0x03, 0x22, 0xfd, 0xe6,
+        0x59, 0x0a, 0xe0, 0x93, 0xce, 0x8f, 0xee, 0xae,
+        0x98, 0xb6, 0x22, 0xca, 0xa7, 0x55, 0x6f, 0xf4,
+        0x26, 0xc9, 0xe7, 0xa4, 0x04, 0xce, 0x69, 0x35,
+        0x58, 0x30, 0xa7, 0xa6, 0x77, 0x67, 0xa7, 0x6c,
+        0x7d, 0x9a, 0x97, 0xb8, 0x4b, 0xfc, 0xf5, 0x0a,
+        0x02, 0xf7, 0x5c, 0x23, 0x5d, 0x2f, 0x9c, 0x67,
+        0x11, 0x38, 0x04, 0x9f, 0xfc, 0x7c, 0x80, 0x55,
+        0x92, 0x6c, 0x03, 0xeb, 0x3f, 0xb8, 0x7f, 0x96,
+        0x95, 0x18, 0x5a, 0x42, 0xec, 0xa9, 0xa4, 0x16,
+        0x55, 0x87, 0x3d, 0x30, 0xa6, 0xb3, 0xbf, 0x42,
+        0x8b, 0x24, 0x62, 0x23, 0x48, 0x4a, 0x8f, 0xf6,
+        0x1e, 0xe3, 0xee, 0xaf, 0xff, 0x10, 0xe9, 0x9c,
+        0x2c, 0x13, 0xa7, 0x62, 0x84, 0xd0, 0x63, 0xe5,
+        0x6a, 0xb7, 0x11, 0xa3, 0x5a, 0x85, 0xb5, 0x38,
+        0x3d, 0xf8, 0x1d, 0xa2, 0x34, 0x90, 0xf6, 0x6e,
+        0x8e, 0xa3, 0xfc, 0xba, 0x06, 0x7f, 0x55, 0x30,
+        0xc6, 0x54, 0x1c, 0x2b, 0x8f, 0x74, 0x71, 0x7c,
+        0x35, 0x02, 0x3e, 0x7b, 0x9b, 0x39, 0x56, 0xc3,
+        0xee, 0x2f, 0xf8, 0x4b, 0xa0, 0x3c, 0xcf, 0x4b,
+        0x4b, 0x53, 0x21, 0xb9, 0x24, 0x08, 0x95, 0x48,
+        0x1b, 0xc6, 0xd6, 0x3c, 0x16, 0x93, 0xc1, 0x84,
+        0x78, 0x52, 0xf8, 0xe9, 0x7f, 0x50, 0xa1, 0x33,
+        0x53, 0x2a, 0xc3, 0xee, 0x1e, 0x52, 0xd4, 0x64
+    };
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = {
-#ifndef WOLFSSL_ML_KEM
         0x91, 0x4C, 0xB6, 0x7F, 0xE5, 0xC3, 0x8E, 0x73,
         0xBF, 0x74, 0x18, 0x1C, 0x0A, 0xC5, 0x04, 0x28,
         0xDE, 0xDF, 0x77, 0x50, 0xA9, 0x80, 0x58, 0xF7,
         0xD5, 0x36, 0x70, 0x87, 0x74, 0x53, 0x5B, 0x29
-#else
-        0x72, 0x9f, 0xa0, 0x6a, 0xc9, 0x3c, 0x5e, 0xfd,
-        0xfb, 0xf1, 0x27, 0x2a, 0x96, 0xce, 0xf1, 0x67,
-        0xa3, 0x93, 0x94, 0x7a, 0xb7, 0xdc, 0x2d, 0x11,
-        0xed, 0x7d, 0xe8, 0xac, 0x3c, 0x94, 0x7f, 0xa8
-#endif
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ss[] = {
+        0xe7, 0x18, 0x4a, 0x09, 0x75, 0xee, 0x34, 0x70,
+        0x87, 0x8d, 0x2d, 0x15, 0x9e, 0xc8, 0x31, 0x29,
+        0xc8, 0xae, 0xc2, 0x53, 0xd4, 0xee, 0x17, 0xb4,
+        0x81, 0x03, 0x11, 0xd1, 0x98, 0xcd, 0x03, 0x68
+    };
+#endif
 
 #ifdef WOLFSSL_SMALL_STACK
-    key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
+    key = (MlKemKey *)XMALLOC(sizeof(MlKemKey), HEAP_HINT,
                               DYNAMIC_TYPE_TMP_BUFFER);
-    priv = (byte *)XMALLOC(KYBER768_PRIVATE_KEY_SIZE, HEAP_HINT,
+    if (key == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+    priv = (byte *)XMALLOC(WC_ML_KEM_768_PRIVATE_KEY_SIZE, HEAP_HINT,
                               DYNAMIC_TYPE_TMP_BUFFER);
-    pub = (byte *)XMALLOC(KYBER768_PUBLIC_KEY_SIZE, HEAP_HINT,
+    pub = (byte *)XMALLOC(WC_ML_KEM_768_PUBLIC_KEY_SIZE, HEAP_HINT,
                               DYNAMIC_TYPE_TMP_BUFFER);
-    ct = (byte *)XMALLOC(KYBER768_CIPHER_TEXT_SIZE, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-    ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-    ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-
-    if (! (key && priv && pub && ct && ss && ss_dec))
+    if (priv == NULL || pub == NULL)
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
+    ct = (byte *)XMALLOC(WC_ML_KEM_768_CIPHER_TEXT_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    ss = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ct == NULL || ss == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+    ss_dec = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ss_dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#endif
 
+#ifdef WOLFSSL_MLKEM_KYBER
     ret = wc_KyberKey_Init(KYBER768, key, HEAP_HINT, INVALID_DEVID);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     else
         key_inited = 1;
 
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand,
         sizeof(kyber768_rand));
     if (ret != 0)
@@ -39205,7 +41365,16 @@ static wc_test_ret_t kyber768_kat(void)
 
     if (XMEMCMP(priv, kyber768_sk, sizeof(kyber768_sk)) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber768_rand;
+    (void)kyber768_pk;
+    ret = wc_KyberKey_DecodePrivateKey(key, kyber768_sk,
+        KYBER768_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
 
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
         sizeof(kyber768enc_rand));
     if (ret != 0)
@@ -39216,50 +41385,142 @@ static wc_test_ret_t kyber768_kat(void)
 
     if (XMEMCMP(ss, kyber768_ss, sizeof(kyber768_ss)) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber768enc_rand;
+#endif
 
-    ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber768_ct));
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+    ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber768_ct,
+        sizeof(kyber768_ct));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber768_ct;
+    (void)kyber768_ss;
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    ret = wc_MlKemKey_Init(key, WC_ML_KEM_768, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        key_inited = 1;
+
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+    ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber768_rand,
+        sizeof(kyber768_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_MlKemKey_EncodePublicKey(key, pub, WC_ML_KEM_768_PUBLIC_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_MlKemKey_EncodePrivateKey(key, priv,
+        WC_ML_KEM_768_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(pub, ml_kem_768_pk, sizeof(ml_kem_768_pk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(priv, ml_kem_768_sk, sizeof(ml_kem_768_sk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber768_rand;
+    (void)ml_kem_768_pk;
+    ret = wc_MlKemKey_DecodePrivateKey(key, ml_kem_768_sk,
+        WC_ML_KEM_768_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
+    ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
+        sizeof(kyber768enc_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ct, ml_kem_768_ct, sizeof(ml_kem_768_ct)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(ss, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber768enc_rand;
+#endif
+
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+    ret = wc_MlKemKey_Decapsulate(key, ss_dec, ml_kem_768_ct,
+        sizeof(ml_kem_768_ct));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ss_dec, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)ml_kem_768_ct;
+    (void)ml_kem_768_ss;
+#endif
+#endif
 
 out:
 
     if (key_inited)
-        wc_KyberKey_Free(key);
+        wc_MlKemKey_Free(key);
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
     XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 #endif
 
     return ret;
 }
-#endif /* WOLFSSL_KYBER768 */
+#endif /* !WOLFSSL_NO_KYBER768 && !WOLFSSL_NO_ML_KEM_768 */
 
-#ifdef WOLFSSL_KYBER1024
-static wc_test_ret_t kyber1024_kat(void)
+#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024)
+static wc_test_ret_t mlkem1024_kat(void)
 {
     wc_test_ret_t ret;
 #ifdef WOLFSSL_SMALL_STACK
-    KyberKey *key = NULL;
+    MlKemKey *key = NULL;
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     byte *priv = NULL;
     byte *pub = NULL;
+#endif
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     byte *ct = NULL;
     byte *ss = NULL;
+#endif
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
     byte *ss_dec = NULL;
+#endif
 #else
-    KyberKey key[1];
-    byte priv[KYBER1024_PRIVATE_KEY_SIZE];
-    byte pub[KYBER1024_PUBLIC_KEY_SIZE];
-    byte ct[KYBER1024_CIPHER_TEXT_SIZE];
-    byte ss[KYBER_SS_SZ];
-    byte ss_dec[KYBER_SS_SZ];
+    MlKemKey key[1];
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+    byte priv[WC_ML_KEM_1024_PRIVATE_KEY_SIZE];
+    byte pub[WC_ML_KEM_1024_PUBLIC_KEY_SIZE];
+#endif
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
+    byte ct[WC_ML_KEM_1024_CIPHER_TEXT_SIZE];
+    byte ss[WC_ML_KEM_SS_SZ];
+#endif
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+    byte ss_dec[WC_ML_KEM_SS_SZ];
+#endif
 #endif
     int key_inited = 0;
     WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_rand[] = {
@@ -39278,6 +41539,7 @@ static wc_test_ret_t kyber1024_kat(void)
         0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
         0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
     };
+#ifdef WOLFSSL_MLKEM_KYBER
     WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = {
         0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC,
         0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB,
@@ -39476,6 +41738,208 @@ static wc_test_ret_t kyber1024_kat(void)
         0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
         0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_pk[] = {
+        0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48,
+        0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0,
+        0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
+        0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4,
+        0x64, 0x60, 0xc3, 0x18, 0x3d, 0x2b, 0xcd, 0x6d,
+        0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
+        0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2,
+        0x3a, 0x3e, 0x8c, 0x33, 0x0d, 0x74, 0x21, 0x59,
+        0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
+        0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75,
+        0x34, 0x99, 0xc0, 0x45, 0x2e, 0x45, 0x38, 0x15,
+        0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
+        0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27,
+        0xb3, 0x8c, 0x67, 0x45, 0xf2, 0x94, 0x40, 0x16,
+        0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
+        0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05,
+        0x0f, 0xfa, 0x8a, 0x06, 0xfa, 0x15, 0x4a, 0x49,
+        0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
+        0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2,
+        0xc4, 0xb6, 0x20, 0x1d, 0xda, 0x80, 0xc9, 0xab,
+        0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
+        0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2,
+        0x69, 0x3f, 0x31, 0x97, 0x39, 0xf4, 0x0c, 0x4f,
+        0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
+        0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5,
+        0x6a, 0xc7, 0x46, 0x80, 0x1a, 0xcc, 0xcc, 0x84,
+        0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
+        0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66,
+        0x50, 0x48, 0x2c, 0x8d, 0x9d, 0x95, 0x87, 0xbc,
+        0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
+        0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0,
+        0x3a, 0x48, 0xd4, 0xb7, 0x44, 0x25, 0xc2, 0x6e,
+        0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
+        0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82,
+        0x17, 0xd8, 0x68, 0xc7, 0xf5, 0x00, 0x2a, 0xbe,
+        0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
+        0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1,
+        0x0e, 0x08, 0xec, 0xcc, 0xed, 0x3c, 0x1f, 0x7d,
+        0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
+        0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98,
+        0x70, 0x58, 0x5c, 0x39, 0xd5, 0x58, 0x9a, 0x50,
+        0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
+        0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8,
+        0x1b, 0x63, 0x37, 0xb5, 0x7d, 0xa3, 0xc3, 0x76,
+        0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
+        0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71,
+        0x89, 0x6f, 0xf5, 0x89, 0xd4, 0xb8, 0x93, 0xe7,
+        0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
+        0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c,
+        0x74, 0x69, 0x80, 0xc1, 0x2a, 0xa6, 0xb9, 0x5e,
+        0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
+        0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47,
+        0x31, 0x23, 0x82, 0xca, 0x36, 0x5c, 0x5f, 0x35,
+        0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
+        0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c,
+        0x1e, 0x8a, 0x17, 0x6b, 0x79, 0x49, 0x95, 0x8f,
+        0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
+        0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39,
+        0xc8, 0x26, 0xcb, 0x50, 0x82, 0x08, 0x60, 0x77,
+        0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
+        0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30,
+        0x9b, 0x14, 0xb0, 0x86, 0xd6, 0xe9, 0x23, 0xc5,
+        0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
+        0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7,
+        0x2c, 0x9f, 0xda, 0x1c, 0xb3, 0xfb, 0x9b, 0xa0,
+        0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
+        0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56,
+        0x47, 0x8a, 0xc0, 0x44, 0xef, 0x34, 0x56, 0x37,
+        0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
+        0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08,
+        0x05, 0xd2, 0xd3, 0x2f, 0xfc, 0x62, 0xbf, 0x0c,
+        0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
+        0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00,
+        0x62, 0x58, 0x38, 0x65, 0x38, 0x1c, 0x74, 0xdd,
+        0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
+        0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25,
+        0x52, 0xa8, 0xf4, 0xb7, 0x88, 0xb4, 0xaf, 0xd1,
+        0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
+        0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94,
+        0x9a, 0x75, 0x58, 0x0d, 0x04, 0x96, 0x39, 0x85,
+        0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
+        0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56,
+        0xa5, 0xd6, 0x7c, 0x7e, 0xb5, 0x24, 0x10, 0xeb,
+        0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
+        0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26,
+        0x93, 0x8d, 0x34, 0x94, 0x3c, 0x38, 0x08, 0xc7,
+        0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
+        0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3,
+        0x34, 0x0b, 0xaa, 0x8d, 0x2e, 0x65, 0x34, 0x4f,
+        0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
+        0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93,
+        0x27, 0xf9, 0x18, 0x9f, 0x7e, 0x10, 0x85, 0x6b,
+        0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
+        0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7,
+        0x18, 0x50, 0xb2, 0x2e, 0x04, 0x59, 0x28, 0x27,
+        0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
+        0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76,
+        0x2d, 0xc5, 0xf2, 0x0b, 0xd5, 0xd2, 0xab, 0x5b,
+        0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
+        0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a,
+        0x0d, 0x80, 0x23, 0xbe, 0xd1, 0xf5, 0xca, 0xe8,
+        0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
+        0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b,
+        0x6a, 0xa0, 0x48, 0x98, 0x92, 0x33, 0x07, 0x9a,
+        0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
+        0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53,
+        0x75, 0x36, 0xe4, 0x6f, 0x3a, 0x6a, 0x97, 0xe7,
+        0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
+        0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87,
+        0x1f, 0x5e, 0xf9, 0xb4, 0x35, 0x50, 0x73, 0xb5,
+        0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
+        0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13,
+        0xb3, 0x55, 0x07, 0xb0, 0xdf, 0x57, 0x8c, 0xe2,
+        0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
+        0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c,
+        0xaf, 0x92, 0xf6, 0x9a, 0x75, 0x16, 0x14, 0x06,
+        0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
+        0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4,
+        0x9a, 0x81, 0x66, 0x1a, 0xa6, 0x5a, 0xc0, 0x9b,
+        0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
+        0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2,
+        0xbf, 0x0f, 0x84, 0x24, 0xa1, 0x9b, 0x74, 0x08,
+        0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
+        0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12,
+        0x98, 0x61, 0x1a, 0x7f, 0x5f, 0x60, 0x92, 0x2b,
+        0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
+        0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31,
+        0x8b, 0x50, 0x77, 0x33, 0x45, 0xc9, 0x97, 0x46,
+        0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
+        0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5,
+        0x09, 0x8b, 0xd4, 0x89, 0xd6, 0x96, 0xa0, 0xf7,
+        0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
+        0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04,
+        0x72, 0x05, 0x63, 0x32, 0x12, 0x31, 0x0e, 0xe9,
+        0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
+        0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07,
+        0x2e, 0xab, 0xe2, 0x37, 0x31, 0xe3, 0x4a, 0xf7,
+        0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
+        0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b,
+        0xc8, 0x37, 0x57, 0x84, 0x47, 0xaa, 0xcf, 0xae,
+        0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
+        0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6,
+        0x99, 0x77, 0x98, 0x50, 0x29, 0x5c, 0xa7, 0x2d,
+        0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
+        0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5,
+        0x08, 0x17, 0xba, 0x25, 0x5c, 0x74, 0x74, 0xc9,
+        0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
+        0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26,
+        0x5c, 0x04, 0x83, 0xa6, 0x5c, 0xa4, 0x51, 0x4e,
+        0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
+        0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb,
+        0xb2, 0x10, 0x35, 0x3e, 0xfa, 0x1a, 0xa8, 0x66,
+        0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
+        0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76,
+        0x5f, 0xf6, 0x0b, 0x3b, 0x80, 0x19, 0x84, 0xa9,
+        0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
+        0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5,
+        0x82, 0x58, 0xb4, 0xaf, 0x71, 0x22, 0x1c, 0xd1,
+        0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
+        0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc,
+        0xca, 0x70, 0x29, 0xa2, 0x30, 0xd6, 0x39, 0xdc,
+        0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
+        0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7,
+        0xbb, 0x10, 0xe3, 0x03, 0x01, 0xa6, 0x5c, 0xae,
+        0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
+        0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4,
+        0xa0, 0x6c, 0x81, 0x66, 0xd0, 0xb0, 0xb8, 0x12,
+        0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
+        0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c,
+        0x68, 0x53, 0x68, 0x55, 0x23, 0x43, 0xbb, 0x60,
+        0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
+        0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74,
+        0xba, 0x0a, 0x55, 0x1e, 0x18, 0x46, 0x20, 0xfe,
+        0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
+        0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6,
+        0x71, 0xa1, 0x53, 0x76, 0xe5, 0xa6, 0x74, 0x7a,
+        0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
+        0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37,
+        0x78, 0x70, 0xa6, 0x0a, 0x7a, 0x18, 0x96, 0x83,
+        0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
+        0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05,
+        0xc4, 0x2d, 0xd2, 0x86, 0x33, 0x56, 0x94, 0x72,
+        0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
+        0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4,
+        0x6f, 0xa7, 0x22, 0x44, 0x61, 0xa5, 0xcc, 0x27,
+        0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
+        0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8,
+        0xce, 0x91, 0xc1, 0x34, 0xa6, 0x38, 0x6f, 0x86,
+        0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
+        0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b,
+        0x53, 0xd2, 0x29, 0x3d, 0xf3, 0xe9, 0xa8, 0x22,
+        0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
+        0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e,
+        0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38,
+        0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
+        0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb
+    };
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = {
         0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
         0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
@@ -39874,8 +42338,409 @@ static wc_test_ret_t kyber1024_kat(void)
         0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
         0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_sk[] = {
+        0x43, 0x3a, 0x70, 0xee, 0x69, 0x50, 0xf9, 0x88,
+        0x2a, 0xcd, 0xd5, 0xa4, 0x78, 0x20, 0xa6, 0xa8,
+        0x16, 0x37, 0x08, 0xf0, 0x4d, 0x45, 0x7c, 0x77,
+        0x99, 0x79, 0xb8, 0x3f, 0xe1, 0x17, 0x22, 0x47,
+        0x01, 0x49, 0x08, 0x30, 0x38, 0x66, 0x37, 0xda,
+        0x33, 0x2e, 0x74, 0xb1, 0xae, 0xda, 0x0b, 0x2f,
+        0x81, 0xca, 0x4f, 0x9b, 0xb2, 0xc2, 0xb0, 0x2b,
+        0x0c, 0xfd, 0x68, 0x0c, 0x11, 0x48, 0x2f, 0x33,
+        0x5a, 0xcf, 0x7b, 0x91, 0x39, 0xb5, 0xb8, 0x8a,
+        0x34, 0xe3, 0x54, 0x2c, 0x68, 0x61, 0x37, 0x75,
+        0x45, 0x98, 0x33, 0x43, 0xcd, 0x82, 0x94, 0x14,
+        0xe4, 0x78, 0x64, 0x21, 0x2e, 0x78, 0xf8, 0x55,
+        0xf5, 0x23, 0x90, 0x37, 0x9a, 0xcc, 0x3a, 0x62,
+        0x95, 0x31, 0x31, 0xb6, 0x3e, 0xe8, 0x32, 0xad,
+        0xb3, 0xbf, 0x4b, 0xf5, 0x8e, 0x24, 0x73, 0x49,
+        0xb5, 0xe0, 0x97, 0xe5, 0x5a, 0xbe, 0x49, 0x7b,
+        0x15, 0x98, 0x23, 0x73, 0xae, 0x73, 0x2e, 0x04,
+        0x39, 0xac, 0x67, 0xd0, 0x5c, 0x7f, 0x03, 0x7c,
+        0x8a, 0x73, 0x9b, 0x18, 0x14, 0x0e, 0x14, 0x4c,
+        0x85, 0x1d, 0xc9, 0x61, 0x1f, 0x4b, 0xcf, 0x04,
+        0xf3, 0xa2, 0x09, 0x3c, 0x19, 0x7b, 0xd6, 0x3b,
+        0xb5, 0xe6, 0x19, 0x01, 0x00, 0x54, 0x5f, 0xf8,
+        0x1d, 0xb7, 0xfc, 0xcd, 0xdd, 0x9a, 0x32, 0x4b,
+        0x0b, 0xac, 0x3c, 0x2c, 0x23, 0x82, 0x28, 0x40,
+        0x58, 0xf0, 0x8b, 0x96, 0x19, 0x52, 0xc0, 0x94,
+        0x01, 0x9c, 0x10, 0xbe, 0x37, 0xa5, 0x3d, 0x5a,
+        0xc7, 0x94, 0xc0, 0x10, 0xa9, 0xd0, 0x82, 0x1f,
+        0x15, 0x02, 0x7a, 0x1c, 0x41, 0x9c, 0x3c, 0x71,
+        0xc9, 0xa1, 0xd2, 0x8a, 0xed, 0x02, 0x59, 0x7a,
+        0xb7, 0x9b, 0x87, 0x53, 0x94, 0x62, 0x6b, 0xa3,
+        0x9a, 0xdc, 0x09, 0x0c, 0x3a, 0x90, 0xcf, 0x75,
+        0x87, 0x1a, 0x65, 0x27, 0x5e, 0xb1, 0xc5, 0xb0,
+        0x33, 0x72, 0xe1, 0x3a, 0x1a, 0x23, 0xd0, 0xcf,
+        0x93, 0x74, 0x11, 0x1f, 0x80, 0xcc, 0x83, 0xa9,
+        0x05, 0x62, 0x2b, 0x83, 0xfc, 0x51, 0x39, 0x71,
+        0xec, 0x84, 0x19, 0xf0, 0x88, 0x0c, 0x30, 0x67,
+        0x63, 0x36, 0x71, 0xb0, 0x9b, 0x54, 0x56, 0xab,
+        0x60, 0x57, 0x93, 0x6d, 0x19, 0xa4, 0xa2, 0xa2,
+        0x67, 0x91, 0x1b, 0x00, 0x0a, 0x13, 0x95, 0x6f,
+        0xbd, 0x49, 0x38, 0x21, 0xda, 0x07, 0x2c, 0x04,
+        0x64, 0x2b, 0x0c, 0x20, 0xda, 0x6c, 0xc0, 0xd9,
+        0xd8, 0x64, 0xa3, 0x93, 0x65, 0xdf, 0xd6, 0x4f,
+        0x10, 0x18, 0x78, 0x25, 0xfa, 0x33, 0x25, 0x07,
+        0x49, 0xcb, 0xc0, 0xc9, 0x05, 0xd7, 0xb1, 0xff,
+        0x3c, 0xae, 0x24, 0x12, 0xbf, 0x86, 0xb8, 0x1a,
+        0x81, 0x7b, 0x86, 0xba, 0xa3, 0x0e, 0xdf, 0x78,
+        0x62, 0xe5, 0xf6, 0xba, 0xc9, 0x87, 0x26, 0xe5,
+        0x6b, 0x3c, 0xec, 0x60, 0x66, 0x4c, 0xaa, 0x2a,
+        0x7d, 0xf6, 0x70, 0xc5, 0xe2, 0x07, 0xdf, 0xac,
+        0x03, 0x82, 0x4c, 0x89, 0x89, 0x7c, 0xb4, 0x90,
+        0xea, 0xa7, 0x65, 0x21, 0x22, 0x2c, 0x86, 0x20,
+        0x51, 0x69, 0xc9, 0x1c, 0x32, 0x9c, 0x4a, 0x18,
+        0x4d, 0x78, 0x72, 0x1a, 0xf8, 0x36, 0xad, 0x4d,
+        0xb0, 0xca, 0x78, 0x46, 0x4d, 0x41, 0x71, 0x47,
+        0x30, 0x12, 0xb7, 0xd1, 0x83, 0xba, 0xfa, 0x62,
+        0x75, 0x85, 0xc6, 0x4b, 0xe3, 0x80, 0x9d, 0x7e,
+        0x60, 0x04, 0xcb, 0xdc, 0x79, 0xa5, 0x46, 0x0f,
+        0x0a, 0xd6, 0x77, 0xcb, 0x71, 0x65, 0x12, 0x40,
+        0x7d, 0x3a, 0x61, 0x9a, 0xd0, 0x95, 0x43, 0xb7,
+        0x39, 0x54, 0x74, 0x72, 0xa7, 0x06, 0xb3, 0x17,
+        0xa5, 0x09, 0xbe, 0x5d, 0x86, 0x1f, 0xd6, 0x6c,
+        0x7d, 0x0e, 0xd9, 0x4c, 0xd5, 0x00, 0x47, 0x95,
+        0xc1, 0x81, 0x59, 0xe3, 0xa3, 0x3d, 0x79, 0x87,
+        0x11, 0x52, 0x5f, 0x16, 0x35, 0xa6, 0x84, 0x28,
+        0x17, 0x29, 0x23, 0x24, 0x96, 0x35, 0xaa, 0xd0,
+        0x32, 0xb9, 0xe5, 0x66, 0x64, 0xbd, 0xd4, 0x8e,
+        0xd2, 0x4a, 0xc7, 0x5c, 0x64, 0x68, 0xd1, 0x90,
+        0x3e, 0x47, 0x10, 0x86, 0xc5, 0xf1, 0x56, 0x7e,
+        0x83, 0x1a, 0x05, 0x08, 0xc5, 0x39, 0x63, 0x25,
+        0x91, 0xab, 0x57, 0x7d, 0x32, 0x4a, 0x82, 0x42,
+        0x97, 0x25, 0x80, 0x99, 0x50, 0x76, 0x1d, 0x84,
+        0x34, 0x28, 0x8c, 0x14, 0x03, 0x4f, 0x1c, 0x06,
+        0xc1, 0xd0, 0xaa, 0xe0, 0x9a, 0x71, 0xc7, 0x40,
+        0xa5, 0x57, 0x01, 0xc2, 0x8f, 0xf8, 0x44, 0x99,
+        0xf2, 0xbb, 0x18, 0xb6, 0x62, 0x8c, 0xaa, 0xa3,
+        0xfe, 0x75, 0xac, 0x4d, 0xe0, 0x4c, 0x6f, 0x91,
+        0x39, 0x00, 0xd8, 0x6c, 0x88, 0x12, 0x62, 0x52,
+        0xa1, 0x7c, 0x4d, 0x30, 0x39, 0x91, 0xdb, 0x02,
+        0x87, 0x12, 0x08, 0x81, 0xbb, 0x88, 0x47, 0x8a,
+        0xaa, 0x9a, 0xf9, 0xbc, 0x53, 0xd3, 0x72, 0x98,
+        0x43, 0x85, 0x8f, 0xdb, 0x46, 0x48, 0x05, 0x9c,
+        0xac, 0x82, 0xc1, 0xa1, 0x08, 0x78, 0xba, 0x39,
+        0x82, 0x3b, 0x04, 0x1b, 0xd0, 0xe2, 0x58, 0x48,
+        0x7b, 0x56, 0xcc, 0x8a, 0x32, 0x20, 0xc1, 0xa5,
+        0x8b, 0xf6, 0x6a, 0x17, 0x2b, 0x5b, 0x9a, 0x0c,
+        0x63, 0x2d, 0x67, 0x4e, 0xae, 0x88, 0x5a, 0x01,
+        0x5c, 0x4e, 0x37, 0xba, 0x07, 0x36, 0x80, 0xbe,
+        0xde, 0x75, 0x34, 0xf3, 0xe3, 0x4b, 0x60, 0x50,
+        0xc8, 0x6b, 0x21, 0xc3, 0xc0, 0x90, 0x94, 0x1f,
+        0x23, 0xb7, 0xf6, 0x73, 0x1e, 0x2b, 0xda, 0x0e,
+        0x6e, 0xa4, 0x64, 0x67, 0x71, 0xce, 0xc5, 0x72,
+        0xb9, 0x8c, 0xa0, 0xa1, 0x58, 0x91, 0x9a, 0xdb,
+        0xeb, 0x84, 0xce, 0x58, 0x5f, 0xf9, 0xf2, 0x5e,
+        0xbd, 0xda, 0x6c, 0xb6, 0xf0, 0x7a, 0x8f, 0x81,
+        0x12, 0x32, 0x60, 0x7e, 0x72, 0x17, 0xbb, 0x03,
+        0x9b, 0xab, 0xd0, 0xd9, 0x19, 0x34, 0xa8, 0x59,
+        0x40, 0x59, 0xc9, 0x68, 0x77, 0x23, 0xc0, 0x43,
+        0x81, 0xbf, 0xd6, 0x27, 0xa1, 0x05, 0x17, 0xf5,
+        0xf4, 0xbf, 0xc7, 0x77, 0x77, 0xaa, 0x26, 0x71,
+        0xae, 0x12, 0x4f, 0x2b, 0x7a, 0x5f, 0x4d, 0x56,
+        0x14, 0x02, 0x91, 0x97, 0xe6, 0x58, 0x6f, 0xa8,
+        0xc1, 0x7e, 0x0a, 0xd9, 0x07, 0x81, 0xbc, 0x7b,
+        0xb1, 0x9a, 0x77, 0x2d, 0x5a, 0x4e, 0xfe, 0x32,
+        0xca, 0xc8, 0x9b, 0x76, 0xc4, 0x2a, 0x5e, 0xde,
+        0x9b, 0xcc, 0x20, 0xc1, 0x89, 0x8c, 0x08, 0xa5,
+        0xb0, 0xc0, 0x7e, 0x47, 0x8b, 0x1b, 0xbc, 0x22,
+        0x6e, 0xfa, 0xd1, 0x5f, 0x2a, 0xc7, 0x37, 0x51,
+        0x4b, 0x8c, 0x61, 0x49, 0x81, 0x07, 0x79, 0x22,
+        0x24, 0x16, 0x53, 0x7e, 0xd0, 0x0d, 0xae, 0xab,
+        0x17, 0x7e, 0x90, 0x3e, 0xad, 0x6b, 0x4a, 0xc4,
+        0x23, 0x70, 0xaf, 0x1b, 0x1f, 0x50, 0xeb, 0xaf,
+        0xaa, 0x1c, 0x6e, 0x64, 0x7b, 0xba, 0xcc, 0xe7,
+        0x2c, 0x7d, 0x0b, 0x88, 0xae, 0xb0, 0xb0, 0x6f,
+        0xc1, 0xa4, 0x54, 0x57, 0xa9, 0xc1, 0x87, 0x57,
+        0x9b, 0xf1, 0x84, 0x57, 0x9c, 0xc3, 0x51, 0xc4,
+        0x3d, 0xff, 0x94, 0x26, 0x05, 0xaa, 0x56, 0x04,
+        0xfc, 0x85, 0xfc, 0x55, 0x83, 0xf6, 0xf1, 0x49,
+        0x6f, 0xe6, 0x1d, 0x70, 0xd6, 0xcd, 0xe2, 0x32,
+        0x7f, 0xee, 0x71, 0x3d, 0x86, 0xf2, 0x9b, 0x3a,
+        0xfc, 0xbb, 0x54, 0xe9, 0xa9, 0x2a, 0x33, 0xa6,
+        0xc1, 0xea, 0x6f, 0xfa, 0x30, 0x95, 0x66, 0xb0,
+        0x68, 0x62, 0x33, 0xc0, 0xf3, 0xb1, 0xc3, 0x14,
+        0x48, 0x90, 0xe4, 0xf0, 0x82, 0x9a, 0x60, 0x99,
+        0xc5, 0x74, 0x9c, 0xde, 0xc8, 0x43, 0x28, 0xec,
+        0x2c, 0xb6, 0x4a, 0x73, 0x85, 0xa7, 0x61, 0xd6,
+        0x4b, 0x3a, 0x23, 0xc4, 0x89, 0x34, 0x33, 0x43,
+        0xb9, 0x77, 0x23, 0xae, 0x78, 0xc7, 0xd8, 0x05,
+        0x45, 0x8e, 0x16, 0x20, 0xf0, 0x29, 0x28, 0x97,
+        0x69, 0x17, 0x04, 0xcb, 0x76, 0xe3, 0xb0, 0xb2,
+        0x81, 0xa8, 0x3c, 0xf6, 0x44, 0x90, 0x49, 0x8c,
+        0xbc, 0xaf, 0x04, 0x80, 0x24, 0x16, 0xb3, 0x3c,
+        0x56, 0x51, 0x71, 0xd7, 0x72, 0xd3, 0xb9, 0x35,
+        0x40, 0x37, 0x58, 0x76, 0x29, 0xae, 0x14, 0xa5,
+        0xc5, 0x03, 0x1a, 0xc3, 0x66, 0x71, 0xa0, 0xd0,
+        0xc9, 0x1c, 0xc0, 0xb4, 0xcd, 0x69, 0xd8, 0x40,
+        0x2e, 0x33, 0xb9, 0xbc, 0xc2, 0xbb, 0xaf, 0x6b,
+        0x97, 0x1e, 0x30, 0x3f, 0xa1, 0x37, 0xbe, 0x23,
+        0x25, 0x98, 0xa4, 0x99, 0x9b, 0xc0, 0x12, 0x57,
+        0x4c, 0x81, 0x65, 0x1b, 0x38, 0xb3, 0x83, 0x96,
+        0xc1, 0xc3, 0x65, 0x30, 0x3a, 0xd2, 0x5d, 0x49,
+        0xfc, 0x6b, 0x68, 0x99, 0x51, 0xa1, 0xcc, 0x4c,
+        0x60, 0x07, 0x61, 0x30, 0x65, 0x49, 0x5f, 0x97,
+        0x91, 0x0f, 0x97, 0x35, 0xd4, 0xea, 0x4e, 0x44,
+        0x2a, 0xcb, 0x2f, 0xab, 0xae, 0xcf, 0xe1, 0xad,
+        0xef, 0x06, 0x67, 0xba, 0x42, 0x2c, 0x95, 0x4a,
+        0x05, 0xd1, 0xb6, 0x16, 0x7a, 0x26, 0x3e, 0x12,
+        0x75, 0xc6, 0xad, 0xa8, 0x38, 0x59, 0x65, 0x30,
+        0x4b, 0x30, 0x32, 0x40, 0x40, 0x54, 0x2c, 0xf5,
+        0xa4, 0x51, 0xbc, 0xaf, 0xc7, 0x47, 0x88, 0xbe,
+        0x3b, 0x9b, 0x9f, 0xcc, 0x45, 0xd4, 0x79, 0x0e,
+        0x2d, 0x73, 0x35, 0xc6, 0x0a, 0x14, 0xf0, 0xa4,
+        0x9d, 0x13, 0x05, 0x3f, 0x26, 0x26, 0xa6, 0x27,
+        0xca, 0x19, 0x55, 0x3c, 0xb3, 0x36, 0xa2, 0xcb,
+        0x4a, 0x45, 0x5d, 0x8e, 0xf3, 0x98, 0x94, 0x91,
+        0x47, 0x2b, 0xa0, 0x05, 0x1e, 0xf7, 0x41, 0x6e,
+        0x0b, 0xbf, 0x1a, 0x61, 0x08, 0xfa, 0x07, 0xc1,
+        0x61, 0x54, 0x8e, 0x7c, 0x62, 0x33, 0x1a, 0xe5,
+        0xa2, 0xb4, 0xe4, 0xa1, 0x08, 0xa5, 0x10, 0x93,
+        0xd3, 0x15, 0x08, 0x21, 0xa2, 0xfb, 0x54, 0x71,
+        0x70, 0xa1, 0xb7, 0x3c, 0x43, 0xc5, 0x50, 0xc6,
+        0x55, 0x7a, 0x40, 0x48, 0xa5, 0x8a, 0x2c, 0xd7,
+        0x7a, 0x24, 0x42, 0x34, 0xb2, 0x23, 0x51, 0x75,
+        0xa0, 0x89, 0x7d, 0x50, 0x61, 0xb4, 0x61, 0x34,
+        0x82, 0xdc, 0x13, 0x64, 0x14, 0x04, 0x8c, 0x11,
+        0xdb, 0x37, 0xea, 0xe0, 0xa5, 0xdf, 0x87, 0xc1,
+        0x93, 0x14, 0xb0, 0xe8, 0x23, 0x97, 0xa0, 0xd3,
+        0x38, 0xdc, 0x21, 0x53, 0x8a, 0xf3, 0x61, 0x49,
+        0xd9, 0x3f, 0x8b, 0x1a, 0x11, 0xc5, 0x3b, 0xb5,
+        0xde, 0xf8, 0xb7, 0xa2, 0xcc, 0xa3, 0x36, 0x2b,
+        0x7f, 0xe3, 0xa1, 0x40, 0x8a, 0x25, 0x47, 0xe2,
+        0x09, 0x05, 0x8c, 0x67, 0x3a, 0x75, 0x66, 0xc2,
+        0x61, 0x23, 0xa6, 0xd8, 0xb6, 0x92, 0xa5, 0xf3,
+        0x3e, 0xbd, 0xcb, 0x26, 0x24, 0xb7, 0x9d, 0x87,
+        0x7b, 0xce, 0x5f, 0xa1, 0x4e, 0x42, 0xe8, 0x3f,
+        0xaa, 0xd8, 0x2e, 0x99, 0x00, 0x55, 0x3a, 0x3c,
+        0x60, 0x45, 0xca, 0x32, 0x9f, 0xea, 0x4a, 0x50,
+        0x65, 0x58, 0xc4, 0x91, 0xb6, 0xa6, 0x16, 0xc6,
+        0xfd, 0x40, 0x0b, 0x42, 0x13, 0x6f, 0x44, 0xcb,
+        0x0d, 0x02, 0x57, 0x65, 0x08, 0x19, 0x01, 0x8d,
+        0x3c, 0x56, 0x8e, 0xf6, 0xc6, 0x0c, 0x6c, 0x40,
+        0x9e, 0x70, 0xa8, 0x29, 0x28, 0x71, 0x08, 0xc1,
+        0xb6, 0xa4, 0xd3, 0x2f, 0x76, 0xe5, 0xcc, 0x4d,
+        0x10, 0x4b, 0x02, 0x43, 0x8e, 0xf7, 0xa4, 0x67,
+        0x91, 0x23, 0x98, 0xea, 0x9c, 0x7c, 0xbd, 0x99,
+        0x81, 0x58, 0x9a, 0x34, 0x18, 0x97, 0x68, 0x7b,
+        0x51, 0x6a, 0x13, 0x30, 0x7d, 0x66, 0xc0, 0x68,
+        0xc4, 0x44, 0xb4, 0xb9, 0x49, 0xa1, 0x74, 0x12,
+        0x41, 0x33, 0x15, 0xcc, 0xf4, 0x9b, 0x99, 0x98,
+        0x00, 0x34, 0xb5, 0xb8, 0xcf, 0xde, 0xc4, 0xa6,
+        0x0b, 0x9c, 0x1e, 0x74, 0x55, 0xaa, 0xfb, 0xf3,
+        0xa7, 0x57, 0x34, 0x69, 0x90, 0xcc, 0x32, 0xb0,
+        0x59, 0x9b, 0xa2, 0x17, 0xa6, 0xc5, 0xfc, 0x39,
+        0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48,
+        0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0,
+        0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
+        0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4,
+        0x64, 0x60, 0xc3, 0x18, 0x3d, 0x2b, 0xcd, 0x6d,
+        0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
+        0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2,
+        0x3a, 0x3e, 0x8c, 0x33, 0x0d, 0x74, 0x21, 0x59,
+        0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
+        0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75,
+        0x34, 0x99, 0xc0, 0x45, 0x2e, 0x45, 0x38, 0x15,
+        0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
+        0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27,
+        0xb3, 0x8c, 0x67, 0x45, 0xf2, 0x94, 0x40, 0x16,
+        0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
+        0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05,
+        0x0f, 0xfa, 0x8a, 0x06, 0xfa, 0x15, 0x4a, 0x49,
+        0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
+        0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2,
+        0xc4, 0xb6, 0x20, 0x1d, 0xda, 0x80, 0xc9, 0xab,
+        0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
+        0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2,
+        0x69, 0x3f, 0x31, 0x97, 0x39, 0xf4, 0x0c, 0x4f,
+        0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
+        0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5,
+        0x6a, 0xc7, 0x46, 0x80, 0x1a, 0xcc, 0xcc, 0x84,
+        0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
+        0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66,
+        0x50, 0x48, 0x2c, 0x8d, 0x9d, 0x95, 0x87, 0xbc,
+        0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
+        0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0,
+        0x3a, 0x48, 0xd4, 0xb7, 0x44, 0x25, 0xc2, 0x6e,
+        0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
+        0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82,
+        0x17, 0xd8, 0x68, 0xc7, 0xf5, 0x00, 0x2a, 0xbe,
+        0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
+        0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1,
+        0x0e, 0x08, 0xec, 0xcc, 0xed, 0x3c, 0x1f, 0x7d,
+        0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
+        0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98,
+        0x70, 0x58, 0x5c, 0x39, 0xd5, 0x58, 0x9a, 0x50,
+        0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
+        0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8,
+        0x1b, 0x63, 0x37, 0xb5, 0x7d, 0xa3, 0xc3, 0x76,
+        0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
+        0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71,
+        0x89, 0x6f, 0xf5, 0x89, 0xd4, 0xb8, 0x93, 0xe7,
+        0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
+        0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c,
+        0x74, 0x69, 0x80, 0xc1, 0x2a, 0xa6, 0xb9, 0x5e,
+        0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
+        0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47,
+        0x31, 0x23, 0x82, 0xca, 0x36, 0x5c, 0x5f, 0x35,
+        0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
+        0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c,
+        0x1e, 0x8a, 0x17, 0x6b, 0x79, 0x49, 0x95, 0x8f,
+        0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
+        0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39,
+        0xc8, 0x26, 0xcb, 0x50, 0x82, 0x08, 0x60, 0x77,
+        0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
+        0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30,
+        0x9b, 0x14, 0xb0, 0x86, 0xd6, 0xe9, 0x23, 0xc5,
+        0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
+        0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7,
+        0x2c, 0x9f, 0xda, 0x1c, 0xb3, 0xfb, 0x9b, 0xa0,
+        0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
+        0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56,
+        0x47, 0x8a, 0xc0, 0x44, 0xef, 0x34, 0x56, 0x37,
+        0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
+        0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08,
+        0x05, 0xd2, 0xd3, 0x2f, 0xfc, 0x62, 0xbf, 0x0c,
+        0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
+        0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00,
+        0x62, 0x58, 0x38, 0x65, 0x38, 0x1c, 0x74, 0xdd,
+        0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
+        0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25,
+        0x52, 0xa8, 0xf4, 0xb7, 0x88, 0xb4, 0xaf, 0xd1,
+        0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
+        0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94,
+        0x9a, 0x75, 0x58, 0x0d, 0x04, 0x96, 0x39, 0x85,
+        0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
+        0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56,
+        0xa5, 0xd6, 0x7c, 0x7e, 0xb5, 0x24, 0x10, 0xeb,
+        0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
+        0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26,
+        0x93, 0x8d, 0x34, 0x94, 0x3c, 0x38, 0x08, 0xc7,
+        0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
+        0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3,
+        0x34, 0x0b, 0xaa, 0x8d, 0x2e, 0x65, 0x34, 0x4f,
+        0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
+        0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93,
+        0x27, 0xf9, 0x18, 0x9f, 0x7e, 0x10, 0x85, 0x6b,
+        0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
+        0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7,
+        0x18, 0x50, 0xb2, 0x2e, 0x04, 0x59, 0x28, 0x27,
+        0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
+        0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76,
+        0x2d, 0xc5, 0xf2, 0x0b, 0xd5, 0xd2, 0xab, 0x5b,
+        0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
+        0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a,
+        0x0d, 0x80, 0x23, 0xbe, 0xd1, 0xf5, 0xca, 0xe8,
+        0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
+        0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b,
+        0x6a, 0xa0, 0x48, 0x98, 0x92, 0x33, 0x07, 0x9a,
+        0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
+        0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53,
+        0x75, 0x36, 0xe4, 0x6f, 0x3a, 0x6a, 0x97, 0xe7,
+        0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
+        0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87,
+        0x1f, 0x5e, 0xf9, 0xb4, 0x35, 0x50, 0x73, 0xb5,
+        0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
+        0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13,
+        0xb3, 0x55, 0x07, 0xb0, 0xdf, 0x57, 0x8c, 0xe2,
+        0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
+        0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c,
+        0xaf, 0x92, 0xf6, 0x9a, 0x75, 0x16, 0x14, 0x06,
+        0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
+        0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4,
+        0x9a, 0x81, 0x66, 0x1a, 0xa6, 0x5a, 0xc0, 0x9b,
+        0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
+        0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2,
+        0xbf, 0x0f, 0x84, 0x24, 0xa1, 0x9b, 0x74, 0x08,
+        0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
+        0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12,
+        0x98, 0x61, 0x1a, 0x7f, 0x5f, 0x60, 0x92, 0x2b,
+        0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
+        0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31,
+        0x8b, 0x50, 0x77, 0x33, 0x45, 0xc9, 0x97, 0x46,
+        0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
+        0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5,
+        0x09, 0x8b, 0xd4, 0x89, 0xd6, 0x96, 0xa0, 0xf7,
+        0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
+        0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04,
+        0x72, 0x05, 0x63, 0x32, 0x12, 0x31, 0x0e, 0xe9,
+        0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
+        0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07,
+        0x2e, 0xab, 0xe2, 0x37, 0x31, 0xe3, 0x4a, 0xf7,
+        0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
+        0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b,
+        0xc8, 0x37, 0x57, 0x84, 0x47, 0xaa, 0xcf, 0xae,
+        0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
+        0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6,
+        0x99, 0x77, 0x98, 0x50, 0x29, 0x5c, 0xa7, 0x2d,
+        0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
+        0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5,
+        0x08, 0x17, 0xba, 0x25, 0x5c, 0x74, 0x74, 0xc9,
+        0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
+        0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26,
+        0x5c, 0x04, 0x83, 0xa6, 0x5c, 0xa4, 0x51, 0x4e,
+        0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
+        0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb,
+        0xb2, 0x10, 0x35, 0x3e, 0xfa, 0x1a, 0xa8, 0x66,
+        0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
+        0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76,
+        0x5f, 0xf6, 0x0b, 0x3b, 0x80, 0x19, 0x84, 0xa9,
+        0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
+        0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5,
+        0x82, 0x58, 0xb4, 0xaf, 0x71, 0x22, 0x1c, 0xd1,
+        0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
+        0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc,
+        0xca, 0x70, 0x29, 0xa2, 0x30, 0xd6, 0x39, 0xdc,
+        0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
+        0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7,
+        0xbb, 0x10, 0xe3, 0x03, 0x01, 0xa6, 0x5c, 0xae,
+        0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
+        0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4,
+        0xa0, 0x6c, 0x81, 0x66, 0xd0, 0xb0, 0xb8, 0x12,
+        0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
+        0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c,
+        0x68, 0x53, 0x68, 0x55, 0x23, 0x43, 0xbb, 0x60,
+        0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
+        0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74,
+        0xba, 0x0a, 0x55, 0x1e, 0x18, 0x46, 0x20, 0xfe,
+        0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
+        0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6,
+        0x71, 0xa1, 0x53, 0x76, 0xe5, 0xa6, 0x74, 0x7a,
+        0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
+        0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37,
+        0x78, 0x70, 0xa6, 0x0a, 0x7a, 0x18, 0x96, 0x83,
+        0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
+        0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05,
+        0xc4, 0x2d, 0xd2, 0x86, 0x33, 0x56, 0x94, 0x72,
+        0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
+        0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4,
+        0x6f, 0xa7, 0x22, 0x44, 0x61, 0xa5, 0xcc, 0x27,
+        0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
+        0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8,
+        0xce, 0x91, 0xc1, 0x34, 0xa6, 0x38, 0x6f, 0x86,
+        0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
+        0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b,
+        0x53, 0xd2, 0x29, 0x3d, 0xf3, 0xe9, 0xa8, 0x22,
+        0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
+        0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e,
+        0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38,
+        0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
+        0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb,
+        0xeb, 0xbe, 0x41, 0xcd, 0x4d, 0xea, 0x48, 0x9d,
+        0xed, 0xd0, 0x0e, 0x76, 0xae, 0x0b, 0xcf, 0x54,
+        0xaa, 0x85, 0x50, 0x20, 0x29, 0x20, 0xeb, 0x64,
+        0xd5, 0x89, 0x2a, 0xd0, 0x2b, 0x13, 0xf2, 0xe5,
+        0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
+        0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
+        0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
+        0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
+    };
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = {
-#ifndef WOLFSSL_ML_KEM
         0xA6, 0xAF, 0x29, 0xD5, 0xF5, 0xB8, 0x0B, 0xD1,
         0x30, 0xF5, 0x18, 0xBA, 0xDD, 0xD6, 0xC8, 0xF1,
         0x75, 0x45, 0x41, 0x3D, 0x86, 0x0F, 0xB3, 0xDE,
@@ -40072,243 +42937,262 @@ static wc_test_ret_t kyber1024_kat(void)
         0x93, 0x23, 0x93, 0x29, 0x98, 0xD5, 0x6E, 0xF4,
         0x30, 0xC7, 0x3B, 0xC2, 0x4F, 0x5D, 0x95, 0xF7,
         0x37, 0x85, 0x8D, 0xDC, 0x4F, 0x32, 0xC0, 0x13
-#else
-        0xb1, 0x56, 0x96, 0xac, 0xab, 0xf3, 0xf5, 0xc7,
-        0x1c, 0x09, 0x60, 0x5d, 0xf3, 0x50, 0xf9, 0x8e,
-        0xf9, 0x89, 0x74, 0x74, 0xf2, 0x41, 0xc7, 0xf7,
-        0xd1, 0x6f, 0x7a, 0x69, 0x60, 0x43, 0x58, 0x50,
-        0x84, 0x58, 0x91, 0x6d, 0x2c, 0x85, 0x52, 0xc7,
-        0x04, 0xcb, 0x6e, 0x0d, 0xa4, 0x30, 0x5a, 0x11,
-        0x72, 0x0a, 0x2b, 0x59, 0xa6, 0xd8, 0x19, 0x0f,
-        0xc3, 0xe3, 0x89, 0xe6, 0x55, 0x1e, 0x7c, 0x59,
-        0x57, 0x8f, 0xe2, 0xb0, 0x5d, 0x75, 0x91, 0xba,
-        0xb3, 0x26, 0xd8, 0x94, 0xe2, 0x36, 0x56, 0xc6,
-        0xb5, 0xfe, 0x4b, 0x7a, 0xbd, 0x65, 0x05, 0xa8,
-        0xc2, 0x6d, 0x1d, 0xf8, 0xb4, 0x4a, 0x0e, 0xd5,
-        0x3a, 0xff, 0xff, 0x9a, 0x58, 0x5f, 0xce, 0x86,
-        0xda, 0x3b, 0x3f, 0xf2, 0x2b, 0x1f, 0xda, 0xe2,
-        0xf6, 0xd2, 0x55, 0xc2, 0x65, 0x35, 0xf6, 0x16,
-        0x94, 0xd5, 0x04, 0x71, 0xf1, 0xd8, 0x4d, 0x17,
-        0x67, 0x3e, 0x48, 0x1f, 0x4e, 0x82, 0x4c, 0x82,
-        0x81, 0x0c, 0xe8, 0xf2, 0xec, 0xc9, 0xbb, 0x3f,
-        0x5f, 0x07, 0xbf, 0x14, 0x30, 0xe7, 0xbf, 0xd9,
-        0x9f, 0xb9, 0x8f, 0x3d, 0x2f, 0x94, 0x1e, 0xdf,
-        0x64, 0x2d, 0x7b, 0x9e, 0x73, 0xbc, 0x15, 0x95,
-        0xa0, 0x4c, 0xd9, 0x49, 0xfa, 0x76, 0x64, 0x68,
-        0x48, 0x9f, 0x40, 0x2f, 0x92, 0x32, 0x5f, 0x6d,
-        0x9e, 0xc5, 0xd6, 0x96, 0xe0, 0xfa, 0xc2, 0xc6,
-        0xa3, 0x79, 0x83, 0xa6, 0x45, 0x13, 0x84, 0xce,
-        0x9d, 0x9d, 0xe4, 0x48, 0xf1, 0x58, 0x74, 0xe5,
-        0x30, 0x94, 0x3e, 0x8e, 0x0f, 0xe2, 0x99, 0x60,
-        0x58, 0x7a, 0x89, 0xb8, 0x05, 0x2c, 0x9d, 0x0e,
-        0x6b, 0x0e, 0xa5, 0xdb, 0xb7, 0x34, 0xd2, 0xa9,
-        0xc0, 0x5c, 0xbb, 0x6d, 0x0c, 0x79, 0xf4, 0xa5,
-        0x7d, 0xb5, 0xaf, 0xde, 0xd6, 0xa7, 0xdf, 0x0e,
-        0xcf, 0x47, 0xb7, 0xa3, 0x1d, 0xea, 0xf3, 0x7d,
-        0xfa, 0x1d, 0xc8, 0x97, 0x22, 0xa4, 0x7b, 0x40,
-        0xb4, 0xa5, 0x0c, 0x7a, 0x2f, 0x32, 0xe8, 0xab,
-        0x3d, 0xa9, 0x73, 0xaa, 0x68, 0x3c, 0x0a, 0x69,
-        0x82, 0x94, 0xca, 0x3a, 0x04, 0x54, 0x83, 0x17,
-        0x5d, 0x87, 0x78, 0x6b, 0x47, 0xf7, 0x8a, 0xb0,
-        0x29, 0x5b, 0x82, 0x67, 0xed, 0xfe, 0xed, 0xa4,
-        0x42, 0xc3, 0x51, 0xa3, 0x8e, 0x95, 0xcf, 0x43,
-        0xb0, 0x83, 0x42, 0xc6, 0x7d, 0x0b, 0xc5, 0xdd,
-        0x59, 0x74, 0xf6, 0xc5, 0xc0, 0x03, 0xea, 0x31,
-        0xb5, 0x80, 0x4a, 0x31, 0x1c, 0x29, 0xeb, 0xa1,
-        0x7b, 0xdb, 0x54, 0x7a, 0x62, 0x9e, 0xc8, 0x39,
-        0x74, 0x04, 0x3b, 0xd0, 0x3a, 0x37, 0xd0, 0xec,
-        0x7f, 0xf3, 0x9d, 0xe1, 0xdf, 0xb8, 0xe6, 0x32,
-        0xa8, 0x6b, 0x26, 0x02, 0x1e, 0x75, 0x3e, 0x7d,
-        0xc7, 0x31, 0xbc, 0x4e, 0xd7, 0xe7, 0xfe, 0xce,
-        0x78, 0xb0, 0x7d, 0xff, 0x5e, 0x87, 0x75, 0xb2,
-        0x22, 0x3e, 0x19, 0xdf, 0xb3, 0xa0, 0x6a, 0x18,
-        0x65, 0xed, 0x4f, 0x08, 0xa8, 0x45, 0x44, 0x49,
-        0x25, 0x04, 0xf2, 0x96, 0x2e, 0x00, 0x5f, 0xde,
-        0x5d, 0xe6, 0xe4, 0xff, 0x48, 0x99, 0x4d, 0x4f,
-        0xf8, 0x11, 0xce, 0x31, 0xe3, 0x90, 0x98, 0x03,
-        0xc3, 0x53, 0x4c, 0x1c, 0x6c, 0x6d, 0xdc, 0x9e,
-        0x1a, 0x43, 0xc8, 0x45, 0xe7, 0xe7, 0xe2, 0xa1,
-        0x08, 0x11, 0x86, 0xbe, 0xde, 0x4b, 0x5b, 0xcf,
-        0x1b, 0x80, 0xb1, 0x3d, 0x21, 0x8a, 0x4a, 0xb4,
-        0x46, 0xf4, 0x79, 0xe3, 0x8c, 0x1d, 0xe4, 0xa5,
-        0x94, 0xe0, 0xf2, 0x0c, 0xdc, 0x23, 0xa9, 0xea,
-        0x58, 0x77, 0x8c, 0xb2, 0xfb, 0x10, 0x4f, 0x1d,
-        0xc9, 0x1b, 0xa5, 0xc1, 0x7e, 0x74, 0x00, 0x4c,
-        0x43, 0x0a, 0xab, 0x1a, 0x3d, 0x16, 0x79, 0xda,
-        0xeb, 0x50, 0x82, 0xe5, 0x17, 0xaf, 0x6a, 0x4e,
-        0x28, 0xf5, 0x64, 0x44, 0x1b, 0x73, 0x23, 0x5d,
-        0x08, 0x4a, 0x58, 0x31, 0xcb, 0xb3, 0x94, 0xce,
-        0xcd, 0x99, 0x7f, 0xe0, 0x8b, 0x1b, 0x4a, 0xa9,
-        0x95, 0xbd, 0xd9, 0x72, 0x6c, 0x04, 0x61, 0x58,
-        0x59, 0xff, 0xfd, 0x1c, 0x99, 0x06, 0xfb, 0x2d,
-        0x04, 0x01, 0xed, 0x6f, 0x59, 0x1e, 0x13, 0xc6,
-        0xe7, 0x9e, 0xc5, 0xe8, 0x62, 0x07, 0x9e, 0x6d,
-        0xfd, 0x3c, 0xa6, 0x88, 0xfa, 0x5a, 0xc7, 0xf8,
-        0xd2, 0x79, 0x07, 0x53, 0x05, 0x49, 0xac, 0x71,
-        0xfd, 0xeb, 0x5f, 0x86, 0x9d, 0x2a, 0x9b, 0x23,
-        0x5a, 0x0e, 0x54, 0xb3, 0xb8, 0x66, 0x02, 0x1d,
-        0x6b, 0x5c, 0x98, 0xd1, 0xc6, 0xc0, 0xc0, 0x04,
-        0x89, 0x99, 0x5e, 0x3c, 0x34, 0x96, 0xb6, 0x9c,
-        0x76, 0x33, 0x8a, 0xc4, 0x22, 0xc9, 0xf9, 0x41,
-        0x58, 0xed, 0x5c, 0xf9, 0xcc, 0x6b, 0xe9, 0x38,
-        0x46, 0x03, 0x4d, 0x4b, 0xa5, 0x33, 0xa3, 0x42,
-        0x2c, 0x29, 0xd6, 0x75, 0x40, 0x5a, 0xe8, 0x53,
-        0xb8, 0x49, 0x7d, 0xc9, 0x12, 0xf4, 0xa8, 0x35,
-        0x00, 0xc8, 0x9d, 0xb7, 0x6b, 0xcd, 0xd7, 0x04,
-        0x6d, 0x98, 0x32, 0xfa, 0x3d, 0x2b, 0xf3, 0xd0,
-        0x24, 0x65, 0xeb, 0xb4, 0x16, 0x80, 0x35, 0x11,
-        0x8f, 0x08, 0x7d, 0xdd, 0x47, 0x64, 0x3d, 0x2d,
-        0xb7, 0x1f, 0x47, 0x41, 0x9a, 0xed, 0x97, 0x3e,
-        0xc4, 0x38, 0x48, 0x66, 0xd4, 0x5e, 0x1d, 0xf2,
-        0x16, 0xed, 0xa5, 0xbf, 0x61, 0x33, 0xf8, 0x4a,
-        0x32, 0x8c, 0x11, 0x29, 0x62, 0x1e, 0xc1, 0x50,
-        0x1f, 0xc4, 0x6f, 0xe3, 0xed, 0xa4, 0x60, 0x68,
-        0x0b, 0x39, 0x7a, 0x42, 0xa4, 0x36, 0x8e, 0xb3,
-        0xdc, 0x88, 0x45, 0x1b, 0x2b, 0x61, 0x6e, 0xec,
-        0x5f, 0x1e, 0xc0, 0x5e, 0x5b, 0xd2, 0x08, 0x4b,
-        0x49, 0x45, 0xd2, 0x0e, 0xa8, 0x63, 0x0d, 0x81,
-        0x49, 0x2c, 0x78, 0xcf, 0x06, 0xa7, 0x8e, 0xc5,
-        0x08, 0xa0, 0xc5, 0x71, 0x3b, 0x48, 0x60, 0x21,
-        0x64, 0x32, 0x66, 0xa6, 0x0d, 0x99, 0x74, 0x46,
-        0x78, 0xe5, 0x98, 0xb1, 0x52, 0xcf, 0x18, 0x29,
-        0x89, 0x7a, 0xf7, 0x20, 0xc1, 0x8e, 0xb6, 0x89,
-        0x3d, 0x8b, 0x1f, 0x81, 0xc8, 0xbb, 0xc5, 0x5c,
-        0x80, 0x47, 0x39, 0x1a, 0x90, 0x51, 0xa6, 0xd0,
-        0xd6, 0x54, 0x71, 0x89, 0x1a, 0xc2, 0xdf, 0xd8,
-        0xac, 0x98, 0x4a, 0xa7, 0xaf, 0xf3, 0x97, 0x44,
-        0x92, 0xb7, 0x51, 0xfd, 0xc5, 0xde, 0xa1, 0x39,
-        0x68, 0x86, 0xe8, 0xc9, 0x4b, 0x94, 0x48, 0xe1,
-        0xee, 0x63, 0x3f, 0x6c, 0x21, 0x43, 0x55, 0x2e,
-        0xb8, 0x49, 0xc6, 0xd7, 0xe7, 0x2b, 0x6a, 0x7c,
-        0x81, 0x21, 0x46, 0x15, 0x44, 0x51, 0x5e, 0x34,
-        0x6d, 0x69, 0x97, 0x31, 0x11, 0xc9, 0x24, 0xac,
-        0xda, 0x06, 0x47, 0x0b, 0x5d, 0xf2, 0x32, 0x0e,
-        0x06, 0xb8, 0xf1, 0xaf, 0xf4, 0x13, 0xf9, 0xe8,
-        0x88, 0x43, 0x6c, 0x31, 0x37, 0x80, 0x25, 0xbe,
-        0x66, 0x72, 0x6a, 0x0b, 0xa5, 0x59, 0x17, 0x7b,
-        0x11, 0x37, 0xc4, 0x31, 0xcc, 0xe1, 0xa6, 0xfb,
-        0x00, 0xde, 0x36, 0xc6, 0xaf, 0xce, 0x92, 0xf1,
-        0x1b, 0xc7, 0x5a, 0x88, 0x5f, 0xbb, 0xd9, 0xb1,
-        0x08, 0xe6, 0xea, 0xd4, 0x3f, 0xee, 0x47, 0xda,
-        0x31, 0x12, 0x30, 0xf9, 0x22, 0xba, 0xb9, 0x3a,
-        0x76, 0x77, 0x71, 0x1e, 0x97, 0xea, 0x41, 0x29,
-        0x80, 0x2c, 0x5d, 0xff, 0x20, 0xd0, 0xd9, 0xdb,
-        0x97, 0xf8, 0x82, 0xc6, 0x33, 0x79, 0xfc, 0x27,
-        0xd0, 0x8a, 0x6f, 0xec, 0xc2, 0x88, 0xcc, 0x06,
-        0xe2, 0x57, 0x65, 0x4b, 0x38, 0x8e, 0x50, 0x18,
-        0x80, 0x1f, 0xf1, 0x9b, 0xac, 0x2c, 0x94, 0x87,
-        0xa5, 0xf4, 0x7e, 0x07, 0x31, 0x01, 0xdd, 0x37,
-        0xb1, 0x0d, 0x43, 0xc9, 0x35, 0x11, 0x9b, 0x6f,
-        0x70, 0xed, 0xdf, 0x9b, 0xa5, 0x14, 0x9e, 0xd6,
-        0x4e, 0x8c, 0x12, 0x9d, 0x97, 0x8c, 0xbf, 0x2c,
-        0x1a, 0x30, 0x6f, 0x83, 0xa6, 0x34, 0x7b, 0xfc,
-        0x44, 0x5e, 0x8f, 0xd6, 0x45, 0xab, 0x0e, 0x4b,
-        0x2a, 0x93, 0x93, 0x28, 0xcb, 0x55, 0xa7, 0x95,
-        0x1a, 0x3a, 0x93, 0x8a, 0x06, 0xae, 0xd2, 0x4e,
-        0xf3, 0x25, 0x62, 0x14, 0x9c, 0x8b, 0x7f, 0x2d,
-        0xad, 0xd7, 0x5d, 0x2d, 0xb3, 0x78, 0x2b, 0x64,
-        0xf4, 0xcb, 0x1f, 0x56, 0xa0, 0x94, 0x52, 0x77,
-        0xc9, 0xc5, 0xe1, 0x60, 0x5a, 0x0c, 0x0e, 0xb6,
-        0x5d, 0x7f, 0xe3, 0x42, 0x1c, 0x90, 0x87, 0x4b,
-        0xb9, 0xcc, 0xb9, 0x45, 0xea, 0x74, 0xc9, 0x97,
-        0xec, 0xa7, 0x3c, 0x94, 0x05, 0x9b, 0x77, 0xc7,
-        0xc3, 0xf0, 0x8d, 0xd6, 0xe5, 0xe4, 0x94, 0xe3,
-        0xf2, 0x33, 0x99, 0xf2, 0xfc, 0xe0, 0x56, 0xe9,
-        0xf1, 0x30, 0xfe, 0xb6, 0xce, 0xcb, 0xb3, 0xe8,
-        0xde, 0xce, 0x49, 0xe5, 0x67, 0x37, 0x57, 0x51,
-        0x57, 0x42, 0x09, 0x4a, 0xc3, 0x82, 0x56, 0x38,
-        0x57, 0xb5, 0xd4, 0x12, 0xd7, 0x19, 0x1c, 0xdc,
-        0x5d, 0xe0, 0x68, 0x1c, 0x72, 0xc5, 0xda, 0xf8,
-        0x33, 0xbe, 0xed, 0xcd, 0x88, 0xe4, 0x01, 0x23,
-        0xa6, 0x17, 0xd2, 0xbd, 0x0d, 0x75, 0x95, 0x91,
-        0x6a, 0x68, 0x94, 0xb9, 0x26, 0x3b, 0x6e, 0xb9,
-        0x1e, 0x23, 0x80, 0x15, 0x4e, 0x0c, 0xfc, 0x52,
-        0x78, 0x42, 0x58, 0xcf, 0x73, 0x20, 0xc4, 0xf0,
-        0x2e, 0xad, 0x0b, 0x44, 0x71, 0xea, 0x0d, 0xd0,
-        0xab, 0xeb, 0x5e, 0x63, 0x62, 0x8f, 0x48, 0x36,
-        0xa2, 0x3d, 0xb2, 0x69, 0xce, 0xe0, 0x9e, 0x46,
-        0xf3, 0x5b, 0x9d, 0xe8, 0x7e, 0xcb, 0x04, 0x22,
-        0xad, 0x8e, 0xc6, 0xcb, 0x60, 0xb7, 0x17, 0xee,
-        0xc2, 0x12, 0x16, 0xf0, 0xb7, 0x91, 0xc8, 0x52,
-        0xa9, 0xf8, 0xa4, 0xc2, 0x61, 0x67, 0xd7, 0x35,
-        0x0e, 0x17, 0xfa, 0x3e, 0xc7, 0x45, 0xb4, 0x63,
-        0x11, 0xa6, 0x71, 0xcb, 0x8d, 0x7f, 0x14, 0x88,
-        0x5f, 0xf0, 0x1b, 0xab, 0x0e, 0xf4, 0x69, 0xd0,
-        0x85, 0x0f, 0xe8, 0x07, 0xe7, 0x0d, 0x36, 0xa4,
-        0xb7, 0x36, 0xb2, 0xc3, 0x2c, 0x67, 0x62, 0x58,
-        0xae, 0x7d, 0x55, 0x3d, 0xca, 0xb8, 0xad, 0xe6,
-        0x36, 0x8a, 0xa2, 0x31, 0x79, 0x77, 0x8a, 0xdd,
-        0x21, 0x4d, 0xd9, 0x15, 0x4f, 0x51, 0x0f, 0x50,
-        0xe5, 0x56, 0x0c, 0x65, 0xfc, 0xec, 0x35, 0xe8,
-        0x78, 0x82, 0x53, 0x0e, 0xdc, 0x65, 0xbe, 0xe6,
-        0x6b, 0x25, 0xa5, 0x35, 0xda, 0x21, 0x46, 0xe1,
-        0x4f, 0x83, 0x90, 0xbc, 0xf5, 0x79, 0xc3, 0x37,
-        0xba, 0xd9, 0x74, 0x57, 0x5d, 0x5f, 0x09, 0xa8,
-        0x76, 0x88, 0x83, 0xf9, 0x39, 0x3a, 0x14, 0x41,
-        0x71, 0xfe, 0xb3, 0xfc, 0x66, 0x3e, 0xee, 0xf1,
-        0x38, 0xb2, 0x1b, 0xd5, 0x57, 0xab, 0xbb, 0xad,
-        0x2c, 0x02, 0x24, 0x34, 0x1f, 0xab, 0xfb, 0x6c,
-        0x6f, 0xde, 0xa6, 0xf3, 0xc2, 0x65, 0xe5, 0xd8,
-        0xaf, 0x16, 0x9a, 0x96, 0x4a, 0x7a, 0x86, 0xa1,
-        0xa0, 0xe2, 0x22, 0xdd, 0x63, 0x71, 0x38, 0x20,
-        0x79, 0xf8, 0x38, 0x23, 0x4a, 0xea, 0x8f, 0xf6,
-        0xe2, 0xb8, 0x94, 0xe0, 0x4a, 0x9a, 0x34, 0xcf,
-        0xac, 0xab, 0x81, 0xb0, 0x70, 0x4b, 0x14, 0xd7,
-        0xd1, 0x09, 0x94, 0x9c, 0x68, 0x64, 0x4c, 0x01,
-        0x5b, 0xc2, 0xf2, 0x6a, 0x9c, 0x29, 0x42, 0x87,
-        0xec, 0xf1, 0x52, 0xd8, 0x46, 0xf9, 0x14, 0xc0,
-        0x74, 0x5c, 0xeb, 0x7e, 0xc3, 0xd3, 0x6a, 0xd9,
-        0xd7, 0x23, 0xc1, 0x5f, 0x89, 0xe2, 0xd8, 0xfe,
-        0x2c, 0x18, 0xe1, 0x11, 0x80, 0xd0, 0x70, 0x9d,
-        0x70, 0x02, 0xa5, 0x0f, 0x87, 0xd1, 0xc7, 0x3d,
-        0xbb, 0x61, 0x6f, 0xd8, 0xde, 0x30, 0x33, 0x9d,
-        0x83, 0xda, 0x5a, 0x8e, 0xd5, 0x03, 0x21, 0xcc,
-        0x12, 0xf9, 0x4d, 0xff, 0x84, 0xd9, 0xe5, 0x44,
-        0xf1, 0x7e, 0xc3, 0x4a, 0x60, 0xeb, 0x41, 0x4b,
-        0x28, 0x78, 0xcc, 0x1a, 0x05, 0xc2, 0x64, 0xa0,
-        0x66, 0xdd, 0xd3, 0x7f, 0x0c, 0x50, 0x4f, 0x0e,
-        0x6c, 0xcd, 0x0f, 0x31, 0x1e, 0xb5, 0x21, 0x2d,
-        0xe3, 0x2e, 0x9d, 0x65, 0x51, 0x25, 0xe4, 0xf4
-#endif
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ct[] = {
+        0xc9, 0xbe, 0xad, 0x6b, 0x0c, 0x11, 0x14, 0x38,
+        0x9b, 0xd4, 0x76, 0x1c, 0x73, 0xab, 0x90, 0x95,
+        0xb5, 0x80, 0x9d, 0xaa, 0xc9, 0xf6, 0x59, 0xbb,
+        0x56, 0x4a, 0xf2, 0x26, 0x17, 0x30, 0x52, 0xa4,
+        0xa3, 0xe7, 0xf2, 0xe5, 0xfd, 0x47, 0xd2, 0xb0,
+        0x2a, 0xae, 0xb5, 0x18, 0x9e, 0x06, 0xb9, 0xf4,
+        0xae, 0x98, 0xb6, 0x19, 0xcb, 0x63, 0xef, 0xbd,
+        0xf3, 0x98, 0x9a, 0x94, 0xb3, 0x6e, 0x8e, 0xa0,
+        0xd7, 0x00, 0x63, 0x3b, 0x95, 0x0a, 0x0a, 0xe2,
+        0xa7, 0x8e, 0xd9, 0x2e, 0x85, 0xc8, 0x5c, 0x70,
+        0xe1, 0x3e, 0x62, 0x6f, 0xb2, 0x63, 0xfa, 0xc9,
+        0x68, 0x15, 0x21, 0xc3, 0xab, 0x22, 0xfd, 0xab,
+        0x29, 0x17, 0x3c, 0x96, 0x16, 0xa2, 0xb0, 0x37,
+        0x08, 0x3f, 0xf7, 0xb2, 0xe0, 0x19, 0xb5, 0xbc,
+        0xde, 0x06, 0x8f, 0xac, 0x25, 0x7e, 0xf8, 0xf1,
+        0x27, 0x98, 0x41, 0x16, 0x93, 0xc1, 0xbd, 0xcc,
+        0x65, 0x42, 0x09, 0x97, 0xa5, 0x13, 0xa8, 0xa6,
+        0x95, 0x02, 0x62, 0x0b, 0xe8, 0xe4, 0xce, 0x73,
+        0x62, 0xe4, 0x12, 0xa7, 0x6c, 0xf5, 0x1c, 0x1f,
+        0x24, 0x33, 0xf1, 0xab, 0x64, 0xce, 0x0e, 0x5d,
+        0x2f, 0x56, 0xd7, 0xc9, 0xad, 0xe9, 0x94, 0xd0,
+        0xe3, 0x5d, 0x0a, 0xee, 0xf3, 0xac, 0x51, 0x5b,
+        0x48, 0x24, 0x37, 0x66, 0x4d, 0x8c, 0x1d, 0x25,
+        0xe5, 0xa5, 0x50, 0x7c, 0xf8, 0x0f, 0x97, 0x0d,
+        0x3e, 0xa7, 0x22, 0x6a, 0xac, 0xdc, 0x45, 0x7c,
+        0xbf, 0x88, 0xa0, 0x56, 0x0a, 0xa3, 0x5b, 0xb2,
+        0xc5, 0xc4, 0x55, 0x86, 0x7e, 0x21, 0x59, 0x91,
+        0x0a, 0x35, 0x81, 0x0b, 0xef, 0xe3, 0xaa, 0x10,
+        0xeb, 0x04, 0xd8, 0xd5, 0x71, 0x47, 0xcb, 0x8f,
+        0x66, 0xd2, 0xb0, 0x70, 0xba, 0xc4, 0x3d, 0x1f,
+        0x1f, 0xfd, 0xd5, 0x7a, 0x93, 0x99, 0x95, 0x1f,
+        0x64, 0x96, 0x57, 0x27, 0xbc, 0xb9, 0xf6, 0x6a,
+        0xd4, 0x23, 0x09, 0xda, 0xfc, 0x79, 0x9c, 0x1c,
+        0x54, 0x0a, 0xf1, 0xaf, 0x93, 0xef, 0xf6, 0x8a,
+        0x86, 0xd6, 0x1f, 0x51, 0x15, 0xdb, 0x66, 0x2d,
+        0xee, 0x7a, 0xc9, 0xa3, 0x62, 0x67, 0x77, 0x62,
+        0xb6, 0xa1, 0x64, 0xa0, 0xfa, 0x0a, 0x4d, 0x85,
+        0x9e, 0x4b, 0x8c, 0x8d, 0xbd, 0xb4, 0xe1, 0x83,
+        0xf5, 0xe6, 0x80, 0x8f, 0xc5, 0x22, 0x29, 0x65,
+        0x0c, 0xaf, 0x7c, 0xf3, 0xe1, 0x6d, 0xe3, 0xd8,
+        0x95, 0xd1, 0x48, 0xc3, 0x54, 0x48, 0xab, 0x8c,
+        0x27, 0x53, 0xc9, 0x83, 0x1b, 0x24, 0xbd, 0x49,
+        0x21, 0x49, 0x7e, 0xaa, 0x19, 0x25, 0x65, 0xca,
+        0xbf, 0xd8, 0x3c, 0x0c, 0x68, 0xdf, 0xe7, 0xd3,
+        0x92, 0xab, 0xf5, 0xe5, 0xe6, 0xf8, 0x4b, 0xb9,
+        0xf5, 0xaf, 0x4b, 0x71, 0x18, 0xc0, 0xb5, 0x58,
+        0x10, 0x5f, 0x9c, 0x10, 0xc9, 0xb6, 0xd7, 0x06,
+        0x82, 0xe1, 0xde, 0x6e, 0x06, 0x89, 0xd7, 0x10,
+        0x6a, 0x63, 0x74, 0xbd, 0x34, 0xae, 0xd7, 0x22,
+        0x9e, 0x6c, 0xb3, 0x56, 0xf2, 0xea, 0x65, 0xe6,
+        0x80, 0xce, 0x7b, 0x1e, 0x2c, 0x37, 0x04, 0xe1,
+        0x16, 0xa3, 0x85, 0x42, 0x82, 0x6e, 0x8a, 0x00,
+        0x11, 0x41, 0xba, 0xf2, 0xe3, 0x4d, 0xe3, 0x7a,
+        0x03, 0x04, 0x09, 0x86, 0xd4, 0xc0, 0xcd, 0x5d,
+        0x57, 0xf0, 0x70, 0x1c, 0xe9, 0x30, 0x98, 0x6f,
+        0xd9, 0x52, 0x5b, 0x58, 0xe2, 0xe5, 0x9f, 0x45,
+        0xb8, 0xdd, 0x04, 0xc0, 0xf3, 0x5b, 0x0f, 0x47,
+        0x97, 0x0c, 0xc6, 0x70, 0x79, 0x61, 0x8e, 0xb9,
+        0xe6, 0xd9, 0x1e, 0x9b, 0x0f, 0x8c, 0x6d, 0x2e,
+        0x16, 0x5c, 0xf4, 0x48, 0xa2, 0xc1, 0xeb, 0xf7,
+        0x1b, 0x65, 0x37, 0xe0, 0xf3, 0x75, 0x18, 0x5d,
+        0xfa, 0xfe, 0xf6, 0x98, 0xb6, 0x23, 0x9b, 0xb3,
+        0x55, 0x80, 0xb3, 0x15, 0xbc, 0xb5, 0xed, 0x40,
+        0x8c, 0x35, 0x7f, 0x19, 0x2d, 0xef, 0x89, 0xbc,
+        0x1b, 0x75, 0xcd, 0xd6, 0xaa, 0xe8, 0xb5, 0xfa,
+        0xf0, 0xc3, 0xe1, 0x38, 0x03, 0xf6, 0xbd, 0xfa,
+        0x76, 0xfb, 0x40, 0x7f, 0xcb, 0xda, 0x79, 0x0c,
+        0x32, 0x9b, 0x3e, 0xe4, 0x2f, 0xd3, 0xd3, 0xb0,
+        0x3b, 0xd5, 0x00, 0x3f, 0x0b, 0xc4, 0x32, 0xf7,
+        0xba, 0x39, 0x63, 0x11, 0x12, 0x45, 0x2d, 0xfd,
+        0x12, 0x14, 0x04, 0x33, 0xff, 0x89, 0x80, 0xeb,
+        0x6a, 0x52, 0x6b, 0xa8, 0x5e, 0xf9, 0x94, 0x77,
+        0x37, 0x8b, 0x4d, 0xc7, 0x66, 0x35, 0xa5, 0xcd,
+        0x50, 0x40, 0xe4, 0x3b, 0x8c, 0x1f, 0xe4, 0xee,
+        0x5e, 0x15, 0x8e, 0x42, 0x3b, 0xfc, 0x0c, 0x89,
+        0x3c, 0x1d, 0x56, 0x13, 0xbe, 0xd0, 0x8d, 0xa7,
+        0x19, 0xc9, 0x07, 0x31, 0x84, 0xee, 0xb3, 0x6f,
+        0xd3, 0x57, 0x38, 0x0f, 0xb1, 0x87, 0x3d, 0x8c,
+        0xbd, 0x36, 0xe2, 0x25, 0x5e, 0x98, 0x5b, 0x1b,
+        0x76, 0x81, 0x97, 0x43, 0xa6, 0x58, 0x4a, 0x9b,
+        0x3a, 0x58, 0x09, 0x96, 0xc9, 0xc2, 0xee, 0xd9,
+        0xbb, 0xbf, 0xff, 0x78, 0xa6, 0x20, 0x4b, 0x5e,
+        0x5e, 0xea, 0xe5, 0xf4, 0xef, 0xd2, 0x66, 0x00,
+        0x78, 0xb3, 0x7f, 0x07, 0x54, 0xab, 0x5d, 0xa8,
+        0x62, 0xe6, 0x66, 0xb1, 0x45, 0xb5, 0xf2, 0x3f,
+        0x3d, 0x09, 0x77, 0x79, 0x99, 0x29, 0xdf, 0xa2,
+        0xae, 0xdd, 0xa5, 0x3d, 0x15, 0x2e, 0xda, 0x1d,
+        0x0d, 0x0e, 0x4e, 0xa4, 0x3f, 0x6e, 0xd8, 0x89,
+        0xbb, 0x96, 0x5e, 0xef, 0xe0, 0xa7, 0xc6, 0x85,
+        0xbb, 0x36, 0x77, 0x0e, 0xaa, 0x87, 0x42, 0x42,
+        0xc0, 0xe2, 0x29, 0xcf, 0x6c, 0xe5, 0x6d, 0xef,
+        0xa5, 0xae, 0xae, 0x64, 0xd0, 0xc4, 0x0d, 0xda,
+        0x8a, 0xa2, 0x6e, 0xae, 0xb3, 0x14, 0x58, 0xf0,
+        0x70, 0xa3, 0xbc, 0x72, 0xe1, 0x61, 0x9e, 0xe9,
+        0xb5, 0xf6, 0x42, 0x29, 0x1c, 0x56, 0xdf, 0x5b,
+        0x7e, 0x43, 0xdb, 0x6c, 0x80, 0x2f, 0xc7, 0x4f,
+        0x4f, 0x3f, 0x9b, 0x5c, 0x0d, 0x35, 0x5c, 0x3a,
+        0xae, 0x52, 0x0a, 0xa3, 0x12, 0x29, 0xd1, 0x2f,
+        0x3e, 0x7c, 0xc5, 0xd4, 0x8e, 0x69, 0x11, 0x91,
+        0xa3, 0x6b, 0x28, 0x37, 0x65, 0xf4, 0x13, 0x3f,
+        0x0f, 0xf1, 0xfe, 0x2f, 0x01, 0xc6, 0x64, 0x8b,
+        0x27, 0x98, 0xa7, 0x4e, 0xb5, 0xd8, 0x42, 0xa2,
+        0x48, 0xf5, 0x24, 0xa7, 0xe7, 0xf8, 0x97, 0x42,
+        0x11, 0x29, 0x7b, 0x44, 0xf0, 0xdd, 0x19, 0xf3,
+        0x86, 0xe8, 0x6b, 0xe6, 0xba, 0x78, 0x2d, 0xe7,
+        0x7f, 0xde, 0x88, 0x72, 0x26, 0xf3, 0x7a, 0x1c,
+        0x77, 0xbc, 0x5e, 0xdd, 0xee, 0xe5, 0xbf, 0x46,
+        0xb6, 0x7f, 0xb7, 0x47, 0x8d, 0x55, 0x98, 0x65,
+        0xf2, 0x62, 0xca, 0xa8, 0x4d, 0x64, 0xa8, 0xce,
+        0x59, 0xe4, 0xdf, 0x08, 0x18, 0xe1, 0x48, 0x61,
+        0x52, 0x6a, 0xcd, 0x34, 0x83, 0x60, 0x0f, 0x3d,
+        0xae, 0x79, 0x59, 0xd3, 0x5d, 0x81, 0x81, 0xca,
+        0x6a, 0x81, 0xce, 0x79, 0x1b, 0xe0, 0x07, 0x52,
+        0xda, 0x77, 0x59, 0x44, 0x6a, 0x2c, 0xfb, 0xe0,
+        0x0b, 0x82, 0x48, 0xb9, 0x34, 0x91, 0xde, 0xbd,
+        0x52, 0x02, 0x20, 0xb7, 0x55, 0x41, 0x6d, 0x2f,
+        0xc6, 0xb7, 0xc8, 0xaf, 0x2f, 0xf7, 0x5e, 0x5b,
+        0xcb, 0xb8, 0xe7, 0x53, 0x73, 0x80, 0xa5, 0x72,
+        0x1c, 0x77, 0x48, 0x49, 0x57, 0xa6, 0x92, 0x71,
+        0xd8, 0xba, 0xfc, 0xe0, 0xf1, 0x66, 0x73, 0x5f,
+        0xf8, 0x69, 0x23, 0x2d, 0xe5, 0xd3, 0x81, 0xaf,
+        0xbf, 0x0e, 0x44, 0xd6, 0x91, 0x72, 0xb7, 0x9a,
+        0x35, 0x19, 0x19, 0x49, 0xde, 0x09, 0x70, 0x3b,
+        0x94, 0x22, 0x2b, 0x13, 0xc3, 0x85, 0xc6, 0x08,
+        0x1e, 0x6d, 0x2e, 0xde, 0x1e, 0x57, 0xfe, 0x18,
+        0x4e, 0xf8, 0xf6, 0x01, 0x96, 0xb9, 0xa3, 0xa7,
+        0xb7, 0xef, 0xf7, 0x49, 0x71, 0x91, 0xca, 0x87,
+        0x41, 0xb5, 0xa0, 0x1e, 0x79, 0xcb, 0x69, 0xa6,
+        0x11, 0x42, 0xe6, 0xf5, 0xd0, 0x80, 0xfb, 0xb3,
+        0xe5, 0x66, 0xf7, 0x9e, 0x14, 0x6f, 0x75, 0xc8,
+        0xa1, 0x09, 0x78, 0x60, 0x84, 0x1b, 0x47, 0x47,
+        0xdf, 0x60, 0x4d, 0xba, 0x95, 0x4e, 0x4a, 0x8d,
+        0x9e, 0x0d, 0xcc, 0xc1, 0xf6, 0x09, 0xd0, 0x5c,
+        0xf8, 0xd3, 0x12, 0x19, 0xec, 0xd6, 0x0c, 0x31,
+        0x2d, 0xe6, 0x84, 0x55, 0x2f, 0x09, 0x22, 0x7c,
+        0xb8, 0x29, 0x29, 0x1c, 0x64, 0x57, 0x32, 0xc5,
+        0xf5, 0xd4, 0xd7, 0x11, 0x63, 0x9f, 0x42, 0xa2,
+        0x30, 0x80, 0xaa, 0x34, 0xfe, 0x14, 0x20, 0xf2,
+        0x19, 0xbd, 0x6b, 0xcf, 0x4e, 0x3b, 0x29, 0xb9,
+        0xd0, 0x22, 0x93, 0xb2, 0xda, 0x81, 0x38, 0x3e,
+        0x0a, 0x51, 0xd2, 0xbb, 0x18, 0x6c, 0x7b, 0x0a,
+        0x21, 0x1a, 0x0c, 0xd6, 0x3a, 0xcb, 0xfc, 0x02,
+        0x10, 0x40, 0x1e, 0x98, 0x5d, 0x43, 0x6b, 0x38,
+        0x03, 0xd5, 0x60, 0x1c, 0x24, 0x13, 0x6a, 0xfd,
+        0x15, 0x62, 0x52, 0x2e, 0x45, 0xb4, 0x57, 0xcb,
+        0x43, 0x91, 0x78, 0xbe, 0x4a, 0x87, 0xcc, 0xe4,
+        0x03, 0x46, 0xd3, 0x4a, 0xe0, 0xf3, 0xc3, 0x91,
+        0x03, 0xc8, 0xa3, 0xeb, 0xc9, 0xc8, 0x6c, 0x8d,
+        0xb8, 0xfc, 0x55, 0x61, 0xeb, 0x0f, 0x3a, 0x14,
+        0x3d, 0x4e, 0x9f, 0xe9, 0x3a, 0x5c, 0xba, 0x6f,
+        0x6f, 0xca, 0xe5, 0x65, 0x0d, 0x3f, 0x43, 0xd2,
+        0x66, 0x8a, 0x59, 0x56, 0xc9, 0x22, 0x89, 0x3b,
+        0x81, 0x66, 0x47, 0xde, 0xd0, 0xaf, 0xc0, 0x52,
+        0xa6, 0xc3, 0xd9, 0xd0, 0x1a, 0x3d, 0x3a, 0xf0,
+        0xf1, 0xba, 0x80, 0x7f, 0xf1, 0x04, 0x91, 0xe1,
+        0x31, 0xdc, 0x15, 0xe1, 0x65, 0xcf, 0xd0, 0x65,
+        0x0a, 0x1f, 0x2c, 0x31, 0x3d, 0x79, 0x56, 0x14,
+        0x1e, 0xdc, 0xc6, 0x1c, 0xb9, 0x0e, 0x9e, 0x7a,
+        0xbf, 0x2f, 0xe3, 0x5f, 0xc9, 0xdc, 0x1b, 0xde,
+        0x88, 0x93, 0x9f, 0xa1, 0x1f, 0x7b, 0xbe, 0x3e,
+        0xb4, 0xd8, 0xff, 0xa6, 0x43, 0xb0, 0x74, 0xd7,
+        0x4f, 0x45, 0x11, 0x35, 0x86, 0xe9, 0xbb, 0x12,
+        0x06, 0x00, 0x03, 0xd7, 0x19, 0x41, 0xf2, 0xda,
+        0x09, 0x8d, 0xc0, 0xe9, 0x6c, 0xad, 0x32, 0x55,
+        0xcf, 0x32, 0x8e, 0xa2, 0xd3, 0x30, 0x8c, 0x1f,
+        0x45, 0x85, 0xe8, 0x9c, 0x61, 0x3c, 0x42, 0x6b,
+        0x7e, 0x79, 0x8e, 0x1e, 0xc4, 0xe9, 0x8f, 0xe6,
+        0xc7, 0x1e, 0x74, 0x91, 0xf5, 0xec, 0xa0, 0xcd,
+        0x05, 0x11, 0x58, 0x61, 0xbd, 0x16, 0x0e, 0x3f,
+        0xe7, 0x3a, 0x58, 0xa0, 0x26, 0xba, 0x53, 0x8e,
+        0x0e, 0x25, 0x6b, 0x92, 0xf1, 0xd7, 0xa2, 0x49,
+        0x75, 0x70, 0x59, 0x48, 0x56, 0x86, 0x0f, 0xfd,
+        0x06, 0xb6, 0x01, 0xac, 0x57, 0x55, 0x92, 0xf4,
+        0xac, 0x61, 0x2b, 0x5d, 0xe7, 0x86, 0x60, 0x42,
+        0x12, 0x3e, 0xbc, 0x60, 0xc5, 0x57, 0x68, 0xe3,
+        0xa7, 0x60, 0x0a, 0x32, 0x60, 0x55, 0x1f, 0x2b,
+        0xea, 0x22, 0xbb, 0xf6, 0xb6, 0xc8, 0x24, 0x6e,
+        0x80, 0xf9, 0x12, 0x5c, 0x4b, 0xb9, 0xdb, 0x35,
+        0x4d, 0xd6, 0x4a, 0xe6, 0x95, 0xc1, 0x5f, 0x50,
+        0x71, 0xf4, 0xab, 0xb9, 0x63, 0x92, 0x07, 0xca,
+        0xc7, 0x33, 0x1b, 0x31, 0x0f, 0x69, 0xa0, 0x5f,
+        0x54, 0xb9, 0x95, 0xde, 0x52, 0x9a, 0x02, 0x3f,
+        0x03, 0x3b, 0x05, 0x5d, 0xb9, 0x52, 0x87, 0xa1,
+        0x4b, 0xa3, 0x0a, 0x7c, 0xc5, 0x26, 0xbb, 0x72,
+        0x4c, 0x41, 0x7f, 0xba, 0x29, 0x06, 0x36, 0xa9,
+        0x96, 0xf2, 0x86, 0xe3, 0xe9, 0xe9, 0x39, 0xe4,
+        0xfe, 0x1c, 0x39, 0x8b, 0x5c, 0x65, 0x99, 0x95,
+        0x9d, 0x0b, 0x44, 0x45, 0xa3, 0x27, 0xec, 0x46,
+        0x9a, 0x16, 0x53, 0xcf, 0xae, 0xa7, 0x55, 0x2c,
+        0xec, 0xec, 0x08, 0x5c, 0xca, 0xa6, 0x89, 0x38,
+        0xae, 0x4a, 0xc3, 0xc4, 0x24, 0xf7, 0xe4, 0x80,
+        0x43, 0x9e, 0xbd, 0x2c, 0x99, 0x2b, 0x5f, 0x6f,
+        0x95, 0xec, 0x24, 0x4b, 0x65, 0x7d, 0xbd, 0xea,
+        0xa9, 0xae, 0x11, 0x0a, 0xaf, 0x4d, 0x68, 0xbf,
+        0x4e, 0x27, 0x41, 0x0d, 0x43, 0xce, 0xef, 0x3e,
+        0x88, 0xe9, 0xc7, 0x17, 0xdd, 0x44, 0xc9, 0xee
+    };
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = {
-#ifndef WOLFSSL_ML_KEM
         0xB1, 0x0F, 0x73, 0x94, 0x92, 0x6A, 0xD3, 0xB4,
         0x9C, 0x5D, 0x62, 0xD5, 0xAE, 0xB5, 0x31, 0xD5,
         0x75, 0x75, 0x38, 0xBC, 0xC0, 0xDA, 0x9E, 0x55,
         0x0D, 0x43, 0x8F, 0x1B, 0x61, 0xBD, 0x74, 0x19
-#else
-        0x63, 0xa1, 0x03, 0x90, 0x74, 0xf0, 0x1f, 0x26,
-        0x51, 0x21, 0x3a, 0xd9, 0x35, 0x0d, 0x65, 0x61,
-        0xcb, 0x03, 0xa6, 0x04, 0x00, 0xe7, 0x41, 0x18,
-        0xbb, 0x44, 0x64, 0xd8, 0x7b, 0x9d, 0xb2, 0x05
-#endif
     };
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ss[] = {
+        0x48, 0x9d, 0xd1, 0xe9, 0xc2, 0xbe, 0x4a, 0xf3,
+        0x48, 0x2b, 0xdb, 0x35, 0xbb, 0x26, 0xce, 0x76,
+        0x0e, 0x6e, 0x41, 0x4d, 0xa6, 0xec, 0xbe, 0x48,
+        0x99, 0x85, 0x74, 0x8a, 0x82, 0x5f, 0x1c, 0xd6
+    };
+#endif
 
 #ifdef WOLFSSL_SMALL_STACK
-    key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
+    key = (MlKemKey *)XMALLOC(sizeof(MlKemKey), HEAP_HINT,
                               DYNAMIC_TYPE_TMP_BUFFER);
-    priv = (byte *)XMALLOC(KYBER1024_PRIVATE_KEY_SIZE, HEAP_HINT,
+    if (key == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+    priv = (byte *)XMALLOC(WC_ML_KEM_1024_PRIVATE_KEY_SIZE, HEAP_HINT,
                               DYNAMIC_TYPE_TMP_BUFFER);
-    pub = (byte *)XMALLOC(KYBER1024_PUBLIC_KEY_SIZE, HEAP_HINT,
+    pub = (byte *)XMALLOC(WC_ML_KEM_1024_PUBLIC_KEY_SIZE, HEAP_HINT,
                               DYNAMIC_TYPE_TMP_BUFFER);
-    ct = (byte *)XMALLOC(KYBER1024_CIPHER_TEXT_SIZE, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-    ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-    ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-
-    if (! (key && priv && pub && ct && ss && ss_dec))
+    if (priv == NULL || pub == NULL)
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 #endif
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
+    ct = (byte *)XMALLOC(WC_ML_KEM_1024_CIPHER_TEXT_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    ss = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ct == NULL || ss == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+    ss_dec = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ss_dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#endif
 
+#ifdef WOLFSSL_MLKEM_KYBER
     ret = wc_KyberKey_Init(KYBER1024, key, HEAP_HINT, INVALID_DEVID);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     else
         key_inited = 1;
 
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand,
         sizeof(kyber1024_rand));
     if (ret != 0)
@@ -40327,7 +43211,16 @@ static wc_test_ret_t kyber1024_kat(void)
 
     if (XMEMCMP(priv, kyber1024_sk, sizeof(kyber1024_sk)) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber1024_rand;
+    (void)kyber1024_pk;
+    ret = wc_KyberKey_DecodePrivateKey(key, kyber1024_sk,
+        KYBER1024_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
 
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
         sizeof(kyber1024enc_rand));
     if (ret != 0)
@@ -40338,59 +43231,166 @@ static wc_test_ret_t kyber1024_kat(void)
 
     if (XMEMCMP(ss, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber1024enc_rand;
+#endif
 
-    ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber1024_ct));
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+    ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber1024_ct,
+        sizeof(kyber1024_ct));
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber1024_ct;
+    (void)kyber1024_ss;
+#endif
+#endif
+#ifndef WOLFSSL_NO_ML_KEM
+    ret = wc_MlKemKey_Init(key, WC_ML_KEM_1024, HEAP_HINT, INVALID_DEVID);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    else
+        key_inited = 1;
+
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+    ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber1024_rand,
+        sizeof(kyber1024_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_MlKemKey_EncodePublicKey(key, pub, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_MlKemKey_EncodePrivateKey(key, priv,
+        WC_ML_KEM_MAX_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(pub, ml_kem_1024_pk, sizeof(ml_kem_1024_pk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(priv, ml_kem_1024_sk, sizeof(ml_kem_1024_sk)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber1024_rand;
+    (void)ml_kem_1024_pk;
+    ret = wc_MlKemKey_DecodePrivateKey(key, ml_kem_1024_sk,
+        WC_ML_KEM_1024_PRIVATE_KEY_SIZE);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+#endif
+
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
+    ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
+        sizeof(kyber1024enc_rand));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ct, ml_kem_1024_ct, sizeof(ml_kem_1024_ct)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+
+    if (XMEMCMP(ss, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)kyber1024enc_rand;
+#endif
+
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+    ret = wc_MlKemKey_Decapsulate(key, ss_dec, ml_kem_1024_ct,
+        sizeof(ml_kem_1024_ct));
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    if (XMEMCMP(ss_dec, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#else
+    (void)ml_kem_1024_ct;
+    (void)ml_kem_1024_ss;
+#endif
+#endif
 
 out:
 
     if (key_inited)
-        wc_KyberKey_Free(key);
+        wc_MlKemKey_Free(key);
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
     XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 #endif
 
     return ret;
 }
-#endif /* WOLFSSL_KYBER1024 */
-#endif /* WOLFSSL_WC_KYBER */
+#endif /* !WOLFSSL_NO_KYBER1024 && !WOLFSSL_NO_ML_KEM_1024 */
+#endif /* WOLFSSL_WC_MLKEM */
 
-WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
+WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void)
 {
     wc_test_ret_t ret;
     WC_RNG rng;
     int i;
 #ifdef WOLFSSL_SMALL_STACK
-    KyberKey *key = NULL;
+    MlKemKey *key = NULL;
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     byte *priv = NULL;
     byte *pub = NULL;
     byte *priv2 = NULL;
     byte *pub2 = NULL;
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     byte *ct = NULL;
     byte *ss = NULL;
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
     byte *ss_dec = NULL;
+#endif
+#endif
+#endif
 #else
-    KyberKey key[1];
-    byte priv[KYBER_MAX_PRIVATE_KEY_SIZE];
-    byte pub[KYBER_MAX_PUBLIC_KEY_SIZE];
-    byte priv2[KYBER_MAX_PRIVATE_KEY_SIZE];
-    byte pub2[KYBER_MAX_PUBLIC_KEY_SIZE];
-    byte ct[KYBER_MAX_CIPHER_TEXT_SIZE];
-    byte ss[KYBER_SS_SZ];
-    byte ss_dec[KYBER_SS_SZ];
+    MlKemKey key[1];
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+    byte priv[WC_ML_KEM_MAX_PRIVATE_KEY_SIZE];
+    byte pub[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE];
+    byte priv2[WC_ML_KEM_MAX_PRIVATE_KEY_SIZE];
+    byte pub2[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE];
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
+    byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE];
+    byte ss[WC_ML_KEM_SS_SZ];
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+    byte ss_dec[WC_ML_KEM_SS_SZ];
+#endif
+#endif
+#endif
 #endif
     int key_inited = 0;
     static const int testData[][4] = {
+#ifndef WOLFSSL_NO_ML_KEM
+    #ifdef WOLFSSL_WC_ML_KEM_512
+        { WC_ML_KEM_512,  WC_ML_KEM_512_PRIVATE_KEY_SIZE,
+          WC_ML_KEM_512_PUBLIC_KEY_SIZE,  WC_ML_KEM_512_CIPHER_TEXT_SIZE },
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_768
+        { WC_ML_KEM_768,  WC_ML_KEM_768_PRIVATE_KEY_SIZE,
+          WC_ML_KEM_768_PUBLIC_KEY_SIZE,  WC_ML_KEM_768_CIPHER_TEXT_SIZE },
+    #endif
+    #ifdef WOLFSSL_WC_ML_KEM_1024
+        { WC_ML_KEM_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE,
+          WC_ML_KEM_1024_PUBLIC_KEY_SIZE, WC_ML_KEM_1024_CIPHER_TEXT_SIZE },
+    #endif
+#endif
+#ifdef WOLFSSL_MLKEM_KYBER
     #ifdef WOLFSSL_KYBER512
         { KYBER512,  KYBER512_PRIVATE_KEY_SIZE,  KYBER512_PUBLIC_KEY_SIZE,
           KYBER512_CIPHER_TEXT_SIZE },
@@ -40403,29 +43403,49 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
         { KYBER1024, KYBER1024_PRIVATE_KEY_SIZE, KYBER1024_PUBLIC_KEY_SIZE,
           KYBER1024_CIPHER_TEXT_SIZE },
     #endif
+#endif
     };
-    WOLFSSL_ENTER("kyber_test");
+    WOLFSSL_ENTER("mlkem_test");
 
 #ifdef WOLFSSL_SMALL_STACK
-    key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
+    key = (MlKemKey *)XMALLOC(sizeof(MlKemKey), HEAP_HINT,
                               DYNAMIC_TYPE_TMP_BUFFER);
-    priv = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-    pub = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-    priv2 = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-    pub2 = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-    ct = (byte *)XMALLOC(KYBER_MAX_CIPHER_TEXT_SIZE, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-    ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-    ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
-                              DYNAMIC_TYPE_TMP_BUFFER);
-
-    if (! (key && priv && pub && priv2 && pub2 && ct && ss && ss_dec))
+    if (key == NULL)
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+    priv = (byte *)XMALLOC(WC_ML_KEM_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (priv == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    pub = (byte *)XMALLOC(WC_ML_KEM_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (pub == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    priv2 = (byte *)XMALLOC(WC_ML_KEM_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (priv2 == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    pub2 = (byte *)XMALLOC(WC_ML_KEM_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (pub2 == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
+    ct = (byte *)XMALLOC(WC_ML_KEM_MAX_CIPHER_TEXT_SIZE, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ct == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    ss = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ss == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
+    ss_dec = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
+                              DYNAMIC_TYPE_TMP_BUFFER);
+    if (ss_dec == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+#endif
+#endif
+#endif
 #endif
 
 #ifndef HAVE_FIPS
@@ -40437,105 +43457,118 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
-        ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID);
+        ret = wc_MlKemKey_Init(key, testData[i][0], HEAP_HINT, INVALID_DEVID);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         else
             key_inited = 1;
 
-        ret = wc_KyberKey_MakeKey(key, &rng);
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
+        ret = wc_MlKemKey_MakeKey(key, &rng);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_EncodePublicKey(key, pub, testData[i][2]);
+        ret = wc_MlKemKey_EncodePublicKey(key, pub, testData[i][2]);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_EncodePrivateKey(key, priv, testData[i][1]);
+        ret = wc_MlKemKey_EncodePrivateKey(key, priv, testData[i][1]);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID);
+        ret = wc_MlKemKey_Init(key, testData[i][0], HEAP_HINT, INVALID_DEVID);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_DecodePublicKey(key, pub, testData[i][2]);
+        ret = wc_MlKemKey_DecodePublicKey(key, pub, testData[i][2]);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_Encapsulate(key, ct, ss, &rng);
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
+        ret = wc_MlKemKey_Encapsulate(key, ct, ss, &rng);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+#endif
 
-        ret = wc_KyberKey_EncodePublicKey(key, pub2, testData[i][2]);
+        ret = wc_MlKemKey_EncodePublicKey(key, pub2, testData[i][2]);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
         if (XMEMCMP(pub, pub2, testData[i][2]) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID);
+        ret = wc_MlKemKey_Init(key, testData[i][0], HEAP_HINT, INVALID_DEVID);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_DecodePrivateKey(key, priv, testData[i][1]);
+        ret = wc_MlKemKey_DecodePrivateKey(key, priv, testData[i][1]);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, testData[i][3]);
+#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+        ret = wc_MlKemKey_Decapsulate(key, ss_dec, ct, testData[i][3]);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
-        if (XMEMCMP(ss, ss_dec, KYBER_SS_SZ) != 0)
+        if (XMEMCMP(ss, ss_dec, WC_ML_KEM_SS_SZ) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+#endif
 
-        ret = wc_KyberKey_EncodePrivateKey(key, priv2, testData[i][1]);
+        ret = wc_MlKemKey_EncodePrivateKey(key, priv2, testData[i][1]);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
 
         if (XMEMCMP(priv, priv2, testData[i][2]) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+#endif
     }
 
     wc_FreeRng(&rng);
 
-#ifdef WOLFSSL_WC_KYBER
-#ifdef WOLFSSL_KYBER512
-    ret = kyber512_kat();
+#ifdef WOLFSSL_WC_MLKEM
+#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512)
+    ret = mlkem512_kat();
     if (ret != 0)
         goto out;
 #endif
-#ifdef WOLFSSL_KYBER768
-    ret = kyber768_kat();
+#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768)
+    ret = mlkem768_kat();
     if (ret != 0)
         goto out;
 #endif
-#ifdef WOLFSSL_KYBER1024
-    ret = kyber1024_kat();
+#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024)
+    ret = mlkem1024_kat();
     if (ret != 0)
         goto out;
 #endif
-#endif /* WOLFSSL_WC_KYBER */
+#endif /* WOLFSSL_WC_MLKEM */
 
 out:
 
     if (key_inited)
-        wc_KyberKey_Free(key);
+        wc_MlKemKey_Free(key);
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
     XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
     XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
     XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#endif
+#endif
 #endif
 
     return ret;
 }
-#endif /* WOLFSSL_HAVE_KYBER */
+#endif /* WOLFSSL_HAVE_MLKEM */
 
 #ifdef HAVE_DILITHIUM
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
@@ -40544,9 +43577,12 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
 {
     byte msg[512];
     dilithium_key* key;
+    byte * pubExported = NULL;
     wc_test_ret_t ret;
     int i;
     int res = 0;
+    word32 lenExported = pubKeyLen;
+    int n_diff = 0;
 
     key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT,
         DYNAMIC_TYPE_TMP_BUFFER);
@@ -40554,6 +43590,12 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
     }
 
+    pubExported = (byte*)XMALLOC(pubKeyLen, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (pubExported == NULL) {
+        ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
+    }
+
     /* make dummy msg */
     for (i = 0; i < (int)sizeof(msg); i++) {
         msg[i] = (byte)i;
@@ -40568,20 +43610,46 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
     ret = wc_dilithium_set_level(key, param);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-
     ret = wc_dilithium_import_public(pubKey, pubKeyLen, key);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), &res,
-        key);
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (param >= WC_ML_DSA_DRAFT) {
+        ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg),
+            &res, key);
+    }
+    else
+#endif
+    {
+        ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
+            (word32)sizeof(msg), &res, key);
+    }
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (res != 1)
         ERROR_OUT(WC_TEST_RET_ENC_EC(res), out);
+
+    /* Now test the export pub raw API, verify we recover the original pub. */
+    ret = wc_dilithium_export_public(key, pubExported, &lenExported);
+    if (ret != 0) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
+
+    if (lenExported <= 0 || lenExported != pubKeyLen) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(lenExported), out);
+    }
+
+    n_diff = XMEMCMP(pubExported, pubKey, pubKeyLen);
+
+    if (n_diff) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(n_diff), out);
+    }
+
 out:
     wc_dilithium_free(key);
     XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(pubExported, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     return ret;
 }
 
@@ -40589,6 +43657,119 @@ out:
 static wc_test_ret_t dilithium_param_44_vfy_test(void)
 {
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_pub_key[] = {
+        0xd8, 0xac, 0xaf, 0xd8, 0x2e, 0x14, 0x23, 0x78, 0xf7, 0x0d, 0x9a, 0x04,
+        0x2b, 0x92, 0x48, 0x67, 0x60, 0x55, 0x34, 0xd9, 0xac, 0x0b, 0xc4, 0x1f,
+        0x46, 0xe8, 0x85, 0xb9, 0x2e, 0x1b, 0x10, 0x3a, 0x75, 0x7a, 0xc2, 0xbc,
+        0x76, 0xf0, 0x6d, 0x05, 0xa4, 0x78, 0x48, 0x84, 0x26, 0x69, 0xbd, 0x26,
+        0x1d, 0x73, 0x60, 0xaa, 0x57, 0x9d, 0x8c, 0x66, 0xb1, 0x19, 0xea, 0x11,
+        0xff, 0xbb, 0xf6, 0xeb, 0x26, 0x26, 0xac, 0x78, 0x74, 0x46, 0x6d, 0x51,
+        0x6e, 0x92, 0xdf, 0x6a, 0x98, 0x41, 0xe9, 0x10, 0xf2, 0xcc, 0xa8, 0x7a,
+        0x50, 0xdb, 0x1f, 0x4c, 0x42, 0x19, 0xd5, 0xbc, 0x76, 0x20, 0x6f, 0x2f,
+        0xbf, 0xc2, 0xc9, 0x1b, 0x02, 0xb5, 0xb1, 0x09, 0x46, 0x06, 0x87, 0x02,
+        0xac, 0x3d, 0xcf, 0xc3, 0xa5, 0x1b, 0xf0, 0xce, 0xd4, 0x9e, 0x84, 0x34,
+        0x3c, 0x24, 0x7d, 0x89, 0xf3, 0xbf, 0x9c, 0x18, 0x9d, 0x1b, 0x1d, 0xd4,
+        0xf6, 0xda, 0xc9, 0xa4, 0x14, 0xc4, 0x6b, 0xd7, 0x05, 0x6d, 0xed, 0x54,
+        0x42, 0x6b, 0x5f, 0x6d, 0x1e, 0xda, 0x6b, 0x47, 0x70, 0xe5, 0x4e, 0xe7,
+        0x25, 0x06, 0xf8, 0x28, 0x24, 0x34, 0xd6, 0xe5, 0xbe, 0xc5, 0x4f, 0x9e,
+        0x5d, 0x33, 0xfc, 0xef, 0xe4, 0xe9, 0x55, 0x67, 0x93, 0x1f, 0x2e, 0x11,
+        0x3a, 0x2e, 0xf2, 0xbb, 0x82, 0x09, 0x8d, 0xb2, 0x09, 0xf3, 0x2f, 0xef,
+        0x6f, 0x38, 0xc6, 0x56, 0xf2, 0x23, 0x08, 0x63, 0x99, 0x7f, 0x4e, 0xc0,
+        0x9d, 0x08, 0x9d, 0xa1, 0x59, 0x6e, 0xe1, 0x00, 0x2c, 0x99, 0xec, 0x83,
+        0x2f, 0x12, 0x97, 0x2f, 0x75, 0x04, 0x67, 0x44, 0xb5, 0x95, 0xce, 0xc6,
+        0x3e, 0x7a, 0x10, 0x77, 0x5e, 0xbe, 0x9c, 0x0f, 0xb3, 0xc7, 0x38, 0xbf,
+        0x9e, 0x35, 0x8f, 0xe4, 0x8d, 0x19, 0xc3, 0x41, 0xb1, 0x0b, 0x8c, 0x10,
+        0x9a, 0x58, 0xec, 0x4f, 0xb3, 0xe9, 0x5b, 0x72, 0x4b, 0xb8, 0x99, 0x34,
+        0x9a, 0xcd, 0xb0, 0x69, 0xd0, 0x67, 0xef, 0x96, 0xb9, 0xe5, 0x54, 0x92,
+        0xb7, 0x1a, 0x52, 0xf6, 0x0a, 0xc2, 0x23, 0x8d, 0x4f, 0xad, 0x00, 0xae,
+        0x0f, 0x97, 0xfa, 0xce, 0x96, 0xba, 0xe7, 0x74, 0x55, 0xd4, 0xaf, 0xbf,
+        0xa1, 0x32, 0x91, 0x2d, 0x03, 0x9f, 0xe3, 0x10, 0x8c, 0x77, 0x5d, 0x26,
+        0x76, 0xf1, 0x87, 0x90, 0xf0, 0x20, 0xd1, 0xea, 0xf7, 0xa4, 0xe8, 0x2c,
+        0x32, 0x1c, 0x55, 0xc0, 0x5d, 0xc9, 0xcd, 0x4e, 0x8f, 0x0d, 0xef, 0x0a,
+        0x27, 0xb6, 0x4f, 0xa4, 0xd3, 0xa4, 0xed, 0x33, 0x22, 0xa1, 0xd3, 0x15,
+        0xac, 0x1a, 0x20, 0x4e, 0x28, 0x8c, 0x8c, 0xd0, 0x71, 0xd1, 0xf2, 0xdb,
+        0x33, 0x63, 0xb6, 0xa4, 0xf2, 0x17, 0x3c, 0x12, 0xb0, 0xad, 0xef, 0x31,
+        0x91, 0xfe, 0xe5, 0x53, 0x99, 0xb6, 0x85, 0x63, 0xfa, 0xe6, 0xcd, 0xf6,
+        0xb9, 0xce, 0x4a, 0x7d, 0x4a, 0x49, 0x29, 0xd2, 0xd9, 0xc9, 0x47, 0x4a,
+        0x8a, 0x5c, 0x14, 0x5e, 0x0f, 0x7c, 0xc3, 0x91, 0xb0, 0xab, 0x37, 0xf5,
+        0x26, 0x8d, 0x46, 0x74, 0x49, 0xad, 0x51, 0xc3, 0x11, 0xfa, 0x85, 0x15,
+        0xa5, 0x84, 0xc1, 0xe0, 0x3c, 0x13, 0x6d, 0x13, 0xa3, 0xe6, 0xa8, 0x3c,
+        0x22, 0xac, 0x17, 0x48, 0x57, 0x7c, 0x81, 0xe2, 0x4e, 0xd8, 0x33, 0x5d,
+        0x4d, 0x65, 0xf7, 0xe1, 0xb8, 0x00, 0x78, 0x09, 0x16, 0xb0, 0x0b, 0xca,
+        0x15, 0x0d, 0xcd, 0x9a, 0xd8, 0x47, 0x4c, 0x9b, 0x69, 0xb2, 0xa0, 0x9d,
+        0x96, 0x96, 0x52, 0x6d, 0x89, 0xad, 0xff, 0x55, 0xde, 0x7b, 0xd6, 0x3d,
+        0x1d, 0x5e, 0x8d, 0xf1, 0xfc, 0x48, 0x1c, 0x50, 0x59, 0x55, 0xb9, 0x07,
+        0xfd, 0x6b, 0xcb, 0x95, 0xa6, 0x14, 0x73, 0xdb, 0x40, 0x40, 0x1c, 0x44,
+        0xe6, 0x79, 0x30, 0x88, 0xbd, 0xa0, 0xde, 0x9b, 0xb8, 0x76, 0xf8, 0x98,
+        0x56, 0x4b, 0xb9, 0x7a, 0xf6, 0xd4, 0x73, 0x89, 0x6b, 0xf7, 0x7d, 0x05,
+        0x33, 0xbe, 0xb6, 0x1c, 0x4d, 0xa7, 0x12, 0x3b, 0x3f, 0xed, 0x4a, 0x0f,
+        0xae, 0xa7, 0x6a, 0x26, 0x0d, 0x01, 0x84, 0x84, 0xa8, 0x0e, 0xc1, 0xc1,
+        0xfd, 0xe4, 0xa9, 0xe2, 0x3f, 0xab, 0xce, 0x20, 0x90, 0x86, 0x79, 0xa2,
+        0x40, 0xd0, 0xef, 0x79, 0x34, 0x2b, 0xe8, 0xc9, 0x54, 0xa7, 0x19, 0x62,
+        0xcc, 0x20, 0x79, 0x3f, 0x5b, 0x9c, 0x61, 0xc2, 0xc1, 0xd2, 0x36, 0x7c,
+        0x8e, 0xe3, 0x01, 0xbe, 0xc4, 0xb2, 0xb8, 0x07, 0x51, 0x23, 0x5b, 0x5d,
+        0x00, 0xe6, 0x7f, 0xd6, 0xbb, 0x32, 0xa9, 0x7e, 0xb4, 0x30, 0xeb, 0x5e,
+        0x6d, 0xed, 0xb2, 0xc3, 0x88, 0x81, 0xa3, 0x3b, 0x1f, 0x1e, 0xf9, 0x48,
+        0x10, 0xd6, 0x01, 0x65, 0x5f, 0x6d, 0xc5, 0xeb, 0x76, 0x5f, 0x10, 0x79,
+        0xaa, 0xc0, 0x86, 0xe7, 0x44, 0x95, 0x44, 0x4b, 0x54, 0x0c, 0x46, 0x2a,
+        0x98, 0x01, 0x6e, 0xc0, 0xb9, 0x59, 0x2a, 0xff, 0x8f, 0xb3, 0x80, 0x15,
+        0xec, 0xcd, 0x39, 0x36, 0xd7, 0x2f, 0x20, 0x9e, 0x3a, 0xc1, 0x90, 0xe5,
+        0x99, 0x27, 0x16, 0xd7, 0x6c, 0x30, 0x10, 0x12, 0x03, 0x3e, 0xdc, 0xb9,
+        0x03, 0x25, 0xb0, 0x8a, 0x27, 0x4d, 0x1a, 0x32, 0x36, 0x54, 0xc0, 0xba,
+        0x22, 0xb2, 0xe2, 0xf6, 0x39, 0x23, 0x03, 0xc4, 0xc9, 0xe4, 0x0d, 0x99,
+        0xfb, 0x98, 0xa5, 0x9b, 0x12, 0x9b, 0x58, 0x44, 0x74, 0x9f, 0x65, 0x61,
+        0x51, 0xba, 0x31, 0x60, 0x9c, 0xec, 0xf8, 0x4d, 0x36, 0x61, 0xd1, 0x33,
+        0x6d, 0xa6, 0x28, 0x75, 0xba, 0x7c, 0x82, 0xcb, 0x7e, 0xbe, 0x8f, 0x2d,
+        0x21, 0x84, 0xb9, 0xf2, 0x4e, 0x7b, 0x95, 0x99, 0x11, 0xf3, 0xe1, 0xc0,
+        0x6a, 0x44, 0xae, 0x11, 0xcb, 0x04, 0xa0, 0xf2, 0x3e, 0x17, 0xdf, 0xb2,
+        0x6a, 0xdf, 0x5c, 0xf3, 0x8a, 0xf8, 0x90, 0x86, 0x64, 0xea, 0x0a, 0x32,
+        0x7f, 0x9f, 0x90, 0xa8, 0x9d, 0x33, 0x12, 0xa6, 0xa4, 0xe7, 0x74, 0xa0,
+        0x75, 0xa9, 0x65, 0xf8, 0x39, 0xae, 0x14, 0x32, 0x79, 0xcc, 0xaa, 0x34,
+        0x86, 0x55, 0xcc, 0x99, 0xb7, 0x00, 0x05, 0x8b, 0xe3, 0x76, 0x28, 0x12,
+        0xb6, 0x2a, 0x3e, 0x44, 0x8d, 0xf4, 0xba, 0xef, 0xf6, 0xdc, 0x29, 0x08,
+        0x29, 0x7d, 0xd1, 0x1d, 0x17, 0x15, 0xb6, 0xb6, 0x58, 0x67, 0xd5, 0xd3,
+        0x12, 0x05, 0x4e, 0xb0, 0xc3, 0x83, 0xe0, 0x35, 0x30, 0x60, 0x59, 0xa0,
+        0xc5, 0x97, 0x5b, 0x81, 0xd3, 0x68, 0x6c, 0x8c, 0x17, 0x28, 0xa9, 0x24,
+        0x4f, 0x80, 0x20, 0xa5, 0x21, 0x9f, 0x8f, 0x15, 0x89, 0x2d, 0x87, 0xae,
+        0x2e, 0xcc, 0x73, 0x3e, 0x06, 0x43, 0xbc, 0xb3, 0x1b, 0xa6, 0x72, 0xaa,
+        0xa3, 0xaa, 0xbb, 0x6f, 0x2d, 0x68, 0x60, 0xcf, 0x05, 0x94, 0x25, 0x3e,
+        0x59, 0xf3, 0x64, 0x61, 0x5e, 0x78, 0x9a, 0x7e, 0x0d, 0x50, 0x45, 0x78,
+        0x51, 0xab, 0x11, 0xb1, 0xc6, 0x95, 0xfc, 0x29, 0x28, 0x10, 0x9c, 0x1a,
+        0x8c, 0x37, 0xb5, 0x4f, 0x0e, 0xed, 0x4a, 0x28, 0x6c, 0xaa, 0xb7, 0x0d,
+        0x12, 0xfa, 0x87, 0x5d, 0xd4, 0x9a, 0xb7, 0x2b, 0x46, 0x90, 0x58, 0x4e,
+        0xd7, 0x8b, 0x41, 0x1b, 0xf8, 0xc4, 0xc2, 0xde, 0xda, 0xec, 0x61, 0xe7,
+        0xbf, 0x11, 0xdd, 0x6e, 0x4e, 0x6a, 0xd4, 0x87, 0x01, 0xe4, 0xac, 0xe8,
+        0xaf, 0x2b, 0x01, 0xe1, 0x09, 0x20, 0xe0, 0xbd, 0x7d, 0x03, 0x73, 0x23,
+        0xdf, 0x77, 0x71, 0xa4, 0x25, 0x8b, 0x0a, 0x93, 0x49, 0x32, 0x45, 0x1a,
+        0xa4, 0x94, 0x31, 0x61, 0x2e, 0x17, 0x39, 0x8a, 0x66, 0xc9, 0xf9, 0x20,
+        0x2d, 0x6a, 0x97, 0x2f, 0xe7, 0x26, 0xd8, 0x01, 0x42, 0x65, 0xcf, 0xce,
+        0xd4, 0x24, 0x41, 0xfb, 0x9b, 0x6f, 0xf1, 0xc2, 0x9e, 0xd5, 0x08, 0x0c,
+        0xdc, 0x4d, 0x8e, 0xae, 0xcb, 0x5f, 0xd4, 0xcd, 0x7c, 0xf6, 0x82, 0xc6,
+        0xee, 0xf9, 0x88, 0x3a, 0x34, 0x07, 0x04, 0xb4, 0x84, 0x69, 0xb3, 0xa4,
+        0x67, 0xab, 0x09, 0xc0, 0x83, 0xfe, 0x59, 0xaf, 0x18, 0x2c, 0xc8, 0x09,
+        0xc1, 0xbb, 0x13, 0x7c, 0xce, 0x01, 0x5d, 0x85, 0xaa, 0x10, 0x28, 0xa2,
+        0x96, 0x98, 0x69, 0x23, 0xa3, 0xe7, 0x67, 0xbc, 0x7c, 0x7e, 0xde, 0x4b,
+        0x36, 0xab, 0x94, 0xd2, 0xb8, 0xf9, 0xdf, 0xee, 0xa1, 0x69, 0xa1, 0xc8,
+        0xe9, 0x83, 0x21, 0xac, 0x1b, 0x39, 0xf7, 0x6d, 0xbf, 0x8c, 0xdb, 0xd6,
+        0x2f, 0xc9, 0x3c, 0x3d, 0x50, 0xcf, 0x7f, 0xbe, 0x4a, 0x8d, 0xd8, 0x14,
+        0xad, 0x69, 0xb0, 0x3e, 0x8a, 0xaf, 0xeb, 0xd9, 0x1a, 0x15, 0x4a, 0xe4,
+        0xdd, 0xd9, 0xb2, 0xf8, 0x6b, 0xe2, 0x42, 0x9e, 0x29, 0x16, 0xfc, 0x85,
+        0x9c, 0x47, 0x4b, 0x1f, 0x3d, 0x7b, 0x8c, 0xe1, 0x6d, 0xa3, 0xb8, 0x0a,
+        0xe6, 0xfa, 0x27, 0xfe, 0x52, 0x72, 0xab, 0x3a, 0xa6, 0x58, 0xd7, 0x53,
+        0xaf, 0x9f, 0xee, 0x03, 0x85, 0xfc, 0xa4, 0x7a, 0x72, 0x29, 0x7e, 0x62,
+        0x28, 0x08, 0x79, 0xa8, 0xb8, 0xc7, 0x51, 0x8d, 0xaa, 0x40, 0x2d, 0x4a,
+        0xd9, 0x47, 0xb4, 0xa8, 0xa2, 0x0a, 0x43, 0xd0, 0xe0, 0x4a, 0x39, 0xa3,
+        0x06, 0x08, 0x9a, 0xe2, 0xf3, 0xf2, 0xf8, 0xb9, 0x9f, 0x63, 0x32, 0xa0,
+        0x65, 0x0b, 0xb0, 0x50, 0x96, 0xa6, 0xa8, 0x7a, 0x18, 0xdd, 0x6c, 0xd1,
+        0x9b, 0xd9, 0x4e, 0x76, 0x8f, 0xfb, 0x22, 0xa6, 0x1d, 0x29, 0xfc, 0xb8,
+        0x47, 0x29, 0xb6, 0xd1, 0xb1, 0x63, 0x4a, 0x36, 0x1b, 0x10, 0xe6, 0x4c,
+        0x65, 0x68, 0x1f, 0xad, 0x4f, 0x7d, 0x6b, 0x01, 0x41, 0x18, 0x5f, 0xba,
+        0x3d, 0xa6, 0x54, 0x28, 0x58, 0xd5, 0x81, 0x60, 0xdf, 0x84, 0x76, 0x00,
+        0x21, 0x53, 0xeb, 0xd3, 0xa6, 0xec, 0x7d, 0x3c, 0xb8, 0xcd, 0x91, 0x4c,
+        0x2f, 0x4b, 0x2e, 0x23, 0x4c, 0x0f, 0x0f, 0xe0, 0x14, 0xa5, 0xe7, 0xe5,
+        0x70, 0x8d, 0x8b, 0x9c
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_pub_key[] = {
     0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
     0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
     0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2,
@@ -40720,9 +43901,215 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
     0x6a, 0x68, 0x4e, 0x2c, 0x1b, 0x56, 0x3e, 0x60, 0xa4, 0x42,
     0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77,
     0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1,
-    0xfe, 0x4b,
+    0xfe, 0x4b
     };
+#endif
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_sig[] = {
+        0x27, 0x3b, 0x58, 0xa0, 0xcf, 0x00, 0x29, 0x5e, 0x1a, 0x63, 0xbf, 0xb4,
+        0x97, 0x16, 0xa1, 0x9c, 0x78, 0xd1, 0x33, 0xdc, 0x72, 0xde, 0xa3, 0xfc,
+        0xf4, 0x09, 0xb1, 0x09, 0x16, 0x3f, 0x80, 0x72, 0x22, 0x68, 0x65, 0x68,
+        0xb9, 0x80, 0x5a, 0x4a, 0x0d, 0x73, 0x49, 0xe1, 0xc6, 0xde, 0xca, 0x08,
+        0x4f, 0xca, 0xf8, 0xb2, 0xf8, 0x45, 0x3b, 0x6b, 0x8c, 0x6c, 0xfd, 0x3a,
+        0xf4, 0xde, 0xde, 0x82, 0xd8, 0x04, 0xbe, 0x4f, 0x4a, 0xdb, 0x92, 0x47,
+        0x83, 0x2d, 0xc4, 0x55, 0xed, 0x20, 0x4f, 0x71, 0xb1, 0x58, 0xd9, 0x70,
+        0x73, 0xbd, 0xb0, 0x3a, 0xb4, 0x8f, 0xd6, 0x9e, 0x32, 0x98, 0x2b, 0x9e,
+        0xff, 0x2a, 0x7c, 0xcb, 0x05, 0x1b, 0x8e, 0xe6, 0x3a, 0x45, 0xc6, 0x7a,
+        0xc8, 0xaf, 0x62, 0xd3, 0x04, 0xfa, 0x69, 0x4f, 0xda, 0x1b, 0x74, 0x16,
+        0x0d, 0xb3, 0x1a, 0xee, 0x71, 0xd7, 0xb0, 0xef, 0x69, 0xf5, 0xe2, 0xe9,
+        0xc2, 0xcc, 0x15, 0x66, 0x28, 0x0a, 0xac, 0xe2, 0x63, 0x06, 0xb7, 0x21,
+        0x0d, 0xd8, 0x5c, 0x94, 0x63, 0xfd, 0x51, 0x18, 0x9f, 0x07, 0x19, 0x3d,
+        0xa2, 0x50, 0x40, 0xd3, 0xe9, 0x05, 0xd4, 0x11, 0x13, 0x15, 0xaa, 0x46,
+        0xda, 0x3e, 0x5f, 0xcd, 0x3c, 0xfa, 0x42, 0xba, 0x79, 0x4a, 0xb7, 0x43,
+        0x91, 0xa5, 0xcb, 0xbc, 0xeb, 0x37, 0x94, 0xf1, 0x9c, 0xb9, 0xdb, 0x41,
+        0x06, 0xd8, 0x7b, 0x5e, 0x90, 0xe3, 0x3c, 0x8a, 0x10, 0x62, 0x9a, 0x15,
+        0x27, 0x78, 0xed, 0x69, 0x11, 0x2c, 0xb5, 0xb4, 0xdb, 0xc8, 0x70, 0x50,
+        0x62, 0x47, 0x96, 0xcb, 0xd9, 0xb2, 0x3e, 0x59, 0x2f, 0x1c, 0xac, 0xcb,
+        0xcf, 0x22, 0xc2, 0x9b, 0xc7, 0x92, 0xe9, 0x4d, 0x8d, 0x5d, 0xcf, 0x06,
+        0x53, 0x7e, 0xf4, 0x4e, 0xfe, 0x9e, 0x41, 0x5d, 0x00, 0x8c, 0x08, 0xf4,
+        0x02, 0x79, 0x33, 0x1c, 0x27, 0x1d, 0xe3, 0x94, 0xac, 0xe6, 0x87, 0xa0,
+        0x08, 0xb4, 0x60, 0x0c, 0xff, 0x47, 0xdc, 0x16, 0x3a, 0x1d, 0x89, 0xc0,
+        0x6a, 0xa4, 0x3d, 0x71, 0x33, 0xdd, 0x1e, 0x70, 0xfe, 0xd4, 0x8b, 0xed,
+        0x7c, 0x91, 0xe4, 0xe2, 0x15, 0x06, 0xc1, 0x83, 0x24, 0x55, 0xa7, 0x2a,
+        0x9f, 0x4e, 0xd9, 0x56, 0x7a, 0x95, 0xa8, 0xdd, 0xc4, 0xf0, 0x71, 0x3a,
+        0x99, 0x65, 0x31, 0x4b, 0xb7, 0x96, 0x2c, 0x53, 0x54, 0x83, 0xec, 0xc9,
+        0x97, 0x2f, 0x0c, 0xa4, 0x8f, 0xbb, 0x93, 0x9d, 0xea, 0xae, 0xf9, 0xcb,
+        0xb2, 0xb9, 0xa3, 0x61, 0x5f, 0x77, 0x8c, 0xb6, 0x5a, 0x56, 0xbe, 0x5f,
+        0x85, 0xd1, 0xb5, 0x0a, 0x53, 0xe2, 0xc7, 0xbf, 0x76, 0x8b, 0x97, 0x6f,
+        0x10, 0xdd, 0x1f, 0x44, 0x69, 0x66, 0x03, 0xc4, 0x6b, 0x59, 0xf7, 0xb4,
+        0xc1, 0x12, 0xcc, 0x00, 0x70, 0xe8, 0xbd, 0x44, 0x28, 0xf5, 0xfa, 0x96,
+        0xf3, 0x59, 0xed, 0x81, 0x67, 0xe0, 0xbe, 0x47, 0x75, 0xb3, 0xa8, 0x9f,
+        0x21, 0x70, 0x2e, 0x6f, 0xef, 0x54, 0x11, 0x3f, 0x34, 0xaf, 0x0d, 0x73,
+        0x5b, 0x9e, 0x6d, 0x86, 0x58, 0xb7, 0x34, 0xc2, 0xc2, 0xb3, 0x64, 0xd5,
+        0x9b, 0x6e, 0xb9, 0x99, 0x6a, 0xe4, 0xfd, 0xc3, 0x17, 0xf3, 0x10, 0xfc,
+        0x6e, 0xf5, 0x65, 0xe1, 0x9c, 0x59, 0x15, 0x11, 0x00, 0xea, 0x96, 0x81,
+        0x69, 0x9b, 0x05, 0x4d, 0xf3, 0xce, 0xf3, 0xf0, 0xa9, 0x01, 0x3f, 0x13,
+        0xbb, 0xb0, 0xac, 0xc3, 0x92, 0x1c, 0x2b, 0x61, 0xe3, 0x01, 0x22, 0x45,
+        0x4a, 0x23, 0x19, 0x80, 0xca, 0xb9, 0xef, 0x4e, 0x76, 0x52, 0xc5, 0x9d,
+        0x91, 0x33, 0x17, 0xc4, 0x28, 0x83, 0x55, 0x61, 0x49, 0x72, 0x04, 0xaa,
+        0xf8, 0xe3, 0x4b, 0x20, 0xf7, 0x6a, 0x74, 0x56, 0x64, 0xf9, 0xb3, 0xc9,
+        0x67, 0x5b, 0x55, 0x29, 0x9a, 0x89, 0xa5, 0x14, 0x67, 0xea, 0x6d, 0x6a,
+        0xde, 0x98, 0x58, 0x73, 0x25, 0xa3, 0xdb, 0xed, 0x3d, 0x62, 0xaa, 0xe0,
+        0x79, 0x7f, 0xa3, 0xd9, 0xb5, 0x4c, 0xe9, 0xa8, 0xdf, 0xfd, 0x59, 0x31,
+        0x42, 0x81, 0x9e, 0xb7, 0x81, 0x3f, 0x0e, 0xfb, 0xef, 0x80, 0x71, 0x9d,
+        0xb7, 0xa5, 0xfc, 0xb1, 0x80, 0xc9, 0x7e, 0x31, 0xd9, 0x47, 0xe2, 0xca,
+        0x10, 0x7b, 0xd1, 0xa1, 0x1c, 0x28, 0xc7, 0x7f, 0x51, 0x26, 0xb1, 0x4e,
+        0x57, 0xdd, 0x7d, 0x76, 0x5c, 0x5a, 0x85, 0xa7, 0x7b, 0x8c, 0xc5, 0x6e,
+        0xac, 0x20, 0xf8, 0x49, 0x16, 0xd6, 0x64, 0xf5, 0xf4, 0x2c, 0x32, 0xa1,
+        0x5d, 0xfb, 0x87, 0xb6, 0x14, 0xfe, 0x68, 0x7c, 0x4d, 0xce, 0xd7, 0x94,
+        0xf9, 0x8b, 0xf0, 0x61, 0xfd, 0xe0, 0x83, 0x7f, 0x13, 0xec, 0x7a, 0xb7,
+        0x41, 0x04, 0x51, 0x6e, 0x30, 0xa2, 0x01, 0xf7, 0x30, 0x12, 0xec, 0xd2,
+        0x8f, 0x73, 0xe7, 0x8e, 0x12, 0xb4, 0xe5, 0xc1, 0xff, 0xdf, 0x67, 0x14,
+        0xb1, 0xe9, 0xba, 0x36, 0x19, 0x18, 0xf4, 0xaa, 0xe0, 0xe4, 0x9d, 0xcd,
+        0xe8, 0xe7, 0x2b, 0x33, 0xb3, 0xdc, 0xb9, 0x19, 0xd7, 0xad, 0xa4, 0x68,
+        0xcd, 0x83, 0x77, 0x98, 0x36, 0x49, 0xd9, 0x32, 0x20, 0xfd, 0xfc, 0x34,
+        0xe7, 0x54, 0xd9, 0xb5, 0x05, 0xab, 0x0e, 0x08, 0x0e, 0x16, 0x8a, 0x7d,
+        0x91, 0x4c, 0xaa, 0x19, 0x04, 0x37, 0x35, 0xa5, 0xab, 0x6c, 0xee, 0xc4,
+        0x90, 0xf0, 0x5f, 0xc7, 0xae, 0x82, 0xfd, 0x59, 0x53, 0xe5, 0x36, 0x5a,
+        0x56, 0x37, 0x61, 0x69, 0xda, 0xe5, 0x8f, 0xfd, 0x2e, 0xd4, 0x9c, 0x7f,
+        0xb6, 0x39, 0xa4, 0x8d, 0x0a, 0xab, 0x82, 0x0f, 0xfe, 0x84, 0x69, 0x44,
+        0x8a, 0xa6, 0xd0, 0x39, 0xf9, 0x72, 0x68, 0xe7, 0x97, 0xd8, 0x6c, 0x7b,
+        0xec, 0x85, 0x8c, 0x52, 0xc9, 0x97, 0xbb, 0xc4, 0x7a, 0x67, 0x22, 0x60,
+        0x46, 0x9f, 0x16, 0xf1, 0x67, 0x0e, 0x1b, 0x50, 0x7c, 0xc4, 0x29, 0x15,
+        0xbc, 0x55, 0x6a, 0x67, 0xf6, 0xa8, 0x85, 0x66, 0x89, 0x9f, 0xff, 0x38,
+        0x28, 0xaa, 0x87, 0x91, 0xce, 0xde, 0x8d, 0x45, 0x5c, 0xa1, 0x25, 0x95,
+        0xe2, 0x86, 0xdd, 0xa1, 0x87, 0x6a, 0x0a, 0xa8, 0x3e, 0x63, 0x0e, 0x21,
+        0xa5, 0x6e, 0x08, 0x4d, 0x07, 0xb6, 0x26, 0xa8, 0x92, 0xdb, 0xed, 0x13,
+        0x01, 0xc3, 0xba, 0xcf, 0xad, 0x01, 0xbc, 0xe5, 0xc0, 0xba, 0xbe, 0x7c,
+        0x75, 0xf1, 0xb9, 0xfe, 0xd3, 0xf0, 0xa5, 0x2c, 0x8e, 0x10, 0xff, 0x99,
+        0xcb, 0xe2, 0x2d, 0xdc, 0x2f, 0x76, 0x00, 0xf8, 0x51, 0x7c, 0xcc, 0x52,
+        0x16, 0x0f, 0x18, 0x98, 0xea, 0x34, 0x06, 0x7f, 0xb7, 0x2e, 0xe9, 0x40,
+        0xf0, 0x2d, 0x30, 0x3d, 0xc0, 0x67, 0x4c, 0xe6, 0x63, 0x40, 0x41, 0x42,
+        0x96, 0xbb, 0x0b, 0xd6, 0xc9, 0x1c, 0x22, 0x7a, 0xa9, 0x4d, 0xcc, 0x5b,
+        0xaa, 0x03, 0xc6, 0x3b, 0x1e, 0x2f, 0x11, 0xae, 0x34, 0x6f, 0x0c, 0xe9,
+        0x16, 0x9c, 0x82, 0x3b, 0x90, 0x4c, 0x0e, 0xf0, 0xf9, 0x7f, 0x02, 0xca,
+        0xb9, 0xa9, 0x49, 0x6d, 0x27, 0x73, 0xd0, 0xbf, 0x15, 0x61, 0x52, 0xbc,
+        0xd6, 0x31, 0x59, 0x2b, 0x52, 0x5b, 0xaf, 0x3c, 0xc0, 0x8f, 0xdc, 0xd5,
+        0x2c, 0x1d, 0xe4, 0xe9, 0x41, 0xe8, 0xd3, 0x35, 0xd6, 0xb1, 0xf3, 0x32,
+        0xe0, 0x52, 0x08, 0x73, 0x99, 0xb6, 0x6b, 0xbc, 0x26, 0xfb, 0x2e, 0xa7,
+        0xb7, 0xcd, 0x14, 0xf0, 0xf9, 0xe5, 0x3a, 0xd0, 0x05, 0x5b, 0x2b, 0x38,
+        0xbd, 0x7c, 0xda, 0xd4, 0x15, 0x45, 0xfa, 0x3b, 0x6f, 0x94, 0x8e, 0x22,
+        0xce, 0xfa, 0x53, 0xe0, 0x5f, 0xa6, 0x9d, 0x1c, 0x26, 0x91, 0x8a, 0xab,
+        0x72, 0x5b, 0x18, 0x78, 0x69, 0x98, 0x3f, 0x8d, 0x33, 0x7c, 0x21, 0x93,
+        0x9e, 0xf0, 0xaf, 0xb7, 0x30, 0xc8, 0xac, 0xbc, 0xdb, 0x9c, 0x29, 0x17,
+        0x6b, 0x9d, 0x0f, 0x16, 0xd6, 0xc0, 0xcc, 0x3b, 0xce, 0x11, 0xe9, 0x64,
+        0xc8, 0xd4, 0x4c, 0x98, 0x7c, 0x8f, 0xf1, 0x5e, 0x84, 0xe4, 0x72, 0xf9,
+        0x69, 0xf5, 0x9d, 0xad, 0x95, 0x3b, 0xfb, 0x6d, 0x30, 0x7e, 0x0a, 0x47,
+        0x5b, 0x26, 0xb2, 0x4e, 0xeb, 0x1a, 0xc3, 0x37, 0x16, 0x28, 0x79, 0x62,
+        0xb4, 0x36, 0x85, 0x4a, 0x15, 0x5a, 0xc3, 0x6e, 0xbe, 0x7e, 0x00, 0xe9,
+        0x4a, 0xa5, 0xd7, 0x90, 0xcf, 0x59, 0x63, 0x2d, 0x2b, 0xc2, 0xc6, 0x47,
+        0xe6, 0x77, 0xb7, 0x6e, 0x9b, 0xc8, 0x0d, 0x18, 0x2b, 0x45, 0x2b, 0xc9,
+        0x5a, 0x6e, 0xb4, 0x50, 0xa5, 0x23, 0x7d, 0x17, 0xcc, 0x49, 0xe2, 0xb3,
+        0xf4, 0x6d, 0xb4, 0xb7, 0xbb, 0x9e, 0xdd, 0x20, 0x99, 0x19, 0xf5, 0x53,
+        0x1f, 0xd0, 0xff, 0x67, 0xf3, 0x8e, 0x6a, 0xcd, 0x2a, 0x6e, 0x2b, 0x0a,
+        0x90, 0xd7, 0xdb, 0xe1, 0xff, 0x1c, 0x40, 0xa1, 0xb0, 0x5d, 0x94, 0x4d,
+        0x20, 0x14, 0x01, 0xa1, 0xa8, 0xd1, 0x15, 0xd2, 0xd9, 0x1b, 0xbf, 0xc2,
+        0x8a, 0xd0, 0x02, 0xf6, 0x16, 0xa1, 0xb7, 0x40, 0xe0, 0x36, 0x88, 0xc8,
+        0x17, 0x0a, 0xf0, 0xb6, 0x0d, 0x3c, 0x53, 0xb9, 0x51, 0xed, 0xef, 0x20,
+        0x6f, 0xf3, 0x0c, 0xb5, 0xce, 0x0e, 0x9e, 0xfd, 0x0f, 0x5e, 0x3f, 0x8f,
+        0x3c, 0xb7, 0x2a, 0xdb, 0xc6, 0xa7, 0xf2, 0x11, 0x6e, 0xdc, 0x05, 0x33,
+        0xd4, 0xd8, 0xb0, 0x2d, 0x8a, 0xe5, 0x39, 0x82, 0x00, 0x49, 0x7d, 0xfd,
+        0x32, 0x29, 0xbb, 0x79, 0x5d, 0xcb, 0x21, 0x7b, 0x2d, 0x36, 0x58, 0x73,
+        0x52, 0x57, 0x52, 0x96, 0x4d, 0x89, 0x61, 0xf4, 0xad, 0x1f, 0x48, 0xd5,
+        0x7a, 0x4a, 0xaa, 0x1c, 0xa1, 0xf4, 0xb4, 0x9c, 0x43, 0x3b, 0x95, 0x72,
+        0xd0, 0x0e, 0x35, 0x82, 0x26, 0xd4, 0x2e, 0xe3, 0x83, 0x96, 0x97, 0x5a,
+        0x7b, 0xfc, 0x48, 0x17, 0x3c, 0xba, 0x9e, 0x5f, 0x46, 0x1a, 0x53, 0xe3,
+        0x2e, 0x78, 0x79, 0x80, 0xf6, 0x2d, 0x24, 0xcf, 0x62, 0xb6, 0x86, 0xeb,
+        0xee, 0xec, 0xf2, 0x1d, 0x00, 0xc8, 0x28, 0x9d, 0x93, 0x16, 0xa7, 0xd9,
+        0x11, 0x47, 0xe3, 0xc4, 0xb6, 0xc4, 0xa0, 0x99, 0x83, 0xc1, 0x17, 0xd8,
+        0x8e, 0xde, 0x69, 0x1d, 0xcb, 0xdd, 0xe7, 0x86, 0x6f, 0xf2, 0x36, 0x07,
+        0x23, 0x86, 0x0d, 0xe9, 0xad, 0x87, 0xae, 0x76, 0x98, 0x95, 0x51, 0xf2,
+        0xb3, 0x11, 0xc5, 0x34, 0xf0, 0x0c, 0xf8, 0x29, 0x9c, 0x84, 0x4f, 0x81,
+        0x49, 0x85, 0x63, 0x25, 0x16, 0xb0, 0xc3, 0xaa, 0xd7, 0x8a, 0x2e, 0x4b,
+        0x97, 0x60, 0x74, 0xf8, 0xa7, 0x39, 0xec, 0x6c, 0x2c, 0x9b, 0x33, 0x3a,
+        0x11, 0xbd, 0xa6, 0x90, 0x48, 0x65, 0xb1, 0xe7, 0x38, 0x53, 0x47, 0x1b,
+        0x62, 0xd5, 0xb7, 0xa8, 0xd4, 0xae, 0xf5, 0x12, 0x06, 0x12, 0x54, 0xa2,
+        0xce, 0xf1, 0x6b, 0x3a, 0xda, 0x63, 0x2e, 0x37, 0x2a, 0x25, 0x89, 0x30,
+        0x98, 0x77, 0x1d, 0x4b, 0x5a, 0x1e, 0xb7, 0x3d, 0xed, 0x19, 0xec, 0x9f,
+        0x64, 0x46, 0xa8, 0x2a, 0x79, 0xf3, 0x70, 0x39, 0x9f, 0x8c, 0xc3, 0x28,
+        0xcc, 0x2a, 0xc0, 0xd0, 0xe6, 0x80, 0xf5, 0x01, 0x78, 0x72, 0x7f, 0xe7,
+        0x2e, 0x7b, 0x5f, 0x05, 0xc3, 0x41, 0x33, 0x07, 0xdb, 0x9c, 0xa8, 0x96,
+        0xa7, 0x21, 0x20, 0x23, 0xd0, 0x59, 0x39, 0x06, 0x19, 0xa4, 0x29, 0xe5,
+        0x72, 0x39, 0x69, 0x23, 0xe3, 0xfa, 0x28, 0x63, 0xf5, 0x42, 0x3b, 0xca,
+        0x88, 0x5d, 0x7e, 0x47, 0x93, 0xa8, 0x8c, 0x75, 0xf2, 0x19, 0x44, 0x43,
+        0x15, 0x39, 0x03, 0x42, 0xd8, 0x1d, 0x81, 0x30, 0x8e, 0x84, 0x31, 0x24,
+        0x75, 0x67, 0x4e, 0xbe, 0xfe, 0x0a, 0xd8, 0xc3, 0xe7, 0x5b, 0xe1, 0xd5,
+        0x12, 0x6a, 0x69, 0x99, 0xcd, 0x35, 0xca, 0x22, 0x02, 0x65, 0xb3, 0x0f,
+        0x50, 0xb6, 0xaa, 0xc6, 0x91, 0x5c, 0x4d, 0xd4, 0x07, 0x93, 0x46, 0xf0,
+        0xcc, 0xe1, 0x92, 0x14, 0x91, 0x21, 0x43, 0xc4, 0xba, 0x45, 0x1c, 0x47,
+        0x29, 0xdf, 0xff, 0x89, 0x60, 0xee, 0x89, 0x1e, 0xc3, 0xb4, 0xb9, 0x0b,
+        0xc9, 0x7e, 0xd9, 0x15, 0xb0, 0x80, 0x91, 0xbe, 0xb9, 0x43, 0x48, 0x12,
+        0x86, 0x8e, 0x79, 0x38, 0x4d, 0xce, 0x36, 0x7f, 0xc3, 0xe8, 0xb7, 0xb9,
+        0x92, 0xbf, 0x27, 0x20, 0x54, 0xc8, 0x05, 0x63, 0x3b, 0xf5, 0x48, 0x1a,
+        0xa9, 0x04, 0x6c, 0xb6, 0x0e, 0x11, 0xea, 0xf3, 0x59, 0xb9, 0xa6, 0xf6,
+        0xf8, 0x0b, 0x15, 0xed, 0x30, 0xf9, 0xe4, 0xe5, 0x26, 0x2d, 0xbb, 0xc6,
+        0x5b, 0x36, 0xbb, 0x73, 0xa6, 0x4f, 0xf5, 0x43, 0x9f, 0xd7, 0xb9, 0x0f,
+        0xbc, 0x4f, 0x8d, 0xb8, 0xec, 0x1d, 0x42, 0x19, 0x56, 0x37, 0xc4, 0xcb,
+        0xd0, 0x16, 0x85, 0xff, 0xd3, 0x9b, 0xef, 0xc8, 0x75, 0x37, 0xd1, 0x92,
+        0xad, 0x21, 0x94, 0x1e, 0x9a, 0xf6, 0x2f, 0x6d, 0x30, 0xba, 0x37, 0xc3,
+        0xdc, 0x11, 0xe0, 0x79, 0xa4, 0x92, 0x1f, 0xe4, 0xaa, 0x7a, 0x6b, 0x2a,
+        0xe4, 0x04, 0xb7, 0xf9, 0x86, 0x95, 0xdb, 0xa8, 0xfc, 0x8a, 0x53, 0x21,
+        0x31, 0x14, 0xf7, 0x40, 0x01, 0x78, 0x4e, 0x73, 0x18, 0xb3, 0x54, 0xd7,
+        0xa6, 0x93, 0xf0, 0x70, 0x04, 0x1c, 0xe0, 0x2b, 0xef, 0xee, 0xd4, 0x64,
+        0xa7, 0xd9, 0x9f, 0x81, 0x4f, 0xe5, 0x1e, 0xbe, 0x6e, 0xd2, 0xf6, 0x3a,
+        0xba, 0xcf, 0x8c, 0x96, 0x2a, 0x3d, 0xf7, 0xe5, 0x5c, 0x59, 0x40, 0x9c,
+        0xe3, 0xf9, 0x2b, 0x6d, 0x3d, 0xf2, 0x6f, 0x81, 0xd6, 0xab, 0x9c, 0xab,
+        0xc6, 0xf7, 0x8f, 0xaa, 0xe5, 0x71, 0xe3, 0xc9, 0x8c, 0x1a, 0xeb, 0xc5,
+        0x87, 0xe7, 0xb0, 0xde, 0x18, 0xba, 0xaa, 0x1e, 0xda, 0x12, 0x32, 0x16,
+        0x94, 0x3a, 0x6e, 0x4f, 0x84, 0x06, 0x8e, 0x33, 0xf7, 0xfa, 0x35, 0xb8,
+        0x45, 0xe4, 0x5e, 0x9e, 0x46, 0x05, 0x7a, 0xf7, 0xf4, 0x99, 0xad, 0xb9,
+        0xdd, 0x55, 0xd9, 0x52, 0x3b, 0x93, 0xe3, 0x9b, 0x54, 0x1b, 0xe6, 0xa9,
+        0x70, 0xd3, 0x48, 0xf9, 0x3d, 0xdb, 0x88, 0x63, 0x66, 0xa0, 0xab, 0x72,
+        0x83, 0x6e, 0x8f, 0x78, 0x9d, 0x55, 0x46, 0x21, 0xca, 0x7c, 0xb7, 0x5d,
+        0x16, 0xe8, 0x66, 0x3b, 0x7b, 0xaa, 0xfe, 0x9c, 0x9c, 0x33, 0xc9, 0xc2,
+        0xa4, 0x3c, 0x78, 0x97, 0xf3, 0x5b, 0xc2, 0x29, 0x36, 0x98, 0x68, 0x28,
+        0xfe, 0x0a, 0xae, 0x6f, 0xe5, 0xf7, 0xfb, 0x9d, 0xf8, 0x8c, 0xd9, 0xd0,
+        0x4d, 0xfe, 0xc7, 0xd0, 0xb0, 0xe3, 0x9c, 0xdb, 0xac, 0x9e, 0x1b, 0x55,
+        0x7e, 0x24, 0xfe, 0xc4, 0x12, 0xcb, 0xc2, 0xdd, 0x0a, 0xda, 0x31, 0x40,
+        0x41, 0xb7, 0xfc, 0x3f, 0x6d, 0xe2, 0xd3, 0x8a, 0x0f, 0x21, 0x33, 0x3a,
+        0xbc, 0xa7, 0x62, 0x18, 0xb3, 0xaf, 0x48, 0xc6, 0xe2, 0xa3, 0xdd, 0x1d,
+        0x20, 0x62, 0xe4, 0x4b, 0x81, 0x6b, 0x3a, 0xc5, 0xb1, 0x07, 0xe1, 0xf1,
+        0xe1, 0xba, 0xf6, 0x01, 0xc6, 0xf2, 0xea, 0xc0, 0x97, 0x73, 0x79, 0x19,
+        0x06, 0xaa, 0x62, 0x42, 0xcb, 0x21, 0x5f, 0x08, 0x97, 0x7d, 0x72, 0xb5,
+        0x39, 0x4d, 0x99, 0xe3, 0xa2, 0x3f, 0xb9, 0xb4, 0xed, 0xf4, 0x61, 0x35,
+        0xe1, 0x50, 0xfb, 0x56, 0x7c, 0x35, 0xfd, 0x44, 0x8a, 0x57, 0x22, 0xed,
+        0x30, 0x33, 0xc3, 0x0b, 0xf1, 0x88, 0xe4, 0x44, 0x46, 0xf5, 0x73, 0x6d,
+        0x9b, 0x98, 0x88, 0x92, 0xf5, 0x34, 0x85, 0x18, 0x66, 0xef, 0x70, 0xbe,
+        0x7b, 0xc1, 0x0f, 0x1c, 0x78, 0x2d, 0x42, 0x13, 0x2d, 0x2f, 0x4d, 0x40,
+        0x8e, 0xe2, 0x6f, 0xe0, 0x04, 0xdb, 0x58, 0xbc, 0x65, 0x80, 0xba, 0xfc,
+        0x89, 0xee, 0xf3, 0x78, 0xb2, 0xd9, 0x78, 0x93, 0x6d, 0xbf, 0xd4, 0x74,
+        0x24, 0xf4, 0x5c, 0x37, 0x89, 0x0c, 0x14, 0xd5, 0xbd, 0xc5, 0xfc, 0x37,
+        0xe8, 0x8b, 0xe0, 0xc5, 0x89, 0xc9, 0x70, 0xb3, 0x76, 0x46, 0xce, 0x0d,
+        0x7c, 0x3d, 0xa4, 0x5d, 0x02, 0x95, 0x03, 0xba, 0x24, 0xaa, 0xf7, 0xd0,
+        0x75, 0x35, 0x78, 0x27, 0x9c, 0x6d, 0x2a, 0xef, 0xaa, 0xac, 0x85, 0xef,
+        0x8d, 0xfc, 0xc0, 0xfc, 0x72, 0x02, 0xf4, 0xa3, 0xd3, 0x87, 0xfc, 0x4d,
+        0xce, 0x3d, 0xcb, 0xc2, 0x74, 0x5b, 0xb0, 0x83, 0xc5, 0x72, 0x72, 0xd6,
+        0xa1, 0x67, 0x4d, 0xa1, 0xd6, 0xaa, 0xe7, 0x9b, 0xe7, 0xc0, 0xfd, 0x86,
+        0x91, 0x08, 0xfa, 0x48, 0x2f, 0x50, 0xce, 0x17, 0xea, 0x1c, 0xe3, 0x90,
+        0x35, 0xe6, 0x6c, 0xc9, 0x66, 0x7d, 0x51, 0x32, 0x20, 0x0c, 0x2d, 0x4b,
+        0xa1, 0xbf, 0x78, 0x87, 0xe1, 0x5a, 0x28, 0x0e, 0x9a, 0x85, 0xf6, 0x7e,
+        0x39, 0x60, 0xbc, 0x64, 0x42, 0x5d, 0xf0, 0x0a, 0xd7, 0x3e, 0xbb, 0xa0,
+        0x6d, 0x7c, 0xfa, 0x75, 0xee, 0x34, 0x39, 0x23, 0x0e, 0xbd, 0x50, 0x19,
+        0x7a, 0x2a, 0xb7, 0x17, 0x3a, 0x8b, 0xb7, 0xb6, 0xf4, 0xd8, 0x47, 0x71,
+        0x6b, 0x21, 0x1b, 0x56, 0xcc, 0xfb, 0x7b, 0x81, 0x99, 0x46, 0x88, 0x23,
+        0x40, 0x49, 0x66, 0x8b, 0xac, 0x84, 0x16, 0x8a, 0x86, 0xae, 0x38, 0xc4,
+        0x5b, 0x1f, 0x2b, 0xfa, 0xf2, 0x8b, 0x81, 0xc1, 0x22, 0x61, 0x61, 0x6c,
+        0x43, 0x16, 0x8c, 0x1d, 0x37, 0xb2, 0xaf, 0x3c, 0x3a, 0x90, 0x33, 0xed,
+        0xf5, 0x08, 0x78, 0xfd, 0x5a, 0xde, 0xd3, 0x38, 0x6d, 0xd7, 0x1c, 0x23,
+        0xeb, 0xb4, 0x9b, 0x8e, 0xc2, 0x48, 0x47, 0x8e, 0x84, 0xbb, 0xc4, 0xd0,
+        0xcc, 0xf9, 0x55, 0x5a, 0x57, 0xb9, 0x99, 0x52, 0x82, 0x21, 0x3b, 0x83,
+        0xda, 0x8f, 0xa3, 0x88, 0x9c, 0x57, 0xe0, 0x4b, 0xc1, 0xce, 0xbe, 0xd3,
+        0xea, 0xdd, 0xf2, 0x07, 0xc1, 0x73, 0x6f, 0xc0, 0x5e, 0x8e, 0x85, 0x72,
+        0xab, 0x2f, 0xa9, 0xac, 0x39, 0xee, 0x05, 0x34, 0x13, 0x16, 0x1b, 0x1c,
+        0x21, 0x24, 0x41, 0x49, 0x78, 0x87, 0x8b, 0x97, 0x9c, 0x9f, 0xa3, 0xa8,
+        0xb9, 0xbc, 0xc6, 0xcc, 0xf2, 0xfd, 0x18, 0x2a, 0x46, 0x58, 0x5a, 0x88,
+        0xa2, 0xb5, 0xcc, 0xd2, 0xda, 0xe1, 0xe3, 0x0d, 0x20, 0x23, 0x2b, 0x2f,
+        0x47, 0x57, 0x5e, 0x64, 0x87, 0x97, 0x9c, 0xa7, 0xaa, 0xbc, 0xc1, 0xe4,
+        0xe5, 0xea, 0x0b, 0x16, 0x3b, 0x3c, 0x3e, 0x45, 0x58, 0x63, 0x6a, 0x6f,
+        0x7c, 0x8c, 0x8d, 0x92, 0x99, 0x9c, 0xad, 0xb5, 0xb7, 0xce, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x16, 0x23, 0x36, 0x4a
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_sig[] = {
     0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a,
     0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5,
     0x22, 0xed, 0x98, 0x4d, 0x2f, 0xc8, 0x27, 0x00, 0x99, 0x40,
@@ -40964,12 +44351,23 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
     0xaf, 0xc6, 0xc7, 0xcc, 0xd2, 0xfa, 0x2a, 0x2d, 0x2f, 0x32,
     0x35, 0x38, 0x3f, 0x4c, 0x7f, 0x80, 0x81, 0x8b, 0x9b, 0x9c,
     0x9d, 0xa7, 0xa9, 0xcb, 0xe9, 0xf0, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46
     };
+#endif
+    wc_test_ret_t ret;
 
-    return dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key,
+    ret = dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key,
         (word32)sizeof(ml_dsa_44_pub_key), ml_dsa_44_sig,
         (word32)sizeof(ml_dsa_44_sig));
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (ret == 0) {
+        ret = dilithium_param_vfy_test(WC_ML_DSA_44_DRAFT,
+            ml_dsa_44_draft_pub_key, (word32)sizeof(ml_dsa_44_draft_pub_key),
+            ml_dsa_44_draft_sig, (word32)sizeof(ml_dsa_44_draft_sig));
+    }
+#endif
+
+    return ret;
 }
 #endif
 
@@ -40977,6 +44375,172 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
 static wc_test_ret_t dilithium_param_65_vfy_test(void)
 {
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_pub_key[] = {
+        0x2c, 0x32, 0xfa, 0x59, 0x71, 0x16, 0x4a, 0x0e, 0x45, 0x0f, 0x21, 0xfd,
+        0x65, 0xee, 0x50, 0xb0, 0xbf, 0xea, 0x8e, 0x4e, 0xa2, 0x55, 0x71, 0xa6,
+        0x65, 0x48, 0x56, 0x20, 0x8a, 0x48, 0x9d, 0xd7, 0xc9, 0x2c, 0x80, 0x62,
+        0x88, 0x68, 0x4d, 0x5f, 0xbe, 0x5f, 0xe5, 0xf5, 0xa4, 0x75, 0xb6, 0x88,
+        0x26, 0xae, 0x7d, 0x11, 0x43, 0x89, 0xcd, 0xe9, 0x67, 0x0c, 0x91, 0x0b,
+        0xd1, 0xd8, 0x8b, 0x7b, 0x73, 0x75, 0x94, 0xc1, 0xc9, 0x61, 0xc7, 0x35,
+        0x21, 0x99, 0x2e, 0xab, 0xe0, 0xdf, 0x4d, 0xac, 0x0d, 0xd0, 0xa2, 0x61,
+        0x5f, 0x04, 0x08, 0x83, 0x66, 0x5c, 0x67, 0x47, 0x0c, 0xab, 0x2c, 0xb7,
+        0x6d, 0x0e, 0x32, 0x4c, 0x8c, 0x25, 0x80, 0xf5, 0xe5, 0x7e, 0x3b, 0xa1,
+        0xc6, 0xc5, 0x87, 0xd8, 0x68, 0xb2, 0xd5, 0x67, 0xf9, 0x5a, 0x8b, 0x88,
+        0xf8, 0xcd, 0x0c, 0xda, 0x4f, 0xfc, 0xd2, 0xaf, 0xb2, 0xa2, 0x38, 0x21,
+        0xf9, 0xd8, 0xf1, 0x1c, 0x8d, 0xb4, 0xe8, 0xfb, 0x76, 0x36, 0x87, 0xf4,
+        0x7d, 0x03, 0xc4, 0x06, 0xab, 0x87, 0xac, 0x52, 0xe8, 0xd5, 0xf7, 0x63,
+        0xf0, 0xa8, 0x0b, 0x95, 0xbd, 0x07, 0xf1, 0x1d, 0x33, 0x7b, 0x8a, 0x2c,
+        0xef, 0x85, 0xbe, 0xf8, 0xc1, 0x4b, 0xa2, 0xb0, 0xe0, 0x7a, 0x85, 0xfa,
+        0x52, 0x36, 0x05, 0xa7, 0x65, 0x4a, 0x0c, 0x21, 0x5c, 0xc0, 0x4f, 0x18,
+        0xb8, 0x66, 0x02, 0xe6, 0xd0, 0x45, 0x60, 0x56, 0xfc, 0x40, 0x94, 0xb5,
+        0xa5, 0x2b, 0xc7, 0x57, 0xc3, 0xc5, 0x30, 0x72, 0x1c, 0x4c, 0x2a, 0xd5,
+        0x75, 0xae, 0x43, 0x9f, 0x01, 0x71, 0xac, 0x5c, 0xdf, 0x9c, 0x0a, 0x3c,
+        0xb5, 0x89, 0x07, 0x9b, 0x28, 0x25, 0x31, 0x31, 0xc5, 0xb7, 0x24, 0x53,
+        0x2c, 0x3c, 0x2a, 0x96, 0xe5, 0x0d, 0xa2, 0x97, 0xa7, 0x08, 0x9d, 0x31,
+        0xc0, 0xcd, 0x53, 0xd5, 0xa8, 0x58, 0xa6, 0xac, 0x43, 0x2d, 0xac, 0x39,
+        0x01, 0x2c, 0x60, 0xf6, 0x82, 0x86, 0xd0, 0xaf, 0xad, 0x61, 0x3f, 0x82,
+        0x80, 0xa1, 0xe1, 0x12, 0x83, 0x6e, 0x1d, 0x5e, 0xfe, 0xc6, 0x1e, 0x2a,
+        0x7a, 0x44, 0xcd, 0xc2, 0x0a, 0xf5, 0xc8, 0x72, 0x3e, 0x29, 0xc7, 0x0a,
+        0xd1, 0x4c, 0x17, 0xdd, 0x1f, 0xb6, 0x95, 0x34, 0xc2, 0x6c, 0xdc, 0x63,
+        0xd1, 0x7e, 0xb0, 0x52, 0x06, 0x18, 0x6c, 0xb1, 0x99, 0x6a, 0xbe, 0x42,
+        0xa9, 0xc0, 0x22, 0xcc, 0x09, 0x11, 0x84, 0x1f, 0x16, 0x9a, 0x0e, 0xdd,
+        0x18, 0x7a, 0x39, 0x34, 0xb0, 0x49, 0x44, 0xcb, 0x88, 0x1f, 0x91, 0x93,
+        0x49, 0x3f, 0xcc, 0x62, 0x56, 0x33, 0x15, 0xcb, 0x02, 0x9b, 0x33, 0xe8,
+        0xd7, 0xab, 0x51, 0xc0, 0x91, 0xe0, 0x9c, 0xd2, 0xf9, 0x52, 0x05, 0x0c,
+        0xbf, 0xf1, 0x97, 0x42, 0xfe, 0xd0, 0x32, 0x27, 0x34, 0xf8, 0x82, 0x2d,
+        0x65, 0x3a, 0x36, 0xce, 0xd1, 0x07, 0x82, 0x3a, 0x6a, 0xaa, 0x56, 0xf1,
+        0x9b, 0x98, 0xca, 0x8e, 0x55, 0xff, 0xa0, 0x74, 0xd6, 0x6a, 0x42, 0xaa,
+        0x0a, 0xd4, 0x59, 0x74, 0xfb, 0xd4, 0xdb, 0x14, 0x10, 0xee, 0xca, 0x78,
+        0x83, 0x83, 0x95, 0x9b, 0x77, 0xf1, 0x9a, 0x48, 0xe0, 0x8f, 0xa4, 0x5a,
+        0x4d, 0xa9, 0x3f, 0x32, 0x78, 0x4a, 0x25, 0x96, 0x9c, 0x20, 0x0a, 0xcc,
+        0x5b, 0xd8, 0xca, 0x19, 0x47, 0x77, 0xb8, 0x7c, 0x51, 0x3e, 0xd6, 0x30,
+        0xdb, 0x45, 0xb0, 0xe6, 0x9d, 0x6f, 0xc5, 0x0a, 0x5d, 0x5f, 0x55, 0xcd,
+        0x0f, 0x20, 0x22, 0x7e, 0x09, 0x99, 0xac, 0xb8, 0x9c, 0x9d, 0xf7, 0x3e,
+        0x7e, 0x07, 0xd7, 0xbc, 0x21, 0x76, 0x8c, 0x27, 0x81, 0x94, 0xab, 0x57,
+        0x4a, 0xe2, 0x91, 0x1c, 0xa4, 0x77, 0x4a, 0xd2, 0x96, 0x52, 0x9d, 0x33,
+        0xb5, 0x58, 0x70, 0xd7, 0xff, 0x22, 0xe8, 0x14, 0xea, 0xd0, 0x8c, 0xd4,
+        0x06, 0x08, 0xd8, 0x73, 0x66, 0x4b, 0x93, 0x41, 0xc9, 0x73, 0x5b, 0x07,
+        0x5f, 0x31, 0xc5, 0x25, 0x98, 0x7b, 0x7b, 0xa5, 0x26, 0x83, 0x94, 0x22,
+        0x42, 0x1c, 0x51, 0xe6, 0x80, 0x48, 0xca, 0xd4, 0x53, 0x40, 0x3a, 0xee,
+        0x2c, 0x29, 0x07, 0xed, 0xdf, 0x97, 0x44, 0x19, 0xe5, 0xe5, 0x35, 0x66,
+        0x1f, 0xbd, 0x29, 0x77, 0x0c, 0x15, 0x6c, 0x95, 0x08, 0x81, 0xe0, 0x76,
+        0x86, 0x5e, 0x6d, 0x77, 0x78, 0x76, 0x07, 0xdd, 0x21, 0x97, 0x59, 0xdb,
+        0xd4, 0xbd, 0xb6, 0x4c, 0x3f, 0x07, 0x93, 0xb6, 0x4a, 0xce, 0xf7, 0x08,
+        0x86, 0xfd, 0x9c, 0x03, 0x08, 0x94, 0x00, 0xea, 0x4b, 0xd6, 0x1e, 0x17,
+        0xfb, 0xb5, 0xba, 0xde, 0x25, 0x95, 0xe7, 0xf8, 0x97, 0x9e, 0x99, 0xae,
+        0x5d, 0xdd, 0xf6, 0x32, 0x1a, 0xf2, 0x4f, 0xcf, 0x0c, 0x17, 0x55, 0xb8,
+        0xfb, 0xae, 0xc8, 0x46, 0xb0, 0x3e, 0x86, 0x2b, 0x5e, 0xef, 0x36, 0xca,
+        0x24, 0xed, 0x32, 0x5b, 0xc8, 0xfb, 0x88, 0x35, 0x6a, 0x26, 0xfe, 0x06,
+        0x54, 0x0c, 0x3e, 0x2c, 0x71, 0xdf, 0x98, 0xf0, 0xbb, 0xb2, 0xe0, 0x9d,
+        0xf7, 0xeb, 0xce, 0x07, 0xfa, 0xc4, 0xab, 0x88, 0xc3, 0x14, 0x33, 0x60,
+        0x48, 0xcf, 0x39, 0x26, 0x90, 0xac, 0xfa, 0x39, 0x6f, 0x2d, 0x9d, 0x6d,
+        0x15, 0x7f, 0x84, 0x6b, 0x0a, 0x1c, 0xf4, 0x6c, 0x78, 0x62, 0x52, 0x93,
+        0x2c, 0x7e, 0x9f, 0x4a, 0x51, 0x7a, 0x2e, 0xad, 0xea, 0xe4, 0xe5, 0x9c,
+        0x15, 0x15, 0x28, 0x4d, 0x3e, 0x5e, 0xb4, 0x3b, 0xff, 0x81, 0xe0, 0x56,
+        0x44, 0x33, 0x33, 0xd9, 0x4b, 0xb2, 0x23, 0x60, 0xed, 0x0d, 0xa5, 0x4e,
+        0x9f, 0x7d, 0xbc, 0x6e, 0x3a, 0xf9, 0x7e, 0x16, 0x47, 0x66, 0xb1, 0x6c,
+        0xc7, 0x26, 0x62, 0x9b, 0x3c, 0x53, 0xb3, 0xa1, 0x16, 0x62, 0x31, 0x64,
+        0xd2, 0xbb, 0x28, 0x5c, 0xe8, 0x21, 0xc3, 0xfc, 0xc3, 0x6d, 0xa7, 0x35,
+        0x4d, 0x57, 0xe0, 0xbd, 0x54, 0x1a, 0x84, 0xf7, 0x9c, 0x8a, 0x54, 0x3d,
+        0x59, 0xb3, 0xa2, 0x46, 0x3b, 0x16, 0x48, 0x3b, 0x3a, 0x3c, 0x5e, 0x88,
+        0xc3, 0x60, 0x63, 0x7e, 0xca, 0x68, 0xb7, 0x2f, 0x2b, 0xb5, 0x62, 0x2e,
+        0x51, 0x89, 0xbe, 0x78, 0xf7, 0xfa, 0x19, 0xcc, 0xca, 0x87, 0x9a, 0xf5,
+        0xef, 0x0d, 0x21, 0x08, 0x3b, 0xd6, 0x9a, 0x94, 0xc5, 0xd1, 0x1b, 0xa9,
+        0x7c, 0xc8, 0x9f, 0x9a, 0xb0, 0xb8, 0xf7, 0x02, 0x12, 0x31, 0x70, 0x52,
+        0x52, 0xda, 0xb5, 0x9a, 0x08, 0x20, 0xc3, 0xc4, 0x0c, 0x6a, 0x34, 0x58,
+        0x75, 0x9b, 0xdc, 0x1a, 0x6a, 0x37, 0x42, 0x9f, 0x16, 0x70, 0xbb, 0x39,
+        0x86, 0xbd, 0x09, 0x9c, 0x04, 0x44, 0xbe, 0x1a, 0xe5, 0xe9, 0x50, 0x9b,
+        0x14, 0x50, 0x4f, 0x00, 0xba, 0xb0, 0xf6, 0x36, 0x4d, 0x69, 0x16, 0x11,
+        0x40, 0x5a, 0x4e, 0x8b, 0x39, 0xb4, 0xf1, 0xb2, 0x11, 0x36, 0x2f, 0x02,
+        0x15, 0xca, 0x78, 0xde, 0x75, 0x07, 0x64, 0x72, 0xfd, 0xd4, 0x48, 0xdd,
+        0xfb, 0xf5, 0x8a, 0x3d, 0xa8, 0x8e, 0x14, 0xd1, 0x69, 0xe3, 0x21, 0x50,
+        0x39, 0xfd, 0xd0, 0x3b, 0xa0, 0x22, 0x61, 0x5c, 0x7e, 0x88, 0x91, 0xe1,
+        0xf0, 0xf6, 0x16, 0x23, 0xdb, 0xdb, 0x50, 0x0e, 0x39, 0xcc, 0x86, 0xf1,
+        0xab, 0x89, 0x60, 0xb0, 0xac, 0x28, 0xc6, 0x57, 0xe4, 0xee, 0xa9, 0x1b,
+        0xae, 0x78, 0xc5, 0x67, 0x1a, 0xeb, 0xb3, 0x43, 0xbc, 0xea, 0x11, 0x0c,
+        0x64, 0xf6, 0xd2, 0x52, 0xa0, 0x7e, 0xcd, 0x6d, 0x84, 0x8c, 0xf8, 0x80,
+        0xb7, 0xdb, 0x26, 0x91, 0x4a, 0xa0, 0x61, 0x69, 0x2f, 0x6f, 0x1c, 0x9d,
+        0x2a, 0x20, 0x44, 0xdc, 0x58, 0xaf, 0x7d, 0xfe, 0x4d, 0xa2, 0x10, 0x21,
+        0x88, 0xef, 0x42, 0x2e, 0x8e, 0xfb, 0x63, 0xbc, 0xc8, 0x26, 0xe7, 0x80,
+        0xa5, 0xbf, 0xe0, 0x7a, 0xcb, 0xf3, 0x31, 0x1c, 0xd9, 0xa3, 0x12, 0x00,
+        0x2f, 0x20, 0xc6, 0xc1, 0x15, 0xfd, 0x5b, 0x0d, 0x8a, 0x4d, 0xfb, 0x84,
+        0x4d, 0xb4, 0x64, 0xeb, 0x12, 0xf3, 0x78, 0x6b, 0x4d, 0xc6, 0x98, 0x46,
+        0x4c, 0xb3, 0xb4, 0x59, 0xdc, 0xb7, 0xdc, 0xbb, 0x56, 0x0f, 0x09, 0x14,
+        0x28, 0x43, 0x9f, 0xb8, 0x75, 0xed, 0xcb, 0x97, 0x25, 0xaf, 0xa5, 0xeb,
+        0x46, 0x14, 0xa6, 0x38, 0x68, 0x06, 0xe0, 0x6e, 0x55, 0x68, 0x6b, 0xf3,
+        0xd8, 0x6d, 0x59, 0x65, 0x65, 0xff, 0x48, 0xfd, 0xdb, 0x3d, 0xe2, 0x21,
+        0xb4, 0x7b, 0x78, 0x6a, 0x2e, 0x28, 0xb8, 0x21, 0xc4, 0x72, 0xf4, 0xef,
+        0xfb, 0x74, 0x43, 0x29, 0xf2, 0x30, 0xc9, 0xca, 0x78, 0x93, 0x72, 0xfd,
+        0x84, 0xa4, 0x95, 0xe0, 0xcd, 0xb1, 0x48, 0x29, 0xe7, 0xd1, 0x27, 0xf7,
+        0xdc, 0x31, 0x6e, 0x00, 0x04, 0xd7, 0x7c, 0xfd, 0x2d, 0x25, 0xe9, 0xdb,
+        0xc2, 0xb8, 0x14, 0x26, 0xed, 0x63, 0xb1, 0x50, 0x0a, 0x3c, 0xb2, 0x79,
+        0x98, 0x79, 0x81, 0x2d, 0xdb, 0x60, 0x97, 0x99, 0xc0, 0x0a, 0x89, 0x9f,
+        0x90, 0x19, 0x0b, 0xb3, 0x97, 0xd2, 0xf7, 0x50, 0xa5, 0x1d, 0x7d, 0x71,
+        0x75, 0xe6, 0x58, 0x62, 0x53, 0x95, 0x40, 0x9e, 0xc7, 0xd3, 0x72, 0xa1,
+        0xae, 0x07, 0xb3, 0x8a, 0x56, 0x61, 0x99, 0x81, 0x3e, 0xe4, 0x5e, 0x78,
+        0x57, 0xd1, 0x8a, 0xc4, 0x04, 0x38, 0x13, 0xa0, 0x5d, 0x68, 0x6d, 0x22,
+        0xae, 0xda, 0xfc, 0x67, 0xbb, 0xfb, 0x8e, 0x1a, 0xdc, 0x24, 0xf7, 0xc8,
+        0xf9, 0x92, 0x6f, 0x4e, 0xb5, 0xe7, 0x6d, 0x13, 0x88, 0x05, 0x5c, 0xbb,
+        0xe0, 0x24, 0x2a, 0x96, 0xc6, 0x70, 0x52, 0x14, 0xd0, 0xd9, 0xd8, 0xb2,
+        0x5b, 0xdc, 0x85, 0xcf, 0x62, 0xb4, 0xcf, 0x77, 0xf1, 0xe5, 0x51, 0xeb,
+        0xef, 0xe9, 0x3e, 0xf0, 0x16, 0xd2, 0xcc, 0x38, 0x0a, 0x47, 0x91, 0xc0,
+        0xe0, 0x14, 0x1a, 0xf9, 0x74, 0xd1, 0x32, 0x8b, 0x02, 0x36, 0x05, 0x55,
+        0x62, 0xa7, 0xae, 0x77, 0xb0, 0x01, 0x3d, 0x2c, 0x91, 0xbe, 0xfa, 0xdd,
+        0x9c, 0x17, 0x42, 0xc1, 0x01, 0x4d, 0xd8, 0x27, 0x3c, 0x10, 0x82, 0x66,
+        0x11, 0x91, 0x8b, 0xc8, 0x52, 0xd5, 0xc1, 0x1d, 0xee, 0xb2, 0x90, 0x17,
+        0xed, 0xf3, 0xad, 0xa5, 0xd5, 0xeb, 0xf2, 0x9b, 0x78, 0xbf, 0x2d, 0x5a,
+        0xad, 0xe5, 0x53, 0xe6, 0xc1, 0x3b, 0xd8, 0xf3, 0x6b, 0xc5, 0x4c, 0x87,
+        0x0a, 0xe3, 0xc8, 0xc7, 0xe5, 0x42, 0x2c, 0xe2, 0x13, 0x1a, 0xe7, 0x27,
+        0x20, 0x3e, 0x95, 0x13, 0x1e, 0xbb, 0x03, 0xae, 0xc0, 0x84, 0x14, 0x6d,
+        0x7b, 0xf7, 0x98, 0x08, 0x18, 0x12, 0xb4, 0x4f, 0x99, 0x4a, 0xcf, 0xd0,
+        0x4a, 0x5d, 0x21, 0x16, 0xf6, 0xdf, 0x10, 0xc7, 0xbe, 0xe6, 0x79, 0x3b,
+        0x35, 0x2a, 0xa6, 0xd6, 0x19, 0x9c, 0xde, 0xbd, 0xaf, 0x72, 0xd2, 0x25,
+        0xe0, 0xa4, 0xde, 0x99, 0x44, 0x18, 0x66, 0x41, 0xc7, 0x56, 0xf7, 0xdc,
+        0x32, 0x56, 0x57, 0x39, 0x18, 0x31, 0xc8, 0x75, 0x01, 0xc3, 0xf3, 0x46,
+        0xcf, 0xbf, 0xc6, 0x10, 0xb5, 0x1c, 0x38, 0xf9, 0xa4, 0xa5, 0x44, 0xa1,
+        0x0b, 0x25, 0x48, 0x9c, 0xd3, 0x1c, 0x55, 0x54, 0x15, 0x9f, 0xe3, 0x74,
+        0x5b, 0xb1, 0x92, 0xb6, 0x52, 0x61, 0xba, 0x2f, 0x53, 0x91, 0x17, 0x44,
+        0x94, 0x00, 0xe4, 0x43, 0xa0, 0xe7, 0x0d, 0xaa, 0x8a, 0x5b, 0x81, 0x43,
+        0xad, 0xfb, 0x50, 0xfe, 0xcf, 0x85, 0x2d, 0xfa, 0xc8, 0x1d, 0xad, 0xc8,
+        0x7a, 0x7c, 0x5e, 0xf3, 0x90, 0x35, 0x5e, 0x67, 0xce, 0x57, 0x4d, 0xa0,
+        0x22, 0x9e, 0x07, 0x4a, 0xf5, 0x9e, 0x5f, 0x91, 0x45, 0xd8, 0x62, 0xe0,
+        0xf3, 0x87, 0x3b, 0xb7, 0x89, 0x2f, 0xdf, 0x8b, 0x82, 0xb1, 0x86, 0xc3,
+        0xa4, 0xa3, 0x68, 0xc7, 0x73, 0x9e, 0x68, 0x8d, 0x24, 0x6a, 0x29, 0x94,
+        0x58, 0x57, 0x4b, 0x81, 0x00, 0xe2, 0x2b, 0x94, 0x0a, 0xf5, 0x96, 0xa3,
+        0x23, 0x9a, 0x7b, 0xd0, 0x2d, 0xcb, 0x6a, 0x8e, 0xae, 0x1b, 0x1c, 0x34,
+        0xed, 0x30, 0x4e, 0xca, 0x29, 0x21, 0xfc, 0x3d, 0x70, 0x11, 0xc1, 0x5f,
+        0x3e, 0xc2, 0x9e, 0x88, 0x71, 0x29, 0xa3, 0x8f, 0x92, 0xf5, 0x46, 0x77,
+        0xd5, 0x47, 0x2d, 0x2b, 0x66, 0x1c, 0x07, 0xf0, 0xfc, 0x7b, 0xa0, 0x13,
+        0x00, 0xae, 0xa5, 0x61, 0x92, 0x36, 0xeb, 0x7e, 0x43, 0x91, 0x20, 0x72,
+        0xe5, 0xba, 0x7f, 0x79, 0x23, 0x12, 0x3e, 0xb2, 0x4b, 0x13, 0xa1, 0x8c,
+        0x84, 0x72, 0x3b, 0x45, 0x62, 0xcf, 0x2e, 0x78, 0xc4, 0x9c, 0x22, 0x09,
+        0xfa, 0x59, 0x9d, 0xdf, 0x13, 0x54, 0x66, 0xe2, 0x6f, 0xfa, 0xb5, 0x2a,
+        0x27, 0x3e, 0x17, 0x82, 0xf3, 0x2a, 0x4d, 0x36, 0xd3, 0xf0, 0x8d, 0x43,
+        0x40, 0x2c, 0x84, 0x68, 0xbe, 0x40, 0x50, 0x7d, 0xa3, 0x27, 0x5e, 0xde,
+        0x4d, 0x04, 0x6f, 0xe8, 0x96, 0x9c, 0x7a, 0x1d, 0xb8, 0x2b, 0x8a, 0xb1,
+        0x6e, 0xe2, 0x36, 0x07, 0x22, 0x50, 0xd9, 0x71, 0x93, 0x48, 0xb5, 0x51,
+        0xce, 0x2a, 0x64, 0x6b, 0x11, 0xa6, 0xb9, 0x40, 0x2d, 0x6c, 0xd2, 0x76,
+        0x52, 0xc6, 0xe3, 0xa6, 0x6b, 0xd2, 0x3f, 0x39, 0xd2, 0x13, 0x28, 0xa4,
+        0xa9, 0x58, 0x99, 0xe8, 0x3d, 0x08, 0xfa, 0x3c, 0x34, 0x39, 0x4d, 0x7d,
+        0x5e, 0x10, 0x72, 0x51, 0x96, 0x1d, 0x4b, 0xd9, 0x3e, 0xc9, 0x22, 0x4c,
+        0x72, 0x63, 0xf8, 0x87, 0x4b, 0xe7, 0x41, 0xac, 0xcd, 0xd6, 0x34, 0xa2,
+        0xe1, 0xe8, 0x66, 0x81, 0x04, 0x7d, 0x70, 0x95, 0xba, 0x37, 0x86, 0x9e,
+        0x1f, 0x9a, 0x1b, 0xe4, 0x35, 0xac, 0xe6, 0xcf, 0x48, 0x55, 0x6e, 0xbb,
+        0x9d, 0x40, 0x79, 0x96, 0xdd, 0xac, 0xf8, 0xf5, 0x99, 0xad, 0x43, 0x0d,
+        0xad, 0xa9, 0x62, 0xc0, 0x70, 0x8b, 0x50, 0x9b, 0xca, 0x0d, 0x3e, 0x54,
+        0x9c, 0x27, 0xd5, 0x9e, 0x20, 0xe2, 0xe0, 0xb0, 0xb0, 0xbe, 0x8e, 0x56,
+        0x43, 0x95, 0x9b, 0x34, 0xd1, 0x05, 0x28, 0xa0, 0xee, 0xd9, 0xab, 0x6a,
+        0xa7, 0xbb, 0xb7, 0x1b, 0x3a, 0x5d, 0x33, 0x97, 0x25, 0x54, 0xe4, 0x0e,
+        0x64, 0x79, 0xed, 0x16, 0x62, 0x89, 0x70, 0x4a, 0xa6, 0x47, 0x40, 0xd7,
+        0xa3, 0xd2, 0x6f, 0x28, 0xdd, 0xc5, 0x04, 0xab, 0x7e, 0x7e, 0x1e, 0xb0,
+        0x19, 0x02, 0x48, 0xb5, 0x88, 0x82, 0x75, 0xaf, 0x66, 0x74, 0xca, 0xf6,
+        0xd7, 0xe8, 0x6d, 0xfa, 0x5e, 0xfa, 0xaf, 0xa8, 0x04, 0xaa, 0x2c, 0x09,
+        0xf1, 0x4c, 0x36, 0x75, 0xb5, 0xdc, 0xe8, 0x04, 0x80, 0xd3, 0x14, 0x78,
+        0x09, 0x5b, 0xfd, 0x52, 0x6f, 0xd9, 0x3c, 0x1c, 0x02, 0x3b, 0x77, 0xb8,
+        0xa1, 0xe9, 0xa4, 0xb7, 0x42, 0x62, 0xee, 0xea, 0x43, 0xf3, 0xd8, 0xd0,
+        0x7a, 0x53, 0x91, 0x34, 0x7f, 0xe7, 0x9a, 0xc6
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_pub_key[] = {
     0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
     0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
     0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77,
@@ -41172,9 +44736,289 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
     0x20, 0x8f, 0x10, 0xfc, 0xc1, 0xc4, 0xcf, 0x37, 0x8d, 0x69,
     0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27,
     0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14,
-    0x1b, 0x10,
+    0x1b, 0x10
     };
+#endif
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_sig[] = {
+        0xb1, 0xd1, 0x8e, 0x83, 0x0b, 0x0d, 0xd2, 0x71, 0xb2, 0xaa, 0x31, 0x38,
+        0x16, 0xf0, 0xb4, 0xbc, 0x64, 0x2b, 0x97, 0xa1, 0x08, 0x19, 0x4f, 0x52,
+        0xfe, 0x99, 0x1a, 0xa9, 0xd4, 0x08, 0x93, 0x99, 0x88, 0xfd, 0x6a, 0xd6,
+        0xd8, 0xdb, 0xf0, 0x71, 0x2a, 0xc9, 0x04, 0x83, 0xc9, 0x45, 0x59, 0x5d,
+        0xe0, 0x36, 0x59, 0x53, 0x1b, 0xb8, 0x5a, 0xa6, 0x1f, 0xb4, 0x1b, 0x0a,
+        0xfb, 0x3a, 0xba, 0xe3, 0xb7, 0x5e, 0x04, 0x14, 0x59, 0x09, 0x9a, 0x8e,
+        0xc2, 0x77, 0x5a, 0x3d, 0xf1, 0x43, 0x67, 0x74, 0x78, 0xfc, 0xcd, 0x34,
+        0xed, 0x35, 0x16, 0x38, 0x04, 0xe6, 0xe7, 0xd6, 0xd2, 0x90, 0x1b, 0x28,
+        0xb6, 0x66, 0x1b, 0x57, 0x85, 0x5e, 0xa7, 0x9f, 0x86, 0x1a, 0x0d, 0xc3,
+        0x7e, 0xed, 0xbd, 0x32, 0x8a, 0x35, 0xe1, 0xb3, 0x01, 0xdc, 0x9b, 0x44,
+        0x88, 0xa1, 0x0b, 0x87, 0x6e, 0x55, 0x31, 0xb1, 0x27, 0xcb, 0x85, 0xa4,
+        0x27, 0x56, 0x33, 0xb0, 0x39, 0x0d, 0xd3, 0x4b, 0xd1, 0xa2, 0x47, 0x07,
+        0xc6, 0xf4, 0xe6, 0x1f, 0x88, 0x70, 0x70, 0x13, 0x7e, 0x2e, 0x17, 0x32,
+        0x0a, 0x6b, 0x38, 0x34, 0xcf, 0x2f, 0x00, 0x36, 0x58, 0x8d, 0xe1, 0xdd,
+        0xa7, 0x94, 0x2a, 0x8f, 0x87, 0x99, 0x67, 0x02, 0x4d, 0x5b, 0x56, 0xaf,
+        0xef, 0xc4, 0x3c, 0xff, 0x72, 0x53, 0x95, 0x27, 0x03, 0x49, 0x94, 0x4f,
+        0x94, 0x87, 0x1f, 0x52, 0x33, 0xed, 0xb9, 0x14, 0x7b, 0xe5, 0x6c, 0xef,
+        0x7a, 0x17, 0x5a, 0xa4, 0x89, 0x2a, 0xfe, 0x68, 0xda, 0xdd, 0x48, 0xc2,
+        0xf0, 0x92, 0xf4, 0xe4, 0xd6, 0xa6, 0x48, 0x08, 0x2c, 0xe8, 0xcd, 0x72,
+        0xf6, 0x94, 0x3e, 0xc1, 0x82, 0xb8, 0x01, 0x58, 0xb2, 0xef, 0xef, 0xf4,
+        0xcb, 0x93, 0x63, 0x2e, 0x33, 0x5b, 0xc9, 0xd6, 0x6a, 0xde, 0xad, 0xe8,
+        0x1e, 0x3f, 0xa3, 0xf2, 0x35, 0x87, 0xc1, 0xc9, 0x48, 0x2f, 0x1b, 0x00,
+        0xea, 0x3d, 0x04, 0x29, 0xd5, 0xc0, 0xe9, 0x1a, 0xc5, 0xce, 0x5e, 0xdb,
+        0xd1, 0xee, 0x16, 0x9c, 0x05, 0x40, 0xf9, 0x21, 0x13, 0x72, 0x08, 0x39,
+        0x6b, 0x63, 0x19, 0xcd, 0x6f, 0x64, 0xa0, 0xc3, 0x77, 0xb7, 0x50, 0xed,
+        0xe9, 0x2d, 0xd5, 0x72, 0xea, 0xa6, 0xc1, 0x97, 0xb9, 0x6b, 0xe5, 0x81,
+        0x91, 0x8e, 0xd1, 0x36, 0x11, 0xee, 0xfb, 0x2b, 0x66, 0xba, 0xe4, 0x3e,
+        0xd0, 0xdd, 0x17, 0xc5, 0x24, 0x3b, 0xc3, 0x5b, 0x75, 0xfc, 0xd5, 0xb6,
+        0x8c, 0xba, 0x8c, 0x66, 0xb2, 0xee, 0x40, 0x45, 0x8c, 0x23, 0xbb, 0xe0,
+        0xc8, 0xd6, 0x05, 0xfd, 0x71, 0x5b, 0x24, 0xbb, 0x37, 0x65, 0x5f, 0x57,
+        0x92, 0x22, 0x13, 0xb2, 0x9a, 0x70, 0x22, 0x4b, 0xbe, 0x03, 0xd1, 0x54,
+        0xb0, 0x3a, 0x30, 0x50, 0x71, 0x24, 0xf7, 0x81, 0x8c, 0x20, 0x67, 0x74,
+        0x5a, 0xef, 0xa1, 0x6a, 0xe3, 0xd0, 0x04, 0xd6, 0xa5, 0x6e, 0xad, 0xa7,
+        0x15, 0x41, 0xf3, 0x21, 0xe8, 0xd9, 0xe6, 0xe5, 0x97, 0xbd, 0xc2, 0x1b,
+        0xbb, 0xd1, 0x4e, 0x7e, 0x5a, 0xd6, 0xe4, 0x19, 0xa5, 0xe4, 0x76, 0xf4,
+        0xce, 0x00, 0x94, 0x76, 0xef, 0x1b, 0xb3, 0x47, 0xb9, 0xa3, 0x32, 0xf7,
+        0x45, 0x6d, 0x32, 0x73, 0x06, 0xc0, 0xb9, 0xaf, 0x9c, 0x46, 0x99, 0xbe,
+        0x14, 0x06, 0xcd, 0x35, 0x7c, 0x90, 0x7c, 0xe7, 0x97, 0x0a, 0x9f, 0xb4,
+        0x21, 0xff, 0xf0, 0xea, 0x83, 0xc0, 0x86, 0x68, 0x9f, 0x36, 0xb0, 0xad,
+        0xe1, 0x8d, 0xc5, 0x76, 0x55, 0xb5, 0xb6, 0x7e, 0x1f, 0xa7, 0x5b, 0x26,
+        0x6c, 0xb5, 0xf9, 0x54, 0x1f, 0x76, 0xc1, 0x9c, 0xfc, 0x57, 0xc8, 0x86,
+        0xc1, 0x7d, 0x59, 0x55, 0x92, 0xa5, 0xb8, 0x03, 0xfa, 0xa5, 0x72, 0xd1,
+        0x5c, 0x8d, 0x9b, 0x2e, 0x84, 0x07, 0x18, 0xee, 0x49, 0xc5, 0x99, 0x8e,
+        0x15, 0x7c, 0xbf, 0xad, 0x8b, 0x13, 0xcd, 0x97, 0xf9, 0x3c, 0xa2, 0x89,
+        0x9c, 0x9c, 0x89, 0xc9, 0x7a, 0x46, 0xb3, 0x42, 0x7b, 0xd4, 0x28, 0x0d,
+        0x55, 0x63, 0x28, 0xd6, 0xc1, 0x65, 0xf5, 0x34, 0x6e, 0x38, 0x2a, 0xb4,
+        0x35, 0x40, 0xed, 0x7e, 0x80, 0x61, 0x9d, 0x8f, 0x68, 0x4f, 0x74, 0x0c,
+        0x30, 0x35, 0x0e, 0xb3, 0x07, 0xf4, 0x92, 0xed, 0x9c, 0x7f, 0xf5, 0xed,
+        0x3e, 0x17, 0x5b, 0x6e, 0x91, 0x46, 0xa1, 0x25, 0x1d, 0x83, 0x50, 0x93,
+        0x35, 0x06, 0x6c, 0x2f, 0x99, 0x8b, 0x21, 0x4c, 0x5c, 0x34, 0xb1, 0xa7,
+        0x82, 0xbc, 0x70, 0x28, 0x56, 0x61, 0x29, 0x35, 0x89, 0x0b, 0x41, 0x21,
+        0xf0, 0xf7, 0xff, 0x69, 0x3d, 0xa4, 0x28, 0x1e, 0x0d, 0x5d, 0xa7, 0x0e,
+        0xaa, 0xd3, 0x4a, 0x95, 0x49, 0xfe, 0x35, 0x5f, 0xa9, 0xc0, 0xe4, 0xe1,
+        0x9a, 0x03, 0xd4, 0xac, 0x96, 0xe3, 0xea, 0x7e, 0xa6, 0x85, 0x7e, 0xb0,
+        0xb8, 0xc2, 0xe8, 0x07, 0xd6, 0xd3, 0x1a, 0x84, 0x90, 0x24, 0x04, 0xef,
+        0x7c, 0x93, 0x15, 0x83, 0xea, 0xe2, 0x42, 0xc6, 0xe7, 0x13, 0x45, 0xbf,
+        0x35, 0xae, 0x5d, 0x50, 0x79, 0x16, 0xbb, 0x11, 0x17, 0x1b, 0xf4, 0x08,
+        0x88, 0x9d, 0x66, 0x14, 0x6a, 0xa0, 0x71, 0x76, 0x80, 0x51, 0x73, 0x7c,
+        0x1d, 0xb0, 0xc1, 0xad, 0x58, 0xfb, 0xbe, 0xcf, 0x73, 0xe0, 0xd9, 0xf8,
+        0xd5, 0xac, 0xd7, 0x49, 0xd9, 0xc9, 0x59, 0xbf, 0xfa, 0xf5, 0xb1, 0xd2,
+        0x5a, 0x01, 0xcd, 0x8b, 0x07, 0x8b, 0x59, 0x37, 0xc0, 0x8c, 0x7d, 0xa9,
+        0x71, 0x83, 0xf9, 0x7c, 0x58, 0xa9, 0x77, 0x01, 0x3d, 0x39, 0x56, 0x5c,
+        0x93, 0xfe, 0x40, 0x87, 0x5a, 0x31, 0x81, 0x53, 0x8e, 0x0d, 0x99, 0x7e,
+        0xdf, 0x37, 0xd9, 0xe3, 0x91, 0xb8, 0x60, 0x3a, 0x5b, 0xca, 0xe8, 0x91,
+        0x56, 0x89, 0x59, 0x61, 0xc6, 0x31, 0xe2, 0x6c, 0x81, 0xda, 0xc7, 0x5c,
+        0x04, 0x9d, 0xe4, 0x23, 0x12, 0x73, 0xfc, 0x48, 0xfb, 0xa5, 0xce, 0x87,
+        0x37, 0x47, 0x71, 0x5c, 0xd1, 0x2a, 0x63, 0x89, 0xdc, 0x07, 0xe7, 0x7f,
+        0x5d, 0x48, 0xe6, 0xd2, 0x96, 0xc6, 0x6f, 0xed, 0xee, 0x8c, 0xed, 0x5e,
+        0x41, 0x38, 0xbd, 0xdf, 0x21, 0xaa, 0x9e, 0x51, 0x16, 0x22, 0x4a, 0xdc,
+        0xd8, 0x12, 0xdf, 0x5a, 0x83, 0xd6, 0xd0, 0x07, 0xa4, 0x42, 0x41, 0x13,
+        0xe1, 0x08, 0xc9, 0x00, 0x0f, 0x37, 0xc0, 0x7d, 0xda, 0xb2, 0x25, 0xfc,
+        0xc9, 0xbc, 0xa8, 0x86, 0xcc, 0x38, 0x0e, 0x06, 0x51, 0x1b, 0x37, 0xc1,
+        0x0e, 0x2a, 0x58, 0x49, 0xbc, 0x7c, 0xa7, 0xf0, 0xda, 0xd7, 0x74, 0x34,
+        0xf5, 0xd8, 0x99, 0x8c, 0x94, 0x86, 0xe3, 0x1e, 0x6b, 0xf5, 0x68, 0xfa,
+        0xa6, 0x69, 0x63, 0x22, 0x5a, 0x3c, 0x6f, 0x29, 0xc9, 0x40, 0xc0, 0xbe,
+        0x8d, 0xb5, 0xcc, 0x82, 0x6e, 0x9d, 0xd1, 0x1f, 0x13, 0x63, 0xd8, 0x24,
+        0x63, 0x38, 0x59, 0xf0, 0x4a, 0x8c, 0x0f, 0x28, 0x8a, 0x77, 0x81, 0xa2,
+        0xa0, 0x23, 0x11, 0x59, 0xa9, 0x5a, 0x2d, 0x71, 0x8f, 0x82, 0xa7, 0xbd,
+        0x85, 0x26, 0x4d, 0xc2, 0x2f, 0x11, 0xe8, 0xff, 0x96, 0xa1, 0x2d, 0xf2,
+        0xd5, 0xf3, 0x1d, 0x54, 0xd0, 0x5f, 0x71, 0x07, 0xaf, 0x22, 0xa0, 0xcd,
+        0x78, 0xb3, 0x47, 0xb1, 0x40, 0x3d, 0x6b, 0xfd, 0x10, 0x1b, 0xc6, 0x60,
+        0xef, 0x5c, 0x24, 0xa3, 0x1f, 0xee, 0xc0, 0x0b, 0xed, 0x1d, 0x38, 0xc8,
+        0xf2, 0x8c, 0xec, 0x5e, 0xd9, 0x70, 0x1a, 0x2b, 0x25, 0xe6, 0xed, 0xa9,
+        0x0c, 0xb3, 0x78, 0xe1, 0x91, 0x01, 0x41, 0x2e, 0xfe, 0x7d, 0xbd, 0xfe,
+        0xcf, 0x48, 0x6d, 0x2e, 0x05, 0x31, 0x89, 0x24, 0xc4, 0xd7, 0xc4, 0x26,
+        0x2f, 0x64, 0x43, 0xa3, 0xdd, 0x56, 0x11, 0x5c, 0x65, 0x76, 0x96, 0xcc,
+        0x3c, 0x12, 0x42, 0xf2, 0x6b, 0x20, 0xc2, 0xe6, 0xc3, 0x5c, 0xfa, 0x91,
+        0xb1, 0xbd, 0x3b, 0xd3, 0x99, 0xde, 0x59, 0x7a, 0x34, 0x40, 0x56, 0xb0,
+        0x88, 0x02, 0x19, 0xc8, 0xf9, 0xf9, 0x8f, 0xe7, 0x60, 0xfb, 0x42, 0x87,
+        0x57, 0xb4, 0x42, 0xb4, 0x65, 0x94, 0x0a, 0x5f, 0xdb, 0xf5, 0x32, 0xe9,
+        0x49, 0x28, 0xbe, 0xa6, 0x64, 0x0d, 0x6d, 0x08, 0x43, 0x91, 0x16, 0x7a,
+        0x6c, 0xa9, 0x02, 0xe4, 0x84, 0x03, 0x39, 0x48, 0x08, 0xcc, 0xcb, 0x56,
+        0xad, 0x52, 0x95, 0x9e, 0x9a, 0x2b, 0xf1, 0x6d, 0x3f, 0x4b, 0x02, 0xc6,
+        0x52, 0xc7, 0x09, 0x6b, 0x3f, 0xa9, 0x60, 0xe2, 0x19, 0x5d, 0x0a, 0x61,
+        0xcd, 0xc8, 0x36, 0xdb, 0x8e, 0x57, 0xd2, 0x11, 0x49, 0x1c, 0x26, 0x58,
+        0x04, 0x07, 0x32, 0x2a, 0x34, 0xf0, 0x6a, 0x88, 0xcf, 0x63, 0xb7, 0xef,
+        0x7e, 0x93, 0xcc, 0x64, 0x07, 0x14, 0xfa, 0x63, 0x38, 0xdd, 0xc0, 0xf0,
+        0xaa, 0x56, 0xa1, 0xed, 0x16, 0xaa, 0x53, 0x8c, 0x99, 0xc0, 0xd4, 0xda,
+        0x94, 0x58, 0x13, 0xd9, 0x5f, 0x98, 0x9a, 0xa1, 0x57, 0xbd, 0x89, 0xca,
+        0x9d, 0x3e, 0xdf, 0x75, 0x26, 0x29, 0x0f, 0xb2, 0x33, 0x4b, 0x83, 0xb3,
+        0x99, 0x1f, 0x06, 0x5d, 0x10, 0xf5, 0x1c, 0x75, 0x97, 0xec, 0x5b, 0x87,
+        0xc7, 0xf1, 0xd8, 0xbd, 0x0e, 0x4c, 0x1a, 0xb0, 0x59, 0x3b, 0x27, 0x73,
+        0xdc, 0xde, 0xca, 0x0c, 0x2e, 0x1f, 0x42, 0x7f, 0xd8, 0x0f, 0x9b, 0x3f,
+        0x49, 0x3f, 0x63, 0x7d, 0x71, 0xe3, 0x77, 0x79, 0xcc, 0x9c, 0xbf, 0xff,
+        0x23, 0xa9, 0x74, 0xa2, 0xda, 0xb7, 0xca, 0x86, 0x7f, 0x12, 0xc1, 0x1b,
+        0x41, 0x35, 0xb5, 0xc7, 0x10, 0x09, 0xc0, 0xa2, 0x1b, 0x41, 0x31, 0x5e,
+        0x6c, 0x35, 0xb5, 0x63, 0x13, 0x19, 0x61, 0x8e, 0xbd, 0x89, 0xf6, 0x0a,
+        0xbd, 0x16, 0x15, 0xd8, 0xfa, 0xcc, 0x9f, 0x97, 0x02, 0x8f, 0x1b, 0x34,
+        0x40, 0xbc, 0x4a, 0xb1, 0x39, 0x12, 0xf8, 0x66, 0xda, 0x34, 0x03, 0xf2,
+        0x5c, 0x33, 0x9c, 0x63, 0x0b, 0xb6, 0x8f, 0xca, 0x81, 0xa2, 0x4a, 0x43,
+        0xe7, 0xe7, 0x66, 0x41, 0x45, 0x6b, 0x7c, 0xd1, 0x1d, 0xbc, 0x4f, 0x91,
+        0xab, 0x24, 0x0b, 0x9f, 0x60, 0x47, 0x36, 0x04, 0x8b, 0x72, 0xb6, 0x65,
+        0x35, 0xfc, 0xbf, 0xc9, 0x26, 0xaf, 0x84, 0x04, 0x30, 0x32, 0x02, 0xc0,
+        0x94, 0x98, 0xbc, 0x17, 0x33, 0x99, 0xac, 0xb1, 0x4e, 0xdd, 0xf0, 0x46,
+        0x68, 0x6a, 0xac, 0x6d, 0xdb, 0x85, 0xfd, 0xc6, 0x3b, 0xc8, 0x93, 0x89,
+        0xbf, 0xd7, 0xd9, 0x94, 0xe4, 0xa4, 0x37, 0xb9, 0x67, 0x52, 0x84, 0xcf,
+        0x88, 0xba, 0x01, 0x8b, 0xe4, 0xd4, 0x3e, 0xde, 0x94, 0xa1, 0xa9, 0xd8,
+        0x15, 0xb5, 0x6e, 0xa0, 0x62, 0x92, 0x5c, 0xb1, 0x1b, 0xbf, 0x4f, 0xaf,
+        0xf5, 0x99, 0x35, 0xce, 0x7d, 0xa9, 0x4b, 0xa8, 0x60, 0x31, 0xf5, 0x0a,
+        0x83, 0x58, 0xf5, 0x83, 0xde, 0xb2, 0xfe, 0xf3, 0x12, 0x08, 0x3d, 0xe3,
+        0x14, 0x89, 0x17, 0x93, 0x5c, 0x87, 0xe4, 0x89, 0xcb, 0xb7, 0x67, 0x3e,
+        0xea, 0x0e, 0x08, 0x57, 0xf1, 0xca, 0xe0, 0x18, 0xd7, 0xae, 0x5f, 0x9e,
+        0x62, 0x5c, 0xd7, 0x6a, 0x2f, 0xd6, 0x30, 0x67, 0xfb, 0x5e, 0xed, 0xcf,
+        0xa9, 0x88, 0x04, 0x0a, 0xf2, 0x62, 0x50, 0xc5, 0x39, 0xc6, 0xa1, 0x3c,
+        0xe4, 0x9a, 0x81, 0x55, 0x96, 0xca, 0x60, 0xb2, 0x53, 0x62, 0xee, 0xa1,
+        0x1d, 0xfc, 0xd9, 0x5c, 0x51, 0xbf, 0x55, 0x65, 0x1d, 0x13, 0x2a, 0x13,
+        0x58, 0xa3, 0x18, 0x52, 0x6b, 0xb4, 0xae, 0x60, 0x1c, 0x26, 0x3e, 0xb1,
+        0x4c, 0xb1, 0x72, 0x1b, 0x8a, 0x4c, 0xaa, 0xb5, 0x5b, 0x8a, 0x3b, 0x2f,
+        0x1f, 0xc3, 0x29, 0x41, 0xe6, 0x6d, 0xd7, 0x96, 0x26, 0xdd, 0x37, 0x67,
+        0x4f, 0x9d, 0x31, 0xc6, 0x54, 0x51, 0xaa, 0xba, 0x73, 0xae, 0xd2, 0x00,
+        0x0b, 0x05, 0x98, 0x73, 0xd6, 0x9c, 0xb4, 0x2e, 0x23, 0xd0, 0xc3, 0xac,
+        0x46, 0x6f, 0x3e, 0x05, 0x43, 0xf8, 0x96, 0xa0, 0xe0, 0xfe, 0x17, 0x3f,
+        0xfa, 0xc2, 0xc3, 0xf6, 0x1a, 0x46, 0xd0, 0x05, 0x53, 0x0e, 0xea, 0xd8,
+        0xba, 0xa3, 0xab, 0xb6, 0x58, 0xd1, 0x40, 0x1c, 0x97, 0x38, 0xd4, 0x77,
+        0x58, 0x03, 0xf5, 0x8a, 0xc7, 0x48, 0x19, 0x71, 0x71, 0xb5, 0x4b, 0x08,
+        0x85, 0x35, 0x1c, 0xdf, 0xbd, 0xa9, 0xc9, 0xd1, 0x40, 0x62, 0xa3, 0xd6,
+        0x3b, 0xa1, 0xf7, 0x4e, 0xc6, 0xfe, 0xc4, 0x07, 0x2f, 0xf5, 0xc9, 0x0c,
+        0xb6, 0xa0, 0xb3, 0x25, 0x3e, 0x2a, 0x07, 0xe3, 0x63, 0xe3, 0x9e, 0x8d,
+        0x0d, 0x7a, 0x70, 0x1e, 0x65, 0x95, 0x47, 0x37, 0xa8, 0xd2, 0x35, 0x09,
+        0x09, 0x70, 0xf5, 0xc9, 0xc9, 0x30, 0x95, 0xd9, 0xf2, 0x5d, 0x10, 0x3c,
+        0xc3, 0x66, 0x66, 0xb6, 0xdc, 0x14, 0xf6, 0x91, 0xc2, 0x7b, 0x4b, 0x71,
+        0x42, 0xf9, 0x35, 0xe7, 0x08, 0x1e, 0xb6, 0x9a, 0x5c, 0x0e, 0x8b, 0x41,
+        0x44, 0x7f, 0xad, 0xca, 0x8a, 0x4b, 0x6a, 0x02, 0x81, 0x96, 0xe7, 0xe1,
+        0xb0, 0x5b, 0xaf, 0xf2, 0x17, 0x44, 0x7f, 0xd1, 0x49, 0x77, 0xfd, 0x07,
+        0x59, 0x53, 0x8e, 0x51, 0xac, 0x0f, 0x0c, 0xb4, 0xa3, 0xf6, 0x24, 0x16,
+        0x47, 0xf3, 0xa4, 0x36, 0x17, 0x3e, 0x01, 0x1e, 0xf1, 0xec, 0x78, 0x4a,
+        0xcb, 0xbd, 0x2a, 0xfd, 0x01, 0xdd, 0xa5, 0xad, 0x7b, 0xef, 0x5e, 0x56,
+        0xb2, 0x60, 0xb4, 0xf2, 0x27, 0xc8, 0x9b, 0x5b, 0x31, 0x49, 0x54, 0xbc,
+        0x69, 0x9b, 0xc6, 0x1a, 0x79, 0xe7, 0xd4, 0x46, 0xc8, 0x50, 0xc3, 0xaa,
+        0xfc, 0xb5, 0x28, 0x87, 0x1e, 0xa0, 0x0c, 0xc6, 0x1a, 0xa7, 0x34, 0xd6,
+        0xbb, 0x9d, 0x9c, 0x0d, 0x90, 0x6f, 0x1a, 0x3c, 0xdc, 0x3b, 0x95, 0xc4,
+        0x38, 0x25, 0x7a, 0xc6, 0x46, 0x82, 0x9f, 0x68, 0xca, 0x6a, 0x63, 0xa7,
+        0x99, 0xfe, 0x64, 0xe6, 0x6f, 0x11, 0xcd, 0x2c, 0x76, 0x1e, 0xe6, 0x08,
+        0xb8, 0x33, 0x64, 0x43, 0x51, 0xbd, 0x52, 0xf7, 0x05, 0x06, 0xd5, 0xcc,
+        0x6a, 0xde, 0x1a, 0xa2, 0xbe, 0xf8, 0x8c, 0x44, 0x5e, 0x2d, 0xc2, 0x28,
+        0xcd, 0x9a, 0x53, 0x04, 0x96, 0xcc, 0x1e, 0xbb, 0x96, 0x07, 0xc9, 0x17,
+        0x04, 0xf8, 0xd8, 0xd9, 0xdd, 0x35, 0x35, 0x3d, 0x53, 0x30, 0x60, 0xb3,
+        0x87, 0x5d, 0xf3, 0xe5, 0xa7, 0x20, 0x30, 0x9d, 0xb0, 0x5b, 0xc4, 0x36,
+        0xf7, 0xd7, 0xb6, 0x3e, 0x44, 0x98, 0x99, 0xe7, 0xc3, 0x29, 0xcb, 0x70,
+        0xc4, 0x91, 0x8b, 0xfc, 0x63, 0x60, 0x29, 0x95, 0xeb, 0x61, 0x7f, 0xdf,
+        0xf7, 0x3a, 0x69, 0x3a, 0xeb, 0xa1, 0x73, 0x1d, 0x13, 0x18, 0x29, 0x2c,
+        0x89, 0x82, 0x56, 0x42, 0xe7, 0xa3, 0xba, 0xe9, 0x59, 0x2e, 0xfd, 0xff,
+        0xb6, 0xf7, 0xbd, 0x2a, 0xc9, 0xff, 0x4c, 0x63, 0xef, 0x54, 0x63, 0x82,
+        0x7c, 0xa5, 0x11, 0x44, 0xc7, 0x68, 0xf5, 0x7b, 0x44, 0x2c, 0xee, 0xab,
+        0xa3, 0x84, 0x5a, 0x99, 0x28, 0x98, 0x97, 0x2e, 0x8b, 0x07, 0x09, 0x6c,
+        0xea, 0xc1, 0x81, 0x0b, 0xe0, 0xc4, 0xb7, 0xc2, 0x73, 0xbe, 0x8b, 0x72,
+        0xf8, 0xc9, 0x8d, 0x50, 0x28, 0xf2, 0x95, 0x54, 0x8a, 0x3b, 0x23, 0x86,
+        0xc4, 0xe8, 0xe8, 0xe5, 0x45, 0x0d, 0xdf, 0xa3, 0xe6, 0x00, 0x71, 0xe8,
+        0x20, 0xd2, 0x6d, 0x22, 0x23, 0xaf, 0x37, 0x04, 0x55, 0x05, 0x8d, 0xc9,
+        0x38, 0x38, 0x12, 0x4c, 0x9f, 0x28, 0x56, 0x14, 0x76, 0xe5, 0x10, 0x54,
+        0xd9, 0x68, 0xca, 0xc3, 0x97, 0x9f, 0xd2, 0x25, 0x2c, 0x0d, 0xa0, 0xff,
+        0xea, 0xab, 0x61, 0xd2, 0xb2, 0x06, 0xc2, 0x93, 0xfd, 0x5a, 0xfe, 0xe3,
+        0x98, 0xbf, 0x37, 0x2e, 0xa5, 0x74, 0x56, 0xd0, 0x7a, 0x5a, 0x23, 0x3b,
+        0xd2, 0xa0, 0x1f, 0x4b, 0xeb, 0x7f, 0x5a, 0xc5, 0x51, 0x79, 0xf6, 0x95,
+        0x19, 0x50, 0xb1, 0x6a, 0x80, 0xcb, 0xcf, 0x19, 0xa4, 0x67, 0xf4, 0x08,
+        0x0f, 0x6a, 0xd9, 0x3f, 0x15, 0x96, 0x2c, 0x6d, 0xd5, 0x69, 0x7a, 0x56,
+        0x4d, 0x17, 0xc8, 0xcb, 0xba, 0x9b, 0x6e, 0x65, 0xa2, 0x3d, 0x66, 0xed,
+        0xea, 0xe2, 0x54, 0x88, 0x6c, 0xc1, 0x1a, 0x11, 0xde, 0x4e, 0x0c, 0x8a,
+        0x42, 0x04, 0xe1, 0x77, 0xc3, 0x0c, 0xff, 0x10, 0x7d, 0x4a, 0x45, 0x3f,
+        0xb8, 0x40, 0xf9, 0x75, 0x76, 0x9f, 0x65, 0x42, 0x2f, 0x78, 0x5b, 0x0b,
+        0x32, 0xbc, 0x45, 0xfc, 0xd4, 0x29, 0x49, 0x34, 0x76, 0xda, 0x5f, 0xe8,
+        0x39, 0x35, 0x9e, 0xba, 0x7f, 0x19, 0x7e, 0x14, 0xe6, 0x71, 0x9c, 0x72,
+        0x6a, 0xce, 0xcc, 0xa6, 0x72, 0x73, 0x3f, 0x4e, 0x9b, 0x9e, 0x94, 0x0c,
+        0xce, 0x00, 0x15, 0xb4, 0x50, 0xff, 0xcf, 0xcd, 0x78, 0xd3, 0x08, 0x0e,
+        0x95, 0x48, 0x24, 0x13, 0x16, 0x54, 0xb4, 0xe0, 0xa9, 0x29, 0xa3, 0x05,
+        0x77, 0x2f, 0x5d, 0x47, 0x6a, 0xa5, 0xb0, 0x4e, 0xf3, 0xa9, 0x4a, 0x82,
+        0xb9, 0x2c, 0x26, 0x07, 0x9c, 0x33, 0xc6, 0x68, 0xc2, 0xe0, 0xc0, 0x7d,
+        0x70, 0x48, 0x74, 0xb9, 0xf5, 0x1e, 0x6c, 0x15, 0x7f, 0xba, 0xe5, 0xa1,
+        0xb4, 0x36, 0x41, 0x20, 0xf4, 0x2d, 0x97, 0x27, 0x0b, 0x10, 0x30, 0x57,
+        0x7f, 0x38, 0x66, 0xe1, 0xc4, 0xf6, 0xa4, 0xc9, 0x8d, 0xbc, 0x2b, 0x4f,
+        0x14, 0xb3, 0xf0, 0x1e, 0x80, 0x70, 0xc0, 0x0f, 0x69, 0x06, 0xe7, 0x95,
+        0xd1, 0x53, 0x65, 0x49, 0x1c, 0xa8, 0xfa, 0x9e, 0x2b, 0xcc, 0x33, 0x71,
+        0x76, 0xa4, 0x0b, 0x4a, 0xc7, 0xea, 0xa0, 0xfa, 0x1b, 0x2b, 0xfb, 0xa5,
+        0x59, 0x06, 0x2a, 0xef, 0x4b, 0xbf, 0x05, 0x4b, 0x87, 0x70, 0x3c, 0xde,
+        0xc7, 0xb2, 0x4f, 0xf2, 0x5b, 0x1a, 0xbe, 0xda, 0x04, 0x31, 0x57, 0xff,
+        0xf2, 0xa5, 0x43, 0x12, 0xff, 0x8d, 0xf4, 0x99, 0x05, 0xe1, 0x34, 0xa9,
+        0xb9, 0x0a, 0xb3, 0x1f, 0x3d, 0x6d, 0x0d, 0xb7, 0xd3, 0x35, 0x0b, 0x04,
+        0x44, 0x77, 0x60, 0xc0, 0x96, 0x99, 0x7b, 0xa8, 0x8e, 0x79, 0x4a, 0x96,
+        0x24, 0xef, 0xb1, 0xf4, 0x8a, 0x2f, 0x3e, 0x08, 0xf3, 0x3d, 0xf2, 0xfe,
+        0x5f, 0x0a, 0xf7, 0x0a, 0xf5, 0xd8, 0xf2, 0xa0, 0x1b, 0xe7, 0x9e, 0xc9,
+        0x0b, 0xcf, 0x58, 0x97, 0x92, 0x90, 0xad, 0x3d, 0xfc, 0x42, 0xc1, 0x7f,
+        0x39, 0xe8, 0xd1, 0x35, 0x14, 0x8a, 0xb3, 0x77, 0xb1, 0xa9, 0xdb, 0xb4,
+        0x3a, 0x3d, 0xeb, 0x59, 0x0b, 0x5b, 0x3a, 0x63, 0x54, 0x70, 0xda, 0xf0,
+        0xf0, 0xb9, 0xe6, 0x07, 0x69, 0x27, 0x9d, 0xc6, 0xb6, 0x00, 0x2d, 0xd6,
+        0xc7, 0xd7, 0x2e, 0xf8, 0x9c, 0xfe, 0x4c, 0xfb, 0xc0, 0x7b, 0xbf, 0xa2,
+        0x25, 0xb8, 0x2a, 0x5c, 0x06, 0xca, 0x12, 0x2c, 0x96, 0xa4, 0x27, 0xa6,
+        0x73, 0x0b, 0xb8, 0x42, 0x93, 0x51, 0x87, 0xfe, 0xe6, 0x8f, 0xca, 0x00,
+        0x53, 0xdc, 0xc0, 0x38, 0x03, 0x9e, 0x66, 0x13, 0x84, 0x68, 0xe7, 0x04,
+        0x93, 0x79, 0x0c, 0x3e, 0x4c, 0x90, 0xe2, 0xf7, 0x81, 0x15, 0x49, 0x05,
+        0xe1, 0x8f, 0xe6, 0xfc, 0xc8, 0x40, 0xae, 0x3d, 0x7a, 0x16, 0xec, 0xc6,
+        0x39, 0xa5, 0x04, 0x95, 0x35, 0xac, 0xdd, 0x0d, 0x19, 0xd6, 0xa9, 0xd9,
+        0xd2, 0x53, 0x71, 0x31, 0x38, 0xa2, 0xf1, 0x9c, 0x13, 0x2c, 0x8c, 0x21,
+        0x9c, 0x3a, 0x1b, 0xf2, 0xd8, 0x4c, 0xeb, 0xe9, 0x8b, 0x27, 0x52, 0xd3,
+        0x6c, 0x01, 0xc0, 0x60, 0x32, 0x8c, 0x6e, 0xfb, 0xd6, 0xd6, 0x1b, 0xc6,
+        0x93, 0xff, 0xdc, 0xdb, 0x38, 0xf5, 0x0e, 0xd5, 0x15, 0xcd, 0x65, 0x76,
+        0x78, 0x42, 0x13, 0x37, 0x6b, 0x2e, 0xe8, 0xe2, 0x54, 0x4d, 0x45, 0x34,
+        0x73, 0x1b, 0x61, 0x35, 0x2c, 0xf7, 0x20, 0x3e, 0xe9, 0x7c, 0xf0, 0xf3,
+        0xba, 0x41, 0xfc, 0x49, 0xe4, 0x5d, 0xd4, 0xb8, 0x07, 0x15, 0x7b, 0x16,
+        0xc7, 0x7f, 0x78, 0xef, 0xd6, 0x53, 0x3f, 0xe4, 0xa6, 0x33, 0xcf, 0xcc,
+        0x78, 0x53, 0x0c, 0x59, 0xf7, 0x28, 0xa5, 0x83, 0x2b, 0x5a, 0xd3, 0xd6,
+        0xb7, 0xb2, 0xd1, 0x73, 0x63, 0xa9, 0xad, 0x16, 0xf2, 0xed, 0x48, 0x6e,
+        0x88, 0x22, 0xbd, 0x16, 0x9d, 0x6a, 0xc2, 0x48, 0x83, 0xdf, 0x40, 0xb7,
+        0x0a, 0x50, 0x23, 0x3d, 0x58, 0x50, 0x00, 0x02, 0x04, 0xd2, 0x31, 0x72,
+        0x28, 0x7b, 0x10, 0x96, 0xe0, 0xe7, 0x3f, 0xe0, 0xd0, 0x61, 0x70, 0x5c,
+        0x0a, 0xdb, 0xc0, 0x7b, 0xea, 0xef, 0xba, 0xc0, 0x90, 0xe0, 0xf9, 0x0e,
+        0x83, 0x8c, 0x3b, 0x05, 0x2b, 0xb6, 0xcb, 0xbb, 0x37, 0xa1, 0xd3, 0x28,
+        0x02, 0x40, 0xe3, 0x76, 0xbf, 0x27, 0x0b, 0x4f, 0x82, 0xb9, 0x22, 0xee,
+        0x0b, 0x3a, 0xcb, 0xcc, 0x56, 0x13, 0x51, 0xb8, 0xb6, 0x2d, 0xd3, 0x6c,
+        0x96, 0x10, 0xd9, 0x51, 0x24, 0x7b, 0x2b, 0xb8, 0x7b, 0xbd, 0x8d, 0xd9,
+        0xf2, 0x50, 0x61, 0xbb, 0x0c, 0xb7, 0x71, 0x65, 0x3a, 0x25, 0x18, 0x09,
+        0x1a, 0x9d, 0x41, 0xf4, 0xdb, 0x5a, 0x1c, 0x61, 0x0a, 0xbb, 0x43, 0x27,
+        0x8a, 0xa8, 0x83, 0x60, 0x8c, 0x5d, 0x4c, 0x9b, 0xa9, 0xe5, 0xa7, 0x67,
+        0x99, 0x98, 0xdc, 0x7a, 0x3a, 0x55, 0x0d, 0x25, 0x69, 0x47, 0x21, 0xb1,
+        0xd7, 0x0c, 0x0c, 0x43, 0x58, 0xc9, 0xbf, 0x74, 0x91, 0x1b, 0x2b, 0xf3,
+        0x29, 0x8d, 0x10, 0x41, 0xaf, 0xdd, 0x42, 0x0a, 0x71, 0xe3, 0xb8, 0x4d,
+        0x3a, 0xf3, 0x9c, 0x5a, 0x46, 0x4e, 0x70, 0xbe, 0xdb, 0x0d, 0x03, 0xee,
+        0xcb, 0xfb, 0x61, 0x45, 0xbd, 0x25, 0xb4, 0x72, 0xd1, 0x51, 0x03, 0x19,
+        0x82, 0x53, 0x83, 0x18, 0xab, 0xa3, 0x6c, 0x9e, 0xa2, 0xe9, 0x15, 0xb1,
+        0x74, 0x61, 0xa1, 0xaf, 0x09, 0x4b, 0x4a, 0x34, 0x9b, 0xd0, 0xd2, 0x80,
+        0x43, 0xd9, 0x90, 0x53, 0x71, 0x38, 0xb9, 0x80, 0x58, 0x1b, 0x9f, 0x9e,
+        0xfe, 0x07, 0x1b, 0x33, 0x24, 0xb2, 0x58, 0x7f, 0x01, 0xbe, 0xe8, 0x25,
+        0x53, 0x08, 0x06, 0x77, 0x7d, 0x5a, 0x16, 0x83, 0x67, 0x91, 0x0b, 0xa2,
+        0xd2, 0x1e, 0x5f, 0x9c, 0x39, 0xda, 0x57, 0xbc, 0x67, 0xc5, 0x39, 0xbe,
+        0xb9, 0x73, 0x03, 0x19, 0x97, 0x34, 0x4f, 0x1e, 0x6b, 0x4d, 0x87, 0xef,
+        0x79, 0x4f, 0xd1, 0xdd, 0x80, 0x13, 0xbe, 0x3b, 0x0f, 0xea, 0x77, 0x9a,
+        0x1a, 0x46, 0x63, 0xc5, 0x2f, 0x93, 0xfe, 0x18, 0x71, 0xfb, 0x70, 0xbf,
+        0x85, 0x3b, 0x3e, 0x54, 0xe6, 0xf8, 0xe0, 0xb9, 0xd0, 0x9d, 0xf5, 0x2b,
+        0x12, 0x22, 0x39, 0x6a, 0x8d, 0x13, 0xa1, 0x3a, 0x95, 0xd0, 0xe7, 0x07,
+        0xa4, 0x2c, 0x33, 0xba, 0x43, 0x1d, 0xd8, 0xb5, 0xd0, 0x8e, 0x6c, 0x85,
+        0x6f, 0xf8, 0x8f, 0xd3, 0x72, 0x65, 0xc1, 0xff, 0x8f, 0xf6, 0xb5, 0x19,
+        0x59, 0x34, 0xf9, 0xe8, 0xdb, 0xf3, 0x10, 0x68, 0xbd, 0xd5, 0x59, 0xf7,
+        0xe5, 0xf2, 0x84, 0x98, 0x8d, 0xd6, 0x6f, 0xcc, 0xde, 0xc5, 0xee, 0xf7,
+        0x16, 0xca, 0xec, 0xc4, 0x00, 0x89, 0x2e, 0x0d, 0x0d, 0xb6, 0xa8, 0xe0,
+        0x9a, 0xb0, 0xe5, 0x8e, 0xb6, 0x64, 0x47, 0x7d, 0x01, 0x59, 0x8a, 0x90,
+        0xa6, 0x9b, 0x2b, 0x63, 0xad, 0x70, 0xc8, 0x07, 0x36, 0x3e, 0xa9, 0x8f,
+        0xd9, 0xc2, 0xf7, 0x4b, 0xec, 0x95, 0x53, 0xec, 0x6b, 0x2d, 0x1f, 0xb5,
+        0x91, 0xbf, 0x9f, 0xc5, 0x85, 0x61, 0x3a, 0xc7, 0x5c, 0x15, 0x2a, 0x0b,
+        0x4b, 0x3c, 0x38, 0x6d, 0xc9, 0x2c, 0x91, 0x11, 0xc6, 0x6b, 0x44, 0x71,
+        0x9f, 0x89, 0xd5, 0xde, 0x27, 0x99, 0x81, 0xa2, 0x59, 0x8b, 0x57, 0x97,
+        0x83, 0x46, 0x33, 0xe1, 0x8c, 0xdf, 0xcf, 0x5b, 0x6b, 0xb3, 0x0e, 0x17,
+        0x1a, 0xb8, 0x7d, 0x6e, 0x71, 0xe5, 0xc8, 0x4c, 0xa9, 0xe2, 0x52, 0x81,
+        0xf6, 0x2f, 0x3a, 0xef, 0x5a, 0x1b, 0x6b, 0x7b, 0x61, 0x51, 0xcb, 0xd5,
+        0x7b, 0x5f, 0xf0, 0x1c, 0xb8, 0xeb, 0x9a, 0xe4, 0x0a, 0x6e, 0x53, 0x59,
+        0x2e, 0x2d, 0x78, 0x27, 0xb7, 0x47, 0x35, 0x1a, 0x01, 0x25, 0x0a, 0xcc,
+        0x67, 0xae, 0xda, 0xaf, 0xfe, 0x22, 0x63, 0xe8, 0xa2, 0x1c, 0x34, 0xe6,
+        0x6b, 0x73, 0xcf, 0x6f, 0x3e, 0x0a, 0x4a, 0x36, 0xbc, 0xda, 0x43, 0xbc,
+        0x5e, 0x9c, 0x91, 0xe4, 0x8b, 0x34, 0x2e, 0x09, 0x87, 0x69, 0x96, 0x93,
+        0xb4, 0xff, 0x97, 0xbc, 0x4e, 0xd6, 0xa2, 0xb4, 0x16, 0x78, 0x7c, 0x62,
+        0xd0, 0x78, 0x3f, 0x37, 0xdb, 0xf2, 0x92, 0xad, 0x9b, 0x51, 0x77, 0x08,
+        0x19, 0xd2, 0x09, 0x12, 0xf7, 0x52, 0xe8, 0xc8, 0xb2, 0xfb, 0x6f, 0xcd,
+        0x05, 0x5b, 0xd2, 0x8e, 0x0d, 0x6e, 0x0c, 0x16, 0x5b, 0x8a, 0xc2, 0x09,
+        0x13, 0x3b, 0x69, 0x85, 0xbd, 0xc0, 0xcc, 0x2b, 0x48, 0x65, 0xa7, 0xc1,
+        0xc3, 0xe0, 0xea, 0x14, 0x67, 0x6f, 0xa4, 0xb8, 0xc6, 0xf0, 0x12, 0x3e,
+        0x96, 0x0d, 0x23, 0x2b, 0x37, 0x87, 0x8d, 0xc8, 0xf7, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x03, 0x0b, 0x13, 0x1a, 0x1d, 0x25
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_sig[] = {
     0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc,
     0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e,
     0xdd, 0xf5, 0x5c, 0x70, 0x6c, 0x54, 0xba, 0x50, 0x8a, 0xa2,
@@ -41505,12 +45349,23 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
     0x6b, 0x79, 0x7b, 0xc7, 0xcd, 0xef, 0x21, 0x2a, 0x50, 0x7e,
     0xba, 0xdd, 0x02, 0x45, 0x7e, 0xc1, 0xdd, 0xeb, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28,
+    0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28
     };
+#endif
+    wc_test_ret_t ret;
 
-    return dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key,
+    ret = dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key,
         (word32)sizeof(ml_dsa_65_pub_key), ml_dsa_65_sig,
         (word32)sizeof(ml_dsa_65_sig));
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (ret == 0) {
+        ret = dilithium_param_vfy_test(WC_ML_DSA_65_DRAFT,
+            ml_dsa_65_draft_pub_key, (word32)sizeof(ml_dsa_65_draft_pub_key),
+            ml_dsa_65_draft_sig, (word32)sizeof(ml_dsa_65_draft_sig));
+    }
+#endif
+
+    return ret;
 }
 #endif
 
@@ -41518,6 +45373,225 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
 static wc_test_ret_t dilithium_param_87_vfy_test(void)
 {
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_pub_key[] = {
+        0x8a, 0x66, 0xe3, 0x6e, 0x3c, 0x11, 0x70, 0x9f, 0x82, 0xdd, 0xeb, 0x9e,
+        0xc0, 0xd7, 0x25, 0x87, 0x0c, 0x65, 0x07, 0x9d, 0x47, 0x39, 0x5d, 0x04,
+        0x42, 0x5c, 0xd6, 0x0a, 0xdc, 0x39, 0x44, 0x04, 0xd9, 0x79, 0x43, 0x87,
+        0x98, 0x64, 0x88, 0x82, 0x3a, 0x31, 0xbd, 0xec, 0x66, 0xcb, 0x01, 0x90,
+        0xf9, 0x85, 0xcc, 0xde, 0x54, 0x69, 0x7d, 0x84, 0xb3, 0x84, 0x3c, 0x42,
+        0x0d, 0x09, 0x63, 0xdb, 0xe6, 0x5d, 0xc2, 0x8a, 0xcf, 0xe1, 0xf4, 0x86,
+        0x13, 0x05, 0x09, 0x9a, 0x4d, 0x05, 0xd4, 0x31, 0xe7, 0x27, 0x39, 0xfd,
+        0x3a, 0xdb, 0x63, 0x9f, 0x1c, 0x67, 0x0b, 0x01, 0xec, 0xf9, 0xff, 0xf3,
+        0xda, 0xa9, 0xf4, 0x9a, 0x59, 0x52, 0x76, 0xc2, 0xd2, 0xd5, 0xdd, 0x8d,
+        0xb1, 0xa2, 0xef, 0xb3, 0x73, 0x99, 0xe3, 0xcd, 0x1c, 0xf5, 0xca, 0x6e,
+        0x39, 0xfa, 0x26, 0x83, 0x45, 0xe7, 0xd0, 0x9c, 0x1b, 0xf7, 0xb2, 0x64,
+        0xf1, 0x70, 0x00, 0x10, 0xc0, 0x7c, 0x7f, 0xb2, 0x32, 0xce, 0x6d, 0x71,
+        0xa5, 0x43, 0x7c, 0x40, 0x71, 0x09, 0x54, 0x74, 0xac, 0xb5, 0xeb, 0xe0,
+        0x04, 0x02, 0xe5, 0x82, 0x4d, 0x5a, 0x85, 0x1e, 0x19, 0x86, 0x39, 0x33,
+        0x92, 0x2f, 0xa9, 0xa8, 0x10, 0xd2, 0x31, 0x60, 0x16, 0x08, 0x99, 0xe3,
+        0x2c, 0x93, 0x13, 0xc4, 0x4b, 0x10, 0xe0, 0x42, 0xca, 0x3f, 0x32, 0xa7,
+        0xa4, 0xd2, 0xfc, 0x9c, 0x93, 0xb6, 0x5f, 0xe2, 0x5b, 0x6e, 0x40, 0x0c,
+        0x63, 0xf8, 0xf8, 0xe1, 0x2d, 0xcd, 0x86, 0x07, 0x79, 0xdb, 0x61, 0xad,
+        0x24, 0xfd, 0x1e, 0x66, 0x3e, 0x8d, 0x76, 0xba, 0x98, 0x8e, 0x94, 0xc7,
+        0x57, 0xb1, 0x65, 0xce, 0x4f, 0x97, 0xfa, 0x34, 0x7c, 0x97, 0x6b, 0xcd,
+        0x3c, 0x42, 0x81, 0xa4, 0xd1, 0x75, 0xeb, 0x6d, 0x0c, 0x31, 0x0e, 0x6f,
+        0xd5, 0x75, 0xe7, 0xff, 0x83, 0xdd, 0x7a, 0x4d, 0x83, 0x67, 0xa7, 0x4b,
+        0xc1, 0x74, 0xad, 0x37, 0x38, 0x99, 0xe0, 0xf5, 0x5a, 0x44, 0x36, 0xa2,
+        0x20, 0x2b, 0xfc, 0xc9, 0xfa, 0x68, 0xcb, 0xf0, 0x6f, 0x0a, 0x46, 0x1d,
+        0xb5, 0xca, 0x5b, 0x96, 0x1b, 0x3a, 0xaf, 0x7d, 0x01, 0x7a, 0xd2, 0x09,
+        0xcc, 0xd4, 0xe4, 0xb1, 0x49, 0x34, 0x56, 0x68, 0x9c, 0x0f, 0x23, 0xe9,
+        0xb3, 0x4b, 0xed, 0x3d, 0xe7, 0x8d, 0x19, 0x6e, 0xe6, 0xfa, 0x06, 0x55,
+        0xb8, 0x06, 0x4d, 0xa8, 0x45, 0x20, 0x91, 0xf7, 0xfa, 0x0b, 0x6b, 0xce,
+        0x55, 0xa7, 0x14, 0x1b, 0xf9, 0xea, 0xc5, 0x79, 0x78, 0xf7, 0x3a, 0xd9,
+        0xfc, 0x07, 0x43, 0x06, 0x90, 0x94, 0x5e, 0xc9, 0x48, 0x51, 0xe5, 0x96,
+        0x68, 0x78, 0xc8, 0xcb, 0xd1, 0xf3, 0x65, 0xef, 0x14, 0x91, 0xa3, 0xca,
+        0x8b, 0x77, 0x40, 0x84, 0xf4, 0x2e, 0xe7, 0x56, 0xe3, 0xab, 0xa0, 0xa8,
+        0x61, 0x93, 0x17, 0x95, 0x9e, 0xff, 0x3a, 0xd4, 0x12, 0xea, 0x13, 0xe6,
+        0x82, 0x16, 0xed, 0x14, 0x70, 0x91, 0xcc, 0x72, 0x58, 0x99, 0xa1, 0x7f,
+        0xf3, 0x84, 0x10, 0xf4, 0x01, 0x0d, 0x05, 0x45, 0x4d, 0xca, 0x05, 0x03,
+        0x75, 0x7e, 0xbb, 0x44, 0x2e, 0xf5, 0xee, 0xed, 0x64, 0x9b, 0xd3, 0xde,
+        0x3e, 0xfc, 0x31, 0x8c, 0xca, 0x23, 0x66, 0x25, 0xac, 0x5f, 0x0f, 0x33,
+        0x0f, 0xd2, 0xe9, 0xc9, 0x96, 0x2a, 0xe2, 0xb8, 0xed, 0x93, 0xd3, 0x78,
+        0xd8, 0x81, 0xe4, 0x52, 0x9a, 0xc6, 0x64, 0x1d, 0x2d, 0x5f, 0x93, 0x9a,
+        0x2e, 0x73, 0xc4, 0x17, 0xae, 0xc6, 0x08, 0x0d, 0x2d, 0xe9, 0x4b, 0x10,
+        0x29, 0xa8, 0x4e, 0x8c, 0x08, 0x59, 0x87, 0x10, 0x0d, 0x5d, 0xfa, 0xec,
+        0xd6, 0x42, 0xf6, 0x5c, 0xa4, 0x0d, 0xaa, 0x64, 0x8e, 0x20, 0xa5, 0x50,
+        0x9f, 0x0b, 0x85, 0x37, 0x57, 0x15, 0x7c, 0xb1, 0xe4, 0xdd, 0xd5, 0x19,
+        0x3b, 0x10, 0x7d, 0x22, 0xdb, 0x53, 0x8b, 0x7b, 0x32, 0xf7, 0xf2, 0x24,
+        0x92, 0xb2, 0x05, 0xd1, 0xfd, 0xfc, 0x11, 0xd6, 0xfd, 0x3c, 0x8d, 0xd7,
+        0xb0, 0x58, 0x50, 0x06, 0x84, 0x61, 0xa6, 0x78, 0x04, 0x1d, 0x7f, 0x92,
+        0x0e, 0x8b, 0xb3, 0x63, 0x43, 0xc5, 0x30, 0x4c, 0xce, 0x2b, 0x44, 0x70,
+        0x53, 0x7c, 0xb5, 0xbd, 0x30, 0xcb, 0x41, 0x19, 0x27, 0x69, 0xfe, 0x41,
+        0x92, 0xae, 0xf0, 0x37, 0x33, 0xf0, 0x95, 0xe4, 0xe8, 0x4f, 0x75, 0x41,
+        0x64, 0x87, 0xc5, 0x68, 0xd3, 0xce, 0xfa, 0xaa, 0xe8, 0x59, 0x88, 0xfe,
+        0x24, 0x46, 0x27, 0x60, 0x71, 0x36, 0x78, 0x66, 0x3c, 0x36, 0x8e, 0xdb,
+        0x90, 0x67, 0xa5, 0x6a, 0xfe, 0xd3, 0x23, 0x28, 0x91, 0x34, 0x24, 0x67,
+        0x4b, 0x01, 0x6a, 0x0e, 0x02, 0xb7, 0xf0, 0xa8, 0xd4, 0x76, 0xd5, 0xa8,
+        0x1c, 0xd3, 0xb3, 0x7d, 0x74, 0xc6, 0x17, 0x96, 0xa7, 0xf9, 0xad, 0x24,
+        0x36, 0xd2, 0xeb, 0x34, 0x5a, 0xcc, 0x9c, 0x01, 0x99, 0xbe, 0x21, 0x4f,
+        0x27, 0x9d, 0x6b, 0xca, 0x27, 0x1b, 0x60, 0x51, 0x41, 0x23, 0xe1, 0xcb,
+        0xfc, 0x17, 0x2e, 0x1a, 0x4d, 0x3d, 0x51, 0xb3, 0x91, 0x8c, 0x53, 0x4d,
+        0xd7, 0xbc, 0xa4, 0x07, 0xd7, 0x17, 0x19, 0x18, 0x61, 0x38, 0x4e, 0x05,
+        0x81, 0x3f, 0x43, 0x8a, 0x00, 0x60, 0xdc, 0x30, 0xf4, 0x38, 0x3f, 0x93,
+        0x82, 0x10, 0x29, 0x73, 0xa9, 0xbd, 0x63, 0x15, 0x7d, 0xac, 0x2e, 0xc9,
+        0x05, 0xc1, 0x01, 0x41, 0x18, 0x5a, 0xc0, 0xc8, 0xc7, 0x81, 0x69, 0xe7,
+        0x24, 0x21, 0x57, 0xaf, 0x88, 0x73, 0x7c, 0x53, 0x29, 0xae, 0x5a, 0xdf,
+        0x76, 0x37, 0x56, 0x4f, 0x1f, 0x6b, 0xfd, 0x71, 0xbb, 0x80, 0x4a, 0xd7,
+        0x53, 0x50, 0x10, 0x2d, 0xfc, 0x1a, 0xaf, 0x7c, 0x1f, 0xe8, 0xd0, 0x6c,
+        0xa6, 0x45, 0x3d, 0xb5, 0x3d, 0xb2, 0xfc, 0x97, 0xa9, 0xbf, 0x7c, 0x0f,
+        0x32, 0x7a, 0xcc, 0xa9, 0x2f, 0xd0, 0xc6, 0xe6, 0xcd, 0x04, 0x1d, 0x71,
+        0x91, 0xb9, 0x59, 0x4b, 0xad, 0xa0, 0xde, 0x9e, 0xdc, 0x9c, 0x10, 0xeb,
+        0x8d, 0xd6, 0x65, 0x57, 0xbc, 0x96, 0xfd, 0x0f, 0xcc, 0x73, 0xbe, 0x39,
+        0x27, 0x99, 0x94, 0xf5, 0xe1, 0xbb, 0x32, 0xcd, 0x27, 0x7e, 0x08, 0xa0,
+        0xd2, 0x92, 0x39, 0xeb, 0x71, 0xc8, 0xe8, 0x34, 0x57, 0x34, 0x4b, 0x20,
+        0x3f, 0xe2, 0x68, 0xec, 0xc0, 0x8a, 0x71, 0xa3, 0x16, 0xa2, 0x91, 0x77,
+        0xde, 0x41, 0x12, 0xa5, 0xf5, 0x2a, 0x63, 0x60, 0x55, 0xd0, 0x33, 0xa4,
+        0xa7, 0x2e, 0xcb, 0x80, 0x08, 0xe5, 0x76, 0x16, 0x75, 0x04, 0x57, 0xe3,
+        0x14, 0x71, 0x4e, 0x57, 0x29, 0x23, 0x0e, 0xc0, 0xcc, 0xad, 0xba, 0xdc,
+        0x96, 0x5d, 0x23, 0x49, 0x42, 0xd8, 0x91, 0x08, 0x0d, 0x52, 0xf4, 0x5f,
+        0xcd, 0xb7, 0x03, 0xaa, 0x73, 0x26, 0xa8, 0xd5, 0x5b, 0x0c, 0x85, 0xc8,
+        0x84, 0x50, 0x9e, 0x70, 0x18, 0x45, 0x27, 0x82, 0x20, 0x75, 0xad, 0x52,
+        0x5c, 0x80, 0x4b, 0xb1, 0x0b, 0x3b, 0x30, 0x39, 0x02, 0x54, 0x18, 0x5d,
+        0x02, 0x9e, 0x85, 0x31, 0x4a, 0x07, 0x9c, 0x59, 0x5d, 0xab, 0x13, 0x4f,
+        0x8f, 0x6e, 0x39, 0x20, 0xb2, 0xc5, 0x31, 0x93, 0xc6, 0xcc, 0xfb, 0xdc,
+        0x15, 0xba, 0x3d, 0xcc, 0xbb, 0xd2, 0x6f, 0x04, 0x21, 0xdf, 0x0b, 0x27,
+        0x5c, 0xd2, 0x6e, 0xfa, 0xda, 0x86, 0x5d, 0xe4, 0xca, 0xa4, 0x90, 0x22,
+        0xa2, 0x80, 0xb5, 0x33, 0x17, 0xdb, 0x9b, 0x7b, 0x0a, 0xcc, 0x0f, 0x9b,
+        0x38, 0x06, 0xdf, 0x10, 0x11, 0xa1, 0xd7, 0x2c, 0x24, 0xf0, 0xa8, 0x34,
+        0x24, 0xfb, 0x99, 0xba, 0x0a, 0xb5, 0xa1, 0x94, 0x6c, 0x2d, 0xf8, 0xda,
+        0x74, 0xaf, 0x19, 0x59, 0x84, 0xb2, 0x68, 0x1c, 0xef, 0xa1, 0xf5, 0x18,
+        0x8f, 0x10, 0xf6, 0xb3, 0x6d, 0x33, 0x87, 0xe0, 0x25, 0xc8, 0x65, 0x5c,
+        0x2f, 0x51, 0x07, 0x83, 0x69, 0x1b, 0xce, 0xa8, 0xe6, 0xe4, 0x27, 0x62,
+        0x5d, 0x9b, 0x7f, 0xa7, 0x07, 0xc8, 0x54, 0x86, 0x90, 0xa5, 0x06, 0x6a,
+        0x94, 0x80, 0x84, 0x97, 0xaa, 0x2a, 0xb9, 0x79, 0xe5, 0x19, 0x7a, 0x91,
+        0xef, 0x8b, 0x58, 0xdc, 0xf9, 0x90, 0x94, 0xa2, 0x25, 0x4c, 0x69, 0xd8,
+        0x6e, 0x9e, 0xad, 0xf8, 0x82, 0x17, 0x37, 0xc9, 0x20, 0x15, 0x24, 0x40,
+        0xe5, 0xc6, 0xc1, 0xc7, 0xbd, 0xd4, 0x62, 0xff, 0x16, 0x6d, 0xa5, 0xec,
+        0xe9, 0x67, 0x41, 0x9d, 0x3e, 0xfb, 0x22, 0x81, 0x80, 0x61, 0x37, 0x45,
+        0xa5, 0x9f, 0x70, 0xff, 0xd4, 0x99, 0x3d, 0x79, 0x45, 0xd0, 0x27, 0xc2,
+        0x32, 0xbe, 0xd4, 0xe2, 0x53, 0xa8, 0x8c, 0x94, 0x8b, 0xbe, 0x8a, 0x43,
+        0xf7, 0x2a, 0x28, 0x49, 0xf4, 0xce, 0x2e, 0x0b, 0x98, 0xc7, 0xaf, 0x7d,
+        0x51, 0x2e, 0xda, 0xd0, 0x7a, 0xfa, 0x91, 0x3a, 0xe6, 0xe7, 0x64, 0xd6,
+        0x09, 0xd8, 0x5d, 0x6a, 0x97, 0xcf, 0x89, 0x96, 0x72, 0x21, 0x97, 0x61,
+        0xc5, 0x1b, 0xd8, 0xa1, 0xf0, 0xcd, 0x9d, 0xe4, 0xe9, 0x13, 0xd0, 0x16,
+        0x41, 0x20, 0xa4, 0x2c, 0x33, 0xf5, 0x3d, 0xfe, 0x80, 0xe8, 0xb2, 0x52,
+        0x0e, 0x18, 0x31, 0x19, 0x50, 0xeb, 0xc6, 0x99, 0x43, 0xab, 0x9a, 0x59,
+        0x5d, 0x6c, 0x84, 0x00, 0x88, 0x45, 0x7c, 0x73, 0xdf, 0x56, 0x61, 0x3a,
+        0xe1, 0x55, 0xb8, 0x59, 0x13, 0xcc, 0x0e, 0x53, 0xe9, 0xf4, 0x74, 0xa0,
+        0xf2, 0x15, 0xd2, 0xa8, 0xf9, 0xd4, 0x0d, 0x3d, 0xe7, 0x3d, 0x7d, 0x5b,
+        0x19, 0x89, 0x8b, 0x2c, 0x4d, 0x8a, 0xeb, 0xc3, 0x43, 0x31, 0x9a, 0x45,
+        0x72, 0x5b, 0x25, 0xb6, 0xa2, 0xc1, 0x98, 0xe3, 0x8a, 0xd4, 0x90, 0xd0,
+        0x3e, 0x13, 0xf0, 0xd7, 0x90, 0x34, 0x94, 0xcc, 0xf1, 0x0a, 0xa9, 0x30,
+        0xd1, 0x95, 0x43, 0x07, 0xcd, 0xd2, 0xca, 0xb0, 0xe5, 0xd4, 0xf1, 0xa1,
+        0xc5, 0x9b, 0xf4, 0x98, 0x28, 0xba, 0xde, 0x40, 0xd6, 0x98, 0x98, 0x20,
+        0x9c, 0x84, 0x9e, 0xc6, 0x57, 0xd8, 0x84, 0xc4, 0xa2, 0x9b, 0x53, 0x50,
+        0xa5, 0xa6, 0x0b, 0x47, 0xe8, 0x08, 0x7d, 0xd7, 0x09, 0xa4, 0x0c, 0x2b,
+        0x27, 0xde, 0xf9, 0x78, 0xbc, 0xa4, 0xb6, 0xc6, 0x1b, 0xda, 0xce, 0x6a,
+        0xf8, 0x1a, 0xf5, 0xfe, 0x7b, 0xab, 0x58, 0x7c, 0xdc, 0x72, 0x02, 0x94,
+        0x99, 0xf0, 0x3c, 0x37, 0x87, 0x5b, 0xd2, 0x4b, 0x5a, 0x80, 0x83, 0xd7,
+        0xfc, 0x9d, 0xa7, 0x51, 0x81, 0xb8, 0x62, 0xff, 0x4b, 0xb3, 0x9f, 0x07,
+        0xc3, 0x54, 0xfb, 0x41, 0x85, 0x42, 0x9d, 0xac, 0x27, 0x81, 0x2e, 0xaf,
+        0x98, 0x67, 0x8c, 0x23, 0xad, 0x45, 0xfe, 0x6a, 0x57, 0x9f, 0x18, 0xc5,
+        0x71, 0x8c, 0xad, 0x3f, 0x30, 0x3c, 0xaa, 0x47, 0x8d, 0xba, 0xc8, 0x7f,
+        0x03, 0x1c, 0x86, 0xee, 0xba, 0x3f, 0x59, 0x45, 0xd4, 0xd0, 0xf5, 0x54,
+        0x9e, 0xcb, 0x08, 0xcf, 0xca, 0x40, 0x0a, 0x06, 0xc0, 0x1e, 0x60, 0x1f,
+        0x33, 0xbf, 0x2c, 0xa8, 0x5f, 0xce, 0x23, 0xa0, 0xe2, 0x1c, 0x2d, 0x56,
+        0x2a, 0x44, 0x61, 0x58, 0xf1, 0x84, 0x63, 0x4f, 0x0d, 0x5e, 0xfb, 0x83,
+        0x0f, 0x36, 0x1b, 0xf4, 0x8f, 0x17, 0x82, 0x2e, 0x04, 0x2c, 0x77, 0x9d,
+        0x32, 0x58, 0xb8, 0xb0, 0xf9, 0x44, 0xd2, 0xf6, 0x84, 0xa4, 0x8b, 0x28,
+        0x53, 0xd6, 0x99, 0x81, 0x84, 0x43, 0xf0, 0xc1, 0x15, 0xc6, 0x74, 0x4f,
+        0xab, 0x05, 0xcc, 0x80, 0xdf, 0xef, 0xcf, 0xaf, 0x14, 0x82, 0xdf, 0x51,
+        0x7c, 0x28, 0x5e, 0x5b, 0x27, 0x5e, 0x91, 0x8b, 0x54, 0x3d, 0x54, 0x26,
+        0xb0, 0x3f, 0xd7, 0xc5, 0xce, 0xf3, 0x6d, 0x2c, 0x12, 0xc6, 0xb4, 0x48,
+        0x60, 0x11, 0x9c, 0xef, 0x29, 0x98, 0x9c, 0x76, 0x4e, 0x73, 0x2b, 0xd2,
+        0x23, 0x53, 0x7d, 0x03, 0xc2, 0x2f, 0x8a, 0xa1, 0xe2, 0x84, 0x54, 0x2d,
+        0xd8, 0xc6, 0x55, 0x77, 0x9d, 0x07, 0x67, 0x1f, 0x1a, 0xd3, 0x57, 0x4c,
+        0x25, 0x79, 0x8f, 0xd8, 0x82, 0xc2, 0x4d, 0x87, 0x84, 0x33, 0xdc, 0x47,
+        0xed, 0x9e, 0xfb, 0xd2, 0x62, 0xc8, 0x50, 0x76, 0xda, 0x3c, 0x3c, 0x05,
+        0x0e, 0x2d, 0x30, 0x56, 0xca, 0x4d, 0x6a, 0xe2, 0x17, 0x24, 0x26, 0x9c,
+        0xff, 0x09, 0xec, 0xb3, 0x94, 0xec, 0xab, 0x69, 0xb2, 0xf0, 0xa5, 0x66,
+        0x18, 0x92, 0x49, 0x6b, 0x90, 0xf5, 0x77, 0x5a, 0x18, 0xe5, 0x51, 0x36,
+        0x4a, 0x35, 0x54, 0x98, 0x48, 0x04, 0xa9, 0x0f, 0xcb, 0x55, 0xf1, 0x71,
+        0xad, 0x1a, 0x4a, 0x2c, 0x0e, 0x5d, 0x5e, 0x77, 0x47, 0xf5, 0x46, 0x17,
+        0x6b, 0x94, 0x2a, 0xbc, 0x40, 0xe5, 0xa7, 0xa6, 0x88, 0x41, 0x76, 0x22,
+        0x47, 0xd1, 0xe8, 0x2b, 0x18, 0x48, 0x21, 0xc0, 0xe8, 0x4f, 0xe2, 0xb2,
+        0x7e, 0x03, 0xbb, 0x25, 0x9c, 0xc8, 0x68, 0x66, 0x48, 0x25, 0x6a, 0xf2,
+        0x64, 0x29, 0xec, 0x79, 0xba, 0xdb, 0x34, 0xe1, 0xd4, 0xf9, 0x52, 0x0e,
+        0xfd, 0x8d, 0x86, 0x94, 0x71, 0xd8, 0xe0, 0x86, 0x02, 0x9b, 0xd4, 0x65,
+        0x69, 0x5e, 0x01, 0x32, 0x87, 0x59, 0xd8, 0x6c, 0xbc, 0x8a, 0x9f, 0x58,
+        0x28, 0x8c, 0x97, 0xef, 0x33, 0xb2, 0xda, 0x45, 0xa0, 0xec, 0xe5, 0x5b,
+        0xac, 0xc6, 0x65, 0xc1, 0xb6, 0xcb, 0xf7, 0x85, 0x0e, 0xfa, 0x78, 0x36,
+        0x30, 0x84, 0x90, 0xa8, 0xf8, 0x42, 0x25, 0xa5, 0xdd, 0xdc, 0xdc, 0x89,
+        0xd3, 0xf0, 0x73, 0x9a, 0xd8, 0x95, 0x8f, 0x04, 0xbf, 0xc1, 0xfd, 0x94,
+        0xff, 0xe6, 0xf8, 0x4e, 0xc6, 0x43, 0xc9, 0x60, 0x30, 0xe9, 0x68, 0xa8,
+        0x76, 0xfb, 0xfa, 0xdf, 0xc0, 0x9b, 0xbc, 0xbc, 0x34, 0xe4, 0x38, 0xfd,
+        0x93, 0xb0, 0x47, 0xb2, 0x3e, 0x83, 0x6c, 0xef, 0xe1, 0xaf, 0x35, 0xb4,
+        0x90, 0x2a, 0x32, 0xaf, 0x25, 0x3f, 0x3e, 0x72, 0x61, 0xc0, 0x0f, 0x29,
+        0xbb, 0x46, 0x6e, 0x2e, 0x94, 0x7d, 0xdd, 0xb7, 0x67, 0x1f, 0x7b, 0x64,
+        0xcb, 0xa5, 0x9a, 0x58, 0x63, 0x20, 0xa7, 0xc0, 0x94, 0xa9, 0xad, 0x90,
+        0x7d, 0xf3, 0x2b, 0x61, 0x2b, 0x64, 0x3d, 0x8a, 0xc3, 0xd1, 0xcb, 0xad,
+        0x36, 0x44, 0xe6, 0x29, 0x8b, 0x3d, 0x95, 0x7c, 0xa7, 0xa2, 0xfa, 0x1b,
+        0x16, 0x8d, 0x9e, 0xc4, 0xf8, 0x4c, 0x76, 0x20, 0x00, 0x68, 0x07, 0x99,
+        0x9c, 0x60, 0xe6, 0x16, 0x6a, 0x6f, 0x8a, 0xbe, 0x71, 0x95, 0xa1, 0xcb,
+        0xfe, 0x7c, 0x41, 0x59, 0x61, 0x20, 0xf9, 0x54, 0x3c, 0xb1, 0x19, 0x5c,
+        0x42, 0x67, 0x3f, 0xff, 0xf3, 0x32, 0x21, 0x9c, 0x9e, 0x88, 0xf9, 0x97,
+        0x00, 0x43, 0x73, 0x4a, 0xfc, 0x54, 0xeb, 0x27, 0x79, 0x14, 0x85, 0xd3,
+        0xdc, 0x47, 0xb3, 0x6d, 0x24, 0xd3, 0xf7, 0x7a, 0xfb, 0x90, 0x7c, 0x6e,
+        0xcd, 0x4e, 0xbf, 0x26, 0x76, 0xd2, 0xe8, 0xcc, 0x67, 0xd1, 0x23, 0x3c,
+        0x94, 0x16, 0x1e, 0x07, 0x36, 0x7c, 0x96, 0xf6, 0xe8, 0x50, 0x72, 0x26,
+        0x56, 0x67, 0x89, 0xa9, 0x11, 0xfb, 0x1d, 0xb8, 0xb9, 0x2a, 0x55, 0xb7,
+        0x85, 0xf7, 0x40, 0xa2, 0xfc, 0x9f, 0x30, 0xec, 0x8f, 0x9a, 0x1c, 0xc8,
+        0xe4, 0xc5, 0x1f, 0xcb, 0x0a, 0x60, 0x80, 0x41, 0xec, 0x88, 0x8a, 0xda,
+        0x7c, 0x7a, 0xa1, 0x96, 0x51, 0x62, 0x16, 0x63, 0x75, 0x36, 0x28, 0x7c,
+        0xc9, 0xd0, 0x27, 0x0c, 0x9e, 0x18, 0x4a, 0x82, 0xf7, 0x02, 0xb9, 0x40,
+        0x8f, 0xd5, 0x97, 0x7a, 0x35, 0xa9, 0x3a, 0xb3, 0x8b, 0x6b, 0xf1, 0x9a,
+        0xd1, 0xe7, 0x14, 0x38, 0x5e, 0xba, 0x8c, 0xbf, 0x32, 0xaa, 0x34, 0x30,
+        0x7c, 0x1e, 0x11, 0xcd, 0x1f, 0x9f, 0xcf, 0x4d, 0x14, 0xce, 0x67, 0xf9,
+        0x9c, 0x89, 0x07, 0x92, 0x44, 0x6e, 0x9a, 0x16, 0xe4, 0xfb, 0x67, 0x01,
+        0x3f, 0x4c, 0x14, 0x89, 0x33, 0x87, 0x46, 0xc6, 0xe4, 0x66, 0x94, 0xd4,
+        0x87, 0x4f, 0x2c, 0x92, 0x1b, 0xae, 0x82, 0xe7, 0x99, 0xaa, 0xb4, 0x99,
+        0x81, 0x26, 0xa6, 0x6f, 0x1d, 0xc1, 0x95, 0x80, 0xe9, 0xea, 0xe3, 0x44,
+        0x6a, 0x2b, 0xd2, 0xe0, 0x0d, 0x69, 0x42, 0xf7, 0x27, 0x6b, 0x4f, 0x02,
+        0x7a, 0x33, 0x7b, 0x43, 0x3d, 0xef, 0x10, 0xaa, 0xab, 0xc5, 0xa2, 0xf0,
+        0xbb, 0x07, 0x4b, 0x26, 0x0c, 0x58, 0xcd, 0x3b, 0xd2, 0x6d, 0xa5, 0x32,
+        0x37, 0x88, 0x4e, 0x8b, 0xe3, 0x75, 0xb0, 0xbb, 0x87, 0xea, 0xa4, 0x53,
+        0xf3, 0xff, 0x39, 0x92, 0x44, 0xab, 0x7b, 0x71, 0x62, 0x31, 0x6b, 0x31,
+        0xca, 0x97, 0xba, 0xd7, 0x41, 0xe0, 0x47, 0x47, 0x4f, 0x77, 0xa2, 0x35,
+        0x62, 0x7a, 0xc1, 0xb6, 0x69, 0x10, 0x09, 0xce, 0xfc, 0x92, 0xcc, 0xc5,
+        0x7a, 0x11, 0xf1, 0xc1, 0xa0, 0x80, 0xe5, 0x42, 0x17, 0xb6, 0x3f, 0xab,
+        0xc1, 0xa2, 0x41, 0xfb, 0xe3, 0x98, 0x2d, 0x7a, 0xe4, 0x1b, 0x1f, 0x7e,
+        0x71, 0x3c, 0x3e, 0x90, 0x8c, 0x60, 0x30, 0xb7, 0x73, 0x06, 0x1f, 0x8a,
+        0xce, 0x50, 0x20, 0x7c, 0xfa, 0x8c, 0xf2, 0x14, 0xd9, 0x00, 0xa2, 0x21,
+        0xea, 0x10, 0x36, 0x21, 0x6f, 0x7f, 0x13, 0xe3, 0x6c, 0xb2, 0xd6, 0xa5,
+        0xa6, 0x6e, 0xa9, 0xe7, 0x1d, 0xdf, 0xc9, 0x97, 0x60, 0x75, 0xa3, 0x55,
+        0xa1, 0x2c, 0x94, 0xd7, 0x85, 0x4b, 0x44, 0xc6, 0x9c, 0x17, 0xc2, 0xad,
+        0xe6, 0x56, 0x72, 0x1d, 0xb9, 0x13, 0x54, 0xfe, 0x8c, 0xec, 0xf4, 0xa3,
+        0x54, 0x6b, 0x31, 0xbc, 0x55, 0x9e, 0x01, 0xd4, 0x9b, 0x24, 0x9e, 0x51,
+        0xaf, 0x67, 0x76, 0x02, 0xf7, 0x34, 0x6a, 0xaa, 0xb0, 0x3c, 0x70, 0x2e,
+        0xc8, 0x86, 0xfa, 0x40, 0x89, 0x12, 0xb7, 0x49, 0x38, 0x0b, 0xf7, 0x66,
+        0xd2, 0x2e, 0x58, 0xf1, 0x22, 0x3b, 0xb3, 0x40, 0x6b, 0x7a, 0x68, 0x4d,
+        0x42, 0xfd, 0xbf, 0xa0, 0xf7, 0x2f, 0x63, 0x4a, 0x87, 0xe7, 0x99, 0x52,
+        0x6e, 0xe7, 0xdd, 0xca, 0x19, 0x71, 0xee, 0x92, 0xe2, 0x68, 0x0e, 0xe1,
+        0xb7, 0x90, 0x1f, 0xc4, 0xef, 0xf8, 0xf6, 0x85, 0x53, 0x18, 0x33, 0x86,
+        0x15, 0xc8, 0x29, 0x58, 0x6f, 0xf0, 0x1c, 0x14, 0x73, 0xa9, 0x8e, 0x88,
+        0x74, 0xd4, 0x21, 0xf5, 0xc6, 0x7c, 0xd8, 0x96, 0x0f, 0xb0, 0xa6, 0x7b,
+        0xf7, 0x72, 0x15, 0xd7, 0x30, 0x6b, 0x15, 0x1d, 0x3f, 0xb7, 0x4e, 0xaa,
+        0xc0, 0x52, 0x1d, 0x84, 0xbf, 0x98, 0xbd, 0x33, 0x02, 0xab, 0x8b, 0xd0,
+        0x9c, 0x85, 0x2f, 0xa3, 0xfb, 0x46, 0x8d, 0x4d, 0x97, 0x1a, 0x8a, 0x3c,
+        0x73, 0x5b, 0x3b, 0x58, 0x26, 0xba, 0x6b, 0x45, 0x2e, 0x24, 0x66, 0x79,
+        0x7d, 0xc4, 0xf8, 0x8c, 0x05, 0x7d, 0x5c, 0x23, 0xb9, 0xe8, 0x5d, 0xfe,
+        0xc9, 0x84, 0xe5, 0x58, 0x40, 0xa4, 0xb7, 0x55, 0x74, 0x69, 0x92, 0x9c,
+        0x3e, 0x19, 0xb1, 0xb6, 0x51, 0xe9, 0x71, 0xcc, 0x96, 0x2b, 0x01, 0x71,
+        0xf5, 0xb9, 0xde, 0x77, 0xfe, 0x2e, 0x74, 0x9c, 0x6a, 0x52, 0x17, 0x1e,
+        0xea, 0xd9, 0xc8, 0x14, 0xbe, 0x61, 0xdf, 0xe9, 0x96, 0x24, 0x5a, 0x9a,
+        0xd8, 0xd7, 0xad, 0x71, 0xe0, 0xf4, 0xbb, 0x9e, 0xae, 0x95, 0xcd, 0x58,
+        0x94, 0x81, 0xee, 0x46, 0x84, 0x65, 0x39, 0xb1, 0x1b, 0x1e, 0xf5, 0x50,
+        0xad, 0x56, 0x58, 0xb7, 0x53, 0x9b, 0x2a, 0x2f, 0x09, 0x61, 0x57, 0xda,
+        0xf5, 0xdc, 0x9f, 0x3c, 0x6c, 0x69, 0x0d, 0x61, 0x49, 0xb2, 0xe0, 0xb2,
+        0xe5, 0xef, 0x19, 0xbe, 0x04, 0xf6, 0x6b, 0xad, 0x41, 0x4c, 0x5a, 0x50,
+        0xf6, 0xac, 0x1b, 0x25, 0x8a, 0xdd, 0xe3, 0x57, 0xab, 0x7c, 0x92, 0xe4
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_pub_key[] = {
     0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
     0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
     0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd,
@@ -41777,9 +45851,399 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
     0xe7, 0x56, 0xa8, 0xb4, 0x93, 0x3c, 0xd5, 0x98, 0x9f, 0x61,
     0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40,
     0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95,
-    0x0a, 0x93,
+    0x0a, 0x93
     };
+#endif
     WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_sig[] = {
+        0x20, 0xff, 0x12, 0xe1, 0x87, 0xf6, 0x11, 0x38, 0xff, 0x41, 0xd0, 0x8f,
+        0xcd, 0x7e, 0xd1, 0xf6, 0x21, 0x17, 0xd0, 0x46, 0xe9, 0x86, 0x83, 0x1b,
+        0xaf, 0xe5, 0x2b, 0x59, 0x21, 0xd1, 0x6b, 0xc9, 0xdb, 0x34, 0xdc, 0xba,
+        0xfd, 0xd3, 0xf8, 0x71, 0x49, 0xd8, 0x31, 0xbc, 0x48, 0x83, 0x22, 0x7b,
+        0xfd, 0x6a, 0x93, 0xa6, 0x39, 0x4c, 0xda, 0xdb, 0x15, 0xe7, 0x41, 0x14,
+        0xb4, 0xb8, 0xfe, 0xb0, 0x1f, 0xf9, 0x0a, 0x2c, 0x0b, 0xc0, 0xac, 0x09,
+        0x84, 0x69, 0x5e, 0x64, 0x8c, 0xa8, 0xee, 0xa1, 0x52, 0x22, 0xde, 0x0d,
+        0xc7, 0x25, 0xef, 0xa8, 0xfd, 0x8c, 0xb9, 0x45, 0x4f, 0xa4, 0x9c, 0xbc,
+        0x70, 0xf2, 0x88, 0xea, 0x79, 0x13, 0xb0, 0xfc, 0xe6, 0x41, 0x48, 0x1c,
+        0x33, 0x48, 0xa2, 0x77, 0x75, 0x37, 0x9f, 0xc1, 0x86, 0x94, 0xcd, 0x69,
+        0x98, 0x87, 0x47, 0x49, 0x75, 0x93, 0xf1, 0xa4, 0x2d, 0x8e, 0xa8, 0x7e,
+        0x0f, 0x95, 0xf5, 0x3e, 0x5d, 0x31, 0x2d, 0xc9, 0x58, 0x1c, 0x42, 0xfd,
+        0x79, 0x6a, 0x49, 0xa3, 0x84, 0xc5, 0x2e, 0x8d, 0x96, 0x9c, 0xc8, 0x05,
+        0x93, 0xdb, 0x6d, 0xbf, 0x83, 0x34, 0xc2, 0x81, 0x47, 0x90, 0xc9, 0xa9,
+        0x82, 0xbd, 0xe1, 0xc8, 0x89, 0xa2, 0x36, 0x47, 0xed, 0xfb, 0x47, 0x57,
+        0x01, 0x1a, 0x75, 0x8c, 0x6b, 0x83, 0xcf, 0x56, 0xae, 0x52, 0x66, 0x8b,
+        0xab, 0x7f, 0x0c, 0xec, 0xde, 0x5c, 0x13, 0xbe, 0xbd, 0x5b, 0x74, 0x28,
+        0xb5, 0xd7, 0x68, 0xd5, 0xd2, 0xe9, 0x96, 0x3b, 0x55, 0xda, 0x3a, 0x93,
+        0x3c, 0xd9, 0x9f, 0x53, 0x2a, 0x31, 0x84, 0x45, 0x3f, 0xee, 0x2b, 0xfc,
+        0x92, 0xb0, 0x9c, 0xc6, 0x16, 0x16, 0x4f, 0x33, 0x41, 0x17, 0x58, 0xbe,
+        0x5d, 0x57, 0x4b, 0x04, 0x82, 0xe3, 0xb3, 0x68, 0xdf, 0x7c, 0x93, 0xce,
+        0x9d, 0xf6, 0x7e, 0x21, 0x3d, 0x28, 0x1c, 0xf0, 0x37, 0x46, 0xf2, 0xc2,
+        0x73, 0x7c, 0xbe, 0x98, 0x0e, 0x09, 0x75, 0xa7, 0x21, 0x11, 0xa9, 0xd6,
+        0xd1, 0x47, 0xac, 0xd0, 0x19, 0x48, 0x3b, 0x74, 0xc1, 0x3c, 0x37, 0x43,
+        0x49, 0x12, 0x62, 0xee, 0xaf, 0x5c, 0x38, 0xf7, 0x8a, 0xce, 0xb3, 0x7a,
+        0x05, 0x16, 0xd4, 0x71, 0x8b, 0xbe, 0x1a, 0xe0, 0x1e, 0xbc, 0x4b, 0x54,
+        0x0f, 0xb5, 0x73, 0x2b, 0xb8, 0x3a, 0x75, 0xf0, 0x26, 0xcd, 0xf9, 0xca,
+        0x32, 0xf9, 0x7e, 0x15, 0x38, 0x75, 0x9c, 0x4d, 0xbc, 0x11, 0xf8, 0xea,
+        0x8e, 0xe8, 0x38, 0x17, 0xc5, 0x62, 0xf4, 0x34, 0xfb, 0xd6, 0xf5, 0x76,
+        0xfc, 0xa3, 0xf3, 0x44, 0xf9, 0xab, 0x2e, 0x9a, 0x68, 0xcd, 0xa1, 0x29,
+        0xff, 0xda, 0xe8, 0xb5, 0xb0, 0x20, 0x5d, 0x02, 0x01, 0x62, 0x26, 0x44,
+        0x32, 0xc8, 0x94, 0xf8, 0xf1, 0xaa, 0xf9, 0xc2, 0x86, 0xcb, 0x55, 0x7f,
+        0x8d, 0xb3, 0xf6, 0x63, 0xb1, 0xa4, 0x95, 0x57, 0xb8, 0x1d, 0xc3, 0x42,
+        0xd2, 0x4b, 0x69, 0xcd, 0x7a, 0x10, 0x5b, 0x6a, 0x13, 0xd1, 0x02, 0x98,
+        0x38, 0x87, 0x9b, 0x9a, 0x5a, 0x66, 0x73, 0xcb, 0x75, 0xd0, 0x7a, 0x4b,
+        0xad, 0x23, 0x06, 0x1c, 0xc8, 0x6b, 0x0c, 0xa8, 0xfe, 0x7b, 0x8f, 0x65,
+        0x50, 0xd7, 0xf7, 0x76, 0x88, 0x42, 0xe0, 0x5e, 0x18, 0x91, 0x8b, 0x99,
+        0x37, 0x56, 0x08, 0x91, 0xe7, 0x01, 0xe7, 0x05, 0xd5, 0xed, 0x43, 0x25,
+        0x71, 0x7e, 0x3e, 0xfc, 0xc4, 0xfd, 0xed, 0x8b, 0x85, 0x16, 0x8c, 0xe3,
+        0x05, 0xee, 0x51, 0x02, 0xa4, 0x4b, 0xd8, 0x3c, 0xcf, 0x4d, 0x2f, 0x2d,
+        0x68, 0x6e, 0xc1, 0xd5, 0xfa, 0x91, 0xfd, 0x6a, 0xe0, 0x64, 0x85, 0x35,
+        0x9c, 0x75, 0xe6, 0x0d, 0xb8, 0xec, 0x97, 0x88, 0x62, 0x98, 0x78, 0x75,
+        0xc7, 0x1e, 0x68, 0xa7, 0xb9, 0x7b, 0xab, 0x75, 0x7a, 0x72, 0x3c, 0x7b,
+        0xab, 0x60, 0x03, 0xb7, 0x38, 0x13, 0xe4, 0x96, 0x6e, 0xcb, 0x95, 0xcc,
+        0xdc, 0x6a, 0x47, 0x67, 0x77, 0xd7, 0x95, 0xc4, 0x87, 0x66, 0xc2, 0x7e,
+        0x42, 0x90, 0x59, 0x4f, 0xd6, 0xf3, 0xf4, 0xa7, 0xd0, 0x29, 0xf9, 0x5d,
+        0x4b, 0x06, 0x06, 0xf7, 0x6e, 0xb2, 0xab, 0xb0, 0x8e, 0x21, 0xa6, 0xff,
+        0x5e, 0x7b, 0x47, 0xb6, 0x3a, 0xa6, 0x9e, 0x19, 0xf6, 0xdf, 0x9b, 0x3b,
+        0x3d, 0x07, 0x37, 0xd1, 0x0b, 0xa8, 0xf3, 0x9c, 0x43, 0x89, 0xee, 0xba,
+        0x03, 0xee, 0x38, 0x74, 0x13, 0x09, 0x8e, 0x47, 0x4e, 0xa9, 0x14, 0xf5,
+        0xb0, 0x55, 0xe0, 0x03, 0xe5, 0xb9, 0x53, 0xef, 0x03, 0x15, 0x60, 0xb3,
+        0x4a, 0x71, 0x31, 0x4b, 0xf1, 0xc8, 0xe4, 0x63, 0x9b, 0x8b, 0x78, 0x3c,
+        0x1f, 0xac, 0x27, 0x20, 0xa8, 0x53, 0x7d, 0xdd, 0x72, 0xd3, 0x90, 0x8f,
+        0x71, 0xa6, 0xa7, 0xeb, 0xb0, 0xeb, 0x42, 0x96, 0xa4, 0xc3, 0xba, 0xc6,
+        0x3c, 0xe7, 0x7b, 0x15, 0x1e, 0xfa, 0x15, 0x23, 0x37, 0xf3, 0xc8, 0xb2,
+        0xf9, 0x46, 0x04, 0xd1, 0x5e, 0x44, 0xd7, 0x8f, 0x70, 0xb1, 0x0a, 0xde,
+        0x6a, 0xe3, 0xaf, 0x9e, 0x49, 0x55, 0x78, 0x79, 0x11, 0x22, 0x87, 0xa9,
+        0x54, 0x7c, 0xb4, 0x83, 0xe1, 0x25, 0xcd, 0x89, 0xa6, 0x91, 0x21, 0x7b,
+        0xbe, 0x3d, 0x2f, 0x46, 0xb5, 0x5b, 0x50, 0x1a, 0xc8, 0x8d, 0x32, 0xf3,
+        0x62, 0x1f, 0x24, 0x64, 0xe8, 0xb6, 0x02, 0x4f, 0x1f, 0x52, 0x3c, 0x40,
+        0xfc, 0x72, 0x38, 0xd4, 0xba, 0x40, 0x8e, 0xb7, 0xc0, 0x97, 0x06, 0x16,
+        0xd5, 0xe3, 0x39, 0x45, 0xd7, 0x7c, 0x0e, 0xed, 0x6b, 0x19, 0x19, 0x0a,
+        0x8e, 0xcb, 0x2b, 0xee, 0x4d, 0xa1, 0x5e, 0x84, 0x22, 0x66, 0xcd, 0x4f,
+        0xb9, 0x1a, 0x25, 0x85, 0x02, 0xc0, 0x67, 0xc4, 0xd5, 0x1a, 0xcb, 0xbb,
+        0xde, 0x4d, 0x3c, 0x3c, 0x62, 0x9f, 0x76, 0x8f, 0x15, 0x29, 0xa5, 0xbb,
+        0x5a, 0x48, 0x38, 0x66, 0xfa, 0x56, 0x0a, 0x09, 0xbd, 0xdf, 0xdf, 0x4a,
+        0xe7, 0x0e, 0xa6, 0xb1, 0xb5, 0x7c, 0xe1, 0xed, 0x8d, 0x63, 0x07, 0x42,
+        0xf3, 0xf8, 0x15, 0x28, 0x7c, 0x09, 0xf5, 0x02, 0x69, 0x1b, 0x88, 0x1e,
+        0x3d, 0xad, 0x5f, 0x46, 0xed, 0xab, 0x2b, 0x11, 0x96, 0x73, 0xa8, 0xe8,
+        0xe6, 0x64, 0x7d, 0xae, 0x13, 0xa1, 0x7d, 0x54, 0xae, 0xc0, 0x82, 0xeb,
+        0x2a, 0xd1, 0x76, 0xb7, 0x9f, 0xbd, 0x33, 0x8f, 0xe7, 0xe6, 0x79, 0x92,
+        0xa6, 0xaf, 0x61, 0x91, 0x49, 0xbc, 0xd2, 0x3c, 0x6f, 0x8b, 0xbe, 0x8f,
+        0x5f, 0x1f, 0x00, 0x2c, 0x2e, 0x2c, 0xa0, 0x14, 0xcf, 0x34, 0x42, 0x44,
+        0x41, 0x11, 0xd7, 0x37, 0xd3, 0x99, 0x44, 0x36, 0x43, 0x03, 0xb9, 0x50,
+        0x4f, 0xab, 0xfe, 0x48, 0xe2, 0x4b, 0xed, 0x51, 0x8b, 0xe0, 0x04, 0x3c,
+        0x93, 0x28, 0x55, 0xc8, 0x5a, 0xb3, 0x52, 0x2c, 0x56, 0xbd, 0x43, 0xb9,
+        0x4a, 0x6c, 0x4c, 0xcc, 0xda, 0xba, 0x9c, 0xe6, 0x3e, 0x50, 0x8b, 0x1a,
+        0xe5, 0x83, 0xc1, 0x60, 0x55, 0xb2, 0x02, 0x16, 0x54, 0x33, 0x62, 0x69,
+        0x7c, 0x7d, 0x94, 0xf2, 0xb0, 0x3a, 0x22, 0xf0, 0x21, 0x46, 0xd7, 0x94,
+        0x53, 0xec, 0x63, 0x4c, 0x3e, 0xc3, 0x71, 0xd1, 0xb9, 0x2e, 0x16, 0xe8,
+        0x17, 0x63, 0x7e, 0x0c, 0x83, 0x05, 0x72, 0xe6, 0x20, 0x60, 0x34, 0xae,
+        0x0e, 0x54, 0xa0, 0x57, 0x75, 0x93, 0x2e, 0xb8, 0x6c, 0xec, 0xda, 0x44,
+        0x1b, 0xac, 0xd6, 0x75, 0xc5, 0x79, 0x3c, 0xc2, 0xa6, 0xa2, 0x7f, 0x3a,
+        0xb0, 0xec, 0xeb, 0xc1, 0xe6, 0xd6, 0xae, 0xac, 0x2e, 0x55, 0x30, 0x1c,
+        0x81, 0xa4, 0x4c, 0x35, 0x0e, 0xd8, 0xa6, 0x4e, 0xea, 0x0e, 0xbf, 0x79,
+        0xf7, 0xdf, 0x55, 0xfc, 0xf9, 0x24, 0xb0, 0xa6, 0xba, 0xc3, 0x72, 0x42,
+        0x60, 0x06, 0x44, 0x03, 0xe3, 0x40, 0x3c, 0x2a, 0x13, 0xf7, 0xdf, 0x3d,
+        0xb7, 0x0d, 0x86, 0x6c, 0xb0, 0x0f, 0x2e, 0x72, 0x91, 0x16, 0x4f, 0x5f,
+        0xd0, 0x3e, 0x8c, 0x36, 0xed, 0xa8, 0x6f, 0xbc, 0x65, 0xb0, 0x65, 0x99,
+        0x47, 0x50, 0xa5, 0x9c, 0xea, 0xee, 0x8a, 0x44, 0x70, 0xf5, 0x31, 0x1a,
+        0xe9, 0x11, 0xc1, 0xce, 0xe0, 0x21, 0x52, 0x70, 0x89, 0xf7, 0xc3, 0x35,
+        0xfa, 0x55, 0x5a, 0xc5, 0x10, 0x02, 0xc4, 0xc7, 0xf7, 0xe1, 0xaf, 0x49,
+        0x48, 0x61, 0xe7, 0x0d, 0xa1, 0x2d, 0x7d, 0x03, 0x00, 0x38, 0xa7, 0xd5,
+        0xd3, 0xbf, 0x95, 0x29, 0xed, 0xcc, 0x70, 0x3e, 0xbe, 0x95, 0x8a, 0xdf,
+        0xaf, 0xbf, 0xec, 0xf8, 0x6a, 0x4f, 0x9e, 0x69, 0xee, 0x4e, 0x3d, 0x8b,
+        0x58, 0xa0, 0x2e, 0xb5, 0x83, 0x6a, 0x0e, 0x04, 0xa4, 0xa9, 0x74, 0xcb,
+        0x4f, 0xb0, 0x39, 0x37, 0x8f, 0xcf, 0xbf, 0x77, 0xe4, 0x1a, 0x74, 0xcf,
+        0x0e, 0x0d, 0x2d, 0x6e, 0x1d, 0xba, 0xc1, 0xf5, 0x7c, 0x54, 0x6e, 0x92,
+        0xec, 0x4b, 0x03, 0xc3, 0xa4, 0x44, 0xad, 0x3e, 0x4f, 0xa4, 0xd9, 0xe9,
+        0x71, 0x3c, 0xe6, 0xb6, 0xbe, 0xe7, 0xfc, 0x72, 0x76, 0x86, 0x9a, 0x73,
+        0xb1, 0xb3, 0xf3, 0x84, 0xb6, 0x2a, 0x40, 0x0b, 0x8c, 0xae, 0xb3, 0xc4,
+        0xdc, 0xb5, 0x21, 0x85, 0x87, 0xdc, 0x19, 0x18, 0xd5, 0xba, 0xa4, 0x5e,
+        0x88, 0x89, 0xa4, 0xf4, 0x88, 0x75, 0xc2, 0x7a, 0xb4, 0xee, 0x9d, 0x54,
+        0x66, 0x97, 0x70, 0x08, 0x8f, 0x99, 0x84, 0x5d, 0x5e, 0xa7, 0x6f, 0x92,
+        0xe8, 0xa3, 0x65, 0xfa, 0x0e, 0x87, 0xfb, 0x3c, 0xe9, 0x17, 0x2d, 0xc7,
+        0x2d, 0x30, 0x8f, 0x41, 0x82, 0x68, 0x2b, 0xf1, 0x67, 0x8e, 0xf7, 0x05,
+        0x78, 0xfa, 0xc3, 0x61, 0xba, 0x35, 0xe7, 0x2f, 0x19, 0xef, 0x71, 0x36,
+        0xac, 0x5b, 0xf0, 0x45, 0x30, 0x70, 0xdc, 0xc7, 0xab, 0x7b, 0x62, 0x17,
+        0x9d, 0xc4, 0x43, 0x6f, 0xfc, 0x02, 0x56, 0x5f, 0x65, 0xaa, 0x68, 0x3b,
+        0x5c, 0xfa, 0x71, 0x28, 0x89, 0xe9, 0x28, 0x2f, 0x95, 0x4b, 0xfc, 0xe6,
+        0xe7, 0xc8, 0x44, 0x28, 0x5c, 0x3c, 0x08, 0x5f, 0x9c, 0xbc, 0x41, 0x68,
+        0x91, 0x98, 0x7a, 0x00, 0x63, 0xc9, 0x5c, 0x75, 0x8f, 0xcc, 0x33, 0x77,
+        0x7b, 0xd0, 0x2d, 0xe8, 0xa2, 0x98, 0xa4, 0x1b, 0xfa, 0x09, 0x67, 0x7b,
+        0x25, 0x96, 0x19, 0xf4, 0x77, 0x33, 0x20, 0x4f, 0x19, 0xf6, 0x9c, 0x6c,
+        0x2e, 0xd9, 0x68, 0x95, 0xb0, 0xe2, 0x18, 0x06, 0xe5, 0x84, 0x8e, 0xf7,
+        0xbf, 0x6c, 0x96, 0xa8, 0x9d, 0x37, 0xc7, 0x28, 0xa1, 0x3d, 0x90, 0x8c,
+        0x40, 0x3d, 0xe2, 0x51, 0xfd, 0x55, 0x09, 0xf8, 0x83, 0x43, 0x44, 0x4d,
+        0x1c, 0x8a, 0x8d, 0x36, 0x84, 0x64, 0xc4, 0xfa, 0x1d, 0x72, 0x04, 0x0b,
+        0x1d, 0x49, 0x13, 0x88, 0x78, 0x5f, 0x07, 0x9b, 0xc8, 0x01, 0x9c, 0x3c,
+        0xfc, 0xff, 0x0f, 0xd5, 0x13, 0xcd, 0x15, 0x98, 0xcc, 0xe6, 0x59, 0x1e,
+        0x83, 0x38, 0x8f, 0x6c, 0x75, 0xbe, 0xdf, 0xe9, 0x1b, 0xc5, 0xb9, 0x6b,
+        0xa4, 0x5a, 0x0c, 0xae, 0x98, 0x8d, 0x93, 0xfa, 0x76, 0x7f, 0x0d, 0x0b,
+        0xe8, 0xa0, 0x3b, 0x9e, 0x5e, 0xc8, 0xa8, 0xcc, 0x02, 0xc9, 0x86, 0x9c,
+        0x78, 0xaf, 0x6e, 0x6a, 0xf4, 0xfe, 0x49, 0xad, 0xc5, 0x93, 0xae, 0x62,
+        0xbd, 0xe3, 0x3a, 0xa8, 0xf2, 0x60, 0xb5, 0x29, 0xde, 0x5f, 0x12, 0x02,
+        0x2d, 0x43, 0x90, 0xf5, 0x9d, 0x9d, 0x97, 0x29, 0xfa, 0xdd, 0x60, 0x41,
+        0x64, 0xb7, 0xa5, 0x03, 0x72, 0x10, 0x2b, 0xdd, 0x5b, 0x60, 0xe6, 0xf0,
+        0xe1, 0xd7, 0xa5, 0x97, 0xec, 0xb4, 0x9a, 0x4c, 0x3e, 0x16, 0xa2, 0x82,
+        0xb3, 0xc3, 0x3f, 0x3e, 0x5d, 0x32, 0xac, 0x5a, 0x40, 0xb4, 0x00, 0xfa,
+        0xd9, 0x47, 0xe8, 0x77, 0xa8, 0x96, 0x5c, 0x60, 0x04, 0x9c, 0x5c, 0xdf,
+        0x24, 0x3b, 0xa7, 0x4a, 0x58, 0x25, 0x12, 0x9a, 0xa8, 0x7b, 0x3e, 0x14,
+        0xc8, 0x06, 0x79, 0x23, 0xea, 0x91, 0x7f, 0xe1, 0x78, 0x41, 0x6c, 0xdb,
+        0x8c, 0xeb, 0x66, 0x35, 0x87, 0x87, 0x81, 0x65, 0x2c, 0xef, 0x3a, 0x6e,
+        0xae, 0xb3, 0x6c, 0xe9, 0x86, 0x50, 0x6d, 0x89, 0xd6, 0x27, 0x0a, 0xdb,
+        0xf8, 0xd4, 0xb8, 0x85, 0x8e, 0x37, 0xa6, 0x56, 0xf7, 0x58, 0x18, 0x4c,
+        0x44, 0xcf, 0xeb, 0xc4, 0x79, 0x19, 0xfc, 0x2e, 0x53, 0x18, 0x0e, 0x7b,
+        0x51, 0x86, 0xf3, 0x59, 0x13, 0xb2, 0xaf, 0xd3, 0xee, 0xf4, 0xd5, 0xbf,
+        0x2c, 0xb8, 0x6d, 0x71, 0x74, 0x7c, 0x67, 0x54, 0xa7, 0x4b, 0x03, 0xa9,
+        0x1b, 0x62, 0x95, 0x9f, 0xc3, 0xf0, 0x71, 0x39, 0x2d, 0x26, 0xaf, 0xaf,
+        0xa7, 0xa5, 0x58, 0xf8, 0xf8, 0x8a, 0xe0, 0x62, 0x90, 0x3f, 0x72, 0x9d,
+        0x21, 0x82, 0x76, 0x3e, 0x4c, 0x5d, 0xe0, 0xb5, 0x67, 0x23, 0xe3, 0x13,
+        0x1a, 0x29, 0xa3, 0xda, 0xa4, 0xb4, 0x5c, 0x1d, 0x47, 0xdf, 0xdf, 0xc9,
+        0x93, 0x6c, 0xb2, 0xb5, 0x22, 0xb3, 0x47, 0x2b, 0xcf, 0xf0, 0x36, 0x87,
+        0x51, 0x3c, 0x79, 0x41, 0x70, 0xbd, 0xea, 0x70, 0xa2, 0x29, 0x90, 0x55,
+        0x30, 0x6f, 0x3e, 0x50, 0xc8, 0x38, 0xd6, 0xfa, 0x6f, 0xe3, 0x39, 0x67,
+        0x88, 0x52, 0x1f, 0xd3, 0x52, 0xbf, 0x3e, 0x7b, 0x2a, 0xe5, 0x1e, 0xcd,
+        0xf9, 0xf1, 0x91, 0x1d, 0x04, 0x61, 0x25, 0xbb, 0xe1, 0x33, 0xe3, 0x66,
+        0x46, 0xed, 0x06, 0x8d, 0xc3, 0x4f, 0x20, 0xc6, 0x24, 0xa7, 0xb5, 0x49,
+        0x3b, 0xc7, 0xe6, 0xa0, 0x77, 0x58, 0xd9, 0x70, 0xb1, 0xf5, 0xec, 0x94,
+        0x19, 0xf3, 0x5b, 0x0f, 0x9a, 0xe4, 0xad, 0x37, 0x81, 0xaf, 0x68, 0x7b,
+        0xe5, 0x67, 0xb5, 0xae, 0x7f, 0x2d, 0x64, 0x78, 0x68, 0x5a, 0xd1, 0x8f,
+        0x1c, 0xc0, 0xc3, 0x5b, 0x21, 0x77, 0xe4, 0xa8, 0x5d, 0x05, 0x50, 0xc1,
+        0x92, 0xee, 0x36, 0x2d, 0xd2, 0xff, 0xee, 0xc2, 0x11, 0x99, 0xee, 0xd7,
+        0x48, 0xfb, 0x6a, 0xa3, 0xc9, 0xb7, 0x0c, 0xc1, 0xe5, 0x12, 0xbf, 0x6f,
+        0x58, 0x66, 0x35, 0x34, 0x26, 0xaa, 0xbe, 0xc3, 0x33, 0x86, 0xfd, 0xc0,
+        0x1c, 0xa5, 0xe4, 0x1e, 0x91, 0xc4, 0x55, 0x4e, 0xf1, 0xcb, 0xd2, 0x0b,
+        0xe8, 0x0d, 0x89, 0x6a, 0x00, 0xbd, 0x7b, 0xf5, 0x3d, 0x1a, 0x4a, 0x48,
+        0xfc, 0xf0, 0x5b, 0xcd, 0xdb, 0xb2, 0xa0, 0x27, 0x4b, 0x8f, 0xf7, 0x87,
+        0x78, 0x13, 0xdb, 0x3f, 0xfb, 0x0b, 0xda, 0x22, 0xb3, 0x2b, 0x3a, 0x38,
+        0xd2, 0x29, 0x73, 0x77, 0xb8, 0xd6, 0xec, 0xab, 0xb4, 0xfe, 0xbe, 0xbb,
+        0x6e, 0xe2, 0xc8, 0x45, 0x7b, 0x0d, 0x36, 0x28, 0x0f, 0x45, 0x72, 0xea,
+        0x6d, 0x38, 0x02, 0x5e, 0x48, 0x89, 0x12, 0x24, 0x1b, 0x33, 0x0f, 0xe9,
+        0xf4, 0xce, 0xf8, 0x27, 0x16, 0x37, 0x29, 0xae, 0xe8, 0x22, 0x03, 0x31,
+        0xa9, 0xa0, 0x73, 0x0c, 0x40, 0xe4, 0xfc, 0x6b, 0xe2, 0x1c, 0x8d, 0x7c,
+        0x40, 0x82, 0x72, 0x28, 0xd0, 0x7d, 0xe5, 0xef, 0x05, 0x14, 0x80, 0x28,
+        0x11, 0x32, 0x0d, 0x63, 0x8a, 0xc3, 0x7c, 0xfe, 0xf5, 0x06, 0x0e, 0xb0,
+        0x78, 0x5c, 0x3a, 0xb6, 0x54, 0x37, 0x46, 0xa7, 0x43, 0x4f, 0x05, 0xec,
+        0xe4, 0x9f, 0xd8, 0x55, 0x1f, 0x70, 0xb3, 0xe6, 0xbc, 0x46, 0x34, 0x9e,
+        0xfc, 0xa4, 0x57, 0x8f, 0x0f, 0x25, 0x6f, 0x9f, 0xb3, 0x80, 0x21, 0x0b,
+        0xa1, 0xca, 0x59, 0xcd, 0x37, 0xf7, 0xc9, 0xcb, 0xbe, 0x91, 0xad, 0x07,
+        0x4f, 0xc7, 0x4e, 0x04, 0xbd, 0x38, 0x8b, 0x63, 0xb5, 0x51, 0xac, 0xc8,
+        0x83, 0x3a, 0xa7, 0xe1, 0x77, 0xbc, 0xa4, 0x0c, 0x6c, 0x50, 0xeb, 0x46,
+        0xe1, 0x45, 0x9a, 0x7b, 0x01, 0xca, 0x54, 0xf0, 0x0f, 0xa0, 0x1f, 0x43,
+        0x9a, 0x19, 0x70, 0x2e, 0x70, 0x5a, 0xcf, 0x3b, 0x1b, 0x41, 0xfd, 0xd3,
+        0x9a, 0xa2, 0x36, 0x14, 0xf0, 0xdd, 0xb0, 0x12, 0x6d, 0xcf, 0x55, 0x3f,
+        0xef, 0x0a, 0xc1, 0x80, 0xa9, 0x68, 0xc3, 0x98, 0x03, 0x46, 0x34, 0xce,
+        0x91, 0xb2, 0x7a, 0x94, 0xd2, 0xe7, 0xb9, 0x9c, 0x56, 0xb8, 0xf8, 0xd6,
+        0xff, 0xbf, 0x8b, 0x39, 0x45, 0x04, 0x45, 0xc9, 0xa2, 0xe2, 0xbb, 0x50,
+        0x68, 0x13, 0x32, 0x1e, 0x09, 0x51, 0xb7, 0xb9, 0xcf, 0x5f, 0xcc, 0x54,
+        0xd2, 0xf3, 0xc1, 0x9d, 0xa0, 0x8d, 0x22, 0xc8, 0x7e, 0x1b, 0xc6, 0x14,
+        0xde, 0x5f, 0x52, 0xb4, 0x69, 0x71, 0xca, 0x58, 0x1d, 0x1e, 0x89, 0xcb,
+        0x56, 0x78, 0x7a, 0x85, 0xee, 0xfd, 0xf6, 0x7e, 0xbe, 0x49, 0x9b, 0xb1,
+        0x05, 0x95, 0x12, 0xe9, 0x63, 0xbd, 0x61, 0x9a, 0x26, 0xf9, 0x0b, 0x9f,
+        0x23, 0x0a, 0x59, 0x55, 0x93, 0xd3, 0x2d, 0xca, 0x66, 0x45, 0x03, 0xb7,
+        0xf0, 0x88, 0x9e, 0xc1, 0x11, 0xbb, 0x62, 0x2c, 0x6f, 0xac, 0x3e, 0x87,
+        0xd7, 0xe6, 0x4a, 0x44, 0x83, 0x04, 0x5d, 0x5d, 0xbc, 0x3c, 0xce, 0x83,
+        0x2b, 0x11, 0x42, 0x02, 0x73, 0x1c, 0x24, 0x90, 0xd9, 0x1a, 0x7d, 0x96,
+        0x82, 0x33, 0x75, 0x1e, 0x59, 0xea, 0xa7, 0x99, 0xe1, 0x5b, 0xdc, 0xe4,
+        0x07, 0xc5, 0x48, 0x07, 0xb4, 0xbc, 0x80, 0x0e, 0xbd, 0x63, 0x6e, 0x66,
+        0xf1, 0x12, 0xb6, 0x67, 0xe0, 0x14, 0x74, 0x9f, 0xbb, 0xb3, 0xb8, 0x16,
+        0xd0, 0x25, 0xe9, 0x21, 0x80, 0x1a, 0x32, 0xb0, 0x58, 0x9a, 0x62, 0x17,
+        0x18, 0x9d, 0x64, 0x2d, 0x47, 0x89, 0x82, 0x3b, 0x8c, 0x5d, 0x60, 0xc4,
+        0x54, 0x69, 0xaa, 0xb4, 0x6a, 0x1d, 0x16, 0xb0, 0xe2, 0x5d, 0x7d, 0xeb,
+        0xb9, 0x80, 0x37, 0xcd, 0x5b, 0xf0, 0xa1, 0xa8, 0x39, 0xb2, 0xd6, 0x3a,
+        0xc8, 0xcd, 0xca, 0xaf, 0xcb, 0x3b, 0x54, 0xc2, 0x67, 0x49, 0xf3, 0xf1,
+        0x11, 0x4d, 0x53, 0x7c, 0x46, 0x8d, 0x22, 0xf6, 0x9a, 0x0d, 0x9e, 0xda,
+        0x37, 0xc6, 0x06, 0x00, 0xca, 0xb6, 0xb6, 0x99, 0xc5, 0xb6, 0x81, 0x7e,
+        0x87, 0x62, 0xcf, 0x07, 0x76, 0xc1, 0x5f, 0xfe, 0x86, 0xfc, 0x5b, 0xa0,
+        0xac, 0xca, 0xcb, 0x7d, 0xf5, 0x5a, 0xc2, 0x5e, 0x41, 0x48, 0x35, 0xc4,
+        0x71, 0x9d, 0xc4, 0x0a, 0x79, 0x6f, 0xe3, 0x6d, 0x47, 0xd4, 0xaa, 0xfd,
+        0x97, 0xe7, 0xb0, 0x7e, 0x61, 0xf1, 0x7d, 0x7e, 0xf8, 0x78, 0x4c, 0x2e,
+        0x65, 0x51, 0xeb, 0x99, 0xd0, 0x3e, 0x24, 0x4c, 0xe0, 0x40, 0x7e, 0x2d,
+        0xf7, 0x00, 0x9d, 0x50, 0x87, 0xce, 0x1f, 0x9a, 0xd2, 0x76, 0x00, 0x09,
+        0xeb, 0x10, 0x1b, 0x4c, 0xf1, 0x43, 0x0e, 0x35, 0xbb, 0x23, 0x2e, 0x26,
+        0x3d, 0x66, 0xa3, 0x0f, 0xf6, 0x10, 0x8b, 0x67, 0xce, 0x66, 0xfd, 0xb5,
+        0x07, 0xdc, 0x04, 0x69, 0xad, 0xe0, 0x4d, 0xdf, 0xdb, 0x2f, 0x87, 0xf7,
+        0xde, 0xc3, 0x77, 0x89, 0x71, 0xfd, 0x70, 0x38, 0xed, 0xe6, 0x27, 0xb1,
+        0xbd, 0x94, 0x5f, 0x39, 0x20, 0x72, 0x59, 0xc4, 0x39, 0xd0, 0x20, 0x5d,
+        0xe2, 0xe7, 0xe0, 0x00, 0x61, 0xc7, 0x65, 0xbd, 0xef, 0x05, 0xb3, 0xc7,
+        0x7e, 0xae, 0xc5, 0x83, 0x7f, 0xc1, 0x32, 0x4e, 0x2a, 0x17, 0x64, 0x4e,
+        0x2a, 0x9a, 0x2d, 0x26, 0x99, 0xa2, 0xd7, 0x37, 0x3a, 0x10, 0x6a, 0x89,
+        0x72, 0x43, 0x0e, 0x3a, 0x03, 0x4c, 0xf9, 0xfe, 0xe8, 0xfc, 0x87, 0x71,
+        0x37, 0x71, 0x5a, 0x05, 0xbc, 0x4e, 0x20, 0x4c, 0xd7, 0xf9, 0x8d, 0x4e,
+        0xb8, 0xb8, 0x56, 0x07, 0xc8, 0x6e, 0x34, 0x6d, 0x45, 0x83, 0x34, 0xf0,
+        0x77, 0xfb, 0x18, 0xec, 0x72, 0xf6, 0x4c, 0xfb, 0xba, 0x84, 0xe9, 0x89,
+        0x3d, 0xfd, 0xb7, 0x0d, 0x70, 0xae, 0xa4, 0x48, 0x6b, 0x39, 0xf8, 0x62,
+        0xc0, 0x7f, 0x0c, 0xf2, 0xa3, 0xfa, 0x7a, 0x64, 0x83, 0x57, 0x7d, 0x4c,
+        0x04, 0x96, 0xd7, 0x9d, 0x10, 0x8b, 0x34, 0x48, 0x17, 0xff, 0x74, 0x5c,
+        0x9c, 0xbe, 0xeb, 0xe5, 0x52, 0x94, 0x6a, 0x34, 0x6f, 0xf7, 0x95, 0x32,
+        0x38, 0x5a, 0x9b, 0x08, 0xf6, 0xda, 0x8c, 0x0f, 0x9c, 0x5d, 0x04, 0x45,
+        0xd4, 0xe9, 0xa4, 0x7a, 0xc4, 0xfd, 0x70, 0xfe, 0xa1, 0x3d, 0x21, 0xa0,
+        0x01, 0xe5, 0x21, 0xca, 0xa7, 0xd9, 0xf1, 0x9f, 0x45, 0xe1, 0xe8, 0x2d,
+        0x27, 0xe6, 0x87, 0xc8, 0x0d, 0xad, 0x13, 0xdb, 0xfe, 0x2f, 0xaa, 0x2b,
+        0xdc, 0xa6, 0x1a, 0xc9, 0x19, 0x78, 0x1a, 0x1f, 0x10, 0xcf, 0x31, 0xe1,
+        0x06, 0x28, 0x66, 0xb3, 0xa7, 0xa2, 0xa6, 0xf1, 0x3b, 0x2d, 0xd3, 0x81,
+        0xaf, 0x6f, 0xc9, 0x88, 0x76, 0xe9, 0x83, 0x6c, 0x52, 0xb9, 0x70, 0x51,
+        0x87, 0x6b, 0x8b, 0xbd, 0x5b, 0x9c, 0xa9, 0xf3, 0xcb, 0x55, 0xd1, 0x76,
+        0x40, 0xe1, 0x90, 0xb9, 0x4c, 0xbd, 0xab, 0x1d, 0xa0, 0x5b, 0x5b, 0x34,
+        0x14, 0x2f, 0x87, 0x8f, 0x63, 0xa0, 0x2d, 0x29, 0x4e, 0x50, 0x4b, 0x18,
+        0x5f, 0x86, 0xac, 0x1b, 0x93, 0xe9, 0x59, 0x38, 0xa1, 0x2a, 0x36, 0x21,
+        0xb2, 0xa4, 0xc0, 0x79, 0xc1, 0x60, 0xfc, 0x0f, 0xbf, 0x99, 0x04, 0x9d,
+        0x4b, 0x17, 0x60, 0x5b, 0xcd, 0x78, 0x03, 0xd7, 0x7c, 0x4b, 0x9b, 0x17,
+        0x58, 0x24, 0x60, 0xb8, 0x08, 0x92, 0x48, 0x4f, 0x66, 0x42, 0x9a, 0x98,
+        0x2a, 0x99, 0x9a, 0x8f, 0xdd, 0xd7, 0x09, 0xf3, 0x22, 0x66, 0x62, 0xef,
+        0xe5, 0x64, 0xd3, 0xdf, 0x31, 0xaa, 0x84, 0x4c, 0xa5, 0x3f, 0x4e, 0x27,
+        0x48, 0x37, 0x96, 0x63, 0xbf, 0x8d, 0xe1, 0xf0, 0xd1, 0xef, 0x95, 0x1a,
+        0xe6, 0xf4, 0x02, 0x61, 0xbf, 0xe3, 0xbc, 0x8b, 0x3d, 0x0b, 0x77, 0x91,
+        0xc0, 0x5d, 0xfb, 0xe6, 0x7e, 0xab, 0x5e, 0xc5, 0x1c, 0x5b, 0x16, 0xfd,
+        0x88, 0xa4, 0x78, 0x4c, 0x06, 0x77, 0xc3, 0x6e, 0x84, 0x0c, 0xda, 0xbf,
+        0xf3, 0x8e, 0xd3, 0x61, 0x65, 0xac, 0xf2, 0x18, 0x70, 0x68, 0x84, 0x6f,
+        0x9f, 0x3a, 0x94, 0x81, 0xa6, 0xc7, 0xc3, 0x92, 0xee, 0x4b, 0x20, 0x15,
+        0x4e, 0x03, 0x76, 0x51, 0x5b, 0x4e, 0xe1, 0x5c, 0x51, 0x5e, 0x1b, 0x9c,
+        0x30, 0x25, 0x79, 0xdd, 0x70, 0x12, 0xec, 0xdc, 0x45, 0x95, 0x45, 0x43,
+        0xcd, 0xbb, 0xae, 0xa0, 0x0d, 0x43, 0xb4, 0xc9, 0x8c, 0x62, 0xfd, 0x7b,
+        0xed, 0x50, 0x78, 0xb7, 0xa6, 0x94, 0xcb, 0x98, 0xb0, 0xbe, 0x09, 0xd9,
+        0x0c, 0xb2, 0xc4, 0x8b, 0x96, 0x93, 0xd9, 0x26, 0xc6, 0x6d, 0x26, 0x93,
+        0x32, 0x4e, 0x86, 0x72, 0x74, 0x92, 0x00, 0x72, 0x0b, 0x20, 0xa3, 0x2b,
+        0x94, 0xe6, 0x10, 0x56, 0x5a, 0x41, 0x71, 0x92, 0x08, 0xce, 0x6c, 0xc4,
+        0x1d, 0x9e, 0x71, 0x82, 0x64, 0x23, 0xe5, 0x15, 0xef, 0x4a, 0x7c, 0x4d,
+        0xe3, 0x92, 0xbc, 0xa3, 0xa2, 0x29, 0xb7, 0x46, 0xfa, 0x8f, 0x9f, 0xc2,
+        0x5d, 0xe4, 0xc0, 0x9c, 0x3f, 0x40, 0x17, 0xae, 0x44, 0xf3, 0x28, 0x10,
+        0x29, 0x24, 0xa9, 0x1c, 0x9e, 0xd2, 0x55, 0x4c, 0xee, 0x45, 0xfe, 0x4a,
+        0x45, 0x12, 0xf5, 0xde, 0xc7, 0x64, 0x15, 0xc3, 0x4a, 0x77, 0x63, 0x05,
+        0x8d, 0xa6, 0x31, 0xa0, 0xad, 0x64, 0xaf, 0x3c, 0x69, 0x2c, 0x25, 0x78,
+        0xae, 0xa0, 0x88, 0x96, 0x8a, 0xc2, 0x9b, 0x8d, 0xee, 0x6f, 0x2e, 0x79,
+        0x1f, 0xec, 0x32, 0x35, 0x75, 0x83, 0x19, 0x8b, 0xda, 0xca, 0xd0, 0xaf,
+        0x6a, 0x6c, 0x42, 0xe8, 0x81, 0xb5, 0x69, 0x31, 0x0b, 0x7d, 0xbc, 0xd8,
+        0xd2, 0xb7, 0x7a, 0x8f, 0xfa, 0xcf, 0x91, 0x07, 0x1f, 0xda, 0xa9, 0x1f,
+        0xb7, 0x2d, 0xff, 0x50, 0x15, 0x2a, 0xef, 0x8c, 0xa1, 0xe3, 0x7f, 0x08,
+        0x95, 0xf2, 0x99, 0x83, 0x1f, 0x97, 0x71, 0x3e, 0x35, 0x3c, 0x8c, 0xe7,
+        0x08, 0xd8, 0xa6, 0x1f, 0x0c, 0xa6, 0x52, 0xdc, 0x73, 0xa0, 0xfc, 0xd2,
+        0x73, 0xe9, 0x27, 0x9d, 0xfd, 0x7a, 0x4a, 0x29, 0xd3, 0x12, 0x26, 0x13,
+        0x0f, 0xce, 0xea, 0x56, 0x99, 0x61, 0x78, 0x47, 0x2c, 0xa0, 0x16, 0xa0,
+        0xe2, 0x64, 0x97, 0x57, 0x31, 0xf0, 0x32, 0x5b, 0x44, 0x93, 0x76, 0x8b,
+        0x59, 0x63, 0x5c, 0x5b, 0x0f, 0xe1, 0xe7, 0x74, 0x98, 0x11, 0x2d, 0x90,
+        0xe4, 0xde, 0xd4, 0x3a, 0xc2, 0xfd, 0x24, 0xe3, 0x1f, 0x7a, 0xf4, 0x40,
+        0xbb, 0x51, 0x92, 0x8f, 0x68, 0x9c, 0x51, 0xab, 0xdc, 0xf6, 0x1e, 0x96,
+        0xca, 0x56, 0x5c, 0x92, 0xca, 0xb2, 0x1b, 0x2e, 0x6d, 0x20, 0x28, 0xb3,
+        0x0a, 0x8e, 0xfd, 0xa9, 0xa2, 0x38, 0x74, 0x60, 0x37, 0xa6, 0x96, 0x02,
+        0x20, 0x8a, 0x9a, 0x2b, 0x8c, 0xb9, 0x6d, 0xec, 0xff, 0xbf, 0x88, 0xbd,
+        0x6c, 0xb4, 0x10, 0xbd, 0xfa, 0x5a, 0xeb, 0xb2, 0x6b, 0x74, 0x13, 0x2d,
+        0xa5, 0xdb, 0x60, 0x93, 0xc6, 0xed, 0x39, 0x4f, 0xc5, 0x63, 0xe1, 0x9e,
+        0x57, 0x1f, 0xe7, 0x47, 0xa4, 0xfb, 0x7f, 0xfa, 0x3a, 0x46, 0x50, 0x3a,
+        0xd8, 0xd3, 0x83, 0xf5, 0xe6, 0x5e, 0xf8, 0x09, 0x0d, 0xfa, 0x33, 0xe1,
+        0x50, 0xe4, 0x36, 0x3e, 0x0a, 0x5d, 0xe6, 0xf8, 0x2e, 0x17, 0x87, 0x8f,
+        0xe1, 0x8c, 0x82, 0x73, 0xbd, 0xdd, 0x3b, 0x77, 0x47, 0x9f, 0x42, 0xd7,
+        0xf4, 0x2d, 0x6c, 0xef, 0xcc, 0x22, 0x15, 0x3c, 0xe9, 0x26, 0xea, 0xbc,
+        0xee, 0x09, 0xd3, 0xea, 0x84, 0x0f, 0x46, 0xa8, 0xe0, 0xda, 0xc5, 0x57,
+        0x02, 0x54, 0xb6, 0x88, 0x2b, 0x37, 0xe5, 0x96, 0xc5, 0x33, 0xb7, 0x45,
+        0x5d, 0xb7, 0xc7, 0xfd, 0xa0, 0xfa, 0x85, 0x1b, 0x2f, 0xe1, 0xec, 0x89,
+        0xc6, 0xb2, 0x51, 0x71, 0xcb, 0x08, 0x82, 0x3e, 0xc9, 0xed, 0x80, 0x9d,
+        0x37, 0x31, 0x9d, 0x15, 0xde, 0x24, 0x6f, 0xbd, 0x0e, 0x73, 0xa2, 0xb8,
+        0x7e, 0x29, 0x7e, 0x96, 0xe4, 0xbb, 0xd6, 0x23, 0x17, 0xff, 0x33, 0x97,
+        0x9c, 0x87, 0xe0, 0xe5, 0x0f, 0xb9, 0xb6, 0x31, 0x33, 0xad, 0xf8, 0xd8,
+        0xdb, 0xa0, 0x71, 0x13, 0xe4, 0x1c, 0xce, 0xd0, 0x7e, 0x65, 0x7b, 0xa0,
+        0x38, 0x17, 0x53, 0x4f, 0x71, 0x75, 0x6d, 0x02, 0x61, 0xc4, 0x52, 0xf8,
+        0xe4, 0x2e, 0xbc, 0x52, 0xc1, 0xb1, 0x7e, 0x83, 0x0a, 0xa1, 0xd1, 0xcd,
+        0x2f, 0xa0, 0x30, 0xfd, 0x41, 0x86, 0x7f, 0x26, 0xd1, 0xe7, 0xfc, 0xd7,
+        0xc7, 0x37, 0xe5, 0x11, 0xa6, 0xc0, 0x9a, 0x75, 0x18, 0x04, 0x36, 0xca,
+        0x8e, 0x26, 0x7d, 0xcf, 0xa2, 0x6a, 0x94, 0x9b, 0xc4, 0xf7, 0xc7, 0xeb,
+        0x51, 0x13, 0xa3, 0x6f, 0x8c, 0x80, 0x5f, 0xae, 0xf0, 0x18, 0xa0, 0x88,
+        0xe0, 0x8d, 0xb7, 0x80, 0x4e, 0x8c, 0xec, 0xc8, 0x7b, 0xeb, 0xac, 0x29,
+        0xb7, 0x4a, 0x0f, 0x33, 0xdd, 0x9d, 0x89, 0x0a, 0x10, 0xb0, 0xce, 0x74,
+        0x59, 0xa2, 0x62, 0x91, 0xc9, 0xac, 0x56, 0xcd, 0x69, 0xd3, 0x01, 0x6d,
+        0x51, 0xe7, 0x04, 0xc3, 0xfb, 0xe9, 0x79, 0x1b, 0x72, 0x72, 0x1a, 0x90,
+        0x0a, 0x20, 0x55, 0x85, 0xc1, 0x8b, 0xeb, 0x1e, 0x9f, 0x9f, 0x4a, 0x81,
+        0x47, 0x97, 0x96, 0xbc, 0xc2, 0xe4, 0xc2, 0xfe, 0xa0, 0x20, 0xda, 0x70,
+        0x0c, 0x2b, 0xe2, 0xd4, 0xc8, 0xcb, 0x46, 0x00, 0xb6, 0x7c, 0xfb, 0xbd,
+        0x56, 0x94, 0x3d, 0x7f, 0x64, 0xf7, 0x88, 0xb5, 0xa7, 0xfe, 0xbe, 0x64,
+        0x8a, 0xe4, 0x00, 0x08, 0x82, 0x5b, 0x8f, 0x98, 0x77, 0x87, 0xda, 0xaf,
+        0x16, 0x25, 0x4a, 0x9a, 0xed, 0xfb, 0x50, 0x18, 0x45, 0x46, 0x2b, 0x73,
+        0xff, 0xb9, 0xb9, 0xab, 0xa2, 0x8f, 0x3a, 0xaf, 0xc5, 0x0a, 0x14, 0x91,
+        0xb2, 0x3f, 0xa6, 0x93, 0xf4, 0x81, 0x20, 0x77, 0xfa, 0x51, 0x79, 0x62,
+        0xe8, 0xe6, 0x89, 0x52, 0x39, 0xd5, 0x01, 0xa2, 0x87, 0xa3, 0x53, 0x74,
+        0x3c, 0x36, 0x8a, 0xc3, 0xb4, 0x44, 0x3b, 0x15, 0x21, 0xf6, 0xdc, 0x18,
+        0x02, 0xd2, 0x57, 0xe5, 0x10, 0xf0, 0x3d, 0x61, 0xa7, 0x16, 0x85, 0x6f,
+        0x71, 0x07, 0x75, 0x50, 0x4b, 0x21, 0x53, 0x47, 0x38, 0x35, 0x9e, 0xa7,
+        0xd8, 0xfd, 0x74, 0x59, 0x15, 0x32, 0x7b, 0x89, 0xd0, 0x2c, 0xd9, 0xf6,
+        0x40, 0x49, 0x79, 0xdc, 0xfb, 0x0a, 0x64, 0x59, 0x9b, 0x17, 0x47, 0x36,
+        0xcb, 0xf0, 0xc3, 0xcc, 0x14, 0x8e, 0x1f, 0xa8, 0x12, 0xaa, 0xb7, 0x6a,
+        0xba, 0x45, 0xf9, 0xc4, 0x44, 0xe7, 0xb5, 0x7c, 0xdd, 0xbe, 0x16, 0x76,
+        0x52, 0x92, 0x3d, 0x78, 0xb7, 0xec, 0x81, 0x96, 0xd8, 0x7f, 0x34, 0x2a,
+        0xa2, 0x64, 0x5f, 0xfd, 0xb1, 0x42, 0x4c, 0x79, 0x98, 0xc9, 0x17, 0x48,
+        0x74, 0x12, 0x72, 0x2c, 0xde, 0x91, 0x7e, 0xa9, 0x49, 0x2a, 0xcc, 0x5c,
+        0x60, 0x05, 0x25, 0x09, 0x72, 0x20, 0x80, 0x42, 0x7b, 0x18, 0xc2, 0xfc,
+        0x2a, 0x5e, 0x3e, 0x2d, 0x61, 0xa6, 0xf6, 0x82, 0x42, 0x83, 0x81, 0x66,
+        0x4d, 0xa6, 0xe1, 0xf9, 0xf6, 0x48, 0xd4, 0xc8, 0x69, 0xed, 0xee, 0xb5,
+        0x7a, 0xcb, 0xf6, 0x0a, 0x76, 0x0e, 0x61, 0x8b, 0xf2, 0x1a, 0x8a, 0xa7,
+        0x88, 0xb0, 0x90, 0xd5, 0x23, 0xaa, 0xe0, 0x2b, 0xd6, 0xd0, 0xef, 0x49,
+        0x13, 0x88, 0xc7, 0x50, 0xf0, 0x9e, 0xd5, 0x28, 0xe1, 0xaa, 0x1d, 0xaf,
+        0xd9, 0x73, 0xb3, 0x9e, 0xa7, 0xd8, 0xfc, 0xb9, 0x22, 0x97, 0x0e, 0x21,
+        0xa0, 0xb9, 0xf9, 0xea, 0x1e, 0x95, 0x88, 0xda, 0x85, 0x7c, 0x32, 0x7c,
+        0xbd, 0xef, 0xf8, 0x44, 0x25, 0x5f, 0x23, 0xfd, 0x14, 0x78, 0xc6, 0xdb,
+        0x86, 0xee, 0xf8, 0xda, 0xc0, 0xae, 0x92, 0x6a, 0x03, 0xa9, 0x0a, 0xee,
+        0x4a, 0x22, 0x5a, 0x6c, 0x39, 0xd3, 0x91, 0x7d, 0x91, 0x43, 0xac, 0x79,
+        0xad, 0xab, 0xb7, 0x91, 0xb1, 0x20, 0x84, 0x7f, 0x0a, 0xd7, 0xa8, 0x62,
+        0x95, 0xab, 0x04, 0xb6, 0xb2, 0xf1, 0xd4, 0xb0, 0xac, 0x52, 0x89, 0xb0,
+        0x93, 0xdf, 0xdf, 0x80, 0x26, 0x0c, 0x32, 0x31, 0xb3, 0xba, 0xa1, 0xba,
+        0x6f, 0xa3, 0x14, 0x5c, 0xfa, 0x37, 0x3b, 0x6a, 0xf2, 0xc4, 0x34, 0x27,
+        0x08, 0x1a, 0xe4, 0xfc, 0x89, 0x58, 0x79, 0x34, 0x36, 0xe4, 0xad, 0x4b,
+        0x3f, 0x57, 0x7b, 0xc1, 0x59, 0x2d, 0xb6, 0x54, 0x44, 0xbe, 0x4e, 0x5d,
+        0x0d, 0x6a, 0xf3, 0xcd, 0xbf, 0xcd, 0x4d, 0x9f, 0x9a, 0x50, 0x09, 0xa4,
+        0x6b, 0x8b, 0xb3, 0x01, 0x69, 0x6c, 0x69, 0x5d, 0x28, 0x73, 0x9e, 0xb5,
+        0xc2, 0xc7, 0x6e, 0xff, 0x4c, 0x5c, 0x6b, 0x93, 0x22, 0xc1, 0x9f, 0xa6,
+        0x71, 0xbf, 0x4d, 0x2d, 0x4e, 0x4e, 0x98, 0xa3, 0x6d, 0xab, 0x05, 0xa0,
+        0xde, 0x34, 0x41, 0x28, 0xa4, 0x38, 0x75, 0x4e, 0xdf, 0x7f, 0xc9, 0xdd,
+        0xbf, 0x5a, 0xd4, 0xcd, 0x38, 0x0c, 0x89, 0xe7, 0x0e, 0xfc, 0x0f, 0x27,
+        0x39, 0x21, 0xa4, 0xa6, 0x07, 0x7b, 0x2a, 0x13, 0x56, 0xe7, 0x4e, 0x55,
+        0x57, 0x71, 0x98, 0xb9, 0x3d, 0x59, 0xb5, 0xa8, 0x24, 0x18, 0x08, 0xa2,
+        0x6e, 0x9a, 0xe5, 0x97, 0xa7, 0x38, 0xd9, 0x43, 0x9b, 0x19, 0x17, 0x34,
+        0x03, 0xd6, 0xba, 0xe9, 0x71, 0x38, 0x26, 0x90, 0x78, 0x9e, 0x1c, 0x41,
+        0x8d, 0x60, 0xdd, 0x0e, 0x12, 0x46, 0x37, 0xb4, 0x79, 0x87, 0x33, 0x12,
+        0x24, 0xc4, 0x5a, 0x6c, 0x70, 0xa2, 0xb2, 0x58, 0xbb, 0xe7, 0xd6, 0x88,
+        0x42, 0x2d, 0x49, 0xc8, 0x67, 0x1e, 0xc5, 0xed, 0x16, 0xa8, 0x1f, 0x36,
+        0x2b, 0xfb, 0x0d, 0x51, 0x96, 0xc8, 0x78, 0xf2, 0xab, 0x82, 0xa1, 0xe2,
+        0xaf, 0x8c, 0xa4, 0x13, 0x54, 0x90, 0xf1, 0xe7, 0xbb, 0xd1, 0x09, 0x23,
+        0x76, 0x0e, 0x50, 0x32, 0xc5, 0x54, 0xbb, 0x1e, 0x12, 0x5d, 0x59, 0xf3,
+        0xe9, 0xc9, 0xa4, 0xaa, 0xbc, 0x13, 0x1d, 0xf0, 0x79, 0x54, 0xae, 0x70,
+        0xc0, 0xea, 0xcb, 0x21, 0x32, 0xe6, 0xe6, 0x8e, 0xaa, 0x51, 0x46, 0x25,
+        0x1e, 0xf1, 0x3f, 0x9f, 0xf6, 0xff, 0x19, 0x53, 0x97, 0xbc, 0xa2, 0xb6,
+        0x91, 0x59, 0x27, 0x1e, 0x39, 0x76, 0x76, 0x02, 0x0b, 0x03, 0x25, 0x6b,
+        0x00, 0x02, 0xfa, 0x7d, 0x69, 0x5e, 0xde, 0x64, 0x33, 0xbf, 0xab, 0x3e,
+        0x3f, 0x24, 0x32, 0x68, 0xbf, 0x90, 0x8f, 0x0f, 0xc5, 0x36, 0x58, 0x9e,
+        0x9b, 0x11, 0xd1, 0x2a, 0x8a, 0x0d, 0xac, 0x3a, 0x23, 0xe2, 0x8e, 0xd6,
+        0x0d, 0x4a, 0x8b, 0x45, 0x04, 0x47, 0xd9, 0x5a, 0x46, 0x6c, 0x70, 0x82,
+        0xc7, 0x81, 0x67, 0xdc, 0xa6, 0xfa, 0x6a, 0x86, 0xfd, 0x01, 0xed, 0x90,
+        0xf6, 0xe6, 0x26, 0x6d, 0xac, 0x52, 0x03, 0x4a, 0x91, 0x08, 0x7b, 0xa5,
+        0x9c, 0xca, 0xd3, 0x2d, 0x79, 0xf1, 0xed, 0xcb, 0xaa, 0x8f, 0x77, 0xc8,
+        0x17, 0xa8, 0xfb, 0x6c, 0x15, 0x62, 0xab, 0x34, 0xd1, 0xdd, 0x94, 0x3e,
+        0xd4, 0x0c, 0x47, 0xed, 0x04, 0x91, 0xd2, 0xd7, 0x98, 0xb4, 0x43, 0x57,
+        0xd1, 0x54, 0xef, 0x63, 0xba, 0xe3, 0x8a, 0x72, 0xc5, 0xb9, 0xf4, 0x30,
+        0xfa, 0x16, 0x3c, 0xe1, 0xbb, 0xbe, 0x57, 0x90, 0xb9, 0xa1, 0xa0, 0x23,
+        0xfa, 0xdd, 0xbe, 0x2f, 0xb3, 0xec, 0x41, 0x8b, 0x64, 0xeb, 0xc5, 0x41,
+        0xea, 0xa8, 0x16, 0x76, 0x6f, 0x28, 0xda, 0x2b, 0x5f, 0x03, 0x0b, 0xe8,
+        0x1c, 0x29, 0x71, 0xd8, 0x4e, 0x41, 0xdf, 0x39, 0x8e, 0x6a, 0x95, 0x79,
+        0x85, 0x9c, 0xa9, 0x79, 0xd9, 0x8f, 0x33, 0xaf, 0x15, 0x3b, 0x5a, 0x82,
+        0x56, 0x32, 0x98, 0x0c, 0xf6, 0xf6, 0x64, 0x42, 0xd4, 0x6a, 0x15, 0x0f,
+        0xb9, 0x75, 0x22, 0xbd, 0x9a, 0x58, 0xa6, 0x01, 0x3a, 0x63, 0xf0, 0x80,
+        0x78, 0x22, 0x80, 0xa0, 0x14, 0xe1, 0x37, 0x6b, 0xd4, 0x99, 0x3f, 0xc2,
+        0xba, 0x2b, 0x8f, 0xf3, 0x56, 0xc8, 0x1b, 0xe4, 0x7a, 0x5e, 0x96, 0x60,
+        0xee, 0x74, 0x54, 0xb6, 0x6d, 0x5c, 0x3d, 0x3e, 0x05, 0xf0, 0x9a, 0xf6,
+        0xcd, 0xdd, 0x06, 0xdb, 0x8c, 0x21, 0xb9, 0xf5, 0x28, 0x57, 0x9c, 0x4f,
+        0xb4, 0x08, 0xcf, 0xac, 0x6c, 0xfe, 0x30, 0xaf, 0xa2, 0xef, 0xcf, 0x93,
+        0x15, 0xdd, 0x12, 0x16, 0x19, 0x7d, 0xbc, 0x57, 0xd9, 0xce, 0xbe, 0x0e,
+        0xfc, 0xe1, 0xf0, 0x4a, 0x7c, 0xaa, 0xbf, 0x20, 0x64, 0x00, 0x34, 0x59,
+        0xed, 0xea, 0x12, 0x58, 0x46, 0x4c, 0xc6, 0x2f, 0x77, 0x62, 0x1d, 0x82,
+        0x5c, 0xe8, 0x98, 0x0d, 0xef, 0x5c, 0x0e, 0xec, 0x5d, 0x2e, 0x5f, 0xd2,
+        0x22, 0x43, 0x2d, 0xe1, 0x02, 0xd5, 0x4a, 0x0a, 0x79, 0x6f, 0xa5, 0xec,
+        0x48, 0xaa, 0xee, 0xf8, 0xe3, 0x5f, 0xdd, 0xe7, 0x26, 0x87, 0xb5, 0xc4,
+        0xcf, 0xd9, 0x7f, 0xa8, 0xaa, 0xb6, 0xbe, 0xe9, 0x02, 0x49, 0x5d, 0x5f,
+        0x81, 0x8b, 0xb9, 0xbd, 0xc0, 0xc9, 0xd5, 0xfe, 0x36, 0x3e, 0x49, 0x56,
+        0x63, 0x8b, 0xce, 0xef, 0x48, 0x6e, 0xc0, 0xd4, 0x04, 0x0c, 0x33, 0x45,
+        0x6e, 0x97, 0x9e, 0xa3, 0xae, 0xbc, 0xc2, 0xce, 0xdc, 0xe3, 0xff, 0x48,
+        0x51, 0x68, 0x89, 0xad, 0xae, 0xc7, 0xd1, 0xde, 0xe2, 0xf9, 0xfe, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06,
+        0x0c, 0x18, 0x20, 0x24, 0x2f, 0x33, 0x3f
+    };
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_sig[] = {
     0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0,
     0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf,
     0x38, 0x08, 0x18, 0x33, 0xca, 0x7d, 0x5e, 0x65, 0xa4, 0xd2,
@@ -42242,12 +46706,23 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
     0x40, 0x7e, 0x87, 0x92, 0x96, 0x51, 0x63, 0x87, 0xae, 0xc8,
     0x02, 0x6a, 0x70, 0xc8, 0xcd, 0xd0, 0xe2, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
-    0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f,
+    0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f
     };
+#endif
+    wc_test_ret_t ret;
 
-    return dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key,
+    ret = dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key,
         (word32)sizeof(ml_dsa_87_pub_key), ml_dsa_87_sig,
         (word32)sizeof(ml_dsa_87_sig));
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (ret == 0) {
+        ret = dilithium_param_vfy_test(WC_ML_DSA_87_DRAFT,
+            ml_dsa_87_draft_pub_key, (word32)sizeof(ml_dsa_87_draft_pub_key),
+            ml_dsa_87_draft_sig, (word32)sizeof(ml_dsa_87_draft_sig));
+    }
+#endif
+
+    return ret;
 }
 #endif
 #endif
@@ -42279,8 +46754,7 @@ static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
 
     ret = wc_dilithium_init(key);
     if (ret != 0) {
-        ret = WC_TEST_RET_ENC_EC(ret);
-        return ret;
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     }
 
     ret = wc_dilithium_set_level(key, param);
@@ -42319,6 +46793,243 @@ out:
 }
 #endif
 
+
+#if (defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+     !defined(WOLFSSL_DILITHIUM_NO_SIGN)) || \
+    (defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+     !defined(WOLFSSL_DILITHIUM_NO_VERIFY))
+/* Tests decoding a key from DER without the security level specified */
+static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
+                                                 word32      rawKeySz,
+                                                 int         expectedLevel,
+                                                 int         isPublicOnlyKey)
+{
+    int           ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    dilithium_key *key = NULL;
+#else
+    dilithium_key key[1];
+#endif
+    byte*         der;
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+    word32        derSz;
+    word32        idx;
+#endif
+
+    /* Size the buffer to accommodate the largest encoded key size */
+    const word32 maxDerSz = DILITHIUM_MAX_PRV_KEY_DER_SIZE;
+
+    /* Allocate DER buffer */
+    der = (byte*)XMALLOC(maxDerSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (der == NULL) {
+        return MEMORY_E;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    key = (dilithium_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (key == NULL)
+        ret = MEMORY_E;
+#endif
+
+    /* Initialize key */
+    if (ret == 0) {
+        ret = wc_dilithium_init(key);
+    }
+
+    /* Import raw key, setting the security level */
+    if (ret == 0) {
+        ret = wc_dilithium_set_level(key, expectedLevel);
+    }
+
+    if (ret == 0) {
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+        if (isPublicOnlyKey) {
+            ret = wc_dilithium_import_public(rawKey, rawKeySz, key);
+        }
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+        if (!isPublicOnlyKey) {
+            ret = wc_dilithium_import_private(rawKey, rawKeySz, key);
+        }
+#endif
+    }
+
+#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+    /* Export raw key as DER */
+    if (ret == 0) {
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+        if (isPublicOnlyKey) {
+            ret = wc_Dilithium_PublicKeyToDer(key, der, maxDerSz, 1);
+        }
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+        if (!isPublicOnlyKey) {
+            ret = wc_Dilithium_PrivateKeyToDer(key, der, maxDerSz);
+        }
+#endif
+        if (ret >= 0) {
+            derSz = ret;
+            ret   = 0;
+        }
+    }
+
+    /* Free and reinit key to test fresh decode */
+    if (ret == 0) {
+        wc_dilithium_free(key);
+        ret = wc_dilithium_init(key);
+    }
+
+    /* First test decoding when security level is set externally */
+    if (ret == 0) {
+        ret = wc_dilithium_set_level(key, expectedLevel);
+    }
+
+    if (ret == 0) {
+        idx = 0;
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+        if (isPublicOnlyKey) {
+            ret = wc_Dilithium_PublicKeyDecode(der, &idx, key, derSz);
+        }
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+        if (!isPublicOnlyKey) {
+            ret = wc_Dilithium_PrivateKeyDecode(der, &idx, key, derSz);
+        }
+#endif
+    }
+
+    /* Free and reinit key to test fresh decode */
+    if (ret == 0) {
+        wc_dilithium_free(key);
+        ret = wc_dilithium_init(key);
+    }
+
+#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    /* Test decoding without setting security level - should auto-detect */
+    if (ret == 0) {
+        idx = 0;
+#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
+        if (isPublicOnlyKey) {
+            ret = wc_Dilithium_PublicKeyDecode(der, &idx, key, derSz);
+        }
+#endif
+#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+        if (!isPublicOnlyKey) {
+            ret = wc_Dilithium_PrivateKeyDecode(der, &idx, key, derSz);
+        }
+#endif
+    }
+
+    /* Verify auto-detected security level */
+    if (ret == 0 && key->level != expectedLevel) {
+        printf("Dilithium key decode failed to detect level.\n"
+               "\tExpected level=%d\n\tGot level=%d\n",
+               expectedLevel, key->level);
+        ret = WC_TEST_RET_ENC_NC;
+    }
+#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
+
+    /* Cleanup */
+    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    wc_dilithium_free(key);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return ret;
+}
+
+/* Test Dilithium key decoding and security level detection */
+static wc_test_ret_t dilithium_decode_test(void)
+{
+    wc_test_ret_t ret;
+    const byte*   key;
+    word32        keySz;
+
+#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    const int isPrvKey = 0;
+#endif
+#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    const int isPubKey = 1;
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    /* Test ML-DSA-44 */
+    key   = bench_dilithium_level2_key;
+    keySz = sizeof_bench_dilithium_level2_key;
+    ret   = test_dilithium_decode_level(key, keySz, WC_ML_DSA_44, isPrvKey);
+    if (ret != 0) {
+        return ret;
+    }
+#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
+
+#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    key   = bench_dilithium_level2_pubkey;
+    keySz = sizeof_bench_dilithium_level2_pubkey;
+    ret   = test_dilithium_decode_level(key, keySz, WC_ML_DSA_44, isPubKey);
+    if (ret != 0) {
+        return ret;
+    }
+#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
+#endif /* WOLFSSL_NO_ML_DSA_44 */
+
+#ifndef WOLFSSL_NO_ML_DSA_65
+#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    /* Test ML-DSA-65 */
+    key   = bench_dilithium_level3_key;
+    keySz = sizeof_bench_dilithium_level3_key;
+    ret   = test_dilithium_decode_level(key, keySz, WC_ML_DSA_65, isPrvKey);
+    if (ret != 0) {
+        return ret;
+    }
+#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
+
+#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    key   = bench_dilithium_level3_pubkey;
+    keySz = sizeof_bench_dilithium_level3_pubkey;
+    ret   = test_dilithium_decode_level(key, keySz, WC_ML_DSA_65, isPubKey);
+    if (ret != 0) {
+        return ret;
+    }
+#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
+#endif /* WOLFSSL_NO_ML_DSA_65 */
+
+#ifndef WOLFSSL_NO_ML_DSA_87
+#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+    /* Test ML-DSA-87 */
+    key   = bench_dilithium_level5_key;
+    keySz = sizeof_bench_dilithium_level5_key;
+    ret   = test_dilithium_decode_level(key, keySz, WC_ML_DSA_87, isPrvKey);
+    if (ret != 0) {
+        return ret;
+    }
+#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
+
+#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    key   = bench_dilithium_level5_pubkey;
+    keySz = sizeof_bench_dilithium_level5_pubkey;
+    ret   = test_dilithium_decode_level(key, keySz, WC_ML_DSA_87, isPubKey);
+    if (ret != 0) {
+        return ret;
+    }
+#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
+#endif /* WOLFSSL_NO_ML_DSA_87 */
+
+    return ret;
+}
+#endif /* (WOLFSSL_DILITHIUM_PUBLIC_KEY && !WOLFSSL_DILITHIUM_NO_VERIFY) ||
+        * (WOLFSSL_DILITHIUM_PRIVATE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN) */
+
+
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
 {
     wc_test_ret_t ret;
@@ -42335,11 +47046,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
     }
 
 #ifndef WOLFSSL_NO_ML_DSA_44
+#ifdef WOLFSSL_WC_DILITHIUM
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
     ret = dilithium_param_44_vfy_test();
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
+#endif
 #ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
     ret = dilithium_param_test(WC_ML_DSA_44, &rng);
     if (ret != 0)
@@ -42347,11 +47060,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
 #endif
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_65
+#ifdef WOLFSSL_WC_DILITHIUM
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
     ret = dilithium_param_65_vfy_test();
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
+#endif
 #ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
     ret = dilithium_param_test(WC_ML_DSA_65, &rng);
     if (ret != 0)
@@ -42359,11 +47074,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
 #endif
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_87
+#ifdef WOLFSSL_WC_DILITHIUM
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
     ret = dilithium_param_87_vfy_test();
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #endif
+#endif
 #ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
     ret = dilithium_param_test(WC_ML_DSA_87, &rng);
     if (ret != 0)
@@ -42371,8 +47088,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
 #endif
 #endif
 
+#if (defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
+     !defined(WOLFSSL_DILITHIUM_NO_SIGN)) || \
+    (defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
+     !defined(WOLFSSL_DILITHIUM_NO_VERIFY))
+    ret = dilithium_decode_test();
+    if (ret != 0) {
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+    }
+#endif /* (WOLFSSL_DILITHIUM_PUBLIC_KEY && !WOLFSSL_DILITHIUM_NO_VERIFY) ||
+        * (WOLFSSL_DILITHIUM_PRIVATE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN) */
+
 #if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
-    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \
+    defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) || \
+    defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
 out:
 #endif
     wc_FreeRng(&rng);
@@ -42437,32 +47167,32 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
     if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
 
     ret = wc_XmssKey_Init(&signingKey, NULL, INVALID_DEVID);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_XmssKey_Init(&verifyKey, NULL, INVALID_DEVID);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     /* Set the parameter string to the signing key, and
      * get sizes for secret key, pub key, and signature. */
     ret = wc_XmssKey_SetParamStr(&signingKey, param);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_XmssKey_GetPubLen(&signingKey, &pkSz);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     if (pkSz != XMSS_SHA256_PUBLEN) {
-        return WC_TEST_RET_ENC_EC(pkSz);
+        ERROR_OUT(WC_TEST_RET_ENC_I(pkSz), out);
     }
 
     ret = wc_XmssKey_GetPrivLen(&signingKey, &skSz);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_XmssKey_GetSigLen(&signingKey, &sigSz);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     /* Allocate signature array. */
     sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (sig == NULL) { return WC_TEST_RET_ENC_ERRNO; }
+    if (sig == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); }
 
     bufSz = sigSz;
 
@@ -42475,30 +47205,30 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
 
     /* Allocate current and old secret keys.*/
     sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (sk == NULL) { return WC_TEST_RET_ENC_ERRNO; }
+    if (sk == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); }
 
     old_sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    if (old_sk == NULL) { return WC_TEST_RET_ENC_ERRNO; }
+    if (old_sk == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); }
 
     XMEMSET(sk, 0, skSz);
     XMEMSET(old_sk, 0, skSz);
     XMEMSET(sig, 0, sigSz);
 
     ret = wc_XmssKey_SetWriteCb(&signingKey, xmss_write_key_mem);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_XmssKey_SetReadCb(&signingKey, xmss_read_key_mem);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_XmssKey_SetContext(&signingKey, (void *) sk);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_XmssKey_MakeKey(&signingKey, &rng);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     /* Export the pub to a verify key. */
     ret = wc_XmssKey_ExportPub(&verifyKey, &signingKey);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     /* Repeat a few times to check that:
      *   1. The secret key is mutated on each sign.
@@ -42509,15 +47239,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
         XMEMCPY(old_sk, sk, skSz);
 
         ret = wc_XmssKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
-        if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
-        if (sigSz != bufSz) { return WC_TEST_RET_ENC_I(i); }
+        if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
+        if (sigSz != bufSz) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
 
         /* Old secret key and current secret key should not match. */
         ret = XMEMCMP(old_sk, sk, skSz);
-        if (ret == 0) { return WC_TEST_RET_ENC_I(i); }
+        if (ret == 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
 
         ret = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz);
-        if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
+        if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
 
         /* Flip bits in a few places throughout the signature, stepping in multiple
          * of hash size. These should all fail with -1. */
@@ -42526,9 +47256,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
 
             ret2 = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
                                      msgSz);
-            if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
+            if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
                 /* Verify passed when it should have failed. */
-                return WC_TEST_RET_ENC_I(j);
+                ERROR_OUT(WC_TEST_RET_ENC_I(j), out);
             }
 
             /* Flip this spot back. */
@@ -42536,6 +47266,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
         }
     }
 
+out:
+
     /* Cleanup everything. */
     XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     sig = NULL;
@@ -42547,6 +47279,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
     old_sk = NULL;
 
     wc_XmssKey_Free(&signingKey);
+    wc_XmssKey_Free(&verifyKey);
     wc_FreeRng(&rng);
 
     return ret;
@@ -42984,7 +47717,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
     xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
     ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
                              (byte *) xmss_msg, sizeof(xmss_msg));
-    if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
+    if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
         printf("error: wc_XmssKey_Verify returned %d, expected -1\n", ret2);
         return WC_TEST_RET_ENC_EC(ret2);
     }
@@ -43005,7 +47738,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
 
         ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
                                  (byte *) xmss_msg, sizeof(xmss_msg));
-        if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
+        if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
             /* Verify passed when it should have failed. */
             return WC_TEST_RET_ENC_I(j);
         }
@@ -43043,7 +47776,11 @@ static int lms_read_key_mem(byte * priv, word32 privSz, void *context)
 
 /* LMS signature sizes are a function of their parameters. This
  * test has a signature of 8688 bytes. */
+#ifndef WOLFSSL_NO_LMS_SHA256_256
 #define WC_TEST_LMS_SIG_LEN (8688)
+#else
+#define WC_TEST_LMS_SIG_LEN (4984)
+#endif
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
 {
@@ -43061,7 +47798,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
     unsigned char priv[HSS_MAX_PRIVATE_KEY_LEN];
     unsigned char old_priv[HSS_MAX_PRIVATE_KEY_LEN];
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    byte *        sig = XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT,
+    byte *        sig = (byte*)XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT,
                                 DYNAMIC_TYPE_TMP_BUFFER);
     if (sig == NULL) {
         return WC_TEST_RET_ENC_ERRNO;
@@ -43074,13 +47811,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
     XMEMSET(priv, 0, sizeof(priv));
     XMEMSET(old_priv, 0, sizeof(old_priv));
     XMEMSET(sig, 0, WC_TEST_LMS_SIG_LEN);
+    XMEMSET(&rng, 0, sizeof(rng));
+    XMEMSET(&signingKey, 0, sizeof(signingKey));
+    XMEMSET(&verifyKey, 0, sizeof(verifyKey));
 
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
 #else
     ret = wc_InitRng(&rng);
 #endif
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
    /* This test:
     * levels: 1
@@ -43092,37 +47832,37 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
     */
 
     ret = wc_LmsKey_Init(&signingKey, NULL, INVALID_DEVID);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_Init(&verifyKey, NULL, INVALID_DEVID);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_SetParameters(&signingKey, 1, 5, 1);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_SetWriteCb(&signingKey, lms_write_key_mem);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_SetReadCb(&signingKey, lms_read_key_mem);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_SetContext(&signingKey, (void *) priv);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_MakeKey(&signingKey, &rng);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     XMEMCPY(old_priv, priv, sizeof(priv));
 
     ret = wc_LmsKey_ExportPub(&verifyKey, &signingKey);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz);
-    if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
+    if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
 
     if (sigSz != WC_TEST_LMS_SIG_LEN) {
         printf("error: got %u, expected %d\n", sigSz, WC_TEST_LMS_SIG_LEN);
-        return WC_TEST_RET_ENC_EC(sigSz);
+        ERROR_OUT(WC_TEST_RET_ENC_I(sigSz), out);
     }
 
     /* 2 ** 5 should be the max number of signatures */
@@ -43130,23 +47870,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
         /* We should have remaining signstures. */
         sigsLeft = wc_LmsKey_SigsLeft(&signingKey);
         if (sigsLeft == 0) {
-            return WC_TEST_RET_ENC_EC(sigsLeft);
+            ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         }
 
         /* Sign with key. The private key will be updated on every signature. */
         ret = wc_LmsKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
-        if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
+        if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
 
         /* The updated private key should not match the old one. */
         if (XMEMCMP(old_priv, priv, sizeof(priv)) == 0) {
             printf("error: current priv key should not match old: %d\n", i);
-            return WC_TEST_RET_ENC_I(i);
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
         }
 
         XMEMCPY(old_priv, priv, sizeof(priv));
 
         ret = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz);
-        if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
+        if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
 
         /* Flip bits in a few places throughout the signature, stepping in multiple
          * of hash size. These should all fail with -1. */
@@ -43155,9 +47895,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
 
             ret2 = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
                                      msgSz);
-            if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
+            if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
                 /* Verify passed when it should have failed. */
-                return WC_TEST_RET_ENC_I(j);
+                ERROR_OUT(WC_TEST_RET_ENC_I(j), out);
             }
 
             /* Flip this spot back. */
@@ -43168,9 +47908,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
     /* This should be the last signature. */
     sigsLeft = wc_LmsKey_SigsLeft(&signingKey);
     if (sigsLeft != 0) {
-        return WC_TEST_RET_ENC_EC(sigsLeft);
+        ERROR_OUT(WC_TEST_RET_ENC_I(sigsLeft), out);
     }
 
+out:
+
     wc_LmsKey_Free(&signingKey);
     wc_LmsKey_Free(&verifyKey);
 
@@ -43186,8 +47928,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
 #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
 
 #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK)
-#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \
-             defined(HAVE_LIBLMS)
+#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
+     !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
 
 /* A simple LMS verify only test.
  *
@@ -43496,7 +48238,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     lms_msg[msgSz / 2] ^= 1;
     ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
                             (byte *) lms_msg, msgSz);
-    if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
+    if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
         printf("error: wc_LmsKey_Verify returned %d, expected -1\n", ret2);
         return WC_TEST_RET_ENC_EC(ret);
     }
@@ -43518,7 +48260,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
         ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig,
                                 LMS_L1H10W8_SIGLEN,
                                 (byte *) lms_msg, msgSz);
-        if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
+        if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
             /* Verify passed when it should have failed. */
             return WC_TEST_RET_ENC_I(j);
         }
@@ -43553,17 +48295,17 @@ static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
     word32 sigSz;
 
     ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_InitEccsiKey(NULL, NULL, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitEccsiKey(NULL, HEAP_HINT, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     wc_FreeEccsiKey(NULL);
@@ -43574,373 +48316,373 @@ static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeEccsiKey(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiKey(key, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiKey(NULL, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeEccsiPair(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL,
             NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(key, NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeEccsiPair(NULL, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key set */
     ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL,
             NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
             NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key set */
     ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
             &valid);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ValidateEccsiPvt(NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(key, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(NULL, pvt, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(NULL, NULL, &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(key, pvt, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(key, NULL, &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateEccsiPvt(NULL, pvt, &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(NULL, NULL, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(key, ssk, pvt, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(key, ssk, NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(key, NULL, pvt, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPair(NULL, ssk, pvt, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key created so no curve information. */
     ret = wc_EncodeEccsiPair(key, ssk, pvt, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_EncodeEccsiSsk(NULL, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiSsk(key, ssk, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiSsk(key, NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiSsk(NULL, ssk, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_EncodeEccsiPvt(NULL, NULL, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPvt(key, pvt, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPvt(key, NULL, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeEccsiPvt(NULL, pvt, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_DecodeEccsiPair(NULL, NULL, 0, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPair(key, data, 0, ssk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPair(key, data, 0, NULL, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPair(key, NULL, 0, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPair(NULL, data, 0, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_DecodeEccsiSsk(NULL, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiSsk(key, data, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiSsk(key, NULL, 0, ssk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiSsk(NULL, data, 0, ssk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvt(NULL, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvt(key, data, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvt(key, NULL, 0, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvt(NULL, data, 0, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_DecodeEccsiPvtFromSig(NULL, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvtFromSig(key, data, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvtFromSig(key, NULL, 0, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeEccsiPvtFromSig(NULL, data, 0, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportEccsiKey(NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiKey(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiKey(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key to export */
     ret = wc_ExportEccsiKey(key, NULL, &sz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportEccsiKey(NULL, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiKey(key, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiKey(NULL, data, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportEccsiPrivateKey(NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPrivateKey(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPrivateKey(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key to export */
     ret = wc_ExportEccsiPrivateKey(key, NULL, &sz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportEccsiPrivateKey(NULL, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiPrivateKey(key, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiPrivateKey(NULL, data, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPublicKey(NULL, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPublicKey(key, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPublicKey(NULL, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* No key to export */
     ret = wc_ExportEccsiPublicKey(key, data, &sz, 1);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportEccsiPublicKey(NULL, NULL, 0, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiPublicKey(key, NULL, 0, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportEccsiPublicKey(NULL, data, 0, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, NULL, &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, NULL, hash, &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, NULL, 1, pvt, hash,
             &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetEccsiHash(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiHash(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiHash(NULL, hash, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetEccsiPair(NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(key, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(NULL, ssk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(NULL, NULL, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(key, ssk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(key, NULL, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetEccsiPair(NULL, ssk, pvt);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, sig, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, NULL, 0, sig,
             &sigSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(key, NULL, WC_HASH_TYPE_SHA256, data, 0, sig,
             &sigSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SignEccsiHash(NULL, rng, WC_HASH_TYPE_SHA256, data, 0, sig,
             &sigSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     /* Key not set. */
     ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
             &sigSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, NULL, 0,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
             &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
             &valid);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetEccsiPair(key, ssk, pvt);
@@ -43949,7 +48691,7 @@ static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
     /* Identity hash not set. */
     ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
             &sigSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     wc_FreeEccsiKey(key);
@@ -44064,7 +48806,7 @@ static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_po
         ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
 
     ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (sz != 32 * 3)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -44084,7 +48826,7 @@ static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_po
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
     ret = wc_EncodeEccsiSsk(priv, ssk, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (sz != 32)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -44101,7 +48843,7 @@ static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_po
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     ret = wc_EncodeEccsiPvt(priv, pvt, NULL, &sz, 1);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (sz != 32 * 2)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
@@ -44149,7 +48891,7 @@ static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
     word32 sz;
 
     ret = wc_ExportEccsiKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32 * 3)
         return WC_TEST_RET_ENC_NC;
@@ -44160,7 +48902,7 @@ static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32 * 3)
         return WC_TEST_RET_ENC_NC;
@@ -44173,7 +48915,7 @@ static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
         return WC_TEST_RET_ENC_NC;
 
     ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32)
         return WC_TEST_RET_ENC_NC;
@@ -44184,7 +48926,7 @@ static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32)
         return WC_TEST_RET_ENC_NC;
@@ -44207,7 +48949,7 @@ static wc_test_ret_t eccsi_imp_exp_pubkey_test(EccsiKey* key1, EccsiKey* key2)
     word32 sz;
 
     ret = wc_ExportEccsiPublicKey(key1, NULL, &sz, 1);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 32 * 2)
         return WC_TEST_RET_ENC_NC;
@@ -44303,7 +49045,7 @@ static wc_test_ret_t eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RN
 #ifdef WOLFSSL_SHA384
     ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA384, id, idSz, pvt, hashPriv,
             &hashSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
@@ -44331,7 +49073,7 @@ static wc_test_ret_t eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RN
 
     ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, NULL,
             &sigSz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sigSz != 129)
         return WC_TEST_RET_ENC_NC;
@@ -44563,10 +49305,10 @@ static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
     word32 len;
 
     ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     wc_FreeSakkeKey(NULL);
@@ -44579,386 +49321,386 @@ static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeSakkeKey(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeKey(key, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeKey(NULL, rng);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeSakkePublicKey(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePublicKey(key, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePublicKey(NULL, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeSakkeRsk(NULL, NULL, 1, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeRsk(key, id, 1, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeRsk(key, NULL, 1, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeRsk(NULL, id, 1, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ValidateSakkeRsk(NULL, NULL, 1, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateSakkeRsk(key, id, 1, rsk, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ValidateSakkeRsk(NULL, id, 1, rsk, &valid);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkeKey(NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkeKey(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkeKey(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportSakkeKey(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeKey(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeKey(NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkePrivateKey(NULL, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkePrivateKey(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkePrivateKey(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportSakkePrivateKey(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkePrivateKey(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkePrivateKey(NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     sz = sizeof(data);
     ret = wc_EncodeSakkeRsk(NULL, NULL, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeSakkeRsk(key, rsk, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeSakkeRsk(key, NULL, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_EncodeSakkeRsk(NULL, rsk, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_DecodeSakkeRsk(NULL, NULL, sz, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeSakkeRsk(key, data, sz, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeSakkeRsk(key, NULL, sz, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DecodeSakkeRsk(NULL, data, sz, rsk);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportSakkeRsk(NULL, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeRsk(key, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeRsk(NULL, data, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkeRsk(key, data, 1);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GenerateSakkeRskTable(NULL, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(key, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(NULL, rsk, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(NULL, NULL, data, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(key, rsk, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(key, NULL, data, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(NULL, rsk, data, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     len--;
     ret = wc_GenerateSakkeRskTable(key, rsk, data, &len);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkePublicKey(NULL, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkePublicKey(key, data, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ExportSakkePublicKey(NULL, data, &sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ImportSakkePublicKey(NULL, NULL, sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkePublicKey(key, NULL, sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_ImportSakkePublicKey(NULL, data, sz, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GetSakkeAuthSize(NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GetSakkeAuthSize(key, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GetSakkeAuthSize(NULL, &authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_MakeSakkePointI(NULL, NULL, SAKKE_ID_MAX_SIZE + 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(key, NULL, SAKKE_ID_MAX_SIZE + 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(NULL, id, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkePointI(NULL, id, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GenerateSakkePointITable(NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkePointITable(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkePointITable(NULL, data, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkePointITable(key, NULL, &len);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     len--;
     ret = wc_GenerateSakkePointITable(key, data, &len);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetSakkePointITable(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointITable(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointITable(NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointITable(key, data, 1);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ClearSakkePointITable(NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GetSakkePointI(NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GetSakkePointI(key, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GetSakkePointI(NULL, data, &sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     sz = 1;
     ret = wc_GetSakkePointI(key, data, &sz);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     sz = 256;
     ret = wc_SetSakkePointI(NULL, NULL, 1, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, NULL, 1, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(NULL, id, 1, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(NULL, NULL, 1, data, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, id, 1, NULL, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, NULL, 1, data, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(NULL, id, 1, data, sz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1, data, sz);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkePointI(key, id, 1, data, sz - 1);
-    if (ret != BUFFER_E)
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetSakkeIdentity(NULL, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeIdentity(key, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeIdentity(NULL, id, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ssvSz = sizeof(ssv);
     ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
             auth, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
             auth, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             auth, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
             auth, &authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             auth, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
             auth, &authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             auth, &authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             auth, &authSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_GenerateSakkeSSV(NULL, NULL, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeSSV(key, rng, data, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeSSV(key, NULL, data, &ssvSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_GenerateSakkeSSV(NULL, rng, data, &ssvSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetSakkeRsk(NULL, NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeRsk(key, NULL, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeRsk(NULL, rsk, data, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ssvSz = sizeof(ssv);
     authSz = sizeof(auth);
     ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SetSakkeIdentity(key, id, 1);
@@ -44966,7 +49708,7 @@ static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SetSakkeIdentity(key, id, 0);
     if (ret != 0)
@@ -44977,7 +49719,7 @@ static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != BAD_STATE_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     wc_FreeSakkeKey(key);
@@ -45149,7 +49891,7 @@ static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
         return WC_TEST_RET_ENC_EC(ret);
     iTableLen = 0;
     ret = wc_GenerateSakkePointITable(key, NULL, &iTableLen);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (iTableLen != 0) {
         iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -45161,7 +49903,7 @@ static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
     }
     len = 0;
     ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (len > 0) {
         table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -45353,7 +50095,7 @@ static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkeKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 384)
         return WC_TEST_RET_ENC_NC;
@@ -45380,7 +50122,7 @@ static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkePrivateKey(priv, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 128)
         return WC_TEST_RET_ENC_NC;
@@ -45406,7 +50148,7 @@ static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_ExportSakkePublicKey(priv, NULL, &sz, 1);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 256)
         return WC_TEST_RET_ENC_NC;
@@ -45492,7 +50234,7 @@ static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
     word32 sz;
 
     ret = wc_GenerateSakkeSSV(pub, rng, NULL, &ssvSz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (ssvSz != 16)
         return WC_TEST_RET_ENC_NC;
@@ -45518,7 +50260,7 @@ static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
 
     ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
             NULL, &authSz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (authSz != 257)
         return WC_TEST_RET_ENC_NC;
@@ -45537,7 +50279,7 @@ static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
         return WC_TEST_RET_ENC_NC;
 
     ret = wc_GetSakkePointI(pub, NULL, &sz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         return WC_TEST_RET_ENC_EC(ret);
     if (sz != 256)
         return WC_TEST_RET_ENC_NC;
@@ -45578,7 +50320,7 @@ static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
     ssv[0] ^= 0x80;
     ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
             authSz);
-    if (ret != SAKKE_VERIFY_FAIL_E)
+    if (ret != WC_NO_ERR_TRACE(SAKKE_VERIFY_FAIL_E))
         return WC_TEST_RET_ENC_EC(ret);
     ssv[0] ^= 0x80;
 
@@ -45834,26 +50576,26 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
     const CMAC_Test_Case testCases[] =
     {
 #ifdef WOLFSSL_AES_128
-        {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, WC_AES_BLOCK_SIZE},
 #endif
 #ifdef WOLFSSL_AES_192
-        {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, WC_AES_BLOCK_SIZE},
 #endif
 #ifdef WOLFSSL_AES_256
-        {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE},
-        {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, WC_AES_BLOCK_SIZE},
+        {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, WC_AES_BLOCK_SIZE},
 #endif
 #ifdef WOLFSSL_AES_128
-        {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE}
+        {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, WC_AES_BLOCK_SIZE}
 #endif
     };
 
@@ -45862,7 +50604,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
 #else
     Cmac cmac[1];
 #endif
-    byte tag[AES_BLOCK_SIZE];
+    byte tag[WC_AES_BLOCK_SIZE];
     const CMAC_Test_Case* tc;
     word32 i, tagSz;
     wc_test_ret_t ret;
@@ -45878,7 +50620,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
          i++, tc++) {
 
         XMEMSET(tag, 0, sizeof(tag));
-        tagSz = AES_BLOCK_SIZE;
+        tagSz = WC_AES_BLOCK_SIZE;
 
 #if !defined(HAVE_FIPS) || \
     defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
@@ -45908,12 +50650,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
         ret = wc_CmacFinal(cmac, tag, &tagSz);
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
+        if (XMEMCMP(tag, tc->t, WC_AES_BLOCK_SIZE) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
         XMEMSET(tag, 0, sizeof(tag));
         tagSz = sizeof(tag);
-#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
         ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
                                tc->k, tc->kSz, NULL, devId);
 #else
@@ -45922,9 +50664,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
 #endif
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
-        if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
+        if (XMEMCMP(tag, tc->t, WC_AES_BLOCK_SIZE) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
-#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
         ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz,
                              tc->k, tc->kSz, HEAP_HINT, devId);
 #else
@@ -45934,7 +50676,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
+#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
         /* Test that keyless generate with init is the same */
         XMEMSET(tag, 0, sizeof(tag));
         tagSz = sizeof(tag);
@@ -45949,12 +50691,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
         }
 #endif
 
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
+        (void)wc_CmacFree(cmac);
+#endif
     }
 
     ret = 0;
 
   out:
 
+#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
+    (void)wc_CmacFree(cmac);
+#endif
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
 #endif
@@ -45962,7 +50711,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
     return ret;
 }
 
-#endif /* NO_AES && WOLFSSL_CMAC */
+#endif /* !NO_AES && WOLFSSL_CMAC */
 
 #if defined(WOLFSSL_SIPHASH)
 
@@ -46234,53 +50983,53 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void)
 
     /* Testing bad parameters. */
     ret = wc_InitSipHash(NULL, NULL, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSipHash(NULL, siphash_key, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSipHash(&siphash, NULL, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSipHash(&siphash, siphash_key, 7);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashUpdate(NULL, NULL, 0);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashUpdate(&siphash, NULL, 1);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashFinal(NULL, NULL, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashFinal(&siphash, NULL, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashFinal(NULL, res, SIPHASH_MAC_SIZE_8);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = wc_SipHash(NULL, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHash(siphash_key, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHash(NULL, NULL, 0, res, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHash(siphash_key, NULL, 0, res, 15);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_SipHash(siphash_key, NULL, 1, res, SIPHASH_MAC_SIZE_16);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Test cache with multiple non blocksize bytes */
@@ -46982,7 +51731,7 @@ static const byte asnDataOid[] = {
  * OtherRecipientInfo.
  *
  * Returns 0 on success, negative upon error. */
-static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
+static int myOriEncryptCb(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
                           word32* oriTypeSz, byte* oriValue, word32* oriValueSz,
                           void* ctx)
 {
@@ -47019,7 +51768,7 @@ static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
  * in decrypting the encrypted CEK.
  *
  * Returns 0 on success, negative upon error. */
-static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
+static int myOriDecryptCb(wc_PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
                           byte* oriValue, word32 oriValueSz, byte* decryptedKey,
                           word32* decryptedKeySz, void* ctx)
 {
@@ -47053,7 +51802,7 @@ static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
 
 #if !defined(NO_AES) && defined(HAVE_AES_CBC)
 /* returns 0 on success */
-static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
+static int myDecryptionFunc(wc_PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
         byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
         byte* in, int inSz, byte* out, void* usrCtx)
 {
@@ -47102,7 +51851,7 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
     /* if needing to find keyIdSz can call with NULL */
     ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL,
             &keyIdSz);
-    if (ret != LENGTH_ONLY_E) {
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         printf("Unexpected error %d when getting keyIdSz\n", ret);
         printf("Possibly no KEY ID attribute set\n");
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -47150,13 +51899,13 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
     switch (encryptOID) {
     #ifdef WOLFSSL_AES_256
         case AES256CBCb:
-            if ((keySz != 32 ) || (ivSz  != AES_BLOCK_SIZE))
+            if ((keySz != 32 ) || (ivSz  != WC_AES_BLOCK_SIZE))
                 WARNING_OUT(BAD_FUNC_ARG, out);
             break;
     #endif
     #ifdef WOLFSSL_AES_128
         case AES128CBCb:
-            if ((keySz != 16 ) || (ivSz  != AES_BLOCK_SIZE))
+            if ((keySz != 16 ) || (ivSz  != WC_AES_BLOCK_SIZE))
                 ERROR_OUT(BAD_FUNC_ARG, out);
             break;
     #endif
@@ -47202,7 +51951,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
 
     byte   *enveloped = NULL;
     byte   *decoded = NULL;
-    PKCS7* pkcs7 = NULL;
+    wc_PKCS7* pkcs7 = NULL;
 #ifdef ECC_TIMING_RESISTANT
     WC_RNG rng;
 #endif
@@ -47220,7 +51969,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
     byte optionalUkm[] = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
     };
-#endif /* NO_AES */
+#endif /* !NO_AES */
 
 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
     !defined(NO_SHA)
@@ -47605,7 +52354,9 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
             for (z = 0; z < envelopedSz; z++) {
                 decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1,
                                                  decoded, PKCS7_BUF_SIZE);
-                if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
+                if (decodedSz <= 0 &&
+                    decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E))
+                {
                     printf("unexpected error %d\n", decodedSz);
                     ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
                 }
@@ -47820,7 +52571,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
     byte   *enveloped = NULL;
     byte   *decoded = NULL;
     WC_RNG rng;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
     XFILE  pkcs7File;
 #endif
@@ -47851,7 +52602,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
     WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
     };
-#endif /* NO_AES */
+#endif /* !NO_AES */
 
 #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
     /* encryption key for kekri recipient types */
@@ -47950,12 +52701,12 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
          NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
          "pkcs7authEnvelopedDataAES256GCM_IANDS.der");
         #endif
-    #else /* NO_AES || !HAVE_AESGCM */
+    #else
         (void)rsaCert;
         (void)rsaCertSz;
         (void)rsaPrivKey;
         (void)rsaPrivKeySz;
-    #endif /* NO_AES || !HAVE_AESGCM */
+    #endif /* !NO_AES && !HAVE_AESGCM */
 #endif
 
         /* key agreement key encryption technique*/
@@ -48037,7 +52788,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
          0, 0, 0, 0, 0, 0,
          "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der");
         #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
-    #endif /* NO_AES */
+    #endif /* !NO_AES && HAVE_AESGCM */
 #endif
 
         /* kekri (KEKRecipientInfo) recipient types */
@@ -48291,7 +53042,9 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
             for (z = 0; z < envelopedSz; z++) {
                 decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7,
                         enveloped + z, 1, decoded, PKCS7_BUF_SIZE);
-                if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
+                if (decodedSz <= 0 &&
+                    decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E))
+                {
                     printf("unexpected error %d\n", decodedSz);
                     ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
                 }
@@ -48471,7 +53224,7 @@ static const byte p7AltKey[] = {
     0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
 };
 
-static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
+static int myCEKwrapFunc(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
         word32 keyIdSz, byte* orginKey, word32 orginKeySz,
         byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
 {
@@ -48515,7 +53268,7 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
 
 
 /* returns key size on success */
-static wc_test_ret_t getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
+static wc_test_ret_t getFirmwareKey(wc_PKCS7* pkcs7, byte* key, word32 keySz)
 {
     wc_test_ret_t ret;
     word32 atrSz;
@@ -48532,7 +53285,7 @@ static wc_test_ret_t getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
     /* find keyID in fwWrappedFirmwareKey */
     ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
             sizeof(fwWrappedFirmwareKey), NULL, &atrSz);
-    if (ret == LENGTH_ONLY_E) {
+    if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         XMEMSET(atr, 0, sizeof(atr));
         ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
                 sizeof(fwWrappedFirmwareKey), atr, &atrSz);
@@ -48541,7 +53294,7 @@ static wc_test_ret_t getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
         /* keyIdRaw[1] Length */
 
         if (ret > 0) {
-            PKCS7* envPkcs7;
+            wc_PKCS7* envPkcs7;
 
             envPkcs7 = wc_PKCS7_New(NULL, 0);
             if (envPkcs7 == NULL) {
@@ -48574,7 +53327,7 @@ static wc_test_ret_t envelopedData_encrypt(byte* in, word32 inSz, byte* out,
         word32 outSz)
 {
     wc_test_ret_t ret;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
     WOLFSSL_SMALL_STACK_STATIC const byte keyId[] = { 0x00 };
 
     pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
@@ -48623,7 +53376,7 @@ static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryp
 {
     wc_test_ret_t ret;
     int attribNum = 1;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
 
     /* KEY ID
      * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37
@@ -48717,7 +53470,7 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
 {
     wc_test_ret_t ret = 0;
     int usrCtx = 1; /* test value to pass as user context to callback */
-    PKCS7* pkcs7 = NULL;
+    wc_PKCS7* pkcs7 = NULL;
     byte*  sid = NULL;
     word32 sidSz;
     byte key[256];
@@ -48752,7 +53505,8 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
 #endif /* !NO_SHA */
     };
 
-    decoded = (byte *)XMALLOC(decodedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    decoded = (byte *)XMALLOC((word32)decodedSz, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER);
     if (decoded == NULL) {
         ret = MEMORY_E;
         goto out;
@@ -48777,7 +53531,7 @@ static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
 
     /* Get size of SID and print it out */
     ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz);
-    if (ret != LENGTH_ONLY_E)
+    if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
         goto out;
 
     sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -48910,8 +53664,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
 {
     wc_test_ret_t ret = 0;
     int i, testSz;
-    int encryptedSz, decodedSz, attribIdx;
-    PKCS7* pkcs7;
+    int encryptedSz, decodedSz;
+    word32 attribIdx;
+    wc_PKCS7* pkcs7;
     byte  *encrypted;
     byte  *decoded;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
@@ -49076,7 +53831,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
             for (z = 0; z < encryptedSz; z++) {
                 decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1,
                                                  decoded, PKCS7_BUF_SIZE);
-                if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
+                if (decodedSz <= 0 &&
+                    decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E))
+                {
                     printf("unexpected error %d\n", decodedSz);
                     ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
                 }
@@ -49178,7 +53935,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void)
     wc_test_ret_t ret = 0;
     int i, testSz;
     int compressedSz, decodedSz;
-    PKCS7* pkcs7;
+    wc_PKCS7* pkcs7;
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     byte  *compressed;
     byte  *decoded;
@@ -49334,7 +54091,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
     byte*  out = NULL;
     word32 outSz;
     WC_RNG rng;
-    PKCS7* pkcs7 = NULL;
+    wc_PKCS7* pkcs7 = NULL;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
     XFILE  file;
 #endif
@@ -49766,7 +54523,7 @@ static wc_test_ret_t pkcs7signed_run_vectors(
             if (testVectors[i].signedAttribs != NULL) {
                 ret = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz,
                     NULL, (word32*)&bufSz);
-                if (ret != LENGTH_ONLY_E)
+                if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
                     ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
                 ret = 0;
             }
@@ -49846,7 +54603,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
     byte*  out = NULL;
     word32 outSz;
     WC_RNG rng;
-    PKCS7* pkcs7 = NULL;
+    wc_PKCS7* pkcs7 = NULL;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
     XFILE  file;
 #endif
@@ -50243,7 +55000,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
             word32 z;
             for (z = 0; z < outSz && ret != 0; z++) {
                 ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1);
-                if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) {
+                if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
                     printf("unexpected error %d\n", ret);
                     ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
                 }
@@ -50276,7 +55033,7 @@ static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
             /* compare decrypted to expected */
             if (((word32)ret != testVectors[i].contentSz) ||
-                XMEMCMP(out, testVectors[i].content, ret))
+                XMEMCMP(out, testVectors[i].content, (word32)ret))
                 ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         }
     #endif
@@ -50666,10 +55423,10 @@ static wc_test_ret_t mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
     }
 
     ret = mp_read_radix(r, badStr1, MP_RADIX_DEC);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(r, badStr2, MP_RADIX_DEC);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(r, empty2, MP_RADIX_DEC);
     if (ret != MP_OKAY)
@@ -50728,8 +55485,12 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
             ret = randNum(a, j, rng, NULL);
             if (ret != 0)
                     return WC_TEST_RET_ENC_EC(ret);
-            mp_radix_size(a, MP_RADIX_HEX, &size);
-            mp_toradix(a, str, MP_RADIX_HEX);
+            ret = mp_radix_size(a, MP_RADIX_HEX, &size);
+            if (ret != 0)
+                return WC_TEST_RET_ENC_EC(ret);
+            ret = mp_toradix(a, str, MP_RADIX_HEX);
+            if (ret != 0)
+                return WC_TEST_RET_ENC_EC(ret);
             if ((int)XSTRLEN(str) != size - 1)
                 return WC_TEST_RET_ENC_NC;
             mp_read_radix(r, str, MP_RADIX_HEX);
@@ -50743,7 +55504,7 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
     if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(r, badStr2, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_set(r, 1);
@@ -50759,7 +55520,7 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
     XMEMSET(longStr+1, '0', sizeof(longStr) - 2);
     longStr[sizeof(longStr)-1] = '\0';
     ret = mp_read_radix(r, longStr, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -50786,10 +55547,10 @@ static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
 
 #ifdef WOLFSSL_SP_MATH
     ret = mp_toradix(a, str, 8);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_radix_size(a, 8, &size);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -50806,18 +55567,23 @@ static wc_test_ret_t mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     for (i = 0; i < 4; i++) {
-        mp_copy(r1, a);
+        ret = mp_copy(r1, a);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
+#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
+    defined(WC_RSA_BLINDING) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
         ret = mp_lshd(r1, i);
         if (ret != MP_OKAY)
             return WC_TEST_RET_ENC_EC(ret);
-#ifndef WOLFSSL_SP_MATH
+    #ifndef WOLFSSL_SP_MATH
         mp_rshd(r1, i);
-#else
+    #else
         mp_rshb(r1, i * SP_WORD_SIZE);
-#endif
+    #endif
         ret = mp_cmp(a, r1);
         if (ret != MP_EQ)
             return WC_TEST_RET_ENC_NC;
+#endif
     }
 #ifndef WOLFSSL_SP_MATH
     for (i = 0; i < DIGIT_BIT+1; i++) {
@@ -50908,7 +55674,7 @@ static wc_test_ret_t mp_test_read_to_bin(mp_int* a)
 
     /* Length too small. */
     ret = mp_to_unsigned_bin_len(a, out, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_read_unsigned_bin(a, NULL, 0);
@@ -50978,7 +55744,7 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     mp_digit rho;
     int size;
 #endif
-#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
+#ifdef WOLFSSL_SP_PRIME_GEN
     int result;
 #endif
 #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
@@ -50990,7 +55756,7 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     (void)r;
 
     ret = mp_init(NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
@@ -51003,11 +55769,11 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
     ret = mp_grow(NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #ifdef WOLFSSL_SP_MATH
     ret = mp_grow(a, SP_INT_DIGITS + 1);
-    if (ret != MP_MEM)
+    if (ret != WC_NO_ERR_TRACE(MP_MEM))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 #endif
@@ -51015,13 +55781,13 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     mp_clear(NULL);
 
     ret = mp_abs(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_abs(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_abs(NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_unsigned_bin_size(NULL);
@@ -51032,35 +55798,35 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     XMEMSET(buffer, 0, sizeof(buffer));
 
     ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer));
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_unsigned_bin(NULL, buffer, sizeof(buffer));
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_unsigned_bin(a, NULL, sizeof(buffer));
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_unsigned_bin(a, buffer, SP_INT_DIGITS * SP_WORD_SIZEOF + 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_read_radix(NULL, NULL, 16);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(a, NULL, 16);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_read_radix(NULL, hexStr, 16);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #ifndef WOLFSSL_SP_INT_NEGATIVE
     ret = mp_read_radix(a, negStr, 16);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_read_radix(a, negStr, 10);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif /* WOLFSSL_SP_MATH_ALL */
 #endif /* WOLFSSL_SP_INT_NEGATIVE */
@@ -51068,12 +55834,12 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 #ifndef WOLFSSL_SP_MATH_ALL
     /* Radix 10 only supported with ALL. */
     ret = mp_read_radix(a, decStr, 10);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     /* Radix 8 not supported SP_INT. */
     ret = mp_read_radix(a, "0123", 8);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_count_bits(NULL);
@@ -51096,43 +55862,43 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
     !defined(NO_RSA)
     ret = mp_set_bit(NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
     !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_to_unsigned_bin(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin(NULL, buffer);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
     ret = mp_to_unsigned_bin_len(NULL, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_len(a, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_len(NULL, buffer, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
 #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
     !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_at_pos(0, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_at_pos(0, NULL, buffer);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_to_unsigned_bin_at_pos(0, a, buffer);
     if (ret != MP_OKAY)
@@ -51141,24 +55907,24 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
     ret = mp_copy(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_copy(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_copy(NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH)
     ret = sp_2expt(NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
     ret = mp_set(NULL, 0);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_cmp_d(NULL, 0);
@@ -51182,491 +55948,492 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
     mp_zero(NULL);
 
 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
-    !defined(WOLFSSL_RSA_VERIFY_ONLY)
+    !defined(WOLFSSL_RSA_PUBLIC_ONLY)
     ret = mp_lshd(NULL, 0);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lshd(a, SP_INT_DIGITS + 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_div(NULL, NULL, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div(a, NULL, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div(NULL, b, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div(a, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
     (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
     ret = mp_mod(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(NULL, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(a, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod(NULL, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_RSA) || defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_set_int(NULL, 0);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
     (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
     ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, a, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, NULL, 1, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, a, 1, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, a, 1, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, NULL, 1, a, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, a, 1, a, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, NULL, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, a, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, a, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, NULL, a, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, a, a, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
     !defined(WC_NO_RNG)
     ret = mp_rand_prime(NULL, 32, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_rand_prime(a, 32, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_rand_prime(NULL, 32, rng, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_rand_prime(a, 0, rng, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_mul(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(NULL, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(a, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul(NULL, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
     ret = mp_sqr(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqr(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqr(NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_sqrmod(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(NULL, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(a, NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sqrmod(NULL, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_mulmod(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(NULL, a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(NULL, NULL, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mulmod(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
     !defined(NO_RSA) || !defined(NO_DSA)
     ret = mp_add_d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add_d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add_d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
     !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
     ret = mp_sub_d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub_d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub_d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
     defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
     ret = mp_div_d(NULL, 0, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_d(a, 0, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_d(NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
                             (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
     ret = mp_mod_d(NULL, 0, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_d(a, 0, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_d(NULL, 0, &rd);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
     ret = mp_gcd(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(NULL, a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(a, NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(NULL, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
     ret = mp_div_2_mod_ct(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2_mod_ct(NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_div_2(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_div_2(NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
-#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
+                         !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
     defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
     ret = mp_invmod(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(a, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
     ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(a, NULL, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(NULL, b, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(NULL, NULL, a, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(a, b, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(a, NULL, a, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod_mont_ct(NULL, b, a, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
     ret = mp_lcm(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(a, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
     ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, b, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, NULL, 1, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, b, 1, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, b, 1, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(a, NULL, 1, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(NULL, b, 1, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_exptmod(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(NULL, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(NULL, NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -51676,117 +56443,117 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
-#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
+#ifdef WOLFSSL_SP_PRIME_GEN
     ret = mp_prime_is_prime(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(NULL, 1, &result);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, 0, &result);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, 1024, &result);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_prime_is_prime_ex(NULL, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(a, 1, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(NULL, 1, &result, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(NULL, 1, NULL, rng);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(a, 1, &result, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(a, 1, NULL, rng);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime_ex(NULL, 1, &result, rng);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || !defined(NO_DSA)
     ret = mp_exch(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exch(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exch(NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
                                                     defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_mul_d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul_d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul_d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
     ret = mp_add(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(NULL, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(a, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_add(NULL, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
     (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
     ret = mp_sub(NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(a, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(NULL, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(a, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(a, NULL, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_sub(NULL, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -51794,126 +56561,126 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 #if defined(WOLFSSL_SP_MATH_ALL) || (!defined(WOLFSSL_SP_MATH) && \
                                      defined(WOLFSSL_CUSTOM_CURVES))
     ret = mp_addmod(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(NULL, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(NULL, NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_addmod(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_submod(NULL, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(a, NULL, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(NULL, b, NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(NULL, NULL, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(NULL, NULL, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(a, b, b, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(a, b, NULL, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(a, NULL, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_submod(NULL, b, b, a);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_div_2d(NULL, 1, a, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_mod_2d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_2d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_2d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_mul_2d(NULL, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul_2d(a, 1, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mul_2d(NULL, 1, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
     defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
     ret = mp_montgomery_reduce(NULL, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_reduce(a, NULL, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_reduce(NULL, b, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_zero(b);
     ret = mp_montgomery_reduce(a, b, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_montgomery_setup(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_setup(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_setup(NULL, &rho);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_montgomery_calc_normalization(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_calc_normalization(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_montgomery_calc_normalization(NULL, b);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -51923,53 +56690,53 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
 
 #if defined(WC_MP_TO_RADIX) || defined(WOLFSSL_SP_MATH_ALL)
     ret = mp_tohex(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_tohex(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_tohex(NULL, hexStr);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
     ret = mp_todecimal(NULL, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_todecimal(a, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_todecimal(NULL, decStr);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
 #ifdef WOLFSSL_SP_MATH_ALL
     ret = mp_toradix(NULL, NULL, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_toradix(a, NULL, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_toradix(NULL, hexStr, MP_RADIX_HEX);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_toradix(a, hexStr, 3);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     ret = mp_radix_size(NULL, MP_RADIX_HEX, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_radix_size(a, MP_RADIX_HEX, NULL);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_radix_size(NULL, MP_RADIX_HEX, &size);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_radix_size(a, 3, &size);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -52054,11 +56821,11 @@ static wc_test_ret_t mp_test_set_is_bit(mp_int* a)
         i = SP_INT_MAX_BITS + j;
         if (mp_is_bit_set(a, i))
             return WC_TEST_RET_ENC_NC;
-        if (mp_set_bit(a, i) != MP_VAL)
+        if (mp_set_bit(a, i) != WC_NO_ERR_TRACE(MP_VAL))
             return WC_TEST_RET_ENC_NC;
     #ifdef WOLFSSL_KEY_GEN
         ret = mp_2expt(a, i);
-        if (ret != MP_VAL)
+        if (ret != WC_NO_ERR_TRACE(MP_VAL))
             return WC_TEST_RET_ENC_EC(ret);
     #endif
     }
@@ -52103,6 +56870,7 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
     if (ret != MP_GT)
         return WC_TEST_RET_ENC_NC;
 
+#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
     mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX);
     ret = mp_cmp_d(b, -1);
     if (ret != MP_GT)
@@ -52117,9 +56885,12 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
     ret = mp_cmp(b, b);
     if (ret != MP_EQ)
         return WC_TEST_RET_ENC_NC;
+#endif
 
 #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
     defined(WOLFSSL_SP_INT_NEGATIVE)
+
+#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
     mp_read_radix(a, "-1", MP_RADIX_HEX);
     mp_read_radix(a, "1", MP_RADIX_HEX);
     ret = mp_cmp(a, b);
@@ -52136,12 +56907,15 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
     ret = mp_cmp(b, a);
     if (ret != MP_LT)
         return WC_TEST_RET_ENC_NC;
+#endif
 
+#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
     mp_read_radix(a, "-2", MP_RADIX_HEX);
     ret = mp_cmp(a, b);
     if (ret != MP_EQ)
         return WC_TEST_RET_ENC_NC;
 #endif
+#endif
 
 #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
     defined(WOLFSSL_ECC_GEN_REJECT_SAMPLING)
@@ -52207,7 +56981,8 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
     return 0;
 }
 
-#if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
+#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
 static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
 {
     wc_test_ret_t ret;
@@ -52219,7 +56994,9 @@ static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
             ret = randNum(a, j, rng, NULL);
             if (ret != MP_OKAY)
                 return WC_TEST_RET_ENC_EC(ret);
-            mp_copy(a, b);
+            ret = mp_copy(a, b);
+            if (ret != MP_OKAY)
+                return WC_TEST_RET_ENC_EC(ret);
             for (k = 0; k <= DIGIT_BIT * 2; k++) {
                 ret = mp_mul_2d(a, k, a);
                 if (ret != MP_OKAY)
@@ -52238,7 +57015,9 @@ static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
             ret = randNum(a, j, rng, NULL);
             if (ret != MP_OKAY)
                 return WC_TEST_RET_ENC_EC(ret);
-            mp_copy(a, b);
+            ret = mp_copy(a, b);
+            if (ret != MP_OKAY)
+                return WC_TEST_RET_ENC_EC(ret);
             for (k = 0; k < 10; k++) {
                 ret = mp_lshd(a, k);
                 if (ret != MP_OKAY)
@@ -52276,9 +57055,8 @@ static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
 }
 #endif
 
-#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
-    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+#if !defined(NO_DH) || defined(HAVE_ECC) || \
+    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
 static wc_test_ret_t mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
                        WC_RNG* rng)
 {
@@ -52289,7 +57067,7 @@ static wc_test_ret_t mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
     mp_zero(d);
 
     ret = mp_div(a, d, r, rem);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_set(d, 1);
@@ -52428,7 +57206,7 @@ static wc_test_ret_t mp_test_prime(mp_int* a, WC_RNG* rng)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 #else
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_NC;
 #endif
 #ifndef WOLFSSL_SP_MATH
@@ -52448,13 +57226,13 @@ static wc_test_ret_t mp_test_prime(mp_int* a, WC_RNG* rng)
 #endif
 
     ret = mp_prime_is_prime(a, 0, &res);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, -1, &res);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_prime_is_prime(a, 257, &res);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_set(a, 1);
@@ -52537,13 +57315,13 @@ static wc_test_ret_t mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* ex
     mp_set(a, 0);
     mp_set(b, 1);
     ret = mp_lcm(a, a, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(a, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_lcm(b, a, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     for (i = 0; i < (int)(sizeof(kat) / sizeof(*kat)); i++) {
@@ -52599,7 +57377,7 @@ static wc_test_ret_t mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* ex
     if (ret != MP_EQ)
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_gcd(b, b, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     return 0;
@@ -52708,7 +57486,7 @@ static wc_test_ret_t mp_test_mod_d(mp_int* a, WC_RNG* rng)
     if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_mod_d(a, 0, &r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_zero(a);
@@ -52829,8 +57607,9 @@ static wc_test_ret_t mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r
     return 0;
 }
 
-#if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
-    defined(OPENSSL_EXTRA)
+#if (!defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
+    defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
 static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
 {
     wc_test_ret_t ret;
@@ -52838,25 +57617,25 @@ static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
     mp_set(a, 0);
     mp_set(m, 1);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_invmod(m, a, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 2);
     mp_set(m, 4);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 3);
     mp_set(m, 6);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 5*9);
     mp_set(m, 6*9);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 1);
     mp_set(m, 4);
@@ -52890,7 +57669,7 @@ static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
     mp_set(m, 0);
     mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE);
     ret = mp_invmod(a, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     /* Maximum modulus - even. */
     mp_set(m, 0);
@@ -52901,32 +57680,36 @@ static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
 #endif
 
 #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE)
+
+#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
     mp_read_radix(a, "-3", 16);
     ret = mp_invmod(a, m, r);
     if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
+#endif
+
 #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
     mp_set(a, 0);
     mp_set(m, 3);
     ret = mp_invmod_mont_ct(a, m, r, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 1);
     mp_set(m, 0);
     ret = mp_invmod_mont_ct(a, m, r, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 1);
     mp_set(m, 1);
     ret = mp_invmod_mont_ct(a, m, r, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     mp_set(a, 1);
     mp_set(m, 2);
     ret = mp_invmod_mont_ct(a, m, r, 1);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
     mp_set(a, 1);
@@ -52950,10 +57733,10 @@ static wc_test_ret_t mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
     mp_set(e, 0x3);
     mp_set(m, 0x0);
     ret = mp_exptmod_ex(b, e, 1, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(b, e, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 
 
@@ -53028,7 +57811,9 @@ static wc_test_ret_t mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
     mp_mul_2d(b, DIGIT_BIT, b);
     mp_add_d(b, 1, b);
     mp_set(e, 0x3);
-    mp_copy(b, m);
+    ret = mp_copy(b, m);
+    if (ret != MP_OKAY)
+        return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_ex(b, e, 1, m, r);
     if (ret != MP_OKAY)
         return WC_TEST_RET_ENC_EC(ret);
@@ -53058,10 +57843,10 @@ static wc_test_ret_t mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
     mp_mul_2d(m, SP_WORD_SIZE * SP_INT_DIGITS / 2, m);
     mp_add_d(m, 0x01, m);
     ret = mp_exptmod_ex(b, e, 1, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
     ret = mp_exptmod_nct(b, e, m, r);
-    if (ret != MP_VAL)
+    if (ret != WC_NO_ERR_TRACE(MP_VAL))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 
@@ -53158,16 +57943,24 @@ static wc_test_ret_t mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC
         /* a = 2^(bits*2) - 1 */
         mp_zero(a);
         mp_set_bit(a, bits[i] * 2);
-        mp_sub_d(a, 1, a);
+        ret = mp_sub_d(a, 1, a);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
+
         /* m = 2^(bits) - 1 */
         mp_zero(m);
         mp_set_bit(m, bits[i]);
-        mp_sub_d(m, 1, m);
+        ret = mp_sub_d(m, 1, m);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
+
         mp = 1;
         /* result = r = 2^(bits) - 1 */
         mp_zero(r);
         mp_set_bit(r, bits[i]);
-        mp_sub_d(r, 1, r);
+        ret = mp_sub_d(r, 1, r);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
 
         ret = mp_montgomery_reduce(a, m, mp);
         if (ret != MP_OKAY)
@@ -53219,7 +58012,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
 #endif
     WOLFSSL_ENTER("mp_test");
 
+#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
     ret = mp_init_multi(a, b, r1, r2, NULL, NULL);
+#else
+    ret =  mp_init(a);
+    ret |= mp_init(b);
+    ret |= mp_init(r1);
+    ret |= mp_init(r2);
+#endif
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
@@ -53319,7 +58119,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
              *        - if p and a are even it will fail.
              */
             ret = mp_invmod(a, p, r1);
-            if (ret != 0 && ret != MP_VAL)
+            if (ret != 0 && ret != WC_NO_ERR_TRACE(MP_VAL))
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
 
         #ifndef WOLFSSL_SP_MATH
@@ -53427,7 +58227,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
 #endif
     if ((ret = mp_test_cmp(a, r1)) != 0)
         goto done;
-#if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
+#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
     if ((ret = mp_test_shbd(a, b, &rng))  != 0)
         goto done;
 #endif
@@ -53435,9 +58236,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
     if ((ret = mp_test_set_is_bit(a)) != 0)
         goto done;
 #endif
-#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
-    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+#if !defined(NO_DH) || defined(HAVE_ECC) || \
+    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
     if ((ret = mp_test_div(a, b, r1, r2, &rng)) != 0)
         goto done;
 #endif
@@ -53462,8 +58262,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
 #endif
     if ((ret = mp_test_mul_sqr(a, b, r1, r2, &rng)) != 0)
         goto done;
-#if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
-    defined(OPENSSL_EXTRA)
+#if (!defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
+    defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
     if ((ret = mp_test_invmod(a, b, r1)) != 0)
         goto done;
 #endif
@@ -53716,22 +58517,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void)
     WC_RNG rng;
     WOLFSSL_ENTER("prime_test");
 
+    ret = mp_init_multi(n, p1, p2, p3, NULL, NULL);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((n == NULL) ||
         (p1 == NULL) ||
         (p2 == NULL) ||
         (p3 == NULL))
-        ERROR_OUT(MEMORY_E, out);
+        ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
 #endif
 
     ret = wc_InitRng(&rng);
     if (ret != 0)
         ret = WC_TEST_RET_ENC_EC(ret);
-    if (ret == 0) {
-        ret = mp_init_multi(n, p1, p2, p3, NULL, NULL);
-        if (ret != 0)
-            ret = WC_TEST_RET_ENC_EC(ret);
-    }
     if (ret == 0)
         ret = GenerateP(p1, p2, p3,
                 ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA);
@@ -53842,7 +58642,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void)
 #endif /* WOLFSSL_PUBLIC_MP */
 
 
-#ifdef ASN_BER_TO_DER
+#if defined(ASN_BER_TO_DER) && \
+    (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
+     defined(OPENSSL_EXTRA_X509_SMALL))
 /* wc_BerToDer is only public facing in the case of test cert or opensslextra */
 typedef struct berDerTestData {
     const byte *in;
@@ -53857,15 +58659,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
     int i;
     word32 len = 0, l;
     byte out[32];
-    WOLFSSL_SMALL_STACK_STATIC const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
-    WOLFSSL_SMALL_STACK_STATIC const byte good1_out[] = { 0x30, 0x00 };
-    WOLFSSL_SMALL_STACK_STATIC const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
-    WOLFSSL_SMALL_STACK_STATIC const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
-    WOLFSSL_SMALL_STACK_STATIC const byte good3_in[] = {
+    static const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
+    static const byte good1_out[] = { 0x30, 0x00 };
+    static const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
+    static const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
+    static const byte good3_in[] = {
         0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte good3_out[] = { 0x04, 0x1, 0x01 };
-    WOLFSSL_SMALL_STACK_STATIC const byte good4_in[] = {
+    static const byte good3_out[] = { 0x04, 0x1, 0x01 };
+    static const byte good4_in[] = {
         0x30, 0x80,
           0x02, 0x01, 0x01,
           0x30, 0x80,
@@ -53880,7 +58682,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
             0x00, 0x00,
           0x00, 0x00,
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte good4_out[] = {
+    static const byte good4_out[] = {
         0x30, 0x12,
           0x02, 0x01, 0x01,
           0x30, 0x08,
@@ -53889,9 +58691,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
           0x31, 0x03,
             0x06, 0x01, 0x01
     };
-    WOLFSSL_SMALL_STACK_STATIC const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
+    static const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
 
-    berDerTestData testData[] = {
+    static berDerTestData testData[] = {
         { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) },
         { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) },
         { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) },
@@ -53902,7 +58704,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
 
     for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
         ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
-        if (ret != LENGTH_ONLY_E)
+        if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
             return WC_TEST_RET_ENC_I(i);
         if (len != testData[i].outSz)
             return WC_TEST_RET_ENC_I(i);
@@ -53915,50 +58717,51 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
 
         for (l = 1; l < testData[i].inSz; l++) {
             ret = wc_BerToDer(testData[i].in, l, NULL, &len);
-            if (ret != ASN_PARSE_E)
+            if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
                  return WC_TEST_RET_ENC_EC(ret);
             len = testData[i].outSz;
             ret = wc_BerToDer(testData[i].in, l, out, &len);
-            if (ret != ASN_PARSE_E)
+            if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
                  return WC_TEST_RET_ENC_EC(ret);
         }
 
         for (l = 0; l < testData[i].outSz-1; l++) {
             ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l);
-            if (ret != BUFFER_E)
+            if (ret != WC_NO_ERR_TRACE(BUFFER_E))
                  return WC_TEST_RET_ENC_EC(ret);
         }
     }
 
     ret = wc_BerToDer(NULL, 4, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(out, 4, NULL, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(NULL, 4, NULL, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(NULL, 4, out, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(out, 4, out, NULL);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_BerToDer(NULL, 4, out, &len);
-    if (ret != BAD_FUNC_ARG)
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
 
     for (l = 1; l < sizeof(good4_out); l++) {
         len = l;
         ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len);
-        if (ret != BUFFER_E)
+        if (ret != WC_NO_ERR_TRACE(BUFFER_E))
             return WC_TEST_RET_ENC_EC(ret);
     }
 
     return 0;
 }
-#endif /* ASN_BER_TO_DER */
+#endif /* ASN_BER_TO_DER && (WOLFSSL_TEST_CERT || OPENSSL_EXTRA ||
+          OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef DEBUG_WOLFSSL
 static THREAD_LS_T int log_cnt = 0;
@@ -54027,11 +58830,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void)
 #else
     WOLFSSL_ENTER("logging_test");
     ret = wolfSSL_Debugging_ON();
-    if (ret != NOT_COMPILED_IN)
+    if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN))
         return WC_TEST_RET_ENC_EC(ret);
     wolfSSL_Debugging_OFF();
     ret = wolfSSL_SetLoggingCb(NULL);
-    if (ret != NOT_COMPILED_IN)
+    if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN))
         return WC_TEST_RET_ENC_EC(ret);
 #endif /* DEBUG_WOLFSSL */
     return 0;
@@ -54086,7 +58889,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
     /* trying to free a locked mutex is not portable behavior with pthread */
     /* Attempting to destroy a locked mutex results in undefined behavior */
     ret = wc_FreeMutex(&m);
-    if (ret != BAD_MUTEX_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
     ret = wc_UnLockMutex(&m);
@@ -54098,10 +58901,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
 #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
     /* Trying to use a pthread after free'ing is not portable behavior */
     ret = wc_LockMutex(&m);
-    if (ret != BAD_MUTEX_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E))
         return WC_TEST_RET_ENC_EC(ret);
     ret = wc_UnLockMutex(&m);
-    if (ret != BAD_MUTEX_E)
+    if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E))
         return WC_TEST_RET_ENC_EC(ret);
 #endif
 #endif
@@ -54128,7 +58931,7 @@ static void *my_Malloc_cb(size_t size)
 #endif
     malloc_cnt++;
     #ifndef WOLFSSL_NO_MALLOC
-        return malloc(size);
+        return malloc(size); /* native heap */
     #else
         WOLFSSL_MSG("No malloc available");
         (void)size;
@@ -54147,7 +58950,7 @@ static void my_Free_cb(void *ptr)
 #endif
     free_cnt++;
     #ifndef WOLFSSL_NO_MALLOC
-        free(ptr);
+        free(ptr); /* native heap */
     #else
         WOLFSSL_MSG("No free available");
         (void)ptr;
@@ -54165,7 +58968,7 @@ static void *my_Realloc_cb(void *ptr, size_t size)
 #endif
     realloc_cnt++;
     #ifndef WOLFSSL_NO_MALLOC
-        return realloc(ptr, size);
+        return realloc(ptr, size); /* native heap */
     #else
         WOLFSSL_MSG("No realloc available");
         (void)ptr;
@@ -54212,7 +59015,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void)
     }
 
     b = (byte*)XMALLOC(1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    {
+        byte *new_b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        if (new_b)
+            b = new_b;
+        else {
+            XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_memcb);
+        }
+    }
     XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
 
 #ifndef WOLFSSL_STATIC_MEMORY
@@ -54429,7 +59240,7 @@ static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx)
     */
     ctx->exampleVar = 1;
     ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     } else
         /* reset return code */
@@ -54465,7 +59276,7 @@ static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx)
         ctx->exampleVar = 1;
         ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
                             in, inLen, out, &sigSz, key, sizeof(*key), NULL);
-        if (ret != NO_VALID_DEVID) {
+        if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
         } else
             /* reset return code */
@@ -54523,13 +59334,13 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
 #endif
 
     #ifdef OPENSSL_EXTRA
-    EVP_PKEY* privKey = NULL;
-    EVP_PKEY* pubKey = NULL;
+    WOLFSSL_EVP_PKEY* privKey = NULL;
+    WOLFSSL_EVP_PKEY* pubKey = NULL;
     #ifdef USE_CERT_BUFFERS_256
     ecc_key* pkey;
     const unsigned char* cp;
     #endif
-    EVP_MD_CTX mdCtx;
+    WOLFSSL_EVP_MD_CTX mdCtx;
     const char testData[] = "Hi There";
     size_t checkSz = -1;
     const unsigned char* p;
@@ -54589,7 +59400,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     ctx->exampleVar = 1;
     ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     } else
         /* reset return code */
@@ -54614,7 +59425,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret == 0) {
         ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
     }
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     }
     else
@@ -54632,7 +59443,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret == 0) {
         ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
     }
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     }
     else
@@ -54653,7 +59464,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret == 0) {
         ret = wc_ecc_shared_secret(key, pub, out, &outLen);
     }
-    if (ret != NO_VALID_DEVID) {
+    if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
     }
     else
@@ -54664,7 +59475,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
 
     (void)pkey;
     cp = ecc_clikey_der_256;
-    privKey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
+    privKey = d2i_PrivateKey(WC_EVP_PKEY_EC, NULL, &cp,
                                                   sizeof_ecc_clikey_der_256);
     if (privKey == NULL) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
@@ -54681,9 +59492,9 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     pkey->devId = devId;
 
     /* sign */
-    EVP_MD_CTX_init(&mdCtx);
+    wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    ret = EVP_DigestSignInit(&mdCtx, NULL, EVP_sha256(), NULL, privKey);
+    ret = EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey);
     if (ret != WOLFSSL_SUCCESS) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     }
@@ -54716,17 +59527,17 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     /* restore checkSz for verify */
     checkSz = 71;
 
-    ret = EVP_MD_CTX_cleanup(&mdCtx);
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
+    if (ret != WOLFSSL_SUCCESS) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     }
 
     /* verify */
 
-    EVP_MD_CTX_init(&mdCtx);
+    wolfSSL_EVP_MD_CTX_init(&mdCtx);
 
-    if (ret == SSL_SUCCESS) {
-        ret = EVP_DigestVerifyInit(&mdCtx, NULL, EVP_sha256(), NULL, pubKey);
+    if (ret == WOLFSSL_SUCCESS) {
+        ret = EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey);
     }
     if (ret != WOLFSSL_SUCCESS) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
@@ -54753,8 +59564,8 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     if (ret != -1) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     }
-    ret = EVP_MD_CTX_cleanup(&mdCtx);
-    if (ret != SSL_SUCCESS) {
+    ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
+    if (ret != WOLFSSL_SUCCESS) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
     } else
         ret = 0;
@@ -54794,9 +59605,9 @@ exit_onlycb:
     wc_ecc_free(key);
     #ifdef OPENSSL_EXTRA
     if (privKey)
-        EVP_PKEY_free(privKey);
+        wolfSSL_EVP_PKEY_free(privKey);
     if (pubKey)
-        EVP_PKEY_free(pubKey);
+        wolfSSL_EVP_PKEY_free(pubKey);
     #endif
 #endif
 
@@ -54808,7 +59619,8 @@ exit_onlycb:
 /* Example crypto dev callback function that calls software version */
 static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 {
-    int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); /* return this to bypass HW and
+                                                   use SW */
     myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx;
 
     if (info == NULL)
@@ -54913,7 +59725,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                 ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size,
                     info->pk.rsakg.e, info->pk.rsakg.rng);
 #ifdef HAVE_FIPS
-                if (ret == PRIME_GEN_E)
+                if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E))
                     continue;
                 break;
             }
@@ -55586,6 +60398,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
     /* set devId to something other than INVALID_DEVID */
     devId = 1;
     ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx);
+    if (ret != 0)
+        ret = WC_TEST_RET_ENC_EC(ret);
 #ifdef WOLF_CRYPTO_CB_FIND
     wc_CryptoCb_SetDeviceFindCb(myCryptoCbFind);
 #endif /* WOLF_CRYPTO_CB_FIND */
@@ -55696,6 +60510,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
         ret = cmac_test();
 #endif
 
+    wc_CryptoCb_UnRegisterDevice(devId);
+
     /* restore devId */
     devId = origDevId;
 
@@ -55827,24 +60643,29 @@ typedef struct {
   word32     keySz;
   const byte nonce[49];
   word32     nonceSz;
-  const byte assoc[81];
-  word32     assocSz;
+  byte       numAssoc;
+  const byte assoc1[81];
+  word32     assoc1Sz;
+  const byte assoc2[11];
+  word32     assoc2Sz;
   const byte plaintext[83];
   word32     plaintextSz;
-  const byte siv[AES_BLOCK_SIZE+1];
+  const byte siv[WC_AES_BLOCK_SIZE+1];
   const byte ciphertext[82];
   word32     ciphertextSz;
 } AesSivTestVector;
 
-#define AES_SIV_TEST_VECTORS 7
+#define AES_SIV_TEST_VECTORS 9
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
 {
-    /* These test vectors come from chrony 4.1's SIV unit tests. */
     WOLFSSL_SMALL_STACK_STATIC const AesSivTestVector testVectors[AES_SIV_TEST_VECTORS] = {
+    /* These test vectors come from chrony 4.1's SIV unit tests. */
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
+      1,
+      "", 0,
       "", 0,
       "", 0,
       "\x22\x3e\xb5\x94\xe0\xe0\x25\x4b\x00\x25\x8e\x21\x9a\x1c\xa4\x21",
@@ -55853,14 +60674,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
+      1,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
       "", 0,
+      "", 0,
       "\xd7\x20\x19\x89\xc6\xdb\xc6\xd6\x61\xfc\x62\xbc\x86\x5e\xee\xef",
       "", 0
     },
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
+      1,
+      "", 0,
       "", 0,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
       "\xb6\xc1\x60\xe9\xc2\xfd\x2a\xe8\xde\xc5\x36\x8b\x2a\x33\xed\xe1",
@@ -55869,7 +60694,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e", 15,
+      1,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c", 15,
+      "", 0,
       "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4", 15,
       "\x03\x8c\x41\x51\xba\x7a\x8f\x77\x6e\x56\x31\x99\x42\x0b\xc7\x03",
       "\xe7\x6c\x67\xc9\xda\xb7\x0d\x5b\x44\x06\x26\x5a\xd0\xd2\x3b", 15
@@ -55877,7 +60704,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
     { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
+      1,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
+      "", 0,
       "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7", 16,
       "\x5c\x05\x23\x65\xf4\x57\x0a\xa0\xfb\x38\x3e\xce\x9b\x75\x85\xeb",
       "\x68\x85\x19\x36\x0c\x7c\x48\x11\x40\xcb\x9b\x57\x9a\x0e\x65\x32", 16
@@ -55886,8 +60715,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
       "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
       "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
       "\xd5", 17,
+      1,
       "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b"
       "\xa0", 17,
+      "", 0,
       "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7"
       "\x08", 17,
       "\xaf\x58\x4b\xe7\x82\x1e\x96\x19\x29\x91\x25\xe0\xdd\x80\x3b\x49",
@@ -55899,11 +60730,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
       "\xb0\x5a\x1b\xc7\x56\xe7\xb6\x2c\xb4\x85\xe5\x56\xa5\x28\xc0\x6c"
       "\x2f\x3b\x0b\x9d\x1a\x0c\xdf\x69\x47\xe0\xcc\xc0\x87\xaa\x5c\x09"
       "\x98\x48\x8d\x6a\x8e\x1e\x05\xd7\x8b\x68\x74\x83\xb5\x1d\xf1\x2c", 48,
+      1,
       "\xe5\x8b\xd2\x6a\x30\xc5\xc5\x61\xcc\xbd\x7c\x27\xbf\xfe\xf9\x06"
       "\x00\x5b\xd7\xfc\x11\x0b\xcf\x16\x61\xef\xac\x05\xa7\xaf\xec\x27"
       "\x41\xc8\x5e\x9e\x0d\xf9\x2f\xaf\x20\x79\x17\xe5\x17\x91\x2a\x27"
       "\x34\x1c\xbc\xaf\xeb\xef\x7f\x52\xe7\x1e\x4c\x2a\xca\xbd\x2b\xbe"
       "\x34\xd6\xfb\x69\xd3\x3e\x49\x59\x60\xb4\x26\xc9\xb8\xce\xba", 79,
+      "", 0,
       "\x6c\xe7\xcf\x7e\xab\x7b\xa0\xe1\xa7\x22\xcb\x88\xde\x5e\x42\xd2"
       "\xec\x79\xe0\xa2\xcf\x5f\x0f\x6f\x6b\x89\x57\xcd\xae\x17\xd4\xc2"
       "\xf3\x1b\xa2\xa8\x13\x78\x23\x2f\x83\xa8\xd4\x0c\xc0\xd2\xf3\x99"
@@ -55917,17 +60750,53 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
       "\x48\xc9\x55\xc5\x2f\x40\x73\x3f\x98\xbb\x8d\x69\x78\x46\x64\x17"
       "\x8d\x49\x2f\x14\x62\xa4\x7c\x2a\x57\x38\x87\xce\xc6\x72\xd3\x5c"
       "\xa1", 81
-    }};
+    },
+    /* Example A.1 from RFC5297 */
+    {
+      "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0"
+      "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 32,
+      "", 0,
+      1,
+      "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+      "\x20\x21\x22\x23\x24\x25\x26\x27", 24,
+      "", 0,
+      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee", 14,
+      "\x85\x63\x2d\x07\xc6\xe8\xf3\x7f\x95\x0a\xcd\x32\x0a\x2e\xcc\x93",
+      "\x40\xc0\x2b\x96\x90\xc4\xdc\x04\xda\xef\x7f\x6a\xfe\x5c", 14
+    },
+    /* Example A.2 from RFC5297 */
+    {
+      "\x7f\x7e\x7d\x7c\x7b\x7a\x79\x78\x77\x76\x75\x74\x73\x72\x71\x70"
+      "\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f", 32,
+      "\x09\xf9\x11\x02\x9d\x74\xe3\x5b\xd8\x41\x56\xc5\x63\x56\x88\xc0", 16,
+      2,
+      "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff"
+      "\xde\xad\xda\xda\xde\xad\xda\xda\xff\xee\xdd\xcc\xbb\xaa\x99\x88"
+      "\x77\x66\x55\x44\x33\x22\x11\x00", 40,
+      "\x10\x20\x30\x40\x50\x60\x70\x80\x90\xa0", 10,
+      "\x74\x68\x69\x73\x20\x69\x73\x20\x73\x6f\x6d\x65\x20\x70\x6c\x61"
+      "\x69\x6e\x74\x65\x78\x74\x20\x74\x6f\x20\x65\x6e\x63\x72\x79\x70"
+      "\x74\x20\x75\x73\x69\x6e\x67\x20\x53\x49\x56\x2d\x41\x45\x53", 47,
+      "\x7b\xdb\x6e\x3b\x43\x26\x67\xeb\x06\xf4\xd1\x4b\xff\x2f\xbd\x0f",
+      "\xcb\x90\x0f\x2f\xdd\xbe\x40\x43\x26\x60\x19\x65\xc8\x89\xbf\x17"
+      "\xdb\xa7\x7c\xeb\x09\x4f\xa6\x63\xb7\xa3\xf7\x48\xba\x8a\xf8\x29"
+      "\xea\x64\xad\x54\x4a\x27\x2e\x9c\x48\x5b\x62\xa3\xfd\x5c\x0d", 47
+    }
+    };
     int i;
     byte computedCiphertext[82];
     byte computedPlaintext[82];
-    byte siv[AES_BLOCK_SIZE];
+    byte siv[WC_AES_BLOCK_SIZE];
     wc_test_ret_t ret = 0;
     WOLFSSL_ENTER("aes_siv_test");
 
+    /* First test legacy "exactly one Assoc" interface. */
     for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) {
+        if (testVectors[i].numAssoc != 1)
+            continue;
+
         ret = wc_AesSivEncrypt(testVectors[i].key, testVectors[i].keySz,
-                              testVectors[i].assoc, testVectors[i].assocSz,
+                              testVectors[i].assoc1, testVectors[i].assoc1Sz,
                               testVectors[i].nonce, testVectors[i].nonceSz,
                               testVectors[i].plaintext,
                               testVectors[i].plaintextSz, siv,
@@ -55935,7 +60804,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
         if (ret != 0) {
             return WC_TEST_RET_ENC_EC(ret);
         }
-        ret = XMEMCMP(siv, testVectors[i].siv, AES_BLOCK_SIZE);
+        ret = XMEMCMP(siv, testVectors[i].siv, WC_AES_BLOCK_SIZE);
         if (ret != 0) {
             return WC_TEST_RET_ENC_NC;
         }
@@ -55945,7 +60814,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
             return WC_TEST_RET_ENC_NC;
         }
         ret = wc_AesSivDecrypt(testVectors[i].key, testVectors[i].keySz,
-                              testVectors[i].assoc, testVectors[i].assocSz,
+                              testVectors[i].assoc1, testVectors[i].assoc1Sz,
                               testVectors[i].nonce, testVectors[i].nonceSz,
                               computedCiphertext, testVectors[i].plaintextSz,
                               siv, computedPlaintext);
@@ -55959,6 +60828,47 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
         }
     }
 
+    /* Then test "multiple Assoc" interface. */
+    for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) {
+        const struct AesSivAssoc assoc[2] = {
+            { testVectors[i].assoc1, testVectors[i].assoc1Sz },
+            { testVectors[i].assoc2, testVectors[i].assoc2Sz }
+        };
+
+        ret = wc_AesSivEncrypt_ex(testVectors[i].key, testVectors[i].keySz,
+                                  assoc, testVectors[i].numAssoc,
+                                  testVectors[i].nonce, testVectors[i].nonceSz,
+                                  testVectors[i].plaintext,
+                                  testVectors[i].plaintextSz, siv,
+                                  computedCiphertext);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_EC(ret);
+        }
+        ret = XMEMCMP(siv, testVectors[i].siv, WC_AES_BLOCK_SIZE);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_NC;
+        }
+        ret = XMEMCMP(computedCiphertext, testVectors[i].ciphertext,
+                     testVectors[i].ciphertextSz);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_NC;
+        }
+        ret = wc_AesSivDecrypt_ex(testVectors[i].key, testVectors[i].keySz,
+                                  assoc, testVectors[i].numAssoc,
+                                  testVectors[i].nonce, testVectors[i].nonceSz,
+                                  computedCiphertext,
+                                  testVectors[i].plaintextSz, siv,
+                                  computedPlaintext);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_EC(ret);
+        }
+        ret = XMEMCMP(computedPlaintext, testVectors[i].plaintext,
+                     testVectors[i].plaintextSz);
+        if (ret != 0) {
+            return WC_TEST_RET_ENC_NC;
+        }
+    }
+
     return 0;
 }
 #endif
@@ -55975,8 +60885,8 @@ static void print_fiducials(void) {
            fiducial1, fiducial2, fiducial3, fiducial4);
 }
 
-#else
+#else /* NO_CRYPT_TEST && !WC_TEST_EXPORT_SUBTESTS */
     #ifndef NO_MAIN_DRIVER
         int main(void) { return 0; }
     #endif
-#endif /* NO_CRYPT_TEST */
+#endif /* NO_CRYPT_TEST && !WC_TEST_EXPORT_SUBTESTS */
diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h
index 2584b1227..bd4125b64 100644
--- a/wolfcrypt/test/test.h
+++ b/wolfcrypt/test/test.h
@@ -1,6 +1,6 @@
 /* wolfcrypt/test/test.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,12 +37,16 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
 #ifdef HAVE_STACK_SIZE
 THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args);
 #else
 wc_test_ret_t wolfcrypt_test(void* args);
 #endif
 
+void wc_test_render_error_message(const char* msg, wc_test_ret_t es);
+
 #ifndef NO_MAIN_DRIVER
 wc_test_ret_t wolfcrypt_test_main(int argc, char** argv);
 #endif
@@ -58,6 +62,8 @@ int wolf_test_task(void);
 #define WC_TEST_RET_TAG_ERRNO  2L
 #define WC_TEST_RET_TAG_I      3L
 
+wc_static_assert(-(long)MIN_CODE_E < 0x7ffL);
+
 #define WC_TEST_RET_ENC(line, i, tag)                           \
         ((wc_test_ret_t)(-((wc_test_ret_t)(line) + ((wc_test_ret_t)((word32)(i) & 0x7ffL) * 100000L) + ((wc_test_ret_t)(tag) << 29L))))
 
@@ -96,6 +102,293 @@ int wolf_test_task(void);
 
 #endif /* !WC_TEST_RET_HAVE_CUSTOM_MACROS */
 
+#ifdef WC_TEST_EXPORT_SUBTESTS
+
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  error_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  base64_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  base16_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  asn_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  md2_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  md5_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  md4_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha224_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha256_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha512_test(void);
+#if !defined(WOLFSSL_NOSHA512_224) && \
+   (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha512_224_test(void);
+#endif
+#if !defined(WOLFSSL_NOSHA512_256) && \
+   (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha512_256_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha384_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sha3_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  shake128_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  shake256_test(void);
+#ifdef WOLFSSL_SM3
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sm3_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hash_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_md5_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_sha_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_sha224_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_sha256_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_sha384_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_sha512_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hmac_sha3_test(void);
+#if defined(HAVE_HKDF) && !defined(NO_HMAC)
+#if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) ||     \
+    defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \
+    defined(WOLFSSL_AFALG_XILINX_RSA)
+/* hkdf_test has issue with extern WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */
+static                  wc_test_ret_t  hkdf_test(void);
+#else
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hkdf_test(void);
+#endif
+#endif /* HAVE_HKDF && ! NO_HMAC */
+#ifdef WOLFSSL_HAVE_PRF
+#if defined(HAVE_HKDF) && !defined(NO_HMAC)
+#ifdef WOLFSSL_BASE16
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  tls12_kdf_test(void);
+#endif /* WOLFSSL_BASE16 */
+#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
+#endif /* WOLFSSL_HAVE_PRF */
+#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  prf_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sshkdf_test(void);
+#ifdef WOLFSSL_TLS13
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  tls13_kdf_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  x963kdf_test(void);
+#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  hpke_test(void);
+#endif
+#ifdef WC_SRTP_KDF
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  srtpkdf_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  arc4_test(void);
+#ifdef WC_RC2
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  rc2_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  chacha_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  XChaCha_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  chacha20_poly1305_aead_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  XChaCha20Poly1305_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  des_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  des3_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_cbc_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_ctr_test(void);
+#if defined(WOLFSSL_AES_CFB)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_cfb_test(void);
+#endif
+#ifdef WOLFSSL_AES_XTS
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes_xts_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes192_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aes256_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aesofb_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  cmac_test(void);
+#ifdef HAVE_ASCON
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ascon_hash256_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ascon_aead128_test(void);
+#endif
+#if defined(WOLFSSL_SIPHASH)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  siphash_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  poly1305_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aesgcm_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aesgcm_default_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  gmac_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aesccm_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  aeskeywrap_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  camellia_test(void);
+#ifdef WOLFSSL_SM4
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sm4_test(void);
+#endif
+#ifdef WC_RSA_NO_PADDING
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  rsa_no_pad_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  rsa_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  dh_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  dsa_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  srp_test(void);
+#ifndef WC_NO_RNG
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  random_test(void);
+#endif /* WC_NO_RNG */
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  pwdbased_test(void);
+#if defined(USE_CERT_BUFFERS_2048) && \
+        defined(HAVE_PKCS12) && \
+            !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
+            !defined(NO_CERTS) && !defined(NO_DES3)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  pkcs12_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ripemd_test(void);
+#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openssl_test(void);   /* test mini api */
+
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openssl_pkey0_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openssl_pkey1_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openSSL_evpMD_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  openssl_evpSig_test(void);
+#endif
+
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void);
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void);
+#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
+#ifdef HAVE_ECC
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ecc_test(void);
+    #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
+        (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
+        extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ecc_encrypt_test(void);
+    #endif
+    #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
+        !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
+        defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
+        !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
+        /* skip for ATECC508/608A, cannot import private key buffers */
+        extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void);
+    #endif
+#endif
+#ifdef HAVE_CURVE25519
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  curve25519_test(void);
+#endif
+#ifdef HAVE_ED25519
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ed25519_test(void);
+#endif
+#ifdef HAVE_CURVE448
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  curve448_test(void);
+#endif
+#ifdef HAVE_ED448
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  ed448_test(void);
+#endif
+#ifdef WOLFSSL_HAVE_MLKEM
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  mlkem_test(void);
+#endif
+#ifdef HAVE_DILITHIUM
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  dilithium_test(void);
+#endif
+#if defined(WOLFSSL_HAVE_XMSS)
+    #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  xmss_test_verify_only(void);
+    #endif
+    #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  xmss_test(void);
+    #endif
+#endif
+#if defined(WOLFSSL_HAVE_LMS)
+    #if !defined(WOLFSSL_SMALL_STACK)
+        #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
+             !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  lms_test_verify_only(void);
+        #endif
+    #endif
+    #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  lms_test(void);
+    #endif
+#endif
+#ifdef WOLFCRYPT_HAVE_ECCSI
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  eccsi_test(void);
+#endif
+#ifdef WOLFCRYPT_HAVE_SAKKE
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  sakke_test(void);
+#endif
+#ifdef HAVE_BLAKE2
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  blake2b_test(void);
+#endif
+#ifdef HAVE_BLAKE2S
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  blake2s_test(void);
+#endif
+#ifdef HAVE_LIBZ
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void);
+#endif
+#ifdef HAVE_PKCS7
+    #ifndef NO_PKCS7_ENCRYPTED_DATA
+        extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void);
+    #endif
+    #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
+        extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void);
+    #endif
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void);
+    extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void);
+    #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+        extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void);
+    #endif
+    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
+        extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key,
+                word32 keySz);
+    #endif
+#endif
+#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
+    !defined(NO_FILESYSTEM)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void);
+#endif
+#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t  certext_test(void);
+#endif
+#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
+    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void);
+#if defined(WOLFSSL_PUBLIC_MP) && \
+    ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+     defined(USE_FAST_MATH))
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void);
+#endif
+#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void);
+#endif
+#if defined(ASN_BER_TO_DER) && \
+    (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
+     defined(OPENSSL_EXTRA_X509_SMALL))
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void);
+#endif
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void);
+#if !defined(NO_ASN) && !defined(NO_ASN_TIME)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void);
+#endif
+#if defined(__INCLUDE_NUTTX_CONFIG_H)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void);
+#else
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void);
+#endif
+#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void);
+#endif
+#ifdef WOLFSSL_CAAM_BLOB
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void);
+#endif
+#ifdef HAVE_ARIA
+#include "wolfssl/wolfcrypt/port/aria/aria-crypt.h"
+void printOutput(const char *strName, unsigned char *data, unsigned int dataSz);
+extern WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID);
+#endif
+
+#if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void);
+#endif
+#ifdef WOLFSSL_CERT_PIV
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void);
+#endif
+#ifdef WOLFSSL_AES_SIV
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void);
+#endif
+
+#if defined(WOLFSSL_AES_EAX) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
+extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void);
+#endif /* WOLFSSL_AES_EAX */
+
+#endif /* WC_TEST_EXPORT_SUBTESTS */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfcrypt/test/test_paths.h.in b/wolfcrypt/test/test_paths.h.in
index 38e912407..ce5ade920 100644
--- a/wolfcrypt/test/test_paths.h.in
+++ b/wolfcrypt/test/test_paths.h.in
@@ -1,6 +1,6 @@
 /* wolfcrypt/test/test_paths.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,6 +20,15 @@
  */
 
 #ifndef NO_FILESYSTEM
+#ifdef CERT_REL_PREFIX
+    #define CERT_PREFIX CERT_REL_PREFIX
+    #ifndef NO_WRITE_TEMP_FILES
+        #ifndef CERT_WRITE_TEMP_DIR
+            #define CERT_WRITE_TEMP_DIR "./"
+        #endif
+    #endif
+#else
     #define CERT_PREFIX "@abs_top_srcdir@/"
     #define CERT_WRITE_TEMP_DIR "@abs_top_builddir@/"
+#endif /* CERT_REL_PREFIX */
 #endif /* NO_FILESYSTEM */
diff --git a/wolfssl-VS2022.vcxproj b/wolfssl-VS2022.vcxproj
new file mode 100644
index 000000000..d5e13a396
--- /dev/null
+++ b/wolfssl-VS2022.vcxproj
@@ -0,0 +1,578 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{12226DBE-7278-4DFA-A119-5A0294CF0B33}</ProjectGuid>
+    <RootNamespace>wolfssl</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectName>wolfssl</ProjectName>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="src\crl.c" />
+    <ClCompile Include="src\dtls13.c" />
+    <ClCompile Include="src\dtls.c" />
+    <ClCompile Include="src\internal.c" />
+    <ClCompile Include="src\wolfio.c" />
+    <ClCompile Include="src\keys.c" />
+    <ClCompile Include="src\ocsp.c" />
+    <ClCompile Include="src\ssl.c" />
+    <ClCompile Include="src\tls.c" />
+    <ClCompile Include="src\tls13.c" />
+    <ClCompile Include="wolfcrypt\src\aes.c" />
+    <ClCompile Include="wolfcrypt\src\arc4.c" />
+    <ClCompile Include="wolfcrypt\src\asn.c" />
+    <ClCompile Include="wolfcrypt\src\blake2b.c" />
+    <ClCompile Include="wolfcrypt\src\blake2s.c" />
+    <ClCompile Include="wolfcrypt\src\camellia.c" />
+    <ClCompile Include="wolfcrypt\src\chacha.c" />
+    <ClCompile Include="wolfcrypt\src\chacha20_poly1305.c" />
+    <ClCompile Include="wolfcrypt\src\cmac.c" />
+    <ClCompile Include="wolfcrypt\src\coding.c" />
+    <ClCompile Include="wolfcrypt\src\curve25519.c" />
+    <ClCompile Include="wolfcrypt\src\curve448.c" />
+    <ClCompile Include="wolfcrypt\src\cpuid.c" />
+    <ClCompile Include="wolfcrypt\src\cryptocb.c" />
+    <ClCompile Include="wolfcrypt\src\des3.c" />
+    <ClCompile Include="wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="wolfcrypt\src\dh.c" />
+    <ClCompile Include="wolfcrypt\src\dsa.c" />
+    <ClCompile Include="wolfcrypt\src\ecc.c" />
+    <ClCompile Include="wolfcrypt\src\ed25519.c" />
+    <ClCompile Include="wolfcrypt\src\ed448.c" />
+    <ClCompile Include="wolfcrypt\src\error.c" />
+    <ClCompile Include="wolfcrypt\src\ext_mlkem.c" />
+    <ClCompile Include="wolfcrypt\src\falcon.c" />
+    <ClCompile Include="wolfcrypt\src\fe_448.c" />
+    <ClCompile Include="wolfcrypt\src\fe_low_mem.c" />
+    <ClCompile Include="wolfcrypt\src\fe_operations.c" />
+    <ClCompile Include="wolfcrypt\src\ge_448.c" />
+    <ClCompile Include="wolfcrypt\src\ge_low_mem.c" />
+    <ClCompile Include="wolfcrypt\src\ge_operations.c" />
+    <ClCompile Include="wolfcrypt\src\hash.c" />
+    <ClCompile Include="wolfcrypt\src\hmac.c" />
+    <ClCompile Include="wolfcrypt\src\integer.c" />
+    <ClCompile Include="wolfcrypt\src\kdf.c" />
+    <ClCompile Include="wolfcrypt\src\wc_mlkem.c" />
+    <ClCompile Include="wolfcrypt\src\wc_mlkem_poly.c" />
+    <ClCompile Include="wolfcrypt\src\logging.c" />
+    <ClCompile Include="wolfcrypt\src\md2.c" />
+    <ClCompile Include="wolfcrypt\src\md4.c" />
+    <ClCompile Include="wolfcrypt\src\md5.c" />
+    <ClCompile Include="wolfcrypt\src\memory.c" />
+    <ClCompile Include="wolfcrypt\src\pkcs7.c" />
+    <ClCompile Include="wolfcrypt\src\pkcs12.c" />
+    <ClCompile Include="wolfcrypt\src\poly1305.c" />
+    <ClCompile Include="wolfcrypt\src\pwdbased.c" />
+    <ClCompile Include="wolfcrypt\src\random.c" />
+    <ClCompile Include="wolfcrypt\src\rc2.c" />
+    <ClCompile Include="wolfcrypt\src\ripemd.c" />
+    <ClCompile Include="wolfcrypt\src\rsa.c" />
+    <ClCompile Include="wolfcrypt\src\sha.c" />
+    <ClCompile Include="wolfcrypt\src\sha256.c" />
+    <ClCompile Include="wolfcrypt\src\sha3.c" />
+    <ClCompile Include="wolfcrypt\src\sha512.c" />
+    <ClCompile Include="wolfcrypt\src\signature.c" />
+    <ClCompile Include="wolfcrypt\src\sphincs.c" />
+    <ClCompile Include="wolfcrypt\src\sp_c32.c" />
+    <ClCompile Include="wolfcrypt\src\sp_c64.c" />
+    <ClCompile Include="wolfcrypt\src\sp_int.c" />
+    <ClCompile Include="wolfcrypt\src\sp_x86_64.c" />
+    <ClCompile Include="wolfcrypt\src\srp.c" />
+    <ClCompile Include="wolfcrypt\src\tfm.c" />
+    <ClCompile Include="wolfcrypt\src\wc_encrypt.c" />
+    <ClCompile Include="wolfcrypt\src\wc_pkcs11.c" />
+    <ClCompile Include="wolfcrypt\src\wc_port.c" />
+    <ClCompile Include="wolfcrypt\src\wolfmath.c" />
+    <ClCompile Include="wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="wolfcrypt\src\port\liboqs\liboqs.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="resource.h" />
+    <CustomBuild Include="wolfcrypt\src\aes_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\aes_gcm_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\aes_xts_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\chacha_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\poly1305_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="wolfcrypt\src\sp_x86_64_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <ClInclude Include="IDE\WIN\user_settings.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="wolfssl.rc">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
+    </ResourceCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/wolfssl.rc b/wolfssl.rc
index fde2703de..b9d1537e2 100644
Binary files a/wolfssl.rc and b/wolfssl.rc differ
diff --git a/wolfssl.vcproj b/wolfssl.vcproj
index 8f07d8bf1..02554722d 100644
--- a/wolfssl.vcproj
+++ b/wolfssl.vcproj
@@ -264,7 +264,7 @@
 				>
 			</File>
 			<File
-				RelativePath=".\wolfcrypt\src\ext_kyber.c"
+				RelativePath=".\wolfcrypt\src\ext_mlkem.c"
 				>
 			</File>
 			<File
@@ -300,11 +300,11 @@
 				>
 			</File>
 			<File
-				RelativePath=".\wolfcrypt\src\wc_kyber.c"
+				RelativePath=".\wolfcrypt\src\wc_mlkem.c"
 				>
 			</File>
 			<File
-				RelativePath=".\wolfcrypt\src\wc_kyber_poly.c"
+				RelativePath=".\wolfcrypt\src\wc_mlkem_poly.c"
 				>
 			</File>
 			<File
diff --git a/wolfssl.vcxproj b/wolfssl.vcxproj
index 58025da78..01f2a8f3a 100644
--- a/wolfssl.vcxproj
+++ b/wolfssl.vcxproj
@@ -9,6 +9,10 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Debug|Win32">
       <Configuration>DLL Debug</Configuration>
       <Platform>Win32</Platform>
@@ -17,6 +21,10 @@
       <Configuration>DLL Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|ARM64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="DLL Release|Win32">
       <Configuration>DLL Release</Configuration>
       <Platform>Win32</Platform>
@@ -25,6 +33,10 @@
       <Configuration>DLL Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|ARM64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -33,6 +45,10 @@
       <Configuration>Release</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{73973223-5EE8-41CA-8E88-1D60E89A237B}</ProjectGuid>
@@ -63,6 +79,18 @@
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
@@ -83,6 +111,16 @@
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -120,6 +158,10 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -128,6 +170,10 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -136,6 +182,10 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
@@ -144,6 +194,10 @@
     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
     <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -211,6 +265,39 @@
       <OptimizeReferences>false</OptimizeReferences>
       <GenerateDebugInformation>true</GenerateDebugInformation>
     </Link>
+  </ItemDefinitionGroup>
+    <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|ARM64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
@@ -274,6 +361,38 @@
       <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <GenerateDebugInformation>true</GenerateDebugInformation>
     </Link>
+  </ItemDefinitionGroup>
+    <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|ARM64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;./IDE/WIN;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="src\crl.c" />
@@ -308,7 +427,7 @@
     <ClCompile Include="wolfcrypt\src\ed25519.c" />
     <ClCompile Include="wolfcrypt\src\ed448.c" />
     <ClCompile Include="wolfcrypt\src\error.c" />
-    <ClCompile Include="wolfcrypt\src\ext_kyber.c" />
+    <ClCompile Include="wolfcrypt\src\ext_mlkem.c" />
     <ClCompile Include="wolfcrypt\src\falcon.c" />
     <ClCompile Include="wolfcrypt\src\fe_448.c" />
     <ClCompile Include="wolfcrypt\src\fe_low_mem.c" />
@@ -320,8 +439,8 @@
     <ClCompile Include="wolfcrypt\src\hmac.c" />
     <ClCompile Include="wolfcrypt\src\integer.c" />
     <ClCompile Include="wolfcrypt\src\kdf.c" />
-    <ClCompile Include="wolfcrypt\src\wc_kyber.c" />
-    <ClCompile Include="wolfcrypt\src\wc_kyber_poly.c" />
+    <ClCompile Include="wolfcrypt\src\wc_mlkem.c" />
+    <ClCompile Include="wolfcrypt\src\wc_mlkem_poly.c" />
     <ClCompile Include="wolfcrypt\src\logging.c" />
     <ClCompile Include="wolfcrypt\src\md2.c" />
     <ClCompile Include="wolfcrypt\src\md4.c" />
@@ -448,6 +567,8 @@
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
     </ResourceCompile>
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
diff --git a/wolfssl/callbacks.h b/wolfssl/callbacks.h
index 1010eca9e..a75e48372 100644
--- a/wolfssl/callbacks.h
+++ b/wolfssl/callbacks.h
@@ -1,6 +1,6 @@
 /* callbacks.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,7 +36,7 @@ enum { /* CALLBACK CONSTANTS */
     MAX_CIPHERNAME_SZ     =  24,
     MAX_TIMEOUT_NAME_SZ   =  24,
     MAX_PACKETS_HANDSHAKE =  14,       /* 12 for client auth plus 2 alerts */
-    MAX_VALUE_SZ          = 128,       /* all handshake packets but Cert should
+    MAX_VALUE_SZ          = 128        /* all handshake packets but Cert should
                                           fit here  */
 };
 
diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h
index 013b37494..37e8da844 100644
--- a/wolfssl/certs_test.h
+++ b/wolfssl/certs_test.h
@@ -100,9 +100,9 @@ static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024);
 static const unsigned char client_cert_der_1024[] =
 {
         0x30, 0x82, 0x04, 0x18, 0x30, 0x82, 0x03, 0x81, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x59, 0xF2, 0xEA, 0x44, 0x08,
-        0xB5, 0x12, 0x30, 0xA0, 0x96, 0x93, 0xD1, 0xD1, 0x7F, 0xE1,
-        0xEC, 0x49, 0x75, 0x9B, 0xA2, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x09, 0x1D, 0x03, 0x41, 0x8B,
+        0x92, 0xBD, 0x2A, 0x2A, 0x1C, 0x77, 0xE0, 0x13, 0xA8, 0x3D,
+        0xF0, 0x33, 0xDA, 0x7F, 0x72, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -120,10 +120,10 @@ static const unsigned char client_cert_der_1024[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
         0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
@@ -180,8 +180,8 @@ static const unsigned char client_cert_der_1024[] =
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
         0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
         0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14,
-        0x59, 0xF2, 0xEA, 0x44, 0x08, 0xB5, 0x12, 0x30, 0xA0, 0x96,
-        0x93, 0xD1, 0xD1, 0x7F, 0xE1, 0xEC, 0x49, 0x75, 0x9B, 0xA2,
+        0x09, 0x1D, 0x03, 0x41, 0x8B, 0x92, 0xBD, 0x2A, 0x2A, 0x1C,
+        0x77, 0xE0, 0x13, 0xA8, 0x3D, 0xF0, 0x33, 0xDA, 0x7F, 0x72,
         0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30,
         0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D,
         0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61,
@@ -191,20 +191,20 @@ static const unsigned char client_cert_der_1024[] =
         0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01,
         0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
-        0x03, 0x81, 0x81, 0x00, 0x45, 0x63, 0x6F, 0xF9, 0xED, 0xF4,
-        0x12, 0x3C, 0x3C, 0xC5, 0x2C, 0x51, 0x08, 0x94, 0x61, 0x7E,
-        0x08, 0xE8, 0x32, 0x46, 0x2B, 0x22, 0x02, 0xD0, 0xE8, 0x2B,
-        0xA4, 0x23, 0x15, 0x48, 0x47, 0x87, 0x5D, 0x72, 0xAB, 0x38,
-        0xD5, 0x34, 0xB9, 0xFC, 0xF4, 0x86, 0x93, 0x49, 0x95, 0xD8,
-        0x81, 0x32, 0x1C, 0x21, 0xE3, 0xEF, 0xB8, 0x40, 0xC5, 0x87,
-        0x02, 0xE8, 0x28, 0xAA, 0x54, 0x93, 0x2D, 0x8A, 0xE9, 0x1E,
-        0xDD, 0x5D, 0x11, 0xF8, 0xBF, 0xCA, 0x4E, 0x33, 0x20, 0x56,
-        0x4E, 0x6F, 0x53, 0xBB, 0x79, 0xB0, 0xDA, 0x65, 0xA1, 0x4B,
-        0x9F, 0xC8, 0x55, 0xFA, 0x53, 0x26, 0x84, 0xC6, 0x1E, 0x0A,
-        0x5E, 0x7A, 0x6E, 0xF2, 0x2D, 0x2A, 0x81, 0xA5, 0xD0, 0x2B,
-        0xEC, 0xD5, 0x8E, 0xB9, 0xF0, 0xC7, 0x57, 0xD7, 0xD6, 0x14,
-        0x1A, 0x3B, 0xDC, 0x09, 0x41, 0xB4, 0x9D, 0x0D, 0x72, 0x20,
-        0x44, 0x79
+        0x03, 0x81, 0x81, 0x00, 0x9A, 0x1C, 0x8F, 0xC4, 0xBD, 0x54,
+        0xDA, 0x63, 0xA7, 0xF8, 0xBA, 0x39, 0xB6, 0x64, 0x60, 0x9D,
+        0xBA, 0xA5, 0xFC, 0x43, 0xF5, 0x57, 0x28, 0x31, 0x43, 0x09,
+        0x4C, 0x03, 0x4C, 0xB8, 0xC3, 0x49, 0x2B, 0x4E, 0xBF, 0xF2,
+        0x9B, 0x13, 0x4E, 0x37, 0x1E, 0xA1, 0x57, 0xC6, 0x0C, 0x7B,
+        0x2C, 0x25, 0x19, 0x37, 0x9F, 0x06, 0x53, 0xEF, 0x8D, 0xD1,
+        0xBA, 0xC0, 0x73, 0x6E, 0x7F, 0xC2, 0x0B, 0x46, 0x5F, 0x9B,
+        0x56, 0xBB, 0x59, 0x19, 0x5C, 0xC9, 0xEE, 0xEA, 0x02, 0xDA,
+        0x03, 0x2C, 0xFB, 0x29, 0xB6, 0x07, 0xDD, 0x55, 0xB7, 0xE9,
+        0xCE, 0x60, 0x47, 0xE0, 0x6B, 0x44, 0x5A, 0x61, 0x74, 0x5C,
+        0x96, 0xF6, 0x30, 0xD8, 0x1B, 0xA4, 0x15, 0x5E, 0x06, 0xC5,
+        0x73, 0x4B, 0x8A, 0x4D, 0x94, 0x23, 0x13, 0x1B, 0x3F, 0xDB,
+        0x67, 0xCA, 0xA7, 0xA6, 0x41, 0xC5, 0x28, 0x0F, 0xFD, 0x2E,
+        0x0E, 0xF0
 };
 static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024);
 
@@ -418,9 +418,9 @@ static const int sizeof_ca_key_der_1024 = sizeof(ca_key_der_1024);
 static const unsigned char ca_cert_der_1024[] =
 {
         0x30, 0x82, 0x04, 0x09, 0x30, 0x82, 0x03, 0x72, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x5C, 0x44, 0x2B, 0xBF, 0xD3,
-        0xA8, 0x2A, 0xD8, 0xFD, 0x54, 0xC9, 0xCD, 0xAA, 0x7F, 0xF7,
-        0xD4, 0x59, 0x07, 0xAA, 0xDD, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x59, 0x52, 0x6B, 0x92, 0x1A,
+        0x25, 0x8F, 0x1B, 0xEE, 0x4C, 0x51, 0x9C, 0x47, 0x2F, 0xFF,
+        0xFF, 0x9D, 0x43, 0x29, 0x47, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -438,9 +438,9 @@ static const unsigned char ca_cert_der_1024[] =
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
         0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
         0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D,
-        0x32, 0x33, 0x31, 0x32, 0x31, 0x33, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x39, 0x30,
-        0x38, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x30, 0x81,
+        0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x37, 0x30, 0x39, 0x31,
+        0x34, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x30, 0x81,
         0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
         0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
         0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
@@ -496,9 +496,9 @@ static const unsigned char ca_cert_der_1024[] =
         0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
         0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
         0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
-        0x63, 0x6F, 0x6D, 0x82, 0x14, 0x5C, 0x44, 0x2B, 0xBF, 0xD3,
-        0xA8, 0x2A, 0xD8, 0xFD, 0x54, 0xC9, 0xCD, 0xAA, 0x7F, 0xF7,
-        0xD4, 0x59, 0x07, 0xAA, 0xDD, 0x30, 0x0C, 0x06, 0x03, 0x55,
+        0x63, 0x6F, 0x6D, 0x82, 0x14, 0x59, 0x52, 0x6B, 0x92, 0x1A,
+        0x25, 0x8F, 0x1B, 0xEE, 0x4C, 0x51, 0x9C, 0x47, 0x2F, 0xFF,
+        0xFF, 0x9D, 0x43, 0x29, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55,
         0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
         0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13,
         0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E,
@@ -507,20 +507,20 @@ static const unsigned char ca_cert_der_1024[] =
         0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
         0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
         0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
-        0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x70,
-        0x7D, 0x83, 0x94, 0xD0, 0xEE, 0xE1, 0x19, 0x8B, 0x17, 0xCA,
-        0x79, 0x87, 0x12, 0x5B, 0x7F, 0x70, 0xA3, 0x51, 0x20, 0x4F,
-        0x21, 0x99, 0x71, 0x69, 0x21, 0x28, 0x55, 0x61, 0x70, 0x85,
-        0x54, 0x21, 0xA9, 0x70, 0xA2, 0xA9, 0x12, 0xDB, 0x44, 0x11,
-        0x44, 0xE7, 0x41, 0x00, 0x70, 0x80, 0xB5, 0x37, 0x0C, 0x7E,
-        0x78, 0x8F, 0x88, 0x64, 0xBC, 0xE5, 0xC0, 0x44, 0xA7, 0xA5,
-        0x3D, 0xDB, 0x62, 0xC4, 0xD6, 0xCD, 0xAA, 0x4B, 0xAC, 0xFB,
-        0x01, 0x46, 0xBB, 0xEC, 0xCB, 0x6F, 0x01, 0x67, 0xB4, 0x65,
-        0xF3, 0x5E, 0x53, 0x39, 0x64, 0x99, 0x9B, 0x68, 0x80, 0x14,
-        0x91, 0xA4, 0xA4, 0xEB, 0x04, 0xF3, 0x76, 0x9A, 0x7D, 0xB4,
-        0x38, 0x05, 0x9C, 0xA5, 0xE0, 0xBC, 0x7E, 0xD9, 0xD2, 0xD3,
-        0xD4, 0xE8, 0xC3, 0x9F, 0x38, 0x4B, 0x6C, 0x29, 0x94, 0xBE,
-        0x35, 0xBD, 0x30, 0x1F, 0xB5, 0xB7, 0x3D
+        0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x09,
+        0xC6, 0xDA, 0xFE, 0x2A, 0x45, 0x83, 0x9E, 0x8B, 0x66, 0xCF,
+        0x63, 0x1F, 0x11, 0xCB, 0xD9, 0xB4, 0xEB, 0xB0, 0x97, 0x3D,
+        0x33, 0xD4, 0xB9, 0x27, 0x56, 0x46, 0x14, 0x3C, 0xFE, 0x2B,
+        0xB2, 0x36, 0x6E, 0x38, 0x7F, 0x08, 0xF5, 0x37, 0x3C, 0xF2,
+        0xA2, 0x6A, 0x8A, 0xC7, 0xA0, 0xBE, 0x0F, 0xAC, 0xDD, 0xF4,
+        0xF0, 0x97, 0xB3, 0x03, 0xA6, 0x70, 0x48, 0x44, 0xFC, 0xEF,
+        0xEF, 0x7A, 0xC6, 0x1A, 0x8D, 0x3F, 0x19, 0xF6, 0x71, 0x92,
+        0x7E, 0x3A, 0x00, 0x95, 0xF2, 0xB6, 0x57, 0x40, 0x77, 0xC2,
+        0x80, 0x4E, 0x61, 0xF2, 0x71, 0x56, 0x22, 0xA0, 0x1E, 0xA9,
+        0xDD, 0x5C, 0x54, 0x80, 0xAD, 0xE4, 0x27, 0xF2, 0x17, 0x20,
+        0x9B, 0x5B, 0x89, 0x30, 0x6E, 0x6A, 0x31, 0x2A, 0x4E, 0x43,
+        0x52, 0xF8, 0x8A, 0x51, 0xB7, 0xED, 0x3A, 0xAA, 0x78, 0x41,
+        0x90, 0x95, 0xE8, 0x40, 0x2E, 0x66, 0xFC
 };
 static const int sizeof_ca_cert_der_1024 = sizeof(ca_cert_der_1024);
 
@@ -613,9 +613,9 @@ static const unsigned char server_cert_der_1024[] =
         0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
         0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
         0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17,
-        0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, 0x33, 0x32, 0x32, 0x31,
-        0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x39,
-        0x30, 0x38, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x30,
+        0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32,
+        0x35, 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x37, 0x30, 0x39,
+        0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x30,
         0x81, 0x95, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
         0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
         0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
@@ -671,9 +671,9 @@ static const unsigned char server_cert_der_1024[] =
         0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
         0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
         0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
-        0x82, 0x14, 0x5C, 0x44, 0x2B, 0xBF, 0xD3, 0xA8, 0x2A, 0xD8,
-        0xFD, 0x54, 0xC9, 0xCD, 0xAA, 0x7F, 0xF7, 0xD4, 0x59, 0x07,
-        0xAA, 0xDD, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
+        0x82, 0x14, 0x59, 0x52, 0x6B, 0x92, 0x1A, 0x25, 0x8F, 0x1B,
+        0xEE, 0x4C, 0x51, 0x9C, 0x47, 0x2F, 0xFF, 0xFF, 0x9D, 0x43,
+        0x29, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
         0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03,
         0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65,
         0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D,
@@ -682,20 +682,20 @@ static const unsigned char server_cert_der_1024[] =
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B,
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06,
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
-        0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x35, 0x2E, 0x7B, 0x57,
-        0x7B, 0x64, 0x70, 0x53, 0xE0, 0x81, 0xED, 0xF4, 0xAC, 0xB3,
-        0x3A, 0x3B, 0xBA, 0x82, 0x8D, 0xA2, 0x31, 0xD9, 0xD4, 0xAC,
-        0xD1, 0x8A, 0x6D, 0x35, 0x41, 0x15, 0xB3, 0xE8, 0x06, 0x91,
-        0xCA, 0x2A, 0xF7, 0xFF, 0x28, 0x0E, 0x3D, 0xCD, 0xE7, 0x28,
-        0xF0, 0x07, 0xC0, 0x78, 0x62, 0x9E, 0x88, 0x3D, 0xDC, 0x98,
-        0xF0, 0x8C, 0x89, 0xA7, 0x1C, 0x5B, 0x77, 0x37, 0xB2, 0x55,
-        0x38, 0xB2, 0x60, 0x42, 0xE8, 0x02, 0x81, 0xBF, 0x7C, 0xC3,
-        0x54, 0x86, 0x7E, 0xE4, 0x2F, 0x7D, 0x74, 0x74, 0x27, 0xF7,
-        0x9A, 0xE2, 0x8D, 0xA9, 0x2F, 0x7C, 0x82, 0x31, 0x41, 0xF1,
-        0xCB, 0x48, 0xA0, 0x05, 0x00, 0x26, 0x3D, 0xA4, 0x6B, 0x27,
-        0x43, 0x4C, 0x3F, 0x6F, 0x2F, 0x41, 0x2E, 0xEE, 0xBA, 0x0D,
-        0x8F, 0x39, 0x42, 0x0D, 0x2D, 0x76, 0x00, 0x12, 0x4C, 0xF9,
-        0x49, 0x2D, 0x7F, 0xED
+        0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x94, 0x67, 0x03, 0x63,
+        0x2A, 0x3E, 0xE4, 0x56, 0xA5, 0x9F, 0x84, 0x89, 0x68, 0x8C,
+        0xED, 0xEF, 0xA4, 0xFE, 0x1F, 0xDC, 0x03, 0x04, 0x1E, 0xD0,
+        0x87, 0x90, 0x14, 0x7C, 0x82, 0x3F, 0x36, 0xA8, 0x7C, 0x14,
+        0x64, 0xAB, 0x88, 0xD4, 0x9D, 0x81, 0xE8, 0xF6, 0xA7, 0xEC,
+        0x12, 0x51, 0xEA, 0x25, 0xFD, 0xA4, 0xD1, 0x9C, 0x9B, 0x71,
+        0x3D, 0xC8, 0xD0, 0xB3, 0xD2, 0x6D, 0xEB, 0x56, 0x11, 0x66,
+        0x05, 0x4E, 0x92, 0x27, 0x0A, 0x76, 0x8C, 0x3A, 0x8B, 0xBD,
+        0xE2, 0x46, 0xF5, 0x7B, 0x8E, 0xFF, 0x03, 0xF3, 0x89, 0x92,
+        0xDC, 0x9B, 0x46, 0x79, 0xF4, 0xB8, 0x95, 0x7D, 0xB6, 0x29,
+        0x79, 0xF3, 0x55, 0xC8, 0x70, 0xDE, 0xF7, 0x9F, 0x59, 0xE1,
+        0xE2, 0x8D, 0xA7, 0x73, 0x1F, 0x97, 0x1C, 0x52, 0x64, 0x48,
+        0x77, 0xCF, 0x6D, 0xA0, 0x27, 0xAD, 0xC0, 0x16, 0x56, 0x55,
+        0x46, 0xB2, 0xBF, 0xF1
 };
 static const int sizeof_server_cert_der_1024 = sizeof(server_cert_der_1024);
 
@@ -869,9 +869,9 @@ static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048);
 static const unsigned char client_cert_der_2048[] =
 {
         0x30, 0x82, 0x05, 0x1D, 0x30, 0x82, 0x04, 0x05, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03,
-        0x5A, 0xEC, 0x55, 0x8A, 0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6,
-        0x13, 0xD9, 0x59, 0xB8, 0xE8, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x4F, 0x0D, 0x8C, 0xC5, 0xFA,
+        0xEE, 0xA2, 0x9B, 0xB7, 0x35, 0x9E, 0xE9, 0x4A, 0x17, 0x99,
+        0xF0, 0xCC, 0x23, 0xF2, 0xEC, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -889,10 +889,10 @@ static const unsigned char client_cert_der_2048[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
         0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
@@ -962,9 +962,9 @@ static const unsigned char client_cert_der_2048[] =
         0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
         0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
         0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
-        0x82, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03, 0x5A, 0xEC, 0x55,
-        0x8A, 0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6, 0x13, 0xD9, 0x59,
-        0xB8, 0xE8, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
+        0x82, 0x14, 0x4F, 0x0D, 0x8C, 0xC5, 0xFA, 0xEE, 0xA2, 0x9B,
+        0xB7, 0x35, 0x9E, 0xE9, 0x4A, 0x17, 0x99, 0xF0, 0xCC, 0x23,
+        0xF2, 0xEC, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
         0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03,
         0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65,
         0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D,
@@ -973,33 +973,33 @@ static const unsigned char client_cert_der_2048[] =
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B,
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06,
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
-        0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x89, 0x84, 0xEB,
-        0x6A, 0x70, 0x3B, 0x2A, 0x6E, 0xA8, 0x8B, 0xF2, 0x92, 0x79,
-        0x97, 0x5C, 0xBD, 0x98, 0x8B, 0x71, 0xDB, 0xDB, 0x7C, 0xDF,
-        0xDB, 0xA4, 0x2C, 0x59, 0xD3, 0xA6, 0x75, 0x41, 0xC2, 0x06,
-        0xB6, 0x17, 0x1E, 0x0C, 0x1F, 0x7D, 0x0B, 0x7F, 0x58, 0x3E,
-        0xC1, 0xE7, 0x0C, 0xF0, 0x62, 0x92, 0x77, 0xAB, 0x99, 0x79,
-        0x7B, 0x85, 0xF4, 0xD9, 0x6C, 0xD0, 0x0E, 0xE5, 0x8B, 0x13,
-        0x35, 0x65, 0x9E, 0xD7, 0x9A, 0x51, 0x98, 0xE4, 0x49, 0x44,
-        0x51, 0xC8, 0xE3, 0xE0, 0x9A, 0xFF, 0xC2, 0xCB, 0x3D, 0x81,
-        0xEB, 0xEE, 0xF4, 0x1A, 0xD1, 0x96, 0x4B, 0xE9, 0x7D, 0xDE,
-        0x5B, 0xF2, 0x64, 0x40, 0xAD, 0xE1, 0xD9, 0xD6, 0xB7, 0xE1,
-        0xEB, 0xA9, 0x3A, 0x52, 0x29, 0x89, 0xAA, 0x07, 0x37, 0x96,
-        0x44, 0xE3, 0x23, 0x49, 0xF3, 0xBE, 0xF3, 0x0D, 0x70, 0xD1,
-        0xA2, 0xCE, 0x78, 0x86, 0x22, 0xFC, 0x76, 0x00, 0x84, 0x1D,
-        0xFA, 0x8B, 0x8A, 0xD2, 0x43, 0x93, 0x88, 0xFA, 0xEE, 0x22,
-        0xCC, 0xA6, 0x86, 0xF5, 0x3F, 0x24, 0xF1, 0xD4, 0x70, 0x05,
-        0x4F, 0x3B, 0x18, 0x32, 0x50, 0x67, 0xC1, 0x80, 0x77, 0x0D,
-        0x3C, 0x78, 0x75, 0x35, 0xD0, 0xFD, 0x60, 0xF3, 0xED, 0xA1,
-        0x30, 0xD0, 0x62, 0x25, 0x99, 0x6B, 0x80, 0x56, 0x17, 0x3D,
-        0xB4, 0xAF, 0x1D, 0xDF, 0xAB, 0x48, 0x21, 0xC1, 0xD2, 0x0B,
-        0x6B, 0x94, 0xA7, 0x33, 0xD1, 0xD0, 0x82, 0xB7, 0x3B, 0x92,
-        0xEB, 0x9D, 0xD6, 0x6C, 0x32, 0x81, 0x5E, 0x07, 0x3C, 0x46,
-        0x34, 0x32, 0x7B, 0xEA, 0x22, 0xDB, 0xA6, 0xA3, 0x18, 0x69,
-        0x7C, 0xAD, 0x17, 0xE4, 0xC8, 0xA9, 0x8F, 0xA8, 0xBA, 0x67,
-        0xAF, 0x99, 0x39, 0xEF, 0x6E, 0x0C, 0xF8, 0xA9, 0xB3, 0xBD,
-        0xAB, 0x71, 0x94, 0xE0, 0x41, 0xAA, 0xA4, 0x2D, 0x72, 0x60,
-        0x51, 0xD1, 0x5C
+        0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x46, 0xAB, 0xE4,
+        0x6D, 0xAE, 0x49, 0x5B, 0x6A, 0x0B, 0xA9, 0x87, 0xE1, 0x95,
+        0x32, 0xA6, 0xD7, 0xAE, 0xDE, 0x28, 0xDC, 0xC7, 0x99, 0x68,
+        0xE2, 0x5F, 0xC9, 0x5A, 0x4C, 0x64, 0xB8, 0xF5, 0x28, 0x42,
+        0x5A, 0xE8, 0x5C, 0x59, 0x32, 0xFE, 0xD0, 0x1F, 0x0B, 0x55,
+        0x89, 0xDB, 0x67, 0xE7, 0x78, 0xF3, 0x70, 0xCF, 0x18, 0x51,
+        0x57, 0x8B, 0xF3, 0x2B, 0xA4, 0x66, 0x0B, 0xF6, 0x03, 0x6E,
+        0x11, 0xAC, 0x83, 0x52, 0x16, 0x7E, 0xA2, 0x7C, 0x36, 0x77,
+        0xF6, 0xBB, 0x13, 0x19, 0x40, 0x2C, 0xB8, 0x8C, 0xCA, 0xD6,
+        0x7E, 0x79, 0x7D, 0xF4, 0x14, 0x8D, 0xB5, 0xA4, 0x09, 0xF6,
+        0x2D, 0x4C, 0xE7, 0xF9, 0xB8, 0x25, 0x41, 0x15, 0x78, 0xF4,
+        0xCA, 0x80, 0x41, 0xEA, 0x3A, 0x05, 0x08, 0xF6, 0xB5, 0x5B,
+        0xA1, 0x3B, 0x5B, 0x48, 0xA8, 0x4B, 0x8C, 0x19, 0x8D, 0x6C,
+        0x87, 0x31, 0x76, 0x74, 0x02, 0x16, 0x8B, 0xDD, 0x7F, 0xD1,
+        0x11, 0x62, 0x27, 0x42, 0x39, 0xE0, 0x9A, 0x63, 0x26, 0x31,
+        0x19, 0xCE, 0x3D, 0x41, 0xD5, 0x24, 0x47, 0x32, 0x0F, 0x76,
+        0xD6, 0x41, 0x37, 0x44, 0xAD, 0x73, 0xF1, 0xB8, 0xEC, 0x2B,
+        0x6E, 0x9C, 0x4F, 0x84, 0xC4, 0x4E, 0xD7, 0x92, 0x10, 0x7E,
+        0x23, 0x32, 0xA0, 0x75, 0x6A, 0xE7, 0xFE, 0x55, 0x95, 0x9F,
+        0x0A, 0xAD, 0xDF, 0xF9, 0x2A, 0xA2, 0x1A, 0x59, 0xD5, 0x82,
+        0x63, 0xD6, 0x5D, 0x7D, 0x79, 0xF4, 0xA7, 0x2D, 0xDC, 0x8C,
+        0x04, 0xCD, 0x98, 0xB0, 0x42, 0x0E, 0x84, 0xFA, 0x86, 0x50,
+        0x10, 0x61, 0xAC, 0x73, 0xCD, 0x79, 0x45, 0x30, 0xE8, 0x42,
+        0xA1, 0x6A, 0xF6, 0x77, 0x55, 0xEC, 0x07, 0xDB, 0x52, 0x29,
+        0xCA, 0x7A, 0xC8, 0xA2, 0xDA, 0xE9, 0xF5, 0x98, 0x33, 0x6A,
+        0xE8, 0xBC, 0x89, 0xED, 0x01, 0xE2, 0xFE, 0x44, 0x86, 0x86,
+        0x80, 0x39, 0xEC
 };
 static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048);
 
@@ -1636,9 +1636,9 @@ static const int sizeof_ca_key_der_2048 = sizeof(ca_key_der_2048);
 static const unsigned char ca_cert_der_2048[] =
 {
         0x30, 0x82, 0x04, 0xFF, 0x30, 0x82, 0x03, 0xE7, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x33, 0x44, 0x1A, 0xA8, 0x6C,
-        0x01, 0xEC, 0xF6, 0x60, 0xF2, 0x70, 0x51, 0x0A, 0x4C, 0xD1,
-        0x14, 0xFA, 0xBC, 0xE9, 0x44, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x6B, 0x9B, 0x70, 0xC6, 0xF1,
+        0xA3, 0x94, 0x65, 0x19, 0xA1, 0x08, 0x58, 0xEF, 0xA7, 0x8D,
+        0x2B, 0x7A, 0x83, 0xC1, 0xDA, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -1655,10 +1655,10 @@ static const unsigned char ca_cert_der_2048[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
         0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
@@ -1726,9 +1726,9 @@ static const unsigned char ca_cert_der_2048[] =
         0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
         0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
         0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
-        0x82, 0x14, 0x33, 0x44, 0x1A, 0xA8, 0x6C, 0x01, 0xEC, 0xF6,
-        0x60, 0xF2, 0x70, 0x51, 0x0A, 0x4C, 0xD1, 0x14, 0xFA, 0xBC,
-        0xE9, 0x44, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
+        0x82, 0x14, 0x6B, 0x9B, 0x70, 0xC6, 0xF1, 0xA3, 0x94, 0x65,
+        0x19, 0xA1, 0x08, 0x58, 0xEF, 0xA7, 0x8D, 0x2B, 0x7A, 0x83,
+        0xC1, 0xDA, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
         0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03,
         0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65,
         0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D,
@@ -1737,33 +1737,33 @@ static const unsigned char ca_cert_der_2048[] =
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B,
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06,
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
-        0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2D, 0xFC, 0xF9,
-        0x32, 0x5A, 0xBE, 0xD6, 0x9D, 0x42, 0x8B, 0x86, 0x4E, 0x67,
-        0x22, 0xC3, 0x50, 0x2D, 0xCB, 0x14, 0x27, 0x1D, 0x94, 0xF3,
-        0xCD, 0x88, 0x42, 0xDA, 0x41, 0x1C, 0x39, 0x24, 0x67, 0xA7,
-        0x92, 0x4D, 0x27, 0xEA, 0x56, 0x82, 0x19, 0xBF, 0x11, 0xB2,
-        0x43, 0xA4, 0x8D, 0x5D, 0x87, 0xB2, 0x27, 0x64, 0x66, 0x82,
-        0x81, 0xDF, 0xC4, 0xFD, 0x5B, 0x62, 0xB0, 0xC2, 0x4D, 0x9D,
-        0x29, 0xF2, 0x41, 0x32, 0xCC, 0x2E, 0xB5, 0xDA, 0x38, 0x06,
-        0x1B, 0xE8, 0x7F, 0x8C, 0x6E, 0x3D, 0x80, 0x1E, 0x00, 0x56,
-        0x49, 0xBF, 0x39, 0xE0, 0xDA, 0x68, 0x2F, 0xC4, 0xFD, 0x00,
-        0xE6, 0xD1, 0x81, 0x1A, 0xD1, 0x4A, 0xBB, 0x76, 0x52, 0xCE,
-        0x4D, 0x24, 0x9D, 0xC4, 0xA3, 0xA7, 0xF1, 0x65, 0x14, 0x2F,
-        0x1F, 0xA8, 0x2D, 0xC6, 0xCB, 0xCE, 0xB1, 0xA7, 0x89, 0x74,
-        0x26, 0x27, 0xC3, 0xF3, 0xA3, 0x84, 0x4C, 0x34, 0x01, 0x14,
-        0x03, 0x7D, 0x16, 0x3A, 0xC8, 0x8B, 0x25, 0x2E, 0x7B, 0x90,
-        0xCC, 0x46, 0xB1, 0x52, 0x34, 0xBA, 0x93, 0x6E, 0xEF, 0xFE,
-        0x43, 0xA3, 0xAD, 0xC6, 0x6F, 0x51, 0xFB, 0xBA, 0xEA, 0x38,
-        0xE3, 0x6F, 0xD6, 0xEE, 0x63, 0x62, 0x36, 0xEA, 0x5E, 0x08,
-        0xB4, 0xE2, 0x2A, 0x46, 0x89, 0xE3, 0xAE, 0xB3, 0xB4, 0x06,
-        0xEF, 0x63, 0x7A, 0x6E, 0x5D, 0xDD, 0xC9, 0xEC, 0x02, 0x4F,
-        0xF7, 0x64, 0xC0, 0x27, 0x07, 0xB4, 0x6F, 0x4A, 0x18, 0x72,
-        0x5B, 0x34, 0x74, 0x7C, 0xD0, 0xA9, 0x04, 0x8F, 0x40, 0x8B,
-        0x6A, 0x39, 0xD2, 0x6B, 0x1A, 0x01, 0xF2, 0x01, 0xA8, 0x81,
-        0x34, 0x3A, 0xE5, 0xB0, 0x55, 0xD1, 0x3C, 0x95, 0xCA, 0xB0,
-        0x82, 0xD6, 0xED, 0x98, 0x28, 0x15, 0x59, 0x7E, 0x95, 0xA7,
-        0x69, 0xC7, 0xB5, 0x7B, 0xEC, 0x01, 0xA7, 0x4D, 0xE6, 0xB9,
-        0xA2, 0xFE, 0x35
+        0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x77, 0x3B, 0x3D,
+        0x66, 0x74, 0xBC, 0x97, 0xFE, 0x40, 0x16, 0xE6, 0xBA, 0xA5,
+        0xD5, 0xD1, 0x84, 0x08, 0x89, 0x69, 0x4F, 0x88, 0x0D, 0x57,
+        0xA9, 0xEF, 0x8C, 0xC3, 0x97, 0x52, 0xC8, 0xBD, 0x8B, 0xA2,
+        0x49, 0x3B, 0xB7, 0xF7, 0x5D, 0x1E, 0xD6, 0x14, 0x7F, 0xB2,
+        0x80, 0x33, 0xDA, 0xA0, 0x8A, 0xD3, 0xE1, 0x2F, 0xD5, 0xBC,
+        0x33, 0x9F, 0xEA, 0x5A, 0x72, 0x24, 0xE5, 0xF8, 0xB8, 0x4B,
+        0xB3, 0xDF, 0x62, 0x90, 0x3B, 0xA8, 0x21, 0xEF, 0x27, 0x42,
+        0x75, 0xBC, 0x60, 0x02, 0x8E, 0x37, 0x35, 0x99, 0xEB, 0xA3,
+        0x28, 0xF2, 0x65, 0x4C, 0xFF, 0x7A, 0xF8, 0x8E, 0xCC, 0x23,
+        0x6D, 0xE5, 0x6A, 0xFE, 0x22, 0x5A, 0xD9, 0xB2, 0x4F, 0x47,
+        0xC7, 0xE0, 0xAE, 0x98, 0xEF, 0x94, 0xAC, 0xB6, 0x4F, 0x61,
+        0x81, 0x29, 0x8E, 0xE1, 0x79, 0x2C, 0x46, 0xFC, 0xE9, 0x1A,
+        0xC3, 0x96, 0x1F, 0x19, 0x93, 0x64, 0x2E, 0x9F, 0x37, 0x72,
+        0xC5, 0xE4, 0x93, 0x4E, 0x61, 0x5F, 0x38, 0x8E, 0xAE, 0xE8,
+        0x39, 0x19, 0xE6, 0x97, 0xA8, 0x91, 0xD4, 0x23, 0x7E, 0x1E,
+        0xD2, 0xD0, 0x53, 0xEC, 0xCC, 0xAC, 0xA0, 0x1D, 0xD0, 0xB7,
+        0xDD, 0xB1, 0xB7, 0x01, 0x2E, 0x96, 0xCD, 0x85, 0x27, 0xE0,
+        0xE7, 0x47, 0xE2, 0xC1, 0xC1, 0x00, 0xF6, 0x94, 0xDF, 0x77,
+        0xE7, 0xFA, 0xC6, 0xEF, 0x8A, 0xC0, 0x7C, 0x67, 0xBC, 0xFF,
+        0xA0, 0x7C, 0x94, 0x3B, 0x7D, 0x86, 0x42, 0xAF, 0x3D, 0x83,
+        0x31, 0xEE, 0x2A, 0x3B, 0x7B, 0xF0, 0x2C, 0x9E, 0x6F, 0xE9,
+        0xC4, 0x07, 0x81, 0x24, 0xDA, 0x05, 0x70, 0x4D, 0xDD, 0x09,
+        0xAE, 0x9E, 0x72, 0xB8, 0x21, 0x0E, 0x8C, 0xB2, 0xAB, 0xAA,
+        0x4C, 0x49, 0x10, 0xF7, 0x76, 0xF9, 0xB5, 0x0D, 0x6C, 0x20,
+        0xD3, 0xDF, 0x7A, 0x06, 0x32, 0x8D, 0x29, 0x1F, 0x28, 0x1D,
+        0x8D, 0x26, 0x33
 };
 static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
 
@@ -1771,9 +1771,9 @@ static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
 static const unsigned char ca_cert_chain_der[] =
 {
         0x30, 0x82, 0x03, 0xFA, 0x30, 0x82, 0x03, 0x63, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x5D, 0x82, 0xE6, 0x32, 0x61,
-        0xE7, 0x3B, 0x5E, 0x77, 0x3D, 0xDA, 0xA6, 0xF3, 0xFC, 0x54,
-        0xB5, 0x04, 0xD4, 0x10, 0x4E, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x22, 0x3E, 0x28, 0x4D, 0xF0,
+        0xF6, 0xC5, 0x97, 0x06, 0xB3, 0xAD, 0x8A, 0x59, 0x4D, 0xA0,
+        0x87, 0x3F, 0xB3, 0xCE, 0x8C, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -1790,10 +1790,10 @@ static const unsigned char ca_cert_chain_der[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
         0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
@@ -1848,8 +1848,8 @@ static const unsigned char ca_cert_chain_der[] =
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
         0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
         0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14,
-        0x5D, 0x82, 0xE6, 0x32, 0x61, 0xE7, 0x3B, 0x5E, 0x77, 0x3D,
-        0xDA, 0xA6, 0xF3, 0xFC, 0x54, 0xB5, 0x04, 0xD4, 0x10, 0x4E,
+        0x22, 0x3E, 0x28, 0x4D, 0xF0, 0xF6, 0xC5, 0x97, 0x06, 0xB3,
+        0xAD, 0x8A, 0x59, 0x4D, 0xA0, 0x87, 0x3F, 0xB3, 0xCE, 0x8C,
         0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30,
         0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D,
         0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61,
@@ -1859,20 +1859,20 @@ static const unsigned char ca_cert_chain_der[] =
         0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01,
         0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
-        0x03, 0x81, 0x81, 0x00, 0x23, 0x19, 0xF7, 0x04, 0xB7, 0x99,
-        0x84, 0x86, 0xCE, 0x45, 0x9E, 0xA4, 0x55, 0x2D, 0x14, 0xAC,
-        0xC5, 0x1C, 0x2D, 0x2F, 0x8D, 0xD3, 0x14, 0x81, 0x91, 0x27,
-        0x1C, 0x0C, 0x3C, 0x44, 0x14, 0x8B, 0x99, 0x46, 0xF2, 0x43,
-        0xB3, 0x51, 0x33, 0x1B, 0xFA, 0x77, 0x95, 0x07, 0x5C, 0xE4,
-        0x3C, 0x11, 0x17, 0x55, 0x57, 0xBF, 0x9D, 0xF4, 0xB5, 0xD4,
-        0xAD, 0x7C, 0xB1, 0x82, 0x62, 0x77, 0xC8, 0xAA, 0x02, 0xEE,
-        0x73, 0xEE, 0x77, 0x67, 0xD5, 0xB5, 0x58, 0xD7, 0x19, 0x6F,
-        0x0F, 0xFD, 0x8B, 0xFC, 0xD4, 0x32, 0xFF, 0x86, 0x48, 0xF8,
-        0x49, 0x5B, 0xD8, 0xF1, 0xFB, 0x36, 0x28, 0x27, 0xC1, 0x7D,
-        0xDD, 0x0F, 0xFF, 0x7F, 0x95, 0x16, 0x5B, 0x85, 0xCA, 0x3E,
-        0x9B, 0xDC, 0x78, 0xB7, 0x6B, 0xB1, 0xF1, 0x75, 0xFA, 0x61,
-        0xDA, 0xCE, 0x8A, 0x4E, 0x5F, 0x90, 0x7C, 0x38, 0x9E, 0x31,
-        0x00, 0x66
+        0x03, 0x81, 0x81, 0x00, 0x4E, 0x35, 0x89, 0x4C, 0x99, 0xC8,
+        0x51, 0x46, 0x5B, 0x86, 0x21, 0xF3, 0x92, 0x13, 0x2D, 0x0E,
+        0x73, 0x78, 0x85, 0xBC, 0x81, 0xBB, 0xD1, 0x4B, 0xC3, 0x1B,
+        0x65, 0xB5, 0x39, 0x71, 0xA7, 0x04, 0x39, 0x8D, 0x57, 0x20,
+        0x02, 0xA0, 0x33, 0x8C, 0xFF, 0xD5, 0xFC, 0x2E, 0x94, 0x56,
+        0x48, 0xFC, 0x08, 0x4A, 0x37, 0x19, 0x98, 0x81, 0xAF, 0x51,
+        0x3F, 0xB7, 0x91, 0x0A, 0x86, 0x4E, 0x97, 0xE2, 0x39, 0x92,
+        0xF5, 0x3E, 0x99, 0xB2, 0x88, 0x1B, 0xAA, 0x97, 0x95, 0x77,
+        0x2E, 0xDA, 0x41, 0x11, 0xD7, 0x8F, 0x74, 0x9D, 0x34, 0xD0,
+        0x70, 0xCA, 0x37, 0xAA, 0xF7, 0xD7, 0x39, 0xD6, 0xA8, 0x48,
+        0x34, 0x06, 0x3A, 0x6A, 0xDA, 0xDE, 0x8A, 0x1D, 0x3C, 0x41,
+        0x56, 0xA3, 0x4E, 0xAE, 0x9F, 0x50, 0xB4, 0x8E, 0x10, 0x39,
+        0xD9, 0xA2, 0x38, 0xD0, 0x22, 0x04, 0xCA, 0x31, 0x1C, 0xAC,
+        0x3C, 0xF2
 };
 static const int sizeof_ca_cert_chain_der = sizeof(ca_cert_chain_der);
 
@@ -2023,10 +2023,10 @@ static const unsigned char server_cert_der_2048[] =
         0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
         0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
         0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
-        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32,
-        0x31, 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17,
-        0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31,
-        0x39, 0x32, 0x38, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30,
+        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32,
+        0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17,
+        0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32,
+        0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30,
         0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
         0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
         0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10,
@@ -2093,9 +2093,9 @@ static const unsigned char server_cert_der_2048[] =
         0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
         0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
         0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
-        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x33,
-        0x44, 0x1A, 0xA8, 0x6C, 0x01, 0xEC, 0xF6, 0x60, 0xF2, 0x70,
-        0x51, 0x0A, 0x4C, 0xD1, 0x14, 0xFA, 0xBC, 0xE9, 0x44, 0x30,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x6B,
+        0x9B, 0x70, 0xC6, 0xF1, 0xA3, 0x94, 0x65, 0x19, 0xA1, 0x08,
+        0x58, 0xEF, 0xA7, 0x8D, 0x2B, 0x7A, 0x83, 0xC1, 0xDA, 0x30,
         0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03,
         0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11,
         0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D,
@@ -2105,32 +2105,32 @@ static const unsigned char server_cert_der_2048[] =
         0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05,
         0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
         0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03,
-        0x82, 0x01, 0x01, 0x00, 0x4A, 0xFF, 0xB9, 0xE5, 0x85, 0x9B,
-        0xDA, 0x53, 0x66, 0x7F, 0x07, 0x22, 0xBF, 0xB6, 0x19, 0xEA,
-        0x42, 0xEB, 0xA4, 0x11, 0x07, 0x62, 0xFF, 0x39, 0x5F, 0x33,
-        0x37, 0x3A, 0x87, 0x26, 0x71, 0x3D, 0x13, 0xB2, 0xCA, 0xB8,
-        0x64, 0x38, 0x7B, 0x8A, 0x99, 0x48, 0x0E, 0xA5, 0xA4, 0x6B,
-        0xB1, 0x99, 0x6E, 0xE0, 0x46, 0x51, 0xBD, 0x19, 0x52, 0xAD,
-        0xBC, 0xA6, 0x7E, 0x2A, 0x7A, 0x7C, 0x23, 0xA7, 0xCC, 0xDB,
-        0x5E, 0x43, 0x7D, 0x6B, 0x04, 0xC8, 0xB7, 0xDD, 0x95, 0xAD,
-        0xF0, 0x91, 0x80, 0x59, 0xC5, 0x19, 0x91, 0x26, 0x27, 0x91,
-        0xB8, 0x48, 0x1C, 0xEB, 0x55, 0xB6, 0xAA, 0x7D, 0xA4, 0x38,
-        0xF1, 0x03, 0xBC, 0x6C, 0x8B, 0xAA, 0x94, 0xD6, 0x3C, 0x05,
-        0x7A, 0x96, 0xC5, 0x06, 0xF1, 0x26, 0x14, 0x2E, 0x75, 0xFB,
-        0xDD, 0xE5, 0x35, 0xB3, 0x01, 0x2C, 0xB3, 0xAD, 0x62, 0x5A,
-        0x21, 0x9A, 0x08, 0xBE, 0x56, 0xFC, 0xF9, 0xA2, 0x42, 0x87,
-        0x86, 0xE5, 0xA9, 0xC5, 0x99, 0xCF, 0xAE, 0x14, 0xBE, 0xE0,
-        0xB9, 0x08, 0x24, 0x0D, 0x1D, 0x5C, 0xD6, 0x14, 0xE1, 0x4C,
-        0x9F, 0x40, 0xB3, 0xA9, 0xE9, 0x2D, 0x52, 0x8B, 0x4C, 0xBF,
-        0xAC, 0x44, 0x31, 0x67, 0xC1, 0x8D, 0x06, 0x85, 0xEC, 0x0F,
-        0xE4, 0x99, 0xD7, 0x4B, 0x7B, 0x21, 0x06, 0x66, 0xD4, 0xE4,
-        0xF5, 0x9D, 0xFF, 0x8E, 0xF0, 0x86, 0x39, 0x58, 0x1D, 0xA4,
-        0x5B, 0xE2, 0x63, 0xEF, 0x7C, 0xC9, 0x18, 0x87, 0xA8, 0x02,
-        0x25, 0x10, 0x3E, 0x87, 0x28, 0xF9, 0xF5, 0xEF, 0x47, 0x9E,
-        0xA5, 0x80, 0x08, 0x11, 0x90, 0x68, 0xFE, 0xD1, 0xA3, 0xA8,
-        0x51, 0xB9, 0x37, 0xFF, 0xD5, 0xCA, 0x7C, 0x87, 0x7F, 0x6B,
-        0xBC, 0x2C, 0x12, 0xC8, 0xC5, 0x85, 0x8B, 0xFC, 0x0C, 0xC6,
-        0xB9, 0x86, 0xB8, 0xC9, 0x04, 0xC3, 0x51, 0x37, 0xD2, 0x4F
+        0x82, 0x01, 0x01, 0x00, 0x8A, 0xF1, 0x4E, 0xE8, 0x9F, 0x59,
+        0xB2, 0xD9, 0x13, 0xAC, 0xFC, 0x42, 0xC4, 0x81, 0x34, 0x9F,
+        0x6B, 0x39, 0x57, 0x9C, 0xE9, 0x92, 0x5D, 0x41, 0xAC, 0x05,
+        0x35, 0xB1, 0x26, 0x93, 0x4D, 0x4A, 0xDA, 0xF8, 0x51, 0x82,
+        0xD2, 0x8D, 0x7F, 0xD3, 0x5C, 0x6E, 0x29, 0x80, 0x8D, 0x9B,
+        0x02, 0x10, 0x2B, 0x64, 0xF5, 0xD1, 0x31, 0x06, 0xFA, 0x85,
+        0x2B, 0x8F, 0x63, 0x32, 0x14, 0x76, 0x7A, 0x39, 0x15, 0xF3,
+        0x4E, 0xDD, 0xFD, 0xE2, 0x2C, 0x90, 0x15, 0xD1, 0x6F, 0x73,
+        0x87, 0xEE, 0xE6, 0xC8, 0xEB, 0xAD, 0x40, 0xD5, 0xE8, 0x94,
+        0x1F, 0xA6, 0x7E, 0x26, 0x5B, 0x87, 0xBA, 0x0F, 0x06, 0x5A,
+        0x4D, 0x55, 0x7A, 0xAA, 0xC4, 0x09, 0x34, 0x8B, 0xF7, 0xE5,
+        0xCC, 0xD6, 0xB7, 0x6C, 0x46, 0x6D, 0xA1, 0xE6, 0x66, 0x66,
+        0x4C, 0x4B, 0xE5, 0x12, 0x31, 0x37, 0x54, 0x49, 0x64, 0xA5,
+        0x66, 0xEB, 0xE0, 0xC6, 0xA1, 0x49, 0xF8, 0x4D, 0xC3, 0xD3,
+        0x55, 0xA4, 0x05, 0xD2, 0xAC, 0xFB, 0xE1, 0xC8, 0x69, 0x30,
+        0x4B, 0x98, 0xFD, 0x72, 0x1A, 0xAB, 0x9F, 0x86, 0xEB, 0x0D,
+        0xBD, 0x7C, 0xA6, 0x3D, 0x81, 0xD9, 0x01, 0xA7, 0x8A, 0x79,
+        0xAB, 0x3C, 0xCE, 0xE5, 0xB6, 0xC3, 0x1B, 0xEF, 0x7D, 0x5E,
+        0x37, 0x7B, 0x37, 0x7C, 0x91, 0x89, 0x59, 0x11, 0x21, 0x11,
+        0x7C, 0x05, 0x80, 0xE1, 0xA8, 0xD6, 0xF9, 0x35, 0xDA, 0x1B,
+        0x86, 0x06, 0x5A, 0x32, 0x67, 0x6C, 0xA9, 0x2B, 0xE0, 0x31,
+        0x7B, 0x89, 0x53, 0x37, 0x42, 0xAF, 0x34, 0xA4, 0x53, 0xD2,
+        0x7C, 0x91, 0x50, 0x63, 0x3A, 0x8E, 0x4A, 0x1F, 0xA3, 0x90,
+        0x4E, 0x7C, 0x41, 0x59, 0x1D, 0xEB, 0x7B, 0xA2, 0x14, 0x87,
+        0xBA, 0x76, 0x36, 0xA4, 0x77, 0x46, 0x34, 0xF2, 0x55, 0x50,
+        0xF0, 0x24, 0x9F, 0x83, 0x83, 0xDA, 0xA6, 0xAA, 0x3C, 0xC8
 
 };
 static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048);
@@ -2502,183 +2502,186 @@ static const int sizeof_rsa_key_der_3072 = sizeof(rsa_key_der_3072);
 /* ./certs/3072/client-key.der, 3072-bit */
 static const unsigned char client_key_der_3072[] =
 {
-        0x30, 0x82, 0x06, 0xE4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
-        0x81, 0x00, 0xAC, 0x39, 0x50, 0x68, 0x8F, 0x78, 0xF8, 0x10,
-        0x9B, 0x68, 0x96, 0xD3, 0xE1, 0x9C, 0x56, 0x68, 0x5A, 0x41,
-        0x62, 0xE3, 0xB3, 0x41, 0xB0, 0x55, 0x80, 0x17, 0xB0, 0x88,
-        0x16, 0x9B, 0xE0, 0x97, 0x74, 0x5F, 0x42, 0x79, 0x73, 0x42,
-        0xDF, 0x93, 0xF3, 0xAA, 0x9D, 0xEE, 0x2D, 0x6F, 0xAA, 0xBC,
-        0x27, 0x90, 0x84, 0xC0, 0x5D, 0xC7, 0xEC, 0x49, 0xEA, 0x5C,
-        0x66, 0x1D, 0x70, 0x9C, 0x53, 0x5C, 0xBA, 0xA1, 0xB3, 0x58,
-        0xC9, 0x3E, 0x8E, 0x9B, 0x72, 0x3D, 0x6E, 0x02, 0x02, 0x00,
-        0x9C, 0x65, 0x56, 0x82, 0xA3, 0x22, 0xB4, 0x08, 0x5F, 0x2A,
-        0xEF, 0xDF, 0x9A, 0xD0, 0xE7, 0x31, 0x59, 0x26, 0x5B, 0x0B,
-        0x1C, 0x63, 0x61, 0xFF, 0xD5, 0x69, 0x32, 0x19, 0x06, 0x7E,
-        0x0F, 0x40, 0x3C, 0x7A, 0x1E, 0xC8, 0xFC, 0x58, 0x6C, 0x64,
-        0xAE, 0x10, 0x3D, 0xA8, 0x23, 0xFF, 0x8E, 0x1A, 0xCA, 0x6A,
-        0x82, 0xE2, 0xF9, 0x01, 0x64, 0x2C, 0x97, 0xA0, 0x1A, 0x89,
-        0xA0, 0x74, 0xD3, 0xB6, 0x05, 0x11, 0xF2, 0x62, 0x06, 0x48,
-        0x2A, 0xF7, 0x66, 0xCE, 0xC1, 0x85, 0xE1, 0xD2, 0x27, 0xEA,
-        0xCA, 0x12, 0xA5, 0x91, 0x97, 0x3E, 0xFC, 0x94, 0x06, 0x59,
-        0x51, 0xC0, 0xE7, 0x13, 0xB6, 0x87, 0x7B, 0x5F, 0xD2, 0xC0,
-        0x56, 0x2F, 0x5E, 0x1D, 0x02, 0xC3, 0x11, 0x2C, 0xDF, 0xF7,
-        0x01, 0xDA, 0xBD, 0x85, 0x54, 0x35, 0x32, 0x5F, 0xC5, 0xC8,
-        0xF9, 0x7A, 0x9F, 0x89, 0xF7, 0x03, 0x0E, 0x7E, 0x79, 0x5D,
-        0x04, 0x82, 0x35, 0x10, 0xFE, 0x6D, 0x9B, 0xBF, 0xB8, 0xEE,
-        0xE2, 0x62, 0x87, 0x26, 0x5E, 0x2F, 0x50, 0x2F, 0x78, 0x0C,
-        0xE8, 0x73, 0x4F, 0x88, 0x6A, 0xD6, 0x26, 0xA4, 0xC9, 0xFC,
-        0xFA, 0x1E, 0x8A, 0xB0, 0xF4, 0x32, 0xCF, 0x57, 0xCD, 0xA1,
-        0x58, 0x8A, 0x49, 0x0F, 0xBB, 0xA9, 0x1D, 0x86, 0xAB, 0xB9,
-        0x8F, 0x8D, 0x57, 0x19, 0xB2, 0x5A, 0x7E, 0xA4, 0xEA, 0xCC,
-        0xB7, 0x96, 0x7A, 0x3B, 0x38, 0xCD, 0xDE, 0xE0, 0x61, 0xFC,
-        0xC9, 0x06, 0x8F, 0x93, 0x5A, 0xCE, 0xAD, 0x2A, 0xE3, 0x2D,
-        0x3E, 0x39, 0x5D, 0x41, 0x83, 0x01, 0x1F, 0x0F, 0xE1, 0x7F,
-        0x76, 0xC7, 0x28, 0xDA, 0x56, 0xEF, 0xBF, 0xDC, 0x26, 0x35,
-        0x40, 0xBE, 0xAD, 0xC7, 0x38, 0xAD, 0xA4, 0x06, 0xAC, 0xCA,
-        0xE8, 0x51, 0xEB, 0xC0, 0xF8, 0x68, 0x02, 0x2C, 0x9B, 0xA1,
-        0x14, 0xBC, 0xF8, 0x61, 0x86, 0xD7, 0x56, 0xD7, 0x73, 0xF4,
-        0xAB, 0xBB, 0x6A, 0x21, 0xD3, 0x88, 0x22, 0xB4, 0xE7, 0x6F,
-        0x7F, 0x91, 0xE5, 0x0E, 0xC6, 0x08, 0x49, 0xDE, 0xEA, 0x13,
-        0x58, 0x72, 0xA0, 0xAA, 0x3A, 0xF9, 0x36, 0x03, 0x45, 0x57,
-        0x5E, 0x87, 0xD2, 0x73, 0x65, 0xC4, 0x8C, 0xA3, 0xEE, 0xC9,
-        0xD6, 0x73, 0x7C, 0x96, 0x41, 0x93, 0x02, 0x03, 0x01, 0x00,
-        0x01, 0x02, 0x82, 0x01, 0x80, 0x40, 0x19, 0x74, 0xDB, 0xF5,
-        0xCA, 0x48, 0x49, 0xA6, 0x0D, 0xDF, 0x55, 0x2C, 0xFB, 0x4B,
-        0x0D, 0xBB, 0xC9, 0xEA, 0x4C, 0x65, 0x43, 0x65, 0xA5, 0xEC,
-        0xEE, 0xE4, 0x3D, 0x42, 0x6C, 0xF1, 0xC2, 0x6D, 0x05, 0xA7,
-        0x70, 0x1C, 0x7E, 0x1F, 0x48, 0xA9, 0xC0, 0x2E, 0xD7, 0x9F,
-        0x01, 0x98, 0xC2, 0x3E, 0xD7, 0x83, 0x11, 0x35, 0xD6, 0x5B,
-        0x13, 0x87, 0xAE, 0xAC, 0x32, 0xF8, 0xDE, 0xB6, 0x08, 0x25,
-        0x4E, 0x59, 0xBA, 0x09, 0xEC, 0xC6, 0x97, 0x04, 0x85, 0xE8,
-        0x93, 0xC6, 0xBB, 0x03, 0x7A, 0x94, 0x20, 0x3B, 0x27, 0x87,
-        0x6A, 0x36, 0x41, 0x7C, 0xD5, 0xF4, 0x81, 0x1C, 0x0B, 0x39,
-        0xEB, 0x14, 0xA7, 0xA6, 0x01, 0x37, 0x50, 0x48, 0xD5, 0xC6,
-        0x57, 0x9A, 0x1B, 0x01, 0x02, 0x1F, 0x80, 0x34, 0x45, 0x09,
-        0xE6, 0xBF, 0x31, 0x19, 0xB7, 0xE1, 0xBA, 0xDA, 0xEB, 0x1A,
-        0xB0, 0xCD, 0xF5, 0xA6, 0x91, 0x63, 0xAC, 0x28, 0xE4, 0x8F,
-        0xEA, 0x7E, 0xF6, 0x0A, 0x4A, 0x71, 0x21, 0xA5, 0xF1, 0x70,
-        0x0D, 0x1B, 0xD9, 0x70, 0x64, 0x74, 0x57, 0x2F, 0x9F, 0xEC,
-        0xD4, 0x93, 0x16, 0xC7, 0xEE, 0xF8, 0xC0, 0x9F, 0x52, 0x4A,
-        0x1F, 0xAD, 0xDD, 0x40, 0x98, 0x53, 0x68, 0xFA, 0xDE, 0xA2,
-        0x04, 0xA0, 0x24, 0x05, 0xEF, 0xCB, 0x4F, 0x70, 0xDF, 0xB9,
-        0x5C, 0xC2, 0x5E, 0xE4, 0xC9, 0xCD, 0x0F, 0x5E, 0x4B, 0x77,
-        0xBB, 0x84, 0x69, 0x54, 0x98, 0x41, 0xB7, 0x9C, 0x0E, 0x38,
-        0xD8, 0xF7, 0xF3, 0x9F, 0xEF, 0xE5, 0x9B, 0xB6, 0x4B, 0xD6,
-        0x7A, 0x65, 0xF5, 0x69, 0xFA, 0xC2, 0x13, 0x70, 0x6C, 0x28,
-        0xA4, 0x29, 0xAC, 0xD9, 0xBF, 0xEC, 0x6A, 0x2E, 0xED, 0xE4,
-        0xBA, 0xDF, 0xD0, 0xF1, 0xF3, 0x3C, 0x6C, 0x84, 0xDF, 0xB7,
-        0x5A, 0x94, 0xCF, 0xD9, 0x2D, 0xEA, 0xEA, 0xB4, 0xD0, 0x91,
-        0x2E, 0x77, 0x15, 0x18, 0x0D, 0x6B, 0xBA, 0x2A, 0x0C, 0xF1,
-        0x92, 0x9D, 0xD6, 0x04, 0x05, 0xB6, 0x38, 0xC2, 0xE0, 0xA7,
-        0x2D, 0x64, 0xF8, 0xDF, 0x0C, 0x3A, 0x93, 0x83, 0xE1, 0x88,
-        0x83, 0x5F, 0x67, 0x90, 0x9F, 0x2B, 0xE0, 0x60, 0x8E, 0xCA,
-        0x30, 0x13, 0xCA, 0x9F, 0xCF, 0x7B, 0x6D, 0xD8, 0xCD, 0xEE,
-        0xF9, 0x96, 0xDD, 0x5E, 0xF4, 0x47, 0xC9, 0x4C, 0xE6, 0x8F,
-        0x7F, 0x33, 0x2A, 0x38, 0x30, 0xAF, 0xD5, 0x4A, 0x79, 0x47,
-        0x06, 0xCC, 0x96, 0x44, 0x29, 0x8C, 0x60, 0x2B, 0x08, 0xC7,
-        0xD0, 0xD3, 0xC3, 0xC5, 0x2C, 0x63, 0x6C, 0x87, 0xD2, 0xAE,
-        0x2A, 0xA4, 0x86, 0xE7, 0x76, 0x74, 0x90, 0xD1, 0x04, 0x37,
-        0x64, 0x1A, 0xED, 0x08, 0xD9, 0x98, 0x07, 0x1A, 0x98, 0x0B,
-        0x89, 0x99, 0xA4, 0xB0, 0x8C, 0x1A, 0x10, 0xEB, 0xEC, 0xF4,
-        0xEE, 0x3C, 0xC4, 0x00, 0xCC, 0x30, 0x9C, 0x43, 0x01, 0x02,
-        0x81, 0xC1, 0x00, 0xD9, 0x43, 0xF6, 0x2C, 0x78, 0x26, 0xD2,
-        0xE7, 0x15, 0xA7, 0x0A, 0x88, 0x5E, 0xDB, 0x2D, 0xAF, 0xC6,
-        0xA9, 0x6F, 0x73, 0x88, 0x3B, 0x6A, 0x08, 0x1F, 0xF5, 0x80,
-        0xB5, 0x2E, 0x29, 0x8B, 0x72, 0xF8, 0x35, 0xC8, 0x23, 0x18,
-        0x1C, 0x0D, 0x0E, 0x38, 0x82, 0xBB, 0x5B, 0x2F, 0xB4, 0x5C,
-        0x4E, 0x24, 0x05, 0xA7, 0x4C, 0x79, 0x48, 0x89, 0x8D, 0x1C,
-        0x1D, 0x0A, 0x2C, 0xFE, 0xD9, 0x99, 0xDF, 0x25, 0x8A, 0x2D,
-        0xF8, 0xEB, 0x2F, 0xDA, 0x1B, 0x63, 0xE1, 0xCD, 0x09, 0x97,
-        0x64, 0x14, 0xAB, 0xEA, 0x0B, 0xD8, 0xE2, 0xA8, 0x2A, 0x63,
-        0x35, 0x90, 0xEE, 0x7F, 0xEA, 0xCE, 0xA5, 0xEF, 0x7F, 0xAB,
-        0x87, 0x47, 0x9B, 0x45, 0x35, 0x9A, 0xDA, 0x8C, 0xF4, 0xD3,
-        0x8A, 0x0B, 0x9B, 0xE6, 0xEA, 0x92, 0xBB, 0x05, 0xE1, 0xAC,
-        0x3E, 0x35, 0xDB, 0xED, 0x65, 0x1D, 0xB6, 0x92, 0xEB, 0x29,
-        0x79, 0xF8, 0x3F, 0xC2, 0x58, 0x40, 0x32, 0x66, 0x87, 0x56,
-        0x50, 0xFF, 0xBF, 0x3E, 0xBD, 0xE9, 0x94, 0xBF, 0x31, 0xBE,
-        0x87, 0x2D, 0xEF, 0x64, 0x1E, 0x0E, 0x67, 0x3A, 0x9C, 0x94,
-        0xDA, 0x5B, 0x0C, 0x8C, 0x3D, 0xEE, 0x9D, 0xCD, 0x92, 0xDE,
-        0x40, 0x02, 0x65, 0x36, 0xC9, 0x1B, 0xF5, 0x7E, 0x4E, 0x07,
-        0xB4, 0x7F, 0x14, 0x0E, 0x03, 0x2E, 0x86, 0xF0, 0x45, 0x5F,
-        0xDC, 0xA2, 0xE8, 0xC7, 0x83, 0x02, 0x81, 0xC1, 0x00, 0xCA,
-        0xED, 0xA5, 0x3F, 0x59, 0xAC, 0x4C, 0xAD, 0xAB, 0x23, 0x02,
-        0x95, 0x80, 0xA0, 0xAF, 0x35, 0x17, 0xDB, 0xE7, 0x7F, 0x72,
-        0x41, 0x2C, 0x5C, 0xB4, 0x43, 0x85, 0x46, 0x73, 0x9F, 0x58,
-        0xE9, 0x40, 0x8B, 0xEC, 0xB0, 0xEF, 0x86, 0x4C, 0x31, 0xDE,
-        0xC8, 0x6C, 0x74, 0x75, 0xA2, 0xDB, 0x65, 0xF4, 0x50, 0xC6,
-        0x99, 0xA2, 0x70, 0xDE, 0xB6, 0x22, 0xC2, 0x01, 0x15, 0x49,
-        0x13, 0xA0, 0xE2, 0x20, 0x78, 0x44, 0xEC, 0x1F, 0x42, 0xB3,
-        0x25, 0x09, 0xCE, 0x75, 0x13, 0x75, 0x36, 0x11, 0x47, 0x2C,
-        0x3C, 0x15, 0x1F, 0xF0, 0x54, 0xD5, 0x18, 0xAE, 0x61, 0x07,
-        0xAC, 0x3D, 0x83, 0x46, 0x03, 0x8C, 0xBF, 0x63, 0x26, 0xA8,
-        0x19, 0x7C, 0xFF, 0xDE, 0x20, 0x78, 0xD0, 0xDA, 0x70, 0x2E,
-        0xBD, 0xFA, 0x96, 0xDD, 0x15, 0x78, 0x9B, 0xEF, 0xED, 0x17,
-        0x90, 0x6F, 0x14, 0x35, 0x50, 0x8E, 0x1D, 0x78, 0xB0, 0x8A,
-        0xA0, 0x53, 0x10, 0x15, 0x64, 0xCC, 0x47, 0x05, 0xB6, 0xC6,
-        0x48, 0xC0, 0x5D, 0xB4, 0x4B, 0x1A, 0x5F, 0xB8, 0x9E, 0x75,
-        0xCD, 0xC3, 0x64, 0x66, 0x88, 0x10, 0x9C, 0x8B, 0x87, 0x14,
-        0x34, 0xE6, 0x60, 0x3C, 0xA5, 0xB7, 0x81, 0x1D, 0x0B, 0x79,
-        0x93, 0x5D, 0x4A, 0x42, 0x7A, 0x7F, 0x33, 0xF0, 0x3E, 0x9E,
-        0x63, 0xBD, 0xB6, 0x5F, 0xF9, 0x47, 0xA7, 0x0A, 0x49, 0x70,
-        0xB1, 0x02, 0x81, 0xC0, 0x6F, 0xC6, 0xF4, 0x3E, 0xDA, 0xAD,
-        0xF6, 0xB1, 0x66, 0xC5, 0x62, 0xB8, 0xD8, 0x3C, 0x61, 0x1B,
-        0xDE, 0xD4, 0x4A, 0xFF, 0xA0, 0x66, 0x18, 0xDE, 0x07, 0x3B,
-        0x32, 0x35, 0x84, 0x83, 0x61, 0x38, 0x0C, 0x14, 0xF7, 0x5B,
-        0x7E, 0xCA, 0xE7, 0xB8, 0x9A, 0x40, 0x40, 0x0D, 0xE0, 0xD4,
-        0x24, 0xED, 0x1A, 0xC1, 0x41, 0xDA, 0x29, 0x47, 0xB5, 0x64,
-        0xC0, 0xC2, 0xFB, 0xFA, 0x3C, 0x3F, 0x4D, 0x57, 0xAD, 0xA3,
-        0x92, 0x95, 0x4E, 0xC2, 0x76, 0xAE, 0xC2, 0xCB, 0x67, 0xC6,
-        0x78, 0x79, 0xC7, 0xDC, 0xCE, 0x73, 0xBB, 0xE8, 0x98, 0x65,
-        0xFE, 0x56, 0x8F, 0xB2, 0xF4, 0x62, 0xA4, 0x60, 0x60, 0x80,
-        0x49, 0x8A, 0x36, 0xBF, 0xDE, 0x72, 0x7E, 0xB1, 0xD3, 0xF5,
-        0x1D, 0x64, 0x17, 0x26, 0xE5, 0x3D, 0x67, 0xB2, 0x0A, 0x8B,
-        0x99, 0x27, 0x04, 0x64, 0x9A, 0x94, 0xFC, 0x1D, 0x73, 0x26,
-        0xC3, 0x56, 0xF9, 0xEE, 0x2B, 0x99, 0x65, 0xA5, 0xC8, 0x73,
-        0xF6, 0x67, 0x83, 0xBC, 0x2B, 0x96, 0x5F, 0x36, 0xE4, 0xCA,
-        0xBD, 0xE0, 0x24, 0x34, 0xD6, 0x48, 0x54, 0x56, 0xAD, 0xA3,
-        0xE3, 0x3D, 0x17, 0xBC, 0xB3, 0xE6, 0x24, 0xFE, 0x50, 0xC6,
-        0x2F, 0xCB, 0xB4, 0xAF, 0xC7, 0xE8, 0xDD, 0x96, 0x86, 0x9D,
-        0xB4, 0x7F, 0x1B, 0x26, 0x01, 0x33, 0x87, 0xDB, 0x6A, 0x7F,
-        0xF6, 0x9A, 0xB7, 0xC1, 0x94, 0xEB, 0x02, 0x81, 0xC1, 0x00,
-        0xB0, 0x6D, 0x20, 0x68, 0x0D, 0x7C, 0x81, 0x45, 0xD4, 0x2E,
-        0x22, 0x06, 0xFC, 0xC7, 0xB6, 0xCC, 0x40, 0x2C, 0x0D, 0xFE,
-        0x7D, 0xC5, 0x2F, 0xDE, 0x81, 0x52, 0xDA, 0xC2, 0x3F, 0xAF,
-        0xE0, 0x4B, 0x1A, 0xB5, 0x0C, 0x59, 0x60, 0x45, 0xB0, 0x65,
-        0x03, 0x3D, 0xD9, 0x1C, 0xFF, 0x51, 0x51, 0xD2, 0x38, 0x31,
-        0x2A, 0x19, 0x54, 0x63, 0x31, 0x1D, 0xC4, 0xE6, 0x4A, 0xAE,
-        0xC8, 0xD3, 0xE9, 0xE1, 0xEF, 0x3C, 0xE1, 0x1F, 0x30, 0xA6,
-        0x7A, 0xBD, 0xCE, 0xE2, 0xD2, 0x62, 0xD2, 0x5A, 0xE9, 0x76,
-        0xA9, 0x7C, 0xAB, 0x19, 0x13, 0x87, 0x8D, 0xA5, 0x61, 0xA6,
-        0x36, 0x57, 0x87, 0x3B, 0x64, 0x59, 0x9D, 0xBA, 0x9F, 0x67,
-        0x72, 0x6A, 0x86, 0x84, 0xA6, 0x08, 0x31, 0x41, 0xD3, 0x48,
-        0x09, 0x3B, 0x5E, 0x6C, 0x5F, 0x56, 0x55, 0x7F, 0xAD, 0x7E,
-        0xC2, 0x27, 0xEE, 0x8A, 0xF1, 0x37, 0x51, 0xF7, 0x49, 0x80,
-        0xA3, 0x65, 0x74, 0x11, 0xDD, 0xA7, 0xBE, 0xFA, 0x58, 0x7B,
-        0x69, 0xB4, 0xC2, 0x9A, 0x35, 0x2F, 0xBE, 0x84, 0x4E, 0x2C,
-        0x66, 0x5B, 0x38, 0x6F, 0x47, 0xBD, 0x30, 0x44, 0x0A, 0x02,
-        0xAC, 0x8C, 0xB9, 0x66, 0x1E, 0x14, 0x2D, 0x90, 0x71, 0x42,
-        0x12, 0xB7, 0x0E, 0x3A, 0x8B, 0xC5, 0x98, 0x65, 0xFD, 0x8F,
-        0x53, 0x81, 0x7F, 0xE4, 0xD9, 0x58, 0x0E, 0xF5, 0xA9, 0x39,
-        0xE4, 0x61, 0x02, 0x81, 0xC1, 0x00, 0xB3, 0x94, 0x8F, 0x2B,
-        0xFD, 0x84, 0x2E, 0x83, 0x42, 0x86, 0x56, 0x7E, 0xB5, 0xF8,
-        0x3C, 0xC5, 0x0C, 0xCB, 0xBD, 0x32, 0x0C, 0xD7, 0xAA, 0xA7,
-        0xB0, 0xE9, 0xA4, 0x6A, 0xD1, 0x01, 0xDB, 0x87, 0x2A, 0xF7,
-        0xDF, 0xEC, 0xC2, 0x03, 0x5D, 0x55, 0xA8, 0x66, 0x73, 0x79,
-        0xA9, 0xAB, 0xBD, 0xAF, 0x69, 0x37, 0xFE, 0x41, 0xB5, 0x53,
-        0xB3, 0xB2, 0xC0, 0xB1, 0x80, 0x34, 0xE6, 0xE1, 0x7B, 0xAE,
-        0x67, 0xC7, 0xF3, 0x57, 0xFE, 0x12, 0xBC, 0x78, 0xAA, 0x75,
-        0x0D, 0xAC, 0x79, 0x90, 0x14, 0x49, 0xFE, 0x6B, 0x51, 0xE3,
-        0xE4, 0x46, 0xB2, 0x10, 0x4D, 0x05, 0x6A, 0x12, 0x80, 0x2A,
-        0x8F, 0x39, 0x42, 0x0E, 0x3B, 0x24, 0x2B, 0x50, 0x5D, 0xF3,
-        0xA7, 0x7F, 0x2F, 0x82, 0x89, 0x87, 0x9F, 0xF8, 0x7B, 0x1E,
-        0x05, 0x6E, 0x75, 0x83, 0x04, 0x35, 0x66, 0x4A, 0x06, 0x57,
-        0x39, 0xAB, 0x21, 0x0B, 0x94, 0x41, 0x6A, 0x2A, 0xC7, 0xDE,
-        0x98, 0x45, 0x8F, 0x96, 0x1C, 0xF2, 0xD8, 0xFB, 0x9C, 0x10,
-        0x8E, 0x41, 0x7A, 0xDD, 0xDD, 0x1D, 0xEF, 0xA5, 0x67, 0xEC,
-        0xFE, 0xA3, 0x2D, 0xA9, 0xFD, 0xF3, 0xEE, 0x35, 0xF4, 0xA7,
-        0xBC, 0xF9, 0x71, 0xCC, 0xB9, 0xC0, 0x5F, 0x58, 0x5B, 0xBD,
-        0x1A, 0x9E, 0xC7, 0x08, 0x67, 0x7C, 0xC7, 0x51, 0x5B, 0xBE,
-        0xE3, 0xF8, 0xBE, 0x1E, 0xC7, 0xD2, 0x28, 0x97
+        0x30, 0x82, 0x06, 0xFE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06,
+        0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
+        0x05, 0x00, 0x04, 0x82, 0x06, 0xE8, 0x30, 0x82, 0x06, 0xE4,
+        0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x81, 0x00, 0xAC, 0x39,
+        0x50, 0x68, 0x8F, 0x78, 0xF8, 0x10, 0x9B, 0x68, 0x96, 0xD3,
+        0xE1, 0x9C, 0x56, 0x68, 0x5A, 0x41, 0x62, 0xE3, 0xB3, 0x41,
+        0xB0, 0x55, 0x80, 0x17, 0xB0, 0x88, 0x16, 0x9B, 0xE0, 0x97,
+        0x74, 0x5F, 0x42, 0x79, 0x73, 0x42, 0xDF, 0x93, 0xF3, 0xAA,
+        0x9D, 0xEE, 0x2D, 0x6F, 0xAA, 0xBC, 0x27, 0x90, 0x84, 0xC0,
+        0x5D, 0xC7, 0xEC, 0x49, 0xEA, 0x5C, 0x66, 0x1D, 0x70, 0x9C,
+        0x53, 0x5C, 0xBA, 0xA1, 0xB3, 0x58, 0xC9, 0x3E, 0x8E, 0x9B,
+        0x72, 0x3D, 0x6E, 0x02, 0x02, 0x00, 0x9C, 0x65, 0x56, 0x82,
+        0xA3, 0x22, 0xB4, 0x08, 0x5F, 0x2A, 0xEF, 0xDF, 0x9A, 0xD0,
+        0xE7, 0x31, 0x59, 0x26, 0x5B, 0x0B, 0x1C, 0x63, 0x61, 0xFF,
+        0xD5, 0x69, 0x32, 0x19, 0x06, 0x7E, 0x0F, 0x40, 0x3C, 0x7A,
+        0x1E, 0xC8, 0xFC, 0x58, 0x6C, 0x64, 0xAE, 0x10, 0x3D, 0xA8,
+        0x23, 0xFF, 0x8E, 0x1A, 0xCA, 0x6A, 0x82, 0xE2, 0xF9, 0x01,
+        0x64, 0x2C, 0x97, 0xA0, 0x1A, 0x89, 0xA0, 0x74, 0xD3, 0xB6,
+        0x05, 0x11, 0xF2, 0x62, 0x06, 0x48, 0x2A, 0xF7, 0x66, 0xCE,
+        0xC1, 0x85, 0xE1, 0xD2, 0x27, 0xEA, 0xCA, 0x12, 0xA5, 0x91,
+        0x97, 0x3E, 0xFC, 0x94, 0x06, 0x59, 0x51, 0xC0, 0xE7, 0x13,
+        0xB6, 0x87, 0x7B, 0x5F, 0xD2, 0xC0, 0x56, 0x2F, 0x5E, 0x1D,
+        0x02, 0xC3, 0x11, 0x2C, 0xDF, 0xF7, 0x01, 0xDA, 0xBD, 0x85,
+        0x54, 0x35, 0x32, 0x5F, 0xC5, 0xC8, 0xF9, 0x7A, 0x9F, 0x89,
+        0xF7, 0x03, 0x0E, 0x7E, 0x79, 0x5D, 0x04, 0x82, 0x35, 0x10,
+        0xFE, 0x6D, 0x9B, 0xBF, 0xB8, 0xEE, 0xE2, 0x62, 0x87, 0x26,
+        0x5E, 0x2F, 0x50, 0x2F, 0x78, 0x0C, 0xE8, 0x73, 0x4F, 0x88,
+        0x6A, 0xD6, 0x26, 0xA4, 0xC9, 0xFC, 0xFA, 0x1E, 0x8A, 0xB0,
+        0xF4, 0x32, 0xCF, 0x57, 0xCD, 0xA1, 0x58, 0x8A, 0x49, 0x0F,
+        0xBB, 0xA9, 0x1D, 0x86, 0xAB, 0xB9, 0x8F, 0x8D, 0x57, 0x19,
+        0xB2, 0x5A, 0x7E, 0xA4, 0xEA, 0xCC, 0xB7, 0x96, 0x7A, 0x3B,
+        0x38, 0xCD, 0xDE, 0xE0, 0x61, 0xFC, 0xC9, 0x06, 0x8F, 0x93,
+        0x5A, 0xCE, 0xAD, 0x2A, 0xE3, 0x2D, 0x3E, 0x39, 0x5D, 0x41,
+        0x83, 0x01, 0x1F, 0x0F, 0xE1, 0x7F, 0x76, 0xC7, 0x28, 0xDA,
+        0x56, 0xEF, 0xBF, 0xDC, 0x26, 0x35, 0x40, 0xBE, 0xAD, 0xC7,
+        0x38, 0xAD, 0xA4, 0x06, 0xAC, 0xCA, 0xE8, 0x51, 0xEB, 0xC0,
+        0xF8, 0x68, 0x02, 0x2C, 0x9B, 0xA1, 0x14, 0xBC, 0xF8, 0x61,
+        0x86, 0xD7, 0x56, 0xD7, 0x73, 0xF4, 0xAB, 0xBB, 0x6A, 0x21,
+        0xD3, 0x88, 0x22, 0xB4, 0xE7, 0x6F, 0x7F, 0x91, 0xE5, 0x0E,
+        0xC6, 0x08, 0x49, 0xDE, 0xEA, 0x13, 0x58, 0x72, 0xA0, 0xAA,
+        0x3A, 0xF9, 0x36, 0x03, 0x45, 0x57, 0x5E, 0x87, 0xD2, 0x73,
+        0x65, 0xC4, 0x8C, 0xA3, 0xEE, 0xC9, 0xD6, 0x73, 0x7C, 0x96,
+        0x41, 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
+        0x80, 0x40, 0x19, 0x74, 0xDB, 0xF5, 0xCA, 0x48, 0x49, 0xA6,
+        0x0D, 0xDF, 0x55, 0x2C, 0xFB, 0x4B, 0x0D, 0xBB, 0xC9, 0xEA,
+        0x4C, 0x65, 0x43, 0x65, 0xA5, 0xEC, 0xEE, 0xE4, 0x3D, 0x42,
+        0x6C, 0xF1, 0xC2, 0x6D, 0x05, 0xA7, 0x70, 0x1C, 0x7E, 0x1F,
+        0x48, 0xA9, 0xC0, 0x2E, 0xD7, 0x9F, 0x01, 0x98, 0xC2, 0x3E,
+        0xD7, 0x83, 0x11, 0x35, 0xD6, 0x5B, 0x13, 0x87, 0xAE, 0xAC,
+        0x32, 0xF8, 0xDE, 0xB6, 0x08, 0x25, 0x4E, 0x59, 0xBA, 0x09,
+        0xEC, 0xC6, 0x97, 0x04, 0x85, 0xE8, 0x93, 0xC6, 0xBB, 0x03,
+        0x7A, 0x94, 0x20, 0x3B, 0x27, 0x87, 0x6A, 0x36, 0x41, 0x7C,
+        0xD5, 0xF4, 0x81, 0x1C, 0x0B, 0x39, 0xEB, 0x14, 0xA7, 0xA6,
+        0x01, 0x37, 0x50, 0x48, 0xD5, 0xC6, 0x57, 0x9A, 0x1B, 0x01,
+        0x02, 0x1F, 0x80, 0x34, 0x45, 0x09, 0xE6, 0xBF, 0x31, 0x19,
+        0xB7, 0xE1, 0xBA, 0xDA, 0xEB, 0x1A, 0xB0, 0xCD, 0xF5, 0xA6,
+        0x91, 0x63, 0xAC, 0x28, 0xE4, 0x8F, 0xEA, 0x7E, 0xF6, 0x0A,
+        0x4A, 0x71, 0x21, 0xA5, 0xF1, 0x70, 0x0D, 0x1B, 0xD9, 0x70,
+        0x64, 0x74, 0x57, 0x2F, 0x9F, 0xEC, 0xD4, 0x93, 0x16, 0xC7,
+        0xEE, 0xF8, 0xC0, 0x9F, 0x52, 0x4A, 0x1F, 0xAD, 0xDD, 0x40,
+        0x98, 0x53, 0x68, 0xFA, 0xDE, 0xA2, 0x04, 0xA0, 0x24, 0x05,
+        0xEF, 0xCB, 0x4F, 0x70, 0xDF, 0xB9, 0x5C, 0xC2, 0x5E, 0xE4,
+        0xC9, 0xCD, 0x0F, 0x5E, 0x4B, 0x77, 0xBB, 0x84, 0x69, 0x54,
+        0x98, 0x41, 0xB7, 0x9C, 0x0E, 0x38, 0xD8, 0xF7, 0xF3, 0x9F,
+        0xEF, 0xE5, 0x9B, 0xB6, 0x4B, 0xD6, 0x7A, 0x65, 0xF5, 0x69,
+        0xFA, 0xC2, 0x13, 0x70, 0x6C, 0x28, 0xA4, 0x29, 0xAC, 0xD9,
+        0xBF, 0xEC, 0x6A, 0x2E, 0xED, 0xE4, 0xBA, 0xDF, 0xD0, 0xF1,
+        0xF3, 0x3C, 0x6C, 0x84, 0xDF, 0xB7, 0x5A, 0x94, 0xCF, 0xD9,
+        0x2D, 0xEA, 0xEA, 0xB4, 0xD0, 0x91, 0x2E, 0x77, 0x15, 0x18,
+        0x0D, 0x6B, 0xBA, 0x2A, 0x0C, 0xF1, 0x92, 0x9D, 0xD6, 0x04,
+        0x05, 0xB6, 0x38, 0xC2, 0xE0, 0xA7, 0x2D, 0x64, 0xF8, 0xDF,
+        0x0C, 0x3A, 0x93, 0x83, 0xE1, 0x88, 0x83, 0x5F, 0x67, 0x90,
+        0x9F, 0x2B, 0xE0, 0x60, 0x8E, 0xCA, 0x30, 0x13, 0xCA, 0x9F,
+        0xCF, 0x7B, 0x6D, 0xD8, 0xCD, 0xEE, 0xF9, 0x96, 0xDD, 0x5E,
+        0xF4, 0x47, 0xC9, 0x4C, 0xE6, 0x8F, 0x7F, 0x33, 0x2A, 0x38,
+        0x30, 0xAF, 0xD5, 0x4A, 0x79, 0x47, 0x06, 0xCC, 0x96, 0x44,
+        0x29, 0x8C, 0x60, 0x2B, 0x08, 0xC7, 0xD0, 0xD3, 0xC3, 0xC5,
+        0x2C, 0x63, 0x6C, 0x87, 0xD2, 0xAE, 0x2A, 0xA4, 0x86, 0xE7,
+        0x76, 0x74, 0x90, 0xD1, 0x04, 0x37, 0x64, 0x1A, 0xED, 0x08,
+        0xD9, 0x98, 0x07, 0x1A, 0x98, 0x0B, 0x89, 0x99, 0xA4, 0xB0,
+        0x8C, 0x1A, 0x10, 0xEB, 0xEC, 0xF4, 0xEE, 0x3C, 0xC4, 0x00,
+        0xCC, 0x30, 0x9C, 0x43, 0x01, 0x02, 0x81, 0xC1, 0x00, 0xD9,
+        0x43, 0xF6, 0x2C, 0x78, 0x26, 0xD2, 0xE7, 0x15, 0xA7, 0x0A,
+        0x88, 0x5E, 0xDB, 0x2D, 0xAF, 0xC6, 0xA9, 0x6F, 0x73, 0x88,
+        0x3B, 0x6A, 0x08, 0x1F, 0xF5, 0x80, 0xB5, 0x2E, 0x29, 0x8B,
+        0x72, 0xF8, 0x35, 0xC8, 0x23, 0x18, 0x1C, 0x0D, 0x0E, 0x38,
+        0x82, 0xBB, 0x5B, 0x2F, 0xB4, 0x5C, 0x4E, 0x24, 0x05, 0xA7,
+        0x4C, 0x79, 0x48, 0x89, 0x8D, 0x1C, 0x1D, 0x0A, 0x2C, 0xFE,
+        0xD9, 0x99, 0xDF, 0x25, 0x8A, 0x2D, 0xF8, 0xEB, 0x2F, 0xDA,
+        0x1B, 0x63, 0xE1, 0xCD, 0x09, 0x97, 0x64, 0x14, 0xAB, 0xEA,
+        0x0B, 0xD8, 0xE2, 0xA8, 0x2A, 0x63, 0x35, 0x90, 0xEE, 0x7F,
+        0xEA, 0xCE, 0xA5, 0xEF, 0x7F, 0xAB, 0x87, 0x47, 0x9B, 0x45,
+        0x35, 0x9A, 0xDA, 0x8C, 0xF4, 0xD3, 0x8A, 0x0B, 0x9B, 0xE6,
+        0xEA, 0x92, 0xBB, 0x05, 0xE1, 0xAC, 0x3E, 0x35, 0xDB, 0xED,
+        0x65, 0x1D, 0xB6, 0x92, 0xEB, 0x29, 0x79, 0xF8, 0x3F, 0xC2,
+        0x58, 0x40, 0x32, 0x66, 0x87, 0x56, 0x50, 0xFF, 0xBF, 0x3E,
+        0xBD, 0xE9, 0x94, 0xBF, 0x31, 0xBE, 0x87, 0x2D, 0xEF, 0x64,
+        0x1E, 0x0E, 0x67, 0x3A, 0x9C, 0x94, 0xDA, 0x5B, 0x0C, 0x8C,
+        0x3D, 0xEE, 0x9D, 0xCD, 0x92, 0xDE, 0x40, 0x02, 0x65, 0x36,
+        0xC9, 0x1B, 0xF5, 0x7E, 0x4E, 0x07, 0xB4, 0x7F, 0x14, 0x0E,
+        0x03, 0x2E, 0x86, 0xF0, 0x45, 0x5F, 0xDC, 0xA2, 0xE8, 0xC7,
+        0x83, 0x02, 0x81, 0xC1, 0x00, 0xCA, 0xED, 0xA5, 0x3F, 0x59,
+        0xAC, 0x4C, 0xAD, 0xAB, 0x23, 0x02, 0x95, 0x80, 0xA0, 0xAF,
+        0x35, 0x17, 0xDB, 0xE7, 0x7F, 0x72, 0x41, 0x2C, 0x5C, 0xB4,
+        0x43, 0x85, 0x46, 0x73, 0x9F, 0x58, 0xE9, 0x40, 0x8B, 0xEC,
+        0xB0, 0xEF, 0x86, 0x4C, 0x31, 0xDE, 0xC8, 0x6C, 0x74, 0x75,
+        0xA2, 0xDB, 0x65, 0xF4, 0x50, 0xC6, 0x99, 0xA2, 0x70, 0xDE,
+        0xB6, 0x22, 0xC2, 0x01, 0x15, 0x49, 0x13, 0xA0, 0xE2, 0x20,
+        0x78, 0x44, 0xEC, 0x1F, 0x42, 0xB3, 0x25, 0x09, 0xCE, 0x75,
+        0x13, 0x75, 0x36, 0x11, 0x47, 0x2C, 0x3C, 0x15, 0x1F, 0xF0,
+        0x54, 0xD5, 0x18, 0xAE, 0x61, 0x07, 0xAC, 0x3D, 0x83, 0x46,
+        0x03, 0x8C, 0xBF, 0x63, 0x26, 0xA8, 0x19, 0x7C, 0xFF, 0xDE,
+        0x20, 0x78, 0xD0, 0xDA, 0x70, 0x2E, 0xBD, 0xFA, 0x96, 0xDD,
+        0x15, 0x78, 0x9B, 0xEF, 0xED, 0x17, 0x90, 0x6F, 0x14, 0x35,
+        0x50, 0x8E, 0x1D, 0x78, 0xB0, 0x8A, 0xA0, 0x53, 0x10, 0x15,
+        0x64, 0xCC, 0x47, 0x05, 0xB6, 0xC6, 0x48, 0xC0, 0x5D, 0xB4,
+        0x4B, 0x1A, 0x5F, 0xB8, 0x9E, 0x75, 0xCD, 0xC3, 0x64, 0x66,
+        0x88, 0x10, 0x9C, 0x8B, 0x87, 0x14, 0x34, 0xE6, 0x60, 0x3C,
+        0xA5, 0xB7, 0x81, 0x1D, 0x0B, 0x79, 0x93, 0x5D, 0x4A, 0x42,
+        0x7A, 0x7F, 0x33, 0xF0, 0x3E, 0x9E, 0x63, 0xBD, 0xB6, 0x5F,
+        0xF9, 0x47, 0xA7, 0x0A, 0x49, 0x70, 0xB1, 0x02, 0x81, 0xC0,
+        0x6F, 0xC6, 0xF4, 0x3E, 0xDA, 0xAD, 0xF6, 0xB1, 0x66, 0xC5,
+        0x62, 0xB8, 0xD8, 0x3C, 0x61, 0x1B, 0xDE, 0xD4, 0x4A, 0xFF,
+        0xA0, 0x66, 0x18, 0xDE, 0x07, 0x3B, 0x32, 0x35, 0x84, 0x83,
+        0x61, 0x38, 0x0C, 0x14, 0xF7, 0x5B, 0x7E, 0xCA, 0xE7, 0xB8,
+        0x9A, 0x40, 0x40, 0x0D, 0xE0, 0xD4, 0x24, 0xED, 0x1A, 0xC1,
+        0x41, 0xDA, 0x29, 0x47, 0xB5, 0x64, 0xC0, 0xC2, 0xFB, 0xFA,
+        0x3C, 0x3F, 0x4D, 0x57, 0xAD, 0xA3, 0x92, 0x95, 0x4E, 0xC2,
+        0x76, 0xAE, 0xC2, 0xCB, 0x67, 0xC6, 0x78, 0x79, 0xC7, 0xDC,
+        0xCE, 0x73, 0xBB, 0xE8, 0x98, 0x65, 0xFE, 0x56, 0x8F, 0xB2,
+        0xF4, 0x62, 0xA4, 0x60, 0x60, 0x80, 0x49, 0x8A, 0x36, 0xBF,
+        0xDE, 0x72, 0x7E, 0xB1, 0xD3, 0xF5, 0x1D, 0x64, 0x17, 0x26,
+        0xE5, 0x3D, 0x67, 0xB2, 0x0A, 0x8B, 0x99, 0x27, 0x04, 0x64,
+        0x9A, 0x94, 0xFC, 0x1D, 0x73, 0x26, 0xC3, 0x56, 0xF9, 0xEE,
+        0x2B, 0x99, 0x65, 0xA5, 0xC8, 0x73, 0xF6, 0x67, 0x83, 0xBC,
+        0x2B, 0x96, 0x5F, 0x36, 0xE4, 0xCA, 0xBD, 0xE0, 0x24, 0x34,
+        0xD6, 0x48, 0x54, 0x56, 0xAD, 0xA3, 0xE3, 0x3D, 0x17, 0xBC,
+        0xB3, 0xE6, 0x24, 0xFE, 0x50, 0xC6, 0x2F, 0xCB, 0xB4, 0xAF,
+        0xC7, 0xE8, 0xDD, 0x96, 0x86, 0x9D, 0xB4, 0x7F, 0x1B, 0x26,
+        0x01, 0x33, 0x87, 0xDB, 0x6A, 0x7F, 0xF6, 0x9A, 0xB7, 0xC1,
+        0x94, 0xEB, 0x02, 0x81, 0xC1, 0x00, 0xB0, 0x6D, 0x20, 0x68,
+        0x0D, 0x7C, 0x81, 0x45, 0xD4, 0x2E, 0x22, 0x06, 0xFC, 0xC7,
+        0xB6, 0xCC, 0x40, 0x2C, 0x0D, 0xFE, 0x7D, 0xC5, 0x2F, 0xDE,
+        0x81, 0x52, 0xDA, 0xC2, 0x3F, 0xAF, 0xE0, 0x4B, 0x1A, 0xB5,
+        0x0C, 0x59, 0x60, 0x45, 0xB0, 0x65, 0x03, 0x3D, 0xD9, 0x1C,
+        0xFF, 0x51, 0x51, 0xD2, 0x38, 0x31, 0x2A, 0x19, 0x54, 0x63,
+        0x31, 0x1D, 0xC4, 0xE6, 0x4A, 0xAE, 0xC8, 0xD3, 0xE9, 0xE1,
+        0xEF, 0x3C, 0xE1, 0x1F, 0x30, 0xA6, 0x7A, 0xBD, 0xCE, 0xE2,
+        0xD2, 0x62, 0xD2, 0x5A, 0xE9, 0x76, 0xA9, 0x7C, 0xAB, 0x19,
+        0x13, 0x87, 0x8D, 0xA5, 0x61, 0xA6, 0x36, 0x57, 0x87, 0x3B,
+        0x64, 0x59, 0x9D, 0xBA, 0x9F, 0x67, 0x72, 0x6A, 0x86, 0x84,
+        0xA6, 0x08, 0x31, 0x41, 0xD3, 0x48, 0x09, 0x3B, 0x5E, 0x6C,
+        0x5F, 0x56, 0x55, 0x7F, 0xAD, 0x7E, 0xC2, 0x27, 0xEE, 0x8A,
+        0xF1, 0x37, 0x51, 0xF7, 0x49, 0x80, 0xA3, 0x65, 0x74, 0x11,
+        0xDD, 0xA7, 0xBE, 0xFA, 0x58, 0x7B, 0x69, 0xB4, 0xC2, 0x9A,
+        0x35, 0x2F, 0xBE, 0x84, 0x4E, 0x2C, 0x66, 0x5B, 0x38, 0x6F,
+        0x47, 0xBD, 0x30, 0x44, 0x0A, 0x02, 0xAC, 0x8C, 0xB9, 0x66,
+        0x1E, 0x14, 0x2D, 0x90, 0x71, 0x42, 0x12, 0xB7, 0x0E, 0x3A,
+        0x8B, 0xC5, 0x98, 0x65, 0xFD, 0x8F, 0x53, 0x81, 0x7F, 0xE4,
+        0xD9, 0x58, 0x0E, 0xF5, 0xA9, 0x39, 0xE4, 0x61, 0x02, 0x81,
+        0xC1, 0x00, 0xB3, 0x94, 0x8F, 0x2B, 0xFD, 0x84, 0x2E, 0x83,
+        0x42, 0x86, 0x56, 0x7E, 0xB5, 0xF8, 0x3C, 0xC5, 0x0C, 0xCB,
+        0xBD, 0x32, 0x0C, 0xD7, 0xAA, 0xA7, 0xB0, 0xE9, 0xA4, 0x6A,
+        0xD1, 0x01, 0xDB, 0x87, 0x2A, 0xF7, 0xDF, 0xEC, 0xC2, 0x03,
+        0x5D, 0x55, 0xA8, 0x66, 0x73, 0x79, 0xA9, 0xAB, 0xBD, 0xAF,
+        0x69, 0x37, 0xFE, 0x41, 0xB5, 0x53, 0xB3, 0xB2, 0xC0, 0xB1,
+        0x80, 0x34, 0xE6, 0xE1, 0x7B, 0xAE, 0x67, 0xC7, 0xF3, 0x57,
+        0xFE, 0x12, 0xBC, 0x78, 0xAA, 0x75, 0x0D, 0xAC, 0x79, 0x90,
+        0x14, 0x49, 0xFE, 0x6B, 0x51, 0xE3, 0xE4, 0x46, 0xB2, 0x10,
+        0x4D, 0x05, 0x6A, 0x12, 0x80, 0x2A, 0x8F, 0x39, 0x42, 0x0E,
+        0x3B, 0x24, 0x2B, 0x50, 0x5D, 0xF3, 0xA7, 0x7F, 0x2F, 0x82,
+        0x89, 0x87, 0x9F, 0xF8, 0x7B, 0x1E, 0x05, 0x6E, 0x75, 0x83,
+        0x04, 0x35, 0x66, 0x4A, 0x06, 0x57, 0x39, 0xAB, 0x21, 0x0B,
+        0x94, 0x41, 0x6A, 0x2A, 0xC7, 0xDE, 0x98, 0x45, 0x8F, 0x96,
+        0x1C, 0xF2, 0xD8, 0xFB, 0x9C, 0x10, 0x8E, 0x41, 0x7A, 0xDD,
+        0xDD, 0x1D, 0xEF, 0xA5, 0x67, 0xEC, 0xFE, 0xA3, 0x2D, 0xA9,
+        0xFD, 0xF3, 0xEE, 0x35, 0xF4, 0xA7, 0xBC, 0xF9, 0x71, 0xCC,
+        0xB9, 0xC0, 0x5F, 0x58, 0x5B, 0xBD, 0x1A, 0x9E, 0xC7, 0x08,
+        0x67, 0x7C, 0xC7, 0x51, 0x5B, 0xBE, 0xE3, 0xF8, 0xBE, 0x1E,
+        0xC7, 0xD2, 0x28, 0x97
 };
 static const int sizeof_client_key_der_3072 = sizeof(client_key_der_3072);
 
@@ -2735,9 +2738,9 @@ static const int sizeof_client_keypub_der_3072 = sizeof(client_keypub_der_3072);
 static const unsigned char client_cert_der_3072[] =
 {
         0x30, 0x82, 0x06, 0x1D, 0x30, 0x82, 0x04, 0x85, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x0B, 0x5C, 0x9F, 0x12, 0x25,
-        0x90, 0xAA, 0x52, 0xC0, 0xDF, 0xE1, 0xE1, 0x1F, 0xED, 0xA9,
-        0x31, 0x01, 0x0A, 0x09, 0x8B, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x1E, 0xD5, 0xB7, 0x66, 0x40,
+        0x3A, 0xE9, 0x9B, 0xDD, 0x58, 0xE4, 0xE4, 0x9A, 0xC0, 0xDA,
+        0x1E, 0xD7, 0xB9, 0x5A, 0x1F, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -2755,10 +2758,10 @@ static const unsigned char client_cert_der_3072[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
         0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
@@ -2841,8 +2844,8 @@ static const unsigned char client_cert_der_3072[] =
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
         0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
         0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14,
-        0x0B, 0x5C, 0x9F, 0x12, 0x25, 0x90, 0xAA, 0x52, 0xC0, 0xDF,
-        0xE1, 0xE1, 0x1F, 0xED, 0xA9, 0x31, 0x01, 0x0A, 0x09, 0x8B,
+        0x1E, 0xD5, 0xB7, 0x66, 0x40, 0x3A, 0xE9, 0x9B, 0xDD, 0x58,
+        0xE4, 0xE4, 0x9A, 0xC0, 0xDA, 0x1E, 0xD7, 0xB9, 0x5A, 0x1F,
         0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30,
         0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D,
         0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61,
@@ -2852,45 +2855,45 @@ static const unsigned char client_cert_der_3072[] =
         0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01,
         0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
-        0x03, 0x82, 0x01, 0x81, 0x00, 0x14, 0x27, 0x57, 0x47, 0x12,
-        0xA4, 0x78, 0xA2, 0xC9, 0xDC, 0x93, 0xF8, 0x47, 0xEE, 0xF4,
-        0xFD, 0x66, 0x80, 0x13, 0x43, 0x9E, 0xDE, 0x23, 0x8C, 0xF7,
-        0x3F, 0xFE, 0x46, 0x9C, 0x85, 0x58, 0x2A, 0x6F, 0x8D, 0x22,
-        0x92, 0x8C, 0xD6, 0x36, 0xCA, 0x90, 0x4F, 0x45, 0xC3, 0xAB,
-        0x78, 0xCA, 0x3C, 0xFE, 0xD0, 0xF5, 0x0F, 0x6D, 0x00, 0xFE,
-        0x3B, 0x42, 0xB0, 0x86, 0x0B, 0x75, 0xF2, 0x7C, 0xD3, 0xC7,
-        0xDB, 0x0B, 0x70, 0xE8, 0xEC, 0xB7, 0xBF, 0x26, 0x30, 0xA8,
-        0x19, 0x67, 0xBD, 0x74, 0x03, 0xCF, 0xD1, 0x08, 0x8E, 0x9C,
-        0xD5, 0x1B, 0x45, 0x28, 0xB2, 0x67, 0x8E, 0x3A, 0xA5, 0x27,
-        0xC9, 0x1B, 0x6A, 0xE9, 0x93, 0xCE, 0x94, 0xC0, 0x00, 0x0C,
-        0xE8, 0xF1, 0x76, 0x02, 0xA4, 0x30, 0x72, 0xA8, 0xFD, 0x55,
-        0x1C, 0xD1, 0xB8, 0x25, 0xF1, 0x62, 0xF6, 0xBA, 0x28, 0xFD,
-        0x30, 0xB1, 0x11, 0x63, 0xF7, 0xB3, 0x78, 0x54, 0x09, 0x04,
-        0xC1, 0x66, 0x12, 0xC7, 0x01, 0xAE, 0x99, 0xE3, 0x55, 0xC4,
-        0x29, 0xBD, 0x1B, 0x1A, 0xDA, 0xB9, 0x77, 0xFD, 0x04, 0xDB,
-        0xB1, 0x68, 0x56, 0x35, 0x65, 0xE1, 0xAA, 0x67, 0xC8, 0xAC,
-        0xBE, 0xE5, 0xF8, 0x27, 0xFB, 0xB4, 0x51, 0x4F, 0x38, 0xE5,
-        0xDE, 0x09, 0xA6, 0x81, 0xA9, 0xEF, 0xDC, 0xD6, 0x4A, 0x96,
-        0x47, 0xB8, 0x38, 0x14, 0xF8, 0x25, 0x5D, 0xAC, 0xF3, 0xE5,
-        0x3B, 0xF2, 0x1B, 0x70, 0x32, 0x3B, 0x2D, 0xFA, 0x20, 0xCA,
-        0x2E, 0xA5, 0xCA, 0x13, 0x9D, 0x84, 0xD2, 0xD4, 0x35, 0x16,
-        0x58, 0x6E, 0x52, 0x5E, 0x09, 0x61, 0x83, 0xC2, 0xE2, 0x56,
-        0x2C, 0xAB, 0x52, 0xBF, 0x54, 0xDC, 0xBD, 0xF3, 0xBF, 0xA7,
-        0x16, 0x6E, 0x0E, 0xCA, 0x68, 0x54, 0xD1, 0x5C, 0x4D, 0x06,
-        0x7A, 0x93, 0x47, 0x1C, 0xCC, 0xA9, 0x66, 0xDA, 0x69, 0x0F,
-        0xF9, 0x1F, 0x25, 0x64, 0x29, 0x40, 0x97, 0x50, 0x3B, 0xCF,
-        0x0C, 0x50, 0x9B, 0x4D, 0xFF, 0x60, 0xBC, 0xD3, 0xE4, 0xA0,
-        0xB7, 0x64, 0xC6, 0x66, 0x2A, 0xF6, 0x02, 0xE2, 0x3F, 0x92,
-        0x31, 0x3B, 0xD7, 0xEA, 0x1A, 0xC3, 0x1A, 0x0C, 0x19, 0x88,
-        0xAB, 0x5F, 0x74, 0xB7, 0x9D, 0x7B, 0x8D, 0x4D, 0x3A, 0x84,
-        0x43, 0xF2, 0x67, 0xB1, 0xBE, 0xA0, 0x9E, 0xFD, 0x3D, 0xAA,
-        0xC1, 0x38, 0x1A, 0xDF, 0xAC, 0x30, 0xFE, 0x63, 0x69, 0xAF,
-        0xD6, 0xF2, 0x21, 0x63, 0x11, 0x63, 0x29, 0xAC, 0x63, 0x9E,
-        0x9F, 0x9F, 0xC4, 0x53, 0xB3, 0xDB, 0x78, 0xC0, 0x2D, 0x79,
-        0x68, 0x1F, 0xD2, 0xD1, 0x36, 0xD1, 0xFB, 0xE3, 0xC0, 0xA7,
-        0x31, 0xEB, 0x15, 0x63, 0x99, 0x0B, 0x93, 0x9D, 0x87, 0xC7,
-        0xFE, 0x56, 0x5D, 0xFC, 0xE7, 0x29, 0x2A, 0x9E, 0x15, 0xBE,
-        0xEF, 0x54, 0xE7, 0x0F, 0x6D, 0x9B, 0x36, 0xB6, 0x17
+        0x03, 0x82, 0x01, 0x81, 0x00, 0x5E, 0xB0, 0xED, 0x38, 0x36,
+        0xB8, 0xF7, 0xE4, 0x0C, 0xB0, 0xC3, 0x6A, 0xBB, 0x7A, 0xB9,
+        0x61, 0x05, 0x9D, 0xB9, 0x82, 0x12, 0x2D, 0x9C, 0x9E, 0x91,
+        0x7B, 0xEC, 0xD0, 0x9B, 0x81, 0xCA, 0x51, 0xE8, 0xD4, 0x55,
+        0x2D, 0x1A, 0xFF, 0x88, 0x5A, 0xC3, 0xE1, 0xD8, 0x82, 0x17,
+        0xC5, 0x4A, 0x7A, 0xD4, 0x17, 0xC8, 0xA2, 0x1C, 0x97, 0x61,
+        0xA7, 0xCF, 0xDE, 0x12, 0xF9, 0x5A, 0xD8, 0xB0, 0x63, 0x63,
+        0x84, 0xD4, 0x7B, 0xB9, 0x81, 0x37, 0xA0, 0x49, 0xF3, 0x68,
+        0x30, 0x0C, 0x84, 0xF8, 0x6C, 0x18, 0x54, 0x34, 0x6F, 0x8D,
+        0xA3, 0x22, 0xD3, 0xD2, 0x3B, 0x42, 0xBC, 0x3B, 0x28, 0x0F,
+        0x95, 0x35, 0xF4, 0x9F, 0xDC, 0x18, 0x9D, 0x4F, 0xC5, 0x5F,
+        0x0D, 0xD2, 0xBD, 0x88, 0xB8, 0xA7, 0x88, 0x82, 0xD3, 0x74,
+        0x5B, 0xA6, 0xAD, 0xB0, 0x2B, 0x70, 0x33, 0xC9, 0x08, 0x7E,
+        0x5F, 0x9B, 0x99, 0x3C, 0x61, 0xF0, 0x1B, 0x3C, 0x1C, 0x4A,
+        0x2A, 0x05, 0x84, 0xF1, 0x47, 0x17, 0xA2, 0xEA, 0x06, 0x3A,
+        0xDC, 0xF6, 0xB3, 0x83, 0x30, 0x9C, 0x12, 0xB1, 0x4C, 0xE9,
+        0xBE, 0x40, 0x86, 0x3E, 0x72, 0x58, 0x4E, 0x44, 0xB8, 0x99,
+        0x59, 0xC3, 0x58, 0x0F, 0xD7, 0xCF, 0x02, 0x60, 0x77, 0xAD,
+        0x6F, 0x9C, 0x41, 0x58, 0xEF, 0x78, 0x63, 0xC0, 0xF7, 0x7D,
+        0xA7, 0xED, 0x67, 0xC2, 0x49, 0xAE, 0x06, 0xFC, 0x46, 0xF7,
+        0x70, 0x53, 0x88, 0xEB, 0x53, 0x2F, 0x25, 0x8D, 0x7A, 0xAC,
+        0xAB, 0xC4, 0xB5, 0xB0, 0x27, 0x90, 0x57, 0xD0, 0x31, 0x79,
+        0x2F, 0xAD, 0xDA, 0x20, 0xC1, 0x6A, 0x00, 0xCC, 0xD9, 0xB4,
+        0x36, 0x5A, 0x90, 0x99, 0x3D, 0xE3, 0xE2, 0xF4, 0xB6, 0xE7,
+        0x85, 0x16, 0x77, 0x3D, 0x69, 0xBB, 0x42, 0x6C, 0xA5, 0x83,
+        0x45, 0x9F, 0x53, 0xC4, 0x43, 0x78, 0x17, 0x43, 0xBD, 0x27,
+        0xC0, 0x6E, 0x4B, 0x40, 0x0F, 0x64, 0x0B, 0xAC, 0x38, 0x1E,
+        0x09, 0x6D, 0x62, 0x5A, 0x54, 0x8A, 0x2C, 0x96, 0x99, 0x23,
+        0xDB, 0xF5, 0x4B, 0x4A, 0xAA, 0x69, 0xBE, 0x6E, 0x8A, 0x9A,
+        0x3E, 0xD5, 0xE6, 0xA3, 0xA9, 0xA9, 0xE9, 0xE8, 0xA9, 0x28,
+        0x28, 0x3B, 0xF9, 0x9D, 0xD9, 0x5F, 0xE3, 0xCB, 0x2B, 0x2B,
+        0x38, 0xBA, 0xF1, 0xBC, 0x45, 0xD8, 0x4A, 0x5A, 0xB1, 0xB3,
+        0x8A, 0x48, 0x64, 0x78, 0x33, 0x21, 0x55, 0xCD, 0x04, 0x14,
+        0xE7, 0x7B, 0x73, 0xC2, 0xB6, 0xF2, 0xDE, 0x81, 0x01, 0xD8,
+        0x8D, 0xC6, 0xCF, 0xF2, 0x85, 0x0F, 0x32, 0x72, 0x0F, 0x6C,
+        0x60, 0xBE, 0xF5, 0x31, 0x75, 0x39, 0x4B, 0xE3, 0xAE, 0xED,
+        0x0C, 0x1E, 0x15, 0x83, 0xAC, 0xF9, 0x4C, 0x86, 0xCF, 0xDF,
+        0x54, 0xB0, 0x7C, 0x6F, 0xF5, 0xDE, 0x26, 0x66, 0xC0, 0xBA,
+        0x85, 0x38, 0xD0, 0x25, 0xFE, 0xB9, 0xBF, 0x12, 0x98
 };
 static const int sizeof_client_cert_der_3072 = sizeof(client_cert_der_3072);
 
@@ -2901,241 +2904,244 @@ static const int sizeof_client_cert_der_3072 = sizeof(client_cert_der_3072);
 /* ./certs/4096/client-key.der, 4096-bit */
 static const unsigned char client_key_der_4096[] =
 {
-        0x30, 0x82, 0x09, 0x28, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02,
-        0x01, 0x00, 0xF5, 0xD0, 0x31, 0xE4, 0x71, 0x59, 0x58, 0xB3,
-        0x07, 0x50, 0xDD, 0x16, 0x79, 0xFC, 0xC6, 0x95, 0x50, 0xFC,
-        0x46, 0x0E, 0x57, 0x12, 0x86, 0x71, 0x8D, 0xE3, 0x9B, 0x4A,
-        0x33, 0xEA, 0x4F, 0xD9, 0x17, 0x13, 0x6D, 0x48, 0x69, 0xDF,
-        0x59, 0x11, 0x08, 0x02, 0x9D, 0xAF, 0x2B, 0xC7, 0x30, 0xBE,
-        0x0C, 0xDC, 0x87, 0xD4, 0x5A, 0x12, 0x09, 0x23, 0x5D, 0xE1,
-        0x76, 0x5A, 0x62, 0x37, 0x46, 0x74, 0xEF, 0x03, 0x05, 0xBB,
-        0x1E, 0x6D, 0x29, 0x75, 0x6C, 0x2E, 0x9D, 0x87, 0x0D, 0x8F,
-        0x87, 0xCB, 0x14, 0x95, 0x9B, 0xBE, 0x17, 0x6B, 0x51, 0xD1,
-        0x4C, 0xDA, 0xD7, 0x91, 0x66, 0xC5, 0x36, 0xEB, 0xE0, 0x07,
-        0x1A, 0x76, 0x4D, 0xB0, 0xFB, 0xC1, 0xF5, 0x5E, 0x05, 0xDB,
-        0xBA, 0xCB, 0x25, 0xD9, 0x99, 0x13, 0x1C, 0xC0, 0x35, 0xDC,
-        0x40, 0xE9, 0x36, 0xCD, 0xC4, 0xD5, 0x7A, 0x41, 0x70, 0x0F,
-        0x36, 0xEB, 0xA5, 0x4E, 0x17, 0x05, 0xD5, 0x75, 0x1B, 0x64,
-        0x62, 0x7A, 0x3F, 0x0D, 0x28, 0x48, 0x6A, 0xE3, 0xAC, 0x9C,
-        0xA8, 0x8F, 0xE9, 0xED, 0xF7, 0xCD, 0x24, 0xA0, 0xB1, 0xA0,
-        0x03, 0xAC, 0xE3, 0x03, 0xF5, 0x3F, 0xD1, 0x96, 0xFF, 0x2A,
-        0x7E, 0x08, 0xB1, 0xD3, 0xE0, 0x18, 0x14, 0xEC, 0x65, 0x37,
-        0x50, 0x43, 0xC2, 0x6A, 0x8C, 0xF4, 0x5B, 0xFE, 0xC4, 0xCB,
-        0x8D, 0x3F, 0x81, 0x02, 0xF7, 0xC2, 0xDD, 0xE4, 0xC1, 0x8E,
-        0x80, 0x0C, 0x04, 0x25, 0x2D, 0x80, 0x5A, 0x2E, 0x0F, 0x22,
-        0x35, 0x4A, 0xF4, 0x85, 0xED, 0x51, 0xD8, 0xAB, 0x6D, 0x8F,
-        0xA2, 0x3B, 0x24, 0x00, 0x6E, 0x81, 0xE2, 0x1E, 0x76, 0xD6,
-        0xAC, 0x31, 0x12, 0xDB, 0xF3, 0x8E, 0x07, 0xA1, 0xDE, 0x89,
-        0x4A, 0x39, 0x60, 0x77, 0xC5, 0xAA, 0xF1, 0x51, 0xE6, 0x06,
-        0xF1, 0x95, 0x56, 0x2A, 0xE1, 0x8E, 0x92, 0x30, 0x9F, 0xFE,
-        0x58, 0x44, 0xAC, 0x46, 0xF2, 0xFD, 0x9A, 0xFC, 0xA8, 0x1D,
-        0xA1, 0xD3, 0x55, 0x37, 0x4A, 0x8B, 0xFC, 0x9C, 0x33, 0xF8,
-        0xA7, 0x61, 0x48, 0x41, 0x7C, 0x9C, 0x77, 0x3F, 0xF5, 0x80,
-        0x23, 0x7D, 0x43, 0xB4, 0xD5, 0x88, 0x0A, 0xC9, 0x75, 0xD7,
-        0x44, 0x19, 0x4D, 0x77, 0x6C, 0x0B, 0x0A, 0x49, 0xAA, 0x1C,
-        0x2F, 0xD6, 0x5A, 0x44, 0xA6, 0x47, 0x4D, 0xE5, 0x36, 0x96,
-        0x40, 0x99, 0x2C, 0x56, 0x26, 0xB1, 0xF2, 0x92, 0x31, 0x59,
-        0xD7, 0x2C, 0xD4, 0xB4, 0x21, 0xD6, 0x65, 0x13, 0x0B, 0x3E,
-        0xFB, 0xFF, 0x04, 0xEB, 0xB9, 0x85, 0xB9, 0xD8, 0xD8, 0x28,
-        0x4F, 0x5C, 0x17, 0x96, 0xA3, 0x51, 0xBE, 0xFE, 0x7D, 0x0B,
-        0x1B, 0x48, 0x40, 0x25, 0x76, 0x94, 0xDC, 0x41, 0xFB, 0xBF,
-        0x73, 0x76, 0xDA, 0xEB, 0xB3, 0x62, 0xE7, 0xC1, 0xC8, 0x54,
-        0x6A, 0x93, 0xE1, 0x8D, 0x31, 0xE8, 0x3E, 0x3E, 0xDF, 0xBC,
-        0x87, 0x02, 0x30, 0x22, 0x57, 0xC4, 0xE0, 0x18, 0x7A, 0xD3,
-        0xAE, 0xE4, 0x02, 0x9B, 0xAA, 0xBD, 0x4E, 0x49, 0x47, 0x72,
-        0xE9, 0x8D, 0x13, 0x2D, 0x54, 0x9B, 0x00, 0xA7, 0x91, 0x61,
-        0x71, 0xC9, 0xCC, 0x48, 0x4F, 0xEE, 0xDF, 0x5E, 0x1B, 0x1A,
-        0xDF, 0x67, 0xD3, 0x20, 0xE6, 0x44, 0x45, 0x98, 0x7E, 0xE7,
-        0x0E, 0x63, 0x16, 0x83, 0xC9, 0x26, 0x5D, 0x90, 0xC1, 0xE5,
-        0x2A, 0x5C, 0x45, 0x54, 0x13, 0xB2, 0x81, 0x18, 0x06, 0x20,
-        0x2E, 0x2E, 0x66, 0x5A, 0xB5, 0x7B, 0x6E, 0xD6, 0x0C, 0x4E,
-        0x89, 0x01, 0x56, 0x70, 0xBB, 0xAE, 0xDE, 0xE9, 0x99, 0x5E,
-        0xD1, 0xB9, 0x3A, 0xB7, 0x6C, 0x17, 0xB6, 0x03, 0xA9, 0x08,
-        0xDD, 0x9C, 0xF4, 0x14, 0xC9, 0xC9, 0x59, 0x39, 0x72, 0xD4,
-        0x7E, 0x02, 0x37, 0x31, 0xCD, 0x0E, 0xA7, 0x3D, 0xF8, 0xF2,
-        0xCF, 0x6B, 0x15, 0xAB, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
-        0x82, 0x02, 0x01, 0x00, 0xC5, 0x76, 0x57, 0x7D, 0xF1, 0x68,
-        0x1A, 0x8E, 0xC6, 0x63, 0xB9, 0x16, 0xA3, 0x2B, 0xE1, 0xC2,
-        0x74, 0xEA, 0x12, 0xC4, 0xD6, 0x41, 0x75, 0x6A, 0xA6, 0xD6,
-        0x9E, 0x1A, 0x7F, 0x95, 0xCC, 0x4A, 0xD1, 0xF4, 0xB3, 0x27,
-        0x26, 0x95, 0x5A, 0x91, 0x09, 0xE4, 0x40, 0x13, 0x45, 0x91,
-        0x9F, 0xA0, 0x2B, 0xE8, 0xC3, 0xDC, 0x5B, 0xF6, 0x7D, 0x0C,
-        0xC2, 0x0F, 0xA9, 0xE9, 0x75, 0x58, 0x7D, 0xEA, 0xD5, 0x4D,
-        0x92, 0x3E, 0xFC, 0x74, 0x28, 0x87, 0xC1, 0x3D, 0xB9, 0x21,
-        0x92, 0x4D, 0x28, 0x82, 0x84, 0xA8, 0xA2, 0x11, 0x93, 0xF2,
-        0x8C, 0x29, 0x1C, 0x19, 0xF8, 0x6D, 0x3F, 0x27, 0x51, 0xB5,
-        0x2D, 0xA3, 0xC7, 0x28, 0x1D, 0xC4, 0xFC, 0x98, 0x94, 0xA8,
-        0xD0, 0xFF, 0xF0, 0x0F, 0xDC, 0xF9, 0xED, 0xB3, 0xA2, 0xB6,
-        0xED, 0x0D, 0x5F, 0xBF, 0x78, 0x5C, 0xD7, 0xAF, 0xBD, 0xA3,
-        0xEF, 0x86, 0xE9, 0x51, 0x66, 0xDB, 0x52, 0x37, 0x47, 0x7F,
-        0xE9, 0x5F, 0x3C, 0x94, 0x83, 0x2D, 0xE8, 0x9C, 0x33, 0xF1,
-        0x6C, 0xE9, 0xF3, 0xA6, 0x97, 0xFE, 0xA7, 0xBF, 0x4D, 0x9B,
-        0x20, 0xD5, 0x2F, 0xDE, 0xA4, 0x06, 0xBB, 0xEE, 0x66, 0x49,
-        0x6B, 0xF5, 0x10, 0x85, 0x9F, 0x84, 0x5A, 0x52, 0x3E, 0x0C,
-        0xA0, 0x4A, 0x4C, 0xDA, 0x01, 0xC5, 0x62, 0x31, 0xB1, 0xEC,
-        0xF8, 0xDD, 0xA3, 0x3B, 0xCE, 0x41, 0x3A, 0x12, 0x79, 0xF9,
-        0x97, 0x5B, 0x07, 0x95, 0x9F, 0x86, 0xD6, 0x04, 0x73, 0x6C,
-        0xE8, 0x8F, 0x4C, 0x4C, 0x48, 0x1D, 0x85, 0xC4, 0xE7, 0xCE,
-        0xDE, 0x16, 0x31, 0xF6, 0x5C, 0x37, 0x54, 0x8E, 0x55, 0xBC,
-        0xAF, 0x2E, 0x47, 0xE8, 0xAC, 0x03, 0xB0, 0xA4, 0xF9, 0x90,
-        0x98, 0x99, 0xA4, 0xDC, 0x6E, 0x98, 0x08, 0x5C, 0x07, 0xBB,
-        0x08, 0x93, 0xAF, 0x61, 0x8D, 0x74, 0xA8, 0xF8, 0xC4, 0x89,
-        0x64, 0x10, 0xE1, 0xE6, 0xC0, 0xCD, 0x1D, 0x39, 0x20, 0xD6,
-        0x5A, 0x89, 0x83, 0xFC, 0x37, 0xE2, 0x12, 0x66, 0xA8, 0x12,
-        0xCC, 0x72, 0xBB, 0x1E, 0xFB, 0x6A, 0xE3, 0x7C, 0x71, 0x7E,
-        0xB9, 0x2E, 0x8E, 0x84, 0x66, 0xE1, 0xB9, 0xD0, 0x25, 0x9A,
-        0x6F, 0x9D, 0x19, 0xE6, 0x7E, 0xE8, 0xD8, 0xF0, 0xC5, 0x23,
-        0x16, 0x9A, 0x68, 0x2C, 0x1D, 0x55, 0xAE, 0x8E, 0x90, 0xEE,
-        0x8E, 0xEC, 0x5E, 0x46, 0x9D, 0x60, 0x52, 0x32, 0x17, 0x28,
-        0x59, 0xC4, 0x49, 0x2A, 0x20, 0x3E, 0x95, 0xC5, 0xDF, 0xF6,
-        0x3D, 0xF7, 0xC5, 0xCF, 0xB1, 0xC2, 0xC9, 0x76, 0xF8, 0x3D,
-        0xBE, 0xF4, 0x63, 0xFC, 0x2A, 0x00, 0x6F, 0x99, 0xA6, 0xB6,
-        0xAD, 0x35, 0xEE, 0xDE, 0xC5, 0xE0, 0x97, 0xC6, 0x73, 0xEE,
-        0x33, 0xA0, 0xA8, 0xFC, 0x4C, 0x8F, 0xF2, 0x8C, 0x61, 0xFB,
-        0x03, 0x19, 0xA1, 0xE8, 0x17, 0x4E, 0xE3, 0x21, 0x58, 0xCE,
-        0xFE, 0xF2, 0x5F, 0xBB, 0xDD, 0x4F, 0xF7, 0x18, 0xCB, 0x35,
-        0x57, 0xDD, 0xE5, 0x50, 0x2A, 0x7B, 0x1A, 0xE9, 0x12, 0xF2,
-        0x7A, 0x11, 0xB1, 0x43, 0xB9, 0x70, 0x07, 0x0C, 0x8F, 0x69,
-        0xB9, 0xE5, 0xA5, 0xC9, 0xE2, 0x1B, 0x96, 0x74, 0x11, 0xF5,
-        0x95, 0xB9, 0x58, 0xC0, 0xBD, 0x37, 0xFB, 0x28, 0x2A, 0xBD,
-        0x84, 0xB1, 0x2B, 0x67, 0x42, 0x82, 0xC3, 0x95, 0x55, 0x45,
-        0xD5, 0xEA, 0xC3, 0x8A, 0x42, 0x3A, 0x43, 0x17, 0x5E, 0xCD,
-        0xD2, 0xEA, 0xFC, 0xDF, 0x67, 0xEC, 0xE1, 0x6C, 0xA8, 0x03,
-        0x19, 0xB2, 0x1D, 0x4A, 0x5F, 0x4F, 0xE7, 0xD3, 0xE0, 0x86,
-        0xC5, 0x1A, 0x10, 0xC3, 0x08, 0xD2, 0xED, 0x85, 0x93, 0x08,
-        0x51, 0x05, 0xA6, 0x37, 0x15, 0x32, 0xBD, 0x6C, 0x73, 0x63,
-        0x01, 0x5D, 0x5B, 0x4F, 0x6A, 0xDC, 0x6D, 0x1D, 0x55, 0x91,
-        0x21, 0xE4, 0x8E, 0xB7, 0xF0, 0x81, 0x02, 0x82, 0x01, 0x01,
-        0x00, 0xFD, 0x27, 0xC8, 0xFE, 0x76, 0x5C, 0x89, 0x32, 0xCB,
-        0x8A, 0x22, 0x87, 0x61, 0x48, 0x91, 0x4A, 0x05, 0xAD, 0xA4,
-        0x5C, 0x8A, 0xCA, 0x5C, 0x02, 0x88, 0x7E, 0x51, 0xC5, 0x66,
-        0x90, 0x2C, 0xA3, 0xED, 0xA7, 0x43, 0x19, 0x0B, 0xA2, 0x42,
-        0xB4, 0xE0, 0xE0, 0x45, 0xBF, 0xFE, 0xA0, 0xF2, 0x75, 0x0B,
-        0x8E, 0x7D, 0x9D, 0x73, 0x67, 0xD3, 0x10, 0x09, 0xC5, 0xD9,
-        0x8C, 0xAD, 0x3A, 0x64, 0x72, 0xAD, 0x96, 0x35, 0x91, 0x0F,
-        0x4B, 0xC9, 0xBD, 0x4F, 0x65, 0x47, 0xA6, 0x2D, 0xEB, 0x3F,
-        0xE2, 0x99, 0x72, 0x66, 0x12, 0xED, 0xEB, 0xD2, 0x7C, 0xFF,
-        0x3A, 0x20, 0x37, 0x2A, 0xD3, 0x65, 0x51, 0x9B, 0xC3, 0xAA,
-        0x18, 0xB1, 0x1F, 0x6E, 0x9D, 0x40, 0x47, 0xA4, 0x1F, 0x82,
-        0x9B, 0xDB, 0x50, 0x6B, 0x86, 0x2F, 0xFB, 0x3F, 0x31, 0xB9,
-        0x81, 0x11, 0x04, 0x14, 0x63, 0x86, 0x4F, 0x40, 0x2A, 0xF5,
-        0xF9, 0x7C, 0xA1, 0x78, 0x19, 0x13, 0xD0, 0x51, 0x51, 0x0F,
-        0x79, 0x88, 0x8D, 0x14, 0xA3, 0xDE, 0xB6, 0x33, 0x29, 0x42,
-        0xB9, 0xE8, 0x59, 0x76, 0xF7, 0x43, 0x1A, 0xB6, 0xA6, 0xDF,
-        0x0A, 0xC1, 0x42, 0xC7, 0x3F, 0x1C, 0x7E, 0x5C, 0x2C, 0x91,
-        0x4B, 0x1E, 0xF8, 0x46, 0x91, 0x1F, 0xEE, 0x56, 0xB3, 0x0E,
-        0xC8, 0xD0, 0x31, 0xD3, 0x3D, 0xED, 0x3D, 0xD9, 0xC5, 0x30,
-        0x0C, 0x58, 0xD8, 0xB7, 0xB5, 0xEC, 0x14, 0xAC, 0x41, 0x64,
-        0x6D, 0xE4, 0xC6, 0x59, 0xFD, 0x14, 0x05, 0x60, 0x65, 0xD8,
-        0xC4, 0x84, 0x44, 0x7E, 0x1B, 0xB4, 0xA4, 0x16, 0x75, 0xC1,
-        0x27, 0x96, 0xB2, 0x19, 0xD6, 0x39, 0x54, 0xC0, 0x93, 0xF3,
-        0xD7, 0x1F, 0xCD, 0x1B, 0xDF, 0xF8, 0x12, 0x88, 0x14, 0x9F,
-        0x98, 0x05, 0x47, 0x46, 0x71, 0x81, 0x6C, 0xDF, 0x91, 0xEF,
-        0x53, 0xE3, 0xC5, 0xB1, 0x89, 0x2F, 0xE1, 0x02, 0x82, 0x01,
-        0x01, 0x00, 0xF8, 0x93, 0x4A, 0x28, 0x77, 0x94, 0xEF, 0xE9,
-        0xC4, 0x0A, 0xC3, 0xE8, 0x52, 0x59, 0xB6, 0x1D, 0x8D, 0xCE,
-        0x14, 0xE7, 0x43, 0xC6, 0xED, 0x09, 0x27, 0x5D, 0xF3, 0x8E,
-        0x08, 0x6A, 0x19, 0x6B, 0x2C, 0x97, 0x9B, 0x88, 0x53, 0x2B,
-        0xDA, 0xFE, 0x4B, 0x94, 0x66, 0x84, 0xD5, 0xA9, 0xCE, 0xA5,
-        0x43, 0x70, 0xFB, 0x01, 0x5A, 0x6F, 0xCD, 0xF7, 0xD1, 0x9D,
-        0x51, 0xEE, 0xA0, 0xDC, 0x46, 0xF5, 0x7D, 0xA7, 0xEE, 0xA0,
-        0x86, 0xB7, 0x83, 0xFF, 0x21, 0x8B, 0x76, 0x05, 0x7D, 0xDE,
-        0xC4, 0x26, 0x36, 0xBC, 0xB4, 0x8A, 0x48, 0xC3, 0x06, 0x90,
-        0x97, 0xE5, 0xA6, 0x38, 0xC3, 0xE6, 0x7C, 0xD0, 0xF8, 0x23,
-        0xD2, 0x33, 0x1F, 0x81, 0xC3, 0xE3, 0x7D, 0x85, 0x5A, 0x38,
-        0x10, 0x03, 0xE6, 0x88, 0xDB, 0xC8, 0x4C, 0xD0, 0xF7, 0xB2,
-        0x4D, 0x27, 0x33, 0x85, 0xCD, 0x3A, 0x74, 0x83, 0x6B, 0x82,
-        0x58, 0xD9, 0xDF, 0xEE, 0xF5, 0xD3, 0xE9, 0xFE, 0x1C, 0xEF,
-        0x06, 0x12, 0x16, 0xD1, 0x4C, 0xAE, 0x54, 0x4B, 0x0D, 0x1A,
-        0xBD, 0xE2, 0xCF, 0x56, 0xB3, 0x74, 0xBE, 0x44, 0x4F, 0xA4,
-        0x73, 0x0A, 0x98, 0x8D, 0x61, 0x84, 0x38, 0x46, 0xDC, 0x95,
-        0xCF, 0x3F, 0x6B, 0xE7, 0x65, 0x87, 0x02, 0xBF, 0x4B, 0x57,
-        0xE2, 0x3D, 0xC4, 0x2B, 0x1C, 0x82, 0x1D, 0xCC, 0x13, 0x7F,
-        0xC0, 0x06, 0x12, 0x8C, 0x6F, 0x97, 0x50, 0x7B, 0x8C, 0x81,
-        0xC3, 0x23, 0x15, 0xEB, 0x70, 0x07, 0x8E, 0xA1, 0x07, 0x1E,
-        0x59, 0xFA, 0x10, 0xCA, 0x7E, 0x0F, 0xE2, 0xBB, 0xEE, 0x86,
-        0x26, 0x1E, 0x55, 0xB9, 0x98, 0x66, 0x85, 0xEC, 0x27, 0xC5,
-        0xD9, 0x63, 0x8D, 0x51, 0x77, 0xAA, 0xA0, 0x36, 0x55, 0x33,
-        0x10, 0x21, 0x5E, 0xEC, 0x47, 0x67, 0x71, 0xD1, 0xAF, 0xFC,
-        0x3E, 0x50, 0xF5, 0xBE, 0xD6, 0x92, 0xE7, 0x0B, 0x02, 0x82,
-        0x01, 0x00, 0x21, 0x7C, 0x8A, 0xC4, 0xC6, 0x29, 0x55, 0x68,
-        0xA7, 0xAD, 0xDD, 0x05, 0x65, 0x63, 0xF0, 0xFC, 0x06, 0xA6,
-        0x42, 0x70, 0x8F, 0x57, 0x57, 0x36, 0x6A, 0x91, 0xB3, 0x05,
-        0x56, 0x9C, 0xC9, 0x9A, 0xE1, 0x8B, 0xD7, 0x7F, 0x4F, 0x9F,
-        0xA6, 0x0D, 0x41, 0x15, 0xC9, 0x84, 0x2D, 0x0D, 0x63, 0x25,
-        0x02, 0x63, 0x55, 0xD0, 0x66, 0xFC, 0x9B, 0xD9, 0xAA, 0x41,
-        0x46, 0x96, 0xAA, 0x2F, 0x68, 0x2C, 0x17, 0x34, 0x20, 0x5F,
-        0xD0, 0xD3, 0x28, 0x9B, 0x67, 0x0E, 0x31, 0x9D, 0x14, 0xC3,
-        0xE2, 0x8E, 0x79, 0xD7, 0xBD, 0x12, 0xD1, 0xEF, 0xF8, 0xC6,
-        0xDA, 0x07, 0xF9, 0x4C, 0xF2, 0xD8, 0x45, 0xB5, 0xB6, 0xD1,
-        0xFA, 0x05, 0x0C, 0x20, 0xE9, 0x43, 0xD9, 0xC5, 0xE0, 0x3A,
-        0xDE, 0xCE, 0xF9, 0x02, 0xB9, 0x46, 0x65, 0xC0, 0x69, 0x4A,
-        0x8D, 0x8C, 0x3A, 0x10, 0xFD, 0x15, 0x71, 0x25, 0xB8, 0x8A,
-        0x36, 0x41, 0x4B, 0x30, 0x1C, 0xAF, 0xCC, 0x84, 0x28, 0xCD,
-        0x7D, 0x2B, 0x89, 0x59, 0x88, 0x1A, 0x69, 0x12, 0x56, 0xD0,
-        0x25, 0x68, 0x6C, 0x08, 0xB1, 0x88, 0xE1, 0x92, 0x7E, 0x08,
-        0xB2, 0xC6, 0x3C, 0x6C, 0x35, 0xE8, 0xEE, 0x3E, 0xF4, 0xB8,
-        0x5C, 0x7B, 0xC0, 0x5B, 0xFD, 0x11, 0xA3, 0x54, 0xA6, 0x99,
-        0x46, 0xE2, 0x5F, 0x4F, 0xC7, 0xEE, 0x90, 0x1C, 0x37, 0x5B,
-        0x33, 0x10, 0xDF, 0x0B, 0xC3, 0xB9, 0x47, 0xC2, 0x30, 0x4A,
-        0xF2, 0x1A, 0xEB, 0x41, 0x25, 0x94, 0x29, 0x7A, 0xD0, 0x96,
-        0x88, 0x46, 0xEE, 0x6C, 0x14, 0xF6, 0x5B, 0x3D, 0xBD, 0x4E,
-        0xD4, 0x3F, 0x05, 0x5B, 0x07, 0xB9, 0xE3, 0x99, 0x87, 0x63,
-        0xCA, 0xC4, 0x71, 0x0B, 0x73, 0x9D, 0x7B, 0xB6, 0x0F, 0xD4,
-        0x12, 0x8C, 0x4C, 0x5E, 0x72, 0x3D, 0xFF, 0x6D, 0xC4, 0x61,
-        0x0C, 0x74, 0x5F, 0x53, 0xBE, 0x39, 0x34, 0x61, 0x02, 0x82,
-        0x01, 0x00, 0x5F, 0xF2, 0xF2, 0xB0, 0x16, 0x20, 0x8E, 0x4E,
-        0xCC, 0x96, 0x5F, 0x32, 0x80, 0xFF, 0x11, 0xF5, 0xEC, 0x73,
-        0xBC, 0xCB, 0xDB, 0xF4, 0xA0, 0x30, 0x65, 0x5A, 0xB5, 0x95,
-        0x80, 0x97, 0xFB, 0xC1, 0xCB, 0xCF, 0xA5, 0x80, 0x84, 0xA2,
-        0x2C, 0x00, 0xF6, 0x89, 0x8C, 0xDC, 0xFF, 0x60, 0x71, 0x5C,
-        0x87, 0x60, 0xC7, 0xF2, 0xA8, 0xC6, 0xF9, 0x59, 0x0C, 0x37,
-        0x4E, 0x95, 0xEE, 0xCF, 0xB8, 0x30, 0x30, 0x55, 0xAF, 0x1D,
-        0x95, 0x82, 0xA6, 0xD7, 0xC7, 0x49, 0xFE, 0xBF, 0x75, 0xEB,
-        0x94, 0x09, 0x30, 0x1D, 0xBD, 0x0E, 0x97, 0xB1, 0x78, 0x0A,
-        0x3E, 0x27, 0xAD, 0xF6, 0xC1, 0x5F, 0x69, 0x94, 0x7C, 0x03,
-        0xCF, 0xB2, 0x5E, 0x1A, 0x07, 0xD3, 0xFA, 0xF2, 0x8B, 0x75,
-        0x92, 0x70, 0xFE, 0xFE, 0x9A, 0xDF, 0x81, 0x0F, 0x34, 0x5D,
-        0x45, 0xBC, 0xB8, 0xFD, 0x8F, 0xCF, 0x5D, 0x84, 0x10, 0xEE,
-        0x9A, 0x7F, 0x57, 0x19, 0xF5, 0x17, 0xDC, 0x7D, 0x73, 0x0B,
-        0xAC, 0x6B, 0x35, 0x15, 0x8B, 0x24, 0xCB, 0x72, 0xC0, 0xD7,
-        0x2E, 0xAE, 0xAA, 0xDB, 0xCB, 0x9F, 0x67, 0x86, 0x14, 0xBB,
-        0xE4, 0x90, 0x15, 0x7C, 0x95, 0x44, 0xA5, 0x38, 0x6D, 0x13,
-        0x02, 0x91, 0x77, 0x84, 0x35, 0x43, 0x5D, 0x03, 0x1C, 0x01,
-        0x0B, 0x5A, 0x4E, 0x2B, 0x59, 0xF0, 0xBB, 0xB1, 0xB7, 0x61,
-        0x1B, 0x6C, 0xFC, 0xA1, 0xEA, 0xBD, 0x1C, 0x9A, 0xE4, 0x0C,
-        0x7E, 0x97, 0x3F, 0x71, 0xC6, 0xA7, 0x94, 0x1D, 0x82, 0x12,
-        0xEC, 0x26, 0x43, 0x6E, 0xF6, 0x24, 0x09, 0xA0, 0x03, 0x1D,
-        0x12, 0xFF, 0xA8, 0x95, 0x60, 0x47, 0x4A, 0xB0, 0x72, 0x55,
-        0xC3, 0x68, 0xD2, 0xF6, 0xBC, 0x5B, 0x47, 0x46, 0x51, 0xB2,
-        0xC9, 0x2A, 0x28, 0x6A, 0xC9, 0xD1, 0x1B, 0x35, 0x16, 0x5A,
-        0x26, 0x6F, 0xB7, 0xBB, 0xF7, 0x35, 0x73, 0x2B, 0x02, 0x82,
-        0x01, 0x00, 0x56, 0xBA, 0xD8, 0x02, 0xD7, 0x4B, 0x30, 0x5E,
-        0x1B, 0x1E, 0x2F, 0xF3, 0x0D, 0xBC, 0xF1, 0x05, 0x6A, 0x68,
-        0x4A, 0xE1, 0xEA, 0xB3, 0xDE, 0x61, 0x8C, 0x89, 0x44, 0xBA,
-        0x63, 0x5E, 0xDF, 0x05, 0x24, 0x32, 0x71, 0x65, 0x1A, 0x36,
-        0x2F, 0xBC, 0x07, 0x75, 0xA3, 0xCE, 0x9E, 0x52, 0x92, 0x95,
-        0x4D, 0x3F, 0xC9, 0x06, 0xBC, 0xA1, 0x14, 0x33, 0x37, 0x95,
-        0xAB, 0x9A, 0xEB, 0x04, 0xF6, 0x15, 0xC3, 0x9B, 0x10, 0x56,
-        0x53, 0xA2, 0x28, 0xF2, 0x68, 0xDA, 0x7D, 0x97, 0x52, 0x63,
-        0xAC, 0x9B, 0x56, 0xA9, 0xAB, 0x2E, 0x1E, 0x9E, 0x01, 0x70,
-        0xFF, 0x2B, 0x6D, 0x0C, 0x4B, 0xA6, 0xC3, 0x3A, 0xB3, 0xD1,
-        0xA7, 0x4B, 0x5E, 0x49, 0x2E, 0x95, 0xD6, 0x6A, 0xAE, 0x58,
-        0x13, 0x66, 0x8F, 0x2F, 0x93, 0xE4, 0x6E, 0x8B, 0xFA, 0x94,
-        0x30, 0x3E, 0xEC, 0x96, 0xAB, 0x46, 0x20, 0x3E, 0xC5, 0x30,
-        0xB4, 0xEB, 0x41, 0x00, 0x39, 0x60, 0x1D, 0xE1, 0x20, 0xCE,
-        0x31, 0x70, 0x17, 0x39, 0xCB, 0x76, 0x56, 0x6C, 0x55, 0x7B,
-        0x90, 0x20, 0xBC, 0x39, 0xB2, 0x5B, 0xD1, 0x28, 0x6F, 0x0C,
-        0x4F, 0x45, 0x6B, 0x82, 0xC4, 0x57, 0x23, 0x0C, 0x3F, 0x3F,
-        0x2D, 0x83, 0xB3, 0x3D, 0x8E, 0xF9, 0x1A, 0xDA, 0x77, 0x54,
-        0x2E, 0xFE, 0x16, 0x2E, 0xBA, 0x99, 0xDD, 0xCA, 0xB3, 0xD1,
-        0xD8, 0xBB, 0x87, 0xE1, 0xD0, 0xA9, 0xD4, 0xE6, 0x8F, 0xE8,
-        0x00, 0x3E, 0x49, 0x8A, 0xDD, 0xA6, 0x32, 0x91, 0x00, 0x31,
-        0x31, 0x21, 0x98, 0x18, 0x94, 0xC9, 0x2D, 0x27, 0x05, 0xB7,
-        0x9B, 0x09, 0x2E, 0xBB, 0x5D, 0xBF, 0x67, 0xE8, 0x0E, 0xD1,
-        0x44, 0x75, 0x80, 0x1D, 0x0A, 0x21, 0x8F, 0x95, 0x76, 0xB0,
-        0xFC, 0x19, 0x3C, 0xFF, 0x92, 0xEA, 0x01, 0x45, 0x89, 0xD1,
-        0x4E, 0xFE, 0x4D, 0x2B, 0x4B, 0x18, 0xE6, 0xCE
+        0x30, 0x82, 0x09, 0x42, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06,
+        0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
+        0x05, 0x00, 0x04, 0x82, 0x09, 0x2C, 0x30, 0x82, 0x09, 0x28,
+        0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, 0xF5, 0xD0,
+        0x31, 0xE4, 0x71, 0x59, 0x58, 0xB3, 0x07, 0x50, 0xDD, 0x16,
+        0x79, 0xFC, 0xC6, 0x95, 0x50, 0xFC, 0x46, 0x0E, 0x57, 0x12,
+        0x86, 0x71, 0x8D, 0xE3, 0x9B, 0x4A, 0x33, 0xEA, 0x4F, 0xD9,
+        0x17, 0x13, 0x6D, 0x48, 0x69, 0xDF, 0x59, 0x11, 0x08, 0x02,
+        0x9D, 0xAF, 0x2B, 0xC7, 0x30, 0xBE, 0x0C, 0xDC, 0x87, 0xD4,
+        0x5A, 0x12, 0x09, 0x23, 0x5D, 0xE1, 0x76, 0x5A, 0x62, 0x37,
+        0x46, 0x74, 0xEF, 0x03, 0x05, 0xBB, 0x1E, 0x6D, 0x29, 0x75,
+        0x6C, 0x2E, 0x9D, 0x87, 0x0D, 0x8F, 0x87, 0xCB, 0x14, 0x95,
+        0x9B, 0xBE, 0x17, 0x6B, 0x51, 0xD1, 0x4C, 0xDA, 0xD7, 0x91,
+        0x66, 0xC5, 0x36, 0xEB, 0xE0, 0x07, 0x1A, 0x76, 0x4D, 0xB0,
+        0xFB, 0xC1, 0xF5, 0x5E, 0x05, 0xDB, 0xBA, 0xCB, 0x25, 0xD9,
+        0x99, 0x13, 0x1C, 0xC0, 0x35, 0xDC, 0x40, 0xE9, 0x36, 0xCD,
+        0xC4, 0xD5, 0x7A, 0x41, 0x70, 0x0F, 0x36, 0xEB, 0xA5, 0x4E,
+        0x17, 0x05, 0xD5, 0x75, 0x1B, 0x64, 0x62, 0x7A, 0x3F, 0x0D,
+        0x28, 0x48, 0x6A, 0xE3, 0xAC, 0x9C, 0xA8, 0x8F, 0xE9, 0xED,
+        0xF7, 0xCD, 0x24, 0xA0, 0xB1, 0xA0, 0x03, 0xAC, 0xE3, 0x03,
+        0xF5, 0x3F, 0xD1, 0x96, 0xFF, 0x2A, 0x7E, 0x08, 0xB1, 0xD3,
+        0xE0, 0x18, 0x14, 0xEC, 0x65, 0x37, 0x50, 0x43, 0xC2, 0x6A,
+        0x8C, 0xF4, 0x5B, 0xFE, 0xC4, 0xCB, 0x8D, 0x3F, 0x81, 0x02,
+        0xF7, 0xC2, 0xDD, 0xE4, 0xC1, 0x8E, 0x80, 0x0C, 0x04, 0x25,
+        0x2D, 0x80, 0x5A, 0x2E, 0x0F, 0x22, 0x35, 0x4A, 0xF4, 0x85,
+        0xED, 0x51, 0xD8, 0xAB, 0x6D, 0x8F, 0xA2, 0x3B, 0x24, 0x00,
+        0x6E, 0x81, 0xE2, 0x1E, 0x76, 0xD6, 0xAC, 0x31, 0x12, 0xDB,
+        0xF3, 0x8E, 0x07, 0xA1, 0xDE, 0x89, 0x4A, 0x39, 0x60, 0x77,
+        0xC5, 0xAA, 0xF1, 0x51, 0xE6, 0x06, 0xF1, 0x95, 0x56, 0x2A,
+        0xE1, 0x8E, 0x92, 0x30, 0x9F, 0xFE, 0x58, 0x44, 0xAC, 0x46,
+        0xF2, 0xFD, 0x9A, 0xFC, 0xA8, 0x1D, 0xA1, 0xD3, 0x55, 0x37,
+        0x4A, 0x8B, 0xFC, 0x9C, 0x33, 0xF8, 0xA7, 0x61, 0x48, 0x41,
+        0x7C, 0x9C, 0x77, 0x3F, 0xF5, 0x80, 0x23, 0x7D, 0x43, 0xB4,
+        0xD5, 0x88, 0x0A, 0xC9, 0x75, 0xD7, 0x44, 0x19, 0x4D, 0x77,
+        0x6C, 0x0B, 0x0A, 0x49, 0xAA, 0x1C, 0x2F, 0xD6, 0x5A, 0x44,
+        0xA6, 0x47, 0x4D, 0xE5, 0x36, 0x96, 0x40, 0x99, 0x2C, 0x56,
+        0x26, 0xB1, 0xF2, 0x92, 0x31, 0x59, 0xD7, 0x2C, 0xD4, 0xB4,
+        0x21, 0xD6, 0x65, 0x13, 0x0B, 0x3E, 0xFB, 0xFF, 0x04, 0xEB,
+        0xB9, 0x85, 0xB9, 0xD8, 0xD8, 0x28, 0x4F, 0x5C, 0x17, 0x96,
+        0xA3, 0x51, 0xBE, 0xFE, 0x7D, 0x0B, 0x1B, 0x48, 0x40, 0x25,
+        0x76, 0x94, 0xDC, 0x41, 0xFB, 0xBF, 0x73, 0x76, 0xDA, 0xEB,
+        0xB3, 0x62, 0xE7, 0xC1, 0xC8, 0x54, 0x6A, 0x93, 0xE1, 0x8D,
+        0x31, 0xE8, 0x3E, 0x3E, 0xDF, 0xBC, 0x87, 0x02, 0x30, 0x22,
+        0x57, 0xC4, 0xE0, 0x18, 0x7A, 0xD3, 0xAE, 0xE4, 0x02, 0x9B,
+        0xAA, 0xBD, 0x4E, 0x49, 0x47, 0x72, 0xE9, 0x8D, 0x13, 0x2D,
+        0x54, 0x9B, 0x00, 0xA7, 0x91, 0x61, 0x71, 0xC9, 0xCC, 0x48,
+        0x4F, 0xEE, 0xDF, 0x5E, 0x1B, 0x1A, 0xDF, 0x67, 0xD3, 0x20,
+        0xE6, 0x44, 0x45, 0x98, 0x7E, 0xE7, 0x0E, 0x63, 0x16, 0x83,
+        0xC9, 0x26, 0x5D, 0x90, 0xC1, 0xE5, 0x2A, 0x5C, 0x45, 0x54,
+        0x13, 0xB2, 0x81, 0x18, 0x06, 0x20, 0x2E, 0x2E, 0x66, 0x5A,
+        0xB5, 0x7B, 0x6E, 0xD6, 0x0C, 0x4E, 0x89, 0x01, 0x56, 0x70,
+        0xBB, 0xAE, 0xDE, 0xE9, 0x99, 0x5E, 0xD1, 0xB9, 0x3A, 0xB7,
+        0x6C, 0x17, 0xB6, 0x03, 0xA9, 0x08, 0xDD, 0x9C, 0xF4, 0x14,
+        0xC9, 0xC9, 0x59, 0x39, 0x72, 0xD4, 0x7E, 0x02, 0x37, 0x31,
+        0xCD, 0x0E, 0xA7, 0x3D, 0xF8, 0xF2, 0xCF, 0x6B, 0x15, 0xAB,
+        0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x02, 0x01, 0x00,
+        0xC5, 0x76, 0x57, 0x7D, 0xF1, 0x68, 0x1A, 0x8E, 0xC6, 0x63,
+        0xB9, 0x16, 0xA3, 0x2B, 0xE1, 0xC2, 0x74, 0xEA, 0x12, 0xC4,
+        0xD6, 0x41, 0x75, 0x6A, 0xA6, 0xD6, 0x9E, 0x1A, 0x7F, 0x95,
+        0xCC, 0x4A, 0xD1, 0xF4, 0xB3, 0x27, 0x26, 0x95, 0x5A, 0x91,
+        0x09, 0xE4, 0x40, 0x13, 0x45, 0x91, 0x9F, 0xA0, 0x2B, 0xE8,
+        0xC3, 0xDC, 0x5B, 0xF6, 0x7D, 0x0C, 0xC2, 0x0F, 0xA9, 0xE9,
+        0x75, 0x58, 0x7D, 0xEA, 0xD5, 0x4D, 0x92, 0x3E, 0xFC, 0x74,
+        0x28, 0x87, 0xC1, 0x3D, 0xB9, 0x21, 0x92, 0x4D, 0x28, 0x82,
+        0x84, 0xA8, 0xA2, 0x11, 0x93, 0xF2, 0x8C, 0x29, 0x1C, 0x19,
+        0xF8, 0x6D, 0x3F, 0x27, 0x51, 0xB5, 0x2D, 0xA3, 0xC7, 0x28,
+        0x1D, 0xC4, 0xFC, 0x98, 0x94, 0xA8, 0xD0, 0xFF, 0xF0, 0x0F,
+        0xDC, 0xF9, 0xED, 0xB3, 0xA2, 0xB6, 0xED, 0x0D, 0x5F, 0xBF,
+        0x78, 0x5C, 0xD7, 0xAF, 0xBD, 0xA3, 0xEF, 0x86, 0xE9, 0x51,
+        0x66, 0xDB, 0x52, 0x37, 0x47, 0x7F, 0xE9, 0x5F, 0x3C, 0x94,
+        0x83, 0x2D, 0xE8, 0x9C, 0x33, 0xF1, 0x6C, 0xE9, 0xF3, 0xA6,
+        0x97, 0xFE, 0xA7, 0xBF, 0x4D, 0x9B, 0x20, 0xD5, 0x2F, 0xDE,
+        0xA4, 0x06, 0xBB, 0xEE, 0x66, 0x49, 0x6B, 0xF5, 0x10, 0x85,
+        0x9F, 0x84, 0x5A, 0x52, 0x3E, 0x0C, 0xA0, 0x4A, 0x4C, 0xDA,
+        0x01, 0xC5, 0x62, 0x31, 0xB1, 0xEC, 0xF8, 0xDD, 0xA3, 0x3B,
+        0xCE, 0x41, 0x3A, 0x12, 0x79, 0xF9, 0x97, 0x5B, 0x07, 0x95,
+        0x9F, 0x86, 0xD6, 0x04, 0x73, 0x6C, 0xE8, 0x8F, 0x4C, 0x4C,
+        0x48, 0x1D, 0x85, 0xC4, 0xE7, 0xCE, 0xDE, 0x16, 0x31, 0xF6,
+        0x5C, 0x37, 0x54, 0x8E, 0x55, 0xBC, 0xAF, 0x2E, 0x47, 0xE8,
+        0xAC, 0x03, 0xB0, 0xA4, 0xF9, 0x90, 0x98, 0x99, 0xA4, 0xDC,
+        0x6E, 0x98, 0x08, 0x5C, 0x07, 0xBB, 0x08, 0x93, 0xAF, 0x61,
+        0x8D, 0x74, 0xA8, 0xF8, 0xC4, 0x89, 0x64, 0x10, 0xE1, 0xE6,
+        0xC0, 0xCD, 0x1D, 0x39, 0x20, 0xD6, 0x5A, 0x89, 0x83, 0xFC,
+        0x37, 0xE2, 0x12, 0x66, 0xA8, 0x12, 0xCC, 0x72, 0xBB, 0x1E,
+        0xFB, 0x6A, 0xE3, 0x7C, 0x71, 0x7E, 0xB9, 0x2E, 0x8E, 0x84,
+        0x66, 0xE1, 0xB9, 0xD0, 0x25, 0x9A, 0x6F, 0x9D, 0x19, 0xE6,
+        0x7E, 0xE8, 0xD8, 0xF0, 0xC5, 0x23, 0x16, 0x9A, 0x68, 0x2C,
+        0x1D, 0x55, 0xAE, 0x8E, 0x90, 0xEE, 0x8E, 0xEC, 0x5E, 0x46,
+        0x9D, 0x60, 0x52, 0x32, 0x17, 0x28, 0x59, 0xC4, 0x49, 0x2A,
+        0x20, 0x3E, 0x95, 0xC5, 0xDF, 0xF6, 0x3D, 0xF7, 0xC5, 0xCF,
+        0xB1, 0xC2, 0xC9, 0x76, 0xF8, 0x3D, 0xBE, 0xF4, 0x63, 0xFC,
+        0x2A, 0x00, 0x6F, 0x99, 0xA6, 0xB6, 0xAD, 0x35, 0xEE, 0xDE,
+        0xC5, 0xE0, 0x97, 0xC6, 0x73, 0xEE, 0x33, 0xA0, 0xA8, 0xFC,
+        0x4C, 0x8F, 0xF2, 0x8C, 0x61, 0xFB, 0x03, 0x19, 0xA1, 0xE8,
+        0x17, 0x4E, 0xE3, 0x21, 0x58, 0xCE, 0xFE, 0xF2, 0x5F, 0xBB,
+        0xDD, 0x4F, 0xF7, 0x18, 0xCB, 0x35, 0x57, 0xDD, 0xE5, 0x50,
+        0x2A, 0x7B, 0x1A, 0xE9, 0x12, 0xF2, 0x7A, 0x11, 0xB1, 0x43,
+        0xB9, 0x70, 0x07, 0x0C, 0x8F, 0x69, 0xB9, 0xE5, 0xA5, 0xC9,
+        0xE2, 0x1B, 0x96, 0x74, 0x11, 0xF5, 0x95, 0xB9, 0x58, 0xC0,
+        0xBD, 0x37, 0xFB, 0x28, 0x2A, 0xBD, 0x84, 0xB1, 0x2B, 0x67,
+        0x42, 0x82, 0xC3, 0x95, 0x55, 0x45, 0xD5, 0xEA, 0xC3, 0x8A,
+        0x42, 0x3A, 0x43, 0x17, 0x5E, 0xCD, 0xD2, 0xEA, 0xFC, 0xDF,
+        0x67, 0xEC, 0xE1, 0x6C, 0xA8, 0x03, 0x19, 0xB2, 0x1D, 0x4A,
+        0x5F, 0x4F, 0xE7, 0xD3, 0xE0, 0x86, 0xC5, 0x1A, 0x10, 0xC3,
+        0x08, 0xD2, 0xED, 0x85, 0x93, 0x08, 0x51, 0x05, 0xA6, 0x37,
+        0x15, 0x32, 0xBD, 0x6C, 0x73, 0x63, 0x01, 0x5D, 0x5B, 0x4F,
+        0x6A, 0xDC, 0x6D, 0x1D, 0x55, 0x91, 0x21, 0xE4, 0x8E, 0xB7,
+        0xF0, 0x81, 0x02, 0x82, 0x01, 0x01, 0x00, 0xFD, 0x27, 0xC8,
+        0xFE, 0x76, 0x5C, 0x89, 0x32, 0xCB, 0x8A, 0x22, 0x87, 0x61,
+        0x48, 0x91, 0x4A, 0x05, 0xAD, 0xA4, 0x5C, 0x8A, 0xCA, 0x5C,
+        0x02, 0x88, 0x7E, 0x51, 0xC5, 0x66, 0x90, 0x2C, 0xA3, 0xED,
+        0xA7, 0x43, 0x19, 0x0B, 0xA2, 0x42, 0xB4, 0xE0, 0xE0, 0x45,
+        0xBF, 0xFE, 0xA0, 0xF2, 0x75, 0x0B, 0x8E, 0x7D, 0x9D, 0x73,
+        0x67, 0xD3, 0x10, 0x09, 0xC5, 0xD9, 0x8C, 0xAD, 0x3A, 0x64,
+        0x72, 0xAD, 0x96, 0x35, 0x91, 0x0F, 0x4B, 0xC9, 0xBD, 0x4F,
+        0x65, 0x47, 0xA6, 0x2D, 0xEB, 0x3F, 0xE2, 0x99, 0x72, 0x66,
+        0x12, 0xED, 0xEB, 0xD2, 0x7C, 0xFF, 0x3A, 0x20, 0x37, 0x2A,
+        0xD3, 0x65, 0x51, 0x9B, 0xC3, 0xAA, 0x18, 0xB1, 0x1F, 0x6E,
+        0x9D, 0x40, 0x47, 0xA4, 0x1F, 0x82, 0x9B, 0xDB, 0x50, 0x6B,
+        0x86, 0x2F, 0xFB, 0x3F, 0x31, 0xB9, 0x81, 0x11, 0x04, 0x14,
+        0x63, 0x86, 0x4F, 0x40, 0x2A, 0xF5, 0xF9, 0x7C, 0xA1, 0x78,
+        0x19, 0x13, 0xD0, 0x51, 0x51, 0x0F, 0x79, 0x88, 0x8D, 0x14,
+        0xA3, 0xDE, 0xB6, 0x33, 0x29, 0x42, 0xB9, 0xE8, 0x59, 0x76,
+        0xF7, 0x43, 0x1A, 0xB6, 0xA6, 0xDF, 0x0A, 0xC1, 0x42, 0xC7,
+        0x3F, 0x1C, 0x7E, 0x5C, 0x2C, 0x91, 0x4B, 0x1E, 0xF8, 0x46,
+        0x91, 0x1F, 0xEE, 0x56, 0xB3, 0x0E, 0xC8, 0xD0, 0x31, 0xD3,
+        0x3D, 0xED, 0x3D, 0xD9, 0xC5, 0x30, 0x0C, 0x58, 0xD8, 0xB7,
+        0xB5, 0xEC, 0x14, 0xAC, 0x41, 0x64, 0x6D, 0xE4, 0xC6, 0x59,
+        0xFD, 0x14, 0x05, 0x60, 0x65, 0xD8, 0xC4, 0x84, 0x44, 0x7E,
+        0x1B, 0xB4, 0xA4, 0x16, 0x75, 0xC1, 0x27, 0x96, 0xB2, 0x19,
+        0xD6, 0x39, 0x54, 0xC0, 0x93, 0xF3, 0xD7, 0x1F, 0xCD, 0x1B,
+        0xDF, 0xF8, 0x12, 0x88, 0x14, 0x9F, 0x98, 0x05, 0x47, 0x46,
+        0x71, 0x81, 0x6C, 0xDF, 0x91, 0xEF, 0x53, 0xE3, 0xC5, 0xB1,
+        0x89, 0x2F, 0xE1, 0x02, 0x82, 0x01, 0x01, 0x00, 0xF8, 0x93,
+        0x4A, 0x28, 0x77, 0x94, 0xEF, 0xE9, 0xC4, 0x0A, 0xC3, 0xE8,
+        0x52, 0x59, 0xB6, 0x1D, 0x8D, 0xCE, 0x14, 0xE7, 0x43, 0xC6,
+        0xED, 0x09, 0x27, 0x5D, 0xF3, 0x8E, 0x08, 0x6A, 0x19, 0x6B,
+        0x2C, 0x97, 0x9B, 0x88, 0x53, 0x2B, 0xDA, 0xFE, 0x4B, 0x94,
+        0x66, 0x84, 0xD5, 0xA9, 0xCE, 0xA5, 0x43, 0x70, 0xFB, 0x01,
+        0x5A, 0x6F, 0xCD, 0xF7, 0xD1, 0x9D, 0x51, 0xEE, 0xA0, 0xDC,
+        0x46, 0xF5, 0x7D, 0xA7, 0xEE, 0xA0, 0x86, 0xB7, 0x83, 0xFF,
+        0x21, 0x8B, 0x76, 0x05, 0x7D, 0xDE, 0xC4, 0x26, 0x36, 0xBC,
+        0xB4, 0x8A, 0x48, 0xC3, 0x06, 0x90, 0x97, 0xE5, 0xA6, 0x38,
+        0xC3, 0xE6, 0x7C, 0xD0, 0xF8, 0x23, 0xD2, 0x33, 0x1F, 0x81,
+        0xC3, 0xE3, 0x7D, 0x85, 0x5A, 0x38, 0x10, 0x03, 0xE6, 0x88,
+        0xDB, 0xC8, 0x4C, 0xD0, 0xF7, 0xB2, 0x4D, 0x27, 0x33, 0x85,
+        0xCD, 0x3A, 0x74, 0x83, 0x6B, 0x82, 0x58, 0xD9, 0xDF, 0xEE,
+        0xF5, 0xD3, 0xE9, 0xFE, 0x1C, 0xEF, 0x06, 0x12, 0x16, 0xD1,
+        0x4C, 0xAE, 0x54, 0x4B, 0x0D, 0x1A, 0xBD, 0xE2, 0xCF, 0x56,
+        0xB3, 0x74, 0xBE, 0x44, 0x4F, 0xA4, 0x73, 0x0A, 0x98, 0x8D,
+        0x61, 0x84, 0x38, 0x46, 0xDC, 0x95, 0xCF, 0x3F, 0x6B, 0xE7,
+        0x65, 0x87, 0x02, 0xBF, 0x4B, 0x57, 0xE2, 0x3D, 0xC4, 0x2B,
+        0x1C, 0x82, 0x1D, 0xCC, 0x13, 0x7F, 0xC0, 0x06, 0x12, 0x8C,
+        0x6F, 0x97, 0x50, 0x7B, 0x8C, 0x81, 0xC3, 0x23, 0x15, 0xEB,
+        0x70, 0x07, 0x8E, 0xA1, 0x07, 0x1E, 0x59, 0xFA, 0x10, 0xCA,
+        0x7E, 0x0F, 0xE2, 0xBB, 0xEE, 0x86, 0x26, 0x1E, 0x55, 0xB9,
+        0x98, 0x66, 0x85, 0xEC, 0x27, 0xC5, 0xD9, 0x63, 0x8D, 0x51,
+        0x77, 0xAA, 0xA0, 0x36, 0x55, 0x33, 0x10, 0x21, 0x5E, 0xEC,
+        0x47, 0x67, 0x71, 0xD1, 0xAF, 0xFC, 0x3E, 0x50, 0xF5, 0xBE,
+        0xD6, 0x92, 0xE7, 0x0B, 0x02, 0x82, 0x01, 0x00, 0x21, 0x7C,
+        0x8A, 0xC4, 0xC6, 0x29, 0x55, 0x68, 0xA7, 0xAD, 0xDD, 0x05,
+        0x65, 0x63, 0xF0, 0xFC, 0x06, 0xA6, 0x42, 0x70, 0x8F, 0x57,
+        0x57, 0x36, 0x6A, 0x91, 0xB3, 0x05, 0x56, 0x9C, 0xC9, 0x9A,
+        0xE1, 0x8B, 0xD7, 0x7F, 0x4F, 0x9F, 0xA6, 0x0D, 0x41, 0x15,
+        0xC9, 0x84, 0x2D, 0x0D, 0x63, 0x25, 0x02, 0x63, 0x55, 0xD0,
+        0x66, 0xFC, 0x9B, 0xD9, 0xAA, 0x41, 0x46, 0x96, 0xAA, 0x2F,
+        0x68, 0x2C, 0x17, 0x34, 0x20, 0x5F, 0xD0, 0xD3, 0x28, 0x9B,
+        0x67, 0x0E, 0x31, 0x9D, 0x14, 0xC3, 0xE2, 0x8E, 0x79, 0xD7,
+        0xBD, 0x12, 0xD1, 0xEF, 0xF8, 0xC6, 0xDA, 0x07, 0xF9, 0x4C,
+        0xF2, 0xD8, 0x45, 0xB5, 0xB6, 0xD1, 0xFA, 0x05, 0x0C, 0x20,
+        0xE9, 0x43, 0xD9, 0xC5, 0xE0, 0x3A, 0xDE, 0xCE, 0xF9, 0x02,
+        0xB9, 0x46, 0x65, 0xC0, 0x69, 0x4A, 0x8D, 0x8C, 0x3A, 0x10,
+        0xFD, 0x15, 0x71, 0x25, 0xB8, 0x8A, 0x36, 0x41, 0x4B, 0x30,
+        0x1C, 0xAF, 0xCC, 0x84, 0x28, 0xCD, 0x7D, 0x2B, 0x89, 0x59,
+        0x88, 0x1A, 0x69, 0x12, 0x56, 0xD0, 0x25, 0x68, 0x6C, 0x08,
+        0xB1, 0x88, 0xE1, 0x92, 0x7E, 0x08, 0xB2, 0xC6, 0x3C, 0x6C,
+        0x35, 0xE8, 0xEE, 0x3E, 0xF4, 0xB8, 0x5C, 0x7B, 0xC0, 0x5B,
+        0xFD, 0x11, 0xA3, 0x54, 0xA6, 0x99, 0x46, 0xE2, 0x5F, 0x4F,
+        0xC7, 0xEE, 0x90, 0x1C, 0x37, 0x5B, 0x33, 0x10, 0xDF, 0x0B,
+        0xC3, 0xB9, 0x47, 0xC2, 0x30, 0x4A, 0xF2, 0x1A, 0xEB, 0x41,
+        0x25, 0x94, 0x29, 0x7A, 0xD0, 0x96, 0x88, 0x46, 0xEE, 0x6C,
+        0x14, 0xF6, 0x5B, 0x3D, 0xBD, 0x4E, 0xD4, 0x3F, 0x05, 0x5B,
+        0x07, 0xB9, 0xE3, 0x99, 0x87, 0x63, 0xCA, 0xC4, 0x71, 0x0B,
+        0x73, 0x9D, 0x7B, 0xB6, 0x0F, 0xD4, 0x12, 0x8C, 0x4C, 0x5E,
+        0x72, 0x3D, 0xFF, 0x6D, 0xC4, 0x61, 0x0C, 0x74, 0x5F, 0x53,
+        0xBE, 0x39, 0x34, 0x61, 0x02, 0x82, 0x01, 0x00, 0x5F, 0xF2,
+        0xF2, 0xB0, 0x16, 0x20, 0x8E, 0x4E, 0xCC, 0x96, 0x5F, 0x32,
+        0x80, 0xFF, 0x11, 0xF5, 0xEC, 0x73, 0xBC, 0xCB, 0xDB, 0xF4,
+        0xA0, 0x30, 0x65, 0x5A, 0xB5, 0x95, 0x80, 0x97, 0xFB, 0xC1,
+        0xCB, 0xCF, 0xA5, 0x80, 0x84, 0xA2, 0x2C, 0x00, 0xF6, 0x89,
+        0x8C, 0xDC, 0xFF, 0x60, 0x71, 0x5C, 0x87, 0x60, 0xC7, 0xF2,
+        0xA8, 0xC6, 0xF9, 0x59, 0x0C, 0x37, 0x4E, 0x95, 0xEE, 0xCF,
+        0xB8, 0x30, 0x30, 0x55, 0xAF, 0x1D, 0x95, 0x82, 0xA6, 0xD7,
+        0xC7, 0x49, 0xFE, 0xBF, 0x75, 0xEB, 0x94, 0x09, 0x30, 0x1D,
+        0xBD, 0x0E, 0x97, 0xB1, 0x78, 0x0A, 0x3E, 0x27, 0xAD, 0xF6,
+        0xC1, 0x5F, 0x69, 0x94, 0x7C, 0x03, 0xCF, 0xB2, 0x5E, 0x1A,
+        0x07, 0xD3, 0xFA, 0xF2, 0x8B, 0x75, 0x92, 0x70, 0xFE, 0xFE,
+        0x9A, 0xDF, 0x81, 0x0F, 0x34, 0x5D, 0x45, 0xBC, 0xB8, 0xFD,
+        0x8F, 0xCF, 0x5D, 0x84, 0x10, 0xEE, 0x9A, 0x7F, 0x57, 0x19,
+        0xF5, 0x17, 0xDC, 0x7D, 0x73, 0x0B, 0xAC, 0x6B, 0x35, 0x15,
+        0x8B, 0x24, 0xCB, 0x72, 0xC0, 0xD7, 0x2E, 0xAE, 0xAA, 0xDB,
+        0xCB, 0x9F, 0x67, 0x86, 0x14, 0xBB, 0xE4, 0x90, 0x15, 0x7C,
+        0x95, 0x44, 0xA5, 0x38, 0x6D, 0x13, 0x02, 0x91, 0x77, 0x84,
+        0x35, 0x43, 0x5D, 0x03, 0x1C, 0x01, 0x0B, 0x5A, 0x4E, 0x2B,
+        0x59, 0xF0, 0xBB, 0xB1, 0xB7, 0x61, 0x1B, 0x6C, 0xFC, 0xA1,
+        0xEA, 0xBD, 0x1C, 0x9A, 0xE4, 0x0C, 0x7E, 0x97, 0x3F, 0x71,
+        0xC6, 0xA7, 0x94, 0x1D, 0x82, 0x12, 0xEC, 0x26, 0x43, 0x6E,
+        0xF6, 0x24, 0x09, 0xA0, 0x03, 0x1D, 0x12, 0xFF, 0xA8, 0x95,
+        0x60, 0x47, 0x4A, 0xB0, 0x72, 0x55, 0xC3, 0x68, 0xD2, 0xF6,
+        0xBC, 0x5B, 0x47, 0x46, 0x51, 0xB2, 0xC9, 0x2A, 0x28, 0x6A,
+        0xC9, 0xD1, 0x1B, 0x35, 0x16, 0x5A, 0x26, 0x6F, 0xB7, 0xBB,
+        0xF7, 0x35, 0x73, 0x2B, 0x02, 0x82, 0x01, 0x00, 0x56, 0xBA,
+        0xD8, 0x02, 0xD7, 0x4B, 0x30, 0x5E, 0x1B, 0x1E, 0x2F, 0xF3,
+        0x0D, 0xBC, 0xF1, 0x05, 0x6A, 0x68, 0x4A, 0xE1, 0xEA, 0xB3,
+        0xDE, 0x61, 0x8C, 0x89, 0x44, 0xBA, 0x63, 0x5E, 0xDF, 0x05,
+        0x24, 0x32, 0x71, 0x65, 0x1A, 0x36, 0x2F, 0xBC, 0x07, 0x75,
+        0xA3, 0xCE, 0x9E, 0x52, 0x92, 0x95, 0x4D, 0x3F, 0xC9, 0x06,
+        0xBC, 0xA1, 0x14, 0x33, 0x37, 0x95, 0xAB, 0x9A, 0xEB, 0x04,
+        0xF6, 0x15, 0xC3, 0x9B, 0x10, 0x56, 0x53, 0xA2, 0x28, 0xF2,
+        0x68, 0xDA, 0x7D, 0x97, 0x52, 0x63, 0xAC, 0x9B, 0x56, 0xA9,
+        0xAB, 0x2E, 0x1E, 0x9E, 0x01, 0x70, 0xFF, 0x2B, 0x6D, 0x0C,
+        0x4B, 0xA6, 0xC3, 0x3A, 0xB3, 0xD1, 0xA7, 0x4B, 0x5E, 0x49,
+        0x2E, 0x95, 0xD6, 0x6A, 0xAE, 0x58, 0x13, 0x66, 0x8F, 0x2F,
+        0x93, 0xE4, 0x6E, 0x8B, 0xFA, 0x94, 0x30, 0x3E, 0xEC, 0x96,
+        0xAB, 0x46, 0x20, 0x3E, 0xC5, 0x30, 0xB4, 0xEB, 0x41, 0x00,
+        0x39, 0x60, 0x1D, 0xE1, 0x20, 0xCE, 0x31, 0x70, 0x17, 0x39,
+        0xCB, 0x76, 0x56, 0x6C, 0x55, 0x7B, 0x90, 0x20, 0xBC, 0x39,
+        0xB2, 0x5B, 0xD1, 0x28, 0x6F, 0x0C, 0x4F, 0x45, 0x6B, 0x82,
+        0xC4, 0x57, 0x23, 0x0C, 0x3F, 0x3F, 0x2D, 0x83, 0xB3, 0x3D,
+        0x8E, 0xF9, 0x1A, 0xDA, 0x77, 0x54, 0x2E, 0xFE, 0x16, 0x2E,
+        0xBA, 0x99, 0xDD, 0xCA, 0xB3, 0xD1, 0xD8, 0xBB, 0x87, 0xE1,
+        0xD0, 0xA9, 0xD4, 0xE6, 0x8F, 0xE8, 0x00, 0x3E, 0x49, 0x8A,
+        0xDD, 0xA6, 0x32, 0x91, 0x00, 0x31, 0x31, 0x21, 0x98, 0x18,
+        0x94, 0xC9, 0x2D, 0x27, 0x05, 0xB7, 0x9B, 0x09, 0x2E, 0xBB,
+        0x5D, 0xBF, 0x67, 0xE8, 0x0E, 0xD1, 0x44, 0x75, 0x80, 0x1D,
+        0x0A, 0x21, 0x8F, 0x95, 0x76, 0xB0, 0xFC, 0x19, 0x3C, 0xFF,
+        0x92, 0xEA, 0x01, 0x45, 0x89, 0xD1, 0x4E, 0xFE, 0x4D, 0x2B,
+        0x4B, 0x18, 0xE6, 0xCE
 };
 static const int sizeof_client_key_der_4096 = sizeof(client_key_der_4096);
 
@@ -3205,9 +3211,9 @@ static const int sizeof_client_keypub_der_4096 = sizeof(client_keypub_der_4096);
 static const unsigned char client_cert_der_4096[] =
 {
         0x30, 0x82, 0x07, 0x1D, 0x30, 0x82, 0x05, 0x05, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x2F, 0x36, 0x54, 0x05, 0x64,
-        0x52, 0xDD, 0x0E, 0x75, 0x75, 0x33, 0x7C, 0xB2, 0xCE, 0x9F,
-        0x5C, 0x48, 0x9B, 0xAB, 0x0E, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x12, 0x66, 0xC3, 0xA2, 0x08,
+        0x5C, 0xF7, 0xD0, 0x6E, 0xE9, 0xA8, 0x82, 0xA2, 0xAB, 0x9C,
+        0x0F, 0x76, 0x9E, 0x96, 0xF4, 0x30, 0x0D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
         0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
         0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
@@ -3225,10 +3231,10 @@ static const unsigned char client_cert_der_4096[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
         0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30,
@@ -3323,9 +3329,9 @@ static const unsigned char client_cert_der_4096[] =
         0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
         0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
         0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
-        0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x2F, 0x36,
-        0x54, 0x05, 0x64, 0x52, 0xDD, 0x0E, 0x75, 0x75, 0x33, 0x7C,
-        0xB2, 0xCE, 0x9F, 0x5C, 0x48, 0x9B, 0xAB, 0x0E, 0x30, 0x0C,
+        0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x12, 0x66,
+        0xC3, 0xA2, 0x08, 0x5C, 0xF7, 0xD0, 0x6E, 0xE9, 0xA8, 0x82,
+        0xA2, 0xAB, 0x9C, 0x0F, 0x76, 0x9E, 0x96, 0xF4, 0x30, 0x0C,
         0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
         0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04,
         0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70,
@@ -3335,58 +3341,58 @@ static const unsigned char client_cert_der_4096[] =
         0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05,
         0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48,
         0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82,
-        0x02, 0x01, 0x00, 0xC2, 0x72, 0x38, 0x27, 0xF0, 0x5C, 0x45,
-        0x04, 0x4B, 0x09, 0x0E, 0x5D, 0x98, 0x6E, 0x38, 0x6A, 0xBC,
-        0xFB, 0xA8, 0x85, 0x4F, 0xF2, 0x04, 0x38, 0x63, 0x4F, 0x86,
-        0x4F, 0x3C, 0xF5, 0xFD, 0xF8, 0xCD, 0x89, 0x09, 0x76, 0x72,
-        0x47, 0x97, 0xDF, 0xF8, 0x17, 0x6A, 0x81, 0x3A, 0xB2, 0xB4,
-        0xFC, 0xAC, 0xE9, 0xFC, 0xE2, 0x47, 0x9B, 0x07, 0x6D, 0x9C,
-        0x53, 0xED, 0xD8, 0x64, 0xBC, 0x6C, 0x4D, 0xA9, 0xBD, 0x3E,
-        0x5E, 0xCD, 0x61, 0xBC, 0x8E, 0x82, 0x20, 0xB2, 0x50, 0xBC,
-        0x9E, 0x72, 0xE6, 0x9F, 0x40, 0xFF, 0x6C, 0x4B, 0x38, 0xF8,
-        0x4B, 0x82, 0x0F, 0x7E, 0x49, 0xCD, 0x45, 0x5C, 0xCD, 0x44,
-        0xDE, 0x47, 0x25, 0xB3, 0x57, 0xD0, 0x1A, 0x0D, 0x8D, 0x4D,
-        0xC7, 0xEA, 0x23, 0xFA, 0x03, 0xE8, 0x86, 0xD8, 0x37, 0x89,
-        0x84, 0x2E, 0xE8, 0x53, 0x7A, 0x77, 0xBE, 0x94, 0xEC, 0x70,
-        0xE7, 0xC4, 0x7B, 0x8F, 0x6F, 0x28, 0x67, 0x33, 0x89, 0xEC,
-        0xC9, 0xDF, 0x98, 0x6D, 0x4A, 0xD9, 0xC6, 0x7B, 0xD3, 0xB5,
-        0x82, 0xD0, 0x8A, 0xCE, 0x8F, 0x06, 0xBF, 0xA2, 0xF7, 0xDE,
-        0x4A, 0x45, 0x22, 0x6F, 0xFF, 0x41, 0x6F, 0x08, 0xF5, 0xC3,
-        0x65, 0x25, 0x27, 0xFB, 0x43, 0x3E, 0xCC, 0x25, 0x0A, 0xD3,
-        0x3D, 0xD2, 0x34, 0x9F, 0x89, 0x6B, 0xE2, 0x97, 0x9C, 0x42,
-        0xD9, 0x3E, 0x64, 0x03, 0x45, 0x5F, 0x07, 0x95, 0xED, 0x1A,
-        0x70, 0x6A, 0xBE, 0x3E, 0x7F, 0x7F, 0x16, 0xBE, 0x47, 0xA6,
-        0x6D, 0x3B, 0x0D, 0x27, 0xB3, 0x89, 0xB1, 0xF1, 0xF6, 0xCE,
-        0x99, 0x71, 0x18, 0xB6, 0xC0, 0xC5, 0x9E, 0x76, 0x7A, 0x8E,
-        0xFB, 0x4A, 0xBE, 0x4F, 0xCD, 0xBC, 0x21, 0xA9, 0x4E, 0x9C,
-        0xFC, 0x48, 0x86, 0xFF, 0xE4, 0x63, 0x14, 0x96, 0x3A, 0xEB,
-        0xC8, 0x48, 0xAE, 0x27, 0xBD, 0x43, 0x0C, 0x27, 0x85, 0xE1,
-        0x25, 0x1A, 0x69, 0x48, 0x6C, 0xE7, 0x11, 0xF8, 0xF3, 0x68,
-        0x9D, 0xEE, 0x15, 0x1A, 0xBE, 0xAD, 0x46, 0x33, 0x24, 0x3D,
-        0xBE, 0xB8, 0x0E, 0x6E, 0x4D, 0xEF, 0x12, 0xB6, 0xAE, 0x1B,
-        0x88, 0xBD, 0x0E, 0xA6, 0xFF, 0x91, 0x08, 0xDC, 0xED, 0xAF,
-        0xFA, 0x13, 0x2B, 0xF2, 0xB4, 0x2C, 0xEA, 0x72, 0xC2, 0x85,
-        0xD6, 0xEE, 0x64, 0x09, 0xE1, 0x4E, 0x1A, 0x5A, 0xBD, 0xC2,
-        0x44, 0xC2, 0x95, 0x82, 0x59, 0x0A, 0xD8, 0x27, 0xBC, 0x48,
-        0x4A, 0x8A, 0xA3, 0xC3, 0x77, 0xAC, 0x92, 0xB6, 0x8B, 0x0B,
-        0x13, 0xE2, 0x87, 0xEC, 0x21, 0x7E, 0x7E, 0x52, 0x29, 0x51,
-        0x5C, 0x59, 0xE1, 0xC8, 0xDB, 0x05, 0xCE, 0x9E, 0xF4, 0x36,
-        0xD8, 0x63, 0x42, 0x45, 0x71, 0x9A, 0xEE, 0x0E, 0x24, 0xB0,
-        0xBA, 0xA5, 0xA5, 0xAA, 0xC9, 0xEE, 0x9E, 0xA3, 0xE3, 0xE9,
-        0x7F, 0xC6, 0x64, 0x6C, 0x9E, 0x65, 0x78, 0x88, 0xF2, 0x61,
-        0x6F, 0xD3, 0x3B, 0x9E, 0x0D, 0x16, 0xFA, 0xAD, 0xC2, 0x58,
-        0xAC, 0xBC, 0x14, 0xB1, 0xF7, 0x6F, 0xDB, 0xB9, 0x7E, 0x79,
-        0x81, 0xF1, 0xF8, 0xE9, 0x41, 0x5B, 0xFE, 0xD9, 0xE2, 0x89,
-        0x86, 0x5C, 0x01, 0x03, 0x5D, 0x0C, 0xD9, 0xA9, 0xD6, 0xDF,
-        0x4B, 0x26, 0x5C, 0xAE, 0xE6, 0xDF, 0xB5, 0xC9, 0xF0, 0x86,
-        0xCA, 0x7B, 0x80, 0xDB, 0x6A, 0x86, 0xFD, 0xA9, 0x00, 0x46,
-        0x32, 0x39, 0x5A, 0x72, 0xC4, 0x67, 0x20, 0xDB, 0xD8, 0x7A,
-        0x5D, 0x2D, 0x78, 0xB9, 0xA7, 0xDE, 0x7F, 0xF4, 0x7A, 0x5B,
-        0x0F, 0x38, 0xB0, 0x9E, 0x1A, 0xAE, 0xC5, 0xCC, 0xFF, 0x61,
-        0x5E, 0xEC, 0xF1, 0x0D, 0xF7, 0x0A, 0x22, 0xBB, 0xCB, 0x08,
-        0x2B, 0x91, 0x58, 0x77, 0x1F, 0x90, 0x2B, 0xA3, 0x78, 0xBE,
-        0xEF, 0x4D, 0xD8, 0x8D, 0xE8, 0xF7, 0x31, 0xF8, 0x92, 0x84,
-        0xE5, 0xB2, 0x2A, 0xE8, 0x3A
+        0x02, 0x01, 0x00, 0xB0, 0x00, 0x28, 0x7B, 0xC8, 0x3F, 0xAE,
+        0x93, 0xF5, 0x16, 0x87, 0x30, 0xD6, 0x07, 0x2B, 0x71, 0x16,
+        0x34, 0x1E, 0x5C, 0x48, 0x0F, 0x4A, 0xE7, 0x50, 0x07, 0x9D,
+        0xF4, 0x75, 0x5B, 0x90, 0x53, 0x72, 0x87, 0x2A, 0xBB, 0xEF,
+        0x04, 0xBC, 0x52, 0xD2, 0xBF, 0xFF, 0x27, 0x58, 0x2F, 0x5C,
+        0xAF, 0xBE, 0xF3, 0xF6, 0x00, 0xA2, 0x37, 0x8B, 0xEC, 0x2C,
+        0xD7, 0xB7, 0xE7, 0xBB, 0x3B, 0xCA, 0x6F, 0x9D, 0x42, 0xB7,
+        0x00, 0xB8, 0xC2, 0xA2, 0x8E, 0x8E, 0xE4, 0x57, 0xFD, 0x83,
+        0x4B, 0xB8, 0x47, 0xAA, 0xA1, 0x28, 0xAC, 0xBD, 0xC1, 0x59,
+        0x04, 0x90, 0x17, 0x40, 0x40, 0x35, 0x04, 0xC6, 0x40, 0xA9,
+        0x21, 0xD3, 0x79, 0x45, 0x0E, 0x22, 0xC8, 0x6F, 0xEC, 0xAE,
+        0x58, 0xA5, 0xC2, 0xD8, 0x1B, 0x11, 0x49, 0x94, 0x58, 0xC2,
+        0x11, 0x7D, 0xF8, 0x0A, 0xBB, 0x47, 0xFD, 0xAC, 0xCF, 0xF7,
+        0x23, 0x05, 0x3F, 0xAB, 0x1D, 0x0E, 0x30, 0xC5, 0x98, 0x29,
+        0x13, 0x1A, 0x90, 0x6F, 0xF9, 0x3F, 0xF2, 0xD6, 0xDF, 0x03,
+        0xCC, 0xF1, 0x48, 0xE7, 0x71, 0xE6, 0xC4, 0xCE, 0xF3, 0xF9,
+        0xBF, 0x07, 0xC9, 0xCF, 0xDD, 0x63, 0x0E, 0xFE, 0xBC, 0x93,
+        0x1C, 0x9A, 0x52, 0x7D, 0x63, 0xF9, 0x6D, 0xA5, 0x50, 0xF3,
+        0xEF, 0x54, 0xD7, 0xDA, 0x42, 0x74, 0x85, 0xB1, 0xB4, 0x7C,
+        0xD5, 0x03, 0xCC, 0xB8, 0xC3, 0xBA, 0x1F, 0xB8, 0x4F, 0x5A,
+        0xF9, 0x05, 0xBA, 0x4B, 0x0D, 0x57, 0x8D, 0x05, 0xCF, 0x4F,
+        0xB7, 0xC4, 0x64, 0x2E, 0x2C, 0x10, 0xF3, 0xFA, 0x79, 0x0C,
+        0x8C, 0x1F, 0xCC, 0x84, 0x33, 0x88, 0xFB, 0x77, 0xB5, 0x6E,
+        0x45, 0x35, 0x15, 0xCC, 0x28, 0x80, 0x2B, 0x2D, 0x6B, 0x3F,
+        0xD0, 0xA3, 0x10, 0xD1, 0x53, 0xC0, 0xBB, 0x70, 0x43, 0x79,
+        0x2F, 0xFF, 0x3F, 0x63, 0x26, 0xC5, 0x60, 0x9B, 0x87, 0xE9,
+        0xA2, 0x5B, 0x40, 0x13, 0x41, 0x25, 0xD2, 0x9C, 0x3E, 0x42,
+        0x79, 0x00, 0xE1, 0x12, 0x0E, 0xAA, 0x06, 0xE0, 0x65, 0x59,
+        0xA1, 0xFA, 0xDB, 0xC4, 0xC2, 0x97, 0xA8, 0x87, 0x35, 0x96,
+        0x1C, 0x8E, 0xFF, 0xEB, 0x91, 0xE0, 0x8B, 0xE3, 0x3E, 0xC8,
+        0xB2, 0x8C, 0xD3, 0x84, 0x5E, 0x76, 0x80, 0xD7, 0x29, 0x0A,
+        0x59, 0xCC, 0x71, 0xD5, 0xE5, 0x65, 0x3C, 0x30, 0x38, 0x6E,
+        0xF5, 0x3F, 0x7E, 0x28, 0x0F, 0x3D, 0x15, 0x10, 0x86, 0x30,
+        0x39, 0x56, 0x23, 0x13, 0x30, 0xB4, 0x70, 0xF7, 0x7B, 0xC3,
+        0x0D, 0x51, 0xAD, 0x18, 0xB1, 0x87, 0xB3, 0x3F, 0x1C, 0x69,
+        0xF5, 0xD4, 0x1E, 0x72, 0x66, 0x5E, 0x44, 0xB9, 0x53, 0xBA,
+        0x9E, 0xF0, 0xB8, 0x4A, 0xB1, 0x34, 0x50, 0x98, 0xD8, 0xF2,
+        0xB9, 0xB2, 0xC5, 0xED, 0x73, 0xC9, 0xEE, 0xDD, 0x33, 0x8C,
+        0xCF, 0x72, 0x35, 0xE0, 0x3D, 0x0F, 0x45, 0x2A, 0x89, 0xF9,
+        0xA3, 0x76, 0x40, 0x07, 0x0F, 0xF6, 0x48, 0x6C, 0xF1, 0x8C,
+        0x30, 0x3A, 0xC2, 0x51, 0x06, 0xC2, 0x51, 0x5E, 0x75, 0x98,
+        0x06, 0xE0, 0x1E, 0x29, 0xF7, 0x12, 0x9A, 0x56, 0xA4, 0x38,
+        0x83, 0xB1, 0x8B, 0x86, 0xB6, 0xAB, 0x87, 0xAA, 0x3C, 0x39,
+        0x9D, 0x4D, 0x0C, 0xE8, 0x78, 0x9F, 0x52, 0x47, 0x66, 0x69,
+        0xC8, 0x66, 0x0C, 0xFE, 0xD9, 0x74, 0x1D, 0x78, 0x0B, 0x51,
+        0xE4, 0xD9, 0xC8, 0x35, 0x97, 0x95, 0xC7, 0x31, 0x97, 0x13,
+        0x49, 0xED, 0xAA, 0x9E, 0x9C, 0xFD, 0x66, 0x04, 0x79, 0xD2,
+        0x24, 0x4D, 0x64, 0x8D, 0x3F, 0xCD, 0x94, 0xB0, 0x05, 0x0A,
+        0x30, 0x3B, 0x1C, 0x96, 0xE7, 0x79, 0x00, 0x03, 0x47, 0x55,
+        0x34, 0x51, 0x1F, 0x46, 0x3A, 0x24, 0x47, 0xE6, 0xDD, 0x78,
+        0x89, 0x18, 0x29, 0x32, 0xC5, 0xAD, 0xFB, 0x9C, 0xF7, 0x26,
+        0xAC, 0x56, 0x3E, 0xF7, 0x73
 };
 static const int sizeof_client_cert_der_4096 = sizeof(client_cert_der_4096);
 
@@ -4102,9 +4108,10 @@ static const int sizeof_bench_falcon_level5_key = sizeof(bench_falcon_level5_key
 #endif /* HAVE_FALCON */
 
 #if defined(HAVE_DILITHIUM)
-
 #ifndef WOLFSSL_DILITHIUM_NO_SIGN
 
+/* raw private key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level2_key.der */
 static const unsigned char bench_dilithium_level2_key[] = {
     0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
     0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
@@ -4369,6 +4376,8 @@ static const int sizeof_bench_dilithium_level2_key = sizeof(bench_dilithium_leve
 
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
 
+/* raw public key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level2_key.der */
 static const unsigned char bench_dilithium_level2_pubkey[] = {
     0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
     0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
@@ -4510,6 +4519,8 @@ static const int sizeof_bench_dilithium_level2_pubkey =
 
 #ifndef WOLFSSL_DILITHIUM_NO_SIGN
 
+/* raw private key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level3_key.der */
 static const unsigned char bench_dilithium_level3_key[] = {
     0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
     0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
@@ -4922,6 +4933,8 @@ static const int sizeof_bench_dilithium_level3_key = sizeof(bench_dilithium_leve
 
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
 
+/* raw public key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level3_key.der */
 static const unsigned char bench_dilithium_level3_pubkey[] = {
     0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
     0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
@@ -5127,6 +5140,8 @@ static const int sizeof_bench_dilithium_level3_pubkey =
 
 #ifndef WOLFSSL_DILITHIUM_NO_SIGN
 
+/* raw private key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level5_key.der */
 static const unsigned char bench_dilithium_level5_key[] = {
     0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
     0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
@@ -5625,6 +5640,8 @@ static const int sizeof_bench_dilithium_level5_key = sizeof(bench_dilithium_leve
 
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
 
+/* raw public key without ASN1 syntax from
+ * ./certs/dilithium/bench_dilithium_level5_key.der */
 static const unsigned char bench_dilithium_level5_pubkey[] = {
     0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
     0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
@@ -6076,10 +6093,10 @@ static const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256);
 /* ./certs/client-ecc-cert.der, ECC */
 static const unsigned char cliecc_cert_der_256[] =
 {
-        0x30, 0x82, 0x03, 0x5D, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x37, 0x67, 0x2A, 0x05, 0x24,
-        0xB5, 0x2B, 0xB6, 0xAE, 0x40, 0x6B, 0xE1, 0x75, 0xE0, 0x97,
-        0xCC, 0x1D, 0x12, 0x8B, 0x2A, 0x30, 0x0A, 0x06, 0x08, 0x2A,
+        0x30, 0x82, 0x03, 0x5E, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x75, 0x99, 0xDB, 0x38, 0xED,
+        0x32, 0xB1, 0xC2, 0xD1, 0x2C, 0x5E, 0x6F, 0x6F, 0x9D, 0x47,
+        0x17, 0x58, 0xDD, 0xEE, 0x26, 0x30, 0x0A, 0x06, 0x08, 0x2A,
         0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D,
         0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
         0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55,
@@ -6095,10 +6112,10 @@ static const unsigned char cliecc_cert_der_256[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x33, 0x30, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06,
         0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
@@ -6144,9 +6161,9 @@ static const unsigned char cliecc_cert_der_256[] =
         0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
         0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
         0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
-        0x63, 0x6F, 0x6D, 0x82, 0x14, 0x37, 0x67, 0x2A, 0x05, 0x24,
-        0xB5, 0x2B, 0xB6, 0xAE, 0x40, 0x6B, 0xE1, 0x75, 0xE0, 0x97,
-        0xCC, 0x1D, 0x12, 0x8B, 0x2A, 0x30, 0x0C, 0x06, 0x03, 0x55,
+        0x63, 0x6F, 0x6D, 0x82, 0x14, 0x75, 0x99, 0xDB, 0x38, 0xED,
+        0x32, 0xB1, 0xC2, 0xD1, 0x2C, 0x5E, 0x6F, 0x6F, 0x9D, 0x47,
+        0x17, 0x58, 0xDD, 0xEE, 0x26, 0x30, 0x0C, 0x06, 0x03, 0x55,
         0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
         0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13,
         0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E,
@@ -6155,14 +6172,14 @@ static const unsigned char cliecc_cert_der_256[] =
         0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
         0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
         0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04,
-        0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x7A,
-        0x6D, 0xC5, 0xBD, 0x6F, 0x9D, 0x54, 0x4F, 0xC5, 0x4C, 0xD0,
-        0x12, 0x8C, 0x31, 0x3B, 0xB6, 0x17, 0x80, 0x9E, 0xC7, 0x34,
-        0xF8, 0xC5, 0xDA, 0xFB, 0x61, 0x23, 0x35, 0xE6, 0x93, 0x35,
-        0xB4, 0x02, 0x20, 0x1B, 0x6A, 0x86, 0xC4, 0x11, 0xBE, 0x7C,
-        0x15, 0xA7, 0x5E, 0xAB, 0x85, 0xEE, 0xB7, 0x8C, 0x20, 0xDC,
-        0xEB, 0x17, 0xA3, 0xF2, 0x66, 0x63, 0xAA, 0x6B, 0x67, 0xE0,
-        0x62, 0x1F, 0x17, 0x3E, 0xAC
+        0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x03,
+        0x69, 0x31, 0x45, 0x6F, 0x01, 0x88, 0x6B, 0x63, 0xC6, 0x1C,
+        0xEB, 0x39, 0xE4, 0x9A, 0xA8, 0xE2, 0xE0, 0x34, 0xAC, 0xAC,
+        0xE6, 0xA1, 0xD6, 0xFE, 0xCE, 0x85, 0x98, 0x1E, 0xB0, 0x0D,
+        0xA9, 0x02, 0x21, 0x00, 0xA3, 0xDD, 0x84, 0x5D, 0x08, 0x28,
+        0x4B, 0x8B, 0x58, 0xFB, 0x0D, 0x33, 0xDB, 0x02, 0xEA, 0xC8,
+        0x0C, 0xDA, 0x34, 0x0B, 0x4E, 0x83, 0xA2, 0x10, 0x67, 0x99,
+        0x19, 0x1C, 0x93, 0x91, 0xC8, 0xC7
 };
 static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256);
 
@@ -6224,9 +6241,9 @@ static const int sizeof_ecc_secp_r1_statickey_der_256 = sizeof(ecc_secp_r1_stati
 static const unsigned char serv_ecc_comp_der_256[] =
 {
         0x30, 0x82, 0x03, 0x77, 0x30, 0x82, 0x03, 0x1D, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x21, 0xD7, 0x53, 0x80, 0x24,
-        0x5C, 0xEB, 0xBF, 0xC0, 0xA4, 0x40, 0xF4, 0x42, 0x19, 0x3B,
-        0x83, 0xFD, 0x58, 0xC5, 0xA6, 0x30, 0x0A, 0x06, 0x08, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x0C, 0x33, 0x75, 0x68, 0xFF,
+        0x2E, 0x13, 0x4A, 0x2A, 0x30, 0x56, 0xB4, 0xA8, 0x79, 0x14,
+        0xE2, 0xC4, 0xCA, 0x61, 0x54, 0x30, 0x0A, 0x06, 0x08, 0x2A,
         0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0,
         0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
         0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
@@ -6244,10 +6261,10 @@ static const unsigned char serv_ecc_comp_der_256[] =
         0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
         0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
         0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
-        0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, 0x33,
-        0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, 0x32,
-        0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, 0x32,
-        0x38, 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06,
+        0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38,
+        0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x32,
+        0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33,
+        0x30, 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06,
         0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
         0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
         0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
@@ -6294,8 +6311,8 @@ static const unsigned char serv_ecc_comp_der_256[] =
         0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
         0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
         0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14,
-        0x21, 0xD7, 0x53, 0x80, 0x24, 0x5C, 0xEB, 0xBF, 0xC0, 0xA4,
-        0x40, 0xF4, 0x42, 0x19, 0x3B, 0x83, 0xFD, 0x58, 0xC5, 0xA6,
+        0x0C, 0x33, 0x75, 0x68, 0xFF, 0x2E, 0x13, 0x4A, 0x2A, 0x30,
+        0x56, 0xB4, 0xA8, 0x79, 0x14, 0xE2, 0xC4, 0xCA, 0x61, 0x54,
         0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30,
         0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D,
         0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61,
@@ -6305,14 +6322,14 @@ static const unsigned char serv_ecc_comp_der_256[] =
         0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01,
         0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0A, 0x06, 0x08, 0x2A,
         0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00,
-        0x30, 0x45, 0x02, 0x20, 0x57, 0x1A, 0x59, 0xBC, 0xC9, 0x45,
-        0x0A, 0x46, 0xE6, 0x16, 0xDA, 0x17, 0xCE, 0xC3, 0x0A, 0x57,
-        0x57, 0xF2, 0x3D, 0x15, 0xCD, 0xCA, 0x1B, 0xA7, 0xA8, 0x39,
-        0x2E, 0x9D, 0x09, 0xF3, 0x3E, 0xA0, 0x02, 0x21, 0x00, 0xDE,
-        0xA3, 0x3A, 0x4D, 0x88, 0x38, 0x2B, 0x3A, 0x84, 0xDE, 0x2F,
-        0x0A, 0x81, 0x14, 0x57, 0x7F, 0x7F, 0x2E, 0xD6, 0xA5, 0x4D,
-        0x61, 0x10, 0x69, 0xB9, 0xA2, 0xC6, 0x51, 0xCD, 0x80, 0x4A,
-        0x63
+        0x30, 0x45, 0x02, 0x20, 0x23, 0xD1, 0xF6, 0x8F, 0xD4, 0x29,
+        0x83, 0x27, 0x8F, 0x4A, 0x8E, 0x49, 0x44, 0x49, 0x32, 0x1C,
+        0x12, 0xE4, 0xC1, 0x33, 0xB1, 0x97, 0x2B, 0x31, 0xCD, 0x62,
+        0x47, 0xCB, 0xB6, 0xD0, 0xEB, 0x4D, 0x02, 0x21, 0x00, 0xE0,
+        0x6E, 0xDC, 0x48, 0x70, 0xAA, 0x10, 0xB2, 0x74, 0xD1, 0x88,
+        0xDA, 0xF1, 0x3F, 0xD9, 0xD7, 0xE9, 0xE4, 0x88, 0xE5, 0x91,
+        0x00, 0x03, 0xC1, 0x0C, 0x1F, 0x54, 0xA0, 0xCA, 0x4D, 0x99,
+        0x6A
 };
 static const int sizeof_serv_ecc_comp_der_256 = sizeof(serv_ecc_comp_der_256);
 
@@ -6337,10 +6354,10 @@ static const unsigned char serv_ecc_rsa_der_256[] =
         0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
         0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
         0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
-        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32,
-        0x31, 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17,
-        0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31,
-        0x39, 0x32, 0x38, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30,
+        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32,
+        0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17,
+        0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32,
+        0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30,
         0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
         0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
         0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10,
@@ -6388,9 +6405,9 @@ static const unsigned char serv_ecc_rsa_der_256[] =
         0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
         0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
         0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
-        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x33,
-        0x44, 0x1A, 0xA8, 0x6C, 0x01, 0xEC, 0xF6, 0x60, 0xF2, 0x70,
-        0x51, 0x0A, 0x4C, 0xD1, 0x14, 0xFA, 0xBC, 0xE9, 0x44, 0x30,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x6B,
+        0x9B, 0x70, 0xC6, 0xF1, 0xA3, 0x94, 0x65, 0x19, 0xA1, 0x08,
+        0x58, 0xEF, 0xA7, 0x8D, 0x2B, 0x7A, 0x83, 0xC1, 0xDA, 0x30,
         0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03,
         0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11,
         0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D,
@@ -6400,32 +6417,32 @@ static const unsigned char serv_ecc_rsa_der_256[] =
         0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05,
         0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
         0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03,
-        0x82, 0x01, 0x01, 0x00, 0x16, 0xB7, 0xD3, 0x9C, 0x7C, 0x6E,
-        0xD2, 0xB7, 0x79, 0xAA, 0x5A, 0x16, 0x0B, 0x1E, 0xDA, 0xD0,
-        0xF7, 0xDF, 0x64, 0xC9, 0x3C, 0xB8, 0x41, 0x24, 0x4B, 0x1B,
-        0xC2, 0x83, 0x5E, 0xDF, 0xDE, 0xA8, 0x8A, 0x7C, 0xEB, 0x07,
-        0x75, 0x20, 0xF6, 0xF3, 0x4C, 0xBD, 0x3F, 0x2E, 0xF0, 0xF0,
-        0xDA, 0x4B, 0xC5, 0xD2, 0xC4, 0xF8, 0xDB, 0x34, 0x75, 0xE2,
-        0x32, 0xB4, 0x34, 0x92, 0x8A, 0x7F, 0xD7, 0x84, 0xEA, 0xDF,
-        0x99, 0xCA, 0x64, 0xE6, 0x7C, 0x68, 0x05, 0x1C, 0x75, 0xDE,
-        0x3F, 0x06, 0x65, 0x5D, 0xFC, 0x29, 0xC9, 0x73, 0x0F, 0x4A,
-        0xAD, 0xFD, 0xBC, 0x0D, 0x91, 0x37, 0x67, 0x63, 0x55, 0x65,
-        0x93, 0x99, 0x56, 0x84, 0x25, 0x1B, 0xF1, 0x50, 0x03, 0x31,
-        0x2D, 0x48, 0xAD, 0xA3, 0x38, 0x91, 0x29, 0x88, 0xB8, 0x72,
-        0x08, 0x4C, 0x11, 0x36, 0x35, 0x20, 0x13, 0x78, 0x98, 0xD8,
-        0x84, 0x30, 0xC5, 0x7B, 0x70, 0x24, 0x45, 0x8C, 0xE1, 0x55,
-        0x80, 0x06, 0x5F, 0x19, 0x57, 0x89, 0x58, 0x1C, 0x2A, 0x40,
-        0xFB, 0xF3, 0xA6, 0xBF, 0xEA, 0x41, 0x7A, 0x79, 0x2C, 0xAB,
-        0xFE, 0xB6, 0x16, 0x5D, 0xD5, 0xFA, 0x32, 0x50, 0x9D, 0x89,
-        0xF2, 0xCC, 0x87, 0x7A, 0x57, 0xCF, 0x4D, 0x38, 0xC4, 0xD5,
-        0x33, 0x9A, 0x4D, 0x83, 0xC9, 0x00, 0xB8, 0x36, 0x66, 0x14,
-        0x76, 0x20, 0xC1, 0x7A, 0xC7, 0xF7, 0x0A, 0x94, 0x69, 0xCE,
-        0x0A, 0x0F, 0x81, 0x04, 0x12, 0x5F, 0x71, 0xD0, 0xD1, 0xFF,
-        0x08, 0xD0, 0x89, 0x6F, 0xAC, 0x45, 0xD3, 0x06, 0x23, 0xA0,
-        0x76, 0x88, 0xAD, 0x5D, 0x9A, 0x7A, 0x8C, 0x1F, 0x61, 0xD4,
-        0xD8, 0x21, 0x1D, 0x8E, 0x05, 0x89, 0xD1, 0xD4, 0xD6, 0x86,
-        0x5B, 0x4B, 0x43, 0xE6, 0x03, 0x4A, 0x10, 0x48, 0xF4, 0x1B,
-        0x9D, 0x3B, 0x76, 0xD8, 0x2C, 0xAD, 0xFA, 0x33, 0xA5, 0x70
+        0x82, 0x01, 0x01, 0x00, 0x38, 0xE8, 0x66, 0xC3, 0x74, 0xE0,
+        0x5C, 0x59, 0xA9, 0x12, 0x46, 0xAD, 0x84, 0xE3, 0xB3, 0xFA,
+        0x3E, 0x68, 0x90, 0xD0, 0x06, 0xA4, 0x2C, 0xAB, 0xF7, 0xB3,
+        0xB9, 0x7C, 0x89, 0x62, 0xFB, 0x88, 0xEB, 0x88, 0x04, 0xD9,
+        0x4B, 0xAC, 0x7E, 0x4B, 0x4B, 0x7C, 0x7C, 0x0F, 0xE1, 0xDD,
+        0x73, 0xEE, 0x88, 0xB3, 0xE7, 0x1E, 0x00, 0x7B, 0xFE, 0xAA,
+        0x24, 0x50, 0xD7, 0x3C, 0xC4, 0x03, 0xF2, 0xBA, 0xFD, 0x81,
+        0xCE, 0x7A, 0x0C, 0x1C, 0x48, 0x6A, 0x33, 0xAD, 0xA7, 0xF8,
+        0xF7, 0xCA, 0xF7, 0x00, 0x47, 0x5C, 0xFC, 0xF8, 0x05, 0x98,
+        0x5F, 0xEC, 0xC3, 0xAA, 0x75, 0x93, 0x03, 0xA1, 0x4E, 0x7A,
+        0x37, 0xEC, 0x8B, 0xA9, 0x99, 0xFA, 0x76, 0x85, 0xCB, 0xC3,
+        0x99, 0x29, 0x70, 0x1E, 0x9C, 0x41, 0xF1, 0x49, 0xFD, 0xE8,
+        0xC0, 0x75, 0x0A, 0xDD, 0xA0, 0xE0, 0xD3, 0x6E, 0x7F, 0x93,
+        0x7E, 0x4D, 0x2E, 0xEE, 0xA1, 0xC9, 0xDB, 0xFC, 0x98, 0x86,
+        0xBB, 0x67, 0x7D, 0x2F, 0x74, 0x00, 0x10, 0x7C, 0x24, 0x5B,
+        0x58, 0xF3, 0x5A, 0xED, 0x96, 0x6E, 0x8F, 0x34, 0xEE, 0x47,
+        0x46, 0xBE, 0x3E, 0x96, 0x25, 0x2B, 0x7C, 0x90, 0x5B, 0x65,
+        0x24, 0x48, 0x66, 0x5A, 0x79, 0xA6, 0x6A, 0xF5, 0xED, 0x31,
+        0xCF, 0x0B, 0x29, 0xC3, 0xF1, 0xAB, 0x91, 0x21, 0x9C, 0x79,
+        0x99, 0xC9, 0x5C, 0x4C, 0x2B, 0xAC, 0xF1, 0x21, 0x5C, 0x44,
+        0x07, 0x14, 0x45, 0xE5, 0xE0, 0x84, 0xCE, 0xA3, 0x49, 0x59,
+        0x8D, 0x94, 0x4A, 0x9D, 0x11, 0x20, 0xC3, 0xD3, 0xFC, 0xCE,
+        0x8F, 0x2C, 0x38, 0x5B, 0x38, 0xE7, 0xB2, 0xD0, 0x71, 0x9F,
+        0x3F, 0xDE, 0x4E, 0x08, 0x03, 0xF9, 0x11, 0x58, 0x7C, 0x46,
+        0x04, 0x0A, 0x73, 0x28, 0x68, 0xB8, 0x17, 0x17, 0x02, 0x45,
+        0x9C, 0x65, 0x96, 0x1A, 0xB3, 0x98, 0x4D, 0x3B, 0xFB, 0xC7
 
 };
 static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256);
@@ -6451,10 +6468,10 @@ static const unsigned char serv_ecc_der_256[] =
         0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
         0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
         0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
-        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32,
-        0x31, 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17,
-        0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31,
-        0x39, 0x32, 0x38, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30,
+        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32,
+        0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17,
+        0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32,
+        0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30,
         0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
         0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
         0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F,
@@ -6494,13 +6511,13 @@ static const unsigned char serv_ecc_der_256[] =
         0x01, 0x86, 0xF8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02,
         0x06, 0x40, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE,
         0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02,
-        0x21, 0x00, 0x86, 0xBD, 0x87, 0x16, 0xD2, 0x9C, 0x66, 0xE7,
-        0x5E, 0x5C, 0x28, 0x0E, 0x5F, 0xEF, 0x94, 0x61, 0x2F, 0xD4,
-        0x21, 0x6D, 0x8E, 0xC3, 0x94, 0x0A, 0x1E, 0xB5, 0x6A, 0x1D,
-        0xC6, 0x04, 0x87, 0xC6, 0x02, 0x20, 0x66, 0x46, 0xC4, 0x29,
-        0xD9, 0x8E, 0xEB, 0x0B, 0xF7, 0x5B, 0x32, 0x13, 0xEB, 0x0A,
-        0xEA, 0x47, 0x99, 0x4B, 0x74, 0x56, 0xBA, 0x21, 0x97, 0xB1,
-        0x67, 0x75, 0x5C, 0xF3, 0xF3, 0xC0, 0x88, 0xAA
+        0x21, 0x00, 0x8B, 0x82, 0xA5, 0xD2, 0xF6, 0xCA, 0x84, 0xBA,
+        0xAD, 0x2D, 0xDE, 0x36, 0xE9, 0x2A, 0x4D, 0xEE, 0x4B, 0x20,
+        0x46, 0xBA, 0xAB, 0x4E, 0xD0, 0x10, 0x6E, 0xEB, 0x30, 0xB6,
+        0x7E, 0xD8, 0xAF, 0x8C, 0x02, 0x20, 0x06, 0x74, 0x40, 0x6A,
+        0xA9, 0x31, 0x54, 0xFE, 0x20, 0x9D, 0xC6, 0x6D, 0x2B, 0xDF,
+        0x1D, 0xAA, 0x63, 0xDA, 0xFC, 0x97, 0x50, 0x87, 0x92, 0x69,
+        0xEE, 0x63, 0x57, 0xB6, 0xEC, 0xE2, 0xE9, 0xFA
 };
 static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256);
 
@@ -6527,9 +6544,9 @@ static const int sizeof_ca_ecc_key_der_256 = sizeof(ca_ecc_key_der_256);
 static const unsigned char ca_ecc_cert_der_256[] =
 {
         0x30, 0x82, 0x02, 0x95, 0x30, 0x82, 0x02, 0x3B, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x0F, 0x17, 0x46, 0x70, 0xFD,
-        0xC2, 0x70, 0xD1, 0xF9, 0x42, 0x49, 0x9C, 0x1A, 0xC3, 0x5D,
-        0xDD, 0x30, 0xC8, 0x5F, 0x85, 0x30, 0x0A, 0x06, 0x08, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x30, 0xB9, 0x30, 0x50, 0xF8,
+        0x1A, 0x0D, 0xFF, 0xAD, 0x68, 0xD1, 0x6D, 0xE8, 0xA3, 0x6B,
+        0x58, 0x23, 0x33, 0x7A, 0x84, 0x30, 0x0A, 0x06, 0x08, 0x2A,
         0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97,
         0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
         0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
@@ -6546,10 +6563,10 @@ static const unsigned char ca_ecc_cert_der_256[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A,
         0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E,
@@ -6585,14 +6602,14 @@ static const unsigned char ca_ecc_cert_der_256[] =
         0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F,
         0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30,
         0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03,
-        0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0xC8,
-        0x64, 0x7F, 0xEE, 0x4B, 0xBE, 0x83, 0x48, 0x13, 0xEA, 0x92,
-        0xF8, 0x1A, 0x82, 0x1E, 0x85, 0xB1, 0x5A, 0xA4, 0x1C, 0xE3,
-        0xE8, 0xEA, 0x25, 0x44, 0x6F, 0xE7, 0x70, 0xFD, 0xEB, 0xF3,
-        0x76, 0x02, 0x20, 0x44, 0x02, 0xA2, 0xEC, 0xC5, 0xA1, 0xAE,
-        0xE2, 0xA4, 0x8A, 0xD9, 0x13, 0x95, 0x2B, 0xA6, 0x5B, 0x09,
-        0x57, 0x86, 0x61, 0x42, 0x96, 0x97, 0xF0, 0x95, 0x62, 0x0C,
-        0x03, 0xE6, 0x53, 0x04, 0x25
+        0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0x88,
+        0xCC, 0x7F, 0x00, 0xF5, 0xA9, 0x4E, 0xC0, 0x69, 0x6E, 0x36,
+        0x39, 0x24, 0x8F, 0x83, 0x45, 0x4D, 0xFA, 0xD0, 0x39, 0x14,
+        0xB8, 0xC8, 0x7F, 0x95, 0x51, 0xF2, 0xC5, 0x98, 0xC0, 0xB7,
+        0xE2, 0x02, 0x20, 0x2A, 0x93, 0x61, 0xB0, 0x06, 0xDE, 0xEB,
+        0xDA, 0xFD, 0xAF, 0x6B, 0x39, 0xBF, 0x88, 0x17, 0xF1, 0xBA,
+        0x2A, 0x7D, 0x59, 0xA8, 0xDE, 0xE7, 0x0A, 0x11, 0x83, 0x4F,
+        0x92, 0x77, 0x8D, 0x92, 0x3B
 };
 static const int sizeof_ca_ecc_cert_der_256 = sizeof(ca_ecc_cert_der_256);
 
@@ -6623,9 +6640,9 @@ static const int sizeof_ca_ecc_key_der_384 = sizeof(ca_ecc_key_der_384);
 static const unsigned char ca_ecc_cert_der_384[] =
 {
         0x30, 0x82, 0x02, 0xD2, 0x30, 0x82, 0x02, 0x58, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x2E, 0xEA, 0xF0, 0x11, 0x40,
-        0x1E, 0xAD, 0xFA, 0xA7, 0x85, 0x68, 0x65, 0x7A, 0x25, 0x2B,
-        0x13, 0xB7, 0x61, 0xD7, 0x80, 0x30, 0x0A, 0x06, 0x08, 0x2A,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x4E, 0x08, 0x67, 0x9D, 0x29,
+        0x61, 0x47, 0x3E, 0x2A, 0x23, 0x82, 0xCD, 0xCF, 0xCB, 0x53,
+        0x2A, 0xB8, 0x02, 0x22, 0x57, 0x30, 0x0A, 0x06, 0x08, 0x2A,
         0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x30, 0x81, 0x97,
         0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
         0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
@@ -6642,10 +6659,10 @@ static const unsigned char ca_ecc_cert_der_384[] =
         0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
         0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
         0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
-        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31,
-        0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D,
-        0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x38, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09,
+        0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31,
+        0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D,
+        0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35,
+        0x32, 0x39, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09,
         0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
         0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A,
         0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E,
@@ -6684,17 +6701,17 @@ static const unsigned char ca_ecc_cert_der_384[] =
         0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01,
         0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A,
         0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03,
-        0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, 0x00, 0xBD, 0x2E,
-        0x67, 0x71, 0x54, 0xBE, 0xB8, 0x5E, 0x29, 0x19, 0xD3, 0x18,
-        0xF7, 0xE1, 0xAE, 0x79, 0xF0, 0xCC, 0x09, 0xC3, 0x91, 0xC0,
-        0x81, 0xAB, 0xD7, 0xB7, 0x21, 0xF8, 0x4F, 0xDA, 0xBC, 0xAD,
-        0x0E, 0xFC, 0x3D, 0x54, 0x32, 0x21, 0x3A, 0x67, 0xC5, 0x26,
-        0x35, 0xE9, 0x33, 0xB2, 0x58, 0xD2, 0x02, 0x30, 0x64, 0x2F,
-        0xFB, 0x10, 0xD0, 0x65, 0xB5, 0xAC, 0xBB, 0xB3, 0x41, 0x64,
-        0x24, 0xEB, 0x0A, 0x6B, 0xAE, 0xA4, 0xED, 0x3E, 0xC8, 0x62,
-        0x81, 0x45, 0x97, 0x92, 0xAD, 0x61, 0xEB, 0x69, 0x54, 0xCE,
-        0x42, 0x83, 0xBB, 0x68, 0x23, 0x20, 0xF7, 0xB2, 0x5A, 0x55,
-        0x0C, 0xD4, 0xE6, 0x13, 0x42, 0x61
+        0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x1D, 0x3F, 0x92,
+        0x02, 0xB2, 0x46, 0x54, 0xEE, 0x9E, 0x0D, 0x90, 0x03, 0x73,
+        0x6A, 0xAB, 0x04, 0x5A, 0x41, 0xFE, 0xF4, 0x1B, 0xFD, 0xD6,
+        0x99, 0xCC, 0x7A, 0x6C, 0xFD, 0x52, 0xDA, 0x2E, 0x4E, 0x78,
+        0xFE, 0xEF, 0x79, 0x74, 0x12, 0x5E, 0x04, 0x9D, 0x2C, 0xE4,
+        0xE7, 0x1A, 0x4D, 0xD3, 0x1E, 0x02, 0x31, 0x00, 0xB7, 0x34,
+        0xE8, 0x4C, 0x69, 0x70, 0xDB, 0xFD, 0x1A, 0x48, 0xC5, 0xDC,
+        0x8E, 0xEF, 0x15, 0xCA, 0x13, 0xEE, 0xF8, 0x4F, 0x27, 0x5F,
+        0xD2, 0x3A, 0x6A, 0x06, 0x7D, 0xF3, 0x32, 0xA7, 0x75, 0x97,
+        0x27, 0x6D, 0x60, 0xED, 0xA2, 0x9F, 0x9F, 0x7E, 0x66, 0x43,
+        0xF9, 0x15, 0x1D, 0x65, 0x5D, 0x49
 };
 static const int sizeof_ca_ecc_cert_der_384 = sizeof(ca_ecc_cert_der_384);
 
@@ -6783,9 +6800,9 @@ static const unsigned char server_ed25519_cert[] =
         0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, 0x92, 0x26,
         0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07, 0x77,
         0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30, 0x1E, 0x17, 0x0D,
-        0x32, 0x33, 0x31, 0x32, 0x31, 0x33, 0x32, 0x32, 0x31, 0x39,
-        0x32, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x39, 0x30,
-        0x38, 0x32, 0x32, 0x31, 0x39, 0x32, 0x39, 0x5A, 0x30, 0x81,
+        0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35,
+        0x33, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x37, 0x30, 0x39, 0x31,
+        0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x30, 0x81,
         0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
         0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
         0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
@@ -6823,14 +6840,14 @@ static const unsigned char server_ed25519_cert[] =
         0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
         0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8,
         0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, 0x40, 0x30,
-        0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x22,
-        0xD7, 0x34, 0xAC, 0x33, 0x65, 0x8B, 0x18, 0xA4, 0x34, 0xF9,
-        0x3A, 0xE6, 0xCE, 0xC1, 0x77, 0xA6, 0x3D, 0x2A, 0x2A, 0xEE,
-        0x22, 0xAD, 0x6E, 0xFC, 0x36, 0xFC, 0x98, 0x8D, 0x8A, 0xFD,
-        0x3F, 0xCB, 0xA9, 0x74, 0x01, 0x25, 0x96, 0x05, 0xE1, 0x39,
-        0x13, 0x8B, 0xD9, 0x05, 0x6D, 0xC9, 0xBA, 0x0E, 0x5D, 0x36,
-        0xBF, 0x39, 0x03, 0x57, 0x2A, 0x55, 0xFC, 0xE3, 0x53, 0xC3,
-        0x1B, 0xE1, 0x0B
+        0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x04,
+        0x19, 0x32, 0xE4, 0x24, 0xE5, 0xDF, 0x5A, 0xA4, 0x19, 0xC4,
+        0x31, 0x15, 0x81, 0x05, 0x4C, 0x45, 0x0A, 0x40, 0x4A, 0x5D,
+        0x6A, 0x8B, 0x0A, 0x77, 0x02, 0xFE, 0x48, 0x82, 0xD2, 0x83,
+        0x8D, 0xDE, 0x42, 0xB8, 0xCF, 0x02, 0xDC, 0x64, 0x2C, 0xBD,
+        0x8C, 0x9D, 0x22, 0x16, 0xD8, 0x7A, 0x23, 0x65, 0x5D, 0xB0,
+        0x25, 0x92, 0xAC, 0xA8, 0x6C, 0xDE, 0xDF, 0x1D, 0xEB, 0x64,
+        0xE4, 0x8A, 0x06
 };
 static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert);
 
@@ -6866,10 +6883,10 @@ static const unsigned char ca_ed25519_cert[] =
         0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
         0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
         0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
-        0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31,
-        0x32, 0x31, 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x39, 0x5A,
-        0x17, 0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32,
-        0x31, 0x39, 0x32, 0x39, 0x5A, 0x30, 0x81, 0xB4, 0x31, 0x0B,
+        0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31,
+        0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A,
+        0x17, 0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31,
+        0x32, 0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0xB4, 0x31, 0x0B,
         0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
         0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08,
         0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31,
@@ -6903,13 +6920,13 @@ static const unsigned char ca_ed25519_cert[] =
         0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06,
         0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03,
         0x02, 0x01, 0x86, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70,
-        0x03, 0x41, 0x00, 0xE6, 0x71, 0xA0, 0x59, 0x63, 0xB4, 0x31,
-        0x31, 0x1F, 0x75, 0x06, 0xCE, 0xF1, 0x89, 0xF0, 0xE7, 0xA2,
-        0xDB, 0xA8, 0xC1, 0xE4, 0xC8, 0x61, 0x38, 0x0C, 0xE6, 0xE9,
-        0xE7, 0xB9, 0x9F, 0xCE, 0xE2, 0xF5, 0x49, 0xA3, 0xF5, 0x04,
-        0x1E, 0x85, 0xF7, 0x7D, 0x10, 0xFB, 0x1D, 0xEE, 0xB6, 0xDC,
-        0x5E, 0x51, 0xF1, 0x82, 0x33, 0xA4, 0xED, 0xE0, 0x0A, 0x65,
-        0x09, 0x2B, 0x0E, 0x1E, 0xB2, 0xAF, 0x0B
+        0x03, 0x41, 0x00, 0x44, 0xEB, 0x38, 0xC6, 0x27, 0xD4, 0x70,
+        0x42, 0x3F, 0x9B, 0xA0, 0xD7, 0x90, 0x96, 0xD6, 0x6E, 0x42,
+        0x38, 0x5B, 0x38, 0x38, 0x9F, 0x21, 0xCA, 0xB0, 0xFA, 0x5E,
+        0x7C, 0x17, 0xB4, 0x32, 0x5C, 0xB3, 0x08, 0xA2, 0x65, 0x50,
+        0xD7, 0x65, 0x6B, 0xF8, 0xA9, 0xEF, 0x0D, 0xD1, 0x54, 0x2D,
+        0x4D, 0xB6, 0x0F, 0x42, 0x9E, 0x51, 0xF7, 0xDB, 0xA7, 0xBF,
+        0x16, 0x23, 0xC4, 0xBD, 0x7D, 0xC9, 0x03
 };
 static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert);
 
@@ -6917,9 +6934,9 @@ static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert);
 static const unsigned char client_ed25519_cert[] =
 {
         0x30, 0x82, 0x03, 0x9F, 0x30, 0x82, 0x03, 0x51, 0xA0, 0x03,
-        0x02, 0x01, 0x02, 0x02, 0x14, 0x31, 0xE6, 0x4A, 0xB1, 0x6B,
-        0x4E, 0x2E, 0x77, 0x7B, 0xD6, 0xE3, 0x94, 0x8A, 0xCF, 0x02,
-        0xB7, 0x58, 0x5A, 0xFB, 0xAB, 0x30, 0x05, 0x06, 0x03, 0x2B,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x33, 0x8B, 0x57, 0xD5, 0x8E,
+        0x84, 0x67, 0x6A, 0xE1, 0xED, 0xF2, 0xB9, 0x11, 0x16, 0x5E,
+        0x12, 0xE5, 0x0C, 0x78, 0x8A, 0x30, 0x05, 0x06, 0x03, 0x2B,
         0x65, 0x70, 0x30, 0x81, 0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06,
         0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
         0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
@@ -6939,9 +6956,9 @@ static const unsigned char client_ed25519_cert[] =
         0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A,
         0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01,
         0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30,
-        0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, 0x33, 0x32,
-        0x32, 0x31, 0x39, 0x32, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x36,
-        0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, 0x32, 0x39,
+        0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32,
+        0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x37,
+        0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30,
         0x5A, 0x30, 0x81, 0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
         0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
         0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F,
@@ -6992,9 +7009,9 @@ static const unsigned char client_ed25519_cert[] =
         0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06,
         0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01,
         0x01, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
-        0x82, 0x14, 0x31, 0xE6, 0x4A, 0xB1, 0x6B, 0x4E, 0x2E, 0x77,
-        0x7B, 0xD6, 0xE3, 0x94, 0x8A, 0xCF, 0x02, 0xB7, 0x58, 0x5A,
-        0xFB, 0xAB, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
+        0x82, 0x14, 0x33, 0x8B, 0x57, 0xD5, 0x8E, 0x84, 0x67, 0x6A,
+        0xE1, 0xED, 0xF2, 0xB9, 0x11, 0x16, 0x5E, 0x12, 0xE5, 0x0C,
+        0x78, 0x8A, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
         0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03,
         0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65,
         0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D,
@@ -7002,14 +7019,14 @@ static const unsigned char client_ed25519_cert[] =
         0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B,
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B,
         0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x05, 0x06,
-        0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x92, 0xAC, 0x52,
-        0xCF, 0x34, 0xC2, 0x76, 0x8A, 0x78, 0xF7, 0xEF, 0xDA, 0x3F,
-        0x79, 0xE9, 0x66, 0xD1, 0xDE, 0xE1, 0xD7, 0x56, 0xB5, 0x4B,
-        0xCF, 0xA7, 0xC2, 0x03, 0xAF, 0xCC, 0x23, 0x11, 0x4B, 0x44,
-        0x0C, 0x33, 0xCE, 0x45, 0xE0, 0x33, 0xEB, 0xCC, 0xC9, 0xF8,
-        0x38, 0x5B, 0x19, 0x6F, 0x86, 0x4D, 0x97, 0x30, 0xD1, 0x55,
-        0x6E, 0xCB, 0x5F, 0x39, 0xC9, 0xA3, 0x22, 0x16, 0x66, 0x5F,
-        0x07
+        0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0xAA, 0xC7, 0xBD,
+        0x8E, 0x56, 0x40, 0xAB, 0x7D, 0x9C, 0x55, 0xF0, 0x4D, 0x1D,
+        0x97, 0xE9, 0x03, 0x62, 0x11, 0xCA, 0x51, 0xAD, 0x80, 0xCF,
+        0x1A, 0x2C, 0x2C, 0x5B, 0x2D, 0x71, 0xFE, 0xDB, 0x1D, 0x4B,
+        0xCD, 0x4B, 0x8B, 0x2D, 0x12, 0xF7, 0x01, 0xEE, 0xFB, 0x7D,
+        0x2E, 0x21, 0xFC, 0x81, 0xDE, 0x84, 0x59, 0xC8, 0xA5, 0x1E,
+        0x92, 0xE3, 0x21, 0x58, 0xD1, 0x3E, 0x8A, 0x71, 0x91, 0x2D,
+        0x0E
 };
 static const int sizeof_client_ed25519_cert = sizeof(client_ed25519_cert);
 
diff --git a/wolfssl/crl.h b/wolfssl/crl.h
index 5e5205ea2..56f500314 100644
--- a/wolfssl/crl.h
+++ b/wolfssl/crl.h
@@ -1,6 +1,6 @@
 /* crl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,7 +45,10 @@ WOLFSSL_LOCAL int  CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert);
 WOLFSSL_LOCAL int  CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash,
         byte* serial, int serialSz, byte* serialHash, const byte* extCrlInfo,
         int extCrlInfoSz, void* issuerName);
-
+#ifdef HAVE_CRL_UPDATE_CB
+WOLFSSL_LOCAL int  GetCRLInfo(WOLFSSL_CRL* crl, CrlInfo* info, const byte* buff,
+        long sz, int type);
+#endif
 
 #ifdef __cplusplus
     }  /* extern "C" */
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index 6354f635a..bc3e64100 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -1,6 +1,6 @@
 /* error-ssl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,6 +35,19 @@
 #endif
 
 enum wolfSSL_ErrorCodes {
+    WOLFSSL_FATAL_ERROR          =   -1,   /* must be -1 for backward compat. */
+
+    /* negative counterparts to namesake positive constants in ssl.h */
+    WOLFSSL_ERROR_WANT_READ_E    =   -2,
+    WOLFSSL_ERROR_WANT_WRITE_E   =   -3,
+    WOLFSSL_ERROR_WANT_X509_LOOKUP_E = -4,
+    WOLFSSL_ERROR_SYSCALL_E      =   -5,
+    WOLFSSL_ERROR_ZERO_RETURN_E  =   -6,
+    WOLFSSL_ERROR_WANT_CONNECT_E =   -7,
+    WOLFSSL_ERROR_WANT_ACCEPT_E  =   -8,
+
+    WOLFSSL_FIRST_E              = -301,   /* start of native TLS codes */
+
     INPUT_CASE_ERROR             = -301,   /* process input state error */
     PREFIX_ERROR                 = -302,   /* bad index to key rounds  */
     MEMORY_ERROR                 = -303,   /* out of memory            */
@@ -79,12 +92,14 @@ enum wolfSSL_ErrorCodes {
     ZERO_RETURN                  = -343,   /* peer sent close notify */
     SIDE_ERROR                   = -344,   /* wrong client/server type */
     NO_PEER_CERT                 = -345,   /* peer didn't send key */
+
     ECC_CURVETYPE_ERROR          = -350,   /* Bad ECC Curve Type */
     ECC_CURVE_ERROR              = -351,   /* Bad ECC Curve */
     ECC_PEERKEY_ERROR            = -352,   /* Bad Peer ECC Key */
     ECC_MAKEKEY_ERROR            = -353,   /* Bad Make ECC Key */
     ECC_EXPORT_ERROR             = -354,   /* Bad ECC Export Key */
     ECC_SHARED_ERROR             = -355,   /* Bad ECC Shared Secret */
+
     NOT_CA_ERROR                 = -357,   /* Not a CA cert error */
 
     BAD_CERT_MANAGER_ERROR       = -359,   /* Bad Cert Manager */
@@ -100,7 +115,7 @@ enum wolfSSL_ErrorCodes {
     COOKIE_ERROR                 = -369,   /* dtls cookie error */
     SEQUENCE_ERROR               = -370,   /* dtls sequence error */
     SUITES_ERROR                 = -371,   /* suites pointer error */
-
+    MAX_CERT_EXTENSIONS_ERR      = -372,   /* max cert extension exceeded */
     OUT_OF_ORDER_E               = -373,   /* out of order message */
     BAD_KEA_TYPE_E               = -374,   /* bad KEA type found */
     SANITY_CIPHER_E              = -375,   /* sanity check on cipher error */
@@ -185,24 +200,59 @@ enum wolfSSL_ErrorCodes {
     DTLS_CID_ERROR               = -454,   /* Wrong or missing CID */
     DTLS_TOO_MANY_FRAGMENTS_E    = -455,   /* Received too many fragments */
     QUIC_WRONG_ENC_LEVEL         = -456,   /* QUIC data received on wrong encryption level */
-
     DUPLICATE_TLS_EXT_E          = -457,   /* Duplicate TLS extension in msg. */
-    /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
 
-    /* begin negotiation parameter errors */
+    /* legacy CyaSSL compat layer error codes */
+    WOLFSSL_ALPN_NOT_FOUND       = -458,   /* TLS extension not found */
+    WOLFSSL_BAD_CERTTYPE         = -459,   /* Certificate type not supported */
+    WOLFSSL_BAD_STAT             = -460,   /* not used */
+    WOLFSSL_BAD_PATH             = -461,   /* No certificates found at designated path */
+    WOLFSSL_BAD_FILETYPE         = -462,   /* Data format not supported */
+    WOLFSSL_BAD_FILE             = -463,   /* Input/output error on file */
+    WOLFSSL_NOT_IMPLEMENTED      = -464,   /* Function not implemented */
+    WOLFSSL_UNKNOWN              = -465,   /* Unknown algorithm (EVP) */
+
+    /* negotiation parameter errors */
     UNSUPPORTED_SUITE            = -500,   /* unsupported cipher suite */
     MATCH_SUITE_ERROR            = -501,   /* can't match cipher suite */
     COMPRESSION_ERROR            = -502,   /* compression mismatch */
     KEY_SHARE_ERROR              = -503,   /* key share mismatch */
     POST_HAND_AUTH_ERROR         = -504,   /* client won't do post-hand auth */
     HRR_COOKIE_ERROR             = -505,   /* HRR msg cookie mismatch */
-    UNSUPPORTED_CERTIFICATE      = -506    /* unsupported certificate type */
-    /* end negotiation parameter errors only 10 for now */
-    /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
+    UNSUPPORTED_CERTIFICATE      = -506,   /* unsupported certificate type */
 
-    /* no error strings go down here, add above negotiation errors !!!! */
+    /* PEM and EVP errors */
+    WOLFSSL_PEM_R_NO_START_LINE_E = -507,
+    WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E = -508,
+    WOLFSSL_PEM_R_BAD_PASSWORD_READ_E = -509,
+    WOLFSSL_PEM_R_BAD_DECRYPT_E  = -510,
+    WOLFSSL_ASN1_R_HEADER_TOO_LONG_E = -511,
+
+    WOLFSSL_EVP_R_BAD_DECRYPT_E  = -512,
+    WOLFSSL_EVP_R_BN_DECODE_ERROR = -513,
+    WOLFSSL_EVP_R_DECODE_ERROR   = -514,
+    WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR = -515,
+
+    CRYPTO_POLICY_FORBIDDEN      = -516,   /* operation forbidden by system
+                                            * crypto-policy */
+
+    WOLFSSL_LAST_E               = -516
+
+    /* codes -1000 to -1999 are reserved for wolfCrypt. */
 };
 
+wc_static_assert((int)WC_LAST_E <= (int)WOLFSSL_LAST_E);
+
+/* I/O Callback default errors */
+enum IOerrors {
+    WOLFSSL_CBIO_ERR_GENERAL    = -1,     /* general unexpected err */
+    WOLFSSL_CBIO_ERR_WANT_READ  = -2,     /* need to call read  again */
+    WOLFSSL_CBIO_ERR_WANT_WRITE = -2,     /* need to call write again */
+    WOLFSSL_CBIO_ERR_CONN_RST   = -3,     /* connection reset */
+    WOLFSSL_CBIO_ERR_ISR        = -4,     /* interrupt */
+    WOLFSSL_CBIO_ERR_CONN_CLOSE = -5,     /* connection closed or epipe */
+    WOLFSSL_CBIO_ERR_TIMEOUT    = -6      /* socket timeout */
+};
 
 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
     enum {
@@ -215,7 +265,9 @@ enum wolfSSL_ErrorCodes {
 WOLFSSL_LOCAL
 void SetErrorString(int err, char* buff);
 
-#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
+#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \
+        (defined(BUILDING_WOLFSSL) || \
+         defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS))
     #include <wolfssl/debug-trace-error-codes.h>
 #endif
 
diff --git a/wolfssl/include.am b/wolfssl/include.am
index 4a7761478..8fba008b8 100644
--- a/wolfssl/include.am
+++ b/wolfssl/include.am
@@ -3,7 +3,9 @@
 #
 
 include wolfssl/wolfcrypt/include.am
+if BUILD_OPENSSL_COMPAT
 include wolfssl/openssl/include.am
+endif
 
 EXTRA_DIST+= wolfssl/sniffer_error.rc
 
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 88188bd1d..a9838509f 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1,6 +1,6 @@
 /* internal.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -151,15 +151,25 @@
     #include <signal.h>
 #endif
 
-#ifdef USE_WINDOWS_API
+#ifdef __WATCOMC__
+    #if defined(__OS2__)
+    #elif defined(__NT__)
+        #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
+        #include <windows.h>
+        #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
+    #elif defined(__LINUX__)
+        #ifndef SINGLE_THREADED
+            #define WOLFSSL_PTHREADS
+            #include <pthread.h>
+        #endif
+    #endif
+#elif defined(USE_WINDOWS_API)
     #ifdef WOLFSSL_GAME_BUILD
         #include "system/xtl.h"
     #else
-        #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
-            /* On WinCE winsock2.h must be included before windows.h */
-            #include <winsock2.h>
-        #endif
+        #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
         #include <windows.h>
+        #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
     #endif
 #elif defined(THREADX)
     #ifndef SINGLE_THREADED
@@ -232,7 +242,7 @@
     #endif
     #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
         #ifdef FUSION_RTOS
-           #include <fclunistd.h>
+            #include <fclunistd.h>
         #else
             #include <unistd.h>      /* for close of BIO */
         #endif
@@ -973,6 +983,25 @@
     #define NO_AESGCM_AEAD
 #endif
 
+#if defined(BUILD_TLS_RSA_WITH_AES_128_CCM_8) || \
+    defined(BUILD_TLS_RSA_WITH_AES_256_CCM_8) || \
+    defined(BUILD_TLS_PSK_WITH_AES_128_CCM_8) || \
+    defined(BUILD_TLS_PSK_WITH_AES_128_CCM) || \
+    defined(BUILD_TLS_PSK_WITH_AES_256_CCM_8) || \
+    defined(BUILD_TLS_PSK_WITH_AES_256_CCM) || \
+    defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CCM) || \
+    defined(BUILD_TLS_DHE_PSK_WITH_AES_256_CCM) || \
+    defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM) || \
+    defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8) || \
+    defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8) || \
+    defined(BUILD_TLS_AES_128_CCM_SHA256) || \
+    defined(BUILD_TLS_AES_128_CCM_8_SHA256)
+    #define BUILD_AESCCM
+#else
+    /* No AES-CCM cipher suites available with build */
+    #define NO_AESCCM_AEAD
+#endif
+
 #if defined(BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256) || \
     defined(BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384)
     #define BUILD_ARIA
@@ -1002,7 +1031,8 @@
 #endif
 
 #if defined(NO_AES) || !defined(HAVE_AES_DECRYPT)
-    #define AES_BLOCK_SIZE 16
+    #undef WC_AES_BLOCK_SIZE
+    #define WC_AES_BLOCK_SIZE 16
     #undef  BUILD_AES
 #else
     #undef  BUILD_AES
@@ -1338,24 +1368,6 @@ enum {
     #define MAX_EARLY_DATA_SZ  4096
 #endif
 
-#ifndef NO_RSA
-    #ifndef WOLFSSL_MAX_RSA_BITS
-        #ifdef USE_FAST_MATH
-            /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
-            #define WOLFSSL_MAX_RSA_BITS    (FP_MAX_BITS / 2)
-        #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
-            /* SP implementation supports numbers of SP_INT_BITS bits. */
-            #define WOLFSSL_MAX_RSA_BITS    (((SP_INT_BITS + 7) / 8) * 8)
-        #else
-            /* Integer maths is dynamic but we only go up to 4096 bits. */
-            #define WOLFSSL_MAX_RSA_BITS 4096
-        #endif
-    #endif
-    #if (WOLFSSL_MAX_RSA_BITS % 8)
-        #error RSA maximum bit size must be multiple of 8
-    #endif
-#endif
-
 
 #if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC)
     /* MySQL wants to be able to use 8192-bit numbers. */
@@ -1383,9 +1395,9 @@ enum {
             #error "MySQL needs FP_MAX_BITS at least at 16384"
         #endif
 
-        #if !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) && \
-            WOLFSSL_MAX_RSA_BITS > ENCRYPT_BASE_BITS
-            #error "FP_MAX_BITS too small for WOLFSSL_MAX_RSA_BITS"
+        #if !defined(NO_RSA) && defined(WC_MAX_RSA_BITS) && \
+            WC_MAX_RSA_BITS > ENCRYPT_BASE_BITS
+            #error "FP_MAX_BITS too small for WC_MAX_RSA_BITS"
         #endif
     #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
         /* Use the SP size up to 8192-bit and down to a min of 1024-bit. */
@@ -1411,9 +1423,9 @@ enum {
             #error "MySQL needs SP_INT_BITS at least at 8192"
         #endif
 
-        #if !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) && \
-            WOLFSSL_MAX_RSA_BITS > SP_INT_BITS
-            #error "SP_INT_BITS too small for WOLFSSL_MAX_RSA_BITS"
+        #if !defined(NO_RSA) && defined(WC_MAX_RSA_BITS) && \
+            WC_MAX_RSA_BITS > SP_INT_BITS
+            #error "SP_INT_BITS too small for WC_MAX_RSA_BITS"
         #endif
     #else
         /* Integer/heap maths - support 4096-bit. */
@@ -1430,10 +1442,10 @@ enum {
 
 #ifdef WOLFSSL_DTLS_CID
 #ifndef DTLS_CID_MAX_SIZE
-/* DTLSv1.3 parsing code copies the record header in a static buffer to decrypt
+/* DTLS parsing code copies the record header in a static buffer to decrypt
  * the record. Increasing the CID max size does increase also this buffer,
  * impacting on per-session runtime memory footprint. */
-#define DTLS_CID_MAX_SIZE 2
+#define DTLS_CID_MAX_SIZE 10
 #endif
 #else
 #undef DTLS_CID_MAX_SIZE
@@ -1444,6 +1456,30 @@ enum {
 #error "Max size for DTLS CID is 255 bytes"
 #endif
 
+/* Record Payload Protection Section 5
+ *   https://www.rfc-editor.org/rfc/rfc9146.html#section-5 */
+#define WOLFSSL_TLS_HMAC_CID_INNER_SZ                               \
+           (8 +                 /* seq_num_placeholder */           \
+            1 +                 /* tls12_cid */                     \
+            1 +                 /* cid_length */                    \
+            1 +                 /* tls12_cid */                     \
+            2 +                 /* DTLSCiphertext.version */        \
+            2 +                 /* epoch */                         \
+            6 +                 /* sequence_number */               \
+            DTLS_CID_MAX_SIZE + /* cid */                           \
+            2)                  /* length_of_DTLSInnerPlaintext */
+
+#define WOLFSSL_TLS_AEAD_CID_AAD_SZ                                 \
+           (8 +                 /* seq_num_placeholder */           \
+            1 +                 /* tls12_cid */                     \
+            1 +                 /* cid_length */                    \
+            1 +                 /* tls12_cid */                     \
+            2 +                 /* DTLSCiphertext.version */        \
+            2 +                 /* epoch */                         \
+            6 +                 /* sequence_number */               \
+            DTLS_CID_MAX_SIZE + /* cid */                           \
+            2)                  /* length_of_DTLSInnerPlaintext */
+
 #ifndef MAX_TICKET_AGE_DIFF
 /* maximum ticket age difference in seconds, 10 seconds */
 #define MAX_TICKET_AGE_DIFF     10
@@ -1637,6 +1673,7 @@ enum Misc {
 #endif
 
     HANDSHAKE_HEADER_SZ   = 4,  /* type + length(3)        */
+    DTLS13_HANDSHAKE_HEADER_SZ   = 12, /* sizeof(Dtls13HandshakeHeader) */
     RECORD_HEADER_SZ      = 5,  /* type + version + len(2) */
     CERT_HEADER_SZ        = 3,  /* always 3 bytes          */
     REQ_HEADER_SZ         = 2,  /* cert request header sz  */
@@ -1649,6 +1686,7 @@ enum Misc {
 
     DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
     DTLS_RECORD_HEADER_SZ    = 13, /* normal + epoch(2) + seq_num(6) */
+    DTLS12_CID_OFFSET        = 11,
     DTLS_UNIFIED_HEADER_MIN_SZ = 2,
     /* flags + seq_number(2) + length(2) + CID */
     DTLS_RECVD_RL_HEADER_MAX_SZ = 5 + DTLS_CID_MAX_SIZE,
@@ -1728,7 +1766,7 @@ enum Misc {
     #endif
 #endif
 
-    MAX_IV_SZ           = AES_BLOCK_SIZE,
+    MAX_IV_SZ           = WC_AES_BLOCK_SIZE,
 
     AEAD_SEQ_OFFSET     = 4,   /* Auth Data: Sequence number */
     AEAD_TYPE_OFFSET    = 8,   /* Auth Data: Type            */
@@ -1749,6 +1787,7 @@ enum Misc {
     CHACHA20_IMP_IV_SZ  = 12,  /* Size of ChaCha20 AEAD implicit IV */
     CHACHA20_NONCE_SZ   = 12,  /* Size of ChacCha20 nonce           */
     CHACHA20_OLD_OFFSET = 4,   /* Offset for seq # in old poly1305  */
+    CHACHA20_OFFSET     = 4,   /* Offset for seq # in poly1305  */
 
     /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */
 
@@ -1784,6 +1823,13 @@ enum Misc {
     MAX_CURVE_NAME_SZ   = 18,  /* Maximum size of curve name string */
 
     NEW_SA_MAJOR        = 8,   /* Most significant byte used with new sig algos */
+    RSA_PSS_RSAE_SHA256_MINOR = 0x04,
+    RSA_PSS_RSAE_SHA384_MINOR = 0x05,
+    RSA_PSS_RSAE_SHA512_MINOR = 0x06,
+    RSA_PSS_PSS_SHA256_MINOR = 0x09,
+    RSA_PSS_PSS_SHA384_MINOR = 0x0A,
+    RSA_PSS_PSS_SHA512_MINOR = 0x0B,
+
     ED25519_SA_MAJOR    = 8,   /* Most significant byte for ED25519 */
     ED25519_SA_MINOR    = 7,   /* Least significant byte for ED25519 */
     ED448_SA_MAJOR      = 8,   /* Most significant byte for ED448 */
@@ -1791,39 +1837,27 @@ enum Misc {
     SM2_SA_MAJOR        = 7,   /* Most significant byte for SM2 with SM3 */
     SM2_SA_MINOR        = 8,   /* Least significant byte for SM2 with SM3 */
 
-    PQC_SA_MAJOR        = 0xFE,/* Most significant byte used with PQC sig algs */
+    FALCON_SA_MAJOR     = 0xFE,/* Most significant byte used with falcon sig algs */
+    DILITHIUM_SA_MAJOR  = 0x09,/* Most significant byte used with dilithium sig algs */
 
-    /* These values for falcon and dilithium match what OQS has defined. */
+    /* These values for falcon match what OQS has defined. */
     FALCON_LEVEL1_SA_MAJOR = 0xFE,
     FALCON_LEVEL1_SA_MINOR = 0xAE,
     FALCON_LEVEL5_SA_MAJOR = 0xFE,
     FALCON_LEVEL5_SA_MINOR = 0xB1,
 
-    DILITHIUM_LEVEL2_SA_MAJOR = 0xFE,
-    DILITHIUM_LEVEL2_SA_MINOR = 0xD0,
-    DILITHIUM_LEVEL3_SA_MAJOR = 0xFE,
-    DILITHIUM_LEVEL3_SA_MINOR = 0xD1,
-    DILITHIUM_LEVEL5_SA_MAJOR = 0xFE,
-    DILITHIUM_LEVEL5_SA_MINOR = 0xD2,
+    /* these values for MLDSA (Dilithium) correspond to what is proposed in the
+     * IETF. */
+    DILITHIUM_LEVEL2_SA_MAJOR = 0x09,
+    DILITHIUM_LEVEL2_SA_MINOR = 0x04,
+    DILITHIUM_LEVEL3_SA_MAJOR = 0x09,
+    DILITHIUM_LEVEL3_SA_MINOR = 0x05,
+    DILITHIUM_LEVEL5_SA_MAJOR = 0x09,
+    DILITHIUM_LEVEL5_SA_MINOR = 0x06,
 
     MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
     MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
 
-#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
-    MAX_CERT_VERIFY_SZ = 6000,            /* For Dilithium */
-#elif defined(WOLFSSL_CERT_EXT)
-    MAX_CERT_VERIFY_SZ = 2048,            /* For larger extensions */
-#elif !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS)
-    MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */
-#elif defined(HAVE_ECC)
-    MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC  */
-#elif defined(HAVE_ED448)
-    MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE,   /* max Ed448  */
-#elif defined(HAVE_ED25519)
-    MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519  */
-#else
-    MAX_CERT_VERIFY_SZ = 1024, /* max default  */
-#endif
     CLIENT_HELLO_FIRST =  35,  /* Protocol + RAN_LEN + sizeof(id_len) */
     MAX_SUITE_NAME     =  48,  /* maximum length of cipher suite string */
 
@@ -1838,6 +1872,12 @@ enum Misc {
 #ifndef MAX_WOLFSSL_FILE_SIZE
     MAX_WOLFSSL_FILE_SIZE = 1024UL * 1024UL * 4,  /* 4 mb file size alloc limit */
 #endif
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    MAX_WOLFSSL_CRYPTO_POLICY_SIZE = 1024UL, /* Crypto-policy file is one line.
+                                              * It should not be large. */
+    MIN_WOLFSSL_SEC_LEVEL = 0,
+    MAX_WOLFSSL_SEC_LEVEL = 5,
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 
     CERT_MIN_SIZE      =  256, /* min PEM cert size with header/footer */
 
@@ -1858,15 +1898,25 @@ enum Misc {
     READ_PROTO         = 0     /* reading a protocol message */
 };
 
-#define WOLFSSL_NAMED_GROUP_IS_FFHDE(group) \
-    (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP)
-#ifdef WOLFSSL_HAVE_KYBER
-#define WOLFSSL_NAMED_GROUP_IS_PQC(group) \
-    ((WOLFSSL_PQC_SIMPLE_MIN <= (group) && (group) <= WOLFSSL_PQC_SIMPLE_MAX) || \
-     (WOLFSSL_PQC_HYBRID_MIN <= (group) && (group) <= WOLFSSL_PQC_HYBRID_MAX))
+
+/* Size of the data to authenticate */
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
+#define AEAD_AUTH_DATA_SZ WOLFSSL_TLS_AEAD_CID_AAD_SZ
 #else
-#define WOLFSSL_NAMED_GROUP_IS_PQC(group)    ((void)(group), 0)
-#endif /* WOLFSSL_HAVE_KYBER */
+#define AEAD_AUTH_DATA_SZ 13
+#endif
+
+#define WOLFSSL_NAMED_GROUP_IS_FFDHE(group) \
+    (WOLFSSL_FFDHE_START <= (group) && (group) <= WOLFSSL_FFDHE_END)
+#ifdef WOLFSSL_HAVE_MLKEM
+WOLFSSL_LOCAL int NamedGroupIsPqc(int group);
+WOLFSSL_LOCAL int NamedGroupIsPqcHybrid(int group);
+#define WOLFSSL_NAMED_GROUP_IS_PQC(group) NamedGroupIsPqc(group)
+#define WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group) NamedGroupIsPqcHybrid(group)
+#else
+#define WOLFSSL_NAMED_GROUP_IS_PQC(group)        ((void)(group), 0)
+#define WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group) ((void)(group), 0)
+#endif /* WOLFSSL_HAVE_MLKEM */
 
 /* minimum Downgrade Minor version */
 #ifndef WOLFSSL_MIN_DOWNGRADE
@@ -1989,6 +2039,22 @@ enum Misc {
     #define MAX_CHAIN_DEPTH 9
 #endif
 
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
+                    defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+    #if !defined(HAVE_OCSP)
+        #error OCSP Stapling and Stapling V2 needs OCSP. Please define HAVE_OCSP.
+    #endif
+#endif
+
+/* Max certificate extensions in TLS1.3 */
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+    /* Number of extensions to set each OCSP response */
+    #define MAX_CERT_EXTENSIONS (1 + MAX_CHAIN_DEPTH)
+#else
+    /* Only empty extensions */
+    #define MAX_CERT_EXTENSIONS 1
+#endif
+
 /* max size of a certificate message payload */
 /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
 #ifndef MAX_CERTIFICATE_SZ
@@ -2036,18 +2102,9 @@ enum Misc {
 
 #define MAX_ENCRYPT_SZ ENCRYPT_LEN
 
-/* A static check to assert a relation between x and y */
-#define WOLFSSL_ASSERT_TEST(x, y, op) do {         \
-    typedef char _args_test_[(x) op (y) ? 1 : -1]; \
-    (void)sizeof(_args_test_);                     \
-} while(0)
+#define WOLFSSL_ASSERT_EQ(x, y) wc_static_assert((x) == (y))
 
-#define WOLFSSL_ASSERT_EQ(x, y) WOLFSSL_ASSERT_TEST(x, y, ==)
-
-#define WOLFSSL_ASSERT_SIZEOF_TEST(x, y, op) \
-    WOLFSSL_ASSERT_TEST(sizeof((x)), sizeof((y)), op)
-
-#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) WOLFSSL_ASSERT_SIZEOF_TEST(x, y, >=)
+#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) wc_static_assert(sizeof(x) >= sizeof(y))
 
 /* states. Adding state before HANDSHAKE_DONE will break session importing */
 enum states {
@@ -2214,9 +2271,13 @@ WOLFSSL_LOCAL void FreeAsyncCtx(WOLFSSL* ssl, byte freeAsync);
 WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
 WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
 WOLFSSL_LOCAL int  ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz);
-WOLFSSL_LOCAL int  MatchDomainName(const char* pattern, int len, const char* str, word32 strLen);
-#ifndef NO_CERTS
-WOLFSSL_LOCAL int  CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, int* checkCN);
+WOLFSSL_LOCAL int  MatchDomainName(const char* pattern, int len,
+                                   const char* str, word32 strLen,
+                                   unsigned int flags);
+#if !defined(NO_CERTS) && !defined(NO_ASN)
+WOLFSSL_LOCAL int  CheckForAltNames(DecodedCert* dCert, const char* domain,
+                                    word32 domainLen, int* checkCN,
+                                    unsigned int flags);
 WOLFSSL_LOCAL int  CheckIPAddr(DecodedCert* dCert, const char* ipasc);
 WOLFSSL_LOCAL void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType);
 #endif
@@ -2238,7 +2299,7 @@ WOLFSSL_LOCAL int ALPN_Select(WOLFSSL* ssl);
 #endif
 
 WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
-                              word16 sz); /* needed by sniffer */
+                              word16 sz, byte type); /* needed by sniffer */
 WOLFSSL_LOCAL int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
                               word16 sz); /* needed by sniffer */
 
@@ -2374,18 +2435,17 @@ typedef struct CipherSuite {
 #endif
 } CipherSuite;
 
-/* use wolfSSL_API visibility to be able to test in tests/api.c */
-WOLFSSL_API void InitSuitesHashSigAlgo(byte* hashSigAlgo, int have,
-                                             int tls1_2, int keySz,
-                                             word16* len);
+WOLFSSL_TEST_VIS void InitSuitesHashSigAlgo(byte* hashSigAlgo, int have,
+                                       int tls1_2, int keySz, word16* len);
 WOLFSSL_LOCAL int AllocateCtxSuites(WOLFSSL_CTX* ctx);
 WOLFSSL_LOCAL int AllocateSuites(WOLFSSL* ssl);
 WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz,
                               word16 haveRSA, word16 havePSK, word16 haveDH,
                               word16 haveECDSAsig, word16 haveECC,
                               word16 haveStaticRSA, word16 haveStaticECC,
-                              word16 haveFalconSig, word16 haveDilithiumSig,
-                              word16 haveAnon, word16 haveNull, int side);
+                              word16 haveAnon, word16 haveNull,
+                              word16 haveAES128, word16 haveSHA1,
+                              word16 haveRC4, int side);
 
 typedef struct TLSX TLSX;
 WOLFSSL_LOCAL int MatchSuite_ex(const WOLFSSL* ssl, Suites* peerSuites,
@@ -2576,6 +2636,9 @@ struct WOLFSSL_CRL {
     THREAD_TYPE           tid;           /* monitoring thread */
     wolfSSL_CRL_mfd_t     mfd;
     int                   setup;         /* thread is setup predicate */
+#endif
+#ifdef OPENSSL_ALL
+    wolfSSL_Ref           ref;
 #endif
     void*                 heap;          /* heap hint for dynamic memory */
 };
@@ -2617,6 +2680,8 @@ struct WOLFSSL_CERT_MANAGER {
 #endif
     CallbackCACache caCacheCallback;       /* CA cache addition callback */
     CbMissingCRL    cbMissingCRL;          /* notify thru cb of missing crl */
+    crlErrorCb      crlCb;                 /* Allow user to override error */
+    void*           crlCbCtx;
     CbOCSPIO        ocspIOCb;              /* I/O callback for OCSP lookup */
     CbOCSPRespFree  ocspRespFreeCb;        /* Frees OCSP Response from IO Cb */
     wolfSSL_Mutex   caLock;                /* CA list lock */
@@ -2653,6 +2718,9 @@ struct WOLFSSL_CERT_MANAGER {
 #ifdef WC_ASN_UNKNOWN_EXT_CB
     wc_UnknownExtCallback unknownExtCallback;
 #endif
+#ifdef HAVE_CRL_UPDATE_CB
+    CbUpdateCRL    cbUpdateCRL; /* notify thru cb that crl has updated */
+#endif
 };
 
 WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm,
@@ -2675,7 +2743,9 @@ typedef struct ProcPeerCertArgs {
 #ifdef WOLFSSL_TLS13
     buffer*      exts; /* extensions */
 #endif
+#ifndef NO_ASN
     DecodedCert* dCert;
+#endif
     word32 idx;
     word32 begin;
     int    totalCerts; /* number of certs in certs buffer */
@@ -2706,6 +2776,8 @@ WOLFSSL_LOCAL int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt,
 WOLFSSL_LOCAL void CleanupStoreCtxCallback(WOLFSSL_X509_STORE_CTX* store,
         WOLFSSL* ssl, void* heap, int x509Free);
 #endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */
+WOLFSSL_LOCAL int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str,
+                                        byte *buf, word32 bufLen, int type);
 #endif /* !defined NO_CERTS */
 
 /* wolfSSL Sock Addr */
@@ -2716,7 +2788,16 @@ struct WOLFSSL_SOCKADDR {
 };
 
 typedef struct WOLFSSL_DTLS_CTX {
+#ifdef WOLFSSL_RW_THREADED
+    /* Protect peer access after the handshake */
+    wolfSSL_RwLock peerLock;
+#endif
     WOLFSSL_SOCKADDR peer;
+#ifdef WOLFSSL_DTLS_CID
+    WOLFSSL_SOCKADDR pendingPeer; /* When using CID's, we don't want to update
+                                   * the peer's address until we successfully
+                                   * de-protect the record. */
+#endif
     int rfd;
     int wfd;
     byte userSet:1;
@@ -2724,6 +2805,9 @@ typedef struct WOLFSSL_DTLS_CTX {
                        * connected (connect() and bind() both called).
                        * This means that sendto and recvfrom do not need to
                        * specify and store the peer address. */
+#ifdef WOLFSSL_DTLS_CID
+    byte processingPendingRecord:1;
+#endif
 } WOLFSSL_DTLS_CTX;
 
 
@@ -2745,6 +2829,7 @@ typedef struct WOLFSSL_DTLS_PEERSEQ {
 #endif
 } WOLFSSL_DTLS_PEERSEQ;
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 struct WOLFSSL_BIO {
     WOLFSSL_BUF_MEM* mem_buf;
     WOLFSSL_BIO_METHOD* method;
@@ -2805,6 +2890,7 @@ struct WOLFSSL_BIO {
     wolfSSL_Ref  ref;
 #endif
 };
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA)
 WOLFSSL_LOCAL socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr);
@@ -2870,8 +2956,8 @@ typedef struct Keys {
     byte   encryptionOn;          /* true after change cipher spec */
     byte   decryptedCur;          /* only decrypt current record once */
 #ifdef WOLFSSL_TLS13
-    byte   updateResponseReq:1;   /* KeyUpdate response from peer required. */
-    byte   keyUpdateRespond:1;    /* KeyUpdate is to be responded to. */
+    byte   updateResponseReq;     /* KeyUpdate response from peer required. */
+    byte   keyUpdateRespond;      /* KeyUpdate is to be responded to. */
 #endif
 #ifdef WOLFSSL_RENESAS_TSIP_TLS
 
@@ -2955,9 +3041,6 @@ typedef enum {
     TLSX_EXTENDED_MASTER_SECRET     = TLSXT_EXTENDED_MASTER_SECRET,
     TLSX_SESSION_TICKET             = TLSXT_SESSION_TICKET,
 #ifdef WOLFSSL_TLS13
-    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
-    TLSX_PRE_SHARED_KEY             = TLSXT_PRE_SHARED_KEY,
-    #endif
     #ifdef WOLFSSL_EARLY_DATA
     TLSX_EARLY_DATA                 = TLSXT_EARLY_DATA,
     #endif
@@ -2977,7 +3060,6 @@ typedef enum {
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
     TLSX_SIGNATURE_ALGORITHMS_CERT  = TLSXT_SIGNATURE_ALGORITHMS_CERT,
     #endif
-    TLSX_KEY_SHARE                  = TLSXT_KEY_SHARE,
     #if defined(WOLFSSL_DTLS_CID)
     TLSX_CONNECTION_ID              = TLSXT_CONNECTION_ID,
     #endif /* defined(WOLFSSL_DTLS_CID) */
@@ -2988,6 +3070,12 @@ typedef enum {
     TLSX_ECH                        = TLSXT_ECH,
     #endif
 #endif
+#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
+    #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+    TLSX_PRE_SHARED_KEY             = TLSXT_PRE_SHARED_KEY,
+    #endif
+    TLSX_KEY_SHARE                  = TLSXT_KEY_SHARE,
+#endif
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS)
     TLSX_CKS                        = TLSXT_CKS,
 #endif
@@ -3028,6 +3116,7 @@ typedef struct RpkState {
 #endif /* HAVE_RPK */
 
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
+#define ECH_ACCEPT_CONFIRMATION_SZ 8
 
 typedef enum {
     ECH_TYPE_OUTER = 0,
@@ -3062,11 +3151,13 @@ typedef struct WOLFSSL_EchConfig {
 
 typedef struct WOLFSSL_ECH {
     Hpke* hpke;
+    HpkeBaseContext* hpkeContext;
     const byte* aad;
     void* ephemeralKey;
     WOLFSSL_EchConfig* echConfig;
     byte* innerClientHello;
     byte* outerClientPayload;
+    byte* confBuf;
     EchCipherSuite cipherSuite;
     word16 aadLen;
     word16 paddingLen;
@@ -3077,17 +3168,24 @@ typedef struct WOLFSSL_ECH {
     byte type;
     byte configId;
     byte enc[HPKE_Npk_MAX];
+    byte innerCount;
 } WOLFSSL_ECH;
 
 WOLFSSL_LOCAL int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config);
 
 WOLFSSL_LOCAL int TLSX_FinalizeEch(WOLFSSL_ECH* ech, byte* aad, word32 aadLen);
 
+
+WOLFSSL_LOCAL int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap,
+    const byte* echConfigs, word32 echConfigsLen);
+
 WOLFSSL_LOCAL int GetEchConfig(WOLFSSL_EchConfig* config, byte* output,
     word32* outputLen);
 
 WOLFSSL_LOCAL int GetEchConfigsEx(WOLFSSL_EchConfig* configs,
     byte* output, word32* outputLen);
+
+WOLFSSL_LOCAL void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap);
 #endif
 
 struct TLSX {
@@ -3231,10 +3329,11 @@ typedef struct {
     byte options;
     WOLFSSL* ssl;
     union {
-        OcspRequest ocsp;
+        OcspRequest ocsp[MAX_CERT_EXTENSIONS];
     } request;
+    word16 requests;
 #ifdef WOLFSSL_TLS13
-    buffer response;
+    buffer responses[MAX_CERT_EXTENSIONS];
 #endif
 } CertificateStatusRequest;
 
@@ -3243,12 +3342,25 @@ WOLFSSL_LOCAL int   TLSX_UseCertificateStatusRequest(TLSX** extensions,
 #ifndef NO_CERTS
 WOLFSSL_LOCAL int   TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
                                                                     void* heap);
+WOLFSSL_LOCAL int   TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert,
+                                            void* heap, int idx);
 #endif
 WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
 WOLFSSL_LOCAL int   TLSX_CSR_ForceRequest(WOLFSSL* ssl);
+WOLFSSL_LOCAL word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr,
+                                        byte isRequest,
+                                        int idx);
+WOLFSSL_LOCAL int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output,
+                          byte isRequest, int idx);
+WOLFSSL_LOCAL void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx);
 
 #endif
-
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
+    defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+WOLFSSL_LOCAL int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
+                             DecodedCert* cert, byte* certData, word32 length,
+                             byte *ctxOwnsRequest);
+#endif
 /** Certificate Status Request v2 - RFC 6961 */
 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
 
@@ -3283,7 +3395,7 @@ WOLFSSL_LOCAL int   TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
 #if defined(WOLFSSL_PUBLIC_ASN) && defined(HAVE_PK_CALLBACKS)
 /* Internal callback guarded by WOLFSSL_PUBLIC_ASN because of DecodedCert. */
 typedef int (*CallbackProcessPeerCert)(WOLFSSL* ssl, DecodedCert* p_cert);
-WOLFSSL_API void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx,
+WOLFSSL_TEST_VIS void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx,
        CallbackProcessPeerCert cb);
 #endif /* DecodedCert && HAVE_PK_CALLBACKS */
 
@@ -3502,9 +3614,9 @@ typedef struct KeyShareEntry {
     word32                keyLen;    /* Key size (bytes)                  */
     byte*                 pubKey;    /* Public key                        */
     word32                pubKeyLen; /* Public key length                 */
-#if !defined(NO_DH) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
-    byte*                 privKey;   /* Private key - DH and PQ KEMs only */
-    word32                privKeyLen;/* Only for PQ KEMs. */
+#if !defined(NO_DH) || defined(WOLFSSL_HAVE_MLKEM)
+    byte*                 privKey;   /* Private key                       */
+    word32                privKeyLen;/* Private key length - PQC only     */
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     int                   lastRet;
@@ -3650,7 +3762,10 @@ WOLFSSL_LOCAL int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input,
 WOLFSSL_LOCAL void DtlsCIDOnExtensionsParsed(WOLFSSL* ssl);
 WOLFSSL_LOCAL byte DtlsCIDCheck(WOLFSSL* ssl, const byte* input,
     word16 inputSize);
+WOLFSSL_LOCAL int Dtls13UnifiedHeaderCIDPresent(byte flags);
 #endif /* WOLFSSL_DTLS_CID */
+WOLFSSL_LOCAL byte DtlsGetCidTxSize(WOLFSSL* ssl);
+WOLFSSL_LOCAL byte DtlsGetCidRxSize(WOLFSSL* ssl);
 
 #ifdef OPENSSL_EXTRA
 enum SetCBIO {
@@ -3685,7 +3800,7 @@ struct WOLFSSL_CTX {
 #ifdef SINGLE_THREADED
     WC_RNG*         rng;          /* to be shared with WOLFSSL w/o locking */
 #endif
-    wolfSSL_Ref     ref;
+    wolfSSL_RefWithMutex ref;
     int         err;              /* error code in case of mutex not created */
 #ifndef NO_DH
     buffer      serverDH_P;
@@ -3806,6 +3921,9 @@ struct WOLFSSL_CTX {
 #endif
 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
     byte        dtlsSctp:1;         /* DTLS-over-SCTP mode */
+#endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
+    byte        disableECH:1;
 #endif
     word16      minProto:1; /* sets min to min available */
     word16      maxProto:1; /* sets max to max available */
@@ -4050,6 +4168,8 @@ struct WOLFSSL_CTX {
     CallbackGenPreMaster        GenPreMasterCb;
     /* User generate master secret handler */
     CallbackGenMasterSecret     GenMasterCb;
+    /* User generate Extended master secret handler */
+    CallbackGenExtMasterSecret  GenExtMasterCb;
     /* User generate session key handler */
     CallbackGenSessionKey       GenSessionKeyCb;
     /* User setting encrypt keys handler */
@@ -4110,6 +4230,9 @@ struct WOLFSSL_CTX {
     byte *sigSpec;
     word16 sigSpecSz;
 #endif
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    int secLevel; /* The security level of system-wide crypto policy. */
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 };
 
 WOLFSSL_LOCAL
@@ -4306,7 +4429,7 @@ typedef struct Ciphers {
     byte* nonce;
 #endif
 #ifdef HAVE_CAMELLIA
-    Camellia* cam;
+    wc_Camellia* cam;
 #endif
 #ifdef HAVE_CHACHA
     ChaCha*   chacha;
@@ -4576,8 +4699,7 @@ WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSession(
     WOLFSSL* ssl, byte* masterSecret, byte restoreSessionCerts);
 WOLFSSL_LOCAL void SetupSession(WOLFSSL* ssl);
 WOLFSSL_LOCAL void AddSession(WOLFSSL* ssl);
-/* use wolfSSL_API visibility to be able to test in tests/api.c */
-WOLFSSL_API int AddSessionToCache(WOLFSSL_CTX* ctx,
+WOLFSSL_TEST_VIS int AddSessionToCache(WOLFSSL_CTX* ctx,
     WOLFSSL_SESSION* addSession, const byte* id, byte idSz, int* sessionIndex,
     int side, word16 useTicket, ClientSession** clientCacheEntry);
 #ifndef NO_CLIENT_CACHE
@@ -4593,8 +4715,8 @@ WOLFSSL_LOCAL int TlsSessionCacheGetAndRdLock(const byte *id,
 WOLFSSL_LOCAL int TlsSessionCacheGetAndWrLock(const byte *id,
     WOLFSSL_SESSION **sess, word32 *lockedRow, byte side);
 WOLFSSL_LOCAL void EvictSessionFromCache(WOLFSSL_SESSION* session);
-/* WOLFSSL_API to test it in tests/api.c */
-WOLFSSL_API int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output);
+/* WOLFSSL_TEST_VIS to test it in tests/api.c */
+WOLFSSL_TEST_VIS int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output);
 WOLFSSL_LOCAL int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session);
 WOLFSSL_LOCAL void wolfSSL_FreeSession(WOLFSSL_CTX* ctx,
         WOLFSSL_SESSION* session);
@@ -4671,17 +4793,41 @@ enum AcceptStateTls13 {
     TLS13_TICKET_SENT
 };
 
+#ifdef WOLFSSL_THREADED_CRYPT
+
+#include <pthread.h>
+
+typedef struct ThreadCrypt {
+    Ciphers encrypt;
+    bufferStatic buffer;
+    unsigned char nonce[AESGCM_NONCE_SZ];
+    unsigned char additional[AEAD_AUTH_DATA_SZ];
+    int init;
+    int offset;
+    int cryptLen;
+    int done;
+    int avail;
+    int stop;
+    WOLFSSL_THREAD_SIGNAL signal;
+    void*                 signalCtx;
+} ThreadCrypt;
+
+#endif
+
 /* buffers for struct WOLFSSL */
 typedef struct Buffers {
     bufferStatic    inputBuffer;
     bufferStatic    outputBuffer;
+#ifdef WOLFSSL_THREADED_CRYPT
+    ThreadCrypt     encrypt[WOLFSSL_THREADED_CRYPT_CNT];
+#endif
     buffer          domainName;            /* for client check */
     buffer          clearOutputBuffer;
     buffer          sig;                   /* signature data */
     buffer          digest;                /* digest data */
-    int             prevSent;              /* previous plain text bytes sent
+    word32          prevSent;              /* previous plain text bytes sent
                                               when got WANT_WRITE            */
-    int             plainSz;               /* plain text bytes in buffer to send
+    word32          plainSz;               /* plain text bytes in buffer to send
                                               when got WANT_WRITE            */
     byte            weOwnCert;             /* SSL own cert flag */
     byte            weOwnCertChain;        /* SSL own cert chain flag */
@@ -4723,7 +4869,7 @@ typedef struct Buffers {
                  /* chain after self, in DER, with leading size for each cert */
 #ifdef WOLFSSL_TLS13
     int             certChainCnt;
-    DerBuffer*      certExts;
+    DerBuffer*      certExts[MAX_CERT_EXTENSIONS];
 #endif
 #endif
 #ifdef WOLFSSL_SEND_HRR_COOKIE
@@ -4828,7 +4974,6 @@ struct Options {
     word16            tls:1;              /* using TLS ? */
     word16            tls1_1:1;           /* using TLSv1.1+ ? */
     word16            tls1_3:1;           /* using TLSv1.3+ ? */
-    word16            seenUnifiedHdr:1;   /* received msg with unified header */
     word16            dtls:1;             /* using datagrams ? */
 #ifdef WOLFSSL_DTLS
     word16            dtlsStateful:1;     /* allow stateful processing ? */
@@ -4837,7 +4982,6 @@ struct Options {
     word16            isClosed:1;         /* if we consider conn closed */
     word16            closeNotify:1;      /* we've received a close notify */
     word16            sentNotify:1;       /* we've sent a close notify */
-    word16            shutdownDone:1;     /* we've completed a shutdown */
     word16            usingCompression:1; /* are we using compression */
     word16            haveRSA:1;          /* RSA available */
     word16            haveECC:1;          /* ECC available */
@@ -4885,7 +5029,6 @@ struct Options {
 #endif
     word16            dtlsUseNonblock:1;  /* are we using nonblocking socket */
     word16            dtlsHsRetain:1;     /* DTLS retaining HS data */
-    word16            haveMcast:1;        /* using multicast ? */
 #ifdef WOLFSSL_SCTP
     word16            dtlsSctp:1;         /* DTLS-over-SCTP mode */
 #endif
@@ -4938,8 +5081,6 @@ struct Options {
     word16            buildArgsSet:1;         /* buildArgs are set and need to
                                                * be free'd */
 #endif
-    word16            buildingMsg:1;      /* If set then we need to re-enter the
-                                           * handshake logic. */
 #ifdef WOLFSSL_DTLS13
     word16            dtls13SendMoreAcks:1;  /* Send more acks during the
                                               * handshake process */
@@ -4958,6 +5099,8 @@ struct Options {
 #endif /* WOLFSSL_DTLS_CID */
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
     word16            useEch:1;
+    word16            echAccepted:1;
+    byte              disableECH:1;           /* Did the user disable ech */
 #endif
 #ifdef WOLFSSL_SEND_HRR_COOKIE
     word16            cookieGood:1;
@@ -4965,6 +5108,15 @@ struct Options {
 #if defined(HAVE_DANE)
     word16            useDANE:1;
 #endif /* HAVE_DANE */
+    word16            disableRead:1;
+#ifdef WOLFSSL_DTLS
+    byte              haveMcast;          /* using multicast ? */
+#endif
+    byte              buildingMsg;        /* If set then we need to re-enter the
+                                           * handshake logic. */
+    byte              seenUnifiedHdr;     /* received msg with unified header */
+    byte              shutdownDone;       /* we've completed a shutdown */
+    byte              sendKeyUpdate;      /* Key Update to write */
 #if defined(HAVE_RPK)
     RpkConfig         rpkConfig;
     RpkState          rpkState;
@@ -5101,6 +5253,8 @@ typedef enum {
     STACK_TYPE_X509_REQ_ATTR      = 18,
 } WOLF_STACK_TYPE;
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 struct WOLFSSL_STACK {
     unsigned long num; /* number of nodes in stack
                         * (safety measure for freeing and shortcut for count) */
@@ -5136,6 +5290,8 @@ struct WOLFSSL_STACK {
     WOLF_STACK_TYPE type;     /* Identifies type of stack. */
 };
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 struct WOLFSSL_X509_NAME {
     char  *name;
     int   dynamicName;
@@ -5218,6 +5374,7 @@ struct WOLFSSL_X509 {
     byte*            authKeyId; /* Points into authKeyIdSrc */
     byte*            authKeyIdSrc;
     byte*            subjKeyId;
+    WOLFSSL_ASN1_STRING* subjKeyIdStr;
     byte*            extKeyUsageSrc;
 #ifdef OPENSSL_ALL
     byte*            subjAltNameSrc;
@@ -5225,7 +5382,7 @@ struct WOLFSSL_X509 {
     byte*            rawCRLInfo;
     byte*            CRLInfo;
     byte*            authInfo;
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)
+#ifdef WOLFSSL_ASN_CA_ISSUER
     byte*            authInfoCaIssuer;
     int              authInfoCaIssuerSz;
 #endif
@@ -5255,6 +5412,7 @@ struct WOLFSSL_X509 {
     byte             keyUsageCrit:1;
     byte             extKeyUsageCrit:1;
     byte             subjKeyIdSet:1;
+    byte             pathLengthSet:1;
 
     byte             subjKeyIdCrit:1;
     byte             basicConstSet:1;
@@ -5307,9 +5465,37 @@ struct WOLFSSL_X509 {
     /* Alternative Signature Value */
     byte *altSigValDer;
     int altSigValLen;
+
+    byte sapkiCrit:1;
+    byte altSigAlgCrit:1;
+    byte altSigValCrit:1;
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
 };
 
+#if defined(WOLFSSL_ACERT)
+struct WOLFSSL_X509_ACERT {
+    int               version;
+    int               serialSz;
+    byte              serial[EXTERNAL_SERIAL_SIZE];
+    WOLFSSL_ASN1_TIME notBefore;
+    WOLFSSL_ASN1_TIME notAfter;
+    buffer            sig;
+    int               sigOID;
+#ifndef NO_CERTS
+    DerBuffer *       derCert;
+#endif
+    void *            heap;
+    int               dynamic; /* whether struct was dynamically allocated */
+    /* copy of raw Attributes field from */
+    byte              holderSerial[EXTERNAL_SERIAL_SIZE];
+    int               holderSerialSz;
+    DNS_entry *       holderEntityName;  /* Holder entityName from ACERT */
+    DNS_entry *       holderIssuerName;  /* issuerName from ACERT */
+    DNS_entry *       AttCertIssuerName; /* AttCertIssuer name from ACERT */
+    byte *            rawAttr;
+    word32            rawAttrLen;
+};
+#endif /* WOLFSSL_ACERT */
 
 /* record layer header for PlainText, Compressed, and CipherText */
 typedef struct RecordLayerHeader {
@@ -5445,6 +5631,7 @@ typedef struct BuildMsgArgs {
     word32 headerSz;
     word16 size;
     word32 ivSz;      /* TLSv1.1  IV */
+    byte   type;
     byte*  iv;
     ALIGN16 byte staticIvBuffer[MAX_IV_SZ];
 } BuildMsgArgs;
@@ -5578,20 +5765,37 @@ typedef struct Dtls13RecordNumber {
 } Dtls13RecordNumber;
 
 typedef struct Dtls13Rtx {
-    enum Dtls13RtxFsmState state;
+#ifdef WOLFSSL_RW_THREADED
+    wolfSSL_Mutex mutex;
+#endif
+    enum Dtls13RtxFsmState state; /* Unused? */
     Dtls13RtxRecord *rtxRecords;
     Dtls13RtxRecord **rtxRecordTailPtr;
     Dtls13RecordNumber *seenRecords;
     word32 lastRtx;
-    byte triggeredRtxs;
-    byte sendAcks:1;
-    byte retransmit:1;
+    byte triggeredRtxs; /* Unused? */
+    byte sendAcks;
+    byte retransmit;
 } Dtls13Rtx;
 
 #endif /* WOLFSSL_DTLS13 */
 
 #ifdef WOLFSSL_DTLS_CID
-typedef struct CIDInfo CIDInfo;
+typedef struct ConnectionID {
+    byte length;
+/* Ignore "nonstandard extension used : zero-sized array in struct/union"
+ * MSVC warning */
+#ifdef _MSC_VER
+#pragma warning(disable: 4200)
+#endif
+    byte id[];
+} ConnectionID;
+
+typedef struct CIDInfo {
+    ConnectionID* tx;
+    ConnectionID* rx;
+    byte negotiated : 1;
+} CIDInfo;
 #endif /* WOLFSSL_DTLS_CID */
 
 /* The idea is to reuse the context suites object whenever possible to save
@@ -5608,15 +5812,16 @@ struct WOLFSSL {
     WOLFSSL_CTX*    initial_ctx; /* preserve session key materials */
 #endif
     Suites*         suites; /* Only need during handshake. Can be NULL when
-                             * re-using the context's object. When WOLFSSL
+                             * reusing the context's object. When WOLFSSL
                              * object needs separate instance of suites use
                              * AllocateSuites(). */
-#ifdef OPENSSL_EXTRA
-    const Suites*   clSuites;
-#endif
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+    Suites*         clSuites;
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
     WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher
                                                  * suites */
+    WOLF_STACK_OF(WOLFSSL_CIPHER)* clSuitesStack; /* stack of client cipher
+                                                   * suites */
 #endif
     Arrays*         arrays;
 #ifdef WOLFSSL_TLS13
@@ -5626,6 +5831,7 @@ struct WOLFSSL {
     HS_Hashes*      hsHashes;
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
     HS_Hashes*      hsHashesEch;
+    HS_Hashes*      hsHashesEchInner;
 #endif
     void*           IOCB_ReadCtx;
     void*           IOCB_WriteCtx;
@@ -5849,10 +6055,10 @@ struct WOLFSSL {
     /* used to store the message if it needs to be fragmented */
     buffer dtls13FragmentsBuffer;
     byte dtls13SendingFragments:1;
-    byte dtls13SendingAckOrRtx:1;
+    byte dtls13SendingAckOrRtx;
     byte dtls13FastTimeout:1;
-    byte dtls13WaitKeyUpdateAck:1;
-    byte dtls13DoKeyUpdate:1;
+    byte dtls13WaitKeyUpdateAck;
+    byte dtls13DoKeyUpdate;
     word32 dtls13MessageLength;
     word32 dtls13FragOffset;
     byte dtls13FragHandshakeType;
@@ -5945,13 +6151,14 @@ struct WOLFSSL {
         void*       ocspIOCtx;
         byte ocspProducedDate[MAX_DATE_SZ];
         int ocspProducedDateFormat;
-    #ifdef OPENSSL_EXTRA
+    #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
         byte*       ocspResp;
         int         ocspRespSz;
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-            char*   url;
-        #endif
+        char*   url;
     #endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
+            word32 response_idx;
+#endif
 #endif
 #ifdef HAVE_NETX
     NetX_Ctx        nxCtx;             /* NetX IO Context */
@@ -6014,6 +6221,7 @@ struct WOLFSSL {
     #endif /* NO_RSA */
     void* GenPreMasterCtx;   /* Generate Premaster Callback Context */
     void* GenMasterCtx;      /* Generate Master Callback Context */
+    void* GenExtMasterCtx;   /* Generate Extended Master Callback Context */
     void* GenSessionKeyCtx;  /* Generate Session Key Callback Context */
     void* EncryptKeysCtx;    /* Set Encrypt keys Callback Context */
     void* TlsFinishedCtx;    /* Generate Tls Finished Callback Context */
@@ -6048,6 +6256,7 @@ struct WOLFSSL {
 #if defined(OPENSSL_EXTRA)
     WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
     WOLFSSL_STACK* peerCertChain;    /* Used in wolfSSL_get_peer_cert_chain */
+    WOLFSSL_STACK* verifiedChain;    /* peer cert chain to CA */
 #ifdef KEEP_OUR_CERT
     WOLFSSL_STACK* ourCertChain;    /* Used in wolfSSL_add1_chain_cert */
 #endif
@@ -6112,8 +6321,20 @@ struct WOLFSSL {
     byte *peerSigSpec;     /* This pointer always owns the memory. */
     word16 peerSigSpecSz;
 #endif
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    int secLevel; /* The security level of system-wide crypto policy. */
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 };
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+#define WOLFSSL_SECLEVEL_STR "@SECLEVEL="
+struct SystemCryptoPolicy {
+    int    enabled;
+    int    secLevel;
+    char   str[MAX_WOLFSSL_CRYPTO_POLICY_SIZE + 1]; /* + 1 for null term */
+};
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 /*
  * wolfSSL_PEM_read_bio_X509 pushes an ASN_NO_PEM_HEADER error
  * to the error queue on file end. This should not be left
@@ -6122,8 +6343,8 @@ struct WOLFSSL {
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_HAVE_ERROR_QUEUE)
 #define CLEAR_ASN_NO_PEM_HEADER_ERROR(err)                  \
     (err) = wolfSSL_ERR_peek_last_error();                  \
-    if (ERR_GET_LIB(err) == ERR_LIB_PEM &&                  \
-            ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {   \
+    if (wolfSSL_ERR_GET_LIB(err) == WOLFSSL_ERR_LIB_PEM &&  \
+            wolfSSL_ERR_GET_REASON(err) == -WOLFSSL_PEM_R_NO_START_LINE_E) {   \
         wc_RemoveErrorNode(-1);                             \
     }
 #else
@@ -6159,7 +6380,10 @@ WOLFSSL_LOCAL int  SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
 WOLFSSL_LOCAL int  InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
 WOLFSSL_LOCAL int  ReinitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup);
 WOLFSSL_LOCAL void FreeSSL(WOLFSSL* ssl, void* heap);
-WOLFSSL_API   void SSL_ResourceFree(WOLFSSL* ssl);   /* Micrium uses */
+WOLFSSL_TEST_VIS   void wolfSSL_ResourceFree(WOLFSSL* ssl);   /* Micrium uses */
+#ifndef OPENSSL_COEXIST
+#define SSL_ResourceFree wolfSSL_ResourceFree
+#endif
 
 
 #ifndef NO_CERTS
@@ -6171,8 +6395,10 @@ WOLFSSL_API   void SSL_ResourceFree(WOLFSSL* ssl);   /* Micrium uses */
                                  int type, WOLFSSL* ssl, int userChain,
                                 WOLFSSL_CRL* crl, int verify);
 
+    #ifndef NO_ASN
     WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName,
-                                    size_t domainNameLen);
+                                    size_t domainNameLen, unsigned int flags);
+    #endif
 #endif
 
 
@@ -6199,6 +6425,7 @@ enum ContentType {
     alert              = 21,
     handshake          = 22,
     application_data   = 23,
+    dtls12_cid         = 25,
 #ifdef WOLFSSL_DTLS13
     ack                = 26,
 #endif /* WOLFSSL_DTLS13 */
@@ -6302,7 +6529,10 @@ WOLFSSL_LOCAL int DoClientTicket_ex(const WOLFSSL* ssl, PreSharedKey* psk,
 
 WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len);
 #endif /* HAVE_SESSION_TICKET */
-WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, int sz);
+WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, size_t sz);
+#ifdef WOLFSSL_THREADED_CRYPT
+WOLFSSL_LOCAL int SendAsyncData(WOLFSSL* ssl);
+#endif
 #ifdef WOLFSSL_TLS13
 WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType);
 #endif
@@ -6320,7 +6550,7 @@ WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL* ssl);
 WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL* ssl);
 WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL* ssl);
 WOLFSSL_LOCAL int SendBuffered(WOLFSSL* ssl);
-WOLFSSL_LOCAL int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek);
+WOLFSSL_LOCAL int ReceiveData(WOLFSSL* ssl, byte* output, size_t sz, int peek);
 WOLFSSL_LOCAL int SendFinished(WOLFSSL* ssl);
 WOLFSSL_LOCAL int RetrySendAlert(WOLFSSL* ssl);
 WOLFSSL_LOCAL int SendAlert(WOLFSSL* ssl, int severity, int type);
@@ -6380,8 +6610,10 @@ static WC_INLINE int wolfSSL_curve_is_disabled(const WOLFSSL* ssl,
 }
 #endif
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
                                          int *initTmpRng);
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifndef NO_CERTS
     #ifndef NO_RSA
@@ -6455,10 +6687,13 @@ WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
     #ifndef GetCA
         WOLFSSL_LOCAL Signer* GetCA(void* vp, byte* hash);
     #endif
-    #ifdef WOLFSSL_AKID_NAME
+    #if defined(WOLFSSL_AKID_NAME) && !defined(GetCAByAKID)
         WOLFSSL_LOCAL Signer* GetCAByAKID(void* vp, const byte* issuer,
                 word32 issuerSz, const byte* serial, word32 serialSz);
     #endif
+    #if defined(HAVE_OCSP) && !defined(GetCAByKeyHash)
+        WOLFSSL_LOCAL Signer* GetCAByKeyHash(void* vp, const byte* keyHash);
+    #endif
     #if !defined(NO_SKID) && !defined(GetCAByName)
         WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
     #endif
@@ -6485,6 +6720,7 @@ WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret);
 #endif
 
 WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
+WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl);
 
 #ifndef NO_WOLFSSL_CLIENT
     WOLFSSL_LOCAL int HaveUniqueSessionObj(WOLFSSL* ssl);
@@ -6503,21 +6739,25 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
     WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL* ssl);
 #endif /* NO_WOLFSSL_SERVER */
 
+#ifdef WOLFSSL_TLS13
+    WOLFSSL_LOCAL int SendTls13KeyUpdate(WOLFSSL* ssl);
+#endif
+
 #ifdef WOLFSSL_DTLS
     WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap);
     WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg* item, void* heap);
-    /* Use WOLFSSL_API to enable src/api.c testing */
-    WOLFSSL_API void DtlsMsgListDelete(DtlsMsg* head, void* heap);
+    /* Use WOLFSSL_TEST_VIS to enable src/api.c testing */
+    WOLFSSL_TEST_VIS void DtlsMsgListDelete(DtlsMsg* head, void* heap);
     WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl);
     WOLFSSL_LOCAL int  DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch,
                                   const byte* data, byte type,
                                   word32 fragOffset, word32 fragSz, void* heap,
                                   word32 totalLen, byte encrypted);
-    /* Use WOLFSSL_API to enable src/api.c testing */
-    WOLFSSL_API DtlsMsg* DtlsMsgFind(DtlsMsg* head, word16 epoch, word32 seq);
+    /* Use WOLFSSL_TEST_VIS to enable src/api.c testing */
+    WOLFSSL_TEST_VIS DtlsMsg* DtlsMsgFind(DtlsMsg* head, word16 epoch, word32 seq);
 
-    /* Use WOLFSSL_API to enable src/api.c testing */
-    WOLFSSL_API void DtlsMsgStore(WOLFSSL* ssl, word16 epoch, word32 seq,
+    /* Use WOLFSSL_TEST_VIS to enable src/api.c testing */
+    WOLFSSL_TEST_VIS void DtlsMsgStore(WOLFSSL* ssl, word16 epoch, word32 seq,
                                     const byte* data, word32 dataSz, byte type,
                                     word32 fragOffset, word32 fragSz,
                                     void* heap);
@@ -6543,6 +6783,10 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
     WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl,
             const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13);
 #endif /* !defined(NO_WOLFSSL_SERVER) */
+#if !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
+    WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen,
+                                    SOCKADDR_S *b, XSOCKLENT bLen);
+#endif
 #endif /* WOLFSSL_DTLS */
 
 #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
@@ -6581,10 +6825,18 @@ WOLFSSL_LOCAL enum wc_HashType HashAlgoToType(int hashAlgo);
     WOLFSSL_LOCAL void InitX509(WOLFSSL_X509* x509, int dynamicFlag,
                                 void* heap);
     WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509* x509);
+    #ifndef NO_ASN
     WOLFSSL_LOCAL int  CopyDecodedToX509(WOLFSSL_X509* x509,
                                          DecodedCert* dCert);
+    #endif
 #endif
 
+#if defined(WOLFSSL_ACERT)
+    WOLFSSL_LOCAL int  CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509,
+                                              DecodedAcert* dAcert);
+#endif /* WOLFSSL_ACERT */
+
+
 #ifndef MAX_CIPHER_NAME
 #define MAX_CIPHER_NAME 50
 #endif
@@ -6602,7 +6854,7 @@ typedef struct CipherSuiteInfo {
 #endif
     byte cipherSuite0;
     byte cipherSuite;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \
     defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
     byte minor;
     byte major;
@@ -6632,7 +6884,7 @@ WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite)
 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
 WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
 WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
-                                         byte* cipherSuite, int* flags);
+                       byte* cipherSuite, byte* major, byte* minor, int* flags);
 
 
 enum encrypt_side {
@@ -6641,9 +6893,13 @@ enum encrypt_side {
     ENCRYPT_AND_DECRYPT_SIDE
 };
 
+WOLFSSL_LOCAL int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys,
+    CipherSpecs* specs, int side, void* heap, int devId, WC_RNG* rng,
+    int tls13);
 WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side);
 
 /* Set*Internal and Set*External functions */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa);
 WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa);
 WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa);
@@ -6659,6 +6915,7 @@ typedef enum elem_set {
 WOLFSSL_LOCAL int SetDhExternal_ex(WOLFSSL_DH *dh, int elm );
 WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh);
 WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #if !defined(NO_DH) && (!defined(NO_CERTS) || !defined(NO_PSK))
     WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
@@ -6690,8 +6947,8 @@ WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
                         int sizeOnly, int asyncOkay, int epochOrder);
 
 #ifdef WOLFSSL_TLS13
-/* Use WOLFSSL_API to use this function in tests/api.c */
-WOLFSSL_API int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
+/* Use WOLFSSL_TEST_VIS to use this function in tests/api.c */
+WOLFSSL_TEST_VIS int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay);
 WOLFSSL_LOCAL int Tls13UpdateKeys(WOLFSSL* ssl);
 #endif
@@ -6748,7 +7005,7 @@ WOLFSSL_LOCAL word32 nid2oid(int nid, int grp);
 #endif
 
 #ifdef WOLFSSL_DTLS
-WOLFSSL_API int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo,
+WOLFSSL_TEST_VIS int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo,
         word16* next_hi, word32* next_lo, word32 *window);
 WOLFSSL_LOCAL int DtlsUpdateWindow(WOLFSSL* ssl);
 WOLFSSL_LOCAL void DtlsResetState(WOLFSSL *ssl);
@@ -6758,8 +7015,8 @@ WOLFSSL_LOCAL void DtlsSetSeqNumForReply(WOLFSSL* ssl);
 
 #ifdef WOLFSSL_DTLS13
 
-/* Use WOLFSSL_API to use this function in tests/api.c */
-WOLFSSL_API struct Dtls13Epoch* Dtls13GetEpoch(WOLFSSL* ssl,
+/* Use WOLFSSL_TEST_VIS to use this function in tests/api.c */
+WOLFSSL_TEST_VIS struct Dtls13Epoch* Dtls13GetEpoch(WOLFSSL* ssl,
     w64wrapper epochNumber);
 WOLFSSL_LOCAL void Dtls13SetOlderEpochSide(WOLFSSL* ssl, w64wrapper epochNumber,
     int side);
@@ -6783,6 +7040,7 @@ WOLFSSL_LOCAL int Dtls13RlAddCiphertextHeader(WOLFSSL* ssl, byte* out,
     word16 length);
 WOLFSSL_LOCAL int Dtls13RlAddPlaintextHeader(WOLFSSL* ssl, byte* out,
     enum ContentType content_type, word16 length);
+WOLFSSL_LOCAL int Dtls13MinimumRecordLength(WOLFSSL* ssl);
 WOLFSSL_LOCAL int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr,
     word16 recordLength);
 WOLFSSL_LOCAL int Dtls13IsUnifiedHeader(byte header_flags);
@@ -6800,6 +7058,7 @@ WOLFSSL_LOCAL int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output,
     enum HandShakeType msg_type, word32 length);
 #define EE_MASK (0x3)
 WOLFSSL_LOCAL int Dtls13FragmentsContinue(WOLFSSL* ssl);
+WOLFSSL_LOCAL int DoDtls13KeyUpdateAck(WOLFSSL* ssl);
 WOLFSSL_LOCAL int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize,
     word32* processedSize);
 WOLFSSL_LOCAL int Dtls13ReconstructEpochNumber(WOLFSSL* ssl, byte epochBits,
@@ -6837,11 +7096,7 @@ WOLFSSL_LOCAL int GetX509Error(int e);
 #endif
 #endif
 
-#if defined(HAVE_EX_DATA) && \
-    (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
-    defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \
-    defined(WOLFSSL_WPAS_SMALL)
+#ifdef HAVE_EX_DATA_CRYPTO
 typedef struct CRYPTO_EX_cb_ctx {
     long ctx_l;
     void *ctx_ptr;
@@ -6850,9 +7105,9 @@ typedef struct CRYPTO_EX_cb_ctx {
     WOLFSSL_CRYPTO_EX_dup* dup_func;
     struct CRYPTO_EX_cb_ctx* next;
 } CRYPTO_EX_cb_ctx;
-/* use wolfSSL_API visibility to be able to clear in tests/api.c */
-WOLFSSL_API extern CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session;
-WOLFSSL_API void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx);
+
+WOLFSSL_TEST_VIS extern CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session;
+WOLFSSL_TEST_VIS void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx);
 WOLFSSL_LOCAL void crypto_ex_cb_setup_new_data(void *new_obj,
         CRYPTO_EX_cb_ctx* cb_ctx, WOLFSSL_CRYPTO_EX_DATA* ex_data);
 WOLFSSL_LOCAL void crypto_ex_cb_free_data(void *obj, CRYPTO_EX_cb_ctx* cb_ctx,
@@ -6862,19 +7117,19 @@ WOLFSSL_LOCAL int crypto_ex_cb_dup_data(const WOLFSSL_CRYPTO_EX_DATA *in,
 WOLFSSL_LOCAL int wolfssl_get_ex_new_index(int class_index, long ctx_l,
         void* ctx_ptr, WOLFSSL_CRYPTO_EX_new* new_func,
         WOLFSSL_CRYPTO_EX_dup* dup_func, WOLFSSL_CRYPTO_EX_free* free_func);
-#endif
+#endif /* HAVE_EX_DATA_CRYPTO */
 
 WOLFSSL_LOCAL WC_RNG* wolfssl_get_global_rng(void);
 WOLFSSL_LOCAL WC_RNG* wolfssl_make_global_rng(void);
 
 #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
 #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER)
-WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
+WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher,
     unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz);
 #endif
 #endif
 
-#if !defined(NO_RSA)
+#if !defined(NO_RSA) && defined(OPENSSL_EXTRA)
 WOLFSSL_LOCAL int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf,
     int publicKey, void* heap);
 #endif
@@ -6932,10 +7187,23 @@ WOLFSSL_LOCAL int CreateCookieExt(const WOLFSSL* ssl, byte* hash,
 WOLFSSL_LOCAL int TranslateErrorToAlert(int err);
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
-void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, WOLF_STACK_TYPE type);
-WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type);
+WOLFSSL_LOCAL void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk,
+                                        WOLF_STACK_TYPE type);
+WOLFSSL_LOCAL void* wolfSSL_sk_pop_node(WOLFSSL_STACK* sk, int idx);
+WOLFSSL_LOCAL WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type);
+
+WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj,
+        const byte* der, word32 len, int addHdr);
 #endif
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_LOCAL int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key,
+        word32* keySz);
+WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
+        const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key,
+        word32* keySz);
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h
index b05510cfc..69b5c14e5 100644
--- a/wolfssl/ocsp.h
+++ b/wolfssl/ocsp.h
@@ -1,6 +1,6 @@
 /* ocsp.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -48,6 +48,16 @@ typedef struct OcspEntry WOLFSSL_OCSP_SINGLERESP;
 typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ;
 
 typedef struct OcspRequest WOLFSSL_OCSP_REQUEST;
+
+typedef struct {
+    WOLFSSL_BIO *bio;
+    WOLFSSL_BIO *reqResp; /* First used for request then for response */
+    byte* buf;
+    int bufLen;
+    int state;
+    int ioState;
+    int sent;
+} WOLFSSL_OCSP_REQ_CTX;
 #endif
 
 WOLFSSL_LOCAL int  InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm);
@@ -130,6 +140,21 @@ WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs);
 WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(
     WOLFSSL_OCSP_BASICRESP *bs, int idx);
 
+WOLFSSL_API WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_REQ_CTX_new(WOLFSSL_BIO *bio,
+        int maxline);
+WOLFSSL_API void wolfSSL_OCSP_REQ_CTX_free(WOLFSSL_OCSP_REQ_CTX *ctx);
+WOLFSSL_API WOLFSSL_OCSP_REQ_CTX *wolfSSL_OCSP_sendreq_new(WOLFSSL_BIO *bio,
+        const char *path, OcspRequest *req, int maxline);
+WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_set1_req(WOLFSSL_OCSP_REQ_CTX *ctx,
+        OcspRequest *req);
+WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_add1_header(WOLFSSL_OCSP_REQ_CTX *ctx,
+                             const char *name, const char *value);
+WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_http(WOLFSSL_OCSP_REQ_CTX *ctx,
+        const char *op, const char *path);
+WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx);
+WOLFSSL_API int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp,
+        WOLFSSL_OCSP_REQ_CTX *rctx);
+
 WOLFSSL_API int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req,
         WOLFSSL_X509_EXTENSION* ext, int idx);
 WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status,
diff --git a/wolfssl/openssl/aes.h b/wolfssl/openssl/aes.h
index 2991ff07a..4710f7231 100644
--- a/wolfssl/openssl/aes.h
+++ b/wolfssl/openssl/aes.h
@@ -1,6 +1,6 @@
 /* aes.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -53,27 +53,37 @@
 typedef struct WOLFSSL_AES_KEY {
     ALIGN16 void *buf[(sizeof(Aes) / sizeof(void *)) + 1];
 } WOLFSSL_AES_KEY;
-typedef WOLFSSL_AES_KEY AES_KEY;
 
 WOLFSSL_API int wolfSSL_AES_set_encrypt_key(
-    const unsigned char *key, const int bits, AES_KEY *aes);
+    const unsigned char *key, const int bits, WOLFSSL_AES_KEY *aes);
 WOLFSSL_API int wolfSSL_AES_set_decrypt_key(
-    const unsigned char *key, const int bits, AES_KEY *aes);
+    const unsigned char *key, const int bits, WOLFSSL_AES_KEY *aes);
 WOLFSSL_API void wolfSSL_AES_cbc_encrypt(
-    const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key,
+    const unsigned char *in, unsigned char* out, size_t len, WOLFSSL_AES_KEY *key,
     unsigned char* iv, const int enc);
 WOLFSSL_API void wolfSSL_AES_ecb_encrypt(
-    const unsigned char *in, unsigned char* out, AES_KEY *key, const int enc);
+    const unsigned char *in, unsigned char* out, WOLFSSL_AES_KEY *key, const int enc);
 WOLFSSL_API void wolfSSL_AES_cfb128_encrypt(
-    const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key,
+    const unsigned char *in, unsigned char* out, size_t len, WOLFSSL_AES_KEY *key,
     unsigned char* iv, int* num, const int enc);
 WOLFSSL_API int wolfSSL_AES_wrap_key(
-    AES_KEY *key, const unsigned char *iv, unsigned char *out,
+    WOLFSSL_AES_KEY *key, const unsigned char *iv, unsigned char *out,
     const unsigned char *in, unsigned int inlen);
 WOLFSSL_API int wolfSSL_AES_unwrap_key(
-    AES_KEY *key, const unsigned char *iv, unsigned char *out,
+    WOLFSSL_AES_KEY *key, const unsigned char *iv, unsigned char *out,
     const unsigned char *in, unsigned int inlen);
 
+#ifdef WOLFSSL_AES_DIRECT
+WOLFSSL_API void wolfSSL_AES_encrypt(
+    const unsigned char* input, unsigned char* output, WOLFSSL_AES_KEY *key);
+WOLFSSL_API void wolfSSL_AES_decrypt(
+    const unsigned char* input, unsigned char* output, WOLFSSL_AES_KEY *key);
+#endif /* WOLFSSL_AES_DIRECT */
+
+#ifndef OPENSSL_COEXIST
+
+typedef WOLFSSL_AES_KEY AES_KEY;
+
 #define AES_cbc_encrypt     wolfSSL_AES_cbc_encrypt
 #define AES_ecb_encrypt     wolfSSL_AES_ecb_encrypt
 #define AES_cfb128_encrypt  wolfSSL_AES_cfb128_encrypt
@@ -83,11 +93,6 @@ WOLFSSL_API int wolfSSL_AES_unwrap_key(
 #define AES_unwrap_key      wolfSSL_AES_unwrap_key
 
 #ifdef WOLFSSL_AES_DIRECT
-WOLFSSL_API void wolfSSL_AES_encrypt(
-    const unsigned char* input, unsigned char* output, AES_KEY *key);
-WOLFSSL_API void wolfSSL_AES_decrypt(
-    const unsigned char* input, unsigned char* output, AES_KEY *key);
-
 #define AES_encrypt         wolfSSL_AES_encrypt
 #define AES_decrypt         wolfSSL_AES_decrypt
 #endif /* WOLFSSL_AES_DIRECT */
@@ -99,6 +104,8 @@ WOLFSSL_API void wolfSSL_AES_decrypt(
 #define AES_DECRYPT AES_DECRYPTION
 #endif
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h
index 2c83b9b8c..b9e2c19ca 100644
--- a/wolfssl/openssl/asn1.h
+++ b/wolfssl/openssl/asn1.h
@@ -1,6 +1,6 @@
 /* asn1.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,6 +26,8 @@
 
 #include <wolfssl/openssl/ssl.h>
 
+#ifndef OPENSSL_COEXIST
+
 #define ASN1_STRING_new       wolfSSL_ASN1_STRING_new
 #define ASN1_STRING_type_new  wolfSSL_ASN1_STRING_type_new
 #define ASN1_STRING_type      wolfSSL_ASN1_STRING_type
@@ -37,34 +39,29 @@
 #define d2i_ASN1_OBJECT       wolfSSL_d2i_ASN1_OBJECT
 #define c2i_ASN1_OBJECT       wolfSSL_c2i_ASN1_OBJECT
 
-#define V_ASN1_INTEGER                   0x02
-#define V_ASN1_OCTET_STRING              0x04 /* tag for ASN1_OCTET_STRING */
-#define V_ASN1_NEG                       0x100
-#define V_ASN1_NEG_INTEGER               (2 | V_ASN1_NEG)
-#define V_ASN1_NEG_ENUMERATED            (10 | V_ASN1_NEG)
+#define V_ASN1_BIT_STRING               WOLFSSL_V_ASN1_BIT_STRING
+#define V_ASN1_INTEGER                  WOLFSSL_V_ASN1_INTEGER
+#define V_ASN1_NEG                      WOLFSSL_V_ASN1_NEG
+#define V_ASN1_NEG_INTEGER              WOLFSSL_V_ASN1_NEG_INTEGER
+#define V_ASN1_NEG_ENUMERATED           WOLFSSL_V_ASN1_NEG_ENUMERATED
 
 /* Type for ASN1_print_ex */
-# define ASN1_STRFLGS_ESC_2253           1
-# define ASN1_STRFLGS_ESC_CTRL           2
-# define ASN1_STRFLGS_ESC_MSB            4
-# define ASN1_STRFLGS_ESC_QUOTE          8
-# define ASN1_STRFLGS_UTF8_CONVERT       0x10
-# define ASN1_STRFLGS_IGNORE_TYPE        0x20
-# define ASN1_STRFLGS_SHOW_TYPE          0x40
-# define ASN1_STRFLGS_DUMP_ALL           0x80
-# define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
-# define ASN1_STRFLGS_DUMP_DER           0x200
-# define ASN1_STRFLGS_RFC2253            (ASN1_STRFLGS_ESC_2253 | \
-                                          ASN1_STRFLGS_ESC_CTRL | \
-                                          ASN1_STRFLGS_ESC_MSB | \
-                                          ASN1_STRFLGS_UTF8_CONVERT | \
-                                          ASN1_STRFLGS_DUMP_UNKNOWN | \
-                                          ASN1_STRFLGS_DUMP_DER)
+#define ASN1_STRFLGS_ESC_2253           WOLFSSL_ASN1_STRFLGS_ESC_2253
+#define ASN1_STRFLGS_ESC_CTRL           WOLFSSL_ASN1_STRFLGS_ESC_CTRL
+#define ASN1_STRFLGS_ESC_MSB            WOLFSSL_ASN1_STRFLGS_ESC_MSB
+#define ASN1_STRFLGS_ESC_QUOTE          WOLFSSL_ASN1_STRFLGS_ESC_QUOTE
+#define ASN1_STRFLGS_UTF8_CONVERT       WOLFSSL_ASN1_STRFLGS_UTF8_CONVERT
+#define ASN1_STRFLGS_IGNORE_TYPE        WOLFSSL_ASN1_STRFLGS_IGNORE_TYPE
+#define ASN1_STRFLGS_SHOW_TYPE          WOLFSSL_ASN1_STRFLGS_SHOW_TYPE
+#define ASN1_STRFLGS_DUMP_ALL           WOLFSSL_ASN1_STRFLGS_DUMP_ALL
+#define ASN1_STRFLGS_DUMP_UNKNOWN       WOLFSSL_ASN1_STRFLGS_DUMP_UNKNOWN
+#define ASN1_STRFLGS_DUMP_DER           WOLFSSL_ASN1_STRFLGS_DUMP_DER
+#define ASN1_STRFLGS_RFC2253            WOLFSSL_ASN1_STRFLGS_RFC2253
 
-#define MBSTRING_UTF8                    0x1000
-#define MBSTRING_ASC                     0x1001
-#define MBSTRING_BMP                     0x1002
-#define MBSTRING_UNIV                    0x1004
+#define MBSTRING_UTF8                   WOLFSSL_MBSTRING_UTF8
+#define MBSTRING_ASC                    WOLFSSL_MBSTRING_ASC
+#define MBSTRING_BMP                    WOLFSSL_MBSTRING_BMP
+#define MBSTRING_UNIV                   WOLFSSL_MBSTRING_UNIV
 
 #define ASN1_UTCTIME_print              wolfSSL_ASN1_UTCTIME_print
 #define ASN1_TIME_check                 wolfSSL_ASN1_TIME_check
@@ -72,45 +69,48 @@
 #define ASN1_TIME_compare               wolfSSL_ASN1_TIME_compare
 #define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
 
-#define V_ASN1_EOC                      0
-#define V_ASN1_NULL                     5
-#define V_ASN1_OBJECT                   6
-#define V_ASN1_UTF8STRING               12
-#define V_ASN1_SEQUENCE                 16
-#define V_ASN1_SET                      17
-#define V_ASN1_PRINTABLESTRING          19
-#define V_ASN1_T61STRING                20
-#define V_ASN1_IA5STRING                22
-#define V_ASN1_UTCTIME                  23
-#define V_ASN1_GENERALIZEDTIME          24
-#define V_ASN1_UNIVERSALSTRING          28
-#define V_ASN1_BMPSTRING                30
+#define V_ASN1_EOC                      WOLFSSL_V_ASN1_EOC
+#define V_ASN1_BOOLEAN                  WOLFSSL_V_ASN1_BOOLEAN
+#define V_ASN1_OCTET_STRING             WOLFSSL_V_ASN1_OCTET_STRING
+#define V_ASN1_NULL                     WOLFSSL_V_ASN1_NULL
+#define V_ASN1_OBJECT                   WOLFSSL_V_ASN1_OBJECT
+#define V_ASN1_UTF8STRING               WOLFSSL_V_ASN1_UTF8STRING
+#define V_ASN1_SEQUENCE                 WOLFSSL_V_ASN1_SEQUENCE
+#define V_ASN1_SET                      WOLFSSL_V_ASN1_SET
+#define V_ASN1_PRINTABLESTRING          WOLFSSL_V_ASN1_PRINTABLESTRING
+#define V_ASN1_T61STRING                WOLFSSL_V_ASN1_T61STRING
+#define V_ASN1_IA5STRING                WOLFSSL_V_ASN1_IA5STRING
+#define V_ASN1_UTCTIME                  WOLFSSL_V_ASN1_UTCTIME
+#define V_ASN1_GENERALIZEDTIME          WOLFSSL_V_ASN1_GENERALIZEDTIME
+#define V_ASN1_UNIVERSALSTRING          WOLFSSL_V_ASN1_UNIVERSALSTRING
+#define V_ASN1_BMPSTRING                WOLFSSL_V_ASN1_BMPSTRING
 
+#define V_ASN1_CONSTRUCTED              WOLFSSL_V_ASN1_CONSTRUCTED
 
-#define V_ASN1_CONSTRUCTED              0x20
-
-#define ASN1_STRING_FLAG_BITS_LEFT       0x008
-#define ASN1_STRING_FLAG_NDEF            0x010
-#define ASN1_STRING_FLAG_CONT            0x020
-#define ASN1_STRING_FLAG_MSTRING         0x040
-#define ASN1_STRING_FLAG_EMBED           0x080
+#define ASN1_STRING_FLAG_BITS_LEFT      WOLFSSL_ASN1_STRING_FLAG_BITS_LEFT
+#define ASN1_STRING_FLAG_NDEF           WOLFSSL_ASN1_STRING_FLAG_NDEF
+#define ASN1_STRING_FLAG_CONT           WOLFSSL_ASN1_STRING_FLAG_CONT
+#define ASN1_STRING_FLAG_MSTRING        WOLFSSL_ASN1_STRING_FLAG_MSTRING
+#define ASN1_STRING_FLAG_EMBED          WOLFSSL_ASN1_STRING_FLAG_EMBED
 
 /* X.509 PKI size limits from RFC2459 (appendix A) */
 /* internally our limit is CTC_NAME_SIZE (64) - overridden with WC_CTC_NAME_SIZE */
-#define ub_name                    CTC_NAME_SIZE /* 32768 */
-#define ub_common_name             CTC_NAME_SIZE /* 64 */
-#define ub_locality_name           CTC_NAME_SIZE /* 128 */
-#define ub_state_name              CTC_NAME_SIZE /* 128 */
-#define ub_organization_name       CTC_NAME_SIZE /* 64 */
-#define ub_organization_unit_name  CTC_NAME_SIZE /* 64 */
-#define ub_title                   CTC_NAME_SIZE /* 64 */
-#define ub_email_address           CTC_NAME_SIZE /* 128 */
+#define ub_name                         WOLFSSL_ub_name
+#define ub_common_name                  WOLFSSL_ub_common_name
+#define ub_locality_name                WOLFSSL_ub_locality_name
+#define ub_state_name                   WOLFSSL_ub_state_name
+#define ub_organization_name            WOLFSSL_ub_organization_name
+#define ub_organization_unit_name       WOLFSSL_ub_organization_unit_name
+#define ub_title                        WOLFSSL_ub_title
+#define ub_email_address                WOLFSSL_ub_email_address
 
+#endif /* !OPENSSL_COEXIST */
 
 WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(
     const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai);
 
 WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value);
+WOLFSSL_API int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a);
 
 WOLFSSL_API int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
                                         int *cls, long inLen);
@@ -122,50 +122,165 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a
 /* IMPLEMENT_ASN1_FUNCTIONS is strictly for external use only. Internally
  * we don't use this. Some projects use OpenSSL to implement ASN1 types and
  * this section is only to provide those projects with ASN1 functionality. */
-typedef struct {
-    size_t offset;              /* Offset of this field in structure */
-    byte type;                  /* The type of the member as defined in
-                                 * WOLFSSL_ASN1_TYPES */
-} WOLFSSL_ASN1_TEMPLATE;
 
-typedef struct {
-    byte type;                              /* One of the ASN_Tags types */
-    const WOLFSSL_ASN1_TEMPLATE *members;   /* If SEQUENCE or CHOICE this
-                                             * contains the contents */
+typedef void* (*WolfsslAsn1NewCb)(void);
+typedef void (*WolfsslAsn1FreeCb)(void*);
+typedef int (*WolfsslAsn1i2dCb)(const void*, unsigned char**);
+typedef void* (*WolfsslAsn1d2iCb)(void**, const byte **, long);
+
+struct WOLFSSL_ASN1_TEMPLATE {
+    /* Type functions */
+    WolfsslAsn1NewCb new_func;
+    WolfsslAsn1FreeCb free_func;
+    WolfsslAsn1i2dCb i2d_func;
+    WolfsslAsn1d2iCb d2i_func;
+    /* Member info */
+    size_t offset;              /* Offset of this field in structure */
+    /* DER info */
+    int tag;
+    byte first_byte;            /* First expected byte. Required for
+                                 * IMPLICIT types. */
+    byte ex:1;                  /* explicit, name conflicts with C++ keyword */
+    byte sequence:1;
+};
+
+enum WOLFSSL_ASN1_TYPES {
+    WOLFSSL_ASN1_SEQUENCE = 0,
+    WOLFSSL_ASN1_CHOICE,
+    WOLFSSL_ASN1_OBJECT_TYPE,
+};
+
+struct WOLFSSL_ASN1_ITEM {
+    enum WOLFSSL_ASN1_TYPES type;
+    const struct WOLFSSL_ASN1_TEMPLATE* members; /* If SEQUENCE or CHOICE this
+                                                  * contains the contents */
     size_t mcount;                          /* Number of members if SEQUENCE
                                              * or CHOICE */
     size_t size;                            /* Structure size */
-} WOLFSSL_ASN1_ITEM;
+    size_t toffset;                         /* Type offset */
+};
 
-typedef enum {
-    WOLFSSL_X509_ALGOR_ASN1 = 0,
-    WOLFSSL_ASN1_BIT_STRING_ASN1,
-    WOLFSSL_ASN1_INTEGER_ASN1,
-} WOLFSSL_ASN1_TYPES;
+typedef struct WOLFSSL_ASN1_TEMPLATE WOLFSSL_ASN1_TEMPLATE;
+typedef struct WOLFSSL_ASN1_ITEM WOLFSSL_ASN1_ITEM;
 
-#define ASN1_SEQUENCE(type) \
-    static const WOLFSSL_ASN1_TEMPLATE type##_member_data[]
+#define ASN1_BIT_STRING_FIRST_BYTE ASN_BIT_STRING
+#define ASN1_TFLG_EXPLICIT      (0x1 << 0)
+#define ASN1_TFLG_SEQUENCE_OF   (0x1 << 1)
+#define ASN1_TFLG_IMPTAG        (0x1 << 2)
+#define ASN1_TFLG_EXPTAG        (0x1 << 3)
 
-#define ASN1_SIMPLE(type, member, member_type) \
-    { OFFSETOF(type, member), \
-        WOLFSSL_##member_type##_ASN1 }
+#define ASN1_TFLG_TAG_MASK      (ASN1_TFLG_IMPTAG|ASN1_TFLG_EXPTAG)
 
-#define ASN1_SEQUENCE_END(type) \
+#define ASN1_ITEM_TEMPLATE(mtype) \
+        static const WOLFSSL_ASN1_TEMPLATE mtype##_member_data
+
+#define ASN1_ITEM_TEMPLATE_END(mtype) \
     ; \
-    const WOLFSSL_ASN1_ITEM type##_template_data = { \
-            ASN_SEQUENCE, \
-            type##_member_data, \
-            sizeof(type##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \
-            sizeof(type) \
+    const WOLFSSL_ASN1_ITEM mtype##_template_data = { \
+            WOLFSSL_ASN1_OBJECT_TYPE, \
+            &mtype##_member_data, \
+            1, \
+            0, \
+            0 \
     };
 
+#define ASN1_SEQUENCE(mtype) \
+    static const WOLFSSL_ASN1_TEMPLATE mtype##_member_data[]
+
+#define ASN1_SEQUENCE_END(mtype) \
+    ; \
+    const WOLFSSL_ASN1_ITEM mtype##_template_data = { \
+            WOLFSSL_ASN1_SEQUENCE, \
+            mtype##_member_data, \
+            sizeof(mtype##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \
+            sizeof(mtype), \
+            0 \
+    }; \
+    static WC_MAYBE_UNUSED const byte mtype##_FIRST_BYTE = \
+        ASN_CONSTRUCTED | ASN_SEQUENCE;
+
+/* This is what a ASN1_CHOICE type should look like
+ *      typedef struct {
+ *              int type;
+ *              union {
+ *                      ASN1_SOMETHING *opt1;
+ *                      ASN1_SOMEOTHER *opt2;
+ *              } value;
+ *      } chname;
+ */
+
+#define ASN1_CHOICE(mtype) \
+    static const WOLFSSL_ASN1_TEMPLATE mtype##_member_data[]
+
+#define ASN1_CHOICE_END(mtype) \
+    ; \
+    const WOLFSSL_ASN1_ITEM mtype##_template_data = { \
+            WOLFSSL_ASN1_CHOICE, \
+            mtype##_member_data, \
+            sizeof(mtype##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \
+            sizeof(mtype) ,\
+            WC_OFFSETOF(mtype, type) \
+    };
+
+#define ASN1_TYPE(type, member, tag, first_byte, exp, seq) \
+    WC_OFFSETOF(type, member), tag, first_byte, exp, seq
+
+/* Function callbacks need to be defined immediately otherwise we will
+ * incorrectly expand the type. Ex: ASN1_INTEGER -> WOLFSSL_ASN1_INTEGER */
+
+#define ASN1_SIMPLE(type, member, member_type) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, -1, 0, 0, 0) }
+
+#define ASN1_IMP(type, member, member_type, tag) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, tag, member_type##_FIRST_BYTE, 0, 0) }
+
+#define ASN1_EXP(type, member, member_type, tag) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, tag, 0, 1, 0) }
+
+#define ASN1_SEQUENCE_OF(type, member, member_type) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, -1, 0, 0, 1) }
+
+#define ASN1_EXP_SEQUENCE_OF(type, member, member_type, tag) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      ASN1_TYPE(type, member, tag, 0, 1, 1) }
+
+#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, member_type) \
+    { (WolfsslAsn1NewCb)member_type##_new, \
+      (WolfsslAsn1FreeCb)member_type##_free, \
+      (WolfsslAsn1i2dCb)i2d_##member_type, \
+      (WolfsslAsn1d2iCb)d2i_##member_type, \
+      0, (flags) & ASN1_TFLG_TAG_MASK ? (tag) : -1, 0, \
+      !!((flags) & ASN1_TFLG_EXPLICIT), TRUE }
+
 WOLFSSL_API void *wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM *tpl);
-WOLFSSL_API void wolfSSL_ASN1_item_free(void *val, const WOLFSSL_ASN1_ITEM *tpl);
+WOLFSSL_API void wolfSSL_ASN1_item_free(void *obj,
+        const WOLFSSL_ASN1_ITEM *item);
 WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
                                       const WOLFSSL_ASN1_ITEM *tpl);
+WOLFSSL_API void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len,
+        const WOLFSSL_ASN1_ITEM* item);
 
 /* Need function declaration otherwise compiler complains */
-/* // NOLINTBEGIN(readability-named-parameter) */
+/* // NOLINTBEGIN(readability-named-parameter,bugprone-macro-parentheses) */
 #define IMPLEMENT_ASN1_FUNCTIONS(type) \
     type *type##_new(void); \
     type *type##_new(void){ \
@@ -178,15 +293,23 @@ WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
     int i2d_##type(type *src, byte **dest); \
     int i2d_##type(type *src, byte **dest) \
     { \
-        return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data);\
+        return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data); \
+    } \
+    type* d2i_##type(type **dst, const byte **src, long len); \
+    type* d2i_##type(type **dst, const byte **src, long len) \
+    { \
+        return (type*)wolfSSL_ASN1_item_d2i((void**)dst, src, len, \
+                &type##_template_data); \
     }
-/* // NOLINTEND(readability-named-parameter) */
+/* // NOLINTEND(readability-named-parameter,bugprone-macro-parentheses) */
 
 #endif /* OPENSSL_ALL */
 
 #define BN_to_ASN1_INTEGER          wolfSSL_BN_to_ASN1_INTEGER
 #define ASN1_TYPE_set               wolfSSL_ASN1_TYPE_set
+#define ASN1_TYPE_get               wolfSSL_ASN1_TYPE_get
 #define ASN1_TYPE_new               wolfSSL_ASN1_TYPE_new
 #define ASN1_TYPE_free              wolfSSL_ASN1_TYPE_free
+#define i2d_ASN1_TYPE               wolfSSL_i2d_ASN1_TYPE
 
 #endif /* WOLFSSL_ASN1_H_ */
diff --git a/wolfssl/openssl/asn1t.h b/wolfssl/openssl/asn1t.h
index e74ee2635..2a52b3b16 100644
--- a/wolfssl/openssl/asn1t.h
+++ b/wolfssl/openssl/asn1t.h
@@ -1,6 +1,6 @@
 /* asn1t.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h
index 198ca4ebd..73214abcc 100644
--- a/wolfssl/openssl/bio.h
+++ b/wolfssl/openssl/bio.h
@@ -1,6 +1,6 @@
 /* bio.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,11 +33,57 @@
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
+/* helper to set specific retry/read flags */
+#define wolfSSL_BIO_set_retry_read(bio)\
+    wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ)
+#define wolfSSL_BIO_set_retry_write(bio)\
+    wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_WRITE)
+
+/* BIO CTRL */
+#define WOLFSSL_BIO_CTRL_RESET             1
+#define WOLFSSL_BIO_CTRL_EOF               2
+#define WOLFSSL_BIO_CTRL_INFO              3
+#define WOLFSSL_BIO_CTRL_SET               4
+#define WOLFSSL_BIO_CTRL_GET               5
+#define WOLFSSL_BIO_CTRL_PUSH              6
+#define WOLFSSL_BIO_CTRL_POP               7
+#define WOLFSSL_BIO_CTRL_GET_CLOSE         8
+#define WOLFSSL_BIO_CTRL_SET_CLOSE         9
+#define WOLFSSL_BIO_CTRL_PENDING           10
+#define WOLFSSL_BIO_CTRL_FLUSH             11
+#define WOLFSSL_BIO_CTRL_DUP               12
+#define WOLFSSL_BIO_CTRL_WPENDING          13
+
+#define WOLFSSL_BIO_C_SET_FILE_PTR              106
+#define WOLFSSL_BIO_C_GET_FILE_PTR              107
+#define WOLFSSL_BIO_C_SET_FILENAME              108
+#define WOLFSSL_BIO_C_SET_BUF_MEM               114
+#define WOLFSSL_BIO_C_GET_BUF_MEM_PTR           115
+#define WOLFSSL_BIO_C_FILE_SEEK                 128
+#define WOLFSSL_BIO_C_SET_BUF_MEM_EOF_RETURN    130
+#define WOLFSSL_BIO_C_SET_WRITE_BUF_SIZE        136
+#define WOLFSSL_BIO_C_MAKE_WOLFSSL_BIO_PAIR             138
+
+#define WOLFSSL_BIO_CTRL_DGRAM_CONNECT       31
+#define WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED 32
+#define WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU     40
+#define WOLFSSL_BIO_CTRL_DGRAM_SET_PEER      44
+
+#define WOLFSSL_BIO_FP_TEXT                0x00
+#define WOLFSSL_BIO_NOCLOSE                0x00
+#define WOLFSSL_BIO_CLOSE                  0x01
+
+#define WOLFSSL_BIO_FP_WRITE               0x04
+
+#ifndef OPENSSL_COEXIST
+
 #define BIO_FLAGS_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL
 #define BIO_FLAGS_READ         WOLFSSL_BIO_FLAG_READ
 #define BIO_FLAGS_WRITE        WOLFSSL_BIO_FLAG_WRITE
 #define BIO_FLAGS_IO_SPECIAL   WOLFSSL_BIO_FLAG_IO_SPECIAL
 #define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY
+/* You shouldn't free up or change the data if BIO_FLAGS_MEM_RDONLY is set */
+#define BIO_FLAGS_MEM_RDONLY   WOLFSSL_BIO_FLAG_MEM_RDONLY
 
 #define BIO_new_fp                      wolfSSL_BIO_new_fp
 #if defined(OPENSSL_ALL) \
@@ -58,6 +104,7 @@
 #endif
 #define BIO_int_ctrl                    wolfSSL_BIO_int_ctrl
 #define BIO_reset                       wolfSSL_BIO_reset
+#define BIO_s_null                      wolfSSL_BIO_s_null
 #define BIO_s_file                      wolfSSL_BIO_s_file
 #define BIO_s_bio                       wolfSSL_BIO_s_bio
 #define BIO_s_socket                    wolfSSL_BIO_s_socket
@@ -124,10 +171,8 @@
 #define BIO_get_ex_data            wolfSSL_BIO_get_ex_data
 
 /* helper to set specific retry/read flags */
-#define BIO_set_retry_read(bio)\
-    wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ)
-#define BIO_set_retry_write(bio)\
-    wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_WRITE)
+#define BIO_set_retry_read(bio) wolfSSL_BIO_set_retry_read(bio)
+#define BIO_set_retry_write(bio) wolfSSL_BIO_set_retry_write(bio)
 
 #define BIO_clear_retry_flags      wolfSSL_BIO_clear_retry_flags
 
@@ -145,43 +190,42 @@
 #define BIO_snprintf               XSNPRINTF
 
 /* BIO CTRL */
-#define BIO_CTRL_RESET             1
-#define BIO_CTRL_EOF               2
-#define BIO_CTRL_INFO              3
-#define BIO_CTRL_SET               4
-#define BIO_CTRL_GET               5
-#define BIO_CTRL_PUSH              6
-#define BIO_CTRL_POP               7
-#define BIO_CTRL_GET_CLOSE         8
-#define BIO_CTRL_SET_CLOSE         9
-#define BIO_CTRL_PENDING           10
-#define BIO_CTRL_FLUSH             11
-#define BIO_CTRL_DUP               12
-#define BIO_CTRL_WPENDING          13
+#define BIO_CTRL_RESET              WOLFSSL_BIO_CTRL_RESET
+#define BIO_CTRL_EOF                WOLFSSL_BIO_CTRL_EOF
+#define BIO_CTRL_INFO               WOLFSSL_BIO_CTRL_INFO
+#define BIO_CTRL_SET                WOLFSSL_BIO_CTRL_SET
+#define BIO_CTRL_GET                WOLFSSL_BIO_CTRL_GET
+#define BIO_CTRL_PUSH               WOLFSSL_BIO_CTRL_PUSH
+#define BIO_CTRL_POP                WOLFSSL_BIO_CTRL_POP
+#define BIO_CTRL_GET_CLOSE          WOLFSSL_BIO_CTRL_GET_CLOSE
+#define BIO_CTRL_SET_CLOSE          WOLFSSL_BIO_CTRL_SET_CLOSE
+#define BIO_CTRL_PENDING            WOLFSSL_BIO_CTRL_PENDING
+#define BIO_CTRL_FLUSH              WOLFSSL_BIO_CTRL_FLUSH
+#define BIO_CTRL_DUP                WOLFSSL_BIO_CTRL_DUP
+#define BIO_CTRL_WPENDING           WOLFSSL_BIO_CTRL_WPENDING
 
-#define BIO_C_SET_FILE_PTR              106
-#define BIO_C_GET_FILE_PTR              107
-#define BIO_C_SET_FILENAME              108
-#define BIO_C_SET_BUF_MEM               114
-#define BIO_C_GET_BUF_MEM_PTR           115
-#define BIO_C_FILE_SEEK                 128
-#define BIO_C_SET_BUF_MEM_EOF_RETURN    130
-#define BIO_C_SET_WRITE_BUF_SIZE        136
-#define BIO_C_MAKE_BIO_PAIR             138
+#define BIO_C_SET_FILE_PTR               WOLFSSL_BIO_C_SET_FILE_PTR
+#define BIO_C_GET_FILE_PTR               WOLFSSL_BIO_C_GET_FILE_PTR
+#define BIO_C_SET_FILENAME               WOLFSSL_BIO_C_SET_FILENAME
+#define BIO_C_SET_BUF_MEM                WOLFSSL_BIO_C_SET_BUF_MEM
+#define BIO_C_GET_BUF_MEM_PTR            WOLFSSL_BIO_C_GET_BUF_MEM_PTR
+#define BIO_C_FILE_SEEK                  WOLFSSL_BIO_C_FILE_SEEK
+#define BIO_C_SET_BUF_MEM_EOF_RETURN     WOLFSSL_BIO_C_SET_BUF_MEM_EOF_RETURN
+#define BIO_C_SET_WRITE_BUF_SIZE         WOLFSSL_BIO_C_SET_WRITE_BUF_SIZE
+#define BIO_C_MAKE_BIO_PAIR              WOLFSSL_BIO_C_MAKE_BIO_PAIR
 
-#define BIO_CTRL_DGRAM_CONNECT       31
-#define BIO_CTRL_DGRAM_SET_CONNECTED 32
-#define BIO_CTRL_DGRAM_QUERY_MTU     40
-#define BIO_CTRL_DGRAM_SET_PEER      44
+#define BIO_CTRL_DGRAM_CONNECT        WOLFSSL_BIO_CTRL_DGRAM_CONNECT
+#define BIO_CTRL_DGRAM_SET_CONNECTED  WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED
+#define BIO_CTRL_DGRAM_QUERY_MTU      WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU
+#define BIO_CTRL_DGRAM_SET_PEER       WOLFSSL_BIO_CTRL_DGRAM_SET_PEER
 
-#define BIO_FP_TEXT                0x00
-#define BIO_NOCLOSE                0x00
-#define BIO_CLOSE                  0x01
+#define BIO_FP_TEXT                 WOLFSSL_BIO_FP_TEXT
+#define BIO_NOCLOSE                 WOLFSSL_BIO_NOCLOSE
+#define BIO_CLOSE                   WOLFSSL_BIO_CLOSE
 
-#define BIO_FP_WRITE               0x04
+#define BIO_FP_WRITE                WOLFSSL_BIO_FP_WRITE
 
-/* You shouldn't free up or change the data if BIO_FLAGS_MEM_RDONLY is set */
-#define BIO_FLAGS_MEM_RDONLY       0x200
+#endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h
index 6c0373630..c4768b286 100644
--- a/wolfssl/openssl/bn.h
+++ b/wolfssl/openssl/bn.h
@@ -1,6 +1,6 @@
 /* bn.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,7 +40,7 @@
 typedef struct WOLFSSL_BIGNUM {
     int neg;        /* openssh deference */
     void *internal; /* our big num */
-#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH)
+#if !defined(NO_BIG_INT)
     mp_int mpi;
 #endif
 } WOLFSSL_BIGNUM;
@@ -77,11 +77,17 @@ typedef struct WOLFSSL_BIGNUM {
 
 #define WOLFSSL_BN_MAX_VAL          ((BN_ULONG)-1)
 
-typedef struct WOLFSSL_BN_CTX   WOLFSSL_BN_CTX;
-typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB;
+struct WOLFSSL_BN_CTX_LIST {
+    WOLFSSL_BIGNUM* bn;
+    struct WOLFSSL_BN_CTX_LIST* next;
+};
+typedef struct WOLFSSL_BN_CTX {
+    struct WOLFSSL_BN_CTX_LIST* list;
+} WOLFSSL_BN_CTX;
+typedef struct WOLFSSL_BN_MONT_CTX WOLFSSL_BN_MONT_CTX;
+typedef struct WOLFSSL_BN_GENCB    WOLFSSL_BN_GENCB;
 
 WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void);
-WOLFSSL_API void           wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx);
 WOLFSSL_API void           wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx);
 
 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void);
@@ -150,6 +156,8 @@ WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn,
                                   int n);
 WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
 WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
+WOLFSSL_API int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w);
+WOLFSSL_API int wolfSSL_BN_div_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w);
 WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n);
 WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n);
 WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
@@ -183,8 +191,15 @@ WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(
     const WOLFSSL_BIGNUM *n,
     WOLFSSL_BN_CTX *ctx);
 
+WOLFSSL_API WOLFSSL_BN_MONT_CTX* wolfSSL_BN_MONT_CTX_new(void);
+WOLFSSL_API void wolfSSL_BN_MONT_CTX_free(WOLFSSL_BN_MONT_CTX *mont);
+WOLFSSL_API int wolfSSL_BN_MONT_CTX_set(WOLFSSL_BN_MONT_CTX *mont,
+        const WOLFSSL_BIGNUM *mod, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API int wolfSSL_BN_mod_exp_mont_word(WOLFSSL_BIGNUM *r,
+        WOLFSSL_BN_ULONG a, const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m,
+        WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_MONT_CTX *mont);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 
 #define BN_RAND_TOP_ANY     WOLFSSL_BN_RAND_TOP_ANY
 #define BN_RAND_TOP_ONE     WOLFSSL_BN_RAND_TOP_ONE
@@ -193,13 +208,18 @@ WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(
 #define BN_RAND_BOTTOM_ANY  WOLFSSL_BN_RAND_BOTTOM_ANY
 #define BN_RAND_BOTTOM_ODD  WOLFSSL_BN_RAND_BOTTOM_ODD
 
-typedef WOLFSSL_BIGNUM   BIGNUM;
-typedef WOLFSSL_BN_CTX   BN_CTX;
-typedef WOLFSSL_BN_GENCB BN_GENCB;
+typedef WOLFSSL_BIGNUM      BIGNUM;
+typedef WOLFSSL_BN_CTX      BN_CTX;
+typedef WOLFSSL_BN_MONT_CTX BN_MONT_CTX;
+typedef WOLFSSL_BN_GENCB    BN_GENCB;
 
+#ifndef NO_WOLFSSL_BN_CTX
 #define BN_CTX_new        wolfSSL_BN_CTX_new
-#define BN_CTX_init       wolfSSL_BN_CTX_init
 #define BN_CTX_free       wolfSSL_BN_CTX_free
+#else
+#define BN_CTX_new()      ((BN_CTX*)-1)
+#define BN_CTX_free(x)    ((void)(x))
+#endif
 
 #define BN_new        wolfSSL_BN_new
 #if !defined(USE_INTEGER_HEAP_MATH) && !defined(HAVE_WOLF_BIGINT)
@@ -227,6 +247,8 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 
 #define BN_mod       wolfSSL_BN_mod
 #define BN_mod_exp   wolfSSL_BN_mod_exp
+#define BN_mod_exp_mont(a,b,c,d,e,f)   \
+    ((void)(f), wolfSSL_BN_mod_exp((a),(b),(c),(d),(e)))
 #define BN_mod_mul   wolfSSL_BN_mod_mul
 #define BN_sub       wolfSSL_BN_sub
 #define BN_mul       wolfSSL_BN_mul
@@ -254,7 +276,9 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 
 #define BN_lshift wolfSSL_BN_lshift
 #define BN_add_word wolfSSL_BN_add_word
+#define BN_mul_word wolfSSL_BN_mul_word
 #define BN_sub_word wolfSSL_BN_sub_word
+#define BN_div_word wolfSSL_BN_div_word
 #define BN_add wolfSSL_BN_add
 #define BN_mod_add wolfSSL_BN_mod_add
 #define BN_set_word wolfSSL_BN_set_word
@@ -288,7 +312,12 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 
 #define BN_prime_checks 0
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#define BN_MONT_CTX_new            wolfSSL_BN_MONT_CTX_new
+#define BN_MONT_CTX_free           wolfSSL_BN_MONT_CTX_free
+#define BN_MONT_CTX_set            wolfSSL_BN_MONT_CTX_set
+#define BN_mod_exp_mont_word       wolfSSL_BN_mod_exp_mont_word
+
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/buffer.h b/wolfssl/openssl/buffer.h
index c9f279020..548d744a8 100644
--- a/wolfssl/openssl/buffer.h
+++ b/wolfssl/openssl/buffer.h
@@ -1,6 +1,6 @@
 /* buffer.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -38,6 +38,7 @@ WOLFSSL_API int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len,
 WOLFSSL_API int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len);
 WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf);
 
+#ifndef OPENSSL_COEXIST
 
 #define BUF_MEM_new  wolfSSL_BUF_MEM_new
 #define BUF_MEM_grow wolfSSL_BUF_MEM_grow
@@ -47,6 +48,8 @@ WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf);
 #define BUF_strlcpy wc_strlcpy
 #define BUF_strlcat wc_strlcat
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/camellia.h b/wolfssl/openssl/camellia.h
index 0cad9c9ee..fe5b17c2c 100644
--- a/wolfssl/openssl/camellia.h
+++ b/wolfssl/openssl/camellia.h
@@ -1,6 +1,6 @@
 /* camellia.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/cmac.h b/wolfssl/openssl/cmac.h
index dd08497fa..489396c69 100644
--- a/wolfssl/openssl/cmac.h
+++ b/wolfssl/openssl/cmac.h
@@ -1,6 +1,6 @@
 /* cmac.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,8 +34,6 @@ typedef struct WOLFSSL_CMAC_CTX {
     WOLFSSL_EVP_CIPHER_CTX* cctx;
 } WOLFSSL_CMAC_CTX;
 
-typedef WOLFSSL_CMAC_CTX CMAC_CTX;
-
 WOLFSSL_API WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void);
 WOLFSSL_API void wolfSSL_CMAC_CTX_free(WOLFSSL_CMAC_CTX *ctx);
 WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX* wolfSSL_CMAC_CTX_get0_cipher_ctx(
@@ -48,6 +46,10 @@ WOLFSSL_API int wolfSSL_CMAC_Update(
 WOLFSSL_API int wolfSSL_CMAC_Final(
     WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len);
 
+#ifndef OPENSSL_COEXIST
+
+typedef WOLFSSL_CMAC_CTX CMAC_CTX;
+
 #define CMAC_CTX_new              wolfSSL_CMAC_CTX_new
 #define CMAC_CTX_free             wolfSSL_CMAC_CTX_free
 #define CMAC_CTX_get0_cipher_ctx  wolfSSL_CMAC_CTX_get0_cipher_ctx
@@ -55,6 +57,8 @@ WOLFSSL_API int wolfSSL_CMAC_Final(
 #define CMAC_Update               wolfSSL_CMAC_Update
 #define CMAC_Final                wolfSSL_CMAC_Final
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
 }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/cms.h b/wolfssl/openssl/cms.h
index 7febb6715..291c08d72 100644
--- a/wolfssl/openssl/cms.h
+++ b/wolfssl/openssl/cms.h
@@ -1,6 +1,6 @@
 /* cms.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/compat_types.h b/wolfssl/openssl/compat_types.h
index 93a3b12da..58113c4e1 100644
--- a/wolfssl/openssl/compat_types.h
+++ b/wolfssl/openssl/compat_types.h
@@ -1,6 +1,6 @@
 /* compat_types.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -50,7 +50,9 @@ typedef struct WOLFSSL_EVP_PKEY_CTX   WOLFSSL_EVP_PKEY_CTX;
 typedef struct WOLFSSL_EVP_CIPHER_CTX WOLFSSL_EVP_CIPHER_CTX;
 typedef struct WOLFSSL_ASN1_PCTX      WOLFSSL_ASN1_PCTX;
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+typedef struct WOLFSSL_BIO            WOLFSSL_BIO;
+
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 typedef WOLFSSL_EVP_MD         EVP_MD;
 typedef WOLFSSL_EVP_MD_CTX     EVP_MD_CTX;
 typedef WOLFSSL_EVP_CIPHER     EVP_CIPHER;
@@ -61,7 +63,7 @@ typedef WOLFSSL_EVP_PKEY       PKCS8_PRIV_KEY_INFO;
 
 typedef WOLFSSL_ENGINE         ENGINE;
 typedef WOLFSSL_EVP_PKEY_CTX   EVP_PKEY_CTX;
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 typedef unsigned long (*wolf_sk_hash_cb) (const void *v);
 
diff --git a/wolfssl/openssl/conf.h b/wolfssl/openssl/conf.h
index 4e9115f95..d2e2eb4ea 100644
--- a/wolfssl/openssl/conf.h
+++ b/wolfssl/openssl/conf.h
@@ -1,6 +1,6 @@
 /* conf.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,8 +45,10 @@ typedef struct WOLFSSL_CONF {
     WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *data;
 } WOLFSSL_CONF;
 
+#ifndef OPENSSL_COEXIST
 typedef WOLFSSL_CONF CONF;
 typedef WOLFSSL_CONF_VALUE CONF_VALUE;
+#endif
 
 #ifdef OPENSSL_EXTRA
 
@@ -58,7 +60,7 @@ WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val);
 WOLFSSL_API WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth);
 WOLFSSL_API char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
         const char *group, const char *name);
-WOLFSSL_API int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
+WOLFSSL_API int wolfSSL_NCONF_get_number(const WOLFSSL_CONF *conf, const char *group,
         const char *name, long *result);
 WOLFSSL_API WOLFSSL_STACK *wolfSSL_NCONF_get_section(
         const WOLFSSL_CONF *conf, const char *section);
@@ -80,6 +82,7 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf_nid(WOLFSSL_CONF* c
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf(WOLFSSL_CONF *conf,
         WOLFSSL_X509V3_CTX *ctx, const char *sName, const char *value);
 
+#ifndef OPENSSL_COEXIST
 #define sk_CONF_VALUE_new               wolfSSL_sk_CONF_VALUE_new
 #define sk_CONF_VALUE_free              wolfSSL_sk_CONF_VALUE_free
 #define sk_CONF_VALUE_pop_free(a,b)     wolfSSL_sk_CONF_VALUE_free(a)
@@ -103,6 +106,7 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf(WOLFSSL_CONF *conf,
 #define X509V3_EXT_nconf_nid            wolfSSL_X509V3_EXT_nconf_nid
 #define X509V3_EXT_nconf                wolfSSL_X509V3_EXT_nconf
 #define X509V3_conf_free                wolfSSL_X509V3_conf_free
+#endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA */
 
diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h
index e436e938c..e05468e84 100644
--- a/wolfssl/openssl/crypto.h
+++ b/wolfssl/openssl/crypto.h
@@ -1,6 +1,6 @@
 /* crypto.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,14 +29,20 @@
 typedef struct WOLFSSL_INIT_SETTINGS {
     char* appname;
 } WOLFSSL_INIT_SETTINGS;
-typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
+#ifndef OPENSSL_COEXIST
+#define OPENSSL_INIT_SETTINGS WOLFSSL_INIT_SETTINGS
+#endif
 
 typedef struct WOLFSSL_CRYPTO_THREADID {
     int dummy;
 } WOLFSSL_CRYPTO_THREADID;
+#ifndef OPENSSL_COEXIST
 typedef struct crypto_threadid_st   CRYPTO_THREADID;
+#endif
 
+#ifndef OPENSSL_COEXIST
 typedef struct CRYPTO_EX_DATA            CRYPTO_EX_DATA;
+#endif
 
 #ifdef HAVE_EX_DATA
 typedef WOLFSSL_CRYPTO_EX_new CRYPTO_new_func;
@@ -68,10 +74,13 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
 WOLFSSL_API int wolfSSL_OPENSSL_hexchar2int(unsigned char c);
 WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len);
 
-WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS *settings);
+WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const WOLFSSL_INIT_SETTINGS *settings);
 #endif
 
 /* class index for wolfSSL_CRYPTO_get_ex_new_index */
+
+#ifndef OPENSSL_COEXIST
+
 #define CRYPTO_EX_INDEX_SSL             WOLF_CRYPTO_EX_INDEX_SSL
 #define CRYPTO_EX_INDEX_SSL_CTX         WOLF_CRYPTO_EX_INDEX_SSL_CTX
 #define CRYPTO_EX_INDEX_SSL_SESSION     WOLF_CRYPTO_EX_INDEX_SSL_SESSION
@@ -153,6 +162,8 @@ WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETT
 
 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/des.h b/wolfssl/openssl/des.h
index 0f385a6d9..9554c2abb 100644
--- a/wolfssl/openssl/des.h
+++ b/wolfssl/openssl/des.h
@@ -1,6 +1,6 @@
 /* des.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -49,8 +49,8 @@ typedef unsigned int WOLFSSL_DES_LONG;
 
 
 enum {
-    DES_ENCRYPT = 1,
-    DES_DECRYPT = 0
+    WC_DES_ENCRYPT = 1,
+    WC_DES_DECRYPT = 0
 };
 
 
@@ -87,6 +87,13 @@ WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
 WOLFSSL_API int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock *myDes);
 
 
+#ifndef OPENSSL_COEXIST
+
+enum {
+    DES_ENCRYPT = WC_DES_ENCRYPT,
+    DES_DECRYPT = WC_DES_DECRYPT
+};
+
 typedef WOLFSSL_DES_cblock DES_cblock;
 typedef WOLFSSL_const_DES_cblock const_DES_cblock;
 typedef WOLFSSL_DES_key_schedule DES_key_schedule;
@@ -106,6 +113,8 @@ typedef WOLFSSL_DES_LONG DES_LONG;
 #define DES_cbc_cksum         wolfSSL_DES_cbc_cksum
 #define DES_check_key_parity  wolfSSL_DES_check_key_parity
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h
index 49f209ce8..70b1087b6 100644
--- a/wolfssl/openssl/dh.h
+++ b/wolfssl/openssl/dh.h
@@ -1,6 +1,6 @@
 /* dh.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,6 +26,7 @@
 #define WOLFSSL_DH_H_
 
 #include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/ssl.h>
 #include <wolfssl/openssl/opensslv.h>
 
 #ifdef __cplusplus
@@ -67,6 +68,9 @@ WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH* dh);
 WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH* dh);
 WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* pub,
                                      WOLFSSL_DH* dh);
+WOLFSSL_API int wolfSSL_DH_compute_key_padded(unsigned char* key,
+                                const WOLFSSL_BIGNUM* otherPub, WOLFSSL_DH* dh);
+
 WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf,
                                    int derSz);
 WOLFSSL_API int wolfSSL_DH_set_length(WOLFSSL_DH* dh, long len);
@@ -75,7 +79,7 @@ WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p,
 
 WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_get_2048_256(void);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 
 typedef WOLFSSL_DH                   DH;
 
@@ -91,6 +95,7 @@ typedef WOLFSSL_DH                   DH;
 #define DH_size         wolfSSL_DH_size
 #define DH_generate_key wolfSSL_DH_generate_key
 #define DH_compute_key  wolfSSL_DH_compute_key
+#define DH_compute_key_padded wolfSSL_DH_compute_key_padded
 #define DH_set_length   wolfSSL_DH_set_length
 #define DH_set0_pqg     wolfSSL_DH_set0_pqg
 #define DH_get0_pqg     wolfSSL_DH_get0_pqg
@@ -98,6 +103,8 @@ typedef WOLFSSL_DH                   DH;
 #define DH_set0_key     wolfSSL_DH_set0_key
 #define DH_bits(x)      (BN_num_bits((x)->p))
 
+#define OPENSSL_DH_MAX_MODULUS_BITS     DH_MAX_SIZE
+
 #define DH_GENERATOR_2                  2
 #define DH_CHECK_P_NOT_PRIME            0x01
 #define DH_CHECK_P_NOT_SAFE_PRIME       0x02
@@ -128,7 +135,7 @@ typedef WOLFSSL_DH                   DH;
 #define DH_GENERATOR_2 2
 #define DH_GENERATOR_5 5
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #ifdef __cplusplus
     }  /* extern "C" */
diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h
index 76a1252e1..d5f64bbfe 100644
--- a/wolfssl/openssl/dsa.h
+++ b/wolfssl/openssl/dsa.h
@@ -1,6 +1,6 @@
 /* dsa.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,6 +26,7 @@
 #define WOLFSSL_DSA_H_
 
 #include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/compat_types.h>
 
 #ifdef __cplusplus
     extern "C" {
@@ -117,11 +118,15 @@ WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams(
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
-typedef WOLFSSL_DSA                   DSA;
-
 #define WOLFSSL_DSA_LOAD_PRIVATE 1
 #define WOLFSSL_DSA_LOAD_PUBLIC  2
 
+#ifndef OPENSSL_COEXIST
+
+typedef WOLFSSL_DSA                   DSA;
+
+#define OPENSSL_DSA_MAX_MODULUS_BITS 3072
+
 #define DSA_new wolfSSL_DSA_new
 #define DSA_free wolfSSL_DSA_free
 #define DSA_print_fp wolfSSL_DSA_print_fp
@@ -148,6 +153,8 @@ typedef WOLFSSL_DSA                   DSA;
 
 #define DSA_SIG                    WOLFSSL_DSA_SIG
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h
index 319cf3c3b..d68217b8f 100644
--- a/wolfssl/openssl/ec.h
+++ b/wolfssl/openssl/ec.h
@@ -1,6 +1,6 @@
 /* ec.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,7 +25,9 @@
 #define WOLFSSL_EC_H_
 
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/openssl/compat_types.h>
 #include <wolfssl/openssl/bn.h>
+#include <wolfssl/openssl/compat_types.h>
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/ecc.h>
 
@@ -34,59 +36,114 @@ extern "C" {
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 /* Map OpenSSL NID value */
 enum {
-    POINT_CONVERSION_COMPRESSED = 2,
-    POINT_CONVERSION_UNCOMPRESSED = 4,
+    WC_POINT_CONVERSION_COMPRESSED = 2,
+    WC_POINT_CONVERSION_UNCOMPRESSED = 4,
 
 #ifdef HAVE_ECC
     /* Use OpenSSL NIDs. NIDs can be mapped to ecc_curve_id enum values by
         calling NIDToEccEnum() in ssl.c */
-    NID_X9_62_prime192v1 = 409,
-    NID_X9_62_prime192v2 = 410,
-    NID_X9_62_prime192v3 = 411,
-    NID_X9_62_prime239v1 = 412,
-    NID_X9_62_prime239v2 = 413,
-    NID_X9_62_prime239v3 = 418, /* Previous value conflicted with AES128CBCb */
-    NID_X9_62_prime256v1 = 415,
-    NID_secp112r1 = 704,
-    NID_secp112r2 = 705,
-    NID_secp128r1 = 706,
-    NID_secp128r2 = 707,
-    NID_secp160r1 = 709,
-    NID_secp160r2 = 710,
-    NID_secp224r1 = 713,
-    NID_secp384r1 = 715,
-    NID_secp521r1 = 716,
-    NID_secp160k1 = 708,
-    NID_secp192k1 = 711,
-    NID_secp224k1 = 712,
-    NID_secp256k1 = 714,
-    NID_brainpoolP160r1 = 921,
-    NID_brainpoolP192r1 = 923,
-    NID_brainpoolP224r1 = 925,
-    NID_brainpoolP256r1 = 927,
-    NID_brainpoolP320r1 = 929,
-    NID_brainpoolP384r1 = 931,
-    NID_brainpoolP512r1 = 933,
+    WC_NID_X9_62_prime192v1 = 409,
+    WC_NID_X9_62_prime192v2 = 410,
+    WC_NID_X9_62_prime192v3 = 411,
+    WC_NID_X9_62_prime239v1 = 412,
+    WC_NID_X9_62_prime239v2 = 413,
+    WC_NID_X9_62_prime239v3 = 418, /* Previous value conflicted with AES128CBCb */
+    WC_NID_X9_62_prime256v1 = 415,
+    WC_NID_secp112r1 = 704,
+    WC_NID_secp112r2 = 705,
+    WC_NID_secp128r1 = 706,
+    WC_NID_secp128r2 = 707,
+    WC_NID_secp160r1 = 709,
+    WC_NID_secp160r2 = 710,
+    WC_NID_secp224r1 = 713,
+    WC_NID_secp384r1 = 715,
+    WC_NID_secp521r1 = 716,
+    WC_NID_secp160k1 = 708,
+    WC_NID_secp192k1 = 711,
+    WC_NID_secp224k1 = 712,
+    WC_NID_secp256k1 = 714,
+    WC_NID_brainpoolP160r1 = 921,
+    WC_NID_brainpoolP192r1 = 923,
+    WC_NID_brainpoolP224r1 = 925,
+    WC_NID_brainpoolP256r1 = 927,
+    WC_NID_brainpoolP320r1 = 929,
+    WC_NID_brainpoolP384r1 = 931,
+    WC_NID_brainpoolP512r1 = 933,
 #endif
 
 #ifdef HAVE_ED448
-    NID_ED448 = ED448k,
+    WC_NID_ED448 = ED448k,
 #endif
 #ifdef HAVE_CURVE448
-    NID_X448 = X448k,
+    WC_NID_X448 = X448k,
 #endif
 #ifdef HAVE_ED25519
-    NID_ED25519 = ED25519k,
+    WC_NID_ED25519 = ED25519k,
 #endif
 #ifdef HAVE_CURVE25519
-    NID_X25519 = X25519k,
+    WC_NID_X25519 = X25519k,
 #endif
 
-    OPENSSL_EC_EXPLICIT_CURVE  = 0x000,
-    OPENSSL_EC_NAMED_CURVE  = 0x001,
+    WOLFSSL_EC_EXPLICIT_CURVE  = 0x000,
+    WOLFSSL_EC_NAMED_CURVE  = 0x001
 };
+
+#ifndef OPENSSL_COEXIST
+
+#define POINT_CONVERSION_COMPRESSED WC_POINT_CONVERSION_COMPRESSED
+#define POINT_CONVERSION_UNCOMPRESSED WC_POINT_CONVERSION_UNCOMPRESSED
+
+#ifdef HAVE_ECC
+#define NID_X9_62_prime192v1 WC_NID_X9_62_prime192v1
+#define NID_X9_62_prime192v2 WC_NID_X9_62_prime192v2
+#define NID_X9_62_prime192v3 WC_NID_X9_62_prime192v3
+#define NID_X9_62_prime239v1 WC_NID_X9_62_prime239v1
+#define NID_X9_62_prime239v2 WC_NID_X9_62_prime239v2
+#define NID_X9_62_prime239v3 WC_NID_X9_62_prime239v3
+#define NID_X9_62_prime256v1 WC_NID_X9_62_prime256v1
+#define NID_secp112r1 WC_NID_secp112r1
+#define NID_secp112r2 WC_NID_secp112r2
+#define NID_secp128r1 WC_NID_secp128r1
+#define NID_secp128r2 WC_NID_secp128r2
+#define NID_secp160r1 WC_NID_secp160r1
+#define NID_secp160r2 WC_NID_secp160r2
+#define NID_secp224r1 WC_NID_secp224r1
+#define NID_secp384r1 WC_NID_secp384r1
+#define NID_secp521r1 WC_NID_secp521r1
+#define NID_secp160k1 WC_NID_secp160k1
+#define NID_secp192k1 WC_NID_secp192k1
+#define NID_secp224k1 WC_NID_secp224k1
+#define NID_secp256k1 WC_NID_secp256k1
+#define NID_brainpoolP160r1 WC_NID_brainpoolP160r1
+#define NID_brainpoolP192r1 WC_NID_brainpoolP192r1
+#define NID_brainpoolP224r1 WC_NID_brainpoolP224r1
+#define NID_brainpoolP256r1 WC_NID_brainpoolP256r1
+#define NID_brainpoolP320r1 WC_NID_brainpoolP320r1
+#define NID_brainpoolP384r1 WC_NID_brainpoolP384r1
+#define NID_brainpoolP512r1 WC_NID_brainpoolP512r1
+#endif
+
+#ifdef HAVE_ED448
+#define NID_ED448 WC_NID_ED448
+#endif
+#ifdef HAVE_CURVE448
+#define NID_X448 WC_NID_X448
+#endif
+#ifdef HAVE_ED25519
+#define NID_ED25519 WC_NID_ED25519
+#endif
+#ifdef HAVE_CURVE25519
+#define NID_X25519 WC_NID_X25519
+#endif
+
+#define OPENSSL_EC_EXPLICIT_CURVE WOLFSSL_EC_EXPLICIT_CURVE
+#define OPENSSL_EC_NAMED_CURVE WOLFSSL_EC_NAMED_CURVE
+
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */
@@ -128,8 +185,8 @@ struct WOLFSSL_EC_KEY {
     word16 pkcs8HeaderSz;
 
     /* option bits */
-    byte inSet:1;                /* internal set from external ? */
-    byte exSet:1;                /* external set from internal ? */
+    WC_BITFIELD inSet:1;                /* internal set from external ? */
+    WC_BITFIELD exSet:1;                /* external set from internal ? */
 
     wolfSSL_Ref ref;             /* Reference count information. */
 };
@@ -142,7 +199,10 @@ struct WOLFSSL_EC_BUILTIN_CURVE {
 #define WOLFSSL_EC_KEY_LOAD_PRIVATE 1
 #define WOLFSSL_EC_KEY_LOAD_PUBLIC  2
 
-typedef int point_conversion_form_t;
+typedef int wc_point_conversion_form_t;
+#ifndef OPENSSL_COEXIST
+#define point_conversion_form_t wc_point_conversion_form_t
+#endif
 
 typedef struct WOLFSSL_EC_KEY_METHOD {
     /* Not implemented */
@@ -187,7 +247,7 @@ int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out);
 WOLFSSL_API
 void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, int form);
 WOLFSSL_API
-point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key);
+wc_point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key);
 WOLFSSL_API
 WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group,
                                           const WOLFSSL_EC_POINT *p,
@@ -205,6 +265,9 @@ WOLFSSL_API
 int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key,
                               const unsigned char* der, int derSz, int opt);
 WOLFSSL_API
+WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio,
+        WOLFSSL_EC_KEY **out);
+WOLFSSL_API
 void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key);
 WOLFSSL_API
 WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key);
@@ -342,7 +405,7 @@ WOLFSSL_API const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_get_method(
 WOLFSSL_API int wolfSSL_EC_KEY_set_method(WOLFSSL_EC_KEY *key,
         const WOLFSSL_EC_KEY_METHOD *meth);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 
 typedef WOLFSSL_EC_KEY                EC_KEY;
 typedef WOLFSSL_EC_GROUP              EC_GROUP;
@@ -371,6 +434,8 @@ typedef WOLFSSL_EC_KEY_METHOD         EC_KEY_METHOD;
 #define EC_KEY_check_key                wolfSSL_EC_KEY_check_key
 #define EC_KEY_print_fp                 wolfSSL_EC_KEY_print_fp
 
+#define d2i_EC_PUBKEY_bio               wolfSSL_d2i_EC_PUBKEY_bio
+
 #define ECDSA_size                      wolfSSL_ECDSA_size
 #define ECDSA_sign                      wolfSSL_ECDSA_sign
 #define ECDSA_verify                    wolfSSL_ECDSA_verify
@@ -386,7 +451,11 @@ typedef WOLFSSL_EC_KEY_METHOD         EC_KEY_METHOD;
 #define EC_GROUP_order_bits             wolfSSL_EC_GROUP_order_bits
 #define EC_GROUP_method_of              wolfSSL_EC_GROUP_method_of
 #ifndef NO_WOLFSSL_STUB
-#define EC_GROUP_set_point_conversion_form(...) WC_DO_NOTHING
+#ifdef WOLF_NO_VARIADIC_MACROS
+    #define EC_GROUP_set_point_conversion_form() WC_DO_NOTHING
+#else
+    #define EC_GROUP_set_point_conversion_form(...) WC_DO_NOTHING
+#endif
 #endif
 
 #define EC_METHOD_get_field_type        wolfSSL_EC_METHOD_get_field_type
@@ -424,6 +493,8 @@ typedef WOLFSSL_EC_KEY_METHOD         EC_KEY_METHOD;
 #define i2d_ECPrivateKey                wolfSSL_i2d_ECPrivateKey
 #define EC_KEY_set_conv_form            wolfSSL_EC_KEY_set_conv_form
 #define EC_KEY_get_conv_form            wolfSSL_EC_KEY_get_conv_form
+#define d2i_ECPKParameters              wolfSSL_d2i_ECPKParameters
+#define i2d_ECPKParameters              wolfSSL_i2d_ECPKParameters
 
 #define EC_POINT_point2hex              wolfSSL_EC_POINT_point2hex
 #define EC_POINT_hex2point              wolfSSL_EC_POINT_hex2point
@@ -442,7 +513,7 @@ typedef WOLFSSL_EC_KEY_METHOD         EC_KEY_METHOD;
 #define EC_KEY_get_method               wolfSSL_EC_KEY_get_method
 #define EC_KEY_set_method               wolfSSL_EC_KEY_set_method
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #ifdef __cplusplus
 }  /* extern "C" */
diff --git a/wolfssl/openssl/ec25519.h b/wolfssl/openssl/ec25519.h
index 0421ce83b..92cf807ca 100644
--- a/wolfssl/openssl/ec25519.h
+++ b/wolfssl/openssl/ec25519.h
@@ -1,6 +1,6 @@
 /* ec25519.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ec448.h b/wolfssl/openssl/ec448.h
index 89a9e1cc9..ce2cc7c0a 100644
--- a/wolfssl/openssl/ec448.h
+++ b/wolfssl/openssl/ec448.h
@@ -1,6 +1,6 @@
 /* ec448.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ecdh.h b/wolfssl/openssl/ecdh.h
index 74b8c910e..7fbc5a346 100644
--- a/wolfssl/openssl/ecdh.h
+++ b/wolfssl/openssl/ecdh.h
@@ -1,6 +1,6 @@
 /* ecdh.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ecdsa.h b/wolfssl/openssl/ecdsa.h
index 704f56d00..12d003f5c 100644
--- a/wolfssl/openssl/ecdsa.h
+++ b/wolfssl/openssl/ecdsa.h
@@ -1,6 +1,6 @@
 /* ecdsa.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,7 +37,9 @@ typedef struct WOLFSSL_ECDSA_SIG      WOLFSSL_ECDSA_SIG;
 #define WOLFSSL_ECDSA_TYPE_DEFINED
 #endif
 
+#ifndef OPENSSL_COEXIST
 typedef WOLFSSL_ECDSA_SIG             ECDSA_SIG;
+#endif
 
 struct WOLFSSL_ECDSA_SIG {
     WOLFSSL_BIGNUM *r;
@@ -64,6 +66,8 @@ WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG **sig,
 WOLFSSL_API int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig,
                                       unsigned char **pp);
 
+#ifndef OPENSSL_COEXIST
+
 #define ECDSA_SIG_free         wolfSSL_ECDSA_SIG_free
 #define ECDSA_SIG_new          wolfSSL_ECDSA_SIG_new
 #define ECDSA_SIG_get0         wolfSSL_ECDSA_SIG_get0
@@ -73,6 +77,8 @@ WOLFSSL_API int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig,
 #define d2i_ECDSA_SIG          wolfSSL_d2i_ECDSA_SIG
 #define i2d_ECDSA_SIG          wolfSSL_i2d_ECDSA_SIG
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
 }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/ed25519.h b/wolfssl/openssl/ed25519.h
index d4c1b1b91..9d67c6ffa 100644
--- a/wolfssl/openssl/ed25519.h
+++ b/wolfssl/openssl/ed25519.h
@@ -1,6 +1,6 @@
 /* ed25519.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/ed448.h b/wolfssl/openssl/ed448.h
index 3c9786264..793e66ff2 100644
--- a/wolfssl/openssl/ed448.h
+++ b/wolfssl/openssl/ed448.h
@@ -1,6 +1,6 @@
 /* ed448.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/err.h b/wolfssl/openssl/err.h
index 2af640784..6723ded60 100644
--- a/wolfssl/openssl/err.h
+++ b/wolfssl/openssl/err.h
@@ -1,6 +1,6 @@
 /* err.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,6 +25,26 @@
 #include <wolfssl/wolfcrypt/logging.h>
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
+#define wolfSSL_RSAerr(f,r)  wolfSSL_ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+#define wolfSSL_SSLerr(f,r)  wolfSSL_ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+#define wolfSSL_ECerr(f,r)   wolfSSL_ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+
+#define WOLFSSL_ERR_TXT_MALLOCED                        1
+
+/* SSL function codes */
+#define WOLFSSL_RSA_F_RSA_PADDING_ADD_SSLV23            0
+#define WOLFSSL_RSA_F_RSA_OSSL_PRIVATE_ENCRYPT          1
+#define WOLFSSL_SSL_F_SSL_CTX_USE_CERTIFICATE_FILE      2
+#define WOLFSSL_SSL_F_SSL_USE_PRIVATEKEY                3
+#define WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT            4
+
+/* reasons */
+#define WOLFSSL_ERR_R_SYS_LIB                           1
+#define WOLFSSL_PKCS12_R_MAC_VERIFY_FAILURE             2
+
+#ifndef OPENSSL_COEXIST
+
 /* err.h for openssl */
 #define ERR_load_ERR_strings             wolfSSL_ERR_load_ERR_strings
 #define ERR_load_crypto_strings          wolfSSL_ERR_load_crypto_strings
@@ -40,24 +60,25 @@
 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       WC_KEY_SIZE_E
 #define EC_R_BUFFER_TOO_SMALL                   BUFFER_E
 
-#define ERR_TXT_MALLOCED                        1
+#define ERR_TXT_MALLOCED                         WOLFSSL_ERR_TXT_MALLOCED
 
 /* SSL function codes */
-#define RSA_F_RSA_PADDING_ADD_SSLV23            0
-#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT          1
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE      2
-#define SSL_F_SSL_USE_PRIVATEKEY                3
-#define EC_F_EC_GFP_SIMPLE_POINT2OCT            4
+#define RSA_F_RSA_PADDING_ADD_SSLV23             WOLFSSL_RSA_F_RSA_PADDING_ADD_SSLV23
+#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT           WOLFSSL_RSA_F_RSA_OSSL_PRIVATE_ENCRYPT
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE       WOLFSSL_SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
+#define SSL_F_SSL_USE_PRIVATEKEY                 WOLFSSL_SSL_F_SSL_USE_PRIVATEKEY
+#define EC_F_EC_GFP_SIMPLE_POINT2OCT             WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT
 
 /* reasons */
-#define ERR_R_SYS_LIB                           1
-#define PKCS12_R_MAC_VERIFY_FAILURE             2
+#define ERR_R_SYS_LIB                            WOLFSSL_ERR_R_SYS_LIB
+#define PKCS12_R_MAC_VERIFY_FAILURE              WOLFSSL_PKCS12_R_MAC_VERIFY_FAILURE
 
-#define RSAerr(f,r)  ERR_put_error(0,(f),(r),__FILE__,__LINE__)
-#define SSLerr(f,r)  ERR_put_error(0,(f),(r),__FILE__,__LINE__)
-#define ECerr(f,r)   ERR_put_error(0,(f),(r),__FILE__,__LINE__)
+#define RSAerr(f,r)  wolfSSL_RSAerr(f,r)
+#define SSLerr(f,r)  wolfSSL_SSLerr(f,r)
+#define ECerr(f,r)   wolfSSL_ECerr(f,r)
+
+#endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #endif /* WOLFSSL_OPENSSL_ERR_ */
-
diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h
index fbfea201a..3192dbffd 100644
--- a/wolfssl/openssl/evp.h
+++ b/wolfssl/openssl/evp.h
@@ -1,6 +1,6 @@
 /* evp.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -221,6 +221,9 @@ typedef union {
     #ifdef WOLFSSL_SM3
         wc_Sm3               sm3;
     #endif
+    #if defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256)
+        wc_Shake            shake;
+    #endif
 } WOLFSSL_Hasher;
 
 
@@ -270,205 +273,413 @@ typedef union {
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
-#define NID_aes_128_cbc                 419
-#define NID_aes_192_cbc                 423
-#define NID_aes_256_cbc                 427
-#define NID_aes_128_ccm                 896
-#define NID_aes_192_ccm                 899
-#define NID_aes_256_ccm                 902
-#define NID_aes_128_gcm                 895
-#define NID_aes_192_gcm                 898
-#define NID_aes_256_gcm                 901
-#define NID_aes_128_ctr                 904
-#define NID_aes_192_ctr                 905
-#define NID_aes_256_ctr                 906
-#define NID_aes_128_ecb                 418
-#define NID_aes_192_ecb                 422
-#define NID_aes_256_ecb                 426
-#define NID_des_cbc                     31
-#define NID_des_ecb                     29
-#define NID_des_ede3_cbc                44
-#define NID_des_ede3_ecb                33
-#define NID_aes_128_cfb1                650
-#define NID_aes_192_cfb1                651
-#define NID_aes_256_cfb1                652
-#define NID_aes_128_cfb8                653
-#define NID_aes_192_cfb8                654
-#define NID_aes_256_cfb8                655
-#define NID_aes_128_cfb128              421
-#define NID_aes_192_cfb128              425
-#define NID_aes_256_cfb128              429
-#define NID_aes_128_ofb                 420
-#define NID_aes_192_ofb                 424
-#define NID_aes_256_ofb                 428
-#define NID_aes_128_xts                 913
-#define NID_aes_256_xts                 914
-#define NID_camellia_128_cbc            751
-#define NID_camellia_256_cbc            753
-#define NID_chacha20_poly1305           1018
-#define NID_chacha20                    1019
-#define NID_sm4_ecb                     1133
-#define NID_sm4_cbc                     1134
-#define NID_sm4_ctr                     1139
-#define NID_sm4_gcm                     1248
-#define NID_sm4_ccm                     1249
-#define NID_md5WithRSA                  104
-#define NID_md2WithRSAEncryption        9
-#define NID_md5WithRSAEncryption        99
-#define NID_dsaWithSHA1                 113
-#define NID_dsaWithSHA1_2               70
-#define NID_sha1WithRSA                 115
-#define NID_sha1WithRSAEncryption       65
-#define NID_sha224WithRSAEncryption     671
-#define NID_sha256WithRSAEncryption     668
-#define NID_sha384WithRSAEncryption     669
-#define NID_sha512WithRSAEncryption     670
-#define NID_RSA_SHA3_224                1116
-#define NID_RSA_SHA3_256                1117
-#define NID_RSA_SHA3_384                1118
-#define NID_RSA_SHA3_512                1119
-#define NID_rsassaPss                   912
-#define NID_ecdsa_with_SHA1             416
-#define NID_ecdsa_with_SHA224           793
-#define NID_ecdsa_with_SHA256           794
-#define NID_ecdsa_with_SHA384           795
-#define NID_ecdsa_with_SHA512           796
-#define NID_ecdsa_with_SHA3_224         1112
-#define NID_ecdsa_with_SHA3_256         1113
-#define NID_ecdsa_with_SHA3_384         1114
-#define NID_ecdsa_with_SHA3_512         1115
-#define NID_dsa_with_SHA224             802
-#define NID_dsa_with_SHA256             803
-#define NID_sha3_224                    1096
-#define NID_sha3_256                    1097
-#define NID_sha3_384                    1098
-#define NID_sha3_512                    1099
-#define NID_blake2b512                  1056
-#define NID_blake2s256                  1057
-#define NID_shake128                    1100
-#define NID_shake256                    1101
-#define NID_sha1                        64
-#define NID_sha224                      675
-#define NID_sm3                         1143
-#define NID_md2                         77
-#define NID_md4                         257
-#define NID_md5                         40
-#define NID_hmac                        855
-#define NID_hmacWithSHA1                163
-#define NID_hmacWithSHA224              798
-#define NID_hmacWithSHA256              799
-#define NID_hmacWithSHA384              800
-#define NID_hmacWithSHA512              801
-#define NID_hkdf                        1036
-#define NID_cmac                        894
-#define NID_dhKeyAgreement              28
-#define NID_ffdhe2048                   1126
-#define NID_ffdhe3072                   1127
-#define NID_ffdhe4096                   1128
-#define NID_rc4                         5
-#define NID_bf_cbc                      91
-#define NID_bf_ecb                      92
-#define NID_bf_cfb64                    93
-#define NID_bf_ofb64                    94
-#define NID_cast5_cbc                   108
-#define NID_cast5_ecb                   109
-#define NID_cast5_cfb64                 110
-#define NID_cast5_ofb64                 111
+/* note, this WC_NID_undef definition duplicates the definition in
+ * wolfcrypt/asn.h, which is gated out when -DNO_ASN.
+ */
+#define WC_NID_undef                       0
+
+#define WC_NID_aes_128_cbc                 419
+#define WC_NID_aes_192_cbc                 423
+#define WC_NID_aes_256_cbc                 427
+#define WC_NID_aes_128_ccm                 896
+#define WC_NID_aes_192_ccm                 899
+#define WC_NID_aes_256_ccm                 902
+#define WC_NID_aes_128_gcm                 895
+#define WC_NID_aes_192_gcm                 898
+#define WC_NID_aes_256_gcm                 901
+#define WC_NID_aes_128_ctr                 904
+#define WC_NID_aes_192_ctr                 905
+#define WC_NID_aes_256_ctr                 906
+#define WC_NID_aes_128_ecb                 418
+#define WC_NID_aes_192_ecb                 422
+#define WC_NID_aes_256_ecb                 426
+#define WC_NID_des_cbc                     31
+#define WC_NID_des_ecb                     29
+#define WC_NID_des_ede3_cbc                44
+#define WC_NID_des_ede3_ecb                33
+#define WC_NID_aes_128_cfb1                650
+#define WC_NID_aes_192_cfb1                651
+#define WC_NID_aes_256_cfb1                652
+#define WC_NID_aes_128_cfb8                653
+#define WC_NID_aes_192_cfb8                654
+#define WC_NID_aes_256_cfb8                655
+#define WC_NID_aes_128_cfb128              421
+#define WC_NID_aes_192_cfb128              425
+#define WC_NID_aes_256_cfb128              429
+#define WC_NID_aes_128_ofb                 420
+#define WC_NID_aes_192_ofb                 424
+#define WC_NID_aes_256_ofb                 428
+#define WC_NID_aes_128_xts                 913
+#define WC_NID_aes_256_xts                 914
+#define WC_NID_camellia_128_cbc            751
+#define WC_NID_camellia_256_cbc            753
+#define WC_NID_chacha20_poly1305           1018
+#define WC_NID_chacha20                    1019
+#define WC_NID_sm4_ecb                     1133
+#define WC_NID_sm4_cbc                     1134
+#define WC_NID_sm4_ctr                     1139
+#define WC_NID_sm4_gcm                     1248
+#define WC_NID_sm4_ccm                     1249
+#define WC_NID_md5WithRSA                  104
+#define WC_NID_md2WithRSAEncryption        9
+#define WC_NID_md5WithRSAEncryption        99
+#define WC_NID_dsaWithSHA1                 113
+#define WC_NID_dsaWithSHA1_2               70
+#define WC_NID_sha1WithRSA                 115
+#define WC_NID_sha1WithRSAEncryption       65
+#define WC_NID_sha224WithRSAEncryption     671
+#define WC_NID_sha256WithRSAEncryption     668
+#define WC_NID_sha384WithRSAEncryption     669
+#define WC_NID_sha512WithRSAEncryption     670
+#define WC_NID_RSA_SHA3_224                1116
+#define WC_NID_RSA_SHA3_256                1117
+#define WC_NID_RSA_SHA3_384                1118
+#define WC_NID_RSA_SHA3_512                1119
+#define WC_NID_rsassaPss                   912
+#define WC_NID_ecdsa_with_SHA1             416
+#define WC_NID_ecdsa_with_SHA224           793
+#define WC_NID_ecdsa_with_SHA256           794
+#define WC_NID_ecdsa_with_SHA384           795
+#define WC_NID_ecdsa_with_SHA512           796
+#define WC_NID_ecdsa_with_SHA3_224         1112
+#define WC_NID_ecdsa_with_SHA3_256         1113
+#define WC_NID_ecdsa_with_SHA3_384         1114
+#define WC_NID_ecdsa_with_SHA3_512         1115
+#define WC_NID_dsa_with_SHA224             802
+#define WC_NID_dsa_with_SHA256             803
+#define WC_NID_sha3_224                    1096
+#define WC_NID_sha3_256                    1097
+#define WC_NID_sha3_384                    1098
+#define WC_NID_sha3_512                    1099
+#define WC_NID_blake2b512                  1056
+#define WC_NID_blake2s256                  1057
+#define WC_NID_shake128                    1100
+#define WC_NID_shake256                    1101
+#define WC_NID_sha1                        64
+#define WC_NID_sha224                      675
+#define WC_NID_sm3                         1143
+#define WC_NID_md2                         77
+#define WC_NID_md4                         257
+#define WC_NID_md5                         40
+#define WC_NID_hmac                        855
+#define WC_NID_hmacWithSHA1                163
+#define WC_NID_hmacWithSHA224              798
+#define WC_NID_hmacWithSHA256              799
+#define WC_NID_hmacWithSHA384              800
+#define WC_NID_hmacWithSHA512              801
+#define WC_NID_hkdf                        1036
+#define WC_NID_cmac                        894
+#define WC_NID_dhKeyAgreement              28
+#define WC_NID_ffdhe2048                   1126
+#define WC_NID_ffdhe3072                   1127
+#define WC_NID_ffdhe4096                   1128
+#define WC_NID_rc4                         5
+#define WC_NID_bf_cbc                      91
+#define WC_NID_bf_ecb                      92
+#define WC_NID_bf_cfb64                    93
+#define WC_NID_bf_ofb64                    94
+#define WC_NID_cast5_cbc                   108
+#define WC_NID_cast5_ecb                   109
+#define WC_NID_cast5_cfb64                 110
+#define WC_NID_cast5_ofb64                 111
 /* key exchange */
-#define NID_kx_rsa                      1037
-#define NID_kx_ecdhe                    1038
-#define NID_kx_dhe                      1039
-#define NID_kx_ecdhe_psk                1040
-#define NID_kx_dhe_psk                  1041
-#define NID_kx_rsa_psk                  1042
-#define NID_kx_psk                      1043
-#define NID_kx_srp                      1044
-#define NID_kx_gost                     1045
-#define NID_kx_any                      1063
+#define WC_NID_kx_rsa                      1037
+#define WC_NID_kx_ecdhe                    1038
+#define WC_NID_kx_dhe                      1039
+#define WC_NID_kx_ecdhe_psk                1040
+#define WC_NID_kx_dhe_psk                  1041
+#define WC_NID_kx_rsa_psk                  1042
+#define WC_NID_kx_psk                      1043
+#define WC_NID_kx_srp                      1044
+#define WC_NID_kx_gost                     1045
+#define WC_NID_kx_any                      1063
 /* server authentication */
-#define NID_auth_rsa                    1046
-#define NID_auth_ecdsa                  1047
-#define NID_auth_psk                    1048
-#define NID_auth_dss                    1049
-#define NID_auth_srp                    1052
-#define NID_auth_null                   1054
-#define NID_auth_any                    1055
+#define WC_NID_auth_rsa                    1046
+#define WC_NID_auth_ecdsa                  1047
+#define WC_NID_auth_psk                    1048
+#define WC_NID_auth_dss                    1049
+#define WC_NID_auth_srp                    1052
+#define WC_NID_auth_null                   1054
+#define WC_NID_auth_any                    1055
 /* Curve */
-#define NID_aria_128_gcm                1123
-#define NID_aria_192_gcm                1124
-#define NID_aria_256_gcm                1125
-#define NID_sm2                         1172
+#define WC_NID_aria_128_gcm                1123
+#define WC_NID_aria_192_gcm                1124
+#define WC_NID_aria_256_gcm                1125
+#define WC_NID_sm2                         1172
 
-#define NID_X9_62_id_ecPublicKey EVP_PKEY_EC
-#define NID_rsaEncryption        EVP_PKEY_RSA
-#define NID_rsa                  EVP_PKEY_RSA
-#define NID_dsa                  EVP_PKEY_DSA
-
-#define EVP_PKEY_OP_SIGN    (1 << 3)
-#define EVP_PKEY_OP_VERIFY  (1 << 5)
-#define EVP_PKEY_OP_ENCRYPT (1 << 6)
-#define EVP_PKEY_OP_DECRYPT (1 << 7)
-#define EVP_PKEY_OP_DERIVE  (1 << 8)
-
-#define EVP_PKEY_PRINT_INDENT_MAX    128
+#define WC_NID_X9_62_id_ecPublicKey WC_EVP_PKEY_EC
+#define WC_NID_rsaEncryption        WC_EVP_PKEY_RSA
+#define WC_NID_rsa                  WC_EVP_PKEY_RSA
+#define WC_NID_dsa                  WC_EVP_PKEY_DSA
 
 enum {
-    AES_128_CBC_TYPE       = 1,
-    AES_192_CBC_TYPE       = 2,
-    AES_256_CBC_TYPE       = 3,
-    AES_128_CTR_TYPE       = 4,
-    AES_192_CTR_TYPE       = 5,
-    AES_256_CTR_TYPE       = 6,
-    AES_128_ECB_TYPE       = 7,
-    AES_192_ECB_TYPE       = 8,
-    AES_256_ECB_TYPE       = 9,
-    DES_CBC_TYPE           = 10,
-    DES_ECB_TYPE           = 11,
-    DES_EDE3_CBC_TYPE      = 12,
-    DES_EDE3_ECB_TYPE      = 13,
-    ARC4_TYPE              = 14,
-    NULL_CIPHER_TYPE       = 15,
-    EVP_PKEY_RSA           = 16,
-    EVP_PKEY_DSA           = 17,
-    EVP_PKEY_EC            = 18,
-    AES_128_GCM_TYPE       = 21,
-    AES_192_GCM_TYPE       = 22,
-    AES_256_GCM_TYPE       = 23,
-    EVP_PKEY_DH            = NID_dhKeyAgreement,
-    EVP_PKEY_HMAC          = NID_hmac,
-    EVP_PKEY_CMAC          = NID_cmac,
-    EVP_PKEY_HKDF          = NID_hkdf,
-    EVP_PKEY_FALCON        = 300, /* Randomly picked value. */
-    EVP_PKEY_DILITHIUM     = 301, /* Randomly picked value. */
-    AES_128_CFB1_TYPE      = 24,
-    AES_192_CFB1_TYPE      = 25,
-    AES_256_CFB1_TYPE      = 26,
-    AES_128_CFB8_TYPE      = 27,
-    AES_192_CFB8_TYPE      = 28,
-    AES_256_CFB8_TYPE      = 29,
-    AES_128_CFB128_TYPE    = 30,
-    AES_192_CFB128_TYPE    = 31,
-    AES_256_CFB128_TYPE    = 32,
-    AES_128_OFB_TYPE       = 33,
-    AES_192_OFB_TYPE       = 34,
-    AES_256_OFB_TYPE       = 35,
-    AES_128_XTS_TYPE       = 36,
-    AES_256_XTS_TYPE       = 37,
-    CHACHA20_POLY1305_TYPE = 38,
-    CHACHA20_TYPE          = 39,
-    AES_128_CCM_TYPE       = 40,
-    AES_192_CCM_TYPE       = 41,
-    AES_256_CCM_TYPE       = 42,
-    SM4_ECB_TYPE           = 43,
-    SM4_CBC_TYPE           = 44,
-    SM4_CTR_TYPE           = 45,
-    SM4_GCM_TYPE           = 46,
-    SM4_CCM_TYPE           = 47,
-    ARIA_128_GCM_TYPE      = 48,
-    ARIA_192_GCM_TYPE      = 49,
-    ARIA_256_GCM_TYPE      = 50
+    WC_EVP_PKEY_NONE          = WC_NID_undef,
+    WC_AES_128_CBC_TYPE       = 1,
+    WC_AES_192_CBC_TYPE       = 2,
+    WC_AES_256_CBC_TYPE       = 3,
+    WC_AES_128_CTR_TYPE       = 4,
+    WC_AES_192_CTR_TYPE       = 5,
+    WC_AES_256_CTR_TYPE       = 6,
+    WC_AES_128_ECB_TYPE       = 7,
+    WC_AES_192_ECB_TYPE       = 8,
+    WC_AES_256_ECB_TYPE       = 9,
+    WC_DES_CBC_TYPE           = 10,
+    WC_DES_ECB_TYPE           = 11,
+    WC_DES_EDE3_CBC_TYPE      = 12,
+    WC_DES_EDE3_ECB_TYPE      = 13,
+    WC_ARC4_TYPE              = 14,
+    WC_NULL_CIPHER_TYPE       = 15,
+    WC_EVP_PKEY_RSA           = 16,
+    WC_EVP_PKEY_DSA           = 17,
+    WC_EVP_PKEY_EC            = 18,
+    WC_AES_128_GCM_TYPE       = 21,
+    WC_AES_192_GCM_TYPE       = 22,
+    WC_AES_256_GCM_TYPE       = 23,
+    WC_EVP_PKEY_DH            = WC_NID_dhKeyAgreement,
+    WC_EVP_PKEY_HMAC          = WC_NID_hmac,
+    WC_EVP_PKEY_CMAC          = WC_NID_cmac,
+    WC_EVP_PKEY_HKDF          = WC_NID_hkdf,
+    WC_EVP_PKEY_FALCON        = 300, /* Randomly picked value. */
+    WC_EVP_PKEY_DILITHIUM     = 301, /* Randomly picked value. */
+    WC_AES_128_CFB1_TYPE      = 24,
+    WC_AES_192_CFB1_TYPE      = 25,
+    WC_AES_256_CFB1_TYPE      = 26,
+    WC_AES_128_CFB8_TYPE      = 27,
+    WC_AES_192_CFB8_TYPE      = 28,
+    WC_AES_256_CFB8_TYPE      = 29,
+    WC_AES_128_CFB128_TYPE    = 30,
+    WC_AES_192_CFB128_TYPE    = 31,
+    WC_AES_256_CFB128_TYPE    = 32,
+    WC_AES_128_OFB_TYPE       = 33,
+    WC_AES_192_OFB_TYPE       = 34,
+    WC_AES_256_OFB_TYPE       = 35,
+    WC_AES_128_XTS_TYPE       = 36,
+    WC_AES_256_XTS_TYPE       = 37,
+    WC_CHACHA20_POLY1305_TYPE = 38,
+    WC_CHACHA20_TYPE          = 39,
+    WC_AES_128_CCM_TYPE       = 40,
+    WC_AES_192_CCM_TYPE       = 41,
+    WC_AES_256_CCM_TYPE       = 42,
+    WC_SM4_ECB_TYPE           = 43,
+    WC_SM4_CBC_TYPE           = 44,
+    WC_SM4_CTR_TYPE           = 45,
+    WC_SM4_GCM_TYPE           = 46,
+    WC_SM4_CCM_TYPE           = 47,
+    WC_ARIA_128_GCM_TYPE      = 48,
+    WC_ARIA_192_GCM_TYPE      = 49,
+    WC_ARIA_256_GCM_TYPE      = 50
 };
 
+#define WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX    128
+
+#define WC_EVP_PKEY_OP_SIGN    (1 << 3)
+#define WC_EVP_PKEY_OP_VERIFY  (1 << 5)
+#define WC_EVP_PKEY_OP_ENCRYPT (1 << 6)
+#define WC_EVP_PKEY_OP_DECRYPT (1 << 7)
+#define WC_EVP_PKEY_OP_DERIVE  (1 << 8)
+
+#ifndef OPENSSL_COEXIST
+
+#define EVP_PKEY_NONE WC_EVP_PKEY_NONE
+#define AES_128_CBC_TYPE WC_AES_128_CBC_TYPE
+#define AES_192_CBC_TYPE WC_AES_192_CBC_TYPE
+#define AES_256_CBC_TYPE WC_AES_256_CBC_TYPE
+#define AES_128_CTR_TYPE WC_AES_128_CTR_TYPE
+#define AES_192_CTR_TYPE WC_AES_192_CTR_TYPE
+#define AES_256_CTR_TYPE WC_AES_256_CTR_TYPE
+#define AES_128_ECB_TYPE WC_AES_128_ECB_TYPE
+#define AES_192_ECB_TYPE WC_AES_192_ECB_TYPE
+#define AES_256_ECB_TYPE WC_AES_256_ECB_TYPE
+#define DES_CBC_TYPE WC_DES_CBC_TYPE
+#define DES_ECB_TYPE WC_DES_ECB_TYPE
+#define DES_EDE3_CBC_TYPE WC_DES_EDE3_CBC_TYPE
+#define DES_EDE3_ECB_TYPE WC_DES_EDE3_ECB_TYPE
+#define ARC4_TYPE WC_ARC4_TYPE
+#define NULL_CIPHER_TYPE WC_NULL_CIPHER_TYPE
+#define EVP_PKEY_RSA WC_EVP_PKEY_RSA
+#define EVP_PKEY_DSA WC_EVP_PKEY_DSA
+#define EVP_PKEY_EC WC_EVP_PKEY_EC
+#define AES_128_GCM_TYPE WC_AES_128_GCM_TYPE
+#define AES_192_GCM_TYPE WC_AES_192_GCM_TYPE
+#define AES_256_GCM_TYPE WC_AES_256_GCM_TYPE
+#define EVP_PKEY_DH WC_EVP_PKEY_DH
+#define EVP_PKEY_HMAC WC_EVP_PKEY_HMAC
+#define EVP_PKEY_CMAC WC_EVP_PKEY_CMAC
+#define EVP_PKEY_HKDF WC_EVP_PKEY_HKDF
+#define EVP_PKEY_FALCON WC_EVP_PKEY_FALCON
+#define EVP_PKEY_DILITHIUM WC_EVP_PKEY_DILITHIUM
+#define AES_128_CFB1_TYPE WC_AES_128_CFB1_TYPE
+#define AES_192_CFB1_TYPE WC_AES_192_CFB1_TYPE
+#define AES_256_CFB1_TYPE WC_AES_256_CFB1_TYPE
+#define AES_128_CFB8_TYPE WC_AES_128_CFB8_TYPE
+#define AES_192_CFB8_TYPE WC_AES_192_CFB8_TYPE
+#define AES_256_CFB8_TYPE WC_AES_256_CFB8_TYPE
+#define AES_128_CFB128_TYPE WC_AES_128_CFB128_TYPE
+#define AES_192_CFB128_TYPE WC_AES_192_CFB128_TYPE
+#define AES_256_CFB128_TYPE WC_AES_256_CFB128_TYPE
+#define AES_128_OFB_TYPE WC_AES_128_OFB_TYPE
+#define AES_192_OFB_TYPE WC_AES_192_OFB_TYPE
+#define AES_256_OFB_TYPE WC_AES_256_OFB_TYPE
+#define AES_128_XTS_TYPE WC_AES_128_XTS_TYPE
+#define AES_256_XTS_TYPE WC_AES_256_XTS_TYPE
+#define CHACHA20_POLY1305_TYPE WC_CHACHA20_POLY1305_TYPE
+#define CHACHA20_TYPE WC_CHACHA20_TYPE
+#define AES_128_CCM_TYPE WC_AES_128_CCM_TYPE
+#define AES_192_CCM_TYPE WC_AES_192_CCM_TYPE
+#define AES_256_CCM_TYPE WC_AES_256_CCM_TYPE
+#define SM4_ECB_TYPE WC_SM4_ECB_TYPE
+#define SM4_CBC_TYPE WC_SM4_CBC_TYPE
+#define SM4_CTR_TYPE WC_SM4_CTR_TYPE
+#define SM4_GCM_TYPE WC_SM4_GCM_TYPE
+#define SM4_CCM_TYPE WC_SM4_CCM_TYPE
+#define ARIA_128_GCM_TYPE WC_ARIA_128_GCM_TYPE
+#define ARIA_192_GCM_TYPE WC_ARIA_192_GCM_TYPE
+#define ARIA_256_GCM_TYPE WC_ARIA_256_GCM_TYPE
+
+#define NID_aes_128_cbc WC_NID_aes_128_cbc
+#define NID_aes_192_cbc WC_NID_aes_192_cbc
+#define NID_aes_256_cbc WC_NID_aes_256_cbc
+#define NID_aes_128_ccm WC_NID_aes_128_ccm
+#define NID_aes_192_ccm WC_NID_aes_192_ccm
+#define NID_aes_256_ccm WC_NID_aes_256_ccm
+#define NID_aes_128_gcm WC_NID_aes_128_gcm
+#define NID_aes_192_gcm WC_NID_aes_192_gcm
+#define NID_aes_256_gcm WC_NID_aes_256_gcm
+#define NID_aes_128_ctr WC_NID_aes_128_ctr
+#define NID_aes_192_ctr WC_NID_aes_192_ctr
+#define NID_aes_256_ctr WC_NID_aes_256_ctr
+#define NID_aes_128_ecb WC_NID_aes_128_ecb
+#define NID_aes_192_ecb WC_NID_aes_192_ecb
+#define NID_aes_256_ecb WC_NID_aes_256_ecb
+#define NID_des_cbc WC_NID_des_cbc
+#define NID_des_ecb WC_NID_des_ecb
+#define NID_des_ede3_cbc WC_NID_des_ede3_cbc
+#define NID_des_ede3_ecb WC_NID_des_ede3_ecb
+#define NID_aes_128_cfb1 WC_NID_aes_128_cfb1
+#define NID_aes_192_cfb1 WC_NID_aes_192_cfb1
+#define NID_aes_256_cfb1 WC_NID_aes_256_cfb1
+#define NID_aes_128_cfb8 WC_NID_aes_128_cfb8
+#define NID_aes_192_cfb8 WC_NID_aes_192_cfb8
+#define NID_aes_256_cfb8 WC_NID_aes_256_cfb8
+#define NID_aes_128_cfb128 WC_NID_aes_128_cfb128
+#define NID_aes_192_cfb128 WC_NID_aes_192_cfb128
+#define NID_aes_256_cfb128 WC_NID_aes_256_cfb128
+#define NID_aes_128_ofb WC_NID_aes_128_ofb
+#define NID_aes_192_ofb WC_NID_aes_192_ofb
+#define NID_aes_256_ofb WC_NID_aes_256_ofb
+#define NID_aes_128_xts WC_NID_aes_128_xts
+#define NID_aes_256_xts WC_NID_aes_256_xts
+#define NID_camellia_128_cbc WC_NID_camellia_128_cbc
+#define NID_camellia_256_cbc WC_NID_camellia_256_cbc
+#define NID_chacha20_poly1305 WC_NID_chacha20_poly1305
+#define NID_chacha20 WC_NID_chacha20
+#define NID_sm4_ecb WC_NID_sm4_ecb
+#define NID_sm4_cbc WC_NID_sm4_cbc
+#define NID_sm4_ctr WC_NID_sm4_ctr
+#define NID_sm4_gcm WC_NID_sm4_gcm
+#define NID_sm4_ccm WC_NID_sm4_ccm
+#define NID_md5WithRSA WC_NID_md5WithRSA
+#define NID_md2WithRSAEncryption WC_NID_md2WithRSAEncryption
+#define NID_md5WithRSAEncryption WC_NID_md5WithRSAEncryption
+#define NID_dsaWithSHA1 WC_NID_dsaWithSHA1
+#define NID_dsaWithSHA1_2 WC_NID_dsaWithSHA1_2
+#define NID_sha1WithRSA WC_NID_sha1WithRSA
+#define NID_sha1WithRSAEncryption WC_NID_sha1WithRSAEncryption
+#define NID_sha224WithRSAEncryption WC_NID_sha224WithRSAEncryption
+#define NID_sha256WithRSAEncryption WC_NID_sha256WithRSAEncryption
+#define NID_sha384WithRSAEncryption WC_NID_sha384WithRSAEncryption
+#define NID_sha512WithRSAEncryption WC_NID_sha512WithRSAEncryption
+#define NID_RSA_SHA3_224 WC_NID_RSA_SHA3_224
+#define NID_RSA_SHA3_256 WC_NID_RSA_SHA3_256
+#define NID_RSA_SHA3_384 WC_NID_RSA_SHA3_384
+#define NID_RSA_SHA3_512 WC_NID_RSA_SHA3_512
+#define NID_rsassaPss WC_NID_rsassaPss
+#define NID_ecdsa_with_SHA1 WC_NID_ecdsa_with_SHA1
+#define NID_ecdsa_with_SHA224 WC_NID_ecdsa_with_SHA224
+#define NID_ecdsa_with_SHA256 WC_NID_ecdsa_with_SHA256
+#define NID_ecdsa_with_SHA384 WC_NID_ecdsa_with_SHA384
+#define NID_ecdsa_with_SHA512 WC_NID_ecdsa_with_SHA512
+#define NID_ecdsa_with_SHA3_224 WC_NID_ecdsa_with_SHA3_224
+#define NID_ecdsa_with_SHA3_256 WC_NID_ecdsa_with_SHA3_256
+#define NID_ecdsa_with_SHA3_384 WC_NID_ecdsa_with_SHA3_384
+#define NID_ecdsa_with_SHA3_512 WC_NID_ecdsa_with_SHA3_512
+#define NID_dsa_with_SHA224 WC_NID_dsa_with_SHA224
+#define NID_dsa_with_SHA256 WC_NID_dsa_with_SHA256
+#define NID_sha3_224 WC_NID_sha3_224
+#define NID_sha3_256 WC_NID_sha3_256
+#define NID_sha3_384 WC_NID_sha3_384
+#define NID_sha3_512 WC_NID_sha3_512
+#define NID_blake2b512 WC_NID_blake2b512
+#define NID_blake2s256 WC_NID_blake2s256
+#define NID_shake128 WC_NID_shake128
+#define NID_shake256 WC_NID_shake256
+#define NID_sha1 WC_NID_sha1
+#define NID_sha224 WC_NID_sha224
+#define NID_sm3 WC_NID_sm3
+#define NID_md2 WC_NID_md2
+#define NID_md4 WC_NID_md4
+#define NID_md5 WC_NID_md5
+#define NID_hmac WC_NID_hmac
+#define NID_hmacWithSHA1 WC_NID_hmacWithSHA1
+#define NID_hmacWithSHA224 WC_NID_hmacWithSHA224
+#define NID_hmacWithSHA256 WC_NID_hmacWithSHA256
+#define NID_hmacWithSHA384 WC_NID_hmacWithSHA384
+#define NID_hmacWithSHA512 WC_NID_hmacWithSHA512
+#define NID_hkdf WC_NID_hkdf
+#define NID_cmac WC_NID_cmac
+#define NID_dhKeyAgreement WC_NID_dhKeyAgreement
+#define NID_ffdhe2048 WC_NID_ffdhe2048
+#define NID_ffdhe3072 WC_NID_ffdhe3072
+#define NID_ffdhe4096 WC_NID_ffdhe4096
+#define NID_rc4 WC_NID_rc4
+#define NID_bf_cbc WC_NID_bf_cbc
+#define NID_bf_ecb WC_NID_bf_ecb
+#define NID_bf_cfb64 WC_NID_bf_cfb64
+#define NID_bf_ofb64 WC_NID_bf_ofb64
+#define NID_cast5_cbc WC_NID_cast5_cbc
+#define NID_cast5_ecb WC_NID_cast5_ecb
+#define NID_cast5_cfb64 WC_NID_cast5_cfb64
+#define NID_cast5_ofb64 WC_NID_cast5_ofb64
+/* key exchange */
+#define NID_kx_rsa WC_NID_kx_rsa
+#define NID_kx_ecdhe WC_NID_kx_ecdhe
+#define NID_kx_dhe WC_NID_kx_dhe
+#define NID_kx_ecdhe_psk WC_NID_kx_ecdhe_psk
+#define NID_kx_dhe_psk WC_NID_kx_dhe_psk
+#define NID_kx_rsa_psk WC_NID_kx_rsa_psk
+#define NID_kx_psk WC_NID_kx_psk
+#define NID_kx_srp WC_NID_kx_srp
+#define NID_kx_gost WC_NID_kx_gost
+#define NID_kx_any WC_NID_kx_any
+/* server authentication */
+#define NID_auth_rsa WC_NID_auth_rsa
+#define NID_auth_ecdsa WC_NID_auth_ecdsa
+#define NID_auth_psk WC_NID_auth_psk
+#define NID_auth_dss WC_NID_auth_dss
+#define NID_auth_srp WC_NID_auth_srp
+#define NID_auth_null WC_NID_auth_null
+#define NID_auth_any WC_NID_auth_any
+/* Curve */
+#define NID_aria_128_gcm WC_NID_aria_128_gcm
+#define NID_aria_192_gcm WC_NID_aria_192_gcm
+#define NID_aria_256_gcm WC_NID_aria_256_gcm
+#define NID_sm2 WC_NID_sm2
+
+#define NID_X9_62_id_ecPublicKey WC_NID_X9_62_id_ecPublicKey
+#define NID_rsaEncryption WC_NID_rsaEncryption
+#define NID_rsa WC_NID_rsa
+#define NID_dsa WC_NID_dsa
+
+#define EVP_PKEY_OP_SIGN     WC_EVP_PKEY_OP_SIGN
+#define EVP_PKEY_OP_VERIFY   WC_EVP_PKEY_OP_VERIFY
+#define EVP_PKEY_OP_ENCRYPT  WC_EVP_PKEY_OP_ENCRYPT
+#define EVP_PKEY_OP_DECRYPT  WC_EVP_PKEY_OP_DECRYPT
+#define EVP_PKEY_OP_DERIVE   WC_EVP_PKEY_OP_DERIVE
+
+#define EVP_PKEY_PRINT_INDENT_MAX WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX
+
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 
@@ -481,7 +692,7 @@ struct WOLFSSL_EVP_CIPHER_CTX {
     unsigned char  cipherType;
 #if !defined(NO_AES)
     /* working iv pointer into cipher */
-    ALIGN16 unsigned char  iv[AES_BLOCK_SIZE];
+    ALIGN16 unsigned char  iv[WC_AES_BLOCK_SIZE];
 #elif defined(WOLFSSL_SM4)
     ALIGN16 unsigned char  iv[SM4_BLOCK_SIZE];
 #elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
@@ -514,7 +725,7 @@ struct WOLFSSL_EVP_CIPHER_CTX {
     defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \
     (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA)
-    ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
+    ALIGN16 unsigned char authTag[WC_AES_BLOCK_SIZE];
 #elif defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
     ALIGN16 unsigned char authTag[SM4_BLOCK_SIZE];
 #else
@@ -524,8 +735,8 @@ struct WOLFSSL_EVP_CIPHER_CTX {
 #endif
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
     defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
-    byte    authIvGenEnable:1;
-    byte    authIncIv:1;
+    WC_BITFIELD authIvGenEnable:1;
+    WC_BITFIELD authIncIv:1;
 #endif
 #endif
 };
@@ -590,6 +801,7 @@ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void);
 WOLFSSL_API void wolfSSL_EVP_init(void);
 WOLFSSL_API int  wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type);
 WOLFSSL_API int  wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type);
+WOLFSSL_API unsigned long wolfSSL_EVP_MD_flags(const WOLFSSL_EVP_MD *md);
 WOLFSSL_API int  wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type);
 WOLFSSL_API int  wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type);
 
@@ -615,6 +827,8 @@ WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char*
                                       unsigned int* s);
 WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx,
                                             unsigned char* md, unsigned int* s);
+WOLFSSL_API int wolfSSL_EVP_DigestFinalXOF(WOLFSSL_EVP_MD_CTX* ctx,
+                                            unsigned char* md, size_t sz);
 WOLFSSL_API int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx,
                                              const void *d, unsigned int cnt);
 WOLFSSL_API int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx,
@@ -888,6 +1102,7 @@ WOLFSSL_API int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx,
 WOLFSSL_API int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out,
                               unsigned int* outSz, const WOLFSSL_EVP_MD* evp,
                               WOLFSSL_ENGINE* eng);
+WOLFSSL_API const char* wolfSSL_EVP_CIPHER_type_string(unsigned int type);
 WOLFSSL_API int  wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
                                     const WOLFSSL_EVP_CIPHER* type,
                                     WOLFSSL_ENGINE *impl,
@@ -918,6 +1133,30 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
                                      const WOLFSSL_EVP_MD* type,
                                      WOLFSSL_ENGINE *impl);
 
+#define WOLFSSL_EVP_CTRL_INIT                  0x0
+#define WOLFSSL_EVP_CTRL_SET_KEY_LENGTH        0x1
+#define WOLFSSL_EVP_CTRL_SET_RC2_KEY_BITS      0x3  /* needed for qt compilation */
+
+#define WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN        0x9
+#define WOLFSSL_EVP_CTRL_AEAD_GET_TAG          0x10
+#define WOLFSSL_EVP_CTRL_AEAD_SET_TAG          0x11
+#define WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED     0x12
+#define WOLFSSL_EVP_CTRL_GCM_IV_GEN            0x13
+#define WOLFSSL_EVP_CTRL_GCM_SET_IVLEN         WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN
+#define WOLFSSL_EVP_CTRL_GCM_GET_TAG           WOLFSSL_EVP_CTRL_AEAD_GET_TAG
+#define WOLFSSL_EVP_CTRL_GCM_SET_TAG           WOLFSSL_EVP_CTRL_AEAD_SET_TAG
+#define WOLFSSL_EVP_CTRL_GCM_SET_IV_FIXED      WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED
+#define WOLFSSL_EVP_CTRL_CCM_SET_IVLEN         WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN
+#define WOLFSSL_EVP_CTRL_CCM_GET_TAG           WOLFSSL_EVP_CTRL_AEAD_GET_TAG
+#define WOLFSSL_EVP_CTRL_CCM_SET_TAG           WOLFSSL_EVP_CTRL_AEAD_SET_TAG
+#define WOLFSSL_EVP_CTRL_CCM_SET_L             0x14
+#define WOLFSSL_EVP_CTRL_CCM_SET_MSGLEN        0x15
+#define WOLFSSL_EVP_MD_FLAG_XOF 0x2
+
+#define WOLFSSL_NO_PADDING_BLOCK_SIZE      1
+
+#ifndef OPENSSL_COEXIST
+
 #define EVP_CIPH_STREAM_CIPHER    WOLFSSL_EVP_CIPH_STREAM_CIPHER
 #define EVP_CIPH_VARIABLE_LENGTH  WOLFSSL_EVP_CIPH_VARIABLE_LENGTH
 #define EVP_CIPH_ECB_MODE         WOLFSSL_EVP_CIPH_ECB_MODE
@@ -1022,15 +1261,18 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define EVP_MD_block_size       wolfSSL_EVP_MD_block_size
 #define EVP_MD_type             wolfSSL_EVP_MD_type
 #ifndef NO_WOLFSSL_STUB
-#define EVP_MD_CTX_set_flags(...) WC_DO_NOTHING
+#define EVP_MD_CTX_set_flags(ctx, flags) WC_DO_NOTHING
 #endif
 
+#define EVP_MD_FLAG_XOF WOLFSSL_EVP_MD_FLAG_XOF
+
 #define EVP_Digest             wolfSSL_EVP_Digest
 #define EVP_DigestInit         wolfSSL_EVP_DigestInit
 #define EVP_DigestInit_ex      wolfSSL_EVP_DigestInit_ex
 #define EVP_DigestUpdate       wolfSSL_EVP_DigestUpdate
 #define EVP_DigestFinal        wolfSSL_EVP_DigestFinal
 #define EVP_DigestFinal_ex     wolfSSL_EVP_DigestFinal_ex
+#define EVP_DigestFinalXOF     wolfSSL_EVP_DigestFinalXOF
 #define EVP_DigestSignInit     wolfSSL_EVP_DigestSignInit
 #define EVP_DigestSignUpdate   wolfSSL_EVP_DigestSignUpdate
 #define EVP_DigestSignFinal    wolfSSL_EVP_DigestSignFinal
@@ -1080,6 +1322,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define EVP_get_cipherbynid           wolfSSL_EVP_get_cipherbynid
 #define EVP_get_digestbynid           wolfSSL_EVP_get_digestbynid
 #define EVP_MD_nid                    wolfSSL_EVP_MD_type
+#define EVP_MD_flags                  wolfSSL_EVP_MD_flags
 
 #define EVP_PKEY_assign                wolfSSL_EVP_PKEY_assign
 #define EVP_PKEY_assign_RSA            wolfSSL_EVP_PKEY_assign_RSA
@@ -1179,7 +1422,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define OPENSSL_add_all_algorithms_noconf OpenSSL_add_all_algorithms_noconf
 #define OPENSSL_add_all_algorithms_conf   OpenSSL_add_all_algorithms_conf
 
-#define NO_PADDING_BLOCK_SIZE      1
+#define NO_PADDING_BLOCK_SIZE      WOLFSSL_NO_PADDING_BLOCK_SIZE
 
 #define PKCS5_PBKDF2_HMAC_SHA1     wolfSSL_PKCS5_PBKDF2_HMAC_SHA1
 #define PKCS5_PBKDF2_HMAC          wolfSSL_PKCS5_PBKDF2_HMAC
@@ -1190,20 +1433,20 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #define EVP_CTRL_SET_KEY_LENGTH        0x1
 #define EVP_CTRL_SET_RC2_KEY_BITS      0x3  /* needed for qt compilation */
 
-#define EVP_CTRL_AEAD_SET_IVLEN        0x9
-#define EVP_CTRL_AEAD_GET_TAG          0x10
-#define EVP_CTRL_AEAD_SET_TAG          0x11
-#define EVP_CTRL_AEAD_SET_IV_FIXED     0x12
-#define EVP_CTRL_GCM_IV_GEN            0x13
-#define EVP_CTRL_GCM_SET_IVLEN         EVP_CTRL_AEAD_SET_IVLEN
-#define EVP_CTRL_GCM_GET_TAG           EVP_CTRL_AEAD_GET_TAG
-#define EVP_CTRL_GCM_SET_TAG           EVP_CTRL_AEAD_SET_TAG
-#define EVP_CTRL_GCM_SET_IV_FIXED      EVP_CTRL_AEAD_SET_IV_FIXED
-#define EVP_CTRL_CCM_SET_IVLEN         EVP_CTRL_AEAD_SET_IVLEN
-#define EVP_CTRL_CCM_GET_TAG           EVP_CTRL_AEAD_GET_TAG
-#define EVP_CTRL_CCM_SET_TAG           EVP_CTRL_AEAD_SET_TAG
-#define EVP_CTRL_CCM_SET_L             0x14
-#define EVP_CTRL_CCM_SET_MSGLEN        0x15
+#define EVP_CTRL_AEAD_SET_IVLEN        WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN
+#define EVP_CTRL_AEAD_GET_TAG          WOLFSSL_EVP_CTRL_AEAD_GET_TAG
+#define EVP_CTRL_AEAD_SET_TAG          WOLFSSL_EVP_CTRL_AEAD_SET_TAG
+#define EVP_CTRL_AEAD_SET_IV_FIXED     WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED
+#define EVP_CTRL_GCM_IV_GEN            WOLFSSL_EVP_CTRL_GCM_IV_GEN
+#define EVP_CTRL_GCM_SET_IVLEN         WOLFSSL_EVP_CTRL_GCM_SET_IVLEN
+#define EVP_CTRL_GCM_GET_TAG           WOLFSSL_EVP_CTRL_GCM_GET_TAG
+#define EVP_CTRL_GCM_SET_TAG           WOLFSSL_EVP_CTRL_GCM_SET_TAG
+#define EVP_CTRL_GCM_SET_IV_FIXED      WOLFSSL_EVP_CTRL_GCM_SET_IV_FIXED
+#define EVP_CTRL_CCM_SET_IVLEN         WOLFSSL_EVP_CTRL_CCM_SET_IVLEN
+#define EVP_CTRL_CCM_GET_TAG           WOLFSSL_EVP_CTRL_CCM_GET_TAG
+#define EVP_CTRL_CCM_SET_TAG           WOLFSSL_EVP_CTRL_CCM_SET_TAG
+#define EVP_CTRL_CCM_SET_L             WOLFSSL_EVP_CTRL_CCM_SET_L
+#define EVP_CTRL_CCM_SET_MSGLEN        WOLFSSL_EVP_CTRL_CCM_SET_MSGLEN
 
 #define EVP_PKEY_print_public           wolfSSL_EVP_PKEY_print_public
 #define EVP_PKEY_print_private(arg1, arg2, arg3, arg4) WC_DO_NOTHING
@@ -1230,13 +1473,11 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 #endif
 
 
-#define EVP_R_BAD_DECRYPT               (-MIN_CODE_E + 100 + 1)
-#define EVP_R_BN_DECODE_ERROR           (-MIN_CODE_E + 100 + 2)
-#define EVP_R_DECODE_ERROR              (-MIN_CODE_E + 100 + 3)
-#define EVP_R_PRIVATE_KEY_DECODE_ERROR  (-MIN_CODE_E + 100 + 4)
+#define EVP_R_BAD_DECRYPT               (-WOLFSSL_EVP_R_BAD_DECRYPT_E)
+#define EVP_R_BN_DECODE_ERROR           (-WOLFSSL_EVP_R_BN_DECODE_ERROR)
+#define EVP_R_DECODE_ERROR              (-WOLFSSL_EVP_R_DECODE_ERROR)
+#define EVP_R_PRIVATE_KEY_DECODE_ERROR  (-WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR)
 
-#define EVP_PKEY_NONE                   NID_undef
-#define EVP_PKEY_DH                     28
 #define EVP_CIPHER_mode                 WOLFSSL_EVP_CIPHER_mode
 /* WOLFSSL_EVP_CIPHER is just the string name of the cipher */
 #define EVP_CIPHER_name(x)              x
@@ -1278,6 +1519,8 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
 
 WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k);
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/fips_rand.h b/wolfssl/openssl/fips_rand.h
index 58f21b341..4142e7e20 100644
--- a/wolfssl/openssl/fips_rand.h
+++ b/wolfssl/openssl/fips_rand.h
@@ -1,6 +1,6 @@
 /* fips_rand.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/hmac.h b/wolfssl/openssl/hmac.h
index 71a473b4f..b29d4fc2e 100644
--- a/wolfssl/openssl/hmac.h
+++ b/wolfssl/openssl/hmac.h
@@ -1,6 +1,6 @@
 /* hmac.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -67,6 +67,8 @@ WOLFSSL_API void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx);
 WOLFSSL_API size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx);
 WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX *ctx);
 
+#ifndef OPENSSL_COEXIST
+
 typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
 
 #define HMAC wolfSSL_HMAC
@@ -85,6 +87,7 @@ typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
 #define HMAC_size     wolfSSL_HMAC_size
 #define HMAC_CTX_get_md wolfSSL_HMAC_CTX_get_md
 
+#endif /* !OPENSSL_COEXIST */
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am
index dee416cd5..84e0dbb1f 100644
--- a/wolfssl/openssl/include.am
+++ b/wolfssl/openssl/include.am
@@ -46,6 +46,7 @@ nobase_include_HEADERS+= \
                          wolfssl/openssl/pkcs7.h \
                          wolfssl/openssl/rand.h \
                          wolfssl/openssl/rsa.h \
+                         wolfssl/openssl/safestack.h \
                          wolfssl/openssl/sha.h \
                          wolfssl/openssl/sha3.h \
                          wolfssl/openssl/srp.h \
diff --git a/wolfssl/openssl/kdf.h b/wolfssl/openssl/kdf.h
index 08d8327a7..f36aedcec 100644
--- a/wolfssl/openssl/kdf.h
+++ b/wolfssl/openssl/kdf.h
@@ -1,6 +1,6 @@
 /* kdf.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,9 +26,17 @@
     extern "C" {
 #endif
 
-#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
-#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
-#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
+#define WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
+#define WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
+#define WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
+
+#ifndef OPENSSL_COEXIST
+
+#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND
+#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY
+#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY
+
+#endif /* !OPENSSL_COEXIST */
 
 #ifdef __cplusplus
     }  /* extern "C" */
diff --git a/wolfssl/openssl/lhash.h b/wolfssl/openssl/lhash.h
index 4c1637a6e..6a86992e6 100644
--- a/wolfssl/openssl/lhash.h
+++ b/wolfssl/openssl/lhash.h
@@ -1,6 +1,6 @@
 /* lhash.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/md4.h b/wolfssl/openssl/md4.h
index d478e9622..3d0549f18 100644
--- a/wolfssl/openssl/md4.h
+++ b/wolfssl/openssl/md4.h
@@ -1,6 +1,6 @@
 /* md4.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -46,6 +46,7 @@ WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data,
                        unsigned long len);
 WOLFSSL_API void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4);
 
+#ifndef OPENSSL_COEXIST
 
 typedef WOLFSSL_MD4_CTX MD4_CTX;
 
@@ -53,6 +54,8 @@ typedef WOLFSSL_MD4_CTX MD4_CTX;
 #define MD4_Update wolfSSL_MD4_Update
 #define MD4_Final  wolfSSL_MD4_Final
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/md5.h b/wolfssl/openssl/md5.h
index 62533a9ff..709c03fad 100644
--- a/wolfssl/openssl/md5.h
+++ b/wolfssl/openssl/md5.h
@@ -1,6 +1,6 @@
 /* md5.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,6 +58,8 @@ WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX* md5, const unsigned char*
 WOLFSSL_API unsigned char *wolfSSL_MD5(const unsigned char* data, size_t len,
             unsigned char* hash);
 
+#ifndef OPENSSL_COEXIST
+
 typedef WOLFSSL_MD5_CTX MD5_CTX;
 
 #define MD5_Init wolfSSL_MD5_Init
@@ -95,6 +97,8 @@ typedef WOLFSSL_MD5_CTX MD5_CTX;
     #define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE
 #endif
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/modes.h b/wolfssl/openssl/modes.h
index e6a584c70..50342bdd2 100644
--- a/wolfssl/openssl/modes.h
+++ b/wolfssl/openssl/modes.h
@@ -1,6 +1,6 @@
 /* modes.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/obj_mac.h b/wolfssl/openssl/obj_mac.h
index b083f049d..33041580f 100644
--- a/wolfssl/openssl/obj_mac.h
+++ b/wolfssl/openssl/obj_mac.h
@@ -1,6 +1,6 @@
 /* obj_mac.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,20 +27,60 @@
     extern "C" {
 #endif
 
-#define NID_sect163k1 721
-#define NID_sect163r1 722
-#define NID_sect163r2 723
-#define NID_sect193r1 724
-#define NID_sect193r2 725
-#define NID_sect233k1 726
-#define NID_sect233r1 727
-#define NID_sect239k1 728
-#define NID_sect283k1 729
-#define NID_sect283r1 730
-#define NID_sect409k1 731
-#define NID_sect409r1 732
-#define NID_sect571k1 733
-#define NID_sect571r1 734
+#define WC_NID_sect163k1 721
+#define WC_NID_sect163r1 722
+#define WC_NID_sect163r2 723
+#define WC_NID_sect193r1 724
+#define WC_NID_sect193r2 725
+#define WC_NID_sect233k1 726
+#define WC_NID_sect233r1 727
+#define WC_NID_sect239k1 728
+#define WC_NID_sect283k1 729
+#define WC_NID_sect283r1 730
+#define WC_NID_sect409k1 731
+#define WC_NID_sect409r1 732
+#define WC_NID_sect571k1 733
+#define WC_NID_sect571r1 734
+
+#ifndef OPENSSL_COEXIST
+
+#define NID_sect163k1 WC_NID_sect163k1
+#define NID_sect163r1 WC_NID_sect163r1
+#define NID_sect163r2 WC_NID_sect163r2
+#define NID_sect193r1 WC_NID_sect193r1
+#define NID_sect193r2 WC_NID_sect193r2
+#define NID_sect233k1 WC_NID_sect233k1
+#define NID_sect233r1 WC_NID_sect233r1
+#define NID_sect239k1 WC_NID_sect239k1
+#define NID_sect283k1 WC_NID_sect283k1
+#define NID_sect283r1 WC_NID_sect283r1
+#define NID_sect409k1 WC_NID_sect409k1
+#define NID_sect409r1 WC_NID_sect409r1
+#define NID_sect571k1 WC_NID_sect571k1
+#define NID_sect571r1 WC_NID_sect571r1
+
+/* mapping of short names */
+#define SN_md4        WC_SN_md4
+#define SN_md5        WC_SN_md5
+#define SN_sha1       WC_SN_sha1
+#define SN_sha224     WC_SN_sha224
+#define SN_sha256     WC_SN_sha256
+#define SN_sha384     WC_SN_sha384
+#define SN_sha512     WC_SN_sha512
+#define SN_sha512_224 WC_SN_sha512_224
+#define SN_sha512_256 WC_SN_sha512_256
+#define SN_sha3_224   WC_SN_sha3_224
+#define SN_sha3_256   WC_SN_sha3_256
+#define SN_sha3_384   WC_SN_sha3_384
+#define SN_sha3_512   WC_SN_sha3_512
+#define SN_shake128   WC_SN_shake128
+#define SN_shake256   WC_SN_shake256
+#define SN_blake2s256 WC_SN_blake2s256
+#define SN_blake2s512 WC_SN_blake2s512
+#define SN_blake2b512 WC_SN_blake2b512
+#define SN_sm3        WC_SN_sm3
+
+#endif /* !OPENSSL_COEXIST */
 
 /* the definition is for Qt Unit test */
 #define SN_jurisdictionCountryName "jurisdictionC"
diff --git a/wolfssl/openssl/objects.h b/wolfssl/openssl/objects.h
index 08640fbf6..3325c83b9 100644
--- a/wolfssl/openssl/objects.h
+++ b/wolfssl/openssl/objects.h
@@ -1,6 +1,6 @@
 /* objects.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,12 +29,19 @@
 #include <wolfssl/ssl.h>
 #endif /* OPENSSL_EXTRA_SSL_GUARD */
 
+#include <wolfssl/openssl/obj_mac.h>
+
 #ifdef __cplusplus
     extern "C" {
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
+#define WC_NID_ad_OCSP                     178
+#define WC_NID_ad_ca_issuers               179
+
+#ifndef OPENSSL_COEXIST
+
 #define OBJ_NAME_TYPE_UNDEF     WOLFSSL_OBJ_NAME_TYPE_UNDEF
 #define OBJ_NAME_TYPE_MD_METH   WOLFSSL_OBJ_NAME_TYPE_MD_METH
 #define OBJ_NAME_TYPE_CIPHER_METH   WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH
@@ -64,9 +71,10 @@
 /* not required for wolfSSL */
 #define OPENSSL_load_builtin_modules() WC_DO_NOTHING
 
+#define NID_ad_OCSP WC_NID_ad_OCSP
+#define NID_ad_ca_issuers WC_NID_ad_ca_issuers
 
-#define NID_ad_OCSP                     178
-#define NID_ad_ca_issuers               179
+#endif /* !OPENSSL_COEXIST */
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
diff --git a/wolfssl/openssl/ocsp.h b/wolfssl/openssl/ocsp.h
index ac0e44f91..67ae0f10d 100644
--- a/wolfssl/openssl/ocsp.h
+++ b/wolfssl/openssl/ocsp.h
@@ -1,6 +1,6 @@
 /* ocsp.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,12 +27,18 @@
 #ifdef HAVE_OCSP
 #include <wolfssl/ocsp.h>
 
-#define OCSP_REQUEST              OcspRequest
-#define OCSP_RESPONSE             OcspResponse
-#define OCSP_BASICRESP            WOLFSSL_OCSP_BASICRESP
-#define OCSP_SINGLERESP           WOLFSSL_OCSP_SINGLERESP
-#define OCSP_CERTID               WOLFSSL_OCSP_CERTID
-#define OCSP_ONEREQ               WOLFSSL_OCSP_ONEREQ
+#ifndef OPENSSL_COEXIST
+
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\
+    defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
+typedef OcspRequest                      OCSP_REQUEST;
+typedef OcspResponse                     OCSP_RESPONSE;
+typedef WOLFSSL_OCSP_BASICRESP           OCSP_BASICRESP;
+typedef WOLFSSL_OCSP_SINGLERESP          OCSP_SINGLERESP;
+typedef WOLFSSL_OCSP_CERTID              OCSP_CERTID;
+typedef WOLFSSL_OCSP_ONEREQ              OCSP_ONEREQ;
+typedef WOLFSSL_OCSP_REQ_CTX             OCSP_REQ_CTX;
+#endif
 
 #define OCSP_REVOKED_STATUS_NOSTATUS     (-1)
 
@@ -85,6 +91,17 @@
 #define OCSP_resp_count           wolfSSL_OCSP_resp_count
 #define OCSP_resp_get0            wolfSSL_OCSP_resp_get0
 
+#define OCSP_REQ_CTX_new          wolfSSL_OCSP_REQ_CTX_new
+#define OCSP_REQ_CTX_free         wolfSSL_OCSP_REQ_CTX_free
+#define OCSP_sendreq_new          wolfSSL_OCSP_sendreq_new
+#define OCSP_REQ_CTX_set1_req     wolfSSL_OCSP_REQ_CTX_set1_req
+#define OCSP_REQ_CTX_add1_header  wolfSSL_OCSP_REQ_CTX_add1_header
+#define OCSP_REQ_CTX_http         wolfSSL_OCSP_REQ_CTX_http
+#define OCSP_REQ_CTX_nbio         wolfSSL_OCSP_REQ_CTX_nbio
+#define OCSP_sendreq_nbio         wolfSSL_OCSP_sendreq_nbio
+
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* HAVE_OCSP */
 
 #endif /* WOLFSSL_OCSP_H_ */
diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h
index 8d36ea24c..e643a64e4 100644
--- a/wolfssl/openssl/opensslv.h
+++ b/wolfssl/openssl/opensslv.h
@@ -1,6 +1,6 @@
 /* opensslv.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,7 +34,10 @@
     defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\
     defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\
     defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L)
-     /* valid version */
+    /* valid version */
+#elif defined(OPENSSL_VERSION_NUMBER)
+    /* unrecognized version, but continue. */
+    #define WOLFSSL_OPENSSL_VERSION_NUMBER_UNRECOGNIZED
 #elif defined(HAVE_MOSQUITTO)
     #define OPENSSL_VERSION_NUMBER 0x10100000L
 #elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \
@@ -57,11 +60,15 @@
     #define OPENSSL_VERSION_NUMBER 0x0090810fL
 #endif
 
-#define OPENSSL_VERSION_TEXT             "wolfSSL " LIBWOLFSSL_VERSION_STRING
-#define OPENSSL_VERSION                  0
+#ifndef OPENSSL_VERSION_TEXT
+    #define OPENSSL_VERSION_TEXT "wolfSSL " LIBWOLFSSL_VERSION_STRING
+#endif
+#ifndef OPENSSL_VERSION
+    #define OPENSSL_VERSION 0
+#endif
 
 #ifndef OPENSSL_IS_WOLFSSL
-#define OPENSSL_IS_WOLFSSL
+    #define OPENSSL_IS_WOLFSSL
 #endif
 
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
diff --git a/wolfssl/openssl/ossl_typ.h b/wolfssl/openssl/ossl_typ.h
index 8214fa3c8..084558d4c 100644
--- a/wolfssl/openssl/ossl_typ.h
+++ b/wolfssl/openssl/ossl_typ.h
@@ -1,6 +1,6 @@
 /* ossl_typ.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h
index 6d9d4418b..1cf424752 100644
--- a/wolfssl/openssl/pem.h
+++ b/wolfssl/openssl/pem.h
@@ -1,6 +1,6 @@
 /* pem.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -56,6 +56,8 @@ WOLFSSL_API
 WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
                                              WOLFSSL_RSA** rsa,
                                              wc_pem_password_cb* cb, void *u);
+WOLFSSL_API
+WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out);
 
 WOLFSSL_API
 WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
@@ -63,6 +65,12 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
                                                       wc_pem_password_cb* cb,
                                                       void* pass);
 WOLFSSL_API
+WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
+                                             const unsigned char **in,
+                                             long len);
+WOLFSSL_API
+int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp);
+WOLFSSL_API
 int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa,
                                         const WOLFSSL_EVP_CIPHER* cipher,
                                         unsigned char* passwd, int len,
@@ -173,6 +181,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
                                                   WOLFSSL_EVP_PKEY** key,
                                                   wc_pem_password_cb* cb,
                                                   void* pass);
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_API
+WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
+        WOLFSSL_PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg);
+#endif
 WOLFSSL_API
 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio,
                                               WOLFSSL_EVP_PKEY **key,
@@ -220,6 +233,8 @@ WOLFSSL_API
 int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #endif /* NO_FILESYSTEM */
 
+#ifndef OPENSSL_COEXIST
+
 #define PEM_BUFSIZE WOLF_PEM_BUFSIZE
 
 #define PEM_read                        wolfSSL_PEM_read
@@ -243,12 +258,12 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_write_bio_RSA_PUBKEY        wolfSSL_PEM_write_bio_RSA_PUBKEY
 #define PEM_read_bio_RSA_PUBKEY         wolfSSL_PEM_read_bio_RSA_PUBKEY
 #define PEM_read_bio_RSAPublicKey       wolfSSL_PEM_read_bio_RSA_PUBKEY
-#define PEM_read_bio_ECPKParameters     wolfSSL_PEM_read_bio_ECPKParameters
 #define PEM_write_RSAPrivateKey         wolfSSL_PEM_write_RSAPrivateKey
 #define PEM_write_RSA_PUBKEY            wolfSSL_PEM_write_RSA_PUBKEY
 #define PEM_read_RSA_PUBKEY             wolfSSL_PEM_read_RSA_PUBKEY
 #define PEM_write_RSAPublicKey          wolfSSL_PEM_write_RSAPublicKey
 #define PEM_read_RSAPublicKey           wolfSSL_PEM_read_RSAPublicKey
+#define d2i_RSA_PUBKEY_bio              wolfSSL_d2i_RSA_PUBKEY_bio
 /* DSA */
 #define PEM_write_bio_DSAPrivateKey     wolfSSL_PEM_write_bio_DSAPrivateKey
 #define PEM_write_DSAPrivateKey         wolfSSL_PEM_write_DSAPrivateKey
@@ -263,8 +278,9 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_write_ECPrivateKey          wolfSSL_PEM_write_ECPrivateKey
 #define PEM_read_bio_ECPrivateKey       wolfSSL_PEM_read_bio_ECPrivateKey
 #define PEM_read_bio_EC_PUBKEY          wolfSSL_PEM_read_bio_EC_PUBKEY
+#define PEM_read_bio_ECPKParameters     wolfSSL_PEM_read_bio_ECPKParameters
 #ifndef NO_WOLFSSL_STUB
-#define PEM_write_bio_ECPKParameters(...) 0
+#define PEM_write_bio_ECPKParameters(out, x) 0
 #endif
 /* EVP_KEY */
 #define PEM_read_bio_PrivateKey         wolfSSL_PEM_read_bio_PrivateKey
@@ -272,6 +288,11 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_read_bio_PUBKEY             wolfSSL_PEM_read_bio_PUBKEY
 #define PEM_write_bio_PUBKEY            wolfSSL_PEM_write_bio_PUBKEY
 
+#define PEM_write_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_read_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO
+
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/pkcs12.h b/wolfssl/openssl/pkcs12.h
index d82954da9..a59798c1c 100644
--- a/wolfssl/openssl/pkcs12.h
+++ b/wolfssl/openssl/pkcs12.h
@@ -1,6 +1,6 @@
 /* pkcs12.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,9 +28,15 @@
 #ifndef WOLFSSL_PKCS12_COMPAT_H_
 #define WOLFSSL_PKCS12_COMPAT_H_
 
-#define NID_pbe_WithSHA1AndDES_CBC             2
-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 3
-#define NID_pbe_WithSHA1And128BitRC4           1
+#define WC_NID_pbe_WithSHA1AndDES_CBC             2
+#define WC_NID_pbe_WithSHA1And3_Key_TripleDES_CBC 3
+#define WC_NID_pbe_WithSHA1And128BitRC4           1
+
+#ifndef OPENSSL_COEXIST
+
+#define NID_pbe_WithSHA1AndDES_CBC WC_NID_pbe_WithSHA1AndDES_CBC
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC WC_NID_pbe_WithSHA1And3_Key_TripleDES_CBC
+#define NID_pbe_WithSHA1And128BitRC4 WC_NID_pbe_WithSHA1And128BitRC4
 
 #define PKCS12_DEFAULT_ITER WC_PKCS12_ITT_DEFAULT
 
@@ -46,5 +52,6 @@
 #define PKCS12_create  wolfSSL_PKCS12_create
 #define PKCS12_PBE_add wolfSSL_PKCS12_PBE_add
 
-#endif /* WOLFSSL_PKCS12_COMPAT_H_ */
+#endif /* !OPENSSL_COEXIST */
 
+#endif /* WOLFSSL_PKCS12_COMPAT_H_ */
diff --git a/wolfssl/openssl/pkcs7.h b/wolfssl/openssl/pkcs7.h
index 9a53b89a5..84ae28581 100644
--- a/wolfssl/openssl/pkcs7.h
+++ b/wolfssl/openssl/pkcs7.h
@@ -1,6 +1,6 @@
 /* pkcs7.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/rand.h b/wolfssl/openssl/rand.h
index c88cd128f..4c41ed7a8 100644
--- a/wolfssl/openssl/rand.h
+++ b/wolfssl/openssl/rand.h
@@ -1,6 +1,6 @@
 /* rand.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,9 +21,18 @@
 
 /* rand.h for openSSL */
 
+#ifndef WOLFSSL_RAND_COMPAT_H_
+#define WOLFSSL_RAND_COMPAT_H_
+
 #include <wolfssl/openssl/ssl.h>
 #include <wolfssl/wolfcrypt/random.h>
 
+#ifndef OPENSSL_COEXIST
+
 typedef WOLFSSL_RAND_METHOD RAND_METHOD;
 
 #define RAND_set_rand_method     wolfSSL_RAND_set_rand_method
+
+#endif /* !OPENSSL_COEXIST */
+
+#endif /* WOLFSSL_RAND_COMPAT_H_ */
diff --git a/wolfssl/openssl/rc4.h b/wolfssl/openssl/rc4.h
index cef9330e3..309174b64 100644
--- a/wolfssl/openssl/rc4.h
+++ b/wolfssl/openssl/rc4.h
@@ -1,6 +1,6 @@
 /* rc4.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -41,16 +41,21 @@ typedef struct WOLFSSL_RC4_KEY {
     /* big enough for Arc4 from wolfssl/wolfcrypt/arc4.h */
     void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
 } WOLFSSL_RC4_KEY;
-typedef WOLFSSL_RC4_KEY RC4_KEY;
 
 WOLFSSL_API void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len,
         const unsigned char* data);
 WOLFSSL_API void wolfSSL_RC4(WOLFSSL_RC4_KEY* key, size_t len,
         const unsigned char* in, unsigned char* out);
 
+#ifndef OPENSSL_COEXIST
+
+typedef WOLFSSL_RC4_KEY RC4_KEY;
+
 #define RC4         wolfSSL_RC4
 #define RC4_set_key wolfSSL_RC4_set_key
 
+#endif /* !OPENSSL_COEXIST */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/openssl/ripemd.h b/wolfssl/openssl/ripemd.h
index a7c424793..0e80bb37a 100644
--- a/wolfssl/openssl/ripemd.h
+++ b/wolfssl/openssl/ripemd.h
@@ -1,6 +1,6 @@
 /* ripemd.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h
index 4d276cc23..111a89e85 100644
--- a/wolfssl/openssl/rsa.h
+++ b/wolfssl/openssl/rsa.h
@@ -1,6 +1,6 @@
 /* rsa.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,18 +27,28 @@
 
 #include <wolfssl/openssl/bn.h>
 #include <wolfssl/openssl/err.h>
+#include <wolfssl/openssl/compat_types.h>
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/rsa.h>
 
 #ifdef __cplusplus
     extern "C" {
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 /* Padding types */
-#define RSA_PKCS1_PADDING      0
-#define RSA_PKCS1_OAEP_PADDING 1
-#define RSA_PKCS1_PSS_PADDING  2
-#define RSA_NO_PADDING         3
+#define WC_RSA_PKCS1_PADDING      0
+#define WC_RSA_PKCS1_OAEP_PADDING 1
+#define WC_RSA_PKCS1_PSS_PADDING  2
+
+#ifndef OPENSSL_COEXIST
+
+/* Padding types */
+#define RSA_PKCS1_PADDING       WC_RSA_PKCS1_PADDING
+#define RSA_PKCS1_OAEP_PADDING  WC_RSA_PKCS1_OAEP_PADDING
+#define RSA_PKCS1_PSS_PADDING   WC_RSA_PKCS1_PSS_PADDING
+#define RSA_NO_PADDING          WC_RSA_NO_PAD
 
 /* Emulate OpenSSL flags */
 #define RSA_METHOD_FLAG_NO_CHECK        (1 << 1)
@@ -60,13 +70,15 @@
 #define RSA_PSS_SALTLEN_MAX      (-3)
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
+#endif /* !OPENSSL_COEXIST */
+
 typedef struct WOLFSSL_RSA_METHOD {
     /* Flags of RSA key implementation. */
     int flags;
     /* Name of RSA key implementation. */
     char *name;
     /* RSA method dynamically allocated. */
-    word16 dynamic:1;
+    WC_BITFIELD dynamic:1;
 } WOLFSSL_RSA_METHOD;
 
 #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
@@ -94,16 +106,16 @@ typedef struct WOLFSSL_RSA {
     int flags;                       /* Flags of implementation. */
 
     /* bits */
-    byte inSet:1;                    /* Internal set from external. */
-    byte exSet:1;                    /* External set from internal. */
-    byte ownRng:1;                   /* Rng needs to be free'd. */
+    WC_BITFIELD inSet:1;             /* Internal set from external. */
+    WC_BITFIELD exSet:1;             /* External set from internal. */
+    WC_BITFIELD ownRng:1;            /* Rng needs to be free'd. */
 } WOLFSSL_RSA;
 #endif
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 typedef WOLFSSL_RSA                   RSA;
 typedef WOLFSSL_RSA_METHOD            RSA_METHOD;
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId);
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void);
@@ -189,10 +201,15 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 #define WOLFSSL_RSA_LOAD_PRIVATE 1
 #define WOLFSSL_RSA_LOAD_PUBLIC  2
 #define WOLFSSL_RSA_F4           0x10001L
 
+#ifndef OPENSSL_COEXIST
+
+#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE
+
 #define RSA_new  wolfSSL_RSA_new
 #define RSA_free wolfSSL_RSA_free
 
@@ -240,6 +257,11 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
 
 #define RSA_F4             WOLFSSL_RSA_F4
 
+#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE
+#define OPENSSL_RSA_MAX_PUBEXP_BITS  RSA_MAX_SIZE
+
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef __cplusplus
diff --git a/wolfssl/openssl/safestack.h b/wolfssl/openssl/safestack.h
new file mode 100644
index 000000000..e059a6ed0
--- /dev/null
+++ b/wolfssl/openssl/safestack.h
@@ -0,0 +1,40 @@
+/* safestack.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* stack.h for openSSL */
+
+#ifndef WOLFSSL_SAFESTACK_H_
+#define WOLFSSL_SAFESTACK_H_
+
+#include <wolfssl/openssl/compat_types.h>
+#include <wolfssl/openssl/ssl.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h
index f9bc1a586..4644a3318 100644
--- a/wolfssl/openssl/sha.h
+++ b/wolfssl/openssl/sha.h
@@ -1,6 +1,6 @@
 /* sha.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -74,7 +74,7 @@ WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
 WOLFSSL_API int wolfSSL_SHA1_Final(byte* output, WOLFSSL_SHA_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha,
                                           const unsigned char *data);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA_DIGEST_LENGTH = 20
 };
@@ -99,7 +99,7 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
 #define SHA1_Final wolfSSL_SHA1_Final
 #define SHA1_Transform wolfSSL_SHA1_Transform
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* !NO_SHA */
 
 
@@ -125,7 +125,7 @@ WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX* sha, const void* input,
                            unsigned long sz);
 WOLFSSL_API int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA224_DIGEST_LENGTH = 28
 };
@@ -142,7 +142,7 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX;
      * because of SHA224 enum in FIPS build. */
     #define SHA224 wolfSSL_SHA224
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* WOLFSSL_SHA224 */
 
 #ifndef NO_SHA256
@@ -168,7 +168,7 @@ WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input
 WOLFSSL_API int wolfSSL_SHA256_Final(byte* output, WOLFSSL_SHA256_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256,
                                                 const unsigned char *data);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA256_DIGEST_LENGTH = 32
 };
@@ -196,7 +196,7 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX;
 
     #define SHA256 wolfSSL_SHA256
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* !NO_SHA256 */
 
 #ifdef WOLFSSL_SHA384
@@ -215,7 +215,7 @@ WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input,
                            unsigned long sz);
 WOLFSSL_API int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA384_DIGEST_LENGTH = 48
 };
@@ -230,7 +230,7 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX;
      * build. */
     #define SHA384 wolfSSL_SHA384
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #endif /* WOLFSSL_SHA384 */
 
@@ -252,7 +252,7 @@ WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha,
 WOLFSSL_API int wolfSSL_SHA512_Final(byte* output, WOLFSSL_SHA512_CTX* sha);
 WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX* sha512,
                                          const unsigned char* data);
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 enum {
     SHA512_DIGEST_LENGTH = 64
 };
@@ -268,7 +268,7 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX;
      * build. */
     #define SHA512 wolfSSL_SHA512
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 #if !defined(WOLFSSL_NOSHA512_224)
 typedef struct WOLFSSL_SHA512_CTX WOLFSSL_SHA512_224_CTX;
@@ -282,7 +282,7 @@ WOLFSSL_API int wolfSSL_SHA512_224_Final(byte* output,
 WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX* sha512,
                                           const unsigned char* data);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 #define SHA512_224_Init   wolfSSL_SHA512_224_Init
 #define SHA512_224_Update wolfSSL_SHA512_224_Update
 #define SHA512_224_Final  wolfSSL_SHA512_224_Final
@@ -291,7 +291,7 @@ WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX* sha512,
 #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
     #define SHA512_224 wolfSSL_SHA512_224
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* !WOLFSSL_NOSHA512_224 */
 
 #if !defined(WOLFSSL_NOSHA512_256)
@@ -305,7 +305,7 @@ WOLFSSL_API int wolfSSL_SHA512_256_Final(byte* output, WOLFSSL_SHA512_256_CTX* s
 WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
                                           const unsigned char* data);
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 #define SHA512_256_Init   wolfSSL_SHA512_256_Init
 #define SHA512_256_Update wolfSSL_SHA512_256_Update
 #define SHA512_256_Final  wolfSSL_SHA512_256_Final
@@ -314,7 +314,7 @@ WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
 #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
     #define SHA512_256 wolfSSL_SHA512_256
 #endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 #endif /* !WOLFSSL_NOSHA512_256 */
 
 
diff --git a/wolfssl/openssl/sha3.h b/wolfssl/openssl/sha3.h
index c2f5535c0..a970bfd2f 100644
--- a/wolfssl/openssl/sha3.h
+++ b/wolfssl/openssl/sha3.h
@@ -1,6 +1,6 @@
 /* sha3.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/srp.h b/wolfssl/openssl/srp.h
index 097cf5128..978e05d21 100644
--- a/wolfssl/openssl/srp.h
+++ b/wolfssl/openssl/srp.h
@@ -1,6 +1,6 @@
 /* srp.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,6 +24,10 @@
 
 #include <wolfssl/wolfcrypt/srp.h>
 
+#ifndef OPENSSL_COEXIST
+
 #define SRP_MINIMAL_N SRP_MODULUS_MIN_BITS
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* WOLFSSL_SRP_H_ */
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 29dbb9a2d..da1616845 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -1,6 +1,6 @@
 /* ssl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,6 +31,8 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
+#include <wolfssl/openssl/compat_types.h>
+
 /* wolfssl_openssl compatibility layer */
 #ifndef OPENSSL_EXTRA_SSL_GUARD
 #define OPENSSL_EXTRA_SSL_GUARD
@@ -75,6 +77,61 @@
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
+#ifndef WOLFCRYPT_ONLY
+
+#define WOLFSSL_ERR_LIB_SYS             2
+#define WOLFSSL_ERR_LIB_RSA             4
+#define WOLFSSL_ERR_LIB_PEM             9
+#define WOLFSSL_ERR_LIB_X509            10
+#define WOLFSSL_ERR_LIB_EVP             11
+#define WOLFSSL_ERR_LIB_ASN1            12
+#define WOLFSSL_ERR_LIB_DIGEST          13
+#define WOLFSSL_ERR_LIB_CIPHER          14
+#define WOLFSSL_ERR_LIB_USER            15
+#define WOLFSSL_ERR_LIB_EC              16
+#define WOLFSSL_ERR_LIB_SSL             20
+#define WOLFSSL_ERR_LIB_PKCS12          35
+
+#endif
+
+#ifndef WOLFCRYPT_ONLY
+#define WOLFSSL_PEMerr(func, reason)    wolfSSL_ERR_put_error(WOLFSSL_ERR_LIB_PEM, \
+                                        (func), (reason), __FILE__, __LINE__)
+#else
+#define WOLFSSL_PEMerr(func, reason)    WOLFSSL_ERROR_LINE((reason), \
+                                        NULL, __LINE__, __FILE__, NULL)
+#endif
+#ifndef WOLFCRYPT_ONLY
+#define WOLFSSL_EVPerr(func, reason)    wolfSSL_ERR_put_error(WOLFSSL_ERR_LIB_EVP, \
+                                        (func), (reason), __FILE__, __LINE__)
+#else
+#define WOLFSSL_EVPerr(func, reason)    WOLFSSL_ERROR_LINE((reason), \
+                                        NULL, __LINE__, __FILE__, NULL)
+#endif
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#define WOLFSSL_AD_UNRECOGNIZED_NAME unrecognized_name
+
+#define WOLFSSL_TLSEXT_STATUSTYPE_ocsp  1
+
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
+    defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_WPAS_SMALL)
+
+#define WOLFSSL_NPN_UNSUPPORTED 0
+#define WOLFSSL_NPN_NEGOTIATED  1
+#define WOLFSSL_NPN_NO_OVERLAP  2
+
+#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || \
+    WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_EXTRA || \
+    HAVE_LIGHTY || HAVE_STUNNEL || \
+    WOLFSSL_WPAS_SMALL */
+
+#if !defined(OPENSSL_COEXIST) && \
+    (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+
 typedef WOLFSSL          SSL;
 typedef WOLFSSL_SESSION  SSL_SESSION;
 typedef WOLFSSL_METHOD   SSL_METHOD;
@@ -82,6 +139,7 @@ typedef WOLFSSL_CTX      SSL_CTX;
 
 typedef WOLFSSL_X509       X509;
 typedef WOLFSSL_X509       X509_REQ;
+typedef WOLFSSL_X509       X509_REQ_INFO;
 typedef WOLFSSL_X509_NAME  X509_NAME;
 typedef WOLFSSL_X509_INFO  X509_INFO;
 typedef WOLFSSL_X509_CHAIN X509_CHAIN;
@@ -99,6 +157,7 @@ typedef WOLFSSL_CIPHER         SSL_CIPHER;
 typedef WOLFSSL_X509_LOOKUP    X509_LOOKUP;
 typedef WOLFSSL_X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
 typedef WOLFSSL_X509_CRL       X509_CRL;
+typedef WOLFSSL_X509_ACERT     X509_ACERT;
 typedef WOLFSSL_X509_EXTENSION X509_EXTENSION;
 typedef WOLFSSL_X509_PUBKEY    X509_PUBKEY;
 typedef WOLFSSL_X509_ALGOR     X509_ALGOR;
@@ -157,11 +216,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 
 #define CRYPTO_set_mem_functions        wolfSSL_CRYPTO_set_mem_functions
 
-/* depreciated */
+/* deprecated */
 #define CRYPTO_thread_id                wolfSSL_thread_id
 #define CRYPTO_set_id_callback          wolfSSL_set_id_callback
 
-#define CRYPTO_LOCK             0x01
+/* compat CRYPTO_LOCK is defined in wolfssl/ssl.h */
 #define CRYPTO_UNLOCK           0x02
 #define CRYPTO_READ             0x04
 #define CRYPTO_WRITE            0x08
@@ -205,7 +264,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_use_certificate_ASN1        wolfSSL_use_certificate_ASN1
 #define d2i_PKCS8_PRIV_KEY_INFO_bio     wolfSSL_d2i_PKCS8_PKEY_bio
 #define d2i_PKCS8_PRIV_KEY_INFO         wolfSSL_d2i_PKCS8_PKEY
-#define i2d_PKCS8_PRIV_KEY_INFO         wolfSSL_i2d_PrivateKey
+#define i2d_PKCS8_PRIV_KEY_INFO         wolfSSL_i2d_PKCS8_PKEY
 #define d2i_PKCS8PrivateKey_bio         wolfSSL_d2i_PKCS8PrivateKey_bio
 #define i2d_PKCS8PrivateKey_bio         wolfSSL_PEM_write_bio_PKCS8PrivateKey
 #define PKCS8_PRIV_KEY_INFO_free        wolfSSL_EVP_PKEY_free
@@ -230,6 +289,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSLv23_client_method            wolfSSLv23_client_method
 #define SSLv2_client_method             wolfSSLv2_client_method
 #define SSLv2_server_method             wolfSSLv2_server_method
+#define SSLv3_method                    wolfSSLv3_method
 #define SSLv3_server_method             wolfSSLv3_server_method
 #define SSLv3_client_method             wolfSSLv3_client_method
 #define TLS_client_method               wolfTLS_client_method
@@ -293,7 +353,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_write_early_data(ssl, d, dLen, len)  wolfSSL_write_early_data(ssl, d, (int)(dLen), (int *)(len))
 
 #define SSL_write                       wolfSSL_write
+#define SSL_write_ex                    wolfSSL_write_ex
 #define SSL_read                        wolfSSL_read
+#define SSL_read_ex                     wolfSSL_read_ex
 #define SSL_peek                        wolfSSL_peek
 #define SSL_accept                      wolfSSL_accept
 #define SSL_CTX_free                    wolfSSL_CTX_free
@@ -373,6 +435,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 
 #define SSL_get_version                 wolfSSL_get_version
 #define SSL_get_current_cipher          wolfSSL_get_current_cipher
+#define SSL_get_client_ciphers          wolfSSL_get_client_ciphers
 
 /* use wolfSSL_get_cipher_name for its return format */
 #define SSL_get_cipher                  wolfSSL_get_cipher_name
@@ -397,11 +460,14 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length
 #define SSL_SESSION_get_max_early_data  wolfSSL_SESSION_get_max_early_data
 
-#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
-    #define SSL_MODE_RELEASE_BUFFERS     0x00000010U
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+    /* compat SSL_MODE_RELEASE_BUFFERS is defined in wolfssl/ssl.h */
     #define ASN1_BOOLEAN                 WOLFSSL_ASN1_BOOLEAN
     #define X509_get_ext                 wolfSSL_X509_get_ext
     #define X509_get_ext_by_OBJ          wolfSSL_X509_get_ext_by_OBJ
+    #define X509_OBJECT_set1_X509        wolfSSL_X509_OBJECT_set1_X509
+    #define X509_OBJECT_set1_X509_CRL    wolfSSL_X509_OBJECT_set1_X509_CRL
+    #define sk_X509_OBJECT_deep_copy     wolfSSL_sk_X509_OBJECT_deep_copy
     #define X509_cmp                     wolfSSL_X509_cmp
     #define X509_EXTENSION_get_object    wolfSSL_X509_EXTENSION_get_object
     #define X509_EXTENSION_get_critical  wolfSSL_X509_EXTENSION_get_critical
@@ -426,6 +492,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define d2i_X509_fp                     wolfSSL_d2i_X509_fp
 #define i2d_X509                        wolfSSL_i2d_X509
 #define d2i_X509                        wolfSSL_d2i_X509
+#define d2i_X509_REQ_INFO               wolfSSL_d2i_X509_REQ_INFO
 #define PEM_read_bio_X509               wolfSSL_PEM_read_bio_X509
 #define PEM_read_bio_X509_REQ           wolfSSL_PEM_read_bio_X509_REQ
 #define PEM_read_X509_REQ               wolfSSL_PEM_read_X509_REQ
@@ -443,6 +510,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define d2i_X509_REQ                    wolfSSL_d2i_X509_REQ
 #define X509_REQ_new                    wolfSSL_X509_REQ_new
 #define X509_REQ_free                   wolfSSL_X509_REQ_free
+#define X509_REQ_INFO_free              wolfSSL_X509_REQ_free
 #define X509_REQ_sign                   wolfSSL_X509_REQ_sign
 #define X509_REQ_sign_ctx               wolfSSL_X509_REQ_sign_ctx
 #define X509_REQ_add_extensions         wolfSSL_X509_REQ_add_extensions
@@ -488,6 +556,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_get0_notAfter              wolfSSL_X509_get_notAfter
 #define X509_getm_notAfter              wolfSSL_X509_get_notAfter
 #define X509_get_serialNumber           wolfSSL_X509_get_serialNumber
+#define X509_get0_serialNumber          wolfSSL_X509_get_serialNumber
 #define X509_get0_pubkey_bitstr         wolfSSL_X509_get0_pubkey_bitstr
 #define X509_get_ex_new_index           wolfSSL_X509_get_ex_new_index
 #define X509_get_ex_data                wolfSSL_X509_get_ex_data
@@ -504,11 +573,12 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_set1_notBefore             wolfSSL_X509_set1_notBefore
 #define X509_set_serialNumber           wolfSSL_X509_set_serialNumber
 #define X509_set_version                wolfSSL_X509_set_version
-#define X509_REQ_set_version            wolfSSL_X509_set_version
+#define X509_REQ_set_version            wolfSSL_X509_REQ_set_version
+#define X509_REQ_get_version            wolfSSL_X509_REQ_get_version
 #define X509_sign                       wolfSSL_X509_sign
 #define X509_sign_ctx                   wolfSSL_X509_sign_ctx
 #define X509_print                      wolfSSL_X509_print
-#define X509_REQ_print                  wolfSSL_X509_print
+#define X509_REQ_print                  wolfSSL_X509_REQ_print
 #define X509_print_ex                   wolfSSL_X509_print_ex
 #define X509_print_fp                   wolfSSL_X509_print_fp
 #define X509_CRL_print                  wolfSSL_X509_CRL_print
@@ -530,6 +600,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_dup                        wolfSSL_X509_dup
 #define X509_add_ext                    wolfSSL_X509_add_ext
 #define X509_delete_ext                 wolfSSL_X509_delete_ext
+#define X509_get0_subject_key_id        wolfSSL_X509_get0_subject_key_id
 
 #define X509_EXTENSION_get_object       wolfSSL_X509_EXTENSION_get_object
 #define X509_EXTENSION_get_data         wolfSSL_X509_EXTENSION_get_data
@@ -563,6 +634,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define sk_X509_EXTENSION_new_null      wolfSSL_sk_X509_EXTENSION_new_null
 #define sk_X509_EXTENSION_pop_free      wolfSSL_sk_X509_EXTENSION_pop_free
 #define sk_X509_EXTENSION_push          wolfSSL_sk_X509_EXTENSION_push
+#define sk_X509_EXTENSION_free          wolfSSL_sk_X509_EXTENSION_free
 
 #define X509_INFO_new                   wolfSSL_X509_INFO_new
 #define X509_INFO_free                  wolfSSL_X509_INFO_free
@@ -623,6 +695,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 
 #define X509_NAME_entry_count           wolfSSL_X509_NAME_entry_count
 #define X509_NAME_get_entry             wolfSSL_X509_NAME_get_entry
+#define X509_NAME_ENTRY_set             wolfSSL_X509_NAME_ENTRY_set
 #define X509_NAME_ENTRY_get_object      wolfSSL_X509_NAME_ENTRY_get_object
 #define X509_NAME_ENTRY_get_data        wolfSSL_X509_NAME_ENTRY_get_data
 #define X509_NAME_ENTRY_get_object      wolfSSL_X509_NAME_ENTRY_get_object
@@ -636,8 +709,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define X509_V_FLAG_CRL_CHECK     WOLFSSL_CRL_CHECK
 #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL
 
-#define X509_V_FLAG_PARTIAL_CHAIN 0
-#define X509_V_FLAG_TRUSTED_FIRST 0
+#define X509_V_FLAG_PARTIAL_CHAIN WOLFSSL_PARTIAL_CHAIN
+#define X509_V_FLAG_TRUSTED_FIRST 0 /* dummy value needed for gRPC port */
 
 #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME
 #define X509_V_FLAG_NO_CHECK_TIME  WOLFSSL_NO_CHECK_TIME
@@ -652,6 +725,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define X509_VP_FLAG_LOCKED         WOLFSSL_VPARAM_LOCKED
 #define X509_VP_FLAG_ONCE           WOLFSSL_VPARAM_ONCE
 
+#define X509_STORE_lock(x)   1
+#define X509_STORE_unlock(x) 1
+
 #define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
 #define X509_STORE_CTX_set_verify_cb    wolfSSL_X509_STORE_CTX_set_verify_cb
 #define X509_STORE_CTX_new              wolfSSL_X509_STORE_CTX_new
@@ -696,6 +772,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_STORE_set_ex_data          wolfSSL_X509_STORE_set_ex_data
 #define X509_STORE_get_ex_data          wolfSSL_X509_STORE_get_ex_data
 #define X509_STORE_get0_param           wolfSSL_X509_STORE_get0_param
+#define X509_STORE_set1_param           wolfSSL_X509_STORE_set1_param
 #define X509_STORE_CTX_get1_issuer      wolfSSL_X509_STORE_CTX_get1_issuer
 #define X509_STORE_CTX_set_time         wolfSSL_X509_STORE_CTX_set_time
 #define X509_STORE_CTX_get0_param       wolfSSL_X509_STORE_CTX_get0_param
@@ -713,6 +790,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_VERIFY_PARAM_lookup        wolfSSL_X509_VERIFY_PARAM_lookup
 #define X509_VERIFY_PARAM_inherit       wolfSSL_X509_VERIFY_PARAM_inherit
 #define X509_STORE_load_locations       wolfSSL_X509_STORE_load_locations
+#define X509_STORE_set_default_paths    wolfSSL_X509_STORE_set_default_paths
 #define X509_STORE_get0_param           wolfSSL_X509_STORE_get0_param
 
 #define X509_LOOKUP_add_dir             wolfSSL_X509_LOOKUP_add_dir
@@ -738,6 +816,15 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_CRL_get_version            wolfSSL_X509_CRL_version
 #define X509_load_crl_file              wolfSSL_X509_load_crl_file
 
+#define X509_ACERT_new                  wolfSSL_X509_ACERT_new
+#define X509_ACERT_free                 wolfSSL_X509_ACERT_free
+#define X509_ACERT_get_version          wolfSSL_X509_ACERT_get_version
+#define X509_ACERT_get_signature_nid    wolfSSL_X509_ACERT_get_signature_nid
+#define X509_ACERT_print                wolfSSL_X509_ACERT_print
+#define X509_ACERT_verify               wolfSSL_X509_ACERT_verify
+#define X509_ACERT_sign                 wolfSSL_X509_ACERT_sign
+#define PEM_read_bio_X509_ACERT         wolfSSL_PEM_read_bio_X509_ACERT
+
 #define X509_get_X509_PUBKEY            wolfSSL_X509_get_X509_PUBKEY
 #define X509_REQ_get_X509_PUBKEY        wolfSSL_X509_get_X509_PUBKEY
 #define X509_get0_tbs_sigalg            wolfSSL_X509_get0_tbs_sigalg
@@ -749,6 +836,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define X509_ALGOR_new                  wolfSSL_X509_ALGOR_new
 #define X509_ALGOR_free                 wolfSSL_X509_ALGOR_free
+#define i2d_X509_ALGOR                  wolfSSL_i2d_X509_ALGOR
+#define d2i_X509_ALGOR                  wolfSSL_d2i_X509_ALGOR
 #define X509_PUBKEY_new                 wolfSSL_X509_PUBKEY_new
 #define X509_PUBKEY_free                wolfSSL_X509_PUBKEY_free
 
@@ -763,7 +852,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define X509_REVOKED_get0_serialNumber   wolfSSL_X509_REVOKED_get0_serial_number
 #define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date
 
-#define X509_check_purpose(...)         0
+#define X509_check_purpose(x, id, ca)   0
 
 #define OCSP_parse_url                  wolfSSL_OCSP_parse_url
 
@@ -852,6 +941,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_BIT_STRING_free            wolfSSL_ASN1_BIT_STRING_free
 #define ASN1_BIT_STRING_get_bit         wolfSSL_ASN1_BIT_STRING_get_bit
 #define ASN1_BIT_STRING_set_bit         wolfSSL_ASN1_BIT_STRING_set_bit
+#define i2d_ASN1_BIT_STRING             wolfSSL_i2d_ASN1_BIT_STRING
+#define d2i_ASN1_BIT_STRING             wolfSSL_d2i_ASN1_BIT_STRING
 
 #define sk_ASN1_OBJECT_free             wolfSSL_sk_ASN1_OBJECT_free
 
@@ -871,6 +962,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #endif
 #define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
 #define ASN1_TIME_set_string            wolfSSL_ASN1_TIME_set_string
+#define ASN1_TIME_set_string_X509       wolfSSL_ASN1_TIME_set_string_X509
 #define ASN1_GENERALIZEDTIME_set_string wolfSSL_ASN1_TIME_set_string
 #define ASN1_GENERALIZEDTIME_print      wolfSSL_ASN1_GENERALIZEDTIME_print
 
@@ -905,9 +997,25 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_STRING_print(x, y)         wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y))
 #define d2i_DISPLAYTEXT                 wolfSSL_d2i_DISPLAYTEXT
 #ifndef NO_WOLFSSL_STUB
-#define ASN1_STRING_set_default_mask_asc(...) 1
+#define ASN1_STRING_set_default_mask_asc(p) 1
 #endif
 
+#define ASN1_GENERALSTRING              WOLFSSL_ASN1_STRING
+#define ASN1_GENERALSTRING_new          wolfSSL_ASN1_STRING_new
+#define ASN1_GENERALSTRING_free         wolfSSL_ASN1_STRING_free
+#define ASN1_GENERALSTRING_set          wolfSSL_ASN1_STRING_set
+#define i2d_ASN1_GENERALSTRING          wolfSSL_i2d_ASN1_GENERALSTRING
+#define i2d_ASN1_OCTET_STRING           wolfSSL_i2d_ASN1_OCTET_STRING
+#define i2d_ASN1_UTF8STRING             wolfSSL_i2d_ASN1_UTF8STRING
+#define i2d_ASN1_SEQUENCE               wolfSSL_i2d_ASN1_SEQUENCE
+#define d2i_ASN1_GENERALSTRING          wolfSSL_d2i_ASN1_GENERALSTRING
+#define d2i_ASN1_OCTET_STRING           wolfSSL_d2i_ASN1_OCTET_STRING
+#define d2i_ASN1_UTF8STRING             wolfSSL_d2i_ASN1_UTF8STRING
+
+#define sk_ASN1_GENERALSTRING_num       wolfSSL_sk_num
+#define sk_ASN1_GENERALSTRING_value     wolfSSL_sk_value
+#define sk_ASN1_GENERALSTRING_push      wolfSSL_sk_push
+
 #define ASN1_OCTET_STRING               WOLFSSL_ASN1_STRING
 #define ASN1_OCTET_STRING_new           wolfSSL_ASN1_STRING_new
 #define ASN1_OCTET_STRING_free          wolfSSL_ASN1_STRING_free
@@ -923,7 +1031,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ASN1_IA5STRING_free            wolfSSL_ASN1_STRING_free
 #define ASN1_IA5STRING_set             wolfSSL_ASN1_STRING_set
 
-#define ASN1_PRINTABLE_type(...)        V_ASN1_PRINTABLESTRING
+#define ASN1_PRINTABLE_type(s, max)    V_ASN1_PRINTABLESTRING
 
 #define ASN1_UTCTIME_pr                 wolfSSL_ASN1_UTCTIME_pr
 
@@ -972,7 +1080,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define RSA_print_fp                    wolfSSL_RSA_print_fp
 #define RSA_bits                        wolfSSL_RSA_bits
 #define RSA_up_ref                      wolfSSL_RSA_up_ref
+#define RSA_padding_add_PKCS1_PSS_mgf1  wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1
 #define RSA_padding_add_PKCS1_PSS       wolfSSL_RSA_padding_add_PKCS1_PSS
+#define RSA_verify_PKCS1_PSS_mgf1       wolfSSL_RSA_verify_PKCS1_PSS_mgf1
 #define RSA_verify_PKCS1_PSS            wolfSSL_RSA_verify_PKCS1_PSS
 
 #define PEM_def_callback                wolfSSL_PEM_def_callback
@@ -1006,6 +1116,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTX_set_psk_server_callback wolfSSL_CTX_set_psk_server_callback
 #define SSL_set_psk_server_callback     wolfSSL_set_psk_server_callback
 
+#if !defined(USE_WINDOWS_API) && !defined(INVALID_SOCKET)
+    #define INVALID_SOCKET (-1)
+#endif
+
 /* system file ints for ERR_put_error */
 #define SYS_F_ACCEPT      WOLFSSL_SYS_ACCEPT
 #define SYS_F_BIND        WOLFSSL_SYS_BIND
@@ -1050,20 +1164,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define ERR_lib_error_string            wolfSSL_ERR_lib_error_string
 #define ERR_load_BIO_strings            wolfSSL_ERR_load_BIO_strings
 
-#ifndef WOLFCRYPT_ONLY
-#define PEMerr(func, reason)            wolfSSL_ERR_put_error(ERR_LIB_PEM, \
-                                        (func), (reason), __FILE__, __LINE__)
-#else
-#define PEMerr(func, reason)            WOLFSSL_ERROR_LINE((reason), \
-                                        NULL, __LINE__, __FILE__, NULL)
-#endif
-#ifndef WOLFCRYPT_ONLY
-#define EVPerr(func, reason)            wolfSSL_ERR_put_error(ERR_LIB_EVP, \
-                                        (func), (reason), __FILE__, __LINE__)
-#else
-#define EVPerr(func, reason)            WOLFSSL_ERROR_LINE((reason), \
-                                        NULL, __LINE__, __FILE__, NULL)
-#endif
+#define PEMerr(func, reason)            WOLFSSL_PEMerr(func, reason)
+#define EVPerr(func, reason)            WOLFSSL_EVPerr(func, reason)
 
 #define SSLv23_server_method            wolfSSLv23_server_method
 #define SSL_CTX_set_options             wolfSSL_CTX_set_options
@@ -1241,7 +1343,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define SSL_CTX_set_dh_auto             wolfSSL_CTX_set_dh_auto
 #define SSL_CTX_set_tmp_dh              wolfSSL_CTX_set_tmp_dh
 
-#define TLSEXT_STATUSTYPE_ocsp  1
+#define TLSEXT_STATUSTYPE_ocsp          WOLFSSL_TLSEXT_STATUSTYPE_ocsp
 
 #define TLSEXT_max_fragment_length_DISABLED WOLFSSL_MFL_DISABLED
 #define TLSEXT_max_fragment_length_512   WOLFSSL_MFL_2_9
@@ -1344,6 +1446,11 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 
 #define SSL3_RANDOM_SIZE                32 /* same as RAN_LEN in internal.h */
 
+#ifndef WOLFSSL_ALLOW_SSLV3
+    #undef  OPENSSL_NO_SSL3
+    #define OPENSSL_NO_SSL3
+#endif
+
 /* Used as message callback types */
 #define SSL3_RT_CHANGE_CIPHER_SPEC       20
 #define SSL3_RT_ALERT                    21
@@ -1381,14 +1488,12 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 
 #define SSL3_AD_BAD_CERTIFICATE          bad_certificate
 #define SSL_AD_BAD_CERTIFICATE           SSL3_AD_BAD_CERTIFICATE
-#define SSL_AD_UNRECOGNIZED_NAME         unrecognized_name
+#define SSL_AD_UNRECOGNIZED_NAME         WOLFSSL_AD_UNRECOGNIZED_NAME
 #define SSL_AD_NO_RENEGOTIATION          no_renegotiation
 #define SSL_AD_INTERNAL_ERROR            80
 #define SSL_AD_NO_APPLICATION_PROTOCOL   no_application_protocol
 #define SSL_AD_MISSING_EXTENSION         missing_extension
 
-#define ASN1_STRFLGS_ESC_MSB             4
-
 #define SSL_MAX_MASTER_KEY_LENGTH       WOLFSSL_MAX_MASTER_KEY_LENGTH
 
 #define SSL_alert_desc_string_long      wolfSSL_alert_desc_string_long
@@ -1486,7 +1591,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define PSK_MAX_IDENTITY_LEN            128
 #define SSL_CTX_clear_options           wolfSSL_CTX_clear_options
 
-#define SSL_CTX_add_server_custom_ext(...) 0
+#define SSL_CTX_add_server_custom_ext(ctx, ext_type, add_cb, free_cb, add_arg, parse_cb, parse_arg) 0
 
 #define SSL_get0_verified_chain         wolfSSL_get0_verified_chain
 #define X509_chain_up_ref               wolfSSL_X509_chain_up_ref
@@ -1494,8 +1599,8 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
 
 #ifndef NO_WOLFSSL_STUB
-#define b2i_PrivateKey_bio(...)         NULL
-#define b2i_PVK_bio(...)                NULL
+#define b2i_PrivateKey_bio(in)          NULL
+#define b2i_PVK_bio(in, cb, u)          NULL
 #endif
 
 #define SSL_CTX_get_default_passwd_cb   wolfSSL_CTX_get_default_passwd_cb
@@ -1518,41 +1623,41 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 
 #define PEM_F_PEM_DEF_CALLBACK  100
 
-/* Avoid wolfSSL error code range */
-#define PEM_R_NO_START_LINE             (-MIN_CODE_E + 1)
-#define PEM_R_PROBLEMS_GETTING_PASSWORD (-MIN_CODE_E + 2)
-#define PEM_R_BAD_PASSWORD_READ         (-MIN_CODE_E + 3)
-#define PEM_R_BAD_DECRYPT               (-MIN_CODE_E + 4)
-#define ASN1_R_HEADER_TOO_LONG          (-MIN_CODE_E + 5)
+#include <wolfssl/error-ssl.h>
 
-#define ERR_LIB_RSA             4
-#define ERR_LIB_EC              16
-#define ERR_LIB_SSL             20
-#define ERR_LIB_PKCS12          35
-#define ERR_LIB_PEM             9
-#define ERR_LIB_X509            10
-#define ERR_LIB_EVP             11
-#define ERR_LIB_ASN1            12
-#define ERR_LIB_DIGEST          13
-#define ERR_LIB_CIPHER          14
-#define ERR_LIB_USER            15
+#define PEM_R_NO_START_LINE             (-WOLFSSL_PEM_R_NO_START_LINE_E)
+#define PEM_R_PROBLEMS_GETTING_PASSWORD (-WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E)
+#define PEM_R_BAD_PASSWORD_READ         (-WOLFSSL_PEM_R_BAD_PASSWORD_READ_E)
+#define PEM_R_BAD_DECRYPT               (-WOLFSSL_PEM_R_BAD_DECRYPT_E)
+#define ASN1_R_HEADER_TOO_LONG          (-WOLFSSL_ASN1_R_HEADER_TOO_LONG_E)
+
+#define ERR_LIB_SYS             WOLFSSL_ERR_LIB_SYS
+#define ERR_LIB_RSA             WOLFSSL_ERR_LIB_RSA
+#define ERR_LIB_PEM             WOLFSSL_ERR_LIB_PEM
+#define ERR_LIB_X509            WOLFSSL_ERR_LIB_X509
+#define ERR_LIB_EVP             WOLFSSL_ERR_LIB_EVP
+#define ERR_LIB_ASN1            WOLFSSL_ERR_LIB_ASN1
+#define ERR_LIB_DIGEST          WOLFSSL_ERR_LIB_DIGEST
+#define ERR_LIB_CIPHER          WOLFSSL_ERR_LIB_CIPHER
+#define ERR_LIB_USER            WOLFSSL_ERR_LIB_USER
+#define ERR_LIB_EC              WOLFSSL_ERR_LIB_EC
+#define ERR_LIB_SSL             WOLFSSL_ERR_LIB_SSL
+#define ERR_LIB_PKCS12          WOLFSSL_ERR_LIB_PKCS12
 
 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
     defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
     defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) || \
     defined(WOLFSSL_WPAS_SMALL)
 
-#include <wolfssl/error-ssl.h>
-
 #define OPENSSL_STRING    WOLFSSL_STRING
 #define OPENSSL_CSTRING   WOLFSSL_STRING
 
 #define TLSEXT_TYPE_application_layer_protocol_negotiation \
     TLSXT_APPLICATION_LAYER_PROTOCOL
 
-#define OPENSSL_NPN_UNSUPPORTED 0
-#define OPENSSL_NPN_NEGOTIATED  1
-#define OPENSSL_NPN_NO_OVERLAP  2
+#define OPENSSL_NPN_UNSUPPORTED WOLFSSL_NPN_UNSUPPORTED
+#define OPENSSL_NPN_NEGOTIATED  WOLFSSL_NPN_NEGOTIATED
+#define OPENSSL_NPN_NO_OVERLAP  WOLFSSL_NPN_NO_OVERLAP
 
 /* Nginx checks these to see if the error was a handshake error. */
 #define SSL_R_BAD_CHANGE_CIPHER_SPEC               LENGTH_ERROR
@@ -1649,7 +1754,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define ERR_NUM_ERRORS                  16
 #define SN_pkcs9_emailAddress           "Email"
 #define LN_pkcs9_emailAddress           "emailAddress"
-#define NID_pkcs9_emailAddress          48
+#define NID_pkcs9_emailAddress          WC_NID_pkcs9_emailAddress
 #define OBJ_pkcs9_emailAddress          1L,2L,840L,113539L,1L,9L,1L
 
 #define LN_basic_constraints            "X509v3 Basic Constraints"
@@ -1702,11 +1807,16 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 #define OpenSSL_version(x)              wolfSSL_OpenSSL_version()
 #endif
 
+#define X509_OBJECT_retrieve_by_subject wolfSSL_X509_OBJECT_retrieve_by_subject
+
 #ifndef NO_WOLFSSL_STUB
-#define OBJ_create_objects(...)         WC_DO_NOTHING
-#define sk_SSL_COMP_free(...)           WC_DO_NOTHING
+#define OBJ_create_objects(in)          WC_DO_NOTHING
+#define sk_SSL_COMP_free(sk)            WC_DO_NOTHING
 #endif
 
+#define ASN1_OBJECT_new                 wolfSSL_ASN1_OBJECT_new
+#define ASN1_OBJECT_free                wolfSSL_ASN1_OBJECT_free
+#define i2d_ASN1_OBJECT                 wolfSSL_i2d_ASN1_OBJECT
 #define OBJ_dup                         wolfSSL_ASN1_OBJECT_dup
 
 #define SSL_set_psk_use_session_callback    wolfSSL_set_psk_use_session_callback
@@ -1721,7 +1831,9 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;
 #define SSL_CONF_cmd                    wolfSSL_CONF_cmd
 #define SSL_CONF_cmd_value_type         wolfSSL_CONF_cmd_value_type
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#define SSL_OP_LEGACY_SERVER_CONNECT    0
+
+#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 
 #ifdef WOLFSSL_QUIC
@@ -1736,11 +1848,19 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;
  * SSL_CIPHER_get_id(cipher)
  * used by QUIC implementations, such as HAProxy
  */
-#define TLS1_3_CK_AES_128_GCM_SHA256       0x1301
-#define TLS1_3_CK_AES_256_GCM_SHA384       0x1302
-#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x1303
-#define TLS1_3_CK_AES_128_CCM_SHA256       0x1304
-#define TLS1_3_CK_AES_128_CCM_8_SHA256     0x1305
+#define WOLF_TLS1_3_CK_AES_128_GCM_SHA256       0x1301
+#define WOLF_TLS1_3_CK_AES_256_GCM_SHA384       0x1302
+#define WOLF_TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x1303
+#define WOLF_TLS1_3_CK_AES_128_CCM_SHA256       0x1304
+#define WOLF_TLS1_3_CK_AES_128_CCM_8_SHA256     0x1305
+
+#ifndef OPENSSL_COEXIST
+
+#define TLS1_3_CK_AES_128_GCM_SHA256        WOLF_TLS1_3_CK_AES_128_GCM_SHA256
+#define TLS1_3_CK_AES_256_GCM_SHA384        WOLF_TLS1_3_CK_AES_256_GCM_SHA384
+#define TLS1_3_CK_CHACHA20_POLY1305_SHA256  WOLF_TLS1_3_CK_CHACHA20_POLY1305_SHA256
+#define TLS1_3_CK_AES_128_CCM_SHA256        WOLF_TLS1_3_CK_AES_128_CCM_SHA256
+#define TLS1_3_CK_AES_128_CCM_8_SHA256      WOLF_TLS1_3_CK_AES_128_CCM_8_SHA256
 
 #define SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION   QUIC_TP_MISSING_E
 #define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED               QUIC_WRONG_ENC_LEVEL
@@ -1782,6 +1902,8 @@ typedef WOLFSSL_ENCRYPTION_LEVEL        OSSL_ENCRYPTION_LEVEL;
 int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c);
 */
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* WOLFSSL_QUIC */
 
 
diff --git a/wolfssl/openssl/stack.h b/wolfssl/openssl/stack.h
index fe697c4c6..16f71d3f0 100644
--- a/wolfssl/openssl/stack.h
+++ b/wolfssl/openssl/stack.h
@@ -1,6 +1,6 @@
 /* stack.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/tls1.h b/wolfssl/openssl/tls1.h
index 933ed5d09..b1992fca2 100644
--- a/wolfssl/openssl/tls1.h
+++ b/wolfssl/openssl/tls1.h
@@ -1,6 +1,6 @@
 /* tls1.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,10 +45,20 @@
 
 #ifdef WOLFSSL_QUIC
 /* from rfc9001 */
+#define WOLFSSL_TLSEXT_TYPE_quic_transport_parameters_draft   \
+    TLSXT_KEY_QUIC_TP_PARAMS_DRAFT
+#define WOLFSSL_TLSEXT_TYPE_quic_transport_parameters         \
+    TLSXT_KEY_QUIC_TP_PARAMS
+
+#ifndef OPENSSL_COEXIST
+
 #define TLSEXT_TYPE_quic_transport_parameters_draft   \
     TLSXT_KEY_QUIC_TP_PARAMS_DRAFT
 #define TLSEXT_TYPE_quic_transport_parameters         \
     TLSXT_KEY_QUIC_TP_PARAMS
-#endif
+
+#endif /* !OPENSSL_COEXIST */
+
+#endif /* WOLFSSL_QUIC */
 
 #endif /* WOLFSSL_OPENSSL_TLS1_H_ */
diff --git a/wolfssl/openssl/txt_db.h b/wolfssl/openssl/txt_db.h
index b8aa56f24..aa05d9299 100644
--- a/wolfssl/openssl/txt_db.h
+++ b/wolfssl/openssl/txt_db.h
@@ -1,6 +1,6 @@
 /* txt_db.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h
index eb03578e0..e1eb78ecb 100644
--- a/wolfssl/openssl/x509.h
+++ b/wolfssl/openssl/x509.h
@@ -1,6 +1,6 @@
 /* x509.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,167 +33,195 @@
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
+#define WOLFSSL_X509_FLAG_COMPAT        (0UL)
+#define WOLFSSL_X509_FLAG_NO_HEADER     (1UL << 0)
+#define WOLFSSL_X509_FLAG_NO_VERSION    (1UL << 1)
+#define WOLFSSL_X509_FLAG_NO_SERIAL     (1UL << 2)
+#define WOLFSSL_X509_FLAG_NO_SIGNAME    (1UL << 3)
+#define WOLFSSL_X509_FLAG_NO_ISSUER     (1UL << 4)
+#define WOLFSSL_X509_FLAG_NO_VALIDITY   (1UL << 5)
+#define WOLFSSL_X509_FLAG_NO_SUBJECT    (1UL << 6)
+#define WOLFSSL_X509_FLAG_NO_PUBKEY     (1UL << 7)
+#define WOLFSSL_X509_FLAG_NO_EXTENSIONS (1UL << 8)
+#define WOLFSSL_X509_FLAG_NO_SIGDUMP    (1UL << 9)
+#define WOLFSSL_X509_FLAG_NO_AUX        (1UL << 10)
+#define WOLFSSL_X509_FLAG_NO_ATTRIBUTES (1UL << 11)
+#define WOLFSSL_X509_FLAG_NO_IDS        (1UL << 12)
+
+#define WOLFSSL_XN_FLAG_FN_SN           0
+#define WOLFSSL_XN_FLAG_COMPAT          0
+#define WOLFSSL_XN_FLAG_RFC2253         1
+#define WOLFSSL_XN_FLAG_SEP_COMMA_PLUS  (1 << 16)
+#define WOLFSSL_XN_FLAG_SEP_CPLUS_SPC   (2 << 16)
+#define WOLFSSL_XN_FLAG_SEP_SPLUS_SPC   (3 << 16)
+#define WOLFSSL_XN_FLAG_SEP_MULTILINE   (4 << 16)
+#define WOLFSSL_XN_FLAG_SEP_MASK        (0xF << 16)
+#define WOLFSSL_XN_FLAG_DN_REV          (1 << 20)
+#define WOLFSSL_XN_FLAG_FN_LN           (1 << 21)
+#define WOLFSSL_XN_FLAG_FN_OID          (2 << 21)
+#define WOLFSSL_XN_FLAG_FN_NONE         (3 << 21)
+#define WOLFSSL_XN_FLAG_FN_MASK         (3 << 21)
+#define WOLFSSL_XN_FLAG_SPC_EQ          (1 << 23)
+#define WOLFSSL_XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+#define WOLFSSL_XN_FLAG_FN_ALIGN        (1 << 25)
+
+#define WOLFSSL_XN_FLAG_MULTILINE       0xFFFF
+#define WOLFSSL_XN_FLAG_ONELINE (WOLFSSL_XN_FLAG_SEP_CPLUS_SPC | WOLFSSL_XN_FLAG_SPC_EQ | WOLFSSL_XN_FLAG_FN_SN)
+
+#define WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED              12
+#define WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL            3
+
+#ifndef OPENSSL_COEXIST
+
 /* wolfSSL_X509_print_ex flags */
-#define X509_FLAG_COMPAT        (0UL)
-#define X509_FLAG_NO_HEADER     (1UL << 0)
-#define X509_FLAG_NO_VERSION    (1UL << 1)
-#define X509_FLAG_NO_SERIAL     (1UL << 2)
-#define X509_FLAG_NO_SIGNAME    (1UL << 3)
-#define X509_FLAG_NO_ISSUER     (1UL << 4)
-#define X509_FLAG_NO_VALIDITY   (1UL << 5)
-#define X509_FLAG_NO_SUBJECT    (1UL << 6)
-#define X509_FLAG_NO_PUBKEY     (1UL << 7)
-#define X509_FLAG_NO_EXTENSIONS (1UL << 8)
-#define X509_FLAG_NO_SIGDUMP    (1UL << 9)
-#define X509_FLAG_NO_AUX        (1UL << 10)
-#define X509_FLAG_NO_ATTRIBUTES (1UL << 11)
-#define X509_FLAG_NO_IDS        (1UL << 12)
+#define X509_FLAG_COMPAT         WOLFSSL_X509_FLAG_COMPAT
+#define X509_FLAG_NO_HEADER      WOLFSSL_X509_FLAG_NO_HEADER
+#define X509_FLAG_NO_VERSION     WOLFSSL_X509_FLAG_NO_VERSION
+#define X509_FLAG_NO_SERIAL      WOLFSSL_X509_FLAG_NO_SERIAL
+#define X509_FLAG_NO_SIGNAME     WOLFSSL_X509_FLAG_NO_SIGNAME
+#define X509_FLAG_NO_ISSUER      WOLFSSL_X509_FLAG_NO_ISSUER
+#define X509_FLAG_NO_VALIDITY    WOLFSSL_X509_FLAG_NO_VALIDITY
+#define X509_FLAG_NO_SUBJECT     WOLFSSL_X509_FLAG_NO_SUBJECT
+#define X509_FLAG_NO_PUBKEY      WOLFSSL_X509_FLAG_NO_PUBKEY
+#define X509_FLAG_NO_EXTENSIONS  WOLFSSL_X509_FLAG_NO_EXTENSIONS
+#define X509_FLAG_NO_SIGDUMP     WOLFSSL_X509_FLAG_NO_SIGDUMP
+#define X509_FLAG_NO_AUX         WOLFSSL_X509_FLAG_NO_AUX
+#define X509_FLAG_NO_ATTRIBUTES  WOLFSSL_X509_FLAG_NO_ATTRIBUTES
+#define X509_FLAG_NO_IDS         WOLFSSL_X509_FLAG_NO_IDS
 
-#define XN_FLAG_FN_SN           0
-#define XN_FLAG_COMPAT          0
-#define XN_FLAG_RFC2253         1
-#define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)
-#define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)
-#define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)
-#define XN_FLAG_SEP_MULTILINE   (4 << 16)
-#define XN_FLAG_SEP_MASK        (0xF << 16)
-#define XN_FLAG_DN_REV          (1 << 20)
-#define XN_FLAG_FN_LN           (1 << 21)
-#define XN_FLAG_FN_OID          (2 << 21)
-#define XN_FLAG_FN_NONE         (3 << 21)
-#define XN_FLAG_FN_MASK         (3 << 21)
-#define XN_FLAG_SPC_EQ          (1 << 23)
-#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
-#define XN_FLAG_FN_ALIGN        (1 << 25)
+#define XN_FLAG_FN_SN            WOLFSSL_XN_FLAG_FN_SN
+#define XN_FLAG_COMPAT           WOLFSSL_XN_FLAG_COMPAT
+#define XN_FLAG_RFC2253          WOLFSSL_XN_FLAG_RFC2253
+#define XN_FLAG_SEP_COMMA_PLUS   WOLFSSL_XN_FLAG_SEP_COMMA_PLUS
+#define XN_FLAG_SEP_CPLUS_SPC    WOLFSSL_XN_FLAG_SEP_CPLUS_SPC
+#define XN_FLAG_SEP_SPLUS_SPC    WOLFSSL_XN_FLAG_SEP_SPLUS_SPC
+#define XN_FLAG_SEP_MULTILINE    WOLFSSL_XN_FLAG_SEP_MULTILINE
+#define XN_FLAG_SEP_MASK         WOLFSSL_XN_FLAG_SEP_MASK
+#define XN_FLAG_DN_REV           WOLFSSL_XN_FLAG_DN_REV
+#define XN_FLAG_FN_LN            WOLFSSL_XN_FLAG_FN_LN
+#define XN_FLAG_FN_OID           WOLFSSL_XN_FLAG_FN_OID
+#define XN_FLAG_FN_NONE          WOLFSSL_XN_FLAG_FN_NONE
+#define XN_FLAG_FN_MASK          WOLFSSL_XN_FLAG_FN_MASK
+#define XN_FLAG_SPC_EQ           WOLFSSL_XN_FLAG_SPC_EQ
+#define XN_FLAG_DUMP_UNKNOWN_FIELDS  WOLFSSL_XN_FLAG_DUMP_UNKNOWN_FIELDS
+#define XN_FLAG_FN_ALIGN         WOLFSSL_XN_FLAG_FN_ALIGN
 
-#define XN_FLAG_MULTILINE       0xFFFF
-#define XN_FLAG_ONELINE (XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN)
+#define XN_FLAG_MULTILINE        WOLFSSL_XN_FLAG_MULTILINE
+#define XN_FLAG_ONELINE          WOLFSSL_XN_FLAG_ONELINE
+
+#define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL
+#define X509_V_ERR_CRL_HAS_EXPIRED   WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED
+#define X509_V_FLAG_ALLOW_PROXY_CERTS 0
+#define X509_V_FLAG_X509_STRICT       0
 
 /*
- * All of these aren't actually used in wolfSSL. Some are included to
- * satisfy OpenSSL compatibility consumers to prevent compilation errors.
- * The list was taken from
- * https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h.in
- * One requirement for HAProxy is that the values should be literal constants.
+ * Not all of these X509_V_ERR values are used in wolfSSL. Some are included to
+ * satisfy OpenSSL compatibility compilation errors.
+ * For HAProxy the values should be literal constants.
  */
 
-#define X509_V_OK                                       0
-#define X509_V_ERR_UNSPECIFIED                          1
-#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
-#define X509_V_ERR_UNABLE_TO_GET_CRL                    3
-#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
-#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
-#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
-#define X509_V_ERR_CERT_SIGNATURE_FAILURE               7
-#define X509_V_ERR_CRL_SIGNATURE_FAILURE                8
-#define X509_V_ERR_CERT_NOT_YET_VALID                   9
-#define X509_V_ERR_CERT_HAS_EXPIRED                     10
-#define X509_V_ERR_CRL_NOT_YET_VALID                    11
-#define X509_V_ERR_CRL_HAS_EXPIRED                      12
-#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
-#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
-#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
-#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
-#define X509_V_ERR_OUT_OF_MEM                           17
-#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
-#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
-#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
-#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
-#define X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
-#define X509_V_ERR_CERT_REVOKED                         23
-#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY                 24
-#define X509_V_ERR_PATH_LENGTH_EXCEEDED                 25
-#define X509_V_ERR_INVALID_PURPOSE                      26
-#define X509_V_ERR_CERT_UNTRUSTED                       27
-#define X509_V_ERR_CERT_REJECTED                        28
-
-/* These are 'informational' when looking for issuer cert */
-#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
-#define X509_V_ERR_AKID_SKID_MISMATCH                   30
-#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
-#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
-#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
-#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
-#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
-#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
-#define X509_V_ERR_INVALID_NON_CA                       37
-#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
-#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
-#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
-#define X509_V_ERR_INVALID_EXTENSION                    41
-#define X509_V_ERR_INVALID_POLICY_EXTENSION             42
-#define X509_V_ERR_NO_EXPLICIT_POLICY                   43
-#define X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
-#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
-#define X509_V_ERR_UNNESTED_RESOURCE                    46
-#define X509_V_ERR_PERMITTED_VIOLATION                  47
-#define X509_V_ERR_EXCLUDED_VIOLATION                   48
-#define X509_V_ERR_SUBTREE_MINMAX                       49
-/* The application is not happy */
-#define X509_V_ERR_APPLICATION_VERIFICATION             50
-#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
-#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
-#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
-#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
-/* Another issuer check debug option */
-#define X509_V_ERR_PATH_LOOP                            55
-/* Suite B mode algorithm violation */
-#define X509_V_ERR_SUITE_B_INVALID_VERSION              56
-#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM            57
-#define X509_V_ERR_SUITE_B_INVALID_CURVE                58
-#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM  59
-#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED              60
+#define X509_V_OK                                      0
+#define X509_V_ERR_UNSPECIFIED                         1
+#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT           2
+#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE    4
+#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE     5
+#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY  6
+#define X509_V_ERR_CERT_SIGNATURE_FAILURE              7
+#define X509_V_ERR_CRL_SIGNATURE_FAILURE               8
+#define X509_V_ERR_CERT_NOT_YET_VALID                  9
+#define X509_V_ERR_CERT_HAS_EXPIRED                    10
+#define X509_V_ERR_CRL_NOT_YET_VALID                   11
+#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD      13
+#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD       14
+#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD      15
+#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD      16
+#define X509_V_ERR_OUT_OF_MEM                          17
+#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT         18
+#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN           19
+#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY   20
+#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE     21
+#define X509_V_ERR_CERT_CHAIN_TOO_LONG                 22
+#define X509_V_ERR_CERT_REVOKED                        23
+#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY                24
+#define X509_V_ERR_PATH_LENGTH_EXCEEDED                25
+#define X509_V_ERR_INVALID_PURPOSE                     26
+#define X509_V_ERR_CERT_UNTRUSTED                      27
+#define X509_V_ERR_CERT_REJECTED                       28
+#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH             29
+#define X509_V_ERR_AKID_SKID_MISMATCH                  30
+#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH         31
+#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN                32
+#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER            33
+#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION        34
+#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                35
+#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION    36
+#define X509_V_ERR_INVALID_NON_CA                      37
+#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED          38
+#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE       39
+#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED      40
+#define X509_V_ERR_INVALID_EXTENSION                   41
+#define X509_V_ERR_INVALID_POLICY_EXTENSION            42
+#define X509_V_ERR_NO_EXPLICIT_POLICY                  43
+#define X509_V_ERR_DIFFERENT_CRL_SCOPE                 44
+#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE       45
+#define X509_V_ERR_UNNESTED_RESOURCE                   46
+#define X509_V_ERR_PERMITTED_VIOLATION                 47
+#define X509_V_ERR_EXCLUDED_VIOLATION                  48
+#define X509_V_ERR_SUBTREE_MINMAX                      49
+#define X509_V_ERR_APPLICATION_VERIFICATION            50
+#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE         51
+#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX       52
+#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX             53
+#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR           54
+#define X509_V_ERR_PATH_LOOP                           55
+#define X509_V_ERR_SUITE_B_INVALID_VERSION             56
+#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM           57
+#define X509_V_ERR_SUITE_B_INVALID_CURVE               58
+#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
+#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED             60
 #define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
-/* Host, email and IP check errors */
-#define X509_V_ERR_HOSTNAME_MISMATCH                    62
-#define X509_V_ERR_EMAIL_MISMATCH                       63
-#define X509_V_ERR_IP_ADDRESS_MISMATCH                  64
-/* DANE TLSA errors */
-#define X509_V_ERR_DANE_NO_MATCH                        65
-/* security level errors */
-#define X509_V_ERR_EE_KEY_TOO_SMALL                     66
-#define X509_V_ERR_CA_KEY_TOO_SMALL                     67
-#define X509_V_ERR_CA_MD_TOO_WEAK                       68
-/* Caller error */
-#define X509_V_ERR_INVALID_CALL                         69
-/* Issuer lookup error */
-#define X509_V_ERR_STORE_LOOKUP                         70
-/* Certificate transparency */
-#define X509_V_ERR_NO_VALID_SCTS                        71
-
-#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         72
-/* OCSP status errors */
-#define X509_V_ERR_OCSP_VERIFY_NEEDED                   73
-#define X509_V_ERR_OCSP_VERIFY_FAILED                   74
-#define X509_V_ERR_OCSP_CERT_UNKNOWN                    75
-
-#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM      76
-#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH         77
-
-/* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */
-#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY    78
-#define X509_V_ERR_INVALID_CA                           79
-#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA           80
-#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN     81
-#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA  82
-#define X509_V_ERR_ISSUER_NAME_EMPTY                    83
-#define X509_V_ERR_SUBJECT_NAME_EMPTY                   84
-#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER     85
-#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER       86
-#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME               87
-#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL       88
-#define X509_V_ERR_CA_BCONS_NOT_CRITICAL                89
-#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL    90
-#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL      91
-#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
-#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
-#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
-#define X509_R_CERT_ALREADY_IN_HASH_TABLE               101
+#define X509_V_ERR_HOSTNAME_MISMATCH                   62
+#define X509_V_ERR_EMAIL_MISMATCH                      63
+#define X509_V_ERR_IP_ADDRESS_MISMATCH                 64
+#define X509_V_ERR_DANE_NO_MATCH                       65
+#define X509_V_ERR_EE_KEY_TOO_SMALL                    66
+#define X509_V_ERR_CA_KEY_TOO_SMALL                    67
+#define X509_V_ERR_CA_MD_TOO_WEAK                      68
+#define X509_V_ERR_INVALID_CALL                        69
+#define X509_V_ERR_STORE_LOOKUP                        70
+#define X509_V_ERR_NO_VALID_SCTS                       71
+#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION        72
+#define X509_V_ERR_OCSP_VERIFY_NEEDED                  73
+#define X509_V_ERR_OCSP_VERIFY_FAILED                  74
+#define X509_V_ERR_OCSP_CERT_UNKNOWN                   75
+#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM     76
+#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH        77
+#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY   78
+#define X509_V_ERR_INVALID_CA                          79
+#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA          80
+#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN    81
+#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82
+#define X509_V_ERR_ISSUER_NAME_EMPTY                   83
+#define X509_V_ERR_SUBJECT_NAME_EMPTY                  84
+#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER    85
+#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER      86
+#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME              87
+#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL      88
+#define X509_V_ERR_CA_BCONS_NOT_CRITICAL               89
+#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL   90
+#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL     91
+#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE           92
+#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3        93
+#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS              94
+#define X509_R_CERT_ALREADY_IN_HASH_TABLE              101
+#define X509_R_KEY_VALUES_MISMATCH                     WC_KEY_MISMATCH_E
 
 #define X509_EXTENSION_set_critical wolfSSL_X509_EXTENSION_set_critical
 #define X509_EXTENSION_set_object   wolfSSL_X509_EXTENSION_set_object
 #define X509_EXTENSION_set_data     wolfSSL_X509_EXTENSION_set_data
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #endif /* WOLFSSL_OPENSSL_509_H_ */
diff --git a/wolfssl/openssl/x509_vfy.h b/wolfssl/openssl/x509_vfy.h
index 8666a53fe..c26b94d15 100644
--- a/wolfssl/openssl/x509_vfy.h
+++ b/wolfssl/openssl/x509_vfy.h
@@ -1,6 +1,6 @@
 /* x509_vfy.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,10 +33,13 @@
 
 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
     WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, int purpose);
+#endif
+#ifdef OPENSSL_EXTRA
     WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
         unsigned long flags);
 #endif
 
+
 #define X509_STORE_CTX_set_purpose  wolfSSL_X509_STORE_CTX_set_purpose
 #define X509_STORE_CTX_set_flags    wolfSSL_X509_STORE_CTX_set_flags
 
diff --git a/wolfssl/openssl/x509v3.h b/wolfssl/openssl/x509v3.h
index f488857b5..c0ae5cc74 100644
--- a/wolfssl/openssl/x509v3.h
+++ b/wolfssl/openssl/x509v3.h
@@ -1,6 +1,6 @@
 /* x509v3.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,91 +36,68 @@
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
-#define EXFLAG_KUSAGE  0x2
-#define EXFLAG_XKUSAGE 0x4
+#define WOLFSSL_EXFLAG_KUSAGE  0x2
+#define WOLFSSL_EXFLAG_XKUSAGE 0x4
 
-#define KU_DIGITAL_SIGNATURE    KEYUSE_DIGITAL_SIG
-#define KU_NON_REPUDIATION      KEYUSE_CONTENT_COMMIT
-#define KU_KEY_ENCIPHERMENT     KEYUSE_KEY_ENCIPHER
-#define KU_DATA_ENCIPHERMENT    KEYUSE_DATA_ENCIPHER
-#define KU_KEY_AGREEMENT        KEYUSE_KEY_AGREE
-#define KU_KEY_CERT_SIGN        KEYUSE_KEY_CERT_SIGN
-#define KU_CRL_SIGN             KEYUSE_CRL_SIGN
-#define KU_ENCIPHER_ONLY        KEYUSE_ENCIPHER_ONLY
-#define KU_DECIPHER_ONLY        KEYUSE_DECIPHER_ONLY
+#define WOLFSSL_XKU_SSL_SERVER 0x1
+#define WOLFSSL_XKU_SSL_CLIENT 0x2
+#define WOLFSSL_XKU_SMIME      0x4
+#define WOLFSSL_XKU_CODE_SIGN  0x8
+#define WOLFSSL_XKU_SGC        0x10
+#define WOLFSSL_XKU_OCSP_SIGN  0x20
+#define WOLFSSL_XKU_TIMESTAMP  0x40
+#define WOLFSSL_XKU_DVCS       0x80
+#define WOLFSSL_XKU_ANYEKU     0x100
 
-#define XKU_SSL_SERVER 0x1
-#define XKU_SSL_CLIENT 0x2
-#define XKU_SMIME      0x4
-#define XKU_CODE_SIGN  0x8
-#define XKU_SGC        0x10
-#define XKU_OCSP_SIGN  0x20
-#define XKU_TIMESTAMP  0x40
-#define XKU_DVCS       0x80
-#define XKU_ANYEKU     0x100
-
-#define X509_PURPOSE_SSL_CLIENT       0
-#define X509_PURPOSE_SSL_SERVER       1
-
-#define NS_SSL_CLIENT                 WC_NS_SSL_CLIENT
-#define NS_SSL_SERVER                 WC_NS_SSL_SERVER
-
-/* Forward reference */
+#define WOLFSSL_X509_PURPOSE_SSL_CLIENT       0
+#define WOLFSSL_X509_PURPOSE_SSL_SERVER       1
 
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x0090801fL
-typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
+typedef void *(*WOLFSSL_X509V3_EXT_D2I)(void *, const unsigned char **, long);
 #else
-typedef void *(*X509V3_EXT_D2I)(void *, unsigned char **, long);
+typedef void *(*WOLFSSL_X509V3_EXT_D2I)(void *, unsigned char **, long);
 #endif
-typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (
+typedef int (*WOLFSSL_X509V3_EXT_I2D) (void *, unsigned char **);
+typedef WOLF_STACK_OF(CONF_VALUE) *(*WOLFSSL_X509V3_EXT_I2V) (
                                 struct WOLFSSL_v3_ext_method *method,
-                                void *ext, STACK_OF(CONF_VALUE) *extlist);
-typedef char *(*X509V3_EXT_I2S)(struct WOLFSSL_v3_ext_method *method, void *ext);
-typedef int (*X509V3_EXT_I2R) (struct WOLFSSL_v3_ext_method *method,
-                               void *ext, BIO *out, int indent);
-typedef struct WOLFSSL_v3_ext_method X509V3_EXT_METHOD;
+                                void *ext, WOLF_STACK_OF(CONF_VALUE) *extlist);
+typedef char *(*WOLFSSL_X509V3_EXT_I2S)(struct WOLFSSL_v3_ext_method *method, void *ext);
+typedef int (*WOLFSSL_X509V3_EXT_I2R) (struct WOLFSSL_v3_ext_method *method,
+                               void *ext, WOLFSSL_BIO *out, int indent);
+typedef struct WOLFSSL_v3_ext_method WOLFSSL_X509V3_EXT_METHOD;
 
 struct WOLFSSL_v3_ext_method {
     int ext_nid;
     int ext_flags;
     void *usr_data;
-    X509V3_EXT_D2I d2i;
-    X509V3_EXT_I2D i2d;
-    X509V3_EXT_I2V i2v;
-    X509V3_EXT_I2S i2s;
-    X509V3_EXT_I2R i2r;
+    WOLFSSL_X509V3_EXT_D2I d2i;
+    WOLFSSL_X509V3_EXT_I2D i2d;
+    WOLFSSL_X509V3_EXT_I2V i2v;
+    WOLFSSL_X509V3_EXT_I2S i2s;
+    WOLFSSL_X509V3_EXT_I2R i2r;
 };
 
 struct WOLFSSL_X509_EXTENSION {
     WOLFSSL_ASN1_OBJECT *obj;
     WOLFSSL_ASN1_BOOLEAN crit;
-    ASN1_OCTET_STRING value; /* DER format of extension */
+    WOLFSSL_ASN1_STRING value; /* DER format of extension */
     WOLFSSL_v3_ext_method ext_method;
     WOLFSSL_STACK* ext_sk; /* For extension specific data */
 };
 
 #define WOLFSSL_ASN1_BOOLEAN int
-#define GEN_OTHERNAME   0
-#define GEN_EMAIL       1
-#define GEN_DNS         2
-#define GEN_X400        3
-#define GEN_DIRNAME     4
-#define GEN_EDIPARTY    5
-#define GEN_URI         6
-#define GEN_IPADD       7
-#define GEN_RID         8
-#define GEN_IA5         9
 
-#define GENERAL_NAME       WOLFSSL_GENERAL_NAME
+#define WOLFSSL_GEN_OTHERNAME   0
+#define WOLFSSL_GEN_EMAIL       1
+#define WOLFSSL_GEN_DNS         2
+#define WOLFSSL_GEN_X400        3
+#define WOLFSSL_GEN_DIRNAME     4
+#define WOLFSSL_GEN_EDIPARTY    5
+#define WOLFSSL_GEN_URI         6
+#define WOLFSSL_GEN_IPADD       7
+#define WOLFSSL_GEN_RID         8
+#define WOLFSSL_GEN_IA5         9
 
-#define X509V3_CTX         WOLFSSL_X509V3_CTX
-
-#define CTX_TEST           0x1
-
-typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID;
-typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
-typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
 typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS;
 
 WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void);
@@ -137,12 +114,87 @@ WOLFSSL_API WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(
 WOLFSSL_API void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ex);
 WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
                                           const WOLFSSL_ASN1_STRING *s);
+WOLFSSL_API int wolfSSL_i2d_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp);
+WOLFSSL_API int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp);
+WOLFSSL_API int wolfSSL_i2d_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp);
+WOLFSSL_API int wolfSSL_i2d_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING* s,
+        unsigned char **pp);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_GENERALSTRING(
+        WOLFSSL_ASN1_STRING** out, const byte** src, long len);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_OCTET_STRING(
+        WOLFSSL_ASN1_STRING** out, const byte** src, long len);
+WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_UTF8STRING(
+        WOLFSSL_ASN1_STRING** out, const byte** src, long len);
 WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
         WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent);
-WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx,
-        const char *section, WOLFSSL_X509 *cert);
+WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf,
+        WOLFSSL_X509V3_CTX *ctx, const char *section, WOLFSSL_X509 *cert);
 WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa);
 
+#ifndef OPENSSL_COEXIST
+
+#define EXFLAG_KUSAGE WOLFSSL_EXFLAG_KUSAGE
+#define EXFLAG_XKUSAGE WOLFSSL_EXFLAG_XKUSAGE
+
+#define KU_DIGITAL_SIGNATURE    KEYUSE_DIGITAL_SIG
+#define KU_NON_REPUDIATION      KEYUSE_CONTENT_COMMIT
+#define KU_KEY_ENCIPHERMENT     KEYUSE_KEY_ENCIPHER
+#define KU_DATA_ENCIPHERMENT    KEYUSE_DATA_ENCIPHER
+#define KU_KEY_AGREEMENT        KEYUSE_KEY_AGREE
+#define KU_KEY_CERT_SIGN        KEYUSE_KEY_CERT_SIGN
+#define KU_CRL_SIGN             KEYUSE_CRL_SIGN
+#define KU_ENCIPHER_ONLY        KEYUSE_ENCIPHER_ONLY
+#define KU_DECIPHER_ONLY        KEYUSE_DECIPHER_ONLY
+
+#define XKU_SSL_SERVER WOLFSSL_XKU_SSL_SERVER
+#define XKU_SSL_CLIENT WOLFSSL_XKU_SSL_CLIENT
+#define XKU_SMIME      WOLFSSL_XKU_SMIME
+#define XKU_CODE_SIGN  WOLFSSL_XKU_CODE_SIGN
+#define XKU_SGC        WOLFSSL_XKU_SGC
+#define XKU_OCSP_SIGN  WOLFSSL_XKU_OCSP_SIGN
+#define XKU_TIMESTAMP  WOLFSSL_XKU_TIMESTAMP
+#define XKU_DVCS       WOLFSSL_XKU_DVCS
+#define XKU_ANYEKU     WOLFSSL_XKU_ANYEKU
+
+#define X509_PURPOSE_SSL_CLIENT       WOLFSSL_X509_PURPOSE_SSL_CLIENT
+#define X509_PURPOSE_SSL_SERVER       WOLFSSL_X509_PURPOSE_SSL_SERVER
+
+#define NS_SSL_CLIENT                 WC_NS_SSL_CLIENT
+#define NS_SSL_SERVER                 WC_NS_SSL_SERVER
+
+/* Forward reference */
+
+#define X509V3_EXT_D2I WOLFSSL_X509V3_EXT_D2I
+#define X509V3_EXT_I2D WOLFSSL_X509V3_EXT_I2D
+#define X509V3_EXT_I2V WOLFSSL_X509V3_EXT_I2V
+#define X509V3_EXT_I2S WOLFSSL_X509V3_EXT_I2S
+#define X509V3_EXT_I2R WOLFSSL_X509V3_EXT_I2R
+typedef struct WOLFSSL_v3_ext_method X509V3_EXT_METHOD;
+
+#define GEN_OTHERNAME      WOLFSSL_GEN_OTHERNAME
+#define GEN_EMAIL          WOLFSSL_GEN_EMAIL
+#define GEN_DNS            WOLFSSL_GEN_DNS
+#define GEN_X400           WOLFSSL_GEN_X400
+#define GEN_DIRNAME        WOLFSSL_GEN_DIRNAME
+#define GEN_EDIPARTY       WOLFSSL_GEN_EDIPARTY
+#define GEN_URI            WOLFSSL_GEN_URI
+#define GEN_IPADD          WOLFSSL_GEN_IPADD
+#define GEN_RID            WOLFSSL_GEN_RID
+#define GEN_IA5            WOLFSSL_GEN_IA5
+
+#define GENERAL_NAME       WOLFSSL_GENERAL_NAME
+
+#define X509V3_CTX         WOLFSSL_X509V3_CTX
+
+#define CTX_TEST           0x1
+
+typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID;
+typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
+typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
+
 #define BASIC_CONSTRAINTS_free    wolfSSL_BASIC_CONSTRAINTS_free
 #define AUTHORITY_KEYID_free      wolfSSL_AUTHORITY_KEYID_free
 #define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((x))
@@ -152,7 +204,7 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa);
 #define X509V3_EXT_d2i            wolfSSL_X509V3_EXT_d2i
 #define X509V3_EXT_add_nconf      wolfSSL_X509V3_EXT_add_nconf
 #ifndef NO_WOLFSSL_STUB
-#define X509V3_parse_list(...)    NULL
+#define X509V3_parse_list(line)   NULL
 #endif
 #define i2s_ASN1_OCTET_STRING     wolfSSL_i2s_ASN1_STRING
 #define a2i_IPADDRESS             wolfSSL_a2i_IPADDRESS
@@ -160,13 +212,15 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa);
 #define X509V3_EXT_conf_nid       wolfSSL_X509V3_EXT_conf_nid
 #define X509V3_set_ctx            wolfSSL_X509V3_set_ctx
 #ifndef NO_WOLFSSL_STUB
-#define X509V3_set_nconf(...)     WC_DO_NOTHING
-#define X509V3_EXT_cleanup(...)   WC_DO_NOTHING
+#define X509V3_set_nconf(ctx, conf) WC_DO_NOTHING
+#define X509V3_EXT_cleanup()      WC_DO_NOTHING
 #endif
 #define X509V3_set_ctx_test(ctx)  wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
 #define X509V3_set_ctx_nodb       wolfSSL_X509V3_set_ctx_nodb
 #define X509v3_get_ext_count      wolfSSL_sk_num
 
+#endif /* !OPENSSL_COEXIST */
+
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #ifdef  __cplusplus
diff --git a/wolfssl/options.h.in b/wolfssl/options.h.in
index aa94f3ec0..f1cb77dcc 100644
--- a/wolfssl/options.h.in
+++ b/wolfssl/options.h.in
@@ -1,6 +1,6 @@
 /* options.h.in
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,7 +22,9 @@
 
 /* default blank options for autoconf */
 
-#ifndef WOLFSSL_OPTIONS_H
+#ifdef WOLFSSL_NO_OPTIONS_H
+/* options.h inhibited by configuration */
+#elif !defined(WOLFSSL_OPTIONS_H)
 #define WOLFSSL_OPTIONS_H
 
 
diff --git a/wolfssl/quic.h b/wolfssl/quic.h
index 70ae61c4a..da8c50a87 100644
--- a/wolfssl/quic.h
+++ b/wolfssl/quic.h
@@ -1,6 +1,6 @@
 /* quic.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/sniffer.h b/wolfssl/sniffer.h
index 3eabd4290..929fcdc9d 100644
--- a/wolfssl/sniffer.h
+++ b/wolfssl/sniffer.h
@@ -1,6 +1,6 @@
 /* sniffer.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/sniffer_error.h b/wolfssl/sniffer_error.h
index 1794ba897..bb574b4b6 100644
--- a/wolfssl/sniffer_error.h
+++ b/wolfssl/sniffer_error.h
@@ -1,6 +1,6 @@
 /* sniffer_error.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 6961b03b5..908d5c6e8 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1,6 +1,6 @@
 /* ssl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -32,15 +32,23 @@
 /* for users not using preprocessor flags*/
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/version.h>
+#include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/memory.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/pkcs12.h>
 
+#if defined(HAVE_OCSP) || defined(HAVE_CRL) || (defined(WOLFSSL_CUSTOM_OID) && \
+    defined(WOLFSSL_ASN_TEMPLATE) && defined(HAVE_OID_DECODING)) || \
+    defined(WC_ASN_UNKNOWN_EXT_CB)
+#include "wolfssl/wolfcrypt/asn.h"
+#endif
+
 /* For the types */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 #include <wolfssl/openssl/compat_types.h>
+#endif
 
 #ifdef HAVE_WOLF_EVENT
     #include <wolfssl/wolfcrypt/wolfevent.h>
@@ -68,7 +76,7 @@
 #endif
 
 #ifdef OPENSSL_ALL
-    #ifndef WOLFSSL_HAVE_BIO_ADDR
+    #if !defined(WOLFSSL_HAVE_BIO_ADDR) && !defined(WOLFSSL_NO_SOCK)
     #define WOLFSSL_HAVE_BIO_ADDR
     #endif
     #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DTLS_MTU)
@@ -76,8 +84,26 @@
     #endif
 #endif
 
+#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+    #include <wolfssl/openssl/bn.h>
+    #ifndef WOLFCRYPT_ONLY
+        #include <wolfssl/openssl/hmac.h>
+    #endif
+    #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
+        #include <wolfssl/openssl/cmac.h>
+    #endif
+#endif
+
 #ifdef OPENSSL_COEXIST
-    /* mode to allow wolfSSL and OpenSSL to exist together */
+    /* mode to allow wolfSSL and OpenSSL to coexist without symbol conflicts */
+
+    #ifndef NO_OLD_SSL_NAMES
+        #define NO_OLD_SSL_NAMES
+    #endif
+    #ifndef NO_OLD_WC_NAMES
+        #define NO_OLD_WC_NAMES
+    #endif
+
     #ifdef TEST_OPENSSL_COEXIST
         /*
         ./configure --enable-opensslcoexist \
@@ -91,23 +117,86 @@
         #include <openssl/hmac.h>
         #include <openssl/bn.h>
         #include <openssl/crypto.h>
+        #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+            FIPS_VERSION3_GE(5,2,0))
+        #include <openssl/aes.h>
+        #include <openssl/blowfish.h>
+        #include <openssl/camellia.h>
+        #include <openssl/cast.h>
+        #include <openssl/cmac.h>
+        #include <openssl/cms.h>
+        #include <openssl/conf_api.h>
+        #include <openssl/des.h>
+        #include <openssl/dh.h>
+        #include <openssl/dsa.h>
+        #include <openssl/ecdh.h>
+        #include <openssl/ecdsa.h>
+        #include <openssl/engine.h>
+        #include <openssl/hmac.h>
+        #include <openssl/idea.h>
+        #include <openssl/kdf.h>
+        #include <openssl/md2.h>
+        #include <openssl/md4.h>
+        #include <openssl/md5.h>
+        #include <openssl/mdc2.h>
+        #include <openssl/modes.h>
+        #include <openssl/ocsp.h>
+        #include <openssl/ossl_typ.h>
+        #include <openssl/pem2.h>
+        #include <openssl/pem.h>
+        #include <openssl/pkcs12.h>
+        #include <openssl/pkcs7.h>
+        #include <openssl/rand.h>
+        #include <openssl/rc2.h>
+        #include <openssl/rc4.h>
+        #include <openssl/rc5.h>
+        #include <openssl/ripemd.h>
+        #include <openssl/rsa.h>
+        #if defined(HAVE_FIPS_VERSION) && FIPS_VERSION3_LT(6,0,0)
+            /* clear conflicting name */
+            #undef RSA_PKCS1_PADDING_SIZE
+        #endif
+        #include <openssl/seed.h>
+        #include <openssl/sha.h>
+        #include <openssl/srp.h>
+        #include <openssl/srtp.h>
+        #include <openssl/ssl.h>
+        #include <openssl/store.h>
+        #include <openssl/txt_db.h>
+        #include <openssl/ui.h>
+        #include <openssl/whrlpool.h>
+
+        #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+        #include <openssl/cmp.h>
+        #include <openssl/core_object.h>
+        #include <openssl/decoder.h>
+        #include <openssl/encoder.h>
+        #include <openssl/ess.h>
+        #include <openssl/fipskey.h>
+        #include <openssl/fips_names.h>
+        #if OPENSSL_VERSION_NUMBER >= 0x30200000L
+        #include <openssl/hpke.h>
+        #endif
+        #include <openssl/http.h>
+        #include <openssl/param_build.h>
+        #include <openssl/params.h>
+        #include <openssl/proverr.h>
+        #include <openssl/provider.h>
+        #include <openssl/self_test.h>
+        #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+
+        #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(5,2,0)) */
+
     #endif
 
 #elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
-    #include <wolfssl/openssl/bn.h>
     #include <wolfssl/openssl/rsa.h>
-    #ifndef WOLFCRYPT_ONLY
-        #include <wolfssl/openssl/hmac.h>
-    #endif
-    #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
-        #include <wolfssl/openssl/cmac.h>
-    #endif
 
     /* We need the old SSL names */
-    #ifdef NO_OLD_SSL_NAMES
+    #if defined(NO_OLD_SSL_NAMES) && !defined(OPENSSL_COEXIST)
         #undef NO_OLD_SSL_NAMES
     #endif
-    #ifdef NO_OLD_WC_NAMES
+    #if defined(NO_OLD_WC_NAMES) && !defined(OPENSSL_COEXIST)
         #undef NO_OLD_WC_NAMES
     #endif
 #endif
@@ -136,19 +225,20 @@ typedef struct WOLFSSL_STACK WOLFSSL_LHASH;
     #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
 #endif
 
-#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
-#define WOLFSSL_WOLFSSL_TYPE_DEFINED
+#ifndef WOLFSSL_TYPE_DEFINED
+#define WOLFSSL_TYPE_DEFINED
 typedef struct WOLFSSL          WOLFSSL;
 #endif
 typedef struct WOLFSSL_SESSION  WOLFSSL_SESSION;
 typedef struct WOLFSSL_METHOD   WOLFSSL_METHOD;
-#ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
-#define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
+#ifndef WOLFSSL_CTX_TYPE_DEFINED
+#define WOLFSSL_CTX_TYPE_DEFINED
 typedef struct WOLFSSL_CTX      WOLFSSL_CTX;
 #endif
 
 typedef struct WOLFSSL_STACK      WOLFSSL_STACK;
 typedef struct WOLFSSL_X509       WOLFSSL_X509;
+typedef struct WOLFSSL_X509_ACERT WOLFSSL_X509_ACERT;
 typedef struct WOLFSSL_X509_NAME  WOLFSSL_X509_NAME;
 typedef struct WOLFSSL_X509_NAME_ENTRY  WOLFSSL_X509_NAME_ENTRY;
 typedef struct WOLFSSL_X509_PUBKEY WOLFSSL_X509_PUBKEY;
@@ -171,10 +261,9 @@ typedef struct WOLFSSL_BY_DIR       WOLFSSL_BY_DIR;
 
 #include <wolfssl/wolfio.h>
 
-
-#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
-typedef struct WOLFSSL_RSA            WOLFSSL_RSA;
-#define WOLFSSL_RSA_TYPE_DEFINED
+/* The WOLFSSL_RSA type is required in all build configurations. */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#include <wolfssl/openssl/rsa.h>
 #endif
 
 #ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
@@ -208,11 +297,13 @@ typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD;
 typedef struct WOLFSSL_CRL            WOLFSSL_X509_CRL;
 typedef struct WOLFSSL_X509_STORE     WOLFSSL_X509_STORE;
 typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM;
-typedef struct WOLFSSL_BIO            WOLFSSL_BIO;
 typedef struct WOLFSSL_BIO_METHOD     WOLFSSL_BIO_METHOD;
 typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
 typedef struct WOLFSSL_ASN1_OBJECT    WOLFSSL_ASN1_OBJECT;
 typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME;
+#ifndef OPENSSL_COEXIST
+typedef struct WOLFSSL_ASN1_OTHERNAME OTHERNAME;
+#endif
 typedef struct WOLFSSL_X509V3_CTX     WOLFSSL_X509V3_CTX;
 typedef struct WOLFSSL_v3_ext_method  WOLFSSL_v3_ext_method;
 typedef struct WOLFSSL_OBJ_NAME       WOLFSSL_OBJ_NAME;
@@ -236,16 +327,83 @@ typedef struct WOLFSSL_DIST_POINT WOLFSSL_DIST_POINT;
 
 typedef struct WOLFSSL_CONF_CTX     WOLFSSL_CONF_CTX;
 
-typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *);
 typedef int (*WOLFSSL_X509_STORE_CTX_get_crl_cb)(WOLFSSL_X509_STORE_CTX *,
         WOLFSSL_X509_CRL **, WOLFSSL_X509 *);
 typedef int (*WOLFSSL_X509_STORE_CTX_check_crl_cb)(WOLFSSL_X509_STORE_CTX *,
         WOLFSSL_X509_CRL *);
 
+#define WOLFSSL_V_ASN1_BIT_STRING                0x03
+#define WOLFSSL_V_ASN1_INTEGER                   0x02
+#define WOLFSSL_V_ASN1_NEG                       0x100
+#define WOLFSSL_V_ASN1_NEG_INTEGER               (2 | WOLFSSL_V_ASN1_NEG)
+#define WOLFSSL_V_ASN1_NEG_ENUMERATED            (10 | WOLFSSL_V_ASN1_NEG)
+
+/* Type for ASN1_print_ex */
+#define WOLFSSL_ASN1_STRFLGS_ESC_2253           1
+#define WOLFSSL_ASN1_STRFLGS_ESC_CTRL           2
+#define WOLFSSL_ASN1_STRFLGS_ESC_MSB            4
+#define WOLFSSL_ASN1_STRFLGS_ESC_QUOTE          8
+#define WOLFSSL_ASN1_STRFLGS_UTF8_CONVERT       0x10
+#define WOLFSSL_ASN1_STRFLGS_IGNORE_TYPE        0x20
+#define WOLFSSL_ASN1_STRFLGS_SHOW_TYPE          0x40
+#define WOLFSSL_ASN1_STRFLGS_DUMP_ALL           0x80
+#define WOLFSSL_ASN1_STRFLGS_DUMP_UNKNOWN       0x100
+#define WOLFSSL_ASN1_STRFLGS_DUMP_DER           0x200
+#define WOLFSSL_ASN1_STRFLGS_RFC2253            (WOLFSSL_ASN1_STRFLGS_ESC_2253 | \
+                                          WOLFSSL_ASN1_STRFLGS_ESC_CTRL | \
+                                          WOLFSSL_ASN1_STRFLGS_ESC_MSB | \
+                                          WOLFSSL_ASN1_STRFLGS_UTF8_CONVERT | \
+                                          WOLFSSL_ASN1_STRFLGS_DUMP_UNKNOWN | \
+                                          WOLFSSL_ASN1_STRFLGS_DUMP_DER)
+
+#define WOLFSSL_MBSTRING_UTF8                    0x1000
+#define WOLFSSL_MBSTRING_ASC                     0x1001
+#define WOLFSSL_MBSTRING_BMP                     0x1002
+#define WOLFSSL_MBSTRING_UNIV                    0x1004
+
+#define WOLFSSL_V_ASN1_EOC                      0
+#define WOLFSSL_V_ASN1_BOOLEAN                  1
+#define WOLFSSL_V_ASN1_OCTET_STRING             4
+#define WOLFSSL_V_ASN1_NULL                     5
+#define WOLFSSL_V_ASN1_OBJECT                   6
+#define WOLFSSL_V_ASN1_UTF8STRING               12
+#define WOLFSSL_V_ASN1_SEQUENCE                 16
+#define WOLFSSL_V_ASN1_SET                      17
+#define WOLFSSL_V_ASN1_PRINTABLESTRING          19
+#define WOLFSSL_V_ASN1_T61STRING                20
+#define WOLFSSL_V_ASN1_IA5STRING                22
+#define WOLFSSL_V_ASN1_UTCTIME                  23
+#define WOLFSSL_V_ASN1_GENERALIZEDTIME          24
+#define WOLFSSL_V_ASN1_UNIVERSALSTRING          28
+#define WOLFSSL_V_ASN1_BMPSTRING                30
+
+
+#define WOLFSSL_V_ASN1_CONSTRUCTED              0x20
+
+#define WOLFSSL_ASN1_STRING_FLAG_BITS_LEFT       0x008
+#define WOLFSSL_ASN1_STRING_FLAG_NDEF            0x010
+#define WOLFSSL_ASN1_STRING_FLAG_CONT            0x020
+#define WOLFSSL_ASN1_STRING_FLAG_MSTRING         0x040
+#define WOLFSSL_ASN1_STRING_FLAG_EMBED           0x080
+
+/* X.509 PKI size limits from RFC2459 (appendix A) */
+/* internally our limit is CTC_NAME_SIZE (64) - overridden with WC_CTC_NAME_SIZE */
+#define WOLFSSL_ub_name                    CTC_NAME_SIZE /* 32768 */
+#define WOLFSSL_ub_common_name             CTC_NAME_SIZE /* 64 */
+#define WOLFSSL_ub_locality_name           CTC_NAME_SIZE /* 128 */
+#define WOLFSSL_ub_state_name              CTC_NAME_SIZE /* 128 */
+#define WOLFSSL_ub_organization_name       CTC_NAME_SIZE /* 64 */
+#define WOLFSSL_ub_organization_unit_name  CTC_NAME_SIZE /* 64 */
+#define WOLFSSL_ub_title                   CTC_NAME_SIZE /* 64 */
+#define WOLFSSL_ub_email_address           CTC_NAME_SIZE /* 128 */
+
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(HAVE_CURL)
 
 struct WOLFSSL_OBJ_NAME {
     int type;
+    int alias;
+    const char *name;
+    const char *data;
 };
 
 struct WOLFSSL_AUTHORITY_KEYID {
@@ -400,7 +558,7 @@ struct WOLFSSL_EVP_PKEY {
     union {
         char* ptr; /* der format of key */
     } pkey;
-#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     #ifndef NO_RSA
     WOLFSSL_RSA* rsa;
     #endif
@@ -434,12 +592,82 @@ struct WOLFSSL_EVP_PKEY {
     word16 pkcs8HeaderSz;
 
     /* option bits */
-    byte ownDh:1;  /* if struct owns DH  and should free it */
-    byte ownEcc:1; /* if struct owns ECC and should free it */
-    byte ownDsa:1; /* if struct owns DSA and should free it */
-    byte ownRsa:1; /* if struct owns RSA and should free it */
+    WC_BITFIELD ownDh:1;  /* if struct owns DH  and should free it */
+    WC_BITFIELD ownEcc:1; /* if struct owns ECC and should free it */
+    WC_BITFIELD ownDsa:1; /* if struct owns DSA and should free it */
+    WC_BITFIELD ownRsa:1; /* if struct owns RSA and should free it */
 };
 
+
+#define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1
+#define WOLFSSL_NO_WILDCARDS         0x2
+#define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4
+#define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8
+/* Custom to wolfSSL, OpenSSL compat goes up to 0x20 */
+#define WOLFSSL_LEFT_MOST_WILDCARD_ONLY 0x40
+
+
+typedef struct WOLFSSL_BUFFER_INFO {
+    unsigned char* buffer;
+    word32 length;
+} WOLFSSL_BUFFER_INFO;
+
+typedef struct WOLFSSL_BUF_MEM {
+    char*  data;   /* dereferenced */
+    size_t length; /* current length */
+    size_t max;    /* maximum length */
+} WOLFSSL_BUF_MEM;
+
+
+typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
+typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *);
+
+struct WOLFSSL_X509_STORE_CTX {
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    WOLFSSL_X509_STORE* store;    /* Store full of a CA cert chain */
+    WOLFSSL_X509* current_cert;   /* current X509 (OPENSSL_EXTRA) */
+    #if defined(WOLFSSL_ASIO) || defined(OPENSSL_EXTRA)
+    WOLFSSL_X509* current_issuer; /* asio dereference */
+    #endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+    WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    WOLFSSL_STACK* chain;
+    #ifdef OPENSSL_EXTRA
+    WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
+    #endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+    char* domain;                /* subject CN domain name */
+#ifdef HAVE_EX_DATA
+    WOLFSSL_CRYPTO_EX_DATA ex_data;  /* external data */
+#endif
+#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA)
+    int depth;                   /* used in X509_STORE_CTX_*_depth */
+#endif
+    void* userCtx;               /* user ctx */
+    int   error;                 /* current error */
+    int   error_depth;           /* index of cert depth for this error */
+    int   discardSessionCerts;   /* so verify callback can flag for discard */
+    int   totalCerts;            /* number of peer cert buffers */
+    WOLFSSL_BUFFER_INFO* certs;  /* peer certs */
+    WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */
+    void* heap;
+    int   flags;
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    WOLF_STACK_OF(WOLFSSL_X509)* owned;  /* Certs owned by this CTX */
+    WOLF_STACK_OF(WOLFSSL_X509)* ctxIntermediates; /* Intermediates specified
+                                                    * on store ctx init */
+    WOLF_STACK_OF(WOLFSSL_X509)* setTrustedSk;/* A trusted stack override
+                                               * set with
+                                               * X509_STORE_CTX_trusted_stack */
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+};
+
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+
 struct WOLFSSL_X509_PKEY {
     WOLFSSL_EVP_PKEY* dec_pkey; /* dereferenced by Apache */
     void* heap;
@@ -456,7 +684,7 @@ struct WOLFSSL_X509_INFO {
     int               num;
 };
 
-#define WOLFSSL_EVP_PKEY_DEFAULT EVP_PKEY_RSA /* default key type */
+#define WOLFSSL_EVP_PKEY_DEFAULT WC_EVP_PKEY_RSA /* default key type */
 
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
     #define wolfSSL_SSL_MODE_RELEASE_BUFFERS    0x00000010U
@@ -484,7 +712,8 @@ enum BIO_TYPE {
     WOLFSSL_BIO_FILE   = 6,
     WOLFSSL_BIO_BASE64 = 7,
     WOLFSSL_BIO_MD     = 8,
-    WOLFSSL_BIO_DGRAM  = 9
+    WOLFSSL_BIO_DGRAM  = 9,
+    WOLFSSL_BIO_NULL   = 10
 };
 
 enum BIO_FLAGS {
@@ -492,7 +721,8 @@ enum BIO_FLAGS {
     WOLFSSL_BIO_FLAG_READ         = 0x02,
     WOLFSSL_BIO_FLAG_WRITE        = 0x04,
     WOLFSSL_BIO_FLAG_IO_SPECIAL   = 0x08,
-    WOLFSSL_BIO_FLAG_RETRY        = 0x10
+    WOLFSSL_BIO_FLAG_RETRY        = 0x10,
+    WOLFSSL_BIO_FLAG_MEM_RDONLY   = 0x200
 };
 
 enum BIO_CB_OPS {
@@ -505,12 +735,6 @@ enum BIO_CB_OPS {
     WOLFSSL_BIO_CB_RETURN = 0x80
 };
 
-typedef struct WOLFSSL_BUF_MEM {
-    char*  data;   /* dereferenced */
-    size_t length; /* current length */
-    size_t max;    /* maximum length */
-} WOLFSSL_BUF_MEM;
-
 /* custom method with user set callbacks */
 typedef int  (*wolfSSL_BIO_meth_write_cb)(WOLFSSL_BIO*, const char*, int);
 typedef int  (*wolfSSL_BIO_meth_read_cb)(WOLFSSL_BIO *, char *, int);
@@ -596,16 +820,16 @@ struct WOLFSSL_X509_STORE {
     WOLFSSL_X509_CRL *crl; /* points to cm->crl */
 #endif
     wolfSSL_Ref     ref;
+    WOLF_STACK_OF(WOLFSSL_X509)* certs;
+    WOLF_STACK_OF(WOLFSSL_X509)* trusted;
+    WOLF_STACK_OF(WOLFSSL_X509)* owned;
+    word32 numAdded; /* Number of objs in objs that are in certs sk */
 };
 
-#define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1
-#define WOLFSSL_NO_WILDCARDS         0x2
-#define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4
-#define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8
-
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 #define WOLFSSL_USE_CHECK_TIME 0x2
 #define WOLFSSL_NO_CHECK_TIME  0x200000
+#define WOLFSSL_PARTIAL_CHAIN  0x80000
 #define WOLFSSL_HOST_NAME_MAX  256
 
 #define WOLFSSL_VPARAM_DEFAULT          0x1
@@ -629,16 +853,6 @@ struct WOLFSSL_X509_VERIFY_PARAM {
 };
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
-typedef struct WOLFSSL_ALERT {
-    int code;
-    int level;
-} WOLFSSL_ALERT;
-
-typedef struct WOLFSSL_ALERT_HISTORY {
-    WOLFSSL_ALERT last_rx;
-    WOLFSSL_ALERT last_tx;
-} WOLFSSL_ALERT_HISTORY;
-
 typedef struct WOLFSSL_X509_REVOKED {
     WOLFSSL_ASN1_INTEGER* serialNumber;          /* stunnel dereference */
 } WOLFSSL_X509_REVOKED;
@@ -660,39 +874,6 @@ typedef struct WOLFSSL_X509_OBJECT {
 
 #define WOLFSSL_ASN1_BOOLEAN                int
 
-typedef struct WOLFSSL_BUFFER_INFO {
-    unsigned char* buffer;
-    unsigned int length;
-} WOLFSSL_BUFFER_INFO;
-
-struct WOLFSSL_X509_STORE_CTX {
-    WOLFSSL_X509_STORE* store;    /* Store full of a CA cert chain */
-    WOLFSSL_X509* current_cert;   /* current X509 (OPENSSL_EXTRA) */
-#ifdef WOLFSSL_ASIO
-    WOLFSSL_X509* current_issuer; /* asio dereference */
-#endif
-    WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */
-    WOLFSSL_STACK* chain;
-#ifdef OPENSSL_EXTRA
-    WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
-#endif
-    char* domain;                /* subject CN domain name */
-#ifdef HAVE_EX_DATA
-    WOLFSSL_CRYPTO_EX_DATA ex_data;  /* external data */
-#endif
-#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA)
-    int depth;                   /* used in X509_STORE_CTX_*_depth */
-#endif
-    void* userCtx;               /* user ctx */
-    int   error;                 /* current error */
-    int   error_depth;           /* index of cert depth for this error */
-    int   discardSessionCerts;   /* so verify callback can flag for discard */
-    int   totalCerts;            /* number of peer cert buffers */
-    WOLFSSL_BUFFER_INFO* certs;  /* peer certs */
-    WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */
-    void* heap;
-};
-
 typedef char* WOLFSSL_STRING;
 
 typedef struct WOLFSSL_RAND_METHOD {
@@ -714,8 +895,22 @@ typedef struct WOLFSSL_RAND_METHOD {
     int  (*status)(void);
 } WOLFSSL_RAND_METHOD;
 
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+
+typedef struct WOLFSSL_ALERT {
+    int code;
+    int level;
+} WOLFSSL_ALERT;
+
+typedef struct WOLFSSL_ALERT_HISTORY {
+    WOLFSSL_ALERT last_rx;
+    WOLFSSL_ALERT last_tx;
+} WOLFSSL_ALERT_HISTORY;
+
+
 /* Valid Alert types from page 16/17
- * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c
+ * Add alert string to the function AlertTypeToString in src/ssl.c
  */
 enum AlertDescription {
     invalid_alert                   =  -1,
@@ -771,7 +966,7 @@ enum AlertLevel {
 enum SNICbReturn {
     warning_return = alert_warning,
     fatal_return = alert_fatal,
-    noack_return,
+    noack_return
 };
 
 /* WS_RETURN_CODE macro
@@ -972,6 +1167,10 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void);
 #ifndef NO_WOLFSSL_SERVER
     WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method_ex(void* heap);
     WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method(void);
+#endif
+#if defined(WOLFSSL_EITHER_SIDE) || defined(OPENSSL_EXTRA)
+    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_method_ex(void* heap);
+    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_method(void);
 #endif
     WOLFSSL_API int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl);
 #endif /* WOLFSSL_DTLS13 */
@@ -982,9 +1181,17 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void);
 WOLFSSL_API int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx,
     const char* publicName, word16 kemId, word16 kdfId, word16 aeadId);
 
+WOLFSSL_API int wolfSSL_CTX_SetEchConfigsBase64(WOLFSSL_CTX* ctx,
+    const char* echConfigs64, word32 echConfigs64Len);
+
+WOLFSSL_API int wolfSSL_CTX_SetEchConfigs(WOLFSSL_CTX* ctx,
+    const byte* echConfigs, word32 echConfigsLen);
+
 WOLFSSL_API int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output,
     word32* outputLen);
 
+WOLFSSL_API void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable);
+
 WOLFSSL_API int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64,
     word32 echConfigs64Len);
 
@@ -993,6 +1200,8 @@ WOLFSSL_API int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs,
 
 WOLFSSL_API int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* echConfigs,
     word32* echConfigsLen);
+
+WOLFSSL_API void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable);
 #endif /* WOLFSSL_TLS13 && HAVE_ECH */
 
 #ifdef HAVE_POLY1305
@@ -1163,13 +1372,18 @@ WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf,
     int len);
 WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl);
 WOLFSSL_API int  wolfSSL_get_fd(const WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_get_wfd(const WOLFSSL* ssl);
 /* please see note at top of README if you get an error from connect */
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_connect(WOLFSSL* ssl);
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_write(
     WOLFSSL* ssl, const void* data, int sz);
+WOLFSSL_API int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, size_t sz,
+    size_t* wr);
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_read(WOLFSSL* ssl, void* data, int sz);
+WOLFSSL_API int wolfSSL_read_ex(WOLFSSL* ssl, void* data, size_t sz, size_t* rd);
 WOLFSSL_API int  wolfSSL_peek(WOLFSSL* ssl, void* data, int sz);
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_accept(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz);
 WOLFSSL_API int  wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req);
 WOLFSSL_API int  wolfSSL_mutual_auth(WOLFSSL* ssl, int req);
 
@@ -1240,7 +1454,6 @@ WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode);
 WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL* ssl, int mode);
 
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_get_error(WOLFSSL* ssl, int ret);
-WOLFSSL_API int  wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h);
 
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session);
 WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t);
@@ -1255,11 +1468,18 @@ WOLFSSL_API int  wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id, int
 WOLFSSL_API int  wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO** bio1_p, size_t writebuf1,
                      WOLFSSL_BIO** bio2_p, size_t writebuf2);
 
+WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa,
+        unsigned char *em, const unsigned char *mHash,
+        const WOLFSSL_EVP_MD *hashAlg, const WOLFSSL_EVP_MD *mgf1Hash,
+        int saltLen);
 WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa,
                                                   unsigned char *EM,
                                                   const unsigned char *mHash,
                                                   const WOLFSSL_EVP_MD *hashAlg,
                                                   int saltLen);
+WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa,
+        const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg,
+        const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen);
 WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
                                           const WOLFSSL_EVP_MD *hashAlg,
                                           const unsigned char *EM, int saltLen);
@@ -1275,15 +1495,38 @@ WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
 #endif /* SESSION_INDEX */
 
-#if defined(SESSION_CERTS)
-WOLFSSL_API
-    WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
-WOLFSSL_API WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session);
-#endif /* SESSION_INDEX && SESSION_CERTS */
 
-typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
-typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int);
+#ifdef OPENSSL_EXTRA
+/* compatibility callback for TLS state */
+typedef void (CallbackInfoState)(const WOLFSSL* ssl, int state, int err);
+#endif
 
+
+/* ----- EX DATA BEGIN ----- */
+WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx);
+WOLFSSL_API int  wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data);
+
+#ifdef HAVE_EX_DATA
+WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
+WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(
+    const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx);
+WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(
+    WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, void *data);
+
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
+    WOLFSSL_CRYPTO_EX_DATA* ex_data,
+    int idx,
+    void *data,
+    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup(
+    WOLFSSL* ssl,
+    int idx,
+    void* data,
+    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+
+#ifdef HAVE_EX_DATA_CRYPTO
 /* class index for wolfSSL_CRYPTO_get_ex_new_index */
 #define WOLF_CRYPTO_EX_INDEX_SSL             0
 #define WOLF_CRYPTO_EX_INDEX_SSL_CTX         1
@@ -1303,8 +1546,6 @@ typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int);
 #define WOLF_CRYPTO_EX_INDEX_DRBG            15
 #define WOLF_CRYPTO_EX_INDEX__COUNT          16
 
-#ifdef HAVE_EX_DATA
-
 /* Helper macro to log that input arguments should not be used */
 #define WOLFSSL_CRYPTO_EX_DATA_IGNORE_PARAMS(a1, a2, a3, a4, a5) \
     (void)(a1);                                                  \
@@ -1319,12 +1560,60 @@ typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int);
         }                                                        \
     } while(0)
 
-WOLFSSL_API int  wolfSSL_get_ex_new_index(long argValue, void* arg,
-        WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b,
-        WOLFSSL_CRYPTO_EX_free* c);
+WOLFSSL_API int wolfSSL_get_ex_new_index(
+    long argValue, void* arg,
+    WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b,
+    WOLFSSL_CRYPTO_EX_free* c);
+WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(
+    long idx, void* arg,
+    WOLFSSL_CRYPTO_EX_new* new_func,
+    WOLFSSL_CRYPTO_EX_dup* dup_func,
+    WOLFSSL_CRYPTO_EX_free* free_func);
+WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(
+    int class_index, long argl, void *argp,
+    WOLFSSL_CRYPTO_EX_new* new_func,
+    WOLFSSL_CRYPTO_EX_dup* dup_func,
+    WOLFSSL_CRYPTO_EX_free* free_func);
+WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
+        WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func,
+        WOLFSSL_CRYPTO_EX_free* free_func);
+#endif /* HAVE_EX_DATA_CRYPTO */
+#endif /* HAVE_EX_DATA */
 
+/* Exposed EX data API's, guarded internally by HAVE_EX_DATA */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
+WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
+    void *data);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup(
+    WOLFSSL_X509 *x509,
+    int idx,
+    void *data,
+    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
 #endif
 
+#ifdef HAVE_EX_DATA_CRYPTO
+WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
+    WOLFSSL_CRYPTO_EX_new* new_func,
+    WOLFSSL_CRYPTO_EX_dup* dup_func,
+    WOLFSSL_CRYPTO_EX_free* free_func);
+#endif
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx);
+WOLFSSL_API int   wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data);
+#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
+WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup(
+    WOLFSSL_CTX* ctx,
+    int idx,
+    void* data,
+    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
+#endif
+#endif /* OPENSSL_EXTRA */
+/* ----- EX DATA END ----- */
+
 WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode,
                                       VerifyCallback verify_callback);
 
@@ -1462,8 +1751,16 @@ WOLFSSL_API int  wolfSSL_dtls(WOLFSSL* ssl);
 WOLFSSL_API void* wolfSSL_dtls_create_peer(int port, char* ip);
 WOLFSSL_API int   wolfSSL_dtls_free_peer(void* addr);
 
-WOLFSSL_API int  wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
-WOLFSSL_API int  wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz);
+WOLFSSL_API int  wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer,
+                                       unsigned int peerSz);
+WOLFSSL_API int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer,
+                                              unsigned int peerSz);
+WOLFSSL_API int  wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer,
+                                       unsigned int* peerSz);
+WOLFSSL_API int  wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer,
+                                        unsigned int* peerSz);
+
+WOLFSSL_API byte wolfSSL_is_stateful(WOLFSSL* ssl);
 
 #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
 WOLFSSL_API int  wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx);
@@ -1543,7 +1840,9 @@ WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long e);
 WOLFSSL_API const char* wolfSSL_ERR_func_error_string(unsigned long e);
 WOLFSSL_API const char* wolfSSL_ERR_lib_error_string(unsigned long e);
 
-/* extras */
+/* -------- EXTRAS BEGIN -------- */
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
 
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
 WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
@@ -1553,17 +1852,14 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_shallow_sk_dup(WOLFSSL_STACK* sk);
 WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
 WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
-
-#if defined(HAVE_OCSP) || defined(HAVE_CRL) || (defined(WOLFSSL_CUSTOM_OID) && \
-    defined(WOLFSSL_ASN_TEMPLATE) && defined(HAVE_OID_DECODING))
-#include "wolfssl/wolfcrypt/asn.h"
-#endif
+WOLFSSL_API int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx);
+WOLFSSL_API void* wolfSSL_sk_pop(WOLFSSL_STACK* sk);
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)
 WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_push(
                                        WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk,
                                        WOLFSSL_ACCESS_DESCRIPTION* a);
-#endif /* defined(OPENSSL_ALL) || OPENSSL_EXTRA || defined(WOLFSSL_QT) */
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_QT */
 
 typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES;
 typedef WOLF_STACK_OF(WOLFSSL_DIST_POINT) WOLFSSL_DIST_POINTS;
@@ -1638,6 +1934,8 @@ WOLFSSL_API void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* a);
 WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free(
         WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk,
         void (*f) (WOLFSSL_X509_EXTENSION*));
+WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(
+        WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void);
 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj);
@@ -1655,62 +1953,8 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_ST
 WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s);
 WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
-                            WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
-WOLFSSL_API int  wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data);
-#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
-WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup(
-    WOLFSSL* ssl,
-    int idx,
-    void* data,
-    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
-#endif
-WOLFSSL_API int  wolfSSL_get_shutdown(const WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_set_rfd(WOLFSSL* ssl, int rfd);
-WOLFSSL_API int  wolfSSL_set_wfd(WOLFSSL* ssl, int wfd);
-WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt);
-WOLFSSL_API int  wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
-                                           unsigned int len);
-WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL* ssl);
-WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_session_reused(WOLFSSL* ssl);
-#ifdef OPENSSL_EXTRA
-/* using unsigned char instead of uint8_t here to avoid stdint include */
-WOLFSSL_API unsigned char wolfSSL_SESSION_get_max_fragment_length(
-                                                      WOLFSSL_SESSION* session);
-#endif
-WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap);
-WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
-WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx,
-                                        WOLFSSL_SESSION* session);
-WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session,
-                                        const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API int  wolfSSL_is_init_finished(const WOLFSSL* ssl);
+                      const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
 
-WOLFSSL_API const char*  wolfSSL_get_version(const WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
-WOLFSSL_API WOLFSSL_CIPHER*  wolfSSL_get_current_cipher(WOLFSSL* ssl);
-WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, int len);
-WOLFSSL_API const char*  wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API const char*  wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API word32       wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value);
-WOLFSSL_API const char*  wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session);
-WOLFSSL_API const char*  wolfSSL_get_cipher(WOLFSSL* ssl);
-WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session);
-
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap);
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x);
 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
 WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa);
 WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509);
@@ -1719,8 +1963,8 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)*
         wolfSSL_X509_chain_up_ref(WOLF_STACK_OF(WOLFSSL_X509)* chain);
 #endif
 
-WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port,
-                                     char** path, int* ssl);
+WOLFSSL_API int wolfSSL_OCSP_parse_url(const char* url, char** host,
+        char** port, char** path, int* ssl);
 
 #ifndef NO_BIO
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
@@ -1816,6 +2060,7 @@ WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag);
 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void);
 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void);
+WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_null(void);
 
 WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str);
 WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port);
@@ -1936,22 +2181,15 @@ WOLFSSL_API void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psi
         const WOLFSSL_X509_ALGOR **palg, const WOLFSSL_X509 *x509);
 WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
 WOLFSSL_API int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
-WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name,
-                                                                    char* in, int sz);
 WOLFSSL_API unsigned long wolfSSL_X509_NAME_hash(WOLFSSL_X509_NAME* name);
 #if defined(OPENSSL_EXTRA) && defined(XSNPRINTF)
 WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz);
 #endif
-WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
-                                                                 WOLFSSL_X509* cert);
 WOLFSSL_API unsigned long  wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509);
-WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
-                                                                 WOLFSSL_X509* cert);
 WOLFSSL_API unsigned long  wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
 WOLFSSL_API int  wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid);
 WOLFSSL_API int  wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509* x509, int nid);
 WOLFSSL_API int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION* ex, int crit);
-WOLFSSL_API int  wolfSSL_X509_get_isCA(WOLFSSL_X509* x509);
 WOLFSSL_API int  wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509* x509);
 WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509* x509);
 WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509* x509);
@@ -1959,6 +2197,8 @@ WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID(
                                             WOLFSSL_X509* x509, unsigned char* dst, int* dstLen);
 WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
                                             WOLFSSL_X509* x509, unsigned char* dst, int* dstLen);
+WOLFSSL_API const WOLFSSL_ASN1_STRING *wolfSSL_X509_get0_subject_key_id(
+        WOLFSSL_X509 *x509);
 
 WOLFSSL_API int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey);
 #ifdef WOLFSSL_CERT_REQ
@@ -2007,16 +2247,11 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
 WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn);
 WOLFSSL_API const unsigned char* wolfSSL_ASN1_STRING_get0_data(
                                             const WOLFSSL_ASN1_STRING* asn);
-WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn);
+WOLFSSL_API int wolfSSL_ASN1_STRING_length(const WOLFSSL_ASN1_STRING* asn);
 WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst,
                                                 const WOLFSSL_ASN1_STRING* src);
 WOLFSSL_API int         wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx);
 WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long err);
-WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509);
-WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509* x509, unsigned char* buf, int* bufSz);
-WOLFSSL_API int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509* x509, unsigned char* buf,
-        int* bufSz);
-WOLFSSL_API int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509);
 
 WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup,const char* dir,long type);
 WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, const char* file,
@@ -2035,6 +2270,8 @@ WOLFSSL_API int          wolfSSL_X509_STORE_add_cert(
                                               WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509);
 WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(
         const WOLFSSL_X509_STORE *ctx);
+WOLFSSL_API int wolfSSL_X509_STORE_set1_param(WOLFSSL_X509_STORE *ctx,
+        WOLFSSL_X509_VERIFY_PARAM *param);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
                                                    WOLFSSL_X509_STORE_CTX* ctx);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(
@@ -2043,16 +2280,12 @@ WOLFSSL_API WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx(
                                                    WOLFSSL_X509_STORE_CTX *ctx);
 WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
                                                             unsigned long flag);
-WOLFSSL_API int          wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store);
-WOLFSSL_API int          wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx,
-                                   int idx, WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj);
+WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx,
+                    int idx, WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj);
 WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_CTX_get0_param(
         WOLFSSL_X509_STORE_CTX *ctx);
-WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void);
-WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap);
 WOLFSSL_API int  wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
                       WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)*);
-WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx);
 WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx);
 WOLFSSL_API void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx,
         WOLF_STACK_OF(WOLFSSL_X509) *sk);
@@ -2067,6 +2300,8 @@ WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(
         WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey);
 WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
         WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen);
+WOLFSSL_API int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key,
+        unsigned char** pp);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
                                          WOLFSSL_EVP_PKEY** out);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
@@ -2149,7 +2384,7 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(
                                                const unsigned char** in,
                                                long inSz);
 WOLFSSL_API int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a,
-                                         unsigned char** out);
+                                         unsigned char** pp);
 
 WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime);
 
@@ -2195,10 +2430,10 @@ WOLFSSL_API int wolfSSL_get_client_suites_sigalgs(const WOLFSSL* ssl,
         const byte** suites, word16* suiteSz,
         const byte** hashSigAlgo, word16* hashSigAlgoSz);
 typedef struct WOLFSSL_CIPHERSUITE_INFO {
-    byte rsaAuth:1;
-    byte eccAuth:1;
-    byte eccStatic:1;
-    byte psk:1;
+    WC_BITFIELD rsaAuth:1;
+    WC_BITFIELD eccAuth:1;
+    WC_BITFIELD eccStatic:1;
+    WC_BITFIELD psk:1;
 } WOLFSSL_CIPHERSUITE_INFO;
 WOLFSSL_API WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first,
         byte second);
@@ -2241,14 +2476,6 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error(
                                            WOLFSSL_X509_STORE_CTX* ctx, int er);
 void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx,
                                                                      int depth);
-WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx);
-
-WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx,
-                                                          void* userdata);
-WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx,
-                                                   wc_pem_password_cb* cb);
-WOLFSSL_API wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX* ctx);
-WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
 
 WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx,
                           void (*f)(const WOLFSSL* ssl, int type, int val));
@@ -2307,13 +2534,7 @@ WOLFSSL_API int  wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength);
 
 WOLFSSL_API char* wolfSSL_get_srp_username(WOLFSSL *ssl);
 
-WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
-WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
 WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s,  long op);
-WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
-WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
-WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s);
-WOLFSSL_API int  wolfSSL_SSL_renegotiate_pending(WOLFSSL *s);
 WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
 WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg);
 WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
@@ -2332,6 +2553,187 @@ WOLFSSL_API char* wolfSSL_CONF_get1_default_config_file(void);
 WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg);
 WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl);
 
+WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
+
+    /* Errors used in wolfSSL. utilize the values from the defines in
+     * wolfssl/openssl/x509.h, but without the WOLFSSL_ prefix.
+     */
+enum {
+    WOLFSSL_X509_V_OK                                    = 0,
+    WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE            = 7,
+    WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID                = 9,
+    WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED                  = 10,
+    WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD    = 13,
+    WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD     = 14,
+    WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT       = 18,
+    WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20,
+    WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE   = 21,
+    WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG               = 22,
+    WOLFSSL_X509_V_ERR_CERT_REVOKED                      = 23,
+    WOLFSSL_X509_V_ERR_INVALID_CA                        = 24,
+    WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED              = 25,
+    WOLFSSL_X509_V_ERR_CERT_REJECTED                     = 28,
+    WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH           = 29,
+
+#ifdef HAVE_OCSP
+    /* OCSP Flags */
+    WOLFSSL_OCSP_NOCERTS     = 1,
+    WOLFSSL_OCSP_NOINTERN    = 2,
+    WOLFSSL_OCSP_NOSIGS      = 4,
+    WOLFSSL_OCSP_NOCHAIN     = 8,
+    WOLFSSL_OCSP_NOVERIFY    = 16,
+    WOLFSSL_OCSP_NOEXPLICIT  = 32,
+    WOLFSSL_OCSP_NOCASIGN    = 64,
+    WOLFSSL_OCSP_NODELEGATED = 128,
+    WOLFSSL_OCSP_NOCHECKS    = 256,
+    WOLFSSL_OCSP_TRUSTOTHER  = 512,
+    WOLFSSL_OCSP_RESPID_KEY  = 1024,
+    WOLFSSL_OCSP_NOTIME      = 2048,
+#endif
+
+    WOLFSSL_ST_CONNECT = 0x1000,
+    WOLFSSL_ST_ACCEPT  = 0x2000,
+    WOLFSSL_ST_MASK    = 0x0FFF,
+
+    WOLFSSL_CB_LOOP = 0x01,
+    WOLFSSL_CB_EXIT = 0x02,
+    WOLFSSL_CB_READ = 0x04,
+    WOLFSSL_CB_WRITE = 0x08,
+    WOLFSSL_CB_HANDSHAKE_START = 0x10,
+    WOLFSSL_CB_HANDSHAKE_DONE = 0x20,
+    WOLFSSL_CB_ALERT = 0x4000,
+    WOLFSSL_CB_READ_ALERT = (WOLFSSL_CB_ALERT | WOLFSSL_CB_READ),
+    WOLFSSL_CB_WRITE_ALERT = (WOLFSSL_CB_ALERT | WOLFSSL_CB_WRITE),
+    WOLFSSL_CB_ACCEPT_LOOP = (WOLFSSL_ST_ACCEPT | WOLFSSL_CB_LOOP),
+    WOLFSSL_CB_ACCEPT_EXIT = (WOLFSSL_ST_ACCEPT | WOLFSSL_CB_EXIT),
+    WOLFSSL_CB_CONNECT_LOOP = (WOLFSSL_ST_CONNECT | WOLFSSL_CB_LOOP),
+    WOLFSSL_CB_CONNECT_EXIT = (WOLFSSL_ST_CONNECT | WOLFSSL_CB_EXIT),
+    WOLFSSL_CB_MODE_READ = 1,
+    WOLFSSL_CB_MODE_WRITE = 2,
+
+    WOLFSSL_MODE_ENABLE_PARTIAL_WRITE = 2,
+    WOLFSSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to return WANT_{READ|WRITE}
+                              * to the user. This is set by default with
+                              * OPENWOLFSSL_COMPATIBLE_DEFAULTS. The macro
+                              * WOLFWOLFSSL_MODE_AUTO_RETRY_ATTEMPTS is used to
+                              * limit the possibility of an infinite retry loop
+                              */
+    WOLFSSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */
+
+    WOLFSSL_CRYPTO_LOCK = 1,
+    WOLFSSL_CRYPTO_NUM_LOCKS = 10
+};
+
+#define WOLFSSL_NOTHING 1
+#define WOLFSSL_WRITING 2
+#define WOLFSSL_READING 3
+#define WOLFSSL_MAX_SSL_SESSION_ID_LENGTH 32  /* = ID_LEN */
+
+#ifndef OPENSSL_COEXIST
+
+/* for compatibility these must be macros */
+
+#define SSL_OP_MICROSOFT_SESS_ID_BUG            WOLFSSL_OP_MICROSOFT_SESS_ID_BUG
+#define SSL_OP_NETSCAPE_CHALLENGE_BUG           WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG      WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER       WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING           WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING
+#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG         WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG
+#define SSL_OP_TLS_D5_BUG                       WOLFSSL_OP_TLS_D5_BUG
+#define SSL_OP_TLS_BLOCK_PADDING_BUG            WOLFSSL_OP_TLS_BLOCK_PADDING_BUG
+#define SSL_OP_TLS_ROLLBACK_BUG                 WOLFSSL_OP_TLS_ROLLBACK_BUG
+#define SSL_OP_EPHEMERAL_RSA                    WOLFSSL_OP_EPHEMERAL_RSA
+#define SSL_OP_PKCS1_CHECK_1                    WOLFSSL_OP_PKCS1_CHECK_1
+#define SSL_OP_PKCS1_CHECK_2                    WOLFSSL_OP_PKCS1_CHECK_2
+#define SSL_OP_NETSCAPE_CA_DN_BUG               WOLFSSL_OP_NETSCAPE_CA_DN_BUG
+#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG  WOLFSSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS      WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+#define SSL_OP_NO_QUERY_MTU                     WOLFSSL_OP_NO_QUERY_MTU
+#define SSL_OP_COOKIE_EXCHANGE                  WOLFSSL_OP_COOKIE_EXCHANGE
+#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION \
+                                                WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+#define SSL_OP_ALL                              WOLFSSL_OP_ALL
+
+#define SSL_OP_NO_SSLv2       WOLFSSL_OP_NO_SSLv2
+#define SSL_OP_NO_SSLv3       WOLFSSL_OP_NO_SSLv3
+#define SSL_OP_NO_TLSv1       WOLFSSL_OP_NO_TLSv1
+#define SSL_OP_NO_TLSv1_1     WOLFSSL_OP_NO_TLSv1_1
+#define SSL_OP_NO_TLSv1_2     WOLFSSL_OP_NO_TLSv1_2
+#define SSL_OP_NO_COMPRESSION WOLFSSL_OP_NO_COMPRESSION
+
+/* apache uses SSL_OP_NO_TLSv1_3 to determine if TLS 1.3 is enabled */
+#if !(!defined(WOLFSSL_TLS13) && defined(WOLFSSL_APACHE_HTTPD))
+#define SSL_OP_NO_TLSv1_3 WOLFSSL_OP_NO_TLSv1_3
+#endif
+
+#ifdef HAVE_SESSION_TICKET
+#define SSL_OP_NO_TICKET WOLFSSL_OP_NO_TICKET
+#endif
+
+#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \
+    SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3)
+
+
+#define SSL_NOTHING  WOLFSSL_NOTHING
+#define SSL_WRITING  WOLFSSL_WRITING
+#define SSL_READING  WOLFSSL_READING
+#define SSL_MAX_SSL_SESSION_ID_LENGTH  WOLFSSL_MAX_SSL_SESSION_ID_LENGTH
+#define SSL_MAX_SID_CTX_LENGTH  WOLFSSL_MAX_SSL_SESSION_ID_LENGTH
+
+#ifdef HAVE_OCSP
+    /* OCSP Flags */
+#define OCSP_NOCERTS WOLFSSL_OCSP_NOCERTS
+#define OCSP_NOINTERN WOLFSSL_OCSP_NOINTERN
+#define OCSP_NOSIGS WOLFSSL_OCSP_NOSIGS
+#define OCSP_NOCHAIN WOLFSSL_OCSP_NOCHAIN
+#define OCSP_NOVERIFY WOLFSSL_OCSP_NOVERIFY
+#define OCSP_NOEXPLICIT WOLFSSL_OCSP_NOEXPLICIT
+#define OCSP_NOCASIGN WOLFSSL_OCSP_NOCASIGN
+#define OCSP_NODELEGATED WOLFSSL_OCSP_NODELEGATED
+#define OCSP_NOCHECKS WOLFSSL_OCSP_NOCHECKS
+#define OCSP_TRUSTOTHER WOLFSSL_OCSP_TRUSTOTHER
+#define OCSP_RESPID_KEY WOLFSSL_OCSP_RESPID_KEY
+#define OCSP_NOTIME WOLFSSL_OCSP_NOTIME
+#endif
+
+#define SSL_ST_CONNECT WOLFSSL_ST_CONNECT
+#define SSL_ST_ACCEPT WOLFSSL_ST_ACCEPT
+#define SSL_ST_MASK WOLFSSL_ST_MASK
+
+#define SSL_CB_LOOP WOLFSSL_CB_LOOP
+#define SSL_CB_EXIT WOLFSSL_CB_EXIT
+#define SSL_CB_READ WOLFSSL_CB_READ
+#define SSL_CB_WRITE WOLFSSL_CB_WRITE
+#define SSL_CB_HANDSHAKE_START WOLFSSL_CB_HANDSHAKE_START
+#define SSL_CB_HANDSHAKE_DONE WOLFSSL_CB_HANDSHAKE_DONE
+#define SSL_CB_ALERT WOLFSSL_CB_ALERT
+#define SSL_CB_READ_ALERT WOLFSSL_CB_READ_ALERT
+#define SSL_CB_WRITE_ALERT WOLFSSL_CB_WRITE_ALERT
+#define SSL_CB_ACCEPT_LOOP WOLFSSL_CB_ACCEPT_LOOP
+#define SSL_CB_ACCEPT_EXIT WOLFSSL_CB_ACCEPT_EXIT
+#define SSL_CB_CONNECT_LOOP WOLFSSL_CB_CONNECT_LOOP
+#define SSL_CB_CONNECT_EXIT WOLFSSL_CB_CONNECT_EXIT
+#define SSL_CB_MODE_READ WOLFSSL_CB_MODE_READ
+#define SSL_CB_MODE_WRITE WOLFSSL_CB_MODE_WRITE
+
+#define SSL_MODE_ENABLE_PARTIAL_WRITE WOLFSSL_MODE_ENABLE_PARTIAL_WRITE
+#define SSL_MODE_AUTO_RETRY WOLFSSL_MODE_AUTO_RETRY
+#define SSL_MODE_RELEASE_BUFFERS WOLFSSL_MODE_RELEASE_BUFFERS
+
+#define CRYPTO_LOCK WOLFSSL_CRYPTO_LOCK
+#define CRYPTO_NUM_LOCKS WOLFSSL_CRYPTO_NUM_LOCKS
+
+#endif /* !OPENSSL_COEXIST */
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */
+/* -------- EXTRAS END -------- */
+
+
 #define WOLFSSL_DEFAULT_CIPHER_LIST ""   /* default all */
 
 /* These are bit-masks */
@@ -2341,7 +2743,7 @@ enum {
     WOLFSSL_OCSP_CHECKALL     = 4,
 
     WOLFSSL_CRL_CHECKALL = 1,
-    WOLFSSL_CRL_CHECK    = 2,
+    WOLFSSL_CRL_CHECK    = 2
 };
 
 /* Separated out from other enums because of size */
@@ -2388,138 +2790,79 @@ enum {
                   | WOLFSSL_OP_TLS_D5_BUG
                   | WOLFSSL_OP_TLS_BLOCK_PADDING_BUG
                   | WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-                  | WOLFSSL_OP_TLS_ROLLBACK_BUG),
+                  | WOLFSSL_OP_TLS_ROLLBACK_BUG)
 };
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
-    defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
-/* for compatibility these must be macros */
+WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx,
+                                                          void* userdata);
+WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx,
+                                                   wc_pem_password_cb* cb);
+WOLFSSL_API wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX* ctx);
+WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
 
-#define SSL_OP_MICROSOFT_SESS_ID_BUG            WOLFSSL_OP_MICROSOFT_SESS_ID_BUG
-#define SSL_OP_NETSCAPE_CHALLENGE_BUG           WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG      WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER       WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING           WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING
-#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG         WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG
-#define SSL_OP_TLS_D5_BUG                       WOLFSSL_OP_TLS_D5_BUG
-#define SSL_OP_TLS_BLOCK_PADDING_BUG            WOLFSSL_OP_TLS_BLOCK_PADDING_BUG
-#define SSL_OP_TLS_ROLLBACK_BUG                 WOLFSSL_OP_TLS_ROLLBACK_BUG
-#define SSL_OP_EPHEMERAL_RSA                    WOLFSSL_OP_EPHEMERAL_RSA
-#define SSL_OP_PKCS1_CHECK_1                    WOLFSSL_OP_PKCS1_CHECK_1
-#define SSL_OP_PKCS1_CHECK_2                    WOLFSSL_OP_PKCS1_CHECK_2
-#define SSL_OP_NETSCAPE_CA_DN_BUG               WOLFSSL_OP_NETSCAPE_CA_DN_BUG
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG  WOLFSSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS      WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-#define SSL_OP_NO_QUERY_MTU                     WOLFSSL_OP_NO_QUERY_MTU
-#define SSL_OP_COOKIE_EXCHANGE                  WOLFSSL_OP_COOKIE_EXCHANGE
-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION \
-                                                WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
-#define SSL_OP_ALL                              WOLFSSL_OP_ALL
-
-#define SSL_OP_NO_SSLv2       WOLFSSL_OP_NO_SSLv2
-#define SSL_OP_NO_SSLv3       WOLFSSL_OP_NO_SSLv3
-#define SSL_OP_NO_TLSv1       WOLFSSL_OP_NO_TLSv1
-#define SSL_OP_NO_TLSv1_1     WOLFSSL_OP_NO_TLSv1_1
-#define SSL_OP_NO_TLSv1_2     WOLFSSL_OP_NO_TLSv1_2
-#define SSL_OP_NO_COMPRESSION WOLFSSL_OP_NO_COMPRESSION
-
-/* apache uses SSL_OP_NO_TLSv1_3 to determine if TLS 1.3 is enabled */
-#if !(!defined(WOLFSSL_TLS13) && defined(WOLFSSL_APACHE_HTTPD))
-#define SSL_OP_NO_TLSv1_3 WOLFSSL_OP_NO_TLSv1_3
+WOLFSSL_API int  wolfSSL_SSL_renegotiate_pending(WOLFSSL *s);
+WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
+WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s);
+WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
+WOLFSSL_API int  wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h);
+WOLFSSL_API int  wolfSSL_get_shutdown(const WOLFSSL* ssl);
+WOLFSSL_API int  wolfSSL_set_rfd(WOLFSSL* ssl, int rfd);
+WOLFSSL_API int  wolfSSL_set_wfd(WOLFSSL* ssl, int wfd);
+WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt);
+WOLFSSL_API int  wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
+                                           unsigned int len);
+WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL* ssl);
+WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL* ssl);
+WOLFSSL_API int  wolfSSL_session_reused(WOLFSSL* ssl);
+#ifdef OPENSSL_EXTRA
+/* using unsigned char instead of uint8_t here to avoid stdint include */
+WOLFSSL_API unsigned char wolfSSL_SESSION_get_max_fragment_length(
+                                                      WOLFSSL_SESSION* session);
 #endif
+WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session);
 
-#ifdef HAVE_SESSION_TICKET
-#define SSL_OP_NO_TICKET WOLFSSL_OP_NO_TICKET
+WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
+WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void);
+WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap);
+WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
+WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx,
+                                        WOLFSSL_SESSION* session);
+WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session,
+                                        const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int  wolfSSL_is_init_finished(const WOLFSSL* ssl);
+
+WOLFSSL_API const char*  wolfSSL_get_version(const WOLFSSL* ssl);
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER)*  wolfSSL_get_client_ciphers(
+    WOLFSSL* ssl);
 #endif
+WOLFSSL_API int  wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
+WOLFSSL_API WOLFSSL_CIPHER*  wolfSSL_get_current_cipher(WOLFSSL* ssl);
+WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, int len);
+WOLFSSL_API const char*  wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API const char*  wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API word32       wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher);
+WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value);
+WOLFSSL_API const char*  wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session);
+WOLFSSL_API const char*  wolfSSL_get_cipher(WOLFSSL* ssl);
+WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
+WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session);
 
-#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \
-    SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3)
+WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void);
+WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap);
+WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx);
 
+WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
+WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
 
-#define SSL_NOTHING 1
-#define SSL_WRITING 2
-#define SSL_READING 3
-#define SSL_MAX_SSL_SESSION_ID_LENGTH 32  /* = ID_LEN */
-
-enum {
-#ifdef HAVE_OCSP
-    /* OCSP Flags */
-    OCSP_NOCERTS     = 1,
-    OCSP_NOINTERN    = 2,
-    OCSP_NOSIGS      = 4,
-    OCSP_NOCHAIN     = 8,
-    OCSP_NOVERIFY    = 16,
-    OCSP_NOEXPLICIT  = 32,
-    OCSP_NOCASIGN    = 64,
-    OCSP_NODELEGATED = 128,
-    OCSP_NOCHECKS    = 256,
-    OCSP_TRUSTOTHER  = 512,
-    OCSP_RESPID_KEY  = 1024,
-    OCSP_NOTIME      = 2048,
-
-    /* OCSP Types */
-    OCSP_CERTID   = 2,
-    OCSP_REQUEST  = 4,
-    OCSP_RESPONSE = 8,
-    OCSP_BASICRESP = 16,
-#endif
-
-    SSL_ST_CONNECT = 0x1000,
-    SSL_ST_ACCEPT  = 0x2000,
-    SSL_ST_MASK    = 0x0FFF,
-
-    SSL_CB_LOOP = 0x01,
-    SSL_CB_EXIT = 0x02,
-    SSL_CB_READ = 0x04,
-    SSL_CB_WRITE = 0x08,
-    SSL_CB_HANDSHAKE_START = 0x10,
-    SSL_CB_HANDSHAKE_DONE = 0x20,
-    SSL_CB_ALERT = 0x4000,
-    SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ),
-    SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE),
-    SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP),
-    SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT),
-    SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP),
-    SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT),
-    SSL_CB_MODE_READ = 1,
-    SSL_CB_MODE_WRITE = 2,
-
-    SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
-    SSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to return WANT_{READ|WRITE}
-                              * to the user. This is set by default with
-                              * OPENSSL_COMPATIBLE_DEFAULTS. The macro
-                              * WOLFSSL_MODE_AUTO_RETRY_ATTEMPTS is used to
-                              * limit the possibility of an infinite retry loop
-                              */
-    SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */
-    /* Errors used in wolfSSL. utilize the values from the defines in
-     * wolfssl/openssl/x509.h, but without the WOLFSSL_ prefix.
-     */
-    WOLFSSL_X509_V_OK                                    = 0,
-    WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE            = 7,
-    WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID                = 9,
-    WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED                  = 10,
-    WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD    = 13,
-    WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD     = 14,
-    WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT       = 18,
-    WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20,
-    WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE   = 21,
-    WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG               = 22,
-    WOLFSSL_X509_V_ERR_CERT_REVOKED                      = 23,
-    WOLFSSL_X509_V_ERR_INVALID_CA                        = 24,
-    WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED              = 25,
-    WOLFSSL_X509_V_ERR_CERT_REJECTED                     = 28,
-    WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH           = 29,
-
-    CRYPTO_LOCK = 1,
-    CRYPTO_NUM_LOCKS = 10,
-
-    ASN1_STRFLGS_ESC_MSB = 4
-};
-#endif
-
-/* extras end */
+WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name,
+                                                                    char* in, int sz);
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 /* wolfSSL extension, provide last error from SSL_get_error
@@ -2536,8 +2879,6 @@ WOLFSSL_API void wolfSSL_ERR_print_errors_cb(int (*cb)(const char *str,
                                                 size_t len, void *u), void *u);
 #endif
 #endif
-WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
-
 
 #ifndef NO_OLD_SSL_NAMES
     #define SSL_ERROR_NONE WOLFSSL_ERROR_NONE
@@ -2599,6 +2940,18 @@ enum { /* ssl Constants */
     WOLFSSL_FAILURE         =  0,   /* for some functions */
     WOLFSSL_SUCCESS         =  1,
 
+    #if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \
+            (defined(BUILDING_WOLFSSL) || \
+             defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS))
+        #define WOLFSSL_FAILURE WC_ERR_TRACE(WOLFSSL_FAILURE)
+        #define CONST_NUM_ERR_WOLFSSL_FAILURE 0
+        /* include CONST_NUM_ERR_ variants of the success codes, so that they
+         * can be harmlessly wrapped in WC_NO_ERR_TRACE().
+         */
+        #define CONST_NUM_ERR_WOLFSSL_ERROR_NONE 0
+        #define CONST_NUM_ERR_WOLFSSL_SUCCESS 1
+    #endif
+
 /* WOLFSSL_SHUTDOWN_NOT_DONE is returned by wolfSSL_shutdown and
  * wolfSSL_SendUserCanceled when the other end
  * of the connection has yet to send its close notify alert as part of the
@@ -2614,16 +2967,6 @@ enum { /* ssl Constants */
     WOLFSSL_SHUTDOWN_NOT_DONE =  2,
 #endif
 
-    WOLFSSL_ALPN_NOT_FOUND  = -9,
-    WOLFSSL_BAD_CERTTYPE    = -8,
-    WOLFSSL_BAD_STAT        = -7,
-    WOLFSSL_BAD_PATH        = -6,
-    WOLFSSL_BAD_FILETYPE    = -5,
-    WOLFSSL_BAD_FILE        = -4,
-    WOLFSSL_NOT_IMPLEMENTED = -3,
-    WOLFSSL_UNKNOWN         = -2,
-    WOLFSSL_FATAL_ERROR     = -1,
-
     WOLFSSL_FILETYPE_ASN1    = CTC_FILETYPE_ASN1,
     WOLFSSL_FILETYPE_PEM     = CTC_FILETYPE_PEM,
     WOLFSSL_FILETYPE_DEFAULT = CTC_FILETYPE_ASN1, /* ASN1 */
@@ -2647,22 +2990,49 @@ enum { /* ssl Constants */
             (WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE |
                     WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP),
 
-    WOLFSSL_ERROR_WANT_READ        =  2,
-    WOLFSSL_ERROR_WANT_WRITE       =  3,
-    WOLFSSL_ERROR_WANT_CONNECT     =  7,
-    WOLFSSL_ERROR_WANT_ACCEPT      =  8,
-    WOLFSSL_ERROR_SYSCALL          =  5,
-    WOLFSSL_ERROR_WANT_X509_LOOKUP = 83,
-    WOLFSSL_ERROR_ZERO_RETURN      =  6,
-    WOLFSSL_ERROR_SSL              = 85,
+    /* These values match OpenSSL values for corresponding names.*/
+    WOLFSSL_ERROR_SSL              =  1,
 
+    /* Operation did not complete; call this API again.*/
+    WOLFSSL_ERROR_WANT_READ        =  2,
+
+    /* Operation did not complete; call this API again.*/
+    WOLFSSL_ERROR_WANT_WRITE       =  3,
+
+    /* Operation did not complete; callback needs this API to be called again.*/
+    WOLFSSL_ERROR_WANT_X509_LOOKUP =  4,
+
+    /* Some sort of system I/O error happened.*/
+    WOLFSSL_ERROR_SYSCALL          =  5,
+
+    /* The connection has been closed with a closure alert.*/
+    WOLFSSL_ERROR_ZERO_RETURN      =  6,
+
+    /* Underlying protocol connection not started yet, call this API again.*/
+    WOLFSSL_ERROR_WANT_CONNECT     =  7,
+
+    /* Underlying protocol connection not started yet, call this API again.*/
+    WOLFSSL_ERROR_WANT_ACCEPT      =  8,
+
+    /* Close notify alert was sent to the peer.*/
     WOLFSSL_SENT_SHUTDOWN     = 1,
+
+    /* Close notify or fatal error was received from the peer.*/
     WOLFSSL_RECEIVED_SHUTDOWN = 2,
+
+    /* Let library know that write buffer might move to different addresses.*/
     WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4,
 
+    /* The handshake failed. */
     WOLFSSL_R_SSL_HANDSHAKE_FAILURE           = 101,
+
+    /* The issuer CA certificate is unknown. */
     WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA          = 102,
+
+    /* Unable to validate the certificate. */
     WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103,
+
+    /* There was a problem parsing the certificate. */
     WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE     = 104,
 
     WOLF_PEM_BUFSIZE = 1024
@@ -2741,8 +3111,11 @@ enum { /* ssl Constants */
 /* extra begins */
 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
 enum {  /* ERR Constants */
-    ERR_TXT_STRING = 1
+    WOLFSSL_ERR_TXT_STRING = 1
 };
+#ifndef OPENSSL_COEXIST
+#define ERR_TXT_STRING WOLFSSL_ERR_TXT_STRING
+#endif
 #endif
 #ifdef OPENSSL_EXTRA
 /* bio misc */
@@ -2773,7 +3146,6 @@ WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt);
 #if !defined(NO_CHECK_PRIVATE_KEY)
   WOLFSSL_API int  wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx);
 #endif
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx);
 
 WOLFSSL_API void wolfSSL_ERR_free_strings(void);
 WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long id);
@@ -2801,16 +3173,21 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFS
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl);
 #endif
 
-#ifdef OPENSSL_EXTRA
-WOLFSSL_API int wolfSSL_want(WOLFSSL* ssl);
-#endif
 WOLFSSL_API int wolfSSL_want_read(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_want_write(WOLFSSL* ssl);
 
+
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API int wolfSSL_want(WOLFSSL* ssl);
+
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx);
+
 #include <stdarg.h> /* var_arg */
 WOLFSSL_API int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format,
                                                             va_list args);
 WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...);
+
+
 WOLFSSL_API int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char* buf, int length);
 WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio,
                                          const WOLFSSL_ASN1_UTCTIME* a);
@@ -2822,39 +3199,20 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int* days, int* secs, const WOLFSSL_ASN1_
     const WOLFSSL_ASN1_TIME* to);
 WOLFSSL_API int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a,
     const WOLFSSL_ASN1_TIME *b);
-#ifdef OPENSSL_EXTRA
 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
 WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str);
-#endif
+WOLFSSL_API int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t,
+        const char *str);
+#endif /* OPENSSL_EXTRA */
 
+
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk);
 WOLFSSL_API void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i);
-
-#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL)
-
-WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
-                                            int idx);
-#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
-WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
-    WOLFSSL_CRYPTO_EX_DATA* ex_data,
-    int idx,
-    void *data,
-    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
-#endif
-WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
-                                            void *data);
 #endif
 
+
 /* stunnel 4.28 needs */
-WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx);
-WOLFSSL_API int   wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data);
-#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
-WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup(
-    WOLFSSL_CTX* ctx,
-    int idx,
-    void* data,
-    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
-#endif
 WOLFSSL_API void  wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
                    WOLFSSL_SESSION*(*f)(WOLFSSL* ssl, const unsigned char*, int, int*));
 WOLFSSL_API void  wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx,
@@ -2871,13 +3229,21 @@ WOLFSSL_API unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint(
                               const WOLFSSL_SESSION* sess);
 WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* session);
 WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* session);
-#ifdef HAVE_EX_DATA
-WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg,
-    WOLFSSL_CRYPTO_EX_new* new_func,
-    WOLFSSL_CRYPTO_EX_dup* dup_func,
-    WOLFSSL_CRYPTO_EX_free* free_func);
+
+
+#ifdef SESSION_CERTS
+#ifdef OPENSSL_EXTRA
+WOLFSSL_API const char *wolfSSL_get0_peername(WOLFSSL *ssl);
 #endif
 
+WOLFSSL_API
+    WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session);
+
+WOLFSSL_API int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
+                                unsigned char* buf, int inLen, int* outLen);
+#endif /* SESSION_CERTS */
+
 
 /* extra ends */
 
@@ -2888,15 +3254,30 @@ WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg,
    date check and signature check */
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn);
 
-#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-WOLFSSL_API const char *wolfSSL_get0_peername(WOLFSSL *ssl);
-#endif
 
 /* need to call once to load library (session cache) */
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void);
 /* call when done to cleanup/free session cache mutex / resources  */
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void);
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+#ifndef NO_FILESYSTEM
+WOLFSSL_API int    wolfSSL_crypto_policy_enable(const char * policy);
+#endif /* ! NO_FILESYSTEM */
+WOLFSSL_API int    wolfSSL_crypto_policy_enable_buffer(const char * buf);
+WOLFSSL_API void   wolfSSL_crypto_policy_disable(void);
+WOLFSSL_API int    wolfSSL_crypto_policy_is_enabled(void);
+WOLFSSL_API const char * wolfSSL_crypto_policy_get_ciphers(void);
+WOLFSSL_API int    wolfSSL_crypto_policy_get_level(void);
+WOLFSSL_LOCAL int  wolfSSL_crypto_policy_init_ctx(WOLFSSL_CTX * ctx,
+                                                  WOLFSSL_METHOD * method);
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+/* compat functions. */
+WOLFSSL_API int    wolfSSL_get_security_level(const WOLFSSL * ssl);
+#ifndef NO_WOLFSSL_STUB
+WOLFSSL_API void   wolfSSL_set_security_level(WOLFSSL * ssl, int level);
+#endif /* !NO_WOLFSSL_STUB */
+
 /* which library version do we have */
 WOLFSSL_API const char* wolfSSL_lib_version(void);
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
@@ -2932,12 +3313,49 @@ WOLFSSL_API int  wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx);
 WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx);
 /* index cert in X509 */
 WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx);
+
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(KEEP_PEER_CERT) || defined(KEEP_OUR_CERT) || defined(SESSION_CERTS)
+
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x);
+
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
+                                                            WOLFSSL_X509* cert);
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
+                                                            WOLFSSL_X509* cert);
+
+WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509);
+WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509);
+WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509* x509,
+    unsigned char* buf, int* bufSz);
+WOLFSSL_API int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509* x509,
+    unsigned char* buf, int* bufSz);
+WOLFSSL_API int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509);
+
+#ifndef NO_FILESYSTEM
+WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509*
+    wolfSSL_X509_load_certificate_file(const char* fname, int format);
+#endif
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
+    const unsigned char* buf, int sz, int format);
+#ifdef WOLFSSL_CERT_REQ
+WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
+    const unsigned char* buf, int sz, int format);
+#endif
+
 /* free X509 */
 #define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509))
 WOLFSSL_ABI WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509* x509);
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || KEEP_PEER_CERT || \
+          KEEP_OUR_CERT || SESSION_CERTS */
+
+
 /* get index cert in PEM */
-WOLFSSL_API int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
-                                unsigned char* buf, int inLen, int* outLen);
+
 WOLFSSL_ABI WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(
                                                       const WOLFSSL_SESSION* s);
 WOLFSSL_API int  wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509,unsigned char* in,int* inOutSz);
@@ -2964,16 +3382,18 @@ WOLFSSL_API WOLFSSL_X509*
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_API WOLFSSL_X509*
     wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req,
+        const unsigned char** in, int len);
 #endif
 WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
                                                    const unsigned char *in, int len);
-WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
-                                                    WOLFSSL_X509_CRL **crl);
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
 #endif
 #if defined(HAVE_CRL) && defined(OPENSSL_EXTRA)
+WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
+                                                    WOLFSSL_X509_CRL **crl);
 WOLFSSL_API int wolfSSL_X509_CRL_version(WOLFSSL_X509_CRL *crl);
 WOLFSSL_API int wolfSSL_X509_CRL_get_signature_type(WOLFSSL_X509_CRL* crl);
 WOLFSSL_API int wolfSSL_X509_CRL_get_signature_nid(
@@ -2992,6 +3412,46 @@ WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl);
 WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
 #endif
 
+#if defined(WOLFSSL_ACERT) && \
+   (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA))
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void * heap);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void);
+WOLFSSL_API void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509,
+                                         int dynamic, void * heap);
+WOLFSSL_API void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT* x509);
+#ifndef NO_WOLFSSL_STUB
+WOLFSSL_API int  wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509,
+                                        WOLFSSL_EVP_PKEY * pkey,
+                                        const WOLFSSL_EVP_MD * md);
+#endif /* !NO_WOLFSSL_STUB */
+WOLFSSL_API int  wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509,
+                                           WOLFSSL_EVP_PKEY* pkey);
+#if defined(OPENSSL_EXTRA)
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_signature_nid(
+                                                  const WOLFSSL_X509_ACERT* x);
+WOLFSSL_API int  wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio,
+                                          WOLFSSL_X509_ACERT* x509_acert);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_PEM_read_bio_X509_ACERT(
+    WOLFSSL_BIO *bp, WOLFSSL_X509_ACERT **x, wc_pem_password_cb *cb, void *u);
+WOLFSSL_API long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT *x);
+#endif /* OPENSSL_EXTRA */
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
+                                                 const byte ** rawAttr,
+                                                 word32 * rawAttrLen);
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509,
+                                                      unsigned char* in,
+                                                      int * inOutSz);
+WOLFSSL_API int  wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509);
+WOLFSSL_API int  wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509,
+                                                  unsigned char* buf,
+                                                  int* bufSz);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex(
+    const unsigned char* buf, int sz, int format, void * heap);
+WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer(
+    const unsigned char* buf, int sz, int format);
+#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */
+
+#ifdef OPENSSL_EXTRA
 WOLFSSL_API
 const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const
                                                      WOLFSSL_X509_REVOKED *rev);
@@ -3004,14 +3464,6 @@ const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const
     WOLFSSL_API WOLFSSL_X509*
         wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file);
     #endif
-WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509*
-    wolfSSL_X509_load_certificate_file(const char* fname, int format);
-#endif
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
-    const unsigned char* buf, int sz, int format);
-#ifdef WOLFSSL_CERT_REQ
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
-    const unsigned char* buf, int sz, int format);
 #endif
 
 #ifdef WOLFSSL_SEP
@@ -3023,19 +3475,25 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
            wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509, unsigned char* in, int* inOutSz);
 #endif
 
+#endif /* OPENSSL_EXTRA */
+
 /* connect enough to get peer cert */
 WOLFSSL_API int  wolfSSL_connect_cert(WOLFSSL* ssl);
 
 
-
+#ifdef OPENSSL_EXTRA
 /* PKCS12 compatibility */
-WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
-                                       WC_PKCS12** pkcs12);
-WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12);
+WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void);
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp,
                                        WOLFSSL_X509_PKCS12** pkcs12);
 #endif
+
+#ifdef HAVE_PKCS12
+WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
+                                       WC_PKCS12** pkcs12);
+WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12);
+
 WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
      WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
      WOLF_STACK_OF(WOLFSSL_X509)** ca);
@@ -3045,8 +3503,8 @@ WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
         WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert,
         WOLF_STACK_OF(WOLFSSL_X509)* ca,
         int keyNID, int certNID, int itt, int macItt, int keytype);
-WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void);
-
+#endif /* HAVE_PKCS12 */
+#endif /* OPENSSL_EXTRA */
 
 
 #ifndef NO_DH
@@ -3116,7 +3574,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
               !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \
               !defined(WOLFSSL_EMBOS)   && !defined(WOLFSSL_FROSTED)    && \
               !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI)    && \
-              !defined(WOLFSSL_ZEPHYR)  && !defined(NETOS)
+              !defined(WOLFSSL_ZEPHYR)  && !defined(NETOS) && \
+              !defined(WOLFSSL_NDS)
             #include <sys/uio.h>
         #endif
         /* allow writev style writing */
@@ -3162,6 +3621,12 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
                                                const unsigned char* in, long sz, int format);
     WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
                                                     const unsigned char* in, long sz);
+#if defined(WOLF_CRYPTO_CB)
+    WOLFSSL_API int wolfSSL_CTX_use_certificate_label(WOLFSSL_CTX* ctx,
+                                                const char *label, int devId);
+    WOLFSSL_API int wolfSSL_CTX_use_certificate_id(WOLFSSL_CTX* ctx,
+                                const unsigned char *id, int idLen, int devId);
+#endif
 #ifdef WOLFSSL_DUAL_ALG_CERTS
     WOLFSSL_API int wolfSSL_CTX_use_AltPrivateKey_buffer(WOLFSSL_CTX* ctx,
                                 const unsigned char* in, long sz, int format);
@@ -3233,18 +3698,6 @@ WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCt
 WOLFSSL_API int   wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, const byte* secret, word32 secretSz);
 
 
-/* I/O Callback default errors */
-enum IOerrors {
-    WOLFSSL_CBIO_ERR_GENERAL    = -1,     /* general unexpected err */
-    WOLFSSL_CBIO_ERR_WANT_READ  = -2,     /* need to call read  again */
-    WOLFSSL_CBIO_ERR_WANT_WRITE = -2,     /* need to call write again */
-    WOLFSSL_CBIO_ERR_CONN_RST   = -3,     /* connection reset */
-    WOLFSSL_CBIO_ERR_ISR        = -4,     /* interrupt */
-    WOLFSSL_CBIO_ERR_CONN_CLOSE = -5,     /* connection closed or epipe */
-    WOLFSSL_CBIO_ERR_TIMEOUT    = -6      /* socket timeout */
-};
-
-
 /* CA cache callbacks */
 enum {
     WOLFSSL_SSLV3    = 0,
@@ -3257,7 +3710,9 @@ enum {
     WOLFSSL_DTLSV1_3 = 7,
 
     WOLFSSL_USER_CA  = 1,          /* user added as trusted */
-    WOLFSSL_CHAIN_CA = 2           /* added to cache from trusted chain */
+    WOLFSSL_CHAIN_CA = 2,          /* added to cache from trusted chain */
+    WOLFSSL_TEMP_CA = 3            /* Temp intermediate CA, only for use by
+                                    * X509_STORE */
 };
 
 WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl);
@@ -3282,6 +3737,8 @@ WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
 
 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
 typedef void (*CbMissingCRL)(const char* url);
+typedef int  (*crlErrorCb)(int ret, WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm,
+                           void* ctx);
 typedef int  (*CbOCSPIO)(void*, const char*, int,
                                          unsigned char*, int, unsigned char**);
 typedef void (*CbOCSPRespFree)(void*,unsigned char*);
@@ -3290,6 +3747,22 @@ typedef void (*CbOCSPRespFree)(void*,unsigned char*);
 typedef int  (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz);
 #endif
 
+#ifdef HAVE_CRL_UPDATE_CB
+typedef struct CrlInfo {
+    byte *issuerHash;
+    word32 issuerHashLen;
+    byte *lastDate;
+    word32 lastDateMaxLen;
+    byte lastDateFormat;
+    byte *nextDate;
+    word32 nextDateMaxLen;
+    byte nextDateFormat;
+    sword32 crlNumber;
+} CrlInfo;
+
+typedef void (*CbUpdateCRL)(CrlInfo* old, CrlInfo* cnew);
+#endif
+
 /* User Atomic Record Layer CallBacks */
 typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut,
        const unsigned char* macIn, unsigned int macInSz, int macContent,
@@ -3315,6 +3788,21 @@ WOLFSSL_API void  wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX* ctx, CallbackEncryptM
 WOLFSSL_API void  wolfSSL_SetEncryptMacCtx(WOLFSSL* ssl, void *ctx);
 WOLFSSL_API void* wolfSSL_GetEncryptMacCtx(WOLFSSL* ssl);
 
+#ifdef WOLFSSL_THREADED_CRYPT
+    #ifndef WOLFSSL_THREADED_CRYPT_CNT
+        #define WOLFSSL_THREADED_CRYPT_CNT  16
+    #endif
+
+typedef void (*WOLFSSL_THREAD_SIGNAL)(void* ctx, WOLFSSL* ssl);
+
+WOLFSSL_API int wolfSSL_AsyncEncryptReady(WOLFSSL* ssl, int idx);
+WOLFSSL_API int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx);
+WOLFSSL_API int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx);
+WOLFSSL_API int wolfSSL_AsyncEncryptSetSignal(WOLFSSL* ssl, int idx,
+   WOLFSSL_THREAD_SIGNAL signal, void* ctx);
+#endif
+
+
 typedef int (*CallbackVerifyDecrypt)(WOLFSSL* ssl,
        unsigned char* decOut, const unsigned char* decIn,
        unsigned int decSz, int content, int verify, unsigned int* padSz,
@@ -3355,7 +3843,7 @@ enum {
     WOLFSSL_BLOCK_TYPE = 2,
     WOLFSSL_STREAM_TYPE = 3,
     WOLFSSL_AEAD_TYPE = 4,
-    WOLFSSL_TLS_HMAC_INNER_SZ = 13      /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
+    WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
 };
 
 /* for GetBulkCipher and internal use
@@ -3619,6 +4107,13 @@ WOLFSSL_API void  wolfSSL_CTX_SetGenMasterSecretCb(WOLFSSL_CTX* ctx,
 WOLFSSL_API void  wolfSSL_SetGenMasterSecretCtx(WOLFSSL* ssl, void *ctx);
 WOLFSSL_API void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl);
 
+typedef int (*CallbackGenExtMasterSecret)(WOLFSSL* ssl, byte* hash,
+                                            word32 hashsz, void* ctx);
+WOLFSSL_API void  wolfSSL_CTX_SetGenExtMasterSecretCb(WOLFSSL_CTX* ctx,
+                                                CallbackGenExtMasterSecret cb);
+WOLFSSL_API void  wolfSSL_SetGenExtMasterSecretCtx(WOLFSSL* ssl, void *ctx);
+WOLFSSL_API void* wolfSSL_GetGenExtMasterSecretCtx(WOLFSSL* ssl);
+
 typedef int (*CallbackGenPreMaster)(WOLFSSL* ssl, byte *premaster,
                                                    word32 preSz, void* ctx);
 WOLFSSL_API void  wolfSSL_CTX_SetGenPreMasterCb(WOLFSSL_CTX* ctx,
@@ -3720,8 +4215,10 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
     WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm,
         int options);
     WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm);
+#ifndef NO_WOLFSSL_CM_VERIFY
     WOLFSSL_API void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm,
         VerifyCallback vc);
+#endif
     WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm,
         const char* path, int type, int monitor);
     WOLFSSL_API int wolfSSL_CertManagerLoadCRLFile(WOLFSSL_CERT_MANAGER* cm,
@@ -3730,11 +4227,19 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
         const unsigned char* buff, long sz, int type);
     WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm,
         CbMissingCRL cb);
+    WOLFSSL_API int wolfSSL_CertManagerSetCRL_ErrorCb(WOLFSSL_CERT_MANAGER* cm,
+                                                      crlErrorCb cb, void* ctx);
     WOLFSSL_API int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm);
 #ifdef HAVE_CRL_IO
     WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm,
         CbCrlIO cb);
 #endif
+#ifdef HAVE_CRL_UPDATE_CB
+    WOLFSSL_API int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info,
+        const byte* buff, long sz, int type);
+    WOLFSSL_API int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm,
+        CbUpdateCRL cb);
+#endif
 #if defined(HAVE_OCSP)
     WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(
         WOLFSSL_CERT_MANAGER* cm, unsigned char *response, int responseSz,
@@ -3773,6 +4278,8 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
     WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl,
                                           const unsigned char* buff, long sz, int type);
     WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb);
+    WOLFSSL_API int wolfSSL_SetCRL_ErrorCb(WOLFSSL* ssl, crlErrorCb cb,
+                                           void* ctx);
 #ifdef HAVE_CRL_IO
     WOLFSSL_API int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb);
 #endif
@@ -3790,6 +4297,8 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
     WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx,
                                             const unsigned char* buff, long sz, int type);
     WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb);
+    WOLFSSL_API int wolfSSL_CTX_SetCRL_ErrorCb(WOLFSSL_CTX* ctx, crlErrorCb cb,
+                                               void* cbCtx);
 #ifdef HAVE_CRL_IO
     WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb);
 #endif
@@ -3839,7 +4348,7 @@ WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
 
 /* SNI types */
 enum {
-    WOLFSSL_SNI_HOST_NAME = 0,
+    WOLFSSL_SNI_HOST_NAME = 0
 };
 
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type,
@@ -3859,7 +4368,7 @@ enum {
     WOLFSSL_SNI_ANSWER_ON_MISMATCH   = 0x02,
 
     /* Abort the handshake if the client didn't send a SNI request. */
-    WOLFSSL_SNI_ABORT_ON_ABSENCE     = 0x04,
+    WOLFSSL_SNI_ABORT_ON_ABSENCE     = 0x04
 };
 
 WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
@@ -3910,7 +4419,7 @@ enum {
     WOLFSSL_ALPN_NO_MATCH = 0,
     WOLFSSL_ALPN_MATCH    = 1,
     WOLFSSL_ALPN_CONTINUE_ON_MISMATCH = 2,
-    WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4,
+    WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4
 };
 
 enum {
@@ -3952,7 +4461,7 @@ enum {
     WOLFSSL_MFL_2_13 = 5, /* 8192 bytes *//* wolfSSL ONLY!!! */
     WOLFSSL_MFL_2_8  = 6, /*  256 bytes *//* wolfSSL ONLY!!! */
     WOLFSSL_MFL_MIN  = WOLFSSL_MFL_2_9,
-    WOLFSSL_MFL_MAX  = WOLFSSL_MFL_2_8,
+    WOLFSSL_MFL_MAX  = WOLFSSL_MFL_2_8
 };
 
 #ifndef NO_WOLFSSL_CLIENT
@@ -4066,54 +4575,56 @@ enum {
     WOLFSSL_FFDHE_4096    = 258,
     WOLFSSL_FFDHE_6144    = 259,
     WOLFSSL_FFDHE_8192    = 260,
+    WOLFSSL_FFDHE_END     = 511,
 
 #ifdef HAVE_PQC
-    /* These group numbers were taken from OQS's openssl provider, see:
-     * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/
-     * oqs-kem-info.md.
-     *
-     * The levels in the group name refer to the claimed NIST level of each
-     * parameter set. The associated parameter set name is listed as a comment
-     * beside the group number. Please see the NIST PQC Competition's submitted
-     * papers for more details.
-     *
-     * LEVEL1 means that an attack on that parameter set would require the same
-     * or more resources as a key search on AES 128. LEVEL3 would require the
-     * same or more resources as a key search on AES 192. LEVEL5 would require
-     * the same or more resources as a key search on AES 256. None of the
-     * algorithms have LEVEL2 and LEVEL4 because none of these submissions
-     * included them. */
 
-#ifndef WOLFSSL_ML_KEM
-    WOLFSSL_PQC_MIN               = 570,
-    WOLFSSL_PQC_SIMPLE_MIN        = 570,
+#ifdef WOLFSSL_MLKEM_KYBER
+    /* Old code points to keep compatibility with Kyber Round 3.
+     * Taken from OQS's openssl provider, see:
+     * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/
+     *      oqs-kem-info.md
+     */
     WOLFSSL_KYBER_LEVEL1          = 570, /* KYBER_512 */
     WOLFSSL_KYBER_LEVEL3          = 572, /* KYBER_768 */
     WOLFSSL_KYBER_LEVEL5          = 573, /* KYBER_1024 */
-    WOLFSSL_PQC_SIMPLE_MAX        = 573,
 
-    WOLFSSL_PQC_HYBRID_MIN        = 12090,
     WOLFSSL_P256_KYBER_LEVEL1     = 12090,
     WOLFSSL_P384_KYBER_LEVEL3     = 12092,
     WOLFSSL_P521_KYBER_LEVEL5     = 12093,
-    WOLFSSL_PQC_HYBRID_MAX        = 12093,
-    WOLFSSL_PQC_MAX               = 12093,
-#else
-    WOLFSSL_PQC_MIN               = 583,
-    WOLFSSL_PQC_SIMPLE_MIN        = 583,
-    WOLFSSL_KYBER_LEVEL1          = 583, /* ML-KEM 512 */
-    WOLFSSL_KYBER_LEVEL3          = 584, /* ML-KEM 768 */
-    WOLFSSL_KYBER_LEVEL5          = 585, /* ML-KEM 1024 */
-    WOLFSSL_PQC_SIMPLE_MAX        = 585,
+    WOLFSSL_X25519_KYBER_LEVEL1   = 12089,
+    WOLFSSL_X448_KYBER_LEVEL3     = 12176,
+    WOLFSSL_X25519_KYBER_LEVEL3   = 25497,
+    WOLFSSL_P256_KYBER_LEVEL3     = 25498,
+#endif /* WOLFSSL_MLKEM_KYBER */
+#ifndef WOLFSSL_NO_ML_KEM
+    /* Taken from draft-connolly-tls-mlkem-key-agreement, see:
+     * https://github.com/dconnolly/draft-connolly-tls-mlkem-key-agreement/
+     */
+    WOLFSSL_ML_KEM_512            = 512,
+    WOLFSSL_ML_KEM_768            = 513,
+    WOLFSSL_ML_KEM_1024           = 514,
 
-    WOLFSSL_PQC_HYBRID_MIN        = 12103,
-    WOLFSSL_P256_KYBER_LEVEL1     = 12103,
-    WOLFSSL_P384_KYBER_LEVEL3     = 12104,
-    WOLFSSL_P521_KYBER_LEVEL5     = 12105,
-    WOLFSSL_PQC_HYBRID_MAX        = 12105,
-    WOLFSSL_PQC_MAX               = 12105,
-#endif /* WOLFSSL_ML_KEM */
+    /* Taken from draft-kwiatkowski-tls-ecdhe-mlkem. see:
+     * https://github.com/post-quantum-cryptography/
+     *      draft-kwiatkowski-tls-ecdhe-mlkem/
+     */
+    WOLFSSL_P256_ML_KEM_768       = 4587,
+    WOLFSSL_X25519_ML_KEM_768     = 4588,
+    WOLFSSL_P384_ML_KEM_1024      = 4589,
+
+    /* Taken from OQS's openssl provider, see:
+     * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/
+     *      oqs-kem-info.md
+     */
+    WOLFSSL_P256_ML_KEM_512       = 12107,
+    WOLFSSL_P384_ML_KEM_768       = 12108,
+    WOLFSSL_P521_ML_KEM_1024      = 12109,
+    WOLFSSL_X25519_ML_KEM_512     = 12214,
+    WOLFSSL_X448_ML_KEM_768       = 12215,
+#endif /* WOLFSSL_NO_ML_KEM */
 #endif /* HAVE_PQC */
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(SSL_H)
 };
 
 enum {
@@ -4122,6 +4633,7 @@ enum {
     WOLFSSL_EC_PF_X962_COMP_PRIME = 1,
     WOLFSSL_EC_PF_X962_COMP_CHAR2 = 2,
 #endif
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(SSL_H)
 };
 
 #ifdef HAVE_SUPPORTED_CURVES
@@ -4272,6 +4784,7 @@ WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx);
 
 
 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
+WOLFSSL_API int wolfDTLS_accept_stateless(WOLFSSL* ssl);
 /* notify user we parsed a verified ClientHello is done. This only has an effect
  * on the server end. */
 typedef int (*ClientHelloGoodCb)(WOLFSSL* ssl, void*);
@@ -4432,15 +4945,19 @@ WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name,
 WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name,
     const char *field, int type, const unsigned char *bytes, int len, int loc,
     int set);
+#ifndef wolfSSL_X509_NAME_add_entry_by_NID
 WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid,
                                            int type, const unsigned char *bytes,
                                            int len, int loc, int set);
+#endif
 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_delete_entry(
         WOLFSSL_X509_NAME *name, int loc);
 WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
             const WOLFSSL_X509_NAME* y);
 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
+#ifndef wolfSSL_X509_NAME_new_ex
 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new_ex(void *heap);
+#endif
 WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME* name);
 WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to);
 WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
@@ -4498,6 +5015,10 @@ WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_REQ_get_extensions(const WOLFSSL_X
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc);
 WOLFSSL_API int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x,
         const WOLFSSL_ASN1_OBJECT *obj, int lastpos);
+WOLFSSL_API int wolfSSL_X509_OBJECT_set1_X509(WOLFSSL_X509_OBJECT *a,
+        WOLFSSL_X509 *obj);
+WOLFSSL_API int wolfSSL_X509_OBJECT_set1_X509_CRL(WOLFSSL_X509_OBJECT *a,
+        WOLFSSL_X509_CRL *obj);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc);
 WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex);
 WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void);
@@ -4508,7 +5029,6 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_dup(
         WOLFSSL_X509_EXTENSION* src);
 WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,
                                        WOLFSSL_X509_EXTENSION* ext);
-WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk);
 WOLFSSL_API void wolfSSL_X509_EXTENSION_free(WOLFSSL_X509_EXTENSION* ext_to_free);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void);
 #endif
@@ -4606,7 +5126,7 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
 #ifndef NO_FILESYSTEM
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read(
         XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
-        pem_password_cb* cb, void* u);
+        wc_pem_password_cb* cb, void* u);
 #endif
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio(
         WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
@@ -4640,11 +5160,9 @@ struct WOLFSSL_CONF_CTX {
 };
 
 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
+WOLFSSL_API int wolfSSL_X509_NAME_ENTRY_set(const WOLFSSL_X509_NAME_ENTRY *ne);
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)|| \
-    defined(OPENSSL_EXTRA_X509_SMALL)
-
 #if    defined(OPENSSL_EXTRA) \
     || defined(OPENSSL_ALL) \
     || defined(HAVE_LIGHTY) \
@@ -4655,7 +5173,9 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA
     || defined(OPENSSL_EXTRA_X509_SMALL)
 WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne);
 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void);
+#ifndef wolfSSL_X509_NAME_free
 WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
+#endif
 WOLFSSL_API int wolfSSL_CTX_use_certificate(WOLFSSL_CTX* ctx, WOLFSSL_X509* x);
 WOLFSSL_API int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509);
 WOLFSSL_API int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509);
@@ -4664,7 +5184,6 @@ WOLFSSL_API int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509);
 WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
 /* These are to be merged shortly */
 WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
-WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
 WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
 WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
 WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
@@ -4681,9 +5200,9 @@ WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c);
 WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
 #endif
 
-#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
-
-#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
+#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || \
+          WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || \
+          WOLFSSL_HAPROXY */
 
 #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
     || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
@@ -4723,6 +5242,8 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
 WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out);
 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
 WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
+WOLFSSL_API long wolfSSL_X509_REQ_get_version(const WOLFSSL_X509 *req);
+WOLFSSL_API int wolfSSL_X509_REQ_set_version(WOLFSSL_X509 *x, long version);
 WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
                                       const WOLFSSL_EVP_MD *md);
 WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
@@ -4769,8 +5290,6 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_mem_functions(
 WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
     void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
 
-WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
-
 WOLFSSL_API int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size);
 
 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn);
@@ -4813,6 +5332,12 @@ WOLFSSL_API void wolfSSL_sk_X509_OBJECT_pop_free(WOLFSSL_STACK* s,
         void (*f) (WOLFSSL_X509_OBJECT*));
 WOLFSSL_API int wolfSSL_sk_X509_OBJECT_push(WOLFSSL_STACK* sk, WOLFSSL_X509_OBJECT* obj);
 
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*
+        wolfSSL_sk_X509_OBJECT_deep_copy(
+            const WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk,
+            WOLFSSL_X509_OBJECT* (*c)(const WOLFSSL_X509_OBJECT*),
+            void (*f)(WOLFSSL_X509_OBJECT*));
+
 WOLFSSL_API WOLFSSL_X509_INFO *wolfSSL_X509_INFO_new(void);
 WOLFSSL_API void wolfSSL_X509_INFO_free(WOLFSSL_X509_INFO* info);
 
@@ -4879,6 +5404,10 @@ WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit(
                             const WOLFSSL_ASN1_BIT_STRING* str, int i);
 WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit(
                             WOLFSSL_ASN1_BIT_STRING* str, int pos, int val);
+WOLFSSL_API int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bstr,
+        unsigned char** pp);
+WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_d2i_ASN1_BIT_STRING(
+        WOLFSSL_ASN1_BIT_STRING** out, const byte** src, long len);
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 WOLFSSL_API int  wolfSSL_version(WOLFSSL* ssl);
@@ -4911,12 +5440,6 @@ WOLFSSL_API int wolfSSL_SESSION_set_ex_data_with_cleanup(
 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
     || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
 
-#ifdef HAVE_EX_DATA
-WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
-        WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func,
-        WOLFSSL_CRYPTO_EX_free* free_func);
-#endif
-
 WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(
         const WOLFSSL_SESSION* sess, unsigned int* idLen);
 
@@ -4979,6 +5502,11 @@ WOLFSSL_API WOLFSSL_X509_OBJECT* wolfSSL_X509_OBJECT_new(void);
 WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj);
 WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_OBJECT_get0_X509(const WOLFSSL_X509_OBJECT *obj);
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_X509_OBJECT_get0_X509_CRL(WOLFSSL_X509_OBJECT *obj);
+
+WOLFSSL_API WOLFSSL_X509_OBJECT *wolfSSL_X509_OBJECT_retrieve_by_subject(
+        WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *sk,
+        WOLFSSL_X509_LOOKUP_TYPE type,
+        WOLFSSL_X509_NAME *name);
 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@@ -4992,13 +5520,10 @@ WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names
 WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names);
 #endif
 
-#if defined(OPENSSL_ALL) || \
-    defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
-    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
 WOLFSSL_API int wolfSSL_get_verify_mode(const WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_CTX_get_verify_mode(const WOLFSSL_CTX* ctx);
-
 #endif
 
 #ifdef WOLFSSL_JNI
@@ -5078,34 +5603,16 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
 #endif
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) \
-    || defined(WOLFSSL_WPAS_SMALL)
-WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
-WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
-    void *data);
-#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
-WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup(
-    WOLFSSL_X509 *x509,
-    int idx,
-    void *data,
-    wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
-#endif
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
-
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
-    || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK)
-WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
-#ifdef HAVE_EX_DATA
-WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
-    WOLFSSL_CRYPTO_EX_new* new_func,
-    WOLFSSL_CRYPTO_EX_dup* dup_func,
-    WOLFSSL_CRYPTO_EX_free* free_func);
-#endif
-WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
-    const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
-
+#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
 WOLFSSL_API long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx);
 WOLFSSL_API long wolfSSL_get_timeout(WOLFSSL* ssl);
+#endif
+
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
+    || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
+WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
+    const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
 WOLFSSL_API int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx,
     WOLFSSL_EC_KEY *ecdh);
 WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s);
@@ -5113,11 +5620,11 @@ WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s);
 WOLFSSL_API int wolfSSL_SSL_do_handshake(WOLFSSL *s);
 #ifdef OPENSSL_EXTRA
 WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(word64 opts,
-    const OPENSSL_INIT_SETTINGS *settings);
-WOLFSSL_API OPENSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void);
-WOLFSSL_API void wolfSSL_OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS* init);
+    const WOLFSSL_INIT_SETTINGS *settings);
+WOLFSSL_API WOLFSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void);
+WOLFSSL_API void wolfSSL_OPENSSL_INIT_free(WOLFSSL_INIT_SETTINGS* init);
 WOLFSSL_API int  wolfSSL_OPENSSL_INIT_set_config_appname(
-        OPENSSL_INIT_SETTINGS* init, char* appname);
+        WOLFSSL_INIT_SETTINGS* init, char* appname);
 #endif
 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 WOLFSSL_API int wolfSSL_SSL_in_init(const WOLFSSL* ssl);
@@ -5251,8 +5758,14 @@ WOLFSSL_API void wolfSSL_X509_ALGOR_free(WOLFSSL_X509_ALGOR *alg);
 WOLFSSL_API const WOLFSSL_X509_ALGOR* wolfSSL_X509_get0_tbs_sigalg(const WOLFSSL_X509 *x);
 WOLFSSL_API void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const WOLFSSL_X509_ALGOR *algor);
 WOLFSSL_API int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval);
+WOLFSSL_API int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* alg,
+        unsigned char** pp);
+WOLFSSL_API WOLFSSL_X509_ALGOR* wolfSSL_d2i_X509_ALGOR(WOLFSSL_X509_ALGOR** out,
+        const byte** src, long len);
 WOLFSSL_API WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void);
 WOLFSSL_API void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at);
+WOLFSSL_API int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at,
+                                      unsigned char** pp);
 WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_PUBKEY_new(void);
 WOLFSSL_API void wolfSSL_X509_PUBKEY_free(WOLFSSL_X509_PUBKEY *x);
 WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_get_X509_PUBKEY(const WOLFSSL_X509* x509);
@@ -5265,9 +5778,16 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a
                                                          long length);
 WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a);
 WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp);
-WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
-WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+WOLFSSL_API void WOLFSSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
+#ifndef OPENSSL_COEXIST
+#define SSL_CTX_set_tmp_dh_callback WOLFSSL_CTX_set_tmp_dh_callback
+#endif
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_COMP) *WOLFSSL_COMP_get_compression_methods(void);
+#ifndef OPENSSL_COEXIST
+#define SSL_COMP_get_compression_methods WOLFSSL_COMP_get_compression_methods
+#endif
 WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir);
+WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE *str);
 WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x);
 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p);
 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_find(
@@ -5276,7 +5796,10 @@ WOLFSSL_API void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
 WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
 WOLFSSL_API int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk);
 WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i);
-WOLFSSL_API void ERR_load_SSL_strings(void);
+WOLFSSL_API void wolfSSL_ERR_load_SSL_strings(void);
+#ifndef OPENSSL_COEXIST
+#define ERR_load_SSL_strings wolfSSL_ERR_load_SSL_strings
+#endif
 WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p);
 
 WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag);
@@ -5298,6 +5821,8 @@ WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);
 WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
     WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd,
     int passwdSz, wc_pem_password_cb* cb, void* ctx);
+WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
+        WOLFSSL_PKCS8_PRIV_KEY_INFO* keyInfo);
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 WOLFSSL_API int wolfSSL_PEM_write_PKCS8PrivateKey(
     XFILE fp, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc,
@@ -5346,7 +5871,7 @@ WOLFSSL_API int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
 enum {
     WOLFSSL_CERT_TYPE_UNKNOWN = -1,
     WOLFSSL_CERT_TYPE_X509 = 0,
-    WOLFSSL_CERT_TYPE_RPK  = 2,
+    WOLFSSL_CERT_TYPE_RPK  = 2
 };
 #define MAX_CLIENT_CERT_TYPE_CNT 2
 #define MAX_SERVER_CERT_TYPE_CNT 2
@@ -5370,7 +5895,6 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx);
 #endif
 WOLFSSL_API void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level);
 WOLFSSL_API int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX* ctx);
-
 WOLFSSL_API int wolfSSL_SESSION_is_resumable(const WOLFSSL_SESSION *s);
 
 WOLFSSL_API void wolfSSL_CRYPTO_free(void *str, const char *file, int line);
@@ -5397,12 +5921,6 @@ WOLFSSL_API int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx);
 WOLFSSL_API int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value);
 WOLFSSL_API int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd);
 #endif /* OPENSSL_EXTRA */
-#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL)
-WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
-                                           WOLFSSL_CRYPTO_EX_new* new_func,
-                                           WOLFSSL_CRYPTO_EX_dup* dup_func,
-                                           WOLFSSL_CRYPTO_EX_free* free_func);
-#endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */
 
 #if defined(WOLFSSL_DTLS_CID)
 WOLFSSL_API int wolfSSL_dtls_cid_use(WOLFSSL* ssl);
@@ -5413,10 +5931,15 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_rx_size(WOLFSSL* ssl,
     unsigned int* size);
 WOLFSSL_API int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer,
     unsigned int bufferSz);
+WOLFSSL_API int wolfSSL_dtls_cid_get0_rx(WOLFSSL* ssl, unsigned char** cid);
 WOLFSSL_API int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl,
     unsigned int* size);
 WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
     unsigned int bufferSz);
+WOLFSSL_API int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid);
+WOLFSSL_API int wolfSSL_dtls_cid_max_size(void);
+WOLFSSL_API const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
+        unsigned int msgSz, unsigned int cidSz);
 #endif /* defined(WOLFSSL_DTLS_CID) */
 
 #ifdef WOLFSSL_DTLS_CH_FRAG
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 888d7f1ae..fa84ab0e0 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1,6 +1,6 @@
 /* test.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,6 +29,12 @@
 #define wolfSSL_TEST_H
 
 #include <wolfssl/wolfcrypt/settings.h>
+
+#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
+#if defined(OPENSSL_EXTRA) && defined(OPENSSL_COEXIST)
+    #error "Example apps built with OPENSSL_EXTRA can't also be built with OPENSSL_COEXIST."
+#endif
+
 #include <wolfssl/wolfcrypt/wc_port.h>
 
 #ifdef FUSION_RTOS
@@ -79,11 +85,50 @@
     #endif /* HAVE_ECC */
 #endif /*HAVE_PK_CALLBACKS */
 
-#ifdef USE_WINDOWS_API
+#ifdef __WATCOMC__
+    #define SNPRINTF snprintf
+    #if defined(__NT__)
+        #include <winsock2.h>
+        #include <ws2tcpip.h>
+        #include <process.h>
+        #ifdef TEST_IPV6            /* don't require newer SDK for IPV4 */
+            #include <wspiapi.h>
+        #endif
+        #define SOCKET_T SOCKET
+        #define XSLEEP_MS(t) Sleep(t)
+    #elif defined(__OS2__)
+        #include <netdb.h>
+        #include <sys/ioctl.h>
+        #include <tcpustd.h>
+        #define SOCKET_T int
+    #elif defined(__UNIX__)
+        #include <string.h>
+        #include <netdb.h>
+        #include <netinet/tcp.h>
+        #ifndef WOLFSSL_NDS
+            #include <sys/ioctl.h>
+        #endif
+        #include <time.h>
+        #include <sys/time.h>
+        #ifdef HAVE_PTHREAD
+            #include <pthread.h>
+        #endif
+        #define SOCKET_T int
+        #ifndef SO_NOSIGPIPE
+            #include <signal.h>  /* ignore SIGPIPE */
+        #endif
+
+        #define XSLEEP_MS(m) \
+            { \
+                struct timespec req = { (m)/1000, ((m) % 1000) * 1000 }; \
+                nanosleep( &req, NULL ); \
+            }
+    #endif
+#elif defined(USE_WINDOWS_API)
     #include <winsock2.h>
+    #include <ws2tcpip.h>
     #include <process.h>
     #ifdef TEST_IPV6            /* don't require newer SDK for IPV4 */
-        #include <ws2tcpip.h>
         #include <wspiapi.h>
     #endif
     #define SOCKET_T SOCKET
@@ -203,7 +248,9 @@
     #include <netinet/in.h>
     #include <netinet/tcp.h>
     #include <arpa/inet.h>
-    #include <sys/ioctl.h>
+    #ifndef WOLFSSL_NDS
+        #include <sys/ioctl.h>
+    #endif
     #include <sys/time.h>
     #include <sys/socket.h>
     #ifdef HAVE_PTHREAD
@@ -672,16 +719,6 @@ void test_wolfSSL_client_server_nofail_ex(callback_functions* client_cb,
 void test_wolfSSL_client_server_nofail(callback_functions* client_cb,
                                        callback_functions* server_cb);
 
-/* Return
- *   tmpDir on success
- *   NULL on failure */
-char* create_tmp_dir(char* tmpDir, int len);
-/* Remaining functions return
- * 0 on success
- * -1 on failure */
-int rem_dir(const char* dirName);
-int rem_file(const char* fileName);
-int copy_file(const char* in, const char* out);
 
 #if defined(__MACH__) || defined(__FreeBSD__)
     int link_file(const char* in, const char* out);
@@ -1102,8 +1139,8 @@ static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr,
          * message ready to write once */
         strLen = XSNPRINTF(serialMsg, sizeof(serialMsg), " %s", words[3]);
         for (i = 0; i < sz; i++)
-            strLen = XSNPRINTF(serialMsg + strLen, sizeof(serialMsg) - strLen,
-                ":%02x ", serial[i]);
+            strLen = XSNPRINTF(serialMsg + strLen,
+                sizeof(serialMsg) - (size_t)strLen, ":%02x ", serial[i]);
         printf("%s\n", serialMsg);
     }
 
@@ -1148,13 +1185,13 @@ static WC_INLINE void ShowX509Chain(WOLFSSL_X509_CHAIN* chain, int count,
 {
     int i;
     int length;
-    unsigned char buffer[3072];
+    unsigned char certPem[3072];
     WOLFSSL_X509* chainX509;
 
     for (i = 0; i < count; i++) {
-        wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length);
-        buffer[length] = 0;
-        printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, buffer);
+        wolfSSL_get_chain_cert_pem(chain, i, certPem, sizeof(certPem), &length);
+        certPem[length] = 0;
+        printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, certPem);
 
         chainX509 = wolfSSL_get_chain_X509(chain, i);
         if (chainX509)
@@ -1431,7 +1468,7 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
         err_sys_with_errno("socket failed\n");
     }
 
-#ifndef USE_WINDOWS_API
+#if !defined(USE_WINDOWS_API) && !defined(__WATCOMC__) && !defined(__OS2__)
 #ifdef SO_NOSIGPIPE
     {
         int       on = 1;
@@ -1441,7 +1478,7 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
             err_sys_with_errno("setsockopt SO_NOSIGPIPE failed\n");
     }
 #elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\
-                        defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR)
+    defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR)
     /* nothing to define */
 #elif defined(NETOS)
     /* TODO: signal(SIGPIPE, SIG_IGN); */
@@ -1459,7 +1496,7 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
             err_sys_with_errno("setsockopt TCP_NODELAY failed\n");
     }
 #endif
-#endif  /* USE_WINDOWS_API */
+#endif  /* !defined(USE_WINDOWS_API) && !defined(__WATCOMC__) && ... */
 }
 
 #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && defined(WOLFSENTRY_H)
@@ -1513,7 +1550,7 @@ static WC_INLINE int tcp_select_ex(SOCKET_T socketfd, int to_sec, int rx)
     fd_set* recvfds = NULL;
     fd_set* sendfds = NULL;
     SOCKET_T nfds = socketfd + 1;
-#if !defined(__INTEGRITY)
+#if !defined(__INTEGRITY) && !defined(__WATCOMC__)
     struct timeval timeout = {(to_sec > 0) ? to_sec : 0, 0};
 #else
     struct timeval timeout;
@@ -1530,8 +1567,9 @@ static WC_INLINE int tcp_select_ex(SOCKET_T socketfd, int to_sec, int rx)
     else
         sendfds = &fds;
 
-#if defined(__INTEGRITY)
-    timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0, 0;
+#if defined(__INTEGRITY) || defined(__WATCOMC__)
+    timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0;
+    timeout.tv_usec = 0;
 #endif
     result = select(nfds, recvfds, sendfds, &errfds, &timeout);
 
@@ -1802,6 +1840,10 @@ static WC_INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
         || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) \
         || defined(WOLFSSL_ZEPHYR)
          /* non blocking not supported, for now */
+    #elif defined(__WATCOMC__) && defined(__OS2__)
+        int blocking = 1;
+        if (ioctl(*sockfd, FIONBIO, &blocking) == -1)
+            err_sys_with_errno("ioctl failed");
     #else
         int flags = fcntl(*sockfd, F_GETFL, 0);
         if (flags < 0)
@@ -1823,6 +1865,10 @@ static WC_INLINE void tcp_set_blocking(SOCKET_T* sockfd)
         || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) \
         || defined(WOLFSSL_ZEPHYR)
          /* non blocking not supported, for now */
+    #elif defined(__WATCOMC__) && defined(__OS2__)
+        int blocking = 0;
+        if (ioctl(*sockfd, FIONBIO, &blocking) == -1)
+            err_sys_with_errno("ioctl failed");
     #else
         int flags = fcntl(*sockfd, F_GETFL, 0);
         if (flags < 0)
@@ -1851,7 +1897,8 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
     /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
     XSTRNCPY(identity, kIdentityStr, id_max_len);
 
-    if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
+    if (wolfSSL_GetVersion(ssl) != WOLFSSL_TLSV1_3 &&
+            wolfSSL_GetVersion(ssl) != WOLFSSL_DTLSV1_3) {
         /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
          * unsigned binary */
         key[0] = 0x1a;
@@ -1895,7 +1942,8 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
     if (XSTRCMP(identity, kIdentityStr) != 0)
         return 0;
 
-    if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
+    if (wolfSSL_GetVersion(ssl) != WOLFSSL_TLSV1_3 &&
+            wolfSSL_GetVersion(ssl) != WOLFSSL_DTLSV1_3) {
         /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
          * unsigned binary */
         key[0] = 0x1a;
@@ -1948,7 +1996,11 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
         key[i] = (unsigned char) b;
     }
 
+#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+    *ciphersuite = userCipher ? userCipher : "TLS13-AES256-GCM-SHA384";
+#else
     *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
+#endif
 
     ret = 32;   /* length of key in octets or 0 for error */
 
@@ -1987,7 +2039,11 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
         key[i] = (unsigned char) b;
     }
 
+#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+    *ciphersuite = userCipher ? userCipher : "TLS13-AES256-GCM-SHA384";
+#else
     *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
+#endif
 
     ret = 32;   /* length of key in octets or 0 for error */
 
@@ -2001,16 +2057,13 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
 }
 #endif
 
-#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
-       !defined(NO_FILESYSTEM)
-static unsigned char local_psk[32];
-#endif
+#ifdef OPENSSL_EXTRA
 static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
             const WOLFSSL_EVP_MD* md, const unsigned char **id,
             size_t* idlen,  WOLFSSL_SESSION **sess)
 {
-#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
-       !defined(NO_FILESYSTEM)
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+    static unsigned char local_psk[32];
     int i;
     WOLFSSL_SESSION* lsess;
     char buf[256];
@@ -2073,6 +2126,7 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
     return 0;
 #endif
 }
+#endif /* OPENSSL_EXTRA */
 
 static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl,
         const char* hint, char* identity, unsigned int id_max_len,
@@ -2115,7 +2169,9 @@ static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl,
 #elif defined(USE_WINDOWS_API)
 
     #define WIN32_LEAN_AND_MEAN
+    #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
     #include <windows.h>
+    #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
 
     static WC_INLINE double current_time(int reset)
     {
@@ -2393,7 +2449,7 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
 enum {
     VERIFY_OVERRIDE_ERROR,
     VERIFY_FORCE_FAIL,
-    VERIFY_USE_PREVERFIY,
+    VERIFY_USE_PREVERIFY,
     VERIFY_OVERRIDE_DATE_ERR,
 };
 static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR;
@@ -2407,7 +2463,7 @@ static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR;
 
 static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
 {
-    char buffer[WOLFSSL_MAX_ERROR_SZ];
+    char err_buffer[WOLFSSL_MAX_ERROR_SZ];
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     WOLFSSL_X509* peer;
 #if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) && \
@@ -2434,7 +2490,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
      */
 
     fprintf(stderr, "In verification callback, error = %d, %s\n", store->error,
-                                 wolfSSL_ERR_error_string((unsigned long) store->error, buffer));
+            wolfSSL_ERR_error_string((unsigned long) store->error, err_buffer));
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     peer = store->current_cert;
     if (peer) {
@@ -2559,7 +2615,7 @@ static WC_INLINE void CRL_CallBack(const char* url)
 #endif
 
 #ifndef NO_DH
-#if defined(WOLFSSL_SP_MATH) && !defined(WOLFSS_SP_MATH_ALL)
+#if defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)
     /* dh2048 p */
     static const unsigned char test_dh_p[] =
     {
@@ -3342,8 +3398,9 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
         ret = BAD_FUNC_ARG;
     }
 
-#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_FIPS) && \
-                                                         !defined(HAVE_SELFTEST)
+#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
+    !defined(HAVE_SELFTEST)
     if (ret == 0) {
         ret = wc_ecc_set_rng(privKey, wolfSSL_GetRNG(ssl));
     }
@@ -3902,9 +3959,11 @@ static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
 {
     enum wc_HashType hashType = WC_HASH_TYPE_NONE;
     WC_RNG           rng;
-    int              ret;
+    int              ret = 0;
     word32           idx = 0;
     RsaKey           myKey;
+    byte*            inBuf = (byte*)in;
+    word32           inBufSz = inSz;
     byte*            keyBuf = (byte*)key;
     PkCbInfo* cbInfo = (PkCbInfo*)ctx;
 
@@ -3942,17 +4001,40 @@ static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
     if (ret != 0)
         return ret;
 
-    ret = wc_InitRsaKey(&myKey, NULL);
+    #ifdef TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
+        /* With this defined, RSA-PSS sign callback when used from TLS 1.3
+         * does not hash data before giving to this callback. User must
+         * compute hash themselves. */
+        if (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_3) {
+            inBufSz = wc_HashGetDigestSize(hashType);
+            inBuf = (byte*)XMALLOC(inBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (inBuf == NULL) {
+                ret = MEMORY_E;
+            }
+            if (ret == 0) {
+                ret = wc_Hash(hashType, in, inSz, inBuf, inBufSz);
+            }
+        }
+    #endif
+
+    if (ret == 0) {
+        ret = wc_InitRsaKey(&myKey, NULL);
+    }
     if (ret == 0) {
         ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
         if (ret == 0) {
-            ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey,
-                                 &rng);
+            ret = wc_RsaPSS_Sign(inBuf, inBufSz, out, *outSz, hashType, mgf,
+                                 &myKey, &rng);
         }
         if (ret > 0) {  /* save and convert to 0 success */
             *outSz = (word32) ret;
             ret = 0;
         }
+    #ifdef TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
+        if ((inBuf != NULL) && (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_3)) {
+            XFREE(inBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+    #endif
         wc_FreeRsaKey(&myKey);
     }
     wc_FreeRng(&rng);
@@ -4178,6 +4260,25 @@ static WC_INLINE int myGenMaster(WOLFSSL* ssl, void* ctx)
     return ret;
 }
 
+static WC_INLINE int myGenExtMaster(WOLFSSL* ssl, byte* hash, word32 hashSz,
+                                        void* ctx)
+{
+    int       ret;
+    PkCbInfo* cbInfo = (PkCbInfo*)ctx;
+
+    (void)ssl;
+    (void)cbInfo;
+    (void)hash;
+    (void)hashSz;
+
+    WOLFSSL_PKMSG("Gen Extended Master");
+    /* fall through to original routine */
+    ret = PROTOCOLCB_UNAVAILABLE;
+    WOLFSSL_PKMSG("Gen Extended Master: ret %d\n", ret);
+
+    return ret;
+}
+
 static WC_INLINE int myGenPreMaster(WOLFSSL* ssl, byte *premaster,
                                                   word32 preSz, void* ctx)
 {
@@ -4330,6 +4431,7 @@ static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx)
 
     #ifndef NO_CERTS
     wolfSSL_CTX_SetGenMasterSecretCb(ctx, myGenMaster);
+    wolfSSL_CTX_SetGenExtMasterSecretCb(ctx, myGenExtMaster);
     wolfSSL_CTX_SetGenPreMasterCb(ctx, myGenPreMaster);
     wolfSSL_CTX_SetGenSessionKeyCb(ctx, myGenSessionKey);
     wolfSSL_CTX_SetEncryptKeysCb(ctx, mySetEncryptKeys);
@@ -4385,6 +4487,7 @@ static WC_INLINE void SetupPkCallbackContexts(WOLFSSL* ssl, void* myCtx)
 
     #ifndef NO_CERTS
     wolfSSL_SetGenMasterSecretCtx(ssl, myCtx);
+    wolfSSL_SetGenExtMasterSecretCtx(ssl, myCtx);
     wolfSSL_SetGenPreMasterCtx(ssl, myCtx);
     wolfSSL_SetGenSessionKeyCtx(ssl, myCtx);
     wolfSSL_SetEncryptKeysCtx(ssl, myCtx);
@@ -4445,7 +4548,7 @@ static WC_INLINE int SimulateWantWriteIOSendCb(WOLFSSL *ssl, char *buf, int sz,
 #endif /* USE_WOLFSSL_IO */
 
 #if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \
-                      || defined(_MSC_VER)
+                      || defined(_MSC_VER) || defined(__WATCOMC__)
 
 /* HP/UX doesn't have strsep, needed by test/suites.c */
 static WC_INLINE char* strsep(char **stringp, const char *delim)
@@ -4655,7 +4758,7 @@ static WC_INLINE int myTicketEncCb(WOLFSSL* ssl,
                                               mac);
         #elif defined(HAVE_AESGCM)
             ret = wc_AesGcmEncrypt(&tickCtx->aes, ticket, ticket, inLen,
-                                   iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE,
+                                   iv, GCM_NONCE_MID_SZ, mac, WC_AES_BLOCK_SIZE,
                                    tickCtx->aad, aadSz);
         #endif
         }
@@ -4669,7 +4772,7 @@ static WC_INLINE int myTicketEncCb(WOLFSSL* ssl,
                                               ticket);
         #elif defined(HAVE_AESGCM)
             ret = wc_AesGcmDecrypt(&tickCtx->aes, ticket, ticket, inLen,
-                                   iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE,
+                                   iv, GCM_NONCE_MID_SZ, mac, WC_AES_BLOCK_SIZE,
                                    tickCtx->aad, aadSz);
         #endif
         }
@@ -4827,4 +4930,23 @@ void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName);
 
 #define DTLS_CID_BUFFER_SIZE 256
 
+static WC_MAYBE_UNUSED void *mymemmem(const void *haystack, size_t haystacklen,
+                                      const void *needle, size_t needlelen)
+{
+    size_t i, j;
+    const char* h = (const char*)haystack;
+    const char* n = (const char*)needle;
+    if (needlelen > haystacklen)
+        return NULL;
+    for (i = 0; i <= haystacklen - needlelen; i++) {
+        for (j = 0; j < needlelen; j++) {
+            if (h[i + j] != n[j])
+                break;
+        }
+        if (j == needlelen)
+            return (void*)(h + i);
+    }
+    return NULL;
+}
+
 #endif /* wolfSSL_TEST_H */
diff --git a/wolfssl/version.h b/wolfssl/version.h
index 01fd1b683..ea3277d4f 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -1,6 +1,6 @@
 /* wolfssl_version.h.in
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "5.7.2"
-#define LIBWOLFSSL_VERSION_HEX 0x05007002
+#define LIBWOLFSSL_VERSION_STRING "5.7.6"
+#define LIBWOLFSSL_VERSION_HEX 0x05007006
 
 #ifdef __cplusplus
 }
diff --git a/wolfssl/version.h.in b/wolfssl/version.h.in
index ed48dcef5..126e1a0eb 100644
--- a/wolfssl/version.h.in
+++ b/wolfssl/version.h.in
@@ -1,6 +1,6 @@
 /* wolfssl_version.h.in
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index 3038882a7..0ce8acc02 100644
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -1,6 +1,6 @@
 /* aes.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -61,7 +61,7 @@ typedef struct Gcm {
 #endif
 
 WOLFSSL_LOCAL void GenerateM0(Gcm* gcm);
-#ifdef WOLFSSL_ARMASM
+#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM)
 WOLFSSL_LOCAL void GMULT(byte* X, byte* Y);
 #endif
 WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
@@ -188,7 +188,18 @@ enum {
     AES_ENCRYPTION_AND_DECRYPTION = 2,
 #endif
 
-    AES_BLOCK_SIZE      = 16,
+    WC_AES_BLOCK_SIZE      = 16,
+#ifdef OPENSSL_COEXIST
+    /* allow OPENSSL_COEXIST applications to detect absence of AES_BLOCK_SIZE
+     * and presence of WC_AES_BLOCK_SIZE.
+     *
+     * if WC_NO_COMPAT_AES_BLOCK_SIZE is defined, WC_AES_BLOCK_SIZE is
+     * available, otherwise AES_BLOCK_SIZE is available.
+     */
+    #define WC_NO_COMPAT_AES_BLOCK_SIZE
+#else
+    #define AES_BLOCK_SIZE WC_AES_BLOCK_SIZE
+#endif
 
     KEYWRAP_BLOCK_SIZE  = 8,
 
@@ -227,9 +238,9 @@ enum {
     #endif
 
     /* Number of bits to a block. */
-    #define AES_BLOCK_BITS      (AES_BLOCK_SIZE * 8)
+    #define AES_BLOCK_BITS      (WC_AES_BLOCK_SIZE * 8)
     /* Number of bytes of input that can be processed in one call. */
-    #define BS_BLOCK_SIZE       (AES_BLOCK_SIZE * BS_WORD_SIZE)
+    #define BS_BLOCK_SIZE       (WC_AES_BLOCK_SIZE * BS_WORD_SIZE)
     /* Number of words in a block.  */
     #define BS_BLOCK_WORDS      (AES_BLOCK_BITS / BS_WORD_SIZE)
 
@@ -258,7 +269,7 @@ struct Aes {
     ALIGN16 word32 key[60];
 #ifdef WC_AES_BITSLICED
     /* Extra key schedule space required for bit-slicing technique. */
-    ALIGN16 bs_word bs_key[15 * AES_BLOCK_SIZE * BS_WORD_SIZE];
+    ALIGN16 bs_word bs_key[15 * WC_AES_BLOCK_SIZE * BS_WORD_SIZE];
 #endif
     word32  rounds;
 #ifdef WC_C_DYNAMIC_FALLBACK
@@ -266,8 +277,8 @@ struct Aes {
 #endif
     int     keylen;
 
-    ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)];      /* for CBC mode */
-    ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)];      /* same         */
+    ALIGN16 word32 reg[WC_AES_BLOCK_SIZE / sizeof(word32)];      /* for CBC mode */
+    ALIGN16 word32 tmp[WC_AES_BLOCK_SIZE / sizeof(word32)];      /* same         */
 
 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
     word32 invokeCtr[2];
@@ -292,7 +303,23 @@ struct Aes {
 #endif
 #ifdef WOLFSSL_AESNI
     byte use_aesni;
+    #if defined(WOLFSSL_LINUXKM) || defined(WC_WANT_FLAG_DONT_USE_AESNI)
+        /* Note, we can't support WC_FLAG_DONT_USE_AESNI by default because we
+         * need to support legacy applications that call wc_AesSetKey() on
+         * uninited struct Aes.  For details see the software implementation of
+         * wc_AesSetKeyLocal() (aes.c).
+         */
+        #define WC_FLAG_DONT_USE_AESNI 2
+    #endif
 #endif /* WOLFSSL_AESNI */
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+    byte use_aes_hw_crypto;
+#ifdef HAVE_AESGCM
+    byte use_pmull_hw_crypto;
+    byte use_sha3_hw_crypto;
+#endif
+#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */
 #ifdef WOLF_CRYPTO_CB
     int    devId;
     void*  devCtx;
@@ -327,7 +354,7 @@ struct Aes {
     int alFd; /* server socket to bind to */
     int rdFd; /* socket to read from */
     struct msghdr msg;
-    int dir;  /* flag for encrpyt or decrypt */
+    int dir;  /* flag for encrypt or decrypt */
 #ifdef WOLFSSL_AFALG_XILINX_AES
     word32 msgBuf[CMSG_SPACE(4) + CMSG_SPACE(sizeof(struct af_alg_iv) +
                   GCM_NONCE_MID_SZ)];
@@ -379,18 +406,19 @@ struct Aes {
     void*  heap; /* memory hint to use */
 #ifdef WOLFSSL_AESGCM_STREAM
 #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_AESNI)
-    ALIGN16 byte streamData[5 * AES_BLOCK_SIZE];
+    ALIGN16 byte streamData[5 * WC_AES_BLOCK_SIZE];
 #else
     byte*        streamData;
+    word32       streamData_sz;
 #endif
     word32       aSz;
     word32       cSz;
     byte         over;
     byte         aOver;
     byte         cOver;
-    byte         gcmKeySet:1;
-    byte         nonceSet:1;
-    byte         ctrSet:1;
+    WC_BITFIELD  gcmKeySet:1;
+    WC_BITFIELD  nonceSet:1;
+    WC_BITFIELD  ctrSet:1;
 #endif
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
     void *CipherLifecycleTag; /* used for dummy allocation and initialization,
@@ -407,8 +435,8 @@ struct Aes {
 #ifdef WOLFSSL_AES_XTS
     #if FIPS_VERSION3_GE(6,0,0)
         /* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is
-         * AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to
-         * protect up to 1,048,576 blocks of AES_BLOCK_SIZE (16,777,216 bytes)
+         * WC_AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to
+         * protect up to 1,048,576 blocks of WC_AES_BLOCK_SIZE (16,777,216 bytes)
          */
         #define FIPS_AES_XTS_MAX_BYTES_PER_TWEAK 16777216
     #endif
@@ -422,7 +450,7 @@ struct Aes {
 
     #ifdef WOLFSSL_AESXTS_STREAM
         struct XtsAesStreamData {
-            byte tweak_block[AES_BLOCK_SIZE];
+            byte tweak_block[WC_AES_BLOCK_SIZE];
             word32 bytes_crypted_with_this_tweak;
         };
     #endif
@@ -568,7 +596,7 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
                                    const byte* iv, word32 ivSz,
                                    byte* authTag, word32 authTagSz,
                                    const byte* authIn, word32 authInSz);
- WOLFSSL_API int  wc_AesGcmDecrypt(Aes* aes, byte* out,
+ WOLFSSL_API WARN_UNUSED_RESULT int wc_AesGcmDecrypt(Aes* aes, byte* out,
                                    const byte* in, word32 sz,
                                    const byte* iv, word32 ivSz,
                                    const byte* authTag, word32 authTagSz,
@@ -590,8 +618,8 @@ WOLFSSL_API int wc_AesGcmDecryptInit(Aes* aes, const byte* key, word32 len,
         const byte* iv, word32 ivSz);
 WOLFSSL_API int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in,
         word32 sz, const byte* authIn, word32 authInSz);
-WOLFSSL_API int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag,
-        word32 authTagSz);
+WOLFSSL_API WARN_UNUSED_RESULT int wc_AesGcmDecryptFinal(Aes* aes,
+        const byte* authTag, word32 authTagSz);
 #endif
 
 #ifndef WC_NO_RNG
@@ -628,7 +656,7 @@ WOLFSSL_API int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag,
                                    const byte* nonce, word32 nonceSz,
                                    byte* authTag, word32 authTagSz,
                                    const byte* authIn, word32 authInSz);
- WOLFSSL_API int  wc_AesCcmDecrypt(Aes* aes, byte* out,
+ WOLFSSL_API WARN_UNUSED_RESULT int wc_AesCcmDecrypt(Aes* aes, byte* out,
                                    const byte* in, word32 inSz,
                                    const byte* nonce, word32 nonceSz,
                                    const byte* authTag, word32 authTagSz,
@@ -726,16 +754,34 @@ WOLFSSL_API int  wc_AesInit_Label(Aes* aes, const char* label, void* heap,
         int devId);
 #endif
 WOLFSSL_API void wc_AesFree(Aes* aes);
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API Aes* wc_AesNew(void* heap, int devId, int *result_code);
+WOLFSSL_API int wc_AesDelete(Aes* aes, Aes** aes_p);
+#endif
 
 #ifdef WOLFSSL_AES_SIV
+typedef struct AesSivAssoc {
+    const byte* assoc;
+    word32 assocSz;
+} AesSivAssoc;
+
 WOLFSSL_API
 int wc_AesSivEncrypt(const byte* key, word32 keySz, const byte* assoc,
                      word32 assocSz, const byte* nonce, word32 nonceSz,
                      const byte* in, word32 inSz, byte* siv, byte* out);
-WOLFSSL_API
+WOLFSSL_API WARN_UNUSED_RESULT
 int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc,
                      word32 assocSz, const byte* nonce, word32 nonceSz,
                      const byte* in, word32 inSz, byte* siv, byte* out);
+
+WOLFSSL_API
+int wc_AesSivEncrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc,
+                        word32 numAssoc, const byte* nonce, word32 nonceSz,
+                        const byte* in, word32 inSz, byte* siv, byte* out);
+WOLFSSL_API WARN_UNUSED_RESULT
+int wc_AesSivDecrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc,
+                        word32 numAssoc, const byte* nonce, word32 nonceSz,
+                        const byte* in, word32 inSz, byte* siv, byte* out);
 #endif
 
 #ifdef WOLFSSL_AES_EAX
@@ -749,10 +795,10 @@ struct AesEax {
     Cmac nonceCmac;
     Cmac aadCmac;
     Cmac ciphertextCmac;
-    byte nonceCmacFinal[AES_BLOCK_SIZE];
-    byte aadCmacFinal[AES_BLOCK_SIZE];
-    byte ciphertextCmacFinal[AES_BLOCK_SIZE];
-    byte prefixBuf[AES_BLOCK_SIZE];
+    byte nonceCmacFinal[WC_AES_BLOCK_SIZE];
+    byte aadCmacFinal[WC_AES_BLOCK_SIZE];
+    byte ciphertextCmacFinal[WC_AES_BLOCK_SIZE];
+    byte prefixBuf[WC_AES_BLOCK_SIZE];
 };
 #endif /* !defined(WOLF_CRYPT_CMAC_H) */
 
@@ -767,7 +813,8 @@ WOLFSSL_API int  wc_AesEaxEncryptAuth(const byte* key, word32 keySz, byte* out,
                                       /* input data to authenticate (header) */
                                       const byte* authIn, word32 authInSz);
 
-WOLFSSL_API int  wc_AesEaxDecryptAuth(const byte* key, word32 keySz, byte* out,
+WOLFSSL_API WARN_UNUSED_RESULT int wc_AesEaxDecryptAuth(const byte* key,
+                                      word32 keySz, byte* out,
                                       const byte* in, word32 inSz,
                                       const byte* nonce, word32 nonceSz,
                                       /* auth tag to verify against */
@@ -795,13 +842,67 @@ WOLFSSL_API int  wc_AesEaxAuthDataUpdate(AesEax* eax,
 WOLFSSL_API int wc_AesEaxEncryptFinal(AesEax* eax,
                                       byte* authTag, word32 authTagSz);
 
-WOLFSSL_API int wc_AesEaxDecryptFinal(AesEax* eax,
+WOLFSSL_API WARN_UNUSED_RESULT int wc_AesEaxDecryptFinal(AesEax* eax,
                                       const byte* authIn, word32 authInSz);
 
 WOLFSSL_API int wc_AesEaxFree(AesEax* eax);
 
 #endif /* WOLFSSL_AES_EAX */
 
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+
+/* GHASH one block of data.
+ *
+ * XOR block into tag and GMULT with H.
+ *
+ * @param [in, out] aes    AES GCM object.
+ * @param [in]      block  Block of AAD or cipher text.
+ */
+#define GHASH_ONE_BLOCK_AARCH64(aes, block)             \
+    do {                                                \
+        xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \
+        GMULT_AARCH64(AES_TAG(aes), aes->gcm.H);        \
+    }                                                   \
+    while (0)
+
+WOLFSSL_LOCAL int AES_set_key_AARCH64(const unsigned char *userKey,
+    const int keylen, Aes* aes, int dir);
+WOLFSSL_LOCAL void AES_encrypt_AARCH64(const byte* inBlock, byte* outBlock,
+    byte* key, int nr);
+WOLFSSL_LOCAL void AES_decrypt_AARCH64(const byte* inBlock, byte* outBlock,
+    byte* key, int nr);
+WOLFSSL_LOCAL void AES_CBC_encrypt_AARCH64(const byte* in, byte* out, word32 sz,
+    byte* reg, byte* key, int rounds);
+WOLFSSL_LOCAL void AES_CBC_decrypt_AARCH64(const byte* in, byte* out, word32 sz,
+    byte* reg, byte* key, int rounds);
+WOLFSSL_LOCAL void AES_CTR_encrypt_AARCH64(Aes* aes, byte* out, const byte* in,
+    word32 sz);
+WOLFSSL_LOCAL void GMULT_AARCH64(byte* X, byte* Y);
+#ifdef WOLFSSL_AESGCM_STREAM
+WOLFSSL_LOCAL void GHASH_UPDATE_AARCH64(Aes* aes, const byte* a, word32 aSz,
+    const byte* c, word32 cSz);
+WOLFSSL_LOCAL void AES_GCM_init_AARCH64(Aes* aes, const byte* iv, word32 ivSz);
+WOLFSSL_LOCAL void AES_GCM_crypt_update_AARCH64(Aes* aes, byte* out,
+    const byte* in, word32 sz);
+WOLFSSL_LOCAL void AES_GCM_final_AARCH64(Aes* aes, byte* authTag,
+    word32 authTagSz);
+#endif
+WOLFSSL_LOCAL void AES_GCM_set_key_AARCH64(Aes* aes, byte* iv);
+WOLFSSL_LOCAL void AES_GCM_encrypt_AARCH64(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz);
+WOLFSSL_LOCAL int AES_GCM_decrypt_AARCH64(Aes* aes, byte* out, const byte* in,
+    word32 sz, const byte* iv, word32 ivSz, const byte* authTag,
+    word32 authTagSz, const byte* authIn, word32 authInSz);
+
+#ifdef WOLFSSL_AES_XTS
+WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH64(XtsAes* xaes, byte* out,
+    const byte* in, word32 sz, const byte* i);
+WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH64(XtsAes* xaes, byte* out,
+    const byte* in, word32 sz, const byte* i);
+#endif /* WOLFSSL_AES_XTS */
+#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/arc4.h b/wolfssl/wolfcrypt/arc4.h
index 0dc29d375..cdddde8a4 100644
--- a/wolfssl/wolfcrypt/arc4.h
+++ b/wolfssl/wolfcrypt/arc4.h
@@ -1,6 +1,6 @@
 /* arc4.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/ascon.h b/wolfssl/wolfcrypt/ascon.h
new file mode 100644
index 000000000..196a8ca29
--- /dev/null
+++ b/wolfssl/wolfcrypt/ascon.h
@@ -0,0 +1,109 @@
+/* ascon.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLF_CRYPT_ASCON_H
+#define WOLF_CRYPT_ASCON_H
+
+#ifdef HAVE_ASCON
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define ASCON_HASH256_SZ                               32
+
+#define ASCON_AEAD128_KEY_SZ                           16
+#define ASCON_AEAD128_NONCE_SZ                         16
+#define ASCON_AEAD128_TAG_SZ                           16
+
+typedef union AsconState {
+#ifdef WORD64_AVAILABLE
+    word64 s64[5];
+#endif
+    word32 s32[10];
+    word16 s16[20];
+    byte    s8[40];
+} AsconState;
+
+typedef struct wc_AsconHash256 {
+    AsconState state;
+    byte lastBlkSz;
+} wc_AsconHash256;
+
+enum {
+    ASCON_AEAD128_NOTSET  = 0,
+    ASCON_AEAD128_ENCRYPT = 1,
+    ASCON_AEAD128_DECRYPT = 2
+};
+
+typedef struct wc_AsconAEAD128 {
+    /* needed throughout both encrypt and decrypt */
+#ifdef WORD64_AVAILABLE
+    word64 key[ASCON_AEAD128_KEY_SZ/sizeof(word64)];
+#endif
+    AsconState state;
+    byte lastBlkSz;
+    byte keySet:1;   /* has the key been processed */
+    byte nonceSet:1; /* has the nonce been processed */
+    byte adSet:1;    /* has the associated data been processed */
+    byte op:2;       /* 0 for not set, 1 for encrypt, 2 for decrypt */
+} wc_AsconAEAD128;
+
+/* AsconHash API */
+
+WOLFSSL_API wc_AsconHash256* wc_AsconHash256_New(void);
+WOLFSSL_API void wc_AsconHash256_Free(wc_AsconHash256* a);
+WOLFSSL_API int wc_AsconHash256_Init(wc_AsconHash256* a);
+WOLFSSL_API void wc_AsconHash256_Clear(wc_AsconHash256* a);
+WOLFSSL_API int wc_AsconHash256_Update(wc_AsconHash256* a, const byte* data,
+                                       word32 dataSz);
+WOLFSSL_API int wc_AsconHash256_Final(wc_AsconHash256* a, byte* hash);
+
+WOLFSSL_API wc_AsconAEAD128* wc_AsconAEAD128_New(void);
+WOLFSSL_API void wc_AsconAEAD128_Free(wc_AsconAEAD128* a);
+WOLFSSL_API int wc_AsconAEAD128_Init(wc_AsconAEAD128* a);
+WOLFSSL_API void wc_AsconAEAD128_Clear(wc_AsconAEAD128* a);
+
+/* AsconAEAD API */
+
+WOLFSSL_API int wc_AsconAEAD128_SetKey(wc_AsconAEAD128* a, const byte* key);
+WOLFSSL_API int wc_AsconAEAD128_SetNonce(wc_AsconAEAD128* a, const byte* nonce);
+WOLFSSL_API int wc_AsconAEAD128_SetAD(wc_AsconAEAD128* a, const byte* ad,
+                                      word32 adSz);
+
+WOLFSSL_API int wc_AsconAEAD128_EncryptUpdate(wc_AsconAEAD128* a, byte* out,
+                                              const byte* in, word32 inSz);
+WOLFSSL_API int wc_AsconAEAD128_EncryptFinal(wc_AsconAEAD128* a, byte* tag);
+
+WOLFSSL_API int wc_AsconAEAD128_DecryptUpdate(wc_AsconAEAD128* a, byte* out,
+                                              const byte* in, word32 inSz);
+WOLFSSL_API int wc_AsconAEAD128_DecryptFinal(wc_AsconAEAD128* a,
+                                             const byte* tag);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* HAVE_ASCON */
+
+#endif /* WOLF_CRYPT_ASCON_H */
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index d9465a0d9..17804eb7d 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -1,6 +1,6 @@
 /* asn.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,8 +36,7 @@ that can be serialized and deserialized in a cross-platform way.
 
 #include <wolfssl/wolfcrypt/types.h>
 
-#ifndef NO_ASN
-
+#if !defined(NO_ASN) || !defined(NO_PWDBASED)
 
 #if !defined(NO_ASN_TIME) && defined(NO_TIME_H)
     #define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */
@@ -71,6 +70,8 @@ that can be serialized and deserialized in a cross-platform way.
     extern "C" {
 #endif
 
+#ifndef NO_ASN
+
 #ifndef EXTERNAL_SERIAL_SIZE
     #define EXTERNAL_SERIAL_SIZE 32
 #endif
@@ -224,11 +225,11 @@ typedef struct ASNItem {
     /* BER/DER tag to expect. */
     byte tag;
     /* Whether the ASN.1 item is constructed. */
-    byte constructed:1;
+    WC_BITFIELD constructed:1;
     /* Whether to parse the header only or skip data. If
      * ASNSetData.data.buffer.data is supplied then this option gets
      * overwritten and the child nodes get ignored. */
-    byte headerOnly:1;
+    WC_BITFIELD headerOnly:1;
     /* Whether ASN.1 item is optional.
      *  - 0 means not optional
      *  - 1 means is optional
@@ -366,7 +367,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Int8Bit(dataASN, num)                                   \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD8;                     \
-        (dataASN)->data.u8  = num;                                     \
+        (dataASN)->data.u8  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get a 16-bit number.
@@ -377,7 +378,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Int16Bit(dataASN, num)                                  \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD16;                    \
-        (dataASN)->data.u16 = num;                                     \
+        (dataASN)->data.u16 = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get a 32-bit number.
@@ -388,7 +389,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Int32Bit(dataASN, num)                                  \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD32;                    \
-        (dataASN)->data.u32 = num;                                     \
+        (dataASN)->data.u32 = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get data into a buffer of a specific length.
@@ -400,8 +401,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Buffer(dataASN, d, l)                                   \
     do {                                                               \
         (dataASN)->dataType           = ASN_DATA_TYPE_BUFFER;          \
-        (dataASN)->data.buffer.data   = d;                             \
-        (dataASN)->data.buffer.length = l;                             \
+        (dataASN)->data.buffer.data   = (d);                           \
+        (dataASN)->data.buffer.length = (l);                           \
     } while (0)
 
 /* Setup ASN data item to check parsed data against expected buffer.
@@ -413,8 +414,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_ExpBuffer(dataASN, d, l)                                \
     do {                                                               \
         (dataASN)->dataType        = ASN_DATA_TYPE_EXP_BUFFER;         \
-        (dataASN)->data.ref.data   = d;                                \
-        (dataASN)->data.ref.length = l;                                \
+        (dataASN)->data.ref.data   = (d);                              \
+        (dataASN)->data.ref.length = (l);                              \
     } while (0)
 
 /* Setup ASN data item to get a number into an mp_int.
@@ -425,7 +426,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_MP(dataASN, num)                                        \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_MP;                        \
-        (dataASN)->data.mp  = num;                                     \
+        (dataASN)->data.mp  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get a number into an mp_int that is initialized.
@@ -436,7 +437,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_MP_Inited(dataASN, num)                                 \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_MP_INITED;                 \
-        (dataASN)->data.mp  = num;                                     \
+        (dataASN)->data.mp  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to get a positive or negative number into an mp_int.
@@ -447,7 +448,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_MP_PosNeg(dataASN, num)                                 \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_MP_POS_NEG;                \
-        (dataASN)->data.mp  = num;                                     \
+        (dataASN)->data.mp  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to be a choice of tags.
@@ -458,7 +459,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Choice(dataASN, options)                                \
     do {                                                               \
         (dataASN)->dataType    = ASN_DATA_TYPE_CHOICE;                 \
-        (dataASN)->data.choice = options;                              \
+        (dataASN)->data.choice = (options);                            \
     } while (0)
 
 /* Setup ASN data item to get a boolean value.
@@ -469,7 +470,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define GetASN_Boolean(dataASN, num)                                   \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_NONE;                      \
-        (dataASN)->data.u8  = num;                                     \
+        (dataASN)->data.u8  = (num);                                   \
     } while (0)
 
 /* Setup ASN data item to be a an OID of a specific type.
@@ -478,7 +479,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
  * @param [in] oidType  Type of OID to expect.
  */
 #define GetASN_OID(dataASN, oidType)                                   \
-    (dataASN)->data.oid.type = oidType
+    (dataASN)->data.oid.type = (oidType)
 
 /* Get the data and length from an ASN data item.
  *
@@ -524,7 +525,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_Boolean(dataASN, val)                                   \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_NONE;                      \
-        (dataASN)->data.u8  = val;                                     \
+        (dataASN)->data.u8  = (val);                                   \
     } while (0)
 
 /* Setup an ASN data item to set an 8-bit number.
@@ -535,7 +536,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_Int8Bit(dataASN, num)                                   \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD8;                     \
-        (dataASN)->data.u8  = num;                                     \
+        (dataASN)->data.u8  = (num);                                   \
     } while (0)
 
 /* Setup an ASN data item to set a 16-bit number.
@@ -546,7 +547,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_Int16Bit(dataASN, num)                                  \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_WORD16;                    \
-        (dataASN)->data.u16 = num;                                     \
+        (dataASN)->data.u16 = (num);                                   \
     } while (0)
 
 /* Setup an ASN data item to set the data in a buffer.
@@ -557,8 +558,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
  */
 #define SetASN_Buffer(dataASN, d, l)                                   \
     do {                                                               \
-        (dataASN)->data.buffer.data   = d;                             \
-        (dataASN)->data.buffer.length = l;                             \
+        (dataASN)->data.buffer.data   = (d);                           \
+        (dataASN)->data.buffer.length = (word32)(l);                   \
     } while (0)
 
 /* Setup an ASN data item to set the DER encode data in a buffer.
@@ -570,8 +571,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_ReplaceBuffer(dataASN, d, l)                            \
     do {                                                               \
         (dataASN)->dataType           = ASN_DATA_TYPE_REPLACE_BUFFER;  \
-        (dataASN)->data.buffer.data   = d;                             \
-        (dataASN)->data.buffer.length = l;                             \
+        (dataASN)->data.buffer.data   = (d);                           \
+        (dataASN)->data.buffer.length = (l);                           \
     } while (0)
 
 /* Setup an ASN data item to set an muli-precision number.
@@ -582,7 +583,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
 #define SetASN_MP(dataASN, num)                                        \
     do {                                                               \
         (dataASN)->dataType = ASN_DATA_TYPE_MP;                        \
-        (dataASN)->data.mp  = num;                                     \
+        (dataASN)->data.mp  = (num);                                   \
     } while (0)
 
 /* Setup an ASN data item to set an OID based on id and type.
@@ -728,6 +729,7 @@ enum DN_Tags {
     /* pilot attribute types
      * OID values of 0.9.2342.19200300.100.1.* */
     ASN_FAVOURITE_DRINK  = 0x13, /* favouriteDrink */
+    ASN_RFC822_MAILBOX = 0x14, /* rfc822Mailbox */
     ASN_DOMAIN_COMPONENT = 0x19  /* DC */
 };
 
@@ -744,7 +746,7 @@ typedef struct WOLFSSL_ObjectInfo {
 } WOLFSSL_ObjectInfo;
 extern const size_t wolfssl_object_info_sz;
 extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
-#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) */
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 /* DN Tag Strings */
 #define WOLFSSL_COMMON_NAME      "/CN="
@@ -779,6 +781,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
 
 #define WOLFSSL_USER_ID          "/UID="
 #define WOLFSSL_DOMAIN_COMPONENT "/DC="
+#define WOLFSSL_RFC822_MAILBOX   "/rfc822Mailbox="
 #define WOLFSSL_FAVOURITE_DRINK  "/favouriteDrink="
 #define WOLFSSL_CONTENT_TYPE     "/contentType="
 
@@ -809,79 +812,218 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
 #define WOLFSSL_MAX_NAME_CONSTRAINTS 128
 #endif
 
+#define WC_NID_undef 0
+
+/* Setup for WC_MAX_RSA_BITS needs to be here, rather than rsa.h, because
+ * FIPS headers don't have it.  And it needs to be here, rather than internal.h,
+ * so that setup occurs even in cryptonly builds.
+ */
+#ifndef NO_RSA
+    #ifndef WC_MAX_RSA_BITS
+        #ifdef USE_FAST_MATH
+            /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
+            #define WC_MAX_RSA_BITS    (FP_MAX_BITS / 2)
+        #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
+            /* SP implementation supports numbers of SP_INT_BITS bits. */
+            #define WC_MAX_RSA_BITS    (((SP_INT_BITS + 7) / 8) * 8)
+        #else
+            /* Integer maths is dynamic but we only go up to 4096 bits. */
+            #define WC_MAX_RSA_BITS 4096
+        #endif
+    #endif
+    #if (WC_MAX_RSA_BITS % 8)
+        #error RSA maximum bit size must be multiple of 8
+    #endif
+#endif
+
+#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
+    #define WC_MAX_CERT_VERIFY_SZ 6000            /* For Dilithium */
+#elif defined(WOLFSSL_CERT_EXT)
+    #define WC_MAX_CERT_VERIFY_SZ 2048            /* For larger extensions */
+#elif !defined(NO_RSA) && defined(WC_MAX_RSA_BITS)
+    #define WC_MAX_CERT_VERIFY_SZ (WC_MAX_RSA_BITS / 8) /* max RSA bytes */
+#elif defined(HAVE_ECC)
+    #define WC_MAX_CERT_VERIFY_SZ ECC_MAX_SIG_SIZE /* max ECC  */
+#elif defined(HAVE_ED448)
+    #define WC_MAX_CERT_VERIFY_SZ ED448_SIG_SIZE   /* max Ed448  */
+#elif defined(HAVE_ED25519)
+    #define WC_MAX_CERT_VERIFY_SZ ED25519_SIG_SIZE /* max Ed25519  */
+#else
+    #define WC_MAX_CERT_VERIFY_SZ 1024 /* max default  */
+#endif
+
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+/* short names */
+#define WC_SN_md4        "MD4"
+#define WC_SN_md5        "MD5"
+#define WC_SN_sha1       "SHA1"
+#define WC_SN_sha224     "SHA224"
+#define WC_SN_sha256     "SHA256"
+#define WC_SN_sha384     "SHA384"
+#define WC_SN_sha512     "SHA512"
+#define WC_SN_sha512_224 "SHA512-224"
+#define WC_SN_sha512_256 "SHA512-256"
+#define WC_SN_sha3_224   "SHA3-224"
+#define WC_SN_sha3_256   "SHA3-256"
+#define WC_SN_sha3_384   "SHA3-384"
+#define WC_SN_sha3_512   "SHA3-512"
+#define WC_SN_shake128   "SHAKE128"
+#define WC_SN_shake256   "SHAKE256"
+#define WC_SN_blake2s256 "BLAKE2s256"
+#define WC_SN_blake2s512 "BLAKE2s512"
+#define WC_SN_blake2b512 "BLAKE2b512"
+#define WC_SN_sm3        "SM3"
+
 /* NIDs */
-#define NID_undef 0
-#define NID_netscape_cert_type NID_undef
-#define NID_des 66
-#define NID_des3 67
-#define NID_sha256 672
-#define NID_sha384 673
-#define NID_sha512 674
-#define NID_sha512_224 1094
-#define NID_sha512_256 1095
-#define NID_pkcs7_signed 22
-#define NID_pkcs7_enveloped 23
-#define NID_pkcs7_signedAndEnveloped 24
-#define NID_pkcs9_unstructuredName 49
-#define NID_pkcs9_contentType 50  /* 1.2.840.113549.1.9.3 */
-#define NID_pkcs9_challengePassword 54
-#define NID_hw_name_oid 73
-#define NID_id_pkix_OCSP_basic 74
-#define NID_any_policy 75
-#define NID_anyExtendedKeyUsage 76
-#define NID_givenName 100  /* 2.5.4.42 */
-#define NID_initials 101  /* 2.5.4.43 */
-#define NID_title 106
-#define NID_description 107
-#define NID_basic_constraints 133
-#define NID_key_usage 129      /* 2.5.29.15 */
-#define NID_ext_key_usage 151  /* 2.5.29.37 */
-#define NID_subject_key_identifier 128
-#define NID_authority_key_identifier 149
-#define NID_private_key_usage_period 130  /* 2.5.29.16 */
-#define NID_subject_alt_name 131
-#define NID_issuer_alt_name 132
-#define NID_info_access 69
-#define NID_sinfo_access 79       /* id-pe 11 */
-#define NID_name_constraints 144  /* 2.5.29.30 */
-#define NID_crl_distribution_points 145  /* 2.5.29.31 */
-#define NID_certificate_policies 146
-#define NID_policy_mappings 147
-#define NID_policy_constraints 150
-#define NID_inhibit_any_policy 168       /* 2.5.29.54 */
-#define NID_tlsfeature 1020              /* id-pe 24 */
-#define NID_buildingName 1494
+#define WC_NID_netscape_cert_type WC_NID_undef
+#define WC_NID_des 66
+#define WC_NID_des3 67
+#define WC_NID_sha256 672
+#define WC_NID_sha384 673
+#define WC_NID_sha512 674
+#define WC_NID_sha512_224 1094
+#define WC_NID_sha512_256 1095
+#define WC_NID_pkcs7_signed 22
+#define WC_NID_pkcs7_enveloped 23
+#define WC_NID_pkcs7_signedAndEnveloped 24
+#define WC_NID_pkcs9_emailAddress     48
+#define WC_NID_pkcs9_unstructuredName 49
+#define WC_NID_pkcs9_contentType 50  /* 1.2.840.113549.1.9.3 */
+#define WC_NID_pkcs9_challengePassword 54
+#define WC_NID_hw_name_oid 73
+#define WC_NID_id_pkix_OCSP_basic 74
+#define WC_NID_any_policy 75
+#define WC_NID_anyExtendedKeyUsage 76
+#define WC_NID_givenName 100  /* 2.5.4.42 */
+#define WC_NID_initials 101  /* 2.5.4.43 */
+#define WC_NID_title 106
+#define WC_NID_description 107
+#define WC_NID_basic_constraints 133
+#define WC_NID_key_usage 129      /* 2.5.29.15 */
+#define WC_NID_ext_key_usage 151  /* 2.5.29.37 */
+#define WC_NID_subject_key_identifier 128
+#define WC_NID_authority_key_identifier 149
+#define WC_NID_private_key_usage_period 130  /* 2.5.29.16 */
+#define WC_NID_subject_alt_name 131
+#define WC_NID_issuer_alt_name 132
+#define WC_NID_info_access 69
+#define WC_NID_sinfo_access 79       /* id-pe 11 */
+#define WC_NID_name_constraints 144  /* 2.5.29.30 */
+#define WC_NID_crl_distribution_points 145  /* 2.5.29.31 */
+#define WC_NID_certificate_policies 146
+#define WC_NID_policy_mappings 147
+#define WC_NID_policy_constraints 150
+#define WC_NID_inhibit_any_policy 168       /* 2.5.29.54 */
+#define WC_NID_tlsfeature 1020              /* id-pe 24 */
+#define WC_NID_buildingName 1494
 
-#define NID_dnQualifier 174              /* 2.5.4.46 */
-#define NID_commonName 14                /* CN Changed to not conflict
+#define WC_NID_dnQualifier 174              /* 2.5.4.46 */
+#define WC_NID_commonName 14                /* CN Changed to not conflict
                                     * with PBE_SHA1_DES3 */
-#define NID_name 173                     /* N , OID = 2.5.4.41 */
-#define NID_surname 0x04                 /* SN */
-#define NID_serialNumber 0x05            /* serialNumber */
-#define NID_countryName 0x06             /* C  */
-#define NID_localityName 0x07            /* L  */
-#define NID_stateOrProvinceName 0x08     /* ST */
-#define NID_streetAddress ASN_STREET_ADDR  /* street */
-#define NID_organizationName 0x0a        /* O  */
-#define NID_organizationalUnitName 0x0b  /* OU */
-#define NID_jurisdictionCountryName 0xc
-#define NID_jurisdictionStateOrProvinceName 0xd
-#define NID_businessCategory ASN_BUS_CAT
-#define NID_domainComponent ASN_DOMAIN_COMPONENT
-#define NID_postalCode ASN_POSTAL_CODE   /* postalCode */
-#define NID_favouriteDrink 462
-#define NID_userId 458
-#define NID_emailAddress 0x30            /* emailAddress */
-#define NID_id_on_dnsSRV 82              /* 1.3.6.1.5.5.7.8.7 */
-#define NID_ms_upn 265                   /* 1.3.6.1.4.1.311.20.2.3 */
+#define WC_NID_name 173                     /* N , OID = 2.5.4.41 */
+#define WC_NID_surname 0x04                 /* SN */
+#define WC_NID_serialNumber 0x05            /* serialNumber */
+#define WC_NID_countryName 0x06             /* C  */
+#define WC_NID_localityName 0x07            /* L  */
+#define WC_NID_stateOrProvinceName 0x08     /* ST */
+#define WC_NID_streetAddress ASN_STREET_ADDR  /* street */
+#define WC_NID_organizationName 0x0a        /* O  */
+#define WC_NID_organizationalUnitName 0x0b  /* OU */
+#define WC_NID_jurisdictionCountryName 0xc
+#define WC_NID_jurisdictionStateOrProvinceName 0xd
+#define WC_NID_businessCategory ASN_BUS_CAT
+#define WC_NID_domainComponent ASN_DOMAIN_COMPONENT
+#define WC_NID_postalCode ASN_POSTAL_CODE   /* postalCode */
+#define WC_NID_rfc822Mailbox 460
+#define WC_NID_favouriteDrink 462
+#define WC_NID_userId 458
+#define WC_NID_registeredAddress 870
+#define WC_NID_emailAddress 0x30            /* emailAddress */
+#define WC_NID_id_on_dnsSRV 82              /* 1.3.6.1.5.5.7.8.7 */
+#define WC_NID_ms_upn 265                   /* 1.3.6.1.4.1.311.20.2.3 */
 
-#define NID_X9_62_prime_field 406        /* 1.2.840.10045.1.1 */
-#endif /* OPENSSL_EXTRA */
+#define WC_NID_X9_62_prime_field 406        /* 1.2.840.10045.1.1 */
 
-#define NID_id_GostR3410_2001     811
-#define NID_id_GostR3410_2012_256 979
-#define NID_id_GostR3410_2012_512 980
+#define WC_NID_id_GostR3410_2001     811
+#define WC_NID_id_GostR3410_2012_256 979
+#define WC_NID_id_GostR3410_2012_512 980
+
+#ifndef OPENSSL_COEXIST
+
+#define NID_undef WC_NID_undef
+#define NID_netscape_cert_type WC_NID_netscape_cert_type
+#define NID_des WC_NID_des
+#define NID_des3 WC_NID_des3
+#define NID_sha256 WC_NID_sha256
+#define NID_sha384 WC_NID_sha384
+#define NID_sha512 WC_NID_sha512
+#define NID_sha512_224 WC_NID_sha512_224
+#define NID_sha512_256 WC_NID_sha512_256
+#define NID_pkcs7_signed WC_NID_pkcs7_signed
+#define NID_pkcs7_enveloped WC_NID_pkcs7_enveloped
+#define NID_pkcs7_signedAndEnveloped WC_NID_pkcs7_signedAndEnveloped
+#define NID_pkcs9_unstructuredName WC_NID_pkcs9_unstructuredName
+#define NID_pkcs9_contentType WC_NID_pkcs9_contentType
+#define NID_pkcs9_challengePassword WC_NID_pkcs9_challengePassword
+#define NID_hw_name_oid WC_NID_hw_name_oid
+#define NID_id_pkix_OCSP_basic WC_NID_id_pkix_OCSP_basic
+#define NID_any_policy WC_NID_any_policy
+#define NID_anyExtendedKeyUsage WC_NID_anyExtendedKeyUsage
+#define NID_givenName WC_NID_givenName
+#define NID_initials WC_NID_initials
+#define NID_title WC_NID_title
+#define NID_description WC_NID_description
+#define NID_basic_constraints WC_NID_basic_constraints
+#define NID_key_usage WC_NID_key_usage
+#define NID_ext_key_usage WC_NID_ext_key_usage
+#define NID_subject_key_identifier WC_NID_subject_key_identifier
+#define NID_authority_key_identifier WC_NID_authority_key_identifier
+#define NID_private_key_usage_period WC_NID_private_key_usage_period
+#define NID_subject_alt_name WC_NID_subject_alt_name
+#define NID_issuer_alt_name WC_NID_issuer_alt_name
+#define NID_info_access WC_NID_info_access
+#define NID_sinfo_access WC_NID_sinfo_access
+#define NID_name_constraints WC_NID_name_constraints
+#define NID_crl_distribution_points WC_NID_crl_distribution_points
+#define NID_certificate_policies WC_NID_certificate_policies
+#define NID_policy_mappings WC_NID_policy_mappings
+#define NID_policy_constraints WC_NID_policy_constraints
+#define NID_inhibit_any_policy WC_NID_inhibit_any_policy
+#define NID_tlsfeature WC_NID_tlsfeature
+#define NID_buildingName WC_NID_buildingName
+
+#define NID_dnQualifier WC_NID_dnQualifier
+#define NID_commonName WC_NID_commonName
+#define NID_name WC_NID_name
+#define NID_surname WC_NID_surname
+#define NID_serialNumber WC_NID_serialNumber
+#define NID_countryName WC_NID_countryName
+#define NID_localityName WC_NID_localityName
+#define NID_stateOrProvinceName WC_NID_stateOrProvinceName
+#define NID_streetAddress WC_NID_streetAddress
+#define NID_organizationName WC_NID_organizationName
+#define NID_organizationalUnitName WC_NID_organizationalUnitName
+#define NID_jurisdictionCountryName WC_NID_jurisdictionCountryName
+#define NID_jurisdictionStateOrProvinceName WC_NID_jurisdictionStateOrProvinceName
+#define NID_businessCategory WC_NID_businessCategory
+#define NID_domainComponent WC_NID_domainComponent
+#define NID_postalCode WC_NID_postalCode
+#define NID_rfc822Mailbox WC_NID_rfc822Mailbox
+#define NID_favouriteDrink WC_NID_favouriteDrink
+#define NID_userId WC_NID_userId
+#define NID_emailAddress WC_NID_emailAddress
+#define NID_id_on_dnsSRV WC_NID_id_on_dnsSRV
+#define NID_ms_upn WC_NID_ms_upn
+
+#define NID_X9_62_prime_field WC_NID_X9_62_prime_field
+
+#define NID_id_GostR3410_2001 WC_NID_id_GostR3410_2001
+#define NID_id_GostR3410_2012_256 WC_NID_id_GostR3410_2012_256
+#define NID_id_GostR3410_2012_512 WC_NID_id_GostR3410_2012_512
+
+#endif /* !OPENSSL_COEXIST */
+
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 enum ECC_TYPES
 {
@@ -951,13 +1093,14 @@ enum Misc_ASN {
 #else
     KEYID_SIZE          = WC_SHA_DIGEST_SIZE,
 #endif
-#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM))
-    RSA_INTS            =   8,     /* RSA ints in private key */
-#elif !defined(WOLFSSL_RSA_PUBLIC_ONLY)
-    RSA_INTS            =   5,     /* RSA ints in private key */
-#else
-    RSA_INTS            =   2,     /* RSA ints in private key */
+    RSA_INTS            =   2      /* RSA ints in private key */
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
+                            + 3
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
+                            + 3
 #endif
+#endif
+                            ,
     DSA_PARAM_INTS      =   3,     /* DSA parameter ints */
     RSA_PUB_INTS        =   2,     /* RSA ints in public key */
     DSA_PUB_INTS        =   4,     /* DSA ints in public key */
@@ -1126,6 +1269,7 @@ enum Oid_Types {
 
 enum Hash_Sum  {
     MD2h      = 646,
+    MD4h      = 648,
     MD5h      = 649,
     SHAh      =  88,
     SHA224h   = 417,
@@ -1186,6 +1330,9 @@ enum Key_Sum {
     DILITHIUM_LEVEL2k = 218,    /* 1.3.6.1.4.1.2.267.12.4.4 */
     DILITHIUM_LEVEL3k = 221,    /* 1.3.6.1.4.1.2.267.12.6.5 */
     DILITHIUM_LEVEL5k = 225,    /* 1.3.6.1.4.1.2.267.12.8.7 */
+    ML_DSA_LEVEL2k    = 431,    /* 2.16.840.1.101.3.4.3.17 */
+    ML_DSA_LEVEL3k    = 432,    /* 2.16.840.1.101.3.4.3.18 */
+    ML_DSA_LEVEL5k    = 433,    /* 2.16.840.1.101.3.4.3.19 */
     SPHINCS_FAST_LEVEL1k   = 281, /* 1 3 9999 6 7 4 */
     SPHINCS_FAST_LEVEL3k   = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */
     SPHINCS_FAST_LEVEL5k   = 282, /* 1 3 9999 6 9 3 */
@@ -1270,17 +1417,159 @@ enum Extensions_Sum {
 #ifdef WOLFSSL_DUAL_ALG_CERTS
     SUBJ_ALT_PUB_KEY_INFO_OID = 186, /* 2.5.29.72 subject alt public key info */
     ALT_SIG_ALG_OID           = 187, /* 2.5.29.73 alt sig alg */
-    ALT_SIG_VAL_OID           = 188  /* 2.5.29.74 alt sig val */
+    ALT_SIG_VAL_OID           = 188,  /* 2.5.29.74 alt sig val */
 #endif
+    WOLF_ENUM_DUMMY_LAST_ELEMENT(Extensions_Sum)
 };
 
 enum CertificatePolicy_Sum {
     CP_ANY_OID              = 146, /* id-ce 32 0 */
+    CP_ISRG_DOMAIN_VALID    = 430, /* 1.3.6.1.4.1.44947.1.1.1 */
 #ifdef WOLFSSL_FPKI
-    CP_FPKI_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */
-    CP_FPKI_PIV_AUTH_OID    = 453, /* 2.16.840.1.101.3.2.1.3.40 */
-    CP_FPKI_PIV_AUTH_HW_OID = 454, /* 2.16.840.1.101.3.2.1.3.41 */
-    CP_FPKI_PIVI_AUTH_OID   = 458, /* 2.16.840.1.101.3.2.1.3.45 */
+    /* Federal PKI OIDs */
+    CP_FPKI_HIGH_ASSURANCE_OID       = 417, /* 2.16.840.1.101.3.2.1.3.4 */
+    CP_FPKI_COMMON_HARDWARE_OID      = 420, /* 2.16.840.1.101.3.2.1.3.7 */
+    CP_FPKI_MEDIUM_HARDWARE_OID      = 425, /* 2.16.840.1.101.3.2.1.3.12 */
+    CP_FPKI_COMMON_AUTH_OID          = 426, /* 2.16.840.1.101.3.2.1.3.13 */
+    CP_FPKI_COMMON_HIGH_OID          = 429, /* 2.16.840.1.101.3.2.1.3.16 */
+    CP_FPKI_PIVI_HARDWARE_OID        = 431, /* 2.16.840.1.101.3.2.1.3.18 */
+    CP_FPKI_PIVI_CONTENT_SIGNING_OID = 433, /* 2.16.840.1.101.3.2.1.3.20 */
+    CP_FPKI_COMMON_DEVICES_HARDWARE_OID = 449, /* 2.16.840.1.101.3.2.1.3.36 */
+    CP_FPKI_MEDIUM_DEVICE_HARDWARE_OID = 451, /* 2.16.840.1.101.3.2.1.3.38 */
+    CP_FPKI_COMMON_PIV_CONTENT_SIGNING_OID = 452, /* 2.16.840.1.101.3.2.1.3.39 */
+    CP_FPKI_PIV_AUTH_OID             = 453, /* 2.16.840.1.101.3.2.1.3.40 */
+    CP_FPKI_PIV_AUTH_HW_OID          = 454, /* 2.16.840.1.101.3.2.1.3.41 */
+    CP_FPKI_PIVI_AUTH_OID            = 458, /* 2.16.840.1.101.3.2.1.3.45 */
+    CP_FPKI_COMMON_PIVI_CONTENT_SIGNING_OID = 460, /* 2.16.840.1.101.3.2.1.3.47 */
+
+    /* DoD PKI OIDs */
+    CP_DOD_MEDIUM_OID                = 423, /* 2.16.840.1.101.2.1.11.5 */
+    CP_DOD_MEDIUM_HARDWARE_OID       = 427, /* 2.16.840.1.101.2.1.11.9 */
+    CP_DOD_PIV_AUTH_OID              = 428, /* 2.16.840.1.101.2.1.11.10 */
+    CP_DOD_MEDIUM_NPE_OID            = 435, /* 2.16.840.1.101.2.1.11.17 */
+    CP_DOD_MEDIUM_2048_OID           = 436, /* 2.16.840.1.101.2.1.11.18 */
+    CP_DOD_MEDIUM_HARDWARE_2048_OID  = 437, /* 2.16.840.1.101.2.1.11.19 */
+    CP_DOD_PIV_AUTH_2048_OID         = 438, /* 2.16.840.1.101.2.1.11.20 */
+    CP_DOD_PEER_INTEROP_OID          = 100449, /* 2.16.840.1.101.2.1.11.31 */
+    CP_DOD_MEDIUM_NPE_112_OID        = 100454, /* 2.16.840.1.101.2.1.11.36 */
+    CP_DOD_MEDIUM_NPE_128_OID        = 455, /* 2.16.840.1.101.2.1.11.37 */
+    CP_DOD_MEDIUM_NPE_192_OID        = 456, /* 2.16.840.1.101.2.1.11.38 */
+    CP_DOD_MEDIUM_112_OID            = 457, /* 2.16.840.1.101.2.1.11.39 */
+    CP_DOD_MEDIUM_128_OID            = 100458, /* 2.16.840.1.101.2.1.11.40 */
+    CP_DOD_MEDIUM_192_OID            = 459, /* 2.16.840.1.101.2.1.11.41 */
+    CP_DOD_MEDIUM_HARDWARE_112_OID   = 100460, /* 2.16.840.1.101.2.1.11.42 */
+    CP_DOD_MEDIUM_HARDWARE_128_OID   = 461, /* 2.16.840.1.101.2.1.11.43 */
+    CP_DOD_MEDIUM_HARDWARE_192_OID   = 462, /* 2.16.840.1.101.2.1.11.44 */
+    CP_DOD_ADMIN_OID                 = 477, /* 2.16.840.1.101.2.1.11.59 */
+    CP_DOD_INTERNAL_NPE_112_OID      = 478, /* 2.16.840.1.101.2.1.11.60 */
+    CP_DOD_INTERNAL_NPE_128_OID      = 479, /* 2.16.840.1.101.2.1.11.61 */
+    CP_DOD_INTERNAL_NPE_192_OID      = 480, /* 2.16.840.1.101.2.1.11.62 */
+
+    /* ECA PKI OIDs */
+    CP_ECA_MEDIUM_OID                = 100423, /* 2.16.840.1.101.3.2.1.12.1 */
+    CP_ECA_MEDIUM_HARDWARE_OID       = 424, /* 2.16.840.1.101.3.2.1.12.2 */
+    CP_ECA_MEDIUM_TOKEN_OID          = 100425, /* 2.16.840.1.101.3.2.1.12.3 */
+    CP_ECA_MEDIUM_SHA256_OID         = 100426, /* 2.16.840.1.101.3.2.1.12.4 */
+    CP_ECA_MEDIUM_TOKEN_SHA256_OID   = 100427, /* 2.16.840.1.101.3.2.1.12.5 */
+    CP_ECA_MEDIUM_HARDWARE_PIVI_OID  = 100428, /* 2.16.840.1.101.3.2.1.12.6 */
+    CP_ECA_CONTENT_SIGNING_PIVI_OID  = 100430, /* 2.16.840.1.101.3.2.1.12.8 */
+    CP_ECA_MEDIUM_DEVICE_SHA256_OID  = 431, /* 2.16.840.1.101.3.2.1.12.9 */
+    CP_ECA_MEDIUM_HARDWARE_SHA256_OID = 432, /* 2.16.840.1.101.3.2.1.12.10 */
+
+    /* Department of State PKI OIDs */
+    CP_STATE_HIGH_OID               = 100420, /* 2.16.840.1.101.3.2.1.6.4 */
+    CP_STATE_MEDHW_OID              = 101428, /* 2.16.840.1.101.3.2.1.6.12 */
+    CP_STATE_MEDDEVHW_OID           = 101454, /* 2.16.840.1.101.3.2.1.6.38 */
+
+    /* U.S. Treasury SSP PKI OIDs */
+    CP_TREAS_MEDIUMHW_OID           = 419, /* 2.16.840.1.101.3.2.1.5.4 */
+    CP_TREAS_HIGH_OID               = 101420, /* 2.16.840.1.101.3.2.1.5.5 */
+    CP_TREAS_PIVI_HW_OID            = 101425, /* 2.16.840.1.101.3.2.1.5.10 */
+    CP_TREAS_PIVI_CONTENT_OID       = 101427, /* 2.16.840.1.101.3.2.1.5.12 */
+
+    /* Boeing PKI OIDs */
+    CP_BOEING_MEDIUMHW_SHA256_OID   = 159, /* 1.3.6.1.4.1.73.15.3.1.12 */
+    CP_BOEING_MEDIUMHW_CONTENT_SHA256_OID = 164, /* 1.3.6.1.4.1.73.15.3.1.17 */
+
+    /* Carillon Federal Services OIDs */
+    CP_CARILLON_MEDIUMHW_256_OID    = 467, /* 1.3.6.1.4.1.45606.3.1.12 */
+    CP_CARILLON_AIVHW_OID           = 475, /* 1.3.6.1.4.1.45606.3.1.20 */
+    CP_CARILLON_AIVCONTENT_OID      = 100477, /* 1.3.6.1.4.1.45606.3.1.22 */
+
+    /* Carillon Information Security OIDs */
+    CP_CIS_MEDIUMHW_256_OID         = 489, /* 1.3.6.1.4.1.25054.3.1.12 */
+    CP_CIS_MEDDEVHW_256_OID         = 491, /* 1.3.6.1.4.1.25054.3.1.14 */
+    CP_CIS_ICECAP_HW_OID            = 497, /* 1.3.6.1.4.1.25054.3.1.20 */
+    CP_CIS_ICECAP_CONTENT_OID       = 499, /* 1.3.6.1.4.1.25054.3.1.22 */
+
+    /* CertiPath Bridge OIDs */
+    CP_CERTIPATH_MEDIUMHW_OID       = 100459, /* 1.3.6.1.4.1.24019.1.1.1.2 */
+    CP_CERTIPATH_HIGHHW_OID         = 101460, /* 1.3.6.1.4.1.24019.1.1.1.3 */
+    CP_CERTIPATH_ICECAP_HW_OID      = 464, /* 1.3.6.1.4.1.24019.1.1.1.7 */
+    CP_CERTIPATH_ICECAP_CONTENT_OID = 466, /* 1.3.6.1.4.1.24019.1.1.1.9 */
+    CP_CERTIPATH_VAR_MEDIUMHW_OID   = 100475, /* 1.3.6.1.4.1.24019.1.1.1.18 */
+    CP_CERTIPATH_VAR_HIGHHW_OID     = 476, /* 1.3.6.1.4.1.24019.1.1.1.19 */
+
+    /* TSCP Bridge OIDs */
+    CP_TSCP_MEDIUMHW_OID            = 442, /* 1.3.6.1.4.1.38099.1.1.1.2 */
+    CP_TSCP_PIVI_OID                = 445, /* 1.3.6.1.4.1.38099.1.1.1.5 */
+    CP_TSCP_PIVI_CONTENT_OID        = 447, /* 1.3.6.1.4.1.38099.1.1.1.7 */
+
+    /* DigiCert NFI PKI OIDs */
+    CP_DIGICERT_NFSSP_MEDIUMHW_OID  = 796, /* 2.16.840.1.113733.1.7.23.3.1.7 */
+    CP_DIGICERT_NFSSP_AUTH_OID      = 802, /* 2.16.840.1.113733.1.7.23.3.1.13 */
+    CP_DIGICERT_NFSSP_PIVI_HW_OID   = 807, /* 2.16.840.1.113733.1.7.23.3.1.18 */
+    CP_DIGICERT_NFSSP_PIVI_CONTENT_OID = 809, /* 2.16.840.1.113733.1.7.23.3.1.20 */
+    CP_DIGICERT_NFSSP_MEDDEVHW_OID  = 825, /* 2.16.840.1.113733.1.7.23.3.1.36 */
+
+    /* Entrust Managed Services NFI PKI OIDs */
+    CP_ENTRUST_NFSSP_MEDIUMHW_OID   = 1017, /* 2.16.840.1.114027.200.3.10.7.2 */
+    CP_ENTRUST_NFSSP_MEDAUTH_OID    = 1019, /* 2.16.840.1.114027.200.3.10.7.4 */
+    CP_ENTRUST_NFSSP_PIVI_HW_OID    = 1021, /* 2.16.840.1.114027.200.3.10.7.6 */
+    CP_ENTRUST_NFSSP_PIVI_CONTENT_OID = 1024, /* 2.16.840.1.114027.200.3.10.7.9 */
+    CP_ENTRUST_NFSSP_MEDDEVHW_OID   = 1031, /* 2.16.840.1.114027.200.3.10.7.16 */
+
+    /* Exostar LLC PKI OIDs */
+    CP_EXOSTAR_MEDIUMHW_SHA2_OID    = 100424, /* 1.3.6.1.4.1.13948.1.1.1.6 */
+
+    /* IdenTrust NFI OIDs */
+    CP_IDENTRUST_MEDIUMHW_SIGN_OID  = 846, /* 2.16.840.1.113839.0.100.12.1 */
+    CP_IDENTRUST_MEDIUMHW_ENC_OID   = 847, /* 2.16.840.1.113839.0.100.12.2 */
+    CP_IDENTRUST_PIVI_HW_ID_OID     = 851, /* 2.16.840.1.113839.0.100.18.0 */
+    CP_IDENTRUST_PIVI_HW_SIGN_OID   = 852, /* 2.16.840.1.113839.0.100.18.1 */
+    CP_IDENTRUST_PIVI_HW_ENC_OID    = 853, /* 2.16.840.1.113839.0.100.18.2 */
+    CP_IDENTRUST_PIVI_CONTENT_OID   = 854, /* 2.16.840.1.113839.0.100.20.1 */
+
+    /* Lockheed Martin PKI OIDs */
+    CP_LOCKHEED_MEDIUMHW_OID        = 266, /* 1.3.6.1.4.1.103.100.1.1.3.3 */
+
+    /* Northrop Grumman PKI OIDs */
+    CP_NORTHROP_MEDIUM_256_HW_OID   = 654, /* 1.3.6.1.4.1.16334.509.2.8 */
+    CP_NORTHROP_PIVI_256_HW_OID     = 655, /* 1.3.6.1.4.1.16334.509.2.9 */
+    CP_NORTHROP_PIVI_256_CONTENT_OID = 657, /* 1.3.6.1.4.1.16334.509.2.11 */
+    CP_NORTHROP_MEDIUM_384_HW_OID   = 660, /* 1.3.6.1.4.1.16334.509.2.14 */
+
+    /* Raytheon PKI OIDs */
+    CP_RAYTHEON_MEDIUMHW_OID        = 251, /* 1.3.6.1.4.1.1569.10.1.12 */
+    CP_RAYTHEON_MEDDEVHW_OID        = 257, /* 1.3.6.1.4.1.1569.10.1.18 */
+    CP_RAYTHEON_SHA2_MEDIUMHW_OID   = 433, /* 1.3.6.1.4.1.26769.10.1.12 */
+    CP_RAYTHEON_SHA2_MEDDEVHW_OID   = 439, /* 1.3.6.1.4.1.26769.10.1.18 */
+
+    /* WidePoint NFI PKI OIDs */
+    CP_WIDEPOINT_MEDIUMHW_OID       = 310, /* 1.3.6.1.4.1.3922.1.1.1.12 */
+    CP_WIDEPOINT_PIVI_HW_OID        = 316, /* 1.3.6.1.4.1.3922.1.1.1.18 */
+    CP_WIDEPOINT_PIVI_CONTENT_OID   = 318, /* 1.3.6.1.4.1.3922.1.1.1.20 */
+    CP_WIDEPOINT_MEDDEVHW_OID       = 336, /* 1.3.6.1.4.1.3922.1.1.1.38 */
+
+    /* Australian Defence Organisation PKI OIDs */
+    CP_ADO_MEDIUM_OID               = 293, /* 1.2.36.1.334.1.2.1.2 */
+    CP_ADO_HIGH_OID                 = 294, /* 1.2.36.1.334.1.2.1.3 */
+    CP_ADO_RESOURCE_MEDIUM_OID      = 100294, /* 1.2.36.1.334.1.2.2.2 */
+
+    /* Netherlands Ministry of Defence PKI OIDs */
+    CP_NL_MOD_AUTH_OID              = 496, /* 2.16.528.1.1003.1.2.5.1 */
+    CP_NL_MOD_IRREFUT_OID           = 100497, /* 2.16.528.1.1003.1.2.5.2 */
+    CP_NL_MOD_CONFID_OID            = 498, /* 2.16.528.1.1003.1.2.5.3 */
 #endif /* WOLFSSL_FPKI */
     WOLF_ENUM_DUMMY_LAST_ELEMENT(CertificatePolicy_Sum)
 };
@@ -1497,7 +1786,8 @@ struct SignatureCtx {
     byte* sigCpy;
 #endif
 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
-    !defined(NO_DSA)
+    !defined(NO_DSA) || defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
+    defined(HAVE_SPHINCS)
     int verify;
 #endif
     union {
@@ -1775,12 +2065,14 @@ struct DecodedCert {
     #endif
 #endif /* WOLFSSL_SUBJ_INFO_ACC */
 
-#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
+    defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || defined(HAVE_SPHINCS)
     word32  pkCurveOID;           /* Public Key's curve OID */
     #ifdef WOLFSSL_CUSTOM_CURVES
         int  pkCurveSize;         /* Public Key's curve size */
     #endif
-#endif /* HAVE_ECC */
+#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || HAVE_DILITHIUM ||
+        * HAVE_FALCON || HAVE_SPHINCS */
     const byte* beforeDate;
     int     beforeDateLen;
     const byte* afterDate;
@@ -1938,63 +2230,58 @@ struct DecodedCert {
     int criticalExt;
 
     /* Option Bits */
-    byte subjectCNStored : 1;      /* have we saved a copy we own */
-    byte extSubjKeyIdSet : 1;      /* Set when the SKID was read from cert */
-    byte extAuthKeyIdSet : 1;      /* Set when the AKID was read from cert */
+    WC_BITFIELD subjectCNStored:1;      /* have we saved a copy we own */
+    WC_BITFIELD extSubjKeyIdSet:1;      /* Set when the SKID was read from cert */
+    WC_BITFIELD extAuthKeyIdSet:1;      /* Set when the AKID was read from cert */
 #ifndef IGNORE_NAME_CONSTRAINTS
-    byte extNameConstraintSet : 1;
+    WC_BITFIELD extNameConstraintSet:1;
 #endif
-    byte isCA : 1;                 /* CA basic constraint true */
-    byte pathLengthSet : 1;        /* CA basic const path length set */
-    byte weOwnAltNames : 1;        /* altNames haven't been given to copy */
-    byte extKeyUsageSet : 1;
-    byte extExtKeyUsageSet : 1;    /* Extended Key Usage set */
+    WC_BITFIELD isCA:1;                 /* CA basic constraint true */
+    WC_BITFIELD pathLengthSet:1;        /* CA basic const path length set */
+    WC_BITFIELD weOwnAltNames:1;        /* altNames haven't been given to copy */
+    WC_BITFIELD extKeyUsageSet:1;
+    WC_BITFIELD extExtKeyUsageSet:1;    /* Extended Key Usage set */
 #ifdef HAVE_OCSP
-    byte ocspNoCheckSet : 1;       /* id-pkix-ocsp-nocheck set */
+    WC_BITFIELD ocspNoCheckSet:1;       /* id-pkix-ocsp-nocheck set */
 #endif
-    byte extCRLdistSet : 1;
-    byte extAuthInfoSet : 1;
-    byte extBasicConstSet : 1;
-    byte extPolicyConstSet : 1;
-    byte extPolicyConstRxpSet : 1; /* requireExplicitPolicy set */
-    byte extPolicyConstIpmSet : 1; /* inhibitPolicyMapping set */
-    byte extSubjAltNameSet : 1;
-    byte inhibitAnyOidSet : 1;
-    byte selfSigned : 1;           /* Indicates subject and issuer are same */
+    WC_BITFIELD extCRLdistSet:1;
+    WC_BITFIELD extAuthInfoSet:1;
+    WC_BITFIELD extBasicConstSet:1;
+    WC_BITFIELD extPolicyConstSet:1;
+    WC_BITFIELD extPolicyConstRxpSet:1; /* requireExplicitPolicy set */
+    WC_BITFIELD extPolicyConstIpmSet:1; /* inhibitPolicyMapping set */
+    WC_BITFIELD extSubjAltNameSet:1;
+    WC_BITFIELD inhibitAnyOidSet:1;
+    WC_BITFIELD selfSigned:1;           /* Indicates subject and issuer are same */
 #ifdef WOLFSSL_SEP
-    byte extCertPolicySet : 1;
+    WC_BITFIELD extCertPolicySet:1;
 #endif
-    byte extCRLdistCrit : 1;
-    byte extAuthInfoCrit : 1;
-    byte extBasicConstCrit : 1;
-    byte extPolicyConstCrit : 1;
-    byte extSubjAltNameCrit : 1;
-    byte extAuthKeyIdCrit : 1;
+    WC_BITFIELD extCRLdistCrit:1;
+    WC_BITFIELD extAuthInfoCrit:1;
+    WC_BITFIELD extBasicConstCrit:1;
+    WC_BITFIELD extPolicyConstCrit:1;
+    WC_BITFIELD extSubjAltNameCrit:1;
+    WC_BITFIELD extAuthKeyIdCrit:1;
 #ifndef IGNORE_NAME_CONSTRAINTS
-    byte extNameConstraintCrit : 1;
+    WC_BITFIELD extNameConstraintCrit:1;
 #endif
-    byte extSubjKeyIdCrit : 1;
-    byte extKeyUsageCrit : 1;
-    byte extExtKeyUsageCrit : 1;
+    WC_BITFIELD extSubjKeyIdCrit:1;
+    WC_BITFIELD extKeyUsageCrit:1;
+    WC_BITFIELD extExtKeyUsageCrit:1;
 #ifdef WOLFSSL_SUBJ_DIR_ATTR
-    byte extSubjDirAttrSet : 1;
+    WC_BITFIELD extSubjDirAttrSet:1;
 #endif
 #ifdef WOLFSSL_SUBJ_INFO_ACC
-    byte extSubjInfoAccSet : 1;
+    WC_BITFIELD extSubjInfoAccSet:1;
 #endif
-#ifdef WOLFSSL_DUAL_ALG_CERTS
-    byte extSapkiSet : 1;
-    byte extAltSigAlgSet : 1;
-    byte extAltSigValSet : 1;
-#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #ifdef WOLFSSL_SEP
-    byte extCertPolicyCrit : 1;
+    WC_BITFIELD extCertPolicyCrit:1;
 #endif
 #ifdef WOLFSSL_CERT_REQ
-    byte isCSR : 1;                /* Do we intend on parsing a CSR? */
+    WC_BITFIELD isCSR:1;                /* Do we intend on parsing a CSR? */
 #endif
 #ifdef HAVE_RPK
-    byte isRPK : 1;   /* indicate the cert is Raw-Public-Key cert in RFC7250 */
+    WC_BITFIELD isRPK:1;   /* indicate the cert is Raw-Public-Key cert in RFC7250 */
 #endif
 #ifdef WC_ASN_UNKNOWN_EXT_CB
     wc_UnknownExtCallback unknownExtCallback;
@@ -2013,6 +2300,13 @@ struct DecodedCert {
     /* Alternative Signature Value */
     byte *altSigValDer;
     int altSigValLen;
+
+    WC_BITFIELD extSapkiSet:1;
+    WC_BITFIELD extAltSigAlgSet:1;
+    WC_BITFIELD extAltSigValSet:1;
+    WC_BITFIELD extSapkiCrit:1;
+    WC_BITFIELD extAltSigAlgCrit:1;
+    WC_BITFIELD extAltSigValCrit:1;
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
 };
 
@@ -2031,7 +2325,7 @@ struct Signer {
     word32  keyOID;                  /* key type */
     word16  keyUsage;
     byte    maxPathLen;
-    byte    selfSigned : 1;
+    WC_BITFIELD selfSigned:1;
     const byte* publicKey;
     int     nameLen;
     char*   name;                    /* common name */
@@ -2085,6 +2379,10 @@ struct TrustedPeerCert {
     #endif /* IGNORE_NAME_CONSTRAINTS */
     byte    subjectNameHash[SIGNER_DIGEST_SIZE];
                                      /* sha hash of names in certificate */
+    #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER
+    byte    issuerHash[SIGNER_DIGEST_SIZE];
+                                    /* sha hash of issuer name in certificate */
+    #endif
     #ifndef NO_SKID
         byte    subjectKeyIdHash[SIGNER_DIGEST_SIZE];
                                      /* sha hash of SKID in certificate */
@@ -2192,19 +2490,17 @@ WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
                                         word32 pubKeySz, int pubKeyOID);
 #endif /* OPENSSL_EXTRA || WOLFSSL_SMALL_CERT_VERIFY */
 
-#ifdef WOLFSSL_DUAL_ALG_CERTS
-WOLFSSL_LOCAL int wc_ConfirmAltSignature(
-    const byte* buf, word32 bufSz,
-    const byte* key, word32 keySz, word32 keyOID,
-    const byte* sig, word32 sigSz, word32 sigOID,
-    void *heap);
-#endif /* WOLFSSL_DUAL_ALG_CERTS */
 #if (defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) || \
     (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)))
 WOLFSSL_LOCAL int wc_CertGetPubKey(const byte* cert, word32 certSz,
     const unsigned char** pubKey, word32* pubKeySz);
 #endif
-
+WOLFSSL_LOCAL int ConfirmSignature(SignatureCtx* sigCtx,
+    const byte* buf, word32 bufSz,
+    const byte* key, word32 keySz, word32 keyOID,
+    const byte* sig, word32 sigSz, word32 sigOID,
+    const byte* sigParams, word32 sigParamsSz,
+    byte* rsaKeyIdx);
 #ifdef WOLFSSL_CERT_REQ
 WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz,
         void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
@@ -2221,6 +2517,7 @@ WOLFSSL_LOCAL int TryDecodeRPKToKey(DecodedCert* cert);
 WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
 
 WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz);
+WOLFSSL_LOCAL Signer* findSignerByKeyHash(Signer *list, byte *hash);
 WOLFSSL_LOCAL Signer* findSignerByName(Signer *list, byte *hash);
 WOLFSSL_LOCAL int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der);
 WOLFSSL_LOCAL Signer* MakeSigner(void* heap);
@@ -2287,10 +2584,12 @@ WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number,
                               word32 maxIdx);
 
 WOLFSSL_LOCAL const char* GetSigName(int oid);
-WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
-                           word32 maxIdx);
+WOLFSSL_ASN_API int GetLength(const byte* input, word32* inOutIdx, int* len,
+                              word32 maxIdx);
 WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len,
                            word32 maxIdx, int check);
+WOLFSSL_LOCAL int GetASNHeader(const byte* input, byte tag, word32* inOutIdx,
+                               int* len, word32 maxIdx);
 WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
                              word32 maxIdx);
 WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
@@ -2330,8 +2629,9 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
                            word32 oidType, word32 maxIdx);
 WOLFSSL_LOCAL int GetAlgoIdEx(const byte* input, word32* inOutIdx, word32* oid,
                      word32 oidType, word32 maxIdx, byte *absentParams);
-WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag,
-                            word32 inputSz);
+WOLFSSL_ASN_API int GetASNTag(const byte* input, word32* idx, byte* tag,
+                              word32 inputSz);
+WOLFSSL_LOCAL int GetASN_BitString(const byte* input, word32 idx, int length);
 
 WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output);
 WOLFSSL_LOCAL word32 SetASNSequence(word32 len, byte* output);
@@ -2343,6 +2643,8 @@ WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output);
 
 WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
 WOLFSSL_LOCAL word32 SetLengthEx(word32 length, byte* output, byte isIndef);
+WOLFSSL_LOCAL word32 SetHeader(byte tag, word32 len, byte* output,
+                               byte isIndef);
 WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
 WOLFSSL_LOCAL word32 SetSequenceEx(word32 len, byte* output, byte isIndef);
 WOLFSSL_LOCAL word32 SetIndefEnd(byte* output);
@@ -2373,9 +2675,11 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
 WOLFSSL_LOCAL int GetNameHash_ex(const byte* source, word32* idx, byte* hash,
                                  int maxIdx, word32 sigOID);
 WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz,
-                                         DecodedCert* der, int checkAlt);
+                                         DecodedCert* der, int checkAlt,
+                                         void* heap);
 WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
-                                     const byte* pubKey, word32 pubKeySz, enum Key_Sum ks);
+                                     const byte* pubKey, word32 pubKeySz,
+                                     enum Key_Sum ks, void* heap);
 WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
 #ifdef WOLFSSL_DH_EXTRA
 WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx,
@@ -2414,7 +2718,8 @@ WOLFSSL_LOCAL int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
     byte* output, word32 outLen, int keyType, int withHeader);
 WOLFSSL_LOCAL int DecodeAsymKeyPublic_Assign(const byte* input,
     word32* inOutIdx, word32 inSz, const byte** pubKey, word32* pubKeyLen,
-    int keyType);
+    int* keyType);
+
 WOLFSSL_LOCAL int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx,
     word32 inSz, byte* pubKey, word32* pubKeyLen, int keyType);
 
@@ -2463,6 +2768,9 @@ enum cert_enums {
     DILITHIUM_LEVEL2_KEY     = 18,
     DILITHIUM_LEVEL3_KEY     = 19,
     DILITHIUM_LEVEL5_KEY     = 20,
+    ML_DSA_LEVEL2_KEY        = 21,
+    ML_DSA_LEVEL3_KEY        = 22,
+    ML_DSA_LEVEL5_KEY        = 23,
     SPHINCS_FAST_LEVEL1_KEY  = 24,
     SPHINCS_FAST_LEVEL3_KEY  = 25,
     SPHINCS_FAST_LEVEL5_KEY  = 26,
@@ -2542,6 +2850,14 @@ struct CertStatus {
 
 typedef struct OcspEntry OcspEntry;
 
+#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
+#define OCSP_DIGEST WC_HASH_TYPE_SM3
+#elif defined(NO_SHA)
+#define OCSP_DIGEST WC_HASH_TYPE_SHA256
+#else
+#define OCSP_DIGEST WC_HASH_TYPE_SHA
+#endif
+
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
 #define OCSP_DIGEST_SIZE WC_SM3_DIGEST_SIZE
 #elif defined(NO_SHA)
@@ -2561,12 +2877,23 @@ struct OcspEntry
     byte* rawCertId;                      /* raw bytes of the CertID   */
     int rawCertIdSize;                    /* num bytes in raw CertID   */
     /* option bits - using 32-bit for alignment */
-    word32 ownStatus:1;                   /* do we need to free the status
+    WC_BITFIELD ownStatus:1;              /* do we need to free the status
                                            * response list */
-    word32 isDynamic:1;                   /* was dynamically allocated */
-    word32 used:1;                        /* entry used                */
+    WC_BITFIELD isDynamic:1;              /* was dynamically allocated */
+    WC_BITFIELD used:1;                   /* entry used                */
 };
 
+#define OCSP_RESPONDER_ID_KEY_SZ 20
+#if !defined(NO_SHA)
+#define OCSP_RESPONDER_ID_HASH_TYPE WC_SHA
+#else
+#define OCSP_RESPONDER_ID_HASH_TYPE WC_SHA256
+#endif
+enum responderIdType {
+    OCSP_RESPONDER_ID_INVALID = 0,
+    OCSP_RESPONDER_ID_NAME = 1,
+    OCSP_RESPONDER_ID_KEY  = 2,
+};
 /* TODO: Long-term, it would be helpful if we made this struct and other OCSP
          structs conform to the ASN spec as described in RFC 6960. It will help
          with readability and with implementing OpenSSL compatibility API
@@ -2578,6 +2905,12 @@ struct OcspResponse {
     byte*   response;        /* Pointer to beginning of OCSP Response */
     word32  responseSz;      /* length of the OCSP Response */
 
+    enum responderIdType responderIdType;
+    union {
+        byte keyHash[OCSP_RESPONDER_ID_KEY_SZ];
+        byte nameHash[KEYID_SIZE];
+    } responderId ;
+
     byte    producedDate[MAX_DATE_SIZE];
                              /* Date at which this response was signed */
     byte    producedDateFormat; /* format of the producedDate */
@@ -2589,6 +2922,9 @@ struct OcspResponse {
     word32  sigSz;           /* Length in octets for the sig */
     word32  sigOID;          /* OID for hash used for sig */
 
+    byte* sigParams;
+    word32 sigParamsSz;
+
     OcspEntry* single;       /* chain of OCSP single responses */
 
     byte*   nonce;           /* pointer to nonce inside ASN.1 response */
@@ -2597,9 +2933,6 @@ struct OcspResponse {
     byte*   source;          /* pointer to source buffer, not owned */
     word32  maxIdx;          /* max offset based on init size */
     Signer* pendingCAs;
-#ifdef OPENSSL_EXTRA
-    int     verifyError;
-#endif
     void*  heap;
 };
 
@@ -2629,7 +2962,7 @@ WOLFSSL_LOCAL void InitOcspResponse(OcspResponse* resp, OcspEntry* single,
                      CertStatus* status, byte* source, word32 inSz, void* heap);
 WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse* resp);
 WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap,
-                                     int noVerify);
+                                     int noVerifyCert, int noVerifySignature);
 
 WOLFSSL_LOCAL int    InitOcspRequest(OcspRequest* req, DecodedCert* cert,
                                      byte useNonce, void* heap);
@@ -2641,7 +2974,8 @@ WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output,
 
 
 WOLFSSL_LOCAL int  CompareOcspReqResp(OcspRequest* req, OcspResponse* resp);
-
+WOLFSSL_LOCAL int OcspDecodeCertID(const byte* input, word32* inOutIdx, word32 inSz,
+                 OcspEntry* entry);
 
 #endif /* HAVE_OCSP */
 
@@ -2702,15 +3036,55 @@ WOLFSSL_LOCAL int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl,
                            const byte* buff, word32 sz, int verify, void* cm);
 WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);
 
-
 #endif /* HAVE_CRL */
 
-
-#ifdef __cplusplus
-    } /* extern "C" */
+#if defined(WOLFSSL_ACERT)
+/* Minimal structure for x509 attribute certificate (rfc 5755).
+ *
+ * The attributes field is not parsed, but is stored as raw buffer.
+ * */
+struct DecodedAcert {
+    word32       certBegin; /* Offset to start of acert. */
+    word32       sigIndex; /* Offset to start of signature. */
+    word32       sigLength; /* Signature length. */
+    word32       signatureOID; /* Sum of algorithm object id. */
+#ifdef WC_RSA_PSS
+    word32       sigParamsIndex; /* start of signature parameters */
+    word32       sigParamsLength; /* length of signature parameters */
 #endif
+    const byte * signature; /* Not owned, points into raw acert.  */
+    const byte * source; /* Byte buffer holding acert, NOT owned. */
+    word32       srcIdx; /* Current offset into buffer. */
+    word32       maxIdx; /* Max allowed offset. Set in init. */
+    void *       heap; /* For user memory overrides. */
+    int          version; /* attribute cert version. */
+    byte         serial[EXTERNAL_SERIAL_SIZE];  /* Raw serial number. */
+    int          serialSz;
+    const byte * beforeDate; /* Before and After dates. */
+    int          beforeDateLen;
+    const byte * afterDate;
+    int          afterDateLen;
+    byte         holderSerial[EXTERNAL_SERIAL_SIZE];
+    int          holderSerialSz;
+    DNS_entry *  holderEntityName;  /* Holder entityName from ACERT */
+    DNS_entry *  holderIssuerName;  /* Holder issuerName from ACERT */
+    DNS_entry *  AttCertIssuerName; /* AttCertIssuer name from ACERT */
+    const byte * rawAttr; /* Not owned, points into raw acert. */
+    word32       rawAttrLen;
+    SignatureCtx sigCtx;
+};
 
-#endif /* !NO_ASN */
+typedef struct DecodedAcert DecodedAcert;
+
+WOLFSSL_LOCAL void InitDecodedAcert(DecodedAcert* acert,
+                                    const byte* source, word32 inSz,
+                                    void* heap);
+WOLFSSL_LOCAL void FreeDecodedAcert(DecodedAcert * acert);
+WOLFSSL_LOCAL int  ParseX509Acert(DecodedAcert* cert, int verify);
+WOLFSSL_LOCAL int  VerifyX509Acert(const byte* cert, word32 certSz,
+                                   const byte* pubKey, word32 pubKeySz,
+                                   int pubKeyOID, void * heap);
+#endif /* WOLFSSL_ACERT */
 
 
 #if ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) \
@@ -2720,7 +3094,8 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);
     || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))
 WOLFSSL_LOCAL int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx,
     word32 inSz, const byte** privKey, word32* privKeyLen, const byte** pubKey,
-    word32* pubKeyLen, int keyType);
+    word32* pubKeyLen, int* inOutKeyType);
+
 WOLFSSL_LOCAL int DecodeAsymKey(const byte* input, word32* inOutIdx,
     word32 inSz, byte* privKey, word32* privKeyLen, byte* pubKey,
     word32* pubKeyLen, int keyType);
@@ -2732,6 +3107,7 @@ WOLFSSL_LOCAL int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
     int keyType);
 #endif
 
+#endif /* !NO_ASN */
 
 #if !defined(NO_ASN) || !defined(NO_PWDBASED)
 
@@ -2781,4 +3157,10 @@ enum PKCSTypes {
 
 #endif /* !NO_ASN || !NO_PWDBASED */
 
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* !NO_ASN || !NO_PWDBASED */
+
 #endif /* WOLF_CRYPT_ASN_H */
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index ae7787577..08d9cc938 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -1,6 +1,6 @@
 /* asn_public.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -148,6 +148,7 @@ enum CertType {
     CA_TYPE,
     ECC_PRIVATEKEY_TYPE,
     DSA_PRIVATEKEY_TYPE,
+    ACERT_TYPE,
     CERTREQ_TYPE,
     DSA_TYPE,
     ECC_TYPE,
@@ -170,6 +171,9 @@ enum CertType {
     DILITHIUM_LEVEL2_TYPE,
     DILITHIUM_LEVEL3_TYPE,
     DILITHIUM_LEVEL5_TYPE,
+    ML_DSA_LEVEL2_TYPE,
+    ML_DSA_LEVEL3_TYPE,
+    ML_DSA_LEVEL5_TYPE,
     SPHINCS_FAST_LEVEL1_TYPE,
     SPHINCS_FAST_LEVEL3_TYPE,
     SPHINCS_FAST_LEVEL5_TYPE,
@@ -178,7 +182,8 @@ enum CertType {
     SPHINCS_SMALL_LEVEL5_TYPE,
     ECC_PARAM_TYPE,
     CHAIN_CERT_TYPE,
-    PKCS7_TYPE
+    PKCS7_TYPE,
+    TRUSTED_CERT_TYPE
 };
 
 
@@ -222,6 +227,9 @@ enum Ctc_SigType {
     CTC_DILITHIUM_LEVEL2     = 218,
     CTC_DILITHIUM_LEVEL3     = 221,
     CTC_DILITHIUM_LEVEL5     = 225,
+    CTC_ML_DSA_LEVEL2        = 431,
+    CTC_ML_DSA_LEVEL3        = 432,
+    CTC_ML_DSA_LEVEL5        = 433,
 
     CTC_SPHINCS_FAST_LEVEL1  = 281,
     CTC_SPHINCS_FAST_LEVEL3  = 283,
@@ -325,7 +333,7 @@ typedef struct EncryptedInfo {
     char     name[NAME_SZ];    /* cipher name, such as "DES-CBC" */
     byte     iv[IV_SZ];        /* salt or encrypted IV */
 
-    word16   set:1;            /* if encryption set */
+    WC_BITFIELD set:1;         /* if encryption set */
 #endif
 } EncryptedInfo;
 
@@ -340,7 +348,7 @@ typedef struct WOLFSSL_ASN1_INTEGER {
 
     unsigned char* data;
     unsigned int   dataMax;   /* max size of data buffer */
-    unsigned int   isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
+    WC_BITFIELD    isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
 
     int length;   /* Length of DER encoding. */
     int type;     /* ASN.1 type. Includes negative flag. */
@@ -519,12 +527,15 @@ typedef struct Cert {
     /* Subject Alternative Public Key Info */
     byte *sapkiDer;
     int sapkiLen;
+    byte sapkiCrit;
     /* Alternative Signature Algorithm */
     byte *altSigAlgDer;
     int altSigAlgLen;
+    byte altSigAlgCrit;
     /* Alternative Signature Value */
     byte *altSigValDer;
     int altSigValLen;
+    byte altSigValCrit;
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
 #ifdef WOLFSSL_CERT_REQ
     char     challengePw[CTC_NAME_SIZE];
@@ -542,13 +553,14 @@ typedef struct Cert {
     void*   decodedCert;      /* internal DecodedCert allocated from heap */
     byte*   der;              /* Pointer to buffer of current DecodedCert cache */
     void*   heap;             /* heap hint */
-    byte    basicConstSet:1;  /* Indicator for when Basic Constraint is set */
+    WC_BITFIELD basicConstSet:1;  /* Indicator for when Basic Constraint is set */
+    byte             basicConstCrit;  /* Indicator of criticality of Basic Constraints extension */
 #ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE
-    byte    isCaSet:1;        /* Indicator for when isCA is set */
+    WC_BITFIELD isCaSet:1;        /* Indicator for when isCA is set */
 #endif
-    byte    pathLenSet:1;     /* Indicator for when path length is set */
+    WC_BITFIELD pathLenSet:1;     /* Indicator for when path length is set */
 #ifdef WOLFSSL_ALT_NAMES
-    byte    altNamesCrit:1;   /* Indicator of criticality of SAN extension */
+    WC_BITFIELD altNamesCrit:1;   /* Indicator of criticality of SAN extension */
 #endif
 } Cert;
 
@@ -721,6 +733,8 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
                                 word32 outputSz, byte *cipherIno, int type);
 #endif
 
+WOLFSSL_API word32 wc_PkcsPad(byte* buf, word32 sz, word32 blockSz);
+
 #ifndef NO_RSA
     WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
         word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz);
@@ -834,12 +848,16 @@ WOLFSSL_API int wc_Curve25519PrivateKeyDecode(
     const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz);
 WOLFSSL_API int wc_Curve25519PublicKeyDecode(
     const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz);
+WOLFSSL_API int wc_Curve25519KeyDecode(const byte *input, word32 *inOutIdx,
+                                       curve25519_key *key, word32 inSz);
 #endif
 #ifdef HAVE_CURVE25519_KEY_EXPORT
 WOLFSSL_API int wc_Curve25519PrivateKeyToDer(
     curve25519_key* key, byte* output, word32 inLen);
 WOLFSSL_API int wc_Curve25519PublicKeyToDer(
     curve25519_key* key, byte* output, word32 inLen, int withAlg);
+WOLFSSL_API int wc_Curve25519KeyToDer(curve25519_key* key, byte* output,
+                                      word32 inLen, int withAlg);
 #endif
 #endif /* HAVE_CURVE25519 */
 
@@ -930,9 +948,9 @@ typedef struct _wc_CertPIV {
     word32       signedNonceSz; /* Identiv Only */
 
     /* flags */
-    word16       compression:2;
-    word16       isX509:1;
-    word16       isIdentiv:1;
+    WC_BITFIELD  compression:2;
+    WC_BITFIELD  isX509:1;
+    WC_BITFIELD  isIdentiv:1;
 } wc_CertPIV;
 
 WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz);
@@ -962,6 +980,19 @@ WOLFSSL_API int wc_GeneratePreTBS(struct DecodedCert* cert, byte *der,
                                   int derSz);
 #endif
 
+#if defined(WOLFSSL_ACERT)
+/* Forward declaration needed, as DecodedAcert is defined in asn.h.*/
+struct DecodedAcert;
+WOLFSSL_API void wc_InitDecodedAcert(struct DecodedAcert* acert,
+                                     const byte* source, word32 inSz,
+                                     void* heap);
+WOLFSSL_API void wc_FreeDecodedAcert(struct DecodedAcert * acert);
+WOLFSSL_API int  wc_ParseX509Acert(struct DecodedAcert* acert, int verify);
+WOLFSSL_API int  wc_VerifyX509Acert(const byte* acert, word32 acertSz,
+                                    const byte* pubKey, word32 pubKeySz,
+                                    int pubKeyOID, void * heap);
+#endif /* WOLFSSL_ACERT */
+
 #if !defined(XFPRINTF) || defined(NO_FILESYSTEM) || \
     defined(NO_STDIO_FILESYSTEM) && defined(WOLFSSL_ASN_PRINT)
 #undef WOLFSSL_ASN_PRINT
@@ -987,7 +1018,7 @@ enum Asn1PrintOpt {
     /* Don't show text representations of primitive types. */
     ASN1_PRINT_OPT_SHOW_NO_TEXT,
     /* Don't show dump text representations of primitive types. */
-    ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT,
+    ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT
 };
 
 /* ASN.1 print options. */
@@ -999,17 +1030,17 @@ typedef struct Asn1PrintOptions {
     /* Number of spaces to indent for each change in depth. */
     word8 indent;
     /* Draw branches instead of indenting. */
-    word8 draw_branch:1;
+    WC_BITFIELD draw_branch:1;
     /* Show raw data of primitive types as octets. */
-    word8 show_data:1;
+    WC_BITFIELD show_data:1;
     /* Show header data as octets. */
-    word8 show_header_data:1;
+    WC_BITFIELD show_header_data:1;
     /* Show the wolfSSL OID value for OBJECT_ID. */
-    word8 show_oid:1;
+    WC_BITFIELD show_oid:1;
     /* Don't show text representations of primitive types. */
-    word8 show_no_text:1;
+    WC_BITFIELD show_no_text:1;
     /* Don't show dump text representations of primitive types. */
-    word8 show_no_dump_text:1;
+    WC_BITFIELD show_no_dump_text:1;
 } Asn1PrintOptions;
 
 /* ASN.1 item data. */
diff --git a/wolfssl/wolfcrypt/blake2-impl.h b/wolfssl/wolfcrypt/blake2-impl.h
index 1a0db320e..3f509c794 100644
--- a/wolfssl/wolfcrypt/blake2-impl.h
+++ b/wolfssl/wolfcrypt/blake2-impl.h
@@ -12,7 +12,7 @@
 */
 /* blake2-impl.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/blake2-int.h b/wolfssl/wolfcrypt/blake2-int.h
index b048ca5e8..ec2292160 100644
--- a/wolfssl/wolfcrypt/blake2-int.h
+++ b/wolfssl/wolfcrypt/blake2-int.h
@@ -12,7 +12,7 @@
 */
 /* blake2-int.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/blake2.h b/wolfssl/wolfcrypt/blake2.h
index 1f4ac77f1..5d42c15df 100644
--- a/wolfssl/wolfcrypt/blake2.h
+++ b/wolfssl/wolfcrypt/blake2.h
@@ -1,6 +1,6 @@
 /* blake2.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -49,10 +49,12 @@ enum {
 #ifdef HAVE_BLAKE2B
     BLAKE2B_ID  = WC_HASH_TYPE_BLAKE2B,
     BLAKE2B_256 = 32,  /* 256 bit type, SSL default */
+    WC_BLAKE2B_DIGEST_SIZE = 64,
 #endif
 #ifdef HAVE_BLAKE2S
     BLAKE2S_ID  = WC_HASH_TYPE_BLAKE2S,
-    BLAKE2S_256 = 32   /* 256 bit type */
+    BLAKE2S_256 = 32,  /* 256 bit type */
+    WC_BLAKE2S_DIGEST_SIZE = 32
 #endif
 };
 
diff --git a/wolfssl/wolfcrypt/camellia.h b/wolfssl/wolfcrypt/camellia.h
index bdba23bc9..a31f764b6 100644
--- a/wolfssl/wolfcrypt/camellia.h
+++ b/wolfssl/wolfcrypt/camellia.h
@@ -27,7 +27,7 @@
 
 /* camellia.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -63,34 +63,49 @@
 #endif
 
 enum {
-    CAMELLIA_BLOCK_SIZE = 16
+    WC_CAMELLIA_BLOCK_SIZE = 16
 };
 
-#define CAMELLIA_TABLE_BYTE_LEN 272
-#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / sizeof(word32))
+#define WC_CAMELLIA_TABLE_BYTE_LEN 272
+#define WC_CAMELLIA_TABLE_WORD_LEN (WC_CAMELLIA_TABLE_BYTE_LEN / sizeof(word32))
 
-typedef word32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
+typedef word32 WC_CAMELLIA_KEY_TABLE_TYPE[WC_CAMELLIA_TABLE_WORD_LEN];
 
-typedef struct Camellia {
+typedef struct wc_Camellia {
     word32 keySz;
-    KEY_TABLE_TYPE key;
-    word32 reg[CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
-    word32 tmp[CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
-} Camellia;
+    WC_CAMELLIA_KEY_TABLE_TYPE key;
+    word32 reg[WC_CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+    word32 tmp[WC_CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
+} wc_Camellia;
 
 
-WOLFSSL_API int  wc_CamelliaSetKey(Camellia* cam,
+WOLFSSL_API int  wc_CamelliaSetKey(wc_Camellia* cam,
                                    const byte* key, word32 len, const byte* iv);
-WOLFSSL_API int  wc_CamelliaSetIV(Camellia* cam, const byte* iv);
-WOLFSSL_API int  wc_CamelliaEncryptDirect(Camellia* cam, byte* out,
+WOLFSSL_API int  wc_CamelliaSetIV(wc_Camellia* cam, const byte* iv);
+WOLFSSL_API int  wc_CamelliaEncryptDirect(wc_Camellia* cam, byte* out,
                                                                 const byte* in);
-WOLFSSL_API int  wc_CamelliaDecryptDirect(Camellia* cam, byte* out,
+WOLFSSL_API int  wc_CamelliaDecryptDirect(wc_Camellia* cam, byte* out,
                                                                 const byte* in);
-WOLFSSL_API int wc_CamelliaCbcEncrypt(Camellia* cam,
+WOLFSSL_API int wc_CamelliaCbcEncrypt(wc_Camellia* cam,
                                           byte* out, const byte* in, word32 sz);
-WOLFSSL_API int wc_CamelliaCbcDecrypt(Camellia* cam,
+WOLFSSL_API int wc_CamelliaCbcDecrypt(wc_Camellia* cam,
                                           byte* out, const byte* in, word32 sz);
 
+#ifndef OPENSSL_COEXIST
+
+enum {
+    CAMELLIA_BLOCK_SIZE = WC_CAMELLIA_BLOCK_SIZE
+};
+
+#define CAMELLIA_TABLE_BYTE_LEN WC_CAMELLIA_TABLE_BYTE_LEN
+#define CAMELLIA_TABLE_WORD_LEN WC_CAMELLIA_TABLE_WORD_LEN
+
+typedef word32 KEY_TABLE_TYPE[WC_CAMELLIA_TABLE_WORD_LEN];
+
+typedef struct wc_Camellia Camellia;
+
+#endif /* !OPENSSL_COEXIST */
+
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/chacha.h b/wolfssl/wolfcrypt/chacha.h
index c3af0507a..892b6cedc 100644
--- a/wolfssl/wolfcrypt/chacha.h
+++ b/wolfssl/wolfcrypt/chacha.h
@@ -1,6 +1,6 @@
 /* chacha.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -97,16 +97,32 @@ WOLFSSL_API int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter);
 WOLFSSL_API int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
                               word32 msglen);
 
-WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx);
-
 WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz);
 
 #ifdef HAVE_XCHACHA
+WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx);
+
 WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz,
                                   const byte *nonce, word32 nonceSz,
                                   word32 counter);
 #endif
 
+#if defined(WOLFSSL_ARMASM)
+
+#ifndef __aarch64__
+void wc_chacha_setiv(word32* x, const byte* iv, word32 counter);
+void wc_chacha_setkey(word32* x, const byte* key, word32 keySz);
+#endif
+
+#if defined(WOLFSSL_ARMASM_NO_NEON) || defined(WOLFSSL_ARMASM_THUMB2)
+void wc_chacha_use_over(byte* over, byte* output, const byte* input,
+    word32 len);
+void wc_chacha_crypt_bytes(ChaCha* ctx, byte* c, const byte* m, word32 len);
+#endif
+
+#endif
+
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/chacha20_poly1305.h b/wolfssl/wolfcrypt/chacha20_poly1305.h
index 929a1a640..7f9ac1643 100644
--- a/wolfssl/wolfcrypt/chacha20_poly1305.h
+++ b/wolfssl/wolfcrypt/chacha20_poly1305.h
@@ -1,6 +1,6 @@
 /* chacha20_poly1305.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -72,7 +72,7 @@ typedef struct ChaChaPoly_Aead {
     word32   dataLen;
 
     byte     state;
-    byte     isEncrypt:1;
+    WC_BITFIELD isEncrypt:1;
 } ChaChaPoly_Aead;
 
 
@@ -95,7 +95,7 @@ int wc_ChaCha20Poly1305_Encrypt(
                 byte* outCiphertext,
                 byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
 
-WOLFSSL_ABI WOLFSSL_API
+WOLFSSL_ABI WOLFSSL_API WARN_UNUSED_RESULT
 int wc_ChaCha20Poly1305_Decrypt(
                 const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
                 const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
@@ -104,7 +104,7 @@ int wc_ChaCha20Poly1305_Decrypt(
                 const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
                 byte* outPlaintext);
 
-WOLFSSL_API
+WOLFSSL_API WARN_UNUSED_RESULT
 int wc_ChaCha20Poly1305_CheckTag(
     const byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
     const byte authTagChk[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
@@ -121,7 +121,7 @@ WOLFSSL_API int wc_ChaCha20Poly1305_UpdateAad(ChaChaPoly_Aead* aead,
     const byte* inAAD, word32 inAADLen);
 WOLFSSL_API int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead,
     const byte* inData, byte* outData, word32 dataLen);
-WOLFSSL_API int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead,
+WOLFSSL_API WARN_UNUSED_RESULT int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead,
     byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
 
 #ifdef HAVE_XCHACHA
@@ -140,7 +140,7 @@ WOLFSSL_API int wc_XChaCha20Poly1305_Encrypt(
     const byte *nonce, size_t nonce_len,
     const byte *key, size_t key_len);
 
-WOLFSSL_API int wc_XChaCha20Poly1305_Decrypt(
+WOLFSSL_API WARN_UNUSED_RESULT int wc_XChaCha20Poly1305_Decrypt(
     byte *dst, size_t dst_space,
     const byte *src, size_t src_len,
     const byte *ad, size_t ad_len,
diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h
index 015a9a0a6..dd6e5b7a4 100644
--- a/wolfssl/wolfcrypt/cmac.h
+++ b/wolfssl/wolfcrypt/cmac.h
@@ -1,6 +1,6 @@
 /* cmac.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,9 +24,12 @@
 #define WOLF_CRYPT_CMAC_H
 
 #include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/aes.h>
 
-#if !defined(NO_AES) && defined(WOLFSSL_CMAC)
+#ifdef WOLFSSL_CMAC
+
+#ifndef NO_AES
+#include <wolfssl/wolfcrypt/aes.h>
+#endif
 
 #if defined(HAVE_FIPS) && \
     defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
@@ -40,16 +43,22 @@
 /* avoid redefinition of structs */
 #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(2,0,0)
 
+typedef enum CmacType {
+    WC_CMAC_AES = 1
+} CmacType;
+
 #ifndef WC_CMAC_TYPE_DEFINED
     typedef struct Cmac Cmac;
     #define WC_CMAC_TYPE_DEFINED
 #endif
 struct Cmac {
+#ifndef NO_AES
     Aes aes;
-    byte buffer[AES_BLOCK_SIZE]; /* partially stored block */
-    byte digest[AES_BLOCK_SIZE]; /* running digest */
-    byte k1[AES_BLOCK_SIZE];
-    byte k2[AES_BLOCK_SIZE];
+    byte buffer[WC_AES_BLOCK_SIZE]; /* partially stored block */
+    byte digest[WC_AES_BLOCK_SIZE]; /* running digest */
+    byte k1[WC_AES_BLOCK_SIZE];
+    byte k2[WC_AES_BLOCK_SIZE];
+#endif
     word32 bufferSz;
     word32 totalSz;
 #ifdef WOLF_CRYPTO_CB
@@ -70,16 +79,20 @@ struct Cmac {
 #ifdef WOLFSSL_SE050
     byte   useSWCrypt; /* Use SW crypt instead of SE050, before SCP03 auth */
 #endif
+    CmacType type;
 };
 
 
 
-typedef enum CmacType {
-    WC_CMAC_AES = 1
-} CmacType;
 
-#define WC_CMAC_TAG_MAX_SZ AES_BLOCK_SIZE
-#define WC_CMAC_TAG_MIN_SZ (AES_BLOCK_SIZE/4)
+#ifndef NO_AES
+#define WC_CMAC_TAG_MAX_SZ WC_AES_BLOCK_SIZE
+#define WC_CMAC_TAG_MIN_SZ (WC_AES_BLOCK_SIZE/4)
+#else
+/* Reasonable defaults */
+#define WC_CMAC_TAG_MAX_SZ 16
+#define WC_CMAC_TAG_MIN_SZ 4
+#endif
 
 #if FIPS_VERSION3_GE(6,0,0)
     extern const unsigned int wolfCrypt_FIPS_cmac_ro_sanity[2];
@@ -111,6 +124,7 @@ int wc_CmacFinal(Cmac* cmac,
 WOLFSSL_API
 int wc_CmacFree(Cmac* cmac);
 
+#ifndef NO_AES
 WOLFSSL_API
 int wc_AesCmacGenerate(byte* out, word32* outSz,
                        const byte* in, word32 inSz,
@@ -134,10 +148,11 @@ int wc_AesCmacVerify_ex(Cmac* cmac,
                         const byte* key, word32 keySz,
                         void* heap,
                         int devId);
-
 WOLFSSL_LOCAL
 void ShiftAndXorRb(byte* out, byte* in);
 
+#endif /* !NO_AES */
+
 #ifdef WOLFSSL_HASH_KEEP
 WOLFSSL_API
 int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
@@ -148,6 +163,6 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
 #endif
 
 
-#endif /* NO_AES && WOLFSSL_CMAC */
+#endif /* WOLFSSL_CMAC */
 #endif /* WOLF_CRYPT_CMAC_H */
 
diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h
index 5aef5b115..ef87ab403 100644
--- a/wolfssl/wolfcrypt/coding.h
+++ b/wolfssl/wolfcrypt/coding.h
@@ -1,6 +1,6 @@
 /* coding.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,6 +36,9 @@
 WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
                                word32* outLen);
 
+WOLFSSL_API int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out,
+                               word32* outLen);
+
 #if defined(OPENSSL_EXTRA) || defined(SESSION_CERTS) || defined(WOLFSSL_KEY_GEN) \
    || defined(WOLFSSL_CERT_GEN) || defined(HAVE_WEBSERVER) || !defined(NO_DSA)
     #ifndef WOLFSSL_BASE64_ENCODE
diff --git a/wolfssl/wolfcrypt/compress.h b/wolfssl/wolfcrypt/compress.h
index 2886b2be8..c4d5c25e8 100644
--- a/wolfssl/wolfcrypt/compress.h
+++ b/wolfssl/wolfcrypt/compress.h
@@ -1,6 +1,6 @@
 /* compress.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/cpuid.h b/wolfssl/wolfcrypt/cpuid.h
index c91b628b5..bb883cb45 100644
--- a/wolfssl/wolfcrypt/cpuid.h
+++ b/wolfssl/wolfcrypt/cpuid.h
@@ -1,6 +1,6 @@
 /* cpuid.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -38,6 +38,11 @@
     #define HAVE_CPUID
     #define HAVE_CPUID_INTEL
 #endif
+#if (defined(WOLFSSL_AARCH64_BUILD) || (defined(__aarch64__) && \
+     defined(WOLFSSL_ARMASM))) && !defined(WOLFSSL_NO_ASM)
+    #define HAVE_CPUID
+    #define HAVE_CPUID_AARCH64
+#endif
 
 #ifdef HAVE_CPUID_INTEL
 
@@ -63,6 +68,26 @@
     #define IS_INTEL_BMI1(f)    ((f) & CPUID_BMI1)
     #define IS_INTEL_SHA(f)     ((f) & CPUID_SHA)
 
+#elif defined(HAVE_CPUID_AARCH64)
+
+    #define CPUID_AES         0x0001
+    #define CPUID_PMULL       0x0002
+    #define CPUID_SHA256      0x0004
+    #define CPUID_SHA512      0x0008
+    #define CPUID_RDM         0x0010
+    #define CPUID_SHA3        0x0020
+    #define CPUID_SM3         0x0040
+    #define CPUID_SM4         0x0080
+
+    #define IS_AARCH64_AES(f)       ((f) & CPUID_AES)
+    #define IS_AARCH64_PMULL(f)     ((f) & CPUID_PMULL)
+    #define IS_AARCH64_SHA256(f)    ((f) & CPUID_SHA256)
+    #define IS_AARCH64_SHA512(f)    ((f) & CPUID_SHA512)
+    #define IS_AARCH64_RDM(f)       ((f) & CPUID_RDM)
+    #define IS_AARCH64_SHA3(f)      ((f) & CPUID_SHA3)
+    #define IS_AARCH64_SM3(f)       ((f) & CPUID_SM3)
+    #define IS_AARCH64_SM4(f)       ((f) & CPUID_SM4)
+
 #endif
 
 #ifdef HAVE_CPUID
diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h
index 4b53db9d3..f47cb0a25 100644
--- a/wolfssl/wolfcrypt/cryptocb.h
+++ b/wolfssl/wolfcrypt/cryptocb.h
@@ -1,6 +1,6 @@
 /* cryptocb.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -50,6 +50,9 @@
 #ifndef NO_SHA256
     #include <wolfssl/wolfcrypt/sha256.h>
 #endif
+#ifdef WOLFSSL_SHA3
+    #include <wolfssl/wolfcrypt/sha3.h>
+#endif
 #ifndef NO_HMAC
     #include <wolfssl/wolfcrypt/hmac.h>
 #endif
@@ -71,12 +74,12 @@
 #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
     #include <wolfssl/wolfcrypt/sha512.h>
 #endif
-#ifdef WOLFSSL_HAVE_KYBER
-    #include <wolfssl/wolfcrypt/kyber.h>
-#ifdef WOLFSSL_WC_KYBER
-    #include <wolfssl/wolfcrypt/wc_kyber.h>
-#elif defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
-    #include <wolfssl/wolfcrypt/ext_kyber.h>
+#ifdef WOLFSSL_HAVE_MLKEM
+    #include <wolfssl/wolfcrypt/mlkem.h>
+#ifdef WOLFSSL_WC_MLKEM
+    #include <wolfssl/wolfcrypt/wc_mlkem.h>
+#elif defined(HAVE_LIBOQS)
+    #include <wolfssl/wolfcrypt/ext_mlkem.h>
 #endif
 #endif
 #if defined(HAVE_DILITHIUM)
@@ -98,15 +101,47 @@ enum wc_CryptoCbCmdType {
 };
 #endif
 
+
+#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+typedef struct {
+    Aes*        aes;
+    byte*       out;
+    const byte* in;
+    word32      sz;
+    const byte* nonce;
+    word32      nonceSz;
+    const byte* iv;
+    word32      ivSz;
+    byte*       authTag;
+    word32      authTagSz;
+    const byte* authIn;
+    word32      authInSz;
+} wc_CryptoCb_AesAuthEnc;
+typedef struct {
+    Aes*        aes;
+    byte*       out;
+    const byte* in;
+    word32      sz;
+    const byte* nonce;
+    word32      nonceSz;
+    const byte* iv;
+    word32      ivSz;
+    const byte* authTag;
+    word32      authTagSz;
+    const byte* authIn;
+    word32      authInSz;
+} wc_CryptoCb_AesAuthDec;
+#endif
+
 /* Crypto Information Structure for callbacks */
 typedef struct wc_CryptoInfo {
     int algo_type; /* enum wc_AlgoType */
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
     union {
 #endif
     struct {
         int type; /* enum wc_PkType */
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
         union {
 #endif
         #ifndef NO_RSA
@@ -118,6 +153,9 @@ typedef struct wc_CryptoInfo {
                 int         type;
                 RsaKey*     key;
                 WC_RNG*     rng;
+            #ifdef WOLF_CRYPTO_CB_RSA_PAD
+                RsaPadding *padding;
+            #endif
             } rsa;
         #ifdef WOLFSSL_KEY_GEN
             struct {
@@ -216,7 +254,7 @@ typedef struct wc_CryptoInfo {
                 byte         contextLen;
             } ed25519verify;
         #endif
-        #if defined(WOLFSSL_HAVE_KYBER)
+        #if defined(WOLFSSL_HAVE_MLKEM)
             struct {
                 WC_RNG*     rng;
                 int         size;
@@ -256,6 +294,9 @@ typedef struct wc_CryptoInfo {
                 WC_RNG*     rng;
                 void*       key;
                 int         type; /* enum wc_PqcSignatureType */
+                const byte* context;
+                byte        contextLen;
+                word32      preHashType; /* enum wc_HashType */
             } pqc_sign;
             struct {
                 const byte* sig;
@@ -265,6 +306,9 @@ typedef struct wc_CryptoInfo {
                 int*        res;
                 void*       key;
                 int         type; /* enum wc_PqcSignatureType */
+                const byte* context;
+                byte        contextLen;
+                word32      preHashType; /* enum wc_HashType */
             } pqc_verify;
             struct {
                 void*       key;
@@ -273,7 +317,7 @@ typedef struct wc_CryptoInfo {
                 int         type; /* enum wc_PqcSignatureType */
             } pqc_sig_check;
         #endif
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
         };
 #endif
     } pk;
@@ -281,60 +325,16 @@ typedef struct wc_CryptoInfo {
     struct {
         int type; /* enum wc_CipherType */
         int enc;
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
         union {
 #endif
         #ifdef HAVE_AESGCM
-            struct {
-                Aes*        aes;
-                byte*       out;
-                const byte* in;
-                word32      sz;
-                const byte* iv;
-                word32      ivSz;
-                byte*       authTag;
-                word32      authTagSz;
-                const byte* authIn;
-                word32      authInSz;
-            } aesgcm_enc;
-            struct {
-                Aes*        aes;
-                byte*       out;
-                const byte* in;
-                word32      sz;
-                const byte* iv;
-                word32      ivSz;
-                const byte* authTag;
-                word32      authTagSz;
-                const byte* authIn;
-                word32      authInSz;
-            } aesgcm_dec;
+            wc_CryptoCb_AesAuthEnc aesgcm_enc;
+            wc_CryptoCb_AesAuthDec aesgcm_dec;
         #endif /* HAVE_AESGCM */
         #ifdef HAVE_AESCCM
-            struct {
-                Aes*        aes;
-                byte*       out;
-                const byte* in;
-                word32      sz;
-                const byte* nonce;
-                word32      nonceSz;
-                byte*       authTag;
-                word32      authTagSz;
-                const byte* authIn;
-                word32      authInSz;
-            } aesccm_enc;
-            struct {
-                Aes*        aes;
-                byte*       out;
-                const byte* in;
-                word32      sz;
-                const byte* nonce;
-                word32      nonceSz;
-                const byte* authTag;
-                word32      authTagSz;
-                const byte* authIn;
-                word32      authInSz;
-            } aesccm_dec;
+            wc_CryptoCb_AesAuthEnc aesccm_enc;
+            wc_CryptoCb_AesAuthDec aesccm_dec;
         #endif /* HAVE_AESCCM */
         #if defined(HAVE_AES_CBC)
             struct {
@@ -369,19 +369,19 @@ typedef struct wc_CryptoInfo {
             } des3;
         #endif
             void* ctx;
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
         };
 #endif
     } cipher;
 #endif /* !NO_AES || !NO_DES3 */
 #if !defined(NO_SHA) || !defined(NO_SHA256) || \
-    defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
+    defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3)
     struct {
         int type; /* enum wc_HashType */
         const byte* in;
         word32 inSz;
         byte* digest;
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
         union {
 #endif
         #ifndef NO_SHA
@@ -403,7 +403,7 @@ typedef struct wc_CryptoInfo {
             wc_Sha3* sha3;
         #endif
             void* ctx;
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
         };
 #endif
     } hash;
@@ -442,13 +442,25 @@ typedef struct wc_CryptoInfo {
         int type;
     } cmac;
 #endif
+#ifndef NO_CERTS
+    struct {
+        const byte *id;
+        word32 idLen;
+        const char *label;
+        word32 labelLen;
+        byte **certDataOut;
+        word32 *certSz;
+        int *certFormatOut;
+        void *heap;
+    } cert;
+#endif
 #ifdef WOLF_CRYPTO_CB_CMD
     struct {      /* uses wc_AlgoType=ALGO_NONE */
         int type; /* enum wc_CryptoCbCmdType */
         void *ctx;
     } cmd;
 #endif
-#if HAVE_ANONYMOUS_INLINE_AGGREGATES
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
     };
 #endif
 } wc_CryptoInfo;
@@ -481,6 +493,11 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info);
 WOLFSSL_LOCAL int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
     word32* outLen, int type, RsaKey* key, WC_RNG* rng);
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+WOLFSSL_LOCAL int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
+    word32* outLen, int type, RsaKey* key, WC_RNG* rng, RsaPadding *padding);
+#endif
+
 #ifdef WOLFSSL_KEY_GEN
 WOLFSSL_LOCAL int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e,
     WC_RNG* rng);
@@ -527,7 +544,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
     const byte* context, byte contextLen);
 #endif /* HAVE_ED25519 */
 
-#if defined(WOLFSSL_HAVE_KYBER)
+#if defined(WOLFSSL_HAVE_MLKEM)
 WOLFSSL_LOCAL int wc_CryptoCb_PqcKemGetDevId(int type, void* key);
 
 WOLFSSL_LOCAL int wc_CryptoCb_MakePqcKemKey(WC_RNG* rng, int type,
@@ -540,7 +557,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_PqcEncapsulate(byte* ciphertext,
 WOLFSSL_LOCAL int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext,
     word32 ciphertextLen, byte* sharedSecret, word32 sharedSecretLen,
     int type, void* key);
-#endif /* WOLFSSL_HAVE_KYBER */
+#endif /* WOLFSSL_HAVE_MLKEM */
 
 #if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
 WOLFSSL_LOCAL int wc_CryptoCb_PqcSigGetDevId(int type, void* key);
@@ -549,10 +566,12 @@ WOLFSSL_LOCAL int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type,
     int keySize, void* key);
 
 WOLFSSL_LOCAL int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out,
-    word32 *outlen, WC_RNG* rng, int type, void* key);
+    word32 *outlen, const byte* context, byte contextLen, word32 preHashType,
+    WC_RNG* rng, int type, void* key);
 
 WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen,
-    const byte* msg, word32 msglen, int* res, int type, void* key);
+    const byte* msg, word32 msglen, const byte* context, byte contextLen,
+    word32 preHashType, int* res, int type, void* key);
 
 WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
     const byte* pubKey, word32 pubKeySz);
@@ -646,6 +665,12 @@ WOLFSSL_LOCAL int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
         void* ctx);
 #endif
 
+#ifndef NO_CERTS
+WOLFSSL_LOCAL int wc_CryptoCb_GetCert(int devId, const char *label,
+    word32 labelLen, const byte *id, word32 idLen, byte** out,
+    word32* outSz, int *format, void *heap);
+#endif
+
 #endif /* WOLF_CRYPTO_CB */
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h
index 4d6d90da4..79fb6d9af 100644
--- a/wolfssl/wolfcrypt/curve25519.h
+++ b/wolfssl/wolfcrypt/curve25519.h
@@ -1,6 +1,6 @@
 /* curve25519.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -90,15 +90,18 @@ struct curve25519_key {
     void* devCtx;
     int devId;
 #endif
-
+    void *heap;
+#ifdef WOLFSSL_CURVE25519_BLINDING
+    WC_RNG* rng;
+#endif
 #ifdef WOLFSSL_SE050
     word32 keyId;
     byte   keyIdSet;
 #endif
 
     /* bit fields */
-    byte pubSet:1;
-    byte privSet:1;
+    WC_BITFIELD pubSet:1;
+    WC_BITFIELD privSet:1;
 };
 
 enum {
@@ -109,11 +112,23 @@ enum {
 WOLFSSL_API
 int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
                            const byte* priv);
+#ifdef WOLFSSL_CURVE25519_BLINDING
+WOLFSSL_API
+int wc_curve25519_make_pub_blind(int public_size, byte* pub, int private_size,
+                                 const byte* priv, WC_RNG* rng);
+#endif
 
 WOLFSSL_API
 int wc_curve25519_generic(int public_size, byte* pub,
                           int private_size, const byte* priv,
                           int basepoint_size, const byte* basepoint);
+#ifdef WOLFSSL_CURVE25519_BLINDING
+WOLFSSL_API
+int wc_curve25519_generic_blind(int public_size, byte* pub,
+                                int private_size, const byte* priv,
+                                int basepoint_size, const byte* basepoint,
+                                WC_RNG* rng);
+#endif
 
 WOLFSSL_API
 int wc_curve25519_make_priv(WC_RNG* rng, int keysize, byte* priv);
@@ -139,6 +154,18 @@ int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId);
 WOLFSSL_API
 void wc_curve25519_free(curve25519_key* key);
 
+#ifdef WOLFSSL_CURVE25519_BLINDING
+WOLFSSL_API
+int wc_curve25519_set_rng(curve25519_key* key, WC_RNG* rng);
+#endif
+
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API
+curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code);
+WOLFSSL_API
+int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p);
+#endif
+WOLFSSL_API
 
 /* raw key helpers */
 WOLFSSL_API
diff --git a/wolfssl/wolfcrypt/curve448.h b/wolfssl/wolfcrypt/curve448.h
index 75df9e2fb..756c8a3d5 100644
--- a/wolfssl/wolfcrypt/curve448.h
+++ b/wolfssl/wolfcrypt/curve448.h
@@ -1,6 +1,6 @@
 /* curve448.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,8 +58,8 @@ struct curve448_key {
 #endif
 
     /* bit fields */
-    byte pubSet:1;
-    byte privSet:1;
+    WC_BITFIELD pubSet:1;
+    WC_BITFIELD privSet:1;
 };
 
 enum {
diff --git a/wolfssl/wolfcrypt/des3.h b/wolfssl/wolfcrypt/des3.h
index 7c46b8e35..25688577f 100644
--- a/wolfssl/wolfcrypt/des3.h
+++ b/wolfssl/wolfcrypt/des3.h
@@ -1,6 +1,6 @@
 /* des3.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -134,9 +134,16 @@ WOLFSSL_API int  wc_Des_EcbEncrypt(Des* des, byte* out,
 WOLFSSL_API int wc_Des3_EcbEncrypt(Des3* des, byte* out,
                                    const byte* in, word32 sz);
 
+#ifdef FREESCALE_MMCAU /* Has separate encrypt/decrypt functions */
+WOLFSSL_API int wc_Des_EcbDecrypt(Des* des, byte* out,
+                                   const byte* in, word32 sz);
+WOLFSSL_API int wc_Des3_EcbDecrypt(Des3* des, byte* out,
+                                   const byte* in, word32 sz);
+#else
 /* ECB decrypt same process as encrypt but with decrypt key */
 #define wc_Des_EcbDecrypt  wc_Des_EcbEncrypt
 #define wc_Des3_EcbDecrypt wc_Des3_EcbEncrypt
+#endif
 
 WOLFSSL_API int  wc_Des3_SetKey(Des3* des, const byte* key,
                                 const byte* iv,int dir);
diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h
index 948c44a63..81c5623cb 100644
--- a/wolfssl/wolfcrypt/dh.h
+++ b/wolfssl/wolfcrypt/dh.h
@@ -1,6 +1,6 @@
 /* dh.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -151,6 +151,9 @@ WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
 WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
                        const byte* priv, word32 privSz, const byte* otherPub,
                        word32 pubSz);
+WOLFSSL_API int wc_DhAgree_ct(DhKey* key, byte* agree, word32* agreeSz,
+                       const byte* priv, word32 privSz, const byte* otherPub,
+                       word32 pubSz);
 
 WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
                            word32 inSz); /* wc_DhKeyDecode is in asn.c */
diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h
index 742c8ecb9..25fd1587f 100644
--- a/wolfssl/wolfcrypt/dilithium.h
+++ b/wolfssl/wolfcrypt/dilithium.h
@@ -1,6 +1,6 @@
 /* dilithium.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -114,18 +114,56 @@
 #define DILITHIUM_LEVEL2_PUB_KEY_SIZE   1312
 #define DILITHIUM_LEVEL2_PRV_KEY_SIZE   \
     (DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334
+#define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588
 
 #define DILITHIUM_LEVEL3_KEY_SIZE       4032
 #define DILITHIUM_LEVEL3_SIG_SIZE       3309
 #define DILITHIUM_LEVEL3_PUB_KEY_SIZE   1952
 #define DILITHIUM_LEVEL3_PRV_KEY_SIZE   \
     (DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974
+#define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060
+
 
 #define DILITHIUM_LEVEL5_KEY_SIZE       4896
 #define DILITHIUM_LEVEL5_SIG_SIZE       4627
 #define DILITHIUM_LEVEL5_PUB_KEY_SIZE   2592
 #define DILITHIUM_LEVEL5_PRV_KEY_SIZE   \
     (DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614
+#define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924
+
+#define ML_DSA_LEVEL2_KEY_SIZE          2560
+#define ML_DSA_LEVEL2_SIG_SIZE          2420
+#define ML_DSA_LEVEL2_PUB_KEY_SIZE      1312
+#define ML_DSA_LEVEL2_PRV_KEY_SIZE   \
+    (ML_DSA_LEVEL2_PUB_KEY_SIZE + ML_DSA_LEVEL2_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE
+#define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE
+
+#define ML_DSA_LEVEL3_KEY_SIZE          4032
+#define ML_DSA_LEVEL3_SIG_SIZE          3309
+#define ML_DSA_LEVEL3_PUB_KEY_SIZE      1952
+#define ML_DSA_LEVEL3_PRV_KEY_SIZE   \
+    (ML_DSA_LEVEL3_PUB_KEY_SIZE + ML_DSA_LEVEL3_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE
+#define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE
+
+#define ML_DSA_LEVEL5_KEY_SIZE          4896
+#define ML_DSA_LEVEL5_SIG_SIZE          4627
+#define ML_DSA_LEVEL5_PUB_KEY_SIZE      2592
+#define ML_DSA_LEVEL5_PRV_KEY_SIZE   \
+    (ML_DSA_LEVEL5_PUB_KEY_SIZE + ML_DSA_LEVEL5_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
+#define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
+
 
 
 /* Modulus. */
@@ -197,8 +235,8 @@
 #define PARAMS_ML_DSA_44_ETA            DILITHIUM_ETA_2
 /* Number of bits in private key for ML-DSA-44. */
 #define PARAMS_ML_DSA_44_ETA_BITS       DILITHIUM_ETA_2_BITS
-/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-44. */
-#define PARAMS_ML_DSA_44_LAMBDA         16
+/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-44. */
+#define PARAMS_ML_DSA_44_LAMBDA         128
 /* # +/-1's in polynomial c, TAU, for ML-DSA-44. */
 #define PARAMS_ML_DSA_44_TAU            39
 /* BETA = TAU * ETA for ML-DSA-44. */
@@ -242,7 +280,7 @@
     (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_44_K * DILITHIUM_N * DILITHIUM_U / 8)
 /* Encoding size of signature in bytes for ML-DSA-44. */
 #define PARAMS_ML_DSA_44_SIG_SIZE       \
-    ((PARAMS_ML_DSA_44_LAMBDA * 2) +    \
+    ((PARAMS_ML_DSA_44_LAMBDA / 4) +    \
      PARAMS_ML_DSA_44_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_44_GAMMA1_BITS + 1) + \
      PARAMS_ML_DSA_44_OMEGA + PARAMS_ML_DSA_44_K)
 
@@ -258,8 +296,8 @@
 #define PARAMS_ML_DSA_65_ETA            DILITHIUM_ETA_4
 /* Number of bits in private key for ML-DSA-65. */
 #define PARAMS_ML_DSA_65_ETA_BITS       DILITHIUM_ETA_4_BITS
-/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-65. */
-#define PARAMS_ML_DSA_65_LAMBDA         24
+/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-65. */
+#define PARAMS_ML_DSA_65_LAMBDA         192
 /* # +/-1's in polynomial c, TAU, for ML-DSA-65. */
 #define PARAMS_ML_DSA_65_TAU            49
 /* BETA = TAU * ETA for ML-DSA-65. */
@@ -303,7 +341,7 @@
     (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_65_K * DILITHIUM_N * DILITHIUM_U / 8)
 /* Encoding size of signature in bytes for ML-DSA-65. */
 #define PARAMS_ML_DSA_65_SIG_SIZE       \
-    ((PARAMS_ML_DSA_65_LAMBDA * 2) +    \
+    ((PARAMS_ML_DSA_65_LAMBDA / 4) +    \
      PARAMS_ML_DSA_65_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_65_GAMMA1_BITS + 1) + \
      PARAMS_ML_DSA_65_OMEGA + PARAMS_ML_DSA_65_K)
 
@@ -319,8 +357,8 @@
 #define PARAMS_ML_DSA_87_ETA            DILITHIUM_ETA_2
 /* Number of bits in private key for ML-DSA-87. */
 #define PARAMS_ML_DSA_87_ETA_BITS       DILITHIUM_ETA_2_BITS
-/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-87. */
-#define PARAMS_ML_DSA_87_LAMBDA         32
+/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-87. */
+#define PARAMS_ML_DSA_87_LAMBDA         256
 /* # +/-1's in polynomial c, TAU, for ML-DSA-87. */
 #define PARAMS_ML_DSA_87_TAU            60
 /* BETA = TAU * ETA for ML-DSA-87. */
@@ -365,7 +403,7 @@
     (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_87_K * DILITHIUM_N * DILITHIUM_U / 8)
 /* Encoding size of signature in bytes for ML-DSA-87. */
 #define PARAMS_ML_DSA_87_SIG_SIZE       \
-    ((PARAMS_ML_DSA_87_LAMBDA * 2) +    \
+    ((PARAMS_ML_DSA_87_LAMBDA / 4) +    \
      PARAMS_ML_DSA_87_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_87_GAMMA1_BITS + 1) + \
      PARAMS_ML_DSA_87_OMEGA + PARAMS_ML_DSA_87_K)
 
@@ -483,18 +521,55 @@
 #define DILITHIUM_LEVEL2_PUB_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_public_key
 #define DILITHIUM_LEVEL2_PRV_KEY_SIZE \
     (DILITHIUM_LEVEL2_PUB_KEY_SIZE+DILITHIUM_LEVEL2_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334
+#define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588
 
 #define DILITHIUM_LEVEL3_KEY_SIZE     OQS_SIG_ml_dsa_65_ipd_length_secret_key
 #define DILITHIUM_LEVEL3_SIG_SIZE     OQS_SIG_ml_dsa_65_ipd_length_signature
 #define DILITHIUM_LEVEL3_PUB_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_public_key
 #define DILITHIUM_LEVEL3_PRV_KEY_SIZE \
     (DILITHIUM_LEVEL3_PUB_KEY_SIZE+DILITHIUM_LEVEL3_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974
+#define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060
 
 #define DILITHIUM_LEVEL5_KEY_SIZE     OQS_SIG_ml_dsa_87_ipd_length_secret_key
 #define DILITHIUM_LEVEL5_SIG_SIZE     OQS_SIG_ml_dsa_87_ipd_length_signature
 #define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key
 #define DILITHIUM_LEVEL5_PRV_KEY_SIZE \
     (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614
+#define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924
+
+
+#define ML_DSA_LEVEL2_KEY_SIZE        OQS_SIG_ml_dsa_44_ipd_length_secret_key
+#define ML_DSA_LEVEL2_SIG_SIZE        OQS_SIG_ml_dsa_44_ipd_length_signature
+#define ML_DSA_LEVEL2_PUB_KEY_SIZE    OQS_SIG_ml_dsa_44_ipd_length_public_key
+#define ML_DSA_LEVEL2_PRV_KEY_SIZE    \
+    (ML_DSA_LEVEL2_PUB_KEY_SIZE+ML_DSA_LEVEL2_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE
+#define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE
+
+#define ML_DSA_LEVEL3_KEY_SIZE        OQS_SIG_ml_dsa_65_ipd_length_secret_key
+#define ML_DSA_LEVEL3_SIG_SIZE        OQS_SIG_ml_dsa_65_ipd_length_signature
+#define ML_DSA_LEVEL3_PUB_KEY_SIZE    OQS_SIG_ml_dsa_65_ipd_length_public_key
+#define ML_DSA_LEVEL3_PRV_KEY_SIZE    \
+    (ML_DSA_LEVEL3_PUB_KEY_SIZE+ML_DSA_LEVEL3_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE
+#define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE
+
+#define ML_DSA_LEVEL5_KEY_SIZE        OQS_SIG_ml_dsa_87_ipd_length_secret_key
+#define ML_DSA_LEVEL5_SIG_SIZE        OQS_SIG_ml_dsa_87_ipd_length_signature
+#define ML_DSA_LEVEL5_PUB_KEY_SIZE    OQS_SIG_ml_dsa_87_ipd_length_public_key
+#define ML_DSA_LEVEL5_PRV_KEY_SIZE    \
+    (ML_DSA_LEVEL5_PUB_KEY_SIZE+ML_DSA_LEVEL5_KEY_SIZE)
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
+#define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
 
 #endif
 
@@ -502,6 +577,10 @@
 #define DILITHIUM_MAX_SIG_SIZE     DILITHIUM_LEVEL5_SIG_SIZE
 #define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE
 #define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE
+/* Buffer sizes large enough to store exported DER encoded keys */
+#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
+#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
+
 
 #ifdef WOLF_PRIVATE_KEY_ID
 #define DILITHIUM_MAX_ID_LEN    32
@@ -520,7 +599,7 @@ typedef struct wc_dilithium_params {
     byte tau;
     byte beta;
     byte omega;
-    byte lambda;
+    word16 lambda;
     byte gamma1_bits;
     word32 gamma2;
     word32 w1EncSz;
@@ -626,15 +705,38 @@ WOLFSSL_API
 int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed);
 
 WOLFSSL_API
-int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out,
-    word32 *outLen, dilithium_key* key, WC_RNG* rng);
+int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
+    word32* sigLen, dilithium_key* key, WC_RNG* rng);
 WOLFSSL_API
-int wc_dilithium_sign_msg_with_seed(const byte* in, word32 inLen, byte* out,
-    word32 *outLen, dilithium_key* key, byte* seed);
+int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
+    word32 msgLen, byte* sig, word32* sigLen, dilithium_key* key, WC_RNG* rng);
+WOLFSSL_API
+int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
+    const byte* hash, word32 hashLen, byte* sig, word32* sigLen,
+    dilithium_key* key, WC_RNG* rng);
+WOLFSSL_API
+int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
+    word32 *sigLen, dilithium_key* key, const byte* seed);
+WOLFSSL_API
+int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
+    const byte* msg, word32 msgLen, byte* sig, word32 *sigLen,
+    dilithium_key* key, const byte* seed);
+WOLFSSL_API
+int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen,
+    int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32 *sigLen,
+    dilithium_key* key, const byte* seed);
 #endif
 WOLFSSL_API
 int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
     word32 msgLen, int* res, dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
+    word32 ctxLen, const byte* msg, word32 msgLen, int* res,
+    dilithium_key* key);
+WOLFSSL_API
+int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
+    const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash,
+    word32 hashLen, int* res, dilithium_key* key);
 
 WOLFSSL_API
 int wc_dilithium_init(dilithium_key* key);
@@ -703,6 +805,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen);
 #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
 WOLFSSL_API
 int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen);
+#define wc_dilithium_export_private_only    wc_dilithium_export_private
 #endif
 #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
 WOLFSSL_API
@@ -737,10 +840,14 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
 #endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
 
 
+#define WC_ML_DSA_DRAFT         10
 
 #define WC_ML_DSA_44            2
 #define WC_ML_DSA_65            3
 #define WC_ML_DSA_87            5
+#define WC_ML_DSA_44_DRAFT      (2 + WC_ML_DSA_DRAFT)
+#define WC_ML_DSA_65_DRAFT      (3 + WC_ML_DSA_DRAFT)
+#define WC_ML_DSA_87_DRAFT      (5 + WC_ML_DSA_DRAFT)
 
 #define DILITHIUM_ML_DSA_44_KEY_SIZE        2560
 #define DILITHIUM_ML_DSA_44_SIG_SIZE        2420
@@ -775,7 +882,7 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
 #define wc_MlDsaKey_ExportPrivRaw(key, out, outLen)             \
     wc_dilithium_export_private_only(key, out, outLen)
 #define wc_MlDsaKey_ImportPrivRaw(key, in, inLen)               \
-    wc_dilithium_import_private_only(out, outLen, key)
+    wc_dilithium_import_private_only(in, inLen, key)
 #define wc_MlDsaKey_Sign(key, sig, sigSz, msg, msgSz, rng)      \
     wc_dilithium_sign_msg(msg, msgSz, sig, sigSz, key, rng)
 #define wc_MlDsaKey_Free(key)                                   \
@@ -783,13 +890,20 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
 #define wc_MlDsaKey_ExportPubRaw(key, out, outLen)              \
     wc_dilithium_export_public(key, out, outLen)
 #define wc_MlDsaKey_ImportPubRaw(key, in, inLen)                \
-    wc_dilithium_import_public(out, outLen, key)
+    wc_dilithium_import_public(in, inLen, key)
 #define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res)    \
     wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key)
 
-int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len);
-int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len);
-int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len);
+#define wc_MlDsaKey_PublicKeyToDer(key, output, len, withAlg)   \
+    wc_Dilithium_PublicKeyToDer(key, output, len, withAlg)
+
+#define wc_MlDsaKey_PrivateKeyToDer(key, output, len)           \
+    wc_Dilithium_PrivateKeyToDer(key, output, len)
+
+
+WOLFSSL_API int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len);
+WOLFSSL_API int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len);
+WOLFSSL_API int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len);
 
 #ifdef __cplusplus
     }    /* extern "C" */
diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h
index 1e92fd5ed..4ae42c3bb 100644
--- a/wolfssl/wolfcrypt/dsa.h
+++ b/wolfssl/wolfcrypt/dsa.h
@@ -1,6 +1,6 @@
 /* dsa.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index e73c10b9b..04a7a66e9 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -1,6 +1,6 @@
 /* ecc.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -287,7 +287,8 @@ typedef byte   ecc_oid_t;
 #endif
 
 
-#if !defined(WOLFSSL_ECC_CURVE_STATIC) && defined(USE_WINDOWS_API)
+#if !defined(WOLFSSL_ECC_CURVE_STATIC) && defined(USE_WINDOWS_API) && \
+        !defined(__WATCOMC__)
     /* MSC does something different with the pointers to the arrays than GCC,
      * and it causes the FIPS checksum to fail. In the case of windows builds,
      * store everything as arrays instead of pointers to strings. */
@@ -467,6 +468,7 @@ struct ecc_point {
 #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK)
     ecc_key* key;
 #endif
+    WC_BITFIELD isAllocated:1;
 };
 
 /* ECC Flags */
@@ -589,12 +591,12 @@ struct ecc_key {
     mp_int* sign_k;
 #else
     mp_int sign_k[1];
-    byte sign_k_set:1;
+    WC_BITFIELD sign_k_set:1;
 #endif
 #endif
 #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
     defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
-    byte deterministic:1;
+    WC_BITFIELD deterministic:1;
     enum wc_HashType hashType;
 #endif
 
@@ -641,8 +643,15 @@ WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key* key);
 
 
 /* ECC predefined curve sets  */
-extern const ecc_set_type ecc_sets[];
-extern const size_t ecc_sets_count;
+#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+    extern const ecc_set_type ecc_sets[];
+    extern const size_t ecc_sets_count;
+#else
+    WOLFSSL_API const ecc_set_type *wc_ecc_get_sets(void);
+    WOLFSSL_API size_t wc_ecc_get_sets_count(void);
+    #define ecc_sets wc_ecc_get_sets()
+    #define ecc_sets_count wc_ecc_get_sets_count()
+#endif
 
 WOLFSSL_API
 const char* wc_ecc_get_name(int curve_id);
@@ -763,7 +772,7 @@ WOLFSSL_API
 int wc_ecc_set_flags(ecc_key* key, word32 flags);
 WOLFSSL_ABI WOLFSSL_API
 void wc_ecc_fp_free(void);
-WOLFSSL_LOCAL
+WOLFSSL_API
 void wc_ecc_fp_init(void);
 WOLFSSL_API
 int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
@@ -1020,6 +1029,11 @@ WOLFSSL_API int wc_ecc_curve_cache_init(void);
 WOLFSSL_API void wc_ecc_curve_cache_free(void);
 #endif
 
+#ifdef HAVE_OID_ENCODING
+WOLFSSL_LOCAL int wc_ecc_oid_cache_init(void);
+WOLFSSL_LOCAL void wc_ecc_oid_cache_free(void);
+#endif
+
 WOLFSSL_API
 int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order);
 
diff --git a/wolfssl/wolfcrypt/eccsi.h b/wolfssl/wolfcrypt/eccsi.h
index 72f9c7063..5136d1355 100644
--- a/wolfssl/wolfcrypt/eccsi.h
+++ b/wolfssl/wolfcrypt/eccsi.h
@@ -1,6 +1,6 @@
 /* eccsi.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -62,15 +62,15 @@ typedef struct EccsiKeyParams {
     ecc_point* base;
 
     /** Bit indicates order (q) is set as an MP integer in ECCSI key. */
-    byte haveOrder:1;
+    WC_BITFIELD haveOrder:1;
     /** Bit indicates A is set as an MP integer in ECCSI key. */
-    byte haveA:1;
+    WC_BITFIELD haveA:1;
     /** Bit indicates B is set as an MP integer in ECCSI key. */
-    byte haveB:1;
+    WC_BITFIELD haveB:1;
     /** Bit indicates prime is set as an MP integer in ECCSI key. */
-    byte havePrime:1;
+    WC_BITFIELD havePrime:1;
     /** Bit indicates base point is set as an MP integer in ECCSI key. */
-    byte haveBase:1;
+    WC_BITFIELD haveBase:1;
 } EccsiKeyParams;
 
 /**
@@ -104,7 +104,7 @@ typedef struct EccsiKey {
     /** Heap hint for dynamic memory allocation. */
     void* heap;
     /** Bit indicates KPAK (public key) is in montgomery form. */
-    word16 kpakMont:1;
+    WC_BITFIELD kpakMont:1;
 } EccsiKey;
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h
index ff3b26cb0..8dc0fc118 100644
--- a/wolfssl/wolfcrypt/ed25519.h
+++ b/wolfssl/wolfcrypt/ed25519.h
@@ -1,6 +1,6 @@
 /* ed25519.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -94,8 +94,9 @@ struct ed25519_key {
     word32 flags;
     byte   keyIdSet;
 #endif
-    word16 privKeySet:1;
-    word16 pubKeySet:1;
+    WC_BITFIELD privKeySet:1;
+    WC_BITFIELD pubKeySet:1;
+    WC_BITFIELD sha_clean_flag:1; /* only used if WOLFSSL_ED25519_PERSISTENT_SHA */
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
 #endif
@@ -106,7 +107,6 @@ struct ed25519_key {
     void *heap;
 #ifdef WOLFSSL_ED25519_PERSISTENT_SHA
     wc_Sha512 sha;
-    int sha_clean_flag;
 #endif
 };
 
@@ -175,13 +175,20 @@ int wc_ed25519_verify_msg_final(const byte* sig, word32 sigLen, int* res,
 #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
 #endif /* HAVE_ED25519_VERIFY */
 
-
 WOLFSSL_API
 int wc_ed25519_init(ed25519_key* key);
 WOLFSSL_API
 int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId);
 WOLFSSL_API
 void wc_ed25519_free(ed25519_key* key);
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API
+ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code);
+WOLFSSL_API
+int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p);
+#endif
+WOLFSSL_API
+
 #ifdef HAVE_ED25519_KEY_IMPORT
 WOLFSSL_API
 int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key);
diff --git a/wolfssl/wolfcrypt/ed448.h b/wolfssl/wolfcrypt/ed448.h
index 1d12da87a..e79a04837 100644
--- a/wolfssl/wolfcrypt/ed448.h
+++ b/wolfssl/wolfcrypt/ed448.h
@@ -1,6 +1,6 @@
 /* ed448.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -85,8 +85,8 @@ struct ed448_key {
     byte pointX[ED448_KEY_SIZE]; /* recovered X coordinate */
     byte pointY[ED448_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */
 #endif
-    word16 privKeySet:1;
-    word16 pubKeySet:1;
+    WC_BITFIELD privKeySet:1;
+    WC_BITFIELD pubKeySet:1;
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
 #endif
@@ -97,7 +97,7 @@ struct ed448_key {
     void *heap;
 #ifdef WOLFSSL_ED448_PERSISTENT_SHA
     wc_Shake sha;
-    int sha_clean_flag;
+    unsigned int sha_clean_flag : 1;
 #endif
 };
 
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index 413868ebb..f466e291b 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -1,6 +1,6 @@
 /* error-crypt.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,10 +37,31 @@ the error status.
     extern "C" {
 #endif
 
+#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H
+#include <wolfssl/debug-untrace-error-codes.h>
+#endif
 
 /* error codes, add string for new errors !!! */
-enum {
-    MAX_CODE_E         = -100,  /* errors -101 - -299 */
+enum wolfCrypt_ErrorCodes {
+    /* note that WOLFSSL_FATAL_ERROR is defined as -1 in error-ssl.h, for
+     * reasons of backward compatibility.
+     */
+    WC_FAILURE         =   -1,  /* Generic but traceable back compat errcode.
+                                 * Note, not reflected in MAX_CODE_E or
+                                 * WC_FIRST_E.
+                                 */
+
+    MAX_CODE_E         =  -96,  /* WC_FIRST_E + 1, for backward compat. */
+    WC_FIRST_E         =  -97,  /* First code used for wolfCrypt */
+
+    WC_SPAN1_FIRST_E   =  -97,  /* errors -97 - -300 */
+
+    MP_MEM             =  -97,  /* MP dynamic memory allocation failed. */
+    MP_VAL             =  -98,  /* MP value passed is not able to be used. */
+    MP_WOULDBLOCK      =  -99,  /* MP non-blocking operation is returning after
+                                 * partial completion. */
+    MP_NOT_INF         = -100,  /* MP point not at infinity */
+
     OPEN_RAN_E         = -101,  /* opening random device error */
     READ_RAN_E         = -102,  /* reading random device error */
     WINCRYPT_E         = -103,  /* windows crypt init error */
@@ -114,7 +135,8 @@ enum {
     ED25519_KAT_FIPS_E = -163,  /* Ed25519 Known answer test failure */
     ED448_KAT_FIPS_E   = -164,  /* Ed448 Known answer test failure */
     PBKDF2_KAT_FIPS_E  = -165,  /* PBKDF2 Known answer test failure */
-    /* -166..-169 unused. */
+    WC_KEY_MISMATCH_E  = -166,  /* Error for private/public key mismatch */
+    /* -167..-169 unused. */
 
     ECC_BAD_ARG_E      = -170,  /* ECC input argument of wrong type */
     ASN_ECC_KEY_E      = -171,  /* ASN ECC bad input */
@@ -275,18 +297,37 @@ enum {
     SM4_GCM_AUTH_E      = -298,  /* SM4-GCM Authentication check failure */
     SM4_CCM_AUTH_E      = -299,  /* SM4-CCM Authentication check failure */
 
-    WC_LAST_E           = -299,  /* Update this to indicate last error */
-    MIN_CODE_E          = -300   /* errors -101 - -299 */
+    WC_SPAN1_LAST_E     = -299,  /* Last used code in span 1 */
+    WC_SPAN1_MIN_CODE_E = -300,  /* Last usable code in span 1 */
+
+    WC_SPAN2_FIRST_E    = -1000,
+
+    DEADLOCK_AVERTED_E  = -1000, /* Deadlock averted -- retry the call */
+    ASCON_AUTH_E        = -1001, /* ASCON Authentication check failure */
+
+    WC_SPAN2_LAST_E     = -1001, /* Update to indicate last used error code */
+    WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */
+
+    WC_LAST_E           = -1001, /* the last code used either here or in
+                                  * error-ssl.h
+                                  */
+
+    MIN_CODE_E          = -1999  /* the last code allocated either here or in
+                                  * error-ssl.h
+                                  */
 
     /* add new companion error id strings for any new error codes
        wolfcrypt/src/error.c !!! */
 };
 
+wc_static_assert((int)WC_LAST_E <= (int)WC_SPAN2_LAST_E);
+wc_static_assert((int)MIN_CODE_E <= (int)WC_LAST_E);
+wc_static_assert((int)MIN_CODE_E <= (int)WC_SPAN2_MIN_CODE_E);
 
 #ifdef NO_ERROR_STRINGS
     #define wc_GetErrorString(error) "no support for error strings built in"
     #define wc_ErrorString(err, buf) \
-        (void)err; XSTRNCPY((buf), wc_GetErrorString((err)), \
+        (void)(err); XSTRNCPY((buf), wc_GetErrorString(err), \
         WOLFSSL_MAX_ERROR_SZ);
 
 #else
@@ -294,11 +335,10 @@ WOLFSSL_API void wc_ErrorString(int err, char* buff);
 WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error);
 #endif
 
-#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && !defined(BUILDING_WOLFSSL)
-    #undef WOLFSSL_DEBUG_TRACE_ERROR_CODES
-#endif
-#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
-    extern void wc_backtrace_render(void);
+#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \
+        (defined(BUILDING_WOLFSSL) || \
+         defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS))
+    WOLFSSL_API extern void wc_backtrace_render(void);
     #define WC_NO_ERR_TRACE(label) (CONST_NUM_ERR_ ## label)
     #ifndef WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE
         #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
diff --git a/wolfssl/wolfcrypt/ext_lms.h b/wolfssl/wolfcrypt/ext_lms.h
index 41203351c..2c7d11674 100644
--- a/wolfssl/wolfcrypt/ext_lms.h
+++ b/wolfssl/wolfcrypt/ext_lms.h
@@ -1,6 +1,6 @@
 /* ext_lms.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/ext_kyber.h b/wolfssl/wolfcrypt/ext_mlkem.h
similarity index 63%
rename from wolfssl/wolfcrypt/ext_kyber.h
rename to wolfssl/wolfcrypt/ext_mlkem.h
index 95b22a1a8..53c6c7d8c 100644
--- a/wolfssl/wolfcrypt/ext_kyber.h
+++ b/wolfssl/wolfcrypt/ext_mlkem.h
@@ -1,6 +1,6 @@
-/* ext_kyber.h
+/* ext_mlkem.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,30 +26,27 @@
     #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
 
-#ifdef WOLFSSL_HAVE_KYBER
-#include <wolfssl/wolfcrypt/kyber.h>
+#ifdef WOLFSSL_HAVE_MLKEM
+#include <wolfssl/wolfcrypt/mlkem.h>
 
-#if !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4)
-#error "This code requires liboqs or pqm4"
+#if !defined(HAVE_LIBOQS)
+#error "This code requires liboqs"
 #endif
 
-#if defined(WOLFSSL_WC_KYBER)
+#if defined(WOLFSSL_WC_MLKEM)
 #error "This code is incompatible with wolfCrypt's implementation of Kyber."
 #endif
 
 #if defined (HAVE_LIBOQS)
     #include <oqs/kem.h>
-    #define EXT_KYBER_MAX_PRIV_SZ OQS_KEM_kyber_1024_length_secret_key
-    #define EXT_KYBER_MAX_PUB_SZ  OQS_KEM_kyber_1024_length_public_key
-#elif defined(HAVE_PQM4)
-    #include "api_kyber.h"
-    #define PQM4_PUBLIC_KEY_LENGTH    CRYPTO_PUBLICKEYBYTES
-    #define PQM4_PRIVATE_KEY_LENGTH   CRYPTO_SECRETKEYBYTES
-    #define PQM4_SHARED_SECRET_LENGTH CRYPTO_BYTES
-    #define PQM4_CIPHERTEXT_LENGTH    CRYPTO_CIPHERTEXTBYTES
 
-    #define EXT_KYBER_MAX_PRIV_SZ PQM4_PRIVATE_KEY_LENGTH
-    #define EXT_KYBER_MAX_PUB_SZ  PQM4_PUBLIC_KEY_LENGTH
+    #ifndef WOLFSSL_NO_ML_KEM
+        #define EXT_KYBER_MAX_PRIV_SZ OQS_KEM_ml_kem_1024_length_secret_key
+        #define EXT_KYBER_MAX_PUB_SZ  OQS_KEM_ml_kem_1024_length_public_key
+    #elif defined(WOLFSSL_MLKEM_KYBER)
+        #define EXT_KYBER_MAX_PRIV_SZ OQS_KEM_kyber_1024_length_secret_key
+        #define EXT_KYBER_MAX_PUB_SZ  OQS_KEM_kyber_1024_length_public_key
+    #endif
 #endif
 
 struct KyberKey {
@@ -71,7 +68,7 @@ struct KyberKey {
 };
 
 #if defined (HAVE_LIBOQS)
-WOLFSSL_LOCAL int ext_kyber_enabled(int id);
+WOLFSSL_LOCAL int ext_mlkem_enabled(int id);
 #endif
-#endif /* WOLFSSL_HAVE_KYBER */
+#endif /* WOLFSSL_HAVE_MLKEM */
 #endif /* EXT_KYBER_H */
diff --git a/wolfssl/wolfcrypt/ext_xmss.h b/wolfssl/wolfcrypt/ext_xmss.h
index cb041bcb6..1c7ed3581 100644
--- a/wolfssl/wolfcrypt/ext_xmss.h
+++ b/wolfssl/wolfcrypt/ext_xmss.h
@@ -1,6 +1,6 @@
 /* ext_xmss.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/falcon.h b/wolfssl/wolfcrypt/falcon.h
index a103034bc..45ae6736f 100644
--- a/wolfssl/wolfcrypt/falcon.h
+++ b/wolfssl/wolfcrypt/falcon.h
@@ -1,6 +1,6 @@
 /* falcon.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/fe_448.h b/wolfssl/wolfcrypt/fe_448.h
index 09ff15025..fef9d177b 100644
--- a/wolfssl/wolfcrypt/fe_448.h
+++ b/wolfssl/wolfcrypt/fe_448.h
@@ -1,6 +1,6 @@
 /* fe448_448.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -29,7 +29,8 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
-#if defined(HAVE___UINT128_T) && !defined(NO_CURVED448_128BIT)
+#if defined(HAVE___UINT128_T) && !defined(NO_CURVED448_128BIT) && \
+        !defined(NO_INT128)
     #define CURVED448_128BIT
 #endif
 
diff --git a/wolfssl/wolfcrypt/fe_operations.h b/wolfssl/wolfcrypt/fe_operations.h
index 23928f26b..dd029eca1 100644
--- a/wolfssl/wolfcrypt/fe_operations.h
+++ b/wolfssl/wolfcrypt/fe_operations.h
@@ -1,6 +1,6 @@
 /* fe_operations.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -76,6 +76,10 @@ Bounds on each t[i] vary depending on context.
 WOLFSSL_LOCAL void fe_init(void);
 
 WOLFSSL_LOCAL int  curve25519(byte * q, const byte * n, const byte * p);
+#ifdef WOLFSSL_CURVE25519_BLINDING
+WOLFSSL_LOCAL int  curve25519_blind(byte * q, const byte * n, const byte* mask,
+                                    const byte * p, const byte* rz);
+#endif
 #endif
 
 /* default to be faster but take more memory */
diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h
index 652375349..16f170b5e 100644
--- a/wolfssl/wolfcrypt/fips_test.h
+++ b/wolfssl/wolfcrypt/fips_test.h
@@ -1,6 +1,6 @@
 /* fips_test.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -72,7 +72,9 @@ enum FipsCastId {
     FIPS_CAST_ED25519           = 16,
     FIPS_CAST_ED448             = 17,
     FIPS_CAST_PBKDF2            = 18,
-    FIPS_CAST_COUNT             = 19
+    /* v7.0.0 + */
+    FIPS_CAST_AES_ECB           = 19,
+    FIPS_CAST_COUNT             = 20
 };
 
 enum FipsCastStateId {
diff --git a/wolfssl/wolfcrypt/ge_448.h b/wolfssl/wolfcrypt/ge_448.h
index bbdb0674d..82665cfe7 100644
--- a/wolfssl/wolfcrypt/ge_448.h
+++ b/wolfssl/wolfcrypt/ge_448.h
@@ -1,6 +1,6 @@
 /* ge_448.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -65,6 +65,7 @@ WOLFSSL_LOCAL int  ge448_from_bytes_negate_vartime(ge448_p2 *r, const byte *b);
 WOLFSSL_LOCAL int  ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a,
                                     const ge448_p2 *A, const byte *b);
 WOLFSSL_LOCAL int  ge448_scalarmult_base(ge448_p2* h, const byte* a);
+/* Only performs a weak reduce. */
 WOLFSSL_LOCAL void sc448_reduce(byte* b);
 WOLFSSL_LOCAL void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d);
 WOLFSSL_LOCAL void ge448_to_bytes(byte *s, const ge448_p2 *h);
diff --git a/wolfssl/wolfcrypt/ge_operations.h b/wolfssl/wolfcrypt/ge_operations.h
index dd70d3bb5..9a4d9957f 100644
--- a/wolfssl/wolfcrypt/ge_operations.h
+++ b/wolfssl/wolfcrypt/ge_operations.h
@@ -1,6 +1,6 @@
 /* ge_operations.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -112,7 +112,6 @@ typedef struct {
   ge Z;
   ge T2d;
 } ge_cached;
-#endif /* !ED25519_SMALL */
 
 #ifdef CURVED25519_ASM
 void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p);
@@ -124,6 +123,7 @@ void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q);
 void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
 void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
 #endif
+#endif /* !ED25519_SMALL */
 
 #ifdef __cplusplus
     }    /* extern "C" */
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index 2f7de32d0..02d99d4c2 100644
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -1,6 +1,6 @@
 /* hash.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -80,45 +80,45 @@ enum wc_MACAlgorithm {
     sha512_mac,
     rmd_mac,
     blake2b_mac,
-    sm3_mac,
+    sm3_mac
 };
 
-enum wc_HashFlags {
-    WC_HASH_FLAG_NONE =     0x00000000,
-    WC_HASH_FLAG_WILLCOPY = 0x00000001, /* flag to indicate hash will be copied */
-    WC_HASH_FLAG_ISCOPY =   0x00000002, /* hash is copy */
-#ifdef WOLFSSL_SHA3
-    WC_HASH_SHA3_KECCAK256 =0x00010000, /* Older KECCAK256 */
+/* hash union */
+typedef union {
+#ifndef NO_MD5
+    wc_Md5 md5;
 #endif
-    WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_HASH)
-};
+#ifndef NO_SHA
+    wc_Sha sha;
+#endif
+#ifdef WOLFSSL_SHA224
+    wc_Sha224 sha224;
+#endif
+#ifndef NO_SHA256
+    wc_Sha256 sha256;
+#endif
+#ifdef WOLFSSL_SHA384
+    wc_Sha384 sha384;
+#endif
+#ifdef WOLFSSL_SHA512
+    wc_Sha512 sha512;
+#endif
+#ifdef WOLFSSL_SHA3
+    wc_Sha3 sha3;
+#endif
+#ifdef WOLFSSL_SM3
+    wc_Sm3 sm3;
+#endif
+    WOLF_AGG_DUMMY_MEMBER;
+} wc_Hashes;
 
 #ifndef NO_HASH_WRAPPER
-typedef union {
-    #ifndef NO_MD5
-        wc_Md5 md5;
-    #endif
-    #ifndef NO_SHA
-        wc_Sha sha;
-    #endif
-    #ifdef WOLFSSL_SHA224
-        wc_Sha224 sha224;
-    #endif
-    #ifndef NO_SHA256
-        wc_Sha256 sha256;
-    #endif
-    #ifdef WOLFSSL_SHA384
-        wc_Sha384 sha384;
-    #endif
-    #ifdef WOLFSSL_SHA512
-        wc_Sha512 sha512;
-    #endif
-    #ifdef WOLFSSL_SHA3
-        wc_Sha3 sha3;
-    #endif
-    #ifdef WOLFSSL_SM3
-        wc_Sm3 sm3;
-    #endif
+typedef struct {
+    wc_Hashes alg;
+    enum wc_HashType type; /* sanity check */
+#ifndef WC_NO_CONSTRUCTORS
+    void *heap;
+#endif
 } wc_HashAlg;
 #endif /* !NO_HASH_WRAPPER */
 
@@ -183,6 +183,11 @@ WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type,
 WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type,
     byte* out);
 WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type);
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap,
+                                   int devId, int *result_code);
+WOLFSSL_API int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p);
+#endif
 
 #ifdef WOLFSSL_HASH_FLAGS
     WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type,
diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h
index 98270ee7b..96da94c6c 100644
--- a/wolfssl/wolfcrypt/hmac.h
+++ b/wolfssl/wolfcrypt/hmac.h
@@ -1,6 +1,6 @@
 /* hmac.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -119,38 +119,15 @@ enum {
     #error "You have to have some kind of hash if you want to use HMAC."
 #endif
 
-
-/* hmac hash union */
-typedef union {
-#ifndef NO_MD5
-    wc_Md5 md5;
-#endif
-#ifndef NO_SHA
-    wc_Sha sha;
-#endif
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-#endif
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-#endif
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-#endif
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-#endif
-#ifdef WOLFSSL_SHA3
-    wc_Sha3 sha3;
-#endif
-#ifdef WOLFSSL_SM3
-    wc_Sm3 sm3;
-#endif
-} wc_HmacHash;
+typedef wc_Hashes wc_HmacHash;
 
 /* Hmac digest */
 struct Hmac {
     wc_HmacHash hash;
+#ifdef WOLFSSL_HMAC_COPY_HASH
+    wc_HmacHash i_hash;
+    wc_HmacHash o_hash;
+#endif
     word32  ipad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];  /* same block size all*/
     word32  opad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];
     word32  innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)];
diff --git a/wolfssl/wolfcrypt/hpke.h b/wolfssl/wolfcrypt/hpke.h
index 6e406ba05..cacfca6ce 100644
--- a/wolfssl/wolfcrypt/hpke.h
+++ b/wolfssl/wolfcrypt/hpke.h
@@ -1,6 +1,6 @@
 /* hpke.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,7 +42,7 @@ enum {
     DHKEM_P384_HKDF_SHA384 = 0x0011,
     DHKEM_P521_HKDF_SHA512 = 0x0012,
     DHKEM_X25519_HKDF_SHA256 = 0x0020,
-    DHKEM_X448_HKDF_SHA512 = 0x0021,
+    DHKEM_X448_HKDF_SHA512 = 0x0021
 };
 
 #define DHKEM_P256_ENC_LEN 65
@@ -55,13 +55,13 @@ enum {
 enum {
     HKDF_SHA256 = 0x0001,
     HKDF_SHA384 = 0x0002,
-    HKDF_SHA512 = 0x0003,
+    HKDF_SHA512 = 0x0003
 };
 
 /* AEAD enum */
 enum {
     HPKE_AES_128_GCM = 0x0001,
-    HPKE_AES_256_GCM = 0x0002,
+    HPKE_AES_256_GCM = 0x0002
 };
 
 /* TODO better way of doing this */
@@ -120,9 +120,18 @@ WOLFSSL_API int wc_HpkeDeserializePublicKey(Hpke* hpke, void** key,
     const byte* in, word16 inSz);
 WOLFSSL_API void wc_HpkeFreeKey(Hpke* hpke, word16 kem, void* keypair,
     void* heap);
+WOLFSSL_API int wc_HpkeInitSealContext(Hpke* hpke, HpkeBaseContext* context,
+    void* ephemeralKey, void* receiverKey, byte* info, word32 infoSz);
+WOLFSSL_API int wc_HpkeContextSealBase(Hpke* hpke, HpkeBaseContext* context,
+    byte* aad, word32 aadSz, byte* plaintext, word32 ptSz, byte* out);
 WOLFSSL_API int wc_HpkeSealBase(Hpke* hpke, void* ephemeralKey,
     void* receiverKey, byte* info, word32 infoSz, byte* aad, word32 aadSz,
     byte* plaintext, word32 ptSz, byte* ciphertext);
+WOLFSSL_API int wc_HpkeInitOpenContext(Hpke* hpke, HpkeBaseContext* context,
+    void* receiverKey, const byte* pubKey, word16 pubKeySz, byte* info,
+    word32 infoSz);
+WOLFSSL_API int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context,
+    byte* aad, word32 aadSz, byte* ciphertext, word32 ctSz, byte* out);
 WOLFSSL_API int wc_HpkeOpenBase(Hpke* hpke, void* receiverKey,
     const byte* pubKey, word16 pubKeySz, byte* info, word32 infoSz, byte* aad,
     word32 aadSz, byte* ciphertext, word32 ctSz, byte* plaintext);
diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am
index 3979c6744..3a28c4e17 100644
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -4,6 +4,7 @@
 nobase_include_HEADERS+= \
                          wolfssl/wolfcrypt/aes.h \
                          wolfssl/wolfcrypt/arc4.h \
+                         wolfssl/wolfcrypt/ascon.h \
                          wolfssl/wolfcrypt/asn.h \
                          wolfssl/wolfcrypt/asn_public.h \
                          wolfssl/wolfcrypt/poly1305.h \
@@ -73,9 +74,9 @@ nobase_include_HEADERS+= \
                          wolfssl/wolfcrypt/siphash.h \
                          wolfssl/wolfcrypt/cpuid.h \
                          wolfssl/wolfcrypt/cryptocb.h \
-                         wolfssl/wolfcrypt/kyber.h \
-                         wolfssl/wolfcrypt/wc_kyber.h \
-                         wolfssl/wolfcrypt/ext_kyber.h \
+                         wolfssl/wolfcrypt/mlkem.h \
+                         wolfssl/wolfcrypt/wc_mlkem.h \
+                         wolfssl/wolfcrypt/ext_mlkem.h \
                          wolfssl/wolfcrypt/sm2.h \
                          wolfssl/wolfcrypt/sm3.h \
                          wolfssl/wolfcrypt/sm4.h \
@@ -107,8 +108,9 @@ noinst_HEADERS+= \
                          wolfssl/wolfcrypt/port/silabs/silabs_random.h \
                          wolfssl/wolfcrypt/port/st/stm32.h \
                          wolfssl/wolfcrypt/port/st/stsafe.h \
-                         wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \
                          wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h \
+                         wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \
+                         wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h \
                          wolfssl/wolfcrypt/port/arm/cryptoCell.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h \
@@ -116,7 +118,13 @@ noinst_HEADERS+= \
                          wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \
-                         wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
+                         wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \
+                         wolfssl/wolfcrypt/port/maxim/max3266x.h \
+                         wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h \
+                         wolfssl/wolfcrypt/port/rpi_pico/pico.h \
+                         wolfssl/wolfcrypt/libwolfssl_sources.h \
+                         wolfssl/wolfcrypt/libwolfssl_sources_asm.h
+
 
 if BUILD_CRYPTOAUTHLIB
 nobase_include_HEADERS+= wolfssl/wolfcrypt/port/atmel/atmel.h
diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h
index 6efb4d8e2..68bda1fcd 100644
--- a/wolfssl/wolfcrypt/integer.h
+++ b/wolfssl/wolfcrypt/integer.h
@@ -1,6 +1,6 @@
 /* integer.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -42,6 +42,8 @@
 
 #else
 
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/random.h>
 
 #ifndef CHAR_BIT
@@ -162,9 +164,6 @@ extern "C" {
 #define MP_NEG        1   /* negative */
 
 #define MP_OKAY       0   /* ok result */
-#define MP_MEM       (-2) /* out of mem */
-#define MP_VAL       (-3) /* invalid input */
-#define MP_NOT_INF   (-4) /* point not at infinity */
 #define MP_RANGE      MP_NOT_INF
 
 #define MP_YES        1   /* yes response */
@@ -223,6 +222,9 @@ typedef int           mp_err;
     #define WOLF_BIGINT_DEFINED
 #endif
 
+#define wc_mp_size_t int
+#define wc_mp_sign_t int
+
 /* the mp_int structure */
 typedef struct mp_int {
     int used, alloc, sign;
diff --git a/wolfssl/wolfcrypt/kdf.h b/wolfssl/wolfcrypt/kdf.h
index 1e731ebc6..d2fd38838 100644
--- a/wolfssl/wolfcrypt/kdf.h
+++ b/wolfssl/wolfcrypt/kdf.h
@@ -1,6 +1,6 @@
 /* kdf.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -140,7 +140,7 @@ WOLFSSL_API int wc_SSH_KDF(byte hashId, byte keyId,
 /* Indicators */
 enum {
     WC_SRTCP_32BIT_IDX = 0,
-    WC_SRTCP_48BIT_IDX = 1,
+    WC_SRTCP_48BIT_IDX = 1
 };
 
 /* Maximum length of salt that can be used with SRTP/SRTCP. */
diff --git a/wolfssl/wolfcrypt/kyber.h b/wolfssl/wolfcrypt/kyber.h
deleted file mode 100644
index 87b1442a8..000000000
--- a/wolfssl/wolfcrypt/kyber.h
+++ /dev/null
@@ -1,223 +0,0 @@
-/* kyber.h
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-/*!
-    \file wolfssl/wolfcrypt/kyber.h
- */
-
-#ifndef WOLF_CRYPT_KYBER_H
-#define WOLF_CRYPT_KYBER_H
-
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/random.h>
-
-#ifdef WOLFSSL_HAVE_KYBER
-
-/* Define algorithm type when not excluded. */
-
-#ifndef WOLFSSL_NO_KYBER512
-#define WOLFSSL_KYBER512
-#endif
-#ifndef WOLFSSL_NO_KYBER768
-#define WOLFSSL_KYBER768
-#endif
-#ifndef WOLFSSL_NO_KYBER1024
-#define WOLFSSL_KYBER1024
-#endif
-
-
-/* Number of co-efficients in polynomial. */
-#define KYBER_N             256
-
-
-/* Size of a polynomial vector based on dimensions. */
-#define KYBER_POLY_VEC_SZ(k) ((k) * KYBER_POLY_SIZE)
-/* Size of a compressed polynomial based on bits per coefficient. */
-#define KYBER_POLY_COMPRESSED_SZ(b) ((b) * (KYBER_N / 8))
-/* Size of a compressed vector polynomial based on dimensions and bits per
- * coefficient. */
-#define KYBER_POLY_VEC_COMPRESSED_SZ(k, b) ((k) * ((b) * (KYBER_N / 8)))
-
-
-/* Kyber-512 parameters */
-#ifdef WOLFSSL_KYBER512
-/* Number of polynomials in a vector and vectors in a matrix. */
-#define KYBER512_K          2
-
-/* Size of a polynomial vector. */
-#define KYBER512_POLY_VEC_SZ             KYBER_POLY_VEC_SZ(KYBER512_K)
-/* Size of a compressed polynomial based on bits per coefficient. */
-#define KYBER512_POLY_COMPRESSED_SZ      KYBER_POLY_COMPRESSED_SZ(4)
-/* Size of a compressed vector polynomial based on dimensions and bits per
- * coefficient. */
-#define KYBER512_POLY_VEC_COMPRESSED_SZ  \
-    KYBER_POLY_VEC_COMPRESSED_SZ(KYBER512_K, 10)
-
-/* Public key size. */
-#define KYBER512_PUBLIC_KEY_SIZE  \
-    (KYBER512_POLY_VEC_SZ + KYBER_SYM_SZ)
-/* Private key size. */
-#define KYBER512_PRIVATE_KEY_SIZE \
-    (KYBER512_POLY_VEC_SZ + KYBER512_PUBLIC_KEY_SIZE + 2 * KYBER_SYM_SZ)
-/* Cipher text size. */
-#define KYBER512_CIPHER_TEXT_SIZE \
-    (KYBER512_POLY_VEC_COMPRESSED_SZ + KYBER512_POLY_COMPRESSED_SZ)
-#endif /* WOLFSSL_KYBER512 */
-
-/* Kyber-768 parameters */
-#ifdef WOLFSSL_KYBER768
-/* Number of polynomials in a vector and vectors in a matrix. */
-#define KYBER768_K          3
-
-/* Size of a polynomial vector. */
-#define KYBER768_POLY_VEC_SZ             KYBER_POLY_VEC_SZ(KYBER768_K)
-/* Size of a compressed polynomial based on bits per coefficient. */
-#define KYBER768_POLY_COMPRESSED_SZ      KYBER_POLY_COMPRESSED_SZ(4)
-/* Size of a compressed vector polynomial based on dimensions and bits per
- * coefficient. */
-#define KYBER768_POLY_VEC_COMPRESSED_SZ  \
-    KYBER_POLY_VEC_COMPRESSED_SZ(KYBER768_K, 10)
-
-/* Public key size. */
-#define KYBER768_PUBLIC_KEY_SIZE  \
-    (KYBER768_POLY_VEC_SZ + KYBER_SYM_SZ)
-/* Private key size. */
-#define KYBER768_PRIVATE_KEY_SIZE \
-    (KYBER768_POLY_VEC_SZ + KYBER768_PUBLIC_KEY_SIZE + 2 * KYBER_SYM_SZ)
-/* Cipher text size. */
-#define KYBER768_CIPHER_TEXT_SIZE \
-    (KYBER768_POLY_VEC_COMPRESSED_SZ + KYBER768_POLY_COMPRESSED_SZ)
-#endif /* WOLFSSL_KYBER768 */
-
-/* Kyber-1024 parameters */
-#ifdef WOLFSSL_KYBER1024
-/* Number of polynomials in a vector and vectors in a matrix. */
-#define KYBER1024_K         4
-
-/* Size of a polynomial vector. */
-#define KYBER1024_POLY_VEC_SZ             KYBER_POLY_VEC_SZ(KYBER1024_K)
-/* Size of a compressed polynomial based on bits per coefficient. */
-#define KYBER1024_POLY_COMPRESSED_SZ      KYBER_POLY_COMPRESSED_SZ(5)
-/* Size of a compressed vector polynomial based on dimensions and bits per
- * coefficient. */
-#define KYBER1024_POLY_VEC_COMPRESSED_SZ \
-    KYBER_POLY_VEC_COMPRESSED_SZ(KYBER1024_K, 11)
-
-/* Public key size. */
-#define KYBER1024_PUBLIC_KEY_SIZE  \
-    (KYBER1024_POLY_VEC_SZ + KYBER_SYM_SZ)
-/* Private key size. */
-#define KYBER1024_PRIVATE_KEY_SIZE \
-    (KYBER1024_POLY_VEC_SZ + KYBER1024_PUBLIC_KEY_SIZE + 2 * KYBER_SYM_SZ)
-/* Cipher text size. */
-#define KYBER1024_CIPHER_TEXT_SIZE \
-    (KYBER1024_POLY_VEC_COMPRESSED_SZ + KYBER1024_POLY_COMPRESSED_SZ)
-#endif /* WOLFSSL_KYBER1024 */
-
-
-/* Maximum dimensions and sizes of supported key types. */
-#ifdef WOLFSSL_KYBER1024
-#define KYBER_MAX_K                 KYBER1024_K
-#define KYBER_MAX_PRIVATE_KEY_SIZE  KYBER1024_PRIVATE_KEY_SIZE
-#define KYBER_MAX_PUBLIC_KEY_SIZE   KYBER1024_PUBLIC_KEY_SIZE
-#define KYBER_MAX_CIPHER_TEXT_SIZE  KYBER1024_CIPHER_TEXT_SIZE
-#elif defined(WOLFSSL_KYBER768)
-#define KYBER_MAX_K                 KYBER768_K
-#define KYBER_MAX_PRIVATE_KEY_SIZE  KYBER768_PRIVATE_KEY_SIZE
-#define KYBER_MAX_PUBLIC_KEY_SIZE   KYBER768_PUBLIC_KEY_SIZE
-#define KYBER_MAX_CIPHER_TEXT_SIZE  KYBER768_CIPHER_TEXT_SIZE
-#else
-#define KYBER_MAX_K                 KYBER512_K
-#define KYBER_MAX_PRIVATE_KEY_SIZE  KYBER512_PRIVATE_KEY_SIZE
-#define KYBER_MAX_PUBLIC_KEY_SIZE   KYBER512_PUBLIC_KEY_SIZE
-#define KYBER_MAX_CIPHER_TEXT_SIZE  KYBER512_CIPHER_TEXT_SIZE
-#endif
-
-enum {
-    /* Types of Kyber keys. */
-    KYBER512  = 0,
-    KYBER768  = 1,
-    KYBER1024 = 2,
-
-    KYBER_LEVEL1 = KYBER512,
-    KYBER_LEVEL3 = KYBER768,
-    KYBER_LEVEL5 = KYBER1024,
-
-    /* Symmetric data size. */
-    KYBER_SYM_SZ            = 32,
-    /* Shared secret size. */
-    KYBER_SS_SZ             = 32,
-    /* Size of random required for making a key. */
-    KYBER_MAKEKEY_RAND_SZ   = 2 * KYBER_SYM_SZ,
-    /* Size of random required for encapsulation. */
-    KYBER_ENC_RAND_SZ       = KYBER_SYM_SZ,
-
-    /* Encoded polynomial size. */
-    KYBER_POLY_SIZE         = 384,
-};
-
-
-/* Different structures for different implementations. */
-typedef struct KyberKey KyberKey;
-
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-WOLFSSL_API int wc_KyberKey_Init(int type, KyberKey* key, void* heap,
-    int devId);
-WOLFSSL_API void wc_KyberKey_Free(KyberKey* key);
-
-WOLFSSL_API int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng);
-WOLFSSL_API int wc_KyberKey_MakeKeyWithRandom(KyberKey* key,
-    const unsigned char* rand, int len);
-
-WOLFSSL_API int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len);
-WOLFSSL_API int wc_KyberKey_SharedSecretSize(KyberKey* key, word32* len);
-
-WOLFSSL_API int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct,
-    unsigned char* ss, WC_RNG* rng);
-WOLFSSL_API int wc_KyberKey_EncapsulateWithRandom(KyberKey* key,
-    unsigned char* ct, unsigned char* ss, const unsigned char* rand, int len);
-WOLFSSL_API int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
-    const unsigned char* ct, word32 len);
-
-WOLFSSL_API int wc_KyberKey_DecodePrivateKey(KyberKey* key,
-    const unsigned char* in, word32 len);
-WOLFSSL_API int wc_KyberKey_DecodePublicKey(KyberKey* key,
-    const unsigned char* in, word32 len);
-
-WOLFSSL_API int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len);
-WOLFSSL_API int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len);
-WOLFSSL_API int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out,
-    word32 len);
-WOLFSSL_API int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out,
-    word32 len);
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* WOLFSSL_HAVE_KYBER */
-
-#endif /* WOLF_CRYPT_KYBER_H */
-
diff --git a/wolfssl/wolfcrypt/libwolfssl_sources.h b/wolfssl/wolfcrypt/libwolfssl_sources.h
new file mode 100644
index 000000000..474cbe18d
--- /dev/null
+++ b/wolfssl/wolfcrypt/libwolfssl_sources.h
@@ -0,0 +1,50 @@
+/* libwolfssl_sources.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* In wolfSSL library sources, #include this file before any other #includes, to
+ * assure BUILDING_WOLFSSL is defined.
+ *
+ * This file also includes the common headers needed by all sources.
+ */
+
+#ifndef LIBWOLFSSL_SOURCES_H
+#define LIBWOLFSSL_SOURCES_H
+
+#if defined(TEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE) && \
+    defined(WOLF_CRYPT_SETTINGS_H) &&                      \
+    !defined(LIBWOLFSSL_SOURCES_ASM_H)
+    #error settings.h included before libwolfssl_sources.h.
+#endif
+
+#ifndef BUILDING_WOLFSSL
+    #define BUILDING_WOLFSSL
+#endif
+
+#if defined(HAVE_CONFIG_H) && !defined(WC_CONFIG_H_INCLUDED)
+    #include <config.h>
+    #define WC_CONFIG_H_INCLUDED
+#endif
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+
+#endif /* LIBWOLFSSL_SOURCES_H */
diff --git a/wolfssl/wolfcrypt/libwolfssl_sources_asm.h b/wolfssl/wolfcrypt/libwolfssl_sources_asm.h
new file mode 100644
index 000000000..a3d85c9fb
--- /dev/null
+++ b/wolfssl/wolfcrypt/libwolfssl_sources_asm.h
@@ -0,0 +1,48 @@
+/* libwolfssl_sources_asm.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* In wolfSSL library sources, #include this file before any other #includes, to
+ * assure BUILDING_WOLFSSL is defined.
+ *
+ * This file also includes the common headers needed by all sources.
+ */
+
+#ifndef LIBWOLFSSL_SOURCES_ASM_H
+#define LIBWOLFSSL_SOURCES_ASM_H
+
+#if defined(TEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE) && \
+    defined(WOLF_CRYPT_SETTINGS_H) &&                      \
+    !defined(LIBWOLFSSL_SOURCES_H)
+    #error settings.h included before libwolfssl_sources_asm.h.
+#endif
+
+#ifndef BUILDING_WOLFSSL
+    #define BUILDING_WOLFSSL
+#endif
+
+#if defined(HAVE_CONFIG_H) && !defined(WC_CONFIG_H_INCLUDED)
+    #include <config.h>
+    #define WC_CONFIG_H_INCLUDED
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#endif /* LIBWOLFSSL_SOURCES_ASM_H */
diff --git a/wolfssl/wolfcrypt/lms.h b/wolfssl/wolfcrypt/lms.h
index 45c64e002..754c49c08 100644
--- a/wolfssl/wolfcrypt/lms.h
+++ b/wolfssl/wolfcrypt/lms.h
@@ -1,6 +1,6 @@
 /* lms.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -78,6 +78,7 @@ enum wc_LmsRc {
  * Not predefining many sets with Winternitz=1, because the signatures
  * will be large. */
 enum wc_LmsParm {
+#ifndef WOLFSSL_NO_LMS_SHA256_256
     WC_LMS_PARM_NONE = 0,
     WC_LMS_PARM_L1_H5_W1 = 1,
     WC_LMS_PARM_L1_H5_W2 = 2,
@@ -114,6 +115,30 @@ enum wc_LmsParm {
     WC_LMS_PARM_L4_H5_W8 = 33,
     WC_LMS_PARM_L4_H10_W4 = 34,
     WC_LMS_PARM_L4_H10_W8 = 35,
+#endif
+
+#ifdef WOLFSSL_LMS_SHA256_192
+    WC_LMS_PARM_SHA256_192_L1_H5_W1  = 36,
+    WC_LMS_PARM_SHA256_192_L1_H5_W2  = 37,
+    WC_LMS_PARM_SHA256_192_L1_H5_W4  = 38,
+    WC_LMS_PARM_SHA256_192_L1_H5_W8  = 39,
+    WC_LMS_PARM_SHA256_192_L1_H10_W2 = 40,
+    WC_LMS_PARM_SHA256_192_L1_H10_W4 = 41,
+    WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42,
+    WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43,
+    WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44,
+    WC_LMS_PARM_SHA256_192_L1_H20_W2 = 53,
+    WC_LMS_PARM_SHA256_192_L1_H20_W4 = 54,
+    WC_LMS_PARM_SHA256_192_L1_H20_W8 = 55,
+    WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45,
+    WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46,
+    WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47,
+    WC_LMS_PARM_SHA256_192_L3_H5_W2  = 48,
+    WC_LMS_PARM_SHA256_192_L3_H5_W4  = 49,
+    WC_LMS_PARM_SHA256_192_L3_H5_W8  = 50,
+    WC_LMS_PARM_SHA256_192_L3_H10_W4 = 51,
+    WC_LMS_PARM_SHA256_192_L4_H5_W8  = 52,
+#endif
 };
 
 /* enum wc_LmsState is to help track the state of an LMS/HSS Key. */
diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h
index 7d349fece..f34f34152 100644
--- a/wolfssl/wolfcrypt/logging.h
+++ b/wolfssl/wolfcrypt/logging.h
@@ -1,6 +1,6 @@
 /* logging.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -135,7 +135,7 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     WOLFSSL_LOCAL unsigned long wc_PeekErrorNodeLineData(
             const char **file, int *line, const char **data, int *flags,
             int (*ignore_err)(int err));
-    WOLFSSL_LOCAL unsigned long wc_GetErrorNodeErr(void);
+    WOLFSSL_LOCAL int wc_GetErrorNodeErr(void);
     #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
         WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp);
         WOLFSSL_API void wc_ERR_print_errors_cb(int (*cb)(const char *str,
@@ -178,7 +178,11 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
     #define HAVE_WOLFSSL_MSG_EX
 #else
-    #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
+    #ifdef WOLF_NO_VARIADIC_MACROS
+        #define WOLFSSL_MSG_EX()    WC_DO_NOTHING
+    #else
+        #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
+    #endif
 #endif
     WOLFSSL_API void WOLFSSL_MSG(const char* msg);
 #ifdef WOLFSSL_DEBUG_CODEPOINTS
@@ -197,7 +201,11 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
         #define WOLFSSL_MSG_EX(fmt, args...) \
                 WOLFSSL_MSG_EX2(__FILE__, __LINE__, fmt, ## args)
     #else
-        #define WOLFSSL_MSG_EX2(...) WC_DO_NOTHING
+        #ifdef WOLF_NO_VARIADIC_MACROS
+            #define WOLFSSL_MSG_EX2() WC_DO_NOTHING
+        #else
+            #define WOLFSSL_MSG_EX2(...) WC_DO_NOTHING
+        #endif
     #endif
 #endif
     WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length);
@@ -209,7 +217,14 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     #define WOLFSSL_STUB(m)       WC_DO_NOTHING
     #define WOLFSSL_IS_DEBUG_ON() 0
 
-    #define WOLFSSL_MSG_EX(...)   WC_DO_NOTHING
+    #ifdef WOLF_NO_VARIADIC_MACROS
+        /* note, modern preprocessors will generate errors with this definition.
+         * "error: macro "WOLFSSL_MSG_EX" passed 2 arguments, but takes just 0"
+         */
+        #define WOLFSSL_MSG_EX()    WC_DO_NOTHING
+    #else
+        #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
+    #endif
     #define WOLFSSL_MSG(m)        WC_DO_NOTHING
     #define WOLFSSL_BUFFER(b, l)  WC_DO_NOTHING
 
@@ -221,8 +236,13 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     #ifdef WOLFSSL_HAVE_ERROR_QUEUE
         WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line,
             const char* file, void* ctx);
-        #define WOLFSSL_ERROR(x) \
-            WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL)
+        #ifdef WOLF_C89
+            #define WOLFSSL_ERROR(x) \
+                WOLFSSL_ERROR_LINE((x), __FILE__, __LINE__, __FILE__, NULL)
+        #else
+            #define WOLFSSL_ERROR(x) \
+                WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL)
+        #endif
     #else
         WOLFSSL_API void WOLFSSL_ERROR(int err);
     #endif /* WOLFSSL_HAVE_ERROR_QUEUE */
diff --git a/wolfssl/wolfcrypt/md2.h b/wolfssl/wolfcrypt/md2.h
index fe927561c..8fb5076d0 100644
--- a/wolfssl/wolfcrypt/md2.h
+++ b/wolfssl/wolfcrypt/md2.h
@@ -1,6 +1,6 @@
 /* md2.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -37,28 +37,42 @@
 
 /* in bytes */
 enum {
-    MD2             =  WC_HASH_TYPE_MD2,
-    MD2_BLOCK_SIZE  = 16,
-    MD2_DIGEST_SIZE = 16,
-    MD2_PAD_SIZE    = 16,
-    MD2_X_SIZE      = 48
+    WC_MD2_BLOCK_SIZE  = 16,
+    WC_MD2_DIGEST_SIZE = 16,
+    WC_MD2_PAD_SIZE    = 16,
+    WC_MD2_X_SIZE      = 48
 };
 
 
 /* Md2 digest */
-typedef struct Md2 {
+typedef struct wc_Md2 {
     word32  count;   /* bytes % PAD_SIZE  */
-    byte    X[MD2_X_SIZE];
-    byte    C[MD2_BLOCK_SIZE];
-    byte    buffer[MD2_BLOCK_SIZE];
-} Md2;
+    byte    X[WC_MD2_X_SIZE];
+    byte    C[WC_MD2_BLOCK_SIZE];
+    byte    buffer[WC_MD2_BLOCK_SIZE];
+} wc_Md2;
 
 
-WOLFSSL_API void wc_InitMd2(Md2* md2);
-WOLFSSL_API void wc_Md2Update(Md2* md2, const byte* data, word32 len);
-WOLFSSL_API void wc_Md2Final(Md2* md2, byte* hash);
+WOLFSSL_API void wc_InitMd2(wc_Md2* md2);
+WOLFSSL_API void wc_Md2Update(wc_Md2* md2, const byte* data, word32 len);
+WOLFSSL_API void wc_Md2Final(wc_Md2* md2, byte* hash);
 WOLFSSL_API int  wc_Md2Hash(const byte* data, word32 len, byte* hash);
 
+#ifndef OPENSSL_COEXIST
+
+enum {
+    MD2             = WC_HASH_TYPE_MD2,
+    MD2_BLOCK_SIZE  = WC_MD2_BLOCK_SIZE,
+    MD2_DIGEST_SIZE = WC_MD2_DIGEST_SIZE,
+    MD2_PAD_SIZE    = WC_MD2_PAD_SIZE,
+    MD2_X_SIZE      = WC_MD2_X_SIZE
+};
+
+
+/* Md2 digest */
+typedef struct wc_Md2 Md2;
+
+#endif /* !OPENSSL_COEXIST */
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/md4.h b/wolfssl/wolfcrypt/md4.h
index c4bd266a2..78c4275fb 100644
--- a/wolfssl/wolfcrypt/md4.h
+++ b/wolfssl/wolfcrypt/md4.h
@@ -1,6 +1,6 @@
 /* md4.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -36,26 +36,36 @@
 
 /* in bytes */
 enum {
-    MD4             =  WC_HASH_TYPE_MD4,
-    MD4_BLOCK_SIZE  = 64,
-    MD4_DIGEST_SIZE = 16,
-    MD4_PAD_SIZE    = 56
+    WC_MD4_BLOCK_SIZE  = 64,
+    WC_MD4_DIGEST_SIZE = 16,
+    WC_MD4_PAD_SIZE    = 56
 };
 
-
 /* MD4 digest */
-typedef struct Md4 {
+typedef struct wc_Md4 {
     word32  buffLen;   /* in bytes          */
     word32  loLen;     /* length in bytes   */
     word32  hiLen;     /* length in bytes   */
-    word32  digest[MD4_DIGEST_SIZE / sizeof(word32)];
-    word32  buffer[MD4_BLOCK_SIZE  / sizeof(word32)];
-} Md4;
+    word32  digest[WC_MD4_DIGEST_SIZE / sizeof(word32)];
+    word32  buffer[WC_MD4_BLOCK_SIZE  / sizeof(word32)];
+} wc_Md4;
 
+WOLFSSL_API void wc_InitMd4(wc_Md4* md4);
+WOLFSSL_API void wc_Md4Update(wc_Md4* md4, const byte* data, word32 len);
+WOLFSSL_API void wc_Md4Final(wc_Md4* md4, byte* hash);
 
-WOLFSSL_API void wc_InitMd4(Md4* md4);
-WOLFSSL_API void wc_Md4Update(Md4* md4, const byte* data, word32 len);
-WOLFSSL_API void wc_Md4Final(Md4* md4, byte* hash);
+#ifndef OPENSSL_COEXIST
+
+enum {
+    MD4             = WC_HASH_TYPE_MD4,
+    MD4_BLOCK_SIZE  = WC_MD4_BLOCK_SIZE,
+    MD4_DIGEST_SIZE = WC_MD4_DIGEST_SIZE,
+    MD4_PAD_SIZE    = WC_MD4_PAD_SIZE
+};
+
+typedef struct wc_Md4 Md4;
+
+#endif /* !OPENSSL_COEXIST */
 
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/md5.h b/wolfssl/wolfcrypt/md5.h
index c19f6c15f..93b906d13 100644
--- a/wolfssl/wolfcrypt/md5.h
+++ b/wolfssl/wolfcrypt/md5.h
@@ -1,6 +1,6 @@
 /* md5.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -65,7 +65,7 @@ enum {
 #ifdef WOLFSSL_MICROCHIP_PIC32MZ
     #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
 #endif
-#ifdef STM32_HASH
+#if defined(STM32_HASH) && !defined(STM32_NOMD5)
     #include <wolfssl/wolfcrypt/port/st/stm32.h>
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -80,7 +80,7 @@ enum {
 
 /* MD5 digest */
 typedef struct wc_Md5 {
-#ifdef STM32_HASH
+#if defined(STM32_HASH) && !defined(STM32_NOMD5)
     STM32_HASH_Context stmCtx;
 #else
     word32  buffLen;   /* in bytes          */
diff --git a/wolfssl/wolfcrypt/mem_track.h b/wolfssl/wolfcrypt/mem_track.h
index b45bf2388..4e867a81d 100644
--- a/wolfssl/wolfcrypt/mem_track.h
+++ b/wolfssl/wolfcrypt/mem_track.h
@@ -1,6 +1,6 @@
 /* mem_track.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -157,9 +157,9 @@ static WC_INLINE void* TrackMalloc(size_t sz)
         return NULL;
 
 #ifdef FREERTOS
-    mt = (memoryTrack*)pvPortMalloc(sizeof(memoryTrack) + sz);
+    mt = (memoryTrack*)pvPortMalloc(sizeof(memoryTrack) + sz); /* native heap */
 #else
-    mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz);
+    mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz); /* native heap */
 #endif
     if (mt == NULL)
         return NULL;
@@ -300,9 +300,9 @@ static WC_INLINE void TrackFree(void* ptr)
     (void)sz;
 
 #ifdef FREERTOS
-    vPortFree(mt);
+    vPortFree(mt); /* native heap */
 #else
-    free(mt);
+    free(mt); /* native heap */
 #endif
 }
 
@@ -600,7 +600,7 @@ static WC_INLINE int StackSizeCheck(struct func_args* args, thread_func tf)
         stackSize = PTHREAD_STACK_MIN;
 #endif
 
-    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
+    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); /* native heap */
     if (ret != 0 || myStack == NULL) {
         wc_mem_printf("posix_memalign failed\n");
         return -1;
@@ -650,7 +650,7 @@ static WC_INLINE int StackSizeCheck(struct func_args* args, thread_func tf)
         }
     }
 
-    free(myStack);
+    free(myStack); /* native heap */
 #ifdef HAVE_STACK_SIZE_VERBOSE
     printf("stack used = %lu\n", StackSizeCheck_stackSizeHWM > (stackSize - i)
         ? (unsigned long)StackSizeCheck_stackSizeHWM
@@ -681,16 +681,16 @@ static WC_INLINE int StackSizeCheck_launch(struct func_args* args,
         stackSize = PTHREAD_STACK_MIN;
 #endif
 
-    shim_args = (struct stack_size_debug_context *)malloc(sizeof *shim_args);
+    shim_args = (struct stack_size_debug_context *)malloc(sizeof *shim_args); /* native heap */
     if (shim_args == NULL) {
         perror("malloc");
         return -1;
     }
 
-    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
+    ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); /* native heap */
     if (ret != 0 || myStack == NULL) {
         wc_mem_printf("posix_memalign failed\n");
-        free(shim_args);
+        free(shim_args); /* native heap */
         return -1;
     }
 
@@ -699,8 +699,8 @@ static WC_INLINE int StackSizeCheck_launch(struct func_args* args,
     ret = pthread_attr_init(&myAttr);
     if (ret != 0) {
         wc_mem_printf("attr_init failed\n");
-        free(shim_args);
-        free(myStack);
+        free(shim_args); /* native heap */
+        free(myStack); /* native heap */
         return ret;
     }
 
@@ -749,7 +749,7 @@ static WC_INLINE int StackSizeCheck_reap(pthread_t threadId,
         }
     }
 
-    free(shim_args->myStack);
+    free(shim_args->myStack); /* native heap */
 #ifdef HAVE_STACK_SIZE_VERBOSE
     printf("stack used = %lu\n",
         *shim_args->stackSizeHWM_ptr > (shim_args->stackSize - i)
@@ -761,7 +761,7 @@ static WC_INLINE int StackSizeCheck_reap(pthread_t threadId,
       printf("stack used = %lu\n", (unsigned long)used);
     }
 #endif
-    free(shim_args);
+    free(shim_args); /* native heap */
 
     return (int)((size_t)status);
 }
diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h
index 481f8aa79..5170a8c73 100644
--- a/wolfssl/wolfcrypt/memory.h
+++ b/wolfssl/wolfcrypt/memory.h
@@ -1,6 +1,6 @@
 /* memory.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -219,8 +219,8 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf,
     #endif
 
     #ifdef WOLFSSL_STATIC_MEMORY_LEAN
-        word16   sizeList[WOLFMEM_MAX_BUCKETS];/* memory sizes in ava list */
-        byte     distList[WOLFMEM_MAX_BUCKETS];/* general distribution */
+        word32     sizeList[WOLFMEM_MAX_BUCKETS];/* memory sizes in ava list */
+        word32     distList[WOLFMEM_MAX_BUCKETS];/* general distribution */
     #else
         word32     maxHa;               /* max concurrent handshakes */
         word32     curHa;
@@ -258,8 +258,8 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf,
     WOLFSSL_API void* wolfSSL_SetGlobalHeapHint(void* heap);
     WOLFSSL_API void* wolfSSL_GetGlobalHeapHint(void);
     WOLFSSL_API int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint,
-            unsigned int listSz, const unsigned int *sizeList,
-            const unsigned int *distList, unsigned char* buf, unsigned int sz,
+            unsigned int listSz, const word32 *sizeList,
+            const word32 *distList, unsigned char* buf, unsigned int sz,
             int flag, int max);
 #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
     #define WOLFSSL_DEBUG_MEMORY_ALLOC 0
@@ -281,7 +281,7 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf,
     WOLFSSL_LOCAL int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io);
 
     WOLFSSL_API int wolfSSL_StaticBufferSz_ex(unsigned int listSz,
-            const unsigned int *sizeList, const unsigned int *distList,
+            const word32 *sizeList, const word32 *distList,
             byte* buffer, word32 sz, int flag);
     WOLFSSL_API int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag);
     WOLFSSL_API int wolfSSL_MemoryPaddingSz(void);
@@ -449,7 +449,7 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
 
 #endif
 
-    #define ASSERT_SAVED_VECTOR_REGISTERS(fail_clause) do {         \
+    #define ASSERT_SAVED_VECTOR_REGISTERS() do {                    \
         if (wc_svr_count <= 0) {                                    \
             fprintf(stderr,                                         \
                     ("ASSERT_SAVED_VECTOR_REGISTERS : %s @ L%d : "  \
@@ -460,7 +460,6 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
                     wc_svr_last_file,                               \
                     wc_svr_last_line);                              \
             DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE                \
-            { fail_clause }                                         \
         }                                                           \
     } while (0)
     #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) do {      \
@@ -477,7 +476,7 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag,
             { fail_clause }                                         \
         }                                                           \
     } while (0)
-    #define RESTORE_VECTOR_REGISTERS(...) do {                      \
+    #define RESTORE_VECTOR_REGISTERS() do {                         \
         --wc_svr_count;                                             \
         if ((wc_svr_count > 4) || (wc_svr_count < 0)) {             \
             fprintf(stderr,                                         \
diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h
index cc068db44..561c9a2b9 100644
--- a/wolfssl/wolfcrypt/misc.h
+++ b/wolfssl/wolfcrypt/misc.h
@@ -1,6 +1,6 @@
 /* misc.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -46,12 +46,10 @@ word32 rotlFixed(word32 x, word32 y);
 WOLFSSL_LOCAL
 word32 rotrFixed(word32 x, word32 y);
 
-#ifdef WC_RC2
 WOLFSSL_LOCAL
 word16 rotlFixed16(word16 x, word16 y);
 WOLFSSL_LOCAL
 word16 rotrFixed16(word16 x, word16 y);
-#endif
 
 WOLFSSL_LOCAL
 word32 ByteReverseWord32(word32 value);
@@ -74,8 +72,25 @@ void ForceZero(void* mem, word32 len);
 WOLFSSL_LOCAL
 int ConstantCompare(const byte* a, const byte* b, int length);
 
+WOLFSSL_LOCAL
+word32 readUnalignedWord32(const byte *in);
+WOLFSSL_LOCAL
+word32 writeUnalignedWord32(void *out, word32 in);
+WOLFSSL_LOCAL
+void readUnalignedWords32(word32 *out, const byte *in, size_t count);
+WOLFSSL_LOCAL
+void writeUnalignedWords32(byte *out, const word32 *in, size_t count);
+
 #ifdef WORD64_AVAILABLE
 WOLFSSL_LOCAL
+word64 readUnalignedWord64(const byte *in);
+WOLFSSL_LOCAL
+word64 writeUnalignedWord64(void *out, word64 in);
+WOLFSSL_LOCAL
+void readUnalignedWords64(word64 *out, const byte *in, size_t count);
+WOLFSSL_LOCAL
+void writeUnalignedWords64(byte *out, const word64 *in, size_t count);
+WOLFSSL_LOCAL
 word64 rotlFixed64(word64 x, word64 y);
 WOLFSSL_LOCAL
 word64 rotrFixed64(word64 x, word64 y);
@@ -119,6 +134,9 @@ WOLFSSL_LOCAL int CharIsWhiteSpace(char ch);
 WOLFSSL_LOCAL byte ctMaskGT(int a, int b);
 WOLFSSL_LOCAL byte ctMaskGTE(int a, int b);
 WOLFSSL_LOCAL int  ctMaskIntGTE(int a, int b);
+#ifdef WORD64_AVAILABLE
+WOLFSSL_LOCAL word32 ctMaskWord32GTE(word32 a, word32 b);
+#endif
 WOLFSSL_LOCAL byte ctMaskLT(int a, int b);
 WOLFSSL_LOCAL byte ctMaskLTE(int a, int b);
 WOLFSSL_LOCAL byte ctMaskEq(int a, int b);
diff --git a/wolfssl/wolfcrypt/mlkem.h b/wolfssl/wolfcrypt/mlkem.h
new file mode 100644
index 000000000..4a922a1cf
--- /dev/null
+++ b/wolfssl/wolfcrypt/mlkem.h
@@ -0,0 +1,374 @@
+/* mlkem.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+    \file wolfssl/wolfcrypt/mlkem.h
+ */
+
+#ifndef WOLF_CRYPT_MLKEM_H
+#define WOLF_CRYPT_MLKEM_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+#ifdef WOLFSSL_HAVE_MLKEM
+
+/* Number of co-efficients in polynomial. */
+#define MLKEM_N             256
+
+/* Define algorithm type when not excluded. */
+#ifndef WOLFSSL_NO_ML_KEM
+    #if !defined(WOLFSSL_NO_ML_KEM_512)
+        #define WOLFSSL_WC_ML_KEM_512
+    #endif
+    #if !defined(WOLFSSL_NO_ML_KEM_768)
+        #define WOLFSSL_WC_ML_KEM_768
+    #endif
+    #if !defined(WOLFSSL_NO_ML_KEM_1024)
+        #define WOLFSSL_WC_ML_KEM_1024
+    #endif
+
+    #if !defined(WOLFSSL_WC_ML_KEM_512) && !defined(WOLFSSL_WC_ML_KEM_768) && \
+        !defined(WOLFSSL_WC_ML_KEM_1024)
+        #error "No ML-KEM key size chosen."
+    #endif
+#endif
+
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifndef WOLFSSL_NO_KYBER512
+        #define WOLFSSL_KYBER512
+        #define WOLFSSL_WC_ML_KEM_512
+    #endif
+    #ifndef WOLFSSL_NO_KYBER768
+        #define WOLFSSL_KYBER768
+        #define WOLFSSL_WC_ML_KEM_768
+    #endif
+    #ifndef WOLFSSL_NO_KYBER1024
+        #define WOLFSSL_KYBER1024
+        #define WOLFSSL_WC_ML_KEM_1024
+    #endif
+
+    #if !defined(WOLFSSL_KYBER512) && !defined(WOLFSSL_KYBER768) && \
+        !defined(WOLFSSL_KYBER1024)
+        #error "No Kyber key size chosen."
+    #endif
+#endif
+
+/* Size of a polynomial vector based on dimensions. */
+#define MLKEM_POLY_VEC_SZ(k) ((k) * WC_ML_KEM_POLY_SIZE)
+/* Size of a compressed polynomial based on bits per coefficient. */
+#define MLKEM_POLY_COMPRESSED_SZ(b) ((b) * (MLKEM_N / 8))
+/* Size of a compressed vector polynomial based on dimensions and bits per
+ * coefficient. */
+#define MLKEM_POLY_VEC_COMPRESSED_SZ(k, b) ((k) * ((b) * (MLKEM_N / 8)))
+
+#ifdef WOLFSSL_WC_ML_KEM_512
+#define WC_ML_KEM_512_K                     2
+/* Size of a polynomial vector. */
+#define WC_ML_KEM_512_POLY_VEC_SZ           MLKEM_POLY_VEC_SZ(WC_ML_KEM_512_K)
+/* Size of a compressed polynomial based on bits per coefficient. */
+#define WC_ML_KEM_512_POLY_COMPRESSED_SZ    MLKEM_POLY_COMPRESSED_SZ(4)
+/* Size of a compressed vector polynomial based on dimensions and bits per
+ * coefficient. */
+#define WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ  \
+    MLKEM_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_512_K, 10)
+
+/* Public key size. */
+#define WC_ML_KEM_512_PUBLIC_KEY_SIZE  \
+    (WC_ML_KEM_512_POLY_VEC_SZ + WC_ML_KEM_SYM_SZ)
+/* Private key size. */
+#define WC_ML_KEM_512_PRIVATE_KEY_SIZE \
+    (WC_ML_KEM_512_POLY_VEC_SZ + WC_ML_KEM_512_PUBLIC_KEY_SIZE + \
+     2 * WC_ML_KEM_SYM_SZ)
+/* Cipher text size. */
+#define WC_ML_KEM_512_CIPHER_TEXT_SIZE \
+    (WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_512_POLY_COMPRESSED_SZ)
+#endif
+
+#ifdef WOLFSSL_WC_ML_KEM_768
+#define WC_ML_KEM_768_K                     3
+
+/* Size of a polynomial vector. */
+#define WC_ML_KEM_768_POLY_VEC_SZ           MLKEM_POLY_VEC_SZ(WC_ML_KEM_768_K)
+/* Size of a compressed polynomial based on bits per coefficient. */
+#define WC_ML_KEM_768_POLY_COMPRESSED_SZ    MLKEM_POLY_COMPRESSED_SZ(4)
+/* Size of a compressed vector polynomial based on dimensions and bits per
+ * coefficient. */
+#define WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ  \
+    MLKEM_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_768_K, 10)
+
+/* Public key size. */
+#define WC_ML_KEM_768_PUBLIC_KEY_SIZE  \
+    (WC_ML_KEM_768_POLY_VEC_SZ + WC_ML_KEM_SYM_SZ)
+/* Private key size. */
+#define WC_ML_KEM_768_PRIVATE_KEY_SIZE \
+    (WC_ML_KEM_768_POLY_VEC_SZ + WC_ML_KEM_768_PUBLIC_KEY_SIZE + \
+     2 * WC_ML_KEM_SYM_SZ)
+/* Cipher text size. */
+#define WC_ML_KEM_768_CIPHER_TEXT_SIZE \
+    (WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_768_POLY_COMPRESSED_SZ)
+#endif
+
+#ifdef WOLFSSL_WC_ML_KEM_1024
+#define WC_ML_KEM_1024_K                    4
+
+/* Size of a polynomial vector. */
+#define WC_ML_KEM_1024_POLY_VEC_SZ          MLKEM_POLY_VEC_SZ(WC_ML_KEM_1024_K)
+/* Size of a compressed polynomial based on bits per coefficient. */
+#define WC_ML_KEM_1024_POLY_COMPRESSED_SZ   MLKEM_POLY_COMPRESSED_SZ(5)
+/* Size of a compressed vector polynomial based on dimensions and bits per
+ * coefficient. */
+#define WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ \
+    MLKEM_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_1024_K, 11)
+
+/* Public key size. */
+#define WC_ML_KEM_1024_PUBLIC_KEY_SIZE  \
+    (WC_ML_KEM_1024_POLY_VEC_SZ + WC_ML_KEM_SYM_SZ)
+/* Private key size. */
+#define WC_ML_KEM_1024_PRIVATE_KEY_SIZE \
+    (WC_ML_KEM_1024_POLY_VEC_SZ + WC_ML_KEM_1024_PUBLIC_KEY_SIZE + \
+     2 * WC_ML_KEM_SYM_SZ)
+/* Cipher text size. */
+#define WC_ML_KEM_1024_CIPHER_TEXT_SIZE \
+    (WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_1024_POLY_COMPRESSED_SZ)
+#endif
+
+#ifndef WC_ML_KEM_MAX_K
+#ifdef WOLFSSL_WC_ML_KEM_1024
+#define WC_ML_KEM_MAX_K                 WC_ML_KEM_1024_K
+#define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE  WC_ML_KEM_1024_PRIVATE_KEY_SIZE
+#define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE   WC_ML_KEM_1024_PUBLIC_KEY_SIZE
+#define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE  WC_ML_KEM_1024_CIPHER_TEXT_SIZE
+#elif defined(WOLFSSL_WC_ML_KEM_768)
+#define WC_ML_KEM_MAX_K                 WC_ML_KEM_768_K
+#define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE  WC_ML_KEM_768_PRIVATE_KEY_SIZE
+#define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE   WC_ML_KEM_768_PUBLIC_KEY_SIZE
+#define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE  WC_ML_KEM_768_CIPHER_TEXT_SIZE
+#elif defined(WOLFSSL_WC_ML_KEM_512)
+#define WC_ML_KEM_MAX_K                 WC_ML_KEM_512_K
+#define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE  WC_ML_KEM_512_PRIVATE_KEY_SIZE
+#define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE   WC_ML_KEM_512_PUBLIC_KEY_SIZE
+#define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE  WC_ML_KEM_512_CIPHER_TEXT_SIZE
+#endif
+#endif /* WC_ML_KEM_MAX_K */
+
+#define KYBER_N             MLKEM_N
+
+/* Size of a polynomial vector based on dimensions. */
+#define KYBER_POLY_VEC_SZ(k) ((k) * KYBER_POLY_SIZE)
+/* Size of a compressed polynomial based on bits per coefficient. */
+#define KYBER_POLY_COMPRESSED_SZ(b) ((b) * (KYBER_N / 8))
+/* Size of a compressed vector polynomial based on dimensions and bits per
+ * coefficient. */
+#define KYBER_POLY_VEC_COMPRESSED_SZ(k, b) ((k) * ((b) * (KYBER_N / 8)))
+
+
+/* Kyber-512 parameters */
+/* Number of polynomials in a vector and vectors in a matrix. */
+#define KYBER512_K          2
+
+/* Size of a polynomial vector. */
+#define KYBER512_POLY_VEC_SZ             KYBER_POLY_VEC_SZ(KYBER512_K)
+/* Size of a compressed polynomial based on bits per coefficient. */
+#define KYBER512_POLY_COMPRESSED_SZ      KYBER_POLY_COMPRESSED_SZ(4)
+/* Size of a compressed vector polynomial based on dimensions and bits per
+ * coefficient. */
+#define KYBER512_POLY_VEC_COMPRESSED_SZ  \
+    KYBER_POLY_VEC_COMPRESSED_SZ(KYBER512_K, 10)
+
+/* Public key size. */
+#define KYBER512_PUBLIC_KEY_SIZE  \
+    (KYBER512_POLY_VEC_SZ + KYBER_SYM_SZ)
+/* Private key size. */
+#define KYBER512_PRIVATE_KEY_SIZE \
+    (KYBER512_POLY_VEC_SZ + KYBER512_PUBLIC_KEY_SIZE + 2 * KYBER_SYM_SZ)
+/* Cipher text size. */
+#define KYBER512_CIPHER_TEXT_SIZE \
+    (KYBER512_POLY_VEC_COMPRESSED_SZ + KYBER512_POLY_COMPRESSED_SZ)
+
+/* Kyber-768 parameters */
+/* Number of polynomials in a vector and vectors in a matrix. */
+#define KYBER768_K          3
+
+/* Size of a polynomial vector. */
+#define KYBER768_POLY_VEC_SZ             KYBER_POLY_VEC_SZ(KYBER768_K)
+/* Size of a compressed polynomial based on bits per coefficient. */
+#define KYBER768_POLY_COMPRESSED_SZ      KYBER_POLY_COMPRESSED_SZ(4)
+/* Size of a compressed vector polynomial based on dimensions and bits per
+ * coefficient. */
+#define KYBER768_POLY_VEC_COMPRESSED_SZ  \
+    KYBER_POLY_VEC_COMPRESSED_SZ(KYBER768_K, 10)
+
+/* Public key size. */
+#define KYBER768_PUBLIC_KEY_SIZE  \
+    (KYBER768_POLY_VEC_SZ + KYBER_SYM_SZ)
+/* Private key size. */
+#define KYBER768_PRIVATE_KEY_SIZE \
+    (KYBER768_POLY_VEC_SZ + KYBER768_PUBLIC_KEY_SIZE + 2 * KYBER_SYM_SZ)
+/* Cipher text size. */
+#define KYBER768_CIPHER_TEXT_SIZE \
+    (KYBER768_POLY_VEC_COMPRESSED_SZ + KYBER768_POLY_COMPRESSED_SZ)
+
+/* Kyber-1024 parameters */
+/* Number of polynomials in a vector and vectors in a matrix. */
+#define KYBER1024_K         4
+
+/* Size of a polynomial vector. */
+#define KYBER1024_POLY_VEC_SZ             KYBER_POLY_VEC_SZ(KYBER1024_K)
+/* Size of a compressed polynomial based on bits per coefficient. */
+#define KYBER1024_POLY_COMPRESSED_SZ      KYBER_POLY_COMPRESSED_SZ(5)
+/* Size of a compressed vector polynomial based on dimensions and bits per
+ * coefficient. */
+#define KYBER1024_POLY_VEC_COMPRESSED_SZ \
+    KYBER_POLY_VEC_COMPRESSED_SZ(KYBER1024_K, 11)
+
+/* Public key size. */
+#define KYBER1024_PUBLIC_KEY_SIZE  \
+    (KYBER1024_POLY_VEC_SZ + KYBER_SYM_SZ)
+/* Private key size. */
+#define KYBER1024_PRIVATE_KEY_SIZE \
+    (KYBER1024_POLY_VEC_SZ + KYBER1024_PUBLIC_KEY_SIZE + 2 * KYBER_SYM_SZ)
+/* Cipher text size. */
+#define KYBER1024_CIPHER_TEXT_SIZE \
+    (KYBER1024_POLY_VEC_COMPRESSED_SZ + KYBER1024_POLY_COMPRESSED_SZ)
+
+
+/* Maximum dimensions and sizes of supported key types. */
+#ifdef WOLFSSL_KYBER1024
+#define KYBER_MAX_K                 KYBER1024_K
+#define KYBER_MAX_PRIVATE_KEY_SIZE  KYBER1024_PRIVATE_KEY_SIZE
+#define KYBER_MAX_PUBLIC_KEY_SIZE   KYBER1024_PUBLIC_KEY_SIZE
+#define KYBER_MAX_CIPHER_TEXT_SIZE  KYBER1024_CIPHER_TEXT_SIZE
+#elif defined(WOLFSSL_KYBER768)
+#define KYBER_MAX_K                 KYBER768_K
+#define KYBER_MAX_PRIVATE_KEY_SIZE  KYBER768_PRIVATE_KEY_SIZE
+#define KYBER_MAX_PUBLIC_KEY_SIZE   KYBER768_PUBLIC_KEY_SIZE
+#define KYBER_MAX_CIPHER_TEXT_SIZE  KYBER768_CIPHER_TEXT_SIZE
+#elif defined(WOLFSSL_KYBER512)
+#define KYBER_MAX_K                 KYBER512_K
+#define KYBER_MAX_PRIVATE_KEY_SIZE  KYBER512_PRIVATE_KEY_SIZE
+#define KYBER_MAX_PUBLIC_KEY_SIZE   KYBER512_PUBLIC_KEY_SIZE
+#define KYBER_MAX_CIPHER_TEXT_SIZE  KYBER512_CIPHER_TEXT_SIZE
+#endif
+
+#define KYBER_SYM_SZ            WC_ML_KEM_SYM_SZ
+#define KYBER_SS_SZ             WC_ML_KEM_SS_SZ
+#define KYBER_MAKEKEY_RAND_SZ   WC_ML_KEM_MAKEKEY_RAND_SZ
+#define KYBER_ENC_RAND_SZ       WC_ML_KEM_ENC_RAND_SZ
+#define KYBER_POLY_SIZE         WC_ML_KEM_POLY_SIZE
+
+
+enum {
+    /* Types of Kyber keys. */
+    WC_ML_KEM_512  = 0,
+    WC_ML_KEM_768  = 1,
+    WC_ML_KEM_1024 = 2,
+
+    MLKEM_KYBER = 0x10,
+    KYBER512  = 0 | MLKEM_KYBER,
+    KYBER768  = 1 | MLKEM_KYBER,
+    KYBER1024 = 2 | MLKEM_KYBER,
+
+    KYBER_LEVEL1 = KYBER512,
+    KYBER_LEVEL3 = KYBER768,
+    KYBER_LEVEL5 = KYBER1024,
+
+    /* Symmetric data size. */
+    WC_ML_KEM_SYM_SZ            = 32,
+    /* Shared secret size. */
+    WC_ML_KEM_SS_SZ             = 32,
+    /* Size of random required for making a key. */
+    WC_ML_KEM_MAKEKEY_RAND_SZ   = 2 * WC_ML_KEM_SYM_SZ,
+    /* Size of random required for encapsulation. */
+    WC_ML_KEM_ENC_RAND_SZ       = WC_ML_KEM_SYM_SZ,
+
+    /* Encoded polynomial size. */
+    WC_ML_KEM_POLY_SIZE         = 384,
+};
+
+
+/* Different structures for different implementations. */
+typedef struct MlKemKey MlKemKey;
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+WOLFSSL_API int wc_MlKemKey_Init(MlKemKey* key, int type, void* heap,
+    int devId);
+WOLFSSL_API int wc_MlKemKey_Free(MlKemKey* key);
+
+WOLFSSL_API int wc_MlKemKey_MakeKey(MlKemKey* key, WC_RNG* rng);
+WOLFSSL_API int wc_MlKemKey_MakeKeyWithRandom(MlKemKey* key,
+    const unsigned char* rand, int len);
+
+WOLFSSL_API int wc_MlKemKey_CipherTextSize(MlKemKey* key, word32* len);
+WOLFSSL_API int wc_MlKemKey_SharedSecretSize(MlKemKey* key, word32* len);
+
+WOLFSSL_API int wc_MlKemKey_Encapsulate(MlKemKey* key, unsigned char* ct,
+    unsigned char* ss, WC_RNG* rng);
+WOLFSSL_API int wc_MlKemKey_EncapsulateWithRandom(MlKemKey* key,
+    unsigned char* ct, unsigned char* ss, const unsigned char* rand, int len);
+WOLFSSL_API int wc_MlKemKey_Decapsulate(MlKemKey* key, unsigned char* ss,
+    const unsigned char* ct, word32 len);
+
+WOLFSSL_API int wc_MlKemKey_DecodePrivateKey(MlKemKey* key,
+    const unsigned char* in, word32 len);
+WOLFSSL_API int wc_MlKemKey_DecodePublicKey(MlKemKey* key,
+    const unsigned char* in, word32 len);
+
+WOLFSSL_API int wc_MlKemKey_PrivateKeySize(MlKemKey* key, word32* len);
+WOLFSSL_API int wc_MlKemKey_PublicKeySize(MlKemKey* key, word32* len);
+WOLFSSL_API int wc_MlKemKey_EncodePrivateKey(MlKemKey* key, unsigned char* out,
+    word32 len);
+WOLFSSL_API int wc_MlKemKey_EncodePublicKey(MlKemKey* key, unsigned char* out,
+    word32 len);
+
+
+#define KyberKey            MlKemKey
+
+#define wc_KyberKey_Init(type, key, heap, devId) \
+        wc_MlKemKey_Init(key, type, heap, devId)
+#define wc_KyberKey_Free                    wc_MlKemKey_Free
+#define wc_KyberKey_MakeKey                 wc_MlKemKey_MakeKey
+#define wc_KyberKey_MakeKeyWithRandom       wc_MlKemKey_MakeKeyWithRandom
+#define wc_KyberKey_CipherTextSize          wc_MlKemKey_CipherTextSize
+#define wc_KyberKey_SharedSecretSize        wc_MlKemKey_SharedSecretSize
+#define wc_KyberKey_Encapsulate             wc_MlKemKey_Encapsulate
+#define wc_KyberKey_EncapsulateWithRandom   wc_MlKemKey_EncapsulateWithRandom
+#define wc_KyberKey_Decapsulate             wc_MlKemKey_Decapsulate
+#define wc_KyberKey_DecodePrivateKey        wc_MlKemKey_DecodePrivateKey
+#define wc_KyberKey_DecodePublicKey         wc_MlKemKey_DecodePublicKey
+#define wc_KyberKey_PrivateKeySize          wc_MlKemKey_PrivateKeySize
+#define wc_KyberKey_PublicKeySize           wc_MlKemKey_PublicKeySize
+#define wc_KyberKey_EncodePrivateKey        wc_MlKemKey_EncodePrivateKey
+#define wc_KyberKey_EncodePublicKey         wc_MlKemKey_EncodePublicKey
+
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_HAVE_MLKEM */
+
+#endif /* WOLF_CRYPT_MLKEM_H */
+
diff --git a/wolfssl/wolfcrypt/mpi_class.h b/wolfssl/wolfcrypt/mpi_class.h
index 831fae35c..4879a6140 100644
--- a/wolfssl/wolfcrypt/mpi_class.h
+++ b/wolfssl/wolfcrypt/mpi_class.h
@@ -1,6 +1,6 @@
 /* mpi_class.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/mpi_superclass.h b/wolfssl/wolfcrypt/mpi_superclass.h
index f27f61a2a..69dee6b40 100644
--- a/wolfssl/wolfcrypt/mpi_superclass.h
+++ b/wolfssl/wolfcrypt/mpi_superclass.h
@@ -1,6 +1,6 @@
 /* mpi_superclass.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/pkcs11.h b/wolfssl/wolfcrypt/pkcs11.h
index 7a53710b6..36cfd9c45 100644
--- a/wolfssl/wolfcrypt/pkcs11.h
+++ b/wolfssl/wolfcrypt/pkcs11.h
@@ -1,6 +1,6 @@
 /* pkcs11.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -71,10 +71,12 @@ extern "C" {
 #define CKF_RW_SESSION                        0x00000002UL
 #define CKF_SERIAL_SESSION                    0x00000004UL
 
+#define CKO_CERTIFICATE                       0x00000001UL
 #define CKO_PUBLIC_KEY                        0x00000002UL
 #define CKO_PRIVATE_KEY                       0x00000003UL
 #define CKO_SECRET_KEY                        0x00000004UL
 
+
 #define CKK_RSA                               0x00000000UL
 #define CKK_DH                                0x00000002UL
 #define CKK_EC                                0x00000003UL
diff --git a/wolfssl/wolfcrypt/pkcs12.h b/wolfssl/wolfcrypt/pkcs12.h
index d7bf967d8..da74fe2e4 100644
--- a/wolfssl/wolfcrypt/pkcs12.h
+++ b/wolfssl/wolfcrypt/pkcs12.h
@@ -1,6 +1,6 @@
 /* pkcs12.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h
index 85b1a1fae..efce67c83 100644
--- a/wolfssl/wolfcrypt/pkcs7.h
+++ b/wolfssl/wolfcrypt/pkcs7.h
@@ -1,6 +1,6 @@
 /* pkcs7.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -158,7 +158,7 @@ enum Pkcs7_Misc {
     MAX_CONTENT_KEY_LEN   = 32,     /* highest current cipher is AES-256-CBC */
     MAX_CONTENT_IV_SIZE   = 16,     /* highest current is AES128 */
 #ifndef NO_AES
-    MAX_CONTENT_BLOCK_LEN = AES_BLOCK_SIZE,
+    MAX_CONTENT_BLOCK_LEN = WC_AES_BLOCK_SIZE,
 #else
     MAX_CONTENT_BLOCK_LEN = DES_BLOCK_SIZE,
 #endif
@@ -202,46 +202,52 @@ typedef struct PKCS7DecodedAttrib {
 typedef struct PKCS7State PKCS7State;
 typedef struct Pkcs7Cert Pkcs7Cert;
 typedef struct Pkcs7EncodedRecip Pkcs7EncodedRecip;
-typedef struct PKCS7 PKCS7;
-typedef struct PKCS7 PKCS7_SIGNED;
 typedef struct PKCS7SignerInfo PKCS7SignerInfo;
+typedef struct wc_PKCS7 wc_PKCS7;
+typedef struct wc_PKCS7 wc_PKCS7_SIGNED;
+
+#ifndef OPENSSL_COEXIST
+#define PKCS7 wc_PKCS7
+#define PKCS7_SIGNED wc_PKCS7_SIGNED
+#endif
 
 /* OtherRecipientInfo decrypt callback prototype */
-typedef int (*CallbackOriDecrypt)(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
+typedef int (*CallbackOriDecrypt)(wc_PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
                                   byte* oriValue, word32 oriValueSz,
                                   byte* decryptedKey, word32* decryptedKeySz,
                                   void* ctx);
-typedef int (*CallbackOriEncrypt)(PKCS7* pkcs7, byte* cek, word32 cekSz,
+typedef int (*CallbackOriEncrypt)(wc_PKCS7* pkcs7, byte* cek, word32 cekSz,
                                   byte* oriType, word32* oriTypeSz,
                                   byte* oriValue, word32* oriValueSz,
                                   void* ctx);
-typedef int (*CallbackDecryptContent)(PKCS7* pkcs7, int encryptOID,
+typedef int (*CallbackDecryptContent)(wc_PKCS7* pkcs7, int encryptOID,
                                    byte* iv, int ivSz, byte* aad, word32 aadSz,
                                    byte* authTag, word32 authTagSz, byte* in,
                                    int inSz, byte* out, void* ctx);
-typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz,
+typedef int (*CallbackWrapCEK)(wc_PKCS7* pkcs7, byte* cek, word32 cekSz,
                                   byte* keyId, word32 keyIdSz,
                                   byte* originKey, word32 originKeySz,
                                   byte* out, word32 outSz,
                                   int keyWrapAlgo, int type, int dir);
 
 /* Callbacks for supporting different stream cases */
-typedef int (*CallbackGetContent)(PKCS7* pkcs7, byte** content, void* ctx);
-typedef int (*CallbackStreamOut)(PKCS7* pkcs7, const byte* output,
+typedef int (*CallbackGetContent)(wc_PKCS7* pkcs7, byte** content, void* ctx);
+typedef int (*CallbackStreamOut)(wc_PKCS7* pkcs7, const byte* output,
         word32 outputSz, void* ctx);
 
 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
 /* RSA sign raw digest callback, user builds DigestInfo */
-typedef int (*CallbackRsaSignRawDigest)(PKCS7* pkcs7, byte* digest,
+typedef int (*CallbackRsaSignRawDigest)(wc_PKCS7* pkcs7, byte* digest,
                                    word32 digestSz, byte* out, word32 outSz,
                                    byte* privateKey, word32 privateKeySz,
                                    int devId, int hashOID);
 #endif
 
+
 /* Public Structure Warning:
  * Existing members must not be changed to maintain backwards compatibility!
  */
-struct PKCS7 {
+struct wc_PKCS7 {
     WC_RNG* rng;
     PKCS7Attrib* signedAttribs;
     byte*  content;               /* inner content, not owner             */
@@ -253,12 +259,13 @@ struct PKCS7 {
 #ifdef ASN_BER_TO_DER
     byte*  der;                   /* DER encoded version of message       */
     word32 derSz;
+    byte   indefDepth;
     CallbackGetContent getContentCb;
     CallbackStreamOut  streamOutCb;
     void*  streamCtx; /* passed to getcontentCb and streamOutCb */
 #endif
-    byte   encodeStream:1;        /* use BER when encoding */
-    byte   noCerts:1;             /* if certificates should be added into bundle
+    WC_BITFIELD encodeStream:1;   /* use BER when encoding */
+    WC_BITFIELD noCerts:1;        /* if certificates should be added into bundle
                                      during creation */
     byte*  cert[MAX_PKCS7_CERTS]; /* array of certs parsed from bundle */
     byte*  verifyCert;            /* cert from array used for verify */
@@ -296,9 +303,9 @@ struct PKCS7 {
     word32 certSz[MAX_PKCS7_CERTS];
 
      /* flags - up to 16-bits */
-    word16 isDynamic:1;
-    word16 noDegenerate:1; /* allow degenerate case in verify function */
-    word16 detached:1;     /* generate detached SignedData signature bundles */
+    WC_BITFIELD isDynamic:1;
+    WC_BITFIELD noDegenerate:1;   /* allow degenerate case in verify function */
+    WC_BITFIELD detached:1;       /* generate detached SignedData signature bundles */
 
     byte contentType[MAX_OID_SZ]; /* custom contentType byte array */
     word32 contentTypeSz;         /* size of contentType, bytes */
@@ -356,59 +363,82 @@ struct PKCS7 {
     /* used by DecodeEnvelopedData with multiple encrypted contents */
     byte*  cachedEncryptedContent;
     word32 cachedEncryptedContentSz;
-    word16 contentCRLF:1; /* have content line endings been converted to CRLF */
-    word16 contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */
-    word16 hashParamsAbsent:1;
+    WC_BITFIELD contentCRLF:1; /* have content line endings been converted to CRLF */
+    WC_BITFIELD contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */
+    WC_BITFIELD hashParamsAbsent:1;
+
+    /* RFC 5280 section-4.2.1.2 lists a possible method for creating the SKID as
+     * a SHA1 hash of the public key, but leaves it open to other methods as
+     * long as it is a unique ID. This allows for setting a custom SKID when
+     * creating PKCS7 bundles*/
+    byte* customSKID;
+    word16 customSKIDSz;
+
+
+#if !defined(NO_DES3) || !defined(NO_AES)
+    union {
+    #ifndef NO_AES
+        Aes* aes;
+    #endif
+    #ifndef NO_DES3
+        Des*  des;
+        Des3* des3;
+    #endif
+    } decryptKey;
+#endif
+
     /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
 };
 
-WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
+WOLFSSL_API wc_PKCS7* wc_PKCS7_New(void* heap, int devId);
 #ifdef WC_ASN_UNKNOWN_EXT_CB
-    WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7,
+    WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(wc_PKCS7* pkcs7,
         wc_UnknownExtCallback cb);
 #endif
-WOLFSSL_API int  wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
-WOLFSSL_API int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz);
-WOLFSSL_API int  wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz);
-WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
+WOLFSSL_API int  wc_PKCS7_Init(wc_PKCS7* pkcs7, void* heap, int devId);
+WOLFSSL_API int  wc_PKCS7_InitWithCert(wc_PKCS7* pkcs7, byte* der, word32 derSz);
+WOLFSSL_API int  wc_PKCS7_AddCertificate(wc_PKCS7* pkcs7, byte* der, word32 derSz);
+WOLFSSL_API void wc_PKCS7_Free(wc_PKCS7* pkcs7);
 
-WOLFSSL_API int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid,
+WOLFSSL_API int wc_PKCS7_GetAttributeValue(wc_PKCS7* pkcs7, const byte* oid,
         word32 oidSz, byte* out, word32* outSz);
 
-WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type);
-WOLFSSL_API int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType,
+WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(wc_PKCS7* pkcs7, int type);
+WOLFSSL_API int wc_PKCS7_SetContentType(wc_PKCS7* pkcs7, byte* contentType,
                                         word32 sz);
 WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz);
 WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
                                  word32 blockSz);
 
 /* CMS/PKCS#7 Data */
-WOLFSSL_API int  wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
+WOLFSSL_API int  wc_PKCS7_EncodeData(wc_PKCS7* pkcs7, byte* output,
                                        word32 outputSz);
 
 /* CMS/PKCS#7 SignedData */
-WOLFSSL_API int  wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag);
-WOLFSSL_API int  wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7);
-WOLFSSL_API int  wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag);
-WOLFSSL_API int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_SetCustomSKID(wc_PKCS7* pkcs7, const byte* in,
+                                        word16 inSz);
+WOLFSSL_API int  wc_PKCS7_SetDetached(wc_PKCS7* pkcs7, word16 flag);
+WOLFSSL_API int  wc_PKCS7_NoDefaultSignedAttribs(wc_PKCS7* pkcs7);
+WOLFSSL_API int  wc_PKCS7_SetDefaultSignedAttribs(wc_PKCS7* pkcs7, word16 flag);
+WOLFSSL_API int  wc_PKCS7_EncodeSignedData(wc_PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf,
                                           word32 hashSz, byte* outputHead,
                                           word32* outputHeadSz,
                                           byte* outputFoot,
                                           word32* outputFootSz);
-WOLFSSL_API void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag);
-WOLFSSL_API int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
+WOLFSSL_API void wc_PKCS7_AllowDegenerate(wc_PKCS7* pkcs7, word16 flag);
+WOLFSSL_API int  wc_PKCS7_VerifySignedData(wc_PKCS7* pkcs7,
                                           byte* pkiMsg, word32 pkiMsgSz);
-WOLFSSL_API int  wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
+WOLFSSL_API int  wc_PKCS7_VerifySignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf,
                                           word32 hashSz, byte* pkiMsgHead,
                                           word32 pkiMsgHeadSz, byte* pkiMsgFoot,
                                           word32 pkiMsgFootSz);
 
-WOLFSSL_API int  wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz);
+WOLFSSL_API int  wc_PKCS7_GetSignerSID(wc_PKCS7* pkcs7, byte* out, word32* outSz);
 
 /* CMS single-shot API for Signed FirmwarePkgData */
-WOLFSSL_API int  wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedFPD(wc_PKCS7* pkcs7, byte* privateKey,
                                           word32 privateKeySz, int signOID,
                                           int hashOID, byte* content,
                                           word32 contentSz,
@@ -417,7 +447,7 @@ WOLFSSL_API int  wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey,
                                           word32 outputSz);
 #ifndef NO_PKCS7_ENCRYPTED_DATA
 /* CMS single-shot API for Signed Encrypted FirmwarePkgData */
-WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedFPD(wc_PKCS7* pkcs7,
                                           byte* encryptKey, word32 encryptKeySz,
                                           byte* privateKey, word32 privateKeySz,
                                           int encryptOID, int signOID,
@@ -431,7 +461,7 @@ WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7,
 #endif /* NO_PKCS7_ENCRYPTED_DATA */
 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
 /* CMS single-shot API for Signed Compressed FirmwarePkgData */
-WOLFSSL_API int  wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedCompressedFPD(wc_PKCS7* pkcs7,
                                           byte* privateKey, word32 privateKeySz,
                                           int signOID, int hashOID,
                                           byte* content, word32 contentSz,
@@ -441,7 +471,7 @@ WOLFSSL_API int  wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7,
 
 #ifndef NO_PKCS7_ENCRYPTED_DATA
 /* CMS single-shot API for Signed Encrypted Compressed FirmwarePkgData */
-WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(wc_PKCS7* pkcs7,
                                           byte* encryptKey, word32 encryptKeySz,
                                           byte* privateKey, word32 privateKeySz,
                                           int encryptOID, int signOID,
@@ -456,80 +486,80 @@ WOLFSSL_API int  wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7,
 #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
 
 /* EnvelopedData and AuthEnvelopedData RecipientInfo functions */
-WOLFSSL_API int  wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert,
+WOLFSSL_API int  wc_PKCS7_AddRecipient_KTRI(wc_PKCS7* pkcs7, const byte* cert,
                                           word32 certSz, int options);
-WOLFSSL_API int  wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert,
+WOLFSSL_API int  wc_PKCS7_AddRecipient_KARI(wc_PKCS7* pkcs7, const byte* cert,
                                           word32 certSz, int keyWrapOID,
                                           int keyAgreeOID, byte* ukm,
                                           word32 ukmSz, int options);
 
-WOLFSSL_API int  wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz);
-WOLFSSL_API int  wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID,
+WOLFSSL_API int  wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz);
+WOLFSSL_API int  wc_PKCS7_AddRecipient_KEKRI(wc_PKCS7* pkcs7, int keyWrapOID,
                                           byte* kek, word32 kekSz,
                                           byte* keyID, word32 keyIdSz,
                                           void* timePtr, byte* otherOID,
                                           word32 otherOIDSz, byte* other,
                                           word32 otherSz, int options);
 
-WOLFSSL_API int  wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen);
-WOLFSSL_API int  wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd,
+WOLFSSL_API int  wc_PKCS7_SetPassword(wc_PKCS7* pkcs7, byte* passwd, word32 pLen);
+WOLFSSL_API int  wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd,
                                           word32 pLen, byte* salt,
                                           word32 saltSz, int kdfOID,
                                           int prfOID, int iterations,
                                           int kekEncryptOID, int options);
-WOLFSSL_API int  wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx);
-WOLFSSL_API int  wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx);
-WOLFSSL_API int  wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb);
-WOLFSSL_API int  wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt cb,
+WOLFSSL_API int  wc_PKCS7_SetOriEncryptCtx(wc_PKCS7* pkcs7, void* ctx);
+WOLFSSL_API int  wc_PKCS7_SetOriDecryptCtx(wc_PKCS7* pkcs7, void* ctx);
+WOLFSSL_API int  wc_PKCS7_SetOriDecryptCb(wc_PKCS7* pkcs7, CallbackOriDecrypt cb);
+WOLFSSL_API int  wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt cb,
                                            int options);
-WOLFSSL_API int  wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7,
         CallbackWrapCEK wrapCEKCb);
 
 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
-WOLFSSL_API int  wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7,
         CallbackRsaSignRawDigest cb);
 #endif
 
 /* CMS/PKCS#7 EnvelopedData */
-WOLFSSL_API int  wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
+WOLFSSL_API int  wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
 
 /* CMS/PKCS#7 AuthEnvelopedData */
-WOLFSSL_API int  wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
+WOLFSSL_API int  wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
 
 /* CMS/PKCS#7 EncryptedData */
 #ifndef NO_PKCS7_ENCRYPTED_DATA
-WOLFSSL_API int  wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_EncodeEncryptedData(wc_PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg,
+WOLFSSL_API int  wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
-WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7,
+WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCb(wc_PKCS7* pkcs7,
         CallbackDecryptContent decryptionCb);
-WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx);
+WOLFSSL_API int  wc_PKCS7_SetDecodeEncryptedCtx(wc_PKCS7* pkcs7, void* ctx);
 #endif /* NO_PKCS7_ENCRYPTED_DATA */
 
 /* stream and certs */
-WOLFSSL_LOCAL int wc_PKCS7_WriteOut(PKCS7* pkcs7, byte* output,
+WOLFSSL_LOCAL int wc_PKCS7_WriteOut(wc_PKCS7* pkcs7, byte* output,
     const byte* input, word32 inputSz);
-WOLFSSL_API int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag,
+WOLFSSL_API int wc_PKCS7_SetStreamMode(wc_PKCS7* pkcs7, byte flag,
     CallbackGetContent getContentCb, CallbackStreamOut streamOutCb, void* ctx);
-WOLFSSL_API int wc_PKCS7_GetStreamMode(PKCS7* pkcs7);
-WOLFSSL_API int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag);
-WOLFSSL_API int wc_PKCS7_GetNoCerts(PKCS7* pkcs7);
+WOLFSSL_API int wc_PKCS7_GetStreamMode(wc_PKCS7* pkcs7);
+WOLFSSL_API int wc_PKCS7_SetNoCerts(wc_PKCS7* pkcs7, byte flag);
+WOLFSSL_API int wc_PKCS7_GetNoCerts(wc_PKCS7* pkcs7);
 
 /* CMS/PKCS#7 CompressedData */
 #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
-WOLFSSL_API int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output,
+WOLFSSL_API int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output,
                                               word32 outputSz);
-WOLFSSL_API int wc_PKCS7_DecodeCompressedData(PKCS7* pkcs7, byte* pkiMsg,
+WOLFSSL_API int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                               word32 pkiMsgSz, byte* output,
                                               word32 outputSz);
 #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
diff --git a/wolfssl/wolfcrypt/poly1305.h b/wolfssl/wolfcrypt/poly1305.h
index a765a8775..c6adb0ef3 100644
--- a/wolfssl/wolfcrypt/poly1305.h
+++ b/wolfssl/wolfcrypt/poly1305.h
@@ -1,6 +1,6 @@
 /* poly1305.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -98,6 +98,23 @@ typedef struct Poly1305 {
     word64 leftover;
     unsigned char buffer[POLY1305_BLOCK_SIZE];
     unsigned char finished;
+#elif defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_THUMB2) && \
+    !defined(WOLFSSL_ARMASM_NO_NEON)
+    /* NEON implementation for ARM32 */
+    word32 r[4];
+    word32 h[6];
+    word32 pad[4];
+    word32 leftover;
+    unsigned char buffer[4*POLY1305_BLOCK_SIZE];
+    word32 r_21[10];
+    word32 r_43[10];
+#elif defined(WOLFSSL_ARMASM)
+    /* ARM32 (non-NEON) and Thumb2 */
+    word32 r[4];
+    word32 h[5];
+    word32 pad[4];
+    word32 leftover;
+    unsigned char buffer[POLY1305_BLOCK_SIZE];
 #elif defined(WOLFSSL_RISCV_ASM)
     word64 r[2];
 #ifdef WOLFSSL_RISCV_VECTOR
@@ -141,21 +158,47 @@ WOLFSSL_API int wc_Poly1305_EncodeSizes64(Poly1305* ctx, word64 aadSz,
 WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, const byte* additional,
     word32 addSz, const byte* input, word32 sz, byte* tag, word32 tagSz);
 
-#if defined(__aarch64__ ) && defined(WOLFSSL_ARMASM)
+#if defined(WOLFSSL_ARMASM)
+#if defined(__aarch64__ )
 #define poly1305_blocks     poly1305_blocks_aarch64
 #define poly1305_block      poly1305_block_aarch64
 
 void poly1305_blocks_aarch64(Poly1305* ctx, const unsigned char *m,
-                            size_t bytes);
+    size_t bytes);
 void poly1305_block_aarch64(Poly1305* ctx, const unsigned char *m);
+#else
+#if defined(WOLFSSL_ARMASM_THUMB2)
+#define poly1305_blocks     poly1305_blocks_thumb2
+#define poly1305_block      poly1305_block_thumb2
+
+void poly1305_blocks_thumb2(Poly1305* ctx, const unsigned char *m,
+    size_t bytes);
+void poly1305_block_thumb2(Poly1305* ctx, const unsigned char *m);
+
+void poly1305_blocks_thumb2_16(Poly1305* ctx, const unsigned char* m,
+    word32 len, int notLast);
+#else
+#define poly1305_blocks     poly1305_blocks_arm32
+#define poly1305_block      poly1305_block_arm32
+
+void poly1305_blocks_arm32(Poly1305* ctx, const unsigned char *m, size_t bytes);
+void poly1305_block_arm32(Poly1305* ctx, const unsigned char *m);
+
+void poly1305_arm32_blocks(Poly1305* ctx, const unsigned char* m, word32 len);
+void poly1305_arm32_blocks_16(Poly1305* ctx, const unsigned char* m, word32 len,
+    int notLast);
 #endif
+void poly1305_set_key(Poly1305* ctx, const byte* key);
+void poly1305_final(Poly1305* ctx, byte* mac);
+#endif
+#endif /* WOLFSSL_ARMASM */
 
 #if defined(WOLFSSL_RISCV_ASM)
 #define poly1305_blocks     poly1305_blocks_riscv64
 #define poly1305_block      poly1305_block_riscv64
 
 void poly1305_blocks_riscv64(Poly1305* ctx, const unsigned char *m,
-                            size_t bytes);
+    size_t bytes);
 void poly1305_block_riscv64(Poly1305* ctx, const unsigned char *m);
 #endif
 
diff --git a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
index a7873f203..4ae38a9ff 100644
--- a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
+++ b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
@@ -1,6 +1,6 @@
 /* esp-sdk-lib.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,7 +31,7 @@
 /* WOLFSSL_USER_SETTINGS must be defined, typically in the CMakeLists.txt: */
 /*    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")        */
 #ifndef WOLFSSL_USER_SETTINGS
-    #error  "WOLFSSL_USER_SETTINGS must be defined for Espressif targts"
+    #error  "WOLFSSL_USER_SETTINGS must be defined for Espressif targets"
 #endif
 
 /* FreeRTOS */
@@ -148,9 +148,13 @@ WOLFSSL_LOCAL esp_err_t sdk_var_whereis(const char* v_name, void* v);
 
 WOLFSSL_LOCAL intptr_t esp_sdk_stack_pointer(void);
 
+#if defined(USE_WOLFSSL_ESP_SDK_TIME)
+
 /******************************************************************************
 * Time helpers
 ******************************************************************************/
+WOLFSSL_LOCAL esp_err_t esp_sdk_time_mem_init(void);
+
 WOLFSSL_LOCAL esp_err_t esp_sdk_time_lib_init(void);
 
 /* a function to show the current data and time */
@@ -168,8 +172,9 @@ WOLFSSL_LOCAL esp_err_t set_time(void);
 
 /* wait NTP_RETRY_COUNT seconds before giving up on NTP time */
 WOLFSSL_LOCAL esp_err_t set_time_wait_for_ntp(void);
+#endif
 
-#ifndef NO_ESP_SDK_WIFI
+#if defined(USE_WOLFSSL_ESP_SDK_WIFI)
 
 /******************************************************************************
 * WiFi helpers
@@ -201,8 +206,7 @@ WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_init_sta(void);
 
 WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_show_ip(void);
 
-#endif /* !NO_ESP_SDK_WIFI */
-
+#endif /* USE_WOLFSSL_ESP_SDK_WIFI */
 
 /******************************************************************************
 * Debug helpers
diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
index 9a33bf5d3..ac48d9773 100644
--- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
+++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h
@@ -1,6 +1,6 @@
 /* esp32-crypt.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,7 +30,7 @@
 #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
 
 #ifndef WOLFSSL_USER_SETTINGS
-    #error  "WOLFSSL_USER_SETTINGS must be defined for Espressif targts"
+    #error  "WOLFSSL_USER_SETTINGS must be defined for Espressif targets"
 #endif
 
 #include "sdkconfig.h" /* ensure ESP-IDF settings are available everywhere */
@@ -216,6 +216,13 @@ enum {
 **   Turns on diagnostic messages for SHA mutex. Note that given verbosity,
 **   there may be TLS timing issues encountered. Use with caution.
 **
+** DEBUG_WOLFSSL_ESP32_HEAP
+**   Prints heap memory usage
+**
+** DEBUG_WOLFSSL_ESP32_UNFINISHED_HW
+**   This may be interesting in that HW may have been unnecessarily locked
+**   for hash that was never completed. (typically encountered at `free1` time)
+**
 ** LOG_LOCAL_LEVEL
 **   Debugging. Default value is ESP_LOG_DEBUG
 **
@@ -229,6 +236,14 @@ enum {
 ** WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
 **   Shows a warning when mulm falls back for minimum number of bits.
 **
+** WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+**   Shows a warning when multiplication math bits have exceeded hardware
+**   capabilities and will fall back to slower software.
+**
+** WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+**   Shows a warning when modular math bits have exceeded hardware capabilities
+**   and will fall back to slower software.
+**
 ** NO_HW_MATH_TEST
 **   Even if HW is enabled, do not run HW math tests. See HW_MATH_ENABLED.
 **
@@ -318,7 +333,7 @@ enum {
         #include <driver/periph_ctrl.h>
     #endif
 
-    #if ESP_IDF_VERSION_MAJOR >= 4
+    #if ESP_IDF_VERSION_MAJOR == 4 || (ESP_IDF_VERSION_MAJOR == 5 && ESP_IDF_VERSION_MINOR < 4)
         #include <esp32/rom/ets_sys.h>
     #else
         #include <rom/ets_sys.h>
@@ -363,9 +378,7 @@ enum {
         #include <driver/periph_ctrl.h>
     #endif
 
-    #if ESP_IDF_VERSION_MAJOR >= 4
-        /* #include <esp32/rom/ets_sys.h> */
-    #else
+    #if ESP_IDF_VERSION_MAJOR < 4
         #include <rom/ets_sys.h>
     #endif
 
@@ -399,9 +412,7 @@ enum {
         #include <driver/periph_ctrl.h>
     #endif
 
-    #if ESP_IDF_VERSION_MAJOR >= 4
-    /* #include <esp32/rom/ets_sys.h> */
-    #else
+    #if ESP_IDF_VERSION_MAJOR < 4
         #include <rom/ets_sys.h>
     #endif
 
@@ -435,9 +446,7 @@ enum {
         #include <driver/periph_ctrl.h>
     #endif
 
-    #if ESP_IDF_VERSION_MAJOR >= 4
-        /* #include <esp32/rom/ets_sys.h> */
-    #else
+    #if ESP_IDF_VERSION_MAJOR < 4
         #include <rom/ets_sys.h>
     #endif
 
@@ -563,6 +572,95 @@ enum {
     defined(WOLFSSL_ESP32_CRYPT_DEBUG)
 #endif
 
+/*
+******************************************************************************
+** wolfssl component Kconfig file settings
+******************************************************************************
+ * Naming convention:
+ *
+ * CONFIG_
+ *      This prefix indicates the setting came from the sdkconfig / Kconfig.
+ *
+ *      May or may not be related to wolfSSL.
+ *
+ *      The name after this prefix must exactly match that in the Kconfig file.
+ *
+ * WOLFSSL_
+ *      Typical of many, but not all wolfSSL macro names.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      May or may not have a corresponding sdkconfig / Kconfig control.
+ *
+ * ESP_WOLFSSL_
+ *      These are NOT valid wolfSSL macro names. These are names only used in
+ *      the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
+ *      suffix added. See next section.
+ *
+ * CONFIG_ESP_WOLFSSL_
+ *      This is a wolfSSL-specific macro that has been defined in the ESP-IDF
+ *      via the sdkconfig / menuconfig. Any text after this prefix should
+ *      exactly match an existing wolfSSL macro name.
+ *
+ *      Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
+ *
+ *      These macros may also be specific to only the project or environment,
+ *      and possibly not used anywhere else in the wolfSSL libraries.
+ */
+
+
+
+/* Pre-set some hardware acceleration from Kconfig / menuconfig settings */
+#ifdef CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT
+    #define NO_ESP32_CRYPT
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_AES
+    #define NO_WOLFSSL_ESP32_CRYPT_AES
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_HASH
+    #define NO_WOLFSSL_ESP32_CRYPT_HASH
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
+#endif
+#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
+    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
+#endif
+
+/* wolfCrypt test settings */
+#ifdef CONFIG_ESP_WOLFSSL_ENABLE_TEST
+    #ifdef CONFIG_WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
+        #define HAVE_WOLFCRYPT_TEST_OPTIONS
+    #endif
+#endif
+
+/* debug options */
+#if defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL)
+    /* wolfSSH debugging enabled via Kconfig / menuconfig */
+    #define DEBUG_WOLFSSL
+#endif
+
+/*
+******************************************************************************
+** END wolfssl component Kconfig file settings
+******************************************************************************
+*/
+
 #ifdef __cplusplus
 extern "C"
 {
@@ -618,23 +716,16 @@ extern "C"
 */
 
 #ifndef NO_AES
-    #if ESP_IDF_VERSION_MAJOR >= 4
-        #include "esp32/rom/aes.h"
-    #elif defined(CONFIG_IDF_TARGET_ESP8266)
-        /* no hardware includes for ESP8266*/
-    #else
-        #include "rom/aes.h"
-    #endif
+    /* wolfSSL does not use Espressif rom/aes.h */
+    struct Aes; /* see wolcrypt/aes.h */
 
-    typedef enum tagES32_AES_PROCESS /* TODO what's this ? */
+    typedef enum tagES32_AES_PROCESS
     {
         ESP32_AES_LOCKHW            = 1,
         ESP32_AES_UPDATEKEY_ENCRYPT = 2,
         ESP32_AES_UPDATEKEY_DECRYPT = 3,
         ESP32_AES_UNLOCKHW          = 4
     } ESP32_AESPROCESS;
-
-    struct Aes; /* see aes.h */
 #if  defined(WOLFSSL_HW_METRICS)
     WOLFSSL_LOCAL int esp_hw_show_aes_metrics(void);
     WOLFSSL_LOCAL int wc_esp32AesUnupportedLengthCountAdd(void);
@@ -678,7 +769,14 @@ extern "C"
 
     #define SHA_CTX ETS_SHAContext
 
-    #if ESP_IDF_VERSION_MAJOR >= 4
+    #if ESP_IDF_VERSION_MAJOR > 5 || (ESP_IDF_VERSION_MAJOR == 5 && ESP_IDF_VERSION_MINOR >= 4)
+        #include "rom/sha.h"
+        #if defined(CONFIG_IDF_TARGET_ESP32)
+            #define WC_ESP_SHA_TYPE enum SHA_TYPE
+        #else
+            #define WC_ESP_SHA_TYPE SHA_TYPE
+        #endif
+    #elif ESP_IDF_VERSION_MAJOR >= 4
         #if defined(CONFIG_IDF_TARGET_ESP32)
             #include "esp32/rom/sha.h"
             #define WC_ESP_SHA_TYPE enum SHA_TYPE
@@ -759,7 +857,7 @@ extern "C"
     #if defined(WOLFSSL_STACK_CHECK)
         word32 last_word;
     #endif
-    } WC_ESP32SHA;
+    } WC_ESP32SHA __attribute__((aligned(4)));
 
     WOLFSSL_LOCAL int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx);
     WOLFSSL_LOCAL int esp_sha_init(WC_ESP32SHA* ctx,
@@ -907,9 +1005,9 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha);
 
 /*
  * Errata Mitigation. See
- * https://www.espressif.com/sites/default/files/documentation/esp32_errata_en.pdf
- * https://www.espressif.com/sites/default/files/documentation/esp32-c3_errata_en.pdf
- * https://www.espressif.com/sites/default/files/documentation/esp32-s3_errata_en.pdf
+ *   esp32_errata_en.pdf
+ *   esp32-c3_errata_en.pdf
+ *   esp32-s3_errata_en.pdf
  */
 #define ESP_MP_HW_LOCK_MAX_DELAY ( TickType_t ) 0xffUL
 
@@ -986,6 +1084,29 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha);
 }
 #endif
 
+/******************************************************************************
+** Sanity Checks
+******************************************************************************/
+#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
+    #if defined(WOLFCRYPT_HAVE_SRP)
+        #if defined(FP_MAX_BITS)
+            #if FP_MAX_BITS <  (8192 * 2)
+                #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
+            #else
+                #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
+            #endif
+        #else
+            #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
+        #endif
+
+        #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
+            #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
+        #endif
+    #endif
+#else
+    #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
+#endif
+
 #endif /* WOLFSSL_ESPIDF (entire contents excluded when not Espressif ESP-IDF) */
 
 #endif  /* __ESP32_CRYPT_H__ */
diff --git a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h
new file mode 100644
index 000000000..cc8f48f23
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h
@@ -0,0 +1,242 @@
+/* esp_crt_bundle.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifndef __ESP_CRT_BUNDLE_wolfssl_LIB_H__
+
+#define __ESP_CRT_BUNDLE_wolfssl_LIB_H__
+
+/* This file is typically NOT directly used by applications utilizing the
+ * wolfSSL libraries. It is used when the wolfssl library component is
+ * configured to be utilized by the Espressif ESP-IDF, specifically the
+ * esp-tls layer.
+ *
+ * See: esp-idf api-reference for esp_tls.
+ * https://github.com/espressif/esp-idf/blob/master/components/esp-tls/esp_tls.h
+ *
+ *******************************************************************************
+ ** Optional Settings:
+ *******************************************************************************
+ * WOLFSSL_DEBUG_CERT_BUNDLE_NAME
+ *   Optionally show certificate bundle debugging info.
+ *
+ * WOLFSSL_DEBUG_CERT_BUNDLE_NAME
+ *   Optionally show certificate bundle name debugging info.
+ *
+ * WOLFSSL_EXAMPLE_VERBOSITY
+ *   Optionally print example application information that may be interesting.
+ *
+ * IS_WOLFSSL_CERT_BUNDLE_FORMAT
+ *   This should be left on as no other bundle format is supported at this time.
+ *
+ * CB_INLINE
+ *   Normally on, this uses the compiler `inline` decorator for bundle functions
+ *   to be optimized, since they are called during a TLS connection.
+ *
+ * See Kconfig file (or use idy.py menuconfig) for other bundle settings.
+ *
+ *******************************************************************************
+ ** Other Settings:
+ *******************************************************************************
+ * WOLFSSL_CMAKE_REQUIRED_ESP_TLS
+ *  This is defined in the wolfssl component cmake file when the esp-tls
+ *  component is required. This is typically when Certificate Bundles are
+ *  enabled, and the esp_tls_free_global_ca_store() in the esp-tls needs
+ *  to be called from the wolfSSL wolfSSL_bundle_cleanup().
+ */
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt  */
+/* Reminder: settings.h pulls in user_settings.h                         */
+/*   Do not explicitly include user_settings.h here.                     */
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF   */
+
+#ifndef WOLFSSL_USER_SETTINGS
+    #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targets"
+#endif
+
+#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) || \
+    defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE)
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define WOLFSSL_X509_VERIFY_CALLBACK (void *, WOLFSSL_X509 *, int, uint32_t *)
+#include <wolfssl/ssl.h>
+
+typedef struct wolfssl_ssl_config wolfssl_ssl_config;
+
+struct wolfssl_ssl_config
+{
+    WOLFSSL_X509* ca_chain;
+    WOLFSSL_X509_CRL* ca_crl;
+    void *priv_ctx;
+    void *priv_ssl;
+};
+
+/**
+ * @brief      Attach and enable use of a bundle for certificate verification
+ *
+ * Attach and enable use of a bundle for certificate verification through a
+ * verification callback.If no specific bundle has been set through
+ * esp_crt_bundle_set() it will default to the bundle defined in menuconfig
+ * and embedded in the binary.
+ *
+ * Note this must be visible for both the regular bundles, as well as the
+ *"none" option.
+ *
+ * Other code gated out, below, when the "none" option is selected.
+ *
+ * @param[in]  conf      The config struct for the SSL connection.
+ *
+ * @return
+ *             - ESP_OK  if adding certificates was successful.
+ *             - Other   if an error occurred or an action must be taken by the
+ *                       calling process.
+ */
+esp_err_t esp_crt_bundle_attach(void *conf);
+
+
+#if defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \
+    defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE) && \
+    (CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE == 1)
+
+/* Certificate bundles are enabled, but the "none" option selected */
+
+#else
+/**
+ * @brief      Return ESP_OK for valid bundle, otherwise ESP_FAIL.
+ *
+ * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer.
+ */
+esp_err_t esp_crt_bundle_is_valid(void);
+
+/**
+ * @brief      Return 1 if Cert Bundle loaded, otherwise 0.
+ *
+ * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer.
+ */
+int wolfssl_cert_bundle_loaded(void);
+
+/**
+ * @brief      Return 1 is a cert from the bundle was needed
+ *             at connection time, otherwise 0.
+ *
+ * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer.
+ */
+int wolfssl_need_bundle_cert(void);
+
+/**
+ * @brief      Disable and dealloc the certification bundle
+ *
+ * Used by ESP-IDF esp-tls layer.
+ *
+ * Removes the certificate verification callback and deallocates used resources
+ *
+ * @param[in]  conf      The config struct for the SSL connection.
+ */
+void esp_crt_bundle_detach(wolfssl_ssl_config *conf);
+
+/**
+ * @brief      Set the default certificate bundle used for verification
+ *
+ * Used by ESP-IDF esp-tls layer.
+ *
+ * Overrides the default certificate bundle only in case of successful
+ * initialization. In most use cases the bundle should be set through
+ * menuconfig. The bundle needs to be sorted by subject name since binary
+ * search is used to find certificates.
+ *
+ * @param[in]  x509_bundle     A pointer to the certificate bundle.
+ *
+ * @param[in]  bundle_size     Size of the certificate bundle in bytes.
+ *
+ * @return
+ *             - ESP_OK  if adding certificates was successful.
+ *             - Other   if an error occurred or an action must be taken
+ *                       by the calling process.
+ */
+esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size);
+
+
+/**
+ * @brief      Set the issuer and subject values given the current cert.
+ *
+ * Used internally by ESP-IDF esp-tls layer. Also helpful for debugging
+ * and general visibility to certificate attributes.
+ *
+ * The CERT_TAG can be used at the esp-tls or application layer to indicate
+ * the usage of the respective cert (e.g. the string "peer").
+ *
+ * Turn on WOLFSSL_DEBUG_CERT_BUNDLE to also see ASN1 before/after values.
+ *
+ * @return
+ *             - WOLFSSL_SUCCESS (1)
+ *             - WOLFSSL_FAILURE (0) if unable to get issues and/or subject.
+ */
+int wolfSSL_X509_get_cert_items(char* CERT_TAG,
+                                WOLFSSL_X509* cert,
+                                WOLFSSL_X509_NAME** issuer,
+                                WOLFSSL_X509_NAME** subject);
+
+esp_err_t wolfSSL_bundle_cleanup(void);
+
+WOLFSSL_LOCAL void wolfssl_ssl_conf_verify(wolfssl_ssl_config *conf,
+                             int (*f_vrfy) WOLFSSL_X509_VERIFY_CALLBACK,
+                             void *p_vrfy);
+
+WOLFSSL_LOCAL void wolfssl_ssl_conf_authmode(wolfssl_ssl_config *conf,
+                                             int authmode);
+
+WOLFSSL_LOCAL void wolfssl_ssl_conf_ca_chain(wolfssl_ssl_config *conf,
+                                             WOLFSSL_X509 *ca_chain,
+                                             WOLFSSL_X509_CRL *ca_crl);
+
+WOLFSSL_LOCAL void wolfssl_x509_crt_init(WOLFSSL_X509 *crt);
+
+WOLFSSL_LOCAL int esp_crt_verify_callback(void *buf, WOLFSSL_X509 *crt,
+                                          int depth, uint32_t *flags);
+
+#ifdef __cplusplus
+}
+#endif
+
+/* Detect if wolfSSL is enabled, but so are mbedTLS bundles */
+#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE) && \
+            CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
+    #error "wolfSSL cannot use mbedTLS certificate bundles. Please disable them"
+#endif
+
+#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */
+
+#endif /* CONFIG_ESP_TLS_USING_WOLFSSL */
+
+#endif /* WOLFSSL_ESPIDF */
+
+#endif /* __ESP_CRT_BUNDLE_wolfssl_LIB_H__ */
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
index b4faa7368..24ce01438 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
@@ -1,6 +1,6 @@
 /* renesas-fspsm-crypt.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
index 33dcbbc8d..711752b19 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
@@ -1,6 +1,6 @@
 /* renesas-fsp-crypt.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h
index 8d6cfe172..82997c16c 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h
@@ -2,7 +2,7 @@
  *
  * Contributed by Johnson Controls Tyco IP Holdings LLP.
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
index 2a0cd1ff5..a642506b0 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
@@ -1,6 +1,6 @@
 /* renesas-tsip-crypt.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -98,13 +98,13 @@ enum {
 
 typedef enum {
     #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
-    TSIP_KEY_TYPE_RSA1024      = 1, /* TSIP_RSA1024 */
+    TSIP_KEY_TYPE_RSA1024      = 1, /* RSA 1024 */
     #endif
-    TSIP_KEY_TYPE_RSA2048      = 2, /* TSIP_RSA2048 */
-    TSIP_KEY_TYPE_RSA3072      = 3, /* TSIP_RSA3072 */
-    TSIP_KEY_TYPE_RSA4096      = 4, /* TSIP_RSA4096 */
-    TSIP_KEY_TYPE_ECDSAP256    = 5, /* TSIP_ECCP256 */
-    TSIP_KEY_TYPE_ECDSAP384    = 6, /* TSIP_ECCP384 */
+    TSIP_KEY_TYPE_RSA2048      = 2, /* RSA 2048 */
+    TSIP_KEY_TYPE_RSA3072      = 3, /* RSA 3072 */
+    TSIP_KEY_TYPE_RSA4096      = 4, /* RSA 4096 */
+    TSIP_KEY_TYPE_ECDSAP256    = 5, /* ECC P256 */
+    TSIP_KEY_TYPE_ECDSAP384    = 6, /* ECC P384 */
 } wolfssl_TSIP_KEY_TYPE;
 
 
@@ -301,10 +301,14 @@ typedef struct TsipUserCtx {
 /* for tsip crypt only mode */
 #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
 #ifndef NO_RSA
+    #if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
     tsip_rsa1024_private_key_index_t* rsa1024pri_keyIdx;
     tsip_rsa1024_public_key_index_t*  rsa1024pub_keyIdx;
+    #endif
+    #if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
     tsip_rsa2048_private_key_index_t* rsa2048pri_keyIdx;
     tsip_rsa2048_public_key_index_t*  rsa2048pub_keyIdx;
+    #endif
 #endif
 #ifdef HAVE_ECC
     #ifdef HAVE_ECC_SIGN
@@ -379,6 +383,10 @@ WOLFSSL_API int  tsip_set_callback_ctx(struct WOLFSSL* ssl, void* user_ctx);
 
 WOLFSSL_API int  tsip_set_clientPrivateKeyEnc(const byte* key, int keyType);
 
+
+WOLFSSL_LOCAL int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType);
+WOLFSSL_LOCAL int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType);
+
 #if defined(WOLF_PRIVATE_KEY_ID)
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
@@ -437,9 +445,12 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(struct wc_CryptoInfo* info,
 WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info,
     TsipUserCtx* tuc);
 
+WOLFSSL_LOCAL int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc);
+
 WOLFSSL_LOCAL int tsip_SignEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
 
-WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
+WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info,
+    TsipUserCtx* tuc);
 
 WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl);
 
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
index 42f1695e9..167530f21 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
@@ -1,6 +1,6 @@
 /* renesas_cmn.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h b/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h
index 3b6744914..438e4f2fa 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h
@@ -1,6 +1,6 @@
 /* renesas_sync.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
index 2063056b8..e454a5cb5 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
@@ -1,7 +1,7 @@
 
 /* renesas_tsip_types.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -58,16 +58,16 @@ typedef wolfssl_TSIP_Hash wc_Sha256;
 
 #endif /* !NO_SHA || !NO_SHA256 */
 
+#if defined(WOLFSSL_RENESAS_TSIP_TLS)
+#include "r_tsip_rx_if.h"
 
+/* TSIP TLS KEY Definition */
 typedef enum {
-    TSIP_RSA1024 = 1,
-    TSIP_RSA2048 = 2,
-    TSIP_RSA3072 = 3,
-    TSIP_RSA4096 = 4,
-    TSIP_ECCP256 = 5,
-    TSIP_ECCP384 = 6,
+    TSIP_RSA2048 = R_TSIP_TLS_PUBLIC_KEY_TYPE_RSA2048,
+    TSIP_RSA4096 = R_TSIP_TLS_PUBLIC_KEY_TYPE_RSA4096,
+    TSIP_ECCP256 = R_TSIP_TLS_PUBLIC_KEY_TYPE_ECDSA_P256,
 } TSIP_KEY_TYPE;
-
+#endif
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) || \
     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
diff --git a/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h b/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h
index 8defcb82f..3ddaa8441 100644
--- a/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h
+++ b/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h
@@ -1,6 +1,6 @@
 /* afalg_hash.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h b/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h
index af9e76827..74c818e63 100644
--- a/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h
+++ b/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h
@@ -1,6 +1,6 @@
 /* wc_afalg.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/aria/aria-crypt.h b/wolfssl/wolfcrypt/port/aria/aria-crypt.h
index a660bdb3a..0bc00a16b 100644
--- a/wolfssl/wolfcrypt/port/aria/aria-crypt.h
+++ b/wolfssl/wolfcrypt/port/aria/aria-crypt.h
@@ -1,6 +1,6 @@
 /* aria-crypt.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h b/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
index 68099b1c2..3ef3ecabc 100644
--- a/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
+++ b/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
@@ -1,6 +1,6 @@
 /* aria-cryptocb.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/arm/cryptoCell.h b/wolfssl/wolfcrypt/port/arm/cryptoCell.h
index eb9169f30..51abd3ad9 100644
--- a/wolfssl/wolfcrypt/port/arm/cryptoCell.h
+++ b/wolfssl/wolfcrypt/port/arm/cryptoCell.h
@@ -1,6 +1,6 @@
 /* cryptoCell.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/atmel/atmel.h b/wolfssl/wolfcrypt/port/atmel/atmel.h
index c2f994083..d5c9458c5 100644
--- a/wolfssl/wolfcrypt/port/atmel/atmel.h
+++ b/wolfssl/wolfcrypt/port/atmel/atmel.h
@@ -1,6 +1,6 @@
 /* atmel.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/autosar/CryIf.h b/wolfssl/wolfcrypt/port/autosar/CryIf.h
index 9a75f4e87..04e134606 100644
--- a/wolfssl/wolfcrypt/port/autosar/CryIf.h
+++ b/wolfssl/wolfcrypt/port/autosar/CryIf.h
@@ -1,6 +1,6 @@
 /* CryIf.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/autosar/Crypto.h b/wolfssl/wolfcrypt/port/autosar/Crypto.h
index f7b41f102..03b9515fd 100644
--- a/wolfssl/wolfcrypt/port/autosar/Crypto.h
+++ b/wolfssl/wolfcrypt/port/autosar/Crypto.h
@@ -1,6 +1,6 @@
 /* Crypto.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/autosar/Csm.h b/wolfssl/wolfcrypt/port/autosar/Csm.h
index 513560215..41994c3ae 100644
--- a/wolfssl/wolfcrypt/port/autosar/Csm.h
+++ b/wolfssl/wolfcrypt/port/autosar/Csm.h
@@ -1,6 +1,6 @@
 /* csm.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/autosar/StandardTypes.h b/wolfssl/wolfcrypt/port/autosar/StandardTypes.h
index 99c3698ab..c06868a2d 100644
--- a/wolfssl/wolfcrypt/port/autosar/StandardTypes.h
+++ b/wolfssl/wolfcrypt/port/autosar/StandardTypes.h
@@ -1,6 +1,6 @@
 /* StandardTypes.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/caam_driver.h b/wolfssl/wolfcrypt/port/caam/caam_driver.h
index 5b6d79130..1bd6766d5 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_driver.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_driver.h
@@ -1,6 +1,6 @@
 /* caam_driver.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/caam_error.h b/wolfssl/wolfcrypt/port/caam/caam_error.h
index cb2e2f234..aa883e8dc 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_error.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_error.h
@@ -1,6 +1,6 @@
 /* caam_error.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/caam_qnx.h b/wolfssl/wolfcrypt/port/caam/caam_qnx.h
index eb961c491..71cf57298 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_qnx.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_qnx.h
@@ -1,6 +1,6 @@
 /* caam_qnx.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam.h b/wolfssl/wolfcrypt/port/caam/wolfcaam.h
index 472e0592d..27eb44355 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam.h
@@ -1,6 +1,6 @@
 /* wolfcaam.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h
index 7764f3830..728405df0 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h
@@ -1,6 +1,6 @@
 /* wolfcaam_aes.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h
index 5a2798cb0..cefad8f03 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h
@@ -1,6 +1,6 @@
 /* wolfcaam_cmac.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h
index 50aa0087c..4287ccc98 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h
@@ -1,6 +1,6 @@
 /* wolfcaam_ecdsa.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h
index d85ab7e77..62a8f8aef 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h
@@ -1,6 +1,6 @@
 /* wolfcaam_fsl_nxp.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h
index caa5c27c3..624f76449 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h
@@ -1,6 +1,6 @@
 /* wolfcaam_hash.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h
index 6c3440511..079a6cff5 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h
@@ -1,6 +1,6 @@
 /* wolfcaam_qnx.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h
index 065363795..e550573dc 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h
@@ -1,6 +1,6 @@
 /* wolfcaam_rsa.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h
index ea1d2914e..b81c09f42 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h
@@ -1,6 +1,6 @@
 /* wolfcaam_seco.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h
index 17dc06e32..15ba8e201 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h
@@ -1,6 +1,6 @@
 /* wolfcaam_sha.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h
index 3354b45e5..00ff3b27e 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h
@@ -1,6 +1,6 @@
 /* wolfcaam_x25519.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h b/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h
index d1f861f92..ae7dab1fa 100644
--- a/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h
+++ b/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h
@@ -1,6 +1,6 @@
 /* cavium_octeon_sync.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h b/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
index 59fe2fdc7..61a8d3ec6 100644
--- a/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
+++ b/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
@@ -1,6 +1,6 @@
 /* psoc6_crypto.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h b/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h
index 20d69c98d..3bc53d396 100644
--- a/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h
+++ b/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h
@@ -1,6 +1,6 @@
 /* wc_devcrypto.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/intel/quickassist_sync.h b/wolfssl/wolfcrypt/port/intel/quickassist_sync.h
index 2db3f3ec4..f567e8cfd 100644
--- a/wolfssl/wolfcrypt/port/intel/quickassist_sync.h
+++ b/wolfssl/wolfcrypt/port/intel/quickassist_sync.h
@@ -1,6 +1,6 @@
 /* quickassist_sync.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h b/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
index 27b3b19da..12a2b4e79 100644
--- a/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
+++ b/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
@@ -1,6 +1,6 @@
 /* iotsafe.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h
index bf646f2ad..9ecb4bd85 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h
@@ -1,6 +1,6 @@
 /* kcapi_dh.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h
index a5ccb7c32..441f312ca 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h
@@ -1,6 +1,6 @@
 /* kcapi_ecc.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h
index b723ca51d..bb44a65f2 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h
@@ -1,6 +1,6 @@
 /* kcapi_hash.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h
index 784b47ee0..b5b65aad9 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h
@@ -1,6 +1,6 @@
 /* kcapi_hmac.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h b/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h
index 64fcdb66b..16d81d747 100644
--- a/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h
+++ b/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h
@@ -1,6 +1,6 @@
 /* kcapi_rsa.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h b/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h
index cfbc3e088..66c38b294 100644
--- a/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h
+++ b/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h
@@ -1,6 +1,6 @@
 /* wc_kcapi.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/liboqs/liboqs.h b/wolfssl/wolfcrypt/port/liboqs/liboqs.h
index f780164ac..a20273d38 100644
--- a/wolfssl/wolfcrypt/port/liboqs/liboqs.h
+++ b/wolfssl/wolfcrypt/port/liboqs/liboqs.h
@@ -1,6 +1,6 @@
 /* liboqs.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h b/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h
new file mode 100644
index 000000000..1b0977bb4
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h
@@ -0,0 +1,73 @@
+/* max3266x-cryptocb.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLFPORT_MAX3266X_CRYPTO_CB_H_
+#define _WOLFPORT_MAX3266X_CRYPTO_CB_H_
+
+#if (defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \
+    defined(WOLF_CRYPTO_CB)
+#ifndef WOLFSSL_MAX3266X_DEVID
+    #define WOLFSSL_MAX3266X_DEVID 9
+#endif
+#define WC_USE_DEVID WOLFSSL_MAX3266X_DEVID
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/cryptocb.h>
+#include <wolfssl/wolfcrypt/aes.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+    WOLFSSL_LOCAL int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info,
+                                        void* ctx);
+#ifdef HAVE_AES_ECB
+    WOLFSSL_LOCAL int wc_MxcCb_AesEcbEncrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+#ifdef HAVE_AES_CBC
+    WOLFSSL_LOCAL int wc_MxcCb_AesCbcEncrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+
+#ifdef HAVE_AES_DECRYPT
+#ifdef HAVE_AES_ECB
+    WOLFSSL_LOCAL int wc_MxcCb_AesEcbDecrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+#ifdef HAVE_AES_CBC
+    WOLFSSL_LOCAL int wc_MxcCb_AesCbcDecrypt(Aes* aes, byte* out,
+                                        const byte* in, word32 sz);
+#endif
+#endif /* HAVE_AES_DECRYPT */
+
+
+    WOLFSSL_LOCAL int wc_MXC_Sha256Update(wc_MXC_Sha* sha256,
+                                            const unsigned char* data,
+                                            unsigned int len);
+    WOLFSSL_LOCAL int wc_MXC_Sha256Final(wc_MXC_Sha* sha256,
+                                            unsigned char* hash);
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* (WOLFSSL_MAX3266X || WOLFSSL_MAX3266X_OLD) && WOLF_CRYPTO_CB) */
+#endif /* _WOLFPORT_MAX3266X_CRYPTO_CB_H_ */
diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x.h b/wolfssl/wolfcrypt/port/maxim/max3266x.h
new file mode 100644
index 000000000..4f02535bb
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/maxim/max3266x.h
@@ -0,0 +1,361 @@
+/* max3266x.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLFPORT_MAX3266X_H_
+#define _WOLFPORT_MAX3266X_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef WOLFSSL_MAX_HASH_SIZE
+    #define WOLFSSL_MAX_HASH_SIZE  64
+#endif
+
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+
+/* Some extra conditions when using callbacks */
+#if defined(WOLF_CRYPTO_CB)
+    #define MAX3266X_CB
+    #ifdef MAX3266X_MATH
+        #error Cannot have MAX3266X_MATH and MAX3266X_CB
+    #endif
+    #ifdef MAX3266X_SHA
+        #undef MAX3266X_SHA /* Turn Off Normal Sha Definition */
+        #define MAX3266X_SHA_CB /* Turn On Callback for SHA */
+    #endif
+#endif
+
+/* Default to all HW acceleration on unless specified in user_settings */
+#if !defined(MAX3266X_RNG) && !defined(MAX3266X_AES) && \
+        !defined(MAX3266X_AESGCM) && !defined(MAX3266X_SHA) && \
+        !defined(MAX3266X_MATH)
+    #define MAX3266X_RNG
+    #define MAX3266X_AES
+    #ifndef MAX3266X_CB
+        #define MAX3266X_SHA /* SHA is Supported, but need new definitions */
+        #define MAX3266X_MATH  /* MATH is not supported with callbacks */
+    #endif
+    #ifdef MAX3266X_CB
+        #define MAX3266X_SHA_CB /* Turn on Callback for SHA */
+    #endif
+#endif
+
+/* Crypto HW can be used in parallel on this device */
+/* Sets up new Mutexing if desired */
+#ifdef WOLFSSL_ALGO_HW_MUTEX
+    /* SDK only supports using RNG in parallel with crypto HW */
+    /* AES, HASH, and PK must share some mutex */
+    #define NO_AES_MUTEX
+    #define NO_HASH_MUTEX
+    #define NO_PK_MUTEX
+#endif /* WOLFSSL_ALGO_HW_MUTEX */
+
+#if defined(WOLFSSL_MAX3266X_OLD)
+    /* Support for older SDK API Maxim provides */
+
+    /* These are needed for older SDK */
+    #define TARGET MAX32665
+    #define TARGET_REV 0x4131
+    #include "mxc_sys.h"
+
+
+
+    #if defined(MAX3266X_RNG)
+        #include "trng.h"   /* Provides TRNG Drivers */
+        #define MXC_TPU_TRNG_Read           TRNG_Read
+        #warning "TRNG Health Test not available in older Maxim SDK"
+        #define MXC_TRNG_HealthTest(...)    0
+    #endif
+    #if defined(MAX3266X_AES)
+        #include "cipher.h" /* Provides Drivers for AES */
+        /* AES Defines */
+        #define MXC_TPU_CIPHER_TYPE      tpu_ciphersel_t
+        #define MXC_TPU_CIPHER_AES128    TPU_CIPHER_AES128
+        #define MXC_TPU_CIPHER_AES192    TPU_CIPHER_AES192
+        #define MXC_TPU_CIPHER_AES256    TPU_CIPHER_AES256
+
+        #define MXC_TPU_MODE_TYPE        tpu_modesel_t
+        #define MXC_TPU_MODE_ECB         TPU_MODE_ECB
+        #define MXC_TPU_MODE_CBC         TPU_MODE_CBC
+        #define MXC_TPU_MODE_CFB         TPU_MODE_CFB
+        #define MXC_TPU_MODE_CTR         TPU_MODE_CTR
+
+        /* AES Functions */
+        #define MXC_TPU_Cipher_Config       TPU_Cipher_Config
+        #define MXC_TPU_Cipher_AES_Encrypt  TPU_AES_Encrypt
+        #define MXC_TPU_Cipher_AES_Decrypt  TPU_AES_Decrypt
+
+    #endif
+    #if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB)
+        #include "hash.h"   /* Proivdes Drivers for SHA */
+        /* SHA Defines */
+        #define MXC_TPU_HASH_TYPE        tpu_hashfunsel_t
+        #define MXC_TPU_HASH_SHA1        TPU_HASH_SHA1
+        #define MXC_TPU_HASH_SHA224      TPU_HASH_SHA224
+        #define MXC_TPU_HASH_SHA256      TPU_HASH_SHA256
+        #define MXC_TPU_HASH_SHA384      TPU_HASH_SHA384
+        #define MXC_TPU_HASH_SHA512      TPU_HASH_SHA512
+
+        /* SHA Functions */
+        #define MXC_TPU_Hash_Config             TPU_Hash_Config
+        #define MXC_TPU_Hash_SHA                TPU_SHA
+
+    #endif
+    #if defined(MAX3266X_MATH)
+        #include "maa.h"    /* Provides Drivers for math acceleration for   */
+                            /* ECDSA and RSA Acceleration                   */
+        /* MAA Defines */
+        #define MXC_TPU_MAA_TYPE     tpu_maa_clcsel_t
+        #define MXC_TPU_MAA_EXP      TPU_MAA_EXP
+        #define MXC_TPU_MAA_SQ       TPU_MAA_SQ
+        #define MXC_TPU_MAA_MUL      TPU_MAA_MUL
+        #define MXC_TPU_MAA_SQMUL    TPU_MAA_SQMUL
+        #define MXC_TPU_MAA_ADD      TPU_MAA_ADD
+        #define MXC_TPU_MAA_SUB      TPU_MAA_SUB
+
+        /* MAA Functions */
+        #define MXC_TPU_MAA_Compute      MAA_Compute
+        #define MXC_TPU_MAA_Shutdown     MAA_Shutdown
+        #define MXC_TPU_MAA_Init         MAA_Init
+        #define MXC_TPU_MAA_Reset        MAA_Reset
+
+    #endif
+
+    /* TPU Functions */
+    #define MXC_TPU_Init                SYS_TPU_Init
+    #define MXC_TPU_Shutdown            SYS_TPU_Shutdown
+    #define MXC_SYS_PERIPH_CLOCK_TPU    SYS_PERIPH_CLOCK_TPU
+
+    #define MXC_SYS_PERIPH_CLOCK_TPU    SYS_PERIPH_CLOCK_TPU
+    #define MXC_SYS_PERIPH_CLOCK_TRNG   SYS_PERIPH_CLOCK_TRNG
+
+#else
+    /* Defaults to expect newer SDK */
+    #if defined(MAX3266X_RNG)
+        #include "trng.h"   /* Provides Drivers for TRNG    */
+    #endif
+    #if defined(MAX3266X_AES) || defined(MAX3266X_SHA) || \
+                defined(MAX3266X_MATH) || defined(MAX3266X_RSA) || \
+                defined(MAX3266X_RNG)
+        #include "tpu.h"    /* SDK Drivers for the TPU unit         */
+                            /* Handles AES, SHA, and                */
+                            /* MAA driver to accelerate RSA/ECDSA   */
+
+        /* AES Defines */
+        #define MXC_TPU_CIPHER_TYPE     mxc_tpu_ciphersel_t
+        #define MXC_TPU_MODE_TYPE       mxc_tpu_modesel_t
+
+        /* SHA Defines */
+        #define MXC_TPU_HASH_TYPE       mxc_tpu_hashfunsel_t
+
+        /* MAA Defines */
+        #define MXC_TPU_MAA_TYPE     mxc_tpu_maa_clcsel_t
+
+
+    #endif
+
+#endif
+
+
+/* Provide Driver for RTC if specified, meant for wolfCrypt benchmark only */
+#if defined(MAX3266X_RTC)
+    #if defined(WOLFSSL_MAX3266X_OLD)
+       #error Not Implemented with old SDK
+    #endif
+    #include "time.h"
+    #include "rtc.h"
+    #define MXC_SECS_PER_MIN (60)
+    #define MXC_SECS_PER_HR  (60 * MXC_SECS_PER_MIN)
+    #define MXC_SECS_PER_DAY (24 * MXC_SECS_PER_HR)
+#endif
+
+/* Variable Definitions */
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+    WOLFSSL_LOCAL int wc_MXC_TPU_Init(void);
+    WOLFSSL_LOCAL int wc_MXC_TPU_Shutdown(void);
+    /* Convert Errors to wolfCrypt Codes */
+    WOLFSSL_LOCAL int wc_MXC_error(int *ret);
+
+#ifdef MAX3266X_RTC
+    WOLFSSL_LOCAL int wc_MXC_RTC_Init(void);
+    WOLFSSL_LOCAL int wc_MXC_RTC_Reset(void);
+    WOLFSSL_LOCAL double wc_MXC_RTC_Time(void);
+#endif
+
+#ifdef MAX3266X_VERBOSE
+    #ifndef DEBUG_WOLFSSL
+        #error Need "#define DEBUG_WOLFSSL" to do use "#define MAX3266X_VERBOSE"
+    #else
+        #define MAX3266X_MSG(...)   WOLFSSL_MSG(__VA_ARGS__)
+    #endif
+#else
+    #define MAX3266X_MSG(...)   /* Compile out Verbose MSGs */
+#endif
+
+#ifdef MAX3266X_RNG
+    WOLFSSL_LOCAL int wc_MXC_TRNG_Random(unsigned char* output,
+                                                unsigned int sz);
+#endif
+
+#ifdef MAX3266X_AES
+    WOLFSSL_LOCAL int wc_MXC_TPU_AesEncrypt(const unsigned char* in,
+                                const unsigned char* iv,
+                                const unsigned char* enc_key,
+                                MXC_TPU_MODE_TYPE mode,
+                                unsigned int data_size,
+                                unsigned char* out, unsigned int keySize);
+#ifdef HAVE_AES_DECRYPT
+    WOLFSSL_LOCAL int wc_MXC_TPU_AesDecrypt(const unsigned char* in,
+                                const unsigned char* iv,
+                                const unsigned char* enc_key,
+                                MXC_TPU_MODE_TYPE mode,
+                                unsigned int data_size,
+                                unsigned char* out, unsigned int keySize);
+#endif /* HAVE_AES_DECRYPT */
+#endif /* MAX3266X_AES */
+
+#if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB)
+
+    /* Need to update this struct accordingly if other SHA Structs change */
+    /* This is a generic struct to use so only this is needed */
+
+    typedef struct {
+        unsigned char   *msg;
+        unsigned int    used;
+        unsigned int    size;
+    } wc_MXC_Sha;
+
+    #if !defined(NO_SHA)
+        /* Define the SHA digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA1[20] = {
+            0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
+            0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
+            0xaf, 0xd8, 0x07, 0x09};
+    #endif /* NO_SHA */
+
+    #if defined(WOLFSSL_SHA224)
+        /* Define the SHA-224 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA224[28] = {
+                0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
+                0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
+                0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
+                0xc5, 0xb3, 0xe4, 0x2f};
+    #endif /* WOLFSSL_SHA224 */
+
+    #if !defined(NO_SHA256)
+        /* Define the SHA-256 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA256[32] = {
+                0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
+                0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
+                0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+                0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55};
+    #endif /* NO_SHA256 */
+
+    #if defined(WOLFSSL_SHA384)
+        /* Define the SHA-384 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA384[48] = {
+            0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38,
+            0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a,
+            0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
+            0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda,
+            0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb,
+            0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b};
+    #endif /* WOLFSSL_SHA384 */
+
+    #if defined(WOLFSSL_SHA512)
+        /* Does not support these SHA512 Macros */
+        #ifndef WOLFSSL_NOSHA512_224
+            #warning "MAX3266X Port does not support SHA-512/224"
+            #define WOLFSSL_NOSHA512_224
+        #endif
+        #ifndef WOLFSSL_NOSHA512_256
+            #warning "MAX3266X Port does not support SHA-512/256"
+            #define WOLFSSL_NOSHA512_256
+        #endif
+
+        /* Define the SHA-512 digest for an empty string */
+        /* as a constant byte array */
+        static const unsigned char MXC_EMPTY_DIGEST_SHA512[64] = {
+            0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd,
+            0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07,
+            0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
+            0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce,
+            0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0,
+            0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
+            0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81,
+            0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e};
+    #endif /* WOLFSSL_SHA512 */
+
+
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash,
+                                                const unsigned char* data,
+                                                unsigned int size);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash,
+                                                unsigned char* digest,
+                                                MXC_TPU_HASH_TYPE algo);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash,
+                                                unsigned char* digest,
+                                                MXC_TPU_HASH_TYPE algo);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst);
+    WOLFSSL_LOCAL void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash);
+    WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash,
+                                                unsigned char* digest,
+                                                MXC_TPU_HASH_TYPE algo);
+
+
+#endif /* defined(MAX3266X_SHA) && !defined(WOLF_CRYPTO_CB) */
+
+#if defined(MAX3266X_MATH)
+    #define WOLFSSL_USE_HW_MP
+    /* Setup mapping to fallback if edge case is encountered */
+    #if defined(USE_FAST_MATH)
+        #define mxc_mod         fp_mod
+        #define mxc_addmod      fp_addmod
+        #define mxc_submod      fp_submod
+        #define mxc_mulmod      fp_mulmod
+        #define mxc_exptmod     fp_exptmod
+        #define mxc_sqrmod      fp_sqrmod
+    #elif defined(WOLFSSL_SP_MATH_ALL)
+        #define mxc_mod         sp_mod
+        #define mxc_addmod      sp_addmod
+        #define mxc_submod      sp_submod
+        #define mxc_mulmod      sp_mulmod
+        #define mxc_exptmod     sp_exptmod
+        #define mxc_sqrmod      sp_sqrmod
+    #else
+        #error Need to use WOLFSSL_SP_MATH_ALL
+    #endif
+
+#endif
+
+#ifdef __cplusplus
+    }
+#endif
+
+#endif /* WOLFSSL_MAX32665 || WOLFSSL_MAX32666 */
+#endif /* _WOLFPORT_MAX3266X_H_ */
diff --git a/wolfssl/wolfcrypt/port/maxim/maxq10xx.h b/wolfssl/wolfcrypt/port/maxim/maxq10xx.h
index ecfc56c9c..cb7d15568 100644
--- a/wolfssl/wolfcrypt/port/maxim/maxq10xx.h
+++ b/wolfssl/wolfcrypt/port/maxim/maxq10xx.h
@@ -1,6 +1,6 @@
 /* maxq10xx.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/nrf51.h b/wolfssl/wolfcrypt/port/nrf51.h
index cb379fdf3..964f57939 100644
--- a/wolfssl/wolfcrypt/port/nrf51.h
+++ b/wolfssl/wolfcrypt/port/nrf51.h
@@ -1,6 +1,6 @@
 /* nrf51.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/nxp/dcp_port.h b/wolfssl/wolfcrypt/port/nxp/dcp_port.h
index a09537369..d8b57aa06 100644
--- a/wolfssl/wolfcrypt/port/nxp/dcp_port.h
+++ b/wolfssl/wolfcrypt/port/nxp/dcp_port.h
@@ -1,6 +1,6 @@
 /* dcp_port.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h
index f5bfe0df1..96c48419b 100644
--- a/wolfssl/wolfcrypt/port/nxp/ksdk_port.h
+++ b/wolfssl/wolfcrypt/port/nxp/ksdk_port.h
@@ -1,6 +1,6 @@
 /* ksdk_port.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/nxp/se050_port.h b/wolfssl/wolfcrypt/port/nxp/se050_port.h
index cdeda673c..9e2d18bc2 100644
--- a/wolfssl/wolfcrypt/port/nxp/se050_port.h
+++ b/wolfssl/wolfcrypt/port/nxp/se050_port.h
@@ -1,6 +1,6 @@
 /* se050_port.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -155,13 +155,14 @@ WOLFSSL_LOCAL void se050_aes_free(struct Aes* aes);
 struct WC_RNG;
 struct ecc_key;
 
+#ifdef HAVE_ECC
 WOLFSSL_LOCAL int se050_ecc_use_key_id(struct ecc_key* key, word32 keyId);
 WOLFSSL_LOCAL int se050_ecc_get_key_id(struct ecc_key* key, word32* keyId);
 WOLFSSL_LOCAL int se050_ecc_sign_hash_ex(const byte* in, word32 inLen,
-    mp_int* r, mp_int* s, byte* out, word32 *outLen, struct ecc_key* key);
+    MATH_INT_T* r, MATH_INT_T* s, byte* out, word32 *outLen, struct ecc_key* key);
 
 WOLFSSL_LOCAL int se050_ecc_verify_hash_ex(const byte* hash, word32 hashlen,
-    mp_int* r, mp_int* s, struct ecc_key* key, int* res);
+    MATH_INT_T* r, MATH_INT_T* s, struct ecc_key* key, int* res);
 
 WOLFSSL_LOCAL int se050_ecc_create_key(struct ecc_key* key, int curve_id,
     int keySize);
diff --git a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
index dbedb067f..4607dfaff 100644
--- a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
+++ b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
@@ -1,6 +1,6 @@
 /* pic32mz-crypt.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/psa/psa.h b/wolfssl/wolfcrypt/port/psa/psa.h
index 87b5fb41a..60691ab2e 100644
--- a/wolfssl/wolfcrypt/port/psa/psa.h
+++ b/wolfssl/wolfcrypt/port/psa/psa.h
@@ -1,6 +1,6 @@
 /* psa.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
index 89a84bf6d..e80228f5e 100644
--- a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
+++ b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
@@ -1,6 +1,6 @@
 /* riscv-64-asm.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -137,11 +137,24 @@
              (0b0010011 << 0) |                             \
              (rs << 15) | (rd << 7))
 
+/* Rotate right 32-bit register 5-bit value. */
 #define RORIW(rd, rs, imm)                                  \
     ASM_WORD((0b0110000 << 25) | (0b101 << 12) |            \
              (0b0011011 << 0) |                             \
              (imm << 20) | (rs << 15) | (rd << 7))
 
+/* Rotate right 64-bit register 7-bit value. */
+#define RORI(rd, rs, imm)                                   \
+    ASM_WORD((0b01100 << 27) | (0b101 << 12) |              \
+             (0b0010011 << 0) |                             \
+             ((imm) << 20) | ((rs) << 15) | ((rd) << 7))
+
+/* rs1 and not rs2 into rd. */
+#define ANDN(rd, rs1, rs2)                                  \
+    ASM_WORD((0b0100000 << 25) | (0b111 << 12) |            \
+             (0b0110011 << 0) |                             \
+             ((rs2) << 20) | ((rs1) << 15) | ((rd) << 7))
+
 
 /* rd = rs1[0..31] | rs2[0..31]. */
 #define PACK(rd, rs1, rs2)                                     \
@@ -168,6 +181,23 @@
 /* 32-bit width when loading. */
 #define WIDTH_32  0b110
 
+
+#define VLSEG_V(vd, rs1, cnt, width) \
+    ASM_WORD(0b0000111 | (width << 12) | (0b10101000 << 20) |   \
+        (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15))
+/* Load 8 Vector registers' 64-bit element. */
+#define VLSEG8E64_V(vd, rs1)  VLSEG_V(vd, rs1, 8, WIDTH_64)
+/* Load 1 Vector register's 64-bit element. */
+#define VLSEG1E64_V(vd, rs1)  VLSEG_V(vd, rs1, 1, WIDTH_64)
+
+#define VSSEG_V(vd, rs1, cnt, width) \
+    ASM_WORD(0b0100111 | (width << 12) | (0b10101000 << 20) |   \
+        (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15))
+/* Store 8 Vector registers' 64-bit element. */
+#define VSSEG8E64_V(vd, rs1)  VSSEG_V(vd, rs1, 8, WIDTH_64)
+/* Store 1 Vector register's 64-bit element. */
+#define VSSEG1E64_V(vd, rs1)  VSSEG_V(vd, rs1, 1, WIDTH_64)
+
 /* Load n Vector registers with width-bit components. */
 #define VLRE_V(vd, rs1, cnt, width)                             \
     ASM_WORD(0b0000111 | (width << 12) | (0b00101000 << 20) |   \
@@ -202,15 +232,15 @@
 /* Store 8 Vector register. */
 #define VS8R_V(vs3, rs1)    VSR_V(vs3, rs1, 8)
 
-/* Move from vector register to vector registor. */
+/* Move from vector register to vector register. */
 #define VMV_V_V(vd, vs1)                                        \
     ASM_WORD((0b1010111 << 0) | (0b000 << 12) | (0b1 << 25) |   \
         (0b010111 << 26) | ((vd) << 7) | ((vs1) << 15))
-/* Splat register to each component of the vector registor. */
+/* Splat register to each component of the vector register. */
 #define VMV_V_X(vd, rs1)                                        \
     ASM_WORD((0b1010111 << 0) | (0b100 << 12) | (0b1 << 25) |   \
         (0b010111 << 26) | ((vd) << 7) | ((rs1) << 15))
-/* Splat immediate to each component of the vector registor. */
+/* Splat immediate to each component of the vector register. */
 #define VMV_V_I(vd, imm)                                        \
     ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) |   \
         (0b010111 << 26) | ((vd) << 7) | ((imm) << 15))
@@ -225,11 +255,21 @@
  * Logic
  */
 
+/* vd = vs2 << rs1 */
+#define VSLL_VX(vd, vs2, rs1)                       \
+    ASM_WORD((0b100101 << 26) | (0b1 << 25) |       \
+             (0b100 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (rs1 << 15) | (vs2 << 20))
 /* vd = vs2 << uimm */
 #define VSLL_VI(vd, vs2, uimm)                      \
     ASM_WORD((0b100101 << 26) | (0b1 << 25) |       \
              (0b011 << 12) | (0b1010111 << 0) |     \
              (vd << 7) | (uimm << 15) | (vs2 << 20))
+/* vd = vs2 >> rs1 */
+#define VSRL_VX(vd, vs2, rs1)                       \
+    ASM_WORD((0b101000 << 26) | (0b1 << 25) |       \
+             (0b100 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (rs1 << 15) | (vs2 << 20))
 /* vd = vs2 >> uimm */
 #define VSRL_VI(vd, vs2, uimm)                      \
     ASM_WORD((0b101000 << 26) | (0b1 << 25) |       \
@@ -257,6 +297,14 @@
     ASM_WORD((0b001011 << 26) | (0b1 << 25) |       \
              (0b000 << 12) | (0b1010111 << 0) |     \
              (vd << 7) | (vs1 << 15) | (vs2 << 20))
+/* vd = imm ^ vs2 */
+#define VXOR_VI(vd, vs2, imm)                       \
+    ASM_WORD((0b001011 << 26) | (0b1 << 25) |       \
+             (0b011 << 12) | (0b1010111 << 0) |     \
+             (vd << 7) | (imm << 15) | (vs2 << 20))
+/* vd = ~vs */
+#define VNOT_V(vd, vs)  VXOR_VI(vd, vs, 0b11111)
+
 /* vd = vs1 & vs2 */
 #define VAND_VV(vd, vs1, vs2)                       \
     ASM_WORD((0b001001 << 26) | (0b1 << 25) |       \
@@ -286,6 +334,13 @@
              (vs2 << 20) | (vs1 << 15) | (vd << 7))
 
 
+#define VMERGE_VVM(vd, vs2, vs1)                    \
+    ASM_WORD((0b010111 << 26) | (0b0 << 25) |       \
+             (0b000 << 12) | (0b1010111 << 0) |     \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
+
+
+
 /*
  * Permute
  */
@@ -348,18 +403,29 @@
  * Vector Bit Manipulation
  */
 
-/* Reverse order of bytes in words of vector regsiter. */
+/* Reverse order of bytes in words of vector register. */
 #define VREV8(vd, vs2) \
     ASM_WORD((0b010010 << 26) | (0b1 << 25) | (0b01001<< 15) | \
              (0b010 << 12) | (0b1010111 << 0) |                \
              (vs2 << 20) | (vd << 7))
 
-/* Reverse order of bytes in words of vector regsiter. */
+/* Rotate left bits of vector register. */
+#define VROL_VX(vd, vs2, rs) \
+    ASM_WORD((0b010101 << 26) | (0b1 << 25) | (0b100 << 12) |    \
+             (0b1010111 << 0) |                                  \
+             (vs2 << 20) | (rs << 15) | (vd << 7))
+
+/* Rotate right bits of vector register. */
 #define VROR_VI(vd, imm, vs2) \
     ASM_WORD((0b01010 << 27) | (0b1 << 25) | (0b011 << 12) |    \
              (0b1010111 << 0) | ((imm >> 5) << 26) |            \
              (vs2 << 20) | ((imm & 0x1f) << 15) | (vd << 7))
 
+/* Vector ANDN - vd = ~vs1 & vs2. */
+#define VANDN_VV(vd, vs1, vs2) \
+    ASM_WORD((0b000001 << 26) | (0b1 << 25) | (0b000 << 12) |    \
+             (0b1010111 << 0) |                                  \
+             (vs2 << 20) | (vs1 << 15) | (vd << 7))
 
 #endif /* WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION ||
         * WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */
diff --git a/wolfssl/wolfcrypt/port/rpi_pico/pico.h b/wolfssl/wolfcrypt/port/rpi_pico/pico.h
new file mode 100644
index 000000000..f43e371bf
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/rpi_pico/pico.h
@@ -0,0 +1,29 @@
+/* pico.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _WOLFPORT_RPIPICO_H_
+#define _WOLFPORT_RPIPICO_H_
+#if defined(WOLFSSL_RPIPICO)
+
+WOLFSSL_LOCAL int wc_pico_rng_gen_block(unsigned char* output, unsigned int sz);
+
+#endif /* WOLFSSL_RPPICO */
+#endif /* _WOLFPORT_RPIPICO_H_ */
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_aes.h b/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
index b82b54d24..ae5164b3e 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
@@ -1,6 +1,6 @@
 /* silabs_aes.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h b/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h
index e8d94ae08..aa4eb7642 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h
@@ -1,6 +1,6 @@
 /* silabs_ecc.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_hash.h b/wolfssl/wolfcrypt/port/silabs/silabs_hash.h
index e4e7b7d9a..3d9f85ed3 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_hash.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_hash.h
@@ -1,6 +1,6 @@
 /* silabs_hash.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_random.h b/wolfssl/wolfcrypt/port/silabs/silabs_random.h
index c804417e5..465f6643b 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_random.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_random.h
@@ -1,6 +1,6 @@
 /* silabs_random.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h
index 7e9faff67..94195f60e 100644
--- a/wolfssl/wolfcrypt/port/st/stm32.h
+++ b/wolfssl/wolfcrypt/port/st/stm32.h
@@ -1,6 +1,6 @@
 /* stm32.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,13 +35,22 @@
 #ifdef HASH_DIGEST
     /* The HASH_DIGEST register indicates SHA224/SHA256 support */
     #define STM32_HASH_SHA2
-    #if defined(WOLFSSL_STM32H5)
+    #if defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32MP13)
         #define HASH_CR_SIZE    103
         #define HASH_MAX_DIGEST 64 /* Up to SHA512 */
     #else
         #define HASH_CR_SIZE    54
         #define HASH_MAX_DIGEST 32
     #endif
+    #if defined(WOLFSSL_STM32MP13) || defined(WOLFSSL_STM32H7S)
+        #define STM32_HASH_SHA512
+        #define STM32_HASH_SHA512_224
+        #define STM32_HASH_SHA512_256
+        #define STM32_HASH_SHA384
+    #endif
+    #if defined(WOLFSSL_STM32MP13)
+        #define STM32_HASH_SHA3
+    #endif
 #else
     #define HASH_CR_SIZE    50
     #define HASH_MAX_DIGEST 20
@@ -69,7 +78,15 @@
 
 /* STM32 register size in bytes */
 #define STM32_HASH_REG_SIZE  4
-#define STM32_HASH_FIFO_SIZE 16 /* FIFO is 16 deep 32-bits wide */
+/* Maximum FIFO buffer is 64 bits for SHA256, 128 bits for SHA512 and 144 bits
+ * for SHA3 */
+#if defined(STM32_HASH_SHA3)
+    #define STM32_HASH_FIFO_SIZE 36
+#elif defined(STM32_HASH_SHA512) || defined(STM32_HASH_SHA384)
+    #define STM32_HASH_FIFO_SIZE 32
+#else
+    #define STM32_HASH_FIFO_SIZE 16
+#endif
 
 /* STM32 Hash Context */
 typedef struct {
@@ -78,6 +95,9 @@ typedef struct {
     uint32_t HASH_STR;
     uint32_t HASH_CR;
     uint32_t HASH_CSR[HASH_CR_SIZE];
+#ifdef STM32_HASH_SHA3
+    uint32_t SHA3CFGR;
+#endif
 
     /* Hash state / buffers */
     word32 buffer[STM32_HASH_FIFO_SIZE+1]; /* partial word buffer */
@@ -100,16 +120,35 @@ int  wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
 
 #ifdef STM32_CRYPTO
 
+#if defined(WOLFSSL_STM32MP13)
+    #define RNG RNG1
+    #define CRYP CRYP1
+    #define hcryp hcryp1
+    #define FORMAT_BIN RTC_FORMAT_BIN
+    #define __HAL_RCC_RNG_CLK_ENABLE __HAL_RCC_RNG1_CLK_ENABLE
+    #define __HAL_RCC_HASH_CLK_ENABLE __HAL_RCC_HASH1_CLK_ENABLE
+    #define __HAL_RCC_HASH_CLK_DISABLE __HAL_RCC_HASH1_CLK_DISABLE
+    /* From stm32_hal_legacy.h, but that header has a bug in it */
+    #define HASH_AlgoSelection_MD5       HASH_ALGOSELECTION_MD5
+    #define HASH_AlgoSelection_SHA1      HASH_ALGOSELECTION_SHA1
+    #define HASH_AlgoSelection_SHA224    HASH_ALGOSELECTION_SHA224
+    #define HASH_AlgoSelection_SHA256    HASH_ALGOSELECTION_SHA256
+
+    #define STM32_NOMD5 /* The HASH HAL has no MD5 implementation */
+#endif
+
 #ifndef NO_AES
     #if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \
             defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || \
             defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7) || \
-            defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5))
+            defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5) || \
+            defined(WOLFSSL_STM32MP13) || defined(WOLFSSL_STM32H7S))
         /* Hardware supports AES GCM acceleration */
         #define STM32_CRYPTO_AES_GCM
     #endif
 
-    #if defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32WL)
+    #if defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32WL) || \
+        defined(WOLFSSL_STM32WBA)
         #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */
         #ifdef WOLFSSL_STM32WB
             #define CRYP AES1
@@ -136,8 +175,9 @@ int  wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
     /* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */
     #if !defined(STM32_HAL_V2) && defined(CRYP_AES_GCM) && \
         (defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5) || \
-         defined(WOLFSSL_STM32H7) || defined(WOLFSSL_STM32U5)) || \
-         defined(WOLFSSL_STM32H5)
+         defined(WOLFSSL_STM32H7) || defined(WOLFSSL_STM32U5) || \
+         defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32MP13) || \
+         defined(WOLFSSL_STM32H7S))
         #define STM32_HAL_V2
     #endif
 
@@ -148,6 +188,14 @@ int  wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
         #define STM_CRYPT_TYPE uint8_t
     #endif
 
+    /* newer crypt HAL requires auth header size as 4 bytes (word) */
+    #if defined(CRYP_HEADERWIDTHUNIT_BYTE) && \
+        !defined(WOLFSSL_STM32MP13) && !defined(WOLFSSL_STM32H7S)
+        #define STM_CRYPT_HEADER_WIDTH 1
+    #else
+        #define STM_CRYPT_HEADER_WIDTH 4
+    #endif
+
     /* CRYPT_AES_GCM starts the IV with 2 */
     #define STM32_GCM_IV_START 2
 
diff --git a/wolfssl/wolfcrypt/port/st/stsafe.h b/wolfssl/wolfcrypt/port/st/stsafe.h
index c5ba072b9..eb429f4c2 100644
--- a/wolfssl/wolfcrypt/port/st/stsafe.h
+++ b/wolfssl/wolfcrypt/port/st/stsafe.h
@@ -1,6 +1,6 @@
 /* stsafe.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/ti/ti-ccm.h b/wolfssl/wolfcrypt/port/ti/ti-ccm.h
index 05d1e4e8d..9b8563da1 100644
--- a/wolfssl/wolfcrypt/port/ti/ti-ccm.h
+++ b/wolfssl/wolfcrypt/port/ti/ti-ccm.h
@@ -1,6 +1,6 @@
 /* port/ti/ti_ccm.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/ti/ti-hash.h b/wolfssl/wolfcrypt/port/ti/ti-hash.h
index 65a1ff684..8fef5d8b6 100644
--- a/wolfssl/wolfcrypt/port/ti/ti-hash.h
+++ b/wolfssl/wolfcrypt/port/ti/ti-hash.h
@@ -1,6 +1,6 @@
 /* port/ti/ti-hash.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h b/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h
index f6c06cd0c..7cf52dbf5 100644
--- a/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h
+++ b/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h
@@ -1,6 +1,6 @@
 /* xil-sha3.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h b/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h
index 718d665f7..043ebf418 100644
--- a/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h
+++ b/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h
@@ -1,6 +1,6 @@
 /* xil-versal-glue.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h b/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h
index 26a9e17d2..538c34924 100644
--- a/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h
+++ b/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h
@@ -1,6 +1,6 @@
 /* xil-versal-trng.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/pwdbased.h b/wolfssl/wolfcrypt/pwdbased.h
index 9535b0ac7..9013401f1 100644
--- a/wolfssl/wolfcrypt/pwdbased.h
+++ b/wolfssl/wolfcrypt/pwdbased.h
@@ -1,6 +1,6 @@
 /* pwdbased.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
index cc4c79797..3b4533e0d 100644
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@@ -1,6 +1,6 @@
 /* random.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/rc2.h b/wolfssl/wolfcrypt/rc2.h
index 22b2ad147..22eb58111 100644
--- a/wolfssl/wolfcrypt/rc2.h
+++ b/wolfssl/wolfcrypt/rc2.h
@@ -1,6 +1,6 @@
 /* rc2.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/ripemd.h b/wolfssl/wolfcrypt/ripemd.h
index d1a0e6fcd..54ede0dbe 100644
--- a/wolfssl/wolfcrypt/ripemd.h
+++ b/wolfssl/wolfcrypt/ripemd.h
@@ -1,6 +1,6 @@
 /* ripemd.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h
index 5db1a23c2..a01e18d9f 100644
--- a/wolfssl/wolfcrypt/rsa.h
+++ b/wolfssl/wolfcrypt/rsa.h
@@ -1,6 +1,6 @@
 /* rsa.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -103,7 +103,11 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
 #endif
 
 #ifndef RSA_MIN_SIZE
-#define RSA_MIN_SIZE 1024
+    #if defined(HAVE_WOLFENGINE) || defined(HAVE_WOLFPROVIDER)
+        #define RSA_MIN_SIZE 1024
+    #else
+        #define RSA_MIN_SIZE 2048
+    #endif
 #endif
 
 #ifndef RSA_MAX_SIZE
@@ -165,8 +169,12 @@ enum {
     RSA_PSS_SALT_MAX_SZ = 62,
 
 #ifdef OPENSSL_EXTRA
-    RSA_PKCS1_PADDING_SIZE = 11,
-    RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */
+    WC_RSA_PKCS1_PADDING_SIZE = 11,
+    WC_RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */
+    #ifndef OPENSSL_COEXIST
+        #define RSA_PKCS1_PADDING_SIZE WC_RSA_PKCS1_PADDING_SIZE
+        #define RSA_PKCS1_OAEP_PADDING_SIZE WC_RSA_PKCS1_OAEP_PADDING_SIZE
+    #endif
 #endif
 #ifdef WC_RSA_PSS
     RSA_PSS_PAD_TERM = 0xBC,
@@ -274,9 +282,28 @@ struct RsaKey {
 
 #endif /* HAVE_FIPS */
 
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+struct RsaPadding {
+    byte pad_value;
+    int pad_type;
+    enum wc_HashType hash;
+    int mgf;
+    byte* label;
+    word32 labelSz;
+    int saltLen;
+    int unpadded;
+};
+typedef struct RsaPadding RsaPadding;
+#endif
+
 WOLFSSL_API int  wc_InitRsaKey(RsaKey* key, void* heap);
 WOLFSSL_API int  wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
 WOLFSSL_API int  wc_FreeRsaKey(RsaKey* key);
+#ifndef WC_NO_CONSTRUCTORS
+WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code);
+WOLFSSL_API int  wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p);
+#endif
+
 #ifdef WOLF_PRIVATE_KEY_ID
 WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len,
                                  void* heap, int devId);
@@ -413,7 +440,7 @@ WOLFSSL_API int  wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
 WOLFSSL_API int  wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
                       byte** out, RsaKey* key, int type, enum wc_HashType hash,
                       int mgf, byte* label, word32 labelSz);
-#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)
+#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
                    RsaKey* key, int type, WC_RNG* rng);
 #endif
diff --git a/wolfssl/wolfcrypt/sakke.h b/wolfssl/wolfcrypt/sakke.h
index 68b24c3c6..3ba79687e 100644
--- a/wolfssl/wolfcrypt/sakke.h
+++ b/wolfssl/wolfcrypt/sakke.h
@@ -1,6 +1,6 @@
 /* sakke.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -64,15 +64,15 @@ typedef struct SakkeKeyParams {
     ecc_point* base;
 
     /** Bit indicate prime is set as an MP integer in SAKKE key. */
-    byte havePrime:1;
+    WC_BITFIELD havePrime:1;
     /** Bit indicates q (order) is set as an MP integer in SAKKE key. */
-    byte haveQ:1;
+    WC_BITFIELD haveQ:1;
     /** Bit indicates g (pairing base) is set as an MP integer in SAKKE key. */
-    byte haveG:1;
+    WC_BITFIELD haveG:1;
     /** Bit indicates a is set as an MP integer in SAKKE key. */
-    byte haveA:1;
+    WC_BITFIELD haveA:1;
     /** Bit indicates base point is set as an ECC point in SAKKE key. */
-    byte haveBase:1;
+    WC_BITFIELD haveBase:1;
 } SakkeKeyParams;
 
 /** Temporary values to use in SAKKE calculations. */
@@ -116,7 +116,7 @@ typedef struct SakkeKeyRsk {
     /** Length of table */
     word32 tableLen;
     /** Indicates whether an RSK value has been set. */
-    byte set:1;
+    WC_BITFIELD set:1;
 } SakkeKeyRsk;
 #endif
 
@@ -153,9 +153,9 @@ typedef struct SakkeKey {
     void* heap;
 
     /** Bit indicates Z, public key, is in montgomery form. */
-    byte zMont:1;
+    WC_BITFIELD zMont:1;
     /** Bit indicate MP integers have been initialized. */
-    byte mpInit:1;
+    WC_BITFIELD mpInit:1;
 } SakkeKey;
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/selftest.h b/wolfssl/wolfcrypt/selftest.h
index 198013be5..08b88846c 100644
--- a/wolfssl/wolfcrypt/selftest.h
+++ b/wolfssl/wolfcrypt/selftest.h
@@ -1,6 +1,6 @@
 /* selftest.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index ab068cff6..21e0d1166 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -1,6 +1,6 @@
 /* settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -20,24 +20,19 @@
  */
 
 /*
- *   ************************************************************************
+ *   Note, this file should not be edited to activate/deactivate features.
  *
- *   ******************************** NOTICE ********************************
- *
- *   ************************************************************************
- *
- *   This method of uncommenting a line in settings.h is outdated.
- *
- *   Please use user_settings.h / WOLFSSL_USER_SETTINGS
+ *   Instead, add/edit user_settings.h, and compile with -DWOLFSSL_USER_SETTINGS
  *
  *         or
  *
- *   ./configure CFLAGS="-DFLAG"
+ *   ./configure CFLAGS="-DFEATURE_FLAG_TO_DEFINE -UFEATURE_FLAG_TO_CLEAR [...]"
+ *
+ *   To build using a custom configuration method, define WOLFSSL_CUSTOM_CONFIG
  *
  *   For more information see:
  *
  *   https://www.wolfssl.com/how-do-i-manage-the-build-configuration-of-wolfssl/
- *
  */
 
 
@@ -52,11 +47,20 @@
     extern "C" {
 #endif
 
-/* This flag allows wolfSSL to include options.h instead of having client
- * projects do it themselves. This should *NEVER* be defined when building
- * wolfSSL as it can cause hard to debug problems. */
-#if defined(EXTERNAL_OPTS_OPENVPN) || defined(WOLFSSL_USE_OPTIONS_H)
-#include <wolfssl/options.h>
+#if defined(TEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE) && \
+    defined(BUILDING_WOLFSSL) && !defined(LIBWOLFSSL_SOURCES_H) && \
+    !defined(LIBWOLFSSL_SOURCES_ASM_H)
+    #error settings.h included before libwolfssl_sources[_asm].h.
+#endif
+
+/* WOLFSSL_USE_OPTIONS_H directs wolfSSL to include options.h on behalf of
+ * application code, rather than the application including it directly.  This is
+ * not defined when compiling wolfSSL library objects, which are configured
+ * through CFLAGS.
+ */
+#if (defined(EXTERNAL_OPTS_OPENVPN) || defined(WOLFSSL_USE_OPTIONS_H)) && \
+    !defined(WOLFSSL_NO_OPTIONS_H)
+    #include <wolfssl/options.h>
 #endif
 
 /* Uncomment next line if using IPHONE */
@@ -262,16 +266,23 @@
 /* Uncomment next line if building for Dolphin Emulator */
 /* #define DOLPHIN_EMULATOR */
 
+/* Uncomment next line if building for WOLFSSL_NDS */
+/* #define WOLFSSL_NDS */
+
 /* Uncomment next line if using MAXQ1065 */
 /* #define WOLFSSL_MAXQ1065 */
 
 /* Uncomment next line if using MAXQ108x */
 /* #define WOLFSSL_MAXQ108X */
 
+/* Uncomment next line if using Raspberry Pi RP2040 or RP2350 */
+/* #define WOLFSSL_RPIPICO */
+
 /* Check PLATFORMIO first, as it may define other known environments. */
 #ifdef PLATFORMIO
     #ifdef ESP_PLATFORM
         /* Turn on the wolfSSL ESPIDF flag for the PlatformIO ESP-IDF detect */
+        #undef  WOLFSSL_ESPIDF
         #define WOLFSSL_ESPIDF
     #endif /* ESP_PLATFORM */
 
@@ -317,6 +328,13 @@
     #endif
 #endif
 
+#if !defined(WOLFSSL_CUSTOM_CONFIG) && \
+    ((defined(BUILDING_WOLFSSL) && defined(WOLFSSL_USE_OPTIONS_H)) || \
+     (defined(BUILDING_WOLFSSL) && defined(WOLFSSL_OPTIONS_H) &&      \
+     !defined(EXTERNAL_OPTS_OPENVPN)))
+    #warning wolfssl/options.h included in compiled wolfssl library object.
+#endif
+
 #ifdef WOLFSSL_USER_SETTINGS
     #include "user_settings.h"
 #elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H)
@@ -326,11 +344,32 @@
     /* NOTE: cyassl_nucleus_defs.h is akin to user_settings.h */
     #include "nucleus.h"
     #include "os/networking/ssl/lite/cyassl_nucleus_defs.h"
+#elif !defined(BUILDING_WOLFSSL) && !defined(WOLFSSL_OPTIONS_H) && \
+      !defined(WOLFSSL_NO_OPTIONS_H) && !defined(WOLFSSL_CUSTOM_CONFIG)
+    /* This warning indicates that wolfSSL features may not have been properly
+     * configured before other wolfSSL headers were included. If you are using
+     * an alternative configuration method -- e.g. custom header, or CFLAGS in
+     * an application build -- then your application can avoid this warning by
+     * defining WOLFSSL_NO_OPTIONS_H or WOLFSSL_CUSTOM_CONFIG as appropriate.
+     */
+    #warning "No configuration for wolfSSL detected, check header order"
 #endif
 
 #include <wolfssl/wolfcrypt/visibility.h>
 
 /*------------------------------------------------------------*/
+#if defined(WOLFSSL_FIPS_READY) || defined(WOLFSSL_FIPS_DEV)
+    #undef HAVE_FIPS_VERSION_MAJOR
+    #define HAVE_FIPS_VERSION_MAJOR 7 /* always one more than major version */
+                                      /* of most recent FIPS certificate */
+    #undef HAVE_FIPS_VERSION
+    #define HAVE_FIPS_VERSION HAVE_FIPS_VERSION_MAJOR
+    #undef HAVE_FIPS_VERSION_MINOR
+    #define HAVE_FIPS_VERSION_MINOR 0 /* always 0 */
+    #undef HAVE_FIPS_VERSION_PATCH
+    #define HAVE_FIPS_VERSION_PATCH 0 /* always 0 */
+#endif
+
 #define WOLFSSL_MAKE_FIPS_VERSION3(major, minor, patch) \
                                 (((major) * 65536) + ((minor) * 256) + (patch))
 #define WOLFSSL_MAKE_FIPS_VERSION(major, minor) \
@@ -403,6 +442,11 @@
     #undef WC_RSA_BLINDING
 #endif
 
+/* old FIPS has only AES_BLOCK_SIZE. */
+#if !defined(NO_AES) && (defined(HAVE_SELFTEST) || \
+     (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)))
+    #define WC_AES_BLOCK_SIZE AES_BLOCK_SIZE
+#endif /* !NO_AES && (HAVE_SELFTEST || FIPS_VERSION3_LT(6,0,0)) */
 
 #ifdef WOLFSSL_HARDEN_TLS
     #if WOLFSSL_HARDEN_TLS != 112 && WOLFSSL_HARDEN_TLS != 128
@@ -469,6 +513,16 @@
     #include <nx_api.h>
 #endif
 
+
+#ifdef WOLFSSL_NDS
+    #include <stddef.h>
+    #define SIZEOF_LONG_LONG 8
+    #define socklen_t int
+    #define IPPROTO_UDP 17
+    #define IPPROTO_TCP 6
+    #define NO_WRITEV
+#endif
+
 #if defined(ARDUINO)
     #if defined(ESP32)
         #ifndef NO_ARDUINO_DEFAULT
@@ -498,6 +552,318 @@
 
 #if defined(WOLFSSL_ESPIDF)
     #define SIZEOF_LONG_LONG 8
+
+    #ifndef WOLFSSL_MAX_ERROR_SZ
+        /* Espressif paths can be quite long. Ensure error prints full path. */
+        #define WOLFSSL_MAX_ERROR_SZ 200
+    #endif
+
+    /* Parse any Kconfig / menuconfig items into wolfSSL macro equivalents.
+     * Macros may or may not be defined. If defined, they may have a value of
+     *
+     *   0 - not enabled (also the equivalent of not defined)
+     *   1 - enabled
+     *
+     * The naming convention is generally an exact match of wolfSSL macros
+     * in the Kconfig file. At cmake time, the Kconfig is processed and an
+     * sdkconfig.h file is created by the ESP-IDF. Any configured options are
+     * named CONFIG_[Kconfig name] and thus CONFIG_[macro name]. Those that
+     * are expected to be ESP-IDF specific and may be ambiguous can named
+     * with an ESP prefix, for example CONFIG_[ESP_(Kconfig name)]
+     *
+     * Note there are some inconsistent macro names that may have been
+     * used in the esp-wolfssl or other places in the ESP-IDF. They should
+     * be always be included for backward compatibility.
+     *
+     * See also: Espressif api-reference kconfig docs.
+     *
+     * These settings should be checked and assigned wolfssl equivalents before
+     * any others.
+     *
+     * Only the actual config settings should be defined here. Any others that
+     * may be application specific should be conditionally defined in the
+     * respective user_settings.h file.
+     *
+     * See the template example for reference:
+     * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template
+     *
+     * Reminder that by the time we are here, the user_settings.h has already
+     * been processed. The following settings are additive; Enabled settings
+     * from user_settings are not disabled here.
+     */
+    #if defined(CONFIG_ESP_WOLFSSL_TEST_LOOP) && \
+                CONFIG_ESP_WOLFSSL_TEST_LOOP
+        #define            WOLFSSL_TEST_LOOP 1
+    #else
+        #define            WOLFSSL_TEST_LOOP 0
+    #endif
+    #if (defined(CONFIG_DEBUG_WOLFSSL) &&             \
+                 CONFIG_DEBUG_WOLFSSL) ||             \
+        (defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL) && \
+                 CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL  )
+        #define                     DEBUG_WOLFSSL
+    #endif
+    #if defined(CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH) && \
+                CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH
+        #define            WOLFSSL_ENABLE_WOLFSSH
+    #endif
+    #if (defined(CONFIG_TEST_ESPIDF_ALL_WOLFSSL) && \
+                 CONFIG_TEST_ESPIDF_ALL_WOLFSSL   )
+        #define         TEST_ESPIDF_ALL_WOLFSSL
+    #endif
+    #if (defined(CONFIG_WOLFSSL_ALT_CERT_CHAINS) && \
+                 CONFIG_WOLFSSL_ALT_CERT_CHAINS   )
+        #define         WOLFSSL_ALT_CERT_CHAINS
+    #endif
+    #if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) && \
+                CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL
+        #define        WOLFSSL_ASN_ALLOW_0_SERIAL
+    #endif
+    #if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && \
+                CONFIG_WOLFSSL_NO_ASN_STRICT
+        #define        WOLFSSL_NO_ASN_STRICT
+    #endif
+    #if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) && \
+                CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE
+        #define        WOLFSSL_DEBUG_CERT_BUNDLE
+    #endif
+    #if defined(CONFIG_USE_WOLFSSL_ESP_SDK_TIME) && \
+                CONFIG_USE_WOLFSSL_ESP_SDK_TIME
+        #define        USE_WOLFSSL_ESP_SDK_TIME
+    #endif
+    #if defined(CONFIG_USE_WOLFSSL_ESP_SDK_WIFI) && \
+                CONFIG_USE_WOLFSSL_ESP_SDK_WIFI
+        #define        USE_WOLFSSL_ESP_SDK_WIFI
+    #endif
+    #if defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) && \
+                CONFIG_WOLFSSL_APPLE_HOMEKIT
+        #define        WOLFSSL_APPLE_HOMEKIT
+    #endif
+    #if defined(CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS) && \
+                CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+        #define            WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+    #endif
+    #if defined(CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) && \
+                CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+        #define            WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+    #endif
+
+    #if defined(CONFIG_TLS_STACK_WOLFSSL)
+        /* When using ESP-TLS, some old algorithms such as SHA1 are no longer
+         * enabled in wolfSSL, except for the OpenSSL compatibility. So enable
+         * that here: */
+        #define OPENSSL_EXTRA
+    #endif
+
+    /* Optional Apple HomeKit support. See below for related sanity checks. */
+    #if defined(WOLFSSL_APPLE_HOMEKIT)
+        /* SRP is known to need 8K; slow on some devices */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS (8192 * 2)
+        #define WOLFCRYPT_HAVE_SRP
+        #define HAVE_CHACHA
+        #define HAVE_POLY1305
+        #define WOLFSSL_BASE64_ENCODE
+        #define HAVE_HKDF
+        #define WOLFSSL_SHA512
+     #endif
+
+    /* Enable benchmark code via menuconfig, or when not otherwise disable: */
+    #ifdef CONFIG_ESP_WOLFSSL_ENABLE_BENCHMARK
+        #ifdef NO_CRYPT_BENCHMARK
+            #pragma message("Benchmark conflict:")
+            #pragma message("-- NO_CRYPT_BENCHMARK defined.")
+            #pragma message("-- CONFIG_WOLFSSL_ENABLE_BENCHMARK also defined.")
+            #pragma message("-- NO_CRYPT_BENCHMARK will be undefined.")
+            #undef NO_CRYPT_BENCHMARK
+        #endif
+    #endif
+
+    #if !defined(NO_CRYPT_BENCHMARK) || \
+         defined(CONFIG_ESP_WOLFSSL_ENABLE_BENCHMARK)
+
+        #define BENCH_EMBEDDED
+        #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
+
+        /* See wolfcrypt/benchmark/benchmark.c for debug and other settings: */
+
+        /* Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) */
+        #ifdef CONFIG_ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
+            #define DEBUG_WOLFSSL_BENCHMARK_TIMING
+        #endif
+
+        /* Turn on timer debugging (used when CPU cycles not available) */
+        #ifdef CONFIG_ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
+            #define WOLFSSL_BENCHMARK_TIMER_DEBUG
+        #endif
+    #endif
+
+    /* Typically only used in tests, but available to all apps is
+     * the "enable all" feature: */
+    #if defined(TEST_ESPIDF_ALL_WOLFSSL)
+        #define WOLFSSL_MD2
+        #define HAVE_BLAKE2
+        #define HAVE_BLAKE2B
+        #define HAVE_BLAKE2S
+
+        #define WC_RC2
+        #define WOLFSSL_ALLOW_RC4
+
+        #define HAVE_POLY1305
+
+        #define WOLFSSL_AES_128
+        #define WOLFSSL_AES_OFB
+        #define WOLFSSL_AES_CFB
+        #define WOLFSSL_AES_XTS
+
+        /* #define WC_SRTP_KDF */
+        /* TODO Causes failure with Espressif AES HW Enabled */
+        /* #define HAVE_AES_ECB */
+        /* #define HAVE_AESCCM  */
+        /* TODO sanity check when missing HAVE_AES_ECB */
+        #define WOLFSSL_WOLFSSH
+
+        #define HAVE_AESGCM
+        #define WOLFSSL_AES_COUNTER
+
+        #define HAVE_FFDHE
+        #define HAVE_FFDHE_2048
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            /* TODO Full size SRP is disabled on the ESP8266 at this time.
+             * Low memory issue? */
+            #define WOLFCRYPT_HAVE_SRP
+            /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #elif defined(CONFIG_IDF_TARGET_ESP32)   || \
+              defined(CONFIG_IDF_TARGET_ESP32S2) || \
+              defined(CONFIG_IDF_TARGET_ESP32S3)
+            #define WOLFCRYPT_HAVE_SRP
+            #define FP_MAX_BITS (8192 * 2)
+        #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
+              defined(CONFIG_IDF_TARGET_ESP32H2)
+            /* SRP Known to be working on this target::*/
+            #define WOLFCRYPT_HAVE_SRP
+            #define FP_MAX_BITS (8192 * 2)
+        #else
+            /* For everything else, give a try and see if SRP working: */
+            #define WOLFCRYPT_HAVE_SRP
+            #define FP_MAX_BITS (8192 * 2)
+        #endif
+
+        #define HAVE_DH
+
+        /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
+         * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
+        /* #define HAVE_CAMELLIA */
+
+        /* DSA requires old SHA */
+        #define HAVE_DSA
+
+        /* Needs SHA512 ? */
+        #define HAVE_HPKE
+
+        /* Not for Espressif? */
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP32H2) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+
+            #if defined(CONFIG_IDF_TARGET_ESP8266)
+                #undef HAVE_ECC
+                #undef HAVE_ECC_CDH
+                #undef HAVE_CURVE25519
+
+                #ifdef HAVE_CHACHA
+                    #error "HAVE_CHACHA not supported on ESP8266"
+                #endif
+                #ifdef HAVE_XCHACHA
+                    #error "HAVE_XCHACHA not supported on ESP8266"
+                #endif
+            #else
+                #define HAVE_XCHACHA
+                #define HAVE_CHACHA
+                /* TODO Not enabled at this time, needs further testing:
+                 *   #define WC_SRTP_KDF
+                 *   #define HAVE_COMP_KEY
+                 *   #define WOLFSSL_HAVE_XMSS
+                 */
+            #endif
+            /* TODO AES-EAX needs stesting on this platform */
+
+            /* Optionally disable DH
+             *   #undef HAVE_DH
+             *   #undef HAVE_FFDHE
+             */
+
+            /* ECC_SHAMIR out of memory on ESP32-C2 during ECC  */
+            #ifndef HAVE_ECC
+                #define ECC_SHAMIR
+            #endif
+        #else
+            #define WOLFSSL_AES_EAX
+
+            #define ECC_SHAMIR
+        #endif
+
+        /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
+        /* #define WOLFSSL_CAAM      */
+        /* #define WOLFSSL_CAAM_BLOB */
+
+        #define WOLFSSL_AES_SIV
+        #define WOLFSSL_CMAC
+
+        #define WOLFSSL_CERT_PIV
+
+        /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
+        /* #define HAVE_SCRYPT */
+        #define SCRYPT_TEST_ALL
+        #define HAVE_X963_KDF
+    #endif
+
+    /* Optionally enable some wolfSSH settings via compiler def or Kconfig */
+    #if defined(ESP_ENABLE_WOLFSSH)
+        /* The default SSH Windows size is massive for an embedded target.
+         * Limit it: */
+        #define DEFAULT_WINDOW_SZ 2000
+
+        /* These may be defined in cmake for other examples: */
+        #undef  WOLFSSH_TERM
+        #define WOLFSSH_TERM
+
+        #if defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSH)
+            /* wolfSSH debugging enabled via Kconfig / menuconfig */
+            #undef  DEBUG_WOLFSSH
+            #define DEBUG_WOLFSSH
+        #endif
+
+        #undef  WOLFSSL_KEY_GEN
+        #define WOLFSSL_KEY_GEN
+
+        #undef  WOLFSSL_PTHREADS
+        #define WOLFSSL_PTHREADS
+
+        #define WOLFSSH_TEST_SERVER
+        #define WOLFSSH_TEST_THREADING
+
+    #endif /* ESP_ENABLE_WOLFSSH */
+
+    /* ML-KEM.  */
+    #ifdef CONFIG_ESP_WOLFSSL_ENABLE_KYBER
+        #define CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
+    #endif
+    #ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
+        /* Kyber typically needs a minimum 10K stack */
+        #define WOLFSSL_HAVE_MLKEM
+        #define WOLFSSL_WC_MLKEM
+        #define WOLFSSL_SHA3
+        #if defined(CONFIG_IDF_TARGET_ESP8266)
+            /* With limited RAM, we'll disable some of the Kyber sizes: */
+            #define WOLFSSL_NO_ML_KEM_1024
+            #define WOLFSSL_NO_ML_KEM_768
+            #define NO_SESSION_CACHE
+        #endif
+    #endif
+
     #ifndef NO_ESPIDF_DEFAULT
         #define FREERTOS
         #define WOLFSSL_LWIP
@@ -607,13 +973,69 @@
         #undef  HAVE_AESGCM
         #define HAVE_AESGCM
     #endif /* SM */
+
 #endif /* defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) */
+    /* Final device-specific hardware settings. user_settings.h loaded above. */
+
+    /* Counters for RSA wait timeout. CPU and frequency specific. */
+    #define ESP_RSA_WAIT_TIMEOUT_CNT          0x000020
+    #if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32S2)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32S3)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            /* Observed: 0xAE8C8F @ 80MHz */
+            #define ESP_RSA_TIMEOUT_CNT      0xAF0000
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* See also CONFIG_IDF_TARGET_ESP8684 equivalent */
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32C3)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            /* Observed: 0x2624B2 @ 80MHz */
+            #define ESP_RSA_TIMEOUT_CNT      0x280000
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32C6)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            /* Observed: 144323 @ 80MHz */
+            #define ESP_RSA_TIMEOUT_CNT      0x160000
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP32H2)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP8266)
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #elif defined(CONFIG_IDF_TARGET_ESP8684)
+        /* See also CONFIG_IDF_TARGET_ESP8684 equivalent */
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #else
+        #ifndef ESP_RSA_TIMEOUT_CNT
+            #define ESP_RSA_TIMEOUT_CNT      0x349F00
+        #endif
+    #endif
 #endif /* WOLFSSL_ESPIDF */
 
 #if defined(WOLFSSL_RENESAS_TSIP)
     #define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64
     #define TSIP_TLS_MASTERSECRET_SIZE       80   /* 20 words */
     #define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte  */
+
+    #ifdef WOLF_CRYPTO_CB
+        /* make sure RSA padding callbacks are enabled */
+        #define WOLF_CRYPTO_CB_RSA_PAD
+    #endif
 #endif /* WOLFSSL_RENESAS_TSIP */
 
 #if !defined(WOLFSSL_NO_HASH_RAW) && defined(WOLFSSL_RENESAS_RX64_HASH)
@@ -854,7 +1276,7 @@
             #error "https://www.wolfssl.com/docs/porting-guide/"
         #endif
     #endif
-    #define WOLFSSL_USER_IO
+
     #define HAVE_ECC
     #define NO_DH
     #define NO_SESSION_CACHE
@@ -911,8 +1333,8 @@
     #define XSTRNCMP(s1,s2,n)      strncmp((s1),(s2),(n))
     #define XSTRNCAT(s1,s2,n)      strncat((s1),(s2),(n))
     #define XSTRNCASECMP(s1,s2,n)  _strnicmp((s1),(s2),(n))
-    #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) \
-            || defined(HAVE_ALPN)
+    #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
+        defined(OPENSSL_ALL) || defined(HAVE_ALPN)
         #define XSTRTOK            strtok_r
     #endif
 #endif
@@ -978,10 +1400,13 @@
         #define NO_SESSION_CACHE
 #endif
 
-/* Micrium will use Visual Studio for compilation but not the Win32 API */
+/* For platforms where the target OS is not Windows, but compilation is
+ * done on Windows/Visual Studio, enable a way to disable USE_WINDOWS_API.
+ * Examples: Micrium, TenAsus INtime, uTasker, FreeRTOS simulator */
 #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
     !defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \
-    !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
+    !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) && \
+    !defined(WOLFSSL_NOT_WINDOWS_API)
     #define USE_WINDOWS_API
 #endif
 
@@ -1039,9 +1464,9 @@ extern void uITRON4_free(void *p) ;
 #if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER) && \
         !defined(NO_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
     #include <stdlib.h>
-    #define XMALLOC(s, h, type)  ((void)(h), (void)(type), malloc((s)))
-    #define XFREE(p, h, type)    ((void)(h), (void)(type), free((p)))
-    #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n)))
+    #define XMALLOC(s, h, type)  ((void)(h), (void)(type), malloc((s))) /* native heap */
+    #define XFREE(p, h, type)    ((void)(h), (void)(type), free((p))) /* native heap */
+    #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) /* native heap */
 #endif
 
 #if defined(XMALLOC_USER) && defined(SSN_BUILDING_LIBYASSL)
@@ -1076,18 +1501,18 @@ extern void uITRON4_free(void *p) ;
                            (s), (__FILE__), (__LINE__), (__FUNCTION__) ))
         #else
             #define XMALLOC(s, h, type)  \
-                           ((void)(h), (void)(type), pvPortMalloc((s)))
+                           ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */
         #endif
 
         /* XFREE */
-        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p)))
+        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p))) /* native heap */
 
         /* XREALLOC */
         #if defined(WOLFSSL_ESPIDF)
             /* In the Espressif EDP-IDF, realloc(p, n) is equivalent to
              *     heap_caps_realloc(p, s, MALLOC_CAP_8BIT)
              * There's no pvPortRealloc available:  */
-            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n)))
+            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) /* native heap */
         #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA) || \
               defined(OPENSSL_ALL)
             /* FreeRTOS pvPortRealloc() implementation can be found here:
@@ -1101,7 +1526,7 @@ extern void uITRON4_free(void *p) ;
     #ifndef NO_WRITEV
         #define NO_WRITEV
     #endif
-    #ifndef HAVE_SHA512
+    #ifndef WOLFSSL_SHA512
         #ifndef NO_SHA512
             #define NO_SHA512
         #endif
@@ -1129,8 +1554,12 @@ extern void uITRON4_free(void *p) ;
 #ifdef FREERTOS_TCP
     #if !defined(NO_WOLFSSL_MEMORY) && !defined(XMALLOC_USER) && \
         !defined(WOLFSSL_STATIC_MEMORY)
-        #define XMALLOC(s, h, type)  pvPortMalloc((s))
-        #define XFREE(p, h, type)    vPortFree((p))
+        #ifndef XMALLOC
+            #define XMALLOC(s, h, type)  pvPortMalloc((s)) /* native heap */
+        #endif
+        #ifndef XFREE
+            #define XFREE(p, h, type)    vPortFree((p)) /* native heap */
+        #endif
     #endif
 
     #define WOLFSSL_GENSEED_FORTEST
@@ -1298,8 +1727,8 @@ extern void uITRON4_free(void *p) ;
     #endif
     #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
         !defined(WOLFSSL_STATIC_MEMORY)
-        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s)))
-        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p)))
+        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */
+        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p))) /* native heap */
 
         /* FreeRTOS pvPortRealloc() implementation can be found here:
             https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */
@@ -1417,8 +1846,8 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_CRYPT_HW_MUTEX 1
 
     #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY)
-        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s)))
-        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p)))
+        #define XMALLOC(s, h, type)  ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */
+        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p))) /* native heap */
     #endif
 
     /* #define USER_TICKS */
@@ -1669,12 +2098,14 @@ extern void uITRON4_free(void *p) ;
 
 #endif /* WOLFSSL_MAXQ1065 || WOLFSSL_MAXQ108X */
 
-#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \
-    defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \
-    defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
-    defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \
-    defined(WOLFSSL_STM32G0) || defined(WOLFSSL_STM32U5) || \
-    defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32WL)
+#if defined(WOLFSSL_STM32F2)  || defined(WOLFSSL_STM32F4)   || \
+    defined(WOLFSSL_STM32F7)  || defined(WOLFSSL_STM32F1)   || \
+    defined(WOLFSSL_STM32L4)  || defined(WOLFSSL_STM32L5)   || \
+    defined(WOLFSSL_STM32WB)  || defined(WOLFSSL_STM32H7)   || \
+    defined(WOLFSSL_STM32G0)  || defined(WOLFSSL_STM32U5)   || \
+    defined(WOLFSSL_STM32H5)  || defined(WOLFSSL_STM32WL)   || \
+    defined(WOLFSSL_STM32G4)  || defined(WOLFSSL_STM32MP13) || \
+    defined(WOLFSSL_STM32H7S) || defined(WOLFSSL_STM32WBA)
 
     #define SIZEOF_LONG_LONG 8
     #ifndef CHAR_BIT
@@ -1695,7 +2126,7 @@ extern void uITRON4_free(void *p) ;
 
         #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
             defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32U5) || \
-            defined(WOLFSSL_STM32WL)
+            defined(WOLFSSL_STM32WL) || defined(WOLFSSL_STM32WBA)
             #define NO_AES_192 /* hardware does not support 192-bit */
         #endif
     #endif
@@ -1722,6 +2153,8 @@ extern void uITRON4_free(void *p) ;
             #include "stm32f7xx_hal.h"
         #elif defined(WOLFSSL_STM32F1)
             #include "stm32f1xx_hal.h"
+        #elif defined(WOLFSSL_STM32H7S)
+            #include "stm32h7rsxx_hal.h"
         #elif defined(WOLFSSL_STM32H7)
             #include "stm32h7xx_hal.h"
         #elif defined(WOLFSSL_STM32WB)
@@ -1730,10 +2163,20 @@ extern void uITRON4_free(void *p) ;
             #include "stm32wlxx_hal.h"
         #elif defined(WOLFSSL_STM32G0)
             #include "stm32g0xx_hal.h"
+        #elif defined(WOLFSSL_STM32G4)
+            #include "stm32g4xx_hal.h"
         #elif defined(WOLFSSL_STM32U5)
             #include "stm32u5xx_hal.h"
         #elif defined(WOLFSSL_STM32H5)
             #include "stm32h5xx_hal.h"
+        #elif defined(WOLFSSL_STM32MP13)
+            /* HAL headers error on our ASM files */
+            #ifndef __ASSEMBLER__
+                #include "stm32mp13xx_hal.h"
+                #include "stm32mp13xx_hal_conf.h"
+            #endif
+        #elif defined(WOLFSSL_STM32WBA)
+            #include "stm32wbaxx_hal.h"
         #endif
         #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4)
             #include "stm32l4xx_ll_rng.h"
@@ -1788,10 +2231,7 @@ extern void uITRON4_free(void *p) ;
             #include "stm32f1xx.h"
         #endif
     #endif /* WOLFSSL_STM32_CUBEMX */
-#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 ||
-          WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB ||
-          WOLFSSL_STM32H7 || WOLFSSL_STM32G0 || WOLFSSL_STM32U5 ||
-          WOLFSSL_STM32H5 */
+#endif /* WOLFSSL_STM32* */
 #ifdef WOLFSSL_DEOS
     #include <deos.h>
     #include <timeout.h>
@@ -2023,6 +2463,15 @@ extern void uITRON4_free(void *p) ;
     #define HAVE_AESGCM
 #endif
 
+/* Detect Cortex M3 (no UMAAL) */
+#if defined(__ARM_ARCH_7M__) && !defined(WOLFSSL_ARM_ARCH_7M)
+    #define WOLFSSL_ARM_ARCH_7M
+#endif
+#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(WOLFSSL_ARM_ARCH_7M)
+    #undef  WOLFSSL_SP_NO_UMAAL
+    #define WOLFSSL_SP_NO_UMAAL
+#endif
+
 #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_AFALG_XILINX)
     #if defined(WOLFSSL_ARMASM)
         #error can not use both ARMv8 instructions and XILINX hardened crypto
@@ -2035,8 +2484,12 @@ extern void uITRON4_free(void *p) ;
         #define WOLFSSL_NOSHA3_224
         #define WOLFSSL_NOSHA3_256
         #define WOLFSSL_NOSHA3_512
-        #define WOLFSSL_NO_SHAKE128
-        #define WOLFSSL_NO_SHAKE256
+        #ifndef WOLFSSL_NO_SHAKE128
+            #define WOLFSSL_NO_SHAKE128
+        #endif
+        #ifndef WOLFSSL_NO_SHAKE256
+            #define WOLFSSL_NO_SHAKE256
+        #endif
     #endif
     #ifdef WOLFSSL_AFALG_XILINX_AES
         #undef  WOLFSSL_AES_DIRECT
@@ -2122,7 +2575,7 @@ extern void uITRON4_free(void *p) ;
     #if !defined(CONFIG_NET_SOCKETS_POSIX_NAMES) && !defined(CONFIG_POSIX_API)
     #define CONFIG_NET_SOCKETS_POSIX_NAMES
     #endif
-#endif
+#endif /* WOLFSSL_ZEPHYR */
 
 #ifdef WOLFSSL_IMX6
     #ifndef SIZEOF_LONG_LONG
@@ -2249,11 +2702,6 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
-    #undef  KEEP_PEER_CERT
-    #define KEEP_PEER_CERT
-#endif
-
 
 /* stream ciphers except arc4 need 32bit alignment, intel ok without */
 #ifndef XSTREAM_ALIGN
@@ -2350,10 +2798,18 @@ extern void uITRON4_free(void *p) ;
     #undef WOLFSSL_SP_INT_DIGIT_ALIGN
     #define WOLFSSL_SP_INT_DIGIT_ALIGN
 #endif
-#ifdef __APPLE__
+#if defined(__sparc)
+    #undef WOLFSSL_SP_INT_DIGIT_ALIGN
+    #define WOLFSSL_SP_INT_DIGIT_ALIGN
+#endif
+#if defined(__APPLE__) || defined(WOLF_C89)
     #define WOLFSSL_SP_NO_DYN_STACK
 #endif
 
+#if defined(__WATCOMC__) && !defined(WOLF_NO_VARIADIC_MACROS)
+    #define WOLF_NO_VARIADIC_MACROS
+#endif
+
 #ifdef __INTEL_COMPILER
     #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */
 #endif
@@ -2397,6 +2853,10 @@ extern void uITRON4_free(void *p) ;
         /* default is SP Math. */
         #define WOLFSSL_SP_MATH_ALL
     #endif
+#elif defined(WOLFCRYPT_FIPS_RAND)
+    #ifndef NO_BIG_INT
+        #define NO_BIG_INT
+    #endif
 #else
     /* FIPS 140-2 or older */
     /* Default to fast math (tfm.c), but allow heap math (integer.c) */
@@ -2417,6 +2877,58 @@ extern void uITRON4_free(void *p) ;
 #endif
 /*----------------------------------------------------------------------------*/
 
+/* SP Math specific options */
+/* Determine when mp_add_d is required. */
+#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
+    !defined(NO_DSA) || defined(HAVE_ECC) || \
+    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    defined(OPENSSL_EXTRA)
+    #define WOLFSSL_SP_ADD_D
+#endif
+
+/* Determine when mp_sub_d is required. */
+#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
+    #define WOLFSSL_SP_SUB_D
+#endif
+
+/* Determine when mp_read_radix with a radix of 10 is required. */
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || \
+    !defined(NO_DSA) || defined(OPENSSL_EXTRA)
+    #define WOLFSSL_SP_READ_RADIX_16
+#endif
+
+/* Determine when mp_read_radix with a radix of 10 is required. */
+#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
+    !defined(WOLFSSL_RSA_VERIFY_ONLY)
+    #define WOLFSSL_SP_READ_RADIX_10
+#endif
+
+/* Determine when mp_invmod is required. */
+#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
+    (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
+     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+    #define WOLFSSL_SP_INVMOD
+#endif
+
+/* Determine when mp_invmod_mont_ct is required. */
+#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
+    #define WOLFSSL_SP_INVMOD_MONT_CT
+#endif
+
+/* Determine when mp_prime_gen is required. */
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
+    !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \
+    (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
+    #define WOLFSSL_SP_PRIME_GEN
+#endif
+
+#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
+    (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA)
+    /* Determine when mp_mul_d is required */
+    #define WOLFSSL_SP_MUL_D
+#endif
 
 
 /* user can specify what curves they want with ECC_USER_CURVES otherwise
@@ -2507,7 +3019,7 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif /* HAVE_ECC */
 
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
+#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && defined(HAVE_ECC) && \
     !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
     !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA)
@@ -2606,6 +3118,13 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif /* HAVE_ED448 */
 
+/* FIPS does not support CFB1 or CFB8 */
+#if !defined(WOLFSSL_NO_AES_CFB_1_8) && \
+    (defined(HAVE_SELFTEST) || \
+        (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)))
+    #define WOLFSSL_NO_AES_CFB_1_8
+#endif
+
 /* AES Config */
 #ifndef NO_AES
     /* By default enable all AES key sizes, decryption and CBC */
@@ -2775,6 +3294,14 @@ extern void uITRON4_free(void *p) ;
     #undef NO_DH
 #endif
 
+/* CryptoCell defines */
+#ifdef WOLFSSL_CRYPTOCELL
+    #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
+        /* Don't attempt to sign/verify an all-zero digest in wolfCrypt tests */
+        #define WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST
+    #endif /* HAVE_ECC && HAVE_ECC_SIGN */
+#endif
+
 /* Asynchronous Crypto */
 #ifdef WOLFSSL_ASYNC_CRYPT
     #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \
@@ -2799,6 +3326,12 @@ extern void uITRON4_free(void *p) ;
          * but not required */
         #define ECC_CACHE_CURVE
     #endif
+
+    #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
+        /* Don't attempt to sign/verify an all-zero digest in wolfCrypt tests */
+        #define WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST
+    #endif /* HAVE_ECC && HAVE_ECC_SIGN */
+
 #endif /* WOLFSSL_ASYNC_CRYPT */
 #ifndef WC_ASYNC_DEV_SIZE
     #define WC_ASYNC_DEV_SIZE 0
@@ -2888,6 +3421,10 @@ extern void uITRON4_free(void *p) ;
     #error "Dual alg cert support requires the ASN.1 template feature."
 #endif
 
+#if defined(WOLFSSL_ACERT) && !defined(WOLFSSL_ASN_TEMPLATE)
+    #error "Attribute Certificate support requires the ASN.1 template feature."
+#endif
+
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
     #undef  WOLFSSL_ASN_ALL
     #define WOLFSSL_ASN_ALL
@@ -2983,10 +3520,16 @@ extern void uITRON4_free(void *p) ;
     /* Extended Key Usage */
     #undef  WOLFSSL_EKU_OID
     #define WOLFSSL_EKU_OID
+
+    /* Attribute Certificate support */
+    #if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_ACERT)
+        #define WOLFSSL_ACERT
+    #endif
 #endif
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
-    defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
+    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
+    defined(WOLFSSL_HAPROXY)
     #undef  WOLFSSL_ASN_TIME_STRING
     #define WOLFSSL_ASN_TIME_STRING
 #endif
@@ -3005,13 +3548,14 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_OCSP_PARSE_STATUS
 #endif
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
-    defined(WOLFSSL_CERT_GEN)
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+    defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_CERT_GEN)
     #undef  WOLFSSL_MULTI_ATTRIB
     #define WOLFSSL_MULTI_ATTRIB
 #endif
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+    defined(OPENSSL_EXTRA_X509_SMALL)
     #undef  WOLFSSL_EKU_OID
     #define WOLFSSL_EKU_OID
 #endif
@@ -3069,16 +3613,33 @@ extern void uITRON4_free(void *p) ;
         #define WOLFSSL_OLD_PRIME_CHECK
     #endif
     #ifndef WOLFSSL_TEST_SUBROUTINE
-        #define WOLFSSL_TEST_SUBROUTINE static
+        #ifdef LINUXKM_LKCAPI_REGISTER
+            #define WOLFSSL_TEST_SUBROUTINE
+        #else
+            #define WOLFSSL_TEST_SUBROUTINE static
+        #endif
+    #endif
+    #ifdef LINUXKM_LKCAPI_REGISTER
+        #define WC_TEST_EXPORT_SUBTESTS
     #endif
     #undef HAVE_PTHREAD
+    /* linuxkm uses linux/string.h, included by linuxkm_wc_port.h. */
     #undef HAVE_STRINGS_H
+    /* linuxkm uses linux/limits.h, included by linuxkm_wc_port.h. */
+    #undef HAVE_LIMITS_H
     #undef HAVE_ERRNO_H
     #undef HAVE_THREAD_LS
+    #undef HAVE_ATEXIT
     #undef WOLFSSL_HAVE_MIN
     #undef WOLFSSL_HAVE_MAX
-    #define SIZEOF_LONG         8
-    #define SIZEOF_LONG_LONG    8
+    #undef WOLFSSL_HAVE_ASSERT_H
+    #define WOLFSSL_NO_ASSERT_H
+    #ifndef SIZEOF_LONG
+        #define SIZEOF_LONG         8
+    #endif
+    #ifndef SIZEOF_LONG_LONG
+        #define SIZEOF_LONG_LONG    8
+    #endif
     #define CHAR_BIT            8
     #ifndef WOLFSSL_SP_DIV_64
         #define WOLFSSL_SP_DIV_64
@@ -3089,6 +3650,24 @@ extern void uITRON4_free(void *p) ;
     #ifdef __PIE__
         #define WC_NO_INTERNAL_FUNCTION_POINTERS
     #endif
+
+    #ifndef NO_OLD_WC_NAMES
+        #define NO_OLD_WC_NAMES
+    #endif
+    #ifndef NO_OLD_SHA_NAMES
+        #define NO_OLD_SHA_NAMES
+    #endif
+    #ifndef NO_OLD_MD5_NAME
+        #define NO_OLD_MD5_NAME
+    #endif
+    #ifndef OPENSSL_COEXIST
+        #define OPENSSL_COEXIST
+    #endif
+    #ifndef NO_OLD_SSL_NAMES
+        #define NO_OLD_SSL_NAMES
+    #endif
+    #undef WOLFSSL_MIN_AUTH_TAG_SZ
+    #define WOLFSSL_MIN_AUTH_TAG_SZ 4
 #endif
 
 
@@ -3099,12 +3678,10 @@ extern void uITRON4_free(void *p) ;
     #undef HAVE_GMTIME_R /* don't trust macro with windows */
 #endif /* WOLFSSL_MYSQL_COMPATIBLE */
 
-#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
- || defined(HAVE_LIGHTY)) && !defined(NO_TLS)
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
+    defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && !defined(NO_TLS)
     #define OPENSSL_NO_ENGINE
-    #ifndef OPENSSL_EXTRA
-        #define OPENSSL_EXTRA
-    #endif
+
     /* Session Tickets will be enabled when --enable-opensslall is used.
      * Time is required for ticket expiration checking */
     #if !defined(HAVE_SESSION_TICKET) && !defined(NO_ASN_TIME)
@@ -3131,11 +3708,18 @@ extern void uITRON4_free(void *p) ;
     #define OPENSSL_EXTRA
 #endif
 
+
+#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)) && \
+    !defined(WOLFSSL_ASN_CA_ISSUER)
+    #define WOLFSSL_ASN_CA_ISSUER
+#endif
+
+
 /* ---------------------------------------------------------------------------
  * OpenSSL compat layer
  * ---------------------------------------------------------------------------
  */
-#if defined(OPENSSL_EXTRA) && !defined(OPENSSL_COEXIST)
+#ifdef OPENSSL_EXTRA
     #undef  WOLFSSL_ALWAYS_VERIFY_CB
     #define WOLFSSL_ALWAYS_VERIFY_CB
 
@@ -3159,7 +3743,7 @@ extern void uITRON4_free(void *p) ;
 
     #undef WOLFSSL_SESSION_ID_CTX
     #define WOLFSSL_SESSION_ID_CTX
-#endif /* OPENSSL_EXTRA && !OPENSSL_COEXIST */
+#endif /* OPENSSL_EXTRA */
 
 #ifdef OPENSSL_EXTRA_X509_SMALL
     #undef WOLFSSL_NO_OPENSSL_RAND_CB
@@ -3211,6 +3795,11 @@ extern void uITRON4_free(void *p) ;
     #ifndef NO_OLD_WC_NAMES
         #define NO_OLD_WC_NAMES
     #endif
+    #if defined(HAVE_SELFTEST) || \
+        (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0))
+        /* old FIPS needs this remapping. */
+        #define Sha3 wc_Sha3
+    #endif
 #endif
 
 #if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA)
@@ -3254,17 +3843,29 @@ extern void uITRON4_free(void *p) ;
 #endif
 
 /* Parts of the openssl compatibility layer require peer certs */
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
- || defined(HAVE_LIGHTY)
+#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+     defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+     defined(HAVE_LIGHTY)) && !defined(NO_CERTS)
     #undef  KEEP_PEER_CERT
     #define KEEP_PEER_CERT
 #endif
 
+/* Always copy certificate(s) from SSL CTX to each SSL object on creation,
+ * if this is not defined then each SSL object shares a pointer to the
+ * original certificate buffer owned by the SSL CTX. */
 #if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_CERT)
     #undef WOLFSSL_COPY_CERT
     #define WOLFSSL_COPY_CERT
 #endif
 
+/* Always copy private key from SSL CTX to each SSL object on creation,
+ * if this is not defined then each SSL object shares a pointer to the
+ * original key buffer owned by the SSL CTX. */
+#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_KEY)
+    #undef WOLFSSL_COPY_KEY
+    #define WOLFSSL_COPY_KEY
+#endif
+
 /*
  * Keeps the "Finished" messages after a TLS handshake for use as the so-called
  * "tls-unique" channel binding. See comment in internal.h around clientFinished
@@ -3275,14 +3876,45 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_HAVE_TLS_UNIQUE
 #endif
 
+/* WPAS Small option requires OPENSSL_EXTRA_X509_SMALL */
+#if defined(WOLFSSL_WPAS_SMALL) && !defined(OPENSSL_EXTRA_X509_SMALL)
+    #define OPENSSL_EXTRA_X509_SMALL
+#endif
+
+/* Web Server needs to enable OPENSSL_EXTRA_X509_SMALL */
+#if defined(HAVE_WEBSERVER) && !defined(OPENSSL_EXTRA_X509_SMALL)
+    #define OPENSSL_EXTRA_X509_SMALL
+#endif
+
+/* The EX data CRYPTO API's used with compatibility */
+#if !defined(HAVE_EX_DATA_CRYPTO) && \
+    (defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) || \
+    defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
+    defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
+    defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB) || \
+    defined(WOLFSSL_WOLFSENTRY_HOOKS))
+    #define HAVE_EX_DATA_CRYPTO
+#endif
+
+#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(HAVE_EX_DATA_CLEANUP_HOOKS)
+    #define HAVE_EX_DATA_CLEANUP_HOOKS
+#endif
+
+/* Enable EX Data support if required */
+#if (defined(HAVE_EX_DATA_CRYPTO) || defined(HAVE_EX_DATA_CLEANUP_HOOKS)) && \
+    !defined(HAVE_EX_DATA)
+    #define HAVE_EX_DATA
+#endif
+
+
 /* RAW hash function APIs are not implemented */
 #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AFALG_HASH)
     #undef  WOLFSSL_NO_HASH_RAW
     #define WOLFSSL_NO_HASH_RAW
 #endif
 
-/* XChacha not implemented with ARM assembly ChaCha */
-#if defined(WOLFSSL_ARMASM)
+#if defined(HAVE_XCHACHA) && !defined(HAVE_CHACHA)
+    /* XChacha requires ChaCha */
     #undef HAVE_XCHACHA
 #endif
 
@@ -3341,15 +3973,17 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_BASE64_DECODE
 #endif
 
-#if defined(HAVE_EX_DATA) || defined(FORTRESS)
-    #if defined(FORTRESS) && !defined(HAVE_EX_DATA)
-        #define HAVE_EX_DATA
-    #endif
+#if defined(FORTRESS) && !defined(HAVE_EX_DATA)
+    #define HAVE_EX_DATA
+#endif
+
+#ifdef HAVE_EX_DATA
     #ifndef MAX_EX_DATA
     #define MAX_EX_DATA 5  /* allow for five items of ex_data */
     #endif
 #endif
 
+
 #ifdef NO_WOLFSSL_SMALL_STACK
     #undef WOLFSSL_SMALL_STACK
 #endif
@@ -3491,7 +4125,7 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif
 
-#ifdef WOLFSSL_HAVE_KYBER
+#ifdef WOLFSSL_HAVE_MLKEM
 #define HAVE_PQC
 #endif
 
@@ -3506,41 +4140,30 @@ extern void uITRON4_free(void *p) ;
 #ifndef WOLFSSL_NO_SPHINCS
     #define HAVE_SPHINCS
 #endif
-#ifndef WOLFSSL_HAVE_KYBER
-    #define WOLFSSL_HAVE_KYBER
+#ifndef WOLFSSL_HAVE_MLKEM
+    #define WOLFSSL_HAVE_MLKEM
     #define WOLFSSL_KYBER512
     #define WOLFSSL_KYBER768
     #define WOLFSSL_KYBER1024
+    #define WOLFSSL_WC_ML_KEM_512
+    #define WOLFSSL_WC_ML_KEM_768
+    #define WOLFSSL_WC_ML_KEM_1024
 #endif
 #endif
 
-#ifdef HAVE_PQM4
-#define HAVE_PQC
-#define WOLFSSL_HAVE_KYBER
-#define WOLFSSL_KYBER512
-#define WOLFSSL_NO_KYBER768
-#define WOLFSSL_NO_KYBER1024
-#endif
-
 #if (defined(HAVE_LIBOQS) ||                                            \
-     defined(WOLFSSL_WC_KYBER) ||                                       \
-     defined(WOLFSSL_WC_DILITHIUM) ||                                   \
      defined(HAVE_LIBXMSS) ||                                           \
      defined(HAVE_LIBLMS) ||                                            \
-     defined(WOLFSSL_DUAL_ALG_CERTS)) &&                                \
+     defined(WOLFSSL_DUAL_ALG_CERTS) ||                                 \
+     defined(HAVE_ASCON)) &&                                            \
     !defined(WOLFSSL_EXPERIMENTAL_SETTINGS)
     #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS
 #endif
 
-#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4) && \
-    !defined(WOLFSSL_HAVE_KYBER)
+#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(WOLFSSL_HAVE_MLKEM)
 #error Please do not define HAVE_PQC yourself.
 #endif
 
-#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) && defined(HAVE_PQM4)
-#error Please do not define both HAVE_LIBOQS and HAVE_PQM4.
-#endif
-
 #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13) && \
     !defined(WOLFSSL_DTLS_CH_FRAG)
 #warning "Using DTLS 1.3 + pqc without WOLFSSL_DTLS_CH_FRAG will probably" \
@@ -3602,10 +4225,6 @@ extern void uITRON4_free(void *p) ;
 #error "DTLS v1.3 requires both WOLFSSL_TLS13 and WOLFSSL_DTLS"
 #endif
 
-#if defined(WOLFSSL_DTLS_CID) && !defined(WOLFSSL_DTLS13)
-#error "ConnectionID is supported for DTLSv1.3 only"
-#endif
-
 #if defined(WOLFSSL_QUIC) && defined(WOLFSSL_CALLBACKS)
     #error WOLFSSL_QUIC is incompatible with WOLFSSL_CALLBACKS.
 #endif
@@ -3713,8 +4332,8 @@ extern void uITRON4_free(void *p) ;
     /* Ciphersuite check done in internal.h */
 #endif
 
-/* Some final sanity checks */
-#ifdef WOLFSSL_APPLE_HOMEKIT
+/* Some final sanity checks. See esp32-crypt.h for Apple HomeKit config. */
+#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
     #ifndef WOLFCRYPT_HAVE_SRP
         #error "WOLFCRYPT_HAVE_SRP is required for Apple Homekit"
     #endif
@@ -3732,10 +4351,23 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif
 
+#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_NO_ASN_STRICT)
+    /* The settings.h and/or user_settings.h should have detected config
+     * values from Kconfig and set the appropriate wolfSSL macro: */
+    #error "CONFIG_WOLFSSL_NO_ASN_STRICT found without WOLFSSL_NO_ASN_STRICT"
+#endif
+
 #if defined(WOLFSSL_ESPIDF) && defined(ARDUINO)
     #error "Found both ESPIDF and ARDUINO. Pick one."
 #endif
 
+#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE) && \
+    defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \
+            CONFIG_MBEDTLS_CERTIFICATE_BUNDLE  && \
+            CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
+    #error "mbedTLS and wolfSSL Certificate Bundles both enabled. Pick one".
+#endif
+
 #if defined(HAVE_FIPS) && defined(HAVE_PKCS11)
     #error "PKCS11 not allowed with FIPS enabled (Crypto outside boundary)"
 #endif
@@ -3752,15 +4384,24 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif
 
-#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
-    defined(OPENSSL_COEXIST)
-    #error "OPENSSL_EXTRA can not be defined with OPENSSL_COEXIST"
+#if defined(OPENSSL_ALL) && defined(OPENSSL_COEXIST)
+    #error "OPENSSL_ALL can not be defined with OPENSSL_COEXIST"
 #endif
 
 #if !defined(NO_DSA) && defined(NO_SHA)
     #error "Please disable DSA if disabling SHA-1"
 #endif
 
+#if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+    #if !defined(WOLFSSL_CRYPTO_POLICY_FILE)
+        #error "WOLFSSL_SYS_CRYPTO_POLICY requires a crypto policy file"
+    #endif /* ! WOLFSSL_CRYPTO_POLICY_FILE */
+
+    #if !defined(OPENSSL_EXTRA)
+        #error "WOLFSSL_SYS_CRYPTO_POLICY requires OPENSSL_EXTRA"
+    #endif /* ! OPENSSL_EXTRA */
+#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
+
 /* if configure.ac turned on this feature, HAVE_ENTROPY_MEMUSE will be set,
  * also define HAVE_WOLFENTROPY */
 #ifdef HAVE_ENTROPY_MEMUSE
@@ -3775,6 +4416,11 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif /* HAVE_ENTROPY_MEMUSE */
 
+#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) && \
+    !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
+#error "If TLS is enabled please make sure either client or server is enabled."
+#endif
+
 #ifdef __cplusplus
     }   /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h
index 6ed595026..54b083385 100644
--- a/wolfssl/wolfcrypt/sha.h
+++ b/wolfssl/wolfcrypt/sha.h
@@ -1,6 +1,6 @@
 /* sha.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -76,6 +76,9 @@
 #if defined(WOLFSSL_SILABS_SE_ACCEL)
     #include <wolfssl/wolfcrypt/port/silabs/silabs_hash.h>
 #endif
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#endif
 
 #if !defined(NO_OLD_SHA_NAMES)
     #define SHA             WC_SHA
@@ -148,8 +151,8 @@ struct wc_Sha {
     #else
     word32  digest[WC_SHA_DIGEST_SIZE / sizeof(word32)];
     #endif
-    void*   heap;
 #endif
+    void*   heap;
 #ifdef WOLFSSL_PIC32MZ_HASH
     hashUpdCache cache; /* cache for updates */
 #endif
@@ -160,6 +163,9 @@ struct wc_Sha {
     int    devId;
     void*  devCtx; /* generic crypto callback context */
 #endif
+#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA)
+    wc_MXC_Sha mxcCtx;
+#endif
 #ifdef WOLFSSL_IMXRT1170_CAAM
     caam_hash_ctx_t ctx;
     caam_handle_t hndl;
diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h
index aa4632cf3..7a064a0ca 100644
--- a/wolfssl/wolfcrypt/sha256.h
+++ b/wolfssl/wolfcrypt/sha256.h
@@ -1,6 +1,6 @@
 /* sha256.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -146,6 +146,10 @@ enum {
     #include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h"
 #else
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include "wolfssl/wolfcrypt/port/maxim/max3266x.h"
+#endif
+
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
     #include "wolfssl/wolfcrypt/port/nxp/se050_port.h"
 #endif
@@ -190,13 +194,13 @@ struct wc_Sha256 {
     word32  buffLen;   /* in bytes          */
     word32  loLen;     /* length in bytes   */
     word32  hiLen;     /* length in bytes   */
-    void*   heap;
 
 #ifdef WC_C_DYNAMIC_FALLBACK
     int sha_method;
 #endif
 
 #endif
+    void*   heap;
 #ifdef WOLFSSL_PIC32MZ_HASH
     hashUpdCache cache; /* cache for updates */
 #endif
@@ -209,6 +213,9 @@ struct wc_Sha256 {
 #ifdef WOLFSSL_DEVCRYPTO_HASH
     WC_CRYPTODEV ctx;
 #endif
+#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA)
+    wc_MXC_Sha mxcCtx;
+#endif
 #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP)
     byte*  msg;
     word32 used;
@@ -257,10 +264,14 @@ struct wc_Sha256 {
 WOLFSSL_API int wc_InitSha256(wc_Sha256* sha);
 WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId);
 WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len);
+
+#if !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH)
 WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash);
+#endif
 WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, byte* hash);
 WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256);
-#if defined(OPENSSL_EXTRA) || defined(HAVE_CURL)
+#if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \
+    !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH)
 WOLFSSL_API int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data);
 #endif
 #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h
index 0931a9558..724719a66 100644
--- a/wolfssl/wolfcrypt/sha3.h
+++ b/wolfssl/wolfcrypt/sha3.h
@@ -1,6 +1,6 @@
 /* sha3.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -45,6 +45,10 @@
     #include <wolfssl/wolfcrypt/async.h>
 #endif
 
+#ifdef STM32_HASH
+    #include <wolfssl/wolfcrypt/port/st/stm32.h>
+#endif
+
 /* in bytes */
 enum {
     /* SHAKE-128 */
@@ -140,6 +144,9 @@ struct wc_Sha3 {
 #ifdef WOLFSSL_HASH_FLAGS
     word32 flags; /* enum wc_HashFlags in hash.h */
 #endif
+#if defined(STM32_HASH_SHA3)
+    STM32_HASH_Context stmCtx;
+#endif
 };
 
 #ifndef WC_SHA3_TYPE_DEFINED
@@ -218,10 +225,15 @@ WOLFSSL_LOCAL void sha3_block_n_bmi2(word64* s, const byte* data, word32 n,
     word64 c);
 WOLFSSL_LOCAL void sha3_block_bmi2(word64* s);
 WOLFSSL_LOCAL void sha3_block_avx2(word64* s);
+WOLFSSL_LOCAL void sha3_blocksx4_avx2(word64* s);
 WOLFSSL_LOCAL void BlockSha3(word64 *s);
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
+WOLFSSL_LOCAL void BlockSha3_crypto(word64 *s);
 #endif
-#if defined(WOLFSSL_ARMASM) && (defined(__arm__) || \
-    defined(WOLFSSL_ARMASM_CRYPTO_SHA3))
+WOLFSSL_LOCAL void BlockSha3_base(word64 *s);
+WOLFSSL_LOCAL void BlockSha3(word64 *s);
+#elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
 WOLFSSL_LOCAL void BlockSha3(word64 *s);
 #endif
 
diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h
index 4b2dd2a19..593177eec 100644
--- a/wolfssl/wolfcrypt/sha512.h
+++ b/wolfssl/wolfcrypt/sha512.h
@@ -1,6 +1,6 @@
 /* sha512.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -73,6 +73,10 @@
     #include "fsl_caam.h"
 #endif
 
+#ifdef STM32_HASH
+    #include <wolfssl/wolfcrypt/port/st/stm32.h>
+#endif
+
 #if defined(_MSC_VER)
     #define SHA512_NOINLINE __declspec(noinline)
 #elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
@@ -135,12 +139,16 @@ enum {
     #include "mcapi.h"
     #include "mcapi_error.h"
 #endif
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include "wolfssl/wolfcrypt/port/maxim/max3266x.h"
+#endif
 /* wc_Sha512 digest */
 struct wc_Sha512 {
 #ifdef WOLFSSL_PSOC6_CRYPTO
     cy_stc_crypto_sha_state_t hash_state;
     cy_en_crypto_sha_mode_t sha_mode;
     cy_stc_crypto_v2_sha512_buffers_t sha_buffers;
+    void*   heap;
 #else
     word64  digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
     word64  buffer[WC_SHA512_BLOCK_SIZE  / sizeof(word64)];
@@ -185,6 +193,9 @@ struct wc_Sha512 {
     int    devId;
     void*  devCtx; /* generic crypto callback context */
 #endif
+#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA)
+    wc_MXC_Sha mxcCtx;
+#endif
 #ifdef WOLFSSL_HASH_FLAGS
     word32 flags; /* enum wc_HashFlags in hash.h */
 #endif
@@ -195,6 +206,9 @@ struct wc_Sha512 {
 #ifdef HAVE_ARIA
     MC_HSESSION hSession;
 #endif
+#if defined(STM32_HASH_SHA512)
+    STM32_HASH_Context stmCtx;
+#endif
 #endif /* WOLFSSL_PSOC6_CRYPTO */
 };
 
@@ -210,18 +224,15 @@ struct wc_Sha512 {
 
 #endif /* HAVE_FIPS */
 
-#ifdef WOLFSSL_SHA512
+#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
 
 #ifdef WOLFSSL_ARMASM
 #ifdef __aarch64__
-#ifndef WOLFSSL_ARMASM_CRYPTO_SHA512
     void Transform_Sha512_Len_neon(wc_Sha512* sha512, const byte* data,
         word32 len);
-    #define Transform_Sha512_Len    Transform_Sha512_Len_neon
-#else
+#ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
     void Transform_Sha512_Len_crypto(wc_Sha512* sha512, const byte* data,
         word32 len);
-    #define Transform_Sha512_Len    Transform_Sha512_Len_crypto
 #endif
 #else
 extern void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data,
diff --git a/wolfssl/wolfcrypt/signature.h b/wolfssl/wolfcrypt/signature.h
index 51c07af52..7d9a1d40a 100644
--- a/wolfssl/wolfcrypt/signature.h
+++ b/wolfssl/wolfcrypt/signature.h
@@ -1,6 +1,6 @@
 /* signature.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/siphash.h b/wolfssl/wolfcrypt/siphash.h
index 6b75a4612..26cd82175 100644
--- a/wolfssl/wolfcrypt/siphash.h
+++ b/wolfssl/wolfcrypt/siphash.h
@@ -1,6 +1,6 @@
 /* siphash.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sm2.h b/wolfssl/wolfcrypt/sm2.h
index ae9885eef..fb90aaa38 100644
--- a/wolfssl/wolfcrypt/sm2.h
+++ b/wolfssl/wolfcrypt/sm2.h
@@ -1,6 +1,6 @@
 /* sm2.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sm3.h b/wolfssl/wolfcrypt/sm3.h
index b24fcf4f3..e7e8b0e72 100644
--- a/wolfssl/wolfcrypt/sm3.h
+++ b/wolfssl/wolfcrypt/sm3.h
@@ -1,6 +1,6 @@
 /* sm3.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sm4.h b/wolfssl/wolfcrypt/sm4.h
index 84a8166b5..3cebb799b 100644
--- a/wolfssl/wolfcrypt/sm4.h
+++ b/wolfssl/wolfcrypt/sm4.h
@@ -1,6 +1,6 @@
 /* sm4.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h
index 3ede752c3..9e7a9c945 100644
--- a/wolfssl/wolfcrypt/sp.h
+++ b/wolfssl/wolfcrypt/sp.h
@@ -1,6 +1,6 @@
 /* sp.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h
index 26978acfe..fb202d4c5 100644
--- a/wolfssl/wolfcrypt/sp_int.h
+++ b/wolfssl/wolfcrypt/sp_int.h
@@ -1,6 +1,6 @@
 /* sp_int.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -30,8 +30,9 @@ This library provides single precision (SP) integer math functions.
 #ifndef WOLFSSL_LINUXKM
 #include <limits.h>
 #endif
-#include  <wolfssl/wolfcrypt/settings.h>
-#include  <wolfssl/wolfcrypt/hash.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/hash.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -100,6 +101,15 @@ extern "C" {
     #error "Size of unsigned int not detected"
 #endif
 
+#if defined(__WATCOMC__) && defined(__WATCOM_INT64__)
+    /* For older Watcom C compiler force types */
+    #define SP_ULLONG_BITS    64
+    typedef unsigned __int64 sp_uint64;
+    typedef          __int64  sp_int64;
+
+#else
+
+/* 32-bit type */
 #if defined(WOLF_C89) && !defined(NO_64BIT) && \
         ULONG_MAX == 18446744073709551615UL
     #define SP_ULONG_BITS    64
@@ -108,8 +118,8 @@ extern "C" {
     typedef          long  sp_int64;
 #elif !defined(WOLF_C89) && !defined(NO_64BIT) && \
         ULONG_MAX == 18446744073709551615ULL && \
-        4294967295UL != 18446744073709551615ULL /* verify pre-processor supports
-                                                 * 64-bit ULL types */
+        /* sanity check pre-processor supports 64-bit ULL types */ \
+        4294967295UL != 18446744073709551615ULL
     #define SP_ULONG_BITS    64
 
     typedef unsigned long sp_uint64;
@@ -132,6 +142,7 @@ extern "C" {
     #error "Size of unsigned long not detected"
 #endif
 
+/* 64-bit type */
 #ifdef ULLONG_MAX
     #if defined(WOLF_C89) && ULLONG_MAX == 18446744073709551615UL
         #define SP_ULLONG_BITS    64
@@ -165,6 +176,7 @@ extern "C" {
         #error "Size of unsigned long long not detected"
     #endif
 #elif (SP_ULONG_BITS == 32) && !defined(NO_64BIT)
+    #define SP_ULLONG_BITS    64
     /* Speculatively use long long as the 64-bit type as we don't have one
      * otherwise. */
     typedef unsigned long long sp_uint64;
@@ -173,18 +185,12 @@ extern "C" {
     #define SP_ULLONG_BITS    0
 #endif
 
+#endif /* __WATCOMC__ */
 
 #ifdef WOLFSSL_SP_DIV_32
 #define WOLFSSL_SP_DIV_WORD_HALF
 #endif
 
-/* Detect Cortex M3 (no UMAAL) */
-#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(__ARM_ARCH_7M__)
-    #undef  WOLFSSL_SP_NO_UMAAL
-    #define WOLFSSL_SP_NO_UMAAL
-#endif
-
-
 /* Make sure WOLFSSL_SP_ASM build option defined when requested */
 #if !defined(WOLFSSL_SP_ASM) && ( \
       defined(WOLFSSL_SP_X86_64_ASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
@@ -204,8 +210,10 @@ extern "C" {
 #elif defined(WOLFSSL_SP_X86_64_ASM) || defined(WOLFSSL_SP_X86_64)
     #if SP_ULONG_BITS == 64 || SP_ULLONG_BITS == 64
         #define SP_WORD_SIZE 64
-        #define HAVE_INTEL_AVX1
-        #ifndef NO_AVX2_SUPPORT
+        #ifndef HAVE_INTEL_AVX1
+            #define HAVE_INTEL_AVX1
+        #endif
+        #if !defined(NO_AVX2_SUPPORT) && !defined(HAVE_INTEL_AVX2)
             #define HAVE_INTEL_AVX2
         #endif
     #elif SP_ULONG_BITS == 32
@@ -256,7 +264,7 @@ extern "C" {
 #define SP_WORD_SIZEOF  (SP_WORD_SIZE / 8)
 
 /* Define the types used. */
-#ifdef HAVE___UINT128_T
+#if defined(HAVE___UINT128_T) && !defined(NO_INT128)
     #ifdef __SIZEOF_INT128__
         typedef __uint128_t   sp_uint128;
         typedef  __int128_t    sp_int128;
@@ -696,9 +704,12 @@ typedef struct sp_ecc_ctx {
     do {                                                                       \
         int ii;                                                                \
         if ((a)->used > 0) {                                                   \
-            for (ii = (int)(a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \
+            for (ii = (int)(a)->used - 1; ii >= 0; ii--) {                     \
+                if ((a)->dp[ii] != 0) {                                        \
+                    break;                                                     \
+                }                                                              \
             }                                                                  \
-            (a)->used = (unsigned int)(ii + 1);                                \
+            (a)->used = (wc_mp_size_t)(ii + 1);                                \
         }                                                                      \
     } while (0)
 
@@ -742,24 +753,18 @@ typedef struct sp_ecc_ctx {
 #define MP_LT    (-1)
 
 /* ERROR VALUES */
+
+/* MP_MEM, MP_VAL, MP_WOULDBLOCK, and MP_NOT_INF are defined in error-crypt.h */
+
 /** Error value on success. */
 #define MP_OKAY          0
-/** Error value when dynamic memory allocation fails. */
-#define MP_MEM          (-2)
-/** Error value when value passed is not able to be used. */
-#define MP_VAL          (-3)
-/** Error value when non-blocking operation is returning after partial
- * completion.
- */
-#define FP_WOULDBLOCK   (-4)
-/* Unused error. Defined for backward compatibility. */
-#define MP_NOT_INF      (-5)
+
+#define FP_WOULDBLOCK   MP_WOULDBLOCK
 /* Unused error. Defined for backward compatibility. */
 #define MP_RANGE        MP_NOT_INF
-
 #ifdef USE_FAST_MATH
 /* For old FIPS, need FP_MEM defined for old implementation. */
-#define FP_MEM          (-2)
+#define FP_MEM          MP_MEM
 #endif
 
 /* Number of bits in each word/digit. */
@@ -776,8 +781,8 @@ typedef struct sp_ecc_ctx {
 /* The number of bytes to a sp_int with 'cnt' digits.
  * Must have at least one digit.
  */
-#define MP_INT_SIZEOF(cnt)                                              \
-    (sizeof(sp_int_minimal) + (((cnt) <= 1) ? 0 : ((cnt) - 1)) *        \
+#define MP_INT_SIZEOF(cnt)                                                  \
+    (sizeof(sp_int_minimal) + (((cnt) <= 1) ? 0 : ((size_t)((cnt) - 1))) *  \
      sizeof(sp_int_digit))
 /* The address of the next sp_int after one with 'cnt' digits. */
 #define MP_INT_NEXT(t, cnt) \
@@ -786,7 +791,7 @@ typedef struct sp_ecc_ctx {
 
 /* Calculate the number of words required to support a number of bits. */
 #define MP_BITS_CNT(bits)                                       \
-        ((((bits) + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1)
+        ((unsigned int)(((((bits) + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1)))
 
 #ifdef WOLFSSL_SMALL_STACK
 /*
@@ -871,6 +876,20 @@ while (0)
     #define WOLF_BIGINT_DEFINED
 #endif
 
+#if SP_INT_DIGITS < (65536 / SP_WORD_SIZEOF)
+/* Type for number of digits. */
+typedef word16       sp_size_t;
+#else
+/* Type for number of digits. */
+typedef unsigned int sp_size_t;
+#endif
+
+/* Type for number of digits. */
+#define wc_mp_size_t sp_size_t
+#ifdef WOLFSSL_SP_INT_NEGATIVE
+    typedef sp_uint8 sp_sign_t;
+    #define wc_mp_sign_t sp_sign_t
+#endif
 
 /**
  * SP integer.
@@ -879,12 +898,12 @@ while (0)
  */
 typedef struct sp_int {
     /** Number of words that contain data.  */
-    unsigned int used;
+    sp_size_t    used;
     /** Maximum number of words in data.  */
-    unsigned int size;
+    sp_size_t    size;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
     /** Indicates whether number is 0/positive or negative.  */
-    unsigned int sign;
+    sp_sign_t    sign;
 #endif
 #ifdef HAVE_WOLF_BIGINT
     /** Unsigned binary (big endian) representation of number. */
@@ -895,12 +914,16 @@ typedef struct sp_int {
 } sp_int;
 
 typedef struct sp_int_minimal {
-    unsigned int used;
-    unsigned int size;
+    /** Number of words that contain data.  */
+    sp_size_t    used;
+    /** Maximum number of words in data.  */
+    sp_size_t    size;
 #ifdef WOLFSSL_SP_INT_NEGATIVE
-    unsigned int sign;
+    /** Indicates whether number is 0/positive or negative.  */
+    sp_uint8     sign;
 #endif
 #ifdef HAVE_WOLF_BIGINT
+    /** Unsigned binary (big endian) representation of number. */
     struct WC_BIGINT raw;
 #endif
     /** First digit of number.  */
@@ -1145,27 +1168,22 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp);
 #define mp_div_2                            sp_div_2
 #define mp_add                              sp_add
 #define mp_sub                              sp_sub
-#define mp_addmod                           sp_addmod
-#define mp_submod                           sp_submod
+
 #define mp_addmod_ct                        sp_addmod_ct
 #define mp_submod_ct                        sp_submod_ct
 #define mp_xor_ct                           sp_xor_ct
 #define mp_lshd                             sp_lshd
 #define mp_rshd                             sp_rshd
 #define mp_div                              sp_div
-#define mp_mod                              sp_mod
 #define mp_mul                              sp_mul
-#define mp_mulmod                           sp_mulmod
 #define mp_invmod                           sp_invmod
 #define mp_invmod_mont_ct                   sp_invmod_mont_ct
 #define mp_exptmod_ex                       sp_exptmod_ex
-#define mp_exptmod                          sp_exptmod
 #define mp_exptmod_nct                      sp_exptmod_nct
 #define mp_div_2d                           sp_div_2d
 #define mp_mod_2d                           sp_mod_2d
 #define mp_mul_2d                           sp_mul_2d
 #define mp_sqr                              sp_sqr
-#define mp_sqrmod                           sp_sqrmod
 
 #define mp_unsigned_bin_size                sp_unsigned_bin_size
 #define mp_read_unsigned_bin                sp_read_unsigned_bin
@@ -1188,6 +1206,17 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp);
 #define mp_memzero_add                      sp_memzero_add
 #define mp_memzero_check                    sp_memzero_check
 
+/* Allow for Hardware Based Mod Math */
+/* Avoid redeclaration warnings */
+#ifndef WOLFSSL_USE_HW_MP
+    #define mp_mod                              sp_mod
+    #define mp_addmod                           sp_addmod
+    #define mp_submod                           sp_submod
+    #define mp_mulmod                           sp_mulmod
+    #define mp_exptmod                          sp_exptmod
+    #define mp_sqrmod                           sp_sqrmod
+#endif
+
 #ifdef WOLFSSL_DEBUG_MATH
 #define mp_dump(d, a, v)                    sp_print(a, d)
 #endif
diff --git a/wolfssl/wolfcrypt/sphincs.h b/wolfssl/wolfcrypt/sphincs.h
index 6dd3a8e85..f1487dd3b 100644
--- a/wolfssl/wolfcrypt/sphincs.h
+++ b/wolfssl/wolfcrypt/sphincs.h
@@ -1,6 +1,6 @@
 /* sphincs.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index d1307c792..760776557 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -1,6 +1,6 @@
 /* srp.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index 7d29b1f67..718077cd5 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -1,6 +1,6 @@
 /* tfm.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,6 +40,7 @@
 #define WOLF_CRYPT_TFM_H
 
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifndef CHAR_BIT
     #include <limits.h>
 #endif
@@ -305,10 +306,10 @@
 
 /* return codes */
 #define FP_OKAY      0
-#define FP_VAL      (-1)
-#define FP_MEM      (-2)
-#define FP_NOT_INF  (-3)
-#define FP_WOULDBLOCK (-4)
+#define FP_VAL      MP_VAL
+#define FP_MEM      MP_MEM
+#define FP_NOT_INF  MP_NOT_INF
+#define FP_WOULDBLOCK MP_WOULDBLOCK
 
 /* equalities */
 #define FP_LT        (-1)   /* less than */
@@ -378,6 +379,9 @@ while (0)
     #define WOLF_BIGINT_DEFINED
 #endif
 
+#define wc_mp_size_t int
+#define wc_mp_sign_t int
+
 /* a FP type */
 typedef struct fp_int {
     int      used;
@@ -776,10 +780,7 @@ int  fp_sqr_comba64(fp_int *a, fp_int *b);
 #define MP_LT   FP_LT   /* less than    */
 #define MP_EQ   FP_EQ   /* equal to     */
 #define MP_GT   FP_GT   /* greater than */
-#define MP_VAL  FP_VAL  /* invalid */
-#define MP_MEM  FP_MEM  /* memory error */
-#define MP_NOT_INF FP_NOT_INF /* point not at infinity */
-#define MP_RANGE FP_NOT_INF
+#define MP_RANGE MP_NOT_INF
 #define MP_OKAY FP_OKAY /* ok result    */
 #define MP_NO   FP_NO   /* yes/no result */
 #define MP_YES  FP_YES  /* yes/no result */
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index a540699e6..a3e6af7aa 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -1,6 +1,6 @@
 /* types.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,6 +34,14 @@ decouple library dependencies with standard string, memory and so on.
     #include <wolfssl/wolfcrypt/settings.h>
     #include <wolfssl/wolfcrypt/wc_port.h>
 
+    #if defined(EXTERNAL_OPTS_OPENVPN) && defined(BUILDING_WOLFSSL)
+    #error EXTERNAL_OPTS_OPENVPN should not be defined in compiled wolfssl library files.
+    #endif
+
+    #ifdef __APPLE__
+        #include <AvailabilityMacros.h>
+    #endif
+
     #ifdef __cplusplus
         extern "C" {
     #endif
@@ -73,6 +81,7 @@ decouple library dependencies with standard string, memory and so on.
     #endif
 
     #ifndef WOLFSSL_TYPES
+        #define WOLFSSL_TYPES
         #ifndef byte
             /* If using C++ C17 or later and getting:
              *   "error: reference to 'byte' is ambiguous", this is caused by
@@ -108,30 +117,85 @@ decouple library dependencies with standard string, memory and so on.
         typedef const char* const wcchar;
     #endif
 
+    #ifndef WC_BITFIELD
+        #ifdef WOLF_C89
+            #define WC_BITFIELD unsigned
+        #else
+            #define WC_BITFIELD byte
+        #endif
+    #endif
+
     #ifndef HAVE_ANONYMOUS_INLINE_AGGREGATES
         /* if a version is available, pivot on the version, otherwise guess it's
-         * allowed, subject to override.
+         * disallowed, subject to override.
          */
         #if !defined(WOLF_C89) && (!defined(__STDC__)                \
             || (!defined(__STDC_VERSION__) && !defined(__cplusplus)) \
             || (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201101L)) \
             || (defined(__cplusplus) && (__cplusplus >= 201103L)))
             #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1
-        #else
-            #define HAVE_ANONYMOUS_INLINE_AGGREGATES 0
         #endif
+    #elif ~(~HAVE_ANONYMOUS_INLINE_AGGREGATES + 1) == 1
+        /* forced on with empty value -- remap to 1 */
+        #undef HAVE_ANONYMOUS_INLINE_AGGREGATES
+        #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1
+    #elif HAVE_ANONYMOUS_INLINE_AGGREGATES
+        /* forced on with explicit nonzero value -- leave as-is. */
+    #else
+        /* forced off with explicit zero value -- remap to undef. */
+        #undef HAVE_ANONYMOUS_INLINE_AGGREGATES
     #endif
 
-    /* With a true C89-dialect compiler (simulate with gcc -std=c89 -Wall
-     * -Wextra -pedantic), a trailing comma on the last value in an enum
-     * definition is a syntax error.  We use this macro to accommodate that
-     * without disrupting clean flow/syntax when some enum values are
-     * preprocessor-gated.
-     */
-    #if defined(WOLF_C89) || defined(WOLF_NO_TRAILING_ENUM_COMMAS)
-        #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) _wolf_ ## prefix ## _enum_dummy_last_element
+    #ifndef HAVE_EMPTY_AGGREGATES
+        /* The C standards don't define empty aggregates, but gcc and clang do.
+         * We need to accommodate them for one of the same reasons C++ does --
+         * conditionally empty aggregates, e.g. in hash.h.
+         *
+         * Nonetheless, in C++, empty aggregates wind up with size 1.  If we use
+         * the [0] construct and the header is compiled by clang++, it warns
+         * "struct has size 0 in C, size 1 in C++ [-Wextern-c-compat]", despite
+         * the extern "C" wrapper.  We sidestep this warning by recognizing
+         * here that C++ doesn't support truly empty aggregates.  LLVM, for its part,
+         * deprecates compilation of C code as C++ using clang++.
+         */
+        #if !defined(WOLF_C89) && defined(__GNUC__) &&  \
+                !defined(__STRICT_ANSI__) &&            \
+                !defined(__cplusplus) &&                \
+                defined(HAVE_ANONYMOUS_INLINE_AGGREGATES)
+            #define HAVE_EMPTY_AGGREGATES 1
+        #endif
+    #elif ~(~HAVE_EMPTY_AGGREGATES + 1) == 1
+        /* forced on with empty value -- remap to 1 */
+        #undef HAVE_EMPTY_AGGREGATES
+        #define HAVE_EMPTY_AGGREGATES 1
+    #elif HAVE_EMPTY_AGGREGATES
+        /* forced on with explicit nonzero value -- leave as-is. */
     #else
-        #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) /* null expansion */
+        /* forced off with explicit zero value -- remap to undef. */
+        #undef HAVE_EMPTY_AGGREGATES
+    #endif
+
+    #define _WOLF_AGG_DUMMY_MEMBER_HELPER2(a, b, c) a ## b ## c
+    #define _WOLF_AGG_DUMMY_MEMBER_HELPER(a, b, c) _WOLF_AGG_DUMMY_MEMBER_HELPER2(a, b, c)
+    #ifdef HAVE_EMPTY_AGGREGATES
+        /* swallow the semicolon with a zero-sized array (language extension
+         * specific to gcc/clang).
+         */
+        #define WOLF_AGG_DUMMY_MEMBER                                          \
+            struct {                                                           \
+                PRAGMA_GCC_DIAG_PUSH                                           \
+                PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"")            \
+                PRAGMA_CLANG_DIAG_PUSH                                         \
+                PRAGMA_CLANG("clang diagnostic ignored \"-Wzero-length-array\"") \
+                byte _WOLF_AGG_DUMMY_MEMBER_HELPER(_wolf_L, __LINE__, _agg_dummy_member)[0]; \
+                PRAGMA_CLANG_DIAG_POP                                          \
+                PRAGMA_GCC_DIAG_POP                                            \
+            }
+    #else
+        /* Use a single byte with a constructed name as a dummy member -- these
+         * are the standard semantics of an empty structure in C++.
+         */
+        #define WOLF_AGG_DUMMY_MEMBER char _WOLF_AGG_DUMMY_MEMBER_HELPER(_wolf_L, __LINE__, _agg_dummy_member)
     #endif
 
     /* helpers for stringifying the expanded value of a macro argument rather
@@ -140,12 +204,26 @@ decouple library dependencies with standard string, memory and so on.
     #define _WC_STRINGIFY_L2(str) #str
     #define WC_STRINGIFY(str) _WC_STRINGIFY_L2(str)
 
+    /* With a true C89-dialect compiler (simulate with gcc -std=c89 -Wall
+     * -Wextra -pedantic), a trailing comma on the last value in an enum
+     * definition is a syntax error.  We use this macro to accommodate that
+     * without disrupting clean flow/syntax when some enum values are
+     * preprocessor-gated.
+     */
+    #if defined(WOLF_C89) || defined(WOLF_NO_TRAILING_ENUM_COMMAS)
+        #define _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER2(a, b, c, d, e) a ## b ## c ## d ## e
+        #define _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER(a, b, c, d, e) _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER2(a, b, c, d, e)
+        #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER(_wolf_, prefix, _L, __LINE__, _enum_dummy_last_element)
+    #else
+        #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) /* null expansion */
+    #endif
+
     /* try to set SIZEOF_LONG or SIZEOF_LONG_LONG if user didn't */
     #if defined(_WIN32) || defined(HAVE_LIMITS_H)
+        #include <limits.h>
         /* make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set,
          * otherwise causes issues with CTC_SETTINGS */
         #if !defined(SIZEOF_LONG_LONG) || !defined(SIZEOF_LONG)
-            #include <limits.h>
             #if !defined(SIZEOF_LONG) && defined(ULONG_MAX) && \
                     (ULONG_MAX == 0xffffffffUL)
                 #define SIZEOF_LONG 4
@@ -158,23 +236,26 @@ decouple library dependencies with standard string, memory and so on.
     #elif !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__)
         #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG)
             #if (defined(__alpha__) || defined(__ia64__) || \
-                defined(_ARCH_PPC64) || defined(__mips64) || \
+                defined(_ARCH_PPC64) || defined(__ppc64__) || \
                 defined(__x86_64__)  || defined(__s390x__ ) || \
                 ((defined(sun) || defined(__sun)) && \
                  (defined(LP64) || defined(_LP64))) || \
                 (defined(__riscv_xlen) && (__riscv_xlen == 64)) || \
-                defined(__aarch64__) || \
+                defined(__aarch64__) || defined(__mips64) || \
                 (defined(__DCC__) && (defined(__LP64) || defined(__LP64__))))
                 /* long should be 64bit */
                 #define SIZEOF_LONG 8
-            #elif defined(__i386__) || defined(__CORTEX_M3__)
+            #elif defined(__i386__) || defined(__CORTEX_M3__) || defined(__ppc__)
                 /* long long should be 64bit */
                 #define SIZEOF_LONG_LONG 8
             #endif
          #endif
     #endif
 
-    #if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
+    #if (defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \
+           defined(__BCPLUSPLUS__) || \
+           (defined(__WATCOMC__) && defined(__WATCOM_INT64__))
+        /* windows types */
         #define WORD64_AVAILABLE
         #define W64LIT(x) x##ui64
         #define SW64LIT(x) x##i64
@@ -230,7 +311,7 @@ decouple library dependencies with standard string, memory and so on.
          defined(__x86_64__) || defined(_M_X64)) || \
          defined(__aarch64__) || defined(__sparc64__) || defined(__s390x__ ) || \
         (defined(__riscv_xlen) && (__riscv_xlen == 64)) || defined(_M_ARM64) || \
-        defined(__aarch64__) || \
+        defined(__aarch64__) || defined(__ppc64__) || \
         (defined(__DCC__) && (defined(__LP64) || defined(__LP64__)))
         #define WC_64BIT_CPU
     #elif (defined(sun) || defined(__sun)) && \
@@ -246,12 +327,15 @@ decouple library dependencies with standard string, memory and so on.
 
     #if defined(NO_64BIT)
           typedef word32 wolfssl_word;
+          #define WOLFSSL_WORD_SIZE_LOG2 2
           #undef WORD64_AVAILABLE
     #else
         #ifdef WC_64BIT_CPU
           typedef word64 wolfssl_word;
+          #define WOLFSSL_WORD_SIZE_LOG2 3
         #else
           typedef word32 wolfssl_word;
+          #define WOLFSSL_WORD_SIZE_LOG2 2
           #ifdef WORD64_AVAILABLE
               #define WOLFCRYPT_SLOW_WORD64
           #endif
@@ -263,12 +347,14 @@ decouple library dependencies with standard string, memory and so on.
         #undef WORD64_AVAILABLE
     #endif
         typedef word16 wolfssl_word;
+        #define WOLFSSL_WORD_SIZE_LOG2 1
         #define MP_16BIT  /* for mp_int, mp_word needs to be twice as big as \
                            * mp_digit, no 64 bit type so make mp_digit 16 bit */
 
 #else
         #undef WORD64_AVAILABLE
         typedef word32 wolfssl_word;
+        #define WOLFSSL_WORD_SIZE_LOG2 2
         #define MP_16BIT  /* for mp_int, mp_word needs to be twice as big as \
                            * mp_digit, no 64 bit type so make mp_digit 16 bit */
 #endif
@@ -297,28 +383,10 @@ typedef struct w64wrapper {
         WOLFSSL_WORD_BITS  = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE
     };
 
+    #define WOLFSSL_MAX_8BIT  0xffU
     #define WOLFSSL_MAX_16BIT 0xffffU
     #define WOLFSSL_MAX_32BIT 0xffffffffU
 
-    #ifndef WARN_UNUSED_RESULT
-        #if defined(WOLFSSL_LINUXKM) && defined(__must_check)
-            #define WARN_UNUSED_RESULT __must_check
-        #elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \
-            (defined(__IAR_SYSTEMS_ICC__) && (__VER__ >= 9040001))
-            #define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
-        #else
-            #define WARN_UNUSED_RESULT
-        #endif
-    #endif /* WARN_UNUSED_RESULT */
-
-    #ifndef WC_MAYBE_UNUSED
-        #if (defined(__GNUC__) && (__GNUC__ >= 4)) || defined(__clang__) || defined(__IAR_SYSTEMS_ICC__)
-            #define WC_MAYBE_UNUSED __attribute__((unused))
-        #else
-            #define WC_MAYBE_UNUSED
-        #endif
-    #endif /* WC_MAYBE_UNUSED */
-
     #ifndef WC_DO_NOTHING
         #define WC_DO_NOTHING do {} while (0)
         #ifdef _MSC_VER
@@ -329,50 +397,13 @@ typedef struct w64wrapper {
         #endif
     #endif
 
-    /* use inlining if compiler allows */
-    #ifndef WC_INLINE
-    #ifndef NO_INLINE
-        #ifdef _MSC_VER
-            #define WC_INLINE __inline
-        #elif defined(__GNUC__)
-               #ifdef WOLFSSL_VXWORKS
-                   #define WC_INLINE __inline__
-               #else
-                   #define WC_INLINE inline
-               #endif
-        #elif defined(__IAR_SYSTEMS_ICC__)
-            #define WC_INLINE inline
-        #elif defined(THREADX)
-            #define WC_INLINE _Inline
-        #elif defined(__ghc__)
-            #ifndef __cplusplus
-                #define WC_INLINE __inline
-            #else
-                #define WC_INLINE inline
-            #endif
-        #elif defined(__CCRX__)
-            #define WC_INLINE inline
-        #elif defined(__DCC__)
-            #ifndef __cplusplus
-                #define WC_INLINE __inline__
-            #else
-                #define WC_INLINE inline
-            #endif
-        #else
-            #define WC_INLINE WC_MAYBE_UNUSED
-        #endif
-    #else
-        #define WC_INLINE WC_MAYBE_UNUSED
-    #endif
-    #endif
-
     #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST)
         #define INLINE WC_INLINE
     #endif
 
     /* set up rotate style */
-    #if (defined(_MSC_VER) || defined(__BCPLUSPLUS__)) && \
-        !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS)
+    #if ((defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \
+        defined(__BCPLUSPLUS__)) && !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS)
         #define INTEL_INTRINSICS
         #define FAST_ROTATE
     #elif defined(__MWERKS__) && TARGET_CPU_PPC
@@ -388,7 +419,7 @@ typedef struct w64wrapper {
 
     /* set up thread local storage if available */
     #ifdef HAVE_THREAD_LS
-        #if defined(_MSC_VER)
+        #if defined(_MSC_VER) || defined(__WATCOMC__)
             #define THREAD_LS_T __declspec(thread)
         /* Thread local storage only in FreeRTOS v8.2.1 and higher */
         #elif defined(FREERTOS) || defined(FREERTOS_TCP) || \
@@ -420,13 +451,6 @@ typedef struct w64wrapper {
         #define FALL_THROUGH
     #endif
 
-    /* Micrium will use Visual Studio for compilation but not the Win32 API */
-    #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
-        !defined(FREERTOS_TCP) && !defined(EBSNET) && \
-        !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
-        #define USE_WINDOWS_API
-    #endif
-
     #define XSTR_SIZEOF(x) (sizeof(x) - 1) /* -1 to not count the null char */
 
     #define XELEM_CNT(x) (sizeof((x))/sizeof(*(x)))
@@ -434,16 +458,6 @@ typedef struct w64wrapper {
     #define WC_SAFE_SUM_WORD32(in1, in2, out) ((in2) <= 0xffffffffU - (in1) ? \
                 ((out) = (in1) + (in2), 1) : ((out) = 0xffffffffU, 0))
 
-    /* idea to add global alloc override by Moises Guimaraes  */
-    /* default to libc stuff */
-    /* XREALLOC is used once in normal math lib, not in fast math lib */
-    /* XFREE on some embedded systems doesn't like free(0) so test for NULL
-     * explicitly.
-     *
-     * For example:
-     *   #define XFREE(p, h, t) \
-     *      {void* xp = (p); if (xp != NULL) free(xp, h, t);}
-     */
     #if defined(HAVE_IO_POOL)
         WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type);
         WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type);
@@ -504,38 +518,46 @@ typedef struct w64wrapper {
         #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
             #define XFREE(p, h, t)       m2mb_os_free(xp)
         #else
-            #define XFREE(p, h, t)       {void* xp = (p); if (xp) m2mb_os_free(xp);}
+            #define XFREE(p, h, t)       do { void* xp = (p); if (xp) m2mb_os_free(xp); } while (0)
         #endif
         #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n))
 
     #elif defined(NO_WOLFSSL_MEMORY)
         #ifdef WOLFSSL_NO_MALLOC
             /* this platform does not support heap use */
+            #ifdef WOLFSSL_SMALL_STACK
+                #error WOLFSSL_SMALL_STACK requires a heap implementation.
+            #endif
+            #ifndef WC_NO_CONSTRUCTORS
+                #define WC_NO_CONSTRUCTORS
+            #endif
             #ifdef WOLFSSL_MALLOC_CHECK
+                #ifndef NO_STDIO_FILESYSTEM
                 #include <stdio.h>
+                #endif
                 static inline void* malloc_check(size_t sz) {
                     fprintf(stderr, "wolfSSL_malloc failed");
                     return NULL;
                 };
                 #define XMALLOC(s, h, t)     ((void)(h), (void)(t), malloc_check((s)))
-                #define XFREE(p, h, t)       (void)(h); (void)(t)
+                #define XFREE(p, h, t)       do { (void)(h); (void)(t); } while (0)
                 #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), NULL)
             #else
                 #define XMALLOC(s, h, t)     ((void)(s), (void)(h), (void)(t), NULL)
-                #define XFREE(p, h, t)       (void)(p); (void)(h); (void)(t)
+                #define XFREE(p, h, t)       do { (void)(p); (void)(h); (void)(t); } while(0)
                 #define XREALLOC(p, n, h, t) ((void)(p), (void)(n), (void)(h), (void)(t), NULL)
             #endif
         #else
             /* just use plain C stdlib stuff if desired */
             #include <stdlib.h>
-            #define XMALLOC(s, h, t)     ((void)(h), (void)(t), malloc((size_t)(s)))
+            #define XMALLOC(s, h, t)     ((void)(h), (void)(t), malloc((size_t)(s))) /* native heap */
             #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
-                #define XFREE(p, h, t)       ((void)(h), (void)(t), free(p))
+                #define XFREE(p, h, t)       do { (void)(h); (void)(t); free(p); } while (0) /* native heap */
             #else
-                #define XFREE(p, h, t)       {void* xp = (p); (void)(h); if (xp) free(xp);}
+                #define XFREE(p, h, t)       do { void* xp = (p); (void)(h); if (xp) free(xp); } while (0) /* native heap */
             #endif
             #define XREALLOC(p, n, h, t) \
-                ((void)(h), (void)(t), realloc((p), (size_t)(n)))
+                ((void)(h), (void)(t), realloc((p), (size_t)(n))) /* native heap */
         #endif
 
     #elif defined(WOLFSSL_LINUXKM)
@@ -556,7 +578,7 @@ typedef struct w64wrapper {
                 #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
                     #define XFREE(p, h, t)       wolfSSL_Free(xp, h, t, __func__, __LINE__)
                 #else
-                    #define XFREE(p, h, t)       {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__);}
+                    #define XFREE(p, h, t)       do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__); } while (0)
                 #endif
                 #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__)
             #else
@@ -564,7 +586,7 @@ typedef struct w64wrapper {
                 #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
                     #define XFREE(p, h, t)       wolfSSL_Free(xp, h, t)
                 #else
-                    #define XFREE(p, h, t)       {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t);}
+                    #define XFREE(p, h, t)       do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t); } while (0)
                 #endif
                 #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
             #endif /* WOLFSSL_DEBUG_MEMORY */
@@ -576,23 +598,29 @@ typedef struct w64wrapper {
             #ifdef WOLFSSL_DEBUG_MEMORY
                 #define XMALLOC(s, h, t)     ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__))
                 #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
-                    #define XFREE(p, h, t)       ((void)(h), (void)(t), wolfSSL_Free(xp, __func__, __LINE__))
+                    #define XFREE(p, h, t)       do { (void)(h); (void)(t); wolfSSL_Free(xp, __func__, __LINE__); } while (0)
                 #else
-                    #define XFREE(p, h, t)       {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__);}
+                    #define XFREE(p, h, t)       do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__); } while (0)
                 #endif
                 #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n), __func__, __LINE__))
             #else
                 #define XMALLOC(s, h, t)     ((void)(h), (void)(t), wolfSSL_Malloc((s)))
                 #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK
-                    #define XFREE(p, h, t)       ((void)(h), (void)(t), wolfSSL_Free(p))
+                    #define XFREE(p, h, t)       do { (void)(h); (void)(t); wolfSSL_Free(p); } while (0)
                 #else
-                    #define XFREE(p, h, t)       {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp);}
+                    #define XFREE(p, h, t)       do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp); } while (0)
                 #endif
                 #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n)))
             #endif /* WOLFSSL_DEBUG_MEMORY */
         #endif /* WOLFSSL_STATIC_MEMORY */
     #endif
 
+    #if defined(WOLFSSL_SMALL_STACK) && defined(WC_NO_CONSTRUCTORS)
+        #error WOLFSSL_SMALL_STACK requires constructors.
+    #endif
+
+    #include <wolfssl/wolfcrypt/memory.h>
+
     /* declare/free variable handling for async and smallstack */
     #ifndef WC_ALLOC_DO_ON_FAILURE
         #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING
@@ -717,10 +745,10 @@ typedef struct w64wrapper {
             #include <string.h>
         #endif
 
-            #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
-            #define XMEMSET(b,c,l)    memset((b),(c),(l))
-            #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
-            #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
+        #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
+        #define XMEMSET(b,c,l)    memset((b),(c),(l))
+        #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
+        #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
 
         #define XSTRLEN(s1)       strlen((s1))
         #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
@@ -739,14 +767,15 @@ typedef struct w64wrapper {
         #endif
 
         #ifndef XSTRCASECMP
-        #if defined(MICROCHIP_PIC32) && (__XC32_VERSION >= 1000) && (__XC32_VERSION < 4000)
+        #if (defined(MICROCHIP_MPLAB_HARMONY) || defined(MICROCHIP_PIC32)) && \
+            (__XC32_VERSION >= 1000) && (__XC32_VERSION < 4000)
             /* XC32 supports str[n]casecmp in version >= 1.0 through 4.0. */
             #define XSTRCASECMP(s1,s2) strcasecmp((s1),(s2))
-        #elif defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \
-                defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24)
+        #elif defined(MICROCHIP_MPLAB_HARMONY) || defined(MICROCHIP_PIC32) || \
+              defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_ZEPHYR) || \
+              defined(MICROCHIP_PIC24)
             /* XC32 version < 1.0 does not support strcasecmp. */
             #define USE_WOLF_STRCASECMP
-            #define XSTRCASECMP(s1,s2) wc_strcasecmp(s1,s2)
         #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM)
             #define XSTRCASECMP(s1,s2) _stricmp((s1),(s2))
         #else
@@ -759,24 +788,28 @@ typedef struct w64wrapper {
             #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) \
                     || defined(WOLF_C89)
                 #define USE_WOLF_STRCASECMP
-                #define XSTRCASECMP(s1,s2) wc_strcasecmp(s1, s2)
             #elif defined(WOLF_C89)
                 #define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
             #else
                 #define XSTRCASECMP(s1,s2) strcasecmp((s1),(s2))
             #endif
         #endif
+        #ifdef USE_WOLF_STRCASECMP
+            #undef  XSTRCASECMP
+            #define XSTRCASECMP(s1,s2) wc_strcasecmp((s1), (s2))
+        #endif
         #endif /* !XSTRCASECMP */
 
         #ifndef XSTRNCASECMP
-        #if defined(MICROCHIP_PIC32) && (__XC32_VERSION >= 1000)
+        #if (defined(MICROCHIP_MPLAB_HARMONY) || defined(MICROCHIP_PIC32)) && \
+            (__XC32_VERSION >= 1000)
             /* XC32 supports str[n]casecmp in version >= 1.0. */
             #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
-        #elif defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \
-                defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24)
+        #elif defined(MICROCHIP_MPLAB_HARMONY) || defined(MICROCHIP_PIC32) || \
+              defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_ZEPHYR) || \
+              defined(MICROCHIP_PIC24)
             /* XC32 version < 1.0 does not support strncasecmp. */
             #define USE_WOLF_STRNCASECMP
-            #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp((s1),(s2),(n))
         #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM)
             #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
         #else
@@ -789,13 +822,16 @@ typedef struct w64wrapper {
             #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) \
                     || defined(WOLF_C89)
                 #define USE_WOLF_STRNCASECMP
-                #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp(s1, s2 ,n)
             #elif defined(WOLF_C89)
                 #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n))
             #else
                 #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
             #endif
         #endif
+        #ifdef USE_WOLF_STRNCASECMP
+            #undef  XSTRNCASECMP
+            #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp((s1),(s2),(n))
+        #endif
         #endif /* !XSTRNCASECMP */
 
         /* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when
@@ -804,7 +840,7 @@ typedef struct w64wrapper {
         #ifndef USE_WINDOWS_API
             #if defined(WOLFSSL_ESPIDF) && \
                 (!defined(NO_ASN_TIME) && defined(HAVE_PKCS7))
-                    #include<stdarg.h>
+                    #include <stdarg.h>
                     /* later gcc than 7.1 introduces -Wformat-truncation    */
                     /* In cases when truncation is expected the caller needs*/
                     /* to check the return value from the function so that  */
@@ -835,29 +871,38 @@ typedef struct w64wrapper {
                    have stdio.h available, so it needs its own section. */
                 #define XSNPRINTF snprintf
             #elif defined(WOLF_C89)
+                #ifndef NO_STDIO_FILESYSTEM
                 #include <stdio.h>
+                #endif
                 #define XSPRINTF sprintf
                 /* snprintf not available for C89, so remap using macro */
-                #define XSNPRINTF(f, len, ...) sprintf(f, __VA_ARGS__)
+                #ifdef WOLF_NO_VARIADIC_MACROS
+                    #error WOLF_NO_VARIADIC_MACROS requires user-supplied binding for XSNPRINTF
+                #else
+                    #define XSNPRINTF(f, len, ...) sprintf(f, __VA_ARGS__)
+                #endif
             #else
+                #ifndef NO_STDIO_FILESYSTEM
                 #include <stdio.h>
+                #endif
                 #define XSNPRINTF snprintf
             #endif
         #else
             #if defined(_MSC_VER) || defined(__CYGWIN__) || defined(__MINGW32__)
                 #if defined(_MSC_VER) && (_MSC_VER >= 1900)
                     /* Beginning with the UCRT in Visual Studio 2015 and
-                       Windows 10, snprintf is no longer identical to
-                       _snprintf. The snprintf function behavior is now
-                       C99 standard compliant. */
+                     * Windows 10, snprintf is no longer identical to
+                     * _snprintf. The snprintf function behavior is now
+                     * C99 standard compliant. */
                     #include <stdio.h>
                     #define XSNPRINTF snprintf
                 #else
                     /* 4996 warning to use MS extensions e.g., _sprintf_s
-                       instead of _snprintf */
+                     * instead of _snprintf */
                     #if !defined(__MINGW32__)
                     #pragma warning(disable: 4996)
                     #endif
+                    #include <stdarg.h>
                     static WC_INLINE
                     int xsnprintf(char *buffer, size_t bufsize,
                             const char *format, ...) {
@@ -886,6 +931,13 @@ typedef struct w64wrapper {
             /* use only Thread Safe version of strtok */
             #if defined(USE_WOLF_STRTOK)
                 #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
+            #elif defined(__WATCOMC__)
+                #if __WATCOMC__ < 1300
+                    #define USE_WOLF_STRTOK
+                    #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
+                #else
+                    #define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr))
+                #endif
             #elif defined(USE_WINDOWS_API) || defined(INTIME_RTOS)
                 #define XSTRTOK(s1,d,ptr) strtok_s((s1),(d),(ptr))
             #else
@@ -957,7 +1009,7 @@ typedef struct w64wrapper {
         #endif
         #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
         #define XISALNUM(c)     isalnum((c))
-        #ifdef NO_STDLIB_ISASCII
+        #if !defined(HAVE_ISASCII) || defined(NO_STDLIB_ISASCII)
             #define XISASCII(c) (((c) >= 0 && (c) <= 127) ? 1 : 0)
         #else
             #define XISASCII(c) isascii((c))
@@ -968,11 +1020,14 @@ typedef struct w64wrapper {
         #define XTOLOWER(c)      tolower((c))
     #endif
 
-    #ifndef OFFSETOF
+    #ifndef WC_OFFSETOF
         #if defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 4))
-            #define OFFSETOF(type, field) __builtin_offsetof(type, field)
+            #define WC_OFFSETOF(type, field) __builtin_offsetof(type, field)
+        #elif defined(__WATCOMC__)
+            #include <stddef.h>
+            #define WC_OFFSETOF    offsetof
         #else
-            #define OFFSETOF(type, field) ((size_t)&(((type *)0)->field))
+            #define WC_OFFSETOF(type, field) ((size_t)&(((type *)0)->field))
         #endif
     #endif
 
@@ -1080,15 +1135,19 @@ typedef struct w64wrapper {
         DYNAMIC_TYPE_DEBUG_TAG    = 100,
         DYNAMIC_TYPE_LMS          = 101,
         DYNAMIC_TYPE_BIO          = 102,
-        DYNAMIC_TYPE_SNIFFER_SERVER      = 1000,
-        DYNAMIC_TYPE_SNIFFER_SESSION     = 1001,
-        DYNAMIC_TYPE_SNIFFER_PB          = 1002,
-        DYNAMIC_TYPE_SNIFFER_PB_BUFFER   = 1003,
-        DYNAMIC_TYPE_SNIFFER_TICKET_ID   = 1004,
-        DYNAMIC_TYPE_SNIFFER_NAMED_KEY   = 1005,
-        DYNAMIC_TYPE_SNIFFER_KEY         = 1006,
-        DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007,
-        DYNAMIC_TYPE_AES_EAX = 1008,
+        DYNAMIC_TYPE_X509_ACERT   = 103,
+        DYNAMIC_TYPE_OS_BUF       = 104,
+        DYNAMIC_TYPE_ASCON        = 105,
+        DYNAMIC_TYPE_SNIFFER_SERVER       = 1000,
+        DYNAMIC_TYPE_SNIFFER_SESSION      = 1001,
+        DYNAMIC_TYPE_SNIFFER_PB           = 1002,
+        DYNAMIC_TYPE_SNIFFER_PB_BUFFER    = 1003,
+        DYNAMIC_TYPE_SNIFFER_TICKET_ID    = 1004,
+        DYNAMIC_TYPE_SNIFFER_NAMED_KEY    = 1005,
+        DYNAMIC_TYPE_SNIFFER_KEY          = 1006,
+        DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE  = 1007,
+        DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER = 1008,
+        DYNAMIC_TYPE_AES_EAX = 1009
     };
 
     /* max error buffer string size */
@@ -1112,8 +1171,9 @@ typedef struct w64wrapper {
         WC_ALGO_TYPE_SEED = 5,
         WC_ALGO_TYPE_HMAC = 6,
         WC_ALGO_TYPE_CMAC = 7,
+        WC_ALGO_TYPE_CERT = 8,
 
-        WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_CMAC
+        WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_CERT
     };
 
     /* hash types */
@@ -1196,6 +1256,16 @@ typedef struct w64wrapper {
     #endif /* HAVE_SELFTEST */
     };
 
+    enum wc_HashFlags {
+        WC_HASH_FLAG_NONE =     0x00000000,
+        WC_HASH_FLAG_WILLCOPY = 0x00000001, /* flag to indicate hash will be copied */
+        WC_HASH_FLAG_ISCOPY =   0x00000002, /* hash is copy */
+    #ifdef WOLFSSL_SHA3
+        WC_HASH_SHA3_KECCAK256 =0x00010000, /* Older KECCAK256 */
+    #endif
+        WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_HASH)
+    };
+
     /* cipher types */
     enum wc_CipherType {
         WC_CIPHER_NONE = 0,
@@ -1235,7 +1305,7 @@ typedef struct w64wrapper {
         WC_PK_TYPE_CURVE25519_KEYGEN = 16,
         WC_PK_TYPE_RSA_GET_SIZE = 17,
         #define _WC_PK_TYPE_MAX WC_PK_TYPE_RSA_GET_SIZE
-    #if defined(WOLFSSL_HAVE_KYBER)
+    #if defined(WOLFSSL_HAVE_MLKEM)
         WC_PK_TYPE_PQC_KEM_KEYGEN = 18,
         WC_PK_TYPE_PQC_KEM_ENCAPS = 19,
         WC_PK_TYPE_PQC_KEM_DECAPS = 20,
@@ -1250,15 +1320,18 @@ typedef struct w64wrapper {
         #undef _WC_PK_TYPE_MAX
         #define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY
     #endif
+        WC_PK_TYPE_RSA_PKCS = 25,
+        WC_PK_TYPE_RSA_PSS = 26,
+        WC_PK_TYPE_RSA_OAEP = 27,
         WC_PK_TYPE_MAX = _WC_PK_TYPE_MAX
     };
 
-#if defined(WOLFSSL_HAVE_KYBER)
+#if defined(WOLFSSL_HAVE_MLKEM)
     /* Post quantum KEM algorithms */
     enum wc_PqcKemType {
         WC_PQC_KEM_TYPE_NONE = 0,
         #define _WC_PQC_KEM_TYPE_MAX WC_PQC_KEM_TYPE_NONE
-    #if defined(WOLFSSL_HAVE_KYBER)
+    #if defined(WOLFSSL_HAVE_MLKEM)
         WC_PQC_KEM_TYPE_KYBER = 1,
         #undef _WC_PQC_KEM_TYPE_MAX
         #define _WC_PQC_KEM_TYPE_MAX WC_PQC_KEM_TYPE_KYBER
@@ -1419,7 +1492,7 @@ typedef struct w64wrapper {
     #endif
 
     #ifdef SINGLE_THREADED
-        #if defined(WC_32BIT_CPU)
+        #if defined(WC_32BIT_CPU) || defined(HAVE_STACK_SIZE)
             typedef void*        THREAD_RETURN;
         #else
             typedef unsigned int THREAD_RETURN;
@@ -1440,6 +1513,47 @@ typedef struct w64wrapper {
          * wolfSSL_JoinThread() and wolfSSL_Cond signaling if they want.
          * Otherwise, those functions are omitted.
         */
+    #elif defined(__WATCOMC__)
+        #if __WATCOMC__ < 1300
+            #define _WCCALLBACK
+        #endif
+        #if defined(__NT__)
+            typedef unsigned      THREAD_RETURN;
+            typedef uintptr_t     THREAD_TYPE;
+            typedef struct COND_TYPE {
+                wolfSSL_Mutex mutex;
+                HANDLE cond;
+            } COND_TYPE;
+            #define WOLFSSL_COND
+            #define INVALID_THREAD_VAL ((THREAD_TYPE)(INVALID_HANDLE_VALUE))
+            #define WOLFSSL_THREAD __stdcall
+            #define WOLFSSL_THREAD_NO_JOIN _WCCALLBACK
+        #elif defined(__OS2__)
+            #define WOLFSSL_THREAD_VOID_RETURN
+            typedef void          THREAD_RETURN;
+            typedef TID           THREAD_TYPE;
+            typedef struct COND_TYPE {
+                wolfSSL_Mutex mutex;
+                LHANDLE cond;
+            } COND_TYPE;
+            #define WOLFSSL_COND
+            #define INVALID_THREAD_VAL ((THREAD_TYPE)(-1))
+            #define WOLFSSL_THREAD _WCCALLBACK
+            #define WOLFSSL_THREAD_NO_JOIN _WCCALLBACK
+        #elif defined(__LINUX__)
+            #include <pthread.h>
+            typedef struct COND_TYPE {
+                pthread_mutex_t mutex;
+                pthread_cond_t cond;
+            } COND_TYPE;
+            typedef void*         THREAD_RETURN;
+            typedef pthread_t     THREAD_TYPE;
+            #define WOLFSSL_COND
+            #define WOLFSSL_THREAD
+            #ifndef HAVE_SELFTEST
+                #define WOLFSSL_THREAD_NO_JOIN
+            #endif
+        #endif
     #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) || \
           defined(FREESCALE_MQX)
         typedef unsigned int  THREAD_RETURN;
@@ -1458,7 +1572,8 @@ typedef struct w64wrapper {
         typedef void            THREAD_RETURN;
         #define WOLFSSL_THREAD_VOID_RETURN
         typedef struct {
-            struct k_thread tid;
+            /* Zephyr k_thread can be large, > 128 bytes. */
+            struct k_thread* tid;
             k_thread_stack_t* threadStack;
         } THREAD_TYPE;
         #define WOLFSSL_THREAD
@@ -1477,18 +1592,19 @@ typedef struct w64wrapper {
         typedef size_t        THREAD_TYPE;
         #define WOLFSSL_THREAD
     #elif defined(WOLFSSL_PTHREADS)
-        #ifndef __MACH__
-            #include <pthread.h>
-            typedef struct COND_TYPE {
-                pthread_mutex_t mutex;
-                pthread_cond_t cond;
-            } COND_TYPE;
-        #else
+        #if defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 \
+            && !defined(__ppc__)
             #include <dispatch/dispatch.h>
             typedef struct COND_TYPE {
                 wolfSSL_Mutex mutex;
                 dispatch_semaphore_t cond;
             } COND_TYPE;
+        #else
+            #include <pthread.h>
+            typedef struct COND_TYPE {
+                pthread_mutex_t mutex;
+                pthread_cond_t cond;
+            } COND_TYPE;
         #endif
         typedef void*         THREAD_RETURN;
         typedef pthread_t     THREAD_TYPE;
@@ -1518,6 +1634,10 @@ typedef struct w64wrapper {
         #if !defined(__MINGW32__)
             #define WOLFSSL_THREAD_NO_JOIN __cdecl
         #endif
+    #elif defined(THREADX)
+        typedef unsigned int   THREAD_RETURN;
+        typedef TX_THREAD      THREAD_TYPE;
+        #define WOLFSSL_THREAD
     #else
         typedef unsigned int  THREAD_RETURN;
         typedef size_t        THREAD_TYPE;
@@ -1546,8 +1666,6 @@ typedef struct w64wrapper {
          *                      to check if the value is an invalid thread
          * WOLFSSL_THREAD - attribute that should be used to declare thread
          *                  callbacks
-         * WOLFSSL_THREAD_NO_JOIN - attribute that should be used to declare
-         *                          thread callbacks that don't require cleanup
          * WOLFSSL_COND - defined if this system supports signaling
          * COND_TYPE - type that should be passed into the signaling API
          * WOLFSSL_THREAD_VOID_RETURN - defined if the thread callback has a
@@ -1555,8 +1673,16 @@ typedef struct w64wrapper {
          * WOLFSSL_RETURN_FROM_THREAD - define used to correctly return from a
          *                              thread callback
          * THREAD_CB - thread callback type for regular threading API
-         * THREAD_CB_NOJOIN - thread callback type for threading API that don't
+         *
+         * WOLFSSL_THREAD_NO_JOIN - attribute used to declare thread callbacks
+         *                          that do not require cleanup
+         * THREAD_CB_NOJOIN - thread callback type for thread APIs that do not
          *                    require cleanup
+         * THREAD_RETURN_NOJOIN - return type used to declare thread callbacks
+         *                        that do not require cleanup
+         * RETURN_FROM_THREAD_NOJOIN - define used to correctly return from
+         *                             a thread callback that do not require
+         *                             cleanup
          *
          * Other defines/types are specific for the threading implementation
          */
@@ -1579,8 +1705,17 @@ typedef struct w64wrapper {
             /* Create a thread that will be automatically cleaned up. We can't
              * return a handle/pointer to the new thread because there are no
              * guarantees for how long it will be valid. */
-            typedef THREAD_RETURN (WOLFSSL_THREAD_NO_JOIN *THREAD_CB_NOJOIN)
-                    (void* arg);
+            #if defined(WOLFSSL_PTHREADS)
+                #define THREAD_CB_NOJOIN        THREAD_CB
+                #define THREAD_RETURN_NOJOIN    THREAD_RETURN
+                #define RETURN_FROM_THREAD_NOJOIN(x) \
+                    WOLFSSL_RETURN_FROM_THREAD(x)
+            #else
+                #define THREAD_RETURN_NOJOIN    void
+                typedef THREAD_RETURN_NOJOIN
+                    (WOLFSSL_THREAD_NO_JOIN *THREAD_CB_NOJOIN)(void* arg);
+                #define RETURN_FROM_THREAD_NOJOIN(x)    return
+            #endif
             WOLFSSL_API int wolfSSL_NewThreadNoJoin(THREAD_CB_NOJOIN cb,
                     void* arg);
         #endif
@@ -1671,23 +1806,81 @@ typedef struct w64wrapper {
         #define PRAGMA_DIAG_POP /* null expansion */
     #endif
 
+    #define WC_CPP_CAT4_(a, b, c, d) a ## b ## c ## d
+    #define WC_CPP_CAT4(a, b, c, d) WC_CPP_CAT4_(a, b, c, d)
+    #if defined(WC_NO_STATIC_ASSERT)
+        #define wc_static_assert(expr) struct wc_static_assert_dummy_struct
+        #define wc_static_assert2(expr, msg) wc_static_assert(expr)
+    #elif !defined(wc_static_assert)
+        #if defined(WOLFSSL_HAVE_ASSERT_H) && !defined(WOLFSSL_NO_ASSERT_H)
+            #include <assert.h>
+        #endif
+        #if (defined(__cplusplus) && (__cplusplus >= 201703L)) || \
+               (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 202311L)) || \
+               (defined(_MSVC_LANG) && (__cpp_static_assert >= 201411L))
+            /* native variadic static_assert() */
+            #define wc_static_assert static_assert
+            #ifndef wc_static_assert2
+                #define wc_static_assert2 static_assert
+            #endif
+        #elif (defined(_MSC_VER) && (__STDC_VERSION__ >= 201112L)) || \
+              (defined(_MSVC_LANG) && (__cpp_static_assert >= 200410L))
+            /* native 2-argument static_assert() */
+            #define wc_static_assert(expr) static_assert(expr, #expr)
+            #ifndef wc_static_assert2
+                #define wc_static_assert2(expr, msg) static_assert(expr, msg)
+            #endif
+        #elif !defined(__cplusplus) &&              \
+                !defined(__STRICT_ANSI__) &&        \
+                !defined(WOLF_C89) &&               \
+                defined(__STDC_VERSION__) &&        \
+                (__STDC_VERSION__ >= 201112L) &&    \
+                ((defined(__GNUC__) &&              \
+                  (__GNUC__ >= 5)) ||               \
+                 defined(__clang__))
+            /* native 2-argument _Static_assert() */
+            #define wc_static_assert(expr) _Static_assert(expr, #expr)
+            #ifndef wc_static_assert2
+                #define wc_static_assert2(expr, msg) _Static_assert(expr, msg)
+            #endif
+        #else
+            #ifdef __COUNTER__
+                #define wc_static_assert(expr)                          \
+                    struct WC_CPP_CAT4(wc_static_assert_dummy_struct_L, \
+                                       __LINE__, _, __COUNTER__) {      \
+                        char t[(expr) ? 1 : -1];                        \
+                    }
+            #else
+                #define wc_static_assert(expr) \
+                        struct wc_static_assert_dummy_struct
+            #endif
+            #ifndef wc_static_assert2
+                #define wc_static_assert2(expr, msg) wc_static_assert(expr)
+            #endif
+        #endif
+    #elif !defined(wc_static_assert2)
+         #define wc_static_assert2(expr, msg) wc_static_assert(expr)
+    #endif
+
     #ifndef SAVE_VECTOR_REGISTERS
-        #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
+        #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #endif
     #ifndef SAVE_VECTOR_REGISTERS2
         #define SAVE_VECTOR_REGISTERS2() 0
+        #define SAVE_VECTOR_REGISTERS2_DOES_NOTHING
     #endif
     #ifndef CAN_SAVE_VECTOR_REGISTERS
         #define CAN_SAVE_VECTOR_REGISTERS() 1
+        #define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE
     #endif
     #ifndef WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL
         #define WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(x) WC_DO_NOTHING
     #endif
     #ifndef ASSERT_SAVED_VECTOR_REGISTERS
-        #define ASSERT_SAVED_VECTOR_REGISTERS(...) WC_DO_NOTHING
+        #define ASSERT_SAVED_VECTOR_REGISTERS() WC_DO_NOTHING
     #endif
     #ifndef ASSERT_RESTORED_VECTOR_REGISTERS
-        #define ASSERT_RESTORED_VECTOR_REGISTERS(...) WC_DO_NOTHING
+        #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
     #endif
     #ifndef RESTORE_VECTOR_REGISTERS
         #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h
index 30a19e2d6..fc7e485af 100644
--- a/wolfssl/wolfcrypt/visibility.h
+++ b/wolfssl/wolfcrypt/visibility.h
@@ -1,6 +1,6 @@
 /* visibility.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -33,7 +33,7 @@
 
 #if defined(BUILDING_WOLFSSL)
     #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
-        defined(_WIN32_WCE)
+        defined(_WIN32_WCE) || defined(__WATCOMC__)
         #if defined(WOLFSSL_DLL)
             #define WOLFSSL_API __declspec(dllexport)
         #else
@@ -50,8 +50,21 @@
         #define WOLFSSL_API
         #define WOLFSSL_LOCAL
     #endif /* HAVE_VISIBILITY */
-#else /* BUILDING_WOLFSSL */
-    #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
+
+    #ifdef WOLFSSL_PRIVATE_TEST_VIS
+        #define WOLFSSL_TEST_VIS WOLFSSL_LOCAL
+    #else
+        #define WOLFSSL_TEST_VIS WOLFSSL_API
+    #endif
+#else /* !BUILDING_WOLFSSL */
+    #if defined(__WATCOMC__)
+        #if defined(WOLFSSL_DLL) && defined(__NT__)
+            #define WOLFSSL_API __declspec(dllimport)
+        #else
+            #define WOLFSSL_API
+        #endif
+        #define WOLFSSL_LOCAL
+    #elif defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
         defined(_WIN32_WCE)
         #if defined(WOLFSSL_DLL)
             #define WOLFSSL_API __declspec(dllimport)
@@ -63,7 +76,17 @@
         #define WOLFSSL_API
         #define WOLFSSL_LOCAL
     #endif
-#endif /* BUILDING_WOLFSSL */
+
+    #if defined(WOLFSSL_VIS_FOR_TESTS)
+        #ifdef WOLFSSL_PRIVATE_TEST_VIS
+            #error WOLFSSL_VIS_FOR_TESTS is unavailable in WOLFSSL_PRIVATE_TEST_VIS builds.
+        #endif
+        #define WOLFSSL_TEST_VIS WOLFSSL_API
+    #else
+        #define WOLFSSL_TEST_VIS WOLFSSL_API WC_DEPRECATED("internal use only")
+    #endif
+
+#endif /* !BUILDING_WOLFSSL */
 
 /* WOLFSSL_ABI is used for public API symbols that must not change
  * their signature. This tag is used for all APIs that are a
diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h
index e3cf9ad07..4dfc84c08 100644
--- a/wolfssl/wolfcrypt/wc_encrypt.h
+++ b/wolfssl/wolfcrypt/wc_encrypt.h
@@ -1,6 +1,6 @@
 /* wc_encrypt.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/wc_kyber.h b/wolfssl/wolfcrypt/wc_kyber.h
deleted file mode 100644
index 549128573..000000000
--- a/wolfssl/wolfcrypt/wc_kyber.h
+++ /dev/null
@@ -1,283 +0,0 @@
-/* wc_kyber.h
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-/*!
-    \file wolfssl/wolfcrypt/wc_kyber.h
-*/
-
-
-#ifndef WOLF_CRYPT_WC_KYBER_H
-#define WOLF_CRYPT_WC_KYBER_H
-
-#include <wolfssl/wolfcrypt/types.h>
-#include <wolfssl/wolfcrypt/random.h>
-#include <wolfssl/wolfcrypt/sha3.h>
-#include <wolfssl/wolfcrypt/kyber.h>
-
-#ifdef WOLFSSL_HAVE_KYBER
-
-#ifdef noinline
-    #define KYBER_NOINLINE noinline
-#elif defined(_MSC_VER)
-    #define KYBER_NOINLINE __declspec(noinline)
-#elif defined(__GNUC__)
-    #define KYBER_NOINLINE __attribute__((noinline))
-#else
-    #define KYBER_NOINLINE
-#endif
-
-/* Define algorithm type when not excluded. */
-
-#ifndef WOLFSSL_NO_KYBER512
-#define WOLFSSL_KYBER512
-#endif
-#ifndef WOLFSSL_NO_KYBER768
-#define WOLFSSL_KYBER768
-#endif
-#ifndef WOLFSSL_NO_KYBER1024
-#define WOLFSSL_KYBER1024
-#endif
-
-enum {
-    /* Flags of Kyber keys. */
-    KYBER_FLAG_PRIV_SET = 0x0001,
-    KYBER_FLAG_PUB_SET  = 0x0002,
-    KYBER_FLAG_BOTH_SET = 0x0003,
-    KYBER_FLAG_H_SET    = 0x0004,
-
-    /* 2 bits of random used to create noise value. */
-    KYBER_CBD_ETA2          = 2,
-    /* 3 bits of random used to create noise value. */
-    KYBER_CBD_ETA3          = 3,
-
-    /* Number of bits to compress to. */
-    KYBER_COMP_4BITS    =  4,
-    KYBER_COMP_5BITS    =  5,
-    KYBER_COMP_10BITS   = 10,
-    KYBER_COMP_11BITS   = 11,
-};
-
-
-/* SHAKE128 rate. */
-#define XOF_BLOCK_SIZE      168
-
-/* Modulus of co-efficients of polynomial. */
-#define KYBER_Q             3329
-
-
-/* Kyber-512 parameters */
-#ifdef WOLFSSL_KYBER512
-/* Number of bits of random to create noise from. */
-#define KYBER512_ETA1       KYBER_CBD_ETA3
-#endif /* WOLFSSL_KYBER512 */
-
-/* Kyber-768 parameters */
-#ifdef WOLFSSL_KYBER768
-/* Number of bits of random to create noise from. */
-#define KYBER768_ETA1       KYBER_CBD_ETA2
-#endif /* WOLFSSL_KYBER768 */
-
-/* Kyber-1024 parameters */
-#ifdef WOLFSSL_KYBER1024
-/* Number of bits of random to create noise from. */
-#define KYBER1024_ETA1      KYBER_CBD_ETA2
-#endif /* WOLFSSL_KYBER1024 */
-
-
-
-/* The data type of the pseudo-random function. */
-#define KYBER_PRF_T     wc_Shake
-
-/* Kyber key. */
-struct KyberKey {
-    /* Type of key: KYBER512, KYBER768, KYBER1024 */
-    int type;
-    /* Dynamic memory allocation hint. */
-    void* heap;
-#if defined(WOLF_CRYPTO_CB)
-    /* Device Id. */
-    int devId;
-#endif
-    /* Flags indicating what is stored in the key. */
-    int flags;
-
-    /* A pseudo-random function object. */
-    KYBER_PRF_T prf;
-
-    /* Private key as a vector. */
-    sword16 priv[KYBER_MAX_K * KYBER_N];
-    /* Public key as a vector. */
-    sword16 pub[KYBER_MAX_K * KYBER_N];
-    /* Public seed. */
-    byte pubSeed[KYBER_SYM_SZ];
-    /* Public hash - hash of encoded public key. */
-    byte h[KYBER_SYM_SZ];
-    /* Randomizer for decapsulation. */
-    byte z[KYBER_SYM_SZ];
-};
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-WOLFSSL_LOCAL
-void kyber_init(void);
-WOLFSSL_LOCAL
-void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a,
-    int kp);
-WOLFSSL_LOCAL
-void kyber_encapsulate(const sword16* pub, sword16* bp, sword16* v,
-    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
-    const sword16* m, int kp);
-WOLFSSL_LOCAL
-void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp,
-    const sword16* v, int kp);
-
-WOLFSSL_LOCAL
-int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed,
-    int transposed);
-WOLFSSL_LOCAL
-int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, sword16* vec2,
-    sword16* poly, byte* seed);
-
-#ifdef USE_INTEL_SPEEDUP
-WOLFSSL_LOCAL
-int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen);
-#endif
-WOLFSSL_LOCAL
-void kyber_prf_init(KYBER_PRF_T* prf);
-WOLFSSL_LOCAL
-int kyber_prf_new(KYBER_PRF_T* prf, void* heap, int devId);
-WOLFSSL_LOCAL
-void kyber_prf_free(KYBER_PRF_T* prf);
-
-WOLFSSL_LOCAL
-int kyber_cmp(const byte* a, const byte* b, int sz);
-
-WOLFSSL_LOCAL
-void kyber_vec_compress_10(byte* r, sword16* v, unsigned int kp);
-WOLFSSL_LOCAL
-void kyber_vec_compress_11(byte* r, sword16* v);
-WOLFSSL_LOCAL
-void kyber_vec_decompress_10(sword16* v, const unsigned char* b,
-    unsigned int kp);
-WOLFSSL_LOCAL
-void kyber_vec_decompress_11(sword16* v, const unsigned char* b);
-
-WOLFSSL_LOCAL
-void kyber_compress_4(byte* b, sword16* p);
-WOLFSSL_LOCAL
-void kyber_compress_5(byte* b, sword16* p);
-WOLFSSL_LOCAL
-void kyber_decompress_4(sword16* p, const unsigned char* b);
-WOLFSSL_LOCAL
-void kyber_decompress_5(sword16* p, const unsigned char* b);
-
-WOLFSSL_LOCAL
-void kyber_from_msg(sword16* p, const byte* msg);
-WOLFSSL_LOCAL
-void kyber_to_msg(byte* msg, sword16* p);
-WOLFSSL_LOCAL
-void kyber_from_bytes(sword16* p, const byte* b, int k);
-WOLFSSL_LOCAL
-void kyber_to_bytes(byte* b, sword16* p, int k);
-
-#ifdef USE_INTEL_SPEEDUP
-WOLFSSL_LOCAL
-void kyber_keygen_avx2(sword16* priv, sword16* pub, sword16* e,
-    const sword16* a, int kp);
-WOLFSSL_LOCAL
-void kyber_encapsulate_avx2(const sword16* pub, sword16* bp, sword16* v,
-    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
-    const sword16* m, int kp);
-WOLFSSL_LOCAL
-void kyber_decapsulate_avx2(const sword16* priv, sword16* mp, sword16* bp,
-    const sword16* v, int kp);
-
-WOLFSSL_LOCAL
-unsigned int kyber_rej_uniform_n_avx2(sword16* p, unsigned int len,
-    const byte* r, unsigned int rLen);
-WOLFSSL_LOCAL
-unsigned int kyber_rej_uniform_avx2(sword16* p, unsigned int len, const byte* r,
-    unsigned int rLen);
-WOLFSSL_LOCAL
-void kyber_redistribute_21_rand_avx2(const word64* s, byte* r0, byte* r1,
-    byte* r2, byte* r3);
-void kyber_redistribute_17_rand_avx2(const word64* s, byte* r0, byte* r1,
-    byte* r2, byte* r3);
-void kyber_redistribute_16_rand_avx2(const word64* s, byte* r0, byte* r1,
-    byte* r2, byte* r3);
-void kyber_redistribute_8_rand_avx2(const word64* s, byte* r0, byte* r1,
-    byte* r2, byte* r3);
-
-WOLFSSL_LOCAL
-void kyber_sha3_blocksx4_avx2(word64* s);
-WOLFSSL_LOCAL
-void kyber_sha3_128_blocksx4_seed_avx2(word64* s, byte* seed);
-WOLFSSL_LOCAL
-void kyber_sha3_256_blocksx4_seed_avx2(word64* s, byte* seed);
-
-WOLFSSL_LOCAL
-void kyber_cbd_eta2_avx2(sword16* p, const byte* r);
-WOLFSSL_LOCAL
-void kyber_cbd_eta3_avx2(sword16* p, const byte* r);
-
-WOLFSSL_LOCAL
-void kyber_from_msg_avx2(sword16* p, const byte* msg);
-WOLFSSL_LOCAL
-void kyber_to_msg_avx2(byte* msg, sword16* p);
-
-WOLFSSL_LOCAL
-void kyber_from_bytes_avx2(sword16* p, const byte* b);
-WOLFSSL_LOCAL
-void kyber_to_bytes_avx2(byte* b, sword16* p);
-
-WOLFSSL_LOCAL
-void kyber_compress_10_avx2(byte* r, const sword16* p, int n);
-WOLFSSL_LOCAL
-void kyber_decompress_10_avx2(sword16* p, const byte* r, int n);
-WOLFSSL_LOCAL
-void kyber_compress_11_avx2(byte* r, const sword16* p, int n);
-WOLFSSL_LOCAL
-void kyber_decompress_11_avx2(sword16* p, const byte* r, int n);
-
-WOLFSSL_LOCAL
-void kyber_compress_4_avx2(byte* r, const sword16* p);
-WOLFSSL_LOCAL
-void kyber_decompress_4_avx2(sword16* p, const byte* r);
-WOLFSSL_LOCAL
-void kyber_compress_5_avx2(byte* r, const sword16* p);
-WOLFSSL_LOCAL
-void kyber_decompress_5_avx2(sword16* p, const byte* r);
-
-
-WOLFSSL_LOCAL
-int kyber_cmp_avx2(const byte* a, const byte* b, int sz);
-#endif
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* WOLFSSL_HAVE_KYBER */
-
-#endif /* WOLF_CRYPT_WC_KYBER_H */
-
diff --git a/wolfssl/wolfcrypt/wc_lms.h b/wolfssl/wolfcrypt/wc_lms.h
index 6f90eaa3b..a4880a95d 100644
--- a/wolfssl/wolfcrypt/wc_lms.h
+++ b/wolfssl/wolfcrypt/wc_lms.h
@@ -1,6 +1,6 @@
 /* wc_lms.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -88,6 +88,8 @@
 #ifndef WC_LMS_H
 #define WC_LMS_H
 
+#include <wolfssl/wolfcrypt/types.h>
+
 #if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS)
 
 #include <wolfssl/wolfcrypt/lms.h>
@@ -134,6 +136,9 @@
 /* Length of numeric types when encoding. */
 #define LMS_TYPE_LEN                4
 
+/* Size of digest output when truncatint SHA-256 to 192 bits. */
+#define WC_SHA256_192_DIGEST_SIZE   24
+
 /* Maximum size of a node hash. */
 #define LMS_MAX_NODE_LEN            WC_SHA256_DIGEST_SIZE
 /* Maximum size of SEED (produced by hash). */
@@ -142,8 +147,6 @@
  * Value of P when N=32 and W=1.
  */
 #define LMS_MAX_P                   265
-/* Length of SEED and I in bytes. */
-#define LMS_SEED_I_LEN              (LMS_SEED_LEN + LMS_I_LEN)
 
 
 #ifndef WOLFSSL_LMS_ROOT_LEVELS
@@ -192,33 +195,32 @@
     (HSS_COMPRESS_PARAM_SET_LEN * HSS_MAX_LEVELS)
 
 /* Private key length for one level. */
-#define LMS_PRIV_LEN                \
-    (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN)
+#define LMS_PRIV_LEN(hLen)          \
+    (LMS_Q_LEN + (hLen) + LMS_I_LEN)
 /* Public key length in signature. */
-#define LMS_PUBKEY_LEN              \
-    (LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN + LMS_MAX_NODE_LEN)
+#define LMS_PUBKEY_LEN(hLen)        \
+    (LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN + (hLen))
 
 /* LMS signature data length. */
-#define LMS_SIG_LEN(h, p)                                                   \
-    (LMS_Q_LEN + LMS_TYPE_LEN + LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN + \
-     LMS_TYPE_LEN + (h) * LMS_MAX_NODE_LEN)
+#define LMS_SIG_LEN(h, p, hLen)                                                \
+    (LMS_Q_LEN + LMS_TYPE_LEN + (hLen) + (p) * (hLen) + LMS_TYPE_LEN +         \
+     (h) * (hLen))
 
 /* Length of public key. */
-#define HSS_PUBLIC_KEY_LEN          (LMS_L_LEN + LMS_PUBKEY_LEN)
+#define HSS_PUBLIC_KEY_LEN(hLen)        (LMS_L_LEN + LMS_PUBKEY_LEN(hLen))
 /* Length of private key. */
-#define HSS_PRIVATE_KEY_LEN         \
-    (HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + LMS_SEED_LEN + LMS_I_LEN)
+#define HSS_PRIVATE_KEY_LEN(hLen)   \
+    (HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + (hLen) + LMS_I_LEN)
 /* Maximum public key length - length is constant for all parameters. */
-#define HSS_MAX_PRIVATE_KEY_LEN     HSS_PRIVATE_KEY_LEN
+#define HSS_MAX_PRIVATE_KEY_LEN     HSS_PRIVATE_KEY_LEN(LMS_MAX_NODE_LEN)
 /* Maximum private key length - length is constant for all parameters. */
-#define HSS_MAX_PUBLIC_KEY_LEN      HSS_PUBLIC_KEY_LEN
+#define HSS_MAX_PUBLIC_KEY_LEN      HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN)
 /* Maximum signature length. */
 #define HSS_MAX_SIG_LEN                                                        \
     (LMS_TYPE_LEN +                                                            \
      LMS_MAX_LEVELS * (LMS_Q_LEN + LMS_TYPE_LEN + LMS_TYPE_LEN +               \
                        LMS_MAX_NODE_LEN * (1 + LMS_MAX_P + LMS_MAX_HEIGHT)) +  \
-     (LMS_MAX_LEVELS - 1) * LMS_PUBKEY_LEN                                     \
-     )
+     (LMS_MAX_LEVELS - 1) * LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN))
 
 /* Maximum buffer length required for use when hashing. */
 #define LMS_MAX_BUFFER_LEN          \
@@ -229,20 +231,20 @@
  *
  * HSSPrivKey.priv
  */
-#define LMS_PRIV_KEY_LEN(l) \
-    ((l) * LMS_PRIV_LEN)
+#define LMS_PRIV_KEY_LEN(l, hLen)           \
+    ((l) * LMS_PRIV_LEN(hLen))
 
 /* Stack of nodes. */
-#define LMS_STACK_CACHE_LEN(h)              \
-     (((h) + 1) * LMS_MAX_NODE_LEN)
+#define LMS_STACK_CACHE_LEN(h, hLen)        \
+     (((h) + 1) * (hLen))
 
 /* Root cache length. */
-#define LMS_ROOT_CACHE_LEN(rl)              \
-    (((1 << (rl)) - 1) * LMS_MAX_NODE_LEN)
+#define LMS_ROOT_CACHE_LEN(rl, hLen)        \
+    (((1 << (rl)) - 1) * (hLen))
 
 /* Leaf cache length. */
-#define LMS_LEAF_CACHE_LEN(cb)              \
-    ((1 << (cb)) * LMS_MAX_NODE_LEN)
+#define LMS_LEAF_CACHE_LEN(cb, hLen)        \
+    ((1 << (cb)) * (hLen))
 
 /* Length of LMS private key state.
  *
@@ -252,75 +254,103 @@
  *   stack.stack + stack.offset +
  *   cache.leaf + cache.index + cache.offset
  */
-#define LMS_PRIV_STATE_LEN(h, rl, cb)   \
-    (((h) * LMS_MAX_NODE_LEN) +         \
-     LMS_STACK_CACHE_LEN(h) + 4 +       \
-     LMS_ROOT_CACHE_LEN(rl) +           \
-     LMS_LEAF_CACHE_LEN(cb) + 4 + 4)
+#define LMS_PRIV_STATE_LEN(h, rl, cb, hLen)     \
+    (((h) * (hLen)) +                           \
+     LMS_STACK_CACHE_LEN(h, hLen) + 4 +         \
+     LMS_ROOT_CACHE_LEN(rl, hLen) +             \
+     LMS_LEAF_CACHE_LEN(cb, hLen) + 4 + 4)
 
 #ifndef WOLFSSL_WC_LMS_SMALL
     /* Private key data state for all levels. */
-    #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb)    \
-         ((l) * LMS_PRIV_STATE_LEN(h, rl, cb))
+    #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen)  \
+         ((l) * LMS_PRIV_STATE_LEN(h, rl, cb, hLen))
 #else
     /* Private key data state for all levels. */
-    #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb)    0
+    #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen)  0
 #endif
 
 #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING
     /* Extra private key data for smoothing. */
-    #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb)       \
-        (LMS_PRIV_KEY_LEN(l) +                      \
-         ((l) - 1) * LMS_PRIV_STATE_LEN(h, rl, cb))
+    #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen)         \
+        (LMS_PRIV_KEY_LEN(l, hLen) +                        \
+         ((l) - 1) * LMS_PRIV_STATE_LEN(h, rl, cb, hLen))
 #else
     /* Extra private key data for smoothing. */
-    #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb)       0
+    #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen)     0
 #endif
 
 #ifndef WOLFSSL_LMS_NO_SIG_CACHE
-    #define LMS_PRIV_Y_TREE_LEN(p)                                  \
-        (LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN)
+    #define LMS_PRIV_Y_TREE_LEN(p, hLen)                            \
+        ((hLen) + (p) * (hLen))
     /* Length of the y data cached in private key data. */
-    #define LMS_PRIV_Y_LEN(l, p)                                    \
-        (((l) - 1) * (LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN))
+    #define LMS_PRIV_Y_LEN(l, p, hLen)                              \
+        (((l) - 1) * ((hLen) + (p) * (hLen)))
 #else
     /* Length of the y data cached in private key data. */
-    #define LMS_PRIV_Y_LEN(l, p)    0
+    #define LMS_PRIV_Y_LEN(l, p, hLen)      0
 #endif
 
 #ifndef WOLFSSL_WC_LMS_SMALL
 /* Length of private key data. */
-#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb)   \
-    (LMS_PRIV_KEY_LEN(l) +                   \
-     LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) +  \
-     LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) +     \
-     LMS_PRIV_Y_LEN(l, p))
+#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb, hLen)    \
+    (LMS_PRIV_KEY_LEN(l, hLen) +                    \
+     LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen) +   \
+     LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen) +      \
+     LMS_PRIV_Y_LEN(l, p, hLen))
 #else
-#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb)   \
-    LMS_PRIV_KEY_LEN(l)
+#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb, hLen)    \
+    LMS_PRIV_KEY_LEN(l, hLen)
 #endif
 
+/* Indicates using SHA-256 for hashing. */
+#define LMS_SHA256                  0x0000
+/* Indicates using SHA-256/192 for hashing. */
+#define LMS_SHA256_192              0x1000
+/* Mask to get hashing algorithm from type. */
+#define LMS_HASH_MASK               0xf000
+/* Mask to get height or Winternitz width from type. */
+#define LMS_H_W_MASK                0x0fff
 
 /* LMS Parameters. */
 /* SHA-256 hash, 32-bytes of hash used, tree height of 5. */
-#define LMS_SHA256_M32_H5           5
+#define LMS_SHA256_M32_H5           0x05
 /* SHA-256 hash, 32-bytes of hash used, tree height of 10. */
-#define LMS_SHA256_M32_H10          6
+#define LMS_SHA256_M32_H10          0x06
 /* SHA-256 hash, 32-bytes of hash used, tree height of 15. */
-#define LMS_SHA256_M32_H15          7
+#define LMS_SHA256_M32_H15          0x07
 /* SHA-256 hash, 32-bytes of hash used, tree height of 20. */
-#define LMS_SHA256_M32_H20          8
+#define LMS_SHA256_M32_H20          0x08
 /* SHA-256 hash, 32-bytes of hash used, tree height of 25. */
-#define LMS_SHA256_M32_H25          9
+#define LMS_SHA256_M32_H25          0x09
 
 /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */
-#define LMOTS_SHA256_N32_W1         1
+#define LMOTS_SHA256_N32_W1         0x01
 /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */
-#define LMOTS_SHA256_N32_W2         2
+#define LMOTS_SHA256_N32_W2         0x02
 /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */
-#define LMOTS_SHA256_N32_W4         3
+#define LMOTS_SHA256_N32_W4         0x03
 /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */
-#define LMOTS_SHA256_N32_W8         4
+#define LMOTS_SHA256_N32_W8         0x04
+
+/* SHA-256 hash, 32-bytes of hash used, tree height of 5. */
+#define LMS_SHA256_M24_H5           (0x0a | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, tree height of 10. */
+#define LMS_SHA256_M24_H10          (0x0b | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, tree height of 15. */
+#define LMS_SHA256_M24_H15          (0x0c | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, tree height of 20. */
+#define LMS_SHA256_M24_H20          (0x0d | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, tree height of 25. */
+#define LMS_SHA256_M24_H25          (0x0e | LMS_SHA256_192)
+
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */
+#define LMOTS_SHA256_N24_W1         (0x05 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */
+#define LMOTS_SHA256_N24_W2         (0x06 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */
+#define LMOTS_SHA256_N24_W4         (0x07 | LMS_SHA256_192)
+/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */
+#define LMOTS_SHA256_N24_W8         (0x08 | LMS_SHA256_192)
 
 typedef struct LmsParams {
     /* Number of tree levels. */
@@ -339,6 +369,8 @@ typedef struct LmsParams {
     word16 lmOtsType;
     /* Length of LM-OTS signature. */
     word16 sig_len;
+    /* Length of seed. */
+    word16 hash_len;
 #ifndef WOLFSSL_WC_LMS_SMALL
     /* Number of root levels of interior nodes to store. */
     word8 rootLevels;
@@ -426,10 +458,10 @@ typedef struct HssPrivKey {
 
 struct LmsKey {
     /* Public key. */
-    ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN];
+    ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN)];
 #ifndef WOLFSSL_LMS_VERIFY_ONLY
     /* Encoded private key. */
-    ALIGN16 byte priv_raw[HSS_PRIVATE_KEY_LEN];
+    ALIGN16 byte priv_raw[HSS_MAX_PRIVATE_KEY_LEN];
 
     /* Packed private key data. */
     byte* priv_data;
diff --git a/wolfssl/wolfcrypt/wc_mlkem.h b/wolfssl/wolfcrypt/wc_mlkem.h
new file mode 100644
index 000000000..f79e1883a
--- /dev/null
+++ b/wolfssl/wolfcrypt/wc_mlkem.h
@@ -0,0 +1,378 @@
+/* wc_mlkem.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+    \file wolfssl/wolfcrypt/wc_mlkem.h
+*/
+
+
+#ifndef WOLF_CRYPT_WC_MLKEM_H
+#define WOLF_CRYPT_WC_MLKEM_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/sha3.h>
+#include <wolfssl/wolfcrypt/mlkem.h>
+
+#ifdef WOLFSSL_HAVE_MLKEM
+
+#ifdef WOLFSSL_KYBER_NO_MAKE_KEY
+    #define WOLFSSL_MLKEM_NO_MAKE_KEY
+#endif
+#ifdef WOLFSSL_KYBER_NO_ENCAPSULATE
+    #define WOLFSSL_MLKEM_NO_ENCAPSULATE
+#endif
+#ifdef WOLFSSL_KYBER_NO_DECAPSULATE
+    #define WOLFSSL_MLKEM_NO_DECAPSULATE
+#endif
+
+#ifdef noinline
+    #define MLKEM_NOINLINE noinline
+#elif defined(_MSC_VER)
+    #define MLKEM_NOINLINE __declspec(noinline)
+#elif defined(__GNUC__)
+    #define MLKEM_NOINLINE __attribute__((noinline))
+#else
+    #define MLKEM_NOINLINE
+#endif
+
+enum {
+    /* Flags of Kyber keys. */
+    MLKEM_FLAG_PRIV_SET = 0x0001,
+    MLKEM_FLAG_PUB_SET  = 0x0002,
+    MLKEM_FLAG_BOTH_SET = 0x0003,
+    MLKEM_FLAG_H_SET    = 0x0004,
+    MLKEM_FLAG_A_SET    = 0x0008,
+
+    /* 2 bits of random used to create noise value. */
+    MLKEM_CBD_ETA2      = 2,
+    /* 3 bits of random used to create noise value. */
+    MLKEM_CBD_ETA3      = 3,
+
+    /* Number of bits to compress to. */
+    MLKEM_COMP_4BITS    =  4,
+    MLKEM_COMP_5BITS    =  5,
+    MLKEM_COMP_10BITS   = 10,
+    MLKEM_COMP_11BITS   = 11,
+};
+
+
+/* SHAKE128 rate. */
+#define XOF_BLOCK_SIZE      168
+
+/* Modulus of co-efficients of polynomial. */
+#define MLKEM_Q             3329
+
+
+/* Kyber-512 parameters */
+#ifdef WOLFSSL_WC_ML_KEM_512
+/* Number of bits of random to create noise from. */
+#define WC_ML_KEM_512_ETA1       MLKEM_CBD_ETA3
+#endif /* WOLFSSL_WC_ML_KEM_512 */
+
+/* Kyber-768 parameters */
+#ifdef WOLFSSL_WC_ML_KEM_768
+/* Number of bits of random to create noise from. */
+#define WC_ML_KEM_768_ETA1       MLKEM_CBD_ETA2
+#endif /* WOLFSSL_WC_ML_KEM_768 */
+
+/* Kyber-1024 parameters */
+#ifdef WOLFSSL_WC_ML_KEM_1024
+/* Number of bits of random to create noise from. */
+#define WC_ML_KEM_1024_ETA1      MLKEM_CBD_ETA2
+#endif /* WOLFSSL_KYBER1024 */
+
+
+
+/* The data type of the hash function. */
+#define MLKEM_HASH_T    wc_Sha3
+
+/* The data type of the pseudo-random function. */
+#define MLKEM_PRF_T     wc_Shake
+
+/* ML-KEM key. */
+struct MlKemKey {
+    /* Type of key: WC_ML_KEM_512, WC_ML_KEM_768, WC_ML_KEM_1024 */
+    int type;
+    /* Dynamic memory allocation hint. */
+    void* heap;
+#if defined(WOLF_CRYPTO_CB)
+    /* Device Id. */
+    int devId;
+#endif
+    /* Flags indicating what is stored in the key. */
+    int flags;
+
+    /* A pseudo-random function object. */
+    MLKEM_HASH_T hash;
+    /* A pseudo-random function object. */
+    MLKEM_PRF_T prf;
+
+    /* Private key as a vector. */
+    sword16 priv[WC_ML_KEM_MAX_K * MLKEM_N];
+    /* Public key as a vector. */
+    sword16 pub[WC_ML_KEM_MAX_K * MLKEM_N];
+    /* Public seed. */
+    byte pubSeed[WC_ML_KEM_SYM_SZ];
+    /* Public hash - hash of encoded public key. */
+    byte h[WC_ML_KEM_SYM_SZ];
+    /* Randomizer for decapsulation. */
+    byte z[WC_ML_KEM_SYM_SZ];
+#ifdef WOLFSSL_MLKEM_CACHE_A
+    /* A matrix from key generation. */
+    sword16 a[WC_ML_KEM_MAX_K * WC_ML_KEM_MAX_K * MLKEM_N];
+#endif
+};
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+/* For backward compatibility */
+typedef struct MlKemKey KyberKey;
+
+WOLFSSL_LOCAL
+void mlkem_init(void);
+
+#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
+WOLFSSL_LOCAL
+void mlkem_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a,
+    int kp);
+#else
+WOLFSSL_LOCAL
+int mlkem_keygen_seeds(sword16* priv, sword16* pub, MLKEM_PRF_T* prf,
+    sword16* e, int kp, byte* seed, byte* noiseSeed);
+#endif
+#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
+WOLFSSL_LOCAL
+void mlkem_encapsulate(const sword16* pub, sword16* bp, sword16* v,
+    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
+    const sword16* m, int kp);
+#else
+WOLFSSL_LOCAL
+int mlkem_encapsulate_seeds(const sword16* pub, MLKEM_PRF_T* prf, sword16* bp,
+    sword16* tp, sword16* sp, int kp, const byte* msg, byte* seed,
+    byte* coins);
+#endif
+WOLFSSL_LOCAL
+void mlkem_decapsulate(const sword16* priv, sword16* mp, sword16* bp,
+    const sword16* v, int kp);
+
+WOLFSSL_LOCAL
+int mlkem_gen_matrix(MLKEM_PRF_T* prf, sword16* a, int kp, byte* seed,
+    int transposed);
+WOLFSSL_LOCAL
+int mlkem_get_noise(MLKEM_PRF_T* prf, int kp, sword16* vec1, sword16* vec2,
+    sword16* poly, byte* seed);
+
+#if defined(USE_INTEL_SPEEDUP) || \
+        (defined(WOLFSSL_ARMASM) && defined(__aarch64__))
+WOLFSSL_LOCAL
+int mlkem_kdf(byte* seed, int seedLen, byte* out, int outLen);
+#endif
+WOLFSSL_LOCAL
+void mlkem_hash_init(MLKEM_HASH_T* hash);
+WOLFSSL_LOCAL
+int mlkem_hash_new(MLKEM_HASH_T* hash, void* heap, int devId);
+WOLFSSL_LOCAL
+void mlkem_hash_free(MLKEM_HASH_T* hash);
+WOLFSSL_LOCAL
+int mlkem_hash256(wc_Sha3* hash, const byte* data, word32 dataLen, byte* out);
+WOLFSSL_LOCAL
+int mlkem_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len,
+    const byte* data2, word32 data2Len, byte* out);
+
+WOLFSSL_LOCAL
+int mlkem_derive_secret(MLKEM_PRF_T* prf, const byte* z, const byte* ct,
+    word32 ctSz, byte* ss);
+
+WOLFSSL_LOCAL
+void mlkem_prf_init(MLKEM_PRF_T* prf);
+WOLFSSL_LOCAL
+int mlkem_prf_new(MLKEM_PRF_T* prf, void* heap, int devId);
+WOLFSSL_LOCAL
+void mlkem_prf_free(MLKEM_PRF_T* prf);
+
+WOLFSSL_LOCAL
+int mlkem_cmp(const byte* a, const byte* b, int sz);
+
+WOLFSSL_LOCAL
+void mlkem_vec_compress_10(byte* r, sword16* v, unsigned int kp);
+WOLFSSL_LOCAL
+void mlkem_vec_compress_11(byte* r, sword16* v);
+WOLFSSL_LOCAL
+void mlkem_vec_decompress_10(sword16* v, const unsigned char* b,
+    unsigned int kp);
+WOLFSSL_LOCAL
+void mlkem_vec_decompress_11(sword16* v, const unsigned char* b);
+
+WOLFSSL_LOCAL
+void mlkem_compress_4(byte* b, sword16* p);
+WOLFSSL_LOCAL
+void mlkem_compress_5(byte* b, sword16* p);
+WOLFSSL_LOCAL
+void mlkem_decompress_4(sword16* p, const unsigned char* b);
+WOLFSSL_LOCAL
+void mlkem_decompress_5(sword16* p, const unsigned char* b);
+
+WOLFSSL_LOCAL
+void mlkem_from_msg(sword16* p, const byte* msg);
+WOLFSSL_LOCAL
+void mlkem_to_msg(byte* msg, sword16* p);
+WOLFSSL_LOCAL
+void mlkem_from_bytes(sword16* p, const byte* b, int k);
+WOLFSSL_LOCAL
+void mlkem_to_bytes(byte* b, sword16* p, int k);
+
+#ifdef USE_INTEL_SPEEDUP
+WOLFSSL_LOCAL
+void mlkem_keygen_avx2(sword16* priv, sword16* pub, sword16* e,
+    const sword16* a, int kp);
+WOLFSSL_LOCAL
+void mlkem_encapsulate_avx2(const sword16* pub, sword16* bp, sword16* v,
+    const sword16* at, sword16* sp, const sword16* ep, const sword16* epp,
+    const sword16* m, int kp);
+WOLFSSL_LOCAL
+void mlkem_decapsulate_avx2(const sword16* priv, sword16* mp, sword16* bp,
+    const sword16* v, int kp);
+
+WOLFSSL_LOCAL
+unsigned int mlkem_rej_uniform_n_avx2(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen);
+WOLFSSL_LOCAL
+unsigned int mlkem_rej_uniform_avx2(sword16* p, unsigned int len, const byte* r,
+    unsigned int rLen);
+WOLFSSL_LOCAL
+void mlkem_redistribute_21_rand_avx2(const word64* s, byte* r0, byte* r1,
+    byte* r2, byte* r3);
+void mlkem_redistribute_17_rand_avx2(const word64* s, byte* r0, byte* r1,
+    byte* r2, byte* r3);
+void mlkem_redistribute_16_rand_avx2(const word64* s, byte* r0, byte* r1,
+    byte* r2, byte* r3);
+void mlkem_redistribute_8_rand_avx2(const word64* s, byte* r0, byte* r1,
+    byte* r2, byte* r3);
+
+WOLFSSL_LOCAL
+void mlkem_sha3_128_blocksx4_seed_avx2(word64* s, byte* seed);
+WOLFSSL_LOCAL
+void mlkem_sha3_256_blocksx4_seed_avx2(word64* s, byte* seed);
+
+WOLFSSL_LOCAL
+void mlkem_cbd_eta2_avx2(sword16* p, const byte* r);
+WOLFSSL_LOCAL
+void mlkem_cbd_eta3_avx2(sword16* p, const byte* r);
+
+WOLFSSL_LOCAL
+void mlkem_from_msg_avx2(sword16* p, const byte* msg);
+WOLFSSL_LOCAL
+void mlkem_to_msg_avx2(byte* msg, sword16* p);
+
+WOLFSSL_LOCAL
+void mlkem_from_bytes_avx2(sword16* p, const byte* b);
+WOLFSSL_LOCAL
+void mlkem_to_bytes_avx2(byte* b, sword16* p);
+
+WOLFSSL_LOCAL
+void mlkem_compress_10_avx2(byte* r, const sword16* p, int n);
+WOLFSSL_LOCAL
+void mlkem_decompress_10_avx2(sword16* p, const byte* r, int n);
+WOLFSSL_LOCAL
+void mlkem_compress_11_avx2(byte* r, const sword16* p, int n);
+WOLFSSL_LOCAL
+void mlkem_decompress_11_avx2(sword16* p, const byte* r, int n);
+
+WOLFSSL_LOCAL
+void mlkem_compress_4_avx2(byte* r, const sword16* p);
+WOLFSSL_LOCAL
+void mlkem_decompress_4_avx2(sword16* p, const byte* r);
+WOLFSSL_LOCAL
+void mlkem_compress_5_avx2(byte* r, const sword16* p);
+WOLFSSL_LOCAL
+void mlkem_decompress_5_avx2(sword16* p, const byte* r);
+
+
+WOLFSSL_LOCAL
+int mlkem_cmp_avx2(const byte* a, const byte* b, int sz);
+#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+WOLFSSL_LOCAL void mlkem_ntt(sword16* r);
+WOLFSSL_LOCAL void mlkem_invntt(sword16* r);
+WOLFSSL_LOCAL void mlkem_ntt_sqrdmlsh(sword16* r);
+WOLFSSL_LOCAL void mlkem_invntt_sqrdmlsh(sword16* r);
+WOLFSSL_LOCAL void mlkem_basemul_mont(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void mlkem_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void mlkem_add_reduce(sword16* r, const sword16* a);
+WOLFSSL_LOCAL void mlkem_add3_reduce(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void mlkem_rsub_reduce(sword16* r, const sword16* a);
+WOLFSSL_LOCAL void mlkem_to_mont(sword16* p);
+WOLFSSL_LOCAL void mlkem_to_mont_sqrdmlsh(sword16* p);
+WOLFSSL_LOCAL void mlkem_sha3_blocksx3_neon(word64* state);
+WOLFSSL_LOCAL void mlkem_shake128_blocksx3_seed_neon(word64* state, byte* seed);
+WOLFSSL_LOCAL void mlkem_shake256_blocksx3_seed_neon(word64* state, byte* seed);
+WOLFSSL_LOCAL unsigned int mlkem_rej_uniform_neon(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen);
+WOLFSSL_LOCAL int mlkem_cmp_neon(const byte* a, const byte* b, int sz);
+WOLFSSL_LOCAL void mlkem_csubq_neon(sword16* p);
+WOLFSSL_LOCAL void mlkem_from_msg_neon(sword16* p, const byte* msg);
+WOLFSSL_LOCAL void mlkem_to_msg_neon(byte* msg, sword16* p);
+#elif defined(WOLFSSL_ARMASM_THUMB2) && defined(WOLFSSL_ARMASM)
+#define mlkem_ntt                   mlkem_thumb2_ntt
+#define mlkem_invntt                mlkem_thumb2_invntt
+#define mlkem_basemul_mont          mlkem_thumb2_basemul_mont
+#define mlkem_basemul_mont_add      mlkem_thumb2_basemul_mont_add
+#define mlkem_rej_uniform_c         mlkem_thumb2_rej_uniform
+
+WOLFSSL_LOCAL void mlkem_thumb2_ntt(sword16* r);
+WOLFSSL_LOCAL void mlkem_thumb2_invntt(sword16* r);
+WOLFSSL_LOCAL void mlkem_thumb2_basemul_mont(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void mlkem_thumb2_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void mlkem_thumb2_csubq(sword16* p);
+WOLFSSL_LOCAL unsigned int mlkem_thumb2_rej_uniform(sword16* p,
+    unsigned int len, const byte* r, unsigned int rLen);
+#elif defined(WOLFSSL_ARMASM)
+#define mlkem_ntt                   mlkem_arm32_ntt
+#define mlkem_invntt                mlkem_arm32_invntt
+#define mlkem_basemul_mont          mlkem_arm32_basemul_mont
+#define mlkem_basemul_mont_add      mlkem_arm32_basemul_mont_add
+#define mlkem_rej_uniform_c         mlkem_arm32_rej_uniform
+
+WOLFSSL_LOCAL void mlkem_arm32_ntt(sword16* r);
+WOLFSSL_LOCAL void mlkem_arm32_invntt(sword16* r);
+WOLFSSL_LOCAL void mlkem_arm32_basemul_mont(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void mlkem_arm32_basemul_mont_add(sword16* r, const sword16* a,
+    const sword16* b);
+WOLFSSL_LOCAL void mlkem_arm32_csubq(sword16* p);
+WOLFSSL_LOCAL unsigned int mlkem_arm32_rej_uniform(sword16* p, unsigned int len,
+    const byte* r, unsigned int rLen);
+#endif
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_HAVE_MLKEM */
+
+#endif /* WOLF_CRYPT_WC_MLKEM_H */
diff --git a/wolfssl/wolfcrypt/wc_pkcs11.h b/wolfssl/wolfcrypt/wc_pkcs11.h
index 8cdd87e61..fdc51e096 100644
--- a/wolfssl/wolfcrypt/wc_pkcs11.h
+++ b/wolfssl/wolfcrypt/wc_pkcs11.h
@@ -1,6 +1,6 @@
 /* wc_pkcs11.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -97,6 +97,10 @@ WOLFSSL_API int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear,
 WOLFSSL_API int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info,
     void* ctx);
 
+WOLFSSL_LOCAL int wc_hash2sz(int);
+WOLFSSL_LOCAL CK_MECHANISM_TYPE wc_hash2ckm(int);
+WOLFSSL_LOCAL CK_MECHANISM_TYPE wc_mgf2ckm(int);
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index 9824d19f3..a33fbf46f 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -1,6 +1,6 @@
 /* wc_port.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -54,13 +54,130 @@
     #endif
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#endif
+
 #ifdef WOLFSSL_LINUXKM
     #include "../../linuxkm/linuxkm_wc_port.h"
 #endif /* WOLFSSL_LINUXKM */
 
+#ifndef WARN_UNUSED_RESULT
+    #if defined(WOLFSSL_LINUXKM) && defined(__must_check)
+        #define WARN_UNUSED_RESULT __must_check
+    #elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \
+        (defined(__IAR_SYSTEMS_ICC__) && (__VER__ >= 9040001))
+        #define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
+    #else
+        #define WARN_UNUSED_RESULT
+    #endif
+#endif /* !WARN_UNUSED_RESULT */
+
+#ifndef WC_MAYBE_UNUSED
+    #if (defined(__GNUC__) && (__GNUC__ >= 4)) || defined(__clang__) || \
+            defined(__IAR_SYSTEMS_ICC__)
+        #define WC_MAYBE_UNUSED __attribute__((unused))
+    #else
+        #define WC_MAYBE_UNUSED
+    #endif
+#endif /* !WC_MAYBE_UNUSED */
+
+#ifndef WC_DEPRECATED
+    #ifdef WOLFSSL_ZEPHYR
+        #define WC_DEPRECATED(msg) /* null expansion */
+    #elif ((defined(__GNUC__) && \
+            ((__GNUC__ >= 5) || \
+            ((__GNUC__ == 4) && (__GNUC_MINOR__ > 5))))) ||  \
+          defined(__clang__)
+        #define WC_DEPRECATED(msg) __attribute__((deprecated(msg)))
+    #elif defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
+          defined(_WIN32_WCE) || defined(__WATCOMC__)
+        #define WC_DEPRECATED(msg) __declspec(deprecated(msg))
+    #elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \
+          defined(__IAR_SYSTEMS_ICC__)
+        #define WC_DEPRECATED(msg) __attribute__((deprecated))
+    #else
+        #define WC_DEPRECATED(msg) /* null expansion */
+    #endif
+#endif /* !WC_MAYBE_UNUSED */
+
+/* use inlining if compiler allows */
+#ifndef WC_INLINE
+#ifndef NO_INLINE
+    #ifdef _MSC_VER
+        #define WC_INLINE __inline
+    #elif defined(__GNUC__)
+           #ifdef WOLFSSL_VXWORKS
+               #define WC_INLINE __inline__
+           #else
+               #define WC_INLINE inline
+           #endif
+    #elif defined(__IAR_SYSTEMS_ICC__)
+        #define WC_INLINE inline
+    #elif defined(THREADX)
+        #define WC_INLINE _Inline
+    #elif defined(__ghc__)
+        #ifndef __cplusplus
+            #define WC_INLINE __inline
+        #else
+            #define WC_INLINE inline
+        #endif
+    #elif defined(__CCRX__)
+        #define WC_INLINE inline
+    #elif defined(__DCC__)
+        #ifndef __cplusplus
+            #define WC_INLINE __inline__
+        #else
+            #define WC_INLINE inline
+        #endif
+    #else
+        #define WC_INLINE WC_MAYBE_UNUSED
+    #endif
+#else
+    #define WC_INLINE WC_MAYBE_UNUSED
+#endif
+#endif
+
 /* THREADING/MUTEX SECTION */
 #if defined(SINGLE_THREADED) && defined(NO_FILESYSTEM)
     /* No system headers required for build. */
+#elif defined(__WATCOMC__)
+    #if defined(SINGLE_THREADED)
+        #if defined(USE_WINDOWS_API)
+            #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
+            #include <windows.h>
+            #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header */
+            #ifndef WOLFSSL_USER_IO
+                #include <winsock2.h>
+                #include <ws2tcpip.h> /* required for InetPton */
+            #endif
+        #elif defined(__OS2__)
+            #include <os2.h>
+        #endif
+    #else
+        #if defined(USE_WINDOWS_API)
+            #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
+            #include <windows.h>
+            #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header */
+            #include <process.h>
+            #ifndef WOLFSSL_USER_IO
+                #include <winsock2.h>
+                #include <ws2tcpip.h> /* required for InetPton */
+            #endif
+        #elif defined(__OS2__)
+            #define INCL_DOSSEMAPHORES
+            #define INCL_DOSPROCESS
+            #include <os2.h>
+            #include <process.h>
+        #else
+            #ifndef WOLFSSL_USER_MUTEX
+                #define WOLFSSL_PTHREADS
+            #endif
+            #if defined(WOLFSSL_PTHREADS)
+                #include <pthread.h>
+            #endif
+        #endif
+    #endif
 #elif defined(USE_WINDOWS_API)
     #if defined(WOLFSSL_PTHREADS)
         #include <pthread.h>
@@ -71,13 +188,12 @@
         #ifndef WIN32_LEAN_AND_MEAN
             #define WIN32_LEAN_AND_MEAN
         #endif
-        #ifndef WOLFSSL_SGX
-            #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
-                /* On WinCE winsock2.h must be included before windows.h */
-                #include <winsock2.h>
-            #endif
+        #if !defined(WOLFSSL_SGX) && !defined(WOLFSSL_NOT_WINDOWS_API)
+            #define _WINSOCKAPI_ /* block inclusion of winsock.h header file. */
             #include <windows.h>
+            #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header */
             #ifndef WOLFSSL_USER_IO
+                #include <winsock2.h>
                 #include <ws2tcpip.h> /* required for InetPton */
             #endif
         #endif /* WOLFSSL_SGX */
@@ -223,7 +339,7 @@
 #else /* MULTI_THREADED */
     /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
     #if defined(FREERTOS)
-        #if ESP_IDF_VERSION_MAJOR >= 4
+        #if defined(ESP_IDF_VERSION_MAJOR) && (ESP_IDF_VERSION_MAJOR >= 4)
             typedef SemaphoreHandle_t wolfSSL_Mutex;
         #else
             typedef xSemaphoreHandle wolfSSL_Mutex;
@@ -310,12 +426,19 @@
         /* typedef User_Mutex wolfSSL_Mutex; */
     #elif defined(WOLFSSL_LINUXKM)
         /* definitions are in linuxkm/linuxkm_wc_port.h */
+    #elif defined(__WATCOMC__)
+        /* OS/2 */
+        typedef ULONG wolfSSL_Mutex;
     #else
         #error Need a mutex type in multithreaded mode
     #endif /* USE_WINDOWS_API */
 
 #endif /* SINGLE_THREADED */
 
+#ifdef WOLFSSL_TEST_NO_MUTEX_INITIALIZER
+    #undef WOLFSSL_MUTEX_INITIALIZER
+#endif
+
 #ifdef WOLFSSL_MUTEX_INITIALIZER
     #define WOLFSSL_MUTEX_INITIALIZER_CLAUSE(lockname) = WOLFSSL_MUTEX_INITIALIZER(lockname)
 #else
@@ -327,11 +450,20 @@
 #endif
 
 #ifndef WOLFSSL_NO_ATOMICS
-#ifdef HAVE_C___ATOMIC
+#ifdef SINGLE_THREADED
+    typedef int wolfSSL_Atomic_Int;
+    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+    #define WOLFSSL_ATOMIC_LOAD(x) (x)
+    #define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val)
+    #define WOLFSSL_ATOMIC_OPS
+#elif defined(HAVE_C___ATOMIC)
 #ifdef __cplusplus
 #if defined(__GNUC__) && defined(__ATOMIC_RELAXED)
     /* C++ using direct calls to compiler built-in functions */
     typedef volatile int wolfSSL_Atomic_Int;
+    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+    #define WOLFSSL_ATOMIC_LOAD(x) __atomic_load_n(&(x), __ATOMIC_CONSUME)
+    #define WOLFSSL_ATOMIC_STORE(x, val) __atomic_store_n(&(x), val, __ATOMIC_RELEASE)
     #define WOLFSSL_ATOMIC_OPS
 #endif
 #else
@@ -339,10 +471,13 @@
     /* Default C Implementation */
     #include <stdatomic.h>
     typedef atomic_int wolfSSL_Atomic_Int;
+    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+    #define WOLFSSL_ATOMIC_LOAD(x) atomic_load(&(x))
+    #define WOLFSSL_ATOMIC_STORE(x, val) atomic_store(&(x), val)
     #define WOLFSSL_ATOMIC_OPS
     #endif /* WOLFSSL_HAVE_ATOMIC_H */
 #endif
-#elif defined(_MSC_VER)
+#elif defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)
     /* Use MSVC compiler intrinsics for atomic ops */
     #ifdef _WIN32_WCE
         #include <armintr.h>
@@ -350,51 +485,56 @@
         #include <intrin.h>
     #endif
     typedef volatile long wolfSSL_Atomic_Int;
+    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+    #define WOLFSSL_ATOMIC_LOAD(x) (x)
+    #define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val)
     #define WOLFSSL_ATOMIC_OPS
 #endif
 #endif /* WOLFSSL_NO_ATOMICS */
 
-#ifdef WOLFSSL_ATOMIC_OPS
-    WOLFSSL_LOCAL void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i);
+#if defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED)
+    WOLFSSL_API void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i);
     /* Fetch* functions return the value of the counter immediately preceding
      * the effects of the function. */
-    WOLFSSL_LOCAL int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i);
-    WOLFSSL_LOCAL int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i);
+    WOLFSSL_API int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i);
+    WOLFSSL_API int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i);
+#else
+    /* Code using these fallback implementations in non-SINGLE_THREADED builds
+     * needs to arrange its own explicit fallback to int for wolfSSL_Atomic_Int,
+     * which is not defined if !defined(WOLFSSL_ATOMIC_OPS) &&
+     * !defined(SINGLE_THREADED).  This forces local awareness of thread-unsafe
+     * semantics.
+     */
+    #define wolfSSL_Atomic_Int_Init(c, i) (*(c) = (i))
+    static WC_INLINE int wolfSSL_Atomic_Int_FetchAdd(int *c, int i) {
+        int ret = *c;
+        *c += i;
+        return ret;
+    }
+    static WC_INLINE int wolfSSL_Atomic_Int_FetchSub(int *c, int i) {
+        int ret = *c;
+        *c -= i;
+        return ret;
+    }
 #endif
 
 /* Reference counting. */
-typedef struct wolfSSL_Ref {
-#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_ATOMIC_OPS)
+typedef struct wolfSSL_RefWithMutex {
+#if !defined(SINGLE_THREADED)
     wolfSSL_Mutex mutex;
 #endif
-#ifdef WOLFSSL_ATOMIC_OPS
-    wolfSSL_Atomic_Int count;
-#else
     int count;
-#endif
+} wolfSSL_RefWithMutex;
+
+#if defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED)
+typedef struct wolfSSL_Ref {
+    wolfSSL_Atomic_Int count;
 } wolfSSL_Ref;
+#else
+typedef struct wolfSSL_RefWithMutex wolfSSL_Ref;
+#endif
 
-#ifdef SINGLE_THREADED
-
-#define wolfSSL_RefInit(ref, err)            \
-    do {                                     \
-        (ref)->count = 1;                    \
-        *(err) = 0;                          \
-    } while(0)
-#define wolfSSL_RefFree(ref) WC_DO_NOTHING
-    #define wolfSSL_RefInc(ref, err)         \
-    do {                                     \
-        (ref)->count++;                      \
-        *(err) = 0;                          \
-    } while(0)
-#define wolfSSL_RefDec(ref, isZero, err)     \
-    do {                                     \
-        (ref)->count--;                      \
-        *(isZero) = ((ref)->count == 0);     \
-        *(err) = 0;                          \
-    } while(0)
-
-#elif defined(WOLFSSL_ATOMIC_OPS)
+#if defined(SINGLE_THREADED) || defined(WOLFSSL_ATOMIC_OPS)
 
 #define wolfSSL_RefInit(ref, err)            \
     do {                                     \
@@ -419,17 +559,41 @@ typedef struct wolfSSL_Ref {
 
 #define WOLFSSL_REFCNT_ERROR_RETURN
 
-WOLFSSL_LOCAL void wolfSSL_RefInit(wolfSSL_Ref* ref, int* err);
-WOLFSSL_LOCAL void wolfSSL_RefFree(wolfSSL_Ref* ref);
-WOLFSSL_LOCAL void wolfSSL_RefInc(wolfSSL_Ref* ref, int* err);
-WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err);
+#define wolfSSL_RefInit wolfSSL_RefWithMutexInit
+#define wolfSSL_RefFree wolfSSL_RefWithMutexFree
+#define wolfSSL_RefInc wolfSSL_RefWithMutexInc
+#define wolfSSL_RefDec wolfSSL_RefWithMutexDec
+
+#endif
+
+#if defined(SINGLE_THREADED)
+
+#define wolfSSL_RefWithMutexInit wolfSSL_RefInit
+#define wolfSSL_RefWithMutexFree wolfSSL_RefFree
+#define wolfSSL_RefWithMutexInc wolfSSL_RefInc
+#define wolfSSL_RefWithMutexLock(ref) 0
+#define wolfSSL_RefWithMutexUnlock(ref) 0
+#define wolfSSL_RefWithMutexDec wolfSSL_RefDec
+
+#else
+
+WOLFSSL_LOCAL void wolfSSL_RefWithMutexInit(wolfSSL_RefWithMutex* ref,
+                                            int* err);
+WOLFSSL_LOCAL void wolfSSL_RefWithMutexFree(wolfSSL_RefWithMutex* ref);
+WOLFSSL_LOCAL void wolfSSL_RefWithMutexInc(wolfSSL_RefWithMutex* ref,
+                                            int* err);
+WOLFSSL_LOCAL int wolfSSL_RefWithMutexLock(wolfSSL_RefWithMutex* ref);
+WOLFSSL_LOCAL int wolfSSL_RefWithMutexUnlock(wolfSSL_RefWithMutex* ref);
+WOLFSSL_LOCAL void wolfSSL_RefWithMutexDec(wolfSSL_RefWithMutex* ref,
+                                            int* isZero, int* err);
 
 #endif
 
 
 /* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */
 #if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \
-    defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG)
+    defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG) || \
+    defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
     #ifndef WOLFSSL_CRYPT_HW_MUTEX
         #define WOLFSSL_CRYPT_HW_MUTEX  1
     #endif
@@ -444,9 +608,9 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err);
        however it's recommended to call this directly on Hw init to avoid possible
        race condition where two calls to wolfSSL_CryptHwMutexLock are made at
        the same time. */
-    int wolfSSL_CryptHwMutexInit(void);
-    int wolfSSL_CryptHwMutexLock(void);
-    int wolfSSL_CryptHwMutexUnLock(void);
+    WOLFSSL_LOCAL int wolfSSL_CryptHwMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_CryptHwMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_CryptHwMutexUnLock(void);
 #else
     /* Define stubs, since HW mutex is disabled */
     #define wolfSSL_CryptHwMutexInit()      0 /* Success */
@@ -454,6 +618,74 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err);
     #define wolfSSL_CryptHwMutexUnLock()    (void)0 /* Success */
 #endif /* WOLFSSL_CRYPT_HW_MUTEX */
 
+#if defined(WOLFSSL_ALGO_HW_MUTEX) && (defined(NO_RNG_MUTEX) && \
+        defined(NO_AES_MUTEX) && defined(NO_HASH_MUTEX) && defined(NO_PK_MUTEX))
+        #error WOLFSSL_ALGO_HW_MUTEX does not support having all mutexes off
+#endif
+/* To support HW that can do different Crypto in parallel */
+#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX)
+    typedef enum {
+        #ifndef NO_RNG_MUTEX
+        rng_mutex,
+        #endif
+        #ifndef NO_AES_MUTEX
+        aes_mutex,
+        #endif
+        #ifndef NO_HASH_MUTEX
+        hash_mutex,
+        #endif
+        #ifndef NO_PK_MUTEX
+        pk_mutex,
+        #endif
+    } hw_mutex_algo;
+#endif
+
+/* If algo mutex is off, or WOLFSSL_ALGO_HW_MUTEX is not define, default */
+/* to using the generic wolfSSL_CryptHwMutex */
+#if (!defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwRngMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwRngMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwRngMutexUnLock(void);
+#else
+    #define wolfSSL_HwRngMutexInit    wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwRngMutexLock    wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwRngMutexUnLock  wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
+#if (!defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwAesMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwAesMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwAesMutexUnLock(void);
+#else
+    #define wolfSSL_HwAesMutexInit    wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwAesMutexLock    wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwAesMutexUnLock  wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
+#if (!defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwHashMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwHashMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwHashMutexUnLock(void);
+#else
+    #define wolfSSL_HwHashMutexInit   wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwHashMutexLock   wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwHashMutexUnLock wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
+#if (!defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \
+    WOLFSSL_CRYPT_HW_MUTEX
+    WOLFSSL_LOCAL int wolfSSL_HwPkMutexInit(void);
+    WOLFSSL_LOCAL int wolfSSL_HwPkMutexLock(void);
+    WOLFSSL_LOCAL int wolfSSL_HwPkMutexUnLock(void);
+#else
+    #define wolfSSL_HwPkMutexInit     wolfSSL_CryptHwMutexInit
+    #define wolfSSL_HwPkMutexLock     wolfSSL_CryptHwMutexLock
+    #define wolfSSL_HwPkMutexUnLock   wolfSSL_CryptHwMutexUnLock
+#endif /* !defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
 /* Mutex functions */
 WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex* m);
 WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void);
@@ -591,13 +823,14 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
      * make the API more POSIX like. */
     XFILE z_fs_open(const char* filename, const char* mode);
     int z_fs_close(XFILE file);
+    int z_fs_rewind(XFILE file);
 
     #define XFOPEN              z_fs_open
     #define XFCLOSE             z_fs_close
     #define XFFLUSH             fs_sync
     #define XFSEEK              fs_seek
     #define XFTELL              fs_tell
-    #define XFREWIND            fs_rewind
+    #define XFREWIND            z_fs_rewind
     #define XFREAD(P,S,N,F)     fs_read(F, P, S*N)
     #define XFWRITE(P,S,N,F)    fs_write(F, P, S*N)
     #define XSEEK_SET           FS_SEEK_SET
@@ -721,7 +954,25 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
 
     #if !defined(NO_WOLFSSL_DIR)\
         && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
-        #if defined(USE_WINDOWS_API)
+        #if defined(__WATCOMC__)
+            #include <unistd.h>
+            #include <sys/stat.h>
+            #define XWRITE      write
+            #define XREAD       read
+            #define XCLOSE      close
+            #define XSTAT       stat
+            #define XS_ISREG(s) S_ISREG(s)
+            #if defined(__UNIX__)
+                #include <dirent.h>
+                #define SEPARATOR_CHAR ':'
+            #else
+                #include <direct.h>
+                #define SEPARATOR_CHAR ';'
+            #endif
+            #if defined(__NT__)
+                #define XALTHOMEVARNAME "USERPROFILE"
+            #endif
+        #elif defined(USE_WINDOWS_API)
             #include <io.h>
             #include <sys/stat.h>
             #ifndef XSTAT
@@ -759,9 +1010,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
             #define SEPARATOR_CHAR ':'
 
         #else
-            #ifndef NO_WOLFSSL_DIR
-                #include <dirent.h>
-            #endif
+            #include <dirent.h>
             #include <unistd.h>
             #include <sys/stat.h>
             #define XWRITE      write
@@ -885,9 +1134,11 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
 /* Windows API defines its own min() macro. */
 #if defined(USE_WINDOWS_API)
     #if defined(min) || defined(WOLFSSL_MYSQL_COMPATIBLE)
+        #undef  WOLFSSL_HAVE_MIN
         #define WOLFSSL_HAVE_MIN
     #endif /* min */
     #if defined(max) || defined(WOLFSSL_MYSQL_COMPATIBLE)
+        #undef  WOLFSSL_HAVE_MAX
         #define WOLFSSL_HAVE_MAX
     #endif /* max */
 #endif /* USE_WINDOWS_API */
@@ -1010,7 +1261,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #define XGMTIME(c, t)   gmtime((c))
 
 #elif defined(_WIN32_WCE)
+    #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
     #include <windows.h>
+    #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
     #include <stdlib.h> /* For file system */
 
     time_t windows_time(time_t* timer);
@@ -1106,7 +1359,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #endif
 
     /* PowerPC time_t is int */
-    #ifdef __PPC__
+    #if defined(__PPC__) || defined(__ppc__)
         #define TIME_T_NOT_64BIT
     #endif
 
@@ -1211,7 +1464,8 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
 #endif /* !NO_ASN_TIME */
 
 
-#ifndef WOLFSSL_LEANPSK
+#if (!defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)) || \
+    defined(USE_WOLF_STRNSTR)
     char* mystrnstr(const char* s1, const char* s2, unsigned int n);
 #endif
 
@@ -1229,9 +1483,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     /* By default, the OCTEON's global variables are all thread local. This
      * tag allows them to be shared between threads. */
     #include "cvmx-platform.h"
-    #define WOLFSSL_GLOBAL CVMX_SHARED
+    #define WC_THREADSHARED CVMX_SHARED
 #else
-    #define WOLFSSL_GLOBAL
+    #define WC_THREADSHARED
 #endif
 
 #ifdef WOLFSSL_DSP
@@ -1264,19 +1518,31 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
 #endif
 
 #ifndef WOLFSSL_NO_FENCE
-    #if defined (__i386__) || defined(__x86_64__)
+    #ifdef XFENCE
+        /* use user-supplied XFENCE definition. */
+    #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L)
+        #include <stdatomic.h>
+        #define XFENCE() atomic_thread_fence(memory_order_seq_cst)
+    #elif defined(__GNUC__) && (__GNUC__ == 4) && \
+          defined(__GNUC_MINOR__) && (__GNUC_MINOR__ >= 1)
+        #define XFENCE() __sync_synchronize()
+    #elif (defined(__GNUC__) && (__GNUC__ >= 5)) || defined (__clang__)
+        #define XFENCE() __atomic_thread_fence(__ATOMIC_SEQ_CST)
+    #elif defined(WOLFSSL_NO_ASM)
+        #define XFENCE() WC_DO_NOTHING
+    #elif defined (__i386__) || defined(__x86_64__)
         #define XFENCE() XASM_VOLATILE("lfence")
     #elif (defined (__arm__) && (__ARM_ARCH > 6)) || defined(__aarch64__)
         #define XFENCE() XASM_VOLATILE("isb")
     #elif defined(__riscv)
         #define XFENCE() XASM_VOLATILE("fence")
-    #elif defined(__PPC__)
+    #elif defined(__PPC__) || defined(__POWERPC__)
         #define XFENCE() XASM_VOLATILE("isync; sync")
     #else
-        #define XFENCE() do{}while(0)
+        #define XFENCE() WC_DO_NOTHING
     #endif
 #else
-    #define XFENCE() do{}while(0)
+    #define XFENCE() WC_DO_NOTHING
 #endif
 
 
diff --git a/wolfssl/wolfcrypt/wc_xmss.h b/wolfssl/wolfcrypt/wc_xmss.h
index 21d5fe8ef..e59df6193 100644
--- a/wolfssl/wolfcrypt/wc_xmss.h
+++ b/wolfssl/wolfcrypt/wc_xmss.h
@@ -1,6 +1,6 @@
 /* wc_xmss.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/wolfevent.h b/wolfssl/wolfcrypt/wolfevent.h
index cb3cb58de..d6731d134 100644
--- a/wolfssl/wolfcrypt/wolfevent.h
+++ b/wolfssl/wolfcrypt/wolfevent.h
@@ -1,6 +1,6 @@
 /* wolfevent.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h
index fe01ed5cd..e2e854525 100644
--- a/wolfssl/wolfcrypt/wolfmath.h
+++ b/wolfssl/wolfcrypt/wolfmath.h
@@ -1,6 +1,6 @@
 /* wolfmath.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -40,7 +40,16 @@ This library provides big integer math functions.
 #endif
 
 
-#if defined(USE_FAST_MATH)
+#if defined(NO_BIG_INT)
+    /* MPI globally disabled -- no PK algorithms supported. */
+    #if defined(USE_FAST_MATH) || defined(USE_INTEGER_HEAP_MATH) || \
+        defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) || \
+        defined(HAVE_WOLF_BIGINT) || defined(WOLFSSL_EXPORT_INT)
+        #error Conflicting MPI settings.
+    #endif
+#elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
+    #include <wolfssl/wolfcrypt/sp_int.h>
+#elif defined(USE_FAST_MATH)
     #include <wolfssl/wolfcrypt/tfm.h>
 #elif defined(USE_INTEGER_HEAP_MATH)
     #include <wolfssl/wolfcrypt/integer.h>
@@ -48,10 +57,14 @@ This library provides big integer math functions.
     #include <wolfssl/wolfcrypt/sp_int.h>
 #endif
 
-#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH)
+#if !defined(NO_BIG_INT)
     #include <wolfssl/wolfcrypt/random.h>
 #endif
 
+#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
+    #include <wolfssl/wolfcrypt/port/maxim/max3266x.h>
+#endif
+
 #ifndef MIN
    #define MIN(x,y) ((x)<(y)?(x):(y))
 #endif
@@ -68,7 +81,7 @@ This library provides big integer math functions.
     extern const wc_ptr_t wc_off_on_addr[2];
 #endif
 
-#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH)
+#if !defined(NO_BIG_INT)
 /* common math functions */
 MP_API int get_digit_count(const mp_int* a);
 MP_API mp_digit get_digit(const mp_int* a, int n);
@@ -118,6 +131,28 @@ WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len,
     WOLFSSL_API const char *wc_GetMathInfo(void);
 #endif
 
+/* Support for generic Hardware based Math Functions */
+#ifdef WOLFSSL_USE_HW_MP
+
+WOLFSSL_LOCAL int hw_mod(mp_int* multiplier, mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_mulmod(mp_int* multiplier, mp_int* multiplicand,
+                                mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_addmod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_submod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result);
+WOLFSSL_LOCAL int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod,
+                                mp_int* result);
+WOLFSSL_LOCAL int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result);
+
+/* One to one mappings */
+#define mp_mod      hw_mod
+#define mp_addmod   hw_addmod
+#define mp_submod   hw_submod
+#define mp_mulmod   hw_mulmod
+#define mp_exptmod  hw_exptmod
+#define mp_sqrmod   hw_sqrmod
+
+#endif
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/xmss.h b/wolfssl/wolfcrypt/xmss.h
index 548700caa..99448625b 100644
--- a/wolfssl/wolfcrypt/xmss.h
+++ b/wolfssl/wolfcrypt/xmss.h
@@ -1,6 +1,6 @@
 /* xmss.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index 5fdeac4bb..de45a18b5 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -1,6 +1,6 @@
 /* io.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -57,7 +57,32 @@
     #include "zlib.h"
 #endif
 
-#ifndef USE_WINDOWS_API
+#if defined(__WATCOMC__)
+    #if defined(__NT__)
+    #elif defined(__OS2__)
+        #include <errno.h>
+        #include <os2.h>
+        #include <sys/types.h>
+        #include <os2/types.h>
+        #include <sys/socket.h>
+        #include <arpa/inet.h>
+        #include <netinet/in.h>
+        #include <nerrno.h>
+        #include <sys/ioctl.h>
+
+        typedef int socklen_t;
+    #elif defined(__LINUX__)
+        #include <sys/types.h>
+        #include <errno.h>
+        #include <unistd.h>
+        #include <fcntl.h>
+        #define XFCNTL(fd, flag, block) fcntl((fd), (flag), (block))
+        #include <sys/socket.h>
+        #include <arpa/inet.h>
+        #include <netinet/in.h>
+    #endif
+#elif defined(USE_WINDOWS_API)
+#else
     #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
         /* lwIP needs to be configured to use sockets API in this mode */
         /* LWIP_SOCKET 1 in lwip/opt.h or in build */
@@ -204,7 +229,40 @@
 #define SOCKET_RECEIVING 1
 #define SOCKET_SENDING 2
 
-#ifdef USE_WINDOWS_API
+#ifdef __WATCOMC__
+    #if defined(__NT__)
+        /* no epipe yet */
+        #ifndef WSAEPIPE
+            #define WSAEPIPE       -12345
+        #endif
+        #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK
+        #define SOCKET_EAGAIN      WSAETIMEDOUT
+        #define SOCKET_ETIMEDOUT   WSAETIMEDOUT
+        #define SOCKET_ECONNRESET  WSAECONNRESET
+        #define SOCKET_EINTR       WSAEINTR
+        #define SOCKET_EPIPE       WSAEPIPE
+        #define SOCKET_ECONNREFUSED WSAENOTCONN
+        #define SOCKET_ECONNABORTED WSAECONNABORTED
+    #elif defined(__OS2__)
+        #define SOCKET_EWOULDBLOCK SOCEWOULDBLOCK
+        #define SOCKET_EAGAIN      SOCEAGAIN
+        #define SOCKET_ETIMEDOUT   SOCETIMEDOUT
+        #define SOCKET_ECONNRESET  SOCECONNRESET
+        #define SOCKET_EINTR       SOCEINTR
+        #define SOCKET_EPIPE       SOCEPIPE
+        #define SOCKET_ECONNREFUSED SOCECONNREFUSED
+        #define SOCKET_ECONNABORTED SOCECONNABORTED
+    #elif defined(__UNIX__)
+        #define SOCKET_EWOULDBLOCK EWOULDBLOCK
+        #define SOCKET_EAGAIN      EAGAIN
+        #define SOCKET_ETIMEDOUT   ETIMEDOUT
+        #define SOCKET_ECONNRESET  ECONNRESET
+        #define SOCKET_EINTR       EINTR
+        #define SOCKET_EPIPE       EPIPE
+        #define SOCKET_ECONNREFUSED ECONNREFUSED
+        #define SOCKET_ECONNABORTED ECONNABORTED
+    #endif
+#elif defined(USE_WINDOWS_API)
     /* no epipe yet */
     #ifndef WSAEPIPE
         #define WSAEPIPE       -12345
@@ -416,7 +474,7 @@
         #endif
     #endif
     #ifndef XSOCKOPT_TYPE_OPTVAL_TYPE
-        #ifdef USE_WINDOWS_API
+        #ifndef USE_WINDOWS_API
             #define XSOCKOPT_TYPE_OPTVAL_TYPE void*
         #else
             #define XSOCKOPT_TYPE_OPTVAL_TYPE char*
@@ -520,9 +578,20 @@ WOLFSSL_API  int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf,
 #endif
 #endif /* WOLFSSL_NO_SOCK */
 
+WOLFSSL_API int wolfSSL_BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
+WOLFSSL_API int wolfSSL_BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+#ifndef OPENSSL_COEXIST
+/* Preserve API previously exposed */
+#define BioSend wolfSSL_BioSend
+#define BioReceive wolfSSL_BioReceive
+#endif
 
-WOLFSSL_API int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
-WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+WOLFSSL_LOCAL int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+WOLFSSL_LOCAL int BioReceiveInternal(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr,
+                                     char* buf, int sz);
+#endif
+WOLFSSL_LOCAL int SslBioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 #if defined(USE_WOLFSSL_IO)
     /* default IO callbacks */
     WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
@@ -545,9 +614,14 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
     #endif /* WOLFSSL_DTLS */
 #endif /* USE_WOLFSSL_IO */
 
+
+typedef int (*WolfSSLGenericIORecvCb)(char *buf, int sz, void *ctx);
 #ifdef HAVE_OCSP
     WOLFSSL_API int wolfIO_HttpBuildRequestOcsp(const char* domainName,
         const char* path, int ocspReqSz, unsigned char* buf, int bufSize);
+    WOLFSSL_API int wolfIO_HttpProcessResponseOcspGenericIO(
+        WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, unsigned char** respBuf,
+        unsigned char* httpBuf, int httpBufSz, void* heap);
     WOLFSSL_API int wolfIO_HttpProcessResponseOcsp(int sfd,
         unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
         void* heap);
@@ -578,6 +652,10 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
     WOLFSSL_LOCAL int wolfIO_HttpBuildRequest_ex(const char* reqType,
         const char* domainName, const char* path, int pathLen, int reqSz,
         const char* contentType, const char *exHdrs, unsigned char* buf, int bufSize);
+    WOLFSSL_API  int wolfIO_HttpProcessResponseGenericIO(
+        WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, const char** appStrList,
+        unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
+        int dynType, void* heap);
     WOLFSSL_API  int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
         unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
         int dynType, void* heap);
@@ -591,6 +669,8 @@ WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX *ctx, CallbackIORecv CBIORecv
 WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX *ctx, CallbackIOSend CBIOSend);
 WOLFSSL_API void wolfSSL_SSLSetIORecv(WOLFSSL *ssl, CallbackIORecv CBIORecv);
 WOLFSSL_API void wolfSSL_SSLSetIOSend(WOLFSSL *ssl, CallbackIOSend CBIOSend);
+WOLFSSL_API void wolfSSL_SSLDisableRead(WOLFSSL *ssl);
+WOLFSSL_API void wolfSSL_SSLEnableRead(WOLFSSL *ssl);
 /* deprecated old name */
 #define wolfSSL_SetIORecv wolfSSL_CTX_SetIORecv
 #define wolfSSL_SetIOSend wolfSSL_CTX_SetIOSend
@@ -604,7 +684,6 @@ WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl);
 WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
 WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
-
 #ifdef HAVE_NETX
     WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx);
     WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx);
@@ -815,21 +894,36 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
 
 #ifndef XINET_NTOP
-    #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d))
-    #ifdef USE_WINDOWS_API /* Windows-friendly definition */
-        #undef  XINET_NTOP
+    #if defined(__WATCOMC__)
+        #if defined(__OS2__) || defined(__NT__) && \
+                (NTDDI_VERSION >= NTDDI_VISTA)
+            #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d))
+        #else
+            #define XINET_NTOP(a,b,c,d) \
+                strncpy((c),inet_ntoa(*(unsigned *)(b)),(d))
+        #endif
+    #elif defined(USE_WINDOWS_API) /* Windows-friendly definition */
         #define XINET_NTOP(a,b,c,d) InetNtop((a),(b),(c),(d))
+    #else
+        #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d))
     #endif
 #endif
 #ifndef XINET_PTON
-    #define XINET_PTON(a,b,c)   inet_pton((a),(b),(c))
-    #ifdef USE_WINDOWS_API /* Windows-friendly definition */
-        #undef  XINET_PTON
+    #if defined(__WATCOMC__)
+        #if defined(__OS2__) || defined(__NT__) && \
+                (NTDDI_VERSION >= NTDDI_VISTA)
+            #define XINET_PTON(a,b,c)   inet_pton((a),(b),(c))
+        #else
+            #define XINET_PTON(a,b,c)   *(unsigned *)(c) = inet_addr((b))
+        #endif
+    #elif defined(USE_WINDOWS_API) /* Windows-friendly definition */
         #if defined(__MINGW64__) && !defined(UNICODE)
             #define XINET_PTON(a,b,c)   InetPton((a),(b),(c))
         #else
             #define XINET_PTON(a,b,c)   InetPton((a),(PCWSTR)(b),(c))
         #endif
+    #else
+        #define XINET_PTON(a,b,c)   inet_pton((a),(b),(c))
     #endif
 #endif
 
diff --git a/wolfssl64.sln b/wolfssl64.sln
index e268b3840..796649b23 100644
--- a/wolfssl64.sln
+++ b/wolfssl64.sln
@@ -24,130 +24,192 @@ Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Win32 = Debug|Win32
 		Debug|x64 = Debug|x64
+		Debug|ARM64 = Debug|ARM64
 		DLL Debug|Win32 = DLL Debug|Win32
 		DLL Debug|x64 = DLL Debug|x64
+		DLL Debug|ARM64 = DLL Debug|ARM64
 		DLL Release|Win32 = DLL Release|Win32
 		DLL Release|x64 = DLL Release|x64
+		DLL Release|ARM64 = DLL Release|ARM64
 		Release|Win32 = Release|Win32
 		Release|x64 = Release|x64
+		Release|ARM64 = Release|ARM64
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|ARM64.Build.0 = Debug|ARM64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|ARM64.ActiveCfg = Release|ARM64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|ARM64.Build.0 = Release|ARM64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.ActiveCfg = Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.ActiveCfg = Debug|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.Build.0 = Debug|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|ARM64.Build.0 = Debug|ARM64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.Build.0 = DLL Release|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.ActiveCfg = Release|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.Build.0 = Release|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|ARM64.ActiveCfg = Release|ARM64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|ARM64.Build.0 = Release|ARM64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|Win32.ActiveCfg = Debug|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|Win32.Build.0 = Debug|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.ActiveCfg = Debug|x64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.Build.0 = Debug|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|ARM64.Build.0 = Debug|ARM64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.ActiveCfg = Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.Build.0 = Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|x64.ActiveCfg = Release|x64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|x64.Build.0 = Release|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|ARM64.ActiveCfg = Release|ARM64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|ARM64.Build.0 = Release|ARM64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.ActiveCfg = Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.Build.0 = Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.ActiveCfg = Debug|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.Build.0 = Debug|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|ARM64.Build.0 = Debug|ARM64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.Build.0 = DLL Release|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.ActiveCfg = Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.Build.0 = Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|x64.ActiveCfg = Release|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|x64.Build.0 = Release|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|ARM64.ActiveCfg = Release|ARM64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|ARM64.Build.0 = Release|ARM64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.ActiveCfg = Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.Build.0 = Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.ActiveCfg = Debug|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.Build.0 = Debug|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|ARM64.Build.0 = Debug|ARM64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.Build.0 = DLL Release|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.ActiveCfg = Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.Build.0 = Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|x64.ActiveCfg = Release|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|x64.Build.0 = Release|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|ARM64.ActiveCfg = Release|ARM64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|ARM64.Build.0 = Release|ARM64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.ActiveCfg = Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.Build.0 = Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.ActiveCfg = Debug|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.Build.0 = Debug|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|ARM64.Build.0 = Debug|ARM64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.Build.0 = DLL Release|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.ActiveCfg = Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.Build.0 = Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|x64.ActiveCfg = Release|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|x64.Build.0 = Release|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|ARM64.ActiveCfg = Release|ARM64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|ARM64.Build.0 = Release|ARM64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.ActiveCfg = Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.Build.0 = Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.ActiveCfg = Debug|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.Build.0 = Debug|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|ARM64.Build.0 = Debug|ARM64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.Build.0 = DLL Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.ActiveCfg = DLL Release|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.Build.0 = DLL Release|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|ARM64.Build.0 = DLL Release|ARM64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.ActiveCfg = Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.Build.0 = Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|x64.ActiveCfg = Release|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|x64.Build.0 = Release|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|ARM64.ActiveCfg = Release|ARM64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|ARM64.Build.0 = Release|ARM64
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Debug|Win32.ActiveCfg = Debug|Win32
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Debug|x64.ActiveCfg = Debug|x64
+		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Debug|ARM64.ActiveCfg = Debug|ARM64
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Debug|Win32.ActiveCfg = Debug|Win32
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Debug|ARM64.ActiveCfg = Debug|ARM64
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Release|Win32.ActiveCfg = Debug|Win32
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Release|x64.ActiveCfg = Debug|x64
+		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.DLL Release|ARM64.ActiveCfg = Debug|ARM64
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Release|Win32.ActiveCfg = Release|Win32
 		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Release|x64.ActiveCfg = Release|x64
+		{8C89E16E-9C36-45EF-A491-F4EBD4A8D8F1}.Release|ARM64.ActiveCfg = Release|ARM64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
diff --git a/wrapper/Ada/README.md b/wrapper/Ada/README.md
index 76f4b8e8b..ac98f71ae 100644
--- a/wrapper/Ada/README.md
+++ b/wrapper/Ada/README.md
@@ -13,10 +13,11 @@ code to zero-out stack frames used by subprograms.
 Unfortunately this works well for the primary stack but not
 for the secondary stack. The GNAT User's Guide recommends
 avoiding the secondary stack using the restriction
-No_Secondary_Stack (see the GNAT configuration file gnat.adc
+No_Secondary_Stack (see the GNAT configuration file restricted.adc
 which instructs compilation of the WolfSSL Ada binding under
 this restriction). Note, however, that the examples do make use of the
-secondary stack.
+secondary stack and the Alire project does not include this restriction, for
+letting users of the library to define it at their level.
 
 Portability: The WolfSSL Ada binding makes no usage of controlled types
 and has no dependency upon the Ada.Finalization package.
@@ -25,10 +26,12 @@ the restriction No_Finalization. The WolfSSL Ada binding has
 been developed with maximum portability in mind.
 
 Not only can the WolfSSL Ada binding be used in Ada applications but
-also SPARK applications (a subset of the Ada language suitable
+also SPARK applications (a subset of the Ada language suitable for
 formal verification). To formally verify the Ada code in this repository
-open the client.gpr with GNAT Studio and then select
-SPARK -> Prove All Sources and use Proof Level 2.
+open the examples.gpr with GNAT Studio and then select
+SPARK -> Prove All Sources and use Proof Level 2. Or when using the command
+line, use `gnatprove -Pexamples.gpr --level=4 -j12` (`-j12` is there in
+order to instruct the prover to use 12 CPUs if available).
 
 ```
 Summary of SPARK analysis
@@ -53,23 +56,35 @@ Total                           172    17 (10%)          .                     1
 
 ## Compiler and Build System installation
 
-### GNAT Community Edition 2021
-Download and install the GNAT community Edition 2021 compiler and studio:
-https://www.adacore.com/download
+### Recommended: [Alire](https://alire.ada.dev)
+[Alire](https://alire.ada.dev) is a modern package manager for the Ada
+ecosystem.  The latest version is available for Windows, OSX, Linux and FreeBSD
+systems.  It can install a complete Ada toolchain if needed, see `alr install`
+for more information.
 
-Linux Install:
+In order to use WolfSSL in a project, just add WolfSSL as a dependency by
+running `alr with wolfssl` within your project's directory.
+
+If the project is to be verified with SPARK, just add `gnatprove` as a
+dependency by running `alr with gnatprove` and then running `alr gnatprove`,
+which will execute the SPARK solver. If you get warnings, it is recommended to
+increase the prove level: `alr gnatprove --level=4`.
+
+### GNAT FSF Compiler and GPRBuild manual installation
+In May 2022 AdaCore announced the end of the GNAT Community releases.
+Pre-built binaries for the GNAT FSF compiler and GPRBuild can be
+downloaded and manually installed from here:
+https://github.com/alire-project/GNAT-FSF-builds/releases
+Make sure the executables for the compiler and GPRBuild are on the PATH
+and use gprbuild to build the source code.
+
+#### Manual build of the project
 
 ```sh
-chmod +x gnat-2021-20210519-x86_64-linux-bin
-./gnat-2021-20210519-x86_64-linux-bin
-```
-
-```sh
-export PATH="/opt/GNAT/2021/bin:$PATH"
 cd wrapper/Ada
 gprclean
 gprbuild default.gpr
-gprbuild client.gpr
+gprbuild examples.gpr
 
 cd obj/
 ./tls_server_main &
@@ -79,18 +94,9 @@ cd obj/
 On Windows, build the executables with:
 ```sh
 gprbuild -XOS=Windows default.gpr
-gprbuild -XOS=Windows client.gpr
+gprbuild -XOS=Windows examples.gpr
 ```
 
-
-### GNAT FSF Compiler and GPRBuild manual installation
-In May 2022 AdaCore announced the end of the GNAT Community releases.
-Pre-built binaries for the GNAT FSF compiler and GPRBuild can be
-downloaded and manually installed from here:
-https://github.com/alire-project/GNAT-FSF-builds/releases
-Make sure the executables for the compiler and GPRBuild are on the PATH
-and use gprbuild to build the source code.
-
 ## Files
 The (D)TLS v1.3 client example in the Ada/SPARK programming language
 using the WolfSSL library can be found in the files:
@@ -103,15 +109,3 @@ using the WolfSSL library can be found in the files:
 tls_server_main.adb
 tls_server.ads
 tls_server.adb
-
-A feature of the Ada language that is not part of SPARK is exceptions.
-Some packages of the Ada standard library and GNAT specific packages
-provided by the GNAT compiler can therefore not be used directly but
-need to be put into wrapper packages that does not raise exceptions.
-The packages that provide access to sockets and command line arguments
-to applications implemented in the SPARK programming language can be
-found in the files:
-spark_sockets.ads
-spark_sockets.adb
-spark_terminal.ads
-spark_terminal.adb
diff --git a/wrapper/Ada/ada_binding.c b/wrapper/Ada/ada_binding.c
index 72fd8b475..0be189da8 100644
--- a/wrapper/Ada/ada_binding.c
+++ b/wrapper/Ada/ada_binding.c
@@ -1,6 +1,6 @@
 /* ada_binding.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/Ada/alire.toml b/wrapper/Ada/alire.toml
new file mode 100644
index 000000000..025f0b5a5
--- /dev/null
+++ b/wrapper/Ada/alire.toml
@@ -0,0 +1,14 @@
+name = "wolfssl"
+description = "WolfSSL encryption library and its Ada bindings"
+version = "5.7.6"
+
+authors = ["WolfSSL Team <support@wolfssl.com>"]
+maintainers = ["Fernando Oleo Blanco <irvise@irvise.xyz>"]
+maintainers-logins = ["Irvise"]
+licenses = "GPL-2.0-only"
+website = "https://www.wolfssl.com/"
+project-files = ["wolfssl.gpr"]
+tags = ["ssl", "tls", "embedded", "spark"]
+
+[configuration.variables]
+STATIC_PSK = {type = "Boolean", default = false}
\ No newline at end of file
diff --git a/wrapper/Ada/default.gpr b/wrapper/Ada/default.gpr
index 42dcd745c..16809601b 100644
--- a/wrapper/Ada/default.gpr
+++ b/wrapper/Ada/default.gpr
@@ -11,21 +11,27 @@ project Default is
                         "../../src",
                         "../../wolfcrypt/src");
 
-   --  Don't build the tls client application because it makes use
+   --  Don't build the tls application examples because they make use
    --  of the Secondary Stack due to usage of the Ada.Command_Line
    --  package. All other Ada source code does not use the secondary stack.
-   for Excluded_Source_Files use ("tls_client_main.adb",
-                                  "tls_client.ads",
-                                  "tls_client.adb");
+   for Excluded_Source_Files use
+     ("tls_client_main.adb",
+      "tls_client.ads",
+      "tls_client.adb",
+      "tls_server_main.adb",
+      "tls_server.ads",
+      "tls_server.adb");
 
    for Object_Dir use "obj";
 
-   for Main use ("tls_server_main.adb");
-
    package Naming is
       for Spec_Suffix ("C") use ".h";
    end Naming;
 
+   package Builder is
+      for Global_Configuration_Pragmas use "restricted.adc";
+   end Builder;
+
    package Compiler is
       for Switches ("C") use
          ("-DWOLFSSL_USER_SETTINGS", --  Use the user_settings.h file.
diff --git a/wrapper/Ada/client.gpr b/wrapper/Ada/examples.gpr
similarity index 92%
rename from wrapper/Ada/client.gpr
rename to wrapper/Ada/examples.gpr
index cdbf3dedf..218f93e51 100644
--- a/wrapper/Ada/client.gpr
+++ b/wrapper/Ada/examples.gpr
@@ -1,4 +1,4 @@
-project Client is
+project Examples is
    type OS_Kind is ("Windows", "Linux_Or_Mac");
 
    OS : OS_Kind := external ("OS", "Linux_Or_Mac");
@@ -12,7 +12,7 @@ project Client is
 
    for Object_Dir use "obj";
 
-   for Main use ("tls_client_main.adb");
+   for Main use ("tls_server_main.adb", "tls_client_main.adb");
 
    package Naming is
       for Spec_Suffix ("C") use ".h";
@@ -75,4 +75,4 @@ project Client is
       for Switches ("Ada") use ("-Es");  --  To include stack traces.
    end Binder;
 
-end Client;
+end Examples;
diff --git a/wrapper/Ada/include.am b/wrapper/Ada/include.am
index 3701e581c..cc2001e9a 100644
--- a/wrapper/Ada/include.am
+++ b/wrapper/Ada/include.am
@@ -4,7 +4,7 @@
 
 EXTRA_DIST+= wrapper/Ada/README.md
 EXTRA_DIST+= wrapper/Ada/default.gpr
-EXTRA_DIST+= wrapper/Ada/gnat.adc
+EXTRA_DIST+= wrapper/Ada/restricted.adc
 EXTRA_DIST+= wrapper/Ada/ada_binding.c
 EXTRA_DIST+= wrapper/Ada/tls_client_main.adb
 EXTRA_DIST+= wrapper/Ada/tls_client.adb
diff --git a/wrapper/Ada/gnat.adc b/wrapper/Ada/restricted.adc
similarity index 100%
rename from wrapper/Ada/gnat.adc
rename to wrapper/Ada/restricted.adc
diff --git a/wrapper/Ada/tls_client.adb b/wrapper/Ada/tls_client.adb
index 3ec39320a..4cd56c08b 100644
--- a/wrapper/Ada/tls_client.adb
+++ b/wrapper/Ada/tls_client.adb
@@ -23,7 +23,8 @@
 with Ada.Characters.Handling;
 with Ada.Strings.Bounded;
 with Ada.Text_IO;
-with Interfaces.C;
+with Ada.Directories;
+with Interfaces.C.Strings;
 
 with SPARK_Terminal;
 
@@ -40,8 +41,68 @@ package body Tls_Client with SPARK_Mode is
 
    subtype Byte_Type is WolfSSL.Byte_Type;
 
+   subtype chars_ptr is WolfSSL.chars_ptr;
+   subtype unsigned is WolfSSL.unsigned;
+
    package Natural_IO is new Ada.Text_IO.Integer_IO (Natural);
 
+   function PSK_Client_Callback
+     (Unused         : WolfSSL.WolfSSL_Type;
+      Hint           : chars_ptr;
+      Identity       : chars_ptr;
+      Id_Max_Length  : unsigned;
+      Key            : chars_ptr;
+      Key_Max_Length : unsigned) return unsigned
+   with Convention => C;
+
+   function PSK_Client_Callback
+     (Unused         : WolfSSL.WolfSSL_Type;
+      Hint           : chars_ptr;
+      Identity       : chars_ptr;
+      Id_Max_Length  : unsigned;
+      Key            : chars_ptr;
+      Key_Max_Length : unsigned) return unsigned
+   with
+     SPARK_Mode => Off
+   is
+      use type Interfaces.C.unsigned;
+
+      Hint_String : constant String := Interfaces.C.Strings.Value (Hint);
+
+      --  Identity is OpenSSL testing default for openssl s_client, keep same
+      Identity_String : constant String := "Client_identity";
+      --  Test key in hex is 0x1a2b3c4d, in decimal 439,041,101
+      Key_String : constant String :=
+        Character'Val   (26)
+        & Character'Val (43)
+        & Character'Val (60)
+        & Character'Val (77);
+      --  These values are aligned with test values in wolfssl/wolfssl/test.h
+      --  and wolfssl-examples/psk/server-psk.c for testing interoperability.
+
+   begin
+
+      Ada.Text_IO.Put_Line ("Hint: " & Hint_String);
+
+      pragma Assert (Id_Max_Length >= Identity_String'Length);
+
+      Interfaces.C.Strings.Update
+        (Item   => Identity,
+         Offset => 0,
+         Str    => Identity_String,
+         Check  => False);
+
+      pragma Assert (Key_Max_Length >= Key_String'Length);
+
+      Interfaces.C.Strings.Update
+        (Item   => Key,
+         Offset => 0,
+         Str    => Key_String,
+         Check  => False);
+
+      return Key_String'Length;
+   end PSK_Client_Callback;
+
    procedure Put (Text : String) is
    begin
       Ada.Text_IO.Put (Text);
@@ -107,9 +168,9 @@ package body Tls_Client with SPARK_Mode is
 
    Any_Inet_Addr : Inet_Addr_Type renames SPARK_Sockets.Any_Inet_Addr;
 
-   CERT_FILE : constant String := "../../../certs/client-cert.pem";
-   KEY_FILE  : constant String := "../../../certs/client-key.pem";
-   CA_FILE   : constant String := "../../../certs/ca-cert.pem";
+   CERT_FILE : constant String := "../../certs/client-cert.pem";
+   KEY_FILE  : constant String := "../../certs/client-key.pem";
+   CA_FILE   : constant String := "../../certs/ca-cert.pem";
 
    subtype Byte_Array is WolfSSL.Byte_Array;
 
@@ -143,7 +204,8 @@ package body Tls_Client with SPARK_Mode is
       Output : WolfSSL.Write_Result;
 
       Result : WolfSSL.Subprogram_Result;
-      DTLS   : Boolean;
+      DTLS   : Boolean := False;
+      PSK    : Boolean := False;
    begin
       Result := WolfSSL.Initialize;
       if Result /= Success then
@@ -153,13 +215,18 @@ package body Tls_Client with SPARK_Mode is
 
       if Argument_Count < 1
          or Argument_Count > 2
-         or (Argument_Count = 2 and then Argument (2) /= "--dtls")
+         or (Argument_Count = 2 and then
+             Argument (2) /= "--dtls" and then
+             Argument (2) /= "--psk")
       then
-         Put_Line ("usage: tls_client_main <IPv4 address> [--dtls]");
+         Put_Line ("usage: tls_client_main <IPv4 address> [--dtls | --psk]");
          return;
       end if;
 
-      DTLS := (SPARK_Terminal.Argument_Count = 2);
+      if Argument_Count = 2 then
+         DTLS := (Argument (2) = "--dtls");
+         PSK  := (Argument (2) = "--psk");
+      end if;
 
       if DTLS then
          SPARK_Sockets.Create_Datagram_Socket (C);
@@ -219,51 +286,54 @@ package body Tls_Client with SPARK_Mode is
       --  Require mutual authentication.
       WolfSSL.Set_Verify
          (Context => Ctx,
-          Mode    => WolfSSL.Verify_Peer & WolfSSL.Verify_Fail_If_No_Peer_Cert);
+          Mode    => WolfSSL.Verify_Peer or WolfSSL.Verify_Fail_If_No_Peer_Cert);
 
-      --  Load client certificate into WOLFSSL_CTX.
-      Result := WolfSSL.Use_Certificate_File (Context => Ctx,
-                                              File    => CERT_FILE,
-                                              Format  => WolfSSL.Format_Pem);
-      if Result /= Success then
-         Put ("ERROR: failed to load ");
-         Put (CERT_FILE);
-         Put (", please check the file.");
-         New_Line;
-         SPARK_Sockets.Close_Socket (C);
-         WolfSSL.Free (Context => Ctx);
-         Set (Exit_Status_Failure);
-         return;
-      end if;
+      if not PSK then
 
-      --  Load client key into WOLFSSL_CTX.
-      Result := WolfSSL.Use_Private_Key_File (Context => Ctx,
-                                              File    => KEY_FILE,
-                                              Format  => WolfSSL.Format_Pem);
-      if Result /= Success then
-         Put ("ERROR: failed to load ");
-         Put (KEY_FILE);
-         Put (", please check the file.");
-         New_Line;
-         SPARK_Sockets.Close_Socket (C);
-         WolfSSL.Free (Context => Ctx);
-         Set (Exit_Status_Failure);
-         return;
-      end if;
+         --  Load client certificate into WOLFSSL_CTX.
+         Result := WolfSSL.Use_Certificate_File (Context => Ctx,
+                                                File    => CERT_FILE,
+                                                Format  => WolfSSL.Format_Pem);
+         if Result /= Success then
+            Put ("ERROR: failed to load ");
+            Put (CERT_FILE);
+            Put (", please check the file.");
+            New_Line;
+            SPARK_Sockets.Close_Socket (C);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
 
-      --  Load CA certificate into WOLFSSL_CTX.
-      Result := WolfSSL.Load_Verify_Locations (Context => Ctx,
-                                               File    => CA_FILE,
-                                               Path    => "");
-      if Result /= Success then
-         Put ("ERROR: failed to load ");
-         Put (CA_FILE);
-         Put (", please check the file.");
-         New_Line;
-         SPARK_Sockets.Close_Socket (C);
-         WolfSSL.Free (Context => Ctx);
-         Set (Exit_Status_Failure);
-         return;
+         --  Load client key into WOLFSSL_CTX.
+         Result := WolfSSL.Use_Private_Key_File (Context => Ctx,
+                                                File    => KEY_FILE,
+                                                Format  => WolfSSL.Format_Pem);
+         if Result /= Success then
+            Put ("ERROR: failed to load ");
+            Put (KEY_FILE);
+            Put (", please check the file.");
+            New_Line;
+            SPARK_Sockets.Close_Socket (C);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
+
+         --  Load CA certificate into WOLFSSL_CTX.
+         Result := WolfSSL.Load_Verify_Locations (Context => Ctx,
+                                                File    => CA_FILE,
+                                                Path    => "");
+         if Result /= Success then
+            Put ("ERROR: failed to load ");
+            Put (CA_FILE);
+            Put (", please check the file.");
+            New_Line;
+            SPARK_Sockets.Close_Socket (C);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
       end if;
 
       --  Create a WOLFSSL object.
@@ -276,6 +346,13 @@ package body Tls_Client with SPARK_Mode is
          return;
       end if;
 
+      if PSK then
+         --  Use PSK for authentication.
+         WolfSSL.Set_PSK_Client_Callback
+           (Ssl      => Ssl,
+            Callback => PSK_Client_Callback'Access);
+      end if;
+
       if DTLS then
          Result := WolfSSL.DTLS_Set_Peer(Ssl     => Ssl,
                                          Address => A);
diff --git a/wrapper/Ada/tls_server.adb b/wrapper/Ada/tls_server.adb
index 28a032fdc..9cd30b9d3 100644
--- a/wrapper/Ada/tls_server.adb
+++ b/wrapper/Ada/tls_server.adb
@@ -24,6 +24,8 @@ with Ada.Characters.Handling;
 with Ada.Strings.Bounded;
 with Ada.Text_IO.Bounded_IO;
 
+with Interfaces.C.Strings;
+
 with SPARK_Terminal; pragma Elaborate_All (SPARK_Terminal);
 
 package body Tls_Server with SPARK_Mode is
@@ -35,6 +37,9 @@ package body Tls_Server with SPARK_Mode is
 
    Success : WolfSSL.Subprogram_Result renames WolfSSL.Success;
 
+   subtype chars_ptr is WolfSSL.chars_ptr;
+   subtype unsigned is WolfSSL.unsigned;
+
    procedure Put (Char : Character) is
    begin
       Ada.Text_IO.Put (Char);
@@ -87,14 +92,62 @@ package body Tls_Server with SPARK_Mode is
 
    Any_Inet_Addr : Inet_Addr_Type renames SPARK_Sockets.Any_Inet_Addr;
 
-   CERT_FILE : constant String := "../../../certs/server-cert.pem";
-   KEY_FILE  : constant String := "../../../certs/server-key.pem";
-   CA_FILE   : constant String := "../../../certs/client-cert.pem";
+   CERT_FILE : constant String := "../../certs/server-cert.pem";
+   KEY_FILE  : constant String := "../../certs/server-key.pem";
+   CA_FILE   : constant String := "../../certs/client-cert.pem";
 
    subtype Byte_Array is WolfSSL.Byte_Array;
 
    Reply : constant Byte_Array := "I hear ya fa shizzle!";
 
+
+   function PSK_Server_Callback
+     (Unused         : WolfSSL.WolfSSL_Type;
+      Identity       : chars_ptr;
+      Key            : chars_ptr;
+      Key_Max_Length : unsigned) return unsigned
+   with Convention => C;
+
+   function PSK_Server_Callback
+     (Unused         : WolfSSL.WolfSSL_Type;
+      Identity       : chars_ptr;
+      Key            : chars_ptr;
+      Key_Max_Length : unsigned) return unsigned
+   with
+     SPARK_Mode => Off
+   is
+      use type Interfaces.C.unsigned;
+
+      --  Identity is OpenSSL testing default for openssl s_client, keep same
+      Identity_String : constant String := "Client_identity";
+      --  Test key in hex is 0x1a2b3c4d, in decimal 439,041,101
+      Key_String : constant String :=
+        (Character'Val (26),
+         Character'Val (43),
+         Character'Val (60),
+         Character'Val (77));
+      --  These values are aligned with test values in wolfssl/wolfssl/test.h
+      --  and wolfssl-examples/psk/server-psk.c for testing interoperability.
+
+   begin
+
+      if Interfaces.C.Strings.Value
+        (Item   => Identity,
+         Length => Identity_String'Length) /= Identity_String or else
+         Key_Max_Length < Key_String'Length
+      then
+         return 0;
+      end if;
+
+      Interfaces.C.Strings.Update
+        (Item   => Key,
+         Offset => 0,
+         Str    => Key_String,
+         Check  => False);
+
+      return Key_String'Length;
+   end PSK_Server_Callback;
+
    procedure Run (Ssl : in out WolfSSL.WolfSSL_Type;
                   Ctx : in out WolfSSL.Context_Type;
                   L   : in out SPARK_Sockets.Optional_Socket;
@@ -105,7 +158,7 @@ package body Tls_Server with SPARK_Mode is
       Ch : Character;
 
       Result : WolfSSL.Subprogram_Result;
-      DTLS : Boolean;
+      DTLS, PSK : Boolean := True;
       Shall_Continue : Boolean := True;
 
       Input  : WolfSSL.Read_Result;
@@ -119,14 +172,18 @@ package body Tls_Server with SPARK_Mode is
       end if;
 
       if SPARK_Terminal.Argument_Count > 1
-         or (SPARK_Terminal.Argument_Count = 1
-         and then SPARK_Terminal.Argument (1) /= "--dtls")
+         or (SPARK_Terminal.Argument_Count = 1 and then
+             SPARK_Terminal.Argument (1) /= "--dtls" and then
+             SPARK_Terminal.Argument (1) /= "--psk")
       then
-         Put_Line ("usage: tls_server_main [--dtls]");
+         Put_Line ("usage: tls_server_main [--dtls | --psk]");
          return;
       end if;
 
-      DTLS := (SPARK_Terminal.Argument_Count = 1);
+      if SPARK_Terminal.Argument_Count = 1 then
+         DTLS := (SPARK_Terminal.Argument (1) = "--dtls");
+         PSK  := (SPARK_Terminal.Argument (1) = "--psk");
+      end if;
 
       if DTLS then
          SPARK_Sockets.Create_Datagram_Socket (Socket => L);
@@ -197,56 +254,75 @@ package body Tls_Server with SPARK_Mode is
          return;
       end if;
 
-      --  Require mutual authentication.
-      WolfSSL.Set_Verify
-         (Context => Ctx,
-          Mode    => WolfSSL.Verify_Peer & WolfSSL.Verify_Fail_If_No_Peer_Cert);
+      if not PSK then
+         --  Require mutual authentication.
+         WolfSSL.Set_Verify
+           (Context => Ctx,
+            Mode    => WolfSSL.Verify_Peer or WolfSSL.Verify_Fail_If_No_Peer_Cert);
 
-      --  Load server certificates into WOLFSSL_CTX.
-      Result := WolfSSL.Use_Certificate_File (Context => Ctx,
-                                              File    => CERT_FILE,
-                                              Format  => WolfSSL.Format_Pem);
-      if Result /= Success then
-         Put ("ERROR: failed to load ");
-         Put (CERT_FILE);
-         Put (", please check the file.");
-         New_Line;
-         SPARK_Sockets.Close_Socket (L);
-         WolfSSL.Free (Context => Ctx);
-         Set (Exit_Status_Failure);
-         return;
+         --  Check verify is set correctly (GitHub #7461)
+         if WolfSSL.Get_Verify(Context => Ctx) /= (WolfSSL.Verify_Peer or WolfSSL.Verify_Fail_If_No_Peer_Cert) then
+               Put_Line ("Error: Verify does not match requested");
+               SPARK_Sockets.Close_Socket (L);
+               WolfSSL.Free (Context => Ctx);
+               Set (Exit_Status_Failure);
+               return;
+         end if;
+
+         --  Load server certificates into WOLFSSL_CTX.
+         Result := WolfSSL.Use_Certificate_File (Context => Ctx,
+                                                 File    => CERT_FILE,
+                                                 Format  => WolfSSL.Format_Pem);
+         if Result /= Success then
+            Put ("ERROR: failed to load ");
+            Put (CERT_FILE);
+            Put (", please check the file.");
+            New_Line;
+            SPARK_Sockets.Close_Socket (L);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
+
+         --  Load server key into WOLFSSL_CTX.
+         Result := WolfSSL.Use_Private_Key_File (Context => Ctx,
+                                                 File    => KEY_FILE,
+                                                 Format  => WolfSSL.Format_Pem);
+         if Result /= Success then
+            Put ("ERROR: failed to load ");
+            Put (KEY_FILE);
+            Put (", please check the file.");
+            New_Line;
+            SPARK_Sockets.Close_Socket (L);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
+
+         --  Load client certificate as "trusted" into WOLFSSL_CTX.
+         Result := WolfSSL.Load_Verify_Locations (Context => Ctx,
+                                                  File    => CA_FILE,
+                                                  Path    => "");
+
+         if Result /= Success then
+            Put ("ERROR: failed to load ");
+            Put (CA_FILE);
+            Put (", please check the file.");
+            New_Line;
+            SPARK_Sockets.Close_Socket (L);
+            WolfSSL.Free (Context => Ctx);
+            Set (Exit_Status_Failure);
+            return;
+         end if;
       end if;
 
-      --  Load server key into WOLFSSL_CTX.
-      Result := WolfSSL.Use_Private_Key_File (Context => Ctx,
-                                              File    => KEY_FILE,
-                                              Format  => WolfSSL.Format_Pem);
-      if Result /= Success then
-         Put ("ERROR: failed to load ");
-         Put (KEY_FILE);
-         Put (", please check the file.");
-         New_Line;
-         SPARK_Sockets.Close_Socket (L);
-         WolfSSL.Free (Context => Ctx);
-         Set (Exit_Status_Failure);
-         return;
+      if PSK then
+         --  Use PSK for authentication.
+         WolfSSL.Set_Context_PSK_Server_Callback
+            (Context  => Ctx,
+             Callback => PSK_Server_Callback'Access);
       end if;
-
-      --  Load client certificate as "trusted" into WOLFSSL_CTX.
-      Result := WolfSSL.Load_Verify_Locations (Context => Ctx,
-                                               File    => CA_FILE,
-                                               Path    => "");
-      if Result /= Success then
-         Put ("ERROR: failed to load ");
-         Put (CA_FILE);
-         Put (", please check the file.");
-         New_Line;
-         SPARK_Sockets.Close_Socket (L);
-         WolfSSL.Free (Context => Ctx);
-         Set (Exit_Status_Failure);
-         return;
-      end if;
-
+               
       while Shall_Continue loop
          pragma Loop_Invariant (not C.Exists);
          pragma Loop_Invariant (not WolfSSL.Is_Valid (Ssl));
diff --git a/wrapper/Ada/user_settings.h b/wrapper/Ada/user_settings.h
index 6218b2c24..3631f8f9a 100644
--- a/wrapper/Ada/user_settings.h
+++ b/wrapper/Ada/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -34,9 +34,14 @@
 extern "C" {
 #endif
 
+#include <stdint.h>
+
 /* Usually comes from configure -> config.h */
 #define HAVE_SYS_TIME_H
 
+/* Explicitly define NETDB support */
+#define HAVE_NETDB_H
+
 /* Features */
 #define SINGLE_THREADED
 #define WOLFSSL_IGNORE_FILE_WARN /* Ignore *.c include warnings */
@@ -255,9 +260,9 @@ extern "C" {
 
 
 /* Openssl compatibility */
+#define OPENSSL_EXTRA
 #if 0 /* DG Disabled */
     /* Openssl compatibility API's */
-    #define OPENSSL_EXTRA
     #define OPENSSL_ALL
     #define HAVE_OPENSSL_CMD
     #define SSL_TXT_TLSV1_2
diff --git a/wrapper/Ada/wolfssl.adb b/wrapper/Ada/wolfssl.adb
index 068466ae3..9bdd07afd 100644
--- a/wrapper/Ada/wolfssl.adb
+++ b/wrapper/Ada/wolfssl.adb
@@ -204,12 +204,12 @@ package body WolfSSL is
    --  PSK connection. If a PSK connection is being made then the
    --  connection will go through without a peer cert.
 
-   function "&" (Left, Right : Mode_Type) return Mode_Type is
+   function "or" (Left, Right : Mode_Type) return Mode_Type is
       L : constant Unsigned_32 := Unsigned_32 (Left);
       R : constant Unsigned_32 := Unsigned_32 (Right);
    begin
-      return Mode_Type (L and R);
-   end "&";
+      return Mode_Type (L or R);
+   end "or";
 
    procedure Set_Verify (Context : Context_Type;
                          Mode    : Mode_Type) is
@@ -219,6 +219,16 @@ package body WolfSSL is
                               Callback => null);
    end Set_Verify;
 
+   function WolfSSL_Get_Verify(Context : Context_Type) return int with
+     Convention    => C,
+     External_Name => "wolfSSL_CTX_get_verify_mode",
+     Import        => True;
+
+   function Get_Verify (Context : Context_Type) return Mode_Type is
+   begin
+      return Mode_Type (WolfSSL_Get_Verify(Context));
+   end Get_Verify;
+
    function Use_Certificate_File (Context : Context_Type;
                                   File    : char_array;
                                   Format  : int)
@@ -567,6 +577,51 @@ package body WolfSSL is
 
    end DTLS_Set_Peer;
 
+   procedure WolfSSL_Set_Psk_Client_Callback
+     (Ssl : WolfSSL_Type;
+      Cb  : PSK_Client_Callback)
+   with
+     Convention    => C,
+     External_Name => "wolfSSL_set_psk_client_callback",
+     Import        => True;
+
+   procedure Set_PSK_Client_Callback
+     (Ssl      : WolfSSL_Type;
+      Callback : PSK_Client_Callback) is
+   begin
+      WolfSSL_Set_Psk_Client_Callback (Ssl, Callback);
+   end Set_PSK_Client_Callback;
+
+   procedure WolfSSL_Set_Psk_Server_Callback
+     (Ssl : WolfSSL_Type;
+      Cb  : PSK_Server_Callback)
+   with
+     Convention    => C,
+     External_Name => "wolfSSL_set_psk_server_callback",
+     Import        => True;
+
+   procedure Set_PSK_Server_Callback
+       (Ssl      : WolfSSL_Type;
+        Callback : PSK_Server_Callback) is
+   begin
+      WolfSSL_Set_Psk_Server_Callback (Ssl, Callback);
+   end Set_PSK_Server_Callback;
+
+   procedure WolfSSL_CTX_Set_Psk_Server_Callback
+     (Ctx : Context_Type;
+      Cb  : PSK_Server_Callback)
+   with
+     Convention    => C,
+     External_Name => "wolfSSL_CTX_set_psk_server_callback",
+     Import        => True;
+
+   procedure Set_Context_PSK_Server_Callback
+       (Context  : Context_Type;
+        Callback : PSK_Server_Callback) is
+   begin
+      WolfSSL_CTX_Set_Psk_Server_Callback (Context, Callback);
+   end Set_Context_PSK_Server_Callback;
+
    function WolfSSL_Set_Fd (Ssl : WolfSSL_Type; Fd : int) return int with
      Convention    => C,
      External_Name => "wolfSSL_set_fd",
diff --git a/wrapper/Ada/wolfssl.ads b/wrapper/Ada/wolfssl.ads
index 361544630..2a247a676 100644
--- a/wrapper/Ada/wolfssl.ads
+++ b/wrapper/Ada/wolfssl.ads
@@ -20,7 +20,7 @@
 --
 
 with GNAT.Sockets;
-with Interfaces.C;
+with Interfaces.C.Strings;
 
 --  This package is annotated "with SPARK_Mode" that SPARK can verify
 --  the API of this package is used correctly.
@@ -39,7 +39,10 @@ package WolfSSL with SPARK_Mode is
    --  Doesn't have to be called, though it will free any resources
    --  used by the library.
 
+   subtype unsigned is Interfaces.C.unsigned;
+
    subtype char_array is Interfaces.C.char_array;  --  Remove?
+   subtype chars_ptr is Interfaces.C.Strings.chars_ptr;
 
    subtype Byte_Type  is Interfaces.C.char;
    subtype Byte_Index is Interfaces.C.size_t range 0 .. 16_000;
@@ -100,7 +103,7 @@ package WolfSSL with SPARK_Mode is
 
    type Mode_Type is private;
 
-   function "&" (Left, Right : Mode_Type) return Mode_Type;
+   function "or" (Left, Right : Mode_Type) return Mode_Type;
 
    Verify_None : constant Mode_Type;
    --  Client mode: the client will not verify the certificate received
@@ -143,6 +146,8 @@ package WolfSSL with SPARK_Mode is
       Pre => Is_Valid (Context);
    --  This function sets the verification method for remote peers
 
+   function Get_Verify (Context : Context_Type) return Mode_Type;
+
    type File_Format is private;
 
    Format_Asn1    : constant File_Format;
@@ -295,6 +300,64 @@ package WolfSSL with SPARK_Mode is
    --  This function wraps the corresponding WolfSSL C function to allow
    --  clients to use Ada socket types when implementing a DTLS client.
 
+   type PSK_Client_Callback is access function
+     (Ssl            : WolfSSL_Type;
+      Hint           : chars_ptr;
+      Identity       : chars_ptr;
+      Id_Max_Length  : unsigned;
+      Key            : chars_ptr;
+      Key_Max_Length : unsigned)
+      return unsigned with
+     Convention => C;
+     --  Return value is the key length on success or zero on error.
+     --  parameters:
+     --  Ssl - Pointer to the wolfSSL structure
+     --  Hint - A stored string that could be displayed to provide a
+     --         hint to the user.
+     --  Identity - The ID will be stored here.
+     --  Id_Max_Length - Size of the ID buffer.
+     --  Key - The key will be stored here.
+     --  Key_Max_Length - The max size of the key.
+     --
+     --  The implementation of this callback will need `SPARK_Mode => Off`
+     --  since it will require the code to use the C memory model.
+
+   procedure Set_PSK_Client_Callback
+     (Ssl      : WolfSSL_Type;
+      Callback : PSK_Client_Callback) with
+     Pre => Is_Valid (Ssl);
+     -- Sets the PSK client side callback.
+
+   
+   type PSK_Server_Callback is access function
+     (Ssl            : WolfSSL_Type;
+      Identity       : chars_ptr;
+      Key            : chars_ptr;
+      Key_Max_Length : unsigned)
+      return unsigned with
+     Convention => C;
+     --  Return value is the key length on success or zero on error.
+     --  PSK server callback parameters:
+     --  Ssl - Reference to the wolfSSL structure
+     --  Identity - The ID will be stored here. 
+     --  Key - The key will be stored here.
+     --  Key_Max_Length - The max size of the key.
+     --
+     --  The implementation of this callback will need `SPARK_Mode => Off`
+     --  since it will require the code to use the C memory model.
+
+   procedure Set_PSK_Server_Callback
+     (Ssl      : WolfSSL_Type;
+      Callback : PSK_Server_Callback) with
+     Pre => Is_Valid (Ssl);
+     -- Sets the PSK Server side callback.
+   
+   procedure Set_Context_PSK_Server_Callback
+     (Context  : Context_Type;
+      Callback : PSK_Server_Callback) with
+     Pre => Is_Valid (Context);
+     --  Sets the PSK callback for the server side in the WolfSSL Context. 
+   
    function Attach (Ssl    : WolfSSL_Type;
                     Socket : Integer)
                     return Subprogram_Result with
diff --git a/wrapper/Ada/wolfssl.gpr b/wrapper/Ada/wolfssl.gpr
new file mode 100644
index 000000000..060c2bc6a
--- /dev/null
+++ b/wrapper/Ada/wolfssl.gpr
@@ -0,0 +1,91 @@
+with "config/wolfssl_config.gpr";
+
+library project WolfSSL is
+
+   for Library_Name use "wolfssl";
+
+   for Languages use ("C", "Ada");
+
+   for Source_Dirs use (".",
+                        "../../",
+                        "../../src",
+                        "../../wolfcrypt/src");
+
+   --  Don't build the tls client or server application.
+   --  They are not needed in order to build the library.
+   for Excluded_Source_Files use
+      ("tls_client_main.adb",
+      "tls_client.ads",
+      "tls_client.adb",
+      "tls_server_main.adb",
+      "tls_server.ads",
+      "tls_server.adb");
+
+   for Object_Dir use "obj";
+   for Library_Dir use "lib";
+   for Create_Missing_Dirs use "True";
+
+   type Library_Type_Type is ("relocatable", "static", "static-pic");
+   Library_Type : Library_Type_Type := external("LIBRARY_TYPE", "static");
+   for Library_Kind use Library_Type;
+
+   package Naming is
+      for Spec_Suffix ("C") use ".h";
+   end Naming;
+
+   C_Compiler_Config := ();
+
+   case Wolfssl_Config.STATIC_PSK is
+   when "True" => 
+      C_Compiler_Config := 
+         ("-DWOLFSSL_STATIC_PSK" -- Enable the static PSK cipher support
+         );
+   when others =>
+      C_Compiler_Config := ();
+   end case;
+
+   package Compiler is
+      for Switches ("C") use C_Compiler_Config &
+         ("-DWOLFSSL_USER_SETTINGS", --  Use the user_settings.h file.
+          "-Wno-pragmas",
+          "-Wall",
+          "-Wextra",
+          "-Wunknown-pragmas",
+          "--param=ssp-buffer-size=1",
+          "-Waddress",
+          "-Warray-bounds",
+          "-Wbad-function-cast",
+          "-Wchar-subscripts",
+          "-Wcomment",
+          "-Wfloat-equal",
+          "-Wformat-security",
+          "-Wformat=2",
+          "-Wmaybe-uninitialized",
+          "-Wmissing-field-initializers",
+          "-Wmissing-noreturn",
+          "-Wmissing-prototypes",
+          "-Wnested-externs",
+          "-Wnormalized=id",
+          "-Woverride-init",
+          "-Wpointer-arith",
+          "-Wpointer-sign",
+          "-Wshadow",
+          "-Wsign-compare",
+          "-Wstrict-overflow=1",
+          "-Wstrict-prototypes",
+          "-Wswitch-enum",
+          "-Wundef",
+          "-Wunused",
+          "-Wunused-result",
+          "-Wunused-variable",
+          "-Wwrite-strings",
+          "-fwrapv") & External_As_List ("CFLAGS", " ");
+
+      for Switches ("Ada") use ("-g") & External_As_List ("ADAFLAGS", " ");
+   end Compiler;
+
+   package Binder is
+      for Switches ("Ada") use ("-Es");  --  To include stack traces.
+   end Binder;
+
+end WolfSSl;
diff --git a/wrapper/CSharp/README.md b/wrapper/CSharp/README.md
index 4a2c1455e..537e6cc9b 100644
--- a/wrapper/CSharp/README.md
+++ b/wrapper/CSharp/README.md
@@ -2,7 +2,9 @@
 
 This directory contains the CSharp wrapper for the wolfSSL TLS layer with examples.
 
-* `wolfSSL_CSharp`: wolfSSL TLS layer wrappers (library)
+* `wolfSSL_CSharp`: wolfSSL TLS layer wrappers (library).
+* `wolfCrypt-Test`: wolfCrypt layer wrapper testing.
+* `user_settings.h`: wolfCrypt wrapper user settings.
 
 Examples:
 * `wolfSSL-DTLS-PSK-Server`
@@ -20,6 +22,12 @@ A Visual Studio solution `wolfSSL_CSharp.sln` is provided. This will allow you
 to build the wrapper library and examples. It includes the wolfSSL Visual Studio
 project directly.
 
+To successfully run and build the solution on Windows Visual Studio you will
+need to open a new solution `wolfSSL_CSharp.sln` located in `wrapper\CSharp\wolfSSL_CSharp.sln`.
+
+Select the CPU type, configuration, and target file.
+select `Build` and either `Rebuild Solution` or `Build Solution`.
+
 ## Linux (Ubuntu) using mono
 
 Prerequisites for linux:
@@ -34,35 +42,40 @@ apt-get install mono-complete
 
 ```
 ./autogen.sh
-./configure --enable-wolftpm
+./configure --enable-keygen --enable-eccencrypt --enable-ed25519 --enable-curve25519 --enable-aesgcm
 make
 make check
 sudo make install
 ```
 
-### Build and run the wrapper
+### Build and run the wolfCrypt test wrapper
 
-From the wolfssl root directory:
+From the `wrapper/CSharp` directory (`cd wrapper/CSharp`):
+
+Compile wolfCrypt test:
 
 ```
-cd wrapper/CSharp
+mcs wolfCrypt-Test/wolfCrypt-Test.cs wolfSSL_CSharp/wolfCrypt.cs -OUT:wolfcrypttest.exe
+mono wolfcrypttest.exe
 ```
 
+### Build and run the wolfSSL client/server test
+
+From the `wrapper/CSharp` directory (`cd wrapper/CSharp`):
+
 Compile server:
 
 ```
-mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \
-wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe
+mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe
 ```
 
 Compile client:
 
 ```
-mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \
-wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs -OUT:client.exe
+mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs -OUT:client.exe
 ```
 
-### Run the example
+#### Run the example
 
 In one terminal instance run the server:
 
@@ -76,12 +89,12 @@ And in another terminal instance run the client:
 mono client.exe
 ```
 
-### Enabling SNI
+#### Enabling SNI
 
 To enable SNI, just pass the `-S` argument with the specified hostname to the client:
 
 ```
-mono client.exe -S hostname 
+mono client.exe -S hostname
 ```
 
 And run the server with the `-S` flag:
diff --git a/wrapper/CSharp/include.am b/wrapper/CSharp/include.am
index c1a11c8c0..ecd70d015 100644
--- a/wrapper/CSharp/include.am
+++ b/wrapper/CSharp/include.am
@@ -26,10 +26,13 @@ EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/Properties/AssemblyInfo.
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp.sln
+EXTRA_DIST+= wrapper/CSharp/user_settings.h
+EXTRA_DIST+= wrapper/CSharp/wolfssl.vcxproj
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/AssemblyInfo.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/Resources.Designer.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/Resources.resx
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
+EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/X509.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-Client/App.config
@@ -40,3 +43,7 @@ EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/App.config
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/Properties/AssemblyInfo.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs
 EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj
+EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/App.config
+EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs
+EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs
+EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj
diff --git a/wrapper/CSharp/user_settings.h b/wrapper/CSharp/user_settings.h
new file mode 100644
index 000000000..21fb7b11c
--- /dev/null
+++ b/wrapper/CSharp/user_settings.h
@@ -0,0 +1,136 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* These are the build settings used by the Visual Studio CSharp wrapper */
+
+#ifndef _WIN_CSHARP_USER_SETTINGS_H_
+#define _WIN_CSHARP_USER_SETTINGS_H_
+
+/* Features */
+#define NO_OLD_TLS
+#define WOLFSSL_TLS13
+#define WOLFSSL_DTLS
+#define WOLFSSL_DTLS13
+#define WOLFSSL_SEND_HRR_COOKIE
+#define WOLFSSL_DTLS_CID
+#define HAVE_EXTENDED_MASTER
+#define HAVE_SECURE_RENEGOTIATION
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_TLS_EXTENSIONS
+#define WOLFSSL_CERT_EXT
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_GEN
+#define HAVE_ENCRYPT_THEN_MAC
+#define HAVE_ECC_ENCRYPT
+#define WOLFSSL_PUBLIC_MP
+#define NO_MULTIBYTE_PRINT
+#define WOLFSSL_KEY_GEN /* RSA key gen */
+#define WOLFSSL_ASN_TEMPLATE /* default */
+#define WOLFSSL_SHA3
+
+#if 0
+    #define OPENSSL_EXTRA
+#endif
+
+#define HAVE_CRL
+#if 0
+    /* start thread that can monitor CRL directory */
+    #define HAVE_CRL_MONITOR
+#endif
+
+/* Algorithms */
+#define HAVE_ED25519
+#define HAVE_CURVE25519
+
+#define HAVE_AESGCM
+#define WOLFSSL_AESGCM_STREAM
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+
+#define HAVE_HKDF
+
+#undef  NO_DH
+#define HAVE_PUBLIC_FFDHE
+#define HAVE_FFDHE_2048
+#define HAVE_FFDHE_4096
+
+#undef  NO_RSA
+#define WC_RSA_PSS
+#define WOLFSSL_PSS_LONG_SALT
+#define WC_RSA_BLINDING
+
+#define HAVE_ECC
+#define ECC_SHAMIR
+#define ECC_TIMING_RESISTANT
+#define HAVE_COMP_KEY
+
+/* Disable features */
+#define NO_PSK
+
+/* Disable Algorithms */
+#define NO_DES3
+#define NO_DSA
+#define NO_RC4
+#define NO_MD4
+#define NO_MD5
+#define NO_SHA
+
+/* Math */
+
+/* Single Precision Support for RSA/DH 1024/2048/3072 and
+ * ECC P-256/P-384 */
+#define WOLFSSL_HAVE_SP_ECC
+#define WOLFSSL_HAVE_SP_DH
+#define WOLFSSL_HAVE_SP_RSA
+
+/* Optional Performance Speedups */
+#if 0
+    #ifdef _WIN64
+        /* Assembly speedups for SP math */
+        #define WOLFSSL_SP_X86_64_ASM
+
+        /* Support for RDSEED instruction */
+        #define HAVE_INTEL_RDSEED
+
+        /* AESNI on x64 */
+        #define WOLFSSL_AESNI
+
+        /* Intel ASM */
+        #define USE_INTEL_SPEEDUP
+        #define WOLFSSL_X86_64_BUILD
+
+        /* Old versions of MASM compiler do not recognize newer
+         * instructions. */
+        #if 0
+            #define NO_AVX2_SUPPORT
+            #define NO_MOVBE_SUPPORT
+        #endif
+    #endif
+#endif
+
+/* Debug logging */
+#if 1
+    #define DEBUG_WOLFSSL
+#else
+    /* #define NO_ERROR_STRINGS */
+#endif
+
+#endif /* !_WIN_CSHARP_USER_SETTINGS_H_ */
diff --git a/wrapper/CSharp/wolfCrypt-Test/App.config b/wrapper/CSharp/wolfCrypt-Test/App.config
new file mode 100644
index 000000000..4bfa00561
--- /dev/null
+++ b/wrapper/CSharp/wolfCrypt-Test/App.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
+    </startup>
+</configuration>
diff --git a/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs b/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs
new file mode 100644
index 000000000..ed34d06a0
--- /dev/null
+++ b/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("wolfCrypt-Test")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("wolfSSL")]
+[assembly: AssemblyProduct("wolfCrypt-Test")]
+[assembly: AssemblyCopyright("Copyright wolfSSL 2020")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("a4f4a244-1306-47f4-a168-31f78d7362fa")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs
new file mode 100644
index 000000000..920015080
--- /dev/null
+++ b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs
@@ -0,0 +1,920 @@
+/* wolfCrypt-Test.cs
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Tests for the wolfCrypt C# wrapper */
+
+using System;
+using System.Linq;
+using System.Text;
+using System.Security.Cryptography;
+using wolfSSL.CSharp;
+using System.Runtime.InteropServices;
+using static wolfSSL.CSharp.wolfcrypt;
+
+public class wolfCrypt_Test_CSharp
+{
+    private static void random_test()
+    {
+        int ret, i, zeroCount = 0;
+        Byte[] data = new Byte[128];
+
+        Console.WriteLine("Starting RNG test");
+
+        /* Random Test */
+        ret = wolfcrypt.Random(data, data.Length);
+        if (ret == 0)
+        {
+            /* Check for 0's */
+            for (i = 0; i < (int)data.Length; i++)
+            {
+                if (data[i] == 0)
+                {
+                    zeroCount++;
+                }
+            }
+            if (zeroCount == data.Length)
+            {
+                Console.WriteLine("RNG zero check error");
+            }
+            else
+            {
+                Console.WriteLine("RNG Test Passed");
+            }
+        }
+        else
+        {
+            Console.WriteLine("RNG Error" + wolfcrypt.GetError(ret));
+        }
+    } /* END random_test */
+
+    private static void ecc_test(string hashAlgorithm, int keySize)
+    {
+        int ret;
+        IntPtr rng = IntPtr.Zero;
+        IntPtr PrivKey = IntPtr.Zero;
+        IntPtr PubKey = IntPtr.Zero;
+        IntPtr key = IntPtr.Zero;
+
+        Console.WriteLine("\nStarting ECC" + (keySize*8) + " test for " + hashAlgorithm + "...");
+
+        /* Create a new RNG context */
+        rng = wolfcrypt.RandomNew();
+        if (rng == IntPtr.Zero)
+        {
+            throw new Exception("RNG initialization failed.");
+        }
+
+        /* Generate ECC Key Pair */
+        Console.WriteLine("Testing ECC Key Generation...");
+        key = wolfcrypt.EccMakeKey(keySize, rng);
+        if (key == IntPtr.Zero)
+        {
+            throw new Exception("EccMakeKey failed");
+        }
+        Console.WriteLine("ECC Key Generation test passed.");
+
+        /* Export and Import Key */
+        Console.WriteLine("Testing ECC Key Export and Import...");
+        byte[] privateKeyDer;
+        ret = wolfcrypt.EccExportPrivateKeyToDer(key, out privateKeyDer);
+        if (ret < 0) {
+            throw new Exception("ExportPrivateKeyToDer failed");
+        }
+        byte[] publicKeyDer;
+        ret = wolfcrypt.EccExportPublicKeyToDer(key, out publicKeyDer, true);
+        if (ret < 0) {
+            throw new Exception("ExportPublicKeyToDer failed");
+        }
+        PrivKey = wolfcrypt.EccImportKey(privateKeyDer);
+        if (PrivKey == IntPtr.Zero)
+        {
+            throw new Exception("EccImportKey Private failed");
+        }
+
+        PubKey = wolfcrypt.EccImportPublicKeyFromDer(publicKeyDer);
+        if (PubKey == IntPtr.Zero)
+        {
+            throw new Exception("ImportPublicKeyFromDer Public failed");
+        }
+        Console.WriteLine("ECC Key Export and Import test passed.");
+
+        /* Generate hash based on selected algorithm */
+        byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash");
+        byte[] hash;
+
+        switch (hashAlgorithm.ToUpper())
+        {
+            case "SHA256":
+                using (SHA256 sha256 = SHA256.Create())
+                {
+                    hash = sha256.ComputeHash(dataToHash);
+                }
+                break;
+
+            case "SHA384":
+                using (SHA384 sha384 = SHA384.Create())
+                {
+                    hash = sha384.ComputeHash(dataToHash);
+                }
+                break;
+
+            case "SHA512":
+                using (SHA512 sha512 = SHA512.Create())
+                {
+                    hash = sha512.ComputeHash(dataToHash);
+                }
+                break;
+
+            default:
+                throw new Exception("Unsupported hash algorithm");
+        }
+        Console.WriteLine($"{hashAlgorithm} hash generated.");
+
+        /* Sign Data */
+        Console.WriteLine("Testing ECC Signature Creation...");
+        byte[] signature = new byte[wolfcrypt.ECC_MAX_SIG_SIZE];
+        int signLength = wolfcrypt.EccSign(PrivKey, hash, signature);
+        if (signLength <= 0)
+        {
+            throw new Exception("EccSign failed");
+        }
+
+        byte[] actualSignature = new byte[signLength];
+        Array.Copy(signature, 0, actualSignature, 0, signLength);
+
+        Console.WriteLine($"ECC Signature Creation test passed. Signature Length: {signLength}");
+
+        /* Verify Signature */
+        Console.WriteLine("Testing ECC Signature Verification...");
+        int verifyResult = wolfcrypt.EccVerify(PubKey, actualSignature, hash);
+        if (verifyResult != 0)
+        {
+            throw new Exception("EccVerify failed");
+        }
+        Console.WriteLine("ECC Signature Verification test passed.");
+
+        /* Cleanup */
+        if (key != IntPtr.Zero) wolfcrypt.EccFreeKey(key);
+        if (PubKey != IntPtr.Zero) wolfcrypt.EccFreeKey(PubKey);
+        if (PrivKey != IntPtr.Zero) wolfcrypt.EccFreeKey(PrivKey);
+        if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng);
+    } /* END ecc_test */
+
+    private static void ecies_test(int keySize)
+    {
+        /* maximum encrypted message:
+         * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */
+        int bufferSize = wolfcrypt.MAX_ECIES_TEST_SZ;
+        const string message = "Hello wolfSSL!";
+        byte[] salt = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 };
+
+        IntPtr a = IntPtr.Zero;
+        IntPtr b = IntPtr.Zero;
+        IntPtr aCtx = IntPtr.Zero;
+        IntPtr bCtx = IntPtr.Zero;
+        IntPtr rng = IntPtr.Zero;
+        IntPtr heap = IntPtr.Zero;
+
+        byte[] plaintext = new byte[bufferSize];
+        byte[] encrypted = new byte[bufferSize];
+        byte[] decrypted = new byte[bufferSize];
+
+        try
+        {
+            Console.WriteLine($"\nStarting ECIES test for {keySize} byte key size...");
+
+            /* Create a new RNG context */
+            rng = wolfcrypt.RandomNew();
+            if (rng == IntPtr.Zero)
+            {
+                throw new Exception("RNG initialization failed.");
+            }
+
+            /* Initialize keys */
+            a = wolfcrypt.EccMakeKey(keySize, rng);
+            b = wolfcrypt.EccMakeKey(keySize, rng);
+            if (a == IntPtr.Zero || b == IntPtr.Zero)
+            {
+                throw new Exception("Key generation failed.");
+            }
+            Console.WriteLine("ECC key generation passed.");
+
+            /* Create ECIES contexts for encryption and decryption */
+            aCtx = wolfcrypt.EciesNewCtx((int)wolfcrypt.ecFlags.REQ_RESP_CLIENT, rng, heap);
+            bCtx = wolfcrypt.EciesNewCtx((int)wolfcrypt.ecFlags.REQ_RESP_SERVER, rng, heap);
+            if (aCtx == IntPtr.Zero || bCtx == IntPtr.Zero)
+            {
+                throw new Exception("Context creation failed.");
+            }
+            Console.WriteLine("ECC context creation passed.");
+
+            /* Set KDF salt */
+            if (wolfcrypt.EciesSetKdfSalt(aCtx, salt) != 0 ||
+                wolfcrypt.EciesSetKdfSalt(bCtx, salt) != 0)
+            {
+                throw new Exception("Failed to set KDF salt.");
+            }
+            Console.WriteLine("KDF salt setup passed.");
+
+            /* Prepare plaintext */
+            Array.Clear(plaintext, 0, plaintext.Length);
+            Array.Copy(Encoding.ASCII.GetBytes(message), plaintext, message.Length);
+            /* Pad to block size */
+            int plaintextLen = ((message.Length + (wolfcrypt.AES_BLOCK_SIZE - 1)) /
+                                wolfcrypt.AES_BLOCK_SIZE) * wolfcrypt.AES_BLOCK_SIZE;
+
+            /* Encrypt message */
+            int ret = wolfcrypt.EciesEncrypt(a, b, plaintext, (uint)plaintextLen, encrypted, aCtx);
+            if (ret < 0)
+            {
+                throw new Exception("Encryption failed.");
+            }
+
+            int encryptedLen = ret;
+            Console.WriteLine("ECC encryption passed.");
+
+            /* Decrypt message */
+            ret = wolfcrypt.EciesDecrypt(b, a, encrypted, (uint)encryptedLen, decrypted, bCtx);
+            if (ret < 0)
+            {
+                throw new Exception("Decryption failed.");
+            }
+
+            int decryptedLen = ret;
+            Console.WriteLine("ECC decryption passed.");
+
+            /* Compare decrypted text to original plaintext */
+            if (decryptedLen != plaintextLen || !wolfcrypt.ByteArrayVerify(plaintext, decrypted))
+            {
+                throw new Exception("Decrypted text does not match original plaintext.");
+            }
+            Console.WriteLine("Decrypted text matches original plaintext.");
+        }
+        finally
+        {
+            /* Cleanup key and context */
+            if (a != IntPtr.Zero) wolfcrypt.EccFreeKey(a);
+            if (b != IntPtr.Zero) wolfcrypt.EccFreeKey(b);
+            if (aCtx != IntPtr.Zero) wolfcrypt.EciesFreeCtx(aCtx);
+            if (bCtx != IntPtr.Zero) wolfcrypt.EciesFreeCtx(bCtx);
+            if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng);
+        }
+    } /* END ecies_test */
+
+    private static void ecdhe_test(int keySize)
+    {
+        int ret;
+        IntPtr rng = IntPtr.Zero;
+        IntPtr keyA = IntPtr.Zero;
+        IntPtr keyB = IntPtr.Zero;
+        IntPtr publicKeyA = IntPtr.Zero;
+        IntPtr publicKeyB = IntPtr.Zero;
+        byte[] derKey;
+
+        Console.WriteLine("\nStarting ECDHE shared secret test for " + keySize + " key size...");
+
+        /* Create RNG */
+        Console.WriteLine("Generating RNG...");
+        rng = RandomNew();
+        if (rng == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate RNG.");
+        }
+        Console.WriteLine("RNG generation test passed.");
+
+        /* Generate Key Pair A */
+        Console.WriteLine("Generating Key Pair A...");
+        keyA = wolfcrypt.EccMakeKey(keySize, rng);
+        if (keyA == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate key pair A.");
+        }
+
+        /* Generate Key Pair B */
+        Console.WriteLine("Generating Key Pair B...");
+        keyB = wolfcrypt.EccMakeKey(keySize, rng);
+        if (keyB == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate key pair B.");
+        }
+        Console.WriteLine("ECC Key generation test passed.");
+
+        /* Export Public Key B to DER format */
+        Console.WriteLine("Exporting Public Key B to DER format...");
+        ret = wolfcrypt.EccExportPublicKeyToDer(keyB, out derKey, true);
+        if (ret < 0 || derKey == null)
+        {
+            throw new Exception("EccExportPublicKeyToDer failed");
+        }
+
+        /* Decode Public Key B from DER format */
+        Console.WriteLine("Decoding Public Key B from DER format...");
+        publicKeyB = wolfcrypt.EccImportPublicKeyFromDer(derKey);
+        if (publicKeyB == IntPtr.Zero)
+        {
+            throw new Exception("Failed to decode public key B from DER format.");
+        }
+        Console.WriteLine("ECC Export and Import test passed.");
+
+        /* Compute Shared Secret using Private Key A and Public Key B */
+        Console.WriteLine("Computing Shared Secret using Private Key A and Public Key B...");
+        byte[] sharedSecretA = new byte[keySize];
+        int retA = wolfcrypt.EcdheSharedSecret(keyA, publicKeyB, sharedSecretA, rng);
+        if (retA != 0)
+        {
+            throw new Exception("Failed to compute shared secret A. Error code: " + retA);
+        }
+        Console.WriteLine("ECC shared secret created using private Key A.");
+
+        /* Export Public Key A to DER format */
+        Console.WriteLine("Exporting Public Key A to DER format...");
+        ret = wolfcrypt.EccExportPublicKeyToDer(keyA, out derKey, true);
+        if (ret < 0 || derKey == null)
+        {
+            throw new Exception("EccExportPublicKeyToDer failed");
+        }
+
+        /* Decode Public Key A from DER format */
+        Console.WriteLine("Decoding Public Key A from DER format...");
+        publicKeyA = wolfcrypt.EccImportPublicKeyFromDer(derKey);
+        if (publicKeyA == IntPtr.Zero)
+        {
+            throw new Exception("Failed to decode public key A from DER format.");
+        }
+
+        /* Compute Shared Secret using Private Key B and Public Key A */
+        Console.WriteLine("Computing Shared Secret using Private Key B and Public Key A...");
+        byte[] sharedSecretB = new byte[keySize];
+        int retB = wolfcrypt.EcdheSharedSecret(keyB, publicKeyA, sharedSecretB, rng);
+        if (retB != 0)
+        {
+            throw new Exception("Failed to compute shared secret B. Error code: " + retB);
+        }
+        Console.WriteLine("ECC shared secret created using private Key B.");
+
+        /* Compare Shared Secrets */
+        Console.WriteLine("Comparing Shared Secrets...");
+        if (!wolfcrypt.ByteArrayVerify(sharedSecretA, sharedSecretB))
+        {
+            throw new Exception("Shared secrets do not match.");
+        }
+        else
+        {
+            Console.WriteLine("ECC shared secret match.");
+        }
+
+        /* Cleanup */
+        if (keyA != IntPtr.Zero) wolfcrypt.EccFreeKey(keyA);
+        if (keyB != IntPtr.Zero) wolfcrypt.EccFreeKey(keyB);
+        if (publicKeyA != IntPtr.Zero) wolfcrypt.EccFreeKey(publicKeyA);
+        if (publicKeyB != IntPtr.Zero) wolfcrypt.EccFreeKey(publicKeyB);
+        if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng);
+    } /* END ecdhe_test */
+
+    private static void rsa_test(string hashAlgorithm, int keySize)
+    {
+        IntPtr key = IntPtr.Zero;
+        IntPtr heap = IntPtr.Zero;
+        int devId = wolfcrypt.INVALID_DEVID;
+
+        Console.WriteLine("\nStarting RSA" + keySize + " test for " + hashAlgorithm + "...");
+
+        /* Generate RSA Key Pair */
+        Console.WriteLine("Testing RSA Key Generation...");
+        key = wolfcrypt.RsaMakeKey(heap, devId, keySize);
+        if (key == IntPtr.Zero)
+        {
+            throw new Exception("RsaMakeKey failed");
+        }
+        Console.WriteLine("RSA Key Generation test passed.");
+
+        /* Generate hash based on selected algorithm */
+        byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash");
+        byte[] hash;
+
+        switch (hashAlgorithm.ToUpper())
+        {
+            case "SHA256":
+                using (SHA256 sha256 = SHA256.Create())
+                {
+                    hash = sha256.ComputeHash(dataToHash);
+                }
+                break;
+
+            case "SHA384":
+                using (SHA384 sha384 = SHA384.Create())
+                {
+                    hash = sha384.ComputeHash(dataToHash);
+                }
+                break;
+
+            case "SHA512":
+                using (SHA512 sha512 = SHA512.Create())
+                {
+                    hash = sha512.ComputeHash(dataToHash);
+                }
+                break;
+
+            default:
+                throw new Exception("Unsupported hash algorithm");
+        }
+        Console.WriteLine($"{hashAlgorithm} hash generated.");
+
+        /* Sign Data */
+        Console.WriteLine("Testing RSA Signature Creation...");
+        byte[] signature = new byte[keySize / 8];
+        int signLength = wolfcrypt.RsaSignSSL(key, hash, signature);
+        if (signLength <= 0)
+        {
+            throw new Exception("RsaSignSSL failed");
+        }
+
+        byte[] actualSignature = new byte[signLength];
+        Array.Copy(signature, 0, actualSignature, 0, signLength);
+
+        Console.WriteLine($"RSA Signature Creation test passed. Signature Length: {signLength}");
+
+        /* Verify Signature */
+        Console.WriteLine("Testing RSA Signature Verification...");
+        int verifyResult = wolfcrypt.RsaVerifySSL(key, actualSignature, hash);
+        if (verifyResult != 0)
+        {
+            throw new Exception("RsaVerifySSL failed");
+        }
+        Console.WriteLine("RSA Signature Verification test passed.");
+
+        /* Cleanup */
+        if (key != IntPtr.Zero) wolfcrypt.RsaFreeKey(key);
+    } /* END rsa_test */
+
+    private static void ed25519_test()
+    {
+        int ret;
+        IntPtr key = IntPtr.Zero;
+        byte[] privKey;
+        byte[] pubKey;
+
+        Console.WriteLine("\nStarting ED25519 tests...");
+
+        IntPtr heap = IntPtr.Zero;
+        int devId = wolfcrypt.INVALID_DEVID;
+
+        /* Generate ED25519 Key Pair */
+        Console.WriteLine("Testing ED25519 Key Generation...");
+        key = wolfcrypt.Ed25519MakeKey(heap, devId);
+        if (key == IntPtr.Zero)
+        {
+            throw new Exception("Ed25519MakeKey failed");
+        }
+        Console.WriteLine("ED25519 Key Generation test passed.");
+
+        /* Export and Import Key */
+        Console.WriteLine("Testing ED25519 Key Export and Import...");
+        /* Export Private */
+        ret = wolfcrypt.Ed25519ExportKeyToDer(key, out privKey);
+        if (ret < 0 || privKey == null)
+        {
+            throw new Exception("Ed25519ExportKeyToDer failed");
+        }
+        /* Export Public */
+        ret = wolfcrypt.Ed25519ExportPublicKeyToDer(key, out pubKey, true);
+        if (ret < 0 || pubKey == null)
+        {
+            throw new Exception("Ed25519ExportKeyToDer failed");
+        }
+        /* Import Private */
+        IntPtr importedPrivKey = wolfcrypt.Ed25519PrivateKeyDecode(privKey);
+        if (importedPrivKey == IntPtr.Zero)
+        {
+            throw new Exception("Ed25519PrivateKeyDecode failed");
+        }
+        /* Import Public */
+        IntPtr importedPubKey = wolfcrypt.Ed25519PublicKeyDecode(pubKey);
+        if (importedPubKey == IntPtr.Zero)
+        {
+            throw new Exception("Ed25519PublicKeyDecode failed");
+        }
+        Console.WriteLine("ED25519 Key Export and Import test passed.");
+
+        /* Generate a hash */
+        byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash");
+
+        /* Sign Data */
+        Console.WriteLine("Testing ED25519 Signature Creation...");
+        byte[] signature;
+
+        ret = wolfcrypt.Ed25519SignMsg(dataToHash, out signature, key);
+        if (ret != 0)
+        {
+            throw new Exception("Ed25519SignMsg failed");
+        }
+        Console.WriteLine($"ED25519 Signature Creation test passed. Signature Length: {signature.Length}");
+
+        /* Verify Signature */
+        Console.WriteLine("Testing ED25519 Signature Verification...");
+        ret = wolfcrypt.Ed25519VerifyMsg(signature, dataToHash, key);
+        if (ret != 0)
+        {
+            throw new Exception("Ed25519VerifyMsg failed");
+        }
+        Console.WriteLine("ED25519 Signature Verification test passed.");
+
+        /* Cleanup */
+        if (key != IntPtr.Zero) wolfcrypt.Ed25519FreeKey(key);
+    } /* END ed25519_test */
+
+    private static void curve25519_test()
+    {
+        int ret;
+        IntPtr keyA = IntPtr.Zero;
+        IntPtr keyB = IntPtr.Zero;
+        IntPtr publicKeyA = IntPtr.Zero;
+        IntPtr publicKeyB = IntPtr.Zero;
+        byte[] derKey;
+
+        Console.WriteLine("\nStarting Curve25519 shared secret test...");
+
+        /* Generate Key Pair A */
+        Console.WriteLine("Generating Key Pair A...");
+        keyA = wolfcrypt.Curve25519MakeKey(IntPtr.Zero, 0);
+        if (keyA == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate key pair A.");
+        }
+
+        /* Generate Key Pair B */
+        Console.WriteLine("Generating Key Pair B...");
+        keyB = wolfcrypt.Curve25519MakeKey(IntPtr.Zero, 0);
+        if (keyB == IntPtr.Zero)
+        {
+            throw new Exception("Failed to generate key pair B.");
+        }
+        Console.WriteLine("Curve25519 Key generation test passed.");
+
+        /* Export Public Key B to DER format */
+        Console.WriteLine("Exporting Public Key B to DER format...");
+        ret = wolfcrypt.Curve25519ExportPublicKeyToDer(keyB, out derKey, true);
+        if (ret < 0 || derKey == null)
+        {
+            throw new Exception("Curve25519ExportPublicKeyToDer failed");
+        }
+
+        /* Decode Public Key B from DER format */
+        Console.WriteLine("Decoding Public Key B from DER format...");
+        publicKeyB = wolfcrypt.Curve25519PublicKeyDecode(derKey);
+        if (publicKeyB == IntPtr.Zero)
+        {
+            throw new Exception("Failed to decode public key B from DER format.");
+        }
+        Console.WriteLine("Curve25519 Export and Import test passed.");
+
+        /* Compute Shared Secret using Private Key A and Public Key B */
+        Console.WriteLine("Computing Shared Secret using Private Key A and Public Key B...");
+        byte[] sharedSecretA = new byte[wolfcrypt.ED25519_KEY_SIZE];
+        int retA = wolfcrypt.Curve25519SharedSecret(keyA, publicKeyB, sharedSecretA);
+        if (retA != 0)
+        {
+            throw new Exception("Failed to compute shared secret A. Error code: " + retA);
+        }
+        Console.WriteLine("Curve25519 shared secret created using private Key A.");
+
+        /* Export Public Key A to DER format */
+        Console.WriteLine("Exporting Public Key A to DER format...");
+        ret = wolfcrypt.Curve25519ExportPublicKeyToDer(keyA, out derKey, true);
+        if (ret < 0 || derKey == null)
+        {
+            throw new Exception("Curve25519ExportPublicKeyToDer failed");
+        }
+
+        /* Decode Public Key A from DER format */
+        Console.WriteLine("Decoding Public Key A from DER format...");
+        publicKeyA = wolfcrypt.Curve25519PublicKeyDecode(derKey);
+        if (publicKeyA == IntPtr.Zero)
+        {
+            throw new Exception("Failed to decode public key A from DER format.");
+        }
+
+        /* Compute Shared Secret using Private Key B and Public Key A */
+        Console.WriteLine("Computing Shared Secret using Private Key B and Public Key A...");
+        byte[] sharedSecretB = new byte[wolfcrypt.ED25519_KEY_SIZE];
+        int retB = wolfcrypt.Curve25519SharedSecret(keyB, publicKeyA, sharedSecretB);
+        if (retB != 0)
+        {
+            throw new Exception("Failed to compute shared secret B. Error code: " + retB);
+        }
+        Console.WriteLine("Curve25519 shared secret created using private Key B.");
+
+        /* Compare Shared Secrets */
+        Console.WriteLine("Comparing Shared Secrets...");
+        if (!wolfcrypt.ByteArrayVerify(sharedSecretA, sharedSecretB))
+        {
+            throw new Exception("Shared secrets do not match.");
+        }
+        else
+        {
+            Console.WriteLine("Curve25519 shared secret match.");
+        }
+
+        /* Cleanup */
+        if (keyA != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(keyA);
+        if (keyB != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(keyB);
+        if (publicKeyA != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(publicKeyA);
+        if (publicKeyB != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(publicKeyB);
+    } /* END curve25519_test */
+
+    private static void aes_gcm_test()
+    {
+        IntPtr aes = IntPtr.Zero;
+        byte[] key;
+        byte[] iv;
+        byte[] plaintext;
+        byte[] ciphertext;
+        byte[] addAuth;
+        byte[] authTag;
+        byte[] decrypted;
+        int ret;
+
+        try
+        {
+            Console.WriteLine("\nStarting AES-GCM tests...");
+
+            IntPtr heap = IntPtr.Zero;
+            int devId = wolfcrypt.INVALID_DEVID;
+
+            /* Initialize AES-GCM Context */
+            Console.WriteLine("Testing AES-GCM Initialization...");
+
+            /*
+             * This is from the Test Case 16 from the document Galois/
+             * Counter Mode of Operation (GCM) by McGrew and
+             * Viega.
+             */
+
+            key = new byte[32]
+            {
+                0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+                0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+                0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+                0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
+            };
+
+            iv = new byte[12]
+            {
+                0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+                0xde, 0xca, 0xf8, 0x88
+            };
+
+            plaintext = new byte[]
+            {
+                0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+                0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+                0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+                0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+                0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+                0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+                0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+                0xba, 0x63, 0x7b, 0x39
+            };
+
+
+            ciphertext = new byte[]
+            {
+                0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+                0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+                0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+                0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+                0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+                0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+                0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+                0xbc, 0xc9, 0xf6, 0x62
+            };
+
+            addAuth = new byte[]
+            {
+                0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+                0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+                0xab, 0xad, 0xda, 0xd2
+            };
+
+            authTag = new byte[16];
+
+            aes = wolfcrypt.AesNew(heap, devId);
+            if (aes == IntPtr.Zero)
+            {
+                throw new Exception($"AesNew failed with error code {aes}");
+            }
+            Console.WriteLine("AesNew test passed.");
+
+            /* Set AES-GCM Key */
+            Console.WriteLine("Testing AES-GCM Key Setting...");
+            uint len = (uint)key.Length;
+            ret = wolfcrypt.AesGcmSetKey(aes, key);
+            if (ret != 0)
+            {
+                throw new Exception($"AesGcmSetKey failed with error code {ret}");
+            }
+            Console.WriteLine("AES-GCM Key Setting test passed.");
+
+            /* Encryption */
+            Console.WriteLine("Testing AES-GCM Encryption...");
+            ret = wolfcrypt.AesGcmEncrypt(aes, iv, plaintext, ciphertext, authTag, addAuth);
+            if (ret != 0)
+            {
+                throw new Exception($"AesGcmEncrypt failed with error code {ret}");
+            }
+            Console.WriteLine($"AES-GCM Encryption test passed. Ciphertext Length: {ciphertext.Length}");
+
+            /* Decryption */
+            Console.WriteLine("Testing AES-GCM Decryption...");
+            decrypted = new byte[plaintext.Length];
+
+            ret = wolfcrypt.AesGcmDecrypt(aes, iv, ciphertext, decrypted, authTag, addAuth);
+            if (ret != 0)
+            {
+                throw new Exception($"AesGcmDecrypt failed with error code {ret}");
+            }
+
+            /* Verify Decryption */
+            if (!plaintext.SequenceEqual(decrypted))
+            {
+                throw new Exception("Decryption failed: decrypted data does not match original plaintext.");
+            }
+            Console.WriteLine("AES-GCM Decryption test passed.");
+
+        }
+        catch (Exception ex)
+        {
+            Console.WriteLine($"AES-GCM test failed: {ex.Message}");
+        }
+        finally
+        {
+            /* Cleanup */
+            if (aes != IntPtr.Zero)
+            {
+                wolfcrypt.AesGcmFree(aes);
+            }
+        }
+    } /* END aes_gcm_test */
+
+    private static void hash_test(uint hashType)
+    {
+        IntPtr hash = IntPtr.Zero;
+        IntPtr heap = IntPtr.Zero;
+        int devId = wolfcrypt.INVALID_DEVID;
+
+        /* Get the enum name */
+        string hashTypeName = Enum.GetName(typeof(wolfcrypt.hashType), hashType);
+
+        Console.WriteLine($"\nStarting hash test for {hashTypeName}...");
+
+        /* Allocate new hash context */
+        Console.WriteLine("Testing hash context allocation...");
+        hash = wolfcrypt.HashNew(hashType, heap, devId);
+        if (hash == IntPtr.Zero)
+        {
+            Console.WriteLine($"HashNew failed for {hashTypeName}");
+            return;
+        }
+        Console.WriteLine("Hash context allocation test passed.");
+
+        /* Initialize the hash context with the specified hash type */
+        Console.WriteLine("Testing hash initialization...");
+        int initResult = wolfcrypt.InitHash(hash, hashType);
+        if (initResult != 0)
+        {
+            Console.WriteLine($"InitHash failed for {hashTypeName}");
+            wolfcrypt.HashFree(hash, hashType);
+            return;
+        }
+        Console.WriteLine("Hash initialization test passed.");
+
+        /* Update the hash with data */
+        byte[] dataToHash = Encoding.UTF8.GetBytes("This is some data to hash");
+        Console.WriteLine("Testing hash update...");
+        int updateResult = wolfcrypt.HashUpdate(hash, hashType, dataToHash);
+        if (updateResult != 0)
+        {
+            Console.WriteLine($"HashUpdate failed for {hashTypeName}");
+            wolfcrypt.HashFree(hash, hashType);
+            return;
+        }
+        Console.WriteLine("Hash update test passed.");
+
+        /* Finalize the hash and get the result */
+        Console.WriteLine("Testing hash finalization...");
+        byte[] hashOutput;
+        int finalResult = wolfcrypt.HashFinal(hash, hashType, out hashOutput);
+        if (finalResult != 0)
+        {
+            Console.WriteLine($"HashFinal failed for {hashType}");
+            wolfcrypt.HashFree(hash, hashType);
+            return;
+        }
+        Console.WriteLine($"Hash finalization test passed for {hashTypeName}. Hash Length: {hashOutput.Length}");
+
+        /* Output the hash result */
+        Console.WriteLine($"Hash Output ({hashTypeName}): {BitConverter.ToString(hashOutput).Replace("-", "")}");
+
+        /* Cleanup */
+        Console.WriteLine("Testing hash cleanup...");
+        int freeResult = wolfcrypt.HashFree(hash, hashType);
+        if (freeResult != 0)
+        {
+            Console.WriteLine($"HashFree failed for {hashTypeName}");
+        }
+        else
+        {
+            Console.WriteLine("Hash cleanup test passed.");
+        }
+    } /* END hash_test */
+
+    public static void standard_log(int lvl, StringBuilder msg)
+    {
+        Console.WriteLine(msg);
+    }
+
+    public static void Main(string[] args)
+    {
+        try
+        {
+            Console.WriteLine("Starting Cryptographic Tests...\n");
+
+            wolfcrypt.Init();
+
+            /* setup logging to stdout */
+            wolfcrypt.SetLogging(standard_log);
+
+            random_test();
+
+            Console.WriteLine("\nStarting ECC tests");
+
+            ecc_test("SHA256", 32); /* Uses SHA-256 (32 byte hash) */
+            ecc_test("SHA384", 32); /* Uses SHA-384 (32 byte hash) */
+            ecc_test("SHA512", 32); /* Uses SHA-512 (32 byte hash) */
+
+            Console.WriteLine("\nStarting ECIES tests");
+
+            ecies_test(32); /* ECIES test (32 byte key size) */
+            ecies_test(48); /* ECIES test (48 byte key size) */
+            ecies_test(66); /* ECIES test (66 byte key size) */
+
+            Console.WriteLine("\nStarting ECDHE tests");
+
+            ecdhe_test(32); /* ECDHE shared secret test (32 byte key size) */
+            ecdhe_test(48); /* ECDHE shared secret test (48 byte key size) */
+            ecdhe_test(66); /* ECDHE shared secret test (66 byte key size) */
+
+            Console.WriteLine("\nStarting RSA tests");
+
+            rsa_test("SHA256", 2048); /* Uses SHA-256 (2048 bit hash) */
+            rsa_test("SHA384", 2048); /* Uses SHA-384 (2048 bit hash) */
+            rsa_test("SHA512", 2048); /* Uses SHA-512 (2048 bit hash) */
+
+            Console.WriteLine("\nStarting ED25519 test");
+
+            ed25519_test(); /* ED25519 test */
+
+            Console.WriteLine("\nStarting curve25519 test");
+
+            curve25519_test(); /* curve25519 shared secret test */
+
+            Console.WriteLine("\nStarting AES-GCM test");
+
+            aes_gcm_test(); /* AES_GCM test */
+
+            Console.WriteLine("\nStarting HASH tests");
+
+            hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA256); /* SHA-256 HASH test */
+            hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA384); /* SHA-384 HASH test */
+            hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA512); /* SHA-512 HASH test */
+            hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA3_256); /* SHA3_256 HASH test */
+
+            wolfcrypt.Cleanup();
+
+            Console.WriteLine("\nAll tests completed successfully");
+        }
+        catch (Exception ex)
+        {
+            Console.WriteLine($"An error occurred: {ex.Message}");
+            Environment.Exit(-1);
+        }
+    }
+}
diff --git a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj
new file mode 100644
index 000000000..647d7ce7b
--- /dev/null
+++ b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{A4F4A244-1306-47F4-A168-31F78D7362FA}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>wolfCrypt_Test</RootNamespace>
+    <AssemblyName>wolfCrypt-Test</AssemblyName>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <PublishUrl>publish\</PublishUrl>
+    <Install>true</Install>
+    <InstallFrom>Disk</InstallFrom>
+    <UpdateEnabled>false</UpdateEnabled>
+    <UpdateMode>Foreground</UpdateMode>
+    <UpdateInterval>7</UpdateInterval>
+    <UpdateIntervalUnits>Days</UpdateIntervalUnits>
+    <UpdatePeriodically>false</UpdatePeriodically>
+    <UpdateRequired>false</UpdateRequired>
+    <MapFileExtensions>true</MapFileExtensions>
+    <ApplicationRevision>0</ApplicationRevision>
+    <ApplicationVersion>1.0.0.%2a</ApplicationVersion>
+    <IsWebBootstrapper>false</IsWebBootstrapper>
+    <UseApplicationTrust>false</UseApplicationTrust>
+    <BootstrapperEnabled>true</BootstrapperEnabled>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>3</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup>
+    <StartupObject />
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
+    <DebugSymbols>true</DebugSymbols>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <WarningLevel>4</WarningLevel>
+    <DebugType>full</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <ErrorReport>prompt</ErrorReport>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <Prefer32Bit>true</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <Optimize>true</Optimize>
+    <DebugType>pdbonly</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <ErrorReport>prompt</ErrorReport>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <Prefer32Bit>true</Prefer32Bit>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="wolfCrypt-test.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\wolfSSL_CSharp\wolfSSL_CSharp.csproj">
+      <Project>{52609808-0418-46d3-8e17-141927a1a39a}</Project>
+      <Name>wolfSSL_CSharp</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <BootstrapperPackage Include=".NETFramework,Version=v4.5">
+      <Visible>False</Visible>
+      <ProductName>Microsoft .NET Framework 4.5 %28x86 and x64%29</ProductName>
+      <Install>true</Install>
+    </BootstrapperPackage>
+    <BootstrapperPackage Include="Microsoft.Net.Client.3.5">
+      <Visible>False</Visible>
+      <ProductName>.NET Framework 3.5 SP1 Client Profile</ProductName>
+      <Install>false</Install>
+    </BootstrapperPackage>
+    <BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
+      <Visible>False</Visible>
+      <ProductName>.NET Framework 3.5 SP1</ProductName>
+      <Install>false</Install>
+    </BootstrapperPackage>
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <PropertyGroup>
+    <PreBuildEvent>
+    </PreBuildEvent>
+  </PropertyGroup>
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it.
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+</Project>
\ No newline at end of file
diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config
+++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs
index f21932c22..eaf9c85b4 100644
--- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs
+++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-DTLS-PSK-Server.cs
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj
index 9af7a1f42..5bf4e8c8e 100755
--- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj
+++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj
@@ -9,15 +9,16 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_DTLS_PSK_Server</RootNamespace>
     <AssemblyName>wolfSSL-DTLS-PSK-Server</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -26,14 +27,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -42,7 +43,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/App.config b/wrapper/CSharp/wolfSSL-DTLS-Server/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-DTLS-Server/App.config
+++ b/wrapper/CSharp/wolfSSL-DTLS-Server/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs
index fe9c392ae..ba3075eb1 100644
--- a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs
+++ b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-DTLS-Server.cs
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj
index 1c9eb2b12..e0c4a57ea 100755
--- a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj
+++ b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj
@@ -9,15 +9,16 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_DTLS_Server</RootNamespace>
     <AssemblyName>wolfSSL-DTLS-Server</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -26,14 +27,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -43,7 +44,7 @@
     <WarningLevel>0</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\x64</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config
+++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
index 4490371fc..d1edcbcd3 100644
--- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
+++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-Example-IOCallbacks.cs
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj
index 4e6dae1a6..dc57d74f3 100755
--- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj
+++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj
@@ -9,15 +9,16 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_Example_IOCallbacks</RootNamespace>
     <AssemblyName>wolfSSL-Example-IOCallbacks</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -26,14 +27,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -42,7 +43,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\x64</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/App.config b/wrapper/CSharp/wolfSSL-TLS-Client/App.config
index f3ec453d9..8a99d30db 100644
--- a/wrapper/CSharp/wolfSSL-TLS-Client/App.config
+++ b/wrapper/CSharp/wolfSSL-TLS-Client/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs
index 9e9dbe46e..d327b6534 100644
--- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-Client.cs
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj
index 3a3d175e4..7afffb9d4 100644
--- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj
@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_TLS_Client</RootNamespace>
     <AssemblyName>wolfSSL-TLS-Client</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <PublishUrl>publish\</PublishUrl>
     <Install>true</Install>
@@ -26,13 +26,14 @@
     <IsWebBootstrapper>false</IsWebBootstrapper>
     <UseApplicationTrust>false</UseApplicationTrust>
     <BootstrapperEnabled>true</BootstrapperEnabled>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>3</WarningLevel>
@@ -41,7 +42,7 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -51,7 +52,7 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <WarningLevel>4</WarningLevel>
     <DebugType>full</DebugType>
@@ -61,7 +62,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\x64</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs
index a6525112f..495e9f1b3 100644
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-PSK-Client.cs
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj
index b2113d6ae..5c3e77e47 100644
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj
@@ -33,7 +33,7 @@
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -42,14 +42,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -58,7 +58,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs
index 650d84811..71c7b7493 100644
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-PSK-Server.cs
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj
index dab61d537..1f31752ec 100755
--- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj
@@ -9,15 +9,16 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_TLS_PSK_Server</RootNamespace>
     <AssemblyName>wolfSSL-TLS-PSK-Server</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -26,14 +27,14 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <DebugType>full</DebugType>
     <PlatformTarget>x64</PlatformTarget>
@@ -42,7 +43,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/App.config b/wrapper/CSharp/wolfSSL-TLS-Server/App.config
index 49c50e046..8a99d30db 100755
--- a/wrapper/CSharp/wolfSSL-TLS-Server/App.config
+++ b/wrapper/CSharp/wolfSSL-TLS-Server/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs
index ff184b1e9..79d4234f2 100644
--- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-Server.cs
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj
index 35f8b0666..1cc073e83 100755
--- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj
@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_TLS_Server</RootNamespace>
     <AssemblyName>wolfSSL-TLS-Server</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <PublishUrl>publish\</PublishUrl>
     <Install>true</Install>
@@ -26,13 +26,14 @@
     <IsWebBootstrapper>false</IsWebBootstrapper>
     <UseApplicationTrust>false</UseApplicationTrust>
     <BootstrapperEnabled>true</BootstrapperEnabled>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>3</WarningLevel>
@@ -41,7 +42,7 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -51,7 +52,7 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <WarningLevel>4</WarningLevel>
     <DebugType>full</DebugType>
@@ -61,7 +62,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config
index 49c50e046..8a99d30db 100644
--- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config
+++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup>
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
     </startup>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs
index a7c3d88ee..c2de6336f 100644
--- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs
+++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs
@@ -1,6 +1,6 @@
 /* wolfSSL-TLS-ServerThreaded.cs
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj
index 7c47cf557..f1468d14f 100644
--- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj
+++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj
@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>wolfSSL_TLS_ServerThreaded</RootNamespace>
     <AssemblyName>wolfSSL-TLS-ServerThreaded</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <PublishUrl>publish\</PublishUrl>
     <Install>true</Install>
@@ -26,13 +26,14 @@
     <IsWebBootstrapper>false</IsWebBootstrapper>
     <UseApplicationTrust>false</UseApplicationTrust>
     <BootstrapperEnabled>true</BootstrapperEnabled>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>3</WarningLevel>
@@ -41,7 +42,7 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
@@ -51,7 +52,7 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <WarningLevel>4</WarningLevel>
     <DebugType>full</DebugType>
@@ -61,7 +62,7 @@
     <Prefer32Bit>true</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
diff --git a/wrapper/CSharp/wolfSSL_CSharp.sln b/wrapper/CSharp/wolfSSL_CSharp.sln
index a4898062a..48e170a48 100644
--- a/wrapper/CSharp/wolfSSL_CSharp.sln
+++ b/wrapper/CSharp/wolfSSL_CSharp.sln
@@ -1,9 +1,11 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 2012
+# Visual Studio Version 17
+VisualStudioVersion = 17.6.33815.320
+MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL_CSharp", "wolfSSL_CSharp\wolfSSL_CSharp.csproj", "{52609808-0418-46D3-8E17-141927A1A39A}"
 	ProjectSection(ProjectDependencies) = postProject
-		{73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B}
+		{67932048-D67E-4C86-B55F-90899B9BDA64} = {67932048-D67E-4C86-B55F-90899B9BDA64}
 	EndProjectSection
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-Server", "wolfSSL-TLS-Server\wolfSSL-TLS-Server.csproj", "{8921AD35-4E62-4DAC-8FEE-8C9F8E57DDD2}"
@@ -17,11 +19,7 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-DTLS-PSK-Server", "
 		{52609808-0418-46D3-8E17-141927A1A39A} = {52609808-0418-46D3-8E17-141927A1A39A}
 	EndProjectSection
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "wolfSSL", "wolfSSL", "{252D09D0-D007-4AEB-9F7A-A74408039A8A}"
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "..\..\wolfssl.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testsuite", "..\..\testsuite\testsuite.vcxproj", "{611E8971-46E0-4D0A-B5A1-632C3B00CB80}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "wolfssl.vcxproj", "{67932048-D67E-4C86-B55F-90899B9BDA64}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-Example-IOCallbacks", "wolfSSL-Example-IOCallbacks\wolfSSL-Example-IOCallbacks.csproj", "{E2415718-0A15-48DB-A774-01FB0093B626}"
 EndProject
@@ -31,6 +29,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-ServerThreaded"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-PSK-Client", "wolfSSL-TLS-PSK-Client\wolfSSL-TLS-PSK-Client.csproj", "{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfCrypt-Test", "wolfCrypt-Test\wolfCrypt-Test.csproj", "{A4F4A244-1306-47F4-A168-31F78D7362FA}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -162,58 +162,35 @@ Global
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.DLL Release|x64.ActiveCfg = Release|x64
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.DLL Release|x64.Build.0 = Release|x64
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Any CPU.Build.0 = Release|Any CPU
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Win32.ActiveCfg = Release|Any CPU
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Win32.Build.0 = Release|Any CPU
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|x64.ActiveCfg = Release|x64
 		{77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|x64.Build.0 = Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Any CPU.Build.0 = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Any CPU.Build.0 = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Any CPU.ActiveCfg = Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Any CPU.Build.0 = Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Any CPU.Build.0 = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.ActiveCfg = Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.ActiveCfg = Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.Build.0 = Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.Build.0 = DLL Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Any CPU.Build.0 = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.Build.0 = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.ActiveCfg = DLL Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.Build.0 = DLL Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Any CPU.ActiveCfg = Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Any CPU.Build.0 = Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.ActiveCfg = Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.Build.0 = Release|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Any CPU.Build.0 = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Win32.ActiveCfg = Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Win32.Build.0 = Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|x64.ActiveCfg = DLL Debug|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|x64.Build.0 = DLL Debug|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Any CPU.Build.0 = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|x64.Build.0 = DLL Release|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Any CPU.ActiveCfg = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Any CPU.Build.0 = DLL Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Win32.ActiveCfg = Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Win32.Build.0 = Release|Win32
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|x64.ActiveCfg = DLL Release|x64
+		{67932048-D67E-4C86-B55F-90899B9BDA64}.Release|x64.Build.0 = DLL Release|x64
 		{E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Win32.ActiveCfg = Debug|Any CPU
@@ -310,14 +287,34 @@ Global
 		{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|Win32.Build.0 = Release|Any CPU
 		{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|x64.ActiveCfg = Release|x64
 		{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|x64.Build.0 = Release|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Win32.ActiveCfg = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Win32.Build.0 = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|x64.ActiveCfg = Debug|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|x64.Build.0 = Debug|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Win32.ActiveCfg = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Win32.Build.0 = Debug|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|x64.Build.0 = Debug|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Any CPU.Build.0 = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Win32.ActiveCfg = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Win32.Build.0 = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|x64.ActiveCfg = Release|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|x64.Build.0 = Release|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Win32.ActiveCfg = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Win32.Build.0 = Release|Any CPU
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|x64.ActiveCfg = Release|x64
+		{A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|x64.Build.0 = Release|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
-	GlobalSection(NestedProjects) = preSolution
-		{73973223-5EE8-41CA-8E88-1D60E89A237B} = {252D09D0-D007-4AEB-9F7A-A74408039A8A}
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80} = {252D09D0-D007-4AEB-9F7A-A74408039A8A}
-	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {63D316F8-C4EE-449A-B9A6-FC673C4D5D31}
 	EndGlobalSection
diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs
new file mode 100644
index 000000000..c5249d1f3
--- /dev/null
+++ b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs
@@ -0,0 +1,2971 @@
+/* wolfCrypt.cs
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+using System;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace wolfSSL.CSharp
+{
+    public class wolfcrypt
+    {
+        private const string wolfssl_dll = "wolfssl.dll";
+
+        /********************************
+         * Init wolfSSL library
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wolfCrypt_Init();
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wolfCrypt_Cleanup();
+
+
+        /********************************
+         * Random
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_rng_new(IntPtr nonce, UInt32 nonceSz, IntPtr heap);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_rng_free(IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RNG_GenerateBlock(IntPtr rng, IntPtr output, UInt32 sz);
+
+
+        /********************************
+         * ECC
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_ecc_key_new(IntPtr heap);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_ecc_key_free(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_set_rng(IntPtr key, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_make_key_ex(IntPtr rng, int keysize, IntPtr key, int curve_id);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_sign_hash(IntPtr hashPtr, uint hashlen, IntPtr sigPtr, IntPtr siglen, IntPtr rng, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_verify_hash(IntPtr sigPtr, uint siglen, IntPtr hashPtr, uint hashlen, IntPtr res, IntPtr key);
+
+        /* ASN.1 DER format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_EccPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_EccPublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_EccPrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_EccPublicKeyToDer(IntPtr key, byte[] output, uint inLen, int with_AlgCurve);
+
+
+        /********************************
+         * ECIES
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_ecc_ctx_new(int flags, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_ecc_ctx_new_ex(int flags, IntPtr rng, IntPtr heap);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_ecc_ctx_free(IntPtr ctx);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_reset(IntPtr ctx, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_algo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_ecc_ctx_get_own_salt(IntPtr ctx);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_peer_salt(IntPtr ctx, IntPtr salt);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_own_salt(IntPtr ctx, IntPtr salt, uint sz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_kdf_salt(IntPtr ctx, IntPtr salt, uint sz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_ctx_set_info(IntPtr ctx, IntPtr info, int sz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_encrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_encrypt_ex(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx, int compressed);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_decrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx);
+
+
+        /********************************
+         * ECDHE
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_ecc_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen);
+
+
+        /********************************
+         * RSA
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern IntPtr wc_NewRsaKey(IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_DeleteRsaKey(IntPtr key, IntPtr key_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_InitRsaKey(IntPtr key, IntPtr heap);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_FreeRsaKey(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_MakeRsaKey(IntPtr key, int keysize, Int32 exponent, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaSSL_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, IntPtr key, IntPtr rng);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaSSL_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, IntPtr key);
+
+        /* ASN.1 DER format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPublicEncrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPrivateDecrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPublicKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
+
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPSS_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, int hashType, IntPtr rng, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPSS_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, int hashType, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_RsaPSS_CheckPadding(IntPtr sigPtr, int sigLen, int hashType, IntPtr key);
+
+
+        /********************************
+         * ED25519
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern IntPtr wc_ed25519_new(IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_delete(IntPtr key, IntPtr key_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_init(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern void wc_ed25519_free(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_make_key(IntPtr rng, int keysize, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_sign_msg(IntPtr inMsg, uint inlen, IntPtr outMsg, ref uint outlen, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_verify_msg(IntPtr sig, uint siglen, IntPtr msg, uint msgLen, ref int ret, IntPtr key);
+
+        /* ASN.1 DER format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519KeyToDer(IntPtr key, byte[] output, uint inLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Ed25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg);
+
+        /* RAW format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_make_public(IntPtr key, IntPtr pubKey, uint pubKeySz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_import_public(IntPtr inMsg, uint inLen, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_export_public(IntPtr key, IntPtr outMsg, ref uint outLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_export_private(IntPtr key, IntPtr outMsg, ref uint outLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_ed25519_size(IntPtr key);
+
+
+        /********************************
+         * Curve25519
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern IntPtr wc_curve25519_new(IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_curve25519_delete(IntPtr key, IntPtr key_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_init(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static void wc_curve25519_free(IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_make_key(IntPtr rng, int keysize, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen);
+
+        /* ASN.1 DER format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Curve25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Curve25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Curve25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_Curve25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg);
+
+        /* RAW format */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_import_private(IntPtr privKey, int privKeySz, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_curve25519_export_public(IntPtr key, byte[] outBuffer, ref uint outLen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_import_public(IntPtr pubKey, int pubKeySz, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_export_public(IntPtr key, IntPtr outPubKey, ref int outlen);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private static extern int wc_curve25519_export_key_raw(IntPtr key, byte[] priv, ref uint privSz, byte[] pub, ref uint pubSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_import_private_raw(IntPtr privKey, IntPtr pubKey, IntPtr key);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_curve25519_export_private_raw(IntPtr key, IntPtr outPrivKey, IntPtr outPubKey);
+
+
+        /********************************
+         * AES-GCM
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_AesNew(IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesDelete(IntPtr aes, IntPtr aes_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesFree(IntPtr aes);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesInit(IntPtr aes, IntPtr heap, int devId);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesGcmInit(IntPtr aes, IntPtr key, uint len, IntPtr iv, uint ivSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesGcmSetKey(IntPtr aes, IntPtr key, uint len);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesGcmEncrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_AesGcmDecrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz);
+
+
+        /********************************
+         * HASH
+         */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_HashNew(uint hashType, IntPtr heap, int devId, IntPtr result_code);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashDelete(IntPtr hash, IntPtr hash_p);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashInit(IntPtr hash, uint hashType);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashUpdate(IntPtr hash, uint hashType, IntPtr data, uint dataSz);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashFinal(IntPtr hash, uint hashType, IntPtr output);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashFree(IntPtr hash, uint hashType);
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static int wc_HashGetDigestSize(uint hashType);
+
+
+        /********************************
+        * Logging
+        */
+        [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
+        private extern static IntPtr wc_GetErrorString(int error);
+
+        public delegate void loggingCb(int lvl, StringBuilder msg);
+        private static loggingCb internal_log;
+
+        /// <summary>
+        /// Log a message to set logging function
+        /// </summary>
+        /// <param name="lvl">Level of log message</param>
+        /// <param name="msg">Message to log</param>
+        private static void log(int lvl, string msg)
+        {
+            /* if log is not set then print nothing */
+            if (internal_log == null)
+                return;
+            StringBuilder ptr = new StringBuilder(msg);
+            internal_log(lvl, ptr);
+        }
+
+
+        /********************************
+         * Enum types from wolfSSL library
+         */
+        /* Logging levels */
+        public static readonly int ERROR_LOG = 0;
+        public static readonly int INFO_LOG = 1;
+        public static readonly int ENTER_LOG = 2;
+        public static readonly int LEAVE_LOG = 3;
+        public static readonly int OTHER_LOG = 4;
+        public static readonly int INVALID_DEVID = -2;
+        public static readonly int ECC_MAX_SIG_SIZE = 141;    /* ECC max sig size */
+        public static readonly int  ECC_KEY_SIZE = 32;       /* ECC key size */
+        public static readonly int MAX_ECIES_TEST_SZ = 200;   /* ECIES max sig size */
+        public static readonly int ED25519_SIG_SIZE = 64;     /* ED25519 pub + priv  */
+        public static readonly int ED25519_KEY_SIZE = 32;     /* Private key only */
+        public static readonly int ED25519_PUB_KEY_SIZE = 32; /* Compressed public */
+        public static readonly int AES_128_KEY_SIZE = 16;     /* for 128 bit */
+        public static readonly int AES_192_KEY_SIZE = 24;     /* for 192 bit */
+        public static readonly int AES_256_KEY_SIZE = 32;     /* for 256 bit */
+        public static readonly int AES_BLOCK_SIZE = 16;
+
+        /* Error codes */
+        public static readonly int SUCCESS = 0;
+        public static readonly int SIG_VERIFY_E = -229;    /* wolfcrypt signature verify error */
+        public static readonly int MEMORY_E = -125;        /* Out of memory error */
+        public static readonly int EXCEPTION_E = -1;
+        public static readonly int BUFFER_E = -131;        /* RSA buffer error, output too small/large */
+
+
+        /***********************************************************************
+         * Class Public Functions
+         **********************************************************************/
+
+        /// <summary>
+        /// Initialize wolfCrypt library
+        /// </summary>
+        /// <returns>0 on success</returns>
+        public static int Init()
+        {
+            int ret;
+            try
+            {
+                ret = wolfCrypt_Init();
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "wolfCrypt init error " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            return ret;
+        }
+
+        /// <summary>
+        /// Clean up wolfCrypt library memory
+        /// </summary>
+        /// <returns>0 on success</returns>
+        public static int Cleanup()
+        {
+            int ret;
+            try
+            {
+                ret = wolfCrypt_Cleanup();
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "wolfCrypt cleanup error " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            return ret;
+        }
+
+
+        /***********************************************************************
+         * Random
+         **********************************************************************/
+
+        /// <summary>
+        /// Create new WC_RNG context
+        /// </summary>
+        /// <returns>Pointer to allocated WC_RNG or null</returns>
+        public static IntPtr RandomNew()
+        {
+            IntPtr rng;
+
+            try
+            {
+                /* Allocate and init new WC_RNG structure */
+                rng = wc_rng_new(
+                    IntPtr.Zero, 0, /* Nonce (optional / used by FIPS only) */
+                    IntPtr.Zero);   /* Heap hint for static memory only */
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "random new exception " + e.ToString());
+                rng = IntPtr.Zero;
+            }
+
+            return rng;
+        }
+
+        /// <summary>
+        /// Free WC_RNG context
+        /// </summary>
+        /// <param name="rng">Pointer to allocated WC_RNG</param>
+        public static void RandomFree(IntPtr rng)
+        {
+            if (rng != IntPtr.Zero)
+            {
+                /* Free WC_RNG structure */
+                wc_rng_free(rng);
+            }
+        }
+
+        /// <summary>
+        /// Generate random data (use existing WC_RNG context)
+        /// </summary>
+        /// <param name="rng">WC_RNG created from RandomNew()</param>
+        /// <param name="buf">buffer to populate random data</param>
+        /// <param name="sz">size of buffer</param>
+        /// <returns>0=success or negative for error</returns>
+        public static int Random(IntPtr rng, byte[] buf, int sz)
+        {
+            int ret;
+            IntPtr data;
+
+            try
+            {
+                /* Allocate global buffer for wolfAPI random */
+                data = Marshal.AllocHGlobal(sz);
+                if (data != IntPtr.Zero)
+                {
+                    /* Generate random block */
+                    ret = wc_RNG_GenerateBlock(rng, data, Convert.ToUInt32(sz));
+                    if (ret == 0)
+                    {
+                        /* copy returned data */
+                        Marshal.Copy(data, buf, 0, sz);
+                    }
+                    else
+                    {
+                        log(ERROR_LOG, "random generate block error " + ret + ": " + GetError(ret));
+                    }
+                    Marshal.FreeHGlobal(data);
+                }
+                else
+                {
+                    ret = MEMORY_E;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "random generate block exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Generate random data (single shot)
+        /// </summary>
+        /// <param name="buf">buffer to populate random data</param>
+        /// <param name="sz">size of buffer</param>
+        /// <returns>0=success or negative for error</returns>
+        public static int Random(byte[] buf, int sz)
+        {
+            int ret;
+            IntPtr rng = RandomNew();
+            if (rng == IntPtr.Zero)
+            {
+                return MEMORY_E;
+            }
+            ret = Random(rng, buf, sz);
+            RandomFree(rng);
+            return ret;
+        }
+        /* END Random */
+
+
+        /***********************************************************************
+         * ECC
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a new ECC private / public key pair
+        /// </summary>
+        /// <param name="keysize">Key size in bytes (example: SECP256R1 = 32)</param>
+        /// <returns>Allocated ECC key structure or null</returns>
+        public static IntPtr EccMakeKey(int keysize, IntPtr rng)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate and init new WC_RNG structure */
+                key = wc_ecc_key_new(IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_ecc_make_key_ex(rng, keysize, key, 0); /* 0=use default curve */
+                    if (ret != 0)
+                    {
+                        EccFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC make key exception " + e.ToString());
+
+                EccFreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Sets the ECC rng structure
+        /// </summary>
+        /// <param name="key">Supplied key as a pointer</param>
+        /// <param name="rng">rng context as a pointer</param>
+        /// <returns>Returns 0 on success</returns>
+        public static int EccSetRng(IntPtr key, IntPtr rng)
+        {
+            int ret = 0;
+
+            try
+            {
+                /* Check */
+                if (key == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "Invalid key or rng pointer.");
+                    return MEMORY_E;
+                }
+
+                /* Set ECC rng */
+                ret = wc_ecc_set_rng(key, rng);
+                if (ret != 0)
+                {
+                    log(ERROR_LOG, "ECC set rng failed returned:" + ret);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC set rng exception " + e.ToString());
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Generate a new ECC private / public key pair
+        /// </summary>
+        /// <param name="keyASN1">ASN.1 private key buffer (see ecc_clikey_der_256)</param>
+        /// <returns>Allocated ECC key structure or null</returns>
+        public static IntPtr EccImportKey(byte[] keyASN1)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = wc_ecc_key_new(IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    IntPtr idx = Marshal.AllocHGlobal(sizeof(uint));
+                    IntPtr keydata = Marshal.AllocHGlobal(keyASN1.Length);
+                    Marshal.WriteInt32(idx, 0);
+                    Marshal.Copy(keyASN1, 0, keydata, keyASN1.Length);
+                    ret = wc_EccPrivateKeyDecode(keydata, idx, key, Convert.ToUInt32(keyASN1.Length));
+                    if (ret != 0)
+                    {
+                        EccFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                    Marshal.FreeHGlobal(idx); /* not used */
+                    Marshal.FreeHGlobal(keydata);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC import key exception " + e.ToString());
+                EccFreeKey(key); /* make sure its free'd */
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Sign a hash using ECC
+        /// </summary>
+        /// <param name="key">ECC key structure</param>
+        /// <param name="hash">Hash to sign</param>
+        /// <param name="signature">Buffer to receive the signature</param>
+        /// <returns>Length of the signature on success, otherwise a negative error code</returns>
+        public static int EccSign(IntPtr key, byte[] hash, byte[] signature)
+        {
+            int ret;
+            int signedLength = 0;
+            IntPtr hashPtr = IntPtr.Zero;
+            IntPtr sigPtr = IntPtr.Zero;
+            IntPtr sigLen = IntPtr.Zero;
+            IntPtr rng = IntPtr.Zero;
+
+            try
+            {
+                rng = RandomNew();
+                hashPtr = Marshal.AllocHGlobal(hash.Length);
+                sigPtr = Marshal.AllocHGlobal(signature.Length);
+                sigLen = Marshal.AllocHGlobal(sizeof(uint));
+
+                Marshal.WriteInt32(sigLen, signature.Length);
+                Marshal.Copy(hash, 0, hashPtr, hash.Length);
+                ret = wc_ecc_sign_hash(hashPtr, Convert.ToUInt32(hash.Length), sigPtr, sigLen, rng, key);
+
+                /* Output actual signature length */
+                if (ret == 0)
+                {
+                    signedLength = Marshal.ReadInt32(sigLen);
+                    if (signedLength <= signature.Length)
+                    {
+                        Marshal.Copy(sigPtr, signature, 0, signedLength);
+                    }
+                    else
+                    {
+                        ret = BUFFER_E;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC sign exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+                if (sigLen != IntPtr.Zero) Marshal.FreeHGlobal(sigLen);
+                if (rng != IntPtr.Zero) RandomFree(rng);
+            }
+
+            return ret == 0 ? signedLength : ret;
+        }
+
+        /// <summary>
+        /// Verify a signature using ECC
+        /// </summary>
+        /// <param name="key">ECC key structure</param>
+        /// <param name="signature">Signature to verify</param>
+        /// <param name="hash">Expected hash value</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int EccVerify(IntPtr key, byte[] signature, byte[] hash)
+        {
+            int ret;
+            IntPtr hashPtr = IntPtr.Zero;
+            IntPtr sigPtr = IntPtr.Zero;
+            IntPtr res = IntPtr.Zero;
+
+            try
+            {
+                hashPtr = Marshal.AllocHGlobal(hash.Length);
+                sigPtr = Marshal.AllocHGlobal(signature.Length);
+                res = Marshal.AllocHGlobal(sizeof(int));
+
+                Marshal.Copy(hash, 0, hashPtr, hash.Length);
+                Marshal.Copy(signature, 0, sigPtr, signature.Length);
+
+                ret = wc_ecc_verify_hash(sigPtr, Convert.ToUInt32(signature.Length), hashPtr, Convert.ToUInt32(hash.Length), res, key);
+
+                if (ret == 0)
+                {
+                    int verifyResult = Marshal.ReadInt32(res);
+                    ret = verifyResult == 1 ? 0 : EXCEPTION_E;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC verify exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+                if (res != IntPtr.Zero) Marshal.FreeHGlobal(res);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export ECC Private Key to DER format
+        /// </summary>
+        /// <param name="key">ECC key structure</param>
+        /// <returns>DER-encoded private key as byte array</returns>
+        public static int EccExportPrivateKeyToDer(IntPtr key, out byte[] derKey)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                int bufferSize = wc_EccPrivateKeyToDer(key, null, 0);
+                if (bufferSize < 0) {
+                    log(ERROR_LOG, "ECC private key get size failed " + bufferSize.ToString());
+                    return bufferSize;
+                }
+                derKey = new byte[bufferSize];
+                ret = wc_EccPrivateKeyToDer(key, derKey, (uint)bufferSize);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "ECC private key to der failed " + ret.ToString());
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC export private exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export ECC Public Key to DER format
+        /// </summary>
+        /// <param name="key">ECC key structure</param>
+        /// <param name="includeCurve">Include algorithm curve in the output</param>
+        /// <returns>DER-encoded public key as byte array</returns>
+        public static int EccExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool includeCurve)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                int bufferSize = wc_EccPublicKeyToDer(key, null, 0, includeCurve ? 1 : 0);
+                if (bufferSize < 0) {
+                    log(ERROR_LOG, "ECC public key get size failed " + bufferSize.ToString());
+                    return bufferSize;
+                }
+                derKey = new byte[bufferSize];
+                ret = wc_EccPublicKeyToDer(key, derKey, (uint)bufferSize, includeCurve ? 1 : 0);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "ECC public key to der failed " + ret.ToString());
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC export public exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Import ECC Public Key from DER format
+        /// </summary>
+        /// <param name="keyDer">DER-encoded public key</param>
+        /// <returns>Allocated ECC key structure or null</returns>
+        public static IntPtr EccImportPublicKeyFromDer(byte[] keyDer)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = wc_ecc_key_new(IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    uint idx = 0;
+                    ret = wc_EccPublicKeyDecode(keyDer, ref idx, key, (uint)keyDer.Length);
+                    if (ret != 0)
+                    {
+                        EccFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC import public key exception " + e.ToString());
+                EccFreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Free an ECC key structure
+        /// </summary>
+        /// <param name="key">ECC key structure allocated using EccMakeKey() or EccImportKey()</param>
+        public static void EccFreeKey(IntPtr key)
+        {
+            if (key != IntPtr.Zero)
+            {
+                wc_ecc_key_free(key);
+            }
+        }
+        /* END ECC */
+
+
+        /***********************************************************************
+         * ECIES
+         **********************************************************************/
+
+        /// <summary>
+        /// Create a new ECIES context with flags, RNG, and custom heap.
+        /// </summary>
+        /// <param name="flags">Flags for the context initialization.</param>
+        /// <param name="rng">Random Number Generator (RNG) pointer.</param>
+        /// <param name="heap">Custom heap pointer for memory allocations.</param>
+        /// <returns>Pointer to the newly created ECIES context or IntPtr.Zero on failure.</returns>
+        public static IntPtr EciesNewCtx(int flags, IntPtr rng, IntPtr heap)
+        {
+            IntPtr ctx = IntPtr.Zero;
+            heap = IntPtr.Zero;
+
+            try
+            {
+                ctx = wc_ecc_ctx_new_ex(flags, rng, heap);
+                if (ctx == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "ECIES context creation with custom heap failed: returned IntPtr.Zero");
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES context creation with custom heap failed: " + e.ToString());
+                return IntPtr.Zero;
+            }
+
+            return ctx;
+        }
+
+        /// <summary>
+        /// Reset the ECIES context with a new RNG.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context to reset.</param>
+        /// <param name="rng">New RNG to set.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesCtxReset(IntPtr ctx, IntPtr rng)
+        {
+            int ret;
+
+            try
+            {
+                ret = wc_ecc_ctx_reset(ctx, rng);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES context reset exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Set encryption, KDF, and MAC algorithms for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="encAlgo">Encryption algorithm identifier.</param>
+        /// <param name="kdfAlgo">Key Derivation Function (KDF) algorithm identifier.</param>
+        /// <param name="macAlgo">MAC algorithm identifier.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetAlgo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo)
+        {
+            int ret;
+
+            try
+            {
+                ret = wc_ecc_ctx_set_algo(ctx, encAlgo, kdfAlgo, macAlgo);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set algorithm exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Get the ECIES own salt as a byte array.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <returns>Byte array representing the own salt, or null if there is an error.</returns>
+        public static byte[] EciesGetOwnSalt(IntPtr ctx)
+        {
+            IntPtr saltPtr = IntPtr.Zero;
+            byte[] salt = null;
+
+            try
+            {
+                /* Check ctx */
+                if (ctx == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "Invalid ECIES context pointer.");
+                    return null;
+                }
+
+                /* Get own salt */
+                saltPtr = wc_ecc_ctx_get_own_salt(ctx);
+                if (saltPtr == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "Failed to get own salt.");
+                    return null;
+                }
+
+                /* Allocate salt size and copy to byte array */
+                salt = new byte[(int)ecKeySize.EXCHANGE_SALT_SZ];
+                Marshal.Copy(saltPtr, salt, 0, (int)ecKeySize.EXCHANGE_SALT_SZ);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES get own salt exception: " + e.ToString());
+                return null;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
+            }
+
+            return salt;
+        }
+
+        /// <summary>
+        /// Set the peer salt for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="salt">Peer salt as a byte array.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetPeerSalt(IntPtr ctx, byte[] salt)
+        {
+            IntPtr saltPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                saltPtr = Marshal.AllocHGlobal(salt.Length);
+                Marshal.Copy(salt, 0, saltPtr, salt.Length);
+
+                /* Set the peer salt */
+                ret = wc_ecc_ctx_set_peer_salt(ctx, saltPtr);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set peer salt exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Set the own salt for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="salt">Own salt as a byte array.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetOwnSalt(IntPtr ctx, byte[] salt)
+        {
+            IntPtr saltPtr = IntPtr.Zero;
+            uint saltSz;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                saltSz = (uint)salt.Length;
+                saltPtr = Marshal.AllocHGlobal(salt.Length);
+                Marshal.Copy(salt, 0, saltPtr, salt.Length);
+
+                /* Set the own salt */
+                ret = wc_ecc_ctx_set_own_salt(ctx, saltPtr, saltSz);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set own salt exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Set the KDF salt for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="salt">KDF salt as a byte array.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetKdfSalt(IntPtr ctx, byte[] salt)
+        {
+            IntPtr saltPtr = IntPtr.Zero;
+            uint saltSz;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                saltSz = (uint)salt.Length;
+                saltPtr = Marshal.AllocHGlobal(salt.Length);
+                Marshal.Copy(salt, 0, saltPtr, salt.Length);
+
+                /* Set the KDF salt */
+                ret = wc_ecc_ctx_set_kdf_salt(ctx, saltPtr, saltSz);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set KDF salt exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Set the info for the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context.</param>
+        /// <param name="info">Info as a byte array.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesSetInfo(IntPtr ctx, byte[] info)
+        {
+            IntPtr infoPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                infoPtr = Marshal.AllocHGlobal(info.Length);
+                Marshal.Copy(info, 0, infoPtr, info.Length);
+
+                /* Set the info */
+                ret = wc_ecc_ctx_set_info(ctx, infoPtr, info.Length);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES set info exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (infoPtr != IntPtr.Zero) Marshal.FreeHGlobal(infoPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Encrypt a message using ECIES.
+        /// </summary>
+        /// <param name="privKey">Private key.</param>
+        /// <param name="pubKey">Public key.</param>
+        /// <param name="msg">Message to encrypt.</param>
+        /// <param name="msgSz">Message size.</param>
+        /// <param name="outBuffer">Output buffer.</param>
+        /// <param name="ctx">ECIES context.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesEncrypt(IntPtr privKey, IntPtr pubKey, byte[] msg, uint msgSz, byte[] outBuffer, IntPtr ctx)
+        {
+            int ret;
+            int outBufferLength = 0;
+            IntPtr msgPtr = IntPtr.Zero;
+            IntPtr outBufferPtr = IntPtr.Zero;
+            IntPtr outSz = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate memory */
+                msgPtr = Marshal.AllocHGlobal(msg.Length);
+                outBufferPtr = Marshal.AllocHGlobal(outBuffer.Length);
+                outSz = Marshal.AllocHGlobal(sizeof(uint));
+
+                Marshal.WriteInt32(outSz, outBuffer.Length);
+                Marshal.Copy(msg, 0, msgPtr, msg.Length);
+
+                /* Encrypt */
+                ret = wc_ecc_encrypt(privKey, pubKey, msgPtr, msgSz, outBufferPtr, outSz, ctx);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to encrypt message using ECIES. Error code: " + ret);
+                }
+                /* Output actual output buffer length */
+                if (ret == 0)
+                {
+                    outBufferLength = Marshal.ReadInt32(outSz);
+                    if (outBufferLength <= outBuffer.Length)
+                    {
+                        Marshal.Copy(outBufferPtr, outBuffer, 0, outBufferLength);
+                    }
+                    else
+                    {
+                        ret = BUFFER_E;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES encryption exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr);
+                if (outBufferPtr != IntPtr.Zero) Marshal.FreeHGlobal(outBufferPtr);
+                if (outSz != IntPtr.Zero) Marshal.FreeHGlobal(outSz);
+            }
+
+            return ret == 0 ? outBufferLength : ret;
+        }
+
+        /// <summary>
+        /// Decrypt a message using ECIES.
+        /// </summary>
+        /// <param name="privKey">Private key.</param>
+        /// <param name="pubKey">Public key.</param>
+        /// <param name="msg">Encrypted message.</param>
+        /// <param name="msgSz">Message size.</param>
+        /// <param name="outBuffer">Output buffer for the decrypted message.</param>
+        /// <param name="ctx">ECIES context.</param>
+        /// <returns>0 on success, or a negative error code on failure.</returns>
+        public static int EciesDecrypt(IntPtr privKey, IntPtr pubKey, byte[] msg, uint msgSz, byte[] outBuffer, IntPtr ctx)
+        {
+            int ret;
+            int outBufferLength = 0;
+            IntPtr msgPtr = IntPtr.Zero;
+            IntPtr outBufferPtr = IntPtr.Zero;
+            IntPtr outSz = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate memory */
+                msgPtr = Marshal.AllocHGlobal(msg.Length);
+                outBufferPtr = Marshal.AllocHGlobal(outBuffer.Length);
+                outSz = Marshal.AllocHGlobal(sizeof(uint));
+
+                Marshal.WriteInt32(outSz, outBuffer.Length);
+                Marshal.Copy(msg, 0, msgPtr, msg.Length);
+
+                /* Decrypt */
+                ret = wc_ecc_decrypt(privKey, pubKey, msgPtr, msgSz, outBufferPtr, outSz, ctx);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to decrypt message using ECIES. Error code: " + ret);
+                }
+                /* Output actual output buffer length */
+                if (ret == 0)
+                {
+                    outBufferLength = Marshal.ReadInt32(outSz);
+                    if (outBufferLength <= outBuffer.Length)
+                    {
+                        Marshal.Copy(outBufferPtr, outBuffer, 0, outBufferLength);
+                    }
+                    else
+                    {
+                        ret = BUFFER_E;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECIES decryption exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr);
+                if (outBufferPtr != IntPtr.Zero) Marshal.FreeHGlobal(outBufferPtr);
+                if (outSz != IntPtr.Zero) Marshal.FreeHGlobal(outSz);
+            }
+
+            return ret == 0 ? outBufferLength : ret;
+        }
+
+        /// <summary>
+        /// Free the ECIES context.
+        /// </summary>
+        /// <param name="ctx">Pointer to the ECIES context to free.</param>
+        public static void EciesFreeCtx(IntPtr ctx)
+        {
+            if (ctx != IntPtr.Zero)
+            {
+                wc_ecc_ctx_free(ctx);
+            }
+        }
+
+        /********************************
+         * ENUMS
+         */
+        public enum ecEncAlgo {
+            ecAES_128_CBC = 1,  /* default */
+            ecAES_256_CBC = 2,
+            ecAES_128_CTR = 3,
+            ecAES_256_CTR = 4
+        }
+
+        public enum ecKdfAlgo {
+            ecHKDF_SHA256      = 1,  /* default */
+            ecHKDF_SHA1        = 2,
+            ecKDF_X963_SHA1    = 3,
+            ecKDF_X963_SHA256  = 4,
+            ecKDF_SHA1         = 5,
+            ecKDF_SHA256       = 6
+        }
+
+        public enum ecMacAlgo {
+            ecHMAC_SHA256 = 1,  /* default */
+            ecHMAC_SHA1   = 2
+        }
+
+        public enum ecKeySize {
+            KEY_SIZE_128     = 16,
+            KEY_SIZE_256     = 32,
+            IV_SIZE_64       =  8,
+            IV_SIZE_128      = 16,
+            ECC_MAX_IV_SIZE  = 16,
+            EXCHANGE_SALT_SZ = 16,
+            EXCHANGE_INFO_SZ = 23
+        }
+
+        public enum ecFlags {
+            REQ_RESP_CLIENT = 1,
+            REQ_RESP_SERVER = 2
+        }
+        /* END ECIES */
+
+
+        /***********************************************************************
+         * ECDHE
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a shared secret using ECC
+        /// </summary>
+        /// <param name="privateKey">ECC private key</param>
+        /// <param name="publicKey">ECC public key</param>
+        /// <param name="secret">Buffer to receive the shared secret</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int EcdheSharedSecret(IntPtr privateKey, IntPtr publicKey, byte[] secret, IntPtr rng)
+        {
+            int ret;
+            int secretLength = secret.Length;
+
+            try
+            {
+                /* set RNG for Public Key */
+                ret = EccSetRng(privateKey, rng);
+                if (ret != 0)
+                {
+                    throw new Exception("Failed to set Public Key RNG Error code: " + ret);
+                }
+
+                /* set RNG for Private Key */
+                ret = EccSetRng(publicKey, rng);
+                if (ret != 0)
+                {
+                    throw new Exception("Failed to set Private Key RNG. Error code: " + ret);
+                }
+
+                /* Generate shared secret */
+                if (privateKey != IntPtr.Zero || publicKey != IntPtr.Zero)
+                {
+                    ret = wc_ecc_shared_secret(privateKey, publicKey, secret, ref secretLength);
+                    if (ret != 0)
+                    {
+                        throw new Exception("Failed to compute ECC shared secret. Error code: " + ret);
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ECC shared secret exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+        /* END ECDHE */
+
+
+        /***********************************************************************
+         * RSA
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a new RSA private/public key pair
+        /// </summary>
+        /// <param name="heap">Pointer to the heap for memory allocation
+        /// (use IntPtr.Zero if not applicable)</param>
+        /// <param name="devId">Device ID (if applicable, otherwise use 0)</param>
+        /// <param name="keysize">Key size in bits (example: 2048)</param>
+        /// <param name="exponent">Exponent for RSA key generation (default is 65537)</param>
+        /// <returns>Allocated RSA key structure or null on failure</returns>
+        public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize, Int32 exponent)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+            IntPtr rng = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate and init new RSA key structure */
+                key = wc_NewRsaKey(heap, devId, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    rng = RandomNew();
+                    if (rng == IntPtr.Zero)
+                    {
+                        throw new Exception("Failed to create rng.");
+                    }
+
+                    ret = wc_MakeRsaKey(key, keysize, exponent, rng);
+                    if (ret != 0)
+                    {
+                        RsaFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+
+                    RandomFree(rng);
+                    rng = IntPtr.Zero;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "RSA make key exception " + e.ToString());
+                if (rng != IntPtr.Zero) RandomFree(rng);
+                if (key != IntPtr.Zero) RsaFreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize)
+        {
+            return RsaMakeKey(heap, devId, keysize, 65537);
+        }
+
+        /// <summary>
+        /// Import an RSA private key from ASN.1 buffer
+        /// </summary>
+        /// <param name="keyASN1">ASN.1 private key buffer</param>
+        /// <returns>Allocated RSA key structure or null</returns>
+        public static IntPtr RsaImportKey(byte[] keyASN1)
+        {
+            int ret;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = wc_NewRsaKey(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    IntPtr idx = Marshal.AllocHGlobal(sizeof(uint));
+                    IntPtr keydata = Marshal.AllocHGlobal(keyASN1.Length);
+                    Marshal.WriteInt32(idx, 0);
+                    Marshal.Copy(keyASN1, 0, keydata, keyASN1.Length);
+                    ret = wc_RsaPrivateKeyDecode(keydata, idx, key, Convert.ToUInt32(keyASN1.Length));
+                    if (ret != 0)
+                    {
+                        RsaFreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                    Marshal.FreeHGlobal(idx); /* not used */
+                    Marshal.FreeHGlobal(keydata);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "RSA make key exception " + e.ToString());
+                RsaFreeKey(key); /* make sure its free'd */
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Sign a hash using RSA and SSL-style padding
+        /// </summary>
+        /// <param name="key">RSA key structure</param>
+        /// <param name="hash">Hash to sign</param>
+        /// <param name="signature">Buffer to receive the signature</param>
+        /// <returns>Length of the signature on success, otherwise an error code</returns>
+        public static int RsaSignSSL(IntPtr key, byte[] hash, byte[] signature)
+        {
+            IntPtr hashPtr = Marshal.AllocHGlobal(hash.Length);
+            IntPtr sigPtr = Marshal.AllocHGlobal(signature.Length);
+            IntPtr rng = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                rng = RandomNew();
+                if (rng == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to create RNG.");
+                }
+
+                Marshal.Copy(hash, 0, hashPtr, hash.Length);
+
+                ret = wc_RsaSSL_Sign(hashPtr, hash.Length, sigPtr, signature.Length, key, rng);
+                if (ret >= 0) /* `wc_RsaSSL_Sign` returns the signature length on success */
+                {
+                    Marshal.Copy(sigPtr, signature, 0, ret);
+                }
+            }
+            finally
+            {
+                if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+                if (rng != IntPtr.Zero) RandomFree(rng);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Verify a signature using RSA and SSL-style padding
+        /// </summary>
+        /// <param name="key">RSA key structure</param>
+        /// <param name="signature">Signature to verify</param>
+        /// <param name="hash">Expected hash value</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int RsaVerifySSL(IntPtr key, byte[] signature, byte[] hash)
+        {
+            IntPtr hashPtr = IntPtr.Zero;
+            IntPtr sigPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                hashPtr = Marshal.AllocHGlobal(hash.Length);
+                sigPtr = Marshal.AllocHGlobal(signature.Length);
+
+                Marshal.Copy(signature, 0, sigPtr, signature.Length);
+
+                ret = wc_RsaSSL_Verify(sigPtr, signature.Length, hashPtr, hash.Length, key);
+
+                if (ret == hash.Length)
+                {
+                    byte[] verifiedHash = new byte[hash.Length];
+                    Marshal.Copy(hashPtr, verifiedHash, 0, hash.Length);
+
+                    if (ByteArrayVerify(verifiedHash, hash))
+                    {
+                        ret = 0;
+                    }
+                    else
+                    {
+                        ret = SIG_VERIFY_E;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "RSA verify exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Encrypt data using RSA public key encryption
+        /// </summary>
+        /// <param name="key">RSA key structure</param>
+        /// <param name="input">Data to encrypt</param>
+        /// <param name="output">Buffer to receive the encrypted data</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int RsaPublicEncrypt(IntPtr key, byte[] input, byte[] output)
+        {
+            IntPtr inPtr = Marshal.AllocHGlobal(input.Length);
+            IntPtr outPtr = Marshal.AllocHGlobal(output.Length);
+            Marshal.Copy(input, 0, inPtr, input.Length);
+
+            int ret = wc_RsaPublicEncrypt(inPtr, input.Length, outPtr, output.Length, key);
+
+            if (ret > 0)
+            {
+                Marshal.Copy(outPtr, output, 0, ret);
+            }
+
+            Marshal.FreeHGlobal(inPtr);
+            Marshal.FreeHGlobal(outPtr);
+
+            return ret > 0 ? 0 : ret;
+        }
+
+        /// <summary>
+        /// Decrypt data using RSA private key decryption
+        /// </summary>
+        /// <param name="key">RSA key structure</param>
+        /// <param name="input">Encrypted data</param>
+        /// <param name="output">Buffer to receive the decrypted data</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int RsaPrivateDecrypt(IntPtr key, byte[] input, byte[] output)
+        {
+            IntPtr inPtr = Marshal.AllocHGlobal(input.Length);
+            IntPtr outPtr = Marshal.AllocHGlobal(output.Length);
+            Marshal.Copy(input, 0, inPtr, input.Length);
+
+            int ret = wc_RsaPrivateDecrypt(inPtr, input.Length, outPtr, output.Length, key);
+
+            if (ret > 0)
+            {
+                Marshal.Copy(outPtr, output, 0, ret);
+            }
+
+            Marshal.FreeHGlobal(inPtr);
+            Marshal.FreeHGlobal(outPtr);
+
+            return ret > 0 ? 0 : ret;
+        }
+
+        /// <summary>
+        /// Free an RSA key structure
+        /// </summary>
+        /// <param name="key">RSA key structure allocated using RsaMakeKey() or RsaImportKey()</param>
+        public static void RsaFreeKey(IntPtr key)
+        {
+            if (key != IntPtr.Zero)
+            {
+                wc_DeleteRsaKey(key, IntPtr.Zero);
+                key = IntPtr.Zero;
+            }
+        }
+        /* END RSA */
+
+
+        /***********************************************************************
+         * ED25519
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a new ED25519 key pair with a specified heap, device ID, and internally managed RNG.
+        /// </summary>
+        /// <param name="heap">Heap to use for memory allocations (can be IntPtr.Zero).</param>
+        /// <param name="devId">Device ID for hardware-based keys (can be 0 for software).</param>
+        /// <returns>0 on success, or an error code on failure.</returns>
+        public static IntPtr Ed25519MakeKey(IntPtr heap, int devId)
+        {
+            int ret = 0;
+            IntPtr rng = IntPtr.Zero;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                rng = RandomNew();
+                if (rng == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to create RNG.");
+                }
+
+                key = wc_ed25519_new(heap, devId, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_ed25519_make_key(rng, 32, key);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 make key exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (rng != IntPtr.Zero) RandomFree(rng);
+                if (ret != 0)
+                {
+                    wc_ed25519_delete(key, IntPtr.Zero);
+                    key = IntPtr.Zero;
+                }
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Sign a message with an ED25519 private key.
+        /// </summary>
+        /// <param name="inMsg">Message to be signed</param>
+        /// <param name="outMsg">Buffer to receive the signature</param>
+        /// <param name="key">Private key used for signing</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519SignMsg(byte[] inMsg, out byte[] outMsg, IntPtr key)
+        {
+            int ret;
+            IntPtr inMsgPtr = Marshal.AllocHGlobal(inMsg.Length);
+            IntPtr outMsgPtr = Marshal.AllocHGlobal(ED25519_SIG_SIZE);
+            outMsg = null;
+
+            try
+            {
+                Marshal.Copy(inMsg, 0, inMsgPtr, inMsg.Length);
+                uint outMsgSize = (uint)ED25519_SIG_SIZE;
+                ret = wc_ed25519_sign_msg(inMsgPtr, (uint)inMsg.Length, outMsgPtr, ref outMsgSize, key);
+                if (ret == 0)
+                {
+                    outMsg = new byte[outMsgSize];
+                    Marshal.Copy(outMsgPtr, outMsg, 0, (int)outMsgSize);
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr);
+                if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Verify a signature of a message with an ED25519 public key.
+        /// </summary>
+        /// <param name="sig">Signature to verify</param>
+        /// <param name="msg">Message that was signed</param>
+        /// <param name="key">Public key used for verification</param>
+        /// <returns>0 if the verification succeeds, otherwise an error code</returns>
+        public static int Ed25519VerifyMsg(byte[] sig, byte[] msg, IntPtr key)
+        {
+            IntPtr sigPtr = IntPtr.Zero;
+            IntPtr msgPtr = IntPtr.Zero;
+            int ret = 0;
+
+            try
+            {
+                /* Allocate memory */
+                sigPtr = Marshal.AllocHGlobal(sig.Length);
+                msgPtr = Marshal.AllocHGlobal(msg.Length);
+
+                Marshal.Copy(sig, 0, sigPtr, sig.Length);
+                Marshal.Copy(msg, 0, msgPtr, msg.Length);
+
+                int verify = 0;
+                ret = wc_ed25519_verify_msg(sigPtr, (uint)sig.Length, msgPtr, (uint)msg.Length, ref verify, key);
+
+                if (ret == 0 && verify == 1)
+                {
+                    ret = 0;
+                }
+                else
+                {
+                    ret = SIG_VERIFY_E;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 verify exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
+                if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Decode an ED25519 private key from DER format.
+        /// </summary>
+        /// <param name="input">DER-encoded private key as byte array.</param>
+        /// <returns>Allocated ED25519 key structure or IntPtr.Zero on failure.</returns>
+        public static IntPtr Ed25519PrivateKeyDecode(byte[] input)
+        {
+            IntPtr key = IntPtr.Zero;
+            uint idx = 0;
+            int ret;
+
+            try
+            {
+                key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length);
+                    if (ret != 0)
+                    {
+                        Ed25519FreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 private key decode exception: " + e.ToString());
+                if (key != IntPtr.Zero) Ed25519FreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Decode an ED25519 public key from DER format.
+        /// </summary>
+        /// <param name="input">DER-encoded public key as byte array.</param>
+        /// <returns>Allocated ED25519 key structure or IntPtr.Zero on failure.</returns>
+        public static IntPtr Ed25519PublicKeyDecode(byte[] input)
+        {
+            IntPtr key = IntPtr.Zero;
+            uint idx = 0;
+            int ret;
+
+            try
+            {
+                key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_Ed25519PublicKeyDecode(input, ref idx, key, (uint)input.Length);
+                    if (ret != 0)
+                    {
+                        Ed25519FreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 public key decode exception: " + e.ToString());
+                if (key != IntPtr.Zero) Ed25519FreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Export an ED25519 key to DER format.
+        /// </summary>
+        /// <param name="key">ED25519 key structure.</param>
+        /// <param name="privKey">DER-encoded public key as byte array.</param>
+        /// <returns>DER-encoded key as byte array.</returns>
+        public static int Ed25519ExportKeyToDer(IntPtr key, out byte[] privKey)
+        {
+            int ret;
+            privKey = null;
+
+            try
+            {
+                /* Get length */
+                int len = wc_Ed25519KeyToDer(key, null, 0);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                privKey = new byte[len];
+                ret = wc_Ed25519KeyToDer(key, privKey, (uint)privKey.Length);
+
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export ED25519 private key to DER format. Error code: " + ret);
+                    return ret;
+                }
+            }
+            catch(Exception e)
+            {
+                log(ERROR_LOG, "ED25519 export private key to DER exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export an ED25519 private key to DER format.
+        /// </summary>
+        /// <param name="key">ED25519 private key structure.</param>
+        /// <param name="derKey">DER-encoded private key as byte array.</param>
+        /// <returns>DER-encoded private key as byte array.</returns>
+        public static int Ed25519ExportPrivateKeyToDer(IntPtr key, out byte[] derKey)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                /* Determine length */
+                int len = wc_Ed25519PrivateKeyToDer(key, null, 0);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                derKey = new byte[len];
+                ret = wc_Ed25519PrivateKeyToDer(key, derKey, (uint)derKey.Length);
+
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export ED25519 private key to DER format. Error code: " + ret);
+                    return ret;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 export private key to DER exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export an ED25519 public key to DER format.
+        /// </summary>
+        /// <param name="key">ED25519 public key structure.</param>
+        /// <param name="includeAlg">Whether to include the algorithm identifier in the output.</param>
+        /// <param name="pubKey">DER-encoded public key as byte array.</param>
+        /// <returns>An error code indicating success (0) or failure (negative value).</returns>
+        public static int Ed25519ExportPublicKeyToDer(IntPtr key, out byte[] pubKey, bool includeAlg)
+        {
+            int ret;
+            pubKey = null;
+
+            try
+            {
+                /* Determine length */
+                int len = wc_Ed25519PublicKeyToDer(key, null, 0, 1);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                pubKey = new byte[len];
+                ret = wc_Ed25519PublicKeyToDer(key, pubKey, (uint)pubKey.Length, includeAlg ? 1 : 0);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export ED25519 public key to DER format. Error code: " + ret);
+                    return ret;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "ED25519 export public key to DER exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Free an ED25519 key.
+        /// </summary>
+        /// <param name="key">Key to be freed</param>
+        public static void Ed25519FreeKey(IntPtr key)
+        {
+            wc_ed25519_delete(key, IntPtr.Zero);
+            key = IntPtr.Zero;
+        }
+        /* END ED25519 */
+
+
+        /***********************************************************************
+         * RAW ED25519
+         **********************************************************************/
+
+        /// <summary>
+    	/// Initialize an ED25519 key.
+    	/// </summary>
+    	/// <param name="key">Buffer to receive the initialized key</param>
+    	/// <returns>0 on success, otherwise an error code</returns>
+    	public static int Ed25519InitKey(out IntPtr key)
+        {
+            key = IntPtr.Zero;
+            try
+            {
+                key = Marshal.AllocHGlobal(ED25519_SIG_SIZE);
+                int ret = wc_ed25519_init(key);
+
+                if (ret != 0)
+                {
+                    Marshal.FreeHGlobal(key);
+                    key = IntPtr.Zero;
+                }
+
+                return ret;
+            }
+            catch
+            {
+                /* Cleanup */
+                Marshal.FreeHGlobal(key);
+                key = IntPtr.Zero;
+                throw;
+            }
+        }
+
+        /// <summary>
+        /// Import a public key into an ED25519 key structure.
+        /// </summary>
+        /// <param name="inMsg">Public key to import</param>
+        /// <param name="inLen">Length of the public key</param>
+        /// <param name="key">Buffer to receive the imported key</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519ImportPublic(byte[] inMsg, uint inLen, out IntPtr key)
+        {
+            int ret;
+            key = IntPtr.Zero;
+            IntPtr inMsgPtr = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate memory */
+                key = Marshal.AllocHGlobal(ED25519_PUB_KEY_SIZE);
+                if (key == IntPtr.Zero)
+                {
+                    throw new OutOfMemoryException("Failed to allocate memory for the key.");
+                }
+
+                inMsgPtr = Marshal.AllocHGlobal(inMsg.Length);
+                if (inMsgPtr == IntPtr.Zero)
+                {
+                    throw new OutOfMemoryException("Failed to allocate memory for the input message.");
+                }
+                Marshal.Copy(inMsg, 0, inMsgPtr, inMsg.Length);
+
+                ret = wc_ed25519_import_public(inMsgPtr, inLen, key);
+                if (ret != 0)
+                {
+                    return ret;
+                }
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine($"Exception in EdImportPublic: {ex.Message}");
+
+                return EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr);
+                if (key != IntPtr.Zero) Marshal.FreeHGlobal(key);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export a public key from an ED25519 key structure.
+        /// </summary>
+        /// <param name="key">ED25519 key structure</param>
+        /// <param name="outMsg">Buffer to receive the exported public key</param>
+        /// <param name="outLen">Length of the exported public key</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519ExportPublic(IntPtr key, byte[] outMsg, out uint outLen)
+        {
+            int ret;
+            IntPtr outMsgPtr = IntPtr.Zero;
+
+            try
+            {
+                outMsgPtr = Marshal.AllocHGlobal(outMsg.Length);
+                outLen = (uint)outMsg.Length;
+                ret = wc_ed25519_export_public(key, outMsgPtr, ref outLen);
+                if (ret == 0)
+                {
+                    Marshal.Copy(outMsgPtr, outMsg, 0, (int)outLen);
+                }
+                else
+                {
+                    outLen = 0;
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export a private key from an ED25519 key structure.
+        /// </summary>
+        /// <param name="key">ED25519 key structure</param>
+        /// <param name="outMsg">Buffer to receive the exported private key</param>
+        /// <param name="outLen">Length of the exported private key</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519ExportPrivate(IntPtr key, byte[] outMsg, out uint outLen)
+        {
+            int ret;
+            IntPtr outMsgPtr = IntPtr.Zero;
+
+            try
+            {
+                outMsgPtr = Marshal.AllocHGlobal(outMsg.Length);
+                outLen = (uint)outMsg.Length;
+                ret = wc_ed25519_export_private(key, outMsgPtr, ref outLen);
+                if (ret == 0)
+                {
+                    Marshal.Copy(outMsgPtr, outMsg, 0, (int)outLen);
+                }
+                else
+                {
+                    outLen = 0;
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Generate a public key from a private key.
+        /// </summary>
+        /// <param name="key">The private key used to generate the public key</param>
+        /// <param name="pubKey">Buffer to receive the public key</param>
+        /// <param name="pubKeySz">Size of the public key buffer</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Ed25519MakePublic(IntPtr key, byte[] pubKey, out uint pubKeySz)
+        {
+            int ret;
+            IntPtr pubKeyPtr = Marshal.AllocHGlobal(pubKey.Length);
+
+            try
+            {
+                pubKeySz = (uint)pubKey.Length;
+                ret = wc_ed25519_make_public(key, pubKeyPtr, pubKeySz);
+                if (ret == 0)
+                {
+                    Marshal.Copy(pubKeyPtr, pubKey, 0, (int)pubKeySz);
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (pubKeyPtr != IntPtr.Zero) Marshal.FreeHGlobal(pubKeyPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Get the size of the ED25519 key.
+        /// </summary>
+        /// <param name="key">ED25519 key structure</param>
+        /// <returns>Size of the key, or an error code if failed</returns>
+        public static int Ed25519GetKeySize(IntPtr key)
+        {
+            return wc_ed25519_size(key);
+        }
+        /* END RAW ED25519 */
+
+
+        /***********************************************************************
+         * Curve25519
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a new Curve25519 key pair with a specified heap, device ID, and internally managed RNG.
+        /// </summary>
+        /// <param name="heap">Heap to use for memory allocations (can be IntPtr.Zero).</param>
+        /// <param name="devId">Device ID for hardware-based keys (can be 0 for software).</param>
+        /// <returns>0 on success, or an error code on failure.</returns>
+        public static IntPtr Curve25519MakeKey(IntPtr heap, int devId)
+        {
+            int ret = 0;
+            IntPtr rng = IntPtr.Zero;
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                rng = RandomNew();
+                if (rng == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to create RNG.");
+                }
+
+                key = wc_curve25519_new(heap, devId, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_curve25519_make_key(rng, 32, key);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 make key exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (rng != IntPtr.Zero) RandomFree(rng);
+                if (ret != 0)
+                {
+                    wc_curve25519_delete(key, IntPtr.Zero);
+                    key = IntPtr.Zero;
+                }
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Decode an Curve25519 private key from DER format.
+        /// </summary>
+        /// <param name="input">DER-encoded private key as byte array.</param>
+        /// <returns>Allocated Curve25519 key structure or IntPtr.Zero on failure.</returns>
+        public static IntPtr Curve25519PrivateKeyDecode(byte[] input)
+        {
+            IntPtr key = IntPtr.Zero;
+            uint idx = 0;
+            int ret;
+
+            try
+            {
+                key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length);
+                    if (ret != 0)
+                    {
+                        Curve25519FreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 private key decode exception: " + e.ToString());
+                if (key != IntPtr.Zero) Curve25519FreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Decode an Curve25519 public key from DER format.
+        /// </summary>
+        /// <param name="input">DER-encoded public key as byte array.</param>
+        /// <returns>Allocated Curve25519 key structure or IntPtr.Zero on failure.</returns>
+        public static IntPtr Curve25519PublicKeyDecode(byte[] input)
+        {
+            IntPtr key = IntPtr.Zero;
+            uint idx = 0;
+            int ret;
+
+            try
+            {
+                key = wc_curve25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
+                if (key != IntPtr.Zero)
+                {
+                    ret = wc_Curve25519PublicKeyDecode(input, ref idx, key, (uint)input.Length);
+                    if (ret != 0)
+                    {
+                        Curve25519FreeKey(key);
+                        key = IntPtr.Zero;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 public key decode exception: " + e.ToString());
+                if (key != IntPtr.Zero) Curve25519FreeKey(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Export an Curve25519 key to DER format.
+        /// </summary>
+        /// <param name="key">Curve25519 key structure.</param>
+        /// <param name="derKey">DER-encoded public key as byte array.</param>
+        /// <returns>DER-encoded key as byte array.</returns>
+        public static int Curve25519ExportPrivateKeyToDer(IntPtr key, out byte[] derKey)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                /* Determine length */
+                int len = wc_Curve25519PrivateKeyToDer(key, null, 0);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                derKey = new byte[len];
+                ret = wc_Curve25519PrivateKeyToDer(key, derKey, (uint)derKey.Length);
+
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export Curve25519 private key to DER format. Error code: " + ret);
+                    return ret;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "CURVE25519 export private key to DER exception: " + e.ToString());
+                return EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Export an Curve25519 public key to DER format.
+        /// </summary>
+        /// <param name="key">Curve25519 public key structure.</param>
+        /// <param name="includeAlg">Whether to include the algorithm identifier in the output.</param>
+        /// <param name="derKey">DER-encoded public key as byte array.</param>
+        /// <returns>An error code indicating success (0) or failure (negative value).</returns>
+        public static int Curve25519ExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool includeAlg)
+        {
+            int ret;
+            derKey = null;
+
+            try
+            {
+                /* Determine length */
+                int len = wc_Curve25519PublicKeyToDer(key, null, 0, 1);
+                if (len < 0)
+                {
+                    log(ERROR_LOG, "Failed to determine length. Error code: " + len);
+                    return len;
+                }
+
+                derKey = new byte[len];
+                ret = wc_Curve25519PublicKeyToDer(key, derKey, (uint)derKey.Length, includeAlg ? 1 : 0);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to export Curve25519 public key to DER format. Error code: " + ret);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 export public key to DER exception: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Free an Curve25519 key.
+        /// </summary>
+        /// <param name="key">Key to be freed</param>
+        public static void Curve25519FreeKey(IntPtr key)
+        {
+            wc_curve25519_delete(key, IntPtr.Zero);
+            key = IntPtr.Zero;
+        }
+        /* END Curve25519 */
+
+
+        /***********************************************************************
+         * RAW Curve25519
+         **********************************************************************/
+
+        /// <summary>
+        /// Generate a shared secret using Curve25519
+        /// </summary>
+        /// <param name="privateKey">Curve25519 private key</param>
+        /// <param name="publicKey">Curve25519 public key</param>
+        /// <param name="secret">Buffer to receive the shared secret</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int Curve25519SharedSecret(IntPtr privateKey, IntPtr publicKey, byte[] secret)
+        {
+            int ret;
+            int secretLength = secret.Length;
+
+            try
+            {
+                ret = wc_curve25519_shared_secret(privateKey, publicKey, secret, ref secretLength);
+                if (ret != 0)
+                {
+                    throw new Exception("Failed to compute Curve25519 shared secret. Error code: " + ret);
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 shared secret exception " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Import a Curve25519 private key from a byte array
+        /// </summary>
+        /// <param name="privateKey">Private key byte array</param>
+        /// <returns>Allocated Curve25519 key structure or null</returns>
+        public static IntPtr Curve25519ImportPrivateKey(byte[] privateKey)
+        {
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = Marshal.AllocHGlobal(privateKey.Length);
+                Marshal.Copy(privateKey, 0, key, privateKey.Length);
+                int ret = wc_curve25519_import_private(key, privateKey.Length, key);
+                if (ret != 0)
+                {
+                    Marshal.FreeHGlobal(key);
+                    key = IntPtr.Zero;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 import private key exception " + e.ToString());
+                if (key != IntPtr.Zero) Marshal.FreeHGlobal(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Import a Curve25519 public key from a byte array
+        /// </summary>
+        /// <param name="publicKey">Public key byte array</param>
+        /// <returns>Allocated Curve25519 key structure or null</returns>
+        public static IntPtr Curve25519ImportPublicKey(byte[] publicKey)
+        {
+            IntPtr key = IntPtr.Zero;
+
+            try
+            {
+                key = Marshal.AllocHGlobal(publicKey.Length);
+                Marshal.Copy(publicKey, 0, key, publicKey.Length);
+                int ret = wc_curve25519_import_public(key, publicKey.Length, key);
+                if (ret != 0)
+                {
+                    Marshal.FreeHGlobal(key);
+                    key = IntPtr.Zero;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Curve25519 import public key exception " + e.ToString());
+                if (key != IntPtr.Zero) Marshal.FreeHGlobal(key);
+                key = IntPtr.Zero;
+            }
+
+            return key;
+        }
+
+        /// <summary>
+        /// Export a Curve25519 private key to a byte array
+        /// </summary>
+        /// <param name="key">Curve25519 key structure</param>
+        /// <returns>Private key as byte array</returns>
+        public static byte[] Curve25519ExportPrivateKey(IntPtr key)
+        {
+            byte[] privateKey = new byte[ED25519_KEY_SIZE];
+            uint privSize = (uint)privateKey.Length;
+            int ret = wc_curve25519_export_public(key, privateKey, ref privSize);
+            if (ret != 0)
+            {
+                throw new Exception("Failed to export Curve25519 private key. Error code: " + ret);
+            }
+            return privateKey;
+        }
+
+        /// <summary>
+        /// Export a Curve25519 public key to a byte array
+        /// </summary>
+        /// <param name="key">Curve25519 key structure</param>
+        /// <returns>Public key as byte array</returns>
+        public static byte[] Curve25519ExportPublicKey(IntPtr key)
+        {
+            byte[] publicKey = new byte[ED25519_PUB_KEY_SIZE];
+            uint pubSize = (uint)publicKey.Length;
+            int ret = wc_curve25519_export_public(key, publicKey, ref pubSize);
+            if (ret != 0)
+            {
+                throw new Exception("Failed to export Curve25519 public key. Error code: " + ret);
+            }
+            return publicKey;
+        }
+
+        /// <summary>
+        /// Export both private and public keys from a Curve25519 key structure
+        /// </summary>
+        /// <param name="key">Curve25519 key structure</param>
+        /// <returns>A tuple containing the private key and public key as byte arrays</returns>
+        public static (byte[] privateKey, byte[] publicKey) Curve25519ExportKeyRaw(IntPtr key)
+        {
+            byte[] privateKey = new byte[ED25519_KEY_SIZE];
+            byte[] publicKey = new byte[ED25519_PUB_KEY_SIZE];
+            uint privSize = (uint)privateKey.Length;
+            uint pubSize = (uint)publicKey.Length;
+            int ret = wc_curve25519_export_key_raw(key, privateKey, ref privSize, publicKey, ref pubSize);
+            if (ret != 0)
+            {
+                throw new Exception("Failed to export Curve25519 keys. Error code: " + ret);
+            }
+            return (privateKey, publicKey);
+        }
+        /* END RAW Curve25519 */
+
+
+        /***********************************************************************
+         * AES-GCM
+         **********************************************************************/
+
+        /// <summary>
+        /// Creates a new AES context.
+        /// </summary>
+        /// <param name="heap">Pointer to a memory heap, or IntPtr.Zero to use the default heap.</param>
+        /// <param name="devId">The device ID to associate with this AES context.</param>
+        /// <returns>A pointer to the newly created AES context, or IntPtr.Zero on failure.</returns>
+        public static IntPtr AesNew(IntPtr heap, int devId)
+        {
+            IntPtr aesPtr = IntPtr.Zero;
+
+            try
+            {
+                aesPtr = wc_AesNew(heap, devId, IntPtr.Zero);
+
+                if (aesPtr == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to create AES context.");
+                }
+
+            }
+            catch (Exception e)
+            {
+                Console.WriteLine($"AES context creation failed: {e.Message}");
+            }
+
+            return aesPtr;
+        }
+
+        /// <summary>
+        /// Initialize and set the AES key for AES-GCM operations.
+        /// </summary>
+        /// <param name="aes">AES-GCM context pointer.</param>
+        /// <param name="key">The AES key (either 128, 192, or 256 bits).</param>
+        /// <returns>0 on success, otherwise an error code.</returns>
+        public static int AesGcmSetKey(IntPtr aes, byte[] key)
+        {
+            IntPtr keyPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                /* Allocate memory */
+                keyPtr = Marshal.AllocHGlobal(key.Length);
+                Marshal.Copy(key, 0, keyPtr, key.Length);
+
+                ret = wc_AesGcmSetKey(aes, keyPtr, (uint)key.Length);
+                if (ret != 0)
+                {
+                    throw new Exception($"AES-GCM initialization failed with error code {ret}");
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Wrapper method to initialize the AES-GCM context with a given key and IV.
+        /// </summary>
+        /// <param name="aes">Pointer to the AES-GCM context that needs to be initialized.</param>
+        /// <param name="key">Byte array containing the AES key.</param>
+        /// <param name="iv">Byte array containing the initialization vector (IV).</param>
+        public static int AesGcmInit(IntPtr aes, byte[] key, byte[] iv)
+        {
+            IntPtr keyPtr = IntPtr.Zero;
+            IntPtr ivPtr = IntPtr.Zero;
+            int ret;
+
+            try
+            {
+                /* Allocate memory for key and IV */
+                keyPtr = Marshal.AllocHGlobal(key.Length);
+                Marshal.Copy(key, 0, keyPtr, key.Length);
+
+                ivPtr = Marshal.AllocHGlobal(iv.Length);
+                Marshal.Copy(iv, 0, ivPtr, iv.Length);
+
+                ret = wc_AesGcmInit(aes, keyPtr, (uint)key.Length, ivPtr, (uint)iv.Length);
+                if (ret != 0)
+                {
+                    throw new Exception($"AES-GCM initialization failed with error code {ret}");
+                }
+            }
+            finally
+            {
+                /* Cleanup */
+                if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr);
+                if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Encrypt data using AES-GCM
+        /// </summary>
+        /// <param name="aes">AES-GCM context pointer.</param>
+        /// <param name="iv">Initialization Vector (IV)</param>
+        /// <param name="plaintext">Data to encrypt</param>
+        /// <param name="ciphertext">Buffer to receive the encrypted data</param>
+        /// <param name="authTag">Buffer to receive the authentication tag</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int AesGcmEncrypt(IntPtr aes, byte[] iv, byte[] plaintext,
+            byte[] ciphertext, byte[] authTag, byte[] addAuth = null)
+        {
+            int ret;
+            IntPtr ivPtr = IntPtr.Zero;
+            IntPtr ciphertextPtr = IntPtr.Zero;
+            IntPtr plaintextPtr = IntPtr.Zero;
+            IntPtr authTagPtr = IntPtr.Zero;
+            IntPtr addAuthPtr = IntPtr.Zero;
+            uint addAuthSz = 0;
+
+            try
+            {
+                /* Allocate memory */
+                ivPtr = Marshal.AllocHGlobal(iv.Length);
+                ciphertextPtr = Marshal.AllocHGlobal(ciphertext.Length);
+                plaintextPtr = Marshal.AllocHGlobal(plaintext.Length);
+                authTagPtr = Marshal.AllocHGlobal(authTag.Length);
+                if (addAuth != null) {
+                    addAuthSz = (uint)addAuth.Length;
+                    addAuthPtr = Marshal.AllocHGlobal(addAuth.Length);
+                    Marshal.Copy(addAuth, 0, addAuthPtr, addAuth.Length);
+                }
+
+                Marshal.Copy(iv, 0, ivPtr, iv.Length);
+                Marshal.Copy(plaintext, 0, plaintextPtr, plaintext.Length);
+
+                /* Encrypt data */
+                ret = wc_AesGcmEncrypt(aes, ciphertextPtr, plaintextPtr, (uint)plaintext.Length,
+                    ivPtr, (uint)iv.Length, authTagPtr, (uint)authTag.Length, addAuthPtr, addAuthSz);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to Encrypt data using AES-GCM. Error code: " + ret);
+                }
+                else {
+                    Marshal.Copy(ciphertextPtr, ciphertext, 0, ciphertext.Length);
+                    Marshal.Copy(authTagPtr, authTag, 0, authTag.Length);
+                    ret = 0;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "AES-GCM Encryption failed: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr);
+                if (ciphertextPtr != IntPtr.Zero) Marshal.FreeHGlobal(ciphertextPtr);
+                if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr);
+                if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr);
+                if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Decrypt data using AES-GCM
+        /// </summary>
+        /// <param name="aes">AES-GCM context pointer.</param>
+        /// <param name="iv">Initialization Vector (IV)</param>
+        /// <param name="ciphertext">Data to decrypt</param>
+        /// <param name="plaintext">Buffer to receive the decrypted data</param>
+        /// <param name="authTag">Authentication tag for verification</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int AesGcmDecrypt(IntPtr aes, byte[] iv, byte[] ciphertext,
+            byte[] plaintext, byte[] authTag, byte[] addAuth = null)
+        {
+            int ret;
+            IntPtr ivPtr = IntPtr.Zero;
+            IntPtr ciphertextPtr = IntPtr.Zero;
+            IntPtr plaintextPtr = IntPtr.Zero;
+            IntPtr authTagPtr = IntPtr.Zero;
+            IntPtr addAuthPtr = IntPtr.Zero;
+            uint addAuthSz = 0;
+
+            try
+            {
+                /* Allocate memory */
+                ivPtr = Marshal.AllocHGlobal(iv.Length);
+                ciphertextPtr = Marshal.AllocHGlobal(ciphertext.Length);
+                plaintextPtr = Marshal.AllocHGlobal(plaintext.Length);
+                authTagPtr = Marshal.AllocHGlobal(authTag.Length);
+                if (addAuth != null) {
+                    addAuthSz = (uint)addAuth.Length;
+                    addAuthPtr = Marshal.AllocHGlobal(addAuth.Length);
+                    Marshal.Copy(addAuth, 0, addAuthPtr, addAuth.Length);
+                }
+
+                Marshal.Copy(iv, 0, ivPtr, iv.Length);
+                Marshal.Copy(ciphertext, 0, ciphertextPtr, ciphertext.Length);
+                Marshal.Copy(authTag, 0, authTagPtr, authTag.Length);
+
+                /* Decrypt data */
+                ret = wc_AesGcmDecrypt(aes, plaintextPtr, ciphertextPtr, (uint)ciphertext.Length,
+                    ivPtr, (uint)iv.Length, authTagPtr, (uint)authTag.Length, addAuthPtr, addAuthSz);
+                if (ret < 0)
+                {
+                    log(ERROR_LOG, "Failed to Decrypt data using AES-GCM. Error code: " + ret);
+                }
+                else {
+                    Marshal.Copy(plaintextPtr, plaintext, 0, plaintext.Length);
+                    ret = 0;
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "AES-GCM Decryption failed: " + e.ToString());
+                ret = EXCEPTION_E;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr);
+                if (ciphertextPtr != IntPtr.Zero) Marshal.FreeHGlobal(ciphertextPtr);
+                if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr);
+                if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr);
+                if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Free AES-GCM context
+        /// </summary>
+        /// <param name="aes">AES-GCM context</param>
+        public static void AesGcmFree(IntPtr aes)
+        {
+            if (aes != IntPtr.Zero)
+            {
+                wc_AesDelete(aes, IntPtr.Zero);
+                aes = IntPtr.Zero;
+            }
+        }
+        /* END AES-GCM */
+
+
+        /***********************************************************************
+         * HASH
+         **********************************************************************/
+
+        /// <summary>
+        /// Allocate and set up a new hash context with proper error handling
+        /// </summary>
+        /// <param name="hashType">The type of hash (SHA-256, SHA-384, etc.)</param>
+        /// <param name="heap">Pointer to the heap for memory allocation (use IntPtr.Zero if not applicable)</param>
+        /// <param name="devId">Device ID (if applicable, otherwise use INVALID_DEVID)</param>
+        /// <returns>Allocated hash context pointer or IntPtr.Zero on failure</returns>
+        public static IntPtr HashNew(uint hashType, IntPtr heap, int devId)
+        {
+            IntPtr hash = IntPtr.Zero;
+
+            try
+            {
+                /* Allocate new hash */
+                hash = wc_HashNew(hashType, heap, devId, IntPtr.Zero);
+                if (hash == IntPtr.Zero)
+                {
+                    throw new Exception("Failed to allocate new hash context.");
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HashNew Exception: " + e.ToString());
+            }
+
+            return hash;
+        }
+
+        /// <summary>
+        /// Initialize the hash context for a specific hash type with proper error handling
+        /// </summary>
+        /// <param name="hash">Hash context pointer</param>
+        /// <param name="hashType">The type of hash (SHA-256, SHA-384, etc.)</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int InitHash(IntPtr hash, uint hashType)
+        {
+            int ret = 0;
+
+            try
+            {
+                /* Check hash */
+                if (hash == IntPtr.Zero)
+                    throw new Exception("Hash context is null.");
+
+                ret = wc_HashInit(hash, hashType);
+                if (ret != 0)
+                {
+                    throw new Exception($"Failed to initialize hash context. Error code: {ret}");
+                }
+            }
+            catch (Exception e)
+            {
+                /* Cleanup */
+                log(ERROR_LOG, "InitHash Exception: " + e.ToString());
+                if (hash != IntPtr.Zero) {
+                    wc_HashDelete(hash, IntPtr.Zero);
+                    hash = IntPtr.Zero;
+                }
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Update the hash with data
+        /// </summary>
+        /// <param name="hash">Hash context pointer</param>
+        /// <param name="hashType">The type of hash</param>
+        /// <param name="data">Byte array of the data to hash</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int HashUpdate(IntPtr hash, uint hashType, byte[] data)
+        {
+            int ret = 0;
+            IntPtr dataPtr = IntPtr.Zero;
+
+            try
+            {
+                /* Check parameters */
+                if (hash == IntPtr.Zero)
+                    throw new Exception("Hash context is null.");
+                if (data == null || data.Length == 0)
+                    throw new Exception("Invalid data array.");
+
+                /* Allocate memory */
+                dataPtr = Marshal.AllocHGlobal(data.Length);
+                Marshal.Copy(data, 0, dataPtr, data.Length);
+
+                /* Update hash */
+                ret = wc_HashUpdate(hash, hashType, dataPtr, (uint)data.Length);
+                if (ret != 0)
+                {
+                    throw new Exception($"Failed to update hash. Error code: {ret}");
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HashUpdate Exception: " + e.ToString());
+            }
+            finally
+            {
+                /* Cleanup */
+                if (dataPtr != IntPtr.Zero) Marshal.FreeHGlobal(dataPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Finalize the hash and output the result
+        /// </summary>
+        /// <param name="hash">Hash context pointer</param>
+        /// <param name="hashType">The type of hash</param>
+        /// <param name="output">Byte array where the hash output will be stored</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int HashFinal(IntPtr hash, uint hashType, out byte[] output)
+        {
+            int ret = 0;
+            IntPtr outputPtr = IntPtr.Zero;
+
+            try
+            {
+                /* Get hash size and initialize */
+                int hashSize = wc_HashGetDigestSize(hashType);
+                output = new byte[hashSize];
+
+                /* Check hash */
+                if (hash == IntPtr.Zero)
+                    throw new Exception("Hash context is null.");
+                if (hashSize <= 0)
+                    throw new Exception("Invalid hash size.");
+
+                /* Allocate memory */
+                outputPtr = Marshal.AllocHGlobal(hashSize);
+
+                ret = wc_HashFinal(hash, hashType, outputPtr);
+                if (ret != 0)
+                {
+                    throw new Exception($"Failed to finalize hash. Error code: {ret}");
+                }
+
+                Marshal.Copy(outputPtr, output, 0, hashSize);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HashFinal Exception: " + e.ToString());
+                output = null;
+            }
+            finally
+            {
+                /* Cleanup */
+                if (outputPtr != IntPtr.Zero) Marshal.FreeHGlobal(outputPtr);
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Free the allocated hash context with proper error handling
+        /// </summary>
+        /// <param name="hash">Hash context pointer to be freed</param>
+        /// <param name="hashType">The type of hash</param>
+        /// <returns>0 on success, otherwise an error code</returns>
+        public static int HashFree(IntPtr hash, uint hashType)
+        {
+            int ret = 0;
+
+            try
+            {
+                /* Check hash */
+                if (hash == IntPtr.Zero)
+                    throw new Exception("Hash context is null, cannot free.");
+
+                /* Free hash */
+                ret = wc_HashDelete(hash, IntPtr.Zero);
+                hash = IntPtr.Zero;
+                if (ret != 0)
+                {
+                    throw new Exception($"Failed to free hash context. Error code: {ret}");
+                }
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HashFree Exception: " + e.ToString());
+            }
+
+            return ret;
+        }
+
+        /// <summary>
+        /// Hash type enum values
+        /// </summary>
+        public enum hashType
+        {
+            WC_HASH_TYPE_NONE     = 0,
+            WC_HASH_TYPE_MD2      = 1,
+            WC_HASH_TYPE_MD4      = 2,
+            WC_HASH_TYPE_MD5      = 3,
+            WC_HASH_TYPE_SHA      = 4, /* SHA-1 (not old SHA-0) */
+            WC_HASH_TYPE_SHA224   = 5,
+            WC_HASH_TYPE_SHA256   = 6,
+            WC_HASH_TYPE_SHA384   = 7,
+            WC_HASH_TYPE_SHA512   = 8,
+            WC_HASH_TYPE_MD5_SHA  = 9,
+            WC_HASH_TYPE_SHA3_224 = 10,
+            WC_HASH_TYPE_SHA3_256 = 11,
+            WC_HASH_TYPE_SHA3_384 = 12,
+            WC_HASH_TYPE_SHA3_512 = 13,
+            WC_HASH_TYPE_BLAKE2B  = 14,
+            WC_HASH_TYPE_BLAKE2S  = 15,
+        }
+        /* END HASH */
+
+
+        /***********************************************************************
+        * Logging / Other
+        **********************************************************************/
+
+        /// <summary>
+        /// Set the function to use for logging
+        /// </summary>
+        /// <param name="input">Function that conforms as to loggingCb</param>
+        /// <returns>0 on success</returns>
+        public static int SetLogging(loggingCb input)
+        {
+            internal_log = input;
+            return SUCCESS;
+        }
+
+        /// <summary>
+        /// Get error string for wolfCrypt error codes
+        /// </summary>
+        /// <param name="error">Negative error number from wolfCrypt API</param>
+        /// <returns>Error string</returns>
+        public static string GetError(int error)
+        {
+            try
+            {
+                IntPtr errStr = wc_GetErrorString(error);
+                return Marshal.PtrToStringAnsi(errStr);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "Get error exception " + e.ToString());
+                return string.Empty;
+            }
+        }
+
+        /// <summary>
+        /// Compares two byte arrays.
+        /// </summary>
+        /// <param name="array1">The first byte array to compare.</param>
+        /// <param name="array2">The second byte array to compare.</param>
+        /// <returns>True if both arrays are equal; otherwise, false.</returns>
+        public static bool ByteArrayVerify(byte[] array1, byte[] array2)
+        {
+            if (ReferenceEquals(array1, array2)) return true;
+            if (array1 == null || array2 == null) return false;
+            if (array1.Length != array2.Length) return false;
+
+            for (int i = 0; i < array1.Length; i++)
+            {
+                if (array1[i] != array2[i]) return false;
+            }
+            return true;
+        }
+    }
+}
+
+
diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
index 91d52d01d..a493e722c 100644
--- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
+++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
@@ -1,6 +1,6 @@
 /* wolfSSL.cs
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
index c7df2aafc..a560347cc 100755
--- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
+++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj
@@ -17,7 +17,7 @@
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
-    <OutputPath>..\DLL Debug\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>3</WarningLevel>
@@ -25,14 +25,14 @@
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
-    <OutputPath>..\DLL Release\Win32\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\DLL Debug\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <WarningLevel>3</WarningLevel>
     <DebugType>full</DebugType>
@@ -41,7 +41,7 @@
     <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\DLL Release\x64\</OutputPath>
+    <OutputPath>$(SolutionDir)$(Configuration)\$(Platform)\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <Optimize>true</Optimize>
     <DebugType>pdbonly</DebugType>
@@ -60,6 +60,7 @@
   <ItemGroup>
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="wolfSSL.cs" />
+    <Compile Include="wolfCrypt.cs" />
     <Compile Include="X509.cs" />
   </ItemGroup>
   <ItemGroup>
diff --git a/wrapper/CSharp/wolfssl.vcxproj b/wrapper/CSharp/wolfssl.vcxproj
new file mode 100644
index 000000000..1d142db4b
--- /dev/null
+++ b/wrapper/CSharp/wolfssl.vcxproj
@@ -0,0 +1,456 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{67932048-d67e-4c86-b55f-90899b9bda64}</ProjectGuid>
+    <RootNamespace>wolfssl</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\AnyCPU\</OutDir>
+    <IntDir>$(Configuration)\AnyCPU\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\AnyCPU\</OutDir>
+    <IntDir>$(Configuration)\AnyCPU\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <OutDir>$(SolutionDir)Release\$(Platform)\</OutDir>
+    <IntDir>Release\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)Release\AnyCPU\</OutDir>
+    <IntDir>Release\AnyCPU\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <OutDir>$(SolutionDir)Debug\$(Platform)\</OutDir>
+    <IntDir>Debug\$(Platform)\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'Debug|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)Debug\AnyCPU\</OutDir>
+    <IntDir>Debug\AnyCPU\$(ProjectName)_obj\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\src\crl.c" />
+    <ClCompile Include="..\..\src\dtls13.c" />
+    <ClCompile Include="..\..\src\dtls.c" />
+    <ClCompile Include="..\..\src\internal.c" />
+    <ClCompile Include="..\..\src\wolfio.c" />
+    <ClCompile Include="..\..\src\keys.c" />
+    <ClCompile Include="..\..\src\ocsp.c" />
+    <ClCompile Include="..\..\src\ssl.c" />
+    <ClCompile Include="..\..\src\tls.c" />
+    <ClCompile Include="..\..\src\tls13.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\blake2s.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\camellia.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha20_poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cryptocb.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\error.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ext_mlkem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\falcon.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_mlkem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_mlkem_poly.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs7.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs12.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\random.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rc2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\signature.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sphincs.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_c32.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_c64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_int.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_x86_64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\srp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_pkcs11.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\port\liboqs\liboqs.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="resource.h" />
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_gcm_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_xts_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\chacha_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\poly1305_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <CustomBuild Include="..\..\wolfcrypt\src\sp_x86_64_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+    <ClInclude Include="user_settings.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="..\..\wolfssl.rc">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
+    </ResourceCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt
index 905f6cf11..d151f1246 100644
--- a/zephyr/CMakeLists.txt
+++ b/zephyr/CMakeLists.txt
@@ -13,10 +13,10 @@ if(CONFIG_WOLFSSL)
     endif()
 
     zephyr_include_directories(
-  	${ZEPHYR_CURRENT_MODULE_DIR}
-  	${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl
-  	${ZEPHYR_CURRENT_MODULE_DIR}/zephyr
-  	)
+        ${ZEPHYR_CURRENT_MODULE_DIR}
+        ${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl
+        ${ZEPHYR_CURRENT_MODULE_DIR}/zephyr
+        )
 
     zephyr_library()
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/zephyr/zephyr_init.c)
@@ -78,7 +78,7 @@ if(CONFIG_WOLFSSL)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ed25519.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ed448.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/error.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ext_kyber.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ext_mlkem.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/falcon.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_448.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_low_mem.c)
@@ -117,8 +117,10 @@ if(CONFIG_WOLFSSL)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/tfm.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_dsp.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_encrypt.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber.c)
-    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber_poly.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_mlkem.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_mlkem_poly.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_lms.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_lms_impl.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_pkcs11.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_port.c)
     zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c)
@@ -134,15 +136,30 @@ if(CONFIG_WOLFSSL)
     if(CONFIG_WOLFCRYPT_ARMASM)
       # tested with board: "qemu_kvm_arm64"
       zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-aes.c)
-      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c)
       zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-sha256.c)
-      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c)
       zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-sha512.c)
-      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c)
-      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c)
-      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-poly1305.c)
-      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-chacha.c)
-      zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-curve25519_c.c)
+
+      if(CONFIG_WOLFCRYPT_ARMASM_THUMB2)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-chacha.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-poly1305.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-curve25519_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c)
+      else()
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-poly1305.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-chacha.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-curve25519_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c)
+        zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c)
+      endif()
+
 
       # Note: The cmake/gcc-m-cpu.cmake make need updated to add "+crypto -mstrict-align"
       set(TOOLCHAIN_C_FLAGS "-mcpu=cortex-a53+crypto -mstrict-align")
@@ -164,8 +181,8 @@ if(CONFIG_WOLFSSL)
 
     zephyr_library_link_libraries(wolfSSL)
 
-  	target_compile_definitions(wolfSSL INTERFACE WOLFSSL_ZEPHYR)
-  	target_compile_definitions(wolfSSL INTERFACE WOLFSSL_USER_SETTINGS)
+        target_compile_definitions(wolfSSL INTERFACE WOLFSSL_ZEPHYR)
+        target_compile_definitions(wolfSSL INTERFACE WOLFSSL_USER_SETTINGS)
     if(CONFIG_WOLFSSL_DEBUG)
       target_compile_definitions(wolfSSL INTERFACE DEBUG_WOLFSSL)
       zephyr_library_compile_options(-g3 -O0)
@@ -177,8 +194,8 @@ if(CONFIG_WOLFSSL)
     # therefore susceptible to bit rot
 
     target_include_directories(wolfSSL INTERFACE
-  	${CONFIG_WOLFSSL_INSTALL_PATH}
-  	)
+        ${CONFIG_WOLFSSL_INSTALL_PATH}
+        )
 
     zephyr_link_libraries(
       wolfssl_external
diff --git a/zephyr/Kconfig b/zephyr/Kconfig
index 1bf1f25bd..9863454ff 100644
--- a/zephyr/Kconfig
+++ b/zephyr/Kconfig
@@ -100,6 +100,12 @@ config WOLFCRYPT_ARMASM
 	  wolfCrypt ARM (ARMv8/ARMv7) assembly support for AES, SHA-2, SHA-3,
 	  ChaCha20/Poly1305 and Curve25519
 
+config WOLFCRYPT_ARMASM_THUMB2
+	bool "wolfCrypt ARM Thumb2 Assembly support"
+	depends on WOLFCRYPT_ARMASM
+	help
+	  Enable Thumb2 assembly optimizations for ARM processors
+
 config WOLFCRYPT_INTELASM
 	bool "wolfCrypt Intel Assembly support"
 	depends on WOLFSSL_BUILTIN
diff --git a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
index 90347ceb3..f05e181b6 100644
--- a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
+++ b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
@@ -1,6 +1,6 @@
 /* tls_sock.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c b/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c
index 99036f2d1..dd561739c 100644
--- a/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c
+++ b/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c
@@ -1,6 +1,6 @@
 /* tls_threaded.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/zephyr/user_settings-no-malloc.h b/zephyr/user_settings-no-malloc.h
index cd7e2fad1..10b544b6e 100644
--- a/zephyr/user_settings-no-malloc.h
+++ b/zephyr/user_settings-no-malloc.h
@@ -1,7 +1,7 @@
 /* user_settings-tls-generic.h
  * generated from configure options
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
diff --git a/zephyr/user_settings.h b/zephyr/user_settings.h
index 68266da5f..80d47ea14 100644
--- a/zephyr/user_settings.h
+++ b/zephyr/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -160,6 +160,12 @@ extern "C" {
     #define WOLFSSL_SET_CIPHER_BYTES
 #endif
 
+/* wolfTPM Zephyr */
+#if defined(CONFIG_WOLFTPM)
+    #define WOLF_CRYPTO_CB
+    #define WOLFSSL_AES_CFB
+#endif
+
 /* ------------------------------------------------------------------------- */
 /* Algorithms */
 /* ------------------------------------------------------------------------- */
diff --git a/zephyr/zephyr_init.c b/zephyr/zephyr_init.c
index 927249e52..13e86a2d4 100644
--- a/zephyr/zephyr_init.c
+++ b/zephyr/zephyr_init.c
@@ -1,6 +1,6 @@
 /* zephyr_init.c
  *
- * Copyright (C) 2006-2024 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *